mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Eliminate EIGHTK_BUF use in asn. Cleanup uses of 0 in set_verify for callback.

Browse Source
This commit is contained in:
David Garske 2021-11-05 09:56:40 -07:00
parent 1d9832c0de
commit 5dac25f470
9 changed files with 95 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
IDE/GCC-ARM/Source/tls_client.c
View File

@ -100,7 +100,7 @@ static int tls_client(void)
/*---------------------*/
/* for no peer auth: */
/*---------------------*/
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
/*---------------------*/
/* end peer auth option*/
/*---------------------*/

2
IDE/GCC-ARM/Source/tls_server.c
View File

@ -99,7 +99,7 @@ static int tls_server(void)
/*---------------------*/
/* for no peer auth: */
/*---------------------*/
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
/*---------------------*/
/* end peer auth option*/
/*---------------------*/

2
README.md
View File

@ -65,7 +65,7 @@ If you want to mimic OpenSSL behavior of having `SSL_connect` succeed even if
verifying the server fails and reducing security you can do this by calling:
```c
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
```
before calling `wolfSSL_new();`. Though it's not recommended.

6
doc/dox_comments/header_files/asn_public.h
View File

@ -1078,10 +1078,10 @@ WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
\code
char * file = ./certs/client-cert.pem;
int derSz;
byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
byte* der = (byte*)XMALLOC((8*1024), NULL, DYNAMIC_TYPE_CERT);
derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
if(derSz <= 0) {
derSz = wc_PemCertToDer(file, der, (8*1024));
if (derSz <= 0) {
//PemCertToDer error
}
\endcode

4
doc/dox_comments/header_files/ssl.h
View File

@ -2513,8 +2513,8 @@ WOLFSSL_API
\code
WOLFSSL_CTX* ctx = 0;
...
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
wolfSSL_CTX_set_verify(ctx, (WOLFSSL_VERIFY_PEER |
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), NULL);
\endcode
\sa wolfSSL_set_verify

4
examples/client/client.c
View File

@ -3062,7 +3062,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
}
else if (!usePsk && !useAnon && doPeerCheck == 0) {
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
}
else if (!usePsk && !useAnon && myVerifyAction == VERIFY_OVERRIDE_DATE_ERR) {
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);
@ -3191,7 +3191,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#if defined(WOLFSSL_MDK_ARM)
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
#endif
#if defined(OPENSSL_EXTRA)

172
wolfcrypt/src/asn.c
View File

@ -19721,11 +19721,10 @@ int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
#endif /* WOLFSSL_PEM_TO_DER */
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER)
#ifdef WOLFSSL_CERT_GEN
/* load pem cert from file into der buffer, return der size or error */
int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der)
{
#ifdef WOLFSSL_SMALL_STACK
byte staticBuffer[1]; /* force XMALLOC */
@ -19737,7 +19736,6 @@ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
int ret = 0;
long sz = 0;
XFILE file;
DerBuffer* converted = NULL;
WOLFSSL_ENTER("wc_PemCertToDer");
@ -19752,8 +19750,9 @@ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
}
if (ret == 0) {
if(XFSEEK(file, 0, XSEEK_END) != 0)
if (XFSEEK(file, 0, XSEEK_END) != 0) {
ret = BUFFER_E;
}
sz = XFTELL(file);
XREWIND(file);
@ -19763,35 +19762,23 @@ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
else if (sz > (long)sizeof(staticBuffer)) {
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_MSG("File was larger then static buffer");
return MEMORY_E;
#endif
ret = MEMORY_E;
#else
fileBuf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
if (fileBuf == NULL)
ret = MEMORY_E;
else
dynamic = 1;
#endif
}
if (ret == 0) {
if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) {
ret = BUFFER_E;
}
#ifdef WOLFSSL_PEM_TO_DER
else {
ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, NULL,NULL);
ret = PemToDer(fileBuf, sz, CA_TYPE, der, 0, NULL,NULL);
}
#endif
if (ret == 0) {
if (converted->length < (word32)derSz) {
XMEMCPY(derBuf, converted->buffer, converted->length);
ret = converted->length;
}
else
ret = BUFFER_E;
}
FreeDer(&converted);
}
XFCLOSE(file);
@ -19801,12 +19788,29 @@ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
return ret;
}
/* load pem cert from file into der buffer, return der size or error */
int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
{
int ret;
DerBuffer* converted = NULL;
ret = wc_PemCertToDer_ex(fileName, &converted);
if (ret == 0) {
if (converted->length < (word32)derSz) {
XMEMCPY(derBuf, converted->buffer, converted->length);
ret = converted->length;
}
else
ret = BUFFER_E;
FreeDer(&converted);
}
return ret;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
/* load pem public key from file into der buffer, return der size or error */
int wc_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz)
int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der)
{
#ifdef WOLFSSL_SMALL_STACK
byte staticBuffer[1]; /* force XMALLOC */
@ -19818,7 +19822,6 @@ int wc_PemPubKeyToDer(const char* fileName,
int ret = 0;
long sz = 0;
XFILE file;
DerBuffer* converted = NULL;
WOLFSSL_ENTER("wc_PemPubKeyToDer");
@ -19833,8 +19836,9 @@ int wc_PemPubKeyToDer(const char* fileName,
}
if (ret == 0) {
if(XFSEEK(file, 0, XSEEK_END) != 0)
if (XFSEEK(file, 0, XSEEK_END) != 0) {
ret = BUFFER_E;
}
sz = XFTELL(file);
XREWIND(file);
@ -19844,47 +19848,55 @@ int wc_PemPubKeyToDer(const char* fileName,
else if (sz > (long)sizeof(staticBuffer)) {
#ifdef WOLFSSL_STATIC_MEMORY
WOLFSSL_MSG("File was larger then static buffer");
return MEMORY_E;
#endif
ret = MEMORY_E;
#else
fileBuf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
if (fileBuf == NULL)
ret = MEMORY_E;
else
dynamic = 1;
#endif
}
if (ret == 0) {
if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) {
ret = BUFFER_E;
}
#ifdef WOLFSSL_PEM_TO_DER
else {
ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted,
ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, der,
0, NULL, NULL);
}
#endif
if (ret == 0) {
if (converted->length < (word32)derSz) {
XMEMCPY(derBuf, converted->buffer, converted->length);
ret = converted->length;
}
else
ret = BUFFER_E;
}
FreeDer(&converted);
}
XFCLOSE(file);
if (dynamic)
if (dynamic) {
XFREE(fileBuf, NULL, DYNAMIC_TYPE_FILE);
}
}
return ret;
}
/* load pem public key from file into der buffer, return der size or error */
int wc_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz)
{
int ret;
DerBuffer* converted = NULL;
ret = wc_PemPubKeyToDer_ex(fileName, &converted);
if (ret == 0) {
if (converted->length < (word32)derSz) {
XMEMCPY(derBuf, converted->buffer, converted->length);
ret = converted->length;
}
else
ret = BUFFER_E;
FreeDer(&converted);
}
return ret;
}
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
#endif /* !NO_FILESYSTEM */
#endif /* !NO_FILESYSTEM && WOLFSSL_PEM_TO_DER */
#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \
@ -25118,28 +25130,18 @@ int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz)
int wc_SetAuthKeyId(Cert *cert, const char* file)
{
int ret;
int derSz;
byte* der;
DerBuffer* der = NULL;
if (cert == NULL || file == NULL)
return BAD_FUNC_ARG;
der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT);
if (der == NULL) {
WOLFSSL_MSG("wc_SetAuthKeyId OOF Problem");
return MEMORY_E;
}
derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
if (derSz <= 0)
ret = wc_PemCertToDer_ex(file, &der);
if (ret == 0)
{
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return derSz;
ret = wc_SetAuthKeyIdFromCert(cert, der->buffer, der->length);
FreeDer(&der);
}
ret = wc_SetAuthKeyIdFromCert(cert, der, derSz);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return ret;
}
@ -25516,22 +25518,18 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
int wc_SetIssuer(Cert* cert, const char* issuerFile)
{
int ret;
int derSz;
byte* der;
DerBuffer* der = NULL;
if (cert == NULL) {
if (cert == NULL || issuerFile == NULL)
return BAD_FUNC_ARG;
}
der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT);
if (der == NULL) {
WOLFSSL_MSG("wc_SetIssuer OOF Problem");
return MEMORY_E;
ret = wc_PemCertToDer_ex(issuerFile, &der);
if (ret == 0) {
cert->selfSigned = 0;
ret = SetNameFromCert(&cert->issuer, der->buffer, der->length);
FreeDer(&der);
}
derSz = wc_PemCertToDer(issuerFile, der, EIGHTK_BUF);
cert->selfSigned = 0;
ret = SetNameFromCert(&cert->issuer, der, derSz);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return ret;
}
@ -25541,22 +25539,17 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile)
int wc_SetSubject(Cert* cert, const char* subjectFile)
{
int ret;
int derSz;
byte* der;
DerBuffer* der = NULL;
if (cert == NULL) {
if (cert == NULL || subjectFile == NULL)
return BAD_FUNC_ARG;
}
der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT);
if (der == NULL) {
WOLFSSL_MSG("wc_SetSubject OOF Problem");
return MEMORY_E;
}
ret = wc_PemCertToDer_ex(subjectFile, &der);
if (ret == 0) {
ret = SetNameFromCert(&cert->subject, der->buffer, der->length);
derSz = wc_PemCertToDer(subjectFile, der, EIGHTK_BUF);
ret = SetNameFromCert(&cert->subject, der, derSz);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
FreeDer(&der);
}
return ret;
}
@ -25567,21 +25560,18 @@ int wc_SetSubject(Cert* cert, const char* subjectFile)
int wc_SetAltNames(Cert* cert, const char* file)
{
int ret;
int derSz;
byte* der;
DerBuffer* der = NULL;
if (cert == NULL) {
return BAD_FUNC_ARG;
}
der = (byte*)XMALLOC(EIGHTK_BUF, cert->heap, DYNAMIC_TYPE_CERT);
if (der == NULL) {
WOLFSSL_MSG("wc_SetAltNames OOF Problem");
return MEMORY_E;
ret = wc_PemCertToDer_ex(file, &der);
if (ret == 0) {
ret = SetAltNamesFromCert(cert, der->buffer, der->length);
FreeDer(&der);
}
derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
ret = SetAltNamesFromCert(cert, der, derSz);
XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
return ret;
}

1
wolfssl/wolfcrypt/asn.h
View File

@ -894,7 +894,6 @@ enum Misc_ASN {
OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
EIGHTK_BUF = 8192, /* Tmp buffer size */
MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
#ifdef WOLFSSL_ENCRYPTED_KEYS
HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */

6
wolfssl/wolfcrypt/asn_public.h
View File

@ -535,9 +535,10 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
#endif /* WOLFSSL_PEM_TO_DER */
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER)
WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
unsigned char* derBuf, int derSz);
WOLFSSL_API int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der);
#endif
WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
@ -545,9 +546,10 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
#ifdef WOLFSSL_CERT_GEN
#ifndef NO_FILESYSTEM
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_PEM_TO_DER)
WOLFSSL_API int wc_PemCertToDer(const char* fileName,
unsigned char* derBuf, int derSz);
WOLFSSL_API int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der);
#endif
#endif /* WOLFSSL_CERT_GEN */