diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 4fd93bc44..e865ba410 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -164,8 +164,8 @@ /* get index cert in PEM */ #define CyaSSL_X509_get_subjectCN wolfSSL_X509_get_subjectCN #define CyaSSL_X509_get_der wolfSSL_X509_get_der -#define CyaSSL_X509_notBefore wolfSSL_X509_notBefore -#define CyaSSL_X509_notAfter wolfSSL_X509_notAfter +#define CyaSSL_X509_get_notBefore wolfSSL_X509_get_notBefore +#define CyaSSL_X509_get_notAfter wolfSSL_X509_get_notAfter #define CyaSSL_X509_version wolfSSL_X509_version #define CyaSSL_cmp_peer_cert_to_file wolfSSL_cmp_peer_cert_to_file diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 1eed09aec..b4b1b3c1f 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -5819,7 +5819,7 @@ WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*); \brief This function checks to see if x509 is NULL and if it’s not, it returns the notAfter member of the x509 struct. - \return pointer returns a constant byte pointer to the notAfter + \return pointer to struct with ASN1_TIME to the notAfter member of the x509 struct. \return NULL returned if the x509 object is NULL. @@ -5830,15 +5830,15 @@ WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*); WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509) ; ... - byte* notAfter = wolfSSL_X509_notAfter(x509); + const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notAfter(x509); if(notAfter == NULL){ - // Failure case, the x509 object is null. + // Failure case, the x509 object is null. } \endcode - \sa none + \sa wolfSSL_X509_get_notBefore */ -WOLFSSL_API const unsigned char* wolfSSL_X509_notAfter(WOLFSSL_X509*); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509*); /*! \ingroup CertsKeys @@ -12210,8 +12210,8 @@ WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); \brief The function checks to see if x509 is NULL and if it’s not, it returns the notBefore member of the x509 struct. - \return pointer This function returns a constant byte pointer to the x509’s - member notAfter. + \return pointer to struct with ASN1_TIME to the notBefore + member of the x509 struct. \return NULL the function returns NULL if the x509 structure is NULL. \param x509 a pointer to the WOLFSSL_X509 struct. @@ -12221,15 +12221,15 @@ WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALLOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509) ; … - byte* notAfter = wolfSSL_X509_notAfter(x509); + const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notBefore(x509); if(notAfter == NULL){ //The x509 object was NULL } \endcode - \sa wolfSSL_X509_notAfter + \sa wolfSSL_X509_get_notAfter */ -WOLFSSL_API const unsigned char* wolfSSL_X509_notBefore(WOLFSSL_X509*); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509*); /*! \ingroup IO diff --git a/src/bio.c b/src/bio.c index 471c5eadf..f0f43929d 100644 --- a/src/bio.c +++ b/src/bio.c @@ -101,12 +101,12 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) XMEMCPY(tmp, (void*)(pt + sz), memSz - sz); /* reset internal bio->mem */ - XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->mem = tmp; - bio->memLen = memSz-sz; + XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); + bio->ptr = tmp; + bio->num = memSz-sz; if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->mem; - bio->mem_buf->length = bio->memLen; + bio->mem_buf->data = (char*)bio->ptr; + bio->mem_buf->length = bio->num; } } bio->wrSz -= sz; @@ -376,16 +376,16 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, return sz; } - if (bio->mem == NULL) { - bio->mem = (byte*)XMALLOC(len, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (bio->mem == NULL) { + if (bio->ptr == NULL) { + bio->ptr = (byte*)XMALLOC(len, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (bio->ptr == NULL) { WOLFSSL_MSG("Error on malloc"); return WOLFSSL_FAILURE; } - bio->memLen = len; + bio->num = len; if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->mem; - bio->mem_buf->length = bio->memLen; + bio->mem_buf->data = (char*)bio->ptr; + bio->mem_buf->length = bio->num; } } @@ -393,21 +393,21 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, if (wolfSSL_BIO_get_mem_data(bio, (void*)&buf) < 0) { return WOLFSSL_BIO_ERROR; } - if (bio->memLen < sz + len) { - bio->mem = (byte*)XREALLOC(bio->mem, sz + len, bio->heap, + if (bio->num < sz + len) { + bio->ptr = (byte*)XREALLOC(bio->ptr, sz + len, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (bio->mem == NULL) { + if (bio->ptr == NULL) { WOLFSSL_MSG("Error on realloc"); return WOLFSSL_FAILURE; } - bio->memLen = sz + len; + bio->num = sz + len; if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->mem; - bio->mem_buf->length = bio->memLen; + bio->mem_buf->data = (char*)bio->ptr; + bio->mem_buf->length = bio->num; } } - XMEMCPY(bio->mem + sz, data, len); + XMEMCPY((byte*)bio->ptr + sz, data, len); bio->wrSz += len; return len; @@ -543,22 +543,46 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } -/* NOTE: add support for bio->infoCb() when implemented */ -WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) +/* Wrapper for other BIO type funcions, expected to grow as OpenSSL compatability + * layer grows. + * + * return info. specific to the cmd that is passed in. + */ +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) { - (void)bio; - (void)cmd; - (void)larg; - (void)parg; + long ret; + + (void)larg; /* not currently used */ + + WOLFSSL_ENTER("wolfSSL_BIO_ctrl"); if (bio && bio->method && bio->method->custom && - bio->method->custom->ctrlCb) { + bio->method->custom->ctrlCb) { return bio->method->custom->ctrlCb(bio, cmd, larg, parg); } - WOLFSSL_STUB("BIO_ctrl"); - return 0; + switch(cmd) { + case BIO_CTRL_WPENDING: + ret = (long)wolfSSL_BIO_ctrl_pending(bio); + break; + case BIO_CTRL_INFO: + ret = (long)wolfSSL_BIO_get_mem_data(bio, parg); + break; + case BIO_CTRL_FLUSH: + ret = (long)wolfSSL_BIO_flush(bio); + break; + case BIO_CTRL_RESET: + ret = (long)wolfSSL_BIO_reset(bio); + break; + default: + WOLFSSL_MSG("CMD not yet implemented"); + ret = WOLFSSL_FAILURE; + break; + } + return ret; } +#endif /* helper function for wolfSSL_BIO_gets @@ -896,21 +920,21 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } - if (bio->mem != NULL) { - XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (bio->ptr != NULL) { + XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); } - bio->mem = (byte*)XMALLOC(bio->wrSz, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (bio->mem == NULL) { + bio->ptr = (byte*)XMALLOC(bio->wrSz, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (bio->ptr == NULL) { WOLFSSL_MSG("Memory allocation error"); return WOLFSSL_FAILURE; } - bio->memLen = bio->wrSz; + bio->num = bio->wrSz; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->mem; - bio->mem_buf->length = bio->memLen; + bio->mem_buf->data = (char*)bio->ptr; + bio->mem_buf->length = bio->num; } return WOLFSSL_SUCCESS; @@ -938,12 +962,12 @@ int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2) } /* set default write size if not already set */ - if (b1->mem == NULL && wolfSSL_BIO_set_write_buf_size(b1, + if (b1->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b1, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } - if (b2->mem == NULL && wolfSSL_BIO_set_write_buf_size(b2, + if (b2->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b2, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -984,7 +1008,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf) WOLFSSL_BIO* pair = bio->pair; /* case where have wrapped around write buffer */ - *buf = (char*)pair->mem + pair->rdIdx; + *buf = (char*)pair->ptr + pair->rdIdx; if (pair->wrIdx > 0 && pair->rdIdx >= pair->wrIdx) { return pair->wrSz - pair->rdIdx; } @@ -1016,7 +1040,7 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { /* special case if asking to read 0 bytes */ if (num == 0) { - *buf = (char*)bio->pair->mem + bio->pair->rdIdx; + *buf = (char*)bio->pair->ptr + bio->pair->rdIdx; return 0; } @@ -1067,7 +1091,7 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { if (num == 0) { - *buf = (char*)bio->mem + bio->wrIdx; + *buf = (char*)bio->ptr + bio->wrIdx; return 0; } @@ -1106,7 +1130,7 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (num < sz) { sz = num; } - *buf = (char*)bio->mem + bio->wrIdx; + *buf = (char*)bio->ptr + bio->wrIdx; bio->wrIdx += sz; /* if at the end of the buffer and space for wrap around then set @@ -1147,12 +1171,12 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) bio->rdIdx = 0; bio->wrIdx = 0; bio->wrSz = 0; - XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->mem = NULL; - bio->memLen = 0; + XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); + bio->ptr = NULL; + bio->num = 0; if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->mem; - bio->mem_buf->length = bio->memLen; + bio->mem_buf->data = (char*)bio->ptr; + bio->mem_buf->length = bio->num; } return 0; @@ -1177,7 +1201,7 @@ long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c) return WOLFSSL_FAILURE; } - bio->close = (byte)c; + bio->shutdown = (byte)c; bio->file = fp; return WOLFSSL_SUCCESS; @@ -1211,7 +1235,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) } if (bio->type == WOLFSSL_BIO_FILE) { - if (bio->file != XBADFILE && bio->close == BIO_CLOSE) { + if (bio->file != XBADFILE && bio->shutdown == BIO_CLOSE) { XFCLOSE(bio->file); } @@ -1219,7 +1243,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) if (bio->file == XBADFILE) { return WOLFSSL_FAILURE; } - bio->close = BIO_CLOSE; + bio->shutdown = BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -1339,11 +1363,11 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) case WOLFSSL_BIO_SOCKET: #ifdef XFCNTL { - int flag = XFCNTL(bio->fd, F_GETFL, 0); + int flag = XFCNTL(bio->num, F_GETFL, 0); if (on) - XFCNTL(bio->fd, F_SETFL, flag | O_NONBLOCK); + XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); else - XFCNTL(bio->fd, F_SETFL, flag & ~O_NONBLOCK); + XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); } #endif break; diff --git a/src/internal.c b/src/internal.c index c87385d3e..e1413b772 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3406,20 +3406,16 @@ void FreeX509(WOLFSSL_X509* x509) if (x509->authInfoCaIssuer != NULL) { XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT); } - if (x509->notBeforeTime != NULL) { - XFREE(x509->notBeforeTime, x509->heap, DYNAMIC_TYPE_OPENSSL); - } - if (x509->notAfterTime != NULL) { - XFREE(x509->notAfterTime, x509->heap, DYNAMIC_TYPE_OPENSSL); - } if (x509->ext_sk != NULL) { wolfSSL_sk_X509_EXTENSION_free(x509->ext_sk); } + #endif /* OPENSSL_ALL || WOLFSSL_QT */ + #ifdef OPENSSL_EXTRA /* Free serialNumber that was set by wolfSSL_X509_get_serialNumber */ if (x509->serialNumber != NULL) { wolfSSL_ASN1_INTEGER_free(x509->serialNumber); } - #endif /* OPENSSL_ALL || WOLFSSL_QT */ + #endif if (x509->extKeyUsageSrc != NULL) { XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT); x509->extKeyUsageSrc= NULL; @@ -4679,22 +4675,22 @@ int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl) { int pkcbset = 0; (void)ssl; - + #if defined(HAVE_ECC) || defined(HAVE_ED25519) || !defined(NO_RSA) if (0 #ifdef HAVE_ECC - || (ssl->ctx->EccSignCb != NULL && + || (ssl->ctx->EccSignCb != NULL && ssl->buffers.keyType == ecc_dsa_sa_algo) #endif #ifdef HAVE_ED25519 - || (ssl->ctx->Ed25519SignCb != NULL && + || (ssl->ctx->Ed25519SignCb != NULL && ssl->buffers.keyType == ed25519_sa_algo) #endif #ifndef NO_RSA || (ssl->ctx->RsaSignCb != NULL && ssl->buffers.keyType == rsa_sa_algo) || (ssl->ctx->RsaDecCb != NULL && ssl->buffers.keyType == rsa_kea) #ifdef WC_RSA_PSS - || (ssl->ctx->RsaPssSignCb != NULL && + || (ssl->ctx->RsaPssSignCb != NULL && ssl->buffers.keyType == rsa_pss_sa_algo) #endif #endif @@ -8905,17 +8901,20 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) } #endif /* WOLFSSL_SEP */ { - int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ); - if (minSz > 0) { + int minSz; + if (dCert->beforeDateLen > 0) { + minSz = min(dCert->beforeDate[1], MAX_DATE_SZ); + x509->notBefore.type = dCert->beforeDate[0]; x509->notBefore.length = minSz; - XMEMCPY(x509->notBefore.data, dCert->beforeDate, minSz); + XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz); } else x509->notBefore.length = 0; - minSz = min(dCert->afterDateLen, MAX_DATE_SZ); - if (minSz > 0) { + if (dCert->afterDateLen > 0) { + minSz = min(dCert->beforeDate[1], MAX_DATE_SZ); + x509->notAfter.type = dCert->beforeDate[0]; x509->notAfter.length = minSz; - XMEMCPY(x509->notAfter.data, dCert->afterDate, minSz); + XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); } else x509->notAfter.length = 0; @@ -10533,9 +10532,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->lastErr = MEMORY_E; goto exit_ppc; } - + XMEMCPY(ssl->peerTsipEncRsaKeyIndex, - args->dCert->tsip_encRsaKeyIdx, + args->dCert->tsip_encRsaKeyIdx, TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY); } #endif @@ -21108,8 +21107,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) if (tsip_useable(ssl)) { - ret = tsip_generatePremasterSecret( - &ssl->arrays->preMasterSecret[VERSION_SZ], + ret = tsip_generatePremasterSecret( + &ssl->arrays->preMasterSecret[VERSION_SZ], ENCRYPT_LEN - VERSION_SZ); } else { #endif @@ -21128,7 +21127,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor; ssl->arrays->preMasterSz = SECRET_LEN; - + break; } #endif /* !NO_RSA */ @@ -21452,13 +21451,13 @@ int SendClientKeyExchange(WOLFSSL* ssl) { #if defined(WOLFSSL_RENESAS_TSIP_TLS) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION) - if (tsip_useable(ssl) && + if (tsip_useable(ssl) && wc_RsaEncryptSize(ssl->peerRsaKey) == 256) { ret = tsip_generateEncryptPreMasterSecret(ssl, args->encSecret, &args->encSz); - - } else + + } else #endif ret = RsaEnc(ssl, ssl->arrays->preMasterSecret, SECRET_LEN, diff --git a/src/ssl.c b/src/ssl.c index 7388385b2..49d11874e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4578,7 +4578,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) if ( ret == 0 && signer != NULL ) { signer->cm_idx = row; if (type == WOLFSSL_USER_CA && tsip_rootCAverified() == 0 ) { - if (ret = tsip_tls_RootCertVerify(cert->source, cert->maxIdx, + if (ret = tsip_tls_RootCertVerify(cert->source, cert->maxIdx, cert->sigCtx.pubkey_n_start, cert->sigCtx.pubkey_n_len - 1, cert->sigCtx.pubkey_e_start, cert->sigCtx.pubkey_e_len - 1, row/* cm index */) @@ -10536,6 +10536,32 @@ int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl) return timeout; } +int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl, Timeval* timeleft) +{ + if (ssl && timeleft) { + XMEMSET(timeleft, 0, sizeof(Timeval)); + timeleft->tv_sec = ssl->dtls_timeout; + } + return 0; +} + +#ifndef NO_WOLFSSL_STUB +int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl) +{ + WOLFSSL_STUB("SSL_DTLSv1_handle_timeout"); + (void)ssl; + return 0; +} +#endif + +#ifndef NO_WOLFSSL_STUB +void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl, word32 duration_ms) +{ + WOLFSSL_STUB("SSL_DTLSv1_set_initial_timeout_duration"); + (void)ssl; + (void)duration_ms; +} +#endif /* user may need to alter init dtls recv timeout, WOLFSSL_SUCCESS on ok */ int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout) @@ -13295,10 +13321,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl) /* if WOLFSSL_BIO is socket type then set WOLFSSL socket to use */ if (rd != NULL && rd->type == WOLFSSL_BIO_SOCKET) { - wolfSSL_set_rfd(ssl, rd->fd); + wolfSSL_set_rfd(ssl, rd->num); } if (wr != NULL && wr->type == WOLFSSL_BIO_SOCKET) { - wolfSSL_set_wfd(ssl, wr->fd); + wolfSSL_set_wfd(ssl, wr->num); } /* free any existing WOLFSSL_BIOs in use */ @@ -13985,6 +14011,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_ENTER("wolfSSL_BIO_s_socket"); meth.type = WOLFSSL_BIO_SOCKET; + meth.custom = NULL; return &meth; } @@ -13997,8 +14024,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_ENTER("BIO_new_socket"); if (bio) { bio->type = WOLFSSL_BIO_SOCKET; - bio->close = (byte)closeF; - bio->fd = sfd; + bio->shutdown = (byte)closeF; + bio->num = sfd; } return bio; } @@ -14020,26 +14047,26 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (b != NULL) { b->ssl = ssl; - b->close = (byte)closeF; + b->shutdown = (byte)closeF; /* add to ssl for bio free if SSL_free called before/instead of free_all? */ } return 0; } - - long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int closeF) +#ifndef NO_FILESYSTEM + long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, XFILE fd, int closeF) { WOLFSSL_ENTER("wolfSSL_BIO_set_fd"); if (b != NULL) { - b->fd = fd; - b->close = (byte)closeF; + b->file = fd; + b->shutdown = (byte)closeF; } return WOLFSSL_SUCCESS; } - +#endif WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD* method) { @@ -14055,9 +14082,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl) DYNAMIC_TYPE_OPENSSL); if (bio) { XMEMSET(bio, 0, sizeof(WOLFSSL_BIO)); + bio->type = (byte)method->type; bio->method = method; - bio->type = method->type; - bio->close = BIO_CLOSE; /* default to close things */ + bio->shutdown = BIO_CLOSE; /* default to close things */ + bio->init = 1; if (method->type != WOLFSSL_BIO_FILE && method->type != WOLFSSL_BIO_SOCKET) { bio->mem_buf =(WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM), @@ -14067,7 +14095,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) wolfSSL_BIO_free(bio); return NULL; } - bio->mem_buf->data = (char*)bio->mem; + bio->mem_buf->data = (char*)bio->ptr; } /* check if is custom method */ @@ -14083,12 +14111,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_BIO_get_mem_data"); - if (bio == NULL || p == NULL) + if (bio == NULL) return WOLFSSL_FATAL_ERROR; - *(byte **)p = bio->mem; + if (p) { + *(byte**)p = (byte*)bio->ptr; + } - return bio->memLen; + return bio->num; } @@ -14105,18 +14135,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return bio; } - bio->memLen = bio->wrSz = len; - bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); - if (bio->mem == NULL) { + bio->num = bio->wrSz = len; + bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); + if (bio->ptr == NULL) { wolfSSL_BIO_free(bio); return NULL; } if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->mem; - bio->mem_buf->length = bio->memLen; + bio->mem_buf->data = (char*)bio->ptr; + bio->mem_buf->length = bio->num; } - XMEMCPY(bio->mem, buf, len); + XMEMCPY(bio->ptr, buf, len); return bio; } @@ -14152,34 +14182,34 @@ int wolfSSL_set_compression(WOLFSSL* ssl) bio->pair->pair = NULL; } - if (bio->close) { + if (bio->shutdown) { if (bio->ssl) wolfSSL_free(bio->ssl); #ifdef CloseSocket - if (bio->fd) - CloseSocket(bio->fd); + if (bio->type == WOLFSSL_BIO_SOCKET && bio->num) + CloseSocket(bio->num); #endif } #ifndef NO_FILESYSTEM - if (bio->type == WOLFSSL_BIO_FILE && bio->close == BIO_CLOSE) { + if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) { if (bio->file) { XFCLOSE(bio->file); } } #endif - if (bio->close != BIO_NOCLOSE) { - if (bio->mem != NULL) { + if (bio->shutdown != BIO_NOCLOSE) { + if (bio->ptr != NULL) { if (bio->mem_buf != NULL) { - if (bio->mem_buf->data != (char*)bio->mem) { - XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->mem = NULL; + if (bio->mem_buf->data != (char*)bio->ptr) { + XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); + bio->ptr = NULL; } } else { - XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->mem = NULL; + XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); + bio->ptr = NULL; } } if (bio->mem_buf != NULL) { @@ -14425,7 +14455,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ - #ifdef OPENSSL_EXTRA #if !defined(NO_WOLFSSL_SERVER) @@ -17726,29 +17755,6 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) return x509->version; } - - const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_X509_notBefore"); - - if (x509 == NULL) - return NULL; - - return x509->notBefore.data; - } - - - const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_X509_notAfter"); - - if (x509 == NULL) - return NULL; - - return x509->notAfter.data; - } - - #ifdef WOLFSSL_SEP /* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will @@ -17843,7 +17849,6 @@ byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in, /* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */ #if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) - WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509* x509) { WOLFSSL_ENTER("wolfSSL_X509_get_notBefore"); @@ -17851,7 +17856,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509* x509) if (x509 == NULL) return NULL; - return &(x509->notBefore); + return &x509->notBefore; } @@ -17862,7 +17867,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509* x509) if (x509 == NULL) return NULL; - return &(x509->notAfter); + return &x509->notAfter; } @@ -19160,6 +19165,18 @@ const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher) return wolfSSL_get_version(cipher->ssl); } +char* wolfSSL_CIPHER_get_rfc_name(const WOLFSSL_CIPHER* cipher) +{ + char* rfcName = NULL; + WOLFSSL_ENTER("SSL_CIPHER_get_rfc_name"); + + if (cipher == NULL || cipher->ssl == NULL) { + return NULL; + } + + return rfcName; +} + const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session) { if (session == NULL) { @@ -19197,6 +19214,38 @@ const char* wolfSSL_get_cipher_name_from_suite(const byte cipherSuite0, return GetCipherNameInternal(cipherSuite0, cipherSuite); } +word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher) +{ + word16 cipher_id = 0; + + WOLFSSL_ENTER("SSL_CIPHER_get_id"); + + if (cipher && cipher->ssl) { + cipher_id = (cipher->ssl->options.cipherSuite0 << 8) | + cipher->ssl->options.cipherSuite; + } + + return cipher_id; +} + +const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value) +{ + const WOLFSSL_CIPHER* cipher = NULL; + byte cipherSuite0, cipherSuite; + WOLFSSL_ENTER("SSL_get_cipher_by_value"); + + /* extract cipher id information */ + cipherSuite = (value & 0xFF); + cipherSuite0 = ((value >> 8) & 0xFF); + + /* TODO: lookup by cipherSuite0 / cipherSuite */ + (void)cipherSuite0; + (void)cipherSuite; + + return cipher; +} + + #if defined(OPENSSL_ALL) /* Free the structure for WOLFSSL_CIPHER stack * @@ -19928,6 +19977,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) /* if dataSz is negative then use XSTRLEN to find length of data * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */ + /* `data` can be NULL and only buffer will be allocated */ int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, int dataSz) { @@ -19935,7 +19985,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set"); - if (data == NULL || asn1 == NULL) { + if (asn1 == NULL || (data == NULL && dataSz < 0)) { return WOLFSSL_FAILURE; } @@ -19967,7 +20017,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) XMEMSET(asn1->strData, 0, CTC_NAME_SIZE); asn1->data = asn1->strData; } - XMEMCPY(asn1->data, data, sz); + if (data != NULL) { + XMEMCPY(asn1->data, data, sz); + } asn1->length = sz; return WOLFSSL_SUCCESS; @@ -20019,9 +20071,16 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) * * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */ - int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) + int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, + unsigned long nmflags, unsigned long cflag) { - WOLFSSL_ENTER("wolfSSL_X509_print"); + WOLFSSL_ENTER("wolfSSL_X509_print_ex"); + + #ifndef NO_WOLFSSL_STUB + /* flags currently not supported */ + (void)nmflags; + (void)cflag; + #endif if (bio == NULL || x509 == NULL) { return WOLFSSL_FAILURE; @@ -20042,7 +20101,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) int version; char tmp[17]; - if ((version = wolfSSL_X509_version(x509)) <= 0) { + if ((version = wolfSSL_X509_version(x509)) < 0) { WOLFSSL_MSG("Error getting X509 version"); return WOLFSSL_FAILURE; } @@ -20178,30 +20237,41 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) (int)XSTRLEN(" Not Before: ")) <= 0) { return WOLFSSL_FAILURE; } - if (GetTimeString(x509->notBefore.data + 2, ASN_UTC_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - if (GetTimeString(x509->notBefore.data + 2, ASN_GENERALIZED_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting not before date"); - return WOLFSSL_FAILURE; + if (x509->notBefore.length > 0) { + if (GetTimeString(x509->notBefore.data, ASN_UTC_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + if (GetTimeString(x509->notBefore.data, ASN_GENERALIZED_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error getting not before date"); + return WOLFSSL_FAILURE; + } } } + else { + XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); + } tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; } + if (wolfSSL_BIO_write(bio, "\n Not After : ", (int)XSTRLEN("\n Not After : ")) <= 0) { return WOLFSSL_FAILURE; } - if (GetTimeString(x509->notAfter.data + 2,ASN_UTC_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - if (GetTimeString(x509->notAfter.data + 2,ASN_GENERALIZED_TIME, + if (x509->notAfter.length > 0) { + if (GetTimeString(x509->notAfter.data, ASN_UTC_TIME, tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting not before date"); - return WOLFSSL_FAILURE; + if (GetTimeString(x509->notAfter.data, ASN_GENERALIZED_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error getting not before date"); + return WOLFSSL_FAILURE; + } } } + else { + XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); + } tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; @@ -20620,7 +20690,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } /* print out signature */ - { + if (x509->sig.length > 0) { unsigned char* sig; int sigSz; int i; @@ -20639,11 +20709,6 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } sigSz = (int)x509->sig.length; - if (sigSz <= 0) { - /* if sigSz invalid return here to avoid overhead of malloc */ - return WOLFSSL_FAILURE; - } - sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL) { return WOLFSSL_FAILURE; @@ -20697,6 +20762,10 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) return WOLFSSL_SUCCESS; } + int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) + { + return wolfSSL_X509_print_ex(bio, x509, 0, 0); + } #endif /* XSNPRINTF */ @@ -22743,14 +22812,10 @@ void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj) } #endif -#ifndef NO_WOLFSSL_STUB int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime) { - (void)asnTime; - WOLFSSL_STUB("X509_cmp_current_time"); - return 0; + return wolfSSL_X509_cmp_time(asnTime, NULL); } -#endif /* return -1 if asnTime is earlier than or equal to cmpTime, and 1 otherwise * return 0 on error @@ -22769,68 +22834,84 @@ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime) (void)tmpTs; #endif + if (asnTime == NULL) { + return WOLFSSL_FAILURE; + } - if (asnTime != NULL) { - if (cmpTime == NULL) { - /* Use current time */ - *pTime = XTIME(0); - } - else { - pTime = cmpTime; - } + if (cmpTime == NULL) { + /* Use current time */ + *pTime = XTIME(0); + } + else { + pTime = cmpTime; + } - /* Convert ASN1_time to time_t */ - XMEMSET(&ts, 0, sizeof(struct tm)); + /* Convert ASN1_time to time_t */ + XMEMSET(&ts, 0, sizeof(struct tm)); - /* Check type */ - if (asnTime->data[0] == ASN_UTC_TIME) { - /* 2-digit year */ - i += 2; /* Skip type and size */ - XMEMCPY(data_ptr, &asnTime->data[i], ASN_UTC_TIME_SIZE); - ts.tm_year = (data_ptr[i] - '0') * 10; i++; - ts.tm_year += data_ptr[i] - '0'; i++; - if (ts.tm_year < 70) { - ts.tm_year += 100; - } - } - else if (asnTime->data[0] == ASN_GENERALIZED_TIME) { - /* 4-digit year */ - i += 2; /* Skip type and size */ - XMEMCPY(data_ptr, &asnTime->data[i], ASN_GENERALIZED_TIME_SIZE); - ts.tm_year = (data_ptr[i] - '0') * 1000; i++; - ts.tm_year += (data_ptr[i] - '0') * 100; i++; - ts.tm_year += (data_ptr[i] - '0') * 10; i++; - ts.tm_year += data_ptr[i] - '0'; i++; - ts.tm_year -= 1900; - } - else { - /* Invalid type */ - inv = 1; + /* Check type */ + if (asnTime->type == ASN_UTC_TIME) { + /* 2-digit year */ + XMEMCPY(data_ptr, &asnTime->data[i], ASN_UTC_TIME_SIZE); + ts.tm_year = (data_ptr[i] - '0') * 10; i++; + ts.tm_year += data_ptr[i] - '0'; i++; + if (ts.tm_year < 70) { + ts.tm_year += 100; } + } + else if (asnTime->type == ASN_GENERALIZED_TIME) { + /* 4-digit year */ + XMEMCPY(data_ptr, &asnTime->data[i], ASN_GENERALIZED_TIME_SIZE); + ts.tm_year = (data_ptr[i] - '0') * 1000; i++; + ts.tm_year += (data_ptr[i] - '0') * 100; i++; + ts.tm_year += (data_ptr[i] - '0') * 10; i++; + ts.tm_year += data_ptr[i] - '0'; i++; + ts.tm_year -= 1900; + } + else { + /* Invalid type */ + inv = 1; + } - if (inv != 1) { - ts.tm_mon = (data_ptr[i] - '0') * 10; i++; - ts.tm_mon += (data_ptr[i] - '0') - 1; i++; /* January is 0 not 1 */ - ts.tm_mday = (data_ptr[i] - '0') * 10; i++; - ts.tm_mday += (data_ptr[i] - '0'); i++; - ts.tm_hour = (data_ptr[i] - '0') * 10; i++; - ts.tm_hour += (data_ptr[i] - '0'); i++; - ts.tm_min = (data_ptr[i] - '0') * 10; i++; - ts.tm_min += (data_ptr[i] - '0'); i++; - ts.tm_sec = (data_ptr[i] - '0') * 10; i++; - ts.tm_sec += (data_ptr[i] - '0'); + if (inv != 1) { + ts.tm_mon = (data_ptr[i] - '0') * 10; i++; + ts.tm_mon += (data_ptr[i] - '0') - 1; i++; /* January is 0 not 1 */ + ts.tm_mday = (data_ptr[i] - '0') * 10; i++; + ts.tm_mday += (data_ptr[i] - '0'); i++; + ts.tm_hour = (data_ptr[i] - '0') * 10; i++; + ts.tm_hour += (data_ptr[i] - '0'); i++; + ts.tm_min = (data_ptr[i] - '0') * 10; i++; + ts.tm_min += (data_ptr[i] - '0'); i++; + ts.tm_sec = (data_ptr[i] - '0') * 10; i++; + ts.tm_sec += (data_ptr[i] - '0'); - /* Convert to time struct*/ - ct = XGMTIME(pTime, tmpTs); + /* Convert to time struct*/ + ct = XGMTIME(pTime, tmpTs); - /* DAteGreaterThan returns 1 for >; 0 for <= */ - ret = DateGreaterThan(&ts, ct) ? 1 : -1; - } + /* DateGreaterThan returns 1 for >; 0 for <= */ + ret = DateGreaterThan(&ts, ct) ? 1 : -1; } return ret; } +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ + !defined(TIME_OVERRIDES) +WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTime, + int offset_day, long offset_sec, time_t *in_tm) +{ + /* get current time if in_tm is null */ + time_t t = in_tm ? *in_tm : XTIME(0); + return wolfSSL_ASN1_TIME_adj(asnTime, t, offset_day, offset_sec); +} + +WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj(WOLFSSL_ASN1_TIME *asnTime, + long offset_sec, time_t *in_tm) +{ + return wolfSSL_X509_time_adj_ex(asnTime, 0, offset_sec, in_tm); +} +#endif + #ifndef NO_WOLFSSL_STUB int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked) { @@ -23011,6 +23092,8 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509) i += SetLength(x509->serialSz, a->data + i); XMEMCPY(&a->data[i], x509->serial, x509->serialSz); + x509->serialNumber = a; + return a; } @@ -23048,10 +23131,6 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len) { - int format; - int dateLen; - byte* date; - WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string"); if (t == NULL || buf == NULL || len < 5) { @@ -23059,15 +23138,12 @@ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len) return NULL; } - date = t->data; - format = *date; date++; - dateLen = *date; date++; - if (dateLen > len) { + if (t->length > len) { WOLFSSL_MSG("Length of date is longer then buffer"); return NULL; } - if (!GetTimeString(date, format, buf, len)) { + if (!GetTimeString(t->data, t->type, buf, len)) { return NULL; } @@ -23079,8 +23155,7 @@ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len) #ifdef OPENSSL_EXTRA -#if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ - !defined(TIME_OVERRIDES) && !defined(NO_FILESYSTEM) +#if !defined(NO_ASN_TIME) && !defined(USER_TIME) && !defined(TIME_OVERRIDES) WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, int offset_day, long offset_sec) @@ -23090,7 +23165,6 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, struct tm* tmpTime = NULL; time_t t_adj = 0; time_t offset_day_sec = 0; - int sz = 0; #if defined(NEED_TMP_TIME) struct tm tmpTimeStorage; @@ -23125,7 +23199,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, if (ts->tm_year >= 50 && ts->tm_year < 150){ char utc_str[ASN_UTC_TIME_SIZE]; int utc_year = 0,utc_mon,utc_day,utc_hour,utc_min,utc_sec; - byte *data_ptr = NULL; + + s->type = V_ASN1_UTCTIME; + s->length = ASN_UTC_TIME_SIZE; if (ts->tm_year >= 50 && ts->tm_year < 100){ utc_year = ts->tm_year; @@ -23137,19 +23213,17 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, utc_hour = ts->tm_hour; utc_min = ts->tm_min; utc_sec = ts->tm_sec; - XSNPRINTF((char *)utc_str, ASN_UTC_TIME_SIZE, + XSNPRINTF((char *)utc_str, sizeof(utc_str), "%02d%02d%02d%02d%02d%02dZ", utc_year, utc_mon, utc_day, utc_hour, utc_min, utc_sec); - data_ptr = s->data; - *data_ptr = (byte) ASN_UTC_TIME; data_ptr++; - *data_ptr = (byte) ASN_UTC_TIME_SIZE; data_ptr++; - XMEMCPY(data_ptr,(byte *)utc_str, ASN_UTC_TIME_SIZE); - sz = ASN_UTC_TIME_SIZE; + XMEMCPY(s->data, (byte *)utc_str, s->length); /* GeneralizedTime */ } else { char gt_str[ASN_GENERALIZED_TIME_MAX]; int gt_year,gt_mon,gt_day,gt_hour,gt_min,gt_sec; - byte *data_ptr = NULL; + + s->type = V_ASN1_GENERALIZEDTIME; + s->length = ASN_GENERALIZED_TIME_SIZE; gt_year = ts->tm_year + 1900; gt_mon = ts->tm_mon + 1; @@ -23157,21 +23231,15 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, gt_hour = ts->tm_hour; gt_min = ts->tm_min; gt_sec = ts->tm_sec; - XSNPRINTF((char *)gt_str, ASN_GENERALIZED_TIME_MAX, + XSNPRINTF((char *)gt_str, sizeof(gt_str), "%4d%02d%02d%02d%02d%02dZ", gt_year, gt_mon, gt_day, gt_hour, gt_min,gt_sec); - data_ptr = s->data; - *data_ptr = (byte) ASN_GENERALIZED_TIME; data_ptr++; - *data_ptr = (byte) ASN_GENERALIZED_TIME_SIZE; data_ptr++; - XMEMCPY(data_ptr,(byte *)gt_str, ASN_GENERALIZED_TIME_SIZE); - sz = ASN_GENERALIZED_TIME_SIZE; + XMEMCPY(s->data, (byte *)gt_str, s->length); } - /* +2 for tag and length */ - s->length = sz + 2; return s; } -#endif /* !NO_ASN_TIME && !USER_TIME && !TIME_OVERRIDES && !NO_FILESYSTEM */ +#endif /* !NO_ASN_TIME && !USER_TIME && !TIME_OVERRIDES */ #ifndef NO_WOLFSSL_STUB int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, @@ -25649,7 +25717,7 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) if (bio == NULL || a == NULL) { return WOLFSSL_FAILURE; } - if (a->data[0] != ASN_UTC_TIME) { + if (a->type != ASN_UTC_TIME) { WOLFSSL_MSG("Error, not UTC_TIME"); return WOLFSSL_FAILURE; } @@ -25717,25 +25785,25 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, if (bio == NULL || asnTime == NULL) return BAD_FUNC_ARG; - if (asnTime->data[0] != ASN_GENERALIZED_TIME) { + if (asnTime->type != ASN_GENERALIZED_TIME) { WOLFSSL_MSG("Error, not GENERALIZED_TIME"); return WOLFSSL_FAILURE; } - p = (const char *)(asnTime->data + 2); + p = (const char *)(asnTime->data); /* GetTimeString not always available. */ - wolfSSL_BIO_write(bio, MonthStr(p + 4), 3); + wolfSSL_BIO_write(bio, MonthStr(p + 2), 3); wolfSSL_BIO_write(bio, " ", 1); /* Day */ - wolfSSL_BIO_write(bio, p + 6, 2); + wolfSSL_BIO_write(bio, p + 4, 2); wolfSSL_BIO_write(bio, " ", 1); /* Hour */ - wolfSSL_BIO_write(bio, p + 8, 2); + wolfSSL_BIO_write(bio, p + 6, 2); wolfSSL_BIO_write(bio, ":", 1); /* Min */ - wolfSSL_BIO_write(bio, p + 10, 2); + wolfSSL_BIO_write(bio, p + 8, 2); wolfSSL_BIO_write(bio, ":", 1); /* Secs */ - wolfSSL_BIO_write(bio, p + 12, 2); + wolfSSL_BIO_write(bio, p + 10, 2); wolfSSL_BIO_write(bio, " ", 1); wolfSSL_BIO_write(bio, p, 4); @@ -27115,6 +27183,14 @@ int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn) return mp_count_bits((mp_int*)bn->internal); } +int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM* bn) +{ + if (bn == NULL) + return WOLFSSL_FAILURE; + + return mp_isneg((mp_int*)bn->internal); +} + /* return compliant with OpenSSL * 1 if BIGNUM is zero, 0 else */ int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn) @@ -27950,15 +28026,57 @@ WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM *r, return r; } -#ifndef NO_WOLFSSL_STUB -WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai) +WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai) { - WOLFSSL_STUB("wolfSSL_BN_to_ASN1_INTEGER"); - (void)bn; - (void)ai; - return NULL; + WOLFSSL_ASN1_INTEGER* a; + int len; + + if (ai == NULL) { + a = wolfSSL_ASN1_INTEGER_new(); + a->type = V_ASN1_INTEGER; + } + else { + a = ai; + } + if (a) { + if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) { + a->type |= V_ASN1_NEG_INTEGER; + a->negative = 1; + } + + len = wolfSSL_BN_num_bytes(bn); + if (len == 0) + len = 1; + + /* allocate buffer */ + if (len > (int)sizeof(a->intData)) { + /* create new data buffer and copy over */ + a->data = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + if (a->data == NULL) { + if (a != ai) + wolfSSL_ASN1_INTEGER_free(a); + return NULL; + } + a->isDynamic = 1; + } + else { + XMEMSET(a->intData, 0, sizeof(a->intData)); + a->data = a->intData; + } + a->length = len; + + /* populate data */ + if (wolfSSL_BN_is_zero(bn)) { + a->data[0] = 0; + } + else { + len = wolfSSL_BN_bn2bin(bn, a->data); + } + a->length = len; + } + + return a; } -#endif #ifndef NO_DH @@ -28776,9 +28894,9 @@ void wolfSSL_DSA_free(WOLFSSL_DSA* dsa) } #endif /* NO_DSA */ - #endif /* OPENSSL_EXTRA */ -#if !defined(NO_RSA) && defined(OPENSSL_EXTRA_X509_SMALL) + +#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) static void InitwolfSSL_Rsa(WOLFSSL_RSA* rsa) { if (rsa) { @@ -28894,7 +29012,7 @@ WOLFSSL_RSA* wolfSSL_RSA_new(void) external->inSet = 0; return external; } -#endif /* !NO_RSA && OPENSSL_EXTRA_X509_SMALL */ +#endif /* !NO_RSA && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ /* these defines are to make sure the functions SetIndividualExternal is not * declared and then not used. */ @@ -29041,7 +29159,7 @@ WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa) return dh; } -#endif /* !defined(NO_DSA) && !defined(NO_DH) */ +#endif /* !NO_DSA && !NO_DH */ #endif /* OPENSSL_EXTRA */ #endif /* !NO_RSA && !NO_DSA */ @@ -29514,6 +29632,9 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, { int sz = 0; WC_RNG* rng = NULL; +#if !defined(WC_RSA_BLINDING) || defined(HAVE_USER_RSA) + WC_RNG rng_lcl; +#endif RsaKey* key; WOLFSSL_MSG("wolfSSL_RSA_private_encrypt"); @@ -29539,18 +29660,20 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, } key = (RsaKey*)rsa->internal; - #if defined(WC_RSA_BLINDING) && !defined(HAVE_USER_RSA) +#if defined(WC_RSA_BLINDING) && !defined(HAVE_USER_RSA) rng = key->rng; - #else -#ifndef HAVE_FIPS - if (wc_InitRng_ex(rng, key->heap, INVALID_DEVID) != 0) { #else - if (wc_InitRng(rng) != 0) { -#endif + rng = &rng_lcl; + #ifndef HAVE_FIPS + if (wc_InitRng_ex(rng, key->heap, INVALID_DEVID) != 0) + #else + if (wc_InitRng(rng) != 0) + #endif + { WOLFSSL_MSG("Error with random number"); return SSL_FATAL_ERROR; } - #endif +#endif /* size of output buffer must be size of RSA key */ sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa), key, rng); @@ -30302,7 +30425,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) else return WOLFSSL_FATAL_ERROR; } -#endif /* NO_RSA */ +#endif /* !NO_RSA && !HAVE_USER_RSA */ int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx) { @@ -31253,8 +31376,8 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, #endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */ #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && !defined(NO_RSA) -#ifndef NO_RSA /* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO * * bio the WOLFSSL_BIO to write to @@ -31335,9 +31458,153 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, return ret; } -#endif /* NO_RSA */ + +/* Takes an RSA public key and writes it out to a WOLFSSL_BIO + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa) +{ + int ret = 0, derMax = 0, derSz = 0; + byte *derBuf = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSA_PUBKEY"); + + if (bio == NULL || rsa == NULL) { + WOLFSSL_MSG("Bad Function Arguments"); + return WOLFSSL_FAILURE; + } + + /* Initialize pkey structure */ + pkey = wolfSSL_PKEY_new_ex(bio->heap); + if (pkey == NULL) { + WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + return WOLFSSL_FAILURE; + } + + pkey->type = EVP_PKEY_RSA; + pkey->rsa = rsa; + pkey->ownRsa = 0; + + /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional + * informations + */ + derMax = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; + + derBuf = (byte*)XMALLOC(derMax, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + /* Key to DER */ + derSz = wc_RsaKeyToPublicDer((RsaKey*)rsa->internal, derBuf, derMax); + if (derSz < 0) { + WOLFSSL_MSG("wc_RsaKeyToPublicDer failed"); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey); + wolfSSL_EVP_PKEY_free(pkey); + + return ret; +} +/* Reads an RSA public key from a WOLFSSL_BIO into a WOLFSSL_RSA + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_RSA** rsa, + pem_password_cb* cb, void *pass) +{ + WOLFSSL_EVP_PKEY* pkey; + WOLFSSL_RSA* local; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_RSA_PUBKEY"); + + pkey = wolfSSL_PEM_read_bio_PUBKEY(bio, NULL, cb, pass); + if (pkey == NULL) { + return NULL; + } + + /* Since the WOLFSSL_RSA structure is being taken from WOLFSSL_EVP_PKEY the + * flag indicating that the WOLFSSL_RSA structure is owned should be FALSE + * to avoid having it free'd */ + pkey->ownRsa = 0; + local = pkey->rsa; + if (rsa != NULL){ + *rsa = local; + } + + wolfSSL_EVP_PKEY_free(pkey); + return local; +} + +#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) && !defined(NO_RSA) */ + +/* Takes a public key and writes it out to a WOLFSSL_BIO + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) +{ + byte* keyDer; + int pemSz; + int ret; + byte* tmp; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY"); + + if (bio == NULL || key == NULL) { + return WOLFSSL_FAILURE; + } + + keyDer = (byte*)key->pkey.ptr; + + pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, PUBLICKEY_TYPE); + if (pemSz < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PUBKEY", pemSz); + return WOLFSSL_FAILURE; + } + tmp = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (tmp == NULL) { + return MEMORY_E; + } + + ret = wc_DerToPemEx(keyDer, key->pkey_sz, tmp, pemSz, + NULL, PUBLICKEY_TYPE); + if (ret < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PUBKEY", ret); + XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); + return WOLFSSL_FAILURE; + } + + ret = wolfSSL_BIO_write(bio, tmp, pemSz); + XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (ret != pemSz) { + WOLFSSL_MSG("Unable to write full PEM to BIO"); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} + +/* Takes a private key and writes it out to a WOLFSSL_BIO + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, @@ -31358,6 +31625,7 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey"); if (bio == NULL || key == NULL) { + WOLFSSL_MSG("Bad Function Arguments"); return WOLFSSL_FAILURE; } @@ -31376,9 +31644,17 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, break; #endif +#ifdef HAVE_ECC case EVP_PKEY_EC: type = ECC_PRIVATEKEY_TYPE; break; +#endif + +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) + case EVP_PKEY_DH: + type = DH_PRIVATEKEY_TYPE; + break; +#endif default: WOLFSSL_MSG("Unknown Key type!"); @@ -31400,17 +31676,17 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, if (ret < 0) { WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret); XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } ret = wolfSSL_BIO_write(bio, tmp, pemSz); XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); if (ret != pemSz) { WOLFSSL_MSG("Unable to write full PEM to BIO"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } #endif /* defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) */ @@ -34155,7 +34431,7 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) return ret; } } - if ((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) + if ((derLen = wc_RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) return WOLFSSL_FATAL_ERROR; der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { @@ -35162,20 +35438,24 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) cert->version = (int)wolfSSL_X509_get_version(x509); #ifdef WOLFSSL_ALT_NAMES - if (x509->notBefore.length < CTC_DATE_SIZE) { - XMEMCPY(cert->beforeDate, x509->notBefore.data, + if ((x509->notBefore.length + 2) < CTC_DATE_SIZE) { + cert->beforeDate[0] = x509->notBefore.type; + cert->beforeDate[1] = x509->notBefore.length; + XMEMCPY(&cert->beforeDate[2], x509->notBefore.data, x509->notBefore.length); - cert->beforeDateSz = x509->notBefore.length; + cert->beforeDateSz = x509->notBefore.length + 2; } else { WOLFSSL_MSG("Not before date too large"); return WOLFSSL_FAILURE; } - if (x509->notAfter.length < CTC_DATE_SIZE) { - XMEMCPY(cert->afterDate, x509->notAfter.data, + if ((x509->notAfter.length + 2) < CTC_DATE_SIZE) { + cert->afterDate[0] = x509->notAfter.type; + cert->afterDate[1] = x509->notAfter.length; + XMEMCPY(&cert->afterDate[2], x509->notAfter.data, x509->notAfter.length); - cert->afterDateSz = x509->notAfter.length; + cert->afterDateSz = x509->notAfter.length + 2; } else { WOLFSSL_MSG("Not after date too large"); @@ -35539,6 +35819,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_LEAVE("wolfSSL_X509_sign", ret); return WOLFSSL_FAILURE; } + return ret; } @@ -36355,7 +36636,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( WOLFSSL_X509_NAME_ENTRY** out, int nid, int type, - unsigned char* data, int dataSz) + const unsigned char* data, int dataSz) { WOLFSSL_X509_NAME_ENTRY* ne = NULL; @@ -36999,7 +37280,21 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) wolfSSL_X509_NAME_ENTRY_free(entry); return ret; } - #endif /* ifndef NO_CERTS */ + + int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid, + int type, const unsigned char *bytes, + int len, int loc, int set) + { + int ret; + WOLFSSL_X509_NAME_ENTRY* entry; + entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); + if (entry == NULL) + return WOLFSSL_FAILURE; + ret = wolfSSL_X509_NAME_add_entry(name, entry, loc, set); + wolfSSL_X509_NAME_ENTRY_free(entry); + return ret; + } + #endif /* !NO_CERTS */ /* NID variables are dependent on compatibility header files currently @@ -41953,7 +42248,7 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl, return WOLFSSL_FAILURE; } - /* convert into comma seperated list */ + /* convert into comma separated list */ while (idx < p_len - 1) { unsigned int i; @@ -42189,39 +42484,34 @@ int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str) #endif /* (WOLFSSL_QT || OPENSSL_ALL) && !NO_ASN */ #ifndef NO_ASN_TIME +/* not a compatibility function - length getter for opaque type */ int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t) { WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_length"); if (t == NULL) return WOLFSSL_FAILURE; - - return (int)t->data[1]; + return t->length; } - +/* not a compatibility function - data getter for opaque type */ unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t) { - unsigned char *dptr = NULL; - WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_data"); if (t == NULL) return NULL; - - dptr = t->data + 2; - return dptr; + return t->data; } -WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, +WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out) { - unsigned char time_type = 0; + int time_type = 0; WOLFSSL_ASN1_TIME *ret = NULL; - unsigned char *data_ptr = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime"); if (t == NULL) { WOLFSSL_MSG("Invalid ASN_TIME value"); } else { - time_type = t->data[0]; + time_type = t->type; if (time_type != ASN_UTC_TIME && time_type != ASN_GENERALIZED_TIME){ WOLFSSL_MSG("Invalid ASN_TIME type."); } else { @@ -42243,18 +42533,16 @@ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, if (ret != NULL) { if (time_type == ASN_GENERALIZED_TIME){ XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE); - } else { - /* (time_type == ASN_UTC_TIME) */ - ret->data[0] = ASN_GENERALIZED_TIME; - ret->data[1] = ASN_GENERALIZED_TIME_SIZE; - data_ptr = ret->data + 2; - if (t->data[2] >= '5') { - XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, - "19%s", t->data + 2); + } else { /* ASN_UTC_TIME */ + /* convert UTC to generalized time */ + ret->type = ASN_GENERALIZED_TIME; + ret->length = ASN_GENERALIZED_TIME_SIZE; + if (t->data[0] >= '5') { + ret->data[0] = '1'; ret->data[1] = '9'; } else { - XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, - "20%s", t->data + 2); + ret->data[0] = '2'; ret->data[1] = '0'; } + XMEMCPY(&ret->data[2], t->data, ASN_UTC_TIME_SIZE); } } @@ -42405,9 +42693,7 @@ int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x) } #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_ALL) - -#ifndef NO_RSA +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) { if (pkey == NULL || key == NULL) @@ -42417,10 +42703,32 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) pkey->rsa = key; pkey->ownRsa = 1; + /* try and populate public pkey_sz and pkey.ptr */ + if (key->internal) { + RsaKey* rsa = (RsaKey*)key->internal; + int ret = wc_RsaPublicKeyDerSize(rsa, 1); + if (ret > 0) { + int derSz = ret; + char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf) { + ret = wc_RsaKeyToPublicDer(rsa, (byte*)derBuf, derSz); + if (ret >= 0) { + pkey->pkey_sz = ret; + pkey->pkey.ptr = derBuf; + } + else { /* failure - okay to ignore */ + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = NULL; + } + } + } + } + return WOLFSSL_SUCCESS; } #endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) { if (pkey == NULL || key == NULL) @@ -42430,6 +42738,27 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) pkey->ecc = key; pkey->ownEcc = 1; + /* try and populate public pkey_sz and pkey.ptr */ + if (key->internal) { + ecc_key* ecc = (ecc_key*)key->internal; + int ret = wc_EccPublicKeyDerSize(ecc, 1); + if (ret > 0) { + int derSz = ret; + char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf) { + ret = wc_EccPublicKeyToDer(ecc, (byte*)derBuf, derSz, 1); + if (ret >= 0) { + pkey->pkey_sz = ret; + pkey->pkey.ptr = derBuf; + } + else { /* failure - okay to ignore */ + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = NULL; + } + } + } + } + return WOLFSSL_SUCCESS; } #endif @@ -42960,6 +43289,7 @@ int wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO* bio) (void)bio; return 0; } + /* DER data is PKCS#8 encrypted. */ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** pkey, @@ -43059,8 +43389,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, return key; } +#endif -#ifndef NO_CERTS +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_REQ) int wolfSSL_X509_set_subject_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name) { int i; @@ -43120,57 +43452,25 @@ int wolfSSL_X509_set_issuer_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name) return WOLFSSL_SUCCESS; } -#endif /* NO_CERTS */ - -#endif /* OPENSSL_ALL */ - -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ - !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t) { - unsigned int i; - unsigned char d; - - WOLFSSL_ENTER("wolfSSL_X509_set_notAfter"); - if (!x509 || !t) - return WOLFSSL_FAILURE; - - if (t->length >= MAX_DATE_SZ + 2) { - WOLFSSL_MSG("Input was larger than expected"); + if (x509 == NULL || t == NULL) { return WOLFSSL_FAILURE; } - for (i = 0; i < MAX_DATE_SZ && (d = t->data[i]) != '\0'; i++) - x509->notAfter.data[i] = d; - - x509->notAfter.data[i] = '\0'; - x509->notAfter.length = i; - - WOLFSSL_LEAVE("wolfSSL_X509_set_notAfter", WOLFSSL_SUCCESS); + XMEMCPY(&x509->notAfter, t, sizeof(WOLFSSL_ASN1_TIME)); return WOLFSSL_SUCCESS; } int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t) { - unsigned int i; - unsigned char d; - - WOLFSSL_ENTER("wolfSSL_X509_set_notBefore"); - if (!x509 || !t) - return WOLFSSL_FAILURE; - - if (t->length >= MAX_DATE_SZ + 2) { - WOLFSSL_MSG("Input was larger than expected"); + if (x509 == NULL || t == NULL) { return WOLFSSL_FAILURE; } - for (i = 0; i < t->length && (d = t->data[i]) != '\0'; i++) - x509->notBefore.data[i] = d; - - x509->notBefore.data[i] = '\0'; - x509->notBefore.length = i; + XMEMCPY(&x509->notBefore, t, sizeof(WOLFSSL_ASN1_TIME)); return WOLFSSL_SUCCESS; } @@ -43192,6 +43492,35 @@ int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s) return WOLFSSL_SUCCESS; } + +int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) +{ + byte* p; + WOLFSSL_ENTER("wolfSSL_X509_set_pubkey"); + + if (cert == NULL || pkey == NULL) + return WOLFSSL_FAILURE; + + if (pkey->type == EVP_PKEY_RSA) + cert->pubKeyOID = RSAk; + else if (pkey->type == EVP_PKEY_EC) + cert->pubKeyOID = ECDSAk; + else + return WOLFSSL_FAILURE; + + p = (byte*)XMALLOC(pkey->pkey_sz, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (p == NULL) + return WOLFSSL_FAILURE; + + if (cert->pubKey.buffer != NULL) + XFREE(cert->pubKey.buffer, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); + cert->pubKey.buffer = p; + XMEMCPY(cert->pubKey.buffer, pkey->pkey.ptr, pkey->pkey_sz); + cert->pubKey.length = pkey->pkey_sz; + + return WOLFSSL_SUCCESS; +} + int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v) { WOLFSSL_ENTER("wolfSSL_X509_set_version"); @@ -43202,6 +43531,11 @@ int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v) return WOLFSSL_SUCCESS; } +#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */ + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer, WOLFSSL_X509* subject, WOLFSSL_X509* req, WOLFSSL_X509_CRL* crl, int flag) @@ -43235,11 +43569,6 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer, } } - -#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD */ - -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ - defined(WOLFSSL_CERT_REQ) int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out) { const unsigned char* der; @@ -43267,35 +43596,6 @@ int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out) return derSz; } -int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) -{ - byte* p; - WOLFSSL_ENTER("wolfSSL_X509_set_pubkey"); - - if (cert == NULL || pkey == NULL) - return WOLFSSL_FAILURE; - - if (pkey->type == EVP_PKEY_RSA) - cert->pubKeyOID = RSAk; - else if (pkey->type == EVP_PKEY_EC) - cert->pubKeyOID = ECDSAk; - else - return WOLFSSL_FAILURE; - - p = (byte*)XMALLOC(pkey->pkey_sz, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (p == NULL) - return WOLFSSL_FAILURE; - - if (cert->pubKey.buffer != NULL) - XFREE(cert->pubKey.buffer, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); - cert->pubKey.buffer = p; - XMEMCPY(cert->pubKey.buffer, pkey->pkey.ptr, pkey->pkey_sz); - cert->pubKey.length = pkey->pkey_sz; - - return WOLFSSL_SUCCESS; -} - - WOLFSSL_X509* wolfSSL_X509_REQ_new(void) { return wolfSSL_X509_new(); @@ -43306,7 +43606,6 @@ void wolfSSL_X509_REQ_free(WOLFSSL_X509* req) wolfSSL_X509_free(req); } - int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md) { @@ -43350,7 +43649,7 @@ int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey) { return wolfSSL_X509_set_pubkey(req, pkey); } -#endif +#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */ #ifdef HAVE_ENCRYPT_THEN_MAC /** diff --git a/tests/api.c b/tests/api.c index bf5a005fc..873f78fd9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18869,8 +18869,8 @@ static void test_wolfSSL_ASN1_TIME_print(void) /* create a bad time and test results */ AssertNotNull(t = X509_get_notAfter(x509)); AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_SUCCESS); - t->data[10] = 0; - t->data[5] = 0; + t->data[8] = 0; + t->data[3] = 0; AssertIntNE(ASN1_TIME_print(bio, t), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); @@ -18891,8 +18891,6 @@ static void test_wolfSSL_ASN1_UTCTIME_print(void) unsigned char buf[25]; const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */ const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */ - byte* ptr1; - byte* ptr2; printf(testingFmt, "ASN1_UTCTIME_print()"); @@ -18905,10 +18903,9 @@ static void test_wolfSSL_ASN1_UTCTIME_print(void) AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL, DYNAMIC_TYPE_ASN1)); - ptr1 = utc->data; - *ptr1 = (byte)ASN_UTC_TIME; ptr1++; - *ptr1 = (byte)ASN_UTC_TIME_SIZE; ptr1++; - XMEMCPY(ptr1, (byte*)validDate, ASN_UTC_TIME_SIZE); + utc->type = ASN_UTC_TIME; + utc->length = ASN_UTC_TIME_SIZE; + XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE); AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0); @@ -18918,10 +18915,9 @@ static void test_wolfSSL_ASN1_UTCTIME_print(void) /* Invalid format */ AssertNotNull(bio = BIO_new(BIO_s_mem())); - ptr2 = utc->data; - *ptr2 = (byte)ASN_UTC_TIME; ptr2++; - *ptr2 = (byte)ASN_UTC_TIME_SIZE; ptr2++; - XMEMCPY(ptr2, (byte*)invalidDate, ASN_UTC_TIME_SIZE); + utc->type = ASN_UTC_TIME; + utc->length = ASN_UTC_TIME_SIZE; + XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE); AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); @@ -21291,6 +21287,10 @@ static void test_wolfSSL_BIO(void) AssertIntEQ((int)BIO_ctrl_pending(bio1), 8); AssertIntEQ((int)BIO_ctrl_pending(bio2), 20); + /* try read using ctrl function */ + AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8); + AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20); + AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20); for (i = 0; i < 20; i++) { AssertIntEQ((int)bufPt[i], i); @@ -21531,7 +21531,7 @@ static void test_wolfSSL_ASN1_TIME_adj(void) WOLFSSL_ASN1_TIME *asn_time, *s; int offset_day; long offset_sec; - char date_str[20]; + char date_str[CTC_DATE_SIZE]; time_t t; printf(testingFmt, "wolfSSL_ASN1_TIME_adj()"); @@ -21545,18 +21545,18 @@ static void test_wolfSSL_ASN1_TIME_adj(void) offset_sec = 45 * mini; /* offset_sec = -45 * min;*/ asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); - AssertTrue(asn_time->data[0] == asn_utc_time); - XSTRNCPY(date_str,(const char*) &asn_time->data+2,13); + AssertTrue(asn_time->type == asn_utc_time); + XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13)); /* negative offset */ offset_sec = -45 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); - AssertTrue(asn_time->data[0] == asn_utc_time); - XSTRNCPY(date_str,(const char*) &asn_time->data+2,13); + AssertTrue(asn_time->type == asn_utc_time); + XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13)); - XFREE(s,NULL,DYNAMIC_TYPE_OPENSSL); + XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); XMEMSET(date_str, 0, sizeof(date_str)); /* Generalized time will overflow time_t if not long */ @@ -21569,11 +21569,11 @@ static void test_wolfSSL_ASN1_TIME_adj(void) offset_day = 12; offset_sec = 10 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); - AssertTrue(asn_time->data[0] == asn_gen_time); - XSTRNCPY(date_str,(const char*) &asn_time->data+2, 15); + AssertTrue(asn_time->type == asn_gen_time); + XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15)); - XFREE(s,NULL,DYNAMIC_TYPE_OPENSSL); + XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); XMEMSET(date_str, 0, sizeof(date_str)); #endif /* !TIME_T_NOT_64BIT && !NO_64BIT */ @@ -21584,16 +21584,16 @@ static void test_wolfSSL_ASN1_TIME_adj(void) offset_day = 7; offset_sec = 45 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); - AssertTrue(asn_time->data[0] == asn_utc_time); - XSTRNCPY(date_str,(const char*) &asn_time->data+2,13); + AssertTrue(asn_time->type == asn_utc_time); + XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); - XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL); + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec); - AssertTrue(asn_time->data[0] == asn_utc_time); - XSTRNCPY(date_str,(const char*) &asn_time->data+2,13); + AssertTrue(asn_time->type == asn_utc_time); + XSTRNCPY(date_str, (const char*)&asn_time->data, sizeof(date_str)); AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); - XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL); + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); printf(resultFmt, passed); #endif @@ -21604,21 +21604,45 @@ static void test_wolfSSL_X509_cmp_time(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_ASN1_TIME) \ && !defined(USER_TIME) && !defined(TIME_OVERRIDES) - - printf(testingFmt, "wolfSSL_X509_cmp_time()"); - WOLFSSL_ASN1_TIME asn_time; time_t t; + printf(testingFmt, "wolfSSL_X509_cmp_time()"); + AssertIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t)); XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME)); AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t)); - asn_time.data[0] = ASN_UTC_TIME; - asn_time.data[1] = ASN_UTC_TIME_SIZE; - XMEMCPY(&asn_time.data[2], "000222211515Z", 13); + asn_time.type = ASN_UTC_TIME; + asn_time.length = ASN_UTC_TIME_SIZE; + XMEMCPY(&asn_time.data, "000222211515Z", 13); AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL)); + printf(resultFmt, passed); +#endif +} + +static void test_wolfSSL_X509_time_adj(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN1_TIME) && \ + !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + X509* x509; + time_t t, not_before, not_after; + + printf(testingFmt, "wolfSSL_X509_time_adj()"); + + AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + client_cert_der_2048, sizeof_client_cert_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + t = 0; + not_before = XTIME(0); + not_after = XTIME(0) + (60 * 24 * 30); /* 30 days after */ + AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t)); + AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t)); + + X509_free(x509); printf(resultFmt, passed); #endif @@ -21695,8 +21719,10 @@ static void test_wolfSSL_X509(void) static void test_wolfSSL_X509_get_ext_count(void) { #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) + int ret = 0; WOLFSSL_X509* x509; const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem"; + FILE* f; printf(testingFmt, "wolfSSL_X509_get_ext_count()"); @@ -21713,14 +21739,29 @@ static void test_wolfSSL_X509_get_ext_count(void) AssertIntEQ(X509_get_ext_count(x509), 5); wolfSSL_X509_free(x509); + AssertNotNull(f = fopen("./certs/server-cert.pem", "rb")); + AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + fclose(f); + + printf(testingFmt, "wolfSSL_X509_get_ext_count() valid input"); + AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 3); + printf(resultFmt, ret == 3 ? passed : failed); + + printf(testingFmt, "wolfSSL_X509_get_ext_count() NULL argument"); + AssertIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE); + printf(resultFmt, ret == WOLFSSL_FAILURE ? passed : failed); + + wolfSSL_X509_free(x509); + printf(resultFmt, passed); #endif } static void test_wolfSSL_X509_sign(void) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ - !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + int ret; X509_NAME *name; X509 *x509; EVP_PKEY *pub; @@ -21737,32 +21778,40 @@ static void test_wolfSSL_X509_sign(void) long clientPubKeySz = (long)sizeof_client_keypub_der_2048; #endif - printf(testingFmt, "wolfSSL_X509_sign"); + printf(testingFmt, "wolfSSL_X509_sign\n"); /* Set X509_NAME fields */ AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "country", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), WOLFSSL_SUCCESS); + (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), WOLFSSL_SUCCESS); + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 0), WOLFSSL_SUCCESS); + (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS); /* Get private and public keys */ AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, clientKeySz)); AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz)); AssertNotNull(x509 = X509_new()); - + /* Set version 3 */ + AssertIntNE(X509_set_version(x509, 2L), 0); /* Set subject name, add pubkey, and sign certificate */ - AssertIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - AssertIntEQ(X509_set_pubkey(x509, pub), WOLFSSL_SUCCESS); + AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS); + AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS); /* Test invalid parameters */ AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0); AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0); AssertIntEQ(X509_sign(x509, priv, NULL), 0); - /* Valid case - size should be 798 */ - AssertIntEQ(X509_sign(x509, priv, EVP_sha256()), 798); + + ret = X509_sign(x509, priv, EVP_sha256()); + + /* Valid case - size should be 768 */ +#ifdef USE_CERT_BUFFERS_1024 + AssertIntEQ(ret, 768); +#else + AssertIntEQ(ret, 798); +#endif X509_NAME_free(name); EVP_PKEY_free(priv); @@ -22582,6 +22631,8 @@ static void test_wolfSSL_X509_NAME_ENTRY(void) #endif AssertNotNull(nm = X509_get_subject_name(x509)); + + /* Test add entry */ AssertNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, 0x0c, cn, (int)sizeof(cn))); AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); @@ -22591,8 +22642,13 @@ static void test_wolfSSL_X509_NAME_ENTRY(void) 1), WOLFSSL_SUCCESS); X509_NAME_ENTRY_free(entry); + + /* Test add entry by NID */ + AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, + cn, -1, -1, 0), WOLFSSL_SUCCESS); + BIO_free(bio); - X509_free(x509); + X509_free(x509); /* free's nm */ printf(resultFmt, passed); #endif @@ -22729,7 +22785,7 @@ static void test_wolfSSL_X509_set_notBefore(void) /* ANS1_TIME_check validates by checking if arguement can be parsed */ AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); /* Convert to human readable format and compare to intended date */ - AssertIntEQ(ASN1_TIME_print(bio,time_check), 1); + AssertIntEQ(ASN1_TIME_print(bio, time_check), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0); /* @@ -24021,8 +24077,7 @@ static void test_wolfSSL_SHA256(void) static void test_wolfSSL_X509_get_serialNumber(void) { -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_RSA) +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) ASN1_INTEGER* a; BIGNUM* bn; X509* x509; @@ -24033,11 +24088,12 @@ static void test_wolfSSL_X509_get_serialNumber(void) AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)); AssertNotNull(a = X509_get_serialNumber(x509)); - X509_free(x509); /* check on value of ASN1 Integer */ AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL)); + X509_free(x509); /* free's a */ + AssertNotNull(serialHex = BN_bn2hex(bn)); AssertStrEQ(serialHex, "1"); OPENSSL_free(serialHex); @@ -24045,7 +24101,6 @@ static void test_wolfSSL_X509_get_serialNumber(void) AssertIntEQ(BN_get_word(bn), 1); BN_free(bn); - ASN1_INTEGER_free(a); /* hard test free'ing with dynamic buffer to make sure there is no leaks */ a = ASN1_INTEGER_new(); @@ -24167,49 +24222,49 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); AssertNotNull(out = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER)); - t->data[0] = ASN_UTC_TIME; - t->data[1] = ASN_UTC_TIME_SIZE; - XMEMCPY(t->data + 2,"050727123456Z",ASN_UTC_TIME_SIZE); + t->type = ASN_UTC_TIME; + t->length = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); tlen = wolfSSL_ASN1_TIME_get_length(t); AssertIntEQ(tlen, ASN_UTC_TIME_SIZE); data = wolfSSL_ASN1_TIME_get_data(t); AssertStrEQ((char*)data, "050727123456Z"); gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); - AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); - AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); - AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); + AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + AssertStrEQ((char*)gtime->data, "20050727123456Z"); /* Generalized Time test */ XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE); XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE); gtime = NULL; - t->data[0] = ASN_GENERALIZED_TIME; - t->data[1] = ASN_GENERALIZED_TIME_SIZE; - XMEMCPY(t->data + 2,"20050727123456Z",ASN_GENERALIZED_TIME_SIZE); + t->type = ASN_GENERALIZED_TIME; + t->length = ASN_GENERALIZED_TIME_SIZE; + XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE); tlen = wolfSSL_ASN1_TIME_get_length(t); AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE); data = wolfSSL_ASN1_TIME_get_data(t); AssertStrEQ((char*)data, "20050727123456Z"); gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); - AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); - AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); - AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); + AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + AssertStrEQ((char*)gtime->data, "20050727123456Z"); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* Null parameter test */ XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); gtime = NULL; out = NULL; - t->data[0] = ASN_UTC_TIME; - t->data[1] = ASN_UTC_TIME_SIZE; - XMEMCPY(t->data + 2,"050727123456Z",ASN_UTC_TIME_SIZE); + t->type = ASN_UTC_TIME; + t->length = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL)); - AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); - AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); - AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); + AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); + AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + AssertStrEQ((char*)gtime->data, "20050727123456Z"); XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -25144,9 +25199,8 @@ static void test_wolfSSL_OCSP_get0_info() AssertIntEQ(x509Int->dataMax, serial->dataMax); AssertIntEQ(XMEMCMP(x509Int->data, serial->data, serial->dataMax), 0); - ASN1_INTEGER_free(x509Int); OCSP_CERTID_free(id); - X509_free(cert); + X509_free(cert); /* free's x509Int */ X509_free(issuer); printf(resultFmt, "passed"); @@ -25622,7 +25676,8 @@ static void test_wc_ecc_get_curve_id_from_params(void) } static void test_wolfSSL_EVP_PKEY_encrypt(void) { -#if defined(OPENSSL_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_FAST_RSA) WOLFSSL_RSA* rsa = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_EVP_PKEY_CTX* ctx = NULL; @@ -25697,7 +25752,8 @@ static void test_wolfSSL_EVP_PKEY_encrypt(void) } static void test_wolfSSL_EVP_PKEY_sign(void) { -#if defined(OPENSSL_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_FAST_RSA) WOLFSSL_RSA* rsa = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_EVP_PKEY_CTX* ctx = NULL; @@ -25744,7 +25800,7 @@ static void test_wolfSSL_EVP_PKEY_sign(void) AssertIntEQ(RSA_public_decrypt((int)siglen, sig, sigVerify, rsa, RSA_PKCS1_PSS_PADDING), SHA256_DIGEST_LENGTH); #else - AssertIntEQ(RSA_public_decrypt(siglen, sig, sigVerify, + AssertIntEQ(RSA_public_decrypt((int)siglen, sig, sigVerify, rsa, RSA_PKCS1_PADDING), SHA256_DIGEST_LENGTH); #endif @@ -25770,7 +25826,7 @@ static void test_wolfSSL_EVP_PKEY_sign(void) static void test_EVP_PKEY_rsa(void) { -#if defined(OPENSSL_ALL) && !defined(NO_RSA) +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) WOLFSSL_RSA* rsa; WOLFSSL_EVP_PKEY* pkey; @@ -25787,7 +25843,7 @@ static void test_EVP_PKEY_rsa(void) static void test_EVP_PKEY_ec(void) { -#if defined(OPENSSL_ALL) && defined(HAVE_ECC) +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) WOLFSSL_EC_KEY* ecKey; WOLFSSL_EVP_PKEY* pkey; @@ -25802,6 +25858,75 @@ static void test_EVP_PKEY_ec(void) #endif } +static void test_EVP_PKEY_cmp(void) +{ +#if defined(OPENSSL_EXTRA) + EVP_PKEY *a, *b; + const unsigned char *in; + +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) + in = client_key_der_2048; + AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + &in, (long)sizeof_client_key_der_2048)); + in = client_key_der_2048; + AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + &in, (long)sizeof_client_key_der_2048)); + + /* Test success case RSA */ + AssertIntEQ(EVP_PKEY_cmp(a, b), 0); + + EVP_PKEY_free(b); + EVP_PKEY_free(a); +#endif + +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + in = ecc_clikey_der_256; + AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, + &in, (long)sizeof_ecc_clikey_der_256)); + in = ecc_clikey_der_256; + AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, + &in, (long)sizeof_ecc_clikey_der_256)); + + /* Test success case ECC */ + AssertIntEQ(EVP_PKEY_cmp(a, b), 0); + + EVP_PKEY_free(b); + EVP_PKEY_free(a); +#endif + + /* Test failure cases */ +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + + in = client_key_der_2048; + AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + &in, (long)sizeof_client_key_der_2048)); + in = ecc_clikey_der_256; + AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, + &in, (long)sizeof_ecc_clikey_der_256)); + + AssertIntNE(EVP_PKEY_cmp(a, b), 0); + + EVP_PKEY_free(b); + EVP_PKEY_free(a); +#endif + + /* invalid or empty failure cases */ + a = EVP_PKEY_new(); + b = EVP_PKEY_new(); + AssertIntNE(EVP_PKEY_cmp(NULL, NULL), 0); + AssertIntNE(EVP_PKEY_cmp(a, NULL), 0); + AssertIntNE(EVP_PKEY_cmp(NULL, b), 0); + AssertIntNE(EVP_PKEY_cmp(a, b), 0); + EVP_PKEY_free(b); + EVP_PKEY_free(a); + + (void)in; + + printf(resultFmt, passed); +#endif +} + static void test_ERR_load_crypto_strings(void) { #if defined(OPENSSL_ALL) @@ -27448,17 +27573,26 @@ static void test_wolfSSL_X509_print() BIO *bio; printf(testingFmt, "wolfSSL_X509_print"); - x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); + x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); - AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - AssertIntEQ(X509_print(bio, x509),SSL_SUCCESS); - + /* print to memory */ + AssertNotNull(bio = BIO_new(BIO_s_mem())); + AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); + AssertIntEQ(BIO_get_mem_data(bio, NULL), 3212); BIO_free(bio); + + /* print to stdout */ + AssertNotNull(bio = BIO_new(BIO_s_file())); + wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE); + AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); + BIO_free(bio); + X509_free(x509); printf(resultFmt, passed); #endif } + static void test_wolfSSL_RSA_print() { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ @@ -27597,6 +27731,121 @@ static void test_wolfSSL_RSA_verify() #endif } + +#if defined(OPENSSL_EXTRA) && (defined(HAVE_ECC) || !defined(NO_RSA)) && \ + !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) +static void test_openssl_make_self_signed_certificate(EVP_PKEY* pkey) +{ + X509* x509 = NULL; + BIGNUM* serial_number = NULL; + X509_NAME* name = NULL; + time_t epoch_off = 0; + ASN1_INTEGER* asn1_serial_number; + long not_before, not_after; + + AssertNotNull(x509 = X509_new()); + + AssertIntNE(X509_set_pubkey(x509, pkey), 0); + + AssertNotNull(serial_number = BN_new()); + AssertIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0); + AssertNotNull(asn1_serial_number = X509_get_serialNumber(x509)); + AssertNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number)); + + /* version 3 */ + AssertIntNE(X509_set_version(x509, 2L), 0); + + AssertNotNull(name = X509_NAME_new()); + + AssertIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8, + (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0); + + AssertIntNE(X509_set_subject_name(x509, name), 0); + AssertIntNE(X509_set_issuer_name(x509, name), 0); + + not_before = (long)XTIME(NULL); + not_after = not_before + (365 * 24 * 60 * 60); + AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &epoch_off)); + AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &epoch_off)); + + AssertIntNE(X509_sign(x509, pkey, EVP_sha256()), 0); + + BN_free(serial_number); + X509_NAME_free(name); + X509_free(x509); +} +#endif + +static void test_openssl_generate_key_and_cert(void) +{ +#if defined(OPENSSL_EXTRA) +#if !defined(NO_RSA) + { + EVP_PKEY* pkey = EVP_PKEY_new(); + int key_length = 2048; + BIGNUM* exponent = BN_new(); + RSA* rsa = RSA_new(); + + AssertNotNull(pkey); + AssertNotNull(exponent); + AssertNotNull(rsa); + + AssertIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0); + #ifndef WOLFSSL_KEY_GEN + AssertIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), WOLFSSL_FAILURE); + + #if defined(USE_CERT_BUFFERS_1024) + AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024, + sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0); + key_length = 1024; + #elif defined(USE_CERT_BUFFERS_2048) + AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0); + #else + RSA_free(rsa); + rsa = NULL; + #endif + #else + AssertIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0); + #endif + + if (rsa) { + AssertIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0); + + BN_free(exponent); + + #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + test_openssl_make_self_signed_certificate(pkey); + #endif + } + + EVP_PKEY_free(pkey); + } +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC + { + EVP_PKEY* pkey = EVP_PKEY_new(); + EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + + AssertNotNull(pkey); + AssertNotNull(ec_key); + + EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE); + + AssertIntNE(EC_KEY_generate_key(ec_key), 0); + AssertIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0); + + #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + test_openssl_make_self_signed_certificate(pkey); + #endif + + EVP_PKEY_free(pkey); + } +#endif /* HAVE_ECC */ +#endif /* OPENSSL_EXTRA */ +} + static void test_stubs_are_stubs() { #if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB) @@ -27830,6 +28079,7 @@ void ApiTest(void) test_wolfSSL_set_tlsext_status_type(); test_wolfSSL_ASN1_TIME_adj(); test_wolfSSL_X509_cmp_time(); + test_wolfSSL_X509_time_adj(); test_wolfSSL_CTX_set_client_CA_list(); test_wolfSSL_CTX_add_client_CA(); test_wolfSSL_CTX_set_srp_username(); @@ -27913,6 +28163,7 @@ void ApiTest(void) test_wolfSSL_X509_cmp(); test_wolfSSL_RSA_print(); test_wolfSSL_ASN1_STRING_print(); + test_openssl_generate_key_and_cert(); /* test the no op functions for compatibility */ test_no_op_functions(); @@ -27922,6 +28173,7 @@ void ApiTest(void) test_wolfSSL_EVP_PKEY_encrypt(); test_wolfSSL_EVP_PKEY_sign(); test_EVP_PKEY_ec(); + test_EVP_PKEY_cmp(); /* OpenSSL error API tests */ test_ERR_load_crypto_strings(); /* OpenSSL sk_X509 API test */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index f8185f0a1..169f9e064 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -627,12 +627,17 @@ static int SetASNInt(int len, byte firstByte, byte* output) { word32 idx = 0; - output[idx++] = ASN_INTEGER; + if (output) + output[idx] = ASN_INTEGER; + idx++; if (firstByte & 0x80) len++; - idx += SetLength(len, output + idx); - if (firstByte & 0x80) - output[idx++] = 0x00; + idx += SetLength(len, output ? output + idx : NULL); + if (firstByte & 0x80) { + if (output) + output[idx] = 0x00; + idx++; + } return idx; } @@ -664,16 +669,19 @@ static int SetASNIntMP(mp_int* n, int maxSz, byte* output) if (maxSz >= 0 && (idx + length) > maxSz) return BUFFER_E; - err = mp_to_unsigned_bin(n, output + idx); - if (err != MP_OKAY) - return MP_TO_E; + if (output) { + err = mp_to_unsigned_bin(n, output + idx); + if (err != MP_OKAY) + return MP_TO_E; + } idx += length; return idx; } #endif -#if !defined(NO_RSA) && defined(HAVE_USER_RSA) && defined(WOLFSSL_CERT_GEN) +#if !defined(NO_RSA) && defined(HAVE_USER_RSA) && \ + (defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA)) /* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int from * an RSA key. * The number is assumed to be positive. @@ -697,9 +705,11 @@ static int SetASNIntRSA(void* n, byte* output) if ((idx + length) > MAX_RSA_INT_SZ) return BUFFER_E; - err = wc_Rsa_to_unsigned_bin(n, output + idx, length); - if (err != MP_OKAY) - return MP_TO_E; + if (output) { + err = wc_Rsa_to_unsigned_bin(n, output + idx, length); + if (err != MP_OKAY) + return MP_TO_E; + } idx += length; return idx; @@ -957,9 +967,14 @@ static word32 SetBitString(word32 len, byte unusedBits, byte* output) { word32 idx = 0; - output[idx++] = ASN_BIT_STRING; - idx += SetLength(len + 1, output + idx); - output[idx++] = unusedBits; + if (output) + output[idx] = ASN_BIT_STRING; + idx++; + + idx += SetLength(len + 1, output ? output + idx : NULL); + if (output) + output[idx] = unusedBits; + idx++; return idx; } @@ -6053,13 +6068,19 @@ WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output) { word32 i = 0, j; - if (length < ASN_LONG_LENGTH) - output[i++] = (byte)length; + if (length < ASN_LONG_LENGTH) { + if (output) + output[i] = (byte)length; + i++; + } else { - output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH); + if (output) + output[i] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH); + i++; for (j = BytePrecision(length); j; --j) { - output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE)); + if (output) + output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE)); i++; } } @@ -6070,8 +6091,9 @@ WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output) WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output) { - output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; - return SetLength(len, output + 1) + 1; + if (output) + output[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; + return SetLength(len, output ? output + 1 : NULL) + 1; } WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output) @@ -6185,11 +6207,13 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) idSz = SetObjectId(algoSz, ID_Length); seqSz = SetSequence(idSz + algoSz + tagSz + curveSz, seqArray); - XMEMCPY(output, seqArray, seqSz); - XMEMCPY(output + seqSz, ID_Length, idSz); - XMEMCPY(output + seqSz + idSz, algoName, algoSz); - if (tagSz == 2) - SetASNNull(&output[seqSz + idSz + algoSz]); + if (output) { + XMEMCPY(output, seqArray, seqSz); + XMEMCPY(output + seqSz, ID_Length, idSz); + XMEMCPY(output + seqSz + idSz, algoName, algoSz); + if (tagSz == 2) + SetASNNull(&output[seqSz + idSz + algoSz]); + } return seqSz + idSz + algoSz + tagSz; @@ -10124,74 +10148,52 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, return idx; } -int RsaPublicKeyDerSize(RsaKey* key, int with_header) +#endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN && + !HAVE_USER_RSA))) */ + +#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA)) +int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header) { - byte* dummy = NULL; - byte seq[MAX_SEQ_SZ]; - byte bitString[1 + MAX_LENGTH_SZ + 1]; - int nSz; - int eSz; - int seqSz; - int bitStringSz; - int idx; + int idx = 0; + int nSz, eSz, seqSz, bitStringSz, algoSz; if (key == NULL) return BAD_FUNC_ARG; /* n */ - dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (dummy == NULL) - return MEMORY_E; - #ifdef HAVE_USER_RSA - nSz = SetASNIntRSA(key->n, dummy); + nSz = SetASNIntRSA(key->n, NULL); #else - nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, dummy); + nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, NULL); #endif - XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (nSz < 0) { return nSz; } /* e */ - dummy = (byte*)XMALLOC(MAX_RSA_E_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (dummy == NULL) { - XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_E; - } - #ifdef HAVE_USER_RSA - eSz = SetASNIntRSA(key->e, dummy); + eSz = SetASNIntRSA(key->e, NULL); #else - eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, dummy); + eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, NULL); #endif - XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (eSz < 0) { return eSz; } - seqSz = SetSequence(nSz + eSz, seq); + seqSz = SetSequence(nSz + eSz, NULL); /* headers */ if (with_header) { - int algoSz; - dummy = (byte*)XMALLOC(MAX_RSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (dummy == NULL) - return MEMORY_E; + algoSz = SetAlgoID(RSAk, NULL, oidKeyType, 0); + bitStringSz = SetBitString(seqSz + nSz + eSz, 0, NULL); - algoSz = SetAlgoID(RSAk, dummy, oidKeyType, 0); - bitStringSz = SetBitString(seqSz + nSz + eSz, 0, bitString); - - idx = SetSequence(nSz + eSz + seqSz + bitStringSz + algoSz, dummy); - XFREE(dummy, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + idx += SetSequence(nSz + eSz + seqSz + bitStringSz + algoSz, NULL); /* algo */ idx += algoSz; /* bit string */ idx += bitStringSz; } - else - idx = 0; /* seq */ idx += seqSz; @@ -10202,8 +10204,8 @@ int RsaPublicKeyDerSize(RsaKey* key, int with_header) return idx; } -#endif /* !NO_RSA && (WOLFSSL_CERT_GEN || (WOLFSSL_KEY_GEN && - !HAVE_USER_RSA))) */ + +#endif /* !NO_RSA && WOLFSSL_CERT_GEN */ #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) @@ -10587,20 +10589,24 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int with_header) idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz, output); /* algo */ - XMEMCPY(output + idx, algo, algoSz); + if (output) + XMEMCPY(output + idx, algo, algoSz); idx += algoSz; - /* curve */ - XMEMCPY(output + idx, curve, curveSz); + /* curve */ + if (output) + XMEMCPY(output + idx, curve, curveSz); idx += curveSz; /* bit string */ - XMEMCPY(output + idx, bitString, bitStringSz); + if (output) + XMEMCPY(output + idx, bitString, bitStringSz); idx += bitStringSz; } else idx = 0; /* pub */ - XMEMCPY(output + idx, pub, pubSz); + if (output) + XMEMCPY(output + idx, pub, pubSz); idx += pubSz; #ifdef WOLFSSL_SMALL_STACK @@ -10626,7 +10632,7 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen, word32 keySz = 0; int ret; - if (output == NULL || key == NULL) { + if (key == NULL) { return BAD_FUNC_ARG; } @@ -10645,12 +10651,23 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen, return ret; } - if (inLen < keySz + infoSz) { + /* if output null then just return size */ + if (output == NULL) { + return keySz + infoSz; + } + + if (output == NULL || inLen < keySz + infoSz) { return BUFFER_E; } return SetEccPublicKey(output, key, with_AlgCurve); } + +int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve) +{ + return wc_EccPublicKeyToDer(key, NULL, 0, with_AlgCurve); +} + #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */ #if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \ @@ -10807,9 +10824,11 @@ static int CopyValidity(byte* output, Cert* cert) /* headers and output */ seqSz = SetSequence(cert->beforeDateSz + cert->afterDateSz, output); - XMEMCPY(output + seqSz, cert->beforeDate, cert->beforeDateSz); - XMEMCPY(output + seqSz + cert->beforeDateSz, cert->afterDate, - cert->afterDateSz); + if (output) { + XMEMCPY(output + seqSz, cert->beforeDate, cert->beforeDateSz); + XMEMCPY(output + seqSz + cert->beforeDateSz, cert->afterDate, + cert->afterDateSz); + } return seqSz + cert->beforeDateSz + cert->afterDateSz; } @@ -12253,17 +12272,20 @@ static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz, int idx = bodySz, seqSz; /* algo */ - idx += SetAlgoID(sigAlgoType, buffer + idx, oidSigType, 0); + idx += SetAlgoID(sigAlgoType, buffer ? buffer + idx : NULL, oidSigType, 0); /* bit string */ - idx += SetBitString(sigSz, 0, buffer + idx); + idx += SetBitString(sigSz, 0, buffer ? buffer + idx : NULL); /* signature */ - XMEMCPY(buffer + idx, sig, sigSz); + if (buffer) + XMEMCPY(buffer + idx, sig, sigSz); idx += sigSz; /* make room for overall header */ seqSz = SetSequence(idx, seq); - XMEMMOVE(buffer + seqSz, buffer, idx); - XMEMCPY(buffer, seq, seqSz); + if (buffer) { + XMEMMOVE(buffer + seqSz, buffer, idx); + XMEMCPY(buffer, seq, seqSz); + } return idx + seqSz; } @@ -12282,6 +12304,10 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, DerCert der[1]; #endif + if (derBuffer == NULL) { + return BAD_FUNC_ARG; + } + cert->keyType = eccKey ? ECC_KEY : (rsaKey ? RSA_KEY : (ed25519Key ? ED25519_KEY : NTRU_KEY)); @@ -12611,20 +12637,25 @@ static int WriteCertReqBody(DerCert* der, byte* buffer) /* signed part header */ idx = SetSequence(der->total, buffer); /* version */ - XMEMCPY(buffer + idx, der->version, der->versionSz); + if (buffer) + XMEMCPY(buffer + idx, der->version, der->versionSz); idx += der->versionSz; /* subject */ - XMEMCPY(buffer + idx, der->subject, der->subjectSz); + if (buffer) + XMEMCPY(buffer + idx, der->subject, der->subjectSz); idx += der->subjectSz; /* public key */ - XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz); + if (buffer) + XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz); idx += der->publicKeySz; /* attributes */ - XMEMCPY(buffer + idx, der->attrib, der->attribSz); + if (buffer) + XMEMCPY(buffer + idx, der->attrib, der->attribSz); idx += der->attribSz; /* extensions */ if (der->extensionsSz) { - XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz, + if (buffer) + XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz, (int)sizeof(der->extensions))); idx += der->extensionsSz; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 38758e554..9f8a695ef 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6145,7 +6145,8 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) /* return length needed only */ if (key != NULL && out == NULL && outLen != NULL) { - numlen = key->dp->size; + /* if key hasn't been setup assume max bytes for size estimation */ + numlen = key->dp ? key->dp->size : MAX_ECC_BYTES; *outLen = 1 + 2*numlen; return LENGTH_ONLY_E; } @@ -6156,7 +6157,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) if (key->type == ECC_PRIVATEKEY_ONLY) return ECC_PRIVATEONLY_E; - if (wc_ecc_is_valid_idx(key->idx) == 0) { + if (wc_ecc_is_valid_idx(key->idx) == 0 || key->dp == NULL) { return ECC_BAD_ARG_E; } numlen = key->dp->size; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index f996c3bf0..83da1e570 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1242,10 +1242,10 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) WOLFSSL_ENTER("EVP_PKEY_size"); switch (pkey->type) { -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) +#ifndef NO_RSA case EVP_PKEY_RSA: return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa)); -#endif /* NO_RSA */ +#endif /* !NO_RSA */ #ifdef HAVE_ECC case EVP_PKEY_EC: @@ -1262,6 +1262,70 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) return 0; } +#ifndef NO_WOLFSSL_STUB +WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey) +{ + (void)pkey; + /* not using missing params callback and returning zero to indicate success */ + return 0; +} +#endif + +WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) +{ + int ret = -1; /* failure */ + int a_sz = 0, b_sz = 0; + + if (a == NULL || b == NULL) + return ret; + + /* check its the same type of key */ + if (a->type != b->type) + return ret; + + /* get size based on key type */ + switch (a->type) { +#ifndef NO_RSA + case EVP_PKEY_RSA: + a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa)); + b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa)); + break; +#endif /* !NO_RSA */ +#ifdef HAVE_ECC + case EVP_PKEY_EC: + if (a->ecc == NULL || a->ecc->internal == NULL || + b->ecc == NULL || b->ecc->internal == NULL) { + return ret; + } + a_sz = wc_ecc_size((ecc_key*)(a->ecc->internal)); + b_sz = wc_ecc_size((ecc_key*)(b->ecc->internal)); + break; +#endif /* HAVE_ECC */ + default: + break; + } /* switch (a->type) */ + + /* check size */ + if (a_sz <= 0 || b_sz <= 0 || a_sz != b_sz) { + return ret; + } + + /* check public key size */ + if (a->pkey_sz > 0 && b->pkey_sz > 0 && a->pkey_sz != b->pkey_sz) { + return ret; + } + + /* check public key */ + if (a->pkey.ptr && b->pkey.ptr) { + if (XMEMCMP(a->pkey.ptr, b->pkey.ptr, a->pkey_sz) != 0) { + return ret; + } + } + ret = 0; /* success */ + + return ret; +} + /* Initialize structure for signing * @@ -1732,14 +1796,14 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, return WOLFSSL_SUCCESS; } } -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) +#ifndef NO_RSA else if (ctx->pctx->pkey->type == EVP_PKEY_RSA) { if (sig == NULL) { *siglen = wolfSSL_RSA_size(ctx->pctx->pkey->rsa); return WOLFSSL_SUCCESS; } } -#endif +#endif /* !NO_RSA */ #ifdef HAVE_ECC else if (ctx->pctx->pkey->type == EVP_PKEY_EC) { if (sig == NULL) { diff --git a/wolfcrypt/user-crypto/include/user_rsa.h b/wolfcrypt/user-crypto/include/user_rsa.h index 3db835cd3..b097a1226 100644 --- a/wolfcrypt/user-crypto/include/user_rsa.h +++ b/wolfcrypt/user-crypto/include/user_rsa.h @@ -106,9 +106,9 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32); WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, word32 eSz, RsaKey* key); +WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); +WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); #ifdef WOLFSSL_KEY_GEN - WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); - WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); #endif WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, @@ -116,7 +116,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) /* abstracted BN operations with RSA key */ WOLFSSL_API int wc_Rsa_leading_bit(void* BN); WOLFSSL_API int wc_Rsa_unsigned_bin_size(void* BN); diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index 0f6d54859..7c869cab4 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -99,7 +99,7 @@ int wc_InitRsaKey(RsaKey* key, void* heap) /* three functions needed for cert and key gen */ -#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) /* return 1 if there is a leading bit*/ int wc_Rsa_leading_bit(void* bn) { @@ -171,7 +171,7 @@ int wc_Rsa_to_unsigned_bin(void* bn, byte* in, int inLen) } return MP_OKAY; } -#endif /* WOLFSSL_CERT_GEN or WOLFSSL_KEY_GEN */ +#endif /* WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN || OPENSSL_EXTRA */ #ifdef OPENSSL_EXTRA /* functions needed for openssl compatibility layer */ @@ -2305,6 +2305,10 @@ makeKeyEnd: return ret; } +#endif + +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) + /********** duplicate code needed -- future refactor */ #define MAX_VERSION_SZ 5 #define MAX_SEQ_SZ 5 @@ -2765,7 +2769,7 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) } -#endif /* WOLFSSL_KEY_GEN */ +#endif /* WOLFSSL_KEY_GEN || OPENSSL_EXTRA */ #ifdef WC_RSA_BLINDING diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 56509903e..8adf241fa 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1612,60 +1612,6 @@ WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void); #endif - -/* custom method with user set callbacks */ -#define MAX_BIO_METHOD_NAME 256 -typedef struct WOLFSSL_BIO_METHOD_CUSTOM { - char name[MAX_BIO_METHOD_NAME]; - - wolfSSL_BIO_meth_puts_cb putsCb; - wolfSSL_BIO_meth_gets_cb getsCb; - - wolfSSL_BIO_meth_read_cb readCb; - wolfSSL_BIO_meth_write_cb writeCb; - - wolfSSL_BIO_meth_destroy_cb freeCb; - wolfSSL_BIO_meth_create_cb createCb; - - wolfSSL_BIO_meth_get_ctrl_cb ctrlCb; -} WOLFSSL_BIO_METHOD_CUSTOM; - -/* wolfSSL BIO_METHOD type */ -struct WOLFSSL_BIO_METHOD { - byte type; /* method type */ - WOLFSSL_BIO_METHOD_CUSTOM* custom; -}; - - -/* wolfSSL BIO type */ -struct WOLFSSL_BIO { - WOLFSSL_BUF_MEM* mem_buf; - WOLFSSL_BIO_METHOD* method; - WOLFSSL* ssl; /* possible associated ssl */ -#ifndef NO_FILESYSTEM - XFILE file; -#endif - WOLFSSL_BIO* prev; /* previous in chain */ - WOLFSSL_BIO* next; /* next in chain */ - WOLFSSL_BIO* pair; /* BIO paired with */ - void* heap; /* user heap hint */ - byte* mem; /* memory buffer */ - void* usrCtx; /* user set pointer */ - char* infoArg; /* BIO callback argument */ - wolf_bio_info_cb infoCb; /* BIO callback */ - int wrSz; /* write buffer size (mem) */ - int wrIdx; /* current index for write buffer */ - int rdIdx; /* current read index */ - int readRq; /* read request */ - int memLen; /* memory buffer length */ - int fd; /* possible file descriptor */ - int eof; /* eof flag */ - int flags; - byte type; /* method type */ - byte close; /* close flag */ -}; - - /* wolfSSL method type */ struct WOLFSSL_METHOD { ProtocolVersion version; @@ -3565,14 +3511,12 @@ struct WOLFSSL_X509 { byte certPolicyCrit; #endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - WOLFSSL_ASN1_TIME* notAfterTime; - WOLFSSL_ASN1_TIME* notBeforeTime; WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ - WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ #endif /* WOLFSSL_QT || OPENSSL_ALL */ - int notBeforeSz; - int notAfterSz; +#ifdef OPENSSL_EXTRA + WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ +#endif WOLFSSL_ASN1_TIME notBefore; WOLFSSL_ASN1_TIME notAfter; buffer sig; diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 1e7ae266b..fb83ae4f7 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -32,6 +32,7 @@ #define ASN1_STRING_set wolfSSL_ASN1_STRING_set #define ASN1_STRING_free wolfSSL_ASN1_STRING_free +#define V_ASN1_INTEGER 0x02 #define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ #define V_ASN1_NEG 0x100 #define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) @@ -68,6 +69,13 @@ #define V_ASN1_UTCTIME 23 #define V_ASN1_GENERALIZEDTIME 24 +#define ASN1_STRING_FLAG_BITS_LEFT 0x008 +#define ASN1_STRING_FLAG_NDEF 0x010 +#define ASN1_STRING_FLAG_CONT 0x020 +#define ASN1_STRING_FLAG_MSTRING 0x040 +#define ASN1_STRING_FLAG_EMBED 0x080 + + WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER( const WOLFSSL_BIGNUM*, WOLFSSL_ASN1_INTEGER*); #define BN_to_ASN1_INTEGER wolfSSL_BN_to_ASN1_INTEGER diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index 20fbec424..e1b41a99f 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -75,7 +75,9 @@ /* helper to set specific retry/read flags */ #define BIO_set_retry_read(bio)\ wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ) - +#define BIO_set_retry_write(bio)\ + wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE) + #define BIO_clear_retry_flags wolfSSL_BIO_clear_retry_flags #define BIO_meth_new wolfSSL_BIO_meth_new diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 178f86bdf..9ca0b1e2e 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -82,6 +82,7 @@ WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*); @@ -145,6 +146,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_is_zero wolfSSL_BN_is_zero #define BN_is_one wolfSSL_BN_is_one #define BN_is_odd wolfSSL_BN_is_odd +#define BN_is_negative wolfSSL_BN_is_negative #define BN_cmp wolfSSL_BN_cmp diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index a8320e764..faa68ffe7 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -190,9 +190,31 @@ enum { NID_md2 = 77, NID_md5 = 4, NID_hmac = 855, + NID_dhKeyAgreement= 28, + EVP_PKEY_DH = NID_dhKeyAgreement, EVP_PKEY_HMAC = NID_hmac }; +enum { + NID_md5WithRSA = 104, + NID_md5WithRSAEncryption = 8, + NID_dsaWithSHA1 = 113, + NID_dsaWithSHA1_2 = 70, + NID_sha1WithRSA = 115, + NID_sha1WithRSAEncryption = 65, + NID_sha224WithRSAEncryption = 671, + NID_sha256WithRSAEncryption = 668, + NID_sha384WithRSAEncryption = 669, + NID_sha512WithRSAEncryption = 670, + NID_ecdsa_with_SHA1 = 416, + NID_ecdsa_with_SHA224 = 793, + NID_ecdsa_with_SHA256 = 794, + NID_ecdsa_with_SHA384 = 795, + NID_ecdsa_with_SHA512 = 796, + NID_dsa_with_SHA224 = 802, + NID_dsa_with_SHA256 = 803, +}; + enum { NID_aes_128_cbc = 419, NID_aes_192_cbc = 423, @@ -421,6 +443,8 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void); WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b); WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); WOLFSSL_API int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey); @@ -632,6 +656,8 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_PKEY_free wolfSSL_EVP_PKEY_free #define EVP_PKEY_up_ref wolfSSL_EVP_PKEY_up_ref #define EVP_PKEY_size wolfSSL_EVP_PKEY_size +#define EVP_PKEY_missing_parameters wolfSSL_EVP_PKEY_missing_parameters +#define EVP_PKEY_cmp wolfSSL_EVP_PKEY_cmp #define EVP_PKEY_type wolfSSL_EVP_PKEY_type #define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id #define EVP_PKEY_id wolfSSL_EVP_PKEY_id diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 3434853ed..c8f57b47a 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -50,6 +50,15 @@ WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA**, pem_password_cb* cb, void* arg); + +WOLFSSL_API +int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa); + +WOLFSSL_API +WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_RSA** rsa, + pem_password_cb* cb, void *u); + WOLFSSL_API WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, WOLFSSL_EC_GROUP** group, @@ -133,6 +142,8 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, pem_password_cb* cb, void* arg); +WOLFSSL_API +int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key); WOLFSSL_API @@ -184,6 +195,8 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); /* RSA */ #define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey #define PEM_read_bio_RSAPrivateKey wolfSSL_PEM_read_bio_RSAPrivateKey +#define PEM_write_bio_RSA_PUBKEY wolfSSL_PEM_write_bio_RSA_PUBKEY +#define PEM_read_bio_RSA_PUBKEY wolfSSL_PEM_read_bio_RSA_PUBKEY #define PEM_read_bio_ECPKParameters wolfSSL_PEM_read_bio_ECPKParameters #define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey #define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY @@ -201,6 +214,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey #define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY #define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY +#define PEM_write_bio_PUBKEY wolfSSL_PEM_write_bio_PUBKEY #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 39e898fe7..7f7e33530 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -215,7 +215,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_use_RSAPrivateKey_file wolfSSL_use_RSAPrivateKey_file #endif -#define SSL_CTX_new wolfSSL_CTX_new +#define SSL_CTX_new(method) wolfSSL_CTX_new((WOLFSSL_METHOD*)(method)) #define SSL_new wolfSSL_new #define SSL_set_fd wolfSSL_set_fd #define SSL_get_fd wolfSSL_get_fd @@ -271,6 +271,10 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_CIPHER_description wolfSSL_CIPHER_description #define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name #define SSL_CIPHER_get_version wolfSSL_CIPHER_get_version +#define SSL_CIPHER_get_id wolfSSL_CIPHER_get_id +#define SSL_CIPHER_get_rfc_name wolfSSL_CIPHER_get_rfc_name +#define SSL_get_cipher_by_value wolfSSL_get_cipher_by_value + #define SSL_get1_session wolfSSL_get1_session #define SSL_get_keyblock_size wolfSSL_get_keyblock_size @@ -348,6 +352,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define X509_set_version wolfSSL_X509_set_version #define X509_sign wolfSSL_X509_sign #define X509_print wolfSSL_X509_print +#define X509_print_ex wolfSSL_X509_print_ex #define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string #define X509_verify_cert wolfSSL_X509_verify_cert #define X509_check_private_key wolfSSL_X509_check_private_key @@ -399,12 +404,15 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define X509_NAME_ENTRY_create_by_NID wolfSSL_X509_NAME_ENTRY_create_by_NID #define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry #define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt +#define X509_NAME_add_entry_by_NID wolfSSL_X509_NAME_add_entry_by_NID #define X509_NAME_oneline wolfSSL_X509_NAME_oneline #define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID #define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex #define X509_NAME_digest wolfSSL_X509_NAME_digest #define X509_cmp_current_time wolfSSL_X509_cmp_current_time #define X509_cmp_time wolfSSL_X509_cmp_time +#define X509_time_adj wolfSSL_X509_time_adj +#define X509_time_adj_ex wolfSSL_X509_time_adj_ex #define sk_ACCESS_DESCRIPTION_num wolfSSL_sk_ACCESS_DESCRIPTION_num #define sk_ACCESS_DESCRIPTION_value wolfSSL_sk_ACCESS_DESCRIPTION_value @@ -763,10 +771,17 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; /* yassl had set the default to be 500 */ #define SSL_get_default_timeout(ctx) 500 +#define DTLSv1_get_timeout(ssl, timeleft) wolfSSL_DTLSv1_get_timeout((ssl), (Timeval*)(timeleft)) +#define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout +#define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration + +#ifndef NO_WOLFSSL_STUB +#define SSL_CTX_set_current_time_cb(ssl, cb) ({ (void)ssl; (void)cb; }) +#endif + #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey #define BIO_read_filename wolfSSL_BIO_read_filename -#define BIO_s_file wolfSSL_BIO_s_file #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth #define SSL_set_verify_depth wolfSSL_set_verify_depth #define SSL_get_app_data wolfSSL_get_app_data @@ -805,7 +820,6 @@ enum { #include #define SSL_CTRL_CHAIN 88 -#define BIO_CTRL_WPENDING 13 #define GEN_IPADD 7 #define ERR_LIB_SSL 20 #define SSL_R_SHORT_READ 10 @@ -905,6 +919,8 @@ enum { #define BIO_CTRL_RESET 1 #define BIO_CTRL_INFO 3 #define BIO_CTRL_FLUSH 11 +#define BIO_CTRL_WPENDING 13 + #define BIO_CLOSE 0x01 #define BIO_FP_WRITE 0x04 @@ -936,9 +952,6 @@ enum { #define SSL_CTX_ctrl wolfSSL_CTX_ctrl #define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \ - || defined(OPENSSL_ALL) -#include #define SSL2_VERSION 0x0002 #define SSL3_VERSION 0x0300 @@ -948,8 +961,17 @@ enum { #define TLS1_3_VERSION 0x0304 #define DTLS1_VERSION 0xFEFF #define DTLS1_2_VERSION 0xFEFD + +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \ + || defined(OPENSSL_ALL) +#include + #define SSL23_ST_SR_CLNT_HELLO_A (0x210|0x2000) #define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000) + +#define SSL3_AD_BAD_CERTIFICATE bad_certificate +#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE + #define ASN1_STRFLGS_ESC_MSB 4 #define SSL_MAX_MASTER_KEY_LENGTH WOLFSSL_MAX_MASTER_KEY_LENGTH @@ -1118,6 +1140,16 @@ enum { #define SSL_do_handshake wolfSSL_SSL_do_handshake #endif /* OPENSSL_EXTRA */ +/* cipher suites for compatibility */ +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) +#define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) +#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h index bc38bf217..d9479851c 100644 --- a/wolfssl/openssl/x509.h +++ b/wolfssl/openssl/x509.h @@ -4,3 +4,19 @@ /* for compatibility, this is expected to be included */ #include + +/* wolfSSL_X509_print_ex flags */ +#define X509_FLAG_COMPAT (0UL) +#define X509_FLAG_NO_HEADER (1UL << 0) +#define X509_FLAG_NO_VERSION (1UL << 1) +#define X509_FLAG_NO_SERIAL (1UL << 2) +#define X509_FLAG_NO_SIGNAME (1UL << 3) +#define X509_FLAG_NO_ISSUER (1UL << 4) +#define X509_FLAG_NO_VALIDITY (1UL << 5) +#define X509_FLAG_NO_SUBJECT (1UL << 6) +#define X509_FLAG_NO_PUBKEY (1UL << 7) +#define X509_FLAG_NO_EXTENSIONS (1UL << 8) +#define X509_FLAG_NO_SIGDUMP (1UL << 9) +#define X509_FLAG_NO_AUX (1UL << 10) +#define X509_FLAG_NO_ATTRIBUTES (1UL << 11) +#define X509_FLAG_NO_IDS (1UL << 12) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index dd4333af2..b9c09c562 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -39,6 +39,9 @@ #include #endif +/* used internally by wolfSSL while OpenSSL types aren't */ +#include + #ifndef NO_FILESYSTEM #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) #if MQX_USE_IO_OLD @@ -206,13 +209,10 @@ struct WOLFSSL_BASIC_CONSTRAINTS { #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME #define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME -struct WOLFSSL_ASN1_TIME { - /* MAX_DATA_SIZE is 32 */ - unsigned char data[32 + 2]; - /* ASN_TIME | LENGTH | date bytes */ - /* for compat */ - word32 length; +struct WOLFSSL_ASN1_TIME { + unsigned char data[CTC_DATE_SIZE]; /* date bytes */ + int length; int type; }; @@ -421,6 +421,69 @@ typedef struct WOLFSSL_BUF_MEM { size_t max; /* maximum length */ } WOLFSSL_BUF_MEM; +/* custom method with user set callbacks */ +typedef int (*wolfSSL_BIO_meth_write_cb)(WOLFSSL_BIO*, const char*, int); +typedef int (*wolfSSL_BIO_meth_read_cb)(WOLFSSL_BIO *, char *, int); +typedef int (*wolfSSL_BIO_meth_puts_cb)(WOLFSSL_BIO*, const char*); +typedef int (*wolfSSL_BIO_meth_gets_cb)(WOLFSSL_BIO*, char*, int); +typedef long (*wolfSSL_BIO_meth_get_ctrl_cb)(WOLFSSL_BIO*, int, long, void*); +typedef int (*wolfSSL_BIO_meth_create_cb)(WOLFSSL_BIO*); +typedef int (*wolfSSL_BIO_meth_destroy_cb)(WOLFSSL_BIO*); + +#define MAX_BIO_METHOD_NAME 256 +typedef struct WOLFSSL_BIO_METHOD_CUSTOM { + char name[MAX_BIO_METHOD_NAME]; + + wolfSSL_BIO_meth_puts_cb putsCb; + wolfSSL_BIO_meth_gets_cb getsCb; + + wolfSSL_BIO_meth_read_cb readCb; + wolfSSL_BIO_meth_write_cb writeCb; + + wolfSSL_BIO_meth_destroy_cb freeCb; + wolfSSL_BIO_meth_create_cb createCb; + + wolfSSL_BIO_meth_get_ctrl_cb ctrlCb; +} WOLFSSL_BIO_METHOD_CUSTOM; + +/* wolfSSL BIO_METHOD type */ +struct WOLFSSL_BIO_METHOD { + byte type; /* method type */ + WOLFSSL_BIO_METHOD_CUSTOM* custom; +}; + +/* wolfSSL BIO type */ +typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg, + int iarg, long larg, long return_value); + +struct WOLFSSL_BIO { + WOLFSSL_BUF_MEM* mem_buf; + WOLFSSL_BIO_METHOD* method; + WOLFSSL* ssl; /* possible associated ssl */ +#ifndef NO_FILESYSTEM + XFILE file; /* file descriptor */ +#endif + WOLFSSL_BIO* prev; /* previous in chain */ + WOLFSSL_BIO* next; /* next in chain */ + WOLFSSL_BIO* pair; /* BIO paired with */ + void* heap; /* user heap hint */ + byte* ptr; /* memory buffer */ + void* usrCtx; /* user set pointer */ + char* infoArg; /* BIO callback argument */ + wolf_bio_info_cb infoCb; /* BIO callback */ + int wrSz; /* write buffer size (mem) */ + int wrIdx; /* current index for write buffer */ + int rdIdx; /* current read index */ + int readRq; /* read request */ + int num; /* length */ + int eof; /* eof flag */ + int flags; + byte type; /* method type */ + byte init:1; /* bio has been initialized */ + byte shutdown:1; /* close flag */ +}; + + typedef struct WOLFSSL_COMP_METHOD { int type; /* stunnel dereference */ } WOLFSSL_COMP_METHOD; @@ -897,6 +960,11 @@ WOLFSSL_API int wolfSSL_dtls_get_using_nonblock(WOLFSSL*); #define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock /* The old names are deprecated. */ WOLFSSL_API int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl, Timeval* timeleft); +WOLFSSL_API void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl, + word32 duration_ms); +WOLFSSL_API int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl); + WOLFSSL_API int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); WOLFSSL_API int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); WOLFSSL_API int wolfSSL_dtls_got_timeout(WOLFSSL* ssl); @@ -1031,6 +1099,9 @@ WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int); WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API char* wolfSSL_CIPHER_get_rfc_name(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value); WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session); WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*); WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); @@ -1064,11 +1135,8 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*); WOLFSSL_API int wolfSSL_BIO_flush(WOLFSSL_BIO*); WOLFSSL_API int wolfSSL_BIO_pending(WOLFSSL_BIO*); - -typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg, - int iarg, long larg, long return_value); -WOLFSSL_API void wolfSSL_BIO_set_callback(WOLFSSL_BIO *bio, - wolf_bio_info_cb callback_func); +WOLFSSL_API void wolfSSL_BIO_set_callback(WOLFSSL_BIO *bio, + wolf_bio_info_cb callback_func); WOLFSSL_API wolf_bio_info_cb wolfSSL_BIO_get_callback(WOLFSSL_BIO *bio); WOLFSSL_API void wolfSSL_BIO_set_callback_arg(WOLFSSL_BIO *bio, char *arg); WOLFSSL_API char* wolfSSL_BIO_get_callback_arg(const WOLFSSL_BIO *bio); @@ -1095,25 +1163,19 @@ WOLFSSL_API int wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO*); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_meth_new(int, const char*); WOLFSSL_API void wolfSSL_BIO_meth_free(WOLFSSL_BIO_METHOD*); -typedef int (*wolfSSL_BIO_meth_write_cb)(WOLFSSL_BIO*, const char*, int); WOLFSSL_API int wolfSSL_BIO_meth_set_write(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_write_cb); -typedef int (*wolfSSL_BIO_meth_read_cb)(WOLFSSL_BIO *, char *, int); WOLFSSL_API int wolfSSL_BIO_meth_set_read(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_read_cb); -typedef int (*wolfSSL_BIO_meth_puts_cb)(WOLFSSL_BIO*, const char*); WOLFSSL_API int wolfSSL_BIO_meth_set_puts(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_puts_cb); -typedef int (*wolfSSL_BIO_meth_gets_cb)(WOLFSSL_BIO*, char*, int); WOLFSSL_API int wolfSSL_BIO_meth_set_gets(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_gets_cb); -typedef long (*wolfSSL_BIO_meth_get_ctrl_cb)(WOLFSSL_BIO*, int, long, void*); WOLFSSL_API int wolfSSL_BIO_meth_set_ctrl(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_get_ctrl_cb); -typedef int (*wolfSSL_BIO_meth_create_cb)(WOLFSSL_BIO*); WOLFSSL_API int wolfSSL_BIO_meth_set_create(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_create_cb); -typedef int (*wolfSSL_BIO_meth_destroy_cb)(WOLFSSL_BIO*); WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_destroy_cb); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); - WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); -WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); +#ifndef NO_FILESYSTEM +WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, XFILE fd, int flag); +#endif WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); #ifndef NO_FILESYSTEM @@ -1177,6 +1239,8 @@ WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n, #ifndef NO_RSA WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset); #endif +WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, + unsigned long nmflags, unsigned long cflag); WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*); @@ -1285,6 +1349,10 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); WOLFSSL_API int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t *cmpTime); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTime, + int offset_day, long offset_sec, time_t *in_tm); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj(WOLFSSL_ASN1_TIME *asnTime, + long offset_sec, time_t *in_tm); WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*); #ifdef OPENSSL_EXTRA WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*, @@ -1600,6 +1668,7 @@ enum { X509_R_CERT_ALREADY_IN_HASH_TABLE, XN_FLAG_SPC_EQ = (1 << 23), + XN_FLAG_SEP_CPLUS_SPC = (2 << 16), XN_FLAG_ONELINE = 0, XN_FLAG_RFC2253 = 1, @@ -1903,6 +1972,8 @@ WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int); WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int); +WOLFSSL_API void wolfSSL_CTX_set_current_time_cb(WOLFSSL_CTX* ctx, + void (*cb)(const WOLFSSL* ssl, Timeval* out_clock)); /* get wolfSSL peer X509_CHAIN */ WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl); @@ -1930,8 +2001,6 @@ WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int WOLFSSL_API char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*); WOLFSSL_API const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509*, int*); -WOLFSSL_API const unsigned char* wolfSSL_X509_notBefore(WOLFSSL_X509*); -WOLFSSL_API const unsigned char* wolfSSL_X509_notAfter(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); @@ -2933,9 +3002,6 @@ int wolfSSL_DeriveTlsKeys(unsigned char* key_data, word32 keyLen, #ifdef WOLFSSL_CALLBACKS -/* used internally by wolfSSL while OpenSSL types aren't */ -#include - typedef int (*HandShakeCallBack)(HandShakeInfo*); typedef int (*TimeoutCallBack)(TimeoutInfo*); @@ -3021,12 +3087,15 @@ WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx); #ifndef NO_CERTS WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( WOLFSSL_X509_NAME_ENTRY** out, int nid, int type, - unsigned char* data, int dataSz); + const unsigned char* data, int dataSz); WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set); WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); +WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid, + int type, const unsigned char *bytes, + int len, int loc, int set); WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); @@ -3094,6 +3163,7 @@ WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio); WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); + WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen); WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**); @@ -3187,7 +3257,8 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp,WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ -#ifdef OPENSSL_ALL +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_REQ) WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void); WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req); @@ -3413,7 +3484,6 @@ WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx); WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, void *data); - WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data, const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 78427e957..bff6e694e 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1105,7 +1105,6 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx); WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); -WOLFSSL_LOCAL int RsaPublicKeyDerSize(RsaKey* key, int with_header); #ifdef HAVE_ECC /* ASN sig helpers */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 9f2e62f0c..45597cb3e 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -106,7 +106,8 @@ enum CertType { PKCS12_TYPE, PKCS8_PRIVATEKEY_TYPE, PKCS8_ENC_PRIVATEKEY_TYPE, - DETECT_CERT_TYPE + DETECT_CERT_TYPE, + DH_PRIVATEKEY_TYPE, }; @@ -204,9 +205,9 @@ typedef struct WOLFSSL_ASN1_INTEGER { unsigned char* data; unsigned int dataMax; /* max size of data buffer */ unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + int length; -#endif + int type; } WOLFSSL_ASN1_INTEGER; @@ -367,7 +368,7 @@ WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int); WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); #ifndef NO_ASN_TIME -WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before, +WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before, struct tm* after); #endif @@ -425,7 +426,7 @@ WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz, #endif /* WOLFSSL_CERT_GEN */ -WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz, +WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz, const byte** date, byte* format, int* length); #ifndef NO_ASN_TIME WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length, @@ -434,7 +435,7 @@ WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length, #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) - WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header, + WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header, const char** footer); #endif @@ -476,9 +477,12 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); word32 outputSz, byte *cipherIno, int type); #endif -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) +#ifndef NO_RSA + #if !defined(HAVE_USER_RSA) WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz); + #endif + WOLFSSL_API int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header); #endif #ifdef HAVE_ECC @@ -496,6 +500,7 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); ecc_key*, word32); WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output, word32 inLen, int with_AlgCurve); + WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key*, int with_AlgCurve); #endif #ifdef HAVE_ED25519 diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h old mode 100755 new mode 100644