mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/wolfssl/wolfssl into doxygen-update

Browse Source
This commit is contained in:
abrahamsonn 2018-09-11 13:33:47 -06:00
commit 93e3db3ae2
34 changed files with 1144 additions and 214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/ca-cert-chain.der Normal file
View File

Binary file not shown.

56
certs/test/expired-ca.pem
View File

@ -1,56 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8a:37:22:65:73:f5:aa:e8
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jun 30 18:47:10 2010 GMT
Not After : Mar 26 18:47:10 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
aa:56:23:03:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
X509v3 Authority Key Identifier:
keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
serial:8A:37:22:65:73:F5:AA:E8
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
f4:b0:34:6d:d1:d5:a4:64:24:f8
-----BEGIN CERTIFICATE-----
MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
u07s6lX6pOMAYfSwNG3R1aRkJPg=
-----END CERTIFICATE-----

39
certs/test/expired-cert.pem
View File

@ -1,39 +0,0 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jun 30 18:52:17 2010 GMT
Not After : Mar 26 18:52:17 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
7e:16:77:e2:a7
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
9b:0b:e0:74:58:11:c5:01:7b:4d
-----BEGIN CERTIFICATE-----
MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
4HRYEcUBe00=
-----END CERTIFICATE-----

9
certs/test/expired-key.pem
View File

@ -1,9 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
-----END RSA PRIVATE KEY-----

BIN
certs/test/expired/expired-ca.der Normal file
View File

Binary file not shown.

69
certs/test/expired/expired-ca.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=www.wolfssl.com, ST=Montana, C=US/emailAddress=info@wolfssl.com, OU=Engineering
Validity
Not Before: Jul 31 00:00:00 2018 GMT
Not After : Aug 30 00:00:00 2018 GMT
Subject: CN=www.wolfssl.com, ST=Montana, C=US/emailAddress=info@wolfssl.com, OU=Engineering
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
52:af:84:10:08:83:9a:39:c2:05:5c:33:fc:a6:a0:7c:ce:68:
34:fa:cc:05:9f:8a:33:79:64:07:da:6c:17:85:91:ab:1d:be:
32:45:c6:7f:54:b6:10:cf:ea:17:74:d4:d9:06:6e:71:5d:0d:
40:72:21:07:79:20:63:b3:15:d5:b7:e6:1a:d6:d0:11:1a:60:
7f:81:e9:9b:69:b4:67:4e:e2:22:1a:2f:9d:6a:3c:da:95:34:
a9:bf:2b:14:fa:fe:21:73:e7:c9:19:7d:2c:14:9f:9f:33:c1:
83:35:9c:94:95:0e:e4:3e:29:17:95:a2:85:e3:ad:70:5f:6a:
ff:2d:8a:92:fb:58:f6:fe:46:2b:d0:e4:9d:9b:0d:d9:e4:39:
0a:c5:e2:3d:17:de:95:cc:a4:1c:33:a1:75:02:ec:98:66:47:
b9:ce:e4:8f:7e:32:cd:38:ff:6f:3d:be:7a:44:bf:47:61:7a:
b7:5a:09:fa:1e:bf:3d:63:68:b3:15:00:87:fd:8d:b8:f6:b8:
83:13:ff:f8:56:ed:14:05:4f:49:07:f9:33:6b:3f:fd:c6:7d:
ff:6b:04:d5:46:80:c1:6b:74:fd:e6:18:14:1d:3b:c6:12:67:
0e:1e:8d:81:c4:a9:9c:59:ee:29:cd:cf:55:a6:bc:53:13:f4:
51:bc:b7:b3
-----BEGIN CERTIFICATE-----
MIIDVTCCAj0CAhAAMA0GCSqGSIb3DQEBCwUAMHAxGDAWBgNVBAMMD3d3dy53b2xm
c3NsLmNvbTEQMA4GA1UECAwHTW9udGFuYTELMAkGA1UEBhMCVVMxHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFDASBgNVBAsMC0VuZ2luZWVyaW5nMB4Y
DTIwMTgwNzMxMDAwMFoYDTIwMTgwODMwMDAwMFowcDEYMBYGA1UEAwwPd3d3Lndv
bGZzc2wuY29tMRAwDgYDVQQIDAdNb250YW5hMQswCQYDVQQGEwJVUzEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEUMBIGA1UECwwLRW5naW5lZXJpbmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJN
dRDxtjWf38p9A5jTrN4DZu4q8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7
aVIQAy+o85XF8YtiVhvvZ2+kEEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRys
x+3yfJWwlYJ9SVw4zXcl772AdVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pA
b9gh3HMbQi1TnP4a/H2rejY/mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm
0rdvsVoX1ziZCP6TWG/+wxNJCBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5
AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFKvhBAIg5o5wgVcM/ymoHzOaDT6zAWf
ijN5ZAfabBeFkasdvjJFxn9UthDP6hd01NkGbnFdDUByIQd5IGOzFdW35hrW0BEa
YH+B6ZtptGdO4iIaL51qPNqVNKm/KxT6/iFz58kZfSwUn58zwYM1nJSVDuQ+KReV
ooXjrXBfav8tipL7WPb+RivQ5J2bDdnkOQrF4j0X3pXMpBwzoXUC7JhmR7nO5I9+
Ms04/289vnpEv0dherdaCfoevz1jaLMVAIf9jbj2uIMT//hW7RQFT0kH+TNrP/3G
ff9rBNVGgMFrdP3mGBQdO8YSZw4ejYHEqZxZ7inNz1WmvFMT9FG8t7M=
-----END CERTIFICATE-----

BIN
certs/test/expired/expired-cert.der Normal file
View File

Binary file not shown.

69
certs/test/expired/expired-cert.pem Normal file
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=www.wolfssl.com, ST=Montana, C=US/emailAddress=info@wolfssl.com, OU=Engineering
Validity
Not Before: Jul 31 00:00:00 2018 GMT
Not After : Aug 30 00:00:00 2018 GMT
Subject: CN=www.wolfssl.com, ST=Montana, C=US/emailAddress=info@wolfssl.com, OU=Engineering
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
3d:b8:e9:dc:03:4f:0c:79:ed:5d:b5:e8:45:99:b4:9e:fe:9b:
d9:88:aa:6c:de:1e:34:59:8a:4b:1c:39:0c:7a:a0:7d:24:c1:
8d:54:d2:65:92:d4:5b:35:cb:de:fc:37:fe:b1:67:20:64:04:
0a:8f:09:71:cf:d3:16:2e:dc:23:c8:7c:2e:72:35:54:ec:d3:
63:5a:9d:63:93:42:b6:72:67:8f:80:83:6a:e3:d3:ad:28:87:
46:4c:6e:56:d2:02:af:58:2e:a9:0e:e0:07:a6:f1:58:dd:17:
82:27:f1:49:3b:8c:77:6f:08:96:d9:04:c8:ec:34:22:a5:b1:
e9:48:07:41:3c:aa:1e:e4:d9:75:1b:71:bd:4f:ec:5e:fd:2b:
44:2e:81:cd:8c:b1:08:e6:de:9b:e2:61:c9:ee:43:f7:af:99:
29:fa:50:69:2a:98:47:b9:58:46:57:1e:2d:29:77:51:89:64:
ee:f2:ba:14:fb:f7:ba:dc:68:d6:34:bc:28:eb:17:f4:37:6a:
91:a9:cf:d5:46:e8:6e:8f:2f:e7:f2:e0:b1:ca:8a:0f:a4:55:
8b:b9:c2:89:d0:29:82:b7:11:47:af:8b:96:92:e5:a3:da:11:
0f:76:db:15:61:a5:5a:ab:60:83:06:de:7e:bf:b6:c8:10:ab:
38:1a:d3:c2
-----BEGIN CERTIFICATE-----
MIIDVTCCAj0CAhAAMA0GCSqGSIb3DQEBCwUAMHAxGDAWBgNVBAMMD3d3dy53b2xm
c3NsLmNvbTEQMA4GA1UECAwHTW9udGFuYTELMAkGA1UEBhMCVVMxHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFDASBgNVBAsMC0VuZ2luZWVyaW5nMB4Y
DTIwMTgwNzMxMDAwMFoYDTIwMTgwODMwMDAwMFowcDEYMBYGA1UEAwwPd3d3Lndv
bGZzc2wuY29tMRAwDgYDVQQIDAdNb250YW5hMQswCQYDVQQGEwJVUzEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEUMBIGA1UECwwLRW5naW5lZXJpbmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFl
xkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zK
XXu64CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2
fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZR
DL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Wh
d7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63X
AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD246dwDTwx57V216EWZtJ7+m9mIqmze
HjRZikscOQx6oH0kwY1U0mWS1Fs1y978N/6xZyBkBAqPCXHP0xYu3CPIfC5yNVTs
02NanWOTQrZyZ4+Ag2rj060oh0ZMblbSAq9YLqkO4Aem8VjdF4In8Uk7jHdvCJbZ
BMjsNCKlselIB0E8qh7k2XUbcb1P7F79K0Qugc2MsQjm3pviYcnuQ/evmSn6UGkq
mEe5WEZXHi0pd1GJZO7yuhT797rcaNY0vCjrF/Q3apGpz9VG6G6PL+fy4LHKig+k
VYu5wonQKYK3EUevi5aS5aPaEQ922xVhpVqrYIMG3n6/tsgQqzga08I=
-----END CERTIFICATE-----

69
certs/test/gen-testcerts.sh
View File

@ -1,12 +1,38 @@
#!/bin/sh
# Args: 1=FileName, 2=CN, 3=AltName
# Args: 1=FileName, 2=CN, 3=AltName, 4=CA
function build_test_cert_conf {
echo "[ req ]" > $1.conf
echo "# Generated openssl conf" > $1.conf
echo "" >> $1.conf
echo "[ ca ]" >> $1.conf
echo "default_ca = CA_default" >> $1.conf
echo "[ CA_default ]" >> $1.conf
echo "certificate = ../ca-cert.pem" >> $1.conf
echo "database = ./index.txt" >> $1.conf
echo "new_certs_dir = ./certs" >> $1.conf
echo "private_key = ./private/cakey.pem" >> $1.conf
echo "serial = ./serial" >> $1.conf
echo "default_md = sha256" >> $1.conf
echo "default_days = 1000" >> $1.conf
echo "policy = default_ca_policy" >> $1.conf
echo "" >> $1.conf
echo "[ default_ca_policy ]" >> $1.conf
echo "commonName = supplied" >> $1.conf
echo "stateOrProvinceName = supplied" >> $1.conf
echo "countryName = supplied" >> $1.conf
echo "emailAddress = supplied" >> $1.conf
echo "organizationName = optional" >> $1.conf
echo "organizationalUnitName = optional" >> $1.conf
echo "" >> $1.conf
echo "[ req ]" >> $1.conf
echo "prompt = no" >> $1.conf
echo "default_bits = 2048" >> $1.conf
echo "distinguished_name = req_distinguished_name" >> $1.conf
echo "req_extensions = req_ext" >> $1.conf
if [ -n "$4" ]; then
echo "basicConstraints=CA:true,pathlen:0" >> $1.conf
echo "" >> $1.conf
fi
echo "" >> $1.conf
echo "[ req_distinguished_name ]" >> $1.conf
echo "C = US" >> $1.conf
@ -70,6 +96,40 @@ function generate_test_cert {
openssl x509 -inform pem -in $1.pem -outform der -out $1.der
}
function generate_expired_certs {
rm $1.der
rm $1.pem
mkdir -p certs
touch ./index.txt
echo 1000 > ./serial
echo "step 1 create configuration"
build_test_cert_conf $1 www.wolfssl.com 0 $3
echo "step 2 create csr"
openssl req -new -sha256 -out $1.csr -key $2 -config $1.conf
echo "step 3 check csr"
openssl req -text -noout -in $1.csr
echo "step 4 create cert"
openssl ca -selfsign -config $1.conf -keyfile $2 -in $1.csr -out $1.pem \
-startdate 201807310000Z -enddate 201808300000Z -batch
rm $1.conf
rm $1.csr
echo "step 5 add cert text information to pem"
openssl x509 -inform pem -in $1.pem -text > tmp.pem
mv tmp.pem $1.pem
echo "step 7 make binary der version"
openssl x509 -inform pem -in $1.pem -outform der -out $1.der
rm -rf certs
rm ./index.txt*
rm ./serial*
}
# Generate Good CN=localhost, Alt=None
generate_test_cert server-goodcn localhost "" 1
@ -101,3 +161,8 @@ generate_test_cert server-localhost localhost localhost
# Generate Bad Alt Name CN=localhost, Alt=garbage
generate_test_cert server-garbage localhost garbage
# Generate Expired Certificates
generate_expired_certs expired/expired-ca ../ca-key.pem 1
generate_expired_certs expired/expired-cert ../server-key.pem

31
certs/test/include.am
View File

@ -21,8 +21,8 @@ EXTRA_DIST += \
EXTRA_DIST += \
certs/test/gen-testcerts.sh \
certs/test/server-garbage.der \
certs/test/server-garbage.pem \
certs/test/server-garbage.der \
certs/test/server-garbage.pem \
certs/test/server-goodcn.pem \
certs/test/server-goodcn.der \
certs/test/server-goodalt.pem \
@ -39,21 +39,24 @@ EXTRA_DIST += \
certs/test/server-badaltnull.der \
certs/test/server-badaltname.der \
certs/test/server-badaltname.pem \
certs/test/server-localhost.der \
certs/test/server-localhost.pem \
certs/test/server-localhost.der \
certs/test/server-localhost.pem \
certs/crl/server-goodaltCrl.pem \
certs/crl/server-goodcnCrl.pem \
certs/crl/server-goodaltwildCrl.pem \
certs/crl/server-goodcnwildCrl.pem
EXTRA_DIST += \
certs/test/crit-cert.pem \
certs/test/crit-key.pem \
certs/test/dh1024.der \
certs/test/dh1024.pem \
certs/test/dh512.der \
certs/test/dh512.pem \
certs/test/digsigku.pem \
certs/test/expired-ca.pem \
certs/test/expired-cert.pem \
certs/test/expired-key.pem
certs/test/crit-cert.pem \
certs/test/crit-key.pem \
certs/test/dh1024.der \
certs/test/dh1024.pem \
certs/test/dh512.der \
certs/test/dh512.pem \
certs/test/digsigku.pem
EXTRA_DIST += \
certs/test/expired/expired-ca.pem \
certs/test/expired/expired-ca.der \
certs/test/expired/expired-cert.pem \
certs/test/expired/expired-cert.der

66
doc/dox_comments/header_files/asn_public.h
View File

@ -557,6 +557,72 @@ WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
*/
WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
/*!
\ingroup ASN
\brief This function sets the raw issuer for a certificate from the
issuer in the provided der buffer. This method is used to set the raw
issuer field prior to signing.
\return 0 Returned on successfully setting the issuer for the certificate
\return MEMORY_E Returned if there is an error allocating memory
with XMALLOC
\return ASN_PARSE_E Returned if there is an error parsing the cert
header file
\return ASN_OBJECT_ID_E Returned if there is an error parsing the
encryption type from the cert
\return ASN_EXPECT_0_E Returned if there is a formatting error in the
encryption specification of the cert file
\return ASN_BEFORE_DATE_E Returned if the date is before the certificate
start date
\return ASN_AFTER_DATE_E Returned if the date is after the certificate
expiration date
\return ASN_BITSTR_E Returned if there is an error parsing a bit string
from the certificate
\return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
from the certificate
\return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
from the certificate
\return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
key object id
\return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
defined and the certificate is a V1 or V2 certificate
\return BAD_FUNC_ARG Returned if there is an error processing the
certificate extension
\return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
encountered in processing the certificate
\return ASN_SIG_OID_E Returned if the signature encryption type is not
the same as the encryption type of the certificate in the provided file
\return ASN_SIG_CONFIRM_E Returned if confirming the certification
signature fails
\return ASN_NAME_INVALID_E Returned if the certificates name is not
permitted by the CA name constraints
\return ASN_NO_SIGNER_E Returned if there is no CA signer to verify the
certificates authenticity
\param cert pointer to the cert for which to set the raw issuer
\param der pointer to the buffer containing the der formatted certificate
from which to grab the subject
\param derSz size of the buffer containing the der formatted certificate
from which to grab the subject
_Example_
\code
Cert myCert;
// initialize myCert
byte* der;
der = (byte*)malloc(FOURK_BUF);
// initialize der
if(wc_SetIssuerRaw(&myCert, der, FOURK_BUF) != 0) {
// error setting subject
}
\endcode
\sa wc_InitCert
\sa wc_SetIssuer
*/
WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz);
/*!
\ingroup ASN

128
doc/dox_comments/header_files/ssl.h
View File

@ -896,8 +896,8 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
defined when building the library, wolfSSL will load all CA certificates
located in the given directory. This function will attempt to load all
files in the directory and locate any files with the PEM header
-----BEGIN CERTIFICATE-----. Please see the examples for proper usage.
files in the directory. This function expects PEM formatted CERT_TYPE
file with header -----BEGIN CERTIFICATE-----.
\return SSL_SUCCESS up success.
\return SSL_FAILURE will be returned if ctx is NULL, or if both file and
@ -923,13 +923,14 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
int ret = 0;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_load_verify_locations(ctx, ./ca-cert.pem, 0);
if (ret != SSL_SUCCESS) {
ret = wolfSSL_CTX_load_verify_locations(ctx, ./ca-cert.pem, NULL);
if (ret != WOLFSSL_SUCCESS) {
// error loading CA certs
}
...
\endcode
\sa wolfSSL_CTX_load_verify_locations_ex
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_file
\sa wolfSSL_CTX_use_PrivateKey_file
@ -942,6 +943,71 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*,
const char*);
/*!
\ingroup CertsKeys
\brief This function loads PEM-formatted CA certificate files into the SSL
context (WOLFSSL_CTX). These certificates will be treated as trusted root
certificates and used to verify certs received from peers during the SSL
handshake. The root certificate file, provided by the file argument, may
be a single certificate or a file containing multiple certificates.
If multiple CA certs are included in the same file, wolfSSL will load them
in the same order they are presented in the file. The path argument is
a pointer to the name of a directory that contains certificates of
trusted root CAs. If the value of file is not NULL, path may be specified
as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
defined when building the library, wolfSSL will load all CA certificates
located in the given directory. This function will attempt to load all
files in the directory based on flags specified. This function expects PEM
formatted CERT_TYPE files with header -----BEGIN CERTIFICATE-----.
\return SSL_SUCCESS up success.
\return SSL_FAILURE will be returned if ctx is NULL, or if both file and
path are NULL.
\return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
\return SSL_BAD_FILE will be returned if the file doesnt exist, cant be
read, or is corrupted.
\return MEMORY_E will be returned if an out of memory condition occurs.
\return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
\return BUFFER_E will be returned if a chain buffer is bigger than the
receiving buffer.
\return BAD_PATH_ERROR will be returned if opendir() fails when trying
to open path.
\param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
\param file pointer to name of the file containing PEM-formatted CA
certificates.
\param path pointer to the name of a directory to load PEM-formatted
certificates from.
\param flags possible mask values are: WOLFSSL_LOAD_FLAG_IGNORE_ERR,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY and WOLFSSL_LOAD_FLAG_PEM_CA_ONLY
_Example_
\code
int ret = 0;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_load_verify_locations_ex(ctx, NUULL, ./certs/external",
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY);
if (ret != WOLFSSL_SUCCESS) {
// error loading CA certs
}
...
\endcode
\sa wolfSSL_CTX_load_verify_locations
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_file
\sa wolfSSL_CTX_use_PrivateKey_file
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_file
\sa wolfSSL_use_certificate_file
\sa wolfSSL_use_PrivateKey_file
\sa wolfSSL_use_certificate_chain_file
*/
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
const char*, unsigned int flags);
/*!
\ingroup Setup
@ -6904,6 +6970,60 @@ WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*,
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*,
const unsigned char*, long, int);
/*!
\ingroup CertsKeys
\brief This function loads a CA certificate chain buffer into the WOLFSSL
Context. It behaves like the non-buffered version, only differing in
its ability to be called with a buffer as input instead of a file.
The buffer is provided by the in argument of size sz. format specifies
the format type of the buffer; SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM.
More than one CA certificate may be loaded per buffer as long as the
format is in PEM. Please see the examples for proper usage.
\return SSL_SUCCESS upon success
\return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
\return SSL_BAD_FILE will be returned if the file doesnt exist,
cant be read, or is corrupted.
\return MEMORY_E will be returned if an out of memory condition occurs.
\return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
\return BUFFER_E will be returned if a chain buffer is bigger than
the receiving buffer.
\param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
\param in pointer to the CA certificate buffer.
\param sz size of the input CA certificate buffer, in.
\param format format of the buffer certificate, either SSL_FILETYPE_ASN1
or SSL_FILETYPE_PEM.
_Example_
\code
int ret = 0;
int sz = 0;
WOLFSSL_CTX* ctx;
byte certBuff[...];
...
ret = wolfSSL_CTX_load_verify_chain_buffer_format(ctx,
certBuff, sz, WOLFSSL_FILETYPE_ASN1);
if (ret != SSL_SUCCESS) {
// error loading CA certs from buffer
}
...
\endcode
\sa wolfSSL_CTX_load_verify_locations
\sa wolfSSL_CTX_use_certificate_buffer
\sa wolfSSL_CTX_use_PrivateKey_buffer
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_buffer
\sa wolfSSL_use_certificate_buffer
\sa wolfSSL_use_PrivateKey_buffer
\sa wolfSSL_use_certificate_chain_buffer
*/
WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX*,
const unsigned char*, long, int);
/*!
\ingroup CertsKeys

1
gencertbuf.pl
View File

@ -69,6 +69,7 @@ my @fileList_2048 = (
[ "./certs/rsa2048.der", "rsa_key_der_2048" ],
[ "./certs/ca-key.der", "ca_key_der_2048" ],
[ "./certs/ca-cert.der", "ca_cert_der_2048" ],
[ "./certs/ca-cert-chain.der", "ca_cert_chain_der" ],
[ "./certs/server-key.der", "server_key_der_2048" ],
[ "./certs/server-cert.der", "server_cert_der_2048" ]
);

8
src/internal.c
View File

@ -1698,7 +1698,7 @@ void InitCiphers(WOLFSSL* ssl)
ssl->encrypt.chacha = NULL;
ssl->decrypt.chacha = NULL;
#endif
#ifdef HAVE_POLY1305
#if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH)
ssl->auth.poly1305 = NULL;
#endif
ssl->encrypt.setup = 0;
@ -1757,7 +1757,7 @@ void FreeCiphers(WOLFSSL* ssl)
XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
#endif
#ifdef HAVE_POLY1305
#if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH)
XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
#endif
#ifdef HAVE_IDEA
@ -8081,6 +8081,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw));
XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen);
#ifdef WOLFSSL_CERT_EXT
x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw));
XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen);
#endif
#endif
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);

144
src/ssl.c
View File

@ -3016,8 +3016,9 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
if (cm->ocsp)
FreeOCSP(cm->ocsp, 1);
XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
#if !defined(NO_WOLFSSL_SERVER) && \
(defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
if (cm->ocsp_stapling)
FreeOCSP(cm->ocsp_stapling, 1);
#endif
@ -4303,8 +4304,13 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
int cnt = 0;
#endif
if ((type == CA_TYPE) && (ctx == NULL)) {
WOLFSSL_MSG("Need context for CA load");
return BAD_FUNC_ARG;
}
/* we may have a user cert chain, try to consume */
if (type == CERT_TYPE && info->consumed < sz) {
if ((type == CERT_TYPE || type == CA_TYPE) && (info->consumed < sz)) {
#ifdef WOLFSSL_SMALL_STACK
byte staticBuffer[1]; /* force heap usage */
#else
@ -4348,7 +4354,8 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (format == WOLFSSL_FILETYPE_ASN1) {
/* get length of der (read sequence) */
word32 inOutIdx = 0;
if (GetSequence(buff + consumed, &inOutIdx, &length, remain) < 0) {
if (GetSequence(buff + consumed, &inOutIdx, &length,
remain) < 0) {
ret = ASN_NO_PEM_HEADER;
}
length += inOutIdx; /* include leading sequence */
@ -4379,7 +4386,16 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (used)
*used += info->consumed;
}
/* add CA's to certificate manager */
if (type == CA_TYPE) {
/* verify CA unless user set to no verify */
ret = AddCA(ctx->cm, &part, WOLFSSL_USER_CA,
!ctx->verifyNone);
gotOne = 0; /* don't exit loop for CA type */
}
}
FreeDer(&part);
if (ret == ASN_NO_PEM_HEADER && gotOne) {
@ -4406,21 +4422,22 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
ret = AllocDer(&ssl->buffers.certChain, idx, type, heap);
if (ret == 0) {
XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer, idx);
XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer,
idx);
ssl->buffers.weOwnCertChain = 1;
}
#ifdef WOLFSSL_TLS13
#ifdef WOLFSSL_TLS13
ssl->buffers.certChainCnt = cnt;
#endif
#endif
} else if (ctx) {
FreeDer(&ctx->certChain);
ret = AllocDer(&ctx->certChain, idx, type, heap);
if (ret == 0) {
XMEMCPY(ctx->certChain->buffer, chainBuffer, idx);
}
#ifdef WOLFSSL_TLS13
#ifdef WOLFSSL_TLS13
ctx->certChainCnt = cnt;
#endif
#endif
}
}
@ -5085,7 +5102,7 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
WOLFSSL_MSG("Trying a CRL");
if (PemToDer(buff + used, sz - used, CRL_TYPE, &der, NULL, &info,
NULL) == 0) {
WOLFSSL_MSG(" Proccessed a CRL");
WOLFSSL_MSG(" Processed a CRL");
wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer,
der->length, WOLFSSL_FILETYPE_ASN1);
FreeDer(&der);
@ -5095,26 +5112,26 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
#endif
#endif
if (ret < 0)
{
if(consumed > 0) { /* Made progress in file */
if (ret < 0) {
if (consumed > 0) { /* Made progress in file */
WOLFSSL_ERROR(ret);
WOLFSSL_MSG("CA Parse failed, with progress in file.");
WOLFSSL_MSG("Search for other certs in file");
} else {
}
else {
WOLFSSL_MSG("CA Parse failed, no progress in file.");
WOLFSSL_MSG("Do not continue search for other certs in file");
break;
}
} else {
}
else {
WOLFSSL_MSG(" Processed a CA");
gotOne = 1;
}
used += consumed;
}
if(gotOne)
{
if (gotOne) {
WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK");
return WOLFSSL_SUCCESS;
}
@ -5404,6 +5421,7 @@ int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
#ifndef NO_WOLFSSL_SERVER
if (cm->ocsp_stapling == NULL) {
cm->ocsp_stapling = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP),
cm->heap, DYNAMIC_TYPE_OCSP);
@ -5417,13 +5435,14 @@ int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
return WOLFSSL_FAILURE;
}
}
cm->ocspStaplingEnabled = 1;
#ifndef WOLFSSL_USER_IO
cm->ocspIOCb = EmbedOcspLookup;
cm->ocspRespFreeCb = EmbedOcspRespFree;
cm->ocspIOCtx = cm->heap;
#endif /* WOLFSSL_USER_IO */
#endif /* NO_WOLFSSL_SERVER */
cm->ocspStaplingEnabled = 1;
#else
ret = NOT_COMPILED_IN;
#endif
@ -5733,17 +5752,18 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
return ret;
}
/* loads file then loads each file in path, no c_rehash */
int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
const char* path)
int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
const char* path, word32 flags)
{
int ret = WOLFSSL_SUCCESS;
#ifndef NO_WOLFSSL_DIR
int fileRet;
int successCount = 0;
int failCount = 0;
#endif
WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations");
WOLFSSL_MSG("wolfSSL_CTX_load_verify_locations_ex");
if (ctx == NULL || (file == NULL && path == NULL) )
return WOLFSSL_FAILURE;
@ -5767,30 +5787,70 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
/* try to load each regular file in path */
fileRet = wc_ReadDirFirst(readCtx, path, &name);
while (fileRet == 0 && name) {
WOLFSSL_MSG(name); /* log file name */
ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, CA_TYPE,
NULL, 0, NULL);
if (ret != WOLFSSL_SUCCESS)
break;
if (ret != WOLFSSL_SUCCESS) {
/* handle flags for ignoring errors, skipping expired certs or
by PEM certificate header error */
if ( (flags & WOLFSSL_LOAD_FLAG_IGNORE_ERR) ||
((flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) &&
(ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E)) ||
((flags & WOLFSSL_LOAD_FLAG_PEM_CA_ONLY) &&
(ret == ASN_NO_PEM_HEADER))) {
/* Do not fail here if a certificate fails to load,
continue to next file */
ret = WOLFSSL_SUCCESS;
}
else {
WOLFSSL_ERROR(ret);
WOLFSSL_MSG("Load CA file failed, continuing");
failCount++;
}
}
else {
successCount++;
}
fileRet = wc_ReadDirNext(readCtx, path, &name);
}
wc_ReadDirClose(readCtx);
/* pass directory read failure to response code */
if (ret == WOLFSSL_SUCCESS && fileRet != -1) {
if (fileRet != WC_READDIR_NOFILE) {
ret = fileRet;
}
/* report failure if no files were loaded or there were failures */
else if (successCount == 0 || failCount > 0) {
/* use existing error code if exists */
if (ret == WOLFSSL_SUCCESS)
ret = WOLFSSL_FAILURE;
}
else {
ret = WOLFSSL_SUCCESS;
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX);
#endif
#else
ret = NOT_COMPILED_IN;
(void)flags;
#endif
}
return ret;
}
#ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
#define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE
#endif
int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
const char* path)
{
return wolfSSL_CTX_load_verify_locations_ex(ctx, file, path,
WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
}
#ifdef WOLFSSL_TRUST_PEER_CERT
/* Used to specify a peer cert to match when connecting
@ -10813,6 +10873,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
const unsigned char* in,
long sz, int format)
{
WOLFSSL_ENTER("wolfSSL_CTX_load_verify_chain_buffer_format");
if (format == WOLFSSL_FILETYPE_PEM)
return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
else
return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,1);
}
#ifdef WOLFSSL_TRUST_PEER_CERT
int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx,
const unsigned char* in,
@ -15700,7 +15772,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
/* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
* fail
*/
WOLFSSL_X509* wolfSSL_X509_new()
WOLFSSL_X509* wolfSSL_X509_new(void)
{
WOLFSSL_X509* x509;
@ -16164,7 +16236,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
*
* returns a pointer to the new structure created on success or NULL if fail
*/
WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new()
WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void)
{
WOLFSSL_ASN1_STRING* asn1;
@ -18587,7 +18659,7 @@ int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key)
/* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the
* subset of X509 API */
WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(){
WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void){
return wolfSSL_PKEY_new_ex(NULL);
}
@ -21960,7 +22032,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
}
int wolfSSL_RAND_poll()
int wolfSSL_RAND_poll(void)
{
byte entropy[16];
int ret = 0;
@ -28950,7 +29022,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
*
* returns NULL on failure, otherwise returns a new structure.
*/
WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new()
WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void)
{
WOLFSSL_X509_NAME* name;
@ -29019,9 +29091,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
cName->unitEnc = CTC_UTF8;
cName->commonName[0] = '\0';
cName->commonNameEnc = CTC_UTF8;
cName->serialDev[0] = '\0';
cName->serialDevEnc = CTC_PRINTABLE;
#ifdef WOLFSSL_CERT_EXT
cName->busCat[0] = '\0';
cName->busCatEnc = CTC_UTF8;
cName->serialDev[0] = '\0';
cName->serialDevEnc = CTC_PRINTABLE;
cName->joiC[0] = '\0';
cName->joiCEnc = CTC_PRINTABLE;
cName->joiSt[0] = '\0';
@ -29081,6 +29157,14 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return BUFFER_E;
}
/* ASN_SERIAL_NUMBER */
WOLFSSL_MSG("Copy Serial Number of Device");
if (CopyX509NameEntry(cName->serialDev, CTC_NAME_SIZE,
dn->fullName + dn->serialIdx, dn->serialLen)
!= SSL_SUCCESS) {
return BUFFER_E;
}
#ifdef WOLFSSL_CERT_EXT
/* ASN_BUS_CAT */
WOLFSSL_MSG("Copy Business Category");

220
tests/api.c
View File

@ -697,32 +697,40 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
#ifdef PERSIST_CERT_CACHE
int cacheSz;
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
const char* load_certs_path = "./certs/external";
const char* load_no_certs_path = "./examples";
const char* load_expired_path = "./certs/test/expired";
#endif
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, 0));
/* invalid arguments */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE);
/* invalid ca file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), WOLFSSL_BAD_FILE);
#ifndef WOLFSSL_TIRTOS
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
/* invalid path */
/* not working... investigate! */
/* AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, bogusFile)); */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), BAD_PATH_ERROR);
#endif
/* load ca cert */
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
#endif
#ifdef PERSIST_CERT_CACHE
/* Get cert cache size */
cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx);
#endif
/* Test unloading CA's */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UnloadCAs(ctx));
AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Verify no certs (result is less than cacheSz) */
@ -730,23 +738,164 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
#endif
/* load ca cert again */
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
#endif
/* Test getting CERT_MANAGER */
AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
/* Test unloading CA's using CM */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerUnloadCAs(cm));
AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Verify no certs (result is less than cacheSz) */
AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
/* Test loading CA certificates using a path */
#ifdef NO_RSA
/* failure here okay since certs in external directory are RSA */
AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
#endif
/* Test loading path with no files */
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
/* Test loading expired CA certificates */
#ifdef NO_RSA
AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
WOLFSSL_SUCCESS);
#else
AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
WOLFSSL_SUCCESS);
#endif
/* Test loading CA certificates and ignoring all errors */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
#endif
#endif
wolfSSL_CTX_free(ctx);
#endif
}
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type)
{
int ret;
WOLFSSL_CERT_MANAGER* cm = NULL;
cm = wolfSSL_CertManagerNew();
if (cm == NULL) {
printf("test_cm_load_ca failed\n");
return -1;
}
ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
wolfSSL_CertManagerFree(cm);
return ret;
}
static int test_cm_load_ca_file(const char* ca_cert_file)
{
int ret = 0;
byte* cert_buf = NULL;
size_t cert_sz = 0;
#if defined(WOLFSSL_PEM_TO_DER)
DerBuffer* pDer = NULL;
#endif
ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
if (ret == 0) {
/* normal test */
ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);
if (ret == 0) {
/* test including null terminator in length */
ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, WOLFSSL_FILETYPE_PEM);
}
#if defined(WOLFSSL_PEM_TO_DER)
if (ret == 0) {
/* test loading DER */
ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
if (ret == 0) {
ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
WOLFSSL_FILETYPE_ASN1);
wc_FreeDer(&pDer);
}
}
#endif
free(cert_buf);
}
return ret;
}
#endif /* !NO_FILESYSTEM && !NO_CERTS */
static int test_wolfSSL_CertManagerLoadCABuffer(void)
{
int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
const char* ca_cert = "./certs/ca-cert.pem";
const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
ret = test_cm_load_ca_file(ca_cert);
#ifdef NO_RSA
AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#endif
ret = test_cm_load_ca_file(ca_expired_cert);
#ifdef NO_RSA
AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(ret, ASN_AFTER_DATE_E);
#endif
#endif
return ret;
}
static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
{
#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \
defined(USE_CERT_BUFFERS_2048) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN)
WOLFSSL_CTX* ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(WOLFSSL_SUCCESS ==
wolfSSL_CTX_load_verify_chain_buffer_format(ctx, ca_cert_chain_der,
sizeof_ca_cert_chain_der,
WOLFSSL_FILETYPE_ASN1));
wolfSSL_CTX_free(ctx);
#endif
}
static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
{
@ -15979,7 +16128,7 @@ static void test_wolfSSL_certs(void)
}
static void test_wolfSSL_ASN1_TIME_print()
static void test_wolfSSL_ASN1_TIME_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) \
&& (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
@ -16015,7 +16164,8 @@ static void test_wolfSSL_ASN1_TIME_print()
}
static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(){
static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
{
#if defined(OPENSSL_EXTRA)
WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime;
unsigned char nullstr[32];
@ -16222,13 +16372,14 @@ static void test_wolfSSL_PEM_PrivateKey(void)
#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
{
#define BIO_PEM_TEST_CHAR 'a'
EVP_PKEY* pkey2 = NULL;
unsigned char extra[10];
int i;
printf(testingFmt, "wolfSSL_PEM_PrivateKey()");
XMEMSET(extra, 0, sizeof(extra));
XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
@ -16245,14 +16396,14 @@ static void test_wolfSSL_PEM_PrivateKey(void)
/* test creating new EVP_PKEY with good args */
AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);
/* test of reuse of EVP_PKEY */
AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
AssertIntEQ(BIO_pending(bio), 0);
AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
SSL_SUCCESS);
AssertIntEQ(BIO_write(bio, extra, 10), 10); /*add 10 extra bytes after PEM*/
AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
AssertNotNull(pkey);
if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
@ -16261,7 +16412,7 @@ static void test_wolfSSL_PEM_PrivateKey(void)
AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
AssertIntEQ(BIO_read(bio, extra, 10), 10);
for (i = 0; i < 10; i++) {
AssertIntEQ(extra[i], 0);
AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR);
}
BIO_free(bio);
@ -19458,6 +19609,32 @@ static void test_wc_GetSubjectRaw(void)
#endif
}
static void test_wc_SetIssuerRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && \
defined(WOLFSSL_CERT_EXT) && defined(OPENSSL_EXTRA)
char joiCertFile[] = "./certs/test/cert-ext-joi.pem";
WOLFSSL_X509* x509;
int peerCertSz;
const byte* peerCertBuf;
Cert forgedCert;
printf(testingFmt, "test_wc_SetIssuerRaw()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_PEM));
AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
AssertIntEQ(0, wc_InitCert(&forgedCert));
AssertIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz));
wolfSSL_FreeX509(x509);
printf(resultFmt, passed);
#endif
}
static void test_CheckCertSignature(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY)
@ -20392,7 +20569,7 @@ static void test_DhCallbacks(void)
#ifdef HAVE_HASHDRBG
#ifdef TEST_RESEED_INTERVAL
static int test_wc_RNG_GenerateBlock_Reseed()
static int test_wc_RNG_GenerateBlock_Reseed(void)
{
int i, ret;
WC_RNG rng;
@ -20415,7 +20592,7 @@ static int test_wc_RNG_GenerateBlock_Reseed()
}
#endif /* TEST_RESEED_INTERVAL */
static int test_wc_RNG_GenerateBlock()
static int test_wc_RNG_GenerateBlock(void)
{
int i, ret;
WC_RNG rng;
@ -20498,7 +20675,7 @@ static void test_wolfSSL_X509_CRL(void)
return;
}
static void test_wolfSSL_i2c_ASN1_INTEGER()
static void test_wolfSSL_i2c_ASN1_INTEGER(void)
{
#ifdef OPENSSL_EXTRA
ASN1_INTEGER *a;
@ -20647,6 +20824,8 @@ void ApiTest(void)
AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), WOLFSSL_SUCCESS);
test_wolfSSL_CTX_use_PrivateKey_file();
test_wolfSSL_CTX_load_verify_locations();
test_wolfSSL_CertManagerLoadCABuffer();
test_wolfSSL_CTX_load_verify_chain_buffer_format();
test_wolfSSL_CTX_use_certificate_chain_file_format();
test_wolfSSL_CTX_trust_peer_cert();
test_wolfSSL_CTX_SetTmpDH_file();
@ -20771,6 +20950,7 @@ void ApiTest(void)
test_wc_GetPkcs8TraditionalOffset();
test_wc_SetSubjectRaw();
test_wc_GetSubjectRaw();
test_wc_SetIssuerRaw();
test_CheckCertSignature();
/* wolfCrypt ECC tests */

2
tests/hash.c
View File

@ -535,7 +535,7 @@ int sha512_test(void)
#endif
#ifdef WOLFSSL_SHA384
int sha384_test()
int sha384_test(void)
{
wc_Sha384 sha;
byte hash[WC_SHA384_DIGEST_SIZE];

2
wolfcrypt/benchmark/benchmark.c
View File

@ -2157,7 +2157,7 @@ void bench_aesccm(void)
#ifdef HAVE_POLY1305
void bench_poly1305()
void bench_poly1305(void)
{
Poly1305 enc;
byte mac[16];

158
wolfcrypt/src/asn.c
View File

@ -4108,7 +4108,7 @@ static int GetName(DecodedCert* cert, int nameType)
length += cert->srcIdx;
idx = 0;
#ifdef HAVE_PKCS7
#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
/* store pointer to raw issuer */
if (nameType == ISSUER) {
cert->issuerRaw = &cert->source[cert->srcIdx];
@ -8389,9 +8389,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
consumedEnd = footerEnd + XSTRLEN(footer);
if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
/* eat end of line characters */
consumedEnd = SkipEndOfLineChars(consumedEnd, bufferEnd);
/* skip possible null term */
if (consumedEnd < bufferEnd && consumedEnd[0] == '\0')
consumedEnd++;
}
if (info)
@ -9665,13 +9668,16 @@ static const char* GetOneName(CertName* name, int idx)
case 6:
return name->commonName;
#ifdef WOLFSSL_CERT_EXT
case 7:
return name->busCat;
return name->serialDev;
#ifdef WOLFSSL_CERT_EXT
case 8:
return name->busCat;
case 9:
#else
case 7:
case 8:
#endif
return name->email;
@ -9706,13 +9712,16 @@ static char GetNameType(CertName* name, int idx)
case 6:
return name->commonNameEnc;
#ifdef WOLFSSL_CERT_EXT
case 7:
return name->busCatEnc;
return name->serialDevEnc;
#ifdef WOLFSSL_CERT_EXT
case 8:
return name->busCatEnc;
case 9:
#else
case 7:
case 8:
#endif
/* FALL THROUGH */
/* The last index, email name, does not have encoding type.
@ -9748,13 +9757,16 @@ static byte GetNameId(int idx)
case 6:
return ASN_COMMON_NAME;
#ifdef WOLFSSL_CERT_EXT
case 7:
return ASN_SERIAL_NUMBER;
#ifdef WOLFSSL_CERT_EXT
case 8:
return ASN_BUS_CAT;
case 8:
case 9:
#else
case 7:
case 8:
#endif
return ASN_EMAIL_NAME;
@ -10578,13 +10590,58 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
}
/* subject name */
der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject);
#ifdef WOLFSSL_CERT_EXT
if (XSTRLEN((const char*)cert->sbjRaw) > 0) {
/* Use the raw subject */
int idx;
der->subjectSz = min(sizeof(der->subject),
(word32)XSTRLEN((const char*)cert->sbjRaw));
/* header */
idx = SetSequence(der->subjectSz, der->subject);
if (der->subjectSz + idx > (int)sizeof(der->subject)) {
return SUBJECT_E;
}
XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw,
der->subjectSz);
der->subjectSz += idx;
}
else
#endif
{
/* Use the name structure */
der->subjectSz = SetName(der->subject, sizeof(der->subject),
&cert->subject);
}
if (der->subjectSz <= 0)
return SUBJECT_E;
/* issuer name */
der->issuerSz = SetName(der->issuer, sizeof(der->issuer), cert->selfSigned ?
&cert->subject : &cert->issuer);
#ifdef WOLFSSL_CERT_EXT
if (XSTRLEN((const char*)cert->issRaw) > 0) {
/* Use the raw issuer */
int idx;
der->issuerSz = min(sizeof(der->issuer),
(word32)XSTRLEN((const char*)cert->issRaw));
/* header */
idx = SetSequence(der->issuerSz, der->issuer);
if (der->issuerSz + idx > (int)sizeof(der->issuer)) {
return ISSUER_E;
}
XMEMCPY((char*)der->issuer + idx, (const char*)cert->issRaw,
der->issuerSz);
der->issuerSz += idx;
}
else
#endif
{
/* Use the name structure */
der->issuerSz = SetName(der->issuer, sizeof(der->issuer),
cert->selfSigned ? &cert->subject : &cert->issuer);
}
if (der->issuerSz <= 0)
return ISSUER_E;
@ -12197,6 +12254,13 @@ static int SetNameFromCert(CertName* cn, const byte* der, int derSz)
cn->sur[sz] = '\0';
cn->surEnc = decoded->subjectSNEnc;
}
if (decoded->subjectSND) {
sz = (decoded->subjectSNDLen < CTC_NAME_SIZE) ? decoded->subjectSNDLen
: CTC_NAME_SIZE - 1;
XSTRNCPY(cn->serialDev, decoded->subjectSND, CTC_NAME_SIZE);
cn->serialDev[sz] = '\0';
cn->serialDevEnc = decoded->subjectSNDEnc;
}
#ifdef WOLFSSL_CERT_EXT
if (decoded->subjectBC) {
sz = (decoded->subjectBCLen < CTC_NAME_SIZE) ? decoded->subjectBCLen
@ -12289,8 +12353,60 @@ static int SetSubjectRawFromCert(byte* sbjRaw, const byte* der, int derSz)
return ret < 0 ? ret : 0;
}
/* Set raw issuer from der buffer, return 0 on success */
static int SetIssuerRawFromCert(byte* issuerRaw, const byte* der, int derSz)
{
int ret;
#ifdef WOLFSSL_SMALL_STACK
DecodedCert* decoded;
#else
DecodedCert decoded[1];
#endif
if ((derSz < 0) || (issuerRaw == NULL)) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (decoded == NULL) {
return MEMORY_E;
}
#endif
InitDecodedCert(decoded, (byte*)der, derSz, NULL);
ret = ParseCertRelative(decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) {
WOLFSSL_MSG("ParseCertRelative error");
}
#ifndef IGNORE_NAME_CONSTRAINT
else {
if ((decoded->issuerRaw) &&
(decoded->issuerRawLen <= (int)sizeof(CertName))) {
XMEMCPY(issuerRaw, decoded->issuerRaw, decoded->issuerRawLen);
}
}
#else
else {
/* Fields are not accessible */
ret = -1;
WOLFSSL_MSG("IGNORE_NAME_CONSTRAINT excludes raw issuer");
}
#endif
FreeDecodedCert(decoded);
#ifdef WOLFSSL_SMALL_STACK
XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret < 0 ? ret : 0;
}
#endif /* WOLFSSL_CERT_EXT */
#ifndef NO_FILESYSTEM
/* Set cert issuer from issuerFile in PEM */
@ -12381,6 +12497,20 @@ int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz)
}
return ret;
}
/* Set cert raw issuer from DER buffer */
int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz)
{
int ret;
if (cert == NULL) {
ret = BAD_FUNC_ARG;
}
else {
ret = SetIssuerRawFromCert(cert->issRaw, der, derSz);
}
return ret;
}
#endif
#ifdef WOLFSSL_ALT_NAMES

2
wolfcrypt/src/fe_low_mem.c
View File

@ -60,7 +60,7 @@ void lm_copy(byte* x, const byte* a)
!defined(FREESCALE_LTC_ECC)
/* to be Complementary to fe_low_mem.c */
#else
void fe_init()
void fe_init(void)
{
}
#endif

2
wolfcrypt/src/fe_operations.c
View File

@ -120,7 +120,7 @@ void fe_0(fe h)
(defined(HAVE_ED25519) && !defined(ED25519_SMALL))) && \
!defined(FREESCALE_LTC_ECC)
/* to be Complementary to fe_low_mem.c */
void fe_init()
void fe_init(void)
{
}
#endif

2
wolfcrypt/src/fe_x25519_128.i
View File

@ -19,7 +19,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
void fe_init()
void fe_init(void)
{
}

2
wolfcrypt/src/fe_x25519_x64.i
View File

@ -60,7 +60,7 @@ static int intelFlags;
#endif
void fe_init()
void fe_init(void)
{
#ifdef HAVE_INTEL_AVX2
if (cpuFlagsSet)

2
wolfcrypt/src/port/caam/caam_driver.c
View File

@ -103,7 +103,7 @@ static struct CAAM_DEVICE caam;
****************************************************************************/
/* flush job ring and reset */
static Error caamReset()
static Error caamReset(void)
{
int t = 100000; /* time out counter for flushing job ring */

4
wolfcrypt/src/port/caam/caam_init.c
View File

@ -84,7 +84,7 @@ int wc_caamSetResource(IODevice ioDev)
*
* returns 0 on success
*/
int wc_caamInit()
int wc_caamInit(void)
{
int ret;
word32 reg;
@ -143,7 +143,7 @@ int wc_caamInit()
}
int wc_caamFree()
int wc_caamFree(void)
{
return 0;
}

8
wolfcrypt/src/wc_port.c
View File

@ -247,10 +247,10 @@ int wolfCrypt_Cleanup(void)
!defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
/* File Handling Helpers */
/* returns 0 if file found, -1 if no files or negative error */
/* returns 0 if file found, WC_READDIR_NOFILE if no files or negative error */
int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
{
int ret = -1; /* default to no files found */
int ret = WC_READDIR_NOFILE; /* default to no files found */
int pathLen = 0;
int dnameLen = 0;
@ -329,10 +329,10 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
return ret;
}
/* returns 0 if file found, -1 if no more files */
/* returns 0 if file found, WC_READDIR_NOFILE if no more files */
int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
{
int ret = -1; /* default to no file found */
int ret = WC_READDIR_NOFILE; /* default to no file found */
int pathLen = 0;
int dnameLen = 0;

5
wolfcrypt/test/test.c
View File

@ -8555,6 +8555,8 @@ static void initDefaultName(void)
certDefaultName.unitEnc = CTC_UTF8;
XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
certDefaultName.commonNameEnc = CTC_UTF8;
XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
certDefaultName.serialDevEnc = CTC_PRINTABLE;
#ifdef WOLFSSL_CERT_EXT
XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
certDefaultName.busCatEnc = CTC_UTF8;
@ -8597,6 +8599,7 @@ static const CertName certDefaultName = {
"wolfSSL", CTC_UTF8, /* org */
"Development", CTC_UTF8, /* unit */
"www.wolfssl.com", CTC_UTF8, /* commonName */
"wolfSSL12345", CTC_PRINTABLE, /* serial number of device */
#ifdef WOLFSSL_CERT_EXT
"Private Organization", CTC_UTF8, /* businessCategory */
"US", CTC_PRINTABLE, /* jurisdiction country */
@ -13894,7 +13897,7 @@ openssl_pkey1_test_done:
#define ERR_BASE_EVPSIG -5100
int openssl_evpSig_test()
int openssl_evpSig_test(void)
{
#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA)
byte* prvTmp;

222
wolfssl/certs_test.h
View File

@ -1471,6 +1471,228 @@ static const unsigned char ca_cert_der_2048[] =
};
static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
/* ./certs/ca-cert-chain.der, 2048-bit */
static const unsigned char ca_cert_chain_der[] =
{
0x30, 0x82, 0x03, 0xB5, 0x30, 0x82, 0x03, 0x1E, 0xA0, 0x03,
0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D,
0xFE, 0xCF, 0x9B, 0x47, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A,
0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E,
0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16,
0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77,
0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86,
0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31,
0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31,
0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37,
0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x99,
0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31,
0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08,
0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18,
0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43,
0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F,
0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05,
0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81,
0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24,
0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16,
0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04,
0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50,
0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24,
0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8,
0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2,
0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54,
0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72,
0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B,
0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94,
0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5,
0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09,
0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x01, 0x30,
0x81, 0xFE, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04,
0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05,
0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A,
0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55, 0x1D,
0x23, 0x04, 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14, 0xD3,
0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3,
0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0xA1,
0x81, 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31,
0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30,
0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61,
0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30, 0x16,
0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E,
0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30,
0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C,
0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
0x6D, 0x82, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF,
0x9B, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05,
0x00, 0x03, 0x81, 0x81, 0x00, 0x1D, 0x48, 0xF6, 0x40, 0x41,
0x04, 0x06, 0xF2, 0xE4, 0x72, 0x2F, 0xEA, 0xFF, 0xC1, 0x67,
0x6B, 0x15, 0xBB, 0x0A, 0x28, 0x23, 0x28, 0x07, 0xC6, 0xD7,
0x13, 0x2C, 0xBE, 0x00, 0x00, 0xAC, 0x1D, 0xF7, 0xF4, 0x92,
0xD3, 0x2B, 0xAF, 0x23, 0xEB, 0x9F, 0x1A, 0xE2, 0x11, 0x3C,
0x2D, 0x97, 0xF2, 0x0F, 0xAC, 0xAE, 0x97, 0x86, 0x0A, 0xFB,
0xA8, 0x4F, 0x74, 0x1B, 0xDE, 0x19, 0x51, 0xDB, 0xCD, 0xE2,
0x11, 0x38, 0xC1, 0xA4, 0x9D, 0x56, 0xAB, 0x47, 0x5C, 0xDE,
0xBA, 0xEB, 0x27, 0xDF, 0x6D, 0xC8, 0x7E, 0x3A, 0xBD, 0x2E,
0x9B, 0x2A, 0xAD, 0x22, 0x3B, 0x95, 0xA9, 0xF2, 0x28, 0x03,
0xBC, 0xE5, 0xEC, 0xCC, 0xF2, 0x08, 0xD4, 0xC8, 0x2F, 0xDB,
0xEA, 0xFB, 0x2E, 0x52, 0x16, 0x8C, 0x42, 0x02, 0xA4, 0x59,
0x6D, 0x4C, 0x33, 0xB4, 0x9A, 0xD2, 0x73, 0x4A, 0x1E, 0x9F,
0xD9, 0xC8, 0x83, 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03,
0x92, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x86,
0xFF, 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0D, 0x06,
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06,
0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03,
0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F,
0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C,
0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30,
0x34, 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A,
0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
0x32, 0x33, 0x30, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31,
0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30,
0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61,
0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11,
0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E,
0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30,
0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A,
0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10,
0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22,
0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00,
0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF,
0x0C, 0xCA, 0x2D, 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD,
0x38, 0x1F, 0x4A, 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35,
0x9F, 0xDF, 0xCA, 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03,
0x66, 0xEE, 0x2A, 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54,
0x0B, 0x10, 0x98, 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7,
0xCC, 0x4F, 0xDE, 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA,
0xCA, 0x90, 0xBB, 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3,
0x95, 0xC5, 0xF1, 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F,
0xA4, 0x10, 0x41, 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0,
0xB0, 0xD2, 0x70, 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08,
0x2C, 0x7C, 0xED, 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C,
0xAC, 0xC7, 0xED, 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D,
0x49, 0x5C, 0x38, 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75,
0x53, 0x94, 0x3C, 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5,
0xD3, 0x1D, 0x13, 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A,
0xCC, 0xB8, 0x7D, 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F,
0xD8, 0x21, 0xDC, 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE,
0x1A, 0xFC, 0x7D, 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84,
0x7C, 0x05, 0x67, 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1,
0x8C, 0xB5, 0x68, 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5,
0xA0, 0x63, 0xF5, 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F,
0xB1, 0x5A, 0x17, 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58,
0x6F, 0xFE, 0xC3, 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D,
0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51,
0x45, 0x1D, 0xB9, 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3,
0x4B, 0xBD, 0xED, 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01,
0xA3, 0x81, 0xFC, 0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03,
0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67,
0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3,
0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9,
0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81,
0xBE, 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26,
0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30,
0xE5, 0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30,
0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74,
0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61,
0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A,
0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68,
0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E,
0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
0x82, 0x09, 0x00, 0x86, 0xFF, 0xF5, 0x8E, 0x10, 0xDE, 0xB8,
0xFB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05,
0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A,
0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
0x03, 0x82, 0x01, 0x01, 0x00, 0x9E, 0x28, 0x88, 0x72, 0x00,
0xCA, 0xE6, 0xE7, 0x97, 0xCA, 0xC1, 0xF1, 0x1F, 0x9E, 0x12,
0xB2, 0xB8, 0xC7, 0x51, 0xEA, 0x28, 0xE1, 0x36, 0xB5, 0x2D,
0xE6, 0x2F, 0x08, 0x23, 0xCB, 0xA9, 0x4A, 0x87, 0x25, 0xC6,
0x5D, 0x89, 0x45, 0xEA, 0xF5, 0x00, 0x98, 0xAC, 0x76, 0xFB,
0x1B, 0xAF, 0xF0, 0xCE, 0x64, 0x9E, 0xDA, 0x08, 0xBF, 0xB6,
0xEB, 0xB4, 0xB5, 0x0C, 0xA0, 0xE7, 0xF6, 0x47, 0x59, 0x1C,
0x61, 0xCF, 0x2E, 0x0E, 0x58, 0xA4, 0x82, 0xAC, 0x0F, 0x3F,
0xEC, 0xC4, 0xAE, 0x80, 0xF7, 0xB0, 0x8A, 0x1E, 0x85, 0x41,
0xE8, 0xFF, 0xFE, 0xFE, 0x4F, 0x1A, 0x24, 0xD5, 0x49, 0xFA,
0xFB, 0xFE, 0x5E, 0xE5, 0xD3, 0x91, 0x0E, 0x4F, 0x4E, 0x0C,
0x21, 0x51, 0x71, 0x83, 0x04, 0x6B, 0x62, 0x7B, 0x4F, 0x59,
0x76, 0x48, 0x81, 0x1E, 0xB4, 0xF7, 0x04, 0x47, 0x8A, 0x91,
0x57, 0xA3, 0x11, 0xA9, 0xF2, 0x20, 0xB4, 0x78, 0x33, 0x62,
0x3D, 0xB0, 0x5E, 0x0D, 0xF9, 0x86, 0x38, 0x82, 0xDA, 0xA1,
0x98, 0x8D, 0x19, 0x06, 0x87, 0x21, 0x39, 0xB7, 0x02, 0xF7,
0xDA, 0x7D, 0x58, 0xBA, 0x52, 0x15, 0xD8, 0x3B, 0xC9, 0x7B,
0x58, 0x34, 0xA0, 0xC7, 0xE2, 0x7C, 0xA9, 0x83, 0x13, 0xE1,
0xB6, 0xEC, 0x01, 0xBF, 0x52, 0x33, 0x0B, 0xC4, 0xFE, 0x43,
0xD3, 0xC6, 0xA4, 0x8E, 0x2F, 0x87, 0x7F, 0x7A, 0x44, 0xEA,
0xCA, 0x53, 0x6C, 0x85, 0xED, 0x65, 0x76, 0x73, 0x31, 0x03,
0x4E, 0xEA, 0xBD, 0x35, 0x54, 0x13, 0xF3, 0x64, 0x87, 0x6B,
0xDF, 0x34, 0xDD, 0x34, 0xA1, 0x88, 0x3B, 0xDB, 0x4D, 0xAF,
0x1B, 0x64, 0x90, 0x92, 0x71, 0x30, 0x8E, 0xC8, 0xCC, 0xE5,
0x60, 0x24, 0xAF, 0x31, 0x16, 0x39, 0x33, 0x91, 0x50, 0xF9,
0xAB, 0x68, 0x42, 0x74, 0x7A, 0x35, 0xD9, 0xDD, 0xC8, 0xC4,
0x52
};
static const int sizeof_ca_cert_chain_der = sizeof(ca_cert_chain_der);
/* ./certs/server-key.der, 2048-bit */
static const unsigned char server_key_der_2048[] =
{

9
wolfssl/ssl.h
View File

@ -504,6 +504,13 @@ WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl,
WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
#define WOLFSSL_LOAD_FLAG_NONE 0x00000000
#define WOLFSSL_LOAD_FLAG_IGNORE_ERR 0x00000001
#define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
#define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY 0x00000004
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
const char*, unsigned int);
WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*,
const char*);
#ifdef WOLFSSL_TRUST_PEER_CERT
@ -1689,6 +1696,8 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
#endif
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*,
const unsigned char*, long, int);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,

9
wolfssl/wolfcrypt/asn.h
View File

@ -673,7 +673,7 @@ struct DecodedCert {
int beforeDateLen;
byte* afterDate;
int afterDateLen;
#ifdef HAVE_PKCS7
#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
byte* issuerRaw; /* pointer to issuer inside source */
int issuerRawLen;
#endif
@ -701,6 +701,9 @@ struct DecodedCert {
char* subjectOU;
int subjectOULen;
char subjectOUEnc;
char* subjectSND;
int subjectSNDLen;
char subjectSNDEnc;
#ifdef WOLFSSL_CERT_EXT
char* subjectBC;
int subjectBCLen;
@ -966,9 +969,9 @@ WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
enum cert_enums {
#ifdef WOLFSSL_CERT_EXT
NAME_ENTRIES = 9,
NAME_ENTRIES = 10,
#else
NAME_ENTRIES = 8,
NAME_ENTRIES = 9,
#endif
JOINT_LEN = 2,
EMAIL_JOINT_LEN = 9,

7
wolfssl/wolfcrypt/asn_public.h
View File

@ -154,7 +154,7 @@ typedef struct EncryptedInfo {
char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */
byte iv[IV_SZ]; /* salt or encrypted IV */
int set:1; /* if encryption set */
word16 set:1; /* if encryption set */
} EncryptedInfo;
@ -204,6 +204,8 @@ typedef struct CertName {
char unitEnc;
char commonName[CTC_NAME_SIZE];
char commonNameEnc;
char serialDev[CTC_NAME_SIZE];
char serialDevEnc;
#ifdef WOLFSSL_CERT_EXT
char busCat[CTC_NAME_SIZE];
char busCatEnc;
@ -297,7 +299,6 @@ WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
WC_RNG*);
WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
WOLFSSL_API int wc_SetSubject(Cert*, const char*);
WOLFSSL_API int wc_SetSubjectRaw(Cert*, const byte* der, int derSz);
#ifdef WOLFSSL_ALT_NAMES
WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
#endif
@ -324,6 +325,8 @@ WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
ecc_key *eckey);
WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert);
WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz);
WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz);
#ifdef HAVE_NTRU
WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,

2
wolfssl/wolfcrypt/ed25519.h
View File

@ -77,7 +77,7 @@ struct ed25519_key {
byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */
byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
#endif
int pubKeySet:1;
word16 pubKeySet:1;
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif

9
wolfssl/wolfcrypt/settings.h
View File

@ -502,9 +502,9 @@
int type);
extern void nucleus_free(void* ptr, void* heap, int type);
#define XMALLOC(s, h, type) nucleus_malloc
#define XREALLOC(p, n, h, t) nucleus_realloc
#define XFREE(p, h, type) nucleus_free
#define XMALLOC(s, h, type) nucleus_malloc((s), (h), (type))
#define XREALLOC(p, n, h, t) nucleus_realloc((p), (n), (h), (t))
#define XFREE(p, h, type) nucleus_free((p), (h), (type))
#endif
#endif
@ -1565,7 +1565,8 @@ extern void uITRON4_free(void *p) ;
#if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \
(!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \
!defined(HAVE_IDEA) && !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128))
!defined(HAVE_CAMELLIA) && !defined(HAVE_IDEA) && \
!defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128))
#define WOLFSSL_AEAD_ONLY
#endif

2
wolfssl/wolfcrypt/wc_port.h
View File

@ -357,6 +357,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
char name[MAX_FILENAME_SZ];
} ReadDirCtx;
#define WC_READDIR_NOFILE -1
WOLFSSL_API int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name);
WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx);