mirror of https://github.com/wolfSSL/wolfssl
ASN1 Template: stricter and simpler DER/BER parsing/construction
Reduce debug output noise
This commit is contained in:
parent
6ac03d41ef
commit
d486b89c61
|
@ -544,6 +544,16 @@ run_renewcerts(){
|
|||
echo "End of section"
|
||||
echo "---------------------------------------------------------------------"
|
||||
|
||||
############################################################
|
||||
########## generate Ed25519 certificates ###################
|
||||
############################################################
|
||||
echo "Renewing Ed448 certificates"
|
||||
cd ed25519
|
||||
./gen-ed25519-certs.sh
|
||||
cd ..
|
||||
echo "End of section"
|
||||
echo "---------------------------------------------------------------------"
|
||||
|
||||
############################################################
|
||||
########## generate Ed448 certificates #####################
|
||||
############################################################
|
||||
|
@ -749,21 +759,6 @@ then
|
|||
echo "changed directory to wolfssl root directory."
|
||||
echo ""
|
||||
|
||||
echo ""
|
||||
echo "Enter directory to ed25519 certificate generation example."
|
||||
echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
|
||||
read -r ED25519_DIR
|
||||
if [ -d "${ED25519_DIR}" ]; then
|
||||
pushd ./certs/ed25519 || { echo "Failed to push certs/ed25519";
|
||||
exit 1; }
|
||||
./gen-ed25519.sh "${ED25519_DIR}"
|
||||
check_result $? "./gen-ed25519.sh"
|
||||
popd || exit 1
|
||||
else
|
||||
echo "Unable to find directory ${ED25519_DIR}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
############################################################
|
||||
########## update ntru if already installed ################
|
||||
############################################################
|
||||
|
@ -786,23 +781,11 @@ elif [ ! -z "$1" ]; then
|
|||
if [ "$1" == "--override-ntru" ]; then
|
||||
echo "overriding ntru, update all certs except ntru."
|
||||
run_renewcerts
|
||||
#valid argument create ed25519 certificates
|
||||
elif [ "$1" == "--ed25519" ] || [ "$2" == "--ed25519" ]; then
|
||||
echo ""
|
||||
echo "Enter directory to ed25519 certificate generation example."
|
||||
echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
|
||||
read -r ED25519_DIR
|
||||
pushd ./certs/ed25519 || { echo "failed to push ./certs/ed25519";
|
||||
exit 1; }
|
||||
./gen-ed25519.sh "${ED25519_DIR}"
|
||||
check_result $? "./gen-ed25519.sh"
|
||||
popd || exit 1
|
||||
#valid argument print out other valid arguments
|
||||
elif [ "$1" == "-h" ] || [ "$1" == "-help" ]; then
|
||||
echo ""
|
||||
echo "\"no argument\" will attempt to update all certificates"
|
||||
echo "--override-ntru updates all certificates except ntru"
|
||||
echo "--ed25519 updates all ed25519 certificates"
|
||||
echo "-h or -help display this menu"
|
||||
echo ""
|
||||
echo ""
|
||||
|
|
|
@ -2909,6 +2909,12 @@ AC_ARG_ENABLE([asn],
|
|||
[ ENABLED_ASN=yes ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_ASN" = "template"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
|
||||
ENABLED_ASN=yes
|
||||
fi
|
||||
|
||||
if test "$ENABLED_ASN" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_ASN"
|
||||
|
|
69
src/ssl.c
69
src/ssl.c
|
@ -21282,7 +21282,9 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
|
|||
return;
|
||||
}
|
||||
if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) {
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_MSG("Freeing ASN1 data");
|
||||
#endif
|
||||
XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
|
||||
obj->obj = NULL;
|
||||
}
|
||||
|
@ -21293,7 +21295,9 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
|
|||
}
|
||||
#endif
|
||||
if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) {
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_MSG("Freeing ASN1 OBJECT");
|
||||
#endif
|
||||
XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);
|
||||
}
|
||||
}
|
||||
|
@ -22758,7 +22762,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
|
|||
{
|
||||
WOLFSSL_ASN1_STRING* asn1;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new");
|
||||
#endif
|
||||
|
||||
asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL,
|
||||
DYNAMIC_TYPE_OPENSSL);
|
||||
|
@ -22807,7 +22813,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
|
|||
/* used to free a WOLFSSL_ASN1_STRING structure */
|
||||
void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1)
|
||||
{
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free");
|
||||
#endif
|
||||
|
||||
if (asn1 != NULL) {
|
||||
if (asn1->length > 0 && asn1->data != NULL && asn1->isDynamic) {
|
||||
|
@ -22866,7 +22874,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
|
|||
{
|
||||
WOLFSSL_ASN1_STRING* asn1;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new");
|
||||
#endif
|
||||
|
||||
asn1 = wolfSSL_ASN1_STRING_new();
|
||||
if (asn1 == NULL) {
|
||||
|
@ -22887,7 +22897,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
|
|||
int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1)
|
||||
{
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type");
|
||||
#endif
|
||||
|
||||
if (asn1 == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
|
@ -22908,7 +22920,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
|
|||
{
|
||||
int sz;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set");
|
||||
#endif
|
||||
|
||||
if (asn1 == NULL || (data == NULL && dataSz < 0)) {
|
||||
return WOLFSSL_FAILURE;
|
||||
|
@ -22970,7 +22984,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
|
|||
|
||||
unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
|
||||
{
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
|
||||
#endif
|
||||
|
||||
if (asn) {
|
||||
return (unsigned char*)asn->data;
|
||||
|
@ -22983,7 +22999,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
|
|||
|
||||
int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
|
||||
{
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
|
||||
#endif
|
||||
|
||||
if (asn) {
|
||||
return asn->length;
|
||||
|
@ -26130,6 +26148,7 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
|
|||
int j;
|
||||
unsigned int i = 0;
|
||||
unsigned char tmp[sizeof(long)+1] = {0};
|
||||
int pad = 0;
|
||||
|
||||
if (a != NULL) {
|
||||
/* dynamically create data buffer, +2 for type and length */
|
||||
|
@ -26169,11 +26188,19 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
|
|||
v >>= 8;
|
||||
}
|
||||
|
||||
/* 0 pad to indicate positive number when top bit set. */
|
||||
if ((!a->negative) && (j > 0) && (tmp[j-1] & 0x80)) {
|
||||
pad = 1;
|
||||
}
|
||||
/* Set length */
|
||||
a->data[i++] = (unsigned char)((j == 0) ? ++j : j);
|
||||
a->data[i++] = (unsigned char)(((j == 0) ? ++j : j) + pad);
|
||||
/* +2 for type and length */
|
||||
a->length = j + 2;
|
||||
a->length = j + pad + 2;
|
||||
|
||||
/* Add padding if required. */
|
||||
if (pad) {
|
||||
a->data[i++] = 0;
|
||||
}
|
||||
/* Copy to data */
|
||||
for (; j > 0; j--) {
|
||||
a->data[i++] = tmp[j-1];
|
||||
|
@ -40881,7 +40908,12 @@ cleanup:
|
|||
defined(WOLFSSL_CERT_GEN) && \
|
||||
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
|
||||
defined(OPENSSL_EXTRA))
|
||||
/* Converts from NID_* value to wolfSSL value if needed */
|
||||
/* Converts from NID_* value to wolfSSL value if needed.
|
||||
*
|
||||
* @param [in] nid Numeric Id of a domain name component.
|
||||
* @return Domain name tag values - wolfSSL internal values.
|
||||
* @return -1 when nid isn't known.
|
||||
*/
|
||||
static int ConvertNIDToWolfSSL(int nid)
|
||||
{
|
||||
switch (nid) {
|
||||
|
@ -40937,8 +40969,7 @@ static int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
|
|||
/* type is set as UTF8 */
|
||||
asn_out->type = MBSTRING_UTF8;
|
||||
asn_out->length = wolfSSL_ASN1_STRING_to_UTF8(
|
||||
(unsigned char**)&asn_out->data
|
||||
, (WOLFSSL_ASN1_STRING*)asn_in);
|
||||
(unsigned char**)&asn_out->data, (WOLFSSL_ASN1_STRING*)asn_in);
|
||||
|
||||
if (asn_out->length < 0) {
|
||||
return WOLFSSL_FAILURE;
|
||||
|
@ -41087,7 +41118,7 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out)
|
|||
}
|
||||
return totalBytes;
|
||||
}
|
||||
#endif
|
||||
#endif /* OPENSSL_ALL */
|
||||
|
||||
/* Converts the x509 name structure into DER format.
|
||||
*
|
||||
|
@ -41197,7 +41228,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
|
|||
|
||||
/* check if using buffer passed in */
|
||||
if (*out == NULL) {
|
||||
*out = local = (unsigned char*)XMALLOC(totalBytes + idx, NULL,
|
||||
*out = local = (unsigned char*)XMALLOC(totalBytes + idx, name->heap,
|
||||
DYNAMIC_TYPE_OPENSSL);
|
||||
if (*out == NULL) {
|
||||
return MEMORY_E;
|
||||
|
@ -42425,7 +42456,9 @@ err:
|
|||
{
|
||||
WOLFSSL_X509_NAME_ENTRY* ne;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()");
|
||||
#endif
|
||||
|
||||
if (!data) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
|
@ -42560,7 +42593,9 @@ err:
|
|||
WOLFSSL_X509_NAME_ENTRY* current = NULL;
|
||||
int i;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry()");
|
||||
#endif
|
||||
|
||||
if (name == NULL || entry == NULL || entry->value == NULL) {
|
||||
WOLFSSL_MSG("NULL argument passed in");
|
||||
|
@ -42706,7 +42741,9 @@ err:
|
|||
const char* sName = NULL;
|
||||
int i;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj()");
|
||||
#endif
|
||||
|
||||
for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) {
|
||||
if (wolfssl_object_info[i].nid == id) {
|
||||
|
@ -43197,7 +43234,9 @@ err:
|
|||
word32 idx = 0;
|
||||
int ret;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid");
|
||||
#endif
|
||||
|
||||
if (o == NULL) {
|
||||
return -1;
|
||||
|
@ -43498,7 +43537,9 @@ err:
|
|||
{
|
||||
WOLFSSL_ASN1_OBJECT* obj = NULL;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
|
||||
#endif
|
||||
if (ne == NULL) return NULL;
|
||||
obj = wolfSSL_OBJ_nid2obj_ex(ne->nid, ne->object);
|
||||
if (obj != NULL) {
|
||||
|
@ -43520,7 +43561,9 @@ err:
|
|||
WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
|
||||
WOLFSSL_X509_NAME *name, int loc)
|
||||
{
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
|
||||
#endif
|
||||
|
||||
if (name == NULL) {
|
||||
return NULL;
|
||||
|
@ -52133,7 +52176,9 @@ int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
|
|||
{
|
||||
byte dynamic = 0;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_MSG("Entering SetIndividualExternal");
|
||||
#endif
|
||||
|
||||
if (mpi == NULL || bn == NULL) {
|
||||
WOLFSSL_MSG("mpi NULL error");
|
||||
|
@ -52173,7 +52218,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
|
|||
WOLFSSL_BIGNUM* external;
|
||||
mp_int* mpi;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_MSG("wolfSSL_BN_new");
|
||||
#endif
|
||||
|
||||
#if !defined(USE_FAST_MATH) || defined(HAVE_WOLF_BIGINT)
|
||||
mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
|
||||
|
@ -52213,7 +52260,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
|
|||
void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn)
|
||||
{
|
||||
if(bn == NULL)return;
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_MSG("wolfSSL_BN_init");
|
||||
#endif
|
||||
InitwolfSSL_BigNum(bn);
|
||||
if (mp_init(&bn->fp) != MP_OKAY)
|
||||
return;
|
||||
|
@ -52223,7 +52272,9 @@ void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn)
|
|||
|
||||
void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
|
||||
{
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_MSG("wolfSSL_BN_free");
|
||||
#endif
|
||||
if (bn) {
|
||||
if (bn->internal) {
|
||||
mp_int* bni = (mp_int*)bn->internal;
|
||||
|
@ -52241,7 +52292,9 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
|
|||
|
||||
void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
|
||||
{
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_MSG("wolfSSL_BN_clear_free");
|
||||
#endif
|
||||
if (bn) {
|
||||
if (bn->internal) {
|
||||
mp_int* bni = (mp_int*)bn->internal;
|
||||
|
@ -52253,7 +52306,9 @@ void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
|
|||
|
||||
void wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn)
|
||||
{
|
||||
#ifdef WOLFSSL_DEBUG_OPENSSL
|
||||
WOLFSSL_MSG("wolfSSL_BN_clear");
|
||||
#endif
|
||||
if (bn && bn->internal) {
|
||||
mp_forcezero((mp_int*)bn->internal);
|
||||
}
|
||||
|
|
10
tests/api.c
10
tests/api.c
|
@ -18292,6 +18292,7 @@ static int test_wc_DsaKeyToPublicDer(void)
|
|||
DsaKey genKey;
|
||||
WC_RNG rng;
|
||||
byte* der;
|
||||
word32 sz;
|
||||
|
||||
printf(testingFmt, "wc_DsaKeyToPublicDer()");
|
||||
|
||||
|
@ -18315,11 +18316,16 @@ static int test_wc_DsaKeyToPublicDer(void)
|
|||
if (ret == 0) {
|
||||
ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF);
|
||||
if (ret >= 0) {
|
||||
sz = ret;
|
||||
ret = 0;
|
||||
} else {
|
||||
ret = WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
word32 idx = 0;
|
||||
ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz);
|
||||
}
|
||||
|
||||
/* Test bad args. */
|
||||
if (ret == 0) {
|
||||
|
@ -24023,7 +24029,7 @@ static int test_ToTraditional (void)
|
|||
}
|
||||
if (ret == 0) {
|
||||
ret = ToTraditional(input, 0);
|
||||
if (ret == ASN_PARSE_E) {
|
||||
if (ret == ASN_PARSE_E || ret == BUFFER_E) {
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
|
@ -28532,7 +28538,7 @@ static void test_wolfSSL_PEM_PrivateKey(void)
|
|||
EVP_PKEY_free(pkey);
|
||||
pkey = NULL;
|
||||
}
|
||||
#endif /* !HAVE_ECC && !NO_FILESYSTEM */
|
||||
#endif
|
||||
|
||||
#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
|
||||
{
|
||||
|
|
13393
wolfcrypt/src/asn.c
13393
wolfcrypt/src/asn.c
File diff suppressed because it is too large
Load Diff
|
@ -4277,8 +4277,8 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz,
|
|||
idx += length;
|
||||
}
|
||||
|
||||
/* Get digestEncryptionAlgorithm */
|
||||
if (ret == 0 && GetAlgoId(in, &idx, &sigOID, oidSigType, inSz) < 0) {
|
||||
/* Get digestEncryptionAlgorithm - key type or signature type */
|
||||
if (ret == 0 && GetAlgoId(in, &idx, &sigOID, oidIgnoreType, inSz) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
|
||||
|
|
|
@ -12229,7 +12229,7 @@ static byte minDates[] = {
|
|||
0x32, 0x33, 0x31, 0x30, 0x5a
|
||||
};
|
||||
static byte minPubKey[] = {
|
||||
0x30, 0x1b,
|
||||
0x30, 0x1c,
|
||||
0x30, 0x0d,
|
||||
0x06, 0x09,
|
||||
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
|
||||
|
@ -12619,7 +12619,7 @@ WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void)
|
|||
}
|
||||
|
||||
if (ret == 0) {
|
||||
if (wc_InitCert(&cert)) {
|
||||
if (wc_InitCert_ex(&cert, HEAP_HINT, devId)) {
|
||||
ret = -7602;
|
||||
}
|
||||
}
|
||||
|
@ -13168,30 +13168,44 @@ static int rsa_decode_test(RsaKey* keyPub)
|
|||
WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
|
||||
0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = {
|
||||
0x30, 0x18, 0x30, 0x16,
|
||||
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
|
||||
0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00,
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = {
|
||||
0x30, 0x1a, 0x30, 0x18,
|
||||
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
|
||||
0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
|
||||
0x02, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00,
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = {
|
||||
0x30, 0x1b, 0x30, 0x19,
|
||||
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
|
||||
0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
|
||||
0x02, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = {
|
||||
0x30, 0x18, 0x30, 0x16,
|
||||
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
|
||||
0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = {
|
||||
0x30, 0x18, 0x30, 0x16,
|
||||
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
|
||||
0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03,
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = {
|
||||
0x30, 0x16, 0x30, 0x14,
|
||||
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
|
||||
0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
|
||||
0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
|
||||
0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1,
|
||||
0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1,
|
||||
0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1,
|
||||
0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00,
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = {
|
||||
0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = {
|
||||
0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = {
|
||||
0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = {
|
||||
0x30, 0x17, 0x30, 0x15,
|
||||
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
|
||||
0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
|
||||
|
||||
ret = wc_InitRsaKey(keyPub, NULL);
|
||||
|
@ -13329,21 +13343,21 @@ static int rsa_decode_test(RsaKey* keyPub)
|
|||
inSz = sizeof(badNoObj);
|
||||
inOutIdx = 0;
|
||||
ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
|
||||
if (ret != ASN_PARSE_E) {
|
||||
if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
|
||||
ret = -7710;
|
||||
goto done;
|
||||
}
|
||||
inSz = sizeof(badIntN);
|
||||
inOutIdx = 0;
|
||||
ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
|
||||
if (ret != ASN_RSA_KEY_E) {
|
||||
if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
|
||||
ret = -7711;
|
||||
goto done;
|
||||
}
|
||||
inSz = sizeof(badNotIntE);
|
||||
inOutIdx = 0;
|
||||
ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
|
||||
if (ret != ASN_RSA_KEY_E) {
|
||||
if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
|
||||
ret = -7712;
|
||||
goto done;
|
||||
}
|
||||
|
@ -13351,7 +13365,12 @@ static int rsa_decode_test(RsaKey* keyPub)
|
|||
inSz = sizeof(badLength);
|
||||
inOutIdx = 0;
|
||||
ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
|
||||
if (ret != 0) {
|
||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||
if (ret != 0)
|
||||
#else
|
||||
if (ret != ASN_PARSE_E)
|
||||
#endif
|
||||
{
|
||||
ret = -7713;
|
||||
goto done;
|
||||
}
|
||||
|
@ -13364,7 +13383,7 @@ static int rsa_decode_test(RsaKey* keyPub)
|
|||
inSz = sizeof(badBitStrNoZero);
|
||||
inOutIdx = 0;
|
||||
ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
|
||||
if (ret != ASN_EXPECT_0_E) {
|
||||
if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
|
||||
ret = -7715;
|
||||
goto done;
|
||||
}
|
||||
|
@ -14184,7 +14203,7 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
|
|||
}
|
||||
|
||||
/* self signed */
|
||||
if (wc_InitCert(myCert)) {
|
||||
if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
|
||||
ERROR_OUT(-7822, exit_rsa);
|
||||
}
|
||||
|
||||
|
@ -14198,7 +14217,6 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
|
|||
myCert->sigType = CTC_SHAwRSA;
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
/* add Policies */
|
||||
XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
|
||||
|
@ -14263,7 +14281,7 @@ static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
|
|||
}
|
||||
|
||||
/* Setup Certificate */
|
||||
if (wc_InitCert(myCert)) {
|
||||
if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
|
||||
ERROR_OUT(-7829, exit_rsa);
|
||||
}
|
||||
|
||||
|
@ -14551,7 +14569,7 @@ static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
|
|||
}
|
||||
|
||||
/* Setup Certificate */
|
||||
if (wc_InitCert(myCert)) {
|
||||
if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
|
||||
ERROR_OUT(-7858, exit_rsa);
|
||||
}
|
||||
|
||||
|
@ -14860,7 +14878,7 @@ static int rsa_ntru_test(RsaKey* caKey, WC_RNG* rng, byte* tmp)
|
|||
ERROR_OUT(-7952, exit_rsa);
|
||||
}
|
||||
|
||||
if (wc_InitCert(&myCert)) {
|
||||
if (wc_InitCert_ex(&myCert, HEAP_HINT, devId)) {
|
||||
ERROR_OUT(-7953, exit_rsa);
|
||||
}
|
||||
|
||||
|
@ -15855,7 +15873,7 @@ WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
|
|||
ERROR_OUT(-7964, exit_rsa);
|
||||
}
|
||||
|
||||
if (wc_InitCert(req)) {
|
||||
if (wc_InitCert_ex(req, HEAP_HINT, devId)) {
|
||||
ERROR_OUT(-7965, exit_rsa);
|
||||
}
|
||||
|
||||
|
@ -22843,14 +22861,14 @@ static int ecc_decode_test(void)
|
|||
inSz = sizeof(badNoObjId);
|
||||
inOutIdx = 0;
|
||||
ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
|
||||
if (ret != ASN_OBJECT_ID_E) {
|
||||
if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
|
||||
ret = -10106;
|
||||
goto done;
|
||||
}
|
||||
inSz = sizeof(badOneObjId);
|
||||
inOutIdx = 0;
|
||||
ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
|
||||
if (ret != ASN_OBJECT_ID_E) {
|
||||
if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
|
||||
ret = -10107;
|
||||
goto done;
|
||||
}
|
||||
|
@ -22871,7 +22889,7 @@ static int ecc_decode_test(void)
|
|||
inSz = sizeof(badNotBitStr);
|
||||
inOutIdx = 0;
|
||||
ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
|
||||
if (ret != ASN_BITSTR_E) {
|
||||
if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
|
||||
ret = -10110;
|
||||
goto done;
|
||||
}
|
||||
|
@ -22885,14 +22903,14 @@ static int ecc_decode_test(void)
|
|||
inSz = sizeof(badNoBitStrZero);
|
||||
inOutIdx = 0;
|
||||
ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
|
||||
if (ret != ASN_EXPECT_0_E) {
|
||||
if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
|
||||
ret = -10112;
|
||||
goto done;
|
||||
}
|
||||
inSz = sizeof(badPoint);
|
||||
inOutIdx = 0;
|
||||
ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
|
||||
if (ret != ASN_ECC_KEY_E) {
|
||||
if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
|
||||
ret = -10113;
|
||||
goto done;
|
||||
}
|
||||
|
@ -23167,7 +23185,7 @@ static int ecc_test_cert_gen(WC_RNG* rng)
|
|||
TEST_SLEEP();
|
||||
|
||||
/* Setup Certificate */
|
||||
if (wc_InitCert(myCert)) {
|
||||
if (wc_InitCert_ex(myCert, HEAP_HINT, devId)) {
|
||||
ERROR_OUT(-10137, exit);
|
||||
}
|
||||
|
||||
|
@ -25142,7 +25160,7 @@ static int ed25519_test_make_cert(void)
|
|||
int ret = 0;
|
||||
byte* tmp = NULL;
|
||||
|
||||
wc_InitCert(&cert);
|
||||
wc_InitCert_ex(&cert, HEAP_HINT, devId);
|
||||
|
||||
#ifndef HAVE_FIPS
|
||||
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
|
||||
|
@ -25941,28 +25959,28 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
|
|||
idx = 0;
|
||||
if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
|
||||
sizeof(privateEd25519)) != 0)
|
||||
return -11121 - i;
|
||||
return -11121;
|
||||
|
||||
if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3)
|
||||
!= BAD_FUNC_ARG)
|
||||
return -11131 - i;
|
||||
return -11131;
|
||||
|
||||
idx = 0;
|
||||
if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
|
||||
sizeof(publicEd25519)) != 0)
|
||||
return -11141 - i;
|
||||
return -11141;
|
||||
|
||||
if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
|
||||
return -11151 - i;
|
||||
return -11151;
|
||||
|
||||
if (XMEMCMP(out, sigs[0], 64))
|
||||
return -11161 - i;
|
||||
return -11161;
|
||||
|
||||
#if defined(HAVE_ED25519_VERIFY)
|
||||
/* test verify on good msg */
|
||||
if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3)
|
||||
!= 0 || verify != 1)
|
||||
return -11171 - i;
|
||||
return -11171;
|
||||
#endif /* HAVE_ED25519_VERIFY */
|
||||
|
||||
wc_ed25519_free(&key3);
|
||||
|
@ -25971,13 +25989,13 @@ WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
|
|||
idx = 0;
|
||||
if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
|
||||
sizeof(privPubEd25519)) != 0)
|
||||
return -11181 - i;
|
||||
return -11181;
|
||||
|
||||
if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
|
||||
return -11191 - i;
|
||||
return -11191;
|
||||
|
||||
if (XMEMCMP(out, sigs[0], 64))
|
||||
return -11201 - i;
|
||||
return -11201;
|
||||
|
||||
wc_ed25519_free(&key3);
|
||||
#endif /* NO_ASN */
|
||||
|
@ -26446,7 +26464,7 @@ static int ed448_test_make_cert(void)
|
|||
int ret = 0;
|
||||
byte* tmp = NULL;
|
||||
|
||||
wc_InitCert(&cert);
|
||||
wc_InitCert_ex(&cert, HEAP_HINT, devId);
|
||||
|
||||
#ifndef HAVE_FIPS
|
||||
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
|
||||
|
@ -27363,28 +27381,28 @@ WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
|
|||
idx = 0;
|
||||
if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, &key3,
|
||||
sizeof(privateEd448)) != 0)
|
||||
return -11821 - i;
|
||||
return -11821;
|
||||
|
||||
if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0)
|
||||
!= BAD_FUNC_ARG)
|
||||
return -11831 - i;
|
||||
return -11831;
|
||||
|
||||
idx = 0;
|
||||
if (wc_Ed448PublicKeyDecode(publicEd448, &idx, &key3,
|
||||
sizeof(publicEd448)) != 0)
|
||||
return -11841 - i;
|
||||
return -11841;
|
||||
|
||||
if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
|
||||
return -11851 - i;
|
||||
return -11851;
|
||||
|
||||
if (XMEMCMP(out, sigs[0], SIGSZ))
|
||||
return -11861 - i;
|
||||
return -11861;
|
||||
|
||||
#if defined(HAVE_ED448_VERIFY)
|
||||
/* test verify on good msg */
|
||||
if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3,
|
||||
NULL, 0) != 0 || verify != 1)
|
||||
return -11871 - i;
|
||||
return -11871;
|
||||
#endif /* HAVE_ED448_VERIFY */
|
||||
|
||||
wc_ed448_free(&key3);
|
||||
|
@ -27393,13 +27411,13 @@ WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
|
|||
idx = 0;
|
||||
if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, &key3,
|
||||
sizeof(privPubEd448)) != 0)
|
||||
return -11881 - i;
|
||||
return -11881;
|
||||
|
||||
if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
|
||||
return -11891 - i;
|
||||
return -11891;
|
||||
|
||||
if (XMEMCMP(out, sigs[0], SIGSZ))
|
||||
return -11901 - i;
|
||||
return -11901;
|
||||
|
||||
wc_ed448_free(&key3);
|
||||
#endif /* NO_ASN */
|
||||
|
@ -37817,29 +37835,72 @@ WOLFSSL_TEST_SUBROUTINE int certpiv_test(void)
|
|||
|
||||
/* Template for Identiv PIV cert, nonce and signature */
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
|
||||
0x0A, 0x0D,
|
||||
0x53, 0x04, /* NIST PIV Cert */
|
||||
0x0A, 0x0B,
|
||||
0x53, 0x09, /* NIST PIV Cert */
|
||||
0x70, 0x02, /* Certificate */
|
||||
0x30, 0x00,
|
||||
0x71, 0x01, 0x00, /* Cert Info */
|
||||
0x71, 0x01, 0x05, /* Cert Info */
|
||||
0xFE, 0x00, /* Error Detection */
|
||||
0x0B, 0x01, 0x00, /* Nonce */
|
||||
0x0C, 0x01, 0x00, /* Signed Nonce */
|
||||
};
|
||||
|
||||
/* PIV certificate data including certificate, info and error dectection. */
|
||||
WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
|
||||
0x53, 0x04, /* NIST PIV Cert */
|
||||
0x53, 0x09, /* NIST PIV Cert */
|
||||
0x70, 0x02, /* Certificate */
|
||||
0x30, 0x00,
|
||||
0x71, 0x01, 0x00, /* Cert Info */
|
||||
0x71, 0x01, 0x04, /* Cert Info */
|
||||
0xFE, 0x00, /* Error Detection */
|
||||
};
|
||||
|
||||
/* Test with identiv 0x0A, 0x0B and 0x0C markers */
|
||||
XMEMSET(&piv, 0, sizeof(piv));
|
||||
/* Test with Identiv 0x0A, 0x0B and 0x0C markers */
|
||||
ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
|
||||
if (ret == 0) {
|
||||
if (ret != 0) {
|
||||
return -14000;
|
||||
}
|
||||
if (!piv.isIdentiv) {
|
||||
return -14001;
|
||||
}
|
||||
if ((piv.cert == NULL) || (piv.certSz != 2)) {
|
||||
return -14002;
|
||||
}
|
||||
if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
|
||||
return -14003;
|
||||
}
|
||||
if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) {
|
||||
return -14004;
|
||||
}
|
||||
if (!piv.isX509) {
|
||||
return -14005;
|
||||
}
|
||||
if ((piv.nonce == NULL) || (piv.nonceSz != 1)) {
|
||||
return -14006;
|
||||
}
|
||||
if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) {
|
||||
return -14007;
|
||||
}
|
||||
|
||||
XMEMSET(&piv, 0, sizeof(piv));
|
||||
/* Test with NIST PIV format */
|
||||
ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
|
||||
if (ret != 0) {
|
||||
return -14010;
|
||||
}
|
||||
if (piv.isIdentiv) {
|
||||
return -14011;
|
||||
}
|
||||
if ((piv.cert == NULL) || (piv.certSz != 2)) {
|
||||
return -14012;
|
||||
}
|
||||
if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
|
||||
return -14013;
|
||||
}
|
||||
if ((piv.compression != 0)) {
|
||||
return -14014;
|
||||
}
|
||||
if (!piv.isX509) {
|
||||
return -14015;
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
|
|
@ -3823,6 +3823,7 @@ struct WOLFSSL_X509_NAME {
|
|||
char staticName[ASN_NAME_MAX];
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(NO_ASN)
|
||||
DecodedName fullName;
|
||||
int entrySz; /* number of entries */
|
||||
WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */
|
||||
WOLFSSL_X509* x509; /* x509 that struct belongs to */
|
||||
|
|
|
@ -100,17 +100,14 @@ enum ASN_Tags {
|
|||
ASN_SEQUENCE = 0x10,
|
||||
ASN_SET = 0x11,
|
||||
ASN_PRINTABLE_STRING = 0x13,
|
||||
ASN_T61STRING = 0x14,
|
||||
ASN_IA5_STRING = 0x16,
|
||||
ASN_UTC_TIME = 0x17,
|
||||
ASN_OTHER_TYPE = 0x00,
|
||||
ASN_RFC822_TYPE = 0x01,
|
||||
ASN_DNS_TYPE = 0x02,
|
||||
ASN_DIR_TYPE = 0x04,
|
||||
ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
|
||||
ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
|
||||
ASN_GENERALIZED_TIME = 0x18,
|
||||
CRL_EXTENSIONS = 0xa0,
|
||||
ASN_EXTENSIONS = 0xa3,
|
||||
ASN_UNIVERSALSTRING = 0x1c,
|
||||
ASN_BMPSTRING = 0x1e,
|
||||
ASN_TYPE_MASK = 0x1f,
|
||||
|
||||
ASN_LONG_LENGTH = 0x80,
|
||||
ASN_INDEF_LENGTH = 0x80,
|
||||
|
||||
|
@ -118,12 +115,481 @@ enum ASN_Tags {
|
|||
ASN_CONSTRUCTED = 0x20,
|
||||
ASN_APPLICATION = 0x40,
|
||||
ASN_CONTEXT_SPECIFIC = 0x80,
|
||||
ASN_PRIVATE = 0xC0,
|
||||
|
||||
CRL_EXTENSIONS = 0xa0,
|
||||
ASN_EXTENSIONS = 0xa3,
|
||||
|
||||
/* GeneralName types */
|
||||
ASN_OTHER_TYPE = 0x00,
|
||||
ASN_RFC822_TYPE = 0x01,
|
||||
ASN_DNS_TYPE = 0x02,
|
||||
ASN_DIR_TYPE = 0x04,
|
||||
ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
|
||||
ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
|
||||
};
|
||||
|
||||
#define ASN_UTC_TIME_SIZE 14
|
||||
#define ASN_GENERALIZED_TIME_SIZE 16
|
||||
#define ASN_GENERALIZED_TIME_MAX 68
|
||||
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
/* Different data types that can be stored in ASNGetData/ASNSetData. */
|
||||
enum ASNItem_DataType {
|
||||
/* Default for tag type. */
|
||||
ASN_DATA_TYPE_NONE = 0,
|
||||
/* 8-bit integer value. */
|
||||
ASN_DATA_TYPE_WORD8 = 1,
|
||||
/* 16-bit integer value. */
|
||||
ASN_DATA_TYPE_WORD16 = 2,
|
||||
/* 32-bit integer value. */
|
||||
ASN_DATA_TYPE_WORD32 = 4,
|
||||
/* Buffer with data and length. */
|
||||
ASN_DATA_TYPE_BUFFER = 5,
|
||||
/* An expected/required buffer with data and length. */
|
||||
ASN_DATA_TYPE_EXP_BUFFER = 6,
|
||||
/* Replace the item with buffer (data and length). */
|
||||
ASN_DATA_TYPE_REPLACE_BUFFER = 7,
|
||||
/* Big number as an mp_int. */
|
||||
ASN_DATA_TYPE_MP = 8,
|
||||
/* Big number as a positive or negative mp_int. */
|
||||
ASN_DATA_TYPE_MP_POS_NEG = 9,
|
||||
/* ASN.1 CHOICE. A 0 terminated list of tags that are valid. */
|
||||
ASN_DATA_TYPE_CHOICE = 10,
|
||||
};
|
||||
|
||||
/* A template entry describing an ASN.1 item. */
|
||||
typedef struct ASNItem {
|
||||
/* Depth of ASN.1 item - how many consturcted ASN.1 items above. */
|
||||
byte depth;
|
||||
/* BER/DER tag to expect. */
|
||||
byte tag;
|
||||
/* Whether the ASN.1 item is constructed. */
|
||||
byte constructed:1;
|
||||
/* Whether to parse the header only or skip data. */
|
||||
byte headerOnly:1;
|
||||
/* Whether ASN.1 item is optional.
|
||||
* - 0 means not optional
|
||||
* - 1 means is optional
|
||||
* - 2+ means one of these at the same level with same value must appear.
|
||||
*/
|
||||
byte optional;
|
||||
} ASNItem;
|
||||
|
||||
/* Dynamic data for setting (encoding) an ASN.1 item. */
|
||||
typedef struct ASNSetData {
|
||||
/* Reverse offset into buffer of ASN.1 item - calculated in SizeASN_Items().
|
||||
* SetASN_Items() subtracts from total length to get usable value.
|
||||
*/
|
||||
word32 offset;
|
||||
/* Length of data in ASN.1 item - calculated in SizeASN_Items(). */
|
||||
word32 length;
|
||||
/* Different data type representation. */
|
||||
union {
|
||||
/* 8-bit integer value. */
|
||||
byte u8;
|
||||
/* 16-bit integer value. */
|
||||
word16 u16;
|
||||
/* 32-bit integer value. */
|
||||
word32 u32;
|
||||
/* Big number as an mp_int. */
|
||||
mp_int* mp;
|
||||
/* Buffer as data pointer and length. */
|
||||
struct {
|
||||
/* Data to write out. */
|
||||
const byte* data;
|
||||
/* Length of data to write out. */
|
||||
word32 length;
|
||||
} buffer;
|
||||
} data;
|
||||
/* Type of data stored in data field - enum ASNItem_DataType. */
|
||||
byte dataType;
|
||||
/* Don't write this ASN.1 item out.
|
||||
* Optional items are dependent on the data being encoded.
|
||||
*/
|
||||
byte noOut;
|
||||
} ASNSetData;
|
||||
|
||||
/* Dynamic data for getting (decoding) an ASN.1 item. */
|
||||
typedef struct ASNGetData {
|
||||
/* Offset into buffer where encoding starts. */
|
||||
word32 offset;
|
||||
/* Total length of data in ASN.1 item.
|
||||
* BIT_STRING and INTEGER lengths include leading byte. */
|
||||
word32 length;
|
||||
union {
|
||||
/* Pointer to 8-bit integer. */
|
||||
byte* u8;
|
||||
/* Pointer to 16-bit integer. */
|
||||
word16* u16;
|
||||
/* Pointer to 32-bit integer. */
|
||||
word32* u32;
|
||||
/* Pointer to mp_int for big number. */
|
||||
mp_int* mp;
|
||||
/* List of possible tags. Useful for CHOICE ASN.1 items. */
|
||||
const byte* choice;
|
||||
/* Buffer to copy into. */
|
||||
struct {
|
||||
/* Buffer to hold ASN.1 data. */
|
||||
byte* data;
|
||||
/* Maxumum length of buffer. */
|
||||
word32* length;
|
||||
} buffer;
|
||||
/* Refernce to ASN.1 item's data. */
|
||||
struct {
|
||||
/* Pointer reference into input buffer. */
|
||||
const byte* data;
|
||||
/* Length of data. */
|
||||
word32 length;
|
||||
} ref;
|
||||
/* Data of an OBJECT_ID. */
|
||||
struct {
|
||||
/* OID data reference into input buffer. */
|
||||
const byte* data;
|
||||
/* Length of OID data. */
|
||||
word32 length;
|
||||
/* Type of OID expected. */
|
||||
word32 type;
|
||||
/* OID sum - 32-bit id. */
|
||||
word32 sum;
|
||||
} oid;
|
||||
} data;
|
||||
/* Type of data stored in data field - enum ASNItem_DataType. */
|
||||
byte dataType;
|
||||
/* Tag found in BER/DER item. */
|
||||
byte tag;
|
||||
} ASNGetData;
|
||||
|
||||
WOLFSSL_LOCAL int SizeASN_Items(const ASNItem* asn, ASNSetData *data,
|
||||
int count, int* encSz);
|
||||
WOLFSSL_LOCAL int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count,
|
||||
byte* output);
|
||||
WOLFSSL_LOCAL int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count,
|
||||
int complete, const byte* input, word32* inOutIdx, word32 maxIdx);
|
||||
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
|
||||
WOLFSSL_LOCAL void GetASN_Int8Bit(ASNGetData *dataASN, byte* num);
|
||||
WOLFSSL_LOCAL void GetASN_Int16Bit(ASNGetData *dataASN, word16* num);
|
||||
WOLFSSL_LOCAL void GetASN_Int32Bit(ASNGetData *dataASN, word32* num);
|
||||
WOLFSSL_LOCAL void GetASN_Buffer(ASNGetData *dataASN, byte* data,
|
||||
word32* length);
|
||||
WOLFSSL_LOCAL void GetASN_ExpBuffer(ASNGetData *dataASN, const byte* data,
|
||||
word32 length);
|
||||
WOLFSSL_LOCAL void GetASN_MP(ASNGetData *dataASN, mp_int* num);
|
||||
WOLFSSL_LOCAL void GetASN_MP_PosNeg(ASNGetData *dataASN, mp_int* num);
|
||||
WOLFSSL_LOCAL void GetASN_Choice(ASNGetData *dataASN, const byte* options);
|
||||
WOLFSSL_LOCAL void GetASN_Boolean(ASNGetData *dataASN, byte* num);
|
||||
WOLFSSL_LOCAL void GetASN_OID(ASNGetData *dataASN, int oidType);
|
||||
WOLFSSL_LOCAL void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data,
|
||||
word32* length);
|
||||
WOLFSSL_LOCAL void GetASN_GetRef(ASNGetData * dataASN, byte** data,
|
||||
word32* length);
|
||||
WOLFSSL_LOCAL void GetASN_OIDData(ASNGetData * dataASN, byte** data,
|
||||
word32* length);
|
||||
WOLFSSL_LOCAL void SetASN_Boolean(ASNSetData *dataASN, byte val);
|
||||
WOLFSSL_LOCAL void SetASN_Int8Bit(ASNSetData *dataASN, byte num);
|
||||
WOLFSSL_LOCAL void SetASN_Int16Bit(ASNSetData *dataASN, word16 num);
|
||||
WOLFSSL_LOCAL void SetASN_Buffer(ASNSetData *dataASN, const byte* data,
|
||||
word32 length);
|
||||
WOLFSSL_LOCAL void SetASN_ReplaceBuffer(ASNSetData *dataASN, const byte* data,
|
||||
word32 length);
|
||||
WOLFSSL_LOCAL void SetASN_MP(ASNSetData *dataASN, mp_int* num);
|
||||
WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);
|
||||
#else
|
||||
/* Setup ASN data item to get an 8-bit number.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] num Pointer to an 8-bit variable.
|
||||
*/
|
||||
#define GetASN_Int8Bit(dataASN, num) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_WORD8; \
|
||||
(dataASN)->data.u8 = num; \
|
||||
} while (0)
|
||||
|
||||
/* Setup ASN data item to get a 16-bit number.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] num Pointer to a 16-bit variable.
|
||||
*/
|
||||
#define GetASN_Int16Bit(dataASN, num) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_WORD16; \
|
||||
(dataASN)->data.u16 = num; \
|
||||
} while (0)
|
||||
|
||||
/* Setup ASN data item to get a 32-bit number.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] num Pointer to a 32-bit variable.
|
||||
*/
|
||||
#define GetASN_Int32Bit(dataASN, num) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_WORD32; \
|
||||
(dataASN)->data.u32 = num; \
|
||||
} while (0)
|
||||
|
||||
/* Setup ASN data item to get data into a buffer of a specific length.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] d Buffer to hold data.
|
||||
* @param [in] l Length of buffer in bytes.
|
||||
*/
|
||||
#define GetASN_Buffer(dataASN, d, l) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_BUFFER; \
|
||||
(dataASN)->data.buffer.data = d; \
|
||||
(dataASN)->data.buffer.length = l; \
|
||||
} while (0)
|
||||
|
||||
/* Setup ASN data item to check parsed data against expected buffer.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] d Buffer containing expected data.
|
||||
* @param [in] l Length of buffer in bytes.
|
||||
*/
|
||||
#define GetASN_ExpBuffer(dataASN, d, l) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_EXP_BUFFER; \
|
||||
(dataASN)->data.ref.data = d; \
|
||||
(dataASN)->data.ref.length = l; \
|
||||
} while (0)
|
||||
|
||||
/* Setup ASN data item to get a number into an mp_int.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] num Multi-precision number object.
|
||||
*/
|
||||
#define GetASN_MP(dataASN, num) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_MP; \
|
||||
(dataASN)->data.mp = num; \
|
||||
} while (0)
|
||||
|
||||
/* Setup ASN data item to get a positve or negative number into an mp_int.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] num Multi-precision number object.
|
||||
*/
|
||||
#define GetASN_MP_PosNeg(dataASN, num) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_MP_POS_NEG; \
|
||||
(dataASN)->data.mp = num; \
|
||||
} while (0)
|
||||
|
||||
/* Setup ASN data item to be a choice of tags.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] choice 0 terminated list of tags that are valid.
|
||||
*/
|
||||
#define GetASN_Choice(dataASN, options) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_CHOICE; \
|
||||
(dataASN)->data.choice = options; \
|
||||
} while (0)
|
||||
|
||||
/* Setup ASN data item to get a boolean value.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] num Pointer to an 8-bit variable.
|
||||
*/
|
||||
#define GetASN_Boolean(dataASN, num) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_NONE; \
|
||||
(dataASN)->data.u8 = num; \
|
||||
} while (0)
|
||||
|
||||
/* Setup ASN data item to be a an OID of a specific type.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] oidType Type of OID to expect.
|
||||
*/
|
||||
#define GetASN_OID(dataASN, oidType) \
|
||||
(dataASN)->data.oid.type = oidType
|
||||
|
||||
/* Get the data and length from an ASN data item.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [out] d Pointer to data of item.
|
||||
* @param [out] l Length of buffer in bytes.
|
||||
*/
|
||||
#define GetASN_GetConstRef(dataASN, d, l) \
|
||||
do { \
|
||||
*(d) = (dataASN)->data.ref.data; \
|
||||
*(l) = (dataASN)->data.ref.length; \
|
||||
} while (0)
|
||||
|
||||
/* Get the data and length from an ASN data item.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [out] d Pointer to data of item.
|
||||
* @param [out] l Length of buffer in bytes.
|
||||
*/
|
||||
#define GetASN_GetRef(dataASN, d, l) \
|
||||
do { \
|
||||
*(d) = (byte*)(dataASN)->data.ref.data; \
|
||||
*(l) = (dataASN)->data.ref.length; \
|
||||
} while (0)
|
||||
|
||||
/* Get the data and length from an ASN data item that is an OID.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [out] d Pointer to .
|
||||
* @param [out] l Length of buffer in bytes.
|
||||
*/
|
||||
#define GetASN_OIDData(dataASN, d, l) \
|
||||
do { \
|
||||
*(d) = (byte*)(dataASN)->data.oid.data; \
|
||||
*(l) = (dataASN)->data.oid.length; \
|
||||
} while (0)
|
||||
|
||||
/* Setup an ASN data item to set a boolean.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] val Boolean value.
|
||||
*/
|
||||
#define SetASN_Boolean(dataASN, val) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_NONE; \
|
||||
(dataASN)->data.u8 = val; \
|
||||
} while (0)
|
||||
|
||||
/* Setup an ASN data item to set an 8-bit number.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] num 8-bit number to set.
|
||||
*/
|
||||
#define SetASN_Int8Bit(dataASN, num) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_WORD8; \
|
||||
(dataASN)->data.u8 = num; \
|
||||
} while (0)
|
||||
|
||||
/* Setup an ASN data item to set a 16-bit number.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] num 16-bit number to set.
|
||||
*/
|
||||
#define SetASN_Int16Bit(dataASN, num) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_WORD16; \
|
||||
(dataASN)->data.u16 = num; \
|
||||
} while (0)
|
||||
|
||||
/* Setup an ASN data item to set the data in a buffer.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] d Buffer containing data to set.
|
||||
* @param [in] l Length of data in buffer in bytes.
|
||||
*/
|
||||
#define SetASN_Buffer(dataASN, d, l) \
|
||||
do { \
|
||||
(dataASN)->data.buffer.data = d; \
|
||||
(dataASN)->data.buffer.length = l; \
|
||||
} while (0)
|
||||
|
||||
/* Setup an ASN data item to set the DER encode data in a buffer.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] d Buffer containing BER encoded data to set.
|
||||
* @param [in] l Length of data in buffer in bytes.
|
||||
*/
|
||||
#define SetASN_ReplaceBuffer(dataASN, d, l) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_REPLACE_BUFFER; \
|
||||
(dataASN)->data.buffer.data = d; \
|
||||
(dataASN)->data.buffer.length = l; \
|
||||
} while (0)
|
||||
|
||||
/* Setup an ASN data item to set an muli-precision number.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] num Multi-precision number.
|
||||
*/
|
||||
#define SetASN_MP(dataASN, num) \
|
||||
do { \
|
||||
(dataASN)->dataType = ASN_DATA_TYPE_MP; \
|
||||
(dataASN)->data.mp = num; \
|
||||
} while (0)
|
||||
|
||||
/* Setup an ASN data item to set an OID based on id and type.
|
||||
*
|
||||
* oid and oidType pair are unique.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] oid OID identifier.
|
||||
* @param [in] oidType Type of OID.
|
||||
*/
|
||||
#define SetASN_OID(dataASN, oid, oidType) \
|
||||
(dataASN)->data.buffer.data = OidFromId(oid, oidType, \
|
||||
&(dataASN)->data.buffer.length)
|
||||
#endif /* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK */
|
||||
|
||||
|
||||
/* Get address at the start of the BER item.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] in Input buffer.
|
||||
* @return Address at start of BER item.
|
||||
*/
|
||||
#define GetASNItem_Addr(dataASN, in) \
|
||||
((in) + (dataASN).offset)
|
||||
|
||||
/* Get length of a BER item - including tag and length.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] in Input buffer.
|
||||
* @return Length of a BER item.
|
||||
*/
|
||||
#define GetASNItem_Length(dataASN, in) \
|
||||
((dataASN).length + (word32)((dataASN).data.buffer.data - (in)) - \
|
||||
(dataASN).offset)
|
||||
|
||||
/* Get the index of a BER item's data.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] in Input buffer.
|
||||
* @return Index of a BER item's data.
|
||||
*/
|
||||
#define GetASNItem_DataIdx(dataASN, in) \
|
||||
(word32)((dataASN).data.ref.data - (in))
|
||||
|
||||
/* Get the end index of a BER item - index of the start of the next item.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] in Input buffer.
|
||||
* @return End index of a BER item.
|
||||
*/
|
||||
#define GetASNItem_EndIdx(dataASN, in) \
|
||||
((word32)((dataASN).data.ref.data - (in)) + \
|
||||
(dataASN).data.ref.length)
|
||||
|
||||
/* For a BIT_STRING, get the unused bits byte.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @return Unused bits byte in BIT_STRING.
|
||||
*/
|
||||
#define GetASNItem_UnusedBits(dataASN) \
|
||||
(*(dataASN.data.ref.data - 1))
|
||||
|
||||
/* Set the data items at indeces start to end inclusive to not be encoded.
|
||||
*
|
||||
* @param [in] dataASN Dynamic ASN data item.
|
||||
* @param [in] start First item not to be encoded.
|
||||
* @param [in] end Last item not to be encoded.
|
||||
*/
|
||||
#define SetASNItem_NoOut(dataASN, start, end) \
|
||||
do { \
|
||||
int ii; \
|
||||
for (ii = start; ii <= end; ii++) { \
|
||||
dataASN[ii].noOut = 1; \
|
||||
} \
|
||||
} \
|
||||
while (0)
|
||||
|
||||
#endif /* WOLFSSL_ASN_TEMPLATE */
|
||||
|
||||
|
||||
enum DN_Tags {
|
||||
ASN_DN_NULL = 0x00,
|
||||
ASN_COMMON_NAME = 0x03, /* CN */
|
||||
|
@ -280,6 +746,8 @@ enum ECC_TYPES
|
|||
/* certificate info masks */
|
||||
ASN_PIV_CERT_INFO_COMPRESSED = 0x03,
|
||||
ASN_PIV_CERT_INFO_ISX509 = 0x04,
|
||||
/* GZIP is 0x01 */
|
||||
ASN_PIV_CERT_INFO_GZIP = 0x01,
|
||||
};
|
||||
#endif /* WOLFSSL_CERT_PIV */
|
||||
|
||||
|
@ -311,6 +779,7 @@ enum Misc_ASN {
|
|||
#endif
|
||||
RSA_INTS = 8, /* RSA ints in private key */
|
||||
DSA_PARAM_INTS = 3, /* DSA paramater ints */
|
||||
RSA_PUB_INTS = 2, /* RSA ints in public key */
|
||||
DSA_INTS = 5, /* DSA ints in private key */
|
||||
MIN_DATE_SIZE = 12,
|
||||
MAX_DATE_SIZE = 32,
|
||||
|
@ -550,6 +1019,7 @@ enum Extensions_Sum {
|
|||
AUTH_KEY_OID = 149, /* 2.5.29.35 */
|
||||
SUBJ_KEY_OID = 128, /* 2.5.29.14 */
|
||||
CERT_POLICY_OID = 146, /* 2.5.29.32 */
|
||||
CRL_NUMBER_OID = 134, /* 2.5.29.20 */
|
||||
KEY_USAGE_OID = 129, /* 2.5.29.15 */
|
||||
INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
|
||||
EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
|
||||
|
@ -766,6 +1236,65 @@ struct CertSignCtx {
|
|||
int state; /* enum CertSignState */
|
||||
};
|
||||
|
||||
#define DOMAIN_COMPONENT_MAX 10
|
||||
|
||||
struct DecodedName {
|
||||
char* fullName;
|
||||
int fullNameLen;
|
||||
int entryCount;
|
||||
int cnIdx;
|
||||
int cnLen;
|
||||
int cnNid;
|
||||
int snIdx;
|
||||
int snLen;
|
||||
int snNid;
|
||||
int cIdx;
|
||||
int cLen;
|
||||
int cNid;
|
||||
int lIdx;
|
||||
int lLen;
|
||||
int lNid;
|
||||
int stIdx;
|
||||
int stLen;
|
||||
int stNid;
|
||||
int oIdx;
|
||||
int oLen;
|
||||
int oNid;
|
||||
int ouIdx;
|
||||
int ouLen;
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
int bcIdx;
|
||||
int bcLen;
|
||||
int jcIdx;
|
||||
int jcLen;
|
||||
int jsIdx;
|
||||
int jsLen;
|
||||
#endif
|
||||
int ouNid;
|
||||
int emailIdx;
|
||||
int emailLen;
|
||||
int emailNid;
|
||||
int uidIdx;
|
||||
int uidLen;
|
||||
int uidNid;
|
||||
int serialIdx;
|
||||
int serialLen;
|
||||
int serialNid;
|
||||
int dcIdx[DOMAIN_COMPONENT_MAX];
|
||||
int dcLen[DOMAIN_COMPONENT_MAX];
|
||||
int dcNum;
|
||||
int dcMode;
|
||||
};
|
||||
|
||||
/* ASN Encoded Name field */
|
||||
typedef struct EncodedName {
|
||||
int nameLen; /* actual string value length */
|
||||
int totalLen; /* total encoded length */
|
||||
int type; /* type of name */
|
||||
int used; /* are we actually using this one */
|
||||
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
|
||||
} EncodedName;
|
||||
|
||||
#ifndef WOLFSSL_MAX_PATH_LEN
|
||||
/* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines
|
||||
* (k) max_path_length: this integer is initialized to "n", is
|
||||
|
@ -781,6 +1310,7 @@ struct CertSignCtx {
|
|||
#define WOLFSSL_MAX_PATH_LEN 127
|
||||
#endif
|
||||
|
||||
typedef struct DecodedName DecodedName;
|
||||
typedef struct DecodedCert DecodedCert;
|
||||
typedef struct Signer Signer;
|
||||
#ifdef WOLFSSL_TRUST_PEER_CERT
|
||||
|
@ -999,15 +1529,6 @@ struct DecodedCert {
|
|||
#endif
|
||||
};
|
||||
|
||||
/* ASN Encoded Name field */
|
||||
typedef struct EncodedName {
|
||||
int nameLen; /* actual string value length */
|
||||
int totalLen; /* total encoded length */
|
||||
int type; /* type of name */
|
||||
int used; /* are we actually using this one */
|
||||
byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
|
||||
} EncodedName;
|
||||
|
||||
#ifdef NO_SHA
|
||||
#define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
|
||||
#else
|
||||
|
@ -1145,6 +1666,9 @@ WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz
|
|||
int sigAlgoType);
|
||||
WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
|
||||
WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
WOLFSSL_LOCAL int DecodeCert(DecodedCert*, int verify, int* criticalExt);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
|
||||
|
||||
WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
|
||||
|
@ -1193,12 +1717,9 @@ WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
|
|||
WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
|
||||
WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
|
||||
|
||||
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
|
||||
char nameType, byte type);
|
||||
WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
|
||||
char nameType, byte type);
|
||||
/* ASN.1 helper functions */
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
WOLFSSL_LOCAL int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap);
|
||||
WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
|
||||
WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
|
||||
WOLFSSL_LOCAL byte GetCertNameId(int idx);
|
||||
|
@ -1229,6 +1750,7 @@ WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
|
|||
int* version, word32 maxIdx);
|
||||
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
|
||||
word32 maxIdx);
|
||||
|
||||
#ifdef HAVE_OID_ENCODING
|
||||
WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz,
|
||||
byte* out, word32* outSz);
|
||||
|
@ -1246,6 +1768,15 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
|
|||
word32 oidType, word32 maxIdx);
|
||||
WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
|
||||
word32 inputSz);
|
||||
|
||||
WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetASNSequence(word32 len, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetASNOctetString(word32 len, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetASNImplicit(byte tag,byte number, word32 len,
|
||||
byte* output);
|
||||
WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output);
|
||||
|
||||
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
|
||||
|
@ -1258,8 +1789,10 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
|
|||
WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
|
||||
WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
|
||||
word32 outputSz, int maxSnSz);
|
||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||
WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
|
||||
byte* serial, int* serialSz, word32 maxIdx);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
|
||||
int maxIdx);
|
||||
WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der);
|
||||
|
@ -1268,6 +1801,11 @@ WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
|
|||
WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
|
||||
WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
|
||||
|
||||
WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
|
||||
char nameType, byte type);
|
||||
WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
|
||||
char nameType, byte type);
|
||||
|
||||
#if defined(HAVE_ECC) || !defined(NO_DSA)
|
||||
/* ASN sig helpers */
|
||||
WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
|
||||
|
@ -1424,7 +1962,7 @@ struct OcspEntry
|
|||
word32 ownStatus:1; /* do we need to free the status
|
||||
* response list */
|
||||
word32 isDynamic:1; /* was dynamically allocated */
|
||||
|
||||
word32 used:1; /* entry used */
|
||||
};
|
||||
|
||||
/* TODO: Long-term, it would be helpful if we made this struct and other OCSP
|
||||
|
@ -1571,7 +2109,13 @@ enum PBESTypes {
|
|||
|
||||
PBE_SHA1_RC4_128_SUM = 657,
|
||||
PBE_SHA1_DES3_SUM = 659,
|
||||
PBES2 = 13 /* algo ID */
|
||||
PBE_MD5_DES_SUM = 651,
|
||||
PBE_SHA1_DES_SUM = 658,
|
||||
PBES2_SUM = 661,
|
||||
|
||||
PBES2 = 13, /* algo ID */
|
||||
PBES1_MD5_DES = 3,
|
||||
PBES1_SHA1_DES = 10,
|
||||
};
|
||||
|
||||
enum PKCSTypes {
|
||||
|
@ -1579,6 +2123,9 @@ enum PKCSTypes {
|
|||
PKCS12v1 = 12, /* PKCS #12 */
|
||||
PKCS5 = 5, /* PKCS oid tag */
|
||||
PKCS8v0 = 0, /* default PKCS#8 version */
|
||||
PKCS8v1 = 1, /* PKCS#8 version including public key */
|
||||
PKCS1v0 = 0, /* default PKCS#1 version */
|
||||
PKCS1v1 = 1, /* Multi-prime version */
|
||||
};
|
||||
|
||||
#endif /* !NO_ASN || !NO_PWDBASED */
|
||||
|
|
|
@ -375,6 +375,7 @@ typedef struct Cert {
|
|||
keyType = RSA_KEY (default)
|
||||
*/
|
||||
WOLFSSL_API int wc_InitCert(Cert*);
|
||||
WOLFSSL_API int wc_InitCert_ex(Cert*, void*, int);
|
||||
WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
int keyType, void* key, WC_RNG* rng);
|
||||
WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
|
||||
|
|
|
@ -579,8 +579,9 @@ decouple library dependencies with standard string, memory and so on.
|
|||
debugging is turned on */
|
||||
#ifndef USE_WINDOWS_API
|
||||
#ifndef XSNPRINTF
|
||||
#if defined(NO_FILESYSTEM) && (defined(OPENSSL_EXTRA) || \
|
||||
defined(HAVE_PKCS7)) && !defined(NO_STDIO_FILESYSTEM)
|
||||
#if defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
|
||||
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
|
||||
defined(WOLFSSL_CERT_EXT) || defined(HAVE_PKCS7))
|
||||
/* case where stdio is not included else where but is needed
|
||||
for snprintf */
|
||||
#include <stdio.h>
|
||||
|
@ -709,6 +710,10 @@ decouple library dependencies with standard string, memory and so on.
|
|||
#define XTOLOWER(c) tolower((c))
|
||||
#endif
|
||||
|
||||
#ifndef OFFSETOF
|
||||
#define OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
|
||||
#endif
|
||||
|
||||
|
||||
/* memory allocation types for user hints */
|
||||
enum {
|
||||
|
|
Loading…
Reference in New Issue