WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #428 from embhorn/certgen_cleanup 

Fix up readme and build issues in certgen examples
pull/432/head
lealem47 2024-03-18 08:27:05 -06:00 committed by GitHub
parent 17f1b3d164 20d13d8526
commit a70760ed82
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 29 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
certgen/README.md
View File

@ -1,11 +1,13 @@
# Certificate Generation and Signing examples # Certificate Generation and Signing examples
To test the certgen or csr_example example(s) configure wolfssl with To test the certgen or csr_example example(s) configure wolfssl with
`./configure --enable-certgen --enable-certreq` or add the defines: `./configure --enable-certgen --enable-certreq --enable-keygen`
or add the defines:
``` ```
#define WOLFSSL_CERT_REQ #define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN #define WOLFSSL_CERT_GEN
#define WOLFSSL_KEY_GEN
``` ```
To test the csr_w_ed25519_example configure wolfssl with: To test the csr_w_ed25519_example configure wolfssl with:
@ -156,6 +158,18 @@ Saved CSR PEM to "ed25519-csr.pem"
This example shows how to use a CSR to sign it using a CA cert and key to produce an X.509 certificate. This example shows how to use a CSR to sign it using a CA cert and key to produce an X.509 certificate.
To test the csr_sign example configure wolfssl with
`./configure -enable-certreq --enable-certgen --enable-ecc --enable-certext CFLAGS=-DOPENSSL_EXTRA_X509_SMALL`
or add the defines:
```
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_KEY_GEN
#define WOLFSSL_CERT_EXT
#define OPENSSL_EXTRA_X509_SMALL
```
``` ```
% ./csr_sign ecc-csr.pem ca-ecc-cert.der ca-ecc-key.der % ./csr_sign ecc-csr.pem ca-ecc-cert.der ca-ecc-key.der
Loading CA certificate Loading CA certificate
@ -348,7 +362,7 @@ Tested with these wolfSSL build options:
```sh ```sh
./autogen.sh # If cloned from GitHub ./autogen.sh # If cloned from GitHub
./configure --enable-asn=template --enable-certreq --enable-keygen --enable-certgen --enable-certext CFLAGS="-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DHAVE_OID_ENCODING -DWOLFSSL_CUSTOM_OID -DWOLFSSL_CERT_EXT" ./configure --enable-certreq --enable-certext --enable-keygen --enable-certgen --enable-certext CFLAGS="-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DHAVE_OID_ENCODING -DWOLFSSL_CUSTOM_OID"
make make
make check make check
sudo make install sudo make install

5
certgen/certgen_ca_example.c
View File

@ -28,6 +28,9 @@
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/wc_port.h> #include <wolfssl/wolfcrypt/wc_port.h>
#if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC)
#ifdef WOLFSSL_CAAM #ifdef WOLFSSL_CAAM
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h> #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
static int devId = WOLFSSL_CAAM_DEVID; static int devId = WOLFSSL_CAAM_DEVID;
@ -35,8 +38,6 @@
static int devId = INVALID_DEVID; static int devId = INVALID_DEVID;
#endif #endif
#if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC)
#define HEAP_HINT NULL #define HEAP_HINT NULL
#define LARGE_TEMP_SZ 4096 #define LARGE_TEMP_SZ 4096

6
certgen/csr_sign.c
View File

@ -34,7 +34,7 @@
#endif #endif
#if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \ #if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \
defined(HAVE_ECC) defined(HAVE_ECC) && defined(WOLFSSL_CERT_EXT)
#define HEAP_HINT NULL #define HEAP_HINT NULL
#define LARGE_TEMP_SZ 4096 #define LARGE_TEMP_SZ 4096
@ -358,9 +358,9 @@ exit:
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
#if !defined(WOLFSSL_CERT_REQ) || !defined(WOLFSSL_CERT_GEN) || \ #if !defined(WOLFSSL_CERT_REQ) || !defined(WOLFSSL_CERT_GEN) || \
!defined(HAVE_ECC) !defined(HAVE_ECC) || !defined(WOLFSSL_CERT_EXT)
printf("Please compile wolfSSL with --enable-certreq --enable-certgen " printf("Please compile wolfSSL with --enable-certreq --enable-certgen "
"--enable-ecc CFLAGS=-DOPENSSL_EXTRA_X509_SMALL\n"); "--enable-ecc --enable-certext CFLAGS=-DOPENSSL_EXTRA_X509_SMALL\n");
return 0; return 0;
#else #else
if (argc != 4) { if (argc != 4) {

6
certgen/custom_ext.c
View File

@ -250,9 +250,9 @@ int main(int argc, char** argv)
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
printf("Please compile wolfSSL with --enable-asn=template --enable-certgen " printf("Please configure wolfSSL with --enable-certgen --enable-certext "
"--enable-keygen CFLAGS=\"-DWOLFSSL_CUSTOM_OID -DHAVE_OID_ENCODING " "--enable-keygen CFLAGS=\"-DWOLFSSL_CUSTOM_OID "
"-DWOLFSSL_CERT_EXT\""); "-DHAVE_OID_ENCODING\"\n");
return 0; return 0;
} }

5
certgen/custom_ext_callback.c
View File

@ -143,7 +143,10 @@ static void check_ret(char* call, int ret)
int main(void) int main(void)
{ {
printf("Not compiled in: Build wolfSSL using ./configure --enable-asn=template --enable-certreq --enable-certgen CFLAGS=\"-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DWOLFSSL_CUSTOM_OID -DWOLFSSL_CERT_EXT\"\n"); printf("Not compiled in: Configure wolfSSL using ./configure"
"--enable-certreq --enable-certgen --enable-certext "
"CFLAGS=\"-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING "
"-DWOLFSSL_CUSTOM_OID \"\n");
return 0; return 0;
} }