From 1e26238f49e5fd5128d7066901f27f4229ae94e0 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 6 Jul 2020 21:08:58 +0200 Subject: [PATCH] Implement/stub the following functions: - X509_REQ_sign_ctx - X509_REQ_get_subject_name - X509_REQ_set_version - X509_NAME_print_ex_fp - X509_STORE_CTX_get0_parent_ctx - wolfSSL_PKCS7_encode_certs Add cms.h file to avoid including the OpenSSL version. --- src/ssl.c | 73 ++++++++++++++++++++++++++++++++++++++ tests/api.c | 10 ++++++ wolfssl/openssl/cms.h | 26 ++++++++++++++ wolfssl/openssl/include.am | 1 + wolfssl/openssl/pkcs7.h | 2 ++ wolfssl/openssl/ssl.h | 6 +++- wolfssl/ssl.h | 6 ++++ 7 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 wolfssl/openssl/cms.h diff --git a/src/ssl.c b/src/ssl.c index 2b6eafea4..0b5618263 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -23340,6 +23340,15 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(WOLFSSL_X509_STORE_CTX* ctx) return wolfSSL_sk_dup(ref); } +#ifndef NO_WOLFSSL_STUB +WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx( + WOLFSSL_X509_STORE_CTX *ctx) +{ + (void)ctx; + WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_get0_parent_ctx"); + return NULL; +} +#endif int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) { @@ -42847,6 +42856,26 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, } #endif /* !NO_BIO */ +int wolfSSL_X509_NAME_print_ex_fp(XFILE file, WOLFSSL_X509_NAME* name, + int indent, unsigned long flags) +{ + WOLFSSL_BIO* bio; + int ret; + + WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex_fp"); + + if (!(bio = wolfSSL_BIO_new_fp(file, BIO_NOCLOSE))) { + WOLFSSL_MSG("wolfSSL_BIO_new_fp error"); + return WOLFSSL_FAILURE; + } + + ret = wolfSSL_X509_NAME_print_ex(bio, name, indent, flags); + + wolfSSL_BIO_free(bio); + + return ret; +} + #ifndef NO_WOLFSSL_STUB WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x) { @@ -48479,6 +48508,45 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs, return WOLFSSL_SUCCESS; } +int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs, + WOLFSSL_BIO* out) +{ + byte output[4096]; + int len; + PKCS7* p7; + + WOLFSSL_ENTER("wolfSSL_PKCS7_encode_certs"); + + if (!pkcs7 || !certs || !out) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + p7 = &((WOLFSSL_PKCS7*)pkcs7)->pkcs7; + + /* Add the certs to the PKCS7 struct */ + while (certs) { + if (wc_PKCS7_AddCertificate(p7, certs->data.x509->derCert->buffer, + certs->data.x509->derCert->length) != 0) { + WOLFSSL_MSG("wc_PKCS7_AddCertificate error"); + return WOLFSSL_FAILURE; + } + certs = certs->next; + } + + if ((len = wc_PKCS7_EncodeSignedData(p7, output, sizeof(output))) < 0) { + WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(out, output, len) <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_write error"); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} + #endif /* !NO_BIO */ WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, @@ -49244,6 +49312,11 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, return WOLFSSL_SUCCESS; } +int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req, + WOLFSSL_EVP_MD_CTX* md_ctx) +{ + return wolfSSL_X509_REQ_sign(req, md_ctx->pctx->pkey, wolfSSL_EVP_MD_CTX_md(md_ctx)); +} #ifndef NO_WOLFSSL_STUB int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req, diff --git a/tests/api.c b/tests/api.c index e6b5315ea..675251fb7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -4903,6 +4903,8 @@ static void test_wolfSSL_X509_NAME_get_entry(void) AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(bio, name, 4, (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); + AssertIntEQ(X509_NAME_print_ex_fp(stdout, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); BIO_free(bio); #endif #endif @@ -36406,6 +36408,8 @@ static void test_X509_REQ(void) unsigned char* der = NULL; #endif #ifndef NO_RSA + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pkctx = NULL; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024; const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024; @@ -36447,6 +36451,12 @@ static void test_X509_REQ(void) AssertIntEQ(i2d_X509_REQ(req, &der), 643); XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); der = NULL; + + mctx = EVP_MD_CTX_new(); + AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS); + AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS); + + EVP_MD_CTX_free(mctx); X509_REQ_free(NULL); X509_REQ_free(req); EVP_PKEY_free(pub); diff --git a/wolfssl/openssl/cms.h b/wolfssl/openssl/cms.h new file mode 100644 index 000000000..d698c7bca --- /dev/null +++ b/wolfssl/openssl/cms.h @@ -0,0 +1,26 @@ +/* cms.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_OPENSSL_CMS_H_ +#define WOLFSSL_OPENSSL_CMS_H_ + + +#endif /* WOLFSSL_OPENSSL_CMS_H_ */ diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index c4ab3948f..f3b432df6 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -8,6 +8,7 @@ nobase_include_HEADERS+= \ wolfssl/openssl/bio.h \ wolfssl/openssl/bn.h \ wolfssl/openssl/buffer.h \ + wolfssl/openssl/cms.h \ wolfssl/openssl/conf.h \ wolfssl/openssl/crypto.h \ wolfssl/openssl/des.h \ diff --git a/wolfssl/openssl/pkcs7.h b/wolfssl/openssl/pkcs7.h index 94ddf2494..368cfb3d5 100644 --- a/wolfssl/openssl/pkcs7.h +++ b/wolfssl/openssl/pkcs7.h @@ -55,6 +55,8 @@ WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7); WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs, WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags); +WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs, + WOLFSSL_BIO* out); WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7, WOLFSSL_STACK* certs, int flags); WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 5384003a5..344552b19 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -378,6 +378,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_REQ_new wolfSSL_X509_REQ_new #define X509_REQ_free wolfSSL_X509_REQ_free #define X509_REQ_sign wolfSSL_X509_REQ_sign +#define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx #define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions #define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID #define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name @@ -397,7 +398,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_get_issuer_name wolfSSL_X509_get_issuer_name #define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash #define X509_get_subject_name wolfSSL_X509_get_subject_name -#define X509_subject_name_hash wolfSSL_X509_subject_name_hash +#define X509_REQ_get_subject_name wolfSSL_X509_get_subject_name #define X509_get_pubkey wolfSSL_X509_get_pubkey #define X509_get0_pubkey wolfSSL_X509_get_pubkey #define X509_get_notBefore wolfSSL_X509_get_notBefore @@ -421,6 +422,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_set_notBefore wolfSSL_X509_set_notBefore #define X509_set_serialNumber wolfSSL_X509_set_serialNumber #define X509_set_version wolfSSL_X509_set_version +#define X509_REQ_set_version wolfSSL_X509_set_version #define X509_sign wolfSSL_X509_sign #define X509_print wolfSSL_X509_print #define X509_print_ex wolfSSL_X509_print_ex @@ -485,6 +487,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_NAME_oneline wolfSSL_X509_NAME_oneline #define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID #define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex +#define X509_NAME_print_ex_fp wolfSSL_X509_NAME_print_ex_fp #define X509_NAME_digest wolfSSL_X509_NAME_digest #define X509_cmp_current_time wolfSSL_X509_cmp_current_time #define X509_cmp_time wolfSSL_X509_cmp_time @@ -525,6 +528,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free #define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain #define X509_STORE_CTX_get1_chain wolfSSL_X509_STORE_CTX_get1_chain +#define X509_STORE_CTX_get0_parent_ctx wolfSSL_X509_STORE_CTX_get0_parent_ctx #define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error #define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth #define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 660c7b3f5..2bda06002 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1430,6 +1430,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain( WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain( WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx( + WOLFSSL_X509_STORE_CTX *ctx); WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag); WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*); @@ -3546,6 +3548,8 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void); WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req); WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md); +WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req, + WOLFSSL_EVP_MD_CTX* md_ctx); WOLFSSL_API int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req, WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext); WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req, @@ -3636,6 +3640,8 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, unsigned long); +WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int, + unsigned long); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)