WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Implement/stub the following functions: 

- X509_REQ_sign_ctx
- X509_REQ_get_subject_name
- X509_REQ_set_version
- X509_NAME_print_ex_fp
- X509_STORE_CTX_get0_parent_ctx
- wolfSSL_PKCS7_encode_certs

Add cms.h file to avoid including the OpenSSL version.
pull/3439/head
Juliusz Sosinowicz 2020-07-06 21:08:58 +02:00
parent 777bdb28bc
commit 1e26238f49
7 changed files with 123 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
src/ssl.c
View File

@ -23340,6 +23340,15 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(WOLFSSL_X509_STORE_CTX* ctx)
return wolfSSL_sk_dup(ref);
}
#ifndef NO_WOLFSSL_STUB
WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx(
WOLFSSL_X509_STORE_CTX *ctx)
{
(void)ctx;
WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_get0_parent_ctx");
return NULL;
}
#endif
int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
{
@ -42847,6 +42856,26 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
}
#endif /* !NO_BIO */
int wolfSSL_X509_NAME_print_ex_fp(XFILE file, WOLFSSL_X509_NAME* name,
int indent, unsigned long flags)
{
WOLFSSL_BIO* bio;
int ret;
WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex_fp");
if (!(bio = wolfSSL_BIO_new_fp(file, BIO_NOCLOSE))) {
WOLFSSL_MSG("wolfSSL_BIO_new_fp error");
return WOLFSSL_FAILURE;
}
ret = wolfSSL_X509_NAME_print_ex(bio, name, indent, flags);
wolfSSL_BIO_free(bio);
return ret;
}
#ifndef NO_WOLFSSL_STUB
WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x)
{
@ -48479,6 +48508,45 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
return WOLFSSL_SUCCESS;
}
int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs,
WOLFSSL_BIO* out)
{
byte output[4096];
int len;
PKCS7* p7;
WOLFSSL_ENTER("wolfSSL_PKCS7_encode_certs");
if (!pkcs7 || !certs || !out) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
p7 = &((WOLFSSL_PKCS7*)pkcs7)->pkcs7;
/* Add the certs to the PKCS7 struct */
while (certs) {
if (wc_PKCS7_AddCertificate(p7, certs->data.x509->derCert->buffer,
certs->data.x509->derCert->length) != 0) {
WOLFSSL_MSG("wc_PKCS7_AddCertificate error");
return WOLFSSL_FAILURE;
}
certs = certs->next;
}
if ((len = wc_PKCS7_EncodeSignedData(p7, output, sizeof(output))) < 0) {
WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
return WOLFSSL_FAILURE;
}
if (wolfSSL_BIO_write(out, output, len) <= 0) {
WOLFSSL_MSG("wolfSSL_BIO_write error");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
#endif /* !NO_BIO */
WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
@ -49244,6 +49312,11 @@ int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
return WOLFSSL_SUCCESS;
}
int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
WOLFSSL_EVP_MD_CTX* md_ctx)
{
return wolfSSL_X509_REQ_sign(req, md_ctx->pctx->pkey, wolfSSL_EVP_MD_CTX_md(md_ctx));
}
#ifndef NO_WOLFSSL_STUB
int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,

10
tests/api.c
View File

@ -4903,6 +4903,8 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(X509_NAME_print_ex(bio, name, 4,
(XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
AssertIntEQ(X509_NAME_print_ex_fp(stdout, name, 4,
(XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
BIO_free(bio);
#endif
#endif
@ -36406,6 +36408,8 @@ static void test_X509_REQ(void)
unsigned char* der = NULL;
#endif
#ifndef NO_RSA
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pkctx = NULL;
#ifdef USE_CERT_BUFFERS_1024
const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024;
const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024;
@ -36447,6 +36451,12 @@ static void test_X509_REQ(void)
AssertIntEQ(i2d_X509_REQ(req, &der), 643);
XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
der = NULL;
mctx = EVP_MD_CTX_new();
AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
EVP_MD_CTX_free(mctx);
X509_REQ_free(NULL);
X509_REQ_free(req);
EVP_PKEY_free(pub);

26
wolfssl/openssl/cms.h 100644
View File

@ -0,0 +1,26 @@
/* cms.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_OPENSSL_CMS_H_
#define WOLFSSL_OPENSSL_CMS_H_
#endif /* WOLFSSL_OPENSSL_CMS_H_ */

1
wolfssl/openssl/include.am
View File

@ -8,6 +8,7 @@ nobase_include_HEADERS+= \
wolfssl/openssl/bio.h \
wolfssl/openssl/bn.h \
wolfssl/openssl/buffer.h \
wolfssl/openssl/cms.h \
wolfssl/openssl/conf.h \
wolfssl/openssl/crypto.h \
wolfssl/openssl/des.h \

2
wolfssl/openssl/pkcs7.h
View File

@ -55,6 +55,8 @@ WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in,
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs,
WOLFSSL_BIO* out);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7,
WOLFSSL_STACK* certs, int flags);
WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);

6
wolfssl/openssl/ssl.h
View File

@ -378,6 +378,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_REQ_new wolfSSL_X509_REQ_new
#define X509_REQ_free wolfSSL_X509_REQ_free
#define X509_REQ_sign wolfSSL_X509_REQ_sign
#define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx
#define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions
#define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID
#define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name
@ -397,7 +398,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
#define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash
#define X509_get_subject_name wolfSSL_X509_get_subject_name
#define X509_subject_name_hash wolfSSL_X509_subject_name_hash
#define X509_REQ_get_subject_name wolfSSL_X509_get_subject_name
#define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
#define X509_get_notBefore wolfSSL_X509_get_notBefore
@ -421,6 +422,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_set_notBefore wolfSSL_X509_set_notBefore
#define X509_set_serialNumber wolfSSL_X509_set_serialNumber
#define X509_set_version wolfSSL_X509_set_version
#define X509_REQ_set_version wolfSSL_X509_set_version
#define X509_sign wolfSSL_X509_sign
#define X509_print wolfSSL_X509_print
#define X509_print_ex wolfSSL_X509_print_ex
@ -485,6 +487,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_NAME_oneline wolfSSL_X509_NAME_oneline
#define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID
#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex
#define X509_NAME_print_ex_fp wolfSSL_X509_NAME_print_ex_fp
#define X509_NAME_digest wolfSSL_X509_NAME_digest
#define X509_cmp_current_time wolfSSL_X509_cmp_current_time
#define X509_cmp_time wolfSSL_X509_cmp_time
@ -525,6 +528,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free
#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain
#define X509_STORE_CTX_get1_chain wolfSSL_X509_STORE_CTX_get1_chain
#define X509_STORE_CTX_get0_parent_ctx wolfSSL_X509_STORE_CTX_get0_parent_ctx
#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error
#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth
#define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init

6
wolfssl/ssl.h
View File

@ -1430,6 +1430,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(
WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx(
WOLFSSL_X509_STORE_CTX *ctx);
WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
unsigned long flag);
WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
@ -3546,6 +3548,8 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
const WOLFSSL_EVP_MD *md);
WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req,
WOLFSSL_EVP_MD_CTX* md_ctx);
WOLFSSL_API int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext);
WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
@ -3636,6 +3640,8 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE
WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
unsigned long);
WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int,
unsigned long);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)