mirror of https://github.com/wolfSSL/wolfssl.git
ASN macro simplification. Added new `--enable-asn=all` and `WOLFSSL_ASN_ALL` option. Added granular macros for ASN features like: `WOLFSSL_ASN_CA_ISSUER`, `WOLFSSL_ASN_PARSE_KEYUSAGE`, `WOLFSSL_ASN_TIME_STRING`, `WOLFSSL_OCSP_PARSE_STATUS`.
David Garske
parent
7da6149250
commit
20f7d6f9f4
65
configure.ac
65
configure.ac
|
|
@ -1992,7 +1992,7 @@ AC_ARG_ENABLE([ffmpeg],
|
|||
)
|
||||
|
||||
|
||||
#IP alternative name Support
|
||||
# IP alternative name Support
|
||||
AC_ARG_ENABLE([ip-alt-name],
|
||||
[AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
|
||||
[ ENABLE_IP_ALT_NAME=$enableval ],
|
||||
|
|
@ -2004,7 +2004,7 @@ then
|
|||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME"
|
||||
fi
|
||||
|
||||
#Qt Support
|
||||
# QT Support
|
||||
AC_ARG_ENABLE([qt],
|
||||
[AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])],
|
||||
[ ENABLED_QT=$enableval ],
|
||||
|
|
@ -4744,43 +4744,52 @@ fi
|
|||
|
||||
|
||||
# ASN
|
||||
|
||||
# turn off asn, which means no certs, no rsa, no dsa, no ecc,
|
||||
# and no big int (unless dh is on)
|
||||
|
||||
# turn off ASN if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
then
|
||||
enable_asn=no
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE([asn],
|
||||
[AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
|
||||
[ ENABLED_ASN=$enableval ],
|
||||
[ ENABLED_ASN=yes ]
|
||||
)
|
||||
|
||||
if test "$ENABLED_ASN" = "no"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
|
||||
enable_pwdbased=no
|
||||
else
|
||||
if test "$ENABLED_ASN" = "template"; then
|
||||
ENABLED_ASN="yes"
|
||||
fi
|
||||
if test "$ENABLED_ASN" = "yes"; then
|
||||
for v in `echo $ENABLED_ASN | tr "," " "`
|
||||
do
|
||||
case $v in
|
||||
all)
|
||||
# Enable all ASN features
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
|
||||
ENABLED_ASN=yes
|
||||
;;
|
||||
template | yes)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
|
||||
elif test "$ENABLED_ASN" = "original"; then
|
||||
ENABLED_ASN=yes
|
||||
;;
|
||||
original)
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL"
|
||||
else
|
||||
AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.])
|
||||
fi
|
||||
|
||||
# turn off ASN if leanpsk on
|
||||
if test "$ENABLED_LEANPSK" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT"
|
||||
ENABLED_ASN=yes
|
||||
;;
|
||||
nocrypt)
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
|
||||
enable_pwdbased=no
|
||||
;;
|
||||
no)
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
|
||||
enable_pwdbased=no
|
||||
ENABLED_ASN=no
|
||||
else
|
||||
if test "$ENABLED_ASN" = "nocrypt"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
|
||||
enable_pwdbased=no
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.])
|
||||
break;;
|
||||
esac
|
||||
done
|
||||
|
||||
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \
|
||||
test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no"
|
||||
|
|
|
|||
|
|
@ -12540,13 +12540,13 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
|
|||
while (altName) {
|
||||
WOLFSSL_MSG("\tindividual AltName check");
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
if (altName->type == ASN_IP_TYPE) {
|
||||
buf = altName->ipString;
|
||||
len = (word32)XSTRLEN(buf);
|
||||
}
|
||||
else
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
|
||||
#endif /* WOLFSSL_IP_ALT_NAME */
|
||||
{
|
||||
buf = altName->name;
|
||||
len = (word32)altName->len;
|
||||
|
|
@ -12817,6 +12817,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
|
|||
int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||
{
|
||||
int ret = 0;
|
||||
int minSz;
|
||||
|
||||
if (x509 == NULL || dCert == NULL ||
|
||||
dCert->subjectCNLen < 0)
|
||||
|
|
@ -12866,49 +12867,45 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
|||
#endif /* WOLFSSL_CERT_REQ */
|
||||
|
||||
#ifdef WOLFSSL_SEP
|
||||
{
|
||||
int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
|
||||
if (minSz > 0) {
|
||||
x509->deviceTypeSz = minSz;
|
||||
XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
|
||||
}
|
||||
else
|
||||
x509->deviceTypeSz = 0;
|
||||
minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
|
||||
if (minSz > 0) {
|
||||
x509->hwTypeSz = minSz;
|
||||
XMEMCPY(x509->hwType, dCert->hwType, minSz);
|
||||
}
|
||||
else
|
||||
x509->hwTypeSz = 0;
|
||||
minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
|
||||
if (minSz > 0) {
|
||||
x509->hwSerialNumSz = minSz;
|
||||
XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
|
||||
}
|
||||
else
|
||||
x509->hwSerialNumSz = 0;
|
||||
minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
|
||||
if (minSz > 0) {
|
||||
x509->deviceTypeSz = minSz;
|
||||
XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
|
||||
}
|
||||
else
|
||||
x509->deviceTypeSz = 0;
|
||||
minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
|
||||
if (minSz > 0) {
|
||||
x509->hwTypeSz = minSz;
|
||||
XMEMCPY(x509->hwType, dCert->hwType, minSz);
|
||||
}
|
||||
else
|
||||
x509->hwTypeSz = 0;
|
||||
minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
|
||||
if (minSz > 0) {
|
||||
x509->hwSerialNumSz = minSz;
|
||||
XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
|
||||
}
|
||||
else
|
||||
x509->hwSerialNumSz = 0;
|
||||
#endif /* WOLFSSL_SEP */
|
||||
{
|
||||
int minSz;
|
||||
if (dCert->beforeDateLen > 0) {
|
||||
minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ);
|
||||
x509->notBefore.type = dCert->beforeDate[0];
|
||||
x509->notBefore.length = minSz;
|
||||
XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
|
||||
}
|
||||
else
|
||||
x509->notBefore.length = 0;
|
||||
if (dCert->afterDateLen > 0) {
|
||||
minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ);
|
||||
x509->notAfter.type = dCert->afterDate[0];
|
||||
x509->notAfter.length = minSz;
|
||||
XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
|
||||
}
|
||||
else
|
||||
x509->notAfter.length = 0;
|
||||
|
||||
if (dCert->beforeDateLen > 0) {
|
||||
minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ);
|
||||
x509->notBefore.type = dCert->beforeDate[0];
|
||||
x509->notBefore.length = minSz;
|
||||
XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
|
||||
}
|
||||
else
|
||||
x509->notBefore.length = 0;
|
||||
if (dCert->afterDateLen > 0) {
|
||||
minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ);
|
||||
x509->notAfter.type = dCert->afterDate[0];
|
||||
x509->notAfter.length = minSz;
|
||||
XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
|
||||
}
|
||||
else
|
||||
x509->notAfter.length = 0;
|
||||
|
||||
if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
|
||||
x509->pubKey.buffer = (byte*)XMALLOC(
|
||||
|
|
@ -13047,7 +13044,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
|||
ret = MEMORY_E;
|
||||
}
|
||||
}
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#ifdef WOLFSSL_ASN_CA_ISSUER
|
||||
if (dCert->extAuthInfoCaIssuer != NULL && dCert->extAuthInfoCaIssuerSz > 0) {
|
||||
x509->authInfoCaIssuer = (byte*)XMALLOC(dCert->extAuthInfoCaIssuerSz, x509->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
|
|
@ -13133,10 +13130,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
|||
#ifndef IGNORE_NETSCAPE_CERT_TYPE
|
||||
x509->nsCertType = dCert->nsCertType;
|
||||
#endif
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
|
||||
#ifdef WOLFSSL_SEP
|
||||
x509->certPolicySet = dCert->extCertPolicySet;
|
||||
x509->certPolicyCrit = dCert->extCertPolicyCrit;
|
||||
#endif /* WOLFSSL_SEP || WOLFSSL_QT */
|
||||
#endif
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
{
|
||||
int i;
|
||||
|
|
|
|||
24
src/ocsp.c
24
src/ocsp.c
|
|
@ -668,8 +668,9 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp)
|
|||
return ret;
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
||||
defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)
|
||||
|
||||
/* compatibility layer OCSP functions */
|
||||
#ifdef OPENSSL_EXTRA
|
||||
int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
|
||||
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
|
||||
WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd,
|
||||
|
|
@ -695,10 +696,15 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
|
|||
|
||||
if (status != NULL)
|
||||
*status = single->status->status;
|
||||
#ifdef WOLFSSL_OCSP_PARSE_STATUS
|
||||
if (thisupd != NULL)
|
||||
*thisupd = &single->status->thisDateParsed;
|
||||
if (nextupd != NULL)
|
||||
*nextupd = &single->status->nextDateParsed;
|
||||
#else
|
||||
(void)thisupd;
|
||||
(void)nextupd;
|
||||
#endif
|
||||
|
||||
/* TODO: Not needed for Nginx or httpd */
|
||||
if (reason != NULL)
|
||||
|
|
@ -1191,9 +1197,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id)
|
|||
}
|
||||
return certId;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(APACHE_HTTPD) || defined(WOLFSSL_HAPROXY)
|
||||
#ifndef NO_BIO
|
||||
int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
|
||||
WOLFSSL_OCSP_REQUEST *req)
|
||||
|
|
@ -1295,7 +1299,8 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)
|
||||
const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
|
||||
const WOLFSSL_OCSP_SINGLERESP *single)
|
||||
{
|
||||
return single;
|
||||
}
|
||||
|
|
@ -1392,9 +1397,6 @@ WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int
|
|||
return single;
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_ALL || APACHE_HTTPD || WOLFSSL_HAPROXY */
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
#ifndef NO_WOLFSSL_STUB
|
||||
int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext,
|
||||
int idx)
|
||||
|
|
@ -1467,12 +1469,14 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,
|
|||
|
||||
#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
|
||||
/* Serial number starts at 0 index of ser->data */
|
||||
XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz);
|
||||
XMEMCPY(&ser->data[i], cid->status->serial,
|
||||
(size_t)cid->status->serialSz);
|
||||
ser->length = cid->status->serialSz;
|
||||
#else
|
||||
ser->data[i++] = ASN_INTEGER;
|
||||
i += SetLength(cid->status->serialSz, ser->data + i);
|
||||
XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz);
|
||||
XMEMCPY(&ser->data[i], cid->status->serial,
|
||||
(size_t)cid->status->serialSz);
|
||||
ser->length = i + cid->status->serialSz;
|
||||
#endif
|
||||
|
||||
|
|
|
|||
|
|
@ -22731,7 +22731,7 @@ void wolfSSL_ERR_remove_state(unsigned long id)
|
|||
}
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
#ifdef OPENSSL_ALL
|
||||
|
||||
|
|
|
|||
17
src/x509.c
17
src/x509.c
|
|
@ -1067,7 +1067,9 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
|
|||
case CERT_POLICY_OID:
|
||||
if (!isSet)
|
||||
break;
|
||||
#ifdef WOLFSSL_SEP
|
||||
ext->crit = x509->certPolicyCrit;
|
||||
#endif
|
||||
break;
|
||||
|
||||
case KEY_USAGE_OID:
|
||||
|
|
@ -2504,7 +2506,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
|
|||
else {
|
||||
WOLFSSL_MSG("No Cert Policy set");
|
||||
}
|
||||
#elif defined(WOLFSSL_SEP)
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
#ifdef WOLFSSL_SEP
|
||||
if (x509->certPolicySet) {
|
||||
if (c != NULL) {
|
||||
*c = x509->certPolicyCrit;
|
||||
|
|
@ -2520,8 +2523,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
|
|||
else {
|
||||
WOLFSSL_MSG("No Cert Policy set");
|
||||
}
|
||||
#else
|
||||
WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT");
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
|
|
@ -3711,7 +3712,7 @@ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
|
|||
}
|
||||
|
||||
ret = cert->altNamesNext->name;
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
/* return the IP address as a string */
|
||||
if (cert->altNamesNext->type == ASN_IP_TYPE) {
|
||||
ret = cert->altNamesNext->ipString;
|
||||
|
|
@ -5668,9 +5669,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
|
|||
case NID_key_usage: crit = x509->keyUsageCrit; break;
|
||||
case NID_crl_distribution_points: crit= x509->CRLdistCrit; break;
|
||||
case NID_ext_key_usage: crit= x509->extKeyUsageCrit; break;
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
|
||||
case NID_certificate_policies: crit = x509->certPolicyCrit; break;
|
||||
#endif /* WOLFSSL_SEP || WOLFSSL_QT */
|
||||
#ifdef WOLFSSL_SEP
|
||||
case NID_certificate_policies: crit = x509->certPolicyCrit; break;
|
||||
#endif /* WOLFSSL_SEP */
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -5873,7 +5874,7 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
|
|||
break;
|
||||
}
|
||||
}
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
else if (entry->type == ASN_IP_TYPE) {
|
||||
len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s",
|
||||
entry->ipString);
|
||||
|
|
|
|||
19
tests/api.c
19
tests/api.c
|
|
@ -4268,8 +4268,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
|
|||
static int test_wolfSSL_CheckOCSPResponse(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) && \
|
||||
defined(OPENSSL_ALL)
|
||||
#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \
|
||||
!defined(NO_RSA) && !defined(NO_SHA)
|
||||
const char* responseFile = "./certs/ocsp/test-response.der";
|
||||
const char* responseMultiFile = "./certs/ocsp/test-multi-response.der";
|
||||
const char* responseNoInternFile =
|
||||
|
|
@ -53340,7 +53340,7 @@ static int test_wolfSSL_X509_sign(void)
|
|||
ExpectIntEQ(wolfSSL_X509_add_altname(x509,
|
||||
"Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
|
||||
ASN_DNS_TYPE), SSL_SUCCESS);
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
{
|
||||
unsigned char ip4_type[] = {127,128,0,255};
|
||||
unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab,
|
||||
|
|
@ -53373,7 +53373,7 @@ static int test_wolfSSL_X509_sign(void)
|
|||
#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
|
||||
ExpectIntEQ(X509_get_ext_count(x509), 1);
|
||||
#endif
|
||||
#if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
|
||||
#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME)
|
||||
ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1);
|
||||
ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1);
|
||||
#endif
|
||||
|
|
@ -53389,7 +53389,7 @@ static int test_wolfSSL_X509_sign(void)
|
|||
#ifndef WOLFSSL_ALT_NAMES
|
||||
/* Valid case - size should be 781-786 with 16 byte serial number */
|
||||
ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz));
|
||||
#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#elif defined(WOLFSSL_IP_ALT_NAME)
|
||||
/* Valid case - size should be 955-960 with 16 byte serial number */
|
||||
ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz));
|
||||
#else
|
||||
|
|
@ -64446,7 +64446,7 @@ static int test_wolfSSL_OCSP_id_cmp(void)
|
|||
static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
|
||||
#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_OCSP_SINGLERESP single;
|
||||
const WOLFSSL_OCSP_CERTID* certId;
|
||||
|
||||
|
|
@ -64463,7 +64463,8 @@ static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
|
|||
static int test_wolfSSL_OCSP_single_get0_status(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
|
||||
#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \
|
||||
defined(WOLFSSL_OCSP_PARSE_STATUS)
|
||||
WOLFSSL_OCSP_SINGLERESP single;
|
||||
CertStatus certStatus;
|
||||
WOLFSSL_ASN1_TIME* thisDate;
|
||||
|
|
@ -64498,7 +64499,7 @@ static int test_wolfSSL_OCSP_single_get0_status(void)
|
|||
static int test_wolfSSL_OCSP_resp_count(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
|
||||
#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_OCSP_BASICRESP basicResp;
|
||||
WOLFSSL_OCSP_SINGLERESP singleRespOne;
|
||||
WOLFSSL_OCSP_SINGLERESP singleRespTwo;
|
||||
|
|
@ -64519,7 +64520,7 @@ static int test_wolfSSL_OCSP_resp_count(void)
|
|||
static int test_wolfSSL_OCSP_resp_get0(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
|
||||
#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_OCSP_BASICRESP basicResp;
|
||||
WOLFSSL_OCSP_SINGLERESP singleRespOne;
|
||||
WOLFSSL_OCSP_SINGLERESP singleRespTwo;
|
||||
|
|
|
|||
|
|
@ -5706,8 +5706,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz)
|
|||
}
|
||||
#endif /* HAVE_OID_ENCODING */
|
||||
|
||||
#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \
|
||||
defined(OPENSSL_ALL)
|
||||
#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT)
|
||||
/* Encode dotted form of OID into byte array version.
|
||||
*
|
||||
* @param [in] in Byte array containing OID.
|
||||
|
|
@ -5754,7 +5753,7 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz)
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT || OPENSSL_ALL */
|
||||
#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT */
|
||||
|
||||
/* Decode the header of a BER/DER encoded OBJECT ID.
|
||||
*
|
||||
|
|
@ -11427,10 +11426,10 @@ void FreeAltNames(DNS_entry* altNames, void* heap)
|
|||
DNS_entry* tmp = altNames->next;
|
||||
|
||||
XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL)
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
#endif
|
||||
XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
|
|
@ -11465,17 +11464,17 @@ DNS_entry* AltNameDup(DNS_entry* from, void* heap)
|
|||
|
||||
|
||||
ret->name = CopyString(from->name, from->len, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
ret->ipString = CopyString(from->ipString, 0, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
#endif
|
||||
#ifdef OPENSSL_ALL
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
ret->ridString = CopyString(from->ridString, 0, heap, DYNAMIC_TYPE_ALTNAME);
|
||||
#endif
|
||||
if (ret->name == NULL
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
|| (from->ipString != NULL && ret->ipString == NULL)
|
||||
#endif
|
||||
#ifdef OPENSSL_ALL
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
|| (from->ridString != NULL && ret->ridString == NULL)
|
||||
#endif
|
||||
) {
|
||||
|
|
@ -13324,7 +13323,7 @@ static const byte rdnChoice[] = {
|
|||
};
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
/* used to set the human readable string for the IP address with a ASN_IP_TYPE
|
||||
* DNS entry
|
||||
* return 0 on success
|
||||
|
|
@ -13388,9 +13387,9 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap)
|
|||
|
||||
return ret;
|
||||
}
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
|
||||
#endif /* WOLFSSL_IP_ALT_NAME */
|
||||
|
||||
#if defined(OPENSSL_ALL)
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
/* used to set the human readable string for the registeredID with an
|
||||
* ASN_RID_TYPE DNS entry
|
||||
* return 0 on success
|
||||
|
|
@ -13399,7 +13398,9 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
|
|||
{
|
||||
int i, j, ret = 0;
|
||||
int nameSz = 0;
|
||||
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
|
||||
int nid = 0;
|
||||
#endif
|
||||
int tmpSize = MAX_OID_SZ;
|
||||
word32 oid = 0;
|
||||
word32 idx = 0;
|
||||
|
|
@ -13419,40 +13420,46 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
|
|||
|
||||
ret = GetOID((const byte*)entry->name, &idx, &oid, oidIgnoreType,
|
||||
entry->len);
|
||||
if (ret == 0) {
|
||||
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
|
||||
if ((nid = oid2nid(oid, oidCsrAttrType)) > 0) {
|
||||
/* OID has known string value */
|
||||
finalName = (char*)wolfSSL_OBJ_nid2ln(nid);
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
/* Decode OBJECT_ID into dotted form array. */
|
||||
ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len,
|
||||
tmpName, (word32*)&tmpSize);
|
||||
|
||||
if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) {
|
||||
/* OID has known string value */
|
||||
finalName = (char*)wolfSSL_OBJ_nid2ln(nid);
|
||||
}
|
||||
else {
|
||||
/* Decode OBJECT_ID into dotted form array. */
|
||||
ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len,
|
||||
tmpName, (word32*)&tmpSize);
|
||||
if (ret == 0) {
|
||||
j = 0;
|
||||
/* Append each number of dotted form. */
|
||||
for (i = 0; i < tmpSize; i++) {
|
||||
if (j >= MAX_OID_SZ) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
j = 0;
|
||||
/* Append each number of dotted form. */
|
||||
for (i = 0; i < tmpSize; i++) {
|
||||
if (j >= MAX_OID_SZ) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
if (i < tmpSize - 1) {
|
||||
ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.",
|
||||
tmpName[i]);
|
||||
}
|
||||
else {
|
||||
ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d",
|
||||
tmpName[i]);
|
||||
}
|
||||
|
||||
if (i < tmpSize - 1) {
|
||||
ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", tmpName[i]);
|
||||
}
|
||||
else {
|
||||
ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", tmpName[i]);
|
||||
}
|
||||
|
||||
if (ret >= 0) {
|
||||
j += ret;
|
||||
}
|
||||
else {
|
||||
return BUFFER_E;
|
||||
if (ret >= 0) {
|
||||
j += ret;
|
||||
}
|
||||
else {
|
||||
return BUFFER_E;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
finalName = oidName;
|
||||
}
|
||||
ret = 0;
|
||||
finalName = oidName;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -13473,7 +13480,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap)
|
|||
|
||||
return ret;
|
||||
}
|
||||
#endif /* OPENSSL_ALL && WOLFSSL_ASN_TEMPLATE */
|
||||
#endif /* WOLFSSL_RID_ALT_NAME */
|
||||
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
|
||||
|
|
@ -13553,29 +13560,29 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen,
|
|||
XMEMCPY(dnsEntry->name, str, (size_t)strLen);
|
||||
dnsEntry->name[strLen] = '\0';
|
||||
|
||||
#if defined(OPENSSL_ALL)
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
/* store registeredID as a string */
|
||||
if (type == ASN_RID_TYPE) {
|
||||
if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) {
|
||||
XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
}
|
||||
ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap);
|
||||
}
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
/* store IP addresses as a string */
|
||||
if (type == ASN_IP_TYPE) {
|
||||
if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) {
|
||||
XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
}
|
||||
ret = GenerateDNSEntryIPString(dnsEntry, cert->heap);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
if (ret == 0) {
|
||||
#endif
|
||||
ret = AddDNSEntryToList(entries, dnsEntry);
|
||||
}
|
||||
|
||||
/* failure cleanup */
|
||||
if (ret != 0 && dnsEntry != NULL) {
|
||||
XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
|
@ -14506,7 +14513,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
|
|||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
!defined(WOLFCRYPT_ONLY)
|
||||
if (nameType == ASN_ISSUER) {
|
||||
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
|
||||
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) &&\
|
||||
(defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
|
||||
dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX);
|
||||
XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen);
|
||||
|
|
@ -14907,8 +14914,7 @@ int ExtractDate(const unsigned char* date, unsigned char format,
|
|||
}
|
||||
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
|
||||
defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
#ifdef WOLFSSL_ASN_TIME_STRING
|
||||
int GetTimeString(byte* date, int format, char* buf, int len)
|
||||
{
|
||||
struct tm t;
|
||||
|
|
@ -14954,8 +14960,7 @@ int GetTimeString(byte* date, int format, char* buf, int len)
|
|||
|
||||
return 1;
|
||||
}
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_MYSQL_COMPATIBLE ||
|
||||
* OPENSSL_EXTRA || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
#endif /* WOLFSSL_ASN_TIME_STRING */
|
||||
|
||||
/* Check time struct for valid values. Returns 0 for success */
|
||||
static int ValidateGmtime(struct tm* inTime)
|
||||
|
|
@ -18040,7 +18045,9 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert)
|
|||
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||
static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry)
|
||||
{
|
||||
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV)
|
||||
#if (defined(WOLFSSL_ASN_ALL) || defined(OPENSSL_EXTRA)) && \
|
||||
!defined(WOLFSSL_ALT_NAMES_NO_REV)
|
||||
/* logic to add alt name to end of list */
|
||||
dnsEntry->next = NULL;
|
||||
if (cert->altNames == NULL) {
|
||||
/* First on list */
|
||||
|
|
@ -18335,8 +18342,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
|
|||
idx += (word32)len;
|
||||
}
|
||||
}
|
||||
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
|
||||
defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
/* GeneralName choice: iPAddress */
|
||||
else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
|
||||
ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_IP_TYPE,
|
||||
|
|
@ -18345,9 +18351,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
|
|||
idx += (word32)len;
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_QT || OPENSSL_ALL */
|
||||
|
||||
#ifdef OPENSSL_ALL
|
||||
#endif /* WOLFSSL_IP_ALT_NAME */
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
/* GeneralName choice: registeredID */
|
||||
else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
|
||||
ret = SetDNSEntry(cert, (const char*)(input + idx), len,
|
||||
|
|
@ -18356,7 +18361,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag,
|
|||
idx += (word32)len;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif /* WOLFSSL_RID_ALT_NAME */
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI)
|
||||
/* GeneralName choice: otherName */
|
||||
|
|
@ -18833,7 +18838,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
|||
length -= strLen;
|
||||
idx += (word32)strLen;
|
||||
}
|
||||
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) {
|
||||
DNS_entry* ipAddr;
|
||||
int strLen;
|
||||
|
|
@ -18868,21 +18873,19 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
|||
XMEMCPY(ipAddr->name, &input[idx], strLen);
|
||||
ipAddr->name[strLen] = '\0';
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) {
|
||||
WOLFSSL_MSG("\tOut of Memory for IP string");
|
||||
XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
|
||||
AddAltName(cert, ipAddr);
|
||||
|
||||
length -= strLen;
|
||||
idx += (word32)strLen;
|
||||
}
|
||||
#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
|
||||
#if defined(OPENSSL_ALL)
|
||||
#endif /* WOLFSSL_IP_ALT_NAME */
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) {
|
||||
DNS_entry* rid;
|
||||
int strLen;
|
||||
|
|
@ -18929,7 +18932,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert)
|
|||
length -= strLen;
|
||||
idx += (word32)strLen;
|
||||
}
|
||||
#endif /* OPENSSL_ALL */
|
||||
#endif /* WOLFSSL_RID_ALT_NAME */
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
else if (current_byte ==
|
||||
(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) {
|
||||
|
|
@ -19531,15 +19534,11 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
|
|||
|
||||
/* Set ocsp entry */
|
||||
if (b == GENERALNAME_URI && oid == AIA_OCSP_OID &&
|
||||
cert->extAuthInfo == NULL)
|
||||
{
|
||||
cert->extAuthInfo == NULL) {
|
||||
cert->extAuthInfoSz = length;
|
||||
cert->extAuthInfo = input + idx;
|
||||
#if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#ifdef WOLFSSL_ASN_CA_ISSUER
|
||||
/* Set CaIssuers entry */
|
||||
else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID &&
|
||||
cert->extAuthInfoCaIssuer == NULL)
|
||||
|
|
@ -19547,7 +19546,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
|
|||
cert->extAuthInfoCaIssuerSz = length;
|
||||
cert->extAuthInfoCaIssuer = input + idx;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
idx += (word32)length;
|
||||
}
|
||||
|
||||
|
|
@ -19585,11 +19584,8 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
|
|||
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
|
||||
&cert->extAuthInfo, &sz32);
|
||||
cert->extAuthInfoSz = (int)sz32;
|
||||
#if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#ifdef WOLFSSL_ASN_CA_ISSUER
|
||||
/* Check we have CA Issuer and URI. */
|
||||
else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum ==
|
||||
AIA_CA_ISSUER_OID) &&
|
||||
|
|
@ -19600,7 +19596,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert)
|
|||
&cert->extAuthInfoCaIssuer, &sz32);
|
||||
cert->extAuthInfoCaIssuerSz = (int)sz32;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
/* Otherwise skip. */
|
||||
}
|
||||
}
|
||||
|
|
@ -20416,8 +20412,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz,
|
|||
}
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
|
||||
#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \
|
||||
defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
|
||||
/* Decode ITU-T X.690 OID format to a string representation
|
||||
* return string length */
|
||||
|
|
@ -20469,10 +20464,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz)
|
|||
exit:
|
||||
return w;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_QT)
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
/* ASN.1 template for PolicyInformation.
|
||||
* X.509: RFC 5280, 4.2.1.4 - Certificate Policies.
|
||||
*/
|
||||
|
|
@ -20491,230 +20486,221 @@ exit:
|
|||
|
||||
/* Number of items in ASN.1 template for PolicyInformation. */
|
||||
#define policyInfoASN_Length (sizeof(policyInfoASN) / sizeof(ASNItem))
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */
|
||||
static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert)
|
||||
{
|
||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||
word32 idx = 0;
|
||||
word32 oldIdx;
|
||||
int policy_length = 0;
|
||||
int ret;
|
||||
int total_length = 0;
|
||||
#if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \
|
||||
!defined(WOLFSSL_DUP_CERTPOL)
|
||||
int i;
|
||||
#endif
|
||||
/* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */
|
||||
static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert)
|
||||
{
|
||||
#ifndef WOLFSSL_ASN_TEMPLATE
|
||||
word32 idx = 0;
|
||||
word32 oldIdx;
|
||||
int policy_length = 0;
|
||||
int ret;
|
||||
int total_length = 0;
|
||||
#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL)
|
||||
int i;
|
||||
#endif
|
||||
|
||||
WOLFSSL_ENTER("DecodeCertPolicy");
|
||||
WOLFSSL_ENTER("DecodeCertPolicy");
|
||||
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
|
||||
/* Check if cert is null before dereferencing below */
|
||||
if (cert == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
#else
|
||||
(void)cert;
|
||||
#endif
|
||||
/* Check if cert is null before dereferencing below */
|
||||
if (cert == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#if defined(WOLFSSL_CERT_EXT)
|
||||
cert->extCertPoliciesNb = 0;
|
||||
#endif
|
||||
#if defined(WOLFSSL_CERT_EXT)
|
||||
cert->extCertPoliciesNb = 0;
|
||||
#endif
|
||||
|
||||
if (GetSequence(input, &idx, &total_length, sz) < 0) {
|
||||
WOLFSSL_MSG("\tGet CertPolicy total seq failed");
|
||||
if (GetSequence(input, &idx, &total_length, sz) < 0) {
|
||||
WOLFSSL_MSG("\tGet CertPolicy total seq failed");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
/* Validate total length */
|
||||
if (total_length > (int)(sz - idx)) {
|
||||
WOLFSSL_MSG("\tCertPolicy length mismatch");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
/* Unwrap certificatePolicies */
|
||||
do {
|
||||
int length = 0;
|
||||
|
||||
if (GetSequence(input, &idx, &policy_length, sz) < 0) {
|
||||
WOLFSSL_MSG("\tGet CertPolicy seq failed");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
/* Validate total length */
|
||||
if (total_length > (int)(sz - idx)) {
|
||||
WOLFSSL_MSG("\tCertPolicy length mismatch");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
oldIdx = idx;
|
||||
ret = GetASNObjectId(input, &idx, &length, sz);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
policy_length -= (int)(idx - oldIdx);
|
||||
|
||||
/* Unwrap certificatePolicies */
|
||||
do {
|
||||
int length = 0;
|
||||
|
||||
if (GetSequence(input, &idx, &policy_length, sz) < 0) {
|
||||
WOLFSSL_MSG("\tGet CertPolicy seq failed");
|
||||
if (length > 0) {
|
||||
/* Verify length won't overrun buffer */
|
||||
if (length > (int)(sz - idx)) {
|
||||
WOLFSSL_MSG("\tCertPolicy length exceeds input buffer");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
oldIdx = idx;
|
||||
ret = GetASNObjectId(input, &idx, &length, sz);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
policy_length -= (int)(idx - oldIdx);
|
||||
|
||||
if (length > 0) {
|
||||
/* Verify length won't overrun buffer */
|
||||
if (length > (int)(sz - idx)) {
|
||||
WOLFSSL_MSG("\tCertPolicy length exceeds input buffer");
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_SEP)
|
||||
#ifdef WOLFSSL_SEP
|
||||
if (cert->deviceType == NULL) {
|
||||
cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
if (cert->deviceType == NULL) {
|
||||
WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
|
||||
return MEMORY_E;
|
||||
}
|
||||
cert->deviceTypeSz = length;
|
||||
XMEMCPY(cert->deviceType, input + idx, (size_t)length);
|
||||
break;
|
||||
#elif defined(WOLFSSL_CERT_EXT)
|
||||
/* decode cert policy */
|
||||
if (DecodePolicyOID(cert->extCertPolicies[
|
||||
cert->extCertPoliciesNb], MAX_CERTPOL_SZ,
|
||||
input + idx, length) <= 0) {
|
||||
WOLFSSL_MSG("\tCouldn't decode CertPolicy");
|
||||
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
#ifndef WOLFSSL_DUP_CERTPOL
|
||||
/* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
|
||||
* NOT appear more than once in a certificate policies
|
||||
* extension". This is a sanity check for duplicates.
|
||||
* extCertPolicies should only have OID values, additional
|
||||
* qualifiers need to be stored in a separate array. */
|
||||
for (i = 0; i < cert->extCertPoliciesNb; i++) {
|
||||
if (XMEMCMP(cert->extCertPolicies[i],
|
||||
cert->extCertPolicies[cert->extCertPoliciesNb],
|
||||
MAX_CERTPOL_SZ) == 0) {
|
||||
WOLFSSL_MSG("Duplicate policy OIDs not allowed");
|
||||
WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
|
||||
WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
|
||||
return CERTPOLICIES_E;
|
||||
}
|
||||
}
|
||||
#endif /* !WOLFSSL_DUP_CERTPOL */
|
||||
cert->extCertPoliciesNb++;
|
||||
#else
|
||||
WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0);
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
idx += (word32)policy_length;
|
||||
} while((int)idx < total_length
|
||||
#if defined(WOLFSSL_CERT_EXT)
|
||||
&& cert->extCertPoliciesNb < MAX_CERTPOL_NB
|
||||
#endif
|
||||
);
|
||||
|
||||
WOLFSSL_LEAVE("DecodeCertPolicy", 0);
|
||||
return 0;
|
||||
#else /* WOLFSSL_ASN_TEMPLATE */
|
||||
word32 idx = 0;
|
||||
int ret = 0;
|
||||
int total_length = 0;
|
||||
#if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \
|
||||
!defined(WOLFSSL_DUP_CERTPOL)
|
||||
int i;
|
||||
#endif
|
||||
|
||||
WOLFSSL_ENTER("DecodeCertPolicy");
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
|
||||
/* Check if cert is null before dereferencing below */
|
||||
if (cert == NULL)
|
||||
ret = BAD_FUNC_ARG;
|
||||
#endif
|
||||
|
||||
if (ret == 0) {
|
||||
#if defined(WOLFSSL_CERT_EXT)
|
||||
cert->extCertPoliciesNb = 0;
|
||||
#endif
|
||||
|
||||
/* Strip SEQUENCE OF and check using all data. */
|
||||
if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0)
|
||||
{
|
||||
ret = ASN_PARSE_E;
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
/* decode cert policy */
|
||||
if (DecodePolicyOID(cert->extCertPolicies[
|
||||
cert->extCertPoliciesNb], MAX_CERTPOL_SZ,
|
||||
input + idx, length) <= 0) {
|
||||
WOLFSSL_MSG("\tCouldn't decode CertPolicy");
|
||||
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
|
||||
return ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
|
||||
/* Unwrap certificatePolicies */
|
||||
while ((ret == 0) && ((int)idx < total_length)
|
||||
#if defined(WOLFSSL_CERT_EXT)
|
||||
&& (cert->extCertPoliciesNb < MAX_CERTPOL_NB)
|
||||
#endif
|
||||
) {
|
||||
ASNGetData dataASN[policyInfoASN_Length];
|
||||
byte* data = NULL;
|
||||
word32 length = 0;
|
||||
|
||||
/* Clear dynamic data and check OID is a cert policy type. */
|
||||
XMEMSET(dataASN, 0, sizeof(dataASN));
|
||||
GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType);
|
||||
ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1,
|
||||
input, &idx, (word32)sz);
|
||||
if (ret == 0) {
|
||||
/* Get the OID. */
|
||||
GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length);
|
||||
if (length == 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
#if defined(WOLFSSL_SEP)
|
||||
/* Store OID in device type. */
|
||||
if (ret == 0) {
|
||||
cert->deviceType = (byte*)XMALLOC(length, cert->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
if (cert->deviceType == NULL) {
|
||||
WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
}
|
||||
if (ret == 0) {
|
||||
/* Store device type data and length. */
|
||||
cert->deviceTypeSz = (int)length;
|
||||
XMEMCPY(cert->deviceType, data, length);
|
||||
break;
|
||||
}
|
||||
#elif defined(WOLFSSL_CERT_EXT)
|
||||
if (ret == 0) {
|
||||
/* Decode cert policy. */
|
||||
if (DecodePolicyOID(
|
||||
cert->extCertPolicies[cert->extCertPoliciesNb],
|
||||
MAX_CERTPOL_SZ, data, length) <= 0) {
|
||||
WOLFSSL_MSG("\tCouldn't decode CertPolicy");
|
||||
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
#ifndef WOLFSSL_DUP_CERTPOL
|
||||
#ifndef WOLFSSL_DUP_CERTPOL
|
||||
/* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
|
||||
* NOT appear more than once in a certificate policies
|
||||
* extension". This is a sanity check for duplicates.
|
||||
* extCertPolicies should only have OID values, additional
|
||||
* qualifiers need to be stored in a separate array. */
|
||||
for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) {
|
||||
for (i = 0; i < cert->extCertPoliciesNb; i++) {
|
||||
if (XMEMCMP(cert->extCertPolicies[i],
|
||||
cert->extCertPolicies[cert->extCertPoliciesNb],
|
||||
MAX_CERTPOL_SZ) == 0) {
|
||||
WOLFSSL_MSG("Duplicate policy OIDs not allowed");
|
||||
WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
|
||||
WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
|
||||
ret = CERTPOLICIES_E;
|
||||
return CERTPOLICIES_E;
|
||||
}
|
||||
}
|
||||
#endif /* !defined(WOLFSSL_DUP_CERTPOL) */
|
||||
if (ret == 0) {
|
||||
/* Keep count of policies seen. */
|
||||
cert->extCertPoliciesNb++;
|
||||
}
|
||||
#else
|
||||
(void)data;
|
||||
WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0);
|
||||
break;
|
||||
#endif
|
||||
#endif /* !WOLFSSL_DUP_CERTPOL */
|
||||
cert->extCertPoliciesNb++;
|
||||
#endif
|
||||
}
|
||||
idx += (word32)policy_length;
|
||||
} while((int)idx < total_length
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
&& cert->extCertPoliciesNb < MAX_CERTPOL_NB
|
||||
#endif
|
||||
);
|
||||
|
||||
WOLFSSL_LEAVE("DecodeCertPolicy", 0);
|
||||
return ret;
|
||||
#endif /* WOLFSSL_ASN_TEMPLATE */
|
||||
WOLFSSL_LEAVE("DecodeCertPolicy", 0);
|
||||
return 0;
|
||||
#else /* WOLFSSL_ASN_TEMPLATE */
|
||||
word32 idx = 0;
|
||||
int ret = 0;
|
||||
int total_length = 0;
|
||||
#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL)
|
||||
int i;
|
||||
#endif
|
||||
|
||||
WOLFSSL_ENTER("DecodeCertPolicy");
|
||||
|
||||
/* Check if cert is null before dereferencing below */
|
||||
if (cert == NULL) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
#endif /* WOLFSSL_SEP */
|
||||
|
||||
if (ret == 0) {
|
||||
#if defined(WOLFSSL_CERT_EXT)
|
||||
cert->extCertPoliciesNb = 0;
|
||||
#endif
|
||||
|
||||
/* Strip SEQUENCE OF and check using all data. */
|
||||
if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0)
|
||||
{
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
|
||||
/* Unwrap certificatePolicies */
|
||||
while ((ret == 0) && ((int)idx < total_length)
|
||||
#if defined(WOLFSSL_CERT_EXT)
|
||||
&& (cert->extCertPoliciesNb < MAX_CERTPOL_NB)
|
||||
#endif
|
||||
) {
|
||||
ASNGetData dataASN[policyInfoASN_Length];
|
||||
byte* data = NULL;
|
||||
word32 length = 0;
|
||||
|
||||
/* Clear dynamic data and check OID is a cert policy type. */
|
||||
XMEMSET(dataASN, 0, sizeof(dataASN));
|
||||
GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType);
|
||||
ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1,
|
||||
input, &idx, (word32)sz);
|
||||
if (ret == 0) {
|
||||
/* Get the OID. */
|
||||
GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length);
|
||||
if (length == 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
#ifdef WOLFSSL_SEP
|
||||
/* Store OID in device type. */
|
||||
if (ret == 0 && cert->deviceType == NULL) {
|
||||
cert->deviceType = (byte*)XMALLOC(length, cert->heap,
|
||||
DYNAMIC_TYPE_X509_EXT);
|
||||
if (cert->deviceType != NULL) {
|
||||
/* Store device type data and length. */
|
||||
cert->deviceTypeSz = (int)length;
|
||||
XMEMCPY(cert->deviceType, data, length);
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_SEP */
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
if (ret == 0) {
|
||||
/* Decode cert policy. */
|
||||
if (DecodePolicyOID(
|
||||
cert->extCertPolicies[cert->extCertPoliciesNb],
|
||||
MAX_CERTPOL_SZ, data, length) <= 0) {
|
||||
WOLFSSL_MSG("\tCouldn't decode CertPolicy");
|
||||
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
}
|
||||
#ifndef WOLFSSL_DUP_CERTPOL
|
||||
/* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST
|
||||
* NOT appear more than once in a certificate policies
|
||||
* extension". This is a sanity check for duplicates.
|
||||
* extCertPolicies should only have OID values, additional
|
||||
* qualifiers need to be stored in a separate array. */
|
||||
for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) {
|
||||
if (XMEMCMP(cert->extCertPolicies[i],
|
||||
cert->extCertPolicies[cert->extCertPoliciesNb],
|
||||
MAX_CERTPOL_SZ) == 0) {
|
||||
WOLFSSL_MSG("Duplicate policy OIDs not allowed");
|
||||
WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted");
|
||||
WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E);
|
||||
ret = CERTPOLICIES_E;
|
||||
}
|
||||
}
|
||||
#endif /* !WOLFSSL_DUP_CERTPOL */
|
||||
if (ret == 0) {
|
||||
/* Keep count of policies seen. */
|
||||
cert->extCertPoliciesNb++;
|
||||
}
|
||||
#endif /* WOLFSSL_CERT_EXT */
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("DecodeCertPolicy", 0);
|
||||
return ret;
|
||||
#endif /* WOLFSSL_ASN_TEMPLATE */
|
||||
}
|
||||
#endif /* WOLFSSL_SEP || WOLFSSL_CERT_EXT */
|
||||
|
||||
#ifdef WOLFSSL_SUBJ_DIR_ATTR
|
||||
#ifdef WOLFSSL_ASN_TEMPLATE
|
||||
|
|
@ -21244,15 +21230,11 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
|
|||
|
||||
/* Certificate policies. */
|
||||
case CERT_POLICY_OID:
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
|
||||
#ifdef WOLFSSL_SEP
|
||||
VERIFY_AND_SET_OID(cert->extCertPolicySet);
|
||||
#if defined(OPENSSL_EXTRA) || \
|
||||
defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extCertPolicyCrit = critical ? 1 : 0;
|
||||
#endif
|
||||
cert->extCertPolicyCrit = critical ? 1 : 0;
|
||||
#endif
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || \
|
||||
defined(WOLFSSL_QT)
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT)
|
||||
if (DecodeCertPolicy(input, length, cert) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
|
|
@ -24121,7 +24103,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer
|
|||
/* If you end up here with error -188,
|
||||
* consider using WOLFSSL_ALT_CERT_CHAINS. */
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
/* ret needs to be self-signer error for Qt compat */
|
||||
/* ret needs to be self-signer error for openssl compatibility */
|
||||
if (cert->selfSigned) {
|
||||
WOLFSSL_ERROR_VERBOSE(ASN_SELF_SIGNED_E);
|
||||
return ASN_SELF_SIGNED_E;
|
||||
|
|
@ -28140,8 +28122,7 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
|
|||
}
|
||||
#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
|
||||
(defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
|
||||
#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE
|
||||
|
||||
/* Convert key usage string (comma delimited, null terminated) to word16
|
||||
* Returns 0 on success, negative on error */
|
||||
|
|
@ -28264,7 +28245,7 @@ int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap)
|
|||
return ret;
|
||||
}
|
||||
|
||||
#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */
|
||||
#endif /* WOLFSSL_ASN_PARSE_KEYUSAGE */
|
||||
|
||||
#ifdef WOLFSSL_CERT_GEN
|
||||
/* Encodes one attribute of the name (issuer/subject)
|
||||
|
|
@ -35899,7 +35880,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
|
|||
if (idx >= size)
|
||||
return BUFFER_E;
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
#ifdef WOLFSSL_OCSP_PARSE_STATUS
|
||||
single->status->thisDateAsn = source + idx;
|
||||
localIdx = 0;
|
||||
if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL,
|
||||
|
|
@ -35935,7 +35916,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
|
|||
idx++;
|
||||
if (GetLength(source, &idx, &length, size) < 0)
|
||||
return ASN_PARSE_E;
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
#ifdef WOLFSSL_OCSP_PARSE_STATUS
|
||||
single->status->nextDateAsn = source + idx;
|
||||
localIdx = 0;
|
||||
if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL,
|
||||
|
|
@ -36071,8 +36052,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
|
|||
}
|
||||
if (ret == 0) {
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
|
||||
#ifdef WOLFSSL_OCSP_PARSE_STATUS
|
||||
/* Store ASN.1 version of thisDate. */
|
||||
cs->thisDateAsn = GetASNItem_Addr(
|
||||
dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], source);
|
||||
|
|
@ -36095,8 +36075,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size,
|
|||
if ((ret == 0) &&
|
||||
(dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) {
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
|
||||
#ifdef WOLFSSL_OCSP_PARSE_STATUS
|
||||
/* Store ASN.1 version of thisDate. */
|
||||
cs->nextDateAsn = GetASNItem_Addr(
|
||||
dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], source);
|
||||
|
|
@ -37521,9 +37500,7 @@ void FreeOcspRequest(OcspRequest* req)
|
|||
XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
|
||||
req->url = NULL;
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
|
||||
defined(HAVE_LIGHTY)
|
||||
#ifdef OPENSSL_EXTRA
|
||||
if (req->cid != NULL)
|
||||
wolfSSL_OCSP_CERTID_free((WOLFSSL_OCSP_CERTID*)req->cid);
|
||||
req->cid = NULL;
|
||||
|
|
|
|||
|
|
@ -5176,13 +5176,9 @@ struct WOLFSSL_X509 {
|
|||
byte hwType[EXTERNAL_SERIAL_SIZE];
|
||||
int hwSerialNumSz;
|
||||
byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
|
||||
#endif /* WOLFSSL_SEP */
|
||||
#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \
|
||||
defined (OPENSSL_EXTRA)) && \
|
||||
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
|
||||
byte certPolicySet;
|
||||
byte certPolicyCrit;
|
||||
#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
|
||||
#endif /* WOLFSSL_SEP */
|
||||
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
|
||||
WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */
|
||||
|
|
|
|||
|
|
@ -1418,10 +1418,10 @@ struct DNS_entry {
|
|||
int type; /* i.e. ASN_DNS_TYPE */
|
||||
int len; /* actual DNS len */
|
||||
char* name; /* actual DNS name */
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
|
||||
#ifdef WOLFSSL_IP_ALT_NAME
|
||||
char* ipString; /* human readable form of IP address */
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL)
|
||||
#ifdef WOLFSSL_RID_ALT_NAME
|
||||
char* ridString; /* human readable form of registeredID */
|
||||
#endif
|
||||
|
||||
|
|
@ -1714,7 +1714,7 @@ struct DecodedCert {
|
|||
word32 extensionsIdx; /* if want to go back and parse later */
|
||||
const byte* extAuthInfo; /* Authority Information Access URI */
|
||||
int extAuthInfoSz; /* length of the URI */
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#ifdef WOLFSSL_ASN_CA_ISSUER
|
||||
const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */
|
||||
int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */
|
||||
#endif
|
||||
|
|
@ -1804,7 +1804,7 @@ struct DecodedCert {
|
|||
char* subjectSN;
|
||||
int subjectSNLen;
|
||||
char subjectSNEnc;
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
#ifdef WOLFSSL_CERT_NAME_ALL
|
||||
char* subjectN;
|
||||
int subjectNLen;
|
||||
char subjectNEnc;
|
||||
|
|
@ -1817,7 +1817,7 @@ struct DecodedCert {
|
|||
char* subjectDNQ;
|
||||
int subjectDNQLen;
|
||||
char subjectDNQEnc;
|
||||
#endif /*WOLFSSL_CERT_NAME_ALL */
|
||||
#endif /* WOLFSSL_CERT_NAME_ALL */
|
||||
char* subjectC;
|
||||
int subjectCLen;
|
||||
char subjectCEnc;
|
||||
|
|
@ -1882,7 +1882,7 @@ struct DecodedCert {
|
|||
char* issuerEmail;
|
||||
int issuerEmailLen;
|
||||
#endif /* WOLFSSL_HAVE_ISSUER_NAMES */
|
||||
#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
|
||||
#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
/* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
|
||||
void* issuerName;
|
||||
|
|
@ -1962,7 +1962,7 @@ struct DecodedCert {
|
|||
byte extSubjAltNameSet : 1;
|
||||
byte inhibitAnyOidSet : 1;
|
||||
byte selfSigned : 1; /* Indicates subject and issuer are same */
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
|
||||
#ifdef WOLFSSL_SEP
|
||||
byte extCertPolicySet : 1;
|
||||
#endif
|
||||
byte extCRLdistCrit : 1;
|
||||
|
|
@ -1988,7 +1988,7 @@ struct DecodedCert {
|
|||
byte extAltSigAlgSet : 1;
|
||||
byte extAltSigValSet : 1;
|
||||
#endif /* WOLFSSL_DUAL_ALG_CERTS */
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
|
||||
#ifdef WOLFSSL_SEP
|
||||
byte extCertPolicyCrit : 1;
|
||||
#endif
|
||||
#ifdef WOLFSSL_CERT_REQ
|
||||
|
|
@ -2040,7 +2040,7 @@ struct Signer {
|
|||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
Base_entry* permittedNames;
|
||||
Base_entry* excludedNames;
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
#endif /* !IGNORE_NAME_CONSTRAINTS */
|
||||
byte subjectNameHash[SIGNER_DIGEST_SIZE];
|
||||
/* sha hash of names in certificate */
|
||||
#if defined(HAVE_OCSP) || defined(HAVE_CRL)
|
||||
|
|
@ -2263,8 +2263,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
|
|||
word32* oidSz, int* algoID, void* heap);
|
||||
|
||||
typedef struct tm wolfssl_tm;
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
|
||||
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
#ifdef WOLFSSL_ASN_TIME_STRING
|
||||
WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
|
||||
#endif
|
||||
#if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
|
||||
|
|
@ -2431,13 +2430,12 @@ WOLFSSL_LOCAL int AllocCopyDer(DerBuffer** der, const unsigned char* buff,
|
|||
word32 length, int type, void* heap);
|
||||
WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
|
||||
|
||||
#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
|
||||
(defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
|
||||
#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE
|
||||
WOLFSSL_LOCAL int ParseKeyUsageStr(const char* value, word16* keyUsage,
|
||||
void* heap);
|
||||
WOLFSSL_LOCAL int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage,
|
||||
void* heap);
|
||||
#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */
|
||||
#endif
|
||||
|
||||
#endif /* !NO_CERTS */
|
||||
|
||||
|
|
@ -2529,8 +2527,7 @@ struct CertStatus {
|
|||
byte nextDate[MAX_DATE_SIZE];
|
||||
byte thisDateFormat;
|
||||
byte nextDateFormat;
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
|
||||
#ifdef WOLFSSL_OCSP_PARSE_STATUS
|
||||
WOLFSSL_ASN1_TIME thisDateParsed;
|
||||
WOLFSSL_ASN1_TIME nextDateParsed;
|
||||
byte* thisDateAsn;
|
||||
|
|
@ -2615,10 +2612,6 @@ struct OcspRequest {
|
|||
int serialSz;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
WOLFSSL_ASN1_INTEGER* serialInt;
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
|
||||
defined(HAVE_LIGHTY)
|
||||
void* cid; /* WOLFSSL_OCSP_CERTID kept to free */
|
||||
#endif
|
||||
byte* url; /* copy of the extAuthInfo in source cert */
|
||||
|
|
|
|||
|
|
@ -361,7 +361,6 @@ typedef struct WOLFSSL_ASN1_INTEGER {
|
|||
#endif
|
||||
#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
|
||||
|
||||
#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
#ifdef WOLFSSL_MULTI_ATTRIB
|
||||
#ifndef CTC_MAX_ATTRIB
|
||||
#define CTC_MAX_ATTRIB 4
|
||||
|
|
@ -375,7 +374,6 @@ typedef struct NameAttrib {
|
|||
char value[CTC_NAME_SIZE]; /* name */
|
||||
} NameAttrib;
|
||||
#endif /* WOLFSSL_MULTI_ATTRIB */
|
||||
#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||
|
||||
#ifdef WOLFSSL_CUSTOM_OID
|
||||
typedef struct CertOidField {
|
||||
|
|
|
|||
|
|
@ -2889,6 +2889,116 @@ extern void uITRON4_free(void *p) ;
|
|||
#define WOLFSSL_ASN_TEMPLATE
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#undef WOLFSSL_ASN_ALL
|
||||
#define WOLFSSL_ASN_ALL
|
||||
#endif
|
||||
|
||||
/* Enable all parsing features for ASN */
|
||||
#ifdef WOLFSSL_ASN_ALL
|
||||
/* Alternate Names */
|
||||
#undef WOLFSSL_ALT_NAMES
|
||||
#define WOLFSSL_ALT_NAMES
|
||||
|
||||
/* Alternate Name: human readable form of IP address*/
|
||||
#undef WOLFSSL_IP_ALT_NAME
|
||||
#define WOLFSSL_IP_ALT_NAME
|
||||
|
||||
/* Alternate name: human readable form of registered ID */
|
||||
#undef WOLFSSL_RID_ALT_NAME
|
||||
#define WOLFSSL_RID_ALT_NAME
|
||||
|
||||
/* CA Issuer URI */
|
||||
#undef WOLFSSL_ASN_CA_ISSUER
|
||||
#define WOLFSSL_ASN_CA_ISSUER
|
||||
|
||||
/* FPKI (Federal PKI) extensions */
|
||||
#undef WOLFSSL_FPKI
|
||||
#define WOLFSSL_FPKI
|
||||
|
||||
/* Certificate policies */
|
||||
#undef WOLFSSL_SEP
|
||||
#define WOLFSSL_SEP
|
||||
|
||||
/* Support for full AuthorityKeyIdentifier extension.
|
||||
* Only supports copying full AKID from an existing certificate */
|
||||
#undef WOLFSSL_AKID_NAME
|
||||
#define WOLFSSL_AKID_NAME
|
||||
|
||||
#undef WOLFSSL_CERT_EXT
|
||||
#define WOLFSSL_CERT_EXT
|
||||
|
||||
/* Support for SubjectDirectoryAttributes extension */
|
||||
#undef WOLFSSL_SUBJ_DIR_ATTR
|
||||
#define WOLFSSL_SUBJ_DIR_ATTR
|
||||
|
||||
/* Support for SubjectInfoAccess extension */
|
||||
#undef WOLFSSL_SUBJ_INFO_ACC
|
||||
#define WOLFSSL_SUBJ_INFO_ACC
|
||||
|
||||
#undef WOLFSSL_CERT_NAME_ALL
|
||||
#define WOLFSSL_CERT_NAME_ALL
|
||||
|
||||
#undef WOLFSSL_HAVE_ISSUER_NAMES
|
||||
#define WOLFSSL_HAVE_ISSUER_NAMES
|
||||
|
||||
#undef WOLFSSL_MULTI_ATTRIB
|
||||
#define WOLFSSL_MULTI_ATTRIB
|
||||
|
||||
#undef ASN_BER_TO_DER
|
||||
#define ASN_BER_TO_DER
|
||||
|
||||
#undef WOLFSSL_CUSTOM_OID
|
||||
#define WOLFSSL_CUSTOM_OID
|
||||
|
||||
#undef HAVE_OID_ENCODING
|
||||
#define HAVE_OID_ENCODING
|
||||
|
||||
#undef HAVE_OID_DECODING
|
||||
#define HAVE_OID_DECODING
|
||||
|
||||
#undef HAVE_SMIME
|
||||
#define HAVE_SMIME
|
||||
|
||||
#undef WOLFSSL_ASN_TIME_STRING
|
||||
#define WOLFSSL_ASN_TIME_STRING
|
||||
|
||||
#undef WOLFSSL_ASN_PARSE_KEYUSAGE
|
||||
#define WOLFSSL_ASN_PARSE_KEYUSAGE
|
||||
|
||||
#undef WOLFSSL_OCSP_PARSE_STATUS
|
||||
#define WOLFSSL_OCSP_PARSE_STATUS
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
|
||||
defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
#undef WOLFSSL_ASN_TIME_STRING
|
||||
#define WOLFSSL_ASN_TIME_STRING
|
||||
#endif
|
||||
|
||||
#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \
|
||||
(defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
|
||||
#undef WOLFSSL_ASN_PARSE_KEYUSAGE
|
||||
#define WOLFSSL_ASN_PARSE_KEYUSAGE
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) && \
|
||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || \
|
||||
defined(WOLFSSL_APACHE_HTTPD))
|
||||
#undef WOLFSSL_OCSP_PARSE_STATUS
|
||||
#define WOLFSSL_OCSP_PARSE_STATUS
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
|
||||
defined(WOLFSSL_CERT_GEN)
|
||||
#undef WOLFSSL_MULTI_ATTRIB
|
||||
#define WOLFSSL_MULTI_ATTRIB
|
||||
#endif
|
||||
|
||||
|
||||
/* Linux Kernel Module */
|
||||
#ifdef WOLFSSL_LINUXKM
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
|
|
|
|||
Loading…
Reference in New Issue