WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

wolfssl/wolfcrypt/logging.h and wolfcrypt/src/logging.c: add 

WOLFSSL_DEBUG_PRINTF() macro adapted from wolfssl_log(), refactor
  wolfssl_log() to use it, and move printf setup includes/prototypes from
  logging.c to logging.h;

src/ssl_load.c: add source_name arg and WOLFSSL_DEBUG_CERTIFICATE_LOADS clauses
  to ProcessBuffer() and ProcessChainBuffer(), and pass reasonable values from
  callers;

remove expired "Baltimore CyberTrust Root" from certs/external/ca_collection.pem
  and certs/external/baltimore-cybertrust-root.pem.
pull/8769/head
Daniel Pouzzner 2025-05-13 20:30:48 -05:00
parent 5f2a43f01f
commit 55460a5261
7 changed files with 190 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
certs/external/baltimore-cybertrust-root.pem vendored
View File

@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
-----END CERTIFICATE-----

77
certs/external/ca_collection.pem vendored
View File

@ -1,80 +1,3 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 33554617 (0x20000b9)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
Validity
Not Before: May 12 18:46:00 2000 GMT
Not After : May 12 23:59:00 2025 GMT
Subject: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:04:bb:22:ab:98:3d:57:e8:26:72:9a:b5:79:
d4:29:e2:e1:e8:95:80:b1:b0:e3:5b:8e:2b:29:9a:
64:df:a1:5d:ed:b0:09:05:6d:db:28:2e:ce:62:a2:
62:fe:b4:88:da:12:eb:38:eb:21:9d:c0:41:2b:01:
52:7b:88:77:d3:1c:8f:c7:ba:b9:88:b5:6a:09:e7:
73:e8:11:40:a7:d1:cc:ca:62:8d:2d:e5:8f:0b:a6:
50:d2:a8:50:c3:28:ea:f5:ab:25:87:8a:9a:96:1c:
a9:67:b8:3f:0c:d5:f7:f9:52:13:2f:c2:1b:d5:70:
70:f0:8f:c0:12:ca:06:cb:9a:e1:d9:ca:33:7a:77:
d6:f8:ec:b9:f1:68:44:42:48:13:d2:c0:c2:a4:ae:
5e:60:fe:b6:a6:05:fc:b4:dd:07:59:02:d4:59:18:
98:63:f5:a5:63:e0:90:0c:7d:5d:b2:06:7a:f3:85:
ea:eb:d4:03:ae:5e:84:3e:5f:ff:15:ed:69:bc:f9:
39:36:72:75:cf:77:52:4d:f3:c9:90:2c:b9:3d:e5:
c9:23:53:3f:1f:24:98:21:5c:07:99:29:bd:c6:3a:
ec:e7:6e:86:3a:6b:97:74:63:33:bd:68:18:31:f0:
78:8d:76:bf:fc:9e:8e:5d:2a:86:a7:4d:90:dc:27:
1a:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:3
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
85:0c:5d:8e:e4:6f:51:68:42:05:a0:dd:bb:4f:27:25:84:03:
bd:f7:64:fd:2d:d7:30:e3:a4:10:17:eb:da:29:29:b6:79:3f:
76:f6:19:13:23:b8:10:0a:f9:58:a4:d4:61:70:bd:04:61:6a:
12:8a:17:d5:0a:bd:c5:bc:30:7c:d6:e9:0c:25:8d:86:40:4f:
ec:cc:a3:7e:38:c6:37:11:4f:ed:dd:68:31:8e:4c:d2:b3:01:
74:ee:be:75:5e:07:48:1a:7f:70:ff:16:5c:84:c0:79:85:b8:
05:fd:7f:be:65:11:a3:0f:c0:02:b4:f8:52:37:39:04:d5:a9:
31:7a:18:bf:a0:2a:f4:12:99:f7:a3:45:82:e3:3c:5e:f5:9d:
9e:b5:c8:9e:7c:2e:c8:a4:9e:4e:08:14:4b:6d:fd:70:6d:6b:
1a:63:bd:64:e6:1f:b7:ce:f0:f2:9f:2e:bb:1b:b7:f2:50:88:
73:92:c2:e2:e3:16:8d:9a:32:02:ab:8e:18:dd:e9:10:11:ee:
7e:35:ab:90:af:3e:30:94:7a:d0:33:3d:a7:65:0f:f5:fc:8e:
9e:62:cf:47:44:2c:01:5d:bb:1d:b5:32:d2:47:d2:38:2e:d0:
fe:81:dc:32:6a:1e:b5:ee:3c:d5:fc:e7:81:1d:19:c3:24:42:
ea:63:39:a9
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)

111
src/ssl_load.c
View File

@ -2352,11 +2352,13 @@ static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type)
* @param [out] used Number of bytes consumed.
* @param [in[ userChain Whether this certificate is for user's chain.
* @param [in] verify How to verify certificate.
* @param [in] source_name Associated filename or other source ID.
* @return 1 on success.
* @return Less than 1 on failure.
*/
int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify)
int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify,
const char *source_name)
{
DerBuffer* der = NULL;
int ret = 0;
@ -2367,6 +2369,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
EncryptedInfo info[1];
#endif
int algId = 0;
#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
long usedAtStart = used ? *used : 0L;
#else
(void)source_name;
#endif
WOLFSSL_ENTER("ProcessBuffer");
@ -2444,6 +2451,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr);
ret = 0;
}
#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
if (ret < 0) {
#ifdef NO_ERROR_STRINGS
WOLFSSL_DEBUG_PRINTF(
"ERROR: ProcessUserChain: certificate from %s at offset %ld"
" rejected with code %d\n",
source_name, usedAtStart, ret);
#else
WOLFSSL_DEBUG_PRINTF(
"ERROR: ProcessUserChain: certificate from %s at offset %ld"
" rejected with code %d: %s\n",
source_name, usedAtStart, ret,
wolfSSL_ERR_reason_error_string(ret));
#endif
}
#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */
}
#ifdef WOLFSSL_SMALL_STACK
@ -2455,6 +2478,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
/* Process the different types of certificates. */
ret = ProcessBufferCertTypes(ctx, ssl, buff, sz, der, format, type,
verify);
#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
if (ret < 0) {
#ifdef NO_ERROR_STRINGS
WOLFSSL_DEBUG_PRINTF(
"ERROR: ProcessBufferCertTypes: certificate from %s at"
" offset %ld rejected with code %d\n",
source_name, usedAtStart, ret);
#else
WOLFSSL_DEBUG_PRINTF(
"ERROR: ProcessBufferCertTypes: certificate from %s at"
" offset %ld rejected with code %d: %s\n",
source_name, usedAtStart, ret,
wolfSSL_ERR_reason_error_string(ret));
#endif
}
#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */
}
else {
FreeDer(&der);
@ -2515,12 +2554,14 @@ static int ProcessChainBufferCRL(WOLFSSL_CTX* ctx, const unsigned char* buff,
* @param [in] sz Size of data in buffer.
* @param [in] type Type of data.
* @param [in] verify How to verify certificate.
* @param [in] source_name Associated filename or other source ID.
* @return 1 on success.
* @return 0 on failure.
* @return MEMORY_E when dynamic memory allocation fails.
*/
static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
const unsigned char* buff, long sz, int type, int verify)
const unsigned char* buff, long sz, int type, int verify,
const char *source_name)
{
int ret = 0;
long used = 0;
@ -2529,11 +2570,11 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
WOLFSSL_MSG("Processing CA PEM file");
/* Keep processing file while no errors and data to parse. */
while ((ret >= 0) && (used < sz)) {
long consumed = 0;
long consumed = used;
/* Process the buffer. */
ret = ProcessBuffer(ctx, buff + used, sz - used, WOLFSSL_FILETYPE_PEM,
type, ssl, &consumed, 0, verify);
type, ssl, &consumed, 0, verify, source_name);
/* Memory allocation failure is fatal. */
if (ret == WC_NO_ERR_TRACE(MEMORY_E)) {
gotOne = 0;
@ -2665,6 +2706,12 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
{
/* Not a header that we support. */
WOLFSSL_MSG("Failed to detect certificate type");
#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
WOLFSSL_DEBUG_PRINTF(
"ERROR: ProcessFile: Failed to detect certificate type"
" of \"%s\"\n",
fname);
#endif
ret = WOLFSSL_BAD_CERTTYPE;
}
}
@ -2673,7 +2720,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) &&
(format == WOLFSSL_FILETYPE_PEM)) {
ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type,
verify);
verify, fname);
}
#ifdef HAVE_CRL
else if (type == CRL_TYPE) {
@ -2690,18 +2737,18 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
long consumed = 0;
ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
&consumed, userChain, verify);
&consumed, userChain, verify, fname);
if ((ret == 1) && (consumed < sz)) {
ret = ProcessBuffer(ctx, content.buffer + consumed,
sz - consumed, format, ALT_PRIVATEKEY_TYPE, ssl, NULL, 0,
verify);
verify, fname);
}
}
#endif
else {
/* Load all other certificate types. */
ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
NULL, userChain, verify);
NULL, userChain, verify, fname);
}
}
@ -3030,7 +3077,8 @@ static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded)
if (ProcessBuffer(ctx, certCtx->pbCertEncoded,
certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1,
CA_TYPE, NULL, NULL, 0,
GET_VERIFY_SETTING_CTX(ctx)) == 1) {
GET_VERIFY_SETTING_CTX(ctx),
storeNames[i]) == 1) {
/*
* Set "loaded" as long as we've loaded one CA
* cert.
@ -3105,7 +3153,8 @@ static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded)
if (ProcessBuffer(ctx, CFDataGetBytePtr(der),
CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1,
CA_TYPE, NULL, NULL, 0,
GET_VERIFY_SETTING_CTX(ctx)) == 1) {
GET_VERIFY_SETTING_CTX(ctx),
"MacOSX trustDomains") == 1) {
/*
* Set "loaded" as long as we've loaded one CA
* cert.
@ -3644,7 +3693,8 @@ int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
/* Get DER encoded certificate data from X509 object. */
ret = ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length,
WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0,
GET_VERIFY_SETTING_SSL(ssl));
GET_VERIFY_SETTING_SSL(ssl),
"x509 buffer");
}
/* Return 1 on success or 0 on failure. */
@ -3676,7 +3726,8 @@ int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der,
long idx = 0;
ret = ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl));
ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl),
"asn1 buffer");
}
/* Return 1 on success or 0 on failure. */
@ -3884,12 +3935,13 @@ int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, const unsigned char* in,
/* When PEM, treat as certificate chain of CA certificates. */
if (format == WOLFSSL_FILETYPE_PEM) {
ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify);
ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify,
"PEM buffer");
}
/* When DER, load the CA certificate. */
else {
ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL,
userChain, verify);
userChain, verify, "buffer");
}
#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
if (ret == 1) {
@ -3973,12 +4025,12 @@ int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
/* When PEM, treat as certificate chain of trusted peer certificates. */
if (format == WOLFSSL_FILETYPE_PEM) {
ret = ProcessChainBuffer(ctx, NULL, in, sz, TRUSTED_PEER_TYPE,
verify);
verify, "peer");
}
/* When DER, load the trusted peer certificate. */
else {
ret = ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL,
NULL, 0, verify);
NULL, 0, verify, "peer");
}
}
@ -4004,7 +4056,7 @@ int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0,
GET_VERIFY_SETTING_CTX(ctx));
GET_VERIFY_SETTING_CTX(ctx), "buffer");
WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret);
return ret;
@ -4030,7 +4082,7 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, &consumed,
0, GET_VERIFY_SETTING_CTX(ctx));
0, GET_VERIFY_SETTING_CTX(ctx), "key buffer");
#ifdef WOLFSSL_DUAL_ALG_CERTS
if ((ret == 1) && (consumed < sz)) {
/* When support for dual algorithm certificates is enabled, the
@ -4038,7 +4090,8 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
* private key. Hence, we have to parse both of them.
*/
ret = ProcessBuffer(ctx, in + consumed, sz - consumed, format,
ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx),
"key buffer");
}
#endif
@ -4056,7 +4109,7 @@ int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx,
WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_buffer");
ret = ProcessBuffer(ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, NULL,
NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
NULL, 0, GET_VERIFY_SETTING_CTX(ctx), "alt key buffer");
WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_buffer", ret);
return ret;
@ -4271,7 +4324,8 @@ static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx,
}
ret = ProcessBuffer(ctx, certData, certDataLen, certFormat,
CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx),
label ? label : "cert buffer");
exit:
XFREE(certData, ctx->heap, DYNAMIC_TYPE_CERT);
@ -4333,7 +4387,7 @@ int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
{
WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1,
GET_VERIFY_SETTING_CTX(ctx));
GET_VERIFY_SETTING_CTX(ctx), "cert chain buffer");
}
/* Load a PEM encoded certificate chain in a buffer into SSL context.
@ -4376,7 +4430,7 @@ int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
}
else {
ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0,
GET_VERIFY_SETTING_SSL(ssl));
GET_VERIFY_SETTING_SSL(ssl), "cert buffer");
}
return ret;
@ -4407,7 +4461,7 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
}
else {
ret = ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, ssl,
&consumed, 0, GET_VERIFY_SETTING_SSL(ssl));
&consumed, 0, GET_VERIFY_SETTING_SSL(ssl), "key buffer");
#ifdef WOLFSSL_DUAL_ALG_CERTS
if ((ret == 1) && (consumed < sz)) {
/* When support for dual algorithm certificates is enabled, the
@ -4415,7 +4469,8 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
* private key. Hence, we have to parse both of them.
*/
ret = ProcessBuffer(ssl->ctx, in + consumed, sz - consumed, format,
ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl),
"key buffer");
}
#endif
}
@ -4431,7 +4486,7 @@ int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
WOLFSSL_ENTER("wolfSSL_use_AltPrivateKey_buffer");
ret = ProcessBuffer(ssl->ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, ssl,
NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
NULL, 0, GET_VERIFY_SETTING_SSL(ssl), "alt key buffer");
WOLFSSL_LEAVE("wolfSSL_use_AltPrivateKey_buffer", ret);
return ret;
@ -4669,7 +4724,7 @@ int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
}
else {
ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 1,
GET_VERIFY_SETTING_SSL(ssl));
GET_VERIFY_SETTING_SSL(ssl), "cert chain buffer");
}
return ret;
@ -4826,7 +4881,7 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
/* Process buffer makes first certificate the leaf. */
ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx));
NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx), "extra chain buffer");
if (ret != 1) {
ret = 0;
}

4
wolfcrypt/src/error.c
View File

@ -182,10 +182,10 @@ const char* wc_GetErrorString(int error)
return "ASN date error, bad size";
case ASN_BEFORE_DATE_E :
return "ASN date error, current date before";
return "ASN date error, current date is before start of validity";
case ASN_AFTER_DATE_E :
return "ASN date error, current date after";
return "ASN date error, current date is after expiration";
case ASN_SIG_OID_E :
return "ASN signature error, mismatched oid";

142
wolfcrypt/src/logging.c
View File

@ -230,42 +230,6 @@ void WOLFSSL_TIME(int count)
#ifdef DEBUG_WOLFSSL
#if defined(ARDUINO)
/* see Arduino wolfssl.h for wolfSSL_Arduino_Serial_Print */
#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
/* see wc_port.h for fio.h and nio.h includes */
#elif defined(WOLFSSL_SGX)
/* Declare sprintf for ocall */
int sprintf(char* buf, const char *fmt, ...);
#elif defined(WOLFSSL_DEOS)
#elif defined(MICRIUM)
#if (BSP_SER_COMM_EN == DEF_ENABLED)
#include <bsp_ser.h>
#endif
#elif defined(WOLFSSL_USER_LOG)
/* user includes their own headers */
#elif defined(WOLFSSL_ESPIDF)
#include "esp_types.h"
#include "esp_log.h"
#elif defined(WOLFSSL_TELIT_M2MB)
#include <stdio.h>
#include "m2m_log.h"
#elif defined(WOLFSSL_ANDROID_DEBUG)
#include <android/log.h>
#elif defined(WOLFSSL_XILINX)
#include "xil_printf.h"
#elif defined(WOLFSSL_LINUXKM)
/* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */
#elif defined(FUSION_RTOS)
#include <fclstdio.h>
#define fprintf FCL_FPRINTF
#else
#include <stdio.h> /* for default printf stuff */
#endif
#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
int dc_log_printf(char*, ...);
#endif
#ifdef HAVE_STACK_SIZE_VERBOSE
#include <wolfssl/wolfcrypt/mem_track.h>
@ -281,106 +245,30 @@ static void wolfssl_log(const int logLevel, const char* const file_name,
else {
#if defined(WOLFSSL_USER_LOG)
WOLFSSL_USER_LOG(logMessage);
#elif defined(WOLFSSL_DEBUG_PRINTF)
if (log_prefix != NULL) {
if (file_name != NULL)
WOLFSSL_DEBUG_PRINTF("[%s]: [%s L %d] %s\n",
log_prefix, file_name, line_number, logMessage);
else
WOLFSSL_DEBUG_PRINTF("[%s]: %s\n", log_prefix, logMessage);
} else {
if (file_name != NULL)
WOLFSSL_DEBUG_PRINTF("[%s L %d] %s\n",
file_name, line_number, logMessage);
else
WOLFSSL_DEBUG_PRINTF("%s\n", logMessage);
}
#elif defined(ARDUINO)
wolfSSL_Arduino_Serial_Print(logMessage);
#elif defined(WOLFSSL_LOG_PRINTF)
if (file_name != NULL)
printf("[%s L %d] %s\n", file_name, line_number, logMessage);
else
printf("%s\n", logMessage);
#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
if (file_name != NULL)
dc_log_printf("[%s L %d] %s\n", file_name, line_number, logMessage);
else
dc_log_printf("%s\n", logMessage);
#elif defined(WOLFSSL_DEOS)
if (file_name != NULL)
printf("[%s L %d] %s\r\n", file_name, line_number, logMessage);
else
printf("%s\r\n", logMessage);
#elif defined(MICRIUM)
if (file_name != NULL)
BSP_Ser_Printf("[%s L %d] %s\r\n",
file_name, line_number, logMessage);
else
BSP_Ser_Printf("%s\r\n", logMessage);
#elif defined(WOLFSSL_MDK_ARM)
fflush(stdout) ;
if (file_name != NULL)
printf("[%s L %d] %s\n", file_name, line_number, logMessage);
else
printf("%s\n", logMessage);
fflush(stdout) ;
#elif defined(WOLFSSL_UTASKER)
fnDebugMsg((char*)logMessage);
fnDebugMsg("\r\n");
#elif defined(MQX_USE_IO_OLD)
if (file_name != NULL)
fprintf(_mqxio_stderr, "[%s L %d] %s\n",
file_name, line_number, logMessage);
else
fprintf(_mqxio_stderr, "%s\n", logMessage);
#elif defined(WOLFSSL_APACHE_MYNEWT)
if (file_name != NULL)
LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "[%s L %d] %s\n",
file_name, line_number, logMessage);
else
LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage);
#elif defined(WOLFSSL_ESPIDF)
if (file_name != NULL)
ESP_LOGI("wolfssl", "[%s L %d] %s",
file_name, line_number, logMessage);
else
ESP_LOGI("wolfssl", "%s", logMessage);
#elif defined(WOLFSSL_ZEPHYR)
if (file_name != NULL)
printk("[%s L %d] %s\n", file_name, line_number, logMessage);
else
printk("%s\n", logMessage);
#elif defined(WOLFSSL_TELIT_M2MB)
if (file_name != NULL)
M2M_LOG_INFO("[%s L %d] %s\n", file_name, line_number, logMessage);
else
M2M_LOG_INFO("%s\n", logMessage);
#elif defined(WOLFSSL_ANDROID_DEBUG)
if (file_name != NULL)
__android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "[%s L %d] %s",
file_name, line_number, logMessage);
else
__android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s",
logMessage);
#elif defined(WOLFSSL_XILINX)
if (file_name != NULL)
xil_printf("[%s L %d] %s\r\n", file_name, line_number, logMessage);
else
xil_printf("%s\r\n", logMessage);
#elif defined(WOLFSSL_LINUXKM)
if (file_name != NULL)
printk("[%s L %d] %s\n", file_name, line_number, logMessage);
else
printk("%s\n", logMessage);
#elif defined(WOLFSSL_RENESAS_RA6M4)
if (file_name != NULL)
myprintf("[%s L %d] %s\n", file_name, line_number, logMessage);
else
myprintf("%s\n", logMessage);
#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \
defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG)
STACK_SIZE_CHECKPOINT_MSG(logMessage);
#else
if (log_prefix != NULL) {
if (file_name != NULL)
fprintf(stderr, "[%s]: [%s L %d] %s\n",
log_prefix, file_name, line_number, logMessage);
else
fprintf(stderr, "[%s]: %s\n", log_prefix, logMessage);
} else {
if (file_name != NULL)
fprintf(stderr, "[%s L %d] %s\n",
file_name, line_number, logMessage);
else
fprintf(stderr, "%s\n", logMessage);
}
#error No log method defined.
#endif
}
}

3
wolfssl/internal.h
View File

@ -6390,7 +6390,8 @@ WOLFSSL_TEST_VIS void wolfSSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */
WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
long sz, int format, int type, WOLFSSL* ssl,
long* used, int userChain, int verify);
long* used, int userChain, int verify,
const char *source_name);
WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
int type, WOLFSSL* ssl, int userChain,
WOLFSSL_CRL* crl, int verify);

93
wolfssl/wolfcrypt/logging.h
View File

@ -89,11 +89,6 @@ enum wc_FuncNum {
};
#endif
#if defined(ARDUINO)
/* implemented in Arduino wolfssl.h */
extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s);
#endif /* ARDUINO */
typedef void (*wolfSSL_Logging_cb)(const int logLevel,
const char *const logMessage);
@ -157,6 +152,10 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
#define WOLFSSL_TIME(n) WC_DO_NOTHING
#endif
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_CERTIFICATE_LOADS)
#define WOLFSSL_DEBUG_CERTIFICATE_LOADS
#endif
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)
#if defined(_WIN32)
#if defined(INTIME_RTOS)
@ -268,6 +267,90 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
extern WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer;
#endif
/* Port-specific includes and printf methods: */
#if defined(ARDUINO)
/* implemented in Arduino wolfssl.h */
extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s);
#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
/* see wc_port.h for fio.h and nio.h includes */
#elif defined(WOLFSSL_SGX)
/* Declare sprintf for ocall */
int sprintf(char* buf, const char *fmt, ...);
#elif defined(WOLFSSL_DEOS)
#elif defined(MICRIUM)
#if (BSP_SER_COMM_EN == DEF_ENABLED)
#include <bsp_ser.h>
#endif
#elif defined(WOLFSSL_USER_LOG)
/* user includes their own headers */
#elif defined(WOLFSSL_ESPIDF)
#include "esp_types.h"
#include "esp_log.h"
#elif defined(WOLFSSL_TELIT_M2MB)
#include <stdio.h>
#include "m2m_log.h"
#elif defined(WOLFSSL_ANDROID_DEBUG)
#include <android/log.h>
#elif defined(WOLFSSL_XILINX)
#include "xil_printf.h"
#elif defined(WOLFSSL_LINUXKM)
/* the requisite linux/kernel.h is included in linuxkm_wc_port.h, with
* incompatible warnings masked out.
*/
#elif defined(FUSION_RTOS)
#include <fclstdio.h>
#define fprintf FCL_FPRINTF
#else
#include <stdio.h> /* for default printf stuff */
#endif
#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
int dc_log_printf(char*, ...);
#endif
#ifdef WOLFSSL_DEBUG_PRINTF
/* user-supplied definition */
#elif defined(ARDUINO)
/* ARDUINO only has print and sprintf, no printf. */
#elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS)
#define WOLFSSL_DEBUG_PRINTF(...) printf(__VA_ARGS__)
#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
#define WOLFSSL_DEBUG_PRINTF(...) dc_log_printf(__VA_ARGS__)
#elif defined(MICRIUM)
#define WOLFSSL_DEBUG_PRINTF(...) BSP_Ser_Printf(__VA_ARGS__)
#elif defined(WOLFSSL_MDK_ARM)
#define WOLFSSL_DEBUG_PRINTF(...) do { \
fflush(stdout); \
printf(__VA_ARGS__); \
fflush(stdout); \
} while (0)
#elif defined(WOLFSSL_UTASKER)
/* WOLFSSL_UTASKER only has fnDebugMsg and related primitives, no printf. */
#elif defined(MQX_USE_IO_OLD)
#define WOLFSSL_DEBUG_PRINTF(...) fprintf(_mqxio_stderr, __VAR_ARGS)
#elif defined(WOLFSSL_APACHE_MYNEWT)
#define WOLFSSL_DEBUG_PRINTF(...) LOG_DEBUG(&mynewt_log, \
LOG_MODULE_DEFAULT, __VA_ARGS__)
#elif defined(WOLFSSL_ESPIDF)
#define WOLFSSL_DEBUG_PRINTF(...) ESP_LOGI("wolfssl", __VA_ARGS__)
#elif defined(WOLFSSL_ZEPHYR)
#define WOLFSSL_DEBUG_PRINTF(...) printk(__VA_ARGS__)
#elif defined(WOLFSSL_TELIT_M2MB)
#define WOLFSSL_DEBUG_PRINTF(...) M2M_LOG_INFO(__VA_ARGS__)
#elif defined(WOLFSSL_ANDROID_DEBUG)
#define WOLFSSL_DEBUG_PRINTF(...) __android_log_print(ANDROID_LOG_VERBOSE, \
"[wolfSSL]", __VA_ARGS__)
#elif defined(WOLFSSL_XILINX)
#define WOLFSSL_DEBUG_PRINTF(...) xil_printf(__VA_ARGS__)
#elif defined(WOLFSSL_LINUXKM)
#define WOLFSSL_DEBUG_PRINTF(...) printk(__VA_ARGS__)
#elif defined(WOLFSSL_RENESAS_RA6M4)
#define WOLFSSL_DEBUG_PRINTF(...) myprintf(__VA_ARGS__)
#else
#define WOLFSSL_DEBUG_PRINTF(...) fprintf(stderr, __VA_ARGS__)
#endif
#ifdef __cplusplus
}
#endif