diff --git a/configure.ac b/configure.ac index 5ad6ab5ad..70da4d2ba 100644 --- a/configure.ac +++ b/configure.ac @@ -911,6 +911,7 @@ AC_ARG_ENABLE([mcast], # WOLFSSL_MYSQL_COMPATIBLE # web server (--enable-webserver) HAVE_WEBSERVER # net-snmp (--enable-net-snmp) +# krb (--enable-krb) WOLFSSL_KRB # Bind DNS compatibility Build @@ -1033,6 +1034,14 @@ AC_ARG_ENABLE([net-snmp], [ ENABLED_NETSNMP=no ] ) +# kerberos 5 Build +AC_ARG_ENABLE([krb], + [AS_HELP_STRING([--enable-krb],[Enable kerberos 5 support (default: disabled)])], + [ ENABLED_KRB=$enableval ], + [ ENABLED_KRB=no ] + ) + + #IP alternative name Support AC_ARG_ENABLE([ip-alt-name], [AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])], @@ -1104,7 +1113,8 @@ if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \ test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || \ test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || \ test "$ENABLED_NTP" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \ - test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" + test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \ + test "$ENABLED_KRB" = "yes" then ENABLED_OPENSSLALL="yes" fi @@ -3249,7 +3259,7 @@ AC_ARG_ENABLE([des3], [ ENABLED_DES3=no ] ) -if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno" || test "$ENABLED_NETSNMP" = "yes" || test "$ENABLED_LIBSSH2" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno" || test "$ENABLED_NETSNMP" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_KRB" = "yes" then ENABLED_DES3="yes" fi @@ -3267,7 +3277,7 @@ then fi # ARC4 -if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_KRB" = "yes" then # Requires RC4 make sure on (if not forcefully disabled with --disable-arc4) test "$enable_arc4" = "" && enable_arc4=yes @@ -3824,7 +3834,8 @@ AC_ARG_ENABLE([crl], ) if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \ - test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" + test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \ + test "x$ENABLED_KRB" = "xyes" then ENABLED_CRL=yes fi @@ -4713,6 +4724,17 @@ then fi fi +if test "$ENABLED_KRB" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KRB -DWOLFSSL_AES_DIRECT" + + # Requires PKCS7 + if test "x$ENABLED_PKCS7" = "xno" + then + ENABLED_PKCS7="yes" + fi +fi + if test "$ENABLED_SIGNAL" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT" @@ -5158,7 +5180,7 @@ AC_ARG_ENABLE([md4], if test "$ENABLED_MD4" = "no" then #turn on MD4 if using stunnel - if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno" + if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_KRB" = "xyes" then ENABLED_MD4="yes" else @@ -6809,7 +6831,7 @@ then AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS" AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS" - AM_CFLAGS="-DWOLFSSL_AKID_NAME $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_AKID_NAME -DHAVE_CTS $AM_CFLAGS" fi if test "$ENABLED_OPENSSLEXTRA" = "x509small" diff --git a/src/ssl.c b/src/ssl.c index 60098865f..92a134ec4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -99,6 +99,7 @@ #include #include #include + #include #include #include #include @@ -21091,6 +21092,57 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk) wolfSSL_sk_free(sk); } +#ifdef HAVE_CRL +WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new(void) +{ + WOLFSSL_STACK* s = wolfSSL_sk_new_node(NULL); + if (s != NULL) + s->type = STACK_TYPE_X509_CRL; + return s; +} + +void wolfSSL_sk_X509_CRL_pop_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, + void (*f) (WOLFSSL_X509_CRL*)) +{ + WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_pop_free"); + wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f); +} + +void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk) +{ + wolfSSL_sk_X509_CRL_pop_free(sk, NULL); +} + +/* return 1 on success 0 on fail */ +int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, WOLFSSL_X509_CRL* crl) +{ + WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_push"); + + if (sk == NULL || crl == NULL) { + return WOLFSSL_FAILURE; + } + + return wolfSSL_sk_push(sk, crl); +} + +WOLFSSL_X509_CRL* wolfSSL_sk_X509_CRL_value(WOLF_STACK_OF(WOLFSSL_X509)* sk, + int i) +{ + WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_value"); + if (sk) + return (WOLFSSL_X509_CRL*)wolfSSL_sk_value(sk, i); + return NULL; +} + +int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_num"); + if (sk) + return wolfSSL_sk_num(sk); + return 0; +} +#endif /* HAVE_CRL */ + #endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) @@ -21250,6 +21302,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: default: /* All other types are pointers */ if (!sk->data.generic) { @@ -21309,6 +21362,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: default: /* All other types are pointers */ node->data.generic = sk->data.generic; @@ -21981,6 +22035,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data) case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: default: sk->hash = sk->hash_fn(sk->data.generic); break; @@ -22005,6 +22060,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data) case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: default: return sk->data.generic; } @@ -30392,7 +30448,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, return; } - if (enc == AES_ENCRYPT) { + if (enc) { if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) { WOLFSSL_MSG("Error with AES CBC encrypt"); } @@ -30509,6 +30565,86 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv, #endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */ #endif /* NO_AES */ +#ifdef HAVE_CTS +/* + * Ciphertext stealing interface compatible with RFC2040 and RFC3962. + */ +size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in, + unsigned char *out, size_t len, const void *key, + unsigned char *iv, WOLFSSL_CBC128_CB cbc) +{ + byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ]; + int lastBlkLen = len % WOLFSSL_CTS128_BLOCK_SZ; + WOLFSSL_ENTER("wolfSSL_CRYPTO_cts128_encrypt"); + + if (in == NULL || out == NULL || len < WOLFSSL_CTS128_BLOCK_SZ || + cbc == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (lastBlkLen == 0) + lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ; + + /* Encrypt data up to last block */ + (*cbc)(in, out, len - lastBlkLen, key, iv, 1); + + /* Move to last block */ + in += len - lastBlkLen; + out += len - lastBlkLen; + + /* RFC2040: Pad Pn with zeros at the end to create P of length BB. */ + XMEMCPY(lastBlk, in, lastBlkLen); + XMEMSET(lastBlk + lastBlkLen, 0, WOLFSSL_CTS128_BLOCK_SZ - lastBlkLen); + /* RFC2040: Select the first Ln bytes of En-1 to create Cn */ + XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); + (*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ, + key, iv, 1); + + return len; +} + +size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, + unsigned char *out, size_t len, const void *key, + unsigned char *iv, WOLFSSL_CBC128_CB cbc) +{ + byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ]; + byte prevBlk[WOLFSSL_CTS128_BLOCK_SZ]; + int lastBlkLen = len % WOLFSSL_CTS128_BLOCK_SZ; + WOLFSSL_ENTER("wolfSSL_CRYPTO_cts128_decrypt"); + + if (in == NULL || out == NULL || len <= WOLFSSL_CTS128_BLOCK_SZ || + cbc == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (lastBlkLen == 0) + lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ; + + /* Decrypt up to last two blocks */ + (*cbc)(in, out, len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0); + + /* Move to last two blocks */ + in += len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ; + out += len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ; + + /* RFC2040: Decrypt Cn-1 to create Dn. + * Use 0 buffer as IV to do straight decryption. + * This places the Cn-1 block at lastBlk */ + XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ); + (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, 0); + /* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn + * to create En. */ + XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); + /* Cn and Cn-1 can now be decrypted */ + (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0); + (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0); + XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen); + return len; +} +#endif /* HAVE_CTS */ + #ifndef NO_ASN_TIME #ifndef NO_BIO int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) @@ -30788,6 +30924,8 @@ void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i) return (void*)sk->data.x509_obj; case STACK_TYPE_DIST_POINT: return (void*)sk->data.dp; + case STACK_TYPE_X509_CRL: + return (void*)sk->data.crl; default: return (void*)sk->data.generic; } @@ -30876,6 +31014,7 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: default: WOLFSSL_MSG("Unsupported stack type"); goto error; @@ -31002,6 +31141,11 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, case STACK_TYPE_BY_DIR_hash: #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_HASH_free; +#endif + break; + case STACK_TYPE_X509_CRL: +#if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) + func = (wolfSSL_sk_freefunc)wolfSSL_X509_CRL_free; #endif break; case STACK_TYPE_CIPHER: @@ -44385,6 +44529,21 @@ err: #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ } + WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read( + XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, + pem_password_cb* cb, void* u) + { + WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE); + WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read"); + if (fileBio != NULL) { + ret = wolfSSL_PEM_X509_INFO_read_bio(fileBio, sk, cb, u); + wolfSSL_BIO_free(fileBio); + } + return ret; + } + /* * bio WOLFSSL_BIO to read certificates from * sk possible stack to push more X509_INFO structs to. Can be NULL @@ -47233,15 +47392,7 @@ WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* int i) { WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value"); - - for (; sk != NULL && i > 0; i--) { - sk = sk->next; - } - - if (i != 0 || sk == NULL) - return NULL; - - return sk->data.name; + return (WOLFSSL_X509_NAME*)wolfSSL_sk_value(sk, i); } WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) @@ -47282,21 +47433,8 @@ void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, /* Free only the sk structure, NOT X509_NAME members */ void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { - WOLFSSL_STACK* node; WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_free"); - - if (sk == NULL) - return; - - node = sk->next; - while (sk->num > 1) { - WOLFSSL_STACK* tmp = node; - node = node->next; - XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); - sk->num -= 1; - } - - XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL); + wolfSSL_sk_free(sk); } int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, @@ -52762,11 +52900,10 @@ int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n) } #endif - /* WOLFSSL_SUCCESS on ok */ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) { - int ret = 0; + int ret = WOLFSSL_FAILURE; int len; int initTmpRng = 0; WC_RNG* rng = NULL; @@ -52839,6 +52976,44 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) return ret; } +/** + * N = length of range input var + * Generate N-bit length numbers until generated number is less than range + * @param r Output number + * @param range The upper limit of generated output + * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range) +{ + int n; + int iter = 0; + WOLFSSL_MSG("wolfSSL_BN_rand_range"); + + if (r == NULL || range == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + n = wolfSSL_BN_num_bits(range); + + if (n <= 1) { + wolfSSL_BN_zero(r); + } + else { + do { + if (iter >= 100) { + WOLFSSL_MSG("wolfSSL_BN_rand_range too many iterations"); + return WOLFSSL_FAILURE; + } + iter++; + if (wolfSSL_BN_pseudo_rand(r, n, -1, 0) == WOLFSSL_FAILURE) { + WOLFSSL_MSG("wolfSSL_BN_rand error"); + return WOLFSSL_FAILURE; + } + } while(wolfSSL_BN_cmp(r, range) >= 0); + } + return WOLFSSL_SUCCESS; +} /* WOLFSSL_SUCCESS on ok * code is same as wolfSSL_BN_rand except for how top and bottom is handled. @@ -61662,15 +61837,16 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7) return (PKCS7*)pkcs7; } -int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) +int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out) { byte* output = NULL; + int localBuf = 0; int len; WC_RNG rng; int ret = WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio"); + WOLFSSL_ENTER("wolfSSL_i2d_PKCS7"); - if (!bio || !p7) { + if (!out || !p7) { WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FAILURE; } @@ -61688,10 +61864,16 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) goto cleanup; } - output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!output) { - WOLFSSL_MSG("malloc error"); - goto cleanup; + if (*out == NULL) { + output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (!output) { + WOLFSSL_MSG("malloc error"); + goto cleanup; + } + localBuf = 1; + } + else { + output = *out; } if ((len = wc_PKCS7_EncodeSignedData(p7, output, len)) < 0) { @@ -61699,6 +61881,36 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) goto cleanup; } + ret = len; +cleanup: + if (p7->rng == &rng) { + wc_FreeRng(&rng); + p7->rng = NULL; + } + if (ret == WOLFSSL_FAILURE && localBuf && output) + XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (ret != WOLFSSL_FAILURE) + *out = output; + return ret; +} + +int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) +{ + byte* output = NULL; + int len; + int ret = WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio"); + + if (!bio || !p7) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) { + WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error"); + goto cleanup; + } + if (wolfSSL_BIO_write(bio, output, len) <= 0) { WOLFSSL_MSG("wolfSSL_BIO_write error"); goto cleanup; @@ -61706,13 +61918,8 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) ret = WOLFSSL_SUCCESS; cleanup: - if (p7->rng == &rng) { - wc_FreeRng(&rng); - p7->rng = NULL; - } - if (output) { + if (output) XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } return ret; } diff --git a/tests/api.c b/tests/api.c index 27a78fee2..07fe9a8ab 100644 --- a/tests/api.c +++ b/tests/api.c @@ -313,6 +313,7 @@ #include #include #include + #include #ifdef OPENSSL_ALL #include #include @@ -34284,7 +34285,7 @@ static void test_wolfSSL_BN(void) /* check result 3*2 */ AssertIntEQ(BN_get_word(d), 6); - /* c/b = */ + /* c/b => db + a */ AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE); AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS); @@ -34313,6 +34314,14 @@ static void test_wolfSSL_BN(void) AssertIntEQ(BN_get_word(d), 8); #endif /* WOLFSSL_KEY_GEN */ + AssertIntEQ(BN_set_word(a, 1 << 6), SSL_SUCCESS); + AssertIntEQ(BN_rshift(b, a, 6), SSL_SUCCESS); + AssertIntEQ(BN_is_zero(b), 0); + AssertIntEQ(BN_rshift(b, a, 7), SSL_SUCCESS); + AssertIntEQ(BN_is_zero(b), 1); + AssertIntEQ(BN_rshift1(b, a), SSL_SUCCESS); + AssertIntEQ(BN_is_zero(b), 0); + /* set b back to 2 */ AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS); @@ -36802,6 +36811,7 @@ static void test_wolfSSL_BN_rand(void) { #if defined(OPENSSL_EXTRA) BIGNUM* bn; + BIGNUM* range; printf(testingFmt, "wolfSSL_BN_rand()"); @@ -36817,6 +36827,13 @@ static void test_wolfSSL_BN_rand(void) AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS); BN_free(bn); + AssertNotNull(bn = BN_new()); + AssertNotNull(range = BN_new()); + AssertIntEQ(BN_rand(range, 64, 0, 0), SSL_SUCCESS); + AssertIntEQ(BN_rand_range(bn, range), SSL_SUCCESS); + BN_free(bn); + BN_free(range); + printf(resultFmt, passed); #endif } @@ -37558,6 +37575,7 @@ static void test_wolfSSL_OBJ(void) !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \ defined(WOLFSSL_CERT_GEN) ASN1_OBJECT *obj = NULL; + ASN1_OBJECT *obj2 = NULL; char buf[50]; XFILE fp; @@ -37600,7 +37618,10 @@ static void test_wolfSSL_OBJ(void) AssertIntEQ(OBJ_txt2nid(buf), NID_sha256); #endif AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); + AssertNotNull(obj2 = OBJ_dup(obj)); + AssertIntEQ(OBJ_cmp(obj, obj2), 0); ASN1_OBJECT_free(obj); + ASN1_OBJECT_free(obj2); for (i = 0; f[i] != NULL; i++) { @@ -41791,8 +41812,6 @@ static void test_wolfSSL_AES_cbc_encrypt(void) int keySzN = -1; byte out[AES_BLOCK_SIZE] = {0}; byte* outN = NULL; - const int enc1 = AES_ENCRYPT; - const int enc2 = AES_DECRYPT; /* Test vectors retrieved from: * @@ -41828,15 +41847,15 @@ static void test_wolfSSL_AES_cbc_encrypt(void) #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE) printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()"); - STRESS_T(pt128N, out, len, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0); - STRESS_T(pt128, out, len, &aes, iv128N, enc1, ct128, AES_BLOCK_SIZE, 0); + STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); + STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0); - wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, enc1); + wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, 1); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); - wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, enc1); + wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, 1); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); - STRESS_T(pt128, out, lenB, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0); + STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); printf(resultFmt, "Stress Tests: passed"); printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key"); @@ -41860,7 +41879,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) RESET_IV(iv128tmp, iv128); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, enc1); + wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, 1); AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -41872,7 +41891,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) len = sizeof(ct128); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, enc2); + wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, 0); AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -41905,7 +41924,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) RESET_IV(iv192tmp, iv192); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, enc1); + wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, 1); AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -41917,7 +41936,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) XMEMSET(out, 0, AES_BLOCK_SIZE); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, enc2); + wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, 0); AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -41950,7 +41969,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) RESET_IV(iv256tmp, iv256); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, enc1); + wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, 1); AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -41962,7 +41981,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) XMEMSET(out, 0, AES_BLOCK_SIZE); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, enc2); + wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, 0); AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -42005,6 +42024,90 @@ static void test_wolfSSL_AES_cbc_encrypt(void) #endif } +static void test_wolfSSL_CRYPTO_cts128(void) +{ +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) \ + && defined(HAVE_CTS) + byte tmp[64]; /* Largest vector size */ + /* Test vectors taken form RFC3962 Appendix B */ + const testVector vects[] = { + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20", + "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" + "\x97", + 17, 17 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20", + "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5", + 31, 31 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43", + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84", + 32, 32 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5", + 47, 47 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8", + 48, 48 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" + "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" + "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8", + 64, 64 + } + }; + byte keyBytes[AES_128_KEY_SIZE] = { + 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, + 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 + }; + size_t i; + XMEMSET(tmp, 0, sizeof(tmp)); + for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) { + AES_KEY encKey; + AES_KEY decKey; + byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */ + XMEMSET(iv, 0, sizeof(iv)); + AssertIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &encKey), 0); + AssertIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &decKey), 0); + AssertIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input, + tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt), + vects[i].outLen); + AssertIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0); + XMEMSET(iv, 0, sizeof(iv)); + AssertIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output, + tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt), + vects[i].inLen); + AssertIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0); + } +#endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */ +} + #if defined(OPENSSL_ALL) #if !defined(NO_ASN) static void test_wolfSSL_ASN1_STRING_to_UTF8(void) @@ -46120,6 +46223,31 @@ static void test_sk_X509(void) #endif } +static void test_sk_X509_CRL(void) +{ +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(HAVE_CRL) + X509_CRL* crl; + XFILE fp; + STACK_OF(X509_CRL)* s; + + printf(testingFmt, "test_sk_X509_CRL"); + + fp = XFOPEN("./certs/crl/crl.pem", "rb"); + AssertTrue((fp != XBADFILE)); + AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); + XFCLOSE(fp); + + AssertNotNull(s = sk_X509_CRL_new()); + AssertIntEQ(sk_X509_CRL_num(s), 0); + AssertIntEQ(sk_X509_CRL_push(s, crl), 1); + AssertIntEQ(sk_X509_CRL_num(s), 1); + AssertPtrEq(sk_X509_CRL_value(s, 0), crl); + sk_X509_CRL_free(s); + + printf(resultFmt, passed); +#endif +} + static void test_X509_get_signature_nid(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) @@ -46241,6 +46369,7 @@ static void test_wolfssl_PKCS7(void) BIO* bio; byte key[sizeof(client_key_der_2048)]; word32 keySz = (word32)sizeof(key); + byte* out = NULL; #endif AssertIntGT((len = CreatePKCS7SignedData(data, len, content, @@ -46276,6 +46405,8 @@ static void test_wolfssl_PKCS7(void) pkcs7->hashOID = SHAh; AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1); + AssertIntEQ(i2d_PKCS7(pkcs7, &out), 644); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); BIO_free(bio); #endif @@ -51975,6 +52106,7 @@ void ApiTest(void) test_wolfSSL_DC_cert(); test_wolfSSL_DES_ncbc(); test_wolfSSL_AES_cbc_encrypt(); + test_wolfSSL_CRYPTO_cts128(); test_wolfssl_EVP_aes_gcm_AAD_2_parts(); test_wolfssl_EVP_aes_gcm(); test_wolfSSL_PKEY_up_ref(); @@ -52109,6 +52241,8 @@ void ApiTest(void) test_ERR_load_crypto_strings(); /* OpenSSL sk_X509 API test */ test_sk_X509(); + /* OpenSSL sk_X509_CRL API test */ + test_sk_X509_CRL(); /* OpenSSL X509 API test */ test_X509_get_signature_nid(); /* OpenSSL X509 REQ API test */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index beb4088a8..24a64628e 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -658,6 +658,11 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, int fill; WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate"); + if (inl == 0 && in == NULL ) { + /* Nothing to do in this case. Just return. */ + return WOLFSSL_SUCCESS; + } + if ((ctx == NULL) || (inl < 0) || (outl == NULL)|| (in == NULL)) { WOLFSSL_MSG("Bad argument"); return WOLFSSL_FAILURE; @@ -7245,6 +7250,11 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) if (XSTRNCMP(type, "SHA256", 6) == 0) { return WC_SHA256_BLOCK_SIZE; } +#ifndef NO_MD4 + else if (XSTRNCMP(type, "MD4", 3) == 0) { + return MD4_BLOCK_SIZE; + } +#endif #ifndef NO_MD5 else if (XSTRNCMP(type, "MD5", 3) == 0) { return WC_MD5_BLOCK_SIZE; @@ -7309,6 +7319,11 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) if (XSTRNCMP(type, "SHA256", 6) == 0) { return WC_SHA256_DIGEST_SIZE; } +#ifndef NO_MD4 + else if (XSTRNCMP(type, "MD4", 3) == 0) { + return MD4_DIGEST_SIZE; + } +#endif #ifndef NO_MD5 else if (XSTRNCMP(type, "MD5", 3) == 0) { return WC_MD5_DIGEST_SIZE; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 1da262a0c..b4313b7fe 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3807,7 +3807,8 @@ typedef enum { STACK_TYPE_BY_DIR_entry = 12, STACK_TYPE_BY_DIR_hash = 13, STACK_TYPE_X509_OBJ = 14, - STACK_TYPE_DIST_POINT = 15 + STACK_TYPE_DIST_POINT = 15, + STACK_TYPE_X509_CRL = 16, } WOLF_STACK_TYPE; struct WOLFSSL_STACK { @@ -3838,6 +3839,7 @@ struct WOLFSSL_STACK { WOLFSSL_BY_DIR_HASH* dir_hash; WOLFSSL_X509_OBJECT* x509_obj; WOLFSSL_DIST_POINT* dp; + WOLFSSL_X509_CRL* crl; } data; void* heap; /* memory heap hint */ WOLFSSL_STACK* next; diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 62dfd6ab0..8698e99ee 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -26,15 +26,16 @@ #include -#define ASN1_STRING_new wolfSSL_ASN1_STRING_new -#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new -#define ASN1_STRING_type wolfSSL_ASN1_STRING_type -#define ASN1_STRING_set wolfSSL_ASN1_STRING_set -#define ASN1_STRING_free wolfSSL_ASN1_STRING_free +#define ASN1_STRING_new wolfSSL_ASN1_STRING_new +#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new +#define ASN1_STRING_type wolfSSL_ASN1_STRING_type +#define ASN1_STRING_set wolfSSL_ASN1_STRING_set +#define ASN1_OCTET_STRING_set wolfSSL_ASN1_STRING_set +#define ASN1_STRING_free wolfSSL_ASN1_STRING_free -#define ASN1_get_object wolfSSL_ASN1_get_object -#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT -#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT +#define ASN1_get_object wolfSSL_ASN1_get_object +#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT +#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT #define V_ASN1_INTEGER 0x02 #define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index ac8fd6634..0efc263e5 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -104,6 +104,7 @@ WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n); WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom); +WOLFSSL_API int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range); WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom); WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n); WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str); @@ -187,6 +188,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_pseudo_rand wolfSSL_BN_pseudo_rand #define BN_rand wolfSSL_BN_rand +#define BN_rand_range wolfSSL_BN_rand_range #define BN_is_bit_set wolfSSL_BN_is_bit_set #define BN_hex2bn wolfSSL_BN_hex2bn @@ -213,6 +215,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_is_prime_ex wolfSSL_BN_is_prime_ex #define BN_print_fp wolfSSL_BN_print_fp #define BN_rshift wolfSSL_BN_rshift +#define BN_rshift1(r, a) wolfSSL_BN_rshift((r), (a), 1) #define BN_mod_word wolfSSL_BN_mod_word #define BN_CTX_get wolfSSL_BN_CTX_get diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index c4607966a..e1da39845 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -30,6 +30,7 @@ nobase_include_HEADERS+= \ wolfssl/openssl/lhash.h \ wolfssl/openssl/md4.h \ wolfssl/openssl/md5.h \ + wolfssl/openssl/modes.h \ wolfssl/openssl/ripemd.h \ wolfssl/openssl/obj_mac.h \ wolfssl/openssl/objects.h \ diff --git a/wolfssl/openssl/modes.h b/wolfssl/openssl/modes.h new file mode 100644 index 000000000..c1fe77217 --- /dev/null +++ b/wolfssl/openssl/modes.h @@ -0,0 +1,45 @@ +/* modes.h + * + * Copyright (C) 2006-2021 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef WOLFSSL_OPENSSL_MODES_H +#define WOLFSSL_OPENSSL_MODES_H + +#include +#include + +typedef void (*WOLFSSL_CBC128_CB) (const unsigned char *in, + unsigned char *out, size_t len, const void *key, + unsigned char *iv, int enc); + +WOLFSSL_API size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in, + unsigned char *out, size_t len, const void *key, + unsigned char *iv, WOLFSSL_CBC128_CB cbc); +WOLFSSL_API size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, + unsigned char *out, size_t len, const void *key, + unsigned char *iv, WOLFSSL_CBC128_CB cbc); + +#define WOLFSSL_CTS128_BLOCK_SZ 16 + +/* Compatibility layer defines */ +#define CRYPTO_cts128_encrypt wolfSSL_CRYPTO_cts128_encrypt +#define CRYPTO_cts128_decrypt wolfSSL_CRYPTO_cts128_decrypt +#define cbc128_f WOLFSSL_CBC128_CB + +#endif /* WOLFSSL_OPENSSL_MODES_H */ diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index f0e629ac2..8628685cf 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -32,7 +32,7 @@ /* valid version */ #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \ defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_RSYSLOG) + defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) /* For Apache httpd, Use 1.1.0 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10100003L #elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) diff --git a/wolfssl/openssl/pkcs7.h b/wolfssl/openssl/pkcs7.h index 0eb8a1caf..ec02849a3 100644 --- a/wolfssl/openssl/pkcs7.h +++ b/wolfssl/openssl/pkcs7.h @@ -56,6 +56,7 @@ WOLFSSL_LOCAL PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in, int len, byte* content, word32 contentSz); WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7); WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7); +WOLFSSL_API int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out); WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs, WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags); WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs, @@ -76,6 +77,7 @@ WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, WOLFSSL_BIO** bcont #define d2i_PKCS7 wolfSSL_d2i_PKCS7 #define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio #define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio +#define i2d_PKCS7 wolfSSL_i2d_PKCS7 #define PKCS7_verify wolfSSL_PKCS7_verify #define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers #define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7 diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 47d585ec6..d5d5de371 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -422,6 +422,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 #define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX #define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio +#define PEM_X509_INFO_read wolfSSL_PEM_X509_INFO_read #define i2d_PrivateKey wolfSSL_i2d_PrivateKey #define i2d_PublicKey wolfSSL_i2d_PublicKey @@ -530,6 +531,13 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define sk_X509_free wolfSSL_sk_X509_free #define X509_chain_up_ref wolfSSL_X509_chain_up_ref +#define sk_X509_CRL_new wolfSSL_sk_X509_CRL_new +#define sk_X509_CRL_pop_free wolfSSL_sk_X509_CRL_pop_free +#define sk_X509_CRL_free wolfSSL_sk_X509_CRL_free +#define sk_X509_CRL_push wolfSSL_sk_X509_CRL_push +#define sk_X509_CRL_value wolfSSL_sk_X509_CRL_value +#define sk_X509_CRL_num wolfSSL_sk_X509_CRL_num + #define sk_X509_OBJECT_new wolfSSL_sk_X509_OBJECT_new #define sk_X509_OBJECT_free wolfSSL_sk_X509_OBJECT_free #define sk_X509_OBJECT_pop_free wolfSSL_sk_X509_OBJECT_pop_free @@ -823,8 +831,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT #define ASN1_STRING_new wolfSSL_ASN1_STRING_new +#define ASN1_OCTET_STRING_new wolfSSL_ASN1_STRING_new #define ASN1_STRING_free wolfSSL_ASN1_STRING_free #define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp +#define ASN1_OCTET_STRING_cmp wolfSSL_ASN1_STRING_cmp #define ASN1_STRING_data wolfSSL_ASN1_STRING_data #define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_get0_data #define ASN1_STRING_length wolfSSL_ASN1_STRING_length @@ -1590,6 +1600,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define sk_SSL_COMP_free(...) #endif +#define OBJ_dup wolfSSL_ASN1_OBJECT_dup + #define SSL_set_psk_use_session_callback wolfSSL_set_psk_use_session_callback #define SSL_SESSION_is_resumable wolfSSL_SESSION_is_resumable typedef WOLFSSL_CONF_CTX SSL_CONF_CTX; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c1a1cfc4d..b02959074 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1350,8 +1350,19 @@ typedef WOLF_STACK_OF(WOLFSSL_DIST_POINT) WOLFSSL_DIST_POINTS; WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509); -WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); -WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); +WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509)* sk); +WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk); + +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new(void); +WOLFSSL_API void wolfSSL_sk_X509_CRL_pop_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, + void (*f) (WOLFSSL_X509_CRL*)); +WOLFSSL_API void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk); +WOLFSSL_API int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, + WOLFSSL_X509_CRL* crl); +WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_sk_X509_CRL_value( + WOLF_STACK_OF(WOLFSSL_X509)* sk, int i); +WOLFSSL_API int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk); + WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void); WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn); WOLFSSL_API int wolfSSL_GENERAL_NAME_set_type(WOLFSSL_GENERAL_NAME* name, @@ -4101,6 +4112,11 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp, WOLFSSL_X509_CRL **x, wc_pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u); +#ifndef NO_FILESYSTEM +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read( + XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, + pem_password_cb* cb, void* u); +#endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio( WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, wc_pem_password_cb* cb, void* u);