mirror of https://github.com/wolfSSL/wolfssl.git
Implement/stub the following:
- X509_get0_extensions - X509_to_X509_REQ - i2d_X509_REQ_bio - X509v3_get_ext_count - i2d_PKCS7_bio Additional changes: - Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values - wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedDatapull/3439/head
Juliusz Sosinowicz
parent
3721d80e84
commit
b52e11d3d4
|
|
@ -4250,6 +4250,8 @@ AC_ARG_ENABLE([libest],
|
|||
|
||||
if test "$ENABLED_LIBEST" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
||||
|
||||
# Requires opensslextra and opensslall
|
||||
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
||||
then
|
||||
|
|
|
|||
|
|
@ -3432,6 +3432,9 @@ void FreeX509(WOLFSSL_X509* x509)
|
|||
if (x509->ext_sk != NULL) {
|
||||
wolfSSL_sk_X509_EXTENSION_free(x509->ext_sk);
|
||||
}
|
||||
if (x509->ext_sk_full != NULL) {
|
||||
wolfSSL_sk_X509_EXTENSION_free(x509->ext_sk_full);
|
||||
}
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_QT */
|
||||
#ifdef OPENSSL_EXTRA
|
||||
/* Free serialNumber that was set by wolfSSL_X509_get_serialNumber */
|
||||
|
|
|
|||
143
src/ssl.c
143
src/ssl.c
|
|
@ -8224,6 +8224,44 @@ int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* str, int pos,
|
|||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param x Certificate to extract extensions from
|
||||
* @return STACK_OF(X509_EXTENSION)*
|
||||
*/
|
||||
const WOLFSSL_STACK *wolfSSL_X509_get0_extensions(const WOLFSSL_X509 *x)
|
||||
{
|
||||
int numOfExt, i;
|
||||
WOLFSSL_X509 *x509 = (WOLFSSL_X509*)x;
|
||||
WOLFSSL_STACK* tmp;
|
||||
WOLFSSL_ENTER("wolfSSL_X509_get0_extensions");
|
||||
|
||||
if (!x509) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
numOfExt = wolfSSL_X509_get_ext_count(x509);
|
||||
|
||||
if (numOfExt != wolfSSL_sk_num(x509->ext_sk_full)) {
|
||||
wolfSSL_sk_free(x509->ext_sk_full);
|
||||
x509->ext_sk_full = NULL;
|
||||
/* Save x509->ext_sk */
|
||||
tmp = x509->ext_sk;
|
||||
x509->ext_sk = NULL;
|
||||
|
||||
for (i = 0; i < numOfExt; i++) {
|
||||
/* Build the extension stack */
|
||||
(void)wolfSSL_X509_set_ext(x509, i);
|
||||
}
|
||||
|
||||
/* Restore */
|
||||
x509->ext_sk_full = x509->ext_sk;
|
||||
x509->ext_sk = tmp;
|
||||
}
|
||||
|
||||
return x509->ext_sk_full;
|
||||
}
|
||||
|
||||
/* Gets the X509_EXTENSION* ext based on it's location in WOLFSSL_X509* x509.
|
||||
*
|
||||
* x509 : The X509 structure to look for the extension.
|
||||
|
|
@ -27513,7 +27551,7 @@ void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time)
|
|||
#endif /* OPENSSL_EXTRA */
|
||||
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
int wolfSSL_sk_num(WOLFSSL_STACK* sk)
|
||||
int wolfSSL_sk_num(const WOLFSSL_STACK* sk)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_num");
|
||||
if (sk == NULL)
|
||||
|
|
@ -48467,6 +48505,8 @@ PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len)
|
|||
WOLFSSL_PKCS7* pkcs7 = NULL;
|
||||
word32 idx = 0;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_d2i_PKCS7");
|
||||
|
||||
if (in == NULL)
|
||||
return NULL;
|
||||
|
||||
|
|
@ -48498,6 +48538,8 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
|
|||
{
|
||||
WOLFSSL_PKCS7* pkcs7;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_d2i_PKCS7_bio");
|
||||
|
||||
if (bio == NULL)
|
||||
return NULL;
|
||||
|
||||
|
|
@ -48516,11 +48558,39 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (wc_PKCS7_VerifySignedData(&pkcs7->pkcs7, pkcs7->data, pkcs7->len) != 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (p7 != NULL)
|
||||
*p7 = (PKCS7*)pkcs7;
|
||||
return (PKCS7*)pkcs7;
|
||||
}
|
||||
|
||||
int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
|
||||
{
|
||||
byte output[4096];
|
||||
int len;
|
||||
WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio");
|
||||
|
||||
if (!bio || !p7) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if ((len = wc_PKCS7_EncodeSignedData(p7, output, sizeof(output))) < 0) {
|
||||
WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (wolfSSL_BIO_write(bio, output, len) <= 0) {
|
||||
WOLFSSL_MSG("wolfSSL_BIO_write error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
||||
WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in,
|
||||
WOLFSSL_BIO* out, int flags)
|
||||
|
|
@ -48530,6 +48600,8 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
|||
int memSz = 0;
|
||||
WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PKCS7_verify");
|
||||
|
||||
if (pkcs7 == NULL)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
|
|
@ -48548,8 +48620,7 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
|||
*/
|
||||
(void)store;
|
||||
|
||||
ret = wc_PKCS7_VerifySignedData_ex(&p7->pkcs7, NULL, 0, p7->data, p7->len,
|
||||
NULL, 0);
|
||||
ret = wc_PKCS7_VerifySignedData(&p7->pkcs7, p7->data, p7->len);
|
||||
if (ret != 0)
|
||||
return WOLFSSL_FAILURE;
|
||||
|
||||
|
|
@ -48567,8 +48638,6 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
|||
int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
||||
WOLFSSL_BIO* out)
|
||||
{
|
||||
byte output[4096];
|
||||
int len;
|
||||
PKCS7* p7;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PKCS7_encode_certs");
|
||||
|
|
@ -48590,24 +48659,51 @@ int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
|||
certs = certs->next;
|
||||
}
|
||||
|
||||
if ((len = wc_PKCS7_EncodeSignedData(p7, output, sizeof(output))) < 0) {
|
||||
WOLFSSL_MSG("wc_PKCS7_EncodeSignedData error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
if (wolfSSL_BIO_write(out, output, len) <= 0) {
|
||||
WOLFSSL_MSG("wolfSSL_BIO_write error");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
return wolfSSL_i2d_PKCS7_bio(out, p7);
|
||||
}
|
||||
|
||||
#endif /* !NO_BIO */
|
||||
|
||||
WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* p7)
|
||||
WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7)
|
||||
{
|
||||
int i;
|
||||
WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
|
||||
WOLF_STACK_OF(WOLFSSL_X509)* ret = NULL;
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_PKCS7_to_stack");
|
||||
|
||||
if (!p7) {
|
||||
WOLFSSL_MSG("Bad parameter");
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
ret = wolfSSL_sk_X509_new();
|
||||
|
||||
for (i = 0; i < MAX_PKCS7_CERTS && p7->pkcs7.cert[i]; i++) {
|
||||
WOLFSSL_X509* x509 = wolfSSL_X509_d2i(NULL, p7->pkcs7.cert[i], p7->pkcs7.certSz[i]);
|
||||
if (x509) {
|
||||
if (wolfSSL_sk_X509_push(ret, x509) != WOLFSSL_SUCCESS) {
|
||||
wolfSSL_X509_free(x509);
|
||||
WOLFSSL_MSG("wolfSSL_sk_X509_push error");
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("wolfSSL_X509_d2i error");
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
/* Save stack to free later */
|
||||
if (p7->certs)
|
||||
wolfSSL_sk_free(p7->certs);
|
||||
p7->certs = ret;
|
||||
|
||||
return ret;
|
||||
error:
|
||||
if (ret) {
|
||||
wolfSSL_sk_free(ret);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
|
||||
|
|
@ -49385,7 +49481,7 @@ int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,
|
|||
{
|
||||
(void)req;
|
||||
(void)ext;
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
|
||||
|
|
@ -49404,6 +49500,15 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
|
|||
}
|
||||
#endif
|
||||
|
||||
WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
|
||||
WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_X509_to_X509_REQ");
|
||||
(void)pkey;
|
||||
(void)md;
|
||||
return wolfSSL_X509_dup(x);
|
||||
}
|
||||
|
||||
int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
|
||||
WOLFSSL_X509_NAME *name)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -3685,6 +3685,7 @@ struct WOLFSSL_X509 {
|
|||
#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
|
||||
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
|
||||
WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
|
||||
WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */
|
||||
WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
|
||||
#endif /* WOLFSSL_QT || OPENSSL_ALL */
|
||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
||||
|
|
|
|||
|
|
@ -54,11 +54,12 @@ WOLFSSL_API void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7);
|
|||
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in,
|
||||
int len);
|
||||
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
|
||||
WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7);
|
||||
WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
|
||||
WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
|
||||
WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs,
|
||||
WOLFSSL_BIO* out);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* p7);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7,
|
||||
WOLFSSL_STACK* certs, int flags);
|
||||
WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
|
||||
|
|
@ -69,6 +70,7 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7);
|
|||
#define PKCS7_SIGNED_free wolfSSL_PKCS7_SIGNED_free
|
||||
#define d2i_PKCS7 wolfSSL_d2i_PKCS7
|
||||
#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio
|
||||
#define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio
|
||||
#define PKCS7_verify wolfSSL_PKCS7_verify
|
||||
#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers
|
||||
#define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7
|
||||
|
|
|
|||
|
|
@ -358,6 +358,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
|||
#define DSA_bits wolfSSL_DSA_bits
|
||||
|
||||
#define i2d_X509_bio wolfSSL_i2d_X509_bio
|
||||
#define i2d_X509_REQ_bio wolfSSL_i2d_X509_bio
|
||||
#define d2i_X509_bio wolfSSL_d2i_X509_bio
|
||||
#define d2i_X509_REQ_bio wolfSSL_d2i_X509_bio
|
||||
#define d2i_X509_fp wolfSSL_d2i_X509_fp
|
||||
|
|
@ -381,6 +382,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
|||
#define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx
|
||||
#define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions
|
||||
#define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID
|
||||
#define X509_to_X509_REQ wolfSSL_X509_to_X509_REQ
|
||||
#define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name
|
||||
#define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey
|
||||
#define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ
|
||||
|
|
@ -393,6 +395,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
|||
#define X509_get_ext_count wolfSSL_X509_get_ext_count
|
||||
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
|
||||
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
|
||||
#define X509_get0_extensions wolfSSL_X509_get0_extensions
|
||||
#define X509_get_ext wolfSSL_X509_get_ext
|
||||
#define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID
|
||||
#define X509_get_issuer_name wolfSSL_X509_get_issuer_name
|
||||
|
|
|
|||
|
|
@ -109,9 +109,10 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out,
|
|||
#define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i
|
||||
#define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING
|
||||
#define X509V3_EXT_print wolfSSL_X509V3_EXT_print
|
||||
#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid
|
||||
#define X509V3_set_ctx wolfSSL_X509V3_set_ctx
|
||||
#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb
|
||||
#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid
|
||||
#define X509V3_set_ctx wolfSSL_X509V3_set_ctx
|
||||
#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb
|
||||
#define X509v3_get_ext_count wolfSSL_sk_num
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2082,7 +2082,7 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec,
|
|||
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
|
||||
#endif
|
||||
|
||||
WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
|
||||
WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
|
||||
WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
|
||||
|
||||
#if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
|
||||
|
|
@ -3398,6 +3398,7 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
|
|||
|
||||
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
|
||||
WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b);
|
||||
WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_get0_extensions(const WOLFSSL_X509 *x);
|
||||
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc);
|
||||
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc);
|
||||
WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex);
|
||||
|
|
@ -3560,6 +3561,8 @@ WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
|
|||
int nid, int type,
|
||||
const unsigned char *bytes,
|
||||
int len);
|
||||
WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
|
||||
WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md);
|
||||
#endif
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue