WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #4513 from masap/wpa_sup_dpp 

Fix X509_PUBKEY_set() to show correct algorithm and parameters
pull/4554/head
David Garske 2021-11-09 10:26:59 -08:00 committed by GitHub
parent 1d9832c0de ee39fd079f
commit bd0f6736c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 199 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
src/ssl.c
View File

@ -28956,8 +28956,8 @@ void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype,
if (paobj)
*paobj = algor->algorithm;
if (ppval)
*ppval = algor->algorithm;
if (ppval && algor->parameter)
*ppval = algor->parameter->value.ptr;
if (pptype) {
if (algor->parameter) {
*pptype = algor->parameter->type;
@ -28988,15 +28988,16 @@ int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj
if (aobj) {
algor->algorithm = aobj;
}
if (pval) {
if (!algor->parameter) {
algor->parameter = wolfSSL_ASN1_TYPE_new();
if (!algor->parameter) {
algor->parameter = wolfSSL_ASN1_TYPE_new();
if (!algor->parameter) {
return WOLFSSL_FAILURE;
}
return WOLFSSL_FAILURE;
}
wolfSSL_ASN1_TYPE_set(algor->parameter, ptype, pval);
}
wolfSSL_ASN1_TYPE_set(algor->parameter, ptype, pval);
return WOLFSSL_SUCCESS;
}
@ -29009,10 +29010,16 @@ int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj
*/
void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
{
if (!a || !value) {
if (!a) {
return;
}
switch (type) {
case V_ASN1_NULL:
a->value.ptr = value;
break;
case V_ASN1_SEQUENCE:
a->value.asn1_string = (WOLFSSL_ASN1_STRING*)value;
break;
case V_ASN1_OBJECT:
a->value.object = (WOLFSSL_ASN1_OBJECT*)value;
break;
@ -29071,6 +29078,7 @@ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
case V_ASN1_T61STRING:
case V_ASN1_IA5STRING:
case V_ASN1_UNIVERSALSTRING:
case V_ASN1_SEQUENCE:
wolfSSL_ASN1_STRING_free(at->value.asn1_string);
break;
default:
@ -29189,6 +29197,15 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key)
int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
{
WOLFSSL_X509_PUBKEY *pk = NULL;
int ptype;
void *pval;
#ifndef NO_DSA
WOLFSSL_ASN1_STRING *str;
#endif
#ifdef HAVE_ECC
int nid;
const WOLFSSL_EC_GROUP *group;
#endif
WOLFSSL_ENTER("wolfSSL_X509_PUBKEY_set");
@ -29203,17 +29220,49 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
switch (key->type) {
#ifndef NO_RSA
case EVP_PKEY_RSA:
pk->algor->algorithm= wolfSSL_OBJ_nid2obj(NID_rsaEncryption);
pval = NULL;
ptype = V_ASN1_NULL;
pk->pubKeyOID = RSAk;
break;
#endif
#ifndef NO_DSA
case EVP_PKEY_DSA:
pk->algor->algorithm = wolfSSL_OBJ_nid2obj(NID_dsa);
if (!key->dsa->p || !key->dsa->q || !key->dsa->g)
goto error;
str = wolfSSL_ASN1_STRING_new();
if (str == NULL)
goto error;
str->length = wolfSSL_i2d_DSAparams(key->dsa, (unsigned char **)&str->data);
if (str->length <= 0)
goto error;
str->isDynamic = 1;
pval = str;
ptype = V_ASN1_SEQUENCE;
pk->pubKeyOID = DSAk;
break;
#endif
#ifdef HAVE_ECC
case EVP_PKEY_EC:
pk->algor->algorithm = wolfSSL_OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
group = wolfSSL_EC_KEY_get0_group(key->ecc);
if (!group)
goto error;
nid = wolfSSL_EC_GROUP_get_curve_name(group);
if (nid == WOLFSSL_FAILURE) {
/* TODO: Add support for no nid case */
WOLFSSL_MSG("nid not found");
goto error;
}
pval = wolfSSL_OBJ_nid2obj(nid);
if (!pval)
goto error;
ptype = V_ASN1_OBJECT;
pk->pubKeyOID = ECDSAk;
break;
#endif
default:
@ -29221,8 +29270,12 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
goto error;
}
if (!pk->algor->algorithm) {
if (!wolfSSL_X509_ALGOR_set0(pk->algor, wolfSSL_OBJ_nid2obj(key->type), ptype, pval)) {
WOLFSSL_MSG("Failed to create algorithm object");
if (ptype == V_ASN1_OBJECT)
ASN1_OBJECT_free(pval);
else
ASN1_STRING_free(pval);
goto error;
}

138
tests/api.c
View File

@ -36240,7 +36240,7 @@ static void test_wolfSSL_X509_ALGOR_get0(void)
/* Valid case */
X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
AssertNotNull(obj);
AssertNotNull(ppval);
AssertNull(ppval);
AssertIntNE(pptype, 0);
/* Make sure NID of X509_ALGOR is Sha256 with RSA */
AssertIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);
@ -36408,21 +36408,23 @@ static void test_wolfSSL_X509_get_X509_PUBKEY(void)
#endif
}
static void test_wolfSSL_X509_PUBKEY(void)
static void test_wolfSSL_X509_PUBKEY_RSA(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_SHA256) && !defined(NO_RSA)
X509* x509 = NULL;
ASN1_OBJECT* obj = NULL;
const ASN1_OBJECT* pa_oid = NULL;
X509_PUBKEY* pubKey;
X509_PUBKEY* pubKey2;
EVP_PKEY* evpKey;
const unsigned char *pk;
int ppklen;
WOLFSSL_X509_ALGOR *pa;
int ppklen, pptype;
X509_ALGOR *pa;
const void *pval;
printf(testingFmt, "wolfSSL_X509_get_X509_PUBKEY");
printf(testingFmt, "wolfSSL_X509_PUBKEY_RSA");
AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
@ -36439,6 +36441,15 @@ static void test_wolfSSL_X509_PUBKEY(void)
AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
AssertNotNull(pubKey2 = X509_PUBKEY_new());
AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertIntGT(ppklen, 0);
X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
AssertNotNull(pa_oid);
AssertNull(pval);
AssertIntEQ(pptype, V_ASN1_NULL);
AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA);
X509_PUBKEY_free(pubKey2);
X509_free(x509);
@ -36448,6 +36459,119 @@ static void test_wolfSSL_X509_PUBKEY(void)
#endif
}
static void test_wolfSSL_X509_PUBKEY_EC(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC)
X509* x509 = NULL;
ASN1_OBJECT* obj = NULL;
ASN1_OBJECT* poid;
const ASN1_OBJECT* pa_oid = NULL;
X509_PUBKEY* pubKey;
X509_PUBKEY* pubKey2;
EVP_PKEY* evpKey;
const unsigned char *pk;
int ppklen, pptype;
X509_ALGOR *pa;
const void *pval;
char buf[50];
printf(testingFmt, "wolfSSL_X509_PUBKEY_EC");
AssertNotNull(x509 = X509_load_certificate_file(cliEccCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
AssertNotNull(pubKey2 = X509_PUBKEY_new());
AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertIntGT(ppklen, 0);
X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
AssertNotNull(pa_oid);
AssertNotNull(pval);
AssertIntEQ(pptype, V_ASN1_OBJECT);
AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC);
poid = (ASN1_OBJECT *)pval;
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0);
AssertIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1);
X509_PUBKEY_free(pubKey2);
X509_free(x509);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_PUBKEY_DSA(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA)
word32 bytes;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
const unsigned char* dsaKeyDer = tmp;
ASN1_OBJECT* obj = NULL;
ASN1_STRING* str;
const ASN1_OBJECT* pa_oid = NULL;
X509_PUBKEY* pubKey = NULL;
EVP_PKEY* evpKey = NULL;
const unsigned char *pk;
int ppklen, pptype;
X509_ALGOR *pa;
const void *pval;
printf(testingFmt, "wolfSSL_X509_PUBKEY_DSA");
/* Initialize pkey with der format dsa key */
AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes));
AssertNotNull(pubKey = X509_PUBKEY_new());
AssertIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1);
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertIntGT(ppklen, 0);
X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
AssertNotNull(pa_oid);
AssertNotNull(pval);
AssertIntEQ(pptype, V_ASN1_SEQUENCE);
AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA);
str = (ASN1_STRING *)pval;
#ifdef USE_CERT_BUFFERS_1024
AssertIntEQ(ASN1_STRING_length(str), 291);
#else
AssertIntEQ(ASN1_STRING_length(str), 549);
#endif /* END USE_CERT_BUFFERS_1024 */
X509_PUBKEY_free(pubKey);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RAND(void)
{
#if defined(OPENSSL_EXTRA)
@ -51666,7 +51790,9 @@ void ApiTest(void)
test_wolfSSL_X509_get0_tbs_sigalg();
test_wolfSSL_X509_ALGOR_get0();
test_wolfSSL_X509_get_X509_PUBKEY();
test_wolfSSL_X509_PUBKEY();
test_wolfSSL_X509_PUBKEY_RSA();
test_wolfSSL_X509_PUBKEY_EC();
test_wolfSSL_X509_PUBKEY_DSA();
test_wolfSSL_RAND();
test_wolfSSL_BUF();
test_wolfSSL_set_tlsext_status_type();

1
wolfssl/openssl/asn1.h
View File

@ -71,6 +71,7 @@
#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
#define V_ASN1_EOC 0
#define V_ASN1_NULL 5
#define V_ASN1_OBJECT 6
#define V_ASN1_UTF8STRING 12
#define V_ASN1_SEQUENCE 16