WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #4808 from lealem47/certreq 

Fix for certreq and certgen options with openssl compatability
pull/4812/head
David Garske 2022-01-31 10:16:22 -08:00 committed by GitHub
parent 5bdaf44354 f608b1a731
commit ecb3f215b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 134 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

218
src/ssl.c
View File

@ -29568,59 +29568,6 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
a->type = type;
}
/**
* Allocate a new WOLFSSL_ASN1_TYPE object.
*
* @return New zero'ed WOLFSSL_ASN1_TYPE object
*/
WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void)
{
WOLFSSL_ASN1_TYPE* ret = (WOLFSSL_ASN1_TYPE*)XMALLOC(sizeof(WOLFSSL_ASN1_TYPE),
NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret)
return NULL;
XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TYPE));
return ret;
}
/**
* Free WOLFSSL_ASN1_TYPE and all its members.
*
* @param at Object to free
*/
void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
{
if (at) {
switch (at->type) {
case V_ASN1_OBJECT:
wolfSSL_ASN1_OBJECT_free(at->value.object);
break;
case V_ASN1_UTCTIME:
#ifndef NO_ASN_TIME
wolfSSL_ASN1_TIME_free(at->value.utctime);
#endif
break;
case V_ASN1_GENERALIZEDTIME:
#ifndef NO_ASN_TIME
wolfSSL_ASN1_TIME_free(at->value.generalizedtime);
#endif
break;
case V_ASN1_UTF8STRING:
case V_ASN1_PRINTABLESTRING:
case V_ASN1_T61STRING:
case V_ASN1_IA5STRING:
case V_ASN1_UNIVERSALSTRING:
case V_ASN1_SEQUENCE:
wolfSSL_ASN1_STRING_free(at->value.asn1_string);
break;
default:
WOLFSSL_MSG("Unknown or unsupported ASN1_TYPE");
break;
}
XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
}
}
/**
* Allocate a new WOLFSSL_X509_PUBKEY object.
*
@ -29827,7 +29774,67 @@ error:
return WOLFSSL_FAILURE;
}
#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY*/
#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) \
|| defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) \
|| defined(OPENSSL_EXTRA)
/**
* Allocate a new WOLFSSL_ASN1_TYPE object.
*
* @return New zero'ed WOLFSSL_ASN1_TYPE object
*/
WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void)
{
WOLFSSL_ASN1_TYPE* ret = (WOLFSSL_ASN1_TYPE*)XMALLOC(sizeof(WOLFSSL_ASN1_TYPE),
NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret)
return NULL;
XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TYPE));
return ret;
}
/**
* Free WOLFSSL_ASN1_TYPE and all its members.
*
* @param at Object to free
*/
void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
{
if (at) {
switch (at->type) {
case V_ASN1_OBJECT:
wolfSSL_ASN1_OBJECT_free(at->value.object);
break;
case V_ASN1_UTCTIME:
#ifndef NO_ASN_TIME
wolfSSL_ASN1_TIME_free(at->value.utctime);
#endif
break;
case V_ASN1_GENERALIZEDTIME:
#ifndef NO_ASN_TIME
wolfSSL_ASN1_TIME_free(at->value.generalizedtime);
#endif
break;
case V_ASN1_UTF8STRING:
case V_ASN1_PRINTABLESTRING:
case V_ASN1_T61STRING:
case V_ASN1_IA5STRING:
case V_ASN1_UNIVERSALSTRING:
case V_ASN1_SEQUENCE:
wolfSSL_ASN1_STRING_free(at->value.asn1_string);
break;
default:
WOLFSSL_MSG("Unknown or unsupported ASN1_TYPE");
break;
}
XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
}
}
#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS
|| OPENSSL_EXTRA */
#ifndef NO_WOLFSSL_STUB
/*** TBD ***/
@ -56282,27 +56289,41 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
return WOLFSSL_SUCCESS;
}
/* Return NID as the attr index */
int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
int nid, int lastpos)
WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md)
{
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID");
WOLFSSL_ENTER("wolfSSL_X509_to_X509_REQ");
(void)pkey;
(void)md;
return wolfSSL_X509_dup(x);
}
/* Since we only support 1 attr per attr type then a lastpos of >= 0
* indicates that one was already returned */
if (!req || lastpos >= 0) {
int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
WOLFSSL_X509_NAME *name)
{
return wolfSSL_X509_set_subject_name(req, name);
}
int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey)
{
return wolfSSL_X509_set_pubkey(req, pkey);
}
#endif /* OPENSSL_ALL && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ))
WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
WOLFSSL_X509_ATTRIBUTE *attr, int idx)
{
WOLFSSL_ENTER("wolfSSL_X509_ATTRIBUTE_get0_type");
if (!attr || idx != 0) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FATAL_ERROR;
return NULL;
}
switch (nid) {
case NID_pkcs9_challengePassword:
return req->challengePwAttr ? nid : WOLFSSL_FATAL_ERROR;
default:
WOLFSSL_MSG("Unsupported attribute");
return WOLFSSL_FATAL_ERROR;
}
return attr->value;
}
/**
@ -56328,6 +56349,28 @@ WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
}
}
/* Return NID as the attr index */
int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
int nid, int lastpos)
{
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID");
/* Since we only support 1 attr per attr type then a lastpos of >= 0
* indicates that one was already returned */
if (!req || lastpos >= 0) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FATAL_ERROR;
}
switch (nid) {
case NID_pkcs9_challengePassword:
return req->challengePwAttr ? nid : WOLFSSL_FATAL_ERROR;
default:
WOLFSSL_MSG("Unsupported attribute");
return WOLFSSL_FATAL_ERROR;
}
}
WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void)
{
WOLFSSL_X509_ATTRIBUTE* ret;
@ -56367,40 +56410,7 @@ void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr)
XFREE(attr, NULL, DYNAMIC_TYPE_OPENSSL);
}
}
WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
WOLFSSL_X509_ATTRIBUTE *attr, int idx)
{
WOLFSSL_ENTER("wolfSSL_X509_ATTRIBUTE_get0_type");
if (!attr || idx != 0) {
WOLFSSL_MSG("Bad parameter");
return NULL;
}
return attr->value;
}
WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md)
{
WOLFSSL_ENTER("wolfSSL_X509_to_X509_REQ");
(void)pkey;
(void)md;
return wolfSSL_X509_dup(x);
}
int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
WOLFSSL_X509_NAME *name)
{
return wolfSSL_X509_set_subject_name(req, name);
}
int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey)
{
return wolfSSL_X509_set_pubkey(req, pkey);
}
#endif /* OPENSSL_ALL && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr)

4
wolfcrypt/src/asn.c
View File

@ -4009,7 +4009,9 @@ static const byte extExtKeyUsageOcspSignOid[] = {43, 6, 1, 5, 5, 7, 3, 9};
defined(WOLFSSL_ASN_TEMPLATE)
/* csrAttrType */
#define CSR_ATTR_TYPE_OID_BASE(num) {42, 134, 72, 134, 247, 13, 1, 9, num}
#if !defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN)
static const byte attrEmailOid[] = CSR_ATTR_TYPE_OID_BASE(1);
#endif
#ifdef WOLFSSL_CERT_REQ
static const byte attrUnstructuredNameOid[] = CSR_ATTR_TYPE_OID_BASE(2);
static const byte attrPkcs9ContentTypeOid[] = CSR_ATTR_TYPE_OID_BASE(3);
@ -4056,8 +4058,10 @@ static const byte dnsSRVOid[] = {43, 6, 1, 5, 5, 7, 8, 7};
#ifdef WOLFSSL_ASN_TEMPLATE
static const byte uidOid[] = {9, 146, 38, 137, 147, 242, 44, 100, 1, 1}; /* user id */
#endif
#if !defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN)
static const byte dcOid[] = {9, 146, 38, 137, 147, 242, 44, 100, 1, 25}; /* domain component */
#endif
#endif
/* Looks up the ID/type of an OID.

8
wolfssl/internal.h
View File

@ -3999,13 +3999,15 @@ struct WOLFSSL_X509 {
#endif
byte serial[EXTERNAL_SERIAL_SIZE];
char subjectCN[ASN_NAME_MAX]; /* common name short cut */
#ifdef WOLFSSL_CERT_REQ
#ifdef OPENSSL_ALL
#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN)
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
WOLFSSL_X509_ATTRIBUTE* challengePwAttr;
#endif
#if defined(WOLFSSL_CERT_REQ)
char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
char contentType[CTC_NAME_SIZE];
#endif /* WOLFSSL_CERT_REQ */
#endif
#endif /* WOLFSSL_CERT_REQ || WOLFSSL_CERT_GEN */
WOLFSSL_X509_NAME issuer;
WOLFSSL_X509_NAME subject;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)

19
wolfssl/ssl.h
View File

@ -4281,21 +4281,24 @@ WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
int nid, int type,
const unsigned char *bytes,
int len);
WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
int nid, int lastpos);
WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req,
const char *attrname, int type,
const unsigned char *bytes, int len);
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
const WOLFSSL_X509 *req, int loc);
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void);
WOLFSSL_API void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr);
WOLFSSL_API WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
WOLFSSL_X509_ATTRIBUTE *attr, int idx);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md);
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) || \
defined(WOLFSSL_CERT_REQ)
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
const WOLFSSL_X509 *req, int loc);
WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
int nid, int lastpos);
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void);
WOLFSSL_API void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr);
WOLFSSL_API WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type(
WOLFSSL_X509_ATTRIBUTE *attr, int idx);
#endif
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)