Skip to content

Commit

Permalink
Merge pull request wolfSSL#7599 from dgarske/asn_checkcertsig
Browse files Browse the repository at this point in the history
Expose `wc_CheckCertSigPubKey` with `WOLFSSL_SMALL_CERT_VERIFY`
  • Loading branch information
JacobBarthelmeh authored and jefferyq2 committed Jun 9, 2024
1 parent 3ba19c0 commit 7ec1675
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 28 deletions.
2 changes: 1 addition & 1 deletion src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -14057,7 +14057,7 @@ PRAGMA_GCC_DIAG_POP
}

/* perform cert parsing and signature check */
sigRet = CheckCertSignature(cert->buffer, cert->length,
sigRet = wc_CheckCertSignature(cert->buffer, cert->length,
ssl->heap, SSL_CM(ssl));
/* fail on errors here after the ParseCertRelative call, so dCert is populated */

Expand Down
24 changes: 12 additions & 12 deletions tests/api.c
Original file line number Diff line number Diff line change
Expand Up @@ -53099,37 +53099,37 @@ static int test_CheckCertSignature(void)
int certSz;
#endif

ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, NULL));
ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));
ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, cm));

#ifndef NO_RSA
#ifdef USE_CERT_BUFFERS_1024
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_1024,
sizeof_server_cert_der_1024, NULL, cm));
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
ca_cert_der_1024, sizeof_ca_cert_der_1024,
WOLFSSL_FILETYPE_ASN1));
ExpectIntEQ(0, CheckCertSignature(server_cert_der_1024,
ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_1024,
sizeof_server_cert_der_1024, NULL, cm));
#elif defined(USE_CERT_BUFFERS_2048)
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_2048,
sizeof_server_cert_der_2048, NULL, cm));
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
ca_cert_der_2048, sizeof_ca_cert_der_2048,
WOLFSSL_FILETYPE_ASN1));
ExpectIntEQ(0, CheckCertSignature(server_cert_der_2048,
ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_2048,
sizeof_server_cert_der_2048, NULL, cm));
#endif
#endif

#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(serv_ecc_der_256,
sizeof_serv_ecc_der_256, NULL, cm));
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
WOLFSSL_FILETYPE_ASN1));
ExpectIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
ExpectIntEQ(0, wc_CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
NULL, cm));
#endif

Expand All @@ -53144,10 +53144,10 @@ static int test_CheckCertSignature(void)
XFCLOSE(fp);
fp = XBADFILE;
}
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm));
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL));
ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
#endif
#ifdef HAVE_ECC
ExpectTrue((fp = XFOPEN("./certs/server-ecc.der", "rb")) != XBADFILE);
Expand All @@ -53156,10 +53156,10 @@ static int test_CheckCertSignature(void)
XFCLOSE(fp);
fp = XBADFILE;
}
ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm));
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-ecc-cert.pem", NULL));
ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm));
#endif
#endif

Expand Down
14 changes: 5 additions & 9 deletions wolfcrypt/src/asn.c
Original file line number Diff line number Diff line change
Expand Up @@ -23239,16 +23239,15 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap,
#endif /* WOLFSSL_ASN_TEMPLATE */
}

#ifdef OPENSSL_EXTRA
/* Call CheckCertSignature_ex using a public key buffer for verification
*/
/* Call CheckCertSignature_ex using a public key buffer for verification */
int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap,
const byte* pubKey, word32 pubKeySz, int pubKeyOID)
{
return CheckCertSignature_ex(cert, certSz, heap, NULL,
pubKey, pubKeySz, pubKeyOID, 0);
}

/* Call CheckCertSignature_ex using a public key and oid */
int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, void* heap,
const byte* pubKey, word32 pubKeySz, int pubKeyOID)
{
Expand All @@ -23264,15 +23263,12 @@ int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
pubKey, pubKeySz, pubKeyOID, 1);
}
#endif /* WOLFSSL_CERT_REQ */
#endif /* OPENSSL_EXTRA */
#ifdef WOLFSSL_SMALL_CERT_VERIFY
/* Call CheckCertSignature_ex using a certificate manager (cm)
*/
int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm)

/* Call CheckCertSignature_ex using a certificate manager (cm) */
int wc_CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm)
{
return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0, 0);
}
#endif /* WOLFSSL_SMALL_CERT_VERIFY */
#endif /* WOLFSSL_SMALL_CERT_VERIFY || OPENSSL_EXTRA */

#if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \
Expand Down
18 changes: 12 additions & 6 deletions wolfssl/wolfcrypt/asn.h
Original file line number Diff line number Diff line change
Expand Up @@ -2149,14 +2149,20 @@ WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in,
word32 inSz);
WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
const char *in, void* heap);
WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
#ifdef OPENSSL_EXTRA
WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz,
void* heap, const byte* pubKey,
word32 pubKeySz, int pubKeyOID);
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SMALL_CERT_VERIFY)
WOLFSSL_API int wc_CheckCertSignature(const byte* cert, word32 certSz,
void* heap, void* cm);
/* Depricated public API name kept for backwards build compatibility */
#define CheckCertSignature(cert, certSz, heap, cm) \
wc_CheckCertSignature(cert, certSz, heap, cm)

WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz,
void* heap, const byte* pubKey,
word32 pubKeySz, int pubKeyOID);
#endif /* OPENSSL_EXTRA || WOLFSSL_SMALL_CERT_VERIFY */

#ifdef WOLFSSL_DUAL_ALG_CERTS
WOLFSSL_LOCAL int wc_ConfirmAltSignature(
const byte* buf, word32 bufSz,
Expand Down

0 comments on commit 7ec1675

Please sign in to comment.