diff --git a/src/internal.c b/src/internal.c index b4f822119b..520b62c6bc 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14041,7 +14041,7 @@ PRAGMA_GCC_DIAG_POP } /* perform cert parsing and signature check */ - sigRet = CheckCertSignature(cert->buffer, cert->length, + sigRet = wc_CheckCertSignature(cert->buffer, cert->length, ssl->heap, SSL_CM(ssl)); /* fail on errors here after the ParseCertRelative call, so dCert is populated */ diff --git a/tests/api.c b/tests/api.c index 785924a16a..442efd91e0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -53043,37 +53043,37 @@ static int test_CheckCertSignature(void) int certSz; #endif - ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL)); + ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, NULL)); ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); - ExpectIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm)); + ExpectIntEQ(BAD_FUNC_ARG, wc_CheckCertSignature(NULL, 0, NULL, cm)); #ifndef NO_RSA #ifdef USE_CERT_BUFFERS_1024 - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024, + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_1024, sizeof_server_cert_der_1024, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_cert_der_1024, sizeof_ca_cert_der_1024, WOLFSSL_FILETYPE_ASN1)); - ExpectIntEQ(0, CheckCertSignature(server_cert_der_1024, + ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_1024, sizeof_server_cert_der_1024, NULL, cm)); #elif defined(USE_CERT_BUFFERS_2048) - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048, + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(server_cert_der_2048, sizeof_server_cert_der_2048, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_cert_der_2048, sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); - ExpectIntEQ(0, CheckCertSignature(server_cert_der_2048, + ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_2048, sizeof_server_cert_der_2048, NULL, cm)); #endif #endif #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256, + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1)); - ExpectIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, + ExpectIntEQ(0, wc_CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, NULL, cm)); #endif @@ -53088,10 +53088,10 @@ static int test_CheckCertSignature(void) XFCLOSE(fp); fp = XBADFILE; } - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-cert.pem", NULL)); - ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm)); #endif #ifdef HAVE_ECC ExpectTrue((fp = XFOPEN("./certs/server-ecc.der", "rb")) != XBADFILE); @@ -53100,10 +53100,10 @@ static int test_CheckCertSignature(void) XFCLOSE(fp); fp = XBADFILE; } - ExpectIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(ASN_NO_SIGNER_E, wc_CheckCertSignature(cert, certSz, NULL, cm)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-ecc-cert.pem", NULL)); - ExpectIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm)); #endif #endif diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1a7b0cd364..eec9ba8531 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -23225,6 +23225,7 @@ int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap, pubKey, pubKeySz, pubKeyOID, 0); } +/* Call CheckCertSignature_ex using a public key and oid */ int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID) { @@ -23241,9 +23242,8 @@ int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap, } #endif /* WOLFSSL_CERT_REQ */ -/* Call CheckCertSignature_ex using a certificate manager (cm) - */ -int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm) +/* Call CheckCertSignature_ex using a certificate manager (cm) */ +int wc_CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm) { return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0, 0); } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index cfd76e3743..7bdd47c976 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2135,14 +2135,20 @@ WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz); WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap); -WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm); WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID); #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SMALL_CERT_VERIFY) -WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, - void* heap, const byte* pubKey, - word32 pubKeySz, int pubKeyOID); + WOLFSSL_API int wc_CheckCertSignature(const byte* cert, word32 certSz, + void* heap, void* cm); + /* Depricated public API name kept for backwards build compatibility */ + #define CheckCertSignature(cert, certSz, heap, cm) \ + wc_CheckCertSignature(cert, certSz, heap, cm) + + WOLFSSL_API int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, + void* heap, const byte* pubKey, + word32 pubKeySz, int pubKeyOID); #endif /* OPENSSL_EXTRA || WOLFSSL_SMALL_CERT_VERIFY */ + #ifdef WOLFSSL_DUAL_ALG_CERTS WOLFSSL_LOCAL int wc_ConfirmAltSignature( const byte* buf, word32 bufSz,