Missing libspdm features

- RsaFunctionPrivate: detect when only n,e,d are available - wolfSSL_EVP_add_digest: return success - wolfSSL_EVP_add_cipher: return success - wolfSSL_BN_bin2bn: accept NULL data if len is 0 (checked in mp_read_unsigned_bin) - wolfssl_read_bio: advance correct bio - wolfSSL_X509_set_ext: return raw extension data for BASIC_CA_OID - Implement - sk_X509_EXTENSION_free - d2i_EC_PUBKEY_bio - d2i_RSA_PUBKEY_bio - d2i_X509_REQ_INFO - X509_REQ_INFO_free - ASN1_TIME_set_string_X509
wolfSSL · Aug 19, 2024 · 30522ab · 30522ab
1 parent e562a1c
commit 30522ab
Show file tree

Hide file tree

Showing 14 changed files with 326 additions and 86 deletions.
diff --git a/src/pk.c b/src/pk.c
@@ -2052,6 +2052,32 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
  }
  return rsa;
 }
+
+WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
+{
+ char* data = NULL;
+ int dataSz = 0;
+ int memAlloced = 0;
+ WOLFSSL_RSA* rsa = NULL;
+
+ WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio");
+
+ if (bio == NULL)
+ return NULL;
+
+ if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
+ if (memAlloced)
+ XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return NULL;
+ }
+
+ rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz,
+ WOLFSSL_RSA_LOAD_PUBLIC);
+ if (memAlloced)
+ XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+ return rsa;
+}
 #endif /* !NO_BIO */
 
 #ifndef NO_FILESYSTEM
@@ -12327,6 +12353,56 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
  return res;
 }
 
+
+#ifndef NO_BIO
+
+WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
+ WOLFSSL_EC_KEY **out)
+{
+ char* data = NULL;
+ int dataSz = 0;
+ int memAlloced = 0;
+ WOLFSSL_EC_KEY* ec = NULL;
+ int err = 0;
+
+ WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio");
+
+ if (bio == NULL)
+ return NULL;
+
+ if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
+ WOLFSSL_ERROR_MSG("wolfssl_read_bio failed");
+ err = 1;
+ }
+
+ if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) {
+ WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed");
+ err = 1;
+ }
+
+ /* Load the EC key with the public key from the DER encoding. */
+ if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data,
+ dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) {
+ WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed");
+ err = 1;
+ }
+
+ if (memAlloced)
+ XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (err) { /* on error */
+ wolfSSL_EC_KEY_free(ec);
+ ec = NULL;
+ }
+ else { /* on success */
+ if (out != NULL)
+ *out = ec;
+ }
+
+ return ec;
+}
+
+#endif /* !NO_BIO */
+
 /*
  * EC key PEM APIs
  */

diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c
@@ -3417,15 +3417,15 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t)
  */
 int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
 {
- int ret = 1;
+ int ret = WOLFSSL_SUCCESS;
  char buf[MAX_TIME_STRING_SZ];
 
  WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
 
  /* If can convert to human readable then format good. */
  if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
  MAX_TIME_STRING_SZ) == NULL) {
- ret = 0;
+ ret = WOLFSSL_FAILURE;
  }
 
  return ret;
@@ -3443,7 +3443,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
  */
 int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
 {
- int ret = 1;
+ int ret = WOLFSSL_SUCCESS;
  int slen = 0;
 
  WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string");
@@ -3452,15 +3452,15 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
  WOLFSSL_MSG("Bad parameter");
  ret = 0;
  }
- if (ret == 1) {
+ if (ret == WOLFSSL_SUCCESS) {
  /* Get length of string including NUL terminator. */
  slen = (int)XSTRLEN(str) + 1;
  if (slen > CTC_DATE_SIZE) {
  WOLFSSL_MSG("Date string too long");
- ret = 0;
+ ret = WOLFSSL_FAILURE;
  }
  }
- if ((ret == 1) && (t != NULL)) {
+ if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) {
  /* Copy in string including NUL terminator. */
  XMEMCPY(t->data, str, (size_t)slen);
  /* Do not include NUL terminator in length. */
@@ -3473,6 +3473,21 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
  return ret;
 }
 
+int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str)
+{
+ int ret = WOLFSSL_SUCCESS;
+
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509");
+
+ if (t == NULL)
+ ret = WOLFSSL_FAILURE;
+ if (ret == WOLFSSL_SUCCESS)
+ ret = wolfSSL_ASN1_TIME_set_string(t, str);
+ if (ret == WOLFSSL_SUCCESS)
+ ret = wolfSSL_ASN1_TIME_check(t);
+ return ret;
+}
+
 /* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object.
  *
  * @param [in] t ASN.1 TIME object.

diff --git a/src/ssl_bn.c b/src/ssl_bn.c
@@ -492,7 +492,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
  WOLFSSL_ENTER("wolfSSL_BN_bin2bn");
 
  /* Validate parameters. */
- if ((data == NULL) || (len < 0)) {
+ if (len < 0) {
  ret = NULL;
  }
  /* Allocate a new big number when ret is NULL. */
@@ -507,7 +507,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
  if (ret->internal == NULL) {
  ret = NULL;
  }
- else {
+ else if (data != NULL) {
  /* Decode into big number. */
  if (mp_read_unsigned_bin((mp_int*)ret->internal, data, (word32)len)
  != 0) {
@@ -520,6 +520,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
  bn = NULL;
  }
  }
+ else if (data == NULL) {
+ wolfSSL_BN_zero(ret);
+ }
  }
 
  /* Dispose of allocated BN not being returned. */

diff --git a/src/ssl_misc.c b/src/ssl_misc.c
@@ -165,7 +165,15 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz,
  if (bio->type == WOLFSSL_BIO_MEMORY) {
  ret = wolfSSL_BIO_get_mem_data(bio, data);
  if (ret > 0) {
- bio->rdIdx += ret;
+ /* Advance the write index in the memory bio */
+ WOLFSSL_BIO* mem_bio = bio;
+ for (; mem_bio != NULL; mem_bio = mem_bio->next) {
+ if (mem_bio->type == WOLFSSL_BIO_MEMORY)
+ break;
+ }
+ if (mem_bio == NULL)
+ mem_bio = bio; /* Default to input */
+ mem_bio->rdIdx += ret;
  }
  *memAlloced = 0;
  }

diff --git a/src/x509.c b/src/x509.c
@@ -397,38 +397,6 @@ int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext
  return (int)sk->num;
 }
 
-/* Free the structure for X509_EXTENSION stack
- *
- * sk stack to free nodes in
- */
-void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk)
-{
- WOLFSSL_STACK* node;
-
- WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_free");
-
- if (sk == NULL) {
- return;
- }
-
- /* parse through stack freeing each node */
- node = sk->next;
- while ((node != NULL) && (sk->num > 1)) {
- WOLFSSL_STACK* tmp = node;
- node = node->next;
-
- wolfSSL_X509_EXTENSION_free(tmp->data.ext);
- XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
- sk->num -= 1;
- }
-
- /* free head of stack */
- if (sk->num == 1) {
- wolfSSL_X509_EXTENSION_free(sk->data.ext);
- }
- XFREE(sk, NULL, DYNAMIC_TYPE_X509);
-}
-
 static WOLFSSL_STACK* generateExtStack(const WOLFSSL_X509 *x)
 {
  int numOfExt, i;
@@ -917,11 +885,37 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
 
  switch (oid) {
  case BASIC_CA_OID:
+ {
+ word32 dataIdx = idx;
+ word32 dummyOid;
+ int dataLen = 0;
+
  if (!isSet)
  break;
  /* Set pathlength */
  a = wolfSSL_ASN1_INTEGER_new();
- if (a == NULL) {
+
+ /* Set the data */
+ ret = GetObjectId(input, &dataIdx, &dummyOid, oidCertExtType,
+ (word32)sz) == 0;
+ if (ret && dataIdx < (word32)sz) {
+ /* Skip the critical information */
+ if (input[dataIdx] == ASN_BOOLEAN) {
+ dataIdx++;
+ ret = GetLength(input, &dataIdx, &dataLen, sz) >= 0;
+ dataIdx += dataLen;
+ }
+ }
+ if (ret) {
+ ret = GetOctetString(input, &dataIdx, &dataLen,
+ (word32)sz) > 0;
+ }
+ if (ret) {
+ ret = wolfSSL_ASN1_STRING_set(&ext->value, input + dataIdx,
+ dataLen) == 1;
+ }
+
+ if (a == NULL || !ret) {
  wolfSSL_X509_EXTENSION_free(ext);
  FreeDecodedCert(cert);
  #ifdef WOLFSSL_SMALL_STACK
@@ -937,7 +931,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
  ext->obj->ca = x509->isCa;
  ext->crit = x509->basicConstCrit;
  break;
-
+ }
  case AUTH_INFO_OID:
  if (!isSet)
  break;
@@ -3669,6 +3663,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
 {
  return d2i_X509orX509REQ(x509, in, len, 1, NULL);
 }
+
+WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
+ const unsigned char** in, int len)
+{
+ WOLFSSL_X509* ret = NULL;
+ WOLFSSL_ENTER("wolfSSL_d2i_X509_REQ_INFO");
+
+ if (in == NULL) {
+ WOLFSSL_MSG("NULL input for wolfSSL_d2i_X509");
+ return NULL;
+ }
+
+ ret = wolfSSL_X509_REQ_d2i(req, *in, len);
+ if (ret != NULL) {
+ *in += ret->derCert->length;
+ }
+ return ret;
+}
 #endif
 
 #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA ||
@@ -5097,6 +5109,11 @@ void wolfSSL_sk_X509_EXTENSION_pop_free(
  wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
 }
 
+void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
+{
+ wolfSSL_sk_pop_free(sk, NULL);
+}
+
 #endif /* OPENSSL_EXTRA */
 
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)