Skip to content

Commit

Permalink
Merge pull request #7798 from dgarske/asn_macros
Browse files Browse the repository at this point in the history
ASN macro simplification

merged with github CI tests failing due to unrelated upstream changes (same tests all previously succeeded on this PR, with only 25d14f1 added in the meantime).

supplementary testing with `wolfssl-multi-test.sh ... super-quick-check` after rebase on then-current `master` 15e99c8.
  • Loading branch information
douzzer authored Aug 2, 2024
2 parents 35b45aa + 25d14f1 commit 9aa0742
Show file tree
Hide file tree
Showing 21 changed files with 815 additions and 697 deletions.
65 changes: 37 additions & 28 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -1992,7 +1992,7 @@ AC_ARG_ENABLE([ffmpeg],
)


#IP alternative name Support
# IP alternative name Support
AC_ARG_ENABLE([ip-alt-name],
[AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
[ ENABLE_IP_ALT_NAME=$enableval ],
Expand All @@ -2004,7 +2004,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME"
fi

#Qt Support
# QT Support
AC_ARG_ENABLE([qt],
[AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])],
[ ENABLED_QT=$enableval ],
Expand Down Expand Up @@ -4743,43 +4743,52 @@ fi


# ASN

# turn off asn, which means no certs, no rsa, no dsa, no ecc,
# and no big int (unless dh is on)

# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
enable_asn=no
fi

AC_ARG_ENABLE([asn],
[AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
[ ENABLED_ASN=$enableval ],
[ ENABLED_ASN=yes ]
)

if test "$ENABLED_ASN" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
enable_pwdbased=no
else
if test "$ENABLED_ASN" = "template"; then
ENABLED_ASN="yes"
fi
if test "$ENABLED_ASN" = "yes"; then
for v in `echo $ENABLED_ASN | tr "," " "`
do
case $v in
all)
# Enable all ASN features
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
ENABLED_ASN=yes
;;
template | yes)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
elif test "$ENABLED_ASN" = "original"; then
ENABLED_ASN=yes
;;
original)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL"
else
AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.])
fi

# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT"
ENABLED_ASN=yes
;;
nocrypt)
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
enable_pwdbased=no
;;
no)
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
enable_pwdbased=no
ENABLED_ASN=no
else
if test "$ENABLED_ASN" = "nocrypt"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
enable_pwdbased=no
fi
fi
fi
;;
*)
AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.])
break;;
esac
done

if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \
test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no"
Expand Down
87 changes: 42 additions & 45 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -12543,13 +12543,13 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen,
while (altName) {
WOLFSSL_MSG("\tindividual AltName check");

#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
#ifdef WOLFSSL_IP_ALT_NAME
if (altName->type == ASN_IP_TYPE) {
buf = altName->ipString;
len = (word32)XSTRLEN(buf);
}
else
#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */
#endif /* WOLFSSL_IP_ALT_NAME */
{
buf = altName->name;
len = (word32)altName->len;
Expand Down Expand Up @@ -12820,6 +12820,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
{
int ret = 0;
int minSz;

if (x509 == NULL || dCert == NULL ||
dCert->subjectCNLen < 0)
Expand Down Expand Up @@ -12869,49 +12870,45 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
#endif /* WOLFSSL_CERT_REQ */

#ifdef WOLFSSL_SEP
{
int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
if (minSz > 0) {
x509->deviceTypeSz = minSz;
XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
}
else
x509->deviceTypeSz = 0;
minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
if (minSz > 0) {
x509->hwTypeSz = minSz;
XMEMCPY(x509->hwType, dCert->hwType, minSz);
}
else
x509->hwTypeSz = 0;
minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
if (minSz > 0) {
x509->hwSerialNumSz = minSz;
XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
}
else
x509->hwSerialNumSz = 0;
minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
if (minSz > 0) {
x509->deviceTypeSz = minSz;
XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
}
else
x509->deviceTypeSz = 0;
minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
if (minSz > 0) {
x509->hwTypeSz = minSz;
XMEMCPY(x509->hwType, dCert->hwType, minSz);
}
else
x509->hwTypeSz = 0;
minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
if (minSz > 0) {
x509->hwSerialNumSz = minSz;
XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
}
else
x509->hwSerialNumSz = 0;
#endif /* WOLFSSL_SEP */
{
int minSz;
if (dCert->beforeDateLen > 0) {
minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ);
x509->notBefore.type = dCert->beforeDate[0];
x509->notBefore.length = minSz;
XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
}
else
x509->notBefore.length = 0;
if (dCert->afterDateLen > 0) {
minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ);
x509->notAfter.type = dCert->afterDate[0];
x509->notAfter.length = minSz;
XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
}
else
x509->notAfter.length = 0;

if (dCert->beforeDateLen > 0) {
minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ);
x509->notBefore.type = dCert->beforeDate[0];
x509->notBefore.length = minSz;
XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz);
}
else
x509->notBefore.length = 0;
if (dCert->afterDateLen > 0) {
minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ);
x509->notAfter.type = dCert->afterDate[0];
x509->notAfter.length = minSz;
XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz);
}
else
x509->notAfter.length = 0;

if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
x509->pubKey.buffer = (byte*)XMALLOC(
Expand Down Expand Up @@ -13050,7 +13047,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
ret = MEMORY_E;
}
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#ifdef WOLFSSL_ASN_CA_ISSUER
if (dCert->extAuthInfoCaIssuer != NULL && dCert->extAuthInfoCaIssuerSz > 0) {
x509->authInfoCaIssuer = (byte*)XMALLOC(dCert->extAuthInfoCaIssuerSz, x509->heap,
DYNAMIC_TYPE_X509_EXT);
Expand Down Expand Up @@ -13136,10 +13133,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
#ifndef IGNORE_NETSCAPE_CERT_TYPE
x509->nsCertType = dCert->nsCertType;
#endif
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
#ifdef WOLFSSL_SEP
x509->certPolicySet = dCert->extCertPolicySet;
x509->certPolicyCrit = dCert->extCertPolicyCrit;
#endif /* WOLFSSL_SEP || WOLFSSL_QT */
#endif
#ifdef WOLFSSL_CERT_EXT
{
int i;
Expand Down
38 changes: 24 additions & 14 deletions src/ocsp.c
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
* ocsp Context object for OCSP status.
* response OCSP response message data.
* responseSz Length of OCSP response message data.
* reponseBuffer Buffer object to return the response with.
* responseBuffer Buffer object to return the response with.
* status The certificate status object.
* entry The OCSP entry for this certificate.
* ocspRequest Request corresponding to response.
Expand Down Expand Up @@ -668,8 +668,9 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp)
return ret;
}

#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY)

/* compatibility layer OCSP functions */
#ifdef OPENSSL_EXTRA
int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd,
Expand All @@ -695,10 +696,17 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,

if (status != NULL)
*status = single->status->status;
#ifdef WOLFSSL_OCSP_PARSE_STATUS
if (thisupd != NULL)
*thisupd = &single->status->thisDateParsed;
if (nextupd != NULL)
*nextupd = &single->status->nextDateParsed;
#else
if (thisupd != NULL)
*thisupd = NULL;
if (nextupd != NULL)
*nextupd = NULL;
#endif

/* TODO: Not needed for Nginx or httpd */
if (reason != NULL)
Expand Down Expand Up @@ -872,10 +880,8 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
return WOLFSSL_FAILURE;
#endif

#ifdef OPENSSL_EXTRA
if (bs->verifyError != OCSP_VERIFY_ERROR_NONE)
goto out;
#endif

if (flags & OCSP_TRUSTOTHER) {
for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) {
Expand Down Expand Up @@ -1191,9 +1197,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id)
}
return certId;
}
#endif

#if defined(OPENSSL_ALL) || defined(APACHE_HTTPD) || defined(WOLFSSL_HAPROXY)
#ifndef NO_BIO
int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out,
WOLFSSL_OCSP_REQUEST *req)
Expand Down Expand Up @@ -1295,7 +1299,8 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut,
return NULL;
}

const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single)
const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(
const WOLFSSL_OCSP_SINGLERESP *single)
{
return single;
}
Expand Down Expand Up @@ -1343,11 +1348,17 @@ int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single,
if (single == NULL)
return WOLFSSL_FAILURE;

#ifdef WOLFSSL_OCSP_PARSE_STATUS
if (thisupd != NULL)
*thisupd = &single->status->thisDateParsed;
if (nextupd != NULL)
*nextupd = &single->status->nextDateParsed;

#else
if (thisupd != NULL)
*thisupd = NULL;
if (nextupd != NULL)
*nextupd = NULL;
#endif
if (reason != NULL)
*reason = 0;
if (revtime != NULL)
Expand Down Expand Up @@ -1392,9 +1403,6 @@ WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int
return single;
}

#endif /* OPENSSL_ALL || APACHE_HTTPD || WOLFSSL_HAPROXY */

#ifdef OPENSSL_EXTRA
#ifndef NO_WOLFSSL_STUB
int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext,
int idx)
Expand Down Expand Up @@ -1467,12 +1475,14 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,

#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
/* Serial number starts at 0 index of ser->data */
XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz);
XMEMCPY(&ser->data[i], cid->status->serial,
(size_t)cid->status->serialSz);
ser->length = cid->status->serialSz;
#else
ser->data[i++] = ASN_INTEGER;
i += SetLength(cid->status->serialSz, ser->data + i);
XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz);
XMEMCPY(&ser->data[i], cid->status->serial,
(size_t)cid->status->serialSz);
ser->length = i + cid->status->serialSz;
#endif

Expand Down
5 changes: 2 additions & 3 deletions src/ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -5359,8 +5359,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)

InitDecodedCert(cert, der->buffer, der->length, cm->heap);

#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) && \
defined(HAVE_OID_DECODING)
#ifdef WC_ASN_UNKNOWN_EXT_CB
if (cm->unknownExtCallback != NULL) {
wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
}
Expand Down Expand Up @@ -22731,7 +22730,7 @@ void wolfSSL_ERR_remove_state(unsigned long id)
}
}

#endif /* OPENSSL_EXTRA */
#endif /* OPENSSL_EXTRA */

#ifdef OPENSSL_ALL

Expand Down
8 changes: 3 additions & 5 deletions src/ssl_certman.c
Original file line number Diff line number Diff line change
Expand Up @@ -609,8 +609,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc)
}
#endif /* NO_WOLFSSL_CM_VERIFY */

#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
#ifdef WC_ASN_UNKNOWN_EXT_CB
void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,
wc_UnknownExtCallback cb)
{
Expand All @@ -620,7 +619,7 @@ void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,
}

}
#endif /* WOLFSSL_CUSTOM_OID && WOLFSSL_ASN_TEMPLATE && HAVE_OID_DECODING */
#endif /* WC_ASN_UNKNOWN_EXT_CB */

#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
/* Verify the certificate.
Expand Down Expand Up @@ -690,8 +689,7 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff,
/* Create a decoded certificate with DER buffer. */
InitDecodedCert(cert, buff, (word32)sz, cm->heap);

#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \
&& defined(HAVE_OID_DECODING)
#ifdef WC_ASN_UNKNOWN_EXT_CB
if (cm->unknownExtCallback != NULL)
wc_SetUnknownExtCallback(cert, cm->unknownExtCallback);
#endif
Expand Down
Loading

0 comments on commit 9aa0742

Please sign in to comment.