Skip to content

Commit

Permalink
Merge pull request #7869 from julek-wolfssl/libspdm-x509
Browse files Browse the repository at this point in the history
libspdm x509 parts
  • Loading branch information
douzzer authored Sep 4, 2024
2 parents ec6c705 + 2c9a3c5 commit 121b8c5
Show file tree
Hide file tree
Showing 13 changed files with 324 additions and 87 deletions.
76 changes: 76 additions & 0 deletions src/pk.c
Original file line number Diff line number Diff line change
Expand Up @@ -2052,6 +2052,32 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
}
return rsa;
}

WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
{
char* data = NULL;
int dataSz = 0;
int memAlloced = 0;
WOLFSSL_RSA* rsa = NULL;

WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio");

if (bio == NULL)
return NULL;

if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
if (memAlloced)
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return NULL;
}

rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz,
WOLFSSL_RSA_LOAD_PUBLIC);
if (memAlloced)
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);

return rsa;
}
#endif /* !NO_BIO */

#ifndef NO_FILESYSTEM
Expand Down Expand Up @@ -12342,6 +12368,56 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
return res;
}


#ifndef NO_BIO

WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
WOLFSSL_EC_KEY **out)
{
char* data = NULL;
int dataSz = 0;
int memAlloced = 0;
WOLFSSL_EC_KEY* ec = NULL;
int err = 0;

WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio");

if (bio == NULL)
return NULL;

if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
WOLFSSL_ERROR_MSG("wolfssl_read_bio failed");
err = 1;
}

if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) {
WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed");
err = 1;
}

/* Load the EC key with the public key from the DER encoding. */
if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data,
dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) {
WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed");
err = 1;
}

if (memAlloced)
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (err) { /* on error */
wolfSSL_EC_KEY_free(ec);
ec = NULL;
}
else { /* on success */
if (out != NULL)
*out = ec;
}

return ec;
}

#endif /* !NO_BIO */

/*
* EC key PEM APIs
*/
Expand Down
27 changes: 21 additions & 6 deletions src/ssl_asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -3986,15 +3986,15 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t)
*/
int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
{
int ret = 1;
int ret = WOLFSSL_SUCCESS;
char buf[MAX_TIME_STRING_SZ];

WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");

/* If can convert to human readable then format good. */
if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
MAX_TIME_STRING_SZ) == NULL) {
ret = 0;
ret = WOLFSSL_FAILURE;
}

return ret;
Expand All @@ -4012,7 +4012,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
*/
int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
{
int ret = 1;
int ret = WOLFSSL_SUCCESS;
int slen = 0;

WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string");
Expand All @@ -4021,15 +4021,15 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
WOLFSSL_MSG("Bad parameter");
ret = 0;
}
if (ret == 1) {
if (ret == WOLFSSL_SUCCESS) {
/* Get length of string including NUL terminator. */
slen = (int)XSTRLEN(str) + 1;
if (slen > CTC_DATE_SIZE) {
WOLFSSL_MSG("Date string too long");
ret = 0;
ret = WOLFSSL_FAILURE;
}
}
if ((ret == 1) && (t != NULL)) {
if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) {
/* Copy in string including NUL terminator. */
XMEMCPY(t->data, str, (size_t)slen);
/* Do not include NUL terminator in length. */
Expand All @@ -4042,6 +4042,21 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
return ret;
}

int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str)
{
int ret = WOLFSSL_SUCCESS;

WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509");

if (t == NULL)
ret = WOLFSSL_FAILURE;
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_ASN1_TIME_set_string(t, str);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_ASN1_TIME_check(t);
return ret;
}

/* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object.
*
* @param [in] t ASN.1 TIME object.
Expand Down
7 changes: 5 additions & 2 deletions src/ssl_bn.c
Original file line number Diff line number Diff line change
Expand Up @@ -492,7 +492,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
WOLFSSL_ENTER("wolfSSL_BN_bin2bn");

/* Validate parameters. */
if ((data == NULL) || (len < 0)) {
if (len < 0) {
ret = NULL;
}
/* Allocate a new big number when ret is NULL. */
Expand All @@ -507,7 +507,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
if (ret->internal == NULL) {
ret = NULL;
}
else {
else if (data != NULL) {
/* Decode into big number. */
if (mp_read_unsigned_bin((mp_int*)ret->internal, data, (word32)len)
!= 0) {
Expand All @@ -520,6 +520,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
bn = NULL;
}
}
else if (data == NULL) {
wolfSSL_BN_zero(ret);
}
}

/* Dispose of allocated BN not being returned. */
Expand Down
10 changes: 9 additions & 1 deletion src/ssl_misc.c
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,15 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz,
if (bio->type == WOLFSSL_BIO_MEMORY) {
ret = wolfSSL_BIO_get_mem_data(bio, data);
if (ret > 0) {
bio->rdIdx += ret;
/* Advance the write index in the memory bio */
WOLFSSL_BIO* mem_bio = bio;
for (; mem_bio != NULL; mem_bio = mem_bio->next) {
if (mem_bio->type == WOLFSSL_BIO_MEMORY)
break;
}
if (mem_bio == NULL)
mem_bio = bio; /* Default to input */
mem_bio->rdIdx += ret;
}
*memAlloced = 0;
}
Expand Down
85 changes: 51 additions & 34 deletions src/x509.c
Original file line number Diff line number Diff line change
Expand Up @@ -367,38 +367,6 @@ int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext
return wolfSSL_sk_push(sk, ext);
}

/* Free the structure for X509_EXTENSION stack
*
* sk stack to free nodes in
*/
void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk)
{
WOLFSSL_STACK* node;

WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_free");

if (sk == NULL) {
return;
}

/* parse through stack freeing each node */
node = sk->next;
while ((node != NULL) && (sk->num > 1)) {
WOLFSSL_STACK* tmp = node;
node = node->next;

wolfSSL_X509_EXTENSION_free(tmp->data.ext);
XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
sk->num -= 1;
}

/* free head of stack */
if (sk->num == 1) {
wolfSSL_X509_EXTENSION_free(sk->data.ext);
}
XFREE(sk, NULL, DYNAMIC_TYPE_X509);
}

static WOLFSSL_STACK* generateExtStack(const WOLFSSL_X509 *x)
{
int numOfExt, i;
Expand Down Expand Up @@ -872,11 +840,37 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)

switch (oid) {
case BASIC_CA_OID:
{
word32 dataIdx = idx;
word32 dummyOid;
int dataLen = 0;

if (!isSet)
break;
/* Set pathlength */
a = wolfSSL_ASN1_INTEGER_new();
if (a == NULL) {

/* Set the data */
ret = GetObjectId(input, &dataIdx, &dummyOid, oidCertExtType,
(word32)sz) == 0;
if (ret && dataIdx < (word32)sz) {
/* Skip the critical information */
if (input[dataIdx] == ASN_BOOLEAN) {
dataIdx++;
ret = GetLength(input, &dataIdx, &dataLen, sz) >= 0;
dataIdx += dataLen;
}
}
if (ret) {
ret = GetOctetString(input, &dataIdx, &dataLen,
(word32)sz) > 0;
}
if (ret) {
ret = wolfSSL_ASN1_STRING_set(&ext->value, input + dataIdx,
dataLen) == 1;
}

if (a == NULL || !ret) {
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
Expand All @@ -892,7 +886,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
ext->obj->ca = x509->isCa;
ext->crit = x509->basicConstCrit;
break;

}
case AUTH_INFO_OID:
if (!isSet)
break;
Expand Down Expand Up @@ -3654,6 +3648,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
{
return d2i_X509orX509REQ(x509, in, len, 1, NULL);
}

WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
const unsigned char** in, int len)
{
WOLFSSL_X509* ret = NULL;
WOLFSSL_ENTER("wolfSSL_d2i_X509_REQ_INFO");

if (in == NULL) {
WOLFSSL_MSG("NULL input for wolfSSL_d2i_X509");
return NULL;
}

ret = wolfSSL_X509_REQ_d2i(req, *in, len);
if (ret != NULL) {
*in += ret->derCert->length;
}
return ret;
}
#endif

#endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA ||
Expand Down Expand Up @@ -5042,6 +5054,11 @@ void wolfSSL_sk_X509_EXTENSION_pop_free(
wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
}

void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
{
wolfSSL_sk_pop_free(sk, NULL);
}

#endif /* OPENSSL_EXTRA */

#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
Expand Down
Loading

0 comments on commit 121b8c5

Please sign in to comment.