Skip to content

Implementing missing macros to openssl compatibility layer #10520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Roy-Carter wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Implementing missing macros to openssl compatibility layer #10520

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions src/pk_ec.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4714,6 +4714,64 @@ int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
return ret;
}

/*
* Decode an octet-encoded EC public point into @key.
*
* Return code compliant with OpenSSL.
*
* @param [in, out] key EC key (must already have a group set).
* @param [in] buf Octet-encoded public point.
* @param [in] len Length of @buf in bytes.
* @param [in] ctx BN context. May be NULL.
* @return 1 on success.
* @return 0 on failure.
*/
int wolfSSL_EC_KEY_oct2key(WOLFSSL_EC_KEY *key, const unsigned char *buf,
size_t len, WOLFSSL_BN_CTX *ctx)
{
int ret = 1;
const WOLFSSL_EC_GROUP *group = NULL;
WOLFSSL_EC_POINT *point = NULL;

WOLFSSL_ENTER("wolfSSL_EC_KEY_oct2key");

if ((key == NULL) || (buf == NULL) || (len == 0)) {
WOLFSSL_MSG("wolfSSL_EC_KEY_oct2key Bad arguments");
ret = 0;
}

if (ret == 1) {
group = wolfSSL_EC_KEY_get0_group(key);
if (group == NULL) {
WOLFSSL_MSG("EC_KEY has no group set");
ret = 0;
}
}

if (ret == 1) {
point = wolfSSL_EC_POINT_new((WOLFSSL_EC_GROUP*)group);
if (point == NULL) {
WOLFSSL_MSG("wolfSSL_EC_POINT_new failed");
ret = 0;
}
}

if ((ret == 1) &&
(wolfSSL_EC_POINT_oct2point(group, point, buf, len, ctx) != 1)) {
WOLFSSL_MSG("wolfSSL_EC_POINT_oct2point failed");
ret = 0;
}

if ((ret == 1) && (wolfSSL_EC_KEY_set_public_key(key, point) != 1)) {
WOLFSSL_MSG("wolfSSL_EC_KEY_set_public_key failed");
ret = 0;
}

wolfSSL_EC_POINT_free(point);

return ret;
}

#ifndef NO_WOLFSSL_STUB
/* Set the ASN.1 encoding flag against the EC key.
*
Expand Down
37 changes: 37 additions & 0 deletions src/x509.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3507,6 +3507,43 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
return NULL;
}

/**
* Encode @value as an extension of type @nid and append it to @x.
*
* The @flags argument (X509V3_ADD_DEFAULT / APPEND / REPLACE / KEEP_EXISTING
* in OpenSSL) is not supported here; non-zero values are treated as the
* default append behavior.
*
* @return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE otherwise.
*/
int wolfSSL_X509_add1_ext_i2d(WOLFSSL_X509 *x, int nid, void *value,
int crit, unsigned long flags)
{
WOLFSSL_X509_EXTENSION *ext = NULL;
int ret;

WOLFSSL_ENTER("wolfSSL_X509_add1_ext_i2d");

if (x == NULL || value == NULL) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}

if (flags != 0) {
WOLFSSL_MSG("X509V3_ADD_* flags not supported; using default behavior");
}

ext = wolfSSL_X509V3_EXT_i2d(nid, crit, value);
if (ext == NULL) {
return WOLFSSL_FAILURE;
}

ret = wolfSSL_X509_add_ext(x, ext, -1);
wolfSSL_X509_EXTENSION_free(ext);

return ret;
}

/* Returns pointer to ASN1_OBJECT from an X509_EXTENSION object */
WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(
WOLFSSL_X509_EXTENSION* ext)
Expand Down
145 changes: 145 additions & 0 deletions tests/api.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2308,6 +2308,27 @@ static int test_wolfSSL_set_cipher_list_tls13_with_version(void)
return EXPECT_RESULT();
}

/* Test SSL_set_ciphersuites OpenSSL-compat macro. */
static int test_wolfSSL_SSL_set_ciphersuites(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
!defined(NO_WOLFSSL_CLIENT) && defined(HAVE_AESGCM)
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;

ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
ExpectNotNull(ssl = SSL_new(ctx));

ExpectIntEQ(SSL_set_ciphersuites(ssl, "TLS_AES_128_GCM_SHA256"), 1);
ExpectIntEQ(SSL_set_ciphersuites(ssl, "BOGUS-SUITE"), 0);

SSL_free(ssl);
SSL_CTX_free(ctx);
#endif
return EXPECT_RESULT();
}

static int test_wolfSSL_set_alpn_protos_default_fails(void)
{
EXPECT_DECLS;
Expand Down Expand Up @@ -20547,6 +20568,25 @@ static int test_wolfSSL_sk_GENERAL_NAME(void)
return EXPECT_RESULT();
}

static int test_wolfSSL_sk_GENERAL_NAME_new_null(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
STACK_OF(GENERAL_NAME)* sk = NULL;
GENERAL_NAME* gn = NULL;

ExpectNotNull(sk = sk_GENERAL_NAME_new_null());
ExpectIntEQ(sk_GENERAL_NAME_num(sk), 0);

ExpectNotNull(gn = GENERAL_NAME_new());
ExpectIntEQ(sk_GENERAL_NAME_push(sk, gn), 1);
ExpectIntEQ(sk_GENERAL_NAME_num(sk), 1);

sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
#endif
return EXPECT_RESULT();
}

static int test_wolfSSL_GENERAL_NAME_print(void)
{
EXPECT_DECLS;
Expand Down Expand Up @@ -21236,6 +21276,68 @@ static int test_wolfSSL_X509_set_extensions(void)
return EXPECT_RESULT();
}

/* Test wolfSSL_X509_add1_ext_i2d using a SAN DNS entry. */
static int test_wolfSSL_X509_add1_ext_i2d(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_ASN)
WOLFSSL_X509* x509 = NULL;
WOLFSSL_GENERAL_NAMES* gns = NULL;
WOLFSSL_GENERAL_NAME* gn = NULL;
WOLFSSL_ASN1_STRING* dnsStr = NULL;
const char dns[] = "example.com";

ExpectNotNull(x509 = wolfSSL_X509_new());
ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new());
ExpectNotNull(dnsStr = wolfSSL_ASN1_STRING_new());
ExpectIntEQ(wolfSSL_ASN1_STRING_set(dnsStr, dns, (int)XSTRLEN(dns)), 1);
if (gn != NULL) {
wolfSSL_GENERAL_NAME_set0_value(gn, GEN_DNS, dnsStr);
dnsStr = NULL;
}
ExpectNotNull(gns = wolfSSL_sk_GENERAL_NAME_new(NULL));
ExpectIntEQ(wolfSSL_sk_GENERAL_NAME_push(gns, gn), 1);
if (EXPECT_FAIL() && gn != NULL) {
wolfSSL_GENERAL_NAME_free(gn);
}

ExpectIntEQ(wolfSSL_X509_add1_ext_i2d(NULL, NID_subject_alt_name, gns, 0,
0), WOLFSSL_FAILURE);
ExpectIntEQ(wolfSSL_X509_add1_ext_i2d(x509, NID_subject_alt_name, NULL, 0,
0), WOLFSSL_FAILURE);

ExpectIntEQ(wolfSSL_X509_add1_ext_i2d(x509, NID_subject_alt_name, gns, 0,
0), WOLFSSL_SUCCESS);

{
WOLFSSL_GENERAL_NAMES* readBack = NULL;
WOLFSSL_GENERAL_NAME* rbGn = NULL;

ExpectNotNull(readBack = (WOLFSSL_GENERAL_NAMES*)
wolfSSL_X509_get_ext_d2i(x509, NID_subject_alt_name, NULL,
NULL));
ExpectIntEQ(wolfSSL_sk_GENERAL_NAME_num(readBack), 1);
ExpectNotNull(rbGn = wolfSSL_sk_GENERAL_NAME_value(readBack, 0));
if (rbGn != NULL) {
ExpectIntEQ(rbGn->type, GEN_DNS);
ExpectNotNull(rbGn->d.dNSName);
if (rbGn->d.dNSName != NULL) {
ExpectIntEQ(rbGn->d.dNSName->length, (int)XSTRLEN(dns));
ExpectIntEQ(XMEMCMP(rbGn->d.dNSName->data, dns,
XSTRLEN(dns)), 0);
}
}
wolfSSL_sk_GENERAL_NAME_pop_free(readBack, wolfSSL_GENERAL_NAME_free);
}

wolfSSL_sk_GENERAL_NAME_pop_free(gns, wolfSSL_GENERAL_NAME_free);
wolfSSL_ASN1_STRING_free(dnsStr);
wolfSSL_X509_free(x509);
#endif
return EXPECT_RESULT();
}

/* Round trip test for wolfSSL_X509_set_authority_key_id() with a raw key ID.
*
* Builds a cert, calls the setter with a 20-byte raw keyId, signs the cert,
Expand Down Expand Up @@ -22217,6 +22319,45 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
return EXPECT_RESULT();
}

/* Round-trip test for EC_KEY_oct2key with a P-256 public point. */
static int test_wolfSSL_EC_KEY_oct2key(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_ASN)
EC_KEY* src = NULL;
EC_KEY* dst = NULL;
const EC_GROUP* group = NULL;
const EC_POINT* src_pub = NULL;
const EC_POINT* dst_pub = NULL;
unsigned char buf[1 + 2 * 32];
size_t enc_len = 0;

ExpectNotNull(src = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
ExpectIntEQ(EC_KEY_generate_key(src), 1);
ExpectNotNull(group = EC_KEY_get0_group(src));
ExpectNotNull(src_pub = EC_KEY_get0_public_key(src));

enc_len = EC_POINT_point2oct(group, src_pub,
POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), NULL);
ExpectIntEQ((int)enc_len, (int)sizeof(buf));

ExpectNotNull(dst = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));

ExpectIntEQ(EC_KEY_oct2key(NULL, buf, enc_len, NULL), 0);
ExpectIntEQ(EC_KEY_oct2key(dst, NULL, enc_len, NULL), 0);
ExpectIntEQ(EC_KEY_oct2key(dst, buf, 0, NULL), 0);

ExpectIntEQ(EC_KEY_oct2key(dst, buf, enc_len, NULL), 1);

ExpectNotNull(dst_pub = EC_KEY_get0_public_key(dst));
ExpectIntEQ(EC_POINT_cmp(group, src_pub, dst_pub, NULL), 0);

EC_KEY_free(dst);
EC_KEY_free(src);
#endif
return EXPECT_RESULT();
}

static int test_wolfSSL_d2i_and_i2d_DSAparams(void)
{
EXPECT_DECLS;
Expand Down Expand Up @@ -40318,6 +40459,7 @@ TEST_CASE testCases[] = {

TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey),
TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey_ecc),
TEST_DECL(test_wolfSSL_EC_KEY_oct2key),
#ifndef NO_BIO
TEST_DECL(test_wolfSSL_d2i_PUBKEY),
#endif
Expand Down Expand Up @@ -40365,6 +40507,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_X509_ALGOR_get0),
TEST_DECL(test_wolfSSL_X509_SEP),
TEST_DECL(test_wolfSSL_X509_set_extensions),
TEST_DECL(test_wolfSSL_X509_add1_ext_i2d),
TEST_DECL(test_wolfSSL_X509_set_authority_key_id_roundtrip),
TEST_DECL(test_wolfSSL_X509_set_authority_key_id_ex_roundtrip),
TEST_DECL(test_wolfSSL_X509_set_authority_key_id_overwrite),
Expand Down Expand Up @@ -40453,6 +40596,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_CTX_sess_set_remove_cb),
TEST_DECL(test_wolfSSL_ticket_keys),
TEST_DECL(test_wolfSSL_sk_GENERAL_NAME),
TEST_DECL(test_wolfSSL_sk_GENERAL_NAME_new_null),
TEST_DECL(test_wolfSSL_GENERAL_NAME_print),
TEST_DECL(test_wolfSSL_sk_DIST_POINT),
TEST_DECL(test_wolfSSL_verify_mode),
Expand Down Expand Up @@ -40624,6 +40768,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_set_cipher_list_tls13_keeps_tls12),
TEST_DECL(test_wolfSSL_set_cipher_list_tls12_with_version),
TEST_DECL(test_wolfSSL_set_cipher_list_tls13_with_version),
TEST_DECL(test_wolfSSL_SSL_set_ciphersuites),
TEST_DECL(test_wolfSSL_set_alpn_protos_default_fails),
TEST_DECL(test_wolfSSL_CTX_use_certificate),
TEST_DECL(test_wolfSSL_CTX_use_certificate_file),
Expand Down
4 changes: 4 additions & 0 deletions wolfssl/openssl/ec.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,9 @@ void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag);
WOLFSSL_API
int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
const WOLFSSL_EC_POINT *pub);
WOLFSSL_API
int wolfSSL_EC_KEY_oct2key(WOLFSSL_EC_KEY *key, const unsigned char *buf,
size_t len, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API int wolfSSL_EC_KEY_check_key(const WOLFSSL_EC_KEY *key);
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
WOLFSSL_API int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key,
Expand Down Expand Up @@ -491,6 +494,7 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD;
#define ECPoint_d2i wolfSSL_ECPoint_d2i
#define EC_POINT_point2oct wolfSSL_EC_POINT_point2oct
#define EC_POINT_oct2point wolfSSL_EC_POINT_oct2point
#define EC_KEY_oct2key wolfSSL_EC_KEY_oct2key
#define EC_POINT_point2bn wolfSSL_EC_POINT_point2bn
#define EC_POINT_is_on_curve wolfSSL_EC_POINT_is_on_curve
#define o2i_ECPublicKey wolfSSL_o2i_ECPublicKey
Expand Down
3 changes: 3 additions & 0 deletions wolfssl/openssl/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -394,6 +394,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list
#define SSL_CTX_set_ciphersuites wolfSSL_CTX_set_cipher_list
#define SSL_set_cipher_list wolfSSL_set_cipher_list
#define SSL_set_ciphersuites wolfSSL_set_cipher_list
/* wolfSSL does not support security levels */
#define SSL_CTX_set_security_level wolfSSL_CTX_set_security_level
#define SSL_CTX_get_security_level wolfSSL_CTX_get_security_level
Expand Down Expand Up @@ -617,6 +618,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_check_issued wolfSSL_X509_check_issued
#define X509_dup wolfSSL_X509_dup
#define X509_add_ext wolfSSL_X509_add_ext
#define X509_add1_ext_i2d wolfSSL_X509_add1_ext_i2d
#define X509_delete_ext wolfSSL_X509_delete_ext
#define X509_get0_subject_key_id wolfSSL_X509_get0_subject_key_id

Expand Down Expand Up @@ -1597,6 +1599,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE;
#define SSL_SESSION_print wolfSSL_SESSION_print
#define sk_GENERAL_NAME_pop_free wolfSSL_sk_GENERAL_NAME_pop_free
#define sk_GENERAL_NAME_new wolfSSL_sk_GENERAL_NAME_new
#define sk_GENERAL_NAME_new_null() wolfSSL_sk_GENERAL_NAME_new(NULL)
#define sk_GENERAL_NAME_free wolfSSL_sk_GENERAL_NAME_free
#define sk_ASN1_OBJECT_pop_free wolfSSL_sk_ASN1_OBJECT_pop_free
#define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free
Expand Down
3 changes: 3 additions & 0 deletions wolfssl/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5228,6 +5228,9 @@ WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int
WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit,
void *data);
WOLFSSL_API int wolfSSL_X509_add1_ext_i2d(WOLFSSL_X509 *x, int nid,
void *value, int crit,
unsigned long flags);
WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
Expand Down
Loading