From cab20fbdd2a0042fcdc5059477dabe9a8dce1926 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 23 Oct 2024 16:57:58 -0500 Subject: [PATCH] add and use WOLFSSL_PARTIAL_CHAIN as native bitmask macro for compat layer X509_V_FLAG_PARTIAL_CHAIN; in src/x509_str.c, fix several C++ "invalid conversion" errors in X509StoreFreeObjList() and wolfSSL_X509_STORE_get0_objects(). --- src/x509_str.c | 18 +++++++++--------- wolfssl/openssl/ssl.h | 4 ++-- wolfssl/ssl.h | 1 + 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index 072e16e167..a659a73d46 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -415,8 +415,8 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) * a trusted CA in the CM */ ret = X509StoreVerifyCert(ctx); if (ret != WOLFSSL_SUCCESS) { - if (((ctx->flags & X509_V_FLAG_PARTIAL_CHAIN) || - (ctx->store->param->flags & X509_V_FLAG_PARTIAL_CHAIN)) && + if (((ctx->flags & WOLFSSL_PARTIAL_CHAIN) || + (ctx->store->param->flags & WOLFSSL_PARTIAL_CHAIN)) && (added == 1)) { wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); ret = WOLFSSL_SUCCESS; @@ -592,8 +592,8 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, unsigned long flags) { - if ((ctx != NULL) && (flags & X509_V_FLAG_PARTIAL_CHAIN)){ - ctx->flags |= X509_V_FLAG_PARTIAL_CHAIN; + if ((ctx != NULL) && (flags & WOLFSSL_PARTIAL_CHAIN)){ + ctx->flags |= WOLFSSL_PARTIAL_CHAIN; } } @@ -1059,9 +1059,9 @@ static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, i = wolfSSL_sk_X509_OBJECT_num(objs) - 1; while (cnt > 0 && i > 0) { /* The inner X509 is owned by somebody else, NULL out the reference */ - obj = wolfSSL_sk_X509_OBJECT_value(objs, i); + obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i); if (obj != NULL) { - obj->type = 0; + obj->type = (WOLFSSL_X509_LOOKUP_TYPE)0; obj->data.ptr = NULL; } cnt--; @@ -1363,8 +1363,8 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) ret = wolfSSL_CertManagerDisableCRL(store->cm); } #endif - if (flag & X509_V_FLAG_PARTIAL_CHAIN) { - store->param->flags |= X509_V_FLAG_PARTIAL_CHAIN; + if (flag & WOLFSSL_PARTIAL_CHAIN) { + store->param->flags |= WOLFSSL_PARTIAL_CHAIN; } return ret; } @@ -1753,7 +1753,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( /* Do not modify stack until after we guarantee success to * simplify cleanup logic handling cert merging above */ for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) { - x509 = wolfSSL_sk_value(cert_stack, i); + x509 = (WOLFSSL_X509 *)wolfSSL_sk_value(cert_stack, i); obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 1f7b640eb4..f6d29f0b75 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -643,8 +643,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL -#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 -#define X509_V_FLAG_TRUSTED_FIRST 0 +#define X509_V_FLAG_PARTIAL_CHAIN WOLFSSL_PARTIAL_CHAIN +#define X509_V_FLAG_TRUSTED_FIRST 0 /* dummy value needed for gRPC port */ #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME #define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 15e0e9cde5..4bbdf6565c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -616,6 +616,7 @@ struct WOLFSSL_X509_STORE { #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_NO_CHECK_TIME 0x200000 +#define WOLFSSL_PARTIAL_CHAIN 0x80000 #define WOLFSSL_HOST_NAME_MAX 256 #define WOLFSSL_VPARAM_DEFAULT 0x1