Skip to content

Commit

Permalink
init sssd support
Browse files Browse the repository at this point in the history
- Refactor OCSP to separate IO callback
- wolfSSL_BIO_reset: fix return
- CheckCertCRL_ex: return CRL_CERT_DATE_ERR instead of ASN_AFTER_DATE_E
- CheckCertCRL_ex: return most relevant error code
- i2d/d2i APIs: correct parameters handling and return codes
- Custom ASN1 structures: major refactor to make it much more versatile
- Use WOLFSSL_ASSERT_SIZEOF_GE where applicable
- wolfSSL_EVP_SignFinal: implement ecc
- wolfSSL_EVP_VerifyFinal: implement ecc
- OBJ_NAME_do_all: bring closer to OpenSSL functionality
- Correct return of *_push api
- Implement:
  - OCSP_REQ_CTX API
  - d2i_ECPKParameters
  - wolfSSL_sk_insert
  - OCSP_parse_url
  - X509_STORE_set1_param
  - X509_get0_subject_key_id
  - X509_OBJECT_retrieve_by_subject
  - OCSP_sendreq_nbio
  • Loading branch information
julek-wolfssl committed Aug 16, 2024
1 parent 1190d1b commit a6a40de
Show file tree
Hide file tree
Showing 35 changed files with 2,956 additions and 792 deletions.
8 changes: 4 additions & 4 deletions src/bio.c
Original file line number Diff line number Diff line change
Expand Up @@ -1702,13 +1702,13 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
if (XFSEEK(bio->ptr.fh, 0, XSEEK_SET) != 0)
return WOLFSSL_BIO_ERROR;
else
return 0;
return WOLFSSL_SUCCESS;
#endif

case WOLFSSL_BIO_BIO:
bio->rdIdx = 0;
bio->wrIdx = 0;
return 0;
return WOLFSSL_SUCCESS;

case WOLFSSL_BIO_MEMORY:
bio->rdIdx = 0;
Expand All @@ -1727,7 +1727,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
bio->mem_buf->max = 0;
}
}
return 0;
return WOLFSSL_SUCCESS;

#ifndef WOLFCRYPT_ONLY
case WOLFSSL_BIO_MD:
Expand All @@ -1738,7 +1738,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio)
wolfSSL_EVP_MD_CTX_init(bio->ptr.md_ctx);
wolfSSL_EVP_DigestInit(bio->ptr.md_ctx, md);
}
return 0;
return WOLFSSL_SUCCESS;
#endif /* WOLFCRYPT_ONLY */

default:
Expand Down
10 changes: 5 additions & 5 deletions src/conf.c
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
goto error;
}
if (wolfSSL_sk_push(ret->data, strBuf) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_push(ret->data, strBuf) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_push error");
XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
goto error;
Expand Down Expand Up @@ -226,7 +226,7 @@ int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row)
return WOLFSSL_FAILURE;
}

if (wolfSSL_sk_push(db->data, row) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_push(db->data, row) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_push error");
return WOLFSSL_FAILURE;
}
Expand Down Expand Up @@ -450,11 +450,11 @@ int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *)section->value;
value->section = section->section;

if (wolfSSL_sk_CONF_VALUE_push(sk, value) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_CONF_VALUE_push(sk, value) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
return WOLFSSL_FAILURE;
}
if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
wolfssl_sk_pop_type(sk, STACK_TYPE_CONF_VALUE);
return WOLFSSL_FAILURE;
Expand Down Expand Up @@ -497,7 +497,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,

ret->value = (char*)sk;

if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) != WOLFSSL_SUCCESS) {
if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) <= 0) {
WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
goto error;
}
Expand Down
11 changes: 6 additions & 5 deletions src/crl.c
Original file line number Diff line number Diff line change
Expand Up @@ -437,7 +437,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
break;
}
else if (foundEntry == 0) {
ret = ASN_AFTER_DATE_E;
ret = CRL_CERT_DATE_ERR;
}
}
}
Expand Down Expand Up @@ -478,8 +478,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
if (foundEntry == 0) {
/* perform embedded lookup */
if (crl->crlIOCb) {
ret = crl->crlIOCb(crl, (const char*)extCrlInfo, extCrlInfoSz);
if (ret == WOLFSSL_CBIO_ERR_WANT_READ) {
int cbRet = crl->crlIOCb(crl, (const char*)extCrlInfo,
extCrlInfoSz);
if (cbRet == WOLFSSL_CBIO_ERR_WANT_READ) {
ret = OCSP_WANT_READ;
}
else if (ret >= 0) {
Expand All @@ -502,9 +503,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
/* When not set the folder or not use hash_dir, do nothing. */
if ((foundEntry == 0) && (ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))) {
if (crl->cm != NULL && crl->cm->x509_store_p != NULL) {
ret = LoadCertByIssuer(crl->cm->x509_store_p,
int loadRet = LoadCertByIssuer(crl->cm->x509_store_p,
(WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL);
if (ret == WOLFSSL_SUCCESS) {
if (loadRet == WOLFSSL_SUCCESS) {
/* try again */
ret = CheckCertCRLList(crl, issuerHash, serial, serialSz,
serialHash, &foundEntry);
Expand Down
11 changes: 7 additions & 4 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -4570,6 +4570,8 @@ void FreeX509(WOLFSSL_X509* x509)
x509->authKeyId = NULL;
XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->subjKeyId = NULL;
wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr);
x509->subjKeyIdStr = NULL;
XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
x509->authInfo = NULL;
XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
Expand Down Expand Up @@ -6915,12 +6917,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
/* Don't change recv callback if currently using BIO's */
if (ssl->CBIORecv != BioReceive)
if (ssl->CBIORecv != SslBioReceive)
#endif
ssl->CBIORecv = ctx->CBIORecv;
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
/* Don't change send callback if currently using BIO's */
if (ssl->CBIOSend != BioSend)
if (ssl->CBIOSend != SslBioSend)
#endif
ssl->CBIOSend = ctx->CBIOSend;
ssl->verifyDepth = ctx->verifyDepth;
Expand Down Expand Up @@ -14002,7 +14004,8 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
ph->hash_value = hash;
ph->last_suffix = suffix;

ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph);
ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph) > 0
? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
}
wc_UnLockMutex(&lookup->dirs->lock);
Expand Down Expand Up @@ -30294,7 +30297,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,

if (ret == 0) {
if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
== WOLFSSL_FAILURE)
<= 0)
{
ret = MEMORY_ERROR;
}
Expand Down
Loading

0 comments on commit a6a40de

Please sign in to comment.