summaryrefslogtreecommitdiff
path: root/FreeRTOS-Plus/Source/WolfSSL/wolfssl/wolfcrypt/asn.h
diff options
context:
space:
mode:
authorlundinc <lundinc@1d2547de-c912-0410-9cb9-b8ca96c0e9e2>2020-08-12 19:11:51 +0000
committerlundinc <lundinc@1d2547de-c912-0410-9cb9-b8ca96c0e9e2>2020-08-12 19:11:51 +0000
commit42255af1e27a3157d541f0812eaca447c569ca49 (patch)
tree5c8702c2f0dc1cb9be1a4d5ff285897d96b97dd2 /FreeRTOS-Plus/Source/WolfSSL/wolfssl/wolfcrypt/asn.h
parentf5221dff43de249079c2da081723cb7a456f981f (diff)
downloadfreertos-master.tar.gz
commit 70dcbe4527a45ab4fea6d58c016e7d3032f31e8cHEADmaster
Author: Ming Yue <mingyue86010@gmail.com> Date: Tue Aug 11 17:06:59 2020 -0700 Remove unused wolfSSL files. (#197) * Remove unused wolfSSL files. * Add back some removed ciphers. * Update VS project file. commit 0e0edd96e8236b2ea4a6e6018812807be828c77f Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com> Date: Tue Aug 11 10:50:30 2020 -0700 Use new QEMU test project to improve stream/message buffer tests (#168) * Add Eclipse/GCC project that targets the LM3S8962 QEMU model. * Get the Cortex-M QEMU project working. * Continue working on making stream buffer demo more robust and QEMU project. * Rename directory CORTEX_LM3S8986_QEMU to CORTEX_LM3S6965_QEMU. Work on making the Stream Buffer tests more robust. Check in before adding in the trace recorder. * Rename CORTEX_LM3S6969_QEMU to CORTEX_LM3S6969_GCC_QEMU. * Make the StreamBufferDemo.c common demo file (test file) more robust to other test tasks running at an equally high priority. * Work in progress checkin only - comments in main.c are incorrect. * Correct comments at the top of FreeRTOS/Demo/CORTEX_LM3S6965_GCC_QEMU/main.c Make the message buffer tests more robust in the case the a message buffer becomes full when prvSenderTask() has a higher priority than the reader task. * Disable trace recorder in the LM3S6965 QEMU demo. * I'm dropping FreeRTOS-Kernel reference update, since this seems to break the CMBC CI. Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit 157a7fc39f19583ac8481e93fa3e1c91b1e1860c Author: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com> Date: Sun Aug 9 22:21:44 2020 -0700 Use chacheable RAM in IAR project for MPU_M7_NUCLEO_H743ZI2 project (#193) This change updates the IAR project for Nucleo H743ZI2 to use the cacheable DTC RAM and enables L1 cache. In order to ensure the correct functioning of cache, the project sets configTEX_S_C_B_SRAM in FreeRTOSConfig.h to not mark the RAM as shareable. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> commit f3e43556f90f01b82918ad533b0c616489331919 Author: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com> Date: Sun Aug 9 16:23:53 2020 -0700 Add MPU demo projects for NUCLEO-H743ZI2 board (#155) * Add MPU demo projects for NUCLEO-H743ZI2 board It contains projects for Keil uVision, STM32CubeIDE and IAR EW. This demo shows the use of newly added support for 16 MPU regions. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> * Delete not needed CMSIS files Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> commit 94aa31c3cbae7c929b8a412768b74631f4a6b461 Author: TakayukiMatsuo <62984531+TakayukiMatsuo@users.noreply.github.com> Date: Sat Aug 8 07:58:14 2020 +0900 Update wolfSSL to the latest version(v.4.4.0) (#186) * deleted old version wolfSSL before updating * updated wolfSSL to the latest version(v4.4.0) * updated wolfSSL to the latest version(v4.4.0) * added macros for timing resistance Co-authored-by: RichardBarry <3073890+RichardBarry@users.noreply.github.com> Co-authored-by: Ming Yue <mingyue86010@gmail.com> commit 68518f5866aac58793c737d9a46dd07a6a816aaf Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com> Date: Fri Aug 7 14:59:24 2020 -0700 Removed a 16MByte flash image file that was checked in by mistake (several years ago). (#173) Remove the copies of lwIP that are no longer reference from demo projects. Co-authored-by: Carl Lundin <53273776+lundinc2@users.noreply.github.com> commit d4bf09480a2c77b1a25cce35b32293be61ab586f Author: m17336 <45935231+m17336@users.noreply.github.com> Date: Thu Aug 6 22:37:08 2020 +0300 Update previous AVR ATmega0 and AVR Dx projecs + addition of equivalent projects in MPLAB.X and IAR (#180) * Updated indentation in AVR_ATMega4809_Atmel_Studio and AVR_Dx_Atmel_Studio projects, plus small fixes in their readme files. * Added AVR_ATMega4809_IAR, AVR_ATMega4809_MPLAB.X, AVR_Dx_IAR and AVR_Dx_MPLAB.X demo projects. * Removed build artefacts and added .gitignore files in AVR_ATMega4809_MPLAB.X and AVR_Dx_MPLAB.X projects. Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit f32a0647c8228ddd066f5d69a85b2e49086e4c95 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Mon Aug 3 16:45:10 2020 -0700 Remove CBMC patch which is not used anymore (#187) * Delete 0002-Change-FreeRTOS_IP_Private.h-union-to-struct.patch * Delete 0002-Change-FreeRTOS_IP_Private.h-union-to-struct.patch commit 08af68ef9049279b265c3d00e9c48fb9594129a8 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Sat Aug 1 16:38:23 2020 -0700 Remove dependency of CBMC on Patches (#181) * Changes to DHCP * CBMC DNS changes * Changes for TCP_IP * Changes to TCP_WIN * Define away static to nothing * Remove patches * Changes after Mark's comments v1 * Update MakefileCommon.json * Correction! commit a7fec906a415363338449447daf10d7517b78848 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Jul 29 17:39:36 2020 -0700 Misc changes (#183) commit 07cf5e07e4a05d6775a2f9e753269f43f82cf6ba Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Jul 29 16:15:38 2020 -0700 MISRA compliance changes for FreeRTOS+TCP headers (#165) * misra changes * Update FreeRTOS_IP_Private.h * Update FreeRTOS_IP_Private.h commit e903ac0fed7ce59916899e404f3e5ae5b08d1478 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Jul 29 16:03:14 2020 -0700 UPD MISRA changes (#164) Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit 97551bf44e7dc7dc1e4484a8fd30f699255e8569 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Jul 29 15:52:00 2020 -0700 MISRA changes in FreeRTOS_TCP_WIN.c (#162) commit f2611cc5e5999c4c87e040a8c2d2e6b5e77a16a6 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Jul 29 15:38:37 2020 -0700 MISRA compliance changes in FreeRTOS_Sockets{.c/.h} (#161) * MISRA changes Sockets * add other changes * Update FreeRTOSIPConfig.h * Update FreeRTOSIPConfig.h * Update FreeRTOSIPConfig.h * Update FreeRTOSIPConfig.h * correction * Add 'U' * Update FreeRTOS_Sockets.h * Update FreeRTOS_Sockets.h * Update FreeRTOS_Sockets.c * Update FreeRTOS_Sockets.h * Update after Gary's comments * Correction reverted commit ae4d4d38d9b2685bae159b4c87619cdb157c0bf7 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Jul 29 13:56:57 2020 -0700 MISRA compliance changes for FreeRTOS_TCP_IP.c (#160) * MISRA tcp-ip changes * Changes after Hein's comments on original PR * Update FreeRTOS_TCP_IP.c Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit a457f43c66eb0f4be9d8f8678c0e3fb8d7ebd57b Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com> Date: Tue Jul 28 13:01:38 2020 -0700 Add missing error state assignment. (#166) commit 915af50524e15a78ceb6c62b3d33f6562621ee46 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Mon Jul 27 17:30:53 2020 -0700 Add Atmel Studio projects for ATMega4809 and AVR128DA48 (#159) * Added explicit cast to allow roll over and avoid integer promotion during cycles counters comparison in recmutex.c. * Fixed type mismatch between declaration and definition of function xAreSemaphoreTasksStillRunning( void ). * Added Atmel Studio demo projects for ATMega4809 and AVR128DA48. * Per https://www.freertos.org/upgrading-to-FreeRTOS-V8.html, I'm updating portBASE_TYPE to BaseType_t. Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> * Update register test for ATmega4809 - to cover r28, r29, r31. - call public API taskYIELD() instead of portYIELD(). * Update ATmega4809 readme.md to include info for serial port setup, and minor wording fix. Co-authored-by: Alexandru Niculae - M17336 <alexandru.niculae@microchip.com> commit 4a7a48790d64127f85cc763721b575c51c452833 Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com> Date: Thu Jul 23 10:22:33 2020 -0700 Add Uncrustify file used for Kernel. (#163) commit e0d62163b08769fd74f020709c398f994088ca96 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Jul 22 18:06:23 2020 -0700 Sync with +TCP amazon-FreeRTOS (#158) * DNS.c commit * IP.c commit * Add various source & header files commit 8e36bee30eef2107e128edb58e83ee46e8241a91 Author: Nathan Chong <52972368+nchong-at-aws@users.noreply.github.com> Date: Tue Jul 21 12:51:20 2020 -0400 Prove buffer lemmas (#124) * Prove buffer lemmas * Update queue proofs to latest kernel source All changes were syntactic due to uncrustify code-formatting * Strengthen prvCopyDataToQueue proof * Add extract script for diff comparison Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit c720c18ada40b502436ea811e8d03dca919726d8 Author: Hein Tibosch <hein_tibosch@yahoo.es> Date: Tue Jul 14 05:35:44 2020 +0800 FreeRTOS+TCP Adding the combined driver for SAM4E and SAME70 v2 (#78) * Adding a combined +TCP driver for SAM4E and SAME70 * Changes after review from Aniruddha Co-authored-by: Hein Tibosch <hein@htibosch.net> Co-authored-by: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> commit 4237049b12d9bb6b03694fecf6ea26a353e637c8 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Mon Jul 13 12:07:56 2020 -0700 Add changes from 2225-2227 amazon-FreeRTOS (#134) commit 7caa32863458c4470d3c620945c30824199f524c Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Fri Jul 10 23:32:30 2020 -0700 Add Full TCP test suite - not using secure sockets (#131) * Add Full-TCP suite * delete unnecessary files * Change after Joshua's comments commit d7667a0034841f2968f9f9f805030cc608bfbce1 Author: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com> Date: Fri Jul 3 15:45:44 2020 -0700 Remove unnecessary semicolon from the linker file (#121) This was creating problem with the onboard LPCLink debug probe. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> commit 529c481c39506d0b331bfd0cdea35e5d1aeaaad0 Author: Nathan Chong <52972368+nchong-at-aws@users.noreply.github.com> Date: Thu Jul 2 15:55:20 2020 -0400 Add VeriFast kernel queue proofs (#117) commit d5fedeaa96b5b1d3c0f6b9b52a8064ab72ff2821 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Jul 1 13:56:27 2020 -0700 Add checks in FreeRTOS_Socket.c (#104) * Add fail-safes to FreeRTOS_Socket.c * Use all 'pd' errors * Correction after Hein's comments * Correction after Hein's comments v2 * Changes after Hein's comments * Update after Gary's comments commit a9b2aac4e9fda2a259380156df9cc0af51384d2d Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Fri Jun 26 12:09:36 2020 -0700 Folder structure change + Fix broken Projects (#103) * Update folder structure * Correct project files * Move test folder * Some changes after Yuki's comments commit 98bfc38bf3404414878dc68ea41753bea4e24c8e Author: Hein Tibosch <hein_tibosch@yahoo.es> Date: Thu Jun 25 13:01:45 2020 +0800 FreeRTOS+TCP : add memory statistics and dump packets, v3 (#83) * FreeRTOS+TCP : add memory statistics and dump packets, v3 * Two changes as requested by Aniruddha Co-authored-by: Hein Tibosch <hein@htibosch.net> Co-authored-by: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> commit 072a173c9df31c75ff64bde440f3f316cedb9033 Author: S.Burch <8697966+wholl0p@users.noreply.github.com> Date: Mon Jun 22 23:39:26 2020 +0200 Fixed Imports for Infineon XMC1100 Board (#88) Co-authored-by: RichardBarry <3073890+RichardBarry@users.noreply.github.com> commit 2df5eeef5763045c4c74ff0e2a4091b7d19bea89 Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com> Date: Mon Jun 8 14:22:46 2020 -0700 Feature/multiple direct to task notifications (#73) * Add TaskNotifyArray.c with the single task tests updated to use the task notification array up to the point where the timer is created. * Continue working on TaskNotifyArray.c to test the new task notification indexes. Next TaskNotifyArray.c will be refactored to break the tests up a bit. * Refactor and update the comments in TaskNotifyArray.c - no functional changes. * Change from the task notify "array" to task notification "indexed" nomenclature in the new task notification API functions that work on one particular task notification with the array of task notifications. * Update the implementation of the taskNOTIFY_TAKE() and taskNOTIFY_WAIT() trace macros to take the array index of the task notification they are acting on. Rename configNUMBER_OF_TASK_NOTIFICATIONS to configTASK_NOTIFICATION_ARRAY_ENTRIES. Add FreeRTOS/Demo/Common/Minimal/TaskNotifyArray.c to the Visual Studio project - the file implements tests specific to the behaviour of the indexed task notification functions and should be used in addition to the tests already provided in FreeRTOS/Demo/Common/Minimal/TaskNotify.c. commit b9e4ecfaf7286d8493d4a96a93fbb325534ad97b Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Fri Jun 5 11:10:58 2020 -0700 Remove Empty and Un-referenced folder from Demo (#86) commit f11bcc8acc57a23fb03603762e758c25b9d0efb7 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Jun 3 16:52:31 2020 -0700 Fix a Bug and corresponding CBMC patch (#84) * Update remove-static-in-freertos-tcp-ip.patch * Update FreeRTOS_TCP_IP.c * Update remove-static-in-freertos-tcp-ip.patch * Update remove-static-in-freertos-tcp-ip.patch Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit bb9f92f771e5f6ea2b9b09c7e89130a75e562eb7 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Wed Jun 3 10:46:55 2020 -0700 Submodule FreeRTOS/Source 10bbbcf0b..6199b72fb (#82) commit 6efc39f44be5b269168836e95aebbdb8ae77dce3 Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Tue Jun 2 15:09:25 2020 -0700 Add Project for running integration tests v2 (#80) * Project for integration tests * relative paths in project files * relative paths in project files-1 * relative paths in project files-2 * addressed comments * addressed comments v2 Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit 0eb5909fb02bac9dc074ff1bc2fe338d77f73764 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Thu May 28 17:05:24 2020 -0700 readme.md for ATmega328PB Xplained Mini. (#76) readme.md to get users jump started. commit cb7edd2323a77f3dbea144c1f48f95582becc99e Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Thu May 28 10:11:58 2020 -0700 Sync with a:FR (#75) * AFR sync * AFR sync: CBMC * AFR sync: CBMC: remove .bak files * AFR sync: CBMC: more cleanup * Corrected CBMC proofs * Corrected CBMC patches * Corrected CBMC patches-1 * Corrected CBMC patches-2 * remove .bak files (3) Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit 6557291e5407ca7ec6beca53fced1aaa620c5c02 Author: alfred gedeon <alfred2g@hotmail.com> Date: Wed May 27 14:44:33 2020 -0700 Test: Add Linux Networking support with demo application (#71) * Test: Add Linux Networking support with demo application * Test: revert files affected by uncrustify * Test: revert files affected by uncrustify Co-authored-by: Alfred Gedeon <gedeonag@amazon.com> Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit 8b079bc394e7b205d72210ce9e052404d782938f Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Wed May 27 10:44:03 2020 -0700 ATmega328PB Xplained Mini -- demo project for ATmega port. (#70) * Bootstrap a demo from START. No driver is added in this commit. * Add FreeRTOS source code to project. Remove unnecessary folder nesting. Heap_4 is used here. * Copy over main.c, FreeRTOSConfig.h, and regtest.{c, h}. This commit compiles, but will need some work on timer used. * This port has 2KB RAM. We are using 1KB for heap. Further decreasing minimum stack size, and also use stack overflow check 1 to save some stack space. * Preserve EEPROM set to false. * End of the line. * Reduce register test stack size. 32 8-bit register + 10 bytes for stack frame cost. Round up to 50. * Adding Queue test in Integer test. - g3 to easy debugging. - mainCHECK_PERIOD is set to 1000 ticks. Note that this port for now use WDT as tick timer, and period is set to 15ms. - vErrorChecks, is of highest priority. So if this task gets run before other tasks, the very first check will fail. * Avoid false alarm. Since we don't know in which order the tasks are scheduled, clearing any error for the first entry of vErrorChecks. Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> * ParTest.c to init, set, toggle onboard user LED at PB5. * Added a task to blink onboard user LED. Need a magic number for stack size. Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> * Explicitly setting timing slicing to 0. This is to avoid unecessary context switch when multiple tasks are of the same priority. Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> * Add taskYIELD() at the end of the loop in each register test task. This is to give other tasks of the same priority a chance to run, regardless of scheduling algorithm. Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> * minor, update comment in main.c. commit 95a3a02f95749fb7a600723076e291f9dee7426c Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Fri May 22 16:26:59 2020 -0700 FreeRTOS-Plus: Unit testing Infrastructure and examples (#72) * Added CMock as submodule * Makefile added * Removed TEMP from Makefile * Added configuration files and header files * Update Makefile * Test runner working * make clean * Example added with README * Update README.md * Restored +TCP files * Cleared +TCP changes * removed comments from Makefile * Update README.md * Update README.md * Update README.md * Updated Test/Unit-test/readme.md commit 5003d17feda25490e655c0f1c15d2b13e395c9f7 Author: Hein Tibosch <hein_tibosch@yahoo.es> Date: Wed May 6 14:16:56 2020 -0400 FreeRTOS+TCP : renewing DHCP lease while network is down (#53) Co-authored-by: Hein Tibosch <hein@htibosch.net> Co-authored-by: Gary Wicker <14828980+gkwicker@users.noreply.github.com> commit d95624c5d6ba95ec0474867d7165de2c28ed41b7 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Tue May 5 09:57:18 2020 -0700 Move CBMC proofs to FreeRTOS+ directory (#64) * move CBMC proofs to FreeRTOS+ directory * Failing proofs corrected * ParseDNSReply proof added back * removed queue_init.h from -Plus/Test Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit 95ae7c65758a9473ea16ab08182f056f72331de2 Author: markrtuttle <tuttle@acm.org> Date: Wed Apr 29 04:27:45 2020 +0000 Change cbmc-viewer invocation in CBMC makefile (#63) * Exclude FreeRTOS/Demo from CBMC proof reports. The script cbmc-viewer generates the CBMC proof reports. The script searches source files for symbol definitions and annotates source files with coverage information. This patch causes cbmc-viewer to ignore the directory FreeRTOS/Demo containing 348M of data. The script now terminates in a few seconds. * Make report default target for CBMC Makefile. Modify the Makefile for CBMC proofs to generate the report by default (and not just property checking) and modify property checking to ignore failures (due to property assertions failing) and terminating report generation. Co-authored-by: Mark R. Tuttle <mrtuttle@amazon.com> commit d421ccc89f6f6473dfdd566a00567b0e1fd4cfc3 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Sat Apr 25 16:57:35 2020 -0700 Reword readme.md under ./Test. (#61) commit 38412865985235b90dbd9da9708b68c4de5918f5 Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com> Date: Sat Apr 25 16:56:54 2020 -0700 Removed a:FR reference. (#60) commit 4db195c916c7b13c82ab3a34a499fe606f266810 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Tue Apr 21 15:40:08 2020 -0700 Adding FreeRTOS+TCP CBMC proofs to FreeRTOS/FreeRTOS (#56) ParseDNSReply is to be added in the next PR. commit 40a31b6d35a866a3a6c551d95bf08dae855da5bd Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Mon Apr 13 13:58:33 2020 -0700 'uL' -> 'UL' commit 5b3a289b69fc92089aa8bd4d1b44ab816f326f73 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Mon Apr 13 13:50:53 2020 -0700 Changes after Gary's comments commit edf68637dd22470a8d4f59fecc15b51379bcfeda Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Fri Apr 10 16:26:03 2020 -0700 Update FreeRTOS_ARP.c commit 35f3ac32a8899dd714a8a48952a4224fbcebc4aa Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Fri Apr 10 15:56:18 2020 -0700 correct debug output commit 5e12a70db4b6a8e68a434489683306f040252efa Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Fri Apr 10 15:44:45 2020 -0700 Debugging flag check added commit 4e8ac8de25ac4088b9c789b88a77cd39df4d9167 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Thu Apr 9 16:57:19 2020 -0700 Comment style consistency and Yuhui's suggestions commit e43f7cd086096ad60491fedba69927a1e1a82f20 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Thu Apr 9 16:47:41 2020 -0700 Cleanup commit ab3b51c7a0d880a6bf453ec63ae604e15050f310 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Thu Apr 9 16:33:03 2020 -0700 Update after Gary's comments commit 97f7009699ffb972c0745dfdb526d1fa4e0faf84 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Apr 8 14:30:15 2020 -0700 Update after richard's comments commit a9fcafc074cec559dd67961ef44273df6180c2db Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Apr 8 14:07:39 2020 -0700 Corrected the formatting - visual studio had messed up the formatting commit c381861014a8043ce30723fc5a8cf5107719c8df Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Apr 8 13:01:12 2020 -0700 commit 2 after gary's comments commit 75677a8d85fa802cca9058d6e23796d5043a0982 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Apr 8 12:51:10 2020 -0700 Commit after Gary's comments commit 666c0da366030109db2c0c5e7253cebb2f899db7 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Apr 8 10:56:01 2020 -0700 Update after Yuhui's comments - removed (void) from before memcpy, memset etc. - corrected memcpy style as suggested by Yuhui - Added logging for xNetworkInterfaceOutput. No need to configASSERT commit 4a1148d15b6b8169d2412f8179f734683b179795 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Apr 1 16:05:36 2020 -0700 Coverity + MISRA compliance Modified code to conform to the MISRA directives more closely. commit fa74f7dccf6b1a356993c6a894f8e1173b8c8157 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Thu Apr 2 20:26:10 2020 -0700 Removing writes to read-only PLIC interrupt pending registers. Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> commit 5b9777e11e16609648fb98d2f9a47553ab238950 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Tue Mar 31 10:45:23 2020 -0700 A readme file to introduce what ./Test directory is about. commit 211bb4cbd9ae6dfa95e8d8501f37d272bde5ab26 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Tue Mar 24 15:14:24 2020 -0700 Ignore whitespace when working with patches. commit 8156f64d1c45dd59ef12279f19a99f03e79e1f8a Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Tue Feb 25 18:04:23 2020 -0800 Copying CBMC proofs from aws/amazon-freertos repo ./tools/cbmc to this repo ./FreeRTOS/Test/CBMC as is. The commit ID in aws/amazon-freertos is 0c8e0217f2a43bdeb364b58ae01c6c259e03ef1b. commit 9f316c246baafa15c542a5aea81a94f26e3d6507 Author: David Vrabel <david.vrabel@cambridgeconsultants.com> Date: Mon Mar 16 11:21:46 2020 +0000 Demo/Posix_GCC: add demo application for Posix port using GCC This is largely a copy of the Windows demo application with a few key changes: - heap_3 (use malloc()/free()) so tools like valgrind "just work". - printf() wrapped in a mutex to prevent deadlocks on the internal pthread mutexes inside printf(). SCons (https://scons.org/) is used as the build system. This will be built as a 64-bit application, but note that the memory allocation trace points only record the lower 32-bits of the address. commit f78f919b3e2f0d707531a301a8ca07cd02bc4778 Author: Markus Rinne <markus.ka.rinne@gmail.com> Date: Thu Mar 19 21:00:24 2020 +0200 Fix function comments commit 1cd2d38d960a3576addb224582c88489bade5141 Author: David Chalco <david@chalco.io> Date: Fri Mar 20 10:29:05 2020 -0700 unix separators for path and remove .exe suffix from risc compiler (works on windows/mac) commit 938b19419eded12817737ab0644e94ed2ba7e95d Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Thu Mar 19 18:23:09 2020 -0700 Removing ./FreeRTOS-Labs directory, since: - IoT libraries are now in LTS branch. - FAT/POSIX/Light-weight MQTT are in https://github.com/FreeRTOS/FreeRTOS-Labs. commit 1a4abbc9e91b13fd6394464ade59d5e048320c7c Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Tue Mar 17 19:30:02 2020 -0700 Maintenance -- clean up readme.txt and add url to GitHub. (#38) * Removing readme.txt, as now we have README.md in place. The only information missing from README.md is about FAQ. * Adding FAQ information in README.md. * Adding a .url to root to redict user to FreeRTOS github home page. commit 47bb466aa19395b7785bcb830e2e4dd35f6bafc5 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Tue Mar 17 13:07:44 2020 -0700 Update issue templates Template maintenance. - adding title prefix. - adding examples to "additional context" section. commit f506290041f56867765f8efa70ed2862125bdb7c Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Tue Mar 17 10:15:07 2020 -0700 Create SECURITY.md Apply the recommended SECURITY.md from AWS to our repo. commit 8982a2f80a80a2a0a47cf82de07b52101bd9d606 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Fri Mar 13 12:50:10 2020 -0700 Add ./lib directory to make sure Zynq project compiles. commit ecf0f12aa14ad6fdafe1ef37257cbb4e03e2abd5 Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Wed Mar 11 10:19:48 2020 -0700 Sync up with Amazon-freertos repo (10th March 2020) (#34) * Sync up with amazon-freertos * Sync up with amazon-freertos * Sync up with amazon-freertos commit 0acffef047973e2e61c2201fd69cd9bbd317f674 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Tue Mar 10 10:20:48 2020 -0700 GitHub PR template. (#29) commit c40a6da2e4cb8042b56d1b174051cbbe9813781a Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Mon Mar 9 11:18:48 2020 -0700 pass payload length when calling UDP callback (#30) * pass payload length when calling UDP callback commit 12d580e93d4d9074b9a867632f0681a511b4ad12 Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Fri Mar 6 18:16:51 2020 -0800 Update issue templates Initial issue template. Created following https://help.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser. If change is needed, we could go another round. commit 9debffb5e0e42ff716f58b2270b3af09652294af Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Fri Mar 6 17:27:46 2020 -0800 Update README.md to remove dead link. See the conversation https://github.com/FreeRTOS/FreeRTOS/commit/42c627b2b88cb3b487fea983d8b566a8bbae54fa#comments . Linkage for both ```./FreeRTOS/Source``` and ```./FreeRTOS/Demo``` are removed, since it looks weird to only provide linkage to Demo. commit 7e1a4bf563240501fc45167aee9d929c533939dd Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com> Date: Fri Mar 6 15:18:09 2020 -0800 Fix DHCP option Client-identifier (#28) commit 42c627b2b88cb3b487fea983d8b566a8bbae54fa Author: Yuhui.Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Fri Mar 6 09:15:11 2020 -0800 Update readme and revert relative URL. (#27) * Reordering: bumping cloning instruction up. * Rewording readme.md to be clear kernel code is a submodule of this repository. * Reverting relative URL, since user cannot click through on GitHub page. (With URL, user could still download the correct version of the code. Reverting simply due to UI issue.) commit 5751ae9b60e248ebd0b4dd7c58df54364d2bb9d5 Author: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com> Date: Fri Mar 6 09:11:42 2020 -0800 Update CORTEX_MPU_M33F_NXP_LPC55S69_MCUXpresso project (#26) This commit updates the project for LPC55S69 so that it works with the latest version of MCUXpresso and SDK. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> commit a9ffffe1f01f45f79e127c15727784984077932f Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com> Date: Thu Mar 5 17:16:13 2020 -0800 Using Relative URL For Submoduling. (#24) commit 52c82076b38fe73d1dc46c97abf74ae9b803696c Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com> Date: Thu Mar 5 09:16:31 2020 -0800 use relative path to point to bundled toolchain instead (#25) commit b877e4ec478de2c24d07ab46241070d7c66f375c Author: lundinc2 <53273776+lundinc2@users.noreply.github.com> Date: Tue Feb 25 13:18:38 2020 -0800 Moved vulnerability reporting and code of conduct to top of CONTRIBUTING.md (#20) commit bef165d46799fb8faa58aaa224f80c16b6538e69 Author: Yuhui.Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Tue Feb 18 22:06:38 2020 -0800 Linking test source file from relative path. (#19) commit 89e7bbe292afd3912d1f0b2402cc506878bad869 Author: Yuhui.Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Tue Feb 18 17:47:55 2020 -0800 A preliminary .gitignore file, to prevent us checking in files unnecessary. (#18) https://github.com/github/gitignore. commit c2a98127acb48c4562233230e66ca5c282688579 Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com> Date: Sun Feb 16 13:19:53 2020 -0800 Minor wording changes in the 'previous releases' section of the readme.me file. (#17) commit 24c772d1439e5c291c0a29fce0a46996ca8afaa9 Author: Yuhui.Zheng <10982575+yuhui-zheng@users.noreply.github.com> Date: Fri Feb 14 12:47:01 2020 -0800 Submodule kernel directory. (#16) * Removing FreeRTOS/Source in readiness for submoduling. * Submoduling kernel. * README.md update due to submoduling. When releasing, please follow these steps: 1. in local directory, clean directory and check "git status" shows "nothing to commit, working tree clean" for ALL subdirectories. 2. copy source code and instructions only to an empty folder. Git related should not be in this folder -- this covers .git, .gitignore, .github, .gitmodules, gitmessages, ...... 3. zip the folder from step 2. (create both .zip and .7z) 4. attach .zip and .7z to the release. (e.g. attach these two in new release -- https://github.com/FreeRTOS/FreeRTOS/releases/new) 5. PLEASE download both, unzip, diff with your local git repo. (should not see any difference other than git related.) And, sanity check a couple of projects. commit c3f8b91652392dc55e0d7067b90a40de5f5f0837 Author: Rashed Talukder <9218468+rashedtalukder@users.noreply.github.com> Date: Thu Feb 13 17:47:14 2020 -0800 Update readme. Fixed typos and cli commands (#14) commit 4723b825f2989213c1cdb2ebf4d6793e0292e363 Author: Julian Poidevin <julian-poidevin@users.noreply.github.com> Date: Fri Feb 14 02:43:36 2020 +0100 Fixed wrong git clone SSH command (#13) Replaced bad https URL with proper SSH URL commit fc819b821715c42602819e58499846147a6394f5 Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com> Date: Thu Feb 13 17:42:22 2020 -0800 Correct the xTimerCreate() documentation which said NULL was returned if the timer period was passed into the function as 0, whereas that is not the case. (#15) Add a note to the documentation for both the xTimerCreate() and xTimerCreateStatic() functions that the timer period must be greater than 0. commit 1c711ab530b5f0dbd811d7d62e0a3763706ffff4 Author: Rashed Talukder <9218468+rashedtalukder@users.noreply.github.com> Date: Wed Feb 12 23:00:18 2020 -0800 Updated contributions guidelines (#12) commit 84fcc0d5317d96c6b086034093c8c1c83e050819 Author: Cobus van Eeden <35851496+cobusve@users.noreply.github.com> Date: Wed Feb 12 15:05:06 2020 -0800 Updates to Markdown files and readme.txt (#11) git-svn-id: http://svn.code.sf.net/p/freertos/code/trunk@2826 1d2547de-c912-0410-9cb9-b8ca96c0e9e2
Diffstat (limited to 'FreeRTOS-Plus/Source/WolfSSL/wolfssl/wolfcrypt/asn.h')
-rw-r--r--FreeRTOS-Plus/Source/WolfSSL/wolfssl/wolfcrypt/asn.h1102
1 files changed, 915 insertions, 187 deletions
diff --git a/FreeRTOS-Plus/Source/WolfSSL/wolfssl/wolfcrypt/asn.h b/FreeRTOS-Plus/Source/WolfSSL/wolfssl/wolfcrypt/asn.h
index 10d0943bb..6bdda029b 100644
--- a/FreeRTOS-Plus/Source/WolfSSL/wolfssl/wolfcrypt/asn.h
+++ b/FreeRTOS-Plus/Source/WolfSSL/wolfssl/wolfcrypt/asn.h
@@ -1,8 +1,8 @@
/* asn.h
*
- * Copyright (C) 2006-2015 wolfSSL Inc.
+ * Copyright (C) 2006-2020 wolfSSL Inc.
*
- * This file is part of wolfSSL. (formerly known as CyaSSL)
+ * This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -16,9 +16,13 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
+/*!
+ \file wolfssl/wolfcrypt/asn.h
+*/
+
#ifndef WOLF_CRYPT_ASN_H
#define WOLF_CRYPT_ASN_H
@@ -26,13 +30,16 @@
#ifndef NO_ASN
-#include <wolfssl/wolfcrypt/integer.h>
-#ifndef NO_RSA
- #include <wolfssl/wolfcrypt/rsa.h>
+
+#if !defined(NO_ASN_TIME) && defined(NO_TIME_H)
+ #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */
#endif
+#include <wolfssl/wolfcrypt/integer.h>
+
/* fips declare of RsaPrivateKeyDecode @wc_fips */
-#if defined(HAVE_FIPS) && !defined(NO_RSA)
+#if defined(HAVE_FIPS) && !defined(NO_RSA) && \
+ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
#include <cyassl/ctaocrypt/rsa.h>
#endif
@@ -50,27 +57,30 @@
#endif
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
-#ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
+
+#if defined(NO_SHA) && defined(NO_SHA256)
+ #define WC_SHA256_DIGEST_SIZE 32
#endif
#ifdef __cplusplus
extern "C" {
#endif
+#ifndef EXTERNAL_SERIAL_SIZE
+ #define EXTERNAL_SERIAL_SIZE 32
+#endif
enum {
ISSUER = 0,
SUBJECT = 1,
- EXTERNAL_SERIAL_SIZE = 32,
-
BEFORE = 0,
AFTER = 1
};
/* ASN Tags */
enum ASN_Tags {
+ ASN_EOC = 0x00,
ASN_BOOLEAN = 0x01,
ASN_INTEGER = 0x02,
ASN_BIT_STRING = 0x03,
@@ -81,23 +91,32 @@ enum ASN_Tags {
ASN_UTF8STRING = 0x0c,
ASN_SEQUENCE = 0x10,
ASN_SET = 0x11,
+ ASN_PRINTABLE_STRING = 0x13,
ASN_UTC_TIME = 0x17,
ASN_OTHER_TYPE = 0x00,
ASN_RFC822_TYPE = 0x01,
ASN_DNS_TYPE = 0x02,
ASN_DIR_TYPE = 0x04,
+ ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
+ ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
ASN_GENERALIZED_TIME = 0x18,
CRL_EXTENSIONS = 0xa0,
ASN_EXTENSIONS = 0xa3,
- ASN_LONG_LENGTH = 0x80
-};
+ ASN_LONG_LENGTH = 0x80,
+ ASN_INDEF_LENGTH = 0x80,
-enum ASN_Flags{
+ /* ASN_Flags - Bitmask */
ASN_CONSTRUCTED = 0x20,
- ASN_CONTEXT_SPECIFIC = 0x80
+ ASN_APPLICATION = 0x40,
+ ASN_CONTEXT_SPECIFIC = 0x80,
};
+#define ASN_UTC_TIME_SIZE 14
+#define ASN_GENERALIZED_TIME_SIZE 16
+#define ASN_GENERALIZED_TIME_MAX 68
+
enum DN_Tags {
+ ASN_DN_NULL = 0x00,
ASN_COMMON_NAME = 0x03, /* CN */
ASN_SUR_NAME = 0x04, /* SN */
ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
@@ -105,148 +124,401 @@ enum DN_Tags {
ASN_LOCALITY_NAME = 0x07, /* L */
ASN_STATE_NAME = 0x08, /* ST */
ASN_ORG_NAME = 0x0a, /* O */
- ASN_ORGUNIT_NAME = 0x0b /* OU */
+ ASN_ORGUNIT_NAME = 0x0b, /* OU */
+ ASN_BUS_CAT = 0x0f, /* businessCategory */
+ ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */
+
+ /* pilot attribute types
+ * OID values of 0.9.2342.19200300.100.1.* */
+ ASN_USER_ID = 0x01, /* UID */
+ ASN_DOMAIN_COMPONENT = 0x19 /* DC */
};
-enum PBES {
- PBE_MD5_DES = 0,
- PBE_SHA1_DES = 1,
- PBE_SHA1_DES3 = 2,
- PBE_SHA1_RC4_128 = 3,
- PBES2 = 13 /* algo ID */
-};
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+typedef struct WOLFSSL_ObjectInfo {
+ int nid;
+ int id;
+ word32 type;
+ const char* sName;
+ const char* lName;
+} WOLFSSL_ObjectInfo;
+extern const size_t wolfssl_object_info_sz;
+extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
+#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) */
+
+/* DN Tag Strings */
+#define WOLFSSL_COMMON_NAME "/CN="
+#define WOLFSSL_LN_COMMON_NAME "/commonName="
+#define WOLFSSL_SUR_NAME "/SN="
+#define WOLFSSL_SERIAL_NUMBER "/serialNumber="
+#define WOLFSSL_COUNTRY_NAME "/C="
+#define WOLFSSL_LN_COUNTRY_NAME "/countryName="
+#define WOLFSSL_LOCALITY_NAME "/L="
+#define WOLFSSL_LN_LOCALITY_NAME "/localityName="
+#define WOLFSSL_STATE_NAME "/ST="
+#define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName="
+#define WOLFSSL_ORG_NAME "/O="
+#define WOLFSSL_LN_ORG_NAME "/organizationName="
+#define WOLFSSL_ORGUNIT_NAME "/OU="
+#define WOLFSSL_LN_ORGUNIT_NAME "/organizationalUnitName="
+#define WOLFSSL_DOMAIN_COMPONENT "/DC="
+#define WOLFSSL_LN_DOMAIN_COMPONENT "/domainComponent="
+#define WOLFSSL_BUS_CAT "/businessCategory="
+#define WOLFSSL_JOI_C "/jurisdictionC="
+#define WOLFSSL_JOI_ST "/jurisdictionST="
+#define WOLFSSL_EMAIL_ADDR "/emailAddress="
+
+#define WOLFSSL_USER_ID "/UID="
+#define WOLFSSL_DOMAIN_COMPONENT "/DC="
+
+#if defined(WOLFSSL_APACHE_HTTPD)
+ /* otherName strings */
+ #define WOLFSSL_SN_MS_UPN "msUPN"
+ #define WOLFSSL_LN_MS_UPN "Microsoft User Principal Name"
+ #define WOLFSSL_MS_UPN_SUM 265
+ #define WOLFSSL_SN_DNS_SRV "id-on-dnsSRV"
+ #define WOLFSSL_LN_DNS_SRV "SRVName"
+ /* TLS features extension strings */
+ #define WOLFSSL_SN_TLS_FEATURE "tlsfeature"
+ #define WOLFSSL_LN_TLS_FEATURE "TLS Feature"
+ #define WOLFSSL_TLS_FEATURE_SUM 92
+#endif
-enum ENCRYPTION_TYPES {
- DES_TYPE = 0,
- DES3_TYPE = 1,
- RC4_TYPE = 2
+/* NIDs */
+enum
+{
+ NID_undef = 0,
+ NID_netscape_cert_type = NID_undef,
+ NID_des = 66,
+ NID_des3 = 67,
+ NID_sha256 = 672,
+ NID_sha384 = 673,
+ NID_sha512 = 674,
+ NID_hw_name_oid = 73,
+ NID_id_pkix_OCSP_basic = 74,
+ NID_any_policy = 75,
+ NID_anyExtendedKeyUsage = 76,
+ NID_givenName = 99,
+ NID_initials = 101,
+ NID_title = 106,
+ NID_description = 107,
+ NID_basic_constraints = 133,
+ NID_key_usage = 129, /* 2.5.29.15 */
+ NID_ext_key_usage = 151, /* 2.5.29.37 */
+ NID_subject_key_identifier = 128,
+ NID_authority_key_identifier = 149,
+ NID_private_key_usage_period = 130, /* 2.5.29.16 */
+ NID_subject_alt_name = 131,
+ NID_issuer_alt_name = 132,
+ NID_info_access = 69,
+ NID_sinfo_access = 79, /* id-pe 11 */
+ NID_name_constraints = 144, /* 2.5.29.30 */
+ NID_crl_distribution_points = 145, /* 2.5.29.31 */
+ NID_certificate_policies = 146,
+ NID_policy_mappings = 147,
+ NID_policy_constraints = 150,
+ NID_inhibit_any_policy = 168, /* 2.5.29.54 */
+ NID_tlsfeature = 1020, /* id-pe 24 */
+ NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */
+
+
+ NID_surname = 0x04, /* SN */
+ NID_serialNumber = 0x05, /* serialNumber */
+ NID_countryName = 0x06, /* C */
+ NID_localityName = 0x07, /* L */
+ NID_stateOrProvinceName = 0x08, /* ST */
+ NID_organizationName = 0x0a, /* O */
+ NID_organizationalUnitName = 0x0b, /* OU */
+ NID_jurisdictionCountryName = 0xc,
+ NID_jurisdictionStateOrProvinceName = 0xd,
+ NID_businessCategory = ASN_BUS_CAT,
+ NID_domainComponent = ASN_DOMAIN_COMPONENT,
+ NID_emailAddress = 0x30, /* emailAddress */
+ NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
+ NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
+
+ NID_X9_62_prime_field = 406 /* 1.2.840.10045.1.1 */
};
-enum ECC_TYPES {
+enum ECC_TYPES
+{
ECC_PREFIX_0 = 160,
ECC_PREFIX_1 = 161
};
+#ifdef WOLFSSL_CERT_PIV
+ enum PIV_Tags {
+ ASN_PIV_CERT = 0x0A,
+ ASN_PIV_NONCE = 0x0B,
+ ASN_PIV_SIGNED_NONCE = 0x0C,
+
+ ASN_PIV_TAG_CERT = 0x70,
+ ASN_PIV_TAG_CERT_INFO = 0x71,
+ ASN_PIV_TAG_MSCUID = 0x72,
+ ASN_PIV_TAG_ERR_DET = 0xFE,
+
+ /* certificate info masks */
+ ASN_PIV_CERT_INFO_COMPRESSED = 0x03,
+ ASN_PIV_CERT_INFO_ISX509 = 0x04,
+ };
+#endif /* WOLFSSL_CERT_PIV */
+
+
+#define ASN_JOI_PREFIX_SZ 10
+#define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01"
+#define ASN_JOI_C 0x3
+#define ASN_JOI_ST 0x2
+
+#ifndef WC_ASN_NAME_MAX
+ #ifdef OPENSSL_EXTRA
+ #define WC_ASN_NAME_MAX 300
+ #else
+ #define WC_ASN_NAME_MAX 256
+ #endif
+#endif
+#define ASN_NAME_MAX WC_ASN_NAME_MAX
+
enum Misc_ASN {
- ASN_NAME_MAX = 256,
MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
- MAX_KEY_SIZE = 64, /* MAX PKCS Key length */
- PKCS5 = 5, /* PKCS oid tag */
- PKCS5v2 = 6, /* PKCS #5 v2.0 */
- PKCS12 = 12, /* PKCS #12 */
- MAX_UNICODE_SZ = 256,
ASN_BOOL_SIZE = 2, /* including type */
ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
#ifdef NO_SHA
- KEYID_SIZE = SHA256_DIGEST_SIZE,
+ KEYID_SIZE = WC_SHA256_DIGEST_SIZE,
#else
- KEYID_SIZE = SHA_DIGEST_SIZE,
+ KEYID_SIZE = WC_SHA_DIGEST_SIZE,
#endif
RSA_INTS = 8, /* RSA ints in private key */
+ DSA_INTS = 5, /* DSA ints in private key */
MIN_DATE_SIZE = 13,
MAX_DATE_SIZE = 32,
ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
+#ifndef NO_RSA
MAX_ENCODED_SIG_SZ = 512,
+#elif defined(HAVE_ECC)
+ MAX_ENCODED_SIG_SZ = 140,
+#elif defined(HAVE_CURVE448)
+ MAX_ENCODED_SIG_SZ = 114,
+#else
+ MAX_ENCODED_SIG_SZ = 64,
+#endif
MAX_SIG_SZ = 256,
MAX_ALGO_SZ = 20,
+ MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */
MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */
MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */
MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
- MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */
+ MAX_ENCODED_DIG_ASN_SZ= 9, /* enum(bit or octet) + length(4) */
+ MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */
MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
+ MAX_DSA_INT_SZ = 261, /* DSA raw sz 2048 for bits + tag + len(4) */
MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
MAX_RSA_E_SZ = 16, /* Max RSA public e size */
MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
+ MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
+ /* Maximum DER digest size */
+ MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
+ /* Maximum DER digest ASN header size */
#ifdef WOLFSSL_CERT_GEN
#ifdef WOLFSSL_CERT_REQ
/* Max encoded cert req attributes length */
MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
#endif
- #ifdef WOLFSSL_ALT_NAMES
+ #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT)
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
#else
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
#endif
/* Max total extensions, id + len + others */
#endif
+#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
+ MAX_OID_SZ = 32, /* Max DER length of OID*/
+ MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
+#endif
+#ifdef WOLFSSL_CERT_EXT
+ MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */
+ MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */
+ MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) +
+ CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage
+ (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ +
+ (6 * (SEQ + OID))) */
+ MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
+ MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
+#endif
+ MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
+ MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */
+ OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
- MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */
+ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
EIGHTK_BUF = 8192, /* Tmp buffer size */
- MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
+ MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
/* use bigger NTRU size */
+#ifdef WOLFSSL_ENCRYPTED_KEYS
+ HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
+#else
+ HEADER_ENCRYPTED_KEY_SIZE = 0,
+#endif
+ TRAILING_ZERO = 1, /* Used for size of zero pad */
+ ASN_TAG_SZ = 1, /* single byte ASN.1 tag */
+ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
+ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
+ defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
+ MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */
+#endif
+
+ PKCS5_SALT_SZ = 8,
+
+ PEM_LINE_LEN = 80, /* PEM line max + fudge */
};
enum Oid_Types {
- hashType = 0,
- sigType = 1,
- keyType = 2,
- curveType = 3,
- blkType = 4
+ oidHashType = 0,
+ oidSigType = 1,
+ oidKeyType = 2,
+ oidCurveType = 3,
+ oidBlkType = 4,
+ oidOcspType = 5,
+ oidCertExtType = 6,
+ oidCertAuthInfoType = 7,
+ oidCertPolicyType = 8,
+ oidCertAltNameType = 9,
+ oidCertKeyUseType = 10,
+ oidKdfType = 11,
+ oidKeyWrapType = 12,
+ oidCmsKeyAgreeType = 13,
+ oidPBEType = 14,
+ oidHmacType = 15,
+ oidCompressType = 16,
+ oidCertNameType = 17,
+ oidTlsExtType = 18,
+ oidCrlExtType = 19,
+ oidIgnoreType
};
enum Hash_Sum {
- MD2h = 646,
- MD5h = 649,
- SHAh = 88,
- SHA256h = 414,
- SHA384h = 415,
- SHA512h = 416
+ MD2h = 646,
+ MD5h = 649,
+ SHAh = 88,
+ SHA224h = 417,
+ SHA256h = 414,
+ SHA384h = 415,
+ SHA512h = 416,
+ SHA3_224h = 420,
+ SHA3_256h = 421,
+ SHA3_384h = 422,
+ SHA3_512h = 423
};
+#if !defined(NO_DES3) || !defined(NO_AES)
enum Block_Sum {
- DESb = 69,
- DES3b = 652
+#ifdef WOLFSSL_AES_128
+ AES128CBCb = 414,
+ AES128GCMb = 418,
+ AES128CCMb = 419,
+#endif
+#ifdef WOLFSSL_AES_192
+ AES192CBCb = 434,
+ AES192GCMb = 438,
+ AES192CCMb = 439,
+#endif
+#ifdef WOLFSSL_AES_256
+ AES256CBCb = 454,
+ AES256GCMb = 458,
+ AES256CCMb = 459,
+#endif
+#ifndef NO_DES3
+ DESb = 69,
+ DES3b = 652
+#endif
};
+#endif /* !NO_DES3 || !NO_AES */
enum Key_Sum {
- DSAk = 515,
- RSAk = 645,
- NTRUk = 274,
- ECDSAk = 518
+ DSAk = 515,
+ RSAk = 645,
+ NTRUk = 274,
+ ECDSAk = 518,
+ ED25519k = 256,
+ ED448k = 257,
+ DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
};
-
-enum Ecc_Sum {
- ECC_256R1 = 526,
- ECC_384R1 = 210,
- ECC_521R1 = 211,
- ECC_160R1 = 184,
- ECC_192R1 = 520,
- ECC_224R1 = 209
+#if !defined(NO_AES) || defined(HAVE_PKCS7)
+enum KeyWrap_Sum {
+#ifdef WOLFSSL_AES_128
+ AES128_WRAP = 417,
+#endif
+#ifdef WOLFSSL_AES_192
+ AES192_WRAP = 437,
+#endif
+#ifdef WOLFSSL_AES_256
+ AES256_WRAP = 457,
+#endif
+#ifdef HAVE_PKCS7
+ PWRI_KEK_WRAP = 680 /*id-alg-PWRI-KEK, 1.2.840.113549.1.9.16.3.9 */
+#endif
+};
+#endif /* !NO_AES || PKCS7 */
+
+enum Key_Agree {
+ dhSinglePass_stdDH_sha1kdf_scheme = 464,
+ dhSinglePass_stdDH_sha224kdf_scheme = 188,
+ dhSinglePass_stdDH_sha256kdf_scheme = 189,
+ dhSinglePass_stdDH_sha384kdf_scheme = 190,
+ dhSinglePass_stdDH_sha512kdf_scheme = 191,
};
+
enum KDF_Sum {
PBKDF2_OID = 660
};
+enum HMAC_Sum {
+ HMAC_SHA224_OID = 652,
+ HMAC_SHA256_OID = 653,
+ HMAC_SHA384_OID = 654,
+ HMAC_SHA512_OID = 655,
+ HMAC_SHA3_224_OID = 426,
+ HMAC_SHA3_256_OID = 427,
+ HMAC_SHA3_384_OID = 428,
+ HMAC_SHA3_512_OID = 429
+};
+
+
enum Extensions_Sum {
BASIC_CA_OID = 133,
ALT_NAMES_OID = 131,
CRL_DIST_OID = 145,
- AUTH_INFO_OID = 69,
- CA_ISSUER_OID = 117,
+ AUTH_INFO_OID = 69, /* id-pe 1 */
AUTH_KEY_OID = 149,
SUBJ_KEY_OID = 128,
CERT_POLICY_OID = 146,
KEY_USAGE_OID = 129, /* 2.5.29.15 */
INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
- EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
- NAME_CONS_OID = 144 /* 2.5.29.30 */
+ EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
+ NAME_CONS_OID = 144, /* 2.5.29.30 */
+ PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */
+ SUBJECT_INFO_ACCESS = 79, /* id-pe 11 */
+ POLICY_MAP_OID = 147,
+ POLICY_CONST_OID = 150,
+ ISSUE_ALT_NAMES_OID = 132,
+ TLS_FEATURE_OID = 92, /* id-pe 24 */
+ NETSCAPE_CT_OID = 753 /* 2.16.840.1.113730.1.1 */
};
enum CertificatePolicy_Sum {
@@ -266,36 +538,61 @@ enum ExtKeyUsage_Sum { /* From RFC 5280 */
EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
- EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, OCSPSigning */
+ EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */
+ EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */
+ EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */
+ EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */
};
+#ifdef HAVE_LIBZ
+enum CompressAlg_Sum {
+ ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */
+};
+#endif
enum VerifyType {
- NO_VERIFY = 0,
- VERIFY = 1
+ NO_VERIFY = 0,
+ VERIFY = 1,
+ VERIFY_CRL = 2,
+ VERIFY_OCSP = 3,
+ VERIFY_NAME = 4,
+ VERIFY_SKIP_DATE = 5,
};
+#ifdef WOLFSSL_CERT_EXT
+enum KeyIdType {
+ SKID_TYPE = 0,
+ AKID_TYPE = 1
+};
+#endif
-/* Key usage extension bits */
-#define KEYUSE_DIGITAL_SIG 0x0100
-#define KEYUSE_CONTENT_COMMIT 0x0080
-#define KEYUSE_KEY_ENCIPHER 0x0040
-#define KEYUSE_DATA_ENCIPHER 0x0020
-#define KEYUSE_KEY_AGREE 0x0010
-#define KEYUSE_KEY_CERT_SIGN 0x0008
-#define KEYUSE_CRL_SIGN 0x0004
-#define KEYUSE_ENCIPHER_ONLY 0x0002
-#define KEYUSE_DECIPHER_ONLY 0x0001
-
-#define EXTKEYUSE_ANY 0x08
-#define EXTKEYUSE_OCSP_SIGN 0x04
-#define EXTKEYUSE_CLIENT_AUTH 0x02
-#define EXTKEYUSE_SERVER_AUTH 0x01
+/* Key usage extension bits (based on RFC 5280) */
+#define KEYUSE_DIGITAL_SIG 0x0080
+#define KEYUSE_CONTENT_COMMIT 0x0040
+#define KEYUSE_KEY_ENCIPHER 0x0020
+#define KEYUSE_DATA_ENCIPHER 0x0010
+#define KEYUSE_KEY_AGREE 0x0008
+#define KEYUSE_KEY_CERT_SIGN 0x0004
+#define KEYUSE_CRL_SIGN 0x0002
+#define KEYUSE_ENCIPHER_ONLY 0x0001
+#define KEYUSE_DECIPHER_ONLY 0x8000
+
+/* Extended Key Usage bits (internal mapping only) */
+#define EXTKEYUSE_USER 0x80
+#define EXTKEYUSE_OCSP_SIGN 0x40
+#define EXTKEYUSE_TIMESTAMP 0x20
+#define EXTKEYUSE_EMAILPROT 0x10
+#define EXTKEYUSE_CODESIGN 0x08
+#define EXTKEYUSE_CLIENT_AUTH 0x04
+#define EXTKEYUSE_SERVER_AUTH 0x02
+#define EXTKEYUSE_ANY 0x01
typedef struct DNS_entry DNS_entry;
struct DNS_entry {
DNS_entry* next; /* next on DNS list */
+ int type; /* i.e. ASN_DNS_TYPE */
+ int len; /* actual DNS len */
char* name; /* actual DNS name */
};
@@ -309,6 +606,8 @@ struct Base_entry {
byte type; /* Name base type (DNS or RFC822) */
};
+#define DOMAIN_COMPONENT_MAX 10
+#define DN_NAMES_MAX 9
struct DecodedName {
char* fullName;
@@ -316,34 +615,183 @@ struct DecodedName {
int entryCount;
int cnIdx;
int cnLen;
+ int cnNid;
int snIdx;
int snLen;
+ int snNid;
int cIdx;
int cLen;
+ int cNid;
int lIdx;
int lLen;
+ int lNid;
int stIdx;
int stLen;
+ int stNid;
int oIdx;
int oLen;
+ int oNid;
int ouIdx;
int ouLen;
+#ifdef WOLFSSL_CERT_EXT
+ int bcIdx;
+ int bcLen;
+ int jcIdx;
+ int jcLen;
+ int jsIdx;
+ int jsLen;
+#endif
+ int ouNid;
int emailIdx;
int emailLen;
+ int emailNid;
int uidIdx;
int uidLen;
+ int uidNid;
int serialIdx;
int serialLen;
+ int serialNid;
+ int dcIdx[DOMAIN_COMPONENT_MAX];
+ int dcLen[DOMAIN_COMPONENT_MAX];
+ int dcNum;
+ int dcMode;
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ /* hold the location / order with which each of the DN tags was found
+ *
+ * example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
+ */
+ int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
+ int locSz;
+#endif
+};
+
+enum SignatureState {
+ SIG_STATE_BEGIN,
+ SIG_STATE_HASH,
+ SIG_STATE_KEY,
+ SIG_STATE_DO,
+ SIG_STATE_CHECK,
+};
+
+
+#ifdef HAVE_PK_CALLBACKS
+#ifdef HAVE_ECC
+ typedef int (*wc_CallbackEccVerify)(
+ const unsigned char* sig, unsigned int sigSz,
+ const unsigned char* hash, unsigned int hashSz,
+ const unsigned char* keyDer, unsigned int keySz,
+ int* result, void* ctx);
+#endif
+#ifndef NO_RSA
+ typedef int (*wc_CallbackRsaVerify)(
+ unsigned char* sig, unsigned int sigSz,
+ unsigned char** out,
+ const unsigned char* keyDer, unsigned int keySz,
+ void* ctx);
+#endif
+#endif /* HAVE_PK_CALLBACKS */
+
+struct SignatureCtx {
+ void* heap;
+ byte* digest;
+#ifndef NO_RSA
+ byte* out;
+ byte* plain;
+#endif
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
+ int verify;
+#endif
+ union {
+ #ifndef NO_RSA
+ struct RsaKey* rsa;
+ #endif
+ #ifdef HAVE_ECC
+ struct ecc_key* ecc;
+ #endif
+ #ifdef HAVE_ED25519
+ struct ed25519_key* ed25519;
+ #endif
+ #ifdef HAVE_ED448
+ struct ed448_key* ed448;
+ #endif
+ void* ptr;
+ } key;
+ int devId;
+ int state;
+ int typeH;
+ int digestSz;
+ word32 keyOID;
+#ifdef WOLFSSL_ASYNC_CRYPT
+ WC_ASYNC_DEV* asyncDev;
+ void* asyncCtx;
+#endif
+
+#ifdef HAVE_PK_CALLBACKS
+#ifdef HAVE_ECC
+ wc_CallbackEccVerify pkCbEcc;
+ void* pkCtxEcc;
+#endif
+#ifndef NO_RSA
+ wc_CallbackRsaVerify pkCbRsa;
+ void* pkCtxRsa;
+#endif
+#endif /* HAVE_PK_CALLBACKS */
+#ifndef NO_RSA
+#ifdef WOLFSSL_RENESAS_TSIP_TLS
+ byte verifyByTSIP;
+ word32 certBegin;
+ word32 pubkey_n_start;
+ word32 pubkey_n_len;
+ word32 pubkey_e_start;
+ word32 pubkey_e_len;
+#endif
+#endif
+};
+
+enum CertSignState {
+ CERTSIGN_STATE_BEGIN,
+ CERTSIGN_STATE_DIGEST,
+ CERTSIGN_STATE_ENCODE,
+ CERTSIGN_STATE_DO,
+};
+
+struct CertSignCtx {
+ byte* sig;
+ byte* digest;
+ #ifndef NO_RSA
+ byte* encSig;
+ int encSigSz;
+ #endif
+ int state; /* enum CertSignState */
};
+#ifndef WOLFSSL_MAX_PATH_LEN
+ /* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines
+ * (k) max_path_length: this integer is initialized to "n", is
+ * decremented for each non-self-issued certificate in the path,
+ * and may be reduced to the value in the path length constraint
+ * field within the basic constraints extension of a CA
+ * certificate.
+ *
+ * wolfSSL has arbitrarily selected the value 127 for "n" in the above
+ * description. Users can modify the maximum path length by setting
+ * WOLFSSL_MAX_PATH_LEN to a preferred value at build time
+ */
+ #define WOLFSSL_MAX_PATH_LEN 127
+#endif
typedef struct DecodedCert DecodedCert;
typedef struct DecodedName DecodedName;
typedef struct Signer Signer;
+#ifdef WOLFSSL_TRUST_PEER_CERT
+typedef struct TrustedPeerCert TrustedPeerCert;
+#endif /* WOLFSSL_TRUST_PEER_CERT */
+typedef struct SignatureCtx SignatureCtx;
+typedef struct CertSignCtx CertSignCtx;
struct DecodedCert {
- byte* publicKey;
+ const byte* publicKey;
word32 pubKeySize;
int pubKeyStored;
word32 certBegin; /* offset to start of cert */
@@ -361,80 +809,68 @@ struct DecodedCert {
byte subjectHash[KEYID_SIZE]; /* hash of all Names */
byte issuerHash[KEYID_SIZE]; /* hash of all Names */
#ifdef HAVE_OCSP
+ byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
#endif /* HAVE_OCSP */
- byte* signature; /* not owned, points into raw cert */
+ const byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */
int subjectCNLen; /* CommonName Length */
char subjectCNEnc; /* CommonName Encoding */
- int subjectCNStored; /* have we saved a copy we own */
char issuer[ASN_NAME_MAX]; /* full name including common name */
char subject[ASN_NAME_MAX]; /* full name including common name */
int verify; /* Default to yes, but could be off */
- byte* source; /* byte buffer holder cert, NOT owner */
+ const byte* source; /* byte buffer holder cert, NOT owner */
word32 srcIdx; /* current offset into buffer */
word32 maxIdx; /* max offset based on init size */
void* heap; /* for user memory overrides */
byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
int serialSz; /* raw serial bytes stored */
- byte* extensions; /* not owned, points into raw cert */
+ const byte* extensions; /* not owned, points into raw cert */
int extensionsSz; /* length of cert extensions */
word32 extensionsIdx; /* if want to go back and parse later */
- byte* extAuthInfo; /* Authority Information Access URI */
+ const byte* extAuthInfo; /* Authority Information Access URI */
int extAuthInfoSz; /* length of the URI */
- byte* extCrlInfo; /* CRL Distribution Points */
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */
+ int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */
+#endif
+ const byte* extCrlInfo; /* CRL Distribution Points */
int extCrlInfoSz; /* length of the URI */
byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
- byte extSubjKeyIdSet; /* Set when the SKID was read from cert */
byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
- byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
-#ifndef IGNORE_NAME_CONSTRAINTS
- byte extNameConstraintSet;
-#endif /* IGNORE_NAME_CONSTRAINTS */
- byte isCA; /* CA basic constraint true */
- byte weOwnAltNames; /* altNames haven't been given to copy */
- byte extKeyUsageSet;
+ byte pathLength; /* CA basic constraint path length */
+ byte maxPathLen; /* max_path_len see RFC 5280 section
+ * 6.1.2 "Initialization" - (k) for
+ * description of max_path_len */
word16 extKeyUsage; /* Key usage bitfield */
- byte extExtKeyUsageSet; /* Extended Key Usage */
byte extExtKeyUsage; /* Extended Key usage bitfield */
-#ifdef OPENSSL_EXTRA
- byte extBasicConstSet;
- byte extBasicConstCrit;
- byte extBasicConstPlSet;
- word32 pathLength; /* CA basic constraint path length, opt */
- byte extSubjAltNameSet;
- byte extSubjAltNameCrit;
- byte extAuthKeyIdCrit;
-#ifndef IGNORE_NAME_CONSTRAINTS
- byte extNameConstraintCrit;
-#endif /* IGNORE_NAME_CONSTRAINTS */
- byte extSubjKeyIdCrit;
- byte extKeyUsageCrit;
- byte extExtKeyUsageCrit;
- byte* extExtKeyUsageSrc;
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ const byte* extExtKeyUsageSrc;
word32 extExtKeyUsageSz;
word32 extExtKeyUsageCount;
- byte* extAuthKeyIdSrc;
+ const byte* extAuthKeyIdSrc;
word32 extAuthKeyIdSz;
- byte* extSubjKeyIdSrc;
+ const byte* extSubjKeyIdSrc;
word32 extSubjKeyIdSz;
#endif
-#ifdef HAVE_ECC
+
+#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
word32 pkCurveOID; /* Public Key's curve OID */
#endif /* HAVE_ECC */
- byte* beforeDate;
+ const byte* beforeDate;
int beforeDateLen;
- byte* afterDate;
+ const byte* afterDate;
int afterDateLen;
-#ifdef HAVE_PKCS7
- byte* issuerRaw; /* pointer to issuer inside source */
+#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
+ const byte* issuerRaw; /* pointer to issuer inside source */
int issuerRawLen;
#endif
-#ifndef IGNORE_NAME_CONSTRAINT
- byte* subjectRaw; /* pointer to subject inside source */
+#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
+ const byte* subjectRaw; /* pointer to subject inside source */
int subjectRawLen;
#endif
-#if defined(WOLFSSL_CERT_GEN)
+#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
/* easy access to subject info for other sign */
char* subjectSN;
int subjectSNLen;
@@ -454,10 +890,24 @@ struct DecodedCert {
char* subjectOU;
int subjectOULen;
char subjectOUEnc;
+ char* subjectSND;
+ int subjectSNDLen;
+ char subjectSNDEnc;
+#ifdef WOLFSSL_CERT_EXT
+ char* subjectBC;
+ int subjectBCLen;
+ char subjectBCEnc;
+ char* subjectJC;
+ int subjectJCLen;
+ char subjectJCEnc;
+ char* subjectJS;
+ int subjectJSLen;
+ char subjectJSEnc;
+#endif
char* subjectEmail;
int subjectEmailLen;
#endif /* WOLFSSL_CERT_GEN */
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
DecodedName issuerName;
DecodedName subjectName;
#endif /* OPENSSL_EXTRA */
@@ -468,18 +918,68 @@ struct DecodedCert {
byte* hwType;
int hwSerialNumSz;
byte* hwSerialNum;
- #ifdef OPENSSL_EXTRA
- byte extCertPolicySet;
- byte extCertPolicyCrit;
- #endif /* OPENSSL_EXTRA */
#endif /* WOLFSSL_SEP */
+#ifdef WOLFSSL_CERT_EXT
+ char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
+ int extCertPoliciesNb;
+#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
+
+ Signer* ca;
+#ifndef NO_CERTS
+ SignatureCtx sigCtx;
+#endif
+#ifdef WOLFSSL_RENESAS_TSIP
+ byte* tsip_encRsaKeyIdx;
+#endif
+
+ int badDate;
+ int criticalExt;
+
+ /* Option Bits */
+ byte subjectCNStored : 1; /* have we saved a copy we own */
+ byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */
+ byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */
+#ifndef IGNORE_NAME_CONSTRAINTS
+ byte extNameConstraintSet : 1;
+#endif
+ byte isCA : 1; /* CA basic constraint true */
+ byte pathLengthSet : 1; /* CA basic const path length set */
+ byte weOwnAltNames : 1; /* altNames haven't been given to copy */
+ byte extKeyUsageSet : 1;
+ byte extExtKeyUsageSet : 1; /* Extended Key Usage set */
+ byte extCRLdistSet : 1;
+ byte extAuthInfoSet : 1;
+ byte extBasicConstSet : 1;
+ byte extSubjAltNameSet : 1;
+ byte inhibitAnyOidSet : 1;
+ byte selfSigned : 1; /* Indicates subject and issuer are same */
+#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+ byte extCertPolicySet : 1;
+#endif
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ byte extCRLdistCrit : 1;
+ byte extAuthInfoCrit : 1;
+ byte extBasicConstCrit : 1;
+ byte extSubjAltNameCrit : 1;
+ byte extAuthKeyIdCrit : 1;
+ #ifndef IGNORE_NAME_CONSTRAINTS
+ byte extNameConstraintCrit : 1;
+ #endif
+ byte extSubjKeyIdCrit : 1;
+ byte extKeyUsageCrit : 1;
+ byte extExtKeyUsageCrit : 1;
+#endif /* OPENSSL_EXTRA */
+#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
+ byte extCertPolicyCrit : 1;
+#endif
+
};
#ifdef NO_SHA
- #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE
+ #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#else
- #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
+ #define SIGNER_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#endif
/* CA Signers */
@@ -488,7 +988,11 @@ struct Signer {
word32 pubKeySize;
word32 keyOID; /* key type */
word16 keyUsage;
- byte* publicKey;
+ byte maxPathLen;
+ byte pathLength;
+ byte pathLengthSet : 1;
+ byte selfSigned : 1;
+ const byte* publicKey;
int nameLen;
char* name; /* common name */
#ifndef IGNORE_NAME_CONSTRAINTS
@@ -501,62 +1005,188 @@ struct Signer {
byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
/* sha hash of names in certificate */
#endif
+ #ifdef HAVE_OCSP
+ byte subjectKeyHash[KEYID_SIZE];
+ #endif
+#ifdef WOLFSSL_SIGNER_DER_CERT
+ DerBuffer* derCert;
+#endif
+#ifdef WOLFSSL_RENESAS_TSIP_TLS
+ word32 cm_idx;
+#endif
Signer* next;
};
-/* not for public consumption but may use for testing sometimes */
-#ifdef WOLFSSL_TEST_CERT
- #define WOLFSSL_TEST_API WOLFSSL_API
+#ifdef WOLFSSL_TRUST_PEER_CERT
+/* used for having trusted peer certs rather then CA */
+struct TrustedPeerCert {
+ int nameLen;
+ char* name; /* common name */
+ #ifndef IGNORE_NAME_CONSTRAINTS
+ Base_entry* permittedNames;
+ Base_entry* excludedNames;
+ #endif /* IGNORE_NAME_CONSTRAINTS */
+ byte subjectNameHash[SIGNER_DIGEST_SIZE];
+ /* sha hash of names in certificate */
+ #ifndef NO_SKID
+ byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
+ /* sha hash of names in certificate */
+ #endif
+ word32 sigLen;
+ byte* sig;
+ struct TrustedPeerCert* next;
+};
+#endif /* WOLFSSL_TRUST_PEER_CERT */
+
+
+/* for testing or custom openssl wrappers */
+#if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
+ defined(OPENSSL_EXTRA_X509_SMALL)
+ #define WOLFSSL_ASN_API WOLFSSL_API
#else
- #define WOLFSSL_TEST_API WOLFSSL_LOCAL
+ #define WOLFSSL_ASN_API WOLFSSL_LOCAL
#endif
-WOLFSSL_TEST_API void FreeAltNames(DNS_entry*, void*);
+WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
+
+WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
+ word32* derSz);
+
+WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*);
#ifndef IGNORE_NAME_CONSTRAINTS
- WOLFSSL_TEST_API void FreeNameSubtrees(Base_entry*, void*);
+ WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*);
#endif /* IGNORE_NAME_CONSTRAINTS */
-WOLFSSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
-WOLFSSL_TEST_API void FreeDecodedCert(DecodedCert*);
-WOLFSSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
-
-WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm);
+WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, const byte*, word32, void*);
+WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*);
+WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
+
+WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz,
+ const byte *in, word32 inSz);
+WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
+ const char *in, void* heap);
+WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
+WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
+ void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
+WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
+WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
+WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
WOLFSSL_LOCAL Signer* MakeSigner(void*);
WOLFSSL_LOCAL void FreeSigner(Signer*, void*);
WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*);
-
-
-WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length);
-WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
-
+#ifdef WOLFSSL_TRUST_PEER_CERT
+WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*);
+WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*);
+#endif /* WOLFSSL_TRUST_PEER_CERT */
+
+WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length);
+WOLFSSL_ASN_API int ToTraditional_ex(byte* buffer, word32 length,
+ word32* algId);
+WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx,
+ word32 length);
+WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx,
+ word32 length, word32* algId);
+WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int,
+ word32* algId);
+WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out,
+ word32* outSz, const char* password, int passwordSz, int vPKCS,
+ int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap);
+WOLFSSL_ASN_API int TraditionalEnc(byte* key, word32 keySz, byte* out,
+ word32* outSz, const char* password, int passwordSz, int vPKCS,
+ int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt,
+ WC_RNG* rng, void* heap);
+WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz);
+WOLFSSL_LOCAL int EncryptContent(byte* input, word32 sz, byte* out, word32* outSz,
+ const char* password,int passwordSz, int vPKCS, int vAlgo,
+ byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap);
+WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
+ word32* oidSz, int* algoID, void* heap);
+
+typedef struct tm wolfssl_tm;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
+ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
+#endif
+#if !defined(NO_ASN_TIME) && defined(HAVE_PKCS7)
+WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len);
+#endif
+WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
+ wolfssl_tm* certTime, int* idx);
+WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
+WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
/* ASN.1 helper functions */
+#ifdef WOLFSSL_CERT_GEN
+WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
+#endif
+WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
+ word32 maxIdx);
+WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number,
+ word32 maxIdx);
+
+WOLFSSL_LOCAL const char* GetSigName(int oid);
WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
+WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx, int check);
WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
+WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx, int check);
+WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx);
WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx);
+WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx, int check);
WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
- int* version);
+ int* version, word32 maxIdx);
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
word32 maxIdx);
+#ifdef HAVE_OID_ENCODING
+ WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz,
+ byte* out, word32* outSz);
+#endif
+#ifdef HAVE_OID_DECODING
+ WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz,
+ word16* out, word32* outSz);
+#endif
+WOLFSSL_LOCAL int GetASNObjectId(const byte* input, word32* inOutIdx, int* len,
+ word32 maxIdx);
+WOLFSSL_LOCAL int SetObjectId(int len, byte* output);
+WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
+ word32 oidType, word32 maxIdx);
WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
- word32 maxIdx);
+ word32 oidType, word32 maxIdx);
+WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
+ word32 inputSz);
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len,byte* output);
+#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_DH) \
+ || defined(WOLFSSL_OPENSSH)
+WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz);
+WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz);
+WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
+#endif
+WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
+WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
+WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
-WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output);
+WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
+ word32 outputSz, int maxSnSz);
+WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
+ byte* serial, int* serialSz, word32 maxIdx);
WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
int maxIdx);
+WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der);
+WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
+WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
#ifdef HAVE_ECC
/* ASN sig helpers */
@@ -565,27 +1195,44 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
mp_int* r, mp_int* s);
#endif
+#if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
+WOLFSSL_API int EccEnumToNID(int n);
+#endif
+
+WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId);
+WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx);
+
+#ifndef NO_CERTS
+
+WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info, char** pBuffer,
+ size_t bufSz);
+
+WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
+ DerBuffer** pDer, void* heap, EncryptedInfo* info,
+ int* eccKey);
+WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
+WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
+
+#endif /* !NO_CERTS */
#ifdef WOLFSSL_CERT_GEN
enum cert_enums {
- NAME_ENTRIES = 8,
+#ifdef WOLFSSL_CERT_EXT
+ NAME_ENTRIES = 10,
+#else
+ NAME_ENTRIES = 9,
+#endif
JOINT_LEN = 2,
EMAIL_JOINT_LEN = 9,
+ PILOT_JOINT_LEN = 10,
RSA_KEY = 10,
NTRU_KEY = 11,
- ECC_KEY = 12
+ ECC_KEY = 12,
+ ED25519_KEY = 13,
+ ED448_KEY = 14
};
-#ifndef WOLFSSL_PEMCERT_TODER_DEFINED
-#ifndef NO_FILESYSTEM
-/* forward from wolfSSL */
-WOLFSSL_API
-int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz);
-#define WOLFSSL_PEMCERT_TODER_DEFINED
-#endif
-#endif
-
#endif /* WOLFSSL_CERT_GEN */
@@ -617,6 +1264,13 @@ enum Ocsp_Sums {
OCSP_NONCE_OID = 118
};
+#ifdef OPENSSL_EXTRA
+enum Ocsp_Verify_Error {
+ OCSP_VERIFY_ERROR_NONE = 0,
+ OCSP_BAD_ISSUER = 1
+};
+#endif
+
typedef struct OcspRequest OcspRequest;
typedef struct OcspResponse OcspResponse;
@@ -634,6 +1288,15 @@ struct CertStatus {
byte nextDate[MAX_DATE_SIZE];
byte thisDateFormat;
byte nextDateFormat;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+ WOLFSSL_ASN1_TIME thisDateParsed;
+ WOLFSSL_ASN1_TIME nextDateParsed;
+ byte* thisDateAsn;
+ byte* nextDateAsn;
+#endif
+
+ byte* rawOcspResponse;
+ word32 rawOcspResponseSz;
};
@@ -644,7 +1307,7 @@ struct OcspResponse {
word32 responseSz; /* length of the OCSP Response */
byte producedDate[MAX_DATE_SIZE];
- /* Date at which this response was signed */
+ /* Date at which this response was signed */
byte producedDateFormat; /* format of the producedDate */
byte* issuerHash;
byte* issuerKeyHash;
@@ -663,32 +1326,55 @@ struct OcspResponse {
byte* source; /* pointer to source buffer, not owned */
word32 maxIdx; /* max offset based on init size */
+
+#ifdef OPENSSL_EXTRA
+ int verifyError;
+#endif
};
struct OcspRequest {
- DecodedCert* cert;
+ byte issuerHash[KEYID_SIZE];
+ byte issuerKeyHash[KEYID_SIZE];
+ byte* serial; /* copy of the serial number in source cert */
+ int serialSz;
+#ifdef OPENSSL_EXTRA
+ WOLFSSL_ASN1_INTEGER* serialInt;
+#endif
+ byte* url; /* copy of the extAuthInfo in source cert */
+ int urlSz;
- byte useNonce;
- byte nonce[MAX_OCSP_NONCE_SZ];
- int nonceSz;
+ byte nonce[MAX_OCSP_NONCE_SZ];
+ int nonceSz;
+ void* heap;
+ void* ssl;
+};
- byte* issuerHash; /* pointer to issuerHash in source cert */
- byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */
- byte* serial; /* pointer to serial number in source cert */
- int serialSz; /* length of the serial number */
+typedef struct OcspEntry OcspEntry;
- byte* dest; /* pointer to the destination ASN.1 buffer */
- word32 destSz; /* length of the destination buffer */
-};
+#ifdef NO_SHA
+#define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
+#else
+#define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
+#endif
+struct OcspEntry
+{
+ OcspEntry *next; /* next entry */
+ byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
+ byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
+ CertStatus *status; /* OCSP response list */
+ int totalStatus; /* number on list */
+};
WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
-WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*);
+WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int);
+
+WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*);
+WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*);
+WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32);
+WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32);
-WOLFSSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*,
- byte, byte*, word32);
-WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*);
WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*);
@@ -715,7 +1401,7 @@ struct DecodedCRL {
word32 sigLength; /* length of signature */
word32 signatureOID; /* sum of algorithm object id */
byte* signature; /* pointer into raw source, not owned */
- byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */
+ byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */
byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
byte lastDate[MAX_DATE_SIZE]; /* last date updated */
byte nextDate[MAX_DATE_SIZE]; /* next update date */
@@ -723,9 +1409,19 @@ struct DecodedCRL {
byte nextDateFormat; /* format of next date */
RevokedCert* certs; /* revoked cert list */
int totalCerts; /* number on list */
+ void* heap;
+#ifndef NO_SKID
+ byte extAuthKeyIdSet;
+ byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */
+#endif
};
-WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*);
+WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap);
+WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
+ const byte* toBeSigned, word32 tbsSz,
+ const byte* signature, word32 sigSz,
+ word32 signatureOID, Signer *ca,
+ void* heap);
WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
@@ -738,5 +1434,37 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
#endif
#endif /* !NO_ASN */
-#endif /* WOLF_CRYPT_ASN_H */
+
+#if !defined(NO_ASN) || !defined(NO_PWDBASED)
+
+#ifndef MAX_KEY_SIZE
+ #define MAX_KEY_SIZE 64 /* MAX PKCS Key length */
+#endif
+#ifndef MAX_UNICODE_SZ
+ #define MAX_UNICODE_SZ 256
+#endif
+
+enum PBESTypes {
+ PBE_MD5_DES = 0,
+ PBE_SHA1_RC4_128 = 1,
+ PBE_SHA1_DES = 2,
+ PBE_SHA1_DES3 = 3,
+ PBE_AES256_CBC = 4,
+ PBE_AES128_CBC = 5,
+
+ PBE_SHA1_RC4_128_SUM = 657,
+ PBE_SHA1_DES3_SUM = 659,
+ PBES2 = 13 /* algo ID */
+};
+
+enum PKCSTypes {
+ PKCS5v2 = 6, /* PKCS #5 v2.0 */
+ PKCS12v1 = 12, /* PKCS #12 */
+ PKCS5 = 5, /* PKCS oid tag */
+ PKCS8v0 = 0, /* default PKCS#8 version */
+};
+
+#endif /* !NO_ASN || !NO_PWDBASED */
+
+#endif /* WOLF_CRYPT_ASN_H */
View Lorry Controller Status