Speculative fix for build issues in CI. Will combine with previous commit upon success

Author: padelsbach

src/crl.c

@@ -237,14 +237,6 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)
     XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY);
 #endif
 #if defined(OPENSSL_EXTRA)
-    if (crle->sigBits != NULL) {
-        wolfSSL_ASN1_BIT_STRING_free(crle->sigBits);
-        crle->sigBits = NULL;
-    }
-    if (crle->sigAlgor != NULL) {
-        wolfSSL_X509_ALGOR_free(crle->sigAlgor);
-        crle->sigAlgor = NULL;
-    }
     if (crle->issuer != NULL) {
         FreeX509Name(crle->issuer);
         XFREE(crle->issuer, heap, DYNAMIC_TYPE_X509);

src/pk.c

@@ -127,7 +127,7 @@ static int pem_mem_to_der(const char* pem, int pemSz, wc_pem_password_cb* cb,
 }
 #endif
 
-#if !defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)
+#if defined(OPENSSL_EXTRA) && (!defined(NO_RSA) || !defined(WOLFCRYPT_ONLY))
 #ifndef NO_BIO
 /* Read PEM data from a BIO and decode to DER in a new buffer.
  *
@@ -306,9 +306,10 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
 #endif
 #endif
 
-#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
+#if defined(OPENSSL_EXTRA) && \
+    ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
      (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
-     (defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN))
+     (defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN)))
 #if !defined(NO_FILESYSTEM)
 /* Write the DER data as PEM into file pointer.
  *
@@ -342,7 +343,8 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
 #endif
 #endif
 
-#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
+    defined(WOLFSSL_PEM_TO_DER)
 /* Encrypt private key into PEM format.
  *
  * DER is encrypted in place.
@@ -464,10 +466,10 @@ int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher,
     WC_FREE_VAR_EX(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
     return ret == 0;
 }
-#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
+#endif /* OPENSSL_EXTRA && WOLFSSL_KEY_GEN && WOLFSSL_PEM_TO_DER */
 
 
-#if defined(WOLFSSL_KEY_GEN) && \
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
     (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \
     (!defined(NO_RSA) || defined(HAVE_ECC))
 /* Encrypt the DER in PEM format.
@@ -696,7 +698,8 @@ static int pk_bn_field_print_fp(XFILE fp, int indent, const char* field,
 #endif /* !NO_CERTS && XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM &&
         * (!NO_DSA || !NO_RSA || HAVE_ECC) */
 
-#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA)
+#if defined(OPENSSL_EXTRA) && defined(XSNPRINTF) && !defined(NO_BIO) && \
+    !defined(NO_RSA)
 /* snprintf() must be available */
 
 /* Maximum number of extra indent spaces on each line. */
@@ -905,7 +908,7 @@ static int wolfssl_print_number(WOLFSSL_BIO* bio, mp_int* num, const char* name,
     return ret;
 }
 
-#endif /* XSNPRINTF && !NO_BIO && !NO_RSA */
+#endif /* OPENSSL_EXTRA && XSNPRINTF && !NO_BIO && !NO_RSA */
 
 #endif /* OPENSSL_EXTRA */
 

src/ssl.c

@@ -16301,7 +16301,7 @@ void wolfSSL_set_dynlock_destroy_callback(
 
 #endif /* OPENSSL_EXTRA */
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#ifdef OPENSSL_EXTRA
 #ifndef NO_CERTS
 
 #if !defined(NO_ASN) && !defined(NO_PWDBASED)
@@ -16490,7 +16490,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
 #endif /* !NO_ASN && !NO_PWDBASED */
 
 #endif /* !NO_CERTS */
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
+#endif /* OPENSSL_EXTRA */
 
 #ifdef OPENSSL_EXTRA
 

src/ssl_asn1.c

@@ -4550,7 +4550,8 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
  * ASN1_TYPE APIs
  ******************************************************************************/
 
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
 
 /**
  * Allocate a new ASN.1 TYPE object.
@@ -4624,6 +4625,11 @@ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
     XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL ||
+          WOLFSSL_WPAS_SMALL */
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+
 int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp)
 {
     int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
@@ -4659,11 +4665,10 @@ int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp)
     return ret;
 }
 
-#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
-    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS) || \
-    defined(WOLFSSL_WPAS_SMALL)
+    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
 /**
  * Set ASN.1 TYPE object with a type and value.
  *
@@ -4725,7 +4730,8 @@ int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a)
     return 0;
 }
 
-#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS */
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL ||
+          WOLFSSL_WPAS_SMALL */
 
 #endif /* !NO_ASN */
 

src/x509.c

@@ -9403,79 +9403,27 @@ int wolfSSL_X509_CRL_set_signature_nid(WOLFSSL_X509_CRL* crl, int nid)
 /* Retrieve signature from CRL
  * return WOLFSSL_SUCCESS on success and negative values on failure
  */
-void wolfSSL_X509_CRL_get_signature(const WOLFSSL_X509_CRL* crl,
-    const WOLFSSL_ASN1_BIT_STRING **psig, const WOLFSSL_X509_ALGOR **palg)
+int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl,
+    unsigned char* buf, int* bufSz)
 {
-    CRL_Entry* entry;
-    WOLFSSL_ASN1_BIT_STRING* bitStr;
-    WOLFSSL_X509_ALGOR* algor;
-    int nid;
-
     WOLFSSL_ENTER("wolfSSL_X509_CRL_get_signature");
 
-    if (psig) {
-        *psig = NULL;
-    }
-    if (palg) {
-        *palg = NULL;
-    }
-
     if (crl == NULL || crl->crlList == NULL ||
-        crl->crlList->signature == NULL || crl->crlList->signatureSz == 0) {
-        return;
-    }
-
-    entry = ((WOLFSSL_X509_CRL*)crl)->crlList;
+        crl->crlList->signature == NULL || bufSz == NULL)
+        return BAD_FUNC_ARG;
 
-    if (psig) {
-        bitStr = entry->sigBits;
-        if (bitStr == NULL) {
-            bitStr = wolfSSL_ASN1_BIT_STRING_new();
-            if (bitStr == NULL) {
-                return;
-            }
-            entry->sigBits = bitStr;
+    if (buf != NULL) {
+        if (*bufSz < (int)crl->crlList->signatureSz) {
+            WOLFSSL_MSG("Signature buffer too small");
+            return BUFFER_E;
         }
-
-        if (bitStr->data == NULL || bitStr->length != (int)entry->signatureSz) {
-            XFREE(bitStr->data, NULL, DYNAMIC_TYPE_OPENSSL);
-            bitStr->data = (byte*)XMALLOC(entry->signatureSz, NULL,
-                                          DYNAMIC_TYPE_OPENSSL);
-            if (bitStr->data == NULL) {
-                bitStr->length = 0;
-                return;
-            }
+        else {
+            XMEMCPY(buf, crl->crlList->signature, crl->crlList->signatureSz);
         }
-        XMEMCPY(bitStr->data, entry->signature, entry->signatureSz);
-        bitStr->length = (int)entry->signatureSz;
-        bitStr->type = WOLFSSL_V_ASN1_BIT_STRING;
-        bitStr->flags = 0;
-
-        *psig = bitStr;
     }
+    *bufSz = (int)crl->crlList->signatureSz;
 
-    if (palg) {
-        nid = oid2nid(entry->signatureOID, oidSigType);
-        algor = entry->sigAlgor;
-        if (algor == NULL ||
-            (algor->algorithm != NULL &&
-             wolfSSL_OBJ_obj2nid(algor->algorithm) != nid)) {
-            if (algor != NULL) {
-                wolfSSL_X509_ALGOR_free(algor);
-            }
-            algor = wolfSSL_X509_ALGOR_new();
-            if (algor == NULL) {
-                return;
-            }
-            if (wolfSSL_X509_ALGOR_set0(algor, wolfSSL_OBJ_nid2obj(nid),
-                    WOLFSSL_V_ASN1_NULL, NULL) != WOLFSSL_SUCCESS) {
-                wolfSSL_X509_ALGOR_free(algor);
-                return;
-            }
-            entry->sigAlgor = algor;
-        }
-        *palg = algor;
-    }
+    return WOLFSSL_SUCCESS;
 }
 
 int wolfSSL_X509_CRL_set_signature(WOLFSSL_X509_CRL* crl,
@@ -9507,12 +9455,6 @@ int wolfSSL_X509_CRL_set_signature(WOLFSSL_X509_CRL* crl,
 
     XMEMCPY(crl->crlList->signature, buf, bufSz);
     crl->crlList->signatureSz = (word32)bufSz;
-#if defined(OPENSSL_EXTRA)
-    if (crl->crlList->sigBits != NULL) {
-        wolfSSL_ASN1_BIT_STRING_free(crl->crlList->sigBits);
-        crl->crlList->sigBits = NULL;
-    }
-#endif
     return WOLFSSL_SUCCESS;
 }
 
@@ -9592,17 +9534,34 @@ static int X509RevokedPrintSerial(WOLFSSL_BIO* bio, RevokedCert* rev,
 static int X509CRLPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
         int algOnly, int indent)
 {
-    const WOLFSSL_ASN1_BIT_STRING* sig = NULL;
-    int sigNid = wolfSSL_X509_CRL_get_signature_nid(crl);
+    int sigSz = 0;
 
-    wolfSSL_X509_CRL_get_signature(crl, &sig, NULL);
-    if (sig == NULL || sig->data == NULL || sig->length <= 0) {
+    if (wolfSSL_X509_CRL_get_signature(crl, NULL, &sigSz) <= 0) {
         return WOLFSSL_FAILURE;
     }
 
-    if (X509PrintSignature_ex(bio, sig->data, sig->length, sigNid,
-            algOnly, indent) != WOLFSSL_SUCCESS) {
-        return WOLFSSL_FAILURE;
+    if (sigSz > 0) {
+        unsigned char* sig;
+        int sigNid = wolfSSL_X509_CRL_get_signature_nid(crl);
+
+        sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (sig == NULL) {
+            return WOLFSSL_FAILURE;
+        }
+
+        if (wolfSSL_X509_CRL_get_signature(crl, sig, &sigSz) <= 0) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return WOLFSSL_FAILURE;
+        }
+
+        if (X509PrintSignature_ex(bio, sig, sigSz, sigNid, algOnly, indent)
+                != WOLFSSL_SUCCESS) {
+            XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return WOLFSSL_FAILURE;
+        }
+
+        XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
     }
 
     return WOLFSSL_SUCCESS;
@@ -10666,8 +10625,8 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 
 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
-    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_APACHE_HTTPD) || \
-    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
+    defined(WOLFSSL_APACHE_HTTPD) || defined(WOLFSSL_HAPROXY) || \
+    defined(WOLFSSL_WPAS)
 WOLFSSL_X509_ALGOR* wolfSSL_X509_ALGOR_new(void)
 {
     WOLFSSL_X509_ALGOR* ret;
@@ -11082,10 +11041,11 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
     return WOLFSSL_FAILURE;
 }
 
-#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY ||
-        * WOLFSSL_WPAS */
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_APACHE_HTTPD ||
+        * WOLFSSL_HAPROXY || WOLFSSL_WPAS */
 
-#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN) && \
+    !defined(NO_PWDBASED)
 
 int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey,
     unsigned char** der)
@@ -11095,9 +11055,9 @@ int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey,
     return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der);
 }
 
-#endif /* !NO_CERTS && !NO_ASN && !NO_PWDBASED */
+#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED */
 
-#endif /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void)

tests/api.c

@@ -20212,16 +20212,15 @@ static int test_sk_X509_CRL_decode(void)
     ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(NULL), 0);
     ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(&empty), 0);
     {
-        const WOLFSSL_ASN1_BIT_STRING* sig = NULL;
-        const WOLFSSL_X509_ALGOR* sigAlg = NULL;
-        wolfSSL_X509_CRL_get_signature(NULL, NULL, NULL);
-        wolfSSL_X509_CRL_get_signature(crl, NULL, NULL);
-        wolfSSL_X509_CRL_get_signature(NULL, &sig, &sigAlg);
-        ExpectNull(sig);
-        ExpectNull(sigAlg);
-        wolfSSL_X509_CRL_get_signature(&empty, &sig, &sigAlg);
-        ExpectNull(sig);
-        ExpectNull(sigAlg);
+        int sigSz = 0;
+        ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, NULL),
+            BAD_FUNC_ARG);
+        ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, NULL, NULL),
+            BAD_FUNC_ARG);
+        ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, &sigSz),
+            BAD_FUNC_ARG);
+        ExpectIntEQ(wolfSSL_X509_CRL_get_signature(&empty, NULL, &sigSz),
+            BAD_FUNC_ARG);
     }
     ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, NULL),
         BAD_FUNC_ARG);
@@ -20240,13 +20239,10 @@ static int test_sk_X509_CRL_decode(void)
     ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(crl),
         WC_NID_sha256WithRSAEncryption);
     {
-        const WOLFSSL_ASN1_BIT_STRING* sig = NULL;
-        const WOLFSSL_X509_ALGOR* sigAlg = NULL;
-        wolfSSL_X509_CRL_get_signature(crl, &sig, &sigAlg);
-        ExpectNotNull(sig);
-        ExpectNotNull(sig->data);
-        ExpectIntEQ(sig->length, 256);
-        ExpectNotNull(sigAlg);
+        int sigSz = 0;
+        ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, NULL, &sigSz),
+            WOLFSSL_SUCCESS);
+        ExpectIntEQ(sigSz, 256);
     }
     ExpectNotNull(wolfSSL_X509_CRL_get_lastUpdate(crl));
     ExpectNotNull(wolfSSL_X509_CRL_get_nextUpdate(crl));

wolfssl/internal.h

@@ -2503,8 +2503,6 @@ struct CRL_Entry {
     byte*   signature;
 #if defined(OPENSSL_EXTRA)
     WOLFSSL_X509_NAME*    issuer;     /* X509_NAME type issuer */
-    WOLFSSL_ASN1_BIT_STRING* sigBits; /* cached signature bit string */
-    WOLFSSL_X509_ALGOR*   sigAlgor;   /* cached signature algorithm */
 #endif
     CRL_Entry* next;                      /* next entry */
     wolfSSL_Mutex verifyMutex;