Merge pull request #428 from embhorn/certgen_cleanup

lealem47 · web-flow · commit a70760ed82b1 · 2024-03-18T08:27:05.000-06:00
Fix up readme and build issues in certgen examples
diff --git a/certgen/README.md b/certgen/README.md
@@ -1,11 +1,13 @@
 # Certificate Generation and Signing examples
 
 To test the certgen or csr_example example(s) configure wolfssl with
-`./configure --enable-certgen --enable-certreq` or add the defines:
+`./configure --enable-certgen --enable-certreq --enable-keygen`
+or add the defines:
 
 ```
 #define WOLFSSL_CERT_REQ
 #define WOLFSSL_CERT_GEN
+#define WOLFSSL_KEY_GEN
 ```
 
 To test the csr_w_ed25519_example configure wolfssl with:
@@ -156,6 +158,18 @@ Saved CSR PEM to "ed25519-csr.pem"
 
 This example shows how to use a CSR to sign it using a CA cert and key to produce an X.509 certificate.
 
+To test the csr_sign example configure wolfssl with
+`./configure -enable-certreq --enable-certgen --enable-ecc --enable-certext CFLAGS=-DOPENSSL_EXTRA_X509_SMALL`
+or add the defines:
+
+```
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define WOLFSSL_KEY_GEN
+#define WOLFSSL_CERT_EXT
+#define OPENSSL_EXTRA_X509_SMALL
+```
+
 ```
 % ./csr_sign ecc-csr.pem ca-ecc-cert.der ca-ecc-key.der
 Loading CA certificate
@@ -348,7 +362,7 @@ Tested with these wolfSSL build options:
 
 ```sh
 ./autogen.sh  # If cloned from GitHub
-./configure --enable-asn=template --enable-certreq --enable-keygen --enable-certgen --enable-certext CFLAGS="-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DHAVE_OID_ENCODING -DWOLFSSL_CUSTOM_OID -DWOLFSSL_CERT_EXT"
+./configure --enable-certreq --enable-certext --enable-keygen --enable-certgen --enable-certext CFLAGS="-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DHAVE_OID_ENCODING -DWOLFSSL_CUSTOM_OID"
 make
 make check
 sudo make install
diff --git a/certgen/certgen_ca_example.c b/certgen/certgen_ca_example.c
@@ -28,15 +28,16 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/wc_port.h>
 
+#if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \
+    defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC)
+
 #ifdef WOLFSSL_CAAM
     #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
     static int devId = WOLFSSL_CAAM_DEVID;
 #else
     static int devId = INVALID_DEVID;
 #endif
 
-#if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \
-    defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC)
 
 #define HEAP_HINT NULL
 #define LARGE_TEMP_SZ 4096
diff --git a/certgen/csr_sign.c b/certgen/csr_sign.c
@@ -34,7 +34,7 @@
 #endif
 
 #if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \
-    defined(HAVE_ECC)
+    defined(HAVE_ECC) && defined(WOLFSSL_CERT_EXT)
 
 #define HEAP_HINT NULL
 #define LARGE_TEMP_SZ 4096
@@ -358,9 +358,9 @@ static int do_csrsign(int argc, char** argv)
 int main(int argc, char** argv)
 {
 #if !defined(WOLFSSL_CERT_REQ) || !defined(WOLFSSL_CERT_GEN) || \
-    !defined(HAVE_ECC)
+    !defined(HAVE_ECC) || !defined(WOLFSSL_CERT_EXT)
     printf("Please compile wolfSSL with --enable-certreq --enable-certgen "
-           "--enable-ecc CFLAGS=-DOPENSSL_EXTRA_X509_SMALL\n");
+           "--enable-ecc --enable-certext CFLAGS=-DOPENSSL_EXTRA_X509_SMALL\n");
     return 0;
 #else
     if (argc != 4) {
diff --git a/certgen/custom_ext.c b/certgen/custom_ext.c
@@ -250,9 +250,9 @@ int main(int argc, char** argv)
 
 int main(int argc, char** argv)
 {
-    printf("Please compile wolfSSL with --enable-asn=template --enable-certgen "
-           "--enable-keygen CFLAGS=\"-DWOLFSSL_CUSTOM_OID -DHAVE_OID_ENCODING "
-           "-DWOLFSSL_CERT_EXT\"");
+    printf("Please configure wolfSSL with --enable-certgen --enable-certext "
+           "--enable-keygen CFLAGS=\"-DWOLFSSL_CUSTOM_OID "
+           "-DHAVE_OID_ENCODING\"\n");
     return 0;
 }
 
diff --git a/certgen/custom_ext_callback.c b/certgen/custom_ext_callback.c
@@ -143,7 +143,10 @@ static void check_ret(char* call, int ret)
 
 int main(void)
 {
-    printf("Not compiled in: Build wolfSSL using ./configure --enable-asn=template  --enable-certreq --enable-certgen CFLAGS=\"-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DWOLFSSL_CUSTOM_OID -DWOLFSSL_CERT_EXT\"\n");
+    printf("Not compiled in: Configure wolfSSL using ./configure"
+           "--enable-certreq --enable-certgen --enable-certext "
+           "CFLAGS=\"-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING "
+           "-DWOLFSSL_CUSTOM_OID \"\n");
     return 0;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -250,9 +250,9 @@ int main(int argc, char** argv)`
`250`	`250`
`251`	`251`	`int main(int argc, char** argv)`
`252`	`252`	`{`
`253`		`- printf("Please compile wolfSSL with --enable-asn=template --enable-certgen "`
`254`		`- "--enable-keygen CFLAGS=\"-DWOLFSSL_CUSTOM_OID -DHAVE_OID_ENCODING "`
`255`		`- "-DWOLFSSL_CERT_EXT\"");`
	`253`	`+ printf("Please configure wolfSSL with --enable-certgen --enable-certext "`
	`254`	`+ "--enable-keygen CFLAGS=\"-DWOLFSSL_CUSTOM_OID "`
	`255`	`+ "-DHAVE_OID_ENCODING\"\n");`
`256`	`256`	`return 0;`
`257`	`257`	`}`
`258`	`258`
Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,10 @@ static void check_ret(char* call, int ret)`
`143`	`143`
`144`	`144`	`int main(void)`
`145`	`145`	`{`
`146`		`- printf("Not compiled in: Build wolfSSL using ./configure --enable-asn=template --enable-certreq --enable-certgen CFLAGS=\"-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DWOLFSSL_CUSTOM_OID -DWOLFSSL_CERT_EXT\"\n");`
	`146`	`+ printf("Not compiled in: Configure wolfSSL using ./configure"`
	`147`	`+ "--enable-certreq --enable-certgen --enable-certext "`
	`148`	`+ "CFLAGS=\"-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING "`
	`149`	`+ "-DWOLFSSL_CUSTOM_OID \"\n");`
`147`	`150`	`return 0;`
`148`	`151`	`}`
`149`	`152`