diff --git a/configure.ac b/configure.ac index 36fcc6d19..09691bf55 100644 --- a/configure.ac +++ b/configure.ac @@ -4377,49 +4377,49 @@ if test "$ENABLED_WPAS" = "yes" then ENABLED_STUNNEL="yes" fi +# stunnel support requires all the features enabled within this conditional. if test "$ENABLED_STUNNEL" = "yes" then - # Requires opensslextra make sure on if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then ENABLED_OPENSSLEXTRA="yes" AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" fi - # Requires OCSP make sure on + if test "x$ENABLED_SESSION_TICKET" = "xno" + then + ENABLED_SESSION_TICKET="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_SESSION_TICKET" + fi + if test "x$ENABLED_OCSP" = "xno" then ENABLED_OCSP="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" fi - # Requires coding make sure on if test "x$ENABLED_CODING" = "xno" then ENABLED_CODING="yes" fi - # Requires sessioncerts make sure on if test "x$ENABLED_SESSIONCERTS" = "xno" then ENABLED_SESSIONCERTS="yes" AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" fi - # Requires crls, make sure on if test "x$ENABLED_CRL" = "xno" then ENABLED_CRL="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" fi - # Requires DES3, make sure on if test "x$ENABLED_DES3" = "xno" then ENABLED_DES3="yes" fi - # Requires tlsx, make sure on if test "x$ENABLED_TLSX" = "xno" then ENABLED_TLSX="yes" @@ -4431,7 +4431,6 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) fi - # Requires ecc make sure on if test "x$ENABLED_ECC" = "xno" then ENABLED_OPENSSLEXTRA="yes" @@ -4444,14 +4443,12 @@ then fi fi - # Requires wolfSSL_OBJ_txt2nid if test "x$ENABLED_CERTEXT" = "xno" then ENABLED_CERTEXT="yes" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" fi - # Requires certgen if test "x$ENABLED_CERTGEN" = "xno" then ENABLED_CERTGEN="yes" @@ -4460,7 +4457,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DWOLFSSL_SIGNER_DER_CERT" fi if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \ diff --git a/src/ssl.c b/src/ssl.c index d74709e1c..54a7ad8bf 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3899,6 +3899,83 @@ error: return NULL; } + +WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( + WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_NAME* name) +{ + WOLF_STACK_OF(WOLFSSL_X509)* ret = NULL; + int err = 0; + WOLFSSL_X509_STORE* store = NULL; + WOLFSSL_STACK* sk = NULL; + WOLFSSL_STACK* certToFilter = NULL; + WOLFSSL_X509_NAME* certToFilterName = NULL; + WOLF_STACK_OF(WOLFSSL_X509)* filteredCerts = NULL; + WOLFSSL_X509* filteredCert = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs"); + + if (name == NULL) { + err = 1; + } + + if (err == 0) { + store = wolfSSL_X509_STORE_CTX_get0_store(ctx); + if (store == NULL) { + err = 1; + } + } + + if (err == 0) { + filteredCerts = wolfSSL_sk_X509_new(); + if (filteredCerts == NULL) { + err = 1; + } + } + + if (err == 0) { + sk = wolfSSL_CertManagerGetCerts(store->cm); + if (sk == NULL) { + err = 1; + } + } + + if (err == 0) { + certToFilter = sk; + while (certToFilter != NULL) { + certToFilterName = wolfSSL_X509_get_subject_name( + certToFilter->data.x509); + if (certToFilterName != NULL) { + if (wolfSSL_X509_NAME_cmp(certToFilterName, name) == 0) { + filteredCert = wolfSSL_X509_dup(certToFilter->data.x509); + if (filteredCert == NULL) { + err = 1; + break; + } + else { + wolfSSL_sk_X509_push(filteredCerts, filteredCert); + } + } + } + certToFilter = certToFilter->next; + } + } + + if (err == 1) { + if (filteredCerts != NULL) { + wolfSSL_sk_X509_free(filteredCerts); + } + ret = NULL; + } + else { + ret = filteredCerts; + } + + if (sk != NULL) { + wolfSSL_sk_X509_free(sk); + } + + return ret; +} #endif /* WOLFSSL_SIGNER_DER_CERT */ /****************************************************************************** @@ -35326,6 +35403,61 @@ void *wolfSSL_OPENSSL_malloc(size_t a) return (void *)XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL); } +int wolfSSL_OPENSSL_hexchar2int(unsigned char c) +{ + int ret = -1; + + if ('0' <= c && c <= '9') { + ret = c - '0'; + } + else if ('a' <= c && c <= 'f') { + ret = c - 'a' + 0x0a; + } + else if ('A' <= c && c <= 'F') { + ret = c - 'A' + 0x0a; + } + + return ret; +} + +unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len) +{ + unsigned char* targetBuf; + int srcDigitHigh = 0; + int srcDigitLow = 0; + size_t srcLen; + size_t srcIdx = 0; + long targetIdx = 0; + + srcLen = XSTRLEN(str); + targetBuf = (unsigned char*)XMALLOC(srcLen / 2, NULL, DYNAMIC_TYPE_OPENSSL); + if (targetBuf == NULL) { + return NULL; + } + + while (srcIdx < srcLen) { + if (str[srcIdx] == ':') { + srcIdx++; + continue; + } + + srcDigitHigh = wolfSSL_OPENSSL_hexchar2int(str[srcIdx++]); + srcDigitLow = wolfSSL_OPENSSL_hexchar2int(str[srcIdx++]); + if (srcDigitHigh < 0 || srcDigitLow < 0) { + WOLFSSL_MSG("Invalid hex character."); + XFREE(targetBuf, NULL, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + + targetBuf[targetIdx++] = (unsigned char)((srcDigitHigh << 4) | srcDigitLow); + } + + if (len != NULL) + *len = targetIdx; + + return targetBuf; +} + int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings) { (void)opts; @@ -47284,18 +47416,7 @@ void wolfSSL_THREADID_set_numeric(void* id, unsigned long val) } #endif - #ifndef NO_WOLFSSL_STUB -WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( - WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_NAME* name) -{ - WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs"); - WOLFSSL_STUB("X509_STORE_get1_certs"); - (void)ctx; - (void)name; - return NULL; -} - WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( WOLFSSL_X509_STORE* store) { @@ -48552,7 +48673,10 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) } return suites->stack; } +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(HAVE_STUNNEL) #ifndef NO_WOLFSSL_STUB void wolfSSL_OPENSSL_config(char *config_name) { @@ -48560,7 +48684,7 @@ void wolfSSL_OPENSSL_config(char *config_name) WOLFSSL_STUB("OPENSSL_config"); } #endif /* !NO_WOLFSSL_STUB */ -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_STUNNEL*/ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) @@ -48724,6 +48848,60 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, } #endif +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) +int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen, + unsigned int flags) +{ + WOLFSSL_X509_NAME *subjName; + int emailLen; + char *emailBuf; + + (void)flags; + + WOLFSSL_ENTER("wolfSSL_X509_check_email"); + + if ((x == NULL) || (chk == NULL)) { + WOLFSSL_MSG("Invalid parameter"); + return WOLFSSL_FAILURE; + } + + subjName = wolfSSL_X509_get_subject_name(x); + if (subjName == NULL) + return WOLFSSL_FAILURE; + + /* Call with NULL buffer to get required length. */ + emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress, + NULL, 0); + if (emailLen < 0) + return WOLFSSL_FAILURE; + + ++emailLen; /* Add 1 for the NUL. */ + + emailBuf = (char*)XMALLOC(emailLen, x->heap, DYNAMIC_TYPE_OPENSSL); + if (emailBuf == NULL) + return WOLFSSL_FAILURE; + + emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress, + emailBuf, emailLen); + if (emailLen < 0) { + XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL); + return WOLFSSL_FAILURE; + } + + if (chkLen == 0) + chkLen = XSTRLEN(chk); + + if (chkLen != (size_t)emailLen + || XSTRNCMP(chk, emailBuf, chkLen)) { + XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL); + return WOLFSSL_FAILURE; + } + + XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL); + return WOLFSSL_SUCCESS; +} +#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ + #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) diff --git a/tests/api.c b/tests/api.c index c66fb5663..dac6cfb86 100644 --- a/tests/api.c +++ b/tests/api.c @@ -25868,6 +25868,41 @@ static void test_wolfSSL_X509_check_host(void) #endif } +static void test_wolfSSL_X509_check_email(void) +{ +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) + X509* x509; + const char goodEmail[] = "info@wolfssl.com"; + const char badEmail[] = "disinfo@wolfssl.com"; + + printf(testingFmt, "wolfSSL_X509_check_email()"); + + AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + + /* Should fail on non-matching email address */ + AssertIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0), + WOLFSSL_FAILURE); + /* Should succeed on matching email address */ + AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0), + WOLFSSL_SUCCESS); + /* Should compute length internally when not provided */ + AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0), + WOLFSSL_SUCCESS); + /* Should fail when email address is NULL */ + AssertIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), + WOLFSSL_FAILURE); + + X509_free(x509); + + /* Should fail when x509 is NULL */ + AssertIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0), + WOLFSSL_FAILURE); + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ +} + static void test_wolfSSL_DES(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) @@ -34433,6 +34468,57 @@ static void test_wolfSSL_OpenSSL_add_all_algorithms(void){ #endif } +static void test_wolfSSL_OPENSSL_hexstr2buf(void) +{ +#if defined(OPENSSL_EXTRA) + struct Output { + const unsigned char* buffer; + long ret; + }; + enum { NUM_CASES = 5 }; + int i; + int j; + + const char* inputs[NUM_CASES] = { + "aabcd1357e", + "01:12:23:34:a5:b6:c7:d8:e9", + ":01:02", + "012", + ":ab:ac:d" + }; + struct Output expectedOutputs[NUM_CASES] = { + {(const unsigned char []){0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5}, + {(const unsigned char []){0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7, + 0xd8, 0xe9}, 9}, + {(const unsigned char []){0x01, 0x02}, 2}, + {NULL, 0}, + {NULL, 0} + }; + long len = 0; + unsigned char* returnedBuf = NULL; + + printf(testingFmt, "test_wolfSSL_OPENSSL_hexstr2buf()"); + + for (i = 0; i < NUM_CASES; ++i) { + returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len); + + if (returnedBuf == NULL) { + AssertNull(expectedOutputs[i].buffer); + continue; + } + + AssertIntEQ(expectedOutputs[i].ret, len); + + for (j = 0; j < len; ++j) { + AssertIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]); + } + OPENSSL_free(returnedBuf); + } + + printf(resultFmt, passed); +#endif +} + static void test_wolfSSL_ASN1_STRING_print_ex(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) #ifndef NO_BIO @@ -40964,6 +41050,57 @@ static void test_wolfSSL_ASN1_INTEGER_set(void) #endif } +static void test_wolfSSL_X509_STORE_get1_certs(void) +{ +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ + !defined(NO_FILESYSTEM) + X509_STORE_CTX *storeCtx; + X509_STORE *store; + X509 *caX509; + X509 *svrX509; + X509_NAME *subject; + WOLF_STACK_OF(WOLFSSL_X509) *certs; + + printf(testingFmt, "wolfSSL_X509_STORE_get1_certs()"); + + AssertNotNull(caX509 = + X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)); + AssertNotNull((svrX509 = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + AssertNotNull(storeCtx = X509_STORE_CTX_new()); + AssertNotNull(store = X509_STORE_new()); + AssertNotNull(subject = X509_get_subject_name(caX509)); + + /* Errors */ + AssertNull(X509_STORE_get1_certs(storeCtx, subject)); + AssertNull(X509_STORE_get1_certs(NULL, subject)); + AssertNull(X509_STORE_get1_certs(storeCtx, NULL)); + + AssertIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS); + AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), SSL_SUCCESS); + + /* Should find the cert */ + AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); + AssertIntEQ(1, wolfSSL_sk_X509_num(certs)); + + sk_X509_free(certs); + + /* Should not find the cert */ + AssertNotNull(subject = X509_get_subject_name(svrX509)); + AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); + AssertIntEQ(0, wolfSSL_sk_X509_num(certs)); + + sk_X509_free(certs); + + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(svrX509); + X509_free(caX509); + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ +} + /* Testing code used in dpp.c in hostap */ #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) typedef struct { @@ -42300,6 +42437,7 @@ void ApiTest(void) test_wolfSSL_X509_subject_name_hash(); test_wolfSSL_X509_issuer_name_hash(); test_wolfSSL_X509_check_host(); + test_wolfSSL_X509_check_email(); test_wolfSSL_DES(); test_wolfSSL_certs(); test_wolfSSL_X509_check_private_key(); @@ -42451,8 +42589,10 @@ void ApiTest(void) test_wolfSSL_PEM_X509_INFO_read_bio(); test_wolfSSL_PEM_read_bio_ECPKParameters(); #endif + test_wolfSSL_X509_STORE_get1_certs(); test_wolfSSL_X509_NAME_ENTRY_get_object(); test_wolfSSL_OpenSSL_add_all_algorithms(); + test_wolfSSL_OPENSSL_hexstr2buf(); test_wolfSSL_ASN1_STRING_print_ex(); test_wolfSSL_ASN1_TIME_to_generalizedtime(); test_wolfSSL_ASN1_INTEGER_set(); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 8f3041170..8d268ebe2 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -3410,6 +3410,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #endif /* !NO_MD5 */ +#ifndef NO_WOLFSSL_STUB + void wolfSSL_EVP_set_pw_prompt(const char *prompt) + { + (void)prompt; + WOLFSSL_STUB("EVP_set_pw_prompt"); + } +#endif + #ifndef NO_WOLFSSL_STUB const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void) { diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index dc8fdf614..467938e17 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -46,6 +46,8 @@ WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void); #ifdef OPENSSL_EXTRA WOLFSSL_API void wolfSSL_OPENSSL_free(void*); WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); +WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c); +WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len); WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings); #endif @@ -75,6 +77,8 @@ typedef struct crypto_threadid_st CRYPTO_THREADID; #define OPENSSL_free wolfSSL_OPENSSL_free #define OPENSSL_malloc wolfSSL_OPENSSL_malloc +#define OPENSSL_hexchar2int wolfSSL_OPENSSL_hexchar2int +#define OPENSSL_hexstr2buf wolfSSL_OPENSSL_hexstr2buf #define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0x00000001L #define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L @@ -104,6 +108,13 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i #define CRYPTO_THREAD_r_lock wc_LockMutex #define CRYPTO_THREAD_unlock wc_UnLockMutex +#define CRYPTO_THREAD_lock_new wc_InitAndAllocMutex +#define CRYPTO_THREAD_read_lock wc_LockMutex +#define CRYPTO_THREAD_write_lock wc_LockMutex +#define CRYPTO_THREAD_lock_free wc_FreeMutex + +#define CRYPTO_set_ex_data wolfSSL_CRYPTO_set_ex_data + #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */ #endif /* header */ diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 118553c88..e95cf5771 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -81,6 +81,7 @@ typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO; #ifndef NO_MD5 WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void); #endif +WOLFSSL_API void wolfSSL_EVP_set_pw_prompt(const char *); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void); @@ -675,14 +676,15 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #ifndef NO_MD5 #define EVP_md5 wolfSSL_EVP_md5 #endif -#define EVP_sha1 wolfSSL_EVP_sha1 -#define EVP_mdc2 wolfSSL_EVP_mdc2 -#define EVP_dds1 wolfSSL_EVP_sha1 -#define EVP_sha224 wolfSSL_EVP_sha224 -#define EVP_sha256 wolfSSL_EVP_sha256 -#define EVP_sha384 wolfSSL_EVP_sha384 -#define EVP_sha512 wolfSSL_EVP_sha512 -#define EVP_ripemd160 wolfSSL_EVP_ripemd160 +#define EVP_sha1 wolfSSL_EVP_sha1 +#define EVP_mdc2 wolfSSL_EVP_mdc2 +#define EVP_dds1 wolfSSL_EVP_sha1 +#define EVP_sha224 wolfSSL_EVP_sha224 +#define EVP_sha256 wolfSSL_EVP_sha256 +#define EVP_sha384 wolfSSL_EVP_sha384 +#define EVP_sha512 wolfSSL_EVP_sha512 +#define EVP_ripemd160 wolfSSL_EVP_ripemd160 +#define EVP_set_pw_prompt wolfSSL_EVP_set_pw_prompt #define EVP_sha3_224 wolfSSL_EVP_sha3_224 #define EVP_sha3_256 wolfSSL_EVP_sha3_256 diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index bdbd9df91..427de6298 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -466,6 +466,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_REQ_check_private_key wolfSSL_X509_check_private_key #define X509_check_ca wolfSSL_X509_check_ca #define X509_check_host wolfSSL_X509_check_host +#define X509_check_email wolfSSL_X509_check_email #define X509_check_ip_asc wolfSSL_X509_check_ip_asc #define X509_email_free wolfSSL_X509_email_free #define X509_check_issued wolfSSL_X509_check_issued @@ -1236,7 +1237,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ - defined(HAVE_LIGHTY) + defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) #include diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 6c608cd0d..7b9f13ebd 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2962,9 +2962,12 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API int wolfSSL_CertManagerDisableOCSPMustStaple( WOLFSSL_CERT_MANAGER* cm); -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ + !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm); -#endif +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( + WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); +#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int); @@ -3289,6 +3292,21 @@ WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl); #endif +#if defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) + + /* Needed by session ticket stuff below */ + #ifndef WOLFSSL_AES_KEY_SIZE_ENUM + #define WOLFSSL_AES_KEY_SIZE_ENUM + enum SSL_Misc { + AES_IV_SIZE = 16, + AES_128_KEY_SIZE = 16, + AES_192_KEY_SIZE = 24, + AES_256_KEY_SIZE = 32 + }; + #endif +#endif + /* Session Ticket */ #ifdef HAVE_SESSION_TICKET @@ -3952,8 +3970,6 @@ WOLFSSL_API void wolfSSL_THREADID_current(WOLFSSL_CRYPTO_THREADID* id); WOLFSSL_API unsigned long wolfSSL_THREADID_hash( const WOLFSSL_CRYPTO_THREADID* id); -WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( - WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE *); WOLFSSL_API WOLFSSL_X509_OBJECT* @@ -4025,7 +4041,8 @@ WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); #if defined(OPENSSL_ALL) \ || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) + || defined(OPENSSL_EXTRA) \ + || defined(HAVE_STUNNEL) WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name); #endif @@ -4152,6 +4169,10 @@ WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, unsigned int flags); #endif +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) +WOLFSSL_API int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, + size_t chkLen, unsigned int flags); +#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)