WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Make changes to get latest verison of stunnel (5.57) working with wolfSSL.

pull/3604/head
Hayden Roche 2021-03-12 13:40:07 -06:00
parent 295418fa3e
commit 4cd3f2e826
8 changed files with 395 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
configure.ac
View File

@ -4377,49 +4377,49 @@ if test "$ENABLED_WPAS" = "yes"
then then
ENABLED_STUNNEL="yes" ENABLED_STUNNEL="yes"
fi fi
# stunnel support requires all the features enabled within this conditional.
if test "$ENABLED_STUNNEL" = "yes" if test "$ENABLED_STUNNEL" = "yes"
then then
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then then
ENABLED_OPENSSLEXTRA="yes" ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi fi
# Requires OCSP make sure on if test "x$ENABLED_SESSION_TICKET" = "xno"
then
ENABLED_SESSION_TICKET="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_SESSION_TICKET"
fi
if test "x$ENABLED_OCSP" = "xno" if test "x$ENABLED_OCSP" = "xno"
then then
ENABLED_OCSP="yes" ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi fi
# Requires coding make sure on
if test "x$ENABLED_CODING" = "xno" if test "x$ENABLED_CODING" = "xno"
then then
ENABLED_CODING="yes" ENABLED_CODING="yes"
fi fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno" if test "x$ENABLED_SESSIONCERTS" = "xno"
then then
ENABLED_SESSIONCERTS="yes" ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi fi
# Requires crls, make sure on
if test "x$ENABLED_CRL" = "xno" if test "x$ENABLED_CRL" = "xno"
then then
ENABLED_CRL="yes" ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi fi
# Requires DES3, make sure on
if test "x$ENABLED_DES3" = "xno" if test "x$ENABLED_DES3" = "xno"
then then
ENABLED_DES3="yes" ENABLED_DES3="yes"
fi fi
# Requires tlsx, make sure on
if test "x$ENABLED_TLSX" = "xno" if test "x$ENABLED_TLSX" = "xno"
then then
ENABLED_TLSX="yes" ENABLED_TLSX="yes"
@ -4431,7 +4431,6 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
fi fi
# Requires ecc make sure on
if test "x$ENABLED_ECC" = "xno" if test "x$ENABLED_ECC" = "xno"
then then
ENABLED_OPENSSLEXTRA="yes" ENABLED_OPENSSLEXTRA="yes"
@ -4444,14 +4443,12 @@ then
fi fi
fi fi
# Requires wolfSSL_OBJ_txt2nid
if test "x$ENABLED_CERTEXT" = "xno" if test "x$ENABLED_CERTEXT" = "xno"
then then
ENABLED_CERTEXT="yes" ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi fi
# Requires certgen
if test "x$ENABLED_CERTGEN" = "xno" if test "x$ENABLED_CERTGEN" = "xno"
then then
ENABLED_CERTGEN="yes" ENABLED_CERTGEN="yes"
@ -4460,7 +4457,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB" AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DWOLFSSL_SIGNER_DER_CERT"
fi fi
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \ if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \

202
src/ssl.c
View File

@ -3899,6 +3899,83 @@ error:
return NULL; return NULL;
} }
WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_NAME* name)
{
WOLF_STACK_OF(WOLFSSL_X509)* ret = NULL;
int err = 0;
WOLFSSL_X509_STORE* store = NULL;
WOLFSSL_STACK* sk = NULL;
WOLFSSL_STACK* certToFilter = NULL;
WOLFSSL_X509_NAME* certToFilterName = NULL;
WOLF_STACK_OF(WOLFSSL_X509)* filteredCerts = NULL;
WOLFSSL_X509* filteredCert = NULL;
WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs");
if (name == NULL) {
err = 1;
}
if (err == 0) {
store = wolfSSL_X509_STORE_CTX_get0_store(ctx);
if (store == NULL) {
err = 1;
}
}
if (err == 0) {
filteredCerts = wolfSSL_sk_X509_new();
if (filteredCerts == NULL) {
err = 1;
}
}
if (err == 0) {
sk = wolfSSL_CertManagerGetCerts(store->cm);
if (sk == NULL) {
err = 1;
}
}
if (err == 0) {
certToFilter = sk;
while (certToFilter != NULL) {
certToFilterName = wolfSSL_X509_get_subject_name(
certToFilter->data.x509);
if (certToFilterName != NULL) {
if (wolfSSL_X509_NAME_cmp(certToFilterName, name) == 0) {
filteredCert = wolfSSL_X509_dup(certToFilter->data.x509);
if (filteredCert == NULL) {
err = 1;
break;
}
else {
wolfSSL_sk_X509_push(filteredCerts, filteredCert);
}
}
}
certToFilter = certToFilter->next;
}
}
if (err == 1) {
if (filteredCerts != NULL) {
wolfSSL_sk_X509_free(filteredCerts);
}
ret = NULL;
}
else {
ret = filteredCerts;
}
if (sk != NULL) {
wolfSSL_sk_X509_free(sk);
}
return ret;
}
#endif /* WOLFSSL_SIGNER_DER_CERT */ #endif /* WOLFSSL_SIGNER_DER_CERT */
/****************************************************************************** /******************************************************************************
@ -35326,6 +35403,61 @@ void *wolfSSL_OPENSSL_malloc(size_t a)
return (void *)XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL); return (void *)XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL);
} }
int wolfSSL_OPENSSL_hexchar2int(unsigned char c)
{
int ret = -1;
if ('0' <= c && c <= '9') {
ret = c - '0';
}
else if ('a' <= c && c <= 'f') {
ret = c - 'a' + 0x0a;
}
else if ('A' <= c && c <= 'F') {
ret = c - 'A' + 0x0a;
}
return ret;
}
unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len)
{
unsigned char* targetBuf;
int srcDigitHigh = 0;
int srcDigitLow = 0;
size_t srcLen;
size_t srcIdx = 0;
long targetIdx = 0;
srcLen = XSTRLEN(str);
targetBuf = (unsigned char*)XMALLOC(srcLen / 2, NULL, DYNAMIC_TYPE_OPENSSL);
if (targetBuf == NULL) {
return NULL;
}
while (srcIdx < srcLen) {
if (str[srcIdx] == ':') {
srcIdx++;
continue;
}
srcDigitHigh = wolfSSL_OPENSSL_hexchar2int(str[srcIdx++]);
srcDigitLow = wolfSSL_OPENSSL_hexchar2int(str[srcIdx++]);
if (srcDigitHigh < 0 || srcDigitLow < 0) {
WOLFSSL_MSG("Invalid hex character.");
XFREE(targetBuf, NULL, DYNAMIC_TYPE_OPENSSL);
return NULL;
}
targetBuf[targetIdx++] = (unsigned char)((srcDigitHigh << 4) | srcDigitLow);
}
if (len != NULL)
*len = targetIdx;
return targetBuf;
}
int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings) int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings)
{ {
(void)opts; (void)opts;
@ -47284,18 +47416,7 @@ void wolfSSL_THREADID_set_numeric(void* id, unsigned long val)
} }
#endif #endif
#ifndef NO_WOLFSSL_STUB #ifndef NO_WOLFSSL_STUB
WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_NAME* name)
{
WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs");
WOLFSSL_STUB("X509_STORE_get1_certs");
(void)ctx;
(void)name;
return NULL;
}
WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
WOLFSSL_X509_STORE* store) WOLFSSL_X509_STORE* store)
{ {
@ -48552,7 +48673,10 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
} }
return suites->stack; return suites->stack;
} }
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(HAVE_STUNNEL)
#ifndef NO_WOLFSSL_STUB #ifndef NO_WOLFSSL_STUB
void wolfSSL_OPENSSL_config(char *config_name) void wolfSSL_OPENSSL_config(char *config_name)
{ {
@ -48560,7 +48684,7 @@ void wolfSSL_OPENSSL_config(char *config_name)
WOLFSSL_STUB("OPENSSL_config"); WOLFSSL_STUB("OPENSSL_config");
} }
#endif /* !NO_WOLFSSL_STUB */ #endif /* !NO_WOLFSSL_STUB */
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_STUNNEL*/
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
@ -48724,6 +48848,60 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
} }
#endif #endif
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN)
int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen,
unsigned int flags)
{
WOLFSSL_X509_NAME *subjName;
int emailLen;
char *emailBuf;
(void)flags;
WOLFSSL_ENTER("wolfSSL_X509_check_email");
if ((x == NULL) || (chk == NULL)) {
WOLFSSL_MSG("Invalid parameter");
return WOLFSSL_FAILURE;
}
subjName = wolfSSL_X509_get_subject_name(x);
if (subjName == NULL)
return WOLFSSL_FAILURE;
/* Call with NULL buffer to get required length. */
emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress,
NULL, 0);
if (emailLen < 0)
return WOLFSSL_FAILURE;
++emailLen; /* Add 1 for the NUL. */
emailBuf = (char*)XMALLOC(emailLen, x->heap, DYNAMIC_TYPE_OPENSSL);
if (emailBuf == NULL)
return WOLFSSL_FAILURE;
emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress,
emailBuf, emailLen);
if (emailLen < 0) {
XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL);
return WOLFSSL_FAILURE;
}
if (chkLen == 0)
chkLen = XSTRLEN(chk);
if (chkLen != (size_t)emailLen
|| XSTRNCMP(chk, emailBuf, chkLen)) {
XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL);
return WOLFSSL_FAILURE;
}
XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL);
return WOLFSSL_SUCCESS;
}
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)

140
tests/api.c
View File

@ -25868,6 +25868,41 @@ static void test_wolfSSL_X509_check_host(void)
#endif #endif
} }
static void test_wolfSSL_X509_check_email(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN)
X509* x509;
const char goodEmail[] = "info@wolfssl.com";
const char badEmail[] = "disinfo@wolfssl.com";
printf(testingFmt, "wolfSSL_X509_check_email()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
/* Should fail on non-matching email address */
AssertIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
WOLFSSL_FAILURE);
/* Should succeed on matching email address */
AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0),
WOLFSSL_SUCCESS);
/* Should compute length internally when not provided */
AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0),
WOLFSSL_SUCCESS);
/* Should fail when email address is NULL */
AssertIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
WOLFSSL_FAILURE);
X509_free(x509);
/* Should fail when x509 is NULL */
AssertIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
WOLFSSL_FAILURE);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
}
static void test_wolfSSL_DES(void) static void test_wolfSSL_DES(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
@ -34433,6 +34468,57 @@ static void test_wolfSSL_OpenSSL_add_all_algorithms(void){
#endif #endif
} }
static void test_wolfSSL_OPENSSL_hexstr2buf(void)
{
#if defined(OPENSSL_EXTRA)
struct Output {
const unsigned char* buffer;
long ret;
};
enum { NUM_CASES = 5 };
int i;
int j;
const char* inputs[NUM_CASES] = {
"aabcd1357e",
"01:12:23:34:a5:b6:c7:d8:e9",
":01:02",
"012",
":ab:ac:d"
};
struct Output expectedOutputs[NUM_CASES] = {
{(const unsigned char []){0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5},
{(const unsigned char []){0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7,
0xd8, 0xe9}, 9},
{(const unsigned char []){0x01, 0x02}, 2},
{NULL, 0},
{NULL, 0}
};
long len = 0;
unsigned char* returnedBuf = NULL;
printf(testingFmt, "test_wolfSSL_OPENSSL_hexstr2buf()");
for (i = 0; i < NUM_CASES; ++i) {
returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len);
if (returnedBuf == NULL) {
AssertNull(expectedOutputs[i].buffer);
continue;
}
AssertIntEQ(expectedOutputs[i].ret, len);
for (j = 0; j < len; ++j) {
AssertIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]);
}
OPENSSL_free(returnedBuf);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_STRING_print_ex(void){ static void test_wolfSSL_ASN1_STRING_print_ex(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
#ifndef NO_BIO #ifndef NO_BIO
@ -40964,6 +41050,57 @@ static void test_wolfSSL_ASN1_INTEGER_set(void)
#endif #endif
} }
static void test_wolfSSL_X509_STORE_get1_certs(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
!defined(NO_FILESYSTEM)
X509_STORE_CTX *storeCtx;
X509_STORE *store;
X509 *caX509;
X509 *svrX509;
X509_NAME *subject;
WOLF_STACK_OF(WOLFSSL_X509) *certs;
printf(testingFmt, "wolfSSL_X509_STORE_get1_certs()");
AssertNotNull(caX509 =
X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
AssertNotNull((svrX509 =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
AssertNotNull(storeCtx = X509_STORE_CTX_new());
AssertNotNull(store = X509_STORE_new());
AssertNotNull(subject = X509_get_subject_name(caX509));
/* Errors */
AssertNull(X509_STORE_get1_certs(storeCtx, subject));
AssertNull(X509_STORE_get1_certs(NULL, subject));
AssertNull(X509_STORE_get1_certs(storeCtx, NULL));
AssertIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), SSL_SUCCESS);
/* Should find the cert */
AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
AssertIntEQ(1, wolfSSL_sk_X509_num(certs));
sk_X509_free(certs);
/* Should not find the cert */
AssertNotNull(subject = X509_get_subject_name(svrX509));
AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
AssertIntEQ(0, wolfSSL_sk_X509_num(certs));
sk_X509_free(certs);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(svrX509);
X509_free(caX509);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
}
/* Testing code used in dpp.c in hostap */ /* Testing code used in dpp.c in hostap */
#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
typedef struct { typedef struct {
@ -42300,6 +42437,7 @@ void ApiTest(void)
test_wolfSSL_X509_subject_name_hash(); test_wolfSSL_X509_subject_name_hash();
test_wolfSSL_X509_issuer_name_hash(); test_wolfSSL_X509_issuer_name_hash();
test_wolfSSL_X509_check_host(); test_wolfSSL_X509_check_host();
test_wolfSSL_X509_check_email();
test_wolfSSL_DES(); test_wolfSSL_DES();
test_wolfSSL_certs(); test_wolfSSL_certs();
test_wolfSSL_X509_check_private_key(); test_wolfSSL_X509_check_private_key();
@ -42451,8 +42589,10 @@ void ApiTest(void)
test_wolfSSL_PEM_X509_INFO_read_bio(); test_wolfSSL_PEM_X509_INFO_read_bio();
test_wolfSSL_PEM_read_bio_ECPKParameters(); test_wolfSSL_PEM_read_bio_ECPKParameters();
#endif #endif
test_wolfSSL_X509_STORE_get1_certs();
test_wolfSSL_X509_NAME_ENTRY_get_object(); test_wolfSSL_X509_NAME_ENTRY_get_object();
test_wolfSSL_OpenSSL_add_all_algorithms(); test_wolfSSL_OpenSSL_add_all_algorithms();
test_wolfSSL_OPENSSL_hexstr2buf();
test_wolfSSL_ASN1_STRING_print_ex(); test_wolfSSL_ASN1_STRING_print_ex();
test_wolfSSL_ASN1_TIME_to_generalizedtime(); test_wolfSSL_ASN1_TIME_to_generalizedtime();
test_wolfSSL_ASN1_INTEGER_set(); test_wolfSSL_ASN1_INTEGER_set();

8
wolfcrypt/src/evp.c
View File

@ -3410,6 +3410,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
#endif /* !NO_MD5 */ #endif /* !NO_MD5 */
#ifndef NO_WOLFSSL_STUB
void wolfSSL_EVP_set_pw_prompt(const char *prompt)
{
(void)prompt;
WOLFSSL_STUB("EVP_set_pw_prompt");
}
#endif
#ifndef NO_WOLFSSL_STUB #ifndef NO_WOLFSSL_STUB
const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void) const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void)
{ {

11
wolfssl/openssl/crypto.h
View File

@ -46,6 +46,8 @@ WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void);
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
WOLFSSL_API void wolfSSL_OPENSSL_free(void*); WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c);
WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len);
WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings); WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings);
#endif #endif
@ -75,6 +77,8 @@ typedef struct crypto_threadid_st CRYPTO_THREADID;
#define OPENSSL_free wolfSSL_OPENSSL_free #define OPENSSL_free wolfSSL_OPENSSL_free
#define OPENSSL_malloc wolfSSL_OPENSSL_malloc #define OPENSSL_malloc wolfSSL_OPENSSL_malloc
#define OPENSSL_hexchar2int wolfSSL_OPENSSL_hexchar2int
#define OPENSSL_hexstr2buf wolfSSL_OPENSSL_hexstr2buf
#define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0x00000001L #define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0x00000001L
#define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L #define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L
@ -104,6 +108,13 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i
#define CRYPTO_THREAD_r_lock wc_LockMutex #define CRYPTO_THREAD_r_lock wc_LockMutex
#define CRYPTO_THREAD_unlock wc_UnLockMutex #define CRYPTO_THREAD_unlock wc_UnLockMutex
#define CRYPTO_THREAD_lock_new wc_InitAndAllocMutex
#define CRYPTO_THREAD_read_lock wc_LockMutex
#define CRYPTO_THREAD_write_lock wc_LockMutex
#define CRYPTO_THREAD_lock_free wc_FreeMutex
#define CRYPTO_set_ex_data wolfSSL_CRYPTO_set_ex_data
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */ #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */
#endif /* header */ #endif /* header */

18
wolfssl/openssl/evp.h
View File

@ -81,6 +81,7 @@ typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO;
#ifndef NO_MD5 #ifndef NO_MD5
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void);
#endif #endif
WOLFSSL_API void wolfSSL_EVP_set_pw_prompt(const char *);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void);
@ -675,14 +676,15 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#ifndef NO_MD5 #ifndef NO_MD5
#define EVP_md5 wolfSSL_EVP_md5 #define EVP_md5 wolfSSL_EVP_md5
#endif #endif
#define EVP_sha1 wolfSSL_EVP_sha1 #define EVP_sha1 wolfSSL_EVP_sha1
#define EVP_mdc2 wolfSSL_EVP_mdc2 #define EVP_mdc2 wolfSSL_EVP_mdc2
#define EVP_dds1 wolfSSL_EVP_sha1 #define EVP_dds1 wolfSSL_EVP_sha1
#define EVP_sha224 wolfSSL_EVP_sha224 #define EVP_sha224 wolfSSL_EVP_sha224
#define EVP_sha256 wolfSSL_EVP_sha256 #define EVP_sha256 wolfSSL_EVP_sha256
#define EVP_sha384 wolfSSL_EVP_sha384 #define EVP_sha384 wolfSSL_EVP_sha384
#define EVP_sha512 wolfSSL_EVP_sha512 #define EVP_sha512 wolfSSL_EVP_sha512
#define EVP_ripemd160 wolfSSL_EVP_ripemd160 #define EVP_ripemd160 wolfSSL_EVP_ripemd160
#define EVP_set_pw_prompt wolfSSL_EVP_set_pw_prompt
#define EVP_sha3_224 wolfSSL_EVP_sha3_224 #define EVP_sha3_224 wolfSSL_EVP_sha3_224
#define EVP_sha3_256 wolfSSL_EVP_sha3_256 #define EVP_sha3_256 wolfSSL_EVP_sha3_256

3
wolfssl/openssl/ssl.h
View File

@ -466,6 +466,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_REQ_check_private_key wolfSSL_X509_check_private_key #define X509_REQ_check_private_key wolfSSL_X509_check_private_key
#define X509_check_ca wolfSSL_X509_check_ca #define X509_check_ca wolfSSL_X509_check_ca
#define X509_check_host wolfSSL_X509_check_host #define X509_check_host wolfSSL_X509_check_host
#define X509_check_email wolfSSL_X509_check_email
#define X509_check_ip_asc wolfSSL_X509_check_ip_asc #define X509_check_ip_asc wolfSSL_X509_check_ip_asc
#define X509_email_free wolfSSL_X509_email_free #define X509_email_free wolfSSL_X509_email_free
#define X509_check_issued wolfSSL_X509_check_issued #define X509_check_issued wolfSSL_X509_check_issued
@ -1236,7 +1237,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
defined(HAVE_LIGHTY) defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
#include <wolfssl/error-ssl.h> #include <wolfssl/error-ssl.h>

31
wolfssl/ssl.h
View File

@ -2962,9 +2962,12 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_CERT_MANAGER* cm); WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerDisableOCSPMustStaple( WOLFSSL_API int wolfSSL_CertManagerDisableOCSPMustStaple(
WOLFSSL_CERT_MANAGER* cm); WOLFSSL_CERT_MANAGER* cm);
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
!defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm);
#endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int); WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int);
@ -3289,6 +3292,21 @@ WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl);
#endif #endif
#if defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
/* Needed by session ticket stuff below */
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
#define WOLFSSL_AES_KEY_SIZE_ENUM
enum SSL_Misc {
AES_IV_SIZE = 16,
AES_128_KEY_SIZE = 16,
AES_192_KEY_SIZE = 24,
AES_256_KEY_SIZE = 32
};
#endif
#endif
/* Session Ticket */ /* Session Ticket */
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
@ -3952,8 +3970,6 @@ WOLFSSL_API void wolfSSL_THREADID_current(WOLFSSL_CRYPTO_THREADID* id);
WOLFSSL_API unsigned long wolfSSL_THREADID_hash( WOLFSSL_API unsigned long wolfSSL_THREADID_hash(
const WOLFSSL_CRYPTO_THREADID* id); const WOLFSSL_CRYPTO_THREADID* id);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE *); wolfSSL_X509_STORE_get0_objects(WOLFSSL_X509_STORE *);
WOLFSSL_API WOLFSSL_X509_OBJECT* WOLFSSL_API WOLFSSL_X509_OBJECT*
@ -4025,7 +4041,8 @@ WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
#if defined(OPENSSL_ALL) \ #if defined(OPENSSL_ALL) \
|| defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA) \
|| defined(HAVE_STUNNEL)
WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name); WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name);
#endif #endif
@ -4152,6 +4169,10 @@ WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
unsigned int flags); unsigned int flags);
#endif #endif
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN)
WOLFSSL_API int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk,
size_t chkLen, unsigned int flags);
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)