diff --git a/src/ssl.c b/src/ssl.c index 94c661fec..0cbfa8f31 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9625,7 +9625,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) (void)ctx; (void)sz; WOLFSSL_MSG("session cache is set at compile time"); - return SESSIONS_PER_ROW * SESSION_ROWS; + #ifndef NO_SESSION_CACHE + return SESSIONS_PER_ROW * SESSION_ROWS; + #else + return 0; + #endif } @@ -9767,6 +9771,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) + { + (void)ctx; + WOLFSSL_ENTER("wolfSSL_CTX_get_options"); + WOLFSSL_MSG("wolfSSL options are set through API calls and macros"); + + return 0; + } + + long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) { /* goahead calls with 0, do nothing */ @@ -11696,7 +11710,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) { (void)ctx; - return SESSIONS_PER_ROW * SESSION_ROWS; + #ifndef NO_SESSION_CACHE + return SESSIONS_PER_ROW * SESSION_ROWS; + #else + return 0; + #endif } unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line, @@ -13968,18 +13986,24 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) return 0; } -/*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op) + +/* wolfSSL options are set through API calls and macros. + * return 0 for no options set */ +unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) { - (void)s; + (void)ssl; (void)op; + WOLFSSL_MSG("Set options in wolfSSL through API and macros"); return 0; } -/*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s) + +/* wolfSSL options are set through API calls and macros. + * return 0 for no options set */ +WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL* ssl) { - (void)s; + (void)ssl; + WOLFSSL_MSG("Set options in wolfSSL through API and macros"); return 0; } @@ -13998,6 +14022,7 @@ WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s) } +#ifndef NO_DH long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) { int pSz, gSz; @@ -14022,7 +14047,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_DH); if (!g) { - XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + XFREE(p, ssl->heap, DYNAMIC_TYPE_DH); return MEMORY_E; } @@ -14032,20 +14057,25 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) if (pSz >= 0 && gSz >= 0) /* Conversion successful */ ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz); - XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); - XFREE(g, ctx->heap, DYNAMIC_TYPE_DH); + XFREE(p, ssl->heap, DYNAMIC_TYPE_DH); + XFREE(g, ssl->heap, DYNAMIC_TYPE_DH); return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } +#endif /* !NO_DH */ -/*** TBD ***/ -WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg) +#ifdef HAVE_PK_CALLBACKS +long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg) { - (void)s; - (void)arg; - return 0; + if (ssl == NULL) { + return SSL_FAILURE; + } + + ssl->loggingCtx = arg; + return SSL_SUCCESS; } +#endif /* HAVE_PK_CALLBACKS */ /*** TBD ***/ WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) @@ -15963,6 +15993,7 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) } +#if !defined(NO_DSA) && !defined(NO_DH) WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa) { WOLFSSL_DH* dh; @@ -16000,6 +16031,7 @@ WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa) return dh; } +#endif /* !defined(NO_DSA) && !defined(NO_DH) */ #endif /* !NO_RSA && !NO_DSA */ @@ -19578,18 +19610,6 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return 0; } - int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) { - WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); - - if (ctx == NULL || pkey == NULL) { - return SSL_FAILURE; - } - - return wolfSSL_CTX_use_PrivateKey_buffer(ssl, pkey->pkey->ptr, - pkey->pkey_sz, PRIVATEKEY_TYPE); - } - - int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { (void)b; (void)name; @@ -19767,6 +19787,20 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA + +int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) +{ + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); + + if (ctx == NULL || pkey == NULL) { + return SSL_FAILURE; + } + + return wolfSSL_CTX_use_PrivateKey_buffer(ctx, + (const unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz, PRIVATEKEY_TYPE); +} + void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) { WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); @@ -19895,41 +19929,51 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pe if ((ret = GetSequence(pDer->buffer, &idx, &length, pDer->length)) < 0) { WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret); + FreeDer(&pDer); return NULL; } dsa = wolfSSL_DSA_new(); if (dsa == NULL) { + FreeDer(&pDer); WOLFSSL_MSG("Error creating DSA struct"); + return NULL; } key = (DsaKey*)dsa->internal; if (key == NULL) { + FreeDer(&pDer); + wolfSSL_DSA_free(dsa); WOLFSSL_MSG("Error finding DSA key struct"); + return NULL; } if (GetInt(&key->p, pDer->buffer, &idx, pDer->length) < 0 || GetInt(&key->q, pDer->buffer, &idx, pDer->length) < 0 || GetInt(&key->g, pDer->buffer, &idx, pDer->length) < 0 ) { WOLFSSL_MSG("dsa key error"); + FreeDer(&pDer); wolfSSL_DSA_free(dsa); return NULL; } if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) { WOLFSSL_MSG("dsa p key error"); + FreeDer(&pDer); wolfSSL_DSA_free(dsa); return NULL; } if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) { WOLFSSL_MSG("dsa q key error"); + FreeDer(&pDer); wolfSSL_DSA_free(dsa); return NULL; } if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) { WOLFSSL_MSG("dsa g key error"); + FreeDer(&pDer); wolfSSL_DSA_free(dsa); return NULL; } @@ -19938,6 +19982,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pe *x = dsa; } + FreeDer(&pDer); return dsa; } #endif /* NO_DSA */ @@ -20323,16 +20368,6 @@ STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) } -long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) -{ - (void)ctx; - WOLFSSL_ENTER("wolfSSL_CTX_get_options"); - WOLFSSL_STUB("wolfSSL_CTX_get_options"); - - return 0; -} - - WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_SSL_CTX"); diff --git a/tests/api.c b/tests/api.c index 5b14c3a11..96eac1eb5 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2267,6 +2267,10 @@ static void test_wolfSSL_certs(void) AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS); + #ifdef HAVE_PK_CALLBACKS + AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), SSL_SUCCESS); + #endif /* HAVE_PK_CALLBACKS */ + /* create and use x509 */ x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM); AssertNotNull(x509); @@ -2284,6 +2288,7 @@ static void test_wolfSSL_certs(void) sizeof_server_cert_der_2048), SSL_SUCCESS); #endif + #if !defined(NO_SHA) && !defined(NO_SHA256) /************* Get Digest of Certificate ******************/ { byte digest[64]; /* max digest size */ @@ -2292,59 +2297,73 @@ static void test_wolfSSL_certs(void) XMEMSET(digest, 0, sizeof(digest)); AssertIntEQ(X509_digest(x509, wolfSSL_EVP_sha1(), digest, &digestSz), SSL_SUCCESS); + AssertIntEQ(X509_digest(x509, wolfSSL_EVP_sha256(), digest, &digestSz), + SSL_SUCCESS); AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz), SSL_FAILURE); } + #endif /* !NO_SHA && !NO_SHA256*/ /* test and checkout X509 extensions */ - sk = X509_get_ext_d2i(x509, NID_basic_constraints, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_basic_constraints, + &crit, NULL); AssertNotNull(sk); AssertIntEQ(crit, 0); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_key_usage, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_key_usage, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_ext_key_usage, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage, + &crit, NULL); /* AssertNotNull(sk); no extension set */ wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_authority_key_identifier, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_authority_key_identifier, &crit, NULL); AssertNotNull(sk); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_private_key_usage_period, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_private_key_usage_period, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_subject_alt_name, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name, + &crit, NULL); /* AssertNotNull(sk); no alt names set */ wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_issuer_alt_name, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_issuer_alt_name, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_info_access, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_info_access, &crit, + NULL); /* AssertNotNull(sk); no auth info set */ wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_sinfo_access, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_sinfo_access, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_name_constraints, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_name_constraints, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_certificate_policies, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_certificate_policies, &crit, NULL); #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT) AssertNull(sk); #else @@ -2352,36 +2371,42 @@ static void test_wolfSSL_certs(void) #endif wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_policy_mappings, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_mappings, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_policy_constraints, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_policy_constraints, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_inhibit_any_policy, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_inhibit_any_policy, + &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - sk = X509_get_ext_d2i(x509, NID_tlsfeature, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_tlsfeature, &crit, + NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); /* test invalid cases */ crit = 0; - sk = X509_get_ext_d2i(x509, -1, &crit, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL); AssertNull(sk); AssertIntEQ(crit, -1); - sk = X509_get_ext_d2i(NULL, NID_tlsfeature, NULL, NULL); + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature, + NULL, NULL); AssertNull(sk); AssertIntEQ(SSL_get_hit(ssl), 0); - SSL_free(ssl); /* frees x509 also since loaded into ssl */ + X509_free(x509); + SSL_free(ssl); SSL_CTX_free(ctx); printf(resultFmt, passed); @@ -2474,6 +2499,9 @@ static void test_wolfSSL_tmp_dh(void) AssertIntEQ(SSL_CTX_set_tmp_dh(ctx, dh), SSL_SUCCESS); AssertIntEQ(SSL_set_tmp_dh(ssl, dh), SSL_SUCCESS); + BIO_free(bio); + DSA_free(dsa); + DH_free(dh); SSL_free(ssl); SSL_CTX_free(ctx); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 62e6bb58c..8f7b4c02a 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2750,6 +2750,9 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA WOLFSSL_BIO* biord; /* socket bio read to free/close */ WOLFSSL_BIO* biowr; /* socket bio write to free/close */ +#ifdef HAVE_PK_CALLBACKS + void* loggingCtx; /* logging callback argument */ +#endif #endif #ifndef NO_RSA RsaKey* peerRsaKey; diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 97aa99709..5120b6939 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -47,7 +47,9 @@ #include #include #include - +#ifdef HAVE_IDEA + #include +#endif #ifdef __cplusplus extern "C" { diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bd8a02f1c..0277e761b 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1932,6 +1932,7 @@ WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz); WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); +WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); /*lighttp compatibility */ @@ -1947,7 +1948,6 @@ struct WOLFSSL_X509_NAME_ENTRY { #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); -WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void); /* These are to be merged shortly */ @@ -1967,9 +1967,6 @@ WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsign WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ); -WOLFSSL_API unsigned long wolfSSL_SSL_CTX_get_options(const WOLFSSL_CTX *ctx); -WOLFSSL_API unsigned long wolfSSL_SSL_CTX_set_options(WOLFSSL_CTX *ctx, unsigned long op); - /* end lighttpd*/ #endif #endif @@ -1987,6 +1984,8 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u); WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); +WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); + #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ @@ -2044,8 +2043,6 @@ WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int); WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); -WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); - WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);