WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #4442 from julek-wolfssl/kerberos 

Add Kerberos 5 support
pull/4626/head
David Garske 2021-12-02 09:07:34 -08:00 committed by GitHub
parent baee7bace4 0de4136ad6
commit b4c6140b64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 531 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
configure.ac
View File

@ -911,6 +911,7 @@ AC_ARG_ENABLE([mcast],
# WOLFSSL_MYSQL_COMPATIBLE # WOLFSSL_MYSQL_COMPATIBLE
# web server (--enable-webserver) HAVE_WEBSERVER # web server (--enable-webserver) HAVE_WEBSERVER
# net-snmp (--enable-net-snmp) # net-snmp (--enable-net-snmp)
# krb (--enable-krb) WOLFSSL_KRB
# Bind DNS compatibility Build # Bind DNS compatibility Build
@ -1033,6 +1034,14 @@ AC_ARG_ENABLE([net-snmp],
[ ENABLED_NETSNMP=no ] [ ENABLED_NETSNMP=no ]
) )
# kerberos 5 Build
AC_ARG_ENABLE([krb],
[AS_HELP_STRING([--enable-krb],[Enable kerberos 5 support (default: disabled)])],
[ ENABLED_KRB=$enableval ],
[ ENABLED_KRB=no ]
)
#IP alternative name Support #IP alternative name Support
AC_ARG_ENABLE([ip-alt-name], AC_ARG_ENABLE([ip-alt-name],
[AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])], [AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
@ -1104,7 +1113,8 @@ if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || \ test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || \
test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || \ test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || \
test "$ENABLED_NTP" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \ test "$ENABLED_NTP" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \
test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
test "$ENABLED_KRB" = "yes"
then then
ENABLED_OPENSSLALL="yes" ENABLED_OPENSSLALL="yes"
fi fi
@ -3249,7 +3259,7 @@ AC_ARG_ENABLE([des3],
[ ENABLED_DES3=no ] [ ENABLED_DES3=no ]
) )
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno" || test "$ENABLED_NETSNMP" = "yes" || test "$ENABLED_LIBSSH2" = "yes" if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno" || test "$ENABLED_NETSNMP" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_KRB" = "yes"
then then
ENABLED_DES3="yes" ENABLED_DES3="yes"
fi fi
@ -3267,7 +3277,7 @@ then
fi fi
# ARC4 # ARC4
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_KRB" = "yes"
then then
# Requires RC4 make sure on (if not forcefully disabled with --disable-arc4) # Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
test "$enable_arc4" = "" && enable_arc4=yes test "$enable_arc4" = "" && enable_arc4=yes
@ -3824,7 +3834,8 @@ AC_ARG_ENABLE([crl],
) )
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \ if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
test "x$ENABLED_KRB" = "xyes"
then then
ENABLED_CRL=yes ENABLED_CRL=yes
fi fi
@ -4713,6 +4724,17 @@ then
fi fi
fi fi
if test "$ENABLED_KRB" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KRB -DWOLFSSL_AES_DIRECT"
# Requires PKCS7
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
fi
if test "$ENABLED_SIGNAL" = "yes" if test "$ENABLED_SIGNAL" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
@ -5158,7 +5180,7 @@ AC_ARG_ENABLE([md4],
if test "$ENABLED_MD4" = "no" if test "$ENABLED_MD4" = "no"
then then
#turn on MD4 if using stunnel #turn on MD4 if using stunnel
if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno" if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_KRB" = "xyes"
then then
ENABLED_MD4="yes" ENABLED_MD4="yes"
else else
@ -6809,7 +6831,7 @@ then
AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS" AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS"
AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS" AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_AKID_NAME $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_AKID_NAME -DHAVE_CTS $AM_CFLAGS"
fi fi
if test "$ENABLED_OPENSSLEXTRA" = "x509small" if test "$ENABLED_OPENSSLEXTRA" = "x509small"

285
src/ssl.c
View File

@ -99,6 +99,7 @@
#include <wolfssl/openssl/ecdsa.h> #include <wolfssl/openssl/ecdsa.h>
#include <wolfssl/openssl/ecdh.h> #include <wolfssl/openssl/ecdh.h>
#include <wolfssl/openssl/err.h> #include <wolfssl/openssl/err.h>
#include <wolfssl/openssl/modes.h>
#include <wolfssl/openssl/opensslv.h> #include <wolfssl/openssl/opensslv.h>
#include <wolfssl/openssl/rc4.h> #include <wolfssl/openssl/rc4.h>
#include <wolfssl/openssl/stack.h> #include <wolfssl/openssl/stack.h>
@ -21091,6 +21092,57 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk)
wolfSSL_sk_free(sk); wolfSSL_sk_free(sk);
} }
#ifdef HAVE_CRL
WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new(void)
{
WOLFSSL_STACK* s = wolfSSL_sk_new_node(NULL);
if (s != NULL)
s->type = STACK_TYPE_X509_CRL;
return s;
}
void wolfSSL_sk_X509_CRL_pop_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk,
void (*f) (WOLFSSL_X509_CRL*))
{
WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_pop_free");
wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
}
void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk)
{
wolfSSL_sk_X509_CRL_pop_free(sk, NULL);
}
/* return 1 on success 0 on fail */
int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, WOLFSSL_X509_CRL* crl)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_push");
if (sk == NULL || crl == NULL) {
return WOLFSSL_FAILURE;
}
return wolfSSL_sk_push(sk, crl);
}
WOLFSSL_X509_CRL* wolfSSL_sk_X509_CRL_value(WOLF_STACK_OF(WOLFSSL_X509)* sk,
int i)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_value");
if (sk)
return (WOLFSSL_X509_CRL*)wolfSSL_sk_value(sk, i);
return NULL;
}
int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_num");
if (sk)
return wolfSSL_sk_num(sk);
return 0;
}
#endif /* HAVE_CRL */
#endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ #endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@ -21250,6 +21302,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_BY_DIR_hash:
case STACK_TYPE_X509_OBJ: case STACK_TYPE_X509_OBJ:
case STACK_TYPE_DIST_POINT: case STACK_TYPE_DIST_POINT:
case STACK_TYPE_X509_CRL:
default: default:
/* All other types are pointers */ /* All other types are pointers */
if (!sk->data.generic) { if (!sk->data.generic) {
@ -21309,6 +21362,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_BY_DIR_hash:
case STACK_TYPE_X509_OBJ: case STACK_TYPE_X509_OBJ:
case STACK_TYPE_DIST_POINT: case STACK_TYPE_DIST_POINT:
case STACK_TYPE_X509_CRL:
default: default:
/* All other types are pointers */ /* All other types are pointers */
node->data.generic = sk->data.generic; node->data.generic = sk->data.generic;
@ -21981,6 +22035,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data)
case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_BY_DIR_hash:
case STACK_TYPE_X509_OBJ: case STACK_TYPE_X509_OBJ:
case STACK_TYPE_DIST_POINT: case STACK_TYPE_DIST_POINT:
case STACK_TYPE_X509_CRL:
default: default:
sk->hash = sk->hash_fn(sk->data.generic); sk->hash = sk->hash_fn(sk->data.generic);
break; break;
@ -22005,6 +22060,7 @@ void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data)
case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_BY_DIR_hash:
case STACK_TYPE_X509_OBJ: case STACK_TYPE_X509_OBJ:
case STACK_TYPE_DIST_POINT: case STACK_TYPE_DIST_POINT:
case STACK_TYPE_X509_CRL:
default: default:
return sk->data.generic; return sk->data.generic;
} }
@ -30392,7 +30448,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
return; return;
} }
if (enc == AES_ENCRYPT) { if (enc) {
if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) { if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) {
WOLFSSL_MSG("Error with AES CBC encrypt"); WOLFSSL_MSG("Error with AES CBC encrypt");
} }
@ -30509,6 +30565,86 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
#endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */ #endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */
#endif /* NO_AES */ #endif /* NO_AES */
#ifdef HAVE_CTS
/*
* Ciphertext stealing interface compatible with RFC2040 and RFC3962.
*/
size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
unsigned char *out, size_t len, const void *key,
unsigned char *iv, WOLFSSL_CBC128_CB cbc)
{
byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ];
int lastBlkLen = len % WOLFSSL_CTS128_BLOCK_SZ;
WOLFSSL_ENTER("wolfSSL_CRYPTO_cts128_encrypt");
if (in == NULL || out == NULL || len < WOLFSSL_CTS128_BLOCK_SZ ||
cbc == NULL) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
if (lastBlkLen == 0)
lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ;
/* Encrypt data up to last block */
(*cbc)(in, out, len - lastBlkLen, key, iv, 1);
/* Move to last block */
in += len - lastBlkLen;
out += len - lastBlkLen;
/* RFC2040: Pad Pn with zeros at the end to create P of length BB. */
XMEMCPY(lastBlk, in, lastBlkLen);
XMEMSET(lastBlk + lastBlkLen, 0, WOLFSSL_CTS128_BLOCK_SZ - lastBlkLen);
/* RFC2040: Select the first Ln bytes of En-1 to create Cn */
XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
(*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ,
key, iv, 1);
return len;
}
size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
unsigned char *out, size_t len, const void *key,
unsigned char *iv, WOLFSSL_CBC128_CB cbc)
{
byte lastBlk[WOLFSSL_CTS128_BLOCK_SZ];
byte prevBlk[WOLFSSL_CTS128_BLOCK_SZ];
int lastBlkLen = len % WOLFSSL_CTS128_BLOCK_SZ;
WOLFSSL_ENTER("wolfSSL_CRYPTO_cts128_decrypt");
if (in == NULL || out == NULL || len <= WOLFSSL_CTS128_BLOCK_SZ ||
cbc == NULL) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
if (lastBlkLen == 0)
lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ;
/* Decrypt up to last two blocks */
(*cbc)(in, out, len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0);
/* Move to last two blocks */
in += len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ;
out += len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ;
/* RFC2040: Decrypt Cn-1 to create Dn.
* Use 0 buffer as IV to do straight decryption.
* This places the Cn-1 block at lastBlk */
XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ);
(*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, 0);
/* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn
* to create En. */
XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
/* Cn and Cn-1 can now be decrypted */
(*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0);
(*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0);
XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen);
return len;
}
#endif /* HAVE_CTS */
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
#ifndef NO_BIO #ifndef NO_BIO
int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
@ -30788,6 +30924,8 @@ void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i)
return (void*)sk->data.x509_obj; return (void*)sk->data.x509_obj;
case STACK_TYPE_DIST_POINT: case STACK_TYPE_DIST_POINT:
return (void*)sk->data.dp; return (void*)sk->data.dp;
case STACK_TYPE_X509_CRL:
return (void*)sk->data.crl;
default: default:
return (void*)sk->data.generic; return (void*)sk->data.generic;
} }
@ -30876,6 +31014,7 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_BY_DIR_hash:
case STACK_TYPE_X509_OBJ: case STACK_TYPE_X509_OBJ:
case STACK_TYPE_DIST_POINT: case STACK_TYPE_DIST_POINT:
case STACK_TYPE_X509_CRL:
default: default:
WOLFSSL_MSG("Unsupported stack type"); WOLFSSL_MSG("Unsupported stack type");
goto error; goto error;
@ -31002,6 +31141,11 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_BY_DIR_hash:
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_HASH_free; func = (wolfSSL_sk_freefunc)wolfSSL_BY_DIR_HASH_free;
#endif
break;
case STACK_TYPE_X509_CRL:
#if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
func = (wolfSSL_sk_freefunc)wolfSSL_X509_CRL_free;
#endif #endif
break; break;
case STACK_TYPE_CIPHER: case STACK_TYPE_CIPHER:
@ -44385,6 +44529,21 @@ err:
#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
} }
WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
pem_password_cb* cb, void* u)
{
WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL;
WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read");
if (fileBio != NULL) {
ret = wolfSSL_PEM_X509_INFO_read_bio(fileBio, sk, cb, u);
wolfSSL_BIO_free(fileBio);
}
return ret;
}
/* /*
* bio WOLFSSL_BIO to read certificates from * bio WOLFSSL_BIO to read certificates from
* sk possible stack to push more X509_INFO structs to. Can be NULL * sk possible stack to push more X509_INFO structs to. Can be NULL
@ -47233,15 +47392,7 @@ WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)*
int i) int i)
{ {
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value"); WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
return (WOLFSSL_X509_NAME*)wolfSSL_sk_value(sk, i);
for (; sk != NULL && i > 0; i--) {
sk = sk->next;
}
if (i != 0 || sk == NULL)
return NULL;
return sk->data.name;
} }
WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
@ -47282,21 +47433,8 @@ void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
/* Free only the sk structure, NOT X509_NAME members */ /* Free only the sk structure, NOT X509_NAME members */
void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
{ {
WOLFSSL_STACK* node;
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_free"); WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_free");
wolfSSL_sk_free(sk);
if (sk == NULL)
return;
node = sk->next;
while (sk->num > 1) {
WOLFSSL_STACK* tmp = node;
node = node->next;
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
sk->num -= 1;
}
XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL);
} }
int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
@ -52762,11 +52900,10 @@ int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
} }
#endif #endif
/* WOLFSSL_SUCCESS on ok */ /* WOLFSSL_SUCCESS on ok */
int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
{ {
int ret = 0; int ret = WOLFSSL_FAILURE;
int len; int len;
int initTmpRng = 0; int initTmpRng = 0;
WC_RNG* rng = NULL; WC_RNG* rng = NULL;
@ -52839,6 +52976,44 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
return ret; return ret;
} }
/**
* N = length of range input var
* Generate N-bit length numbers until generated number is less than range
* @param r Output number
* @param range The upper limit of generated output
* @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
*/
int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range)
{
int n;
int iter = 0;
WOLFSSL_MSG("wolfSSL_BN_rand_range");
if (r == NULL || range == NULL) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
n = wolfSSL_BN_num_bits(range);
if (n <= 1) {
wolfSSL_BN_zero(r);
}
else {
do {
if (iter >= 100) {
WOLFSSL_MSG("wolfSSL_BN_rand_range too many iterations");
return WOLFSSL_FAILURE;
}
iter++;
if (wolfSSL_BN_pseudo_rand(r, n, -1, 0) == WOLFSSL_FAILURE) {
WOLFSSL_MSG("wolfSSL_BN_rand error");
return WOLFSSL_FAILURE;
}
} while(wolfSSL_BN_cmp(r, range) >= 0);
}
return WOLFSSL_SUCCESS;
}
/* WOLFSSL_SUCCESS on ok /* WOLFSSL_SUCCESS on ok
* code is same as wolfSSL_BN_rand except for how top and bottom is handled. * code is same as wolfSSL_BN_rand except for how top and bottom is handled.
@ -61662,15 +61837,16 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
return (PKCS7*)pkcs7; return (PKCS7*)pkcs7;
} }
int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out)
{ {
byte* output = NULL; byte* output = NULL;
int localBuf = 0;
int len; int len;
WC_RNG rng; WC_RNG rng;
int ret = WOLFSSL_FAILURE; int ret = WOLFSSL_FAILURE;
WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio"); WOLFSSL_ENTER("wolfSSL_i2d_PKCS7");
if (!bio || !p7) { if (!out || !p7) {
WOLFSSL_MSG("Bad parameter"); WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@ -61688,10 +61864,16 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
goto cleanup; goto cleanup;
} }
output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (*out == NULL) {
if (!output) { output = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_MSG("malloc error"); if (!output) {
goto cleanup; WOLFSSL_MSG("malloc error");
goto cleanup;
}
localBuf = 1;
}
else {
output = *out;
} }
if ((len = wc_PKCS7_EncodeSignedData(p7, output, len)) < 0) { if ((len = wc_PKCS7_EncodeSignedData(p7, output, len)) < 0) {
@ -61699,6 +61881,36 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
goto cleanup; goto cleanup;
} }
ret = len;
cleanup:
if (p7->rng == &rng) {
wc_FreeRng(&rng);
p7->rng = NULL;
}
if (ret == WOLFSSL_FAILURE && localBuf && output)
XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ret != WOLFSSL_FAILURE)
*out = output;
return ret;
}
int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
{
byte* output = NULL;
int len;
int ret = WOLFSSL_FAILURE;
WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio");
if (!bio || !p7) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) {
WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error");
goto cleanup;
}
if (wolfSSL_BIO_write(bio, output, len) <= 0) { if (wolfSSL_BIO_write(bio, output, len) <= 0) {
WOLFSSL_MSG("wolfSSL_BIO_write error"); WOLFSSL_MSG("wolfSSL_BIO_write error");
goto cleanup; goto cleanup;
@ -61706,13 +61918,8 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7)
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
cleanup: cleanup:
if (p7->rng == &rng) { if (output)
wc_FreeRng(&rng);
p7->rng = NULL;
}
if (output) {
XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
return ret; return ret;
} }

162
tests/api.c
View File

@ -313,6 +313,7 @@
#include <wolfssl/openssl/hmac.h> #include <wolfssl/openssl/hmac.h>
#include <wolfssl/openssl/objects.h> #include <wolfssl/openssl/objects.h>
#include <wolfssl/openssl/rand.h> #include <wolfssl/openssl/rand.h>
#include <wolfssl/openssl/modes.h>
#ifdef OPENSSL_ALL #ifdef OPENSSL_ALL
#include <wolfssl/openssl/txt_db.h> #include <wolfssl/openssl/txt_db.h>
#include <wolfssl/openssl/lhash.h> #include <wolfssl/openssl/lhash.h>
@ -34284,7 +34285,7 @@ static void test_wolfSSL_BN(void)
/* check result 3*2 */ /* check result 3*2 */
AssertIntEQ(BN_get_word(d), 6); AssertIntEQ(BN_get_word(d), 6);
/* c/b = */ /* c/b => db + a */
AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE); AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE);
AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS); AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS);
@ -34313,6 +34314,14 @@ static void test_wolfSSL_BN(void)
AssertIntEQ(BN_get_word(d), 8); AssertIntEQ(BN_get_word(d), 8);
#endif /* WOLFSSL_KEY_GEN */ #endif /* WOLFSSL_KEY_GEN */
AssertIntEQ(BN_set_word(a, 1 << 6), SSL_SUCCESS);
AssertIntEQ(BN_rshift(b, a, 6), SSL_SUCCESS);
AssertIntEQ(BN_is_zero(b), 0);
AssertIntEQ(BN_rshift(b, a, 7), SSL_SUCCESS);
AssertIntEQ(BN_is_zero(b), 1);
AssertIntEQ(BN_rshift1(b, a), SSL_SUCCESS);
AssertIntEQ(BN_is_zero(b), 0);
/* set b back to 2 */ /* set b back to 2 */
AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS); AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
@ -36802,6 +36811,7 @@ static void test_wolfSSL_BN_rand(void)
{ {
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
BIGNUM* bn; BIGNUM* bn;
BIGNUM* range;
printf(testingFmt, "wolfSSL_BN_rand()"); printf(testingFmt, "wolfSSL_BN_rand()");
@ -36817,6 +36827,13 @@ static void test_wolfSSL_BN_rand(void)
AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS); AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS);
BN_free(bn); BN_free(bn);
AssertNotNull(bn = BN_new());
AssertNotNull(range = BN_new());
AssertIntEQ(BN_rand(range, 64, 0, 0), SSL_SUCCESS);
AssertIntEQ(BN_rand_range(bn, range), SSL_SUCCESS);
BN_free(bn);
BN_free(range);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif
} }
@ -37558,6 +37575,7 @@ static void test_wolfSSL_OBJ(void)
!defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \ !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
defined(WOLFSSL_CERT_GEN) defined(WOLFSSL_CERT_GEN)
ASN1_OBJECT *obj = NULL; ASN1_OBJECT *obj = NULL;
ASN1_OBJECT *obj2 = NULL;
char buf[50]; char buf[50];
XFILE fp; XFILE fp;
@ -37600,7 +37618,10 @@ static void test_wolfSSL_OBJ(void)
AssertIntEQ(OBJ_txt2nid(buf), NID_sha256); AssertIntEQ(OBJ_txt2nid(buf), NID_sha256);
#endif #endif
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
AssertNotNull(obj2 = OBJ_dup(obj));
AssertIntEQ(OBJ_cmp(obj, obj2), 0);
ASN1_OBJECT_free(obj); ASN1_OBJECT_free(obj);
ASN1_OBJECT_free(obj2);
for (i = 0; f[i] != NULL; i++) for (i = 0; f[i] != NULL; i++)
{ {
@ -41791,8 +41812,6 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
int keySzN = -1; int keySzN = -1;
byte out[AES_BLOCK_SIZE] = {0}; byte out[AES_BLOCK_SIZE] = {0};
byte* outN = NULL; byte* outN = NULL;
const int enc1 = AES_ENCRYPT;
const int enc2 = AES_DECRYPT;
/* Test vectors retrieved from: /* Test vectors retrieved from:
* <begin URL> * <begin URL>
@ -41828,15 +41847,15 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
#define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE) #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()"); printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()");
STRESS_T(pt128N, out, len, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0); STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
STRESS_T(pt128, out, len, &aes, iv128N, enc1, ct128, AES_BLOCK_SIZE, 0); STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0);
wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, enc1); wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, 1);
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, enc1); wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, 1);
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
STRESS_T(pt128, out, lenB, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0); STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
printf(resultFmt, "Stress Tests: passed"); printf(resultFmt, "Stress Tests: passed");
printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key"); printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key");
@ -41860,7 +41879,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
RESET_IV(iv128tmp, iv128); RESET_IV(iv128tmp, iv128);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, enc1); wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, 1);
AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -41872,7 +41891,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
len = sizeof(ct128); len = sizeof(ct128);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, enc2); wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, 0);
AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -41905,7 +41924,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
RESET_IV(iv192tmp, iv192); RESET_IV(iv192tmp, iv192);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, enc1); wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, 1);
AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -41917,7 +41936,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
XMEMSET(out, 0, AES_BLOCK_SIZE); XMEMSET(out, 0, AES_BLOCK_SIZE);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, enc2); wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, 0);
AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -41950,7 +41969,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
RESET_IV(iv256tmp, iv256); RESET_IV(iv256tmp, iv256);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, enc1); wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, 1);
AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -41962,7 +41981,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
XMEMSET(out, 0, AES_BLOCK_SIZE); XMEMSET(out, 0, AES_BLOCK_SIZE);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, enc2); wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, 0);
AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -42005,6 +42024,90 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
#endif #endif
} }
static void test_wolfSSL_CRYPTO_cts128(void)
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) \
&& defined(HAVE_CTS)
byte tmp[64]; /* Largest vector size */
/* Test vectors taken form RFC3962 Appendix B */
const testVector vects[] = {
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20",
"\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
"\x97",
17, 17
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
"\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
31, 31
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
32, 32
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
47, 47
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
48, 48
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
64, 64
}
};
byte keyBytes[AES_128_KEY_SIZE] = {
0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
};
size_t i;
XMEMSET(tmp, 0, sizeof(tmp));
for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) {
AES_KEY encKey;
AES_KEY decKey;
byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */
XMEMSET(iv, 0, sizeof(iv));
AssertIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &encKey), 0);
AssertIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &decKey), 0);
AssertIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input,
tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt),
vects[i].outLen);
AssertIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0);
XMEMSET(iv, 0, sizeof(iv));
AssertIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output,
tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt),
vects[i].inLen);
AssertIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0);
}
#endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */
}
#if defined(OPENSSL_ALL) #if defined(OPENSSL_ALL)
#if !defined(NO_ASN) #if !defined(NO_ASN)
static void test_wolfSSL_ASN1_STRING_to_UTF8(void) static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
@ -46120,6 +46223,31 @@ static void test_sk_X509(void)
#endif #endif
} }
static void test_sk_X509_CRL(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(HAVE_CRL)
X509_CRL* crl;
XFILE fp;
STACK_OF(X509_CRL)* s;
printf(testingFmt, "test_sk_X509_CRL");
fp = XFOPEN("./certs/crl/crl.pem", "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
XFCLOSE(fp);
AssertNotNull(s = sk_X509_CRL_new());
AssertIntEQ(sk_X509_CRL_num(s), 0);
AssertIntEQ(sk_X509_CRL_push(s, crl), 1);
AssertIntEQ(sk_X509_CRL_num(s), 1);
AssertPtrEq(sk_X509_CRL_value(s, 0), crl);
sk_X509_CRL_free(s);
printf(resultFmt, passed);
#endif
}
static void test_X509_get_signature_nid(void) static void test_X509_get_signature_nid(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
@ -46241,6 +46369,7 @@ static void test_wolfssl_PKCS7(void)
BIO* bio; BIO* bio;
byte key[sizeof(client_key_der_2048)]; byte key[sizeof(client_key_der_2048)];
word32 keySz = (word32)sizeof(key); word32 keySz = (word32)sizeof(key);
byte* out = NULL;
#endif #endif
AssertIntGT((len = CreatePKCS7SignedData(data, len, content, AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
@ -46276,6 +46405,8 @@ static void test_wolfssl_PKCS7(void)
pkcs7->hashOID = SHAh; pkcs7->hashOID = SHAh;
AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1); AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
AssertIntEQ(i2d_PKCS7(pkcs7, &out), 644);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
BIO_free(bio); BIO_free(bio);
#endif #endif
@ -51975,6 +52106,7 @@ void ApiTest(void)
test_wolfSSL_DC_cert(); test_wolfSSL_DC_cert();
test_wolfSSL_DES_ncbc(); test_wolfSSL_DES_ncbc();
test_wolfSSL_AES_cbc_encrypt(); test_wolfSSL_AES_cbc_encrypt();
test_wolfSSL_CRYPTO_cts128();
test_wolfssl_EVP_aes_gcm_AAD_2_parts(); test_wolfssl_EVP_aes_gcm_AAD_2_parts();
test_wolfssl_EVP_aes_gcm(); test_wolfssl_EVP_aes_gcm();
test_wolfSSL_PKEY_up_ref(); test_wolfSSL_PKEY_up_ref();
@ -52109,6 +52241,8 @@ void ApiTest(void)
test_ERR_load_crypto_strings(); test_ERR_load_crypto_strings();
/* OpenSSL sk_X509 API test */ /* OpenSSL sk_X509 API test */
test_sk_X509(); test_sk_X509();
/* OpenSSL sk_X509_CRL API test */
test_sk_X509_CRL();
/* OpenSSL X509 API test */ /* OpenSSL X509 API test */
test_X509_get_signature_nid(); test_X509_get_signature_nid();
/* OpenSSL X509 REQ API test */ /* OpenSSL X509 REQ API test */

15
wolfcrypt/src/evp.c
View File

@ -658,6 +658,11 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
int fill; int fill;
WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate"); WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate");
if (inl == 0 && in == NULL ) {
/* Nothing to do in this case. Just return. */
return WOLFSSL_SUCCESS;
}
if ((ctx == NULL) || (inl < 0) || (outl == NULL)|| (in == NULL)) { if ((ctx == NULL) || (inl < 0) || (outl == NULL)|| (in == NULL)) {
WOLFSSL_MSG("Bad argument"); WOLFSSL_MSG("Bad argument");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@ -7245,6 +7250,11 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
if (XSTRNCMP(type, "SHA256", 6) == 0) { if (XSTRNCMP(type, "SHA256", 6) == 0) {
return WC_SHA256_BLOCK_SIZE; return WC_SHA256_BLOCK_SIZE;
} }
#ifndef NO_MD4
else if (XSTRNCMP(type, "MD4", 3) == 0) {
return MD4_BLOCK_SIZE;
}
#endif
#ifndef NO_MD5 #ifndef NO_MD5
else if (XSTRNCMP(type, "MD5", 3) == 0) { else if (XSTRNCMP(type, "MD5", 3) == 0) {
return WC_MD5_BLOCK_SIZE; return WC_MD5_BLOCK_SIZE;
@ -7309,6 +7319,11 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
if (XSTRNCMP(type, "SHA256", 6) == 0) { if (XSTRNCMP(type, "SHA256", 6) == 0) {
return WC_SHA256_DIGEST_SIZE; return WC_SHA256_DIGEST_SIZE;
} }
#ifndef NO_MD4
else if (XSTRNCMP(type, "MD4", 3) == 0) {
return MD4_DIGEST_SIZE;
}
#endif
#ifndef NO_MD5 #ifndef NO_MD5
else if (XSTRNCMP(type, "MD5", 3) == 0) { else if (XSTRNCMP(type, "MD5", 3) == 0) {
return WC_MD5_DIGEST_SIZE; return WC_MD5_DIGEST_SIZE;

4
wolfssl/internal.h
View File

@ -3807,7 +3807,8 @@ typedef enum {
STACK_TYPE_BY_DIR_entry = 12, STACK_TYPE_BY_DIR_entry = 12,
STACK_TYPE_BY_DIR_hash = 13, STACK_TYPE_BY_DIR_hash = 13,
STACK_TYPE_X509_OBJ = 14, STACK_TYPE_X509_OBJ = 14,
STACK_TYPE_DIST_POINT = 15 STACK_TYPE_DIST_POINT = 15,
STACK_TYPE_X509_CRL = 16,
} WOLF_STACK_TYPE; } WOLF_STACK_TYPE;
struct WOLFSSL_STACK { struct WOLFSSL_STACK {
@ -3838,6 +3839,7 @@ struct WOLFSSL_STACK {
WOLFSSL_BY_DIR_HASH* dir_hash; WOLFSSL_BY_DIR_HASH* dir_hash;
WOLFSSL_X509_OBJECT* x509_obj; WOLFSSL_X509_OBJECT* x509_obj;
WOLFSSL_DIST_POINT* dp; WOLFSSL_DIST_POINT* dp;
WOLFSSL_X509_CRL* crl;
} data; } data;
void* heap; /* memory heap hint */ void* heap; /* memory heap hint */
WOLFSSL_STACK* next; WOLFSSL_STACK* next;

17
wolfssl/openssl/asn1.h
View File

@ -26,15 +26,16 @@
#include <wolfssl/openssl/ssl.h> #include <wolfssl/openssl/ssl.h>
#define ASN1_STRING_new wolfSSL_ASN1_STRING_new #define ASN1_STRING_new wolfSSL_ASN1_STRING_new
#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new #define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new
#define ASN1_STRING_type wolfSSL_ASN1_STRING_type #define ASN1_STRING_type wolfSSL_ASN1_STRING_type
#define ASN1_STRING_set wolfSSL_ASN1_STRING_set #define ASN1_STRING_set wolfSSL_ASN1_STRING_set
#define ASN1_STRING_free wolfSSL_ASN1_STRING_free #define ASN1_OCTET_STRING_set wolfSSL_ASN1_STRING_set
#define ASN1_STRING_free wolfSSL_ASN1_STRING_free
#define ASN1_get_object wolfSSL_ASN1_get_object #define ASN1_get_object wolfSSL_ASN1_get_object
#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT #define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT
#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT #define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT
#define V_ASN1_INTEGER 0x02 #define V_ASN1_INTEGER 0x02
#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ #define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */

3
wolfssl/openssl/bn.h
View File

@ -104,6 +104,7 @@ WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n);
WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top, WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top,
int bottom); int bottom);
WOLFSSL_API int wolfSSL_BN_rand_range(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *range);
WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom); WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom);
WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n); WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n);
WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str); WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
@ -187,6 +188,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
#define BN_pseudo_rand wolfSSL_BN_pseudo_rand #define BN_pseudo_rand wolfSSL_BN_pseudo_rand
#define BN_rand wolfSSL_BN_rand #define BN_rand wolfSSL_BN_rand
#define BN_rand_range wolfSSL_BN_rand_range
#define BN_is_bit_set wolfSSL_BN_is_bit_set #define BN_is_bit_set wolfSSL_BN_is_bit_set
#define BN_hex2bn wolfSSL_BN_hex2bn #define BN_hex2bn wolfSSL_BN_hex2bn
@ -213,6 +215,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
#define BN_is_prime_ex wolfSSL_BN_is_prime_ex #define BN_is_prime_ex wolfSSL_BN_is_prime_ex
#define BN_print_fp wolfSSL_BN_print_fp #define BN_print_fp wolfSSL_BN_print_fp
#define BN_rshift wolfSSL_BN_rshift #define BN_rshift wolfSSL_BN_rshift
#define BN_rshift1(r, a) wolfSSL_BN_rshift((r), (a), 1)
#define BN_mod_word wolfSSL_BN_mod_word #define BN_mod_word wolfSSL_BN_mod_word
#define BN_CTX_get wolfSSL_BN_CTX_get #define BN_CTX_get wolfSSL_BN_CTX_get

1
wolfssl/openssl/include.am
View File

@ -30,6 +30,7 @@ nobase_include_HEADERS+= \
wolfssl/openssl/lhash.h \ wolfssl/openssl/lhash.h \
wolfssl/openssl/md4.h \ wolfssl/openssl/md4.h \
wolfssl/openssl/md5.h \ wolfssl/openssl/md5.h \
wolfssl/openssl/modes.h \
wolfssl/openssl/ripemd.h \ wolfssl/openssl/ripemd.h \
wolfssl/openssl/obj_mac.h \ wolfssl/openssl/obj_mac.h \
wolfssl/openssl/objects.h \ wolfssl/openssl/objects.h \

45
wolfssl/openssl/modes.h 100644
View File

@ -0,0 +1,45 @@
/* modes.h
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_OPENSSL_MODES_H
#define WOLFSSL_OPENSSL_MODES_H
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/openssl/ssl.h>
typedef void (*WOLFSSL_CBC128_CB) (const unsigned char *in,
unsigned char *out, size_t len, const void *key,
unsigned char *iv, int enc);
WOLFSSL_API size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
unsigned char *out, size_t len, const void *key,
unsigned char *iv, WOLFSSL_CBC128_CB cbc);
WOLFSSL_API size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
unsigned char *out, size_t len, const void *key,
unsigned char *iv, WOLFSSL_CBC128_CB cbc);
#define WOLFSSL_CTS128_BLOCK_SZ 16
/* Compatibility layer defines */
#define CRYPTO_cts128_encrypt wolfSSL_CRYPTO_cts128_encrypt
#define CRYPTO_cts128_decrypt wolfSSL_CRYPTO_cts128_decrypt
#define cbc128_f WOLFSSL_CBC128_CB
#endif /* WOLFSSL_OPENSSL_MODES_H */

2
wolfssl/openssl/opensslv.h
View File

@ -32,7 +32,7 @@
/* valid version */ /* valid version */
#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \ #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \
defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_RSYSLOG) defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB)
/* For Apache httpd, Use 1.1.0 compatibility */ /* For Apache httpd, Use 1.1.0 compatibility */
#define OPENSSL_VERSION_NUMBER 0x10100003L #define OPENSSL_VERSION_NUMBER 0x10100003L
#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) #elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON)

2
wolfssl/openssl/pkcs7.h
View File

@ -56,6 +56,7 @@ WOLFSSL_LOCAL PKCS7* wolfSSL_d2i_PKCS7_ex(PKCS7** p7, const unsigned char** in,
int len, byte* content, word32 contentSz); int len, byte* content, word32 contentSz);
WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7); WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7);
WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7); WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7);
WOLFSSL_API int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out);
WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs, WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs,
WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags); WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags);
WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs, WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs,
@ -76,6 +77,7 @@ WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, WOLFSSL_BIO** bcont
#define d2i_PKCS7 wolfSSL_d2i_PKCS7 #define d2i_PKCS7 wolfSSL_d2i_PKCS7
#define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio #define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio
#define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio #define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio
#define i2d_PKCS7 wolfSSL_i2d_PKCS7
#define PKCS7_verify wolfSSL_PKCS7_verify #define PKCS7_verify wolfSSL_PKCS7_verify
#define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers #define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers
#define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7 #define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7

12
wolfssl/openssl/ssl.h
View File

@ -422,6 +422,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 #define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509
#define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX #define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX
#define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio #define PEM_X509_INFO_read_bio wolfSSL_PEM_X509_INFO_read_bio
#define PEM_X509_INFO_read wolfSSL_PEM_X509_INFO_read
#define i2d_PrivateKey wolfSSL_i2d_PrivateKey #define i2d_PrivateKey wolfSSL_i2d_PrivateKey
#define i2d_PublicKey wolfSSL_i2d_PublicKey #define i2d_PublicKey wolfSSL_i2d_PublicKey
@ -530,6 +531,13 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_free wolfSSL_sk_X509_free #define sk_X509_free wolfSSL_sk_X509_free
#define X509_chain_up_ref wolfSSL_X509_chain_up_ref #define X509_chain_up_ref wolfSSL_X509_chain_up_ref
#define sk_X509_CRL_new wolfSSL_sk_X509_CRL_new
#define sk_X509_CRL_pop_free wolfSSL_sk_X509_CRL_pop_free
#define sk_X509_CRL_free wolfSSL_sk_X509_CRL_free
#define sk_X509_CRL_push wolfSSL_sk_X509_CRL_push
#define sk_X509_CRL_value wolfSSL_sk_X509_CRL_value
#define sk_X509_CRL_num wolfSSL_sk_X509_CRL_num
#define sk_X509_OBJECT_new wolfSSL_sk_X509_OBJECT_new #define sk_X509_OBJECT_new wolfSSL_sk_X509_OBJECT_new
#define sk_X509_OBJECT_free wolfSSL_sk_X509_OBJECT_free #define sk_X509_OBJECT_free wolfSSL_sk_X509_OBJECT_free
#define sk_X509_OBJECT_pop_free wolfSSL_sk_X509_OBJECT_pop_free #define sk_X509_OBJECT_pop_free wolfSSL_sk_X509_OBJECT_pop_free
@ -823,8 +831,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT #define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT
#define ASN1_STRING_new wolfSSL_ASN1_STRING_new #define ASN1_STRING_new wolfSSL_ASN1_STRING_new
#define ASN1_OCTET_STRING_new wolfSSL_ASN1_STRING_new
#define ASN1_STRING_free wolfSSL_ASN1_STRING_free #define ASN1_STRING_free wolfSSL_ASN1_STRING_free
#define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp #define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp
#define ASN1_OCTET_STRING_cmp wolfSSL_ASN1_STRING_cmp
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data #define ASN1_STRING_data wolfSSL_ASN1_STRING_data
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_get0_data #define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_get0_data
#define ASN1_STRING_length wolfSSL_ASN1_STRING_length #define ASN1_STRING_length wolfSSL_ASN1_STRING_length
@ -1590,6 +1600,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define sk_SSL_COMP_free(...) #define sk_SSL_COMP_free(...)
#endif #endif
#define OBJ_dup wolfSSL_ASN1_OBJECT_dup
#define SSL_set_psk_use_session_callback wolfSSL_set_psk_use_session_callback #define SSL_set_psk_use_session_callback wolfSSL_set_psk_use_session_callback
#define SSL_SESSION_is_resumable wolfSSL_SESSION_is_resumable #define SSL_SESSION_is_resumable wolfSSL_SESSION_is_resumable
typedef WOLFSSL_CONF_CTX SSL_CONF_CTX; typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;

20
wolfssl/ssl.h
View File

@ -1350,8 +1350,19 @@ typedef WOLF_STACK_OF(WOLFSSL_DIST_POINT) WOLFSSL_DIST_POINTS;
WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
WOLFSSL_X509* x509); WOLFSSL_X509* x509);
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509)* sk);
WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new(void);
WOLFSSL_API void wolfSSL_sk_X509_CRL_pop_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk,
void (*f) (WOLFSSL_X509_CRL*));
WOLFSSL_API void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk);
WOLFSSL_API int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk,
WOLFSSL_X509_CRL* crl);
WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_sk_X509_CRL_value(
WOLF_STACK_OF(WOLFSSL_X509)* sk, int i);
WOLFSSL_API int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk);
WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void); WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void);
WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn); WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn);
WOLFSSL_API int wolfSSL_GENERAL_NAME_set_type(WOLFSSL_GENERAL_NAME* name, WOLFSSL_API int wolfSSL_GENERAL_NAME_set_type(WOLFSSL_GENERAL_NAME* name,
@ -4101,6 +4112,11 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **x, wc_pem_password_cb *cb, void *u); WOLFSSL_X509_CRL **x, wc_pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u); (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u);
#ifndef NO_FILESYSTEM
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
pem_password_cb* cb, void* u);
#endif
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio( WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
wc_pem_password_cb* cb, void* u); wc_pem_password_cb* cb, void* u);