WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8182 from dgarske/no_compat_headers 

Support for building without wolfssl/openssl header files
pull/8208/head
JacobBarthelmeh 2024-11-20 21:33:18 -07:00 committed by GitHub
parent be70bea687 6be70f9230
commit c06f65a8ac
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 563 additions and 483 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.wolfssl_known_macro_extras
View File

@ -205,6 +205,7 @@ HAVE_AESGCM_DECRYPT
HAVE_BYTEREVERSE64
HAVE_CERTIFICATE_STATUS_V2
HAVE_COLDFIRE_SEC
HAVE_CRL_UPDATE_CB
HAVE_CSHARP
HAVE_CURL
HAVE_CURVE22519
@ -215,6 +216,8 @@ HAVE_ECC512
HAVE_ECC_CDH_CAST
HAVE_ECC_SM2
HAVE_ESP_CLK
HAVE_EX_DATA_CRYPTO
HAVE_EX_DATA_CLEANUP_HOOKS
HAVE_FACON
HAVE_FIPS_VERSION_PORT
HAVE_FUZZER

1
configure.ac
View File

@ -9859,6 +9859,7 @@ fi
# Some of these affect build targets and objects, some trigger different
# test scripts for make check.
AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"])
AM_CONDITIONAL([BUILD_OPENSSL_COMPAT],[test "x$ENABLED_OPENSSLEXTRA" != "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"])
AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"])
AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])

3
examples/client/client.c
View File

@ -3765,7 +3765,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef NO_PSK
if (usePsk) {
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(TEST_PSK_USE_SESSION)
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \
defined(TEST_PSK_USE_SESSION)
SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb);
#endif
}

13
examples/server/server.c
View File

@ -35,6 +35,13 @@
#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
#undef OPENSSL_COEXIST /* can't use this option with this example */
/* Force enable the compatibility macros for this example */
#ifndef OPENSSL_EXTRA_X509_SMALL
#define OPENSSL_EXTRA_X509_SMALL
#endif
#include <wolfssl/openssl/ssl.h>
#undef OPENSSL_EXTRA_X509_SMALL
#include <wolfssl/ssl.h> /* name change portability layer */
#ifdef HAVE_ECC
@ -66,12 +73,6 @@ static const char *wolfsentry_config_path = NULL;
#include <wolfssl/test.h>
#include <wolfssl/error-ssl.h>
/* Force enable the compatibility macros for this example */
#ifndef OPENSSL_EXTRA_X509_SMALL
#define OPENSSL_EXTRA_X509_SMALL
#endif
#include <wolfssl/openssl/ssl.h>
#include "examples/server/server.h"
#ifndef NO_WOLFSSL_SERVER

2
src/internal.c
View File

@ -22476,7 +22476,7 @@ int SendChangeCipher(WOLFSSL* ssl)
if (ssl->CBIS != NULL)
ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS);
}
else{
else {
ssl->options.clientState =
CLIENT_CHANGECIPHERSPEC_COMPLETE;
if (ssl->CBIS != NULL)

99
src/ssl.c
View File

@ -10537,11 +10537,7 @@ int wolfSSL_Cleanup(void)
#endif
#endif
#if defined(HAVE_EX_DATA) && \
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
defined(WOLFSSL_WPAS_SMALL)
#ifdef HAVE_EX_DATA_CRYPTO
crypto_ex_cb_free(crypto_ex_cb_ctx_session);
crypto_ex_cb_ctx_session = NULL;
#endif
@ -17435,6 +17431,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
}
#endif
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
#ifndef NO_CERTS
@ -17893,7 +17890,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
#define WOLFSSL_OBJECT_INFO_SZ \
(sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info))
const size_t wolfssl_object_info_sz = WOLFSSL_OBJECT_INFO_SZ;
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* Free the dynamically allocated data.
@ -19676,11 +19673,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
#endif /* OPENSSL_EXTRA */
#if defined(HAVE_EX_DATA) && \
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
defined(WOLFSSL_WPAS_SMALL)
#ifdef HAVE_EX_DATA_CRYPTO
CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session = NULL;
static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr,
@ -19818,23 +19811,9 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr,
return WOLFSSL_FATAL_ERROR;
return idx;
}
#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */
#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
{
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
#ifdef HAVE_EX_DATA
if(ctx != NULL) {
return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
}
#else
(void)ctx;
(void)idx;
#endif
return NULL;
}
#endif /* HAVE_EX_DATA_CRYPTO */
#ifdef HAVE_EX_DATA_CRYPTO
int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func,
@ -19860,21 +19839,35 @@ int wolfSSL_get_ex_new_index(long argValue, void* arg,
return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, argValue, arg,
cb1, cb2, cb3);
}
#endif /* HAVE_EX_DATA_CRYPTO */
#ifdef OPENSSL_EXTRA
void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
{
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
#ifdef HAVE_EX_DATA
if (ctx != NULL) {
return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
}
#else
(void)ctx;
(void)idx;
#endif
return NULL;
}
int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
{
WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
#ifdef HAVE_EX_DATA
if (ctx != NULL)
{
#ifdef HAVE_EX_DATA
if (ctx != NULL) {
return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
}
#else
#else
(void)ctx;
(void)idx;
(void)data;
#endif
#endif
return WOLFSSL_FAILURE;
}
@ -19886,16 +19879,14 @@ int wolfSSL_CTX_set_ex_data_with_cleanup(
wolfSSL_ex_data_cleanup_routine_t cleanup_routine)
{
WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data_with_cleanup");
if (ctx != NULL)
{
if (ctx != NULL) {
return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data,
cleanup_routine);
}
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
#endif /* defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) */
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@ -19927,15 +19918,11 @@ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) {
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(HAVE_EX_DATA) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
{
WOLFSSL_ENTER("wolfSSL_set_ex_data");
#ifdef HAVE_EX_DATA
if (ssl != NULL)
{
if (ssl != NULL) {
return wolfSSL_CRYPTO_set_ex_data(&ssl->ex_data, idx, data);
}
#else
@ -19979,8 +19966,6 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
return 0;
}
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
@ -21239,9 +21224,7 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
}
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK)
#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx)
{
WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_timeout");
@ -24048,21 +24031,17 @@ void *wolfSSL_CRYPTO_malloc(size_t num, const char *file, int line)
/*******************************************************************************
* START OF EX_DATA APIs
******************************************************************************/
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
(defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_OPENSSH)))
void wolfSSL_CRYPTO_cleanup_all_ex_data(void){
WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data");
}
#endif
#ifdef HAVE_EX_DATA
void wolfSSL_CRYPTO_cleanup_all_ex_data(void)
{
WOLFSSL_ENTER("wolfSSL_CRYPTO_cleanup_all_ex_data");
}
void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
{
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
WOLFSSL_ENTER("wolfSSL_CRYPTO_get_ex_data");
#ifdef MAX_EX_DATA
if(ex_data && idx < MAX_EX_DATA && idx >= 0) {
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
return ex_data->ex_data[idx];
}
#else
@ -24080,6 +24059,8 @@ int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
if (ex_data->ex_data_cleanup_routines[idx]) {
/* call cleanup then remove cleanup callback,
* since different value is being set */
if (ex_data->ex_data[idx])
ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]);
ex_data->ex_data_cleanup_routines[idx] = NULL;
@ -24114,7 +24095,9 @@ int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
#endif /* HAVE_EX_DATA */
#ifdef HAVE_EX_DATA_CRYPTO
/**
* Issues unique index for the class specified by class_index.
* Other parameter except class_index are ignored.
@ -24140,7 +24123,7 @@ int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
return wolfssl_get_ex_new_index(class_index, argl, argp, new_func,
dup_func, free_func);
}
#endif /* HAVE_EX_DATA */
#endif /* HAVE_EX_DATA_CRYPTO */
/*******************************************************************************
* END OF EX_DATA APIs

2
src/ssl_certman.c
View File

@ -624,7 +624,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc)
cm->verifyCallback = vc;
}
}
#endif /* NO_WOLFSSL_CM_VERIFY */
#endif /* !NO_WOLFSSL_CM_VERIFY */
#ifdef WC_ASN_UNKNOWN_EXT_CB
void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm,

35
src/ssl_sess.c
View File

@ -191,7 +191,7 @@
void EvictSessionFromCache(WOLFSSL_SESSION* session)
{
#ifdef HAVE_EX_DATA
int save_ownExData = session->ownExData;
byte save_ownExData = session->ownExData;
session->ownExData = 1; /* Make sure ex_data access doesn't lead back
* into the cache. */
#endif
@ -1120,7 +1120,9 @@ static int TlsSessionCacheGetAndLock(const byte *id,
#else
s = &sessRow->Sessions[idx];
#endif
if (s && XMEMCMP(s->sessionID, id, ID_LEN) == 0 && s->side == side) {
/* match session ID value and length */
if (s && s->sessionIDSz == ID_LEN && s->side == side &&
XMEMCMP(s->sessionID, id, ID_LEN) == 0) {
*sess = s;
break;
}
@ -1839,7 +1841,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
}
preallocNonceLen = addSession->ticketNonce.len;
}
#endif /* WOLFSSL_TLS13 && WOLFSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */
#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/
#endif /* HAVE_SESSION_TICKET */
/* Find a position for the new session in cache and use that */
@ -1916,7 +1918,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession,
cacheSession = &sessRow->Sessions[idx];
#endif
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
if (overwrite) {
/* Figure out who owns the ex_data */
if (cacheSession->ownExData) {
@ -3108,7 +3110,7 @@ long wolfSSL_SESSION_set_time(WOLFSSL_SESSION *ses, long t)
return t;
}
#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */
#endif /* !NO_SESSION_CACHE && (OPENSSL_EXTRA || HAVE_EXT_CACHE) */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(HAVE_EX_DATA)
@ -3682,10 +3684,12 @@ WOLFSSL_SESSION* wolfSSL_NewSession(void* heap)
#endif
#ifdef HAVE_EX_DATA
ret->ownExData = 1;
#ifdef HAVE_EX_DATA_CRYPTO
if (crypto_ex_cb_ctx_session != NULL) {
crypto_ex_cb_setup_new_data(ret, crypto_ex_cb_ctx_session,
&ret->ex_data);
}
#endif
#endif
}
return ret;
@ -3739,7 +3743,7 @@ int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session)
* @param ticketNonceBuf If not null and @avoidSysCalls is true, the copy of the
* ticketNonce will happen in this pre allocated buffer
* @param ticketNonceLen @ticketNonceBuf len as input, used length on output
* @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket noncet
* @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket nonce
* @return WOLFSSL_SUCCESS on success
* WOLFSSL_FAILURE on failure
*/
@ -3964,7 +3968,7 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input,
#endif /* HAVE_SESSION_TICKET */
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
if (input->type != WOLFSSL_SESSION_TYPE_CACHE &&
output->type != WOLFSSL_SESSION_TYPE_CACHE) {
/* Not called with cache as that passes ownership of ex_data */
@ -4044,7 +4048,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
WOLFSSL_MSG("wolfSSL_FreeSession full free");
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
if (session->ownExData) {
crypto_ex_cb_free_data(session, crypto_ex_cb_ctx_session,
&session->ex_data);
@ -4230,8 +4234,7 @@ const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(HAVE_EX_DATA)
#ifdef HAVE_EX_DATA
int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
{
@ -4301,13 +4304,8 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
#endif
return ret;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_EX_DATA */
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
(defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func)
@ -4316,9 +4314,8 @@ int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, ctx_l,
ctx_ptr, new_func, dup_func, free_func);
}
#endif
#endif
#endif /* HAVE_EX_DATA_CRYPTO */
#endif /* HAVE_EX_DATA */
#if defined(OPENSSL_ALL) || \
defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \

14
src/x509.c
View File

@ -14055,10 +14055,7 @@ int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
#endif /* OPENSSL_EXTRA */
#if defined(HAVE_EX_DATA) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) \
|| defined(HAVE_LIGHTY))
#ifdef HAVE_EX_DATA_CRYPTO
int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func,
@ -14071,8 +14068,7 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
}
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(WOLFSSL_WPAS_SMALL)
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx)
{
WOLFSSL_ENTER("wolfSSL_X509_get_ex_data");
@ -14091,8 +14087,7 @@ int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, void *data)
{
WOLFSSL_ENTER("wolfSSL_X509_set_ex_data");
#ifdef HAVE_EX_DATA
if (x509 != NULL)
{
if (x509 != NULL) {
return wolfSSL_CRYPTO_set_ex_data(&x509->ex_data, idx, data);
}
#else
@ -14119,8 +14114,7 @@ int wolfSSL_X509_set_ex_data_with_cleanup(
return WOLFSSL_FAILURE;
}
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifndef NO_ASN

31
tests/api.c
View File

@ -65136,7 +65136,7 @@ static int test_wolfSSL_X509(void)
ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
ExpectNotNull(x509);
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0);
#endif
ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1));
@ -71980,15 +71980,12 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
!defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \
!defined(WOLFSSL_NO_TLS12)
WOLFSSL_CTX* ctx = NULL;
callback_functions server_cbf, client_cbf;
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
/* force server side to use TLS 1.2 */
server_cbf.ctx = ctx;
server_cbf.method = wolfTLSv1_2_server_method;
client_cbf.method = wolfSSLv23_client_method;
@ -72000,9 +71997,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
/* set the previously created session and wait till expired */
server_cbf.ctx = ctx;
client_cbf.method = wolfSSLv23_client_method;
server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_wait;
@ -72013,9 +72007,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
/* set the previously created expired session */
server_cbf.ctx = ctx;
client_cbf.method = wolfSSLv23_client_method;
server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_set;
@ -72027,8 +72018,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);
wolfSSL_SESSION_free(test_wolfSSL_SESSION_expire_sess);
wolfSSL_CTX_free(ctx);
#endif
return EXPECT_RESULT();
}
@ -72112,8 +72101,8 @@ static int SessRemSslSetupCb(WOLFSSL* ssl)
else {
side = &sessRemCtx_Client;
(void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountMalloc, 1);
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
!defined(NO_SESSION_CACHE_REF)
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
!defined(NO_SESSION_CACHE_REF)
ExpectNotNull(clientSess = SSL_get1_session(ssl));
ExpectIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)),
SSL_SUCCESS);
@ -85326,8 +85315,8 @@ static int test_wolfSSL_X509_print(void)
static int test_wolfSSL_X509_CRL_print(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL)\
&& !defined(NO_FILESYSTEM) && defined(XSNPRINTF)
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
!defined(NO_RSA) && !defined(NO_FILESYSTEM) && defined(XSNPRINTF)
X509_CRL* crl = NULL;
BIO *bio = NULL;
XFILE fp = XBADFILE;
@ -92164,7 +92153,7 @@ static int test_CONF_CTX_FILE(void)
static int test_wolfSSL_CRYPTO_get_ex_new_index(void)
{
EXPECT_DECLS;
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA_CRYPTO
int idx1, idx2;
/* test for unsupported class index */
@ -92229,15 +92218,11 @@ static int test_wolfSSL_CRYPTO_get_ex_new_index(void)
ExpectIntNE(idx1, -1);
ExpectIntNE(idx2, -1);
ExpectIntNE(idx1, idx2);
#endif /* HAVE_EX_DATA */
#endif /* HAVE_EX_DATA_CRYPTO */
return EXPECT_RESULT();
}
#if defined(HAVE_EX_DATA) && defined(HAVE_EXT_CACHE) && \
(defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
(defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))))
#if defined(HAVE_EX_DATA_CRYPTO) && defined(OPENSSL_EXTRA)
#define SESSION_NEW_IDX_LONG 0xDEADBEEF
#define SESSION_NEW_IDX_VAL ((void*)0xAEADAEAD)

13
wolfcrypt/src/signature.c
View File

@ -48,6 +48,16 @@
/* Signature wrapper disabled check */
#ifndef NO_SIG_WRAPPER
#if !defined(NO_RSA) && defined(NO_ASN)
#ifndef MAX_DER_DIGEST_ASN_SZ
#define MAX_DER_DIGEST_ASN_SZ 36
#endif
#ifndef MAX_ENCODED_SIG_SZ
#define MAX_ENCODED_SIG_SZ 1024 /* Supports 8192 bit keys */
#endif
#endif
#if !defined(NO_RSA) && defined(WOLFSSL_CRYPTOCELL)
extern int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig,
RsaKey* key, CRYS_RSA_HASH_OpMode_t mode);
@ -225,7 +235,8 @@ int wc_SignatureVerifyHash(
WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0)
ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, &plain_ptr, (RsaKey*)key);
ret = wc_RsaSSL_VerifyInline(plain_data, sig_len,
&plain_ptr, (RsaKey*)key);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret >= 0 && plain_ptr) {
if ((word32)ret == hash_len &&

2
wolfssl/include.am
View File

@ -3,7 +3,9 @@
#
include wolfssl/wolfcrypt/include.am
if BUILD_OPENSSL_COMPAT
include wolfssl/openssl/include.am
endif
EXTRA_DIST+= wolfssl/sniffer_error.rc

25
wolfssl/internal.h
View File

@ -2786,6 +2786,7 @@ typedef struct WOLFSSL_DTLS_PEERSEQ {
#endif
} WOLFSSL_DTLS_PEERSEQ;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
struct WOLFSSL_BIO {
WOLFSSL_BUF_MEM* mem_buf;
WOLFSSL_BIO_METHOD* method;
@ -2846,6 +2847,7 @@ struct WOLFSSL_BIO {
wolfSSL_Ref ref;
#endif
};
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA)
WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr);
@ -5193,6 +5195,8 @@ typedef enum {
STACK_TYPE_X509_REQ_ATTR = 18,
} WOLF_STACK_TYPE;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
struct WOLFSSL_STACK {
unsigned long num; /* number of nodes in stack
* (safety measure for freeing and shortcut for count) */
@ -5228,6 +5232,8 @@ struct WOLFSSL_STACK {
WOLF_STACK_TYPE type; /* Identifies type of stack. */
};
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
struct WOLFSSL_X509_NAME {
char *name;
int dynamicName;
@ -5318,7 +5324,7 @@ struct WOLFSSL_X509 {
byte* rawCRLInfo;
byte* CRLInfo;
byte* authInfo;
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)
#ifdef WOLFSSL_ASN_CA_ISSUER
byte* authInfoCaIssuer;
int authInfoCaIssuerSz;
#endif
@ -6527,8 +6533,10 @@ static WC_INLINE int wolfSSL_curve_is_disabled(const WOLFSSL* ssl,
}
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
int *initTmpRng);
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifndef NO_CERTS
#ifndef NO_RSA
@ -6810,6 +6818,7 @@ WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys,
WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side);
/* Set*Internal and Set*External functions */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
@ -6825,6 +6834,7 @@ typedef enum elem_set {
WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, int elm );
WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh);
WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK))
WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
@ -7005,11 +7015,7 @@ WOLFSSL_LOCAL int GetX509Error(int e);
#endif
#endif
#if defined(HAVE_EX_DATA) && \
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \
defined(WOLFSSL_WPAS_SMALL)
#ifdef HAVE_EX_DATA_CRYPTO
typedef struct CRYPTO_EX_cb_ctx {
long ctx_l;
void *ctx_ptr;
@ -7018,6 +7024,7 @@ typedef struct CRYPTO_EX_cb_ctx {
WOLFSSL_CRYPTO_EX_dup* dup_func;
struct CRYPTO_EX_cb_ctx* next;
} CRYPTO_EX_cb_ctx;
/* use wolfSSL_API visibility to be able to clear in tests/api.c */
WOLFSSL_API extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session;
WOLFSSL_API void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx);
@ -7030,7 +7037,7 @@ WOLFSSL_LOCAL int crypto_ex_cb_dup_data(const WOLFSSL_CRYPTO_EX_DATA *in,
WOLFSSL_LOCAL int wolfssl_get_ex_new_index(int class_index, long ctx_l,
void* ctx_ptr, WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func, WOLFSSL_CRYPTO_EX_free* free_func);
#endif
#endif /* HAVE_EX_DATA_CRYPTO */
WOLFSSL_LOCAL WC_RNG* wolfssl_get_global_rng(void);
WOLFSSL_LOCAL WC_RNG* wolfssl_make_global_rng(void);
@ -7042,7 +7049,7 @@ WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER*
#endif
#endif
#if !defined(NO_RSA)
#if !defined(NO_RSA) && defined(OPENSSL_EXTRA)
WOLFSSL_LOCAL int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf,
int publicKey, void* heap);
#endif
@ -7108,11 +7115,13 @@ WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj,
const byte* der, word32 len, int addHdr);
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key,
word32* keySz);
WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key,
word32* keySz);
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef __cplusplus
} /* extern "C" */

5
wolfssl/openssl/ssl.h
View File

@ -31,6 +31,8 @@
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/openssl/compat_types.h>
/* wolfssl_openssl compatibility layer */
#ifndef OPENSSL_EXTRA_SSL_GUARD
#define OPENSSL_EXTRA_SSL_GUARD
@ -127,7 +129,8 @@
HAVE_LIGHTY || HAVE_STUNNEL || \
WOLFSSL_WPAS_SMALL */
#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
#if !defined(OPENSSL_COEXIST) && \
(defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
typedef WOLFSSL SSL;
typedef WOLFSSL_SESSION SSL_SESSION;

675
wolfssl/ssl.h
View File

@ -39,8 +39,16 @@
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/pkcs12.h>
#if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \
defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING)) || \
defined(WC_ASN_UNKNOWN_EXT_CB)
#include "wolfssl/wolfcrypt/asn.h"
#endif
/* For the types */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#include <wolfssl/openssl/compat_types.h>
#endif
#ifdef HAVE_WOLF_EVENT
#include <wolfssl/wolfcrypt/wolfevent.h>
@ -184,7 +192,9 @@ typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR;
#include <wolfssl/wolfio.h>
/* The WOLFSSL_RSA type is required in all build configurations. */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#include <wolfssl/openssl/rsa.h>
#endif
#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
typedef struct WC_RNG WC_RNG;
@ -245,7 +255,6 @@ typedef struct WOLFSSL_DIST_POINT WOLFSSL_DIST_POINT;
typedef struct WOLFSSL_CONF_CTX WOLFSSL_CONF_CTX;
typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
typedef int (*WOLFSSL_X509_STORE_CTX_get_crl_cb)(WOLFSSL_X509_STORE_CTX *,
WOLFSSL_X509_CRL **, WOLFSSL_X509 *);
typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *,
@ -476,7 +485,7 @@ struct WOLFSSL_EVP_PKEY {
union {
char* ptr; /* der format of key */
} pkey;
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifndef NO_RSA
WOLFSSL_RSA* rsa;
#endif
@ -516,6 +525,74 @@ struct WOLFSSL_EVP_PKEY {
WC_BITFIELD ownRsa:1; /* if struct owns RSA and should free it */
};
#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1
#define WOLFSSL_NO_WILDCARDS 0x2
#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4
#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8
/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */
#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40
typedef struct WOLFSSL_BUFFER_INFO {
unsigned char* buffer;
unsigned int length;
} WOLFSSL_BUFFER_INFO;
typedef struct WOLFSSL_BUF_MEM {
char* data; /* dereferenced */
size_t length; /* current length */
size_t max; /* maximum length */
} WOLFSSL_BUF_MEM;
typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *);
struct WOLFSSL_X509_STORE_CTX {
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */
#if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA)
WOLFSSL_X509* current_issuer; /* asio dereference */
#endif
WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
WOLFSSL_STACK* chain;
#ifdef OPENSSL_EXTRA
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
char* domain; /* subject CN domain name */
#ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */
#endif
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
int depth; /* used in X509_STORE_CTX_*_depth */
#endif
void* userCtx; /* user ctx */
int error; /* current error */
int error_depth; /* index of cert depth for this error */
int discardSessionCerts; /* so verify callback can flag for discard */
int totalCerts; /* number of peer cert buffers */
WOLFSSL_BUFFER_INFO* certs; /* peer certs */
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
void* heap;
int flags;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLF_STACK_OF(WOLFSSL_X509)* owned; /* Certs owned by this CTX */
WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified
* on store ctx init */
WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override
* set with
* X509_STORE_CTX_trusted_stack */
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
};
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
struct WOLFSSL_X509_PKEY {
WOLFSSL_EVP_PKEY* dec_pkey; /* dereferenced by Apache */
void* heap;
@ -582,12 +659,6 @@ enum BIO_CB_OPS {
WOLFSSL_BIO_CB_RETURN = 0x80
};
typedef struct WOLFSSL_BUF_MEM {
char* data; /* dereferenced */
size_t length; /* current length */
size_t max; /* maximum length */
} WOLFSSL_BUF_MEM;
/* custom method with user set callbacks */
typedef int (*wolfSSL_BIO_meth_write_cb)(WOLFSSL_BIO*, const char*, int);
typedef int (*wolfSSL_BIO_meth_read_cb)(WOLFSSL_BIO *, char *, int);
@ -679,13 +750,6 @@ struct WOLFSSL_X509_STORE {
word32 numAdded; /* Number of objs in objs that are in certs sk */
};
#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1
#define WOLFSSL_NO_WILDCARDS 0x2
#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4
#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8
/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */
#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000
@ -713,16 +777,6 @@ struct WOLFSSL_X509_VERIFY_PARAM {
};
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
typedef struct WOLFSSL_ALERT {
int code;
int level;
} WOLFSSL_ALERT;
typedef struct WOLFSSL_ALERT_HISTORY {
WOLFSSL_ALERT last_rx;
WOLFSSL_ALERT last_tx;
} WOLFSSL_ALERT_HISTORY;
typedef struct WOLFSSL_X509_REVOKED {
WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */
} WOLFSSL_X509_REVOKED;
@ -744,46 +798,6 @@ typedef struct WOLFSSL_X509_OBJECT {
#define WOLFSSL_ASN1_BOOLEAN int
typedef struct WOLFSSL_BUFFER_INFO {
unsigned char* buffer;
unsigned int length;
} WOLFSSL_BUFFER_INFO;
struct WOLFSSL_X509_STORE_CTX {
WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */
#if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA)
WOLFSSL_X509* current_issuer; /* asio dereference */
#endif
WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
WOLFSSL_STACK* chain;
#ifdef OPENSSL_EXTRA
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
#endif
char* domain; /* subject CN domain name */
#ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */
#endif
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
int depth; /* used in X509_STORE_CTX_*_depth */
#endif
void* userCtx; /* user ctx */
int error; /* current error */
int error_depth; /* index of cert depth for this error */
int discardSessionCerts; /* so verify callback can flag for discard */
int totalCerts; /* number of peer cert buffers */
WOLFSSL_BUFFER_INFO* certs; /* peer certs */
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
void* heap;
int flags;
WOLF_STACK_OF(WOLFSSL_X509)* owned; /* Certs owned by this CTX */
WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified
* on store ctx init */
WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override
* set with
* X509_STORE_CTX_trusted_stack*/
};
typedef char* WOLFSSL_STRING;
typedef struct WOLFSSL_RAND_METHOD {
@ -805,6 +819,20 @@ typedef struct WOLFSSL_RAND_METHOD {
int (*status)(void);
} WOLFSSL_RAND_METHOD;
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
typedef struct WOLFSSL_ALERT {
int code;
int level;
} WOLFSSL_ALERT;
typedef struct WOLFSSL_ALERT_HISTORY {
WOLFSSL_ALERT last_rx;
WOLFSSL_ALERT last_tx;
} WOLFSSL_ALERT_HISTORY;
/* Valid Alert types from page 16/17
* Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
*/
@ -1339,7 +1367,6 @@ WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode);
WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_get_error(WOLFSSL* ssl, int ret);
WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session);
WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t);
@ -1381,15 +1408,43 @@ WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
#endif /* SESSION_INDEX */
#if defined(SESSION_CERTS)
#ifdef SESSION_CERTS
WOLFSSL_API
WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session);
#endif /* SESSION_INDEX && SESSION_CERTS */
#endif /* SESSION_CERTS */
typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int);
#ifdef OPENSSL_EXTRA
/* compatibility callback for TLS state */
typedef void (CallbackInfoState)(const WOLFSSL* ssl, int state, int err);
#endif
/* ----- EX DATA BEGIN ----- */
WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx);
WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data);
#ifdef HAVE_EX_DATA
WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(
const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx);
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(
WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
WOLFSSL* ssl,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
#ifdef HAVE_EX_DATA_CRYPTO
/* class index for wolfSSL_CRYPTO_get_ex_new_index */
#define WOLF_CRYPTO_EX_INDEX_SSL 0
#define WOLF_CRYPTO_EX_INDEX_SSL_CTX 1
@ -1409,8 +1464,6 @@ typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int);
#define WOLF_CRYPTO_EX_INDEX_DRBG 15
#define WOLF_CRYPTO_EX_INDEX__COUNT 16
#ifdef HAVE_EX_DATA
/* Helper macro to log that input arguments should not be used */
#define WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(a1, a2, a3, a4, a5) \
(void)(a1); \
@ -1425,12 +1478,60 @@ typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int);
} \
} while(0)
WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg,
WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
WOLFSSL_CRYPTO_EX_free* c);
WOLFSSL_API int wolfSSL_get_ex_new_index(
long argValue, void* arg,
WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
WOLFSSL_CRYPTO_EX_free* c);
WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(
long idx, void* arg,
WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func);
WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(
int class_index, long argl, void *argp,
WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func);
WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func);
#endif /* HAVE_EX_DATA_CRYPTO */
#endif /* HAVE_EX_DATA */
/* Exposed EX data API's, guarded internally by HAVE_EX_DATA */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup(
WOLFSSL_X509 *x509,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
#ifdef HAVE_EX_DATA_CRYPTO
WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func);
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef OPENSSL_EXTRA
WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx);
WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup(
WOLFSSL_CTX* ctx,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
#endif /* OPENSSL_EXTRA */
/* ----- EX DATA END ----- */
WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode,
VerifyCallback verify_callback);
@ -1649,7 +1750,9 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long e);
WOLFSSL_API const char* wolfSSL_ERR_func_error_string(unsigned long e);
WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long e);
/* extras */
/* -------- EXTRAS BEGIN -------- */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
@ -1661,16 +1764,11 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx);
WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data);
WOLFSSL_API int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx);
#if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \
defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING))
#include "wolfssl/wolfcrypt/asn.h"
#endif
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)
WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push(
WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
WOLFSSL_ACCESS_DESCRIPTION* a);
#endif /* defined(OPENSSL_ALL) || OPENSSL_EXTRA || defined(WOLFSSL_QT) */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_QT */
typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES;
typedef WOLF_STACK_OF(WOLFSSL_DIST_POINT) WOLFSSL_DIST_POINTS;
@ -1765,57 +1863,6 @@ WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s);
WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx);
WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup(
WOLFSSL* ssl,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd);
WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd);
WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt);
WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
unsigned int len);
WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL* ssl);
#ifdef OPENSSL_EXTRA
/* using unsigned char instead of uint8_t here to avoid stdint include */
WOLFSSL_API unsigned char wolfSSL_SESSION_get_max_fragment_length(
WOLFSSL_SESSION* session);
#endif
WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap);
WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx,
WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session,
const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_is_init_finished(const WOLFSSL* ssl);
WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl);
WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len);
WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value);
WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session);
WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap);
@ -2045,17 +2092,11 @@ WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psi
const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509);
WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
WOLFSSL_API int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name,
char* in, int sz);
WOLFSSL_API unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME* name);
#if defined(OPENSSL_EXTRA) && defined(XSNPRINTF)
WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz);
#endif
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
WOLFSSL_X509* cert);
WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
WOLFSSL_X509* cert);
WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509);
WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid);
WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid);
@ -2161,11 +2202,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CT
int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj);
WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_CTX_get0_param(
WOLFSSL_X509_STORE_CTX *ctx);
WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap);
WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)*);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx,
WOLF_STACK_OF(WOLFSSL_X509) *sk);
@ -2356,14 +2394,6 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(
WOLFSSL_X509_STORE_CTX* ctx, int er);
void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
int depth);
WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx);
WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
void* userdata);
WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,
wc_pem_password_cb* cb);
WOLFSSL_API wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX* ctx);
WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx,
void (*f)(const WOLFSSL* ssl, int type, int val));
@ -2422,13 +2452,7 @@ WOLFSSL_API int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength);
WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl);
WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
@ -2447,64 +2471,8 @@ WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void);
WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg);
WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl);
#define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */
/* These are bit-masks */
enum {
WOLFSSL_OCSP_URL_OVERRIDE = 1,
WOLFSSL_OCSP_NO_NONCE = 2,
WOLFSSL_OCSP_CHECKALL = 4,
WOLFSSL_CRL_CHECKALL = 1,
WOLFSSL_CRL_CHECK = 2
};
/* Separated out from other enums because of size */
enum {
WOLFSSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002,
WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004,
WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008,
WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010,
WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020,
WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040,
WOLFSSL_OP_TLS_D5_BUG = 0x00000080,
WOLFSSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100,
WOLFSSL_OP_TLS_ROLLBACK_BUG = 0x00000200,
WOLFSSL_OP_NO_RENEGOTIATION = 0x00000400,
WOLFSSL_OP_EPHEMERAL_RSA = 0x00000800,
WOLFSSL_OP_NO_SSLv3 = 0x00001000,
WOLFSSL_OP_NO_TLSv1 = 0x00002000,
WOLFSSL_OP_PKCS1_CHECK_1 = 0x00004000,
WOLFSSL_OP_PKCS1_CHECK_2 = 0x00008000,
WOLFSSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000,
WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000,
WOLFSSL_OP_SINGLE_DH_USE = 0x00040000,
WOLFSSL_OP_NO_TICKET = 0x00080000,
WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000,
WOLFSSL_OP_NO_QUERY_MTU = 0x00200000,
WOLFSSL_OP_COOKIE_EXCHANGE = 0x00400000,
WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000,
WOLFSSL_OP_SINGLE_ECDH_USE = 0x01000000,
WOLFSSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000,
WOLFSSL_OP_NO_TLSv1_1 = 0x04000000,
WOLFSSL_OP_NO_TLSv1_2 = 0x08000000,
WOLFSSL_OP_NO_COMPRESSION = 0x10000000,
WOLFSSL_OP_NO_TLSv1_3 = 0x20000000,
WOLFSSL_OP_NO_SSLv2 = 0x40000000,
WOLFSSL_OP_ALL =
(WOLFSSL_OP_MICROSOFT_SESS_ID_BUG
| WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG
| WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
| WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
| WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
| WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING
| WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG
| WOLFSSL_OP_TLS_D5_BUG
| WOLFSSL_OP_TLS_BLOCK_PADDING_BUG
| WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
| WOLFSSL_OP_TLS_ROLLBACK_BUG)
};
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)
@ -2680,8 +2648,138 @@ enum {
#endif /* !OPENSSL_COEXIST */
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */
/* -------- EXTRAS END -------- */
/* extras end */
#define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */
/* These are bit-masks */
enum {
WOLFSSL_OCSP_URL_OVERRIDE = 1,
WOLFSSL_OCSP_NO_NONCE = 2,
WOLFSSL_OCSP_CHECKALL = 4,
WOLFSSL_CRL_CHECKALL = 1,
WOLFSSL_CRL_CHECK = 2
};
/* Separated out from other enums because of size */
enum {
WOLFSSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002,
WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004,
WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008,
WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010,
WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020,
WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040,
WOLFSSL_OP_TLS_D5_BUG = 0x00000080,
WOLFSSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100,
WOLFSSL_OP_TLS_ROLLBACK_BUG = 0x00000200,
WOLFSSL_OP_NO_RENEGOTIATION = 0x00000400,
WOLFSSL_OP_EPHEMERAL_RSA = 0x00000800,
WOLFSSL_OP_NO_SSLv3 = 0x00001000,
WOLFSSL_OP_NO_TLSv1 = 0x00002000,
WOLFSSL_OP_PKCS1_CHECK_1 = 0x00004000,
WOLFSSL_OP_PKCS1_CHECK_2 = 0x00008000,
WOLFSSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000,
WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000,
WOLFSSL_OP_SINGLE_DH_USE = 0x00040000,
WOLFSSL_OP_NO_TICKET = 0x00080000,
WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000,
WOLFSSL_OP_NO_QUERY_MTU = 0x00200000,
WOLFSSL_OP_COOKIE_EXCHANGE = 0x00400000,
WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000,
WOLFSSL_OP_SINGLE_ECDH_USE = 0x01000000,
WOLFSSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000,
WOLFSSL_OP_NO_TLSv1_1 = 0x04000000,
WOLFSSL_OP_NO_TLSv1_2 = 0x08000000,
WOLFSSL_OP_NO_COMPRESSION = 0x10000000,
WOLFSSL_OP_NO_TLSv1_3 = 0x20000000,
WOLFSSL_OP_NO_SSLv2 = 0x40000000,
WOLFSSL_OP_ALL =
(WOLFSSL_OP_MICROSOFT_SESS_ID_BUG
| WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG
| WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
| WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
| WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
| WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING
| WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG
| WOLFSSL_OP_TLS_D5_BUG
| WOLFSSL_OP_TLS_BLOCK_PADDING_BUG
| WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
| WOLFSSL_OP_TLS_ROLLBACK_BUG)
};
WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
void* userdata);
WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,
wc_pem_password_cb* cb);
WOLFSSL_API wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX* ctx);
WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s);
WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s);
WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h);
WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd);
WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd);
WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt);
WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
unsigned int len);
WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL* ssl);
#ifdef OPENSSL_EXTRA
/* using unsigned char instead of uint8_t here to avoid stdint include */
WOLFSSL_API unsigned char wolfSSL_SESSION_get_max_fragment_length(
WOLFSSL_SESSION* session);
#endif
WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap);
WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx,
WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session,
const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_is_init_finished(const WOLFSSL* ssl);
WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl);
WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len);
WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher);
WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value);
WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session);
WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session);
WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(
WOLFSSL_X509* cert);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(
WOLFSSL_X509* cert);
WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name,
char* in, int sz);
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
/* wolfSSL extension, provide last error from SSL_get_error
@ -2698,8 +2796,6 @@ WOLFSSL_API void wolfSSL_ERR_print_errors_cb(int (*cb)(const char *str,
size_t len, void *u), void *u);
#endif
#endif
WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
#ifndef NO_OLD_SSL_NAMES
#define SSL_ERROR_NONE WOLFSSL_ERROR_NONE
@ -2941,7 +3037,6 @@ WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt);
#if !defined(NO_CHECK_PRIVATE_KEY)
WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx);
#endif
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx);
WOLFSSL_API void wolfSSL_ERR_free_strings(void);
WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long id);
@ -2969,12 +3064,14 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFS
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl);
#endif
#ifdef OPENSSL_EXTRA
WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl);
#endif
WOLFSSL_API int wolfSSL_want_read(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_want_write(WOLFSSL* ssl);
#ifdef OPENSSL_EXTRA
WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx);
#include <stdarg.h> /* var_arg */
WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format,
va_list args);
@ -2990,41 +3087,20 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int* days, int* secs, const WOLFSSL_ASN1_
const WOLFSSL_ASN1_TIME* to);
WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
const WOLFSSL_ASN1_TIME *b);
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t,
const char *str);
#endif
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i);
#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup(
WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
void *data);
#endif
/* stunnel 4.28 needs */
WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx);
WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup(
WOLFSSL_CTX* ctx,
int idx,
void* data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
WOLFSSL_SESSION*(*f)(WOLFSSL* ssl, const unsigned char*, int, int*));
WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
@ -3041,13 +3117,6 @@ WOLFSSL_API unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint(
const WOLFSSL_SESSION* sess);
WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* session);
WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* session);
#ifdef HAVE_EX_DATA
WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg,
WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func);
#endif
/* extra ends */
@ -3141,12 +3210,12 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
const unsigned char *in, int len);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **crl);
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
#endif
#if defined(HAVE_CRL) && defined(OPENSSL_EXTRA)
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **crl);
WOLFSSL_API int wolfSSL_X509_CRL_version(WOLFSSL_X509_CRL *crl);
WOLFSSL_API int wolfSSL_X509_CRL_get_signature_type(WOLFSSL_X509_CRL* crl);
WOLFSSL_API int wolfSSL_X509_CRL_get_signature_nid(
@ -3204,6 +3273,7 @@ WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer(
const unsigned char* buf, int sz, int format);
#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */
#ifdef OPENSSL_EXTRA
WOLFSSL_API
const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const
WOLFSSL_X509_REVOKED *rev);
@ -3216,14 +3286,6 @@ const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file);
#endif
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_load_certificate_file(const char* fname, int format);
#endif
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
const unsigned char* buf, int sz, int format);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
const unsigned char* buf, int sz, int format);
#endif
#ifdef WOLFSSL_SEP
@ -3235,19 +3297,36 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509, unsigned char* in, int* inOutSz);
#endif
#endif /* OPENSSL_EXTRA */
/* connect enough to get peer cert */
WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_load_certificate_file(const char* fname, int format);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
const unsigned char* buf, int sz, int format);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer(
const unsigned char* buf, int sz, int format);
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef OPENSSL_EXTRA
/* PKCS12 compatibility */
WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
WC_PKCS12** pkcs12);
WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
WOLFSSL_X509_PKCS12** pkcs12);
#endif
#ifdef HAVE_PKCS12
WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
WC_PKCS12** pkcs12);
WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
WOLF_STACK_OF(WOLFSSL_X509)** ca);
@ -3257,8 +3336,8 @@ WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
WOLF_STACK_OF(WOLFSSL_X509)* ca,
int keyNID, int certNID, int itt, int macItt, int keytype);
WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
#endif /* HAVE_PKCS12 */
#endif /* OPENSSL_EXTRA */
#ifndef NO_DH
@ -3956,8 +4035,10 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm,
int options);
WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm);
#ifndef NO_WOLFSSL_CM_VERIFY
WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
VerifyCallback vc);
#endif
WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm,
const char* path, int type, int monitor);
WOLFSSL_API int wolfSSL_CertManagerLoadCRLFile(WOLFSSL_CERT_MANAGER* cm,
@ -4900,9 +4981,6 @@ struct WOLFSSL_CONF_CTX {
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \
defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_EXTRA) \
|| defined(OPENSSL_ALL) \
|| defined(HAVE_LIGHTY) \
@ -4922,7 +5000,6 @@ WOLFSSL_API int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509);
WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
/* These are to be merged shortly */
WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
@ -4939,9 +5016,9 @@ WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || \
WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || \
WOLFSSL_HAPROXY */
#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
@ -5029,8 +5106,6 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_functions(
WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
WOLFSSL_API int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size);
WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn);
@ -5175,12 +5250,6 @@ WOLFSSL_API int wolfSSL_SESSION_set_ex_data_with_cleanup(
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
#ifdef HAVE_EX_DATA
WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr,
WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func);
#endif
WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(
const WOLFSSL_SESSION* sess, unsigned int* idLen);
@ -5347,34 +5416,16 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) \
|| defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
#ifdef HAVE_EX_DATA_CLEANUP_HOOKS
WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup(
WOLFSSL_X509 *x509,
int idx,
void *data,
wolfSSL_ex_data_cleanup_routine_t cleanup_routine);
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK)
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
#ifdef HAVE_EX_DATA
WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg,
WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func);
#endif
WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK)
WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx);
WOLFSSL_API long wolfSSL_get_timeout(WOLFSSL* ssl);
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx,
WOLFSSL_EC_KEY *ecdh);
WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s);
@ -5683,12 +5734,6 @@ WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx);
WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value);
WOLFSSL_API int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd);
#endif /* OPENSSL_EXTRA */
#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
WOLFSSL_CRYPTO_EX_new* new_func,
WOLFSSL_CRYPTO_EX_dup* dup_func,
WOLFSSL_CRYPTO_EX_free* free_func);
#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */
#if defined(WOLFSSL_DTLS_CID)
WOLFSSL_API int wolfSSL_dtls_cid_use(WOLFSSL* ssl);

10
wolfssl/test.h
View File

@ -2011,16 +2011,13 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
}
#endif
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
static unsigned char local_psk[32];
#endif
#ifdef OPENSSL_EXTRA
static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
const WOLFSSL_EVP_MD* md, const unsigned char **id,
size_t* idlen, WOLFSSL_SESSION **sess)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
static unsigned char local_psk[32];
int i;
WOLFSSL_SESSION* lsess;
char buf[256];
@ -2083,6 +2080,7 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
return 0;
#endif
}
#endif /* OPENSSL_EXTRA */
static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl,
const char* hint, char* identity, unsigned int id_max_len,

21
wolfssl/wolfcrypt/asn.h
View File

@ -36,8 +36,7 @@ that can be serialized and deserialized in a cross-platform way.
#include <wolfssl/wolfcrypt/types.h>
#ifndef NO_ASN
#if !defined(NO_ASN) || !defined(NO_PWDBASED)
#if !defined(NO_ASN_TIME) && defined(NO_TIME_H)
#define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */
@ -71,6 +70,8 @@ that can be serialized and deserialized in a cross-platform way.
extern "C" {
#endif
#ifndef NO_ASN
#ifndef EXTERNAL_SERIAL_SIZE
#define EXTERNAL_SERIAL_SIZE 32
#endif
@ -744,7 +745,7 @@ typedef struct WOLFSSL_ObjectInfo {
} WOLFSSL_ObjectInfo;
extern const size_t wolfssl_object_info_sz;
extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) */
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
/* DN Tag Strings */
#define WOLFSSL_COMMON_NAME "/CN="
@ -850,6 +851,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* NIDs */
#define WC_NID_netscape_cert_type WC_NID_undef
#define WC_NID_des 66
@ -2888,12 +2890,6 @@ WOLFSSL_LOCAL int VerifyX509Acert(const byte* cert, word32 certSz,
int pubKeyOID, void * heap);
#endif /* WOLFSSL_ACERT */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* !NO_ASN */
#if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \
|| (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
@ -2915,6 +2911,7 @@ WOLFSSL_LOCAL int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
int keyType);
#endif
#endif /* !NO_ASN */
#if !defined(NO_ASN) || !defined(NO_PWDBASED)
@ -2964,4 +2961,10 @@ enum PKCSTypes {
#endif /* !NO_ASN || !NO_PWDBASED */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* !NO_ASN || !NO_PWDBASED */
#endif /* WOLF_CRYPT_ASN_H */

90
wolfssl/wolfcrypt/settings.h
View File

@ -1299,8 +1299,8 @@
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \
|| defined(HAVE_ALPN)
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_ALL) || defined(HAVE_ALPN)
#define XSTRTOK strtok_r
#endif
#endif
@ -2653,11 +2653,6 @@ extern void uITRON4_free(void *p) ;
#endif
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
#undef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
/* stream ciphers except arc4 need 32bit alignment, intel ok without */
#ifndef XSTREAM_ALIGN
@ -2915,7 +2910,7 @@ extern void uITRON4_free(void *p) ;
#endif
#endif /* HAVE_ECC */
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && defined(HAVE_ECC) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA)
@ -3416,8 +3411,9 @@ extern void uITRON4_free(void *p) ;
#endif
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY)
#undef WOLFSSL_ASN_TIME_STRING
#define WOLFSSL_ASN_TIME_STRING
#endif
@ -3436,13 +3432,14 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_OCSP_PARSE_STATUS
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(WOLFSSL_CERT_GEN)
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_CERT_GEN)
#undef WOLFSSL_MULTI_ATTRIB
#define WOLFSSL_MULTI_ATTRIB
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
defined(OPENSSL_EXTRA_X509_SMALL)
#undef WOLFSSL_EKU_OID
#define WOLFSSL_EKU_OID
#endif
@ -3531,12 +3528,10 @@ extern void uITRON4_free(void *p) ;
#undef HAVE_GMTIME_R /* don't trust macro with windows */
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(HAVE_LIGHTY)) && !defined(NO_TLS)
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && !defined(NO_TLS)
#define OPENSSL_NO_ENGINE
#ifndef OPENSSL_EXTRA
#define OPENSSL_EXTRA
#endif
/* Session Tickets will be enabled when --enable-opensslall is used.
* Time is required for ticket expiration checking */
#if !defined(HAVE_SESSION_TICKET) && !defined(NO_ASN_TIME)
@ -3563,6 +3558,13 @@ extern void uITRON4_free(void *p) ;
#define OPENSSL_EXTRA
#endif
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)) && \
!defined(WOLFSSL_ASN_CA_ISSUER)
#define WOLFSSL_ASN_CA_ISSUER
#endif
/* ---------------------------------------------------------------------------
* OpenSSL compat layer
* ---------------------------------------------------------------------------
@ -3686,8 +3688,9 @@ extern void uITRON4_free(void *p) ;
#endif
/* Parts of the openssl compatibility layer require peer certs */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(HAVE_LIGHTY)
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(HAVE_LIGHTY)) && !defined(NO_CERTS)
#undef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
@ -3718,6 +3721,43 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_HAVE_TLS_UNIQUE
#endif
/* Keep peer cert, keep our cert and session certs requires WOLFSSL_X509 */
#if (defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT) || \
defined(SESSION_CERTS)) && \
!defined(OPENSSL_EXTRA) && !defined(OPENSSL_EXTRA_X509_SMALL)
#define OPENSSL_EXTRA_X509_SMALL
#endif
/* WPAS Small option requires OPENSSL_EXTRA_X509_SMALL */
#if defined(WOLFSSL_WPAS_SMALL) && !defined(OPENSSL_EXTRA_X509_SMALL)
#define OPENSSL_EXTRA_X509_SMALL
#endif
/* Web Server needs to enable OPENSSL_EXTRA_X509_SMALL */
#if defined(HAVE_WEBSERVER) && !defined(OPENSSL_EXTRA_X509_SMALL)
#define OPENSSL_EXTRA_X509_SMALL
#endif
/* The EX data CRYPTO API's used with compatibility */
#if !defined(HAVE_EX_DATA_CRYPTO) && \
(defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) || \
defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))
#define HAVE_EX_DATA_CRYPTO
#endif
#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(HAVE_EX_DATA_CLEANUP_HOOKS)
#define HAVE_EX_DATA_CLEANUP_HOOKS
#endif
/* Enable EX Data support if required */
#if (defined(HAVE_EX_DATA_CRYPTO) || defined(HAVE_EX_DATA_CLEANUP_HOOKS)) && \
!defined(HAVE_EX_DATA)
#define HAVE_EX_DATA
#endif
/* RAW hash function APIs are not implemented */
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH)
#undef WOLFSSL_NO_HASH_RAW
@ -3784,15 +3824,17 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_BASE64_DECODE
#endif
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
#if defined(FORTRESS) && !defined(HAVE_EX_DATA)
#define HAVE_EX_DATA
#endif
#if defined(FORTRESS) && !defined(HAVE_EX_DATA)
#define HAVE_EX_DATA
#endif
#ifdef HAVE_EX_DATA
#ifndef MAX_EX_DATA
#define MAX_EX_DATA 5 /* allow for five items of ex_data */
#endif
#endif
#ifdef NO_WOLFSSL_SMALL_STACK
#undef WOLFSSL_SMALL_STACK
#endif

2
wolfssl/wolfio.h
View File

@ -529,8 +529,10 @@ WOLFSSL_API int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
#endif
WOLFSSL_LOCAL int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_LOCAL int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr,
char* buf, int sz);
#endif
WOLFSSL_LOCAL int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
#if defined(USE_WOLFSSL_IO)
/* default IO callbacks */