WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add get_default_cert_file/env() stubs, SSL_get/set_read_ahead(), SSL_SESSION_has_ticket/lifetime_hint() (#4349) 

* add wolfSSL_X509_get_default_cert_file/file_env/dir/dir_env() stubs

* add SSL_get_read_ahead/SSL_set_read_ahead()

* add SSL_SESSION_has_ticket()

* add SSL_SESSION_get_ticket_lifetime_hint()

* address review feedback - comments, return values

* make SSL_get_read_ahead() arg const

* add unit tests for SESSION_has_ticket/get_ticket_lifetime_hint

* test for SESSION_TICKET_HINT_DEFAULT in api.c for wolfSSL_SESSION_get_ticket_lifetime_hint()

* fix variable shadow warning in api.c
pull/4256/head
Chris Conlon 2021-09-29 16:35:23 -06:00 committed by GitHub
parent bcd6930581
commit cf1ce3f073
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 119 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
src/ssl.c
View File

@ -16695,6 +16695,30 @@ cleanup:
WOLFSSL_STUB("SSL_CTX_set_default_verify_paths"); WOLFSSL_STUB("SSL_CTX_set_default_verify_paths");
return SSL_NOT_IMPLEMENTED; return SSL_NOT_IMPLEMENTED;
} }
const char* wolfSSL_X509_get_default_cert_file_env(void)
{
WOLFSSL_STUB("X509_get_default_cert_file_env");
return NULL;
}
const char* wolfSSL_X509_get_default_cert_file(void)
{
WOLFSSL_STUB("X509_get_default_cert_file");
return NULL;
}
const char* wolfSSL_X509_get_default_cert_dir_env(void)
{
WOLFSSL_STUB("X509_get_default_cert_dir_env");
return NULL;
}
const char* wolfSSL_X509_get_default_cert_dir(void)
{
WOLFSSL_STUB("X509_get_default_cert_dir");
return NULL;
}
#endif #endif
#if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \
@ -29138,6 +29162,28 @@ WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx)
} }
int wolfSSL_get_read_ahead(const WOLFSSL* ssl)
{
if (ssl == NULL) {
return WOLFSSL_FAILURE;
}
return ssl->readAhead;
}
int wolfSSL_set_read_ahead(WOLFSSL* ssl, int v)
{
if (ssl == NULL) {
return WOLFSSL_FAILURE;
}
ssl->readAhead = (byte)v;
return WOLFSSL_SUCCESS;
}
int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx)
{ {
if (ctx == NULL) { if (ctx == NULL) {
@ -30760,6 +30806,36 @@ end:
return s; return s;
} }
/* Check if there is a session ticket associated with this WOLFSSL_SESSION.
*
* sess - pointer to WOLFSSL_SESSION struct
*
* Returns 1 if has session ticket, otherwise 0 */
int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION* sess)
{
WOLFSSL_ENTER("wolfSSL_SESSION_has_ticket");
#ifdef HAVE_SESSION_TICKET
if (sess) {
if ((sess->ticketLen > 0) && (sess->ticket != NULL)) {
return WOLFSSL_SUCCESS;
}
}
#else
(void)sess;
#endif
return WOLFSSL_FAILURE;
}
unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint(
const WOLFSSL_SESSION* sess)
{
WOLFSSL_ENTER("wolfSSL_SESSION_get_ticket_lifetime_hint");
if (sess) {
return sess->timeout;
}
return 0;
}
long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess) long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
{ {
long timeout = 0; long timeout = 0;

34
tests/api.c
View File

@ -343,8 +343,10 @@
#include <wolfssl/wolfcrypt/srp.h> #include <wolfssl/wolfcrypt/srp.h>
#endif #endif
#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) #if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
#include "wolfssl/internal.h" /* for testing SSL_get_peer_cert_chain */ defined(HAVE_SESSION_TICKET)
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT */
#include "wolfssl/internal.h"
#endif #endif
/* force enable test buffers */ /* force enable test buffers */
@ -6697,7 +6699,7 @@ static void test_wolfSSL_PKCS12(void)
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \ #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
!defined(NO_SHA) && defined(HAVE_PKCS12) !defined(NO_SHA) && defined(HAVE_PKCS12)
byte buffer[6000]; byte buf[6000];
char file[] = "./certs/test-servercert.p12"; char file[] = "./certs/test-servercert.p12";
char order[] = "./certs/ecc-rsa-server.p12"; char order[] = "./certs/ecc-rsa-server.p12";
#ifdef WC_RC2 #ifdef WC_RC2
@ -6730,13 +6732,13 @@ static void test_wolfSSL_PKCS12(void)
f = XFOPEN(file, "rb"); f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f); XFCLOSE(f);
goodPswLen = (int)XSTRLEN(goodPsw); goodPswLen = (int)XSTRLEN(goodPsw);
badPswLen = (int)XSTRLEN(badPsw); badPswLen = (int)XSTRLEN(badPsw);
bio = BIO_new_mem_buf((void*)buffer, bytes); bio = BIO_new_mem_buf((void*)buf, bytes);
AssertNotNull(bio); AssertNotNull(bio);
pkcs12 = d2i_PKCS12_bio(bio, NULL); pkcs12 = d2i_PKCS12_bio(bio, NULL);
@ -6881,10 +6883,10 @@ static void test_wolfSSL_PKCS12(void)
/* test order of parsing */ /* test order of parsing */
f = XFOPEN(order, "rb"); f = XFOPEN(order, "rb");
AssertTrue(f != XBADFILE); AssertTrue(f != XBADFILE);
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f); XFCLOSE(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes)); AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)), AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
@ -6964,10 +6966,10 @@ static void test_wolfSSL_PKCS12(void)
/* test PKCS#12 with RC2 encryption */ /* test PKCS#12 with RC2 encryption */
f = XFOPEN(rc2p12, "rb"); f = XFOPEN(rc2p12, "rb");
AssertTrue(f != XBADFILE); AssertTrue(f != XBADFILE);
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f); XFCLOSE(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes)); AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
/* check verify MAC fail case */ /* check verify MAC fail case */
@ -37235,6 +37237,10 @@ static void test_wolfSSL_SESSION(void)
#ifdef WOLFSSL_ENCRYPTED_KEYS #ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif
#ifdef HAVE_SESSION_TICKET
/* Use session tickets, for ticket tests below */
AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS);
#endif
XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS #ifdef WOLFSSL_TIRTOS
@ -37287,6 +37293,16 @@ static void test_wolfSSL_SESSION(void)
AssertIntEQ(wolfSSL_SESSION_is_resumable(NULL), 0); AssertIntEQ(wolfSSL_SESSION_is_resumable(NULL), 0);
AssertIntEQ(wolfSSL_SESSION_is_resumable(sess), 1); AssertIntEQ(wolfSSL_SESSION_is_resumable(sess), 1);
#endif #endif
AssertIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0);
AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0);
#ifdef HAVE_SESSION_TICKET
AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 1);
AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess),
SESSION_TICKET_HINT_DEFAULT);
#else
AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0);
#endif
wolfSSL_shutdown(ssl); wolfSSL_shutdown(ssl);
wolfSSL_free(ssl); wolfSSL_free(ssl);

9
wolfssl/openssl/ssl.h
View File

@ -983,6 +983,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size #define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size
#define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
#define X509_get_default_cert_file_env wolfSSL_X509_get_default_cert_file_env
#define X509_get_default_cert_file wolfSSL_X509_get_default_cert_file
#define X509_get_default_cert_dir_env wolfSSL_X509_get_default_cert_dir_env
#define X509_get_default_cert_dir wolfSSL_X509_get_default_cert_dir
#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context #define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context
#define SSL_get_peer_certificate wolfSSL_get_peer_certificate #define SSL_get_peer_certificate wolfSSL_get_peer_certificate
@ -1018,6 +1022,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION #define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION
#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION #define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION
#define SSL_SESSION_has_ticket wolfSSL_SESSION_has_ticket
#define SSL_SESSION_get_ticket_lifetime_hint \
wolfSSL_SESSION_get_ticket_lifetime_hint
#define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout #define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout
#define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout #define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout
#define SSL_SESSION_get_time wolfSSL_SESSION_get_time #define SSL_SESSION_get_time wolfSSL_SESSION_get_time
@ -1155,6 +1162,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_set_tlsext_max_fragment_length wolfSSL_set_tlsext_max_fragment_length #define SSL_set_tlsext_max_fragment_length wolfSSL_set_tlsext_max_fragment_length
#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert #define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert
#define SSL_get_read_ahead wolfSSL_get_read_ahead
#define SSL_set_read_ahead wolfSSL_set_read_ahead
#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead #define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead
#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead #define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead
#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg #define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg

9
wolfssl/ssl.h
View File

@ -1968,6 +1968,8 @@ WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long);
WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*);
WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_get_read_ahead(const WOLFSSL*);
WOLFSSL_API int wolfSSL_set_read_ahead(WOLFSSL*, int v);
WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v); WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v);
WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg); WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg);
@ -2472,6 +2474,10 @@ WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
WOLFSSL_API const char* wolfSSL_X509_get_default_cert_file_env(void);
WOLFSSL_API const char* wolfSSL_X509_get_default_cert_file(void);
WOLFSSL_API const char* wolfSSL_X509_get_default_cert_dir_env(void);
WOLFSSL_API const char* wolfSSL_X509_get_default_cert_dir(void);
WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
const unsigned char*, unsigned int); const unsigned char*, unsigned int);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*); WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*);
@ -2543,6 +2549,9 @@ WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char*
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**, WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**,
const unsigned char**, long); const unsigned char**, long);
WOLFSSL_API int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION*);
WOLFSSL_API unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint(
const WOLFSSL_SESSION* sess);
WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*); WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*);
WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*); WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*);
WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);