WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #4658 from julek-wolfssl/apache-2.4.51 

Add Apache 2.4.51 support
pull/4672/head
David Garske 2021-12-16 08:52:10 -08:00 committed by GitHub
parent ea2245c4d1 017d6cf464
commit dec78169bf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 525 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -4854,6 +4854,8 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"

6
src/bio.c
View File

@ -1895,7 +1895,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
if (bio == NULL)
return WOLFSSL_FAILURE;
if (bio->type == WOLFSSL_BIO_FILE) {
if (bio->method != NULL && bio->method->ctrlCb != NULL) {
WOLFSSL_MSG("Calling custom BIO flush callback");
return (int)bio->method->ctrlCb(bio, BIO_CTRL_FLUSH, 0, NULL);
}
else if (bio->type == WOLFSSL_BIO_FILE) {
#if !defined(NO_FILESYSTEM) && defined(XFFLUSH)
if (XFFLUSH((FILE *)bio->ptr) != 0)
return WOLFSSL_FAILURE;

36
src/internal.c
View File

@ -5876,7 +5876,11 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ret = WOLFSSL_SUCCESS; /* set default ret */
ssl->ctx = ctx; /* only for passing to calls, options could change */
ssl->version = ctx->method->version;
/* Don't change version on a SSL object that has already started a
* handshake */
if (!ssl->msgsReceived.got_client_hello &&
!ssl->msgsReceived.got_server_hello)
ssl->version = ctx->method->version;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
ssl->options.mask = ctx->mask;
ssl->options.minProto = ctx->minProto;
@ -9343,6 +9347,9 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
RecordLayerHeader* rh, word16 *size)
{
#ifdef OPENSSL_ALL
word32 start = *inOutIdx;
#endif
if (!ssl->options.dtls) {
#ifdef HAVE_FUZZER
if (ssl->fuzzerCb)
@ -9453,6 +9460,22 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
break;
case no_type:
default:
#ifdef OPENSSL_ALL
{
char *method = (char*)input + start;
/* Attempt to identify if this is a plain HTTP request.
* No size checks because this function assumes at least
* RECORD_HEADER_SZ size of data has been read which is
* also the longest string comparison in this if. */
if (XSTRNCMP(method, "GET ", XSTR_SIZEOF("GET ")) == 0 ||
XSTRNCMP(method, "POST ", XSTR_SIZEOF("POST ")) == 0 ||
XSTRNCMP(method, "HEAD ", XSTR_SIZEOF("HEAD ")) == 0 ||
XSTRNCMP(method, "PUT ", XSTR_SIZEOF("PUT ")) == 0) {
WOLFSSL_MSG("Plain HTTP request detected");
return SSL_R_HTTP_REQUEST;
}
}
#endif
WOLFSSL_MSG("Unknown Record Type");
return UNKNOWN_RECORD_TYPE;
}
@ -12445,9 +12468,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
}
#endif /* SESSION_CERTS && WOLFSSL_ALT_CERT_CHAINS */
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
/* Check peer's certificate version number. TLS 1.2 / 1.3
* requires the clients certificate be version 3 unless a
* different version has been negotiated using RFC 7250 */
* different version has been negotiated using RFC 7250.
* OpenSSL doesn't appear to be performing this check.
* For TLS 1.3 see RFC8446 Section 4.4.2.3 */
if (ssl->options.side == WOLFSSL_SERVER_END) {
if (args->dCert->version != WOLFSSL_X509_V3) {
WOLFSSL_MSG("Peers certificate was not version 3!");
@ -12456,6 +12482,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
* giving the user a chance to override */
}
}
#endif
/* check if fatal error */
if (args->verifyErr) {
@ -30023,8 +30050,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ret == 0 && ssl->options.dtls)
DtlsMsgPoolReset(ssl);
#endif
WOLFSSL_LEAVE("DoClientHello", ret);
WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);
out:
@ -30037,6 +30062,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ret = CertSetupCbWrapper(ssl);
#endif
WOLFSSL_LEAVE("DoClientHello", ret);
WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO);
return ret;
}

7
src/keys.c
View File

@ -2102,7 +2102,8 @@ int SetCipherSpecs(WOLFSSL* ssl)
} /* if ECC / Normal suites else */
/* set TLS if it hasn't been turned off */
if (ssl->version.major == 3 && ssl->version.minor >= 1) {
if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor >= TLSv1_MINOR) {
#ifndef NO_TLS
ssl->options.tls = 1;
#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
@ -2112,9 +2113,9 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->hmac = Renesas_cmn_TLS_hmac;
#endif
#endif
if (ssl->version.minor >= 2) {
if (ssl->version.minor >= TLSv1_1_MINOR) {
ssl->options.tls1_1 = 1;
if (ssl->version.minor >= 4)
if (ssl->version.minor >= TLSv1_3_MINOR)
ssl->options.tls1_3 = 1;
}
#endif

43
src/ocsp.c
View File

@ -1217,17 +1217,46 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name,
return 1;
}
#ifndef NO_WOLFSSL_STUB
int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val,
int sz)
{
WOLFSSL_STUB("wolfSSL_OCSP_request_add1_nonce");
(void)req;
(void)val;
(void)sz;
return WOLFSSL_FATAL_ERROR;
}
WC_RNG rng;
WOLFSSL_ENTER("wolfSSL_OCSP_request_add1_nonce");
if (req == NULL || sz > MAX_OCSP_NONCE_SZ) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
if (sz <= 0)
sz = MAX_OCSP_NONCE_SZ;
if (val != NULL) {
XMEMCPY(req->nonce, val, sz);
}
else {
if (
#ifndef HAVE_FIPS
wc_InitRng_ex(&rng, req->heap, INVALID_DEVID)
#else
wc_InitRng(&rng)
#endif
!= 0) {
WOLFSSL_MSG("RNG init failed");
return WOLFSSL_FAILURE;
}
if (wc_RNG_GenerateBlock(&rng, req->nonce, sz) != 0) {
WOLFSSL_MSG("wc_RNG_GenerateBlock failed");
wc_FreeRng(&rng);
return WOLFSSL_FAILURE;
}
wc_FreeRng(&rng);
}
req->nonceSz = sz;
return WOLFSSL_SUCCESS;
}
/* Returns result of OCSP nonce comparison. Return values:
* 1 - nonces are both present and equal

372
src/ssl.c
View File

@ -77,6 +77,7 @@
#ifdef OPENSSL_EXTRA
/* openssl headers begin */
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/aes.h>
#ifndef WOLFCRYPT_ONLY
#include <wolfssl/openssl/hmac.h>
@ -17748,6 +17749,7 @@ cleanup:
{
WOLFSSL_ENTER("wolfSSL_ERR_get_error");
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
{
unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL,
@ -17755,7 +17757,7 @@ cleanup:
wc_RemoveErrorNode(-1);
return ret;
}
#elif (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
#else
{
int ret = wc_PullErrorNode(NULL, NULL, NULL);
@ -17771,12 +17773,13 @@ cleanup:
return (unsigned long)ret;
}
#endif
#else
return (unsigned long)(0 - NOT_COMPILED_IN);
#endif
}
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
#ifndef NO_BIO
/* print out and clear all errors */
void wolfSSL_ERR_print_errors(WOLFSSL_BIO* bio)
@ -17809,7 +17812,7 @@ cleanup:
}
}
#endif /* !NO_BIO */
#endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */
#endif /* WOLFSSL_HAVE_ERROR_QUEUE */
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
@ -19537,9 +19540,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
void wolfSSL_ERR_clear_error(void)
{
WOLFSSL_ENTER("wolfSSL_ERR_clear_error");
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || \
defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
wc_ClearErrorNodes();
#endif
}
@ -19808,6 +19809,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->options.isClosed = 0;
ssl->options.connReset = 0;
ssl->options.sentNotify = 0;
ssl->options.closeNotify = 0;
ssl->options.sendVerify = 0;
ssl->options.serverState = NULL_STATE;
ssl->options.clientState = NULL_STATE;
@ -20042,7 +20044,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
*/
unsigned long wolfSSL_ERR_get_error_line(const char** file, int* line)
{
#ifdef DEBUG_WOLFSSL
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
int ret = wc_PullErrorNode(file, NULL, line);
if (ret < 0) {
if (ret == BAD_STATE_E) return 0; /* no errors in queue */
@ -20148,9 +20150,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
const char** data, int *flags)
{
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
int ret;
WOLFSSL_STUB("wolfSSL_ERR_get_error_line_data");
WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data");
if (flags != NULL) {
if ((*flags & ERR_TXT_STRING) == ERR_TXT_STRING) {
@ -20181,6 +20184,15 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
}
return (unsigned long)ret;
#else
WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data");
WOLFSSL_MSG("Error queue turned off, can not get error line");
(void)file;
(void)line;
(void)data;
(void)flags;
return 0;
#endif
}
#endif /* OPENSSL_EXTRA */
@ -23093,10 +23105,24 @@ int wolfSSL_get_shutdown(const WOLFSSL* ssl)
WOLFSSL_ENTER("wolfSSL_get_shutdown");
if (ssl) {
/* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent *
* WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */
isShutdown = ((ssl->options.closeNotify||ssl->options.connReset) << 1)
| (ssl->options.sentNotify);
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
if (ssl->options.handShakeState == NULL_STATE) {
/* The SSL object was possibly cleared with wolfSSL_clear after
* a successful shutdown. Simulate a response for a full
* bidirectional shutdown. */
isShutdown = WOLFSSL_SENT_SHUTDOWN | WOLFSSL_RECEIVED_SHUTDOWN;
}
else
#endif
{
/* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent *
* WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */
if (ssl->options.sentNotify)
isShutdown |= WOLFSSL_SENT_SHUTDOWN;
if (ssl->options.closeNotify||ssl->options.connReset)
isShutdown |= WOLFSSL_RECEIVED_SHUTDOWN;
}
}
return isShutdown;
}
@ -23404,6 +23430,9 @@ WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl)
if (ssl) {
ssl->cipher.cipherSuite0 = ssl->options.cipherSuite0;
ssl->cipher.cipherSuite = ssl->options.cipherSuite;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
ssl->cipher.bits = ssl->specs.key_size * 8;
#endif
return &ssl->cipher;
}
else
@ -28069,6 +28098,8 @@ int wolfSSL_ERR_GET_LIB(unsigned long err)
value = (err & 0xFFFFFFL);
switch (value) {
case -SSL_R_HTTP_REQUEST:
return ERR_LIB_SSL;
case PEM_R_NO_START_LINE:
case PEM_R_PROBLEMS_GETTING_PASSWORD:
case PEM_R_BAD_PASSWORD_READ:
@ -28103,6 +28134,8 @@ int wolfSSL_ERR_GET_REASON(unsigned long err)
/* Nginx looks for this error to know to stop parsing certificates. */
if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE))
return PEM_R_NO_START_LINE;
if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST))
return SSL_R_HTTP_REQUEST;
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
if (err == ((ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG))
@ -44398,23 +44431,6 @@ err:
}
return ret;
}
/* sets the values of X509_PKEY based on certificate passed in
* return WOLFSSL_SUCCESS on success */
static int wolfSSL_X509_PKEY_set(WOLFSSL_X509_PKEY* xPkey,
WOLFSSL_X509* x509)
{
if (xPkey == NULL || x509 == NULL) {
return BAD_FUNC_ARG;
}
wolfSSL_EVP_PKEY_free(xPkey->dec_pkey);
xPkey->dec_pkey = wolfSSL_X509_get_pubkey(x509);
if (xPkey->dec_pkey == NULL) {
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
#endif /* !NO_BIO */
@ -44430,47 +44446,9 @@ err:
#ifndef NO_BIO
/* Takes control of x509 on success
* helper function to break out code needed to set WOLFSSL_X509_INFO up
* free's "info" passed in if is not defaults
*
* returns WOLFSSL_SUCCESS on success
*/
static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO** info,
WOLFSSL_X509* x509)
{
if (info == NULL || x509 == NULL) {
return BAD_FUNC_ARG;
}
if (*info == NULL) {
return BAD_FUNC_ARG;
}
/* check is fresh "info" passed in, if not free it */
if ((*info)->x509 != NULL || (*info)->x_pkey != NULL) {
WOLFSSL_X509_INFO* tmp;
tmp = wolfSSL_X509_INFO_new();
if (tmp == NULL) {
WOLFSSL_MSG("Unable to create new structure");
return MEMORY_E;
}
wolfSSL_X509_INFO_free(*info);
(*info) = tmp;
}
(*info)->x509 = x509;
/* @TODO info->num */
/* @TODO info->enc_cipher */
/* @TODO info->enc_len */
/* @TODO info->enc_data */
/* @TODO info->crl */
(*info)->x_pkey = wolfSSL_X509_PKEY_new(x509->heap);
return wolfSSL_X509_PKEY_set((*info)->x_pkey, x509);
}
#define PEM_COMPARE_HEADER(start, end, header) \
end - start == XSTR_SIZEOF(header) && XMEMCMP(start, header, \
XSTR_SIZEOF(header)) == 0
/**
* This read one structure from bio and returns the read structure
@ -44498,8 +44476,7 @@ err:
#ifdef HAVE_CRL
DerBuffer* der = NULL;
#endif
(void)cb;
WOLFSSL_BIO* pemBio = NULL;
if (!bio || !x509 || *x509 || !crl || *crl || !x_pkey || *x_pkey) {
WOLFSSL_MSG("Bad input parameter or output parameters "
@ -44508,10 +44485,8 @@ err:
}
if ((l = wolfSSL_BIO_get_len(bio)) <= 0) {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
/* No certificate in buffer */
WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
#endif
return WOLFSSL_FAILURE;
}
@ -44521,6 +44496,7 @@ err:
if (wolfSSL_BIO_read(bio, &pem[0], pem_struct_min_sz) !=
pem_struct_min_sz) {
WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
goto err;
}
@ -44580,10 +44556,8 @@ err:
goto err;
}
else {
if (headerEnd - header ==
XSTR_SIZEOF("-----BEGIN CERTIFICATE-----") &&
XMEMCMP(header, "-----BEGIN CERTIFICATE-----",
XSTR_SIZEOF("-----BEGIN CERTIFICATE-----")) == 0) {
if (PEM_COMPARE_HEADER(header, headerEnd,
"-----BEGIN CERTIFICATE-----")) {
/* We have a certificate */
WOLFSSL_MSG("Parsing x509 cert");
*x509 = wolfSSL_X509_load_certificate_buffer(
@ -44595,10 +44569,8 @@ err:
}
}
#ifdef HAVE_CRL
else if (headerEnd - header ==
XSTR_SIZEOF("-----BEGIN X509 CRL-----") &&
XMEMCMP(header, "-----BEGIN X509 CRL-----",
XSTR_SIZEOF("-----BEGIN X509 CRL-----")) == 0) {
else if (PEM_COMPARE_HEADER(header, headerEnd,
"-----BEGIN X509 CRL-----")) {
/* We have a crl */
WOLFSSL_MSG("Parsing crl");
if((PemToDer((const unsigned char*) header, footerEnd - header,
@ -44614,9 +44586,31 @@ err:
}
#endif
else {
/* TODO support WOLFSSL_X509_PKEY as well */
WOLFSSL_MSG("Unsupported PEM structure");
goto err;
WOLFSSL_MSG("Parsing x509 key");
if (!(*x_pkey = wolfSSL_X509_PKEY_new(NULL))) {
WOLFSSL_MSG("wolfSSL_X509_PKEY_new error");
goto err;
}
if (!(pemBio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()))) {
WOLFSSL_MSG("wolfSSL_BIO_new error");
goto err;
}
if (wolfSSL_BIO_write(pemBio, header,
(int)(footerEnd - header)) != footerEnd - header) {
WOLFSSL_MSG("wolfSSL_BIO_new error");
goto err;
}
if (wolfSSL_PEM_read_bio_PrivateKey(pemBio,
&(*x_pkey)->dec_pkey, cb, NULL) == NULL) {
WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey error");
goto err;
}
wolfSSL_BIO_free(pemBio);
}
}
@ -44633,6 +44627,12 @@ err:
if (der)
FreeDer(&der);
#endif
if (*x_pkey) {
wolfSSL_X509_PKEY_free(*x_pkey);
*x_pkey = NULL;
}
if (pemBio)
wolfSSL_BIO_free(pemBio);
return WOLFSSL_FAILURE;
#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
}
@ -44666,75 +44666,115 @@ err:
{
WOLF_STACK_OF(WOLFSSL_X509_INFO)* localSk = NULL;
int ret = WOLFSSL_SUCCESS;
WOLFSSL_X509_INFO* current = NULL;
WOLFSSL_X509* x509 = NULL;
WOLFSSL_X509_CRL* crl = NULL;
WOLFSSL_X509_PKEY* x_pkey = NULL;
(void)u;
WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read_bio");
/* attempt to use passed in stack or create a new one */
if (sk != NULL) {
localSk = sk;
}
else {
localSk = wolfSSL_sk_X509_INFO_new_null();
}
if (localSk == NULL) {
WOLFSSL_LEAVE("wolfSSL_PEM_X509_INFO_read_bio",
MEMORY_E);
return NULL;
}
/* parse through BIO and push new info's found onto stack */
while (1) {
WOLFSSL_X509 *x509 = NULL;
WOLFSSL_X509_CRL *crl = NULL;
WOLFSSL_X509_PKEY *x_pkey = NULL;
x509 = NULL;
crl = NULL;
x_pkey = NULL;
if (wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio(bio, cb,
&x509, &crl, &x_pkey) == WOLFSSL_SUCCESS) {
WOLFSSL_X509_INFO* current;
current = wolfSSL_X509_INFO_new();
if (current == NULL) {
WOLFSSL_LEAVE("wolfSSL_PEM_X509_INFO_read_bio", MEMORY_E);
wolfSSL_sk_pop_free(localSk, NULL);
return NULL;
if (current == NULL ||
(x509 && current->x509) ||
(crl && current->crl) ||
(x_pkey && current->x_pkey)) {
/* Need to create new current since existing one already
* has the member filled or this is the first successful
* read. */
current = wolfSSL_X509_INFO_new();
if (current == NULL) {
ret = MEMORY_E;
break;
}
if (wolfSSL_sk_X509_INFO_push(localSk, current) !=
WOLFSSL_SUCCESS) {
wolfSSL_X509_INFO_free(current);
current = NULL;
ret = WOLFSSL_FAILURE;
break;
}
}
if (x509) {
ret = wolfSSL_X509_INFO_set(&current, x509);
current->x509 = x509;
}
else if (crl) {
current->crl = crl;
ret = WOLFSSL_SUCCESS;
}
else if (x_pkey) {
current->x_pkey = x_pkey;
ret = WOLFSSL_SUCCESS;
}
else {
WOLFSSL_MSG("No output parameters set");
WOLFSSL_LEAVE("wolfSSL_PEM_X509_INFO_read_bio", WOLFSSL_FAILURE);
wolfSSL_sk_pop_free(localSk, NULL);
wolfSSL_X509_INFO_free(current);
return NULL;
}
if (ret != WOLFSSL_SUCCESS) {
wolfSSL_X509_free(x509);
#ifdef HAVE_CRL
wolfSSL_X509_CRL_free(crl);
#endif
wolfSSL_X509_PKEY_free(x_pkey);
}
else {
if (!localSk) {
/* attempt to used passed in stack
* or create a new one */
if (sk != NULL) {
localSk = sk;
}
else {
localSk = wolfSSL_sk_X509_INFO_new_null();
}
if (localSk == NULL) {
WOLFSSL_LEAVE("wolfSSL_PEM_X509_INFO_read_bio",
MEMORY_E);
return NULL;
}
}
wolfSSL_sk_X509_INFO_push(localSk, current);
ret = WOLFSSL_FAILURE;
break;
}
}
else {
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
int err = (int)wolfSSL_ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
/*
* wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio pushes an
* ASN_NO_PEM_HEADER error to the error queue on file end.
* This should not be left for the caller to find so we
* clear the last error. This also indicates that nothing
* more was found in the BIO.
*/
wc_RemoveErrorNode(-1);
}
#else
if (wolfSSL_sk_X509_INFO_num(localSk) > 0) {
WOLFSSL_MSG("At least one X509_INFO object on stack."
"Assuming error means EOF or no more PEM"
"headers found.");
}
#endif
else {
ret = WOLFSSL_FAILURE;
}
break;
}
}
if (ret != WOLFSSL_SUCCESS ||
wolfSSL_sk_X509_INFO_num(localSk) == 0) {
/* current should always be pushed onto the localsk stack at this
* point. The only case when it isn't is when
* wolfSSL_sk_X509_INFO_push fails but in that case the current
* free is handled inside the loop. */
if (localSk != sk) {
wolfSSL_sk_pop_free(localSk, NULL);
}
wolfSSL_X509_free(x509);
#ifdef HAVE_CRL
wolfSSL_X509_CRL_free(crl);
#endif
wolfSSL_X509_PKEY_free(x_pkey);
localSk = NULL;
}
WOLFSSL_LEAVE("wolfSSL_PEM_X509_INFO_read_bio", ret);
return localSk;
}
@ -45990,8 +46030,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
(void)line;
(void)file;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || \
defined(WOLFSSL_HAPROXY)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
{
int ret;
@ -47819,24 +47858,19 @@ int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_INFO_num");
if (sk == NULL)
return -1;
return (int)sk->num;
return wolfSSL_sk_num(sk);
}
WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_value(const WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk, int i)
WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_value(
const WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk, int i)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_INFO_value");
for (; sk != NULL && i > 0; i--)
sk = sk->next;
if (i != 0 || sk == NULL)
return NULL;
return sk->data.info;
return wolfSSL_sk_value(sk, i);
}
WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk)
WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(
WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk)
{
WOLFSSL_STACK* node;
WOLFSSL_X509_INFO* info;
@ -47886,37 +47920,7 @@ void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk)
int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
WOLFSSL_X509_INFO* in)
{
WOLFSSL_STACK* node;
if (sk == NULL || in == NULL) {
return WOLFSSL_FAILURE;
}
/* no previous values in stack */
if (sk->data.info == NULL) {
sk->data.info = in;
sk->num += 1;
return WOLFSSL_SUCCESS;
}
/* stack already has value(s) create a new node and add more */
node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
DYNAMIC_TYPE_X509);
if (node == NULL) {
WOLFSSL_MSG("Memory error");
return WOLFSSL_FAILURE;
}
XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
/* push new obj onto head of stack */
node->data.info = sk->data.info;
node->next = sk->next;
node->type = sk->type;
sk->next = node;
sk->data.info = in;
sk->num += 1;
return WOLFSSL_SUCCESS;
return wolfSSL_sk_push(sk, in);
}
/* Creates a duplicate of WOLF_STACK_OF(WOLFSSL_X509_NAME).
@ -48387,7 +48391,7 @@ unsigned long wolfSSL_ERR_peek_last_error(void)
{
WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
{
int ret;
@ -49465,9 +49469,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
*flags = 0;
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_MYSQL_COMPATIBLE)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
{
int ret = 0;
@ -49484,6 +49486,11 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
if (ret == -ASN_NO_PEM_HEADER)
return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
#ifdef OPENSSL_ALL
/* PARSE_ERROR is returned if an HTTP request is detected. */
if (ret == -SSL_R_HTTP_REQUEST)
return (ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST;
#endif
#if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON)
if (ret == ASN1_R_HEADER_TOO_LONG) {
return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG;
@ -59524,21 +59531,20 @@ void wolfSSL_BIO_set_init(WOLFSSL_BIO* bio, int init)
(void)bio;
(void)init;
}
#endif /* NO_WOLFSSL_STUB */
void wolfSSL_BIO_set_shutdown(WOLFSSL_BIO* bio, int shut)
{
WOLFSSL_STUB("wolfSSL_BIO_set_shutdown");
(void)bio;
(void)shut;
WOLFSSL_ENTER("wolfSSL_BIO_set_shutdown");
if (bio != NULL)
bio->shutdown = shut;
}
int wolfSSL_BIO_get_shutdown(WOLFSSL_BIO* bio)
{
WOLFSSL_STUB("wolfSSL_BIO_get_shutdown");
(void)bio;
return 0;
WOLFSSL_ENTER("wolfSSL_BIO_get_shutdown");
return bio != NULL && bio->shutdown;
}
#endif /* NO_WOLFSSL_STUB */
void wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO* bio)
{

105
tests/api.c
View File

@ -8825,7 +8825,11 @@ static void test_set_x509_badversion(WOLFSSL_CTX* ctx)
/* override certificate version error */
static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
{
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
AssertIntEQ(store->error, ASN_VERSION_E);
#else
AssertIntEQ(store->error, 0);
#endif
AssertIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1);
(void)preverify;
return 1;
@ -8897,8 +8901,13 @@ static void test_wolfSSL_X509_TLS_version(void)
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
AssertIntEQ(client_args.return_code, TEST_FAIL);
AssertIntEQ(server_args.return_code, TEST_FAIL);
#else
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
#endif
FreeTcpReady(&ready);
@ -29760,6 +29769,68 @@ static void test_wolfSSL_X509_NAME_hash(void)
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_X509_INFO_multiple_info(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
STACK_OF(X509_INFO) *info_stack;
X509_INFO *info;
int len;
int i;
const char* files[] = {
cliCertFile,
cliKeyFile,
/* This needs to be the order as svrCertFile contains the
* intermediate cert as well. */
svrKeyFile,
svrCertFile,
NULL,
};
const char** curFile;
BIO *fileBIO;
BIO *concatBIO = NULL;
byte tmp[FOURK_BUF];
/* concatenate the cert and the key file to force PEM_X509_INFO_read_bio
* to group objects together. */
AssertNotNull(concatBIO = BIO_new(BIO_s_mem()));
for (curFile = files; *curFile != NULL; curFile++) {
int fileLen;
AssertNotNull(fileBIO = BIO_new_file(*curFile, "rb"));
fileLen = wolfSSL_BIO_get_len(fileBIO);
while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) {
AssertIntEQ(BIO_write(concatBIO, tmp, len), len);
fileLen -= len;
}
/* Make sure we read the entire file */
AssertIntEQ(fileLen, 0);
BIO_free(fileBIO);
}
AssertNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL,
NULL));
AssertIntEQ(sk_X509_INFO_num(info_stack), 3);
for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
AssertNotNull(info->x509);
AssertNull(info->crl);
if (i != 0) {
AssertNotNull(info->x_pkey);
AssertIntEQ(X509_check_private_key(info->x509,
info->x_pkey->dec_pkey), 1);
}
else {
AssertNull(info->x_pkey);
}
}
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(concatBIO);
#endif
}
#endif
#ifndef NO_BIO
static void test_wolfSSL_X509_INFO(void)
{
@ -29795,6 +29866,7 @@ static void test_wolfSSL_X509_INFO(void)
AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
AssertNotNull(info->x509);
AssertNull(info->crl);
AssertNull(info->x_pkey);
}
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(cert);
@ -43307,6 +43379,34 @@ static void test_wolfSSL_EVP_PKEY_id(void)
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_paramgen(void)
{
#if defined(OPENSSL_ALL) && \
!defined(NO_ECC_SECP) && \
/* This last bit is taken from ecc.c. It is the condition that
* defines ECC256 */ \
((!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
ECC_MIN_KEY_SZ <= 256)
EVP_PKEY_CTX* ctx;
EVP_PKEY* pkey = NULL;
printf(testingFmt, "wolfSSL_EVP_PKEY_paramgen");
AssertNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL));
AssertIntEQ(EVP_PKEY_paramgen_init(ctx), 1);
AssertIntEQ(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, NID_X9_62_prime256v1), 1);
AssertIntEQ(EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE), 1);
AssertIntEQ(EVP_PKEY_keygen_init(ctx), 1);
AssertIntEQ(EVP_PKEY_keygen(ctx, &pkey), 1);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_keygen(void)
{
#if defined(OPENSSL_ALL)
@ -48860,9 +48960,6 @@ static void test_wolfSSL_PEM_X509_INFO_read_bio(void)
/* using dereference to maintain testing for Apache port*/
AssertNotNull(info = sk_X509_INFO_pop(sk));
AssertNotNull(info->x_pkey);
AssertNotNull(info->x_pkey->dec_pkey);
AssertIntEQ(EVP_PKEY_bits(info->x_pkey->dec_pkey), 2048);
AssertNotNull(subject =
X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
@ -52114,6 +52211,7 @@ void ApiTest(void)
test_wolfSSL_X509_NAME();
test_wolfSSL_X509_NAME_hash();
#ifndef NO_BIO
test_wolfSSL_X509_INFO_multiple_info();
test_wolfSSL_X509_INFO();
#endif
test_wolfSSL_X509_subject_name_hash();
@ -52367,6 +52465,7 @@ void ApiTest(void)
test_wolfSSL_EVP_PKEY_assign();
test_wolfSSL_EVP_PKEY_base_id();
test_wolfSSL_EVP_PKEY_id();
test_wolfSSL_EVP_PKEY_paramgen();
test_wolfSSL_EVP_PKEY_keygen();
test_wolfSSL_EVP_PKEY_keygen_init();
test_wolfSSL_EVP_PKEY_missing_parameters();

52
wolfcrypt/src/asn.c
View File

@ -29581,43 +29581,68 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
WOLFSSL_ENTER("OcspResponseDecode");
/* peel the outer SEQUENCE wrapper */
if (GetSequence(source, &idx, &length, size) < 0)
if (GetSequence(source, &idx, &length, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
/* First get the responseStatus, an ENUMERATED */
if (GetEnumerated(source, &idx, &resp->responseStatus, size) < 0)
if (GetEnumerated(source, &idx, &resp->responseStatus, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
if (resp->responseStatus != OCSP_SUCCESSFUL)
if (resp->responseStatus != OCSP_SUCCESSFUL) {
WOLFSSL_LEAVE("OcspResponseDecode", 0);
return 0;
}
/* Next is an EXPLICIT record called ResponseBytes, OPTIONAL */
if (idx >= size)
return ASN_INPUT_E;
if (GetASNTag(source, &idx, &tag, size) < 0)
if (idx >= size) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC))
}
if (GetASNTag(source, &idx, &tag, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
if (GetLength(source, &idx, &length, size) < 0)
}
if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
if (GetLength(source, &idx, &length, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
/* Get the responseBytes SEQUENCE */
if (GetSequence(source, &idx, &length, size) < 0)
if (GetSequence(source, &idx, &length, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
/* Check ObjectID for the resposeBytes */
if (GetObjectId(source, &idx, &oid, oidOcspType, size) < 0)
if (GetObjectId(source, &idx, &oid, oidOcspType, size) < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
if (oid != OCSP_BASIC_OID)
}
if (oid != OCSP_BASIC_OID) {
WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E);
return ASN_PARSE_E;
}
ret = GetOctetString(source, &idx, &length, size);
if (ret < 0)
if (ret < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ret);
return ret;
}
ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, noVerify);
if (ret < 0)
if (ret < 0) {
WOLFSSL_LEAVE("OcspResponseDecode", ret);
return ret;
}
WOLFSSL_LEAVE("OcspResponseDecode", 0);
return 0;
#else
DECL_ASNGETDATA(dataASN, ocspResponseASN_Length);
@ -29658,6 +29683,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify)
}
FREE_ASNGETDATA(dataASN, resp->heap);
WOLFSSL_LEAVE("OcspResponseDecode", ret);
return ret;
#endif /* WOLFSSL_ASN_TEMPLATE */
}

57
wolfcrypt/src/evp.c
View File

@ -1420,6 +1420,9 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E
ctx->pkey = pkey;
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
ctx->padding = RSA_PKCS1_PADDING;
#endif
#ifdef HAVE_ECC
ctx->curveNID = ECC_CURVE_DEF;
#endif
if (wolfSSL_EVP_PKEY_up_ref(pkey) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Couldn't increase key reference count");
@ -1920,6 +1923,49 @@ int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey)
}
int wolfSSL_EVP_PKEY_paramgen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
{
(void)ctx;
return WOLFSSL_SUCCESS;
}
int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx,
int nid)
{
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid");
#ifdef HAVE_ECC
if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == EVP_PKEY_EC) {
ctx->curveNID = nid;
return WOLFSSL_SUCCESS;
}
else
#endif
{
#ifndef HAVE_ECC
(void)ctx;
(void)nid;
WOLFSSL_MSG("Support not compiled in");
#else
WOLFSSL_MSG("Bad parameter");
#endif
return WOLFSSL_FAILURE;
}
}
/* wolfSSL only supports writing out named curves so no need to store the flag.
* In short, it is preferred to write out the name of the curve chosen instead
* of the explicit parameters.
* The difference is nicely explained and illustrated in section
* "ECDH and Named Curves" of
* https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman */
int EVP_PKEY_CTX_set_ec_param_enc(WOLFSSL_EVP_PKEY_CTX *ctx,
int flag)
{
(void)ctx;
(void)flag;
return WOLFSSL_SUCCESS;
}
int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
{
(void)ctx;
@ -1933,14 +1979,23 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
int ownPkey = 0;
WOLFSSL_EVP_PKEY* pkey;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen");
if (ctx == NULL || ppkey == NULL) {
return BAD_FUNC_ARG;
}
pkey = *ppkey;
if (pkey == NULL) {
if (ctx->pkey == NULL ||
(ctx->pkey->type != EVP_PKEY_EC &&
ctx->pkey->type != EVP_PKEY_RSA)) {
WOLFSSL_MSG("Key not set or key type not supported");
return BAD_FUNC_ARG;
}
ownPkey = 1;
pkey = wolfSSL_EVP_PKEY_new();
pkey->type = ctx->pkey->type;
if (pkey == NULL)
return ret;
@ -1962,7 +2017,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
#endif
#ifdef HAVE_ECC
case EVP_PKEY_EC:
pkey->ecc = wolfSSL_EC_KEY_new();
pkey->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID);
if (pkey->ecc) {
ret = wolfSSL_EC_KEY_generate_key(pkey->ecc);
if (ret == WOLFSSL_SUCCESS) {

53
wolfcrypt/src/logging.c
View File

@ -456,8 +456,7 @@ WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void)
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(OPENSSL_EXTRA)
#if (defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(NO_ERROR_QUEUE)) \
|| defined(DEBUG_WOLFSSL_VERBOSE)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line,
const char* file, void* usrCtx)
#else
@ -470,8 +469,7 @@ void WOLFSSL_ERROR(int error)
{
char buffer[WOLFSSL_MAX_ERROR_SZ];
#if (defined(OPENSSL_EXTRA) && !defined(_WIN32) && \
!defined(NO_ERROR_QUEUE)) || defined(DEBUG_WOLFSSL_VERBOSE)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
(void)usrCtx; /* a user ctx for future flexibility */
(void)func;
@ -577,6 +575,7 @@ int wc_LoggingCleanup(void)
int wc_PeekErrorNode(int idx, const char **file, const char **reason,
int *line)
{
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
struct wc_error_queue* err;
if (wc_LockMutex(&debug_mutex) != 0) {
@ -622,6 +621,14 @@ int wc_PeekErrorNode(int idx, const char **file, const char **reason,
wc_UnLockMutex(&debug_mutex);
return err->value;
#else
(void)idx;
(void)file;
(void)reason;
(void)line;
WOLFSSL_MSG("Error queue turned off, can not peak nodes");
return NOT_COMPILED_IN;
#endif
}
@ -637,6 +644,7 @@ int wc_PeekErrorNode(int idx, const char **file, const char **reason,
*/
int wc_PullErrorNode(const char **file, const char **reason, int *line)
{
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
struct wc_error_queue* err;
int value;
@ -669,6 +677,13 @@ int wc_PullErrorNode(const char **file, const char **reason, int *line)
wc_UnLockMutex(&debug_mutex);
return value;
#else
(void)file;
(void)reason;
(void)line;
WOLFSSL_MSG("Error queue turned off, can not pull nodes");
return NOT_COMPILED_IN;
#endif
}
@ -677,13 +692,7 @@ int wc_PullErrorNode(const char **file, const char **reason, int *line)
* function. debug_mutex should be locked before a call to this function. */
int wc_AddErrorNode(int error, int line, char* buf, char* file)
{
#if defined(NO_ERROR_QUEUE)
(void)error;
(void)line;
(void)buf;
(void)file;
WOLFSSL_MSG("Error queue turned off, can not add nodes");
#else
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
struct wc_error_queue* err;
if (wc_error_queue_count >= ERROR_QUEUE_MAX) {
@ -757,8 +766,15 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
}
wc_error_queue_count++;
}
#endif
return 0;
#else
(void)error;
(void)line;
(void)buf;
(void)file;
WOLFSSL_MSG("Error queue turned off, can not add nodes");
return NOT_COMPILED_IN;
#endif
}
/* Removes the error node at the specified index.
@ -767,6 +783,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file)
*/
void wc_RemoveErrorNode(int idx)
{
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
struct wc_error_queue* current;
if (wc_LockMutex(&debug_mutex) != 0) {
@ -797,6 +814,10 @@ void wc_RemoveErrorNode(int idx)
}
wc_UnLockMutex(&debug_mutex);
#else
(void)idx;
WOLFSSL_MSG("Error queue turned off, can not remove nodes");
#endif
}
@ -804,9 +825,7 @@ void wc_RemoveErrorNode(int idx)
*/
void wc_ClearErrorNodes(void)
{
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || \
defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return;
@ -830,7 +849,9 @@ void wc_ClearErrorNodes(void)
wc_last_node = NULL;
wc_current_node = NULL;
wc_UnLockMutex(&debug_mutex);
#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */
#else
WOLFSSL_MSG("Error queue turned off, can not clear nodes");
#endif
}
int wc_SetLoggingHeap(void* h)

3
wolfssl/openssl/ec.h
View File

@ -76,7 +76,8 @@ enum {
NID_ED25519 = ED25519k,
#endif
OPENSSL_EC_NAMED_CURVE = 0x001
OPENSSL_EC_EXPLICIT_CURVE = 0x000,
OPENSSL_EC_NAMED_CURVE = 0x001,
};
#ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */

10
wolfssl/openssl/evp.h
View File

@ -412,6 +412,9 @@ struct WOLFSSL_EVP_PKEY_CTX {
int op; /* operation */
int padding;
int nbits;
#ifdef HAVE_ECC
int curveNID;
#endif
};
struct WOLFSSL_ASN1_PCTX {
@ -625,6 +628,11 @@ WOLFSSL_API const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PK
WOLFSSL_API int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx);
WOLFSSL_API int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen);
WOLFSSL_API int wolfSSL_EVP_PKEY_paramgen_init(WOLFSSL_EVP_PKEY_CTX *ctx);
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx,
int nid);
WOLFSSL_API int EVP_PKEY_CTX_set_ec_param_enc(WOLFSSL_EVP_PKEY_CTX *ctx,
int flag);
WOLFSSL_API int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx);
WOLFSSL_API int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
WOLFSSL_EVP_PKEY **ppkey);
@ -925,6 +933,8 @@ WOLFSSL_API void wolfSSL_EVP_MD_do_all(void (*fn) (const WOLFSSL_EVP_MD *md,
#define EVP_MD_CTX_copy_ex wolfSSL_EVP_MD_CTX_copy_ex
#define EVP_PKEY_sign_init wolfSSL_EVP_PKEY_sign_init
#define EVP_PKEY_sign wolfSSL_EVP_PKEY_sign
#define EVP_PKEY_paramgen_init wolfSSL_EVP_PKEY_paramgen_init
#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid
#define EVP_PKEY_keygen wolfSSL_EVP_PKEY_keygen
#define EVP_PKEY_keygen_init wolfSSL_EVP_PKEY_keygen_init
#define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits

7
wolfssl/openssl/ssl.h
View File

@ -298,7 +298,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_CTX_free wolfSSL_CTX_free
#define SSL_free wolfSSL_free
#define SSL_shutdown wolfSSL_shutdown
#define SSL_set_timeout wolfSSL_set_timeout
#define SSL_set_timeout wolfSSL_SSL_SESSION_set_timeout
#define SSL_CTX_set_quiet_shutdown wolfSSL_CTX_set_quiet_shutdown
#define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown
@ -1441,8 +1441,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define ERR_LIB_USER 15
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \
defined(WOLFSSL_WPAS_SMALL)
#include <wolfssl/error-ssl.h>

9
wolfssl/wolfcrypt/logging.h
View File

@ -105,6 +105,12 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
WOLFSSL_API const char *wolfSSL_global_cflags(void);
#endif
#if (defined(OPENSSL_EXTRA) && !defined(_WIN32) && \
!defined(NO_ERROR_QUEUE)) || defined(DEBUG_WOLFSSL_VERBOSE)
#define WOLFSSL_HAVE_ERROR_QUEUE
#endif
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
WOLFSSL_LOCAL int wc_LoggingInit(void);
WOLFSSL_LOCAL int wc_LoggingCleanup(void);
@ -175,8 +181,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
#if (!defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && !defined(_WIN32))\
|| defined(DEBUG_WOLFSSL_VERBOSE)
#ifdef WOLFSSL_HAVE_ERROR_QUEUE
WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
const char* file, void* ctx);
#define WOLFSSL_ERROR(x) \