feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

BIO s_socket and BN mod exp

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-12-01 14:07:50 -07:00
parent e741a24089
commit 2daeecdb90
10 changed files with 194 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
certs/include.am
View File

@ -31,7 +31,8 @@ EXTRA_DIST += \
certs/server-revoked-cert.pem \
certs/server-revoked-key.pem \
certs/wolfssl-website-ca.pem \
certs/test-servercert.p12
certs/test-servercert.p12 \
certs/dsaparams.pem
EXTRA_DIST += \
certs/ca-key.der \
certs/ca-cert.der \

21
src/bio.c
View File

@ -39,13 +39,17 @@ WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b)
return 0;
}
/*** TBD ***/
WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *b, void *m)
long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
{
(void) b;
(void) m;
WOLFSSL_ENTER("BIO_get_mem_ptr");
return 0;
if (bio == NULL || ptr == NULL) {
return SSL_FAILURE;
}
*ptr = (WOLFSSL_BUF_MEM*)(bio->mem);
return SSL_SUCCESS;
}
/*** TBD ***/
@ -59,13 +63,6 @@ WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int i
return 0;
}
/*** TBD ***/
WOLFSSL_API const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void)
{
WOLFSSL_ENTER("BIO_s_socket");
return NULL;
}
/*** TBD ***/
WOLFSSL_API long wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size)
{

12
src/internal.c
View File

@ -6462,8 +6462,12 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
while (listSz) {
word32 certSz;
if (totalCerts >= MAX_CHAIN_DEPTH)
if (totalCerts >= MAX_CHAIN_DEPTH) {
#ifdef OPENSSL_EXTRA
ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
#endif
return MAX_CHAIN_ERROR;
}
if ((*inOutIdx - begin) + OPAQUE24_LEN > size)
return BUFFER_ERROR;
@ -6684,6 +6688,9 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (ret == 0) {
WOLFSSL_MSG("Verified Peer's cert");
#ifdef OPENSSL_EXTRA
ssl->peerVerifyRet = X509_V_OK;
#endif
fatal = 0;
}
else if (ret == ASN_PARSE_E) {
@ -6821,6 +6828,9 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
ssl->error = ret;
#ifdef OPENSSL_EXTRA
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
#endif
return ret;
}
ssl->options.havePeerCert = 1;

82
src/ssl.c
View File

@ -9945,6 +9945,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void)
{
static WOLFSSL_BIO_METHOD meth;
WOLFSSL_ENTER("BIO_s_socket");
meth.type = BIO_SOCKET;
return &meth;
}
WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int closeF)
{
WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
@ -13711,13 +13722,18 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
{
int ret = SSL_SUCCESS;
WOLFSSL_STUB("wolfSSL_X509_STORE_set_flags");
WOLFSSL_ENTER("wolfSSL_X509_STORE_set_flags");
if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK)) {
ret = wolfSSL_CertManagerEnableCRL(store->cm, (int)flag);
}
(void)store;
(void)flag;
return 1;
return ret;
}
@ -14217,13 +14233,13 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *
return 0;
}
/*** TBD ***/
WOLFSSL_API unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl)
unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl)
{
(void)ssl;
return 0;
return ssl->peerVerifyRet;
}
long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx)
{
(void)ctx;
@ -14934,16 +14950,28 @@ int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
return 0;
}
/*** TBFD ***/
WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
/* r = (a^p) % m */
int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
{
(void) r;
(void) a;
(void) p;
(void) m;
int ret;
WOLFSSL_ENTER("wolfSSL_BN_mod_exp");
(void) ctx;
return 0;
if (r == NULL || a == NULL || p == NULL || m == NULL) {
WOLFSSL_MSG("Bad Argument");
return SSL_FAILURE;
}
if ((ret = mp_exptmod((mp_int*)a->internal,(mp_int*)p->internal,
(mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) {
return SSL_SUCCESS;
}
WOLFSSL_LEAVE("wolfSSL_BN_mod_exp", ret);
return SSL_FAILURE;
}
const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
@ -19795,9 +19823,9 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
}
#ifdef HAVE_ECC
const char * wolf_OBJ_nid2sn(int n) {
const char * wolfSSL_OBJ_nid2sn(int n) {
int i;
WOLFSSL_ENTER("wolf_OBJ_nid2sn");
WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn");
/* find based on NID and return name */
for (i = 0; i < ecc_sets[i].size; i++) {
@ -19808,17 +19836,17 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
return NULL;
}
int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
(void)o;
WOLFSSL_ENTER("wolf_OBJ_obj2nid");
WOLFSSL_STUB("wolf_OBJ_obj2nid");
WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid");
WOLFSSL_STUB("wolfSSL_OBJ_obj2nid");
return 0;
}
int wolf_OBJ_sn2nid(const char *sn) {
int wolfSSL_OBJ_sn2nid(const char *sn) {
int i;
WOLFSSL_ENTER("wolf_OBJ_osn2nid");
WOLFSSL_ENTER("wolfSSL_OBJ_osn2nid");
/* find based on name and return NID */
for (i = 0; i < ecc_sets[i].size; i++) {
@ -19831,25 +19859,25 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
#endif /* HAVE_ECC */
WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
(void)bp;
(void)x;
(void)cb;
(void)u;
WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509");
WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509");
WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
WOLFSSL_STUB("wolfSSL_PEM_read_bio_X509");
return NULL;
}
/*** TBD ***/
WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
(void)bp;
(void)x;
(void)cb;
(void)u;
WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509");
WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509");
WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
WOLFSSL_STUB("wolfSSL_PEM_read_bio_X509");
return NULL;
}
@ -19974,7 +20002,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
}
return wc_last_error;
#else
return NOT_COMPILED_IN;
return (unsigned long)(0 - NOT_COMPILED_IN);
#endif
}

96
tests/api.c
View File

@ -48,6 +48,7 @@
#include <wolfssl/openssl/pkcs12.h>
#include <wolfssl/openssl/evp.h>
#include <wolfssl/openssl/dh.h>
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/pem.h>
#ifndef NO_DES3
#include <wolfssl/openssl/des.h>
@ -2414,7 +2415,7 @@ static void test_wolfSSL_certs(void)
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
wolfSSL_sk_ASN1_OBJECT_free(sk);
/* test invalid cases */
crit = 0;
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL);
@ -2576,13 +2577,26 @@ static void test_wolfSSL_tmp_dh(void)
static void test_wolfSSL_ctrl(void)
{
#if defined(OPENSSL_EXTRA)
byte buffer[5300];
BIO* bio;
int bytes;
BUF_MEM* ptr = NULL;
printf(testingFmt, "wolfSSL_crtl()");
bytes = sizeof(buffer);
bio = BIO_new_mem_buf((void*)buffer, bytes);
AssertNotNull(bio);
AssertNotNull(BIO_s_socket());
AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), SSL_SUCCESS);
/* needs tested after stubs filled out @TODO
SSL_ctrl
SSL_CTX_ctrl
*/
BIO_free(bio);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) */
}
@ -2657,7 +2671,7 @@ static void test_wolfSSL_ERR_peek_last_error_line(void)
FreeTcpReady(&ready);
/* check that error code was stored */
AssertIntNE(wolfSSL_ERR_peek_last_error_line(NULL, NULL), 0);
AssertIntNE((int)wolfSSL_ERR_peek_last_error_line(NULL, NULL), 0);
wolfSSL_ERR_peek_last_error_line(NULL, &line);
AssertIntNE(line, 0);
wolfSSL_ERR_peek_last_error_line(&file, NULL);
@ -2669,7 +2683,81 @@ static void test_wolfSSL_ERR_peek_last_error_line(void)
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
!defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */
}
static void test_wolfSSL_X509_STORE_set_flags(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
X509_STORE* store;
X509* x509;
printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()");
AssertNotNull((store = wolfSSL_X509_STORE_new()));
AssertNotNull((x509 =
wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
#ifdef HAVE_CRL
AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), SSL_SUCCESS);
#else
AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
NOT_COMPILED_IN);
#endif
wolfSSL_X509_free(x509);
wolfSSL_X509_STORE_free(store);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) */
}
static void test_wolfSSL_BN(void)
{
#if defined(OPENSSL_EXTRA)
BIGNUM* a;
BIGNUM* b;
BIGNUM* c;
BIGNUM* d;
unsigned char value[1];
printf(testingFmt, "wolfSSL_BN()");
AssertNotNull(a = BN_new());
AssertNotNull(b = BN_new());
AssertNotNull(c = BN_new());
AssertNotNull(d = BN_new());
value[0] = 0x03;
AssertNotNull(BN_bin2bn(value, sizeof(value), a));
value[0] = 0x02;
AssertNotNull(BN_bin2bn(value, sizeof(value), b));
value[0] = 0x05;
AssertNotNull(BN_bin2bn(value, sizeof(value), c));
/* a^b mod c = */
AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), SSL_FAILURE);
AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), SSL_SUCCESS);
/* check result 3^2 mod 5 */
value[0] = 0;
AssertIntEQ(BN_bn2bin(d, value), SSL_SUCCESS);
AssertIntEQ((int)(value[0] & 0x04), 4);
BN_free(a);
BN_free(b);
BN_free(c);
BN_clear_free(d);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) */
}
/*----------------------------------------------------------------------------*
@ -2725,6 +2813,8 @@ void ApiTest(void)
test_wolfSSL_ctrl();
test_wolfSSL_CTX_add_extra_chain_cert();
test_wolfSSL_ERR_peek_last_error_line();
test_wolfSSL_X509_STORE_set_flags();
test_wolfSSL_BN();
AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS);
printf(" End API Tests\n");

6
wolfcrypt/src/logging.c
View File

@ -217,7 +217,6 @@ void WOLFSSL_ERROR(int error)
{
if (loggingEnabled) {
char buffer[80];
sprintf(buffer, "wolfSSL error occurred, error = %d", error);
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
(void)usrCtx; /* a user ctx for future flexibility */
(void)func;
@ -228,7 +227,10 @@ void WOLFSSL_ERROR(int error)
if (XSTRLEN(file) < sizeof(file)) {
XSTRNCPY((char*)wc_last_error_file, file, XSTRLEN(file));
}
sprintf(buffer, "%s line:%d file:%s", buffer, line, file);
sprintf(buffer, "wolfSSL error occurred, error = %d line:%d file:%s",
error, line, file);
#else
sprintf(buffer, "wolfSSL error occurred, error = %d", error);
#endif
wolfssl_log(ERROR_LOG , buffer);
}

1
wolfssl/internal.h
View File

@ -2750,6 +2750,7 @@ struct WOLFSSL {
#ifdef OPENSSL_EXTRA
WOLFSSL_BIO* biord; /* socket bio read to free/close */
WOLFSSL_BIO* biowr; /* socket bio write to free/close */
unsigned long peerVerifyRet;
#ifdef HAVE_PK_CALLBACKS
void* loggingCtx; /* logging callback argument */
#endif

16
wolfssl/openssl/ssl.h
View File

@ -80,6 +80,7 @@ typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER;
typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT;
typedef WOLFSSL_ASN1_STRING ASN1_STRING;
typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value;
typedef WOLFSSL_BUF_MEM BUF_MEM;
/* GENERAL_NAME and BASIC_CONSTRAINTS structs may need implemented as
* compatibility layer expands. For now treating them as an ASN1_OBJECT */
@ -109,7 +110,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define ERR_print_errors_fp(file) wolfSSL_print_all_errors_fp((file))
/* at the moment only returns ok */
#define SSL_get_verify_result(ctx) X509_V_OK
#define SSL_get_verify_result wolfSSL_get_verify_result
#define SSL_get_verify_mode wolfSSL_SSL_get_mode
#define SSL_get_verify_depth wolfSSL_get_verify_depth
#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode
@ -474,11 +475,11 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey
#define BIO_read_filename wolfSSL_BIO_read_filename
#define BIO_s_file wolfSSL_BIO_s_file
#define OBJ_nid2sn wolf_OBJ_nid2sn
#define OBJ_obj2nid wolf_OBJ_obj2nid
#define OBJ_sn2nid wolf_OBJ_sn2nid
#define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509
#define PEM_read_bio_X509_AUX PEM_read_bio_WOLFSSL_X509_AUX
#define OBJ_nid2sn wolfSSL_OBJ_nid2sn
#define OBJ_obj2nid wolfSSL_OBJ_obj2nid
#define OBJ_sn2nid wolfSSL_OBJ_sn2nid
#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509
#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX
#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth
#define SSL_get_app_data wolfSSL_get_app_data
#define SSL_set_app_data wolfSSL_set_app_data
@ -588,6 +589,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define SSL_ctrl wolfSSL_ctrl
#define SSL_CTX_ctrl wolfSSL_CTX_ctrl
#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK
#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL
#ifdef HAVE_STUNNEL
#include <wolfssl/openssl/asn1.h>

14
wolfssl/ssl.h
View File

@ -115,6 +115,7 @@ typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value;
typedef struct WOLFSSL_DH WOLFSSL_DH;
typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING;
typedef unsigned char* WOLFSSL_BUF_MEM;
#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
@ -541,7 +542,7 @@ WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE fp);
WOLFSSL_API long wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
WOLFSSL_API long wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *b, void *m);
WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
WOLFSSL_API void wolfSSL_RAND_screen(void);
WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long);
@ -751,6 +752,7 @@ enum {
WOLFSSL_OCSP_CHECKALL = 4,
WOLFSSL_CRL_CHECKALL = 1,
WOLFSSL_CRL_CHECK = 27,
ASN1_GENERALIZEDTIME = 4,
@ -1954,11 +1956,11 @@ WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void);
/* These are to be merged shortly */
WOLFSSL_API const char * wolf_OBJ_nid2sn(int n);
WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn);
WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509_AUX
WOLFSSL_API const char * wolfSSL_OBJ_nid2sn(int n);
WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);

1
wolfssl/test.h
View File

@ -524,6 +524,7 @@ static INLINE void showPeer(WOLFSSL* ssl)
#endif
#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl));
#endif /* SHOW_CERTS */
printf("SSL version is %s\n", wolfSSL_get_version(ssl));