feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2535 from julek-wolfssl/nginx-1.15

Browse Source 
Nginx 1.15.0 & 1.16.1
This commit is contained in:
toddouska
2019-12-05 14:40:45 -08:00
committed by GitHub
parent a13ebf5258 b06cee333c
commit 312d5c98b3
9 changed files with 255 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ocsp.c
View File

@@ -509,9 +509,9 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
if (status != NULL)
*status = bs->status->status;
if (thisupd != NULL)
*thisupd = (WOLFSSL_ASN1_TIME*)bs->status->thisDateAsn;
*thisupd = &bs->status->thisDateParsed;
if (nextupd != NULL)
*nextupd = (WOLFSSL_ASN1_TIME*)bs->status->nextDateAsn;
*nextupd = &bs->status->nextDateParsed;
/* TODO: Not needed for Nginx. */
if (reason != NULL)

200
src/ssl.c
View File

@@ -10095,7 +10095,7 @@ WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
{
WOLFSSL_ENTER("SSL_get_session");
if (ssl)
return GetSession(ssl, 0, 0);
return GetSession(ssl, 0, 1);
return NULL;
}
@@ -12618,6 +12618,8 @@ int AddSession(WOLFSSL* ssl)
int ticLen = 0;
#endif
WOLFSSL_SESSION* session;
int i;
int overwrite = 0;
if (ssl->options.sessionCacheOff)
return 0;
@@ -12686,7 +12688,28 @@ int AddSession(WOLFSSL* ssl)
return BAD_MUTEX_E;
}
idx = SessionCache[row].nextIdx++;
for (i=0; i<SESSIONS_PER_ROW; i++) {
if (ssl->options.tls1_3) {
if (XMEMCMP(ssl->session.sessionID, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) {
WOLFSSL_MSG("Session already exists. Overwriting.");
overwrite = 1;
idx = i;
break;
}
}
else {
if (XMEMCMP(ssl->arrays->sessionID, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) {
WOLFSSL_MSG("Session already exists. Overwriting.");
overwrite = 1;
idx = i;
break;
}
}
}
if (!overwrite) {
idx = SessionCache[row].nextIdx++;
}
#ifdef SESSION_INDEX
ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
#endif
@@ -12760,9 +12783,15 @@ int AddSession(WOLFSSL* ssl)
#ifdef SESSION_CERTS
if (error == 0) {
session->chain.count = ssl->session.chain.count;
XMEMCPY(session->chain.certs, ssl->session.chain.certs,
sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
if (!overwrite || (overwrite && ssl->session.chain.count > 0)) {
/*
* If we are overwriting and no certs present in ssl->session.chain
* then keep the old chain.
*/
session->chain.count = ssl->session.chain.count;
XMEMCPY(session->chain.certs, ssl->session.chain.certs,
sizeof(x509_buffer) * session->chain.count);
}
}
#endif /* SESSION_CERTS */
#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
@@ -14093,6 +14122,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_BIO* bio;
WOLFSSL_X509 *cert = NULL;
WOLFSSL_X509_NAME *subjectName = NULL;
unsigned long err;
WOLFSSL_ENTER("wolfSSL_load_client_CA_file");
@@ -14128,6 +14158,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
cert = NULL;
}
err = wolfSSL_ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
/*
* wolfSSL_PEM_read_bio_X509 pushes an ASN_NO_PEM_HEADER error
* to the error queue on file end. This should not be left
* for the caller to find so we clear the last error.
*/
wc_RemoveErrorNode(-1);
}
wolfSSL_X509_free(cert);
wolfSSL_BIO_free(bio);
return list;
@@ -19683,6 +19725,45 @@ int wolfSSL_session_reused(WOLFSSL* ssl)
}
#if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE)
WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session)
{
#ifdef HAVE_EXT_CACHE
WOLFSSL_SESSION* copy;
WOLFSSL_ENTER("wolfSSL_SESSION_dup");
if (session == NULL)
return NULL;
#ifdef HAVE_SESSION_TICKET
if (session->isDynamic && !session->ticket) {
WOLFSSL_MSG("Session dynamic flag is set but ticket pointer is null");
return NULL;
}
#endif
copy = XMALLOC(sizeof(WOLFSSL_SESSION), NULL, DYNAMIC_TYPE_OPENSSL);
if (copy != NULL) {
XMEMCPY(copy, session, sizeof(WOLFSSL_SESSION));
copy->isAlloced = 1;
#ifdef HAVE_SESSION_TICKET
if (session->isDynamic) {
copy->ticket = XMALLOC(session->ticketLen, NULL,
DYNAMIC_TYPE_SESSION_TICK);
XMEMCPY(copy->ticket, session->ticket, session->ticketLen);
} else {
copy->ticket = copy->staticTicket;
}
#endif
}
return copy;
#else
WOLFSSL_MSG("wolfSSL_SESSION_dup was called "
"but HAVE_EXT_CACHE is not defined");
(void)session;
return NULL;
#endif /* HAVE_EXT_CACHE */
}
void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
{
if (session == NULL)
@@ -22070,24 +22151,30 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out)
const unsigned char* der;
int derSz = 0;
WOLFSSL_ENTER("wolfSSL_i2d_X509");
if (x509 == NULL || out == NULL) {
WOLFSSL_LEAVE("wolfSSL_i2d_X509", BAD_FUNC_ARG);
return BAD_FUNC_ARG;
}
der = wolfSSL_X509_get_der(x509, &derSz);
if (der == NULL) {
WOLFSSL_LEAVE("wolfSSL_i2d_X509", MEMORY_E);
return MEMORY_E;
}
if (*out == NULL) {
*out = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
if (*out == NULL) {
WOLFSSL_LEAVE("wolfSSL_i2d_X509", MEMORY_E);
return MEMORY_E;
}
}
XMEMCPY(*out, der, derSz);
WOLFSSL_LEAVE("wolfSSL_i2d_X509", derSz);
return derSz;
}
@@ -26489,19 +26576,19 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
}
p = (const char *)(asnTime->data);
/* GetTimeString not always available. */
wolfSSL_BIO_write(bio, MonthStr(p + 2), 3);
wolfSSL_BIO_write(bio, MonthStr(p + 4), 3);
wolfSSL_BIO_write(bio, " ", 1);
/* Day */
wolfSSL_BIO_write(bio, p + 4, 2);
wolfSSL_BIO_write(bio, p + 6, 2);
wolfSSL_BIO_write(bio, " ", 1);
/* Hour */
wolfSSL_BIO_write(bio, p + 6, 2);
wolfSSL_BIO_write(bio, ":", 1);
/* Min */
wolfSSL_BIO_write(bio, p + 8, 2);
wolfSSL_BIO_write(bio, ":", 1);
/* Secs */
/* Min */
wolfSSL_BIO_write(bio, p + 10, 2);
wolfSSL_BIO_write(bio, ":", 1);
/* Secs */
wolfSSL_BIO_write(bio, p + 12, 2);
wolfSSL_BIO_write(bio, " ", 1);
wolfSSL_BIO_write(bio, p, 4);
@@ -35101,6 +35188,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
}
if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
#endif
return NULL;
}
@@ -38383,7 +38473,8 @@ int wolfSSL_get_state(const WOLFSSL* ssl)
}
#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)
#ifndef NO_WOLFSSL_STUB
long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt)
@@ -38397,17 +38488,77 @@ long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt)
}
#endif
#ifndef NO_WOLFSSL_STUB
long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
{
WOLFSSL_STUB("SSL_CTX_ctrl");
long ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("SSL_CTX_ctrl");
switch (cmd) {
case SSL_CTRL_CHAIN:
#ifdef SESSION_CERTS
{
/*
* We don't care about opt here because a copy of the certificate is
* stored anyway so increasing the reference counter is not necessary.
* Just check to make sure that it is set to one of the correct values.
*/
WOLF_STACK_OF(WOLFSSL_X509)* sk = (WOLF_STACK_OF(WOLFSSL_X509)*) pt;
WOLFSSL_X509* x509;
int i;
if (!ctx || (opt != 0 && opt != 1)) {
ret = WOLFSSL_FAILURE;
break;
}
/* Clear certificate chain */
FreeDer(&ctx->certChain);
if (sk) {
for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) {
x509 = wolfSSL_sk_X509_value(sk, i);
/* Prevent wolfSSL_CTX_add_extra_chain_cert from freeing cert */
if (wolfSSL_X509_up_ref(x509) != 1) {
WOLFSSL_MSG("Error increasing reference count");
continue;
}
if (wolfSSL_CTX_add_extra_chain_cert(ctx, x509) !=
WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error adding certificate to context");
/* Decrease reference count on failure */
wolfSSL_X509_free(x509);
}
}
}
/* Free previous chain */
wolfSSL_sk_X509_free(ctx->x509Chain);
ctx->x509Chain = sk;
if (sk) {
for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) {
x509 = wolfSSL_sk_X509_value(sk, i);
/* On successful setting of new chain up all refs */
if (wolfSSL_X509_up_ref(x509) != 1) {
WOLFSSL_MSG("Error increasing reference count");
continue;
}
}
}
}
#else
WOLFSSL_MSG("Session certificates not compiled in");
ret = WOLFSSL_FAILURE;
#endif
break;
default:
ret = WOLFSSL_FAILURE;
break;
}
(void)ctx;
(void)cmd;
(void)opt;
(void)pt;
return WOLFSSL_FAILURE;
WOLFSSL_LEAVE("SSL_CTX_ctrl", (int)ret);
return ret;
}
#endif
#ifndef NO_WOLFSSL_STUB
long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx)
@@ -39427,7 +39578,7 @@ void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
wolfSSL_sk_X509_NAME_pop_free(sk, NULL);
}
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
/* Helper function for X509_NAME_print_ex. Sets *buf to string for domain
name attribute based on NID. Returns size of buf */
static int get_dn_attr_by_nid(int n, const char** buf)
@@ -39476,10 +39627,13 @@ static int get_dn_attr_by_nid(int n, const char** buf)
}
#endif
/*
* The BIO output of wolfSSL_X509_NAME_print_ex does NOT include the null terminator
*/
int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
int indent, unsigned long flags)
{
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
int count = 0, len = 0, totalSz = 0, tmpSz = 0;
char tmp[ASN_NAME_MAX];
char fullName[ASN_NAME_MAX];
@@ -39498,7 +39652,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
/* If XN_FLAG_DN_REV is present, print X509_NAME in reverse order */
if (flags == (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)) {
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
fullName[0] = '\0';
count = wolfSSL_X509_NAME_entry_count(name);
for (i = 0; i < count; i++) {
@@ -39514,33 +39668,35 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
if (len == 0 || buf == NULL)
return WOLFSSL_FAILURE;
tmpSz = str->length + len + 2; /* + 2 for '=' and null char */
tmpSz = str->length + len + 2; /* + 2 for '=' and comma */
if (tmpSz > ASN_NAME_MAX) {
WOLFSSL_MSG("Size greater than ASN_NAME_MAX");
return WOLFSSL_FAILURE;
}
if (i < count - 1) {
/* tmpSz+1 for last null char */
XSNPRINTF(tmp, tmpSz+1, "%s=%s,", buf, str->data);
XSTRNCAT(fullName, tmp, tmpSz);
}
else {
XSNPRINTF(tmp, tmpSz, "%s=%s", buf, str->data);
XSTRNCAT(fullName, tmp, tmpSz-1);
tmpSz--; /* Don't include null char in tmpSz */
}
totalSz += tmpSz;
}
if (wolfSSL_BIO_write(bio, fullName, totalSz) != totalSz)
return WOLFSSL_FAILURE;
return WOLFSSL_SUCCESS;
#endif /* WOLFSSL_APACHE_HTTPD || OPENSSL_ALL */
#endif /* WOLFSSL_APACHE_HTTPD || OPENSSL_ALL || WOLFSSL_NGINX */
}
else if (flags == XN_FLAG_RFC2253) {
if (wolfSSL_BIO_write(bio, name->name + 1, name->sz - 2)
!= name->sz - 2)
return WOLFSSL_FAILURE;
}
else if (wolfSSL_BIO_write(bio, name->name, name->sz) != name->sz)
else if (wolfSSL_BIO_write(bio, name->name, name->sz - 1) != name->sz - 1)
return WOLFSSL_FAILURE;
return WOLFSSL_SUCCESS;

44
tests/api.c
View File

@@ -4351,6 +4351,9 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
ASN1_STRING* asn;
int idx;
ASN1_OBJECT *object = NULL;
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
BIO* bio;
#endif
#ifndef NO_FILESYSTEM
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
@@ -4373,6 +4376,13 @@ static void test_wolfSSL_X509_NAME_get_entry(void)
idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
AssertIntGE(idx, 0);
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(X509_NAME_print_ex(bio, name, 4,
(XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
BIO_free(bio);
#endif
ne = X509_NAME_get_entry(name, idx);
AssertNotNull(ne);
AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
@@ -4409,7 +4419,13 @@ static void test_wolfSSL_PKCS12(void)
WOLFSSL_X509 *cert;
WOLFSSL_X509 *x509;
WOLFSSL_X509 *tmp;
STACK_OF(WOLFSSL_X509) *ca;
WOLFSSL_CTX *ctx;
WOLF_STACK_OF(WOLFSSL_X509) *ca;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)
WOLFSSL *ssl;
WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
#endif
printf(testingFmt, "wolfSSL_PKCS12()");
@@ -4450,6 +4466,28 @@ static void test_wolfSSL_PKCS12(void)
AssertNotNull(cert);
AssertNotNull(ca);
/* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)
/* Copy stack structure */
AssertNotNull(tmp_ca = sk_X509_dup(ca));
AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
/* CTX now owns the tmp_ca stack structure */
tmp_ca = NULL;
AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
AssertNotNull(tmp_ca);
AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
/* Check that the main cert is also set */
AssertNotNull(ssl = SSL_new(ctx));
AssertNotNull(SSL_get_certificate(ssl));
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif
/* should be 2 other certs on stack */
tmp = sk_X509_pop(ca);
@@ -23324,6 +23362,7 @@ static void test_wolfSSL_SESSION(void)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
WOLFSSL_SESSION* sess;
WOLFSSL_SESSION* sess_copy;
const unsigned char context[] = "user app context";
unsigned char* sessDer = NULL;
unsigned char* ptr = NULL;
@@ -23397,6 +23436,9 @@ static void test_wolfSSL_SESSION(void)
fdOpenSession(Task_self());
#endif
AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess));
wolfSSL_SESSION_free(sess_copy);
/* get session from DER and update the timeout */
AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);

16
wolfcrypt/src/asn.c
View File

@@ -15043,6 +15043,14 @@ static int DecodeSingleResponse(byte* source,
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
cs->thisDateAsn = source + idx;
localIdx = 0;
if (GetDateInfo(cs->thisDateAsn, &localIdx, NULL,
(byte*)&cs->thisDateParsed.type,
&cs->thisDateParsed.length, size) < 0)
return ASN_PARSE_E;
XMEMCPY(cs->thisDateParsed.data,
cs->thisDateAsn + localIdx - cs->thisDateParsed.length,
cs->thisDateParsed.length);
#endif
if (GetBasicDate(source, &idx, cs->thisDate,
&cs->thisDateFormat, size) < 0)
@@ -15068,6 +15076,14 @@ static int DecodeSingleResponse(byte* source,
return ASN_PARSE_E;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
cs->nextDateAsn = source + idx;
localIdx = 0;
if (GetDateInfo(cs->nextDateAsn, &localIdx, NULL,
(byte*)&cs->nextDateParsed.type,
&cs->nextDateParsed.length, size) < 0)
return ASN_PARSE_E;
XMEMCPY(cs->nextDateParsed.data,
cs->nextDateAsn + localIdx - cs->nextDateParsed.length,
cs->nextDateParsed.length);
#endif
if (GetBasicDate(source, &idx, cs->nextDate,
&cs->nextDateFormat, size) < 0)

4
wolfcrypt/src/evp.c
View File

@@ -184,7 +184,7 @@ int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
if (ctx && ctx->enc) {
if (ctx && !ctx->enc) {
WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal");
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
}
@@ -196,7 +196,7 @@ int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
if (ctx && ctx->enc) {
if (ctx && !ctx->enc) {
WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_ex");
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
}

4
wolfssl/openssl/ssl.h
View File

@@ -274,6 +274,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM;
#define SSL_set_connect_state wolfSSL_set_connect_state
#define SSL_set_accept_state wolfSSL_set_accept_state
#define SSL_session_reused wolfSSL_session_reused
#define SSL_SESSION_dup wolfSSL_SESSION_dup
#define SSL_SESSION_free wolfSSL_SESSION_free
#define SSL_is_init_finished wolfSSL_is_init_finished
@@ -850,7 +851,8 @@ enum {
#define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free
#define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)
#include <wolfssl/openssl/pem.h>
#define SSL_CTRL_CHAIN 88

12
wolfssl/ssl.h
View File

@@ -167,7 +167,6 @@ typedef struct WOLFSSL_BIO WOLFSSL_BIO;
typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD;
typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
typedef struct WOLFSSL_CONF_VALUE WOLFSSL_CONF_VALUE;
typedef struct WOLFSSL_ASN1_TIME WOLFSSL_ASN1_TIME;
typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT;
typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME;
typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX;
@@ -202,13 +201,6 @@ struct WOLFSSL_BASIC_CONSTRAINTS {
#define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
#define WOLFSSL_ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
struct WOLFSSL_ASN1_TIME {
unsigned char data[CTC_DATE_SIZE]; /* date bytes */
int length;
int type;
};
struct WOLFSSL_ASN1_STRING {
char strData[CTC_NAME_SIZE];
int length;
@@ -872,7 +864,8 @@ WOLFSSL_ABI WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*);
WOLFSSL_ABI WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)
WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t,
WOLFSSL_BIO**, size_t);
@@ -1099,6 +1092,7 @@ WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*);
WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);

2
wolfssl/wolfcrypt/asn.h
View File

@@ -1227,6 +1227,8 @@ struct CertStatus {
byte thisDateFormat;
byte nextDateFormat;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
WOLFSSL_ASN1_TIME thisDateParsed;
WOLFSSL_ASN1_TIME nextDateParsed;
byte* thisDateAsn;
byte* nextDateAsn;
#endif

6
wolfssl/wolfcrypt/asn_public.h
View File

@@ -166,6 +166,12 @@ typedef struct DerBuffer {
int dynType; /* DYNAMIC_TYPE_* */
} DerBuffer;
typedef struct WOLFSSL_ASN1_TIME {
unsigned char data[CTC_DATE_SIZE]; /* date bytes */
int length;
int type;
} WOLFSSL_ASN1_TIME;
enum {
IV_SZ = 32, /* max iv sz */
NAME_SZ = 80, /* max one line */