forked from wolfSSL/wolfssl
Implement missing functionality for OpenVPN 2.5
This commit is contained in:
Juliusz Sosinowicz
20
src/ssl.c
20
src/ssl.c
@ -20843,6 +20843,26 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
if (ctx) {
|
||||
if (ctx->ourCert == NULL) {
|
||||
if (ctx->certificate == NULL) {
|
||||
WOLFSSL_MSG("Ctx Certificate buffer not set!");
|
||||
return NULL;
|
||||
}
|
||||
#ifndef WOLFSSL_X509_STORE_CERTS
|
||||
ctx->ourCert = wolfSSL_X509_d2i(NULL,
|
||||
ctx->certificate->buffer,
|
||||
ctx->certificate->length);
|
||||
#endif
|
||||
ctx->ownOurCert = 1;
|
||||
}
|
||||
return ctx->ourCert;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */
|
||||
#endif /* NO_CERTS */
|
||||
|
||||
|
||||
@ -5031,6 +5031,7 @@ static void test_wolfSSL_PKCS12(void)
|
||||
AssertNotNull(tmp_ca);
|
||||
AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
|
||||
/* Check that the main cert is also set */
|
||||
AssertNotNull(SSL_CTX_get0_certificate(ctx));
|
||||
AssertNotNull(ssl = SSL_new(ctx));
|
||||
AssertNotNull(SSL_get_certificate(ssl));
|
||||
SSL_free(ssl);
|
||||
|
||||
@ -1229,7 +1229,8 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
|
||||
case AES_128_GCM_TYPE:
|
||||
case AES_192_GCM_TYPE:
|
||||
case AES_256_GCM_TYPE:
|
||||
return WOLFSSL_EVP_CIPH_GCM_MODE;
|
||||
return WOLFSSL_EVP_CIPH_GCM_MODE &
|
||||
WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
|
||||
#endif
|
||||
#if defined(WOLFSSL_AES_COUNTER)
|
||||
case AES_128_CTR_TYPE:
|
||||
@ -4387,7 +4388,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
WOLFSSL_MSG("EVP_AES_128_GCM");
|
||||
ctx->cipherType = AES_128_GCM_TYPE;
|
||||
ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
|
||||
ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE;
|
||||
ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
|
||||
WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
|
||||
ctx->keyLen = 16;
|
||||
ctx->block_size = AES_BLOCK_SIZE;
|
||||
ctx->authTagSz = AES_BLOCK_SIZE;
|
||||
@ -4411,7 +4413,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
WOLFSSL_MSG("EVP_AES_192_GCM");
|
||||
ctx->cipherType = AES_192_GCM_TYPE;
|
||||
ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
|
||||
ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE;
|
||||
ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
|
||||
WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
|
||||
ctx->keyLen = 24;
|
||||
ctx->block_size = AES_BLOCK_SIZE;
|
||||
ctx->authTagSz = AES_BLOCK_SIZE;
|
||||
@ -4435,7 +4438,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
WOLFSSL_MSG("EVP_AES_256_GCM");
|
||||
ctx->cipherType = AES_256_GCM_TYPE;
|
||||
ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
|
||||
ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE;
|
||||
ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
|
||||
WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
|
||||
ctx->keyLen = 32;
|
||||
ctx->block_size = AES_BLOCK_SIZE;
|
||||
ctx->authTagSz = AES_BLOCK_SIZE;
|
||||
|
||||
@ -645,6 +645,8 @@ WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
|
||||
#define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE
|
||||
#define EVP_CIPH_XTS_MODE WOLFSSL_EVP_CIPH_XTS_MODE
|
||||
|
||||
#define EVP_CIPH_FLAG_AEAD_CIPHER WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER
|
||||
|
||||
#define WOLFSSL_EVP_CIPH_MODE 0x0007
|
||||
#define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0
|
||||
#define WOLFSSL_EVP_CIPH_ECB_MODE 0x1
|
||||
@ -655,6 +657,7 @@ WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
|
||||
#define WOLFSSL_EVP_CIPH_GCM_MODE 0x6
|
||||
#define WOLFSSL_EVP_CIPH_CCM_MODE 0x7
|
||||
#define WOLFSSL_EVP_CIPH_XTS_MODE 0x10
|
||||
#define WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER 0x20
|
||||
#define WOLFSSL_EVP_CIPH_NO_PADDING 0x100
|
||||
#define EVP_CIPH_VARIABLE_LENGTH 0x200
|
||||
#define WOLFSSL_EVP_CIPH_TYPE_INIT 0xff
|
||||
|
||||
@ -178,6 +178,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
#define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode
|
||||
#define SSL_CTX_get_verify_depth wolfSSL_CTX_get_verify_depth
|
||||
#define SSL_get_certificate wolfSSL_get_certificate
|
||||
#define SSL_CTX_get0_certificate wolfSSL_CTX_get0_certificate
|
||||
#define SSL_use_certificate wolfSSL_use_certificate
|
||||
#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
|
||||
#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
|
||||
@ -302,6 +303,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
|
||||
/* wolfSSL does not support exporting keying material */
|
||||
#define SSL_export_keying_material(...) 0
|
||||
|
||||
#define SSL_CTX_set1_groups wolfSSL_CTX_set_groups
|
||||
#define SSL_set1_groups wolfSSL_set_groups
|
||||
|
||||
#define SSL_CTX_set1_groups_list wolfSSL_CTX_set1_groups_list
|
||||
#define SSL_set1_groups_list wolfSSL_set1_groups_list
|
||||
|
||||
@ -1246,6 +1250,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define OPENSSL_cleanse wolfSSL_OPENSSL_cleanse
|
||||
#define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout
|
||||
#define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh
|
||||
#define SSL_CTX_set_ecdh_auto(...)
|
||||
#define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session
|
||||
#define SSL_get_rbio wolfSSL_SSL_get_rbio
|
||||
#define SSL_get_wbio wolfSSL_SSL_get_wbio
|
||||
|
||||
@ -2400,6 +2400,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
|
||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||
defined(KEEP_OUR_CERT)
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
|
||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user