feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

implemented CONF_cmd

Browse Source
This commit is contained in:
Hideki Miyazaki
2021-04-22 15:27:56 +09:00
parent 956a0f2b5f
commit 394c0b5cdc
4 changed files with 431 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

383
src/ssl.c
View File

@@ -56073,6 +56073,7 @@ void wolfSSL_CONF_CTX_free(WOLFSSL_CONF_CTX* cctx)
if (cctx) { if (cctx) {
XFREE(cctx, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(cctx, NULL, DYNAMIC_TYPE_OPENSSL);
} }
WOLFSSL_LEAVE("wolfSSL_CONF_CTX_free", 1);
} }
/** /**
* Set WOLFSSL_CTX instance to WOLFSSL_CONF_CTX * Set WOLFSSL_CTX instance to WOLFSSL_CONF_CTX
@@ -56092,6 +56093,7 @@ void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx)
} }
cctx->ctx = ctx; cctx->ctx = ctx;
WOLFSSL_LEAVE("wolfSSL_CONF_CTX_set_ssl_ctx", 1);
} }
/** /**
* set flag value into WOLFSSL_CONF_CTX * set flag value into WOLFSSL_CONF_CTX
@@ -56110,36 +56112,397 @@ unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx,
return cctx->flags; return cctx->flags;
} }
#ifndef NO_WOLFSSL_STUB
/** /**
* finish configuration command operation * finish configuration command operation
* @param cctx a pointer to WOLFSSL_CONF_CTX structure to be set * @param cctx a pointer to WOLFSSL_CONF_CTX structure to be set
* @return WOLFSSL_SUCCESS on success, * @return WOLFSSL_SUCCESS on success
* otherwise WOLFSSL_FAILURE (stub currently returns WOLFSSL_FAILURE always)
*/ */
int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx) int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx)
{ {
WOLFSSL_STUB("wolfSSL_CONF_CTX_finish");
(void)cctx; (void)cctx;
return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS;
} }
#define WOLFSSL_CONF_FILE_CMD1 "Curves"
#define WOLFSSL_CONF_FILE_CMD2 "Certificate"
#define WOLFSSL_CONF_FILE_CMD3 "PrivateKey"
#define WOLFSSL_CONF_FILE_CMD4 "Protocol"
#define WOLFSSL_CONF_FILE_CMD5 "Options"
#define WOLFSSL_CONF_FILE_CMD6 "ServerInfoFile"
#define WOLFSSL_CONF_FILE_CMD7 "SignatureAlgorithms"
#define WOLFSSL_CONF_FILE_CMD8 "ClientSignatureAlgorithms"
#define WOLFSSL_CONF_FILE_CMD9 "CipherString"
#define WOLFSSL_CONF_CMDL_CMD1 "curves"
#define WOLFSSL_CONF_CMDL_CMD2 "cert"
#define WOLFSSL_CONF_CMDL_CMD3 "key"
#define WOLFSSL_CONF_CMDL_CMD4 NULL
#define WOLFSSL_CONF_CMDL_CMD5 NULL
#define WOLFSSL_CONF_CMDL_CMD6 NULL
#define WOLFSSL_CONF_CMDL_CMD7 "sigalgs"
#define WOLFSSL_CONF_CMDL_CMD8 "client_sigalgs"
#define WOLFSSL_CONF_CMDL_CMD9 "cipher"
#if !defined(NO_DH) && !defined(NO_BIO)
#define WOLFSSL_CONF_FILE_CMD10 "DHParameters"
#define WOLFSSL_CONF_CMDL_CMD10 "dhparam"
#endif
#ifdef HAVE_ECC
#define WOLFSSL_CONF_FILE_CMD11 "ECDHParameters"
#define WOLFSSL_CONF_CMDL_CMD11 "named_curves"
#endif
/**
* process Cipher String command
* @param cctx a pointer to WOLFSSL_CONF_CTX structure
* @param value arguments for cmd
* @return WOLFSSL_SUCCESS on success,
* otherwise WOLFSSL_FAILURE or
* -3 if value is null or
* negative value on other failure
*/
static int cmdfunc_cipherstring(WOLFSSL_CONF_CTX* cctx, const char* value)
{
int ret = -3;
WOLFSSL_ENTER("cmdfunc_cipherstring");
/* sanity check */
if (cctx == NULL)
return WOLFSSL_FAILURE;
if (value == NULL) {
WOLFSSL_MSG("bad arguments");
return ret;
}
if (cctx->ctx) {
ret = wolfSSL_CTX_set_cipher_list(cctx->ctx, value);
}
if (cctx->ssl) {
ret = wolfSSL_set_cipher_list(cctx->ssl, value);
}
WOLFSSL_LEAVE("cmdfunc_cipherstring", ret);
return ret;
}
/**
* process curves command
* @param cctx a pointer to WOLFSSL_CONF_CTX structure
* @param value arguments for cmd
* @return WOLFSSL_SUCCESS on success,
* otherwise WOLFSSL_FAILURE or
* -3 if value is null or
* negative value on other failure
*/
#if defined(HAVE_ECC)
static int cmdfunc_curves(WOLFSSL_CONF_CTX* cctx, const char* value)
{
int ret = -3;
WOLFSSL_ENTER("cmdfunc_curves");
/* sanity check */
if (cctx == NULL)
return WOLFSSL_FAILURE;
if (value == NULL) {
WOLFSSL_MSG("bad arguments");
return ret;
}
if (cctx->ctx) {
ret = wolfSSL_CTX_set1_curves_list(cctx->ctx, value);
}
if (cctx->ssl) {
ret = wolfSSL_set1_curves_list(cctx->ssl, value);
}
WOLFSSL_LEAVE("cmdfunc_curves", ret);
return ret;
}
#endif
/**
* process cert command
* @param cctx a pointer to WOLFSSL_CONF_CTX structure
* @param value arguments for cmd
* @return WOLFSSL_SUCCESS on success,
* otherwise WOLFSSL_FAILURE or
* -3 if value is null or
* negative value on other failure
*/
static int cmdfunc_cert(WOLFSSL_CONF_CTX* cctx, const char* value)
{
int ret = -3;
WOLFSSL_ENTER("cmdfunc_cert");
/* sanity check */
if (cctx == NULL)
return WOLFSSL_FAILURE;
if (value == NULL) {
WOLFSSL_MSG("bad arguments");
return ret;
}
if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
WOLFSSL_MSG("certificate flag is not set");
return -2;
}
if (cctx->ctx) {
ret = wolfSSL_CTX_use_certificate_chain_file(cctx->ctx, value);
}
if (cctx->ssl) {
ret = wolfSSL_use_certificate_file(cctx->ssl, value,
WOLFSSL_FILETYPE_PEM);
}
WOLFSSL_LEAVE("cmdfunc_cert", ret);
return ret;
}
/**
* process key command
* @param cctx a pointer to WOLFSSL_CONF_CTX structure
* @param value arguments for cmd
* @return WOLFSSL_SUCCESS on success,
* otherwise WOLFSSL_FAILURE or
* -3 if value is null or
* negative value on other failure
*/
static int cmdfunc_key(WOLFSSL_CONF_CTX* cctx, const char* value)
{
int ret = -3;
WOLFSSL_ENTER("cmdfunc_key");
/* sanity check */
if (cctx == NULL)
return WOLFSSL_FAILURE;
if (value == NULL) {
WOLFSSL_MSG("bad arguments");
return ret;
}
if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
WOLFSSL_MSG("certificate flag is not set");
return -2;
}
if (cctx->ctx) {
ret = wolfSSL_CTX_use_PrivateKey_file(cctx->ctx, value,
WOLFSSL_FILETYPE_PEM);
}
if (cctx->ssl) {
ret = wolfSSL_use_PrivateKey_file(cctx->ssl, value,
WOLFSSL_FILETYPE_PEM);
}
WOLFSSL_LEAVE("cmdfunc_key", ret);
return ret;
}
/**
* process DH parameter command
* @param cctx a pointer to WOLFSSL_CONF_CTX structure
* @param value arguments for cmd
* @return WOLFSSL_SUCCESS on success,
* otherwise WOLFSSL_FAILURE or
* -3 if value is null or
* negative value on other failure
*/
#if !defined(NO_DH) && !defined(NO_BIO)
static int cmdfunc_dhparam(WOLFSSL_CONF_CTX* cctx, const char* value)
{
int ret = -3;
WOLFSSL_DH* dh = NULL;
WOLFSSL_BIO* bio = NULL;
WOLFSSL_MSG("cmdfunc_dhparam");
/* sanity check */
if (cctx == NULL)
return WOLFSSL_FAILURE;
if (value == NULL) {
WOLFSSL_MSG("bad arguments");
return ret;
}
if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
WOLFSSL_MSG("certificate flag is not set");
return -2;
}
if (cctx->ctx || cctx->ssl) {
bio = wolfSSL_BIO_new_file(value, "rb");
if (!bio) {
WOLFSSL_MSG("bio new file failed");
return WOLFSSL_FAILURE;
}
dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
if (!dh) {
wolfSSL_BIO_free(bio);
WOLFSSL_MSG("PEM read bio failed");
return WOLFSSL_FAILURE;
}
} else
return 1;
if (cctx->ctx) {
ret = wolfSSL_CTX_set_tmp_dh(cctx->ctx, dh);
}
if (cctx->ssl) {
/* wolfSSL_use_set_tmp_dh not yet implemented */
ret = WOLFSSL_FAILURE;
}
if (dh)
wolfSSL_DH_free(dh);
if (bio)
wolfSSL_BIO_free(bio);
WOLFSSL_LEAVE("cmdfunc_dhparam", ret);
return ret;
}
#endif /* !NO_DH && !NO_BIO */
/**
* command table
*/
typedef struct conf_cmd_tbl {
const char* file_cmd;
const char* cmdline_cmd;
word32 data_type;
int (*cmdfunc)(WOLFSSL_CONF_CTX* cctx, const char* value);
}conf_cmd_tbl;
static const conf_cmd_tbl conf_cmds_tbl[] = {
/* cmd Curves */
{WOLFSSL_CONF_FILE_CMD1, WOLFSSL_CONF_CMDL_CMD1,
WOLFSSL_CONF_TYPE_STRING, cmdfunc_curves},
/* cmd Certificate */
{WOLFSSL_CONF_FILE_CMD2, WOLFSSL_CONF_CMDL_CMD2,
WOLFSSL_CONF_TYPE_FILE, cmdfunc_cert},
/* cmd PrivateKey */
{WOLFSSL_CONF_FILE_CMD3, WOLFSSL_CONF_CMDL_CMD3,
WOLFSSL_CONF_TYPE_FILE, cmdfunc_key},
/* cmd Protocol */
{WOLFSSL_CONF_FILE_CMD4, WOLFSSL_CONF_CMDL_CMD4,
WOLFSSL_CONF_TYPE_STRING, NULL},
/* cmd Options */
{WOLFSSL_CONF_FILE_CMD5, WOLFSSL_CONF_CMDL_CMD5,
WOLFSSL_CONF_TYPE_STRING, NULL},
/* cmd ServerInfoFile */
{WOLFSSL_CONF_FILE_CMD6, WOLFSSL_CONF_CMDL_CMD6,
WOLFSSL_CONF_TYPE_FILE, NULL},
/* cmd SignatureAlgorithms */
{WOLFSSL_CONF_FILE_CMD7, WOLFSSL_CONF_CMDL_CMD7,
WOLFSSL_CONF_TYPE_STRING, NULL},
/* cmd ClientSignatureAlgorithms */
{WOLFSSL_CONF_FILE_CMD8, WOLFSSL_CONF_CMDL_CMD8,
WOLFSSL_CONF_TYPE_STRING, NULL},
/* cmd CipherString */
{WOLFSSL_CONF_FILE_CMD9, WOLFSSL_CONF_CMDL_CMD9,
WOLFSSL_CONF_TYPE_STRING, cmdfunc_cipherstring},
#if !defined(NO_DH) && !defined(NO_BIO)
/* cmd DHParameters */
{WOLFSSL_CONF_FILE_CMD9, WOLFSSL_CONF_CMDL_CMD9,
WOLFSSL_CONF_TYPE_FILE, NULL},
#endif
#ifdef HAVE_ECC
/* cmd ECHDParameters */
{WOLFSSL_CONF_FILE_CMD10, WOLFSSL_CONF_CMDL_CMD10,
WOLFSSL_CONF_TYPE_STRING, cmdfunc_dhparam},
#endif
};
/* size of command table */
static const size_t size_of_cmd_tbls = sizeof(conf_cmds_tbl)
/ sizeof(conf_cmd_tbl);
/** /**
* send configuration command * send configuration command
* @param cctx a pointer to WOLFSSL_CONF_CTX structure * @param cctx a pointer to WOLFSSL_CONF_CTX structure
* @param cmd configuration command * @param cmd configuration command
* @param value arguments for cmd * @param value arguments for cmd
* @return WOLFSSL_SUCCESS on success, * @return 1 when cmd is recognised, but value is not used
* otherwise WOLFSSL_FAILURE (stub currently returns WOLFSSL_FAILURE always) * 2 both cmd and value are used
* otherwise WOLFSSL_FAILURE
* -2 if cmd is not recognised
* -3 if value is NULL, but cmd is recognized
*/ */
int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
{ {
WOLFSSL_STUB("wolfSSL_CONF_cmd"); int ret = WOLFSSL_FAILURE;
size_t i;
size_t cmdlen;
const char* c;
WOLFSSL_ENTER("wolfSSL_CONF_cmd");
(void)cctx; (void)cctx;
(void)cmd; (void)cmd;
(void)value; (void)value;
return WOLFSSL_FAILURE;
/* sanity check */
if (cctx == NULL || cmd == NULL) {
WOLFSSL_MSG("bad arguments");
return ret;
}
for (i = 0; i < size_of_cmd_tbls; i++) {
/* check if the cmd is valid */
if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
cmdlen = XSTRLEN(cmd);
if (cmdlen < 2) {
WOLFSSL_MSG("bad cmdline command");
return ret;
}
/* skip "-" prefix */
c = ++cmd;
if (XSTRCMP(c, conf_cmds_tbl[i].cmdline_cmd) == 0) {
if (conf_cmds_tbl[i].cmdfunc != NULL) {
ret = conf_cmds_tbl[i].cmdfunc(cctx, value);
break;
} else {
WOLFSSL_MSG("cmd not yet implemented");
return ret;
}
}
}
if (cctx->flags & WOLFSSL_CONF_FLAG_FILE) {
if (XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) {
if (conf_cmds_tbl[i].cmdfunc != NULL) {
ret = conf_cmds_tbl[i].cmdfunc(cctx, value);
break;
} else {
WOLFSSL_MSG("cmd not yet implemented");
return ret;
}
}
}
}
if (i == size_of_cmd_tbls) {
WOLFSSL_MSG("invalid command");
ret = -2;
}
/* return code compliant with OpenSSL */
if (ret < -3)
ret = 0;
WOLFSSL_LEAVE("wolfSSL_CONF_cmd", ret);
return ret;
} }
#endif /* !NO_WOLFSSL_STUB */
#if defined(HAVE_EX_DATA) || defined(FORTRESS) #if defined(HAVE_EX_DATA) || defined(FORTRESS)
/** /**

53
tests/api.c
View File

@@ -43085,7 +43085,7 @@ static void test_wolfSSL_OpenSSL_version(void)
#endif #endif
} }
static void test_CONF_CTX(void) static void test_CONF_CTX_FILE(void)
{ {
#if defined(OPENSSL_ALL) #if defined(OPENSSL_ALL)
printf(testingFmt, "test_CONF_CTX"); printf(testingFmt, "test_CONF_CTX");
@@ -43107,14 +43107,51 @@ static void test_CONF_CTX(void)
#endif #endif
#endif #endif
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, 0x1), 0x1); /* set flags */
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE),
/* STUB */ WOLFSSL_CONF_FLAG_FILE);
#if !defined(NO_WOLFSSL_STUB) AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
AssertIntEQ(SSL_CONF_cmd(cctx, "TEST", "TEST1"), WOLFSSL_FAILURE); WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_FAILURE); /* cmd Certificate and Private Key*/
{
#ifndef NO_CERTS
const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile;
AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif #endif
}
/* cmd curves */
{
#if defined(HAVE_ECC)
const char* curve = "secp256r1";
AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
/* cmd CipherString */
{
char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
}
/* cmd DH parameter */
{
#if !defined(NO_DH) && !defined(NO_BIO)
const char* ourdhcert = "./certs/dh3072.pem";
AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
SSL_CONF_CTX_free(cctx); SSL_CONF_CTX_free(cctx);
@@ -43768,7 +43805,7 @@ void ApiTest(void)
test_wolfSSL_OpenSSL_version(); test_wolfSSL_OpenSSL_version();
test_wolfSSL_set_psk_use_session_callback(); test_wolfSSL_set_psk_use_session_callback();
test_CONF_CTX(); test_CONF_CTX_FILE();
test_wolfSSL_CRYPTO_get_ex_new_index(); test_wolfSSL_CRYPTO_get_ex_new_index();
test_wolfSSL_DH_get0_pqg(); test_wolfSSL_DH_get0_pqg();

6
wolfssl/openssl/ssl.h
View File

@@ -1157,7 +1157,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define DTLS1_2_VERSION 0xFEFD #define DTLS1_2_VERSION 0xFEFD
#define DTLS_MAX_VERSION DTLS1_2_VERSION #define DTLS_MAX_VERSION DTLS1_2_VERSION
#define SSL_CONF_FLAG_FILE 0x2 #define SSL_CONF_FLAG_CMDLINE WOLFSSL_CONF_FLAG_CMDLINE
#define SSL_CONF_FLAG_FILE WOLFSSL_CONF_FLAG_FILE
#define SSL_CONF_FLAG_CERTIFICATE WOLFSSL_CONF_FLAG_CERTIFICATE
#define SSL_CONF_TYPE_STRING WOLFSSL_CONF_TYPE_STRING
#define SSL_CONF_TYPE_FILE WOLFSSL_CONF_TYPE_FILE
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \ #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \
|| defined(OPENSSL_ALL) || defined(OPENSSL_ALL)

8
wolfssl/ssl.h
View File

@@ -4415,6 +4415,14 @@ WOLFSSL_API void wolfSSL_CONF_CTX_free(WOLFSSL_CONF_CTX* cctx);
WOLFSSL_API void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx); WOLFSSL_API void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx);
WOLFSSL_API unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx, unsigned int flags); WOLFSSL_API unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx, unsigned int flags);
WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx); WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx);
#define WOLFSSL_CONF_FLAG_CMDLINE 0x1
#define WOLFSSL_CONF_FLAG_FILE 0x2
#define WOLFSSL_CONF_FLAG_CERTIFICATE 0x20
#define WOLFSSL_CONF_TYPE_STRING 0x1
#define WOLFSSL_CONF_TYPE_FILE 0x2
WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value); WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value);
#if defined(HAVE_EX_DATA) || defined(FORTRESS) #if defined(HAVE_EX_DATA) || defined(FORTRESS)
WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,