diff --git a/configure.ac b/configure.ac index 430625c8b..443acad17 100644 --- a/configure.ac +++ b/configure.ac @@ -191,6 +191,7 @@ then enable_certservice=yes enable_jni=yes enable_lighty=yes + enable_haproxy=yes enable_stunnel=yes enable_nginx=yes enable_pwdbased=yes @@ -281,6 +282,14 @@ AC_ARG_ENABLE([nginx], [ ENABLED_NGINX=no ] ) +# haproxy compatibility build +AC_ARG_ENABLE([haproxy], + [ --enable-haproxy Enable haproxy (default: disabled)], + [ ENABLED_HAPROXY=$enableval ], + [ ENABLED_HAPROXY=no ] + ) + + # OPENSSL Extra Compatibility AC_ARG_ENABLE([opensslextra], [ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)], @@ -1828,9 +1837,10 @@ AC_ARG_ENABLE([ocspstapling], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then - ENABLED_CERTIFICATE_STATUS_REQUEST=yes + echo "ELLO" + ENABLED_CERTIFICATE_STATUS_REQUEST="yes" fi if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" @@ -1855,7 +1865,7 @@ AC_ARG_ENABLE([ocspstapling2], [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes fi @@ -1883,7 +1893,7 @@ AC_ARG_ENABLE([crl], ) -if test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_CRL=yes fi @@ -2160,7 +2170,7 @@ AC_ARG_ENABLE([session-ticket], [ ENABLED_SESSION_TICKET=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" +if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_SESSION_TICKET=yes fi @@ -2189,7 +2199,7 @@ AC_ARG_ENABLE([tlsx], [ ENABLED_TLSX=no ] ) -if test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_TLSX=yes fi @@ -2440,6 +2450,21 @@ fi if test "$ENABLED_NGINX" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX" +fi + +if test "$ENABLED_HAPROXY" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY" + # Requires opensslextra make sure on + if test "x$ENABLED_OPENSSLEXTRA" = "xno" + then + ENABLED_OPENSSLEXTRA="yes" + AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + fi +fi + +if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" +then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT" @@ -3587,6 +3612,7 @@ echo " * CODING: $ENABLED_CODING" echo " * MEMORY: $ENABLED_MEMORY" echo " * I/O POOL: $ENABLED_IOPOOL" echo " * LIGHTY: $ENABLED_LIGHTY" +echo " * HAPROXY: $ENABLED_HAPROXY" echo " * STUNNEL: $ENABLED_STUNNEL" echo " * NGINX: $ENABLED_NGINX" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" diff --git a/src/internal.c b/src/internal.c index 73c7b60be..e04f1899e 100755 --- a/src/internal.c +++ b/src/internal.c @@ -105,7 +105,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #if !defined(NO_RSA) || defined(HAVE_ECC) static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32); #endif - #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) + #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) static int SNI_Callback(WOLFSSL* ssl); #endif #ifdef WOLFSSL_DTLS @@ -1497,7 +1497,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) ctx->ca_names = next; } #endif - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) while (ctx->x509Chain != NULL) { WOLFSSL_STACK *next = ctx->x509Chain->next; wolfSSL_X509_free(ctx->x509Chain->data.x509); @@ -3601,7 +3601,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #endif #ifdef HAVE_ALPN ssl->alpn_client_list = NULL; - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) ssl->alpnSelect = ctx->alpnSelect; ssl->alpnSelectArg = ctx->alpnSelectArg; #endif @@ -11852,7 +11852,7 @@ int SendCertificateStatus(WOLFSSL* ssl) } if (ret == 0) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, @@ -11955,7 +11955,7 @@ int SendCertificateStatus(WOLFSSL* ssl) } if (ret == 0) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, @@ -12030,7 +12030,7 @@ int SendCertificateStatus(WOLFSSL* ssl) &ssl->ctx->cm->ocsp_stapling->ocspLock); } - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, @@ -12058,7 +12058,7 @@ int SendCertificateStatus(WOLFSSL* ssl) else { while (ret == 0 && NULL != (request = ssl->ctx->chainOcspRequest[i])) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, @@ -20307,7 +20307,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if ((ret = TLSX_Parse(ssl, (byte *) input + i, totalExtSz, 1, &clSuites))) return ret; -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if((ret=SNI_Callback(ssl))) return ret; ssl->options.side = WOLFSSL_SERVER_END; @@ -22004,7 +22004,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) static int SNI_Callback(WOLFSSL* ssl) { /* Stunnel supports a custom sni callback to switch an SSL's ctx diff --git a/src/ocsp.c b/src/ocsp.c index 484b238b2..d0fab5e4c 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -402,7 +402,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, if (ret != OCSP_INVALID_STATUS) return ret; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if (ocsp->statusCb != NULL && ocspRequest->ssl != NULL) { ret = ocsp->statusCb((WOLFSSL*)ocspRequest->ssl, ocsp->cm->ocspIOCtx); if (ret == 0) { @@ -460,7 +460,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, return ret; } -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, diff --git a/src/ssl.c b/src/ssl.c index 015bcca16..c2026a6ff 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -2630,7 +2630,8 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) FreeOCSP(cm->ocsp, 1); XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL); #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ + || defined(WOLFSSL_HAPROXY) if (cm->ocsp_stapling) FreeOCSP(cm->ocsp_stapling, 1); #endif @@ -10931,7 +10932,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_ERR_get_error"); -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) { unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL); @@ -12513,7 +12514,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); -#if defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) wc_ClearErrorNodes(); #endif } @@ -13944,6 +13945,20 @@ void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) } XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); } + +int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in) +{ + /* + ASN1_STRING_to_UTF8() converts the string in to UTF8 format, + the converted data is allocated in a buffer in *out. + The length of out is returned or a negative error code. + The buffer *out should be free using OPENSSL_free(). + */ + (void)out; + (void)in; + WOLFSSL_STUB("ASN1_STRING_to_UTF8"); + return -1; +} #endif /* NO_ASN */ @@ -14547,7 +14562,6 @@ WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void) return 0; } - int wolfSSL_COMP_add_compression_method(int method, void* data) { (void)method; @@ -15355,7 +15369,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509) } -#if defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) { char buf[MAX_TIME_STRING_SZ]; @@ -15373,7 +15387,7 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) #endif -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len) { int format; @@ -15462,7 +15476,7 @@ unsigned long wolfSSL_ERR_peek_error(void) int wolfSSL_ERR_GET_REASON(unsigned long err) { -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* Nginx looks for this error to know to stop parsing certificates. */ if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE)) return PEM_R_NO_START_LINE; @@ -15651,12 +15665,31 @@ long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg) } #endif /* HAVE_PK_CALLBACKS */ +#ifdef WOLFSSL_HAPROXY +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length) +{ + const byte *c = wolfSSL_SESSION_get_id((SSL_SESSION *)sess, sid_ctx_length); + return c; +} +#endif + +/*** TBD ***/ +WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st) +{ + (void)st; + WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero"); + //wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION); + return SSL_FAILURE; +} + + /*** TBD ***/ WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) { (void)s; (void)type; - return 0; + WOLFSSL_STUB("wolfSSL_set_tlsext_status_type"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15664,7 +15697,8 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) { (void)s; (void)arg; - return 0; + WOLFSSL_STUB("wolfSSL_get_tlsext_status_exts"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15672,7 +15706,8 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) { (void)s; (void)arg; - return 0; + WOLFSSL_STUB("wolfSSL_set_tlsext_status_exts"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15680,7 +15715,8 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) { (void)s; (void)arg; - return 0; + WOLFSSL_STUB("wolfSSL_get_tlsext_status_ids"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15688,7 +15724,192 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) { (void)s; (void)arg; - return 0; + WOLFSSL_STUB("wolfSSL_set_tlsext_status_ids"); + return SSL_FAILURE; +} + +/*** TBD ***/ +WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len) +{ + (void)s; + (void)sid; + (void)sid_len; + WOLFSSL_STUB("SSL_SESSION_set1_id"); + return SSL_FAILURE; +} + +/*** TBD ***/ +WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) +{ + (void)s; + (void)sid_ctx; + (void)sid_ctx_len; + WOLFSSL_STUB("SSL_SESSION_set1_id_context"); + return SSL_FAILURE; +} + +/*** TBD ***/ +WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x) +{ + (void)x; + WOLFSSL_STUB("X509_get0_tbs_sigalg"); + return NULL; +} + +/*** TBD ***/ +WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor) +{ + (void)paobj; + (void)pptype; + (void)ppval; + (void)algor; + WOLFSSL_STUB("X509_ALGOR_get0"); +} + +/*** TBD ***/ +WOLFSSL_API void *X509_get_X509_PUBKEY(void * x) +{ + (void)x; + WOLFSSL_STUB("X509_get_X509_PUBKEY"); + return NULL; +} + +/*** TBD ***/ +WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub) +{ + (void)ppkalg; + (void)pk; + (void)ppklen; + (void)pa; + (void)pub; + WOLFSSL_STUB("X509_PUBKEY_get0_param"); + return SSL_FAILURE; +} + +/*** TBD ***/ +WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl) +{ + (void)ssl; + WOLFSSL_STUB("SSL_get_privatekey"); + return NULL; +} + +/*** TBD ***/ +WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey) +{ + (void)pkey; + WOLFSSL_STUB("EVP_PKEY_bits"); + return SSL_FAILURE; +} + +/*** TBD ***/ +WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out) +{ + (void)x; + (void)out; + WOLFSSL_STUB("i2d_X509"); + return -1; +} + +/*** TBD ***/ +WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a) +{ + (void)buf; + (void)buf_len; + (void)a; + WOLFSSL_STUB("i2t_ASN1_OBJECT"); + return -1; +} + +/*** TBD ***/ +WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count) +{ + (void)s; + (void)buf; + (void)count; + WOLFSSL_STUB("SSL_get_finished"); + return SSL_FAILURE; +} + +/*** TBD ***/ +WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count) +{ + (void)s; + (void)buf; + (void)count; + WOLFSSL_STUB("SSL_get_peer_finished"); + return SSL_FAILURE; +} + +/*** TBD ***/ +WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)) +{ + (void)ctx; + (void)dh; + WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback"); +} + +/*** TBD ***/ +WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) +{ + WOLFSSL_STUB("SSL_COMP_get_compression_methods"); + return NULL; +} + +/*** TBD ***/ +WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p) +{ + (void)p; + WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_num"); + return -1; +} + +#if !defined(NO_FILESYSTEM) +/*** TBD ***/ +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) +{ + (void)fp; + (void)x; + (void)cb; + (void)u; + WOLFSSL_STUB("PEM_read_X509"); + return NULL; +} + +/*** TBD ***/ +WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u) +{ + (void)fp; + (void)x; + (void)cb; + (void)u; + WOLFSSL_STUB("PEM_read_PrivateKey"); + return NULL; +} +#endif + +/*** TBD ***/ +WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir) +{ + (void)ctx; + (void)file; + (void)dir; + WOLFSSL_STUB("X509_STORE_load_locations"); + return SSL_FAILURE; +} + +/*** TBD ***/ +WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx) +{ + (void)ciphers; + (void)idx; + WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_value"); + return NULL; +} + +WOLFSSL_API void ERR_load_SSL_strings(void) +{ + } WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) @@ -21236,11 +21457,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, int wolfSSL_EVP_PKEY_type(int type) { - (void)type; + (void) type; + WOLFSSL_MSG("wolfSSL_EVP_PKEY_type always returns EVP_PKEY_RSA"); + return EVP_PKEY_RSA; +} - WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented"); - - return SSL_FATAL_ERROR; +int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey) +{ + return EVP_PKEY_type(pkey->type); } @@ -21811,7 +22035,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0) break; } - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if (l == 0) WOLFSSL_ERROR(SSL_NO_PEM_HEADER); #endif @@ -21873,7 +22097,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_POCO_LIB) + defined(HAVE_POCO_LIB) || defined (WOLFSSL_HAPROXY) unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md) { @@ -21922,12 +22146,30 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { - (void)b; - (void)name; - WOLFSSL_ENTER("wolfSSL_BIO_read_filename"); - WOLFSSL_STUB("wolfSSL_BIO_read_filename"); + #ifndef NO_FILESYSTEM + XFILE fp; + + WOLFSSL_ENTER("wolfSSL_BIO_new_file"); - return 0; + if ((wolfSSL_BIO_get_fp(b, &fp) == SSL_SUCCESS) && (fp != NULL)) + { + XFCLOSE(fp); + } + + fp = XFOPEN(name, "r"); + if (fp == NULL) + return SSL_BAD_FILE; + + if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != SSL_SUCCESS) { + return SSL_BAD_FILE; + } + + return SSL_SUCCESS; + #else + (void)name; + (void)b; + return SSL_NOT_IMPLEMENTED; + #endif } #ifdef HAVE_ECC @@ -21988,21 +22230,13 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } - void* wolfSSL_get_app_data( const WOLFSSL *ssl) - { + void* wolfSSL_get_app_data( const WOLFSSL *ssl) { /* checkout exdata stuff... */ - (void)ssl; - WOLFSSL_ENTER("wolfSSL_get_app_data"); - WOLFSSL_STUB("wolfSSL_get_app_data"); - - return 0; + return wolfSSL_get_ex_data(ssl,0); } - void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) { - (void)ssl; - (void)arg; - WOLFSSL_ENTER("wolfSSL_set_app_data"); - WOLFSSL_STUB("wolfSSL_set_app_data"); + int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) { + return wolfSSL_set_ex_data(ssl,0,(char *)arg); } WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) { @@ -22068,7 +22302,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } -#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB */ +#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */ #endif /* OPENSSL_EXTRA */ @@ -22083,7 +22317,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) (void)line; (void)file; -#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) +#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || defined(WOLFSSL_HAPROXY) { int ret; @@ -22317,7 +22551,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) + || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY) char * wolfSSL_OBJ_nid2ln(int n) { (void)n; WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); @@ -22576,7 +22810,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } #endif /* OPENSSL_EXTRA && !NO_DH */ -#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ +#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_HAPROXY */ /* stunnel compatibility functions*/ @@ -22938,7 +23172,6 @@ const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type) #endif /* NO_WOLFSSL_SERVER */ #endif /* HAVE_SNI */ - WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) { if (ssl && ctx && SetSSL_CTX(ssl, ctx, 0) == SSL_SUCCESS) @@ -23462,7 +23695,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, *flags = 0; } -#if defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) { int ret = 0; @@ -23491,7 +23724,15 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, } #endif -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + +STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) +{ + (void)ssl; + WOLFSSL_STUB("wolfSSL_get_ciphers_compat"); + return NULL; +} + void wolfSSL_OPENSSL_config(char *config_name) { WOLFSSL_STUB("wolfSSL_OPENSSL_config"); @@ -24161,9 +24402,45 @@ void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, ctx->alpnSelectArg = arg; } } + +void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + const unsigned char + **out, + unsigned int *outlen, + void *arg), void *arg) +{ + (void)s; + (void)cb; + (void)arg; + WOLFSSL_STUB("wolfSSL_CTX_set_next_protos_advertised_cb"); +} + +void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg) +{ + (void)s; + (void)cb; + (void)arg; + WOLFSSL_STUB("wolfSSL_CTX_set_next_proto_select_cb"); +} + +void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, + unsigned *len) +{ + (void)s; + (void)data; + (void)len; + WOLFSSL_STUB("wolfSSL_get0_next_proto_negotiated"); +} #endif /* HAVE_ALPN */ -#endif /* WOLFSSL_NGINX */ +#endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */ #ifdef OPENSSL_EXTRA int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) diff --git a/src/tls.c b/src/tls.c index 162906585..f4c214530 100755 --- a/src/tls.c +++ b/src/tls.c @@ -1130,7 +1130,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, extension = TLSX_Find(ssl->ctx->extensions, TLSX_APPLICATION_LAYER_PROTOCOL); -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if (ssl->alpnSelect != NULL) { const byte* out; unsigned char outLen; @@ -2277,7 +2277,7 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) switch (csr->status_type) { case WOLFSSL_CSR_OCSP: if (ssl->ctx->cm->ocspEnabled) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) csr->request.ocsp.ssl = ssl; #endif return CheckOcspRequest(ssl->ctx->cm->ocsp, @@ -2691,7 +2691,7 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) case WOLFSSL_CSR2_OCSP_MULTI: if (ssl->ctx->cm->ocspEnabled) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) csr2->request.ocsp[0].ssl = ssl; #endif return CheckOcspRequest(ssl->ctx->cm->ocsp, diff --git a/tests/api.c b/tests/api.c index 3aa52b633..dd7b1c0aa 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2005,7 +2005,7 @@ static void test_wolfSSL_X509_NAME_get_entry(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) #if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \ - && (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) + && (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) || defined(WOLFSSL_HAPROXY) printf(testingFmt, "wolfSSL_X509_NAME_get_entry()"); { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 9e0473548..0cc26bc75 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3870,7 +3870,7 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b) } -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int GetTimeString(byte* date, int format, char* buf, int len) { struct tm t; @@ -9880,7 +9880,7 @@ static int DecodeSingleResponse(byte* source, return ASN_PARSE_E; } -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) cs->thisDateAsn = source + idx; #endif if (GetBasicDate(source, &idx, cs->thisDate, @@ -9901,7 +9901,7 @@ static int DecodeSingleResponse(byte* source, idx++; if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) cs->nextDateAsn = source + idx; #endif if (GetBasicDate(source, &idx, cs->nextDate, diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 7253001ea..5ed519860 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -224,7 +224,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret) * mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function * name where WOLFSSL_ERROR is called at. */ -#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) +#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY) #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line, const char* file, void* usrCtx) @@ -266,7 +266,7 @@ void WOLFSSL_ERROR(int error) } } -#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */ +#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) /* Internal function that is called by wolfCrypt_Init() */ @@ -313,7 +313,7 @@ int wc_LoggingCleanup(void) } -#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* peek at an error node * * index : if -1 then the most recent node is looked at, otherwise search @@ -499,7 +499,7 @@ void wc_ClearErrorNodes(void) wc_last_node = NULL; wc_UnLockMutex(&debug_mutex); } -#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */ +#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ int wc_SetLoggingHeap(void* h) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 66d8e7eaa..a5f62a9df 100755 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1458,7 +1458,7 @@ struct WOLFSSL_OCSP { WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ OcspEntry* ocspList; /* OCSP response list */ wolfSSL_Mutex ocspLock; /* OCSP list lock */ -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) int(*statusCb)(WOLFSSL*, void*); #endif }; @@ -1944,7 +1944,7 @@ struct WOLFSSL_CTX { #ifdef OPENSSL_EXTRA STACK_OF(WOLFSSL_X509_NAME)* ca_names; #endif - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) STACK_OF(WOLFSSL_X509)* x509Chain; #endif DerBuffer* privateKey; @@ -2030,11 +2030,11 @@ struct WOLFSSL_CTX { #ifdef HAVE_EX_DATA void* ex_data[MAX_EX_DATA]; #endif -#if defined(HAVE_ALPN) && defined(WOLFSSL_NGINX) +#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) CallbackSniRecv sniRecvCb; void* sniRecvCbArg; #endif @@ -2941,7 +2941,7 @@ struct WOLFSSL { #endif /* user turned on */ #ifdef HAVE_ALPN char* alpn_client_list; /* keep the client's list */ - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif @@ -2955,7 +2955,7 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA byte* ocspResp; int ocspRespSz; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) char* url; #endif #endif diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 03d50fb92..844ce272e 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -37,7 +37,7 @@ typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP; typedef struct OcspRequest WOLFSSL_OCSP_CERTID; @@ -54,7 +54,7 @@ WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer); -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 04afe897a..e00c00a90 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -24,7 +24,7 @@ WOLFSSL_API unsigned long wolfSSLeay(void); #define SSLEAY_VERSION 0x0090600fL #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions #define FIPS_mode wolfSSL_FIPS_mode #define FIPS_mode_set wolfSSL_FIPS_mode_set @@ -44,7 +44,7 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i #define OPENSSL_malloc(a) XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL) -#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ +#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #endif /* header */ diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index 80f9a799c..c7b143c9f 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -5,7 +5,7 @@ /* api version compatibility */ -#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* version number can be increased for Lighty after compatibility for ECDH is added */ #define OPENSSL_VERSION_NUMBER 0x10001000L diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 60624aa5c..00e7abdb4 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -99,12 +99,23 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); +WOLFSSL_API +int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey); + #if !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +WOLFSSL_API +WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, + pem_password_cb *cb, void *u); +WOLFSSL_API +WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, + pem_password_cb *cb, void *u); #endif /* NO_FILESYSTEM */ +#define PEM_read_X509 wolfSSL_PEM_read_X509 +#define PEM_read_PrivateKey wolfSSL_PEM_read_PrivateKey #define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey /* RSA */ #define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index b728a9580..c00c8fe6c 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -118,6 +118,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_use_PrivateKey wolfSSL_use_PrivateKey #define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 #define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 +#define SSL_get_privatekey wolfSSL_get_privatekey #define SSLv23_method wolfSSLv23_method #define SSLv3_server_method wolfSSLv3_server_method @@ -322,6 +323,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents #define EVP_PKEY_new wolfSSL_PKEY_new #define EVP_PKEY_free wolfSSL_EVP_PKEY_free +#define EVP_PKEY_type wolfSSL_EVP_PKEY_type +#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id #define X509_cmp_current_time wolfSSL_X509_cmp_current_time #define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num #define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED @@ -338,6 +341,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get #define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN +#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 #define SSL_load_client_CA_file wolfSSL_load_client_CA_file @@ -473,7 +477,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_POCO_LIB) + defined(HAVE_POCO_LIB) || defined(WOLFSSL_HAPROXY) typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_NAME_free wolfSSL_X509_NAME_free @@ -508,7 +512,20 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 -#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || HAVE_POCO_LIB */ + +#ifdef WOLFSSL_HAPROXY +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x) +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data +#define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num +#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero +#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value +#endif /* WOLFSSL_HAPROXY */ +#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */ #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh @@ -703,7 +720,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define NID_inhibit_any_policy 168 /* 2.5.29.54 */ #define NID_tlsfeature 92 /* id-pe 24 */ -#ifdef WOLFSSL_NGINX + +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #include #define OPENSSL_STRING WOLFSSL_STRING @@ -714,7 +733,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define OPENSSL_NPN_NEGOTIATED 1 #define OPENSSL_NPN_NO_OVERLAP 2 - /* Nginx checks these to see if the error was a handshake error. */ #define SSL_R_BAD_CHANGE_CIPHER_SPEC LENGTH_ERROR #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG BUFFER_E @@ -775,6 +793,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected #define SSL_select_next_proto wolfSSL_select_next_proto #define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb +#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb +#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb +#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index dcdfa6254..90b566ed2 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -490,6 +490,7 @@ WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); +WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in); WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*); WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*); @@ -1688,7 +1689,7 @@ enum { WOLFSSL_MAX_ALPN_NUMBER = 257 }; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, unsigned char* outLen, const unsigned char* in, unsigned int inLen, void *arg); @@ -1964,7 +1965,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, WOLFSSL_API void wolfSSL_cert_service(void); #endif -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len); #endif /* WOLFSSL_MYSQL_COMPATIBLE */ @@ -1992,6 +1993,7 @@ WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der, long derSz); +WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl); #ifndef NO_RSA WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz); @@ -2035,6 +2037,7 @@ struct WOLFSSL_X509_NAME_ENTRY { #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); @@ -2046,7 +2049,7 @@ WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); -WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); +WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); @@ -2060,6 +2063,7 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n); @@ -2078,7 +2082,7 @@ WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #include @@ -2174,10 +2178,10 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); -#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ +#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ - || defined(WOLFSSL_NGINX) + || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx); @@ -2210,7 +2214,7 @@ WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags); #endif -#ifdef WOLFSSL_NGINX +#if defined WOLFSSL_NGINX || defined WOLFSSL_HAPROXY /* Not an OpenSSL API. */ WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response); /* Not an OpenSSL API. */ @@ -2277,19 +2281,59 @@ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, #endif /* WOLFSSL_NGINX */ WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, - const unsigned char **data, unsigned int *len); + const unsigned char **data, unsigned int *len); WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out, - unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, - unsigned int client_len); + unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, - int (*cb) (WOLFSSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg); + int (*cb) (WOLFSSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg), void *arg); +WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, + unsigned *len); + + +#ifdef WOLFSSL_HAPROXY +WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( + const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); +WOLFSSL_API STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); +#endif + +WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); +WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); +WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x); +WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor); +WOLFSSL_API void *X509_get_X509_PUBKEY(void * x); +WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub); +WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out); +WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); +WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); +WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count); +WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); +WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); +WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p); +WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); +WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); +WOLFSSL_API void ERR_load_SSL_strings(void); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 13b1e29db..d456818cf 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -193,7 +193,7 @@ enum Misc_ASN { HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ TRAILING_ZERO = 1, /* Used for size of zero pad */ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) MAX_TIME_STRING_SZ = 21, /* Max length of formatted time string */ #endif }; @@ -743,7 +743,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, int* algoID, void* heap); typedef struct tm wolfssl_tm; -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); #endif WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, @@ -873,7 +873,7 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) byte* thisDateAsn; byte* nextDateAsn; #endif @@ -924,7 +924,7 @@ struct OcspRequest { int nonceSz; void* heap; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) void* ssl; #endif }; diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 43df62ff6..93bcee33e 100755 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -92,7 +92,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #endif /* DEBUG_WOLFSSL */ -#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) +#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY) #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, const char* file, void* ctx); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 4fc29414a..392a85e9c 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1528,7 +1528,7 @@ extern void uITRON4_free(void *p) ; #undef HAVE_GMTIME_R /* don't trust macro with windows */ #endif /* WOLFSSL_MYSQL_COMPATIBLE */ -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION #define OPENSSL_NO_ENGINE #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT @@ -1547,6 +1547,9 @@ extern void uITRON4_free(void *p) ; #ifndef HAVE_SNI #define HAVE_SNI #endif +#endif + +#if defined(WOLFSSL_NGINX) #define SSL_CTRL_SET_TLSEXT_HOSTNAME #endif diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index ece3517b2..e993329e0 100755 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -293,7 +293,7 @@ #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #endif - #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #ifndef USE_WINDOWS_API #define XSNPRINTF snprintf #else