From d94fcd8b69e78d1eba1e1c1066ff8347a0578ad7 Mon Sep 17 00:00:00 2001 From: Maxime Vincent Date: Tue, 28 Mar 2017 11:42:30 +0200 Subject: [PATCH 01/14] Implemented wolfSSL_EVP_PKEY_base_id, wolfSSL_BIO_read_filename. Added wolfSSL_EVP_PKEY_type stub --- src/ssl.c | 39 ++++++++++++++++++++++++++++++--------- support/wolfssl.pc | 2 +- wolfssl/openssl/pem.h | 3 +++ wolfssl/openssl/ssl.h | 2 ++ 4 files changed, 36 insertions(+), 10 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index a1c12f7d5..73a8fca30 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20941,11 +20941,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, int wolfSSL_EVP_PKEY_type(int type) { - (void)type; + // XXX FIXME + (void) type; + return EVP_PKEY_RSA; +} - WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented"); - - return SSL_FATAL_ERROR; +int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey) +{ + return EVP_PKEY_type(pkey->type); } @@ -21626,12 +21629,30 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { - (void)b; - (void)name; - WOLFSSL_ENTER("wolfSSL_BIO_read_filename"); - WOLFSSL_STUB("wolfSSL_BIO_read_filename"); + #ifndef NO_FILESYSTEM + XFILE fp; + + WOLFSSL_ENTER("wolfSSL_BIO_new_file"); - return 0; + if ((wolfSSL_BIO_get_fp(b, &fp) == SSL_SUCCESS) && (fp != NULL)) + { + XFCLOSE(fp); + } + + fp = XFOPEN(name, "r"); + if (fp == NULL) + return SSL_BAD_FILE; + + if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != SSL_SUCCESS) { + return SSL_BAD_FILE; + } + + return SSL_SUCCESS; + #else + (void)name; + (void)b; + return SSL_NOT_IMPLEMENTED; + #endif } #ifdef HAVE_ECC diff --git a/support/wolfssl.pc b/support/wolfssl.pc index 476dff764..332856616 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -1,4 +1,4 @@ -prefix=/usr/local +prefix=/usr exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 60624aa5c..d9d671877 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -99,6 +99,9 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); +WOLFSSL_API +int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey); + #if !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 60b1ea647..5ff1a3167 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -322,6 +322,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_OBJECT_free_contents wolfSSL_X509_OBJECT_free_contents #define EVP_PKEY_new wolfSSL_PKEY_new #define EVP_PKEY_free wolfSSL_EVP_PKEY_free +#define EVP_PKEY_type wolfSSL_EVP_PKEY_type +#define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id #define X509_cmp_current_time wolfSSL_X509_cmp_current_time #define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num #define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED From 25779dfb4f10841499be3ff6157ab476cbcb12ae Mon Sep 17 00:00:00 2001 From: Maxime Vincent Date: Tue, 28 Mar 2017 13:28:36 +0200 Subject: [PATCH 02/14] Introduce HAPROXY config flag + get/set app_data --- configure.ac | 20 ++++++++++++++++++++ src/ssl.c | 16 ++++------------ wolfssl/ssl.h | 5 +++-- 3 files changed, 27 insertions(+), 14 deletions(-) diff --git a/configure.ac b/configure.ac index 12e6fed6f..021a3ebbd 100644 --- a/configure.ac +++ b/configure.ac @@ -189,6 +189,7 @@ then enable_certservice=yes enable_jni=yes enable_lighty=yes + enable_haproxy=yes enable_stunnel=yes enable_nginx=yes enable_pwdbased=yes @@ -2380,6 +2381,24 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" fi +# haproxy Support +AC_ARG_ENABLE([haproxy], + [ --enable-haproxy Enable haproxy (default: disabled)], + [ ENABLED_HAPROXY=$enableval ], + [ ENABLED_HAPROXY=no ] + ) + +if test "$ENABLED_HAPROXY" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY" + # Requires opensslextra make sure on + if test "x$ENABLED_OPENSSLEXTRA" = "xno" + then + ENABLED_OPENSSLEXTRA="yes" + AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + fi +fi + # stunnel Support AC_ARG_ENABLE([stunnel], @@ -3439,6 +3458,7 @@ echo " * CODING: $ENABLED_CODING" echo " * MEMORY: $ENABLED_MEMORY" echo " * I/O POOL: $ENABLED_IOPOOL" echo " * LIGHTY: $ENABLED_LIGHTY" +echo " * HAPROXY: $ENABLED_HAPROXY" echo " * STUNNEL: $ENABLED_STUNNEL" echo " * NGINX: $ENABLED_NGINX" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" diff --git a/src/ssl.c b/src/ssl.c index 73a8fca30..6f6a21127 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -21713,21 +21713,13 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } - void* wolfSSL_get_app_data( const WOLFSSL *ssl) - { + void* wolfSSL_get_app_data( const WOLFSSL *ssl) { /* checkout exdata stuff... */ - (void)ssl; - WOLFSSL_ENTER("wolfSSL_get_app_data"); - WOLFSSL_STUB("wolfSSL_get_app_data"); - - return 0; + return wolfSSL_get_ex_data(ssl,0); } - void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) { - (void)ssl; - (void)arg; - WOLFSSL_ENTER("wolfSSL_set_app_data"); - WOLFSSL_STUB("wolfSSL_set_app_data"); + int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) { + return wolfSSL_set_ex_data(ssl,0,(char *)arg); } WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) { diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 6e8bd8068..5e445f286 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -30,6 +30,7 @@ /* for users not using preprocessor flags*/ #include #include +#include /* for XFILE */ #ifdef HAVE_WOLF_EVENT #include @@ -2045,7 +2046,7 @@ WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); -WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); +WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); @@ -2209,7 +2210,7 @@ WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags); #endif -#ifdef WOLFSSL_NGINX +#if defined WOLFSSL_NGINX || defined WOLFSSL_HAPROXY /* Not an OpenSSL API. */ WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response); /* Not an OpenSSL API. */ From 8f300515bdfd2283bff30e67aa0d1a299948d5f6 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 11 Apr 2017 14:18:41 +0200 Subject: [PATCH 03/14] Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel --- configure.ac | 40 +++++++++++++++++++++--------------- src/internal.c | 18 ++++++++-------- src/ocsp.c | 4 ++-- src/ssl.c | 33 ++++++++++++++--------------- src/tls.c | 6 +++--- tests/api.c | 2 +- wolfcrypt/src/asn.c | 6 +++--- wolfcrypt/src/logging.c | 8 ++++---- wolfssl/internal.h | 12 +++++------ wolfssl/ocsp.h | 4 ++-- wolfssl/openssl/crypto.h | 4 ++-- wolfssl/openssl/opensslv.h | 2 +- wolfssl/openssl/ssl.h | 6 ++++-- wolfssl/ssl.h | 12 ++++++----- wolfssl/wolfcrypt/asn.h | 8 ++++---- wolfssl/wolfcrypt/logging.h | 2 +- wolfssl/wolfcrypt/settings.h | 2 +- wolfssl/wolfcrypt/types.h | 2 +- 18 files changed, 91 insertions(+), 80 deletions(-) diff --git a/configure.ac b/configure.ac index 021a3ebbd..51c55b59c 100644 --- a/configure.ac +++ b/configure.ac @@ -277,6 +277,14 @@ AC_ARG_ENABLE([nginx], [ ENABLED_NGINX=no ] ) +# haproxy compatibility build +AC_ARG_ENABLE([haproxy], + [ --enable-haproxy Enable haproxy (default: disabled)], + [ ENABLED_HAPROXY=$enableval ], + [ ENABLED_HAPROXY=no ] + ) + + # OPENSSL Extra Compatibility AC_ARG_ENABLE([opensslextra], [ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)], @@ -1763,9 +1771,10 @@ AC_ARG_ENABLE([ocspstapling], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then - ENABLED_CERTIFICATE_STATUS_REQUEST=yes + echo "ELLO" + ENABLED_CERTIFICATE_STATUS_REQUEST="yes" fi if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" @@ -1790,7 +1799,7 @@ AC_ARG_ENABLE([ocspstapling2], [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes fi @@ -1818,7 +1827,7 @@ AC_ARG_ENABLE([crl], ) -if test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_CRL=yes fi @@ -2095,7 +2104,7 @@ AC_ARG_ENABLE([session-ticket], [ ENABLED_SESSION_TICKET=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" +if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_SESSION_TICKET=yes fi @@ -2124,7 +2133,7 @@ AC_ARG_ENABLE([tlsx], [ ENABLED_TLSX=no ] ) -if test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" then ENABLED_TLSX=yes fi @@ -2375,19 +2384,8 @@ fi if test "$ENABLED_NGINX" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" - AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT" - AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" fi -# haproxy Support -AC_ARG_ENABLE([haproxy], - [ --enable-haproxy Enable haproxy (default: disabled)], - [ ENABLED_HAPROXY=$enableval ], - [ ENABLED_HAPROXY=no ] - ) - if test "$ENABLED_HAPROXY" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY" @@ -2399,6 +2397,14 @@ then fi fi +if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" + AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT" + AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" +fi + # stunnel Support AC_ARG_ENABLE([stunnel], diff --git a/src/internal.c b/src/internal.c index 2e395c39f..5dc3c37d9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -105,7 +105,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #if !defined(NO_RSA) || defined(HAVE_ECC) static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32); #endif - #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) + #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) static int SNI_Callback(WOLFSSL* ssl); #endif #ifdef WOLFSSL_DTLS @@ -1468,7 +1468,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) ctx->ca_names = next; } #endif - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) while (ctx->x509Chain != NULL) { WOLFSSL_STACK *next = ctx->x509Chain->next; wolfSSL_X509_free(ctx->x509Chain->data.x509); @@ -3521,7 +3521,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #endif #ifdef HAVE_ALPN ssl->alpn_client_list = NULL; - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) ssl->alpnSelect = ctx->alpnSelect; ssl->alpnSelectArg = ctx->alpnSelectArg; #endif @@ -11118,7 +11118,7 @@ int SendCertificateStatus(WOLFSSL* ssl) } if (ret == 0) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, @@ -11219,7 +11219,7 @@ int SendCertificateStatus(WOLFSSL* ssl) } if (ret == 0) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, @@ -11294,7 +11294,7 @@ int SendCertificateStatus(WOLFSSL* ssl) &ssl->ctx->cm->ocsp_stapling->ocspLock); } - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, @@ -11322,7 +11322,7 @@ int SendCertificateStatus(WOLFSSL* ssl) else { while (ret == 0 && NULL != (request = ssl->ctx->chainOcspRequest[i])) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) request->ssl = ssl; #endif ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, @@ -19392,7 +19392,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if ((ret = TLSX_Parse(ssl, (byte *) input + i, totalExtSz, 1, &clSuites))) return ret; -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if((ret=SNI_Callback(ssl))) return ret; ssl->options.side = WOLFSSL_SERVER_END; @@ -21085,7 +21085,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) static int SNI_Callback(WOLFSSL* ssl) { /* Stunnel supports a custom sni callback to switch an SSL's ctx diff --git a/src/ocsp.c b/src/ocsp.c index d481ab676..9188c363c 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -402,7 +402,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, if (ret != OCSP_INVALID_STATUS) return ret; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if (ocsp->statusCb != NULL && ocspRequest->ssl != NULL) { ret = ocsp->statusCb((WOLFSSL*)ocspRequest->ssl, ocsp->cm->ocspIOCtx); if (ret == 0) { @@ -460,7 +460,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, return ret; } -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, diff --git a/src/ssl.c b/src/ssl.c index 6f6a21127..5049e21e6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2425,7 +2425,8 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) FreeOCSP(cm->ocsp, 1); XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL); #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ + || defined(WOLFSSL_HAPROXY) if (cm->ocsp_stapling) FreeOCSP(cm->ocsp_stapling, 1); #endif @@ -10713,7 +10714,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_ERR_get_error"); -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) { unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL); @@ -12269,7 +12270,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); -#if defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) wc_ClearErrorNodes(); #endif } @@ -15095,7 +15096,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509) } -#if defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) { char buf[MAX_TIME_STRING_SZ]; @@ -15113,7 +15114,7 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) #endif -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len) { int format; @@ -15202,7 +15203,7 @@ unsigned long wolfSSL_ERR_peek_error(void) int wolfSSL_ERR_GET_REASON(unsigned long err) { -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* Nginx looks for this error to know to stop parsing certificates. */ if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE)) return PEM_R_NO_START_LINE; @@ -21518,7 +21519,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0) break; } - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if (l == 0) WOLFSSL_ERROR(SSL_NO_PEM_HEADER); #endif @@ -21571,7 +21572,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } #endif /* ifndef NO_CERTS */ -#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) +#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY) #ifndef NO_CERTS void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ FreeX509Name(name, NULL); @@ -21580,7 +21581,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #endif /* NO_CERTS */ #endif -#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md) { @@ -21785,7 +21786,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } -#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL */ +#endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_HAPROXY */ #endif @@ -21800,7 +21801,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) (void)line; (void)file; -#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) +#if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || defined(WOLFSSL_HAPROXY) { int ret; @@ -22034,7 +22035,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) + || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY) char * wolfSSL_OBJ_nid2ln(int n) { (void)n; WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); @@ -22293,7 +22294,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } #endif /* OPENSSL_EXTRA && !NO_DH */ -#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ +#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_HAPROXY */ /* stunnel compatibility functions*/ @@ -23179,7 +23180,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, *flags = 0; } -#if defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) { int ret = 0; @@ -23208,7 +23209,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, } #endif -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) void wolfSSL_OPENSSL_config(char *config_name) { WOLFSSL_STUB("wolfSSL_OPENSSL_config"); @@ -23880,7 +23881,7 @@ void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, } #endif /* HAVE_ALPN */ -#endif /* WOLFSSL_NGINX */ +#endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */ #ifdef OPENSSL_EXTRA int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) diff --git a/src/tls.c b/src/tls.c index 8c8437ae8..ade0d3704 100755 --- a/src/tls.c +++ b/src/tls.c @@ -1106,7 +1106,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, byte *input, word16 length, extension = TLSX_Find(ssl->ctx->extensions, TLSX_APPLICATION_LAYER_PROTOCOL); -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) if (ssl->alpnSelect != NULL) { const byte* out; unsigned char outLen; @@ -2252,7 +2252,7 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) switch (csr->status_type) { case WOLFSSL_CSR_OCSP: if (ssl->ctx->cm->ocspEnabled) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) csr->request.ocsp.ssl = ssl; #endif return CheckOcspRequest(ssl->ctx->cm->ocsp, @@ -2664,7 +2664,7 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) case WOLFSSL_CSR2_OCSP_MULTI: if (ssl->ctx->cm->ocspEnabled) { - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) csr2->request.ocsp[0].ssl = ssl; #endif return CheckOcspRequest(ssl->ctx->cm->ocsp, diff --git a/tests/api.c b/tests/api.c index 7fb55c6e1..71bd8296d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1999,7 +1999,7 @@ static void test_wolfSSL_X509_NAME_get_entry(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) #if defined(OPENSSL_EXTRA) && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)) \ - && (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) + && (defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE)) || defined(WOLFSSL_HAPROXY) printf(testingFmt, "wolfSSL_X509_NAME_get_entry()"); { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 3114ef915..da061fd1a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3461,7 +3461,7 @@ static INLINE int DateLessThan(const struct tm* a, const struct tm* b) } -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int GetTimeString(byte* date, int format, char* buf, int len) { struct tm t; @@ -9564,7 +9564,7 @@ static int DecodeSingleResponse(byte* source, return ASN_PARSE_E; } -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) cs->thisDateAsn = source + idx; #endif if (GetBasicDate(source, &idx, cs->thisDate, @@ -9585,7 +9585,7 @@ static int DecodeSingleResponse(byte* source, idx++; if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) cs->nextDateAsn = source + idx; #endif if (GetBasicDate(source, &idx, cs->nextDate, diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 8aecf5f0b..f092ba012 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -224,7 +224,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret) * mapped to new funtion WOLFSSL_ERROR_LINE which gets the line # and function * name where WOLFSSL_ERROR is called at. */ -#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) +#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY) #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) void WOLFSSL_ERROR_LINE(int error, const char* func, unsigned int line, const char* file, void* usrCtx) @@ -266,7 +266,7 @@ void WOLFSSL_ERROR(int error) } } -#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */ +#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) /* Internal function that is called by wolfCrypt_Init() */ @@ -313,7 +313,7 @@ int wc_LoggingCleanup(void) } -#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* peek at an error node * * index : if -1 then the most recent node is looked at, otherwise search @@ -499,7 +499,7 @@ void wc_ClearErrorNodes(void) wc_last_node = NULL; wc_UnLockMutex(&debug_mutex); } -#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX */ +#endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ int wc_SetLoggingHeap(void* h) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a54ee754d..3b20c422d 100755 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1452,7 +1452,7 @@ struct WOLFSSL_OCSP { WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ OcspEntry* ocspList; /* OCSP response list */ wolfSSL_Mutex ocspLock; /* OCSP list lock */ -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) int(*statusCb)(WOLFSSL*, void*); #endif }; @@ -1938,7 +1938,7 @@ struct WOLFSSL_CTX { #ifdef OPENSSL_EXTRA STACK_OF(WOLFSSL_X509_NAME)* ca_names; #endif - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) STACK_OF(WOLFSSL_X509)* x509Chain; #endif DerBuffer* privateKey; @@ -2024,11 +2024,11 @@ struct WOLFSSL_CTX { #ifdef HAVE_EX_DATA void* ex_data[MAX_EX_DATA]; #endif -#if defined(HAVE_ALPN) && defined(WOLFSSL_NGINX) +#if defined(HAVE_ALPN) && (defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) CallbackSniRecv sniRecvCb; void* sniRecvCbArg; #endif @@ -2908,7 +2908,7 @@ struct WOLFSSL { #endif /* user turned on */ #ifdef HAVE_ALPN char* alpn_client_list; /* keep the client's list */ - #ifdef WOLFSSL_NGINX + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif @@ -2922,7 +2922,7 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA byte* ocspResp; int ocspRespSz; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) char* url; #endif #endif diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 03d50fb92..844ce272e 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -37,7 +37,7 @@ typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP; typedef struct OcspRequest WOLFSSL_OCSP_CERTID; @@ -54,7 +54,7 @@ WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer); -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 04afe897a..e00c00a90 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -24,7 +24,7 @@ WOLFSSL_API unsigned long wolfSSLeay(void); #define SSLEAY_VERSION 0x0090600fL #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions #define FIPS_mode wolfSSL_FIPS_mode #define FIPS_mode_set wolfSSL_FIPS_mode_set @@ -44,7 +44,7 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i #define OPENSSL_malloc(a) XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL) -#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ +#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #endif /* header */ diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index 80f9a799c..c7b143c9f 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -5,7 +5,7 @@ /* api version compatibility */ -#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* version number can be increased for Lighty after compatibility for ECDH is added */ #define OPENSSL_VERSION_NUMBER 0x10001000L diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 5ff1a3167..a19cf52bb 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -475,6 +475,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX) typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; @@ -507,6 +508,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX) #define OBJ_nid2ln wolfSSL_OBJ_nid2ln @@ -515,7 +517,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 -#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX */ +#endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define BIO_new_file wolfSSL_BIO_new_file @@ -709,7 +711,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define NID_inhibit_any_policy 168 /* 2.5.29.54 */ #define NID_tlsfeature 92 /* id-pe 24 */ -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #include #define OPENSSL_STRING WOLFSSL_STRING diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5e445f286..258b58e3d 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1688,7 +1688,7 @@ enum { WOLFSSL_MAX_ALPN_NUMBER = 257 }; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, unsigned char* outLen, const unsigned char* in, unsigned int inLen, void *arg); @@ -1964,7 +1964,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, WOLFSSL_API void wolfSSL_cert_service(void); #endif -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time, char* buf, int len); #endif /* WOLFSSL_MYSQL_COMPATIBLE */ @@ -2035,6 +2035,7 @@ struct WOLFSSL_X509_NAME_ENTRY { #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); @@ -2060,6 +2061,7 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n); @@ -2078,7 +2080,7 @@ WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #include @@ -2174,10 +2176,10 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); WOLFSSL_API void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); -#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ +#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #if defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ - || defined(WOLFSSL_NGINX) + || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index f1419a1d2..2521bd686 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -197,7 +197,7 @@ enum Misc_ASN { HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ TRAILING_ZERO = 1, /* Used for size of zero pad */ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) MAX_TIME_STRING_SZ = 21, /* Max length of formatted time string */ #endif }; @@ -686,7 +686,7 @@ WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz); typedef struct tm wolfssl_tm; -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); #endif WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, @@ -812,7 +812,7 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) byte* thisDateAsn; byte* nextDateAsn; #endif @@ -863,7 +863,7 @@ struct OcspRequest { int nonceSz; void* heap; -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) void* ssl; #endif }; diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 43df62ff6..93bcee33e 100755 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -92,7 +92,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function); #endif /* DEBUG_WOLFSSL */ -#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) +#if (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY) #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, const char* file, void* ctx); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c2febfcc9..14cdffe82 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1511,7 +1511,7 @@ static char *fgets(char *buff, int sz, FILE *fp) #undef HAVE_GMTIME_R /* don't trust macro with windows */ #endif /* WOLFSSL_MYSQL_COMPATIBLE */ -#ifdef WOLFSSL_NGINX +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION #define OPENSSL_NO_ENGINE #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 5e405dd21..d45bdf17a 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -244,7 +244,7 @@ #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #endif - #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #ifndef USE_WINDOWS_API #define XSNPRINTF snprintf #else From de017b00282c43d0dc402cf4f220d23e69a80b50 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 11 Apr 2017 16:03:08 +0200 Subject: [PATCH 04/14] Added stubs required to compile HAPROXY --- src/ssl.c | 183 ++++++++++++++++++++++++++++++++++++++++++ wolfssl/openssl/ssl.h | 11 +++ wolfssl/ssl.h | 31 +++++++ 3 files changed, 225 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 5049e21e6..242325089 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14288,6 +14288,11 @@ WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void) return 0; } +int sk_SSL_COMP_zero(WOLFSSL* st) +{ + wolfSSL_set_options(st, SSL_OP_NO_COMPRESSION); + return 0; +} int wolfSSL_COMP_add_compression_method(int method, void* data) { @@ -15392,6 +15397,14 @@ long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg) } #endif /* HAVE_PK_CALLBACKS */ +#ifdef WOLFSSL_HAPROXY +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length) +{ + const byte *c = wolfSSL_SESSION_get_id((SSL_SESSION *)sess, sid_ctx_length); + return c; +} +#endif + /*** TBD ***/ WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) { @@ -15432,6 +15445,169 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) return 0; } +/*** TBD ***/ +int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len) +{ + (void)s; + (void)sid; + (void)sid_len; + return 1; +} + +/*** TBD ***/ +int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) +{ + (void)s; + (void)sid_ctx; + (void)sid_ctx_len; + return 1; +} + +/*** TBD ***/ +void *X509_get0_tbs_sigalg(const X509 *x) +{ + (void)x; + return NULL; +} + +/*** TBD ***/ +void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor) +{ + (void)paobj; + (void)pptype; + (void)ppval; + (void)algor; +} + +/*** TBD ***/ +void *X509_get_X509_PUBKEY(void * x) +{ + (void)x; + return NULL; +} + +/*** TBD ***/ +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub) +{ + (void)ppkalg; + (void)pk; + (void)ppklen; + (void)pa; + (void)pub; + return 1; +} + +/*** TBD ***/ +struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl) +{ + (void)ssl; + return NULL; +} + +/*** TBD ***/ +int EVP_PKEY_bits(EVP_PKEY *pkey) +{ + (void)pkey; + return -1; +} + +/*** TBD ***/ +int i2d_X509(X509 *x, unsigned char **out) +{ + (void)x; + (void)out; + return -1; +} + +/*** TBD ***/ +int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) +{ + (void)buf; + (void)buf_len; + (void)a; + return -1; +} + +/*** TBD ***/ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count) +{ + (void)s; + (void)buf; + (void)count; + return 0; +} + +/*** TBD ***/ +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) +{ + (void)s; + (void)buf; + (void)count; + return 0; +} + +/*** TBD ***/ +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh) (SSL *ssl, int is_export, int keylength)) +{ + (void)ctx; + (void)dh; +} + +/*** TBD ***/ +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) +{ + return NULL; +} + +/*** TBD ***/ +int sk_SSL_CIPHER_num(const void * p) +{ + (void)p; + return -1; +} + +/*** TBD ***/ +X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u) +{ + (void)fp; + (void)x; + (void)cb; + (void)u; + return NULL; +} + +/*** TBD ***/ +EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) +{ + (void)fp; + (void)x; + (void)cb; + (void)u; + return NULL; +} + +/*** TBD ***/ +int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir) +{ + (void)ctx; + (void)file; + (void)dir; + return -1; +} + +/*** TBD ***/ +int sk_SSL_CIPHER_value(void *ciphers, int idx) +{ + (void)ciphers; + (void)idx; + return 0; +} + +void ERR_load_SSL_strings(void) +{ + +} + WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) { if (s == NULL || resp == NULL) @@ -22657,6 +22833,13 @@ const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type) #endif /* HAVE_SNI */ +#if defined(WOLFSSL_HAPROXY) + + + +#endif + + WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) { if (ssl && ctx && SetSSL_CTX(ssl, ctx) == SSL_SUCCESS) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a19cf52bb..43b53c094 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -518,6 +518,17 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 #endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#ifdef WOLFSSL_HAPROXY +#define SSL_get_rbio wolfSSL_SSL_get_rbio +#define SSL_get_wbio wolfSSL_SSL_get_wbio +#define SSL_do_handshake wolfSSL_SSL_do_handshake +#define SSL_get_ciphers(x) wolfSSL_get_ciphers(x, sizeof(x)) +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data +#define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#endif + #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define BIO_new_file wolfSSL_BIO_new_file diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 258b58e3d..dccc2fb29 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2293,6 +2293,37 @@ WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, unsigned int inlen, void *arg), void *arg); + + +WOLFSSL_API int sk_SSL_COMP_zero(WOLFSSL* st); + +#ifdef WOLFSSL_HAPROXY +WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( + const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); +#endif + +int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); +int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); +void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x); +void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor); +void *X509_get_X509_PUBKEY(void * x); +int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub); +struct evp_pkey_st *SSL_get_privatekey(const WOLFSSL *ssl); +int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey); +int i2d_X509(WOLFSSL_X509 *x, unsigned char **out); +int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); +size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count); +void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +int sk_SSL_CIPHER_num(const void * p); +int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); +int sk_SSL_CIPHER_value(void *ciphers, int idx); +void ERR_load_SSL_strings(void); + +WOLFSSL_X509 *PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_EVP_PKEY *PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u); + #ifdef __cplusplus } /* extern "C" */ #endif From 02513792b6c90e027b3729829a124c463dabe0d7 Mon Sep 17 00:00:00 2001 From: Maxime Vincent Date: Wed, 12 Apr 2017 10:37:17 +0200 Subject: [PATCH 05/14] Make new function stubs public --- src/ssl.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 242325089..7c7e250b0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15446,7 +15446,7 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) } /*** TBD ***/ -int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len) +WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len) { (void)s; (void)sid; @@ -15455,7 +15455,7 @@ int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned i } /*** TBD ***/ -int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) +WOLFSSL_API int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { (void)s; (void)sid_ctx; @@ -15464,14 +15464,14 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, un } /*** TBD ***/ -void *X509_get0_tbs_sigalg(const X509 *x) +WOLFSSL_API void *X509_get0_tbs_sigalg(const X509 *x) { (void)x; return NULL; } /*** TBD ***/ -void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor) +WOLFSSL_API void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor) { (void)paobj; (void)pptype; @@ -15480,14 +15480,14 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const } /*** TBD ***/ -void *X509_get_X509_PUBKEY(void * x) +WOLFSSL_API void *X509_get_X509_PUBKEY(void * x) { (void)x; return NULL; } /*** TBD ***/ -int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub) +WOLFSSL_API int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub) { (void)ppkalg; (void)pk; @@ -15498,21 +15498,21 @@ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int * } /*** TBD ***/ -struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl) +WOLFSSL_API struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl) { (void)ssl; return NULL; } /*** TBD ***/ -int EVP_PKEY_bits(EVP_PKEY *pkey) +WOLFSSL_API int EVP_PKEY_bits(EVP_PKEY *pkey) { (void)pkey; return -1; } /*** TBD ***/ -int i2d_X509(X509 *x, unsigned char **out) +WOLFSSL_API int i2d_X509(X509 *x, unsigned char **out) { (void)x; (void)out; @@ -15520,7 +15520,7 @@ int i2d_X509(X509 *x, unsigned char **out) } /*** TBD ***/ -int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) +WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) { (void)buf; (void)buf_len; @@ -15529,7 +15529,7 @@ int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) } /*** TBD ***/ -size_t SSL_get_finished(const SSL *s, void *buf, size_t count) +WOLFSSL_API size_t SSL_get_finished(const SSL *s, void *buf, size_t count) { (void)s; (void)buf; @@ -15538,7 +15538,7 @@ size_t SSL_get_finished(const SSL *s, void *buf, size_t count) } /*** TBD ***/ -size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) +WOLFSSL_API size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) { (void)s; (void)buf; @@ -15547,27 +15547,27 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) } /*** TBD ***/ -void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh) (SSL *ssl, int is_export, int keylength)) +WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh) (SSL *ssl, int is_export, int keylength)) { (void)ctx; (void)dh; } /*** TBD ***/ -STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) +WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { return NULL; } /*** TBD ***/ -int sk_SSL_CIPHER_num(const void * p) +WOLFSSL_API int sk_SSL_CIPHER_num(const void * p) { (void)p; return -1; } /*** TBD ***/ -X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u) +WOLFSSL_API X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u) { (void)fp; (void)x; @@ -15577,7 +15577,7 @@ X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u) } /*** TBD ***/ -EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) +WOLFSSL_API EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) { (void)fp; (void)x; @@ -15587,7 +15587,7 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void } /*** TBD ***/ -int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir) +WOLFSSL_API int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir) { (void)ctx; (void)file; @@ -15596,14 +15596,14 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir } /*** TBD ***/ -int sk_SSL_CIPHER_value(void *ciphers, int idx) +WOLFSSL_API int sk_SSL_CIPHER_value(void *ciphers, int idx) { (void)ciphers; (void)idx; return 0; } -void ERR_load_SSL_strings(void) +WOLFSSL_API void ERR_load_SSL_strings(void) { } From 9ca49e7f5637a8a7aedc95285fa694ff43a8f179 Mon Sep 17 00:00:00 2001 From: Maxime Vincent Date: Wed, 12 Apr 2017 11:59:17 +0200 Subject: [PATCH 06/14] Add more stubs for haproxy --- src/ssl.c | 50 ++++++++++++++++++++++++++++++++++++ wolfssl/openssl/ssl.h | 9 +++++-- wolfssl/ssl.h | 38 ++++++++++++++++++--------- wolfssl/wolfcrypt/settings.h | 3 +++ 4 files changed, 86 insertions(+), 14 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 7c7e250b0..6a2b3a1f4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13700,6 +13700,20 @@ void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) } XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); } + +int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in) +{ + /* + ASN1_STRING_to_UTF8() converts the string in to UTF8 format, + the converted data is allocated in a buffer in *out. + The length of out is returned or a negative error code. + The buffer *out should be free using OPENSSL_free(). + */ + (void)out; + (void)in; + WOLFSSL_STUB("ASN1_STRING_to_UTF8"); + return -1; +} #endif /* NO_ASN */ @@ -24062,6 +24076,42 @@ void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, ctx->alpnSelectArg = arg; } } + +void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + const unsigned char + **out, + unsigned int *outlen, + void *arg), void *arg) +{ + (void)s; + (void)cb; + (void)arg; + WOLFSSL_STUB("wolfSSL_CTX_set_next_protos_advertised_cb"); +} + +void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg) +{ + (void)s; + (void)cb; + (void)arg; + WOLFSSL_STUB("wolfSSL_CTX_set_next_proto_select_cb"); +} + +void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, + unsigned *len) +{ + (void)s; + (void)data; + (void)len; + WOLFSSL_STUB("wolfSSL_get0_next_proto_negotiated"); +} #endif /* HAVE_ALPN */ #endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 43b53c094..238706bd9 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -340,6 +340,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get #define ASN1_INTEGER_to_BN wolfSSL_ASN1_INTEGER_to_BN +#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 #define SSL_load_client_CA_file wolfSSL_load_client_CA_file @@ -722,7 +723,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define NID_inhibit_any_policy 168 /* 2.5.29.54 */ #define NID_tlsfeature 92 /* id-pe 24 */ -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #include #define OPENSSL_STRING WOLFSSL_STRING @@ -733,7 +736,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define OPENSSL_NPN_NEGOTIATED 1 #define OPENSSL_NPN_NO_OVERLAP 2 - /* Nginx checks these to see if the error was a handshake error. */ #define SSL_R_BAD_CHANGE_CIPHER_SPEC LENGTH_ERROR #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG BUFFER_E @@ -794,6 +796,9 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected #define SSL_select_next_proto wolfSSL_select_next_proto #define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb +#define SSL_CTX_set_next_protos_advertised_cb wolfSSL_CTX_set_next_protos_advertised_cb +#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb +#define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index dccc2fb29..ff94baf97 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -490,6 +490,7 @@ WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk); +WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in); WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL*, int, void*); WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL*); @@ -2279,20 +2280,33 @@ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, #endif /* WOLFSSL_NGINX */ WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, - const unsigned char **data, unsigned int *len); + const unsigned char **data, unsigned int *len); WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out, - unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, - unsigned int client_len); + unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx, - int (*cb) (WOLFSSL *ssl, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), void *arg); - + int (*cb) (WOLFSSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + const unsigned char **out, + unsigned int *outlen, + void *arg), void *arg); +WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s, + int (*cb) (WOLFSSL *ssl, + unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *arg), void *arg); +WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, + unsigned *len); WOLFSSL_API int sk_SSL_COMP_zero(WOLFSSL* st); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 14cdffe82..ea56a6c5e 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1530,6 +1530,9 @@ static char *fgets(char *buff, int sz, FILE *fp) #ifndef HAVE_SNI #define HAVE_SNI #endif +#endif + +#if defined(WOLFSSL_NGINX) #define SSL_CTRL_SET_TLSEXT_HOSTNAME #endif From df70b3c85972db15440d93bd7d3b3f5fe8dc3ee1 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 12 Apr 2017 12:27:20 +0200 Subject: [PATCH 07/14] Removed empty ifdef --- src/ssl.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 83e7b9e85..a8c82ab4d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -23067,14 +23067,6 @@ const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type) #endif /* NO_WOLFSSL_SERVER */ #endif /* HAVE_SNI */ - -#if defined(WOLFSSL_HAPROXY) - - - -#endif - - WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) { if (ssl && ctx && SetSSL_CTX(ssl, ctx, 0) == SSL_SUCCESS) From 723ee69114bac09f15917cf41a95a34a4cf78734 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Thu, 13 Apr 2017 15:31:50 +0200 Subject: [PATCH 08/14] Fixed missing braces in wolfcrypt test --- wolfcrypt/test/test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ce24a6511..5f6f96eb3 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -8071,8 +8071,9 @@ int dh_test(void) ret = -55; goto done; } - if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) + if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { ret = -56; goto done; + } ret = dh_generate_test(&rng); if (ret != 0) From 327986561098e6c7872357bdbb0ba96567243676 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 18 Apr 2017 18:47:04 +0200 Subject: [PATCH 09/14] Fixes after jenkins report https://test.wolfssl.com/jenkins/job/windows_pull_request_builder/1453/ --- src/ssl.c | 30 ++++++++++++++++-------------- wolfssl/ssl.h | 38 ++++++++++++++++++++------------------ 2 files changed, 36 insertions(+), 32 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5266ed8a3..5df50f9c6 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -15729,7 +15729,7 @@ WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid } /*** TBD ***/ -WOLFSSL_API int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) +WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { (void)s; (void)sid_ctx; @@ -15738,14 +15738,14 @@ WOLFSSL_API int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char } /*** TBD ***/ -WOLFSSL_API void *X509_get0_tbs_sigalg(const X509 *x) +WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x) { (void)x; return NULL; } /*** TBD ***/ -WOLFSSL_API void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor) +WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor) { (void)paobj; (void)pptype; @@ -15761,7 +15761,7 @@ WOLFSSL_API void *X509_get_X509_PUBKEY(void * x) } /*** TBD ***/ -WOLFSSL_API int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub) +WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub) { (void)ppkalg; (void)pk; @@ -15772,21 +15772,21 @@ WOLFSSL_API int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char } /*** TBD ***/ -WOLFSSL_API struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl) +WOLFSSL_API struct evp_pkey_st *SSL_get_privatekey(const WOLFSSL *ssl) { (void)ssl; return NULL; } /*** TBD ***/ -WOLFSSL_API int EVP_PKEY_bits(EVP_PKEY *pkey) +WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey) { (void)pkey; return -1; } /*** TBD ***/ -WOLFSSL_API int i2d_X509(X509 *x, unsigned char **out) +WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out) { (void)x; (void)out; @@ -15794,7 +15794,7 @@ WOLFSSL_API int i2d_X509(X509 *x, unsigned char **out) } /*** TBD ***/ -WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) +WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a) { (void)buf; (void)buf_len; @@ -15803,7 +15803,7 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) } /*** TBD ***/ -WOLFSSL_API size_t SSL_get_finished(const SSL *s, void *buf, size_t count) +WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count) { (void)s; (void)buf; @@ -15812,7 +15812,7 @@ WOLFSSL_API size_t SSL_get_finished(const SSL *s, void *buf, size_t count) } /*** TBD ***/ -WOLFSSL_API size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) +WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count) { (void)s; (void)buf; @@ -15821,7 +15821,7 @@ WOLFSSL_API size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) } /*** TBD ***/ -WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh) (SSL *ssl, int is_export, int keylength)) +WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)) { (void)ctx; (void)dh; @@ -15840,8 +15840,9 @@ WOLFSSL_API int sk_SSL_CIPHER_num(const void * p) return -1; } +#if !defined(NO_FILESYSTEM) /*** TBD ***/ -WOLFSSL_API X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u) +WOLFSSL_X509 *PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { (void)fp; (void)x; @@ -15851,7 +15852,7 @@ WOLFSSL_API X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u } /*** TBD ***/ -WOLFSSL_API EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) +WOLFSSL_EVP_PKEY *PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u) { (void)fp; (void)x; @@ -15859,9 +15860,10 @@ WOLFSSL_API EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_c (void)u; return NULL; } +#endif /*** TBD ***/ -WOLFSSL_API int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir) +WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir) { (void)ctx; (void)file; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bd8f2da5c..c22567575 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2317,27 +2317,29 @@ WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); #endif -int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); -int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); -void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x); -void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor); -void *X509_get_X509_PUBKEY(void * x); -int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub); -struct evp_pkey_st *SSL_get_privatekey(const WOLFSSL *ssl); -int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey); -int i2d_X509(WOLFSSL_X509 *x, unsigned char **out); -int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); -size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); -size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count); -void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); -STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -int sk_SSL_CIPHER_num(const void * p); -int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); -int sk_SSL_CIPHER_value(void *ciphers, int idx); -void ERR_load_SSL_strings(void); +WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); +WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len); +WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x); +WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor); +WOLFSSL_API void *X509_get_X509_PUBKEY(void * x); +WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub); +WOLFSSL_API struct evp_pkey_st *SSL_get_privatekey(const WOLFSSL *ssl); +WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out); +WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); +WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); +WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count); +WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); +WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +WOLFSSL_API int sk_SSL_CIPHER_num(const void * p); +WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); +WOLFSSL_API int sk_SSL_CIPHER_value(void *ciphers, int idx); +WOLFSSL_API void ERR_load_SSL_strings(void); +#ifndef NO_FILESYSTEM WOLFSSL_X509 *PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_EVP_PKEY *PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u); +#endif #ifdef __cplusplus } /* extern "C" */ From db835da00b1a57d03aeaac56b8a8f9f6c82cc47d Mon Sep 17 00:00:00 2001 From: Maxime Vincent Date: Sat, 22 Apr 2017 10:58:05 +0200 Subject: [PATCH 10/14] Fixes after wolfSSL feedback --- src/ssl.c | 56 ++++++++++++++++++++++++++++++------------- wolfssl/openssl/pem.h | 8 +++++++ wolfssl/ssl.h | 5 ---- 3 files changed, 48 insertions(+), 21 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 5df50f9c6..8ce202b88 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -15684,7 +15684,8 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) { (void)s; (void)type; - return 0; + WOLFSSL_STUB("wolfSSL_set_tlsext_status_type"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15692,7 +15693,8 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) { (void)s; (void)arg; - return 0; + WOLFSSL_STUB("wolfSSL_get_tlsext_status_exts"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15700,7 +15702,8 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) { (void)s; (void)arg; - return 0; + WOLFSSL_STUB("wolfSSL_set_tlsext_status_exts"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15708,7 +15711,8 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) { (void)s; (void)arg; - return 0; + WOLFSSL_STUB("wolfSSL_get_tlsext_status_ids"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15716,7 +15720,8 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) { (void)s; (void)arg; - return 0; + WOLFSSL_STUB("wolfSSL_set_tlsext_status_ids"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15725,7 +15730,8 @@ WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid (void)s; (void)sid; (void)sid_len; - return 1; + WOLFSSL_STUB("SSL_SESSION_set1_id"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15734,13 +15740,15 @@ WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned c (void)s; (void)sid_ctx; (void)sid_ctx_len; - return 1; + WOLFSSL_STUB("SSL_SESSION_set1_id_context"); + return SSL_FAILURE; } /*** TBD ***/ WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x) { (void)x; + WOLFSSL_STUB("X509_get0_tbs_sigalg"); return NULL; } @@ -15751,12 +15759,14 @@ WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const (void)pptype; (void)ppval; (void)algor; + WOLFSSL_STUB("X509_ALGOR_get0"); } /*** TBD ***/ WOLFSSL_API void *X509_get_X509_PUBKEY(void * x) { (void)x; + WOLFSSL_STUB("X509_get_X509_PUBKEY"); return NULL; } @@ -15768,13 +15778,15 @@ WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsig (void)ppklen; (void)pa; (void)pub; - return 1; + WOLFSSL_STUB("X509_PUBKEY_get0_param"); + return SSL_FAILURE; } /*** TBD ***/ WOLFSSL_API struct evp_pkey_st *SSL_get_privatekey(const WOLFSSL *ssl) { (void)ssl; + WOLFSSL_STUB("SSL_get_privatekey"); return NULL; } @@ -15782,7 +15794,8 @@ WOLFSSL_API struct evp_pkey_st *SSL_get_privatekey(const WOLFSSL *ssl) WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey) { (void)pkey; - return -1; + WOLFSSL_STUB("EVP_PKEY_bits"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15790,6 +15803,7 @@ WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out) { (void)x; (void)out; + WOLFSSL_STUB("i2d_X509"); return -1; } @@ -15799,6 +15813,7 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a) (void)buf; (void)buf_len; (void)a; + WOLFSSL_STUB("i2t_ASN1_OBJECT"); return -1; } @@ -15808,7 +15823,8 @@ WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count) (void)s; (void)buf; (void)count; - return 0; + WOLFSSL_STUB("SSL_get_finished"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15817,7 +15833,8 @@ WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t cou (void)s; (void)buf; (void)count; - return 0; + WOLFSSL_STUB("SSL_get_peer_finished"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15825,11 +15842,13 @@ WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) { (void)ctx; (void)dh; + WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback"); } /*** TBD ***/ WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { + WOLFSSL_STUB("SSL_COMP_get_compression_methods"); return NULL; } @@ -15837,27 +15856,30 @@ WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) WOLFSSL_API int sk_SSL_CIPHER_num(const void * p) { (void)p; + WOLFSSL_STUB("sk_SSL_CIPHER_num"); return -1; } #if !defined(NO_FILESYSTEM) /*** TBD ***/ -WOLFSSL_X509 *PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { (void)fp; (void)x; (void)cb; (void)u; + WOLFSSL_STUB("PEM_read_X509"); return NULL; } /*** TBD ***/ -WOLFSSL_EVP_PKEY *PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u) +WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u) { (void)fp; (void)x; (void)cb; (void)u; + WOLFSSL_STUB("PEM_read_PrivateKey"); return NULL; } #endif @@ -15868,7 +15890,8 @@ WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *f (void)ctx; (void)file; (void)dir; - return -1; + WOLFSSL_STUB("X509_STORE_load_locations"); + return SSL_FAILURE; } /*** TBD ***/ @@ -15876,7 +15899,8 @@ WOLFSSL_API int sk_SSL_CIPHER_value(void *ciphers, int idx) { (void)ciphers; (void)idx; - return 0; + WOLFSSL_STUB("sk_SSL_CIPHER_value"); + return SSL_FAILURE; } WOLFSSL_API void ERR_load_SSL_strings(void) @@ -21404,8 +21428,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, int wolfSSL_EVP_PKEY_type(int type) { - // XXX FIXME (void) type; + WOLFSSL_MSG("wolfSSL_EVP_PKEY_type always returns EVP_PKEY_RSA"); return EVP_PKEY_RSA; } diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index d9d671877..00e7abdb4 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -106,8 +106,16 @@ int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +WOLFSSL_API +WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, + pem_password_cb *cb, void *u); +WOLFSSL_API +WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, + pem_password_cb *cb, void *u); #endif /* NO_FILESYSTEM */ +#define PEM_read_X509 wolfSSL_PEM_read_X509 +#define PEM_read_PrivateKey wolfSSL_PEM_read_PrivateKey #define PEM_write_bio_PrivateKey wolfSSL_PEM_write_bio_PrivateKey /* RSA */ #define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c22567575..f18e72f2f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2336,11 +2336,6 @@ WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *f WOLFSSL_API int sk_SSL_CIPHER_value(void *ciphers, int idx); WOLFSSL_API void ERR_load_SSL_strings(void); -#ifndef NO_FILESYSTEM -WOLFSSL_X509 *PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); -WOLFSSL_EVP_PKEY *PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u); -#endif - #ifdef __cplusplus } /* extern "C" */ #endif From ebb32265eb08e3a408162fb51a15a3ebc7a187a2 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Mon, 24 Apr 2017 06:16:35 +0200 Subject: [PATCH 11/14] Minor fixes after PR review --- support/wolfssl.pc | 2 +- wolfssl/ssl.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index b363b692b..c05107569 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -1,4 +1,4 @@ -prefix=/usr +prefix=/usr/local exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f18e72f2f..f456c61f7 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -30,7 +30,6 @@ /* for users not using preprocessor flags*/ #include #include -#include /* for XFILE */ #ifdef HAVE_WOLF_EVENT #include From 7bd7de350c77dabd2a9b56685c495bf8e400c670 Mon Sep 17 00:00:00 2001 From: Maxime Vincent Date: Mon, 24 Apr 2017 10:41:39 +0200 Subject: [PATCH 12/14] More fixes for haproxy port --- src/ssl.c | 2 +- wolfssl/openssl/ssl.h | 3 ++- wolfssl/ssl.h | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index bd30a2947..3c265f0e2 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -15783,7 +15783,7 @@ WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsig } /*** TBD ***/ -WOLFSSL_API struct evp_pkey_st *SSL_get_privatekey(const WOLFSSL *ssl) +WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl) { (void)ssl; WOLFSSL_STUB("SSL_get_privatekey"); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 1740acacc..e58dc6c89 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -118,6 +118,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_use_PrivateKey wolfSSL_use_PrivateKey #define SSL_use_PrivateKey_ASN1 wolfSSL_use_PrivateKey_ASN1 #define SSL_use_RSAPrivateKey_ASN1 wolfSSL_use_RSAPrivateKey_ASN1 +#define SSL_get_privatekey wolfSSL_get_privatekey #define SSLv23_method wolfSSLv23_method #define SSLv3_server_method wolfSSLv3_server_method @@ -516,7 +517,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_get_rbio wolfSSL_SSL_get_rbio #define SSL_get_wbio wolfSSL_SSL_get_wbio #define SSL_do_handshake wolfSSL_SSL_do_handshake -#define SSL_get_ciphers(x) wolfSSL_get_ciphers(x, sizeof(x)) +#define SSL_get_ciphers(x) wolfSSL_get_ciphers((char *)x, sizeof(x)) #define SSL_SESSION_get_id wolfSSL_SESSION_get_id #define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data #define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f456c61f7..69061a76d 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1993,6 +1993,7 @@ WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der, long derSz); +WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl); #ifndef NO_RSA WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz); @@ -2322,7 +2323,6 @@ WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x); WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor); WOLFSSL_API void *X509_get_X509_PUBKEY(void * x); WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub); -WOLFSSL_API struct evp_pkey_st *SSL_get_privatekey(const WOLFSSL *ssl); WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out); WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); From 6ada67f93f07e72dc11dcdfeb39ddb6fd47a1482 Mon Sep 17 00:00:00 2001 From: Maxime Vincent Date: Mon, 24 Apr 2017 11:43:19 +0200 Subject: [PATCH 13/14] Prefix stubs with wolfSSL_ --- src/ssl.c | 34 +++++++++++++++++++++++----------- support/wolfssl.pc | 2 +- wolfssl/openssl/ssl.h | 5 ++++- wolfssl/ssl.h | 8 ++++---- 4 files changed, 32 insertions(+), 17 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 3c265f0e2..175cddbae 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -14562,12 +14562,6 @@ WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void) return 0; } -int sk_SSL_COMP_zero(WOLFSSL* st) -{ - wolfSSL_set_options(st, SSL_OP_NO_COMPRESSION); - return 0; -} - int wolfSSL_COMP_add_compression_method(int method, void* data) { (void)method; @@ -15679,6 +15673,16 @@ const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsign } #endif +/*** TBD ***/ +WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st) +{ + (void)st; + WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero"); + //wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION); + return SSL_FAILURE; +} + + /*** TBD ***/ WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) { @@ -15853,10 +15857,10 @@ WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) } /*** TBD ***/ -WOLFSSL_API int sk_SSL_CIPHER_num(const void * p) +WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p) { (void)p; - WOLFSSL_STUB("sk_SSL_CIPHER_num"); + WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_num"); return -1; } @@ -15895,12 +15899,12 @@ WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *f } /*** TBD ***/ -WOLFSSL_API int sk_SSL_CIPHER_value(void *ciphers, int idx) +WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx) { (void)ciphers; (void)idx; - WOLFSSL_STUB("sk_SSL_CIPHER_value"); - return SSL_FAILURE; + WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_value"); + return NULL; } WOLFSSL_API void ERR_load_SSL_strings(void) @@ -23721,6 +23725,14 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, #endif #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + +STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) +{ + (void)ssl; + WOLFSSL_STUB("wolfSSL_get_ciphers_compat"); + return NULL; +} + void wolfSSL_OPENSSL_config(char *config_name) { WOLFSSL_STUB("wolfSSL_OPENSSL_config"); diff --git a/support/wolfssl.pc b/support/wolfssl.pc index c05107569..b363b692b 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -1,4 +1,4 @@ -prefix=/usr/local +prefix=/usr exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index e58dc6c89..c00c8fe6c 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -517,10 +517,13 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_get_rbio wolfSSL_SSL_get_rbio #define SSL_get_wbio wolfSSL_SSL_get_wbio #define SSL_do_handshake wolfSSL_SSL_do_handshake -#define SSL_get_ciphers(x) wolfSSL_get_ciphers((char *)x, sizeof(x)) +#define SSL_get_ciphers(x) wolfSSL_get_ciphers_compat(x) #define SSL_SESSION_get_id wolfSSL_SESSION_get_id #define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data #define SSL_get_cipher_bits(s,np) wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num +#define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero +#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value #endif /* WOLFSSL_HAPROXY */ #endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 69061a76d..90b566ed2 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2310,11 +2310,10 @@ WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsi unsigned *len); -WOLFSSL_API int sk_SSL_COMP_zero(WOLFSSL* st); - #ifdef WOLFSSL_HAPROXY WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); +WOLFSSL_API STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); #endif WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); @@ -2330,9 +2329,10 @@ WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -WOLFSSL_API int sk_SSL_CIPHER_num(const void * p); WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir); -WOLFSSL_API int sk_SSL_CIPHER_value(void *ciphers, int idx); +WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p); +WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); +WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx); WOLFSSL_API void ERR_load_SSL_strings(void); #ifdef __cplusplus From 08787621ea2d1969d0b31e473662ae1a9a1ce0af Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Mon, 24 Apr 2017 12:45:23 +0200 Subject: [PATCH 14/14] wolfssl.pc: Prefix reset to /usr/local --- support/wolfssl.pc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/wolfssl.pc b/support/wolfssl.pc index b363b692b..c05107569 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -1,4 +1,4 @@ -prefix=/usr +prefix=/usr/local exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include