diff --git a/configure.ac b/configure.ac index 710998c5e..0d006e2ee 100644 --- a/configure.ac +++ b/configure.ac @@ -974,7 +974,7 @@ if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xn then AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS" - AM_CFLAGS="-DHAVE_EXT_CACHE $AM_CFLAGS" + AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS" fi if test "$ENABLED_OPENSSLEXTRA" = "x509small" @@ -1037,8 +1037,6 @@ fi if test "$ENABLED_WPAS" = "small" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL" - AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT" - AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT" fi if test "$ENABLED_WPAS" = "yes" then @@ -1060,6 +1058,8 @@ then AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB" + AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT" + AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT" fi if test "$ENABLED_FORTRESS" = "yes" diff --git a/src/internal.c b/src/internal.c index 5d6a8fe3a..8e4a2e030 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13187,7 +13187,7 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, ssl->secure_renegotiation->verifySet = 1; } #endif -#ifdef OPENSSL_ALL +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) if (ssl->options.side == WOLFSSL_CLIENT_END) XMEMCPY(ssl->serverFinished, input + *inOutIdx, TLS_FINISHED_SZ); @@ -17978,7 +17978,7 @@ int SendFinished(WOLFSSL* ssl) TLS_FINISHED_SZ); } #endif -#ifdef OPENSSL_ALL +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) if (ssl->options.side == WOLFSSL_CLIENT_END) XMEMCPY(ssl->clientFinished, hashes, TLS_FINISHED_SZ); diff --git a/src/ssl.c b/src/ssl.c index e0875ef87..c0cbdb211 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14084,7 +14084,14 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret, (void) restoreSessionCerts; - if (ssl->options.sessionCacheOff) + if (ssl->options.sessionCacheOff +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET) + && ssl->session.ticketLen == 0 +#endif +#ifdef OPENSSL_EXTRA + && ssl->options.side != WOLFSSL_CLIENT_END +#endif + ) return NULL; if (ssl->options.haveSessionId == 0) @@ -14291,7 +14298,14 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) { - if (ssl == NULL || ssl->options.sessionCacheOff) + if (ssl == NULL || (ssl->options.sessionCacheOff +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET) + && session->ticketLen == 0 +#endif +#ifdef OPENSSL_EXTRA + && ssl->options.side != WOLFSSL_CLIENT_END +#endif + )) return WOLFSSL_FAILURE; #ifdef OPENSSL_EXTRA @@ -14356,7 +14370,14 @@ int AddSession(WOLFSSL* ssl) int cbRet = 0; #endif - if (ssl->options.sessionCacheOff) + if (ssl->options.sessionCacheOff +#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET) + && ssl->session.ticketLen == 0 +#endif +#ifdef OPENSSL_EXTRA + && ssl->options.side != WOLFSSL_CLIENT_END +#endif + ) return 0; if (ssl->options.haveSessionId == 0) @@ -27259,7 +27280,7 @@ int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp) return a->objSz; } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count) { WOLFSSL_ENTER("SSL_get_finished"); diff --git a/tests/api.c b/tests/api.c index 556777871..e353ea09a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -23448,6 +23448,7 @@ static int test_wc_ecc_pointFns (void) printf(resultFmt, ret == 0 ? passed : failed); +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) #ifdef USE_ECC_B_PARAM printf(testingFmt, "wc_ecc_point_is_on_curve()"); /* On curve if ret == 0 */ @@ -23468,6 +23469,7 @@ static int test_wc_ecc_pointFns (void) } printf(resultFmt, ret == 0 ? passed : failed); #endif /* USE_ECC_B_PARAM */ +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ /* Free */ wc_ecc_del_point(point); @@ -30971,7 +30973,7 @@ static void test_wolfSSL_Tls13_Key_Logging_test(void) printf(resultFmt, passed); -#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ +#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */ } static void test_wolfSSL_X509_NID(void) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index bfdb605c8..e25bdbd6c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4478,7 +4478,7 @@ struct WOLFSSL { #ifdef WOLFSSL_STATIC_EPHEMERAL StaticKeyExchangeInfo_t staticKE; #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) /* Added in libest port: allow applications to get the 'tls-unique' Channel * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is * used in the EST protocol to bind an enrollment to a TLS session through diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d9b0812fe..99bf5e4e7 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4408,7 +4408,7 @@ WOLFSSL_API int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count);