From f6b91f04edffced0b7c721968fe5fdc2c1177d5d Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 20 Aug 2021 14:00:33 -0600 Subject: [PATCH 1/8] BIO_set_nbio() should always return 1, check input bio for NULL before using --- src/bio.c | 55 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/src/bio.c b/src/bio.c index fbdcdfd08..55ec3db40 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1660,38 +1660,43 @@ void* wolfSSL_BIO_get_data(WOLFSSL_BIO* bio) */ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) { - int ret = 0; #ifndef WOLFSSL_DTLS (void)on; #endif WOLFSSL_ENTER("wolfSSL_BIO_set_nbio"); - switch (bio->type) { - case WOLFSSL_BIO_SOCKET: - #ifdef XFCNTL - { - int flag = XFCNTL(bio->num, F_GETFL, 0); - if (on) - ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); - else - ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); - } - #endif - break; - case WOLFSSL_BIO_SSL: - #ifdef WOLFSSL_DTLS - wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on); - #endif - break; + if (bio) { + switch (bio->type) { + case WOLFSSL_BIO_SOCKET: + #ifdef XFCNTL + { + int ret = 0; + int flag = XFCNTL(bio->num, F_GETFL, 0); + if (on) { + ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); + } else { + ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); + } - default: - WOLFSSL_MSG("Unsupported bio type for non blocking"); - break; + if (ret == -1) { + WOLFSSL_MSG("Call to XFCNTL failed"); + } + } + #endif + break; + case WOLFSSL_BIO_SSL: + #ifdef WOLFSSL_DTLS + wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on); + #endif + break; + + default: + WOLFSSL_MSG("Unsupported bio type for non blocking"); + break; + } } - if (ret != -1) - return 1; - else - return 0; + + return 1; } From 0f344e4b647e7e610886713394f7160c8bbd54a1 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 20 Aug 2021 14:17:51 -0600 Subject: [PATCH 2/8] add SHA3 NID and name info to wolfssl_object_info[] --- src/ssl.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 5938d669f..1a62e7b6b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -30549,6 +30549,18 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #ifdef WOLFSSL_SHA512 { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"}, #endif + #ifndef WOLFSSL_NOSHA3_224 + { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"}, + #endif + #ifndef WOLFSSL_NOSHA3_256 + { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"}, + #endif + #ifndef WOLFSSL_NOSHA3_384 + { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"}, + #endif + #ifndef WOLFSSL_NOSHA3_512 + { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"}, + #endif /* oidSigType */ #ifndef NO_DSA From b8c90b369ea2f586371007919fcc869c53879398 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 23 Aug 2021 15:33:59 -0600 Subject: [PATCH 3/8] bump openssl version for Python 3.8.5 port with WOLFSSL_PYTHON --- wolfssl/openssl/opensslv.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index f0c874cd8..9ae42413d 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -35,7 +35,8 @@ defined(WOLFSSL_RSYSLOG) /* For Apache httpd, Use 1.1.0 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10100000L -#elif defined(WOLFSSL_QT) +#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) + /* For Qt and Python 3.8.5 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10101000L #elif defined(WOLFSSL_HAPROXY) #define OPENSSL_VERSION_NUMBER 0x1010000fL From dae4d637c9594fda9745ba63b7150e428d1e9d3b Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 24 Aug 2021 09:29:12 -0600 Subject: [PATCH 4/8] define SSL_OP_* in openssl/ssl.h for compatibility --- wolfssl/openssl/ssl.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 5db30e76d..79a87dd22 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1385,6 +1385,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 #endif +/* Some openssl consumers try to detect these options with ifdef, defining + * here since we use an enum internally instead */ +#define SSL_OP_SINGLE_DH_USE SSL_OP_SINGLE_DH_USE +#define SSL_OP_SINGLE_ECDH_USE SSL_OP_SINGLE_ECDH_USE +#define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_CIPHER_SERVER_PREFERENCE + #define OPENSSL_config wolfSSL_OPENSSL_config #define OPENSSL_memdup wolfSSL_OPENSSL_memdup #define OPENSSL_cleanse wolfSSL_OPENSSL_cleanse From 3f534e7e079f318a637fb6dfedece5b51072dd7e Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 15 Sep 2021 03:16:38 -0600 Subject: [PATCH 5/8] return macro and macro guards --- src/bio.c | 4 +--- src/ssl.c | 19 ++++++++++--------- wolfssl/openssl/ssl.h | 6 +++--- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/src/bio.c b/src/bio.c index 55ec3db40..ef5b85b7c 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1660,9 +1660,6 @@ void* wolfSSL_BIO_get_data(WOLFSSL_BIO* bio) */ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) { - #ifndef WOLFSSL_DTLS - (void)on; - #endif WOLFSSL_ENTER("wolfSSL_BIO_set_nbio"); if (bio) { @@ -1696,6 +1693,7 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) } } + (void)on; return 1; } diff --git a/src/ssl.c b/src/ssl.c index 1a62e7b6b..fcf11365f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -30549,19 +30549,20 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #ifdef WOLFSSL_SHA512 { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"}, #endif - #ifndef WOLFSSL_NOSHA3_224 + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"}, - #endif - #ifndef WOLFSSL_NOSHA3_256 + #endif + #ifndef WOLFSSL_NOSHA3_256 { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"}, - #endif - #ifndef WOLFSSL_NOSHA3_384 + #endif + #ifndef WOLFSSL_NOSHA3_384 { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"}, - #endif - #ifndef WOLFSSL_NOSHA3_512 + #endif + #ifndef WOLFSSL_NOSHA3_512 { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"}, - #endif - + #endif + #endif /* WOLFSSL_SHA3 */ /* oidSigType */ #ifndef NO_DSA #ifndef NO_SHA diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 79a87dd22..5fd51d7e9 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1387,9 +1387,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ /* Some openssl consumers try to detect these options with ifdef, defining * here since we use an enum internally instead */ -#define SSL_OP_SINGLE_DH_USE SSL_OP_SINGLE_DH_USE -#define SSL_OP_SINGLE_ECDH_USE SSL_OP_SINGLE_ECDH_USE -#define SSL_OP_CIPHER_SERVER_PREFERENCE SSL_OP_CIPHER_SERVER_PREFERENCE +#define SSL_OP_SINGLE_DH_USE WOLFSSL_OP_SINGLE_DH_USE +#define SSL_OP_SINGLE_ECDH_USE WOLFSSL_OP_SINGLE_ECDH_USE +#define SSL_OP_CIPHER_SERVER_PREFERENCE WOLFSSL_OP_CIPHER_SERVER_PREFERENCE #define OPENSSL_config wolfSSL_OPENSSL_config #define OPENSSL_memdup wolfSSL_OPENSSL_memdup From 1bf4dbfa32ba2b60a2d35a4c5e4e71356740b231 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 15 Sep 2021 04:01:44 -0600 Subject: [PATCH 6/8] rename enum value --- src/ssl.c | 9 +++++---- wolfssl/ssl.h | 6 +++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index fcf11365f..e0614aee9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27447,8 +27447,9 @@ static long wolf_set_options(long old_op, long op) WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); } - if ((op & SSL_OP_CIPHER_SERVER_PREFERENCE) == SSL_OP_CIPHER_SERVER_PREFERENCE) { - WOLFSSL_MSG("\tSSL_OP_CIPHER_SERVER_PREFERENCE"); + if ((op & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) == + WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { + WOLFSSL_MSG("\tWOLFSSL_OP_CIPHER_SERVER_PREFERENCE"); } if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { @@ -45149,8 +45150,8 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) #ifdef WOLFSSL_QT /* Set whether to use client or server cipher preference */ - if ((ctrl_opt & SSL_OP_CIPHER_SERVER_PREFERENCE) - == SSL_OP_CIPHER_SERVER_PREFERENCE) { + if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) + == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { WOLFSSL_MSG("Using Server's Cipher Preference."); ctx->useClientOrder = FALSE; } else { diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 60c77f888..845812e19 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1991,14 +1991,14 @@ enum { SSL_OP_PKCS1_CHECK_2 = 0x00008000, SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000, - SSL_OP_SINGLE_DH_USE = 0x00040000, + WOLFSSL_OP_SINGLE_DH_USE = 0x00040000, SSL_OP_NO_TICKET = 0x00080000, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000, SSL_OP_NO_QUERY_MTU = 0x00200000, SSL_OP_COOKIE_EXCHANGE = 0x00400000, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000, - SSL_OP_SINGLE_ECDH_USE = 0x01000000, - SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000, + WOLFSSL_OP_SINGLE_ECDH_USE = 0x01000000, + WOLFSSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000, WOLFSSL_OP_NO_TLSv1_1 = 0x04000000, WOLFSSL_OP_NO_TLSv1_2 = 0x08000000, SSL_OP_NO_COMPRESSION = 0x10000000, From ec0335cdb39bede677a59cac8fae0d1ab17beabe Mon Sep 17 00:00:00 2001 From: Hayden Roche Date: Sun, 19 Sep 2021 16:17:32 -0700 Subject: [PATCH 7/8] Use WOLFSSL_SUCCESS instead of 1. --- src/bio.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/bio.c b/src/bio.c index ef5b85b7c..891cec5f6 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1656,7 +1656,7 @@ void* wolfSSL_BIO_get_data(WOLFSSL_BIO* bio) } /* If flag is 0 then blocking is set, if 1 then non blocking. - * Always returns 1 + * Always returns WOLFSSL_SUCCESS. */ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) { @@ -1694,7 +1694,8 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) } (void)on; - return 1; + + return WOLFSSL_SUCCESS; } From 82a3d79c2f3a746b722000bd2e5abff927606492 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Thu, 23 Sep 2021 11:26:17 -0600 Subject: [PATCH 8/8] unnecessary variable init, else formatting in bio.c --- src/bio.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/bio.c b/src/bio.c index 891cec5f6..e2cf578b3 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1667,11 +1667,12 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) case WOLFSSL_BIO_SOCKET: #ifdef XFCNTL { - int ret = 0; + int ret; int flag = XFCNTL(bio->num, F_GETFL, 0); if (on) { ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); - } else { + } + else { ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); }