From 394c0b5cdca87d79f0af2a5249d85a6fab2492dc Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 22 Apr 2021 15:27:56 +0900 Subject: [PATCH 1/6] implemented CONF_cmd --- src/ssl.c | 383 ++++++++++++++++++++++++++++++++++++++++-- tests/api.c | 53 +++++- wolfssl/openssl/ssl.h | 6 +- wolfssl/ssl.h | 8 + 4 files changed, 431 insertions(+), 19 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 645d21cd2..a18b45ce6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -56073,6 +56073,7 @@ void wolfSSL_CONF_CTX_free(WOLFSSL_CONF_CTX* cctx) if (cctx) { XFREE(cctx, NULL, DYNAMIC_TYPE_OPENSSL); } + WOLFSSL_LEAVE("wolfSSL_CONF_CTX_free", 1); } /** * Set WOLFSSL_CTX instance to WOLFSSL_CONF_CTX @@ -56092,6 +56093,7 @@ void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx) } cctx->ctx = ctx; + WOLFSSL_LEAVE("wolfSSL_CONF_CTX_set_ssl_ctx", 1); } /** * set flag value into WOLFSSL_CONF_CTX @@ -56110,36 +56112,397 @@ unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx, return cctx->flags; } -#ifndef NO_WOLFSSL_STUB /** * finish configuration command operation * @param cctx a pointer to WOLFSSL_CONF_CTX structure to be set - * @return WOLFSSL_SUCCESS on success, - * otherwise WOLFSSL_FAILURE (stub currently returns WOLFSSL_FAILURE always) + * @return WOLFSSL_SUCCESS on success */ int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx) { - WOLFSSL_STUB("wolfSSL_CONF_CTX_finish"); (void)cctx; - return WOLFSSL_FAILURE; + return WOLFSSL_SUCCESS; } + +#define WOLFSSL_CONF_FILE_CMD1 "Curves" +#define WOLFSSL_CONF_FILE_CMD2 "Certificate" +#define WOLFSSL_CONF_FILE_CMD3 "PrivateKey" +#define WOLFSSL_CONF_FILE_CMD4 "Protocol" +#define WOLFSSL_CONF_FILE_CMD5 "Options" +#define WOLFSSL_CONF_FILE_CMD6 "ServerInfoFile" +#define WOLFSSL_CONF_FILE_CMD7 "SignatureAlgorithms" +#define WOLFSSL_CONF_FILE_CMD8 "ClientSignatureAlgorithms" +#define WOLFSSL_CONF_FILE_CMD9 "CipherString" + +#define WOLFSSL_CONF_CMDL_CMD1 "curves" +#define WOLFSSL_CONF_CMDL_CMD2 "cert" +#define WOLFSSL_CONF_CMDL_CMD3 "key" +#define WOLFSSL_CONF_CMDL_CMD4 NULL +#define WOLFSSL_CONF_CMDL_CMD5 NULL +#define WOLFSSL_CONF_CMDL_CMD6 NULL +#define WOLFSSL_CONF_CMDL_CMD7 "sigalgs" +#define WOLFSSL_CONF_CMDL_CMD8 "client_sigalgs" +#define WOLFSSL_CONF_CMDL_CMD9 "cipher" + +#if !defined(NO_DH) && !defined(NO_BIO) +#define WOLFSSL_CONF_FILE_CMD10 "DHParameters" +#define WOLFSSL_CONF_CMDL_CMD10 "dhparam" +#endif + +#ifdef HAVE_ECC +#define WOLFSSL_CONF_FILE_CMD11 "ECDHParameters" +#define WOLFSSL_CONF_CMDL_CMD11 "named_curves" +#endif + +/** + * process Cipher String command + * @param cctx a pointer to WOLFSSL_CONF_CTX structure + * @param value arguments for cmd + * @return WOLFSSL_SUCCESS on success, + * otherwise WOLFSSL_FAILURE or + * -3 if value is null or + * negative value on other failure + */ +static int cmdfunc_cipherstring(WOLFSSL_CONF_CTX* cctx, const char* value) +{ + int ret = -3; + + WOLFSSL_ENTER("cmdfunc_cipherstring"); + + /* sanity check */ + if (cctx == NULL) + return WOLFSSL_FAILURE; + + if (value == NULL) { + WOLFSSL_MSG("bad arguments"); + return ret; + } + + if (cctx->ctx) { + ret = wolfSSL_CTX_set_cipher_list(cctx->ctx, value); + } + + if (cctx->ssl) { + ret = wolfSSL_set_cipher_list(cctx->ssl, value); + } + + WOLFSSL_LEAVE("cmdfunc_cipherstring", ret); + return ret; +} + +/** + * process curves command + * @param cctx a pointer to WOLFSSL_CONF_CTX structure + * @param value arguments for cmd + * @return WOLFSSL_SUCCESS on success, + * otherwise WOLFSSL_FAILURE or + * -3 if value is null or + * negative value on other failure + */ +#if defined(HAVE_ECC) +static int cmdfunc_curves(WOLFSSL_CONF_CTX* cctx, const char* value) +{ + int ret = -3; + + WOLFSSL_ENTER("cmdfunc_curves"); + + /* sanity check */ + if (cctx == NULL) + return WOLFSSL_FAILURE; + + if (value == NULL) { + WOLFSSL_MSG("bad arguments"); + return ret; + } + + if (cctx->ctx) { + ret = wolfSSL_CTX_set1_curves_list(cctx->ctx, value); + } + + if (cctx->ssl) { + ret = wolfSSL_set1_curves_list(cctx->ssl, value); + } + + WOLFSSL_LEAVE("cmdfunc_curves", ret); + return ret; +} +#endif +/** + * process cert command + * @param cctx a pointer to WOLFSSL_CONF_CTX structure + * @param value arguments for cmd + * @return WOLFSSL_SUCCESS on success, + * otherwise WOLFSSL_FAILURE or + * -3 if value is null or + * negative value on other failure + */ +static int cmdfunc_cert(WOLFSSL_CONF_CTX* cctx, const char* value) +{ + int ret = -3; + + WOLFSSL_ENTER("cmdfunc_cert"); + + /* sanity check */ + if (cctx == NULL) + return WOLFSSL_FAILURE; + + if (value == NULL) { + WOLFSSL_MSG("bad arguments"); + return ret; + } + + if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) { + WOLFSSL_MSG("certificate flag is not set"); + return -2; + } + + if (cctx->ctx) { + ret = wolfSSL_CTX_use_certificate_chain_file(cctx->ctx, value); + } + + if (cctx->ssl) { + ret = wolfSSL_use_certificate_file(cctx->ssl, value, + WOLFSSL_FILETYPE_PEM); + } + + WOLFSSL_LEAVE("cmdfunc_cert", ret); + return ret; +} +/** + * process key command + * @param cctx a pointer to WOLFSSL_CONF_CTX structure + * @param value arguments for cmd + * @return WOLFSSL_SUCCESS on success, + * otherwise WOLFSSL_FAILURE or + * -3 if value is null or + * negative value on other failure + */ +static int cmdfunc_key(WOLFSSL_CONF_CTX* cctx, const char* value) +{ + int ret = -3; + + WOLFSSL_ENTER("cmdfunc_key"); + + /* sanity check */ + if (cctx == NULL) + return WOLFSSL_FAILURE; + + if (value == NULL) { + WOLFSSL_MSG("bad arguments"); + return ret; + } + + if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) { + WOLFSSL_MSG("certificate flag is not set"); + return -2; + } + + if (cctx->ctx) { + ret = wolfSSL_CTX_use_PrivateKey_file(cctx->ctx, value, + WOLFSSL_FILETYPE_PEM); + } + + if (cctx->ssl) { + ret = wolfSSL_use_PrivateKey_file(cctx->ssl, value, + WOLFSSL_FILETYPE_PEM); + } + + WOLFSSL_LEAVE("cmdfunc_key", ret); + return ret; +} +/** + * process DH parameter command + * @param cctx a pointer to WOLFSSL_CONF_CTX structure + * @param value arguments for cmd + * @return WOLFSSL_SUCCESS on success, + * otherwise WOLFSSL_FAILURE or + * -3 if value is null or + * negative value on other failure + */ +#if !defined(NO_DH) && !defined(NO_BIO) +static int cmdfunc_dhparam(WOLFSSL_CONF_CTX* cctx, const char* value) +{ + int ret = -3; + WOLFSSL_DH* dh = NULL; + WOLFSSL_BIO* bio = NULL; + + WOLFSSL_MSG("cmdfunc_dhparam"); + + /* sanity check */ + if (cctx == NULL) + return WOLFSSL_FAILURE; + + if (value == NULL) { + WOLFSSL_MSG("bad arguments"); + return ret; + } + + if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) { + WOLFSSL_MSG("certificate flag is not set"); + return -2; + } + + if (cctx->ctx || cctx->ssl) { + bio = wolfSSL_BIO_new_file(value, "rb"); + if (!bio) { + WOLFSSL_MSG("bio new file failed"); + return WOLFSSL_FAILURE; + } + dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + if (!dh) { + wolfSSL_BIO_free(bio); + WOLFSSL_MSG("PEM read bio failed"); + return WOLFSSL_FAILURE; + } + } else + return 1; + + if (cctx->ctx) { + ret = wolfSSL_CTX_set_tmp_dh(cctx->ctx, dh); + } + + if (cctx->ssl) { + /* wolfSSL_use_set_tmp_dh not yet implemented */ + ret = WOLFSSL_FAILURE; + } + + if (dh) + wolfSSL_DH_free(dh); + if (bio) + wolfSSL_BIO_free(bio); + + WOLFSSL_LEAVE("cmdfunc_dhparam", ret); + return ret; +} +#endif /* !NO_DH && !NO_BIO */ +/** + * command table + */ +typedef struct conf_cmd_tbl { + const char* file_cmd; + const char* cmdline_cmd; + word32 data_type; + int (*cmdfunc)(WOLFSSL_CONF_CTX* cctx, const char* value); +}conf_cmd_tbl; + +static const conf_cmd_tbl conf_cmds_tbl[] = { + /* cmd Curves */ + {WOLFSSL_CONF_FILE_CMD1, WOLFSSL_CONF_CMDL_CMD1, + WOLFSSL_CONF_TYPE_STRING, cmdfunc_curves}, + /* cmd Certificate */ + {WOLFSSL_CONF_FILE_CMD2, WOLFSSL_CONF_CMDL_CMD2, + WOLFSSL_CONF_TYPE_FILE, cmdfunc_cert}, + /* cmd PrivateKey */ + {WOLFSSL_CONF_FILE_CMD3, WOLFSSL_CONF_CMDL_CMD3, + WOLFSSL_CONF_TYPE_FILE, cmdfunc_key}, + /* cmd Protocol */ + {WOLFSSL_CONF_FILE_CMD4, WOLFSSL_CONF_CMDL_CMD4, + WOLFSSL_CONF_TYPE_STRING, NULL}, + /* cmd Options */ + {WOLFSSL_CONF_FILE_CMD5, WOLFSSL_CONF_CMDL_CMD5, + WOLFSSL_CONF_TYPE_STRING, NULL}, + /* cmd ServerInfoFile */ + {WOLFSSL_CONF_FILE_CMD6, WOLFSSL_CONF_CMDL_CMD6, + WOLFSSL_CONF_TYPE_FILE, NULL}, + /* cmd SignatureAlgorithms */ + {WOLFSSL_CONF_FILE_CMD7, WOLFSSL_CONF_CMDL_CMD7, + WOLFSSL_CONF_TYPE_STRING, NULL}, + /* cmd ClientSignatureAlgorithms */ + {WOLFSSL_CONF_FILE_CMD8, WOLFSSL_CONF_CMDL_CMD8, + WOLFSSL_CONF_TYPE_STRING, NULL}, + /* cmd CipherString */ + {WOLFSSL_CONF_FILE_CMD9, WOLFSSL_CONF_CMDL_CMD9, + WOLFSSL_CONF_TYPE_STRING, cmdfunc_cipherstring}, +#if !defined(NO_DH) && !defined(NO_BIO) + /* cmd DHParameters */ + {WOLFSSL_CONF_FILE_CMD9, WOLFSSL_CONF_CMDL_CMD9, + WOLFSSL_CONF_TYPE_FILE, NULL}, +#endif +#ifdef HAVE_ECC + /* cmd ECHDParameters */ + {WOLFSSL_CONF_FILE_CMD10, WOLFSSL_CONF_CMDL_CMD10, + WOLFSSL_CONF_TYPE_STRING, cmdfunc_dhparam}, +#endif +}; +/* size of command table */ +static const size_t size_of_cmd_tbls = sizeof(conf_cmds_tbl) + / sizeof(conf_cmd_tbl); + /** * send configuration command * @param cctx a pointer to WOLFSSL_CONF_CTX structure * @param cmd configuration command * @param value arguments for cmd - * @return WOLFSSL_SUCCESS on success, - * otherwise WOLFSSL_FAILURE (stub currently returns WOLFSSL_FAILURE always) + * @return 1 when cmd is recognised, but value is not used + * 2 both cmd and value are used + * otherwise WOLFSSL_FAILURE + * -2 if cmd is not recognised + * -3 if value is NULL, but cmd is recognized */ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) { - WOLFSSL_STUB("wolfSSL_CONF_cmd"); + int ret = WOLFSSL_FAILURE; + size_t i; + size_t cmdlen; + const char* c; + WOLFSSL_ENTER("wolfSSL_CONF_cmd"); + (void)cctx; (void)cmd; (void)value; - return WOLFSSL_FAILURE; + + /* sanity check */ + if (cctx == NULL || cmd == NULL) { + WOLFSSL_MSG("bad arguments"); + return ret; + } + + for (i = 0; i < size_of_cmd_tbls; i++) { + /* check if the cmd is valid */ + if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) { + cmdlen = XSTRLEN(cmd); + if (cmdlen < 2) { + WOLFSSL_MSG("bad cmdline command"); + return ret; + } + /* skip "-" prefix */ + c = ++cmd; + + if (XSTRCMP(c, conf_cmds_tbl[i].cmdline_cmd) == 0) { + if (conf_cmds_tbl[i].cmdfunc != NULL) { + ret = conf_cmds_tbl[i].cmdfunc(cctx, value); + break; + } else { + WOLFSSL_MSG("cmd not yet implemented"); + return ret; + } + } + } + + if (cctx->flags & WOLFSSL_CONF_FLAG_FILE) { + if (XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) { + if (conf_cmds_tbl[i].cmdfunc != NULL) { + ret = conf_cmds_tbl[i].cmdfunc(cctx, value); + break; + } else { + WOLFSSL_MSG("cmd not yet implemented"); + return ret; + } + } + } + } + + if (i == size_of_cmd_tbls) { + WOLFSSL_MSG("invalid command"); + ret = -2; + } + + /* return code compliant with OpenSSL */ + if (ret < -3) + ret = 0; + + WOLFSSL_LEAVE("wolfSSL_CONF_cmd", ret); + return ret; } -#endif /* !NO_WOLFSSL_STUB */ #if defined(HAVE_EX_DATA) || defined(FORTRESS) /** diff --git a/tests/api.c b/tests/api.c index 480585ea7..103144637 100644 --- a/tests/api.c +++ b/tests/api.c @@ -43085,7 +43085,7 @@ static void test_wolfSSL_OpenSSL_version(void) #endif } -static void test_CONF_CTX(void) +static void test_CONF_CTX_FILE(void) { #if defined(OPENSSL_ALL) printf(testingFmt, "test_CONF_CTX"); @@ -43107,14 +43107,51 @@ static void test_CONF_CTX(void) #endif #endif - AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, 0x1), 0x1); - - /* STUB */ - #if !defined(NO_WOLFSSL_STUB) - AssertIntEQ(SSL_CONF_cmd(cctx, "TEST", "TEST1"), WOLFSSL_FAILURE); - AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_FAILURE); + /* set flags */ + AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE), + WOLFSSL_CONF_FLAG_FILE); + AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), + WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE); + /* cmd Certificate and Private Key*/ + { + #ifndef NO_CERTS + const char* ourCert = svrCertFile; + const char* ourKey = svrKeyFile; + AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert), + WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif + } + /* cmd curves */ + { + #if defined(HAVE_ECC) + const char* curve = "secp256r1"; + + AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + #endif + } + + /* cmd CipherString */ + { + char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); + AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + } + + /* cmd DH parameter */ + { + #if !defined(NO_DH) && !defined(NO_BIO) + const char* ourdhcert = "./certs/dh3072.pem"; + + AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert), + WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + + #endif + } SSL_CTX_free(ctx); SSL_CONF_CTX_free(cctx); @@ -43768,7 +43805,7 @@ void ApiTest(void) test_wolfSSL_OpenSSL_version(); test_wolfSSL_set_psk_use_session_callback(); - test_CONF_CTX(); + test_CONF_CTX_FILE(); test_wolfSSL_CRYPTO_get_ex_new_index(); test_wolfSSL_DH_get0_pqg(); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 7e8415706..a2b1d651d 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1157,7 +1157,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define DTLS1_2_VERSION 0xFEFD #define DTLS_MAX_VERSION DTLS1_2_VERSION -#define SSL_CONF_FLAG_FILE 0x2 +#define SSL_CONF_FLAG_CMDLINE WOLFSSL_CONF_FLAG_CMDLINE +#define SSL_CONF_FLAG_FILE WOLFSSL_CONF_FLAG_FILE +#define SSL_CONF_FLAG_CERTIFICATE WOLFSSL_CONF_FLAG_CERTIFICATE +#define SSL_CONF_TYPE_STRING WOLFSSL_CONF_TYPE_STRING +#define SSL_CONF_TYPE_FILE WOLFSSL_CONF_TYPE_FILE #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \ || defined(OPENSSL_ALL) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5e8e1f7f0..e5bcf772c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4415,6 +4415,14 @@ WOLFSSL_API void wolfSSL_CONF_CTX_free(WOLFSSL_CONF_CTX* cctx); WOLFSSL_API void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx); WOLFSSL_API unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx, unsigned int flags); WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx); + +#define WOLFSSL_CONF_FLAG_CMDLINE 0x1 +#define WOLFSSL_CONF_FLAG_FILE 0x2 +#define WOLFSSL_CONF_FLAG_CERTIFICATE 0x20 + +#define WOLFSSL_CONF_TYPE_STRING 0x1 +#define WOLFSSL_CONF_TYPE_FILE 0x2 + WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value); #if defined(HAVE_EX_DATA) || defined(FORTRESS) WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, From 33e91c577fbc74055893913c123e5c1337d2ed2c Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 23 Apr 2021 07:57:35 +0900 Subject: [PATCH 2/6] added unit test cases for cmdline --- src/ssl.c | 35 +++++++++-------- tests/api.c | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 127 insertions(+), 17 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index a18b45ce6..d5f968b73 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -56441,9 +56441,9 @@ static const size_t size_of_cmd_tbls = sizeof(conf_cmds_tbl) int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) { int ret = WOLFSSL_FAILURE; - size_t i; - size_t cmdlen; - const char* c; + size_t i = 0; + size_t cmdlen = 0; + const char* c = NULL; WOLFSSL_ENTER("wolfSSL_CONF_cmd"); (void)cctx; @@ -56456,36 +56456,41 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) return ret; } + if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) { + cmdlen = XSTRLEN(cmd); + + if (cmdlen < 2) { + WOLFSSL_MSG("bad cmdline command"); + return -2; + } + /* skip "-" prefix */ + c = ++cmd; + } + for (i = 0; i < size_of_cmd_tbls; i++) { /* check if the cmd is valid */ if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) { - cmdlen = XSTRLEN(cmd); - if (cmdlen < 2) { - WOLFSSL_MSG("bad cmdline command"); - return ret; - } - /* skip "-" prefix */ - c = ++cmd; - - if (XSTRCMP(c, conf_cmds_tbl[i].cmdline_cmd) == 0) { + if (c != NULL && conf_cmds_tbl[i].cmdline_cmd != NULL && + XSTRCMP(c, conf_cmds_tbl[i].cmdline_cmd) == 0) { if (conf_cmds_tbl[i].cmdfunc != NULL) { ret = conf_cmds_tbl[i].cmdfunc(cctx, value); break; } else { WOLFSSL_MSG("cmd not yet implemented"); - return ret; + return -2; } } } if (cctx->flags & WOLFSSL_CONF_FLAG_FILE) { - if (XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) { + if (conf_cmds_tbl[i].file_cmd != NULL && + XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) { if (conf_cmds_tbl[i].cmdfunc != NULL) { ret = conf_cmds_tbl[i].cmdfunc(cctx, value); break; } else { WOLFSSL_MSG("cmd not yet implemented"); - return ret; + return -2; } } } diff --git a/tests/api.c b/tests/api.c index 103144637..ab05472a3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -43085,10 +43085,99 @@ static void test_wolfSSL_OpenSSL_version(void) #endif } +static void test_CONF_CTX_CMDLINE(void) +{ +#if defined(OPENSSL_ALL) + printf(testingFmt, "test_CONF_CTX_CMDLINE"); + + SSL_CTX* ctx = NULL; + SSL_CONF_CTX* cctx = NULL; + + AssertNotNull(cctx = SSL_CONF_CTX_new()); + + #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 + #ifdef NO_WOLFSSL_SERVER + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + AssertTrue(1); + #endif + #endif + + /* set flags */ + AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE), + WOLFSSL_CONF_FLAG_CMDLINE); + AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), + WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE); + /* cmd invalid command */ + AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); + AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); + AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE); + + /* cmd Certificate and Private Key*/ + { + #ifndef NO_CERTS + const char* ourCert = svrCertFile; + const char* ourKey = svrKeyFile; + + AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert), + WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + #endif + } + + /* cmd curves */ + { + #if defined(HAVE_ECC) + const char* curve = "secp256r1"; + + AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + #endif + } + + /* cmd CipherString */ + { + char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); + + AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + } + + /* cmd DH parameter */ + { + #if !defined(NO_DH) && !defined(NO_BIO) + const char* ourdhcert = "./certs/dh4096.pem"; + + AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL), + -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert), + WOLFSSL_SUCCESS); + AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + + #endif + } + SSL_CTX_free(ctx); + SSL_CONF_CTX_free(cctx); + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA */ +} + static void test_CONF_CTX_FILE(void) { #if defined(OPENSSL_ALL) - printf(testingFmt, "test_CONF_CTX"); + printf(testingFmt, "test_CONF_CTX_FILE"); SSL_CTX* ctx = NULL; SSL_CONF_CTX* cctx = NULL; @@ -43111,12 +43200,23 @@ static void test_CONF_CTX_FILE(void) AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE), WOLFSSL_CONF_FLAG_FILE); AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), - WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE); + WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE); + /* sanity check */ + AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); + AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); + AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE); + AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE); + /* cmd Certificate and Private Key*/ { #ifndef NO_CERTS const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; + + AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3); + AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS); @@ -43129,6 +43229,7 @@ static void test_CONF_CTX_FILE(void) #if defined(HAVE_ECC) const char* curve = "secp256r1"; + AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif @@ -43137,6 +43238,8 @@ static void test_CONF_CTX_FILE(void) /* cmd CipherString */ { char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); + + AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); } @@ -43146,6 +43249,7 @@ static void test_CONF_CTX_FILE(void) #if !defined(NO_DH) && !defined(NO_BIO) const char* ourdhcert = "./certs/dh3072.pem"; + AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); @@ -43806,6 +43910,7 @@ void ApiTest(void) test_wolfSSL_set_psk_use_session_callback(); test_CONF_CTX_FILE(); + test_CONF_CTX_CMDLINE(); test_wolfSSL_CRYPTO_get_ex_new_index(); test_wolfSSL_DH_get0_pqg(); From af67965f651a6c2d9df7be222a5d2bb1dafe88ba Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 23 Apr 2021 11:09:09 +0900 Subject: [PATCH 3/6] addressed jenkins failures part1 --- src/ssl.c | 20 +++++++++++++------- tests/api.c | 29 ++++++----------------------- 2 files changed, 19 insertions(+), 30 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index d5f968b73..cfc5d70f5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -56226,6 +56226,8 @@ static int cmdfunc_curves(WOLFSSL_CONF_CTX* cctx, const char* value) return ret; } #endif + +#ifndef NO_FILESYSTEM /** * process cert command * @param cctx a pointer to WOLFSSL_CONF_CTX structure @@ -56309,6 +56311,7 @@ static int cmdfunc_key(WOLFSSL_CONF_CTX* cctx, const char* value) WOLFSSL_LEAVE("cmdfunc_key", ret); return ret; } +#endif /* NO_FILESYSTEM */ /** * process DH parameter command * @param cctx a pointer to WOLFSSL_CONF_CTX structure @@ -56357,12 +56360,11 @@ static int cmdfunc_dhparam(WOLFSSL_CONF_CTX* cctx, const char* value) return 1; if (cctx->ctx) { - ret = wolfSSL_CTX_set_tmp_dh(cctx->ctx, dh); + ret = (int)wolfSSL_CTX_set_tmp_dh(cctx->ctx, dh); } if (cctx->ssl) { - /* wolfSSL_use_set_tmp_dh not yet implemented */ - ret = WOLFSSL_FAILURE; + ret = (int)wolfSSL_CTX_set_tmp_dh(cctx->ssl->ctx, dh); } if (dh) @@ -56385,15 +56387,19 @@ typedef struct conf_cmd_tbl { }conf_cmd_tbl; static const conf_cmd_tbl conf_cmds_tbl[] = { +#if defined(HAVE_ECC) /* cmd Curves */ {WOLFSSL_CONF_FILE_CMD1, WOLFSSL_CONF_CMDL_CMD1, WOLFSSL_CONF_TYPE_STRING, cmdfunc_curves}, +#endif +#if !defined(NO_FILESYSTEM) /* cmd Certificate */ {WOLFSSL_CONF_FILE_CMD2, WOLFSSL_CONF_CMDL_CMD2, WOLFSSL_CONF_TYPE_FILE, cmdfunc_cert}, /* cmd PrivateKey */ {WOLFSSL_CONF_FILE_CMD3, WOLFSSL_CONF_CMDL_CMD3, WOLFSSL_CONF_TYPE_FILE, cmdfunc_key}, +#endif /* cmd Protocol */ {WOLFSSL_CONF_FILE_CMD4, WOLFSSL_CONF_CMDL_CMD4, WOLFSSL_CONF_TYPE_STRING, NULL}, @@ -56414,13 +56420,13 @@ static const conf_cmd_tbl conf_cmds_tbl[] = { WOLFSSL_CONF_TYPE_STRING, cmdfunc_cipherstring}, #if !defined(NO_DH) && !defined(NO_BIO) /* cmd DHParameters */ - {WOLFSSL_CONF_FILE_CMD9, WOLFSSL_CONF_CMDL_CMD9, - WOLFSSL_CONF_TYPE_FILE, NULL}, + {WOLFSSL_CONF_FILE_CMD10, WOLFSSL_CONF_CMDL_CMD10, + WOLFSSL_CONF_TYPE_FILE, cmdfunc_dhparam}, #endif #ifdef HAVE_ECC /* cmd ECHDParameters */ - {WOLFSSL_CONF_FILE_CMD10, WOLFSSL_CONF_CMDL_CMD10, - WOLFSSL_CONF_TYPE_STRING, cmdfunc_dhparam}, + {WOLFSSL_CONF_FILE_CMD11, WOLFSSL_CONF_CMDL_CMD11, + WOLFSSL_CONF_TYPE_STRING, NULL}, #endif }; /* size of command table */ diff --git a/tests/api.c b/tests/api.c index ab05472a3..1ab3ba7d3 100644 --- a/tests/api.c +++ b/tests/api.c @@ -43095,17 +43095,9 @@ static void test_CONF_CTX_CMDLINE(void) AssertNotNull(cctx = SSL_CONF_CTX_new()); - #ifndef NO_OLD_TLS - #ifdef WOLFSSL_ALLOW_SSLV3 - #ifdef NO_WOLFSSL_SERVER - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); - #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - #endif - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - AssertTrue(1); - #endif - #endif + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + AssertTrue(1); /* set flags */ AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE), @@ -43183,18 +43175,9 @@ static void test_CONF_CTX_FILE(void) SSL_CONF_CTX* cctx = NULL; AssertNotNull(cctx = SSL_CONF_CTX_new()); - - #ifndef NO_OLD_TLS - #ifdef WOLFSSL_ALLOW_SSLV3 - #ifdef NO_WOLFSSL_SERVER - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); - #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - #endif - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - AssertTrue(1); - #endif - #endif + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + AssertTrue(1); /* set flags */ AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE), From ae502c7a096d1841dddb51969c83fbb0c858ccea Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 28 Apr 2021 13:52:13 +0900 Subject: [PATCH 4/6] addressed review comments part1 --- src/ssl.c | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index cfc5d70f5..dd67deece 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -56122,7 +56122,24 @@ int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx) (void)cctx; return WOLFSSL_SUCCESS; } - +/* + * This comment attempts to describe following definitions ans static functions + * that are used for wolfSSL_CONF_cmd() to handle command. + * + * The following deinitions use for a part of conf_cmds_tbl[] contents. + * WOLFSSL_CONF_FILE_CMDx represents command name in configuration file + * WOLFSSL_CONF_CMDL_CMDx represents command name on command line + * + * The static functions after the definition section process + * those FILE or CMDL which are defined in the conf_cmds_tbl. + * + * To add a new command handling: + * 1. Add new #define to a section of WOLFSSL_CONF_FILE_CMD* and + * WOLFSSL_CONF_CMDL_CMD* + * 2. Add new statci function after #define section, before + * "typedef struct conf_cmd_tbl {" line + * 3. Add new entry to conf_cmds_tbl[] by following other command entries + */ #define WOLFSSL_CONF_FILE_CMD1 "Curves" #define WOLFSSL_CONF_FILE_CMD2 "Certificate" #define WOLFSSL_CONF_FILE_CMD3 "PrivateKey" @@ -56181,7 +56198,9 @@ static int cmdfunc_cipherstring(WOLFSSL_CONF_CTX* cctx, const char* value) ret = wolfSSL_CTX_set_cipher_list(cctx->ctx, value); } - if (cctx->ssl) { + if (((cctx->ctx && ret == WOLFSSL_SUCCESS) || + (!cctx->ctx && ret == -3)) && + cctx->ssl) { ret = wolfSSL_set_cipher_list(cctx->ssl, value); } @@ -56218,7 +56237,9 @@ static int cmdfunc_curves(WOLFSSL_CONF_CTX* cctx, const char* value) ret = wolfSSL_CTX_set1_curves_list(cctx->ctx, value); } - if (cctx->ssl) { + if (((cctx->ctx && ret == WOLFSSL_SUCCESS) || + (!cctx->ctx && ret == -3)) && + cctx->ssl) { ret = wolfSSL_set1_curves_list(cctx->ssl, value); } @@ -56261,7 +56282,9 @@ static int cmdfunc_cert(WOLFSSL_CONF_CTX* cctx, const char* value) ret = wolfSSL_CTX_use_certificate_chain_file(cctx->ctx, value); } - if (cctx->ssl) { + if (((cctx->ctx && ret == WOLFSSL_SUCCESS) || + (!cctx->ctx && ret == -3)) && + cctx->ssl) { ret = wolfSSL_use_certificate_file(cctx->ssl, value, WOLFSSL_FILETYPE_PEM); } @@ -56303,7 +56326,9 @@ static int cmdfunc_key(WOLFSSL_CONF_CTX* cctx, const char* value) WOLFSSL_FILETYPE_PEM); } - if (cctx->ssl) { + if (((cctx->ctx && ret == WOLFSSL_SUCCESS) || + (!cctx->ctx && ret == -3)) && + cctx->ssl) { ret = wolfSSL_use_PrivateKey_file(cctx->ssl, value, WOLFSSL_FILETYPE_PEM); } @@ -56356,14 +56381,17 @@ static int cmdfunc_dhparam(WOLFSSL_CONF_CTX* cctx, const char* value) WOLFSSL_MSG("PEM read bio failed"); return WOLFSSL_FAILURE; } - } else + } else { return 1; - + } + if (cctx->ctx) { ret = (int)wolfSSL_CTX_set_tmp_dh(cctx->ctx, dh); } - if (cctx->ssl) { + if (((cctx->ctx && ret == WOLFSSL_SUCCESS) || + (!cctx->ctx && ret == -3)) && + cctx->ssl) { ret = (int)wolfSSL_CTX_set_tmp_dh(cctx->ssl->ctx, dh); } From e2284d59bf68dbe74c1648d769cb0962eeb3cced Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 5 May 2021 08:56:47 +0900 Subject: [PATCH 5/6] addressed review comments part2 --- src/ssl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index dd67deece..f9d5cefa6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -56123,10 +56123,10 @@ int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx) return WOLFSSL_SUCCESS; } /* - * This comment attempts to describe following definitions ans static functions - * that are used for wolfSSL_CONF_cmd() to handle command. + * The following definitions and static functions are used for + * wolfSSL_CONF_cmd() to handle command. * - * The following deinitions use for a part of conf_cmds_tbl[] contents. + * Definitions below are a part of conf_cmds_tbl[] contents. * WOLFSSL_CONF_FILE_CMDx represents command name in configuration file * WOLFSSL_CONF_CMDL_CMDx represents command name on command line * @@ -56136,7 +56136,7 @@ int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx) * To add a new command handling: * 1. Add new #define to a section of WOLFSSL_CONF_FILE_CMD* and * WOLFSSL_CONF_CMDL_CMD* - * 2. Add new statci function after #define section, before + * 2. Add new static function after #define section, before * "typedef struct conf_cmd_tbl {" line * 3. Add new entry to conf_cmds_tbl[] by following other command entries */ From 1c0fd3f1c0e2fec62aded82cd9479e3d7c2d6fea Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 26 May 2021 06:17:33 +0900 Subject: [PATCH 6/6] addressed review comments part3 --- src/ssl.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index f9d5cefa6..278c0aadb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -56364,11 +56364,6 @@ static int cmdfunc_dhparam(WOLFSSL_CONF_CTX* cctx, const char* value) return ret; } - if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) { - WOLFSSL_MSG("certificate flag is not set"); - return -2; - } - if (cctx->ctx || cctx->ssl) { bio = wolfSSL_BIO_new_file(value, "rb"); if (!bio) {