forked from wolfSSL/wolfssl
add bio.c to dist and implement wolfSSL_check_private_key , wolfSSL_get_server_random
This commit is contained in:
Jacob Barthelmeh
@ -1445,13 +1445,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
{
|
||||
byte* rnd;
|
||||
byte* pt;
|
||||
int size;
|
||||
byte* rnd;
|
||||
byte* pt;
|
||||
size_t size;
|
||||
|
||||
/* get size of buffer then print */
|
||||
size = wolfSSL_get_client_random(NULL, NULL, 0);
|
||||
if (size < 0) {
|
||||
if (size == 0) {
|
||||
err_sys("error getting client random buffer size");
|
||||
}
|
||||
|
||||
@ -1461,7 +1461,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
||||
}
|
||||
|
||||
size = wolfSSL_get_client_random(ssl, rnd, size);
|
||||
if (size < 0) {
|
||||
if (size == 0) {
|
||||
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
err_sys("error getting client random buffer");
|
||||
}
|
||||
|
||||
@ -882,6 +882,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
ssl = SSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
err_sys("unable to get SSL");
|
||||
#ifdef OPENSSL_EXTRA
|
||||
wolfSSL_KeepArrays(ssl);
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
|
||||
{
|
||||
@ -1026,6 +1029,36 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
||||
err_sys("SSL in error state");
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
{
|
||||
byte* rnd;
|
||||
byte* pt;
|
||||
size_t size;
|
||||
|
||||
/* get size of buffer then print */
|
||||
size = wolfSSL_get_server_random(NULL, NULL, 0);
|
||||
if (size == 0) {
|
||||
err_sys("error getting server random buffer size");
|
||||
}
|
||||
|
||||
rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (rnd == NULL) {
|
||||
err_sys("error creating server random buffer");
|
||||
}
|
||||
|
||||
size = wolfSSL_get_client_random(ssl, rnd, size);
|
||||
if (size == 0) {
|
||||
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
err_sys("error getting server random buffer");
|
||||
}
|
||||
|
||||
printf("Server Random : ");
|
||||
for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
|
||||
printf("\n");
|
||||
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ALPN
|
||||
if (alpnList != NULL) {
|
||||
char *protocol_name = NULL, *list = NULL;
|
||||
|
||||
@ -231,6 +231,7 @@ mkdir -p $RPM_BUILD_ROOT/
|
||||
%{_includedir}/wolfssl/wolfcrypt/wolfevent.h
|
||||
%{_includedir}/wolfssl/error-ssl.h
|
||||
%{_includedir}/wolfssl/ocsp.h
|
||||
%{_includedir}/wolfssl/openssl/aes.h
|
||||
%{_includedir}/wolfssl/openssl/asn1.h
|
||||
%{_includedir}/wolfssl/openssl/bio.h
|
||||
%{_includedir}/wolfssl/openssl/bn.h
|
||||
@ -275,6 +276,8 @@ mkdir -p $RPM_BUILD_ROOT/
|
||||
%{_libdir}/pkgconfig/wolfssl.pc
|
||||
|
||||
%changelog
|
||||
* Fri Nov 11 2016 Jacob Barthelmeh <jacob@wolfssl.com>
|
||||
- Added header for wolfssl/openssl/aes.h
|
||||
* Fri Oct 28 2016 Jacob Barthelmeh <jacob@wolfssl.com>
|
||||
- Added header for pkcs12
|
||||
* Fri Sep 23 2016 John Safranek <john@wolfssl.com>
|
||||
|
||||
80
src/ssl.c
80
src/ssl.c
@ -5685,6 +5685,33 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
|
||||
/* put SSL type in extra for now, not very common */
|
||||
|
||||
#ifndef NO_CERTS
|
||||
int wolfSSL_check_private_key(const WOLFSSL* ssl)
|
||||
{
|
||||
DecodedCert der;
|
||||
word32 size;
|
||||
byte* buff;
|
||||
int ret;
|
||||
|
||||
if (ssl == NULL) {
|
||||
return SSL_FAILURE;
|
||||
}
|
||||
|
||||
size = ssl->buffers.certificate->length;
|
||||
buff = ssl->buffers.certificate->buffer;
|
||||
InitDecodedCert(&der, buff, size, ssl->heap);
|
||||
if (ParseCertRelative(&der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
|
||||
FreeDecodedCert(&der);
|
||||
return SSL_FAILURE;
|
||||
}
|
||||
|
||||
size = ssl->buffers.key->length;
|
||||
buff = ssl->buffers.key->buffer;
|
||||
ret = wc_CheckPrivateKey(buff, size, &der);
|
||||
FreeDecodedCert(&der);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
|
||||
int nid, int* c, int* idx)
|
||||
{
|
||||
@ -5808,6 +5835,39 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
|
||||
|
||||
|
||||
|
||||
#if !defined(NO_WOLFSSL_SERVER)
|
||||
size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
|
||||
size_t outSz)
|
||||
{
|
||||
size_t size;
|
||||
|
||||
/* return max size of buffer */
|
||||
if (outSz == 0) {
|
||||
return RAN_LEN;
|
||||
}
|
||||
|
||||
if (ssl == NULL || out == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) {
|
||||
WOLFSSL_MSG("Arrays struct not saved after handshake");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (outSz > RAN_LEN) {
|
||||
size = RAN_LEN;
|
||||
}
|
||||
else {
|
||||
size = outSz;
|
||||
}
|
||||
|
||||
XMEMCPY(out, ssl->arrays->serverRandom, size);
|
||||
return 0;
|
||||
}
|
||||
#endif /* !defined(NO_WOLFSSL_SERVER) */
|
||||
|
||||
|
||||
#if !defined(NO_WOLFSSL_CLIENT)
|
||||
/* Return the amount of random bytes copied over or error case.
|
||||
* ssl : ssl struct after handshake
|
||||
@ -5816,22 +5876,23 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
|
||||
*
|
||||
* NOTE: wolfSSL_KeepArrays(ssl) must be called to retain handshake information.
|
||||
*/
|
||||
int wolfSSL_get_client_random(WOLFSSL* ssl, unsigned char* out, int outSz)
|
||||
size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
|
||||
size_t outSz)
|
||||
{
|
||||
int size;
|
||||
size_t size;
|
||||
|
||||
/* return max size of buffer */
|
||||
if (outSz == 0) {
|
||||
return RAN_LEN;
|
||||
}
|
||||
|
||||
if (ssl == NULL || out == NULL || outSz < 0) {
|
||||
return BAD_FUNC_ARG;
|
||||
if (ssl == NULL || out == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) {
|
||||
WOLFSSL_MSG("Arrays struct not saved after handshake");
|
||||
return BAD_FUNC_ARG;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (outSz > RAN_LEN) {
|
||||
@ -13524,15 +13585,6 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch
|
||||
return 0;
|
||||
}
|
||||
|
||||
WOLFSSL_API unsigned long wolfSSL_SSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
|
||||
unsigned long outlen)
|
||||
{
|
||||
(void)ssl;
|
||||
(void)out;
|
||||
(void)outlen;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*** TBD ***/
|
||||
WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl)
|
||||
{
|
||||
|
||||
@ -2261,12 +2261,16 @@ static void test_wolfSSL_certs(void)
|
||||
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM));
|
||||
AssertNotNull(ssl = SSL_new(ctx));
|
||||
|
||||
AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS);
|
||||
|
||||
/* create and use x509 */
|
||||
x509 = wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM);
|
||||
x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM);
|
||||
AssertNotNull(x509);
|
||||
AssertIntEQ(SSL_use_certificate(ssl, x509), SSL_SUCCESS);
|
||||
|
||||
/* with loading in a new cert the check on private key should now fail */
|
||||
AssertIntNE(wolfSSL_check_private_key(ssl), SSL_SUCCESS);
|
||||
|
||||
|
||||
#if defined(USE_CERT_BUFFERS_2048)
|
||||
AssertIntEQ(SSL_use_certificate_ASN1(ssl,
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
# vim:ft=automake
|
||||
# All paths should be given relative to the root
|
||||
|
||||
EXTRA_DIST += src/bio.c
|
||||
EXTRA_DIST += wolfcrypt/src/misc.c
|
||||
EXTRA_DIST += wolfcrypt/src/evp.c
|
||||
EXTRA_DIST += wolfcrypt/src/asm.c
|
||||
|
||||
@ -535,9 +535,8 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
|
||||
#define SSL_CTX_set_tlsext_status_arg wolfSSL_SSL_CTX_set_tlsext_status_arg
|
||||
#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \
|
||||
wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg
|
||||
#define SSL_get_server_random wolfSSL_SSL_get_server_random
|
||||
#define SSL_get_server_random wolfSSL_get_server_random
|
||||
|
||||
#define SSL_get_server_random wolfSSL_SSL_get_server_random
|
||||
#define SSL_get_tlsext_status_exts wolfSSL_SSL_get_tlsext_status_exts
|
||||
|
||||
#define BIO_C_SET_FILE_PTR 106
|
||||
|
||||
@ -715,8 +715,6 @@ WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch
|
||||
WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len);
|
||||
|
||||
WOLFSSL_API void wolfSSL_CONF_modules_unload(int all);
|
||||
WOLFSSL_API unsigned long wolfSSL_SSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
|
||||
unsigned long outlen);
|
||||
WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg);
|
||||
WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl);
|
||||
WOLFSSL_API void wolfSSL_SSL_set_accept_state(WOLFSSL *s);
|
||||
@ -1896,6 +1894,7 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
|
||||
#ifdef OPENSSL_EXTRA
|
||||
|
||||
#ifndef NO_CERTS
|
||||
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
|
||||
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
|
||||
int nid, int* c, int* idx);
|
||||
WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
|
||||
@ -1922,8 +1921,10 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
|
||||
WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509);
|
||||
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
|
||||
|
||||
WOLFSSL_API int wolfSSL_get_client_random(WOLFSSL* ssl, unsigned char* out,
|
||||
int outSz);
|
||||
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
|
||||
unsigned char *out, size_t outlen);
|
||||
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
|
||||
unsigned char* out, size_t outSz);
|
||||
WOLFSSL_API pem_password_cb *wolfSSL_SSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx);
|
||||
WOLFSSL_API void *wolfSSL_SSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user