From 503de43cbddbf6b92dfde0d4d7101bd456c2337a Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 1 Jul 2020 23:19:13 -0400 Subject: [PATCH 01/15] build updates for lighttpd Update configure.ac and various #ifdefs to enable WolfSSL to build features for use by lighttpd. Change signature of wolfSSL_GetVersion() to take const arg. Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *) --- configure.ac | 31 +++++++++++++++++-------------- src/ocsp.c | 2 +- src/ssl.c | 5 +++-- wolfssl/internal.h | 2 +- wolfssl/ocsp.h | 4 ++-- wolfssl/ssl.h | 4 ++-- wolfssl/wolfcrypt/asn.h | 2 +- 7 files changed, 27 insertions(+), 23 deletions(-) diff --git a/configure.ac b/configure.ac index 383b4f8be..1439fdc7f 100644 --- a/configure.ac +++ b/configure.ac @@ -719,6 +719,13 @@ AC_ARG_ENABLE([nginx], [ ENABLED_NGINX=no ] ) +# lighty Support +AC_ARG_ENABLE([lighty], + [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])], + [ ENABLED_LIGHTY=$enableval ], + [ ENABLED_LIGHTY=no ] + ) + # haproxy compatibility build AC_ARG_ENABLE([haproxy], [AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])], @@ -847,7 +854,7 @@ AC_ARG_ENABLE([opensslextra], [ ENABLED_OPENSSLEXTRA=$enableval ], [ ENABLED_OPENSSLEXTRA=no ] ) -if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_LIBWEBSOCKETS" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_OPENSSLEXTRA="yes" fi @@ -1656,7 +1663,7 @@ AC_ARG_ENABLE([sessioncerts], [ ENABLED_SESSIONCERTS=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_SESSIONCERTS=yes fi @@ -3097,7 +3104,7 @@ AC_ARG_ENABLE([ocsp], [ ENABLED_OCSP=no ], ) -if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_OCSP=yes fi @@ -3129,7 +3136,7 @@ AC_ARG_ENABLE([ocspstapling], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST="yes" fi @@ -3154,7 +3161,7 @@ AC_ARG_ENABLE([ocspstapling2], [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes fi @@ -3180,7 +3187,7 @@ AC_ARG_ENABLE([crl], ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_CRL=yes fi @@ -3533,7 +3540,7 @@ AC_ARG_ENABLE([session-ticket], [ ENABLED_SESSION_TICKET=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_SESSION_TICKET=yes fi @@ -3562,7 +3569,7 @@ AC_ARG_ENABLE([tlsx], [ ENABLED_TLSX=no ] ) -if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" then ENABLED_TLSX=yes fi @@ -3891,12 +3898,6 @@ then fi fi -# lighty Support -AC_ARG_ENABLE([lighty], - [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])], - [ ENABLED_LIGHTY=$enableval ], - [ ENABLED_LIGHTY=no ] - ) if test "$ENABLED_LIGHTY" = "yes" then # Requires opensslextra make sure on @@ -3906,6 +3907,8 @@ then AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" fi AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1" + AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" fi if test "$ENABLED_NGINX" = "yes" diff --git a/src/ocsp.c b/src/ocsp.c index 856b2d81c..a932d74d5 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -494,7 +494,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, } #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) + defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, diff --git a/src/ssl.c b/src/ssl.c index b1c0a9871..63cd94b15 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4041,7 +4041,7 @@ int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version) /* Function to get version as WOLFSSL_ enum value for wolfSSL_SetVersion */ -int wolfSSL_GetVersion(WOLFSSL* ssl) +int wolfSSL_GetVersion(const WOLFSSL* ssl) { if (ssl == NULL) return BAD_FUNC_ARG; @@ -44517,7 +44517,8 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) #ifdef HAVE_ALPN void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, unsigned int *len) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 7b524c43d..16e0e94c4 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2808,7 +2808,7 @@ struct WOLFSSL_CTX { #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif -#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) +#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 5159d4c43..df7f5b91e 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -38,7 +38,7 @@ typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\ - defined(WOLFSSL_HAPROXY) + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP; typedef struct OcspRequest WOLFSSL_OCSP_CERTID; @@ -62,7 +62,7 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp OcspEntry *entry, OcspRequest *ocspRequest); #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) + defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID *id, int *status, int *reason, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 6f99f74ed..919ff8bb3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2392,7 +2392,7 @@ WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void); WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void); WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int); WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetVersion(const WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); /* moved to asn.c, old names kept for backwards compatibility */ @@ -2929,7 +2929,7 @@ enum { WOLFSSL_MAX_ALPN_NUMBER = 257 }; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, unsigned char* outLen, const unsigned char* in, unsigned int inLen, void *arg); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index bbb6620cc..377577dad 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1262,7 +1262,7 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) WOLFSSL_ASN1_TIME thisDateParsed; WOLFSSL_ASN1_TIME nextDateParsed; byte* thisDateAsn; From e5ed227a87a370c5294d60d5134873f6032112fd Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Thu, 2 Jul 2020 13:34:06 -0400 Subject: [PATCH 02/15] build updates for lighttpd: -DOPENSSL_ALL avoid potential for WolfSSL to silently omit expected functionality --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index 1439fdc7f..52f1952cd 100644 --- a/configure.ac +++ b/configure.ac @@ -3908,6 +3908,7 @@ then fi AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1" AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" fi From be7592fb4357366c5eb6f1da8789958b0e84cab9 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Fri, 3 Jul 2020 14:40:48 -0400 Subject: [PATCH 03/15] implement wolfSSL_dup_CA_list() wolfSSL_dup_CA_list() duplicates a WOLF_STACK_OF(WOLFSSL_X509_NAME) (replaces stub function) --- src/internal.c | 6 +++--- src/ssl.c | 42 ++++++++++++++++++++++++++++++++---------- wolfssl/internal.h | 2 +- 3 files changed, 36 insertions(+), 14 deletions(-) diff --git a/src/internal.c b/src/internal.c index a2e856542..338ab2ae8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -17187,7 +17187,7 @@ int SendCertificateRequest(WOLFSSL* ssl) int sendSz; word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; word32 dnLen = 0; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) WOLF_STACK_OF(WOLFSSL_X509_NAME)* names; #endif @@ -17200,7 +17200,7 @@ int SendCertificateRequest(WOLFSSL* ssl) if (IsAtLeastTLSv1_2(ssl)) reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) /* Certificate Authorities */ names = ssl->ctx->ca_names; while (names != NULL) { @@ -17269,7 +17269,7 @@ int SendCertificateRequest(WOLFSSL* ssl) /* Certificate Authorities */ c16toa((word16)dnLen, &output[i]); /* auth's */ i += REQ_HEADER_SZ; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) names = ssl->ctx->ca_names; while (names != NULL) { byte seq[MAX_SEQ_SZ]; diff --git a/src/ssl.c b/src/ssl.c index 63cd94b15..c140d62d3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -39855,16 +39855,6 @@ err: return WOLFSSL_SUCCESS; } - - WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( - WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk) - { - (void) sk; - WOLFSSL_ENTER("wolfSSL_dup_CA_list"); - WOLFSSL_STUB("SSL_dup_CA_list"); - - return NULL; - } #endif /* wolfSSL uses negative values for error states. This function returns an @@ -41996,6 +41986,38 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(wolf_sk_compare_cb cb return sk; } + +/* Creates a duplicate of WOLF_STACK_OF(WOLFSSL_X509_NAME). + * Returns a new WOLF_STACK_OF(WOLFSSL_X509_NAME) or NULL on failure */ +WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( + WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) +{ + int i; + const int num = wolfSSL_sk_X509_NAME_num(sk); + WOLF_STACK_OF(WOLFSSL_X509_NAME) *copy; + WOLFSSL_X509_NAME *name; + + WOLFSSL_ENTER("wolfSSL_dup_CA_list"); + + copy = wolfSSL_sk_X509_NAME_new(NULL); + if (copy == NULL) { + WOLFSSL_MSG("Memory error"); + return NULL; + } + + for (i = 0; i < num; i++) { + name = wolfSSL_X509_NAME_dup(wolfSSL_sk_X509_NAME_value(sk, i)); + if (name == NULL || 0 != wolfSSL_sk_X509_NAME_push(copy, name)) { + WOLFSSL_MSG("Memory error"); + wolfSSL_sk_X509_NAME_pop_free(copy, wolfSSL_X509_NAME_free); + return NULL; + } + } + + return copy; +} + + int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509_NAME* name) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 16e0e94c4..6e3f5298f 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3633,7 +3633,7 @@ struct WOLFSSL_X509_NAME { WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */ WOLFSSL_X509* x509; /* x509 that struct belongs to */ #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) byte raw[ASN_NAME_MAX]; int rawLen; #endif From f4e2db831ecf22acf944a86fb83822323cf151c4 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Fri, 3 Jul 2020 15:03:55 -0400 Subject: [PATCH 04/15] enable SNI_Callback for lighttpd --- src/internal.c | 4 ++-- wolfssl/internal.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index 338ab2ae8..731dcb89a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -27693,7 +27693,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, goto out; } #endif - #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) if((ret=SNI_Callback(ssl))) goto out; ssl->options.side = WOLFSSL_SERVER_END; @@ -30152,7 +30152,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* !WOLFSSL_NO_TLS12 */ #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) int SNI_Callback(WOLFSSL* ssl) { /* Stunnel supports a custom sni callback to switch an SSL's ctx diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 6e3f5298f..e0df1438b 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1713,7 +1713,7 @@ WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz); WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); -#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); #endif #ifdef WOLFSSL_TLS13 @@ -2648,7 +2648,7 @@ struct WOLFSSL_CTX { DerBuffer* certificate; DerBuffer* certChain; /* chain after self, in DER, with leading size for each cert */ - #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; #endif #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ From bcf1f0375b62fb3890b2ec3c2fe79429455c9796 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 5 Jul 2020 13:47:29 -0400 Subject: [PATCH 05/15] build updates for lighttpd: recommended flags --- configure.ac | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 52f1952cd..7e06a6d84 100644 --- a/configure.ac +++ b/configure.ac @@ -3909,7 +3909,14 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1" AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL" + # recommended AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" + AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" + ENABLED_SINGLETHREADED="yes" + # w/ lighttpd 1.4.56 once WolfSSL is updated to expose non-filesystem funcs + #AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" + #ENABLED_FILESYSTEM=no fi if test "$ENABLED_NGINX" = "yes" From d01616a357fe81ee650fd9d6fb54f2ae3698e571 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 5 Jul 2020 15:15:46 -0400 Subject: [PATCH 06/15] unhide some non-fs funcs hidden by NO_FILESYSTEM --- src/ssl.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++ wolfssl/ssl.h | 7 +++-- 2 files changed, 85 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index c140d62d3..3d91f8e7b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6914,6 +6914,72 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file, } +#endif /* NO_FILESYSTEM */ + + +#ifndef NO_CHECK_PRIVATE_KEY +/* Check private against public in certificate for match + * + * ctx WOLFSSL_CTX structure to check private key in + * + * Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */ +int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) +{ +#ifdef WOLFSSL_SMALL_STACK + DecodedCert* der = NULL; +#else + DecodedCert der[1]; +#endif + word32 size; + byte* buff; + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_check_private_key"); + + if (ctx == NULL || ctx->certificate == NULL) { + return WOLFSSL_FAILURE; + } + +#ifndef NO_CERTS +#ifdef WOLFSSL_SMALL_STACK + der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); + if (der == NULL) + return MEMORY_E; +#endif + + size = ctx->certificate->length; + buff = ctx->certificate->buffer; + InitDecodedCert(der, buff, size, ctx->heap); + if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) { + FreeDecodedCert(der); + #ifdef WOLFSSL_SMALL_STACK + XFREE(der, NULL, DYNAMIC_TYPE_DCERT); + #endif + return WOLFSSL_FAILURE; + } + + size = ctx->privateKey->length; + buff = ctx->privateKey->buffer; + ret = wc_CheckPrivateKey(buff, size, der); + FreeDecodedCert(der); +#ifdef WOLFSSL_SMALL_STACK + XFREE(der, NULL, DYNAMIC_TYPE_DCERT); +#endif + + if (ret == 1) { + return WOLFSSL_SUCCESS; + } + else { + return WOLFSSL_FAILURE; + } +#else + WOLFSSL_MSG("NO_CERTS is defined, can not check private key"); + return WOLFSSL_FAILURE; +#endif +} +#endif /* !NO_CHECK_PRIVATE_KEY */ + + #ifdef HAVE_CRL /* check CRL if enabled, WOLFSSL_SUCCESS */ @@ -6981,6 +7047,7 @@ int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm, CbCrlIO cb) } #endif +#ifndef NO_FILESYSTEM int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path, int type, int monitor) { @@ -6997,6 +7064,7 @@ int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path, return LoadCRL(cm->crl, path, type, monitor); } +#endif int wolfSSL_EnableCRL(WOLFSSL* ssl, int options) { @@ -7017,6 +7085,7 @@ int wolfSSL_DisableCRL(WOLFSSL* ssl) return BAD_FUNC_ARG; } +#ifndef NO_FILESYSTEM int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) { WOLFSSL_ENTER("wolfSSL_LoadCRL"); @@ -7025,6 +7094,7 @@ int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) else return BAD_FUNC_ARG; } +#endif int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb) @@ -7067,6 +7137,7 @@ int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx) } +#ifndef NO_FILESYSTEM int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor) { @@ -7076,6 +7147,7 @@ int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, else return BAD_FUNC_ARG; } +#endif int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb) @@ -7102,6 +7174,9 @@ int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb) #endif /* HAVE_CRL */ +#ifndef NO_FILESYSTEM + + #ifdef WOLFSSL_DER_LOAD /* Add format parameter to allow DER load of CA files */ @@ -7154,6 +7229,9 @@ int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, } +#endif /* NO_FILESYSTEM */ + + /* Sets the max chain depth when verifying a certificate chain. Default depth * is set to MAX_CHAIN_DEPTH. * @@ -7200,6 +7278,9 @@ long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx) } +#ifndef NO_FILESYSTEM + + WOLFSSL_ABI int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file) { diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 919ff8bb3..bd47cd332 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -789,6 +789,10 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, #ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS #define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE #endif + +WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); +WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx); +WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); #endif /* !NO_CERTS */ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) @@ -806,9 +810,6 @@ WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *, const char *file, int format); WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); -WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); -WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx); -WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, From daca327ba3a380865116a1c9e8f0d624c1b727e2 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Tue, 7 Jul 2020 13:37:47 -0400 Subject: [PATCH 07/15] expose (get|set)_(app|ex)_data with HAVE_EX_DATA when OPENSSL_EXTRA_X509_SMALL is set --- src/ssl.c | 19 +++++++++++-------- wolfssl/openssl/crypto.h | 4 ++-- wolfssl/ssl.h | 7 ++++--- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 3d91f8e7b..c8de607c4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -39991,7 +39991,8 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) #endif /* OPENSSL_EXTRA */ -#if (defined(OPENSSL_EXTRA) && defined(HAVE_EX_DATA)) || defined(FORTRESS) || \ +#if ((defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && defined(HAVE_EX_DATA)) || \ + defined(FORTRESS) || \ defined(WOLFSSL_WPAS_SMALL) void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) { @@ -40060,9 +40061,9 @@ int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) return WOLFSSL_FAILURE; } -#endif /* (OPENSSL_EXTRA && HAVE_EX_DATA) || FORTRESS || WOLFSSL_WPAS_SMALL */ +#endif /* ((OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && HAVE_EX_DATA) || FORTRESS || WOLFSSL_WPAS_SMALL */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Returns char* to app data stored in ex[0]. * @@ -40090,9 +40091,10 @@ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) { return wolfSSL_set_ex_data(ssl, 0, arg); } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_WPAS_SMALL) int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) { @@ -40126,7 +40128,7 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) return 0; } -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ #ifdef OPENSSL_EXTRA @@ -43794,7 +43796,8 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c) } #endif -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_WPAS_SMALL) #if defined(HAVE_EX_DATA) || defined(FORTRESS) void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx) { @@ -43856,7 +43859,7 @@ int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data) #endif return WOLFSSL_FAILURE; } -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ #ifndef NO_ASN diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index fe2bb7d94..af6d670e5 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -69,7 +69,7 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); #endif #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_EX_DATA) #define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions #define FIPS_mode wolfSSL_FIPS_mode #define FIPS_mode_set wolfSSL_FIPS_mode_set @@ -86,6 +86,6 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i #define CRYPTO_THREAD_r_lock wc_LockMutex #define CRYPTO_THREAD_unlock wc_UnLockMutex -#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */ #endif /* header */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bd47cd332..9695f5018 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2068,7 +2068,7 @@ WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk); WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i); #if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \ - (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)) WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx); WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, @@ -3768,11 +3768,12 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); #endif -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) \ + || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx); WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, void *data); -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) From a9a495270c725c364fcf06aa4e31fdc84e282efe Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 31 Jul 2020 09:20:39 -0700 Subject: [PATCH 08/15] Fix to disable CRL monitor for single threaded or lighttpd. Do not set `--enable-lighty` with `--enable-all`. --- configure.ac | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 7e06a6d84..0f97a3614 100644 --- a/configure.ac +++ b/configure.ac @@ -334,7 +334,6 @@ then enable_srp=yes enable_certservice=yes enable_jni=yes - enable_lighty=yes enable_haproxy=yes enable_stunnel=yes enable_nginx=yes @@ -3209,7 +3208,13 @@ if test "$ENABLED_CRL_MONITOR" = "yes" then case $host_os in *linux* | *darwin* | *freebsd*) - AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;; + if test "x$ENABLED_SINGLETHREADED" = "xno"; then + AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" + else + ENABLED_CRL_MONITOR="no" + AC_MSG_ERROR([crl monitor requires threading / pthread]) + fi + ;; *) if test "x$ENABLED_DISTRO" = "xyes" ; then ENABLED_CRL_MONITOR="no" @@ -3912,11 +3917,15 @@ then # recommended AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" - AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" - ENABLED_SINGLETHREADED="yes" - # w/ lighttpd 1.4.56 once WolfSSL is updated to expose non-filesystem funcs - #AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" - #ENABLED_FILESYSTEM=no + + if test "x$ENABLED_ALL" = "xno"; then + AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" + ENABLED_SINGLETHREADED="yes" + + # w/lighttpd 1.4.56 once wolfSSL is updated to expose non-filesystem funcs + #AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" + #ENABLED_FILESYSTEM=no + fi fi if test "$ENABLED_NGINX" = "yes" From 7cee131e3753a2cba39882fe54aa1cc693b59dd7 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Fri, 31 Jul 2020 15:20:22 -0400 Subject: [PATCH 09/15] restore `--enable-lighty` with `--enable-all` protect lighttpd recommendations (and recommended restrictions) to when building wolfSSL specifically for use by lighttpd, and omit these optional settings when building `--enable-all` --- configure.ac | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 0f97a3614..1ee210a7c 100644 --- a/configure.ac +++ b/configure.ac @@ -334,6 +334,7 @@ then enable_srp=yes enable_certservice=yes enable_jni=yes + enable_lighty=yes enable_haproxy=yes enable_stunnel=yes enable_nginx=yes @@ -3914,15 +3915,17 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1" AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL" - # recommended - AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" - AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" - + # recommended if building wolfSSL specifically for use by lighttpd if test "x$ENABLED_ALL" = "xno"; then - AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" - ENABLED_SINGLETHREADED="yes" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" + ENABLED_OLD_TLS=no + if test "x$ENABLED_CRL_MONITOR" = "xno"; then + AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" + ENABLED_SINGLETHREADED="yes" + fi - # w/lighttpd 1.4.56 once wolfSSL is updated to expose non-filesystem funcs + # w/ lighttpd 1.4.56 once wolfSSL updated to expose non-filesystem funcs #AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" #ENABLED_FILESYSTEM=no fi From 030eb9347c3166c59f91dab71a2b601373847fa6 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 5 Aug 2020 20:32:09 -0400 Subject: [PATCH 10/15] lighttpd: allow ssl3, tls1.0 if explicitly enabled --- configure.ac | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 1ee210a7c..a687e1f47 100644 --- a/configure.ac +++ b/configure.ac @@ -3917,9 +3917,14 @@ then AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL" # recommended if building wolfSSL specifically for use by lighttpd if test "x$ENABLED_ALL" = "xno"; then - AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" - AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" - ENABLED_OLD_TLS=no + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_COMP" + if test "x$ENABLED_SSLV3" = "xno"; then + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3" + if test "x$ENABLED_TLSV10" = "xno"; then + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" + ENABLED_OLD_TLS=no + fi + fi if test "x$ENABLED_CRL_MONITOR" = "xno"; then AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" ENABLED_SINGLETHREADED="yes" From 92c3296e13bee986dcc79a8323eecc30e3395fbe Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Tue, 3 Nov 2020 15:26:50 -0800 Subject: [PATCH 11/15] preprocessor -DNO_BIO to omit OpenSSL BIO API --- examples/client/client.c | 2 + src/internal.c | 4 ++ src/ocsp.c | 4 ++ src/ssl.c | 119 +++++++++++++++++++++++++++++++++- src/wolfio.c | 4 +- tests/api.c | 137 +++++++++++++++++++++++++++++++++++---- wolfssl/ocsp.h | 4 ++ 7 files changed, 260 insertions(+), 14 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 75e9d7e21..23c8214df 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3176,6 +3176,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #if defined(OPENSSL_ALL) + #ifndef NO_BIO /* print out session to stdout */ { WOLFSSL_BIO* bio = wolfSSL_BIO_new_fp(stdout, BIO_NOCLOSE); @@ -3188,6 +3189,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) wolfSSL_BIO_free(bio); } #endif + #endif #endif if (doSTARTTLS && starttlsProt != NULL) { diff --git a/src/internal.c b/src/internal.c index 731dcb89a..a45f8ea52 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6287,12 +6287,14 @@ void SSL_ResourceFree(WOLFSSL* ssl) #endif #endif /* WOLFSSL_DTLS */ #ifdef OPENSSL_EXTRA +#ifndef NO_BIO if (ssl->biord != ssl->biowr) /* only free write if different */ wolfSSL_BIO_free(ssl->biowr); wolfSSL_BIO_free(ssl->biord); /* always free read bio */ ssl->biowr = NULL; ssl->biord = NULL; #endif +#endif #ifdef HAVE_LIBZ FreeStreams(ssl); #endif @@ -7935,6 +7937,7 @@ retry: switch (recvd) { case WOLFSSL_CBIO_ERR_GENERAL: /* general/unknown error */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) + #ifndef NO_BIO if (ssl->biord) { /* If retry and read flags are set, return WANT_READ */ if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_READ) && @@ -7943,6 +7946,7 @@ retry: } } #endif + #endif return -1; case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */ diff --git a/src/ocsp.c b/src/ocsp.c index a932d74d5..6a3adc2ce 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -644,6 +644,7 @@ void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response) XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL); } +#ifndef NO_BIO OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, OcspResponse** response) { @@ -708,6 +709,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, return ret; } +#endif /* !NO_BIO */ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, const unsigned char** data, int len) @@ -891,6 +893,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id) #endif #if defined(OPENSSL_ALL) || defined(APACHE_HTTPD) +#ifndef NO_BIO int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, WOLFSSL_OCSP_REQUEST *req) { @@ -924,6 +927,7 @@ int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, XFREE(data, out->heap, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } +#endif /* !NO_BIO */ #endif /* OPENSSL_ALL || APACHE_HTTPD */ #ifdef OPENSSL_EXTRA diff --git a/src/ssl.c b/src/ssl.c index c8de607c4..30763f01a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7455,6 +7455,8 @@ int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) #endif /* !NO_CHECK_PRIVATE_KEY */ #ifdef OPENSSL_EXTRA + +#ifndef NO_BIO /* put SSL type in extra for now, not very common */ /* Converts a DER format key read from "bio" to a PKCS8 structure. @@ -7562,6 +7564,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, return pkey; } +#endif /* !NO_BIO */ + /* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure. @@ -8688,6 +8692,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) return ext; } +#ifndef NO_BIO /* Return 0 on success and 1 on failure. Copies ext data to bio, using indent * to pad the output. flag is ignored. */ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, @@ -8792,6 +8797,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, return rc; } +#endif /* !NO_BIO */ /* Returns crit flag in X509_EXTENSION object */ int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex) @@ -14503,6 +14509,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #ifdef OPENSSL_EXTRA +#ifndef NO_BIO void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) { WOLFSSL_ENTER("wolfSSL_set_bio"); @@ -14556,7 +14563,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) BIO_set_retry_read(wr); } } -#endif +#endif /* !NO_BIO */ +#endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_WEBSERVER) void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx, @@ -14653,6 +14661,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) +#ifndef NO_BIO #if !defined(NO_RSA) && !defined(NO_CERTS) WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname) { @@ -14723,7 +14732,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif } #endif -#endif +#endif /* !NO_BIO */ +#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ #ifdef OPENSSL_EXTRA #if !defined(NO_RSA) && !defined(NO_CERTS) @@ -15181,6 +15191,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* WOLFSSL_QT || OPENSSL_ALL */ #endif /* !NO_CERTS */ +#ifndef NO_BIO WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_md(void) { static WOLFSSL_BIO_METHOD meth; @@ -15517,6 +15528,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return top; } +#endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ #ifdef WOLFSSL_ENCRYPTED_KEYS @@ -15627,6 +15639,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) +#ifndef NO_BIO /* print out and clear all errors */ void wolfSSL_ERR_print_errors(WOLFSSL_BIO* bio) { @@ -15654,6 +15667,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } } while (ret >= 0); } +#endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ @@ -21014,6 +21028,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } #endif +#ifndef NO_BIO #ifdef XSNPRINTF /* a snprintf function needs to be available */ /* Writes the human readable form of x509 to bio. * @@ -21703,6 +21718,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } #endif /* XSNPRINTF */ +#endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ #endif /* !NO_CERTS */ @@ -22147,6 +22163,8 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4) #endif /* NO_MD4 */ +#ifndef NO_BIO + /* Removes a WOLFSSL_BIO struct from the WOLFSSL_BIO linked list. * * bio is the WOLFSSL_BIO struct in the list and removed. @@ -22262,6 +22280,8 @@ void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx) return NULL; } +#endif /* !NO_BIO */ + #ifndef NO_WOLFSSL_STUB void wolfSSL_RAND_screen(void) { @@ -22492,6 +22512,7 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, #ifndef NO_CERTS +#ifndef NO_BIO /* Converts the X509 to DER format and outputs it into bio. * * bio is the structure to hold output DER @@ -22518,6 +22539,7 @@ int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) return WOLFSSL_FAILURE; } +#endif /* !NO_BIO */ /* Converts an internal structure to a DER buffer @@ -22562,6 +22584,7 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) } +#ifndef NO_BIO /* Converts the DER from bio and creates a WOLFSSL_X509 structure from it. * * bio is the structure holding DER @@ -22601,9 +22624,11 @@ WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509) return localX509; } +#endif /* !NO_BIO */ #if !defined(NO_ASN) && !defined(NO_PWDBASED) +#ifndef NO_BIO WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12) { WC_PKCS12* localPkcs12 = NULL; @@ -22683,6 +22708,7 @@ int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12) return ret; } +#endif /* !NO_BIO */ /* Copies unencrypted DER key buffer into "der". If "der" is null then the size * of buffer needed is returned. If *der == NULL then it allocates a buffer. @@ -24213,6 +24239,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509) #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) #ifndef NO_ASN_TIME +#ifndef NO_BIO int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) { char buf[MAX_TIME_STRING_SZ]; @@ -24239,6 +24266,7 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) return ret; } +#endif /* !NO_BIO */ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len) { @@ -25843,6 +25871,7 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a) } #endif +#ifndef NO_BIO /* Return number of bytes written to BIO on success. 0 on failure. */ WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a) @@ -25884,6 +25913,7 @@ WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, return WOLFSSL_FAILURE; } +#endif /* !NO_BIO */ /* Returns object data for an ASN1_OBJECT */ /* If pp is NULL then only the size is returned */ @@ -26983,6 +27013,8 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, #endif #endif +#ifndef NO_BIO + #if !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA) /* returns amount printed on success, negative in fail case */ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) @@ -27118,6 +27150,8 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) return wolfSSL_ASN1_TIME_print(bio, a); } +#endif /* !NO_BIO */ + /* Checks the ASN1 syntax of "a" * returns WOLFSSL_SUCCESS (1) if correct otherwise WOLFSSL_FAILURE (0) */ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) @@ -27169,6 +27203,7 @@ static WC_INLINE const char* MonthStr(const char* n) return monthStr[(n[0] - '0') * 10 + (n[1] - '0') - 1]; } +#ifndef NO_BIO int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime) { @@ -27202,6 +27237,7 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, return 0; } +#endif /* !NO_BIO */ void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time) { @@ -31807,6 +31843,7 @@ static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey) #endif #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) +#ifndef NO_BIO #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && !defined(NO_RSA) /* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO @@ -32091,6 +32128,7 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, return WOLFSSL_SUCCESS; } +#endif /* !NO_BIO */ #endif /* defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) */ #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)) && \ @@ -34638,6 +34676,8 @@ int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY *x) } #endif +#ifndef NO_BIO + /* Uses the same format of input as wolfSSL_PEM_read_bio_PrivateKey but expects * the results to be an EC key. * @@ -34706,9 +34746,11 @@ WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio, wolfSSL_EVP_PKEY_free(pkey); return local; } +#endif /* !NO_BIO */ #endif /* NO_FILESYSTEM */ #if defined(WOLFSSL_KEY_GEN) +#ifndef NO_BIO /* Takes a public WOLFSSL_EC_KEY and writes it out to WOLFSSL_BIO * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE */ @@ -34847,6 +34889,8 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, return ret; } +#endif /* !NO_BIO */ + /* return code compliant with OpenSSL : * 1 if success, 0 if error */ @@ -35017,6 +35061,7 @@ int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ecc, #ifndef NO_DSA #if defined(WOLFSSL_KEY_GEN) +#ifndef NO_BIO /* Takes a DSA Privatekey and writes it out to a WOLFSSL_BIO * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE @@ -35156,6 +35201,7 @@ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa) return ret; } #endif /* HAVE_SELFTEST */ +#endif /* !NO_BIO */ /* return code compliant with OpenSSL : * 1 if success, 0 if error @@ -35340,6 +35386,8 @@ int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x) #endif /* #ifndef NO_DSA */ +#ifndef NO_BIO + static int pem_read_bio_key(WOLFSSL_BIO* bio, pem_password_cb* cb, void* pass, int keyType, int* eccFlag, DerBuffer** der) { @@ -35694,6 +35742,8 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, } #endif /* HAVE_ECC */ +#endif /* !NO_BIO */ + #if !defined(NO_FILESYSTEM) WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x, pem_password_cb *cb, void *u) @@ -35711,6 +35761,7 @@ WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x, #ifndef NO_RSA +#ifndef NO_BIO #if defined(XSNPRINTF) && !defined(HAVE_FAST_RSA) /* snprintf() must be available */ @@ -35883,6 +35934,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset) } #endif /* XSNPRINTF */ +#endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) #ifndef NO_WOLFSSL_STUB @@ -38009,6 +38061,8 @@ cleanup: } +#ifndef NO_BIO + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { @@ -38134,6 +38188,8 @@ err: #endif } +#endif /* !NO_BIO */ + #if !defined(NO_FILESYSTEM) static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x, pem_password_cb *cb, void *u, int type) @@ -38237,6 +38293,7 @@ err: } #endif +#ifndef NO_BIO int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509* x) { int ret; @@ -38261,6 +38318,7 @@ err: return ret; } +#endif /* !NO_BIO */ #endif /* !NO_FILESYSTEM */ #define PEM_BEGIN "-----BEGIN " @@ -38273,6 +38331,8 @@ err: #define PEM_HDR_FIN_EOL_NULL_TERM "-----\0" #define PEM_HDR_FIN_EOL_SZ 6 +#ifndef NO_BIO + int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header, unsigned char **data, long *len) { @@ -38559,6 +38619,7 @@ err: return ret; } #endif +#endif /* !NO_BIO */ int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header, EncryptedInfo* cipher) { @@ -38600,6 +38661,7 @@ err: return ret; } +#ifndef NO_BIO /* * bp : bio to read X509 from * x : x509 to write to @@ -38618,10 +38680,13 @@ err: * root CA. */ return wolfSSL_PEM_read_bio_X509(bp, x, cb, u); } +#endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ #ifdef OPENSSL_ALL + +#ifndef NO_BIO /* create and return a new WOLFSSL_X509_PKEY structure or NULL on failure */ static WOLFSSL_X509_PKEY* wolfSSL_X509_PKEY_new(void* heap) { @@ -38652,6 +38717,7 @@ err: } return WOLFSSL_SUCCESS; } +#endif /* !NO_BIO */ /* free up all memory used by "xPkey" passed in */ @@ -38664,6 +38730,8 @@ err: } +#ifndef NO_BIO + /* Takes control of x509 on success * helper function to break out code needed to set WOLFSSL_X509_INFO up * free's "info" passed in if is not defaults @@ -38756,6 +38824,7 @@ err: WOLFSSL_LEAVE("wolfSSL_PEM_X509_INFO_read_bio", ret); return localSk; } +#endif /* !NO_BIO */ #endif /* OPENSSL_ALL */ void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne) @@ -39574,6 +39643,7 @@ err: return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } +#ifndef NO_BIO int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { #ifndef NO_FILESYSTEM XFILE fp; @@ -39602,6 +39672,7 @@ err: return WOLFSSL_NOT_IMPLEMENTED; #endif } +#endif /* Return the corresponding short name for the nid . * or NULL if short name can't be found. @@ -40133,6 +40204,7 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) #ifdef OPENSSL_EXTRA #ifndef NO_DSA +#ifndef NO_BIO WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u) { @@ -40227,6 +40299,7 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, FreeDer(&pDer); return dsa; } +#endif /* !NO_BIO */ #endif /* NO_DSA */ #endif /* OPENSSL_EXTRA */ #endif /* WOLFCRYPT_ONLY */ @@ -40308,6 +40381,7 @@ void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf) #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) +#ifndef NO_BIO WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) { #ifndef NO_FILESYSTEM @@ -40362,9 +40436,11 @@ WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int close_flag) return bio; } #endif +#endif /* !NO_BIO */ #ifndef NO_DH +#ifndef NO_BIO #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x, pem_password_cb *cb, void *u) @@ -40496,6 +40572,7 @@ end: #endif } #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_BIO */ #ifndef NO_FILESYSTEM #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) @@ -40852,6 +40929,8 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh) #endif /* !NO_FILESYSTEM */ #endif /* !NO_DH */ +#ifndef NO_BIO + #ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_REQ @@ -40997,6 +41076,8 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) return WOLFSSL_SUCCESS; } +#endif /* !NO_BIO */ + #if defined(OPENSSL_EXTRA) && !defined(NO_DH) /* Initialize ctx->dh with dh's params. Return WOLFSSL_SUCCESS on ok */ @@ -41253,6 +41334,8 @@ VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) return NULL; } +#ifndef NO_BIO + /* Creates a new bio pair. Returns WOLFSSL_SUCCESS if no error, WOLFSSL_FAILURE otherwise.*/ int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, @@ -41403,6 +41486,8 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) } #endif +#endif /* !NO_BIO */ + /* Adds the ASN1 certificate to the user ctx. Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/ @@ -41463,6 +41548,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) #endif /* NO_RSA && !HAVE_FAST_RSA */ +#ifndef NO_BIO /* Converts EVP_PKEY data from a bio buffer to a WOLFSSL_EVP_PKEY structure. Returns pointer to private EVP_PKEY struct upon success, NULL if there is a failure.*/ @@ -41542,6 +41628,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return key; } +#endif /* !NO_BIO */ /* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure. @@ -42297,6 +42384,8 @@ void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL); } +#ifndef NO_BIO + #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) /* Helper function for X509_NAME_print_ex. Sets *buf to string for domain name attribute based on NID. Returns size of buf */ @@ -42421,6 +42510,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, return WOLFSSL_SUCCESS; } +#endif /* !NO_BIO */ #ifndef NO_WOLFSSL_STUB WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x) @@ -42556,10 +42646,12 @@ int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg) return WOLFSSL_FAILURE; } +#ifndef NO_BIO void wolfSSL_ERR_load_BIO_strings(void) { WOLFSSL_ENTER("ERR_load_BIO_strings"); /* do nothing */ } +#endif #ifndef NO_WOLFSSL_STUB void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*)) @@ -42691,6 +42783,8 @@ const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen) #if (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \ !defined(NO_FILESYSTEM) +#ifndef NO_BIO + #if defined(SESSION_CERTS) || \ (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) /* returns a pointer to the protocol used by the session */ @@ -42868,6 +42962,8 @@ int wolfSSL_SESSION_print(WOLFSSL_BIO *bp, const WOLFSSL_SESSION *x) return WOLFSSL_SUCCESS; } + +#endif /* !NO_BIO */ #endif /* (HAVE_SESSION_TICKET || SESSION_CERTS) && !NO_FILESYSTEM */ #endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ @@ -44120,6 +44216,7 @@ WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *ssl) #endif /* NO_SESSION_CACHE */ +#ifndef NO_BIO int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) { static char num[16] = { '0', '1', '2', '3', '4', '5', '6', '7', @@ -44177,6 +44274,7 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) /* Two nibbles written for each byte. */ return len * 2; } +#endif /* !NO_BIO */ #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) @@ -44908,6 +45006,7 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, #ifdef HAVE_ALPN +#ifndef NO_BIO /* Sets the ALPN extension protos * * example format is @@ -44965,13 +45064,16 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl, wolfSSL_BIO_free(bio); return WOLFSSL_SUCCESS; } +#endif /* !NO_BIO */ #endif /* HAVE_ALPN */ #endif #if defined(OPENSSL_EXTRA) +#ifndef NO_BIO #define WOLFSSL_BIO_INCLUDED #include "src/bio.c" +#endif int oid2nid(word32 oid, int grp) { @@ -46921,6 +47023,7 @@ WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM *r, } #endif /* OPENSSL_EXTRA */ #if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_ASN) +#ifndef NO_BIO static int unprintable_char(char c) { const unsigned char last_unprintable = 31; @@ -46953,6 +47056,7 @@ int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str) return str->length; } +#endif /* !NO_BIO */ #endif /* (WOLFSSL_QT || OPENSSL_ALL) && !NO_ASN */ #if defined(OPENSSL_EXTRA) @@ -46990,6 +47094,7 @@ const char *wolfSSL_ASN1_tag2str(int tag) return tag_label[tag]; } +#ifndef NO_BIO static int check_esc_char(char c, char *esc) { char *ptr; @@ -47120,6 +47225,7 @@ err_exit: XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } +#endif /* !NO_BIO */ #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && !defined(TIME_OVERRIDES) @@ -47894,6 +48000,8 @@ PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len) return (PKCS7*)pkcs7; } +#ifndef NO_BIO + PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7) { WOLFSSL_PKCS7* pkcs7; @@ -47964,6 +48072,8 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs, return WOLFSSL_SUCCESS; } +#endif /* !NO_BIO */ + WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, int flags) { @@ -48003,6 +48113,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, return signers; } +#ifndef NO_BIO /****************************************************************************** * wolfSSL_PEM_write_bio_PKCS7 - writes the PKCS7 data to BIO * @@ -48125,6 +48236,7 @@ error: } return WOLFSSL_FAILURE; } +#endif /* !NO_BIO */ #endif /* OPENSSL_ALL && HAVE_PKCS7 */ #if defined(OPENSSL_EXTRA) @@ -48142,6 +48254,7 @@ WOLFSSL_STACK* wolfSSL_sk_X509_new(void) #endif #ifdef OPENSSL_ALL +#ifndef NO_BIO int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, @@ -48396,6 +48509,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, return key; } +#endif /* !NO_BIO */ + /* Detect which type of key it is before decoding. */ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, const unsigned char** pp, diff --git a/src/wolfio.c b/src/wolfio.c index 0958e47f5..17878a527 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -107,6 +107,7 @@ static WC_INLINE int wolfSSL_LastError(int err) #ifdef OPENSSL_EXTRA +#ifndef NO_BIO /* Use the WOLFSSL read BIO for receiving data. This is set by the function * wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIORecv. * @@ -208,7 +209,8 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) return sent; } -#endif +#endif /* !NO_BIO */ +#endif /* OPENSSL_EXTRA */ #ifdef USE_WOLFSSL_IO diff --git a/tests/api.c b/tests/api.c index 140a59984..c12d11cb4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2093,6 +2093,7 @@ static void test_wolfSSL_EC(void) } #endif /* OPENSSL_EXTRA && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */ +#ifndef NO_BIO static void test_wolfSSL_PEM_read_bio_ECPKParameters(void) { #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) @@ -2107,6 +2108,7 @@ static void test_wolfSSL_PEM_read_bio_ECPKParameters(void) BIO_free(bio); #endif /* HAVE_ECC */ } +#endif /* !NO_BIO */ # if defined(OPENSSL_EXTRA) static void test_wolfSSL_ECDSA_SIG(void) @@ -4767,7 +4769,9 @@ static void test_wolfSSL_X509_NAME_get_entry(void) int idx; ASN1_OBJECT *object = NULL; #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) +#ifndef NO_BIO BIO* bio; +#endif #endif #ifndef NO_FILESYSTEM @@ -4792,10 +4796,12 @@ static void test_wolfSSL_X509_NAME_get_entry(void) AssertIntGE(idx, 0); #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) +#ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(bio, name, 4, (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); BIO_free(bio); +#endif #endif ne = X509_NAME_get_entry(name, idx); @@ -24806,6 +24812,7 @@ static void test_wolfSSL_X509_NAME(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ } +#ifndef NO_BIO static void test_wolfSSL_X509_INFO(void) { #if defined(OPENSSL_ALL) @@ -24834,6 +24841,7 @@ static void test_wolfSSL_X509_INFO(void) printf(resultFmt, passed); #endif } +#endif static void test_wolfSSL_X509_subject_name_hash(void) { @@ -25388,7 +25396,7 @@ static void test_wolfSSL_ASN1_TIME_print(void) static void test_wolfSSL_ASN1_UTCTIME_print(void) { -#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO) BIO* bio; ASN1_UTCTIME* utc = NULL; unsigned char buf[25]; @@ -25429,7 +25437,7 @@ static void test_wolfSSL_ASN1_UTCTIME_print(void) BIO_free(bio); printf(resultFmt, passed); -#endif /* OPENSSL_EXTRA && !NO_ASN_TIME */ +#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */ } @@ -25654,10 +25662,14 @@ static void test_wolfSSL_PEM_PrivateKey(void) #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) +#ifndef NO_BIO BIO* bio = NULL; +#endif EVP_PKEY* pkey = NULL; const unsigned char* server_key = (const unsigned char*)server_key_der_2048; +#ifndef NO_BIO + /* test creating new EVP_PKEY with bad arg */ AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); @@ -25830,6 +25842,8 @@ static void test_wolfSSL_PEM_PrivateKey(void) } #endif /* !defined(NO_DES3) */ +#endif /* !NO_BIO */ + #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { unsigned char buf[2048]; @@ -25871,13 +25885,16 @@ static void test_wolfSSL_PEM_PrivateKey(void) printf(resultFmt, passed); +#ifndef NO_BIO (void)bio; +#endif (void)pkey; (void)server_key; #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ } +#ifndef NO_BIO static void test_wolfSSL_PEM_bio_RSAKey(void) { #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ @@ -26110,6 +26127,8 @@ static void test_wolfSSL_PEM_PUBKEY(void) #endif } +#endif /* !NO_BIO */ + static void test_DSA_do_sign_verify(void) { #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) @@ -26169,9 +26188,11 @@ static void test_wolfSSL_tmp_dh(void) char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; +#ifndef NO_BIO DSA* dsa; DH* dh; BIO* bio; +#endif SSL* ssl; SSL_CTX* ctx; @@ -26191,6 +26212,7 @@ static void test_wolfSSL_tmp_dh(void) bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); XFCLOSE(f); +#ifndef NO_BIO bio = BIO_new_mem_buf((void*)buffer, bytes); AssertNotNull(bio); @@ -26210,6 +26232,7 @@ static void test_wolfSSL_tmp_dh(void) BIO_free(bio); DSA_free(dsa); DH_free(dh); +#endif /* !NO_BIO */ SSL_free(ssl); SSL_CTX_free(ctx); @@ -26219,7 +26242,7 @@ static void test_wolfSSL_tmp_dh(void) static void test_wolfSSL_ctrl(void) { -#if defined (OPENSSL_EXTRA) +#if defined (OPENSSL_EXTRA) && !defined(NO_BIO) byte buff[6000]; BIO* bio; int bytes; @@ -26241,7 +26264,7 @@ static void test_wolfSSL_ctrl(void) BIO_free(bio); printf(resultFmt, passed); -#endif /* defined(OPENSSL_EXTRA) */ +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */ } @@ -27244,7 +27267,7 @@ static void test_wolfSSL_X509_STORE_CTX_get0_store(void) static void test_wolfSSL_CTX_set_client_CA_list(void) { #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ - !defined(NO_WOLFSSL_CLIENT) + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO) WOLFSSL_CTX* ctx; X509_NAME* name = NULL; STACK_OF(X509_NAME)* names = NULL; @@ -27266,7 +27289,7 @@ static void test_wolfSSL_CTX_set_client_CA_list(void) wolfSSL_CTX_free(ctx); printf(resultFmt, passed); -#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */ +#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT && !NO_BIO */ } static void test_wolfSSL_CTX_add_client_CA(void) @@ -28173,6 +28196,8 @@ static void test_wolfSSL_set_tlsext_status_type(void){ #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */ } +#ifndef NO_BIO + static void test_wolfSSL_PEM_read_bio(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ @@ -28447,6 +28472,8 @@ static void test_wolfSSL_BIO(void) #endif } +#endif /* !NO_BIO */ + static void test_wolfSSL_ASN1_STRING(void) { @@ -28667,9 +28694,11 @@ static void test_wolfSSL_X509(void) #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)\ && !defined(NO_RSA) X509* x509; +#ifndef NO_BIO BIO* bio; X509_STORE_CTX* ctx; X509_STORE* store; +#endif char der[] = "certs/ca-cert.der"; XFILE fp; @@ -28679,6 +28708,7 @@ static void test_wolfSSL_X509(void) AssertNotNull(x509 = X509_new()); X509_free(x509); +#ifndef NO_BIO x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM); AssertNotNull(bio = BIO_new(BIO_s_mem())); @@ -28699,6 +28729,7 @@ static void test_wolfSSL_X509(void) X509_STORE_free(store); X509_free(x509); BIO_free(bio); +#endif /** d2i_X509_fp test **/ fp = XFOPEN(der, "rb"); @@ -29156,6 +29187,7 @@ static void test_wolfSSL_pseudo_rand(void) static void test_wolfSSL_PKCS8_Compat(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) + #ifndef NO_BIO PKCS8_PRIV_KEY_INFO* pt; BIO* bio; XFILE f; @@ -29176,6 +29208,7 @@ static void test_wolfSSL_PKCS8_Compat(void) printf(resultFmt, passed); #endif + #endif } static void test_wolfSSL_PKCS8_d2i(void) @@ -29191,8 +29224,10 @@ static void test_wolfSSL_PKCS8_d2i(void) const unsigned char* p; int bytes; XFILE file; +#ifndef NO_BIO BIO* bio; WOLFSSL_EVP_PKEY* evpPkey = NULL; +#endif #endif #ifndef NO_RSA #ifndef NO_FILESYSTEM @@ -29227,7 +29262,9 @@ static void test_wolfSSL_PKCS8_d2i(void) (void)p; (void)bytes; (void)file; +#ifndef NO_BIO (void)bio; +#endif #endif #ifndef NO_RSA @@ -29257,6 +29294,7 @@ static void test_wolfSSL_PKCS8_d2i(void) AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); +#ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#8 PEM to BIO. */ AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, @@ -29276,6 +29314,7 @@ static void test_wolfSSL_PKCS8_d2i(void) wolfSSL_EVP_PKEY_free(evpPkey); BIO_free(bio); #endif +#endif /* !NO_BIO */ wolfSSL_EVP_PKEY_free(pkey); /* PKCS#8 encrypted RSA key */ @@ -29285,11 +29324,13 @@ static void test_wolfSSL_PKCS8_d2i(void) AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); +#ifndef NO_BIO AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, (void*)"yassl123")); wolfSSL_EVP_PKEY_free(pkey); BIO_free(bio); +#endif #endif #endif #ifdef HAVE_ECC @@ -29308,6 +29349,7 @@ static void test_wolfSSL_PKCS8_d2i(void) AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); +#ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#8 PEM to BIO. */ AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, @@ -29325,6 +29367,7 @@ static void test_wolfSSL_PKCS8_d2i(void) (void*)"yassl123")); wolfSSL_EVP_PKEY_free(evpPkey); BIO_free(bio); +#endif wolfSSL_EVP_PKEY_free(pkey); /* PKCS#8 encrypted EC key */ @@ -29334,11 +29377,13 @@ static void test_wolfSSL_PKCS8_d2i(void) AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); +#ifndef NO_BIO AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, (void*)"yassl123")); wolfSSL_EVP_PKEY_free(pkey); BIO_free(bio); +#endif #endif #endif #endif @@ -29413,6 +29458,8 @@ static void test_wolfSSL_ERR_put_error(void) } +#ifndef NO_BIO + static void test_wolfSSL_ERR_print_errors(void) { #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ @@ -29590,6 +29637,8 @@ static int test_wolfSSL_GetLoggingCb (void) return ret; }/*End test_wolfSSL_GetLoggingCb*/ +#endif /* !NO_BIO */ + #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \ defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \ defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3)) @@ -29790,7 +29839,7 @@ static void test_wolfSSL_OBJ(void) static void test_wolfSSL_i2a_ASN1_OBJECT(void) { -#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO) ASN1_OBJECT *obj = NULL; BIO *bio = NULL; @@ -29930,7 +29979,9 @@ static void test_wolfSSL_X509_NAME_ENTRY(void) #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) X509* x509; +#ifndef NO_BIO BIO* bio; +#endif X509_NAME* nm; X509_NAME_ENTRY* entry; unsigned char cn[] = "another name to add"; @@ -29940,8 +29991,10 @@ static void test_wolfSSL_X509_NAME_ENTRY(void) AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); +#ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS); +#endif #ifdef WOLFSSL_CERT_REQ { @@ -29950,10 +30003,12 @@ static void test_wolfSSL_X509_NAME_ENTRY(void) AssertNotNull(req = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); +#ifndef NO_BIO AssertNotNull(bReq = BIO_new(BIO_s_mem())); AssertIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS); BIO_free(bReq); +#endif X509_free(req); } #endif @@ -29987,7 +30042,9 @@ static void test_wolfSSL_X509_NAME_ENTRY(void) AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, cn, -1, -1, 0), WOLFSSL_SUCCESS); +#ifndef NO_BIO BIO_free(bio); +#endif X509_free(x509); /* free's nm */ printf(resultFmt, passed); @@ -30162,6 +30219,8 @@ static void test_wolfSSL_X509_set_version(void) #endif } +#ifndef NO_BIO + static void test_wolfSSL_BIO_gets(void) { #if defined(OPENSSL_EXTRA) @@ -30613,6 +30672,8 @@ static void test_wolfSSL_BIO_f_md(void) #endif } +#endif /* !NO_BIO */ + static void test_wolfSSL_SESSION(void) { @@ -30783,6 +30844,8 @@ static void test_wolfSSL_SESSION(void) } +#ifndef NO_BIO + static void test_wolfSSL_d2i_PUBKEY(void) { #if defined(OPENSSL_EXTRA) @@ -30939,6 +31002,8 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void) } #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ +#endif /* !NO_BIO */ + static void test_wolfSSL_sk_GENERAL_NAME(void) { @@ -31623,6 +31688,7 @@ static void test_wolfSSL_PEM_write_DHparams(void) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_EXTRA) && !defined(NO_DH) && !defined(NO_FILESYSTEM) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) +#ifndef NO_BIO DH* dh; BIO* bio; XFILE fp; @@ -31662,6 +31728,7 @@ tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n\ XFCLOSE(fp); printf(resultFmt, passed); +#endif /* !NO_BIO */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* OPENSSL_ALL || OPENSSL_QT */ #endif @@ -31841,6 +31908,7 @@ static void test_wolfSSL_OpenSSL_add_all_algorithms(void){ static void test_wolfSSL_ASN1_STRING_print_ex(void){ #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) +#ifndef NO_BIO ASN1_STRING* asn_str; const char data[] = "Hello wolfSSL!"; ASN1_STRING* esc_str; @@ -31915,6 +31983,7 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ ASN1_STRING_free(esc_str); printf(resultFmt, passed); +#endif /* !NO_BIO */ #endif } @@ -33011,10 +33080,12 @@ static void test_wolfSSL_CTX_ctrl(void) char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; +#ifndef NO_BIO BIO* bio; DSA* dsa; DH* dh; #endif +#endif #ifdef HAVE_ECC WOLFSSL_EC_KEY* ecKey; #endif @@ -33036,6 +33107,7 @@ static void test_wolfSSL_CTX_ctrl(void) bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); +#ifndef NO_BIO bio = BIO_new_mem_buf((void*)buf, bytes); AssertNotNull(bio); @@ -33045,6 +33117,7 @@ static void test_wolfSSL_CTX_ctrl(void) dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); #endif +#endif #ifdef HAVE_ECC /* Initialize WOLFSSL_EC_KEY */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); @@ -33134,10 +33207,12 @@ static void test_wolfSSL_CTX_ctrl(void) /* Cleanup and Pass */ #if !defined(NO_DH) && !defined(NO_DSA) +#ifndef NO_BIO BIO_free(bio); DSA_free(dsa); DH_free(dh); #endif +#endif #ifdef HAVE_ECC wolfSSL_EC_KEY_free(ecKey); #endif @@ -33150,6 +33225,7 @@ static void test_wolfSSL_CTX_ctrl(void) static void test_wolfSSL_DH_check(void) { #if !defined(NO_DH) && !defined(NO_DSA) +#ifndef NO_BIO byte buf[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; @@ -33211,6 +33287,7 @@ static void test_wolfSSL_DH_check(void) DSA_free(dsa); DH_free(dh); printf(resultFmt, passed); +#endif #endif /* !NO_DH && !NO_DSA */ } @@ -33666,7 +33743,7 @@ static void test_wolfSSL_X509_EXTENSION_get_critical(void) static void test_wolfSSL_X509V3_EXT_print(void) { -#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) +#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) && !defined(NO_BIO) printf(testingFmt, "wolfSSL_X509V3_EXT_print"); { @@ -34949,6 +35026,7 @@ static void test_wolfSSL_PKCS7_SIGNED_new(void) #endif } +#ifndef NO_BIO static void test_wolfSSL_PEM_write_bio_PKCS7(void) { #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) @@ -35046,6 +35124,7 @@ static void test_wolfSSL_PEM_write_bio_PKCS7(void) pkcs7->signedAttribs = NULL; pkcs7->signedAttribsSz = 0; +#ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/ AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS); @@ -35055,6 +35134,7 @@ static void test_wolfSSL_PEM_write_bio_PKCS7(void) AssertIntGE(ret, 0); BIO_free(bio); +#endif wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); @@ -35062,6 +35142,7 @@ static void test_wolfSSL_PEM_write_bio_PKCS7(void) #endif } +#endif /* !NO_BIO */ /*----------------------------------------------------------------------------* | Certificate Failure Checks @@ -36210,7 +36291,9 @@ static void test_wolfSSL_X509_CRL(void) "./certs/crl/eccSrvCRL.pem", "" }; +#ifndef NO_BIO BIO *bio; +#endif #ifdef HAVE_TEST_d2i_X509_CRL_fp char der[][100] = { @@ -36240,6 +36323,7 @@ static void test_wolfSSL_X509_CRL(void) XFCLOSE(fp); } +#ifndef NO_BIO for (i = 0; pem[i][0] != '\0'; i++) { AssertNotNull(bio = BIO_new_file(pem[i], "r")); @@ -36247,6 +36331,7 @@ static void test_wolfSSL_X509_CRL(void) X509_CRL_free(crl); BIO_free(bio); } +#endif #ifdef HAVE_TEST_d2i_X509_CRL_fp for(i = 0; der[i][0] != '\0'; i++){ @@ -36290,7 +36375,7 @@ static void test_wolfSSL_PEM_read_X509(void) static void test_wolfSSL_PEM_read(void) { -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO) const char* filename = "./certs/server-keyEnc.pem"; XFILE fp; char* name = NULL; @@ -36598,6 +36683,7 @@ static void test_wolfssl_EVP_aes_gcm(void) #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ } +#ifndef NO_BIO static void test_wolfSSL_PEM_X509_INFO_read_bio(void) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) @@ -36640,6 +36726,7 @@ static void test_wolfSSL_PEM_X509_INFO_read_bio(void) printf(resultFmt, passed); #endif } +#endif /* !NO_BIO */ static void test_wolfSSL_X509_NAME_ENTRY_get_object() { @@ -36957,6 +37044,8 @@ static int test_ForceZero(void) return 0; } +#ifndef NO_BIO + static void test_wolfSSL_X509_print() { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ @@ -36994,7 +37083,7 @@ static void test_wolfSSL_RSA_print() { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_FAST_RSA) + !defined(HAVE_FAST_RSA) && !defined(NO_BIO) BIO *bio; WOLFSSL_RSA* rsa = NULL; printf(testingFmt, "wolfSSL_RSA_print"); @@ -37012,7 +37101,7 @@ static void test_wolfSSL_RSA_print() static void test_wolfSSL_BIO_get_len() { -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) BIO *bio; const char txt[] = "Some example text to push to the BIO."; printf(testingFmt, "wolfSSL_BIO_get_len"); @@ -37083,10 +37172,13 @@ static void test_wolfSSL_ASN1_STRING_print(void){ #endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS */ } +#endif /* !NO_BIO */ + static void test_wolfSSL_RSA_verify() { #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \ !defined(NO_FILESYSTEM) && defined(HAVE_CRL) +#ifndef NO_BIO XFILE fp; RSA *pKey, *pubKey; X509 *cert; @@ -37147,6 +37239,7 @@ static void test_wolfSSL_RSA_verify() XFREE(buf, NULL, DYNAMIC_TYPE_FILE); printf(resultFmt, passed); #endif +#endif } @@ -37754,7 +37847,9 @@ void ApiTest(void) /* compatibility tests */ test_wolfSSL_X509_NAME(); +#ifndef NO_BIO test_wolfSSL_X509_INFO(); +#endif test_wolfSSL_X509_subject_name_hash(); test_wolfSSL_X509_issuer_name_hash(); test_wolfSSL_X509_check_host(); @@ -37765,11 +37860,13 @@ void ApiTest(void) test_wolfSSL_ASN1_GENERALIZEDTIME_free(); test_wolfSSL_private_keys(); test_wolfSSL_PEM_PrivateKey(); +#ifndef NO_BIO test_wolfSSL_PEM_bio_RSAKey(); test_wolfSSL_PEM_bio_DSAKey(); test_wolfSSL_PEM_bio_ECKey(); test_wolfSSL_PEM_RSAPrivateKey(); test_wolfSSL_PEM_PUBKEY(); +#endif test_DSA_do_sign_verify(); test_wolfSSL_tmp_dh(); test_wolfSSL_ctrl(); @@ -37783,11 +37880,13 @@ void ApiTest(void) #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) test_wolfSSL_ERR_peek_last_error_line(); #endif +#ifndef NO_BIO test_wolfSSL_ERR_print_errors_cb(); AssertFalse(test_wolfSSL_GetLoggingCb()); AssertFalse(test_WOLFSSL_ERROR_MSG()); AssertFalse(test_wc_ERR_remove_state()); AssertFalse(test_wc_ERR_print_errors_fp()); +#endif test_wolfSSL_set_options(); test_wolfSSL_sk_SSL_CIPHER(); test_wolfSSL_X509_STORE_CTX(); @@ -37806,8 +37905,10 @@ void ApiTest(void) test_wolfSSL_X509_STORE(); test_wolfSSL_X509_STORE_load_locations(); test_wolfSSL_BN(); +#ifndef NO_BIO test_wolfSSL_PEM_read_bio(); test_wolfSSL_BIO(); +#endif test_wolfSSL_ASN1_STRING(); test_wolfSSL_ASN1_BIT_STRING(); test_wolfSSL_X509(); @@ -37831,7 +37932,9 @@ void ApiTest(void) test_wolfSSL_PKCS8_Compat(); test_wolfSSL_PKCS8_d2i(); test_wolfSSL_ERR_put_error(); +#ifndef NO_BIO test_wolfSSL_ERR_print_errors(); +#endif test_wolfSSL_HMAC(); test_wolfSSL_OBJ(); test_wolfSSL_i2a_ASN1_OBJECT(); @@ -37843,6 +37946,7 @@ void ApiTest(void) test_wolfSSL_X509_set_notAfter(); test_wolfSSL_X509_set_notBefore(); test_wolfSSL_X509_set_version(); +#ifndef NO_BIO test_wolfSSL_BIO_gets(); test_wolfSSL_BIO_puts(); test_wolfSSL_BIO_should_retry(); @@ -37850,6 +37954,7 @@ void ApiTest(void) test_wolfSSL_BIO_write(); test_wolfSSL_BIO_printf(); test_wolfSSL_BIO_f_md(); +#endif test_wolfSSL_SESSION(); test_wolfSSL_DES_ecb_encrypt(); test_wolfSSL_sk_GENERAL_NAME(); @@ -37870,8 +37975,10 @@ void ApiTest(void) test_wolfSSL_X509_CRL(); test_wolfSSL_PEM_read_X509(); test_wolfSSL_PEM_read(); +#ifndef NO_BIO test_wolfSSL_PEM_X509_INFO_read_bio(); test_wolfSSL_PEM_read_bio_ECPKParameters(); +#endif test_wolfSSL_X509_NAME_ENTRY_get_object(); test_wolfSSL_OpenSSL_add_all_algorithms(); test_wolfSSL_ASN1_STRING_print_ex(); @@ -37913,13 +38020,17 @@ void ApiTest(void) #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS); +#ifndef NO_BIO test_wolfSSL_d2i_PrivateKeys_bio(); +#endif #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ test_wolfSSL_X509_CA_num(); test_wolfSSL_X509_get_version(); +#ifndef NO_BIO test_wolfSSL_X509_print(); test_wolfSSL_BIO_get_len(); +#endif test_wolfSSL_RSA_verify(); test_wolfSSL_X509V3_EXT_get(); test_wolfSSL_X509V3_EXT(); @@ -37932,8 +38043,10 @@ void ApiTest(void) test_wolfSSL_X509_EXTENSION_get_critical(); test_wolfSSL_X509V3_EXT_print(); test_wolfSSL_X509_cmp(); +#ifndef NO_BIO test_wolfSSL_RSA_print(); test_wolfSSL_ASN1_STRING_print(); +#endif test_openssl_generate_key_and_cert(); test_wolfSSL_EC_get_builtin_curves(); @@ -37960,7 +38073,9 @@ void ApiTest(void) /* OpenSSL PKCS7 API test */ test_wolfssl_PKCS7(); test_wolfSSL_PKCS7_SIGNED_new(); +#ifndef NO_BIO test_wolfSSL_PEM_write_bio_PKCS7(); +#endif /* wolfCrypt ASN tests */ test_wc_GetPkcs8TraditionalOffset(); diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index df7f5b91e..3a80f3693 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -82,8 +82,10 @@ WOLFSSL_API int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags); WOLFSSL_API void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response); +#ifndef NO_BIO WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, OcspResponse** response); +#endif WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, const unsigned char** data, int len); WOLFSSL_API int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response, @@ -100,8 +102,10 @@ WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, WOLFSSL_OCSP_CERTID *cid); WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*); +#ifndef NO_BIO WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, WOLFSSL_OCSP_REQUEST *req); +#endif #endif #ifdef OPENSSL_EXTRA From f9e48ee361801809bbd8903046aff130b89fd344 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 8 Jul 2020 04:27:09 -0400 Subject: [PATCH 12/15] build updates for lighttpd: recommend -DNO_BIO (cherry picked from commit bfe12839e18ccc3ab95cfc33b34c875ebe55c14a) --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index a687e1f47..b3260bf3f 100644 --- a/configure.ac +++ b/configure.ac @@ -3931,6 +3931,7 @@ then fi # w/ lighttpd 1.4.56 once wolfSSL updated to expose non-filesystem funcs + #AM_CFLAGS="$AM_CFLAGS -DNO_BIO" #AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" #ENABLED_FILESYSTEM=no fi From 4030523eb5fed3f434793298335de7299e8c06a0 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 5 Nov 2020 21:57:33 -0600 Subject: [PATCH 13/15] ssl.c: remove duplicate definition of wolfSSL_CTX_check_private_key(). --- src/ssl.c | 64 ------------------------------------------------------- 1 file changed, 64 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 30763f01a..783665f53 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6916,70 +6916,6 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file, #endif /* NO_FILESYSTEM */ - -#ifndef NO_CHECK_PRIVATE_KEY -/* Check private against public in certificate for match - * - * ctx WOLFSSL_CTX structure to check private key in - * - * Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */ -int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) -{ -#ifdef WOLFSSL_SMALL_STACK - DecodedCert* der = NULL; -#else - DecodedCert der[1]; -#endif - word32 size; - byte* buff; - int ret; - - WOLFSSL_ENTER("wolfSSL_CTX_check_private_key"); - - if (ctx == NULL || ctx->certificate == NULL) { - return WOLFSSL_FAILURE; - } - -#ifndef NO_CERTS -#ifdef WOLFSSL_SMALL_STACK - der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); - if (der == NULL) - return MEMORY_E; -#endif - - size = ctx->certificate->length; - buff = ctx->certificate->buffer; - InitDecodedCert(der, buff, size, ctx->heap); - if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) { - FreeDecodedCert(der); - #ifdef WOLFSSL_SMALL_STACK - XFREE(der, NULL, DYNAMIC_TYPE_DCERT); - #endif - return WOLFSSL_FAILURE; - } - - size = ctx->privateKey->length; - buff = ctx->privateKey->buffer; - ret = wc_CheckPrivateKey(buff, size, der); - FreeDecodedCert(der); -#ifdef WOLFSSL_SMALL_STACK - XFREE(der, NULL, DYNAMIC_TYPE_DCERT); -#endif - - if (ret == 1) { - return WOLFSSL_SUCCESS; - } - else { - return WOLFSSL_FAILURE; - } -#else - WOLFSSL_MSG("NO_CERTS is defined, can not check private key"); - return WOLFSSL_FAILURE; -#endif -} -#endif /* !NO_CHECK_PRIVATE_KEY */ - - #ifdef HAVE_CRL /* check CRL if enabled, WOLFSSL_SUCCESS */ From dcff103c843bdf5f9775f8598d49d5a8b0baeedc Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 5 Nov 2020 22:19:16 -0600 Subject: [PATCH 14/15] tests/api.c: fixes for compilability re NO_BIO --- tests/api.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/tests/api.c b/tests/api.c index c12d11cb4..15ce25d83 100644 --- a/tests/api.c +++ b/tests/api.c @@ -26183,16 +26183,14 @@ static void test_DSA_do_sign_verify(void) static void test_wolfSSL_tmp_dh(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) + !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) byte buffer[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; -#ifndef NO_BIO DSA* dsa; DH* dh; BIO* bio; -#endif SSL* ssl; SSL_CTX* ctx; @@ -26212,7 +26210,6 @@ static void test_wolfSSL_tmp_dh(void) bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); XFCLOSE(f); -#ifndef NO_BIO bio = BIO_new_mem_buf((void*)buffer, bytes); AssertNotNull(bio); @@ -26232,7 +26229,6 @@ static void test_wolfSSL_tmp_dh(void) BIO_free(bio); DSA_free(dsa); DH_free(dh); -#endif /* !NO_BIO */ SSL_free(ssl); SSL_CTX_free(ctx); @@ -29999,7 +29995,9 @@ static void test_wolfSSL_X509_NAME_ENTRY(void) #ifdef WOLFSSL_CERT_REQ { X509_REQ* req; +#ifndef NO_BIO BIO* bReq; +#endif AssertNotNull(req = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); @@ -33075,17 +33073,15 @@ static void test_wolfSSL_CTX_ctrl(void) char clientFile[] = "./certs/client-cert.pem"; SSL_CTX* ctx; X509* x509 = NULL; -#if !defined(NO_DH) && !defined(NO_DSA) +#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) byte buf[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; -#ifndef NO_BIO BIO* bio; DSA* dsa; DH* dh; #endif -#endif #ifdef HAVE_ECC WOLFSSL_EC_KEY* ecKey; #endif @@ -33100,14 +33096,13 @@ static void test_wolfSSL_CTX_ctrl(void) x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); -#if !defined(NO_DH) && !defined(NO_DSA) +#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) /* Initialize DH */ f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); -#ifndef NO_BIO bio = BIO_new_mem_buf((void*)buf, bytes); AssertNotNull(bio); @@ -33117,7 +33112,6 @@ static void test_wolfSSL_CTX_ctrl(void) dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); #endif -#endif #ifdef HAVE_ECC /* Initialize WOLFSSL_EC_KEY */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); @@ -33187,7 +33181,7 @@ static void test_wolfSSL_CTX_ctrl(void) /* Test with SSL_CTRL_SET_TMP_DH * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh */ -#if !defined(NO_DH) && !defined(NO_DSA) +#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh), SSL_SUCCESS); #endif From 0d2e28ce80eceee7992425d8262eea0443855794 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 6 Nov 2020 10:11:48 -0800 Subject: [PATCH 15/15] Fix for `error: unused function 'MonthStr'` --- src/ssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 783665f53..e9bbee7a1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27126,6 +27126,8 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_ } #endif /* !NO_WOLFSSL_STUB */ +#ifndef NO_BIO + /* Return the month as a string. * * n The number of the month as a two characters (1 based). @@ -27139,7 +27141,6 @@ static WC_INLINE const char* MonthStr(const char* n) return monthStr[(n[0] - '0') * 10 + (n[1] - '0') - 1]; } -#ifndef NO_BIO int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime) {