diff --git a/src/internal.c b/src/internal.c index 45e47c103..c132429b7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -15830,6 +15830,13 @@ const char* AlertTypeToString(int type) return unknown_ca_str; } + case access_denied: + { + static const char access_denied_str[] = + "access_denied"; + return access_denied_str; + } + case decode_error: { static const char decode_error_str[] = @@ -15862,12 +15869,27 @@ const char* AlertTypeToString(int type) } #endif + case insufficient_security: + { + static const char insufficient_security_str[] = + "insufficient_security"; + return insufficient_security_str; + } + case internal_error: { static const char internal_error_str[] = "internal_error"; return internal_error_str; } + + case user_canceled: + { + static const char user_canceled_str[] = + "user_canceled"; + return user_canceled_str; + } + case no_renegotiation: { static const char no_renegotiation_str[] = diff --git a/src/ssl.c b/src/ssl.c index 6f9e06ad2..ca75c2d89 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -43856,11 +43856,12 @@ err: return NULL; } - /* if no_name is one than use numerical form otherwise can be short name. + /* If no_name is one then use numerical form, otherwise short name. * - * returns the buffer size on success + * Returns the buffer size on success, WOLFSSL_FAILURE on error */ - int wolfSSL_OBJ_obj2txt(char *buf, int bufLen, WOLFSSL_ASN1_OBJECT *a, int no_name) + int wolfSSL_OBJ_obj2txt(char *buf, int bufLen, const WOLFSSL_ASN1_OBJECT *a, + int no_name) { int bufSz; const char* desc; @@ -43938,13 +43939,7 @@ err: } buf[bufSz] = '\0'; - #ifdef WOLFSSL_QT - /* For unknown extension types, QT expects the short name to be the - text representation of the oid */ - if (XSTRLEN(a->sName) == 0) { - XMEMCPY(a->sName, buf, bufSz); - } - #endif + return bufSz; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -47116,12 +47111,14 @@ void wolfSSL_ERR_load_BIO_strings(void) { #endif #ifndef NO_WOLFSSL_STUB -void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*)) +/* Set THREADID callback, return 1 on success, 0 on error */ +int wolfSSL_THREADID_set_callback( + void(*threadid_func)(WOLFSSL_CRYPTO_THREADID*)) { WOLFSSL_ENTER("wolfSSL_THREADID_set_callback"); WOLFSSL_STUB("CRYPTO_THREADID_set_callback"); (void)threadid_func; - return; + return 1; } #endif @@ -48607,6 +48604,10 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented"); return WOLFSSL_FAILURE; } + if (flags == WOLFSSL_NO_PARTIAL_WILDCARDS) { + WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented"); + return WOLFSSL_FAILURE; + } InitDecodedCert(&dCert, x->derCert->buffer, x->derCert->length, NULL); ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 46e8446fe..1711d3b5f 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -598,7 +598,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME #define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME -#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS +#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT WOLFSSL_ALWAYS_CHECK_SUBJECT +#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS +#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS WOLFSSL_NO_PARTIAL_WILDCARDS #define X509_VP_FLAG_DEFAULT WOLFSSL_VPARAM_DEFAULT #define X509_VP_FLAG_OVERWRITE WOLFSSL_VPARAM_OVERWRITE @@ -1094,7 +1096,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #include #define SSL_CTRL_CHAIN 88 +#define ERR_LIB_RSA 4 +#define ERR_LIB_EC 16 #define ERR_LIB_SSL 20 +#define ERR_LIB_PKCS12 35 #define SSL_R_SHORT_READ 10 #define ERR_R_PEM_LIB 9 #define SSL_CTRL_MODE 33 @@ -1224,6 +1229,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define DTLS1_VERSION 0xFEFF #define DTLS1_2_VERSION 0xFEFD +/* Used as message callback types */ +#define SSL3_RT_CHANGE_CIPHER_SPEC 20 +#define SSL3_RT_ALERT 21 +#define SSL3_RT_HANDSHAKE 22 +#define SSL3_RT_APPLICATION_DATA 23 + #define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L #define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L @@ -1302,6 +1313,30 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define sk_ACCESS_DESCRIPTION_free wolfSSL_sk_ACCESS_DESCRIPTION_free #define ACCESS_DESCRIPTION_free wolfSSL_ACCESS_DESCRIPTION_free +/* Alert types, matched to AlertDescription enum in wolfssl/ssl.h */ +#define SSL_AD_CLOSE_NOTIFY close_notify +#define SSL_AD_UNEXPECTED_MESSAGE unexpected_message +#define SSL_AD_BAD_RECORD_MAC bad_record_mac +#define SSL_AD_RECORD_OVERFLOW record_overflow +#define SSL_AD_DECOMPRESSION_FAILURE decompression_failure +#define SSL_AD_HANDSHAKE_FAILURE handshake_failure +#define SSL_AD_UNSUPPORTED_CERTIFICATE unsupported_certificate +#define SSL_AD_CERTIFICATE_REVOKED certificate_revoked +#define SSL_AD_CERTIFICATE_EXPIRED certificate_expired +#define SSL_AD_CERTIFICATE_UNKNOWN certificate_unknown +#define SSL_AD_ILLEGAL_PARAMETER illegal_parameter +#define SSL_AD_UNKNOWN_CA unknown_ca +#define SSL_AD_ACCESS_DENIED access_denied +#define SSL_AD_DECODE_ERROR decode_error +#define SSL_AD_DECRYPT_ERROR decrypt_error +#ifdef WOLFSSL_MYSQL_COMPATIBLE + #define SSL_AD_PROTOCOL_VERSION wc_protocol_version +#else + #define SSL_AD_PROTOCOL_VERSION protocol_version +#endif +#define SSL_AD_INSUFFICIENT_SECURITY insufficient_security +#define SSL_AD_USER_CANCELLED user_canceled + #define SSL3_AL_FATAL 2 #define SSL_TLSEXT_ERR_OK 0 #define SSL_TLSEXT_ERR_ALERT_WARNING warning_return diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 0d175fd04..06c6e3a03 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -609,7 +609,9 @@ struct WOLFSSL_X509_STORE { int refCount; /* reference count */ }; -#define WOLFSSL_NO_WILDCARDS 0x4 +#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 +#define WOLFSSL_NO_WILDCARDS 0x2 +#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_WPAS_SMALL) || defined(WOLFSSL_IP_ALT_NAME) @@ -741,6 +743,7 @@ enum AlertDescription { certificate_unknown = 46, illegal_parameter = 47, unknown_ca = 48, + access_denied = 49, decode_error = 50, decrypt_error = 51, #ifdef WOLFSSL_MYSQL_COMPATIBLE @@ -749,8 +752,10 @@ enum AlertDescription { #else protocol_version = 70, #endif + insufficient_security = 71, internal_error = 80, inappropriate_fallback = 86, + user_canceled = 90, no_renegotiation = 100, missing_extension = 109, unsupported_extension = 110, /**< RFC 5246, section 7.2.2 */ @@ -3826,7 +3831,8 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name) WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int n); WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int n, WOLFSSL_ASN1_OBJECT *arg_obj); -WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name); +WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, + const WOLFSSL_ASN1_OBJECT *a, int no_name); WOLFSSL_API void wolfSSL_OBJ_cleanup(void); WOLFSSL_API int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln); @@ -4358,7 +4364,8 @@ WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE fp); #endif -WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*)); +WOLFSSL_API int wolfSSL_THREADID_set_callback( + void (*threadid_func)(WOLFSSL_CRYPTO_THREADID*)); WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val); WOLFSSL_API void wolfSSL_THREADID_current(WOLFSSL_CRYPTO_THREADID* id); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 609b8efec..6f02b97eb 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2242,7 +2242,6 @@ extern void uITRON4_free(void *p) ; || defined(HAVE_LIGHTY) #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION #define OPENSSL_NO_ENGINE - #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT #ifndef OPENSSL_EXTRA #define OPENSSL_EXTRA #endif