From cf1ce3f0730c4c172f4766660c67aa77fad30c70 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 29 Sep 2021 16:35:23 -0600 Subject: [PATCH] Add get_default_cert_file/env() stubs, SSL_get/set_read_ahead(), SSL_SESSION_has_ticket/lifetime_hint() (#4349) * add wolfSSL_X509_get_default_cert_file/file_env/dir/dir_env() stubs * add SSL_get_read_ahead/SSL_set_read_ahead() * add SSL_SESSION_has_ticket() * add SSL_SESSION_get_ticket_lifetime_hint() * address review feedback - comments, return values * make SSL_get_read_ahead() arg const * add unit tests for SESSION_has_ticket/get_ticket_lifetime_hint * test for SESSION_TICKET_HINT_DEFAULT in api.c for wolfSSL_SESSION_get_ticket_lifetime_hint() * fix variable shadow warning in api.c --- src/ssl.c | 76 +++++++++++++++++++++++++++++++++++++++++++ tests/api.c | 34 ++++++++++++++----- wolfssl/openssl/ssl.h | 9 +++++ wolfssl/ssl.h | 9 +++++ 4 files changed, 119 insertions(+), 9 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index ca75c2d89..65aa7d0a5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16695,6 +16695,30 @@ cleanup: WOLFSSL_STUB("SSL_CTX_set_default_verify_paths"); return SSL_NOT_IMPLEMENTED; } + + const char* wolfSSL_X509_get_default_cert_file_env(void) + { + WOLFSSL_STUB("X509_get_default_cert_file_env"); + return NULL; + } + + const char* wolfSSL_X509_get_default_cert_file(void) + { + WOLFSSL_STUB("X509_get_default_cert_file"); + return NULL; + } + + const char* wolfSSL_X509_get_default_cert_dir_env(void) + { + WOLFSSL_STUB("X509_get_default_cert_dir_env"); + return NULL; + } + + const char* wolfSSL_X509_get_default_cert_dir(void) + { + WOLFSSL_STUB("X509_get_default_cert_dir"); + return NULL; + } #endif #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ @@ -29138,6 +29162,28 @@ WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) } +int wolfSSL_get_read_ahead(const WOLFSSL* ssl) +{ + if (ssl == NULL) { + return WOLFSSL_FAILURE; + } + + return ssl->readAhead; +} + + +int wolfSSL_set_read_ahead(WOLFSSL* ssl, int v) +{ + if (ssl == NULL) { + return WOLFSSL_FAILURE; + } + + ssl->readAhead = (byte)v; + + return WOLFSSL_SUCCESS; +} + + int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) { if (ctx == NULL) { @@ -30760,6 +30806,36 @@ end: return s; } +/* Check if there is a session ticket associated with this WOLFSSL_SESSION. + * + * sess - pointer to WOLFSSL_SESSION struct + * + * Returns 1 if has session ticket, otherwise 0 */ +int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION* sess) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_has_ticket"); +#ifdef HAVE_SESSION_TICKET + if (sess) { + if ((sess->ticketLen > 0) && (sess->ticket != NULL)) { + return WOLFSSL_SUCCESS; + } + } +#else + (void)sess; +#endif + return WOLFSSL_FAILURE; +} + +unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint( + const WOLFSSL_SESSION* sess) +{ + WOLFSSL_ENTER("wolfSSL_SESSION_get_ticket_lifetime_hint"); + if (sess) { + return sess->timeout; + } + return 0; +} + long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess) { long timeout = 0; diff --git a/tests/api.c b/tests/api.c index 6167bf9c9..5fb67d635 100644 --- a/tests/api.c +++ b/tests/api.c @@ -343,8 +343,10 @@ #include #endif -#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) -#include "wolfssl/internal.h" /* for testing SSL_get_peer_cert_chain */ +#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \ + defined(HAVE_SESSION_TICKET) + /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT */ +#include "wolfssl/internal.h" #endif /* force enable test buffers */ @@ -6697,7 +6699,7 @@ static void test_wolfSSL_PKCS12(void) #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \ !defined(NO_SHA) && defined(HAVE_PKCS12) - byte buffer[6000]; + byte buf[6000]; char file[] = "./certs/test-servercert.p12"; char order[] = "./certs/ecc-rsa-server.p12"; #ifdef WC_RC2 @@ -6730,13 +6732,13 @@ static void test_wolfSSL_PKCS12(void) f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); - bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); + bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); goodPswLen = (int)XSTRLEN(goodPsw); badPswLen = (int)XSTRLEN(badPsw); - bio = BIO_new_mem_buf((void*)buffer, bytes); + bio = BIO_new_mem_buf((void*)buf, bytes); AssertNotNull(bio); pkcs12 = d2i_PKCS12_bio(bio, NULL); @@ -6881,10 +6883,10 @@ static void test_wolfSSL_PKCS12(void) /* test order of parsing */ f = XFOPEN(order, "rb"); AssertTrue(f != XBADFILE); - bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); + bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); - AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes)); + AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)), WOLFSSL_SUCCESS); @@ -6964,10 +6966,10 @@ static void test_wolfSSL_PKCS12(void) /* test PKCS#12 with RC2 encryption */ f = XFOPEN(rc2p12, "rb"); AssertTrue(f != XBADFILE); - bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); + bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); - AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes)); + AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); /* check verify MAC fail case */ @@ -37235,6 +37237,10 @@ static void test_wolfSSL_SESSION(void) #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif +#ifdef HAVE_SESSION_TICKET + /* Use session tickets, for ticket tests below */ + AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS); +#endif XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS @@ -37287,6 +37293,16 @@ static void test_wolfSSL_SESSION(void) AssertIntEQ(wolfSSL_SESSION_is_resumable(NULL), 0); AssertIntEQ(wolfSSL_SESSION_is_resumable(sess), 1); #endif + + AssertIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0); + AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0); + #ifdef HAVE_SESSION_TICKET + AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 1); + AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess), + SESSION_TICKET_HINT_DEFAULT); + #else + AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0); + #endif wolfSSL_shutdown(ssl); wolfSSL_free(ssl); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 1711d3b5f..128d48365 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -983,6 +983,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_sess_set_cache_size wolfSSL_CTX_sess_set_cache_size #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths +#define X509_get_default_cert_file_env wolfSSL_X509_get_default_cert_file_env +#define X509_get_default_cert_file wolfSSL_X509_get_default_cert_file +#define X509_get_default_cert_dir_env wolfSSL_X509_get_default_cert_dir_env +#define X509_get_default_cert_dir wolfSSL_X509_get_default_cert_dir #define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context #define SSL_get_peer_certificate wolfSSL_get_peer_certificate @@ -1018,6 +1022,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION #define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION +#define SSL_SESSION_has_ticket wolfSSL_SESSION_has_ticket +#define SSL_SESSION_get_ticket_lifetime_hint \ + wolfSSL_SESSION_get_ticket_lifetime_hint #define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout #define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout #define SSL_SESSION_get_time wolfSSL_SESSION_get_time @@ -1155,6 +1162,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_set_tlsext_max_fragment_length wolfSSL_set_tlsext_max_fragment_length #define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert +#define SSL_get_read_ahead wolfSSL_get_read_ahead +#define SSL_set_read_ahead wolfSSL_set_read_ahead #define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead #define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead #define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 06c6e3a03..3141f0bf1 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1968,6 +1968,8 @@ WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); +WOLFSSL_API int wolfSSL_get_read_ahead(const WOLFSSL*); +WOLFSSL_API int wolfSSL_set_read_ahead(WOLFSSL*, int v); WOLFSSL_API int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v); WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg); @@ -2472,6 +2474,10 @@ WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); +WOLFSSL_API const char* wolfSSL_X509_get_default_cert_file_env(void); +WOLFSSL_API const char* wolfSSL_X509_get_default_cert_file(void); +WOLFSSL_API const char* wolfSSL_X509_get_default_cert_dir_env(void); +WOLFSSL_API const char* wolfSSL_X509_get_default_cert_dir(void); WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, const unsigned char*, unsigned int); WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*); @@ -2543,6 +2549,9 @@ WOLFSSL_API int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char* WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**, const unsigned char**, long); +WOLFSSL_API int wolfSSL_SESSION_has_ticket(const WOLFSSL_SESSION*); +WOLFSSL_API unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint( + const WOLFSSL_SESSION* sess); WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*); WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*); WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);