diff --git a/src/ssl.c b/src/ssl.c index f4216e07f..28e0ab241 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11396,6 +11396,19 @@ int wolfSSL_set_compression(WOLFSSL* ssl) wolfSSL_set_rfd(ssl, rd->fd); wolfSSL_set_wfd(ssl, wr->fd); + /* free any existing WOLFSSL_BIOs in use */ + if (ssl->biord != NULL) { + if (ssl->biord != ssl->biowr) { + if (ssl->biowr != NULL) { + wolfSSL_BIO_free(ssl->biowr); + ssl->biowr = NULL; + } + } + wolfSSL_BIO_free(ssl->biord); + ssl->biord = NULL; + } + + ssl->biord = rd; ssl->biowr = wr; } @@ -12263,13 +12276,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_ERR_get_error"); -#if defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_NGINX) { unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL); wc_RemoveErrorNode(-1); return ret; } +#elif defined(DEBUG_WOLFSSL) && \ + (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) + return wc_PullErrorNode(NULL, NULL, NULL); #else return (unsigned long)(0 - NOT_COMPILED_IN); #endif @@ -22134,6 +22150,53 @@ int wolfSSL_DH_size(WOLFSSL_DH* dh) } +/* This sets a big number with the 1536-bit prime from RFC 3526. + * + * bn if not NULL then the big number structure is used. If NULL then a new + * big number structure is created. + * + * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure. + */ +WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn) +{ + const char prm[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, + 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, + 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, + 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, + 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, + 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + }; + + WOLFSSL_ENTER("wolfSSL_DH_1536_prime"); + + if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + WOLFSSL_MSG("Error converting DH 1536 prime to big number"); + return NULL; + } + + return bn; +} + + /* return code compliant with OpenSSL : * 1 if success, 0 if error */ diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index 8d4c26da4..26f0f5852 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -64,6 +64,7 @@ typedef WOLFSSL_DH DH; #define DH_size wolfSSL_DH_size #define DH_generate_key wolfSSL_DH_generate_key #define DH_compute_key wolfSSL_DH_compute_key +#define get_rfc3526_prime_1536 wolfSSL_DH_1536_prime #ifdef __cplusplus diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 39cd4e3d0..229550ef0 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -536,6 +536,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_need_tmp_RSA(ssl) 0 #define SSL_set_tmp_rsa(ssl,rsa) 1 /*#endif*/ + #define CONF_modules_unload(a) #define SSL_get_hit wolfSSL_session_reused diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 85dfdb132..b96f23e2d 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2585,6 +2585,7 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const ch WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn); WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, void (*callback) (int, int, void *), void *cb_arg);