diff --git a/configure.ac b/configure.ac index e422cd2db..997c03c75 100644 --- a/configure.ac +++ b/configure.ac @@ -180,6 +180,7 @@ then enable_haproxy=yes enable_stunnel=yes enable_nginx=yes + enable_asio=yes enable_pwdbased=yes enable_aeskeywrap=yes enable_x963kdf=yes @@ -428,6 +429,7 @@ AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"]) # signal (--enable-signal) # lighty (--enable-lighty) HAVE_LIGHTY # stunnel (--enable-stunnel) HAVE_STUNNEL +# asio (--enable-asio) WOLFSSL_ASIO # HAVE_POCO_LIB # WOLFSSL_MYSQL_COMPATIBLE # web server (--enable-webserver) HAVE_WEBSERVER @@ -2992,6 +2994,30 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" fi +# Asio Support +AC_ARG_ENABLE([asio], + [AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])], + [ ENABLED_ASIO=$enableval ], + [ ENABLED_ASIO=no ] + ) +if test "$ENABLED_ASIO" = "yes" +then + # Requires opensslall make sure on + if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" + then + ENABLED_OPENSSLALL="yes" + AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS" + fi + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DWOLFSSL_KEY_GEN" + + # Requires OCSP make sure on + if test "x$ENABLED_OCSP" = "xno" + then + ENABLED_OCSP="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" + AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) + fi +fi # stunnel Support AC_ARG_ENABLE([stunnel], @@ -3139,9 +3165,9 @@ AC_ARG_ENABLE([pwdbased], if test "$ENABLED_PWDBASED" = "no" then - if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes" + if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes" then - # opensslextra, webserver and enckeys needs pwdbased + # opensslextra, opensslall, webserver, and enckeys needs pwdbased ENABLED_PWDBASED=yes else AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED" @@ -4409,6 +4435,7 @@ echo " * LIGHTY: $ENABLED_LIGHTY" echo " * HAPROXY: $ENABLED_HAPROXY" echo " * STUNNEL: $ENABLED_STUNNEL" echo " * NGINX: $ENABLED_NGINX" +echo " * ASIO: $ENABLED_ASIO" echo " * SIGNAL: $ENABLED_SIGNAL" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" diff --git a/src/ssl.c b/src/ssl.c index 4a85872d5..974a32459 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24672,11 +24672,8 @@ int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src) return WOLFSSL_SUCCESS; } - -#if defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) - -static int _HMAC_Init(Hmac* hmac, int type, void* heap) +#ifdef HAVE_FIPS +int _InitHmac(Hmac* hmac, int type, void* heap) { int ret = 0; @@ -24722,21 +24719,6 @@ static int _HMAC_Init(Hmac* hmac, int type, void* heap) break; #endif /* HAVE_BLAKE2 */ - #ifdef WOLFSSL_SHA3 - case WC_SHA3_224: - ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID); - break; - case WC_SHA3_256: - ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID); - break; - case WC_SHA3_384: - ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID); - break; - case WC_SHA3_512: - ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID); - break; - #endif - default: ret = BAD_FUNC_ARG; break; @@ -24746,10 +24728,7 @@ static int _HMAC_Init(Hmac* hmac, int type, void* heap) return ret; } - -#else - #define _HMAC_Init _InitHmac -#endif +#endif /* HAVE_FIPS */ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, @@ -24847,7 +24826,7 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, WC_HMAC_BLOCK_SIZE); XMEMCPY((byte *)&ctx->hmac.opad, (byte *)&ctx->save_opad, WC_HMAC_BLOCK_SIZE); - if ((hmac_error = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap)) + if ((hmac_error = _InitHmac(&ctx->hmac, ctx->hmac.macType, heap)) !=0) { return hmac_error; } @@ -27708,7 +27687,74 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, return rsa; } -#if !defined(HAVE_FAST_RSA) +WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **derBuf, long derSz) +{ + WOLFSSL_ENTER("d2i_RSAPrivateKey"); + + WOLFSSL_RSA *rsa = NULL; + + if(derBuf == NULL){ + WOLFSSL_MSG("Bad argument"); + return NULL; + } + if((rsa = wolfSSL_RSA_new()) == NULL){ + WOLFSSL_MSG("RSA_new failed"); + return NULL; + } + + if(wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, WOLFSSL_RSA_LOAD_PRIVATE) + != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("RSA_LoadDer failed"); + return NULL; + } + if(r != NULL) + *r = rsa; + return rsa; +} + +#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) +int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, const unsigned char **pp) +{ + WOLFSSL_ENTER("i2d_RSAPrivateKey"); + + byte* der = NULL; + int derMax; + int ret; + + if((rsa == NULL) || (pp == NULL)) { + WOLFSSL_MSG("Bad Function Arguments"); + return BAD_FUNC_ARG; + } + + if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal Failed"); + return ret; + } + + /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional + * informations + */ + derMax = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; + + der = (byte*)XMALLOC(derMax, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + WOLFSSL_MSG("Malloc failed"); + return WOLFSSL_FAILURE; + } + + /* RSA key to DER */ + if((ret = wc_RsaKeyToDer((RsaKey *)rsa->internal, der, derMax)) < 0) { + WOLFSSL_MSG("RsaKeyToDer failed"); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + return ret; + } + + *pp = der; + return ret; /* returns size of der if successful */ +} + + int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) { byte *der; @@ -30871,10 +30917,231 @@ int wolfSSL_get_state(const WOLFSSL* ssl) } #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_verify_callback"); + if(ssl) { + return ssl->verifyCallback; + } + return NULL; +} + +int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, + WOLFSSL_BIO **bio2_p, size_t writebuf2) +{ + WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; + int ret = 1; + + if (bio1_p == NULL || bio2_p == NULL) { + WOLFSSL_MSG("Bad Function Argument"); + return BAD_FUNC_ARG; + } + + if((bio1 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { + WOLFSSL_MSG("Bio allocation failed"); + ret = WOLFSSL_FAILURE; + } + if(ret){ + if((bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { + WOLFSSL_MSG("Bio allocation failed"); + ret = WOLFSSL_FAILURE; + } + } + if(ret && writebuf1){ + if(!(ret = wolfSSL_BIO_set_write_buf_size(bio1, writebuf1))) { + WOLFSSL_MSG("BIO_set_write_buf failed"); + } + } + if(ret && writebuf2){ + if(!(ret = wolfSSL_BIO_set_write_buf_size(bio2, writebuf2))){ + WOLFSSL_MSG("BIO_set_write_buf failed"); + } + } + if(ret){ + if((ret = wolfSSL_BIO_make_bio_pair(bio1, bio2))) { + *bio1_p = bio1; + *bio2_p = bio2; + } + } + if(!ret) { + wolfSSL_BIO_free(bio1); + bio1 = NULL; + wolfSSL_BIO_free(bio2); + bio2 = NULL; + } + return ret; +} + + +#if !defined(NO_RSA) +WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) +{ + const unsigned char* mem; + long memSz; + WOLFSSL_RSA* key = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey_bio()"); + + if (bio == NULL) { + WOLFSSL_MSG("Bad Function Argument"); + return NULL; + } + (void)out; + + memSz = wolfSSL_BIO_pending(bio); + if (memSz <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_pending failure"); + return NULL; + } + + mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + WOLFSSL_MSG("Malloc failure"); + return NULL; + } + + if (wolfSSL_BIO_read(bio, (unsigned char*)mem, (int)memSz) == memSz) { + key = wolfSSL_d2i_RSAPrivateKey(NULL, &mem, memSz); + if (out != NULL && key != NULL) { + *out = key; + } + } + + XFREE((unsigned char*)mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return key; +} +#endif + + +int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, const unsigned char *der) +{ + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1"); + if (der != NULL && ctx != NULL) { + if(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) + return WOLFSSL_SUCCESS; + } + return WOLFSSL_FAILURE; +} + + +#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) +int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) +{ + WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey"); + + int ret; + int derSize; + const unsigned char* derBuf = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + WOLFSSL_BIO* bio = NULL; + + if (ctx == NULL || rsa == NULL) { + WOLFSSL_MSG("one or more inputs were NULL"); + return BAD_FUNC_ARG; + } + + if((bio = BIO_new(BIO_s_mem())) == NULL){ + WOLFSSL_MSG("Set bio Failed"); + return WOLFSSL_FAILURE; + } + + pkey = wolfSSL_PKEY_new_ex(bio->heap); + pkey->type = EVP_PKEY_RSA; + pkey->rsa = rsa; + pkey->ownRsa = 0; + + /* convert RSA internal to der */ + if((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &derBuf)) <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey failed"); + XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_BIO_free(bio); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSize, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("pkey malloc failed"); + XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_BIO_free(bio); + return WOLFSSL_FAILURE; + } + + pkey->pkey_sz = derSize; + XMEMCPY(pkey->pkey.ptr, derBuf, derSize); + + /*adds the private key rsa to ctx.*/ + ret = wolfSSL_CTX_use_PrivateKey(ctx, pkey); + + wolfSSL_BIO_free(bio); + wolfSSL_EVP_PKEY_free(pkey); + XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} +#endif /* NO_RSA && !HAVE_FAST_RSA */ + + +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out) +{ + const unsigned char* mem; + long memSz; + WOLFSSL_EVP_PKEY* key = NULL; + int type; + int algoID = 0; + + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio()"); + if (bio == NULL) { + return NULL; + } + (void)out; + + memSz = wolfSSL_BIO_pending(bio); + if (memSz <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_pending failure"); + return NULL; + } + mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + WOLFSSL_MSG("Malloc failure"); + return NULL; + } + const unsigned char* memptr = mem; + + if (wolfSSL_BIO_read(bio, (unsigned char*)mem, (int)memSz) == memSz) { + /* Determines key type */ + if ((wc_GetKeyOID((unsigned char*)mem, memSz, NULL, NULL, &algoID, NULL)) < 0) { + XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + if (algoID == ECDSAk) { + type = EVP_PKEY_EC; + } else if (algoID == RSAk) { + type = EVP_PKEY_RSA; + } else { + WOLFSSL_MSG("Error determining correct key type"); + XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + key = wolfSSL_d2i_PrivateKey(type, &key, &mem, memSz); + if (out != NULL && key != NULL) { + *out = key; + } + } + XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return key; +} +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + /* stunnel compatibility functions*/ -#if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)) -void WOLFSSL_ERR_remove_thread_state(void* pid) +#if (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)))\ + || (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) +void wolfSSL_ERR_remove_thread_state(void* pid) { (void) pid; return; diff --git a/tests/api.c b/tests/api.c index 832b164d8..7524161c0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -283,7 +283,7 @@ #include #endif -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL)) #include #ifndef NO_ASN /* for ASN_COMMON_NAME DN_tags enum */ @@ -554,6 +554,29 @@ static void test_wolfSSL_CTX_use_certificate_file(void) #endif } +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +static int test_wolfSSL_CTX_use_certificate_ASN1(void) +{ +#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN) + WOLFSSL_CTX* ctx; + int ret; + + printf(testingFmt, "wolfSSL_CTX_use_certificate_ASN1()"); + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048, + server_cert_der_2048); + + printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed); + wolfSSL_CTX_free(ctx); + + return ret; +#else + return WOLFSSL_SUCCESS; +#endif +} +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into * context using buffer. * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with @@ -17113,6 +17136,19 @@ static void test_wolfSSL_BIO(void) BIO_free(bio1); BIO_free(bio3); + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) + { + BIO* bioA = NULL; + BIO* bioB = NULL; + AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG); + AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS); + BIO_free(bioA); + bioA = NULL; + BIO_free(bioB); + bioB = NULL; + } + #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + /* BIOs with file pointers */ #if !defined(NO_FILESYSTEM) { @@ -17949,6 +17985,110 @@ static void test_wolfSSL_d2i_PUBKEY(void) #endif } +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +static void test_wolfSSL_d2i_PrivateKeys_bio(void) +{ + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + RSA* rsa = NULL; + WOLFSSL_CTX* ctx; + const unsigned char* buffer = NULL; + + printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()"); + + /* test creating new EVP_PKEY with bad arg */ + AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL))); + + /* test loading RSA key using BIO */ +#if !defined(NO_RSA) && !defined(NO_FILESYSTEM) + { + XFILE file; + const char* fname = "./certs/server-key.der"; + size_t sz; + byte* buf; + + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); + + /* Test using BIO new mem and loading DER private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + + /* test loading ECC key using BIO */ +#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + XFILE file; + const char* fname = "./certs/ecc-key.der"; + size_t sz; + byte* buf; + + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); + + /* Test using BIO new mem and loading DER private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + + AssertNotNull(bio = BIO_new(BIO_s_mem())); + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + + /* Tests bad parameters */ + AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL)); + + /* RSA not set yet, expecting to fail*/ + AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG); + +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + /* set RSA using bio*/ + AssertIntGT(BIO_write(bio, client_key_der_2048, + sizeof_client_key_der_2048), 0); + AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL)); + + AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS); + + /*i2d RSAprivate key tests */ + AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG); + AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &buffer), + sizeof_client_key_der_2048); + RSA_free(rsa); + XFREE((unsigned char*)buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + SSL_CTX_free(ctx); + ctx = NULL; + BIO_free(bio); + bio = NULL; + (void)rsa; + printf(resultFmt, passed); +} +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + + static void test_wolfSSL_sk_GENERAL_NAME(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ @@ -18093,6 +18233,12 @@ static void test_wolfSSL_RSA_DER(void) AssertNotNull(rsa); RSA_free(rsa); } + for (i = 0; tbl[i].der != NULL; i++) + { + AssertNotNull(d2i_RSAPrivateKey(&rsa, &tbl[i].der, tbl[i].sz)); + AssertNotNull(rsa); + RSA_free(rsa); + } printf(resultFmt, passed); #endif @@ -19973,6 +20119,11 @@ void ApiTest(void) test_wolfSSL_i2c_ASN1_INTEGER(); test_wolfSSL_X509_check_ca(); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) + AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS); + test_wolfSSL_d2i_PrivateKeys_bio(); +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + /* test the no op functions for compatibility */ test_no_op_functions(); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a50e99bcb..58047f196 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -525,6 +525,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio #define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp #define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey +#define d2i_RSAPrivateKey wolfSSL_d2i_RSAPrivateKey +#define i2d_RSAPrivateKey wolfSSL_i2d_RSAPrivateKey #define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey #define d2i_X509_CRL wolfSSL_d2i_X509_CRL #define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp @@ -632,6 +634,39 @@ enum { #define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value #endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +#include + +typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES; +#define SSL_CTRL_CHAIN 88 +#define BIO_CTRL_WPENDING 13 +#define GEN_IPADD 7 +#define ERR_LIB_SSL 20 +#define SSL_R_SHORT_READ 10 +#define ERR_R_PEM_LIB 9 +#define V_ASN1_IA5STRING 22 +#define SSL_CTRL_MODE 33 + +#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL) +#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio +#define SSL_CTX_use_RSAPrivateKey wolfSSL_CTX_use_RSAPrivateKey +#define d2i_PrivateKey_bio wolfSSL_d2i_PrivateKey_bio +#define ASN1_IA5STRING WOLFSSL_ASN1_STRING +#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING +#define BIO_new_bio_pair wolfSSL_BIO_new_bio_pair +#define SSL_get_verify_callback wolfSSL_get_verify_callback +#define GENERAL_NAMES_free(GENERAL_NAMES)NULL + +#define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +#define BIO_wpending(b) wolfSSL_BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +#define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1 +#define SSL_CTX_set0_chain(ctx,sk) \ + wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +#define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0) +#define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg)) +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define BIO_new_file wolfSSL_BIO_new_file @@ -789,7 +824,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define PSK_MAX_PSK_LEN 256 #define PSK_MAX_IDENTITY_LEN 128 -#define ERR_remove_thread_state WOLFSSL_ERR_remove_thread_state +#define ERR_remove_thread_state wolfSSL_ERR_remove_thread_state #define SSL_CTX_clear_options wolfSSL_CTX_clear_options @@ -930,5 +965,4 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; } /* extern "C" */ #endif - #endif /* wolfSSL_openssl_h__ */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 93a5c3904..d9601ede9 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -222,6 +222,8 @@ struct WOLFSSL_ASN1_OBJECT { struct d { /* derefrenced */ WOLFSSL_ASN1_STRING ia5_internal; WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */ + WOLFSSL_ASN1_STRING* dNSName; + WOLFSSL_ASN1_STRING* iPAddress; } d; }; @@ -599,6 +601,17 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t, + WOLFSSL_BIO**, size_t); + +WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**); +WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*, + int, const unsigned char*); +WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**); +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + #ifdef SESSION_INDEX WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); @@ -1002,8 +1015,12 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); -WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, + const unsigned char **pp, long len); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**, + const unsigned char**, long); WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, const unsigned char **pp); WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); @@ -2721,6 +2738,8 @@ WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*); WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*); +WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*); + WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, CallbackSniRecv); WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, @@ -2728,7 +2747,7 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); -WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); +WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); #ifndef NO_FILESYSTEM WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp);