feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3769 from miyazakh/openssl_ext_r1

Browse Source 
Compatibility layer API addition
This commit is contained in:
Chris Conlon
2021-03-08 09:54:07 -07:00
committed by GitHub
parent b6130513e3 3b768bcb5e
commit ec58765498
29 changed files with 1186 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/crl/crl.der Normal file
View File

Binary file not shown.

BIN
certs/crl/crl2.der Normal file
View File

Binary file not shown.

5
certs/crl/gencrls.sh
View File

@ -177,4 +177,9 @@ echo "Step 22"
openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
check_result $?
# create crl and crl2 der files for unit test
echo "Step 23"
openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
exit 0

4
certs/crl/include.am
View File

@ -10,7 +10,9 @@ EXTRA_DIST += \
certs/crl/crl2.pem \
certs/crl/caEccCrl.pem \
certs/crl/caEcc384Crl.pem \
certs/crl/wolfssl.cnf
certs/crl/wolfssl.cnf \
certs/crl/crl.der \
certs/crl/crl2.der
EXTRA_DIST += \
certs/crl/crl.revoked

2
configure.ac
View File

@ -5625,7 +5625,7 @@ AC_ARG_ENABLE([oldnames],
if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES"
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME"
fi

3
examples/client/client.c
View File

@ -466,6 +466,9 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
do {
err = 0; /* reset error */
ret = wolfSSL_connect(ssl);
#ifdef WOLFSSL_EARLY_DATA
EarlyDataStatus(ssl);
#endif
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT

3
examples/server/server.c
View File

@ -2501,6 +2501,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
do {
err = 0; /* reset error */
ret = SSL_accept(ssl);
#ifdef WOLFSSL_EARLY_DATA
EarlyDataStatus(ssl);
#endif
if (ret != WOLFSSL_SUCCESS) {
err = SSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT

6
scripts/tls13.test
View File

@ -257,7 +257,7 @@ if [ "$early_data" = "yes" ]; then
grep 'Session Ticket' $client_out_file
session_ticket=$?
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l`
if [ $session_ticket -eq 0 -a $early_data_cnt -ne 2 ]; then
if [ $session_ticket -eq 0 -a $early_data_cnt -ne 4 ]; then
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
@ -280,11 +280,11 @@ if [ "$early_data" = "yes" -a "$psk" = "yes" ]; then
RESULT=$?
remove_ready_file
early_data_cnt=`grep 'Early Data' $server_out_file | wc -l`
if [ $early_data_cnt -ne 2 -a $early_data_cnt -ne 4 ]; then
if [ $early_data_cnt -ne 3 -a $early_data_cnt -ne 4 ]; then
RESULT=1
fi
if [ $RESULT -ne 0 ]; then
echo -e "\n\nIssue with TLS v1.3 Early Data - session ticket"
echo -e "\n\nIssue with TLS v1.3 Early Data - PSK"
do_cleanup
exit 1
fi

15
src/internal.c
View File

@ -1800,6 +1800,15 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#ifdef OPENSSL_EXTRA
/* setup WOLFSSL_X509_STORE */
ctx->x509_store.cm = ctx->cm;
/* WOLFSSL_X509_VERIFY_PARAM */
if ((ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
heap, DYNAMIC_TYPE_OPENSSL)) == NULL) {
WOLFSSL_MSG("ctx->param memory error");
return MEMORY_E;
}
XMEMSET(ctx->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
#endif
#endif
@ -1948,6 +1957,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
XFREE((void *)ctx->alpn_cli_protos, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->alpn_cli_protos = NULL;
}
if (ctx->param) {
XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
}
#endif
#ifdef WOLFSSL_STATIC_EPHEMERAL
#ifndef NO_DH
@ -18915,6 +18927,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case NO_CERT_ERROR:
return "TLS1.3 No Certificate Set Error";
case TOO_MUCH_EARLY_DATA:
return "Too much early data";
default :
return "unknown error number";
}

377
src/ssl.c
View File

@ -2272,7 +2272,7 @@ int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl)
#ifdef WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
/* The following is a non-standard way to reconfigure the max packet size
post-handshake for wolfSSL_write/woflSSL_read */
post-handshake for wolfSSL_write/wolfSSL_read */
if (ssl->options.handShakeState == HANDSHAKE_DONE) {
switch (mfl) {
case WOLFSSL_MFL_2_8 : ssl->max_fragment = 256; break;
@ -16832,6 +16832,31 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
return 0;
}
/* Apply MD5 transformation to the data */
int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX* md5, const unsigned char* data)
{
int ret;
WOLFSSL_ENTER("MD5_Transform");
/* sanity check */
if (md5 == NULL || data == NULL) {
return 0;
}
#if defined(BIG_ENDIAN_ORDER)
{
ByteReverseWords((word32*)data, (word32*)data, WC_MD5_BLOCK_SIZE);
}
#endif
ret = wc_Md5Transform((wc_Md5*)md5, data);
/* return 1 on success, 0 otherwise */
if (ret == 0)
return 1;
else
return 0;
}
#endif /* !NO_MD5 */
@ -16884,7 +16909,36 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
return 0;
}
#if defined(OPENSSL_EXTRA)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
/* Apply SHA1 transformation to the data */
int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX* sha,
const unsigned char* data)
{
int ret;
WOLFSSL_ENTER("SHA_Transform");
/* sanity check */
if (sha == NULL || data == NULL) {
return 0;
}
#if defined(LITTLE_ENDIAN_ORDER)
{
ByteReverseWords((word32*)data, (word32*)data, WC_SHA_BLOCK_SIZE);
}
#endif
ret = wc_ShaTransform((wc_Sha*)sha, data);
/* return 1 on success, 0 otherwise */
if (ret == 0)
return 1;
else
return 0;
}
#endif
#endif
int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha)
{
WOLFSSL_ENTER("SHA1_Init");
@ -16905,6 +16959,18 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
WOLFSSL_ENTER("SHA1_Final");
return SHA_Final(input, sha);
}
#if defined(OPENSSL_EXTRA)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
/* Apply SHA1 transformation to the data */
int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha,
const unsigned char* data)
{
WOLFSSL_ENTER("SHA1_Transform");
return (wolfSSL_SHA_Transform(sha, data));
}
#endif
#endif
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
@ -17007,8 +17073,37 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
return 0;
}
#if defined(OPENSSL_EXTRA)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
/* Apply SHA256 transformation to the data */
int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256,
const unsigned char* data)
{
int ret;
WOLFSSL_ENTER("SHA256_Transform");
/* sanity check */
if (sha256 == NULL || data == NULL) {
return 0;
}
#if defined(LITTLE_ENDIAN_ORDER)
{
ByteReverseWords((word32*)data, (word32*)data, WC_SHA256_BLOCK_SIZE);
}
#endif
ret = wc_Sha256Transform((wc_Sha256*)sha256, data);
/* return 1 on success, 0 otherwise */
if (ret == 0)
return 1;
else
return 0;
}
#endif
#endif
#ifdef WOLFSSL_SHA384
int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha)
@ -17112,6 +17207,30 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
return 0;
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
/* Apply SHA512 transformation to the data */
int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512,
const unsigned char* data)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("SHA512_Transform");
/* sanity check */
if (sha512 == NULL || data == NULL) {
return 0;
}
ret = wc_Sha512Transform((wc_Sha512*)sha512, data);
/* return 1 on success, 0 otherwise */
if (ret == 0)
return 1;
else
return 0;
}
#endif /* !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION > 2)) */
#endif /* WOLFSSL_SHA512 */
#ifdef WOLFSSL_SHA3
@ -21592,7 +21711,7 @@ WOLFSSL_SESSION* wolfSSL_SESSION_new(void)
}
/* add one to session reference count
* return WOFLSSL_SUCCESS on success and WOLFSSL_FAILURE on error */
* return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error */
int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session)
{
if (session == NULL)
@ -25980,12 +26099,106 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509)
#ifdef HAVE_CRL
#ifndef NO_BIO
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **x)
{
int derSz;
byte* der = NULL;
WOLFSSL_X509_CRL* crl = NULL;
if (bp == NULL)
return NULL;
if ((derSz = wolfSSL_BIO_get_len(bp)) > 0) {
der = (byte*)XMALLOC(derSz, 0, DYNAMIC_TYPE_DER);
if (der != NULL) {
if (wolfSSL_BIO_read(bp, der, derSz) == derSz) {
crl = wolfSSL_d2i_X509_CRL(x, der, derSz);
}
}
}
if (der != NULL) {
XFREE(der, 0, DYNAMIC_TYPE_DER);
}
return crl;
}
#endif
#ifndef NO_FILESYSTEM
WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
{
WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp");
return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE);
}
/* Read CRL file, and add it to store and corresponding cert manager */
/* @param ctx a pointer of X509_LOOKUP back to the X509_STORE */
/* @param file a file to read */
/* @param type WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1 */
/* @return WOLFSSL_SUCCESS(1) on successful, othewise WOLFSSL_FAILURE(0)*/
WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
const char *file, int type)
{
int ret = WOLFSSL_FAILURE;
int count = 0;
WOLFSSL_BIO *bio = NULL;
WOLFSSL_X509_CRL *crl =NULL;
WOLFSSL_ENTER("wolfSSL_X509_load_crl_file");
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
if ((bio == NULL) || (wolfSSL_BIO_read_filename(bio, file) <= 0)) {
return ret;
}
if (type == WOLFSSL_FILETYPE_PEM) {
do {
crl = wolfSSL_PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
if (crl == NULL) {
if (count <= 0) {
WOLFSSL_MSG("Load crl failed");
}
break;
}
ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
if (ret == WOLFSSL_FAILURE) {
WOLFSSL_MSG("Adding crl failed");
break;
}
count++;
wolfSSL_X509_CRL_free(crl);
crl = NULL;
} while(crl == NULL);
ret = count;
} else if (type == WOLFSSL_FILETYPE_ASN1) {
crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL);
if (crl == NULL) {
WOLFSSL_MSG("Load crl failed");
} else {
ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl);
if (ret == WOLFSSL_FAILURE) {
WOLFSSL_MSG("Adding crl failed");
} else {
ret = 1;/* handled a file */
}
}
} else {
WOLFSSL_MSG("Invalid file type");
}
wolfSSL_X509_CRL_free(crl);
wolfSSL_BIO_free(bio);
WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret);
return ret;
}
#endif /* !NO_FILESYSTEM */
@ -26195,6 +26408,69 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param,
}
/* inherits properties of param "to" to param "from"
*
* WOLFSSL_VPARAM_DEFAULT any values in "src" is copied
* if "src" value is new for "to".
* WOLFSSL_VPARAM_OVERWRITE all values of "form" are copied to "to"
* WOLFSSL_VPARAM_RESET_FLAGS the flag values are copied, not Ored
* WOLFSSL_VPARAM_LOCKED don't copy any values
* WOLFSSL_VPARAM_ONCE the current inherit_flags is zerroed
*/
static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to,
const WOLFSSL_X509_VERIFY_PARAM *from)
{
int ret = WOLFSSL_FAILURE;
int isOverWrite = 0;
int isDefault = 0;
unsigned int flags;
/* sanity check */
if (!to || !from) {
/* be compatible to openssl return value */
return WOLFSSL_SUCCESS;
}
flags = to->inherit_flags | from->inherit_flags;
if (flags & WOLFSSL_VPARAM_LOCKED) {
return WOLFSSL_SUCCESS;
}
if (flags & WOLFSSL_VPARAM_ONCE) {
to->inherit_flags = 0;
}
isOverWrite = (flags & WOLFSSL_VPARAM_OVERWRITE);
isDefault = (flags & WOLFSSL_VPARAM_DEFAULT);
/* copy check_time if check time is not set */
if ((to->flags & WOLFSSL_USE_CHECK_TIME) == 0 || isOverWrite) {
to->check_time = from->check_time;
to->flags &= ~WOLFSSL_USE_CHECK_TIME;
}
/* host name */
if (isOverWrite ||
(from->hostName[0] != 0 && (to->hostName[0] == 0 || isDefault))) {
if (!(ret = wolfSSL_X509_VERIFY_PARAM_set1_host(to, from->hostName,
(int)XSTRLEN(from->hostName))))
return ret;
to->hostFlags = from->hostFlags;
}
/* ip ascii */
if (isOverWrite ||
(from->ipasc[0] != 0 && (to->ipasc[0] == 0 || isDefault))) {
if (!(ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(to, from->ipasc)))
return ret;
}
if (flags & WOLFSSL_VPARAM_RESET_FLAGS)
to->flags = 0;
to->flags |= from->flags;
return ret;
}
/******************************************************************************
* wolfSSL_X509_VERIFY_PARAM_set1_host - sets the DNS hostname to name
* hostnames is cleared if name is NULL or empty.
@ -26236,12 +26512,32 @@ int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
return WOLFSSL_SUCCESS;
}
/******************************************************************************
* wolfSSL_get0_param - return a pointer to the SSL verification parameters
* wolfSSL_CTX_set1_param - set a pointer to the SSL verification parameters
*
* RETURNS:
* WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
*/
int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm)
{
return wolfSSL_X509_VERIFY_PARAM_set1(ctx->param, vpm);
}
/******************************************************************************
* wolfSSL_CTX/_get0_param - return a pointer to the SSL verification parameters
*
* RETURNS:
* returns pointer to the SSL verification parameters on success,
* otherwise returns NULL
*/
WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx)
{
if (ctx == NULL) {
return NULL;
}
return ctx->param;
}
WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl)
{
if (ssl == NULL) {
@ -26250,6 +26546,32 @@ WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl)
return ssl->param;
}
/* Set VERIFY PARAM from "from" pointer to "to" pointer */
int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM *to,
const WOLFSSL_X509_VERIFY_PARAM *from)
{
int ret = WOLFSSL_FAILURE;
unsigned int _inherit_flags;
if (!to) {
return ret;
}
/* keeps the inherit flags for save */
_inherit_flags = to->inherit_flags;
/* Ored DEFAULT inherit flag proerty to copy "from" contents to "to"
* contents
*/
to->inherit_flags |= WOLFSSL_VPARAM_DEFAULT;
ret = wolfSSL_X509_VERIFY_PARAM_inherit(to, from);
/* restore inherit flag */
to->inherit_flags = _inherit_flags;
return ret;
}
/* Set the host flag in the X509_VERIFY_PARAM structure */
void wolfSSL_X509_VERIFY_PARAM_set_hostflags(WOLFSSL_X509_VERIFY_PARAM* param,
unsigned int flags)
@ -42737,6 +43059,53 @@ err:
}
#endif /* ! NO_SHA */
#ifdef WOLFSSL_SHA224
/* One shot SHA224 hash of message.
*
* d message to hash
* n size of d buffer
* md buffer to hold digest. Should be WC_SHA224_DIGEST_SIZE.
*
* Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used.
* When the static buffer is used this function is not thread safe.
*
* Returns a pointer to the message digest on success and NULL on failure.
*/
unsigned char *wolfSSL_SHA224(const unsigned char *d, size_t n,
unsigned char *md)
{
static byte dig[WC_SHA224_DIGEST_SIZE];
byte* ret = md;
wc_Sha256 sha;
WOLFSSL_ENTER("wolfSSL_SHA224");
if (wc_InitSha224_ex(&sha, NULL, 0) != 0) {
WOLFSSL_MSG("SHA224 Init failed");
return NULL;
}
if (wc_Sha224Update(&sha, (const byte*)d, (word32)n) != 0) {
WOLFSSL_MSG("SHA224 Update failed");
return NULL;
}
if (md == NULL) {
WOLFSSL_MSG("STATIC BUFFER BEING USED. wolfSSL_SHA224 IS NOT "
"THREAD SAFE WHEN md == NULL");
ret = dig;
}
if (wc_Sha224Final(&sha, ret) != 0) {
WOLFSSL_MSG("SHA224 Final failed");
wc_Sha224Free(&sha);
return NULL;
}
wc_Sha224Free(&sha);
return ret;
}
#endif
#ifndef NO_SHA256
/* One shot SHA256 hash of message.
*

15
src/tls.c
View File

@ -9107,9 +9107,17 @@ static int TLSX_EarlyData_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (length != 0)
return BUFFER_E;
if (ssl->earlyData == expecting_early_data)
if (ssl->earlyData == expecting_early_data) {
if (ssl->options.maxEarlyDataSz != 0)
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_ACCEPTED;
else
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_REJECTED;
return TLSX_EarlyData_Use(ssl, 0);
}
ssl->earlyData = early_data_ext;
return 0;
}
if (msgType == encrypted_extensions) {
@ -9122,6 +9130,11 @@ static int TLSX_EarlyData_Parse(WOLFSSL* ssl, byte* input, word16 length,
if (ssl->options.pskIdIndex != 1)
return PSK_KEY_ERROR;
if (ssl->options.side == WOLFSSL_CLIENT_END) {
/* the extension from server comes in */
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_ACCEPTED;
}
return TLSX_EarlyData_Use(ssl, 1);
}
if (msgType == session_ticket) {

31
src/tls13.c
View File

@ -8656,11 +8656,25 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz)
ret = wolfSSL_connect_TLSv13(ssl);
if (ret != WOLFSSL_SUCCESS)
return WOLFSSL_FATAL_ERROR;
/* on client side, status is set to rejected */
/* until sever accepts the early data extension. */
ssl->earlyDataStatus = WOLFSSL_EARLY_DATA_REJECTED;
}
if (ssl->options.handShakeState == CLIENT_HELLO_COMPLETE) {
#ifdef OPENSSL_EXTRA
/* when processed early data exceeds max size */
if (ssl->session.maxEarlyDataSz > 0 &&
(ssl->earlyDataSz + sz > ssl->session.maxEarlyDataSz)) {
ssl->error = TOO_MUCH_EARLY_DATA;
return WOLFSSL_FATAL_ERROR;
}
#endif
ret = SendData(ssl, data, sz);
if (ret > 0)
if (ret > 0) {
*outSz = ret;
/* store amount of processed early data from client */
ssl->earlyDataSz += ret;
}
}
#else
return SIDE_ERROR;
@ -8724,6 +8738,21 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz)
ret = WOLFSSL_FATAL_ERROR;
return ret;
}
/* Returns early data status
*
* ssl The SSL/TLS object.
* returns WOLFSSL_EARLY_DATA_ACCEPTED if the data was accepted
* WOLFSSL_EARLY_DATA_REJECTED if the data was rejected
* WOLFSSL_EARLY_DATA_NOT_SENT if no early data was sent
*/
int wolfSSL_get_early_data_status(const WOLFSSL* ssl)
{
if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version))
return BAD_FUNC_ARG;
return ssl->earlyDataStatus;
}
#endif
#ifdef HAVE_SECRET_CALLBACK

538
tests/api.c
View File

@ -28045,6 +28045,51 @@ static void test_wolfSSL_X509_STORE_CTX_set_time(void)
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CTX_get0_set1_param(void)
{
#if defined(OPENSSL_EXTRA)
int ret;
SSL_CTX* ctx;
WOLFSSL_X509_VERIFY_PARAM* pParam;
WOLFSSL_X509_VERIFY_PARAM* pvpm;
char testIPv4[] = "127.0.0.1";
char testhostName[] = "foo.hoge.com";
printf(testingFmt, "wolfSSL_CTX_get0_set1_param()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertNotNull(pParam = SSL_CTX_get0_param(ctx));
pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL);
AssertNotNull(pvpm);
XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName,
(int)XSTRLEN(testhostName));
wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4);
wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01);
ret = SSL_CTX_set1_param(ctx, pvpm);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(pParam->hostName, testhostName,
(int)XSTRLEN(testhostName)));
AssertIntEQ(0x01, pParam->hostFlags);
AssertIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
SSL_CTX_free(ctx);
XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
}
static void test_wolfSSL_get0_param(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
@ -29903,50 +29948,128 @@ static void test_wolfSSL_X509_ALGOR_get0(void)
static void test_wolfSSL_X509_VERIFY_PARAM(void)
{
#if defined(OPENSSL_EXTRA)
WOLFSSL_X509_VERIFY_PARAM *param;
WOLFSSL_X509_VERIFY_PARAM *paramTo;
WOLFSSL_X509_VERIFY_PARAM *paramFrom;
int ret;
char testIPv4[] = "127.0.0.1";
char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32";
char testhostName1[] = "foo.hoge.com";
char testhostName2[] = "foobar.hoge.com";
printf(testingFmt, "wolfSSL_X509()");
param = wolfSSL_X509_VERIFY_PARAM_new();
AssertNotNull(param);
paramTo = wolfSSL_X509_VERIFY_PARAM_new();
AssertNotNull(paramTo);
XMEMSET(paramTo, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM ));
XMEMSET(param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM ));
paramFrom = wolfSSL_X509_VERIFY_PARAM_new();
AssertNotNull(paramFrom);
XMEMSET(paramFrom, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM ));
ret = wolfSSL_X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1,
(int)XSTRLEN(testhostName1));
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
wolfSSL_X509_VERIFY_PARAM_set_hostflags(NULL, 0x00);
wolfSSL_X509_VERIFY_PARAM_set_hostflags(param, 0x01);
AssertIntEQ(0x01, param->hostFlags);
wolfSSL_X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01);
AssertIntEQ(0x01, paramFrom->hostFlags);
ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4);
AssertIntEQ(0, ret);
ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, testIPv4);
ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(param->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, NULL);
ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL);
AssertIntEQ(1, ret);
ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, testIPv6);
ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(param->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
ret = wolfSSL_X509_VERIFY_PARAM_set_flags(param, WOLFSSL_CRL_CHECKALL);
/* null pointer */
ret = wolfSSL_X509_VERIFY_PARAM_set1(NULL, paramFrom);
AssertIntEQ(WOLFSSL_FAILURE, ret);
/* in the case of "from" null, returns success */
ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, NULL);
AssertIntEQ(WOLFSSL_SUCCESS, ret);
ret = wolfSSL_X509_VERIFY_PARAM_set1(NULL, NULL);
AssertIntEQ(WOLFSSL_FAILURE, ret);
/* inherit flags test : VPARAM_DEFAULT */
ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
AssertIntEQ(0x01, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM OVERWRITE */
wolfSSL_X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
(int)XSTRLEN(testhostName2));
wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
wolfSSL_X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
paramTo->inherit_flags = WOLFSSL_VPARAM_OVERWRITE;
ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
AssertIntEQ(0x01, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM_RESET_FLAGS */
wolfSSL_X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
(int)XSTRLEN(testhostName2));
wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
wolfSSL_X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10);
paramTo->inherit_flags = WOLFSSL_VPARAM_RESET_FLAGS;
ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
AssertIntEQ(0x01, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM_LOCKED */
wolfSSL_X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
(int)XSTRLEN(testhostName2));
wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
wolfSSL_X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
paramTo->inherit_flags = WOLFSSL_VPARAM_LOCKED;
ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2,
(int)XSTRLEN(testhostName2)));
AssertIntEQ(0x00, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM_ONCE, not testable yet */
ret = wolfSSL_X509_VERIFY_PARAM_set_flags(paramTo, WOLFSSL_CRL_CHECKALL);
AssertIntEQ(1, ret);
ret = wolfSSL_X509_VERIFY_PARAM_get_flags(param);
ret = wolfSSL_X509_VERIFY_PARAM_get_flags(paramTo);
AssertIntEQ(WOLFSSL_CRL_CHECKALL, ret);
ret = wolfSSL_X509_VERIFY_PARAM_clear_flags(param, WOLFSSL_CRL_CHECKALL);
ret = wolfSSL_X509_VERIFY_PARAM_clear_flags(paramTo, WOLFSSL_CRL_CHECKALL);
AssertIntEQ(1, ret);
ret = wolfSSL_X509_VERIFY_PARAM_get_flags(param);
ret = wolfSSL_X509_VERIFY_PARAM_get_flags(paramTo);
AssertIntEQ(0, ret);
wolfSSL_X509_VERIFY_PARAM_free(param);
wolfSSL_X509_VERIFY_PARAM_free(paramTo);
wolfSSL_X509_VERIFY_PARAM_free(paramFrom);
printf(resultFmt, passed);
@ -32662,7 +32785,7 @@ static void test_wolfSSL_SHA(void)
#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
printf(testingFmt, "wolfSSL_SHA()");
#if !defined(NO_SHA)
#if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
@ -32672,6 +32795,11 @@ static void test_wolfSSL_SHA(void)
XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
AssertNotNull(SHA1(in, XSTRLEN((char*)in), out));
AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
/* SHA interface test */
XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
AssertNotNull(SHA(in, XSTRLEN((char*)in), out));
AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
}
#endif
@ -32881,6 +33009,229 @@ static void test_wolfSSL_AES_ecb_encrypt(void)
#endif
}
static void test_wolfSSL_MD5(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
byte input1[] = "";
byte input2[] = "message digest";
byte hash[WC_MD5_DIGEST_SIZE];
unsigned char output1[] =
"\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e";
unsigned char output2[] =
"\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0";
WOLFSSL_MD5_CTX md5;
printf(testingFmt, "wolfSSL_MD5()");
XMEMSET(&md5, 0, sizeof(md5));
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
AssertIntEQ(wolfSSL_MD5_Update(&md5, input1,
XSTRLEN((const char*)&input1)), 1);
AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
AssertIntEQ(wolfSSL_MD5_Update(&md5, input2,
(int)XSTRLEN((const char*)input2)), 1);
AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
#if !defined(NO_OLD_NAMES) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
AssertIntEQ(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash), 0);
AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
AssertIntEQ(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash), 0);
AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_MD5_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_MD5_BLOCK_SIZE];
word32 sLen = 0;
unsigned char output1[] =
"\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74";
unsigned char output2[] =
"\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
WOLFSSL_MD5_CTX md5;
printf(testingFmt, "wolfSSL_MD5_Transform()");
XMEMSET(&md5, 0, sizeof(md5));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(wolfSSL_MD5_Transform(NULL, NULL), 0);
AssertIntEQ(wolfSSL_MD5_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(wolfSSL_MD5_Transform(&md5, NULL), 0);
AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Md5Transform((wc_Md5*)&md5, NULL), BAD_FUNC_ARG);
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(wolfSSL_MD5_Transform(&md5, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output1,
WC_MD5_DIGEST_SIZE), 0);
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(wolfSSL_MD5_Transform(&md5, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output2,
WC_MD5_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA224(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \
!defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
unsigned char input[] =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
unsigned char output[] =
"\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
"\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
size_t inLen;
byte hash[WC_SHA224_DIGEST_SIZE];
printf(testingFmt, "wolfSSL_SHA224()");
inLen = XSTRLEN((char*)input);
XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE);
AssertNotNull(SHA224(input, inLen, hash));
AssertIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_SHA_BLOCK_SIZE];
word32 sLen = 0;
unsigned char output1[] =
"\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf"
"\x93\x3a\xf7\x09";
unsigned char output2[] =
"\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
"\xb8\x08\x6e\x7c";
WOLFSSL_SHA_CTX sha;
printf(testingFmt, "wolfSSL_SHA_Transform()");
XMEMSET(&sha, 0, sizeof(sha));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(wolfSSL_SHA_Transform(NULL, NULL), 0);
AssertIntEQ(wolfSSL_SHA_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(wolfSSL_SHA_Transform(&sha, NULL), 0);
AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_ShaTransform((wc_Sha*)&sha, NULL), BAD_FUNC_ARG);
/* Init SHA CTX */
AssertIntEQ(wolfSSL_SHA_Init(&sha), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(wolfSSL_SHA_Transform(&sha, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output1,
WC_SHA_DIGEST_SIZE), 0);
/* Init SHA256 CTX */
AssertIntEQ(wolfSSL_SHA_Init(&sha), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(wolfSSL_SHA_Transform(&sha, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output2,
WC_SHA_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_SHA256_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_SHA256_BLOCK_SIZE];
word32 sLen = 0;
unsigned char output1[] =
"\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77"
"\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18";
unsigned char output2[] =
"\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
"\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
WOLFSSL_SHA256_CTX sha256;
printf(testingFmt, "wolfSSL_SHA256_Transform()");
XMEMSET(&sha256, 0, sizeof(sha256));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(wolfSSL_SHA256_Transform(NULL, NULL), 0);
AssertIntEQ(wolfSSL_SHA256_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, NULL), 0);
AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha256Transform((wc_Sha256*)&sha256, NULL), BAD_FUNC_ARG);
/* Init SHA256 CTX */
AssertIntEQ(wolfSSL_SHA256_Init(&sha256), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output1,
WC_SHA256_DIGEST_SIZE), 0);
/* Init SHA256 CTX */
AssertIntEQ(wolfSSL_SHA256_Init(&sha256), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(wolfSSL_SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output2,
WC_SHA256_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_SHA256(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
@ -32905,6 +33256,65 @@ static void test_wolfSSL_SHA256(void)
#endif
}
static void test_wolfSSL_SHA512_Transform(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_SHA512_BLOCK_SIZE];
word32 sLen = 0;
unsigned char output1[] =
"\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53"
"\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30"
"\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96"
"\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91";
unsigned char output2[] =
"\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd"
"\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2"
"\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
"\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
WOLFSSL_SHA512_CTX sha512;
printf(testingFmt, "wolfSSL_SHA512_Transform()");
XMEMSET(&sha512, 0, sizeof(sha512));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(wolfSSL_SHA512_Transform(NULL, NULL), 0);
AssertIntEQ(wolfSSL_SHA512_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, NULL), 0);
AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha512Transform((wc_Sha512*)&sha512, NULL), BAD_FUNC_ARG);
/* Init SHA512 CTX */
AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output1,
WC_SHA512_DIGEST_SIZE), 0);
/* Init SHA512 CTX */
AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(wolfSSL_SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output2,
WC_SHA512_DIGEST_SIZE), 0);
(void)input1;
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_X509_get_serialNumber(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
@ -38667,6 +39077,90 @@ static void test_wolfSSL_X509_CRL(void)
return;
}
static void test_wolfSSL_X509_load_crl_file(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
int i;
char pem[][100] = {
"./certs/crl/crl.pem",
"./certs/crl/crl2.pem",
"./certs/crl/caEccCrl.pem",
"./certs/crl/eccCliCRL.pem",
"./certs/crl/eccSrvCRL.pem",
""
};
char der[][100] = {
"./certs/crl/crl.der",
"./certs/crl/crl2.der",
""
};
WOLFSSL_X509_STORE* store;
WOLFSSL_X509_LOOKUP* lookup;
printf(testingFmt, "wolfSSL_X509_laod_crl_file");
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; pem[i][0] != '\0'; i++)
{
AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1);
}
if (store) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
/* once feeing store */
wolfSSL_X509_STORE_free(store);
store = NULL;
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; der[i][0] != '\0'; i++)
{
AssertIntEQ(wolfSSL_X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1);
}
if (store) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
wolfSSL_X509_STORE_free(store);
store = NULL;
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_d2i_X509_REQ(void)
{
#if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
@ -40636,7 +41130,9 @@ void ApiTest(void)
test_wolfSSL_X509_STORE_CTX_get0_store();
test_wolfSSL_X509_STORE();
test_wolfSSL_X509_STORE_load_locations();
test_wolfSSL_X509_load_crl_file();
test_wolfSSL_BN();
test_wolfSSL_CTX_get0_set1_param();
#ifndef NO_BIO
test_wolfSSL_PEM_read_bio();
test_wolfSSL_BIO();
@ -40706,7 +41202,13 @@ void ApiTest(void)
test_wolfSSL_DH_1536_prime();
test_wolfSSL_PEM_write_DHparams();
test_wolfSSL_AES_ecb_encrypt();
test_wolfSSL_MD5();
test_wolfSSL_MD5_Transform();
test_wolfSSL_SHA_Transform();
test_wolfSSL_SHA256();
test_wolfSSL_SHA256_Transform();
test_wolfSSL_SHA224();
test_wolfSSL_SHA512_Transform();
test_wolfSSL_X509_get_serialNumber();
test_wolfSSL_X509_CRL();
test_wolfSSL_d2i_X509_REQ();

15
wolfcrypt/src/md5.c
View File

@ -550,7 +550,20 @@ int wc_Md5Copy(wc_Md5* src, wc_Md5* dst)
return ret;
}
#ifdef OPENSSL_EXTRA
/* Apply MD5 transformation to the data */
/* @param md5 a pointer to wc_MD5 structure */
/* @param data data to be applied MD5 transformation */
/* @return 0 on successful, otherwise non-zero on failure */
int wc_Md5Transform(wc_Md5* md5, const byte* data)
{
/* sanity check */
if (md5 == NULL || data == NULL) {
return BAD_FUNC_ARG;
}
return Transform(md5, data);
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
int wc_Md5SetFlags(wc_Md5* md5, word32 flags)
{

15
wolfcrypt/src/sha.c
View File

@ -773,6 +773,21 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
return ret;
}
#if defined(OPENSSL_EXTRA)
/* Apply SHA1 transformation to the data */
/* @param sha a pointer to wc_Sha structure */
/* @param data data to be applied SHA1 transformation */
/* @return 0 on successful, otherwise non-zero on failure */
int wc_ShaTransform(wc_Sha* sha, const unsigned char* data)
{
/* sanity check */
if (sha == NULL || data == NULL) {
return BAD_FUNC_ARG;
}
return (Transform(sha, data));
}
#endif
#endif /* USE_SHA_SOFTWARE_IMPL */

13
wolfcrypt/src/sha256.c
View File

@ -1295,6 +1295,19 @@ static int InitSha256(wc_Sha256* sha256)
return InitSha256(sha256); /* reset state */
}
#if defined(OPENSSL_EXTRA)
/* Apply SHA256 transformation to the data */
/* @param sha a pointer to wc_Sha256 structure */
/* @param data data to be applied SHA256 transformation */
/* @return 0 on successful, otherwise non-zero on failure */
int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data)
{
if (sha == NULL || data == NULL) {
return BAD_FUNC_ARG;
}
return (Transform_Sha256(sha, data));
}
#endif
#endif /* XTRANSFORM */
#ifdef WOLFSSL_SHA224

51
wolfcrypt/src/sha512.c
View File

@ -916,7 +916,58 @@ void wc_Sha512Free(wc_Sha512* sha512)
wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
#endif /* WOLFSSL_ASYNC_CRYPT */
}
#if defined(OPENSSL_EXTRA)
/* Apply SHA512 transformation to the data */
/* @param sha a pointer to wc_Sha512 structure */
/* @param data data to be applied SHA512 transformation */
/* @return 0 on successful, otherwise non-zero on failure */
int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
{
int ret ;
/* back up buffer */
#if defined(WOLFSSL_SMALL_STACK)
word64* buffer;
buffer = (word64*) XMALLOC(sizeof(word64) * 16, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (buffer == NULL)
return MEMORY_E;
#else
word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)];
#endif
/* sanity check */
if (sha == NULL || data == NULL) {
#if defined(WOLFSSL_SMALL_STACK)
XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BAD_FUNC_ARG;
}
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
Sha512_SetTransform();
#endif
#if defined(LITTLE_ENDIAN_ORDER)
#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
#endif
{
ByteReverseWords64((word64*)data, (word64*)data,
WC_SHA512_BLOCK_SIZE);
}
#endif
XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE);
XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE);
ret = Transform_Sha512(sha);
XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
#if defined(WOLFSSL_SMALL_STACK)
XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif
#endif /* WOLFSSL_SHA512 */
/* -------------------------------------------------------------------------- */

3
wolfssl/error-ssl.h
View File

@ -170,7 +170,8 @@ enum wolfSSL_ErrorCodes {
DTLS_SIZE_ERROR = -439, /* Trying to send too much data */
NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */
APP_DATA_READY = -441, /* DTLS1.2 application data ready for read */
TOO_MUCH_EARLY_DATA = -442, /* Too much Early data */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
/* begin negotiation parameter errors */

2
wolfssl/internal.h
View File

@ -2837,6 +2837,7 @@ struct WOLFSSL_CTX {
byte sessionCtxSz;
byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
CallbackInfoState* CBIS; /* used to get info about SSL state */
WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
#endif
CallbackIORecv CBIORecv;
CallbackIOSend CBIOSend;
@ -4366,6 +4367,7 @@ struct WOLFSSL {
#ifdef WOLFSSL_EARLY_DATA
EarlyDataState earlyData;
word32 earlyDataSz;
byte earlyDataStatus;
#endif
#ifdef OPENSSL_ALL
long verifyCallbackResult;

3
wolfssl/openssl/md5.h
View File

@ -52,13 +52,14 @@ typedef struct WOLFSSL_MD5_CTX {
WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*);
WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long);
WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*);
WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX*, const unsigned char*);
typedef WOLFSSL_MD5_CTX MD5_CTX;
#define MD5_Init wolfSSL_MD5_Init
#define MD5_Update wolfSSL_MD5_Update
#define MD5_Final wolfSSL_MD5_Final
#define MD5_Transform wolfSSL_MD5_Transform
#ifdef OPENSSL_EXTRA_BSD
#define MD5Init wolfSSL_MD5_Init

33
wolfssl/openssl/sha.h
View File

@ -52,12 +52,14 @@ typedef struct WOLFSSL_SHA_CTX {
WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX*,
const unsigned char *data);
/* SHA1 points to above, shouldn't use SHA0 ever */
WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*);
WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX*,
const unsigned char *data);
enum {
SHA_DIGEST_LENGTH = 20
};
@ -68,6 +70,13 @@ typedef WOLFSSL_SHA_CTX SHA_CTX;
#define SHA_Init wolfSSL_SHA_Init
#define SHA_Update wolfSSL_SHA_Update
#define SHA_Final wolfSSL_SHA_Final
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
/* SHA is only available in non-fips mode or fips version > 2 mode
* because of SHA enum in FIPS build. */
#define SHA wolfSSL_SHA1
#endif
#define SHA1_Init wolfSSL_SHA1_Init
#define SHA1_Update wolfSSL_SHA1_Update
@ -99,6 +108,13 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX;
#define SHA224_Init wolfSSL_SHA224_Init
#define SHA224_Update wolfSSL_SHA224_Update
#define SHA224_Final wolfSSL_SHA224_Final
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
/* SHA224 is only available in non-fips mode or fips version > 2 mode
* because of SHA224 enum in FIPS build. */
#define SHA224 wolfSSL_SHA224
#endif
#endif /* WOLFSSL_SHA224 */
@ -113,9 +129,10 @@ typedef struct WOLFSSL_SHA256_CTX {
WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*);
WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*,
unsigned long);
unsigned long);
WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*);
WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX*,
const unsigned char *data);
enum {
SHA256_DIGEST_LENGTH = 32
};
@ -126,6 +143,8 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
#define SHA256_Init wolfSSL_SHA256_Init
#define SHA256_Update wolfSSL_SHA256_Update
#define SHA256_Final wolfSSL_SHA256_Final
#define SHA256_Transform wolfSSL_SHA256_Transform
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
/* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
* build. */
@ -171,9 +190,10 @@ typedef struct WOLFSSL_SHA512_CTX {
WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*);
WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*,
unsigned long);
unsigned long);
WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX*,
const unsigned char*);
enum {
SHA512_DIGEST_LENGTH = 64
};
@ -184,6 +204,7 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX;
#define SHA512_Init wolfSSL_SHA512_Init
#define SHA512_Update wolfSSL_SHA512_Update
#define SHA512_Final wolfSSL_SHA512_Final
#define SHA512_Transform wolfSSL_SHA512_Transform
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
/* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS
* build. */

15
wolfssl/openssl/ssl.h
View File

@ -558,6 +558,12 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME
#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS
#define X509_VP_FLAG_DEFAULT WOLFSSL_VPARAM_DEFAULT
#define X509_VP_FLAG_OVERWRITE WOLFSSL_VPARAM_OVERWRITE
#define X509_VP_FLAG_RESET_FLAGS WOLFSSL_VPARAM_RESET_FLAGS
#define X509_VP_FLAG_LOCKED WOLFSSL_VPARAM_LOCKED
#define X509_VP_FLAG_ONCE WOLFSSL_VPARAM_ONCE
#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb
#define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new
@ -605,6 +611,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_VERIFY_PARAM_set_hostflags wolfSSL_X509_VERIFY_PARAM_set_hostflags
#define X509_VERIFY_PARAM_set1_host wolfSSL_X509_VERIFY_PARAM_set1_host
#define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc
#define X509_VERIFY_PARAM_set1 wolfSSL_X509_VERIFY_PARAM_set1
#define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations
#define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir
@ -622,6 +629,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate
#define X509_CRL_verify wolfSSL_X509_CRL_verify
#define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED
#define X509_load_crl_file wolfSSL_X509_load_crl_file
#define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
#define X509_REQ_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY
@ -1312,6 +1320,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_set_srp_strength wolfSSL_CTX_set_srp_strength
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
#define SSL_get0_param wolfSSL_get0_param
#define SSL_CTX_get0_param wolfSSL_CTX_get0_param
#define SSL_CTX_set1_param wolfSSL_CTX_set1_param
#define SSL_get_srp_username wolfSSL_get_srp_username
#define ERR_NUM_ERRORS 16
@ -1323,6 +1333,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_get_rbio wolfSSL_SSL_get_rbio
#define SSL_get_wbio wolfSSL_SSL_get_wbio
#define SSL_do_handshake wolfSSL_SSL_do_handshake
#if defined(WOLFSSL_EARLY_DATA)
#define SSL_get_early_data_status wolfSSL_get_early_data_status
#endif
#endif /* OPENSSL_EXTRA */
/* cipher suites for compatibility */

23
wolfssl/ssl.h
View File

@ -563,8 +563,16 @@ struct WOLFSSL_X509_STORE {
#define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000
#define WOLFSSL_HOST_NAME_MAX 256
#define WOLFSSL_VPARAM_DEFAULT 0x1
#define WOLFSSL_VPARAM_OVERWRITE 0x2
#define WOLFSSL_VPARAM_RESET_FLAGS 0x4
#define WOLFSSL_VPARAM_LOCKED 0x8
#define WOLFSSL_VPARAM_ONCE 0x10
struct WOLFSSL_X509_VERIFY_PARAM {
time_t check_time;
unsigned int inherit_flags;
unsigned long flags;
char hostName[WOLFSSL_HOST_NAME_MAX];
unsigned int hostFlags;
@ -877,7 +885,9 @@ WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX*);
#endif
WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_CTX_get0_param(WOLFSSL_CTX* ctx);
WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_set1_param(WOLFSSL_CTX* ctx, WOLFSSL_X509_VERIFY_PARAM *vpm);
WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
@ -937,6 +947,11 @@ WOLFSSL_API int wolfSSL_connect_TLSv13(WOLFSSL*);
WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*);
#ifdef WOLFSSL_EARLY_DATA
#define WOLFSSL_EARLY_DATA_NOT_SENT 0
#define WOLFSSL_EARLY_DATA_REJECTED 1
#define WOLFSSL_EARLY_DATA_ACCEPTED 2
WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
unsigned int sz);
WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
@ -944,6 +959,7 @@ WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data,
int sz, int* outSz);
WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
int* outSz);
WOLFSSL_API int wolfSSL_get_early_data_status(const WOLFSSL* ssl);
#endif /* WOLFSSL_EARLY_DATA */
#endif /* WOLFSSL_TLS13 */
WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
@ -1544,6 +1560,10 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* p
unsigned int nameSz);
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(
WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc);
WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to,
const WOLFSSL_X509_VERIFY_PARAM* from);
WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
const char *file, int type);
#endif
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
@ -2254,6 +2274,8 @@ WOLFSSL_API WOLFSSL_X509*
WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
const unsigned char *in, int len);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
WOLFSSL_X509_CRL **crl);
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
#endif
@ -3617,6 +3639,7 @@ WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA224(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md);

26
wolfssl/test.h
View File

@ -4088,4 +4088,30 @@ static WC_INLINE word16 GetRandomPort(void)
return port;
}
#ifdef WOLFSSL_EARLY_DATA
static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl)
{
int earlyData_status;
earlyData_status = wolfSSL_get_early_data_status(ssl);
if (earlyData_status < 0) return;
printf("Early Data was ");
switch(earlyData_status) {
case WOLFSSL_EARLY_DATA_NOT_SENT:
printf("not sent.\n");
break;
case WOLFSSL_EARLY_DATA_REJECTED:
printf("rejected.\n");
break;
case WOLFSSL_EARLY_DATA_ACCEPTED:
printf("accepted\n");
break;
default:
printf("unknown...\n");
}
}
#endif /* WOLFSSL_EARLY_DATA */
#endif /* wolfSSL_TEST_H */

8
wolfssl/wolfcrypt/md5.h
View File

@ -42,9 +42,12 @@
extern "C" {
#endif
#if !defined(NO_OLD_MD5_NAME)
#define MD5 WC_MD5
#endif
#ifndef NO_OLD_WC_NAMES
#define Md5 wc_Md5
#define MD5 WC_MD5
#define MD5_BLOCK_SIZE WC_MD5_BLOCK_SIZE
#define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE
#define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE
@ -109,6 +112,9 @@ WOLFSSL_API int wc_InitMd5_ex(wc_Md5*, void*, int);
WOLFSSL_API int wc_Md5Update(wc_Md5*, const byte*, word32);
WOLFSSL_API int wc_Md5Final(wc_Md5*, byte*);
WOLFSSL_API void wc_Md5Free(wc_Md5*);
#ifdef OPENSSL_EXTRA
WOLFSSL_API int wc_Md5Transform(wc_Md5*, const byte*);
#endif
WOLFSSL_API int wc_Md5GetHash(wc_Md5*, byte*);
WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*);

7
wolfssl/wolfcrypt/settings.h
View File

@ -2274,9 +2274,14 @@ extern void uITRON4_free(void *p) ;
#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)
/* added to have compatibility with SHA256() */
#if !defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)
#if !defined(NO_OLD_SHA_NAMES) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
#define NO_OLD_SHA_NAMES
#endif
#if !defined(NO_OLD_MD5_NAME) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
#define NO_OLD_MD5_NAME
#endif
#endif
/* switch for compatibility layer functionality. Has subparts i.e. BIO/X509

3
wolfssl/wolfcrypt/sha.h
View File

@ -169,6 +169,9 @@ WOLFSSL_API void wc_ShaFree(wc_Sha*);
WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*);
WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*);
#if defined(OPENSSL_EXTRA)
WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*);
#endif
#ifdef WOLFSSL_PIC32MZ_HASH
WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len);

9
wolfssl/wolfcrypt/sha256.h
View File

@ -198,7 +198,9 @@ WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32);
WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*);
WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*);
WOLFSSL_API void wc_Sha256Free(wc_Sha256*);
#if defined(OPENSSL_EXTRA)
WOLFSSL_API int wc_Sha256Transform(wc_Sha256*, const byte*);
#endif
WOLFSSL_API int wc_Sha256GetHash(wc_Sha256*, byte*);
WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
@ -216,9 +218,12 @@ WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32);
#if !defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#if !defined(NO_OLD_SHA_NAMES)
#define SHA224 WC_SHA224
#endif
#ifndef NO_OLD_WC_NAMES
#define Sha224 wc_Sha224
#define SHA224 WC_SHA224
#define SHA224_BLOCK_SIZE WC_SHA224_BLOCK_SIZE
#define SHA224_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
#define SHA224_PAD_SIZE WC_SHA224_PAD_SIZE

3
wolfssl/wolfcrypt/sha512.h
View File

@ -180,6 +180,9 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst);
WOLFSSL_API int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags);
#endif
#if defined(OPENSSL_EXTRA)
WOLFSSL_API int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data);
#endif
#endif /* WOLFSSL_SHA512 */
#if defined(WOLFSSL_SHA384)