feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add more compatiblity functions

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-11-10 19:34:27 -07:00
parent 6520a77fac
commit f2f52c3ec9
6 changed files with 171 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
examples/server/server.c
View File

@@ -1022,6 +1022,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
}
showPeer(ssl);
if (SSL_state(ssl) != 0) {
err_sys("SSL in error state");
}
#ifdef HAVE_ALPN
if (alpnList != NULL) {

4
src/internal.c
View File

@@ -1402,6 +1402,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
WOLFSSL_MSG("Bad Cert Manager New");
return BAD_CERT_MANAGER_ERROR;
}
#ifdef OPENSSL_EXTRA
/* setup WOLFSSL_X509_STORE */
ctx->x509_store.cm = ctx->cm;
#endif
#endif
#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)

137
src/ssl.c
View File

@@ -1948,6 +1948,17 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
}
/* get current error state value */
int wolfSSL_state(WOLFSSL* ssl)
{
if (ssl == NULL) {
return BAD_FUNC_ARG;
}
return ssl->error;
}
int wolfSSL_get_error(WOLFSSL* ssl, int ret)
{
WOLFSSL_ENTER("SSL_get_error");
@@ -2148,7 +2159,6 @@ const byte* wolfSSL_GetServerWriteIV(WOLFSSL* ssl)
return NULL;
}
int wolfSSL_GetKeySize(WOLFSSL* ssl)
{
if (ssl)
@@ -5793,6 +5803,47 @@ int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format)
return wolfSSL_use_PrivateKey_file(ssl, file, format);
}
/* Copies the master secret over to out buffer. If outSz is 0 returns the size
* of master secret.
*
* ses : a session from completed TLS/SSL handshake
* out : buffer to hold copy of master secret
* outSz : size of out buffer
* returns : number of bytes copied into out buffer on success
* less then or equal to 0 is considered a failure case
*/
int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
unsigned char* out, int outSz)
{
int size;
if (outSz == 0) {
return SECRET_LEN;
}
if (ses == NULL || out == NULL || outSz < 0) {
return 0;
}
if (outSz > SECRET_LEN) {
size = SECRET_LEN;
}
else {
size = outSz;
}
XMEMCPY(out, ses->masterSecret, size);
return size;
}
int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)
{
(void)ses;
return SECRET_LEN;
}
#endif /* OPENSSL_EXTRA */
#ifdef HAVE_NTRU
@@ -9222,6 +9273,30 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx)
{
if (ctx == NULL) {
return NULL;
}
return &(ctx->x509_store);
}
void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str)
{
if (ctx == NULL || str == NULL) {
return;
}
/* free cert manager if have one */
if (ctx->cm != NULL) {
wolfSSL_CertManagerFree(ctx->cm);
}
ctx->cm = str->cm;
ctx->x509_store.cache = str->cache;
}
WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
WOLFSSL_X509_STORE_CTX* ctx)
@@ -12477,6 +12552,39 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
#ifndef NO_CERTS
WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
{
WOLFSSL_X509* localX509 = NULL;
const unsigned char* mem = NULL;
int ret;
word32 size;
WOLFSSL_ENTER("wolfSSL_d2i_X509_bio");
if (bio == NULL) {
WOLFSSL_MSG("Bad Function Argument bio is NULL");
return NULL;
}
ret = wolfSSL_BIO_get_mem_data(bio, &mem);
if (mem == NULL || ret <= 0) {
WOLFSSL_MSG("Failed to get data from bio struct");
return NULL;
}
size = ret;
localX509 = wolfSSL_X509_d2i(NULL, mem, size);
if (localX509 == NULL) {
return NULL;
}
if (x509 != NULL) {
*x509 = localX509;
}
return localX509;
}
#if !defined(NO_ASN) && !defined(NO_PWDBASED)
WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
@@ -12792,6 +12900,18 @@ void wolfSSL_PKCS12_PBE_add(void)
WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add");
}
WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
{
if (ctx == NULL) {
return NULL;
}
return ctx->chain;
}
int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
{
int result = SSL_FATAL_ERROR;
@@ -12849,6 +12969,18 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
}
int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
{
WOLFSSL_STUB("wolfSSL_X509_STORE_set_flags");
(void)store;
(void)flag;
return 1;
}
int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
{
(void)store;
@@ -12887,6 +13019,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
if (ctx != NULL) {
ctx->store = store;
ctx->current_cert = x509;
ctx->chain = sk;
ctx->domain = NULL;
ctx->ex_data = NULL;
ctx->userCtx = NULL;
@@ -12906,6 +13039,8 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL_X509_STORE_free(ctx->store);
if (ctx->current_cert != NULL)
wolfSSL_FreeX509(ctx->current_cert);
if (ctx->chain != NULL)
wolfSSL_sk_X509_free(ctx->chain);
XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
}
}

1
wolfssl/internal.h
View File

@@ -2001,6 +2001,7 @@ struct WOLFSSL_CTX {
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
pem_password_cb passwd_cb;
void* userdata;
WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
#endif /* OPENSSL_EXTRA */
#ifdef HAVE_STUNNEL
void* ex_data[MAX_EX_DATA];

13
wolfssl/openssl/ssl.h
View File

@@ -21,7 +21,7 @@
/* ssl.h defines wolfssl_openssl compatibility layer
/* ssl.h defines wolfssl_openssl compatibility layer
*
*/
@@ -134,7 +134,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations
#define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file
#define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file
#define SSL_use_certificate_file wolfSSL_use_certificate_file
#define SSL_use_PrivateKey_file wolfSSL_use_PrivateKey_file
#define SSL_use_certificate_chain_file wolfSSL_use_certificate_chain_file
@@ -147,6 +147,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_get_fd wolfSSL_get_fd
#define SSL_connect wolfSSL_connect
#define SSL_clear wolfSSL_clear
#define SSL_state wolfSSL_state
#define SSL_write wolfSSL_write
#define SSL_read wolfSSL_read
@@ -201,6 +202,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_get_keyblock_size wolfSSL_get_keyblock_size
#define SSL_get_keys wolfSSL_get_keys
#define SSL_SESSION_get_master_key wolfSSL_SESSION_get_master_key
#define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
#define X509_free wolfSSL_X509_free
#define OPENSSL_free wolfSSL_OPENSSL_free
@@ -271,6 +274,9 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
# define CRYPTO_WRITE 8
#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert
#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags
#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain
#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error
#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth
@@ -316,6 +322,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_load_client_CA_file wolfSSL_load_client_CA_file
#define SSL_CTX_set_client_CA_list wolfSSL_CTX_set_client_CA_list
#define SSL_CTX_set_cert_store wolfSSL_CTX_set_cert_store
#define SSL_CTX_get_cert_store wolfSSL_CTX_get_cert_store
#define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data
#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
#define SSL_get_ex_data wolfSSL_get_ex_data
@@ -405,6 +413,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define sk_value wolfSSL_sk_value
#define sk_X509_pop wolfSSL_sk_X509_pop
#define sk_X509_free wolfSSL_sk_X509_free
#define d2i_X509_bio wolfSSL_d2i_X509_bio
#define SSL_CTX_get_ex_data wolfSSL_CTX_get_ex_data
#define SSL_CTX_set_ex_data wolfSSL_CTX_set_ex_data

17
wolfssl/ssl.h
View File

@@ -174,6 +174,7 @@ typedef struct WOLFSSL_BUFFER_INFO {
typedef struct WOLFSSL_X509_STORE_CTX {
WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
WOLFSSL_X509* current_cert; /* stunnel dereference */
WOLFSSL_STACK* chain;
char* domain; /* subject CN domain name */
void* ex_data; /* external data, for fortress build */
void* userCtx; /* user ctx */
@@ -599,6 +600,10 @@ WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void);
WOLFSSL_API void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*);
WOLFSSL_API int wolfSSL_X509_STORE_add_cert(
WOLFSSL_X509_STORE*, WOLFSSL_X509*);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
WOLFSSL_X509_STORE_CTX* ctx);
WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
unsigned long flag);
WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*,
int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*);
@@ -924,6 +929,7 @@ WOLFSSL_API void wolfSSL_ERR_free_strings(void);
WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
WOLFSSL_API void wolfSSL_EVP_cleanup(void);
WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_state(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void);
WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode);
@@ -1799,7 +1805,8 @@ WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
then will not send keys in the hello extension */
WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag);
#endif
#endif
#endif /* QSH */
/* TLS Extended Master Secret Extension */
WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl);
@@ -1871,6 +1878,14 @@ WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* time,
#endif /* WOLFSSL_MYSQL_COMPATIBLE */
#ifdef OPENSSL_EXTRA
WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
unsigned char* out, int outSz);
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
WOLFSSL_API int wolfSSL_get_client_random(WOLFSSL* ssl, unsigned char* out,
int outSz);