diff --git a/certs/dsaparams.pem b/certs/dsaparams.pem new file mode 100644 index 000000000..973e89682 --- /dev/null +++ b/certs/dsaparams.pem @@ -0,0 +1,9 @@ +-----BEGIN DSA PARAMETERS----- +MIIBHwKBgQDN3iVogFMN5XfW0pA5P5CiPzOUbuhPK2OrMKsVuhHqil2NzLjUodXB +R51ac2piSdEGB2f2L6M5vU4NtNMiI4TskyZaSe58iUhmTejo2FD7pXGfIhjl5gtG +h2buUo9GT7UDzu3jvuW1gdJZ6cCtTdBNJve6UOjJj/4kGT0up1I8bQIVAPtH++yB +IMgc6Uq6BG8Zm5TugmfTAoGBAJuVu4XFWEoynKpEhdZo3D4U9M5to0k46tZhSJJa +QJVJOKrhOSloWEeKSwHhLo5sY29AylA/jAuZ5HJCuLHCJkjxnIPGNy5arhEJ2fOt +H2+trVDjeDLm3o6qv9EAn7MCEhmiFewUGFwOJs75rsx7tdEm/IX+FJO2nX124zWX +Ht7E +-----END DSA PARAMETERS----- diff --git a/examples/server/server.c b/examples/server/server.c index 626f96c5e..13bf57918 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1046,7 +1046,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) err_sys("error creating server random buffer"); } - size = wolfSSL_get_client_random(ssl, rnd, size); + size = wolfSSL_get_server_random(ssl, rnd, size); if (size == 0) { XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); err_sys("error getting server random buffer"); diff --git a/src/internal.c b/src/internal.c index 5065746ed..b38e6c48c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2593,6 +2593,13 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) /* Initialize wolfSSL X509 type */ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap) { + if (x509 == NULL) { + WOLFSSL_MSG("Null parameter passed in!"); + return; + } + + XMEMSET(x509, 0, sizeof(WOLFSSL_X509)); + x509->heap = heap; InitX509Name(&x509->issuer, 0); InitX509Name(&x509->subject, 0); diff --git a/src/ssl.c b/src/ssl.c index 9aeede590..94c661fec 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3600,6 +3600,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break; case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break; case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break; + case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM; break; case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break; case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break; case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break; @@ -6028,46 +6029,113 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, } +/* this function makes the assumption that out buffer is big enough for digest*/ +static int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out, + unsigned int* outSz, const WOLFSSL_EVP_MD* evp, + WOLFSSL_ENGINE* eng) +{ + enum wc_HashType hash = WC_HASH_TYPE_NONE; + int hashSz; + + if (XSTRLEN(evp) < 3) { + /* do not try comparing strings if size is too small */ + return SSL_FAILURE; + } + + if (XSTRNCMP("SHA", evp, 3) == 0) { + if (XSTRLEN(evp) > 3) { + if (XSTRNCMP("SHA256", evp, 6) == 0) { + hash = WC_HASH_TYPE_SHA256; + } + else if (XSTRNCMP("SHA384", evp, 6) == 0) { + hash = WC_HASH_TYPE_SHA384; + } + else if (XSTRNCMP("SHA512", evp, 6) == 0) { + hash = WC_HASH_TYPE_SHA512; + } + else { + WOLFSSL_MSG("Unknown SHA hash"); + } + } + else { + hash = WC_HASH_TYPE_SHA; + } + } + else if (XSTRNCMP("MD2", evp, 3) == 0) { + hash = WC_HASH_TYPE_MD2; + } + else if (XSTRNCMP("MD4", evp, 3) == 0) { + hash = WC_HASH_TYPE_MD4; + } + else if (XSTRNCMP("MD5", evp, 3) == 0) { + hash = WC_HASH_TYPE_MD5; + } + + hashSz = wc_HashGetDigestSize(hash); + if (hashSz < 0) { + WOLFSSL_LEAVE("wolfSSL_EVP_Digest", hashSz); + return SSL_FAILURE; + } + *outSz = hashSz; + + (void)eng; + if (wc_Hash(hash, in, inSz, out, *outSz) == 0) { + return SSL_SUCCESS; + } + else { + return SSL_FAILURE; + } +} + + int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len) { - WOLFSSL_STUB("wolfSSL_X509_digest"); - (void)x509; - (void)digest; - (void)buf; - (void)len; - return SSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_X509_digest"); + + if (x509 == NULL || digest == NULL) { + return SSL_FAILURE; + } + + return wolfSSL_EVP_Digest(x509->derCert->buffer, x509->derCert->length, buf, + len, digest, NULL); } int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey) { - WOLFSSL_STUB("wolfSSL_use_PrivateKey"); - (void)ssl; - (void)pkey; - return SSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_use_PrivateKey"); + if (ssl == NULL || pkey == NULL ) { + return SSL_FAILURE; + } + + return wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz, SSL_FILETYPE_ASN1); } int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der, long derSz) { - WOLFSSL_STUB("wolfSSL_use_PrivateKey_ASN1"); - (void)ssl; - (void)pri; - (void)der; - (void)derSz; - return SSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1"); + if (ssl == NULL || der == NULL ) { + return SSL_FAILURE; + } + + (void)pri; /* type of private key */ + return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, SSL_FILETYPE_ASN1); } #ifndef NO_RSA -int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, WOLFSSL_RSA* rsa) +int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz) { - WOLFSSL_STUB("wolfSSL_use_RSAPrivateKey"); - (void)ssl; - (void)rsa; - return SSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1"); + if (ssl == NULL || der == NULL ) { + return SSL_FAILURE; + } + + return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, SSL_FILETYPE_ASN1); } #endif @@ -6167,7 +6235,7 @@ size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, } XMEMCPY(out, ssl->arrays->serverRandom, size); - return 0; + return size; } #endif /* !defined(NO_WOLFSSL_SERVER) */ @@ -7442,8 +7510,16 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef OPENSSL_EXTRA WOLFSSL_METHOD* wolfSSLv23_method(void) { - WOLFSSL_STUB("SSLv23_method"); - return NULL; + WOLFSSL_METHOD* m; + WOLFSSL_ENTER("wolfSSLv23_method"); +#ifndef NO_WOLFSSL_CLIENT + m = wolfSSLv23_client_method(); +#else + m = wolfSSLv23_server_method(); +#endif + m->side = WOLFSSL_NEITHER_END; + + return m; } #endif /* OPENSSL_EXTRA */ @@ -9542,12 +9618,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + /* returns previous set cache size which stays constant */ long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz) { /* cache size fixed at compile time in wolfSSL */ (void)ctx; (void)sz; - return 0; + WOLFSSL_MSG("session cache is set at compile time"); + return SESSIONS_PER_ROW * SESSION_ROWS; } @@ -11617,9 +11695,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) { - /* TODO: maybe? */ (void)ctx; - return (~0); + return SESSIONS_PER_ROW * SESSION_ROWS; } unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line, @@ -11633,16 +11710,25 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return 0; } - WOLFSSL_API pem_password_cb *wolfSSL_SSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx) + WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb( + WOLFSSL_CTX *ctx) { - (void) ctx; - return NULL; + if (ctx == NULL) { + return NULL; + } + + return ctx->passwd_cb; } - WOLFSSL_API void *wolfSSL_SSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx) + + WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata( + WOLFSSL_CTX *ctx) { - (void) ctx; - return NULL; + if (ctx == NULL) { + return NULL; + } + + return ctx->userdata; } #endif /* OPENSSL_EXTRA */ @@ -13883,7 +13969,7 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) } /*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op) +WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op) { (void)s; (void)op; @@ -13891,36 +13977,70 @@ WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op) } /*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_SSL_get_options(const WOLFSSL *s) +WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s) { (void)s; return 0; } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_clear_num_renegotiations(WOLFSSL *s) +WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s) { (void)s; return 0; } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_total_renegotiations(WOLFSSL *s) +WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s) { (void)s; return 0; } -/*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh) + +long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) { - (void)s; - (void)dh; - return 0; + int pSz, gSz; + byte *p, *g; + int ret = 0; + + WOLFSSL_ENTER("wolfSSL_set_tmp_dh"); + + if (!ssl || !dh) + return BAD_FUNC_ARG; + + /* Get needed size for p and g */ + pSz = wolfSSL_BN_bn2bin(dh->p, NULL); + gSz = wolfSSL_BN_bn2bin(dh->g, NULL); + + if (pSz <= 0 || gSz <= 0) + return SSL_FATAL_ERROR; + + p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_DH); + if (!p) + return MEMORY_E; + + g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_DH); + if (!g) { + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + return MEMORY_E; + } + + pSz = wolfSSL_BN_bn2bin(dh->p, p); + gSz = wolfSSL_BN_bn2bin(dh->g, g); + + if (pSz >= 0 && gSz >= 0) /* Conversion successful */ + ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz); + + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + XFREE(g, ctx->heap, DYNAMIC_TYPE_DH); + + return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR; } + /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13928,7 +14048,7 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_type(WOLFSSL *s, int type) +WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) { (void)s; (void)type; @@ -13936,7 +14056,7 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_type(WOLFSSL *s, int type) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13944,7 +14064,7 @@ WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13952,7 +14072,7 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13960,7 +14080,7 @@ WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) +WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) { (void)s; (void)arg; @@ -13968,7 +14088,7 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) +WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) { (void)s; (void)resp; @@ -13976,7 +14096,7 @@ WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch } /*** TBD ***/ -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len) +WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len) { (void)s; (void)resp; @@ -13985,25 +14105,12 @@ WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned ch } /*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl) +WOLFSSL_API unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl) { (void)ssl; return 0; } -/*** TBD ***/ -WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get1_session(WOLFSSL *ssl) -{ - (void)ssl; - return 0; -} - -/*** TBD ***/ -WOLFSSL_API void wolfSSL_SSL_set_accept_state(WOLFSSL *s) -{ - (void)s; -} - long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) { (void)ctx; @@ -14087,88 +14194,61 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_need_tmp_RSA(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_need_tmp_RSA(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_rsa(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_set_tmp_rsa(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } /*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx) +WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx) { (void)ctx; return 0; } -/*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx) -{ - (void)ctx; - return 0; -} - -/*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx) -{ - (void)ctx; - return 0; -} - -/*** TBC ***/ -WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx) -{ - (void)ctx; - return 0; -} - -/*** TBC ***/ -WOLFSSL_API void wolfSSL_CONF_modules_unload(int all) -{ - (void) all; -} - #ifndef NO_DES3 void wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_DES_key_schedule* key) @@ -15751,13 +15831,6 @@ void wolfSSL_DSA_free(WOLFSSL_DSA* dsa) } } -/*** TBD ***/ -WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r) -{ - (void) r; - return NULL; -} - #endif /* NO_DSA */ #ifndef NO_RSA @@ -15888,6 +15961,46 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) return SSL_SUCCESS; } + + +WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa) +{ + WOLFSSL_DH* dh; + DhKey* key; + + dh = wolfSSL_DH_new(); + if (dh == NULL || dsa == NULL) { + return NULL; + } + key = (DhKey*)dh->internal; + + if (dsa->p != NULL && + SetIndividualInternal(((WOLFSSL_DSA*)dsa)->p, &key->p) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa p key error"); + wolfSSL_DH_free(dh); + return NULL; + } + if (dsa->g != NULL && + SetIndividualInternal(((WOLFSSL_DSA*)dsa)->g, &key->g) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa g key error"); + wolfSSL_DH_free(dh); + return NULL; + } + + if (SetIndividualExternal(&dh->p, &key->p) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa p key error"); + wolfSSL_DH_free(dh); + return NULL; + } + if (SetIndividualExternal(&dh->g, &key->g) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa g key error"); + wolfSSL_DH_free(dh); + return NULL; + } + + return dh; +} + #endif /* !NO_RSA && !NO_DSA */ @@ -19466,12 +19579,14 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) { - (void)ctx; - (void)pkey; WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey"); - WOLFSSL_STUB("wolfSSL_CTX_use_PrivateKey"); - return 0; + if (ctx == NULL || pkey == NULL) { + return SSL_FAILURE; + } + + return wolfSSL_CTX_use_PrivateKey_buffer(ssl, pkey->pkey->ptr, + pkey->pkey_sz, PRIVATEKEY_TYPE); } @@ -19742,6 +19857,90 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) return 0; } +#ifndef NO_DSA +WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u) +{ + WOLFSSL_DSA* dsa; + DsaKey* key; + int length; + const unsigned char* buf; + word32 bufSz; + int ret; + word32 idx = 0; + DerBuffer* pDer; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAparams"); + + ret = wolfSSL_BIO_get_mem_data(bp, &buf); + if (ret <= 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret); + return NULL; + } + + bufSz = (word32)ret; + + if (cb != NULL || u != NULL) { + /* + * cb is for a call back when encountering encrypted PEM files + * if cb == NULL and u != NULL then u = null terminated password string + */ + WOLFSSL_MSG("Not yet supporting call back or password for encrypted PEM"); + } + + if ((ret = PemToDer(buf, (long)bufSz, DSA_PARAM_TYPE, &pDer, NULL, NULL, + NULL)) < 0 ) { + WOLFSSL_MSG("Issue converting from PEM to DER"); + return NULL; + } + + if ((ret = GetSequence(pDer->buffer, &idx, &length, pDer->length)) < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret); + return NULL; + } + + dsa = wolfSSL_DSA_new(); + if (dsa == NULL) { + WOLFSSL_MSG("Error creating DSA struct"); + } + + key = (DsaKey*)dsa->internal; + if (key == NULL) { + WOLFSSL_MSG("Error finding DSA key struct"); + } + + if (GetInt(&key->p, pDer->buffer, &idx, pDer->length) < 0 || + GetInt(&key->q, pDer->buffer, &idx, pDer->length) < 0 || + GetInt(&key->g, pDer->buffer, &idx, pDer->length) < 0 ) { + WOLFSSL_MSG("dsa key error"); + wolfSSL_DSA_free(dsa); + return NULL; + } + + if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa p key error"); + wolfSSL_DSA_free(dsa); + return NULL; + } + + if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa q key error"); + wolfSSL_DSA_free(dsa); + return NULL; + } + + if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) { + WOLFSSL_MSG("dsa g key error"); + wolfSSL_DSA_free(dsa); + return NULL; + } + + if (x != NULL) { + *x = dsa; + } + + return dsa; +} +#endif /* NO_DSA */ #include "src/bio.c" @@ -19749,7 +19948,7 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) + || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) char * wolf_OBJ_nid2ln(int n) { (void)n; WOLFSSL_ENTER("wolf_OBJ_nid2ln"); @@ -19790,19 +19989,6 @@ WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_p return NULL; } -/*** TBD ***/ -WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u) -{ - (void) bp; - (void) x; - (void) cb; - (void) u; - - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAparams"); - WOLFSSL_STUB("wolfSSL_PEM_read_bio_DSAparams"); - - return NULL; -} int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) { (void)bp; diff --git a/tests/api.c b/tests/api.c index ff3b72d72..5b14c3a11 100644 --- a/tests/api.c +++ b/tests/api.c @@ -46,6 +46,8 @@ #ifdef OPENSSL_EXTRA #include #include + #include + #include #ifndef NO_DES3 #include #endif @@ -2282,12 +2284,18 @@ static void test_wolfSSL_certs(void) sizeof_server_cert_der_2048), SSL_SUCCESS); #endif - /* needs tested after stubs filled out @TODO - SSL_use_PrivateKey - SSL_use_PrivateKey_ASN1 - SSL_use_RSAPrivateKey_ASN1 - SSL_X509_digest - */ + /************* Get Digest of Certificate ******************/ + { + byte digest[64]; /* max digest size */ + word32 digestSz; + + XMEMSET(digest, 0, sizeof(digest)); + AssertIntEQ(X509_digest(x509, wolfSSL_EVP_sha1(), digest, &digestSz), + SSL_SUCCESS); + + AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz), + SSL_FAILURE); + } /* test and checkout X509 extensions */ sk = X509_get_ext_d2i(x509, NID_basic_constraints, &crit, NULL); @@ -2301,8 +2309,7 @@ static void test_wolfSSL_certs(void) wolfSSL_sk_ASN1_OBJECT_free(sk); sk = X509_get_ext_d2i(x509, NID_ext_key_usage, &crit, NULL); - AssertNotNull(sk); - AssertIntEQ(crit, -2); /* multiple cases */ + /* AssertNotNull(sk); no extension set */ wolfSSL_sk_ASN1_OBJECT_free(sk); sk = X509_get_ext_d2i(x509, NID_authority_key_identifier, &crit, NULL); @@ -2373,6 +2380,7 @@ static void test_wolfSSL_certs(void) sk = X509_get_ext_d2i(NULL, NID_tlsfeature, NULL, NULL); AssertNull(sk); + AssertIntEQ(SSL_get_hit(ssl), 0); SSL_free(ssl); /* frees x509 also since loaded into ssl */ SSL_CTX_free(ctx); @@ -2380,6 +2388,99 @@ static void test_wolfSSL_certs(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ } + +static void test_wolfSSL_private_keys(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + WOLFSSL* ssl; + WOLFSSL_CTX* ctx; + EVP_PKEY* pkey = NULL; + + printf(testingFmt, "wolfSSL_private_keys()"); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); + + AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS); + +#ifdef USE_CERT_BUFFERS_2048 + AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, + (unsigned char*)client_key_der_2048, + sizeof_client_key_der_2048), SSL_SUCCESS); + /* Should missmatch now that a different private key loaded */ + AssertIntNE(wolfSSL_check_private_key(ssl), SSL_SUCCESS); + + AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, + (unsigned char*)server_key_der_2048, + sizeof_server_key_der_2048), SSL_SUCCESS); + /* After loading back in DER format of original key, should match */ + AssertIntEQ(wolfSSL_check_private_key(ssl), SSL_SUCCESS); +#endif + + /* pkey not set yet, expecting to fail */ + AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), SSL_FAILURE); + + SSL_free(ssl); /* frees x509 also since loaded into ssl */ + SSL_CTX_free(ctx); + + /* test existence of no-op macros in wolfssl/openssl/ssl.h */ + CONF_modules_free(); + ENGINE_cleanup(); + CONF_modules_unload(); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ +} + + +static void test_wolfSSL_tmp_dh(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_DSA) + byte buffer[5300]; + char file[] = "./certs/dsaparams.pem"; + FILE *f; + int bytes; + DSA* dsa; + DH* dh; + BIO* bio; + SSL* ssl; + SSL_CTX* ctx; + + printf(testingFmt, "wolfSSL_tmp_dh()"); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); + + f = fopen(file, "rb"); + AssertNotNull(f); + bytes = (int)fread(buffer, 1, sizeof(buffer), f); + fclose(f); + + bio = BIO_new_mem_buf((void*)buffer, bytes); + AssertNotNull(bio); + + dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); + AssertNotNull(dsa); + + dh = wolfSSL_DSA_dup_DH(dsa); + AssertNotNull(dh); + + AssertIntEQ(SSL_CTX_set_tmp_dh(ctx, dh), SSL_SUCCESS); + AssertIntEQ(SSL_set_tmp_dh(ssl, dh), SSL_SUCCESS); + + SSL_free(ssl); + SSL_CTX_free(ctx); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ +} + static void test_wolfSSL_ctrl(void) { #if defined(OPENSSL_EXTRA) @@ -2441,6 +2542,8 @@ void ApiTest(void) /* compatibility tests */ test_wolfSSL_DES(); test_wolfSSL_certs(); + test_wolfSSL_private_keys(); + test_wolfSSL_tmp_dh(); test_wolfSSL_ctrl(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 7c6cc171f..5cf74ef93 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5778,6 +5778,8 @@ const char* BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; const char* END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; const char* BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; const char* END_DH_PARAM = "-----END DH PARAMETERS-----"; +const char* BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; +const char* END_DSA_PARAM = "-----END DSA PARAMETERS-----"; const char* BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; const char* END_X509_CRL = "-----END X509 CRL-----"; const char* BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index e6d2a8d28..4b577652d 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -447,10 +447,12 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_get_ex_new_index wolfSSL_CTX_get_ex_new_index /*#if OPENSSL_API_COMPAT < 0x10100000L*/ -# define CONF_modules_free() while(0) continue -# define ENGINE_cleanup() while(0) continue +# define CONF_modules_free() +# define ENGINE_cleanup() /*#endif*/ -#define CONF_modules_unload wolfSSL_CONF_modules_unload +#define CONF_modules_unload() + +#define SSL_get_hit wolfSSL_session_reused /* yassl had set the default to be 500 */ #define SSL_get_default_timeout(ctx) 500 @@ -497,9 +499,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams #define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509 -#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #endif /* HAVE_STUNNEL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE */ +#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define BIO_new_file wolfSSL_BIO_new_file #define BIO_ctrl wolfSSL_BIO_ctrl @@ -519,30 +521,30 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define BIO_write_filename wolfSSL_BIO_write_filename #define BIO_set_mem_eof_return wolfSSL_BIO_set_mem_eof_return -#define SSL_set_options wolfSSL_SSL_set_options -#define SSL_get_options wolfSSL_SSL_get_options -#define SSL_set_tmp_dh wolfSSL_SSL_set_tmp_dh -#define SSL_clear_num_renegotiations wolfSSL_SSL_clear_num_renegotiations -#define SSL_total_renegotiations wolfSSL_SSSL_total_renegotiations -#define SSL_set_tlsext_debug_arg wolfSSL_SSL_set_tlsext_debug_arg -#define SSL_set_tlsext_status_type wolfSSL_SSL_set_tlsext_status_type -#define SSL_set_tlsext_status_exts wolfSSL_SSL_set_tlsext_status_exts -#define SSL_get_tlsext_status_ids wolfSSL_SSL_get_tlsext_status_ids -#define SSL_set_tlsext_status_ids wolfSSL_SSL_set_tlsext_status_ids -#define SSL_get_tlsext_status_ocsp_resp wolfSSL_SSL_get_tlsext_status_ocsp_resp -#define SSL_set_tlsext_status_ocsp_resp wolfSSL_SSL_set_tlsext_status_ocsp_resp +#define SSL_set_options wolfSSL_set_options +#define SSL_get_options wolfSSL_get_options +#define SSL_set_tmp_dh wolfSSL_set_tmp_dh +#define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations +#define SSL_total_renegotiations wolfSSL_total_renegotiations +#define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg +#define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type +#define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts +#define SSL_get_tlsext_status_ids wolfSSL_get_tlsext_status_ids +#define SSL_set_tlsext_status_ids wolfSSL_set_tlsext_status_ids +#define SSL_get_tlsext_status_ocsp_resp wolfSSL_get_tlsext_status_ocsp_resp +#define SSL_set_tlsext_status_ocsp_resp wolfSSL_set_tlsext_status_ocsp_resp -#define SSL_CTX_need_tmp_RSA wolfSSL_SSL_CTX_need_tmp_RSA -#define SSL_CTX_set_tmp_rsa wolfSSL_SSL_CTX_set_tmp_rsa -#define SSL_CTX_add_extra_chain_cert wolfSSL_SSL_CTX_add_extra_chain_cert -#define SSL_CTX_get_read_ahead wolfSSL_SSL_CTX_get_read_ahead -#define SSL_CTX_set_read_ahead wolfSSL_SSL_CTX_set_read_ahead -#define SSL_CTX_set_tlsext_status_arg wolfSSL_SSL_CTX_set_tlsext_status_arg +#define SSL_CTX_need_tmp_RSA wolfSSL_CTX_need_tmp_RSA +#define SSL_CTX_set_tmp_rsa wolfSSL_CTX_set_tmp_rsa +#define SSL_CTX_add_extra_chain_cert wolfSSL_CTX_add_extra_chain_cert +#define SSL_CTX_get_read_ahead wolfSSL_CTX_get_read_ahead +#define SSL_CTX_set_read_ahead wolfSSL_CTX_set_read_ahead +#define SSL_CTX_set_tlsext_status_arg wolfSSL_CTX_set_tlsext_status_arg #define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \ - wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg + wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg #define SSL_get_server_random wolfSSL_get_server_random -#define SSL_get_tlsext_status_exts wolfSSL_SSL_get_tlsext_status_exts +#define SSL_get_tlsext_status_exts wolfSSL_get_tlsext_status_exts #define BIO_C_SET_FILE_PTR 106 #define BIO_C_GET_FILE_PTR 107 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d9cf756df..bd8a02f1c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -692,39 +692,35 @@ WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*); WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*); + +WOLFSSL_API long wolfSSL_CTX_need_tmp_RSA(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_set_tmp_rsa(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_need_tmp_RSA(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_rsa(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_tmp_dh(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_sess_set_cache_size(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_sess_get_cache_size(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*); +WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_get_session_cache_mode(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_get_read_ahead(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_read_ahead(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*); -WOLFSSL_API long wolfSSL_SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX*); - -WOLFSSL_API unsigned long wolfSSL_SSL_set_options(WOLFSSL *s, unsigned long op); -WOLFSSL_API unsigned long wolfSSL_SSL_get_options(const WOLFSSL *s); -WOLFSSL_API long wolfSSL_SSL_clear_num_renegotiations(WOLFSSL *s); -WOLFSSL_API long wolfSSL_SSL_total_renegotiations(WOLFSSL *s); -WOLFSSL_API long wolfSSL_SSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_type(WOLFSSL *s, int type); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_exts(WOLFSSL *s, void *arg); -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ids(WOLFSSL *s, void *arg); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); -WOLFSSL_API long wolfSSL_SSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); +WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op); +WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s); +WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); +WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); +WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); +WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); +WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg); +WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp); +WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); -WOLFSSL_API long wolfSSL_SSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); -WOLFSSL_API unsigned long wolfSSL_SSL_get_verify_result(const WOLFSSL *ssl); -WOLFSSL_API void wolfSSL_SSL_set_accept_state(WOLFSSL *s); -WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get1_session(WOLFSSL *ssl); +WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); +WOLFSSL_API unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl); #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ #define WOLFSSL_RSA_F4 0x10001L @@ -957,7 +953,6 @@ WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx); WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m); WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl); -WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long); WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, @@ -1367,6 +1362,7 @@ WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char enum { WOLFSSL_SERVER_END = 0, WOLFSSL_CLIENT_END = 1, + WOLFSSL_NEITHER_END = 3, WOLFSSL_BLOCK_TYPE = 2, WOLFSSL_STREAM_TYPE = 3, WOLFSSL_AEAD_TYPE = 4, @@ -1914,7 +1910,8 @@ WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der, long derSz); #ifndef NO_RSA -WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, WOLFSSL_RSA* rsa); +WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, + long derSz); #endif #endif /* NO_CERTS */ @@ -1933,8 +1930,8 @@ WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen); WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, size_t outSz); -WOLFSSL_API pem_password_cb *wolfSSL_SSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); -WOLFSSL_API void *wolfSSL_SSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); +WOLFSSL_API pem_password_cb wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx); +WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); /*lighttp compatibility */ @@ -1978,7 +1975,8 @@ WOLFSSL_API unsigned long wolfSSL_SSL_CTX_set_options(WOLFSSL_CTX *ctx, unsigned #endif #if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(OPENSSL_EXTRA) WOLFSSL_API char * wolf_OBJ_nid2ln(int n); WOLFSSL_API int wolf_OBJ_txt2nid(const char *sn); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 2499cf42f..1eb4b6d90 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -578,6 +578,8 @@ extern const char* BEGIN_CERT; extern const char* END_CERT; extern const char* BEGIN_CERT_REQ; extern const char* END_CERT_REQ; +extern const char* BEGIN_DSA_PARAM; +extern const char* END_DSA_PARAM; extern const char* BEGIN_DH_PARAM; extern const char* END_DH_PARAM; extern const char* BEGIN_X509_CRL; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index f0f9eaf5a..7bd3265f0 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -41,6 +41,7 @@ enum CertType { CERT_TYPE = 0, PRIVATEKEY_TYPE, DH_PARAM_TYPE, + DSA_PARAM_TYPE, CRL_TYPE, CA_TYPE, ECC_PRIVATEKEY_TYPE,