wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3289 from dgarske/wpas_small

Browse Source 
Fixes for building `--enable-wpas=small` with WPA Supplicant v2.7
This commit is contained in:
toddouska
2020-09-21 13:37:58 -07:00
committed by GitHub
parent 0f6d391ea1 9deb85ceb1
commit 1274a01dc7
5 changed files with 304 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
configure.ac
View File

@@ -645,26 +645,30 @@ then
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
fi
if test "$ENABLED_WPAS" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT"
AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
fi
if test "$ENABLED_WPAS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK -DWOLFSSL_STATIC_RSA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER -DHAVE_EX_DATA -DWOLFSSL_KEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DWOLFSSL_DES_ECB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi
if test "$ENABLED_WPAS" = "small"
if test "$ENABLED_WPAS" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
fi
if test "$ENABLED_FORTRESS" = "yes"
@@ -2323,7 +2327,7 @@ AC_ARG_ENABLE([des3],
[ ENABLED_DES3=no ]
)
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes"
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno"
then
ENABLED_DES3="yes"
fi
@@ -2411,7 +2415,7 @@ AC_ARG_ENABLE([cmac],
[ ENABLED_CMAC=no ]
)
if test "$ENABLED_WPAS" = "yes"
if test "$ENABLED_WPAS" != "no"
then
ENABLED_CMAC=yes
fi
@@ -2848,7 +2852,7 @@ AC_ARG_ENABLE([crl],
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno"
then
ENABLED_CRL=yes
fi
@@ -3201,7 +3205,7 @@ AC_ARG_ENABLE([session-ticket],
[ ENABLED_SESSION_TICKET=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" != "no" || test "x$ENABLED_HAPROXY" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_SESSION_TICKET=yes
fi
@@ -3871,7 +3875,7 @@ AC_ARG_ENABLE([md4],
if test "$ENABLED_MD4" = "no"
then
#turn on MD4 if using stunnel
if test "x$ENABLED_STUNNEL" = "xyes"
if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno"
then
ENABLED_MD4="yes"
else
@@ -4884,7 +4888,7 @@ AC_ARG_ENABLE([aeskeywrap],
[ ENABLED_AESKEYWRAP=no ]
)
if test "$ENABLED_WPAS" = "yes" && test "$ENABLED_FIPS" = "no"
if test "$ENABLED_WPAS" != "no" && test "$ENABLED_FIPS" = "no"
then
ENABLED_AESKEYWRAP="yes"
fi

106
src/ssl.c
View File

@@ -17658,10 +17658,9 @@ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
}
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_EXTRA) || \
defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
#if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \
defined(SESSION_CERTS)
/* return the next, if any, altname from the peer cert */
WOLFSSL_ABI
char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
@@ -17783,6 +17782,11 @@ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
return x509->pubKeyOID;
}
#endif /* OPENSSL_EXTRA || KEEP_OUR_CERT || KEEP_PEER_CERT || SESSION_CERTS */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
/* write X509 serial number in unsigned binary to buffer
buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
return WOLFSSL_SUCCESS on success */
@@ -17807,7 +17811,6 @@ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
return WOLFSSL_SUCCESS;
}
/* not an openssl compatibility function - getting for derCert */
const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
{
@@ -17820,6 +17823,10 @@ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
return x509->derCert->buffer;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT || KEEP_PEER_CERT || SESSION_CERTS */
#ifdef OPENSSL_EXTRA
/* used by JSSE (not a standard compatibility function) */
/* this is not thread safe */
WOLFSSL_ABI
@@ -17838,6 +17845,7 @@ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
return notBeforeData;
}
/* used by JSSE (not a standard compatibility function) */
/* this is not thread safe */
WOLFSSL_ABI
@@ -18001,6 +18009,7 @@ byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
}
#endif /* WOLFSSL_SEP */
#endif /* OPENSSL_EXTRA */
/* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */
#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA)
@@ -18288,9 +18297,9 @@ void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* access)
/* access = NULL, don't try to access or double free it */
}
#endif
#endif /* OPENSSL_ALL || WOLFSSL_QT */
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* create a generic wolfSSL stack node
* returns a new WOLFSSL_STACK structure on success */
@@ -18376,9 +18385,7 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
return ret;
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Creates and returns new GENERAL_NAME structure */
WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void)
{
@@ -19059,9 +19066,7 @@ int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out)
#endif /* OPENSSL_EXTRA */
#ifndef NO_FILESYSTEM
#ifndef NO_STDIO_FILESYSTEM
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
{
@@ -19099,8 +19104,12 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
return newX509;
}
#endif /* NO_STDIO_FILESYSTEM */
#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
#ifndef NO_FILESYSTEM
WOLFSSL_ABI
WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
{
@@ -19165,9 +19174,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
return x509;
}
#endif /* NO_FILESYSTEM */
#endif /* !NO_FILESYSTEM */
WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
const unsigned char* buf, int sz, int format)
@@ -19234,7 +19241,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
return x509;
}
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_PEER_CERT || SESSION_CERTS */
/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
KEEP_OUR_CERT is to insure ability for returning ssl certificate */
@@ -23838,8 +23845,8 @@ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
}
#endif /* !NO_ASN_TIME */
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
!defined(TIME_OVERRIDES)
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \
!defined(NO_ASN_TIME) && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTime,
int offset_day, long offset_sec, time_t *in_tm)
{
@@ -23884,6 +23891,9 @@ WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
}
#endif
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Used to create a new WOLFSSL_ASN1_INTEGER structure.
* returns a pointer to new structure on success and NULL on failure
*/
@@ -24058,7 +24068,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
return a;
}
#endif /* OPENSSL_EXTRA */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
@@ -27406,9 +27416,6 @@ WOLFSSL_STACK* wolfSSL_sk_new_null(void)
return sk;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void)
{
@@ -27477,7 +27484,7 @@ int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk)
return (int)sk->num;
}
#endif /* OPENSSL_EXTRA */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
defined(HAVE_EXT_CACHE))
@@ -37157,7 +37164,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return copy;
}
#if defined(WOLFSSL_CERT_GEN)
#ifdef WOLFSSL_CERT_GEN
#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
/* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to
* a Cert structure.
*
@@ -37189,7 +37198,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return length;
}
#endif
#ifdef WOLFSSL_CERT_REQ
static int ReqCertFromX509(Cert* cert, WOLFSSL_X509* req)
@@ -37200,7 +37209,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return WOLFSSL_FAILURE;
ret = CopyX509NameToCert(&(req->subject), cert->sbjRaw);
ret = CopyX509NameToCert(&req->subject, cert->sbjRaw);
if (ret < 0) {
WOLFSSL_MSG("REQ subject conversion error");
ret = MEMORY_E;
@@ -37225,7 +37234,8 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return ret;
}
#endif
#endif /* WOLFSSL_CERT_REQ */
#ifdef WOLFSSL_ALT_NAMES
/* converts WOLFSSL_AN1_TIME to Cert form, returns positive size on
* success */
@@ -37244,8 +37254,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
}
return t->length - 1 + sz;
}
#endif
#endif /* WOLFSSL_ALT_NAMES */
/* convert a WOLFSSL_X509 to a Cert structure for writing out */
static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
@@ -37292,7 +37301,6 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
cert->altNamesSz = FlattenAltNames(cert->altNames,
sizeof(cert->altNames), x509->altNames);
#endif /* WOLFSSL_ALT_NAMES */
cert->sigType = wolfSSL_X509_get_signature_type(x509);
@@ -37357,23 +37365,23 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
if (x509->issuerSet)
cert->selfSigned = 0;
ret = CopyX509NameToCert(&(x509->subject), cert->sbjRaw);
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
ret = CopyX509NameToCert(&x509->subject, cert->sbjRaw);
if (ret < 0) {
WOLFSSL_MSG("Subject conversion error");
return MEMORY_E;
}
if (cert->selfSigned) {
XMEMCPY(cert->issRaw, cert->sbjRaw, sizeof(CertName));
}
else {
ret = CopyX509NameToCert(&(x509->issuer), cert->issRaw);
ret = CopyX509NameToCert(&x509->issuer, cert->issRaw);
if (ret < 0) {
WOLFSSL_MSG("Issuer conversion error");
return MEMORY_E;
}
}
#endif
cert->heap = x509->heap;
@@ -37389,7 +37397,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
int hashType;
int sigType = WOLFSSL_FAILURE;
#if !defined(NO_PWDBASED)
#if !defined(NO_PWDBASED) && defined(OPENSSL_EXTRA)
/* Convert key type and hash algorithm to a signature algorithm */
if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL) == WOLFSSL_FAILURE) {
return WOLFSSL_FAILURE;
@@ -37685,6 +37693,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
return ret;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
@@ -44025,7 +44034,7 @@ int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url)
return WOLFSSL_SUCCESS;
}
#endif /* OCSP */
#endif /* OPENSSL_ALL / WOLFSSL_NGINX / WOLFSSL_HAPROXY */
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
@@ -44246,6 +44255,20 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
return X509_V_OK;
}
char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings,
int idx)
{
for (; idx > 0 && strings != NULL; idx--)
strings = strings->next;
if (strings == NULL)
return NULL;
return strings->data.string;
}
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
{
WOLFSSL_ENTER("wolfSSL_X509_dup");
@@ -44258,16 +44281,7 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
}
char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings,
int idx)
{
for (; idx > 0 && strings != NULL; idx--)
strings = strings->next;
if (strings == NULL)
return NULL;
return strings->data.string;
}
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
#ifdef HAVE_ALPN

4
wolfcrypt/src/asn.c
View File

@@ -12732,7 +12732,7 @@ static int wc_EncodeName(EncodedName* name, const char* nameStr, char nameType,
}
#if defined(OPENSSL_EXTRA)
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Converts from NID_* value to wolfSSL value if needed */
static int ConvertNIDToWolfSSL(int nid)
{
@@ -12871,7 +12871,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
}
return totalBytes;
}
#endif /* OPENSSL_EXTRA */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
/* encode CertName into output, return total bytes written */

2
wolfssl/internal.h
View File

@@ -3659,7 +3659,7 @@ struct WOLFSSL_X509 {
WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
#endif /* WOLFSSL_QT || OPENSSL_ALL */
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */
#endif
WOLFSSL_ASN1_TIME notBefore;

7
wolfssl/ssl.h
View File

@@ -191,7 +191,7 @@ typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID;
typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS;
typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION;
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
struct WOLFSSL_AUTHORITY_KEYID {
WOLFSSL_ASN1_STRING *keyid;
@@ -3320,6 +3320,11 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
#endif /* !NO_CERTS */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef WOLFSSL_WPAS_SMALL
/* WPA Supplicant requires GEN_ values */
#include <wolfssl/openssl/x509v3.h>
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
int nid, int* c, int* idx);