diff --git a/configure.ac b/configure.ac index 312abb893..a0f81f755 100644 --- a/configure.ac +++ b/configure.ac @@ -6773,11 +6773,11 @@ AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABL AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ECC],[test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes"]) AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CURVE25519],[test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes"]) AM_CONDITIONAL([BUILD_ED448],[test "x$ENABLED_ED448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ED448_SMALL],[test "x$ENABLED_ED448_SMALL" = "xyes"]) AM_CONDITIONAL([BUILD_FE448], [test "x$ENABLED_FE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) diff --git a/examples/client/client.c b/examples/client/client.c index 948095545..b03983e35 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -3228,7 +3228,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #endif /* !NO_CERTS */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) wolfSSL_KeepArrays(ssl); #endif diff --git a/examples/server/server.c b/examples/server/server.c index ec95f7659..88f658b4a 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2531,7 +2531,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) if (ssl == NULL) err_sys_ex(catastrophic, "unable to create an SSL object"); -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) wolfSSL_KeepArrays(ssl); #endif diff --git a/src/ssl.c b/src/ssl.c index 96e7c95db..8be191cbd 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2160,8 +2160,6 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) } #endif - sz = wolfSSL_GetMaxRecordSize(ssl, sz); - ret = ReceiveData(ssl, (byte*)data, sz, peek); #ifdef HAVE_WRITE_DUP @@ -48164,27 +48162,9 @@ int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen, } #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ + #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) - -int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, - const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len) -{ - WOLFSSL_ENTER("wolfSSL_X509_NAME_digest"); - - if (name == NULL || type == NULL) - return WOLFSSL_FAILURE; - -#if !defined(NO_FILESYSTEM) && !defined(NO_PWDBASED) - return wolfSSL_EVP_Digest((unsigned char*)name->name, - name->sz, md, len, type, NULL); -#else - (void)md; - (void)len; - return NOT_COMPILED_IN; -#endif -} - + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK) long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx) { WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_timeout"); @@ -48205,6 +48185,28 @@ long wolfSSL_get_timeout(WOLFSSL* ssl) return 0; return ssl->timeout; } +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) + +int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, + const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len) +{ + WOLFSSL_ENTER("wolfSSL_X509_NAME_digest"); + + if (name == NULL || type == NULL) + return WOLFSSL_FAILURE; + +#if !defined(NO_FILESYSTEM) && !defined(NO_PWDBASED) + return wolfSSL_EVP_Digest((unsigned char*)name->name, + name->sz, md, len, type, NULL); +#else + (void)md; + (void)len; + return NOT_COMPILED_IN; +#endif +} #ifdef HAVE_ECC int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index af99d28a4..2b220e197 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1171,6 +1171,10 @@ enum { #define WOLFSSL_MAX_MTU 1400 #endif /* WOLFSSL_MAX_MTU */ +#ifndef WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER + #define WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER 500 +#endif /* WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER */ + /* set minimum DH key size allowed */ #ifndef WOLFSSL_MIN_DHKEY_BITS @@ -1363,9 +1367,10 @@ enum Misc { DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */ DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */ DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */ - DTLS_MTU_ADDITIONAL_READ_BUFFER = 100, /* Additional bytes to read so that - * we can work with a peer that has - * a slightly different MTU than us. */ + DTLS_MTU_ADDITIONAL_READ_BUFFER = WOLFSSL_DTLS_MTU_ADDITIONAL_READ_BUFFER, + /* Additional bytes to read so that + * we can work with a peer that has + * a slightly different MTU than us. */ MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */ MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * DTLS_EXPORT_LEN), /* max size of buffer for exporting state */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 281d2b9cb..ce6ce7f23 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4423,7 +4423,7 @@ WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup( #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK) WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c);