wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-03 23:35:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2989 from julek-wolfssl/openvpn

Browse Source 
Additional OpenSSL compat layer stuff
This commit is contained in:
toddouska
2020-06-04 11:57:55 -07:00
committed by GitHub
parent b48699c1f0 a67e1fc2ad
commit 23d1550439
9 changed files with 84 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -1536,7 +1536,7 @@ AC_ARG_ENABLE([dsa],
[ ENABLED_DSA=no ]
)
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
then
ENABLED_DSA="yes"
fi

63
src/ssl.c
View File

@@ -14924,7 +14924,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
{
WOLFSSL_BIO* bio = NULL;
if (buf == NULL || len < 0) {
if (buf == NULL) {
return bio;
}
@@ -14933,6 +14933,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return bio;
}
if (len < 0) {
len = (int)XSTRLEN((const char*)buf);
}
bio->num = bio->wrSz = len;
bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
if (bio->ptr == NULL) {
@@ -19269,7 +19272,7 @@ void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
/* helper function that takes in a protocol version struct and returns string */
static const char* wolfSSL_internal_get_version(ProtocolVersion* version)
static const char* wolfSSL_internal_get_version(const ProtocolVersion* version)
{
WOLFSSL_ENTER("wolfSSL_get_version");
@@ -19279,21 +19282,14 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version)
if (version->major == SSLv3_MAJOR) {
switch (version->minor) {
#ifndef NO_OLD_TLS
#ifdef WOLFSSL_ALLOW_SSLV3
case SSLv3_MINOR :
return "SSLv3";
#endif
#ifdef WOLFSSL_ALLOW_TLSV10
case TLSv1_MINOR :
return "TLSv1";
#endif
case TLSv1_1_MINOR :
return "TLSv1.1";
#endif
case TLSv1_2_MINOR :
return "TLSv1.2";
#ifdef WOLFSSL_TLS13
case TLSv1_3_MINOR :
#ifdef WOLFSSL_TLS13_DRAFT
#ifdef WOLFSSL_TLS13_DRAFT_18
@@ -19310,7 +19306,6 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version)
#else
return "TLSv1.3";
#endif
#endif
default:
return "unknown";
}
@@ -19331,7 +19326,7 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version)
}
const char* wolfSSL_get_version(WOLFSSL* ssl)
const char* wolfSSL_get_version(const WOLFSSL* ssl)
{
if (ssl == NULL) {
WOLFSSL_MSG("Bad argument");
@@ -19348,6 +19343,13 @@ const char* wolfSSL_lib_version(void)
return LIBWOLFSSL_VERSION_STRING;
}
#ifdef OPENSSL_EXTRA
const char* wolfSSL_OpenSSL_version(void)
{
return "wolfSSL " LIBWOLFSSL_VERSION_STRING;
}
#endif
/* current library version in hex */
word32 wolfSSL_lib_version_hex(void)
@@ -21101,6 +21103,8 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
cipher_names = GetCipherNames();
offset = cipher->offset;
if (offset >= (unsigned long)GetCipherNamesSize())
return WOLFSSL_FAILURE;
pv.major = cipher_names[offset].major;
pv.minor = cipher_names[offset].minor;
protocol = wolfSSL_internal_get_version(&pv);
@@ -26637,9 +26641,6 @@ int wolfSSL_sk_num(WOLFSSL_STACK* sk)
void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
int offset = i;
#endif
WOLFSSL_ENTER("wolfSSL_sk_value");
for (; sk != NULL && i > 0; i--)
@@ -26651,9 +26652,6 @@ void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i)
case STACK_TYPE_X509:
return (void*)sk->data.x509;
case STACK_TYPE_CIPHER:
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
sk->data.cipher.offset = offset;
#endif
return (void*)&sk->data.cipher;
case STACK_TYPE_GEN_NAME:
return (void*)sk->data.gn;
@@ -29965,6 +29963,16 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
return WOLFSSL_SUCCESS;
}
int wolfSSL_DSA_bits(const WOLFSSL_DSA *d)
{
if (!d)
return WOLFSSL_FAILURE;
if (!d->exSet && SetDsaExternal((WOLFSSL_DSA*)d) != WOLFSSL_SUCCESS)
return WOLFSSL_FAILURE;
return wolfSSL_BN_num_bits(d->p);
}
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa)
@@ -33244,7 +33252,7 @@ size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r, size_t nitems)
r[i].comment = wolfSSL_OBJ_nid2sn(r[i].nid);
}
return ecc_sets_count;
return min_nitems;
}
/* Start ECDSA_SIG */
@@ -42941,6 +42949,8 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
{
WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
Suites* suites;
const CipherSuiteInfo* cipher_names = GetCipherNames();
int cipherSz = GetCipherNamesSize();
WOLFSSL_ENTER("wolfSSL_get_ciphers_compat");
if (ssl == NULL || (ssl->suites == NULL && ssl->ctx->suites == NULL)) {
@@ -42957,15 +42967,30 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
/* check if stack needs populated */
if (suites->stack == NULL) {
int i;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
int j;
#endif
for (i = 0; i < suites->suiteSz; i+=2) {
WOLFSSL_STACK* add = wolfSSL_sk_new_node(ssl->heap);
if (add != NULL) {
add->type = STACK_TYPE_CIPHER;
add->data.cipher.cipherSuite0 = suites->suites[i];
add->data.cipher.cipherSuite = suites->suites[i+1];
add->data.cipher.ssl = ssl;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
for (j = 0; j < cipherSz; j++) {
if (cipher_names[j].cipherSuite0 ==
add->data.cipher.cipherSuite0 &&
cipher_names[j].cipherSuite ==
add->data.cipher.cipherSuite) {
add->data.cipher.offset = j;
break;
}
}
#endif
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
/* in_stack is checked in wolfSSL_CIPHER_description */
add->data.cipher.in_stack = 1;
add->data.cipher.in_stack = 1;
#endif
add->next = ret;

40
tests/api.c
View File

@@ -24991,10 +24991,9 @@ static void test_wolfSSL_BIO_gets(void)
/* try with bad args */
AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
AssertNull(bio = BIO_new_mem_buf((void*)msg, -1));
/* try with real msg */
AssertNotNull(bio = BIO_new_mem_buf((void*)msg, sizeof(msg)));
AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
XMEMSET(bio_buffer, 0, bufferSz);
AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
@@ -27193,7 +27192,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
#endif
}
#if defined(WOLFSSL_QT)
#if defined(OPENSSL_ALL)
#if !defined(NO_ASN)
static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
{
@@ -27261,7 +27260,7 @@ static void test_wolfSSL_sk_CIPHER_description(void)
printf(testingFmt, "wolfSSL_sk_CIPHER_description");
AssertNotNull(method = TLSv1_client_method());
AssertNotNull(method = TLSv1_2_client_method());
AssertNotNull(ctx = SSL_CTX_new(method));
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
@@ -27319,7 +27318,7 @@ static void test_wolfSSL_get_ciphers_compat(void)
printf(testingFmt, "wolfSSL_get_ciphers_compat");
AssertNotNull(method = TLSv1_client_method());
AssertNotNull(method = SSLv23_client_method());
AssertNotNull(ctx = SSL_CTX_new(method));
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
@@ -27626,14 +27625,18 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS);
/* Initialize pkey with der format dsa key */
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
&dsaKeyDer ,(long)dsaKeySz));
/* Test wolfSSL_EVP_PKEY_get1_DSA */
/* Should Fail: NULL argument */
AssertNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(NULL));
AssertNull(dsa = EVP_PKEY_get0_DSA(NULL));
AssertNull(dsa = EVP_PKEY_get1_DSA(NULL));
/* Should Pass: Initialized pkey argument */
AssertNotNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(pkey));
AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey));
AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey));
AssertIntEQ(DSA_bits(dsa), 2048);
/* Sign */
AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS);
@@ -27643,17 +27646,17 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
/* Test wolfSSL_EVP_PKEY_set1_DSA */
/* Should Fail: set1Pkey not initialized */
AssertIntNE(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
/* Initialize set1Pkey */
set1Pkey = wolfSSL_EVP_PKEY_new();
set1Pkey = EVP_PKEY_new();
/* Should Fail Verify: setDsa not initialized from set1Pkey */
AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer),
WOLFSSL_SUCCESS);
/* Should Pass: set dsa into set1Pkey */
AssertIntEQ(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
printf(resultFmt, passed);
DSA_free(dsa);
@@ -28039,7 +28042,7 @@ static void test_wolfSSL_OBJ_ln(void)
"jurisdictionStateOrProvinceName",
"emailAddress",
};
int i = 0, maxIdx = sizeof(ln_set)/sizeof(char*);
size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*);
printf(testingFmt, "wolfSSL_OBJ_ln");
@@ -28047,9 +28050,9 @@ static void test_wolfSSL_OBJ_ln(void)
#ifdef HAVE_ECC
{
int nCurves = 27;
size_t nCurves = 27;
EC_builtin_curve r[nCurves];
EC_get_builtin_curves(r,nCurves);
nCurves = EC_get_builtin_curves(r,nCurves);
for (i = 0; i < nCurves; i++) {
AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid);
@@ -28088,7 +28091,7 @@ static void test_wolfSSL_OBJ_sn(void)
printf(resultFmt, passed);
}
#endif /* WOLFSSL_QT */
#endif /* OPENSSL_ALL */
static void test_wolfSSL_X509V3_EXT_get(void) {
@@ -32180,8 +32183,7 @@ void ApiTest(void)
test_wolfSSL_EVP_PKEY_derive();
test_wolfSSL_RSA_padding_add_PKCS1_PSS();
#if defined(WOLFSSL_QT)
printf("\n----------------Qt Unit Tests-------------------\n");
#if defined(OPENSSL_ALL)
test_wolfSSL_X509_PUBKEY_get();
test_wolfSSL_sk_CIPHER_description();
test_wolfSSL_get_ciphers_compat();
@@ -32198,9 +32200,7 @@ void ApiTest(void)
test_wolfSSL_OBJ_ln();
test_wolfSSL_OBJ_sn();
printf("\n-------------End Of Qt Unit Tests---------------\n");
#endif /* WOLFSSL_QT */
#endif /* OPENSSL_ALL */
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);

8
wolfcrypt/src/evp.c
View File

@@ -5799,6 +5799,14 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
return WOLFSSL_SUCCESS;
}
WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey)
{
if (!pkey) {
return NULL;
}
return pkey->dsa;
}
WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
{
WOLFSSL_DSA* local;

3
wolfssl/internal.h
View File

@@ -1853,11 +1853,10 @@ WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#define MAX_DESCRIPTION_SZ 255
#endif
/* wolfSSL Cipher type just points back to SSL */
struct WOLFSSL_CIPHER {
byte cipherSuite0;
byte cipherSuite;
WOLFSSL* ssl;
const WOLFSSL* ssl;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
char description[MAX_DESCRIPTION_SZ];
unsigned long offset;

2
wolfssl/openssl/dsa.h
View File

@@ -80,6 +80,8 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
unsigned char* sig,
WOLFSSL_DSA* dsa, int *dsacheck);
WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void);
WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,

1
wolfssl/openssl/evp.h
View File

@@ -521,6 +521,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey,
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key);
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey);

8
wolfssl/openssl/ssl.h
View File

@@ -340,8 +340,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define DSA_dup_DH wolfSSL_DSA_dup_DH
/* wolfSSL does not support DSA as the cert public key */
#define EVP_PKEY_get0_DSA(...) NULL
#define DSA_bits(...) 0
#define EVP_PKEY_get0_DSA wolfSSL_EVP_PKEY_get0_DSA
#define DSA_bits wolfSSL_DSA_bits
#define i2d_X509_bio wolfSSL_i2d_X509_bio
#define d2i_X509_bio wolfSSL_d2i_X509_bio
@@ -381,7 +381,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
#define X509_get_notBefore wolfSSL_X509_get_notBefore
#define X509_get0_notBefore wolfSSL_X509_get_notBefore
#define X509_get_notAfter wolfSSL_X509_get_notAfter
#define X509_get0_notAfter wolfSSL_X509_get_notAfter
#define X509_get_serialNumber wolfSSL_X509_get_serialNumber
#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index
@@ -1227,7 +1229,7 @@ enum {
#define X509_OBJECT_free wolfSSL_X509_OBJECT_free
#define X509_OBJECT_get_type(x) 0
#define OpenSSL_version(x) wolfSSL_lib_version()
#define OpenSSL_version(x) wolfSSL_OpenSSL_version()
#ifdef __cplusplus
} /* extern "C" */

3
wolfssl/ssl.h
View File

@@ -1157,7 +1157,7 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session);
WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*);
WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*);
WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL*);
WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*);
WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int);
@@ -2088,6 +2088,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
/* which library version do we have */
WOLFSSL_API const char* wolfSSL_lib_version(void);
WOLFSSL_API const char* wolfSSL_OpenSSL_version(void);
/* which library version do we have in hex */
WOLFSSL_API word32 wolfSSL_lib_version_hex(void);