wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1251 from kojo1/openSSL-Compat-201711

Browse Source 
openSSL compatibility 201711
This commit is contained in:
Chris Conlon
2017-12-21 16:25:46 -07:00
committed by GitHub
parent d1ee0f3d0d 7a59275688
commit 2660ff0b93
10 changed files with 432 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@@ -1544,7 +1544,10 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
#endif /* !NO_WOLFSSL_SERVER */
#endif /* HAVE_TLS_EXTENSIONS */
#ifdef OPENSSL_EXTRA
if(ctx->alpn_cli_protos)
XFREE((void *)ctx->alpn_cli_protos, NULL, DYNAMIC_TYPE_OPENSSL);
#endif
#ifdef WOLFSSL_STATIC_MEMORY
if (ctx->heap != NULL) {
#ifdef WOLFSSL_HEAP_TEST
@@ -16311,6 +16314,21 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
currTime.tv_usec;
info->numberPackets++;
}
#ifdef OPENSSL_EXTRA
if (ssl->protoMsgCb != NULL && sz > RECORD_HEADER_SZ) {
/* version from hex to dec 16 is 16^1, 256 from 16^2 and
4096 from 16^3 */
int version = (ssl->version.minor & 0X0F) +
(ssl->version.minor & 0xF0) * 16 +
(ssl->version.major & 0X0F) * 256 +
(ssl->version.major & 0xF0) * 4096;
ssl->protoMsgCb(written, version, type,
(const void *)(data + RECORD_HEADER_SZ),
(size_t)(sz - RECORD_HEADER_SZ),
ssl, ssl->protoMsgCtx);
}
#endif /* OPENSSL_EXTRA */
}

209
src/ssl.c
View File

@@ -5868,8 +5868,16 @@ int wolfSSL_CertManagerDisableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
#endif
return ret;
}
#if defined(SESSION_CERTS)
WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain");
if ((ssl == NULL) || (ssl->session.chain.count == 0))
return NULL;
else
return (WOLF_STACK_OF(WOLFSSL_X509)* )&ssl->session.chain;
}
#endif
#ifdef HAVE_OCSP
@@ -11456,21 +11464,36 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
{
(void)ctx;
WOLFSSL_ENTER("wolfSSL_CTX_get_options");
WOLFSSL_MSG("wolfSSL options are set through API calls and macros");
return 0;
if(ctx == NULL)
return BAD_FUNC_ARG;
return ctx->mask;
}
long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
{
WOLFSSL *ssl;
WOLFSSL_ENTER("SSL_CTX_set_options");
ctx->mask |= opt;
return opt;
if(ctx == NULL)
return BAD_FUNC_ARG;
ssl = wolfSSL_new(ctx);
if(ssl == NULL)
return SSL_FAILURE;
ctx->mask = wolfSSL_set_options(ssl, opt);
wolfSSL_free(ssl);
return ctx->mask;
}
long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
{
WOLFSSL_ENTER("SSL_CTX_clear_options");
if(ctx == NULL)
return BAD_FUNC_ARG;
ctx->mask &= ~opt;
return ctx->mask;
}
int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd)
{
@@ -11559,6 +11582,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return ctx->error_depth;
return WOLFSSL_FATAL_ERROR;
}
void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb)
{
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_verify_cb");
if(ctx == NULL)
return;
ctx->verify_cb = verify_cb;
}
#endif
@@ -12751,7 +12783,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
WOLFSSL_ENTER("EVP_MD_CTX_new");
ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL,
DYNAMIC_TYPE_OPENSSL);
if (ctx){
if (ctx){
wolfSSL_EVP_MD_CTX_init(ctx);
}
return ctx;
@@ -12761,9 +12793,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
{
if (ctx) {
WOLFSSL_ENTER("EVP_MD_CTX_free");
wolfSSL_EVP_MD_CTX_cleanup(ctx);
XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
}
wolfSSL_EVP_MD_CTX_cleanup(ctx);
XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
}
}
void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx)
@@ -14843,7 +14875,7 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) {
/* free head of stack */
if (sk->num == 1) {
wolfSSL_X509_free(sk->data.x509);
wolfSSL_X509_free(sk->data.x509);
}
XFREE(sk, NULL, DYNAMIC_TYPE_X509);
}
@@ -15250,7 +15282,7 @@ void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
/* free head of stack */
if (sk->num == 1) {
wolfSSL_ASN1_OBJECT_free(sk->data.obj);
wolfSSL_ASN1_OBJECT_free(sk->data.obj);
}
XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
}
@@ -17004,8 +17036,7 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
return 0;
}
unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op)
long wolfSSL_set_options(WOLFSSL* ssl, long op)
{
word16 haveRSA = 1;
word16 havePSK = 0;
@@ -17101,10 +17132,20 @@ unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op)
}
unsigned long wolfSSL_get_options(const WOLFSSL* ssl)
long wolfSSL_get_options(const WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_get_options");
if(ssl == NULL)
return WOLFSSL_FAILURE;
return ssl->options.mask;
}
long wolfSSL_clear_options(WOLFSSL* ssl, long opt)
{
WOLFSSL_ENTER("SSL_clear_options");
if(ssl == NULL)
return WOLFSSL_FAILURE;
ssl->options.mask &= ~opt;
return ssl->options.mask;
}
@@ -18545,6 +18586,31 @@ int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
return WOLFSSL_FAILURE;
}
/* r = (a * p) % m */
int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
{
int ret;
WOLFSSL_ENTER("wolfSSL_BN_mod_mul");
(void) ctx;
if (r == NULL || a == NULL || p == NULL || m == NULL) {
WOLFSSL_MSG("Bad Argument");
return SSL_FAILURE;
}
if ((ret = mp_mulmod((mp_int*)a->internal,(mp_int*)p->internal,
(mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) {
return SSL_SUCCESS;
}
WOLFSSL_LEAVE("wolfSSL_BN_mod_mul", ret);
(void)ret;
return SSL_FAILURE;
}
const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
{
static WOLFSSL_BIGNUM* bn_one = NULL;
@@ -21401,6 +21467,10 @@ void wolfSSL_OPENSSL_free(void* p)
XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
}
void *wolfSSL_OPENSSL_malloc(size_t a)
{
return XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL);
}
#if defined(WOLFSSL_KEY_GEN)
static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
@@ -22656,7 +22726,7 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
{
int ret;
(void)ctx;
(void)ctx;
WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
@@ -22920,7 +22990,7 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
(void)KDF;
WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
if (out == NULL || pub_key == NULL || pub_key->internal == NULL ||
ecdh == NULL || ecdh->internal == NULL) {
@@ -24888,6 +24958,10 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
session->ex_data[idx] = data;
return WOLFSSL_SUCCESS;
}
#else
(void)session;
(void)idx;
(void)data;
#endif
return WOLFSSL_FAILURE;
}
@@ -24917,6 +24991,9 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
#ifdef HAVE_EX_DATA
if (session != NULL && idx < MAX_EX_DATA && idx >= 0)
return session->ex_data[idx];
#else
(void)session;
(void)idx;
#endif
return NULL;
}
@@ -25164,17 +25241,6 @@ int wolfSSL_version(WOLFSSL* ssl)
return WOLFSSL_FAILURE;
}
WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
{
(void)ssl;
WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain");
WOLFSSL_STUB("wolfSSL_get_peer_cert_chain");
return NULL;
}
WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
@@ -25256,14 +25322,9 @@ void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
ctx->sniRecvCbArg = arg;
}
long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
{
WOLFSSL_ENTER("SSL_CTX_clear_options");
WOLFSSL_STUB("SSL_CTX_clear_options");
(void)ctx;
(void)opt;
return opt;
void wolfSSL_ERR_load_BIO_strings(void) {
WOLFSSL_ENTER("ERR_load_BIO_strings");
/* do nothing */
}
void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*))
@@ -26554,6 +26615,7 @@ WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, char* names)
#endif
#ifdef OPENSSL_EXTRA
#ifndef NO_WOLFSSL_STUB
int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb)
{
WOLFSSL_STUB("SSL_CTX_set_msg_callback");
@@ -26561,28 +26623,75 @@ int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb)
(void)cb;
return WOLFSSL_FAILURE;
}
#endif
int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb)
{
WOLFSSL_STUB("SSL_set_msg_callback");
(void)ssl;
(void)cb;
return WOLFSSL_FAILURE;
WOLFSSL_ENTER("wolfSSL_set_msg_callback");
if (ssl == NULL) {
return SSL_FAILURE;
}
if (cb != NULL) {
ssl->toInfoOn = 1;
}
ssl->protoMsgCb = cb;
return SSL_SUCCESS;
}
int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg)
#ifndef NO_WOLFSSL_STUB
void wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg)
{
WOLFSSL_STUB("SSL_CTX_set_msg_callback_arg");
(void)ctx;
(void)arg;
return WOLFSSL_FAILURE;
}
int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
{
WOLFSSL_STUB("SSL_set_msg_callback_arg");
(void)ssl;
(void)arg;
return WOLFSSL_FAILURE;
return;
}
#endif
void wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
{
WOLFSSL_ENTER("wolfSSL_set_msg_callback_arg");
ssl->protoMsgCtx = arg;
return;
}
void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line)
{
void *ret;
(void)file;
(void)line;
if (data == NULL || siz >= INT_MAX)
return NULL;
ret = OPENSSL_malloc(siz);
if (ret == NULL) {
return NULL;
}
return XMEMCPY(ret, data, siz);
}
int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p,
unsigned int p_len)
{
WOLFSSL_ENTER("wolfSSL_CTX_set_alpn_protos");
if(ctx == NULL)
return BAD_FUNC_ARG;
if((void *)ctx->alpn_cli_protos != NULL)
wolfSSL_OPENSSL_free((void *)ctx->alpn_cli_protos);
ctx->alpn_cli_protos =
(const unsigned char *)wolfSSL_OPENSSL_memdup(p, p_len, NULL, 0);
if (ctx->alpn_cli_protos == NULL) {
return SSL_FAILURE;
}
ctx->alpn_cli_protos_len = p_len;
return SSL_SUCCESS;
}
#endif
#endif /* WOLFCRYPT_ONLY */

239
tests/api.c
View File

@@ -45,6 +45,8 @@
#include <wolfssl/ssl.h> /* compatibility layer */
#include <wolfssl/test.h>
#include <tests/unit.h>
#include "examples/server/server.h"
/* for testing compatibility layer callbacks */
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h>
@@ -160,6 +162,10 @@
#include <wolfssl/wolfcrypt/srp.h>
#endif
#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
#include "wolfssl/internal.h" /* for testing SSL_get_peer_cert_chain */
#endif
/* enable testing buffer load functions */
#ifndef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
@@ -1007,8 +1013,8 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_accept failed");*/
goto done;
}
@@ -1056,7 +1062,9 @@ done:
}
#endif /* !NO_WOLFSSL_SERVER */
static void test_client_nofail(void* args)
typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
static void test_client_nofail(void* args, void *cb)
{
SOCKET_T sockfd = 0;
@@ -1132,12 +1140,14 @@ static void test_client_nofail(void* args)
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
goto done2;
}
if(cb != NULL)((cbType)cb)(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
{
/*err_sys("SSL_write failed");*/
@@ -1268,8 +1278,8 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_accept failed");*/
}
else {
@@ -1388,8 +1398,8 @@ static void run_wolfssl_client(void* args)
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
}
else {
@@ -1465,7 +1475,7 @@ static void test_wolfSSL_read_write(void)
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
@@ -9769,15 +9779,15 @@ static void test_wolfSSL_tmp_dh(void)
static void test_wolfSSL_ctrl(void)
{
#if defined(OPENSSL_EXTRA)
byte buffer[5300];
byte buff[5300];
BIO* bio;
int bytes;
BUF_MEM* ptr = NULL;
printf(testingFmt, "wolfSSL_crtl()");
bytes = sizeof(buffer);
bio = BIO_new_mem_buf((void*)buffer, bytes);
bytes = sizeof(buff);
bio = BIO_new_mem_buf((void*)buff, bytes);
AssertNotNull(bio);
AssertNotNull(BIO_s_socket());
@@ -9965,7 +9975,7 @@ static void test_wolfSSL_ERR_peek_last_error_line(void)
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
#endif
@@ -10293,7 +10303,17 @@ static void test_wolfSSL_BN(void)
/* check result 3^2 mod 5 */
value[0] = 0;
AssertIntEQ(BN_bn2bin(d, value), WOLFSSL_SUCCESS);
AssertIntEQ((int)(value[0] & 0x04), 4);
AssertIntEQ(BN_bn2bin(d, value), SSL_SUCCESS);
AssertIntEQ((int)(value[0]), 4);
/* a*b mod c = */
AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE);
AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS);
/* check result 3*2 mod 5 */
value[0] = 0;
AssertIntEQ(BN_bn2bin(d, value), SSL_SUCCESS);
AssertIntEQ((int)(value[0]), 1);
/* BN_mod_inverse test */
value[0] = 0;
@@ -10335,6 +10355,96 @@ static void test_wolfSSL_BN(void)
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
}
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
#define TEST_ARG 0x1234
static void msg_cb(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg)
{
(void)write_p;
(void)version;
(void)content_type;
(void)buf;
(void)len;
(void)ssl;
AssertTrue(arg == (void*)TEST_ARG);
}
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
!defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES)
#ifndef SINGLE_THREADED
static int msgCb(SSL_CTX *ctx, SSL *ssl)
{
(void) ctx;
(void) ssl;
printf("\n===== msgcb called ====\n");
#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL);
AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 1);
#endif
return SSL_SUCCESS;
}
#endif
#endif
static void test_wolfSSL_msgCb(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
!defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES)
tcp_ready ready;
func_args client_args;
func_args server_args;
#ifndef SINGLE_THREADED
THREAD_TYPE serverThread;
#endif
callback_functions client_cb;
callback_functions server_cb;
printf(testingFmt, "test_wolfSSL_msgCb");
/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
client_cb.method = wolfTLSv1_2_client_method;
server_cb.method = wolfTLSv1_2_server_method;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
client_args.return_code = TEST_FAIL;
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, (void *)msgCb);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
#endif
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_set_options(void)
{
@@ -10343,11 +10453,40 @@ static void test_wolfSSL_set_options(void)
SSL* ssl;
SSL_CTX* ctx;
unsigned char protos[] = {
7, 't', 'l', 's', '/', '1', '.', '2',
8, 'h', 't', 't', 'p', '/', '1', '.', '1'
};
unsigned int len = sizeof(protos);
void *arg = (void *)TEST_ARG;
printf(testingFmt, "wolfSSL_set_options()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE |
SSL_OP_NO_SSLv2)), 0);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) &
SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) &
SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION));
SSL_CTX_free(ctx);
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
@@ -10361,6 +10500,13 @@ static void test_wolfSSL_set_options(void)
SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION));
AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS);
SSL_set_msg_callback_arg(ssl, arg);
AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == SSL_SUCCESS);
SSL_free(ssl);
SSL_CTX_free(ctx);
@@ -10370,6 +10516,29 @@ static void test_wolfSSL_set_options(void)
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
static int verify_cb(int ok, X509_STORE_CTX *ctx)
{
(void) ok;
(void) ctx;
printf("ENTER verify_cb\n");
return SSL_SUCCESS;
}
#endif
static void test_wolfSSL_X509_STORE_CTX(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
X509_STORE_CTX *ctx = NULL ;
printf(testingFmt, "test_wolfSSL_X509_STORE_CTX(()");
AssertNotNull(ctx = X509_STORE_CTX_new());
X509_STORE_CTX_set_verify_cb(ctx, (void *)verify_cb);
X509_STORE_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
/* Testing wolfSSL_set_tlsext_status_type funciton.
* PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined.
*/
@@ -10395,7 +10564,7 @@ static void test_wolfSSL_PEM_read_bio(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
byte buffer[5300];
byte buff[5300];
FILE *f;
int bytes;
X509* x509;
@@ -10404,11 +10573,11 @@ static void test_wolfSSL_PEM_read_bio(void)
printf(testingFmt, "wolfSSL_PEM_read_bio()");
AssertNotNull(f = fopen(cliCertFile, "rb"));
bytes = (int)fread(buffer, 1, sizeof(buffer), f);
bytes = (int)fread(buff, 1, sizeof(buff), f);
fclose(f);
AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes));
AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_NOCLOSE), 1);
@@ -10424,7 +10593,7 @@ static void test_wolfSSL_PEM_read_bio(void)
static void test_wolfSSL_BIO(void)
{
#if defined(OPENSSL_EXTRA)
byte buffer[20];
byte buff[20];
BIO* bio1;
BIO* bio2;
BIO* bio3;
@@ -10434,7 +10603,7 @@ static void test_wolfSSL_BIO(void)
printf(testingFmt, "wolfSSL_BIO()");
for (i = 0; i < 20; i++) {
buffer[i] = i;
buff[i] = i;
}
/* Creating and testing type BIO_s_bio */
@@ -10443,25 +10612,25 @@ static void test_wolfSSL_BIO(void)
AssertNotNull(bio3 = BIO_new(BIO_s_bio()));
/* read/write before set up */
AssertIntEQ(BIO_read(bio1, buffer, 2), WOLFSSL_BIO_UNSET);
AssertIntEQ(BIO_write(bio1, buffer, 2), WOLFSSL_BIO_UNSET);
AssertIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET);
AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET);
AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10);
XMEMCPY(bufPt, buffer, 10);
AssertIntEQ(BIO_write(bio1, buffer + 10, 10), 10);
XMEMCPY(bufPt, buff, 10);
AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10);
/* write buffer full */
AssertIntEQ(BIO_write(bio1, buffer, 10), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS);
AssertIntEQ((int)BIO_ctrl_pending(bio1), 0);
/* write the other direction with pair */
AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8);
XMEMCPY(bufPt, buffer, 8);
AssertIntEQ(BIO_write(bio2, buffer, 10), WOLFSSL_BIO_ERROR);
XMEMCPY(bufPt, buff, 8);
AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR);
/* try read */
AssertIntEQ((int)BIO_ctrl_pending(bio1), 8);
@@ -10492,7 +10661,7 @@ static void test_wolfSSL_BIO(void)
/* fill write buffer, read only small amount then write again */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
XMEMCPY(bufPt, buffer, 20);
XMEMCPY(bufPt, buff, 20);
AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4);
for (i = 0; i < 4; i++) {
AssertIntEQ(bufPt[i], i);
@@ -10510,7 +10679,7 @@ static void test_wolfSSL_BIO(void)
/* should read only to end of write buffer then need to read again */
AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16);
for (i = 0; i < 16; i++) {
AssertIntEQ(bufPt[i], buffer[4 + i]);
AssertIntEQ(bufPt[i], buff[4 + i]);
}
AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
@@ -10527,14 +10696,14 @@ static void test_wolfSSL_BIO(void)
/* write and fill up buffer checking reset of index state */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
XMEMCPY(bufPt, buffer, 20);
XMEMCPY(bufPt, buff, 20);
/* test reset on data in bio1 write buffer */
AssertIntEQ(BIO_reset(bio1), 0);
AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
XMEMCPY(bufPt, buffer, 20);
XMEMCPY(bufPt, buff, 20);
AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6);
for (i = 0; i < 6; i++) {
AssertIntEQ(bufPt[i], i);
@@ -11291,12 +11460,16 @@ void ApiTest(void)
test_wolfSSL_EVP_MD_hmac_signing();
test_wolfSSL_CTX_add_extra_chain_cert();
test_wolfSSL_ERR_peek_last_error_line();
test_wolfSSL_set_options();
test_wolfSSL_X509_STORE_CTX();
test_wolfSSL_msgCb();
test_wolfSSL_X509_STORE_set_flags();
test_wolfSSL_X509_LOOKUP_load_file();
test_wolfSSL_X509_NID();
test_wolfSSL_X509_STORE_CTX_set_time();
test_wolfSSL_BN();
test_wolfSSL_set_options();
test_wolfSSL_X509_STORE_CTX();
test_wolfSSL_PEM_read_bio();
test_wolfSSL_BIO();
test_wolfSSL_DES_ecb_encrypt();

2
wolfssl/error-ssl.h
View File

@@ -181,7 +181,7 @@ enum wolfSSL_ErrorCodes {
};
#ifdef WOLFSSL_CALLBACKS
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
enum {
MIN_PARAM_ERR = UNSUPPORTED_SUITE,
MAX_PARAM_ERR = MIN_PARAM_ERR - 10

8
wolfssl/internal.h
View File

@@ -2316,6 +2316,8 @@ struct WOLFSSL_CTX {
word32 disabledCurves; /* curves disabled by user */
byte verifyDepth; /* maximum verification depth */
unsigned long mask; /* store SSL_OP_ flags */
const unsigned char *alpn_cli_protos;/* ALPN client protocol list */
unsigned int alpn_cli_protos_len;
#endif
CallbackIORecv CBIORecv;
CallbackIOSend CBIOSend;
@@ -3400,6 +3402,12 @@ struct WOLFSSL {
#ifdef WOLFSSL_CALLBACKS
HandShakeInfo handShakeInfo; /* info saved during handshake */
TimeoutInfo timeoutInfo; /* info saved during handshake */
#endif
#ifdef OPENSSL_EXTRA
SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */
void* protoMsgCtx; /* user set context with msg callback */
#endif
#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
byte hsInfoOn; /* track handshake info */
byte toInfoOn; /* track timeout info */
#endif

3
wolfssl/openssl/bn.h
View File

@@ -37,6 +37,8 @@ WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void);
@@ -112,6 +114,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
#define BN_mod wolfSSL_BN_mod
#define BN_mod_exp wolfSSL_BN_mod_exp
#define BN_mod_mul wolfSSL_BN_mod_mul
#define BN_sub wolfSSL_BN_sub
#define BN_value_one wolfSSL_BN_value_one

3
wolfssl/openssl/crypto.h
View File

@@ -42,9 +42,6 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i
#define CRYPTO_THREAD_r_lock wc_LockMutex
#define CRYPTO_THREAD_unlock wc_UnLockMutex
#define OPENSSL_malloc(a) XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL)
#endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
#endif /* header */

19
wolfssl/openssl/ssl.h
View File

@@ -220,6 +220,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_digest wolfSSL_X509_digest
#define X509_free wolfSSL_X509_free
#define OPENSSL_free wolfSSL_OPENSSL_free
#define OPENSSL_malloc wolfSSL_OPENSSL_malloc
#define OCSP_parse_url wolfSSL_OCSP_parse_url
#define SSLv23_client_method wolfSSLv23_client_method
@@ -294,6 +295,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
#define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert
#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags
#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb
#define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain
#define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error
#define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth
@@ -359,7 +361,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
#define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback
#define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos
#define ERR_peek_error wolfSSL_ERR_peek_error
#define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line
#define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp
@@ -412,8 +414,11 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define RAND_status wolfSSL_RAND_status
#define RAND_bytes wolfSSL_RAND_bytes
#define SSLv23_server_method wolfSSLv23_server_method
#define SSL_CTX_set_options wolfSSL_CTX_set_options
#define SSLv23_server_method wolfSSLv23_server_method
#define SSL_CTX_set_options wolfSSL_CTX_set_options
#define SSL_CTX_get_options wolfSSL_CTX_get_options
#define SSL_CTX_clear_options wolfSSL_CTX_clear_options
#define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key
#define ERR_free_strings wolfSSL_ERR_free_strings
@@ -430,6 +435,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context
#define SSL_get_peer_certificate wolfSSL_get_peer_certificate
#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain
#define SSL_want_read wolfSSL_want_read
#define SSL_want_write wolfSSL_want_write
@@ -555,6 +561,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define SSL_set_options wolfSSL_set_options
#define SSL_get_options wolfSSL_get_options
#define SSL_clear_options wolfSSL_clear_options
#define SSL_set_tmp_dh wolfSSL_set_tmp_dh
#define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations
#define SSL_total_renegotiations wolfSSL_total_renegotiations
@@ -652,7 +659,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define SSL_version wolfSSL_version
#define SSL_get_state wolfSSL_get_state
#define SSL_state_string_long wolfSSL_state_string_long
#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain
#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value
#define sk_X509_value wolfSSL_sk_X509_value
#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data
@@ -730,7 +737,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_MYSQL_COMPATIBLE)
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
#include <wolfssl/error-ssl.h>
@@ -774,6 +781,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#endif
#define OPENSSL_config wolfSSL_OPENSSL_config
#define OPENSSL_memdup wolfSSL_OPENSSL_memdup
#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index
#define X509_get_ex_data wolfSSL_X509_get_ex_data
#define X509_set_ex_data wolfSSL_X509_set_ex_data
@@ -789,6 +797,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define X509_check_host wolfSSL_X509_check_host
#define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER
#define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data
#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings
#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb
#define X509_email_free wolfSSL_X509_email_free
#define X509_get1_ocsp wolfSSL_X509_get1_ocsp

33
wolfssl/ssl.h
View File

@@ -122,6 +122,8 @@ typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR;
typedef struct WOLFSSL_CRL WOLFSSL_CRL;
typedef void *WOLFSSL_X509_STORE_CTX_verify_cb; /* verify callback */
/* redeclare guard */
#define WOLFSSL_TYPES_DEFINED
@@ -273,6 +275,7 @@ typedef struct WOLFSSL_X509_STORE_CTX {
int discardSessionCerts; /* so verify callback can flag for discard */
int totalCerts; /* number of peer cert buffers */
WOLFSSL_BUFFER_INFO* certs; /* peer certs */
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
} WOLFSSL_X509_STORE_CTX;
typedef char* WOLFSSL_STRING;
@@ -632,6 +635,7 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*);
WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
char** path, int* ssl);
@@ -726,7 +730,8 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*);
@@ -874,8 +879,9 @@ WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op);
WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s);
WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
@@ -1238,6 +1244,9 @@ WOLFSSL_API int wolfSSL_RAND_status(void);
WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num);
WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void);
WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
#ifndef NO_CERTS
WOLFSSL_API int wolfSSL_CTX_check_private_key(WOLFSSL_CTX*);
#endif /* !NO_CERTS */
@@ -1259,6 +1268,7 @@ WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
const unsigned char*, unsigned int);
WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
WOLFSSL_API int wolfSSL_want_read(WOLFSSL*);
WOLFSSL_API int wolfSSL_want_write(WOLFSSL*);
@@ -2370,9 +2380,6 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
WOLFSSL_DSA **x, pem_password_cb *cb, void *u);
WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
@@ -2427,8 +2434,6 @@ WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NA
WOLFSSL_API void* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
@@ -2463,8 +2468,6 @@ WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*);
WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp);
#endif
WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*));
WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val);
@@ -2502,13 +2505,19 @@ typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type,
WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb);
WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb);
WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg);
WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
WOLFSSL_API void wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg);
WOLFSSL_API void wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
#endif
#ifdef OPENSSL_EXTRA
WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file,
int *line, const char **data, int *flags);
WOLFSSL_API int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx,
const unsigned char *protos, unsigned int protos_len);
WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data,
size_t siz, const char* file, int line);
WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
#endif
#if defined WOLFSSL_NGINX || defined WOLFSSL_HAPROXY

2
wolfssl/wolfcrypt/memory.h
View File

@@ -97,7 +97,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*,
#ifndef SESSION_CERTS
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,16128
#else
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,21056
#define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,21072
#endif
#endif
#ifndef WOLFMEM_DIST