diff --git a/src/internal.c b/src/internal.c index 0ced00f78..ddfc5f94e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1544,7 +1544,10 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #endif /* !NO_WOLFSSL_SERVER */ #endif /* HAVE_TLS_EXTENSIONS */ - +#ifdef OPENSSL_EXTRA + if(ctx->alpn_cli_protos) + XFREE((void *)ctx->alpn_cli_protos, NULL, DYNAMIC_TYPE_OPENSSL); +#endif #ifdef WOLFSSL_STATIC_MEMORY if (ctx->heap != NULL) { #ifdef WOLFSSL_HEAP_TEST @@ -16311,6 +16314,21 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, currTime.tv_usec; info->numberPackets++; } + #ifdef OPENSSL_EXTRA + if (ssl->protoMsgCb != NULL && sz > RECORD_HEADER_SZ) { + /* version from hex to dec 16 is 16^1, 256 from 16^2 and + 4096 from 16^3 */ + int version = (ssl->version.minor & 0X0F) + + (ssl->version.minor & 0xF0) * 16 + + (ssl->version.major & 0X0F) * 256 + + (ssl->version.major & 0xF0) * 4096; + + ssl->protoMsgCb(written, version, type, + (const void *)(data + RECORD_HEADER_SZ), + (size_t)(sz - RECORD_HEADER_SZ), + ssl, ssl->protoMsgCtx); + } + #endif /* OPENSSL_EXTRA */ } diff --git a/src/ssl.c b/src/ssl.c index b2bbe1e99..d6db75755 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5868,8 +5868,16 @@ int wolfSSL_CertManagerDisableOCSPStapling(WOLFSSL_CERT_MANAGER* cm) #endif return ret; } - - +#if defined(SESSION_CERTS) +WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain"); + if ((ssl == NULL) || (ssl->session.chain.count == 0)) + return NULL; + else + return (WOLF_STACK_OF(WOLFSSL_X509)* )&ssl->session.chain; +} +#endif #ifdef HAVE_OCSP @@ -11456,21 +11464,36 @@ int wolfSSL_set_compression(WOLFSSL* ssl) long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) { - (void)ctx; WOLFSSL_ENTER("wolfSSL_CTX_get_options"); WOLFSSL_MSG("wolfSSL options are set through API calls and macros"); - - return 0; + if(ctx == NULL) + return BAD_FUNC_ARG; + return ctx->mask; } long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) { + WOLFSSL *ssl; WOLFSSL_ENTER("SSL_CTX_set_options"); - ctx->mask |= opt; - return opt; + if(ctx == NULL) + return BAD_FUNC_ARG; + ssl = wolfSSL_new(ctx); + if(ssl == NULL) + return SSL_FAILURE; + ctx->mask = wolfSSL_set_options(ssl, opt); + wolfSSL_free(ssl); + return ctx->mask; } + long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) + { + WOLFSSL_ENTER("SSL_CTX_clear_options"); + if(ctx == NULL) + return BAD_FUNC_ARG; + ctx->mask &= ~opt; + return ctx->mask; + } int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd) { @@ -11559,6 +11582,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return ctx->error_depth; return WOLFSSL_FATAL_ERROR; } + + void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx, + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb) + { + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_verify_cb"); + if(ctx == NULL) + return; + ctx->verify_cb = verify_cb; + } #endif @@ -12751,7 +12783,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_ENTER("EVP_MD_CTX_new"); ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL, DYNAMIC_TYPE_OPENSSL); - if (ctx){ + if (ctx){ wolfSSL_EVP_MD_CTX_init(ctx); } return ctx; @@ -12761,9 +12793,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { if (ctx) { WOLFSSL_ENTER("EVP_MD_CTX_free"); - wolfSSL_EVP_MD_CTX_cleanup(ctx); - XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); - } + wolfSSL_EVP_MD_CTX_cleanup(ctx); + XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); + } } void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx) @@ -14843,7 +14875,7 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { /* free head of stack */ if (sk->num == 1) { - wolfSSL_X509_free(sk->data.x509); + wolfSSL_X509_free(sk->data.x509); } XFREE(sk, NULL, DYNAMIC_TYPE_X509); } @@ -15250,7 +15282,7 @@ void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) /* free head of stack */ if (sk->num == 1) { - wolfSSL_ASN1_OBJECT_free(sk->data.obj); + wolfSSL_ASN1_OBJECT_free(sk->data.obj); } XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); } @@ -17004,8 +17036,7 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) return 0; } - -unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) +long wolfSSL_set_options(WOLFSSL* ssl, long op) { word16 haveRSA = 1; word16 havePSK = 0; @@ -17101,10 +17132,20 @@ unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) } -unsigned long wolfSSL_get_options(const WOLFSSL* ssl) +long wolfSSL_get_options(const WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_options"); + if(ssl == NULL) + return WOLFSSL_FAILURE; + return ssl->options.mask; +} +long wolfSSL_clear_options(WOLFSSL* ssl, long opt) +{ + WOLFSSL_ENTER("SSL_clear_options"); + if(ssl == NULL) + return WOLFSSL_FAILURE; + ssl->options.mask &= ~opt; return ssl->options.mask; } @@ -18545,6 +18586,31 @@ int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, return WOLFSSL_FAILURE; } +/* r = (a * p) % m */ +int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, + const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_BN_mod_mul"); + + (void) ctx; + if (r == NULL || a == NULL || p == NULL || m == NULL) { + WOLFSSL_MSG("Bad Argument"); + return SSL_FAILURE; + } + + if ((ret = mp_mulmod((mp_int*)a->internal,(mp_int*)p->internal, + (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) { + return SSL_SUCCESS; + } + + WOLFSSL_LEAVE("wolfSSL_BN_mod_mul", ret); + (void)ret; + + return SSL_FAILURE; +} + const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void) { static WOLFSSL_BIGNUM* bn_one = NULL; @@ -21401,6 +21467,10 @@ void wolfSSL_OPENSSL_free(void* p) XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL); } +void *wolfSSL_OPENSSL_malloc(size_t a) +{ + return XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL); +} #if defined(WOLFSSL_KEY_GEN) static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, @@ -22656,7 +22726,7 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, { int ret; - (void)ctx; + (void)ctx; WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp"); @@ -22920,7 +22990,7 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen, (void)KDF; - WOLFSSL_ENTER("wolfSSL_ECDH_compute_key"); + WOLFSSL_ENTER("wolfSSL_ECDH_compute_key"); if (out == NULL || pub_key == NULL || pub_key->internal == NULL || ecdh == NULL || ecdh->internal == NULL) { @@ -24888,6 +24958,10 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) session->ex_data[idx] = data; return WOLFSSL_SUCCESS; } +#else + (void)session; + (void)idx; + (void)data; #endif return WOLFSSL_FAILURE; } @@ -24917,6 +24991,9 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx) #ifdef HAVE_EX_DATA if (session != NULL && idx < MAX_EX_DATA && idx >= 0) return session->ex_data[idx]; +#else + (void)session; + (void)idx; #endif return NULL; } @@ -25164,17 +25241,6 @@ int wolfSSL_version(WOLFSSL* ssl) return WOLFSSL_FAILURE; } - -WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) -{ - (void)ssl; - WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain"); - WOLFSSL_STUB("wolfSSL_get_peer_cert_chain"); - - return NULL; -} - - WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_SSL_CTX"); @@ -25256,14 +25322,9 @@ void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg) ctx->sniRecvCbArg = arg; } - -long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) -{ - WOLFSSL_ENTER("SSL_CTX_clear_options"); - WOLFSSL_STUB("SSL_CTX_clear_options"); - (void)ctx; - (void)opt; - return opt; +void wolfSSL_ERR_load_BIO_strings(void) { + WOLFSSL_ENTER("ERR_load_BIO_strings"); + /* do nothing */ } void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*)) @@ -26554,6 +26615,7 @@ WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, char* names) #endif #ifdef OPENSSL_EXTRA +#ifndef NO_WOLFSSL_STUB int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) { WOLFSSL_STUB("SSL_CTX_set_msg_callback"); @@ -26561,28 +26623,75 @@ int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) (void)cb; return WOLFSSL_FAILURE; } +#endif + int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) { - WOLFSSL_STUB("SSL_set_msg_callback"); - (void)ssl; - (void)cb; - return WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_set_msg_callback"); + + if (ssl == NULL) { + return SSL_FAILURE; + } + + if (cb != NULL) { + ssl->toInfoOn = 1; + } + + ssl->protoMsgCb = cb; + return SSL_SUCCESS; } -int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg) + +#ifndef NO_WOLFSSL_STUB +void wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg) { WOLFSSL_STUB("SSL_CTX_set_msg_callback_arg"); (void)ctx; (void)arg; - return WOLFSSL_FAILURE; -} -int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg) -{ - WOLFSSL_STUB("SSL_set_msg_callback_arg"); - (void)ssl; - (void)arg; - return WOLFSSL_FAILURE; + return; } #endif +void wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg) +{ + WOLFSSL_ENTER("wolfSSL_set_msg_callback_arg"); + ssl->protoMsgCtx = arg; + return; +} + +void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line) +{ + void *ret; + (void)file; + (void)line; + + if (data == NULL || siz >= INT_MAX) + return NULL; + + ret = OPENSSL_malloc(siz); + if (ret == NULL) { + return NULL; + } + return XMEMCPY(ret, data, siz); +} + +int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, + unsigned int p_len) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_alpn_protos"); + if(ctx == NULL) + return BAD_FUNC_ARG; + if((void *)ctx->alpn_cli_protos != NULL) + wolfSSL_OPENSSL_free((void *)ctx->alpn_cli_protos); + ctx->alpn_cli_protos = + (const unsigned char *)wolfSSL_OPENSSL_memdup(p, p_len, NULL, 0); + if (ctx->alpn_cli_protos == NULL) { + return SSL_FAILURE; + } + ctx->alpn_cli_protos_len = p_len; + + return SSL_SUCCESS; +} + +#endif #endif /* WOLFCRYPT_ONLY */ diff --git a/tests/api.c b/tests/api.c index babe470bd..d7b6743ed 100644 --- a/tests/api.c +++ b/tests/api.c @@ -45,6 +45,8 @@ #include /* compatibility layer */ #include #include +#include "examples/server/server.h" + /* for testing compatibility layer callbacks */ #ifndef NO_MD5 #include @@ -160,6 +162,10 @@ #include #endif +#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) +#include "wolfssl/internal.h" /* for testing SSL_get_peer_cert_chain */ +#endif + /* enable testing buffer load functions */ #ifndef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 @@ -1007,8 +1013,8 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { - char buffer[WOLFSSL_MAX_ERROR_SZ]; - printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); + char buff[WOLFSSL_MAX_ERROR_SZ]; + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_accept failed");*/ goto done; } @@ -1056,7 +1062,9 @@ done: } #endif /* !NO_WOLFSSL_SERVER */ -static void test_client_nofail(void* args) +typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl); + +static void test_client_nofail(void* args, void *cb) { SOCKET_T sockfd = 0; @@ -1132,12 +1140,14 @@ static void test_client_nofail(void* args) } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { - char buffer[WOLFSSL_MAX_ERROR_SZ]; - printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); + char buff[WOLFSSL_MAX_ERROR_SZ]; + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ goto done2; } + if(cb != NULL)((cbType)cb)(ctx, ssl); + if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ @@ -1268,8 +1278,8 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { - char buffer[WOLFSSL_MAX_ERROR_SZ]; - printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); + char buff[WOLFSSL_MAX_ERROR_SZ]; + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_accept failed");*/ } else { @@ -1388,8 +1398,8 @@ static void run_wolfssl_client(void* args) } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { - char buffer[WOLFSSL_MAX_ERROR_SZ]; - printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); + char buff[WOLFSSL_MAX_ERROR_SZ]; + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ } else { @@ -1465,7 +1475,7 @@ static void test_wolfSSL_read_write(void) start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); - test_client_nofail(&client_args); + test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); @@ -9769,15 +9779,15 @@ static void test_wolfSSL_tmp_dh(void) static void test_wolfSSL_ctrl(void) { #if defined(OPENSSL_EXTRA) - byte buffer[5300]; + byte buff[5300]; BIO* bio; int bytes; BUF_MEM* ptr = NULL; printf(testingFmt, "wolfSSL_crtl()"); - bytes = sizeof(buffer); - bio = BIO_new_mem_buf((void*)buffer, bytes); + bytes = sizeof(buff); + bio = BIO_new_mem_buf((void*)buff, bytes); AssertNotNull(bio); AssertNotNull(BIO_s_socket()); @@ -9965,7 +9975,7 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) #ifndef SINGLE_THREADED start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); - test_client_nofail(&client_args); + test_client_nofail(&client_args, NULL); join_thread(serverThread); #endif @@ -10293,7 +10303,17 @@ static void test_wolfSSL_BN(void) /* check result 3^2 mod 5 */ value[0] = 0; AssertIntEQ(BN_bn2bin(d, value), WOLFSSL_SUCCESS); - AssertIntEQ((int)(value[0] & 0x04), 4); + AssertIntEQ(BN_bn2bin(d, value), SSL_SUCCESS); + AssertIntEQ((int)(value[0]), 4); + + /* a*b mod c = */ + AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE); + AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS); + + /* check result 3*2 mod 5 */ + value[0] = 0; + AssertIntEQ(BN_bn2bin(d, value), SSL_SUCCESS); + AssertIntEQ((int)(value[0]), 1); /* BN_mod_inverse test */ value[0] = 0; @@ -10335,6 +10355,96 @@ static void test_wolfSSL_BN(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ } +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) +#define TEST_ARG 0x1234 +static void msg_cb(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg) +{ + (void)write_p; + (void)version; + (void)content_type; + (void)buf; + (void)len; + (void)ssl; + + AssertTrue(arg == (void*)TEST_ARG); +} +#endif + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ + !defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES) +#ifndef SINGLE_THREADED +static int msgCb(SSL_CTX *ctx, SSL *ssl) +{ + (void) ctx; + (void) ssl; + printf("\n===== msgcb called ====\n"); + #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) + AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL); + AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 1); + #endif + return SSL_SUCCESS; +} +#endif +#endif + +static void test_wolfSSL_msgCb(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ + !defined(NO_OLD_TLS) && defined(HAVE_IO_TESTS_DEPENDENCIES) + + tcp_ready ready; + func_args client_args; + func_args server_args; + #ifndef SINGLE_THREADED + THREAD_TYPE serverThread; + #endif + callback_functions client_cb; + callback_functions server_cb; + + printf(testingFmt, "test_wolfSSL_msgCb"); + +/* create a failed connection and inspect the error */ +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + + StartTCP(); + InitTcpReady(&ready); + + client_cb.method = wolfTLSv1_2_client_method; + server_cb.method = wolfTLSv1_2_server_method; + + server_args.signal = &ready; + server_args.callbacks = &server_cb; + client_args.signal = &ready; + client_args.callbacks = &client_cb; + client_args.return_code = TEST_FAIL; + + #ifndef SINGLE_THREADED + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + test_client_nofail(&client_args, (void *)msgCb); + join_thread(serverThread); + AssertTrue(client_args.return_code); + AssertTrue(server_args.return_code); + #endif + + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + printf(resultFmt, passed); + +#endif +} static void test_wolfSSL_set_options(void) { @@ -10343,11 +10453,40 @@ static void test_wolfSSL_set_options(void) SSL* ssl; SSL_CTX* ctx; + unsigned char protos[] = { + 7, 't', 'l', 's', '/', '1', '.', '2', + 8, 'h', 't', 't', 'p', '/', '1', '.', '1' + }; + unsigned int len = sizeof(protos); + + void *arg = (void *)TEST_ARG; + printf(testingFmt, "wolfSSL_set_options()"); AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); - AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); - AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + + AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1); + AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1); + + AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE | + SSL_OP_NO_SSLv2)), 0); + AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) & + SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE); + AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) & + SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2); + AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) & + SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION); + AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) & + SSL_OP_NO_COMPRESSION)); + + SSL_CTX_free(ctx); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); + AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + AssertNotNull(ssl = SSL_new(ctx)); AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1); @@ -10361,6 +10500,13 @@ static void test_wolfSSL_set_options(void) SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2); AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION); + AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) & + SSL_OP_NO_COMPRESSION)); + + AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS); + SSL_set_msg_callback_arg(ssl, arg); + + AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == SSL_SUCCESS); SSL_free(ssl); SSL_CTX_free(ctx); @@ -10370,6 +10516,29 @@ static void test_wolfSSL_set_options(void) !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ } +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) +static int verify_cb(int ok, X509_STORE_CTX *ctx) +{ + (void) ok; + (void) ctx; + printf("ENTER verify_cb\n"); + return SSL_SUCCESS; +} +#endif + +static void test_wolfSSL_X509_STORE_CTX(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) + X509_STORE_CTX *ctx = NULL ; + + printf(testingFmt, "test_wolfSSL_X509_STORE_CTX(()"); + AssertNotNull(ctx = X509_STORE_CTX_new()); + X509_STORE_CTX_set_verify_cb(ctx, (void *)verify_cb); + X509_STORE_CTX_free(ctx); + printf(resultFmt, passed); + #endif +} + /* Testing wolfSSL_set_tlsext_status_type funciton. * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined. */ @@ -10395,7 +10564,7 @@ static void test_wolfSSL_PEM_read_bio(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) - byte buffer[5300]; + byte buff[5300]; FILE *f; int bytes; X509* x509; @@ -10404,11 +10573,11 @@ static void test_wolfSSL_PEM_read_bio(void) printf(testingFmt, "wolfSSL_PEM_read_bio()"); AssertNotNull(f = fopen(cliCertFile, "rb")); - bytes = (int)fread(buffer, 1, sizeof(buffer), f); + bytes = (int)fread(buff, 1, sizeof(buff), f); fclose(f); AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); - AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes)); + AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_NOCLOSE), 1); @@ -10424,7 +10593,7 @@ static void test_wolfSSL_PEM_read_bio(void) static void test_wolfSSL_BIO(void) { #if defined(OPENSSL_EXTRA) - byte buffer[20]; + byte buff[20]; BIO* bio1; BIO* bio2; BIO* bio3; @@ -10434,7 +10603,7 @@ static void test_wolfSSL_BIO(void) printf(testingFmt, "wolfSSL_BIO()"); for (i = 0; i < 20; i++) { - buffer[i] = i; + buff[i] = i; } /* Creating and testing type BIO_s_bio */ @@ -10443,25 +10612,25 @@ static void test_wolfSSL_BIO(void) AssertNotNull(bio3 = BIO_new(BIO_s_bio())); /* read/write before set up */ - AssertIntEQ(BIO_read(bio1, buffer, 2), WOLFSSL_BIO_UNSET); - AssertIntEQ(BIO_write(bio1, buffer, 2), WOLFSSL_BIO_UNSET); + AssertIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET); + AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET); AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS); AssertIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS); AssertIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10); - XMEMCPY(bufPt, buffer, 10); - AssertIntEQ(BIO_write(bio1, buffer + 10, 10), 10); + XMEMCPY(bufPt, buff, 10); + AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10); /* write buffer full */ - AssertIntEQ(BIO_write(bio1, buffer, 10), WOLFSSL_BIO_ERROR); + AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS); AssertIntEQ((int)BIO_ctrl_pending(bio1), 0); /* write the other direction with pair */ AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8); - XMEMCPY(bufPt, buffer, 8); - AssertIntEQ(BIO_write(bio2, buffer, 10), WOLFSSL_BIO_ERROR); + XMEMCPY(bufPt, buff, 8); + AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR); /* try read */ AssertIntEQ((int)BIO_ctrl_pending(bio1), 8); @@ -10492,7 +10661,7 @@ static void test_wolfSSL_BIO(void) /* fill write buffer, read only small amount then write again */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); - XMEMCPY(bufPt, buffer, 20); + XMEMCPY(bufPt, buff, 20); AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4); for (i = 0; i < 4; i++) { AssertIntEQ(bufPt[i], i); @@ -10510,7 +10679,7 @@ static void test_wolfSSL_BIO(void) /* should read only to end of write buffer then need to read again */ AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16); for (i = 0; i < 16; i++) { - AssertIntEQ(bufPt[i], buffer[4 + i]); + AssertIntEQ(bufPt[i], buff[4 + i]); } AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE); @@ -10527,14 +10696,14 @@ static void test_wolfSSL_BIO(void) /* write and fill up buffer checking reset of index state */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); - XMEMCPY(bufPt, buffer, 20); + XMEMCPY(bufPt, buff, 20); /* test reset on data in bio1 write buffer */ AssertIntEQ(BIO_reset(bio1), 0); AssertIntEQ((int)BIO_ctrl_pending(bio3), 0); AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); - XMEMCPY(bufPt, buffer, 20); + XMEMCPY(bufPt, buff, 20); AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6); for (i = 0; i < 6; i++) { AssertIntEQ(bufPt[i], i); @@ -11291,12 +11460,16 @@ void ApiTest(void) test_wolfSSL_EVP_MD_hmac_signing(); test_wolfSSL_CTX_add_extra_chain_cert(); test_wolfSSL_ERR_peek_last_error_line(); + test_wolfSSL_set_options(); + test_wolfSSL_X509_STORE_CTX(); + test_wolfSSL_msgCb(); test_wolfSSL_X509_STORE_set_flags(); test_wolfSSL_X509_LOOKUP_load_file(); test_wolfSSL_X509_NID(); test_wolfSSL_X509_STORE_CTX_set_time(); test_wolfSSL_BN(); test_wolfSSL_set_options(); + test_wolfSSL_X509_STORE_CTX(); test_wolfSSL_PEM_read_bio(); test_wolfSSL_BIO(); test_wolfSSL_DES_ecb_encrypt(); diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index 3ab6d3cdf..8be51383b 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -181,7 +181,7 @@ enum wolfSSL_ErrorCodes { }; -#ifdef WOLFSSL_CALLBACKS +#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) enum { MIN_PARAM_ERR = UNSUPPORTED_SUITE, MAX_PARAM_ERR = MIN_PARAM_ERR - 10 diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 89b5e550c..3a011850c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2316,6 +2316,8 @@ struct WOLFSSL_CTX { word32 disabledCurves; /* curves disabled by user */ byte verifyDepth; /* maximum verification depth */ unsigned long mask; /* store SSL_OP_ flags */ + const unsigned char *alpn_cli_protos;/* ALPN client protocol list */ + unsigned int alpn_cli_protos_len; #endif CallbackIORecv CBIORecv; CallbackIOSend CBIOSend; @@ -3400,6 +3402,12 @@ struct WOLFSSL { #ifdef WOLFSSL_CALLBACKS HandShakeInfo handShakeInfo; /* info saved during handshake */ TimeoutInfo timeoutInfo; /* info saved during handshake */ +#endif +#ifdef OPENSSL_EXTRA + SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */ + void* protoMsgCtx; /* user set context with msg callback */ +#endif +#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) byte hsInfoOn; /* track handshake info */ byte toInfoOn; /* track timeout info */ #endif diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index d105b7526..c44477db5 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -37,6 +37,8 @@ WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*); WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, + const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void); @@ -112,6 +114,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_mod wolfSSL_BN_mod #define BN_mod_exp wolfSSL_BN_mod_exp +#define BN_mod_mul wolfSSL_BN_mod_mul #define BN_sub wolfSSL_BN_sub #define BN_value_one wolfSSL_BN_value_one diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index e00c00a90..fdcfe2571 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -42,9 +42,6 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i #define CRYPTO_THREAD_r_lock wc_LockMutex #define CRYPTO_THREAD_unlock wc_UnLockMutex -#define OPENSSL_malloc(a) XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL) - #endif /* HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #endif /* header */ - diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index f144653a9..e726dff3f 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -220,6 +220,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_digest wolfSSL_X509_digest #define X509_free wolfSSL_X509_free #define OPENSSL_free wolfSSL_OPENSSL_free +#define OPENSSL_malloc wolfSSL_OPENSSL_malloc #define OCSP_parse_url wolfSSL_OCSP_parse_url #define SSLv23_client_method wolfSSLv23_client_method @@ -294,6 +295,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert #define X509_STORE_add_cert wolfSSL_X509_STORE_add_cert #define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags +#define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb #define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain #define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error #define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth @@ -359,7 +361,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to) #define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback - +#define SSL_CTX_set_alpn_protos wolfSSL_CTX_set_alpn_protos #define ERR_peek_error wolfSSL_ERR_peek_error #define ERR_peek_last_error_line wolfSSL_ERR_peek_last_error_line #define ERR_peek_errors_fp wolfSSL_ERR_peek_errors_fp @@ -412,8 +414,11 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define RAND_status wolfSSL_RAND_status #define RAND_bytes wolfSSL_RAND_bytes -#define SSLv23_server_method wolfSSLv23_server_method -#define SSL_CTX_set_options wolfSSL_CTX_set_options +#define SSLv23_server_method wolfSSLv23_server_method +#define SSL_CTX_set_options wolfSSL_CTX_set_options +#define SSL_CTX_get_options wolfSSL_CTX_get_options +#define SSL_CTX_clear_options wolfSSL_CTX_clear_options + #define SSL_CTX_check_private_key wolfSSL_CTX_check_private_key #define ERR_free_strings wolfSSL_ERR_free_strings @@ -430,6 +435,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_set_session_id_context wolfSSL_CTX_set_session_id_context #define SSL_get_peer_certificate wolfSSL_get_peer_certificate +#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain #define SSL_want_read wolfSSL_want_read #define SSL_want_write wolfSSL_want_write @@ -555,6 +561,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_set_options wolfSSL_set_options #define SSL_get_options wolfSSL_get_options +#define SSL_clear_options wolfSSL_clear_options #define SSL_set_tmp_dh wolfSSL_set_tmp_dh #define SSL_clear_num_renegotiations wolfSSL_clear_num_renegotiations #define SSL_total_renegotiations wolfSSL_total_renegotiations @@ -652,7 +659,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_version wolfSSL_version #define SSL_get_state wolfSSL_get_state #define SSL_state_string_long wolfSSL_state_string_long -#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain + #define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value #define sk_X509_value wolfSSL_sk_X509_value #define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data @@ -730,7 +737,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_MYSQL_COMPATIBLE) + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) #include @@ -774,6 +781,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #endif #define OPENSSL_config wolfSSL_OPENSSL_config +#define OPENSSL_memdup wolfSSL_OPENSSL_memdup #define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index #define X509_get_ex_data wolfSSL_X509_get_ex_data #define X509_set_ex_data wolfSSL_X509_set_ex_data @@ -789,6 +797,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define X509_check_host wolfSSL_X509_check_host #define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER #define ERR_peek_error_line_data wolfSSL_ERR_peek_error_line_data +#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb #define X509_email_free wolfSSL_X509_email_free #define X509_get1_ocsp wolfSSL_X509_get1_ocsp diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b5ed5b811..9bbbb3eca 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -122,6 +122,8 @@ typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; typedef struct WOLFSSL_CRL WOLFSSL_CRL; +typedef void *WOLFSSL_X509_STORE_CTX_verify_cb; /* verify callback */ + /* redeclare guard */ #define WOLFSSL_TYPES_DEFINED @@ -273,6 +275,7 @@ typedef struct WOLFSSL_X509_STORE_CTX { int discardSessionCerts; /* so verify callback can flag for discard */ int totalCerts; /* number of peer cert buffers */ WOLFSSL_BUFFER_INFO* certs; /* peer certs */ + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ } WOLFSSL_X509_STORE_CTX; typedef char* WOLFSSL_STRING; @@ -632,6 +635,7 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); WOLFSSL_API void wolfSSL_OPENSSL_free(void*); +WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, int* ssl); @@ -726,7 +730,8 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( WOLFSSL_X509_STORE_CTX*); WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*); WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*); - +WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx, + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*); @@ -874,8 +879,9 @@ WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*); WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*); WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*); -WOLFSSL_API unsigned long wolfSSL_set_options(WOLFSSL *s, unsigned long op); -WOLFSSL_API unsigned long wolfSSL_get_options(const WOLFSSL *s); +WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op); +WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s); +WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op); WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); @@ -1238,6 +1244,9 @@ WOLFSSL_API int wolfSSL_RAND_status(void); WOLFSSL_API int wolfSSL_RAND_bytes(unsigned char* buf, int num); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void); WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long); +WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); +WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); + #ifndef NO_CERTS WOLFSSL_API int wolfSSL_CTX_check_private_key(WOLFSSL_CTX*); #endif /* !NO_CERTS */ @@ -1259,6 +1268,7 @@ WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, const unsigned char*, unsigned int); WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); WOLFSSL_API int wolfSSL_want_read(WOLFSSL*); WOLFSSL_API int wolfSSL_want_write(WOLFSSL*); @@ -2370,9 +2380,6 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, pem_password_cb *cb, void *u); WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); -WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); - - #endif /* HAVE_STUNNEL || HAVE_LIGHTY */ @@ -2427,8 +2434,6 @@ WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NA WOLFSSL_API void* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int); -WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); - WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); @@ -2463,8 +2468,6 @@ WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp); #endif -WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); - WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*)); WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val); @@ -2502,13 +2505,19 @@ typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type, WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb); WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb); -WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg); -WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg); +WOLFSSL_API void wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg); +WOLFSSL_API void wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg); + #endif #ifdef OPENSSL_EXTRA WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags); +WOLFSSL_API int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, + const unsigned char *protos, unsigned int protos_len); +WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, + size_t siz, const char* file, int line); +WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); #endif #if defined WOLFSSL_NGINX || defined WOLFSSL_HAPROXY diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index f838c0b87..40b0ed407 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -97,7 +97,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, #ifndef SESSION_CERTS #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,16128 #else - #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,21056 + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,21072 #endif #endif #ifndef WOLFMEM_DIST