Include stuff needed for EAP in hostap

Patch that includes the API needed for EAP in hostapd and wpa_supplicant

configure.ac

@@ -974,7 +974,7 @@ if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xn
 then
   AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
   AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS"
-  AM_CFLAGS="-DHAVE_EXT_CACHE $AM_CFLAGS"
+  AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS"
 fi
 
 if test "$ENABLED_OPENSSLEXTRA" = "x509small"
@@ -1037,8 +1037,6 @@ fi
 if test "$ENABLED_WPAS" = "small"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL"
-    AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT"
-    AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
 fi
 if test "$ENABLED_WPAS" = "yes"
 then
@@ -1060,6 +1058,8 @@ then
     AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
+    AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT"
+    AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
 fi
 
 if test "$ENABLED_FORTRESS" = "yes"

src/internal.c

@@ -13187,7 +13187,7 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
         ssl->secure_renegotiation->verifySet = 1;
     }
 #endif
-#ifdef OPENSSL_ALL
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
     if (ssl->options.side == WOLFSSL_CLIENT_END)
         XMEMCPY(ssl->serverFinished,
                 input + *inOutIdx, TLS_FINISHED_SZ);
@@ -17978,7 +17978,7 @@ int SendFinished(WOLFSSL* ssl)
                     TLS_FINISHED_SZ);
     }
 #endif
-#ifdef OPENSSL_ALL
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
     if (ssl->options.side == WOLFSSL_CLIENT_END)
         XMEMCPY(ssl->clientFinished,
                 hashes, TLS_FINISHED_SZ);

src/ssl.c

@@ -14084,7 +14084,14 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
 
     (void)       restoreSessionCerts;
 
-    if (ssl->options.sessionCacheOff)
+    if (ssl->options.sessionCacheOff
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET)
+            && ssl->session.ticketLen == 0
+#endif
+#ifdef OPENSSL_EXTRA
+            && ssl->options.side != WOLFSSL_CLIENT_END
+#endif
+            )
         return NULL;
 
     if (ssl->options.haveSessionId == 0)
@@ -14291,7 +14298,14 @@ static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
 
 int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
 {
-    if (ssl == NULL || ssl->options.sessionCacheOff)
+    if (ssl == NULL || (ssl->options.sessionCacheOff
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET)
+            && session->ticketLen == 0
+#endif
+#ifdef OPENSSL_EXTRA
+            && ssl->options.side != WOLFSSL_CLIENT_END
+#endif
+            ))
         return WOLFSSL_FAILURE;
 
 #ifdef OPENSSL_EXTRA
@@ -14356,7 +14370,14 @@ int AddSession(WOLFSSL* ssl)
     int cbRet = 0;
 #endif
 
-    if (ssl->options.sessionCacheOff)
+    if (ssl->options.sessionCacheOff
+#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_FORCE_CACHE_ON_TICKET)
+            && ssl->session.ticketLen == 0
+#endif
+#ifdef OPENSSL_EXTRA
+            && ssl->options.side != WOLFSSL_CLIENT_END
+#endif
+            )
         return 0;
 
     if (ssl->options.haveSessionId == 0)
@@ -27259,7 +27280,7 @@ int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp)
     return a->objSz;
 }
 
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
 WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count)
 {
     WOLFSSL_ENTER("SSL_get_finished");

tests/api.c

@@ -23448,6 +23448,7 @@ static int test_wc_ecc_pointFns (void)
 
     printf(resultFmt, ret == 0 ? passed : failed);
 
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
 #ifdef USE_ECC_B_PARAM
     printf(testingFmt, "wc_ecc_point_is_on_curve()");
     /* On curve if ret == 0 */
@@ -23468,6 +23469,7 @@ static int test_wc_ecc_pointFns (void)
     }
     printf(resultFmt, ret == 0 ? passed : failed);
 #endif /* USE_ECC_B_PARAM */
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
 
     /* Free */
     wc_ecc_del_point(point);
@@ -30971,7 +30973,7 @@ static void test_wolfSSL_Tls13_Key_Logging_test(void)
 
     printf(resultFmt, passed);
 
-#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
+#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */
 }
 
 static void test_wolfSSL_X509_NID(void)

wolfssl/internal.h

@@ -4478,7 +4478,7 @@ struct WOLFSSL {
 #ifdef WOLFSSL_STATIC_EPHEMERAL
     StaticKeyExchangeInfo_t staticKE;
 #endif
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
     /* Added in libest port: allow applications to get the 'tls-unique' Channel
      * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is
      * used in the EST protocol to bind an enrollment to a TLS session through

wolfssl/ssl.h

@@ -4408,7 +4408,7 @@ WOLFSSL_API int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk,
 #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
 WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
         const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
 WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count);