Additional OpenSSL compat layer stuff

- Add X509_get0_notBefore and X509_get0_notAfter
- Implement EVP_PKEY_get0_DSA and DSA_bits
- OpenSSL_version now prints "wolfSSL $VERSION"
- Remove define guards in `wolfSSL_internal_get_version` as all protocols are defined regardless in `wolfssl/internal.h`and this function just returns the string description of the protocol
This commit is contained in:
Juliusz Sosinowicz
2020-05-07 15:42:14 +02:00
parent 99ebae9f7c
commit 4a85bf8108
8 changed files with 53 additions and 29 deletions
+1 -1
View File
@@ -1536,7 +1536,7 @@ AC_ARG_ENABLE([dsa],
[ ENABLED_DSA=no ]
)
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
then
ENABLED_DSA="yes"
fi
+18 -9
View File
@@ -19268,21 +19268,14 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version)
if (version->major == SSLv3_MAJOR) {
switch (version->minor) {
#ifndef NO_OLD_TLS
#ifdef WOLFSSL_ALLOW_SSLV3
case SSLv3_MINOR :
return "SSLv3";
#endif
#ifdef WOLFSSL_ALLOW_TLSV10
case TLSv1_MINOR :
return "TLSv1";
#endif
case TLSv1_1_MINOR :
return "TLSv1.1";
#endif
case TLSv1_2_MINOR :
return "TLSv1.2";
#ifdef WOLFSSL_TLS13
case TLSv1_3_MINOR :
#ifdef WOLFSSL_TLS13_DRAFT
#ifdef WOLFSSL_TLS13_DRAFT_18
@@ -19299,7 +19292,6 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version)
#else
return "TLSv1.3";
#endif
#endif
default:
return "unknown";
}
@@ -19337,6 +19329,13 @@ const char* wolfSSL_lib_version(void)
return LIBWOLFSSL_VERSION_STRING;
}
#ifdef OPENSSL_EXTRA
const char* wolfSSL_OpenSSL_version(void)
{
return "wolfSSL " LIBWOLFSSL_VERSION_STRING;
}
#endif
/* current library version in hex */
word32 wolfSSL_lib_version_hex(void)
@@ -29954,6 +29953,16 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
return WOLFSSL_SUCCESS;
}
int wolfSSL_DSA_bits(const WOLFSSL_DSA *d)
{
if (!d)
return WOLFSSL_FAILURE;
if (!d->exSet && SetDsaExternal((WOLFSSL_DSA*)d) != WOLFSSL_SUCCESS)
return WOLFSSL_FAILURE;
return wolfSSL_BN_num_bits(d->p);
}
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa)
@@ -33232,7 +33241,7 @@ size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r, size_t nitems)
r[i].comment = wolfSSL_OBJ_nid2sn(r[i].nid);
}
return ecc_sets_count;
return min_nitems;
}
/* Start ECDSA_SIG */
+17 -16
View File
@@ -27185,7 +27185,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
#endif
}
#if defined(WOLFSSL_QT)
#if defined(OPENSSL_ALL)
#if !defined(NO_ASN)
static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
{
@@ -27253,7 +27253,7 @@ static void test_wolfSSL_sk_CIPHER_description(void)
printf(testingFmt, "wolfSSL_sk_CIPHER_description");
AssertNotNull(method = TLSv1_client_method());
AssertNotNull(method = TLSv1_2_client_method());
AssertNotNull(ctx = SSL_CTX_new(method));
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
@@ -27311,7 +27311,7 @@ static void test_wolfSSL_get_ciphers_compat(void)
printf(testingFmt, "wolfSSL_get_ciphers_compat");
AssertNotNull(method = TLSv1_client_method());
AssertNotNull(method = SSLv23_client_method());
AssertNotNull(ctx = SSL_CTX_new(method));
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
@@ -27618,14 +27618,18 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS);
/* Initialize pkey with der format dsa key */
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
&dsaKeyDer ,(long)dsaKeySz));
/* Test wolfSSL_EVP_PKEY_get1_DSA */
/* Should Fail: NULL argument */
AssertNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(NULL));
AssertNull(dsa = EVP_PKEY_get0_DSA(NULL));
AssertNull(dsa = EVP_PKEY_get1_DSA(NULL));
/* Should Pass: Initialized pkey argument */
AssertNotNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(pkey));
AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey));
AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey));
AssertIntEQ(DSA_bits(dsa), 2048);
/* Sign */
AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS);
@@ -27635,17 +27639,17 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
/* Test wolfSSL_EVP_PKEY_set1_DSA */
/* Should Fail: set1Pkey not initialized */
AssertIntNE(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
/* Initialize set1Pkey */
set1Pkey = wolfSSL_EVP_PKEY_new();
set1Pkey = EVP_PKEY_new();
/* Should Fail Verify: setDsa not initialized from set1Pkey */
AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer),
WOLFSSL_SUCCESS);
/* Should Pass: set dsa into set1Pkey */
AssertIntEQ(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
printf(resultFmt, passed);
DSA_free(dsa);
@@ -28041,7 +28045,7 @@ static void test_wolfSSL_OBJ_ln(void)
{
int nCurves = 27;
EC_builtin_curve r[nCurves];
EC_get_builtin_curves(r,nCurves);
nCurves = EC_get_builtin_curves(r,nCurves);
for (i = 0; i < nCurves; i++) {
AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid);
@@ -28080,7 +28084,7 @@ static void test_wolfSSL_OBJ_sn(void)
printf(resultFmt, passed);
}
#endif /* WOLFSSL_QT */
#endif /* OPENSSL_ALL */
static void test_wolfSSL_X509V3_EXT_get(void) {
@@ -32172,8 +32176,7 @@ void ApiTest(void)
test_wolfSSL_EVP_PKEY_derive();
test_wolfSSL_RSA_padding_add_PKCS1_PSS();
#if defined(WOLFSSL_QT)
printf("\n----------------Qt Unit Tests-------------------\n");
#if defined(OPENSSL_ALL)
test_wolfSSL_X509_PUBKEY_get();
test_wolfSSL_sk_CIPHER_description();
test_wolfSSL_get_ciphers_compat();
@@ -32190,9 +32193,7 @@ void ApiTest(void)
test_wolfSSL_OBJ_ln();
test_wolfSSL_OBJ_sn();
printf("\n-------------End Of Qt Unit Tests---------------\n");
#endif /* WOLFSSL_QT */
#endif /* OPENSSL_ALL */
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);
+8
View File
@@ -5800,6 +5800,14 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
return WOLFSSL_SUCCESS;
}
WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey)
{
if (!pkey) {
return NULL;
}
return pkey->dsa;
}
WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
{
WOLFSSL_DSA* local;
+2
View File
@@ -80,6 +80,8 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
unsigned char* sig,
WOLFSSL_DSA* dsa, int *dsacheck);
WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void);
WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
+1
View File
@@ -521,6 +521,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey,
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key);
WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey);
+5 -3
View File
@@ -340,8 +340,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define DSA_dup_DH wolfSSL_DSA_dup_DH
/* wolfSSL does not support DSA as the cert public key */
#define EVP_PKEY_get0_DSA(...) NULL
#define DSA_bits(...) 0
#define EVP_PKEY_get0_DSA wolfSSL_EVP_PKEY_get0_DSA
#define DSA_bits wolfSSL_DSA_bits
#define i2d_X509_bio wolfSSL_i2d_X509_bio
#define d2i_X509_bio wolfSSL_d2i_X509_bio
@@ -381,7 +381,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
#define X509_get_notBefore wolfSSL_X509_get_notBefore
#define X509_get0_notBefore wolfSSL_X509_get_notBefore
#define X509_get_notAfter wolfSSL_X509_get_notAfter
#define X509_get0_notAfter wolfSSL_X509_get_notAfter
#define X509_get_serialNumber wolfSSL_X509_get_serialNumber
#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr
#define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index
@@ -1227,7 +1229,7 @@ enum {
#define X509_OBJECT_free wolfSSL_X509_OBJECT_free
#define X509_OBJECT_get_type(x) 0
#define OpenSSL_version(x) wolfSSL_lib_version()
#define OpenSSL_version(x) wolfSSL_OpenSSL_version()
#ifdef __cplusplus
} /* extern "C" */
+1
View File
@@ -2088,6 +2088,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
/* which library version do we have */
WOLFSSL_API const char* wolfSSL_lib_version(void);
WOLFSSL_API const char* wolfSSL_OpenSSL_version(void);
/* which library version do we have in hex */
WOLFSSL_API word32 wolfSSL_lib_version_hex(void);