diff --git a/src/ssl.c b/src/ssl.c index b7690318e..ac4ca483b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16023,6 +16023,52 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { #endif /* NO_CERTS && OPENSSL_EXTRA */ +#ifdef OPENSSL_EXTRA + +/* Returns the general name at index i from the stack + * + * sk stack to get general name from + * i index to get + * + * return a pointer to the internal node of the stack + */ +WOLFSSL_ASN1_OBJECT* wolfSSL_sk_GENERAL_NAME_value(WOLFSSL_STACK* sk, int i) +{ + WOLFSSL_STACK* cur; + int j; + + WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_value"); + + if (i < 0 || sk == NULL) { + return NULL; + } + + cur = sk; + for (j = 0; j < i && cur != NULL; j++) { + cur = cur->next; + } + + return cur->data.obj; +} + + +/* Gets the number of nodes in the stack + * + * sk stack to get the number of nodes from + * + * returns the number of nodes + */ +int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num"); + + if (sk == NULL) { + return 0; + } + + return (int)sk->num; +} +#endif /* OPENSSL_EXTRA */ /* Wraps wolfSSL_X509_d2i * diff --git a/src/tls.c b/src/tls.c index 2a61d97ca..5f2ada3b2 100644 --- a/src/tls.c +++ b/src/tls.c @@ -8641,7 +8641,29 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #ifndef NO_WOLFSSL_CLIENT #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_TLSV10 + #ifdef OPENSSL_EXTRA + /* Gets a WOLFSL_METHOD type that is not set as client or server + * + * Returns a pointer to a WOLFSSL_METHOD struct + */ + WOLFSSL_METHOD* wolfTLSv1_method(void) { + WOLFSSL_METHOD* m; + WOLFSSL_ENTER("wolfTLSv1_method"); + #ifndef NO_WOLFSSL_CLIENT + m = wolfTLSv1_client_method(); + #else + m = wolfTLSv1_server_method(); + #endif + if (m != NULL) { + m->side = WOLFSSL_NEITHER_END; + } + + return m; + } + #endif /* OPENSSL_EXTRA */ + WOLFSSL_METHOD* wolfTLSv1_client_method(void) { return wolfTLSv1_client_method_ex(NULL); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 377015c23..0e4f9683b 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -25,7 +25,52 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); -#ifdef WOLFSSL_SIGNAL + +/* Getter function for cipher key length + * + * c WOLFSSL_EVP_CIPHER structure to get key length from + * + * NOTE: OpenSSL_add_all_ciphers() should be called first before using this + * function + * + * Returns size of key in bytes + */ +int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c) +{ + WOLFSSL_ENTER("wolfSSL_EVP_Cipher_key_length"); + + if (c == NULL) { + return 0; + } + + switch (cipherType(c)) { + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + case AES_128_CBC_TYPE: return 16; + case AES_192_CBC_TYPE: return 24; + case AES_256_CBC_TYPE: return 32; + #endif + #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) + case AES_128_CTR_TYPE: return 16; + case AES_192_CTR_TYPE: return 24; + case AES_256_CTR_TYPE: return 32; + #endif + #if !defined(NO_AES) && defined(HAVE_AES_ECB) + case AES_128_ECB_TYPE: return 16; + case AES_192_ECB_TYPE: return 24; + case AES_256_ECB_TYPE: return 32; + #endif + #ifndef NO_DES3 + case DES_CBC_TYPE: return 8; + case DES_EDE3_CBC_TYPE: return 24; + case DES_ECB_TYPE: return 8; + case DES_EDE3_ECB_TYPE: return 24; + #endif + default: + return 0; + } +} + + WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, const WOLFSSL_EVP_CIPHER* type, const unsigned char* key, @@ -64,43 +109,6 @@ WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 0); } -#else /* WOLFSSL_SIGNAL */ - -WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - unsigned char* key, unsigned char* iv) -{ - return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1); -} - -WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - unsigned char* key, unsigned char* iv) -{ - (void) impl; - return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1); -} - -WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - unsigned char* key, unsigned char* iv) -{ - WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); - return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0); -} - -WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - unsigned char* key, unsigned char* iv) -{ - (void) impl; - WOLFSSL_ENTER("wolfSSL_EVP_DecryptInit"); - return wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0); -} - -#endif /* WOLFSSL_SIGNAL */ WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void) { diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 0db570aab..e8332d3d6 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -265,6 +265,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX*); WOLFSSL_API int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER*); +WOLFSSL_API int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c); WOLFSSL_API int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, @@ -276,7 +277,6 @@ WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, WOLFSSL_ENGINE *impl, unsigned char* key, unsigned char* iv, int enc); -#ifdef WOLFSSL_SIGNAL WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, const WOLFSSL_EVP_CIPHER* type, const unsigned char* key, @@ -295,22 +295,6 @@ WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, WOLFSSL_ENGINE *impl, const unsigned char* key, const unsigned char* iv); -#else -WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - unsigned char* key, unsigned char* iv); -WOLFSSL_API int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - unsigned char* key, unsigned char* iv); -WOLFSSL_API int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - unsigned char* key, unsigned char* iv); -WOLFSSL_API int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - unsigned char* key, unsigned char* iv); -#endif /* WOLFSSL_SIGNAL */ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); @@ -488,6 +472,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_CTX_mode wolfSSL_EVP_CIPHER_CTX_mode #define EVP_CIPHER_iv_length wolfSSL_EVP_CIPHER_iv_length +#define EVP_CIPHER_key_length wolfSSL_EVP_Cipher_key_length #define EVP_CipherInit wolfSSL_EVP_CipherInit #define EVP_CipherInit_ex wolfSSL_EVP_CipherInit_ex diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index bd8fe0f20..f78543dc2 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -138,6 +138,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSLv23_method wolfSSLv23_method #define SSLv3_server_method wolfSSLv3_server_method #define SSLv3_client_method wolfSSLv3_client_method +#define TLSv1_method wolfTLSv1_method #define TLSv1_server_method wolfTLSv1_server_method #define TLSv1_client_method wolfTLSv1_client_method #define TLSv1_1_server_method wolfTLSv1_1_server_method @@ -580,7 +581,6 @@ enum { NID_anyExtendedKeyUsage = 76, }; - #define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ #define PEM_write_bio_X509_AUX wolfSSL_PEM_write_bio_X509_AUX @@ -807,6 +807,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) #define PEM_R_NO_START_LINE 108 #define ERR_LIB_PEM 9 +#define ERR_LIB_X509 10 #ifdef WOLFSSL_NGINX #include diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index ff63098e1..a1bdbac69 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -398,6 +398,7 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); +WOLFSSL_API WOLFSSL_METHOD* wolfTLSv1_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); @@ -673,6 +674,9 @@ WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509); WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_GENERAL_NAME_value( + WOLFSSL_STACK* sk, int i); +WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj); WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,