Merge pull request #4350 from cconlon/pythonCompatD

OpenSSL compatibility fixes: BIO_set_nbio(), SHA3 NID, WOLFSSL_PYTHON
2025-07-29 18:27:29 +02:00 · 2021-10-12 08:14:34 +10:00
parent b8c4e89ea0 82a3d79c2f
commit 69d5405e91
5 changed files with 64 additions and 38 deletions
--- a/src/bio.c
+++ b/src/bio.c
@ -1696,42 +1696,47 @@ void* wolfSSL_BIO_get_data(WOLFSSL_BIO* bio)
 }

 /* If flag is 0 then blocking is set, if 1 then non blocking.
- * Always returns 1
+ * Always returns WOLFSSL_SUCCESS.
 */
 long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on)
 {
-    int ret = 0;
-    #ifndef WOLFSSL_DTLS
-    (void)on;
-    #endif
    WOLFSSL_ENTER("wolfSSL_BIO_set_nbio");

-    switch (bio->type) {
-        case WOLFSSL_BIO_SOCKET:
-        #ifdef XFCNTL
-            {
-                int flag = XFCNTL(bio->num, F_GETFL, 0);
-                if (on)
-                    ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK);
-                else
-                    ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK);
-            }
-        #endif
-            break;
-        case WOLFSSL_BIO_SSL:
-        #ifdef WOLFSSL_DTLS
-            wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on);
-        #endif
-            break;
+    if (bio) {
+        switch (bio->type) {
+            case WOLFSSL_BIO_SOCKET:
+            #ifdef XFCNTL
+                {
+                    int ret;
+                    int flag = XFCNTL(bio->num, F_GETFL, 0);
+                    if (on) {
+                        ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK);
+                    }
+                    else {
+                        ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK);
+                    }

-        default:
-            WOLFSSL_MSG("Unsupported bio type for non blocking");
-            break;
+                    if (ret == -1) {
+                        WOLFSSL_MSG("Call to XFCNTL failed");
+                    }
+                }
+            #endif
+                break;
+            case WOLFSSL_BIO_SSL:
+            #ifdef WOLFSSL_DTLS
+                wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on);
+            #endif
+                break;
+
+            default:
+                WOLFSSL_MSG("Unsupported bio type for non blocking");
+                break;
+        }
    }
-    if (ret != -1)
-        return 1;
-    else
-        return 0;
+
+    (void)on;
+
+    return WOLFSSL_SUCCESS;
 }


--- a/src/ssl.c
+++ b/src/ssl.c
@ -27966,8 +27966,9 @@ static long wolf_set_options(long old_op, long op)
        WOLFSSL_MSG("\tSSL_OP_NO_SSLv3");
    }

-    if ((op & SSL_OP_CIPHER_SERVER_PREFERENCE) == SSL_OP_CIPHER_SERVER_PREFERENCE) {
-        WOLFSSL_MSG("\tSSL_OP_CIPHER_SERVER_PREFERENCE");
+    if ((op & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) ==
+            WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) {
+        WOLFSSL_MSG("\tWOLFSSL_OP_CIPHER_SERVER_PREFERENCE");
    }

    if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) {
@ -31175,7 +31176,20 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
    #ifdef WOLFSSL_SHA512
        { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"},
    #endif
-
+    #ifdef WOLFSSL_SHA3
+        #ifndef WOLFSSL_NOSHA3_224
+        { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"},
+        #endif
+        #ifndef WOLFSSL_NOSHA3_256
+        { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"},
+        #endif
+        #ifndef WOLFSSL_NOSHA3_384
+        { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"},
+        #endif
+        #ifndef WOLFSSL_NOSHA3_512
+        { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"},
+        #endif
+    #endif /* WOLFSSL_SHA3 */
        /* oidSigType */
    #ifndef NO_DSA
        #ifndef NO_SHA
@ -45840,8 +45854,8 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)

        #ifdef WOLFSSL_QT
        /* Set whether to use client or server cipher preference */
-        if ((ctrl_opt & SSL_OP_CIPHER_SERVER_PREFERENCE)
-                     == SSL_OP_CIPHER_SERVER_PREFERENCE) {
+        if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE)
+                     == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) {
            WOLFSSL_MSG("Using Server's Cipher Preference.");
            ctx->useClientOrder = FALSE;
        } else {
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@ -35,7 +35,8 @@
      defined(WOLFSSL_RSYSLOG)
    /* For Apache httpd, Use 1.1.0 compatibility */
     #define OPENSSL_VERSION_NUMBER 0x10100000L
-#elif  defined(WOLFSSL_QT)
+#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON)
+    /* For Qt and Python 3.8.5 compatibility */
     #define OPENSSL_VERSION_NUMBER 0x10101000L
 #elif defined(WOLFSSL_HAPROXY)
     #define OPENSSL_VERSION_NUMBER 0x1010000fL
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@ -1452,6 +1452,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
 #endif

+/* Some openssl consumers try to detect these options with ifdef, defining
+ * here since we use an enum internally instead */
+#define SSL_OP_SINGLE_DH_USE            WOLFSSL_OP_SINGLE_DH_USE
+#define SSL_OP_SINGLE_ECDH_USE          WOLFSSL_OP_SINGLE_ECDH_USE
+#define SSL_OP_CIPHER_SERVER_PREFERENCE WOLFSSL_OP_CIPHER_SERVER_PREFERENCE
+
 #define OPENSSL_config	                wolfSSL_OPENSSL_config
 #define OPENSSL_memdup                  wolfSSL_OPENSSL_memdup
 #define OPENSSL_cleanse                 wolfSSL_OPENSSL_cleanse
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -2043,14 +2043,14 @@ enum {
    SSL_OP_PKCS1_CHECK_2                          = 0x00008000,
    SSL_OP_NETSCAPE_CA_DN_BUG                     = 0x00010000,
    SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG        = 0x00020000,
-    SSL_OP_SINGLE_DH_USE                          = 0x00040000,
+    WOLFSSL_OP_SINGLE_DH_USE                      = 0x00040000,
    SSL_OP_NO_TICKET                              = 0x00080000,
    SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS            = 0x00100000,
    SSL_OP_NO_QUERY_MTU                           = 0x00200000,
    SSL_OP_COOKIE_EXCHANGE                        = 0x00400000,
    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000,
-    SSL_OP_SINGLE_ECDH_USE                        = 0x01000000,
-    SSL_OP_CIPHER_SERVER_PREFERENCE               = 0x02000000,
+    WOLFSSL_OP_SINGLE_ECDH_USE                    = 0x01000000,
+    WOLFSSL_OP_CIPHER_SERVER_PREFERENCE           = 0x02000000,
    WOLFSSL_OP_NO_TLSv1_1                         = 0x04000000,
    WOLFSSL_OP_NO_TLSv1_2                         = 0x08000000,
    SSL_OP_NO_COMPRESSION                         = 0x10000000,