diff --git a/src/bio.c b/src/bio.c index 96ba6cec2..9a6f0551a 100644 --- a/src/bio.c +++ b/src/bio.c @@ -1696,42 +1696,47 @@ void* wolfSSL_BIO_get_data(WOLFSSL_BIO* bio) } /* If flag is 0 then blocking is set, if 1 then non blocking. - * Always returns 1 + * Always returns WOLFSSL_SUCCESS. */ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) { - int ret = 0; - #ifndef WOLFSSL_DTLS - (void)on; - #endif WOLFSSL_ENTER("wolfSSL_BIO_set_nbio"); - switch (bio->type) { - case WOLFSSL_BIO_SOCKET: - #ifdef XFCNTL - { - int flag = XFCNTL(bio->num, F_GETFL, 0); - if (on) - ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); - else - ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); - } - #endif - break; - case WOLFSSL_BIO_SSL: - #ifdef WOLFSSL_DTLS - wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on); - #endif - break; + if (bio) { + switch (bio->type) { + case WOLFSSL_BIO_SOCKET: + #ifdef XFCNTL + { + int ret; + int flag = XFCNTL(bio->num, F_GETFL, 0); + if (on) { + ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); + } + else { + ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); + } - default: - WOLFSSL_MSG("Unsupported bio type for non blocking"); - break; + if (ret == -1) { + WOLFSSL_MSG("Call to XFCNTL failed"); + } + } + #endif + break; + case WOLFSSL_BIO_SSL: + #ifdef WOLFSSL_DTLS + wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on); + #endif + break; + + default: + WOLFSSL_MSG("Unsupported bio type for non blocking"); + break; + } } - if (ret != -1) - return 1; - else - return 0; + + (void)on; + + return WOLFSSL_SUCCESS; } diff --git a/src/ssl.c b/src/ssl.c index ee31ccaec..fb450b17c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27966,8 +27966,9 @@ static long wolf_set_options(long old_op, long op) WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); } - if ((op & SSL_OP_CIPHER_SERVER_PREFERENCE) == SSL_OP_CIPHER_SERVER_PREFERENCE) { - WOLFSSL_MSG("\tSSL_OP_CIPHER_SERVER_PREFERENCE"); + if ((op & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) == + WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { + WOLFSSL_MSG("\tWOLFSSL_OP_CIPHER_SERVER_PREFERENCE"); } if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { @@ -31175,7 +31176,20 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #ifdef WOLFSSL_SHA512 { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"}, #endif - + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"}, + #endif + #ifndef WOLFSSL_NOSHA3_256 + { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"}, + #endif + #ifndef WOLFSSL_NOSHA3_384 + { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"}, + #endif + #ifndef WOLFSSL_NOSHA3_512 + { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"}, + #endif + #endif /* WOLFSSL_SHA3 */ /* oidSigType */ #ifndef NO_DSA #ifndef NO_SHA @@ -45840,8 +45854,8 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) #ifdef WOLFSSL_QT /* Set whether to use client or server cipher preference */ - if ((ctrl_opt & SSL_OP_CIPHER_SERVER_PREFERENCE) - == SSL_OP_CIPHER_SERVER_PREFERENCE) { + if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) + == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { WOLFSSL_MSG("Using Server's Cipher Preference."); ctx->useClientOrder = FALSE; } else { diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index f0c874cd8..9ae42413d 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -35,7 +35,8 @@ defined(WOLFSSL_RSYSLOG) /* For Apache httpd, Use 1.1.0 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10100000L -#elif defined(WOLFSSL_QT) +#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) + /* For Qt and Python 3.8.5 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10101000L #elif defined(WOLFSSL_HAPROXY) #define OPENSSL_VERSION_NUMBER 0x1010000fL diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 128d48365..556ef0c58 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1452,6 +1452,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 #endif +/* Some openssl consumers try to detect these options with ifdef, defining + * here since we use an enum internally instead */ +#define SSL_OP_SINGLE_DH_USE WOLFSSL_OP_SINGLE_DH_USE +#define SSL_OP_SINGLE_ECDH_USE WOLFSSL_OP_SINGLE_ECDH_USE +#define SSL_OP_CIPHER_SERVER_PREFERENCE WOLFSSL_OP_CIPHER_SERVER_PREFERENCE + #define OPENSSL_config wolfSSL_OPENSSL_config #define OPENSSL_memdup wolfSSL_OPENSSL_memdup #define OPENSSL_cleanse wolfSSL_OPENSSL_cleanse diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 604bef21e..318ae6513 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2043,14 +2043,14 @@ enum { SSL_OP_PKCS1_CHECK_2 = 0x00008000, SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000, - SSL_OP_SINGLE_DH_USE = 0x00040000, + WOLFSSL_OP_SINGLE_DH_USE = 0x00040000, SSL_OP_NO_TICKET = 0x00080000, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000, SSL_OP_NO_QUERY_MTU = 0x00200000, SSL_OP_COOKIE_EXCHANGE = 0x00400000, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000, - SSL_OP_SINGLE_ECDH_USE = 0x01000000, - SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000, + WOLFSSL_OP_SINGLE_ECDH_USE = 0x01000000, + WOLFSSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000, WOLFSSL_OP_NO_TLSv1_1 = 0x04000000, WOLFSSL_OP_NO_TLSv1_2 = 0x08000000, SSL_OP_NO_COMPRESSION = 0x10000000,