wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2959 from dgarske/wpas_tiny

Browse Source 
Added wpa_supplicant support with reduced code size option
This commit is contained in:
toddouska
2020-05-11 08:55:22 -07:00
committed by GitHub
parent 7c98451f24 10aa8a4ffc
commit 6c9a0e440e
6 changed files with 293 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
configure.ac
View File

@ -678,6 +678,14 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi
if test "$ENABLED_WPAS" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL"
fi
if test "$ENABLED_FORTRESS" = "yes"
then
@ -3177,7 +3185,7 @@ AC_ARG_ENABLE([session-ticket],
[ ENABLED_SESSION_TICKET=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" != "no" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_SESSION_TICKET=yes
fi
@ -3848,7 +3856,7 @@ AC_ARG_ENABLE([enckeys],
[ ENABLED_ENCKEYS=no ]
)
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_WPAS" != "no"
then
ENABLED_ENCKEYS=yes
fi

4
src/internal.c
View File

@ -5267,8 +5267,10 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->pkCurveOID = ctx->pkCurveOID;
#endif
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
ssl->options.mask = ctx->mask;
#endif
#ifdef OPENSSL_EXTRA
ssl->CBIS = ctx->CBIS;
#endif
ssl->timeout = ctx->timeout;

317
src/ssl.c
View File

@ -3022,7 +3022,7 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
}
}
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* reset WOLFSSL structure state for possible re-use */
if (ret == WOLFSSL_SUCCESS) {
if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) {
@ -9006,6 +9006,11 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
#endif /* OPENSSL_ALL */
#endif /* !NO_CERTS */
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void)
{
WOLFSSL_ASN1_BIT_STRING* str;
@ -9458,8 +9463,10 @@ err:
}
return NULL;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
#ifndef NO_CERTS
int wolfSSL_X509_add_altname(WOLFSSL_X509* x509, const char* name, int type)
{
DNS_entry* newAltName = NULL;
@ -14001,7 +14008,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode)
{
WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
@ -14016,7 +14023,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (mode)
ssl->options.quietShutdown = 1;
}
#endif
#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
@ -14459,6 +14466,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ssl->specs.hash_size);
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* store keys returns WOLFSSL_SUCCESS or -1 on error */
int wolfSSL_get_keys(WOLFSSL* ssl, unsigned char** ms, unsigned int* msLen,
@ -14479,9 +14489,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return WOLFSSL_SUCCESS;
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
void wolfSSL_set_accept_state(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_set_accept_state");
@ -14517,7 +14524,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
}
#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */
#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */
/* return true if connection established */
int wolfSSL_is_init_finished(WOLFSSL* ssl)
@ -14614,9 +14621,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return WOLFSSL_SUCCESS;
}
#endif /* OPENSSL_EXTRA */
#ifndef NO_CERTS
#if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx)
{
if (ctx == NULL) {
@ -14676,7 +14683,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return ctx->error_depth;
return WOLFSSL_FATAL_ERROR;
}
#endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
#ifdef OPENSSL_EXTRA
#ifndef NO_CERTS
void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb)
{
@ -14695,9 +14705,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
st->verify_cb = verify_cb;
}
}
#endif
#endif /* WOLFSSL_QT || OPENSSL_ALL */
#endif /* !NO_CERTS */
WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_md(void)
@ -15174,8 +15182,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#if !defined(NO_WOLFSSL_SERVER)
size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
size_t outSz)
@ -15206,8 +15213,11 @@ size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
XMEMCPY(out, ssl->arrays->serverRandom, size);
return size;
}
#endif /* !NO_WOLFSSL_SERVER */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
#if !defined(NO_WOLFSSL_SERVER)
/* Used to get the peer ephemeral public key sent during the connection
* NOTE: currently wolfSSL_KeepHandshakeResources(WOLFSSL* ssl) must be called
* before the ephemeral key is stored.
@ -15326,7 +15336,9 @@ int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int ver)
return WOLFSSL_SUCCESS;
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#if !defined(NO_WOLFSSL_CLIENT)
/* Return the amount of random bytes copied over or error case.
* ssl : ssl struct after handshake
@ -15365,8 +15377,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
return size;
}
#endif /* !NO_WOLFSSL_CLIENT */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
unsigned long wolfSSLeay(void)
{
return SSLEAY_VERSION_NUMBER;
@ -16511,6 +16524,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
/* nothing to do here */
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
int wolfSSL_clear(WOLFSSL* ssl)
{
if (ssl == NULL) {
@ -16605,7 +16621,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
return WOLFSSL_SUCCESS;
}
#endif
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode)
@ -17755,7 +17771,9 @@ void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int x
}
#endif
#endif /* !NO_CERTS && OPENSSL_EXTRA */
#if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
/* Free's all nodes in X509 stack. This is different then wolfSSL_sk_X509_free
* in that it allows for choosing the function to use when freeing an X509s.
*
@ -17806,7 +17824,7 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk)
wolfSSL_sk_X509_pop_free(sk, NULL);
}
#endif /* NO_CERTS && OPENSSL_EXTRA */
#endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
#if defined(OPENSSL_ALL) || defined (WOLFSSL_QT)
/* return 1 on success 0 on fail */
@ -18003,7 +18021,9 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
return ret;
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Creates and returns new GENERAL_NAME structure */
WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void)
{
@ -18064,6 +18084,10 @@ int wolfSSL_sk_GENERAL_NAME_push(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* sk,
return WOLFSSL_SUCCESS;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
/* Returns the general name at index i from the stack
*
* sk stack to get general name from
@ -18103,6 +18127,10 @@ int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk)
return (int)sk->num;
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Frees all nodes in a GENERAL NAME stack
*
* sk stack of nodes to free
@ -18148,8 +18176,9 @@ void wolfSSL_sk_GENERAL_NAME_free(WOLFSSL_STACK* sk)
WOLFSSL_ENTER("sk_GENERAL_NAME_free");
wolfSSL_sk_GENERAL_NAME_pop_free(sk, NULL);
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
/* returns the number of nodes in stack on success and WOLFSSL_FATAL_ERROR
* on fail */
int wolfSSL_sk_ACCESS_DESCRIPTION_num(WOLFSSL_STACK* sk)
@ -18205,7 +18234,9 @@ WOLFSSL_ACCESS_DESCRIPTION* wolfSSL_sk_ACCESS_DESCRIPTION_value(
}
return NULL;
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Frees GENERAL_NAME objects.
*/
void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* name)
@ -18235,7 +18266,9 @@ void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* name)
XFREE(name, NULL, DYNAMIC_TYPE_OPENSSL);
}
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES *gens)
{
WOLFSSL_STACK* node;
@ -18858,7 +18891,7 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
#endif /* NO_ASN */
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#ifndef NO_ASN
WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)
{
@ -19017,6 +19050,12 @@ void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
}
#endif /* !NO_ASN */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
#ifndef NO_ASN
int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in)
{
/*
@ -19091,7 +19130,9 @@ char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
return tmp;
}
#endif /* NO_ASN */
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
void wolfSSL_set_connect_state(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_set_connect_state");
@ -19118,7 +19159,7 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
WOLFSSL_MSG("Error initializing client side");
}
}
#endif /* OPENSSL_EXTRA */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
int wolfSSL_get_shutdown(const WOLFSSL* ssl)
@ -19633,7 +19674,7 @@ unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
return (unsigned long)ret;
}
#endif
#endif /* OPENSSL_EXTRA && !NO_SHA */
WOLFSSL_ABI
WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
@ -19863,7 +19904,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
/* End of smaller subset of X509 compatibility functions. Avoid increasing the
* size of this subset and its memory usage */
#endif /* OPENSSL_EXTRA_X509_SMALL */
#endif /* OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || SESSION_CERTS */
#if defined(OPENSSL_ALL)
/* Takes two WOLFSSL_X509* certificates and performs a Sha hash of each, if the
@ -19934,10 +19975,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
return WOLFSSL_FATAL_ERROR;
}
}
#endif
#endif /* OPENSSL_ALL */
#if defined(OPENSSL_EXTRA)
#if !defined(NO_CERTS)
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid)
{
int isSet = 0;
@ -20108,8 +20148,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count);
return count;
}
#endif /* !NO_CERTS && OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name,
int nid, int pos)
@ -20184,7 +20225,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
XFREE(asn1, NULL, DYNAMIC_TYPE_OPENSSL);
}
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA)
/* Creates a new WOLFSSL_ASN1_STRING structure given the input type.
*
@ -20226,6 +20269,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
return asn1->type;
}
#endif /* !NO_CERTS && OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* if dataSz is negative then use XSTRLEN to find length of data
* return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
/* `data` can be NULL and only buffer will be allocated */
@ -20278,7 +20324,10 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
return WOLFSSL_SUCCESS;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
#ifndef NO_CERTS
unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
{
@ -21007,7 +21056,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
#endif /* XSNPRINTF */
#endif /* NO_CERTS */
#endif /* !NO_CERTS */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
/* Creates cipher->description based on cipher->offset
@ -21128,7 +21177,7 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
return WOLFSSL_SUCCESS;
}
#endif
#endif /* OPENSSL_ALL || WOLFSSL_QT */
char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
int len)
@ -21528,15 +21577,15 @@ void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags)
int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data)
{
WOLFSSL_ENTER("wolfSSL_BIO_set_ex_data");
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA
if (bio != NULL && idx < MAX_EX_DATA) {
return wolfSSL_CRYPTO_set_ex_data(&bio->ex_data, idx, data);
}
#else
#else
(void)bio;
(void)idx;
(void)data;
#endif
#endif
return WOLFSSL_FAILURE;
}
@ -21550,14 +21599,14 @@ int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data)
void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx)
{
WOLFSSL_ENTER("wolfSSL_BIO_get_ex_data");
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA
if (bio != NULL && idx < MAX_EX_DATA && idx >= 0) {
return wolfSSL_CRYPTO_get_ex_data(&bio->ex_data, idx);
}
#else
#else
(void)bio;
(void)idx;
#endif
#endif
return NULL;
}
@ -21634,12 +21683,16 @@ void wolfSSL_set_dynlock_destroy_callback(
}
#endif
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
const char* wolfSSL_X509_verify_cert_error_string(long err)
{
return wolfSSL_ERR_reason_error_string(err);
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
#ifndef NO_WOLFSSL_STUB
int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup, const char* dir,
@ -22393,7 +22446,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
return WOLFSSL_SUCCESS;
}
#endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */
#endif /* !NO_ASN && !NO_PWDBASED */
/* no-op function. Was initially used for adding encryption algorithms available
@ -22593,7 +22646,10 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
return result;
}
#endif /* !NO_CERTS */
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
{
WOLFSSL_X509_STORE* store = NULL;
@ -22618,11 +22674,12 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
goto err_exit;
#endif
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
if ((store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
NULL,DYNAMIC_TYPE_OPENSSL)) == NULL)
NULL, DYNAMIC_TYPE_OPENSSL)) == NULL) {
goto err_exit;
}
#endif
@ -22637,7 +22694,6 @@ err_exit:
return NULL;
}
void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
{
if (store != NULL && store->isDynamic) {
@ -22647,7 +22703,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
if (store->crl != NULL)
wolfSSL_X509_CRL_free(store->crl);
#endif
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
if (store->param != NULL)
XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
#endif
@ -22655,7 +22711,10 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
}
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
#ifndef NO_CERTS
int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
{
int ret = WOLFSSL_SUCCESS;
@ -22825,7 +22884,7 @@ static int GetX509Error(int e)
return e;
}
}
#endif
#endif /* OPENSSL_ALL || WOLFSSL_QT */
/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
* returns 0 on success or < 0 on failure.
@ -22936,7 +22995,7 @@ int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey)
}
return WOLFSSL_FAILURE;
}
#endif /* NO_CERTS */
#endif /* !NO_CERTS */
#if !defined(NO_FILESYSTEM)
static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
@ -23082,7 +23141,10 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
return newcrl;
}
#endif /* HAVE_CRL */
#endif /* OPENSSL_EXTRA */
#if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
{
WOLFSSL_ENTER("wolfSSL_X509_CRL_free");
@ -23090,8 +23152,9 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
FreeCRL(crl, 1);
return;
}
#endif /* HAVE_CRL */
#endif /* HAVE_CRL && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
#ifdef OPENSSL_EXTRA
#ifndef NO_WOLFSSL_STUB
WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
{
@ -23670,21 +23733,26 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
}
#endif
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* get X509_STORE_CTX ex_data, max idx is MAX_EX_DATA */
void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
{
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data");
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
if (ctx != NULL) {
return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
}
#else
#else
(void)ctx;
(void)idx;
#endif
#endif
return NULL;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
/* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS
* on success, WOLFSSL_FAILURE on error. */
@ -23692,16 +23760,16 @@ int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx,
void *data)
{
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data");
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
if (ctx != NULL)
{
return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
}
#else
#else
(void)ctx;
(void)idx;
(void)data;
#endif
#endif
return WOLFSSL_FAILURE;
}
@ -23735,7 +23803,9 @@ WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
return NULL;
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Gets an index to store SSL structure at.
*
* Returns positive index on success and negative values on failure
@ -23747,8 +23817,9 @@ int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
/* store SSL at index 0 */
return 0;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
/* Set an error stat in the X509 STORE CTX
*
*/
@ -24525,7 +24596,7 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
static long wolf_set_options(long old_op, long op)
{
/* if SSL_OP_ALL then turn all bug workarounds on */
@ -24578,9 +24649,9 @@ static long wolf_set_options(long old_op, long op)
return old_op | op;
}
#endif
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
long wolfSSL_set_options(WOLFSSL* ssl, long op)
{
word16 haveRSA = 1;
@ -24651,6 +24722,10 @@ long wolfSSL_get_options(const WOLFSSL* ssl)
return ssl->options.mask;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
long wolfSSL_clear_options(WOLFSSL* ssl, long opt)
{
WOLFSSL_ENTER("SSL_clear_options");
@ -26379,7 +26454,7 @@ int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...)
return ret;
}
#endif /* !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA) */
#endif /* !NO_FILESYSTEM && OPENSSL_EXTRA */
#if !defined(NO_FILESYSTEM) && defined(__clang__)
#pragma clang diagnostic pop
@ -26538,6 +26613,9 @@ void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time)
XMEMSET(asn1Time->data, 0, sizeof(asn1Time->data));
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
int wolfSSL_sk_num(WOLFSSL_STACK* sk)
{
WOLFSSL_ENTER("wolfSSL_sk_num");
@ -26628,6 +26706,7 @@ void wolfSSL_sk_free(WOLFSSL_STACK* sk)
wolfSSL_sk_GENERIC_free(sk);
}
}
/* Frees each node in the stack and frees the stack.
* Does not free any internal members of the stack nodes.
*/
@ -26696,7 +26775,9 @@ void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK* sk)
{
wolfSSL_sk_GENERIC_pop_free(sk, NULL);
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
/* Free all nodes in a stack */
void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
@ -26775,8 +26856,10 @@ void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk)
/* free head of stack */
XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
}
#endif
#endif /* OPENSSL_ALL */
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* Creates and returns a new null stack. */
WOLFSSL_STACK* wolfSSL_sk_new_null(void)
{
@ -26795,6 +26878,9 @@ WOLFSSL_STACK* wolfSSL_sk_new_null(void)
return sk;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
/* frees the wolfSSL_BASIC_CONSTRAINTS object */
void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc)
@ -26871,6 +26957,9 @@ void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
#endif
}
#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
WOLFSSL_SESSION*))
{
@ -26883,7 +26972,7 @@ void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
(void)f;
#endif
}
#endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
@ -38563,7 +38652,7 @@ err:
return (unsigned char*)dig;
}
}
#endif /* defined(WOLFSSL_SHA512) */
#endif /* WOLFSSL_SHA512 */
#endif /* OPENSSL_EXTRA */
#ifndef WOLFCRYPT_ONLY
@ -38918,11 +39007,7 @@ err:
void wolfSSL_set_verify_depth(WOLFSSL *ssl, int depth)
{
#if !defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB)
(void)ssl;
(void)depth;
WOLFSSL_STUB("wolfSSL_set_verify_depth");
#else
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_ENTER("wolfSSL_set_verify_depth");
ssl->options.verifyDepth = (byte)depth;
#endif
@ -38940,6 +39025,11 @@ err:
}
#endif /* OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE ||
HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
/* looks up the DN given the location "loc". "loc" is the number indicating
* the order that the DN was parsed as, 0 is first DN parsed.
*
@ -39098,8 +39188,11 @@ err:
}
return &name->cnEntry;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifndef NO_WOLFSSL_STUB
#ifdef OPENSSL_EXTRA
#ifndef NO_WOLFSSL_STUB
int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key)
{
(void) x509;
@ -39119,16 +39212,7 @@ err:
return NULL;
}
#endif
#endif /* OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE ||
HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */
#endif /* OPENSSL_EXTRA */
#ifndef WOLFCRYPT_ONLY
#ifdef OPENSSL_EXTRA
#endif
/* wolfSSL uses negative values for error states. This function returns an
* unsigned type so the value returned is the absolute value of the error.
@ -39181,19 +39265,21 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
}
#endif /* !NO_CERTS */
#endif /* OPENSSL_EXTRA */
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
#if (defined(OPENSSL_EXTRA) && defined(HAVE_EX_DATA)) || defined(FORTRESS) || \
defined(WOLFSSL_WPAS_SMALL)
void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
{
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA
if(ctx != NULL) {
return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
}
#else
#else
(void)ctx;
(void)idx;
#endif
#endif
return NULL;
}
@ -39249,8 +39335,10 @@ int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
#endif
return WOLFSSL_FAILURE;
}
#endif
#endif /* (OPENSSL_EXTRA && HAVE_EX_DATA) || FORTRESS || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
/* Returns char* to app data stored in ex[0].
*
@ -39278,6 +39366,9 @@ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) {
return wolfSSL_set_ex_data(ssl, 0, arg);
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
{
@ -39296,8 +39387,6 @@ int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
return WOLFSSL_FAILURE;
}
void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
{
WOLFSSL_ENTER("wolfSSL_get_ex_data");
@ -39313,6 +39402,10 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
return 0;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
#ifndef NO_DSA
WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x,
pem_password_cb *cb, void *u)
@ -40817,8 +40910,13 @@ void wolfSSL_print_all_errors_fp(XFILE fp)
{
(void)fp;
}
#endif
#endif /* !NO_FILESYSTEM */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX ||
HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(FORTRESS)
int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
{
WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
@ -40834,6 +40932,25 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
return WOLFSSL_FAILURE;
}
void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
{
WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
#ifdef HAVE_EX_DATA
if (session != NULL) {
return wolfSSL_CRYPTO_get_ex_data(&session->ex_data, idx);
}
#else
(void)session;
(void)idx;
#endif
return NULL;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || FORTRESS */
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
void* cb2, CRYPTO_free_func* cb3)
@ -40852,21 +40969,6 @@ int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
return WOLFSSL_FAILURE;
}
void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
{
WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
#ifdef HAVE_EX_DATA
if (session != NULL) {
return wolfSSL_CRYPTO_get_ex_data(&session->ex_data, idx);
}
#else
(void)session;
(void)idx;
#endif
return NULL;
}
#ifndef NO_WOLFSSL_STUB
int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
void *(*r) (void *, size_t, const char *,
@ -42879,6 +42981,7 @@ void wolfSSL_OPENSSL_config(char *config_name)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
{
static int x509_idx = 0;
@ -42892,7 +42995,9 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
return x509_idx++;
}
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
{
@ -42923,37 +43028,41 @@ int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *d
#endif
return WOLFSSL_FAILURE;
}
#endif /* defined(HAVE_EX_DATA) || defined(FORTRESS) */
#endif /* HAVE_EX_DATA || FORTRESS */
void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
{
WOLFSSL_ENTER("wolfSSL_X509_get_ex_data");
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA
if (x509 != NULL) {
return wolfSSL_CRYPTO_get_ex_data(&x509->ex_data, idx);
}
#else
#else
(void)x509;
(void)idx;
#endif
#endif
return NULL;
}
int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
{
WOLFSSL_ENTER("wolfSSL_X509_set_ex_data");
#ifdef HAVE_EX_DATA
#ifdef HAVE_EX_DATA
if (x509 != NULL)
{
return wolfSSL_CRYPTO_set_ex_data(&x509->ex_data, idx, data);
}
#else
#else
(void)x509;
(void)idx;
(void)data;
#endif
#endif
return WOLFSSL_FAILURE;
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name,
const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len)

6
wolfssl/internal.h
View File

@ -2710,7 +2710,7 @@ struct WOLFSSL_CTX {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum ECC key size */
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
unsigned long mask; /* store SSL_OP_ flags */
#endif
#ifdef OPENSSL_EXTRA
@ -2771,7 +2771,7 @@ struct WOLFSSL_CTX {
pem_password_cb* passwd_cb;
void* passwd_userdata;
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
byte readAhead;
@ -3347,7 +3347,7 @@ typedef struct Options {
wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
#endif
#endif /* NO_PSK */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
unsigned long mask; /* store SSL_OP_ flags */
#endif

2
wolfssl/openssl/stack.h
View File

@ -28,6 +28,8 @@
extern "C" {
#endif
#include <wolfssl/openssl/conf.h>
typedef void (*wolfSSL_sk_freefunc)(void *);
WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc);

92
wolfssl/ssl.h
View File

@ -506,7 +506,7 @@ struct WOLFSSL_X509_STORE {
int cache; /* stunnel dereference */
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_X509_LOOKUP lookup;
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
int isDynamic;
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
#endif
@ -516,12 +516,12 @@ struct WOLFSSL_X509_STORE {
#ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL)
WOLFSSL_X509_CRL *crl;
#endif
};
#ifdef OPENSSL_EXTRA
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000
#define WOLFSSL_NO_WILDCARDS 0x4
@ -534,7 +534,7 @@ struct WOLFSSL_X509_VERIFY_PARAM {
unsigned int hostFlags;
char ipasc[WOLFSSL_MAX_IPSTR];
};
#endif
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
typedef struct WOLFSSL_ALERT {
int code;
@ -893,8 +893,8 @@ WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*);
WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*);
#endif
#endif
#endif /* WOLFSSL_EARLY_DATA */
#endif /* WOLFSSL_TLS13 */
WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*);
@ -2045,7 +2045,8 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_
WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
#if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \
(defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx);
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
@ -3294,8 +3295,16 @@ WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*);
WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*);
WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
#endif /* !NO_CERTS */
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
int nid, int* c, int* idx);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
#ifndef NO_CERTS
WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert);
WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos);
WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc);
@ -3335,7 +3344,7 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext);
WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext);
#endif /* NO_CERTS */
#endif /* !NO_CERTS */
WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
@ -3343,8 +3352,6 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
unsigned char* out, int outSz);
WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
#if !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
@ -3353,20 +3360,27 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s
#endif
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
WOLFSSL_X509** x509);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
WOLFSSL_X509_STORE* str);
WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
unsigned char *out, size_t outlen);
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
unsigned char* out, size_t outSz);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
unsigned char *out, size_t outlen);
WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**);
WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int);
WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
unsigned char* out, size_t outSz);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
@ -3385,9 +3399,11 @@ WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header,
WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
unsigned char* data, long* len,
pem_password_cb* callback, void* ctx);
#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
/*lighttp compatibility */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
struct WOLFSSL_ASN1_BIT_STRING {
int length;
int type;
@ -3395,6 +3411,10 @@ struct WOLFSSL_ASN1_BIT_STRING {
long flags;
};
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
#if defined(OPENSSL_EXTRA) \
|| defined(OPENSSL_ALL) \
@ -3414,7 +3434,6 @@ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
@ -3468,12 +3487,8 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
#endif
#if defined(OPENSSL_ALL) \
|| defined(HAVE_STUNNEL) \
|| defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) \
|| defined(HAVE_LIGHTY)
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
#include <wolfssl/openssl/crypto.h>
@ -3550,7 +3565,9 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE
WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
unsigned long);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void);
WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*);
WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
@ -3559,6 +3576,10 @@ WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit(
const WOLFSSL_ASN1_BIT_STRING*, int);
WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit(
WOLFSSL_ASN1_BIT_STRING*, int, int);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
@ -3571,17 +3592,22 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, in
WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*);
WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
CRYPTO_free_func*);
WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*,
unsigned int*);
@ -3624,10 +3650,13 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*
WOLFSSL_API WOLFSSL_X509_OBJECT*
wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i);
WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a);
WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#include <wolfssl/openssl/stack.h>
WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*));
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names);
WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names);
@ -3688,14 +3717,17 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
void *b, void *c);
WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
void *data);
WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
@ -3745,13 +3777,13 @@ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
#endif /* HAVE_OCSP */
#endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
WOLFSSL_X509 *cert);
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
OPENSSL_EXTRA || HAVE_LIGHTY*/
OPENSSL_EXTRA || HAVE_LIGHTY */
WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
const unsigned char **data, unsigned int *len);