wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3646 from julek-wolfssl/nginx-1.19.6

Browse Source 
Add support for Nginx 1.19.6
This commit is contained in:
toddouska
2021-02-24 12:21:51 -08:00
committed by GitHub
parent d8a053ac35 d074e7443f
commit 94a23c1d48
10 changed files with 434 additions and 217 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -2597,7 +2597,7 @@ AC_ARG_ENABLE([anon],
[ ENABLED_ANON=no ] [ ENABLED_ANON=no ]
) )
if test "x$ENABLED_WPAS" = "xyes" if test "x$ENABLED_WPAS" = "xyes" || test "$ENABLED_NGINX" = "yes"
then then
ENABLED_ANON=yes ENABLED_ANON=yes
fi fi

45
src/internal.c
View File

@ -1828,7 +1828,8 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
#endif #endif
#ifdef HAVE_WOLF_EVENT #ifdef HAVE_WOLF_EVENT
ret = wolfEventQueue_Init(&ctx->event_queue); if (ret == 0)
ret = wolfEventQueue_Init(&ctx->event_queue);
#endif /* HAVE_WOLF_EVENT */ #endif /* HAVE_WOLF_EVENT */
#ifdef WOLFSSL_EARLY_DATA #ifdef WOLFSSL_EARLY_DATA
@ -2291,7 +2292,7 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
word16 havePSK, word16 haveDH, word16 haveNTRU, word16 havePSK, word16 haveDH, word16 haveNTRU,
word16 haveECDSAsig, word16 haveECC, word16 haveECDSAsig, word16 haveECC,
word16 haveStaticECC, int side) word16 haveStaticECC, word16 haveAnon, int side)
{ {
word16 idx = 0; word16 idx = 0;
int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR; int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
@ -2313,6 +2314,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
(void)side; (void)side;
(void)haveRSA; /* some builds won't read */ (void)haveRSA; /* some builds won't read */
(void)haveRSAsig; /* non ecc builds won't read */ (void)haveRSAsig; /* non ecc builds won't read */
(void)haveAnon; /* anon ciphers optional */
if (suites == NULL) { if (suites == NULL) {
WOLFSSL_MSG("InitSuites pointer error"); WOLFSSL_MSG("InitSuites pointer error");
@ -2532,14 +2534,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#endif #endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
if (tls1_2 && haveDH) { if (tls1_2 && haveDH && haveAnon) {
suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA; suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
} }
#endif #endif
#ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
if (tls1_2 && haveDH) { if (tls1_2 && haveDH && haveAnon) {
suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384; suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384;
} }
@ -3393,15 +3395,9 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag, void* heap)
(void)heap; (void)heap;
if (name != NULL) { if (name != NULL) {
XMEMSET(name, 0, sizeof(WOLFSSL_X509_NAME));
name->name = name->staticName; name->name = name->staticName;
name->dynamicName = 0;
name->sz = 0;
name->heap = heap; name->heap = heap;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
XMEMSET(name->entry, 0, sizeof(name->entry));
name->x509 = NULL;
name->entrySz = 0;
#endif /* OPENSSL_EXTRA */
} }
} }
@ -5209,13 +5205,15 @@ int InitSSL_Suites(WOLFSSL* ssl)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
else { else {
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
TRUE, ssl->options.haveNTRU, TRUE, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
@ -27529,7 +27527,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
/* suite size */ /* suite size */
@ -27859,7 +27858,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
@ -27921,7 +27921,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
} }
#endif #endif
@ -31122,16 +31123,22 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
#ifdef HAVE_SNI #ifdef HAVE_SNI
int SNI_Callback(WOLFSSL* ssl) int SNI_Callback(WOLFSSL* ssl)
{ {
int ad = 0;
int sniRet = 0;
/* Stunnel supports a custom sni callback to switch an SSL's ctx /* Stunnel supports a custom sni callback to switch an SSL's ctx
* when SNI is received. Call it now if exists */ * when SNI is received. Call it now if exists */
if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) { if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) {
WOLFSSL_MSG("Calling custom sni callback"); WOLFSSL_MSG("Calling custom sni callback");
if(ssl->ctx->sniRecvCb(ssl, NULL, ssl->ctx->sniRecvCbArg) sniRet = ssl->ctx->sniRecvCb(ssl, &ad, ssl->ctx->sniRecvCbArg);
== alert_fatal) { if (sniRet == alert_fatal) {
WOLFSSL_MSG("Error in custom sni callback. Fatal alert"); WOLFSSL_MSG("Error in custom sni callback. Fatal alert");
SendAlert(ssl, alert_fatal, unrecognized_name); SendAlert(ssl, alert_fatal, ad);
return FATAL_ERROR; return FATAL_ERROR;
} }
else if (sniRet == alert_warning) {
WOLFSSL_MSG("Error in custom sni callback. Warning alert");
SendAlert(ssl, alert_warning, ad);
}
} }
return 0; return 0;
} }

20
src/ocsp.c
View File

@ -75,7 +75,7 @@ static void FreeOcspEntry(OcspEntry* entry, void* heap)
{ {
CertStatus *status, *next; CertStatus *status, *next;
if (entry == NULL) if (entry == NULL || !entry->ownStatus)
return; return;
WOLFSSL_ENTER("FreeOcspEntry"); WOLFSSL_ENTER("FreeOcspEntry");
@ -371,6 +371,7 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp
XMEMCPY(status, newSingle->status, sizeof(CertStatus)); XMEMCPY(status, newSingle->status, sizeof(CertStatus));
status->next = entry->status; status->next = entry->status;
entry->status = status; entry->status = status;
entry->ownStatus = 1;
entry->totalStatus++; entry->totalStatus++;
} }
} }
@ -598,7 +599,9 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
(void)dgst; (void)dgst;
cm = wolfSSL_CertManagerNew(); cm = wolfSSL_CertManagerNew();
if (cm == NULL) if (cm == NULL
|| subject == NULL || subject->derCert == NULL
|| issuer == NULL || issuer->derCert == NULL)
return NULL; return NULL;
ret = AllocDer(&derCert, issuer->derCert->length, ret = AllocDer(&derCert, issuer->derCert->length,
@ -628,6 +631,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
XMEMSET(certStatus, 0, sizeof(CertStatus)); XMEMSET(certStatus, 0, sizeof(CertStatus));
certId->status = certStatus; certId->status = certStatus;
certId->ownStatus = 1;
InitDecodedCert(&cert, subject->derCert->buffer, InitDecodedCert(&cert, subject->derCert->buffer,
subject->derCert->length, NULL); subject->derCert->length, NULL);
@ -797,6 +801,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
XMEMSET(resp->single, 0, sizeof(OcspEntry)); XMEMSET(resp->single, 0, sizeof(OcspEntry));
resp->single->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, resp->single->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
DYNAMIC_TYPE_OCSP_STATUS); DYNAMIC_TYPE_OCSP_STATUS);
resp->single->ownStatus = 1;
if (resp->single->status == NULL) { if (resp->single->status == NULL) {
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
@ -876,6 +881,7 @@ WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
else { else {
XMEMCPY(bs->single, response->single, sizeof(OcspEntry)); XMEMCPY(bs->single, response->single, sizeof(OcspEntry));
XMEMCPY(bs->source, response->source, response->maxIdx); XMEMCPY(bs->source, response->source, response->maxIdx);
bs->single->ownStatus = 0;
} }
return bs; return bs;
} }
@ -912,11 +918,19 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
WOLFSSL_OCSP_CERTID *cid) WOLFSSL_OCSP_CERTID *cid)
{ {
if (req == NULL || cid == NULL) if (req == NULL || cid == NULL || cid->status == NULL)
return NULL; return NULL;
XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE); XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE);
XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE); XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE);
if (cid->status->serialSz > req->serialSz) {
if (req->serial != NULL)
XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP);
req->serial = (byte*)XMALLOC(cid->status->serialSz,
req->heap, DYNAMIC_TYPE_OCSP_REQUEST);
if (req->serial == NULL)
return NULL;
}
XMEMCPY(req->serial, cid->status->serial, cid->status->serialSz); XMEMCPY(req->serial, cid->status->serial, cid->status->serialSz);
req->serialSz = cid->status->serialSz; req->serialSz = cid->status->serialSz;

312
src/ssl.c
View File

@ -1792,7 +1792,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0); WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
@ -4260,7 +4261,8 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@ -5939,7 +5941,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, InitSuites(ssl->suites, ssl->version, keySz, haveRSA,
havePSK, ssl->options.haveDH, ssl->options.haveNTRU, havePSK, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
@ -10408,6 +10411,29 @@ int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest,
WOLFSSL_LEAVE("wolfSSL_X509_digest", ret); WOLFSSL_LEAVE("wolfSSL_X509_digest", ret);
return ret; return ret;
} }
int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509,
const WOLFSSL_EVP_MD *digest, unsigned char* buf, unsigned int* len)
{
int ret;
WOLFSSL_ENTER("wolfSSL_X509_pubkey_digest");
if (x509 == NULL || digest == NULL) {
WOLFSSL_MSG("Null argument found");
return WOLFSSL_FAILURE;
}
if (x509->pubKey.buffer == NULL || x509->pubKey.length == 0) {
WOLFSSL_MSG("No DER public key stored in X509");
return WOLFSSL_FAILURE;
}
ret = wolfSSL_EVP_Digest(x509->pubKey.buffer, x509->pubKey.length, buf,
len, digest, NULL);
WOLFSSL_LEAVE("wolfSSL_X509_pubkey_digest", ret);
return ret;
}
#endif #endif
int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey) int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey)
@ -14467,7 +14493,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx, void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx,
@ -14501,7 +14528,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl) const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
@ -15689,6 +15717,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ctx->mask = wolf_set_options(ctx->mask, opt); ctx->mask = wolf_set_options(ctx->mask, opt);
#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
defined(OPENSSL_EXTRA)
if (ctx->mask & SSL_OP_NO_TICKET) {
ctx->ticketEncCb = NULL;
ctx->ticketEncCtx = NULL;
WOLFSSL_MSG("\tSSL_OP_NO_TICKET");
}
#endif
return ctx->mask; return ctx->mask;
} }
@ -18248,39 +18285,68 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
#endif /* KEEP_PEER_CERT */ #endif /* KEEP_PEER_CERT */
#if defined(SESSION_CERTS) #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
/* Return stack of peer certs. /* Return stack of peer certs.
* If Qt or OPENSSL_ALL is defined then return ssl->peerCertChain.
* All other cases return &ssl->session.chain
* ssl->peerCertChain is type WOLFSSL_STACK*
* ssl->session.chain is type WOLFSSL_X509_CHAIN
* Caller does not need to free return. The stack is Free'd when WOLFSSL* ssl is. * Caller does not need to free return. The stack is Free'd when WOLFSSL* ssl is.
*/ */
WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
{ {
WOLFSSL_STACK* sk;
WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain"); WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain");
if (ssl == NULL) if (ssl == NULL)
return NULL; return NULL;
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) if (ssl->peerCertChain == NULL)
if (ssl->peerCertChain == NULL) wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl);
wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl); return ssl->peerCertChain;
sk = ssl->peerCertChain; }
#else
sk = (WOLF_STACK_OF(WOLFSSL_X509)* )&ssl->session.chain; static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
#endif WOLFSSL_X509 *x);
/**
if (sk == NULL) { * Recursively push the issuer CA chain onto the stack
WOLFSSL_MSG("Error: Null Peer Cert Chain"); * @param cm The cert manager that is queried for the issuer
} * @param x This cert's issuer will be queried in cm
return sk; * @param sk The issuer is pushed onto this stack
* @return WOLFSSL_SUCCESS on success
* WOLFSSL_FAILURE on no issuer found
* WOLFSSL_FATAL_ERROR on a fatal error
*/
static int pushCAx509Chain(WOLFSSL_CERT_MANAGER* cm,
WOLFSSL_X509 *x, WOLFSSL_STACK* sk)
{
WOLFSSL_X509* issuer[MAX_CHAIN_DEPTH];
int i;
int push = 1;
int ret = WOLFSSL_SUCCESS;
for (i = 0; i < MAX_CHAIN_DEPTH; i++) {
if (x509GetIssuerFromCM(&issuer[i], cm, x)
!= WOLFSSL_SUCCESS)
break;
x = issuer[i];
}
if (i == 0) /* No further chain found */
return WOLFSSL_FAILURE;
i--;
for (; i >= 0; i--) {
if (push) {
if (wolfSSL_sk_X509_push(sk, issuer[i]) != WOLFSSL_SUCCESS) {
wolfSSL_X509_free(issuer[i]);
ret = WOLFSSL_FATAL_ERROR;
push = 0; /* Free the rest of the unpushed certs */
}
}
else {
wolfSSL_X509_free(issuer[i]);
}
}
return ret;
} }
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
/* Builds up and creates a stack of peer certificates for ssl->peerCertChain /* Builds up and creates a stack of peer certificates for ssl->peerCertChain
based off of the ssl session chain. Returns stack of WOLFSSL_X509 certs or based off of the ssl session chain. Attempts to place CA certificates
at the bottom of the stack. Returns stack of WOLFSSL_X509 certs or
NULL on failure */ NULL on failure */
WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
{ {
@ -18296,10 +18362,6 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
sk = wolfSSL_sk_X509_new(); sk = wolfSSL_sk_X509_new();
i = ssl->session.chain.count-1; i = ssl->session.chain.count-1;
for (; i >= 0; i--) { for (; i >= 0; i--) {
/* For servers, the peer certificate chain does not include the peer
certificate, so do not add it to the stack */
if (ssl->options.side == WOLFSSL_SERVER_END && i == 0)
continue;
x509 = wolfSSL_X509_new(); x509 = wolfSSL_X509_new();
if (x509 == NULL) { if (x509 == NULL) {
WOLFSSL_MSG("Error Creating X509"); WOLFSSL_MSG("Error Creating X509");
@ -18307,6 +18369,14 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
} }
ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer, ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer,
ssl->session.chain.certs[i].length); ssl->session.chain.certs[i].length);
if (ret == 0 && i == ssl->session.chain.count-1) {
/* On the last element in the chain try to add the CA chain
* first if we have one for this cert */
if (pushCAx509Chain(ssl->ctx->cm, x509, sk)
== WOLFSSL_FATAL_ERROR) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error decoding cert"); WOLFSSL_MSG("Error decoding cert");
@ -18323,8 +18393,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
ssl->peerCertChain = sk; ssl->peerCertChain = sk;
return sk; return sk;
} }
#endif /* OPENSSL_ALL || WOLFSSL_QT */ #endif /* SESSION_CERTS && OPENSSL_EXTRA */
#endif /* SESSION_CERTS */
#ifndef NO_CERTS #ifndef NO_CERTS
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
@ -27542,9 +27611,10 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op)
if (ssl->suites != NULL && ssl->options.side != WOLFSSL_NEITHER_END) if (ssl->suites != NULL && ssl->options.side != WOLFSSL_NEITHER_END)
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
return ssl->options.mask; return ssl->options.mask;
} }
@ -29754,6 +29824,8 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
switch (sk->type) { switch (sk->type) {
case STACK_TYPE_X509: case STACK_TYPE_X509:
if (!sk->data.x509)
break;
cur->data.x509 = wolfSSL_X509_dup(sk->data.x509); cur->data.x509 = wolfSSL_X509_dup(sk->data.x509);
if (!cur->data.x509) { if (!cur->data.x509) {
WOLFSSL_MSG("wolfSSL_X509_dup error"); WOLFSSL_MSG("wolfSSL_X509_dup error");
@ -29764,6 +29836,8 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
wolfSSL_CIPHER_copy(&sk->data.cipher, &cur->data.cipher); wolfSSL_CIPHER_copy(&sk->data.cipher, &cur->data.cipher);
break; break;
case STACK_TYPE_GEN_NAME: case STACK_TYPE_GEN_NAME:
if (!sk->data.gn)
break;
cur->data.gn = wolfSSL_GENERAL_NAME_dup(sk->data.gn); cur->data.gn = wolfSSL_GENERAL_NAME_dup(sk->data.gn);
if (!cur->data.gn) { if (!cur->data.gn) {
WOLFSSL_MSG("wolfSSL_GENERAL_NAME_new error"); WOLFSSL_MSG("wolfSSL_GENERAL_NAME_new error");
@ -29771,6 +29845,8 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk)
} }
break; break;
case STACK_TYPE_OBJ: case STACK_TYPE_OBJ:
if (!sk->data.obj)
break;
cur->data.obj = wolfSSL_ASN1_OBJECT_dup(sk->data.obj); cur->data.obj = wolfSSL_ASN1_OBJECT_dup(sk->data.obj);
if (!cur->data.obj) { if (!cur->data.obj) {
WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_dup error"); WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_dup error");
@ -47579,10 +47655,6 @@ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
#define TICKET_KEY_CB_RET_OK 1 #define TICKET_KEY_CB_RET_OK 1
#define TICKET_KEY_CB_RET_RENEW 2 #define TICKET_KEY_CB_RET_RENEW 2
/* The ticket key callback as used in OpenSSL is stored here. */
static int (*ticketKeyCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc) = NULL;
/* Implementation of session ticket encryption/decryption using OpenSSL /* Implementation of session ticket encryption/decryption using OpenSSL
* callback to initialize the cipher and HMAC. * callback to initialize the cipher and HMAC.
* *
@ -47600,11 +47672,11 @@ static int (*ticketKeyCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
* WOLFSSL_TICKET_RET_FATAL on error. * WOLFSSL_TICKET_RET_FATAL on error.
*/ */
static int wolfSSL_TicketKeyCb(WOLFSSL* ssl, static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
unsigned char keyName[WOLFSSL_TICKET_NAME_SZ], unsigned char keyName[WOLFSSL_TICKET_NAME_SZ],
unsigned char iv[WOLFSSL_TICKET_IV_SZ], unsigned char iv[WOLFSSL_TICKET_IV_SZ],
unsigned char mac[WOLFSSL_TICKET_MAC_SZ], unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
int enc, unsigned char* encTicket, int enc, unsigned char* encTicket,
int encTicketLen, int* encLen, void* ctx) int encTicketLen, int* encLen, void* ctx)
{ {
byte digest[WC_MAX_DIGEST_SIZE]; byte digest[WC_MAX_DIGEST_SIZE];
WOLFSSL_EVP_CIPHER_CTX evpCtx; WOLFSSL_EVP_CIPHER_CTX evpCtx;
@ -47616,14 +47688,25 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
(void)ctx; (void)ctx;
if (ticketKeyCb == NULL) WOLFSSL_ENTER("wolfSSL_TicketKeyCb");
return WOLFSSL_TICKET_RET_FATAL;
wolfSSL_EVP_CIPHER_CTX_init(&evpCtx); if (ssl == NULL || ssl->ctx == NULL || ssl->ctx->ticketEncCtx == NULL) {
/* Initialize the cipher and HMAC. */ WOLFSSL_MSG("Bad parameter");
res = ticketKeyCb(ssl, keyName, iv, &evpCtx, &hmacCtx, enc);
if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW)
return WOLFSSL_TICKET_RET_FATAL; return WOLFSSL_TICKET_RET_FATAL;
}
/* Initialize the cipher and HMAC. */
wolfSSL_EVP_CIPHER_CTX_init(&evpCtx);
if (wolfSSL_HMAC_CTX_Init(&hmacCtx) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_HMAC_CTX_Init error");
return WOLFSSL_TICKET_RET_FATAL;
}
res = ((ticketCompatCb)ssl->ctx->ticketEncCtx)(ssl, keyName,
iv, &evpCtx, &hmacCtx, enc);
if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW) {
WOLFSSL_MSG("Ticket callback error");
return WOLFSSL_TICKET_RET_FATAL;
}
if (enc) if (enc)
{ {
@ -47682,16 +47765,13 @@ end:
* cb The OpenSSL session ticket callback. * cb The OpenSSL session ticket callback.
* returns WOLFSSL_SUCCESS to indicate success. * returns WOLFSSL_SUCCESS to indicate success.
*/ */
int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, int (*cb)( int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, ticketCompatCb cb)
WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc))
{ {
/* Store callback in a global. */
ticketKeyCb = cb;
/* Set the ticket encryption callback to be a wrapper around OpenSSL /* Set the ticket encryption callback to be a wrapper around OpenSSL
* callback. * callback.
*/ */
ctx->ticketEncCb = wolfSSL_TicketKeyCb; ctx->ticketEncCb = wolfSSL_TicketKeyCb;
ctx->ticketEncCtx = cb;
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
@ -47924,10 +48004,18 @@ int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx,
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, /**
WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x) * Find the issuing cert of the input cert. On a self-signed cert this
* function will return an error.
* @param issuer The issuer x509 struct is returned here
* @param cm The cert manager that is queried for the issuer
* @param x This cert's issuer will be queried in cm
* @return WOLFSSL_SUCCESS on success
* WOLFSSL_FAILURE on error
*/
static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm,
WOLFSSL_X509 *x)
{ {
WOLFSSL_STACK* node;
Signer* ca = NULL; Signer* ca = NULL;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
DecodedCert* cert = NULL; DecodedCert* cert = NULL;
@ -47935,6 +48023,56 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
DecodedCert cert[1]; DecodedCert cert[1];
#endif #endif
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
if (cert == NULL)
return WOLFSSL_FAILURE;
#endif
/* Use existing CA retrieval APIs that use DecodedCert. */
InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL);
if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0
&& !cert->selfSigned) {
#ifndef NO_SKID
if (cert->extAuthKeyIdSet)
ca = GetCA(cm, cert->extAuthKeyId);
if (ca == NULL)
ca = GetCAByName(cm, cert->issuerHash);
#else /* NO_SKID */
ca = GetCA(cm, cert->issuerHash);
#endif /* NO SKID */
}
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
if (ca == NULL)
return WOLFSSL_FAILURE;
#ifdef WOLFSSL_SIGNER_DER_CERT
/* populate issuer with Signer DER */
if (wolfSSL_X509_d2i(issuer, ca->derCert->buffer,
ca->derCert->length) == NULL)
return WOLFSSL_FAILURE;
#else
/* Create an empty certificate as CA doesn't have a certificate. */
*issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
DYNAMIC_TYPE_OPENSSL);
if (*issuer == NULL)
return WOLFSSL_FAILURE;
InitX509((*issuer), 1, NULL);
#endif
return WOLFSSL_SUCCESS;
}
int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x)
{
WOLFSSL_STACK* node;
if (issuer == NULL || ctx == NULL || x == NULL) if (issuer == NULL || ctx == NULL || x == NULL)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
@ -47947,52 +48085,9 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
} }
} }
#ifdef WOLFSSL_SMALL_STACK
cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
if (cert == NULL)
return WOLFSSL_FAILURE;
#endif
/* Use existing CA retrieval APIs that use DecodedCert. */
InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL);
if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
#ifndef NO_SKID
if (cert->extAuthKeyIdSet)
ca = GetCA(ctx->store->cm, cert->extAuthKeyId);
if (ca == NULL)
ca = GetCAByName(ctx->store->cm, cert->issuerHash);
#else /* NO_SKID */
ca = GetCA(ctx->store->cm, cert->issuerHash);
#endif /* NO SKID */
}
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
#endif
if (ca == NULL)
return WOLFSSL_FAILURE;
#ifdef WOLFSSL_SIGNER_DER_CERT
/* populate issuer with Signer DER */
*issuer = wolfSSL_X509_d2i(issuer, ca->derCert->buffer,
ca->derCert->length);
if (*issuer == NULL)
return WOLFSSL_FAILURE;
#else
/* Create an empty certificate as CA doesn't have a certificate. */
*issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
DYNAMIC_TYPE_OPENSSL);
if (*issuer == NULL)
return WOLFSSL_FAILURE;
InitX509((*issuer), 1, NULL);
#endif
/* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */ /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */
return WOLFSSL_SUCCESS; return x509GetIssuerFromCM(issuer, ctx->store->cm, x);
} }
void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk) void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk)
@ -48012,7 +48107,7 @@ WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x)
WOLFSSL_STACK* list = NULL; WOLFSSL_STACK* list = NULL;
char* url; char* url;
if (x->authInfoSz == 0) if (x == NULL || x->authInfoSz == 0)
return NULL; return NULL;
list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) + x->authInfoSz + 1, list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) + x->authInfoSz + 1,
@ -52921,6 +53016,17 @@ int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
if (from->rawLen > 0) {
if (from->rawLen > ASN_NAME_MAX) {
WOLFSSL_MSG("Bad raw size");
return BAD_FUNC_ARG;
}
XMEMCPY(to->raw, from->raw, from->rawLen);
to->rawLen = from->rawLen;
}
#endif
if (from->dynamicName) { if (from->dynamicName) {
to->name = (char*)XMALLOC(from->sz, to->heap, DYNAMIC_TYPE_SUBJECT_CN); to->name = (char*)XMALLOC(from->sz, to->heap, DYNAMIC_TYPE_SUBJECT_CN);
if (to->name == NULL) if (to->name == NULL)

6
src/tls13.c
View File

@ -8217,7 +8217,8 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
@ -8254,7 +8255,8 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl,
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
} }
#endif #endif

238
tests/api.c
View File

@ -2625,6 +2625,75 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
} }
#endif /* WOLFSSL_SESSION_EXPORT */ #endif /* WOLFSSL_SESSION_EXPORT */
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) && \
defined(OPENSSL_EXTRA)
typedef struct openssl_key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
byte key[AES_256_KEY_SIZE]; /* cipher key */
byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */
byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */
} openssl_key_ctx;
static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx;
static THREAD_LS_T WC_RNG myOpenSSLKey_rng;
static WC_INLINE int OpenSSLTicketInit(void)
{
int ret = wc_InitRng(&myOpenSSLKey_rng);
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name,
sizeof(myOpenSSLKey_ctx.name));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key,
sizeof(myOpenSSLKey_ctx.key));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey,
sizeof(myOpenSSLKey_ctx.hmacKey));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv,
sizeof(myOpenSSLKey_ctx.iv));
if (ret != 0) return ret;
return 0;
}
static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl,
byte name[WOLFSSL_TICKET_NAME_SZ],
byte iv[WOLFSSL_TICKET_IV_SZ],
WOLFSSL_EVP_CIPHER_CTX *ectx,
WOLFSSL_HMAC_CTX *hctx, int enc) {
(void)ssl;
if (enc) {
XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name));
XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv));
}
else if (XMEMCMP(name, myOpenSSLKey_ctx.name,
sizeof(myOpenSSLKey_ctx.name)) != 0 ||
XMEMCMP(iv, myOpenSSLKey_ctx.iv,
sizeof(myOpenSSLKey_ctx.iv)) != 0) {
return 0;
}
HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL);
if (enc)
EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
else
EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
return 1;
}
static WC_INLINE void OpenSSLTicketCleanup(void)
{
wc_FreeRng(&myOpenSSLKey_rng);
}
#endif
static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
{ {
SOCKET_T sockfd = 0; SOCKET_T sockfd = 0;
@ -2666,11 +2735,16 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
ctx = wolfSSL_CTX_new(method); ctx = wolfSSL_CTX_new(method);
} }
#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ #if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#ifdef OPENSSL_EXTRA
OpenSSLTicketInit();
wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketInit(); TicketInit();
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif #endif
#endif
#if defined(USE_WINDOWS_API) #if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port; port = ((func_args*)args)->signal->port;
@ -2853,10 +2927,14 @@ done:
wc_ecc_fp_free(); /* free per thread cache */ wc_ecc_fp_free(); /* free per thread cache */
#endif #endif
#if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ #if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#ifdef OPENSSL_EXTRA
OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup(); TicketCleanup();
#endif #endif
#endif
#ifndef WOLFSSL_TIRTOS #ifndef WOLFSSL_TIRTOS
return 0; return 0;
@ -4287,7 +4365,7 @@ static void test_wolfSSL_UseSNI_connection(void)
static void test_wolfSSL_SNI_GetFromBuffer(void) static void test_wolfSSL_SNI_GetFromBuffer(void)
{ {
byte buffer[] = { /* www.paypal.com */ byte buff[] = { /* www.paypal.com */
0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c,
0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca, 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca,
0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5, 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5,
@ -4299,7 +4377,7 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
}; };
byte buffer2[] = { /* api.textmate.org */ byte buff2[] = { /* api.textmate.org */
0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52, 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b, 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f, 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
@ -4319,7 +4397,7 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
}; };
byte buffer3[] = { /* no sni extension */ byte buff3[] = { /* no sni extension */
0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea, 0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea,
0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c, 0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c,
0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4, 0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4,
@ -4329,7 +4407,7 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
}; };
byte buffer4[] = { /* last extension has zero size */ byte buff4[] = { /* last extension has zero size */
0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00, 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45, 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2, 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
@ -4349,7 +4427,7 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
0x12, 0x00, 0x00 0x12, 0x00, 0x00
}; };
byte buffer5[] = { /* SSL v2.0 client hello */ byte buff5[] = { /* SSL v2.0 client hello */
0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00, 0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
/* dummy bytes bellow, just to pass size check */ /* dummy bytes bellow, just to pass size check */
0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45, 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
@ -4360,58 +4438,58 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
byte result[32] = {0}; byte result[32] = {0};
word32 length = 32; word32 length = 32;
AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buffer4, sizeof(buffer4), AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4),
0, result, &length)); 0, result, &length));
AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buffer3, sizeof(buffer3), AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3),
0, result, &length)); 0, result, &length));
AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2), AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
1, result, &length)); 1, result, &length));
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length)); 0, result, &length));
buffer[0] = 0x16; buff[0] = 0x16;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length)); 0, result, &length));
buffer[1] = 0x03; buff[1] = 0x03;
AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer, AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
sizeof(buffer), 0, result, &length)); sizeof(buff), 0, result, &length));
buffer[2] = 0x03; buff[2] = 0x03;
AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buffer, AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
sizeof(buffer), 0, result, &length)); sizeof(buff), 0, result, &length));
buffer[4] = 0x64; buff[4] = 0x64;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length)); 0, result, &length));
result[length] = 0; result[length] = 0;
AssertStrEQ("www.paypal.com", (const char*) result); AssertStrEQ("www.paypal.com", (const char*) result);
length = 32; length = 32;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buffer2, sizeof(buffer2), AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
0, result, &length)); 0, result, &length));
result[length] = 0; result[length] = 0;
AssertStrEQ("api.textmate.org", (const char*) result); AssertStrEQ("api.textmate.org", (const char*) result);
/* SSL v2.0 tests */ /* SSL v2.0 tests */
AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer5, AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buffer5), 0, result, &length)); sizeof(buff5), 0, result, &length));
buffer5[2] = 0x02; buff5[2] = 0x02;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5, AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buffer5), 0, result, &length)); sizeof(buff5), 0, result, &length));
buffer5[2] = 0x01; buffer5[6] = 0x08; buff5[2] = 0x01; buff5[6] = 0x08;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5, AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buffer5), 0, result, &length)); sizeof(buff5), 0, result, &length));
buffer5[6] = 0x09; buffer5[8] = 0x01; buff5[6] = 0x09; buff5[8] = 0x01;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5, AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buffer5), 0, result, &length)); sizeof(buff5), 0, result, &length));
} }
#endif /* HAVE_SNI */ #endif /* HAVE_SNI */
@ -5312,7 +5390,7 @@ static void test_wolfSSL_no_password_cb(void)
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \ #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
&& defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
byte buffer[FOURK_BUF]; byte buff[FOURK_BUF];
const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem"; const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
XFILE f; XFILE f;
@ -5328,17 +5406,17 @@ static void test_wolfSSL_no_password_cb(void)
wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack); wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);
AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE); AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
AssertIntLE(bytes, sizeof(buffer)); AssertIntLE(bytes, sizeof(buff));
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE); AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
AssertIntLE(bytes, sizeof(buffer)); AssertIntLE(bytes, sizeof(buff));
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
@ -5381,7 +5459,7 @@ static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
static void test_wolfSSL_PKCS8(void) static void test_wolfSSL_PKCS8(void)
{ {
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
byte buffer[FOURK_BUF]; byte buff[FOURK_BUF];
byte der[FOURK_BUF]; byte der[FOURK_BUF];
#ifndef NO_RSA #ifndef NO_RSA
const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem"; const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
@ -5436,36 +5514,36 @@ static void test_wolfSSL_PKCS8(void)
/* test loading PEM PKCS8 encrypted file */ /* test loading PEM PKCS8 encrypted file */
f = XFOPEN(serverKeyPkcs8EncPemFile, "rb"); f = XFOPEN(serverKeyPkcs8EncPemFile, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */ /* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */ flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
AssertIntGT(wc_KeyPemToDer(buffer, bytes, der, (word32)sizeof(der), AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"yassl123"), 0); "yassl123"), 0);
/* test that error value is returned with a bad password */ /* test that error value is returned with a bad password */
AssertIntLT(wc_KeyPemToDer(buffer, bytes, der, (word32)sizeof(der), AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"bad"), 0); "bad"), 0);
/* test loading PEM PKCS8 encrypted file */ /* test loading PEM PKCS8 encrypted file */
f = XFOPEN(serverKeyPkcs8EncDerFile, "rb"); f = XFOPEN(serverKeyPkcs8EncDerFile, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
flag = 1; /* used by password callback as return code */ flag = 1; /* used by password callback as return code */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */ /* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */ flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif /* !NO_RSA && !NO_SHA */ #endif /* !NO_RSA && !NO_SHA */
@ -5473,37 +5551,37 @@ static void test_wolfSSL_PKCS8(void)
/* test loading PEM PKCS8 encrypted ECC Key file */ /* test loading PEM PKCS8 encrypted ECC Key file */
f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb"); f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
flag = 1; /* used by password callback as return code */ flag = 1; /* used by password callback as return code */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */ /* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */ flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
AssertIntGT(wc_KeyPemToDer(buffer, bytes, der, (word32)sizeof(der), AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"yassl123"), 0); "yassl123"), 0);
/* test that error value is returned with a bad password */ /* test that error value is returned with a bad password */
AssertIntLT(wc_KeyPemToDer(buffer, bytes, der, (word32)sizeof(der), AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"bad"), 0); "bad"), 0);
/* test loading DER PKCS8 encrypted ECC Key file */ /* test loading DER PKCS8 encrypted ECC Key file */
f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb"); f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
flag = 1; /* used by password callback as return code */ flag = 1; /* used by password callback as return code */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */ /* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */ flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* leave flag as "okay" */ /* leave flag as "okay" */
@ -5516,32 +5594,32 @@ static void test_wolfSSL_PKCS8(void)
/* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */ /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */
f = XFOPEN(serverKeyPkcs8DerFile, "rb"); f = XFOPEN(serverKeyPkcs8DerFile, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* test loading PEM PKCS8 private key file (not encrypted) */ /* test loading PEM PKCS8 private key file (not encrypted) */
f = XFOPEN(serverKeyPkcs8PemFile, "rb"); f = XFOPEN(serverKeyPkcs8PemFile, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif /* !NO_RSA */ #endif /* !NO_RSA */
/* Test PKCS8 PEM ECC key no crypt */ /* Test PKCS8 PEM ECC key no crypt */
f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb"); f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
#ifdef HAVE_ECC #ifdef HAVE_ECC
/* Test PKCS8 PEM ECC key no crypt */ /* Test PKCS8 PEM ECC key no crypt */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* decrypt PKCS8 PEM to key in DER format */ /* decrypt PKCS8 PEM to key in DER format */
AssertIntGT((bytes = wc_KeyPemToDer(buffer, bytes, der, AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
(word32)sizeof(der), NULL)), 0); (word32)sizeof(der), NULL)), 0);
ret = wc_ecc_init(&key); ret = wc_ecc_init(&key);
if (ret == 0) { if (ret == 0) {
@ -5553,15 +5631,15 @@ static void test_wolfSSL_PKCS8(void)
/* Test PKCS8 DER ECC key no crypt */ /* Test PKCS8 DER ECC key no crypt */
f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb"); f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
/* Test using a PKCS8 ECC PEM */ /* Test using a PKCS8 ECC PEM */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes, AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#else #else
/* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */ /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
AssertIntEQ((bytes = wc_KeyPemToDer(buffer, bytes, der, AssertIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
(word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER); (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@ -5722,7 +5800,7 @@ static void test_wolfSSL_X509_verify(void)
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
&& defined(OPENSSL_EXTRA) && defined(OPENSSL_EXTRA)
WOLFSSL_X509* ca; WOLFSSL_X509* ca;
WOLFSSL_X509* server; WOLFSSL_X509* serv;
WOLFSSL_EVP_PKEY* pkey; WOLFSSL_EVP_PKEY* pkey;
unsigned char buf[2048]; unsigned char buf[2048];
const unsigned char* pt = NULL; const unsigned char* pt = NULL;
@ -5746,7 +5824,7 @@ static void test_wolfSSL_X509_verify(void)
AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
AssertNotNull(server = AssertNotNull(serv =
wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)); wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM));
/* success case */ /* success case */
@ -5755,23 +5833,23 @@ static void test_wolfSSL_X509_verify(void)
AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz);
AssertIntEQ(wolfSSL_X509_verify(server, pkey), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
/* fail case */ /* fail case */
bufSz = 2048; bufSz = 2048;
AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(server, buf, &bufSz), AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz),
WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
pt = buf; pt = buf;
AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
AssertIntEQ(wolfSSL_X509_verify(server, pkey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR); AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
AssertIntEQ(wolfSSL_X509_verify(server, NULL), WOLFSSL_FATAL_ERROR); AssertIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
wolfSSL_EVP_PKEY_free(pkey); wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_FreeX509(ca); wolfSSL_FreeX509(ca);
wolfSSL_FreeX509(server); wolfSSL_FreeX509(serv);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif
@ -26865,7 +26943,7 @@ static void test_wolfSSL_tmp_dh(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
byte buffer[6000]; byte buff[6000];
char file[] = "./certs/dsaparams.pem"; char file[] = "./certs/dsaparams.pem";
XFILE f; XFILE f;
int bytes; int bytes;
@ -26891,10 +26969,10 @@ static void test_wolfSSL_tmp_dh(void)
f = XFOPEN(file, "rb"); f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE)); AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f); bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f); XFCLOSE(f);
bio = BIO_new_mem_buf((void*)buffer, bytes); bio = BIO_new_mem_buf((void*)buff, bytes);
AssertNotNull(bio); AssertNotNull(bio);
dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
@ -28567,7 +28645,7 @@ static int msgCb(SSL_CTX *ctx, SSL *ssl)
{ {
(void) ctx; (void) ctx;
(void) ssl; (void) ssl;
#ifdef WOLFSSL_QT #ifdef OPENSSL_ALL
STACK_OF(X509)* sk; STACK_OF(X509)* sk;
X509* x509; X509* x509;
int i, num; int i, num;
@ -28576,10 +28654,10 @@ static int msgCb(SSL_CTX *ctx, SSL *ssl)
printf("\n===== msgcb called ====\n"); printf("\n===== msgcb called ====\n");
#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL); AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL);
AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 1); AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2);
#endif #endif
#ifdef WOLFSSL_QT #ifdef OPENSSL_ALL
bio = BIO_new(BIO_s_file()); bio = BIO_new(BIO_s_file());
BIO_set_fp(bio, stdout, BIO_NOCLOSE); BIO_set_fp(bio, stdout, BIO_NOCLOSE);
sk = SSL_get_peer_cert_chain(ssl); sk = SSL_get_peer_cert_chain(ssl);

11
wolfssl/internal.h
View File

@ -59,6 +59,9 @@
#ifdef HAVE_POLY1305 #ifdef HAVE_POLY1305
#include <wolfssl/wolfcrypt/poly1305.h> #include <wolfssl/wolfcrypt/poly1305.h>
#endif #endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && defined(OPENSSL_EXTRA)
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#endif
#ifdef HAVE_CAMELLIA #ifdef HAVE_CAMELLIA
#include <wolfssl/wolfcrypt/camellia.h> #include <wolfssl/wolfcrypt/camellia.h>
#endif #endif
@ -1870,7 +1873,7 @@ WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
int haveRSAsig, int haveAnon, int haveRSAsig, int haveAnon,
int tls1_2, int keySz); int tls1_2, int keySz);
WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16, WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
word16, word16, word16, word16, word16, int); word16, word16, word16, word16, word16, word16, int);
WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites); WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
@ -2931,10 +2934,10 @@ struct WOLFSSL_CTX {
TicketEncCbCtx ticketKeyCtx; TicketEncCbCtx ticketKeyCtx;
#endif #endif
#endif #endif
#endif
#ifdef HAVE_SUPPORTED_CURVES #ifdef HAVE_SUPPORTED_CURVES
byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */ byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
#endif #endif
#endif
#ifdef ATOMIC_USER #ifdef ATOMIC_USER
CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */ CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */ CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
@ -3534,9 +3537,7 @@ typedef struct Options {
#ifdef HAVE_POLY1305 #ifdef HAVE_POLY1305
word16 oldPoly:1; /* set when to use old rfc way of poly*/ word16 oldPoly:1; /* set when to use old rfc way of poly*/
#endif #endif
#ifdef HAVE_ANON
word16 haveAnon:1; /* User wants to allow Anon suites */ word16 haveAnon:1; /* User wants to allow Anon suites */
#endif
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
word16 createTicket:1; /* Server to create new Ticket */ word16 createTicket:1; /* Server to create new Ticket */
word16 useTicket:1; /* Use Ticket not session cache */ word16 useTicket:1; /* Use Ticket not session cache */
@ -4369,7 +4370,7 @@ struct WOLFSSL {
#ifdef OPENSSL_ALL #ifdef OPENSSL_ALL
long verifyCallbackResult; long verifyCallbackResult;
#endif #endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_EXTRA)
WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
#endif #endif

5
wolfssl/openssl/ssl.h
View File

@ -409,6 +409,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_free wolfSSL_X509_free #define X509_free wolfSSL_X509_free
#define X509_load_certificate_file wolfSSL_X509_load_certificate_file #define X509_load_certificate_file wolfSSL_X509_load_certificate_file
#define X509_digest wolfSSL_X509_digest #define X509_digest wolfSSL_X509_digest
#define X509_pubkey_digest wolfSSL_X509_pubkey_digest
#define X509_get_ext_count wolfSSL_X509_get_ext_count #define X509_get_ext_count wolfSSL_X509_get_ext_count
#define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i #define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i
#define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d #define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d
@ -1126,6 +1127,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL3_AD_BAD_CERTIFICATE bad_certificate #define SSL3_AD_BAD_CERTIFICATE bad_certificate
#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
#define SSL_AD_UNRECOGNIZED_NAME unrecognized_name
#define SSL_AD_NO_RENEGOTIATION no_renegotiation
#define SSL_AD_INTERNAL_ERROR 80
#define ASN1_STRFLGS_ESC_MSB 4 #define ASN1_STRFLGS_ESC_MSB 4
@ -1166,6 +1170,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL3_AL_FATAL 2 #define SSL3_AL_FATAL 2
#define SSL_TLSEXT_ERR_OK 0 #define SSL_TLSEXT_ERR_OK 0
#define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal #define SSL_TLSEXT_ERR_ALERT_FATAL alert_fatal
#define SSL_TLSEXT_ERR_ALERT_WARNING alert_warning
#define SSL_TLSEXT_ERR_NOACK alert_warning #define SSL_TLSEXT_ERR_NOACK alert_warning
#define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME #define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME

10
wolfssl/ssl.h
View File

@ -2115,8 +2115,8 @@ WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
const unsigned char*, unsigned int); const unsigned char*, unsigned int);
WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*); WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*);
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl);
#endif #endif
@ -3479,6 +3479,8 @@ WOLFSSL_API void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx,
WOLFSSL_API void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx); WOLFSSL_API void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx);
WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509, WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len); const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
WOLFSSL_API int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509,
const WOLFSSL_EVP_MD *digest, unsigned char* buf, unsigned int* len);
WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
@ -3986,9 +3988,9 @@ WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
const WOLFSSL_ASN1_INTEGER *a); const WOLFSSL_ASN1_INTEGER *a);
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)( typedef int (*ticketCompatCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
WOLFSSL *ssl, unsigned char *name, unsigned char *iv, WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc);
WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc)); WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, ticketCompatCb);
#endif #endif
#if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ #if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \

2
wolfssl/wolfcrypt/asn.h
View File

@ -1390,6 +1390,8 @@ struct OcspEntry
byte* rawCertId; /* raw bytes of the CertID */ byte* rawCertId; /* raw bytes of the CertID */
int rawCertIdSize; /* num bytes in raw CertID */ int rawCertIdSize; /* num bytes in raw CertID */
/* option bits - using 32-bit for alignment */ /* option bits - using 32-bit for alignment */
word32 ownStatus:1; /* do we need to free the status
* response list */
word32 isDynamic:1; /* was dynamically allocated */ word32 isDynamic:1; /* was dynamically allocated */
}; };