From 2cf26a1353f560ab539c32a91ff18b210d9ba6cb Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 8 Aug 2019 19:18:16 -0700 Subject: [PATCH 1/3] Compatibility changes for OpenVSwitch. --- wolfssl/ssl.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 3d43a5ab7..27ae0e77e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1249,6 +1249,7 @@ enum { SSL_OP_TLS_ROLLBACK_BUG = 0x00000200, SSL_OP_ALL = 0x00000400, SSL_OP_EPHEMERAL_RSA = 0x00000800, + SSL_OP_NO_SSLv2 = 0x00000000, /* N/A */ SSL_OP_NO_SSLv3 = 0x00001000, SSL_OP_NO_TLSv1 = 0x00002000, SSL_OP_PKCS1_CHECK_1 = 0x00004000, @@ -1269,6 +1270,14 @@ enum { SSL_OP_NO_TLSv1_3 = 0x20000000, }; +#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \ + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3) + +#define SSL_NOTHING 1 +#define SSL_WRITING 2 +#define SSL_READING 3 + + enum { #ifdef HAVE_OCSP /* OCSP Flags */ From 342d03a2947e23976042a79508e5d6057dbd98da Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 8 Aug 2019 19:37:34 -0700 Subject: [PATCH 2/3] Added `SSL_want`. --- src/ssl.c | 12 ++++++++++++ wolfssl/openssl/ssl.h | 1 + wolfssl/ssl.h | 1 + 3 files changed, 14 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index a511ac933..90f908cff 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2857,6 +2857,18 @@ int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h) return WOLFSSL_SUCCESS; } +/* returns SSL_WRITING, SSL_READING or SSL_NOTHING */ +int wolfSSL_want(WOLFSSL* ssl) +{ + int rw_state = SSL_NOTHING; + if (ssl) { + if (ssl->error == WANT_READ) + rw_state = SSL_READING; + else if (ssl->error == WANT_WRITE) + rw_state = SSL_WRITING; + } + return rw_state; +} /* return TRUE if current error is want read */ int wolfSSL_want_read(WOLFSSL* ssl) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 9abd8bed2..b1f239ba2 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -626,6 +626,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_get_peer_certificate wolfSSL_get_peer_certificate #define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain +#define SSL_want wolfSSL_want #define SSL_want_read wolfSSL_want_read #define SSL_want_write wolfSSL_want_write diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 27ae0e77e..cbce79f8f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1625,6 +1625,7 @@ WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); +WOLFSSL_API int wolfSSL_want(WOLFSSL*); WOLFSSL_API int wolfSSL_want_read(WOLFSSL*); WOLFSSL_API int wolfSSL_want_write(WOLFSSL*); From c0317ad19868c17471a4494d92f7aa8726d3888f Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 8 Aug 2019 20:18:16 -0700 Subject: [PATCH 3/3] Fix to only expose `SSL_want` when `OPENSSL_EXTRA` is defined. --- src/ssl.c | 2 ++ wolfssl/ssl.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 90f908cff..316b71583 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2857,6 +2857,7 @@ int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h) return WOLFSSL_SUCCESS; } +#ifdef OPENSSL_EXTRA /* returns SSL_WRITING, SSL_READING or SSL_NOTHING */ int wolfSSL_want(WOLFSSL* ssl) { @@ -2869,6 +2870,7 @@ int wolfSSL_want(WOLFSSL* ssl) } return rw_state; } +#endif /* return TRUE if current error is want read */ int wolfSSL_want_read(WOLFSSL* ssl) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index cbce79f8f..4734c7e29 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1625,7 +1625,9 @@ WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); +#ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_want(WOLFSSL*); +#endif WOLFSSL_API int wolfSSL_want_read(WOLFSSL*); WOLFSSL_API int wolfSSL_want_write(WOLFSSL*);