From 96cf16848c8939576a3206cf0b2094c70bb507f8 Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Tue, 14 Jul 2015 14:56:26 -0600 Subject: [PATCH] Stunnel Base Commit --- configure.ac | 81 ++++-- src/internal.c | 2 +- src/ssl.c | 493 +++++++++++++++++++++++++++++++------ wolfcrypt/src/coding.c | 19 +- wolfssl/internal.h | 12 +- wolfssl/openssl/asn1.h | 17 ++ wolfssl/openssl/crypto.h | 5 + wolfssl/openssl/dh.h | 7 +- wolfssl/openssl/err.h | 3 +- wolfssl/openssl/opensslv.h | 8 +- wolfssl/openssl/rand.h | 2 + wolfssl/openssl/ssl.h | 53 +++- wolfssl/ssl.h | 94 ++++++- wolfssl/wolfcrypt/coding.h | 3 + 14 files changed, 675 insertions(+), 124 deletions(-) diff --git a/configure.ac b/configure.ac index 96a7aa7a9..a05f9e221 100644 --- a/configure.ac +++ b/configure.ac @@ -1130,21 +1130,6 @@ fi AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"]) -# MD4 -AC_ARG_ENABLE([md4], - [ --enable-md4 Enable MD4 (default: disabled)], - [ ENABLED_MD4=$enableval ], - [ ENABLED_MD4=no ] - ) - -if test "$ENABLED_MD4" = "no" -then - AM_CFLAGS="$AM_CFLAGS -DNO_MD4" -fi - -AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"]) - - # Web Server Build AC_ARG_ENABLE([webserver], [ --enable-webserver Enable Web Server (default: disabled)], @@ -1717,6 +1702,65 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1" fi +# stunnel Support +AC_ARG_ENABLE([stunnel], + [ --enable-stunnel Enable stunnel (default: disabled)], + [ ENABLED_STUNNEL=$enableval ], + [ ENABLED_STUNNEL=no ] + ) +if test "$ENABLED_STUNNEL" = "yes" +then + # Requires opensslextra make sure on + if test "x$ENABLED_OPENSSLEXTRA" = "xno" + then + ENABLED_OPENSSLEXTRA="yes" + AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + fi + + # Requires coding make sure on + if test "x$ENABLED_CODING" = "xno" + then + ENABLED_CODING="yes" + fi + + # For now, requires no fastmath, turn off if on + if test "x$ENABLED_FASTMATH" = "xyes" + then + ENABLED_FASTMATH = "no" + fi + + # Requires sessioncerts make sure on + if test "x$ENABLED_SESSIONCERTS" = "xno" + then + ENABLED_SESSIONCERTS="yes" + AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" + fi + + AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL" +fi + + +# MD4 +AC_ARG_ENABLE([md4], + [ --enable-md4 Enable MD4 (default: disabled)], + [ ENABLED_MD4=$enableval ], + [ ENABLED_MD4=no ] + ) + + +if test "$ENABLED_MD4" = "no" +then + #turn on MD4 if using stunnel + if test "x$ENABLED_STUNNEL" = "xyes" + then + ENABLED_MD4="yes" + else + AM_CFLAGS="$AM_CFLAGS -DNO_MD4" + fi +fi + +AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"]) + # PWDBASED has to come after certservice since we want it on w/o explicit on # PWDBASED @@ -1745,7 +1789,11 @@ FASTMATH_DEFAULT=no if test "$host_cpu" = "x86_64" then -FASTMATH_DEFAULT=yes + # fastmath turned off for stunnel by default + if test "x$ENABLED_STUNNEL" = "xno" + then + FASTMATH_DEFAULT=yes + fi fi # fastmath @@ -2218,6 +2266,7 @@ echo " * CODING: $ENABLED_CODING" echo " * MEMORY: $ENABLED_MEMORY" echo " * I/O POOL: $ENABLED_IOPOOL" echo " * LIGHTY: $ENABLED_LIGHTY" +echo " * STUNNEL: $ENABLED_STUNNEL" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" echo " * Old TLS Versions: $ENABLED_OLD_TLS" diff --git a/src/internal.c b/src/internal.c index b63b1fe2a..ceef2eeab 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4464,7 +4464,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, #else store->current_cert = NULL; #endif -#ifdef FORTRESS +#if defined(HAVE_FORTRESS) || defined(HAVE_STUNNEL) store->ex_data = ssl; #endif ok = ssl->verifyCallback(0, store); diff --git a/src/ssl.c b/src/ssl.c index 7e40efa64..4e10a3a6e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7163,7 +7163,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_X509_STORE_CTX* ctx) { (void)ctx; - return 0; + return NULL; } @@ -8787,14 +8787,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert) { WOLFSSL_ENTER("X509_get_issuer_name"); - return &cert->issuer; + if(cert) + return &cert->issuer; + return NULL; } WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert) { WOLFSSL_ENTER("X509_get_subject_name"); - return &cert->subject; + if(cert) + return &cert->subject; + return NULL; } @@ -9467,23 +9471,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) #ifdef OPENSSL_EXTRA -int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) -{ -#ifdef FORTRESS - if (ssl != NULL && idx < MAX_EX_DATA) - { - ssl->ex_data[idx] = data; - return SSL_SUCCESS; - } -#else - (void)ssl; - (void)idx; - (void)data; -#endif - return SSL_FAILURE; -} - - int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, unsigned int len) { @@ -10130,19 +10117,6 @@ int wolfSSL_COMP_add_compression_method(int method, void* data) } - -int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, - void* cb3) -{ - (void)idx; - (void)data; - (void)cb1; - (void)cb2; - (void)cb3; - return 0; -} - - void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)( const char*, int)) { @@ -10300,6 +10274,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk) { (void)sk; + WOLFSSL_ENTER(__func__); if (ctx != NULL) { ctx->store = store; ctx->current_cert = x509; @@ -10486,7 +10461,8 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i) void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) { -#ifdef FORTRESS + WOLFSSL_ENTER(__func__); +#if defined(FORTRESS) || defined(HAVE_STUNNEL) if (ctx != NULL && idx == 0) return ctx->ex_data; #else @@ -10499,24 +10475,13 @@ void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void) { + WOLFSSL_ENTER(__func__); return 0; } -void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) -{ -#ifdef FORTRESS - if (ssl != NULL && idx < MAX_EX_DATA) - return ssl->ex_data[idx]; -#else - (void)ssl; - (void)idx; -#endif - return 0; -} - - -void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, void (*f)(void)) +void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, + void (*f)(const WOLFSSL* ssl, int type, int val)) { (void)ctx; (void)f; @@ -10529,7 +10494,7 @@ unsigned long wolfSSL_ERR_peek_error(void) } -int wolfSSL_ERR_GET_REASON(int err) +int wolfSSL_ERR_GET_REASON(unsigned long err) { (void)err; return 0; @@ -10550,7 +10515,7 @@ char* wolfSSL_alert_desc_string_long(int alertID) } -char* wolfSSL_state_string_long(WOLFSSL* ssl) +char* wolfSSL_state_string_long(const WOLFSSL* ssl) { (void)ssl; return 0; @@ -10709,23 +10674,6 @@ void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i) /* stunnel 4.28 needs */ -void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int d) -{ - (void)ctx; - (void)d; - return 0; -} - - -int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int d, void* p) -{ - (void)ctx; - (void)d; - (void)p; - return SSL_SUCCESS; -} - - void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*)) { @@ -10783,17 +10731,6 @@ long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess) } -int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, - void* c) -{ - (void)idx; - (void)arg; - (void)a; - (void)b; - (void)c; - return 0; -} - #endif /* OPENSSL_EXTRA */ @@ -15318,3 +15255,403 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #endif #endif + +#ifdef OPENSSL_EXTRA +void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) +{ + WOLFSSL_ENTER(__func__); + #ifdef HAVE_STUNNEL + if(ctx != NULL && idx < MAX_EX_DATA) { + return ctx->ex_data[idx]; + } + #else + (void)ctx; + (void)idx; + #endif + return NULL; +} + + +int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, + void* c) +{ + WOLFSSL_ENTER(__func__); + (void)idx; + (void)arg; + (void)a; + (void)b; + (void)c; + return 0; +} + + +int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) +{ + WOLFSSL_ENTER(__func__); + #ifdef HAVE_STUNNEL + if (ctx != NULL && idx < MAX_EX_DATA) + { + ctx->ex_data[idx] = data; + return SSL_SUCCESS; + } + #else + (void)ctx; + (void)idx; + (void)data; + #endif + return SSL_FAILURE; +} + + +int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) +{ + WOLFSSL_ENTER(__func__); +#if defined(FORTRESS) || defined(HAVE_STUNNEL) + if (ssl != NULL && idx < MAX_EX_DATA) + { + ssl->ex_data[idx] = data; + return SSL_SUCCESS; + } +#else + (void)ssl; + (void)idx; + (void)data; +#endif + return SSL_FAILURE; +} + + +int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, + void* cb3) +{ + WOLFSSL_ENTER(__func__); + (void)idx; + (void)data; + (void)cb1; + (void)cb2; + (void)cb3; + return 0; +} + + +void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) +{ + WOLFSSL_ENTER(__func__); +#if defined(FORTRESS) || defined(HAVE_STUNNEL) + if (ssl != NULL && idx < MAX_EX_DATA) + return ssl->ex_data[idx]; +#else + (void)ssl; + (void)idx; +#endif + return 0; +} +#endif /* OPENSSL_EXTRA */ + + + +/* stunnel compatability functions*/ +#if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL) +int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) +{ + WOLFSSL_ENTER(__func__); + #ifdef HAVE_STUNNEL + if(session != NULL && idx < MAX_EX_DATA) { + session->ex_data[idx] = data; + return SSL_SUCCESS; + } + #else + (void)session; + (void)idx; + (void)data; + #endif + return SSL_FAILURE; +} + + +int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1, + void* cb2, void* cb3) +{ + WOLFSSL_ENTER(__func__); + (void)idx; + (void)cb1; + (void)cb2; + (void)cb3; + #ifdef HAVE_STUNNEL + if(XSTRNCMP(data, "redirect index", 14) == 0) { + return 0; + } + else if(XSTRNCMP(data, "addr index", 10) == 0) { + return 1; + } + #else + (void)data; + #endif + return SSL_FAILURE; +} + + +void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx) +{ + WOLFSSL_ENTER(__func__); + #ifdef HAVE_STUNNEL + if (session != NULL && idx < MAX_EX_DATA) + return session->ex_data[idx]; + #else + (void)session; + (void)idx; + #endif + return NULL; +} + + +WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) +{ + (void) filename; + (void) mode; + return NULL; +} + + +int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, + int), void (*f) (void *)) +{ + (void) m; + (void) r; + (void) f; + + return SSL_FAILURE; +} + + +WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, void *), void *cb_arg) +{ + (void)prime_len; + (void)generator; + (void)callback; + (void)cb_arg; + return NULL; +} + + +void wolfSSL_ERR_load_crypto_strings(void){} +unsigned long wolfSSL_ERR_peek_last_error(void) +{ + unsigned long l = 0UL; + return l; +} + + +int wolfSSL_FIPS_mode(void) +{ + return SSL_FAILURE; +} + +int wolfSSL_FIPS_mode_set(int r) +{ + (void)r; + return SSL_FAILURE; +} + + +WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u) +{ + (void) bp; + (void) x; + (void) cb; + (void) u; + + return NULL; +} + + +int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) +{ + (void) bp; + (void) x; + return SSL_FAILURE; +} + + +int wolfSSL_RAND_set_rand_method(const void *meth) +{ + (void) meth; + return SSL_FAILURE; +} + + +int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) +{ + if(c != NULL && c->ssl != NULL) { + if(alg_bits != NULL) { + *alg_bits = 8 * c->ssl->specs.key_size; + } + return 8 * c->ssl->specs.key_size; + } + return SSL_FAILURE; +} + + +int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s) +{ + (void) s; + return SSL_FAILURE; +} + + +int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s) +{ + (void) s; + return SSL_FAILURE; +} + + +int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* nm, + int indent, unsigned long flags) +{ + (void)bio; + (void)nm; + (void)indent; + (void)flags; + return SSL_FAILURE; +} + + +WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x) +{ + (void)x; + return NULL; +} + + +int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) +{ + (void)ctx; + (void)session; + return SSL_SUCCESS; +} + + +int wolfSSL_get_state(const WOLFSSL* ssl) +{ + (void)ssl; + return SSL_FAILURE; +} + + +void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)* sk, int i) +{ + (void)sk; + (void)i; + return NULL; +} + + +void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i) +{ + (void)sk; + (void)i; + return NULL; +} + + +int wolfSSL_version(WOLFSSL* ssl) +{ + if (ssl->version.major == SSLv3_MAJOR) { + switch (ssl->version.minor) { + case SSLv3_MINOR : + return SSL3_VERSION; + case TLSv1_MINOR : + case TLSv1_1_MINOR : + case TLSv1_2_MINOR : + return TLS1_VERSION; + default: + return SSL_FAILURE; + } + } + else if (ssl->version.major == DTLS_MAJOR) { + switch (ssl->version.minor) { + case DTLS_MINOR : + case DTLSv1_2_MINOR : + return DTLS1_VERSION; + default: + return SSL_FAILURE; + } + } + return SSL_FAILURE; +} + + +STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) +{ + (void)ssl; + return NULL; +} + + +long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) +{ + (void)ctx; + return 0; +} + + +WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl) +{ + return ssl->ctx; +} + +int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name) +{ + if(!name) + return -1; + return name->sz; +} + +#ifndef NO_DH +/* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */ +long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) +{ + int pSz, gSz; + byte *p, *g; + int ret=0; + + pSz = wolfSSL_BN_bn2bin(dh->p, NULL); + gSz = wolfSSL_BN_bn2bin(dh->g, NULL); + + p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH); + if(!p) + return MEMORY_E; + + g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH); + if(!g) { + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + return MEMORY_E; + } + + pSz = wolfSSL_BN_bn2bin(dh->p, p); + gSz = wolfSSL_BN_bn2bin(dh->g, g); + + if(pSz != SSL_FATAL_ERROR && gSz != SSL_FATAL_ERROR) + ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); + + if(p) + XFREE(p, ctx->heap, DYNAMIC_TYPE_DH); + if(g) + XFREE(g, ctx->heap, DYNAMIC_TYPE_DH); + + return pSz > 0 && gSz > 0 ? SSL_FATAL_ERROR : ret; +} +#endif /* NO_DH */ + + +const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen) +{ + if(!sess) + return NULL; + *idLen = sess->sessionIDSz; + return sess->sessionID; +} +#endif /* OPENSSL_EXTRA and HAVE_STUNNEL */ diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 6ead79caf..61c78b1dc 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -166,8 +166,8 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max, else basic = base64Encode[e]; - /* check whether to escape */ - if (escaped) { + /* check whether to escape. Only escape for EncodeEsc */ + if (escaped == 1) { switch ((char)basic) { case '+' : plus = 1; @@ -235,8 +235,10 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, word32 outSz = (inLen + 3 - 1) / 3 * 4; word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */ - if (escaped) + if (escaped == 1) addSz *= 3; /* instead of just \n, we're doing %0A triplet */ + else if (escaped == 2) + addSz = 0; /* encode without \n */ outSz += addSz; @@ -267,7 +269,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, inLen -= 3; - if ((++n % (PEM_LINE_SZ / 4)) == 0 && inLen) { + /* Insert newline after PEM_LINE_SZ, unless no \n requested */ + if (escaped != 2 && (++n % (PEM_LINE_SZ / 4)) == 0 && inLen) { ret = CEscape(escaped, '\n', out, &i, *outLen, 1); if (ret != 0) break; } @@ -299,10 +302,10 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, ret = CEscape(escaped, '=', out, &i, *outLen, 1); } - if (ret == 0) + if (ret == 0 && escaped != 2) ret = CEscape(escaped, '\n', out, &i, *outLen, 1); - if (i != outSz && escaped == 0 && ret == 0) + if (i != outSz && escaped != 1 && ret == 0) return ASN_INPUT_E; *outLen = i; @@ -323,6 +326,10 @@ int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen) return DoBase64_Encode(in, inLen, out, outLen, 1); } +int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen) +{ + return DoBase64_Encode(in, inLen, out, outLen, 2); +} #endif /* defined(WOLFSSL_BASE64_ENCODE) */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 9664bf0e4..66c0d18cd 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -890,7 +890,7 @@ enum Misc { MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */ -#ifdef FORTRESS +#if defined(FORTRESS) || defined (HAVE_STUNNEL) MAX_EX_DATA = 3, /* allow for three items of ex_data */ #endif @@ -1612,8 +1612,11 @@ struct WOLFSSL_CTX { #endif /* HAVE_ANON */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) pem_password_cb passwd_cb; - void* userdata; + void* userdata; #endif /* OPENSSL_EXTRA */ +#ifdef HAVE_STUNNEL + void* ex_data[MAX_EX_DATA]; +#endif #ifdef HAVE_OCSP WOLFSSL_OCSP ocsp; #endif @@ -1847,6 +1850,9 @@ struct WOLFSSL_SESSION { word16 ticketLen; byte ticket[SESSION_TICKET_LEN]; #endif +#ifdef HAVE_STUNNEL + void* ex_data[MAX_EX_DATA]; +#endif }; @@ -2300,7 +2306,7 @@ struct WOLFSSL { #ifdef KEEP_PEER_CERT WOLFSSL_X509 peerCert; /* X509 peer cert */ #endif -#ifdef FORTRESS +#if defined(FORTRESS) || defined(HAVE_STUNNEL) void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ #endif #ifdef HAVE_CAVIUM diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 3f34d7d2c..11cafa840 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -1,2 +1,19 @@ /* asn1.h for openssl */ +#ifndef WOLFSSL_ASN1_H_ +#define WOLFSSL_ASN1_H_ +struct WOLFSSL_ASN1_BIT_STRING { + int length; + int type; + char* data; + long flags; +}; + +struct WOLFSSL_ASN1_STRING { + int length; + int type; + char* data; + long flags; +}; + +#endif /* WOLFSSL_ASN1_H_ */ diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 8f7c6f40e..97360408b 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -21,6 +21,11 @@ WOLFSSL_API unsigned long wolfSSLeay(void); #define SSLEAY_VERSION 0x0090600fL #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION +#ifdef HAVE_STUNNEL +#define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions +#define FIPS_mode wolfSSL_FIPS_mode +#define FIPS_mode_set wolfSSL_FIPS_mode_set +#endif /* HAVE_STUNNEL */ #endif /* header */ diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index 2bdb67522..e38b7f7af 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -11,7 +11,7 @@ extern "C" { #endif -typedef struct WOLFSSL_DH { +struct WOLFSSL_DH { WOLFSSL_BIGNUM* p; WOLFSSL_BIGNUM* g; WOLFSSL_BIGNUM* pub_key; /* openssh deference g^x */ @@ -23,7 +23,7 @@ typedef struct WOLFSSL_DH { * lighttpd src code. */ int length; -} WOLFSSL_DH; +}; WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void); @@ -48,4 +48,7 @@ typedef WOLFSSL_DH DH; } /* extern "C" */ #endif +#ifdef HAVE_STUNNEL +#define DH_generate_parameters wolfSSL_DH_generate_parameters +#endif /* HAVE_STUNNEL */ #endif /* header */ diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h index 7e7f1eb78..951386868 100644 --- a/wolfssl/openssl/err.h +++ b/wolfssl/openssl/err.h @@ -1,2 +1,3 @@ /* err.h for openssl */ - +#define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings +#define ERR_peek_last_error wolfSSL_ERR_peek_last_error diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index dc8de4260..067f22658 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -5,7 +5,13 @@ /* api version compatibility */ -#define OPENSSL_VERSION_NUMBER 0x0090810fL +#ifdef HAVE_STUNNEL + #define OPENSSL_VERSION_NUMBER 0x0090700fL +#else + #define OPENSSL_VERSION_NUMBER 0x0090810fL +#endif + +#define OPENSSL_VERSION_TEXT LIBWOLFSSL_VERSION_STRING #endif /* header */ diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h index c1fa62e1c..bc1f83a88 100644 --- a/wolfssl/openssl/rand.h +++ b/wolfssl/openssl/rand.h @@ -1,4 +1,6 @@ /* rand.h for openSSL */ #include +#include +#define RAND_set_rand_method wolfSSL_RAND_set_rand_method diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 103d5f217..1613448c7 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -289,7 +289,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_get_serialNumber wolfSSL_X509_get_serialNumber -#define ASN1_TIME_pr wolfSSL_ASN1_TIME_pr +#define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get @@ -304,7 +304,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata #define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb -#define SSL_CTX_set_timeout wolfSSL_CTX_set_timeout +#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to) #define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback #define ERR_peek_error wolfSSL_ERR_peek_error @@ -392,7 +392,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb #define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION -#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION +#define d2i_SSL_SESSION(sess, val, length) \ + wolfSSL_d2i_SSL_SESSION(sess, (const unsigned char **)val, length) #define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout #define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout #define SSL_SESSION_get_time wolfSSL_SESSION_get_time @@ -433,6 +434,52 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #endif + +#ifdef HAVE_STUNNEL +#include + +/* defined as: (SSL_ST_ACCEPT|SSL_CB_LOOP), which becomes 0x2001*/ +#define SSL_CB_ACCEPT_LOOP 0x2001 +#define SSL2_VERSION 0x0002 +#define SSL3_VERSION 0x0300 +#define TLS1_VERSION 0x0301 +#define DTLS1_VERSION 0xFEFF +#define SSL23_ST_SR_CLNT_HELLO_A (0x210|0x2000) +#define SSL3_ST_SR_CLNT_HELLO_A (0x110|0x2000) +#define ASN1_STRFLGS_ESC_MSB 4 +#define X509_V_ERR_CERT_REJECTED 28 + +#define BIO_new_file wolfSSL_BIO_new_file +#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams +#define PEM_write_bio_X509 wolfSSL_PEM_write_bio_X509 +#define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long +#define SSL_alert_type_string_long wolfSSL_alert_type_string_long +#define SSL_CIPHER_get_bits wolfSSL_CIPHER_get_bits +#define sk_X509_NAME_num wolfSSL_sk_X509_NAME_num +#define sk_X509_num wolfSSL_sk_X509_num +#define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex +#define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr +#define SSL_CTX_get_options wolfSSL_CTX_get_options + +#define SSL_CTX_flush_sessions wolfSSL_flush_sessions +#define SSL_CTX_add_session wolfSSL_CTX_add_session +#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX +#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh +#define SSL_version wolfSSL_version +#define SSL_get_state wolfSSL_get_state +#define SSL_state_string_long wolfSSL_state_string_long +#define SSL_get_peer_cert_chain wolfSSL_get_peer_cert_chain +#define sk_X509_NAME_value wolfSSL_sk_X509_NAME_value +#define sk_X509_value wolfSSL_sk_X509_value +#define SSL_SESSION_get_ex_data wolfSSL_SESSION_get_ex_data +#define SSL_SESSION_set_ex_data wolfSSL_SESSION_set_ex_data +#define SSL_SESSION_get_ex_new_index wolfSSL_SESSION_get_ex_new_index +#define SSL_SESSION_get_id wolfSSL_SESSION_get_id +typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; +typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; + +#endif /* HAVE_STUNNEL */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5b794e079..d3d4a4aa3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -92,14 +92,10 @@ typedef struct WOLFSSL_ASN1_INTEGER WOLFSSL_ASN1_INTEGER; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; -#ifdef HAVE_LIGHTY - typedef struct WOLFSSL_ASN1_STRING{ - char* data; - int length; - } WOLFSSL_ASN1_STRING; -#else - typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; -#endif +typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; +typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; +typedef struct WOLFSSL_DH WOLFSSL_DH; +typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME @@ -148,6 +144,7 @@ typedef struct WOLFSSL_X509_REVOKED { typedef struct WOLFSSL_X509_OBJECT { union { char* ptr; + WOLFSSL_X509 *x509; WOLFSSL_X509_CRL* crl; /* stunnel dereference */ } data; } WOLFSSL_X509_OBJECT; @@ -342,7 +339,7 @@ WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int); WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*); -WOLFSSL_API int wolfSSL_ERR_GET_REASON(int err); +WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err); WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*); WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long sz); @@ -526,14 +523,15 @@ WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb); -WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, void (*)(void)); +WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, + void (*)(const WOLFSSL* ssl, int type, int val)); WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void); WOLFSSL_API int wolfSSL_GET_REASON(int); WOLFSSL_API char* wolfSSL_alert_type_string_long(int); WOLFSSL_API char* wolfSSL_alert_desc_string_long(int); -WOLFSSL_API char* wolfSSL_state_string_long(WOLFSSL*); +WOLFSSL_API char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); @@ -646,11 +644,16 @@ enum { X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20, X509_V_ERR_CERT_HAS_EXPIRED = 21, X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 22, - + X509_V_ERR_CERT_REJECTED = 23, X509_V_OK = 0, + XN_FLAG_SPC_EQ = (1 << 23), + XN_FLAG_ONELINE = 0, + CRYPTO_LOCK = 1, - CRYPTO_NUM_LOCKS = 10 + CRYPTO_NUM_LOCKS = 10, + + ASN1_STRFLGS_ESC_MSB = 4 }; /* extras end */ @@ -1541,6 +1544,71 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X #endif +#ifdef HAVE_STUNNEL + +WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode); + +WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); + +WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, void *), void *cb_arg); + +WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void); + +WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void); + +WOLFSSL_API int wolfSSL_FIPS_mode(void); + +WOLFSSL_API int wolfSSL_FIPS_mode_set(int r); + +WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, + WOLFSSL_DH **x, pem_password_cb *cb, void *u); + +WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); + +WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth); + +WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits); + +WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s); + +WOLFSSL_API int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s); + +WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,unsigned long); + +WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( + const WOLFSSL_X509*); + +WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); + +WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_version(WOLFSSL*); + +WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*); + +WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)*, int); + +WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int); + +WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); + +WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); + +WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); + +WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); + +WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,void*); + +WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); + +WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); + +WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, unsigned int*); +#endif /* HAVE_STUNNEL */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h index 286e437a4..b92921bd8 100644 --- a/wolfssl/wolfcrypt/coding.h +++ b/wolfssl/wolfcrypt/coding.h @@ -48,6 +48,9 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out, WOLFSSL_API int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen); + WOLFSSL_API + int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, + word32* outLen); #endif #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS)