diff --git a/src/ssl.c b/src/ssl.c index 4a85872d5..243743adf 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10846,7 +10846,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) return WOLFSSL_FATAL_ERROR; - + return WOLFSSL_SUCCESS; } @@ -11333,18 +11333,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return ctx->mask; } - + static long wolf_set_options(long old_op, long op); long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) { - WOLFSSL *ssl; WOLFSSL_ENTER("SSL_CTX_set_options"); - if(ctx == NULL) + + if (ctx == NULL) return BAD_FUNC_ARG; - ssl = wolfSSL_new(ctx); - if(ssl == NULL) - return SSL_FAILURE; - ctx->mask = wolfSSL_set_options(ssl, opt); - wolfSSL_free(ssl); + + ctx->mask = wolf_set_options(ctx->mask, opt); + return ctx->mask; } @@ -17917,7 +17915,7 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) if((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, DYNAMIC_TYPE_X509_STORE)) == NULL) goto err_exit; - + if((store->cm = wolfSSL_CertManagerNew()) == NULL) goto err_exit; @@ -17925,11 +17923,11 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) #ifdef HAVE_CRL store->crl = NULL; - if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL), + if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) goto err_exit; if(InitCRL(store->crl, NULL) < 0) - goto err_exit; + goto err_exit; #endif return store; @@ -18086,7 +18084,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } #endif /* NO_CERTS */ -#if !defined(NO_FILESYSTEM) +#if !defined(NO_FILESYSTEM) static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) { void *newx509 = NULL; @@ -18114,7 +18112,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) { WOLFSSL_MSG("File read failed"); goto err_exit; - } + } if(type == CERT_TYPE) newx509 = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); #ifdef HAVE_CRL @@ -18206,7 +18204,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned ch WOLFSSL_MSG("Init tmp CRL failed"); goto err_exit; } - ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1); + ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1); if (ret != WOLFSSL_SUCCESS){ WOLFSSL_MSG("Buffer Load CRL failed"); goto err_exit; @@ -18218,7 +18216,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned ch err_exit: if(newcrl != NULL) - wolfSSL_X509_CRL_free(newcrl); + wolfSSL_X509_CRL_free(newcrl); newcrl = NULL; _exit: return newcrl; @@ -19385,19 +19383,9 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) } #endif -long wolfSSL_set_options(WOLFSSL* ssl, long op) +static long wolf_set_options(long old_op, long op) { - word16 haveRSA = 1; - word16 havePSK = 0; - int keySz = 0; - - WOLFSSL_ENTER("wolfSSL_set_options"); - - if (ssl == NULL) { - return 0; - } - - /* if SSL_OP_ALL then turn all bug workarounds one */ + /* if SSL_OP_ALL then turn all bug workarounds on */ if ((op & SSL_OP_ALL) == SSL_OP_ALL) { WOLFSSL_MSG("\tSSL_OP_ALL"); @@ -19414,64 +19402,97 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) op |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; } - ssl->options.mask |= op; - /* by default cookie exchange is on with DTLS */ - if ((ssl->options.mask & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) { + if ((op & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) { WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default"); } - if ((ssl->options.mask & WOLFSSL_OP_NO_SSLv2) == WOLFSSL_OP_NO_SSLv2) { + if ((op & WOLFSSL_OP_NO_SSLv2) == WOLFSSL_OP_NO_SSLv2) { WOLFSSL_MSG("\tWOLFSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2"); } - if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) { + if ((op & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) { WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_3"); - if (ssl->version.minor == TLSv1_3_MINOR) - ssl->version.minor = TLSv1_2_MINOR; } - if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { + if ((op & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2"); - if (ssl->version.minor == TLSv1_2_MINOR) - ssl->version.minor = TLSv1_1_MINOR; } - if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { + if ((op & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1"); - if (ssl->version.minor == TLSv1_1_MINOR) - ssl->version.minor = TLSv1_MINOR; } - if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { + if ((op & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { WOLFSSL_MSG("\tSSL_OP_NO_TLSv1"); - if (ssl->version.minor == TLSv1_MINOR) - ssl->version.minor = SSLv3_MINOR; } - if ((ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { + if ((op & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); } - if ((ssl->options.mask & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { + if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { #ifdef HAVE_LIBZ WOLFSSL_MSG("SSL_OP_NO_COMPRESSION"); - ssl->options.usingCompression = 0; #else WOLFSSL_MSG("SSL_OP_NO_COMPRESSION: compression not compiled in"); #endif } + return old_op | op; +} + +long wolfSSL_set_options(WOLFSSL* ssl, long op) +{ + word16 haveRSA = 1; + word16 havePSK = 0; + int keySz = 0; + + WOLFSSL_ENTER("wolfSSL_set_options"); + + if (ssl == NULL) { + return 0; + } + + ssl->options.mask = wolf_set_options(ssl->options.mask, op); + + if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) { + if (ssl->version.minor == TLSv1_3_MINOR) + ssl->version.minor = TLSv1_2_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { + if (ssl->version.minor == TLSv1_2_MINOR) + ssl->version.minor = TLSv1_1_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { + if (ssl->version.minor == TLSv1_1_MINOR) + ssl->version.minor = TLSv1_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { + if (ssl->version.minor == TLSv1_MINOR) + ssl->version.minor = SSLv3_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { + #ifdef HAVE_LIBZ + ssl->options.usingCompression = 0; + #endif + } + /* in the case of a version change the cipher suites should be reset */ - #ifndef NO_PSK - havePSK = ssl->options.havePSK; - #endif - #ifdef NO_RSA - haveRSA = 0; - #endif - #ifndef NO_CERTS - keySz = ssl->buffers.keySz; - #endif +#ifndef NO_PSK + havePSK = ssl->options.havePSK; +#endif +#ifdef NO_RSA + haveRSA = 0; +#endif +#ifndef NO_CERTS + keySz = ssl->buffers.keySz; +#endif + InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveECC, @@ -27697,7 +27718,7 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, WOLFSSL_MSG("RSA_new failed"); return NULL; } - + if(wolfSSL_RSA_LoadDer_ex(rsa, *pp, (int)len, WOLFSSL_RSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS){ WOLFSSL_MSG("RSA_LoadDer failed"); @@ -28740,7 +28761,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) int derSz; long i = 0, l; WOLFSSL_X509_CRL* newcrl; - + WOLFSSL_ENTER("wolfSSL_PEM_read_X509_CRL"); if (fp == NULL) { @@ -29525,7 +29546,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } #endif /* ! NO_SHA256 */ -#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) /* One shot SHA384 hash of message. * * d message to hash @@ -29573,7 +29594,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) #endif /* defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) */ -#if defined(WOLFSSL_SHA512) +#if defined(WOLFSSL_SHA512) /* One shot SHA512 hash of message. * * d message to hash @@ -30873,8 +30894,9 @@ int wolfSSL_get_state(const WOLFSSL* ssl) /* stunnel compatibility functions*/ -#if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)) -void WOLFSSL_ERR_remove_thread_state(void* pid) +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))) +void wolfSSL_ERR_remove_thread_state(void* pid) { (void) pid; return; @@ -31016,6 +31038,7 @@ unsigned long wolfSSL_ERR_peek_last_error(void) #endif } #endif + #ifndef NO_WOLFSSL_STUB int wolfSSL_FIPS_mode(void) { @@ -31062,11 +31085,6 @@ int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) } return ret; } -#endif /* #if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)) */ - - -/* stunnel compatibility functions*/ -#if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)) int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *s) { @@ -31282,7 +31300,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CT } #endif -#endif /* OPENSSL_EXTRA and HAVE_STUNNEL */ +#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_LIGHTY)) */ + #if defined(OPENSSL_ALL) || \ (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ @@ -31785,7 +31804,7 @@ void wolfSSL_OPENSSL_config(char *config_name) #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c) { static int x509_idx = 0; @@ -32187,7 +32206,8 @@ int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, int (*cb)( } #endif /* HAVE_SESSION_TICKET */ -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA || HAVE_LIGHTY */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #ifdef HAVE_OCSP @@ -32734,7 +32754,7 @@ static int check_esc_char(char c, char *esc) return 0; } -int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, +int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags) { size_t str_len = 0, type_len = 0; @@ -32767,7 +32787,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, 'E', 'F' }; char hex_tmp[4]; char *str_ptr, *str_end; - + if (type_len > 0){ if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){ XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -32792,7 +32812,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, } str_ptr = str->data; - str_end = str->data + str->length; + str_end = str->data + str->length; while (str_ptr < str_end){ hex_tmp[0] = hex_char[*str_ptr >> 4]; hex_tmp[1] = hex_char[*str_ptr & 0xf]; @@ -32818,17 +32838,17 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, if (flags & ASN1_STRFLGS_ESC_2253){ char esc_ch[] = "+;<>\\"; - char* esc_ptr = NULL; + char* esc_ptr = NULL; esc_ptr = str->data; while (*esc_ptr != 0){ if (check_esc_char(*esc_ptr, esc_ch)){ if (wolfSSL_BIO_write(out,"\\", 1) != 1) - goto err_exit; + goto err_exit; str_len++; } if (wolfSSL_BIO_write(out, esc_ptr, 1) != 1) - goto err_exit; + goto err_exit; str_len++; esc_ptr++; } @@ -32870,14 +32890,14 @@ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, return NULL; } if (out == NULL || *out == NULL){ - ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, + ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ret == NULL){ WOLFSSL_MSG("memory alloc failed."); return NULL; } XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME)); - } else + } else ret = *out; if (time_type == ASN_GENERALIZED_TIME){ @@ -32887,14 +32907,14 @@ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, ret->data[0] = ASN_GENERALIZED_TIME; ret->data[1] = ASN_GENERALIZED_TIME_SIZE; data_ptr = ret->data + 2; - if (t->data[2] >= '5') + if (t->data[2] >= '5') XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "19%s", t->data + 2); else XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "20%s", t->data + 2); return ret; - } - + } + WOLFSSL_MSG("Invalid ASN_TIME value"); return NULL; } @@ -32969,7 +32989,7 @@ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) pptr += a->intData[1] - 1; while (!a->intData[str_len + 2] && str_len > 1){ *(pptr--) = 0; - str_len--; + str_len--; } /* 2's complement next octet */ *(pptr--) = ((a->intData[str_len + 1]) ^ 0xff) + 1; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index dce8fa3a2..697d3158e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4743,11 +4743,11 @@ int wc_GetDateInfo(const byte* certDate, int certDateSz, const byte** date, #ifndef NO_ASN_TIME int wc_GetDateAsCalendarTime(const byte* date, int length, byte format, - struct tm* time) + struct tm* timearg) { int idx = 0; (void)length; - if (!ExtractDate(date, format, time, &idx)) + if (!ExtractDate(date, format, timearg, &idx)) return ASN_TIME_E; return 0; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 52e49ba5b..327254e18 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1305,7 +1305,7 @@ int asn_test(void) int length; const byte* datePart; #ifndef NO_ASN_TIME - struct tm time; + struct tm timearg; #ifdef WORD64_AVAILABLE word64 now; #else @@ -1334,7 +1334,7 @@ int asn_test(void) return -1404; } - ret = wc_GetDateAsCalendarTime(datePart, length, format, &time); + ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg); if (ret != 0) return -1405; #endif /* !NO_ASN_TIME */ @@ -2834,7 +2834,7 @@ int hash_test(void) if (hashType != WC_HASH_TYPE_NONE) return -3071; #endif - + ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); #ifndef NO_MD5 if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index bec934a97..ef1bc3a5e 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2496,7 +2496,7 @@ struct WOLFSSL_CTX { CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif -#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))) CallbackSniRecv sniRecvCb; void* sniRecvCbArg; #endif diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 44a66189f..d91d20d2c 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -53,4 +53,4 @@ ASN1_STRFLGS_UTF8_CONVERT | \ ASN1_STRFLGS_DUMP_UNKNOWN | \ ASN1_STRFLGS_DUMP_DER) -#endif /* WOLFSSL_ASN1_H_ */ \ No newline at end of file +#endif /* WOLFSSL_ASN1_H_ */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a50e99bcb..69150c26e 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -789,7 +789,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define PSK_MAX_PSK_LEN 256 #define PSK_MAX_IDENTITY_LEN 128 -#define ERR_remove_thread_state WOLFSSL_ERR_remove_thread_state +#define ERR_remove_thread_state wolfSSL_ERR_remove_thread_state #define SSL_CTX_clear_options wolfSSL_CTX_clear_options @@ -844,7 +844,8 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define ERR_LIB_X509 10 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ + defined(HAVE_LIGHTY) #include @@ -918,7 +919,8 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_is_server wolfSSL_is_server #define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE || + OPENSSL_ALL || HAVE_LIGHTY */ #define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 93a5c3904..407f47d97 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -187,13 +187,13 @@ typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; struct WOLFSSL_ASN1_INTEGER { /* size can be increased set at 20 for tag, length then to hold at least 16 * byte type */ - unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX]; + unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX]; /* ASN_INTEGER | LENGTH | hex of number */ - unsigned char negative; /* negative number flag */ + unsigned char negative; /* negative number flag */ unsigned char* data; unsigned int dataMax; /* max size of data buffer */ - unsigned char isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ + unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ }; struct WOLFSSL_ASN1_TIME { @@ -2647,7 +2647,8 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) + || defined(OPENSSL_EXTRA) \ + || defined(HAVE_LIGHTY) #include @@ -2728,7 +2729,9 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); -WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); +WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); +/* support for depricated old name */ +#define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state #ifndef NO_FILESYSTEM WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp); @@ -2742,7 +2745,7 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); -#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ #if defined(OPENSSL_ALL) || \ defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ @@ -2800,7 +2803,7 @@ WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c); @@ -2860,7 +2863,8 @@ WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert); -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA || HAVE_LIGHTY*/ WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, unsigned int *len); diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index a3c914a58..48ec24658 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -153,7 +153,7 @@ typedef struct EncryptedInfo { char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */ byte iv[IV_SZ]; /* salt or encrypted IV */ - byte set:1; /* if encryption set */ + int set:1; /* if encryption set */ } EncryptedInfo;