wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-04 03:45:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Changes for WPA Supplicant

Browse Source
This commit is contained in:
Sean Parkinson
2017-02-10 08:45:10 +10:00
parent 7bef7aaa81
commit e2930b0a43
8 changed files with 270 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
configure.ac
View File

@@ -332,6 +332,21 @@ fi
AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
# wpa_supplicant support
AC_ARG_ENABLE([wpas],
[ --enable-wpas Enable wpa_supplicant support (default: disabled)],
[ ENABLED_WPAS=$enableval ],
[ ENABLED_WPAS=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
enable_shared=no
enable_static=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK -DWOLFSSL_STATIC_RSA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi
# Fortress build
AC_ARG_ENABLE([fortress],
[ --enable-fortress Enable SSL fortress build (default: disabled)],
@@ -339,7 +354,7 @@ AC_ARG_ENABLE([fortress],
[ ENABLED_FORTRESS=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
then
ENABLED_FORTRESS="yes"
fi
@@ -882,7 +897,7 @@ AC_ARG_ENABLE([dsa],
[ ENABLED_DSA=no ]
)
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes"
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes"
then
ENABLED_DSA="yes"
fi
@@ -960,6 +975,10 @@ AC_ARG_ENABLE([compkey],
[ ENABLED_COMPKEY=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_COMPKEY=yes
fi
if test "$ENABLED_COMPKEY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
@@ -1227,7 +1246,10 @@ AC_ARG_ENABLE([anon],
[ ENABLED_ANON=no ]
)
if test "x$ENABLED_WPAS" = "xyes"
then
ENABLED_ANON=yes
fi
if test "x$ENABLED_ANON" = "xyes"
then
if test "x$ENABLED_DH" != "xyes"
@@ -1392,7 +1414,7 @@ AC_ARG_ENABLE([arc4],
[ ENABLED_ARC4=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
then
ENABLED_ARC4="yes"
fi
@@ -1463,6 +1485,11 @@ AC_ARG_ENABLE([cmac],
[ ENABLED_CMAC=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_CMAC=yes
fi
AS_IF([test "x$ENABLED_CMAC" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
@@ -1735,7 +1762,7 @@ AC_ARG_ENABLE([ocspstapling],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
then
ENABLED_CERTIFICATE_STATUS_REQUEST=yes
fi
@@ -1762,7 +1789,7 @@ AC_ARG_ENABLE([ocspstapling2],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes"
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
fi
@@ -2067,7 +2094,7 @@ AC_ARG_ENABLE([session-ticket],
[ ENABLED_SESSION_TICKET=no ]
)
if test "x$ENABLED_NGINX" = "xyes"
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes"
then
ENABLED_SESSION_TICKET=yes
fi
@@ -2327,7 +2354,6 @@ then
fi
fi
# lighty Support
AC_ARG_ENABLE([lighty],
[ --enable-lighty Enable lighttpd/lighty (default: disabled)],
@@ -2361,6 +2387,10 @@ AC_ARG_ENABLE([stunnel],
[ ENABLED_STUNNEL=$enableval ],
[ ENABLED_STUNNEL=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_STUNNEL="yes"
fi
if test "$ENABLED_STUNNEL" = "yes"
then
# Requires opensslextra make sure on
@@ -2972,6 +3002,11 @@ AC_ARG_ENABLE([aeskeywrap],
[ ENABLED_AESKEYWRAP=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_AESKEYWRAP="yes"
fi
if test "$ENABLED_AESKEYWRAP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"

79
src/internal.c
View File

@@ -7234,7 +7234,11 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
int ok;
store->error = ret;
#ifdef WOLFSSL_WPAS
store->error_depth = 0;
#else
store->error_depth = totalCerts;
#endif
store->discardSessionCerts = 0;
store->domain = domain;
store->userCtx = ssl->verifyCbCtx;
@@ -18798,8 +18802,34 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
}
#ifndef NO_WOLFSSL_SERVER
static int CompareSuites(WOLFSSL* ssl, Suites* peerSuites, word16 i,
word16 j)
{
if (ssl->suites->suites[i] == peerSuites->suites[j] &&
ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
if (VerifyServerSuite(ssl, i)) {
int result;
WOLFSSL_MSG("Verified suite validity");
ssl->options.cipherSuite0 = ssl->suites->suites[i];
ssl->options.cipherSuite = ssl->suites->suites[i+1];
result = SetCipherSpecs(ssl);
if (result == 0)
PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
peerSuites->hashSigAlgoSz);
return result;
}
else {
WOLFSSL_MSG("Could not verify suite validity, continue");
}
}
return MATCH_SUITE_ERROR;
}
static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
{
int ret;
word16 i, j;
WOLFSSL_ENTER("MatchSuite");
@@ -18810,27 +18840,38 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->suites == NULL)
return SUITES_ERROR;
/* start with best, if a match we are good */
for (i = 0; i < ssl->suites->suiteSz; i += 2)
for (j = 0; j < peerSuites->suiteSz; j += 2)
if (ssl->suites->suites[i] == peerSuites->suites[j] &&
ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
if (VerifyServerSuite(ssl, i)) {
int result;
WOLFSSL_MSG("Verified suite validity");
ssl->options.cipherSuite0 = ssl->suites->suites[i];
ssl->options.cipherSuite = ssl->suites->suites[i+1];
result = SetCipherSpecs(ssl);
if (result == 0)
PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
peerSuites->hashSigAlgoSz);
return result;
}
else {
WOLFSSL_MSG("Could not verify suite validity, continue");
}
#ifdef OPENSSL_EXTRA
if (ssl->options.mask | SSL_OP_CIPHER_SERVER_PREFERENCE) {
/* Server order */
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
for (j = 0; j < peerSuites->suiteSz; j += 2) {
ret = CompareSuites(ssl, peerSuites, i, j);
if (ret != MATCH_SUITE_ERROR)
return ret;
}
}
}
else {
/* Client order */
for (j = 0; j < peerSuites->suiteSz; j += 2) {
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
ret = CompareSuites(ssl, peerSuites, i, j);
if (ret != MATCH_SUITE_ERROR)
return ret;
}
}
}
#else
/* Server order */
for (i = 0; i < ssl->suites->suiteSz; i += 2) {
for (j = 0; j < peerSuites->suiteSz; j += 2) {
ret = CompareSuites(ssl, peerSuites, i, j);
if (ret != MATCH_SUITE_ERROR)
return ret;
}
}
#endif
return MATCH_SUITE_ERROR;
}

143
src/ssl.c
View File

@@ -990,8 +990,10 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
if (pSz < ssl->options.minDhKeySz)
return DH_KEY_SIZE_E;
#ifndef WOLFSSL_WPAS
if (ssl->options.side != WOLFSSL_SERVER_END)
return SIDE_ERROR;
#endif
if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
@@ -1770,7 +1772,8 @@ WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
return SSL_SUCCESS;
}
WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const byte* buf,
word32 bufSz)
{
if (ssl == NULL || (buf == NULL && bufSz > 0))
return BAD_FUNC_ARG;
@@ -2362,6 +2365,7 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
#ifdef HAVE_OCSP
if (cm->ocsp)
FreeOCSP(cm->ocsp, 1);
XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (cm->ocsp_stapling)
@@ -4478,6 +4482,25 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
&consumed, 0);
#ifdef WOLFSSL_WPAS
#ifdef HAVE_CRL
if (ret < 0) {
DerBuffer* der = NULL;
EncryptedInfo info;
WOLFSSL_MSG("Trying a CRL");
if (PemToDer(buff + used, sz - used, CRL_TYPE, &der, NULL, &info,
NULL) == 0) {
WOLFSSL_MSG(" Proccessed a CRL");
wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer,
der->length,SSL_FILETYPE_ASN1);
FreeDer(&der);
used += info.consumed;
continue;
}
}
#endif
#endif
if (ret < 0)
{
if(consumed > 0) { /* Made progress in file */
@@ -7882,6 +7905,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
}
#endif /* NO_HANDSHAKE_DONE_CB */
#ifndef WOLFSSL_WPAS
if (!ssl->options.dtls) {
FreeHandshakeResources(ssl);
}
@@ -7890,6 +7914,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
ssl->options.dtlsHsRetain = 1;
}
#endif /* WOLFSSL_DTLS */
#endif
WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
return SSL_SUCCESS;
@@ -9613,6 +9638,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
FreeDer(&der);
ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
NULL, NULL);
#ifdef WOLFSSL_WPAS
#ifndef NO_DSA
if (ret < 0) {
ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, ctx->heap,
NULL, NULL);
}
#endif
#endif
}
if (ret == 0) {
@@ -9924,6 +9957,27 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
word16 havePSK = 0;
WOLFSSL_ENTER("SSL_set_accept_state");
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ecc_key key;
word32 idx = 0;
if (ssl->options.haveStaticECC && ssl->buffers.key != NULL) {
wc_ecc_init(&key);
if (wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key,
ssl->buffers.key->length) != 0) {
ssl->options.haveECDSAsig = 0;
ssl->options.haveECC = 0;
ssl->options.haveStaticECC = 0;
}
wc_ecc_free(&key);
}
if (!ssl->options.haveDH && ssl->ctx->haveDH) {
ssl->buffers.serverDH_P = ssl->ctx->serverDH_P;
ssl->buffers.serverDH_G = ssl->ctx->serverDH_G;
ssl->options.haveDH = 1;
}
}
ssl->options.side = WOLFSSL_SERVER_END;
/* reset suites in case user switched */
@@ -12206,8 +12260,47 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
int wolfSSL_clear(WOLFSSL* ssl)
{
(void)ssl;
/* TODO: GetErrors().Remove(); */
ssl->options.isClosed = 0;
ssl->options.connReset = 0;
ssl->options.sentNotify = 0;
ssl->options.serverState = NULL_STATE;
ssl->options.clientState = NULL_STATE;
ssl->options.connectState = CONNECT_BEGIN;
ssl->options.acceptState = ACCEPT_BEGIN;
ssl->options.handShakeState = NULL_STATE;
ssl->options.handShakeDone = 0;
/* ssl->options.processReply = doProcessInit; */
ssl->keys.encryptionOn = 0;
XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
#ifndef NO_OLD_TLS
#ifndef NO_MD5
wc_InitMd5(&ssl->hsHashes->hashMd5);
#endif
#ifndef NO_SHA
if (wc_InitSha(&ssl->hsHashes->hashSha) != 0)
return SSL_FAILURE;
#endif
#endif
#ifndef NO_SHA256
if (wc_InitSha256(&ssl->hsHashes->hashSha256) != 0)
return SSL_FAILURE;
#endif
#ifdef WOLFSSL_SHA384
if (wc_InitSha384(&ssl->hsHashes->hashSha384) != 0)
return SSL_FAILURE;
#endif
#ifdef WOLFSSL_SHA512
if (wc_InitSha512(&ssl->hsHashes->hashSha512) != 0)
return SSL_FAILURE;
#endif
#ifdef KEEP_PEER_CERT
FreeX509(&ssl->peerCert);
#endif
return SSL_SUCCESS;
}
@@ -12699,7 +12792,8 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
if (name->fullName.fullName && name->fullName.fullNameLen > 0) {
switch (nid) {
case ASN_COMMON_NAME:
ret = name->fullName.cnIdx;
if (pos != name->fullName.cnIdx)
ret = name->fullName.cnIdx;
break;
default:
WOLFSSL_MSG("NID not yet implemented");
@@ -15029,33 +15123,40 @@ unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op)
op |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
}
ssl->options.mask |= op;
/* by default cookie exchange is on with DTLS */
if ((op & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) {
if ((ssl->options.mask & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) {
WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default");
}
if ((op & SSL_OP_NO_SSLv2) == SSL_OP_NO_SSLv2) {
if ((ssl->options.mask & SSL_OP_NO_SSLv2) == SSL_OP_NO_SSLv2) {
WOLFSSL_MSG("\tSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2");
}
if ((op & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2");
if (ssl->version.minor == TLSv1_2_MINOR)
ssl->version.minor = TLSv1_1_MINOR;
}
if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1");
if (ssl->version.minor == TLSv1_1_MINOR)
ssl->version.minor = TLSv1_MINOR;
}
if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
WOLFSSL_MSG("\tSSL_OP_NO_TLSv1");
if (ssl->version.minor == TLSv1_MINOR)
ssl->version.minor = SSLv3_MINOR;
}
if ((ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
WOLFSSL_MSG("\tSSL_OP_NO_SSLv3");
}
if ((op & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
WOLFSSL_MSG("\tSSL_OP_NO_TLSv1");
}
if ((op & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1");
}
if ((op & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2");
}
if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) {
if ((ssl->options.mask & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) {
#ifdef HAVE_LIBZ
WOLFSSL_MSG("SSL_OP_NO_COMPRESSION");
ssl->options.usingCompression = 0;
@@ -15064,8 +15165,6 @@ unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op)
#endif
}
ssl->options.mask |= op;
return ssl->options.mask;
}

2
wolfcrypt/src/ecc.c
View File

@@ -1212,7 +1212,7 @@ const char* wc_ecc_get_name(int curve_id)
return NULL;
}
static int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id)
int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id)
{
if (keysize <= 0 && curve_id <= 0) {
return BAD_FUNC_ARG;

10
wolfcrypt/src/tfm.c
View File

@@ -2353,6 +2353,11 @@ int mp_mul_2d(fp_int *a, int b, fp_int *c)
return MP_OKAY;
}
int mp_div(fp_int * a, fp_int * b, fp_int * c, fp_int * d)
{
return fp_div(a, b, c, d);
}
int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d)
{
fp_div_2d(a, b, c, d);
@@ -2430,6 +2435,11 @@ void mp_rshb (mp_int* a, int x)
fp_rshb(a, x);
}
void mp_rshd (mp_int* a, int x)
{
fp_rshd(a, x);
}
int mp_set_int(mp_int *a, mp_digit b)
{
fp_set(a, b);

61
wolfssl/ssl.h
View File

@@ -767,36 +767,35 @@ WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl);
/* seperated out from other enums because of size */
enum {
/* bit flags (ie 0001 vs 0010) : each is 2 times previous value */
SSL_OP_MICROSOFT_SESS_ID_BUG = 1,
SSL_OP_NETSCAPE_CHALLENGE_BUG = 2,
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 4,
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 8,
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 16,
SSL_OP_MSIE_SSLV2_RSA_PADDING = 32,
SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 64,
SSL_OP_TLS_D5_BUG = 128,
SSL_OP_TLS_BLOCK_PADDING_BUG = 256,
SSL_OP_TLS_ROLLBACK_BUG = 512,
SSL_OP_ALL = 1024,
SSL_OP_EPHEMERAL_RSA = 2048,
SSL_OP_NO_SSLv3 = 4096,
SSL_OP_NO_TLSv1 = 8192,
SSL_OP_PKCS1_CHECK_1 = 16384,
SSL_OP_PKCS1_CHECK_2 = 32768,
SSL_OP_NETSCAPE_CA_DN_BUG = 65536,
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 131072,
SSL_OP_SINGLE_DH_USE = 262144,
SSL_OP_NO_TICKET = 524288,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 1048576,
SSL_OP_NO_QUERY_MTU = 2097152,
SSL_OP_COOKIE_EXCHANGE = 4194304,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 8388608,
SSL_OP_SINGLE_ECDH_USE = 16777216,
SSL_OP_CIPHER_SERVER_PREFERENCE = 33554432,
SSL_OP_NO_TLSv1_1 = 67108864,
SSL_OP_NO_TLSv1_2 = 134217728,
SSL_OP_NO_COMPRESSION = 268435456,
SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002,
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004,
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008,
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010,
SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020,
SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040,
SSL_OP_TLS_D5_BUG = 0x00000080,
SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100,
SSL_OP_TLS_ROLLBACK_BUG = 0x00000200,
SSL_OP_ALL = 0x00000400,
SSL_OP_EPHEMERAL_RSA = 0x00000800,
SSL_OP_NO_SSLv3 = 0x00001000,
SSL_OP_NO_TLSv1 = 0x00002000,
SSL_OP_PKCS1_CHECK_1 = 0x00004000,
SSL_OP_PKCS1_CHECK_2 = 0x00008000,
SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000,
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000,
SSL_OP_SINGLE_DH_USE = 0x00040000,
SSL_OP_NO_TICKET = 0x00080000,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000,
SSL_OP_NO_QUERY_MTU = 0x00200000,
SSL_OP_COOKIE_EXCHANGE = 0x00400000,
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000,
SSL_OP_SINGLE_ECDH_USE = 0x01000000,
SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000,
SSL_OP_NO_TLSv1_1 = 0x04000000,
SSL_OP_NO_TLSv1_2 = 0x08000000,
SSL_OP_NO_COMPRESSION = 0x10000000,
};
@@ -1881,7 +1880,7 @@ WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, unsigned int*);
WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, unsigned char*, unsigned int);
WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, const unsigned char*, unsigned int);
typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*);
WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
CallbackSessionTicket, void*);

3
wolfssl/wolfcrypt/ecc.h
View File

@@ -340,6 +340,9 @@ int wc_ecc_set_flags(ecc_key* key, word32 flags);
WOLFSSL_API
void wc_ecc_fp_free(void);
WOLFSSL_API
int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
WOLFSSL_API
int wc_ecc_is_valid_idx(int n);
WOLFSSL_API

2
wolfssl/wolfcrypt/tfm.h
View File

@@ -634,6 +634,7 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
int mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y);
int mp_mul_2d(mp_int *a, int b, mp_int *c);
int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
int mp_cmp(mp_int *a, mp_int *b);
int mp_cmp_d(mp_int *a, mp_digit b);
@@ -653,6 +654,7 @@ int mp_set_int(mp_int *a, mp_digit b);
int mp_is_bit_set (mp_int * a, mp_digit b);
int mp_set_bit (mp_int * a, mp_digit b);
void mp_rshb(mp_int *a, int x);
void mp_rshd(mp_int *a, int x);
int mp_toradix (mp_int *a, char *str, int radix);
int mp_radix_size (mp_int * a, int radix, int *size);