diff --git a/configure.ac b/configure.ac index 9c4879a28..5c33c2ec9 100644 --- a/configure.ac +++ b/configure.ac @@ -332,6 +332,21 @@ fi AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"]) +# wpa_supplicant support +AC_ARG_ENABLE([wpas], + [ --enable-wpas Enable wpa_supplicant support (default: disabled)], + [ ENABLED_WPAS=$enableval ], + [ ENABLED_WPAS=no ] + ) +if test "$ENABLED_WPAS" = "yes" +then + enable_shared=no + enable_static=yes + AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK -DWOLFSSL_STATIC_RSA" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS" +fi + + # Fortress build AC_ARG_ENABLE([fortress], [ --enable-fortress Enable SSL fortress build (default: disabled)], @@ -339,7 +354,7 @@ AC_ARG_ENABLE([fortress], [ ENABLED_FORTRESS=no ] ) -if test "$ENABLED_OPENSSH" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" then ENABLED_FORTRESS="yes" fi @@ -882,7 +897,7 @@ AC_ARG_ENABLE([dsa], [ ENABLED_DSA=no ] ) -if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" then ENABLED_DSA="yes" fi @@ -960,6 +975,10 @@ AC_ARG_ENABLE([compkey], [ ENABLED_COMPKEY=no ] ) +if test "$ENABLED_WPAS" = "yes" +then + ENABLED_COMPKEY=yes +fi if test "$ENABLED_COMPKEY" = "yes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY" @@ -1227,7 +1246,10 @@ AC_ARG_ENABLE([anon], [ ENABLED_ANON=no ] ) - +if test "x$ENABLED_WPAS" = "xyes" +then + ENABLED_ANON=yes +fi if test "x$ENABLED_ANON" = "xyes" then if test "x$ENABLED_DH" != "xyes" @@ -1392,7 +1414,7 @@ AC_ARG_ENABLE([arc4], [ ENABLED_ARC4=no ] ) -if test "$ENABLED_OPENSSH" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" then ENABLED_ARC4="yes" fi @@ -1463,6 +1485,11 @@ AC_ARG_ENABLE([cmac], [ ENABLED_CMAC=no ] ) +if test "$ENABLED_WPAS" = "yes" +then + ENABLED_CMAC=yes +fi + AS_IF([test "x$ENABLED_CMAC" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"]) @@ -1735,7 +1762,7 @@ AC_ARG_ENABLE([ocspstapling], [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] ) -if test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST=yes fi @@ -1762,7 +1789,7 @@ AC_ARG_ENABLE([ocspstapling2], [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] ) -if test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" then ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes fi @@ -2067,7 +2094,7 @@ AC_ARG_ENABLE([session-ticket], [ ENABLED_SESSION_TICKET=no ] ) -if test "x$ENABLED_NGINX" = "xyes" +if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" then ENABLED_SESSION_TICKET=yes fi @@ -2327,7 +2354,6 @@ then fi fi - # lighty Support AC_ARG_ENABLE([lighty], [ --enable-lighty Enable lighttpd/lighty (default: disabled)], @@ -2361,6 +2387,10 @@ AC_ARG_ENABLE([stunnel], [ ENABLED_STUNNEL=$enableval ], [ ENABLED_STUNNEL=no ] ) +if test "$ENABLED_WPAS" = "yes" +then + ENABLED_STUNNEL="yes" +fi if test "$ENABLED_STUNNEL" = "yes" then # Requires opensslextra make sure on @@ -2972,6 +3002,11 @@ AC_ARG_ENABLE([aeskeywrap], [ ENABLED_AESKEYWRAP=no ] ) +if test "$ENABLED_WPAS" = "yes" +then + ENABLED_AESKEYWRAP="yes" +fi + if test "$ENABLED_AESKEYWRAP" = "yes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT" diff --git a/src/internal.c b/src/internal.c index 1ad94f99b..c20646f37 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7234,7 +7234,11 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, int ok; store->error = ret; +#ifdef WOLFSSL_WPAS + store->error_depth = 0; +#else store->error_depth = totalCerts; +#endif store->discardSessionCerts = 0; store->domain = domain; store->userCtx = ssl->verifyCbCtx; @@ -18798,8 +18802,34 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #ifndef NO_WOLFSSL_SERVER + static int CompareSuites(WOLFSSL* ssl, Suites* peerSuites, word16 i, + word16 j) + { + if (ssl->suites->suites[i] == peerSuites->suites[j] && + ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { + + if (VerifyServerSuite(ssl, i)) { + int result; + WOLFSSL_MSG("Verified suite validity"); + ssl->options.cipherSuite0 = ssl->suites->suites[i]; + ssl->options.cipherSuite = ssl->suites->suites[i+1]; + result = SetCipherSpecs(ssl); + if (result == 0) + PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, + peerSuites->hashSigAlgoSz); + return result; + } + else { + WOLFSSL_MSG("Could not verify suite validity, continue"); + } + } + + return MATCH_SUITE_ERROR; + } + static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites) { + int ret; word16 i, j; WOLFSSL_ENTER("MatchSuite"); @@ -18810,27 +18840,38 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->suites == NULL) return SUITES_ERROR; - /* start with best, if a match we are good */ - for (i = 0; i < ssl->suites->suiteSz; i += 2) - for (j = 0; j < peerSuites->suiteSz; j += 2) - if (ssl->suites->suites[i] == peerSuites->suites[j] && - ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { - if (VerifyServerSuite(ssl, i)) { - int result; - WOLFSSL_MSG("Verified suite validity"); - ssl->options.cipherSuite0 = ssl->suites->suites[i]; - ssl->options.cipherSuite = ssl->suites->suites[i+1]; - result = SetCipherSpecs(ssl); - if (result == 0) - PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, - peerSuites->hashSigAlgoSz); - return result; - } - else { - WOLFSSL_MSG("Could not verify suite validity, continue"); - } +#ifdef OPENSSL_EXTRA + if (ssl->options.mask | SSL_OP_CIPHER_SERVER_PREFERENCE) { + /* Server order */ + for (i = 0; i < ssl->suites->suiteSz; i += 2) { + for (j = 0; j < peerSuites->suiteSz; j += 2) { + ret = CompareSuites(ssl, peerSuites, i, j); + if (ret != MATCH_SUITE_ERROR) + return ret; } + } + } + else { + /* Client order */ + for (j = 0; j < peerSuites->suiteSz; j += 2) { + for (i = 0; i < ssl->suites->suiteSz; i += 2) { + ret = CompareSuites(ssl, peerSuites, i, j); + if (ret != MATCH_SUITE_ERROR) + return ret; + } + } + } +#else + /* Server order */ + for (i = 0; i < ssl->suites->suiteSz; i += 2) { + for (j = 0; j < peerSuites->suiteSz; j += 2) { + ret = CompareSuites(ssl, peerSuites, i, j); + if (ret != MATCH_SUITE_ERROR) + return ret; + } + } +#endif return MATCH_SUITE_ERROR; } diff --git a/src/ssl.c b/src/ssl.c index 1f94fc526..14c960355 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -990,8 +990,10 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, if (pSz < ssl->options.minDhKeySz) return DH_KEY_SIZE_E; + #ifndef WOLFSSL_WPAS if (ssl->options.side != WOLFSSL_SERVER_END) return SIDE_ERROR; + #endif if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH); @@ -1770,7 +1772,8 @@ WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl, return SSL_SUCCESS; } -WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz) +WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const byte* buf, + word32 bufSz) { if (ssl == NULL || (buf == NULL && bufSz > 0)) return BAD_FUNC_ARG; @@ -2362,6 +2365,7 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) #ifdef HAVE_OCSP if (cm->ocsp) FreeOCSP(cm->ocsp, 1); + XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL); #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (cm->ocsp_stapling) @@ -4478,6 +4482,25 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl, &consumed, 0); +#ifdef WOLFSSL_WPAS +#ifdef HAVE_CRL + if (ret < 0) { + DerBuffer* der = NULL; + EncryptedInfo info; + + WOLFSSL_MSG("Trying a CRL"); + if (PemToDer(buff + used, sz - used, CRL_TYPE, &der, NULL, &info, + NULL) == 0) { + WOLFSSL_MSG(" Proccessed a CRL"); + wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer, + der->length,SSL_FILETYPE_ASN1); + FreeDer(&der); + used += info.consumed; + continue; + } + } +#endif +#endif if (ret < 0) { if(consumed > 0) { /* Made progress in file */ @@ -7882,6 +7905,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } #endif /* NO_HANDSHAKE_DONE_CB */ +#ifndef WOLFSSL_WPAS if (!ssl->options.dtls) { FreeHandshakeResources(ssl); } @@ -7890,6 +7914,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ssl->options.dtlsHsRetain = 1; } #endif /* WOLFSSL_DTLS */ +#endif WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS); return SSL_SUCCESS; @@ -9613,6 +9638,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl) FreeDer(&der); ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL, NULL); +#ifdef WOLFSSL_WPAS + #ifndef NO_DSA + if (ret < 0) { + ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, ctx->heap, + NULL, NULL); + } + #endif +#endif } if (ret == 0) { @@ -9924,6 +9957,27 @@ int wolfSSL_set_compression(WOLFSSL* ssl) word16 havePSK = 0; WOLFSSL_ENTER("SSL_set_accept_state"); + if (ssl->options.side == WOLFSSL_CLIENT_END) { + ecc_key key; + word32 idx = 0; + + if (ssl->options.haveStaticECC && ssl->buffers.key != NULL) { + wc_ecc_init(&key); + if (wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key, + ssl->buffers.key->length) != 0) { + ssl->options.haveECDSAsig = 0; + ssl->options.haveECC = 0; + ssl->options.haveStaticECC = 0; + } + wc_ecc_free(&key); + } + + if (!ssl->options.haveDH && ssl->ctx->haveDH) { + ssl->buffers.serverDH_P = ssl->ctx->serverDH_P; + ssl->buffers.serverDH_G = ssl->ctx->serverDH_G; + ssl->options.haveDH = 1; + } + } ssl->options.side = WOLFSSL_SERVER_END; /* reset suites in case user switched */ @@ -12206,8 +12260,47 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) int wolfSSL_clear(WOLFSSL* ssl) { - (void)ssl; - /* TODO: GetErrors().Remove(); */ + ssl->options.isClosed = 0; + ssl->options.connReset = 0; + ssl->options.sentNotify = 0; + + ssl->options.serverState = NULL_STATE; + ssl->options.clientState = NULL_STATE; + ssl->options.connectState = CONNECT_BEGIN; + ssl->options.acceptState = ACCEPT_BEGIN; + ssl->options.handShakeState = NULL_STATE; + ssl->options.handShakeDone = 0; + /* ssl->options.processReply = doProcessInit; */ + + ssl->keys.encryptionOn = 0; + XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); + +#ifndef NO_OLD_TLS +#ifndef NO_MD5 + wc_InitMd5(&ssl->hsHashes->hashMd5); +#endif +#ifndef NO_SHA + if (wc_InitSha(&ssl->hsHashes->hashSha) != 0) + return SSL_FAILURE; +#endif +#endif +#ifndef NO_SHA256 + if (wc_InitSha256(&ssl->hsHashes->hashSha256) != 0) + return SSL_FAILURE; +#endif +#ifdef WOLFSSL_SHA384 + if (wc_InitSha384(&ssl->hsHashes->hashSha384) != 0) + return SSL_FAILURE; +#endif +#ifdef WOLFSSL_SHA512 + if (wc_InitSha512(&ssl->hsHashes->hashSha512) != 0) + return SSL_FAILURE; +#endif + +#ifdef KEEP_PEER_CERT + FreeX509(&ssl->peerCert); +#endif + return SSL_SUCCESS; } @@ -12699,7 +12792,8 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (name->fullName.fullName && name->fullName.fullNameLen > 0) { switch (nid) { case ASN_COMMON_NAME: - ret = name->fullName.cnIdx; + if (pos != name->fullName.cnIdx) + ret = name->fullName.cnIdx; break; default: WOLFSSL_MSG("NID not yet implemented"); @@ -15029,33 +15123,40 @@ unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) op |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; } + ssl->options.mask |= op; /* by default cookie exchange is on with DTLS */ - if ((op & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) { + if ((ssl->options.mask & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) { WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default"); } - if ((op & SSL_OP_NO_SSLv2) == SSL_OP_NO_SSLv2) { + if ((ssl->options.mask & SSL_OP_NO_SSLv2) == SSL_OP_NO_SSLv2) { WOLFSSL_MSG("\tSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2"); } - if ((op & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { + if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2"); + if (ssl->version.minor == TLSv1_2_MINOR) + ssl->version.minor = TLSv1_1_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1"); + if (ssl->version.minor == TLSv1_1_MINOR) + ssl->version.minor = TLSv1_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { + WOLFSSL_MSG("\tSSL_OP_NO_TLSv1"); + if (ssl->version.minor == TLSv1_MINOR) + ssl->version.minor = SSLv3_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); } - if ((op & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { - WOLFSSL_MSG("\tSSL_OP_NO_TLSv1"); - } - - if ((op & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { - WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1"); - } - - if ((op & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { - WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2"); - } - - if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { + if ((ssl->options.mask & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { #ifdef HAVE_LIBZ WOLFSSL_MSG("SSL_OP_NO_COMPRESSION"); ssl->options.usingCompression = 0; @@ -15064,8 +15165,6 @@ unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) #endif } - ssl->options.mask |= op; - return ssl->options.mask; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 32dd99836..dced09b84 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1212,7 +1212,7 @@ const char* wc_ecc_get_name(int curve_id) return NULL; } -static int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id) +int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id) { if (keysize <= 0 && curve_id <= 0) { return BAD_FUNC_ARG; diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 7fba9c64c..6b63b6aa1 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2353,6 +2353,11 @@ int mp_mul_2d(fp_int *a, int b, fp_int *c) return MP_OKAY; } +int mp_div(fp_int * a, fp_int * b, fp_int * c, fp_int * d) +{ + return fp_div(a, b, c, d); +} + int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d) { fp_div_2d(a, b, c, d); @@ -2430,6 +2435,11 @@ void mp_rshb (mp_int* a, int x) fp_rshb(a, x); } +void mp_rshd (mp_int* a, int x) +{ + fp_rshd(a, x); +} + int mp_set_int(mp_int *a, mp_digit b) { fp_set(a, b); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1b8dd477f..69295d99c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -767,36 +767,35 @@ WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl); /* seperated out from other enums because of size */ enum { - /* bit flags (ie 0001 vs 0010) : each is 2 times previous value */ - SSL_OP_MICROSOFT_SESS_ID_BUG = 1, - SSL_OP_NETSCAPE_CHALLENGE_BUG = 2, - SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 4, - SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 8, - SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 16, - SSL_OP_MSIE_SSLV2_RSA_PADDING = 32, - SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 64, - SSL_OP_TLS_D5_BUG = 128, - SSL_OP_TLS_BLOCK_PADDING_BUG = 256, - SSL_OP_TLS_ROLLBACK_BUG = 512, - SSL_OP_ALL = 1024, - SSL_OP_EPHEMERAL_RSA = 2048, - SSL_OP_NO_SSLv3 = 4096, - SSL_OP_NO_TLSv1 = 8192, - SSL_OP_PKCS1_CHECK_1 = 16384, - SSL_OP_PKCS1_CHECK_2 = 32768, - SSL_OP_NETSCAPE_CA_DN_BUG = 65536, - SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 131072, - SSL_OP_SINGLE_DH_USE = 262144, - SSL_OP_NO_TICKET = 524288, - SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 1048576, - SSL_OP_NO_QUERY_MTU = 2097152, - SSL_OP_COOKIE_EXCHANGE = 4194304, - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 8388608, - SSL_OP_SINGLE_ECDH_USE = 16777216, - SSL_OP_CIPHER_SERVER_PREFERENCE = 33554432, - SSL_OP_NO_TLSv1_1 = 67108864, - SSL_OP_NO_TLSv1_2 = 134217728, - SSL_OP_NO_COMPRESSION = 268435456, + SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, + SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002, + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000004, + SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000008, + SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000010, + SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000020, + SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000040, + SSL_OP_TLS_D5_BUG = 0x00000080, + SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100, + SSL_OP_TLS_ROLLBACK_BUG = 0x00000200, + SSL_OP_ALL = 0x00000400, + SSL_OP_EPHEMERAL_RSA = 0x00000800, + SSL_OP_NO_SSLv3 = 0x00001000, + SSL_OP_NO_TLSv1 = 0x00002000, + SSL_OP_PKCS1_CHECK_1 = 0x00004000, + SSL_OP_PKCS1_CHECK_2 = 0x00008000, + SSL_OP_NETSCAPE_CA_DN_BUG = 0x00010000, + SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x00020000, + SSL_OP_SINGLE_DH_USE = 0x00040000, + SSL_OP_NO_TICKET = 0x00080000, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00100000, + SSL_OP_NO_QUERY_MTU = 0x00200000, + SSL_OP_COOKIE_EXCHANGE = 0x00400000, + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000, + SSL_OP_SINGLE_ECDH_USE = 0x01000000, + SSL_OP_CIPHER_SERVER_PREFERENCE = 0x02000000, + SSL_OP_NO_TLSv1_1 = 0x04000000, + SSL_OP_NO_TLSv1_2 = 0x08000000, + SSL_OP_NO_COMPRESSION = 0x10000000, }; @@ -1881,7 +1880,7 @@ WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, unsigned int*); -WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, unsigned char*, unsigned int); +WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, const unsigned char*, unsigned int); typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*); WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*, CallbackSessionTicket, void*); diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index baf33637b..96d13e9f4 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -340,6 +340,9 @@ int wc_ecc_set_flags(ecc_key* key, word32 flags); WOLFSSL_API void wc_ecc_fp_free(void); +WOLFSSL_API +int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); + WOLFSSL_API int wc_ecc_is_valid_idx(int n); WOLFSSL_API diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 53357b78a..8d3d7077d 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -634,6 +634,7 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c); int mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y); int mp_mul_2d(mp_int *a, int b, mp_int *c); +int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d); int mp_cmp(mp_int *a, mp_int *b); int mp_cmp_d(mp_int *a, mp_digit b); @@ -653,6 +654,7 @@ int mp_set_int(mp_int *a, mp_digit b); int mp_is_bit_set (mp_int * a, mp_digit b); int mp_set_bit (mp_int * a, mp_digit b); void mp_rshb(mp_int *a, int x); +void mp_rshd(mp_int *a, int x); int mp_toradix (mp_int *a, char *str, int radix); int mp_radix_size (mp_int * a, int radix, int *size);