diff --git a/configure.ac b/configure.ac index b3510c4a2..e50956bf1 100644 --- a/configure.ac +++ b/configure.ac @@ -3069,14 +3069,15 @@ AC_ARG_ENABLE([asio], ) if test "$ENABLED_ASIO" = "yes" then - # Requires opensslall make sure on + # Requires opensslextra and opensslall if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then ENABLED_OPENSSLALL="yes" - AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS" + ENABLED_OPENSSLEXTRA="yes" + AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS" fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN" - AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL" + AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL -DHAVE_EX_DATA" AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2 -DSSL_TXT_TLSV1_1" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3" if test "$ENABLED_TLSV10" = "yes" diff --git a/src/bio.c b/src/bio.c index a6b2d0174..a28fafd02 100644 --- a/src/bio.c +++ b/src/bio.c @@ -306,7 +306,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_ENTER("wolfSSL_BIO_BIO_write"); - /*adding in sanity checks for static analysis tools */ + /* adding in sanity checks for static analysis tools */ if (bio == NULL || data == NULL) { return BAD_FUNC_ARG; } @@ -499,7 +499,6 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } -/*** TBD ***/ WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) { (void)bio; @@ -507,8 +506,8 @@ WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *pa (void)larg; (void)parg; - WOLFSSL_ENTER("BIO_ctrl"); - return 1; + WOLFSSL_STUB("BIO_ctrl"); + return 0; } @@ -688,6 +687,31 @@ WOLFSSL_BIO* wolfSSL_BIO_next(WOLFSSL_BIO* bio) return bio->next; } +/* BIO_wpending returns the number of bytes pending to be written. */ +size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio) +{ + WOLFSSL_ENTER("BIO_wpending"); + + if (bio == NULL) + return 0; + + if (bio->ssl != NULL) { + /* not supported case */ + return 0; + } + + if (bio->type == WOLFSSL_BIO_MEMORY) { + return bio->wrSz; + } + + /* type BIO_BIO then check paired buffer */ + if (bio->type == WOLFSSL_BIO_BIO && bio->pair != NULL) { + WOLFSSL_BIO* pair = bio->pair; + return pair->wrIdx; + } + + return 0; +} /* Return the number of pending bytes in read and write buffers */ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) @@ -741,14 +765,13 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) return SSL_SUCCESS; } -/*** TBD ***/ WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg) { (void) bp; (void) cmd; (void) larg; (void) iarg; - WOLFSSL_ENTER("BIO_int_ctrl"); + WOLFSSL_STUB("BIO_int_ctrl"); return 0; } diff --git a/src/ssl.c b/src/ssl.c index 7e19734cc..16bae5005 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -248,7 +248,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) { WOLFSSL_CTX* ctx = NULL; - WOLFSSL_ENTER("WOLFSSL_CTX_new_ex"); + WOLFSSL_ENTER("wolfSSL_CTX_new_ex"); if (initRefCount == 0) { /* user no longer forced to call Init themselves */ @@ -4508,10 +4508,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, /* process user chain */ if (ret >= 0) { - /* First certificate in chain is loaded into ssl->buffers.certificate. - * Remainder are loaded into ssl->buffers.certChain. - * Chain should have server cert first, then intermediates, then root. - */ + /* Chain should have server cert first, then intermediates, then root. + * First certificate in chain is processed below after ProcessUserChain + * and is loaded into ssl->buffers.certificate. + * Remainder are processed using ProcessUserChain and are loaded into + * ssl->buffers.certChain. */ if (userChain) { ret = ProcessUserChain(ctx, buff, sz, format, type, ssl, used, info); } @@ -8739,12 +8740,16 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, if (ssl == NULL) return BAD_FUNC_ARG; - #ifdef OPENSSL_EXTRA - if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_ST_CONNECT, SSL_SUCCESS); - ssl->cbmode = SSL_CB_WRITE; - } - #endif + #ifdef OPENSSL_EXTRA + if (ssl->options.side == WOLFSSL_NEITHER_END) { + ssl->options.side = WOLFSSL_CLIENT_END; + } + + if (ssl->CBIS != NULL) { + ssl->CBIS(ssl, SSL_ST_CONNECT, SSL_SUCCESS); + ssl->cbmode = SSL_CB_WRITE; + } + #endif if (ssl->options.side != WOLFSSL_CLIENT_END) { WOLFSSL_ERROR(ssl->error = SIDE_ERROR); return WOLFSSL_FATAL_ERROR; @@ -9125,6 +9130,12 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif (void)haveMcast; + #ifdef OPENSSL_EXTRA + if (ssl->options.side == WOLFSSL_NEITHER_END) { + ssl->options.side = WOLFSSL_SERVER_END; + } + #endif + if (ssl->options.side != WOLFSSL_SERVER_END) { WOLFSSL_ERROR(ssl->error = SIDE_ERROR); return WOLFSSL_FATAL_ERROR; @@ -15444,17 +15455,17 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl) int wolfSSL_get_shutdown(const WOLFSSL* ssl) { - int shutdown = 0; + int isShutdown = 0; WOLFSSL_ENTER("wolfSSL_get_shutdown"); if (ssl) { /* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent * * WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */ - shutdown = ((ssl->options.closeNotify||ssl->options.connReset) << 1) + isShutdown = ((ssl->options.closeNotify||ssl->options.connReset) << 1) | (ssl->options.sentNotify); } - return shutdown; + return isShutdown; } @@ -31467,9 +31478,9 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) DYNAMIC_TYPE_TMP_BUFFER); if (extraBioMem == NULL) { WOLFSSL_MSG("Malloc failure");; - XFREE((unsigned char*)extraBioMem, bio->heap, + XFREE((unsigned char*)extraBioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE((unsigned char*)bioMem, bio->heap, + XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return NULL; } @@ -31482,13 +31493,13 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz); if (wolfSSL_BIO_pending(bio) <= 0) { WOLFSSL_MSG("Failed to write memory to bio"); - XFREE((unsigned char*)extraBioMem, bio->heap, + XFREE((unsigned char*)extraBioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE((unsigned char*)bioMem, bio->heap, + XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return NULL; } - XFREE((unsigned char*)extraBioMem, bio->heap, + XFREE((unsigned char*)extraBioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 45e5c98ee..b340ee1dc 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7556,6 +7556,15 @@ const char* const END_PUB_KEY = "-----END PUBLIC KEY-----"; #endif +static WC_INLINE char* SkipEndOfLineChars(char* line, const char* endOfLine) +{ + /* eat end of line characters */ + while (line < endOfLine && + (line[0] == '\r' || line[0] == '\n')) { + line++; + } + return line; +} int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) { @@ -7794,11 +7803,8 @@ static int wc_EncryptedInfoParse(EncryptedInfo* info, else return BUFFER_E; - /* eat blank line */ - while (newline < bufferEnd && - (*newline == '\r' || *newline == '\n')) { - newline++; - } + /* eat end of line characters */ + newline = SkipEndOfLineChars(newline, bufferEnd); /* return new headerEnd */ if (pBuffer) @@ -8051,19 +8057,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type, headerEnd += XSTRLEN(header); - if ((headerEnd + 1) >= bufferEnd) - return BUFFER_E; - - /* eat end of line */ - if (headerEnd[0] == '\n') - headerEnd++; - else if (headerEnd[1] == '\n') - headerEnd += 2; - else { - if (info) - info->consumed = (long)(headerEnd+2 - (char*)buff); - return BUFFER_E; - } + /* eat end of line characters */ + headerEnd = SkipEndOfLineChars(headerEnd, bufferEnd); if (type == PRIVATEKEY_TYPE) { if (eccKey) { @@ -8096,16 +8091,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type, consumedEnd = footerEnd + XSTRLEN(footer); if (consumedEnd < bufferEnd) { /* handle no end of line on last line */ - /* eat end of line */ - if (consumedEnd[0] == '\n') - consumedEnd++; - else if ((consumedEnd + 1 < bufferEnd) && consumedEnd[1] == '\n') - consumedEnd += 2; - else { - if (info) - info->consumed = (long)(consumedEnd+2 - (char*)buff); - return BUFFER_E; - } + /* eat end of line characters */ + consumedEnd = SkipEndOfLineChars(consumedEnd, bufferEnd); } if (info) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ab96ac799..d456220cc 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1158,7 +1158,7 @@ enum Misc { MAX_COMP_EXTRA = 1024, /* max compression extra */ MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */ MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */ - MAX_DH_SZ = (MAX_DHKEY_SZ * 2) + 12, + MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */ /* 4096 p, pub, g + 2 byte size for each */ MAX_STR_VERSION = 8, /* string rep of protocol version */ @@ -3105,7 +3105,7 @@ typedef struct Options { #ifdef HAVE_EXT_CACHE word16 internalCacheOff:1; #endif - word16 side:1; /* client or server end */ + word16 side:2; /* client, server or neither end */ word16 verifyPeer:1; word16 verifyNone:1; word16 failNoCert:1; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 3d041b00b..4765cca06 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -649,7 +649,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES; #define GENERAL_NAMES_free(GENERAL_NAMES)NULL #define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) -#define BIO_wpending(b) wolfSSL_BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) + #define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1 #define SSL_CTX_set0_chain(ctx,sk) \ wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) @@ -663,6 +663,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES; #define BIO_new_file wolfSSL_BIO_new_file #define BIO_ctrl wolfSSL_BIO_ctrl #define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending +#define BIO_wpending wolfSSL_BIO_wpending #define BIO_get_mem_ptr wolfSSL_BIO_get_mem_ptr #define BIO_int_ctrl wolfSSL_BIO_int_ctrl #define BIO_reset wolfSSL_BIO_reset diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 450bde165..21e77df97 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2599,6 +2599,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); +WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio); WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen);