Merge pull request #1739 from dgarske/asio

Fixes to openssl compatibility for Boost.Asio with SSF

configure.ac

@@ -3069,14 +3069,15 @@ AC_ARG_ENABLE([asio],
     )
 if test "$ENABLED_ASIO" = "yes"
 then
-    # Requires opensslall make sure on
+    # Requires opensslextra and opensslall
     if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
     then
         ENABLED_OPENSSLALL="yes"
-        AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS"
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS"
     fi
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN"
-    AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL"
+    AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL -DHAVE_EX_DATA"
     AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2 -DSSL_TXT_TLSV1_1"
     AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3"
     if test "$ENABLED_TLSV10" = "yes"

src/bio.c

@@ -306,7 +306,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
 
     WOLFSSL_ENTER("wolfSSL_BIO_BIO_write");
 
-    /*adding in sanity checks for static analysis tools */
+    /* adding in sanity checks for static analysis tools */
     if (bio == NULL || data == NULL) {
         return BAD_FUNC_ARG;
     }
@@ -499,7 +499,6 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
 }
 
 
-/*** TBD ***/
 WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg)
 {
     (void)bio;
@@ -507,8 +506,8 @@ WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *pa
     (void)larg;
     (void)parg;
 
-    WOLFSSL_ENTER("BIO_ctrl");
-    return 1;
+    WOLFSSL_STUB("BIO_ctrl");
+    return 0;
 }
 
 
@@ -688,6 +687,31 @@ WOLFSSL_BIO* wolfSSL_BIO_next(WOLFSSL_BIO* bio)
     return bio->next;
 }
 
+/* BIO_wpending returns the number of bytes pending to be written. */
+size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio)
+{
+    WOLFSSL_ENTER("BIO_wpending");
+
+    if (bio == NULL)
+        return 0;
+
+    if (bio->ssl != NULL) {
+        /* not supported case */
+        return 0;
+    }
+
+    if (bio->type == WOLFSSL_BIO_MEMORY) {
+        return bio->wrSz;
+    }
+
+    /* type BIO_BIO then check paired buffer */
+    if (bio->type == WOLFSSL_BIO_BIO && bio->pair != NULL) {
+        WOLFSSL_BIO* pair = bio->pair;
+        return pair->wrIdx;
+    }
+
+    return 0;
+}
 
 /* Return the number of pending bytes in read and write buffers */
 size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio)
@@ -741,14 +765,13 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
     return SSL_SUCCESS;
 }
 
-/*** TBD ***/
 WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg)
 {
     (void) bp;
     (void) cmd;
     (void) larg;
     (void) iarg;
-    WOLFSSL_ENTER("BIO_int_ctrl");
+    WOLFSSL_STUB("BIO_int_ctrl");
     return 0;
 }
 

src/ssl.c

@@ -248,7 +248,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
 {
     WOLFSSL_CTX* ctx = NULL;
 
-    WOLFSSL_ENTER("WOLFSSL_CTX_new_ex");
+    WOLFSSL_ENTER("wolfSSL_CTX_new_ex");
 
     if (initRefCount == 0) {
         /* user no longer forced to call Init themselves */
@@ -4508,10 +4508,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 
     /* process user chain */
     if (ret >= 0) {
-        /* First certificate in chain is loaded into ssl->buffers.certificate.
-         * Remainder are loaded into ssl->buffers.certChain.
-         * Chain should have server cert first, then intermediates, then root.
-         */
+        /* Chain should have server cert first, then intermediates, then root.
+         * First certificate in chain is processed below after ProcessUserChain
+         *   and is loaded into ssl->buffers.certificate.
+         * Remainder are processed using ProcessUserChain and are loaded into
+         *   ssl->buffers.certChain. */
         if (userChain) {
             ret = ProcessUserChain(ctx, buff, sz, format, type, ssl, used, info);
         }
@@ -8740,6 +8741,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
             return BAD_FUNC_ARG;
 
     #ifdef OPENSSL_EXTRA
+        if (ssl->options.side == WOLFSSL_NEITHER_END) {
+            ssl->options.side = WOLFSSL_CLIENT_END;
+        }
+
         if (ssl->CBIS != NULL) {
             ssl->CBIS(ssl, SSL_ST_CONNECT, SSL_SUCCESS);
             ssl->cbmode = SSL_CB_WRITE;
@@ -9125,6 +9130,12 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
         #endif
         (void)haveMcast;
 
+    #ifdef OPENSSL_EXTRA
+        if (ssl->options.side == WOLFSSL_NEITHER_END) {
+            ssl->options.side = WOLFSSL_SERVER_END;
+        }
+    #endif
+
         if (ssl->options.side != WOLFSSL_SERVER_END) {
             WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
             return WOLFSSL_FATAL_ERROR;
@@ -15444,17 +15455,17 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
 
 int wolfSSL_get_shutdown(const WOLFSSL* ssl)
 {
-    int shutdown = 0;
+    int isShutdown = 0;
 
     WOLFSSL_ENTER("wolfSSL_get_shutdown");
 
     if (ssl) {
         /* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent   *
          * WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */
-        shutdown = ((ssl->options.closeNotify||ssl->options.connReset) << 1)
+        isShutdown = ((ssl->options.closeNotify||ssl->options.connReset) << 1)
                     | (ssl->options.sentNotify);
     }
-    return shutdown;
+    return isShutdown;
 }
 
 

wolfcrypt/src/asn.c

@@ -7556,6 +7556,15 @@ const char* const END_PUB_KEY          = "-----END PUBLIC KEY-----";
 #endif
 
 
+static WC_INLINE char* SkipEndOfLineChars(char* line, const char* endOfLine)
+{
+    /* eat end of line characters */
+    while (line < endOfLine &&
+              (line[0] == '\r' || line[0] == '\n')) {
+        line++;
+    }
+    return line;
+}
 
 int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
 {
@@ -7794,11 +7803,8 @@ static int wc_EncryptedInfoParse(EncryptedInfo* info,
         else
             return BUFFER_E;
 
-        /* eat blank line */
-        while (newline < bufferEnd &&
-                (*newline == '\r' || *newline == '\n')) {
-            newline++;
-        }
+        /* eat end of line characters */
+        newline = SkipEndOfLineChars(newline, bufferEnd);
 
         /* return new headerEnd */
         if (pBuffer)
@@ -8051,19 +8057,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 
     headerEnd += XSTRLEN(header);
 
-    if ((headerEnd + 1) >= bufferEnd)
-        return BUFFER_E;
-
-    /* eat end of line */
-    if (headerEnd[0] == '\n')
-        headerEnd++;
-    else if (headerEnd[1] == '\n')
-        headerEnd += 2;
-    else {
-        if (info)
-            info->consumed = (long)(headerEnd+2 - (char*)buff);
-        return BUFFER_E;
-    }
+    /* eat end of line characters */
+    headerEnd = SkipEndOfLineChars(headerEnd, bufferEnd);
 
     if (type == PRIVATEKEY_TYPE) {
         if (eccKey) {
@@ -8096,16 +8091,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
     consumedEnd = footerEnd + XSTRLEN(footer);
 
     if (consumedEnd < bufferEnd) {  /* handle no end of line on last line */
-        /* eat end of line */
-        if (consumedEnd[0] == '\n')
-            consumedEnd++;
-        else if ((consumedEnd + 1 < bufferEnd) && consumedEnd[1] == '\n')
-            consumedEnd += 2;
-        else {
-            if (info)
-                info->consumed = (long)(consumedEnd+2 - (char*)buff);
-            return BUFFER_E;
-        }
+        /* eat end of line characters */
+        consumedEnd = SkipEndOfLineChars(consumedEnd, bufferEnd);
     }
 
     if (info)

wolfssl/internal.h

@@ -1158,7 +1158,7 @@ enum Misc {
     MAX_COMP_EXTRA  = 1024,     /* max compression extra */
     MAX_MTU         = WOLFSSL_MAX_MTU,     /* max expected MTU */
     MAX_UDP_SIZE    = 8192 - 100, /* was MAX_MTU - 100 */
-    MAX_DH_SZ       = (MAX_DHKEY_SZ * 2) + 12,
+    MAX_DH_SZ       = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */
                                 /* 4096 p, pub, g + 2 byte size for each */
     MAX_STR_VERSION = 8,        /* string rep of protocol version */
 
@@ -3105,7 +3105,7 @@ typedef struct Options {
 #ifdef HAVE_EXT_CACHE
     word16            internalCacheOff:1;
 #endif
-    word16            side:1;             /* client or server end */
+    word16            side:2;             /* client, server or neither end */
     word16            verifyPeer:1;
     word16            verifyNone:1;
     word16            failNoCert:1;

wolfssl/openssl/ssl.h

@@ -649,7 +649,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
 #define GENERAL_NAMES_free(GENERAL_NAMES)NULL
 
 #define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-#define BIO_wpending(b)      wolfSSL_BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+
 #define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1
 #define SSL_CTX_set0_chain(ctx,sk) \
         wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
@@ -663,6 +663,7 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
 #define BIO_new_file        wolfSSL_BIO_new_file
 #define BIO_ctrl            wolfSSL_BIO_ctrl
 #define BIO_ctrl_pending    wolfSSL_BIO_ctrl_pending
+#define BIO_wpending        wolfSSL_BIO_wpending
 #define BIO_get_mem_ptr     wolfSSL_BIO_get_mem_ptr
 #define BIO_int_ctrl        wolfSSL_BIO_int_ctrl
 #define BIO_reset           wolfSSL_BIO_reset

wolfssl/ssl.h

@@ -2599,6 +2599,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
                                                WOLFSSL_X509** x509);
 WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
 
+WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
 WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
 WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
                                              unsigned char *out, size_t outlen);