wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added wolfSSl compatability for Asio C++ library

Browse Source
This commit is contained in:
MJSPollard
2018-07-02 10:48:02 -06:00
parent 33b72a3dfe
commit e319987579
5 changed files with 533 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
configure.ac
View File

@@ -180,6 +180,7 @@ then
enable_haproxy=yes enable_haproxy=yes
enable_stunnel=yes enable_stunnel=yes
enable_nginx=yes enable_nginx=yes
enable_asio=yes
enable_pwdbased=yes enable_pwdbased=yes
enable_aeskeywrap=yes enable_aeskeywrap=yes
enable_x963kdf=yes enable_x963kdf=yes
@@ -428,6 +429,7 @@ AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"])
# signal (--enable-signal) # signal (--enable-signal)
# lighty (--enable-lighty) HAVE_LIGHTY # lighty (--enable-lighty) HAVE_LIGHTY
# stunnel (--enable-stunnel) HAVE_STUNNEL # stunnel (--enable-stunnel) HAVE_STUNNEL
# asio (--enable-asio) WOLFSSL_ASIO
# HAVE_POCO_LIB # HAVE_POCO_LIB
# WOLFSSL_MYSQL_COMPATIBLE # WOLFSSL_MYSQL_COMPATIBLE
# web server (--enable-webserver) HAVE_WEBSERVER # web server (--enable-webserver) HAVE_WEBSERVER
@@ -2992,6 +2994,30 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
fi fi
# Asio Support
AC_ARG_ENABLE([asio],
[AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])],
[ ENABLED_ASIO=$enableval ],
[ ENABLED_ASIO=no ]
)
if test "$ENABLED_ASIO" = "yes"
then
# Requires opensslall make sure on
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLALL="yes"
AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DWOLFSSL_KEY_GEN"
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
fi
fi
# stunnel Support # stunnel Support
AC_ARG_ENABLE([stunnel], AC_ARG_ENABLE([stunnel],
@@ -3139,9 +3165,9 @@ AC_ARG_ENABLE([pwdbased],
if test "$ENABLED_PWDBASED" = "no" if test "$ENABLED_PWDBASED" = "no"
then then
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes" if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes"
then then
# opensslextra, webserver and enckeys needs pwdbased # opensslextra, opensslall, webserver, and enckeys needs pwdbased
ENABLED_PWDBASED=yes ENABLED_PWDBASED=yes
else else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED" AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
@@ -4409,6 +4435,7 @@ echo " * LIGHTY: $ENABLED_LIGHTY"
echo " * HAPROXY: $ENABLED_HAPROXY" echo " * HAPROXY: $ENABLED_HAPROXY"
echo " * STUNNEL: $ENABLED_STUNNEL" echo " * STUNNEL: $ENABLED_STUNNEL"
echo " * NGINX: $ENABLED_NGINX" echo " * NGINX: $ENABLED_NGINX"
echo " * ASIO: $ENABLED_ASIO"
echo " * SIGNAL: $ENABLED_SIGNAL" echo " * SIGNAL: $ENABLED_SIGNAL"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS" echo " * DTLS: $ENABLED_DTLS"

323
src/ssl.c
View File

@@ -24672,11 +24672,8 @@ int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#ifdef HAVE_FIPS
#if defined(HAVE_FIPS) && \ int _InitHmac(Hmac* hmac, int type, void* heap)
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
static int _HMAC_Init(Hmac* hmac, int type, void* heap)
{ {
int ret = 0; int ret = 0;
@@ -24722,21 +24719,6 @@ static int _HMAC_Init(Hmac* hmac, int type, void* heap)
break; break;
#endif /* HAVE_BLAKE2 */ #endif /* HAVE_BLAKE2 */
#ifdef WOLFSSL_SHA3
case WC_SHA3_224:
ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);
break;
case WC_SHA3_256:
ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID);
break;
case WC_SHA3_384:
ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID);
break;
case WC_SHA3_512:
ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID);
break;
#endif
default: default:
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
break; break;
@@ -24746,10 +24728,7 @@ static int _HMAC_Init(Hmac* hmac, int type, void* heap)
return ret; return ret;
} }
#endif /* HAVE_FIPS */
#else
#define _HMAC_Init _InitHmac
#endif
int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
@@ -24847,7 +24826,7 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
WC_HMAC_BLOCK_SIZE); WC_HMAC_BLOCK_SIZE);
XMEMCPY((byte *)&ctx->hmac.opad, (byte *)&ctx->save_opad, XMEMCPY((byte *)&ctx->hmac.opad, (byte *)&ctx->save_opad,
WC_HMAC_BLOCK_SIZE); WC_HMAC_BLOCK_SIZE);
if ((hmac_error = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap)) if ((hmac_error = _InitHmac(&ctx->hmac, ctx->hmac.macType, heap))
!=0) { !=0) {
return hmac_error; return hmac_error;
} }
@@ -27708,7 +27687,74 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp,
return rsa; return rsa;
} }
#if !defined(HAVE_FAST_RSA) WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **derBuf, long derSz)
{
WOLFSSL_ENTER("d2i_RSAPrivateKey");
WOLFSSL_RSA *rsa = NULL;
if(derBuf == NULL){
WOLFSSL_MSG("Bad argument");
return NULL;
}
if((rsa = wolfSSL_RSA_new()) == NULL){
WOLFSSL_MSG("RSA_new failed");
return NULL;
}
if(wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, WOLFSSL_RSA_LOAD_PRIVATE)
!= WOLFSSL_SUCCESS){
WOLFSSL_MSG("RSA_LoadDer failed");
return NULL;
}
if(r != NULL)
*r = rsa;
return rsa;
}
#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, const unsigned char **pp)
{
WOLFSSL_ENTER("i2d_RSAPrivateKey");
byte* der = NULL;
int derMax;
int ret;
if((rsa == NULL) || (pp == NULL)) {
WOLFSSL_MSG("Bad Function Arguments");
return BAD_FUNC_ARG;
}
if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("SetRsaInternal Failed");
return ret;
}
/* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional
* informations
*/
derMax = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE;
der = (byte*)XMALLOC(derMax, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
WOLFSSL_MSG("Malloc failed");
return WOLFSSL_FAILURE;
}
/* RSA key to DER */
if((ret = wc_RsaKeyToDer((RsaKey *)rsa->internal, der, derMax)) < 0) {
WOLFSSL_MSG("RsaKeyToDer failed");
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
der = NULL;
return ret;
}
*pp = der;
return ret; /* returns size of der if successful */
}
int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp)
{ {
byte *der; byte *der;
@@ -30871,10 +30917,231 @@ int wolfSSL_get_state(const WOLFSSL* ssl)
} }
#endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_get_verify_callback");
if(ssl) {
return ssl->verifyCallback;
}
return NULL;
}
int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1,
WOLFSSL_BIO **bio2_p, size_t writebuf2)
{
WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL;
int ret = 1;
if (bio1_p == NULL || bio2_p == NULL) {
WOLFSSL_MSG("Bad Function Argument");
return BAD_FUNC_ARG;
}
if((bio1 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) {
WOLFSSL_MSG("Bio allocation failed");
ret = WOLFSSL_FAILURE;
}
if(ret){
if((bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) {
WOLFSSL_MSG("Bio allocation failed");
ret = WOLFSSL_FAILURE;
}
}
if(ret && writebuf1){
if(!(ret = wolfSSL_BIO_set_write_buf_size(bio1, writebuf1))) {
WOLFSSL_MSG("BIO_set_write_buf failed");
}
}
if(ret && writebuf2){
if(!(ret = wolfSSL_BIO_set_write_buf_size(bio2, writebuf2))){
WOLFSSL_MSG("BIO_set_write_buf failed");
}
}
if(ret){
if((ret = wolfSSL_BIO_make_bio_pair(bio1, bio2))) {
*bio1_p = bio1;
*bio2_p = bio2;
}
}
if(!ret) {
wolfSSL_BIO_free(bio1);
bio1 = NULL;
wolfSSL_BIO_free(bio2);
bio2 = NULL;
}
return ret;
}
#if !defined(NO_RSA)
WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
{
const unsigned char* mem;
long memSz;
WOLFSSL_RSA* key = NULL;
WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey_bio()");
if (bio == NULL) {
WOLFSSL_MSG("Bad Function Argument");
return NULL;
}
(void)out;
memSz = wolfSSL_BIO_pending(bio);
if (memSz <= 0) {
WOLFSSL_MSG("wolfSSL_BIO_pending failure");
return NULL;
}
mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (mem == NULL) {
WOLFSSL_MSG("Malloc failure");
return NULL;
}
if (wolfSSL_BIO_read(bio, (unsigned char*)mem, (int)memSz) == memSz) {
key = wolfSSL_d2i_RSAPrivateKey(NULL, &mem, memSz);
if (out != NULL && key != NULL) {
*out = key;
}
}
XFREE((unsigned char*)mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
return key;
}
#endif
int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, const unsigned char *der)
{
WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1");
if (der != NULL && ctx != NULL) {
if(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS)
return WOLFSSL_SUCCESS;
}
return WOLFSSL_FAILURE;
}
#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
{
WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey");
int ret;
int derSize;
const unsigned char* derBuf = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
WOLFSSL_BIO* bio = NULL;
if (ctx == NULL || rsa == NULL) {
WOLFSSL_MSG("one or more inputs were NULL");
return BAD_FUNC_ARG;
}
if((bio = BIO_new(BIO_s_mem())) == NULL){
WOLFSSL_MSG("Set bio Failed");
return WOLFSSL_FAILURE;
}
pkey = wolfSSL_PKEY_new_ex(bio->heap);
pkey->type = EVP_PKEY_RSA;
pkey->rsa = rsa;
pkey->ownRsa = 0;
/* convert RSA internal to der */
if((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &derBuf)) <= 0) {
WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey failed");
XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_BIO_free(bio);
return WOLFSSL_FAILURE;
}
pkey->pkey.ptr = (char*)XMALLOC(derSize, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (pkey->pkey.ptr == NULL) {
WOLFSSL_MSG("pkey malloc failed");
XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_BIO_free(bio);
return WOLFSSL_FAILURE;
}
pkey->pkey_sz = derSize;
XMEMCPY(pkey->pkey.ptr, derBuf, derSize);
/*adds the private key rsa to ctx.*/
ret = wolfSSL_CTX_use_PrivateKey(ctx, pkey);
wolfSSL_BIO_free(bio);
wolfSSL_EVP_PKEY_free(pkey);
XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* NO_RSA && !HAVE_FAST_RSA */
WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out)
{
const unsigned char* mem;
long memSz;
WOLFSSL_EVP_PKEY* key = NULL;
int type;
int algoID = 0;
WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio()");
if (bio == NULL) {
return NULL;
}
(void)out;
memSz = wolfSSL_BIO_pending(bio);
if (memSz <= 0) {
WOLFSSL_MSG("wolfSSL_BIO_pending failure");
return NULL;
}
mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (mem == NULL) {
WOLFSSL_MSG("Malloc failure");
return NULL;
}
const unsigned char* memptr = mem;
if (wolfSSL_BIO_read(bio, (unsigned char*)mem, (int)memSz) == memSz) {
/* Determines key type */
if ((wc_GetKeyOID((unsigned char*)mem, memSz, NULL, NULL, &algoID, NULL)) < 0) {
XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
return NULL;
}
if (algoID == ECDSAk) {
type = EVP_PKEY_EC;
} else if (algoID == RSAk) {
type = EVP_PKEY_RSA;
} else {
WOLFSSL_MSG("Error determining correct key type");
XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
return NULL;
}
key = wolfSSL_d2i_PrivateKey(type, &key, &mem, memSz);
if (out != NULL && key != NULL) {
*out = key;
}
}
XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
return key;
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
/* stunnel compatibility functions*/ /* stunnel compatibility functions*/
#if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)) #if (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)))\
void WOLFSSL_ERR_remove_thread_state(void* pid) || (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO))
void wolfSSL_ERR_remove_thread_state(void* pid)
{ {
(void) pid; (void) pid;
return; return;

153
tests/api.c
View File

@@ -283,7 +283,7 @@
#include <wolfssl/wolfcrypt/curve25519.h> #include <wolfssl/wolfcrypt/curve25519.h>
#endif #endif
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
#include <wolfssl/openssl/ssl.h> #include <wolfssl/openssl/ssl.h>
#ifndef NO_ASN #ifndef NO_ASN
/* for ASN_COMMON_NAME DN_tags enum */ /* for ASN_COMMON_NAME DN_tags enum */
@@ -554,6 +554,29 @@ static void test_wolfSSL_CTX_use_certificate_file(void)
#endif #endif
} }
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
static int test_wolfSSL_CTX_use_certificate_ASN1(void)
{
#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
WOLFSSL_CTX* ctx;
int ret;
printf(testingFmt, "wolfSSL_CTX_use_certificate_ASN1()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
server_cert_der_2048);
printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
return ret;
#else
return WOLFSSL_SUCCESS;
#endif
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
* context using buffer. * context using buffer.
* PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
@@ -17113,6 +17136,19 @@ static void test_wolfSSL_BIO(void)
BIO_free(bio1); BIO_free(bio1);
BIO_free(bio3); BIO_free(bio3);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
{
BIO* bioA = NULL;
BIO* bioB = NULL;
AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
BIO_free(bioA);
bioA = NULL;
BIO_free(bioB);
bioB = NULL;
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
/* BIOs with file pointers */ /* BIOs with file pointers */
#if !defined(NO_FILESYSTEM) #if !defined(NO_FILESYSTEM)
{ {
@@ -17949,6 +17985,110 @@ static void test_wolfSSL_d2i_PUBKEY(void)
#endif #endif
} }
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
static void test_wolfSSL_d2i_PrivateKeys_bio(void)
{
BIO* bio = NULL;
EVP_PKEY* pkey = NULL;
RSA* rsa = NULL;
WOLFSSL_CTX* ctx;
const unsigned char* buffer = NULL;
printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()");
/* test creating new EVP_PKEY with bad arg */
AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL)));
/* test loading RSA key using BIO */
#if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/server-key.der";
size_t sz;
byte* buf;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading DER private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
/* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/ecc-key.der";
size_t sz;
byte* buf;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading DER private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
/* Tests bad parameters */
AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
/* RSA not set yet, expecting to fail*/
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
/* set RSA using bio*/
AssertIntGT(BIO_write(bio, client_key_der_2048,
sizeof_client_key_der_2048), 0);
AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL));
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
/*i2d RSAprivate key tests */
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &buffer),
sizeof_client_key_der_2048);
RSA_free(rsa);
XFREE((unsigned char*)buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio);
bio = NULL;
(void)rsa;
printf(resultFmt, passed);
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
static void test_wolfSSL_sk_GENERAL_NAME(void) static void test_wolfSSL_sk_GENERAL_NAME(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
@@ -18093,6 +18233,12 @@ static void test_wolfSSL_RSA_DER(void)
AssertNotNull(rsa); AssertNotNull(rsa);
RSA_free(rsa); RSA_free(rsa);
} }
for (i = 0; tbl[i].der != NULL; i++)
{
AssertNotNull(d2i_RSAPrivateKey(&rsa, &tbl[i].der, tbl[i].sz));
AssertNotNull(rsa);
RSA_free(rsa);
}
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif
@@ -19973,6 +20119,11 @@ void ApiTest(void)
test_wolfSSL_i2c_ASN1_INTEGER(); test_wolfSSL_i2c_ASN1_INTEGER();
test_wolfSSL_X509_check_ca(); test_wolfSSL_X509_check_ca();
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);
test_wolfSSL_d2i_PrivateKeys_bio();
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
/* test the no op functions for compatibility */ /* test the no op functions for compatibility */
test_no_op_functions(); test_no_op_functions();

38
wolfssl/openssl/ssl.h
View File

@@ -525,6 +525,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
#define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio #define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio
#define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp #define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp
#define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey #define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey
#define d2i_RSAPrivateKey wolfSSL_d2i_RSAPrivateKey
#define i2d_RSAPrivateKey wolfSSL_i2d_RSAPrivateKey
#define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey #define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey
#define d2i_X509_CRL wolfSSL_d2i_X509_CRL #define d2i_X509_CRL wolfSSL_d2i_X509_CRL
#define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp #define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp
@@ -632,6 +634,39 @@ enum {
#define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value #define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value
#endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */ #endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
#include <wolfssl/openssl/pem.h>
typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
#define SSL_CTRL_CHAIN 88
#define BIO_CTRL_WPENDING 13
#define GEN_IPADD 7
#define ERR_LIB_SSL 20
#define SSL_R_SHORT_READ 10
#define ERR_R_PEM_LIB 9
#define V_ASN1_IA5STRING 22
#define SSL_CTRL_MODE 33
#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL)
#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio
#define SSL_CTX_use_RSAPrivateKey wolfSSL_CTX_use_RSAPrivateKey
#define d2i_PrivateKey_bio wolfSSL_d2i_PrivateKey_bio
#define ASN1_IA5STRING WOLFSSL_ASN1_STRING
#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING
#define BIO_new_bio_pair wolfSSL_BIO_new_bio_pair
#define SSL_get_verify_callback wolfSSL_get_verify_callback
#define GENERAL_NAMES_free(GENERAL_NAMES)NULL
#define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
#define BIO_wpending(b) wolfSSL_BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
#define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1
#define SSL_CTX_set0_chain(ctx,sk) \
wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
#define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0)
#define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \
(char *)(arg))
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
#define BIO_new_file wolfSSL_BIO_new_file #define BIO_new_file wolfSSL_BIO_new_file
@@ -789,7 +824,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
#define PSK_MAX_PSK_LEN 256 #define PSK_MAX_PSK_LEN 256
#define PSK_MAX_IDENTITY_LEN 128 #define PSK_MAX_IDENTITY_LEN 128
#define ERR_remove_thread_state WOLFSSL_ERR_remove_thread_state #define ERR_remove_thread_state wolfSSL_ERR_remove_thread_state
#define SSL_CTX_clear_options wolfSSL_CTX_clear_options #define SSL_CTX_clear_options wolfSSL_CTX_clear_options
@@ -930,5 +965,4 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
} /* extern "C" */ } /* extern "C" */
#endif #endif
#endif /* wolfSSL_openssl_h__ */ #endif /* wolfSSL_openssl_h__ */

23
wolfssl/ssl.h
View File

@@ -222,6 +222,8 @@ struct WOLFSSL_ASN1_OBJECT {
struct d { /* derefrenced */ struct d { /* derefrenced */
WOLFSSL_ASN1_STRING ia5_internal; WOLFSSL_ASN1_STRING ia5_internal;
WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */ WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */
WOLFSSL_ASN1_STRING* dNSName;
WOLFSSL_ASN1_STRING* iPAddress;
} d; } d;
}; };
@@ -599,6 +601,17 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*);
WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t,
WOLFSSL_BIO**, size_t);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**);
WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*,
int, const unsigned char*);
WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**);
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
#ifdef SESSION_INDEX #ifdef SESSION_INDEX
WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
@@ -1002,8 +1015,12 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
void(*)(int, int, void*), void*); void(*)(int, int, void*), void*);
WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len); WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r,
const unsigned char **pp, long len);
WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**,
const unsigned char**, long);
WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp);
WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, const unsigned char **pp);
WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *,
WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); WOLFSSL_RSA *(*)(WOLFSSL *, int, int));
@@ -2721,6 +2738,8 @@ WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*);
WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*); WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*);
WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*);
WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
CallbackSniRecv); CallbackSniRecv);
WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
@@ -2728,7 +2747,7 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*);
#ifndef NO_FILESYSTEM #ifndef NO_FILESYSTEM
WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp); WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp);