diff --git a/src/internal.c b/src/internal.c index 666de86455..f1708d2806 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7785,6 +7785,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) return MEMORY_E; } XMEMSET(ssl->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + + /* pass on PARAM flags value from ctx to ssl */ + wolfSSL_X509_VERIFY_PARAM_set_flags(wolfSSL_get0_param(ssl), + (unsigned long)wolfSSL_X509_VERIFY_PARAM_get_flags( + wolfSSL_CTX_get0_param(ctx))); #endif if (ctx->suites == NULL) { @@ -8364,6 +8369,10 @@ void FreeSuites(WOLFSSL* ssl) wolfSSL_sk_SSL_CIPHER_free(ssl->suitesStack); ssl->suitesStack = NULL; } +#endif +#ifdef OPENSSL_EXTRA + XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + ssl->clSuites = NULL; #endif XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); ssl->suites = NULL; @@ -8731,6 +8740,7 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl) * isn't allocated separately. */ wolfSSL_sk_CIPHER_free(ssl->supportedCiphers); wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL); + wolfSSL_sk_X509_pop_free(ssl->verifiedChain, NULL); #ifdef KEEP_OUR_CERT wolfSSL_sk_X509_pop_free(ssl->ourCertChain, NULL); #endif @@ -14995,6 +15005,25 @@ static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args) } #endif +#ifdef OPENSSL_EXTRA +/* account for verify params flag set */ +static int AdjustCMForParams(WOLFSSL* ssl) +{ + int flags, ret = WOLFSSL_SUCCESS; + WOLFSSL_X509_VERIFY_PARAM* param; + param = wolfSSL_get0_param(ssl); + + flags = wolfSSL_X509_VERIFY_PARAM_get_flags(param); + + if ((flags & WOLFSSL_CRL_CHECK) == WOLFSSL_CRL_CHECK || + (flags & WOLFSSL_CRL_CHECKALL) == WOLFSSL_CRL_CHECKALL) { + ret = wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), flags & + (WOLFSSL_CRL_CHECK | WOLFSSL_CRL_CHECKALL)); + } + return ret; +} +#endif + int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz) { @@ -15063,6 +15092,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif } +#ifdef OPENSSL_EXTRA + /* account for verify params flag set */ + AdjustCMForParams(ssl); +#endif + switch (ssl->options.asyncState) { case TLS_ASYNC_BEGIN: @@ -37553,7 +37587,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { byte b; ProtocolVersion pv; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) || defined(OPENSSL_EXTRA) Suites* clSuites = NULL; #else Suites clSuites[1]; @@ -37855,13 +37889,17 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, goto out; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) || defined(OPENSSL_EXTRA) clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, DYNAMIC_TYPE_SUITES); if (clSuites == NULL) { ret = MEMORY_E; goto out; } + #if defined(OPENSSL_EXTRA) + XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + ssl->clSuites = clSuites; + #endif #endif XMEMSET(clSuites, 0, sizeof(Suites)); ato16(&input[i], &clSuites->suiteSz); @@ -38140,13 +38178,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif #ifdef OPENSSL_EXTRA - ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables - * - * (suppress warning that ssl, a persistent - * non-local allocation, has its ->clSuites - * set to clSuites, a local stack allocation. - * we clear this assignment before returning.) - */ /* Give user last chance to provide a cert for cipher selection */ if (ret == 0 && ssl->ctx->certSetupCb != NULL) ret = CertSetupCbWrapper(ssl); @@ -38170,10 +38201,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif out: -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) - ssl->clSuites = NULL; -#endif -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(OPENSSL_ALL) XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); #endif WOLFSSL_LEAVE("DoClientHello", ret); diff --git a/src/ssl.c b/src/ssl.c index 6e3c96971b..ac18b71cbf 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3142,6 +3142,23 @@ int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz) return WOLFSSL_SUCCESS; } + +int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, int sz, size_t* wr) +{ + int ret; + + ret = wolfSSL_write(ssl, data, sz); + if (ret >= 0 && wr != NULL) { + *wr = (size_t)ret; + ret = 1; + } + else { + ret = 0; + } + return ret; +} + + static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) { int ret; @@ -3248,6 +3265,20 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz) } +/* returns 0 on failure and on no read */ +int wolfSSL_read_ex(WOLFSSL* ssl, void* data, int sz, size_t* rd) +{ + int ret; + + ret = wolfSSL_read(ssl, data, sz); + if (ret > 0 && rd != NULL) { + *rd = (size_t)ret; + } + + if (ret <= 0) ret = 0; + return ret; +} + #ifdef WOLFSSL_MULTICAST int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz) @@ -7132,6 +7163,11 @@ int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) #endif #endif + /* placing error into error queue for Python port */ + if (res != WOLFSSL_SUCCESS) { + WOLFSSL_ERROR(WC_KEY_MISMATCH_E); + } + return res; } #endif /* !NO_CHECK_PRIVATE_KEY */ @@ -12717,63 +12753,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_WPAS_SMALL)) -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - /** - * Implemented in a similar way that ngx_ssl_ocsp_validate does it when - * SSL_get0_verified_chain is not available. - * @param ssl WOLFSSL object to extract certs from - * @return Stack of verified certs - */ - WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl) - { - WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL; - WOLFSSL_X509_STORE_CTX* storeCtx = NULL; - WOLFSSL_X509* peerCert = NULL; - - WOLFSSL_ENTER("wolfSSL_get0_verified_chain"); - - if (ssl == NULL || ssl->ctx == NULL) { - WOLFSSL_MSG("Bad parameter"); - return NULL; - } - - peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl); - if (peerCert == NULL) { - WOLFSSL_MSG("wolfSSL_get_peer_certificate error"); - return NULL; - } - /* wolfSSL_get_peer_certificate returns a copy. We want the internal - * member so that we don't have to worry about free'ing it. We call - * wolfSSL_get_peer_certificate so that we don't have to worry about - * setting up the internal pointer. */ - wolfSSL_X509_free(peerCert); - peerCert = (WOLFSSL_X509*)&ssl->peerCert; - chain = wolfSSL_get_peer_cert_chain(ssl); - if (chain == NULL) { - WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error"); - return NULL; - } - storeCtx = wolfSSL_X509_STORE_CTX_new(); - if (storeCtx == NULL) { - WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error"); - return NULL; - } - if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl), - peerCert, chain) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error"); - wolfSSL_X509_STORE_CTX_free(storeCtx); - return NULL; - } - if (wolfSSL_X509_verify_cert(storeCtx) <= 0) { - WOLFSSL_MSG("wolfSSL_X509_verify_cert error"); - wolfSSL_X509_STORE_CTX_free(storeCtx); - return NULL; - } - wolfSSL_X509_STORE_CTX_free(storeCtx); - return chain; - } -#endif /* SESSION_CERTS && OPENSSL_EXTRA */ - WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(const WOLFSSL_CTX* ctx) { if (ctx == NULL) { @@ -14357,12 +14336,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) /* Try to populate if NULL or empty */ if (ssl->peerCertChain == NULL || - wolfSSL_sk_X509_num(ssl->peerCertChain) == 0) + wolfSSL_sk_X509_num(ssl->peerCertChain) == 0) { wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl); + } return ssl->peerCertChain; } -#ifndef WOLFSSL_QT + static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, WOLFSSL_X509 *x); /** @@ -14405,13 +14385,14 @@ static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm, } return ret; } -#endif /* !WOLFSSL_QT */ + /* Builds up and creates a stack of peer certificates for ssl->peerCertChain - based off of the ssl session chain. Attempts to place CA certificates - at the bottom of the stack. Returns stack of WOLFSSL_X509 certs or - NULL on failure */ -WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) + or ssl->verifiedChain based off of the ssl session chain. Attempts to place + CA certificates at the bottom of the stack for a verified chain. Returns + stack of WOLFSSL_X509 certs or NULL on failure */ +static WOLF_STACK_OF(WOLFSSL_X509)* CreatePeerCertChain(WOLFSSL* ssl, + int verifiedFlag) { WOLFSSL_STACK* sk; WOLFSSL_X509* x509; @@ -14433,9 +14414,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) } ret = DecodeToX509(x509, ssl->session->chain.certs[i].buffer, ssl->session->chain.certs[i].length); -#if !defined(WOLFSSL_QT) - if (ret == 0 && i == ssl->session->chain.count-1) { - /* On the last element in the chain try to add the CA chain + if (ret == 0 && i == ssl->session->chain.count-1 && verifiedFlag) { + /* On the last element in the verified chain try to add the CA chain * first if we have one for this cert */ SSL_CM_WARNING(ssl); if (PushCAx509Chain(SSL_CM(ssl), x509, sk) @@ -14443,7 +14423,6 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) ret = WOLFSSL_FATAL_ERROR; } } -#endif if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) <= 0) { WOLFSSL_MSG("Error decoding cert"); @@ -14456,19 +14435,93 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) if (sk == NULL) { WOLFSSL_MSG("Null session chain"); } -#if defined(OPENSSL_ALL) - else if (ssl->options.side == WOLFSSL_SERVER_END) { - /* to be compliant with openssl - first element is kept as peer cert on server side.*/ - wolfSSL_sk_X509_pop(sk); + return sk; +} + + +/* Builds up and creates a stack of peer certificates for ssl->peerCertChain + returns the stack on success and NULL on failure */ +WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) +{ + WOLFSSL_STACK* sk; + + WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain"); + if ((ssl == NULL) || (ssl->session->chain.count == 0)) + return NULL; + + sk = CreatePeerCertChain(ssl, 0); + + if (sk != NULL) { + if (ssl->peerCertChain != NULL) + wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL); + + /* This is Free'd when ssl is Free'd */ + ssl->peerCertChain = sk; } -#endif - if (ssl->peerCertChain != NULL) - wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL); - /* This is Free'd when ssl is Free'd */ - ssl->peerCertChain = sk; return sk; } + + +/** + * Implemented in a similar way that ngx_ssl_ocsp_validate does it when + * SSL_get0_verified_chain is not available. + * @param ssl WOLFSSL object to extract certs from + * @return Stack of verified certs + */ +WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl) +{ + WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL; + WOLFSSL_X509_STORE_CTX* storeCtx = NULL; + WOLFSSL_X509* peerCert = NULL; + + WOLFSSL_ENTER("wolfSSL_get0_verified_chain"); + + if (ssl == NULL || ssl->ctx == NULL) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + + peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl); + if (peerCert == NULL) { + WOLFSSL_MSG("wolfSSL_get_peer_certificate error"); + return NULL; + } + /* wolfSSL_get_peer_certificate returns a copy. We want the internal + * member so that we don't have to worry about free'ing it. We call + * wolfSSL_get_peer_certificate so that we don't have to worry about + * setting up the internal pointer. */ + wolfSSL_X509_free(peerCert); + peerCert = (WOLFSSL_X509*)&ssl->peerCert; + chain = CreatePeerCertChain((WOLFSSL*)ssl, 1); + if (chain == NULL) { + WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error"); + return NULL; + } + + if (ssl->verifiedChain != NULL) { + wolfSSL_sk_X509_pop_free(ssl->verifiedChain, NULL); + } + ((WOLFSSL*)ssl)->verifiedChain = chain; + + storeCtx = wolfSSL_X509_STORE_CTX_new(); + if (storeCtx == NULL) { + WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error"); + return NULL; + } + if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl), + peerCert, chain) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error"); + wolfSSL_X509_STORE_CTX_free(storeCtx); + return NULL; + } + if (wolfSSL_X509_verify_cert(storeCtx) <= 0) { + WOLFSSL_MSG("wolfSSL_X509_verify_cert error"); + wolfSSL_X509_STORE_CTX_free(storeCtx); + return NULL; + } + wolfSSL_X509_STORE_CTX_free(storeCtx); + return chain; +} #endif /* SESSION_CERTS && OPENSSL_EXTRA */ #ifndef NO_CERTS @@ -17637,6 +17690,33 @@ static void wolfSSL_CIPHER_copy(WOLFSSL_CIPHER* in, WOLFSSL_CIPHER* out) *out = *in; } + +#if defined(OPENSSL_ALL) +static WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_dup(WOLFSSL_X509_OBJECT* obj) +{ + WOLFSSL_X509_OBJECT* ret = NULL; + if (obj) { + ret = wolfSSL_X509_OBJECT_new(); + if (ret) { + ret->type = obj->type; + switch (ret->type) { + case WOLFSSL_X509_LU_NONE: + break; + case WOLFSSL_X509_LU_X509: + ret->data.x509 = wolfSSL_X509_dup(obj->data.x509); + break; + case WOLFSSL_X509_LU_CRL: + #if defined(HAVE_CRL) + ret->data.crl = wolfSSL_X509_CRL_dup(obj->data.crl); + #endif + break; + } + } + } + return ret; +} +#endif /* OPENSSL_ALL */ + WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) { @@ -17699,6 +17779,17 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) goto error; } break; + case STACK_TYPE_X509_OBJ: + #if defined(OPENSSL_ALL) + if (!sk->data.x509_obj) + break; + cur->data.x509_obj = wolfSSL_X509_OBJECT_dup(sk->data.x509_obj); + if (!cur->data.x509_obj) { + WOLFSSL_MSG("wolfSSL_X509_OBJECT_dup error"); + goto error; + } + break; + #endif case STACK_TYPE_BIO: case STACK_TYPE_STRING: case STACK_TYPE_ACCESS_DESCRIPTION: @@ -17711,7 +17802,6 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) case STACK_TYPE_X509_INFO: case STACK_TYPE_BY_DIR_entry: case STACK_TYPE_BY_DIR_hash: - case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: case STACK_TYPE_X509_CRL: default: @@ -18187,6 +18277,9 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #ifdef WOLFSSL_MD2 { WC_NID_md2, MD2h, oidHashType, "MD2", "md2"}, #endif + #ifndef NO_MD4 + { WC_NID_md4, MD4h, oidHashType, "MD4", "md4"}, + #endif #ifndef NO_MD5 { WC_NID_md5, MD5h, oidHashType, "MD5", "md5"}, #endif @@ -20308,7 +20401,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) { + if (ret == ASN1_R_HEADER_TOO_LONG) { return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; } #endif @@ -21484,7 +21577,7 @@ unsigned long wolfSSL_ERR_peek_last_error(void) if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E); #if defined(WOLFSSL_PYTHON) - if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) + if (ret == ASN1_R_HEADER_TOO_LONG) return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E); #endif return (unsigned long)ret; @@ -21696,7 +21789,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, return (WOLFSSL_ERR_LIB_SSL << 24) | -WC_NO_ERR_TRACE(PARSE_ERROR) /* SSL_R_HTTP_REQUEST */; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - else if (err == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) + else if (err == ASN1_R_HEADER_TOO_LONG) return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E); #endif return err; @@ -21873,6 +21966,78 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) return ssl->suitesStack; } #endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#ifdef OPENSSL_ALL +WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_get_client_ciphers(WOLFSSL* ssl) +{ + WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL; + const CipherSuiteInfo* cipher_names = GetCipherNames(); + int cipherSz = GetCipherNamesSize(); + const Suites* suites; + + WOLFSSL_ENTER("wolfSSL_get_client_ciphers"); + + if (ssl == NULL) { + return NULL; + } + + /* return NULL if is client side */ + if (wolfSSL_is_server(ssl) == 0) { + return NULL; + } + + suites = ssl->clSuites; + if (suites == NULL) { + WOLFSSL_MSG("No client suites stored"); + } + else { + int i; + int j; + + /* higher priority of cipher suite will be on top of stack */ + for (i = suites->suiteSz - 2; i >=0; i-=2) { + WOLFSSL_STACK* add; + + /* A couple of suites are placeholders for special options, + * skip those. */ + if (SCSV_Check(suites->suites[i], suites->suites[i+1]) + || sslCipherMinMaxCheck(ssl, suites->suites[i], + suites->suites[i+1])) { + continue; + } + + add = wolfSSL_sk_new_node(ssl->heap); + if (add != NULL) { + add->type = STACK_TYPE_CIPHER; + add->data.cipher.cipherSuite0 = suites->suites[i]; + add->data.cipher.cipherSuite = suites->suites[i+1]; + add->data.cipher.ssl = ssl; + for (j = 0; j < cipherSz; j++) { + if (cipher_names[j].cipherSuite0 == + add->data.cipher.cipherSuite0 && + cipher_names[j].cipherSuite == + add->data.cipher.cipherSuite) { + add->data.cipher.offset = (unsigned long)j; + break; + } + } + + /* in_stack is checked in wolfSSL_CIPHER_description */ + add->data.cipher.in_stack = 1; + + add->next = ret; + if (ret != NULL) { + add->num = ret->num + 1; + } + else { + add->num = 1; + } + ret = add; + } + } + } + return ret; +} +#endif /* OPENSSL_ALL */ #if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx) diff --git a/src/ssl_load.c b/src/ssl_load.c index 004cb65949..8a3c4fdc84 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -2803,9 +2803,26 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, } if (file != NULL) { + #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + /* handle CRL type being passed in */ + WOLFSSL_CRL crl; + + XMEMSET(&crl, 0, sizeof(WOLFSSL_CRL)); + crl.cm = ctx->cm; + /* Load the PEM formatted CA file. */ + ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE, + NULL, 0, &crl, verify); + /* found a good CRL, add it to ctx->cm */ + if (ret == 1 && crl.crlList != NULL) { + wolfSSL_X509_STORE_add_crl(wolfSSL_CTX_get_cert_store(ctx), &crl); + } + #else + /* Load the PEM formatted CA file. No CRL support, only expecting + * CA's */ ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL, verify); + #endif #ifndef NO_WOLFSSL_DIR if (ret == 1) { /* Include success in overall count. */ diff --git a/src/tls13.c b/src/tls13.c index a1a1783dea..a3d1c9bf28 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6682,17 +6682,19 @@ typedef struct Dch13Args { static void FreeDch13Args(WOLFSSL* ssl, void* pArgs) { + /* openssl compat builds hang on to the client suites until WOLFSSL object + * is destroyed */ +#ifndef OPENSSL_EXTRA Dch13Args* args = (Dch13Args*)pArgs; - (void)ssl; - if (args && args->clSuites) { XFREE(args->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); args->clSuites = NULL; } -#ifdef OPENSSL_EXTRA - ssl->clSuites = NULL; #endif + (void)ssl; + (void)pArgs; + } int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, @@ -6907,6 +6909,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (args->clSuites == NULL) { ERROR_OUT(MEMORY_E, exit_dch); } +#ifdef OPENSSL_EXTRA + /* hang on to client suites found and free the struct when WOLFSSL object + * is free'd */ + XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + ssl->clSuites = args->clSuites; +#endif /* Cipher suites */ if ((args->idx - args->begin) + OPAQUE16_LEN > helloSz) @@ -7079,7 +7087,6 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case TLS_ASYNC_DO: { #ifdef OPENSSL_EXTRA - ssl->clSuites = args->clSuites; if ((ret = CertSetupCbWrapper(ssl)) != 0) goto exit_dch; #endif diff --git a/src/x509.c b/src/x509.c index d656815665..56eea5d0ca 100644 --- a/src/x509.c +++ b/src/x509.c @@ -481,6 +481,24 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, return WOLFSSL_FATAL_ERROR; } + +int wolfSSL_X509_OBJECT_set1_X509(WOLFSSL_X509_OBJECT *a, WOLFSSL_X509 *obj) +{ + WOLFSSL_STUB("wolfSSL_X509_OBJECT_set1_X509"); + (void)a; + (void)obj; + return 1; +} + +int wolfSSL_X509_OBJECT_set1_X509_CRL(WOLFSSL_X509_OBJECT *a, + WOLFSSL_X509_CRL *obj) +{ + WOLFSSL_STUB("wolfSSL_X509_OBJECT_set1_X509_CRL"); + (void)a; + (void)obj; + return 1; +} + #endif /* OPENSSL_ALL || OPENSSL_EXTRA */ #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ @@ -10343,6 +10361,19 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } #endif +#if defined(OPENSSL_EXTRA) + +WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_sk_X509_OBJECT_deep_copy( + const WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, + WOLFSSL_X509_OBJECT* (*c)(const WOLFSSL_X509_OBJECT*), + void (*f)(WOLFSSL_X509_OBJECT*)) +{ + (void)f; /* free function */ + (void)c; /* copy function */ + return wolfSSL_sk_dup((WOLFSSL_STACK*)sk); +} +#endif + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name) { @@ -12671,6 +12702,7 @@ WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, return ne; } + static void wolfssl_x509_name_entry_set(WOLFSSL_X509_NAME_ENTRY* ne, int nid, int type, const unsigned char *data, int dataSz) { @@ -13075,6 +13107,17 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ defined(OPENSSL_EXTRA_X509_SMALL) +#ifdef OPENSSL_EXTRA + int wolfSSL_X509_NAME_ENTRY_set(const WOLFSSL_X509_NAME_ENTRY *ne) + { + if (ne != NULL) { + return ne->set; + } + return 0; + } +#endif + + /* returns a pointer to the internal entry at location 'loc' on success, * a null pointer is returned in fail cases */ WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( diff --git a/tests/api.c b/tests/api.c index 0ad5c086cc..9eeee65df6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -59072,21 +59072,21 @@ static int test_wolfSSL_EVP_Digest_all(void) "SHA512", #endif #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - "SHA512_224", + "SHA512-224", #endif #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - "SHA512_256", + "SHA512-256", #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - "SHA3_224", + "SHA3-224", #endif #ifndef WOLFSSL_NOSHA3_256 - "SHA3_256", + "SHA3-256", #endif - "SHA3_384", + "SHA3-384", #ifndef WOLFSSL_NOSHA3_512 - "SHA3_512", + "SHA3-512", #endif #endif /* WOLFSSL_SHA3 */ NULL @@ -59116,7 +59116,7 @@ static int test_wolfSSL_EVP_MD_size(void) #ifndef WOLFSSL_NOSHA3_224 wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1); + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-224"), 1); ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE); ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE); ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); @@ -59124,21 +59124,21 @@ static int test_wolfSSL_EVP_MD_size(void) #ifndef WOLFSSL_NOSHA3_256 wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1); + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-256"), 1); ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE); ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE); ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1); + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-384"), 1); ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE); ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE); ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #ifndef WOLFSSL_NOSHA3_512 wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1); + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-512"), 1); ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE); ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE); ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); @@ -93229,7 +93229,7 @@ static int error_test(void) { -9, WC_SPAN1_FIRST_E + 1 }, #endif { -124, -124 }, - { -166, -169 }, + { -167, -169 }, { -300, -300 }, { -334, -336 }, { -346, -349 }, @@ -93447,12 +93447,12 @@ static int test_EVP_blake2(void) #if defined(HAVE_BLAKE2) ExpectNotNull(md = EVP_blake2b512()); - ExpectIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0); + ExpectIntEQ(XSTRNCMP(md, "BLAKE2b512", XSTRLEN("BLAKE2b512")), 0); #endif #if defined(HAVE_BLAKE2S) ExpectNotNull(md = EVP_blake2s256()); - ExpectIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0); + ExpectIntEQ(XSTRNCMP(md, "BLAKE2s256", XSTRLEN("BLAKE2s256")), 0); #endif #endif diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 0deb66818e..9c185e4bdf 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -645,6 +645,9 @@ const char* wc_GetErrorString(int error) case PBKDF2_KAT_FIPS_E: return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure"; + case WC_KEY_MISMATCH_E: + return "key values mismatch"; + case DEADLOCK_AVERTED_E: return "Deadlock averted -- retry the call"; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index c3eb12edeb..c31f71c113 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -52,67 +52,67 @@ static const struct s_ent { const char *name; } md_tbl[] = { #ifndef NO_MD4 - {WC_HASH_TYPE_MD4, WC_NID_md4, "MD4"}, + {WC_HASH_TYPE_MD4, WC_NID_md4, WC_SN_md4}, #endif /* NO_MD4 */ #ifndef NO_MD5 - {WC_HASH_TYPE_MD5, WC_NID_md5, "MD5"}, + {WC_HASH_TYPE_MD5, WC_NID_md5, WC_SN_md5}, #endif /* NO_MD5 */ #ifndef NO_SHA - {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA1"}, + {WC_HASH_TYPE_SHA, WC_NID_sha1, WC_SN_sha1}, {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA"}, /* Leave for backwards compatibility */ #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, WC_NID_sha224, "SHA224"}, + {WC_HASH_TYPE_SHA224, WC_NID_sha224, WC_SN_sha224}, #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, WC_NID_sha256, "SHA256"}, + {WC_HASH_TYPE_SHA256, WC_NID_sha256, WC_SN_sha256}, #endif #ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, WC_NID_sha384, "SHA384"}, + {WC_HASH_TYPE_SHA384, WC_NID_sha384, WC_SN_sha384}, #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, WC_NID_sha512, "SHA512"}, + {WC_HASH_TYPE_SHA512, WC_NID_sha512, WC_SN_sha512}, #endif /* WOLFSSL_SHA512 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, "SHA512_224"}, + {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, WC_SN_sha512_224}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, "SHA512_256"}, + {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, WC_SN_sha512_256}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, "SHA3_224"}, + {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, WC_SN_sha3_224}, #endif #ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, "SHA3_256"}, + {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, WC_SN_sha3_256}, #endif #ifndef WOLFSSL_NOSHA3_384 - {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, "SHA3_384"}, + {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, WC_SN_sha3_384}, #endif #ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, "SHA3_512"}, + {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, WC_SN_sha3_512}, #endif #ifdef WOLFSSL_SM3 - {WC_HASH_TYPE_SM3, WC_NID_sm3, "SM3"}, + {WC_HASH_TYPE_SM3, WC_NID_sm3, WC_SN_sm3}, #endif /* WOLFSSL_SHA512 */ #ifdef HAVE_BLAKE2 - {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, "BLAKE2B512"}, + {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, WC_SN_blake2b512}, #endif #ifdef HAVE_BLAKE2S - {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, "BLAKE2S256"}, + {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, WC_SN_blake2s256}, #endif #ifdef WOLFSSL_SHAKE128 - {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, "SHAKE128"}, + {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, WC_SN_shake128}, #endif #ifdef WOLFSSL_SHAKE256 - {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, "SHAKE256"}, + {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, WC_SN_shake256}, #endif {WC_HASH_TYPE_NONE, 0, NULL} }; @@ -4262,69 +4262,69 @@ static int wolfssl_evp_md_to_hash_type(const WOLFSSL_EVP_MD *type, int ret = 0; #ifndef NO_SHA256 - if (XSTRCMP(type, "SHA256") == 0) { + if (XSTRCMP(type, WC_SN_sha256) == 0) { *hashType = WC_SHA256; } else #endif #ifndef NO_SHA - if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) { + if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) { *hashType = WC_SHA; } else #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - if (XSTRCMP(type, "SHA224") == 0) { + if (XSTRCMP(type, WC_SN_sha224) == 0) { *hashType = WC_SHA224; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(type, "SHA384") == 0) { + if (XSTRCMP(type, WC_SN_sha384) == 0) { *hashType = WC_SHA384; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(type, "SHA512") == 0) { + if (XSTRCMP(type, WC_SN_sha512) == 0) { *hashType = WC_SHA512; } else #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(type, "SHA3_224") == 0) { + if (XSTRCMP(type, WC_SN_sha3_224) == 0) { *hashType = WC_SHA3_224; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(type, "SHA3_256") == 0) { + if (XSTRCMP(type, WC_SN_sha3_256) == 0) { *hashType = WC_SHA3_256; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(type, "SHA3_384") == 0) { + if (XSTRCMP(type, WC_SN_sha3_384) == 0) { *hashType = WC_SHA3_384; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(type, "SHA3_512") == 0) { + if (XSTRCMP(type, WC_SN_sha3_512) == 0) { *hashType = WC_SHA3_512; } else #endif #endif #ifdef WOLFSSL_SM3 - if (XSTRCMP(type, "SM3") == 0) { + if (XSTRCMP(type, WC_SN_sm3) == 0) { *hashType = WC_SM3; } else #endif #ifndef NO_MD5 - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { *hashType = WC_MD5; } else @@ -9367,22 +9367,22 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type"); if (type != NULL) { - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { ret = WC_NID_md5WithRSAEncryption; } - else if (XSTRCMP(type, "SHA1") == 0) { + else if (XSTRCMP(type, WC_SN_sha1) == 0) { ret = WC_NID_sha1WithRSAEncryption; } - else if (XSTRCMP(type, "SHA224") == 0) { + else if (XSTRCMP(type, WC_SN_sha224) == 0) { ret = WC_NID_sha224WithRSAEncryption; } - else if (XSTRCMP(type, "SHA256") == 0) { + else if (XSTRCMP(type, WC_SN_sha256) == 0) { ret = WC_NID_sha256WithRSAEncryption; } - else if (XSTRCMP(type, "SHA384") == 0) { + else if (XSTRCMP(type, WC_SN_sha384) == 0) { ret = WC_NID_sha384WithRSAEncryption; } - else if (XSTRCMP(type, "SHA512") == 0) { + else if (XSTRCMP(type, WC_SN_sha512) == 0) { ret = WC_NID_sha512WithRSAEncryption; } } @@ -9936,54 +9936,44 @@ static const struct alias { const char *alias; } digest_alias_tbl[] = { - {"MD4", "md4"}, - {"MD5", "md5"}, - {"SHA1", "sha1"}, - {"SHA1", "SHA"}, - {"SHA224", "sha224"}, - {"SHA256", "sha256"}, - {"SHA384", "sha384"}, - {"SHA512", "sha512"}, - {"SHA512_224", "sha512_224"}, - {"SHA3_224", "sha3_224"}, - {"SHA3_256", "sha3_256"}, - {"SHA3_384", "sha3_384"}, - {"SHA3_512", "sha3_512"}, - {"SM3", "sm3"}, - {"BLAKE2B512", "blake2b512"}, - {"BLAKE2S256", "blake2s256"}, - {"SHAKE128", "shake128"}, - {"SHAKE256", "shake256"}, + {WC_SN_md4, "md4"}, + {WC_SN_md5, "md5"}, + {WC_SN_sha1, "sha1"}, + {WC_SN_sha1, "SHA"}, + {WC_SN_sha224, "sha224"}, + {WC_SN_sha256, "sha256"}, + {WC_SN_sha384, "sha384"}, + {WC_SN_sha512, "sha512"}, + {WC_SN_sha512_224, "sha512_224"}, + {WC_SN_sha3_224, "sha3_224"}, + {WC_SN_sha3_256, "sha3_256"}, + {WC_SN_sha3_384, "sha3_384"}, + {WC_SN_sha3_512, "sha3_512"}, + {WC_SN_sm3, "sm3"}, + {WC_SN_blake2b512, "blake2b512"}, + {WC_SN_blake2s256, "blake2s256"}, + {WC_SN_shake128, "shake128"}, + {WC_SN_shake256, "shake256"}, { NULL, NULL} }; const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) { - char nameUpper[15]; /* 15 bytes should be enough for any name */ - size_t i; - const struct alias *al; const struct s_ent *ent; - for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) { - nameUpper[i] = (char)XTOUPPER((unsigned char) name[i]); - } - if (i < sizeof(nameUpper)) - nameUpper[i] = '\0'; - else - return NULL; - - name = nameUpper; - for (al = digest_alias_tbl; al->name != NULL; al++) + for (al = digest_alias_tbl; al->name != NULL; al++) { if(XSTRCMP(name, al->alias) == 0) { name = al->name; break; } + } - for (ent = md_tbl; ent->name != NULL; ent++) + for (ent = md_tbl; ent->name != NULL; ent++) { if(XSTRCMP(name, ent->name) == 0) { return (WOLFSSL_EVP_MD *)ent->name; } + } return NULL; } @@ -10017,7 +10007,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) { WOLFSSL_ENTER("EVP_md4"); - return wolfSSL_EVP_get_digestbyname("MD4"); + return wolfSSL_EVP_get_digestbyname(WC_SN_md4); } #endif /* !NO_MD4 */ @@ -10028,7 +10018,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) { WOLFSSL_ENTER("EVP_md5"); - return wolfSSL_EVP_get_digestbyname("MD5"); + return wolfSSL_EVP_get_digestbyname(WC_SN_md5); } #endif /* !NO_MD5 */ @@ -10040,8 +10030,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) */ const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void) { - WOLFSSL_ENTER("EVP_blake2b512"); - return wolfSSL_EVP_get_digestbyname("BLAKE2b512"); + WOLFSSL_ENTER("wolfSSL_EVP_blake2b512"); + return wolfSSL_EVP_get_digestbyname(WC_SN_blake2b512); } #endif @@ -10080,7 +10070,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) { WOLFSSL_ENTER("EVP_sha1"); - return wolfSSL_EVP_get_digestbyname("SHA1"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha1); } #endif /* NO_SHA */ @@ -10089,7 +10079,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) { WOLFSSL_ENTER("EVP_sha224"); - return wolfSSL_EVP_get_digestbyname("SHA224"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha224); } #endif /* WOLFSSL_SHA224 */ @@ -10098,7 +10088,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) { WOLFSSL_ENTER("EVP_sha256"); - return wolfSSL_EVP_get_digestbyname("SHA256"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha256); } #ifdef WOLFSSL_SHA384 @@ -10106,7 +10096,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) { WOLFSSL_ENTER("EVP_sha384"); - return wolfSSL_EVP_get_digestbyname("SHA384"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha384); } #endif /* WOLFSSL_SHA384 */ @@ -10116,7 +10106,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) { WOLFSSL_ENTER("EVP_sha512"); - return wolfSSL_EVP_get_digestbyname("SHA512"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha512); } #ifndef WOLFSSL_NOSHA512_224 @@ -10124,7 +10114,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void) { WOLFSSL_ENTER("EVP_sha512_224"); - return wolfSSL_EVP_get_digestbyname("SHA512_224"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_224); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10133,7 +10123,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void) { WOLFSSL_ENTER("EVP_sha512_256"); - return wolfSSL_EVP_get_digestbyname("SHA512_256"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_256); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10145,7 +10135,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void) { WOLFSSL_ENTER("EVP_sha3_224"); - return wolfSSL_EVP_get_digestbyname("SHA3_224"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_224); } #endif /* WOLFSSL_NOSHA3_224 */ @@ -10154,7 +10144,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void) { WOLFSSL_ENTER("EVP_sha3_256"); - return wolfSSL_EVP_get_digestbyname("SHA3_256"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_256); } #endif /* WOLFSSL_NOSHA3_256 */ @@ -10162,7 +10152,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void) { WOLFSSL_ENTER("EVP_sha3_384"); - return wolfSSL_EVP_get_digestbyname("SHA3_384"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_384); } #endif /* WOLFSSL_NOSHA3_384 */ @@ -10170,7 +10160,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void) { WOLFSSL_ENTER("EVP_sha3_512"); - return wolfSSL_EVP_get_digestbyname("SHA3_512"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_512); } #endif /* WOLFSSL_NOSHA3_512 */ @@ -10196,7 +10186,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sm3(void) { WOLFSSL_ENTER("EVP_sm3"); - return wolfSSL_EVP_get_digestbyname("SM3"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sm3); } #endif /* WOLFSSL_SM3 */ @@ -10526,76 +10516,76 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher)); } else #ifndef NO_SHA - if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, "SHA1") == 0)) { + if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, WC_SN_sha1) == 0)) { ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); } else #endif #ifndef NO_SHA256 - if (XSTRCMP(md, "SHA256") == 0) { + if (XSTRCMP(md, WC_SN_sha256) == 0) { ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP(md, "SHA224") == 0) { + if (XSTRCMP(md, WC_SN_sha224) == 0) { ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(md, "SHA384") == 0) { + if (XSTRCMP(md, WC_SN_sha384) == 0) { ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); } else #endif #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - if (XSTRCMP(md, "SHA512_224") == 0) { + if (XSTRCMP(md, WC_SN_sha512_224) == 0) { ret = wolfSSL_SHA512_224_Init(&(ctx->hash.digest.sha512)); } else #endif #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - if (XSTRCMP(md, "SHA512_256") == 0) { + if (XSTRCMP(md, WC_SN_sha512_256) == 0) { ret = wolfSSL_SHA512_256_Init(&(ctx->hash.digest.sha512)); } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(md, "SHA512") == 0) { + if (XSTRCMP(md, WC_SN_sha512) == 0) { ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); } else #endif #ifndef NO_MD4 - if (XSTRCMP(md, "MD4") == 0) { + if (XSTRCMP(md, WC_SN_md4) == 0) { wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); } else #endif #ifndef NO_MD5 - if (XSTRCMP(md, "MD5") == 0) { + if (XSTRCMP(md, WC_SN_md5) == 0) { ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); } else #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(md, "SHA3_224") == 0) { + if (XSTRCMP(md, WC_SN_sha3_224) == 0) { ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224)); } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(md, "SHA3_256") == 0) { + if (XSTRCMP(md, WC_SN_sha3_256) == 0) { ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256)); } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(md, "SHA3_384") == 0) { + if (XSTRCMP(md, WC_SN_sha3_384) == 0) { ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384)); } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(md, "SHA3_512") == 0) { + if (XSTRCMP(md, WC_SN_sha3_512) == 0) { ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512)); } else #endif #endif #ifdef WOLFSSL_SM3 - if (XSTRCMP(md, "SM3") == 0) { + if (XSTRCMP(md, WC_SN_sm3) == 0) { ret = wc_InitSm3(&ctx->hash.digest.sm3, NULL, INVALID_DEVID); if (ret == 0) { ret = WOLFSSL_SUCCESS; @@ -10874,6 +10864,43 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return wolfSSL_EVP_DigestFinal(ctx, md, s); } + + /* XOF stands for extendable-output functions. This is used for algos such + * as SHAKE256. + * + * returns 1 (WOLFSSL_SUCCESS) on success and 0 (WOLFSSL_FAILURE) on fail */ + int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *md, + size_t sz) + { + unsigned int len; + + WOLFSSL_ENTER("wolfSSL_EVP_DigestFinalXOF"); + len = (unsigned int)sz; + return wolfSSL_EVP_DigestFinal(ctx, md, &len); + } + + + unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md) + { + enum wc_HashType macType; + + macType = EvpMd2MacType(md); + switch ((int)macType) { + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + case WC_HASH_TYPE_SHAKE128: + #endif + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + case WC_HASH_TYPE_SHAKE256: + #endif + return EVP_MD_FLAG_XOF; + default: + return 0; + } + } + + void wolfSSL_EVP_cleanup(void) { /* nothing to do here */ @@ -10928,64 +10955,64 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) } #ifndef NO_SHA - if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) { + if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) { return WC_SHA_BLOCK_SIZE; } else #endif #ifndef NO_SHA256 - if (XSTRCMP(type, "SHA256") == 0) { + if (XSTRCMP(type, WC_SN_sha256) == 0) { return WC_SHA256_BLOCK_SIZE; } else #endif #ifndef NO_MD4 - if (XSTRCMP(type, "MD4") == 0) { - return WC_MD4_BLOCK_SIZE; + if (XSTRCMP(type, WC_SN_md4) == 0) { + return MD4_BLOCK_SIZE; } else #endif #ifndef NO_MD5 - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { return WC_MD5_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP(type, "SHA224") == 0) { + if (XSTRCMP(type, WC_SN_sha224) == 0) { return WC_SHA224_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(type, "SHA384") == 0) { + if (XSTRCMP(type, WC_SN_sha384) == 0) { return WC_SHA384_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(type, "SHA512") == 0) { + if (XSTRCMP(type, WC_SN_sha512) == 0) { return WC_SHA512_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(type, "SHA3_224") == 0) { + if (XSTRCMP(type, WC_SN_sha3_224) == 0) { return WC_SHA3_224_BLOCK_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(type, "SHA3_256") == 0) { + if (XSTRCMP(type, WC_SN_sha3_256) == 0) { return WC_SHA3_256_BLOCK_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(type, "SHA3_384") == 0) { + if (XSTRCMP(type, WC_SN_sha3_384) == 0) { return WC_SHA3_384_BLOCK_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(type, "SHA3_512") == 0) { + if (XSTRCMP(type, WC_SN_sha3_512) == 0) { return WC_SHA3_512_BLOCK_SIZE; } #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - if (XSTRCMP(type, "SM3") == 0) { + if (XSTRCMP(type, WC_SN_sm3) == 0) { return WC_SM3_BLOCK_SIZE; } else #endif @@ -11003,74 +11030,74 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) } #ifndef NO_SHA - if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) { + if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) { return WC_SHA_DIGEST_SIZE; } else #endif #ifndef NO_SHA256 - if (XSTRCMP(type, "SHA256") == 0) { + if (XSTRCMP(type, WC_SN_sha256) == 0) { return WC_SHA256_DIGEST_SIZE; } else #endif #ifndef NO_MD4 - if (XSTRCMP(type, "MD4") == 0) { - return WC_MD4_DIGEST_SIZE; + if (XSTRCMP(type, WC_SN_md4) == 0) { + return MD4_DIGEST_SIZE; } else #endif #ifndef NO_MD5 - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { return WC_MD5_DIGEST_SIZE; } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP(type, "SHA224") == 0) { + if (XSTRCMP(type, WC_SN_sha224) == 0) { return WC_SHA224_DIGEST_SIZE; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(type, "SHA384") == 0) { + if (XSTRCMP(type, WC_SN_sha384) == 0) { return WC_SHA384_DIGEST_SIZE; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(type, "SHA512") == 0) { + if (XSTRCMP(type, WC_SN_sha512) == 0) { return WC_SHA512_DIGEST_SIZE; } else #ifndef WOLFSSL_NOSHA512_224 - if (XSTRCMP(type, "SHA512_224") == 0) { + if (XSTRCMP(type, WC_SN_sha512_224) == 0) { return WC_SHA512_224_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA512_256 - if (XSTRCMP(type, "SHA512_256") == 0) { + if (XSTRCMP(type, WC_SN_sha512_256) == 0) { return WC_SHA512_256_DIGEST_SIZE; } else #endif #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(type, "SHA3_224") == 0) { + if (XSTRCMP(type, WC_SN_sha3_224) == 0) { return WC_SHA3_224_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(type, "SHA3_256") == 0) { + if (XSTRCMP(type, WC_SN_sha3_256) == 0) { return WC_SHA3_256_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(type, "SHA3_384") == 0) { + if (XSTRCMP(type, WC_SN_sha3_384) == 0) { return WC_SHA3_384_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(type, "SHA3_512") == 0) { + if (XSTRCMP(type, WC_SN_sha3_512) == 0) { return WC_SHA3_512_DIGEST_SIZE; } else #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - if (XSTRCMP(type, "SM3") == 0) { + if (XSTRCMP(type, WC_SN_sm3) == 0) { return WC_SM3_DIGEST_SIZE; } #endif @@ -12263,64 +12290,64 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, } #ifndef NO_SHA - if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP("SHA1", evp) == 0)) { + if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP(WC_SN_sha1, evp) == 0)) { hash = WC_HASH_TYPE_SHA; } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP("SHA224", evp) == 0) { + if (XSTRCMP(WC_SN_sha224, evp) == 0) { hash = WC_HASH_TYPE_SHA224; } else #endif #ifndef NO_SHA256 - if (XSTRCMP("SHA256", evp) == 0) { + if (XSTRCMP(WC_SN_sha256, evp) == 0) { hash = WC_HASH_TYPE_SHA256; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP("SHA384", evp) == 0) { + if (XSTRCMP(WC_SN_sha384, evp) == 0) { hash = WC_HASH_TYPE_SHA384; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP("SHA512", evp) == 0) { + if (XSTRCMP(WC_SN_sha512, evp) == 0) { hash = WC_HASH_TYPE_SHA512; } else #ifndef WOLFSSL_NOSHA512_224 - if (XSTRCMP("SHA512_224", evp) == 0) { + if (XSTRCMP(WC_SN_sha512_224, evp) == 0) { hash = WC_HASH_TYPE_SHA512_224; } else #endif #ifndef WOLFSSL_NOSHA512_256 - if (XSTRCMP("SHA512_256", evp) == 0) { + if (XSTRCMP(WC_SN_sha512_256, evp) == 0) { hash = WC_HASH_TYPE_SHA512_256; } else #endif #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP("SHA3_224", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_224, evp) == 0) { hash = WC_HASH_TYPE_SHA3_224; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP("SHA3_256", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_256, evp) == 0) { hash = WC_HASH_TYPE_SHA3_256; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP("SHA3_384", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_384, evp) == 0) { hash = WC_HASH_TYPE_SHA3_384; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP("SHA3_512", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_512, evp) == 0) { hash = WC_HASH_TYPE_SHA3_512; } else #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - if (XSTRCMP("SM3", evp) == 0) { + if (XSTRCMP(WC_SN_sm3, evp) == 0) { hash = WC_HASH_TYPE_SM3; } else #endif @@ -12330,12 +12357,12 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, } else #endif #ifndef NO_MD4 - if (XSTRCMP("MD4", evp) == 0) { + if (XSTRCMP(WC_SN_md4, evp) == 0) { hash = WC_HASH_TYPE_MD4; } else #endif #ifndef NO_MD5 - if (XSTRCMP("MD5", evp) == 0) { + if (XSTRCMP(WC_SN_md5, evp) == 0) { hash = WC_HASH_TYPE_MD5; } else #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 093e39ca52..4e4d7e4237 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2777,7 +2777,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void) int last; } missing[] = { { -124, -124 }, - { -166, -169 }, + { -167, -169 }, { WC_SPAN1_LAST_E - 1, WC_SPAN2_FIRST_E + 1 }, { WC_SPAN2_LAST_E - 1, WC_SPAN2_MIN_CODE_E } }; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 37a381a385..5bdccc60b1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -5784,7 +5784,7 @@ struct WOLFSSL { * object needs separate instance of suites use * AllocateSuites(). */ #ifdef OPENSSL_EXTRA - const Suites* clSuites; + Suites* clSuites; #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) @@ -6224,6 +6224,7 @@ struct WOLFSSL { #if defined(OPENSSL_EXTRA) WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ + WOLFSSL_STACK* verifiedChain; /* peer cert chain to CA */ #ifdef KEEP_OUR_CERT WOLFSSL_STACK* ourCertChain; /* Used in wolfSSL_add1_chain_cert */ #endif diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 5b4f25a96a..1879bd168c 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -39,6 +39,7 @@ #define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT #define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT +#define V_ASN1_BIT_STRING WOLFSSL_V_ASN1_BIT_STRING #define V_ASN1_INTEGER WOLFSSL_V_ASN1_INTEGER #define V_ASN1_NEG WOLFSSL_V_ASN1_NEG #define V_ASN1_NEG_INTEGER WOLFSSL_V_ASN1_NEG_INTEGER diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 02b5c8bcc1..1f6c2be0d8 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -798,6 +798,7 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void); WOLFSSL_API void wolfSSL_EVP_init(void); WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type); WOLFSSL_API int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type); +WOLFSSL_API unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md); WOLFSSL_API int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type); WOLFSSL_API int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type); @@ -823,6 +824,8 @@ WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* unsigned int* s); WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s); +WOLFSSL_API int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX* ctx, + unsigned char* md, size_t sz); WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, unsigned int cnt); WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, @@ -1256,12 +1259,15 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define EVP_MD_CTX_set_flags(ctx, flags) WC_DO_NOTHING #endif +#define EVP_MD_FLAG_XOF 0x2 + #define EVP_Digest wolfSSL_EVP_Digest #define EVP_DigestInit wolfSSL_EVP_DigestInit #define EVP_DigestInit_ex wolfSSL_EVP_DigestInit_ex #define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate #define EVP_DigestFinal wolfSSL_EVP_DigestFinal #define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex +#define EVP_DigestFinalXOF wolfSSL_EVP_DigestFinalXOF #define EVP_DigestSignInit wolfSSL_EVP_DigestSignInit #define EVP_DigestSignUpdate wolfSSL_EVP_DigestSignUpdate #define EVP_DigestSignFinal wolfSSL_EVP_DigestSignFinal @@ -1311,6 +1317,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define EVP_get_cipherbynid wolfSSL_EVP_get_cipherbynid #define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid #define EVP_MD_nid wolfSSL_EVP_MD_type +#define EVP_MD_flags wolfSSL_EVP_MD_flags #define EVP_PKEY_assign wolfSSL_EVP_PKEY_assign #define EVP_PKEY_assign_RSA wolfSSL_EVP_PKEY_assign_RSA diff --git a/wolfssl/openssl/obj_mac.h b/wolfssl/openssl/obj_mac.h index b4d4013c9a..943539adc5 100644 --- a/wolfssl/openssl/obj_mac.h +++ b/wolfssl/openssl/obj_mac.h @@ -59,6 +59,27 @@ #define NID_sect571k1 WC_NID_sect571k1 #define NID_sect571r1 WC_NID_sect571r1 +/* mapping of short names */ +#define SN_md4 WC_SN_md4 +#define SN_md5 WC_SN_md5 +#define SN_sha1 WC_SN_sha1 +#define SN_sha224 WC_SN_sha224 +#define SN_sha256 WC_SN_sha256 +#define SN_sha384 WC_SN_sha384 +#define SN_sha512 WC_SN_sha512 +#define SN_sha512_224 WC_SN_sha512_224 +#define SN_sha512_256 WC_SN_sha512_256 +#define SN_sha3_224 WC_SN_sha3_224 +#define SN_sha3_256 WC_SN_sha3_256 +#define SN_sha3_384 WC_SN_sha3_384 +#define SN_sha3_512 WC_SN_sha3_512 +#define SN_shake128 WC_SN_shake128 +#define SN_shake256 WC_SN_shake256 +#define SN_blake2s256 WC_SN_blake2s256 +#define SN_blake2s512 WC_SN_blake2s512 +#define SN_blake2b512 WC_SN_blake2b512 +#define SN_sm3 WC_SN_sm3 + #endif /* !OPENSSL_COEXIST */ /* the definition is for Qt Unit test */ diff --git a/wolfssl/openssl/objects.h b/wolfssl/openssl/objects.h index 1b6ce8043b..9e4cd8be00 100644 --- a/wolfssl/openssl/objects.h +++ b/wolfssl/openssl/objects.h @@ -29,6 +29,8 @@ #include #endif /* OPENSSL_EXTRA_SSL_GUARD */ +#include + #ifdef __cplusplus extern "C" { #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 959d1e6391..fd9ac71700 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -289,6 +289,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSLv23_client_method wolfSSLv23_client_method #define SSLv2_client_method wolfSSLv2_client_method #define SSLv2_server_method wolfSSLv2_server_method +#define SSLv3_method wolfSSLv3_method #define SSLv3_server_method wolfSSLv3_server_method #define SSLv3_client_method wolfSSLv3_client_method #define TLS_client_method wolfTLS_client_method @@ -352,7 +353,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_write_early_data(ssl, d, dLen, len) wolfSSL_write_early_data(ssl, d, (int)(dLen), (int *)(len)) #define SSL_write wolfSSL_write +#define SSL_write_ex wolfSSL_write_ex #define SSL_read wolfSSL_read +#define SSL_read_ex wolfSSL_read_ex #define SSL_peek wolfSSL_peek #define SSL_accept wolfSSL_accept #define SSL_CTX_free wolfSSL_CTX_free @@ -432,6 +435,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_get_version wolfSSL_get_version #define SSL_get_current_cipher wolfSSL_get_current_cipher +#define SSL_get_client_ciphers wolfSSL_get_client_ciphers /* use wolfSSL_get_cipher_name for its return format */ #define SSL_get_cipher wolfSSL_get_cipher_name @@ -461,6 +465,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN #define X509_get_ext wolfSSL_X509_get_ext #define X509_get_ext_by_OBJ wolfSSL_X509_get_ext_by_OBJ + #define X509_OBJECT_set1_X509 wolfSSL_X509_OBJECT_set1_X509 + #define X509_OBJECT_set1_X509_CRL wolfSSL_X509_OBJECT_set1_X509_CRL + #define sk_X509_OBJECT_deep_copy wolfSSL_sk_X509_OBJECT_deep_copy #define X509_cmp wolfSSL_X509_cmp #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical @@ -688,6 +695,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count #define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry +#define X509_NAME_ENTRY_set wolfSSL_X509_NAME_ENTRY_set #define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object #define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data #define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object @@ -717,6 +725,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_VP_FLAG_LOCKED WOLFSSL_VPARAM_LOCKED #define X509_VP_FLAG_ONCE WOLFSSL_VPARAM_ONCE +#define X509_STORE_lock(x) 1 +#define X509_STORE_unlock(x) 1 + #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert #define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb #define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new @@ -1104,6 +1115,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback #define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback +#ifndef INVALID_SOCKET + #define INVALID_SOCKET (-1) +#endif + /* system file ints for ERR_put_error */ #define SYS_F_ACCEPT WOLFSSL_SYS_ACCEPT #define SYS_F_BIND WOLFSSL_SYS_BIND @@ -1430,6 +1445,11 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ +#ifndef WOLFSSL_ALLOW_SSLV3 + #undef OPENSSL_NO_SSL3 + #define OPENSSL_NO_SSL3 +#endif + /* Used as message callback types */ #define SSL3_RT_CHANGE_CIPHER_SPEC 20 #define SSL3_RT_ALERT 21 @@ -1810,6 +1830,8 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX; #define SSL_CONF_cmd wolfSSL_CONF_cmd #define SSL_CONF_cmd_value_type wolfSSL_CONF_cmd_value_type +#define SSL_OP_LEGACY_SERVER_CONNECT 0 + #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h index f2bfb1b562..f75fb2f114 100644 --- a/wolfssl/openssl/x509.h +++ b/wolfssl/openssl/x509.h @@ -111,6 +111,8 @@ #define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL #define X509_V_ERR_CRL_HAS_EXPIRED WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED +#define X509_V_FLAG_ALLOW_PROXY_CERTS 0 +#define X509_V_FLAG_X509_STRICT 0 /* * Not all of these X509_V_ERR values are used in wolfSSL. Some are included to @@ -212,6 +214,7 @@ #define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 #define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 #define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +#define X509_R_KEY_VALUES_MISMATCH WC_KEY_MISMATCH_E #define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical #define X509_EXTENSION_set_object wolfSSL_X509_EXTENSION_set_object diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5ca6f8288f..c403780359 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -327,6 +327,7 @@ typedef int (*WOLFSSL_X509_STORE_CTX_get_crl_cb)(WOLFSSL_X509_STORE_CTX *, typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *, WOLFSSL_X509_CRL *); +#define WOLFSSL_V_ASN1_BIT_STRING 0x03 #define WOLFSSL_V_ASN1_INTEGER 0x02 #define WOLFSSL_V_ASN1_NEG 0x100 #define WOLFSSL_V_ASN1_NEG_INTEGER (2 | WOLFSSL_V_ASN1_NEG) @@ -1364,7 +1365,10 @@ WOLFSSL_API int wolfSSL_get_wfd(const WOLFSSL* ssl); WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL* ssl); WOLFSSL_ABI WOLFSSL_API int wolfSSL_write( WOLFSSL* ssl, const void* data, int sz); +WOLFSSL_API int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, int sz, + size_t* wr); WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL* ssl, void* data, int sz); +WOLFSSL_API int wolfSSL_read_ex(WOLFSSL* ssl, void* data, int sz, size_t* rd); WOLFSSL_API int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz); WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz); @@ -2814,6 +2818,10 @@ WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session, WOLFSSL_API int wolfSSL_is_init_finished(const WOLFSSL* ssl); WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL* ssl); +#ifdef OPENSSL_EXTRA +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_get_client_ciphers( + WOLFSSL* ssl); +#endif WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl); WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len); @@ -4968,6 +4976,10 @@ WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc); WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, const WOLFSSL_ASN1_OBJECT *obj, int lastpos); +WOLFSSL_API int wolfSSL_X509_OBJECT_set1_X509(WOLFSSL_X509_OBJECT *a, + WOLFSSL_X509 *obj); +WOLFSSL_API int wolfSSL_X509_OBJECT_set1_X509_CRL(WOLFSSL_X509_OBJECT *a, + WOLFSSL_X509_CRL *obj); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc); WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void); @@ -5109,6 +5121,7 @@ struct WOLFSSL_CONF_CTX { }; WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); +WOLFSSL_API int wolfSSL_X509_NAME_ENTRY_set(const WOLFSSL_X509_NAME_ENTRY *ne); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_EXTRA) \ @@ -5280,6 +5293,12 @@ WOLFSSL_API void wolfSSL_sk_X509_OBJECT_pop_free(WOLFSSL_STACK* s, void (*f) (WOLFSSL_X509_OBJECT*)); WOLFSSL_API int wolfSSL_sk_X509_OBJECT_push(WOLFSSL_STACK* sk, WOLFSSL_X509_OBJECT* obj); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* + wolfSSL_sk_X509_OBJECT_deep_copy( + const WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, + WOLFSSL_X509_OBJECT* (*c)(const WOLFSSL_X509_OBJECT*), + void (*f)(WOLFSSL_X509_OBJECT*)); + WOLFSSL_API WOLFSSL_X509_INFO *wolfSSL_X509_INFO_new(void); WOLFSSL_API void wolfSSL_X509_INFO_free(WOLFSSL_X509_INFO* info); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 12a602383a..12406e4bc8 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -853,6 +853,26 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* short names */ +#define WC_SN_md4 "MD4" +#define WC_SN_md5 "MD5" +#define WC_SN_sha1 "SHA1" +#define WC_SN_sha224 "SHA224" +#define WC_SN_sha256 "SHA256" +#define WC_SN_sha384 "SHA384" +#define WC_SN_sha512 "SHA512" +#define WC_SN_sha512_224 "SHA512-224" +#define WC_SN_sha512_256 "SHA512-256" +#define WC_SN_sha3_224 "SHA3-224" +#define WC_SN_sha3_256 "SHA3-256" +#define WC_SN_sha3_384 "SHA3-384" +#define WC_SN_sha3_512 "SHA3-512" +#define WC_SN_shake128 "SHAKE128" +#define WC_SN_shake256 "SHAKE256" +#define WC_SN_blake2s256 "BLAKE2s256" +#define WC_SN_blake2s512 "BLAKE2s512" +#define WC_SN_blake2b512 "BLAKE2b512" +#define WC_SN_sm3 "SM3" /* NIDs */ #define WC_NID_netscape_cert_type WC_NID_undef @@ -1249,6 +1269,7 @@ enum Oid_Types { enum Hash_Sum { MD2h = 646, + MD4h = 648, MD5h = 649, SHAh = 88, SHA224h = 417, diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 5668783546..3dbc07e1d0 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -135,7 +135,8 @@ enum wolfCrypt_ErrorCodes { ED25519_KAT_FIPS_E = -163, /* Ed25519 Known answer test failure */ ED448_KAT_FIPS_E = -164, /* Ed448 Known answer test failure */ PBKDF2_KAT_FIPS_E = -165, /* PBKDF2 Known answer test failure */ - /* -166..-169 unused. */ + WC_KEY_MISMATCH_E = -166, /* Error for private/public key mismatch */ + /* -167..-169 unused. */ ECC_BAD_ARG_E = -170, /* ECC input argument of wrong type */ ASN_ECC_KEY_E = -171, /* ASN ECC bad input */