mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

* Fixed some build configuration variations. 

* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
This commit is contained in:
David Garske 2023-01-03 10:48:00 -08:00
parent 4f8edb312b
commit 023db01aca
22 changed files with 482 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/SECURITY.md vendored
View File

@ -6,7 +6,7 @@ If you discover a vulnerability, please report it to support@wolfssl.com
1. Include a detailed description
2. Include method to reproduce and/or method of discovery
3. We will evaulate the report promptly and respond to you with findings.
3. We will evaluate the report promptly and respond to you with findings.
4. We will credit you with the report if you would like.
**Please keep the vulnerability private** until a fix has been released.

127
.github/workflows/os-check.yml vendored
View File

@ -1,4 +1,4 @@
name: Test MacOS/Ubuntu/Windows compilation
name: GitHub Action Tests
concurrency:
group: ${{ github.ref }}
@ -13,35 +13,122 @@ jobs:
name: macOS Build Test
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: brew
run: brew install automake libtool
- name: autogen
run: ./autogen.sh
- name: configure
run: ./configure
- name: make
run: make
- name: make check
run: make check
- name: make distcheck
run: make distcheck
- name: configure make check
run: |
./configure
make
make check
make distcheck
- name: configure all make check
run: |
./configure --enable-all
make
make check
make distcheck
- name: configure all ASN template
run: |
./configure --enable-all --enable-asn=template
make
make check
make distcheck
- name: make user_settings_all.h
run: |
cp ./examples/configs/user_settings_all.h user_settings.h
./configure --enable-usersettings
make
make check
- name: user_settings_all.h with compatibility layer
run: |
cp ./examples/configs/user_settings_all.h user_settings.h
sed -i -e "s/if 0/if 1/" user_settings.h
./configure --enable-usersettings
make
make check
- name: user_settings_min_ecc.h
run: |
cp ./examples/configs/user_settings_min_ecc.h user_settings.h
./configure --enable-usersettings --disable-examples
make
./wolfcrypt/test/testwolfcrypt
- name: user_settings_wolfboot_keytools.h
run: |
cp ./examples/configs/user_settings_wolfboot_keytools.h user_settings.h
./configure --enable-usersettings --disable-examples
make
./wolfcrypt/test/testwolfcrypt
ubuntu_build:
name: Ubuntu Build Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: autogen
run: ./autogen.sh
- name: configure
run: ./configure
- name: make
run: make
- name: make check
run: make check
- name: make distcheck
run: make distcheck
- name: configure make check
run: |
./configure
make
make check
make distcheck
- name: configure all make check
run: |
./configure --enable-all
make
make check
make distcheck
- name: configure all ASN template
run: |
./configure --enable-all --enable-asn=template
make
make check
make distcheck
- name: make user_settings_all.h
run: |
cp ./examples/configs/user_settings_all.h user_settings.h
./configure --enable-usersettings
make
make check
- name: user_settings_all.h with compatibility layer
run: |
cp ./examples/configs/user_settings_all.h user_settings.h
sed -i -e "s/if 0/if 1/" user_settings.h
./configure --enable-usersettings
make
make check
- name: user_settings_min_ecc.h
run: |
cp ./examples/configs/user_settings_min_ecc.h user_settings.h
./configure --enable-usersettings --disable-examples
make
./wolfcrypt/test/testwolfcrypt
- name: user_settings_wolfboot_keytools.h
run: |
cp ./examples/configs/user_settings_wolfboot_keytools.h user_settings.h
./configure --enable-usersettings --disable-examples
make
./wolfcrypt/test/testwolfcrypt
windows_build:
name: Windows Build Test
@ -56,7 +143,7 @@ jobs:
BUILD_CONFIGURATION: Release
BUILD_PLATFORM: x64
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v1

4
configure.ac
View File

@ -8447,10 +8447,10 @@ AM_CONDITIONAL([BUILD_HMAC],[test "x$ENABLED_HMAC" = "xyes"])
AM_CONDITIONAL([BUILD_ERROR_STRINGS],[test "x$ENABLED_ERROR_STRINGS" = "xyes"])
AM_CONDITIONAL([BUILD_DO178],[test "x$ENABLED_DO178" = "xyes"])
AM_CONDITIONAL([BUILD_PSA],[test "x$ENABLED_PSA" = "xyes"])
AM_CONDITIONAL([BUILD_DTLS13],[test "x$ENABLED_DTLS13" = "xyes"])
AM_CONDITIONAL([BUILD_DTLS13],[test "x$ENABLED_DTLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_QUIC],[test "x$ENABLED_QUIC" = "xyes"])
AM_CONDITIONAL([BUILD_DTLS_CID],[test "x$ENABLED_DTLS_CID" = "xyes"])
AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes"])
AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&

8
examples/client/client.c
View File

@ -3662,7 +3662,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
}
#ifdef HAVE_CRL
#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
if (disableCRL == 0 && !useVerifyCb) {
#if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
@ -4273,7 +4273,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
defined(HAVE_EXT_CACHE))
if (flatSession) {
const byte* constFlatSession = flatSession;
session = wolfSSL_d2i_SSL_SESSION(NULL,
@ -4283,7 +4284,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
wolfSSL_set_session(sslResume, session);
#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
defined(HAVE_EXT_CACHE))
if (flatSession) {
XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}

157
examples/configs/user_settings_all.h
View File

@ -50,22 +50,30 @@ extern "C" {
#define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */
#define WOLFSSL_HAVE_CERT_SERVICE
#define WOLFSSL_JNI
#define WOLFSSL_SEP
#define WOLFSSL_SEP /* certificate policy set extension */
#define WOLFCRYPT_HAVE_SRP
#define WOLFSSL_HAVE_WOLFSCEP
#define WOLFSSL_ENCRYPTED_KEYS /* Support for encrypted keys PKCS8 */
#define HAVE_PKCS7
#define WOLFSSL_MULTI_ATTRIB
#define WOLFSSL_DER_LOAD
#define ASN_BER_TO_DER /* BER to DER support */
#define WOLFSSL_SIGNER_DER_CERT
#define WOLFSSL_TRUST_PEER_CERT
#define WOLFSSL_SYS_CA_CERTS /* Enable ability to load CA certs from OS */
#define WOLFSSL_WOLFSSH
#define WC_NO_ASYNC_THREADING
//#define HAVE_THREAD_LS /* DG Commented: Thread local storage - may not be portable */
//#define WOLFSSL_AEAD_ONLY /* automatically set if TLS v1.3 only, but can be enabled for TLS v1.2 manually */
/* TLS Features */
#define WOLFSSL_DTLS
#define WOLFSSL_TLS13
#define WOLFSSL_EITHER_SIDE /* allow generic server/client method for WOLFSSL_CTX new */
#define WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE
/* DTLS */
#define WOLFSSL_DTLS
#define WOLFSSL_MULTICAST
/* DTLS v1.3 is not yet included with enable-all */
//#define WOLFSSL_DTLS13
/* DG Disabled SSLv3 and TLSv1.0 - should avoid using */
//#define WOLFSSL_ALLOW_SSLV3
@ -80,9 +88,17 @@ extern "C" {
#define HAVE_MAX_FRAGMENT
#define HAVE_TRUNCATED_HMAC
#define HAVE_SESSION_TICKET
#define WOLFSSL_TICKET_HAVE_ID
#define WOLFSSL_FORCE_CACHE_ON_TICKET
#define HAVE_EXTENDED_MASTER
#define HAVE_TRUSTED_CA
#define HAVE_ENCRYPT_THEN_MAC
#define WOLFSSL_POST_HANDSHAKE_AUTH
#define WOLFSSL_SEND_HRR_COOKIE /* Used by DTLS v1.3 */
#define HAVE_ANON /* anon cipher suites */
#define HAVE_FALLBACK_SCSV /* TLS_FALLBACK_SCSV */
#define WOLFSSL_EARLY_DATA
#define HAVE_SERVER_RENEGOTIATION_INFO
/* TLS Session Cache */
#define SESSION_CERTS
@ -94,6 +110,22 @@ extern "C" {
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_EXT
#define WOLFSSL_MULTI_ATTRIB
#define HAVE_SMIME
#define WOLFSSL_DER_LOAD
#define ASN_BER_TO_DER /* BER to DER support */
#define WOLFSSL_HAVE_ISSUER_NAMES /* Store pointers to issuer name components and their lengths and encodings */
#define WOLFSSL_SUBJ_DIR_ATTR /* Enable support for SubjectDirectoryAttributes extension */
#define WOLFSSL_SUBJ_INFO_ACC /* Enable support for SubjectInfoAccess extension */
#define WOLFSSL_CERT_NAME_ALL /* Adds more certificate name capability at the cost of taking up more memory. Adds initials, givenname, dnQualifer for example */
#define WOLFSSL_FPKI /* Enable support for FPKI (Federal PKI) extensions */
#define WOLFSSL_AKID_NAME /* Enable support for full AuthorityKeyIdentifier extension. Only supports copying full AKID from an existing certificate */
#define HAVE_CTS /* Ciphertext stealing interface */
#define WOLFSSL_PEM_TO_DER
#define WOLFSSL_DER_TO_PEM
#define WOLFSSL_CUSTOM_OID
#define HAVE_OID_ENCODING
//#define WOLFSSL_ASN_TEMPLATE /* Not enabled yet by default */
/* Certificate Revocation */
#define HAVE_OCSP
@ -105,11 +137,21 @@ extern "C" {
//#define HAVE_CRL_MONITOR /* DG Disabled (Monitors CRL files on filesystem) - not portable feature */
/* Fast math key size 4096-bit max */
#define USE_FAST_MATH
#define FP_MAX_BITS 8192
#if 1
/* sp_int.c */
#define WOLFSSL_SP_MATH_ALL
#else
/* Fast math key size 4096-bit max */
#define USE_FAST_MATH
#endif
//#define HAVE___UINT128_T 1 /* DG commented: May not be portable */
/* Max Sizes */
#define RSA_MAX_SIZE 4096
#define FP_MAX_BITS 8192
#define SP_INT_BITS 4096
/* Timing Resistance */
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
@ -118,6 +160,8 @@ extern "C" {
/* DH Key Sizes */
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072
#define WOLFSSL_DH_EXTRA /* Enable additional DH key import/export */
#define HAVE_DH_DEFAULT_PARAMS
/* ECC Features */
#define HAVE_ECC
@ -132,9 +176,14 @@ extern "C" {
#define HAVE_COMP_KEY /* Compressed key support */
#define FP_ECC /* Fixed point caching - speed repeated operations against same key */
#define HAVE_ECC_ENCRYPT
#define WOLFCRYPT_HAVE_ECCSI
#define WOLFCRYPT_HAVE_SAKKE
#define WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
/* RSA */
#define WC_RSA_PSS
#define WOLFSSL_PSS_LONG_SALT
#define WC_RSA_NO_PADDING
/* AES */
#define HAVE_AES_DECRYPT
@ -142,11 +191,16 @@ extern "C" {
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_COUNTER
#define HAVE_AESGCM
#define GCM_TABLE_4BIT
#define WOLFSSL_AESGCM_STREAM
#define HAVE_AESCCM
#define WOLFSSL_AES_OFB
#define WOLFSSL_AES_CFB
#define WOLFSSL_AES_XTS
#define HAVE_AES_KEYWRAP
#define WOLFSSL_AES_CBC_LENGTH_CHECKS
#define WOLFSSL_USE_ALIGN
#define WOLFSSL_AES_SIV
/* Hashing */
#define WOLFSSL_SHA224
@ -155,29 +209,44 @@ extern "C" {
#define WOLFSSL_SHAKE256
#define WOLFSSL_SHA3
#define WOLFSSL_HASH_FLAGS /* enable hash flag API's */
#define WOLFSSL_SHAKE256
/* Additional Algorithms */
#define HAVE_HASHDRBG
#define HAVE_CURVE25519
#define HAVE_ED25519
#define WOLFSSL_ED25519_STREAMING_VERIFY
#define CURVED25519_SMALL
#define HAVE_ED448
#define WOLFSSL_ED448_STREAMING_VERIFY
#define HAVE_CURVE448
#define HAVE_POLY1305
#define HAVE_CHACHA
#define HAVE_XCHACHA
#define HAVE_HKDF
#define HAVE_X963_KDF
#define WOLFSSL_CMAC
#define WOLFSSL_DES_ECB
#define HAVE_BLAKE2
#define HAVE_BLAKE2B
#define HAVE_BLAKE2S
#define WOLFSSL_SIPHASH
#define HAVE_KEYING_MATERIAL
#define WOLFSSL_HAVE_PRF
/* Non-Standard Algorithms (DG disabled) */
//#define HAVE_CAMELLIA
//#define WOLFSSL_RIPEMD
//#define HAVE_SCRYPT
//#define WOLFSSL_MD2
//#define WOLFSSL_ALLOW_RC4
/* Encoding */
#define WOLFSSL_BASE16
#define WOLFSSL_BASE64_ENCODE
/* Openssl compatibility */
#if 0 /* DG Disabled */
/* Openssl compatibility API's */
@ -192,6 +261,13 @@ extern "C" {
#define NO_OLD_WC_NAMES
#define NO_OLD_SSL_NAMES
#define NO_OLD_SHA_NAMES
#define NO_OLD_MD5_NAME
#define OPENSSL_NO_EC /* macro to enable ECC in openssl */
#define WOLFSSL_VERBOSE_ERRORS
#define ERROR_QUEUE_PER_THREAD
#define WOLFSSL_ERROR_CODE_OPENSSL
#define HAVE_WOLFSSL_SSL_H 1
#define OPENSSL_COMPATIBLE_DEFAULTS
/* Openssl compatibility application specific */
#define WOLFSSL_LIBWEBSOCKETS
@ -206,6 +282,9 @@ extern "C" {
#define WOLFSSL_ASIO
#define ASIO_USE_WOLFSSL
#define BOOST_ASIO_USE_WOLFSSL
#define WOLFSSL_OPENVPN
#define NO_WOLFSSL_STUB
#endif
/* TLS static cipher support - off by default */
@ -222,6 +301,68 @@ extern "C" {
#endif
/* Used to manually test disable edge cases */
#ifdef TEST_DISABLES
#define NO_SESSION_CACHE
//#define NO_ECC256
//#define NO_ECC_KEY_EXPORT
//#define NO_ECC_DHE
//#define NO_ECC_SIGN
//#define NO_ECC_VERIFY
//#define NO_RSA
#define NO_DH
#define NO_DSA
#define NO_SHA
#define NO_SHA256
#ifdef NO_SHA256
#undef WOLFSSL_SHA224
#endif
#define NO_SHA512
#ifdef NO_SHA512
#undef WOLFSSL_SHA384
#undef WOLFSSL_SHA512
#undef HAVE_ED25519
#endif
#define NO_MD4
#define NO_MD5
//#define NO_KDF
//#define NO_HMAC
#define NO_RC4
#define NO_DES3
//#define NO_AES
#define NO_AES_CBC
#define WOLFSSL_NO_SHAKE128
#define NO_PSK
#define NO_PWDBASED
#define NO_OLD_TLS
//#define WOLFSSL_NO_TLS12
//#define NO_64BIT
#define WOLFSSL_SP_NO_MALLOC
#define NO_FILESYSTEM
#define NO_WRITEV
#define NO_ERROR_STRINGS
//#define NO_WOLFSSL_CLIENT
//#define NO_WOLFSSL_SERVER
#define NO_MULTIBYTE_PRINT
//#define NO_ASN_TIME
//#define NO_ASN_CRYPT
//#define NO_CODING
#define NO_SIG_WRAPPER
//#define NO_HASH_WRAPPER
//#define WC_NO_HARDEN
//#define NO_CERTS
//#define NO_ASN
#endif
#ifdef __cplusplus
}
#endif

30
examples/configs/user_settings_wolfboot_keytools.h
View File

@ -26,7 +26,7 @@
#ifndef H_USER_SETTINGS_
#define H_USER_SETTINGS_
#include <stdint.h>
/* #include <stdint.h> */ /* DG: Removed, not needed for testing */
/* System */
#define WOLFSSL_GENERAL_ALIGNMENT 4
@ -35,8 +35,6 @@
#define SIZEOF_LONG_LONG 8
/* Math */
#define WOLFSSL_SP
#define WOLFSSL_SP_NO_3072
#define USE_FAST_MATH
#define FP_MAX_BITS (4096 * 2)
#define TFM_TIMING_RESISTANT
@ -45,10 +43,18 @@
#define HAVE_ECC
#define WOLFSSL_HAVE_SP_ECC
#define ECC_TIMING_RESISTANT
#define HAVE_ECC256
#define HAVE_ECC384
#define HAVE_ECC521
/* ED25519 */
#define HAVE_ED25519
#define CURVED25519_SMALL
/* DG: Added, since --enable-usersettings expects small version to be used */
#define ED25519_SMALL
/* ED448 */
#define HAVE_ED448
#define WOLFSSL_SHAKE256
/* RSA */
#define HAVE_RSA
@ -58,14 +64,18 @@
/* Hashing */
#define WOLFSSL_SHA512 /* Required for ED25519 */
#define WOLFSSL_SHA384
#define WOLFSSL_SHA3
#undef NO_SHA256
/* Chacha stream cipher */
#define HAVE_CHACHA
/* AES */
#define WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_DIRECT
/* Disables */
#define NO_AES
#define NO_CMAC
#define NO_HMAC
#define NO_RC4
@ -73,15 +83,16 @@
#define NO_DH
#define NO_DSA
#define NO_MD4
#define NO_RABBIT
#define NO_MD5
#define NO_SIG_WRAPPER
#define NO_CERT
#define NO_SESSION_CACHE
#define NO_HC128
#define NO_DES3
#define NO_PWDBASED
#define NO_WRITEV
#define NO_FILESYSTEM
//#define NO_MAIN_DRIVER
#define NO_OLD_RNGNAME
#define NO_WOLFSSL_DIR
#define WOLFSSL_NO_SOCK
@ -89,7 +100,10 @@
#define NO_ERROR_STRINGS
#define BENCH_EMBEDDED
#define NO_CRYPT_TEST
#define NO_CRYPT_BENCHMARK
/* DG: Removed since we need it here for testing */
/* #define NO_MAIN_DRIVER */
/* #define NO_CRYPT_TEST */
/* #define NO_CRYPT_BENCHMARK */
#endif /* !H_USER_SETTINGS_ */

7
examples/server/server.c
View File

@ -2995,7 +2995,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
#endif
#ifdef HAVE_CRL
#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
if (!disableCRL) {
#ifdef HAVE_CRL_MONITOR
crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON;
@ -3021,8 +3021,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
#ifndef NO_RSA
/* All the OCSP Stapling test certs are RSA. */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
#if !defined(NO_FILESYSTEM) && (\
defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
{ /* scope start */
const char* ca1 = "certs/ocsp/intermediate1-ca-cert.pem";
const char* ca2 = "certs/ocsp/intermediate2-ca-cert.pem";

6
scripts/ocsp.test
View File

@ -77,8 +77,8 @@ if test -n "$WOLFSSL_OCSP_TEST"; then
printf '%s\n' "Test Passed!"
exit 0
elif [ $GL_UNREACHABLE -eq 1 ] && [ $GR_RESULT -eq 0 ]; then
printf '%s\n' "Global Sign is currently unreachable. Logging it but if"
printf '%s\n' "this continues to occur should be investigated"
printf '%s\n' "Global Sign is currently unreachable. Logging it but if"
printf '%s\n' "this continues to occur should be investigated"
exit 0
else
# Unlike other environment variables the intent of WOLFSSL_OCSP_TEST
@ -96,7 +96,7 @@ else
if [ $GL_RESULT -ne 0 ] && [ $GR_RESULT -ne 0 ]; then
printf '\n\n%s\n' "Both OCSP connection to globalsign and google failed"
printf '%s\n' "Test Failed!"
exit 1
exit 77
else
printf '\n\n%s\n' "WOLFSSL_OCSP_TEST NOT set, and 1 of the tests passed"
printf '%s\n' "Test Passed!"

162
src/ssl.c
View File

@ -2727,8 +2727,8 @@ int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
#ifdef HAVE_TRUSTED_CA
WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, byte type,
const byte* certId, word32 certIdSz)
int wolfSSL_UseTrustedCA(WOLFSSL* ssl, byte type,
const byte* certId, word32 certIdSz)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
@ -3467,8 +3467,7 @@ int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx)
return TLSX_UseSessionTicket(&ctx->extensions, NULL, ctx->heap);
}
WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
byte* buf, word32* bufSz)
int wolfSSL_get_SessionTicket(WOLFSSL* ssl, byte* buf, word32* bufSz)
{
if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
return BAD_FUNC_ARG;
@ -3483,7 +3482,7 @@ WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
return WOLFSSL_SUCCESS;
}
WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const byte* buf,
int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const byte* buf,
word32 bufSz)
{
if (ssl == NULL || (buf == NULL && bufSz > 0))
@ -3523,8 +3522,8 @@ WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const byte* buf,
}
WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
CallbackSessionTicket cb, void* ctx)
int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
CallbackSessionTicket cb, void* ctx)
{
if (ssl == NULL)
return BAD_FUNC_ARG;
@ -7573,9 +7572,9 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
return ret == 0 ? WOLFSSL_SUCCESS : ret;
}
WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *cm,
byte *response, int responseSz, buffer *responseBuffer,
CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest)
int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *cm,
byte *response, int responseSz, buffer *responseBuffer,
CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest)
{
int ret;
@ -11112,6 +11111,43 @@ long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode)
return WOLFSSL_SUCCESS;
}
#ifdef OPENSSL_EXTRA
/* Get the session cache mode for CTX
*
* ctx WOLFSSL_CTX struct to get cache mode from
*
* Returns a bit mask that has the session cache mode */
long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx)
{
long m = 0;
WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode");
if (ctx == NULL) {
return m;
}
if (ctx->sessionCacheOff != 1) {
m |= WOLFSSL_SESS_CACHE_SERVER;
}
if (ctx->sessionCacheFlushOff == 1) {
m |= WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR;
}
#ifdef HAVE_EXT_CACHE
if (ctx->internalCacheOff == 1) {
m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE;
}
if (ctx->internalCacheLookupOff == 1) {
m |= WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
}
#endif
return m;
}
#endif /* OPENSSL_EXTRA */
#endif /* NO_SESSION_CACHE */
@ -14279,7 +14315,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, byte* serverI
else
return NULL;
}
#endif
#endif /* !NO_CLIENT_CACHE */
/**
* For backwards compatibility, this API needs to be used in *ALL* functions
@ -17654,7 +17690,7 @@ static int GetMinProtoVersion(int minDowngrade)
return ret;
}
WOLFSSL_API int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX* ctx)
int wolfSSL_CTX_get_min_proto_version(WOLFSSL_CTX* ctx)
{
int ret = 0;
@ -23573,7 +23609,7 @@ const unsigned char *SSL_SESSION_get0_id_context(const WOLFSSL_SESSION *sess, un
/*** TBD ***/
#ifndef NO_WOLFSSL_STUB
WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st)
int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st)
{
(void)st;
WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero");
@ -23615,7 +23651,7 @@ long wolfSSL_get_tlsext_status_type(WOLFSSL *s)
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
#ifndef NO_WOLFSSL_STUB
WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg)
long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg)
{
(void)s;
(void)arg;
@ -23626,7 +23662,7 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg)
/*** TBD ***/
#ifndef NO_WOLFSSL_STUB
WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg)
long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg)
{
(void)s;
(void)arg;
@ -23637,7 +23673,7 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg)
/*** TBD ***/
#ifndef NO_WOLFSSL_STUB
WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg)
long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg)
{
(void)s;
(void)arg;
@ -23648,7 +23684,7 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg)
/*** TBD ***/
#ifndef NO_WOLFSSL_STUB
WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg)
long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg)
{
(void)s;
(void)arg;
@ -23659,7 +23695,8 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg)
/*** TBD ***/
#ifndef NO_WOLFSSL_STUB
WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
int wolfSSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid,
unsigned int sid_len)
{
(void)s;
(void)sid;
@ -23671,7 +23708,8 @@ WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid
#ifndef NO_WOLFSSL_STUB
/*** TBD ***/
WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
int wolfSSL_SESSION_set1_id_context(WOLFSSL_SESSION *s,
const unsigned char *sid_ctx, unsigned int sid_ctx_len)
{
(void)s;
(void)sid_ctx;
@ -23782,7 +23820,7 @@ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
#ifndef NO_WOLFSSL_STUB
/*** TBD ***/
WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl)
WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl)
{
(void)ssl;
WOLFSSL_STUB("SSL_get_privatekey");
@ -23801,8 +23839,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl)
*
* return the string length written on success, WOLFSSL_FAILURE on failure.
*/
WOLFSSL_API int wolfSSL_i2t_ASN1_OBJECT(char *buf, int buf_len,
WOLFSSL_ASN1_OBJECT *a)
int wolfSSL_i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a)
{
WOLFSSL_ENTER("wolfSSL_i2t_ASN1_OBJECT");
return wolfSSL_OBJ_obj2txt(buf, buf_len, a, 0);
@ -23931,8 +23968,7 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
#ifndef NO_BIO
/* Return number of bytes written to BIO on success. 0 on failure. */
WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp,
WOLFSSL_ASN1_OBJECT *a)
int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a)
{
int length = 0;
word32 idx = 0;
@ -24009,7 +24045,8 @@ int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp)
#ifndef NO_WOLFSSL_STUB
/*** TBD ***/
WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength))
void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx,
WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength))
{
(void)ctx;
(void)dh;
@ -24019,7 +24056,7 @@ WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh)
#ifndef NO_WOLFSSL_STUB
/*** TBD ***/
WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
WOLFSSL_STUB("SSL_COMP_get_compression_methods");
return NULL;
@ -24036,21 +24073,21 @@ int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p)
return (int)p->num;
}
WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i)
WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i)
{
WOLFSSL_ENTER("wolfSSL_sk_SSL_CIPHER_value");
return (WOLFSSL_CIPHER*)wolfSSL_sk_value(sk, i);
}
#if !defined(NETOS)
WOLFSSL_API void ERR_load_SSL_strings(void)
void ERR_load_SSL_strings(void)
{
}
#endif
#ifdef HAVE_OCSP
WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
{
if (s == NULL || resp == NULL)
return 0;
@ -24059,7 +24096,8 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *
return s->ocspRespSz;
}
WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len)
long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp,
int len)
{
if (s == NULL)
return WOLFSSL_FAILURE;
@ -24079,8 +24117,8 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *
* @param mode maximum fragment length mode
* @return 1 on success, otherwise 0 or negative error code
*/
WOLFSSL_API int wolfSSL_CTX_set_tlsext_max_fragment_length(WOLFSSL_CTX *c,
unsigned char mode)
int wolfSSL_CTX_set_tlsext_max_fragment_length(WOLFSSL_CTX *c,
unsigned char mode)
{
if (c == NULL || (mode < WOLFSSL_MFL_2_9 || mode > WOLFSSL_MFL_2_12 ))
return BAD_FUNC_ARG;
@ -24093,8 +24131,7 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_max_fragment_length(WOLFSSL_CTX *c,
* @param mode maximum fragment length mode
* @return 1 on success, otherwise 0 or negative error code
*/
WOLFSSL_API int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s,
unsigned char mode)
int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s, unsigned char mode)
{
if (s == NULL || (mode < WOLFSSL_MFL_2_9 || mode > WOLFSSL_MFL_2_12 ))
return BAD_FUNC_ARG;
@ -24107,7 +24144,7 @@ WOLFSSL_API int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s,
#endif /* OPENSSL_EXTRA */
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count)
size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count)
{
byte len = 0;
@ -24129,7 +24166,7 @@ WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t co
return len;
}
WOLFSSL_API size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count)
size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count)
{
byte len = 0;
WOLFSSL_ENTER("SSL_get_peer_finished");
@ -24400,44 +24437,7 @@ long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg)
return WOLFSSL_SUCCESS;
}
#endif /* NO_CERTS */
/* Get the session cache mode for CTX
*
* ctx WOLFSSL_CTX struct to get cache mode from
*
* Returns a bit mask that has the session cache mode */
WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx)
{
long m = 0;
WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode");
if (ctx == NULL) {
return m;
}
if (ctx->sessionCacheOff != 1) {
m |= SSL_SESS_CACHE_SERVER;
}
if (ctx->sessionCacheFlushOff == 1) {
m |= SSL_SESS_CACHE_NO_AUTO_CLEAR;
}
#ifdef HAVE_EXT_CACHE
if (ctx->internalCacheOff == 1) {
m |= SSL_SESS_CACHE_NO_INTERNAL_STORE;
}
if (ctx->internalCacheLookupOff == 1) {
m |= SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
}
#endif
return m;
}
#endif /* !NO_CERTS */
int wolfSSL_get_read_ahead(const WOLFSSL* ssl)
{
@ -25201,7 +25201,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
/*
* Convert time to Unix time (GMT).
*/
static long long TimeToUnixTime(int sec, int minute, int hour, int mday,
static long long TimeToUnixTime(int sec, int minute, int hour, int mday,
int mon, int year)
{
/* Number of cumulative days from the previous months, starting from
@ -25218,7 +25218,7 @@ static long long TimeToUnixTime(int sec, int minute, int hour, int mday,
1969 / 100 - 1969 / 400;
return ((((long long) (year - 1970) * 365 + leapDays +
monthDaysCumulative[mon] + mday - 1) * 24 + hour) * 60 + minute) *
monthDaysCumulative[mon] + mday - 1) * 24 + hour) * 60 + minute) *
60 + sec;
}
@ -35612,7 +35612,7 @@ int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
return 0;
}
WOLFSSL_API int wolfSSL_BN_mul(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b,
int wolfSSL_BN_mul(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b,
WOLFSSL_BN_CTX *ctx)
{
int ret = WOLFSSL_SUCCESS;
@ -35827,7 +35827,7 @@ int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM* bn)
return mp_isneg((mp_int*)bn->internal);
}
WOLFSSL_API void wolfSSL_BN_zero(WOLFSSL_BIGNUM* bn)
void wolfSSL_BN_zero(WOLFSSL_BIGNUM* bn)
{
if (bn == NULL || bn->internal == NULL) {
return;
@ -35836,7 +35836,7 @@ WOLFSSL_API void wolfSSL_BN_zero(WOLFSSL_BIGNUM* bn)
mp_zero((mp_int*)bn->internal);
}
WOLFSSL_API int wolfSSL_BN_one(WOLFSSL_BIGNUM* bn)
int wolfSSL_BN_one(WOLFSSL_BIGNUM* bn)
{
int ret = WOLFSSL_SUCCESS;
@ -36633,7 +36633,7 @@ int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
/* return code compliant with OpenSSL :
* 1 if success, 0 else
*/
WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
{
int ret;
@ -40554,7 +40554,7 @@ error:
* RETURNS:
* returns pointer to a PKCS7 structure on success, otherwise returns NULL
*/
WOLFSSL_API PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in,
WOLFSSL_BIO** bcont)
{
MimeHdr* allHdrs = NULL;

40
src/tls.c
View File

@ -10058,7 +10058,7 @@ int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 maxSz, int is_response)
extension->resp = is_response;
/* In QUIC, earlydata size is either 0 or 0xffffffff.
* Override any size between, possibly left from our intial value */
* Override any size between, possibly left from our initial value */
extension->val = (WOLFSSL_IS_QUIC(ssl) && is_response && maxSz > 0) ?
WOLFSSL_MAX_32BIT : maxSz;
@ -11407,7 +11407,7 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength)
#endif
}
#endif
#endif
#endif /* WOLFSSL_TLS13 */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (!SSL_CM(ssl)->ocspStaplingEnabled) {
@ -11480,8 +11480,9 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
#endif
#ifdef WOLFSSL_TLS13
if (!IsAtLeastTLSv1_2(ssl))
if (!IsAtLeastTLSv1_2(ssl)) {
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
}
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
if (!IsAtLeastTLSv1_3(ssl->version)) {
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
@ -11506,7 +11507,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset)
*/
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif
#endif
#endif /* WOLFSSL_TLS13 */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
/* mark already sent, so it won't send it */
@ -11591,33 +11592,34 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength)
#ifndef NO_WOLFSSL_SERVER
case server_hello:
PF_VALIDATE_RESPONSE(ssl, semaphore);
#ifdef WOLFSSL_TLS13
#ifdef WOLFSSL_TLS13
if (IsAtLeastTLSv1_3(ssl->version)) {
XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE);
TURN_OFF(semaphore,
TLSX_ToSemaphore(TLSX_SUPPORTED_VERSIONS));
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe)
#ifdef HAVE_SUPPORTED_CURVES
if (!ssl->options.noPskDheKe) {
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
}
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif
#ifdef WOLFSSL_DTLS_CID
#endif
#ifdef WOLFSSL_DTLS_CID
TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID));
#endif /* WOLFSSL_DTLS_CID */
#endif
}
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS)
else {
#ifdef HAVE_SUPPORTED_CURVES
#ifdef HAVE_SUPPORTED_CURVES
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE));
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
#endif
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY));
#endif
#endif
}
#endif
#endif
#endif
#endif /* WOLFSSL_TLS13 */
break;
#ifdef WOLFSSL_TLS13

55
tests/api.c
View File

@ -402,7 +402,7 @@ typedef struct testVector {
/* Test failed. */
#define TEST_FAIL (0)
/* Test skipped - not run. */
#define TEST_SKIPPED (-1)
#define TEST_SKIPPED (-7777)
/* Returns the result based on whether check is true.
*
@ -2897,8 +2897,11 @@ static int test_wolfSSL_CertRsaPss(void)
XFILE f;
const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der";
const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem";
#if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
RSA_MAX_SIZE >= 3072
const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der";
#endif
#if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem";
#endif
DecodedCert cert;
@ -3290,7 +3293,7 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
static int test_wolfSSL_CTX_der_load_verify_locations(void)
{
int res = TEST_SKIPPED;
#if defined(WOLFSSL_DER_LOAD) && \
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_DER_LOAD) && \
(!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
WOLFSSL_CTX* ctx = NULL;
const char* derCert = "./certs/server-cert.der";
@ -7326,9 +7329,11 @@ static void test_wolfSSL_CTX_add_session_ctx_ready(WOLFSSL_CTX* ctx)
/* Don't store sessions. Lookup is still enabled. */
AssertIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx,
WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS);
#ifdef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) &
WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE,
WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE);
#endif
/* Require both peers to provide certs */
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
}
@ -7391,9 +7396,11 @@ static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
AssertNotNull(peer);
wolfSSL_X509_free(peer);
AssertNotNull(wolfSSL_SESSION_get_peer_chain(*sess));
AssertNotNull(wolfSSL_SESSION_get0_peer(*sess));
#ifdef OPENSSL_EXTRA
AssertNotNull(SSL_SESSION_get0_peer(*sess));
#endif
}
#endif
#endif /* SESSION_CERTS */
}
static void test_wolfSSL_CTX_add_session_ssl_ready(WOLFSSL* ssl)
@ -9229,7 +9236,8 @@ static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
return res;
}
#if !defined(NO_WOLFSSL_SERVER) && (!defined(NO_RSA) || defined(HAVE_ECC))
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_SERVER) && \
(!defined(NO_RSA) || defined(HAVE_ECC))
/* Called when writing. */
static int DummySend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
{
@ -9269,7 +9277,8 @@ static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
static int test_tls_ext_duplicate(void)
{
int res = TEST_SKIPPED;
#if !defined(NO_WOLFSSL_SERVER) && (!defined(NO_RSA) || defined(HAVE_ECC))
#if !defined(NO_WOLFSSL_SERVER) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \
!defined(NO_FILESYSTEM)
const unsigned char clientHelloDupTlsExt[] = {
0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00,
0x66, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
@ -27326,7 +27335,7 @@ static int test_wc_Ed448PrivateKeyToDer(void)
static int test_wc_SetSubjectBuffer(void)
{
int res = TEST_SKIPPED;
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
Cert cert;
FILE* file;
byte* der;
@ -28291,7 +28300,7 @@ static int test_wc_PKCS7_EncodeSignedData_ex(void)
} /* END test_wc_PKCS7_EncodeSignedData_ex */
#if defined(HAVE_PKCS7)
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
/**
* Loads certs/keys from files or buffers into the argument buffers,
@ -28590,7 +28599,7 @@ static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
static int test_wc_PKCS7_VerifySignedData(void)
{
int res = TEST_SKIPPED;
#if defined(HAVE_PKCS7)
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
PKCS7* pkcs7;
byte output[6000]; /* Large size needed for bundles with int CA certs */
word32 outputSz = sizeof(output);
@ -29009,9 +29018,11 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
#endif /* USE_CERT_BUFFERS_256 */
#endif /* END HAVE_ECC */
#ifndef NO_FILESYSTEM
/* Silence. */
(void)keyFile;
(void)certFile;
#endif
{
const pkcs7EnvelopedVector testVectors[] = {
@ -31310,12 +31321,12 @@ static int test_wc_GetPubKeyDerFromCert(void)
byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */
word32 keyDerSz = (word32)sizeof(keyDer);
DecodedCert decoded;
#if !defined(NO_RSA) && defined(WOLFSSL_CERT_REQ)
#if !defined(NO_RSA) && defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM)
byte certBuf[6000]; /* for PEM and CSR, client-cert.pem is 5-6kB */
word32 certBufSz = sizeof(certBuf);
#endif
#if ((!defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)) || \
defined(WOLFSSL_CERT_REQ)) && !defined(NO_RSA)
defined(WOLFSSL_CERT_REQ)) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
XFILE fp;
#endif
#ifndef NO_RSA
@ -31390,7 +31401,7 @@ static int test_wc_GetPubKeyDerFromCert(void)
wc_FreeDecodedCert(&decoded);
/* Certificate Request Tests */
#ifdef WOLFSSL_CERT_REQ
#if defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM)
{
XMEMSET(certBuf, 0, sizeof(certBuf));
fp = XFOPEN("./certs/csr.signed.der", "rb");
@ -37597,9 +37608,10 @@ static int test_wolfSSL_X509_get_ext_count(void)
static int test_wolfSSL_X509_sign2(void)
{
int res = TEST_SKIPPED;
/* test requires WOLFSSL_AKID_NAME to match expected output */
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \
defined(WOLFSSL_CERT_EXT) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_AKID_NAME) && \
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
WOLFSSL_X509 *x509, *ca;
const unsigned char *der;
@ -55731,7 +55743,7 @@ static int test_ENGINE_cleanup(void)
static int test_wolfSSL_CTX_LoadCRL(void)
{
int res = TEST_SKIPPED;
#if defined(HAVE_CRL) && !defined(NO_RSA)
#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
const char* badPath = "dummypath";
@ -59088,7 +59100,10 @@ static int test_wolfSSL_DTLS_fragment_buckets(void)
}
#endif
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
#if !defined(NO_FILESYSTEM) && \
defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
static int test_wolfSSL_dtls_stateless2(void)
@ -60537,7 +60552,8 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_DtlsUpdateWindow),
TEST_DECL(test_wolfSSL_DTLS_fragment_buckets),
#endif
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
#if !defined(NO_FILESYSTEM) && \
defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
#ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME
TEST_DECL(test_wolfSSL_dtls_stateless_resume),
@ -60713,7 +60729,10 @@ void ApiTest(void)
printf(" %s\n", apitest_res_string(ret));
}
fflush(stdout);
AssertIntNE(ret, TEST_FAIL);
/* if return code is < 0 and not skipped then assert error */
Assert((ret > 0 || ret == TEST_SKIPPED),
("Test failed\n"),
("ret %d", ret));
TestCleanup();
}

17
wolfcrypt/src/asn.c
View File

@ -13195,7 +13195,8 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType,
cert->subjectEmail = (char*)&input[srcIdx];
cert->subjectEmailLen = strLen;
}
#if defined(WOLFSSL_HAVE_ISSUER_NAMES)
#if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT))
else if (nameType == ISSUER) {
cert->issuerEmail = (char*)&input[srcIdx];
cert->issuerEmailLen = strLen;
@ -15059,7 +15060,7 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
sigCtx->state = SIG_STATE_BEGIN;
}
#ifndef NO_ASN_CRYPT
#if !defined(NO_ASN_CRYPT) && !defined(NO_HASH_WRAPPER)
static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
byte* digest, int* typeH, int* digestSz, int verify)
{
@ -15226,7 +15227,7 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
return ret;
}
#endif /* !NO_ASN_CRYPT */
#endif /* !NO_ASN_CRYPT && !NO_HASH_WRAPPER */
/* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */
static int ConfirmSignature(SignatureCtx* sigCtx,
@ -15926,7 +15927,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
break;
}
#endif /* !NO_DSA && !HAVE_SELFTEST */
#if defined(HAVE_ECC)
#if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY)
case ECDSAk:
{
#if defined(HAVE_PK_CALLBACKS)
@ -22343,6 +22344,7 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----"
"-----END X509 CRL-----");
#ifdef WOLFSSL_PEM_TO_DER
static WC_INLINE const char* SkipEndOfLineChars(const char* line,
const char* endOfLine)
{
@ -22353,6 +22355,7 @@ static WC_INLINE const char* SkipEndOfLineChars(const char* line,
}
return line;
}
#endif
int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
{
@ -27735,7 +27738,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz,
}
#endif /* !NO_RSA */
#ifdef HAVE_ECC
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
if (!rsaKey && eccKey) {
word32 outSz = sigSz;
@ -27744,7 +27747,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz,
if (ret == 0)
ret = outSz;
}
#endif /* HAVE_ECC */
#endif /* HAVE_ECC && HAVE_ECC_SIGN */
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
if (!rsaKey && !eccKey && ed25519Key) {
@ -35166,9 +35169,7 @@ static int GetRevoked(RevokedCert* rcert, const byte* buff, word32* idx,
DecodedCRL* dcrl, int maxIdx)
{
#ifndef WOLFSSL_ASN_TEMPLATE
#ifndef NO_ASN_TIME
int ret;
#endif
int len;
word32 end;
RevokedCert* rc;

13
wolfcrypt/src/ecc.c
View File

@ -225,7 +225,8 @@ ECC Curve Sizes:
/* forward declarations */
static int wc_ecc_new_point_ex(ecc_point** point, void* heap);
static void wc_ecc_del_point_ex(ecc_point* p, void* heap);
#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
#if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT))
static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key);
#endif
@ -1257,7 +1258,7 @@ const size_t ecc_sets_count = ECC_SET_COUNT - 1;
#endif
#ifdef HAVE_COMP_KEY
#if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT)
static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen);
#endif
@ -14373,7 +14374,7 @@ int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret)
#endif /* !WOLFSSL_SP_MATH */
#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && !WOLFSSL_CRYPTOCELL */
#ifdef HAVE_ECC_KEY_EXPORT
/* export public ECC key in ANSI X9.63 format compressed */
static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen)
{
@ -14414,7 +14415,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen
return ret;
}
#endif /* HAVE_ECC_KEY_EXPORT */
#endif /* HAVE_COMP_KEY */
@ -14479,7 +14480,7 @@ int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp)
}
#endif /* WOLFSSL_CUSTOM_CURVES */
#ifdef HAVE_X963_KDF
#if defined(HAVE_X963_KDF) && !defined(NO_HASH_WRAPPER)
static WC_INLINE void IncrementX963KdfCounter(byte* inOutCtr)
{
@ -14581,7 +14582,7 @@ int wc_X963_KDF(enum wc_HashType type, const byte* secret, word32 secretSz,
return ret;
}
#endif /* HAVE_X963_KDF */
#endif /* HAVE_X963_KDF && !NO_HASH_WRAPPER */
#ifdef WOLFSSL_SE050
/* Use specified hardware key ID with ecc_key operations. Unlike devId,

4
wolfcrypt/src/kdf.c
View File

@ -54,7 +54,7 @@
#include <wolfssl/wolfcrypt/kdf.h>
#ifdef WOLFSSL_HAVE_PRF
#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC)
#ifdef WOLFSSL_SHA512
#define P_HASH_MAX_SIZE WC_SHA512_DIGEST_SIZE
@ -335,7 +335,7 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
return ret;
}
#endif /* WOLFSSL_HAVE_PRF */
#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC */
#if defined(HAVE_HKDF) && !defined(NO_HMAC)

7
wolfcrypt/src/misc.c
View File

@ -834,8 +834,8 @@ WC_STATIC WC_INLINE word32 MakeWordFromHash(const byte* hashID)
#endif /* HAVE_SESSION_TICKET || !NO_CERTS || !NO_SESSION_CACHE */
#if !defined(WOLFCRYPT_ONLY) && (!defined(NO_SESSION_CACHE) || \
defined(HAVE_SESSION_TICKET))
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_HASH_WRAPPER) && \
(!defined(NO_SESSION_CACHE) || defined(HAVE_SESSION_TICKET))
#include <wolfssl/wolfcrypt/hash.h>
@ -856,7 +856,8 @@ WC_STATIC WC_INLINE word32 HashObject(const byte* o, word32 len, int* error)
return *error == 0 ? MakeWordFromHash(digest) : 0; /* 0 on failure */
}
#endif /* WOLFCRYPT_ONLY && (!NO_SESSION_CACHE || HAVE_SESSION_TICKET) */
#endif /* WOLFCRYPT_ONLY && !NO_HASH_WRAPPER &&
* (!NO_SESSION_CACHE || HAVE_SESSION_TICKET) */
#undef WC_STATIC

4
wolfcrypt/src/rsa.c
View File

@ -1611,7 +1611,7 @@ int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
/* UnPadding */
#ifndef WC_NO_RSA_OAEP
#if !defined(WC_NO_RSA_OAEP) && !defined(NO_HASH_WRAPPER)
/* UnPad plaintext, set start to *output, return length of plaintext,
* < 0 on error */
static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
@ -1724,7 +1724,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
*output = (byte*)(pkcsBlock + idx);
return pkcsBlockLen - idx;
}
#endif /* WC_NO_RSA_OAEP */
#endif /* !WC_NO_RSA_OAEP */
#ifdef WC_RSA_PSS
/* 0x00 .. 0x00 0x01 | Salt | Gen Hash | 0xbc

21
wolfcrypt/test/test.c
View File

@ -13149,7 +13149,7 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void)
static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
#endif
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ASN_CRYPT)
static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
@ -22624,6 +22624,7 @@ static int ecc_test_vector_item(const eccVector* vector)
}
#endif
#ifdef HAVE_ECC_VERIFY
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
@ -22638,6 +22639,7 @@ static int ecc_test_vector_item(const eccVector* vector)
if (verify != 1)
ret = -9812;
#endif
done:
@ -23349,7 +23351,7 @@ done:
}
#endif
#ifdef HAVE_ECC_CDH
#if defined(HAVE_ECC_CDH) && defined(HAVE_ECC_DHE)
static int ecc_test_cdh_vectors(WC_RNG* rng)
{
int ret;
@ -23449,7 +23451,7 @@ done:
return ret;
}
#endif /* HAVE_ECC_CDH */
#endif /* HAVE_ECC_CDH && HAVE_ECC_DHE */
#endif /* HAVE_ECC_VECTOR_TEST */
#ifdef HAVE_ECC_KEY_IMPORT
@ -23933,20 +23935,17 @@ done:
static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
int curve_id, const ecc_set_type* dp)
{
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
word32 y;
#endif
#ifdef HAVE_ECC_KEY_EXPORT
#define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
#endif
word32 x = 0;
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
word32 y;
#endif
#if defined(HAVE_ECC_SIGN) && !defined(WOLFSSL_KCAPI_ECC)
WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
@ -24108,7 +24107,6 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
if (XMEMCMP(sharedA, sharedB, x))
ERROR_OUT(-9920, done);
TEST_SLEEP();
#endif /* HAVE_ECC_DHE */
#ifdef HAVE_ECC_CDH
/* add cofactor flag */
@ -24149,6 +24147,7 @@ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
wc_ecc_set_flags(userA, 0);
wc_ecc_set_flags(userB, 0);
#endif /* HAVE_ECC_CDH */
#endif /* HAVE_ECC_DHE */
#endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
#ifdef HAVE_ECC_KEY_EXPORT
@ -26273,7 +26272,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
goto done;
}
#endif
#ifdef HAVE_ECC_CDH
#if defined(HAVE_ECC_CDH) && defined(HAVE_ECC_DHE)
ret = ecc_test_cdh_vectors(&rng);
if (ret != 0) {
printf("ecc_test_cdh_vectors failed! %d\n", ret);
@ -44262,6 +44261,6 @@ WOLFSSL_TEST_SUBROUTINE int aes_siv_test(void)
#else
#ifndef NO_MAIN_DRIVER
int main() { return 0; }
int main(void) { return 0; }
#endif
#endif /* NO_CRYPT_TEST */

2
wolfssl/internal.h
View File

@ -3651,7 +3651,7 @@ typedef struct Ciphers {
#ifdef HAVE_CHACHA
ChaCha* chacha;
#endif
#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) && !defined(NO_HMAC)
Hmac* hmac;
#endif
#ifdef WOLFSSL_CIPHER_TEXT_CHECK

2
wolfssl/openssl/pem.h
View File

@ -218,6 +218,8 @@ WOLFSSL_API
int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
#endif /* NO_FILESYSTEM */
#define PEM_BUFSIZE WOLF_PEM_BUFSIZE
#define PEM_read wolfSSL_PEM_read
#define PEM_read_bio wolfSSL_PEM_read_bio
#define PEM_write wolfSSL_PEM_write

3
wolfssl/openssl/ssl.h
View File

@ -362,6 +362,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_SESSION_set_cipher wolfSSL_SESSION_set_cipher
#define SSL_is_init_finished wolfSSL_is_init_finished
#define SSL_SESSION_set1_id wolfSSL_SESSION_set1_id
#define SSL_SESSION_set1_id_context wolfSSL_SESSION_set1_id_context
#define SSL_get_version wolfSSL_get_version
#define SSL_get_current_cipher wolfSSL_get_current_cipher

6
wolfssl/ssl.h
View File

@ -2516,8 +2516,6 @@ WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA
#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE
#define PEM_BUFSIZE WOLF_PEM_BUFSIZE
#endif
enum { /* ssl Constants */
@ -5009,8 +5007,8 @@ WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
WOLFSSL_API int wolfSSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
WOLFSSL_API int wolfSSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
WOLFSSL_API WOLFSSL_X509_ALGOR* wolfSSL_X509_ALGOR_new(void);
WOLFSSL_API void wolfSSL_X509_ALGOR_free(WOLFSSL_X509_ALGOR *alg);
WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);

14
wolfssl/test.h
View File

@ -3681,7 +3681,7 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
#endif /* HAVE_ECC */
#ifdef HAVE_HKDF
#if defined(HAVE_HKDF) && !defined(NO_HMAC)
static WC_INLINE int myHkdfExtract(byte* prk, const byte* salt, word32 saltLen,
byte* ikm, word32 ikmLen, int digest, void* ctx)
{
@ -3722,7 +3722,7 @@ static WC_INLINE int myHkdfExtract(byte* prk, const byte* salt, word32 saltLen,
ikmLen);
return ret;
}
#endif /* HAVE_HKDF */
#endif /* HAVE_HKDF && !NO_HMAC */
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
#ifdef HAVE_ED25519_SIGN
@ -4590,9 +4590,9 @@ static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx)
wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret);
#endif /* HAVE_ECC */
#ifdef HAVE_HKDF
#if defined(HAVE_HKDF) && !defined(NO_HMAC)
wolfSSL_CTX_SetHKDFExtractCb(ctx, myHkdfExtract);
#endif /* HAVE_HKDF */
#endif /* HAVE_HKDF && !NO_HMAC */
#ifndef NO_DH
wolfSSL_CTX_SetDhAgreeCb(ctx, myDhCallback);
#endif
@ -5131,12 +5131,14 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName);
#define DTLS_CID_BUFFER_SIZE 256
#if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \
#if !defined(NO_FILESYSTEM) && ( \
defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \
&& defined(WOLFSSL_TLS13) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\
|| \
(defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER))
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)))
#define TEST_MEMIO_BUF_SZ (64 * 1024)
struct test_memio_ctx
{