From 685bfd1f9d7618b4076fa83b46424f3cebf5d486 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 19 Apr 2024 01:20:08 -0500 Subject: [PATCH 01/21] add wolfSSL_get0_peername() and SSL_set_mtu(). --- src/ssl.c | 20 ++++++++++++++++++++ wolfssl/openssl/ssl.h | 6 ++++++ wolfssl/ssl.h | 4 ++++ 3 files changed, 30 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 9ba891d629..67af8d9d84 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10315,6 +10315,26 @@ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn) } } +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +const char *wolfSSL_get0_peername(WOLFSSL *ssl) { + if (ssl == NULL) { + ssl->error = BAD_FUNC_ARG; + return NULL; + } + + if (ssl->buffers.domainName.buffer) + return (const char *)ssl->buffers.domainName.buffer; + else if (ssl->session && ssl->session->peer) + return ssl->session->peer->subjectCN; + else if (ssl->peerCert.subjectCN[0]) + return ssl->peerCert.subjectCN; + else { + ssl->error = NO_PEER_CERT; + return NULL; + } +} + +#endif /* SESSION_CERTS && OPENSSL_EXTRA */ /* turn on wolfSSL zlib compression returns WOLFSSL_SUCCESS for success, else error (not built in) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 0fbf621b7d..c75084ec56 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1150,6 +1150,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration +#define SSL_set_mtu(ssl, mtu) ((wolfSSL_dtls_set_mtu(ssl, mtu) == 0) ? SSL_SUCCESS : SSL_FAILURE) + /* DTLS SRTP */ #ifdef WOLFSSL_SRTP typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; @@ -1201,6 +1203,10 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free #define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +#define SSL_get0_peername wolfSSL_get0_peername +#endif + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX) #include diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 50d59a7f52..6c3606ff69 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2871,6 +2871,10 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, date check and signature check */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl); +#endif + /* need to call once to load library (session cache) */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void); /* call when done to cleanup/free session cache mutex / resources */ From 198f4030e80b60026aad66fc471c7eb0a269686d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 19 Apr 2024 15:30:15 -0500 Subject: [PATCH 02/21] add stub implementations of wolfSSL_COMP_get_name(), wolfSSL_get_current_compression(), and wolfSSL_get_current_expansion(), and add compat layer shim macros for them. --- src/ssl.c | 23 ++++++++++++++++++----- wolfssl/openssl/ssl.h | 3 +++ wolfssl/ssl.h | 5 +++++ 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 67af8d9d84..36142b014b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14935,17 +14935,13 @@ WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void) WOLFSSL_STUB("COMP_zlib"); return 0; } -#endif -#ifndef NO_WOLFSSL_STUB WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void) { WOLFSSL_STUB("COMP_rle"); return 0; } -#endif -#ifndef NO_WOLFSSL_STUB int wolfSSL_COMP_add_compression_method(int method, void* data) { (void)method; @@ -14953,7 +14949,24 @@ int wolfSSL_COMP_add_compression_method(int method, void* data) WOLFSSL_STUB("COMP_add_compression_method"); return 0; } -#endif + +const char *wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp) +{ + (void)comp; + return NULL; +} + +const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl) { + (void)ssl; + return NULL; +} + +const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl) { + (void)ssl; + return NULL; +} + +#endif /* NO_WOLFSSL_STUB */ #ifndef NO_WOLFSSL_STUB const char* wolfSSL_COMP_get_name(const void* comp) diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index c75084ec56..b17490f8e8 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -835,6 +835,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define COMP_zlib wolfSSL_COMP_zlib #define COMP_rle wolfSSL_COMP_rle #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method +#define COMP_get_name wolfSSL_COMP_get_name +#define SSL_get_current_compression wolfSSL_get_current_compression +#define SSL_get_current_expansion wolfSSL_get_current_expansion #define SSL_get_current_compression(ssl) 0 #define SSL_get_current_expansion(ssl) 0 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 6c3606ff69..809eb08790 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1868,9 +1868,14 @@ WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void* add, int len, double entropy); WOLFSSL_API int wolfSSL_RAND_poll(void); +#ifndef NO_WOLFSSL_STUB WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); WOLFSSL_API int wolfSSL_COMP_add_compression_method(int method, void* data); +WOLFSSL_API const char *wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp); +WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl); +WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl); +#endif /* !NO_WOLFSSL_STUB */ WOLFSSL_API unsigned long wolfSSL_thread_id(void); WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void)); From 41efa0492ccfa2f2fc296213cc1ce0968bb78121 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 20 Apr 2024 00:45:12 -0500 Subject: [PATCH 03/21] add ASN_ prefixes to ISSUER, SUBJECT, BEFORE, and AFTER enum constants defined in wolfssl/wolfcrypt/asn.h. --- src/crl.c | 2 +- src/internal.c | 10 +-- src/ocsp.c | 4 +- src/tls.c | 4 +- src/x509.c | 2 +- src/x509_str.c | 4 +- wolfcrypt/src/asn.c | 156 ++++++++++++++++++++-------------------- wolfssl/openssl/ssl.h | 2 +- wolfssl/wolfcrypt/asn.h | 8 +-- 9 files changed, 96 insertions(+), 96 deletions(-) diff --git a/src/crl.c b/src/crl.c index 706c1f6489..ca15aa5247 100644 --- a/src/crl.c +++ b/src/crl.c @@ -426,7 +426,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, #endif { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) - if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) { + if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL next date is no longer valid"); nextDateValid = 0; } diff --git a/src/internal.c b/src/internal.c index 7a2690ed84..d6cce09d59 100644 --- a/src/internal.c +++ b/src/internal.c @@ -12636,7 +12636,7 @@ void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType) name->dynamicName = 0; } - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX); name->name[ASN_NAME_MAX - 1] = '\0'; name->sz = (int)XSTRLEN(name->name) + 1; @@ -12821,7 +12821,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->version = dCert->version + 1; - CopyDecodedName(&x509->issuer, dCert, ISSUER); + CopyDecodedName(&x509->issuer, dCert, ASN_ISSUER); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (dCert->issuerName != NULL) { wolfSSL_X509_set_issuer_name(x509, @@ -12829,7 +12829,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->issuer.x509 = x509; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - CopyDecodedName(&x509->subject, dCert, SUBJECT); + CopyDecodedName(&x509->subject, dCert, ASN_SUBJECT); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (dCert->subjectName != NULL) { wolfSSL_X509_set_subject_name(x509, @@ -30286,7 +30286,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, InitDecodedCert(cert, input + *inOutIdx, dnSz, ssl->heap); - ret = GetName(cert, SUBJECT, dnSz); + ret = GetName(cert, ASN_SUBJECT, dnSz); if (ret == 0) { if ((name = wolfSSL_X509_NAME_new_ex(cert->heap)) == NULL) @@ -30294,7 +30294,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } if (ret == 0) { - CopyDecodedName(name, cert, SUBJECT); + CopyDecodedName(name, cert, ASN_SUBJECT); } if (ret == 0) { diff --git a/src/ocsp.c b/src/ocsp.c index 4760c50989..6e46ff30ff 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -251,10 +251,10 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, else if (*status) { #ifndef NO_ASN_TIME if (XVALIDATE_DATE((*status)->thisDate, - (*status)->thisDateFormat, BEFORE) + (*status)->thisDateFormat, ASN_BEFORE) && ((*status)->nextDate[0] != 0) && XVALIDATE_DATE((*status)->nextDate, - (*status)->nextDateFormat, AFTER)) + (*status)->nextDateFormat, ASN_AFTER)) #endif { ret = xstat2err((*status)->status); diff --git a/src/tls.c b/src/tls.c index 65292169e0..44f1702b45 100644 --- a/src/tls.c +++ b/src/tls.c @@ -6907,14 +6907,14 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input, InitDecodedCert(cert, input + idx, extLen, ssl->heap); didInit = TRUE; idx += extLen; - ret = GetName(cert, SUBJECT, extLen); + ret = GetName(cert, ASN_SUBJECT, extLen); } if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL) ret = MEMORY_ERROR; if (ret == 0) { - CopyDecodedName(name, cert, SUBJECT); + CopyDecodedName(name, cert, ASN_SUBJECT); if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) == WOLFSSL_FAILURE) ret = MEMORY_ERROR; diff --git a/src/x509.c b/src/x509.c index 72a4f37ece..40579fb316 100644 --- a/src/x509.c +++ b/src/x509.c @@ -11113,7 +11113,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) InitDecodedCert(cert, *in, (word32)length, NULL); /* Parse the X509 subject name */ - if (GetName(cert, SUBJECT, (int)length) != 0) { + if (GetName(cert, ASN_SUBJECT, (int)length) != 0) { WOLFSSL_MSG("WOLFSSL_X509_NAME parse error"); goto cleanup; } diff --git a/src/x509_str.c b/src/x509_str.c index f5c5c2ae1d..167e03f9de 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -281,11 +281,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) byte *beforeDate = ctx->current_cert->notBefore.data; if (XVALIDATE_DATE(afterDate, - (byte)ctx->current_cert->notAfter.type, AFTER) < 1) { + (byte)ctx->current_cert->notAfter.type, ASN_AFTER) < 1) { ret = ASN_AFTER_DATE_E; } else if (XVALIDATE_DATE(beforeDate, - (byte)ctx->current_cert->notBefore.type, BEFORE) < 1) { + (byte)ctx->current_cert->notBefore.type, ASN_BEFORE) < 1) { ret = ASN_BEFORE_DATE_E; } SetupStoreCtxError(ctx, ret); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1ee055fc9c..624ffc9cc6 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13830,13 +13830,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) /* store pointer to raw issuer */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { cert->issuerRaw = &input[srcIdx]; cert->issuerRawLen = length; } #endif #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectRaw = &input[srcIdx]; cert->subjectRawLen = length; } @@ -13917,14 +13917,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #endif if (id == ASN_COMMON_NAME) { - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectCN = (char *)&input[srcIdx]; cert->subjectCNLen = strLen; cert->subjectCNEnc = (char)b; } #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerCN = (char*)&input[srcIdx]; cert->issuerCNLen = strLen; cert->issuerCNEnc = (char)b; @@ -13943,7 +13943,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_NAME; copyLen = sizeof(WOLFSSL_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectN = (char*)&input[srcIdx]; cert->subjectNLen = strLen; cert->subjectNEnc = b; @@ -13959,7 +13959,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_INITIALS; copyLen = sizeof(WOLFSSL_INITIALS) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectI = (char*)&input[srcIdx]; cert->subjectILen = strLen; cert->subjectIEnc = b; @@ -13975,7 +13975,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_GIVEN_NAME; copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectGN = (char*)&input[srcIdx]; cert->subjectGNLen = strLen; cert->subjectGNEnc = b; @@ -13991,7 +13991,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_DNQUALIFIER; copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectDNQ = (char*)&input[srcIdx]; cert->subjectDNQLen = strLen; cert->subjectDNQEnc = b; @@ -14008,13 +14008,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_SUR_NAME; copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectSN = (char*)&input[srcIdx]; cert->subjectSNLen = strLen; cert->subjectSNEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerSN = (char*)&input[srcIdx]; cert->issuerSNLen = strLen; cert->issuerSNEnc = (char)b; @@ -14031,13 +14031,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_COUNTRY_NAME; copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectC = (char*)&input[srcIdx]; cert->subjectCLen = strLen; cert->subjectCEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerC = (char*)&input[srcIdx]; cert->issuerCLen = strLen; cert->issuerCEnc = (char)b; @@ -14054,13 +14054,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_LOCALITY_NAME; copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectL = (char*)&input[srcIdx]; cert->subjectLLen = strLen; cert->subjectLEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerL = (char*)&input[srcIdx]; cert->issuerLLen = strLen; cert->issuerLEnc = (char)b; @@ -14077,13 +14077,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_STATE_NAME; copyLen = sizeof(WOLFSSL_STATE_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectST = (char*)&input[srcIdx]; cert->subjectSTLen = strLen; cert->subjectSTEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerST = (char*)&input[srcIdx]; cert->issuerSTLen = strLen; cert->issuerSTEnc = (char)b; @@ -14100,13 +14100,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_ORG_NAME; copyLen = sizeof(WOLFSSL_ORG_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectO = (char*)&input[srcIdx]; cert->subjectOLen = strLen; cert->subjectOEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerO = (char*)&input[srcIdx]; cert->issuerOLen = strLen; cert->issuerOEnc = (char)b; @@ -14123,13 +14123,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_ORGUNIT_NAME; copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectOU = (char*)&input[srcIdx]; cert->subjectOULen = strLen; cert->subjectOUEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerOU = (char*)&input[srcIdx]; cert->issuerOULen = strLen; cert->issuerOUEnc = (char)b; @@ -14146,13 +14146,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_SERIAL_NUMBER; copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectSND = (char*)&input[srcIdx]; cert->subjectSNDLen = strLen; cert->subjectSNDEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerSND = (char*)&input[srcIdx]; cert->issuerSNDLen = strLen; cert->issuerSNDEnc = (char)b; @@ -14169,7 +14169,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_USER_ID; copyLen = sizeof(WOLFSSL_USER_ID) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectUID = (char*)&input[srcIdx]; cert->subjectUIDLen = strLen; cert->subjectUIDEnc = (char)b; @@ -14186,7 +14186,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_STREET_ADDR_NAME; copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectStreet = (char*)&input[srcIdx]; cert->subjectStreetLen = strLen; cert->subjectStreetEnc = (char)b; @@ -14202,7 +14202,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_BUS_CAT; copyLen = sizeof(WOLFSSL_BUS_CAT) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectBC = (char*)&input[srcIdx]; cert->subjectBCLen = strLen; cert->subjectBCEnc = (char)b; @@ -14217,7 +14217,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_POSTAL_NAME; copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectPC = (char*)&input[srcIdx]; cert->subjectPCLen = strLen; cert->subjectPCEnc = (char)b; @@ -14256,7 +14256,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_JOI_C; copyLen = sizeof(WOLFSSL_JOI_C) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectJC = (char*)&input[srcIdx]; cert->subjectJCLen = strLen; cert->subjectJCEnc = (char)b; @@ -14274,7 +14274,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_JOI_ST; copyLen = sizeof(WOLFSSL_JOI_ST) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectJS = (char*)&input[srcIdx]; cert->subjectJSLen = strLen; cert->subjectJSEnc = (char)b; @@ -14338,13 +14338,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if !defined(IGNORE_NAME_CONSTRAINTS) || \ defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectEmail = (char*)&input[srcIdx]; cert->subjectEmailLen = strLen; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerEmail = (char*)&input[srcIdx]; cert->issuerEmailLen = strLen; } @@ -14446,7 +14446,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(WOLFCRYPT_ONLY) - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX); @@ -14505,14 +14505,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (ret == 0) { #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) /* Store pointer and length to raw issuer. */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { cert->issuerRaw = &input[srcIdx]; cert->issuerRawLen = len; } #endif #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) /* Store pointer and length to raw subject. */ - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectRaw = &input[srcIdx]; cert->subjectRawLen = len; } @@ -14531,7 +14531,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, &srcIdx, maxIdx); if (ret == 0) { /* Put RDN data into certificate. */ - ret = GetRDN(cert, full, &idx, &nid, nameType == SUBJECT, + ret = GetRDN(cert, full, &idx, &nid, nameType == ASN_SUBJECT, dataASN); } #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -14589,7 +14589,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #ifdef WOLFSSL_X509_NAME_AVAILABLE /* Store X509_NAME in certificate. */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY)) && \ (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) @@ -14639,7 +14639,7 @@ enum { * Either the issuer or subject name. * * @param [in, out] cert Decoded certificate object. - * @param [in] nameType Type of name being decoded: ISSUER or SUBJECT. + * @param [in] nameType Type being decoded: ASN_ISSUER or ASN_SUBJECT. * @param [in] maxIdx Index of next item after certificate name. * @return 0 on success. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -14660,7 +14660,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) WOLFSSL_MSG("Getting Name"); - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { full = cert->issuer; hash = cert->issuerHash; } @@ -14718,7 +14718,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset; /* Get fields to fill in based on name type. */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { full = cert->issuer; hash = cert->issuerHash; } @@ -15092,7 +15092,7 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b) /* Make sure before and after dates are valid */ /* date = ASN.1 raw */ /* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */ -/* dateType = AFTER or BEFORE */ +/* dateType = ASN_AFTER or ASN_BEFORE */ int wc_ValidateDate(const byte* date, byte format, int dateType) { time_t ltime; @@ -15122,14 +15122,14 @@ int wc_ValidateDate(const byte* date, byte format, int dateType) #endif #ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { WOLFSSL_MSG("Skewing local time for before date check"); ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW; } #endif #ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW - if (dateType == AFTER) { + if (dateType == ASN_AFTER) { WOLFSSL_MSG("Skewing local time for after date check"); ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW; } @@ -15163,13 +15163,13 @@ int wc_ValidateDate(const byte* date, byte format, int dateType) return 0; } - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { if (DateLessThan(localTime, &certTime)) { WOLFSSL_MSG("Date BEFORE check failed"); return 0; } } - else { /* dateType == AFTER */ + else { /* dateType == ASN_AFTER */ if (DateGreaterThan(localTime, &certTime)) { WOLFSSL_MSG("Date AFTER check failed"); return 0; @@ -15335,7 +15335,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) byte format; word32 startIdx = 0; - if (dateType == BEFORE) + if (dateType == ASN_BEFORE) cert->beforeDate = &cert->source[cert->srcIdx]; else cert->afterDate = &cert->source[cert->srcIdx]; @@ -15349,7 +15349,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) XMEMSET(date, 0, MAX_DATE_SIZE); XMEMCPY(date, datePtr, (size_t)length); - if (dateType == BEFORE) + if (dateType == ASN_BEFORE) cert->beforeDateLen = (int)(cert->srcIdx - startIdx); else cert->afterDateLen = (int)(cert->srcIdx - startIdx); @@ -15357,7 +15357,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) #ifndef NO_ASN_TIME_CHECK if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE && !XVALIDATE_DATE(date, format, dateType)) { - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E); return ASN_BEFORE_DATE_E; } @@ -15383,10 +15383,10 @@ static int GetValidity(DecodedCert* cert, int verify, int maxIdx) maxIdx = (int)cert->srcIdx + length; - if (GetDate(cert, BEFORE, verify, maxIdx) < 0) + if (GetDate(cert, ASN_BEFORE, verify, maxIdx) < 0) badDate = ASN_BEFORE_DATE_E; /* continue parsing */ - if (GetDate(cert, AFTER, verify, maxIdx) < 0) + if (GetDate(cert, ASN_AFTER, verify, maxIdx) < 0) return ASN_AFTER_DATE_E; if (badDate != 0) @@ -15586,7 +15586,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) WOLFSSL_MSG("Got Algo ID"); - if ( (ret = GetName(cert, ISSUER, (int)cert->sigIndex)) < 0) + if ( (ret = GetName(cert, ASN_ISSUER, (int)cert->sigIndex)) < 0) return ret; if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0) @@ -15595,7 +15595,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) } #endif - if ( (ret = GetName(cert, SUBJECT, (int)cert->sigIndex)) < 0) + if ( (ret = GetName(cert, ASN_SUBJECT, (int)cert->sigIndex)) < 0) return ret; WOLFSSL_MSG("Got Subject Name"); @@ -15622,8 +15622,8 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) * @return 0 on success. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -21725,12 +21725,12 @@ enum { /* Check the data data. * * @param [in] dataASN ASN template dynamic data item. - * @param [in] dataType BEFORE or AFTER date. + * @param [in] dataType ASN_BEFORE or ASN_AFTER date. * @return 0 on success. * @return ASN_TIME_E when BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. */ static int CheckDate(ASNGetData *dataASN, int dateType) { @@ -21748,10 +21748,10 @@ static int CheckDate(ASNGetData *dataASN, int dateType) } #ifndef NO_ASN_TIME_CHECK - /* Check date is a valid string and BEFORE or AFTER now. */ + /* Check date is a valid string and ASN_BEFORE or ASN_AFTER now. */ if ((ret == 0) && (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType))) { - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { ret = ASN_BEFORE_DATE_E; } else { @@ -21776,8 +21776,8 @@ static int CheckDate(ASNGetData *dataASN, int dateType) * @return ASN_CRIT_EXT_E when a critical extension was not recognized. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -21898,27 +21898,27 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, /* No bad date error - don't always care. */ badDate = 0; - /* Find the item with the BEFORE date and check it. */ + /* Find the item with the ASN_BEFORE date and check it. */ i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0) ? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC : X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT; - if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) && + if ((CheckDate(&dataASN[i], ASN_BEFORE) < 0) && (verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { badDate = ASN_BEFORE_DATE_E; } - /* Store reference to BEFOREdate. */ + /* Store reference to ASN_BEFORE date. */ cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source); cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); - /* Find the item with the AFTER date and check it. */ + /* Find the item with the ASN_AFTER date and check it. */ i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0) ? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC : X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT; - if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) && + if ((CheckDate(&dataASN[i], ASN_AFTER) < 0) && (verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { badDate = ASN_AFTER_DATE_E; } - /* Store reference to AFTER date. */ + /* Store reference to ASN_AFTER date. */ cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source); cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); @@ -22049,13 +22049,13 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, if ((ret == 0) && (issuer != NULL)) { idx = 0; /* Put issuer into cert and calculate hash. */ - ret = GetCertName(cert, cert->issuer, cert->issuerHash, ISSUER, issuer, + ret = GetCertName(cert, cert->issuer, cert->issuerHash, ASN_ISSUER, issuer, &idx, issuerSz); } if ((ret == 0) && (subject != NULL)) { idx = 0; /* Put subject into cert and calculate hash. */ - ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT, + ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT, subject, &idx, subjectSz); } if (ret == 0) { @@ -22117,8 +22117,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, * @return ASN_CRIT_EXT_E when a critical extension was not recognized. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -22463,7 +22463,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt) /* Parse the subject name. */ idx = dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ].offset; - ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT, + ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT, cert->source, &idx, dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset); } @@ -35811,7 +35811,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE)) + if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE)) return ASN_BEFORE_DATE_E; #endif #endif @@ -35847,7 +35847,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER)) + if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, ASN_AFTER)) return ASN_AFTER_DATE_E; #endif #endif @@ -35955,8 +35955,8 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, /* Store the thisDate format - only one possible. */ cs->thisDateFormat = ASN_GENERALIZED_TIME; #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) - /* Check date is a valid string and BEFORE now. */ - if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, BEFORE)) { + /* Check date is a valid string and ASN_BEFORE now. */ + if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) { ret = ASN_BEFORE_DATE_E; } } @@ -35978,8 +35978,8 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, /* Store the nextDate format - only one possible. */ cs->nextDateFormat = ASN_GENERALIZED_TIME; #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) - /* Check date is a valid string and AFTER now. */ - if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, AFTER)) { + /* Check date is a valid string and ASN_AFTER now. */ + if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) { ret = ASN_AFTER_DATE_E; } } @@ -38011,7 +38011,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) if (verify != NO_VERIFY && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); return CRL_CERT_DATE_ERR; @@ -38627,7 +38627,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, if (dcrl->nextDateFormat != 0) { /* Next date was set, so validate it. */ if (verify != NO_VERIFY && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); ret = CRL_CERT_DATE_ERR; WOLFSSL_ERROR_VERBOSE(ret); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index b17490f8e8..7303bd5c87 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -835,7 +835,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define COMP_zlib wolfSSL_COMP_zlib #define COMP_rle wolfSSL_COMP_rle #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method -#define COMP_get_name wolfSSL_COMP_get_name +#define SSL_COMP_get_name wolfSSL_COMP_get_name #define SSL_get_current_compression wolfSSL_get_current_compression #define SSL_get_current_expansion wolfSSL_get_current_expansion diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 503c985790..e06e29ac7e 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -76,11 +76,11 @@ that can be serialized and deserialized in a cross-platform way. #endif enum { - ISSUER = 0, - SUBJECT = 1, + ASN_ISSUER = 0, + ASN_SUBJECT = 1, - BEFORE = 0, - AFTER = 1 + ASN_BEFORE = 0, + ASN_AFTER = 1 }; /* ASN Tags */ From 1e7810153fcd596b0c49e37997af2a5f826f6b07 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 2 May 2024 18:06:52 -0500 Subject: [PATCH 04/21] add wolfSSL_set_rbio, wolfSSL_set_wbio, wolfSSL_BIO_number_read, wolfSSL_BIO_number_written, and compat layer shim macros SSL_set0_rbio, SSL_set0_wbio, BIO_number_read, BIO_number_written, BIO_reset. --- src/bio.c | 31 ++++++++++++++++ src/ssl.c | 85 +++++++++++++++++++++++++++++++++++++++++++ wolfssl/openssl/ssl.h | 6 ++- wolfssl/ssl.h | 18 +++++++++ 4 files changed, 139 insertions(+), 1 deletion(-) diff --git a/src/bio.c b/src/bio.c index 340cbfdac9..318fca66cf 100644 --- a/src/bio.c +++ b/src/bio.c @@ -145,6 +145,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, sz); bio->rdIdx += sz; + bio->bytes_read += (word32)sz; if (bio->rdIdx >= bio->wrSz) { if (bio->flags & BIO_FLAGS_MEM_RDONLY) { @@ -580,6 +581,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, bio->num = (int)bio->mem_buf->max; bio->wrSz += len; bio->wrIdx += len; + bio->bytes_written += (word32)len; return len; } @@ -1387,6 +1389,7 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) sz = num; } bio->pair->rdIdx += sz; + bio->pair->bytes_read += (word32)sz; /* check if have read to the end of the buffer and need to reset */ if (bio->pair->rdIdx == bio->pair->wrSz) { @@ -1465,6 +1468,7 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) } *buf = (char*)bio->ptr + bio->wrIdx; bio->wrIdx += sz; + bio->bytes_written += (word32)sz; /* if at the end of the buffer and space for wrap around then set * write index back to 0 */ @@ -1476,6 +1480,33 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) return sz; } +#ifdef WORD64_AVAILABLE +word64 +#else +word32 +#endif +wolfSSL_BIO_number_read(WOLFSSL_BIO *bio) +{ + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + return bio->bytes_read; +} + +#ifdef WORD64_AVAILABLE +word64 +#else +word32 +#endif +wolfSSL_BIO_number_written(WOLFSSL_BIO *bio) +{ + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + return bio->bytes_written; +} /* Reset BIO to initial state */ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) diff --git a/src/ssl.c b/src/ssl.c index 36142b014b..35dbdd86a7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10950,6 +10950,83 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA #ifndef NO_BIO + static void wolfSSL_set_bio_1(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr, int flags) + { + WOLFSSL_ENTER("wolfSSL_set_bio"); + + if (ssl == NULL) { + WOLFSSL_MSG("Bad argument, ssl was NULL"); + return; + } + + /* free any existing WOLFSSL_BIOs in use but don't free those in + * a chain */ + if ((flags & WOLFSSL_BIO_FLAG_READ) && (ssl->biord != NULL)) { + if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biord != ssl->biowr)) { + if (ssl->biowr != NULL && ssl->biowr->prev != NULL) + wolfSSL_BIO_free(ssl->biowr); + ssl->biowr = NULL; + } + if (ssl->biord->prev != NULL) + wolfSSL_BIO_free(ssl->biord); + ssl->biord = NULL; + } + else if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biowr != NULL)) { + if (ssl->biowr->prev != NULL) + wolfSSL_BIO_free(ssl->biowr); + ssl->biowr = NULL; + } + + /* set flag obviously */ + if (rd && !(rd->flags & WOLFSSL_BIO_FLAG_READ)) + rd->flags |= WOLFSSL_BIO_FLAG_READ; + if (wr && !(wr->flags & WOLFSSL_BIO_FLAG_WRITE)) + wr->flags |= WOLFSSL_BIO_FLAG_WRITE; + + if (flags & WOLFSSL_BIO_FLAG_READ) + ssl->biord = rd; + if (flags & WOLFSSL_BIO_FLAG_WRITE) + ssl->biowr = wr; + + /* set SSL to use BIO callbacks instead */ + if ((flags & WOLFSSL_BIO_FLAG_READ) && + (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0))) + { + ssl->CBIORecv = BioReceive; + } + if ((flags & WOLFSSL_BIO_FLAG_WRITE) && + (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0))) + { + ssl->CBIOSend = BioSend; + } + + /* User programs should always retry reading from these BIOs */ + if (rd) { + /* User writes to rd */ + BIO_set_retry_write(rd); + } + if (wr) { + /* User reads from wr */ + BIO_set_retry_read(wr); + } + } + + void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) + { + wolfSSL_set_bio_1(ssl, rd, wr, WOLFSSL_BIO_FLAG_READ | WOLFSSL_BIO_FLAG_WRITE); + } + + void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd) + { + wolfSSL_set_bio_1(ssl, rd, NULL, WOLFSSL_BIO_FLAG_READ); + } + + void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr) + { + wolfSSL_set_bio_1(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE); + } + +#if 0 void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) { WOLFSSL_ENTER("wolfSSL_set_bio"); @@ -10971,6 +11048,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) wolfSSL_BIO_free(ssl->biord); ssl->biord = NULL; } + else if (ssl->biowr != NULL) { + if (ssl->biowr->prev != NULL) + wolfSSL_BIO_free(ssl->biowr); + ssl->biowr = NULL; + } + /* set flag obviously */ if (rd && !(rd->flags & WOLFSSL_BIO_FLAG_READ)) rd->flags |= WOLFSSL_BIO_FLAG_READ; @@ -10998,6 +11081,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) BIO_set_retry_read(wr); } } +#endif /* 0 */ + #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 7303bd5c87..8d92ae1ee9 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -784,7 +784,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_pop wolfSSL_BIO_pop #define BIO_flush wolfSSL_BIO_flush #define BIO_pending wolfSSL_BIO_pending - +#define BIO_number_read wolfSSL_BIO_number_read +#define BIO_number_written wolfSSL_BIO_number_written +#define BIO_reset wolfSSL_BIO_reset #define BIO_get_mem_data wolfSSL_BIO_get_mem_data #define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf @@ -800,6 +802,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_do_handshake wolfSSL_BIO_do_handshake #define BIO_ssl_shutdown wolfSSL_BIO_ssl_shutdown #define SSL_set_bio wolfSSL_set_bio +#define SSL_set0_rbio wolfSSL_set_rbio +#define SSL_set0_wbio wolfSSL_set_wbio #define BIO_method_type wolfSSL_BIO_method_type #define BIO_set_ssl wolfSSL_BIO_set_ssl #define BIO_get_ssl wolfSSL_BIO_get_ssl diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 809eb08790..4499caf0d0 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -561,6 +561,15 @@ struct WOLFSSL_BIO { byte type; /* method type */ byte init:1; /* bio has been initialized */ byte shutdown:1; /* close flag */ + +#ifdef WORD64_AVAILABLE + word64 bytes_read; + word64 bytes_written; +#else + word32 bytes_read; + word32 bytes_written; +#endif + #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif @@ -1812,6 +1821,8 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); #endif WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); +WOLFSSL_API void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd); +WOLFSSL_API void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr); WOLFSSL_API int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b); #ifndef NO_FILESYSTEM @@ -1844,6 +1855,13 @@ WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); +#ifdef WORD64_AVAILABLE +WOLFSSL_API word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio); +WOLFSSL_API word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio); +#else +WOLFSSL_API word32 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio); +WOLFSSL_API word32 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio); +#endif WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio); WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); From 8468a70b723695c17039f94e88ae10776d9c94a5 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 6 May 2024 12:24:51 -0500 Subject: [PATCH 05/21] add wolfSSL_i2d_X509_PUBKEY, wolfSSL_X509_VERIFY_PARAM_lookup, and wolfSSL_X509_STORE_get0_param, and make wolfSSL_X509_VERIFY_PARAM_inherit a public API; add macros to openssl compat layer: DTLS_client_method, DTLS_server_method, X509_VERIFY_PARAM_lookup, X509_VERIFY_PARAM_inherit, X509_STORE_get0_param; add "const char *name" slot to struct WOLFSSL_X509_VERIFY_PARAM to support wolfSSL_X509_VERIFY_PARAM_lookup. --- src/ssl.c | 6 +++++- src/x509.c | 42 +++++++++++++++++++++++++++++++++++++++++- wolfssl/openssl/ssl.h | 5 +++++ wolfssl/ssl.h | 13 +++++++++++-- 4 files changed, 62 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 35dbdd86a7..3af68bce00 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7338,6 +7338,11 @@ int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) return wolfSSL_i2d_PublicKey(key, der); } +int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der) +{ + return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der); +} + #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED */ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, @@ -10318,7 +10323,6 @@ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn) #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) const char *wolfSSL_get0_peername(WOLFSSL *ssl) { if (ssl == NULL) { - ssl->error = BAD_FUNC_ARG; return NULL; } diff --git a/src/x509.c b/src/x509.c index 40579fb316..fae957979d 100644 --- a/src/x509.c +++ b/src/x509.c @@ -8769,6 +8769,46 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, return ret; } +/* note WOLFSSL_X509_VERIFY_PARAM does not record purpose, trust, depth, or + * auth_level. + */ +static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = { + { + "ssl_client", /* name */ + 0, /* check_time */ + 0, /* inherit_flags */ + 0, /* flags */ + "", /* hostname */ + 0, /* hostFlags */ + "" /* ipasc */ + }, + { + "ssl_server", /* name */ + 0, /* check_time */ + 0, /* inherit_flags */ + 0, /* flags */ + "", /* hostname */ + 0, /* hostFlags */ + "" /* ipasc */ + } +}; + +const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *name) +{ + const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0], + *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)]; + while (param < param_end) { + if (! XSTRCMP(name, param->name)) + return param; + ++param; + } + return NULL; +} + +const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(const WOLFSSL_X509_STORE *store) +{ + return store->param; +} /* inherits properties of param "to" to param "from" * @@ -8779,7 +8819,7 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, * WOLFSSL_VPARAM_LOCKED don't copy any values * WOLFSSL_VPARAM_ONCE the current inherit_flags is zerroed */ -static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, +int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, const WOLFSSL_X509_VERIFY_PARAM *from) { int ret = WOLFSSL_FAILURE; diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 8d92ae1ee9..711ba3479b 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -254,6 +254,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_F_X509_CHECK_PRIVATE_KEY 128 #ifdef WOLFSSL_DTLS + #define DTLS_client_method wolfDTLS_client_method + #define DTLS_server_method wolfDTLS_server_method #define DTLSv1_client_method wolfDTLSv1_client_method #define DTLSv1_server_method wolfDTLSv1_server_method #define DTLSv1_2_client_method wolfDTLSv1_2_client_method @@ -712,7 +714,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc #define X509_VERIFY_PARAM_set1_ip wolfSSL_X509_VERIFY_PARAM_set1_ip #define X509_VERIFY_PARAM_set1 wolfSSL_X509_VERIFY_PARAM_set1 +#define X509_VERIFY_PARAM_lookup wolfSSL_X509_VERIFY_PARAM_lookup +#define X509_VERIFY_PARAM_inherit wolfSSL_X509_VERIFY_PARAM_inherit #define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations +#define X509_STORE_get0_param wolfSSL_X509_STORE_get0_param #define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir #define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 4499caf0d0..5e24b073a4 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -649,12 +649,13 @@ struct WOLFSSL_X509_STORE { #endif struct WOLFSSL_X509_VERIFY_PARAM { + const char *name; time_t check_time; unsigned int inherit_flags; unsigned long flags; char hostName[WOLFSSL_HOST_NAME_MAX]; - unsigned int hostFlags; - char ipasc[WOLFSSL_MAX_IPSTR]; + unsigned int hostFlags; + char ipasc[WOLFSSL_MAX_IPSTR]; }; #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ @@ -2084,6 +2085,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, const unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der); +WOLFSSL_API int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, + unsigned char** der); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey, const unsigned char ** in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, @@ -2136,6 +2139,12 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip( WOLFSSL_X509_VERIFY_PARAM* param, const unsigned char* ip, size_t iplen); WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to, const WOLFSSL_X509_VERIFY_PARAM* from); +WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup( + const char *name); +WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param( + const WOLFSSL_X509_STORE *store); +WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, + const WOLFSSL_X509_VERIFY_PARAM *from); WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type); WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, From 3f921e0a32dcea9f285bc00e3cad31923a9154c5 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 20 May 2024 18:13:10 -0500 Subject: [PATCH 06/21] checkpoint progress: add wolfSSL_BIO_s_dgram, wolfSSL_BIO_new_dgram, WOLFSSL_BIO_DGRAM, and remove now-duplicate prototype and definition of wolfSSL_X509_STORE_get0_param. --- src/bio.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ src/x509.c | 5 ----- wolfssl/ssl.h | 7 ++++--- 3 files changed, 49 insertions(+), 8 deletions(-) diff --git a/src/bio.c b/src/bio.c index 318fca66cf..f59e14e24f 100644 --- a/src/bio.c +++ b/src/bio.c @@ -351,6 +351,15 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) ret = NOT_COMPILED_IN; #endif break; + case WOLFSSL_BIO_DGRAM: + #ifdef USE_WOLFSSL_IO + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + ret = wolfIO_RecvDgram(bio->num, (char*)buf, len, 0); + #else + ret = NOT_COMPILED_IN; + #endif + break; } /* switch */ } @@ -732,6 +741,15 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) ret = NOT_COMPILED_IN; #endif break; + case WOLFSSL_BIO_DGRAM: + #ifdef USE_WOLFSSL_IO + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + ret = wolfIO_SendDgram(bio->num, (char*)data, len, 0); + #else + ret = NOT_COMPILED_IN; + #endif + break; } /* switch */ } @@ -1830,6 +1848,7 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) if (bio) { switch (bio->type) { case WOLFSSL_BIO_SOCKET: + case WOLFSSL_BIO_DGRAM: #ifdef XFCNTL { int ret; @@ -2146,6 +2165,32 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return bio; } + + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_dgram(void) + { + static WOLFSSL_BIO_METHOD meth = + WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_DGRAM); + + WOLFSSL_ENTER("wolfSSL_BIO_s_dgram"); + + return &meth; + } + + + WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF) + { + WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_dgram()); + + WOLFSSL_ENTER("wolfSSL_BIO_new_dgram"); + if (bio) { + bio->type = WOLFSSL_BIO_DGRAM; + bio->shutdown = (byte)closeF; + bio->num = fd; + } + return bio; + } + + /** * Create new socket BIO object. This is a pure TCP connection with * no SSL or TLS protection. diff --git a/src/x509.c b/src/x509.c index fae957979d..6bc2ceab80 100644 --- a/src/x509.c +++ b/src/x509.c @@ -8805,11 +8805,6 @@ const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *na return NULL; } -const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param(const WOLFSSL_X509_STORE *store) -{ - return store->param; -} - /* inherits properties of param "to" to param "from" * * WOLFSSL_VPARAM_DEFAULT any values in "src" is copied diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5e24b073a4..c9079344e8 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -474,7 +474,8 @@ enum BIO_TYPE { WOLFSSL_BIO_BIO = 5, WOLFSSL_BIO_FILE = 6, WOLFSSL_BIO_BASE64 = 7, - WOLFSSL_BIO_MD = 8 + WOLFSSL_BIO_MD = 8, + WOLFSSL_BIO_DGRAM = 9 }; enum BIO_FLAGS { @@ -1774,6 +1775,7 @@ WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void); WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF); WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO* b); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void); @@ -1833,6 +1835,7 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_dgram(void); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port); @@ -2141,8 +2144,6 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to, const WOLFSSL_X509_VERIFY_PARAM* from); WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup( const char *name); -WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param( - const WOLFSSL_X509_STORE *store); WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, const WOLFSSL_X509_VERIFY_PARAM *from); WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, From 08940866c3603e91199a552ce657cae92d04740c Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 21 May 2024 12:29:33 -0500 Subject: [PATCH 07/21] checkpoint progress: add macro definitions for BIO_CTRL_DGRAM_SET_CONNECTED, BIO_CTRL_DGRAM_SET_PEER, WOLFSSL_MULTI_LABEL_WILDCARDS, WOLFSSL_MULTI_LABEL_WILDCARDS, NID_id_GostR3410_2001, NID_id_GostR3410_2012_256, NID_id_GostR3410_2012_512; fix flag arithmetic in wolfSSL_X509_check_host(); add compat macros for i2d_X509_PUBKEY, BIO_new_dgram. --- src/bio.c | 20 ++------------------ src/x509.c | 8 ++++++-- wolfssl/openssl/bio.h | 4 +++- wolfssl/openssl/ssl.h | 3 +++ wolfssl/ssl.h | 6 ++++++ wolfssl/wolfcrypt/asn.h | 4 ++++ 6 files changed, 24 insertions(+), 21 deletions(-) diff --git a/src/bio.c b/src/bio.c index f59e14e24f..2473aea75d 100644 --- a/src/bio.c +++ b/src/bio.c @@ -343,19 +343,11 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #endif break; case WOLFSSL_BIO_SOCKET: - #ifdef USE_WOLFSSL_IO - /* BIO requires built-in socket support - * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); - #else - ret = NOT_COMPILED_IN; - #endif - break; case WOLFSSL_BIO_DGRAM: #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_RecvDgram(bio->num, (char*)buf, len, 0); + ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); #else ret = NOT_COMPILED_IN; #endif @@ -733,19 +725,11 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #endif break; case WOLFSSL_BIO_SOCKET: - #ifdef USE_WOLFSSL_IO - /* BIO requires built-in socket support - * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Send(bio->num, (char*)data, len, 0); - #else - ret = NOT_COMPILED_IN; - #endif - break; case WOLFSSL_BIO_DGRAM: #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_SendDgram(bio->num, (char*)data, len, 0); + ret = wolfIO_Send(bio->num, (char*)data, len, 0); #else ret = NOT_COMPILED_IN; #endif diff --git a/src/x509.c b/src/x509.c index 6bc2ceab80..6c7ba863c3 100644 --- a/src/x509.c +++ b/src/x509.c @@ -13419,11 +13419,15 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, return WOLFSSL_FAILURE; } - if (flags == WOLFSSL_NO_WILDCARDS) { + if (flags & WOLFSSL_NO_WILDCARDS) { WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented"); return WOLFSSL_FAILURE; } - if (flags == WOLFSSL_NO_PARTIAL_WILDCARDS) { + if (flags & WOLFSSL_NO_PARTIAL_WILDCARDS) { + WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented"); + return WOLFSSL_FAILURE; + } + if (flags & WOLFSSL_MULTI_LABEL_WILDCARDS) { WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented"); return WOLFSSL_FAILURE; } diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index 9206b092a9..8b7d287c95 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -168,7 +168,9 @@ #define BIO_C_SET_WRITE_BUF_SIZE 136 #define BIO_C_MAKE_BIO_PAIR 138 -#define BIO_CTRL_DGRAM_QUERY_MTU 40 +#define BIO_CTRL_DGRAM_SET_CONNECTED 32 +#define BIO_CTRL_DGRAM_QUERY_MTU 40 +#define BIO_CTRL_DGRAM_SET_PEER 44 #define BIO_FP_TEXT 0x00 #define BIO_NOCLOSE 0x00 diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 711ba3479b..ecec0735a9 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -214,6 +214,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_CTX_set_ecdh_auto wolfSSL_CTX_set_ecdh_auto #define i2d_PUBKEY wolfSSL_i2d_PUBKEY +#define i2d_X509_PUBKEY wolfSSL_i2d_X509_PUBKEY #define d2i_PUBKEY wolfSSL_d2i_PUBKEY #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio #define d2i_PublicKey wolfSSL_d2i_PublicKey @@ -649,6 +650,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT WOLFSSL_ALWAYS_CHECK_SUBJECT #define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS WOLFSSL_NO_PARTIAL_WILDCARDS +#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS WOLFSSL_MULTI_LABEL_WILDCARDS #define X509_VP_FLAG_DEFAULT WOLFSSL_VPARAM_DEFAULT #define X509_VP_FLAG_OVERWRITE WOLFSSL_VPARAM_OVERWRITE @@ -799,6 +801,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size #define BIO_f_ssl wolfSSL_BIO_f_ssl #define BIO_new_socket wolfSSL_BIO_new_socket +#define BIO_new_dgram wolfSSL_BIO_new_dgram #define BIO_new_connect wolfSSL_BIO_new_connect #define BIO_new_accept wolfSSL_BIO_new_accept #define BIO_set_conn_port wolfSSL_BIO_set_conn_port diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c9079344e8..1ab067081b 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -633,6 +633,7 @@ struct WOLFSSL_X509_STORE { #define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 #define WOLFSSL_NO_WILDCARDS 0x2 #define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4 +#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 @@ -1493,10 +1494,15 @@ WOLFSSL_API int wolfSSL_dtls_free_peer(void* addr); WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz); +#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL* ssl); +#endif +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short); WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short); +#endif #ifdef WOLFSSL_SRTP diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index e06e29ac7e..265efb6800 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -864,6 +864,10 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define NID_X9_62_prime_field 406 /* 1.2.840.10045.1.1 */ #endif /* OPENSSL_EXTRA */ +#define NID_id_GostR3410_2001 811 +#define NID_id_GostR3410_2012_256 979 +#define NID_id_GostR3410_2012_512 980 + enum ECC_TYPES { ECC_PREFIX_0 = 160, From 29ec038aa60a7529dba91ee69042fa000e68edf4 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sun, 26 May 2024 18:17:55 -0500 Subject: [PATCH 08/21] checkpoint: add WOLFSSL_BIO_ADDR, wolfSSL_BIO_ADDR_new(), wolfSSL_BIO_ADDR_free(), wolfSSL_BIO_ADDR_clear(), wolfIO_SendTo(), wolfIO_RecvFrom(); fix name of wolfSSL_BIO_s_datagram(). --- src/bio.c | 105 ++++++++++++++++++++++++++++++++++++-- src/internal.c | 3 ++ src/wolfio.c | 25 +++++++++ wolfssl/error-ssl.h | 2 +- wolfssl/internal.h | 54 ++++++++++++++++++++ wolfssl/openssl/bio.h | 2 + wolfssl/ssl.h | 52 ++++--------------- wolfssl/wolfcrypt/types.h | 1 + wolfssl/wolfio.h | 26 ++++++++++ 9 files changed, 221 insertions(+), 49 deletions(-) diff --git a/src/bio.c b/src/bio.c index 2473aea75d..e391d9cf7d 100644 --- a/src/bio.c +++ b/src/bio.c @@ -343,7 +343,6 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #endif break; case WOLFSSL_BIO_SOCKET: - case WOLFSSL_BIO_DGRAM: #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ @@ -352,6 +351,27 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) ret = NOT_COMPILED_IN; #endif break; + +#ifdef WOLFSSL_HAVE_BIO_ADDR + case WOLFSSL_BIO_DGRAM: + #ifdef USE_WOLFSSL_IO + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + if (bio->connected) + ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); + else { + if (bio->peer_addr == NULL) + bio->peer_addr = wolfSSL_BIO_ADDR_new(); + else + wolfSSL_BIO_ADDR_clear(bio->peer_addr); + ret = wolfIO_RecvFrom(bio->num, bio->peer_addr, (char*)buf, len, 0); + } + #else + ret = NOT_COMPILED_IN; + #endif + break; +#endif + } /* switch */ } @@ -725,7 +745,6 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #endif break; case WOLFSSL_BIO_SOCKET: - case WOLFSSL_BIO_DGRAM: #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ @@ -734,6 +753,24 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) ret = NOT_COMPILED_IN; #endif break; + +#ifdef WOLFSSL_HAVE_BIO_ADDR + case WOLFSSL_BIO_DGRAM: + #ifdef USE_WOLFSSL_IO + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + if (bio->connected) + ret = wolfIO_Send(bio->num, (char*)data, len, 0); + else if (bio->peer_addr != NULL) + ret = wolfIO_SendTo(bio->num, bio->peer_addr, (char*)data, len, 0); + else + ret = SOCKET_NOT_CONNECTED_E; + #else + ret = NOT_COMPILED_IN; + #endif + break; +#endif + } /* switch */ } @@ -797,6 +834,25 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) case BIO_CTRL_RESET: ret = (long)wolfSSL_BIO_reset(bio); break; + +#ifdef WOLFSSL_HAVE_BIO_ADDR + case BIO_CTRL_DGRAM_CONNECT: + case BIO_CTRL_DGRAM_SET_PEER: + if (bio->peer_addr) + wolfSSL_BIO_ADDR_free(bio->peer_addr); + bio->peer_addr = (WOLFSSL_BIO_ADDR *)parg; + ret = WOLFSSL_SUCCESS; + break; + + case BIO_CTRL_DGRAM_SET_CONNECTED: + bio->connected = (parg != NULL); + if (bio->peer_addr) + wolfSSL_BIO_ADDR_free(bio->peer_addr); + bio->peer_addr = (WOLFSSL_BIO_ADDR *)parg; + ret = WOLFSSL_SUCCESS; + break; +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + default: WOLFSSL_MSG("CMD not yet implemented"); ret = WOLFSSL_FAILURE; @@ -830,8 +886,47 @@ int wolfSSL_BIO_up_ref(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } + +#ifdef WOLFSSL_HAVE_BIO_ADDR +WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void) { + WOLFSSL_BIO_ADDR *addr = XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO); + if (addr) + addr->sa.sa_family = AF_UNSPEC; + return addr; +} + +void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr) { + XFREE(addr, NULL, DYNAMIC_TYPE_BIO); +} + +void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr) { + if (addr == NULL) + return; + XMEMSET(addr, 0, sizeof(*addr)); + addr->sa.sa_family = AF_UNSPEC; +} + +socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) { + switch (addr->sa.sa_family) { +#ifndef WOLFSSL_NO_BIO_ADDR_IN + case AF_INET: + return sizeof(addr->sa_in); +#endif +#ifdef WOLFSSL_IPV6 + case AF_INET6: + return sizeof(addr->sa_in6); +#endif +#ifndef WOLFSSL_NO_BIO_ADDR_UN + case AF_UNIX: + return sizeof(addr->sa_un); #endif + default: + return sizeof(*addr); + } +} +#endif /* WOLFSSL_HAVE_BIO_ADDR */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ /* helper function for wolfSSL_BIO_gets * size till a newline is hit @@ -2150,12 +2245,12 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } - WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_dgram(void) + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void) { static WOLFSSL_BIO_METHOD meth = WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_DGRAM); - WOLFSSL_ENTER("wolfSSL_BIO_s_dgram"); + WOLFSSL_ENTER("wolfSSL_BIO_s_datagram"); return &meth; } @@ -2163,7 +2258,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF) { - WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_dgram()); + WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_datagram()); WOLFSSL_ENTER("wolfSSL_BIO_new_dgram"); if (bio) { diff --git a/src/internal.c b/src/internal.c index d6cce09d59..31a0f011d8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -25639,6 +25639,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case DUPLICATE_TLS_EXT_E: return "Duplicate TLS extension in message."; + case SOCKET_NOT_CONNECTED_E: + return "Socket has no associated peer."; + default : return "unknown error number"; } diff --git a/src/wolfio.c b/src/wolfio.c index 70e0cd8e90..95476b4940 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1113,6 +1113,31 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) return sent; } +#ifdef WOLFSSL_HAVE_BIO_ADDR + +int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags) +{ + int recvd; + socklen_t addr_len = (socklen_t)sizeof(*addr); + + recvd = (int)recvfrom(sd, buf, (size_t)sz, rdFlags, addr ? &addr->sa : NULL, addr ? &addr_len : 0); + recvd = TranslateReturnCode(recvd, (int)sd); + + return recvd; +} + +int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags) +{ + int sent; + + sent = (int)sendto(sd, buf, (size_t)sz, wrFlags, addr ? &addr->sa : NULL, addr ? wolfSSL_BIO_ADDR_size(addr) : 0); + sent = TranslateReturnCode(sent, (int)sd); + + return sent; +} + +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + #endif /* USE_WOLFSSL_IO */ diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index 724d7de007..64edf75c36 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -185,8 +185,8 @@ enum wolfSSL_ErrorCodes { DTLS_CID_ERROR = -454, /* Wrong or missing CID */ DTLS_TOO_MANY_FRAGMENTS_E = -455, /* Received too many fragments */ QUIC_WRONG_ENC_LEVEL = -456, /* QUIC data received on wrong encryption level */ - DUPLICATE_TLS_EXT_E = -457, /* Duplicate TLS extension in msg. */ + SOCKET_NOT_CONNECTED_E = -458, /* Socket has no associated peer. */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* begin negotiation parameter errors */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 390b21b54a..12a6c5100c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2743,6 +2743,60 @@ typedef struct WOLFSSL_DTLS_PEERSEQ { #endif } WOLFSSL_DTLS_PEERSEQ; +struct WOLFSSL_BIO { + WOLFSSL_BUF_MEM* mem_buf; + WOLFSSL_BIO_METHOD* method; + WOLFSSL_BIO* prev; /* previous in chain */ + WOLFSSL_BIO* next; /* next in chain */ + WOLFSSL_BIO* pair; /* BIO paired with */ + void* heap; /* user heap hint */ + void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */ + void* usrCtx; /* user set pointer */ + char* ip; /* IP address for wolfIO_TcpConnect */ + word16 port; /* Port for wolfIO_TcpConnect */ + char* infoArg; /* BIO callback argument */ + wolf_bio_info_cb infoCb; /* BIO callback */ + int wrSz; /* write buffer size (mem) */ + int wrSzReset; /* First buffer size (mem) - read ONLY data */ + int wrIdx; /* current index for write buffer */ + int rdIdx; /* current read index */ + int readRq; /* read request */ + int num; /* socket num or length */ + int eof; /* eof flag */ + int flags; + byte type; /* method type */ + byte init:1; /* bio has been initialized */ + byte shutdown:1; /* close flag */ + byte connected:1; /* connected state, for datagram BIOs -- as for + * struct WOLFSSL_DTLS_CTX, when set, sendto and + * recvfrom leave the peer_addr unchanged. */ +#ifdef WOLFSSL_HAVE_BIO_ADDR + union WOLFSSL_BIO_ADDR *peer_addr; /* for datagram BIOs, the socket address stored + * with BIO_CTRL_DGRAM_CONNECT, + * BIO_CTRL_DGRAM_SET_CONNECTED, or + * BIO_CTRL_DGRAM_SET_PEER, or stored when a + * packet was received on an unconnected BIO. */ +#endif + +#ifdef WORD64_AVAILABLE + word64 bytes_read; + word64 bytes_written; +#else + word32 bytes_read; + word32 bytes_written; +#endif + +#ifdef HAVE_EX_DATA + WOLFSSL_CRYPTO_EX_DATA ex_data; +#endif +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + wolfSSL_Ref ref; +#endif +}; + +#ifdef WOLFSSL_HAVE_BIO_ADDR +WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr); +#endif #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index 8b7d287c95..72a43656ef 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -61,6 +61,7 @@ #define BIO_s_file wolfSSL_BIO_s_file #define BIO_s_bio wolfSSL_BIO_s_bio #define BIO_s_socket wolfSSL_BIO_s_socket +#define BIO_s_datagram wolfSSL_BIO_s_datagram #define BIO_s_accept wolfSSL_BIO_s_socket #define BIO_set_fd wolfSSL_BIO_set_fd #define BIO_set_close wolfSSL_BIO_set_close @@ -168,6 +169,7 @@ #define BIO_C_SET_WRITE_BUF_SIZE 136 #define BIO_C_MAKE_BIO_PAIR 138 +#define BIO_CTRL_DGRAM_CONNECT 31 #define BIO_CTRL_DGRAM_SET_CONNECTED 32 #define BIO_CTRL_DGRAM_QUERY_MTU 40 #define BIO_CTRL_DGRAM_SET_PEER 44 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1ab067081b..d3f3a0165e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -538,47 +538,6 @@ struct WOLFSSL_BIO_METHOD { typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg, int iarg, long larg, long return_value); -struct WOLFSSL_BIO { - WOLFSSL_BUF_MEM* mem_buf; - WOLFSSL_BIO_METHOD* method; - WOLFSSL_BIO* prev; /* previous in chain */ - WOLFSSL_BIO* next; /* next in chain */ - WOLFSSL_BIO* pair; /* BIO paired with */ - void* heap; /* user heap hint */ - void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */ - void* usrCtx; /* user set pointer */ - char* ip; /* IP address for wolfIO_TcpConnect */ - word16 port; /* Port for wolfIO_TcpConnect */ - char* infoArg; /* BIO callback argument */ - wolf_bio_info_cb infoCb; /* BIO callback */ - int wrSz; /* write buffer size (mem) */ - int wrSzReset; /* First buffer size (mem) - read ONLY data */ - int wrIdx; /* current index for write buffer */ - int rdIdx; /* current read index */ - int readRq; /* read request */ - int num; /* socket num or length */ - int eof; /* eof flag */ - int flags; - byte type; /* method type */ - byte init:1; /* bio has been initialized */ - byte shutdown:1; /* close flag */ - -#ifdef WORD64_AVAILABLE - word64 bytes_read; - word64 bytes_written; -#else - word32 bytes_read; - word32 bytes_written; -#endif - -#ifdef HAVE_EX_DATA - WOLFSSL_CRYPTO_EX_DATA ex_data; -#endif -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) - wolfSSL_Ref ref; -#endif -}; - typedef struct WOLFSSL_COMP_METHOD { int type; /* stunnel dereference */ } WOLFSSL_COMP_METHOD; @@ -1841,7 +1800,7 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); -WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_dgram(void); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port); @@ -1884,7 +1843,14 @@ WOLFSSL_API int wolfSSL_BIO_set_mem_buf(WOLFSSL_BIO* bio, WOLFSSL_BUF_MEM* bufMe int closeFlag); #endif WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio); -#endif + +#ifdef WOLFSSL_HAVE_BIO_ADDR +WOLFSSL_API WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void); +WOLFSSL_API void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr); +WOLFSSL_API void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr); +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + +#endif /* !NO_BIO */ WOLFSSL_API void wolfSSL_RAND_screen(void); WOLFSSL_API const char* wolfSSL_RAND_file_name(char* fname, unsigned long len); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 9dd2f754ed..798f794a12 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1061,6 +1061,7 @@ typedef struct w64wrapper { DYNAMIC_TYPE_SM4_BUFFER = 99, DYNAMIC_TYPE_DEBUG_TAG = 100, DYNAMIC_TYPE_LMS = 101, + DYNAMIC_TYPE_BIO = 102, DYNAMIC_TYPE_SNIFFER_SERVER = 1000, DYNAMIC_TYPE_SNIFFER_SESSION = 1001, DYNAMIC_TYPE_SNIFFER_PB = 1002, diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index a4a659c4dd..016174eccd 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -463,6 +463,32 @@ WOLFSSL_API int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port); WOLFSSL_API int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags); WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); +#ifdef WOLFSSL_HAVE_BIO_ADDR + +#ifndef WOLFSSL_NO_BIO_ADDR_UN +#include +#endif + +union WOLFSSL_BIO_ADDR { + struct sockaddr sa; +#ifndef WOLFSSL_NO_BIO_ADDR_IN + struct sockaddr_in sa_in; +#endif +#ifdef WOLFSSL_IPV6 + struct sockaddr_in6 sa_in6; +#endif +#ifndef WOLFSSL_NO_BIO_ADDR_UN + struct sockaddr_un sa_un; +#endif +}; + +typedef union WOLFSSL_BIO_ADDR WOLFSSL_BIO_ADDR; + +WOLFSSL_API int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags); +WOLFSSL_API int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags); + +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + #endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */ #ifndef WOLFSSL_NO_SOCK From bd7f7c8bdfe45768809fdc114ed348ab05613b73 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 31 May 2024 10:54:20 -0500 Subject: [PATCH 09/21] checkpoint: add wolfSSL_BIO_ADDR_free to wolfSSL_BIO_free(); tweak EXPECT_SUCCESS() to tolerate TEST_SKIPPED; add WIP test_wolfSSL_BIO_datagram. --- src/bio.c | 4 +++ tests/api.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++ tests/unit.h | 2 +- 3 files changed, 94 insertions(+), 1 deletion(-) diff --git a/src/bio.c b/src/bio.c index e391d9cf7d..2ca951db85 100644 --- a/src/bio.c +++ b/src/bio.c @@ -2889,6 +2889,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if ((bio->type == WOLFSSL_BIO_SOCKET) && (bio->num > 0)) CloseSocket(bio->num); #endif + #ifdef WOLFSSL_HAVE_BIO_ADDR + if (bio->peer_addr != NULL) + wolfSSL_BIO_ADDR_free(bio->peer_addr); + #endif } #ifndef NO_FILESYSTEM diff --git a/tests/api.c b/tests/api.c index eafa8bbcc1..42a645827a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -56967,6 +56967,94 @@ static int test_wolfSSL_BIO_tls(void) return EXPECT_RESULT(); } + + +static int test_wolfSSL_BIO_datagram(void) +{ + EXPECT_DECLS; +#if !defined(NO_BIO) && defined(WOLFSSL_HAVE_BIO_ADDR) + int ret; + int fd1 = -1, fd2 = -1; + WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; + WOLFSSL_BIO_ADDR *bio_addr1, *bio_addr2; + struct sockaddr_in sin1, sin2; + socklen_t slen; + + if (EXPECT_SUCCESS()) { + fd1 = socket(AF_INET, SOCK_DGRAM, 17 /* UDP */); + ExpectIntGE(fd1, 0); + } + if (EXPECT_SUCCESS()) { + fd2 = socket(AF_INET, SOCK_DGRAM, 17 /* UDP */); + ExpectIntGE(fd2, 0); + } + + if (EXPECT_SUCCESS()) { + bio1 = wolfSSL_BIO_new_dgram(fd1, 1 /* closeF */); + ExpectNotNull(bio1); + } + + if (EXPECT_SUCCESS()) { + bio2 = wolfSSL_BIO_new_dgram(fd2, 1 /* closeF */); + ExpectNotNull(bio2); + } + + if (EXPECT_SUCCESS()) { + sin1.sin_family = AF_INET; + sin1.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sin1.sin_port = 0; + slen = (socklen_t)sizeof(sin1); + ExpectIntEQ(bind(fd1, (const struct sockaddr *)&sin1, slen), 0); + perror("bind"); + ExpectIntEQ(getsockname(fd1, (struct sockaddr *)&sin1, &slen), 0); + } + + if (EXPECT_SUCCESS()) { + sin2.sin_family = AF_INET; + sin2.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sin2.sin_port = 0; + slen = (socklen_t)sizeof(sin2); + ExpectIntEQ(bind(fd2, (const struct sockaddr *)&sin2, slen), 0); + ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0); + } + + if (EXPECT_SUCCESS()) { + bio_addr1 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr1); + } + + if (EXPECT_SUCCESS()) { + bio_addr2 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr1); + } + + if (EXPECT_SUCCESS()) { + XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); + ret = (int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 1, bio_addr2); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } + + if (EXPECT_SUCCESS()) { + XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1)); + ret = (int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_PEER, 1, bio_addr1); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } + + if (bio1) { + ret = wolfSSL_BIO_free(bio1); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } + + if (bio2) { + ret = wolfSSL_BIO_free(bio2); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } +#endif + return EXPECT_RESULT(); +} + + + #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(HAVE_HTTP_CLIENT) static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args) @@ -83961,6 +84049,7 @@ TEST_CASE testCases[] = { /* Can't memory test as server Asserts in thread. */ TEST_DECL(test_wolfSSL_BIO_accept), TEST_DECL(test_wolfSSL_BIO_tls), + TEST_DECL(test_wolfSSL_BIO_datagram), #endif #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12) diff --git a/tests/unit.h b/tests/unit.h index 061e84d830..33e7b8e505 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -127,7 +127,7 @@ #define EXPECT_RESULT() \ _ret #define EXPECT_SUCCESS() \ - (_ret == TEST_SUCCESS) + ((_ret == TEST_SUCCESS) || (_ret == TEST_SKIPPED)) #define EXPECT_FAIL() \ (_ret == TEST_FAIL) From 7216a543dde810631c681ce5203f5dc3c789151f Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 5 Jun 2024 00:24:21 -0500 Subject: [PATCH 10/21] checkpoint: complete test_wolfSSL_BIO_datagram(); fix some WOLFSSL_HAVE_BIO_ADDR gates to also gate on WOLFSSL_DTLS and OPENSSL_EXTRA; use DTLS_RECVFROM_FUNCTION, DTLS_SENDTO_FUNCTION, SOCKET_T, SOCKADDR, SOCKADDR_IN, and SOCKADDR_IN6 macros and types, and add SOCKADDR_UN type. --- src/bio.c | 5 ++ src/wolfio.c | 8 +-- tests/api.c | 143 +++++++++++++++++++++++++++++++++++++++------ wolfssl/internal.h | 2 +- wolfssl/wolfio.h | 23 +++++--- 5 files changed, 150 insertions(+), 31 deletions(-) diff --git a/src/bio.c b/src/bio.c index 2ca951db85..127dd4b750 100644 --- a/src/bio.c +++ b/src/bio.c @@ -851,6 +851,11 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) bio->peer_addr = (WOLFSSL_BIO_ADDR *)parg; ret = WOLFSSL_SUCCESS; break; + + case BIO_CTRL_DGRAM_QUERY_MTU: + return 0; /* not implemented */ + break; + #endif /* WOLFSSL_HAVE_BIO_ADDR */ default: diff --git a/src/wolfio.c b/src/wolfio.c index 95476b4940..c9e92846b8 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1113,14 +1113,14 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) return sent; } -#ifdef WOLFSSL_HAVE_BIO_ADDR +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags) { int recvd; socklen_t addr_len = (socklen_t)sizeof(*addr); - recvd = (int)recvfrom(sd, buf, (size_t)sz, rdFlags, addr ? &addr->sa : NULL, addr ? &addr_len : 0); + recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, rdFlags, addr ? &addr->sa : NULL, addr ? &addr_len : 0); recvd = TranslateReturnCode(recvd, (int)sd); return recvd; @@ -1130,13 +1130,13 @@ int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wr { int sent; - sent = (int)sendto(sd, buf, (size_t)sz, wrFlags, addr ? &addr->sa : NULL, addr ? wolfSSL_BIO_ADDR_size(addr) : 0); + sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, wrFlags, addr ? &addr->sa : NULL, addr ? wolfSSL_BIO_ADDR_size(addr) : 0); sent = TranslateReturnCode(sent, (int)sd); return sent; } -#endif /* WOLFSSL_HAVE_BIO_ADDR */ +#endif /* WOLFSSL_HAVE_BIO_ADDR && WOLFSSL_DTLS && OPENSSL_EXTRA */ #endif /* USE_WOLFSSL_IO */ diff --git a/tests/api.c b/tests/api.c index 42a645827a..51b8f99f32 100644 --- a/tests/api.c +++ b/tests/api.c @@ -56968,25 +56968,35 @@ static int test_wolfSSL_BIO_tls(void) } - static int test_wolfSSL_BIO_datagram(void) { EXPECT_DECLS; -#if !defined(NO_BIO) && defined(WOLFSSL_HAVE_BIO_ADDR) +#if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) int ret; - int fd1 = -1, fd2 = -1; + SOCKET_T fd1 = 0, fd2 = 0; /* SOCKET_T is unsigned on Windows */ WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; - WOLFSSL_BIO_ADDR *bio_addr1, *bio_addr2; - struct sockaddr_in sin1, sin2; + WOLFSSL_BIO_ADDR *bio_addr1 = NULL, *bio_addr2 = NULL; + SOCKADDR_IN sin1, sin2; socklen_t slen; + static const char test_msg[] = "I am a datagram, short and stout."; + char test_msg_recvd[sizeof(test_msg) + 10]; +#ifdef USE_WINDOWS_API + static const DWORD timeout = 250; /* ms */ +#else + static const struct timeval timeout = { 0, 250000 }; +#endif + +#ifdef USE_WINDOWS_API + WSAStartup(); +#endif if (EXPECT_SUCCESS()) { fd1 = socket(AF_INET, SOCK_DGRAM, 17 /* UDP */); - ExpectIntGE(fd1, 0); + ExpectIntGT(fd1, 0); } if (EXPECT_SUCCESS()) { fd2 = socket(AF_INET, SOCK_DGRAM, 17 /* UDP */); - ExpectIntGE(fd2, 0); + ExpectIntGT(fd2, 0); } if (EXPECT_SUCCESS()) { @@ -57005,7 +57015,7 @@ static int test_wolfSSL_BIO_datagram(void) sin1.sin_port = 0; slen = (socklen_t)sizeof(sin1); ExpectIntEQ(bind(fd1, (const struct sockaddr *)&sin1, slen), 0); - perror("bind"); + ExpectIntEQ(setsockopt(fd1, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0); ExpectIntEQ(getsockname(fd1, (struct sockaddr *)&sin1, &slen), 0); } @@ -57015,9 +57025,53 @@ static int test_wolfSSL_BIO_datagram(void) sin2.sin_port = 0; slen = (socklen_t)sizeof(sin2); ExpectIntEQ(bind(fd2, (const struct sockaddr *)&sin2, slen), 0); + ExpectIntEQ(setsockopt(fd2, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0); ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0); } + if (EXPECT_SUCCESS()) { + bio_addr2 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr2); + } + + if (EXPECT_SUCCESS()) { + XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); + if (EXPECT_SUCCESS()) + bio_addr2 = NULL; + } + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + + /* bio2 should now have bio1's addr stored as its peer_addr, because the + * BIOs aren't "connected" yet. use it to send a reply. + */ + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); + +#ifdef USE_WINDOWS_API + ExpectIntEQ(WSAGetLastError(), WSAEWOULDBLOCK); +#else + ExpectIntEQ(errno, EAGAIN); +#endif + + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); +#ifdef USE_WINDOWS_API + ExpectIntEQ(WSAGetLastError(), WSAEWOULDBLOCK); +#else + ExpectIntEQ(errno, EAGAIN); +#endif + + /* now "connect" the sockets. */ + if (EXPECT_SUCCESS()) { bio_addr1 = wolfSSL_BIO_ADDR_new(); ExpectNotNull(bio_addr1); @@ -57025,36 +57079,89 @@ static int test_wolfSSL_BIO_datagram(void) if (EXPECT_SUCCESS()) { bio_addr2 = wolfSSL_BIO_ADDR_new(); - ExpectNotNull(bio_addr1); + ExpectNotNull(bio_addr2); } + ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0); + ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + if (EXPECT_SUCCESS()) { XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); - ret = (int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 1, bio_addr2); - ExpectIntEQ(ret, WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS); + if (EXPECT_SUCCESS()) + bio_addr2 = NULL; } if (EXPECT_SUCCESS()) { XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1)); - ret = (int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_PEER, 1, bio_addr1); - ExpectIntEQ(ret, WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS); + if (EXPECT_SUCCESS()) + bio_addr1 = NULL; + } + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + +#ifdef __linux__ + /* now "disconnect" the sockets and attempt transmits expected to fail. */ + + sin1.sin_family = AF_UNSPEC; + ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + sin1.sin_family = AF_INET; + + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); + + if (EXPECT_SUCCESS()) { + bio_addr2 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr2); + } + + if (EXPECT_SUCCESS()) { + sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */ + XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); + if (EXPECT_SUCCESS()) + bio_addr2 = NULL; } + test_msg_recvd[0] = 0; + errno = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), -1); + ExpectIntEQ(errno, EINVAL); + +#endif /* __linux__ */ + + if (bio1) { ret = wolfSSL_BIO_free(bio1); ExpectIntEQ(ret, WOLFSSL_SUCCESS); - } - + } else if (fd1 > 0) + CloseSocket(fd1); if (bio2) { ret = wolfSSL_BIO_free(bio2); ExpectIntEQ(ret, WOLFSSL_SUCCESS); - } -#endif + } else if (fd2 > 0) + CloseSocket(fd2); + if (bio_addr1) + wolfSSL_BIO_ADDR_free(bio_addr1); + if (bio_addr2) + wolfSSL_BIO_ADDR_free(bio_addr2); + +#endif /* !NO_BIO && WOLFSSL_DTLS && WOLFSSL_HAVE_BIO_ADDR && OPENSSL_EXTRA */ + return EXPECT_RESULT(); } - #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(HAVE_HTTP_CLIENT) static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 12a6c5100c..8424956dc0 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2794,7 +2794,7 @@ struct WOLFSSL_BIO { #endif }; -#ifdef WOLFSSL_HAVE_BIO_ADDR +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr); #endif diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 016174eccd..28259e6226 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -439,6 +439,10 @@ #ifdef WOLFSSL_IPV6 typedef struct sockaddr_in6 SOCKADDR_IN6; #endif + #if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + #include + typedef struct sockaddr_un SOCKADDR_UN; + #endif typedef struct hostent HOSTENT; #endif /* HAVE_SOCKADDR */ @@ -465,27 +469,30 @@ WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); #ifdef WOLFSSL_HAVE_BIO_ADDR +#ifdef WOLFSSL_NO_SOCK +#error WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_NO_SOCK are mutually incompatible. +#endif + #ifndef WOLFSSL_NO_BIO_ADDR_UN -#include #endif union WOLFSSL_BIO_ADDR { - struct sockaddr sa; -#ifndef WOLFSSL_NO_BIO_ADDR_IN - struct sockaddr_in sa_in; -#endif + SOCKADDR sa; + SOCKADDR_IN sa_in; #ifdef WOLFSSL_IPV6 - struct sockaddr_in6 sa_in6; + SOCKADDR_IN6 sa_in6; #endif -#ifndef WOLFSSL_NO_BIO_ADDR_UN - struct sockaddr_un sa_un; +#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + SOCKADDR_UN sa_un; #endif }; typedef union WOLFSSL_BIO_ADDR WOLFSSL_BIO_ADDR; +#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) WOLFSSL_API int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags); WOLFSSL_API int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags); +#endif #endif /* WOLFSSL_HAVE_BIO_ADDR */ From 2d370f3e4e1165a8255ca977eab385744ef2ca02 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 7 Jun 2024 17:18:50 -0500 Subject: [PATCH 11/21] wolfSSL_BIO_read(): return MEMORY_E if wolfSSL_BIO_ADDR_new() fails. --- src/bio.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/bio.c b/src/bio.c index 127dd4b750..85d7b1fd8c 100644 --- a/src/bio.c +++ b/src/bio.c @@ -364,7 +364,10 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) bio->peer_addr = wolfSSL_BIO_ADDR_new(); else wolfSSL_BIO_ADDR_clear(bio->peer_addr); - ret = wolfIO_RecvFrom(bio->num, bio->peer_addr, (char*)buf, len, 0); + if (bio->peer_addr == NULL) + ret = wolfIO_RecvFrom(bio->num, bio->peer_addr, (char*)buf, len, 0); + else + ret = MEMORY_E; } #else ret = NOT_COMPILED_IN; From 62db3533ae3f0f74ecd2924d7c12da8a19c3c060 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 13 Jun 2024 17:46:04 -0500 Subject: [PATCH 12/21] wolfSSL_CTX_load_verify_locations(): set up with OpenSSL-compatible behavior (WOLFSSL_LOAD_FLAG_IGNORE_ERR). --- src/ssl_load.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index 60eb72167d..562ab81bb4 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -2872,9 +2872,22 @@ WOLFSSL_ABI int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, const char* path) { - /* Load using default flags/options. */ + /* We want to keep trying to load more CA certs even if one cert in the + * directory is bad and can't be used (e.g. if one is expired), and we + * want to return success if any were successfully loaded (mimicking + * OpenSSL SSL_CTX_load_verify_locations() semantics), so we use + * WOLFSSL_LOAD_FLAG_IGNORE_ERR. OpenSSL (as of v3.3.2) actually + * returns success even if no certs are loaded (e.g. because the + * supplied "path" doesn't exist or access is prohibited), and only + * returns failure if the "file" is non-null and fails to load. + * + * Note that if a file is supplied and can't be successfully loaded, the + * overall call fails and the path is never even evaluated. This is + * consistent with OpenSSL behavior. + */ + int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS | WOLFSSL_LOAD_FLAG_IGNORE_ERR); /* Return 1 on success or 0 on failure. */ return WS_RETURN_CODE(ret, 0); From 61eb6987d014822b53326be788203336d824dc67 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 15 Jun 2024 01:08:19 -0500 Subject: [PATCH 13/21] src/ssl.c: remove old version of wolfSSL_set_bio(). --- src/ssl.c | 57 ------------------------------------------------------- 1 file changed, 57 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 3af68bce00..34d8d6913a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11030,63 +11030,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) wolfSSL_set_bio_1(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE); } -#if 0 - void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) - { - WOLFSSL_ENTER("wolfSSL_set_bio"); - - if (ssl == NULL) { - WOLFSSL_MSG("Bad argument, ssl was NULL"); - return; - } - - /* free any existing WOLFSSL_BIOs in use but don't free those in - * a chain */ - if (ssl->biord != NULL) { - if (ssl->biord != ssl->biowr) { - if (ssl->biowr != NULL && ssl->biowr->prev != NULL) - wolfSSL_BIO_free(ssl->biowr); - ssl->biowr = NULL; - } - if (ssl->biord->prev != NULL) - wolfSSL_BIO_free(ssl->biord); - ssl->biord = NULL; - } - else if (ssl->biowr != NULL) { - if (ssl->biowr->prev != NULL) - wolfSSL_BIO_free(ssl->biowr); - ssl->biowr = NULL; - } - - /* set flag obviously */ - if (rd && !(rd->flags & WOLFSSL_BIO_FLAG_READ)) - rd->flags |= WOLFSSL_BIO_FLAG_READ; - if (wr && !(wr->flags & WOLFSSL_BIO_FLAG_WRITE)) - wr->flags |= WOLFSSL_BIO_FLAG_WRITE; - - ssl->biord = rd; - ssl->biowr = wr; - - /* set SSL to use BIO callbacks instead */ - if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0)) { - ssl->CBIORecv = BioReceive; - } - if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0)) { - ssl->CBIOSend = BioSend; - } - - /* User programs should always retry reading from these BIOs */ - if (rd) { - /* User writes to rd */ - BIO_set_retry_write(rd); - } - if (wr) { - /* User reads from wr */ - BIO_set_retry_read(wr); - } - } -#endif /* 0 */ - #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ From 0a928ead3f5282a9fb71139d74b26f40a2d9be93 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 22 Jun 2024 02:19:35 -0500 Subject: [PATCH 14/21] address peer review around WOLFSSL_HAVE_BIO_ADDR: refactor housekeeping for bio->bytes_read and bio->bytes_write, and add WOLFSSL_BIO_HAVE_FLOW_STATS gate; add WOLFSSL_BIO_FLAG_RETRY housekeeping for WOLFSSL_BIO_SOCKET and WOLFSSL_BIO_DGRAM; refactor WOLFSSL_BIO.peer_addr to be inline rather than a pointer; add wolfSSL_set_mtu_compat() and wolfSSL_CTX_load_verify_locations_compat() implementations; enable WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_DTLS_MTU when OPENSSL_ALL. --- src/bio.c | 159 +++++++++++++++++++++++++++++++----------- src/internal.c | 3 - src/ssl.c | 30 ++++---- src/ssl_load.c | 23 ++++++ src/x509.c | 2 +- tests/api.c | 71 +++++++------------ wolfssl/internal.h | 20 +++--- wolfssl/openssl/ssl.h | 15 +--- wolfssl/ssl.h | 24 +++++-- wolfssl/wolfio.h | 3 - 10 files changed, 213 insertions(+), 137 deletions(-) diff --git a/src/bio.c b/src/bio.c index 85d7b1fd8c..200e5fa8ff 100644 --- a/src/bio.c +++ b/src/bio.c @@ -145,7 +145,6 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, sz); bio->rdIdx += sz; - bio->bytes_read += (word32)sz; if (bio->rdIdx >= bio->wrSz) { if (bio->flags & BIO_FLAGS_MEM_RDONLY) { @@ -291,6 +290,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom read */ if (bio->method && bio->method->readCb) { ret = bio->method->readCb(bio, (char*)buf, len); @@ -303,6 +305,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) break; case WOLFSSL_BIO_BIO: /* read BIOs */ ret = wolfSSL_BIO_BIO_read(bio, buf, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_read(bio, buf, len); @@ -346,7 +351,17 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); + if (ret < 0) { +#ifdef USE_WINDOWS_API + if (WSAGetLastError() == WSAEWOULDBLOCK) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#else + if (errno == EAGAIN) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#endif + } #else ret = NOT_COMPILED_IN; #endif @@ -357,17 +372,21 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; if (bio->connected) ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); else { - if (bio->peer_addr == NULL) - bio->peer_addr = wolfSSL_BIO_ADDR_new(); - else - wolfSSL_BIO_ADDR_clear(bio->peer_addr); - if (bio->peer_addr == NULL) - ret = wolfIO_RecvFrom(bio->num, bio->peer_addr, (char*)buf, len, 0); - else - ret = MEMORY_E; + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + ret = wolfIO_RecvFrom(bio->num, &bio->peer_addr, (char*)buf, len, 0); + } + if ((ret < 0) && (ret != WC_NO_ERR_TRACE(MEMORY_E))) { +#ifdef USE_WINDOWS_API + if (WSAGetLastError() == WSAEWOULDBLOCK) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#else + if (errno == EAGAIN) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#endif } #else ret = NOT_COMPILED_IN; @@ -378,6 +397,12 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (! inhibit_flow_increment)) { + bio->bytes_read += (word32)ret; + } +#endif + /* case where front of list is done */ if (bio == front) { break; /* at front of list so be done */ @@ -605,7 +630,6 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, bio->num = (int)bio->mem_buf->max; bio->wrSz += len; bio->wrIdx += len; - bio->bytes_written += (word32)len; return len; } @@ -673,6 +697,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom write */ if (bio->method && bio->method->writeCb) { ret = bio->method->writeCb(bio, (const char*)data, len); @@ -698,6 +725,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } case WOLFSSL_BIO_BIO: /* write bios */ ret = wolfSSL_BIO_BIO_write(bio, data, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_write(bio, data, len); @@ -751,7 +781,15 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; ret = wolfIO_Send(bio->num, (char*)data, len, 0); +#ifdef USE_WINDOWS_API + if (WSAGetLastError() == WSAEWOULDBLOCK) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#else + if (errno == EAGAIN) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#endif #else ret = NOT_COMPILED_IN; #endif @@ -762,12 +800,22 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; if (bio->connected) ret = wolfIO_Send(bio->num, (char*)data, len, 0); - else if (bio->peer_addr != NULL) - ret = wolfIO_SendTo(bio->num, bio->peer_addr, (char*)data, len, 0); + else if (bio->peer_addr.sa.sa_family == AF_UNSPEC) + ret = SOCKET_ERROR_E; else - ret = SOCKET_NOT_CONNECTED_E; + ret = wolfIO_SendTo(bio->num, &bio->peer_addr, (char*)data, len, 0); + if (ret < 0) { +#ifdef USE_WINDOWS_API + if (WSAGetLastError() == WSAEWOULDBLOCK) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#else + if (errno == EAGAIN) + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; +#endif + } #else ret = NOT_COMPILED_IN; #endif @@ -777,6 +825,11 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (! inhibit_flow_increment)) + bio->bytes_written += (word32)ret; +#endif + /* advance to the next bio in list */ bio = bio->next; } @@ -841,22 +894,38 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) #ifdef WOLFSSL_HAVE_BIO_ADDR case BIO_CTRL_DGRAM_CONNECT: case BIO_CTRL_DGRAM_SET_PEER: - if (bio->peer_addr) - wolfSSL_BIO_ADDR_free(bio->peer_addr); - bio->peer_addr = (WOLFSSL_BIO_ADDR *)parg; + { + socklen_t addr_size; + if (parg == NULL) { + ret = WOLFSSL_FAILURE; + break; + } + addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); ret = WOLFSSL_SUCCESS; break; + } case BIO_CTRL_DGRAM_SET_CONNECTED: - bio->connected = (parg != NULL); - if (bio->peer_addr) - wolfSSL_BIO_ADDR_free(bio->peer_addr); - bio->peer_addr = (WOLFSSL_BIO_ADDR *)parg; + if (parg == NULL) + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + else { + socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + } ret = WOLFSSL_SUCCESS; break; case BIO_CTRL_DGRAM_QUERY_MTU: - return 0; /* not implemented */ + ret = 0; /* not implemented */ break; #endif /* WOLFSSL_HAVE_BIO_ADDR */ @@ -897,7 +966,8 @@ int wolfSSL_BIO_up_ref(WOLFSSL_BIO* bio) #ifdef WOLFSSL_HAVE_BIO_ADDR WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void) { - WOLFSSL_BIO_ADDR *addr = XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO); + WOLFSSL_BIO_ADDR *addr = + (WOLFSSL_BIO_ADDR *)XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO); if (addr) addr->sa.sa_family = AF_UNSPEC; return addr; @@ -929,7 +999,10 @@ socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) { return sizeof(addr->sa_un); #endif default: - return sizeof(*addr); + /* must return zero if length can't be determined, to avoid buffer + * overruns in callers. + */ + return 0; } } #endif /* WOLFSSL_HAVE_BIO_ADDR */ @@ -1494,7 +1567,9 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) sz = num; } bio->pair->rdIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS bio->pair->bytes_read += (word32)sz; +#endif /* check if have read to the end of the buffer and need to reset */ if (bio->pair->rdIdx == bio->pair->wrSz) { @@ -1573,7 +1648,9 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) } *buf = (char*)bio->ptr + bio->wrIdx; bio->wrIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS bio->bytes_written += (word32)sz; +#endif /* if at the end of the buffer and space for wrap around then set * write index back to 0 */ @@ -1585,33 +1662,37 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) return sz; } -#ifdef WORD64_AVAILABLE -word64 -#else -word32 -#endif -wolfSSL_BIO_number_read(WOLFSSL_BIO *bio) +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS +word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio) { + word64 ret = 0; if (bio == NULL) { WOLFSSL_MSG("NULL argument passed in"); return 0; } - return bio->bytes_read; + while (bio) { + ret += bio->bytes_read; + bio = bio->next; + } + + return ret; } -#ifdef WORD64_AVAILABLE -word64 -#else -word32 -#endif -wolfSSL_BIO_number_written(WOLFSSL_BIO *bio) +word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio) { + word64 ret = 0; if (bio == NULL) { WOLFSSL_MSG("NULL argument passed in"); return 0; } - return bio->bytes_written; + while (bio) { + ret += bio->bytes_written; + bio = bio->next; + } + + return ret; } +#endif /* WOLFSSL_BIO_HAVE_FLOW_STATS */ /* Reset BIO to initial state */ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) @@ -2897,10 +2978,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if ((bio->type == WOLFSSL_BIO_SOCKET) && (bio->num > 0)) CloseSocket(bio->num); #endif - #ifdef WOLFSSL_HAVE_BIO_ADDR - if (bio->peer_addr != NULL) - wolfSSL_BIO_ADDR_free(bio->peer_addr); - #endif } #ifndef NO_FILESYSTEM diff --git a/src/internal.c b/src/internal.c index 31a0f011d8..d6cce09d59 100644 --- a/src/internal.c +++ b/src/internal.c @@ -25639,9 +25639,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case DUPLICATE_TLS_EXT_E: return "Duplicate TLS extension in message."; - case SOCKET_NOT_CONNECTED_E: - return "Socket has no associated peer."; - default : return "unknown error number"; } diff --git a/src/ssl.c b/src/ssl.c index 34d8d6913a..b7a9f3c8c7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1954,6 +1954,15 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu) return WOLFSSL_SUCCESS; } +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) { + if (wolfSSL_dtls_set_mtu(ssl, mtu) == 0) + return SSL_SUCCESS; + else + return SSL_FAILURE; +} +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ + #endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */ #ifdef WOLFSSL_SRTP @@ -7340,6 +7349,8 @@ int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der) { + if (x509_PubKey == NULL) + return WOLFSSL_FATAL_ERROR; return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der); } @@ -10954,7 +10965,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA #ifndef NO_BIO - static void wolfSSL_set_bio_1(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr, int flags) + static void ssl_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr, int flags) { WOLFSSL_ENTER("wolfSSL_set_bio"); @@ -11017,17 +11028,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl) void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) { - wolfSSL_set_bio_1(ssl, rd, wr, WOLFSSL_BIO_FLAG_READ | WOLFSSL_BIO_FLAG_WRITE); + ssl_set_bio(ssl, rd, wr, WOLFSSL_BIO_FLAG_READ | WOLFSSL_BIO_FLAG_WRITE); } void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd) { - wolfSSL_set_bio_1(ssl, rd, NULL, WOLFSSL_BIO_FLAG_READ); + ssl_set_bio(ssl, rd, NULL, WOLFSSL_BIO_FLAG_READ); } void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr) { - wolfSSL_set_bio_1(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE); + ssl_set_bio(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE); } #endif /* !NO_BIO */ @@ -14982,12 +14993,6 @@ int wolfSSL_COMP_add_compression_method(int method, void* data) return 0; } -const char *wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp) -{ - (void)comp; - return NULL; -} - const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl) { (void)ssl; return NULL; @@ -14998,10 +15003,7 @@ const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl) { return NULL; } -#endif /* NO_WOLFSSL_STUB */ - -#ifndef NO_WOLFSSL_STUB -const char* wolfSSL_COMP_get_name(const void* comp) +const char* wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp) { static const char ret[] = "not supported"; diff --git a/src/ssl_load.c b/src/ssl_load.c index 562ab81bb4..269002c1f2 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -2871,6 +2871,29 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, WOLFSSL_ABI int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, const char* path) +{ + /* Load using default flags/options. */ + int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); + + /* Return 1 on success or 0 on failure. */ + return WS_RETURN_CODE(ret, 0); +} + +/* Load a file and/or files in path, with OpenSSL-compatible semantics. + * + * No c_rehash. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of file to load. May be NULL. + * @param [in] path Path to directory containing PEM CA files. + * May be NULL. + * @return 1 on success. + * @return 0 on failure. + */ +WOLFSSL_API +int wolfSSL_CTX_load_verify_locations_compat(WOLFSSL_CTX* ctx, const char* file, + const char* path) { /* We want to keep trying to load more CA certs even if one cert in the * directory is bad and can't be used (e.g. if one is expired), and we diff --git a/src/x509.c b/src/x509.c index 6c7ba863c3..f03e7cfb84 100644 --- a/src/x509.c +++ b/src/x509.c @@ -8798,7 +8798,7 @@ const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *na const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0], *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)]; while (param < param_end) { - if (! XSTRCMP(name, param->name)) + if (XSTRCMP(name, param->name) == 0) return param; ++param; } diff --git a/tests/api.c b/tests/api.c index 51b8f99f32..af15b89a30 100644 --- a/tests/api.c +++ b/tests/api.c @@ -56973,7 +56973,7 @@ static int test_wolfSSL_BIO_datagram(void) EXPECT_DECLS; #if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) int ret; - SOCKET_T fd1 = 0, fd2 = 0; /* SOCKET_T is unsigned on Windows */ + SOCKET_T fd1 = SOCKET_INVALID, fd2 = SOCKET_INVALID; WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; WOLFSSL_BIO_ADDR *bio_addr1 = NULL, *bio_addr2 = NULL; SOCKADDR_IN sin1, sin2; @@ -56991,12 +56991,12 @@ static int test_wolfSSL_BIO_datagram(void) #endif if (EXPECT_SUCCESS()) { - fd1 = socket(AF_INET, SOCK_DGRAM, 17 /* UDP */); - ExpectIntGT(fd1, 0); + fd1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + ExpectIntNE(fd1, SOCKET_INVALID); } if (EXPECT_SUCCESS()) { - fd2 = socket(AF_INET, SOCK_DGRAM, 17 /* UDP */); - ExpectIntGT(fd2, 0); + fd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + ExpectIntNE(fd2, SOCKET_INVALID); } if (EXPECT_SUCCESS()) { @@ -57029,16 +57029,21 @@ static int test_wolfSSL_BIO_datagram(void) ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0); } + if (EXPECT_SUCCESS()) { + bio_addr1 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr1); + } + if (EXPECT_SUCCESS()) { bio_addr2 = wolfSSL_BIO_ADDR_new(); ExpectNotNull(bio_addr2); } if (EXPECT_SUCCESS()) { + /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs must work right. */ XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) - bio_addr2 = NULL; + wolfSSL_BIO_ADDR_clear(bio_addr2); } test_msg_recvd[0] = 0; @@ -57046,6 +57051,11 @@ static int test_wolfSSL_BIO_datagram(void) ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + ExpectIntEQ(wolfSSL_BIO_number_written(bio1), sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_number_read(bio2), sizeof(test_msg)); +#endif + /* bio2 should now have bio1's addr stored as its peer_addr, because the * BIOs aren't "connected" yet. use it to send a reply. */ @@ -57056,47 +57066,26 @@ static int test_wolfSSL_BIO_datagram(void) ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); - -#ifdef USE_WINDOWS_API - ExpectIntEQ(WSAGetLastError(), WSAEWOULDBLOCK); -#else - ExpectIntEQ(errno, EAGAIN); -#endif + ExpectIntNE(BIO_should_retry(bio1), 0); ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); -#ifdef USE_WINDOWS_API - ExpectIntEQ(WSAGetLastError(), WSAEWOULDBLOCK); -#else - ExpectIntEQ(errno, EAGAIN); -#endif + ExpectIntNE(BIO_should_retry(bio2), 0); /* now "connect" the sockets. */ - if (EXPECT_SUCCESS()) { - bio_addr1 = wolfSSL_BIO_ADDR_new(); - ExpectNotNull(bio_addr1); - } - - if (EXPECT_SUCCESS()) { - bio_addr2 = wolfSSL_BIO_ADDR_new(); - ExpectNotNull(bio_addr2); - } - ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0); ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); if (EXPECT_SUCCESS()) { XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) - bio_addr2 = NULL; + wolfSSL_BIO_ADDR_clear(bio_addr2); } if (EXPECT_SUCCESS()) { XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1)); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) - bio_addr1 = NULL; + wolfSSL_BIO_ADDR_clear(bio_addr1); } test_msg_recvd[0] = 0; @@ -57120,23 +57109,17 @@ static int test_wolfSSL_BIO_datagram(void) ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) { - bio_addr2 = wolfSSL_BIO_ADDR_new(); - ExpectNotNull(bio_addr2); - } - if (EXPECT_SUCCESS()) { sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */ XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) - bio_addr2 = NULL; + wolfSSL_BIO_ADDR_clear(bio_addr2); } test_msg_recvd[0] = 0; errno = 0; ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), -1); - ExpectIntEQ(errno, EINVAL); + ExpectTrue((errno == EINVAL) || (errno == ENETUNREACH)); #endif /* __linux__ */ @@ -57144,12 +57127,12 @@ static int test_wolfSSL_BIO_datagram(void) if (bio1) { ret = wolfSSL_BIO_free(bio1); ExpectIntEQ(ret, WOLFSSL_SUCCESS); - } else if (fd1 > 0) + } else if (fd1 != SOCKET_INVALID) CloseSocket(fd1); if (bio2) { ret = wolfSSL_BIO_free(bio2); ExpectIntEQ(ret, WOLFSSL_SUCCESS); - } else if (fd2 > 0) + } else if (fd2 != SOCKET_INVALID) CloseSocket(fd2); if (bio_addr1) wolfSSL_BIO_ADDR_free(bio_addr1); @@ -73724,13 +73707,13 @@ static int test_stubs_are_stubs(void) /* when implemented this should take WOLFSSL object insted, right now * always returns 0 */ - ExpectIntEQ(SSL_get_current_expansion(NULL), 0); + ExpectPtrEq(SSL_get_current_expansion(NULL), NULL); wolfSSL_CTX_free(ctx); ctx = NULL; ExpectStrEQ(SSL_COMP_get_name(NULL), "not supported"); - ExpectIntEQ(SSL_get_current_expansion(), 0); + ExpectPtrEq(SSL_get_current_expansion(NULL), NULL); #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB && (!NO_WOLFSSL_CLIENT || * !NO_WOLFSSL_SERVER) */ return EXPECT_RESULT(); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8424956dc0..5a5db113f9 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2771,19 +2771,17 @@ struct WOLFSSL_BIO { * struct WOLFSSL_DTLS_CTX, when set, sendto and * recvfrom leave the peer_addr unchanged. */ #ifdef WOLFSSL_HAVE_BIO_ADDR - union WOLFSSL_BIO_ADDR *peer_addr; /* for datagram BIOs, the socket address stored - * with BIO_CTRL_DGRAM_CONNECT, - * BIO_CTRL_DGRAM_SET_CONNECTED, or - * BIO_CTRL_DGRAM_SET_PEER, or stored when a - * packet was received on an unconnected BIO. */ + union WOLFSSL_BIO_ADDR peer_addr; /* for datagram BIOs, the socket address stored + * with BIO_CTRL_DGRAM_CONNECT, + * BIO_CTRL_DGRAM_SET_CONNECTED, or + * BIO_CTRL_DGRAM_SET_PEER, or stored when a + * packet was received on an unconnected BIO. */ #endif -#ifdef WORD64_AVAILABLE - word64 bytes_read; - word64 bytes_written; -#else - word32 bytes_read; - word32 bytes_written; +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS) + #define WOLFSSL_BIO_HAVE_FLOW_STATS + word64 bytes_read; + word64 bytes_written; #endif #ifdef HAVE_EX_DATA diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index ecec0735a9..4c11280dd9 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -268,13 +268,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #ifndef NO_FILESYSTEM #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file -#ifdef WOLFSSL_APACHE_HTTPD - #define SSL_CTX_load_verify_locations(ctx,file,path) \ - wolfSSL_CTX_load_verify_locations_ex(ctx,file,path,\ - WOLFSSL_LOAD_FLAG_IGNORE_ERR) -#else - #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations -#endif + #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations_compat #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file @@ -851,10 +845,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_get_current_compression wolfSSL_get_current_compression #define SSL_get_current_expansion wolfSSL_get_current_expansion -#define SSL_get_current_compression(ssl) 0 -#define SSL_get_current_expansion(ssl) 0 -#define SSL_COMP_get_name wolfSSL_COMP_get_name - #define SSL_get_ex_new_index wolfSSL_get_ex_new_index #define RSA_get_ex_new_index wolfSSL_get_ex_new_index @@ -1164,8 +1154,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define DTLSv1_get_timeout(ssl, timeleft) wolfSSL_DTLSv1_get_timeout((ssl), (WOLFSSL_TIMEVAL*)(timeleft)) #define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration - -#define SSL_set_mtu(ssl, mtu) ((wolfSSL_dtls_set_mtu(ssl, mtu) == 0) ? SSL_SUCCESS : SSL_FAILURE) +#define SSL_set_mtu wolfSSL_set_mtu_compat /* DTLS SRTP */ #ifdef WOLFSSL_SRTP diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d3f3a0165e..89c1450499 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -67,6 +67,15 @@ #undef OCSP_RESPONSE #endif +#ifdef OPENSSL_ALL + #ifndef WOLFSSL_HAVE_BIO_ADDR + #define WOLFSSL_HAVE_BIO_ADDR + #endif + #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DTLS_MTU) + #define WOLFSSL_DTLS_MTU + #endif +#endif + #ifdef OPENSSL_COEXIST /* mode to allow wolfSSL and OpenSSL to exist together */ #ifdef TEST_OPENSSL_COEXIST @@ -1074,6 +1083,8 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex( WOLFSSL_CTX* ctx, const char* file, const char* path, word32 flags); WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations( WOLFSSL_CTX* ctx, const char* file, const char* path); +WOLFSSL_API WOLFSSL_API int wolfSSL_CTX_load_verify_locations_compat( + WOLFSSL_CTX* ctx, const char* file, const char* path); #ifndef _WIN32 WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num); #endif /* !_WIN32 */ @@ -1459,8 +1470,11 @@ WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL* ssl); #endif #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ defined(WOLFSSL_DTLS) -WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short); -WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short); +WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short mtu); +WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short mtu); +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu); +#endif #endif #ifdef WOLFSSL_SRTP @@ -1824,12 +1838,9 @@ WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); -#ifdef WORD64_AVAILABLE +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS) WOLFSSL_API word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio); WOLFSSL_API word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio); -#else -WOLFSSL_API word32 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio); -WOLFSSL_API word32 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio); #endif WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio); @@ -5218,7 +5229,6 @@ WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a) WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -WOLFSSL_API const char* wolfSSL_COMP_get_name(const void* comp); WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir); WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p); diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 28259e6226..712942b027 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -473,9 +473,6 @@ WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); #error WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_NO_SOCK are mutually incompatible. #endif -#ifndef WOLFSSL_NO_BIO_ADDR_UN -#endif - union WOLFSSL_BIO_ADDR { SOCKADDR sa; SOCKADDR_IN sa_in; From 51c49b678eda328f1211d57fa39deb68f3ce607e Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 22 Jun 2024 10:53:03 -0500 Subject: [PATCH 15/21] src/bio.c: fix gating for WOLFSSL_BIO_DGRAM handling. --- src/bio.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/bio.c b/src/bio.c index 200e5fa8ff..d80fab53e1 100644 --- a/src/bio.c +++ b/src/bio.c @@ -367,9 +367,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #endif break; -#ifdef WOLFSSL_HAVE_BIO_ADDR case WOLFSSL_BIO_DGRAM: - #ifdef USE_WOLFSSL_IO + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; @@ -392,7 +392,6 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) ret = NOT_COMPILED_IN; #endif break; -#endif } /* switch */ } @@ -795,9 +794,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #endif break; -#ifdef WOLFSSL_HAVE_BIO_ADDR case WOLFSSL_BIO_DGRAM: - #ifdef USE_WOLFSSL_IO + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; @@ -820,7 +819,6 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) ret = NOT_COMPILED_IN; #endif break; -#endif } /* switch */ } @@ -2334,6 +2332,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void) { static WOLFSSL_BIO_METHOD meth = @@ -2357,6 +2356,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } return bio; } +#endif /** From 1159fc333f4612e35f76c6e2b48014c92004ffdf Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 24 Jun 2024 11:02:59 -0500 Subject: [PATCH 16/21] src/bio.c: in wolfSSL_BIO_ADDR_size(), add missing gate on HAVE_SYS_UN_H for AF_UNIX. --- src/bio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bio.c b/src/bio.c index d80fab53e1..8d60f032da 100644 --- a/src/bio.c +++ b/src/bio.c @@ -992,7 +992,7 @@ socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) { case AF_INET6: return sizeof(addr->sa_in6); #endif -#ifndef WOLFSSL_NO_BIO_ADDR_UN +#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) case AF_UNIX: return sizeof(addr->sa_un); #endif From 9e995443155b3bc565dac33464691d26eed064cf Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 24 Jun 2024 23:19:43 -0500 Subject: [PATCH 17/21] wolfssl/ssl.h: fix double-WOLFSSL_API on wolfSSL_CTX_load_verify_locations_compat(). --- wolfssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 89c1450499..6a5afad611 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1083,7 +1083,7 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex( WOLFSSL_CTX* ctx, const char* file, const char* path, word32 flags); WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations( WOLFSSL_CTX* ctx, const char* file, const char* path); -WOLFSSL_API WOLFSSL_API int wolfSSL_CTX_load_verify_locations_compat( +WOLFSSL_API int wolfSSL_CTX_load_verify_locations_compat( WOLFSSL_CTX* ctx, const char* file, const char* path); #ifndef _WIN32 WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num); From 0c1163f01f6e272384f21f22dd2fea0d20e233f2 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 24 Jun 2024 23:35:18 -0500 Subject: [PATCH 18/21] src/bio.c: restore inadvertently removed update of bio->connected in wolfSSL_BIO_ctrl() case BIO_CTRL_DGRAM_SET_CONNECTED. --- src/bio.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/bio.c b/src/bio.c index 8d60f032da..266debb346 100644 --- a/src/bio.c +++ b/src/bio.c @@ -909,15 +909,17 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) } case BIO_CTRL_DGRAM_SET_CONNECTED: - if (parg == NULL) + if (parg == NULL) { wolfSSL_BIO_ADDR_clear(&bio->peer_addr); - else { + bio->connected = 0; + } else { socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); if (addr_size == 0) { ret = WOLFSSL_FAILURE; break; } XMEMCPY(&bio->peer_addr, parg, addr_size); + bio->connected = 1; } ret = WOLFSSL_SUCCESS; break; From 5298039d094dc06842b34422016234926cf4ea98 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 26 Jun 2024 02:04:37 -0500 Subject: [PATCH 19/21] fixes from peer review: move OS-specific code from wolfSSL_BIO_read() and wolfSSL_BIO_write() to wolfIO_Recv(), wolfIO_Send(), wolfIO_RecvFrom(), and wolfIO_SendTo(); add SOCKET_ETIMEDOUT definitions to wolfio.h; misc cleanups. --- src/bio.c | 42 ++++++++------------------- src/ssl_load.c | 1 - src/wolfio.c | 70 +++++++++++++++++++++++++++++++++++++++++++-- tests/api.c | 4 +-- wolfcrypt/src/asn.c | 2 +- wolfssl/error-ssl.h | 2 +- wolfssl/wolfio.h | 4 +++ 7 files changed, 86 insertions(+), 39 deletions(-) diff --git a/src/bio.c b/src/bio.c index 266debb346..914059db9e 100644 --- a/src/bio.c +++ b/src/bio.c @@ -353,14 +353,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) * (cannot be used with WOLFSSL_USER_IO) */ bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); - if (ret < 0) { -#ifdef USE_WINDOWS_API - if (WSAGetLastError() == WSAEWOULDBLOCK) - bio->flags |= WOLFSSL_BIO_FLAG_RETRY; -#else - if (errno == EAGAIN) - bio->flags |= WOLFSSL_BIO_FLAG_RETRY; -#endif + if (ret == WC_NO_ERR_TRACE(SOCKET_NODATA)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + ret = WOLFSSL_BIO_ERROR; } #else ret = NOT_COMPILED_IN; @@ -379,14 +374,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) wolfSSL_BIO_ADDR_clear(&bio->peer_addr); ret = wolfIO_RecvFrom(bio->num, &bio->peer_addr, (char*)buf, len, 0); } - if ((ret < 0) && (ret != WC_NO_ERR_TRACE(MEMORY_E))) { -#ifdef USE_WINDOWS_API - if (WSAGetLastError() == WSAEWOULDBLOCK) - bio->flags |= WOLFSSL_BIO_FLAG_RETRY; -#else - if (errno == EAGAIN) - bio->flags |= WOLFSSL_BIO_FLAG_RETRY; -#endif + if (ret == WC_NO_ERR_TRACE(SOCKET_NODATA)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + ret = WOLFSSL_BIO_ERROR; } #else ret = NOT_COMPILED_IN; @@ -782,13 +772,10 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) * (cannot be used with WOLFSSL_USER_IO) */ bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; ret = wolfIO_Send(bio->num, (char*)data, len, 0); -#ifdef USE_WINDOWS_API - if (WSAGetLastError() == WSAEWOULDBLOCK) + if (ret == WC_NO_ERR_TRACE(SOCKET_NODATA)) { bio->flags |= WOLFSSL_BIO_FLAG_RETRY; -#else - if (errno == EAGAIN) - bio->flags |= WOLFSSL_BIO_FLAG_RETRY; -#endif + ret = WOLFSSL_BIO_ERROR; + } #else ret = NOT_COMPILED_IN; #endif @@ -806,14 +793,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) ret = SOCKET_ERROR_E; else ret = wolfIO_SendTo(bio->num, &bio->peer_addr, (char*)data, len, 0); - if (ret < 0) { -#ifdef USE_WINDOWS_API - if (WSAGetLastError() == WSAEWOULDBLOCK) - bio->flags |= WOLFSSL_BIO_FLAG_RETRY; -#else - if (errno == EAGAIN) - bio->flags |= WOLFSSL_BIO_FLAG_RETRY; -#endif + if (ret == WC_NO_ERR_TRACE(SOCKET_NODATA)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + ret = WOLFSSL_BIO_ERROR; } #else ret = NOT_COMPILED_IN; diff --git a/src/ssl_load.c b/src/ssl_load.c index 269002c1f2..bab9b1df2e 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -2891,7 +2891,6 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, * @return 1 on success. * @return 0 on failure. */ -WOLFSSL_API int wolfSSL_CTX_load_verify_locations_compat(WOLFSSL_CTX* ctx, const char* file, const char* path) { diff --git a/src/wolfio.c b/src/wolfio.c index c9e92846b8..fbb5f28e24 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -177,7 +177,7 @@ static WC_INLINE int wolfSSL_LastError(int err) #elif defined(EBSNET) return xn_getlasterror(); #elif defined(WOLFSSL_LINUXKM) || defined(WOLFSSL_EMNET) - return err; /* Return provided error value */ + return -err; /* Return provided error value */ #elif defined(FUSION_RTOS) #include return FCL_GET_ERRNO; @@ -1100,6 +1100,21 @@ int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags) recvd = (int)RECV_FUNCTION(sd, buf, (size_t)sz, rdFlags); recvd = TranslateReturnCode(recvd, (int)sd); + if (recvd < 0) { + int last_err = wolfSSL_LastError(recvd); + if ((last_err == SOCKET_EWOULDBLOCK) +#if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN + || (last_err == SOCKET_EAGAIN) +#endif +#ifdef SOCKET_ETIMEDOUT + || (last_err == SOCKET_ETIMEDOUT) +#endif + ) + { + return SOCKET_NODATA; + } + } + return recvd; } @@ -1110,6 +1125,21 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) sent = (int)SEND_FUNCTION(sd, buf, (size_t)sz, wrFlags); sent = TranslateReturnCode(sent, (int)sd); + if (sent < 0) { + int last_err = wolfSSL_LastError(sent); + if ((last_err == SOCKET_EWOULDBLOCK) +#if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN + || (last_err == SOCKET_EAGAIN) +#endif +#ifdef SOCKET_ETIMEDOUT + || (last_err == SOCKET_ETIMEDOUT) +#endif + ) + { + return SOCKET_NODATA; + } + } + return sent; } @@ -1120,9 +1150,26 @@ int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int int recvd; socklen_t addr_len = (socklen_t)sizeof(*addr); - recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, rdFlags, addr ? &addr->sa : NULL, addr ? &addr_len : 0); + recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, rdFlags, + addr ? &addr->sa : NULL, + addr ? &addr_len : 0); recvd = TranslateReturnCode(recvd, (int)sd); + if (recvd < 0) { + int last_err = wolfSSL_LastError(recvd); + if ((last_err == SOCKET_EWOULDBLOCK) +#if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN + || (last_err == SOCKET_EAGAIN) +#endif +#ifdef SOCKET_ETIMEDOUT + || (last_err == SOCKET_ETIMEDOUT) +#endif + ) + { + return SOCKET_NODATA; + } + } + return recvd; } @@ -1130,9 +1177,26 @@ int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wr { int sent; - sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, wrFlags, addr ? &addr->sa : NULL, addr ? wolfSSL_BIO_ADDR_size(addr) : 0); + sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, wrFlags, + addr ? &addr->sa : NULL, + addr ? wolfSSL_BIO_ADDR_size(addr) : 0); sent = TranslateReturnCode(sent, (int)sd); + if (sent < 0) { + int last_err = wolfSSL_LastError(sent); + if ((last_err == SOCKET_EWOULDBLOCK) +#if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN + || (last_err == SOCKET_EAGAIN) +#endif +#ifdef SOCKET_ETIMEDOUT + || (last_err == SOCKET_ETIMEDOUT) +#endif + ) + { + return SOCKET_NODATA; + } + } + return sent; } diff --git a/tests/api.c b/tests/api.c index af15b89a30..60fc29ef16 100644 --- a/tests/api.c +++ b/tests/api.c @@ -56986,9 +56986,7 @@ static int test_wolfSSL_BIO_datagram(void) static const struct timeval timeout = { 0, 250000 }; #endif -#ifdef USE_WINDOWS_API - WSAStartup(); -#endif + StartTCP(); if (EXPECT_SUCCESS()) { fd1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 624ffc9cc6..678422d19c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13775,7 +13775,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, * @param [in, out] cert Decoded certificate object. * @param [out] full Buffer to hold full name as a string. * @param [out] hash Buffer to hold hash of name. - * @param [in] nameType ISSUER or SUBJECT. + * @param [in] nameType ASN_ISSUER or ASN_SUBJECT. * @param [in] input Buffer holding certificate name. * @param [in, out] inOutIdx On in, start of certificate name. * On out, start of ASN.1 item after cert name. diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index 64edf75c36..724d7de007 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -185,8 +185,8 @@ enum wolfSSL_ErrorCodes { DTLS_CID_ERROR = -454, /* Wrong or missing CID */ DTLS_TOO_MANY_FRAGMENTS_E = -455, /* Received too many fragments */ QUIC_WRONG_ENC_LEVEL = -456, /* QUIC data received on wrong encryption level */ + DUPLICATE_TLS_EXT_E = -457, /* Duplicate TLS extension in msg. */ - SOCKET_NOT_CONNECTED_E = -458, /* Socket has no associated peer. */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* begin negotiation parameter errors */ diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 712942b027..eb8b20989c 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -208,6 +208,7 @@ #endif #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK #define SOCKET_EAGAIN WSAETIMEDOUT + #define SOCKET_ETIMEDOUT WSAETIMEDOUT #define SOCKET_ECONNRESET WSAECONNRESET #define SOCKET_EINTR WSAEINTR #define SOCKET_EPIPE WSAEPIPE @@ -312,6 +313,7 @@ #elif defined(WOLFSSL_LWIP_NATIVE) #define SOCKET_EWOULDBLOCK ERR_WOULDBLOCK #define SOCKET_EAGAIN ERR_WOULDBLOCK + #define SOCKET_TIMEDOUT ERR_TIMEOUT #define SOCKET_ECONNRESET ERR_RST #define SOCKET_EINTR ERR_CLSD #define SOCKET_EPIPE ERR_CLSD @@ -329,6 +331,7 @@ #else #define SOCKET_EWOULDBLOCK EWOULDBLOCK #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ETIMEDOUT ETIMEDOUT #define SOCKET_ECONNRESET ECONNRESET #define SOCKET_EINTR EINTR #define SOCKET_EPIPE EPIPE @@ -514,6 +517,7 @@ WOLFSSL_API int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, FNS_CLOSE(s, &err); \ } while(0) #endif + #define StartTCP() WC_DO_NOTHING #else #ifndef CloseSocket #define CloseSocket(s) close(s) From 9023aeef75e5cee620bbf2563e4a6c7a043b1759 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 29 Jun 2024 00:28:09 -0500 Subject: [PATCH 20/21] BIO/wolfio: refactor TranslateReturnCode(), wolfSSL_LastError(), and TranslateIoError() into complete+consistent wolfSSL_LastError() and TranslateIoReturnCode(), handling all special cases correctly, and correctly returning WOLFSSL_CBIO_ERR_WANT_WRITE and WOLFSSL_CBIO_ERR_TIMEOUT. use TranslateIoReturnCode() directly in wolfIO_Recv(), wolfIO_Send(), wolfIO_RecvFrom(), wolfIO_SendTo(), and remove now-superfluous TranslateIoError() calls from EmbedReceive(), EmbedSend(), EmbedReceiveFrom(), EmbedSendTo(), EmbedReceiveFromMcast(). --- src/bio.c | 16 +++- src/wolfio.c | 186 +++++++++++++++++------------------------------ wolfssl/wolfio.h | 7 ++ 3 files changed, 85 insertions(+), 124 deletions(-) diff --git a/src/bio.c b/src/bio.c index 914059db9e..6ace590ca1 100644 --- a/src/bio.c +++ b/src/bio.c @@ -353,8 +353,10 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) * (cannot be used with WOLFSSL_USER_IO) */ bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); - if (ret == WC_NO_ERR_TRACE(SOCKET_NODATA)) { + if (ret == WOLFSSL_CBIO_ERR_WANT_READ) { bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { ret = WOLFSSL_BIO_ERROR; } #else @@ -374,8 +376,10 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) wolfSSL_BIO_ADDR_clear(&bio->peer_addr); ret = wolfIO_RecvFrom(bio->num, &bio->peer_addr, (char*)buf, len, 0); } - if (ret == WC_NO_ERR_TRACE(SOCKET_NODATA)) { + if (ret == WOLFSSL_CBIO_ERR_WANT_READ) { bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { ret = WOLFSSL_BIO_ERROR; } #else @@ -772,8 +776,10 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) * (cannot be used with WOLFSSL_USER_IO) */ bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; ret = wolfIO_Send(bio->num, (char*)data, len, 0); - if (ret == WC_NO_ERR_TRACE(SOCKET_NODATA)) { + if (ret == WOLFSSL_CBIO_ERR_WANT_WRITE) { bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { ret = WOLFSSL_BIO_ERROR; } #else @@ -793,8 +799,10 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) ret = SOCKET_ERROR_E; else ret = wolfIO_SendTo(bio->num, &bio->peer_addr, (char*)data, len, 0); - if (ret == WC_NO_ERR_TRACE(SOCKET_NODATA)) { + if (ret == WOLFSSL_CBIO_ERR_WANT_WRITE) { bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { ret = WOLFSSL_BIO_ERROR; } #else diff --git a/src/wolfio.c b/src/wolfio.c index fbb5f28e24..e52565934d 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -136,70 +136,65 @@ Possible IO enable options: #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) -/* Translates return codes returned from - * send() and recv() if need be. - */ -static WC_INLINE int TranslateReturnCode(int old, int sd) +static WC_INLINE int wolfSSL_LastError(int err, SOCKET_T sd) { (void)sd; -#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - if (old == 0) { - errno = SOCKET_EWOULDBLOCK; - return -1; /* convert to BSD style wouldblock as error */ - } - - if (old < 0) { - errno = RTCS_geterror(sd); - if (errno == RTCSERR_TCP_CONN_CLOSING) - return 0; /* convert to BSD style closing */ - if (errno == RTCSERR_TCP_CONN_RLSD) - errno = SOCKET_ECONNRESET; - if (errno == RTCSERR_TCP_TIMED_OUT) - errno = SOCKET_EAGAIN; - } -#elif defined(WOLFSSL_EMNET) - if (old < 0) { /* SOCKET_ERROR */ - /* Get the real socket error */ - IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &old, (int)sizeof(old)); - } -#endif - - return old; -} - -static WC_INLINE int wolfSSL_LastError(int err) -{ - (void)err; /* Suppress unused arg */ + if (err > 0) + return 0; #ifdef USE_WINDOWS_API return WSAGetLastError(); #elif defined(EBSNET) return xn_getlasterror(); #elif defined(WOLFSSL_LINUXKM) || defined(WOLFSSL_EMNET) - return -err; /* Return provided error value */ + return -err; /* Return provided error value with corrected sign. */ #elif defined(FUSION_RTOS) #include return FCL_GET_ERRNO; #elif defined(NUCLEUS_PLUS_2_3) return Nucleus_Net_Errno; +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + if ((err == 0) || (err == -SOCKET_EWOULDBLOCK)) { + return SOCKET_EWOULDBLOCK; /* convert to BSD style wouldblock */ + } else { + err = RTCS_geterror(sd); + if ((err == RTCSERR_TCP_CONN_CLOSING) || + (err == RTCSERR_TCP_CONN_RLSD)) + { + err = SOCKET_ECONNRESET; + } + return err; + } +#elif defined(WOLFSSL_EMNET) + /* Get the real socket error */ + IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &err, (int)sizeof(old)); + return err; #else return errno; #endif } -static int TranslateIoError(int err) +/* Translates return codes returned from + * send(), recv(), and other network I/O calls. + */ +static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction) { #ifdef _WIN32 size_t errstr_offset; char errstr[WOLFSSL_STRERROR_BUFFER_SIZE]; #endif /* _WIN32 */ - +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) if (err > 0) return err; +#else + if (err >= 0) + return err; +#endif + + err = wolfSSL_LastError(err, sd); - err = wolfSSL_LastError(err); #if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN if ((err == SOCKET_EWOULDBLOCK) || (err == SOCKET_EAGAIN)) #else @@ -207,8 +202,26 @@ static int TranslateIoError(int err) #endif { WOLFSSL_MSG("\tWould block"); - return WOLFSSL_CBIO_ERR_WANT_READ; + if (direction == SOCKET_SENDING) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + else if (direction == SOCKET_RECEIVING) + return WOLFSSL_CBIO_ERR_WANT_READ; + else + return WOLFSSL_CBIO_ERR_GENERAL; + } + +#ifdef SOCKET_ETIMEDOUT + else if (err == SOCKET_ETIMEDOUT) { + WOLFSSL_MSG("\tTimed out"); + if (direction == SOCKET_SENDING) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + else if (direction == SOCKET_RECEIVING) + return WOLFSSL_CBIO_ERR_WANT_READ; + else + return WOLFSSL_CBIO_ERR_TIMEOUT; } +#endif + else if (err == SOCKET_ECONNRESET) { WOLFSSL_MSG("\tConnection reset"); return WOLFSSL_CBIO_ERR_CONN_RST; @@ -288,7 +301,7 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) return WOLFSSL_CBIO_ERR_CONN_CLOSE; } #ifdef USE_WOLFSSL_IO - recvd = TranslateIoError(recvd); + recvd = TranslateIoReturnCode(recvd, ssl->biord->num, SOCKET_RECEIVING); #endif return recvd; } @@ -333,7 +346,7 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) if (sent <= 0) { if (ssl->biowr->type == WOLFSSL_BIO_SOCKET) { #ifdef USE_WOLFSSL_IO - sent = TranslateIoError(sent); + sent = TranslateIoReturnCode(sent, ssl->biowr->num, SOCKET_SENDING); #endif return sent; } @@ -377,7 +390,6 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) recvd = wolfIO_Recv(sd, buf, sz, ssl->rflags); if (recvd < 0) { WOLFSSL_MSG("Embed Receive error"); - return TranslateIoError(recvd); } else if (recvd == 0) { WOLFSSL_MSG("Embed receive connection closed"); @@ -407,7 +419,6 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) sent = wolfIO_Send(sd, buf, sz, ssl->wflags); if (sent < 0) { WOLFSSL_MSG("Embed Send error"); - return TranslateIoError(sent); } return sent; @@ -746,11 +757,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) peerSz = (XSOCKLENT)dtlsCtx->peer.bufSz; } - recvd = TranslateReturnCode(recvd, sd); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); if (recvd < 0) { WOLFSSL_MSG("Embed Receive From error"); - recvd = TranslateIoError(recvd); if (recvd == WOLFSSL_CBIO_ERR_WANT_READ && !wolfSSL_dtls_get_using_nonblock(ssl)) { recvd = WOLFSSL_CBIO_ERR_TIMEOUT; @@ -835,11 +845,10 @@ int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx) sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, ssl->wflags, (const SOCKADDR*)peer, peerSz); - sent = TranslateReturnCode(sent, sd); + sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING); if (sent < 0) { WOLFSSL_MSG("Embed Send To error"); - return TranslateIoError(sent); } return sent; @@ -861,16 +870,14 @@ int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx) recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, ssl->rflags, NULL, NULL); - recvd = TranslateReturnCode(recvd, sd); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); if (recvd < 0) { WOLFSSL_MSG("Embed Receive From error"); - recvd = TranslateIoError(recvd); if (recvd == WOLFSSL_CBIO_ERR_WANT_READ && !wolfSSL_dtls_get_using_nonblock(ssl)) { recvd = WOLFSSL_CBIO_ERR_TIMEOUT; } - return recvd; } return recvd; @@ -1098,22 +1105,7 @@ int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags) int recvd; recvd = (int)RECV_FUNCTION(sd, buf, (size_t)sz, rdFlags); - recvd = TranslateReturnCode(recvd, (int)sd); - - if (recvd < 0) { - int last_err = wolfSSL_LastError(recvd); - if ((last_err == SOCKET_EWOULDBLOCK) -#if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN - || (last_err == SOCKET_EAGAIN) -#endif -#ifdef SOCKET_ETIMEDOUT - || (last_err == SOCKET_ETIMEDOUT) -#endif - ) - { - return SOCKET_NODATA; - } - } + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); return recvd; } @@ -1123,22 +1115,7 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) int sent; sent = (int)SEND_FUNCTION(sd, buf, (size_t)sz, wrFlags); - sent = TranslateReturnCode(sent, (int)sd); - - if (sent < 0) { - int last_err = wolfSSL_LastError(sent); - if ((last_err == SOCKET_EWOULDBLOCK) -#if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN - || (last_err == SOCKET_EAGAIN) -#endif -#ifdef SOCKET_ETIMEDOUT - || (last_err == SOCKET_ETIMEDOUT) -#endif - ) - { - return SOCKET_NODATA; - } - } + sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING); return sent; } @@ -1151,24 +1128,9 @@ int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int socklen_t addr_len = (socklen_t)sizeof(*addr); recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, rdFlags, - addr ? &addr->sa : NULL, - addr ? &addr_len : 0); - recvd = TranslateReturnCode(recvd, (int)sd); - - if (recvd < 0) { - int last_err = wolfSSL_LastError(recvd); - if ((last_err == SOCKET_EWOULDBLOCK) -#if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN - || (last_err == SOCKET_EAGAIN) -#endif -#ifdef SOCKET_ETIMEDOUT - || (last_err == SOCKET_ETIMEDOUT) -#endif - ) - { - return SOCKET_NODATA; - } - } + addr ? &addr->sa : NULL, + addr ? &addr_len : 0); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); return recvd; } @@ -1176,26 +1138,12 @@ int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags) { int sent; + socklen_t addr_len = addr ? wolfSSL_BIO_ADDR_size(addr) : 0; sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, wrFlags, - addr ? &addr->sa : NULL, - addr ? wolfSSL_BIO_ADDR_size(addr) : 0); - sent = TranslateReturnCode(sent, (int)sd); - - if (sent < 0) { - int last_err = wolfSSL_LastError(sent); - if ((last_err == SOCKET_EWOULDBLOCK) -#if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN - || (last_err == SOCKET_EAGAIN) -#endif -#ifdef SOCKET_ETIMEDOUT - || (last_err == SOCKET_ETIMEDOUT) -#endif - ) - { - return SOCKET_NODATA; - } - } + addr ? &addr->sa : NULL, + addr_len); + sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING); return sent; } @@ -1513,7 +1461,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) #ifdef HAVE_IO_TIMEOUT if ((ret != 0) && (to_sec > 0)) { #ifdef USE_WINDOWS_API - if ((ret == SOCKET_ERROR) && (wolfSSL_LastError(ret) == WSAEWOULDBLOCK)) + if ((ret == SOCKET_ERROR) && (wolfSSL_LastError(ret, *sockfd) == SOCKET_EWOULDBLOCK)) #else if (errno == EINPROGRESS) #endif @@ -1824,9 +1772,7 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, start[len] = 0; } else { - result = TranslateReturnCode(result, sfd); - result = wolfSSL_LastError(result); - if (result == SOCKET_EWOULDBLOCK || result == SOCKET_EAGAIN) { + if (result == WOLFSSL_CBIO_ERR_WANT_READ) { return OCSP_WANT_READ; } diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index eb8b20989c..625ca3900c 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -201,6 +201,9 @@ #include #endif +#define SOCKET_RECEIVING 1 +#define SOCKET_SENDING 2 + #ifdef USE_WINDOWS_API /* no epipe yet */ #ifndef WSAEPIPE @@ -228,6 +231,7 @@ /* RTCS old I/O doesn't have an EWOULDBLOCK */ #define SOCKET_EWOULDBLOCK EAGAIN #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ETIMEDOUT RTCSERR_TCP_TIMED_OUT #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET #define SOCKET_EINTR EINTR #define SOCKET_EPIPE EPIPE @@ -236,6 +240,7 @@ #else #define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK #define SOCKET_EAGAIN NIO_EAGAIN + #define SOCKET_ETIMEDOUT NIO_ETIMEDOUT #define SOCKET_ECONNRESET NIO_ECONNRESET #define SOCKET_EINTR NIO_EINTR #define SOCKET_EPIPE NIO_EPIPE @@ -253,6 +258,7 @@ #elif defined(WOLFSSL_PICOTCP) #define SOCKET_EWOULDBLOCK PICO_ERR_EAGAIN #define SOCKET_EAGAIN PICO_ERR_EAGAIN + #define SOCKET_ETIMEDOUT PICO_ERR_ETIMEDOUT #define SOCKET_ECONNRESET PICO_ERR_ECONNRESET #define SOCKET_EINTR PICO_ERR_EINTR #define SOCKET_EPIPE PICO_ERR_EIO @@ -261,6 +267,7 @@ #elif defined(FREERTOS_TCP) #define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK #define SOCKET_EAGAIN FREERTOS_EWOULDBLOCK + #define SOCKET_ETIMEDOUT (-pdFREERTOS_ERRNO_ETIMEDOUT) #define SOCKET_ECONNRESET FREERTOS_SOCKET_ERROR #define SOCKET_EINTR FREERTOS_SOCKET_ERROR #define SOCKET_EPIPE FREERTOS_SOCKET_ERROR From ee7748f2e347ad62cd5e1d13baf0d463ed8de991 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 16 Jul 2024 19:05:56 -0500 Subject: [PATCH 21/21] PR7648 20240418-exosip-apis peer review: * tweak typography; * move wolfSSL_i2d_X509_PUBKEY() from ssl.c to x509.c; * in asn.h, add !NO_ASN_OLD_TYPE_NAMES macros to remap old names (ISSUER, SUBJECT, BEFORE, AFTER) by default unless the macros are already defined. --- src/bio.c | 5 +++-- src/ssl.c | 7 ------- src/wolfio.c | 3 ++- src/x509.c | 11 +++++++++++ wolfssl/wolfcrypt/asn.h | 15 +++++++++++++++ 5 files changed, 31 insertions(+), 10 deletions(-) diff --git a/src/bio.c b/src/bio.c index 6ace590ca1..5a28cafb99 100644 --- a/src/bio.c +++ b/src/bio.c @@ -391,7 +391,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } #ifdef WOLFSSL_BIO_HAVE_FLOW_STATS - if ((ret > 0) && (! inhibit_flow_increment)) { + if ((ret > 0) && (!inhibit_flow_increment)) { bio->bytes_read += (word32)ret; } #endif @@ -902,7 +902,8 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) if (parg == NULL) { wolfSSL_BIO_ADDR_clear(&bio->peer_addr); bio->connected = 0; - } else { + } + else { socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); if (addr_size == 0) { ret = WOLFSSL_FAILURE; diff --git a/src/ssl.c b/src/ssl.c index b7a9f3c8c7..67cc8a71cb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7347,13 +7347,6 @@ int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) return wolfSSL_i2d_PublicKey(key, der); } -int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der) -{ - if (x509_PubKey == NULL) - return WOLFSSL_FATAL_ERROR; - return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der); -} - #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED */ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, diff --git a/src/wolfio.c b/src/wolfio.c index e52565934d..c5b00d20d3 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -1461,7 +1461,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) #ifdef HAVE_IO_TIMEOUT if ((ret != 0) && (to_sec > 0)) { #ifdef USE_WINDOWS_API - if ((ret == SOCKET_ERROR) && (wolfSSL_LastError(ret, *sockfd) == SOCKET_EWOULDBLOCK)) + if ((ret == SOCKET_ERROR) && + (wolfSSL_LastError(ret, *sockfd) == SOCKET_EWOULDBLOCK)) #else if (errno == EINPROGRESS) #endif diff --git a/src/x509.c b/src/x509.c index f03e7cfb84..d4ba3200ab 100644 --- a/src/x509.c +++ b/src/x509.c @@ -9592,6 +9592,17 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) #endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS */ +#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED) + +int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der) +{ + if (x509_PubKey == NULL) + return WOLFSSL_FATAL_ERROR; + return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der); +} + +#endif /* !NO_CERTS && !NO_ASN && !NO_PWDBASED */ + #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 265efb6800..693aaff60c 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -83,6 +83,21 @@ enum { ASN_AFTER = 1 }; +#ifndef NO_ASN_OLD_TYPE_NAMES + #ifndef ISSUER + #define ISSUER ASN_ISSUER + #endif + #ifndef SUBJECT + #define SUBJECT ASN_SUBJECT + #endif + #ifndef BEFORE + #define BEFORE ASN_BEFORE + #endif + #ifndef AFTER + #define AFTER ASN_AFTER + #endif +#endif + /* ASN Tags */ enum ASN_Tags { ASN_EOC = 0x00,