diff --git a/src/internal.c b/src/internal.c index fed9d370dea..a5cb422cf9c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2642,6 +2642,12 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX)); +#ifdef WOLFSSL_VERIFY_NONE_DEFAULT + /* OpenSSL compat: default to SSL_VERIFY_NONE unless the app + * sets SSL_VERIFY_PEER. */ + ctx->verifyNone = 1; +#endif + ctx->method = method; if (heap == NULL) { ctx->heap = ctx; /* defaults to self */ diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index f797d94ab58..2456ad38093 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -188,6 +188,37 @@ #define BIO_meth_set_create wolfSSL_BIO_meth_set_create #define BIO_meth_set_destroy wolfSSL_BIO_meth_set_destroy +#define WOLFSSL_BIO_TYPE_DESCRIPTOR 0x0100 +#define WOLFSSL_BIO_TYPE_SOURCE_SINK 0x0400 + +/* OpenSSL allocates a fresh BIO type index per call; wolfSSL + * untracked, so return a fixed app-range index. */ +static WC_INLINE int wolfSSL_BIO_get_new_index(void) { return 1000; } + +/* wolfSSL does not store these BIO method callbacks; getters + * report none, set_callback_ctrl is a no-op. */ +static WC_INLINE void * +wolfSSL_BIO_meth_get_gets(WOLFSSL_BIO_METHOD *m) +{ (void)m; return NULL; } +static WC_INLINE void * +wolfSSL_BIO_meth_get_puts(WOLFSSL_BIO_METHOD *m) +{ (void)m; return NULL; } +static WC_INLINE void * +wolfSSL_BIO_meth_get_ctrl(WOLFSSL_BIO_METHOD *m) +{ (void)m; return NULL; } +static WC_INLINE void * +wolfSSL_BIO_meth_get_create(WOLFSSL_BIO_METHOD *m) +{ (void)m; return NULL; } +static WC_INLINE void * +wolfSSL_BIO_meth_get_destroy(WOLFSSL_BIO_METHOD *m) +{ (void)m; return NULL; } +static WC_INLINE void * +wolfSSL_BIO_meth_get_callback_ctrl(WOLFSSL_BIO_METHOD *m) +{ (void)m; return NULL; } +static WC_INLINE int +wolfSSL_BIO_meth_set_callback_ctrl(WOLFSSL_BIO_METHOD *m, void *cb) +{ (void)m; (void)cb; return 1; } + #define BIO_snprintf XSNPRINTF /* BIO CTRL */ diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h index dbc240bfe45..f62afe55126 100644 --- a/wolfssl/openssl/err.h +++ b/wolfssl/openssl/err.h @@ -38,10 +38,21 @@ #define WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 2 #define WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY 3 #define WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT 4 +#define WOLFSSL_SSL_F_SSL_SET_FD 5 /* reasons */ #define WOLFSSL_ERR_R_SYS_LIB 1 #define WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE 2 +#define WOLFSSL_ERR_R_BUF_LIB 0 +#define WOLFSSL_SSL_R_UNKNOWN_PROTOCOL 252 +#define WOLFSSL_SSL_R_WRONG_VERSION_NUMBER 267 +#define WOLFSSL_SSL_R_UNSUPPORTED_PROTOCOL 258 +#define WOLFSSL_SSL_R_NO_PROTOCOLS_AVAILABLE 194 +#define WOLFSSL_SSL_R_BAD_PROTOCOL_VERSION_NUMBER 182 +#define WOLFSSL_SSL_R_UNKNOWN_SSL_VERSION 254 +#define WOLFSSL_SSL_R_UNSUPPORTED_SSL_VERSION 259 +#define WOLFSSL_SSL_R_WRONG_SSL_VERSION 266 +#define WOLFSSL_SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 #ifndef OPENSSL_COEXIST diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h index b6d84d12889..30cf58ad649 100644 --- a/wolfssl/openssl/hmac.h +++ b/wolfssl/openssl/hmac.h @@ -37,6 +37,12 @@ #include #include +/* OpenSSL's hmac.h pulls in evp.h; mirror it, but only on standalone + * include (WOLFSSL_SSL_H unset) to avoid an include cycle during + * wolfssl/ssl.h's own parse. */ +#ifndef WOLFSSL_SSL_H +#include +#endif #ifdef __cplusplus extern "C" { diff --git a/wolfssl/openssl/objects.h b/wolfssl/openssl/objects.h index 909ae248895..e43bd403599 100644 --- a/wolfssl/openssl/objects.h +++ b/wolfssl/openssl/objects.h @@ -74,6 +74,20 @@ #define NID_ad_OCSP WC_NID_ad_OCSP #define NID_ad_ca_issuers WC_NID_ad_ca_issuers +/* OBJ_find_sigid_algs(): report SHA-256 / RSA for libpq's + * RSA-with-SHA-256 channel binding. Literal NIDs (672, 6) keep + * this self-contained even when ASN is disabled. */ +#ifndef BUILDING_WOLFSSL +static WC_INLINE int +wolfSSL_OBJ_find_sigid_algs(int sigid, int *pdig, int *ppkey) +{ + (void)sigid; + if (pdig != NULL) *pdig = 672; /* NID_sha256 */ + if (ppkey != NULL) *ppkey = 6; /* NID_rsaEncryption */ + return 1; +} +#endif + #endif /* !OPENSSL_COEXIST */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 063500675e1..55e2bcf1851 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -44,6 +44,7 @@ #include #endif #include +#include #ifdef OPENSSL_EXTRA #include #endif @@ -1568,6 +1569,12 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL_get_state wolfSSL_get_state #define SSL_state_string_long wolfSSL_state_string_long +#define WOLFSSL_TLS_ST_OK 16 +#define WOLFSSL_SSL_ST_OK WOLFSSL_TLS_ST_OK +#define TLS_ST_OK WOLFSSL_TLS_ST_OK +#define SSL_ST_OK WOLFSSL_SSL_ST_OK +#define SSL_F_SSL_SET_FD WOLFSSL_SSL_F_SSL_SET_FD + #define GENERAL_NAME_new wolfSSL_GENERAL_NAME_new #define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free #define GENERAL_NAME_dup wolfSSL_GENERAL_NAME_dup @@ -1738,16 +1745,43 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL_R_DATA_LENGTH_TOO_LONG BUFFER_ERROR #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG BUFFER_ERROR #define SSL_R_BAD_LENGTH BUFFER_ERROR -#define SSL_R_UNKNOWN_PROTOCOL VERSION_ERROR -#define SSL_R_WRONG_VERSION_NUMBER VERSION_ERROR +#define SSL_R_UNKNOWN_PROTOCOL WOLFSSL_SSL_R_UNKNOWN_PROTOCOL +#define SSL_R_WRONG_VERSION_NUMBER WOLFSSL_SSL_R_WRONG_VERSION_NUMBER #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ENCRYPT_ERROR #define SSL_R_HTTPS_PROXY_REQUEST PARSE_ERROR #define SSL_R_HTTP_REQUEST PARSE_ERROR -#define SSL_R_UNSUPPORTED_PROTOCOL VERSION_ERROR +#define SSL_R_UNSUPPORTED_PROTOCOL WOLFSSL_SSL_R_UNSUPPORTED_PROTOCOL +#define SSL_R_NO_PROTOCOLS_AVAILABLE \ + WOLFSSL_SSL_R_NO_PROTOCOLS_AVAILABLE +#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER \ + WOLFSSL_SSL_R_BAD_PROTOCOL_VERSION_NUMBER +#define SSL_R_UNKNOWN_SSL_VERSION WOLFSSL_SSL_R_UNKNOWN_SSL_VERSION +#define SSL_R_UNSUPPORTED_SSL_VERSION \ + WOLFSSL_SSL_R_UNSUPPORTED_SSL_VERSION +#define SSL_R_WRONG_SSL_VERSION WOLFSSL_SSL_R_WRONG_SSL_VERSION +#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION \ + WOLFSSL_SSL_R_TLSV1_ALERT_PROTOCOL_VERSION #define SSL_R_CERTIFICATE_VERIFY_FAILED VERIFY_CERT_ERROR #define SSL_R_CERT_CB_ERROR CLIENT_CERT_CB_ERROR #define SSL_R_NULL_SSL_METHOD_PASSED BAD_FUNC_ARG #define SSL_R_CCS_RECEIVED_EARLY OUT_OF_ORDER_E +#define ERR_R_BUF_LIB WOLFSSL_ERR_R_BUF_LIB +#define BIO_TYPE_DESCRIPTOR WOLFSSL_BIO_TYPE_DESCRIPTOR +#define BIO_TYPE_SOURCE_SINK WOLFSSL_BIO_TYPE_SOURCE_SINK +#define BIO_get_app_data(bio) wolfSSL_BIO_get_data(bio) +#define BIO_set_app_data(bio, data) \ + wolfSSL_BIO_set_data((bio), (data)) +#define BIO_get_new_index wolfSSL_BIO_get_new_index +#define BIO_meth_get_gets wolfSSL_BIO_meth_get_gets +#define BIO_meth_get_puts wolfSSL_BIO_meth_get_puts +#define BIO_meth_get_ctrl wolfSSL_BIO_meth_get_ctrl +#define BIO_meth_get_create wolfSSL_BIO_meth_get_create +#define BIO_meth_get_destroy wolfSSL_BIO_meth_get_destroy +#define BIO_meth_get_callback_ctrl wolfSSL_BIO_meth_get_callback_ctrl +#define BIO_meth_set_callback_ctrl wolfSSL_BIO_meth_set_callback_ctrl +#ifndef BUILDING_WOLFSSL +#define OBJ_find_sigid_algs wolfSSL_OBJ_find_sigid_algs +#endif #ifdef HAVE_SESSION_TICKET #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72