Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming.

2017-09-25 18:47:36 -07:00
parent 35141c335d
commit 6707be2b0e
54 changed files with 3606 additions and 3417 deletions
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -132,15 +132,15 @@ static int NonBlockingSSL_Accept(SSL* ssl)
    SOCKET_T sockfd = (SOCKET_T)CyaSSL_get_fd(ssl);
    int select_ret = 0;

-    while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
-                                  error == SSL_ERROR_WANT_WRITE ||
+    while (ret != WOLF_SSL_SUCCESS && (error == WOLF_SSL_ERROR_WANT_READ ||
+                                  error == WOLF_SSL_ERROR_WANT_WRITE ||
                                  error == WC_PENDING_E)) {
        int currTimeout = 1;

-        if (error == SSL_ERROR_WANT_READ) {
+        if (error == WOLF_SSL_ERROR_WANT_READ) {
            /* printf("... server would read block\n"); */
        }
-        else if (error == SSL_ERROR_WANT_WRITE) {
+        else if (error == WOLF_SSL_ERROR_WANT_WRITE) {
            /* printf("... server would write block\n"); */
        }
    #ifdef WOLFSSL_ASYNC_CRYPT
@@ -168,16 +168,16 @@ static int NonBlockingSSL_Accept(SSL* ssl)
            error = SSL_get_error(ssl, 0);
        }
        else if (select_ret == TEST_TIMEOUT && !CyaSSL_dtls(ssl)) {
-            error = SSL_ERROR_WANT_READ;
+            error = WOLF_SSL_ERROR_WANT_READ;
        }
    #ifdef CYASSL_DTLS
        else if (select_ret == TEST_TIMEOUT && CyaSSL_dtls(ssl) &&
                                            CyaSSL_dtls_got_timeout(ssl) >= 0) {
-            error = SSL_ERROR_WANT_READ;
+            error = WOLF_SSL_ERROR_WANT_READ;
        }
    #endif
        else {
-            error = SSL_FATAL_ERROR;
+            error = WOLF_SSL_FATAL_ERROR;
        }
    }

@@ -222,8 +222,8 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
                    }
                    else
                #endif
-                    if (err != SSL_ERROR_WANT_READ &&
-                                                 err != SSL_ERROR_ZERO_RETURN) {
+                    if (err != WOLF_SSL_ERROR_WANT_READ &&
+                                                 err != WOLF_SSL_ERROR_ZERO_RETURN) {
                        printf("SSL_read echo error %d\n", err);
                        err_sys_ex(runWithErrors, "SSL_read failed");
                    }
@@ -304,7 +304,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
            }
            else
        #endif
-            if (err != SSL_ERROR_WANT_READ) {
+            if (err != WOLF_SSL_ERROR_WANT_READ) {
                printf("SSL_read input error %d, %s\n", err,
                                                 ERR_error_string(err, buffer));
                err_sys_ex(runWithErrors, "SSL_read failed");
@@ -335,7 +335,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
            }
        #endif
        }
-    } while (err == WC_PENDING_E || err == SSL_ERROR_WANT_WRITE);
+    } while (err == WC_PENDING_E || err == WOLF_SSL_ERROR_WANT_WRITE);
    if (ret != outputLen) {
        printf("SSL_write msg error %d, %s\n", err,
                                                 ERR_error_string(err, buffer));
@@ -918,13 +918,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    #endif /* DEBUG_WOLFSSL */

    if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1)
-            != SSL_SUCCESS)
+            != WOLF_SSL_SUCCESS)
        err_sys_ex(runWithErrors, "unable to load static memory and create ctx");

    /* load in a buffer for IO */
    if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
                                 WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1)
-            != SSL_SUCCESS)
+            != WOLF_SSL_SUCCESS)
        err_sys_ex(runWithErrors, "unable to load static memory and create ctx");
 #else
    ctx = SSL_CTX_new(method(NULL));
@@ -940,7 +940,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #endif

    if (cipherList && !useDefCipherList) {
-        if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
+        if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "server can't set cipher list 1");
    }

@@ -972,7 +972,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    if ((!usePsk || usePskPlus) && !useAnon) {
    #if !defined(NO_FILESYSTEM)
        if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
-                                         != SSL_SUCCESS)
+                                         != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "can't load server cert file, check file and run from"
                    " wolfSSL home dir");
    #else
@@ -983,17 +983,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #endif

 #ifndef NO_DH
-    if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits) != SSL_SUCCESS) {
+    if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits) != WOLF_SSL_SUCCESS) {
        err_sys_ex(runWithErrors, "Error setting minimum DH key size");
    }
 #endif
 #ifndef NO_RSA
-    if (wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != SSL_SUCCESS){
+    if (wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != WOLF_SSL_SUCCESS){
        err_sys_ex(runWithErrors, "Error setting minimum RSA key size");
    }
 #endif
 #ifdef HAVE_ECC
-    if (wolfSSL_CTX_SetMinEccKey_Sz(ctx, minEccKeyBits) != SSL_SUCCESS){
+    if (wolfSSL_CTX_SetMinEccKey_Sz(ctx, minEccKeyBits) != WOLF_SSL_SUCCESS){
        err_sys_ex(runWithErrors, "Error setting minimum ECC key size");
    }
 #endif
@@ -1001,7 +1001,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #ifdef HAVE_NTRU
    if (useNtruKey) {
        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
-                                != SSL_SUCCESS)
+                                != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "can't load ntru key file, "
                    "Please run from wolfSSL home dir");
    }
@@ -1009,8 +1009,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #if !defined(NO_CERTS)
    if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) {
    #if !defined(NO_FILESYSTEM)
-        if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
-                                         != SSL_SUCCESS)
+        if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLF_SSL_FILETYPE_PEM)
+                                         != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "can't load server private key file, check file and run "
                "from wolfSSL home dir");
    #else
@@ -1042,7 +1042,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
        #else
                defaultCipherList = "PSK-AES128-CBC-SHA256";
        #endif
-            if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
+            if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLF_SSL_SUCCESS)
                err_sys_ex(runWithErrors, "server can't set cipher list 2");
        }
 #endif
@@ -1052,7 +1052,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #ifdef HAVE_ANON
        CyaSSL_CTX_allow_anon_cipher(ctx);
        if (cipherList == NULL || (cipherList && useDefCipherList)) {
-            if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != SSL_SUCCESS)
+            if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != WOLF_SSL_SUCCESS)
                err_sys_ex(runWithErrors, "server can't set cipher list 4");
        }
 #endif
@@ -1062,15 +1062,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    /* if not using PSK, verify peer with certs
       if using PSK Plus then verify peer certs except PSK suites */
    if (doCliCertCheck && (usePsk == 0 || usePskPlus) && useAnon == 0) {
-        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
-                                ((usePskPlus)? SSL_VERIFY_FAIL_EXCEPT_PSK :
-                                SSL_VERIFY_FAIL_IF_NO_PEER_CERT),0);
-        if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
+        SSL_CTX_set_verify(ctx, WOLF_SSL_VERIFY_PEER |
+                                ((usePskPlus)? WOLF_SSL_VERIFY_FAIL_EXCEPT_PSK :
+                                WOLF_SSL_VERIFY_FAIL_IF_NO_PEER_CERT),0);
+        if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
        #ifdef WOLFSSL_TRUST_PEER_CERT
        if (trustCert) {
            if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
-                                            SSL_FILETYPE_PEM)) != SSL_SUCCESS) {
+                                            WOLF_SSL_FILETYPE_PEM)) != WOLF_SSL_SUCCESS) {
                err_sys_ex(runWithErrors, "can't load trusted peer cert file");
            }
        }
@@ -1081,7 +1081,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #if defined(CYASSL_SNIFFER)
    /* don't use EDH, can't sniff tmp keys */
    if (cipherList == NULL) {
-        if (SSL_CTX_set_cipher_list(ctx, "AES128-SHA") != SSL_SUCCESS)
+        if (SSL_CTX_set_cipher_list(ctx, "AES128-SHA") != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "server can't set cipher list 3");
    }
 #endif
@@ -1089,7 +1089,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #ifdef HAVE_SNI
    if (sniHostName)
        if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
-                                           XSTRLEN(sniHostName)) != SSL_SUCCESS)
+                                           XSTRLEN(sniHostName)) != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "UseSNI failed");
 #endif

@@ -1144,7 +1144,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    if (doMcast) {
 #ifdef WOLFSSL_MULTICAST
        wolfSSL_CTX_mcast_set_member_id(ctx, mcastID);
-        if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256") != SSL_SUCCESS)
+        if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256") != WOLF_SSL_SUCCESS)
            err_sys("Couldn't set multicast cipher list.");
 #endif
    }
@@ -1157,7 +1157,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
        #endif

 #ifdef WOLFSSL_SEND_HRR_COOKIE
-        if (hrrCookie && wolfSSL_send_hrr_cookie(ssl, NULL, 0) != SSL_SUCCESS) {
+        if (hrrCookie && wolfSSL_send_hrr_cookie(ssl, NULL, 0) != WOLF_SSL_SUCCESS) {
            err_sys("unable to set use of cookie with HRR msg");
        }
 #endif
@@ -1185,7 +1185,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
        XMEMSET(sr, 0x5A, sizeof(sr));

        if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite)
-                != SSL_SUCCESS)
+                != WOLF_SSL_SUCCESS)
            err_sys("unable to set mcast secret");
 #endif
    }
@@ -1197,12 +1197,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #ifdef HAVE_CRL_MONITOR
        crlFlags = CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON;
 #endif
-        if (CyaSSL_EnableCRL(ssl, 0) != SSL_SUCCESS)
+        if (CyaSSL_EnableCRL(ssl, 0) != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "unable to enable CRL");
-        if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, crlFlags)
-                                                                 != SSL_SUCCESS)
+        if (CyaSSL_LoadCRL(ssl, crlPemDir, WOLF_SSL_FILETYPE_PEM, crlFlags)
+                                                                 != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "unable to load CRL");
-        if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
+        if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "unable to set CRL callback url");
 #endif
 #ifdef HAVE_OCSP
@@ -1218,13 +1218,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #endif
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
-        if (wolfSSL_CTX_EnableOCSPStapling(ctx) != SSL_SUCCESS)
+        if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "can't enable OCSP Stapling Certificate Manager");
-        if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate1-ca-cert.pem", 0) != SSL_SUCCESS)
+        if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate1-ca-cert.pem", 0) != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
-        if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate2-ca-cert.pem", 0) != SSL_SUCCESS)
+        if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate2-ca-cert.pem", 0) != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
-        if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != SSL_SUCCESS)
+        if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != WOLF_SSL_SUCCESS)
            err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
 #endif
 #ifdef HAVE_PK_CALLBACKS
@@ -1241,7 +1241,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                       dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen);
        doListen = 0; /* Don't listen next time */

-        if (SSL_set_fd(ssl, clientfd) != SSL_SUCCESS) {
+        if (SSL_set_fd(ssl, clientfd) != WOLF_SSL_SUCCESS) {
            err_sys_ex(runWithErrors, "error in setting fd");
        }

@@ -1273,7 +1273,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
        if ((usePsk == 0 || usePskPlus) || useAnon == 1 || cipherList != NULL
                                                               || needDH == 1) {
            #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
-                CyaSSL_SetTmpDH_file(ssl, ourDhParam, SSL_FILETYPE_PEM);
+                CyaSSL_SetTmpDH_file(ssl, ourDhParam, WOLF_SSL_FILETYPE_PEM);
            #elif !defined(NO_DH)
                SetDH(ssl);  /* repick suites with DHE, higher priority than PSK */
            #endif
@@ -1298,7 +1298,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                    err = 0; /* reset error */
                    ret = wolfSSL_read_early_data(ssl, input, sizeof(input)-1,
                                                                          &len);
-                    if (ret != SSL_SUCCESS) {
+                    if (ret != WOLF_SSL_SUCCESS) {
                        err = SSL_get_error(ssl, 0);
                    #ifdef WOLFSSL_ASYNC_CRYPT
                        if (err == WC_PENDING_E) {
@@ -1317,7 +1317,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
            do {
                err = 0; /* reset error */
                ret = SSL_accept(ssl);
-                if (ret != SSL_SUCCESS) {
+                if (ret != WOLF_SSL_SUCCESS) {
                    err = SSL_get_error(ssl, 0);
                #ifdef WOLFSSL_ASYNC_CRYPT
                    if (err == WC_PENDING_E) {
@@ -1331,7 +1331,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #else
        ret = NonBlockingSSL_Accept(ssl);
 #endif
-        if (ret != SSL_SUCCESS) {
+        if (ret != WOLF_SSL_SUCCESS) {
            err = SSL_get_error(ssl, 0);
            printf("SSL_accept error %d, %s\n", err,
                                                ERR_error_string(err, buffer));
@@ -1385,7 +1385,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
            word16 protocol_nameSz = 0, listSz = 0;

            err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz);
-            if (err == SSL_SUCCESS)
+            if (err == WOLF_SSL_SUCCESS)
                printf("Sent ALPN protocol : %s (%d)\n",
                       protocol_name, protocol_nameSz);
            else if (err == SSL_ALPN_NOT_FOUND)
@@ -1394,7 +1394,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                printf("Getting ALPN protocol name failed\n");

            err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz);
-            if (err == SSL_SUCCESS)
+            if (err == WOLF_SSL_SUCCESS)
                printf("List of protocol names sent by Client: %s (%d)\n",
                       list, listSz);
            else
@@ -1407,17 +1407,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
    #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
        if (postHandAuth) {
-            SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
-                                    ((usePskPlus)? SSL_VERIFY_FAIL_EXCEPT_PSK :
-                                    SSL_VERIFY_FAIL_IF_NO_PEER_CERT),0);
+            SSL_CTX_set_verify(ctx, WOLF_SSL_VERIFY_PEER |
+                                    ((usePskPlus)? WOLF_SSL_VERIFY_FAIL_EXCEPT_PSK :
+                                    WOLF_SSL_VERIFY_FAIL_IF_NO_PEER_CERT),0);
            if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0)
-                                                               != SSL_SUCCESS) {
+                                                               != WOLF_SSL_SUCCESS) {
                err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
            }
            #ifdef WOLFSSL_TRUST_PEER_CERT
            if (trustCert) {
                if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
-                                            SSL_FILETYPE_PEM)) != SSL_SUCCESS) {
+                                            WOLF_SSL_FILETYPE_PEM)) != WOLF_SSL_SUCCESS) {
                    err_sys_ex(runWithErrors, "can't load trusted peer cert file");
                }
            }
@@ -1471,7 +1471,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)

        if (dtlsUDP == 0) {
            ret = SSL_shutdown(ssl);
-            if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
+            if (wc_shutdown && ret == WOLF_SSL_SHUTDOWN_NOT_DONE)
                SSL_shutdown(ssl);    /* bidirectional shutdown */
        }
        /* display collected statistics */