20241024-opensslcoexist-opensslextra #8132
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SparkiDev
previously requested changes
Oct 31, 2024
| if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) { | ||
| if (bio->type == WOLFSSL_BIO_FILE && | ||
| bio->shutdown == WOLFSSL_BIO_CLOSE) | ||
| { |
There was a problem hiding this comment.
Move brace up to previous line.
There was a problem hiding this comment.
the typography is much clearer the way I have it -- I use this technique routinely to avoid visual running together of the condition and the enclosed statements.
src/pk.c
Outdated
| @@ -3857,15 +3858,15 @@ static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash, | |||
| ret = 0; | |||
| } | |||
|
|
|||
| if ((ret == 1) && (hashAlg != NID_undef) && | |||
| (padding == RSA_PKCS1_PADDING)) { | |||
| if ((ret == 1) && (hashAlg != wc_NID_undef) && | |||
There was a problem hiding this comment.
wc_NID_undef => WC_NID_undef
There was a problem hiding this comment.
done -- turns out they were all macros. I misremembered them as enums.
src/ssl.c
Outdated
| @@ -14624,15 +14628,15 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher) | |||
| {"SRP", NID_auth_srp}, | |||
| {"ECDSA", NID_auth_ecdsa}, | |||
| {"None", NID_auth_null}, | |||
| {NULL, NID_undef} | |||
| {NULL, wc_NID_undef} | |||
There was a problem hiding this comment.
Change all NIDs over.
NID_auth_ecdsa is definitely in OpenSSL.
There was a problem hiding this comment.
OK yeah good idea, close the deal. the ones done in the first round were just what was necessary to get OPENSSL_EXTRA clean.
src/ssl_asn1.c
Outdated
| @@ -1019,7 +1019,7 @@ static void wolfssl_asn1_integer_reset_data(WOLFSSL_ASN1_INTEGER* a) | |||
| /* No data, not negative. */ | |||
| a->negative = 0; | |||
| /* Set type to positive INTEGER. */ | |||
| a->type = V_ASN1_INTEGER; | |||
| a->type = WOLFSSL_ASN1_TYPE_INTEGER; | |||
There was a problem hiding this comment.
yup better. fixed globally for all WOLFSSL_ASN1_TYPE_*s.
src/tls13.c
Outdated
| @@ -5285,7 +5285,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, | |||
| defined(WOLFSSL_WPAS_SMALL) | |||
| /* Check if client has disabled TLS 1.2 */ | |||
| if (args->pv.minor == TLSv1_2_MINOR && | |||
| (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { | |||
| (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) { | |||
…A -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist. No functional changes. Several compat symbols that were formerly enums are now macros. All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra. wolfcrypt/test/test.c is similarly refactored to use only native symbols. examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
…SN1_TYPE_* -- some are used in non-OPENSSL_EXTRA builds, e.g. when -DWOLFSSL_X509_NAME_AVAILABLE.
…T: cover -DWOLFSSL_QUIC, fix -DNO_ASN, rename WOLFSSL_ASN1_TYPE_* to WOLFSSL_V_ASN1_*, completed nativization of NID_*, and switch to prefix WC_NID_ rather than wc_NID_.
…T: cover -DWOLFSSL_QUIC, fix -DNO_ASN, rename WOLFSSL_ASN1_TYPE_* to WOLFSSL_V_ASN1_*, completed nativization of NID_*, and switch to prefix WC_NID_ rather than wc_NID_.
douzzer
force-pushed
the
20241024-opensslcoexist-opensslextra
branch
from
2f96291 to
39e8cb5
Compare
configure.ac: * add --enable-all-osp to separate OSP meta-feature sets from --enable-all, allowing --enable-all --disable-all-osp --disable-opensslall (e.g. for testing OPENSSL_COEXIST). * fix enable_all_crypto=yes in enable-all to be conditional on "$enable_all_crypto" = "". * move enable_rsapss=yes from enable-all to enable-all-crypto. examples/ and testsuite/: #undef OPENSSL_COEXIST unconditionally rather than only if defined(OPENSSL_EXTRA), to capture -DOPENSSL_EXTRA_X509_SMALL or any other such variants.
|
retest this please ("FAIL: scripts/openssl.test" in |
dgarske
requested changes
Nov 1, 2024
| @@ -23,6 +23,19 @@ | |||
| #ifndef TESTS_UNIT_H | |||
| #define TESTS_UNIT_H | |||
|
|
|||
| #ifdef HAVE_CONFIG_H | |||
There was a problem hiding this comment.
Including config.h can only happen in the .c files.
dgarske
approved these changes
Nov 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Globally remap & refactor conflicting symbols to allow
-DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently,--enable-opensslextra --enable-opensslcoexist.No functional changes.
Several compat symbols that were formerly
enums are now macros.All library source is refactored to use only native symbols in all code gated in with
--enable-all-crypto --enable-opensslextra.wolfcrypt/test/test.cis similarly refactored to use only native symbols.examples/andtests/are unmodified except for header setup to disableOPENSSL_COEXISTandTEST_OPENSSL_COEXIST.tested with
wolfssl-multi-test.sh ... super-quick-check all-crypto-openssl-extra-coexist-with-suites all-crypto-openssl-extra-coexist-smallstack all-crypto-openssl-extra-coexist-TEST_OPENSSL_COEXIST, the latter 3 of which add thorough testing of the newly allowed build settings.