X-Git-Url: http://www.privoxy.org/gitweb/%40user-manual%40%40actions-help-prefix%40HIDE_IF_MODIFIED_SINCE?a=blobdiff_plain;f=wolfssl.c;h=7f6c96460f0ac520594118e8a4321785ed85c3f8;hb=HEAD;hp=04108e8308b393dd14d53e40f626eca4adeb2d43;hpb=d34fee8964a03d51d573ef494270c0f2ce33e818;p=privoxy.git

diff --git a/wolfssl.c b/wolfssl.c
index 04108e83..78880bec 100644
--- a/wolfssl.c
+++ b/wolfssl.c
@@ -6,7 +6,7 @@
  *                creating, using and closing TLS/SSL connections
  *                using wolfSSL.
  *
- * Copyright   :  Copyright (C) 2018-2021 by Fabian Keil <fk@fabiankeil.de>
+ * Copyright   :  Copyright (C) 2018-2024 by Fabian Keil <fk@fabiankeil.de>
  *                Copyright (C) 2020 Maxim Antonov <mantonov@gmail.com>
  *                Copyright (C) 2017 Vaclav Svec. FIT CVUT.
  *
@@ -37,6 +37,7 @@
 
 #include <wolfssl/options.h>
 #include <wolfssl/openssl/x509v3.h>
+#include <wolfssl/openssl/pem.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/wolfcrypt/coding.h>
 #include <wolfssl/wolfcrypt/rsa.h>
@@ -65,7 +66,7 @@ static int wolfssl_initialized = 0;
  * doesn't matter because we only use it with
  * the certificate_mutex locked.
  */
-static RNG wolfssl_rng;
+static WC_RNG wolfssl_rng;
 
 #ifndef WOLFSSL_ALT_CERT_CHAINS
 /*
@@ -723,8 +724,8 @@ exit:
  *
  * Function    :  host_to_hash
  *
- * Description :  Creates MD5 hash from host name. Host name is loaded
- *                from structure csp and saved again into it.
+ * Description :  Creates a sha256 hash from host name. The host name
+ *                is taken from the csp structure and stored into it.
  *
  * Parameters  :
  *          1  :  csp = Current client state (buffers, headers, etc...)
@@ -735,45 +736,17 @@ exit:
  *********************************************************************/
 static int host_to_hash(struct client_state *csp)
 {
-   Md5 md5;
    int ret;
-   size_t i;
 
-   ret = wc_InitMd5(&md5);
+   ret = wc_Sha256Hash((const byte *)csp->http->host,
+      (word32)strlen(csp->http->host), (byte *)csp->http->hash_of_host);
    if (ret != 0)
    {
-      return -1;
-   }
-
-   ret = wc_Md5Update(&md5, (const byte *)csp->http->host,
-      (word32)strlen(csp->http->host));
-   if (ret != 0)
-   {
-      return -1;
-   }
-
-   ret = wc_Md5Final(&md5, csp->http->hash_of_host);
-   if (ret != 0)
-   {
-      return -1;
+        return -1;
    }
 
-   wc_Md5Free(&md5);
+   return create_hexadecimal_hash_of_host(csp);
 
-   /* Converting hash into string with hex */
-   for (i = 0; i < 16; i++)
-   {
-      ret = snprintf((char *)csp->http->hash_of_host_hex + 2 * i,
-         sizeof(csp->http->hash_of_host_hex) - 2 * i,
-         "%02x", csp->http->hash_of_host[i]);
-      if (ret < 0)
-      {
-         log_error(LOG_LEVEL_ERROR, "sprintf() failed. Return value: %d", ret);
-         return -1;
-      }
-   }
-
-   return 0;
 }
 
 
@@ -959,7 +932,7 @@ static void shutdown_connection(WOLFSSL *ssl, const char *type)
    int shutdown_attempts = 0;
    int ret;
    int fd;
-   enum { MAX_SHUTDOWN_ATTEMPTS = 2 };
+   enum { MAX_SHUTDOWN_ATTEMPTS = 5 };
 
    fd = wolfSSL_get_fd(ssl);
 
@@ -972,9 +945,9 @@ static void shutdown_connection(WOLFSSL *ssl, const char *type)
          return;
       }
       ret = wolfSSL_shutdown(ssl);
+      shutdown_attempts++;
       if (WOLFSSL_SUCCESS != ret)
       {
-         shutdown_attempts++;
          log_error(LOG_LEVEL_CONNECT, "Failed to shutdown %s connection "
             "on socket %d. Attempts so far: %d, ret: %d", type, fd,
             shutdown_attempts, ret);
@@ -985,11 +958,16 @@ static void shutdown_connection(WOLFSSL *ssl, const char *type)
    {
       char buffer[80];
       int error = wolfSSL_get_error(ssl, ret);
-      log_error(LOG_LEVEL_ERROR, "Failed to shutdown %s connection "
+      log_error(LOG_LEVEL_CONNECT, "Failed to shutdown %s connection "
          "on socket %d after %d attempts. ret: %d, error: %d, %s",
          type, fd, shutdown_attempts, ret, error,
          wolfSSL_ERR_error_string((unsigned long)error, buffer));
    }
+   else if (shutdown_attempts > 1)
+   {
+      log_error(LOG_LEVEL_CONNECT, "Succeeded to shutdown %s connection "
+         "on socket %d after %d attempts.", type, fd, shutdown_attempts);
+   }
 }
 
 
@@ -1200,7 +1178,11 @@ extern int create_server_ssl_connection(struct client_state *csp)
    {
       long verify_result = wolfSSL_get_error(ssl, connect_ret);
 
+#if LIBWOLFSSL_VERSION_HEX > 0x05005004
       if (verify_result == WOLFSSL_X509_V_OK)
+#else
+      if (verify_result == X509_V_OK)
+#endif
       {
          ret = 0;
          csp->server_cert_verification_result = SSL_CERT_VALID;
@@ -1735,7 +1717,7 @@ static int load_rsa_key(const char *rsa_key_path, const char *password, RsaKey *
 }
 
 #ifndef WOLFSSL_ALT_NAMES
-#error wolfSSL lacks Subject Alternative Name support
+#error wolfSSL lacks Subject Alternative Name support (WOLFSSL_ALT_NAMES) which is mandatory
 #endif
 /*********************************************************************
  *