wolfSSL
diff --git a/‎.github/workflows/hitch.yml‎
Lines changed: 90 additions & 0 deletions b/‎.github/workflows/hitch.yml‎
Lines changed: 90 additions & 0 deletions
diff --git a/‎.github/workflows/main.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/main.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎configure.ac‎
Lines changed: 52 additions & 4 deletions b/‎configure.ac‎
Lines changed: 52 additions & 4 deletions
diff --git a/‎src/bio.c‎
Lines changed: 83 additions & 4 deletions b/‎src/bio.c‎
Lines changed: 83 additions & 4 deletions
@@ -0,0 +1,90 @@
+name: hitch Tests
+
+on:
+  workflow_call:
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-hitch
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v3
+        with:
+          name: wolf-install-hitch
+          path: build-dir
+          retention-days: 1
+
+  hitch_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        include:
+          - ref: 1.7.3
+            ignore-tests: >-
+              test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v3
+        with:
+          name: wolf-install-hitch
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v3
+        with:
+          repository: wolfssl/osp
+          path: osp
+
+      - name: Install dependencies
+        run: |
+            export DEBIAN_FRONTEND=noninteractive
+            sudo apt-get update
+            sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make
+
+      - name: Checkout hitch
+        uses: actions/checkout@v3
+        with:
+          repository: varnish/hitch
+          ref: 1.7.3
+          path: hitch
+
+      # Do this before configuring so that it only detects the updated list of
+      # tests
+      - if: ${{ matrix.ignore-tests }}
+        name: Remove tests that we want to ignore
+        working-directory: ./hitch/src/tests
+        run: |
+          rm ${{ matrix.ignore-tests }}
+
+      - name: Configure and build hitch
+        run: |
+            cd $GITHUB_WORKSPACE/hitch/
+            patch -p1 < $GITHUB_WORKSPACE/osp/hitch/hitch_1.7.3.patch
+            autoreconf -ivf
+            SSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" SSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir/ --enable-silent-rules --enable-documentation --enable-warnings --with-lex --with-yacc --prefix=$GITHUB_WORKSPACE/build-dir
+            make -j$(nproc)
+
+      - name: Confirm hitch built with wolfSSL
+        working-directory: ./hitch
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ldd src/hitch | grep wolfssl
+
+      - name: Run hitch tests, skipping ignored tests
+        working-directory: ./hitch
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          make check
@@ -30,6 +30,8 @@ jobs:
         uses: ./.github/workflows/nginx.yml
     zephyr:
         uses: ./.github/workflows/zephyr.yml
+    hitch:
+        uses: ./.github/workflows/hitch.yml
 # TODO: Currently this test fails. Enable it once it becomes passing.        
 #    haproxy:
 #        uses: ./.github/workflows/haproxy.yml
@@ -1377,6 +1377,7 @@ AC_ARG_ENABLE([mcast],
 # FFmpeg (--enable-ffmpeg) WOLFSSL_FFMPEG
 # strongSwan (--enable-strongswan)
 # OpenLDAP (--enable-openldap)
+# hitch (--enable-hitch)
 
 # Bind DNS compatibility Build
 AC_ARG_ENABLE([bind],
@@ -1580,6 +1581,13 @@ AC_ARG_ENABLE([strongswan],
     [ ENABLED_STRONGSWAN=no ]
     )
 
+# hitch support
+AC_ARG_ENABLE([hitch],
+    [AS_HELP_STRING([--enable-hitch],[Enable hitch support (default: disabled)])],
+    [ ENABLED_HITCH=$enableval ],
+    [ ENABLED_HITCH=no ]
+    )
+
 # OpenSSL Coexist
 AC_ARG_ENABLE([opensslcoexist],
     [AS_HELP_STRING([--enable-opensslcoexist],[Enable coexistence of wolfssl/openssl (default: disabled)])],
@@ -1691,7 +1699,7 @@ if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
    test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
    test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \
    test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
-   test "$ENABLED_OPENLDAP" = "yes"
+   test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
 then
     ENABLED_OPENSSLALL="yes"
 fi
@@ -3109,7 +3117,7 @@ AC_ARG_ENABLE([sessioncerts],
 
 if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
    test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
-   test "x$ENABLED_STRONGSWAN" = "xyes"
+   test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes"
 then
     ENABLED_SESSIONCERTS=yes
 fi
@@ -3149,7 +3157,7 @@ AC_ARG_ENABLE([certgen],
 if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes" || \
    test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || \
    test "$ENABLED_CHRONY" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
-   test "$ENABLED_OPENLDAP" = "yes"
+   test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
 then
     ENABLED_CERTGEN=yes
 fi
@@ -5961,6 +5969,45 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DHAVE_EX_DATA -DWOLFSSL_KEY_GEN"
 fi
 
+if test "$ENABLED_HITCH" = "yes"
+then
+    # Requires opensslextra make sure on
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
+    then
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
+    fi
+
+    # Requires OCSP make sure on
+    if test "x$ENABLED_OCSP" = "xno"
+    then
+        ENABLED_OCSP="yes"
+    fi
+
+    # Requires ALPN
+    if test "x$ENABLED_ALPN" = "xno"
+    then
+        ENABLED_ALPN="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
+    fi
+
+    if test "x$ENABLED_KEYGEN" = "xno"
+    then
+        ENABLED_KEYGEN="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
+    fi
+
+    # Requires sessioncerts make sure on
+    if test "x$ENABLED_SESSIONCERTS" = "xno"
+    then
+        ENABLED_SESSIONCERTS="yes"
+        AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
+    fi
+
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HITCH -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
+    AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_CIPHER_INTERNALNAME"
+fi
+
 
 if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
 then
@@ -8003,7 +8050,7 @@ if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \
    test "$ENABLED_LIBWEBSOCKETS" = "yes" || \
    test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \
    test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" || \
-   test "$ENABLED_OPENLDAP" = "yes"
+   test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
 then
     ENABLED_OPENSSLEXTRA="yes"
 fi
@@ -9189,6 +9236,7 @@ echo "   * SIGNAL:                     $ENABLED_SIGNAL"
 echo "   * chrony:                     $ENABLED_CHRONY"
 echo "   * strongSwan:                 $ENABLED_STRONGSWAN"
 echo "   * OpenLDAP:                   $ENABLED_OPENLDAP"
+echo "   * hitch:                      $ENABLED_HITCH"
 echo "   * ERROR_STRINGS:              $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                       $ENABLED_DTLS"
 echo "   * DTLS v1.3:                  $ENABLED_DTLS13"
 
@@ -1155,6 +1155,32 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
     return ret;
 }
 
+#ifdef OPENSSL_ALL
+    int wolfSSL_BIO_set_mem_buf(WOLFSSL_BIO* bio, WOLFSSL_BUF_MEM* bufMem,
+                                int closeFlag)
+    {
+        if (!bio || !bufMem ||
+            (closeFlag != BIO_NOCLOSE && closeFlag != BIO_CLOSE))
+            return BAD_FUNC_ARG;
+
+        if (bio->mem_buf)
+            if (closeFlag == BIO_CLOSE)
+                wolfSSL_BUF_MEM_free(bio->mem_buf);
+
+        bio->mem_buf = bufMem;
+        bio->shutdown = closeFlag;
+
+        bio->wrSz = (int)bio->mem_buf->length;
+        bio->wrSzReset = bio->wrSz;
+        bio->num = (int)bio->mem_buf->max;
+        bio->ptr = bio->mem_buf->data;
+        bio->wrIdx = 0;
+        bio->rdIdx = 0;
+
+        return WOLFSSL_SUCCESS;
+    }
+#endif
+
 WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg)
 {
     (void) bp;
@@ -2334,14 +2360,13 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         return WOLFSSL_SUCCESS;
     }
 
-    WOLFSSL_BIO* wolfSSL_BIO_new_ssl_connect(WOLFSSL_CTX* ctx)
+    WOLFSSL_BIO* wolfSSL_BIO_new_ssl(WOLFSSL_CTX* ctx, int client)
     {
         WOLFSSL* ssl = NULL;
         WOLFSSL_BIO* sslBio = NULL;
-        WOLFSSL_BIO* connBio = NULL;
         int err = 0;
 
-        WOLFSSL_ENTER("wolfSSL_BIO_new_ssl_connect");
+        WOLFSSL_ENTER("wolfSSL_BIO_new_ssl");
 
         if (ctx == NULL) {
             WOLFSSL_MSG("ctx is NULL.");
@@ -2362,11 +2387,46 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
                 err = 1;
             }
         }
+        if (err == 0) {
+            if (!client)
+                wolfSSL_set_accept_state(ssl);
+            else
+                wolfSSL_set_connect_state(ssl);
+        }
         if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, BIO_CLOSE) !=
             WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Failed to set SSL pointer in BIO.");
             err = 1;
         }
+
+        if (err) {
+            wolfSSL_free(ssl);
+            wolfSSL_BIO_free(sslBio);
+        }
+
+        return sslBio;
+    }
+
+    WOLFSSL_BIO* wolfSSL_BIO_new_ssl_connect(WOLFSSL_CTX* ctx)
+    {
+        WOLFSSL_BIO* sslBio = NULL;
+        WOLFSSL_BIO* connBio = NULL;
+        int err = 0;
+
+        WOLFSSL_ENTER("wolfSSL_BIO_new_ssl_connect");
+
+        if (ctx == NULL) {
+            WOLFSSL_MSG("ctx is NULL.");
+            err = 1;
+        }
+
+        if (err == 0) {
+            sslBio = wolfSSL_BIO_new_ssl(ctx, 1);
+            if (sslBio == NULL) {
+                WOLFSSL_MSG("Failed to create SSL BIO.");
+                err = 1;
+            }
+        }
         if (err == 0) {
             connBio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket());
             if (connBio == NULL) {
@@ -2379,7 +2439,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
         }
 
         if (err == 1) {
-            wolfSSL_free(ssl);
             wolfSSL_BIO_free(sslBio);
             sslBio = NULL;
             wolfSSL_BIO_free(connBio);
@@ -3219,6 +3278,26 @@ int wolfSSL_BIO_should_retry(WOLFSSL_BIO *bio)
     return ret;
 }
 
+int wolfSSL_BIO_should_read(WOLFSSL_BIO *bio)
+{
+    int ret = 0;
+    if (bio != NULL) {
+        ret = (int)(bio->flags & WOLFSSL_BIO_FLAG_READ);
+    }
+
+    return ret;
+}
+
+int wolfSSL_BIO_should_write(WOLFSSL_BIO *bio)
+{
+    int ret = 0;
+    if (bio != NULL) {
+        ret = (int)(bio->flags & WOLFSSL_BIO_FLAG_WRITE);
+    }
+
+    return ret;
+}
+
 #endif /* OPENSSL_ALL */
 
 #endif /* WOLFSSL_BIO_INCLUDED */