From c496ef0deec7931079209729eda0a79ca0c4aace Mon Sep 17 00:00:00 2001 From: wiidev Date: Sat, 26 Sep 2020 22:30:40 +0100 Subject: [PATCH] Update wolfSSL, picohttpparser & clean up code --- source/libwolfssl/internal.h | 9 +- source/libwolfssl/libwolfssl.a | Bin 423844 -> 424132 bytes source/libwolfssl/openssl/asn1.h | 1 + source/libwolfssl/ssl.h | 11 +- source/libwolfssl/test.h | 3702 ----------------- source/libwolfssl/wolfcrypt/aes.h | 8 - source/libwolfssl/wolfcrypt/asn.h | 7 +- source/libwolfssl/wolfcrypt/asn_public.h | 2 + source/libwolfssl/wolfcrypt/blake2-int.h | 14 +- source/libwolfssl/wolfcrypt/blake2.h | 2 + source/libwolfssl/wolfcrypt/cpuid.h | 5 + source/libwolfssl/wolfcrypt/curve25519.h | 8 + source/libwolfssl/wolfcrypt/ecc.h | 6 +- source/libwolfssl/wolfcrypt/fe_448.h | 2 + source/libwolfssl/wolfcrypt/fe_operations.h | 2 + source/libwolfssl/wolfcrypt/integer.h | 6 +- source/libwolfssl/wolfcrypt/memory.h | 2 +- .../wolfcrypt/port/Espressif/esp32-crypt.h | 6 +- source/libwolfssl/wolfcrypt/random.h | 30 +- source/libwolfssl/wolfcrypt/settings.h | 70 +- source/libwolfssl/wolfcrypt/sp.h | 6 +- source/libwolfssl/wolfcrypt/sp_int.h | 14 +- source/libwolfssl/wolfcrypt/types.h | 106 +- source/libwolfssl/wolfcrypt/wc_port.h | 164 +- source/libwolfssl/wolfio.h | 5 + source/network/https.c | 14 +- source/network/picohttpparser.c | 66 +- source/network/proxysettings.cpp | 8 +- 28 files changed, 460 insertions(+), 3816 deletions(-) delete mode 100644 source/libwolfssl/test.h diff --git a/source/libwolfssl/internal.h b/source/libwolfssl/internal.h index 035f3d43..ef2c4bf0 100644 --- a/source/libwolfssl/internal.h +++ b/source/libwolfssl/internal.h @@ -186,7 +186,12 @@ /* do nothing */ #else #ifndef SINGLE_THREADED - #ifndef WOLFSSL_USER_MUTEX + #if defined(WOLFSSL_LINUXKM) + #define WOLFSSL_KTHREADS + #include + #elif defined(WOLFSSL_USER_MUTEX) + /* do nothing */ + #else #define WOLFSSL_PTHREADS #include #endif @@ -3659,7 +3664,7 @@ struct WOLFSSL_X509 { WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ #endif /* WOLFSSL_QT || OPENSSL_ALL */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */ #endif WOLFSSL_ASN1_TIME notBefore; diff --git a/source/libwolfssl/libwolfssl.a b/source/libwolfssl/libwolfssl.a index b2353b2f229ad7b2532912532bf9dcae26e7077c..b36fabcef073f2924ddaf2678d56dc2761cb1a0f 100644 GIT binary patch delta 29318 zcmc(I4O|r0x%ZjfVOd~NR1{Fu6;M%;FHsj+VNp~RG#F8-62*ihB*lb85;vAOtCAE` z(qP35y(LOglG47kwUu^hOATpgOLM&`X>BjJH3?~HYHnys8*eYYrQ!b1%yafkdOzOx zZS!mPmv#T=InVd`m^o(-lg{5J4E!#kB|%%0nU%G6?dqINw;TWAWBu3d&hlh>vJHAw zBxCjr#GnN55f+{`Awnzg`ekM;eXzuMp1 z;9uC&{_YXK-vLde+`g=heF$Ie!!T;Gsr?O6|H#Aaf9qHKTNV6`^4i}V!QbWp+W)Uq zpuW(}{;KaweM}8~G5*!p8b7?R_F)=_ZS6yi{Ve)!wh53L?!OYTH+4y`PeKVD;<> z!IN|8o+BT%Nd{#k?$X2qhZeq{;y?Ghn2?A^f4M@5yL9@wy4(<#{=2=lgiCWrj%>HE zy%SL4f?r&zG|qb;Uwm-qR>i5lj}{m7Z&&`s`4_ahJ<4vIP?((=gx!OVP&rFazW@W< z4=NW!&Shtvz30fBU}BxJEK)KCcN|l6hftn<_RzVwpn5|2_gTuC;AE?nbuHJKU|W-; ze`Tez%=UG6u>OJ)5vH9__BVWcg}>pEWWOiCY%K~)Y|!TUOQxpQr`Z`R3^4DBTNulD zj4|I+tQNmY;5cIs7sP+5@I0$rahgr}E;Dz7HaGTkGE?qb#sY=Uup&>@RDJFt7LWBP z%Qy|$^DNVI8&g^!dtyCfxyz=eINf~)1t^X^kS84^H&!L!VV<2NRxE zrYQ-n4cGJh4c}koZ+I@`ac0TXpBr@Fb4px7^?y^Hh3Znh4%JFdu<1D^N>RQYZ2g?F z-=!Q1j$cw%Day)V%GZ=5Hsu?7TTt1r+!DMIR5BdOQ+mo}C0Th$FUHT--5IBhAnLSd z-}Y+*@A^F&bCyiKv7YD^7P<=hVxs#5UHj#qkkmJ#^`6U0l5OOz;P7STGfKjCgYWWG zkLPLT(?&^Yj&z1Fh%?rwuvOZYz9pzMva(i&>M@pWmgauRoS$Q#1 zDGZLip=7Aaj9}uM%JX5$IsMw(korcjcT5SlD_;xt|5izMDQEQ2KPk`IKKqv5JgIC{ zo(&F7D)&al_Oilh@tYzF*;DrOwhPLp8HHMTa96l(V%m&e8)FKZZWm)=ZGbMlE?J4w z?qw``0_0MvZeVOt2g*07+{jo;AIjBKew?wzZj>9StfSm+DPLr4Nf~3dMyme~V=Gc& zE|tnZVr&b{+ude4`1?7wFjeb>hWME_?x6Zp#vI(DDE|uOtCsQ@%J_!r|G-$dD$8ME zC?}#^YU&G%LAeIyW-8A|`3A~uR8C<`e{h~HYeqASUm;>S(o&)K&a-7GMf!F8%<%H` zQSBEPi}C8IiMEA{xJ3i8QnsN9KivtGQwR-nY|P53!<6}6dWtrLMS7u{88G)?s?*JcjbPp1RPMvB(XwkJv6Vwz3N4CMv&-@^#%0 zHr$OcMok_OfoY9v^O$TAu_!m8+(6}paFlynNoDNKWmchFL}hf4OvI~nnchU~U@W^7 z^}|$ufU#96D0fo%9>%m)gJ^e^230zh-QG0A=cX5g1(gHXiTo2iBxjsyZpLmS`ZOP7 zw+kGw(62FeE77N`7|3^uLLx4`0%Ka=D{u#6cL)q)VycVrNGD<}{4uSJeU$iPF!A0Z zFs8`^0$=9TSyaqG1R?CTV9d86dc6g=Sn!y1dM0!VCuYV=CuYLwyU2-|8Gnd7(cAQ*m?Fz9WvndWp^WP1%B<3hsXkgoelATEWm zBLb(%P80`Y!lAfEnfAC&3pSM+hT{fh6T~~EY&@brO8Vn#VBaqa7cKZ2V><(J^Y{~PNblyN&4j>Q%r9H{bdk^4Tud(p zhVr@l2%~E50m8Y!n05@F)xel`47?Qh9$=O9UaI!DEcS#TXu96fBOFh8I^$fyFJ- z*kVNaI2l;n&)6pgo{+Lj(BYmS`Vu%N99n{`h-O`K1NP4l(^5Dg+I49nW1kXq2%iRuj0!<)XrGz%_b?1G>pFkvgBS_}cipW&C0Wi(otx~1WaJ`09JA!DNwXCjLtvP=|2^JSJ} z`A<${PRj9_1-s9QZk*LFyK5Gr7j2w%Rd&~`8?s%qRV>FzX|~%!NA#jgXZz%B&nh@4 z`ot=ibWU5l;C(IS419PX5>O72&uacvA zJQJLbi1Y3+`3-!G=m;#2X99LL9&w(Cm@9hIWHJo@tI5Q%7j?pbHb^ zvWI&+vC|;vUnj!|()&$QClA>BJ+wdf)G+Xp#n^~kn61b3DGaQ~-L^-E(u zI4aiIg@`y*O$-gm; zv2T-}jnMzRzz86Ok!jo$ApiJm9FQs9ILz4HLI7E*CtL&r{Q|o!*duQ)iYggl3(zg>ILNI^=yuQ5Woo1O^%Vju3zoFB0B_l!_aZO;s|Dn_xiP8E$HpS=@9@W@WR_ zg6rf3X>&Vek;lJzg0b(Cu`Q|6z?LQ{T#U)YxJJPHVoV^$78}PNc|j`1=(s?7iXkf& z0>$9_o}l;3WwJ5;#bt3T+B<~3jD4R3wpPm~*a`z;2yN|VY*6rwGWKc0+mJ1B$=-&3 zAargkV(bTkrwTj#Cf3+Cr0ylED1q?*5jY^zRnjFhQ8FMiR5B)UDFP6e@=_QRI|ilD zzn^q&Pm%oFLEjx|_CK~GN8V8E=#?qD$t|O~30b*9ipnlZMP=8d;hmL|z7zdJ+?eca zmk#Y5lELiMZpez8(e`3E-CSy+BNHL|poKmu>ATPmM8vylE%bir#I7-k%VSKZjrhyc zq;Pq$6fTD`5y5U45Kinyl%idC*IRI_>>s=PEc_!Do(YNfxG?_3E%P2kFFMyAO9Xqa zNrAm+zki}8*b9E)&|Vl8j_yU%h)nDql{^(_4$%)PdPEZ={*RzNgz!G3MJU~e$U^iE z3;n8eXdeuSOzcBsBAETqBV_j@yCSgty^Os~0qjR$FN^uV5(dPu!R1@x8pi&S1P(Mx zV+Y#h((FK&G;m;C@*Gqp{UCzbPI?YDNgnMW6p6dogZ(msgHR-*se&SLg{;c7&`TNn z94W1;w9wmR6I4N`$Y>QZC$5}_5F|2Wj=w`_OR;$eIIMpMf@2pHGPIe2`+yO#fyaS! zOdRb6_7Hsp7-h~A-2m(}ac%{0k%`wK5LQg|USMR7^RLsoQ7EGd?rAyUT3{&POu5`} zB?-8#+?Wd(+F@Q;Zfiw z!qp+CcFk$FZ@a6jWu@M_o8aNTZv4nZ{yo7Jyx7x(c zX8cm%(eTmMLs{b|XlyXT6-_I`=@zGnr$dQ7$HXxllcE_2&faR$XZ8d45FP~{G4U)I zP{}!dTtsyf{R%KQ4qG@Tf&-o85kDiMcAFLae26+s7y@CjCXVj|MjaRCheX0E36}y> z-$*C}h79Lf0PG+q7B&Nu9(N6}kMm&EEb2gkgp*o<@#Vt&NtN241|+&{LB$QwZrL)-N2-ipEU{}FzHJm7p{#`0iHTjO`LiaxY)$YRA5rX z50^Nbh#mm$A`D|rILnRk!%7h`Cgz7rB7B6$f#EpkSqX#E5>XxDHGXr8hDb zNs9QnlE_Sxho32lEH^PfPZAj*3_W~;;s*FRl1R!HKSL7bH0i5SfGI=#=txu@+Mf&X zb0bk5CX>evj0|u(KQ9tBX=1+Vz$Y|L=bH{LC^Im!;v%K|e2A;rr1KS)i*&9J01ugT zejda{ItyHA|7a-YiVDCS?IU~<*l%Kf03;fUIZvS*c*MjTOEFqvOuQ-H966k4OB-;b zN#E8BO#BC6c)H7^^P?csq02TO0tW%6BML6e&wxy?HgQ$W*`4)?PwuwqitlXQYe}{< zt$N>X+ft=oAHPLeVmnl?_dlg9aU7}#f0OQeUQM!nDORuC1C~j>k^hwI-TWt0zsi5w z^^Pa_URYaN7&Z3{eKrN0^Iz2D2c&+nof5T^2;MnC)=5s?hml`8_sd zFA?_-0;BhaFmfkW$oqyY{O{qS$>&LY_9t2Ja$uF{7CrlqNjk5MLT?I2CfQG@N`QCS zvzccX=xZ;l)AgS$vEQn+7@hZcxn8-{zEl}7JMaDhy(|r#cmDvUdY?Xi%r-9qduIGo zrRtNMvr11%#ZQ@D%73bj&Z~bS)gGfX>Fu0UsSogZNon(z?pJ%ST=UK7#*|+@|&h~lA7xm%Y_JV{T@E!pUx6w5V7z@B^ z$<$Bp(=+$j6T(M~+b$L?-edo=qCBEc?6rSx#^>R2H`fl{zLKdQzZJY#VgHs*c~y@Y zSLf)CPur#iTlU-Uv@7R=69?>%*=;ZVQE$A}z9QmP?bI*P4}b6zz4uo8TIKWl_^tLh z<&~iGHv6Rr^t`@W`(9XyJ#4?Ed`%xbZ2#p?`;OY5h{vPF!f74K1|0GI2ghf^ z+Ew$Q?-m^N^+&$`+N;-o{xe5mlwQ|jk4wPR8h(wLA1D2$fHtl-x1iPI^^tdMvHD<( zebzD`RbzHFJ`m+c){GBCjE@Jj8eKhO&r>>e-x>QVWmq3y9yTv56%`YD>lynB_}qWS zzF!IGiJ!6;DE)fnr@(eYZ^6%Ouo)lWN+zyxUVWHXVQ3hiSo-y%s!?~JwHM4r?|xqu zv_uZ;^=IwNZBeS;0Tvw49XV^yn;jrdp&wV5s8&6*)qd0ZQL4f~jD2hr`X4++{kS93DsKXI)gEj57C|&MSu_t1F@3o=Ww_ zsKW<$1~JAJGQ13TG~DwsVmM^f;~%QOpRue?6mzKlILgB)S5o{!Z;YLS=16{;_8GF~=u&;`gt8m;rBwg(kUj%A(Zt0XZzD=+1k%Iz{&2V%Qn*RQA^2jR zVp15f7UdC?`>4Jg*!aX4|3=)6)mJ;9;BQ2^6J=`Bh;w*J0Rmt*Nd60G{}M3a^s{O3 zTUh8;S`;9<(rQcj*C=y`g+g@7?G-2|n(~ohDA%JLPi5Td@ohUcNM&4UcW|c#e=b|d zcGQ8;NDR~~nL5M9_YWfX2HQI9BMv3|>~9ty2@ZeGesq?05&O@Pkilog7-Q*#(^SS5 z3ha}6M`;0hJCN3dQ6zX;8M{wlWbJ-|2c-VA>o_$b=#$7kFz+#JWh(jtRjl;N9oLm* za7xgTNiJaU*I0N4rGfNBGzsyfr^x`)kyY_nAU%Ms4#Cq2`{IdudXH3^4zES@>7zLC zF9dE#oZ*z)ITv`iusQ5|Yhmv&eP`jQBIUL;)DhAyS%g1?xZ|d>zA+a3%~3 zdSMdri~Toxh_{UFOH+bOGB?xJNuk$Ci<)hwOPYPH}F z3^;N$YaF+HgtO5!qA9a8(d0zevb$v4XZKk!q7Mm-prZ&yXaeErD%FB{G{mzC#>7LE zRcRJnB~Ll7@*CLbe{59~?!$yIn&4J}`(-~^b(Jx5fDGhZ!%ZXM)reBiSEpL&0hyuI-IBfrQ40Pw;0fUY$+Omly$Y_M$G_H1 z1&(tpxK0Z5a|4;=(Ao|Q?y+Dv?IRwKS2l;I8W$%)Z?3Ny>y5EfEkH&WUV!dn_2OA{KD#-7@?9$+F1GddQlSBH~|<$ixh}-V)jR>r(0Z zaSNW1I3G?6WBD$5V39w5-bRk*@5A9~S~=$5Y96FUqF8={3~(@=a0xC zoIfc~NAkbW5&Q+n*4<>R00X90;35lug**^h&@20=RsaLSQ(u}?X@E-;jl844ca2Tp?_sIgI|t3Vpc!6BTHu5U!P-rLYmVI)bNNo~|o| zF){TQUa{a&3r6M&NOpr;j;0Mcu)kbXz_3uXp+*|mfQUs$+YqqeX51eOSvVmwv;l@g zcnrG_#IrG8POcks@ON&U&g18sWWtG!Ff5F1te5S?AFPLX2Bm?GBXUe{ydiN>njC&b zMHXBkhi(y?PZLjiiaMo%qG1b01j6v9SPRaPhp#q4skoeMLWT}e#G7D1M8DZ5hu>z< z>BdWAn|tK&+kC}>5t*2QH;>D#Y@U#K3$tLS1;bG>18+%`hcLFli4eV-cYL$|u`P(Q zg}g3?KnRyxaH~A3TMS3VvEAZp65~}+p%WilA$yK=ZmpMr@#pI61zl?jrGjnkkf;2% zPRev`i>1zjX!%2SqvLQ~EbmXY)ye3$`7O9n8ry~}iW#s3+2WI)5r2tWdRO9=N=uL; z(HTo>Ef@yGO;5?NoSsXr%Q>SI4hq>)7z<$pBcd-&fqgMil;&83%j5)7dR|VSrO(Of zvvf$_kCvhd$|$9!WBBuA!rKSsNZF2ziYw=iVsUdFgEa+q>csrK<7BYr`}WU-X)V}9 z8Npr+)*yT#9e#sw2i8Z4CguxhXA$8l;0nUXloMYr%NNb!5d>c!JK-p&^R=)O4jC93 zj7T*xUjs*=$&3eee8C$rU{+wU%OWOB%-6M%X(r}t+DIQ^I22iLV!n2bY$99@JZNIy zC@?v}m#gBj17Dg(6`MR*mTD}j(Jb&aX;d3wH}G{67b8OP*nuxQ#bXD)n;pjRO^W|eSIm(xg(WI0w z8>9P79=>Gce|^PMy`zqv7G&#le`vo&xxsf`9Vfc6rfk+berQitQq7&$n^Mik1~+k| z+s(%Y=RLZ22z#gxKwry~srDq>L8sn4WM5)C=rZ?R|8dA36PAhUYx>BLJ(+u>IuVZx z-^jCpTjn|r14jDv%vbEmVWogo#$N2R9eTqn_Qjz+|F!(35n*exvU4)cz1ZJ4gX6E* zUpzE_G<_i+q{lOFUe$Y1c|P2h{gEl!KlJ;st2(F;tx`*(Td=v_yW#>i8ZNWzdTNeZ z=GwgskDgDL;TgeHpB~6j^Hv9ZU!Q6??X~awbiT4Xugctk$72A+cYf+Bgq>imT=5jM zL9YwHD$1q$c#et;1!GsMKeXX}1fy%!RSvw}AU|S z=`HFC1zWWK1L{92v-P5b;Qd;#^Prj$wrjY-X?yPB09%6n>a^z%;k6aX_LMUx@NDAr zd*4QyT)A$X7z6Fpi}n=$9D_%lasIt;;2}u&iDY%W;Z^K$<3S7G|K{(%XwdWpx2yBC zlIm>tmT2r{4QK;&J2m3R-dSM1ktPZ&@ZQd}gXI*Ztm+GX?gPyndqx zbU$5SFXhi#zJmRG!&&GmygZe9xP>>GjSpr<6n6n=Heb)tZcm>y3tBof=( zQx}7ix2r#%i4D^sznY}n6nxjOCfasmXv7S{ReY2tY;vb=#-6s^;SSsEpbc(Ep<{ED z$ruBfNfYuD62=F#8TcBXSiU8CcKU9ge(7WC4W%R4)u7ID!E#@dIu9G*!%gUD^?Lki zRhuyaiDq+y(e(xnP}J&Or_~H)R3FCAjEkr(Gi#$O89U7M_{Y?nW?Pq-npv*W_Q~Rb&467}2XU8T%K3eew)uH72~D33{)2$u}&7A#k(YUAm(e*OPjxxD$qdAuznI z6Bu5HcwpdJL2r?Z@;iIv`P)0M$UF3!Zh2!<^CNT^zS@FZ&Ch^gkMV7Xno-REr1Y+M z#(pL60x59U5+Q&Gs7P;!ADQS8{8h4P?rO5|bXjyF(;}F=h8TNOEc5P8VeFTr=x(H1 z+>YH1rPl?0QVM^xR^BarbOI-*iKn)RKTSkr_|(GiDB;7Ya*yP2gUpX7mrE|FJqa zA<|MeAQjcYu%O?E42ibC4;d0p-&c=~V{+oYb}4&buXOZ2WbQY_b3Y6p6u21n-w_2U z`mMm7ahyJhtLMybbtQR?wSRy5^9uvKE(#kO;bOyfg-sq~>XDg4lo z6h2lhvvLek{+ELH`}`oScw?&jbCh&DB+YEe}=#N|UJU)#1UvxA)=nHj_Pxeau1p0><>rcS& zA4t&?ozjUX2BonxY4Y&+8Dz1W_|IZ=ToM>rsyFZo^jsMGq^P(e_qNX>nsFkTykp1@ZPjehuy8jiJLV7O}Fc;HkMpX5An$>47S&LrFnoI@B5$UKBwf#Isb z-v;a>jE=&Oks1rYQ#B|Qn-wPmz@;YUT~r(+ZRAdrlki303c@|Wm4thNs|fc2R}=0B zh7H4sM&Me)gX|zirCB)Djf#2`KjH%R6GnvM80n*3zyXu~aX2ZCk$(IJaFaAFu-C*jaB4c)ziSj2{&0tD5$yDS6CZ}^>DNts z1i{6`nE0V0VA6A}1DNzQHUMA2*+;JEQ&(|22?ZSU`?ndfgnL4Z#rGP*;`CcCs~eO- zz2mZ)%va)x5MxpL&@IXWTkE8`Y{V}=ZN|&q=hdag5zB79;Xy}|?a70BGe}C%Tq?f) zpkunD?Ha7P^^xb*S_IuZbx$V84JX*4!z~5BUW$eS7(UBVyn&` zJ`xw~?^l243@se_+Xmx;ulzvm3cX`-)mgkkG1&I1`p2h3Y{vRBcu@;0JQ>nvp8r{u znVFkyt~rlX27NY1Nkp#qL^4ihy{J5EtN_jf|G@ROcZ9Li$@YC7Jk-tgF(ns^S>RYt z$J7+w7+6~}HQBBAM>*EwgwjNmW0$g9FLgPVD!p6=MFJgkpT2md0yGzLH4)w^OGPbjN(&kV=M@an&w8IC)Z zoqFO-$B(gk9G~g90J)Y~j_=rh^XFiBtRtu>hl8#;jwoezZmyfzK3%~20(h5;C%{}K zQ*STU)8ZV-iV`e~b7*0BY2Z+zV=sPE=Q|cEr-Q}w9e+~ihw&FG;>b~X-UWNWbAfra zM}BD>SSp!%^DVt92@19c8I%MhTpfAtydNd9Ny0M>XMYCUNe$@0^d>ZW56bxBQM&PlKKo0+#s?z_ANw$GUjR}6Hp+c^ z>&=b~zL9V5HN{k5^J5(zT4ztzUU zCXP>h_5IRLuz9_pRm?Q9 zov4XGq?&QygbpV}RN;wFGZ^RqNrWHR_?QMGp2Q;x7YH4s@QWySqufsAe)K{G1J-QT`7s)p=tLne~yg*esOz$21U`2!@ehb%o>0F70OY4F{@5(CqtwRl>ip(EnA^ zBXb~2*T~2_Bv0f$79K<&;<4z7d`I#`RpH_WJsQlhC`DAJCRNOF%hlhUG})8qw6oA7tT{-d*p!I_zgQE;dF4akxC;4{A?~VN zg2tE1ti;!${l!C^_=~tTBPZeq<#IHB#Dd}It;CZ6!y=^#>9S8G@D59zH=$C#Xegl` zQ-qL(EhAt){t^ac#0iM(cEL0u+jVZY{KK|+Dbnz~2KlITUKb`wlAVX1Z|9vFpLst8 z<_>W@BLCnr5zVCCO#<`LP9hWYi{t~H`L$ADK8%UEVLpr>IGWNSGm$bV9bMcf-wU?*s(8$W zC2hRS^b)O3M!ck1ERw)9hW|GZWnw7|KPWKLD|U&NcFVnyr7-3vo>UkR!K4P{SWktc zA^L#ngb{!0uw+_RC6BKxgMj#3#APrb_B)ri%i~qcA^R{HUOp~)R=DL$P*wzFldWi# z8CubU`CmKd_iiSlgV%1#;N$|2DN zh=1jz>}ct!q5}6W4N^EAN{^B;eq2waG5wl+i&aLf9HJRJs1NnxWZfR>Lmb!27m{Vb zp_5|%&p_%au&<%kke;ozf5Bmq7;213)vDG&Bo{u(`_~aGZ)}E)8Utn zYT1p_qwIG11UVZ~;_pO_&nhT-L|~6RMY5`rv5yNn0%#(f(az$>$oCBt zzzK0bSWqE(3a(h_HzeIxW8QEgUgisg=o<4ufZvJok8dPY!3s0w(T2im3myF+K>UUM zaxZK{yyW4!_$I=l4gl4}$#8%m@@K)uUsNWe!!fi67vR?c7E9O<45gf&R16Fu zgC_v&Cfo>|LOfhHmFUgDX+*yWj9?7eR^S|>UkBDaRDr0(E>v;{u#f1Sz(s_+fZ>Rt z2=!tUDw!K7BYF>TIpJR53X5!|iQ#W(6G}_wOx0$^;uzo>66go6B|HFJM|cpp-ozJDFvMC(U<|m8@HlWg;Tymm zgeQPIO}wHExXZ*TfUKLa3Ve~U6S#-?1AP1;1Kf#>8sI*{ps{|!L%;(j&g5DL344LB z5a!N-kL$^t1V#op<|m!mFyRW|YbMUC22KRl|NVYPFMlbxt;4M0YkwPAl4K6VHSt`=p8aMuZA^&Oe9aN_0YAmfIM0$(w3sY&N+@bG#Q^YwRlC*hIz?H-<8 z`C6fEL#gpsepOBS@B`TW3OxBB{_QZg3^#P>WxVLo{rqR4-obxv3+)#2Kj<6hq+vb& ZD1M4`AAZ6RPGpX;M|eN}1`B(H{|QL*y&V7m delta 29064 zcmdUY4_H*!nfJLf!!W?0prb%U9Rw8=<&U7lA7M~b1T-W;B}x<%(hy4$j5Hb3F?Wn4 zMMD}4B$xe4l%zDJ{b<*1Xov0+LlWB3EZdTlX6c4Bq_L^n($=((1f6efzQN}*5?~`SW{cm5@M0~D>vA^_JG z`G5bOcQNH-`Klk6pg&WN`muQNXDWwo_2UVni&^$fGRvW{KmBcTGK=_r`U(|6<4eDPv{Quwgf0!Cz z|DCV;-)a0Yv{gT3y% zZsA91We0N?g=m=uU-z*+7KhO`&(m?ZJns3J`wlNB%0`ctRAY&IzWvGH#Dp4dFdFte zcQlV^d7h01Epz%)yFMf=II>Q8c*#fDf(<*B2%CwxtVxLrp53KPIzo-L8(z1@b#x#5 zR&duorCs?jJvdvV?6ijjc!IkRDc=zW=6O6p2rQ12ZN9P&^8F7eC+(7U!%ol=Pb&Yu zP{|Cso>bBzg}l5C8sx>>JRuCPS^ zi6y>@xw*~hR>n#K%ykmG#*8z-FR&O-9b|`-xCzh6dHKUa=@5Q;x;8990 z&Q0f~G36}kP8NYTZEh~(G-GFhy)Vp-=xsKaef4M>3wR%z8*q5)=9;1GLNMnGO0tsB z@4sB&^M7Z9&;MM=sLYDFKXz(O&na;U{y$Njh3a~(2h~btaPT=LN>P3o9QmShz^NP$ zx(AdEin1+O{dMJ-MR`pd4JrqePX$v3l?=P`b*=g$l%Camxa_$C}hH{KBV> z{Lbf5nWJLvojpXaG0|`!7ryaF z<(^1a4=b4$zb&GKJ#9T_Ij?MsEm6yZr@}4Q=Ee3{7*o)RH!&6#0CaXtpN>=SVJvzY z)Jm%LGnRzjWml=(!dOZ#%Jo!!jIostl>JoJPzFz^e1Wl59>y#!RR1z#Yh$1-mCCO( zwj+R}47X7Zu86aQ*{}^@EPjE7+h==&F+0~N%0ESU$W)#|dBRlwJ<6a7{;)8{!fhy5 z8uG%RJ-iC#HYzVgc?#t&DyJ}}J-5V?726EuV??Y*SiIWhC6){&U5ih&WW<6^VO0BN z#$r;mnncU;q;`dfIl^m7hd;K#N}rTYI&#rIuw2;(0vE3@hx2UqX)N zTWVRZc(g9g<-r39B6c&DorC&Gsz1os1}DnB zRKA-rb;AYpyNw74eC`0s)l_~Iws1eXsf^%y;67`jaw~4OFp}9wVJFJ*rt*1|5l)51 zO~j8G%g1oFOi=r;Gwp|NOSW2XYV$M3HaDP5V=n@es|b#hcHU6C0XuKdbEZW zmf{kwnTA$WA7h75WDcWcR1jrI3YGr}qXfLK% z@|Eo1A5tt&I@L_Z_Tp5Pf5H&=JpxbR9w{(pb|+z#Bdf*hbhd<%D-iIgUhF zL~R}LgrDH@kE4>Y!@#OusFjT!Pmu!7bdD5o{DxHQ_!p_z@mmue9VHBkSSINaD@^q5 zCVDyahZ^iPRqQu4_=Jgm#6%Z{A`%h*!$g11#Q$Xz{Tn9w-wQhYj~Hca7lkF_S0*Oz z8HG1;v7|>{XQHn%(bt&h8%^|l6W!!}WI5=nP_Wn3V85xsXHE1cO!Tjs=wCC@e`2D) zC+Sgm(ur{sWtVg{YJsVOdr1aG@je41A81jlO!RCMoqH+xx0vYLP4pX0bnc|!zg4F% zHxzurRB^AV!F^hLj-^0-*+lxbiS@T8`tK#($$Q9d*zV-xkaRkE4+;8u6P@>vpck3w zyoW&F$b;bAZK~isBpMtv(T|wucWZ&%58Lkiwu$w16YCo$`cF*s_ar^qBI(gkEqsbz zV4^QJ(X$P@%59I{XsQUvyF)bYlJ$`Y6h6^|@{ThP_q5xHJ};HA+XZeg(MK4&RnTV` zyMyq21iL}tdQ9+rqR`6NCj^EvajT1QOCw_HS%^Odx3o_Ze+(WOw+IY}4hlSO!Z1S6 zW8r{-F~Rw&DOBM#VchmYbe{=NNF!n)R2YFshm2SNqwgdm7T~@roLSJs*a1O@lZ`4B z7NT*ZzzFF*0_Vtk@4_m^?iTb;$?rl)MHF3$GQ2L2RP1Uq@gOR~AaxOhipGm!wRjpV zhSlO}u(;BA8o)-jxX#1_Z}?M!e-;O1H!W^Awe2zSAX@hlf1H!CW0A%KhQ+z$Ac})B zVNhJ740~Lg37dq*U65T6cSW|1hxhlBviK^-d;)iw@Cf?<22nA|*aHGzk~jgD3Z4YF ziJor4=%y3YHUV8D!kaLFXQ-f0N#m|Vm+Ab_&#uG$WhcK~;NEf_zB(=i-a?r3Y$u!t zTuwL_7`Gjre>L!4U(?(W7xg1{JnVvUwm#@Hi7PpV_=l)!LO$Xwx&&a6;#d%UBCFSkWt$ ztw0xuTWqphDo%m2GsK_LAO~qmn~6S&O{L($>=0d$GHdAN{pvcXE9RJIacK1PjK z_A&NZfv2U>D`yycoan1yoG@q=q9VF=)fA3e1P_c5-MZR_`Tqn}tVZJwfjuTBcqs&} zt})RAQrYTG#vT=IVQ5Ish>3qp;#4PN?K(gFPfamZm=vd0$#A9mO}NFx55*#+sr@EA zVB(pOhNjs}81m1EheTSNtXPvMADwG*WdE%}1H)>@)}Wh&;x(-%48>wIux8XmpVZt% zmbe@QQv_!%0@y`CTiYcAxE3OWnzaa;Py1w%#jV09p)egriCK}}V4@>RLSlNml#k%F?IM>(7iLjn8RGtw`-6p0%6P{%3xZs(Q7<+K`X`*MiOgNpf^MVe? z#1zk{lmk8kMi>sm|BOZxQ>Rp%f$$2eGhk3i*_a661&doC(IhM8@SnnV5mOPR1T2dM=C;YmnT2 zovx2RmW#$;7ED*ev}=td|Of;PG26yM~LhHgTr#SLy#vz)%0+T?|a_SltQC7a=x=e}MVI1CL*ZW4XM8MCbTEqQjBA2Z+w`BSh~4K0|blpC$U=0zW4f zD!lMDs=#4N-Z!WL$FCCoUxB|zbdLYUpeqjG9~*QX^MwiwRaS!jd!hs9TZq0581>vS zWgF&y{&iGw8!GtXfmd+6hUgChBSJcz<1IwTnOOdIqH}yB(Vqw2OLUHp5FO6s-%WIm zd9?UKMfn{H5UeZUcoJt;kq9+D`R`FY6J9Pl3qZvy@R zm^%hJ1w0ZQLr#GzLIFVqP|7Q~pn`b@=7I_q5QdRW*7h-A+2>Llv z3@;0xCB+lO30=(2p`6~j33urKxtK{)*E#91jB zT0A6|c*Sr`Ecc2h{I|PP;VZx;j6Lw2MrKOC$BzWo=8xq(jSI4ETEVRxj zg+U?y3()_vXaFN#5f~vA3zKbSGK|}xK&%6|HOnw=8`vtC31j@R-3aRmYH+MqAzg>P*?V8p_1dY7Z0$ zBlf^c(XV@IP1rBT$DUpj|EP&)+JvvlmD1iAjDIn>_EyWrdq-r0edxb`qAu8Hiq<|T z7KZLa*N8~$8dnN)O5=(z8T$Nw1xjSBP_zp{qRf(-QQ}W4@raeLxG6Iet0I< z|N9|Fv^{|E3daugF!nui-~b#GxEAv75cmIEF3Ul8u!^yNqy`5YrLu!9a%*<5T`D*@ zY2ulY^h0oF7s)x)BzX=&j#$L1hx()khagCJa|nXOzMw8%((7^<`yvUgD>cyrvJ2`U zQ$(~5krR8xIyfmJbQoQU8AtPv;n|IKpyL97&A<^(UQ&gLczUR#ZUkraY_ zO|pn*gxK)qjpM*R5~JhLbqayic`$P8C6Q2`AdsRm9R0)`UK#M4O}B#5VyI9d%lPa|>k5r#6yl!19_ zQUt!dEl(wh(7gnn1gm0x&M_pHj!Z1~g1Cv4P8*#%SK|G5jGSlGU86=U_gkfA{ zz`#6nB$B+$Yy*ZuZUoO5iGo6odA3LtWa;<bRz&T)gzvp<|9v*;@NKRVs0;AtQFv_NB? z@)7Mb=sevcy3fERFixK>;Moe#=8-|$7;vekN4llG$rdE%!3&g)$5 zC-49`jAX@Ee&+)(%S)O2!2h{q-`dlxs9<>Rk0me6T{`s&j!ChhhrF0PH?wfr$m1M4 z^)7Sx>zD8(M?MXe2LFRgj(eY-8~EfLQ#xK^G3p%4**Ev22T#4k93&u~GZ&zqH|Y4I zE~o|Bk`B*HEMBdD)93&ET4YxKFqg|Jc@|lyBpeEBc{^MOwEmx3UQvFeHNA(_w%lO* zdzQaM`q#T8vWo&;#u+?gzcGnys}htrs2}A$8`Gsn^_U+52BOS3+?Rz1wx{4XL6 z7emPZH1dNFvl>qiOZ5css8?98|IH1)_QNc|doANUhDj11Qgb(*O=3+L5@EPDmz-mL z8Qn&lIW9sd1`j8v!PM1ZyeVGd#wqb;x?gYWc?qZR%F*+K6AOr{2XF`|eM*nA@zI626HcmFOA9 z>aGW0ILzll#oVvo3D(_aeLe!2#IC!n`=GG#F6;Bkw>0~DEgx(!U=)EuU?H|82^`^Zfis>KR1H(rR$k)pH zCk3=AZ8p{tuf?3T&R1-j`>b_!8pgc-!F^T#psB-47)|t#2efLf>8!N?W2pbEbpr;^ z^jYh2<Mu>DNY|0LQd8i_0QBbM%j}A`=g`RIRiFRkc(l zSPD_qq_uTeix*w^NL4DTpt8fd#u9l&b9O>ardHW$Em+h@oI-vjo_7JQyVH98=5eaR zgF*kmv#3ji;ZcZojj#}bh&Y{E>XX)tMKDSKn5(L^MpP+K@}zZ>GN?_Uly>x0Kd;bLcAkkVn{_bd;Ha}U}5zN=D zFWFTm?ml=V*?)*NODmWtJCY~;^0$P@6*cOwBIlLMpq%4yE6P|Ce!G-3?zvCh`k98`dL2;rFo@n*@WK8vGn)d7A=U91W7~$oUq<|&$AO*$ZG?f}Fb)BgN~-@(NS+QH=;E?kK#Hj23d(9b z2p*#WPhc+NAtr$l$taJbJVf*Om?}*TYD_$XQUQOHUQYb$6Q$AoO}aStUyn{p6+GxXao)7P7y6Hh3Ro>XUO$19 zeL=ru!q?;x4S$m^qLNW1z2`5WRD6CfccquqqN1lFovu-a7-#f%~3!ict$n2Q2K zub}gn=OOGdVb~y!mNVgSh^I~3lVy{E%YyyX^D4{Al--n7E%Vm0AV{2ZWnt6_XZRcW z5N^lpB15yLSW_hemuTJgLV_{HDMU-B_2<@>>5usoWE)A{ZeYE*ioN7G4&O%V}FQBeN2V zpiDF_}nJTO9dzXggzcnTYI;@Rqu z(|;=zrwMwYG-7KF$>;uWt(X0@wZ+6VC>3lSmvegSC5cND<@77fG2t>fbxYBG;@wSY zr<7khidnXXtSf~F0&laKa0+9miHE=X7SEGyh|pm{hXUdK_DtE|+d&s=t?j*X`fVQy z;bm+)JQH`|?b9;s+b;ua+PAE3{^vR3KD)yyli_wiRft|K$M+7nB9djxz#qb;Cfp)3 zFUnxfXUUbaF^PAk8oKl`x)Y5%iHW}i7q^m~jdHEH6Ej`-yR%)Uh3uS>F)6pn5mBCK z!XCK@DX)`ZD92Ajgob5#vs6}&Sc!>MeoY!w5o5yXQfLJtB!+iItqC{Cl}*K{ya!iI ziW>v`uef4r0A)f@CA<+Ul8&sx<##s1!P4v&odt@bc5#kNPIFoP{ za4BI#$5BH#0NiO{zRh(YLR=2t(K;>@295uXD5vwCY($fR`K~qM0_GU6;9FMlih%D< zBjXJwzB7$PH*p@mD~+r(FyDbjHWRJ}9xyQ9c}9{EUKkL0)u8hYW>k)W`Q{R@2y~g) zSgI_lg$gmKfB>$H?;xYdgR*wuS)xO@cwN9ZjZPTC`S}LXSxvYTm}K&ep>xQf^G%@> zJ;V9=elVJG48S*o(Jrch;%Iz16W;_zlcjtE7)?U?=1;sj;2XbaQn0(ubh7{Q_pP_! zklsCxb5yiVgduc}dVRcpj(UB(ezP9fxsHR-0p6f)h1gj;$iP4QJ^CYtQ41 z;3B)Ejpx{^9O~&R{?iJ>T6(UnAh*T)jk&<-LhJs&DN^*5_1|RsHGUzXyV`b-a*O8NV=GqP(JJ@YzOVc;n7G&W zw~F!@-f-Bq;s*<2YHZgl%6|mwZnoh!7;e`Z_uGD_{F_#Hz;;NvQyV^DdtbRr8>)ph zp9)Ub+Ts-DN5N~i*w!leQG=92wtrL-v@3_e`^{igoh>6wo%TB{&*7js<;BCyc{16W zl5zTj7Z4j~9(v>~%BS81?L3}Ga5v-p2j9exH}suMwq5bRh2M`D!ofA(S@0j9zzM4l zb?(#2ww)-)fZv5dr{ISf6u+w1HJ$oEiPvRa#1BB6pJv{t@#_!j`FDMRbBas->H9u@ zwyQUK8ash=Eb(NK5`Ut&tm-VTz^)T%e{cc2IGroyJg1A;496vSN#Y6ME?~S+QSfrb zO{d=>8vm6DZcO`w))a5|Tyw_SQy+W@mbx=eeK3ZO96woPD?FN($x5D`8_9EjaO`Z6 zHKkx$9|QwI+a0zaEU=H_jM%ePi+$9(sN?Zbhq62P{&8EPWmhVWp+=ehQPRQV-im`` zd5rv_BV^njVy+szJo7;RfX4rjPye{Yp`%xO#c#W+bO#4d*cLjKQElur#Uh< zNlQIrQ)8#lq|G?fbH0Pjga&Q!j4cD>{xUAH{iv-nYWdBeaaK!x)OLMr9S#DgiTqt; z_j|S0M{UdTwxsV-TX7O@M@qU;J8uJ?ud@(RL*)`YpR0q8Hk+2L_AvGaJ*#hPl$-V2 z+Hqth=-~MWfk)&i$8D4HV4xm;f0}se(;54bz=blovA&A2e-ZQnqTLC0=HNNA5T*2Id5%ehWH1x@ZN5l6pV)&j1k!^Sb*v2vZZb-Ka0lbS1~)9r?KiJ`lmc54DUnqE0nSeUH8Fgk#Be(3{|&LP0f__zINbJy}Uc_V81 z24O_14F2;Z^vpP8|0eJy*|rV%BGDf+$$4x7`o%zd3}F`ouW%j4Z87HCljYZap~%VKqECW{LK=8WwKp+NX_kUOyDYYqP`H zb0Fv8B^yt~D&vZ5uk+3!Y*^g}Yf@6WOl8216EHLS5SsOAlJsvH~YG0$&1hN0Ch=}$CUP1oTBl_kg zT^n-R6Xt*0`3q0a+??k&)>tt&dqJCa+BYfnT70zqCgo~Cr zZr9@H*$*kFgT8t8D2o!UwZzzWAQ@#W#=aF>x0qP4uGAX&<-6Kwto?B%PpesA|FrUg zHnG5d2Y!04aH0JN*ucfO?B~($g3JE0(dIliv;0jl8w%hj zOgsVRteE>nnpPQaPgcT$P4RX$OgW)lS!&;hOW88}a^n0xP+S|Aw$ZV2`!+dr=;ELgVEzS^pME7+83|95M`IwL7Y@wPt0 zdV5Z?ek8;6Rm@F391NtxaBLVaud^59NAptG+ka-q#xy3^z66`rbbk3tuq@a9id8wT zIrHp4Q_cpj=Gos?l$W%L0>lMDD@2sO5UeY-za6cV2EFC>WA;UEj4GZLpx{3|z!s%* zsJW-Y;(~8i*;_5U=!dV0PeRoy6Hd4uGit z1?xylEh9tj7)>9eb@bY?5{sU&D6XkKEK5`*jh!X!83L+E1FcoaM+5WdqwHyP5 z?|h~)25toAhI0I46a76&=V`#=>^$;T$rE|R!~^d`JSI7jKbJgFwRn0((i$TQ4a6%5 zewHWJojk?27)<=*M9+#xy^{+fqn*E%LZjD9I{%p>;Y{?sCi(*=`Y_fQJ4iwF8zv@h zHAP}xwxrL?H_;z5(a)IZFPrGEO8Wc-l0F|#6GOg=Il_gKH}kiP3efK}(H}I?&zb1Y zndnz>x=GH&_(H2_7Bemv#WB;E2ZCo72bW??7weK0vFUPy8rvWfM)~C0MU7+8O;v;! zV6fdFFcgbFl38#?z86?ng9$=B3)`e|>Oxo{HXW`U`KLgxDrvQ=P8#R(OCwyJCi(>v zeMUO42xCZO$S#5dH4 zjc%Mrz9WsRmPh+>=mN2?j4zW>iEo7dG*TSjkF}S;BXW-!KV`x&^j6|YfMOBSgf((Z zB=7-CgEyf@{s>P(6K)ZrEp+J)bN>^DrN;^I>~_I)Rrc$3ee#c-mbj(jB|iBYa!D_4 zlGJv|t9UT*L57ieOH*VdmU`uDl%)-_!BQv__XeI-c$fq& zbI4aS%PJYWOVI13$IJXCjIl!J7b;thFy2iKmP1(~Vg5HF;*+u zB*+o_l_YU*fX7K^s5>}D_X(aAPX7B=JpTA3qi;k-@=vHQYeD}xH3m+Jk$>ozVlp(P zTSg*fL>jtsP-bDR9GCBwR=H%PSMkIR;qj_gvGc)Z_A>rQITVT2P<)@j2(LK$S=}cO zJXS-QNa#p~0^v-mU(WSZ7#gAv8%F5Pll}Z%Pw2nE+e$|0`C9f_1oHMnZ=Zj##=~ex>q(%uaXa>^g29t1&>Jq ze>EqLgm~uMQQ}$GBb{6~Cb|Irue&A(+WHhxfwhZIHeL^*_miOY7i1XMPs%r)88LE- zW|Y$y8pNMC+(=`H;|BR-T^TUwA#wlDKGYQUutejlnpjD%203e%Tc`v#)%vYk5l%gr$ypC7$=VX z_@5uPkwJOgvRm^@r9t^k=zrlQPg#158sv}40hoVD4!{D33BzbH&aBD=)MrW(?p*z(V0Q-nO2J9z14jeG>>J;D>qE7-NGTgY8@xW~u z|GK5qD6~@pC}o}0;4*L*;Thm=!dHNM2ww&6HSpR>;69>rFZ&J5Z4iI?n_>eVAbvle ze}hILqaGMubAvL#z=jEr0go6s(+xaI*aM6@&Yw9046k*34S2%9SuwzqgsXw43|vqL zoCvJNHQNVOA5f1`!!tcBq>XR-EeHXZ8aaqXoWsCTZeWjrovFYL2A)3++-l&MOyFSy zFNg<5IJg{sDq%}8@M4Z@F$j6Z5(u(&85PU@z@r9E0zC|FaGrD+5#}}U`XS&R0~f&k zFfy9&<-;x;biQx5I|*L{hEZJ3<~m@6L&pO+!?gR10^g_Gy9u`fj~STn$L$cn8}Pk& zIC;SL;o+4Ao$tZJn+?qO-{HN4r$Wbr%}Sa6$D4I6+O_*|`sLT$_v50U3a+wj>DHQf x5x*SHFH5vxemTUC0asZ{TeKJ-iW8cLU%Xl!E@4&tWTs>KmKBzJujuE1{|n68VV?j1 diff --git a/source/libwolfssl/openssl/asn1.h b/source/libwolfssl/openssl/asn1.h index a1bc9530..37a0e9e5 100644 --- a/source/libwolfssl/openssl/asn1.h +++ b/source/libwolfssl/openssl/asn1.h @@ -69,6 +69,7 @@ #define V_ASN1_OBJECT 6 #define V_ASN1_UTCTIME 23 #define V_ASN1_GENERALIZEDTIME 24 +#define V_ASN1_PRINTABLESTRING 19 #define ASN1_STRING_FLAG_BITS_LEFT 0x008 #define ASN1_STRING_FLAG_NDEF 0x010 diff --git a/source/libwolfssl/ssl.h b/source/libwolfssl/ssl.h index e9122af7..b160b824 100644 --- a/source/libwolfssl/ssl.h +++ b/source/libwolfssl/ssl.h @@ -191,7 +191,7 @@ typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID; typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS; typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION; -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) struct WOLFSSL_AUTHORITY_KEYID { WOLFSSL_ASN1_STRING *keyid; @@ -2167,7 +2167,7 @@ WOLFSSL_API WOLFSSL_X509* WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); -#ifndef NO_FILESYSTEM +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); #endif WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); @@ -2202,7 +2202,7 @@ typedef struct WC_PKCS12 WC_PKCS12; WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12); WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12); -#ifndef NO_FILESYSTEM +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12** pkcs12); #endif @@ -3320,6 +3320,11 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); #endif /* !NO_CERTS */ #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#ifdef WOLFSSL_WPAS_SMALL + /* WPA Supplicant requires GEN_ values */ + #include +#endif + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, int* idx); diff --git a/source/libwolfssl/test.h b/source/libwolfssl/test.h deleted file mode 100644 index b9040673..00000000 --- a/source/libwolfssl/test.h +++ /dev/null @@ -1,3702 +0,0 @@ -/* test.h */ - -#ifndef wolfSSL_TEST_H -#define wolfSSL_TEST_H - -#include -#include -#include -#include -#include -#include -#include -#include -#if defined(SHOW_CERTS) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) - #include /* for domain component NID value */ -#endif - -#ifdef ATOMIC_USER - #include - #include - #include -#endif -#ifdef HAVE_PK_CALLBACKS - #include - #ifndef NO_RSA - #include - #endif - #ifdef HAVE_ECC - #include - #endif /* HAVE_ECC */ - #ifndef NO_DH - #include - #endif /* !NO_DH */ - #ifdef HAVE_ED25519 - #include - #endif /* HAVE_ED25519 */ - #ifdef HAVE_CURVE25519 - #include - #endif /* HAVE_ECC */ - #ifdef HAVE_ED448 - #include - #endif /* HAVE_ED448 */ - #ifdef HAVE_CURVE448 - #include - #endif /* HAVE_ECC */ -#endif /*HAVE_PK_CALLBACKS */ - -#ifdef USE_WINDOWS_API - #include - #include - #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */ - #include - #include - #endif - #define SOCKET_T SOCKET - #define SNPRINTF _snprintf - #define XSLEEP_MS(t) Sleep(t) -#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) - #include - #include "rl_net.h" - #define SOCKET_T int - typedef int socklen_t ; - #define inet_addr wolfSSL_inet_addr - static unsigned long wolfSSL_inet_addr(const char *cp) - { - unsigned int a[4] ; unsigned long ret ; - sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ; - ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ; - return(ret) ; - } - #if defined(HAVE_KEIL_RTX) - #define XSLEEP_MS(t) os_dly_wait(t) - #elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2) - #define XSLEEP_MS(t) osDelay(t) - #endif -#elif defined(WOLFSSL_TIRTOS) - #include - #include - #include - #include - #include - #include - struct hostent { - char *h_name; /* official name of host */ - char **h_aliases; /* alias list */ - int h_addrtype; /* host address type */ - int h_length; /* length of address */ - char **h_addr_list; /* list of addresses from name server */ - }; - #define SOCKET_T int - #define XSLEEP_MS(t) Task_sleep(t/1000) -#elif defined(WOLFSSL_VXWORKS) - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - #define SOCKET_T int -#elif defined(WOLFSSL_ZEPHYR) - #include - #include - #include - #define SOCKET_T int - #define SOL_SOCKET 1 - #define SO_REUSEADDR 201 - #define WOLFSSL_USE_GETADDRINFO - - static unsigned long inet_addr(const char *cp) - { - unsigned int a[4]; unsigned long ret; - int i, j; - for (i=0, j=0; i<4; i++) { - a[i] = 0; - while (cp[j] != '.' && cp[j] != '\0') { - a[i] *= 10; - a[i] += cp[j] - '0'; - j++; - } - } - ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ; - return(ret) ; - } -#else - #include - #include -#ifndef WOLFSSL_LEANPSK - #include - #include - #include - #include - #include - #include - #include - #include - #include - #include - #ifdef TEST_IPV6 - #include - #endif -#endif - #define SOCKET_T int - #ifndef SO_NOSIGPIPE - #include /* ignore SIGPIPE */ - #endif - #define SNPRINTF snprintf - - #define XSELECT_WAIT(x,y) do { \ - struct timeval tv = {(x),(y)}; \ - select(0, NULL, NULL, NULL, &tv); \ - } while (0) - #define XSLEEP_US(u) XSELECT_WAIT(0,u) - #define XSLEEP_MS(m) XSELECT_WAIT(0,(m)*1000) -#endif /* USE_WINDOWS_API */ - -#ifndef XSLEEP_MS - #define XSLEEP_MS(t) sleep(t/1000) -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - #include -#endif -#ifdef HAVE_CAVIUM - #include -#endif -#ifdef _MSC_VER - /* disable conversion warning */ - /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ - #pragma warning(disable:4244 4996) -#endif - -#ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE - #define WOLFSSL_CIPHER_LIST_MAX_SIZE 4096 -#endif -/* Buffer for benchmark tests */ -#ifndef TEST_BUFFER_SIZE - #define TEST_BUFFER_SIZE 16384 -#endif - -#ifndef WOLFSSL_HAVE_MIN - #define WOLFSSL_HAVE_MIN - static WC_INLINE word32 min(word32 a, word32 b) - { - return a > b ? b : a; - } -#endif /* WOLFSSL_HAVE_MIN */ - -/* Socket Handling */ -#ifndef WOLFSSL_SOCKET_INVALID -#ifdef USE_WINDOWS_API - #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET) -#elif defined(WOLFSSL_TIRTOS) - #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1) -#else - #define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0) -#endif -#endif /* WOLFSSL_SOCKET_INVALID */ - -#ifndef WOLFSSL_SOCKET_IS_INVALID -#if defined(USE_WINDOWS_API) || defined(WOLFSSL_TIRTOS) - #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID) -#else - #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID) -#endif -#endif /* WOLFSSL_SOCKET_IS_INVALID */ - -#if defined(__MACH__) || defined(USE_WINDOWS_API) - #ifndef _SOCKLEN_T - typedef int socklen_t; - #endif -#endif - - -/* HPUX doesn't use socklent_t for third parameter to accept, unless - _XOPEN_SOURCE_EXTENDED is defined */ -#if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\ - && !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) - typedef socklen_t* ACCEPT_THIRD_T; -#else - #if defined _XOPEN_SOURCE_EXTENDED - typedef socklen_t* ACCEPT_THIRD_T; - #else - typedef int* ACCEPT_THIRD_T; - #endif -#endif - - - -#ifdef SINGLE_THREADED - typedef unsigned int THREAD_RETURN; - typedef void* THREAD_TYPE; - #define WOLFSSL_THREAD -#else - #if defined(_POSIX_THREADS) && !defined(__MINGW32__) - typedef void* THREAD_RETURN; - typedef pthread_t THREAD_TYPE; - #define WOLFSSL_THREAD - #define INFINITE -1 - #define WAIT_OBJECT_0 0L - #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET) - typedef unsigned int THREAD_RETURN; - typedef int THREAD_TYPE; - #define WOLFSSL_THREAD - #elif defined(WOLFSSL_TIRTOS) - typedef void THREAD_RETURN; - typedef Task_Handle THREAD_TYPE; - #define WOLFSSL_THREAD - #elif defined(WOLFSSL_ZEPHYR) - typedef void THREAD_RETURN; - typedef struct k_thread THREAD_TYPE; - #define WOLFSSL_THREAD - #else - typedef unsigned int THREAD_RETURN; - typedef intptr_t THREAD_TYPE; - #define WOLFSSL_THREAD __stdcall - #endif -#endif - - -#ifdef TEST_IPV6 - typedef struct sockaddr_in6 SOCKADDR_IN_T; - #define AF_INET_V AF_INET6 -#else - typedef struct sockaddr_in SOCKADDR_IN_T; - #define AF_INET_V AF_INET -#endif - - -#ifndef WOLFSSL_NO_TLS12 -#define SERVER_DEFAULT_VERSION 3 -#else -#define SERVER_DEFAULT_VERSION 4 -#endif -#define SERVER_DTLS_DEFAULT_VERSION (-2) -#define SERVER_INVALID_VERSION (-99) -#define SERVER_DOWNGRADE_VERSION (-98) -#ifndef WOLFSSL_NO_TLS12 -#define CLIENT_DEFAULT_VERSION 3 -#else -#define CLIENT_DEFAULT_VERSION 4 -#endif -#define CLIENT_DTLS_DEFAULT_VERSION (-2) -#define CLIENT_INVALID_VERSION (-99) -#define CLIENT_DOWNGRADE_VERSION (-98) -#define EITHER_DOWNGRADE_VERSION (-97) -#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) - #define DEFAULT_MIN_DHKEY_BITS 2048 - #define DEFAULT_MAX_DHKEY_BITS 3072 -#else - #define DEFAULT_MIN_DHKEY_BITS 1024 - #define DEFAULT_MAX_DHKEY_BITS 2048 -#endif -#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) - #define DEFAULT_MIN_RSAKEY_BITS 2048 -#else - #define DEFAULT_MIN_RSAKEY_BITS 1024 -#endif -#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH) - #define DEFAULT_MIN_ECCKEY_BITS 256 -#else - #define DEFAULT_MIN_ECCKEY_BITS 224 -#endif - -/* all certs relative to wolfSSL home directory now */ -#if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL) -#define caCertFile "certs/ca-cert.pem" -#define eccCertFile "certs/server-ecc.pem" -#define eccKeyFile "certs/ecc-key.pem" -#define eccRsaCertFile "certs/server-ecc-rsa.pem" -#define svrCertFile "certs/server-cert.pem" -#define svrKeyFile "certs/server-key.pem" -#define cliCertFile "certs/client-cert.pem" -#define cliCertDerFile "certs/client-cert.der" -#define cliCertFileExt "certs/client-cert-ext.pem" -#define cliCertDerFileExt "certs/client-cert-ext.der" -#define cliKeyFile "certs/client-key.pem" -#define ntruCertFile "certs/ntru-cert.pem" -#define ntruKeyFile "certs/ntru-key.raw" -#define dhParamFile "certs/dh2048.pem" -#define cliEccKeyFile "certs/ecc-client-key.pem" -#define cliEccCertFile "certs/client-ecc-cert.pem" -#define caEccCertFile "certs/ca-ecc-cert.pem" -#define crlPemDir "certs/crl" -#define edCertFile "certs/ed25519/server-ed25519-cert.pem" -#define edKeyFile "certs/ed25519/server-ed25519-priv.pem" -#define cliEdCertFile "certs/ed25519/client-ed25519.pem" -#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem" -#define caEdCertFile "certs/ed25519/ca-ed25519.pem" -#define ed448CertFile "certs/ed448/server-ed448-cert.pem" -#define ed448KeyFile "certs/ed448/server-ed448-priv.pem" -#define cliEd448CertFile "certs/ed448/client-ed448.pem" -#define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem" -#define caEd448CertFile "certs/ed448/ca-ed448.pem" -#ifdef HAVE_WNR - /* Whitewood netRandom default config file */ - #define wnrConfig "wnr-example.conf" -#endif -#else -#define caCertFile "./certs/ca-cert.pem" -#define eccCertFile "./certs/server-ecc.pem" -#define eccKeyFile "./certs/ecc-key.pem" -#define eccRsaCertFile "./certs/server-ecc-rsa.pem" -#define svrCertFile "./certs/server-cert.pem" -#define svrKeyFile "./certs/server-key.pem" -#define cliCertFile "./certs/client-cert.pem" -#define cliCertDerFile "./certs/client-cert.der" -#define cliCertFileExt "./certs/client-cert-ext.pem" -#define cliCertDerFileExt "./certs/client-cert-ext.der" -#define cliKeyFile "./certs/client-key.pem" -#define ntruCertFile "./certs/ntru-cert.pem" -#define ntruKeyFile "./certs/ntru-key.raw" -#define dhParamFile "./certs/dh2048.pem" -#define cliEccKeyFile "./certs/ecc-client-key.pem" -#define cliEccCertFile "./certs/client-ecc-cert.pem" -#define caEccCertFile "./certs/ca-ecc-cert.pem" -#define crlPemDir "./certs/crl" -#define edCertFile "./certs/ed25519/server-ed25519-cert.pem" -#define edKeyFile "./certs/ed25519/server-ed25519-priv.pem" -#define cliEdCertFile "./certs/ed25519/client-ed25519.pem" -#define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem" -#define caEdCertFile "./certs/ed25519/ca-ed25519.pem" -#define ed448CertFile "./certs/ed448/server-ed448-cert.pem" -#define ed448KeyFile "./certs/ed448/server-ed448-priv.pem" -#define cliEd448CertFile "./certs/ed448/client-ed448.pem" -#define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem" -#define caEd448CertFile "./certs/ed448/ca-ed448.pem" -#ifdef HAVE_WNR - /* Whitewood netRandom default config file */ - #define wnrConfig "./wnr-example.conf" -#endif -#endif - -typedef struct tcp_ready { - word16 ready; /* predicate */ - word16 port; - char* srfName; /* server ready file name */ -#if defined(_POSIX_THREADS) && !defined(__MINGW32__) - pthread_mutex_t mutex; - pthread_cond_t cond; -#endif -} tcp_ready; - - -static WC_INLINE void InitTcpReady(tcp_ready* ready) -{ - ready->ready = 0; - ready->port = 0; - ready->srfName = NULL; -#ifdef SINGLE_THREADED -#elif defined(_POSIX_THREADS) && !defined(__MINGW32__) - pthread_mutex_init(&ready->mutex, 0); - pthread_cond_init(&ready->cond, 0); -#endif -} - - -static WC_INLINE void FreeTcpReady(tcp_ready* ready) -{ -#ifdef SINGLE_THREADED - (void)ready; -#elif defined(_POSIX_THREADS) && !defined(__MINGW32__) - pthread_mutex_destroy(&ready->mutex); - pthread_cond_destroy(&ready->cond); -#else - (void)ready; -#endif -} - -typedef WOLFSSL_METHOD* (*method_provider)(void); -typedef void (*ctx_callback)(WOLFSSL_CTX* ctx); -typedef void (*ssl_callback)(WOLFSSL* ssl); - -typedef struct callback_functions { - method_provider method; - ctx_callback ctx_ready; - ssl_callback ssl_ready; - ssl_callback on_result; - WOLFSSL_CTX* ctx; - unsigned char isSharedCtx:1; -} callback_functions; - -typedef struct func_args { - int argc; - char** argv; - int return_code; - tcp_ready* signal; - callback_functions *callbacks; -} func_args; - - - - -void wait_tcp_ready(func_args*); - -#ifdef WOLFSSL_ZEPHYR -typedef void THREAD_FUNC(void*, void*, void*); -#else -typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*); -#endif - -void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*); -void join_thread(THREAD_TYPE); - -/* wolfSSL */ -#ifndef TEST_IPV6 - static const char* const wolfSSLIP = "127.0.0.1"; -#else - static const char* const wolfSSLIP = "::1"; -#endif -static const word16 wolfSSLPort = 11111; - - - -#ifndef MY_EX_USAGE -#define MY_EX_USAGE 2 -#endif - -#ifndef EXIT_FAILURE -#define EXIT_FAILURE 1 -#endif - -#if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR) - #ifndef EXIT_SUCCESS - #define EXIT_SUCCESS 0 - #endif - #define XEXIT(rc) return rc - #define XEXIT_T(rc) return (THREAD_RETURN)rc -#else - #define XEXIT(rc) exit((int)(rc)) - #define XEXIT_T(rc) exit((int)(rc)) -#endif - - -static WC_INLINE -#if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR) -THREAD_RETURN -#else -WC_NORETURN void -#endif -err_sys(const char* msg) -{ - printf("wolfSSL error: %s\n", msg); - -#if !defined(__GNUC__) - /* scan-build (which pretends to be gnuc) can get confused and think the - * msg pointer can be null even when hardcoded and then it won't exit, - * making null pointer checks above the err_sys() call useless. - * We could just always exit() but some compilers will complain about no - * possible return, with gcc we know the attribute to handle that with - * WC_NORETURN. */ - if (msg) -#endif - { - XEXIT_T(EXIT_FAILURE); - } -} - - -extern int myoptind; -extern char* myoptarg; - -static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring) -{ - static char* next = NULL; - - char c; - char* cp; - - /* Added sanity check becuase scan-build complains argv[myoptind] access - * results in a null pointer dereference. */ - if (argv == NULL) { - myoptarg = NULL; - return -1; - } - - if (myoptind == 0) - next = NULL; /* we're starting new/over */ - - if (next == NULL || *next == '\0') { - if (myoptind == 0) - myoptind++; - - if (myoptind >= argc || argv[myoptind] == NULL || - argv[myoptind][0] != '-' || argv[myoptind][1] == '\0') { - myoptarg = NULL; - if (myoptind < argc) - myoptarg = argv[myoptind]; - - return -1; - } - - if (strcmp(argv[myoptind], "--") == 0) { - myoptind++; - myoptarg = NULL; - - if (myoptind < argc) - myoptarg = argv[myoptind]; - - return -1; - } - - next = argv[myoptind]; - next++; /* skip - */ - myoptind++; - } - - c = *next++; - /* The C++ strchr can return a different value */ - cp = (char*)strchr(optstring, c); - - if (cp == NULL || c == ':') - return '?'; - - cp++; - - if (*cp == ':') { - if (*next != '\0') { - myoptarg = next; - next = NULL; - } - else if (myoptind < argc) { - myoptarg = argv[myoptind]; - myoptind++; - } - else - return '?'; - } - - return c; -} - - -#ifdef WOLFSSL_ENCRYPTED_KEYS - -static WC_INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) -{ - (void)rw; - (void)userdata; - if (userdata != NULL) { - strncpy(passwd, (char*)userdata, sz); - return (int)XSTRLEN((char*)userdata); - } - else { - strncpy(passwd, "yassl123", sz); - return 8; - } -} - -#endif - -static const char* client_showpeer_msg[][8] = { - /* English */ - { - "SSL version is", - "SSL cipher suite is", - "SSL curve name is", - "SSL DH size is", - "SSL reused session", - "Alternate cert chain used", - "peer's cert info:", - NULL - }, -#ifndef NO_MULTIBYTE_PRINT - /* Japanese */ - { - "SSL バージョンは", - "SSL 暗号スイートは", - "SSL 曲線名は", - "SSL DH サイズは", - "SSL 再利用セッション", - "代替証明チェーンを使用", - "相手方証明書情報", - NULL - }, -#endif -}; - -#if defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT) || defined(SESSION_CERTS) -static const char* client_showx509_msg[][5] = { - /* English */ - { - "issuer", - "subject", - "altname", - "serial number", - NULL - }, -#ifndef NO_MULTIBYTE_PRINT - /* Japanese */ - { - "発行者", - "サブジェクト", - "代替名", - "シリアル番号", - NULL - }, -#endif -}; - -/* lng_index is to specify the language for displaying message. */ -/* 0:English, 1:Japanese */ -static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr, - int lng_index) -{ - char* altName; - char* issuer; - char* subject; - byte serial[32]; - int ret; - int sz = sizeof(serial); - const char** words = client_showx509_msg[lng_index]; - - if (x509 == NULL) { - printf("%s No Cert\n", hdr); - return; - } - - issuer = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_issuer_name(x509), 0, 0); - subject = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_subject_name(x509), 0, 0); - - printf("%s\n %s : %s\n %s: %s\n", hdr, words[0], issuer, words[1], subject); - - while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL) - printf(" %s = %s\n", words[2], altName); - - ret = wolfSSL_X509_get_serial_number(x509, serial, &sz); - if (ret == WOLFSSL_SUCCESS) { - int i; - int strLen; - char serialMsg[80]; - - /* testsuite has multiple threads writing to stdout, get output - message ready to write once */ - strLen = sprintf(serialMsg, " %s", words[3]); - for (i = 0; i < sz; i++) - sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]); - printf("%s\n", serialMsg); - } - - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); - -#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) - { - WOLFSSL_BIO* bio; - char buf[256]; /* should be size of ASN_NAME_MAX */ - int textSz; - - /* print out domain component if certificate has it */ - textSz = wolfSSL_X509_NAME_get_text_by_NID( - wolfSSL_X509_get_subject_name(x509), NID_domainComponent, - buf, sizeof(buf)); - if (textSz > 0) { - printf("Domain Component = %s\n", buf); - } - - bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); - if (bio != NULL) { - wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE); - wolfSSL_X509_print(bio, x509); - wolfSSL_BIO_free(bio); - } - } -#endif /* SHOW_CERTS && OPENSSL_EXTRA */ -} -/* original ShowX509 to maintain compatibility */ -static WC_INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr) -{ - ShowX509Ex(x509, hdr, 0); -} - -#endif /* KEEP_PEER_CERT || KEEP_OUR_CERT || SESSION_CERTS */ - -#if defined(SHOW_CERTS) && defined(SESSION_CERTS) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) -static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count, - const char* hdr) -{ - int i; - int length; - unsigned char buffer[3072]; - WOLFSSL_X509* chainX509; - - for (i = 0; i < count; i++) { - wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length); - buffer[length] = 0; - printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer); - - chainX509 = wolfSSL_get_chain_X509(chain, i); - if (chainX509) - ShowX509(chainX509, hdr); - else - printf("get_chain_X509 failed\n"); - wolfSSL_FreeX509(chainX509); - } -} -#endif /* SHOW_CERTS && SESSION_CERTS */ - -/* lng_index is to specify the language for displaying message. */ -/* 0:English, 1:Japanese */ -static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index) -{ - WOLFSSL_CIPHER* cipher; - const char** words = client_showpeer_msg[lng_index]; - -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \ - !defined(NO_DH) - const char *name; -#endif -#ifndef NO_DH - int bits; -#endif -#ifdef KEEP_PEER_CERT - WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); - if (peer) - ShowX509Ex(peer, words[6], lng_index); - else - printf("peer has no cert!\n"); - wolfSSL_FreeX509(peer); -#endif -#if defined(SHOW_CERTS) && defined(KEEP_OUR_CERT) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) - ShowX509(wolfSSL_get_certificate(ssl), "our cert info:"); - printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl)); -#endif /* SHOW_CERTS && KEEP_OUR_CERT */ - printf("%s %s\n", words[0], wolfSSL_get_version(ssl)); - - cipher = wolfSSL_get_current_cipher(ssl); -#ifdef HAVE_QSH - printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "", - wolfSSL_CIPHER_get_name(cipher)); -#else - printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher)); -#endif -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \ - !defined(NO_DH) - if ((name = wolfSSL_get_curve_name(ssl)) != NULL) - printf("%s %s\n", words[2], name); -#endif -#ifndef NO_DH - else if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0) - printf("%s %d bits\n", words[3], bits); -#endif - if (wolfSSL_session_reused(ssl)) - printf("%s\n", words[4]); -#ifdef WOLFSSL_ALT_CERT_CHAINS - if (wolfSSL_is_peer_alt_cert_chain(ssl)) - printf("%s\n", words[5]); -#endif - -#if defined(SHOW_CERTS) && defined(SESSION_CERTS) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) - { - WOLFSSL_X509_CHAIN* chain; - - chain = wolfSSL_get_peer_chain(ssl); - ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "session cert"); - - #ifdef WOLFSSL_ALT_CERT_CHAINS - if (wolfSSL_is_peer_alt_cert_chain(ssl)) { - chain = wolfSSL_get_peer_alt_chain(ssl); - ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "alt cert"); - } - #endif - } -#endif /* SHOW_CERTS && SESSION_CERTS */ - (void)ssl; -} -/* original showPeer to maintain compatibility */ -static WC_INLINE void showPeer(WOLFSSL* ssl) -{ - showPeerEx(ssl, 0); -} - -static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer, - word16 port, int udp, int sctp) -{ - int useLookup = 0; - (void)useLookup; - (void)udp; - (void)sctp; - - if (addr == NULL) - err_sys("invalid argument to build_addr, addr is NULL"); - - XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T)); - -#ifndef TEST_IPV6 - /* peer could be in human readable form */ - if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) { - #ifndef WOLFSSL_USE_GETADDRINFO - #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) - int err; - struct hostent* entry = gethostbyname(peer, &err); - #elif defined(WOLFSSL_TIRTOS) - struct hostent* entry = DNSGetHostByName(peer); - #elif defined(WOLFSSL_VXWORKS) - struct hostent* entry = (struct hostent*)hostGetByName((char*)peer); - #else - struct hostent* entry = gethostbyname(peer); - #endif - - if (entry) { - XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0], - entry->h_length); - useLookup = 1; - } - #else - struct zsock_addrinfo hints, *addrInfo; - char portStr[6]; - XSNPRINTF(portStr, sizeof(portStr), "%d", port); - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM; - hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP; - if (getaddrinfo((char*)peer, portStr, &hints, &addrInfo) == 0) { - XMEMCPY(addr, addrInfo->ai_addr, sizeof(*addr)); - useLookup = 1; - } - #endif - else - err_sys("no entry for host"); - } -#endif - - -#ifndef TEST_IPV6 - #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) - addr->sin_family = PF_INET; - #else - addr->sin_family = AF_INET_V; - #endif - addr->sin_port = XHTONS(port); - if ((size_t)peer == INADDR_ANY) - addr->sin_addr.s_addr = INADDR_ANY; - else { - if (!useLookup) - addr->sin_addr.s_addr = inet_addr(peer); - } -#else - addr->sin6_family = AF_INET_V; - addr->sin6_port = XHTONS(port); - if ((size_t)peer == INADDR_ANY) { - addr->sin6_addr = in6addr_any; - } - else { - #if defined(HAVE_GETADDRINFO) || defined(WOLF_C99) - struct addrinfo hints; - struct addrinfo* answer = NULL; - int ret; - char strPort[80]; - - XMEMSET(&hints, 0, sizeof(hints)); - - hints.ai_family = AF_INET_V; - if (udp) { - hints.ai_socktype = SOCK_DGRAM; - hints.ai_protocol = IPPROTO_UDP; - } - #ifdef WOLFSSL_SCTP - else if (sctp) { - hints.ai_socktype = SOCK_STREAM; - hints.ai_protocol = IPPROTO_SCTP; - } - #endif - else { - hints.ai_socktype = SOCK_STREAM; - hints.ai_protocol = IPPROTO_TCP; - } - - SNPRINTF(strPort, sizeof(strPort), "%d", port); - strPort[79] = '\0'; - - ret = getaddrinfo(peer, strPort, &hints, &answer); - if (ret < 0 || answer == NULL) - err_sys("getaddrinfo failed"); - - XMEMCPY(addr, answer->ai_addr, answer->ai_addrlen); - freeaddrinfo(answer); - #else - printf("no ipv6 getaddrinfo, loopback only tests/examples\n"); - addr->sin6_addr = in6addr_loopback; - #endif - } -#endif -} - - -static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp) -{ - (void)sctp; - - if (udp) - *sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP); -#ifdef WOLFSSL_SCTP - else if (sctp) - *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP); -#endif - else - *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP); - - if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) { - err_sys("socket failed\n"); - } - -#ifndef USE_WINDOWS_API -#ifdef SO_NOSIGPIPE - { - int on = 1; - socklen_t len = sizeof(on); - int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len); - if (res < 0) - err_sys("setsockopt SO_NOSIGPIPE failed\n"); - } -#elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\ - defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR) - /* nothing to define */ -#else /* no S_NOSIGPIPE */ - signal(SIGPIPE, SIG_IGN); -#endif /* S_NOSIGPIPE */ - -#if defined(TCP_NODELAY) - if (!udp && !sctp) - { - int on = 1; - socklen_t len = sizeof(on); - int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len); - if (res < 0) - err_sys("setsockopt TCP_NODELAY failed\n"); - } -#endif -#endif /* USE_WINDOWS_API */ -} - -static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port, - int udp, int sctp, WOLFSSL* ssl) -{ - SOCKADDR_IN_T addr; - build_addr(&addr, ip, port, udp, sctp); - if (udp) { - wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); - } - tcp_socket(sockfd, udp, sctp); - - if (!udp) { - if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) - err_sys("tcp connect failed"); - } -} - - -static WC_INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz) -{ - if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0) - err_sys("tcp connect failed"); -} - - -enum { - TEST_SELECT_FAIL, - TEST_TIMEOUT, - TEST_RECV_READY, - TEST_SEND_READY, - TEST_ERROR_READY -}; - - -#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \ - !defined(WOLFSSL_TIRTOS) -static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx) -{ - fd_set fds, errfds; - fd_set* recvfds = NULL; - fd_set* sendfds = NULL; - SOCKET_T nfds = socketfd + 1; -#if !defined(__INTEGRITY) - struct timeval timeout = {(to_sec > 0) ? to_sec : 0, 0}; -#else - struct timeval timeout; -#endif - int result; - - FD_ZERO(&fds); - FD_SET(socketfd, &fds); - FD_ZERO(&errfds); - FD_SET(socketfd, &errfds); - - if (rx) - recvfds = &fds; - else - sendfds = &fds; - -#if defined(__INTEGRITY) - timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0; -#endif - result = select(nfds, recvfds, sendfds, &errfds, &timeout); - - if (result == 0) - return TEST_TIMEOUT; - else if (result > 0) { - if (FD_ISSET(socketfd, &fds)) { - if (rx) - return TEST_RECV_READY; - else - return TEST_SEND_READY; - } - else if(FD_ISSET(socketfd, &errfds)) - return TEST_ERROR_READY; - } - - return TEST_SELECT_FAIL; -} - -static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec) -{ - return tcp_select_ex(socketfd, to_sec, 1); -} - -static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec) -{ - return tcp_select_ex(socketfd, to_sec, 0); -} - -#elif defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_KEIL_TCP_NET) -static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec) -{ - return TEST_RECV_READY; -} -static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec) -{ - return TEST_SEND_READY; -} -#endif /* !WOLFSSL_MDK_ARM */ - - -static WC_INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr, - int udp, int sctp) -{ - SOCKADDR_IN_T addr; - - /* don't use INADDR_ANY by default, firewall may block, make user switch - on */ - build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp); - tcp_socket(sockfd, udp, sctp); - -#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\ - && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR) - { - int res, on = 1; - socklen_t len = sizeof(on); - res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); - if (res < 0) - err_sys("setsockopt SO_REUSEADDR failed\n"); - } -#endif - - if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) - err_sys("tcp bind failed"); - if (!udp) { - #ifdef WOLFSSL_KEIL_TCP_NET - #define SOCK_LISTEN_MAX_QUEUE 1 - #else - #define SOCK_LISTEN_MAX_QUEUE 5 - #endif - if (listen(*sockfd, SOCK_LISTEN_MAX_QUEUE) != 0) - err_sys("tcp listen failed"); - } - #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) \ - && !defined(WOLFSSL_ZEPHYR) - if (*port == 0) { - socklen_t len = sizeof(addr); - if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { - #ifndef TEST_IPV6 - *port = XNTOHS(addr.sin_port); - #else - *port = XNTOHS(addr.sin6_port); - #endif - } - } - #endif -} - - -#if 0 -static WC_INLINE int udp_read_connect(SOCKET_T sockfd) -{ - SOCKADDR_IN_T cliaddr; - byte b[1500]; - int n; - socklen_t len = sizeof(cliaddr); - - n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK, - (struct sockaddr*)&cliaddr, &len); - if (n > 0) { - if (connect(sockfd, (const struct sockaddr*)&cliaddr, - sizeof(cliaddr)) != 0) - err_sys("udp connect failed"); - } - else - err_sys("recvfrom failed"); - - return sockfd; -} -#endif - -static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, - int useAnyAddr, word16 port, func_args* args) -{ - SOCKADDR_IN_T addr; - - (void)args; - build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0); - tcp_socket(sockfd, 1, 0); - - -#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \ - && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR) - { - int res, on = 1; - socklen_t len = sizeof(on); - res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len); - if (res < 0) - err_sys("setsockopt SO_REUSEADDR failed\n"); - } -#endif - - if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) - err_sys("tcp bind failed"); - - #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS) - if (port == 0) { - socklen_t len = sizeof(addr); - if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { - #ifndef TEST_IPV6 - port = XNTOHS(addr.sin_port); - #else - port = XNTOHS(addr.sin6_port); - #endif - } - } - #endif - -#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) - /* signal ready to accept data */ - { - tcp_ready* ready = args->signal; - pthread_mutex_lock(&ready->mutex); - ready->ready = 1; - ready->port = port; - pthread_cond_signal(&ready->cond); - pthread_mutex_unlock(&ready->mutex); - } -#elif defined (WOLFSSL_TIRTOS) - /* Need mutex? */ - tcp_ready* ready = args->signal; - ready->ready = 1; - ready->port = port; -#else - (void)port; -#endif - - *clientfd = *sockfd; -} - -static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, - func_args* args, word16 port, int useAnyAddr, - int udp, int sctp, int ready_file, int do_listen) -{ - SOCKADDR_IN_T client; - socklen_t client_len = sizeof(client); - tcp_ready* ready = NULL; - - (void) ready; /* Account for case when "ready" is not used */ - - if (udp) { - udp_accept(sockfd, clientfd, useAnyAddr, port, args); - return; - } - - if(do_listen) { - tcp_listen(sockfd, &port, useAnyAddr, udp, sctp); - - #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__) - /* signal ready to tcp_accept */ - if (args) - ready = args->signal; - if (ready) { - pthread_mutex_lock(&ready->mutex); - ready->ready = 1; - ready->port = port; - pthread_cond_signal(&ready->cond); - pthread_mutex_unlock(&ready->mutex); - } - #elif defined (WOLFSSL_TIRTOS) - /* Need mutex? */ - if (args) - ready = args->signal; - if (ready) { - ready->ready = 1; - ready->port = port; - } - #endif - - if (ready_file) { - #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) - XFILE srf = NULL; - if (args) - ready = args->signal; - - if (ready) { - srf = XFOPEN(ready->srfName, "w"); - - if (srf) { - /* let's write port sever is listening on to ready file - external monitor can then do ephemeral ports by passing - -p 0 to server on supported platforms with -R ready_file - client can then wait for existence of ready_file and see - which port the server is listening on. */ - fprintf(srf, "%d\n", (int)port); - fclose(srf); - } - } - #endif - } - } - - *clientfd = accept(*sockfd, (struct sockaddr*)&client, - (ACCEPT_THIRD_T)&client_len); - if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) { - err_sys("tcp accept failed"); - } -} - - -static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) -{ - #ifdef USE_WINDOWS_API - unsigned long blocking = 1; - int ret = ioctlsocket(*sockfd, FIONBIO, &blocking); - if (ret == SOCKET_ERROR) - err_sys("ioctlsocket failed"); - #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \ - || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \ - || defined(WOLFSSL_ZEPHYR) - /* non blocking not supported, for now */ - #else - int flags = fcntl(*sockfd, F_GETFL, 0); - if (flags < 0) - err_sys("fcntl get failed"); - flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK); - if (flags < 0) - err_sys("fcntl set failed"); - #endif -} - - -#ifndef NO_PSK - -/* identity is OpenSSL testing default for openssl s_client, keep same */ -static const char* kIdentityStr = "Client_identity"; - -static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, - char* identity, unsigned int id_max_len, unsigned char* key, - unsigned int key_max_len) -{ - (void)ssl; - (void)hint; - (void)key_max_len; - - /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - XSTRNCPY(identity, kIdentityStr, id_max_len); - - if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { - /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using - unsigned binary */ - key[0] = 0x1a; - key[1] = 0x2b; - key[2] = 0x3c; - key[3] = 0x4d; - - return 4; /* length of key in octets or 0 for error */ - } - else { - int i; - int b = 0x01; - - for (i = 0; i < 32; i++, b += 0x22) { - if (b >= 0x100) - b = 0x01; - key[i] = b; - } - - return 32; /* length of key in octets or 0 for error */ - } -} - - -static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, - unsigned char* key, unsigned int key_max_len) -{ - (void)ssl; - (void)key_max_len; - - /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0) - return 0; - - if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { - /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using - unsigned binary */ - key[0] = 0x1a; - key[1] = 0x2b; - key[2] = 0x3c; - key[3] = 0x4d; - - return 4; /* length of key in octets or 0 for error */ - } - else { - int i; - int b = 0x01; - - for (i = 0; i < 32; i++, b += 0x22) { - if (b >= 0x100) - b = 0x01; - key[i] = b; - } - - return 32; /* length of key in octets or 0 for error */ - } -} - - -static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, - const char* hint, char* identity, unsigned int id_max_len, - unsigned char* key, unsigned int key_max_len, const char** ciphersuite) -{ - int i; - int b = 0x01; - const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl); - - (void)ssl; - (void)hint; - (void)key_max_len; - - /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - XSTRNCPY(identity, kIdentityStr, id_max_len); - - for (i = 0; i < 32; i++, b += 0x22) { - if (b >= 0x100) - b = 0x01; - key[i] = b; - } - - *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; - - return 32; /* length of key in octets or 0 for error */ -} - - -static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, - const char* identity, unsigned char* key, unsigned int key_max_len, - const char** ciphersuite) -{ - int i; - int b = 0x01; - const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl); - - (void)ssl; - (void)key_max_len; - - /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0) - return 0; - - for (i = 0; i < 32; i++, b += 0x22) { - if (b >= 0x100) - b = 0x01; - key[i] = b; - } - - *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; - - return 32; /* length of key in octets or 0 for error */ -} - -#endif /* !NO_PSK */ - - -#if defined(WOLFSSL_USER_CURRTIME) - extern double current_time(int reset); - -#elif defined(USE_WINDOWS_API) - - #define WIN32_LEAN_AND_MEAN - #include - - static WC_INLINE double current_time(int reset) - { - static int init = 0; - static LARGE_INTEGER freq; - - LARGE_INTEGER count; - - if (!init) { - QueryPerformanceFrequency(&freq); - init = 1; - } - - QueryPerformanceCounter(&count); - - (void)reset; - return (double)count.QuadPart / freq.QuadPart; - } - -#elif defined(WOLFSSL_TIRTOS) - extern double current_time(); -#elif defined(WOLFSSL_ZEPHYR) - extern double current_time(); -#else - -#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_CHIBIOS) - #include - - static WC_INLINE double current_time(int reset) - { - struct timeval tv; - gettimeofday(&tv, 0); - (void)reset; - - return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; - } -#else - extern double current_time(int reset); -#endif -#endif /* USE_WINDOWS_API */ - - -#if defined(HAVE_OCSP) && defined(WOLFSSL_NONBLOCK_OCSP) -static WC_INLINE int OCSPIOCb(void* ioCtx, const char* url, int urlSz, - unsigned char* request, int requestSz, unsigned char** response) -{ -#ifdef TEST_NONBLOCK_CERTS - static int ioCbCnt = 0; -#endif - - (void)ioCtx; - (void)url; - (void)urlSz; - (void)request; - (void)requestSz; - (void)response; - -#ifdef TEST_NONBLOCK_CERTS - if (ioCbCnt) { - ioCbCnt = 0; - return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response); - } - else { - ioCbCnt = 1; - return WOLFSSL_CBIO_ERR_WANT_READ; - } -#else - return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response); -#endif -} - -static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response) -{ - (void)ioCtx; - (void)response; -} -#endif - -#if !defined(NO_CERTS) - #if !defined(NO_FILESYSTEM) || \ - (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST)) - - /* reads file size, allocates buffer, reads into buffer, returns buffer */ - static WC_INLINE int load_file(const char* fname, byte** buf, size_t* bufLen) - { - int ret; - long int fileSz; - XFILE file; - - if (fname == NULL || buf == NULL || bufLen == NULL) - return BAD_FUNC_ARG; - - /* set defaults */ - *buf = NULL; - *bufLen = 0; - - /* open file (read-only binary) */ - file = XFOPEN(fname, "rb"); - if (!file) { - printf("Error loading %s\n", fname); - return BAD_PATH_ERROR; - } - - fseek(file, 0, SEEK_END); - fileSz = (int)ftell(file); - rewind(file); - if (fileSz > 0) { - *bufLen = (size_t)fileSz; - *buf = (byte*)malloc(*bufLen); - if (*buf == NULL) { - ret = MEMORY_E; - printf("Error allocating %lu bytes\n", (unsigned long)*bufLen); - } - else { - size_t readLen = fread(*buf, *bufLen, 1, file); - - /* check response code */ - ret = (readLen > 0) ? 0 : -1; - } - } - else { - ret = BUFFER_E; - } - fclose(file); - - return ret; - } - - enum { - WOLFSSL_CA = 1, - WOLFSSL_CERT = 2, - WOLFSSL_KEY = 3, - WOLFSSL_CERT_CHAIN = 4, - }; - - static WC_INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type) - { - int format = WOLFSSL_FILETYPE_PEM; - byte* buff = NULL; - size_t sz = 0; - - if (load_file(fname, &buff, &sz) != 0) { - err_sys("can't open file for buffer load " - "Please run from wolfSSL home directory if not"); - } - - /* determine format */ - if (strstr(fname, ".der")) - format = WOLFSSL_FILETYPE_ASN1; - - if (type == WOLFSSL_CA) { - if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format) - != WOLFSSL_SUCCESS) - err_sys("can't load buffer ca file"); - } - else if (type == WOLFSSL_CERT) { - if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, (long)sz, - format) != WOLFSSL_SUCCESS) - err_sys("can't load buffer cert file"); - } - else if (type == WOLFSSL_KEY) { - if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, (long)sz, - format) != WOLFSSL_SUCCESS) - err_sys("can't load buffer key file"); - } - else if (type == WOLFSSL_CERT_CHAIN) { - if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff, - (long)sz, format) != WOLFSSL_SUCCESS) - err_sys("can't load cert chain buffer"); - } - - if (buff) - free(buff); - } - - static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type) - { - int format = WOLFSSL_FILETYPE_PEM; - byte* buff = NULL; - size_t sz = 0; - - if (load_file(fname, &buff, &sz) != 0) { - err_sys("can't open file for buffer load " - "Please run from wolfSSL home directory if not"); - } - - /* determine format */ - if (strstr(fname, ".der")) - format = WOLFSSL_FILETYPE_ASN1; - - if (type == WOLFSSL_CA) { - /* verify certs (CA's) use the shared ctx->cm (WOLFSSL_CERT_MANAGER) */ - WOLFSSL_CTX* ctx = wolfSSL_get_SSL_CTX(ssl); - if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format) - != WOLFSSL_SUCCESS) - err_sys("can't load buffer ca file"); - } - else if (type == WOLFSSL_CERT) { - if (wolfSSL_use_certificate_buffer(ssl, buff, (long)sz, - format) != WOLFSSL_SUCCESS) - err_sys("can't load buffer cert file"); - } - else if (type == WOLFSSL_KEY) { - if (wolfSSL_use_PrivateKey_buffer(ssl, buff, (long)sz, - format) != WOLFSSL_SUCCESS) - err_sys("can't load buffer key file"); - } - else if (type == WOLFSSL_CERT_CHAIN) { - if (wolfSSL_use_certificate_chain_buffer_format(ssl, buff, - (long)sz, format) != WOLFSSL_SUCCESS) - err_sys("can't load cert chain buffer"); - } - - if (buff) - free(buff); - } - - #ifdef TEST_PK_PRIVKEY - static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen) - { - int ret; - byte* buf = NULL; - size_t bufLen; - - ret = load_file(fname, &buf, &bufLen); - if (ret != 0) - return ret; - - *derBuf = (byte*)malloc(bufLen); - if (*derBuf == NULL) { - free(buf); - return MEMORY_E; - } - - ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL); - if (ret < 0) { - free(buf); - free(*derBuf); - return ret; - } - *derLen = ret; - free(buf); - - return 0; - } - #endif /* TEST_PK_PRIVKEY */ - - #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */ -#endif /* !NO_CERTS */ - -enum { - VERIFY_OVERRIDE_ERROR, - VERIFY_FORCE_FAIL, - VERIFY_USE_PREVERFIY, - VERIFY_OVERRIDE_DATE_ERR, -}; -static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR; - -/* The verify callback is called for every certificate only when - * --enable-opensslextra is defined because it sets WOLFSSL_ALWAYS_VERIFY_CB and - * WOLFSSL_VERIFY_CB_ALL_CERTS. - * Normal cases of the verify callback only occur on certificate failures when the - * wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, myVerifyCb); is called -*/ - -static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) -{ - char buffer[WOLFSSL_MAX_ERROR_SZ]; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - WOLFSSL_X509* peer; -#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) - WOLFSSL_BIO* bio = NULL; - WOLFSSL_STACK* sk = NULL; - X509* x509 = NULL; - int i = 0; -#endif -#endif - (void)preverify; - - /* Verify Callback Arguments: - * preverify: 1=Verify Okay, 0=Failure - * store->error: Failure error code (0 indicates no failure) - * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA) - * store->error_depth: Current Index - * store->domain: Subject CN as string (null term) - * store->totalCerts: Number of certs presented by peer - * store->certs[i]: A `WOLFSSL_BUFFER_INFO` with plain DER for each cert - * store->store: WOLFSSL_X509_STORE with CA cert chain - * store->store->cm: WOLFSSL_CERT_MANAGER - * store->ex_data: The WOLFSSL object pointer - * store->discardSessionCerts: When set to non-zero value session certs - will be discarded (only with SESSION_CERTS) - */ - - printf("In verification callback, error = %d, %s\n", store->error, - wolfSSL_ERR_error_string(store->error, buffer)); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - peer = store->current_cert; - if (peer) { - char* issuer = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_issuer_name(peer), 0, 0); - char* subject = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_subject_name(peer), 0, 0); - printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer, - subject); - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); -#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) - /* avoid printing duplicate certs */ - if (store->depth == 1) { - /* retrieve x509 certs and display them on stdout */ - sk = wolfSSL_X509_STORE_GetCerts(store); - - for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) { - x509 = wolfSSL_sk_X509_value(sk, i); - bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); - if (bio != NULL) { - wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE); - wolfSSL_X509_print(bio, x509); - wolfSSL_BIO_free(bio); - } - } - wolfSSL_sk_X509_free(sk); - } -#endif - } - else - printf("\tPeer has no cert!\n"); -#else - printf("\tPeer certs: %d\n", store->totalCerts); - #ifdef SHOW_CERTS - { int i; - for (i=0; itotalCerts; i++) { - WOLFSSL_BUFFER_INFO* cert = &store->certs[i]; - printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length); - } - } - #endif /* SHOW_CERTS */ -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - - printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain); - - /* Testing forced fail case by return zero */ - if (myVerifyAction == VERIFY_FORCE_FAIL) { - return 0; /* test failure case */ - } - - if (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR && - (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E)) { - printf("Overriding cert date error as example for bad clock testing\n"); - return 1; - } - - /* If error indicate we are overriding it for testing purposes */ - if (store->error != 0 && myVerifyAction == VERIFY_OVERRIDE_ERROR) { - printf("\tAllowing failed certificate check, testing only " - "(shouldn't do this in production)\n"); - } - - /* A non-zero return code indicates failure override */ - return (myVerifyAction == VERIFY_OVERRIDE_ERROR) ? 1 : preverify; -} - - -#ifdef HAVE_EXT_CACHE - -static WC_INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id, - int id_len, int* copy) -{ - (void)ssl; - (void)id; - (void)id_len; - (void)copy; - - /* using internal cache, this is for testing only */ - return NULL; -} - -static WC_INLINE int mySessNewCb(WOLFSSL* ssl, WOLFSSL_SESSION* session) -{ - (void)ssl; - (void)session; - - /* using internal cache, this is for testing only */ - return 0; -} - -static WC_INLINE void mySessRemCb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) -{ - (void)ctx; - (void)session; - - /* using internal cache, this is for testing only */ -} - -#endif /* HAVE_EXT_CACHE */ - - -#ifdef HAVE_CRL - -static WC_INLINE void CRL_CallBack(const char* url) -{ - printf("CRL callback url = %s\n", url); -} - -#endif - -#ifndef NO_DH -static WC_INLINE void SetDH(WOLFSSL* ssl) -{ - /* dh1024 p */ - static const unsigned char p[] = - { - 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3, - 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E, - 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59, - 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2, - 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD, - 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF, - 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02, - 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C, - 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7, - 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50, - 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B, - }; - - /* dh1024 g */ - static const unsigned char g[] = - { - 0x02, - }; - - wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g)); -} - -static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx) -{ - /* dh1024 p */ - static const unsigned char p[] = - { - 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3, - 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E, - 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59, - 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2, - 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD, - 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF, - 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02, - 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C, - 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7, - 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50, - 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B, - }; - - /* dh1024 g */ - static const unsigned char g[] = - { - 0x02, - }; - - wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g)); -} -#endif /* NO_DH */ - -#ifndef NO_CERTS - -static WC_INLINE void CaCb(unsigned char* der, int sz, int type) -{ - (void)der; - printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type); -} - -#endif /* !NO_CERTS */ - - -/* Wolf Root Directory Helper */ -/* KEIL-RL File System does not support relative directory */ -#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) - /* Maximum depth to search for WolfSSL root */ - #define MAX_WOLF_ROOT_DEPTH 5 - - static WC_INLINE int ChangeToWolfRoot(void) - { - #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) - int depth, res; - XFILE file; - for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) { - file = XFOPEN(ntruKeyFile, "rb"); - if (file != NULL) { - fclose(file); - return depth; - } - #ifdef USE_WINDOWS_API - res = SetCurrentDirectoryA("..\\"); - #else - res = chdir("../"); - #endif - if (res < 0) { - printf("chdir to ../ failed!\n"); - break; - } - } - - err_sys("wolf root not found"); - return -1; - #else - return 0; - #endif - } -#endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */ - -#ifdef HAVE_STACK_SIZE - -typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args); -#define STACK_CHECK_VAL 0x01 - -static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf) -{ - int ret, i, used; - void* status; - unsigned char* myStack = NULL; - int stackSize = 1024*176; - pthread_attr_t myAttr; - pthread_t threadId; - -#ifdef PTHREAD_STACK_MIN - if (stackSize < PTHREAD_STACK_MIN) - stackSize = PTHREAD_STACK_MIN; -#endif - - ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); - if (ret != 0 || myStack == NULL) - err_sys("posix_memalign failed\n"); - - XMEMSET(myStack, STACK_CHECK_VAL, stackSize); - - ret = pthread_attr_init(&myAttr); - if (ret != 0) - err_sys("attr_init failed"); - - ret = pthread_attr_setstack(&myAttr, myStack, stackSize); - if (ret != 0) - err_sys("attr_setstackaddr failed"); - - ret = pthread_create(&threadId, &myAttr, tf, args); - if (ret != 0) { - perror("pthread_create failed"); - exit(EXIT_FAILURE); - } - - ret = pthread_join(threadId, &status); - if (ret != 0) - err_sys("pthread_join failed"); - - for (i = 0; i < stackSize; i++) { - if (myStack[i] != STACK_CHECK_VAL) { - break; - } - } - - free(myStack); - - used = stackSize - i; - printf("stack used = %d\n", used); - - return (int)((size_t)status); -} - - -#endif /* HAVE_STACK_SIZE */ - - -#ifdef STACK_TRAP - -/* good settings - --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP" - -*/ - -#ifdef HAVE_STACK_SIZE - /* client only for now, setrlimit will fail if pthread_create() called */ - /* STACK_SIZE does pthread_create() on client */ - #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail" -#endif /* HAVE_STACK_SIZE */ - -static WC_INLINE void StackTrap(void) -{ - struct rlimit rl; - if (getrlimit(RLIMIT_STACK, &rl) != 0) - err_sys("getrlimit failed"); - printf("rlim_cur = %llu\n", rl.rlim_cur); - rl.rlim_cur = 1024*21; /* adjust trap size here */ - if (setrlimit(RLIMIT_STACK, &rl) != 0) { - perror("setrlimit"); - err_sys("setrlimit failed"); - } -} - -#else /* STACK_TRAP */ - -static WC_INLINE void StackTrap(void) -{ -} - -#endif /* STACK_TRAP */ - - -#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) - -/* Atomic Encrypt Context example */ -typedef struct AtomicEncCtx { - int keySetup; /* have we done key setup yet */ - Aes aes; /* for aes example */ -} AtomicEncCtx; - - -/* Atomic Decrypt Context example */ -typedef struct AtomicDecCtx { - int keySetup; /* have we done key setup yet */ - Aes aes; /* for aes example */ -} AtomicDecCtx; - - -static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, - const unsigned char* macIn, unsigned int macInSz, int macContent, - int macVerify, unsigned char* encOut, const unsigned char* encIn, - unsigned int encSz, void* ctx) -{ - int ret; - Hmac hmac; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; - AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx; - const char* tlsStr = "TLS"; - - /* example supports (d)tls aes */ - if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { - printf("myMacEncryptCb not using AES\n"); - return -1; - } - - if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { - printf("myMacEncryptCb not using (D)TLS\n"); - return -1; - } - - /* hmac, not needed if aead mode */ - wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); - - ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); - if (ret != 0) - return ret; - ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl)); - if (ret != 0) - return ret; - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret != 0) - return ret; - ret = wc_HmacUpdate(&hmac, macIn, macInSz); - if (ret != 0) - return ret; - ret = wc_HmacFinal(&hmac, macOut); - if (ret != 0) - return ret; - - - /* encrypt setup on first time */ - if (encCtx->keySetup == 0) { - int keyLen = wolfSSL_GetKeySize(ssl); - const byte* key; - const byte* iv; - - if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) { - key = wolfSSL_GetClientWriteKey(ssl); - iv = wolfSSL_GetClientWriteIV(ssl); - } - else { - key = wolfSSL_GetServerWriteKey(ssl); - iv = wolfSSL_GetServerWriteIV(ssl); - } - - ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION); - if (ret != 0) { - printf("AesSetKey failed in myMacEncryptCb\n"); - return ret; - } - encCtx->keySetup = 1; - } - - /* encrypt */ - return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); -} - - -static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, - unsigned char* decOut, const unsigned char* decIn, - unsigned int decSz, int macContent, int macVerify, - unsigned int* padSz, void* ctx) -{ - AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx; - int ret = 0; - int macInSz = 0; - int ivExtra = 0; - int digestSz = wolfSSL_GetHmacSize(ssl); - unsigned int pad = 0; - unsigned int padByte = 0; - Hmac hmac; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; - byte verify[WC_MAX_DIGEST_SIZE]; - const char* tlsStr = "TLS"; - - /* example supports (d)tls aes */ - if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { - printf("myMacEncryptCb not using AES\n"); - return -1; - } - - if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { - printf("myMacEncryptCb not using (D)TLS\n"); - return -1; - } - - /*decrypt */ - if (decCtx->keySetup == 0) { - int keyLen = wolfSSL_GetKeySize(ssl); - const byte* key; - const byte* iv; - - /* decrypt is from other side (peer) */ - if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { - key = wolfSSL_GetClientWriteKey(ssl); - iv = wolfSSL_GetClientWriteIV(ssl); - } - else { - key = wolfSSL_GetServerWriteKey(ssl); - iv = wolfSSL_GetServerWriteIV(ssl); - } - - ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION); - if (ret != 0) { - printf("AesSetKey failed in myDecryptVerifyCb\n"); - return ret; - } - decCtx->keySetup = 1; - } - - /* decrypt */ - ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz); - if (ret != 0) - return ret; - - if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) { - *padSz = wolfSSL_GetAeadMacSize(ssl); - return 0; /* hmac, not needed if aead mode */ - } - - if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) { - pad = *(decOut + decSz - 1); - padByte = 1; - if (wolfSSL_IsTLSv1_1(ssl)) - ivExtra = wolfSSL_GetCipherBlockSize(ssl); - } - - *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte; - macInSz = decSz - ivExtra - digestSz - pad - padByte; - - wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); - - ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); - if (ret != 0) - return ret; - ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, macVerify), digestSz); - if (ret != 0) - return ret; - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret != 0) - return ret; - ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz); - if (ret != 0) - return ret; - ret = wc_HmacFinal(&hmac, verify); - if (ret != 0) - return ret; - - if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte, - digestSz) != 0) { - printf("myDecryptVerify verify failed\n"); - return -1; - } - - return ret; -} - -#if defined(HAVE_ENCRYPT_THEN_MAC) - -static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut, - int content, int macVerify, unsigned char* encOut, - const unsigned char* encIn, unsigned int encSz, void* ctx) -{ - int ret; - Hmac hmac; - AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; - const char* tlsStr = "TLS"; - - /* example supports (d)tls aes */ - if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { - printf("myMacEncryptCb not using AES\n"); - return -1; - } - - if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { - printf("myMacEncryptCb not using (D)TLS\n"); - return -1; - } - - /* encrypt setup on first time */ - if (encCtx->keySetup == 0) { - int keyLen = wolfSSL_GetKeySize(ssl); - const byte* key; - const byte* iv; - - if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) { - key = wolfSSL_GetClientWriteKey(ssl); - iv = wolfSSL_GetClientWriteIV(ssl); - } - else { - key = wolfSSL_GetServerWriteKey(ssl); - iv = wolfSSL_GetServerWriteIV(ssl); - } - - ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION); - if (ret != 0) { - printf("AesSetKey failed in myMacEncryptCb\n"); - return ret; - } - encCtx->keySetup = 1; - } - - /* encrypt */ - ret = wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); - if (ret != 0) - return ret; - - /* Reconstruct record header. */ - wolfSSL_SetTlsHmacInner(ssl, myInner, encSz, content, macVerify); - - ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); - if (ret != 0) - return ret; - ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl)); - if (ret != 0) - return ret; - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret != 0) - return ret; - ret = wc_HmacUpdate(&hmac, encOut, encSz); - if (ret != 0) - return ret; - return wc_HmacFinal(&hmac, macOut); -} - - -static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl, - unsigned char* decOut, const unsigned char* decIn, - unsigned int decSz, int content, int macVerify, - unsigned int* padSz, void* ctx) -{ - AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx; - int ret = 0; - int digestSz = wolfSSL_GetHmacSize(ssl); - Hmac hmac; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; - byte verify[WC_MAX_DIGEST_SIZE]; - const char* tlsStr = "TLS"; - - /* example supports (d)tls aes */ - if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) { - printf("myMacEncryptCb not using AES\n"); - return -1; - } - - if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) { - printf("myMacEncryptCb not using (D)TLS\n"); - return -1; - } - - /* Reconstruct record header. */ - wolfSSL_SetTlsHmacInner(ssl, myInner, decSz, content, macVerify); - - ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); - if (ret != 0) - return ret; - ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, macVerify), digestSz); - if (ret != 0) - return ret; - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret != 0) - return ret; - ret = wc_HmacUpdate(&hmac, decIn, decSz); - if (ret != 0) - return ret; - ret = wc_HmacFinal(&hmac, verify); - if (ret != 0) - return ret; - - if (XMEMCMP(verify, decOut + decSz, digestSz) != 0) { - printf("myDecryptVerify verify failed\n"); - return -1; - } - - /* decrypt */ - if (decCtx->keySetup == 0) { - int keyLen = wolfSSL_GetKeySize(ssl); - const byte* key; - const byte* iv; - - /* decrypt is from other side (peer) */ - if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { - key = wolfSSL_GetClientWriteKey(ssl); - iv = wolfSSL_GetClientWriteIV(ssl); - } - else { - key = wolfSSL_GetServerWriteKey(ssl); - iv = wolfSSL_GetServerWriteIV(ssl); - } - - ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION); - if (ret != 0) { - printf("AesSetKey failed in myDecryptVerifyCb\n"); - return ret; - } - decCtx->keySetup = 1; - } - - /* decrypt */ - ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz); - if (ret != 0) - return ret; - - *padSz = *(decOut + decSz - 1) + 1; - - return 0; -} - -#endif - - -static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) -{ - AtomicEncCtx* encCtx; - AtomicDecCtx* decCtx; - - encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx)); - if (encCtx == NULL) - err_sys("AtomicEncCtx malloc failed"); - XMEMSET(encCtx, 0, sizeof(AtomicEncCtx)); - - decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx)); - if (decCtx == NULL) { - free(encCtx); - err_sys("AtomicDecCtx malloc failed"); - } - XMEMSET(decCtx, 0, sizeof(AtomicDecCtx)); - - wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); - wolfSSL_SetMacEncryptCtx(ssl, encCtx); - - wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb); - wolfSSL_SetDecryptVerifyCtx(ssl, decCtx); - -#if defined(HAVE_ENCRYPT_THEN_MAC) - wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb); - wolfSSL_SetEncryptMacCtx(ssl, encCtx); - - wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb); - wolfSSL_SetVerifyDecryptCtx(ssl, decCtx); -#endif -} - - -static WC_INLINE void FreeAtomicUser(WOLFSSL* ssl) -{ - AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl); - AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl); - - /* Encrypt-Then-MAC callbacks use same contexts. */ - - free(decCtx); - free(encCtx); -} - -#endif /* ATOMIC_USER */ - -#ifdef WOLFSSL_STATIC_MEMORY -static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats) -{ - word16 i; - - if (stats == NULL) { - return 0; - } - - /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */ - fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc); - fprintf(stderr, "Total frees = %d\n", stats->totalFr); - fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc); - fprintf(stderr, "Available IO = %d\n", stats->avaIO); - fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa); - fprintf(stderr, "Max con. IO = %d\n", stats->maxIO); - fprintf(stderr, "State of memory blocks: size : available \n"); - for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { - fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i], - stats->avaBlock[i]); - } - - return 1; -} -#endif /* WOLFSSL_STATIC_MEMORY */ - -#ifdef HAVE_PK_CALLBACKS - -typedef struct PkCbInfo { - const char* ourKey; -#ifdef TEST_PK_PRIVKEY - union { - #ifdef HAVE_ECC - ecc_key ecc; - #endif - #ifdef HAVE_CURVE25519 - curve25519_key curve; - #endif - #ifdef HAVE_CURVE448 - curve448_key curve; - #endif - } keyGen; -#endif -} PkCbInfo; - -#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY) - #define WOLFSSL_PKMSG(_f_, ...) printf(_f_, ##__VA_ARGS__) -#else - #define WOLFSSL_PKMSG(_f_, ...) -#endif - -#ifdef HAVE_ECC - -static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz, - int ecc_curve, void* ctx) -{ - int ret; - WC_RNG rng; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - ecc_key* new_key; -#ifdef TEST_PK_PRIVKEY - byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES]; - word32 qxLen = sizeof(qx), qyLen = sizeof(qy); - - new_key = &cbInfo->keyGen.ecc; -#else - new_key = key; -#endif - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK ECC KeyGen: keySz %d, Curve ID %d\n", keySz, ecc_curve); - - ret = wc_InitRng(&rng); - if (ret != 0) - return ret; - - ret = wc_ecc_init(new_key); - if (ret == 0) { - /* create new key */ - ret = wc_ecc_make_key_ex(&rng, keySz, new_key, ecc_curve); - - #ifdef TEST_PK_PRIVKEY - if (ret == 0) { - /* extract public portion from new key into `key` arg */ - ret = wc_ecc_export_public_raw(new_key, qx, &qxLen, qy, &qyLen); - if (ret == 0) { - /* load public portion only into key */ - ret = wc_ecc_import_unsigned(key, qx, qy, NULL, ecc_curve); - } - (void)qxLen; - (void)qyLen; - } - #endif - } - - WOLFSSL_PKMSG("PK ECC KeyGen: ret %d\n", ret); - - wc_FreeRng(&rng); - - return ret; -} - -static WC_INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz, - byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) -{ - int ret; - WC_RNG rng; - word32 idx = 0; - ecc_key myKey; - byte* keyBuf = (byte*)key; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK ECC Sign: inSz %d, keySz %d\n", inSz, keySz); - -#ifdef TEST_PK_PRIVKEY - ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); - if (ret != 0) - return ret; -#endif - - ret = wc_InitRng(&rng); - if (ret != 0) - return ret; - - ret = wc_ecc_init(&myKey); - if (ret == 0) { - ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) { - WOLFSSL_PKMSG("PK ECC Sign: Curve ID %d\n", myKey.dp->id); - ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey); - } - wc_ecc_free(&myKey); - } - wc_FreeRng(&rng); - -#ifdef TEST_PK_PRIVKEY - free(keyBuf); -#endif - - WOLFSSL_PKMSG("PK ECC Sign: ret %d outSz %d\n", ret, *outSz); - - return ret; -} - - -static WC_INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz, - const byte* hash, word32 hashSz, const byte* key, word32 keySz, - int* result, void* ctx) -{ - int ret; - word32 idx = 0; - ecc_key myKey; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK ECC Verify: sigSz %d, hashSz %d, keySz %d\n", sigSz, hashSz, keySz); - - ret = wc_ecc_init(&myKey); - if (ret == 0) { - ret = wc_EccPublicKeyDecode(key, &idx, &myKey, keySz); - if (ret == 0) - ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey); - wc_ecc_free(&myKey); - } - - WOLFSSL_PKMSG("PK ECC Verify: ret %d, result %d\n", ret, *result); - - return ret; -} - -static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, - unsigned char* pubKeyDer, unsigned int* pubKeySz, - unsigned char* out, unsigned int* outlen, - int side, void* ctx) -{ - int ret; - ecc_key* privKey = NULL; - ecc_key* pubKey = NULL; - ecc_key tmpKey; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n", - side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id); - - ret = wc_ecc_init(&tmpKey); - if (ret != 0) { - return ret; - } - - /* for client: create and export public key */ - if (side == WOLFSSL_CLIENT_END) { - WC_RNG rng; - - privKey = &tmpKey; - pubKey = otherKey; - - ret = wc_InitRng(&rng); - if (ret == 0) { - ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id); - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_NONE); - } - #endif - if (ret == 0) - ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz); - wc_FreeRng(&rng); - } - } - - /* for server: import public key */ - else if (side == WOLFSSL_SERVER_END) { - #ifdef TEST_PK_PRIVKEY - privKey = &cbInfo->keyGen.ecc; - #else - privKey = otherKey; - #endif - pubKey = &tmpKey; - - ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey, - otherKey->dp->id); - } - else { - ret = BAD_FUNC_ARG; - } - -#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \ - !defined(HAVE_SELFTEST) - if (ret == 0) { - ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl)); - } -#endif - - /* generate shared secret and return it */ - if (ret == 0) { - ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen); - - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_PENDING_E) { - ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - } - #endif - } - -#ifdef TEST_PK_PRIVKEY - if (side == WOLFSSL_SERVER_END) { - wc_ecc_free(&cbInfo->keyGen.ecc); - } -#endif - - wc_ecc_free(&tmpKey); - - WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen); - - return ret; -} - -#ifdef HAVE_ED25519 -static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, - byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) -{ - int ret; - word32 idx = 0; - ed25519_key myKey; - byte* keyBuf = (byte*)key; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK 25519 Sign: inSz %d, keySz %d\n", inSz, keySz); - -#ifdef TEST_PK_PRIVKEY - ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); - if (ret != 0) - return ret; -#endif - - ret = wc_ed25519_init(&myKey); - if (ret == 0) { - ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) - ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey); - wc_ed25519_free(&myKey); - } - -#ifdef TEST_PK_PRIVKEY - free(keyBuf); -#endif - - WOLFSSL_PKMSG("PK 25519 Sign: ret %d, outSz %d\n", ret, *outSz); - - return ret; -} - - -static WC_INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, - const byte* msg, word32 msgSz, const byte* key, word32 keySz, - int* result, void* ctx) -{ - int ret; - ed25519_key myKey; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK 25519 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, keySz); - - ret = wc_ed25519_init(&myKey); - if (ret == 0) { - ret = wc_ed25519_import_public(key, keySz, &myKey); - if (ret == 0) { - ret = wc_ed25519_verify_msg(sig, sigSz, msg, msgSz, result, &myKey); - } - wc_ed25519_free(&myKey); - } - - WOLFSSL_PKMSG("PK 25519 Verify: ret %d, result %d\n", ret, *result); - - return ret; -} -#endif /* HAVE_ED25519 */ - -#ifdef HAVE_CURVE25519 -static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key, - unsigned int keySz, void* ctx) -{ - int ret; - WC_RNG rng; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK 25519 KeyGen: keySz %d\n", keySz); - - ret = wc_InitRng(&rng); - if (ret != 0) - return ret; - - ret = wc_curve25519_make_key(&rng, keySz, key); - - wc_FreeRng(&rng); - - WOLFSSL_PKMSG("PK 25519 KeyGen: ret %d\n", ret); - - return ret; -} - -static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey, - unsigned char* pubKeyDer, unsigned int* pubKeySz, - unsigned char* out, unsigned int* outlen, - int side, void* ctx) -{ - int ret; - curve25519_key* privKey = NULL; - curve25519_key* pubKey = NULL; - curve25519_key tmpKey; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK 25519 PMS: side %s\n", - side == WOLFSSL_CLIENT_END ? "client" : "server"); - - ret = wc_curve25519_init(&tmpKey); - if (ret != 0) { - return ret; - } - - /* for client: create and export public key */ - if (side == WOLFSSL_CLIENT_END) { - WC_RNG rng; - - privKey = &tmpKey; - pubKey = otherKey; - - ret = wc_InitRng(&rng); - if (ret == 0) { - ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, privKey); - if (ret == 0) { - ret = wc_curve25519_export_public_ex(privKey, pubKeyDer, - pubKeySz, EC25519_LITTLE_ENDIAN); - } - wc_FreeRng(&rng); - } - } - - /* for server: import public key */ - else if (side == WOLFSSL_SERVER_END) { - privKey = otherKey; - pubKey = &tmpKey; - - ret = wc_curve25519_import_public_ex(pubKeyDer, *pubKeySz, pubKey, - EC25519_LITTLE_ENDIAN); - } - else { - ret = BAD_FUNC_ARG; - } - - /* generate shared secret and return it */ - if (ret == 0) { - ret = wc_curve25519_shared_secret_ex(privKey, pubKey, out, outlen, - EC25519_LITTLE_ENDIAN); - } - - wc_curve25519_free(&tmpKey); - - WOLFSSL_PKMSG("PK 25519 PMS: ret %d, pubKeySz %d, outLen %d\n", - ret, *pubKeySz, *outlen); - - return ret; -} -#endif /* HAVE_CURVE25519 */ - -#ifdef HAVE_ED448 -static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, - byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) -{ - int ret; - word32 idx = 0; - ed448_key myKey; - byte* keyBuf = (byte*)key; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK 448 Sign: inSz %d, keySz %d\n", inSz, keySz); - -#ifdef TEST_PK_PRIVKEY - ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); - if (ret != 0) - return ret; -#endif - - ret = wc_ed448_init(&myKey); - if (ret == 0) { - ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) - ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0); - wc_ed448_free(&myKey); - } - -#ifdef TEST_PK_PRIVKEY - free(keyBuf); -#endif - - WOLFSSL_PKMSG("PK 448 Sign: ret %d, outSz %d\n", ret, *outSz); - - return ret; -} - - -static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, - const byte* msg, word32 msgSz, const byte* key, word32 keySz, - int* result, void* ctx) -{ - int ret; - ed448_key myKey; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK 448 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, - keySz); - - ret = wc_ed448_init(&myKey); - if (ret == 0) { - ret = wc_ed448_import_public(key, keySz, &myKey); - if (ret == 0) { - ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey, - NULL, 0); - } - wc_ed448_free(&myKey); - } - - WOLFSSL_PKMSG("PK 448 Verify: ret %d, result %d\n", ret, *result); - - return ret; -} -#endif /* HAVE_ED448 */ - -#ifdef HAVE_CURVE448 -static WC_INLINE int myX448KeyGen(WOLFSSL* ssl, curve448_key* key, - unsigned int keySz, void* ctx) -{ - int ret; - WC_RNG rng; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK 448 KeyGen: keySz %d\n", keySz); - - ret = wc_InitRng(&rng); - if (ret != 0) - return ret; - - ret = wc_curve448_make_key(&rng, keySz, key); - - wc_FreeRng(&rng); - - WOLFSSL_PKMSG("PK 448 KeyGen: ret %d\n", ret); - - return ret; -} - -static WC_INLINE int myX448SharedSecret(WOLFSSL* ssl, curve448_key* otherKey, - unsigned char* pubKeyDer, unsigned int* pubKeySz, - unsigned char* out, unsigned int* outlen, - int side, void* ctx) -{ - int ret; - curve448_key* privKey = NULL; - curve448_key* pubKey = NULL; - curve448_key tmpKey; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK 448 PMS: side %s\n", - side == WOLFSSL_CLIENT_END ? "client" : "server"); - - ret = wc_curve448_init(&tmpKey); - if (ret != 0) { - return ret; - } - - /* for client: create and export public key */ - if (side == WOLFSSL_CLIENT_END) { - WC_RNG rng; - - privKey = &tmpKey; - pubKey = otherKey; - - ret = wc_InitRng(&rng); - if (ret == 0) { - ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, privKey); - if (ret == 0) { - ret = wc_curve448_export_public_ex(privKey, pubKeyDer, - pubKeySz, EC448_LITTLE_ENDIAN); - } - wc_FreeRng(&rng); - } - } - - /* for server: import public key */ - else if (side == WOLFSSL_SERVER_END) { - privKey = otherKey; - pubKey = &tmpKey; - - ret = wc_curve448_import_public_ex(pubKeyDer, *pubKeySz, pubKey, - EC448_LITTLE_ENDIAN); - } - else { - ret = BAD_FUNC_ARG; - } - - /* generate shared secret and return it */ - if (ret == 0) { - ret = wc_curve448_shared_secret_ex(privKey, pubKey, out, outlen, - EC448_LITTLE_ENDIAN); - } - - wc_curve448_free(&tmpKey); - - WOLFSSL_PKMSG("PK 448 PMS: ret %d, pubKeySz %d, outLen %d\n", - ret, *pubKeySz, *outlen); - - return ret; -} -#endif /* HAVE_CURVE448 */ - -#endif /* HAVE_ECC */ - -#ifndef NO_DH -static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key, - const unsigned char* priv, unsigned int privSz, - const unsigned char* pubKeyDer, unsigned int pubKeySz, - unsigned char* out, unsigned int* outlen, - void* ctx) -{ - int ret; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - /* return 0 on success */ - ret = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz); - - WOLFSSL_PKMSG("PK ED Agree: ret %d, privSz %d, pubKeySz %d, outlen %d\n", - ret, privSz, pubKeySz, *outlen); - - return ret; -}; - -#endif /* !NO_DH */ - -#ifndef NO_RSA - -static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, - byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) -{ - WC_RNG rng; - int ret; - word32 idx = 0; - RsaKey myKey; - byte* keyBuf = (byte*)key; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK RSA Sign: inSz %d, keySz %d\n", inSz, keySz); - -#ifdef TEST_PK_PRIVKEY - ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); - if (ret != 0) - return ret; -#endif - - ret = wc_InitRng(&rng); - if (ret != 0) - return ret; - - ret = wc_InitRsaKey(&myKey, NULL); - if (ret == 0) { - ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) - ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng); - if (ret > 0) { /* save and convert to 0 success */ - *outSz = ret; - ret = 0; - } - wc_FreeRsaKey(&myKey); - } - wc_FreeRng(&rng); - -#ifdef TEST_PK_PRIVKEY - free(keyBuf); -#endif - - WOLFSSL_PKMSG("PK RSA Sign: ret %d, outSz %d\n", ret, *outSz); - - return ret; -} - - -static WC_INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, - byte** out, const byte* key, word32 keySz, void* ctx) -{ - int ret; - word32 idx = 0; - RsaKey myKey; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz); - - ret = wc_InitRsaKey(&myKey, NULL); - if (ret == 0) { - ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); - if (ret == 0) - ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey); - wc_FreeRsaKey(&myKey); - } - - WOLFSSL_PKMSG("PK RSA Verify: ret %d\n", ret); - - return ret; -} - -static WC_INLINE int myRsaSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz, - byte** out, const byte* key, word32 keySz, void* ctx) -{ - int ret; - word32 idx = 0; - RsaKey myKey; - byte* keyBuf = (byte*)key; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK RSA SignCheck: sigSz %d, keySz %d\n", sigSz, keySz); - -#ifdef TEST_PK_PRIVKEY - ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); - if (ret != 0) - return ret; -#endif - - ret = wc_InitRsaKey(&myKey, NULL); - if (ret == 0) { - ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) - ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey); - wc_FreeRsaKey(&myKey); - } -#ifdef TEST_PK_PRIVKEY - free(keyBuf); -#endif - - WOLFSSL_PKMSG("PK RSA SignCheck: ret %d\n", ret); - - return ret; -} - -#ifdef WC_RSA_PSS -static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz, - byte* out, word32* outSz, int hash, int mgf, const byte* key, - word32 keySz, void* ctx) -{ - enum wc_HashType hashType = WC_HASH_TYPE_NONE; - WC_RNG rng; - int ret; - word32 idx = 0; - RsaKey myKey; - byte* keyBuf = (byte*)key; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK RSA PSS Sign: inSz %d, hash %d, mgf %d, keySz %d\n", - inSz, hash, mgf, keySz); - -#ifdef TEST_PK_PRIVKEY - ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); - if (ret != 0) - return ret; -#endif - - switch (hash) { -#ifndef NO_SHA256 - case SHA256h: - hashType = WC_HASH_TYPE_SHA256; - break; -#endif -#ifdef WOLFSSL_SHA384 - case SHA384h: - hashType = WC_HASH_TYPE_SHA384; - break; -#endif -#ifdef WOLFSSL_SHA512 - case SHA512h: - hashType = WC_HASH_TYPE_SHA512; - break; -#endif - } - - ret = wc_InitRng(&rng); - if (ret != 0) - return ret; - - ret = wc_InitRsaKey(&myKey, NULL); - if (ret == 0) { - ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) { - ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey, - &rng); - } - if (ret > 0) { /* save and convert to 0 success */ - *outSz = ret; - ret = 0; - } - wc_FreeRsaKey(&myKey); - } - wc_FreeRng(&rng); - -#ifdef TEST_PK_PRIVKEY - free(keyBuf); -#endif - - WOLFSSL_PKMSG("PK RSA PSS Sign: ret %d, outSz %d\n", ret, *outSz); - - return ret; -} - - -static WC_INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, - byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx) -{ - int ret; - word32 idx = 0; - RsaKey myKey; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - enum wc_HashType hashType = WC_HASH_TYPE_NONE; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK RSA PSS Verify: sigSz %d, hash %d, mgf %d, keySz %d\n", - sigSz, hash, mgf, keySz); - - switch (hash) { -#ifndef NO_SHA256 - case SHA256h: - hashType = WC_HASH_TYPE_SHA256; - break; -#endif -#ifdef WOLFSSL_SHA384 - case SHA384h: - hashType = WC_HASH_TYPE_SHA384; - break; -#endif -#ifdef WOLFSSL_SHA512 - case SHA512h: - hashType = WC_HASH_TYPE_SHA512; - break; -#endif - } - - ret = wc_InitRsaKey(&myKey, NULL); - if (ret == 0) { - ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); - if (ret == 0) { - ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf, - &myKey); - } - wc_FreeRsaKey(&myKey); - } - - WOLFSSL_PKMSG("PK RSA PSS Verify: ret %d\n", ret); - - return ret; -} - -static WC_INLINE int myRsaPssSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz, - byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx) -{ - int ret; - word32 idx = 0; - RsaKey myKey; - byte* keyBuf = (byte*)key; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - enum wc_HashType hashType = WC_HASH_TYPE_NONE; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK RSA PSS SignCheck: sigSz %d, hash %d, mgf %d, keySz %d\n", - sigSz, hash, mgf, keySz); - -#ifdef TEST_PK_PRIVKEY - ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); - if (ret != 0) - return ret; -#endif - - switch (hash) { -#ifndef NO_SHA256 - case SHA256h: - hashType = WC_HASH_TYPE_SHA256; - break; -#endif -#ifdef WOLFSSL_SHA384 - case SHA384h: - hashType = WC_HASH_TYPE_SHA384; - break; -#endif -#ifdef WOLFSSL_SHA512 - case SHA512h: - hashType = WC_HASH_TYPE_SHA512; - break; -#endif - } - - ret = wc_InitRsaKey(&myKey, NULL); - if (ret == 0) { - ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) { - ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf, - &myKey); - } - wc_FreeRsaKey(&myKey); - } - -#ifdef TEST_PK_PRIVKEY - free(keyBuf); -#endif - - WOLFSSL_PKMSG("PK RSA PSS SignCheck: ret %d\n", ret); - - return ret; -} -#endif - - -static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, - byte* out, word32* outSz, const byte* key, - word32 keySz, void* ctx) -{ - int ret; - word32 idx = 0; - RsaKey myKey; - WC_RNG rng; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK RSA Enc: inSz %d, keySz %d\n", inSz, keySz); - - ret = wc_InitRng(&rng); - if (ret != 0) - return ret; - - ret = wc_InitRsaKey(&myKey, NULL); - if (ret == 0) { - ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz); - if (ret == 0) { - ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng); - if (ret > 0) { - *outSz = ret; - ret = 0; /* reset to success */ - } - } - wc_FreeRsaKey(&myKey); - } - wc_FreeRng(&rng); - - WOLFSSL_PKMSG("PK RSA Enc: ret %d, outSz %d\n", ret, *outSz); - - return ret; -} - -static WC_INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz, - byte** out, - const byte* key, word32 keySz, void* ctx) -{ - int ret; - word32 idx = 0; - RsaKey myKey; - byte* keyBuf = (byte*)key; - PkCbInfo* cbInfo = (PkCbInfo*)ctx; - - (void)ssl; - (void)cbInfo; - - WOLFSSL_PKMSG("PK RSA Dec: inSz %d, keySz %d\n", inSz, keySz); - -#ifdef TEST_PK_PRIVKEY - ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz); - if (ret != 0) - return ret; -#endif - - ret = wc_InitRsaKey(&myKey, NULL); - if (ret == 0) { - ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); - if (ret == 0) { - #ifdef WC_RSA_BLINDING - ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl)); - if (ret != 0) { - wc_FreeRsaKey(&myKey); - return ret; - } - #endif - ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey); - } - wc_FreeRsaKey(&myKey); - } - -#ifdef TEST_PK_PRIVKEY - free(keyBuf); -#endif - - WOLFSSL_PKMSG("PK RSA Dec: ret %d\n", ret); - - return ret; -} - -#endif /* NO_RSA */ - -static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx) -{ - (void)ctx; - - #ifdef HAVE_ECC - wolfSSL_CTX_SetEccKeyGenCb(ctx, myEccKeyGen); - wolfSSL_CTX_SetEccSignCb(ctx, myEccSign); - wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify); - wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret); - #endif /* HAVE_ECC */ - #ifndef NO_DH - wolfSSL_CTX_SetDhAgreeCb(ctx, myDhCallback); - #endif - #ifdef HAVE_ED25519 - wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign); - wolfSSL_CTX_SetEd25519VerifyCb(ctx, myEd25519Verify); - #endif - #ifdef HAVE_CURVE25519 - wolfSSL_CTX_SetX25519KeyGenCb(ctx, myX25519KeyGen); - wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret); - #endif - #ifdef HAVE_ED448 - wolfSSL_CTX_SetEd448SignCb(ctx, myEd448Sign); - wolfSSL_CTX_SetEd448VerifyCb(ctx, myEd448Verify); - #endif - #ifdef HAVE_CURVE448 - wolfSSL_CTX_SetX448KeyGenCb(ctx, myX448KeyGen); - wolfSSL_CTX_SetX448SharedSecretCb(ctx, myX448SharedSecret); - #endif - #ifndef NO_RSA - wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign); - wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify); - wolfSSL_CTX_SetRsaSignCheckCb(ctx, myRsaSignCheck); - #ifdef WC_RSA_PSS - wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign); - wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify); - wolfSSL_CTX_SetRsaPssSignCheckCb(ctx, myRsaPssSignCheck); - #endif - wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc); - wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec); - #endif /* NO_RSA */ -} - -static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx) -{ - #ifdef HAVE_ECC - wolfSSL_SetEccKeyGenCtx(ssl, myCtx); - wolfSSL_SetEccSignCtx(ssl, myCtx); - wolfSSL_SetEccVerifyCtx(ssl, myCtx); - wolfSSL_SetEccSharedSecretCtx(ssl, myCtx); - #endif /* HAVE_ECC */ - #ifndef NO_DH - wolfSSL_SetDhAgreeCtx(ssl, myCtx); - #endif - #ifdef HAVE_ED25519 - wolfSSL_SetEd25519SignCtx(ssl, myCtx); - wolfSSL_SetEd25519VerifyCtx(ssl, myCtx); - #endif - #ifdef HAVE_CURVE25519 - wolfSSL_SetX25519KeyGenCtx(ssl, myCtx); - wolfSSL_SetX25519SharedSecretCtx(ssl, myCtx); - #endif - #ifdef HAVE_ED448 - wolfSSL_SetEd448SignCtx(ssl, myCtx); - wolfSSL_SetEd448VerifyCtx(ssl, myCtx); - #endif - #ifdef HAVE_CURVE448 - wolfSSL_SetX448KeyGenCtx(ssl, myCtx); - wolfSSL_SetX448SharedSecretCtx(ssl, myCtx); - #endif - #ifndef NO_RSA - wolfSSL_SetRsaSignCtx(ssl, myCtx); - wolfSSL_SetRsaVerifyCtx(ssl, myCtx); - #ifdef WC_RSA_PSS - wolfSSL_SetRsaPssSignCtx(ssl, myCtx); - wolfSSL_SetRsaPssVerifyCtx(ssl, myCtx); - #endif - wolfSSL_SetRsaEncCtx(ssl, myCtx); - wolfSSL_SetRsaDecCtx(ssl, myCtx); - #endif /* NO_RSA */ -} - -#endif /* HAVE_PK_CALLBACKS */ - - - - -#if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \ - || defined(_MSC_VER) - -/* HP/UX doesn't have strsep, needed by test/suites.c */ -static WC_INLINE char* strsep(char **stringp, const char *delim) -{ - char* start; - char* end; - - start = *stringp; - if (start == NULL) - return NULL; - - if ((end = strpbrk(start, delim))) { - *end++ = '\0'; - *stringp = end; - } else { - *stringp = NULL; - } - - return start; -} - -#endif /* __hpux__ and others */ - -/* Create unique filename, len is length of tempfn name, assuming - len does not include null terminating character, - num is number of characters in tempfn name to randomize */ -static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) -{ - int x, size; - static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz"; - WC_RNG rng; - byte out; - - if (tempfn == NULL || len < 1 || num < 1 || len <= num) { - printf("Bad input\n"); - return NULL; - } - - size = len - 1; - - if (wc_InitRng(&rng) != 0) { - printf("InitRng failed\n"); - return NULL; - } - - for (x = size; x > size - num; x--) { - if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) { - printf("RNG_GenerateBlock failed\n"); - return NULL; - } - tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)]; - } - tempfn[len] = '\0'; - - wc_FreeRng(&rng); - (void)rng; /* for WC_NO_RNG case */ - - return tempfn; -} - - - -#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ - defined(HAVE_POLY1305) - - #include - - typedef struct key_ctx { - byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */ - byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */ - } key_ctx; - - static THREAD_LS_T key_ctx myKey_ctx; - static THREAD_LS_T WC_RNG myKey_rng; - - static WC_INLINE int TicketInit(void) - { - int ret = wc_InitRng(&myKey_rng); - if (ret != 0) return ret; - - ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key)); - if (ret != 0) return ret; - - ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name)); - if (ret != 0) return ret; - - return 0; - } - - static WC_INLINE void TicketCleanup(void) - { - wc_FreeRng(&myKey_rng); - } - - static WC_INLINE int myTicketEncCb(WOLFSSL* ssl, - byte key_name[WOLFSSL_TICKET_NAME_SZ], - byte iv[WOLFSSL_TICKET_IV_SZ], - byte mac[WOLFSSL_TICKET_MAC_SZ], - int enc, byte* ticket, int inLen, int* outLen, - void* userCtx) - { - int ret; - word16 sLen = XHTONS(inLen); - byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; - int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2; - byte* tmp = aad; - - (void)ssl; - (void)userCtx; - - /* encrypt */ - if (enc) { - XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ); - - ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ); - if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; - - /* build aad from key name, iv, and length */ - XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ); - tmp += WOLFSSL_TICKET_NAME_SZ; - XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); - tmp += WOLFSSL_TICKET_IV_SZ; - XMEMCPY(tmp, &sLen, 2); - - ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv, - aad, aadSz, - ticket, inLen, - ticket, - mac); - if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; - *outLen = inLen; /* no padding in this mode */ - } - /* decrypt */ - else { - - /* see if we know this key */ - if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){ - printf("client presented unknown ticket key name "); - return WOLFSSL_TICKET_RET_FATAL; - } - - /* build aad from key name, iv, and length */ - XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ); - tmp += WOLFSSL_TICKET_NAME_SZ; - XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); - tmp += WOLFSSL_TICKET_IV_SZ; - XMEMCPY(tmp, &sLen, 2); - - ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv, - aad, aadSz, - ticket, inLen, - mac, - ticket); - if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; - *outLen = inLen; /* no padding in this mode */ - } - - return WOLFSSL_TICKET_RET_OK; - } - -#endif /* HAVE_SESSION_TICKET && HAVE_CHACHA && HAVE_POLY1305 */ - -static WC_INLINE word16 GetRandomPort(void) -{ - word16 port = 0; - - /* Generate random port for testing */ - WC_RNG rng; - if (wc_InitRng(&rng) == 0) { - if (wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)) == 0) { - port |= 0xC000; /* Make sure its in the 49152 - 65535 range */ - } - wc_FreeRng(&rng); - } - (void)rng; /* for WC_NO_RNG case */ - return port; -} - -#endif /* wolfSSL_TEST_H */ diff --git a/source/libwolfssl/wolfcrypt/aes.h b/source/libwolfssl/wolfcrypt/aes.h index e0e85a16..9e60768c 100644 --- a/source/libwolfssl/wolfcrypt/aes.h +++ b/source/libwolfssl/wolfcrypt/aes.h @@ -62,14 +62,6 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif -#ifdef WOLFSSL_AESNI - -#include -#include -#include - -#endif /* WOLFSSL_AESNI */ - #ifdef WOLFSSL_XILINX_CRYPT #include "xsecure_aes.h" diff --git a/source/libwolfssl/wolfcrypt/asn.h b/source/libwolfssl/wolfcrypt/asn.h index 516113ef..8a05e48e 100644 --- a/source/libwolfssl/wolfcrypt/asn.h +++ b/source/libwolfssl/wolfcrypt/asn.h @@ -366,7 +366,6 @@ enum Misc_ASN { MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, #endif MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/ - MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */ OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ @@ -395,6 +394,12 @@ enum Misc_ASN { PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */ }; +#ifndef WC_MAX_NAME_ENTRIES + /* entries added to x509 name struct */ + #define WC_MAX_NAME_ENTRIES 13 +#endif +#define MAX_NAME_ENTRIES WC_MAX_NAME_ENTRIES + enum Oid_Types { oidHashType = 0, diff --git a/source/libwolfssl/wolfcrypt/asn_public.h b/source/libwolfssl/wolfcrypt/asn_public.h index d4336a24..5caf1338 100644 --- a/source/libwolfssl/wolfcrypt/asn_public.h +++ b/source/libwolfssl/wolfcrypt/asn_public.h @@ -330,6 +330,8 @@ typedef struct Cert { #endif char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ]; word16 certPoliciesNb; /* Number of Cert Policy */ +#endif +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) byte issRaw[sizeof(CertName)]; /* raw issuer info */ byte sbjRaw[sizeof(CertName)]; /* raw subject info */ #endif diff --git a/source/libwolfssl/wolfcrypt/blake2-int.h b/source/libwolfssl/wolfcrypt/blake2-int.h index d9af81eb..1118c090 100644 --- a/source/libwolfssl/wolfcrypt/blake2-int.h +++ b/source/libwolfssl/wolfcrypt/blake2-int.h @@ -39,16 +39,6 @@ #include - -#if defined(_MSC_VER) - #define ALIGN(x) __declspec(align(x)) -#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) - #define ALIGN(x) __attribute__((aligned(x))) -#else - #define ALIGN(x) -#endif - - #if defined(__cplusplus) extern "C" { #endif @@ -87,7 +77,7 @@ byte personal[BLAKE2S_PERSONALBYTES]; /* 32 */ } blake2s_param; - ALIGN( 32 ) typedef struct __blake2s_state + ALIGN32 typedef struct __blake2s_state { word32 h[8]; word32 t[2]; @@ -112,7 +102,7 @@ byte personal[BLAKE2B_PERSONALBYTES]; /* 64 */ } blake2b_param; - ALIGN( 64 ) typedef struct __blake2b_state + ALIGN64 typedef struct __blake2b_state { word64 h[8]; word64 t[2]; diff --git a/source/libwolfssl/wolfcrypt/blake2.h b/source/libwolfssl/wolfcrypt/blake2.h index 52e2ccf4..3c57852a 100644 --- a/source/libwolfssl/wolfcrypt/blake2.h +++ b/source/libwolfssl/wolfcrypt/blake2.h @@ -76,12 +76,14 @@ typedef struct Blake2s { #ifdef HAVE_BLAKE2B WOLFSSL_API int wc_InitBlake2b(Blake2b*, word32); +WOLFSSL_API int wc_InitBlake2b_WithKey(Blake2b*, word32, const byte *, word32); WOLFSSL_API int wc_Blake2bUpdate(Blake2b*, const byte*, word32); WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32); #endif #ifdef HAVE_BLAKE2S WOLFSSL_API int wc_InitBlake2s(Blake2s*, word32); +WOLFSSL_API int wc_InitBlake2s_WithKey(Blake2s*, word32, const byte *, word32); WOLFSSL_API int wc_Blake2sUpdate(Blake2s*, const byte*, word32); WOLFSSL_API int wc_Blake2sFinal(Blake2s*, byte*, word32); #endif diff --git a/source/libwolfssl/wolfcrypt/cpuid.h b/source/libwolfssl/wolfcrypt/cpuid.h index 7dc46555..08e39483 100644 --- a/source/libwolfssl/wolfcrypt/cpuid.h +++ b/source/libwolfssl/wolfcrypt/cpuid.h @@ -54,6 +54,11 @@ void cpuid_set_flags(void); word32 cpuid_get_flags(void); + + /* Public APIs to modify flags. */ + WOLFSSL_API void cpuid_select_flags(word32 flags); + WOLFSSL_API void cpuid_set_flag(word32 flag); + WOLFSSL_API void cpuid_clear_flag(word32 flag); #endif #ifdef __cplusplus diff --git a/source/libwolfssl/wolfcrypt/curve25519.h b/source/libwolfssl/wolfcrypt/curve25519.h index a1fd374a..08dee992 100644 --- a/source/libwolfssl/wolfcrypt/curve25519.h +++ b/source/libwolfssl/wolfcrypt/curve25519.h @@ -90,6 +90,14 @@ WOLFSSL_API int wc_curve25519_make_pub(int public_size, byte* pub, int private_size, const byte* priv); +WOLFSSL_API +int wc_curve25519_generic(int public_size, byte* pub, + int private_size, const byte* priv, + int basepoint_size, const byte* basepoint); + +WOLFSSL_API +int wc_curve25519_make_priv(WC_RNG* rng, int keysize, byte* priv); + WOLFSSL_API int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); diff --git a/source/libwolfssl/wolfcrypt/ecc.h b/source/libwolfssl/wolfcrypt/ecc.h index b35105b0..d45ef3fa 100644 --- a/source/libwolfssl/wolfcrypt/ecc.h +++ b/source/libwolfssl/wolfcrypt/ecc.h @@ -352,10 +352,11 @@ typedef struct { /* ECC Flags */ enum { - WC_ECC_FLAG_NONE = 0x00, + WC_ECC_FLAG_NONE = 0x00, #ifdef HAVE_ECC_CDH WC_ECC_FLAG_COFACTOR = 0x01, #endif + WC_ECC_FLAG_DEC_SIGN = 0x02, }; /* ECC non-blocking */ @@ -477,6 +478,9 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key); WOLFSSL_ABI WOLFSSL_API int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id); WOLFSSL_API +int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id, + int flags); +WOLFSSL_API int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); WOLFSSL_API int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng); diff --git a/source/libwolfssl/wolfcrypt/fe_448.h b/source/libwolfssl/wolfcrypt/fe_448.h index d93229be..ff62521c 100644 --- a/source/libwolfssl/wolfcrypt/fe_448.h +++ b/source/libwolfssl/wolfcrypt/fe_448.h @@ -27,7 +27,9 @@ #if defined(HAVE_CURVE448) || defined(HAVE_ED448) +#ifndef WOLFSSL_LINUXKM #include +#endif #include diff --git a/source/libwolfssl/wolfcrypt/fe_operations.h b/source/libwolfssl/wolfcrypt/fe_operations.h index e83e35d3..666246c7 100644 --- a/source/libwolfssl/wolfcrypt/fe_operations.h +++ b/source/libwolfssl/wolfcrypt/fe_operations.h @@ -28,8 +28,10 @@ #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) +#ifndef WOLFSSL_LINUXKM #include #endif +#endif #include diff --git a/source/libwolfssl/wolfcrypt/integer.h b/source/libwolfssl/wolfcrypt/integer.h index fb2c0ea3..1406ab7e 100644 --- a/source/libwolfssl/wolfcrypt/integer.h +++ b/source/libwolfssl/wolfcrypt/integer.h @@ -42,7 +42,11 @@ #include #ifndef CHAR_BIT - #include + #if defined(WOLFSSL_LINUXKM) + #include + #else + #include + #endif #endif #include diff --git a/source/libwolfssl/wolfcrypt/memory.h b/source/libwolfssl/wolfcrypt/memory.h index 07fb0bec..0014997c 100644 --- a/source/libwolfssl/wolfcrypt/memory.h +++ b/source/libwolfssl/wolfcrypt/memory.h @@ -29,7 +29,7 @@ #ifndef WOLFSSL_MEMORY_H #define WOLFSSL_MEMORY_H -#ifndef STRING_USER +#if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM) #include #endif #include diff --git a/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 0e342db3..52624982 100644 --- a/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -39,7 +39,7 @@ #include "soc/hwcrypto_reg.h" #include "soc/cpu.h" #include "driver/periph_ctrl.h" -#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#if ESP_IDF_VERSION_MAJOR >= 4 #include #else #include @@ -55,7 +55,7 @@ int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex); #ifndef NO_AES -#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#if ESP_IDF_VERSION_MAJOR >= 4 #include "esp32/rom/aes.h" #else #include "rom/aes.h" @@ -89,7 +89,7 @@ uint64_t wc_esp32elapsedTime(); /* RAW hash function APIs are not implemented with esp32 hardware acceleration*/ #define WOLFSSL_NO_HASH_RAW -#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#if ESP_IDF_VERSION_MAJOR >= 4 #include "esp32/rom/sha.h" #else #include "rom/sha.h" diff --git a/source/libwolfssl/wolfcrypt/random.h b/source/libwolfssl/wolfcrypt/random.h index fb1380b3..6e1f7e8d 100644 --- a/source/libwolfssl/wolfcrypt/random.h +++ b/source/libwolfssl/wolfcrypt/random.h @@ -149,6 +149,23 @@ typedef struct OS_Seed { #define WC_RNG_TYPE_DEFINED #endif +#ifdef HAVE_HASHDRBG +struct DRBG_internal { + word32 reseedCtr; + word32 lastBlock; + byte V[DRBG_SEED_LEN]; + byte C[DRBG_SEED_LEN]; +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + void* heap; + int devId; +#endif + byte matchCount; +#ifdef WOLFSSL_SMALL_STACK_CACHE + wc_Sha256 sha256; +#endif +}; +#endif + /* RNG context */ struct WC_RNG { OS_Seed seed; @@ -157,18 +174,7 @@ struct WC_RNG { /* Hash-based Deterministic Random Bit Generator */ struct DRBG* drbg; #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) - #define DRBG_STRUCT_SZ ((sizeof(word32)*3) + (DRBG_SEED_LEN*2)) - #ifdef WOLFSSL_SMALL_STACK_CACHE - #define DRBG_STRUCT_SZ_SHA256 (sizeof(wc_Sha256)) - #else - #define DRBG_STRUCT_SZ_SHA256 0 - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) - #define DRBG_STRUCT_SZ_ASYNC (sizeof(void*) + sizeof(int)) - #else - #define DRBG_STRUCT_SZ_ASYNC 0 - #endif - byte drbg_data[DRBG_STRUCT_SZ + DRBG_STRUCT_SZ_SHA256 + DRBG_STRUCT_SZ_ASYNC]; + struct DRBG_internal drbg_data; #endif byte status; #endif diff --git a/source/libwolfssl/wolfcrypt/settings.h b/source/libwolfssl/wolfcrypt/settings.h index c7ef0ad1..5efa1afb 100644 --- a/source/libwolfssl/wolfcrypt/settings.h +++ b/source/libwolfssl/wolfcrypt/settings.h @@ -215,6 +215,10 @@ /* Uncomment next line if using Solaris OS*/ /* #define WOLFSSL_SOLARIS */ +/* Uncomment next line if building for Linux Kernel Module */ +/* #define WOLFSSL_LINUXKM */ + + #include #ifdef WOLFSSL_USER_SETTINGS @@ -831,7 +835,9 @@ extern void uITRON4_free(void *p) ; #undef SIZEOF_LONG #define SIZEOF_LONG_LONG 8 #else - #error settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG + #if !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) + #error settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG + #endif #endif #define XMALLOC(s, h, type) ((void *)rtp_malloc((s), SSL_PRO_MALLOC)) @@ -841,7 +847,9 @@ extern void uITRON4_free(void *p) ; #if (WINMSP3) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else - #sslpro: settings.h - please implement XSTRNCASECMP - needed for HAVE_ECC + #ifndef XSTRNCASECMP + #error settings.h - please implement XSTRNCASECMP - needed for HAVE_ECC + #endif #endif #define WOLFSSL_HAVE_MAX @@ -1255,11 +1263,11 @@ extern void uITRON4_free(void *p) ; #endif #define NO_OLD_RNGNAME #ifdef WOLFSSL_STM32_CUBEMX - #if defined(WOLFSSL_STM32F1) - #include "stm32f1xx_hal.h" + #if defined(WOLFSSL_STM32F1) + #include "stm32f1xx_hal.h" #elif defined(WOLFSSL_STM32F2) #include "stm32f2xx_hal.h" - #elif defined(WOLFSSL_STM32L5) + #elif defined(WOLFSSL_STM32L5) #include "stm32l5xx_hal.h" #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx_hal.h" @@ -1298,7 +1306,7 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32f4xx_hash.h" #endif - #elif defined(WOLFSSL_STM32L5) + #elif defined(WOLFSSL_STM32L5) #include "stm32l5xx.h" #ifdef STM32_CRYPTO #include "stm32l5xx_cryp.h" @@ -1306,7 +1314,7 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32l5xx_hash.h" #endif - #elif defined(WOLFSSL_STM32L4) + #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx.h" #ifdef STM32_CRYPTO #include "stm32l4xx_cryp.h" @@ -1323,7 +1331,7 @@ extern void uITRON4_free(void *p) ; #endif #endif /* WOLFSSL_STM32_CUBEMX */ #endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || - WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */ + WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */ #ifdef WOLFSSL_DEOS #include #include @@ -2077,6 +2085,52 @@ extern void uITRON4_free(void *p) ; #endif +#ifdef WOLFSSL_LINUXKM + #ifndef NO_DEV_RANDOM + #define NO_DEV_RANDOM + #endif + #ifndef NO_WRITEV + #define NO_WRITEV + #endif + #ifndef NO_FILESYSTEM + #define NO_FILESYSTEM + #endif + #ifndef NO_STDIO_FILESYSTEM + #define NO_STDIO_FILESYSTEM + #endif + #ifndef WOLFSSL_NO_SOCK + #define WOLFSSL_NO_SOCK + #endif + #ifndef WOLFSSL_DH_CONST + #define WOLFSSL_DH_CONST + #endif + #ifndef WOLFSSL_USER_IO + #define WOLFSSL_USER_IO + #endif + #ifndef USE_WOLF_STRTOK + #define USE_WOLF_STRTOK + #endif + #ifndef WOLFSSL_SP_MOD_WORD_RP + #define WOLFSSL_SP_MOD_WORD_RP + #endif + #ifndef WOLFSSL_OLD_PRIME_CHECK + #define WOLFSSL_OLD_PRIME_CHECK + #endif + #undef HAVE_STRINGS_H + #undef HAVE_ERRNO_H + #undef HAVE_THREAD_LS + #undef WOLFSSL_HAVE_MIN + #undef WOLFSSL_HAVE_MAX + #define SIZEOF_LONG 8 + #define SIZEOF_LONG_LONG 8 + #define CHAR_BIT 8 + #define WOLFSSL_SP_DIV_64 + #define WOLFSSL_SP_DIV_WORD_HALF + #define SP_HALF_SIZE 32 + #define SP_HALF_MAX 4294967295U +#endif + + /* Place any other flags or defines here */ #if defined(WOLFSSL_MYSQL_COMPATIBLE) && defined(_WIN32) \ diff --git a/source/libwolfssl/wolfcrypt/sp.h b/source/libwolfssl/wolfcrypt/sp.h index 83d5c915..837792e8 100644 --- a/source/libwolfssl/wolfcrypt/sp.h +++ b/source/libwolfssl/wolfcrypt/sp.h @@ -28,14 +28,18 @@ #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) +#ifndef WOLFSSL_LINUXKM #include +#endif #include #include #include -#if defined(_MSC_VER) +#ifdef noinline + #define SP_NOINLINE noinline +#elif defined(_MSC_VER) #define SP_NOINLINE __declspec(noinline) #elif defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) #define SP_NOINLINE _Pragma("inline = never") diff --git a/source/libwolfssl/wolfcrypt/sp_int.h b/source/libwolfssl/wolfcrypt/sp_int.h index aad52a8c..694107e0 100644 --- a/source/libwolfssl/wolfcrypt/sp_int.h +++ b/source/libwolfssl/wolfcrypt/sp_int.h @@ -27,8 +27,10 @@ This library provides single precision (SP) integer math functions. #ifndef WOLF_CRYPT_SP_INT_H #define WOLF_CRYPT_SP_INT_H +#ifndef WOLFSSL_LINUXKM #include #include +#endif /* Make sure WOLFSSL_SP_ASM build option defined when requested */ #if !defined(WOLFSSL_SP_ASM) && ( \ @@ -85,8 +87,6 @@ This library provides single precision (SP) integer math functions. #endif typedef uint128_t sp_int_word; typedef int128_t sp_int_sword; - #else - #error Word size not defined #endif #else #if SP_WORD_SIZE == 32 @@ -106,12 +106,16 @@ This library provides single precision (SP) integer math functions. #endif typedef uint128_t sp_int_word; typedef int128_t sp_int_sword; - #else - #error Word size not defined #endif #endif -#define SP_MASK (sp_digit)(-1) +#if SP_WORD_SIZE == 32 + #define SP_MASK ((sp_int_digit)0xffffffffU) +#elif SP_WORD_SIZE == 64 + #define SP_MASK ((sp_int_digit)0xffffffffffffffffUL) +#else + #error Word size not defined +#endif #if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK) diff --git a/source/libwolfssl/wolfcrypt/types.h b/source/libwolfssl/wolfcrypt/types.h index 70d45aa0..50304576 100644 --- a/source/libwolfssl/wolfcrypt/types.h +++ b/source/libwolfssl/wolfcrypt/types.h @@ -202,7 +202,11 @@ decouple library dependencies with standard string, memory and so on. #define WC_INLINE #endif #else - #define WC_INLINE + #ifdef __GNUC__ + #define WC_INLINE __attribute__((unused)) + #else + #define WC_INLINE + #endif #endif #endif @@ -249,7 +253,11 @@ decouple library dependencies with standard string, memory and so on. #if defined(__GNUC__) #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1))) #undef FALL_THROUGH - #define FALL_THROUGH __attribute__ ((fallthrough)); + #if defined(WOLFSSL_LINUXKM) && defined(fallthrough) + #define FALL_THROUGH fallthrough + #else + #define FALL_THROUGH __attribute__ ((fallthrough)); + #endif #endif #endif #endif /* FALL_THROUGH */ @@ -351,6 +359,13 @@ decouple library dependencies with standard string, memory and so on. #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} #define XREALLOC(p, n, h, t) realloc((p), (size_t)(n)) #endif + + #elif defined(WOLFSSL_LINUXKM) + /* the requisite linux/slab.h is included in wc_port.h, with incompatible warnings masked out. */ + #define XMALLOC(s, h, t) ({(void)(h); (void)(t); kmalloc(s, GFP_KERNEL);}) + #define XFREE(p, h, t) ({void* _xp; (void)(h); _xp = (p); if(_xp) kfree(_xp);}) + #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); krealloc((p), (n), GFP_KERNEL);}) + #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \ @@ -380,8 +395,9 @@ decouple library dependencies with standard string, memory and so on. #endif /* WOLFSSL_STATIC_MEMORY */ #endif - /* declare/free variable handling for async */ - #ifdef WOLFSSL_ASYNC_CRYPT + /* declare/free variable handling for async and smallstack */ + #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_SMALL_STACK) + #define DECLARE_VAR_IS_HEAP_ALLOC #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); #define DECLARE_VAR_INIT(VAR_NAME, VAR_TYPE, VAR_SIZE, INIT_VALUE, HEAP) \ @@ -394,9 +410,19 @@ decouple library dependencies with standard string, memory and so on. }) #define DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ VAR_TYPE* VAR_NAME[VAR_ITEMS]; \ - int idx##VAR_NAME; \ + int idx##VAR_NAME, inner_idx_##VAR_NAME; \ for (idx##VAR_NAME=0; idx##VAR_NAME - #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) - #define XMEMSET(b,c,l) memset((b),(c),(l)) - #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) - #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + #ifndef STRING_USER + #if defined(WOLFSSL_LINUXKM) + #include + #else + #include + #endif + + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) #define XSTRLEN(s1) strlen((s1)) #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) @@ -494,7 +536,37 @@ decouple library dependencies with standard string, memory and so on. for snprintf */ #include #endif - #define XSNPRINTF snprintf + #if defined(WOLFSSL_ESPIDF) && \ + (!defined(NO_ASN_TIME) && defined(HAVE_PKCS7)) + #include + /* later gcc than 7.1 introduces -Wformat-truncation */ + /* In cases when truncation is expected the caller needs*/ + /* to check the return value from the function so that */ + /* compiler doesn't complain. */ + /* xtensa-esp32-elf v8.2.0 warns trancation at */ + /* GetAsnTimeString() */ + static WC_INLINE + int _xsnprintf_(char *s, size_t n, const char *format, ...) + { + va_list ap; + int ret; + + if ((int)n <= 0) return -1; + + va_start(ap, format); + + ret = vsnprintf(s, n, format, ap); + if (ret < 0) + ret = -1; + + va_end(ap); + + return ret; + } + #define XSNPRINTF _xsnprintf_ + #else + #define XSNPRINTF snprintf + #endif #endif #else #if defined(_MSC_VER) || defined(__CYGWIN__) || defined(__MINGW32__) @@ -570,9 +642,11 @@ decouple library dependencies with standard string, memory and so on. #endif #endif /* OPENSSL_EXTRA */ - #ifndef CTYPE_USER - #include - #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ + #ifndef CTYPE_USER + #ifndef WOLFSSL_LINUXKM + #include + #endif + #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) #define XTOUPPER(c) toupper((c)) #define XISALPHA(c) isalpha((c)) diff --git a/source/libwolfssl/wolfcrypt/wc_port.h b/source/libwolfssl/wolfcrypt/wc_port.h index 979b37dd..9ef56da4 100644 --- a/source/libwolfssl/wolfcrypt/wc_port.h +++ b/source/libwolfssl/wolfcrypt/wc_port.h @@ -54,6 +54,115 @@ #endif #endif +#ifdef WOLFSSL_LINUXKM + #ifdef HAVE_CONFIG_H + #ifndef PACKAGE_NAME + #error wc_port.h included before config.h + #endif + /* config.h is autogenerated without gating, and is subject to repeat + * inclusions, so gate it out here to keep autodetection masking + * intact: + */ + #undef HAVE_CONFIG_H + #endif + + #ifdef BUILDING_WOLFSSL + + _Pragma("GCC diagnostic push"); + + /* we include all the needed kernel headers with these masked out. else + * there are profuse warnings. + */ + _Pragma("GCC diagnostic ignored \"-Wunused-parameter\""); + _Pragma("GCC diagnostic ignored \"-Wpointer-arith\""); + _Pragma("GCC diagnostic ignored \"-Wshadow\""); + _Pragma("GCC diagnostic ignored \"-Wnested-externs\""); + _Pragma("GCC diagnostic ignored \"-Wredundant-decls\""); + _Pragma("GCC diagnostic ignored \"-Wsign-compare\""); + _Pragma("GCC diagnostic ignored \"-Wpointer-sign\""); + _Pragma("GCC diagnostic ignored \"-Wbad-function-cast\""); + + #include + #include + #include + #include + #include + #include + #ifndef SINGLE_THREADED + #include + #endif + #include + #include + #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) + #include + #else + #include + #endif + #define SAVE_VECTOR_REGISTERS() kernel_fpu_begin() + #define RESTORE_VECTOR_REGISTERS() kernel_fpu_end() + #elif defined(WOLFSSL_ARMASM) + #include + #define SAVE_VECTOR_REGISTERS() ({ preempt_disable(); fpsimd_preserve_current_state(); }) + #define RESTORE_VECTOR_REGISTERS() ({ fpsimd_restore_current_state(); preempt_enable(); }) + #else + #define SAVE_VECTOR_REGISTERS() ({}) + #define RESTORE_VECTOR_REGISTERS() ({}) + #endif + + _Pragma("GCC diagnostic pop"); + + /* remove this multifariously conflicting macro, picked up from + * Linux arch//include/asm/current.h. + */ + #undef current + + /* prevent gcc's mm_malloc.h from being included, since it unconditionally + * includes stdlib.h, which is kernel-incompatible. + */ + #define _MM_MALLOC_H_INCLUDED + + #define malloc(x) kmalloc(x, GFP_KERNEL) + #define free(x) kfree(x) + #define realloc(x,y) krealloc(x, y, GFP_KERNEL) + + /* min() and max() in linux/kernel.h over-aggressively type-check, producing + * myriad spurious -Werrors throughout the codebase. + */ + #undef min + #undef max + + /* work around namespace conflict between wolfssl/internal.h (enum HandShakeType) + * and linux/key.h (extern int()). + */ + #define key_update wc_key_update + + #define lkm_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args) + #define printf(...) lkm_printf(__VA_ARGS__) + + #endif /* BUILDING_WOLFSSL */ + + /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */ + #define XSNPRINTF snprintf + + /* the rigmarole around kstrtol() here is to accommodate its warn-unused-result attribute. */ + #define XATOI(s) ({ \ + long _xatoi_res = 0; \ + int _xatoi_ret = kstrtol(s, 10, &_xatoi_res); \ + if (_xatoi_ret != 0) { \ + _xatoi_res = 0; \ + } \ + (int)_xatoi_res; \ + }) + +#else /* ! WOLFSSL_LINUXKM */ + + #ifdef BUILDING_WOLFSSL + #define SAVE_VECTOR_REGISTERS() ({}) + #define RESTORE_VECTOR_REGISTERS() ({}) + #endif + +#endif /* WOLFSSL_LINUXKM */ /* THREADING/MUTEX SECTION */ #ifdef USE_WINDOWS_API @@ -156,9 +265,13 @@ #else #ifndef SINGLE_THREADED - #ifndef WOLFSSL_USER_MUTEX - #define WOLFSSL_PTHREADS - #include + #ifndef WOLFSSL_USER_MUTEX + #if defined(WOLFSSL_LINUXKM) + #define WOLFSSL_KTHREADS + #else + #define WOLFSSL_PTHREADS + #include + #endif #endif #endif #if (defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)) && \ @@ -194,6 +307,8 @@ typedef CRITICAL_SECTION wolfSSL_Mutex; #elif defined(WOLFSSL_PTHREADS) typedef u32 wolfSSL_Mutex; /* pthread_mutex_t = mutex_t = u32 */ + #elif defined(WOLFSSL_KTHREADS) + typedef struct mutex wolfSSL_Mutex; #elif defined(THREADX) typedef TX_MUTEX wolfSSL_Mutex; #elif defined(WOLFSSL_DEOS) @@ -242,6 +357,8 @@ typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex; #elif defined(WOLFSSL_USER_MUTEX) /* typedef User_Mutex wolfSSL_Mutex; */ + #elif defined(WOLFSSL_LINUXKM) + typedef struct mutex wolfSSL_Mutex; #else #error Need a mutex type in multithreaded mode #endif /* USE_WINDOWS_API */ @@ -418,6 +535,23 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XBADFILE -1 #define XFGETS(b,s,f) -2 /* Not ported yet */ +#elif defined (WOLFSSL_XILINX) + #include "xsdps.h" + #include "ff.h" + + /* workaround to declare variable and provide type */ + #define XFILE FIL curFile; FIL* + #define XFOPEN(NAME, MODE) ({ FRESULT res; res = f_open(&curFile, (NAME), (FA_OPEN_ALWAYS | FA_WRITE | FA_READ)); (res == FR_OK) ? &curFile : NULL; }) + #define XFSEEK(F, O, W) f_lseek((F), (O)) + #define XFTELL(F) f_tell((F)) + #define XREWIND(F) f_rewind((F)) + #define XFREAD(BUF, SZ, AMT, F) ({ FRESULT res; UINT br; res = f_read((F), (BUF), (SZ)*(AMT), &br); (void)br; res; }) + #define XFWRITE(BUF, SZ, AMT, F) ({ FRESULT res; UINT written; res = f_write((F), (BUF), (SZ)*(AMT), &written); (void)written; res; }) + #define XFCLOSE(F) f_close((F)) + #define XSEEK_END 0 + #define XBADFILE NULL + #define XFGETS(b,s,f) f_gets((b), (s), (f)) + #elif defined(WOLFSSL_USER_FILESYSTEM) /* To be defined in user_settings.h */ #else @@ -535,7 +669,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define NEED_TMP_TIME #elif defined(WOLFSSL_XILINX) - #define USER_TIME + #ifndef XTIME + #define XTIME(t1) xilinx_time((t1)) + #endif #include #elif defined(HAVE_RTP_SYS) @@ -645,6 +781,24 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define WOLFSSL_GMTIME #define USE_WOLF_TM + +#elif defined(WOLFSSL_LINUXKM) + #ifdef BUILDING_WOLFSSL + + /* includes are all above, with incompatible warnings masked out. */ + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) + typedef __kernel_time_t time_t; + #else + typedef __kernel_time64_t time_t; + #endif + extern time_t time(time_t * timer); + #define XTIME time + #define WOLFSSL_GMTIME + #define XGMTIME(c, t) gmtime(c) + #define NO_TIMEVAL 1 + + #endif /* BUILDING_WOLFSSL */ + #else /* default */ /* uses complete facility */ @@ -750,7 +904,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #ifndef FILE_BUFFER_SIZE - #define FILE_BUFFER_SIZE 1024 /* default static file buffer size for input, + #define FILE_BUFFER_SIZE 1024 /* default static file buffer size for input, \ will use dynamic buffer if not big enough */ #endif diff --git a/source/libwolfssl/wolfio.h b/source/libwolfssl/wolfio.h index 587e56dc..58abb969 100644 --- a/source/libwolfssl/wolfio.h +++ b/source/libwolfssl/wolfio.h @@ -94,6 +94,8 @@ #elif defined(WOLFSSL_NUCLEUS_1_2) #include #include + #elif defined(WOLFSSL_LINUXKM) + /* the requisite linux/net.h is included in wc_port.h, with incompatible warnings masked out. */ #elif defined(WOLFSSL_ATMEL) #include "socket/include/socket.h" #elif defined(INTIME_RTOS) @@ -295,6 +297,9 @@ #define SEND_FUNCTION send #define RECV_FUNCTION recv +#elif defined(WOLFSSL_LINUXKM) + #define SEND_FUNCTION linuxkm_send + #define RECV_FUNCTION linuxkm_recv #else #define SEND_FUNCTION send #define RECV_FUNCTION recv diff --git a/source/network/https.c b/source/network/https.c index 4be94d83..f5d146ba 100644 --- a/source/network/https.c +++ b/source/network/https.c @@ -17,7 +17,7 @@ WOLFSSL_SESSION *session; int https_write(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy) { int ret, pos = 0; - int rlen = (len > BLOCK_SIZE) ? BLOCK_SIZE : len; + int rlen = len > BLOCK_SIZE ? BLOCK_SIZE : len; u64 time = gettime(); while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT) { @@ -28,7 +28,7 @@ int https_write(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy) if (ret > 0) { pos += ret; - rlen = (len - pos > BLOCK_SIZE) ? BLOCK_SIZE : len - pos; + rlen = len - pos > BLOCK_SIZE ? BLOCK_SIZE : len - pos; if (pos >= len) return pos; time = gettime(); @@ -143,7 +143,7 @@ bool is_chunked(struct phr_header *headers, size_t num_headers) char encoding[9]; if (!get_header_value(headers, num_headers, encoding, "transfer-encoding")) return false; - return (strcasecmp(encoding, "chunked") == 0) ? true : false; + return (strcasecmp(encoding, "chunked") == 0); } bool read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) @@ -209,7 +209,7 @@ bool read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) }; buffer->size = start_pos; buffer->data = MEM2_realloc(buffer->data, buffer->size); - return (buffer->content_length > 0 && buffer->content_length == start_pos) ? true : false; + return (buffer->content_length > 0 && buffer->content_length == start_pos); } bool get_response(HTTP_INFO *httpinfo, HTTP_RESPONSE *resp, bool proxy) @@ -227,7 +227,7 @@ bool get_response(HTTP_INFO *httpinfo, HTTP_RESPONSE *resp, bool proxy) // Parse the response resp->num_headers = sizeof(resp->headers) / sizeof(resp->headers[0]); if ((resp->pret = phr_parse_response(resp->data, resp->buflen, &minor_version, &resp->status, &msg, &msg_len, resp->headers, &resp->num_headers, prevbuflen)) > 0) - return true; // Successfully parsed the response + return true; else if (resp->pret == -1) { #ifdef DEBUG_NETWORK @@ -251,7 +251,7 @@ bool check_ip(char *str) int partA, partB, partC, partD; char extra; // We avoid using regex because it increases the file size - return (sscanf(str, "%d.%d.%d.%d%c", &partA, &partB, &partC, &partD, &extra) == 4) ? true : false; + return (sscanf(str, "%d.%d.%d.%d%c", &partA, &partB, &partC, &partD, &extra) == 4); } bool connect_proxy(HTTP_INFO *httpinfo, char *host, char *username, char *password) @@ -387,7 +387,7 @@ void downloadfile(const char *url, struct download *buffer) if (httpinfo.use_https) { // Create a new SSL context - // wolfSSLv23_client_method() works but resume would require further changes + // wolfSSLv23_client_method() works but TLS 1.2 is slightly faster on Wii if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { #ifdef DEBUG_NETWORK diff --git a/source/network/picohttpparser.c b/source/network/picohttpparser.c index 8f0576ee..f16c0924 100644 --- a/source/network/picohttpparser.c +++ b/source/network/picohttpparser.c @@ -241,6 +241,41 @@ static const char *is_complete(const char *buf, const char *buf_end, size_t last *valp_ += res_; \ } while (0) +/* returned pointer is always within [buf, buf_end), or null */ +static const char *parse_token(const char *buf, const char *buf_end, const char **token, size_t *token_len, char next_char, + int *ret) +{ + /* We use pcmpestri to detect non-token characters. This instruction can take no more than eight character ranges (8*2*8=128 + * bits that is the size of a SSE register). Due to this restriction, characters `|` and `~` are handled in the slow loop. */ + static const char ALIGNED(16) ranges[] = "\x00 " /* control chars and up to SP */ + "\"\"" /* 0x22 */ + "()" /* 0x28,0x29 */ + ",," /* 0x2c */ + "//" /* 0x2f */ + ":@" /* 0x3a-0x40 */ + "[]" /* 0x5b-0x5d */ + "{\xff"; /* 0x7b-0xff */ + const char *buf_start = buf; + int found; + buf = findchar_fast(buf, buf_end, ranges, sizeof(ranges) - 1, &found); + if (!found) { + CHECK_EOF(); + } + while (1) { + if (*buf == next_char) { + break; + } else if (!token_char_map[(unsigned char)*buf]) { + *ret = -1; + return NULL; + } + ++buf; + CHECK_EOF(); + } + *token = buf_start; + *token_len = buf - buf_start; + return buf; +} + /* returned pointer is always within [buf, buf_end), or null */ static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret) { @@ -280,31 +315,10 @@ static const char *parse_headers(const char *buf, const char *buf_end, struct ph if (!(*num_headers != 0 && (*buf == ' ' || *buf == '\t'))) { /* parsing name, but do not discard SP before colon, see * http://www.mozilla.org/security/announce/2006/mfsa2006-33.html */ - headers[*num_headers].name = buf; - static const char ALIGNED(16) ranges1[] = "\x00 " /* control chars and up to SP */ - "\"\"" /* 0x22 */ - "()" /* 0x28,0x29 */ - ",," /* 0x2c */ - "//" /* 0x2f */ - ":@" /* 0x3a-0x40 */ - "[]" /* 0x5b-0x5d */ - "{\377"; /* 0x7b-0xff */ - int found; - buf = findchar_fast(buf, buf_end, ranges1, sizeof(ranges1) - 1, &found); - if (!found) { - CHECK_EOF(); + if ((buf = parse_token(buf, buf_end, &headers[*num_headers].name, &headers[*num_headers].name_len, ':', ret)) == NULL) { + return NULL; } - while (1) { - if (*buf == ':') { - break; - } else if (!token_char_map[(unsigned char)*buf]) { - *ret = -1; - return NULL; - } - ++buf; - CHECK_EOF(); - } - if ((headers[*num_headers].name_len = buf - headers[*num_headers].name) == 0) { + if (headers[*num_headers].name_len == 0) { *ret = -1; return NULL; } @@ -352,7 +366,9 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha } /* parse request line */ - ADVANCE_TOKEN(*method, *method_len); + if ((buf = parse_token(buf, buf_end, method, method_len, ' ', ret)) == NULL) { + return NULL; + } do { ++buf; CHECK_EOF(); diff --git a/source/network/proxysettings.cpp b/source/network/proxysettings.cpp index 3d752b6e..d0aca3c6 100644 --- a/source/network/proxysettings.cpp +++ b/source/network/proxysettings.cpp @@ -9,6 +9,7 @@ #define ALIGN32(x) (((x) + 31) & ~31) bool proxy_enabled; +bool proxy_creds_enabled; char proxy_address[256]; u16 proxy_port; char proxy_username[33]; @@ -23,7 +24,7 @@ void getProxyInfo() fstats stats ATTRIBUTE_ALIGN(32); if(ISFS_GetFileStats(fd, &stats) >= 0) { - if (stats.file_length > 0) + if (stats.file_length == 7004) { buffer = (char *)MEM2_alloc(ALIGN32(stats.file_length)); if (buffer) @@ -31,6 +32,7 @@ void getProxyInfo() if (ISFS_Read(fd, buffer, stats.file_length) == 7004) { proxy_enabled = buffer[44]; + proxy_creds_enabled = buffer[45]; strncpy(proxy_address, buffer + 48, sizeof(proxy_address) - 1); proxy_port = ((buffer[304] & 0xFF) << 8) | (buffer[305] & 0xFF); strncpy(proxy_username, buffer + 306, sizeof(proxy_username) - 1); @@ -61,13 +63,13 @@ u16 getProxyPort() char *getProxyUsername() { if (mainMenu.proxyUseSystem) - return proxy_enabled ? proxy_username : NULL; + return proxy_enabled && proxy_creds_enabled ? proxy_username : NULL; return (strlen(mainMenu.proxyUsername) > 0) ? mainMenu.proxyUsername : NULL; } char *getProxyPassword() { if (mainMenu.proxyUseSystem) - return proxy_enabled ? proxy_password : NULL; + return proxy_enabled && proxy_creds_enabled ? proxy_password : NULL; return (strlen(mainMenu.proxyPassword) > 0) ? mainMenu.proxyPassword : NULL; }