Update wolfSSL, picohttpparser & clean up code

source/libwolfssl/internal.h

@@ -186,7 +186,12 @@
     /* do nothing */
 #else
     #ifndef SINGLE_THREADED
-        #ifndef  WOLFSSL_USER_MUTEX
+        #if defined(WOLFSSL_LINUXKM)
+            #define WOLFSSL_KTHREADS
+            #include <linux/kthread.h>
+        #elif defined(WOLFSSL_USER_MUTEX)
+            /* do nothing */
+        #else
             #define WOLFSSL_PTHREADS
             #include <pthread.h>
         #endif
@@ -3659,7 +3664,7 @@ struct WOLFSSL_X509 {
     WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
     WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
 #endif /* WOLFSSL_QT || OPENSSL_ALL */
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
     WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */
 #endif
     WOLFSSL_ASN1_TIME notBefore;

source/libwolfssl/openssl/asn1.h

@@ -69,6 +69,7 @@
 #define V_ASN1_OBJECT                   6
 #define V_ASN1_UTCTIME                  23
 #define V_ASN1_GENERALIZEDTIME          24
+#define V_ASN1_PRINTABLESTRING          19
 
 #define ASN1_STRING_FLAG_BITS_LEFT       0x008
 #define ASN1_STRING_FLAG_NDEF            0x010

source/libwolfssl/ssl.h

@@ -191,7 +191,7 @@ typedef struct WOLFSSL_AUTHORITY_KEYID  WOLFSSL_AUTHORITY_KEYID;
 typedef struct WOLFSSL_BASIC_CONSTRAINTS WOLFSSL_BASIC_CONSTRAINTS;
 typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION;
 
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 
 struct WOLFSSL_AUTHORITY_KEYID {
     WOLFSSL_ASN1_STRING *keyid;
@@ -2167,7 +2167,7 @@ WOLFSSL_API WOLFSSL_X509*
 WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
                                                    const unsigned char *in, int len);
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
 #endif
 WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
@@ -2202,7 +2202,7 @@ typedef struct WC_PKCS12 WC_PKCS12;
 WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
                                        WC_PKCS12** pkcs12);
 WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12);
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
                                        WOLFSSL_X509_PKCS12** pkcs12);
 #endif
@@ -3320,6 +3320,11 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
 #endif /* !NO_CERTS */
 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
+#ifdef WOLFSSL_WPAS_SMALL
+    /* WPA Supplicant requires GEN_ values */
+    #include <libwolfssl/openssl/x509v3.h>
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
                                                      int nid, int* c, int* idx);

source/libwolfssl/wolfcrypt/aes.h

@@ -62,14 +62,6 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
     #include <libwolfssl/wolfcrypt/port/st/stm32.h>
 #endif
 
-#ifdef WOLFSSL_AESNI
-
-#include <wmmintrin.h>
-#include <emmintrin.h>
-#include <smmintrin.h>
-
-#endif /* WOLFSSL_AESNI */
-
 
 #ifdef WOLFSSL_XILINX_CRYPT
 #include "xsecure_aes.h"

source/libwolfssl/wolfcrypt/asn.h

@@ -366,7 +366,6 @@ enum Misc_ASN {
     MAX_CERTPOL_SZ      = CTC_MAX_CERTPOL_SZ,
 #endif
     MAX_AIA_SZ          = 2,       /* Max Authority Info Access extension size*/
-    MAX_NAME_ENTRIES    = 13,      /* entries added to x509 name struct */
     OCSP_NONCE_EXT_SZ   = 35,      /* OCSP Nonce Extension size */
     MAX_OCSP_EXT_SZ     = 58,      /* Max OCSP Extension length */
     MAX_OCSP_NONCE_SZ   = 16,      /* OCSP Nonce size           */
@@ -395,6 +394,12 @@ enum Misc_ASN {
     PEM_LINE_LEN       = PEM_LINE_SZ + 12, /* PEM line max + fudge */
 };
 
+#ifndef WC_MAX_NAME_ENTRIES
+    /* entries added to x509 name struct */
+    #define WC_MAX_NAME_ENTRIES 13
+#endif
+#define MAX_NAME_ENTRIES WC_MAX_NAME_ENTRIES
+
 
 enum Oid_Types {
     oidHashType         = 0,

source/libwolfssl/wolfcrypt/asn_public.h

@@ -330,6 +330,8 @@ typedef struct Cert {
 #endif
     char    certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ];
     word16  certPoliciesNb;              /* Number of Cert Policy */
+#endif
+#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA)
     byte     issRaw[sizeof(CertName)];   /* raw issuer info */
     byte     sbjRaw[sizeof(CertName)];   /* raw subject info */
 #endif

source/libwolfssl/wolfcrypt/blake2-int.h

@@ -39,16 +39,6 @@
 
 #include <libwolfssl/wolfcrypt/types.h>
 
-
-#if defined(_MSC_VER)
-    #define ALIGN(x) __declspec(align(x))
-#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__)
-    #define ALIGN(x) __attribute__((aligned(x)))
-#else
-    #define ALIGN(x)
-#endif
-
-
 #if defined(__cplusplus)
     extern "C" {
 #endif
@@ -87,7 +77,7 @@
     byte  personal[BLAKE2S_PERSONALBYTES];  /* 32 */
   } blake2s_param;
 
-  ALIGN( 32 ) typedef struct __blake2s_state
+  ALIGN32 typedef struct __blake2s_state
   {
     word32 h[8];
     word32 t[2];
@@ -112,7 +102,7 @@
     byte  personal[BLAKE2B_PERSONALBYTES];  /* 64 */
   } blake2b_param;
 
-  ALIGN( 64 ) typedef struct __blake2b_state
+  ALIGN64 typedef struct __blake2b_state
   {
     word64 h[8];
     word64 t[2];

source/libwolfssl/wolfcrypt/blake2.h

@@ -76,12 +76,14 @@ typedef struct Blake2s {
 
 #ifdef HAVE_BLAKE2B
 WOLFSSL_API int wc_InitBlake2b(Blake2b*, word32);
+WOLFSSL_API int wc_InitBlake2b_WithKey(Blake2b*, word32, const byte *, word32);
 WOLFSSL_API int wc_Blake2bUpdate(Blake2b*, const byte*, word32);
 WOLFSSL_API int wc_Blake2bFinal(Blake2b*, byte*, word32);
 #endif
 
 #ifdef HAVE_BLAKE2S
 WOLFSSL_API int wc_InitBlake2s(Blake2s*, word32);
+WOLFSSL_API int wc_InitBlake2s_WithKey(Blake2s*, word32, const byte *, word32);
 WOLFSSL_API int wc_Blake2sUpdate(Blake2s*, const byte*, word32);
 WOLFSSL_API int wc_Blake2sFinal(Blake2s*, byte*, word32);
 #endif

source/libwolfssl/wolfcrypt/cpuid.h

@@ -54,6 +54,11 @@
 
     void cpuid_set_flags(void);
     word32 cpuid_get_flags(void);
+
+    /* Public APIs to modify flags. */
+    WOLFSSL_API void cpuid_select_flags(word32 flags);
+    WOLFSSL_API void cpuid_set_flag(word32 flag);
+    WOLFSSL_API void cpuid_clear_flag(word32 flag);
 #endif
 
 #ifdef __cplusplus

source/libwolfssl/wolfcrypt/curve25519.h

@@ -90,6 +90,14 @@ WOLFSSL_API
 int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
                            const byte* priv);
 
+WOLFSSL_API
+int wc_curve25519_generic(int public_size, byte* pub,
+                          int private_size, const byte* priv,
+                          int basepoint_size, const byte* basepoint);
+
+WOLFSSL_API
+int wc_curve25519_make_priv(WC_RNG* rng, int keysize, byte* priv);
+
 WOLFSSL_API
 int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);
 

source/libwolfssl/wolfcrypt/ecc.h

@@ -352,10 +352,11 @@ typedef struct {
 
 /* ECC Flags */
 enum {
-    WC_ECC_FLAG_NONE = 0x00,
+    WC_ECC_FLAG_NONE     = 0x00,
 #ifdef HAVE_ECC_CDH
     WC_ECC_FLAG_COFACTOR = 0x01,
 #endif
+    WC_ECC_FLAG_DEC_SIGN = 0x02,
 };
 
 /* ECC non-blocking */
@@ -477,6 +478,9 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
 WOLFSSL_ABI WOLFSSL_API
 int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id);
 WOLFSSL_API
+int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
+                        int flags);
+WOLFSSL_API
 int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
 WOLFSSL_API
 int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng);

source/libwolfssl/wolfcrypt/fe_448.h

@@ -27,7 +27,9 @@
 
 #if defined(HAVE_CURVE448) || defined(HAVE_ED448)
 
+#ifndef WOLFSSL_LINUXKM
 #include <stdint.h>
+#endif
 
 #include <libwolfssl/wolfcrypt/types.h>
 

source/libwolfssl/wolfcrypt/fe_operations.h

@@ -28,8 +28,10 @@
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
 
 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
+#ifndef WOLFSSL_LINUXKM
     #include <stdint.h>
 #endif
+#endif
 
 #include <libwolfssl/wolfcrypt/types.h>
 

source/libwolfssl/wolfcrypt/integer.h

@@ -42,7 +42,11 @@
 #include <libwolfssl/wolfcrypt/random.h>
 
 #ifndef CHAR_BIT
-    #include <limits.h>
+    #if defined(WOLFSSL_LINUXKM)
+        #include <linux/limits.h>
+    #else
+        #include <limits.h>
+    #endif
 #endif
 
 #include <libwolfssl/wolfcrypt/mpi_class.h>

source/libwolfssl/wolfcrypt/memory.h

@@ -29,7 +29,7 @@
 #ifndef WOLFSSL_MEMORY_H
 #define WOLFSSL_MEMORY_H
 
-#ifndef STRING_USER
+#if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
 #include <stdlib.h>
 #endif
 #include <libwolfssl/wolfcrypt/types.h>

source/libwolfssl/wolfcrypt/port/Espressif/esp32-crypt.h

@@ -39,7 +39,7 @@
 #include "soc/hwcrypto_reg.h"
 #include "soc/cpu.h"
 #include "driver/periph_ctrl.h"
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include <esp32/rom/ets_sys.h>
 #else
 #include <rom/ets_sys.h>
@@ -55,7 +55,7 @@ int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex);
 
 #ifndef NO_AES
 
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "esp32/rom/aes.h"
 #else
 #include "rom/aes.h"
@@ -89,7 +89,7 @@ uint64_t  wc_esp32elapsedTime();
 
 /* RAW hash function APIs are not implemented with esp32 hardware acceleration*/
 #define WOLFSSL_NO_HASH_RAW
-#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1
+#if ESP_IDF_VERSION_MAJOR >= 4
 #include "esp32/rom/sha.h"
 #else
 #include "rom/sha.h"

source/libwolfssl/wolfcrypt/random.h

@@ -149,6 +149,23 @@ typedef struct OS_Seed {
     #define WC_RNG_TYPE_DEFINED
 #endif
 
+#ifdef HAVE_HASHDRBG
+struct DRBG_internal {
+    word32 reseedCtr;
+    word32 lastBlock;
+    byte V[DRBG_SEED_LEN];
+    byte C[DRBG_SEED_LEN];
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
+    void* heap;
+    int devId;
+#endif
+    byte   matchCount;
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+    wc_Sha256 sha256;
+#endif
+};
+#endif
+
 /* RNG context */
 struct WC_RNG {
     OS_Seed seed;
@@ -157,18 +174,7 @@ struct WC_RNG {
     /* Hash-based Deterministic Random Bit Generator */
     struct DRBG* drbg;
 #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
-    #define DRBG_STRUCT_SZ ((sizeof(word32)*3) + (DRBG_SEED_LEN*2))
-    #ifdef WOLFSSL_SMALL_STACK_CACHE
-        #define DRBG_STRUCT_SZ_SHA256 (sizeof(wc_Sha256))
-    #else
-        #define DRBG_STRUCT_SZ_SHA256 0
-    #endif
-    #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
-        #define DRBG_STRUCT_SZ_ASYNC (sizeof(void*) + sizeof(int))
-    #else
-        #define DRBG_STRUCT_SZ_ASYNC 0
-    #endif
-    byte drbg_data[DRBG_STRUCT_SZ + DRBG_STRUCT_SZ_SHA256 + DRBG_STRUCT_SZ_ASYNC];
+    struct DRBG_internal drbg_data;
 #endif
     byte status;
 #endif

source/libwolfssl/wolfcrypt/settings.h

@@ -215,6 +215,10 @@
 /* Uncomment next line if using Solaris OS*/
 /* #define WOLFSSL_SOLARIS */
 
+/* Uncomment next line if building for Linux Kernel Module */
+/* #define WOLFSSL_LINUXKM */
+
+
 #include <libwolfssl/wolfcrypt/visibility.h>
 
 #ifdef WOLFSSL_USER_SETTINGS
@@ -831,7 +835,9 @@ extern void uITRON4_free(void *p) ;
         #undef SIZEOF_LONG
         #define SIZEOF_LONG_LONG 8
     #else
-        #error settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG
+        #if !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
+            #error settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG
+        #endif
     #endif
 
     #define XMALLOC(s, h, type) ((void *)rtp_malloc((s), SSL_PRO_MALLOC))
@@ -841,7 +847,9 @@ extern void uITRON4_free(void *p) ;
     #if (WINMSP3)
         #define XSTRNCASECMP(s1,s2,n)  _strnicmp((s1),(s2),(n))
     #else
-        #sslpro: settings.h - please implement XSTRNCASECMP - needed for HAVE_ECC
+        #ifndef XSTRNCASECMP
+            #error settings.h - please implement XSTRNCASECMP - needed for HAVE_ECC
+        #endif
     #endif
 
     #define WOLFSSL_HAVE_MAX
@@ -1255,11 +1263,11 @@ extern void uITRON4_free(void *p) ;
     #endif
     #define NO_OLD_RNGNAME
     #ifdef WOLFSSL_STM32_CUBEMX
-		#if defined(WOLFSSL_STM32F1)
-			#include "stm32f1xx_hal.h"
+        #if defined(WOLFSSL_STM32F1)
+            #include "stm32f1xx_hal.h"
         #elif defined(WOLFSSL_STM32F2)
             #include "stm32f2xx_hal.h"
-		#elif defined(WOLFSSL_STM32L5)
+        #elif defined(WOLFSSL_STM32L5)
             #include "stm32l5xx_hal.h"
         #elif defined(WOLFSSL_STM32L4)
             #include "stm32l4xx_hal.h"
@@ -1298,7 +1306,7 @@ extern void uITRON4_free(void *p) ;
             #ifdef STM32_HASH
                 #include "stm32f4xx_hash.h"
             #endif
-		#elif defined(WOLFSSL_STM32L5)
+        #elif defined(WOLFSSL_STM32L5)
             #include "stm32l5xx.h"
             #ifdef STM32_CRYPTO
                 #include "stm32l5xx_cryp.h"
@@ -1306,7 +1314,7 @@ extern void uITRON4_free(void *p) ;
             #ifdef STM32_HASH
                 #include "stm32l5xx_hash.h"
             #endif
-    	#elif defined(WOLFSSL_STM32L4)
+        #elif defined(WOLFSSL_STM32L4)
             #include "stm32l4xx.h"
             #ifdef STM32_CRYPTO
                 #include "stm32l4xx_cryp.h"
@@ -1323,7 +1331,7 @@ extern void uITRON4_free(void *p) ;
         #endif
     #endif /* WOLFSSL_STM32_CUBEMX */
 #endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || 
-		  WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
+          WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */
 #ifdef WOLFSSL_DEOS
     #include <deos.h>
     #include <timeout.h>
@@ -2077,6 +2085,52 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 
+#ifdef WOLFSSL_LINUXKM
+    #ifndef NO_DEV_RANDOM
+        #define NO_DEV_RANDOM
+    #endif
+    #ifndef NO_WRITEV
+        #define NO_WRITEV
+    #endif
+    #ifndef NO_FILESYSTEM
+        #define NO_FILESYSTEM
+    #endif
+    #ifndef NO_STDIO_FILESYSTEM
+        #define NO_STDIO_FILESYSTEM
+    #endif
+    #ifndef WOLFSSL_NO_SOCK
+        #define WOLFSSL_NO_SOCK
+    #endif
+    #ifndef WOLFSSL_DH_CONST
+        #define WOLFSSL_DH_CONST
+    #endif
+    #ifndef WOLFSSL_USER_IO
+        #define WOLFSSL_USER_IO
+    #endif
+    #ifndef USE_WOLF_STRTOK
+        #define USE_WOLF_STRTOK
+    #endif
+    #ifndef WOLFSSL_SP_MOD_WORD_RP
+        #define WOLFSSL_SP_MOD_WORD_RP
+    #endif
+    #ifndef WOLFSSL_OLD_PRIME_CHECK
+        #define WOLFSSL_OLD_PRIME_CHECK
+    #endif
+    #undef HAVE_STRINGS_H
+    #undef HAVE_ERRNO_H
+    #undef HAVE_THREAD_LS
+    #undef WOLFSSL_HAVE_MIN
+    #undef WOLFSSL_HAVE_MAX
+    #define SIZEOF_LONG         8
+    #define SIZEOF_LONG_LONG    8
+    #define CHAR_BIT            8
+    #define WOLFSSL_SP_DIV_64
+    #define WOLFSSL_SP_DIV_WORD_HALF
+    #define SP_HALF_SIZE        32
+    #define SP_HALF_MAX         4294967295U
+#endif
+
+
 /* Place any other flags or defines here */
 
 #if defined(WOLFSSL_MYSQL_COMPATIBLE) && defined(_WIN32) \

source/libwolfssl/wolfcrypt/sp.h

@@ -28,14 +28,18 @@
 #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \
                                     defined(WOLFSSL_HAVE_SP_ECC)
 
+#ifndef WOLFSSL_LINUXKM
 #include <stdint.h>
+#endif
 
 #include <libwolfssl/wolfcrypt/integer.h>
 #include <libwolfssl/wolfcrypt/sp_int.h>
 
 #include <libwolfssl/wolfcrypt/ecc.h>
 
-#if defined(_MSC_VER)
+#ifdef noinline
+    #define SP_NOINLINE noinline
+#elif defined(_MSC_VER)
     #define SP_NOINLINE __declspec(noinline)
 #elif defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__)
     #define SP_NOINLINE _Pragma("inline = never")

source/libwolfssl/wolfcrypt/sp_int.h

@@ -27,8 +27,10 @@ This library provides single precision (SP) integer math functions.
 #ifndef WOLF_CRYPT_SP_INT_H
 #define WOLF_CRYPT_SP_INT_H
 
+#ifndef WOLFSSL_LINUXKM
 #include <stdint.h>
 #include <limits.h>
+#endif
 
 /* Make sure WOLFSSL_SP_ASM build option defined when requested */
 #if !defined(WOLFSSL_SP_ASM) && ( \
@@ -85,8 +87,6 @@ This library provides single precision (SP) integer math functions.
     #endif
     typedef uint128_t sp_int_word;
     typedef int128_t sp_int_sword;
-  #else
-    #error Word size not defined
   #endif
 #else
   #if SP_WORD_SIZE == 32
@@ -106,12 +106,16 @@ This library provides single precision (SP) integer math functions.
     #endif
     typedef uint128_t sp_int_word;
     typedef int128_t sp_int_sword;
-  #else
-    #error Word size not defined
   #endif
 #endif
 
-#define SP_MASK    (sp_digit)(-1)
+#if SP_WORD_SIZE == 32
+    #define SP_MASK ((sp_int_digit)0xffffffffU)
+#elif SP_WORD_SIZE == 64
+    #define SP_MASK ((sp_int_digit)0xffffffffffffffffUL)
+#else
+    #error Word size not defined
+#endif
 
 
 #if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK)

source/libwolfssl/wolfcrypt/types.h

@@ -202,7 +202,11 @@ decouple library dependencies with standard string, memory and so on.
             #define WC_INLINE
         #endif
     #else
-        #define WC_INLINE
+        #ifdef __GNUC__
+            #define WC_INLINE __attribute__((unused))
+        #else
+            #define WC_INLINE
+        #endif
     #endif
     #endif
 
@@ -249,7 +253,11 @@ decouple library dependencies with standard string, memory and so on.
     #if defined(__GNUC__)
         #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1)))
             #undef  FALL_THROUGH
-            #define FALL_THROUGH __attribute__ ((fallthrough));
+            #if defined(WOLFSSL_LINUXKM) && defined(fallthrough)
+                #define FALL_THROUGH fallthrough
+            #else
+                #define FALL_THROUGH __attribute__ ((fallthrough));
+            #endif
         #endif
     #endif
     #endif /* FALL_THROUGH */
@@ -351,6 +359,13 @@ decouple library dependencies with standard string, memory and so on.
         #define XFREE(p, h, t)       {void* xp = (p); if((xp)) free((xp));}
         #define XREALLOC(p, n, h, t) realloc((p), (size_t)(n))
         #endif
+
+    #elif defined(WOLFSSL_LINUXKM)
+	/* the requisite linux/slab.h is included in wc_port.h, with incompatible warnings masked out. */
+        #define XMALLOC(s, h, t)     ({(void)(h); (void)(t); kmalloc(s, GFP_KERNEL);})
+        #define XFREE(p, h, t)       ({void* _xp; (void)(h); _xp = (p); if(_xp) kfree(_xp);})
+        #define XREALLOC(p, n, h, t) ({(void)(h); (void)(t); krealloc((p), (n), GFP_KERNEL);})
+
     #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
             && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
             && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \
@@ -380,8 +395,9 @@ decouple library dependencies with standard string, memory and so on.
         #endif /* WOLFSSL_STATIC_MEMORY */
     #endif
 
-    /* declare/free variable handling for async */
-    #ifdef WOLFSSL_ASYNC_CRYPT
+    /* declare/free variable handling for async and smallstack */
+    #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_SMALL_STACK)
+        #define DECLARE_VAR_IS_HEAP_ALLOC
         #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
             VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT);
         #define DECLARE_VAR_INIT(VAR_NAME, VAR_TYPE, VAR_SIZE, INIT_VALUE, HEAP) \
@@ -394,9 +410,19 @@ decouple library dependencies with standard string, memory and so on.
             })
         #define DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
             VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
-            int idx##VAR_NAME; \
+            int idx##VAR_NAME, inner_idx_##VAR_NAME; \
             for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
                 VAR_NAME[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
+                if (VAR_NAME[idx##VAR_NAME] == NULL) { \
+                    for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
+                        XFREE(VAR_NAME[inner_idx_##VAR_NAME], HEAP, DYNAMIC_TYPE_WOLF_BIGINT); \
+                        VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+                    } \
+                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < VAR_ITEMS; inner_idx_##VAR_NAME++) { \
+                        VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+                    } \
+                    break; \
+                } \
             }
         #define FREE_VAR(VAR_NAME, HEAP) \
             XFREE(VAR_NAME, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT);
@@ -411,6 +437,7 @@ decouple library dependencies with standard string, memory and so on.
         #define FREE_ARRAY_DYNAMIC(VAR_NAME, VAR_ITEMS, HEAP) \
             FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP)
     #else
+        #undef DECLARE_VAR_IS_HEAP_ALLOC
         #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
             VAR_TYPE VAR_NAME[VAR_SIZE]
         #define DECLARE_VAR_INIT(VAR_NAME, VAR_TYPE, VAR_SIZE, INIT_VALUE, HEAP) \
@@ -422,10 +449,20 @@ decouple library dependencies with standard string, memory and so on.
 
         #define DECLARE_ARRAY_DYNAMIC_DEC(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
             VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
-            int idx##VAR_NAME;
+            int idx##VAR_NAME, inner_idx_##VAR_NAME;
         #define DECLARE_ARRAY_DYNAMIC_EXE(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
             for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
                 VAR_NAME[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \
+                if (VAR_NAME[idx##VAR_NAME] == NULL) { \
+                    for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \
+                        XFREE(VAR_NAME[inner_idx_##VAR_NAME], HEAP, DYNAMIC_TYPE_TMP_BUFFER); \
+                        VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+                    } \
+                    for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < VAR_ITEMS; inner_idx_##VAR_NAME++) { \
+                        VAR_NAME[inner_idx_##VAR_NAME] = NULL; \
+                    } \
+                    break; \
+                } \
             }
         #define FREE_ARRAY_DYNAMIC(VAR_NAME, VAR_ITEMS, HEAP) \
             for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
@@ -442,12 +479,17 @@ decouple library dependencies with standard string, memory and so on.
         #define USE_WOLF_STRSEP
     #endif
 
-    #ifndef STRING_USER
-        #include <string.h>
-        #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
-        #define XMEMSET(b,c,l)    memset((b),(c),(l))
-        #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
-        #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
+	#ifndef STRING_USER
+        #if defined(WOLFSSL_LINUXKM)
+            #include <linux/string.h>
+        #else
+            #include <string.h>
+        #endif
+
+	    #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
+	    #define XMEMSET(b,c,l)    memset((b),(c),(l))
+	    #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
+	    #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
 
         #define XSTRLEN(s1)       strlen((s1))
         #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
@@ -494,7 +536,37 @@ decouple library dependencies with standard string, memory and so on.
                    for snprintf */
                 #include <stdio.h>
             #endif
-            #define XSNPRINTF snprintf
+            #if defined(WOLFSSL_ESPIDF) && \
+                (!defined(NO_ASN_TIME) && defined(HAVE_PKCS7))
+                    #include<stdarg.h>
+                    /* later gcc than 7.1 introduces -Wformat-truncation    */
+                    /* In cases when truncation is expected the caller needs*/
+                    /* to check the return value from the function so that  */
+                    /* compiler doesn't complain.                           */
+                    /* xtensa-esp32-elf v8.2.0 warns trancation at          */
+                    /* GetAsnTimeString()                                   */
+                    static WC_INLINE
+                    int _xsnprintf_(char *s, size_t n, const char *format, ...)
+                    {
+                        va_list ap;
+                        int ret;
+                        
+                        if ((int)n <= 0) return -1;
+                        
+                        va_start(ap, format);
+                        
+                        ret = vsnprintf(s, n, format, ap);
+                        if (ret < 0)
+                            ret = -1;
+                            
+                        va_end(ap);
+                        
+                        return ret;
+                    }
+                #define XSNPRINTF _xsnprintf_
+            #else
+                #define XSNPRINTF snprintf
+            #endif
             #endif
         #else
             #if defined(_MSC_VER) || defined(__CYGWIN__) || defined(__MINGW32__)
@@ -570,9 +642,11 @@ decouple library dependencies with standard string, memory and so on.
         #endif
     #endif /* OPENSSL_EXTRA */
 
-    #ifndef CTYPE_USER
-        #include <ctype.h>
-        #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
+	#ifndef CTYPE_USER
+            #ifndef WOLFSSL_LINUXKM
+                #include <ctype.h>
+            #endif
+	    #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
             defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA)
             #define XTOUPPER(c)     toupper((c))
             #define XISALPHA(c)     isalpha((c))

source/libwolfssl/wolfcrypt/wc_port.h

@@ -54,6 +54,115 @@
     #endif
 #endif
 
+#ifdef WOLFSSL_LINUXKM
+    #ifdef HAVE_CONFIG_H
+        #ifndef PACKAGE_NAME
+            #error wc_port.h included before config.h
+        #endif
+        /* config.h is autogenerated without gating, and is subject to repeat
+         * inclusions, so gate it out here to keep autodetection masking
+         * intact:
+         */
+        #undef HAVE_CONFIG_H
+    #endif
+
+    #ifdef BUILDING_WOLFSSL
+
+    _Pragma("GCC diagnostic push");
+
+    /* we include all the needed kernel headers with these masked out. else
+     * there are profuse warnings.
+     */
+    _Pragma("GCC diagnostic ignored \"-Wunused-parameter\"");
+    _Pragma("GCC diagnostic ignored \"-Wpointer-arith\"");
+    _Pragma("GCC diagnostic ignored \"-Wshadow\"");
+    _Pragma("GCC diagnostic ignored \"-Wnested-externs\"");
+    _Pragma("GCC diagnostic ignored \"-Wredundant-decls\"");
+    _Pragma("GCC diagnostic ignored \"-Wsign-compare\"");
+    _Pragma("GCC diagnostic ignored \"-Wpointer-sign\"");
+    _Pragma("GCC diagnostic ignored \"-Wbad-function-cast\"");
+
+    #include <linux/kconfig.h>
+    #include <linux/kernel.h>
+    #include <linux/version.h>
+    #include <linux/ctype.h>
+    #include <linux/init.h>
+    #include <linux/module.h>
+    #ifndef SINGLE_THREADED
+        #include <linux/kthread.h>
+    #endif
+    #include <linux/net.h>
+    #include <linux/slab.h>
+    #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP)
+        #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
+            #include <asm/i387.h>
+        #else
+            #include <asm/simd.h>
+        #endif
+        #define SAVE_VECTOR_REGISTERS() kernel_fpu_begin()
+        #define RESTORE_VECTOR_REGISTERS() kernel_fpu_end()
+    #elif defined(WOLFSSL_ARMASM)
+        #include <asm/fpsimd.h>
+        #define SAVE_VECTOR_REGISTERS() ({ preempt_disable(); fpsimd_preserve_current_state(); })
+        #define RESTORE_VECTOR_REGISTERS() ({ fpsimd_restore_current_state(); preempt_enable(); })
+    #else
+        #define SAVE_VECTOR_REGISTERS() ({})
+        #define RESTORE_VECTOR_REGISTERS() ({})
+    #endif
+
+    _Pragma("GCC diagnostic pop");
+
+    /* remove this multifariously conflicting macro, picked up from
+     * Linux arch/<arch>/include/asm/current.h.
+     */
+    #undef current
+
+    /* prevent gcc's mm_malloc.h from being included, since it unconditionally
+     * includes stdlib.h, which is kernel-incompatible.
+     */
+    #define _MM_MALLOC_H_INCLUDED
+
+    #define malloc(x) kmalloc(x, GFP_KERNEL)
+    #define free(x) kfree(x)
+    #define realloc(x,y) krealloc(x, y, GFP_KERNEL)
+
+    /* min() and max() in linux/kernel.h over-aggressively type-check, producing
+     * myriad spurious -Werrors throughout the codebase.
+     */
+    #undef min
+    #undef max
+
+    /* work around namespace conflict between wolfssl/internal.h (enum HandShakeType)
+     * and linux/key.h (extern int()).
+     */
+    #define key_update wc_key_update
+
+    #define lkm_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
+    #define printf(...) lkm_printf(__VA_ARGS__)
+
+    #endif /* BUILDING_WOLFSSL */
+
+    /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */
+    #define XSNPRINTF snprintf
+
+    /* the rigmarole around kstrtol() here is to accommodate its warn-unused-result attribute. */
+    #define XATOI(s) ({                                 \
+          long _xatoi_res = 0;                          \
+          int _xatoi_ret = kstrtol(s, 10, &_xatoi_res); \
+          if (_xatoi_ret != 0) {                        \
+            _xatoi_res = 0;                             \
+          }                                             \
+          (int)_xatoi_res;                              \
+        })
+
+#else /* ! WOLFSSL_LINUXKM */
+
+    #ifdef BUILDING_WOLFSSL
+        #define SAVE_VECTOR_REGISTERS() ({})
+        #define RESTORE_VECTOR_REGISTERS() ({})
+    #endif
+
+#endif /* WOLFSSL_LINUXKM */
 
 /* THREADING/MUTEX SECTION */
 #ifdef USE_WINDOWS_API
@@ -156,9 +265,13 @@
 
 #else
     #ifndef SINGLE_THREADED
-        #ifndef  WOLFSSL_USER_MUTEX
-            #define WOLFSSL_PTHREADS
-            #include <pthread.h>
+        #ifndef WOLFSSL_USER_MUTEX
+            #if defined(WOLFSSL_LINUXKM)
+                #define WOLFSSL_KTHREADS
+            #else
+                #define WOLFSSL_PTHREADS
+                #include <pthread.h>
+            #endif
         #endif
     #endif
     #if (defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)) && \
@@ -194,6 +307,8 @@
         typedef CRITICAL_SECTION wolfSSL_Mutex;
     #elif defined(WOLFSSL_PTHREADS)
         typedef u32 wolfSSL_Mutex; /* pthread_mutex_t = mutex_t = u32 */
+    #elif defined(WOLFSSL_KTHREADS)
+        typedef struct mutex wolfSSL_Mutex;
     #elif defined(THREADX)
         typedef TX_MUTEX wolfSSL_Mutex;
     #elif defined(WOLFSSL_DEOS)
@@ -242,6 +357,8 @@
         typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex;
     #elif defined(WOLFSSL_USER_MUTEX)
         /* typedef User_Mutex wolfSSL_Mutex; */
+    #elif defined(WOLFSSL_LINUXKM)
+        typedef struct mutex wolfSSL_Mutex;
     #else
         #error Need a mutex type in multithreaded mode
     #endif /* USE_WINDOWS_API */
@@ -418,6 +535,23 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define XBADFILE                 -1
     #define XFGETS(b,s,f)            -2 /* Not ported yet */
 
+#elif defined (WOLFSSL_XILINX)
+    #include "xsdps.h"
+    #include "ff.h"
+
+    /* workaround to declare variable and provide type */
+    #define XFILE                    FIL curFile; FIL*
+    #define XFOPEN(NAME, MODE)       ({ FRESULT res; res = f_open(&curFile, (NAME), (FA_OPEN_ALWAYS | FA_WRITE | FA_READ)); (res == FR_OK) ? &curFile : NULL; })
+    #define XFSEEK(F, O, W)          f_lseek((F), (O))
+    #define XFTELL(F)                f_tell((F))
+    #define XREWIND(F)               f_rewind((F))
+    #define XFREAD(BUF, SZ, AMT, F)  ({ FRESULT res; UINT br; res = f_read((F), (BUF), (SZ)*(AMT), &br); (void)br; res; })
+    #define XFWRITE(BUF, SZ, AMT, F) ({ FRESULT res; UINT written; res = f_write((F), (BUF), (SZ)*(AMT), &written); (void)written; res; })
+    #define XFCLOSE(F)               f_close((F))
+    #define XSEEK_END                0
+    #define XBADFILE                 NULL
+    #define XFGETS(b,s,f)            f_gets((b), (s), (f))
+
 #elif defined(WOLFSSL_USER_FILESYSTEM)
     /* To be defined in user_settings.h */
 #else
@@ -535,7 +669,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define NEED_TMP_TIME
 
 #elif defined(WOLFSSL_XILINX)
-    #define USER_TIME
+    #ifndef XTIME
+        #define XTIME(t1)       xilinx_time((t1))
+    #endif
     #include <time.h>
 
 #elif defined(HAVE_RTP_SYS)
@@ -645,6 +781,24 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define WOLFSSL_GMTIME
     #define USE_WOLF_TM
 
+
+#elif defined(WOLFSSL_LINUXKM)
+    #ifdef BUILDING_WOLFSSL
+
+    /* includes are all above, with incompatible warnings masked out. */
+    #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0)
+    typedef __kernel_time_t time_t;
+    #else
+    typedef __kernel_time64_t time_t;
+    #endif
+    extern time_t time(time_t * timer);
+    #define XTIME time
+    #define WOLFSSL_GMTIME
+    #define XGMTIME(c, t) gmtime(c)
+    #define NO_TIMEVAL 1
+
+    #endif /* BUILDING_WOLFSSL */
+
 #else
     /* default */
     /* uses complete <time.h> facility */
@@ -750,7 +904,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
 #endif
 
 #ifndef FILE_BUFFER_SIZE
-    #define FILE_BUFFER_SIZE 1024     /* default static file buffer size for input,
+    #define FILE_BUFFER_SIZE 1024     /* default static file buffer size for input, \
                                     will use dynamic buffer if not big enough */
 #endif
 

source/libwolfssl/wolfio.h

@@ -94,6 +94,8 @@
     #elif defined(WOLFSSL_NUCLEUS_1_2)
         #include <externs.h>
         #include <errno.h>
+    #elif defined(WOLFSSL_LINUXKM)
+        /* the requisite linux/net.h is included in wc_port.h, with incompatible warnings masked out. */
     #elif defined(WOLFSSL_ATMEL)
         #include "socket/include/socket.h"
     #elif defined(INTIME_RTOS)
@@ -295,6 +297,9 @@
 
     #define SEND_FUNCTION send
     #define RECV_FUNCTION recv
+#elif defined(WOLFSSL_LINUXKM)
+    #define SEND_FUNCTION linuxkm_send
+    #define RECV_FUNCTION linuxkm_recv
 #else
     #define SEND_FUNCTION send
     #define RECV_FUNCTION recv

source/network/https.c

@@ -17,7 +17,7 @@ WOLFSSL_SESSION *session;
 int https_write(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy)
 {
 	int ret, pos = 0;
-	int rlen = (len > BLOCK_SIZE) ? BLOCK_SIZE : len;
+	int rlen = len > BLOCK_SIZE ? BLOCK_SIZE : len;
 	u64 time = gettime();
 	while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT)
 	{
@@ -28,7 +28,7 @@ int https_write(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy)
 		if (ret > 0)
 		{
 			pos += ret;
-			rlen = (len - pos > BLOCK_SIZE) ? BLOCK_SIZE : len - pos;
+			rlen = len - pos > BLOCK_SIZE ? BLOCK_SIZE : len - pos;
 			if (pos >= len)
 				return pos;
 			time = gettime();
@@ -143,7 +143,7 @@ bool is_chunked(struct phr_header *headers, size_t num_headers)
 	char encoding[9];
 	if (!get_header_value(headers, num_headers, encoding, "transfer-encoding"))
 		return false;
-	return (strcasecmp(encoding, "chunked") == 0) ? true : false;
+	return (strcasecmp(encoding, "chunked") == 0);
 }
 
 bool read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
@@ -209,7 +209,7 @@ bool read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos)
 	};
 	buffer->size = start_pos;
 	buffer->data = MEM2_realloc(buffer->data, buffer->size);
-	return (buffer->content_length > 0 && buffer->content_length == start_pos) ? true : false;
+	return (buffer->content_length > 0 && buffer->content_length == start_pos);
 }
 
 bool get_response(HTTP_INFO *httpinfo, HTTP_RESPONSE *resp, bool proxy)
@@ -227,7 +227,7 @@ bool get_response(HTTP_INFO *httpinfo, HTTP_RESPONSE *resp, bool proxy)
 		// Parse the response
 		resp->num_headers = sizeof(resp->headers) / sizeof(resp->headers[0]);
 		if ((resp->pret = phr_parse_response(resp->data, resp->buflen, &minor_version, &resp->status, &msg, &msg_len, resp->headers, &resp->num_headers, prevbuflen)) > 0)
-			return true; // Successfully parsed the response
+			return true;
 		else if (resp->pret == -1)
 		{
 #ifdef DEBUG_NETWORK
@@ -251,7 +251,7 @@ bool check_ip(char *str)
 	int partA, partB, partC, partD;
 	char extra;
 	// We avoid using regex because it increases the file size
-	return (sscanf(str, "%d.%d.%d.%d%c", &partA, &partB, &partC, &partD, &extra) == 4) ? true : false;
+	return (sscanf(str, "%d.%d.%d.%d%c", &partA, &partB, &partC, &partD, &extra) == 4);
 }
 
 bool connect_proxy(HTTP_INFO *httpinfo, char *host, char *username, char *password)
@@ -387,7 +387,7 @@ void downloadfile(const char *url, struct download *buffer)
 	if (httpinfo.use_https)
 	{
 		// Create a new SSL context
-		// wolfSSLv23_client_method() works but resume would require further changes
+		// wolfSSLv23_client_method() works but TLS 1.2 is slightly faster on Wii
 		if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
 		{
 #ifdef DEBUG_NETWORK

source/network/picohttpparser.c

@@ -241,6 +241,41 @@ static const char *is_complete(const char *buf, const char *buf_end, size_t last
         *valp_ += res_;                                                                                                            \
     } while (0)
 
+/* returned pointer is always within [buf, buf_end), or null */
+static const char *parse_token(const char *buf, const char *buf_end, const char **token, size_t *token_len, char next_char,
+                               int *ret)
+{
+    /* We use pcmpestri to detect non-token characters. This instruction can take no more than eight character ranges (8*2*8=128
+     * bits that is the size of a SSE register). Due to this restriction, characters `|` and `~` are handled in the slow loop. */
+    static const char ALIGNED(16) ranges[] = "\x00 "  /* control chars and up to SP */
+                                             "\"\""   /* 0x22 */
+                                             "()"     /* 0x28,0x29 */
+                                             ",,"     /* 0x2c */
+                                             "//"     /* 0x2f */
+                                             ":@"     /* 0x3a-0x40 */
+                                             "[]"     /* 0x5b-0x5d */
+                                             "{\xff"; /* 0x7b-0xff */
+    const char *buf_start = buf;
+    int found;
+    buf = findchar_fast(buf, buf_end, ranges, sizeof(ranges) - 1, &found);
+    if (!found) {
+        CHECK_EOF();
+    }
+    while (1) {
+        if (*buf == next_char) {
+            break;
+        } else if (!token_char_map[(unsigned char)*buf]) {
+            *ret = -1;
+            return NULL;
+        }
+        ++buf;
+        CHECK_EOF();
+    }
+    *token = buf_start;
+    *token_len = buf - buf_start;
+    return buf;
+}
+
 /* returned pointer is always within [buf, buf_end), or null */
 static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret)
 {
@@ -280,31 +315,10 @@ static const char *parse_headers(const char *buf, const char *buf_end, struct ph
         if (!(*num_headers != 0 && (*buf == ' ' || *buf == '\t'))) {
             /* parsing name, but do not discard SP before colon, see
              * http://www.mozilla.org/security/announce/2006/mfsa2006-33.html */
-            headers[*num_headers].name = buf;
-            static const char ALIGNED(16) ranges1[] = "\x00 "  /* control chars and up to SP */
-                                                      "\"\""   /* 0x22 */
-                                                      "()"     /* 0x28,0x29 */
-                                                      ",,"     /* 0x2c */
-                                                      "//"     /* 0x2f */
-                                                      ":@"     /* 0x3a-0x40 */
-                                                      "[]"     /* 0x5b-0x5d */
-                                                      "{\377"; /* 0x7b-0xff */
-            int found;
-            buf = findchar_fast(buf, buf_end, ranges1, sizeof(ranges1) - 1, &found);
-            if (!found) {
-                CHECK_EOF();
+            if ((buf = parse_token(buf, buf_end, &headers[*num_headers].name, &headers[*num_headers].name_len, ':', ret)) == NULL) {
+                return NULL;
             }
-            while (1) {
-                if (*buf == ':') {
-                    break;
-                } else if (!token_char_map[(unsigned char)*buf]) {
-                    *ret = -1;
-                    return NULL;
-                }
-                ++buf;
-                CHECK_EOF();
-            }
-            if ((headers[*num_headers].name_len = buf - headers[*num_headers].name) == 0) {
+            if (headers[*num_headers].name_len == 0) {
                 *ret = -1;
                 return NULL;
             }
@@ -352,7 +366,9 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
     }
 
     /* parse request line */
-    ADVANCE_TOKEN(*method, *method_len);
+    if ((buf = parse_token(buf, buf_end, method, method_len, ' ', ret)) == NULL) {
+        return NULL;
+    }
     do {
         ++buf;
         CHECK_EOF();

source/network/proxysettings.cpp

@@ -9,6 +9,7 @@
 #define ALIGN32(x) (((x) + 31) & ~31)
 
 bool proxy_enabled;
+bool proxy_creds_enabled;
 char proxy_address[256];
 u16 proxy_port;
 char proxy_username[33];
@@ -23,7 +24,7 @@ void getProxyInfo()
 		fstats stats ATTRIBUTE_ALIGN(32);
 		if(ISFS_GetFileStats(fd, &stats) >= 0)
 		{
-			if (stats.file_length > 0)
+			if (stats.file_length == 7004)
 			{
 				buffer = (char *)MEM2_alloc(ALIGN32(stats.file_length));
 				if (buffer)
@@ -31,6 +32,7 @@ void getProxyInfo()
 					if (ISFS_Read(fd, buffer, stats.file_length) == 7004)
 					{
 						proxy_enabled = buffer[44];
+						proxy_creds_enabled = buffer[45];
 						strncpy(proxy_address, buffer + 48, sizeof(proxy_address) - 1);
 						proxy_port = ((buffer[304] & 0xFF) << 8) | (buffer[305] & 0xFF);
 						strncpy(proxy_username, buffer + 306, sizeof(proxy_username) - 1);
@@ -61,13 +63,13 @@ u16 getProxyPort()
 char *getProxyUsername()
 {
 	if (mainMenu.proxyUseSystem)
-		return proxy_enabled ? proxy_username : NULL;
+		return proxy_enabled && proxy_creds_enabled ? proxy_username : NULL;
 	return (strlen(mainMenu.proxyUsername) > 0) ? mainMenu.proxyUsername : NULL;
 }
 
 char *getProxyPassword()
 {
 	if (mainMenu.proxyUseSystem)
-		return proxy_enabled ? proxy_password : NULL;
+		return proxy_enabled && proxy_creds_enabled ? proxy_password : NULL;
 	return (strlen(mainMenu.proxyPassword) > 0) ? mainMenu.proxyPassword : NULL;
 }