feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #768 from dgarske/crl_lookup

Browse Source 
Added support for inline CRL lookup when HAVE_CRL_IO is defined
This commit is contained in:
toddouska
2017-03-17 12:18:45 -07:00
committed by GitHub
parent b9d3db8b47 4eb76e1d71
commit 3bb1723476
13 changed files with 1166 additions and 599 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
configure.ac
View File

@@ -326,7 +326,7 @@ AC_ARG_ENABLE([ipv6],
if test "$ENABLED_IPV6" = "yes" if test "$ENABLED_IPV6" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6" AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
fi fi
AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"]) AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
@@ -3340,7 +3340,7 @@ echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
echo "" >> $OPTION_FILE echo "" >> $OPTION_FILE
echo echo
#backwards compatability for those who have included options or version #backwards compatibility for those who have included options or version
touch cyassl/options.h touch cyassl/options.h
echo "/* cyassl options.h" > cyassl/options.h echo "/* cyassl options.h" > cyassl/options.h
echo " * generated from wolfssl/options.h" >> cyassl/options.h echo " * generated from wolfssl/options.h" >> cyassl/options.h

19
examples/client/client.c
View File

@@ -57,6 +57,8 @@
static int devId = INVALID_DEVID; static int devId = INVALID_DEVID;
#endif #endif
#define DEFAULT_TIMEOUT_SEC 2
/* Note on using port 0: the client standalone example doesn't utilize the /* Note on using port 0: the client standalone example doesn't utilize the
* port 0 port sharing; that is used by (1) the server in external control * port 0 port sharing; that is used by (1) the server in external control
* test mode and (2) the testsuite which uses this code and sets up the correct * test mode and (2) the testsuite which uses this code and sets up the correct
@@ -277,7 +279,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
tx_time += current_time(0) - start; tx_time += current_time(0) - start;
/* Perform RX */ /* Perform RX */
select_ret = tcp_select(sockfd, 1); /* Timeout=1 second */ select_ret = tcp_select(sockfd, DEFAULT_TIMEOUT_SEC);
if (select_ret == TEST_RECV_READY) { if (select_ret == TEST_RECV_READY) {
start = current_time(1); start = current_time(1);
rx_pos = 0; rx_pos = 0;
@@ -1182,6 +1184,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
if (useOcsp) { if (useOcsp) {
#ifdef HAVE_IO_TIMEOUT
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
#endif
if (ocspUrl != NULL) { if (ocspUrl != NULL) {
wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
@@ -1458,6 +1464,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_CRL #ifdef HAVE_CRL
if (disableCRL == 0) { if (disableCRL == 0) {
#ifdef HAVE_IO_TIMEOUT
wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
#endif
if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS) { if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS) {
wolfSSL_free(ssl); wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
@@ -1527,7 +1537,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
} }
} }
#else #else
timeout.tv_sec = 2; timeout.tv_sec = DEFAULT_TIMEOUT_SEC;
timeout.tv_usec = 0; timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif #endif
@@ -1791,7 +1801,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
err_sys("SSL resume failed"); err_sys("SSL resume failed");
} }
#else #else
timeout.tv_sec = 2; timeout.tv_sec = DEFAULT_TIMEOUT_SEC;
timeout.tv_usec = 0; timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif #endif
@@ -1865,7 +1875,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
break; break;
} }
} }
} else if (input < 0) { }
else if (input < 0) {
int readErr = wolfSSL_get_error(sslResume, 0); int readErr = wolfSSL_get_error(sslResume, 0);
if (readErr != SSL_ERROR_WANT_READ) { if (readErr != SSL_ERROR_WANT_READ) {
printf("wolfSSL_read error %d!\n", readErr); printf("wolfSSL_read error %d!\n", readErr);

37
src/crl.c
View File

@@ -149,15 +149,12 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
} }
/* Is the cert ok with CRL, return 0 on success */ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntry)
int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
{ {
CRL_Entry* crle; CRL_Entry* crle;
int foundEntry = 0; int foundEntry = 0;
int ret = 0; int ret = 0;
WOLFSSL_ENTER("CheckCertCRL");
if (wc_LockMutex(&crl->crlLock) != 0) { if (wc_LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("wc_LockMutex failed"); WOLFSSL_MSG("wc_LockMutex failed");
return BAD_MUTEX_E; return BAD_MUTEX_E;
@@ -208,9 +205,39 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
wc_UnLockMutex(&crl->crlLock); wc_UnLockMutex(&crl->crlLock);
*pFoundEntry = foundEntry;
return ret;
}
/* Is the cert ok with CRL, return 0 on success */
int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
{
int foundEntry = 0;
int ret = 0;
WOLFSSL_ENTER("CheckCertCRL");
ret = CheckCertCRLList(crl, cert, &foundEntry);
#ifdef HAVE_CRL_IO
if (foundEntry == 0) {
/* perform embedded lookup */
if (crl->crlIOCb) {
ret = crl->crlIOCb(crl, (const char*)cert->extCrlInfo,
cert->extCrlInfoSz);
if (ret >= 0) {
/* try again */
ret = CheckCertCRLList(crl, cert, &foundEntry);
}
}
}
#endif
if (foundEntry == 0) { if (foundEntry == 0) {
WOLFSSL_MSG("Couldn't find CRL for status check"); WOLFSSL_MSG("Couldn't find CRL for status check");
ret = CRL_MISSING; ret = CRL_MISSING;
if (crl->cm->cbMissingCRL) { if (crl->cm->cbMissingCRL) {
char url[256]; char url[256];
@@ -223,11 +250,11 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
else { else {
WOLFSSL_MSG("CRL url too long"); WOLFSSL_MSG("CRL url too long");
} }
crl->cm->cbMissingCRL(url); crl->cm->cbMissingCRL(url);
} }
} }
return ret; return ret;
} }

2
src/internal.c
View File

@@ -11853,6 +11853,8 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case NOT_CA_ERROR: case NOT_CA_ERROR:
return "Not a CA by basic constraint error"; return "Not a CA by basic constraint error";
case HTTP_TIMEOUT:
return "HTTP timeout for OCSP or CRL req";
case BAD_CERT_MANAGER_ERROR: case BAD_CERT_MANAGER_ERROR:
return "Bad Cert Manager error"; return "Bad Cert Manager error";

933
src/io.c
View File

File diff suppressed because it is too large Load Diff

37
src/ssl.c
View File

@@ -4709,7 +4709,12 @@ int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
cm->crl = NULL; cm->crl = NULL;
return SSL_FAILURE; return SSL_FAILURE;
} }
#ifdef HAVE_CRL_IO
cm->crl->crlIOCb = EmbedCrlLookup;
#endif
} }
cm->crlEnabled = 1; cm->crlEnabled = 1;
if (options & WOLFSSL_CRL_CHECKALL) if (options & WOLFSSL_CRL_CHECKALL)
cm->crlCheckAll = 1; cm->crlCheckAll = 1;
@@ -5377,6 +5382,17 @@ int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
return SSL_SUCCESS; return SSL_SUCCESS;
} }
#ifdef HAVE_CRL_IO
int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm, CbCrlIO cb)
{
if (cm == NULL)
return BAD_FUNC_ARG;
cm->crl->crlIOCb = cb;
return SSL_SUCCESS;
}
#endif
int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path, int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path,
int type, int monitor) int type, int monitor)
@@ -5435,6 +5451,16 @@ int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#ifdef HAVE_CRL_IO
int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb)
{
WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
if (ssl)
return wolfSSL_CertManagerSetCRL_IOCb(ssl->ctx->cm, cb);
else
return BAD_FUNC_ARG;
}
#endif
int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options) int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options)
{ {
@@ -5476,6 +5502,17 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#ifdef HAVE_CRL_IO
int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb)
{
WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_IOCb");
if (ctx)
return wolfSSL_CertManagerSetCRL_IOCb(ctx->cm, cb);
else
return BAD_FUNC_ARG;
}
#endif
#endif /* HAVE_CRL */ #endif /* HAVE_CRL */

1
wolfssl/error-ssl.h
View File

@@ -152,6 +152,7 @@ enum wolfSSL_ErrorCodes {
EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */ EXT_MASTER_SECRET_NEEDED_E = -414, /* need EMS enabled to resume */
DTLS_POOL_SZ_E = -415, /* exceeded DTLS pool size */ DTLS_POOL_SZ_E = -415, /* exceeded DTLS pool size */
DECODE_E = -416, /* decode handshake message error */ DECODE_E = -416, /* decode handshake message error */
HTTP_TIMEOUT = -417, /* HTTP timeout for OCSP or CRL req */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
/* begin negotiation parameter errors */ /* begin negotiation parameter errors */

3
wolfssl/include.am
View File

@@ -17,7 +17,8 @@ nobase_include_HEADERS+= \
wolfssl/test.h \ wolfssl/test.h \
wolfssl/version.h \ wolfssl/version.h \
wolfssl/ocsp.h \ wolfssl/ocsp.h \
wolfssl/crl.h wolfssl/crl.h \
wolfssl/io.h
noinst_HEADERS+= \ noinst_HEADERS+= \
wolfssl/internal.h wolfssl/internal.h

15
wolfssl/internal.h
View File

@@ -189,13 +189,6 @@
#endif #endif
#ifdef USE_WINDOWS_API
typedef unsigned int SOCKET_T;
#else
typedef int SOCKET_T;
#endif
typedef byte word24[3]; typedef byte word24[3];
/* Define or comment out the cipher suites you'd like to be compiled in /* Define or comment out the cipher suites you'd like to be compiled in
@@ -1421,11 +1414,6 @@ int SetCipherList(Suites*, const char* list);
unsigned char* exportBuffer, unsigned int sz, void* userCtx); unsigned char* exportBuffer, unsigned int sz, void* userCtx);
#endif #endif
#ifdef HAVE_NETX
WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx);
#endif /* HAVE_NETX */
/* wolfSSL Cipher type just points back to SSL */ /* wolfSSL Cipher type just points back to SSL */
struct WOLFSSL_CIPHER { struct WOLFSSL_CIPHER {
@@ -1521,6 +1509,9 @@ struct CRL_Monitor {
struct WOLFSSL_CRL { struct WOLFSSL_CRL {
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
CRL_Entry* crlList; /* our CRL list */ CRL_Entry* crlList; /* our CRL list */
#ifdef HAVE_CRL_IO
CbCrlIO crlIOCb;
#endif
wolfSSL_Mutex crlLock; /* CRL list lock */ wolfSSL_Mutex crlLock; /* CRL list lock */
CRL_Monitor monitors[2]; /* PEM and DER possible */ CRL_Monitor monitors[2]; /* PEM and DER possible */
#ifdef HAVE_CRL_MONITOR #ifdef HAVE_CRL_MONITOR

402
wolfssl/io.h Normal file
View File

@@ -0,0 +1,402 @@
/* io.h
*
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_IO_H
#define WOLFSSL_IO_H
#ifdef __cplusplus
extern "C" {
#endif
/* OCSP and CRL_IO require HTTP client */
#if defined(HAVE_OCSP) || defined(HAVE_CRL_IO)
#ifndef HAVE_HTTP_CLIENT
#define HAVE_HTTP_CLIENT
#endif
#endif
#if !defined(WOLFSSL_USER_IO)
#ifndef USE_WOLFSSL_IO
#define USE_WOLFSSL_IO
#endif
#endif
#if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
#ifdef HAVE_LIBZ
#include "zlib.h"
#endif
#ifndef USE_WINDOWS_API
#ifdef WOLFSSL_LWIP
/* lwIP needs to be configured to use sockets API in this mode */
/* LWIP_SOCKET 1 in lwip/opt.h or in build */
#include "lwip/sockets.h"
#include <errno.h>
#ifndef LWIP_PROVIDE_ERRNO
#define LWIP_PROVIDE_ERRNO 1
#endif
#elif defined(FREESCALE_MQX)
#include <posix.h>
#include <rtcs.h>
#elif defined(FREESCALE_KSDK_MQX)
#include <rtcs.h>
#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
#if !defined(WOLFSSL_MDK_ARM)
#include "cmsis_os.h"
#include "rl_net.h"
#else
#include <rtl.h>
#endif
#include "errno.h"
#define SOCKET_T int
#elif defined(WOLFSSL_TIRTOS)
#include <sys/socket.h>
#elif defined(FREERTOS_TCP)
#include "FreeRTOS_Sockets.h"
#elif defined(WOLFSSL_IAR_ARM)
/* nothing */
#elif defined(WOLFSSL_VXWORKS)
#include <sockLib.h>
#include <errno.h>
#elif defined(WOLFSSL_ATMEL)
#include "socket/include/socket.h"
#elif defined(INTIME_RTOS)
#undef MIN
#undef MAX
#include <rt.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <io.h>
#elif !defined(WOLFSSL_NO_SOCK)
#include <sys/types.h>
#include <errno.h>
#ifndef EBSNET
#include <unistd.h>
#endif
#include <fcntl.h>
#if defined(HAVE_RTP_SYS)
#include <socket.h>
#elif defined(EBSNET)
#include "rtipapi.h" /* errno */
#include "socket.h"
#elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP)
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netdb.h>
#ifdef __PPU
#include <netex/errno.h>
#else
#include <sys/ioctl.h>
#endif
#endif
#endif
#endif /* USE_WINDOWS_API */
#ifdef __sun
#include <sys/filio.h>
#endif
#ifdef USE_WINDOWS_API
/* no epipe yet */
#ifndef WSAEPIPE
#define WSAEPIPE -12345
#endif
#define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
#define SOCKET_EAGAIN WSAETIMEDOUT
#define SOCKET_ECONNRESET WSAECONNRESET
#define SOCKET_EINTR WSAEINTR
#define SOCKET_EPIPE WSAEPIPE
#define SOCKET_ECONNREFUSED WSAENOTCONN
#define SOCKET_ECONNABORTED WSAECONNABORTED
#define close(s) closesocket(s)
#elif defined(__PPU)
#define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK
#define SOCKET_EAGAIN SYS_NET_EAGAIN
#define SOCKET_ECONNRESET SYS_NET_ECONNRESET
#define SOCKET_EINTR SYS_NET_EINTR
#define SOCKET_EPIPE SYS_NET_EPIPE
#define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
#define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
#if MQX_USE_IO_OLD
/* RTCS old I/O doesn't have an EWOULDBLOCK */
#define SOCKET_EWOULDBLOCK EAGAIN
#define SOCKET_EAGAIN EAGAIN
#define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET
#define SOCKET_EINTR EINTR
#define SOCKET_EPIPE EPIPE
#define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
#define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
#else
#define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK
#define SOCKET_EAGAIN NIO_EAGAIN
#define SOCKET_ECONNRESET NIO_ECONNRESET
#define SOCKET_EINTR NIO_EINTR
#define SOCKET_EPIPE NIO_EPIPE
#define SOCKET_ECONNREFUSED NIO_ECONNREFUSED
#define SOCKET_ECONNABORTED NIO_ECONNABORTED
#endif
#elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET)
#if !defined(WOLFSSL_MDK_ARM)
#define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK
#define SOCKET_EAGAIN BSD_ERROR_LOCKED
#define SOCKET_ECONNRESET BSD_ERROR_CLOSED
#define SOCKET_EINTR BSD_ERROR
#define SOCKET_EPIPE BSD_ERROR
#define SOCKET_ECONNREFUSED BSD_ERROR
#define SOCKET_ECONNABORTED BSD_ERROR
#else
#define SOCKET_EWOULDBLOCK SCK_EWOULDBLOCK
#define SOCKET_EAGAIN SCK_ELOCKED
#define SOCKET_ECONNRESET SCK_ECLOSED
#define SOCKET_EINTR SCK_ERROR
#define SOCKET_EPIPE SCK_ERROR
#define SOCKET_ECONNREFUSED SCK_ERROR
#define SOCKET_ECONNABORTED SCK_ERROR
#endif
#elif defined(WOLFSSL_PICOTCP)
#define SOCKET_EWOULDBLOCK PICO_ERR_EAGAIN
#define SOCKET_EAGAIN PICO_ERR_EAGAIN
#define SOCKET_ECONNRESET PICO_ERR_ECONNRESET
#define SOCKET_EINTR PICO_ERR_EINTR
#define SOCKET_EPIPE PICO_ERR_EIO
#define SOCKET_ECONNREFUSED PICO_ERR_ECONNREFUSED
#define SOCKET_ECONNABORTED PICO_ERR_ESHUTDOWN
#elif defined(FREERTOS_TCP)
#define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK
#define SOCKET_EAGAIN FREERTOS_EWOULDBLOCK
#define SOCKET_ECONNRESET FREERTOS_SOCKET_ERROR
#define SOCKET_EINTR FREERTOS_SOCKET_ERROR
#define SOCKET_EPIPE FREERTOS_SOCKET_ERROR
#define SOCKET_ECONNREFUSED FREERTOS_SOCKET_ERROR
#define SOCKET_ECONNABORTED FREERTOS_SOCKET_ERROR
#else
#define SOCKET_EWOULDBLOCK EWOULDBLOCK
#define SOCKET_EAGAIN EAGAIN
#define SOCKET_ECONNRESET ECONNRESET
#define SOCKET_EINTR EINTR
#define SOCKET_EPIPE EPIPE
#define SOCKET_ECONNREFUSED ECONNREFUSED
#define SOCKET_ECONNABORTED ECONNABORTED
#endif /* USE_WINDOWS_API */
#ifdef DEVKITPRO
/* from network.h */
int net_send(int, const void*, int, unsigned int);
int net_recv(int, void*, int, unsigned int);
#define SEND_FUNCTION net_send
#define RECV_FUNCTION net_recv
#elif defined(WOLFSSL_LWIP)
#define SEND_FUNCTION lwip_send
#define RECV_FUNCTION lwip_recv
#elif defined(WOLFSSL_PICOTCP)
#define SEND_FUNCTION pico_send
#define RECV_FUNCTION pico_recv
#elif defined(FREERTOS_TCP)
#define RECV_FUNCTION(a,b,c,d) FreeRTOS_recv((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d))
#define SEND_FUNCTION(a,b,c,d) FreeRTOS_send((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d))
#else
#define SEND_FUNCTION send
#define RECV_FUNCTION recv
#if !defined(HAVE_SOCKADDR) && !defined(WOLFSSL_NO_SOCK)
#define HAVE_SOCKADDR
#endif
#endif
#ifdef USE_WINDOWS_API
typedef unsigned int SOCKET_T;
#else
typedef int SOCKET_T;
#endif
#ifndef WOLFSSL_NO_SOCK
#ifndef XSOCKLENT
#ifdef USE_WINDOWS_API
#define XSOCKLENT int
#else
#define XSOCKLENT socklen_t
#endif
#endif
/* Socket Addr Support */
#ifdef HAVE_SOCKADDR
typedef struct sockaddr SOCKADDR;
typedef struct sockaddr_storage SOCKADDR_S;
typedef struct sockaddr_in SOCKADDR_IN;
#ifdef WOLFSSL_IPV6
typedef struct sockaddr_in6 SOCKADDR_IN6;
#endif
typedef struct hostent HOSTENT;
#endif /* HAVE_SOCKADDR */
#ifdef HAVE_GETADDRINFO
typedef struct addrinfo ADDRINFO;
#endif
#endif /* WOLFSSL_NO_SOCK */
/* IO API's */
#ifdef HAVE_IO_TIMEOUT
WOLFSSL_API int wolfIO_SetBlockingMode(SOCKET_T sockfd, int non_blocking);
WOLFSSL_API void wolfIO_SetTimeout(int to_sec);;
WOLFSSL_API int wolfIO_Select(SOCKET_T sockfd, int to_sec);
#endif
WOLFSSL_API int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip,
unsigned short port, int to_sec);
WOLFSSL_API int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags);
WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
#endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */
#if defined(USE_WOLFSSL_IO)
/* default IO callbacks */
WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
#ifdef WOLFSSL_DTLS
WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
int sz, void*);
#ifdef WOLFSSL_SESSION_EXPORT
WOLFSSL_API int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam);
WOLFSSL_API int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz,
unsigned short port, int fam);
#endif /* WOLFSSL_SESSION_EXPORT */
#endif /* WOLFSSL_DTLS */
#endif /* USE_WOLFSSL_IO */
#ifdef HAVE_OCSP
WOLFSSL_API int wolfIO_HttpBuildRequestOcsp(const char* domainName,
const char* path, int ocspReqSz, unsigned char* buf, int bufSize);
WOLFSSL_API int wolfIO_HttpProcessResponseOcsp(int sfd,
unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
void* heap);
WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*,
int, unsigned char**);
WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*);
#endif
#ifdef HAVE_CRL_IO
WOLFSSL_API int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz,
const char* domainName, unsigned char* buf, int bufSize);
WOLFSSL_API int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd,
unsigned char* httpBuf, int httpBufSz);
WOLFSSL_API int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url,
int urlSz);
#endif
#if defined(HAVE_HTTP_CLIENT)
WOLFSSL_API int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName,
char* outPath, unsigned short* outPort);
WOLFSSL_API int wolfIO_HttpBuildRequest(const char* reqType,
const char* domainName, const char* path, int pathLen, int reqSz,
const char* contentType, unsigned char* buf, int bufSize);
WOLFSSL_API int wolfIO_HttpProcessResponse(int sfd, const char* appStr,
unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
int dynType, void* heap);
#endif /* HAVE_HTTP_CLIENT */
/* I/O callbacks */
typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX*, CallbackIOSend);
WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
#ifdef HAVE_NETX
WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx);
WOLFSSL_API void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket,
ULONG waitoption);
#endif /* HAVE_NETX */
#ifdef WOLFSSL_DTLS
typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie);
WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
#ifdef WOLFSSL_SESSION_EXPORT
typedef int (*CallbackGetPeer)(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam);
typedef int (*CallbackSetPeer)(WOLFSSL* ssl, char* ip, int ipSz,
unsigned short port, int fam);
WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX*, CallbackGetPeer);
WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX*, CallbackSetPeer);
#endif /* WOLFSSL_SESSION_EXPORT */
#endif
#ifndef XINET_NTOP
#define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
#endif
#ifndef XINET_PTON
#define XINET_PTON(a,b,c) inet_pton((a),(b),(c))
#endif
#ifndef XHTONS
#define XHTONS(a) htons((a))
#endif
#ifndef XNTOHS
#define XNTOHS(a) ntohs((a))
#endif
#ifndef WOLFSSL_IP4
#define WOLFSSL_IP4 AF_INET
#endif
#ifndef WOLFSSL_IP6
#define WOLFSSL_IP6 AF_INET6
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_IO_H */

77
wolfssl/ssl.h
View File

@@ -81,10 +81,13 @@ typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN;
typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR;
typedef struct WOLFSSL_CRL WOLFSSL_CRL;
/* redeclare guard */ /* redeclare guard */
#define WOLFSSL_TYPES_DEFINED #define WOLFSSL_TYPES_DEFINED
#include <wolfssl/io.h>
#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
typedef struct WOLFSSL_RSA WOLFSSL_RSA; typedef struct WOLFSSL_RSA WOLFSSL_RSA;
@@ -1295,9 +1298,6 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*); WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*);
/* I/O callbacks */
typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
#ifdef HAVE_FUZZER #ifdef HAVE_FUZZER
enum fuzzer_type { enum fuzzer_type {
@@ -1314,64 +1314,7 @@ typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz,
WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx); WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
#endif #endif
WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX*, CallbackIOSend);
WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
#ifndef WOLFSSL_USER_IO
/* default IO callbacks */
WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
#ifdef HAVE_OCSP
WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*,
int, unsigned char**);
WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*);
#endif
#ifdef WOLFSSL_DTLS
WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
int sz, void*);
#ifdef WOLFSSL_SESSION_EXPORT
WOLFSSL_API int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam);
WOLFSSL_API int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz,
unsigned short port, int fam);
typedef int (*CallbackGetPeer)(WOLFSSL* ssl, char* ip, int* ipSz,
unsigned short* port, int* fam);
typedef int (*CallbackSetPeer)(WOLFSSL* ssl, char* ip, int ipSz,
unsigned short port, int fam);
WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX*,
CallbackGetPeer);
WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX*,
CallbackSetPeer);
#endif /* WOLFSSL_SESSION_EXPORT */
#endif /* WOLFSSL_DTLS */
#endif /* WOLFSSL_USER_IO */
#ifdef HAVE_NETX
WOLFSSL_API void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket,
ULONG waitoption);
#endif
typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz,
void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie);
WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*, WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*,
const unsigned char*, const unsigned char*,
unsigned int); unsigned int);
@@ -1429,6 +1372,10 @@ typedef int (*CbOCSPIO)(void*, const char*, int,
unsigned char*, int, unsigned char**); unsigned char*, int, unsigned char**);
typedef void (*CbOCSPRespFree)(void*,unsigned char*); typedef void (*CbOCSPRespFree)(void*,unsigned char*);
#ifdef HAVE_CRL_IO
typedef int (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz);
#endif
/* User Atomic Record Layer CallBacks */ /* User Atomic Record Layer CallBacks */
typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut, typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut,
const unsigned char* macIn, unsigned int macInSz, int macContent, const unsigned char* macIn, unsigned int macInSz, int macContent,
@@ -1600,6 +1547,10 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
const unsigned char*, long sz, int); const unsigned char*, long sz, int);
WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*, WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*,
CbMissingCRL); CbMissingCRL);
#ifdef HAVE_CRL_IO
WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*,
CbCrlIO);
#endif
WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*, WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*,
unsigned char*, int sz); unsigned char*, int sz);
WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*, WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*,
@@ -1619,6 +1570,9 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL*, WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL*,
const unsigned char*, long sz, int); const unsigned char*, long sz, int);
WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL); WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL);
#ifdef HAVE_CRL_IO
WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb);
#endif
WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options); WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options);
WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*); WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*);
WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*); WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*);
@@ -1630,6 +1584,9 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX*, WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX*,
const unsigned char*, long sz, int); const unsigned char*, long sz, int);
WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL); WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL);
#ifdef HAVE_CRL_IO
WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO);
#endif
WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options); WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options);
WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*);

14
wolfssl/test.h
View File

@@ -624,7 +624,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
#else #else
addr->sin_family = AF_INET_V; addr->sin_family = AF_INET_V;
#endif #endif
addr->sin_port = htons(port); addr->sin_port = XHTONS(port);
if (peer == INADDR_ANY) if (peer == INADDR_ANY)
addr->sin_addr.s_addr = INADDR_ANY; addr->sin_addr.s_addr = INADDR_ANY;
else { else {
@@ -633,7 +633,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
} }
#else #else
addr->sin6_family = AF_INET_V; addr->sin6_family = AF_INET_V;
addr->sin6_port = htons(port); addr->sin6_port = XHTONS(port);
if (peer == INADDR_ANY) if (peer == INADDR_ANY)
addr->sin6_addr = in6addr_any; addr->sin6_addr = in6addr_any;
else { else {
@@ -824,9 +824,9 @@ static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
socklen_t len = sizeof(addr); socklen_t len = sizeof(addr);
if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
#ifndef TEST_IPV6 #ifndef TEST_IPV6
*port = ntohs(addr.sin_port); *port = XNTOHS(addr.sin_port);
#else #else
*port = ntohs(addr.sin6_port); *port = XNTOHS(addr.sin6_port);
#endif #endif
} }
} }
@@ -885,9 +885,9 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
socklen_t len = sizeof(addr); socklen_t len = sizeof(addr);
if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) { if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
#ifndef TEST_IPV6 #ifndef TEST_IPV6
port = ntohs(addr.sin_port); port = XNTOHS(addr.sin_port);
#else #else
port = ntohs(addr.sin6_port); port = XNTOHS(addr.sin6_port);
#endif #endif
} }
} }
@@ -2028,7 +2028,7 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
(void)userCtx; (void)userCtx;
int ret; int ret;
word16 sLen = htons(inLen); word16 sLen = XHTONS(inLen);
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2; int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
byte* tmp = aad; byte* tmp = aad;

5
wolfssl/wolfcrypt/settings.h
View File

@@ -1497,6 +1497,11 @@ static char *fgets(char *buff, int sz, FILE *fp)
#error old TLS requires MD5 and SHA #error old TLS requires MD5 and SHA
#endif #endif
/* for backwards compatibility */
#if defined(TEST_IPV6) && !defined(WOLFSSL_IPV6)
#define WOLFSSL_IPV6
#endif
/* Place any other flags or defines here */ /* Place any other flags or defines here */