feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #335 from dgarske/asynccrypt

Browse Source 
Asynchronous crypto and wolf event support
This commit is contained in:
toddouska
2016-03-30 20:12:41 -07:00
parent 6e5b23e102 4472152b18
commit 63b1282e67
22 changed files with 2912 additions and 2685 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -39,6 +39,8 @@ cyassl.sublime*
fips.c
fips_test.c
fips
src/async.c
wolfssl/async.h
ctaocrypt/benchmark/benchmark
ctaocrypt/test/testctaocrypt
wolfcrypt/benchmark/benchmark

4
autogen.sh
View File

@@ -18,6 +18,10 @@ if test -d .git; then
# touch fips files for non fips distribution
touch ./ctaocrypt/src/fips.c
touch ./ctaocrypt/src/fips_test.c
# touch async crypt files
touch ./src/async.c
touch ./wolfssl/async.h
else
WARNINGS="all"
fi

28
configure.ac
View File

@@ -2505,6 +2505,27 @@ fi
AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
# Asynchronous Crypto
AC_ARG_ENABLE([asynccrypt],
[ --enable-asynccrypt Enable Asynchronous Crypto (default: disabled)],
[ ENABLED_ASYNCCRYPT=$enableval ],
[ ENABLED_ASYNCCRYPT=no ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT"
# if Cavium not enabled the use async simulator for testing
if test "x$ENABLED_CAVIUM" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST"
fi
fi
AM_CONDITIONAL([BUILD_ASYNCCRYPT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
# check if PSK was enabled for conditionally running psk.test script
AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"])
@@ -2836,5 +2857,12 @@ echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA"
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
echo ""
echo "---"
# Show warnings at bottom so they are noticed
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
fi

60
examples/client/client.c
View File

@@ -81,13 +81,20 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl)
int select_ret;
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
error == SSL_ERROR_WANT_WRITE)) {
error == SSL_ERROR_WANT_WRITE ||
error == WC_PENDING_E)) {
int currTimeout = 1;
if (error == SSL_ERROR_WANT_READ)
printf("... client would read block\n");
else
else if (error == SSL_ERROR_WANT_WRITE)
printf("... client would write block\n");
#ifdef WOLFSSL_ASYNC_CRYPT
else if (error == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
@@ -96,11 +103,11 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl)
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) {
#ifndef WOLFSSL_CALLBACKS
ret = wolfSSL_connect(ssl);
#else
ret = wolfSSL_connect_ex(ssl,handShakeCB,timeoutCB,timeout);
#endif
#ifndef WOLFSSL_CALLBACKS
ret = wolfSSL_connect(ssl);
#else
ret = wolfSSL_connect_ex(ssl,handShakeCB,timeoutCB,timeout);
#endif
error = wolfSSL_get_error(ssl, 0);
}
else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
@@ -108,7 +115,7 @@ static void NonBlockingSSL_Connect(WOLFSSL* ssl)
}
#ifdef WOLFSSL_DTLS
else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) &&
wolfSSL_dtls_got_timeout(ssl) >= 0) {
wolfSSL_dtls_got_timeout(ssl) >= 0) {
error = SSL_ERROR_WANT_READ;
}
#endif
@@ -441,6 +448,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int disableCRL = 0;
int externalTest = 0;
int ret;
int err = 0;
int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiaed scr */
int trackMemory = 0;
@@ -1179,25 +1187,38 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
}
else if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
/* see note at top of README */
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
err_sys("SSL_connect failed");
/* if you're getting an error here */
else {
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = wolfSSL_connect(ssl);
if (ret != SSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
err_sys("wolfSSL_connect failed");
/* see note at top of README */
/* if you're getting an error here */
}
}
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */
#endif
showPeer(ssl);
#ifdef HAVE_ALPN
if (alpnList != NULL) {
int err;
char *protocol_name = NULL;
word16 protocol_nameSz = 0;
@@ -1331,7 +1352,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
NonBlockingSSL_Connect(ctx, ssl); /* will keep retrying on timeout */
#endif
showPeer(sslResume);
@@ -1342,7 +1363,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_ALPN
if (alpnList != NULL) {
int err;
char *protocol_name = NULL;
word16 protocol_nameSz = 0;

21
examples/echoclient/echoclient.c
View File

@@ -69,6 +69,7 @@ void echoclient_test(void* args)
SSL_CTX* ctx = 0;
SSL* ssl = 0;
int ret = 0, err = 0;
int doDTLS = 0;
int doPSK = 0;
int sendSz;
@@ -174,7 +175,25 @@ void echoclient_test(void* args)
Sleep(100);
#endif
if (SSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed");
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = SSL_connect(ssl);
if (ret != SSL_SUCCESS) {
err = SSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
char buffer[CYASSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err, ERR_error_string(err, buffer));
err_sys("SSL_connect failed");
}
while (fgets(msg, sizeof(msg), fin) != 0) {

22
examples/echoserver/echoserver.c
View File

@@ -78,6 +78,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
int ret = 0;
int doDTLS = 0;
int doPSK = 0;
int outCreated = 0;
@@ -229,6 +230,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
int clientfd;
int firstRead = 1;
int gotFirstG = 0;
int err = 0;
SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
#ifndef CYASSL_DTLS
@@ -261,7 +263,25 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher than PSK */
#endif
if (CyaSSL_accept(ssl) != SSL_SUCCESS) {
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
ret = CyaSSL_accept(ssl);
if (ret != SSL_SUCCESS) {
err = CyaSSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
err = CyaSSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
printf("SSL_accept failed\n");
CyaSSL_free(ssl);
CloseSocket(clientfd);

44
examples/server/server.c
View File

@@ -72,7 +72,7 @@
static void NonBlockingSSL_Accept(SSL* ssl)
static int NonBlockingSSL_Accept(SSL* ssl)
{
#ifndef CYASSL_CALLBACKS
int ret = SSL_accept(ssl);
@@ -121,8 +121,8 @@ static void NonBlockingSSL_Accept(SSL* ssl)
error = SSL_FATAL_ERROR;
}
}
if (ret != SSL_SUCCESS)
err_sys("SSL_accept failed");
return ret;
}
/* Echo number of bytes specified by -e arg */
@@ -280,6 +280,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int doListen = 1;
int crlFlags = 0;
int ret;
int err = 0;
char* serverReadyFile = NULL;
char* alpnList = NULL;
unsigned char alpn_opt = 0;
@@ -839,21 +840,44 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (nonBlocking) {
CyaSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&clientfd);
NonBlockingSSL_Accept(ssl);
} else if (SSL_accept(ssl) != SSL_SUCCESS) {
int err = SSL_get_error(ssl, 0);
}
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = AsyncCryptPoll(ssl);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
err = 0; /* Reset error */
#ifndef CYASSL_CALLBACKS
if (nonBlocking) {
ret = NonBlockingSSL_Accept(ssl);
}
else {
ret = SSL_accept(ssl);
}
#else
ret = NonBlockingSSL_Accept(ssl);
#endif
if (ret != SSL_SUCCESS) {
err = SSL_get_error(ssl, 0);
}
} while (ret != SSL_SUCCESS && err == WC_PENDING_E);
if (ret != SSL_SUCCESS) {
err = SSL_get_error(ssl, 0);
char buffer[CYASSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
err_sys("SSL_accept failed");
}
#else
NonBlockingSSL_Accept(ssl);
#endif
showPeer(ssl);
#ifdef HAVE_ALPN
if (alpnList != NULL) {
int err;
char *protocol_name = NULL, *list = NULL;
word16 protocol_nameSz = 0, listSz = 0;

4
src/include.am
View File

@@ -250,4 +250,8 @@ if BUILD_SNIFFER
src_libwolfssl_la_SOURCES += src/sniffer.c
endif
if BUILD_ASYNCCRYPT
src_libwolfssl_la_SOURCES += src/async.c
endif
endif # !BUILD_CRYPTONLY

4977
src/internal.c Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

128
src/ssl.c
View File

@@ -3448,7 +3448,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
ecc_key key;
wc_ecc_init(&key);
if (wc_EccPrivateKeyDecode(der->buffer, &idx, &key,
if (wc_EccPrivateKeyDecode(der->buffer, &idx, &key,
der->length) != 0) {
wc_ecc_free(&key);
return SSL_BAD_FILE;
@@ -4557,7 +4557,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
else
dynamic = 1;
}
if (ret == 0) {
if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) {
ret = SSL_BAD_FILE;
@@ -6444,10 +6444,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#ifndef NO_CERTS
/* in case used set_accept_state after init */
if (!havePSK && !haveAnon &&
(!ssl->buffers.certificate ||
if (!havePSK && !haveAnon &&
(!ssl->buffers.certificate ||
!ssl->buffers.certificate->buffer ||
!ssl->buffers.key ||
!ssl->buffers.key ||
!ssl->buffers.key->buffer)) {
WOLFSSL_MSG("accept error: don't have server cert and key");
ssl->error = NO_PRIVATE_KEY;
@@ -11215,10 +11215,10 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
int result = SSL_FATAL_ERROR;
WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
if (store != NULL && store->cm != NULL && x509 != NULL
if (store != NULL && store->cm != NULL && x509 != NULL
&& x509->derCert != NULL) {
DerBuffer* derCert = NULL;
result = AllocDer(&derCert, x509->derCert->length,
x509->derCert->type, NULL);
if (result == 0) {
@@ -17841,4 +17841,118 @@ void* wolfSSL_get_jobject(WOLFSSL* ssl)
#endif /* WOLFSSL_JNI */
#ifdef HAVE_WOLF_EVENT
static int _wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLFSSL* ssl, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount)
{
WOLF_EVENT* event, *event_prev = NULL;
int count = 0, ret = SSL_ERROR_NONE;
if (ctx == NULL || maxEvents <= 0) {
return BAD_FUNC_ARG;
}
/* Events arg can be NULL only if peek */
if (events == NULL && !(flags & WOLF_POLL_FLAG_PEEK)) {
return BAD_FUNC_ARG;
}
#ifndef SINGLE_THREADED
/* In single threaded mode "event_queue.lock" doesn't exist */
if (LockMutex(&ctx->event_queue.lock) != 0) {
return BAD_MUTEX_E;
}
#endif
/* Itterate event queue */
for (event = ctx->event_queue.head; event != NULL; event = event->next)
{
byte removeEvent = 0;
/* Optionally filter by ssl object pointer */
if (ssl == NULL || (ssl == event->ssl)) {
if (flags & WOLF_POLL_FLAG_PEEK) {
if (events) {
/* Copy event data to provided buffer */
XMEMCPY(&events[count], event, sizeof(WOLF_EVENT));
}
count++;
}
else {
/* Check hardware */
if (flags & WOLF_POLL_FLAG_CHECK_HW) {
#ifdef WOLFSSL_ASYNC_CRYPT
if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST &&
event->type <= WOLF_EVENT_TYPE_ASYNC_LAST)
{
ret = wolfSSL_async_poll(event, flags);
}
#endif /* WOLFSSL_ASYNC_CRYPT */
}
/* If event is done then return in 'events' argument */
if (event->done) {
/* Copy event data to provided buffer */
XMEMCPY(&events[count], event, sizeof(WOLF_EVENT));
count++;
removeEvent = 1;
}
}
}
if (removeEvent) {
/* Remove from queue list */
if (event_prev == NULL) {
ctx->event_queue.head = event->next;
if (ctx->event_queue.head == NULL) {
ctx->event_queue.tail = NULL;
}
}
else {
event_prev->next = event->next;
}
}
else {
/* Leave in queue, save prev pointer */
event_prev = event;
}
/* Check to make sure our event list isn't full */
if (events && count >= maxEvents) {
break; /* Exit for */
}
/* Check for error */
if (ret < 0) {
break; /* Exit for */
}
}
#ifndef SINGLE_THREADED
UnLockMutex(&ctx->event_queue.lock);
#endif
/* Return number of properly populated events */
if (eventCount) {
*eventCount = count;
}
return ret;
}
int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount)
{
return _wolfSSL_CTX_poll(ctx, NULL, events, maxEvents, flags, eventCount);
}
int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount)
{
return _wolfSSL_CTX_poll(ssl->ctx, ssl, events, maxEvents, flags,
eventCount);
}
#endif /* HAVE_WOLF_EVENT */
#endif /* WOLFCRYPT_ONLY */

84
wolfcrypt/src/asn.c
View File

@@ -790,7 +790,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
switch (type) {
case hashType:
case oidHashType:
switch (id) {
case MD2h:
oid = hashMd2hOid;
@@ -819,7 +819,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
}
break;
case sigType:
case oidSigType:
switch (id) {
#ifndef NO_DSA
case CTC_SHAwDSA:
@@ -876,7 +876,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
}
break;
case keyType:
case oidKeyType:
switch (id) {
#ifndef NO_DSA
case DSAk:
@@ -908,7 +908,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
break;
#ifdef HAVE_ECC
case curveType:
case oidCurveType:
switch (id) {
#if defined(HAVE_ALL_CURVES) || !defined(NO_ECC256)
case ECC_256R1:
@@ -952,7 +952,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
break;
#endif /* HAVE_ECC */
case blkType:
case oidBlkType:
switch (id) {
case DESb:
oid = blkDesCbcOid;
@@ -966,7 +966,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
break;
#ifdef HAVE_OCSP
case ocspType:
case oidOcspType:
switch (id) {
case OCSP_BASIC_OID:
oid = ocspBasicOid;
@@ -980,7 +980,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
break;
#endif /* HAVE_OCSP */
case certExtType:
case oidCertExtType:
switch (id) {
case BASIC_CA_OID:
oid = extBasicCaOid;
@@ -1029,7 +1029,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
}
break;
case certAuthInfoType:
case oidCertAuthInfoType:
switch (id) {
case AIA_OCSP_OID:
oid = extAuthInfoOcspOid;
@@ -1042,7 +1042,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
}
break;
case certPolicyType:
case oidCertPolicyType:
switch (id) {
case CP_ANY_OID:
oid = extCertPolicyAnyOid;
@@ -1051,7 +1051,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
}
break;
case certAltNameType:
case oidCertAltNameType:
switch (id) {
case HW_NAME_OID:
oid = extAltNamesHwNameOid;
@@ -1060,7 +1060,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
}
break;
case certKeyUseType:
case oidCertKeyUseType:
switch (id) {
case EKU_ANY_OID:
oid = extExtKeyUsageAnyOid;
@@ -1080,7 +1080,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
break;
}
case kdfType:
case oidKdfType:
switch (id) {
case PBKDF2_OID:
oid = pbkdf2Oid;
@@ -1089,7 +1089,7 @@ static const byte* OidFromId(word32 id, word32 type, word32* oidSz)
}
break;
case ignoreType:
case oidIgnoreType:
default:
break;
}
@@ -1140,7 +1140,7 @@ WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
const byte* checkOid = NULL;
word32 checkOidSz;
if (oidType != ignoreType) {
if (oidType != oidIgnoreType) {
checkOid = OidFromId(*oid, oidType, &checkOidSz);
if (checkOid != NULL &&
@@ -1319,7 +1319,7 @@ int ToTraditional(byte* input, word32 sz)
if (GetMyVersion(input, &inOutIdx, &version) < 0)
return ASN_PARSE_E;
if (GetAlgoId(input, &inOutIdx, &oid, sigType, sz) < 0)
if (GetAlgoId(input, &inOutIdx, &oid, oidSigType, sz) < 0)
return ASN_PARSE_E;
if (input[inOutIdx] == ASN_OBJECT_ID) {
@@ -1596,7 +1596,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
if (GetSequence(input, &inOutIdx, &length, sz) < 0)
return ASN_PARSE_E;
if (GetAlgoId(input, &inOutIdx, &oid, sigType, sz) < 0)
if (GetAlgoId(input, &inOutIdx, &oid, oidSigType, sz) < 0)
return ASN_PARSE_E;
first = input[inOutIdx - 2]; /* PKCS version always 2nd to last byte */
@@ -1610,7 +1610,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
if (GetSequence(input, &inOutIdx, &length, sz) < 0)
return ASN_PARSE_E;
if (GetAlgoId(input, &inOutIdx, &oid, kdfType, sz) < 0)
if (GetAlgoId(input, &inOutIdx, &oid, oidKdfType, sz) < 0)
return ASN_PARSE_E;
if (oid != PBKDF2_OID)
@@ -1656,7 +1656,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
if (version == PKCS5v2) {
/* get encryption algo */
/* JOHN: New type. Need a little more research. */
if (GetAlgoId(input, &inOutIdx, &oid, blkType, sz) < 0) {
if (GetAlgoId(input, &inOutIdx, &oid, oidBlkType, sz) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2354,7 +2354,7 @@ static int GetKey(DecodedCert* cert)
return ASN_PARSE_E;
if (GetAlgoId(cert->source, &cert->srcIdx,
&cert->keyOID, keyType, cert->maxIdx) < 0)
&cert->keyOID, oidKeyType, cert->maxIdx) < 0)
return ASN_PARSE_E;
switch (cert->keyOID) {
@@ -2445,7 +2445,7 @@ static int GetKey(DecodedCert* cert)
byte b;
if (GetObjectId(cert->source, &cert->srcIdx,
&cert->pkCurveOID, curveType, cert->maxIdx) < 0)
&cert->pkCurveOID, oidCurveType, cert->maxIdx) < 0)
return ASN_PARSE_E;
if (CheckCurve(cert->pkCurveOID) < 0)
@@ -3148,7 +3148,7 @@ int DecodeToKey(DecodedCert* cert, int verify)
WOLFSSL_MSG("Got Cert Header");
if ( (ret = GetAlgoId(cert->source, &cert->srcIdx, &cert->signatureOID,
sigType, cert->maxIdx)) < 0)
oidSigType, cert->maxIdx)) < 0)
return ret;
WOLFSSL_MSG("Got Algo ID");
@@ -3379,8 +3379,8 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
byte ID_Length[MAX_LENGTH_SZ];
byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */
tagSz = (type == hashType || type == sigType ||
(type == keyType && algoOID == RSAk)) ? 2 : 0;
tagSz = (type == oidHashType || type == oidSigType ||
(type == oidKeyType && algoOID == RSAk)) ? 2 : 0;
algoName = OidFromId(algoOID, type, &algoSz);
@@ -3416,7 +3416,7 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
word32 encDigSz, algoSz, seqSz;
encDigSz = SetDigest(digest, digSz, digArray);
algoSz = SetAlgoID(hashOID, algoArray, hashType, 0);
algoSz = SetAlgoID(hashOID, algoArray, oidHashType, 0);
seqSz = SetSequence(encDigSz + algoSz, seqArray);
XMEMCPY(out, seqArray, seqSz);
@@ -3988,7 +3988,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
/* Consume the rest of this sequence. */
length -= (strLen + idx - lenStartIdx);
if (GetObjectId(input, &idx, &oid, certAltNameType, sz) < 0) {
if (GetObjectId(input, &idx, &oid, oidCertAltNameType, sz) < 0) {
WOLFSSL_MSG("\tbad OID");
return ASN_PARSE_E;
}
@@ -4239,7 +4239,7 @@ static int DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
return ASN_PARSE_E;
oid = 0;
if (GetObjectId(input, &idx, &oid, certAuthInfoType, sz) < 0)
if (GetObjectId(input, &idx, &oid, oidCertAuthInfoType, sz) < 0)
return ASN_PARSE_E;
/* Only supporting URIs right now. */
@@ -4385,7 +4385,7 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert)
#endif
while (idx < (word32)sz) {
if (GetObjectId(input, &idx, &oid, certKeyUseType, sz) < 0)
if (GetObjectId(input, &idx, &oid, oidCertKeyUseType, sz) < 0)
return ASN_PARSE_E;
switch (oid) {
@@ -4720,7 +4720,7 @@ static int DecodeCertExtensions(DecodedCert* cert)
}
oid = 0;
if (GetObjectId(input, &idx, &oid, certExtType, sz) < 0) {
if (GetObjectId(input, &idx, &oid, oidCertExtType, sz) < 0) {
WOLFSSL_MSG("\tfail: OBJECT ID");
return ASN_PARSE_E;
}
@@ -4972,7 +4972,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
}
if ((ret = GetAlgoId(cert->source, &cert->srcIdx, &confirmOID,
sigType, cert->maxIdx)) < 0)
oidSigType, cert->maxIdx)) < 0)
return ret;
if ((ret = GetSignature(cert)) < 0)
@@ -5524,7 +5524,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
#else
byte algo[MAX_ALGO_SZ];
#endif
algoSz = SetAlgoID(RSAk, algo, keyType, 0);
algoSz = SetAlgoID(RSAk, algo, oidKeyType, 0);
lenSz = SetLength(seqSz + nSz + eSz + 1, len);
len[lenSz++] = 0; /* trailing 0 */
@@ -5940,7 +5940,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int with_header)
return MEMORY_E;
}
#endif
algoSz = SetAlgoID(ECDSAk, algo, keyType, curveSz);
algoSz = SetAlgoID(ECDSAk, algo, oidKeyType, curveSz);
lenSz = SetLength(pubSz + 1, len);
len[lenSz++] = 0; /* trailing 0 */
@@ -6789,7 +6789,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
der->serialSz = SetSerial(cert->serial, der->serial);
/* signature algo */
der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, sigType, 0);
der->sigAlgoSz = SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0);
if (der->sigAlgoSz == 0)
return ALGO_ID_E;
@@ -7181,7 +7181,7 @@ static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz,
int idx = bodySz, seqSz;
/* algo */
idx += SetAlgoID(sigAlgoType, buffer + idx, sigType, 0);
idx += SetAlgoID(sigAlgoType, buffer + idx, oidSigType, 0);
/* bit string */
buffer[idx++] = ASN_BIT_STRING;
/* length */
@@ -7988,7 +7988,7 @@ static int SetAltNamesFromCert(Cert* cert, const byte* der, int derSz)
decoded->srcIdx = startIdx;
if (GetAlgoId(decoded->source, &decoded->srcIdx, &oid,
certExtType, decoded->maxIdx) < 0) {
oidCertExtType, decoded->maxIdx) < 0) {
ret = ASN_PARSE_E;
break;
}
@@ -8747,7 +8747,7 @@ static int DecodeSingleResponse(byte* source,
if (GetSequence(source, &idx, &length, size) < 0)
return ASN_PARSE_E;
/* Skip the hash algorithm */
if (GetAlgoId(source, &idx, &oid, ignoreType, size) < 0)
if (GetAlgoId(source, &idx, &oid, oidIgnoreType, size) < 0)
return ASN_PARSE_E;
/* Save reference to the hash of CN */
if (source[idx++] != ASN_OCTET_STRING)
@@ -8869,7 +8869,7 @@ static int DecodeOcspRespExtensions(byte* source,
}
oid = 0;
if (GetObjectId(source, &idx, &oid, ocspType, sz) < 0) {
if (GetObjectId(source, &idx, &oid, oidOcspType, sz) < 0) {
WOLFSSL_MSG("\tfail: OBJECT ID");
return ASN_PARSE_E;
}
@@ -9022,7 +9022,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
return ASN_PARSE_E;
/* Get the signature algorithm */
if (GetAlgoId(source, &idx, &resp->sigOID, sigType, size) < 0)
if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0)
return ASN_PARSE_E;
/* Obtain pointer to the start of the signature, and save the size */
@@ -9128,7 +9128,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm)
return ASN_PARSE_E;
/* Check ObjectID for the resposeBytes */
if (GetObjectId(source, &idx, &oid, ocspType, size) < 0)
if (GetObjectId(source, &idx, &oid, oidOcspType, size) < 0)
return ASN_PARSE_E;
if (oid != OCSP_BASIC_OID)
return ASN_PARSE_E;
@@ -9214,9 +9214,9 @@ int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size)
WOLFSSL_ENTER("EncodeOcspRequest");
#ifdef NO_SHA
algoSz = SetAlgoID(SHA256h, algoArray, hashType, 0);
algoSz = SetAlgoID(SHA256h, algoArray, oidHashType, 0);
#else
algoSz = SetAlgoID(SHAh, algoArray, hashType, 0);
algoSz = SetAlgoID(SHAh, algoArray, oidHashType, 0);
#endif
issuerSz = SetDigest(req->issuerHash, KEYID_SIZE, issuerArray);
@@ -9606,7 +9606,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
return ASN_PARSE_E;
}
if (GetAlgoId(buff, &idx, &oid, ignoreType, sz) < 0)
if (GetAlgoId(buff, &idx, &oid, oidIgnoreType, sz) < 0)
return ASN_PARSE_E;
if (GetNameHash(buff, &idx, dcrl->issuerHash, sz) < 0)
@@ -9650,7 +9650,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
if (idx != dcrl->sigIndex)
idx = dcrl->sigIndex; /* skip extensions */
if (GetAlgoId(buff, &idx, &dcrl->signatureOID, sigType, sz) < 0)
if (GetAlgoId(buff, &idx, &dcrl->signatureOID, oidSigType, sz) < 0)
return ASN_PARSE_E;
if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0)

3
wolfcrypt/src/error.c
View File

@@ -374,6 +374,9 @@ const char* wc_GetErrorString(int error)
case HASH_TYPE_E:
return "Hash type not enabled/available";
case WC_PENDING_E:
return "wolfCrypt Operation Pending (would block / eagain) error";
default:
return "unknown error number";

14
wolfcrypt/src/hash.c
View File

@@ -45,6 +45,7 @@ int wc_HashGetOID(enum wc_HashType hash_type)
oid = MD2h;
#endif
break;
case WC_HASH_TYPE_MD5_SHA:
case WC_HASH_TYPE_MD5:
#ifndef NO_MD5
oid = MD5h;
@@ -111,6 +112,11 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type)
case WC_HASH_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
dig_size = SHA512_DIGEST_SIZE;
#endif
break;
case WC_HASH_TYPE_MD5_SHA:
#if !defined(NO_MD5) && !defined(NO_SHA)
dig_size = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE;
#endif
break;
@@ -169,6 +175,14 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data,
case WC_HASH_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
ret = wc_Sha512Hash(data, data_len, hash);
#endif
break;
case WC_HASH_TYPE_MD5_SHA:
#if !defined(NO_MD5) && !defined(NO_SHA)
ret = wc_Md5Hash(data, data_len, hash);
if (ret == 0) {
ret = wc_ShaHash(data, data_len, &hash[MD5_DIGEST_SIZE]);
}
#endif
break;

16
wolfcrypt/src/pkcs7.c
View File

@@ -132,7 +132,7 @@ int wc_GetContentType(const byte* input, word32* inOutIdx, word32* oid,
word32 maxIdx)
{
WOLFSSL_ENTER("wc_GetContentType");
if (GetObjectId(input, inOutIdx, oid, ignoreType, maxIdx) < 0)
if (GetObjectId(input, inOutIdx, oid, oidIgnoreType, maxIdx) < 0)
return ASN_PARSE_E;
return 0;
@@ -398,10 +398,10 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
esd->signerVersionSz = SetMyVersion(1, esd->signerVersion, 0);
signerInfoSz += esd->signerVersionSz;
esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId,
hashType, 0);
oidHashType, 0);
signerInfoSz += esd->signerDigAlgoIdSz;
esd->digEncAlgoIdSz = SetAlgoID(pkcs7->encryptOID, esd->digEncAlgoId,
keyType, 0);
oidKeyType, 0);
signerInfoSz += esd->digEncAlgoIdSz;
if (pkcs7->signedAttribsSz != 0) {
@@ -578,7 +578,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz)
esd->certsSet);
esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId,
hashType, 0);
oidHashType, 0);
esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet);
@@ -1035,7 +1035,7 @@ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
return ALGO_ID_E;
}
keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, keyType, 0);
keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, oidKeyType, 0);
if (keyEncAlgSz == 0) {
FreeDecodedCert(decoded);
#ifdef WOLFSSL_SMALL_STACK
@@ -1321,7 +1321,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
/* build up our ContentEncryptionAlgorithmIdentifier sequence,
* adding (ivOctetStringSz + DES_BLOCK_SIZE) for IV OCTET STRING */
contentEncAlgoSz = SetAlgoID(pkcs7->encryptOID, contentEncAlgo,
blkType, ivOctetStringSz + DES_BLOCK_SIZE);
oidBlkType, ivOctetStringSz + DES_BLOCK_SIZE);
if (contentEncAlgoSz == 0) {
XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1594,7 +1594,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (GetAlgoId(pkiMsg, &idx, &encOID, keyType, pkiMsgSz) < 0) {
if (GetAlgoId(pkiMsg, &idx, &encOID, oidKeyType, pkiMsgSz) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -1655,7 +1655,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
return ASN_PARSE_E;
}
if (GetAlgoId(pkiMsg, &idx, &encOID, blkType, pkiMsgSz) < 0) {
if (GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType, pkiMsgSz) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif

1
wolfssl/error-ssl.h
View File

@@ -142,6 +142,7 @@ enum wolfSSL_ErrorCodes {
UNKNOWN_ALPN_PROTOCOL_NAME_E = -405, /* Unrecognized protocol name Error*/
BAD_CERTIFICATE_STATUS_ERROR = -406, /* Bad certificate status message */
OCSP_INVALID_STATUS = -407, /* Invalid OCSP Status */
ASYNC_NOT_PENDING = -408, /* Async operation not pending */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */

92
wolfssl/internal.h
View File

@@ -154,6 +154,10 @@
#include "zlib.h"
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/async.h>
#endif
#ifdef _MSC_VER
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
#pragma warning(disable: 4996)
@@ -1819,6 +1823,22 @@ WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
#endif /* HAVE_QSH */
#ifdef HAVE_WOLF_EVENT
typedef struct {
WOLF_EVENT* head; /* head of queue */
WOLF_EVENT* tail; /* tail of queue */
#ifndef SINGLE_THREADED
wolfSSL_Mutex lock; /* queue lock */
#endif
} WOLF_EVENT_QUEUE;
WOLFSSL_LOCAL int wolfSSL_EventInit(WOLFSSL* ssl, WOLF_EVENT_TYPE type);
WOLFSSL_LOCAL int wolfSSL_CTX_EventPush(WOLFSSL_CTX* ctx, WOLF_EVENT* event);
#endif /* HAVE_WOLF_EVENT */
/* wolfSSL context type */
struct WOLFSSL_CTX {
WOLFSSL_METHOD* method;
@@ -1925,6 +1945,9 @@ struct WOLFSSL_CTX {
CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
#endif /* NO_RSA */
#endif /* HAVE_PK_CALLBACKS */
#ifdef HAVE_WOLF_EVENT
WOLF_EVENT_QUEUE event_queue;
#endif /* HAVE_WOLF_EVENT */
};
@@ -2189,12 +2212,22 @@ enum AcceptState {
ACCEPT_THIRD_REPLY_DONE
};
/* sub-states for send/do key share (key exchange) */
enum KeyShareState {
KEYSHARE_BEGIN = 0,
KEYSHARE_BUILD,
KEYSHARE_VERIFY,
KEYSHARE_FINALIZE,
KEYSHARE_END
};
/* buffers for struct WOLFSSL */
typedef struct Buffers {
bufferStatic inputBuffer;
bufferStatic outputBuffer;
buffer domainName; /* for client check */
buffer clearOutputBuffer;
buffer sig; /* signature data */
int prevSent; /* previous plain text bytes sent
when got WANT_WRITE */
int plainSz; /* plain text bytes in buffer to send
@@ -2302,6 +2335,8 @@ typedef struct Options {
byte minDowngrade; /* minimum downgrade version */
byte connectState; /* nonblocking resume */
byte acceptState; /* nonblocking resume */
byte keyShareState; /* sub-state for key share (key exchange).
See enum KeyShareState. */
#ifndef NO_DH
word16 minDhKeySz; /* minimum DH key size */
word16 dhKeySz; /* actual DH key size */
@@ -2536,6 +2571,12 @@ struct WOLFSSL {
HandShakeDoneCb hsDoneCb; /* notify user handshake done */
void* hsDoneCtx; /* user handshake cb context */
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
AsyncCrypt async;
#endif
void* sigKey; /* RsaKey or ecc_key allocated from heap */
word32 sigType; /* Type of sigKey */
word32 sigLen; /* Actual signature length */
WOLFSSL_CIPHER cipher;
hmacfp hmac;
Ciphers encrypt;
@@ -2684,6 +2725,12 @@ struct WOLFSSL {
#ifdef WOLFSSL_JNI
void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
#endif /* WOLFSSL_JNI */
#ifdef HAVE_WOLF_EVENT
WOLF_EVENT event;
#endif /* HAVE_WOLF_EVENT */
#ifdef WOLFSSL_ASYNC_CRYPT_TEST
AsyncCryptTests asyncCryptTest;
#endif /* WOLFSSL_ASYNC_CRYPT_TEST */
};
@@ -2835,10 +2882,29 @@ WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
#ifndef NO_CERTS
#ifndef NO_RSA
WOLFSSL_LOCAL int VerifyRsaSign(const byte* sig, word32 sigSz,
WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl,
const byte* sig, word32 sigSz,
const byte* plain, word32 plainSz,
RsaKey* key);
#endif
WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
#endif /* !NO_RSA */
#ifdef HAVE_ECC
WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz,
void* ctx);
WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
byte* out, word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
void* ctx);
WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
ecc_key* pub_key, byte* out, word32* outSz);
#endif /* HAVE_ECC */
#ifdef WOLFSSL_TRUST_PEER_CERT
/* options for searching hash table for a matching trusted peer cert */
@@ -2850,11 +2916,12 @@ WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
DecodedCert* cert);
#endif
WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
#ifndef NO_SKID
WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
#endif
#endif
#endif /* !NO_CERTS */
WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
const byte* sender);
WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
@@ -2929,6 +2996,25 @@ enum encrypt_side {
WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
#ifndef NO_DH
WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl,
byte* p, word32 pSz,
byte* g, word32 gSz,
byte* priv, word32* privSz,
byte* pub, word32* pubSz);
WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl,
byte* p, word32 pSz,
byte* g, word32 gSz,
byte* priv, word32* privSz,
byte* pub, word32* pubSz,
const byte* otherPub, word32 otherPubSz,
byte* agree, word32* agreeSz);
#endif
#ifdef HAVE_ECC
WOLFSSL_LOCAL int EccMakeTempKey(WOLFSSL* ssl);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif

36
wolfssl/ssl.h
View File

@@ -1781,6 +1781,42 @@ WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl);
#endif /* WOLFSSL_JNI */
#ifdef HAVE_WOLF_EVENT
typedef enum WOLF_EVENT_TYPE {
WOLF_EVENT_TYPE_NONE,
#ifdef WOLFSSL_ASYNC_CRYPT
WOLF_EVENT_TYPE_ASYNC_ACCEPT,
WOLF_EVENT_TYPE_ASYNC_CONNECT,
WOLF_EVENT_TYPE_ASYNC_READ,
WOLF_EVENT_TYPE_ASYNC_WRITE,
WOLF_EVENT_TYPE_ASYNC_FIRST = WOLF_EVENT_TYPE_ASYNC_ACCEPT,
WOLF_EVENT_TYPE_ASYNC_LAST = WOLF_EVENT_TYPE_ASYNC_WRITE,
#endif
} WOLF_EVENT_TYPE;
typedef struct WOLF_EVENT WOLF_EVENT;
struct WOLF_EVENT {
WOLF_EVENT* next; /* To support event linked list */
WOLFSSL* ssl; /* Reference back to SSL object */
int ret; /* Async return code */
WOLF_EVENT_TYPE type;
unsigned short pending:1;
unsigned short done:1;
/* Future event flags can go here */
};
enum WOLF_POLL_FLAGS {
WOLF_POLL_FLAG_CHECK_HW = 0x01,
WOLF_POLL_FLAG_PEEK = 0x02,
};
WOLFSSL_API int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount);
WOLFSSL_API int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events,
int maxEvents, unsigned char flags, int* eventCount);
#endif /* HAVE_WOLF_EVENT */
#ifdef __cplusplus
} /* extern "C" */
#endif

18
wolfssl/test.h
View File

@@ -1907,4 +1907,22 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
#ifdef WOLFSSL_ASYNC_CRYPT
static INLINE int AsyncCryptPoll(WOLFSSL* ssl)
{
int ret, eventCount = 0;
WOLF_EVENT events[1];
printf("Connect/Accept got WC_PENDING_E\n");
ret = wolfSSL_poll(ssl, events, sizeof(events)/sizeof(WOLF_EVENT),
WOLF_POLL_FLAG_CHECK_HW, &eventCount);
if (ret == 0 && eventCount > 0) {
ret = 1; /* Success */
}
return ret;
}
#endif
#endif /* wolfSSL_TEST_H */

26
wolfssl/wolfcrypt/asn.h
View File

@@ -200,19 +200,19 @@ enum Misc_ASN {
enum Oid_Types {
hashType = 0,
sigType = 1,
keyType = 2,
curveType = 3,
blkType = 4,
ocspType = 5,
certExtType = 6,
certAuthInfoType = 7,
certPolicyType = 8,
certAltNameType = 9,
certKeyUseType = 10,
kdfType = 11,
ignoreType
oidHashType = 0,
oidSigType = 1,
oidKeyType = 2,
oidCurveType = 3,
oidBlkType = 4,
oidOcspType = 5,
oidCertExtType = 6,
oidCertAuthInfoType = 7,
oidCertPolicyType = 8,
oidCertAltNameType = 9,
oidCertKeyUseType = 10,
oidKdfType = 11,
oidIgnoreType
};

1
wolfssl/wolfcrypt/error-crypt.h
View File

@@ -167,6 +167,7 @@ enum {
BAD_COND_E = -230, /* Bad condition variable operation */
SIG_TYPE_E = -231, /* Signature Type not enabled/available */
HASH_TYPE_E = -232, /* Hash Type not enabled/available */
WC_PENDING_E = -233, /* wolfCrypt operation pending (would block) */
MIN_CODE_E = -300 /* errors -101 - -299 */

1
wolfssl/wolfcrypt/hash.h
View File

@@ -39,6 +39,7 @@ enum wc_HashType {
WC_HASH_TYPE_SHA256 = 5,
WC_HASH_TYPE_SHA384 = 6,
WC_HASH_TYPE_SHA512 = 7,
WC_HASH_TYPE_MD5_SHA = 8,
};
/* Find largest possible digest size

15
wolfssl/wolfcrypt/settings.h
View File

@@ -136,6 +136,9 @@
/* Uncomment next line if building for ARDUINO */
/* #define WOLFSSL_ARDUINO */
/* Uncomment next line to enable asynchronous crypto WC_PENDING_E */
/* #define WOLFSSL_ASYNC_CRYPT */
#include <wolfssl/wolfcrypt/visibility.h>
#ifdef WOLFSSL_USER_SETTINGS
@@ -1148,6 +1151,18 @@ static char *fgets(char *buff, int sz, FILE *fp)
#undef NO_DH
#endif
/* Asynchronous Crypto */
#ifdef WOLFSSL_ASYNC_CRYPT
/* Make sure wolf events are enabled */
#undef HAVE_WOLF_EVENT
#define HAVE_WOLF_EVENT
#else
#ifdef WOLFSSL_ASYNC_CRYPT_TEST
#error Must have WOLFSSL_ASYNC_CRYPT enabled with WOLFSSL_ASYNC_CRYPT_TEST
#endif
#endif /* WOLFSSL_ASYNC_CRYPT */
/* Place any other flags or defines here */