wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-13 09:34:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8902 from gojimmypi/pr-cert-logging

Browse Source 
Introduce WOLFSSL_DEBUG_CERTS Certificate Debug Messages
This commit is contained in:
Daniel Pouzzner
2025-08-08 23:44:03 -05:00
committed by GitHub
parent 9236b81ade d64ef34ef8
commit 260fca600a
17 changed files with 630 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/os-check.yml vendored
View File

@@ -57,7 +57,8 @@ jobs:
'--enable-opensslextra=x509small', '--enable-opensslextra=x509small',
'CPPFLAGS=''-DWOLFSSL_EXTRA'' ', 'CPPFLAGS=''-DWOLFSSL_EXTRA'' ',
'--enable-lms=small,verify-only --enable-xmss=small,verify-only', '--enable-lms=small,verify-only --enable-xmss=small,verify-only',
'--disable-sys-ca-certs' '--disable-sys-ca-certs',
'--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ',
] ]
name: make check name: make check
if: github.repository_owner == 'wolfssl' if: github.repository_owner == 'wolfssl'

23
CMakeLists.txt
View File

@@ -281,7 +281,28 @@ add_option("WOLFSSL_DEBUG"
"no" "yes;no") "no" "yes;no")
if(WOLFSSL_DEBUG) if(WOLFSSL_DEBUG)
set(CMAKE_C_FLAGS "-g ${CMAKE_C_FLAGS}") # Optional variable inspection
if (0)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
message(STATUS "")
endif()
if (CMAKE_C_COMPILER_ID STREQUAL "Watcom" OR CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom" OR CMAKE_GENERATOR STREQUAL "Watcom WMake")
# Open Watcom v2 does not support -g debugging
message(STATUS "Detected Watcom compiler, using CMAKE_C_FLAGS_DEBUG -d2")
set(CMAKE_C_FLAGS_DEBUG "-d2 ${CMAKE_C_FLAGS_DEBUG}")
else()
set(CMAKE_C_FLAGS "-g ${CMAKE_C_FLAGS}")
endif()
list(APPEND WOLFSSL_DEFINITIONS list(APPEND WOLFSSL_DEFINITIONS
"-DDEBUG_WOLFSSL" "-DDEBUG_WOLFSSL"
"-DDEBUG") "-DDEBUG")

9
src/crl.c
View File

@@ -39,6 +39,7 @@ CRL Options:
#include <wolfssl/internal.h> #include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h> #include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifndef WOLFSSL_LINUXKM #ifndef WOLFSSL_LINUXKM
#include <string.h> #include <string.h>
@@ -795,7 +796,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
crl->currentEntry = CRL_Entry_new(crl->heap); crl->currentEntry = CRL_Entry_new(crl->heap);
if (crl->currentEntry == NULL) { if (crl->currentEntry == NULL) {
WOLFSSL_MSG("alloc CRL Entry failed"); WOLFSSL_MSG_CERT_LOG("alloc CRL Entry failed");
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
@@ -806,9 +807,11 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
InitDecodedCRL(dcrl, crl->heap); InitDecodedCRL(dcrl, crl->heap);
ret = ParseCRL(crl->currentEntry->certs, dcrl, myBuffer, (word32)sz, ret = ParseCRL(crl->currentEntry->certs, dcrl, myBuffer, (word32)sz,
verify, crl->cm); verify, crl->cm);
if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E) if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)
&& verify == NO_VERIFY)) { && verify == NO_VERIFY)) {
WOLFSSL_MSG("ParseCRL error"); WOLFSSL_MSG_CERT_LOG("ParseCRL error");
WOLFSSL_MSG_CERT_EX("ParseCRL verify = %d, ret = %d", verify, ret);
CRL_Entry_free(crl->currentEntry, crl->heap); CRL_Entry_free(crl->currentEntry, crl->heap);
crl->currentEntry = NULL; crl->currentEntry = NULL;
} }
@@ -816,7 +819,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
ret = AddCRL(crl, dcrl, myBuffer, ret = AddCRL(crl, dcrl, myBuffer,
ret != WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)); ret != WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E));
if (ret != 0) { if (ret != 0) {
WOLFSSL_MSG("AddCRL error"); WOLFSSL_MSG_CERT_LOG("AddCRL error");
crl->currentEntry = NULL; crl->currentEntry = NULL;
} }
} }

24
src/internal.c
View File

@@ -8028,7 +8028,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->secLevel = ctx->secLevel; ssl->secLevel = ctx->secLevel;
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
/* Returns 0 on success, not WOLFSSL_SUCCESS (1) */ /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */
WOLFSSL_MSG_EX("InitSSL done. return 0 (success)"); WOLFSSL_MSG("InitSSL done. return 0 (success)");
return 0; return 0;
} }
@@ -15792,7 +15792,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) || if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) { ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) {
if (!ssl->options.usingAltCertChain) { if (!ssl->options.usingAltCertChain) {
WOLFSSL_MSG("Trying alternate cert chain"); WOLFSSL_MSG_CERT_LOG(
"Trying alternate cert chain");
ssl->options.usingAltCertChain = 1; ssl->options.usingAltCertChain = 1;
} }
@@ -15804,8 +15805,25 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* do not add to certificate manager */ /* do not add to certificate manager */
skipAddCA = 1; skipAddCA = 1;
} /* ASN_NO_SIGNER_E || ASN_SELF_SIGNED_E */
} /* ret != 0 && isCA */
#else
/* Not defined: WOLFSSL_ALT_CERT_CHAINS
* When WOLFSSL_DEBUG_CERTS enabled, suggest solution */
#ifdef WOLFSSL_DEBUG_CERTS
if (ret != 0 && args->dCert->isCA) {
if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) {
WOLFSSL_MSG_CERT(
"Consider enabling WOLFSSL_ALT_CERT_CHAINS"
" to resolve ASN_NO_SIGNER_E");
} }
} if (ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) {
WOLFSSL_MSG_CERT(
"Consider enabling WOLFSSL_ALT_CERT_CHAINS"
" to resolve ASN_SELF_SIGNED_E");
}
} /* check alt-cert possible fixable error codes */
#endif
#endif /* WOLFSSL_ALT_CERT_CHAINS */ #endif /* WOLFSSL_ALT_CERT_CHAINS */
#if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS)

40
src/ssl.c
View File

@@ -5869,7 +5869,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#endif #endif
DerBuffer* der = *pDer; DerBuffer* der = *pDer;
WOLFSSL_MSG("Adding a CA"); WOLFSSL_MSG_CERT_LOG("Adding a CA");
if (cm == NULL) { if (cm == NULL) {
FreeDer(pDer); FreeDer(pDer);
@@ -5893,8 +5893,34 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
} }
#endif #endif
WOLFSSL_MSG_CERT("\tParsing new CA");
ret = ParseCert(cert, CA_TYPE, verify, cm); ret = ParseCert(cert, CA_TYPE, verify, cm);
WOLFSSL_MSG("\tParsed new CA"); WOLFSSL_MSG("\tParsed new CA");
#ifdef WOLFSSL_DEBUG_CERTS
#ifdef WOLFSSL_SMALL_STACK
if (cert == NULL) {
WOLFSSL_MSG_CERT(WOLFSSL_MSG_CERT_INDENT "Failed; cert is NULL");
}
else
#endif
{
const char* err_msg;
if (ret == 0) {
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "issuer: '%s'",
cert->issuer);
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "subject: '%s'",
cert->subject);
}
else {
WOLFSSL_MSG_CERT(
WOLFSSL_MSG_CERT_INDENT "Failed during parse of new CA");
err_msg = wc_GetErrorString(ret);
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "error ret: %d; %s",
ret, err_msg);
}
}
#endif /* WOLFSSL_DEBUG_CERTS */
#ifndef NO_SKID #ifndef NO_SKID
subjectHash = cert->extSubjKeyId; subjectHash = cert->extSubjKeyId;
@@ -5903,7 +5929,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#endif #endif
/* check CA key size */ /* check CA key size */
if (verify) { if (verify && (ret == 0 )) {
switch (cert->keyOID) { switch (cert->keyOID) {
#ifndef NO_RSA #ifndef NO_RSA
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
@@ -5913,7 +5939,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
if (cm->minRsaKeySz < 0 || if (cm->minRsaKeySz < 0 ||
cert->pubKeySize < (word16)cm->minRsaKeySz) { cert->pubKeySize < (word16)cm->minRsaKeySz) {
ret = RSA_KEY_SIZE_E; ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG("\tCA RSA key size error"); WOLFSSL_MSG_CERT_LOG("\tCA RSA key size error");
WOLFSSL_MSG_CERT_EX("\tCA RSA pubKeySize = %d; "
"minRsaKeySz = %d",
cert->pubKeySize, cm->minRsaKeySz);
} }
break; break;
#endif /* !NO_RSA */ #endif /* !NO_RSA */
@@ -5922,7 +5951,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
if (cm->minEccKeySz < 0 || if (cm->minEccKeySz < 0 ||
cert->pubKeySize < (word16)cm->minEccKeySz) { cert->pubKeySize < (word16)cm->minEccKeySz) {
ret = ECC_KEY_SIZE_E; ret = ECC_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ECC key size error"); WOLFSSL_MSG_CERT_LOG("\tCA ECC key size error");
WOLFSSL_MSG_CERT_EX("\tCA ECC pubKeySize = %d; "
"minEccKeySz = %d",
cert->pubKeySize, cm->minEccKeySz);
} }
break; break;
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */

23
src/ssl_load.c
View File

@@ -28,6 +28,7 @@
*/ */
#ifdef WOLFSSL_SYS_CA_CERTS #ifdef WOLFSSL_SYS_CA_CERTS
/* Will be turned off automatically when NO_FILESYSTEM is defined */
#ifdef _WIN32 #ifdef _WIN32
#define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
@@ -59,6 +60,8 @@
#endif #endif
#else #else
#include <wolfssl/wolfcrypt/logging.h>
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* PSK field of context when it exists. */ /* PSK field of context when it exists. */
#define CTX_HAVE_PSK(ctx) (ctx)->havePSK #define CTX_HAVE_PSK(ctx) (ctx)->havePSK
@@ -2721,7 +2724,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
&sz); &sz);
if ((ret == 0) && (type == DETECT_CERT_TYPE) && if ((ret == 0) && (type == DETECT_CERT_TYPE) &&
(format != WOLFSSL_FILETYPE_PEM)) { (format != WOLFSSL_FILETYPE_PEM)) {
WOLFSSL_MSG("Cannot detect certificate type when not PEM"); WOLFSSL_MSG_CERT_LOG("Cannot detect certificate type when not PEM");
ret = WOLFSSL_BAD_CERTTYPE; ret = WOLFSSL_BAD_CERTTYPE;
} }
/* Try to detect type by parsing cert header and footer. */ /* Try to detect type by parsing cert header and footer. */
@@ -2729,17 +2732,24 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
#if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM) #if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM)
const char* header = NULL; const char* header = NULL;
const char* footer = NULL; const char* footer = NULL;
#ifdef HAVE_CRL
WOLFSSL_MSG_CERT("Detecting cert type... (including CRL_TYPE)");
#else
WOLFSSL_MSG_CERT("Detecting cert type... (HAVE_CRL not defined)");
#endif
/* Look for CA header and footer - same as CERT_TYPE. */ /* Look for CA header and footer - same as CERT_TYPE. */
if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 && if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 &&
(XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) { (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) {
type = CA_TYPE; type = CA_TYPE;
WOLFSSL_DEBUG_PRINTF("Detected cert type CA_TYPE = %d:", type);
} }
#ifdef HAVE_CRL #ifdef HAVE_CRL
/* Look for CRL header and footer. */ /* Look for CRL header and footer. */
else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
(XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) { (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) {
type = CRL_TYPE; type = CRL_TYPE;
WOLFSSL_DEBUG_PRINTF("Detected cert type CRL_TYPE = %d:", type);
} }
#endif #endif
/* Look for cert header and footer - same as CA_TYPE. */ /* Look for cert header and footer - same as CA_TYPE. */
@@ -2747,12 +2757,13 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
(XSTRNSTR((char*)content.buffer, header, (word32)sz) != (XSTRNSTR((char*)content.buffer, header, (word32)sz) !=
NULL)) { NULL)) {
type = CERT_TYPE; type = CERT_TYPE;
WOLFSSL_DEBUG_PRINTF("Detected cert type CERT_TYPE = %d:", type);
} }
else else
#endif #endif /* !NO_CODING && !WOLFSSL_NO_PEM */
{ {
/* Not a header that we support. */ /* Not a header that we support. */
WOLFSSL_MSG("Failed to detect certificate type"); WOLFSSL_MSG_CERT_LOG("Failed to detect certificate type");
#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS #ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
WOLFSSL_DEBUG_PRINTF( WOLFSSL_DEBUG_PRINTF(
"ERROR: ProcessFile: Failed to detect certificate type" "ERROR: ProcessFile: Failed to detect certificate type"
@@ -2761,17 +2772,19 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
#endif #endif
ret = WOLFSSL_BAD_CERTTYPE; ret = WOLFSSL_BAD_CERTTYPE;
} }
} } /* (ret == 0) && (type == DETECT_CERT_TYPE) */
if (ret == 0) { if (ret == 0) {
/* When CA or trusted peer and PEM - process as a chain buffer. */ /* When CA or trusted peer and PEM - process as a chain buffer. */
if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) && if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) &&
(format == WOLFSSL_FILETYPE_PEM)) { (format == WOLFSSL_FILETYPE_PEM)) {
WOLFSSL_MSG_CERT("Processing cert chain buffer...");
ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type, ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type,
verify, fname); verify, fname);
} }
#ifdef HAVE_CRL #ifdef HAVE_CRL
else if (type == CRL_TYPE) { else if (type == CRL_TYPE) {
/* Load the CRL. */ WOLFSSL_MSG_CERT("Loading CRL...");
ret = BufferLoadCRL(crl, content.buffer, sz, format, verify); ret = BufferLoadCRL(crl, content.buffer, sz, format, verify);
} }
#endif #endif

1
src/wolfio.c
View File

@@ -40,6 +40,7 @@
#include <wolfssl/internal.h> #include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h> #include <wolfssl/error-ssl.h>
#include <wolfssl/wolfio.h> #include <wolfssl/wolfio.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NUCLEUS_PLUS_2_3 #ifdef NUCLEUS_PLUS_2_3
/* Holds last Nucleus networking error number */ /* Holds last Nucleus networking error number */

9
wolfcrypt/src/asn.c
View File

@@ -25754,7 +25754,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
} }
} }
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
} } /* cert->ca */
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
else if (type == CERTREQ_TYPE) { else if (type == CERTREQ_TYPE) {
/* try to confirm/verify signature */ /* try to confirm/verify signature */
@@ -25818,7 +25818,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
#endif #endif
else { else {
/* no signer */ /* no signer */
WOLFSSL_MSG("No CA signer to verify with"); WOLFSSL_MSG_CERT_LOG("No CA signer to verify with");
/* If you end up here with error -188, /* If you end up here with error -188,
* consider using WOLFSSL_ALT_CERT_CHAINS. */ * consider using WOLFSSL_ALT_CERT_CHAINS. */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@@ -25831,10 +25831,11 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
#endif #endif
{ {
WOLFSSL_ERROR_VERBOSE(ASN_NO_SIGNER_E); WOLFSSL_ERROR_VERBOSE(ASN_NO_SIGNER_E);
WOLFSSL_MSG_CERT("Consider using WOLFSSL_ALT_CERT_CHAINS.");
return ASN_NO_SIGNER_E; return ASN_NO_SIGNER_E;
} }
} }
} } /* verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE */
#if defined(WOLFSSL_NO_TRUSTED_CERTS_VERIFY) && !defined(NO_SKID) #if defined(WOLFSSL_NO_TRUSTED_CERTS_VERIFY) && !defined(NO_SKID)
exit_pcr: exit_pcr:
@@ -25844,7 +25845,7 @@ exit_pcr:
if (verify != VERIFY_SKIP_DATE) { if (verify != VERIFY_SKIP_DATE) {
return cert->badDate; return cert->badDate;
} }
WOLFSSL_MSG("Date error: Verify option is skipping"); WOLFSSL_MSG_CERT_LOG("Date error: Verify option is skipping");
} }
if (cert->criticalExt != 0) if (cert->criticalExt != 0)

267
wolfcrypt/src/logging.c
View File

@@ -115,7 +115,8 @@ THREAD_LS_T void *StackSizeCheck_stackOffsetPointer = 0;
#endif /* HAVE_STACK_SIZE_VERBOSE */ #endif /* HAVE_STACK_SIZE_VERBOSE */
#ifdef DEBUG_WOLFSSL #if defined(DEBUG_WOLFSSL) || \
(defined(WOLFSSL_DEBUG_CERTS) && !defined(NO_WOLFSSL_DEBUG_CERTS))
/* Set these to default values initially. */ /* Set these to default values initially. */
static wolfSSL_Logging_cb LogFunction = NULL; static wolfSSL_Logging_cb LogFunction = NULL;
@@ -123,14 +124,58 @@ static wolfSSL_Logging_cb LogFunction = NULL;
#define WOLFSSL_LOGGINGENABLED_DEFAULT 0 #define WOLFSSL_LOGGINGENABLED_DEFAULT 0
#endif #endif
static int loggingEnabled = WOLFSSL_LOGGINGENABLED_DEFAULT; static int loggingEnabled = WOLFSSL_LOGGINGENABLED_DEFAULT;
#ifndef WOLFSSL_CERT_LOG_ENABLED_DEFAULT
#define WOLFSSL_CERT_LOG_ENABLED_DEFAULT 0
#endif
#ifndef NO_WOLFSSL_DEBUG_CERTS
static int loggingCertEnabled = WOLFSSL_CERT_LOG_ENABLED_DEFAULT;
#endif
THREAD_LS_T const char* log_prefix = NULL; THREAD_LS_T const char* log_prefix = NULL;
#if defined(WOLFSSL_APACHE_MYNEWT) #if defined(WOLFSSL_APACHE_MYNEWT)
#include "log/log.h" #include "log/log.h"
static struct log mynewt_log; static struct log mynewt_log;
#define WOLFSSL_APACHE_MYNEWT_NOT_INITALIZED 0
#define WOLFSSL_APACHE_MYNEWT_INITALIZED 1
static int loggingApacheNewtRegistered = WOLFSSL_APACHE_MYNEWT_NOT_INITALIZED;
#endif /* WOLFSSL_APACHE_MYNEWT */ #endif /* WOLFSSL_APACHE_MYNEWT */
#endif /* DEBUG_WOLFSSL || WOLFSSL_DEBUG_CERTS */
#endif /* DEBUG_WOLFSSL */ int wolfSSL_CertDebugging_ON(void)
{
/* Certificate debugging is also a subset of full debugging */
#if defined(WOLFSSL_DEBUG_CERTS) || defined(DEBUG_WOLFSSL)
#if defined(NO_WOLFSSL_DEBUG_CERTS)
return NOT_COMPILED_IN;
#else
loggingCertEnabled = 1;
#endif
#if defined(WOLFSSL_APACHE_MYNEWT)
if (loggingApacheNewtRegistered != WOLFSSL_APACHE_MYNEWT_INITALIZED) {
log_register("wolfcrypt", &mynewt_log, &log_console_handler,
NULL, LOG_SYSLEVEL);
loggingApacheNewtRegistered = WOLFSSL_APACHE_MYNEWT_INITALIZED;
}
#endif /* WOLFSSL_APACHE_MYNEWT */
return 0;
#else
return NOT_COMPILED_IN;
#endif
}
int wolfSSL_CertDebugging_OFF(void)
{
#if defined(WOLFSSL_DEBUG_CERTS) || defined(DEBUG_WOLFSSL)
#if defined(NO_WOLFSSL_DEBUG_CERTS)
return NOT_COMPILED_IN;
#else
loggingCertEnabled = 0;
#endif
return 0;
#else
return NOT_COMPILED_IN;
#endif
}
/* allow this to be set to NULL, so logs can be redirected to default output */ /* allow this to be set to NULL, so logs can be redirected to default output */
int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function) int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function)
@@ -159,13 +204,22 @@ int wolfSSL_Debugging_ON(void)
{ {
#ifdef DEBUG_WOLFSSL #ifdef DEBUG_WOLFSSL
loggingEnabled = 1; loggingEnabled = 1;
#if defined(WOLFSSL_APACHE_MYNEWT) #ifndef NO_WOLFSSL_DEBUG_CERTS
log_register("wolfcrypt", &mynewt_log, &log_console_handler, NULL, LOG_SYSLEVEL); /* Certificate debugging is enabled by default during DEBUG_WOLFSSL,
#endif /* WOLFSSL_APACHE_MYNEWT */ * unless explicitly disabled with NO_WOLFSSL_DEBUG_CERTS */
loggingCertEnabled = 1;
#endif
#if defined(WOLFSSL_APACHE_MYNEWT)
if (loggingApacheNewtRegistered != WOLFSSL_APACHE_MYNEWT_INITALIZED) {
log_register("wolfcrypt", &mynewt_log, &log_console_handler,
NULL, LOG_SYSLEVEL);
loggingApacheNewtRegistered = WOLFSSL_APACHE_MYNEWT_INITALIZED;
}
#endif /* WOLFSSL_APACHE_MYNEWT */
return 0; return 0;
#else #else
return NOT_COMPILED_IN; return NOT_COMPILED_IN;
#endif #endif /* DEBUG_WOLFSSL */
} }
@@ -173,12 +227,16 @@ void wolfSSL_Debugging_OFF(void)
{ {
#ifdef DEBUG_WOLFSSL #ifdef DEBUG_WOLFSSL
loggingEnabled = 0; loggingEnabled = 0;
#ifndef NO_WOLFSSL_DEBUG_CERTS
loggingCertEnabled = 0;
#endif
#endif #endif
} }
void wolfSSL_SetLoggingPrefix(const char* prefix) void wolfSSL_SetLoggingPrefix(const char* prefix)
{ {
#ifdef DEBUG_WOLFSSL #if defined(DEBUG_WOLFSSL) || \
(defined(WOLFSSL_DEBUG_CERTS) && !defined(NO_WOLFSSL_DEBUG_CERTS))
log_prefix = prefix; log_prefix = prefix;
#else #else
(void)prefix; (void)prefix;
@@ -228,8 +286,8 @@ void WOLFSSL_TIME(int count)
} }
#endif #endif
#ifdef DEBUG_WOLFSSL #if defined(DEBUG_WOLFSSL) || \
(defined(WOLFSSL_DEBUG_CERTS) && !defined(NO_WOLFSSL_DEBUG_CERTS))
#ifdef HAVE_STACK_SIZE_VERBOSE #ifdef HAVE_STACK_SIZE_VERBOSE
#include <wolfssl/wolfcrypt/mem_track.h> #include <wolfssl/wolfcrypt/mem_track.h>
@@ -248,24 +306,33 @@ static void wolfssl_log(const int logLevel, const char* const file_name,
#elif defined(WOLFSSL_DEBUG_PRINTF_FN) #elif defined(WOLFSSL_DEBUG_PRINTF_FN)
#ifdef WOLFSSL_MDK_ARM #ifdef WOLFSSL_MDK_ARM
fflush(stdout); fflush(stdout);
#endif
/* see settings.h for platform-specific line endings */
#ifndef WOLFSSL_DEBUG_LINE_ENDING
#define WOLFSSL_DEBUG_LINE_ENDING "\n"
#endif #endif
if (log_prefix != NULL) { if (log_prefix != NULL) {
if (file_name != NULL) if (file_name != NULL) {
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"[%s]: [%s L %d] %s\n", "[%s]: [%s L %d] %s" WOLFSSL_DEBUG_LINE_ENDING,
log_prefix, file_name, line_number, logMessage); log_prefix, file_name, line_number, logMessage);
else }
else {
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"[%s]: %s\n", log_prefix, logMessage); "[%s]: %s" WOLFSSL_DEBUG_LINE_ENDING, log_prefix, logMessage);
} else { } /* file_name check */
if (file_name != NULL)
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"[%s L %d] %s\n",
file_name, line_number, logMessage);
else
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"%s\n", logMessage);
} }
else {
if (file_name != NULL) {
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"[%s L %d] %s" WOLFSSL_DEBUG_LINE_ENDING,
file_name, line_number, logMessage);
}
else {
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"%s" WOLFSSL_DEBUG_LINE_ENDING, logMessage);
} /* file_name check */
} /* log_prefix check */
#ifdef WOLFSSL_MDK_ARM #ifdef WOLFSSL_MDK_ARM
fflush(stdout); fflush(stdout);
#endif #endif
@@ -285,12 +352,89 @@ static void wolfssl_log(const int logLevel, const char* const file_name,
#ifndef WOLFSSL_DEBUG_ERRORS_ONLY #ifndef WOLFSSL_DEBUG_ERRORS_ONLY
/* Certificate debugging available with either regular debugging
* DEBUG_WOLFSSL or just certificate debugging: WOLFSSL_DEBUG_CERTS */
#if (defined(WOLFSSL_DEBUG_CERTS) || defined(DEBUG_WOLFSSL)) && \
!defined(NO_WOLFSSL_DEBUG_CERTS)
#include <stdarg.h> /* for var args */
#ifndef WOLFSSL_MSG_CERT_BUF_SZ
#define WOLFSSL_MSG_CERT_BUF_SZ 140
#endif
int WOLFSSL_MSG_CERT(const char* msg)
{
/* Regular debug may have been compiled out */
(void)loggingEnabled;
if ((msg != NULL) && (loggingCertEnabled != 0)) {
wolfssl_log(CERT_LOG, NULL, 0, msg);
}
return 0;
}
#ifdef __clang__
/* tell clang argument 1 is format */
__attribute__((__format__ (__printf__, 1, 0)))
#endif
int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
{
/* Certificate logging output may have large messages */
#ifdef WOLFSSL_SMALL_STACK
char* msg;
msg = (char*)XMALLOC(WOLFSSL_MSG_CERT_BUF_SZ, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (msg == NULL) {
return MEMORY_E;
}
#else
char msg[WOLFSSL_MSG_CERT_BUF_SZ];
#endif
int written;
va_list args;
va_start(args, fmt);
/* Assume zero-terminated msg, len less than WOLFSSL_MSG_CERT_BUF_SZ */
written = XVSNPRINTF(msg, WOLFSSL_MSG_CERT_BUF_SZ, fmt, args);
va_end(args);
if ((written > 0) && (loggingCertEnabled =! 0)) {
wolfssl_log(INFO_LOG, NULL, 0, msg);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
} /* WOLFSSL_MSG_CERT_EX */
#else
/* !(DEBUG_WOLFSSL || WOLFSSL_DEBUG_CERTS) */
#ifdef WOLF_NO_VARIADIC_MACROS
#ifdef __WATCOMC__
/* Do-nothing implementation in header for OW Open Watcom V2 */
#else
int WOLFSSL_MSG_CERT(const char* msg)
{
(void)msg;
return NOT_COMPILED_IN;
}
int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
{
(void)fmt;
return NOT_COMPILED_IN;
}
#endif
#else
/* using a macro, see logging.h */
#endif
#endif /* DEBUG_WOLFSSL || WOLFSSL_DEBUG_CERTS */
#if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX) #if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX)
#include <stdarg.h> /* for var args */ #include <stdarg.h> /* for var args */
#ifndef WOLFSSL_MSG_EX_BUF_SZ #ifndef WOLFSSL_MSG_EX_BUF_SZ
#define WOLFSSL_MSG_EX_BUF_SZ 100 #define WOLFSSL_MSG_EX_BUF_SZ 100
#endif #endif
#undef WOLFSSL_MSG_EX /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
#if !defined(WOLFSSL_MSG_EX) && defined(DEBUG_WOLFSSL)
#ifdef __clang__ #ifdef __clang__
/* tell clang argument 1 is format */ /* tell clang argument 1 is format */
__attribute__((__format__ (__printf__, 1, 0))) __attribute__((__format__ (__printf__, 1, 0)))
@@ -308,6 +452,7 @@ void WOLFSSL_MSG_EX(const char* fmt, ...)
wolfssl_log(INFO_LOG, NULL, 0, msg); wolfssl_log(INFO_LOG, NULL, 0, msg);
} }
} }
#endif
#ifdef WOLFSSL_DEBUG_CODEPOINTS #ifdef WOLFSSL_DEBUG_CODEPOINTS
void WOLFSSL_MSG_EX2(const char *file, int line, const char* fmt, ...) void WOLFSSL_MSG_EX2(const char *file, int line, const char* fmt, ...)
@@ -323,16 +468,24 @@ void WOLFSSL_MSG_EX2(const char *file, int line, const char* fmt, ...)
wolfssl_log(INFO_LOG, file, line, msg); wolfssl_log(INFO_LOG, file, line, msg);
} }
} }
#endif #endif /* WOLFSSL_DEBUG_CODEPOINTS */
#endif #else
/* We need a do-nothing function when variadic macros not available */
#ifdef WOLF_NO_VARIADIC_MACROS
/* See header for same-name, do nothing functions */
#else
/* See header for same-name, do nothing macros */
#endif
#endif /* XVSNPRINTF && !NO_WOLFSSL_MSG_EX */
#undef WOLFSSL_MSG /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */ #ifndef WOLFSSL_MSG
void WOLFSSL_MSG(const char* msg) void WOLFSSL_MSG(const char* msg)
{ {
if (loggingEnabled) if (loggingEnabled)
wolfssl_log(INFO_LOG, NULL, 0, msg); wolfssl_log(INFO_LOG, NULL, 0, msg);
} }
#endif
#ifdef WOLFSSL_DEBUG_CODEPOINTS #ifdef WOLFSSL_DEBUG_CODEPOINTS
void WOLFSSL_MSG2(const char *file, int line, const char* msg) void WOLFSSL_MSG2(const char *file, int line, const char* msg)
@@ -342,6 +495,7 @@ void WOLFSSL_MSG2(const char *file, int line, const char* msg)
} }
#endif #endif
#ifndef WOLFSSL_BUFFER
#ifndef LINE_LEN #ifndef LINE_LEN
#define LINE_LEN 16 #define LINE_LEN 16
#endif #endif
@@ -418,8 +572,9 @@ errout:
wolfssl_log(INFO_LOG, NULL, 0, "\t[Buffer error while rendering]"); wolfssl_log(INFO_LOG, NULL, 0, "\t[Buffer error while rendering]");
} }
#endif /* WOLFSSL_BUFFER */
#undef WOLFSSL_ENTER /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */ #ifndef WOLFSSL_ENTER
void WOLFSSL_ENTER(const char* msg) void WOLFSSL_ENTER(const char* msg)
{ {
if (loggingEnabled) { if (loggingEnabled) {
@@ -432,6 +587,7 @@ void WOLFSSL_ENTER(const char* msg)
wolfssl_log(ENTER_LOG, NULL, 0, buffer); wolfssl_log(ENTER_LOG, NULL, 0, buffer);
} }
} }
#endif /* WOLFSSL_ENTER */
#ifdef WOLFSSL_DEBUG_CODEPOINTS #ifdef WOLFSSL_DEBUG_CODEPOINTS
void WOLFSSL_ENTER2(const char *file, int line, const char* msg) void WOLFSSL_ENTER2(const char *file, int line, const char* msg)
@@ -446,9 +602,9 @@ void WOLFSSL_ENTER2(const char *file, int line, const char* msg)
wolfssl_log(ENTER_LOG, file, line, buffer); wolfssl_log(ENTER_LOG, file, line, buffer);
} }
} }
#endif #endif /* WOLFSSL_DEBUG_CODEPOINTS */
#undef WOLFSSL_LEAVE /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */ #ifndef WOLFSSL_LEAVE
void WOLFSSL_LEAVE(const char* msg, int ret) void WOLFSSL_LEAVE(const char* msg, int ret)
{ {
if (loggingEnabled) { if (loggingEnabled) {
@@ -462,6 +618,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
wolfssl_log(LEAVE_LOG, NULL, 0, buffer); wolfssl_log(LEAVE_LOG, NULL, 0, buffer);
} }
} }
#endif /* WOLFSSL_LEAVE */
#ifdef WOLFSSL_DEBUG_CODEPOINTS #ifdef WOLFSSL_DEBUG_CODEPOINTS
void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret) void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret)
@@ -485,17 +642,67 @@ void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret)
#define WOLFSSL_ENTER(msg) WOLFSSL_ENTER2(__FILE__, __LINE__, msg) #define WOLFSSL_ENTER(msg) WOLFSSL_ENTER2(__FILE__, __LINE__, msg)
#define WOLFSSL_LEAVE(msg, ret) WOLFSSL_LEAVE2(__FILE__, __LINE__, msg, ret) #define WOLFSSL_LEAVE(msg, ret) WOLFSSL_LEAVE2(__FILE__, __LINE__, msg, ret)
#ifdef XVSNPRINTF #ifdef XVSNPRINTF
#define WOLFSSL_MSG_EX(fmt, args...) \ /* #define WOLFSSL_MSG_EX(fmt, args...) \
WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args) WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args)
*/
#endif #endif
#endif #endif
#ifndef WOLFSSL_IS_DEBUG_ON
int WOLFSSL_IS_DEBUG_ON(void) int WOLFSSL_IS_DEBUG_ON(void)
{ {
return loggingEnabled; return loggingEnabled;
} }
#endif /* WOLFSSL_IS_DEBUG_ON */
#endif /* !WOLFSSL_DEBUG_ERRORS_ONLY */ #endif /* !WOLFSSL_DEBUG_ERRORS_ONLY */
#endif /* DEBUG_WOLFSSL */
#else
/* !(DEBUG_WOLFSSL || (WOLFSSL_DEBUG_CERTS && !NO_WOLFSSL_DEBUG_CERTS)) */
/*
* Create some no-op functions for compilers without variadic macros,
* other than Open Watcom V2.
*/
#ifdef WOLF_NO_VARIADIC_MACROS
/* no debug and cannot use variadic macros */
#ifdef __WATCOMC__
/* see logging.h for no-op Watcom implementation */
#else
int WOLFSSL_MSG_CERT(const char* msg)
{
(void)msg;
return NOT_COMPILED_IN;
}
int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
{
(void)fmt;
return NOT_COMPILED_IN;
}
#endif
#else
/* see logging.h for variadic macros */
#endif
#endif /* DEBUG_WOLFSSL || (WOLFSSL_DEBUG_CERTS && !NO_WOLFSSL_DEBUG_CERTS) */
/* Final catch for no-op WOLFSSL_MSG_EX needing implementation */
#ifdef __WATCOMC__
/* See no-op implementation as needed in logging.h */
#else
#ifdef DEBUG_WOLFSSL
/* The empty no-op function is not needed when debugging */
#else
#if defined(HAVE_WOLFSSL_MSG_EX) || defined(WOLF_NO_VARIADIC_MACROS)
void WOLFSSL_MSG_EX(const char* fmt, ...)
{
(void)fmt;
}
#else
/* See macro in header */
#endif
#endif
#endif
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) || defined(HAVE_MEMCACHED) #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) || defined(HAVE_MEMCACHED)

6
wolfcrypt/src/poly1305.c
View File

@@ -88,7 +88,9 @@ static word32 cpu_flags_set = 0;
#endif #endif
#if defined(USE_INTEL_POLY1305_SPEEDUP) || defined(POLY130564) #if defined(USE_INTEL_POLY1305_SPEEDUP) || defined(POLY130564)
#if defined(_MSC_VER) #if defined(__WATCOMC__)
#error "POLY130564 || USE_INTEL_POLY1305_SPEEDUP Watcom not supported"
#elif defined(_MSC_VER)
#define POLY1305_NOINLINE __declspec(noinline) #define POLY1305_NOINLINE __declspec(noinline)
#elif defined(__GNUC__) #elif defined(__GNUC__)
#define POLY1305_NOINLINE __attribute__((noinline)) #define POLY1305_NOINLINE __attribute__((noinline))
@@ -96,7 +98,7 @@ static word32 cpu_flags_set = 0;
#define POLY1305_NOINLINE #define POLY1305_NOINLINE
#endif #endif
#if defined(_MSC_VER) #if defined(_MSC_VER) && !(__WATCOMC__)
#include <intrin.h> #include <intrin.h>
typedef struct word128 { typedef struct word128 {

5
wolfcrypt/src/port/Espressif/esp32_util.c
View File

@@ -557,6 +557,11 @@ esp_err_t ShowExtendedSystemInfo_config(void)
show_macro("WOLFSSL_NO_CURRDIR", STR_IFNDEF(WOLFSSL_NO_CURRDIR)); show_macro("WOLFSSL_NO_CURRDIR", STR_IFNDEF(WOLFSSL_NO_CURRDIR));
show_macro("WOLFSSL_LWIP", STR_IFNDEF(WOLFSSL_LWIP)); show_macro("WOLFSSL_LWIP", STR_IFNDEF(WOLFSSL_LWIP));
show_macro("DEBUG_WOLFSSL", STR_IFNDEF(DEBUG_WOLFSSL));
show_macro("WOLFSSL_DEBUG_CERTS", STR_IFNDEF(WOLFSSL_DEBUG_CERTS));
show_macro("NO_WOLFSSL_DEBUG_CERTS", STR_IFNDEF(NO_WOLFSSL_DEBUG_CERTS));
show_macro("WOLFSSL_DEBUG_ERRORS_ONLY", STR_IFNDEF(WOLFSSL_DEBUG_ERRORS_ONLY));
ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
#if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT) #if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT)
ESP_LOGI(TAG, "Compiler Optimization: Default"); ESP_LOGI(TAG, "Compiler Optimization: Default");

5
wolfcrypt/src/rsa.c
View File

@@ -42,6 +42,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#endif #endif
#include <wolfssl/wolfcrypt/rsa.h> #include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef WOLFSSL_AFALG_XILINX_RSA #ifdef WOLFSSL_AFALG_XILINX_RSA
#include <wolfssl/wolfcrypt/port/af_alg/wc_afalg.h> #include <wolfssl/wolfcrypt/port/af_alg/wc_afalg.h>
@@ -2748,7 +2749,7 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
case RSA_PUBLIC_ENCRYPT: case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT: case RSA_PUBLIC_DECRYPT:
if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY) { if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY) {
WOLFSSL_MSG("mp_exptmod_nct failed"); WOLFSSL_MSG_CERT_LOG("mp_exptmod_nct failed");
ret = MP_EXPTMOD_E; ret = MP_EXPTMOD_E;
} }
break; break;
@@ -2845,7 +2846,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
*outLen = keyLen; *outLen = keyLen;
return RsaFunctionSync(in, inLen, out, outLen, type, key, rng); return RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
#endif /* WOLFSSL_SP_MATH */ #endif /* WOLFSSL_SP_MATH */
} } /* wc_RsaFunctionSync */
#endif /* WOLF_CRYPTO_CB_ONLY_RSA */ #endif /* WOLF_CRYPTO_CB_ONLY_RSA */
#endif #endif

14
wolfcrypt/src/tfm.c
View File

@@ -44,6 +44,7 @@
#include <wolfssl/wolfcrypt/tfm.h> #include <wolfssl/wolfcrypt/tfm.h>
#include <wolfcrypt/src/asm.c> /* will define asm MACROS or C ones */ #include <wolfcrypt/src/asm.c> /* will define asm MACROS or C ones */
#include <wolfssl/wolfcrypt/wolfmath.h> /* common functions */ #include <wolfssl/wolfcrypt/wolfmath.h> /* common functions */
#include <wolfssl/wolfcrypt/logging.h>
#ifdef WOLFSSL_ESPIDF #ifdef WOLFSSL_ESPIDF
#include <esp_log.h> #include <esp_log.h>
@@ -3297,7 +3298,18 @@ int fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
#endif #endif
/* handle modulus of zero and prevent overflows */ /* handle modulus of zero and prevent overflows */
if (fp_iszero(P) || (P->used > (FP_SIZE/2))) { if (fp_iszero(P)) {
return FP_VAL;
}
if (P->used > (FP_SIZE/2)) {
/* FP_MAX_BITS too small is a common cert failure cause */
#ifdef WOLFSSL_DEBUG_CERTS
WOLFSSL_MSG_CERT_EX("TFM fp_exptmod_nct failed: P.used (%d) > (FP_SIZE/2)"
"; FP_SIZE: %d; FP_MAX_SIZE: %d",
P->used, FP_SIZE, FP_MAX_BITS, FP_MAX_SIZE);
WOLFSSL_MSG_CERT_EX("Consider adjusting current FP_MAX_BITS: %d",
FP_MAX_BITS);
#endif
return FP_VAL; return FP_VAL;
} }
if (fp_isone(P)) { if (fp_isone(P)) {

251
wolfssl/wolfcrypt/logging.h
View File

@@ -26,11 +26,109 @@
/* submitted by eof */ /* submitted by eof */
/*
* Enable wolfSSL debugging with DEBUG_WOLFSSL
*
* Certificate debugging is a subset of DEBUG_WOLFSSL but can be enabled
* exclusively with WOLFSSL_DEBUG_CERTS.
*
* When DEBUG_WOLFSSL is enabled, but the subset of certificate debugging
* is not desired, it can disabled with NO_WOLFSSL_DEBUG_CERTS
*
* ****************************************************************************
* Message / printf debugging
* ****************************************************************************
*
* WOLFSSL_DEBUG_PRINTF()
* Utility macro: A buffer-less, non-truncating debug message renderer.
* Unavailable on some targets, and has no default no-op definition,
* so the WOLFSSL_DEBUG_CERTIFICATE_LOADS gate is needed.
*
* WOLFSSL_DEBUG_PRINTF_FN(...)
* Used to supply an override definition of the target platform's printf-like
* function, and it is not function-like:
*
* #ifdef WOLFSSL_DEBUG_PRINTF_FN
* #define [user-supplied definition]
* #elif defined(ARDUINO)
* #warning ARDUINO only has print and sprintf, no printf on some targets.
* #elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS)
* #define WOLFSSL_DEBUG_PRINTF_FN printf
* [...]
*
* WOLFSSL_MSG_EX_BUF_SZ
* Re-definable macro: maximum length of WOLFSSL_MSG_EX debugging messages.
*
* WOLFSSL_MSG
* Single message parameter. Works everywhere.
*
* WOLFSSL_MSG_EX
* Variable number of parameters. Should be supported nearly everywhere.
*
* WOLFSSL_MSG_EX2
* Variable number of parameters. Should be supported nearly everywhere.
* Special case where first two parameters are const char *file, int line
*
* ****************************************************************************
* Certificate Debugging: a subset of DEBUG_WOLFSSL
* or can be used alone WOLFSSL_DEBUG_CERTS without all the debugging noise
* ****************************************************************************
*
* WOLFSSL_MSG_CERT_BUF_SZ
* Used by WOLFSSL_MSG_CERT and WOLFSSL_MSG_CERT_EX
* Re-definable macro: maximum length of debugging messages.
*
* WOLFSSL_MSG_CERT
* Single message parameter. Works everywhere.
* Print only during WOLFSSL_DEBUG_CERTS
*
* WOLFSSL_MSG_CERT_LOG
* Single message parameter. Works everywhere.
* Print during either DEBUG_WOLFSSL or WOLFSSL_DEBUG_CERTS
*
* WOLFSSL_MSG_CERT_EX
* Variable number of parameters. Should be supported nearly everywhere.
*
* When any of the above are disabled:
* With WOLF_NO_VARIADIC_MACROS a do nothing placeholder function is used.
* Otherwise, a do-nothing macro. See WC_DO_NOTHING
*
* Optional user callbacks:
* wolfSSL_SetLoggingCb(my_log_cb);
*
* To disable certificate debugging:
* Do not define WOLFSSL_DEBUG_CERTS when used without DEBUG_WOLFSSL
* or
* Define NO_WOLFSSL_DEBUG_CERTS when DEBUG_WOLFSSL is enabled
*
* If NO_WOLFSSL_DEBUG_CERTS is detected in settings.h, the respective
* WOLFSSL_DEBUG_CERTS will be undefined. The explicit NO_WOLFSSL_DEBUG_CERTS
* checks are still performed in logging source for code clarity only.
*
* ****************************************************************************
* At runtime with debugging enabled:
* ****************************************************************************
*
* Display debug messages:
* int wolfSSL_Debugging_ON(void)
* int wolfSSL_CertDebugging_ON(void)
*
* Disable debug messages until re-enabled at runtime:
* void wolfSSL_Debugging_OFF(void);
* int wolfSSL_CertDebugging_OFF(void)
*
* See also:
* int WOLFSSL_IS_DEBUG_ON(void)
*
* Note: does not detect or control WOLFSSL_DEBUG_PRINTF_FN usage
*
*/
#ifndef WOLFSSL_LOGGING_H #ifndef WOLFSSL_LOGGING_H
#define WOLFSSL_LOGGING_H #define WOLFSSL_LOGGING_H
#include <wolfssl/wolfcrypt/types.h> #include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@@ -42,6 +140,7 @@ enum wc_LogLevels {
INFO_LOG, INFO_LOG,
ENTER_LOG, ENTER_LOG,
LEAVE_LOG, LEAVE_LOG,
CERT_LOG,
OTHER_LOG OTHER_LOG
}; };
@@ -99,6 +198,11 @@ WOLFSSL_API wolfSSL_Logging_cb wolfSSL_GetLoggingCb(void);
WOLFSSL_API int wolfSSL_Debugging_ON(void); WOLFSSL_API int wolfSSL_Debugging_ON(void);
/* turn logging off */ /* turn logging off */
WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API void wolfSSL_Debugging_OFF(void);
/* turn cert debugging on, only if compiled in */
WOLFSSL_API int wolfSSL_CertDebugging_ON(void);
/* turn cert debugging off */
WOLFSSL_API int wolfSSL_CertDebugging_OFF(void);
WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
@@ -152,8 +256,52 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
#define WOLFSSL_TIME(n) WC_DO_NOTHING #define WOLFSSL_TIME(n) WC_DO_NOTHING
#endif #endif
/* Certificate Debugging: WOLFSSL_MSG_CERT */
#if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_DEBUG_CERTS) && \
(defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_CERTS))
#define HAVE_WOLFSSL_DEBUG_CERTS
#ifndef WOLFSSL_MSG_CERT_INDENT
#define WOLFSSL_MSG_CERT_INDENT "\t- "
#endif
WOLFSSL_API int WOLFSSL_MSG_CERT(const char* msg);
WOLFSSL_API int WOLFSSL_MSG_CERT_EX(const char* fmt, ...);
#else
/* No Certificate Debugging */
#undef WOLFSSL_DEBUG_CERTS
#ifndef WOLFSSL_MSG_CERT_INDENT
#define WOLFSSL_MSG_CERT_INDENT ""
#endif
#ifdef WOLF_NO_VARIADIC_MACROS
/* The issue is variadic macros, not function parameters. e.g Watcom
* Additionally, Watcom needs the empty declaration here: */
#ifdef __WATCOMC__
/* don't use WOLFSSL_API nor inline for Watcom stubs */
static int WOLFSSL_MSG_CERT(const char* msg)
{
(void)msg;
return NOT_COMPILED_IN;
}
static int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
{
(void)fmt;
return NOT_COMPILED_IN;
}
#else
WOLFSSL_API int WOLFSSL_MSG_CERT(const char* msg);
WOLFSSL_API int WOLFSSL_MSG_CERT_EX(const char* fmt, ...);
#endif
#else
/* Nearly all compilers will support variadic macros */
#define WOLFSSL_MSG_CERT(m) WC_DO_NOTHING
#define WOLFSSL_MSG_CERT_EX(...) WC_DO_NOTHING
#endif
#endif /* Certificate Debugging: WOLFSSL_MSG_CERT */
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY) #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)
#if defined(_WIN32) #if defined(_WIN32) && !defined(__WATCOMC__)
#if defined(INTIME_RTOS) #if defined(INTIME_RTOS)
#define __func__ NULL #define __func__ NULL
#else #else
@@ -169,14 +317,18 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
#define WOLFSSL_STUB(m) \ #define WOLFSSL_STUB(m) \
WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented)) WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void); WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void);
/* WOLFSSL_MSG_EX may not be available. Check with HAVE_WOLFSSL_MSG_EX */
#if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX) #if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX)
WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...); WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
#define HAVE_WOLFSSL_MSG_EX #define HAVE_WOLFSSL_MSG_EX
#else #else
#ifdef WOLF_NO_VARIADIC_MACROS #ifdef WOLF_NO_VARIADIC_MACROS
#define WOLFSSL_MSG_EX() WC_DO_NOTHING /* We need a do-nothing function with a variable number of parameters */
/* see logging.c
* static inline void WOLFSSL_MSG_EX(const char* fmt, ...); */
#else #else
#define WOLFSSL_MSG_EX(...) WC_DO_NOTHING #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
#endif #endif
#endif #endif
WOLFSSL_API void WOLFSSL_MSG(const char* msg); WOLFSSL_API void WOLFSSL_MSG(const char* msg);
@@ -206,25 +358,51 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length); WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
#else #else
/* ! (defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)) */
#define WOLFSSL_ENTER(m) WC_DO_NOTHING #define WOLFSSL_ENTER(m) WC_DO_NOTHING
#define WOLFSSL_LEAVE(m, r) WC_DO_NOTHING #define WOLFSSL_LEAVE(m, r) WC_DO_NOTHING
#define WOLFSSL_STUB(m) WC_DO_NOTHING #define WOLFSSL_STUB(m) WC_DO_NOTHING
#define WOLFSSL_IS_DEBUG_ON() 0 #define WOLFSSL_IS_DEBUG_ON() 0
#ifdef WOLF_NO_VARIADIC_MACROS #ifdef WOLF_NO_VARIADIC_MACROS
/* note, modern preprocessors will generate errors with this definition. /* note, modern preprocessors will generate errors with this definition.
* "error: macro "WOLFSSL_MSG_EX" passed 2 arguments, but takes just 0" * "error: macro "WOLFSSL_MSG_EX" passed 2 arguments, but takes just 0"
*/ *
#define WOLFSSL_MSG_EX() WC_DO_NOTHING * #define WOLFSSL_MSG_EX(a, b) WC_DO_NOTHING
*
* We need a do-nothing function with a variable number of parameters: */
#ifdef __WATCOMC__
/* don't use WOLFSSL_API nor inline for Watcom stubs */
static void WOLFSSL_MSG_EX(const char* fmt, ...)
{
(void)fmt;
}
#else
WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
#endif
#else #else
#define WOLFSSL_MSG_EX(...) WC_DO_NOTHING #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
#endif #endif
#define WOLFSSL_MSG(m) WC_DO_NOTHING
#define WOLFSSL_BUFFER(b, l) WC_DO_NOTHING
#define WOLFSSL_MSG(m) WC_DO_NOTHING
#define WOLFSSL_BUFFER(b, l) WC_DO_NOTHING
#endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */ #endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */
/* A special case of certificate-related debug AND regular debug.
* WOLFSSL_MSG_CERT_LOG will always print during DEBUG_WOLFSSL
* even if cert debugging disabled with NO_WOLFSSL_DEBUG_CERTS.
*
* WOLFSSL_MSG_CERT_LOG will also print during WOLFSSL_DEBUG_CERTS
* even if standard DEBUG_WOLFSSL is not enabled. */
#if defined(DEBUG_WOLFSSL)
#define WOLFSSL_MSG_CERT_LOG(msg) WOLFSSL_MSG(msg)
#elif defined(WOLFSSL_DEBUG_CERTS)
#define WOLFSSL_MSG_CERT_LOG(msg) WOLFSSL_MSG_CERT(msg)
#else
#define WOLFSSL_MSG_CERT_LOG(msg) WC_DO_NOTHING
#endif
/* WOLFSSL_ERROR and WOLFSSL_HAVE_ERROR_QUEUE */
#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\ #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
@@ -305,10 +483,33 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
int dc_log_printf(char*, ...); int dc_log_printf(char*, ...);
#endif #endif
/* WOLFSSL_DEBUG_PRINTF_FN is intended to be used only in wolfssl_log(),
* but is exposed in header as a customer cross-platform debugging capability.
*
* All general wolfSSL debugging should use:
* WOLFSSL_MSG and WOLFSSL_MSG_EX
*
* All wolfSSL certificate-related debugging should use:
* WOLFSSL_MSG_CERT and WOLFSSL_MSG_CERT_EX
*
* For custom debugging output, define your own WOLFSSL_DEBUG_PRINTF_FN
*/
#ifdef WOLFSSL_DEBUG_PRINTF_FN #ifdef WOLFSSL_DEBUG_PRINTF_FN
/* user-supplied definition */ /* user-supplied definition */
#elif defined(ARDUINO) #elif defined(ARDUINO)
/* ARDUINO only has print and sprintf, no printf. */ /* ARDUINO only has print and sprintf, no printf. */
#elif defined(__WATCOMC__)
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_CERTS)
#include <stdio.h>
#define WOLFSSL_DEBUG_PRINTF_FN printf
#else
/* Watcom does not support variadic macros; we need a no-op function */
static int WOLFSSL_DEBUG_PRINTF(const char* fmt, ...)
{
(void)fmt;
return NOT_COMPILED_IN;
}
#endif /* __WATCOMC__ */
#elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS) #elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS)
#define WOLFSSL_DEBUG_PRINTF_FN printf #define WOLFSSL_DEBUG_PRINTF_FN printf
#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) #elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
@@ -350,10 +551,28 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
#define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
#endif #endif
#if defined(WOLFSSL_DEBUG_PRINTF_FN) && !defined(WOLFSSL_DEBUG_PRINTF) && \ #if defined(WOLFSSL_DEBUG_PRINTF_FN) && !defined(WOLFSSL_DEBUG_PRINTF)
!defined(WOLF_NO_VARIADIC_MACROS) #if defined(WOLF_NO_VARIADIC_MACROS)
#define WOLFSSL_DEBUG_PRINTF(...) \ #if defined(WOLFSSL_ESPIDF)
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS __VA_ARGS__) /* ESP-IDF supports variadic. Do not use WOLF_NO_VARIADIC_MACROS.
* This is only for WOLF_NO_VARIADIC_MACROS testing: */
#define WOLFSSL_DEBUG_PRINTF(a) \
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS, a)
#else
/* no variadic not defined for this platform */
#endif
#else
#define WOLFSSL_DEBUG_PRINTF(...) \
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS __VA_ARGS__)
#endif
#endif
/* Sanity Checks */
#if defined(WOLFSSL_DEBUG_ERRORS_ONLY) && defined(DEBUG_WOLFSSL)
#error "Failed: WOLFSSL_DEBUG_ERRORS_ONLY and DEBUG_WOLFSSL pick one"
#endif
#if defined(WOLFSSL_DEBUG_ERRORS_ONLY) && defined(WOLFSSL_DEBUG_CERTS)
#error "Failed: Cannot WOLFSSL_DEBUG_CERTS with WOLFSSL_DEBUG_ERRORS_ONLY"
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus

15
wolfssl/wolfcrypt/settings.h
View File

@@ -356,6 +356,12 @@
#warning "No configuration for wolfSSL detected, check header order" #warning "No configuration for wolfSSL detected, check header order"
#endif #endif
/* Ensure WOLFSSL_DEBUG_CERTS is always set when DEBUG_WOLFSSL is enabled */
#ifdef DEBUG_WOLFSSL
#undef WOLFSSL_DEBUG_CERTS
#define WOLFSSL_DEBUG_CERTS
#endif
#include <wolfssl/wolfcrypt/visibility.h> #include <wolfssl/wolfcrypt/visibility.h>
/*------------------------------------------------------------*/ /*------------------------------------------------------------*/
@@ -563,6 +569,9 @@
#define WOLFSSL_MAX_ERROR_SZ 200 #define WOLFSSL_MAX_ERROR_SZ 200
#endif #endif
/* Debug message do not need an additional LF for ESP_LOG */
#define WOLFSSL_DEBUG_LINE_ENDING ""
/* Parse any Kconfig / menuconfig items into wolfSSL macro equivalents. /* Parse any Kconfig / menuconfig items into wolfSSL macro equivalents.
* Macros may or may not be defined. If defined, they may have a value of * Macros may or may not be defined. If defined, they may have a value of
* *
@@ -4434,6 +4443,12 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#endif /* WOLFSSL_SYS_CA_CERTS */ #endif /* WOLFSSL_SYS_CA_CERTS */
#ifdef NO_WOLFSSL_DEBUG_CERTS
/* Simplify certificate debugging gate check with only WOLFSSL_DEBUG_CERTS.
* NO_WOLFSSL_DEBUG_CERTS prioritized over WOLFSSL_DEBUG_CERTS; disable: */
#undef WOLFSSL_DEBUG_CERTS
#endif
#if defined(SESSION_CACHE_DYNAMIC_MEM) && defined(PERSIST_SESSION_CACHE) #if defined(SESSION_CACHE_DYNAMIC_MEM) && defined(PERSIST_SESSION_CACHE)
#error "Dynamic session cache currently does not support persistent session cache." #error "Dynamic session cache currently does not support persistent session cache."
#endif #endif

3
wolfssl/wolfcrypt/types.h
View File

@@ -1482,6 +1482,9 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
#define XALIGNED(x) __attribute__ ( (aligned (x))) #define XALIGNED(x) __attribute__ ( (aligned (x)))
#elif defined(__KEIL__) #elif defined(__KEIL__)
#define XALIGNED(x) __align(x) #define XALIGNED(x) __align(x)
#elif defined(__WATCOMC__) /* && (_MSC_VER or !_MSC_VER) */
/* No align available for Open Watcom V2, expansion comment needed: */
#define XALIGNED(x) /* null expansion */
#elif defined(_MSC_VER) #elif defined(_MSC_VER)
/* disable align warning, we want alignment ! */ /* disable align warning, we want alignment ! */
#pragma warning(disable: 4324) #pragma warning(disable: 4324)

5
wolfssl/wolfcrypt/wc_port.h
View File

@@ -90,8 +90,11 @@
((__GNUC__ == 4) && (__GNUC_MINOR__ > 5))))) || \ ((__GNUC__ == 4) && (__GNUC_MINOR__ > 5))))) || \
defined(__clang__) defined(__clang__)
#define WC_DEPRECATED(msg) __attribute__((deprecated(msg))) #define WC_DEPRECATED(msg) __attribute__((deprecated(msg)))
#elif defined(__WATCOMC__)
/* Watcom macro needs to expand to something, here just a comment: */
#define WC_DEPRECATED(msg) /* null expansion */
#elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ #elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
defined(_WIN32_WCE) || defined(__WATCOMC__) defined(_WIN32_WCE)
#define WC_DEPRECATED(msg) __declspec(deprecated(msg)) #define WC_DEPRECATED(msg) __declspec(deprecated(msg))
#elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \ #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \
defined(__IAR_SYSTEMS_ICC__) defined(__IAR_SYSTEMS_ICC__)