wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6437 from julek-wolfssl/windows-crl-monitor

Browse Source 
Implement CRL monitor for Windows
This commit is contained in:
David Garske
2023-07-04 10:03:14 -07:00
committed by GitHub
parent 6028dfd394 7af1f0cf05
commit b682c2c4bb
22 changed files with 902 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
IDE/WIN/user_settings.h
View File

@@ -37,6 +37,9 @@
#define WC_RSA_BLINDING
#define NO_MULTIBYTE_PRINT
#define HAVE_CRL
#define HAVE_CRL_MONITOR
#if defined(WOLFSSL_LIB)
/* The lib */
#define OPENSSL_EXTRA

2
configure.ac
View File

@@ -8816,7 +8816,7 @@ rm cyassl/options.h.bak
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_LINUXKM" = "no"
then
SAVE_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS -I. -I$srcdir"
CFLAGS="$CFLAGS $DEFS -I. -I$srcdir"
if test "$ENABLED_INTEL_QA" = "yes"
then
CFLAGS="$CFLAGS $QAT_FLAGS"

85
examples/client/client.c
View File

@@ -138,6 +138,15 @@ static int lng_index = 0;
#endif
static int quieter = 0; /* Print fewer messages. This is helpful with overly
* ambitious log parsers. */
#define LOG_ERROR(...) \
do { \
if (!quieter) \
fprintf(stderr, __VA_ARGS__); \
} while(0)
#ifdef HAVE_SESSION_TICKET
#ifndef SESSION_TICKET_LEN
@@ -435,7 +444,7 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
}
} while (err == WC_PENDING_E);
if (ret != msgSz) {
fprintf(stderr, "SSL_write_early_data msg error %d, %s\n", err,
LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
@@ -455,7 +464,7 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
}
} while (err == WC_PENDING_E);
if (ret != msgSz) {
fprintf(stderr, "SSL_write_early_data msg error %d, %s\n", err,
LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
@@ -723,7 +732,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
}
} while (err == WC_PENDING_E);
if (ret != len) {
fprintf(stderr, "SSL_write bench error %d!\n", err);
LOG_ERROR("SSL_write bench error %d!\n", err);
if (!exitWithRet)
err_sys("SSL_write failed");
goto doExit;
@@ -749,7 +758,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
#endif
if (err != WOLFSSL_ERROR_WANT_READ &&
err != WOLFSSL_ERROR_WANT_WRITE) {
fprintf(stderr, "SSL_read bench error %d\n", err);
LOG_ERROR("SSL_read bench error %d\n", err);
err_sys("SSL_read failed");
}
}
@@ -943,7 +952,7 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
printf("Bidirectional shutdown complete\n");
}
if (ret != WOLFSSL_SUCCESS)
fprintf(stderr, "Bidirectional shutdown failed\n");
LOG_ERROR("Bidirectional shutdown failed\n");
}
return WOLFSSL_SUCCESS;
@@ -974,7 +983,7 @@ static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str
);
if (ret != msgSz) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
fprintf(stderr, "SSL_write%s msg error %d, %s\n", str, err,
LOG_ERROR("SSL_write%s msg error %d, %s\n", str, err,
wolfSSL_ERR_error_string(err, buffer));
if (!exitWithRet) {
err_sys("SSL_write failed");
@@ -1005,7 +1014,7 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
#endif
if (err != WOLFSSL_ERROR_WANT_READ &&
err != WOLFSSL_ERROR_WANT_WRITE && err != APP_DATA_READY) {
fprintf(stderr, "SSL_read reply error %d, %s\n", err,
LOG_ERROR("SSL_read reply error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
if (!exitWithRet) {
err_sys("SSL_read failed");
@@ -1021,7 +1030,7 @@ static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead,
|| err == WOLFSSL_ERROR_WANT_WRITE)) {
elapsed = current_time(0) - start;
if (elapsed > MAX_NON_BLOCK_SEC) {
fprintf(stderr, "Nonblocking read timeout\n");
LOG_ERROR("Nonblocking read timeout\n");
ret = WOLFSSL_FATAL_ERROR;
break;
}
@@ -1505,12 +1514,12 @@ static void showPeerPEM(WOLFSSL* ssl)
if (peer) {
WOLFSSL_BIO* bioOut = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
if (bioOut == NULL) {
fprintf(stderr, "failed to get bio on stdout\n");
LOG_ERROR("failed to get bio on stdout\n");
}
else {
if (wolfSSL_BIO_set_fp(bioOut, stdout, BIO_NOCLOSE)
!= WOLFSSL_SUCCESS) {
fprintf(stderr, "failed to set stdout to bio output\n");
LOG_ERROR("failed to set stdout to bio output\n");
wolfSSL_BIO_free(bioOut);
bioOut = NULL;
}
@@ -1751,7 +1760,7 @@ static int client_srtp_test(WOLFSSL *ssl, func_args *args)
ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
&srtp_secret_length);
if (ret != LENGTH_ONLY_E) {
fprintf(stderr, "DTLS SRTP: Error getting keying material length\n");
LOG_ERROR("DTLS SRTP: Error getting keying material length\n");
return ret;
}
@@ -1765,7 +1774,7 @@ static int client_srtp_test(WOLFSSL *ssl, func_args *args)
&srtp_secret_length);
if (ret != WOLFSSL_SUCCESS) {
XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
fprintf(stderr, "DTLS SRTP: Error getting keying material\n");
LOG_ERROR("DTLS SRTP: Error getting keying material\n");
return ret;
}
@@ -1862,6 +1871,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef NO_PSK
{ "openssl-psk", 0, 265 },
#endif
{ "quieter", 0, 266 },
{ 0, 0, 0 }
};
#endif
@@ -2597,7 +2607,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
nonBlocking = 1;
simulateWantWrite = 1;
#else
fprintf(stderr, "Ignoring -6 since async I/O support not "
LOG_ERROR("Ignoring -6 since async I/O support not "
"compiled in.\n");
#endif
break;
@@ -2696,6 +2706,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
opensslPsk = 1;
#endif
break;
case 266:
quieter = 1;
break;
default:
Usage();
XEXIT_T(MY_EX_USAGE);
@@ -2780,7 +2793,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
if (done) {
fprintf(stderr, "external test can't be run in this mode\n");
LOG_ERROR("external test can't be run in this mode\n");
((func_args*)args)->return_code = 0;
XEXIT_T(EXIT_SUCCESS);
@@ -2818,7 +2831,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef HAVE_SESSION_TICKET
if ((version >= 4) && resumeSession) {
fprintf(stderr, "Can't do TLS 1.3 resumption; need session tickets!\n");
LOG_ERROR("Can't do TLS 1.3 resumption; need session tickets!\n");
}
#endif
@@ -2831,7 +2844,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (usePqc) {
if (version == CLIENT_DOWNGRADE_VERSION ||
version == EITHER_DOWNGRADE_VERSION)
fprintf(stderr,
LOG_ERROR(
"WARNING: If a TLS 1.3 connection is not negotiated, you "
"will not be using a post-quantum group.\n");
else if (version != 4 && version != -4)
@@ -2928,11 +2941,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef DEBUG_WOLFSSL
/* print off helper buffer sizes for use with static memory
* printing to stderr in case of debug mode turned on */
fprintf(stderr, "static memory management size = %d\n",
LOG_ERROR("static memory management size = %d\n",
wolfSSL_MemoryPaddingSz());
fprintf(stderr, "calculated optimum general buffer size = %d\n",
LOG_ERROR("calculated optimum general buffer size = %d\n",
wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
fprintf(stderr, "calculated optimum IO buffer size = %d\n",
LOG_ERROR("calculated optimum IO buffer size = %d\n",
wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED));
#endif /* DEBUG_WOLFSSL */
@@ -3331,7 +3344,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret < 0) {
fprintf(stderr, "Async device open failed\nRunning without async\n");
LOG_ERROR("Async device open failed\nRunning without async\n");
}
wolfSSL_CTX_SetDevId(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
@@ -3469,7 +3482,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "Before creating SSL\n");
LOG_ERROR("Before creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
@@ -3560,7 +3573,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "After creating SSL\n");
LOG_ERROR("After creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
@@ -3796,7 +3809,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#endif
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
fprintf(stderr, "wolfSSL_connect error %d, %s\n", err,
LOG_ERROR("wolfSSL_connect error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
/* cleanup */
@@ -4052,7 +4065,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
fprintf(stderr, "wolfSSL_Rehandshake error %d, %s\n", err,
LOG_ERROR("wolfSSL_Rehandshake error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
@@ -4061,7 +4074,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
}
}
else {
fprintf(stderr, "not doing secure resumption with non-blocking");
LOG_ERROR("not doing secure resumption with non-blocking");
}
} else {
if (!resumeScr) {
@@ -4243,12 +4256,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
break;
}
else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
fprintf(stderr, "Bidirectional shutdown failed\n");
LOG_ERROR("Bidirectional shutdown failed\n");
break;
}
}
if (ret != WOLFSSL_SUCCESS)
fprintf(stderr, "Bidirectional shutdown failed\n");
LOG_ERROR("Bidirectional shutdown failed\n");
}
#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
if (atomicUser)
@@ -4260,8 +4273,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSL memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
LOG_ERROR("\nprint off SSL memory stats\n");
LOG_ERROR("*** This is memory state before wolfSSL_free is called\n");
wolfSSL_PrintStatsConn(&ssl_stats);
#endif
@@ -4384,7 +4397,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */
#endif
if (ret != WOLFSSL_SUCCESS) {
fprintf(stderr, "wolfSSL_connect resume error %d, %s\n", err,
LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
@@ -4397,7 +4410,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (wolfSSL_session_reused(sslResume))
printf("reused session id\n");
else
fprintf(stderr, "didn't reuse session id!!!\n");
LOG_ERROR("didn't reuse session id!!!\n");
#ifdef HAVE_ALPN
if (alpnList != NULL) {
@@ -4432,7 +4445,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
printf("Beginning secure renegotiation.\n");
if (wolfSSL_Rehandshake(sslResume) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(sslResume, 0);
fprintf(stderr, "err = %d, %s\n", err,
LOG_ERROR("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
@@ -4446,7 +4459,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
printf("Beginning secure resumption.\n");
if (wolfSSL_SecureResume(sslResume) != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(sslResume, 0);
fprintf(stderr, "err = %d, %s\n", err,
LOG_ERROR("err = %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(sslResume); sslResume = NULL;
wolfSSL_CTX_free(ctx); ctx = NULL;
@@ -4483,8 +4496,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
fprintf(stderr, "\nprint off SSLresume memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
LOG_ERROR("\nprint off SSLresume memory stats\n");
LOG_ERROR("*** This is memory state before wolfSSL_free is called\n");
wolfSSL_PrintStatsConn(&ssl_stats);
#endif
@@ -4503,7 +4516,7 @@ exit:
wolfsentry_ret =
wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX4(&wolfsentry, NULL));
if (wolfsentry_ret < 0) {
fprintf(stderr,
LOG_ERROR(
"wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n",
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
}

121
examples/server/server.c
View File

@@ -148,8 +148,16 @@ int catastrophic = 0; /* Use with -x flag to still exit when an error is
* cert to send to clients attempting to connect. The
* server should error out completely in that case
*/
static int quieter = 0; /* Print fewer messages. This is helpful with overly
* ambitious log parsers. */
static int lng_index = 0;
#define LOG_ERROR(...) \
do { \
if (!quieter) \
fprintf(stderr, __VA_ARGS__); \
} while(0)
#ifdef WOLFSSL_CALLBACKS
#if !defined(NO_OLD_TIMEVAL_NAME)
Timeval srvTo;
@@ -186,8 +194,8 @@ static int lng_index = 0;
static void err_sys_ex(int out, const char* msg)
{
if (out == 1) { /* if server is running w/ -x flag, print error w/o exit */
fprintf(stderr, "wolfSSL error: %s\n", msg);
fprintf(stderr, "Continuing server execution...\n\n");
LOG_ERROR("wolfSSL error: %s\n", msg);
LOG_ERROR("Continuing server execution...\n\n");
} else {
err_sys(msg);
}
@@ -448,7 +456,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
err != WOLFSSL_ERROR_WANT_WRITE &&
err != WOLFSSL_ERROR_ZERO_RETURN &&
err != APP_DATA_READY) {
fprintf(stderr, "SSL_read echo error %d\n", err);
LOG_ERROR("SSL_read echo error %d\n", err);
err_sys_ex(runWithErrors, "SSL_read failed");
break;
}
@@ -483,7 +491,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
}
} while (err == WC_PENDING_E);
if (ret != (int)min(len, rx_pos)) {
fprintf(stderr, "SSL_write echo error %d\n", err);
LOG_ERROR("SSL_write echo error %d\n", err);
err_sys_ex(runWithErrors, "SSL_write failed");
}
@@ -557,7 +565,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
#endif
#ifdef WOLFSSL_DTLS
if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) {
fprintf(stderr, "Dropped client's message due to a bad MAC\n");
LOG_ERROR("Dropped client's message due to a bad MAC\n");
}
else
#endif
@@ -568,7 +576,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
&& err != APP_DATA_READY
#endif
) {
fprintf(stderr, "SSL_read input error %d, %s\n", err,
LOG_ERROR("SSL_read input error %d, %s\n", err,
ERR_error_string(err, buffer));
err_sys_ex(runWithErrors, "SSL_read failed");
}
@@ -641,7 +649,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
} while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_WRITE);
if (ret != outputLen) {
char buffer[WOLFSSL_MAX_ERROR_SZ];
fprintf(stderr, "SSL_write msg error %d, %s\n", err,
LOG_ERROR("SSL_write msg error %d, %s\n", err,
ERR_error_string(err, buffer));
err_sys_ex(runWithErrors, "SSL_write failed");
}
@@ -1328,7 +1336,7 @@ static int server_srtp_test(WOLFSSL *ssl, func_args *args)
ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL,
&srtp_secret_length);
if (ret != LENGTH_ONLY_E) {
fprintf(stderr, "DTLS SRTP: Error getting key material length\n");
LOG_ERROR("DTLS SRTP: Error getting key material length\n");
return ret;
}
@@ -1342,7 +1350,7 @@ static int server_srtp_test(WOLFSSL *ssl, func_args *args)
&srtp_secret_length);
if (ret != WOLFSSL_SUCCESS) {
XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
fprintf(stderr, "DTLS SRTP: Error getting key material\n");
LOG_ERROR("DTLS SRTP: Error getting key material\n");
return ret;
}
@@ -1410,6 +1418,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef HAVE_SUPPORTED_CURVES
{"onlyPskDheKe", 2, 264},
#endif /* HAVE_SUPPORTED_CURVES */
#ifdef HAVE_CRL
{"crl-dir", 1, 265},
#endif
{"quieter", 0, 266},
{ 0, 0, 0 }
};
#endif
@@ -1531,6 +1543,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
int useDtlsCID = 0;
char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 };
#endif /* WOLFSSL_DTLS_CID */
#ifdef HAVE_CRL
char* crlDir = NULL;
#endif
#ifdef WOLFSSL_STATIC_MEMORY
/* Note: Actual memory used is much less, this is the entire buffer buckets,
@@ -2107,7 +2122,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
nonBlocking = 1;
simulateWantWrite = 1;
#else
fprintf(stderr, "Ignoring -6 since async I/O support not "
LOG_ERROR("Ignoring -6 since async I/O support not "
"compiled in.\n");
#endif
break;
@@ -2252,9 +2267,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (force_curve_group_id <= 0) {
if (lng_index == 1) {
/* TODO: Need Japanese translation */
fprintf(stderr, "Invalid curve '%s'\n", myoptarg);
LOG_ERROR("Invalid curve '%s'\n", myoptarg);
} else {
fprintf(stderr, "Invalid curve '%s'\n", myoptarg);
LOG_ERROR("Invalid curve '%s'\n", myoptarg);
}
XEXIT_T(EXIT_FAILURE);
}
@@ -2279,9 +2294,19 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef WOLFSSL_TLS13
onlyPskDheKe = 1;
#endif
#endif
break;
case 265:
#ifdef HAVE_CRL
crlDir = myoptarg;
#endif
break;
case 266:
quieter = 1;
break;
case -1:
default:
Usage();
XEXIT_T(MY_EX_USAGE);
@@ -2327,7 +2352,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifndef HAVE_SESSION_TICKET
if ((version >= 4) && resume) {
fprintf(stderr, "Can't do TLS 1.3 resumption; need session tickets!\n");
LOG_ERROR("Can't do TLS 1.3 resumption; need session tickets!\n");
}
#endif
@@ -2341,7 +2366,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (usePqc) {
if (version == SERVER_DOWNGRADE_VERSION ||
version == EITHER_DOWNGRADE_VERSION) {
fprintf(stderr,
LOG_ERROR(
"WARNING: If a TLS 1.3 connection is not negotiated, you "
"will not be using a post-quantum group.\n");
} else if (version != 4 && version != -4) {
@@ -2438,11 +2463,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef DEBUG_WOLFSSL
/* print off helper buffer sizes for use with static memory
* printing to stderr in case of debug mode turned on */
fprintf(stderr, "static memory management size = %d\n",
LOG_ERROR("static memory management size = %d\n",
wolfSSL_MemoryPaddingSz());
fprintf(stderr, "calculated optimum general buffer size = %d\n",
LOG_ERROR("calculated optimum general buffer size = %d\n",
wolfSSL_StaticBufferSz(memory, sizeof(memory), 0));
fprintf(stderr, "calculated optimum IO buffer size = %d\n",
LOG_ERROR("calculated optimum IO buffer size = %d\n",
wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED));
#endif /* DEBUG_WOLFSSL */
@@ -2823,7 +2848,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret < 0) {
fprintf(stderr, "Async device open failed\nRunning without async\n");
LOG_ERROR("Async device open failed\nRunning without async\n");
}
wolfSSL_CTX_SetDevId(ctx, devId);
#endif /* WOLFSSL_ASYNC_CRYPT */
@@ -2846,6 +2871,30 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
wolfSSL_CTX_NoTicketTLSv12(ctx);
#endif
#endif
#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
if (!disableCRL) {
/* Need to load CA's to confirm CRL signatures */
unsigned int verify_flags = 0;
#ifdef TEST_BEFORE_DATE
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif
if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0,
verify_flags) != WOLFSSL_SUCCESS) {
err_sys_ex(catastrophic,
"can't load ca file, Please run from wolfSSL home dir");
}
#ifdef HAVE_CRL_MONITOR
crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON;
#endif
if (wolfSSL_CTX_EnableCRL(ctx, 0) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "unable to enable CRL");
if (wolfSSL_CTX_LoadCRL(ctx, crlDir != NULL ? crlDir : crlPemDir,
WOLFSSL_FILETYPE_PEM, crlFlags) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "unable to load CRL");
if (wolfSSL_CTX_SetCRL_Cb(ctx, CRL_CallBack) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "unable to set CRL callback url");
}
#endif
while (1) {
@@ -2865,7 +2914,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
}
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "Before creating SSL\n");
LOG_ERROR("Before creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys_ex(runWithErrors, "ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
@@ -2954,7 +3003,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
fprintf(stderr, "After creating SSL\n");
LOG_ERROR("After creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys_ex(runWithErrors, "ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
@@ -3022,20 +3071,6 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifndef NO_HANDSHAKE_DONE_CB
wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
#endif
#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
if (!disableCRL) {
#ifdef HAVE_CRL_MONITOR
crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON;
#endif
if (wolfSSL_EnableCRL(ssl, 0) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "unable to enable CRL");
if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, crlFlags)
!= WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "unable to load CRL");
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "unable to set CRL callback url");
}
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
if (ocspUrl != NULL) {
@@ -3346,7 +3381,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#endif
if (ret != WOLFSSL_SUCCESS) {
err = SSL_get_error(ssl, 0);
fprintf(stderr, "SSL_accept error %d, %s\n", err,
LOG_ERROR("SSL_accept error %d, %s\n", err,
ERR_error_string(err, buffer));
if (!exitWithRet) {
err_sys_ex(runWithErrors, "SSL_accept failed");
@@ -3560,7 +3595,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
}
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
fprintf(stderr,
LOG_ERROR(
"wolfSSL_Rehandshake error %d, %s\n", err,
wolfSSL_ERR_error_string(err, buffer));
wolfSSL_free(ssl); ssl = NULL;
@@ -3620,10 +3655,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
if (sendTicket) {
if (wolfSSL_send_SessionTicket(ssl) != WOLFSSL_SUCCESS) {
fprintf(stderr, "Sending new session ticket failed\n");
LOG_ERROR("Sending new session ticket failed\n");
}
else {
fprintf(stderr, "New session ticket sent\n");
LOG_ERROR("New session ticket sent\n");
}
}
#endif
@@ -3692,12 +3727,12 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
break;
}
else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
fprintf(stderr, "Bidirectional shutdown failed\n");
LOG_ERROR("Bidirectional shutdown failed\n");
break;
}
}
if (ret != WOLFSSL_SUCCESS)
fprintf(stderr, "Bidirectional shutdown failed\n");
LOG_ERROR("Bidirectional shutdown failed\n");
}
/* display collected statistics */
@@ -3705,8 +3740,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
err_sys_ex(runWithErrors, "static memory was not used with ssl");
fprintf(stderr, "\nprint off SSL memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is "
LOG_ERROR("\nprint off SSL memory stats\n");
LOG_ERROR("*** This is memory state before wolfSSL_free is "
"called\n");
wolfSSL_PrintStatsConn(&ssl_stats);
@@ -3746,7 +3781,7 @@ exit:
wolfsentry_ret =
wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX4(&wolfsentry, NULL));
if (wolfsentry_ret < 0) {
fprintf(stderr,
LOG_ERROR(
"wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n",
WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret));
}

219
src/crl.c
View File

@@ -46,10 +46,11 @@ CRL Options:
#endif
#ifdef HAVE_CRL_MONITOR
#if (defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__))
static int StopMonitor(int mfd);
#if defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__) || \
defined(_MSC_VER)
static int StopMonitor(wolfSSL_CRL_mfd_t mfd);
#else
#error "CRL monitor only currently supported on linux or mach"
#error "CRL monitor only currently supported on linux or mach or windows"
#endif
#endif /* HAVE_CRL_MONITOR */
@@ -68,10 +69,10 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
crl->monitors[0].path = NULL;
crl->monitors[1].path = NULL;
#ifdef HAVE_CRL_MONITOR
crl->tid = 0;
crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
crl->tid = INVALID_THREAD_VAL;
crl->mfd = WOLFSSL_CRL_MFD_INIT_VAL;
crl->setup = 0; /* thread setup done predicate */
if (pthread_cond_init(&crl->cond, 0) != 0) {
if (wolfSSL_CondInit(&crl->cond) != 0) {
WOLFSSL_MSG("Pthread condition init failed");
return BAD_COND_E;
}
@@ -221,22 +222,18 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
}
#ifdef HAVE_CRL_MONITOR
if (crl->tid != 0) {
if (crl->tid != INVALID_THREAD_VAL) {
WOLFSSL_MSG("stopping monitor thread");
if (StopMonitor(crl->mfd) == 0) {
int _pthread_ret = pthread_join(crl->tid, NULL);
if (_pthread_ret != 0)
if (wolfSSL_JoinThread(crl->tid) != 0)
WOLFSSL_MSG("stop monitor failed in pthread_join");
}
else {
WOLFSSL_MSG("stop monitor failed");
}
}
{
int _pthread_ret = pthread_cond_destroy(&crl->cond);
if (_pthread_ret != 0)
if (wolfSSL_CondFree(&crl->cond) != 0)
WOLFSSL_MSG("pthread_cond_destroy failed in FreeCRL");
}
#endif
wc_FreeMutex(&crl->crlLock);
if (dynamic) /* free self */
@@ -931,15 +928,19 @@ static int SignalSetup(WOLFSSL_CRL* crl, int status)
int ret;
/* signal to calling thread we're setup */
#ifndef COND_NO_REQUIRE_LOCKED_MUTEX
if (wc_LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("wc_LockMutex crlLock failed");
return BAD_MUTEX_E;
}
#endif
crl->setup = status;
ret = pthread_cond_signal(&crl->cond);
ret = wolfSSL_CondSignal(&crl->cond);
#ifndef COND_NO_REQUIRE_LOCKED_MUTEX
wc_UnLockMutex(&crl->crlLock);
#endif
if (ret != 0)
return BAD_COND_E;
@@ -1035,7 +1036,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
#ifdef __MACH__
#define XEVENT_MODE O_EVTONLY
#elif defined(__FreeBSD__)
#define XEVENT_MODE EVFILT_VNODE
#define XEVENT_MODE O_RDONLY
#endif
@@ -1047,7 +1048,7 @@ static int SwapLists(WOLFSSL_CRL* crl)
/* shutdown monitor thread, 0 on success */
static int StopMonitor(int mfd)
static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
{
struct kevent change;
@@ -1063,7 +1064,7 @@ static int StopMonitor(int mfd)
/* OS X monitoring */
static void* DoMonitor(void* arg)
static THREAD_RETURN WOLFSSL_THREAD DoMonitor(void* arg)
{
int fPEM, fDER;
struct kevent change;
@@ -1114,11 +1115,11 @@ static void* DoMonitor(void* arg)
}
if (fPEM != -1)
EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_CLEAR,
NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
if (fDER != -1)
EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_CLEAR,
NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
/* signal to calling thread we're setup */
@@ -1180,7 +1181,7 @@ static void* DoMonitor(void* arg)
/* shutdown monitor thread, 0 on success */
static int StopMonitor(int mfd)
static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
{
word64 w64 = 1;
@@ -1195,7 +1196,7 @@ static int StopMonitor(int mfd)
/* linux monitoring */
static void* DoMonitor(void* arg)
static THREAD_RETURN WOLFSSL_THREAD DoMonitor(void* arg)
{
int notifyFd;
int wd = -1;
@@ -1326,7 +1327,145 @@ static void* DoMonitor(void* arg)
return NULL;
}
#endif /* MACH or linux */
#elif defined(_MSC_VER)
/* shutdown monitor thread, 0 on success */
static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
{
if (SetEvent(mfd) == 0) {
WOLFSSL_MSG("SetEvent custom event trigger failed");
return -1;
}
return 0;
}
#ifdef DEBUG_WOLFSSL
#define SHOW_WINDOWS_ERROR() do { \
LPVOID lpMsgBuf; \
DWORD dw = GetLastError(); \
FormatMessageA( \
FORMAT_MESSAGE_ALLOCATE_BUFFER | \
FORMAT_MESSAGE_FROM_SYSTEM | \
FORMAT_MESSAGE_IGNORE_INSERTS, \
NULL, \
dw, \
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), \
(LPSTR) &lpMsgBuf, \
0, NULL ); \
WOLFSSL_MSG_EX("DoMonitor failed with error %d: %s\n", \
dw, lpMsgBuf); \
LocalFree(lpMsgBuf); \
} while(0)
#else
#define SHOW_WINDOWS_ERROR()
#endif
#define DM_ERROR() do { \
SHOW_WINDOWS_ERROR(); \
status = MONITOR_SETUP_E; \
goto cleanup; \
} while(0)
/* windows monitoring
* Tested initially by hand by running
* .\server.exe -A certs/ca-cert.pem -i -x
* and connecting to with
* .\client.exe -C -c certs/server-cert.pem -k certs/server-key.pem
* This connection succeeds by default. By deleting all files from certs/crl
* except for crl.revoked we disallow the client to connect. Deleting files
* is done while the server is running to show that the monitor reacts to
* changes in the crl directory. */
static THREAD_RETURN WOLFSSL_THREAD DoMonitor(void* arg)
{
WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg;
int status = 0;
HANDLE handles[WOLFSSL_CRL_MONITORS_LEN + 1];
DWORD handlesLen = 0;
int i;
WOLFSSL_ENTER("DoMonitor");
handles[0] = crl->mfd = CreateEventA(NULL, FALSE, FALSE, NULL);
if (crl->mfd == NULL) {
WOLFSSL_MSG("CreateEventA failed");
DM_ERROR();
}
handlesLen++;
for (i = 0; i < WOLFSSL_CRL_MONITORS_LEN; i++) {
if (crl->monitors[i].path) {
handles[handlesLen] = FindFirstChangeNotificationA(
crl->monitors[i].path, TRUE,
/* Watch for any changes that may affect what CRL's we load.
* This may trigger on the same file multiple times but this
* way we are certain that we have the most up to date and
* accurate set of CRL's. We don't expect this to trigger
* often enough for it to be a bottleneck. */
FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_ATTRIBUTES |
FILE_NOTIFY_CHANGE_SIZE | FILE_NOTIFY_CHANGE_LAST_WRITE |
FILE_NOTIFY_CHANGE_SECURITY);
if (handles[handlesLen] == INVALID_HANDLE_VALUE) {
WOLFSSL_MSG("FindFirstChangeNotificationA failed");
DM_ERROR();
}
handlesLen++;
}
}
if (handlesLen == 1) {
WOLFSSL_MSG("Nothing to watch. Only custom event handle set.");
DM_ERROR();
}
if (SignalSetup(crl, 1) != 0) {
WOLFSSL_MSG("Call to SignalSetup failed");
DM_ERROR();
}
for (;;) {
DWORD waitRet = WaitForMultipleObjects(handlesLen, handles, FALSE,
INFINITE);
WOLFSSL_MSG("Got notify event");
if (waitRet >= WAIT_OBJECT_0 && waitRet < WAIT_OBJECT_0 + handlesLen) {
if (waitRet == WAIT_OBJECT_0) {
WOLFSSL_MSG("got custom shutdown event, breaking out");
break;
}
else if (SwapLists(crl) < 0) {
WOLFSSL_MSG("SwapLists problem, continue");
}
}
else {
WOLFSSL_MSG("Unexpected WaitForMultipleObjects return. Continue.");
}
for (i = 1; i < (int)handlesLen; i++) {
if (FindNextChangeNotification(handles[i]) == 0) {
WOLFSSL_MSG("FindNextChangeNotification failed");
DM_ERROR();
}
}
}
cleanup:
if (status != 0)
SignalSetup(crl, status);
for (i = 0; i < (int)handlesLen; i++) {
BOOL closeRet;
if (i == 0) /* First handle is our custom event */
closeRet = CloseHandle(handles[i]);
else
closeRet = FindCloseChangeNotification(handles[i]);
if (closeRet == 0) {
WOLFSSL_MSG("Failed to close handle");
}
}
crl->mfd = INVALID_HANDLE_VALUE;
return 0;
}
#endif /* MACH or linux or windows */
/* Start Monitoring the CRL path(s) in a thread */
@@ -1339,24 +1478,26 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl)
if (crl == NULL)
return BAD_FUNC_ARG;
if (crl->tid != 0) {
if (crl->tid != INVALID_THREAD_VAL) {
WOLFSSL_MSG("Monitor thread already running");
return ret; /* that's ok, someone already started */
}
if (pthread_create(&crl->tid, NULL, DoMonitor, crl) != 0) {
if (wolfSSL_NewThread(&crl->tid, DoMonitor, crl) != 0) {
WOLFSSL_MSG("Thread creation error");
return THREAD_CREATE_E;
}
#ifndef COND_NO_REQUIRE_LOCKED_MUTEX
/* wait for setup to complete */
if (wc_LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("wc_LockMutex crlLock error");
return BAD_MUTEX_E;
}
#endif
while (crl->setup == 0) {
if (pthread_cond_wait(&crl->cond, &crl->crlLock) != 0) {
if (wolfSSL_CondWait(&crl->cond, &crl->crlLock) != 0) {
ret = BAD_COND_E;
break;
}
@@ -1364,33 +1505,18 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl)
if (crl->setup < 0)
ret = crl->setup; /* store setup error */
#ifndef COND_NO_REQUIRE_LOCKED_MUTEX
wc_UnLockMutex(&crl->crlLock);
#endif
if (ret < 0) {
WOLFSSL_MSG("DoMonitor setup failure");
crl->tid = 0; /* thread already done */
crl->tid = INVALID_THREAD_VAL; /* thread already done */
}
return ret;
}
#else /* HAVE_CRL_MONITOR */
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
static int StartMonitorCRL(WOLFSSL_CRL* crl)
{
(void)crl;
WOLFSSL_ENTER("StartMonitorCRL");
WOLFSSL_MSG("Not compiled in");
return NOT_COMPILED_IN;
}
#endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
#endif /* HAVE_CRL_MONITOR */
#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
@@ -1451,13 +1577,14 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
#endif
if (monitor & WOLFSSL_CRL_MONITOR) {
#ifdef HAVE_CRL_MONITOR
word32 pathLen;
char* pathBuf;
WOLFSSL_MSG("monitor path requested");
pathLen = (word32)XSTRLEN(path);
pathBuf = (char*)XMALLOC(pathLen+1, crl->heap,DYNAMIC_TYPE_CRL_MONITOR);
pathBuf = (char*)XMALLOC(pathLen+1, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
if (pathBuf) {
XMEMCPY(pathBuf, path, pathLen+1);
@@ -1488,6 +1615,10 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor)
else {
ret = MEMORY_E;
}
#else
WOLFSSL_MSG("CRL monitoring requested but not compiled in");
ret = NOT_COMPILED_IN;
#endif
}
return ret;

1
src/internal.c
View File

@@ -13805,6 +13805,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* CA already verified above in ParseCertRelative */
WOLFSSL_MSG("Adding CA from chain");
SSL_CM_WARNING(ssl);
ret = AddCA(SSL_CM(ssl), &add, WOLFSSL_CHAIN_CA,
NO_VERIFY);
if (ret == WOLFSSL_SUCCESS) {

2
src/pk.c
View File

@@ -10209,7 +10209,7 @@ static int ec_point_convert_to_affine(const WOLFSSL_EC_GROUP *group,
WOLFSSL_EC_POINT *point)
{
int err = 0;
mp_digit mp;
mp_digit mp = 0;
#ifdef WOLFSSL_SMALL_STACK
mp_int* modulus;
#else

19
src/ssl.c
View File

@@ -7441,8 +7441,10 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
/* add trusted peer cert. der is freed within */
if (ctx != NULL)
ret = AddTrustedPeer(ctx->cm, &der, !ctx->verifyNone);
else
else {
SSL_CM_WARNING(ssl);
ret = AddTrustedPeer(SSL_CM(ssl), &der, !ssl->options.verifyNone);
}
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Error adding trusted peer");
}
@@ -8198,6 +8200,7 @@ int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff,
if (ssl == NULL || ssl->ctx == NULL)
return BAD_FUNC_ARG;
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerLoadCRLBuffer(SSL_CM(ssl), buff, sz, type);
}
@@ -8648,6 +8651,7 @@ int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
{
WOLFSSL_ENTER("wolfSSL_EnableOCSP");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options);
else
@@ -8657,6 +8661,7 @@ int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
int wolfSSL_DisableOCSP(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_DisableOCSP");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerDisableOCSP(SSL_CM(ssl));
else
@@ -8667,6 +8672,7 @@ int wolfSSL_DisableOCSP(WOLFSSL* ssl)
int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerEnableOCSPStapling(SSL_CM(ssl));
else
@@ -8676,6 +8682,7 @@ int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl)
int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerDisableOCSPStapling(SSL_CM(ssl));
else
@@ -8685,6 +8692,7 @@ int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl)
int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
{
WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url);
else
@@ -8696,6 +8704,7 @@ int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
{
WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
SSL_CM_WARNING(ssl);
if (ssl) {
ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */
return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl),
@@ -9484,6 +9493,7 @@ int wolfSSL_CertManagerLoadCRLFile(WOLFSSL_CERT_MANAGER* cm, const char* file,
int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
{
WOLFSSL_ENTER("wolfSSL_EnableCRL");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), options);
else
@@ -9494,6 +9504,7 @@ int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
int wolfSSL_DisableCRL(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_DisableCRL");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerDisableCRL(SSL_CM(ssl));
else
@@ -9504,6 +9515,7 @@ int wolfSSL_DisableCRL(WOLFSSL* ssl)
int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
{
WOLFSSL_ENTER("wolfSSL_LoadCRL");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor);
else
@@ -9513,6 +9525,7 @@ int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type)
{
WOLFSSL_ENTER("wolfSSL_LoadCRL");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type);
else
@@ -9524,6 +9537,7 @@ int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type)
int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
{
WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb);
else
@@ -9534,6 +9548,7 @@ int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb)
{
WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
SSL_CM_WARNING(ssl);
if (ssl)
return wolfSSL_CertManagerSetCRL_IOCb(SSL_CM(ssl), cb);
else
@@ -17117,6 +17132,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
if (ssl == NULL)
return BAD_FUNC_ARG;
SSL_CM_WARNING(ssl);
return wolfSSL_CertManagerUnload_trust_peers(SSL_CM(ssl));
}
#endif /* WOLFSSL_LOCAL_X509_STORE */
@@ -20773,6 +20789,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
if (ret == 0 && i == ssl->session->chain.count-1) {
/* On the last element in the chain try to add the CA chain
* first if we have one for this cert */
SSL_CM_WARNING(ssl);
if (PushCAx509Chain(SSL_CM(ssl), x509, sk)
== WOLFSSL_FATAL_ERROR) {
ret = WOLFSSL_FATAL_ERROR;

58
tests/api.c
View File

@@ -54592,50 +54592,58 @@ static int test_wolfSSL_CTX_LoadCRL(void)
const char* issuerCert = "./certs/client-cert.pem";
int derType = WOLFSSL_FILETYPE_ASN1;
int pemType = WOLFSSL_FILETYPE_PEM;
#ifdef HAVE_CRL_MONITOR
int monitor = WOLFSSL_CRL_MONITOR;
#else
int monitor = 0;
#endif
WOLFSSL_CERT_MANAGER* cm = NULL;
ExpectIntEQ(wolfSSL_CTX_LoadCRL(ctx, validPath, pemType, monitor),
BAD_FUNC_ARG);
#define FAIL_T1(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
BAD_FUNC_ARG)
#define FAIL_T2(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
NOT_COMPILED_IN)
#define SUCC_T(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \
WOLFSSL_SUCCESS)
#ifndef NO_WOLFSSL_CLIENT
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#define NEW_CTX(ctx) AssertNotNull( \
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))
#elif !defined(NO_WOLFSSL_SERVER)
#define NEW_CTX(ctx) AssertNotNull( \
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()))
#else
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#define NEW_CTX(ctx) return
#endif
ExpectIntEQ(wolfSSL_CTX_LoadCRL(ctx, validPath, pemType, monitor),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CTX_LoadCRL(ctx, badPath, pemType, monitor),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CTX_LoadCRL(ctx, badPath, derType, monitor),
WOLFSSL_SUCCESS);
FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
NEW_CTX(ctx);
#ifndef HAVE_CRL_MONITOR
FAIL_T2(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, WOLFSSL_CRL_MONITOR);
wolfSSL_CTX_free(ctx);
NEW_CTX(ctx);
#endif
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor);
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor);
wolfSSL_CTX_free(ctx);
ctx = NULL;
#ifndef NO_WOLFSSL_CLIENT
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
NEW_CTX(ctx);
ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, validFilePath, pemType),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, validFilePath, pemType), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
ctx = NULL;
#ifndef NO_WOLFSSL_CLIENT
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
NEW_CTX(ctx);
ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL),
WOLFSSL_SUCCESS);
ExpectNotNull(ssl = wolfSSL_new(ctx));
ExpectIntEQ(wolfSSL_LoadCRLFile(ssl, validFilePath, pemType),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_LoadCRLFile(ssl, validFilePath, pemType), WOLFSSL_SUCCESS);
wolfSSL_free(ssl);
ssl = NULL;
wolfSSL_CTX_free(ctx);

6
tests/suites.c
View File

@@ -61,7 +61,8 @@
#include "examples/client/client.h"
#include "examples/server/server.h"
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
!defined(SINGLE_THREADED)
static WOLFSSL_CTX* cipherSuiteCtx = NULL;
static char nonblockFlag[] = "-N";
static char noVerifyFlag[] = "-d";
@@ -791,7 +792,8 @@ static void test_harness(void* vargs)
int SuiteTest(int argc, char** argv)
{
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(SINGLE_THREADED)
func_args args;
char argv0[3][80];
char* myArgv[3];

5
tests/unit.c
View File

@@ -27,6 +27,7 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#include <stdio.h>
#include <tests/unit.h>
@@ -290,8 +291,9 @@ void wait_tcp_ready(func_args* args)
#endif
}
#ifndef SINGLE_THREADED
void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread)
{
#if defined(SINGLE_THREADED)
(void)fun;
@@ -341,4 +343,5 @@ void join_thread(THREAD_TYPE thread)
#endif
}
#endif /* SINGLE_THREADED */

252
testsuite/testsuite.c
View File

@@ -25,6 +25,7 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/ssl.h>
#include <wolfssl/test.h>
@@ -57,6 +58,10 @@ static THREAD_RETURN simple_test(func_args *args);
static void simple_test(func_args *args);
#endif
static int test_tls(func_args* server_args);
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
defined(HAVE_CRL) && defined(HAVE_CRL_MONITOR)
static int test_crl_monitor(void);
#endif
static void show_ciphers(void);
static void cleanup_output(void);
static int validate_cleanup_output(void);
@@ -214,6 +219,16 @@ int testsuite_test(int argc, char** argv)
cleanup_output();
return server_args.return_code;
}
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
defined(HAVE_CRL) && defined(HAVE_CRL_MONITOR)
ret = test_crl_monitor();
if (ret != 0) {
cleanup_output();
return ret;
}
#endif
#endif /* !NETOS */
show_ciphers();
@@ -246,6 +261,144 @@ int testsuite_test(int argc, char** argv)
return EXIT_SUCCESS;
}
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
defined(HAVE_CRL) && defined(HAVE_CRL_MONITOR)
#define CRL_MONITOR_TEST_ROUNDS 6
#define CRL_MONITOR_REM_FILE_ATTEMPTS 20
static int test_crl_monitor(void)
{
func_args server_args;
func_args client_args;
THREAD_TYPE serverThread;
tcp_ready ready;
char buf[128];
char tmpDir[16];
char rounds[4];
const char* serverArgv[] = {
"testsuite",
"-A", "certs/ca-cert.pem",
"--crl-dir", tmpDir,
"-C", rounds,
"--quieter",
"-x"
};
const char* clientArgv[] = {
"testsuite",
"-C",
"-c", "certs/server-cert.pem",
"-k", "certs/server-key.pem",
"--quieter",
"-H", "exitWithRet"
};
int ret = -1;
int i = -1, j;
printf("\nRunning CRL monitor test\n");
sprintf(rounds, "%d", CRL_MONITOR_TEST_ROUNDS);
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_args, 0, sizeof(func_args));
/* Create temp dir */
if (create_tmp_dir(tmpDir, sizeof(tmpDir) - 1) == NULL) {
fprintf(stderr, "Failed to create tmp dir");
goto cleanup;
}
server_args.argv = (char**)serverArgv;
server_args.argc = sizeof(serverArgv) / sizeof(*serverArgv);
client_args.signal = server_args.signal = &ready;
client_args.argv = (char**)clientArgv;
client_args.argc = sizeof(clientArgv) / sizeof(*clientArgv);
InitTcpReady(&ready);
start_thread(server_test, &server_args, &serverThread);
wait_tcp_ready(&server_args);
for (i = 0; i < CRL_MONITOR_TEST_ROUNDS; i++) {
int expectFail;
if (i % 2 == 0) {
/* succeed on even rounds */
sprintf(buf, "%s/%s", tmpDir, "crl.pem");
if (copy_file("certs/crl/crl.pem", buf) != 0) {
fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf);
goto cleanup;
}
sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
/* The monitor can be holding the file handle and this will cause
* the remove call to fail. Let's give the monitor a some time to
* finish up. */
for (j = 0; j < CRL_MONITOR_REM_FILE_ATTEMPTS; j++) {
/* i == 0 since there is nothing to delete in the first round */
if (i == 0 || rem_file(buf) == 0)
break;
XSLEEP_MS(100);
}
if (j == CRL_MONITOR_REM_FILE_ATTEMPTS) {
fprintf(stderr, "[%d] Failed to remove file %s\n", i, buf);
goto cleanup;
}
expectFail = 0;
}
else {
/* fail on odd rounds */
sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
if (copy_file("certs/crl/crl.revoked", buf) != 0) {
fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf);
goto cleanup;
}
sprintf(buf, "%s/%s", tmpDir, "crl.pem");
/* The monitor can be holding the file handle and this will cause
* the remove call to fail. Let's give the monitor a some time to
* finish up. */
for (j = 0; j < CRL_MONITOR_REM_FILE_ATTEMPTS; j++) {
if (rem_file(buf) == 0)
break;
XSLEEP_MS(100);
}
if (j == CRL_MONITOR_REM_FILE_ATTEMPTS) {
fprintf(stderr, "[%d] Failed to remove file %s\n", i, buf);
goto cleanup;
}
expectFail = 1;
}
/* Give server a moment to register the file change */
XSLEEP_MS(100);
client_args.return_code = 0;
client_test(&client_args);
if (!expectFail) {
if (client_args.return_code != 0) {
fprintf(stderr, "[%d] Incorrect return %d\n", i,
client_args.return_code);
goto cleanup;
}
}
else {
if (client_args.return_code == 0) {
fprintf(stderr, "[%d] Expected failure\n", i);
goto cleanup;
}
}
}
join_thread(serverThread);
ret = 0;
cleanup:
if (ret != 0 && i >= 0)
fprintf(stderr, "test_crl_monitor failed on iteration %d\n", i);
sprintf(buf, "%s/%s", tmpDir, "crl.pem");
rem_file(buf);
sprintf(buf, "%s/%s", tmpDir, "crl.revoked");
rem_file(buf);
(void)rem_dir(tmpDir);
return ret;
}
#endif
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \
(!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC))
/* Perform a basic TLS handshake.
@@ -263,6 +416,8 @@ static int test_tls(func_args* server_args)
char* myArgv[NUMARGS];
char arg[3][128];
printf("\nRunning TLS test\n");
/* Set up command line arguments for echoclient to send input file
* and write echoed data to temporary output file. */
myArgv[0] = arg[0];
@@ -374,6 +529,8 @@ static void simple_test(func_args* args)
char *cliArgv[NUMARGS];
char argvc[3][32];
printf("\nRunning simple test\n");
for (i = 0; i < 9; i++)
svrArgv[i] = argvs[i];
for (i = 0; i < 3; i++)
@@ -462,6 +619,7 @@ void wait_tcp_ready(func_args* args)
#endif /* thread checks */
}
#ifndef SINGLE_THREADED
/* Start a thread.
*
@@ -469,7 +627,7 @@ void wait_tcp_ready(func_args* args)
* @param [in] args Object to send to function in thread.
* @param [out] thread Handle to thread.
*/
void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread)
{
#if defined(HAVE_PTHREAD)
PTHREAD_CHECK_RET(pthread_create(thread, 0, fun, args));
@@ -529,8 +687,8 @@ void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
}
/* end if NETOS */
#else
/* custom / external thread type */
*thread = (THREAD_TYPE)_beginthreadex(0, 0, fun, args, 0, 0);
/* windows thread type */
*thread = (THREAD_TYPE)_beginthreadex(NULL, 0, fun, args, 0, 0);
#endif /* thread types */
}
@@ -554,7 +712,7 @@ void join_thread(THREAD_TYPE thread)
#elif defined(NETOS)
/* TODO: */
#else
int res = WaitForSingleObject((HANDLE)thread, INFINITE);
DWORD res = WaitForSingleObject((HANDLE)thread, INFINITE);
assert(res == WAIT_OBJECT_0);
res = CloseHandle((HANDLE)thread);
assert(res);
@@ -562,6 +720,92 @@ void join_thread(THREAD_TYPE thread)
#endif
}
#endif /* SINGLE_THREADED */
#ifndef NO_FILESYSTEM
#ifdef _MSC_VER
#include <direct.h>
#endif
#define TMP_DIR_PREFIX "tmpDir-"
/* len is length of tmpDir name, assuming
* len does not include null terminating character */
char* create_tmp_dir(char *tmpDir, int len)
{
if (len < (int)XSTR_SIZEOF(TMP_DIR_PREFIX))
return NULL;
XMEMCPY(tmpDir, TMP_DIR_PREFIX, XSTR_SIZEOF(TMP_DIR_PREFIX));
if (mymktemp(tmpDir, len, len - XSTR_SIZEOF(TMP_DIR_PREFIX)) == NULL)
return NULL;
#ifdef _MSC_VER
if (_mkdir(tmpDir) != 0)
return NULL;
#else
if (mkdir(tmpDir, 0700) != 0)
return NULL;
#endif
return tmpDir;
}
int rem_dir(const char* dirName)
{
#ifdef _MSC_VER
if (_rmdir(dirName) != 0)
return -1;
#else
if (rmdir(dirName) != 0)
return -1;
#endif
return 0;
}
int rem_file(const char* fileName)
{
#ifdef _MSC_VER
if (_unlink(fileName) != 0)
return -1;
#else
if (unlink(fileName) != 0)
return -1;
#endif
return 0;
}
int copy_file(const char* in, const char* out)
{
byte buf[100];
XFILE inFile = XBADFILE;
XFILE outFile = XBADFILE;
size_t sz;
int ret = -1;
inFile = XFOPEN(in, "rb");
if (inFile == XBADFILE)
goto cleanup;
outFile = XFOPEN(out, "wb");
if (outFile == XBADFILE)
goto cleanup;
while ((sz = XFREAD(buf, 1, sizeof(buf), inFile)) != 0) {
if (XFWRITE(buf, 1, sz, outFile) != sz)
goto cleanup;
}
ret = 0;
cleanup:
if (inFile != XBADFILE)
XFCLOSE(inFile);
if (outFile != XBADFILE)
XFCLOSE(outFile);
return ret;
}
#endif /* !NO_FILESYSTEM */
#ifndef NO_SHA256
/* Create SHA-256 hash of the file based on filename.

2
wolfcrypt/src/logging.c
View File

@@ -323,7 +323,7 @@ static void wolfssl_log(const int logLevel, const char *const logMessage)
#ifndef WOLFSSL_DEBUG_ERRORS_ONLY
#if !defined(_WIN32) && defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX)
#if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX)
#include <stdarg.h> /* for var args */
#ifndef WOLFSSL_MSG_EX_BUF_SZ
#define WOLFSSL_MSG_EX_BUF_SZ 100

173
wolfcrypt/src/wc_port.c
View File

@@ -3344,3 +3344,176 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
#include <wolfcrypt/src/port/arm/cryptoCellHash.c> /* sha256 */
#endif
#endif
#ifndef SINGLE_THREADED
#ifdef _MSC_VER
int wolfSSL_NewThread(THREAD_TYPE* thread,
THREAD_CB cb, void* arg)
{
if (thread == NULL || cb == NULL)
return BAD_FUNC_ARG;
/* Use _beginthreadex instead of _beginthread because of:
* _beginthreadex is safer to use than _beginthread. If the thread
* that's generated by _beginthread exits quickly, the handle that's
* returned to the caller of _beginthread might be invalid or point
* to another thread. However, the handle that's returned by
* _beginthreadex has to be closed by the caller of _beginthreadex,
* so it's guaranteed to be a valid handle if _beginthreadex didn't
* return an error.*/
*thread = _beginthreadex(NULL, 0, cb, arg, 0, NULL);
if (*thread == 0) {
*thread = INVALID_THREAD_VAL;
return MEMORY_E;
}
return 0;
}
int wolfSSL_JoinThread(THREAD_TYPE thread)
{
int ret = 0;
if (thread == INVALID_THREAD_VAL)
return BAD_FUNC_ARG;
/* We still want to attempt to close the thread handle even on error */
if (WaitForSingleObject((HANDLE)thread, INFINITE) == WAIT_FAILED)
ret = MEMORY_E;
if (CloseHandle((HANDLE)thread) == 0)
ret = MEMORY_E;
return ret;
}
#ifdef WOLFSSL_COND
int wolfSSL_CondInit(COND_TYPE* cond)
{
if (cond == NULL)
return BAD_FUNC_ARG;
*cond = CreateEventA(NULL, FALSE, FALSE, NULL);
if (*cond == NULL)
return MEMORY_E;
return 0;
}
int wolfSSL_CondFree(COND_TYPE* cond)
{
if (cond == NULL)
return BAD_FUNC_ARG;
if (CloseHandle(*cond) == 0)
return MEMORY_E;
return 0;
}
int wolfSSL_CondSignal(COND_TYPE* cond)
{
if (cond == NULL)
return BAD_FUNC_ARG;
if (SetEvent(*cond) == 0)
return MEMORY_E;
return 0;
}
int wolfSSL_CondWait(COND_TYPE* cond,
wolfSSL_Mutex* mutex)
{
(void)mutex;
if (cond == NULL)
return BAD_FUNC_ARG;
if (WaitForSingleObject(*cond, INFINITE) == WAIT_FAILED)
return MEMORY_E;
return 0;
}
#endif /* WOLFSSL_COND */
#elif defined(WOLFSSL_PTHREADS)
int wolfSSL_NewThread(THREAD_TYPE* thread,
THREAD_CB cb, void* arg)
{
if (thread == NULL || cb == NULL)
return BAD_FUNC_ARG;
if (pthread_create(thread, NULL, cb, arg) != 0)
return MEMORY_E;
return 0;
}
int wolfSSL_JoinThread(THREAD_TYPE thread)
{
if (thread == INVALID_THREAD_VAL)
return BAD_FUNC_ARG;
if (pthread_join(thread, NULL) != 0)
return MEMORY_E;
return 0;
}
#ifdef WOLFSSL_COND
int wolfSSL_CondInit(COND_TYPE* cond)
{
if (cond == NULL)
return BAD_FUNC_ARG;
if (pthread_cond_init(cond, NULL) != 0)
return MEMORY_E;
return 0;
}
int wolfSSL_CondFree(COND_TYPE* cond)
{
if (cond == NULL)
return BAD_FUNC_ARG;
if (pthread_cond_destroy(cond) != 0)
return MEMORY_E;
return 0;
}
int wolfSSL_CondSignal(COND_TYPE* cond)
{
if (cond == NULL)
return BAD_FUNC_ARG;
if (pthread_cond_signal(cond) != 0)
return MEMORY_E;
return 0;
}
int wolfSSL_CondWait(COND_TYPE* cond,
wolfSSL_Mutex* mutex)
{
if (cond == NULL || mutex == NULL)
return BAD_FUNC_ARG;
/* mutex has to be locked on entry so we can't touch */
if (pthread_cond_wait(cond, mutex) != 0)
return MEMORY_E;
return 0;
}
#endif /* WOLFSSL_COND */
#endif
#endif /* SINGLE_THREADED */

28
wolfssl/internal.h
View File

@@ -2408,6 +2408,19 @@ struct CRL_Monitor {
#undef HAVE_CRL_MONITOR
#endif
/* PEM and DER possible */
#define WOLFSSL_CRL_MONITORS_LEN (2)
#if defined(__MACH__) || defined(__FreeBSD__) || defined(__linux__)
typedef int wolfSSL_CRL_mfd_t; /* monitor fd, -1 if no init yet */
/* mfd for bsd is kqueue fd, eventfd for linux */
#define WOLFSSL_CRL_MFD_INIT_VAL (-1)
#elif defined(_MSC_VER)
typedef HANDLE wolfSSL_CRL_mfd_t; /* monitor fd, INVALID_HANDLE_VALUE if
* no init yet */
#define WOLFSSL_CRL_MFD_INIT_VAL (INVALID_HANDLE_VALUE)
#endif
/* wolfSSL CRL controller */
struct WOLFSSL_CRL {
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
@@ -2417,11 +2430,11 @@ struct WOLFSSL_CRL {
CbCrlIO crlIOCb;
#endif
wolfSSL_Mutex crlLock; /* CRL list lock */
CRL_Monitor monitors[2]; /* PEM and DER possible */
CRL_Monitor monitors[WOLFSSL_CRL_MONITORS_LEN];
#ifdef HAVE_CRL_MONITOR
pthread_cond_t cond; /* condition to signal setup */
pthread_t tid; /* monitoring thread */
int mfd; /* monitor fd, -1 if no init yet */
COND_TYPE cond; /* condition to signal setup */
THREAD_TYPE tid; /* monitoring thread */
wolfSSL_CRL_mfd_t mfd;
int setup; /* thread is setup predicate */
#endif
void* heap; /* heap hint for dynamic memory */
@@ -5670,6 +5683,13 @@ struct WOLFSSL {
#else
#define SSL_CM(ssl) (ssl)->ctx->cm
#endif
/* Issue warning when we are modifying the overall context CM */
#define SSL_CM_WARNING(ssl) \
do { \
if (SSL_CM( (ssl) ) == (ssl)->ctx->cm) { \
WOLFSSL_MSG("Modifying SSL_CTX CM not SSL specific CM"); \
} \
} while (0)
#define SSL_CA_NAMES(ssl) ((ssl)->ca_names != NULL ? (ssl)->ca_names : \
(ssl)->ctx->ca_names)

21
wolfssl/test.h
View File

@@ -633,14 +633,10 @@ typedef struct func_args {
void wait_tcp_ready(func_args* args);
#ifdef WOLFSSL_ZEPHYR
typedef void THREAD_FUNC(void*, void*, void*);
#else
typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
#endif
void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread);
#ifndef SINGLE_THREADED
void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread);
void join_thread(THREAD_TYPE thread);
#endif
typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
@@ -649,6 +645,17 @@ void test_wolfSSL_client_server_nofail_ex(callback_functions* client_cb,
void test_wolfSSL_client_server_nofail(callback_functions* client_cb,
callback_functions* server_cb);
/* Return
* tmpDir on success
* NULL on failure */
char* create_tmp_dir(char* tmpDir, int len);
/* Remaining functions return
* 0 on success
* -1 on failure */
int rem_dir(const char* dirName);
int rem_file(const char* fileName);
int copy_file(const char* in, const char* out);
/* wolfSSL */
#ifndef TEST_IPV6
static const char* const wolfSSLIP = "127.0.0.1";

2
wolfssl/wolfcrypt/logging.h
View File

@@ -166,7 +166,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
#define WOLFSSL_STUB(m) \
WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void);
#if !defined(_WIN32) && defined(XVSNPRINTF)
#if defined(XVSNPRINTF)
WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
#define HAVE_WOLFSSL_MSG_EX
#else

17
wolfssl/wolfcrypt/settings.h
View File

@@ -275,23 +275,6 @@
#include <wolfssl/wolfcrypt/visibility.h>
/* AFTER user_settings.h is loaded,
** determine if POSIX multi-threaded: HAVE_PTHREAD */
#if defined(SINGLE_THREADED) || defined(__MINGW32__)
/* Never HAVE_PTHREAD in single thread, or non-POSIX mode.
** Reminder: MING32 is win32 threads, not POSIX threads */
#undef HAVE_PTHREAD
#else
#ifdef _POSIX_THREADS
/* HAVE_PTHREAD == POSIX threads capable and enabled. */
#undef HAVE_PTHREAD
#define HAVE_PTHREAD 1
#else
/* Not manually disabled, but POSIX threads not found. */
#undef HAVE_PTHREAD
#endif
#endif
#define WOLFSSL_MAKE_FIPS_VERSION(major, minor) (((major) * 256) + (minor))
#if !defined(HAVE_FIPS)
#define WOLFSSL_FIPS_VERSION_CODE WOLFSSL_MAKE_FIPS_VERSION(0,0)

42
wolfssl/wolfcrypt/types.h
View File

@@ -1359,19 +1359,57 @@ typedef struct w64wrapper {
!defined(__MINGW32__)
typedef void* THREAD_RETURN;
typedef pthread_t THREAD_TYPE;
typedef pthread_cond_t COND_TYPE;
#define WOLFSSL_COND
#define WOLFSSL_THREAD
#define INFINITE (-1)
#define WAIT_OBJECT_0 0L
#elif defined(FREERTOS)
typedef unsigned int THREAD_RETURN;
typedef TaskHandle_t THREAD_TYPE;
#define WOLFSSL_THREAD
#elif defined(_MSC_VER)
typedef unsigned THREAD_RETURN;
typedef uintptr_t THREAD_TYPE;
typedef HANDLE COND_TYPE;
#define WOLFSSL_COND
#define INVALID_THREAD_VAL ((THREAD_TYPE)(INVALID_HANDLE_VALUE))
#define COND_NO_REQUIRE_LOCKED_MUTEX
#define WOLFSSL_THREAD __stdcall
#else
typedef unsigned int THREAD_RETURN;
typedef size_t THREAD_TYPE;
#define WOLFSSL_THREAD __stdcall
#endif
#ifndef SINGLE_THREADED
/* Necessary headers should already be included. */
/* We don't support returns from threads */
typedef THREAD_RETURN (WOLFSSL_THREAD *THREAD_CB)(void* arg);
#ifndef INVALID_THREAD_VAL
#define INVALID_THREAD_VAL ((THREAD_TYPE)(-1))
#endif
/* Internal wolfSSL threading interface. It does NOT need to be ported
* during initial porting efforts.
*
* It is currently used for:
* - CRL monitor */
WOLFSSL_LOCAL int wolfSSL_NewThread(THREAD_TYPE* thread,
THREAD_CB cb, void* arg);
WOLFSSL_LOCAL int wolfSSL_JoinThread(THREAD_TYPE thread);
#ifdef WOLFSSL_COND
WOLFSSL_LOCAL int wolfSSL_CondInit(COND_TYPE* cond);
WOLFSSL_LOCAL int wolfSSL_CondFree(COND_TYPE* cond);
WOLFSSL_LOCAL int wolfSSL_CondSignal(COND_TYPE* cond);
WOLFSSL_LOCAL int wolfSSL_CondWait(COND_TYPE* cond,
wolfSSL_Mutex* mutex);
#endif
#endif /* SINGLE_THREADED */
#if defined(HAVE_STACK_SIZE)
#define EXIT_TEST(ret) return (THREAD_RETURN)((size_t)(ret))
#else

20
wolfssl/wolfcrypt/wc_port.h
View File

@@ -77,6 +77,9 @@
#endif
#endif /* WOLFSSL_SGX */
#endif
#ifndef SINGLE_THREADED
#include <process.h>
#endif
#elif defined(THREADX)
#ifndef SINGLE_THREADED
#ifdef NEED_THREADX_TYPES
@@ -1157,6 +1160,23 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
#endif
#endif
/* AFTER user_settings.h is loaded,
** determine if POSIX multi-threaded: HAVE_PTHREAD */
#if defined(SINGLE_THREADED) || defined(__MINGW32__)
/* Never HAVE_PTHREAD in single thread, or non-POSIX mode.
** Reminder: MING32 is win32 threads, not POSIX threads */
#undef HAVE_PTHREAD
#else
/* _POSIX_THREADS is defined by unistd.h so this check needs to happen
* after we include all the platform relevant libs. */
#ifdef _POSIX_THREADS
/* HAVE_PTHREAD == POSIX threads capable and enabled. */
#undef HAVE_PTHREAD
#define HAVE_PTHREAD 1
#endif
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif

2
zephyr/samples/wolfssl_tls_sock/src/tls_sock.c
View File

@@ -294,7 +294,7 @@ static void wolfssl_memstats(WOLFSSL* ssl)
/* Start the server thread. */
void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
void start_thread(THREAD_CB func, func_args* args, THREAD_TYPE* thread)
{
k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
func, args, NULL, NULL, 5, 0, K_NO_WAIT);

2
zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c
View File

@@ -517,7 +517,7 @@ static void wolfssl_memstats(WOLFSSL* ssl)
/* Start the server thread. */
void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
void start_thread(THREAD_CB func, func_args* args, THREAD_TYPE* thread)
{
k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
func, args, NULL, NULL, 5, 0, K_NO_WAIT);