wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-10 16:14:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Introduce WOLFSSL_DEBUG_CERTS Certificate Debug Messages

Browse Source
This commit is contained in:
gojimmypi
2025-08-06 13:57:53 -07:00
parent 339f7efbf4
commit d64ef34ef8
17 changed files with 630 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/os-check.yml vendored
View File

@@ -57,7 +57,8 @@ jobs:
'--enable-opensslextra=x509small',
'CPPFLAGS=''-DWOLFSSL_EXTRA'' ',
'--enable-lms=small,verify-only --enable-xmss=small,verify-only',
'--disable-sys-ca-certs'
'--disable-sys-ca-certs',
'--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ',
]
name: make check
if: github.repository_owner == 'wolfssl'

23
CMakeLists.txt
View File

@@ -281,7 +281,28 @@ add_option("WOLFSSL_DEBUG"
"no" "yes;no")
if(WOLFSSL_DEBUG)
set(CMAKE_C_FLAGS "-g ${CMAKE_C_FLAGS}")
# Optional variable inspection
if (0)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
message(STATUS "")
endif()
if (CMAKE_C_COMPILER_ID STREQUAL "Watcom" OR CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom" OR CMAKE_GENERATOR STREQUAL "Watcom WMake")
# Open Watcom v2 does not support -g debugging
message(STATUS "Detected Watcom compiler, using CMAKE_C_FLAGS_DEBUG -d2")
set(CMAKE_C_FLAGS_DEBUG "-d2 ${CMAKE_C_FLAGS_DEBUG}")
else()
set(CMAKE_C_FLAGS "-g ${CMAKE_C_FLAGS}")
endif()
list(APPEND WOLFSSL_DEFINITIONS
"-DDEBUG_WOLFSSL"
"-DDEBUG")

9
src/crl.c
View File

@@ -39,6 +39,7 @@ CRL Options:
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifndef WOLFSSL_LINUXKM
#include <string.h>
@@ -791,7 +792,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
crl->currentEntry = CRL_Entry_new(crl->heap);
if (crl->currentEntry == NULL) {
WOLFSSL_MSG("alloc CRL Entry failed");
WOLFSSL_MSG_CERT_LOG("alloc CRL Entry failed");
#ifdef WOLFSSL_SMALL_STACK
XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -802,9 +803,11 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
InitDecodedCRL(dcrl, crl->heap);
ret = ParseCRL(crl->currentEntry->certs, dcrl, myBuffer, (word32)sz,
verify, crl->cm);
if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)
&& verify == NO_VERIFY)) {
WOLFSSL_MSG("ParseCRL error");
WOLFSSL_MSG_CERT_LOG("ParseCRL error");
WOLFSSL_MSG_CERT_EX("ParseCRL verify = %d, ret = %d", verify, ret);
CRL_Entry_free(crl->currentEntry, crl->heap);
crl->currentEntry = NULL;
}
@@ -812,7 +815,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
ret = AddCRL(crl, dcrl, myBuffer,
ret != WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E));
if (ret != 0) {
WOLFSSL_MSG("AddCRL error");
WOLFSSL_MSG_CERT_LOG("AddCRL error");
crl->currentEntry = NULL;
}
}

24
src/internal.c
View File

@@ -8025,7 +8025,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->secLevel = ctx->secLevel;
#endif /* WOLFSSL_SYS_CRYPTO_POLICY */
/* Returns 0 on success, not WOLFSSL_SUCCESS (1) */
WOLFSSL_MSG_EX("InitSSL done. return 0 (success)");
WOLFSSL_MSG("InitSSL done. return 0 (success)");
return 0;
}
@@ -15776,7 +15776,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) {
if (!ssl->options.usingAltCertChain) {
WOLFSSL_MSG("Trying alternate cert chain");
WOLFSSL_MSG_CERT_LOG(
"Trying alternate cert chain");
ssl->options.usingAltCertChain = 1;
}
@@ -15788,8 +15789,25 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* do not add to certificate manager */
skipAddCA = 1;
} /* ASN_NO_SIGNER_E || ASN_SELF_SIGNED_E */
} /* ret != 0 && isCA */
#else
/* Not defined: WOLFSSL_ALT_CERT_CHAINS
* When WOLFSSL_DEBUG_CERTS enabled, suggest solution */
#ifdef WOLFSSL_DEBUG_CERTS
if (ret != 0 && args->dCert->isCA) {
if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) {
WOLFSSL_MSG_CERT(
"Consider enabling WOLFSSL_ALT_CERT_CHAINS"
" to resolve ASN_NO_SIGNER_E");
}
}
if (ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) {
WOLFSSL_MSG_CERT(
"Consider enabling WOLFSSL_ALT_CERT_CHAINS"
" to resolve ASN_SELF_SIGNED_E");
}
} /* check alt-cert possible fixable error codes */
#endif
#endif /* WOLFSSL_ALT_CERT_CHAINS */
#if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS)

40
src/ssl.c
View File

@@ -5869,7 +5869,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#endif
DerBuffer* der = *pDer;
WOLFSSL_MSG("Adding a CA");
WOLFSSL_MSG_CERT_LOG("Adding a CA");
if (cm == NULL) {
FreeDer(pDer);
@@ -5893,8 +5893,34 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
}
#endif
WOLFSSL_MSG_CERT("\tParsing new CA");
ret = ParseCert(cert, CA_TYPE, verify, cm);
WOLFSSL_MSG("\tParsed new CA");
#ifdef WOLFSSL_DEBUG_CERTS
#ifdef WOLFSSL_SMALL_STACK
if (cert == NULL) {
WOLFSSL_MSG_CERT(WOLFSSL_MSG_CERT_INDENT "Failed; cert is NULL");
}
else
#endif
{
const char* err_msg;
if (ret == 0) {
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "issuer: '%s'",
cert->issuer);
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "subject: '%s'",
cert->subject);
}
else {
WOLFSSL_MSG_CERT(
WOLFSSL_MSG_CERT_INDENT "Failed during parse of new CA");
err_msg = wc_GetErrorString(ret);
WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "error ret: %d; %s",
ret, err_msg);
}
}
#endif /* WOLFSSL_DEBUG_CERTS */
#ifndef NO_SKID
subjectHash = cert->extSubjKeyId;
@@ -5903,7 +5929,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#endif
/* check CA key size */
if (verify) {
if (verify && (ret == 0 )) {
switch (cert->keyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
@@ -5913,7 +5939,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
if (cm->minRsaKeySz < 0 ||
cert->pubKeySize < (word16)cm->minRsaKeySz) {
ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG("\tCA RSA key size error");
WOLFSSL_MSG_CERT_LOG("\tCA RSA key size error");
WOLFSSL_MSG_CERT_EX("\tCA RSA pubKeySize = %d; "
"minRsaKeySz = %d",
cert->pubKeySize, cm->minRsaKeySz);
}
break;
#endif /* !NO_RSA */
@@ -5922,7 +5951,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
if (cm->minEccKeySz < 0 ||
cert->pubKeySize < (word16)cm->minEccKeySz) {
ret = ECC_KEY_SIZE_E;
WOLFSSL_MSG("\tCA ECC key size error");
WOLFSSL_MSG_CERT_LOG("\tCA ECC key size error");
WOLFSSL_MSG_CERT_EX("\tCA ECC pubKeySize = %d; "
"minEccKeySz = %d",
cert->pubKeySize, cm->minEccKeySz);
}
break;
#endif /* HAVE_ECC */

23
src/ssl_load.c
View File

@@ -28,6 +28,7 @@
*/
#ifdef WOLFSSL_SYS_CA_CERTS
/* Will be turned off automatically when NO_FILESYSTEM is defined */
#ifdef _WIN32
#define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
@@ -59,6 +60,8 @@
#endif
#else
#include <wolfssl/wolfcrypt/logging.h>
#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
/* PSK field of context when it exists. */
#define CTX_HAVE_PSK(ctx) (ctx)->havePSK
@@ -2721,7 +2724,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
&sz);
if ((ret == 0) && (type == DETECT_CERT_TYPE) &&
(format != WOLFSSL_FILETYPE_PEM)) {
WOLFSSL_MSG("Cannot detect certificate type when not PEM");
WOLFSSL_MSG_CERT_LOG("Cannot detect certificate type when not PEM");
ret = WOLFSSL_BAD_CERTTYPE;
}
/* Try to detect type by parsing cert header and footer. */
@@ -2729,17 +2732,24 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
#if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM)
const char* header = NULL;
const char* footer = NULL;
#ifdef HAVE_CRL
WOLFSSL_MSG_CERT("Detecting cert type... (including CRL_TYPE)");
#else
WOLFSSL_MSG_CERT("Detecting cert type... (HAVE_CRL not defined)");
#endif
/* Look for CA header and footer - same as CERT_TYPE. */
if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 &&
(XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) {
type = CA_TYPE;
WOLFSSL_DEBUG_PRINTF("Detected cert type CA_TYPE = %d:", type);
}
#ifdef HAVE_CRL
/* Look for CRL header and footer. */
else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
(XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) {
type = CRL_TYPE;
WOLFSSL_DEBUG_PRINTF("Detected cert type CRL_TYPE = %d:", type);
}
#endif
/* Look for cert header and footer - same as CA_TYPE. */
@@ -2747,12 +2757,13 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
(XSTRNSTR((char*)content.buffer, header, (word32)sz) !=
NULL)) {
type = CERT_TYPE;
WOLFSSL_DEBUG_PRINTF("Detected cert type CERT_TYPE = %d:", type);
}
else
#endif
#endif /* !NO_CODING && !WOLFSSL_NO_PEM */
{
/* Not a header that we support. */
WOLFSSL_MSG("Failed to detect certificate type");
WOLFSSL_MSG_CERT_LOG("Failed to detect certificate type");
#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
WOLFSSL_DEBUG_PRINTF(
"ERROR: ProcessFile: Failed to detect certificate type"
@@ -2761,17 +2772,19 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
#endif
ret = WOLFSSL_BAD_CERTTYPE;
}
}
} /* (ret == 0) && (type == DETECT_CERT_TYPE) */
if (ret == 0) {
/* When CA or trusted peer and PEM - process as a chain buffer. */
if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) &&
(format == WOLFSSL_FILETYPE_PEM)) {
WOLFSSL_MSG_CERT("Processing cert chain buffer...");
ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type,
verify, fname);
}
#ifdef HAVE_CRL
else if (type == CRL_TYPE) {
/* Load the CRL. */
WOLFSSL_MSG_CERT("Loading CRL...");
ret = BufferLoadCRL(crl, content.buffer, sz, format, verify);
}
#endif

1
src/wolfio.c
View File

@@ -40,6 +40,7 @@
#include <wolfssl/internal.h>
#include <wolfssl/error-ssl.h>
#include <wolfssl/wolfio.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NUCLEUS_PLUS_2_3
/* Holds last Nucleus networking error number */

9
wolfcrypt/src/asn.c
View File

@@ -25749,7 +25749,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
}
}
#endif /* IGNORE_NAME_CONSTRAINTS */
}
} /* cert->ca */
#ifdef WOLFSSL_CERT_REQ
else if (type == CERTREQ_TYPE) {
/* try to confirm/verify signature */
@@ -25813,7 +25813,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
#endif
else {
/* no signer */
WOLFSSL_MSG("No CA signer to verify with");
WOLFSSL_MSG_CERT_LOG("No CA signer to verify with");
/* If you end up here with error -188,
* consider using WOLFSSL_ALT_CERT_CHAINS. */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@@ -25826,10 +25826,11 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
#endif
{
WOLFSSL_ERROR_VERBOSE(ASN_NO_SIGNER_E);
WOLFSSL_MSG_CERT("Consider using WOLFSSL_ALT_CERT_CHAINS.");
return ASN_NO_SIGNER_E;
}
}
}
} /* verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE */
#if defined(WOLFSSL_NO_TRUSTED_CERTS_VERIFY) && !defined(NO_SKID)
exit_pcr:
@@ -25839,7 +25840,7 @@ exit_pcr:
if (verify != VERIFY_SKIP_DATE) {
return cert->badDate;
}
WOLFSSL_MSG("Date error: Verify option is skipping");
WOLFSSL_MSG_CERT_LOG("Date error: Verify option is skipping");
}
if (cert->criticalExt != 0)

267
wolfcrypt/src/logging.c
View File

@@ -115,7 +115,8 @@ THREAD_LS_T void *StackSizeCheck_stackOffsetPointer = 0;
#endif /* HAVE_STACK_SIZE_VERBOSE */
#ifdef DEBUG_WOLFSSL
#if defined(DEBUG_WOLFSSL) || \
(defined(WOLFSSL_DEBUG_CERTS) && !defined(NO_WOLFSSL_DEBUG_CERTS))
/* Set these to default values initially. */
static wolfSSL_Logging_cb log_function = NULL;
@@ -123,14 +124,58 @@ static wolfSSL_Logging_cb log_function = NULL;
#define WOLFSSL_LOGGINGENABLED_DEFAULT 0
#endif
static int loggingEnabled = WOLFSSL_LOGGINGENABLED_DEFAULT;
#ifndef WOLFSSL_CERT_LOG_ENABLED_DEFAULT
#define WOLFSSL_CERT_LOG_ENABLED_DEFAULT 0
#endif
#ifndef NO_WOLFSSL_DEBUG_CERTS
static int loggingCertEnabled = WOLFSSL_CERT_LOG_ENABLED_DEFAULT;
#endif
THREAD_LS_T const char* log_prefix = NULL;
#if defined(WOLFSSL_APACHE_MYNEWT)
#include "log/log.h"
static struct log mynewt_log;
#define WOLFSSL_APACHE_MYNEWT_NOT_INITALIZED 0
#define WOLFSSL_APACHE_MYNEWT_INITALIZED 1
static int loggingApacheNewtRegistered = WOLFSSL_APACHE_MYNEWT_NOT_INITALIZED;
#endif /* WOLFSSL_APACHE_MYNEWT */
#endif /* DEBUG_WOLFSSL || WOLFSSL_DEBUG_CERTS */
#endif /* DEBUG_WOLFSSL */
int wolfSSL_CertDebugging_ON(void)
{
/* Certificate debugging is also a subset of full debugging */
#if defined(WOLFSSL_DEBUG_CERTS) || defined(DEBUG_WOLFSSL)
#if defined(NO_WOLFSSL_DEBUG_CERTS)
return NOT_COMPILED_IN;
#else
loggingCertEnabled = 1;
#endif
#if defined(WOLFSSL_APACHE_MYNEWT)
if (loggingApacheNewtRegistered != WOLFSSL_APACHE_MYNEWT_INITALIZED) {
log_register("wolfcrypt", &mynewt_log, &log_console_handler,
NULL, LOG_SYSLEVEL);
loggingApacheNewtRegistered = WOLFSSL_APACHE_MYNEWT_INITALIZED;
}
#endif /* WOLFSSL_APACHE_MYNEWT */
return 0;
#else
return NOT_COMPILED_IN;
#endif
}
int wolfSSL_CertDebugging_OFF(void)
{
#if defined(WOLFSSL_DEBUG_CERTS) || defined(DEBUG_WOLFSSL)
#if defined(NO_WOLFSSL_DEBUG_CERTS)
return NOT_COMPILED_IN;
#else
loggingCertEnabled = 0;
#endif
return 0;
#else
return NOT_COMPILED_IN;
#endif
}
/* allow this to be set to NULL, so logs can be redirected to default output */
int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb f)
@@ -159,13 +204,22 @@ int wolfSSL_Debugging_ON(void)
{
#ifdef DEBUG_WOLFSSL
loggingEnabled = 1;
#if defined(WOLFSSL_APACHE_MYNEWT)
log_register("wolfcrypt", &mynewt_log, &log_console_handler, NULL, LOG_SYSLEVEL);
#endif /* WOLFSSL_APACHE_MYNEWT */
#ifndef NO_WOLFSSL_DEBUG_CERTS
/* Certificate debugging is enabled by default during DEBUG_WOLFSSL,
* unless explicitly disabled with NO_WOLFSSL_DEBUG_CERTS */
loggingCertEnabled = 1;
#endif
#if defined(WOLFSSL_APACHE_MYNEWT)
if (loggingApacheNewtRegistered != WOLFSSL_APACHE_MYNEWT_INITALIZED) {
log_register("wolfcrypt", &mynewt_log, &log_console_handler,
NULL, LOG_SYSLEVEL);
loggingApacheNewtRegistered = WOLFSSL_APACHE_MYNEWT_INITALIZED;
}
#endif /* WOLFSSL_APACHE_MYNEWT */
return 0;
#else
return NOT_COMPILED_IN;
#endif
#endif /* DEBUG_WOLFSSL */
}
@@ -173,12 +227,16 @@ void wolfSSL_Debugging_OFF(void)
{
#ifdef DEBUG_WOLFSSL
loggingEnabled = 0;
#ifndef NO_WOLFSSL_DEBUG_CERTS
loggingCertEnabled = 0;
#endif
#endif
}
void wolfSSL_SetLoggingPrefix(const char* prefix)
{
#ifdef DEBUG_WOLFSSL
#if defined(DEBUG_WOLFSSL) || \
(defined(WOLFSSL_DEBUG_CERTS) && !defined(NO_WOLFSSL_DEBUG_CERTS))
log_prefix = prefix;
#else
(void)prefix;
@@ -228,8 +286,8 @@ void WOLFSSL_TIME(int count)
}
#endif
#ifdef DEBUG_WOLFSSL
#if defined(DEBUG_WOLFSSL) || \
(defined(WOLFSSL_DEBUG_CERTS) && !defined(NO_WOLFSSL_DEBUG_CERTS))
#ifdef HAVE_STACK_SIZE_VERBOSE
#include <wolfssl/wolfcrypt/mem_track.h>
@@ -248,24 +306,33 @@ static void wolfssl_log(const int logLevel, const char* const file_name,
#elif defined(WOLFSSL_DEBUG_PRINTF_FN)
#ifdef WOLFSSL_MDK_ARM
fflush(stdout);
#endif
/* see settings.h for platform-specific line endings */
#ifndef WOLFSSL_DEBUG_LINE_ENDING
#define WOLFSSL_DEBUG_LINE_ENDING "\n"
#endif
if (log_prefix != NULL) {
if (file_name != NULL)
if (file_name != NULL) {
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"[%s]: [%s L %d] %s\n",
"[%s]: [%s L %d] %s" WOLFSSL_DEBUG_LINE_ENDING,
log_prefix, file_name, line_number, logMessage);
else
}
else {
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"[%s]: %s\n", log_prefix, logMessage);
} else {
if (file_name != NULL)
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"[%s L %d] %s\n",
file_name, line_number, logMessage);
else
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"%s\n", logMessage);
"[%s]: %s" WOLFSSL_DEBUG_LINE_ENDING, log_prefix, logMessage);
} /* file_name check */
}
else {
if (file_name != NULL) {
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"[%s L %d] %s" WOLFSSL_DEBUG_LINE_ENDING,
file_name, line_number, logMessage);
}
else {
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
"%s" WOLFSSL_DEBUG_LINE_ENDING, logMessage);
} /* file_name check */
} /* log_prefix check */
#ifdef WOLFSSL_MDK_ARM
fflush(stdout);
#endif
@@ -285,12 +352,89 @@ static void wolfssl_log(const int logLevel, const char* const file_name,
#ifndef WOLFSSL_DEBUG_ERRORS_ONLY
/* Certificate debugging available with either regular debugging
* DEBUG_WOLFSSL or just certificate debugging: WOLFSSL_DEBUG_CERTS */
#if (defined(WOLFSSL_DEBUG_CERTS) || defined(DEBUG_WOLFSSL)) && \
!defined(NO_WOLFSSL_DEBUG_CERTS)
#include <stdarg.h> /* for var args */
#ifndef WOLFSSL_MSG_CERT_BUF_SZ
#define WOLFSSL_MSG_CERT_BUF_SZ 140
#endif
int WOLFSSL_MSG_CERT(const char* msg)
{
/* Regular debug may have been compiled out */
(void)loggingEnabled;
if ((msg != NULL) && (loggingCertEnabled != 0)) {
wolfssl_log(CERT_LOG, NULL, 0, msg);
}
return 0;
}
#ifdef __clang__
/* tell clang argument 1 is format */
__attribute__((__format__ (__printf__, 1, 0)))
#endif
int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
{
/* Certificate logging output may have large messages */
#ifdef WOLFSSL_SMALL_STACK
char* msg;
msg = (char*)XMALLOC(WOLFSSL_MSG_CERT_BUF_SZ, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (msg == NULL) {
return MEMORY_E;
}
#else
char msg[WOLFSSL_MSG_CERT_BUF_SZ];
#endif
int written;
va_list args;
va_start(args, fmt);
/* Assume zero-terminated msg, len less than WOLFSSL_MSG_CERT_BUF_SZ */
written = XVSNPRINTF(msg, WOLFSSL_MSG_CERT_BUF_SZ, fmt, args);
va_end(args);
if ((written > 0) && (loggingCertEnabled =! 0)) {
wolfssl_log(INFO_LOG, NULL, 0, msg);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
} /* WOLFSSL_MSG_CERT_EX */
#else
/* !(DEBUG_WOLFSSL || WOLFSSL_DEBUG_CERTS) */
#ifdef WOLF_NO_VARIADIC_MACROS
#ifdef __WATCOMC__
/* Do-nothing implementation in header for OW Open Watcom V2 */
#else
int WOLFSSL_MSG_CERT(const char* msg)
{
(void)msg;
return NOT_COMPILED_IN;
}
int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
{
(void)fmt;
return NOT_COMPILED_IN;
}
#endif
#else
/* using a macro, see logging.h */
#endif
#endif /* DEBUG_WOLFSSL || WOLFSSL_DEBUG_CERTS */
#if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX)
#include <stdarg.h> /* for var args */
#ifndef WOLFSSL_MSG_EX_BUF_SZ
#define WOLFSSL_MSG_EX_BUF_SZ 100
#endif
#undef WOLFSSL_MSG_EX /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
#if !defined(WOLFSSL_MSG_EX) && defined(DEBUG_WOLFSSL)
#ifdef __clang__
/* tell clang argument 1 is format */
__attribute__((__format__ (__printf__, 1, 0)))
@@ -308,6 +452,7 @@ void WOLFSSL_MSG_EX(const char* fmt, ...)
wolfssl_log(INFO_LOG, NULL, 0, msg);
}
}
#endif
#ifdef WOLFSSL_DEBUG_CODEPOINTS
void WOLFSSL_MSG_EX2(const char *file, int line, const char* fmt, ...)
@@ -323,16 +468,24 @@ void WOLFSSL_MSG_EX2(const char *file, int line, const char* fmt, ...)
wolfssl_log(INFO_LOG, file, line, msg);
}
}
#endif
#endif /* WOLFSSL_DEBUG_CODEPOINTS */
#endif
#else
/* We need a do-nothing function when variadic macros not available */
#ifdef WOLF_NO_VARIADIC_MACROS
/* See header for same-name, do nothing functions */
#else
/* See header for same-name, do nothing macros */
#endif
#endif /* XVSNPRINTF && !NO_WOLFSSL_MSG_EX */
#undef WOLFSSL_MSG /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
#ifndef WOLFSSL_MSG
void WOLFSSL_MSG(const char* msg)
{
if (loggingEnabled)
wolfssl_log(INFO_LOG, NULL, 0, msg);
}
#endif
#ifdef WOLFSSL_DEBUG_CODEPOINTS
void WOLFSSL_MSG2(const char *file, int line, const char* msg)
@@ -342,6 +495,7 @@ void WOLFSSL_MSG2(const char *file, int line, const char* msg)
}
#endif
#ifndef WOLFSSL_BUFFER
#ifndef LINE_LEN
#define LINE_LEN 16
#endif
@@ -418,8 +572,9 @@ errout:
wolfssl_log(INFO_LOG, NULL, 0, "\t[Buffer error while rendering]");
}
#endif /* WOLFSSL_BUFFER */
#undef WOLFSSL_ENTER /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
#ifndef WOLFSSL_ENTER
void WOLFSSL_ENTER(const char* msg)
{
if (loggingEnabled) {
@@ -432,6 +587,7 @@ void WOLFSSL_ENTER(const char* msg)
wolfssl_log(ENTER_LOG, NULL, 0, buffer);
}
}
#endif /* WOLFSSL_ENTER */
#ifdef WOLFSSL_DEBUG_CODEPOINTS
void WOLFSSL_ENTER2(const char *file, int line, const char* msg)
@@ -446,9 +602,9 @@ void WOLFSSL_ENTER2(const char *file, int line, const char* msg)
wolfssl_log(ENTER_LOG, file, line, buffer);
}
}
#endif
#endif /* WOLFSSL_DEBUG_CODEPOINTS */
#undef WOLFSSL_LEAVE /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
#ifndef WOLFSSL_LEAVE
void WOLFSSL_LEAVE(const char* msg, int ret)
{
if (loggingEnabled) {
@@ -462,6 +618,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
wolfssl_log(LEAVE_LOG, NULL, 0, buffer);
}
}
#endif /* WOLFSSL_LEAVE */
#ifdef WOLFSSL_DEBUG_CODEPOINTS
void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret)
@@ -485,17 +642,67 @@ void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret)
#define WOLFSSL_ENTER(msg) WOLFSSL_ENTER2(__FILE__, __LINE__, msg)
#define WOLFSSL_LEAVE(msg, ret) WOLFSSL_LEAVE2(__FILE__, __LINE__, msg, ret)
#ifdef XVSNPRINTF
#define WOLFSSL_MSG_EX(fmt, args...) \
/* #define WOLFSSL_MSG_EX(fmt, args...) \
WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args)
*/
#endif
#endif
#ifndef WOLFSSL_IS_DEBUG_ON
int WOLFSSL_IS_DEBUG_ON(void)
{
return loggingEnabled;
}
#endif /* WOLFSSL_IS_DEBUG_ON */
#endif /* !WOLFSSL_DEBUG_ERRORS_ONLY */
#endif /* DEBUG_WOLFSSL */
#else
/* !(DEBUG_WOLFSSL || (WOLFSSL_DEBUG_CERTS && !NO_WOLFSSL_DEBUG_CERTS)) */
/*
* Create some no-op functions for compilers without variadic macros,
* other than Open Watcom V2.
*/
#ifdef WOLF_NO_VARIADIC_MACROS
/* no debug and cannot use variadic macros */
#ifdef __WATCOMC__
/* see logging.h for no-op Watcom implementation */
#else
int WOLFSSL_MSG_CERT(const char* msg)
{
(void)msg;
return NOT_COMPILED_IN;
}
int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
{
(void)fmt;
return NOT_COMPILED_IN;
}
#endif
#else
/* see logging.h for variadic macros */
#endif
#endif /* DEBUG_WOLFSSL || (WOLFSSL_DEBUG_CERTS && !NO_WOLFSSL_DEBUG_CERTS) */
/* Final catch for no-op WOLFSSL_MSG_EX needing implementation */
#ifdef __WATCOMC__
/* See no-op implementation as needed in logging.h */
#else
#ifdef DEBUG_WOLFSSL
/* The empty no-op function is not needed when debugging */
#else
#if defined(HAVE_WOLFSSL_MSG_EX) || defined(WOLF_NO_VARIADIC_MACROS)
void WOLFSSL_MSG_EX(const char* fmt, ...)
{
(void)fmt;
}
#else
/* See macro in header */
#endif
#endif
#endif
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) || defined(HAVE_MEMCACHED)

6
wolfcrypt/src/poly1305.c
View File

@@ -88,7 +88,9 @@ static word32 cpu_flags_set = 0;
#endif
#if defined(USE_INTEL_POLY1305_SPEEDUP) || defined(POLY130564)
#if defined(_MSC_VER)
#if defined(__WATCOMC__)
#error "POLY130564 || USE_INTEL_POLY1305_SPEEDUP Watcom not supported"
#elif defined(_MSC_VER)
#define POLY1305_NOINLINE __declspec(noinline)
#elif defined(__GNUC__)
#define POLY1305_NOINLINE __attribute__((noinline))
@@ -96,7 +98,7 @@ static word32 cpu_flags_set = 0;
#define POLY1305_NOINLINE
#endif
#if defined(_MSC_VER)
#if defined(_MSC_VER) && !(__WATCOMC__)
#include <intrin.h>
typedef struct word128 {

5
wolfcrypt/src/port/Espressif/esp32_util.c
View File

@@ -557,6 +557,11 @@ esp_err_t ShowExtendedSystemInfo_config(void)
show_macro("WOLFSSL_NO_CURRDIR", STR_IFNDEF(WOLFSSL_NO_CURRDIR));
show_macro("WOLFSSL_LWIP", STR_IFNDEF(WOLFSSL_LWIP));
show_macro("DEBUG_WOLFSSL", STR_IFNDEF(DEBUG_WOLFSSL));
show_macro("WOLFSSL_DEBUG_CERTS", STR_IFNDEF(WOLFSSL_DEBUG_CERTS));
show_macro("NO_WOLFSSL_DEBUG_CERTS", STR_IFNDEF(NO_WOLFSSL_DEBUG_CERTS));
show_macro("WOLFSSL_DEBUG_ERRORS_ONLY", STR_IFNDEF(WOLFSSL_DEBUG_ERRORS_ONLY));
ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
#if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT)
ESP_LOGI(TAG, "Compiler Optimization: Default");

5
wolfcrypt/src/rsa.c
View File

@@ -42,6 +42,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#endif
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef WOLFSSL_AFALG_XILINX_RSA
#include <wolfssl/wolfcrypt/port/af_alg/wc_afalg.h>
@@ -2748,7 +2749,7 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY) {
WOLFSSL_MSG("mp_exptmod_nct failed");
WOLFSSL_MSG_CERT_LOG("mp_exptmod_nct failed");
ret = MP_EXPTMOD_E;
}
break;
@@ -2845,7 +2846,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
*outLen = keyLen;
return RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
#endif /* WOLFSSL_SP_MATH */
}
} /* wc_RsaFunctionSync */
#endif /* WOLF_CRYPTO_CB_ONLY_RSA */
#endif

14
wolfcrypt/src/tfm.c
View File

@@ -44,6 +44,7 @@
#include <wolfssl/wolfcrypt/tfm.h>
#include <wolfcrypt/src/asm.c> /* will define asm MACROS or C ones */
#include <wolfssl/wolfcrypt/wolfmath.h> /* common functions */
#include <wolfssl/wolfcrypt/logging.h>
#ifdef WOLFSSL_ESPIDF
#include <esp_log.h>
@@ -3297,7 +3298,18 @@ int fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
#endif
/* handle modulus of zero and prevent overflows */
if (fp_iszero(P) || (P->used > (FP_SIZE/2))) {
if (fp_iszero(P)) {
return FP_VAL;
}
if (P->used > (FP_SIZE/2)) {
/* FP_MAX_BITS too small is a common cert failure cause */
#ifdef WOLFSSL_DEBUG_CERTS
WOLFSSL_MSG_CERT_EX("TFM fp_exptmod_nct failed: P.used (%d) > (FP_SIZE/2)"
"; FP_SIZE: %d; FP_MAX_SIZE: %d",
P->used, FP_SIZE, FP_MAX_BITS, FP_MAX_SIZE);
WOLFSSL_MSG_CERT_EX("Consider adjusting current FP_MAX_BITS: %d",
FP_MAX_BITS);
#endif
return FP_VAL;
}
if (fp_isone(P)) {

251
wolfssl/wolfcrypt/logging.h
View File

@@ -26,11 +26,109 @@
/* submitted by eof */
/*
* Enable wolfSSL debugging with DEBUG_WOLFSSL
*
* Certificate debugging is a subset of DEBUG_WOLFSSL but can be enabled
* exclusively with WOLFSSL_DEBUG_CERTS.
*
* When DEBUG_WOLFSSL is enabled, but the subset of certificate debugging
* is not desired, it can disabled with NO_WOLFSSL_DEBUG_CERTS
*
* ****************************************************************************
* Message / printf debugging
* ****************************************************************************
*
* WOLFSSL_DEBUG_PRINTF()
* Utility macro: A buffer-less, non-truncating debug message renderer.
* Unavailable on some targets, and has no default no-op definition,
* so the WOLFSSL_DEBUG_CERTIFICATE_LOADS gate is needed.
*
* WOLFSSL_DEBUG_PRINTF_FN(...)
* Used to supply an override definition of the target platform's printf-like
* function, and it is not function-like:
*
* #ifdef WOLFSSL_DEBUG_PRINTF_FN
* #define [user-supplied definition]
* #elif defined(ARDUINO)
* #warning ARDUINO only has print and sprintf, no printf on some targets.
* #elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS)
* #define WOLFSSL_DEBUG_PRINTF_FN printf
* [...]
*
* WOLFSSL_MSG_EX_BUF_SZ
* Re-definable macro: maximum length of WOLFSSL_MSG_EX debugging messages.
*
* WOLFSSL_MSG
* Single message parameter. Works everywhere.
*
* WOLFSSL_MSG_EX
* Variable number of parameters. Should be supported nearly everywhere.
*
* WOLFSSL_MSG_EX2
* Variable number of parameters. Should be supported nearly everywhere.
* Special case where first two parameters are const char *file, int line
*
* ****************************************************************************
* Certificate Debugging: a subset of DEBUG_WOLFSSL
* or can be used alone WOLFSSL_DEBUG_CERTS without all the debugging noise
* ****************************************************************************
*
* WOLFSSL_MSG_CERT_BUF_SZ
* Used by WOLFSSL_MSG_CERT and WOLFSSL_MSG_CERT_EX
* Re-definable macro: maximum length of debugging messages.
*
* WOLFSSL_MSG_CERT
* Single message parameter. Works everywhere.
* Print only during WOLFSSL_DEBUG_CERTS
*
* WOLFSSL_MSG_CERT_LOG
* Single message parameter. Works everywhere.
* Print during either DEBUG_WOLFSSL or WOLFSSL_DEBUG_CERTS
*
* WOLFSSL_MSG_CERT_EX
* Variable number of parameters. Should be supported nearly everywhere.
*
* When any of the above are disabled:
* With WOLF_NO_VARIADIC_MACROS a do nothing placeholder function is used.
* Otherwise, a do-nothing macro. See WC_DO_NOTHING
*
* Optional user callbacks:
* wolfSSL_SetLoggingCb(my_log_cb);
*
* To disable certificate debugging:
* Do not define WOLFSSL_DEBUG_CERTS when used without DEBUG_WOLFSSL
* or
* Define NO_WOLFSSL_DEBUG_CERTS when DEBUG_WOLFSSL is enabled
*
* If NO_WOLFSSL_DEBUG_CERTS is detected in settings.h, the respective
* WOLFSSL_DEBUG_CERTS will be undefined. The explicit NO_WOLFSSL_DEBUG_CERTS
* checks are still performed in logging source for code clarity only.
*
* ****************************************************************************
* At runtime with debugging enabled:
* ****************************************************************************
*
* Display debug messages:
* int wolfSSL_Debugging_ON(void)
* int wolfSSL_CertDebugging_ON(void)
*
* Disable debug messages until re-enabled at runtime:
* void wolfSSL_Debugging_OFF(void);
* int wolfSSL_CertDebugging_OFF(void)
*
* See also:
* int WOLFSSL_IS_DEBUG_ON(void)
*
* Note: does not detect or control WOLFSSL_DEBUG_PRINTF_FN usage
*
*/
#ifndef WOLFSSL_LOGGING_H
#define WOLFSSL_LOGGING_H
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef __cplusplus
extern "C" {
@@ -42,6 +140,7 @@ enum wc_LogLevels {
INFO_LOG,
ENTER_LOG,
LEAVE_LOG,
CERT_LOG,
OTHER_LOG
};
@@ -99,6 +198,11 @@ WOLFSSL_API wolfSSL_Logging_cb wolfSSL_GetLoggingCb(void);
WOLFSSL_API int wolfSSL_Debugging_ON(void);
/* turn logging off */
WOLFSSL_API void wolfSSL_Debugging_OFF(void);
/* turn cert debugging on, only if compiled in */
WOLFSSL_API int wolfSSL_CertDebugging_ON(void);
/* turn cert debugging off */
WOLFSSL_API int wolfSSL_CertDebugging_OFF(void);
WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
@@ -152,8 +256,52 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
#define WOLFSSL_TIME(n) WC_DO_NOTHING
#endif
/* Certificate Debugging: WOLFSSL_MSG_CERT */
#if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_DEBUG_CERTS) && \
(defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_CERTS))
#define HAVE_WOLFSSL_DEBUG_CERTS
#ifndef WOLFSSL_MSG_CERT_INDENT
#define WOLFSSL_MSG_CERT_INDENT "\t- "
#endif
WOLFSSL_API int WOLFSSL_MSG_CERT(const char* msg);
WOLFSSL_API int WOLFSSL_MSG_CERT_EX(const char* fmt, ...);
#else
/* No Certificate Debugging */
#undef WOLFSSL_DEBUG_CERTS
#ifndef WOLFSSL_MSG_CERT_INDENT
#define WOLFSSL_MSG_CERT_INDENT ""
#endif
#ifdef WOLF_NO_VARIADIC_MACROS
/* The issue is variadic macros, not function parameters. e.g Watcom
* Additionally, Watcom needs the empty declaration here: */
#ifdef __WATCOMC__
/* don't use WOLFSSL_API nor inline for Watcom stubs */
static int WOLFSSL_MSG_CERT(const char* msg)
{
(void)msg;
return NOT_COMPILED_IN;
}
static int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
{
(void)fmt;
return NOT_COMPILED_IN;
}
#else
WOLFSSL_API int WOLFSSL_MSG_CERT(const char* msg);
WOLFSSL_API int WOLFSSL_MSG_CERT_EX(const char* fmt, ...);
#endif
#else
/* Nearly all compilers will support variadic macros */
#define WOLFSSL_MSG_CERT(m) WC_DO_NOTHING
#define WOLFSSL_MSG_CERT_EX(...) WC_DO_NOTHING
#endif
#endif /* Certificate Debugging: WOLFSSL_MSG_CERT */
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)
#if defined(_WIN32)
#if defined(_WIN32) && !defined(__WATCOMC__)
#if defined(INTIME_RTOS)
#define __func__ NULL
#else
@@ -169,14 +317,18 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
#define WOLFSSL_STUB(m) \
WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void);
/* WOLFSSL_MSG_EX may not be available. Check with HAVE_WOLFSSL_MSG_EX */
#if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX)
WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
#define HAVE_WOLFSSL_MSG_EX
#else
#ifdef WOLF_NO_VARIADIC_MACROS
#define WOLFSSL_MSG_EX() WC_DO_NOTHING
/* We need a do-nothing function with a variable number of parameters */
/* see logging.c
* static inline void WOLFSSL_MSG_EX(const char* fmt, ...); */
#else
#define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
#define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
#endif
#endif
WOLFSSL_API void WOLFSSL_MSG(const char* msg);
@@ -206,25 +358,51 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
#else
#define WOLFSSL_ENTER(m) WC_DO_NOTHING
#define WOLFSSL_LEAVE(m, r) WC_DO_NOTHING
#define WOLFSSL_STUB(m) WC_DO_NOTHING
/* ! (defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)) */
#define WOLFSSL_ENTER(m) WC_DO_NOTHING
#define WOLFSSL_LEAVE(m, r) WC_DO_NOTHING
#define WOLFSSL_STUB(m) WC_DO_NOTHING
#define WOLFSSL_IS_DEBUG_ON() 0
#ifdef WOLF_NO_VARIADIC_MACROS
/* note, modern preprocessors will generate errors with this definition.
* "error: macro "WOLFSSL_MSG_EX" passed 2 arguments, but takes just 0"
*/
#define WOLFSSL_MSG_EX() WC_DO_NOTHING
*
* #define WOLFSSL_MSG_EX(a, b) WC_DO_NOTHING
*
* We need a do-nothing function with a variable number of parameters: */
#ifdef __WATCOMC__
/* don't use WOLFSSL_API nor inline for Watcom stubs */
static void WOLFSSL_MSG_EX(const char* fmt, ...)
{
(void)fmt;
}
#else
WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
#endif
#else
#define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
#define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
#endif
#define WOLFSSL_MSG(m) WC_DO_NOTHING
#define WOLFSSL_BUFFER(b, l) WC_DO_NOTHING
#define WOLFSSL_MSG(m) WC_DO_NOTHING
#define WOLFSSL_BUFFER(b, l) WC_DO_NOTHING
#endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */
/* A special case of certificate-related debug AND regular debug.
* WOLFSSL_MSG_CERT_LOG will always print during DEBUG_WOLFSSL
* even if cert debugging disabled with NO_WOLFSSL_DEBUG_CERTS.
*
* WOLFSSL_MSG_CERT_LOG will also print during WOLFSSL_DEBUG_CERTS
* even if standard DEBUG_WOLFSSL is not enabled. */
#if defined(DEBUG_WOLFSSL)
#define WOLFSSL_MSG_CERT_LOG(msg) WOLFSSL_MSG(msg)
#elif defined(WOLFSSL_DEBUG_CERTS)
#define WOLFSSL_MSG_CERT_LOG(msg) WOLFSSL_MSG_CERT(msg)
#else
#define WOLFSSL_MSG_CERT_LOG(msg) WC_DO_NOTHING
#endif
/* WOLFSSL_ERROR and WOLFSSL_HAVE_ERROR_QUEUE */
#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
@@ -305,10 +483,33 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
int dc_log_printf(char*, ...);
#endif
/* WOLFSSL_DEBUG_PRINTF_FN is intended to be used only in wolfssl_log(),
* but is exposed in header as a customer cross-platform debugging capability.
*
* All general wolfSSL debugging should use:
* WOLFSSL_MSG and WOLFSSL_MSG_EX
*
* All wolfSSL certificate-related debugging should use:
* WOLFSSL_MSG_CERT and WOLFSSL_MSG_CERT_EX
*
* For custom debugging output, define your own WOLFSSL_DEBUG_PRINTF_FN
*/
#ifdef WOLFSSL_DEBUG_PRINTF_FN
/* user-supplied definition */
#elif defined(ARDUINO)
/* ARDUINO only has print and sprintf, no printf. */
#elif defined(__WATCOMC__)
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_CERTS)
#include <stdio.h>
#define WOLFSSL_DEBUG_PRINTF_FN printf
#else
/* Watcom does not support variadic macros; we need a no-op function */
static int WOLFSSL_DEBUG_PRINTF(const char* fmt, ...)
{
(void)fmt;
return NOT_COMPILED_IN;
}
#endif /* __WATCOMC__ */
#elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS)
#define WOLFSSL_DEBUG_PRINTF_FN printf
#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
@@ -350,10 +551,28 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
#define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
#endif
#if defined(WOLFSSL_DEBUG_PRINTF_FN) && !defined(WOLFSSL_DEBUG_PRINTF) && \
!defined(WOLF_NO_VARIADIC_MACROS)
#define WOLFSSL_DEBUG_PRINTF(...) \
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS __VA_ARGS__)
#if defined(WOLFSSL_DEBUG_PRINTF_FN) && !defined(WOLFSSL_DEBUG_PRINTF)
#if defined(WOLF_NO_VARIADIC_MACROS)
#if defined(WOLFSSL_ESPIDF)
/* ESP-IDF supports variadic. Do not use WOLF_NO_VARIADIC_MACROS.
* This is only for WOLF_NO_VARIADIC_MACROS testing: */
#define WOLFSSL_DEBUG_PRINTF(a) \
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS, a)
#else
/* no variadic not defined for this platform */
#endif
#else
#define WOLFSSL_DEBUG_PRINTF(...) \
WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS __VA_ARGS__)
#endif
#endif
/* Sanity Checks */
#if defined(WOLFSSL_DEBUG_ERRORS_ONLY) && defined(DEBUG_WOLFSSL)
#error "Failed: WOLFSSL_DEBUG_ERRORS_ONLY and DEBUG_WOLFSSL pick one"
#endif
#if defined(WOLFSSL_DEBUG_ERRORS_ONLY) && defined(WOLFSSL_DEBUG_CERTS)
#error "Failed: Cannot WOLFSSL_DEBUG_CERTS with WOLFSSL_DEBUG_ERRORS_ONLY"
#endif
#ifdef __cplusplus

15
wolfssl/wolfcrypt/settings.h
View File

@@ -356,6 +356,12 @@
#warning "No configuration for wolfSSL detected, check header order"
#endif
/* Ensure WOLFSSL_DEBUG_CERTS is always set when DEBUG_WOLFSSL is enabled */
#ifdef DEBUG_WOLFSSL
#undef WOLFSSL_DEBUG_CERTS
#define WOLFSSL_DEBUG_CERTS
#endif
#include <wolfssl/wolfcrypt/visibility.h>
/*------------------------------------------------------------*/
@@ -563,6 +569,9 @@
#define WOLFSSL_MAX_ERROR_SZ 200
#endif
/* Debug message do not need an additional LF for ESP_LOG */
#define WOLFSSL_DEBUG_LINE_ENDING ""
/* Parse any Kconfig / menuconfig items into wolfSSL macro equivalents.
* Macros may or may not be defined. If defined, they may have a value of
*
@@ -4425,6 +4434,12 @@ extern void uITRON4_free(void *p) ;
#endif
#endif /* WOLFSSL_SYS_CA_CERTS */
#ifdef NO_WOLFSSL_DEBUG_CERTS
/* Simplify certificate debugging gate check with only WOLFSSL_DEBUG_CERTS.
* NO_WOLFSSL_DEBUG_CERTS prioritized over WOLFSSL_DEBUG_CERTS; disable: */
#undef WOLFSSL_DEBUG_CERTS
#endif
#if defined(SESSION_CACHE_DYNAMIC_MEM) && defined(PERSIST_SESSION_CACHE)
#error "Dynamic session cache currently does not support persistent session cache."
#endif

3
wolfssl/wolfcrypt/types.h
View File

@@ -1482,6 +1482,9 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
#define XALIGNED(x) __attribute__ ( (aligned (x)))
#elif defined(__KEIL__)
#define XALIGNED(x) __align(x)
#elif defined(__WATCOMC__) /* && (_MSC_VER or !_MSC_VER) */
/* No align available for Open Watcom V2, expansion comment needed: */
#define XALIGNED(x) /* null expansion */
#elif defined(_MSC_VER)
/* disable align warning, we want alignment ! */
#pragma warning(disable: 4324)

5
wolfssl/wolfcrypt/wc_port.h
View File

@@ -90,8 +90,11 @@
((__GNUC__ == 4) && (__GNUC_MINOR__ > 5))))) || \
defined(__clang__)
#define WC_DEPRECATED(msg) __attribute__((deprecated(msg)))
#elif defined(__WATCOMC__)
/* Watcom macro needs to expand to something, here just a comment: */
#define WC_DEPRECATED(msg) /* null expansion */
#elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
defined(_WIN32_WCE) || defined(__WATCOMC__)
defined(_WIN32_WCE)
#define WC_DEPRECATED(msg) __declspec(deprecated(msg))
#elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \
defined(__IAR_SYSTEMS_ICC__)