source: UsbWattMeter/trunk/wolfssl-3.7.0/src/io.c@ 167

Last change on this file since 167 was 167, checked in by coas-nagasima, 8 years ago

MIMEにSJISを設定
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/x-csrc; charset=SHIFT_JIS
File size: 33.4 KB
Line 
1/* io.c
2 *
3 * Copyright (C) 2006-2015 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL. (formerly known as CyaSSL)
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20 */
21
22
23#ifdef HAVE_CONFIG_H
24 #include <config.h>
25#endif
26
27#include <wolfssl/wolfcrypt/settings.h>
28
29#ifndef WOLFCRYPT_ONLY
30
31#ifdef _WIN32_WCE
32 /* On WinCE winsock2.h must be included before windows.h for socket stuff */
33 #include <winsock2.h>
34#endif
35
36#include <wolfssl/internal.h>
37#include <wolfssl/error-ssl.h>
38
39
40/* if user writes own I/O callbacks they can define WOLFSSL_USER_IO to remove
41 automatic setting of default I/O functions EmbedSend() and EmbedReceive()
42 but they'll still need SetCallback xxx() at end of file
43*/
44#ifndef WOLFSSL_USER_IO
45
46#ifdef HAVE_LIBZ
47 #include "zlib.h"
48#endif
49
50#ifndef USE_WINDOWS_API
51 #ifdef WOLFSSL_LWIP
52 /* lwIP needs to be configured to use sockets API in this mode */
53 /* LWIP_SOCKET 1 in lwip/opt.h or in build */
54 #include "lwip/sockets.h"
55 #include <errno.h>
56 #ifndef LWIP_PROVIDE_ERRNO
57 #define LWIP_PROVIDE_ERRNO 1
58 #endif
59 #elif defined(FREESCALE_MQX)
60 #include <posix.h>
61 #include <rtcs.h>
62 #elif defined(FREESCALE_KSDK_MQX)
63 #include <rtcs.h>
64 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
65 #if defined(WOLFSSL_MDK5) || defined(WOLFSSL_KEIL_TCP_NET)
66 #include "cmsis_os.h"
67 #else
68 #include <rtl.h>
69 #endif
70 #include "errno.h"
71 #define SOCKET_T int
72 #include "rl_net.h"
73 #elif defined(WOLFSSL_TIRTOS)
74 #include <sys/socket.h>
75 #elif defined(FREERTOS_TCP)
76 #include "FreeRTOS_Sockets.h"
77 #elif defined(WOLFSSL_IAR_ARM)
78 /* nothing */
79 #elif defined(WOLFSSL_VXWORKS)
80 #include <sockLib.h>
81 #include <errno.h>
82 #else
83 #include <sys/types.h>
84 #include <errno.h>
85 #ifndef EBSNET
86 #include <unistd.h>
87 #endif
88 #include <fcntl.h>
89 #if !(defined(DEVKITPRO) || defined(HAVE_RTP_SYS) || defined(EBSNET)) \
90 && !(defined(WOLFSSL_PICOTCP))
91 #include <sys/socket.h>
92 #include <arpa/inet.h>
93 #include <netinet/in.h>
94 #include <netdb.h>
95 #ifdef __PPU
96 #include <netex/errno.h>
97 #else
98 #include <sys/ioctl.h>
99 #endif
100 #endif
101 #ifdef HAVE_RTP_SYS
102 #include <socket.h>
103 #endif
104 #ifdef EBSNET
105 #include "rtipapi.h" /* errno */
106 #include "socket.h"
107 #endif
108 #endif
109#endif /* USE_WINDOWS_API */
110
111#ifdef __sun
112 #include <sys/filio.h>
113#endif
114
115#ifdef USE_WINDOWS_API
116 /* no epipe yet */
117 #ifndef WSAEPIPE
118 #define WSAEPIPE -12345
119 #endif
120 #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
121 #define SOCKET_EAGAIN WSAETIMEDOUT
122 #define SOCKET_ECONNRESET WSAECONNRESET
123 #define SOCKET_EINTR WSAEINTR
124 #define SOCKET_EPIPE WSAEPIPE
125 #define SOCKET_ECONNREFUSED WSAENOTCONN
126 #define SOCKET_ECONNABORTED WSAECONNABORTED
127 #define close(s) closesocket(s)
128#elif defined(__PPU)
129 #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK
130 #define SOCKET_EAGAIN SYS_NET_EAGAIN
131 #define SOCKET_ECONNRESET SYS_NET_ECONNRESET
132 #define SOCKET_EINTR SYS_NET_EINTR
133 #define SOCKET_EPIPE SYS_NET_EPIPE
134 #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
135 #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
136#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
137 #if MQX_USE_IO_OLD
138 /* RTCS old I/O doesn't have an EWOULDBLOCK */
139 #define SOCKET_EWOULDBLOCK EAGAIN
140 #define SOCKET_EAGAIN EAGAIN
141 #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET
142 #define SOCKET_EINTR EINTR
143 #define SOCKET_EPIPE EPIPE
144 #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
145 #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
146 #else
147 #define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK
148 #define SOCKET_EAGAIN NIO_EAGAIN
149 #define SOCKET_ECONNRESET NIO_ECONNRESET
150 #define SOCKET_EINTR NIO_EINTR
151 #define SOCKET_EPIPE NIO_EPIPE
152 #define SOCKET_ECONNREFUSED NIO_ECONNREFUSED
153 #define SOCKET_ECONNABORTED NIO_ECONNABORTED
154 #endif
155#elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET)
156 #if defined(WOLFSSL_MDK5)|| defined(WOLFSSL_KEIL_TCP_NET)
157 #define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK
158 #define SOCKET_EAGAIN BSD_ERROR_LOCKED
159 #define SOCKET_ECONNRESET BSD_ERROR_CLOSED
160 #define SOCKET_EINTR BSD_ERROR
161 #define SOCKET_EPIPE BSD_ERROR
162 #define SOCKET_ECONNREFUSED BSD_ERROR
163 #define SOCKET_ECONNABORTED BSD_ERROR
164 #else
165 #define SOCKET_EWOULDBLOCK SCK_EWOULDBLOCK
166 #define SOCKET_EAGAIN SCK_ELOCKED
167 #define SOCKET_ECONNRESET SCK_ECLOSED
168 #define SOCKET_EINTR SCK_ERROR
169 #define SOCKET_EPIPE SCK_ERROR
170 #define SOCKET_ECONNREFUSED SCK_ERROR
171 #define SOCKET_ECONNABORTED SCK_ERROR
172 #endif
173#elif defined(WOLFSSL_PICOTCP)
174 #define SOCKET_EWOULDBLOCK PICO_ERR_EAGAIN
175 #define SOCKET_EAGAIN PICO_ERR_EAGAIN
176 #define SOCKET_ECONNRESET PICO_ERR_ECONNRESET
177 #define SOCKET_EINTR PICO_ERR_EINTR
178 #define SOCKET_EPIPE PICO_ERR_EIO
179 #define SOCKET_ECONNREFUSED PICO_ERR_ECONNREFUSED
180 #define SOCKET_ECONNABORTED PICO_ERR_ESHUTDOWN
181#elif defined(FREERTOS_TCP)
182 #define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK
183 #define SOCKET_EAGAIN FREERTOS_EWOULDBLOCK
184 #define SOCKET_ECONNRESET FREERTOS_SOCKET_ERROR
185 #define SOCKET_EINTR FREERTOS_SOCKET_ERROR
186 #define SOCKET_EPIPE FREERTOS_SOCKET_ERROR
187 #define SOCKET_ECONNREFUSED FREERTOS_SOCKET_ERROR
188 #define SOCKET_ECONNABORTED FREERTOS_SOCKET_ERROR
189#else
190 #define SOCKET_EWOULDBLOCK EWOULDBLOCK
191 #define SOCKET_EAGAIN EAGAIN
192 #define SOCKET_ECONNRESET ECONNRESET
193 #define SOCKET_EINTR EINTR
194 #define SOCKET_EPIPE EPIPE
195 #define SOCKET_ECONNREFUSED ECONNREFUSED
196 #define SOCKET_ECONNABORTED ECONNABORTED
197#endif /* USE_WINDOWS_API */
198
199
200#ifdef DEVKITPRO
201 /* from network.h */
202 int net_send(int, const void*, int, unsigned int);
203 int net_recv(int, void*, int, unsigned int);
204 #define SEND_FUNCTION net_send
205 #define RECV_FUNCTION net_recv
206#elif defined(WOLFSSL_LWIP)
207 #define SEND_FUNCTION lwip_send
208 #define RECV_FUNCTION lwip_recv
209#elif defined(WOLFSSL_PICOTCP)
210 #define SEND_FUNCTION pico_send
211 #define RECV_FUNCTION pico_recv
212#elif defined(FREERTOS_TCP)
213 #define RECV_FUNCTION(a,b,c,d) FreeRTOS_recv((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d))
214 #define SEND_FUNCTION(a,b,c,d) FreeRTOS_send((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d))
215#else
216 #define SEND_FUNCTION send
217 #define RECV_FUNCTION recv
218#endif
219
220
221/* Translates return codes returned from
222 * send() and recv() if need be.
223 */
224static INLINE int TranslateReturnCode(int old, int sd)
225{
226 (void)sd;
227
228#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
229 if (old == 0) {
230 errno = SOCKET_EWOULDBLOCK;
231 return -1; /* convert to BSD style wouldblock as error */
232 }
233
234 if (old < 0) {
235 errno = RTCS_geterror(sd);
236 if (errno == RTCSERR_TCP_CONN_CLOSING)
237 return 0; /* convert to BSD style closing */
238 if (errno == RTCSERR_TCP_CONN_RLSD)
239 errno = SOCKET_ECONNRESET;
240 if (errno == RTCSERR_TCP_TIMED_OUT)
241 errno = SOCKET_EAGAIN;
242 }
243#endif
244
245 return old;
246}
247
248static INLINE int LastError(void)
249{
250#ifdef USE_WINDOWS_API
251 return WSAGetLastError();
252#elif defined(EBSNET)
253 return xn_getlasterror();
254#else
255 return errno;
256#endif
257}
258
259/* The receive embedded callback
260 * return : nb bytes read, or error
261 */
262int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
263{
264 int recvd;
265 int err;
266 int sd = *(int*)ctx;
267
268#ifdef WOLFSSL_DTLS
269 {
270 int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
271 if (wolfSSL_dtls(ssl)
272 && !wolfSSL_get_using_nonblock(ssl)
273 && dtls_timeout != 0) {
274 #ifdef USE_WINDOWS_API
275 DWORD timeout = dtls_timeout * 1000;
276 #else
277 struct timeval timeout;
278 XMEMSET(&timeout, 0, sizeof(timeout));
279 timeout.tv_sec = dtls_timeout;
280 #endif
281 if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
282 sizeof(timeout)) != 0) {
283 WOLFSSL_MSG("setsockopt rcvtimeo failed");
284 }
285 }
286 }
287#endif
288
289 recvd = (int)RECV_FUNCTION(sd, buf, sz, ssl->rflags);
290
291 recvd = TranslateReturnCode(recvd, sd);
292
293 if (recvd < 0) {
294 err = LastError();
295 WOLFSSL_MSG("Embed Receive error");
296
297 if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
298 if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
299 WOLFSSL_MSG(" Would block");
300 return WOLFSSL_CBIO_ERR_WANT_READ;
301 }
302 else {
303 WOLFSSL_MSG(" Socket timeout");
304 return WOLFSSL_CBIO_ERR_TIMEOUT;
305 }
306 }
307 else if (err == SOCKET_ECONNRESET) {
308 WOLFSSL_MSG(" Connection reset");
309 return WOLFSSL_CBIO_ERR_CONN_RST;
310 }
311 else if (err == SOCKET_EINTR) {
312 WOLFSSL_MSG(" Socket interrupted");
313 return WOLFSSL_CBIO_ERR_ISR;
314 }
315 else if (err == SOCKET_ECONNREFUSED) {
316 WOLFSSL_MSG(" Connection refused");
317 return WOLFSSL_CBIO_ERR_WANT_READ;
318 }
319 else if (err == SOCKET_ECONNABORTED) {
320 WOLFSSL_MSG(" Connection aborted");
321 return WOLFSSL_CBIO_ERR_CONN_CLOSE;
322 }
323 else {
324 WOLFSSL_MSG(" General error");
325 return WOLFSSL_CBIO_ERR_GENERAL;
326 }
327 }
328 else if (recvd == 0) {
329 WOLFSSL_MSG("Embed receive connection closed");
330 return WOLFSSL_CBIO_ERR_CONN_CLOSE;
331 }
332
333 return recvd;
334}
335
336/* The send embedded callback
337 * return : nb bytes sent, or error
338 */
339int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
340{
341 int sd = *(int*)ctx;
342 int sent;
343 int len = sz;
344 int err;
345
346 sent = (int)SEND_FUNCTION(sd, &buf[sz - len], len, ssl->wflags);
347
348 sent = TranslateReturnCode(sent, sd);
349
350 if (sent < 0) {
351 err = LastError();
352 WOLFSSL_MSG("Embed Send error");
353
354 if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
355 WOLFSSL_MSG(" Would Block");
356 return WOLFSSL_CBIO_ERR_WANT_WRITE;
357 }
358 else if (err == SOCKET_ECONNRESET) {
359 WOLFSSL_MSG(" Connection reset");
360 return WOLFSSL_CBIO_ERR_CONN_RST;
361 }
362 else if (err == SOCKET_EINTR) {
363 WOLFSSL_MSG(" Socket interrupted");
364 return WOLFSSL_CBIO_ERR_ISR;
365 }
366 else if (err == SOCKET_EPIPE) {
367 WOLFSSL_MSG(" Socket EPIPE");
368 return WOLFSSL_CBIO_ERR_CONN_CLOSE;
369 }
370 else {
371 WOLFSSL_MSG(" General error");
372 return WOLFSSL_CBIO_ERR_GENERAL;
373 }
374 }
375
376 return sent;
377}
378
379
380#ifdef WOLFSSL_DTLS
381
382#include <wolfssl/wolfcrypt/sha.h>
383
384#ifdef USE_WINDOWS_API
385 #define XSOCKLENT int
386#else
387 #define XSOCKLENT socklen_t
388#endif
389
390#define SENDTO_FUNCTION sendto
391#define RECVFROM_FUNCTION recvfrom
392
393
394/* The receive embedded callback
395 * return : nb bytes read, or error
396 */
397int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
398{
399 WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
400 int recvd;
401 int err;
402 int sd = dtlsCtx->fd;
403 int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
404 struct sockaddr_storage peer;
405 XSOCKLENT peerSz = sizeof(peer);
406
407 WOLFSSL_ENTER("EmbedReceiveFrom()");
408
409 if (!wolfSSL_get_using_nonblock(ssl) && dtls_timeout != 0) {
410 #ifdef USE_WINDOWS_API
411 DWORD timeout = dtls_timeout * 1000;
412 #else
413 struct timeval timeout;
414 XMEMSET(&timeout, 0, sizeof(timeout));
415 timeout.tv_sec = dtls_timeout;
416 #endif
417 if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
418 sizeof(timeout)) != 0) {
419 WOLFSSL_MSG("setsockopt rcvtimeo failed");
420 }
421 }
422
423 recvd = (int)RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
424 (struct sockaddr*)&peer, &peerSz);
425
426 recvd = TranslateReturnCode(recvd, sd);
427
428 if (recvd < 0) {
429 err = LastError();
430 WOLFSSL_MSG("Embed Receive From error");
431
432 if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
433 if (wolfSSL_get_using_nonblock(ssl)) {
434 WOLFSSL_MSG(" Would block");
435 return WOLFSSL_CBIO_ERR_WANT_READ;
436 }
437 else {
438 WOLFSSL_MSG(" Socket timeout");
439 return WOLFSSL_CBIO_ERR_TIMEOUT;
440 }
441 }
442 else if (err == SOCKET_ECONNRESET) {
443 WOLFSSL_MSG(" Connection reset");
444 return WOLFSSL_CBIO_ERR_CONN_RST;
445 }
446 else if (err == SOCKET_EINTR) {
447 WOLFSSL_MSG(" Socket interrupted");
448 return WOLFSSL_CBIO_ERR_ISR;
449 }
450 else if (err == SOCKET_ECONNREFUSED) {
451 WOLFSSL_MSG(" Connection refused");
452 return WOLFSSL_CBIO_ERR_WANT_READ;
453 }
454 else {
455 WOLFSSL_MSG(" General error");
456 return WOLFSSL_CBIO_ERR_GENERAL;
457 }
458 }
459 else {
460 if (dtlsCtx->peer.sz > 0
461 && peerSz != (XSOCKLENT)dtlsCtx->peer.sz
462 && memcmp(&peer, dtlsCtx->peer.sa, peerSz) != 0) {
463 WOLFSSL_MSG(" Ignored packet from invalid peer");
464 return WOLFSSL_CBIO_ERR_WANT_READ;
465 }
466 }
467
468 return recvd;
469}
470
471
472/* The send embedded callback
473 * return : nb bytes sent, or error
474 */
475int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
476{
477 WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
478 int sd = dtlsCtx->fd;
479 int sent;
480 int len = sz;
481 int err;
482
483 WOLFSSL_ENTER("EmbedSendTo()");
484
485 sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags,
486 (const struct sockaddr*)dtlsCtx->peer.sa,
487 dtlsCtx->peer.sz);
488
489 sent = TranslateReturnCode(sent, sd);
490
491 if (sent < 0) {
492 err = LastError();
493 WOLFSSL_MSG("Embed Send To error");
494
495 if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
496 WOLFSSL_MSG(" Would Block");
497 return WOLFSSL_CBIO_ERR_WANT_WRITE;
498 }
499 else if (err == SOCKET_ECONNRESET) {
500 WOLFSSL_MSG(" Connection reset");
501 return WOLFSSL_CBIO_ERR_CONN_RST;
502 }
503 else if (err == SOCKET_EINTR) {
504 WOLFSSL_MSG(" Socket interrupted");
505 return WOLFSSL_CBIO_ERR_ISR;
506 }
507 else if (err == SOCKET_EPIPE) {
508 WOLFSSL_MSG(" Socket EPIPE");
509 return WOLFSSL_CBIO_ERR_CONN_CLOSE;
510 }
511 else {
512 WOLFSSL_MSG(" General error");
513 return WOLFSSL_CBIO_ERR_GENERAL;
514 }
515 }
516
517 return sent;
518}
519
520
521/* The DTLS Generate Cookie callback
522 * return : number of bytes copied into buf, or error
523 */
524int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
525{
526 int sd = ssl->wfd;
527 struct sockaddr_storage peer;
528 XSOCKLENT peerSz = sizeof(peer);
529 byte digest[SHA_DIGEST_SIZE];
530 int ret = 0;
531
532 (void)ctx;
533
534 XMEMSET(&peer, 0, sizeof(peer));
535 if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) {
536 WOLFSSL_MSG("getpeername failed in EmbedGenerateCookie");
537 return GEN_COOKIE_E;
538 }
539
540 ret = wc_ShaHash((byte*)&peer, peerSz, digest);
541 if (ret != 0)
542 return ret;
543
544 if (sz > SHA_DIGEST_SIZE)
545 sz = SHA_DIGEST_SIZE;
546 XMEMCPY(buf, digest, sz);
547
548 return sz;
549}
550
551#endif /* WOLFSSL_DTLS */
552
553#ifdef HAVE_OCSP
554
555#include <stdlib.h> /* atoi() */
556
557
558static int Word16ToString(char* d, word16 number)
559{
560 int i = 0;
561
562 if (d != NULL) {
563 word16 order = 10000;
564 word16 digit;
565
566 if (number == 0) {
567 d[i++] = '0';
568 }
569 else {
570 while (order) {
571 digit = number / order;
572 if (i > 0 || digit != 0) {
573 d[i++] = (char)digit + '0';
574 }
575 if (digit != 0)
576 number %= digit * order;
577 if (order > 1)
578 order /= 10;
579 else
580 order = 0;
581 }
582 }
583 d[i] = 0;
584 }
585
586 return i;
587}
588
589
590static int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
591{
592 struct sockaddr_storage addr;
593 int sockaddr_len = sizeof(struct sockaddr_in);
594 XMEMSET(&addr, 0, sizeof(addr));
595
596 #ifdef HAVE_GETADDRINFO
597 {
598 struct addrinfo hints;
599 struct addrinfo* answer = NULL;
600 char strPort[6];
601
602 XMEMSET(&hints, 0, sizeof(hints));
603 hints.ai_family = AF_UNSPEC;
604 hints.ai_socktype = SOCK_STREAM;
605 hints.ai_protocol = IPPROTO_TCP;
606
607 if (Word16ToString(strPort, port) == 0) {
608 WOLFSSL_MSG("invalid port number for OCSP responder");
609 return -1;
610 }
611
612 if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) {
613 WOLFSSL_MSG("no addr info for OCSP responder");
614 return -1;
615 }
616
617 sockaddr_len = answer->ai_addrlen;
618 XMEMCPY(&addr, answer->ai_addr, sockaddr_len);
619 freeaddrinfo(answer);
620
621 }
622 #else /* HAVE_GETADDRINFO */
623 {
624 struct hostent* entry = gethostbyname(ip);
625 struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
626
627 if (entry) {
628 sin->sin_family = AF_INET;
629 sin->sin_port = htons(port);
630 XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0],
631 entry->h_length);
632 }
633 else {
634 WOLFSSL_MSG("no addr info for OCSP responder");
635 return -1;
636 }
637 }
638 #endif /* HAVE_GETADDRINFO */
639
640 *sockfd = socket(addr.ss_family, SOCK_STREAM, 0);
641
642#ifdef USE_WINDOWS_API
643 if (*sockfd == INVALID_SOCKET) {
644 WOLFSSL_MSG("bad socket fd, out of fds?");
645 return -1;
646 }
647#else
648 if (*sockfd < 0) {
649 WOLFSSL_MSG("bad socket fd, out of fds?");
650 return -1;
651 }
652#endif
653
654 if (connect(*sockfd, (struct sockaddr *)&addr, sockaddr_len) != 0) {
655 WOLFSSL_MSG("OCSP responder tcp connect failed");
656 return -1;
657 }
658
659 return 0;
660}
661
662
663static int build_http_request(const char* domainName, const char* path,
664 int ocspReqSz, byte* buf, int bufSize)
665{
666 word32 domainNameLen, pathLen, ocspReqSzStrLen, completeLen;
667 char ocspReqSzStr[6];
668
669 domainNameLen = (word32)XSTRLEN(domainName);
670 pathLen = (word32)XSTRLEN(path);
671 ocspReqSzStrLen = Word16ToString(ocspReqSzStr, (word16)ocspReqSz);
672
673 completeLen = domainNameLen + pathLen + ocspReqSzStrLen + 84;
674 if (completeLen > (word32)bufSize)
675 return 0;
676
677 XSTRNCPY((char*)buf, "POST ", 5);
678 buf += 5;
679 XSTRNCPY((char*)buf, path, pathLen);
680 buf += pathLen;
681 XSTRNCPY((char*)buf, " HTTP/1.1\r\nHost: ", 17);
682 buf += 17;
683 XSTRNCPY((char*)buf, domainName, domainNameLen);
684 buf += domainNameLen;
685 XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
686 buf += 18;
687 XSTRNCPY((char*)buf, ocspReqSzStr, ocspReqSzStrLen);
688 buf += ocspReqSzStrLen;
689 XSTRNCPY((char*)buf,
690 "\r\nContent-Type: application/ocsp-request\r\n\r\n", 44);
691
692 return completeLen;
693}
694
695
696static int decode_url(const char* url, int urlSz,
697 char* outName, char* outPath, word16* outPort)
698{
699 int result = -1;
700
701 if (outName != NULL && outPath != NULL && outPort != NULL)
702 {
703 if (url == NULL || urlSz == 0)
704 {
705 *outName = 0;
706 *outPath = 0;
707 *outPort = 0;
708 }
709 else
710 {
711 int i, cur;
712
713 /* need to break the url down into scheme, address, and port */
714 /* "http://example.com:8080/" */
715 /* "http://[::1]:443/" */
716 if (XSTRNCMP(url, "http://", 7) == 0) {
717 cur = 7;
718 } else cur = 0;
719
720 i = 0;
721 if (url[cur] == '[') {
722 cur++;
723 /* copy until ']' */
724 while (url[cur] != 0 && url[cur] != ']' && cur < urlSz) {
725 outName[i++] = url[cur++];
726 }
727 cur++; /* skip ']' */
728 }
729 else {
730 while (url[cur] != 0 && url[cur] != ':' &&
731 url[cur] != '/' && cur < urlSz) {
732 outName[i++] = url[cur++];
733 }
734 }
735 outName[i] = 0;
736 /* Need to pick out the path after the domain name */
737
738 if (cur < urlSz && url[cur] == ':') {
739 char port[6];
740 int j;
741 word32 bigPort = 0;
742 i = 0;
743 cur++;
744 while (cur < urlSz && url[cur] != 0 && url[cur] != '/' &&
745 i < 6) {
746 port[i++] = url[cur++];
747 }
748
749 for (j = 0; j < i; j++) {
750 if (port[j] < '0' || port[j] > '9') return -1;
751 bigPort = (bigPort * 10) + (port[j] - '0');
752 }
753 *outPort = (word16)bigPort;
754 }
755 else
756 *outPort = 80;
757
758 if (cur < urlSz && url[cur] == '/') {
759 i = 0;
760 while (cur < urlSz && url[cur] != 0 && i < 80) {
761 outPath[i++] = url[cur++];
762 }
763 outPath[i] = 0;
764 }
765 else {
766 outPath[0] = '/';
767 outPath[1] = 0;
768 }
769 result = 0;
770 }
771 }
772
773 return result;
774}
775
776
777/* return: >0 OCSP Response Size
778 * -1 error */
779static int process_http_response(int sfd, byte** respBuf,
780 byte* httpBuf, int httpBufSz)
781{
782 int result;
783 int len = 0;
784 char *start, *end;
785 byte *recvBuf = NULL;
786 int recvBufSz = 0;
787 enum phr_state { phr_init, phr_http_start, phr_have_length,
788 phr_have_type, phr_wait_end, phr_http_end
789 } state = phr_init;
790
791 start = end = NULL;
792 do {
793 if (end == NULL) {
794 result = (int)recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
795 if (result > 0) {
796 len += result;
797 start = (char*)httpBuf;
798 start[len] = 0;
799 }
800 else {
801 WOLFSSL_MSG("process_http_response recv http from peer failed");
802 return -1;
803 }
804 }
805 end = XSTRSTR(start, "\r\n");
806
807 if (end == NULL) {
808 if (len != 0)
809 XMEMMOVE(httpBuf, start, len);
810 start = end = NULL;
811 }
812 else if (end == start) {
813 if (state == phr_wait_end) {
814 state = phr_http_end;
815 len -= 2;
816 start += 2;
817 }
818 else {
819 WOLFSSL_MSG("process_http_response header ended early");
820 return -1;
821 }
822 }
823 else {
824 *end = 0;
825 len -= (int)(end - start) + 2;
826 /* adjust len to remove the first line including the /r/n */
827
828 if (XSTRNCASECMP(start, "HTTP/1", 6) == 0) {
829 start += 9;
830 if (XSTRNCASECMP(start, "200 OK", 6) != 0 ||
831 state != phr_init) {
832 WOLFSSL_MSG("process_http_response not OK");
833 return -1;
834 }
835 state = phr_http_start;
836 }
837 else if (XSTRNCASECMP(start, "Content-Type:", 13) == 0) {
838 start += 13;
839 while (*start == ' ' && *start != '\0') start++;
840 if (XSTRNCASECMP(start, "application/ocsp-response", 25) != 0) {
841 WOLFSSL_MSG("process_http_response not ocsp-response");
842 return -1;
843 }
844
845 if (state == phr_http_start) state = phr_have_type;
846 else if (state == phr_have_length) state = phr_wait_end;
847 else {
848 WOLFSSL_MSG("process_http_response type invalid state");
849 return -1;
850 }
851 }
852 else if (XSTRNCASECMP(start, "Content-Length:", 15) == 0) {
853 start += 15;
854 while (*start == ' ' && *start != '\0') start++;
855 recvBufSz = atoi(start);
856
857 if (state == phr_http_start) state = phr_have_length;
858 else if (state == phr_have_type) state = phr_wait_end;
859 else {
860 WOLFSSL_MSG("process_http_response length invalid state");
861 return -1;
862 }
863 }
864
865 start = end + 2;
866 }
867 } while (state != phr_http_end);
868
869 recvBuf = (byte*)XMALLOC(recvBufSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
870 if (recvBuf == NULL) {
871 WOLFSSL_MSG("process_http_response couldn't create response buffer");
872 return -1;
873 }
874
875 /* copy the remainder of the httpBuf into the respBuf */
876 if (len != 0)
877 XMEMCPY(recvBuf, start, len);
878
879 /* receive the OCSP response data */
880 do {
881 result = (int)recv(sfd, (char*)recvBuf+len, recvBufSz-len, 0);
882 if (result > 0)
883 len += result;
884 else {
885 WOLFSSL_MSG("process_http_response recv ocsp from peer failed");
886 return -1;
887 }
888 } while (len != recvBufSz);
889
890 *respBuf = recvBuf;
891 return recvBufSz;
892}
893
894
895#define SCRATCH_BUFFER_SIZE 512
896
897int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
898 byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
899{
900 SOCKET_T sfd = 0;
901 word16 port;
902 int ret = -1;
903#ifdef WOLFSSL_SMALL_STACK
904 char* path;
905 char* domainName;
906#else
907 char path[80];
908 char domainName[80];
909#endif
910
911#ifdef WOLFSSL_SMALL_STACK
912 path = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
913 if (path == NULL)
914 return -1;
915
916 domainName = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
917 if (domainName == NULL) {
918 XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
919 return -1;
920 }
921#endif
922
923 (void)ctx;
924
925 if (ocspReqBuf == NULL || ocspReqSz == 0) {
926 WOLFSSL_MSG("OCSP request is required for lookup");
927 }
928 else if (ocspRespBuf == NULL) {
929 WOLFSSL_MSG("Cannot save OCSP response");
930 }
931 else if (decode_url(url, urlSz, domainName, path, &port) < 0) {
932 WOLFSSL_MSG("Unable to decode OCSP URL");
933 }
934 else {
935 /* Note, the library uses the EmbedOcspRespFree() callback to
936 * free this buffer. */
937 int httpBufSz = SCRATCH_BUFFER_SIZE;
938 byte* httpBuf = (byte*)XMALLOC(httpBufSz, NULL,
939 DYNAMIC_TYPE_IN_BUFFER);
940
941 if (httpBuf == NULL) {
942 WOLFSSL_MSG("Unable to create OCSP response buffer");
943 }
944 else {
945 httpBufSz = build_http_request(domainName, path, ocspReqSz,
946 httpBuf, httpBufSz);
947
948 if ((tcp_connect(&sfd, domainName, port) != 0) || (sfd <= 0)) {
949 WOLFSSL_MSG("OCSP Responder connection failed");
950 }
951 else if ((int)send(sfd, (char*)httpBuf, httpBufSz, 0) !=
952 httpBufSz) {
953 WOLFSSL_MSG("OCSP http request failed");
954 }
955 else if ((int)send(sfd, (char*)ocspReqBuf, ocspReqSz, 0) !=
956 ocspReqSz) {
957 WOLFSSL_MSG("OCSP ocsp request failed");
958 }
959 else {
960 ret = process_http_response(sfd, ocspRespBuf, httpBuf,
961 SCRATCH_BUFFER_SIZE);
962 }
963
964 close(sfd);
965 XFREE(httpBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
966 }
967 }
968
969#ifdef WOLFSSL_SMALL_STACK
970 XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
971 XFREE(domainName, NULL, DYNAMIC_TYPE_TMP_BUFFER);
972#endif
973
974 return ret;
975}
976
977
978void EmbedOcspRespFree(void* ctx, byte *resp)
979{
980 (void)ctx;
981
982 if (resp)
983 XFREE(resp, NULL, DYNAMIC_TYPE_IN_BUFFER);
984}
985
986
987#endif
988
989#endif /* WOLFSSL_USER_IO */
990
991WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv)
992{
993 ctx->CBIORecv = CBIORecv;
994}
995
996
997WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend)
998{
999 ctx->CBIOSend = CBIOSend;
1000}
1001
1002
1003WOLFSSL_API void wolfSSL_SetIOReadCtx(WOLFSSL* ssl, void *rctx)
1004{
1005 ssl->IOCB_ReadCtx = rctx;
1006}
1007
1008
1009WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *wctx)
1010{
1011 ssl->IOCB_WriteCtx = wctx;
1012}
1013
1014
1015WOLFSSL_API void* wolfSSL_GetIOReadCtx(WOLFSSL* ssl)
1016{
1017 if (ssl)
1018 return ssl->IOCB_ReadCtx;
1019
1020 return NULL;
1021}
1022
1023
1024WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl)
1025{
1026 if (ssl)
1027 return ssl->IOCB_WriteCtx;
1028
1029 return NULL;
1030}
1031
1032
1033WOLFSSL_API void wolfSSL_SetIOReadFlags(WOLFSSL* ssl, int flags)
1034{
1035 ssl->rflags = flags;
1036}
1037
1038
1039WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags)
1040{
1041 ssl->wflags = flags;
1042}
1043
1044
1045#ifdef WOLFSSL_DTLS
1046
1047WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx, CallbackGenCookie cb)
1048{
1049 ctx->CBIOCookie = cb;
1050}
1051
1052
1053WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx)
1054{
1055 ssl->IOCB_CookieCtx = ctx;
1056}
1057
1058
1059WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl)
1060{
1061 if (ssl)
1062 return ssl->IOCB_CookieCtx;
1063
1064 return NULL;
1065}
1066
1067#endif /* WOLFSSL_DTLS */
1068
1069
1070#ifdef HAVE_NETX
1071
1072/* The NetX receive callback
1073 * return : bytes read, or error
1074 */
1075int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
1076{
1077 NetX_Ctx* nxCtx = (NetX_Ctx*)ctx;
1078 ULONG left;
1079 ULONG total;
1080 ULONG copied = 0;
1081 UINT status;
1082
1083 if (nxCtx == NULL || nxCtx->nxSocket == NULL) {
1084 WOLFSSL_MSG("NetX Recv NULL parameters");
1085 return WOLFSSL_CBIO_ERR_GENERAL;
1086 }
1087
1088 if (nxCtx->nxPacket == NULL) {
1089 status = nx_tcp_socket_receive(nxCtx->nxSocket, &nxCtx->nxPacket,
1090 nxCtx->nxWait);
1091 if (status != NX_SUCCESS) {
1092 WOLFSSL_MSG("NetX Recv receive error");
1093 return WOLFSSL_CBIO_ERR_GENERAL;
1094 }
1095 }
1096
1097 if (nxCtx->nxPacket) {
1098 status = nx_packet_length_get(nxCtx->nxPacket, &total);
1099 if (status != NX_SUCCESS) {
1100 WOLFSSL_MSG("NetX Recv length get error");
1101 return WOLFSSL_CBIO_ERR_GENERAL;
1102 }
1103
1104 left = total - nxCtx->nxOffset;
1105 status = nx_packet_data_extract_offset(nxCtx->nxPacket, nxCtx->nxOffset,
1106 buf, sz, &copied);
1107 if (status != NX_SUCCESS) {
1108 WOLFSSL_MSG("NetX Recv data extract offset error");
1109 return WOLFSSL_CBIO_ERR_GENERAL;
1110 }
1111
1112 nxCtx->nxOffset += copied;
1113
1114 if (copied == left) {
1115 WOLFSSL_MSG("NetX Recv Drained packet");
1116 nx_packet_release(nxCtx->nxPacket);
1117 nxCtx->nxPacket = NULL;
1118 nxCtx->nxOffset = 0;
1119 }
1120 }
1121
1122 return copied;
1123}
1124
1125
1126/* The NetX send callback
1127 * return : bytes sent, or error
1128 */
1129int NetX_Send(WOLFSSL* ssl, char *buf, int sz, void *ctx)
1130{
1131 NetX_Ctx* nxCtx = (NetX_Ctx*)ctx;
1132 NX_PACKET* packet;
1133 NX_PACKET_POOL* pool; /* shorthand */
1134 UINT status;
1135
1136 if (nxCtx == NULL || nxCtx->nxSocket == NULL) {
1137 WOLFSSL_MSG("NetX Send NULL parameters");
1138 return WOLFSSL_CBIO_ERR_GENERAL;
1139 }
1140
1141 pool = nxCtx->nxSocket->nx_tcp_socket_ip_ptr->nx_ip_default_packet_pool;
1142 status = nx_packet_allocate(pool, &packet, NX_TCP_PACKET,
1143 nxCtx->nxWait);
1144 if (status != NX_SUCCESS) {
1145 WOLFSSL_MSG("NetX Send packet alloc error");
1146 return WOLFSSL_CBIO_ERR_GENERAL;
1147 }
1148
1149 status = nx_packet_data_append(packet, buf, sz, pool, nxCtx->nxWait);
1150 if (status != NX_SUCCESS) {
1151 nx_packet_release(packet);
1152 WOLFSSL_MSG("NetX Send data append error");
1153 return WOLFSSL_CBIO_ERR_GENERAL;
1154 }
1155
1156 status = nx_tcp_socket_send(nxCtx->nxSocket, packet, nxCtx->nxWait);
1157 if (status != NX_SUCCESS) {
1158 nx_packet_release(packet);
1159 WOLFSSL_MSG("NetX Send socket send error");
1160 return WOLFSSL_CBIO_ERR_GENERAL;
1161 }
1162
1163 return sz;
1164}
1165
1166
1167/* like set_fd, but for default NetX context */
1168void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxSocket, ULONG waitOption)
1169{
1170 if (ssl) {
1171 ssl->nxCtx.nxSocket = nxSocket;
1172 ssl->nxCtx.nxWait = waitOption;
1173 }
1174}
1175
1176#endif /* HAVE_NETX */
1177#endif /* WOLFCRYPT_ONLY */
1178
Note: See TracBrowser for help on using the repository browser.