source: azure_iot_hub/trunk/wolfssl-3.15.7/wolfssl/test.h

Last change on this file was 389, checked in by coas-nagasima, 5 years ago

ビルドが通るよう更新
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-chdr;charset=UTF-8
File size: 87.0 KB
Line 
1/* test.h */
2
3#ifndef wolfSSL_TEST_H
4#define wolfSSL_TEST_H
5
6#include <stdio.h>
7#include <stdlib.h>
8#include <assert.h>
9#include <ctype.h>
10#include <wolfssl/wolfcrypt/types.h>
11#include <wolfssl/wolfcrypt/error-crypt.h>
12#include <wolfssl/wolfcrypt/random.h>
13#include <wolfssl/wolfcrypt/mem_track.h>
14#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
15 #include <wolfssl/wolfcrypt/asn.h> /* for domain component NID value */
16#endif
17
18#ifdef ATOMIC_USER
19 #include <wolfssl/wolfcrypt/aes.h>
20 #include <wolfssl/wolfcrypt/arc4.h>
21 #include <wolfssl/wolfcrypt/hmac.h>
22#endif
23#ifdef HAVE_PK_CALLBACKS
24 #include <wolfssl/wolfcrypt/asn.h>
25 #ifndef NO_RSA
26 #include <wolfssl/wolfcrypt/rsa.h>
27 #endif
28 #ifdef HAVE_ECC
29 #include <wolfssl/wolfcrypt/ecc.h>
30 #endif /* HAVE_ECC */
31 #ifndef NO_DH
32 #include <wolfssl/wolfcrypt/dh.h>
33 #endif /* !NO_DH */
34 #ifdef HAVE_ED25519
35 #include <wolfssl/wolfcrypt/ed25519.h>
36 #endif /* HAVE_ED25519 */
37 #ifdef HAVE_CURVE25519
38 #include <wolfssl/wolfcrypt/curve25519.h>
39 #endif /* HAVE_ECC */
40#endif /*HAVE_PK_CALLBACKS */
41
42#ifdef USE_WINDOWS_API
43 #include <winsock2.h>
44 #include <process.h>
45 #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */
46 #include <ws2tcpip.h>
47 #include <wspiapi.h>
48 #endif
49 #define SOCKET_T SOCKET
50 #define SNPRINTF _snprintf
51#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
52 #include <string.h>
53 #include "rl_net.h"
54 #define SOCKET_T int
55 typedef int socklen_t ;
56 static unsigned long inet_addr(const char *cp)
57 {
58 unsigned int a[4] ; unsigned long ret ;
59 sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ;
60 ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
61 return(ret) ;
62 }
63 #if defined(HAVE_KEIL_RTX)
64 #define sleep(t) os_dly_wait(t/1000+1) ;
65 #elif defined (WOLFSSL_CMSIS_RTOS)
66 #define sleep(t) osDelay(t/1000+1) ;
67 #endif
68#elif defined(WOLFSSL_TIRTOS)
69 #include <string.h>
70 #include <netdb.h>
71 #include <sys/types.h>
72 #include <arpa/inet.h>
73 #include <sys/socket.h>
74 #include <ti/sysbios/knl/Task.h>
75 struct hostent {
76 char *h_name; /* official name of host */
77 char **h_aliases; /* alias list */
78 int h_addrtype; /* host address type */
79 int h_length; /* length of address */
80 char **h_addr_list; /* list of addresses from name server */
81 };
82 #define SOCKET_T int
83#elif defined(WOLFSSL_VXWORKS)
84 #include <hostLib.h>
85 #include <sockLib.h>
86 #include <arpa/inet.h>
87 #include <string.h>
88 #include <selectLib.h>
89 #include <sys/types.h>
90 #include <netinet/in.h>
91 #include <fcntl.h>
92 #include <sys/time.h>
93 #include <netdb.h>
94 #include <pthread.h>
95 #define SOCKET_T int
96#else
97 #include <string.h>
98 #include <sys/types.h>
99#ifndef WOLFSSL_LEANPSK
100 #include <unistd.h>
101 #include <netdb.h>
102 #include <netinet/in.h>
103 #include <netinet/tcp.h>
104 #include <arpa/inet.h>
105 #include <sys/ioctl.h>
106 #include <sys/time.h>
107 #include <sys/socket.h>
108 #include <pthread.h>
109 #include <fcntl.h>
110 #ifdef TEST_IPV6
111 #include <netdb.h>
112 #endif
113#endif
114 #define SOCKET_T int
115 #ifndef SO_NOSIGPIPE
116 #include <signal.h> /* ignore SIGPIPE */
117 #endif
118 #define SNPRINTF snprintf
119#endif /* USE_WINDOWS_API */
120
121#ifdef WOLFSSL_ASYNC_CRYPT
122 #include <wolfssl/wolfcrypt/async.h>
123#endif
124#ifdef HAVE_CAVIUM
125 #include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
126#endif
127#ifdef _MSC_VER
128 /* disable conversion warning */
129 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
130 #pragma warning(disable:4244 4996)
131#endif
132
133/* Buffer for benchmark tests */
134#ifndef TEST_BUFFER_SIZE
135#define TEST_BUFFER_SIZE 16384
136#endif
137
138#ifndef WOLFSSL_HAVE_MIN
139 #define WOLFSSL_HAVE_MIN
140 static WC_INLINE word32 min(word32 a, word32 b)
141 {
142 return a > b ? b : a;
143 }
144#endif /* WOLFSSL_HAVE_MIN */
145
146/* Socket Handling */
147#ifndef WOLFSSL_SOCKET_INVALID
148#ifdef USE_WINDOWS_API
149 #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET)
150#elif defined(WOLFSSL_TIRTOS)
151 #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1)
152#else
153 #define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0)
154#endif
155#endif /* WOLFSSL_SOCKET_INVALID */
156
157#ifndef WOLFSSL_SOCKET_IS_INVALID
158#if defined(USE_WINDOWS_API) || defined(WOLFSSL_TIRTOS)
159 #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID)
160#else
161 #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID)
162#endif
163#endif /* WOLFSSL_SOCKET_IS_INVALID */
164
165#if defined(__MACH__) || defined(USE_WINDOWS_API)
166 #ifndef _SOCKLEN_T
167 typedef int socklen_t;
168 #endif
169#endif
170
171
172/* HPUX doesn't use socklent_t for third parameter to accept, unless
173 _XOPEN_SOURCE_EXTENDED is defined */
174#if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\
175 && !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET)
176 typedef socklen_t* ACCEPT_THIRD_T;
177#else
178 #if defined _XOPEN_SOURCE_EXTENDED
179 typedef socklen_t* ACCEPT_THIRD_T;
180 #else
181 typedef int* ACCEPT_THIRD_T;
182 #endif
183#endif
184
185
186
187#ifdef SINGLE_THREADED
188 typedef unsigned int THREAD_RETURN;
189 typedef void* THREAD_TYPE;
190 #define WOLFSSL_THREAD
191#else
192 #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
193 typedef void* THREAD_RETURN;
194 typedef pthread_t THREAD_TYPE;
195 #define WOLFSSL_THREAD
196 #define INFINITE -1
197 #define WAIT_OBJECT_0 0L
198 #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET)
199 typedef unsigned int THREAD_RETURN;
200 typedef int THREAD_TYPE;
201 #define WOLFSSL_THREAD
202 #elif defined(WOLFSSL_TIRTOS)
203 typedef void THREAD_RETURN;
204 typedef Task_Handle THREAD_TYPE;
205 #define WOLFSSL_THREAD
206 #else
207 typedef unsigned int THREAD_RETURN;
208 typedef intptr_t THREAD_TYPE;
209 #define WOLFSSL_THREAD __stdcall
210 #endif
211#endif
212
213
214#ifdef TEST_IPV6
215 typedef struct sockaddr_in6 SOCKADDR_IN_T;
216 #define AF_INET_V AF_INET6
217#else
218 typedef struct sockaddr_in SOCKADDR_IN_T;
219 #define AF_INET_V AF_INET
220#endif
221
222
223#ifndef WOLFSSL_NO_TLS12
224#define SERVER_DEFAULT_VERSION 3
225#else
226#define SERVER_DEFAULT_VERSION 4
227#endif
228#define SERVER_DTLS_DEFAULT_VERSION (-2)
229#define SERVER_INVALID_VERSION (-99)
230#define SERVER_DOWNGRADE_VERSION (-98)
231#ifndef WOLFSSL_NO_TLS12
232#define CLIENT_DEFAULT_VERSION 3
233#else
234#define CLIENT_DEFAULT_VERSION 4
235#endif
236#define CLIENT_DTLS_DEFAULT_VERSION (-2)
237#define CLIENT_INVALID_VERSION (-99)
238#define CLIENT_DOWNGRADE_VERSION (-98)
239#define EITHER_DOWNGRADE_VERSION (-97)
240#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
241 #define DEFAULT_MIN_DHKEY_BITS 2048
242 #define DEFAULT_MAX_DHKEY_BITS 3072
243#else
244 #define DEFAULT_MIN_DHKEY_BITS 1024
245 #define DEFAULT_MAX_DHKEY_BITS 2048
246#endif
247#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
248 #define DEFAULT_MIN_RSAKEY_BITS 2048
249#else
250 #define DEFAULT_MIN_RSAKEY_BITS 1024
251#endif
252#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
253 #define DEFAULT_MIN_ECCKEY_BITS 256
254#else
255 #define DEFAULT_MIN_ECCKEY_BITS 224
256#endif
257
258/* all certs relative to wolfSSL home directory now */
259#if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL)
260#define caCertFile "certs/ca-cert.pem"
261#define eccCertFile "certs/server-ecc.pem"
262#define eccKeyFile "certs/ecc-key.pem"
263#define eccRsaCertFile "certs/server-ecc-rsa.pem"
264#define svrCertFile "certs/server-cert.pem"
265#define svrKeyFile "certs/server-key.pem"
266#define cliCertFile "certs/client-cert.pem"
267#define cliCertDerFile "certs/client-cert.der"
268#define cliKeyFile "certs/client-key.pem"
269#define ntruCertFile "certs/ntru-cert.pem"
270#define ntruKeyFile "certs/ntru-key.raw"
271#define dhParamFile "certs/dh2048.pem"
272#define cliEccKeyFile "certs/ecc-client-key.pem"
273#define cliEccCertFile "certs/client-ecc-cert.pem"
274#define caEccCertFile "certs/ca-ecc-cert/pem"
275#define crlPemDir "certs/crl"
276#define edCertFile "certs/ed25519/server-ed25519-cert.pem"
277#define edKeyFile "certs/ed25519/server-ed25519-priv.pem"
278#define cliEdCertFile "certs/ed25519/client-ed25519.pem"
279#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem"
280#define caEdCertFile "certs/ed25519/ca-ed25519.pem"
281#ifdef HAVE_WNR
282 /* Whitewood netRandom default config file */
283 #define wnrConfig "wnr-example.conf"
284#endif
285#else
286#define caCertFile "./certs/ca-cert.pem"
287#define eccCertFile "./certs/server-ecc.pem"
288#define eccKeyFile "./certs/ecc-key.pem"
289#define eccRsaCertFile "./certs/server-ecc-rsa.pem"
290#define svrCertFile "./certs/server-cert.pem"
291#define svrKeyFile "./certs/server-key.pem"
292#define cliCertFile "./certs/client-cert.pem"
293#define cliCertDerFile "./certs/client-cert.der"
294#define cliKeyFile "./certs/client-key.pem"
295#define ntruCertFile "./certs/ntru-cert.pem"
296#define ntruKeyFile "./certs/ntru-key.raw"
297#define dhParamFile "./certs/dh2048.pem"
298#define cliEccKeyFile "./certs/ecc-client-key.pem"
299#define cliEccCertFile "./certs/client-ecc-cert.pem"
300#define caEccCertFile "./certs/ca-ecc-cert.pem"
301#define crlPemDir "./certs/crl"
302#define edCertFile "./certs/ed25519/server-ed25519.pem"
303#define edKeyFile "./certs/ed25519/server-ed25519-priv.pem"
304#define cliEdCertFile "./certs/ed25519/client-ed25519.pem"
305#define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem"
306#define caEdCertFile "./certs/ed25519/root-ed25519.pem"
307#ifdef HAVE_WNR
308 /* Whitewood netRandom default config file */
309 #define wnrConfig "./wnr-example.conf"
310#endif
311#endif
312
313typedef struct tcp_ready {
314 word16 ready; /* predicate */
315 word16 port;
316 char* srfName; /* server ready file name */
317#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
318 pthread_mutex_t mutex;
319 pthread_cond_t cond;
320#endif
321} tcp_ready;
322
323
324static WC_INLINE void InitTcpReady(tcp_ready* ready)
325{
326 ready->ready = 0;
327 ready->port = 0;
328 ready->srfName = NULL;
329#ifdef SINGLE_THREADED
330#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
331 pthread_mutex_init(&ready->mutex, 0);
332 pthread_cond_init(&ready->cond, 0);
333#endif
334}
335
336
337static WC_INLINE void FreeTcpReady(tcp_ready* ready)
338{
339#ifdef SINGLE_THREADED
340 (void)ready;
341#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
342 pthread_mutex_destroy(&ready->mutex);
343 pthread_cond_destroy(&ready->cond);
344#else
345 (void)ready;
346#endif
347}
348
349typedef WOLFSSL_METHOD* (*method_provider)(void);
350typedef void (*ctx_callback)(WOLFSSL_CTX* ctx);
351typedef void (*ssl_callback)(WOLFSSL* ssl);
352
353typedef struct callback_functions {
354 method_provider method;
355 ctx_callback ctx_ready;
356 ssl_callback ssl_ready;
357 ssl_callback on_result;
358 WOLFSSL_CTX* ctx;
359} callback_functions;
360
361typedef struct func_args {
362 int argc;
363 char** argv;
364 int return_code;
365 tcp_ready* signal;
366 callback_functions *callbacks;
367} func_args;
368
369
370
371
372void wait_tcp_ready(func_args*);
373
374typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
375
376void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
377void join_thread(THREAD_TYPE);
378
379/* wolfSSL */
380#ifndef TEST_IPV6
381 static const char* const wolfSSLIP = "127.0.0.1";
382#else
383 static const char* const wolfSSLIP = "::1";
384#endif
385static const word16 wolfSSLPort = 11111;
386
387
388
389#ifndef MY_EX_USAGE
390#define MY_EX_USAGE 2
391#endif
392
393#ifndef EXIT_FAILURE
394#define EXIT_FAILURE 1
395#endif
396
397#ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST
398 #define XEXIT(rc) return rc
399 #define XEXIT_T(rc) return (THREAD_RETURN)rc
400#else
401 #define XEXIT(rc) exit((int)(rc))
402 #define XEXIT_T(rc) exit((int)(rc))
403#endif
404
405
406static WC_INLINE
407#ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST
408THREAD_RETURN
409#else
410WC_NORETURN void
411#endif
412err_sys(const char* msg)
413{
414 printf("wolfSSL error: %s\n", msg);
415
416#if !defined(__GNUC__)
417 /* scan-build (which pretends to be gnuc) can get confused and think the
418 * msg pointer can be null even when hardcoded and then it won't exit,
419 * making null pointer checks above the err_sys() call useless.
420 * We could just always exit() but some compilers will complain about no
421 * possible return, with gcc we know the attribute to handle that with
422 * WC_NORETURN. */
423 if (msg)
424#endif
425 {
426 XEXIT_T(EXIT_FAILURE);
427 }
428}
429
430
431extern int myoptind;
432extern char* myoptarg;
433
434static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
435{
436 static char* next = NULL;
437
438 char c;
439 char* cp;
440
441 if (myoptind == 0)
442 next = NULL; /* we're starting new/over */
443
444 if (next == NULL || *next == '\0') {
445 if (myoptind == 0)
446 myoptind++;
447
448 if (myoptind >= argc || argv[myoptind][0] != '-' ||
449 argv[myoptind][1] == '\0') {
450 myoptarg = NULL;
451 if (myoptind < argc)
452 myoptarg = argv[myoptind];
453
454 return -1;
455 }
456
457 if (strcmp(argv[myoptind], "--") == 0) {
458 myoptind++;
459 myoptarg = NULL;
460
461 if (myoptind < argc)
462 myoptarg = argv[myoptind];
463
464 return -1;
465 }
466
467 next = argv[myoptind];
468 next++; /* skip - */
469 myoptind++;
470 }
471
472 c = *next++;
473 /* The C++ strchr can return a different value */
474 cp = (char*)strchr(optstring, c);
475
476 if (cp == NULL || c == ':')
477 return '?';
478
479 cp++;
480
481 if (*cp == ':') {
482 if (*next != '\0') {
483 myoptarg = next;
484 next = NULL;
485 }
486 else if (myoptind < argc) {
487 myoptarg = argv[myoptind];
488 myoptind++;
489 }
490 else
491 return '?';
492 }
493
494 return c;
495}
496
497
498#ifdef WOLFSSL_ENCRYPTED_KEYS
499
500static WC_INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
501{
502 (void)rw;
503 (void)userdata;
504 if (userdata != NULL) {
505 strncpy(passwd, (char*)userdata, sz);
506 return (int)XSTRLEN((char*)userdata);
507 }
508 else {
509 strncpy(passwd, "yassl123", sz);
510 return 8;
511}
512}
513
514#endif
515
516static const char* client_showpeer_msg[][8] = {
517 /* English */
518 {
519 "SSL version is",
520 "SSL cipher suite is",
521 "SSL curve name is",
522 "SSL DH size is",
523 "SSL reused session",
524 "Alternate cert chain used",
525 "peer's cert info:",
526 NULL
527 },
528 /* Japanese */
529 {
530 "SSL バージョンは",
531 "SSL 暗号スイートは",
532 "SSL 曲線名は",
533 "SSL DH サイズは",
534 "SSL 再利用セッション",
535 "代替証明チェーンを使用",
536 "相手方証明書情報",
537 NULL
538 }
539};
540
541#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
542static const char* client_showx509_msg[][5] = {
543 /* English */
544 {
545 "issuer",
546 "subject",
547 "altname",
548 "serial number",
549 NULL
550 },
551 /* Japanese */
552 {
553 "発行者",
554 "サブジェクト",
555 "代替名",
556 "シリアル番号",
557 NULL
558 },
559};
560
561/* lng_index is to specify the language for displaying message. */
562/* 0:English, 1:Japanese */
563static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr,
564 int lng_index)
565{
566 char* altName;
567 char* issuer;
568 char* subject;
569 byte serial[32];
570 int ret;
571 int sz = sizeof(serial);
572 const char** words = client_showx509_msg[lng_index];
573
574 if (x509 == NULL) {
575 printf("%s No Cert\n", hdr);
576 return;
577 }
578
579 issuer = wolfSSL_X509_NAME_oneline(
580 wolfSSL_X509_get_issuer_name(x509), 0, 0);
581 subject = wolfSSL_X509_NAME_oneline(
582 wolfSSL_X509_get_subject_name(x509), 0, 0);
583
584 printf("%s\n %s : %s\n %s: %s\n", hdr, words[0], issuer, words[1], subject);
585
586 while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
587 printf(" %s = %s\n", words[2], altName);
588
589 ret = wolfSSL_X509_get_serial_number(x509, serial, &sz);
590 if (ret == WOLFSSL_SUCCESS) {
591 int i;
592 int strLen;
593 char serialMsg[80];
594
595 /* testsuite has multiple threads writing to stdout, get output
596 message ready to write once */
597 strLen = sprintf(serialMsg, " %s", words[3]);
598 for (i = 0; i < sz; i++)
599 sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
600 printf("%s\n", serialMsg);
601 }
602
603 XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
604 XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
605
606#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
607 {
608 WOLFSSL_BIO* bio;
609 char buf[256]; /* should be size of ASN_NAME_MAX */
610 int textSz;
611
612
613 /* print out domain component if certificate has it */
614 textSz = wolfSSL_X509_NAME_get_text_by_NID(
615 wolfSSL_X509_get_subject_name(x509), NID_domainComponent,
616 buf, sizeof(buf));
617 if (textSz > 0) {
618 printf("Domain Component = %s\n", buf);
619 }
620
621 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
622 if (bio != NULL) {
623 wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
624 wolfSSL_X509_print(bio, x509);
625 wolfSSL_BIO_free(bio);
626 }
627 }
628#endif
629}
630/* original ShowX509 to maintain compatibility */
631static WC_INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
632{
633 ShowX509Ex(x509, hdr, 0);
634}
635
636#endif /* KEEP_PEER_CERT || SESSION_CERTS */
637
638#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
639static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count,
640 const char* hdr)
641{
642 int i;
643 int length;
644 unsigned char buffer[3072];
645 WOLFSSL_X509* chainX509;
646
647 for (i = 0; i < count; i++) {
648 wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
649 buffer[length] = 0;
650 printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer);
651
652 chainX509 = wolfSSL_get_chain_X509(chain, i);
653 if (chainX509)
654 ShowX509(chainX509, hdr);
655 else
656 printf("get_chain_X509 failed\n");
657 wolfSSL_FreeX509(chainX509);
658 }
659}
660#endif
661
662/* lng_index is to specify the language for displaying message. */
663/* 0:English, 1:Japanese */
664static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index)
665{
666 WOLFSSL_CIPHER* cipher;
667 const char** words = client_showpeer_msg[lng_index];
668
669#ifdef HAVE_ECC
670 const char *name;
671#endif
672#ifndef NO_DH
673 int bits;
674#endif
675#ifdef KEEP_PEER_CERT
676 WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
677 if (peer)
678 ShowX509Ex(peer, words[6], lng_index);
679 else
680 printf("peer has no cert!\n");
681 wolfSSL_FreeX509(peer);
682#endif
683#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
684 ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
685 printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl));
686#endif /* SHOW_CERTS */
687 printf("%s %s\n", words[0], wolfSSL_get_version(ssl));
688
689 cipher = wolfSSL_get_current_cipher(ssl);
690#ifdef HAVE_QSH
691 printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "",
692 wolfSSL_CIPHER_get_name(cipher));
693#else
694 printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher));
695#endif
696#ifdef HAVE_ECC
697 if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
698 printf("%s %s\n", words[2], name);
699#endif
700#ifndef NO_DH
701 if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0)
702 printf("%s %d bits\n", words[3], bits);
703#endif
704 if (wolfSSL_session_reused(ssl))
705 printf("%s\n", words[4]);
706#ifdef WOLFSSL_ALT_CERT_CHAINS
707 if (wolfSSL_is_peer_alt_cert_chain(ssl))
708 printf("%s\n", words[5]);
709#endif
710
711#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
712 {
713 WOLFSSL_X509_CHAIN* chain;
714
715 chain = wolfSSL_get_peer_chain(ssl);
716 ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "session cert");
717
718 #ifdef WOLFSSL_ALT_CERT_CHAINS
719 if (wolfSSL_is_peer_alt_cert_chain(ssl)) {
720 chain = wolfSSL_get_peer_alt_chain(ssl);
721 ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "alt cert");
722 }
723 #endif
724 }
725#endif /* SESSION_CERTS && SHOW_CERTS */
726 (void)ssl;
727}
728/* original showPeer to maintain compatibility */
729static WC_INLINE void showPeer(WOLFSSL* ssl)
730{
731 showPeerEx(ssl, 0);
732}
733
734static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
735 word16 port, int udp, int sctp)
736{
737 int useLookup = 0;
738 (void)useLookup;
739 (void)udp;
740 (void)sctp;
741
742 if (addr == NULL)
743 err_sys("invalid argument to build_addr, addr is NULL");
744
745 XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T));
746
747#ifndef TEST_IPV6
748 /* peer could be in human readable form */
749 if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) {
750 #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
751 int err;
752 struct hostent* entry = gethostbyname(peer, &err);
753 #elif defined(WOLFSSL_TIRTOS)
754 struct hostent* entry = DNSGetHostByName(peer);
755 #elif defined(WOLFSSL_VXWORKS)
756 struct hostent* entry = (struct hostent*)hostGetByName((char*)peer);
757 #else
758 struct hostent* entry = gethostbyname(peer);
759 #endif
760
761 if (entry) {
762 XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0],
763 entry->h_length);
764 useLookup = 1;
765 }
766 else
767 err_sys("no entry for host");
768 }
769#endif
770
771
772#ifndef TEST_IPV6
773 #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
774 addr->sin_family = PF_INET;
775 #else
776 addr->sin_family = AF_INET_V;
777 #endif
778 addr->sin_port = XHTONS(port);
779 if ((size_t)peer == INADDR_ANY)
780 addr->sin_addr.s_addr = INADDR_ANY;
781 else {
782 if (!useLookup)
783 addr->sin_addr.s_addr = inet_addr(peer);
784 }
785#else
786 addr->sin6_family = AF_INET_V;
787 addr->sin6_port = XHTONS(port);
788 if ((size_t)peer == INADDR_ANY) {
789 addr->sin6_addr = in6addr_any;
790 }
791 else {
792 #ifdef HAVE_GETADDRINFO
793 struct addrinfo hints;
794 struct addrinfo* answer = NULL;
795 int ret;
796 char strPort[80];
797
798 XMEMSET(&hints, 0, sizeof(hints));
799
800 hints.ai_family = AF_INET_V;
801 if (udp) {
802 hints.ai_socktype = SOCK_DGRAM;
803 hints.ai_protocol = IPPROTO_UDP;
804 }
805 #ifdef WOLFSSL_SCTP
806 else if (sctp) {
807 hints.ai_socktype = SOCK_STREAM;
808 hints.ai_protocol = IPPROTO_SCTP;
809 }
810 #endif
811 else {
812 hints.ai_socktype = SOCK_STREAM;
813 hints.ai_protocol = IPPROTO_TCP;
814 }
815
816 SNPRINTF(strPort, sizeof(strPort), "%d", port);
817 strPort[79] = '\0';
818
819 ret = getaddrinfo(peer, strPort, &hints, &answer);
820 if (ret < 0 || answer == NULL)
821 err_sys("getaddrinfo failed");
822
823 XMEMCPY(addr, answer->ai_addr, answer->ai_addrlen);
824 freeaddrinfo(answer);
825 #else
826 printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
827 addr->sin6_addr = in6addr_loopback;
828 #endif
829 }
830#endif
831}
832
833
834static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
835{
836 (void)sctp;
837
838 if (udp)
839 *sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP);
840#ifdef WOLFSSL_SCTP
841 else if (sctp)
842 *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP);
843#endif
844 else
845 *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP);
846
847 if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) {
848 err_sys("socket failed\n");
849 }
850
851#ifndef USE_WINDOWS_API
852#ifdef SO_NOSIGPIPE
853 {
854 int on = 1;
855 socklen_t len = sizeof(on);
856 int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
857 if (res < 0)
858 err_sys("setsockopt SO_NOSIGPIPE failed\n");
859 }
860#elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\
861 defined(WOLFSSL_KEIL_TCP_NET)
862 /* nothing to define */
863#else /* no S_NOSIGPIPE */
864 signal(SIGPIPE, SIG_IGN);
865#endif /* S_NOSIGPIPE */
866
867#if defined(TCP_NODELAY)
868 if (!udp && !sctp)
869 {
870 int on = 1;
871 socklen_t len = sizeof(on);
872 int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
873 if (res < 0)
874 err_sys("setsockopt TCP_NODELAY failed\n");
875 }
876#endif
877#endif /* USE_WINDOWS_API */
878}
879
880static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
881 int udp, int sctp, WOLFSSL* ssl)
882{
883 SOCKADDR_IN_T addr;
884 build_addr(&addr, ip, port, udp, sctp);
885 if (udp) {
886 wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
887 }
888 tcp_socket(sockfd, udp, sctp);
889
890 if (!udp) {
891 if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
892 err_sys("tcp connect failed");
893 }
894}
895
896
897static WC_INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
898{
899 if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
900 err_sys("tcp connect failed");
901}
902
903
904enum {
905 TEST_SELECT_FAIL,
906 TEST_TIMEOUT,
907 TEST_RECV_READY,
908 TEST_ERROR_READY
909};
910
911
912#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \
913 !defined(WOLFSSL_TIRTOS)
914static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
915{
916 fd_set recvfds, errfds;
917 SOCKET_T nfds = socketfd + 1;
918#if !defined(__INTEGRITY)
919 struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
920#else
921 struct timeval timeout;
922#endif
923 int result;
924
925 FD_ZERO(&recvfds);
926 FD_SET(socketfd, &recvfds);
927 FD_ZERO(&errfds);
928 FD_SET(socketfd, &errfds);
929
930#if defined(__INTEGRITY)
931 timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0;
932#endif
933 result = select(nfds, &recvfds, NULL, &errfds, &timeout);
934
935 if (result == 0)
936 return TEST_TIMEOUT;
937 else if (result > 0) {
938 if (FD_ISSET(socketfd, &recvfds))
939 return TEST_RECV_READY;
940 else if(FD_ISSET(socketfd, &errfds))
941 return TEST_ERROR_READY;
942 }
943
944 return TEST_SELECT_FAIL;
945}
946#elif defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_KEIL_TCP_NET)
947static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
948{
949 return TEST_RECV_READY;
950}
951#endif /* !WOLFSSL_MDK_ARM */
952
953
954static WC_INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
955 int udp, int sctp)
956{
957 SOCKADDR_IN_T addr;
958
959 /* don't use INADDR_ANY by default, firewall may block, make user switch
960 on */
961 build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp);
962 tcp_socket(sockfd, udp, sctp);
963
964#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
965 && !defined(WOLFSSL_KEIL_TCP_NET)
966 {
967 int res, on = 1;
968 socklen_t len = sizeof(on);
969 res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
970 if (res < 0)
971 err_sys("setsockopt SO_REUSEADDR failed\n");
972 }
973#endif
974
975 if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
976 err_sys("tcp bind failed");
977 if (!udp) {
978 #ifdef WOLFSSL_KEIL_TCP_NET
979 #define SOCK_LISTEN_MAX_QUEUE 1
980 #else
981 #define SOCK_LISTEN_MAX_QUEUE 5
982 #endif
983 if (listen(*sockfd, SOCK_LISTEN_MAX_QUEUE) != 0)
984 err_sys("tcp listen failed");
985 }
986 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
987 if (*port == 0) {
988 socklen_t len = sizeof(addr);
989 if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
990 #ifndef TEST_IPV6
991 *port = XNTOHS(addr.sin_port);
992 #else
993 *port = XNTOHS(addr.sin6_port);
994 #endif
995 }
996 }
997 #endif
998}
999
1000
1001#if 0
1002static WC_INLINE int udp_read_connect(SOCKET_T sockfd)
1003{
1004 SOCKADDR_IN_T cliaddr;
1005 byte b[1500];
1006 int n;
1007 socklen_t len = sizeof(cliaddr);
1008
1009 n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
1010 (struct sockaddr*)&cliaddr, &len);
1011 if (n > 0) {
1012 if (connect(sockfd, (const struct sockaddr*)&cliaddr,
1013 sizeof(cliaddr)) != 0)
1014 err_sys("udp connect failed");
1015 }
1016 else
1017 err_sys("recvfrom failed");
1018
1019 return sockfd;
1020}
1021#endif
1022
1023static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
1024 int useAnyAddr, word16 port, func_args* args)
1025{
1026 SOCKADDR_IN_T addr;
1027
1028 (void)args;
1029 build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0);
1030 tcp_socket(sockfd, 1, 0);
1031
1032
1033#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \
1034 && !defined(WOLFSSL_KEIL_TCP_NET)
1035 {
1036 int res, on = 1;
1037 socklen_t len = sizeof(on);
1038 res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
1039 if (res < 0)
1040 err_sys("setsockopt SO_REUSEADDR failed\n");
1041 }
1042#endif
1043
1044 if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
1045 err_sys("tcp bind failed");
1046
1047 #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
1048 if (port == 0) {
1049 socklen_t len = sizeof(addr);
1050 if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
1051 #ifndef TEST_IPV6
1052 port = XNTOHS(addr.sin_port);
1053 #else
1054 port = XNTOHS(addr.sin6_port);
1055 #endif
1056 }
1057 }
1058 #endif
1059
1060#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
1061 /* signal ready to accept data */
1062 {
1063 tcp_ready* ready = args->signal;
1064 pthread_mutex_lock(&ready->mutex);
1065 ready->ready = 1;
1066 ready->port = port;
1067 pthread_cond_signal(&ready->cond);
1068 pthread_mutex_unlock(&ready->mutex);
1069 }
1070#elif defined (WOLFSSL_TIRTOS)
1071 /* Need mutex? */
1072 tcp_ready* ready = args->signal;
1073 ready->ready = 1;
1074 ready->port = port;
1075#endif
1076
1077 *clientfd = *sockfd;
1078}
1079
1080static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
1081 func_args* args, word16 port, int useAnyAddr,
1082 int udp, int sctp, int ready_file, int do_listen)
1083{
1084 SOCKADDR_IN_T client;
1085 socklen_t client_len = sizeof(client);
1086 tcp_ready* ready = NULL;
1087
1088 (void) ready; /* Account for case when "ready" is not used */
1089
1090 if (udp) {
1091 udp_accept(sockfd, clientfd, useAnyAddr, port, args);
1092 return;
1093 }
1094
1095 if(do_listen) {
1096 tcp_listen(sockfd, &port, useAnyAddr, udp, sctp);
1097
1098 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
1099 /* signal ready to tcp_accept */
1100 if (args)
1101 ready = args->signal;
1102 if (ready) {
1103 pthread_mutex_lock(&ready->mutex);
1104 ready->ready = 1;
1105 ready->port = port;
1106 pthread_cond_signal(&ready->cond);
1107 pthread_mutex_unlock(&ready->mutex);
1108 }
1109 #elif defined (WOLFSSL_TIRTOS)
1110 /* Need mutex? */
1111 if (args)
1112 ready = args->signal;
1113 if (ready) {
1114 ready->ready = 1;
1115 ready->port = port;
1116 }
1117 #endif
1118
1119 if (ready_file) {
1120 #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
1121 XFILE srf = NULL;
1122 if (args)
1123 ready = args->signal;
1124
1125 if (ready) {
1126 srf = fopen(ready->srfName, "w");
1127
1128 if (srf) {
1129 /* let's write port sever is listening on to ready file
1130 external monitor can then do ephemeral ports by passing
1131 -p 0 to server on supported platforms with -R ready_file
1132 client can then wait for existence of ready_file and see
1133 which port the server is listening on. */
1134 fprintf(srf, "%d\n", (int)port);
1135 fclose(srf);
1136 }
1137 }
1138 #endif
1139 }
1140 }
1141
1142 *clientfd = accept(*sockfd, (struct sockaddr*)&client,
1143 (ACCEPT_THIRD_T)&client_len);
1144 if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) {
1145 err_sys("tcp accept failed");
1146 }
1147}
1148
1149
1150static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
1151{
1152 #ifdef USE_WINDOWS_API
1153 unsigned long blocking = 1;
1154 int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
1155 if (ret == SOCKET_ERROR)
1156 err_sys("ioctlsocket failed");
1157 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \
1158 || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS)
1159 /* non blocking not supported, for now */
1160 #else
1161 int flags = fcntl(*sockfd, F_GETFL, 0);
1162 if (flags < 0)
1163 err_sys("fcntl get failed");
1164 flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
1165 if (flags < 0)
1166 err_sys("fcntl set failed");
1167 #endif
1168}
1169
1170
1171#ifndef NO_PSK
1172
1173/* identity is OpenSSL testing default for openssl s_client, keep same */
1174static const char* kIdentityStr = "Client_identity";
1175
1176static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
1177 char* identity, unsigned int id_max_len, unsigned char* key,
1178 unsigned int key_max_len)
1179{
1180 (void)ssl;
1181 (void)hint;
1182 (void)key_max_len;
1183
1184 /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1185 strncpy(identity, kIdentityStr, id_max_len);
1186
1187 if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
1188 /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
1189 unsigned binary */
1190 key[0] = 0x1a;
1191 key[1] = 0x2b;
1192 key[2] = 0x3c;
1193 key[3] = 0x4d;
1194
1195
1196 return 4; /* length of key in octets or 0 for error */
1197}
1198 else {
1199 int i;
1200 int b = 0x01;
1201
1202 for (i = 0; i < 32; i++, b += 0x22) {
1203 if (b >= 0x100)
1204 b = 0x01;
1205 key[i] = b;
1206 }
1207
1208 return 32; /* length of key in octets or 0 for error */
1209 }
1210}
1211
1212
1213static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
1214 unsigned char* key, unsigned int key_max_len)
1215{
1216 (void)ssl;
1217 (void)key_max_len;
1218
1219 /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1220 if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
1221 return 0;
1222
1223 if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
1224 /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
1225 unsigned binary */
1226 key[0] = 0x1a;
1227 key[1] = 0x2b;
1228 key[2] = 0x3c;
1229 key[3] = 0x4d;
1230
1231
1232 return 4; /* length of key in octets or 0 for error */
1233}
1234 else {
1235 int i;
1236 int b = 0x01;
1237
1238 for (i = 0; i < 32; i++, b += 0x22) {
1239 if (b >= 0x100)
1240 b = 0x01;
1241 key[i] = b;
1242 }
1243
1244 return 32; /* length of key in octets or 0 for error */
1245 }
1246}
1247
1248
1249static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
1250 const char* hint, char* identity, unsigned int id_max_len,
1251 unsigned char* key, unsigned int key_max_len, const char** ciphersuite)
1252{
1253 int i;
1254 int b = 0x01;
1255
1256 (void)ssl;
1257 (void)hint;
1258 (void)key_max_len;
1259
1260 /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1261 strncpy(identity, kIdentityStr, id_max_len);
1262
1263 for (i = 0; i < 32; i++, b += 0x22) {
1264 if (b >= 0x100)
1265 b = 0x01;
1266 key[i] = b;
1267 }
1268
1269 *ciphersuite = "TLS13-AES128-GCM-SHA256";
1270
1271 return 32; /* length of key in octets or 0 for error */
1272}
1273
1274
1275static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
1276 const char* identity, unsigned char* key, unsigned int key_max_len,
1277 const char** ciphersuite)
1278{
1279 int i;
1280 int b = 0x01;
1281
1282 (void)ssl;
1283 (void)key_max_len;
1284
1285 /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1286 if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
1287 return 0;
1288
1289 for (i = 0; i < 32; i++, b += 0x22) {
1290 if (b >= 0x100)
1291 b = 0x01;
1292 key[i] = b;
1293 }
1294
1295 *ciphersuite = "TLS13-AES128-GCM-SHA256";
1296
1297 return 32; /* length of key in octets or 0 for error */
1298}
1299
1300#endif /* NO_PSK */
1301
1302
1303#if defined(WOLFSSL_USER_CURRTIME)
1304 extern double current_time(int reset);
1305
1306#elif defined(USE_WINDOWS_API)
1307
1308 #define WIN32_LEAN_AND_MEAN
1309 #include <windows.h>
1310
1311 static WC_INLINE double current_time(int reset)
1312 {
1313 static int init = 0;
1314 static LARGE_INTEGER freq;
1315
1316 LARGE_INTEGER count;
1317
1318 if (!init) {
1319 QueryPerformanceFrequency(&freq);
1320 init = 1;
1321 }
1322
1323 QueryPerformanceCounter(&count);
1324
1325 (void)reset;
1326 return (double)count.QuadPart / freq.QuadPart;
1327 }
1328
1329#elif defined(WOLFSSL_TIRTOS)
1330 extern double current_time();
1331#else
1332
1333#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_CHIBIOS)
1334 #include <sys/time.h>
1335
1336 static WC_INLINE double current_time(int reset)
1337 {
1338 struct timeval tv;
1339 gettimeofday(&tv, 0);
1340 (void)reset;
1341
1342 return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
1343 }
1344#else
1345 extern double current_time(int reset);
1346#endif
1347#endif /* USE_WINDOWS_API */
1348
1349
1350#if defined(HAVE_OCSP) && defined(WOLFSSL_NONBLOCK_OCSP)
1351static WC_INLINE int OCSPIOCb(void* ioCtx, const char* url, int urlSz,
1352 unsigned char* request, int requestSz, unsigned char** response)
1353{
1354#ifdef TEST_NONBLOCK_CERTS
1355 static int ioCbCnt = 0;
1356#endif
1357
1358 (void)ioCtx;
1359 (void)url;
1360 (void)urlSz;
1361 (void)request;
1362 (void)requestSz;
1363 (void)response;
1364
1365#ifdef TEST_NONBLOCK_CERTS
1366 if (ioCbCnt) {
1367 ioCbCnt = 0;
1368 return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
1369 }
1370 else {
1371 ioCbCnt = 1;
1372 return WOLFSSL_CBIO_ERR_WANT_READ;
1373 }
1374#else
1375 return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
1376#endif
1377}
1378
1379static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
1380{
1381 (void)ioCtx;
1382 (void)response;
1383}
1384#endif
1385
1386#if !defined(NO_CERTS)
1387 #if !defined(NO_FILESYSTEM) || \
1388 (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST))
1389
1390 /* reads file size, allocates buffer, reads into buffer, returns buffer */
1391 static WC_INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
1392 {
1393 int ret;
1394 long int fileSz;
1395 XFILE file;
1396
1397 if (fname == NULL || buf == NULL || bufLen == NULL)
1398 return BAD_FUNC_ARG;
1399
1400 /* set defaults */
1401 *buf = NULL;
1402 *bufLen = 0;
1403
1404 /* open file (read-only binary) */
1405 file = fopen(fname, "rb");
1406 if (!file) {
1407 printf("Error loading %s\n", fname);
1408 return BAD_PATH_ERROR;
1409 }
1410
1411 fseek(file, 0, SEEK_END);
1412 fileSz = (int)ftell(file);
1413 rewind(file);
1414 if (fileSz > 0) {
1415 *bufLen = (size_t)fileSz;
1416 *buf = (byte*)malloc(*bufLen);
1417 if (*buf == NULL) {
1418 ret = MEMORY_E;
1419 printf("Error allocating %lu bytes\n", (unsigned long)*bufLen);
1420 }
1421 else {
1422 size_t readLen = fread(*buf, *bufLen, 1, file);
1423
1424 /* check response code */
1425 ret = (readLen > 0) ? 0 : -1;
1426 }
1427 }
1428 else {
1429 ret = BUFFER_E;
1430 }
1431 fclose(file);
1432
1433 return ret;
1434 }
1435
1436 enum {
1437 WOLFSSL_CA = 1,
1438 WOLFSSL_CERT = 2,
1439 WOLFSSL_KEY = 3,
1440 WOLFSSL_CERT_CHAIN = 4,
1441 };
1442
1443 static WC_INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
1444 {
1445 int format = WOLFSSL_FILETYPE_PEM;
1446 byte* buff = NULL;
1447 size_t sz = 0;
1448
1449 if (load_file(fname, &buff, &sz) != 0) {
1450 err_sys("can't open file for buffer load "
1451 "Please run from wolfSSL home directory if not");
1452 }
1453
1454 /* determine format */
1455 if (strstr(fname, ".der"))
1456 format = WOLFSSL_FILETYPE_ASN1;
1457
1458 if (type == WOLFSSL_CA) {
1459 if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
1460 != WOLFSSL_SUCCESS)
1461 err_sys("can't load buffer ca file");
1462 }
1463 else if (type == WOLFSSL_CERT) {
1464 if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, (long)sz,
1465 format) != WOLFSSL_SUCCESS)
1466 err_sys("can't load buffer cert file");
1467 }
1468 else if (type == WOLFSSL_KEY) {
1469 if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, (long)sz,
1470 format) != WOLFSSL_SUCCESS)
1471 err_sys("can't load buffer key file");
1472 }
1473 else if (type == WOLFSSL_CERT_CHAIN) {
1474 if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff,
1475 (long)sz, format) != WOLFSSL_SUCCESS)
1476 err_sys("can't load cert chain buffer");
1477 }
1478
1479 if (buff)
1480 free(buff);
1481 }
1482
1483 static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type)
1484 {
1485 int format = WOLFSSL_FILETYPE_PEM;
1486 byte* buff = NULL;
1487 size_t sz = 0;
1488
1489 if (load_file(fname, &buff, &sz) != 0) {
1490 err_sys("can't open file for buffer load "
1491 "Please run from wolfSSL home directory if not");
1492 }
1493
1494 /* determine format */
1495 if (strstr(fname, ".der"))
1496 format = WOLFSSL_FILETYPE_ASN1;
1497
1498 if (type == WOLFSSL_CA) {
1499 /* verify certs (CA's) use the shared ctx->cm (WOLFSSL_CERT_MANAGER) */
1500 WOLFSSL_CTX* ctx = wolfSSL_get_SSL_CTX(ssl);
1501 if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
1502 != WOLFSSL_SUCCESS)
1503 err_sys("can't load buffer ca file");
1504 }
1505 else if (type == WOLFSSL_CERT) {
1506 if (wolfSSL_use_certificate_buffer(ssl, buff, (long)sz,
1507 format) != WOLFSSL_SUCCESS)
1508 err_sys("can't load buffer cert file");
1509 }
1510 else if (type == WOLFSSL_KEY) {
1511 if (wolfSSL_use_PrivateKey_buffer(ssl, buff, (long)sz,
1512 format) != WOLFSSL_SUCCESS)
1513 err_sys("can't load buffer key file");
1514 }
1515 else if (type == WOLFSSL_CERT_CHAIN) {
1516 if (wolfSSL_use_certificate_chain_buffer_format(ssl, buff,
1517 (long)sz, format) != WOLFSSL_SUCCESS)
1518 err_sys("can't load cert chain buffer");
1519 }
1520
1521 if (buff)
1522 free(buff);
1523 }
1524
1525 #ifdef TEST_PK_PRIVKEY
1526 static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen)
1527 {
1528 int ret;
1529 byte* buf = NULL;
1530 size_t bufLen;
1531
1532 ret = load_file(fname, &buf, &bufLen);
1533 if (ret != 0)
1534 return ret;
1535
1536 *derBuf = (byte*)malloc(bufLen);
1537 if (*derBuf == NULL) {
1538 free(buf);
1539 return MEMORY_E;
1540 }
1541
1542 ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL);
1543 if (ret < 0) {
1544 free(buf);
1545 free(*derBuf);
1546 return ret;
1547 }
1548 *derLen = ret;
1549 free(buf);
1550
1551 return 0;
1552 }
1553 #endif /* TEST_PK_PRIVKEY */
1554
1555 #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */
1556#endif /* !NO_CERTS */
1557
1558static int myVerifyFail = 0;
1559static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
1560{
1561 char buffer[WOLFSSL_MAX_ERROR_SZ];
1562#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
1563 WOLFSSL_X509* peer;
1564#endif
1565 (void)preverify;
1566
1567 /* Verify Callback Arguments:
1568 * preverify: 1=Verify Okay, 0=Failure
1569 * store->error: Failure error code (0 indicates no failure)
1570 * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA)
1571 * store->error_depth: Current Index
1572 * store->domain: Subject CN as string (null term)
1573 * store->totalCerts: Number of certs presented by peer
1574 * store->certs[i]: A `WOLFSSL_BUFFER_INFO` with plain DER for each cert
1575 * store->store: WOLFSSL_X509_STORE with CA cert chain
1576 * store->store->cm: WOLFSSL_CERT_MANAGER
1577 * store->ex_data: The WOLFSSL object pointer
1578 * store->discardSessionCerts: When set to non-zero value session certs
1579 will be discarded (only with SESSION_CERTS)
1580 */
1581
1582 printf("In verification callback, error = %d, %s\n", store->error,
1583 wolfSSL_ERR_error_string(store->error, buffer));
1584#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
1585 peer = store->current_cert;
1586 if (peer) {
1587 char* issuer = wolfSSL_X509_NAME_oneline(
1588 wolfSSL_X509_get_issuer_name(peer), 0, 0);
1589 char* subject = wolfSSL_X509_NAME_oneline(
1590 wolfSSL_X509_get_subject_name(peer), 0, 0);
1591 printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
1592 subject);
1593 XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
1594 XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
1595 }
1596 else
1597 printf("\tPeer has no cert!\n");
1598#else
1599 printf("\tPeer certs: %d\n", store->totalCerts);
1600 #ifdef SHOW_CERTS
1601 { int i;
1602 for (i=0; i<store->totalCerts; i++) {
1603 WOLFSSL_BUFFER_INFO* cert = &store->certs[i];
1604 printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length);
1605 }
1606 }
1607 #endif
1608#endif
1609
1610 printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain);
1611
1612 /* Testing forced fail case by return zero */
1613 if (myVerifyFail) {
1614 return 0; /* test failure case */
1615 }
1616
1617 /* If error indicate we are overriding it for testing purposes */
1618 if (store->error != 0) {
1619 printf("\tAllowing failed certificate check, testing only "
1620 "(shouldn't do this in production)\n");
1621 }
1622
1623 /* A non-zero return code indicates failure override */
1624 return 1;
1625}
1626
1627
1628static WC_INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
1629{
1630 char buffer[WOLFSSL_MAX_ERROR_SZ];
1631 (void)preverify;
1632
1633 printf("In verification callback, error = %d, %s\n", store->error,
1634 wolfSSL_ERR_error_string(store->error, buffer));
1635 printf("Subject's domain name is %s\n", store->domain);
1636
1637 if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
1638 printf("Overriding cert date error as example for bad clock testing\n");
1639 return 1;
1640 }
1641 printf("Cert error is not date error, not overriding\n");
1642
1643 return 0;
1644}
1645
1646
1647#ifdef HAVE_EXT_CACHE
1648
1649static WC_INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id,
1650 int id_len, int* copy)
1651{
1652 (void)ssl;
1653 (void)id;
1654 (void)id_len;
1655 (void)copy;
1656
1657 /* using internal cache, this is for testing only */
1658 return NULL;
1659}
1660
1661static WC_INLINE int mySessNewCb(WOLFSSL* ssl, WOLFSSL_SESSION* session)
1662{
1663 (void)ssl;
1664 (void)session;
1665
1666 /* using internal cache, this is for testing only */
1667 return 0;
1668}
1669
1670static WC_INLINE void mySessRemCb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
1671{
1672 (void)ctx;
1673 (void)session;
1674
1675 /* using internal cache, this is for testing only */
1676}
1677
1678#endif /* HAVE_EXT_CACHE */
1679
1680
1681#ifdef HAVE_CRL
1682
1683static WC_INLINE void CRL_CallBack(const char* url)
1684{
1685 printf("CRL callback url = %s\n", url);
1686}
1687
1688#endif
1689
1690#ifndef NO_DH
1691static WC_INLINE void SetDH(WOLFSSL* ssl)
1692{
1693 /* dh1024 p */
1694 static const unsigned char p[] =
1695 {
1696 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
1697 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
1698 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
1699 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
1700 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
1701 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
1702 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
1703 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
1704 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
1705 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
1706 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
1707 };
1708
1709 /* dh1024 g */
1710 static const unsigned char g[] =
1711 {
1712 0x02,
1713 };
1714
1715 wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
1716}
1717
1718static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
1719{
1720 /* dh1024 p */
1721 static const unsigned char p[] =
1722 {
1723 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
1724 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
1725 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
1726 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
1727 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
1728 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
1729 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
1730 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
1731 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
1732 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
1733 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
1734 };
1735
1736 /* dh1024 g */
1737 static const unsigned char g[] =
1738 {
1739 0x02,
1740 };
1741
1742 wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
1743}
1744#endif /* NO_DH */
1745
1746#ifndef NO_CERTS
1747
1748static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
1749{
1750 (void)der;
1751 printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
1752}
1753
1754#endif /* !NO_CERTS */
1755
1756
1757/* Wolf Root Directory Helper */
1758/* KEIL-RL File System does not support relative directory */
1759#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS)
1760 /* Maximum depth to search for WolfSSL root */
1761 #define MAX_WOLF_ROOT_DEPTH 5
1762
1763 static WC_INLINE int ChangeToWolfRoot(void)
1764 {
1765 #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
1766 int depth, res;
1767 XFILE file;
1768 for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
1769 file = fopen(ntruKeyFile, "rb");
1770 if (file != NULL) {
1771 fclose(file);
1772 return depth;
1773 }
1774 #ifdef USE_WINDOWS_API
1775 res = SetCurrentDirectoryA("..\\");
1776 #else
1777 res = chdir("../");
1778 #endif
1779 if (res < 0) {
1780 printf("chdir to ../ failed!\n");
1781 break;
1782 }
1783 }
1784
1785 err_sys("wolf root not found");
1786 return -1;
1787 #else
1788 return 0;
1789 #endif
1790 }
1791#endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */
1792
1793#ifdef HAVE_STACK_SIZE
1794
1795typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args);
1796#define STACK_CHECK_VAL 0x01
1797
1798static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
1799{
1800 int ret, i, used;
1801 void* status;
1802 unsigned char* myStack = NULL;
1803 int stackSize = 1024*128;
1804 pthread_attr_t myAttr;
1805 pthread_t threadId;
1806
1807#ifdef PTHREAD_STACK_MIN
1808 if (stackSize < PTHREAD_STACK_MIN)
1809 stackSize = PTHREAD_STACK_MIN;
1810#endif
1811
1812 ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
1813 if (ret != 0 || myStack == NULL)
1814 err_sys("posix_memalign failed\n");
1815
1816 XMEMSET(myStack, STACK_CHECK_VAL, stackSize);
1817
1818 ret = pthread_attr_init(&myAttr);
1819 if (ret != 0)
1820 err_sys("attr_init failed");
1821
1822 ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
1823 if (ret != 0)
1824 err_sys("attr_setstackaddr failed");
1825
1826 ret = pthread_create(&threadId, &myAttr, tf, args);
1827 if (ret != 0) {
1828 perror("pthread_create failed");
1829 exit(EXIT_FAILURE);
1830 }
1831
1832 ret = pthread_join(threadId, &status);
1833 if (ret != 0)
1834 err_sys("pthread_join failed");
1835
1836 for (i = 0; i < stackSize; i++) {
1837 if (myStack[i] != STACK_CHECK_VAL) {
1838 break;
1839 }
1840 }
1841
1842 free(myStack);
1843
1844 used = stackSize - i;
1845 printf("stack used = %d\n", used);
1846
1847 return (int)((size_t)status);
1848}
1849
1850
1851#endif /* HAVE_STACK_SIZE */
1852
1853
1854#ifdef STACK_TRAP
1855
1856/* good settings
1857 --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
1858
1859*/
1860
1861#ifdef HAVE_STACK_SIZE
1862 /* client only for now, setrlimit will fail if pthread_create() called */
1863 /* STACK_SIZE does pthread_create() on client */
1864 #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
1865#endif /* HAVE_STACK_SIZE */
1866
1867static WC_INLINE void StackTrap(void)
1868{
1869 struct rlimit rl;
1870 if (getrlimit(RLIMIT_STACK, &rl) != 0)
1871 err_sys("getrlimit failed");
1872 printf("rlim_cur = %llu\n", rl.rlim_cur);
1873 rl.rlim_cur = 1024*21; /* adjust trap size here */
1874 if (setrlimit(RLIMIT_STACK, &rl) != 0) {
1875 perror("setrlimit");
1876 err_sys("setrlimit failed");
1877 }
1878}
1879
1880#else /* STACK_TRAP */
1881
1882static WC_INLINE void StackTrap(void)
1883{
1884}
1885
1886#endif /* STACK_TRAP */
1887
1888
1889#ifdef ATOMIC_USER
1890
1891/* Atomic Encrypt Context example */
1892typedef struct AtomicEncCtx {
1893 int keySetup; /* have we done key setup yet */
1894 Aes aes; /* for aes example */
1895} AtomicEncCtx;
1896
1897
1898/* Atomic Decrypt Context example */
1899typedef struct AtomicDecCtx {
1900 int keySetup; /* have we done key setup yet */
1901 Aes aes; /* for aes example */
1902} AtomicDecCtx;
1903
1904
1905static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
1906 const unsigned char* macIn, unsigned int macInSz, int macContent,
1907 int macVerify, unsigned char* encOut, const unsigned char* encIn,
1908 unsigned int encSz, void* ctx)
1909{
1910 int ret;
1911 Hmac hmac;
1912 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
1913 AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
1914 const char* tlsStr = "TLS";
1915
1916 /* example supports (d)tls aes */
1917 if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
1918 printf("myMacEncryptCb not using AES\n");
1919 return -1;
1920 }
1921
1922 if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
1923 printf("myMacEncryptCb not using (D)TLS\n");
1924 return -1;
1925 }
1926
1927 /* hmac, not needed if aead mode */
1928 wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
1929
1930 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
1931 wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
1932 if (ret != 0)
1933 return ret;
1934 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
1935 if (ret != 0)
1936 return ret;
1937 ret = wc_HmacUpdate(&hmac, macIn, macInSz);
1938 if (ret != 0)
1939 return ret;
1940 ret = wc_HmacFinal(&hmac, macOut);
1941 if (ret != 0)
1942 return ret;
1943
1944
1945 /* encrypt setup on first time */
1946 if (encCtx->keySetup == 0) {
1947 int keyLen = wolfSSL_GetKeySize(ssl);
1948 const byte* key;
1949 const byte* iv;
1950
1951 if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
1952 key = wolfSSL_GetClientWriteKey(ssl);
1953 iv = wolfSSL_GetClientWriteIV(ssl);
1954 }
1955 else {
1956 key = wolfSSL_GetServerWriteKey(ssl);
1957 iv = wolfSSL_GetServerWriteIV(ssl);
1958 }
1959
1960 ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
1961 if (ret != 0) {
1962 printf("AesSetKey failed in myMacEncryptCb\n");
1963 return ret;
1964 }
1965 encCtx->keySetup = 1;
1966 }
1967
1968 /* encrypt */
1969 return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
1970}
1971
1972
1973static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
1974 unsigned char* decOut, const unsigned char* decIn,
1975 unsigned int decSz, int macContent, int macVerify,
1976 unsigned int* padSz, void* ctx)
1977{
1978 AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
1979 int ret = 0;
1980 int macInSz = 0;
1981 int ivExtra = 0;
1982 int digestSz = wolfSSL_GetHmacSize(ssl);
1983 unsigned int pad = 0;
1984 unsigned int padByte = 0;
1985 Hmac hmac;
1986 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
1987 byte verify[WC_MAX_DIGEST_SIZE];
1988 const char* tlsStr = "TLS";
1989
1990 /* example supports (d)tls aes */
1991 if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
1992 printf("myMacEncryptCb not using AES\n");
1993 return -1;
1994 }
1995
1996 if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
1997 printf("myMacEncryptCb not using (D)TLS\n");
1998 return -1;
1999 }
2000
2001 /*decrypt */
2002 if (decCtx->keySetup == 0) {
2003 int keyLen = wolfSSL_GetKeySize(ssl);
2004 const byte* key;
2005 const byte* iv;
2006
2007 /* decrypt is from other side (peer) */
2008 if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
2009 key = wolfSSL_GetClientWriteKey(ssl);
2010 iv = wolfSSL_GetClientWriteIV(ssl);
2011 }
2012 else {
2013 key = wolfSSL_GetServerWriteKey(ssl);
2014 iv = wolfSSL_GetServerWriteIV(ssl);
2015 }
2016
2017 ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
2018 if (ret != 0) {
2019 printf("AesSetKey failed in myDecryptVerifyCb\n");
2020 return ret;
2021 }
2022 decCtx->keySetup = 1;
2023 }
2024
2025 /* decrypt */
2026 ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
2027 if (ret != 0)
2028 return ret;
2029
2030 if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
2031 *padSz = wolfSSL_GetAeadMacSize(ssl);
2032 return 0; /* hmac, not needed if aead mode */
2033 }
2034
2035 if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) {
2036 pad = *(decOut + decSz - 1);
2037 padByte = 1;
2038 if (wolfSSL_IsTLSv1_1(ssl))
2039 ivExtra = wolfSSL_GetCipherBlockSize(ssl);
2040 }
2041
2042 *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte;
2043 macInSz = decSz - ivExtra - digestSz - pad - padByte;
2044
2045 wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
2046
2047 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
2048 wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
2049 if (ret != 0)
2050 return ret;
2051 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
2052 if (ret != 0)
2053 return ret;
2054 ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz);
2055 if (ret != 0)
2056 return ret;
2057 ret = wc_HmacFinal(&hmac, verify);
2058 if (ret != 0)
2059 return ret;
2060
2061 if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte,
2062 digestSz) != 0) {
2063 printf("myDecryptVerify verify failed\n");
2064 return -1;
2065 }
2066
2067 return ret;
2068}
2069
2070
2071static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
2072{
2073 AtomicEncCtx* encCtx;
2074 AtomicDecCtx* decCtx;
2075
2076 encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
2077 if (encCtx == NULL)
2078 err_sys("AtomicEncCtx malloc failed");
2079 XMEMSET(encCtx, 0, sizeof(AtomicEncCtx));
2080
2081 decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
2082 if (decCtx == NULL) {
2083 free(encCtx);
2084 err_sys("AtomicDecCtx malloc failed");
2085 }
2086 XMEMSET(decCtx, 0, sizeof(AtomicDecCtx));
2087
2088 wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
2089 wolfSSL_SetMacEncryptCtx(ssl, encCtx);
2090
2091 wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
2092 wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
2093}
2094
2095
2096static WC_INLINE void FreeAtomicUser(WOLFSSL* ssl)
2097{
2098 AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl);
2099 AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl);
2100
2101 free(decCtx);
2102 free(encCtx);
2103}
2104
2105#endif /* ATOMIC_USER */
2106
2107#ifdef WOLFSSL_STATIC_MEMORY
2108static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
2109{
2110 word16 i;
2111
2112 if (stats == NULL) {
2113 return 0;
2114 }
2115
2116 /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */
2117 fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc);
2118 fprintf(stderr, "Total frees = %d\n", stats->totalFr);
2119 fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc);
2120 fprintf(stderr, "Available IO = %d\n", stats->avaIO);
2121 fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa);
2122 fprintf(stderr, "Max con. IO = %d\n", stats->maxIO);
2123 fprintf(stderr, "State of memory blocks: size : available \n");
2124 for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
2125 fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i],
2126 stats->avaBlock[i]);
2127 }
2128
2129 return 1;
2130}
2131#endif /* WOLFSSL_STATIC_MEMORY */
2132
2133#ifdef HAVE_PK_CALLBACKS
2134
2135typedef struct PkCbInfo {
2136 const char* ourKey;
2137#ifdef TEST_PK_PRIVKEY
2138 union {
2139#ifdef HAVE_ECC
2140 ecc_key ecc;
2141 #endif
2142 #ifdef HAVE_CURVE25519
2143 curve25519_key curve;
2144 #endif
2145 } keyGen;
2146#endif
2147} PkCbInfo;
2148
2149#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY)
2150 #define WOLFSSL_PKMSG(_f_, ...) printf(_f_, ##__VA_ARGS__)
2151#else
2152 #define WOLFSSL_PKMSG(_f_, ...)
2153#endif
2154
2155#ifdef HAVE_ECC
2156
2157static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
2158 int ecc_curve, void* ctx)
2159{
2160 int ret;
2161 WC_RNG rng;
2162 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2163 ecc_key* new_key = key;
2164#ifdef TEST_PK_PRIVKEY
2165 byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
2166 word32 qxLen = sizeof(qx), qyLen = sizeof(qy);
2167 new_key = &cbInfo->keyGen.ecc;
2168#endif
2169
2170 (void)ssl;
2171 (void)cbInfo;
2172
2173 WOLFSSL_PKMSG("PK ECC KeyGen: keySz %d, Curve ID %d\n", keySz, ecc_curve);
2174
2175 ret = wc_InitRng(&rng);
2176 if (ret != 0)
2177 return ret;
2178
2179 ret = wc_ecc_init(new_key);
2180 if (ret == 0) {
2181 /* create new key */
2182 ret = wc_ecc_make_key_ex(&rng, keySz, new_key, ecc_curve);
2183
2184 #ifdef TEST_PK_PRIVKEY
2185 if (ret == 0) {
2186 /* extract public portion from new key into `key` arg */
2187 ret = wc_ecc_export_public_raw(new_key, qx, &qxLen, qy, &qyLen);
2188 if (ret == 0) {
2189 /* load public portion only into key */
2190 ret = wc_ecc_import_unsigned(key, qx, qy, NULL, ecc_curve);
2191 }
2192 (void)qxLen;
2193 (void)qyLen;
2194 }
2195 #endif
2196 }
2197
2198 WOLFSSL_PKMSG("PK ECC KeyGen: ret %d\n", ret);
2199
2200 wc_FreeRng(&rng);
2201
2202 return ret;
2203}
2204
2205static WC_INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
2206 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
2207{
2208 int ret;
2209 WC_RNG rng;
2210 word32 idx = 0;
2211 ecc_key myKey;
2212 byte* keyBuf = (byte*)key;
2213 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2214
2215 (void)ssl;
2216 (void)cbInfo;
2217
2218 WOLFSSL_PKMSG("PK ECC Sign: inSz %d, keySz %d\n", inSz, keySz);
2219
2220#ifdef TEST_PK_PRIVKEY
2221 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2222 if (ret != 0)
2223 return ret;
2224#endif
2225
2226 ret = wc_InitRng(&rng);
2227 if (ret != 0)
2228 return ret;
2229
2230 ret = wc_ecc_init(&myKey);
2231 if (ret == 0) {
2232 ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2233 if (ret == 0) {
2234 WOLFSSL_PKMSG("PK ECC Sign: Curve ID %d\n", myKey.dp->id);
2235 ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
2236 }
2237 wc_ecc_free(&myKey);
2238 }
2239 wc_FreeRng(&rng);
2240
2241#ifdef TEST_PK_PRIVKEY
2242 free(keyBuf);
2243#endif
2244
2245 WOLFSSL_PKMSG("PK ECC Sign: ret %d outSz %d\n", ret, *outSz);
2246
2247 return ret;
2248}
2249
2250
2251static WC_INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
2252 const byte* hash, word32 hashSz, const byte* key, word32 keySz,
2253 int* result, void* ctx)
2254{
2255 int ret;
2256 word32 idx = 0;
2257 ecc_key myKey;
2258 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2259
2260 (void)ssl;
2261 (void)cbInfo;
2262
2263 WOLFSSL_PKMSG("PK ECC Verify: sigSz %d, hashSz %d, keySz %d\n", sigSz, hashSz, keySz);
2264
2265 ret = wc_ecc_init(&myKey);
2266 if (ret == 0) {
2267 ret = wc_EccPublicKeyDecode(key, &idx, &myKey, keySz);
2268 if (ret == 0)
2269 ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
2270 wc_ecc_free(&myKey);
2271 }
2272
2273 WOLFSSL_PKMSG("PK ECC Verify: ret %d, result %d\n", ret, *result);
2274
2275 return ret;
2276}
2277
2278static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
2279 unsigned char* pubKeyDer, unsigned int* pubKeySz,
2280 unsigned char* out, unsigned int* outlen,
2281 int side, void* ctx)
2282{
2283 int ret;
2284 ecc_key* privKey = NULL;
2285 ecc_key* pubKey = NULL;
2286 ecc_key tmpKey;
2287 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2288
2289 (void)ssl;
2290 (void)cbInfo;
2291
2292 WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
2293 side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
2294
2295 ret = wc_ecc_init(&tmpKey);
2296 if (ret != 0) {
2297 return ret;
2298 }
2299
2300 /* for client: create and export public key */
2301 if (side == WOLFSSL_CLIENT_END) {
2302 WC_RNG rng;
2303
2304 privKey = &tmpKey;
2305 pubKey = otherKey;
2306
2307 ret = wc_InitRng(&rng);
2308 if (ret == 0) {
2309 ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id);
2310 #ifdef WOLFSSL_ASYNC_CRYPT
2311 if (ret == WC_PENDING_E) {
2312 ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_NONE);
2313 }
2314 #endif
2315 if (ret == 0)
2316 ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz);
2317 wc_FreeRng(&rng);
2318 }
2319 }
2320
2321 /* for server: import public key */
2322 else if (side == WOLFSSL_SERVER_END) {
2323 #ifdef TEST_PK_PRIVKEY
2324 privKey = &cbInfo->keyGen.ecc;
2325 #else
2326 privKey = otherKey;
2327 #endif
2328 pubKey = &tmpKey;
2329
2330 ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey,
2331 otherKey->dp->id);
2332 }
2333 else {
2334 ret = BAD_FUNC_ARG;
2335 }
2336
2337 /* generate shared secret and return it */
2338 if (ret == 0) {
2339 ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
2340
2341 #ifdef WOLFSSL_ASYNC_CRYPT
2342 if (ret == WC_PENDING_E) {
2343 ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
2344 }
2345 #endif
2346 }
2347
2348#ifdef TEST_PK_PRIVKEY
2349 if (side == WOLFSSL_SERVER_END) {
2350 wc_ecc_free(&cbInfo->keyGen.ecc);
2351 }
2352#endif
2353
2354 wc_ecc_free(&tmpKey);
2355
2356 WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
2357
2358 return ret;
2359}
2360
2361#ifdef HAVE_ED25519
2362static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
2363 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
2364{
2365 int ret;
2366 word32 idx = 0;
2367 ed25519_key myKey;
2368 byte* keyBuf = (byte*)key;
2369 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2370
2371 (void)ssl;
2372 (void)cbInfo;
2373
2374 WOLFSSL_PKMSG("PK 25519 Sign: inSz %d, keySz %d\n", inSz, keySz);
2375
2376#ifdef TEST_PK_PRIVKEY
2377 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2378 if (ret != 0)
2379 return ret;
2380#endif
2381
2382 ret = wc_ed25519_init(&myKey);
2383 if (ret == 0) {
2384 ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2385 if (ret == 0)
2386 ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey);
2387 wc_ed25519_free(&myKey);
2388 }
2389
2390#ifdef TEST_PK_PRIVKEY
2391 free(keyBuf);
2392#endif
2393
2394 WOLFSSL_PKMSG("PK 25519 Sign: ret %d, outSz %d\n", ret, *outSz);
2395
2396 return ret;
2397}
2398
2399
2400static WC_INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
2401 const byte* msg, word32 msgSz, const byte* key, word32 keySz,
2402 int* result, void* ctx)
2403{
2404 int ret;
2405 ed25519_key myKey;
2406 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2407
2408 (void)ssl;
2409 (void)cbInfo;
2410
2411 WOLFSSL_PKMSG("PK 25519 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, keySz);
2412
2413 ret = wc_ed25519_init(&myKey);
2414 if (ret == 0) {
2415 ret = wc_ed25519_import_public(key, keySz, &myKey);
2416 if (ret == 0) {
2417 ret = wc_ed25519_verify_msg(sig, sigSz, msg, msgSz, result, &myKey);
2418 }
2419 wc_ed25519_free(&myKey);
2420 }
2421
2422 WOLFSSL_PKMSG("PK 25519 Verify: ret %d, result %d\n", ret, *result);
2423
2424 return ret;
2425}
2426#endif /* HAVE_ED25519 */
2427
2428#ifdef HAVE_CURVE25519
2429static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key,
2430 unsigned int keySz, void* ctx)
2431{
2432 int ret;
2433 WC_RNG rng;
2434 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2435
2436 (void)ssl;
2437 (void)cbInfo;
2438
2439 WOLFSSL_PKMSG("PK 25519 KeyGen: keySz %d\n", keySz);
2440
2441 ret = wc_InitRng(&rng);
2442 if (ret != 0)
2443 return ret;
2444
2445 ret = wc_curve25519_make_key(&rng, keySz, key);
2446
2447 wc_FreeRng(&rng);
2448
2449 WOLFSSL_PKMSG("PK 25519 KeyGen: ret %d\n", ret);
2450
2451 return ret;
2452}
2453
2454static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey,
2455 unsigned char* pubKeyDer, unsigned int* pubKeySz,
2456 unsigned char* out, unsigned int* outlen,
2457 int side, void* ctx)
2458{
2459 int ret;
2460 curve25519_key* privKey = NULL;
2461 curve25519_key* pubKey = NULL;
2462 curve25519_key tmpKey;
2463 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2464
2465 (void)ssl;
2466 (void)cbInfo;
2467
2468 WOLFSSL_PKMSG("PK 25519 PMS: side %s\n",
2469 side == WOLFSSL_CLIENT_END ? "client" : "server");
2470
2471 ret = wc_curve25519_init(&tmpKey);
2472 if (ret != 0) {
2473 return ret;
2474 }
2475
2476 /* for client: create and export public key */
2477 if (side == WOLFSSL_CLIENT_END) {
2478 WC_RNG rng;
2479
2480 privKey = &tmpKey;
2481 pubKey = otherKey;
2482
2483 ret = wc_InitRng(&rng);
2484 if (ret == 0) {
2485 ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, privKey);
2486 if (ret == 0) {
2487 ret = wc_curve25519_export_public_ex(privKey, pubKeyDer,
2488 pubKeySz, EC25519_LITTLE_ENDIAN);
2489 }
2490 wc_FreeRng(&rng);
2491 }
2492 }
2493
2494 /* for server: import public key */
2495 else if (side == WOLFSSL_SERVER_END) {
2496 privKey = otherKey;
2497 pubKey = &tmpKey;
2498
2499 ret = wc_curve25519_import_public_ex(pubKeyDer, *pubKeySz, pubKey,
2500 EC25519_LITTLE_ENDIAN);
2501 }
2502 else {
2503 ret = BAD_FUNC_ARG;
2504 }
2505
2506 /* generate shared secret and return it */
2507 if (ret == 0) {
2508 ret = wc_curve25519_shared_secret_ex(privKey, pubKey, out, outlen,
2509 EC25519_LITTLE_ENDIAN);
2510 }
2511
2512 wc_curve25519_free(&tmpKey);
2513
2514 WOLFSSL_PKMSG("PK 25519 PMS: ret %d, pubKeySz %d, outLen %d\n",
2515 ret, *pubKeySz, *outlen);
2516
2517 return ret;
2518}
2519#endif /* HAVE_CURVE25519 */
2520
2521#endif /* HAVE_ECC */
2522
2523#ifndef NO_DH
2524static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key,
2525 const unsigned char* priv, unsigned int privSz,
2526 const unsigned char* pubKeyDer, unsigned int pubKeySz,
2527 unsigned char* out, unsigned int* outlen,
2528 void* ctx)
2529{
2530 int ret;
2531 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2532
2533 (void)ssl;
2534 (void)cbInfo;
2535
2536 /* return 0 on success */
2537 ret = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
2538
2539 WOLFSSL_PKMSG("PK ED Agree: ret %d, privSz %d, pubKeySz %d, outlen %d\n",
2540 ret, privSz, pubKeySz, *outlen);
2541
2542 return ret;
2543};
2544
2545#endif /* !NO_DH */
2546
2547#ifndef NO_RSA
2548
2549static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
2550 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
2551{
2552 WC_RNG rng;
2553 int ret;
2554 word32 idx = 0;
2555 RsaKey myKey;
2556 byte* keyBuf = (byte*)key;
2557 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2558
2559 (void)ssl;
2560 (void)cbInfo;
2561
2562 WOLFSSL_PKMSG("PK RSA Sign: inSz %d, keySz %d\n", inSz, keySz);
2563
2564#ifdef TEST_PK_PRIVKEY
2565 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2566 if (ret != 0)
2567 return ret;
2568#endif
2569
2570 ret = wc_InitRng(&rng);
2571 if (ret != 0)
2572 return ret;
2573
2574 ret = wc_InitRsaKey(&myKey, NULL);
2575 if (ret == 0) {
2576 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2577 if (ret == 0)
2578 ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
2579 if (ret > 0) { /* save and convert to 0 success */
2580 *outSz = ret;
2581 ret = 0;
2582 }
2583 wc_FreeRsaKey(&myKey);
2584 }
2585 wc_FreeRng(&rng);
2586
2587#ifdef TEST_PK_PRIVKEY
2588 free(keyBuf);
2589#endif
2590
2591 WOLFSSL_PKMSG("PK RSA Sign: ret %d, outSz %d\n", ret, *outSz);
2592
2593 return ret;
2594}
2595
2596
2597static WC_INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
2598 byte** out, const byte* key, word32 keySz, void* ctx)
2599{
2600 int ret;
2601 word32 idx = 0;
2602 RsaKey myKey;
2603 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2604
2605 (void)ssl;
2606 (void)cbInfo;
2607
2608 WOLFSSL_PKMSG("PK RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz);
2609
2610 ret = wc_InitRsaKey(&myKey, NULL);
2611 if (ret == 0) {
2612 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
2613 if (ret == 0)
2614 ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
2615 wc_FreeRsaKey(&myKey);
2616 }
2617
2618 WOLFSSL_PKMSG("PK RSA Verify: ret %d\n", ret);
2619
2620 return ret;
2621}
2622
2623static WC_INLINE int myRsaSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
2624 byte** out, const byte* key, word32 keySz, void* ctx)
2625{
2626 int ret;
2627 word32 idx = 0;
2628 RsaKey myKey;
2629 byte* keyBuf = (byte*)key;
2630 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2631
2632 (void)ssl;
2633 (void)cbInfo;
2634
2635 WOLFSSL_PKMSG("PK RSA SignCheck: sigSz %d, keySz %d\n", sigSz, keySz);
2636
2637#ifdef TEST_PK_PRIVKEY
2638 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2639 if (ret != 0)
2640 return ret;
2641#endif
2642
2643 ret = wc_InitRsaKey(&myKey, NULL);
2644 if (ret == 0) {
2645 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2646 if (ret == 0)
2647 ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
2648 wc_FreeRsaKey(&myKey);
2649 }
2650#ifdef TEST_PK_PRIVKEY
2651 free(keyBuf);
2652#endif
2653
2654 WOLFSSL_PKMSG("PK RSA SignCheck: ret %d\n", ret);
2655
2656 return ret;
2657}
2658
2659#ifdef WC_RSA_PSS
2660static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
2661 byte* out, word32* outSz, int hash, int mgf, const byte* key,
2662 word32 keySz, void* ctx)
2663{
2664 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
2665 WC_RNG rng;
2666 int ret;
2667 word32 idx = 0;
2668 RsaKey myKey;
2669 byte* keyBuf = (byte*)key;
2670 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2671
2672 (void)ssl;
2673 (void)cbInfo;
2674
2675 WOLFSSL_PKMSG("PK RSA PSS Sign: inSz %d, hash %d, mgf %d, keySz %d\n",
2676 inSz, hash, mgf, keySz);
2677
2678#ifdef TEST_PK_PRIVKEY
2679 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2680 if (ret != 0)
2681 return ret;
2682#endif
2683
2684 switch (hash) {
2685#ifndef NO_SHA256
2686 case SHA256h:
2687 hashType = WC_HASH_TYPE_SHA256;
2688 break;
2689#endif
2690#ifdef WOLFSSL_SHA384
2691 case SHA384h:
2692 hashType = WC_HASH_TYPE_SHA384;
2693 break;
2694#endif
2695#ifdef WOLFSSL_SHA512
2696 case SHA512h:
2697 hashType = WC_HASH_TYPE_SHA512;
2698 break;
2699#endif
2700 }
2701
2702 ret = wc_InitRng(&rng);
2703 if (ret != 0)
2704 return ret;
2705
2706 ret = wc_InitRsaKey(&myKey, NULL);
2707 if (ret == 0) {
2708 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2709 if (ret == 0) {
2710 ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey,
2711 &rng);
2712 }
2713 if (ret > 0) { /* save and convert to 0 success */
2714 *outSz = ret;
2715 ret = 0;
2716 }
2717 wc_FreeRsaKey(&myKey);
2718 }
2719 wc_FreeRng(&rng);
2720
2721#ifdef TEST_PK_PRIVKEY
2722 free(keyBuf);
2723#endif
2724
2725 WOLFSSL_PKMSG("PK RSA PSS Sign: ret %d, outSz %d\n", ret, *outSz);
2726
2727 return ret;
2728}
2729
2730
2731static WC_INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
2732 byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
2733{
2734 int ret;
2735 word32 idx = 0;
2736 RsaKey myKey;
2737 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2738 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
2739
2740 (void)ssl;
2741 (void)cbInfo;
2742
2743 WOLFSSL_PKMSG("PK RSA PSS Verify: sigSz %d, hash %d, mgf %d, keySz %d\n",
2744 sigSz, hash, mgf, keySz);
2745
2746 switch (hash) {
2747#ifndef NO_SHA256
2748 case SHA256h:
2749 hashType = WC_HASH_TYPE_SHA256;
2750 break;
2751#endif
2752#ifdef WOLFSSL_SHA384
2753 case SHA384h:
2754 hashType = WC_HASH_TYPE_SHA384;
2755 break;
2756#endif
2757#ifdef WOLFSSL_SHA512
2758 case SHA512h:
2759 hashType = WC_HASH_TYPE_SHA512;
2760 break;
2761#endif
2762 }
2763
2764 ret = wc_InitRsaKey(&myKey, NULL);
2765 if (ret == 0) {
2766 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
2767 if (ret == 0) {
2768 ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
2769 &myKey);
2770 }
2771 wc_FreeRsaKey(&myKey);
2772 }
2773
2774 WOLFSSL_PKMSG("PK RSA PSS Verify: ret %d\n", ret);
2775
2776 return ret;
2777}
2778
2779static WC_INLINE int myRsaPssSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
2780 byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
2781{
2782 int ret;
2783 word32 idx = 0;
2784 RsaKey myKey;
2785 byte* keyBuf = (byte*)key;
2786 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2787 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
2788
2789 (void)ssl;
2790 (void)cbInfo;
2791
2792 WOLFSSL_PKMSG("PK RSA PSS SignCheck: sigSz %d, hash %d, mgf %d, keySz %d\n",
2793 sigSz, hash, mgf, keySz);
2794
2795#ifdef TEST_PK_PRIVKEY
2796 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2797 if (ret != 0)
2798 return ret;
2799#endif
2800
2801 switch (hash) {
2802#ifndef NO_SHA256
2803 case SHA256h:
2804 hashType = WC_HASH_TYPE_SHA256;
2805 break;
2806#endif
2807#ifdef WOLFSSL_SHA384
2808 case SHA384h:
2809 hashType = WC_HASH_TYPE_SHA384;
2810 break;
2811#endif
2812#ifdef WOLFSSL_SHA512
2813 case SHA512h:
2814 hashType = WC_HASH_TYPE_SHA512;
2815 break;
2816#endif
2817 }
2818
2819 ret = wc_InitRsaKey(&myKey, NULL);
2820 if (ret == 0) {
2821 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2822 if (ret == 0) {
2823 ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
2824 &myKey);
2825 }
2826 wc_FreeRsaKey(&myKey);
2827 }
2828
2829#ifdef TEST_PK_PRIVKEY
2830 free(keyBuf);
2831#endif
2832
2833 WOLFSSL_PKMSG("PK RSA PSS SignCheck: ret %d\n", ret);
2834
2835 return ret;
2836}
2837#endif
2838
2839
2840static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
2841 byte* out, word32* outSz, const byte* key,
2842 word32 keySz, void* ctx)
2843{
2844 int ret;
2845 word32 idx = 0;
2846 RsaKey myKey;
2847 WC_RNG rng;
2848 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2849
2850 (void)ssl;
2851 (void)cbInfo;
2852
2853 WOLFSSL_PKMSG("PK RSA Enc: inSz %d, keySz %d\n", inSz, keySz);
2854
2855 ret = wc_InitRng(&rng);
2856 if (ret != 0)
2857 return ret;
2858
2859 ret = wc_InitRsaKey(&myKey, NULL);
2860 if (ret == 0) {
2861 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
2862 if (ret == 0) {
2863 ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
2864 if (ret > 0) {
2865 *outSz = ret;
2866 ret = 0; /* reset to success */
2867 }
2868 }
2869 wc_FreeRsaKey(&myKey);
2870 }
2871 wc_FreeRng(&rng);
2872
2873 WOLFSSL_PKMSG("PK RSA Enc: ret %d, outSz %d\n", ret, *outSz);
2874
2875 return ret;
2876}
2877
2878static WC_INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
2879 byte** out,
2880 const byte* key, word32 keySz, void* ctx)
2881{
2882 int ret;
2883 word32 idx = 0;
2884 RsaKey myKey;
2885 byte* keyBuf = (byte*)key;
2886 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2887
2888 (void)ssl;
2889 (void)cbInfo;
2890
2891 WOLFSSL_PKMSG("PK RSA Dec: inSz %d, keySz %d\n", inSz, keySz);
2892
2893#ifdef TEST_PK_PRIVKEY
2894 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2895 if (ret != 0)
2896 return ret;
2897#endif
2898
2899 ret = wc_InitRsaKey(&myKey, NULL);
2900 if (ret == 0) {
2901 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2902 if (ret == 0) {
2903 #ifdef WC_RSA_BLINDING
2904 ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
2905 if (ret != 0) {
2906 wc_FreeRsaKey(&myKey);
2907 return ret;
2908 }
2909 #endif
2910 ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
2911 }
2912 wc_FreeRsaKey(&myKey);
2913 }
2914
2915#ifdef TEST_PK_PRIVKEY
2916 free(keyBuf);
2917#endif
2918
2919 WOLFSSL_PKMSG("PK RSA Dec: ret %d\n", ret);
2920
2921 return ret;
2922}
2923
2924#endif /* NO_RSA */
2925
2926static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx)
2927{
2928 (void)ctx;
2929
2930 #ifdef HAVE_ECC
2931 wolfSSL_CTX_SetEccKeyGenCb(ctx, myEccKeyGen);
2932 wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
2933 wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
2934 wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret);
2935 #endif /* HAVE_ECC */
2936 #ifndef NO_DH
2937 wolfSSL_CTX_SetDhAgreeCb(ctx, myDhCallback);
2938 #endif
2939 #ifdef HAVE_ED25519
2940 wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign);
2941 wolfSSL_CTX_SetEd25519VerifyCb(ctx, myEd25519Verify);
2942 #endif
2943 #ifdef HAVE_CURVE25519
2944 wolfSSL_CTX_SetX25519KeyGenCb(ctx, myX25519KeyGen);
2945 wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret);
2946 #endif
2947 #ifndef NO_RSA
2948 wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
2949 wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
2950 wolfSSL_CTX_SetRsaSignCheckCb(ctx, myRsaSignCheck);
2951 #ifdef WC_RSA_PSS
2952 wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign);
2953 wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify);
2954 wolfSSL_CTX_SetRsaPssSignCheckCb(ctx, myRsaPssSignCheck);
2955 #endif
2956 wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
2957 wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
2958 #endif /* NO_RSA */
2959}
2960
2961static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx)
2962{
2963 #ifdef HAVE_ECC
2964 wolfSSL_SetEccKeyGenCtx(ssl, myCtx);
2965 wolfSSL_SetEccSignCtx(ssl, myCtx);
2966 wolfSSL_SetEccVerifyCtx(ssl, myCtx);
2967 wolfSSL_SetEccSharedSecretCtx(ssl, myCtx);
2968 #endif /* HAVE_ECC */
2969 #ifndef NO_DH
2970 wolfSSL_SetDhAgreeCtx(ssl, myCtx);
2971 #endif
2972 #ifdef HAVE_ED25519
2973 wolfSSL_SetEd25519SignCtx(ssl, myCtx);
2974 wolfSSL_SetEd25519VerifyCtx(ssl, myCtx);
2975 #endif
2976 #ifdef HAVE_CURVE25519
2977 wolfSSL_SetX25519KeyGenCtx(ssl, myCtx);
2978 wolfSSL_SetX25519SharedSecretCtx(ssl, myCtx);
2979 #endif
2980 #ifndef NO_RSA
2981 wolfSSL_SetRsaSignCtx(ssl, myCtx);
2982 wolfSSL_SetRsaVerifyCtx(ssl, myCtx);
2983 #ifdef WC_RSA_PSS
2984 wolfSSL_SetRsaPssSignCtx(ssl, myCtx);
2985 wolfSSL_SetRsaPssVerifyCtx(ssl, myCtx);
2986 #endif
2987 wolfSSL_SetRsaEncCtx(ssl, myCtx);
2988 wolfSSL_SetRsaDecCtx(ssl, myCtx);
2989 #endif /* NO_RSA */
2990}
2991
2992#endif /* HAVE_PK_CALLBACKS */
2993
2994
2995
2996
2997#if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \
2998 || defined(_MSC_VER)
2999
3000/* HP/UX doesn't have strsep, needed by test/suites.c */
3001static WC_INLINE char* strsep(char **stringp, const char *delim)
3002{
3003 char* start;
3004 char* end;
3005
3006 start = *stringp;
3007 if (start == NULL)
3008 return NULL;
3009
3010 if ((end = strpbrk(start, delim))) {
3011 *end++ = '\0';
3012 *stringp = end;
3013 } else {
3014 *stringp = NULL;
3015 }
3016
3017 return start;
3018}
3019
3020#endif /* __hpux__ and others */
3021
3022/* Create unique filename, len is length of tempfn name, assuming
3023 len does not include null terminating character,
3024 num is number of characters in tempfn name to randomize */
3025static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
3026{
3027 int x, size;
3028 static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
3029 "abcdefghijklmnopqrstuvwxyz";
3030 WC_RNG rng;
3031 byte out;
3032
3033 if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
3034 printf("Bad input\n");
3035 return NULL;
3036 }
3037
3038 size = len - 1;
3039
3040 if (wc_InitRng(&rng) != 0) {
3041 printf("InitRng failed\n");
3042 return NULL;
3043 }
3044
3045 for (x = size; x > size - num; x--) {
3046 if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
3047 printf("RNG_GenerateBlock failed\n");
3048 return NULL;
3049 }
3050 tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
3051 }
3052 tempfn[len] = '\0';
3053
3054 wc_FreeRng(&rng);
3055 (void)rng; /* for WC_NO_RNG case */
3056
3057 return tempfn;
3058}
3059
3060
3061
3062#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
3063 defined(HAVE_POLY1305)
3064
3065 #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
3066
3067 typedef struct key_ctx {
3068 byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
3069 byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */
3070 } key_ctx;
3071
3072 static THREAD_LS_T key_ctx myKey_ctx;
3073 static THREAD_LS_T WC_RNG myKey_rng;
3074
3075 static WC_INLINE int TicketInit(void)
3076 {
3077 int ret = wc_InitRng(&myKey_rng);
3078 if (ret != 0) return ret;
3079
3080 ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key));
3081 if (ret != 0) return ret;
3082
3083 ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name));
3084 if (ret != 0) return ret;
3085
3086 return 0;
3087 }
3088
3089 static WC_INLINE void TicketCleanup(void)
3090 {
3091 wc_FreeRng(&myKey_rng);
3092 }
3093
3094 static WC_INLINE int myTicketEncCb(WOLFSSL* ssl,
3095 byte key_name[WOLFSSL_TICKET_NAME_SZ],
3096 byte iv[WOLFSSL_TICKET_IV_SZ],
3097 byte mac[WOLFSSL_TICKET_MAC_SZ],
3098 int enc, byte* ticket, int inLen, int* outLen,
3099 void* userCtx)
3100 {
3101 (void)ssl;
3102 (void)userCtx;
3103
3104 int ret;
3105 word16 sLen = XHTONS(inLen);
3106 byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
3107 int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
3108 byte* tmp = aad;
3109
3110 if (enc) {
3111 XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
3112
3113 ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ);
3114 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
3115
3116 /* build aad from key name, iv, and length */
3117 XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
3118 tmp += WOLFSSL_TICKET_NAME_SZ;
3119 XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
3120 tmp += WOLFSSL_TICKET_IV_SZ;
3121 XMEMCPY(tmp, &sLen, 2);
3122
3123 ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
3124 aad, aadSz,
3125 ticket, inLen,
3126 ticket,
3127 mac);
3128 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
3129 *outLen = inLen; /* no padding in this mode */
3130 } else {
3131 /* decrypt */
3132
3133 /* see if we know this key */
3134 if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
3135 printf("client presented unknown ticket key name ");
3136 return WOLFSSL_TICKET_RET_FATAL;
3137 }
3138
3139 /* build aad from key name, iv, and length */
3140 XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
3141 tmp += WOLFSSL_TICKET_NAME_SZ;
3142 XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
3143 tmp += WOLFSSL_TICKET_IV_SZ;
3144 XMEMCPY(tmp, &sLen, 2);
3145
3146 ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
3147 aad, aadSz,
3148 ticket, inLen,
3149 mac,
3150 ticket);
3151 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
3152 *outLen = inLen; /* no padding in this mode */
3153 }
3154
3155 return WOLFSSL_TICKET_RET_OK;
3156 }
3157
3158#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
3159
3160static WC_INLINE word16 GetRandomPort(void)
3161{
3162 word16 port = 0;
3163
3164 /* Generate random port for testing */
3165 WC_RNG rng;
3166 if (wc_InitRng(&rng) == 0) {
3167 if (wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)) == 0) {
3168 port |= 0xC000; /* Make sure its in the 49152 - 65535 range */
3169 }
3170 wc_FreeRng(&rng);
3171 }
3172 (void)rng; /* for WC_NO_RNG case */
3173 return port;
3174}
3175
3176#endif /* wolfSSL_TEST_H */
Note: See TracBrowser for help on using the repository browser.