source: azure_iot_hub/trunk/wolfssl-3.15.7/wolfssl/test.h@ 388

Last change on this file since 388 was 388, checked in by coas-nagasima, 5 years ago

Azure IoT Hub Device C SDK を使ったサンプルの追加
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/x-chdr
File size: 87.0 KB
Line 
1/* test.h */
2
3#ifndef wolfSSL_TEST_H
4#define wolfSSL_TEST_H
5
6#include <stdio.h>
7#include <stdlib.h>
8#include <assert.h>
9#include <ctype.h>
10#include <wolfssl/wolfcrypt/types.h>
11#include <wolfssl/wolfcrypt/error-crypt.h>
12#include <wolfssl/wolfcrypt/random.h>
13#include <wolfssl/wolfcrypt/mem_track.h>
14#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
15 #include <wolfssl/wolfcrypt/asn.h> /* for domain component NID value */
16#endif
17
18#ifdef ATOMIC_USER
19 #include <wolfssl/wolfcrypt/aes.h>
20 #include <wolfssl/wolfcrypt/arc4.h>
21 #include <wolfssl/wolfcrypt/hmac.h>
22#endif
23#ifdef HAVE_PK_CALLBACKS
24 #include <wolfssl/wolfcrypt/asn.h>
25 #ifndef NO_RSA
26 #include <wolfssl/wolfcrypt/rsa.h>
27 #endif
28 #ifdef HAVE_ECC
29 #include <wolfssl/wolfcrypt/ecc.h>
30 #endif /* HAVE_ECC */
31 #ifndef NO_DH
32 #include <wolfssl/wolfcrypt/dh.h>
33 #endif /* !NO_DH */
34 #ifdef HAVE_ED25519
35 #include <wolfssl/wolfcrypt/ed25519.h>
36 #endif /* HAVE_ED25519 */
37 #ifdef HAVE_CURVE25519
38 #include <wolfssl/wolfcrypt/curve25519.h>
39 #endif /* HAVE_ECC */
40#endif /*HAVE_PK_CALLBACKS */
41
42#ifdef USE_WINDOWS_API
43 #include <winsock2.h>
44 #include <process.h>
45 #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */
46 #include <ws2tcpip.h>
47 #include <wspiapi.h>
48 #endif
49 #define SOCKET_T SOCKET
50 #define SNPRINTF _snprintf
51#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
52 #include <string.h>
53 #include "rl_net.h"
54 #define SOCKET_T int
55 typedef int socklen_t ;
56 static unsigned long inet_addr(const char *cp)
57 {
58 unsigned int a[4] ; unsigned long ret ;
59 sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ;
60 ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
61 return(ret) ;
62 }
63 #if defined(HAVE_KEIL_RTX)
64 #define sleep(t) os_dly_wait(t/1000+1) ;
65 #elif defined (WOLFSSL_CMSIS_RTOS)
66 #define sleep(t) osDelay(t/1000+1) ;
67 #endif
68#elif defined(WOLFSSL_TIRTOS)
69 #include <string.h>
70 #include <netdb.h>
71 #include <sys/types.h>
72 #include <arpa/inet.h>
73 #include <sys/socket.h>
74 #include <ti/sysbios/knl/Task.h>
75 struct hostent {
76 char *h_name; /* official name of host */
77 char **h_aliases; /* alias list */
78 int h_addrtype; /* host address type */
79 int h_length; /* length of address */
80 char **h_addr_list; /* list of addresses from name server */
81 };
82 #define SOCKET_T int
83#elif defined(WOLFSSL_VXWORKS)
84 #include <hostLib.h>
85 #include <sockLib.h>
86 #include <arpa/inet.h>
87 #include <string.h>
88 #include <selectLib.h>
89 #include <sys/types.h>
90 #include <netinet/in.h>
91 #include <fcntl.h>
92 #include <sys/time.h>
93 #include <netdb.h>
94 #include <pthread.h>
95 #define SOCKET_T int
96#else
97 #include <string.h>
98 #include <sys/types.h>
99#ifndef WOLFSSL_LEANPSK
100 #include <unistd.h>
101 #include <netdb.h>
102 #include <netinet/in.h>
103 #include <netinet/tcp.h>
104 #include <arpa/inet.h>
105 #include <sys/ioctl.h>
106 #include <sys/time.h>
107 #include <sys/socket.h>
108 #include <pthread.h>
109 #include <fcntl.h>
110 #ifdef TEST_IPV6
111 #include <netdb.h>
112 #endif
113#endif
114 #define SOCKET_T int
115 #ifndef SO_NOSIGPIPE
116 #include <signal.h> /* ignore SIGPIPE */
117 #endif
118 #define SNPRINTF snprintf
119#endif /* USE_WINDOWS_API */
120
121#ifdef WOLFSSL_ASYNC_CRYPT
122 #include <wolfssl/wolfcrypt/async.h>
123#endif
124#ifdef HAVE_CAVIUM
125 #include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
126#endif
127#ifdef _MSC_VER
128 /* disable conversion warning */
129 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
130 #pragma warning(disable:4244 4996)
131#endif
132
133/* Buffer for benchmark tests */
134#ifndef TEST_BUFFER_SIZE
135#define TEST_BUFFER_SIZE 16384
136#endif
137
138#ifndef WOLFSSL_HAVE_MIN
139 #define WOLFSSL_HAVE_MIN
140 static WC_INLINE word32 min(word32 a, word32 b)
141 {
142 return a > b ? b : a;
143 }
144#endif /* WOLFSSL_HAVE_MIN */
145
146/* Socket Handling */
147#ifndef WOLFSSL_SOCKET_INVALID
148#ifdef USE_WINDOWS_API
149 #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET)
150#elif defined(WOLFSSL_TIRTOS)
151 #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1)
152#else
153 #define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0)
154#endif
155#endif /* WOLFSSL_SOCKET_INVALID */
156
157#ifndef WOLFSSL_SOCKET_IS_INVALID
158#if defined(USE_WINDOWS_API) || defined(WOLFSSL_TIRTOS)
159 #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID)
160#else
161 #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID)
162#endif
163#endif /* WOLFSSL_SOCKET_IS_INVALID */
164
165#if defined(__MACH__) || defined(USE_WINDOWS_API)
166 #ifndef _SOCKLEN_T
167 typedef int socklen_t;
168 #endif
169#endif
170
171
172/* HPUX doesn't use socklent_t for third parameter to accept, unless
173 _XOPEN_SOURCE_EXTENDED is defined */
174#if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\
175 && !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET)
176 typedef socklen_t* ACCEPT_THIRD_T;
177#else
178 #if defined _XOPEN_SOURCE_EXTENDED
179 typedef socklen_t* ACCEPT_THIRD_T;
180 #else
181 typedef int* ACCEPT_THIRD_T;
182 #endif
183#endif
184
185
186
187#ifdef SINGLE_THREADED
188 typedef unsigned int THREAD_RETURN;
189 typedef void* THREAD_TYPE;
190 #define WOLFSSL_THREAD
191#else
192 #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
193 typedef void* THREAD_RETURN;
194 typedef pthread_t THREAD_TYPE;
195 #define WOLFSSL_THREAD
196 #define INFINITE -1
197 #define WAIT_OBJECT_0 0L
198 #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET)
199 typedef unsigned int THREAD_RETURN;
200 typedef int THREAD_TYPE;
201 #define WOLFSSL_THREAD
202 #elif defined(WOLFSSL_TIRTOS)
203 typedef void THREAD_RETURN;
204 typedef Task_Handle THREAD_TYPE;
205 #define WOLFSSL_THREAD
206 #else
207 typedef unsigned int THREAD_RETURN;
208 typedef intptr_t THREAD_TYPE;
209 #define WOLFSSL_THREAD __stdcall
210 #endif
211#endif
212
213
214#ifdef TEST_IPV6
215 typedef struct sockaddr_in6 SOCKADDR_IN_T;
216 #define AF_INET_V AF_INET6
217#else
218 typedef struct sockaddr_in SOCKADDR_IN_T;
219 #define AF_INET_V AF_INET
220#endif
221
222
223#ifndef WOLFSSL_NO_TLS12
224#define SERVER_DEFAULT_VERSION 3
225#else
226#define SERVER_DEFAULT_VERSION 4
227#endif
228#define SERVER_DTLS_DEFAULT_VERSION (-2)
229#define SERVER_INVALID_VERSION (-99)
230#define SERVER_DOWNGRADE_VERSION (-98)
231#ifndef WOLFSSL_NO_TLS12
232#define CLIENT_DEFAULT_VERSION 3
233#else
234#define CLIENT_DEFAULT_VERSION 4
235#endif
236#define CLIENT_DTLS_DEFAULT_VERSION (-2)
237#define CLIENT_INVALID_VERSION (-99)
238#define CLIENT_DOWNGRADE_VERSION (-98)
239#define EITHER_DOWNGRADE_VERSION (-97)
240#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
241 #define DEFAULT_MIN_DHKEY_BITS 2048
242 #define DEFAULT_MAX_DHKEY_BITS 3072
243#else
244 #define DEFAULT_MIN_DHKEY_BITS 1024
245 #define DEFAULT_MAX_DHKEY_BITS 2048
246#endif
247#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
248 #define DEFAULT_MIN_RSAKEY_BITS 2048
249#else
250 #define DEFAULT_MIN_RSAKEY_BITS 1024
251#endif
252#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
253 #define DEFAULT_MIN_ECCKEY_BITS 256
254#else
255 #define DEFAULT_MIN_ECCKEY_BITS 224
256#endif
257
258/* all certs relative to wolfSSL home directory now */
259#if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL)
260#define caCertFile "certs/ca-cert.pem"
261#define eccCertFile "certs/server-ecc.pem"
262#define eccKeyFile "certs/ecc-key.pem"
263#define eccRsaCertFile "certs/server-ecc-rsa.pem"
264#define svrCertFile "certs/server-cert.pem"
265#define svrKeyFile "certs/server-key.pem"
266#define cliCertFile "certs/client-cert.pem"
267#define cliCertDerFile "certs/client-cert.der"
268#define cliKeyFile "certs/client-key.pem"
269#define ntruCertFile "certs/ntru-cert.pem"
270#define ntruKeyFile "certs/ntru-key.raw"
271#define dhParamFile "certs/dh2048.pem"
272#define cliEccKeyFile "certs/ecc-client-key.pem"
273#define cliEccCertFile "certs/client-ecc-cert.pem"
274#define caEccCertFile "certs/ca-ecc-cert/pem"
275#define crlPemDir "certs/crl"
276#define edCertFile "certs/ed25519/server-ed25519-cert.pem"
277#define edKeyFile "certs/ed25519/server-ed25519-priv.pem"
278#define cliEdCertFile "certs/ed25519/client-ed25519.pem"
279#define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem"
280#define caEdCertFile "certs/ed25519/ca-ed25519.pem"
281#ifdef HAVE_WNR
282 /* Whitewood netRandom default config file */
283 #define wnrConfig "wnr-example.conf"
284#endif
285#else
286#define caCertFile "./certs/ca-cert.pem"
287#define eccCertFile "./certs/server-ecc.pem"
288#define eccKeyFile "./certs/ecc-key.pem"
289#define eccRsaCertFile "./certs/server-ecc-rsa.pem"
290#define svrCertFile "./certs/server-cert.pem"
291#define svrKeyFile "./certs/server-key.pem"
292#define cliCertFile "./certs/client-cert.pem"
293#define cliCertDerFile "./certs/client-cert.der"
294#define cliKeyFile "./certs/client-key.pem"
295#define ntruCertFile "./certs/ntru-cert.pem"
296#define ntruKeyFile "./certs/ntru-key.raw"
297#define dhParamFile "./certs/dh2048.pem"
298#define cliEccKeyFile "./certs/ecc-client-key.pem"
299#define cliEccCertFile "./certs/client-ecc-cert.pem"
300#define caEccCertFile "./certs/ca-ecc-cert.pem"
301#define crlPemDir "./certs/crl"
302#define edCertFile "./certs/ed25519/server-ed25519.pem"
303#define edKeyFile "./certs/ed25519/server-ed25519-priv.pem"
304#define cliEdCertFile "./certs/ed25519/client-ed25519.pem"
305#define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem"
306#define caEdCertFile "./certs/ed25519/root-ed25519.pem"
307#ifdef HAVE_WNR
308 /* Whitewood netRandom default config file */
309 #define wnrConfig "./wnr-example.conf"
310#endif
311#endif
312
313typedef struct tcp_ready {
314 word16 ready; /* predicate */
315 word16 port;
316 char* srfName; /* server ready file name */
317#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
318 pthread_mutex_t mutex;
319 pthread_cond_t cond;
320#endif
321} tcp_ready;
322
323
324static WC_INLINE void InitTcpReady(tcp_ready* ready)
325{
326 ready->ready = 0;
327 ready->port = 0;
328 ready->srfName = NULL;
329#ifdef SINGLE_THREADED
330#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
331 pthread_mutex_init(&ready->mutex, 0);
332 pthread_cond_init(&ready->cond, 0);
333#endif
334}
335
336
337static WC_INLINE void FreeTcpReady(tcp_ready* ready)
338{
339#ifdef SINGLE_THREADED
340 (void)ready;
341#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
342 pthread_mutex_destroy(&ready->mutex);
343 pthread_cond_destroy(&ready->cond);
344#else
345 (void)ready;
346#endif
347}
348
349typedef WOLFSSL_METHOD* (*method_provider)(void);
350typedef void (*ctx_callback)(WOLFSSL_CTX* ctx);
351typedef void (*ssl_callback)(WOLFSSL* ssl);
352
353typedef struct callback_functions {
354 method_provider method;
355 ctx_callback ctx_ready;
356 ssl_callback ssl_ready;
357 ssl_callback on_result;
358 WOLFSSL_CTX* ctx;
359} callback_functions;
360
361typedef struct func_args {
362 int argc;
363 char** argv;
364 int return_code;
365 tcp_ready* signal;
366 callback_functions *callbacks;
367} func_args;
368
369
370
371
372void wait_tcp_ready(func_args*);
373
374typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
375
376void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
377void join_thread(THREAD_TYPE);
378
379/* wolfSSL */
380#ifndef TEST_IPV6
381 static const char* const wolfSSLIP = "127.0.0.1";
382#else
383 static const char* const wolfSSLIP = "::1";
384#endif
385static const word16 wolfSSLPort = 11111;
386
387
388
389#ifndef MY_EX_USAGE
390#define MY_EX_USAGE 2
391#endif
392
393#ifndef EXIT_FAILURE
394#define EXIT_FAILURE 1
395#endif
396
397#ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST
398 #define XEXIT(rc) return rc
399 #define XEXIT_T(rc) return (THREAD_RETURN)rc
400#else
401 #define XEXIT(rc) exit((int)(rc))
402 #define XEXIT_T(rc) exit((int)(rc))
403#endif
404
405
406static WC_INLINE
407#ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST
408THREAD_RETURN
409#else
410WC_NORETURN void
411#endif
412err_sys(const char* msg)
413{
414 printf("wolfSSL error: %s\n", msg);
415
416#if !defined(__GNUC__)
417 /* scan-build (which pretends to be gnuc) can get confused and think the
418 * msg pointer can be null even when hardcoded and then it won't exit,
419 * making null pointer checks above the err_sys() call useless.
420 * We could just always exit() but some compilers will complain about no
421 * possible return, with gcc we know the attribute to handle that with
422 * WC_NORETURN. */
423 if (msg)
424#endif
425 {
426 XEXIT_T(EXIT_FAILURE);
427 }
428}
429
430
431extern int myoptind;
432extern char* myoptarg;
433
434static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
435{
436 static char* next = NULL;
437
438 char c;
439 char* cp;
440
441 if (myoptind == 0)
442 next = NULL; /* we're starting new/over */
443
444 if (next == NULL || *next == '\0') {
445 if (myoptind == 0)
446 myoptind++;
447
448 if (myoptind >= argc || argv[myoptind][0] != '-' ||
449 argv[myoptind][1] == '\0') {
450 myoptarg = NULL;
451 if (myoptind < argc)
452 myoptarg = argv[myoptind];
453
454 return -1;
455 }
456
457 if (strcmp(argv[myoptind], "--") == 0) {
458 myoptind++;
459 myoptarg = NULL;
460
461 if (myoptind < argc)
462 myoptarg = argv[myoptind];
463
464 return -1;
465 }
466
467 next = argv[myoptind];
468 next++; /* skip - */
469 myoptind++;
470 }
471
472 c = *next++;
473 /* The C++ strchr can return a different value */
474 cp = (char*)strchr(optstring, c);
475
476 if (cp == NULL || c == ':')
477 return '?';
478
479 cp++;
480
481 if (*cp == ':') {
482 if (*next != '\0') {
483 myoptarg = next;
484 next = NULL;
485 }
486 else if (myoptind < argc) {
487 myoptarg = argv[myoptind];
488 myoptind++;
489 }
490 else
491 return '?';
492 }
493
494 return c;
495}
496
497
498#ifdef WOLFSSL_ENCRYPTED_KEYS
499
500static WC_INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
501{
502 (void)rw;
503 (void)userdata;
504 if (userdata != NULL) {
505 strncpy(passwd, (char*)userdata, sz);
506 return (int)XSTRLEN((char*)userdata);
507 }
508 else {
509 strncpy(passwd, "yassl123", sz);
510 return 8;
511}
512}
513
514#endif
515
516static const char* client_showpeer_msg[][8] = {
517 /* English */
518 {
519 "SSL version is",
520 "SSL cipher suite is",
521 "SSL curve name is",
522 "SSL DH size is",
523 "SSL reused session",
524 "Alternate cert chain used",
525 "peer's cert info:",
526 NULL
527 },
528 /* Japanese */
529 {
530 "SSL バージョンは",
531 "SSL 暗号スイートは",
532 "SSL 曲線名は",
533 "SSL DH サイズは",
534 "SSL 再利用セッション",
535 "代替証明チェーンを使用",
536 "相手方証明書情
537å ±",
538 NULL
539 }
540};
541
542#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
543static const char* client_showx509_msg[][5] = {
544 /* English */
545 {
546 "issuer",
547 "subject",
548 "altname",
549 "serial number",
550 NULL
551 },
552 /* Japanese */
553 {
554 "発行者
555",
556 "サブジェクト",
557 "代替名",
558 "シリアル番号",
559 NULL
560 },
561};
562
563/* lng_index is to specify the language for displaying message. */
564/* 0:English, 1:Japanese */
565static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr,
566 int lng_index)
567{
568 char* altName;
569 char* issuer;
570 char* subject;
571 byte serial[32];
572 int ret;
573 int sz = sizeof(serial);
574 const char** words = client_showx509_msg[lng_index];
575
576 if (x509 == NULL) {
577 printf("%s No Cert\n", hdr);
578 return;
579 }
580
581 issuer = wolfSSL_X509_NAME_oneline(
582 wolfSSL_X509_get_issuer_name(x509), 0, 0);
583 subject = wolfSSL_X509_NAME_oneline(
584 wolfSSL_X509_get_subject_name(x509), 0, 0);
585
586 printf("%s\n %s : %s\n %s: %s\n", hdr, words[0], issuer, words[1], subject);
587
588 while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
589 printf(" %s = %s\n", words[2], altName);
590
591 ret = wolfSSL_X509_get_serial_number(x509, serial, &sz);
592 if (ret == WOLFSSL_SUCCESS) {
593 int i;
594 int strLen;
595 char serialMsg[80];
596
597 /* testsuite has multiple threads writing to stdout, get output
598 message ready to write once */
599 strLen = sprintf(serialMsg, " %s", words[3]);
600 for (i = 0; i < sz; i++)
601 sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
602 printf("%s\n", serialMsg);
603 }
604
605 XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
606 XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
607
608#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
609 {
610 WOLFSSL_BIO* bio;
611 char buf[256]; /* should be size of ASN_NAME_MAX */
612 int textSz;
613
614
615 /* print out domain component if certificate has it */
616 textSz = wolfSSL_X509_NAME_get_text_by_NID(
617 wolfSSL_X509_get_subject_name(x509), NID_domainComponent,
618 buf, sizeof(buf));
619 if (textSz > 0) {
620 printf("Domain Component = %s\n", buf);
621 }
622
623 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
624 if (bio != NULL) {
625 wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
626 wolfSSL_X509_print(bio, x509);
627 wolfSSL_BIO_free(bio);
628 }
629 }
630#endif
631}
632/* original ShowX509 to maintain compatibility */
633static WC_INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
634{
635 ShowX509Ex(x509, hdr, 0);
636}
637
638#endif /* KEEP_PEER_CERT || SESSION_CERTS */
639
640#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
641static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count,
642 const char* hdr)
643{
644 int i;
645 int length;
646 unsigned char buffer[3072];
647 WOLFSSL_X509* chainX509;
648
649 for (i = 0; i < count; i++) {
650 wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
651 buffer[length] = 0;
652 printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer);
653
654 chainX509 = wolfSSL_get_chain_X509(chain, i);
655 if (chainX509)
656 ShowX509(chainX509, hdr);
657 else
658 printf("get_chain_X509 failed\n");
659 wolfSSL_FreeX509(chainX509);
660 }
661}
662#endif
663
664/* lng_index is to specify the language for displaying message. */
665/* 0:English, 1:Japanese */
666static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index)
667{
668 WOLFSSL_CIPHER* cipher;
669 const char** words = client_showpeer_msg[lng_index];
670
671#ifdef HAVE_ECC
672 const char *name;
673#endif
674#ifndef NO_DH
675 int bits;
676#endif
677#ifdef KEEP_PEER_CERT
678 WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
679 if (peer)
680 ShowX509Ex(peer, words[6], lng_index);
681 else
682 printf("peer has no cert!\n");
683 wolfSSL_FreeX509(peer);
684#endif
685#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
686 ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
687 printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl));
688#endif /* SHOW_CERTS */
689 printf("%s %s\n", words[0], wolfSSL_get_version(ssl));
690
691 cipher = wolfSSL_get_current_cipher(ssl);
692#ifdef HAVE_QSH
693 printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "",
694 wolfSSL_CIPHER_get_name(cipher));
695#else
696 printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher));
697#endif
698#ifdef HAVE_ECC
699 if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
700 printf("%s %s\n", words[2], name);
701#endif
702#ifndef NO_DH
703 if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0)
704 printf("%s %d bits\n", words[3], bits);
705#endif
706 if (wolfSSL_session_reused(ssl))
707 printf("%s\n", words[4]);
708#ifdef WOLFSSL_ALT_CERT_CHAINS
709 if (wolfSSL_is_peer_alt_cert_chain(ssl))
710 printf("%s\n", words[5]);
711#endif
712
713#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
714 {
715 WOLFSSL_X509_CHAIN* chain;
716
717 chain = wolfSSL_get_peer_chain(ssl);
718 ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "session cert");
719
720 #ifdef WOLFSSL_ALT_CERT_CHAINS
721 if (wolfSSL_is_peer_alt_cert_chain(ssl)) {
722 chain = wolfSSL_get_peer_alt_chain(ssl);
723 ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "alt cert");
724 }
725 #endif
726 }
727#endif /* SESSION_CERTS && SHOW_CERTS */
728 (void)ssl;
729}
730/* original showPeer to maintain compatibility */
731static WC_INLINE void showPeer(WOLFSSL* ssl)
732{
733 showPeerEx(ssl, 0);
734}
735
736static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
737 word16 port, int udp, int sctp)
738{
739 int useLookup = 0;
740 (void)useLookup;
741 (void)udp;
742 (void)sctp;
743
744 if (addr == NULL)
745 err_sys("invalid argument to build_addr, addr is NULL");
746
747 XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T));
748
749#ifndef TEST_IPV6
750 /* peer could be in human readable form */
751 if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) {
752 #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
753 int err;
754 struct hostent* entry = gethostbyname(peer, &err);
755 #elif defined(WOLFSSL_TIRTOS)
756 struct hostent* entry = DNSGetHostByName(peer);
757 #elif defined(WOLFSSL_VXWORKS)
758 struct hostent* entry = (struct hostent*)hostGetByName((char*)peer);
759 #else
760 struct hostent* entry = gethostbyname(peer);
761 #endif
762
763 if (entry) {
764 XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0],
765 entry->h_length);
766 useLookup = 1;
767 }
768 else
769 err_sys("no entry for host");
770 }
771#endif
772
773
774#ifndef TEST_IPV6
775 #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
776 addr->sin_family = PF_INET;
777 #else
778 addr->sin_family = AF_INET_V;
779 #endif
780 addr->sin_port = XHTONS(port);
781 if ((size_t)peer == INADDR_ANY)
782 addr->sin_addr.s_addr = INADDR_ANY;
783 else {
784 if (!useLookup)
785 addr->sin_addr.s_addr = inet_addr(peer);
786 }
787#else
788 addr->sin6_family = AF_INET_V;
789 addr->sin6_port = XHTONS(port);
790 if ((size_t)peer == INADDR_ANY) {
791 addr->sin6_addr = in6addr_any;
792 }
793 else {
794 #ifdef HAVE_GETADDRINFO
795 struct addrinfo hints;
796 struct addrinfo* answer = NULL;
797 int ret;
798 char strPort[80];
799
800 XMEMSET(&hints, 0, sizeof(hints));
801
802 hints.ai_family = AF_INET_V;
803 if (udp) {
804 hints.ai_socktype = SOCK_DGRAM;
805 hints.ai_protocol = IPPROTO_UDP;
806 }
807 #ifdef WOLFSSL_SCTP
808 else if (sctp) {
809 hints.ai_socktype = SOCK_STREAM;
810 hints.ai_protocol = IPPROTO_SCTP;
811 }
812 #endif
813 else {
814 hints.ai_socktype = SOCK_STREAM;
815 hints.ai_protocol = IPPROTO_TCP;
816 }
817
818 SNPRINTF(strPort, sizeof(strPort), "%d", port);
819 strPort[79] = '\0';
820
821 ret = getaddrinfo(peer, strPort, &hints, &answer);
822 if (ret < 0 || answer == NULL)
823 err_sys("getaddrinfo failed");
824
825 XMEMCPY(addr, answer->ai_addr, answer->ai_addrlen);
826 freeaddrinfo(answer);
827 #else
828 printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
829 addr->sin6_addr = in6addr_loopback;
830 #endif
831 }
832#endif
833}
834
835
836static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
837{
838 (void)sctp;
839
840 if (udp)
841 *sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP);
842#ifdef WOLFSSL_SCTP
843 else if (sctp)
844 *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP);
845#endif
846 else
847 *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP);
848
849 if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) {
850 err_sys("socket failed\n");
851 }
852
853#ifndef USE_WINDOWS_API
854#ifdef SO_NOSIGPIPE
855 {
856 int on = 1;
857 socklen_t len = sizeof(on);
858 int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
859 if (res < 0)
860 err_sys("setsockopt SO_NOSIGPIPE failed\n");
861 }
862#elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\
863 defined(WOLFSSL_KEIL_TCP_NET)
864 /* nothing to define */
865#else /* no S_NOSIGPIPE */
866 signal(SIGPIPE, SIG_IGN);
867#endif /* S_NOSIGPIPE */
868
869#if defined(TCP_NODELAY)
870 if (!udp && !sctp)
871 {
872 int on = 1;
873 socklen_t len = sizeof(on);
874 int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
875 if (res < 0)
876 err_sys("setsockopt TCP_NODELAY failed\n");
877 }
878#endif
879#endif /* USE_WINDOWS_API */
880}
881
882static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
883 int udp, int sctp, WOLFSSL* ssl)
884{
885 SOCKADDR_IN_T addr;
886 build_addr(&addr, ip, port, udp, sctp);
887 if (udp) {
888 wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
889 }
890 tcp_socket(sockfd, udp, sctp);
891
892 if (!udp) {
893 if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
894 err_sys("tcp connect failed");
895 }
896}
897
898
899static WC_INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
900{
901 if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
902 err_sys("tcp connect failed");
903}
904
905
906enum {
907 TEST_SELECT_FAIL,
908 TEST_TIMEOUT,
909 TEST_RECV_READY,
910 TEST_ERROR_READY
911};
912
913
914#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \
915 !defined(WOLFSSL_TIRTOS)
916static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
917{
918 fd_set recvfds, errfds;
919 SOCKET_T nfds = socketfd + 1;
920#if !defined(__INTEGRITY)
921 struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
922#else
923 struct timeval timeout;
924#endif
925 int result;
926
927 FD_ZERO(&recvfds);
928 FD_SET(socketfd, &recvfds);
929 FD_ZERO(&errfds);
930 FD_SET(socketfd, &errfds);
931
932#if defined(__INTEGRITY)
933 timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0;
934#endif
935 result = select(nfds, &recvfds, NULL, &errfds, &timeout);
936
937 if (result == 0)
938 return TEST_TIMEOUT;
939 else if (result > 0) {
940 if (FD_ISSET(socketfd, &recvfds))
941 return TEST_RECV_READY;
942 else if(FD_ISSET(socketfd, &errfds))
943 return TEST_ERROR_READY;
944 }
945
946 return TEST_SELECT_FAIL;
947}
948#elif defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_KEIL_TCP_NET)
949static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
950{
951 return TEST_RECV_READY;
952}
953#endif /* !WOLFSSL_MDK_ARM */
954
955
956static WC_INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
957 int udp, int sctp)
958{
959 SOCKADDR_IN_T addr;
960
961 /* don't use INADDR_ANY by default, firewall may block, make user switch
962 on */
963 build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp);
964 tcp_socket(sockfd, udp, sctp);
965
966#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
967 && !defined(WOLFSSL_KEIL_TCP_NET)
968 {
969 int res, on = 1;
970 socklen_t len = sizeof(on);
971 res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
972 if (res < 0)
973 err_sys("setsockopt SO_REUSEADDR failed\n");
974 }
975#endif
976
977 if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
978 err_sys("tcp bind failed");
979 if (!udp) {
980 #ifdef WOLFSSL_KEIL_TCP_NET
981 #define SOCK_LISTEN_MAX_QUEUE 1
982 #else
983 #define SOCK_LISTEN_MAX_QUEUE 5
984 #endif
985 if (listen(*sockfd, SOCK_LISTEN_MAX_QUEUE) != 0)
986 err_sys("tcp listen failed");
987 }
988 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
989 if (*port == 0) {
990 socklen_t len = sizeof(addr);
991 if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
992 #ifndef TEST_IPV6
993 *port = XNTOHS(addr.sin_port);
994 #else
995 *port = XNTOHS(addr.sin6_port);
996 #endif
997 }
998 }
999 #endif
1000}
1001
1002
1003#if 0
1004static WC_INLINE int udp_read_connect(SOCKET_T sockfd)
1005{
1006 SOCKADDR_IN_T cliaddr;
1007 byte b[1500];
1008 int n;
1009 socklen_t len = sizeof(cliaddr);
1010
1011 n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
1012 (struct sockaddr*)&cliaddr, &len);
1013 if (n > 0) {
1014 if (connect(sockfd, (const struct sockaddr*)&cliaddr,
1015 sizeof(cliaddr)) != 0)
1016 err_sys("udp connect failed");
1017 }
1018 else
1019 err_sys("recvfrom failed");
1020
1021 return sockfd;
1022}
1023#endif
1024
1025static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
1026 int useAnyAddr, word16 port, func_args* args)
1027{
1028 SOCKADDR_IN_T addr;
1029
1030 (void)args;
1031 build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0);
1032 tcp_socket(sockfd, 1, 0);
1033
1034
1035#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \
1036 && !defined(WOLFSSL_KEIL_TCP_NET)
1037 {
1038 int res, on = 1;
1039 socklen_t len = sizeof(on);
1040 res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
1041 if (res < 0)
1042 err_sys("setsockopt SO_REUSEADDR failed\n");
1043 }
1044#endif
1045
1046 if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
1047 err_sys("tcp bind failed");
1048
1049 #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
1050 if (port == 0) {
1051 socklen_t len = sizeof(addr);
1052 if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
1053 #ifndef TEST_IPV6
1054 port = XNTOHS(addr.sin_port);
1055 #else
1056 port = XNTOHS(addr.sin6_port);
1057 #endif
1058 }
1059 }
1060 #endif
1061
1062#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
1063 /* signal ready to accept data */
1064 {
1065 tcp_ready* ready = args->signal;
1066 pthread_mutex_lock(&ready->mutex);
1067 ready->ready = 1;
1068 ready->port = port;
1069 pthread_cond_signal(&ready->cond);
1070 pthread_mutex_unlock(&ready->mutex);
1071 }
1072#elif defined (WOLFSSL_TIRTOS)
1073 /* Need mutex? */
1074 tcp_ready* ready = args->signal;
1075 ready->ready = 1;
1076 ready->port = port;
1077#endif
1078
1079 *clientfd = *sockfd;
1080}
1081
1082static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
1083 func_args* args, word16 port, int useAnyAddr,
1084 int udp, int sctp, int ready_file, int do_listen)
1085{
1086 SOCKADDR_IN_T client;
1087 socklen_t client_len = sizeof(client);
1088 tcp_ready* ready = NULL;
1089
1090 (void) ready; /* Account for case when "ready" is not used */
1091
1092 if (udp) {
1093 udp_accept(sockfd, clientfd, useAnyAddr, port, args);
1094 return;
1095 }
1096
1097 if(do_listen) {
1098 tcp_listen(sockfd, &port, useAnyAddr, udp, sctp);
1099
1100 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
1101 /* signal ready to tcp_accept */
1102 if (args)
1103 ready = args->signal;
1104 if (ready) {
1105 pthread_mutex_lock(&ready->mutex);
1106 ready->ready = 1;
1107 ready->port = port;
1108 pthread_cond_signal(&ready->cond);
1109 pthread_mutex_unlock(&ready->mutex);
1110 }
1111 #elif defined (WOLFSSL_TIRTOS)
1112 /* Need mutex? */
1113 if (args)
1114 ready = args->signal;
1115 if (ready) {
1116 ready->ready = 1;
1117 ready->port = port;
1118 }
1119 #endif
1120
1121 if (ready_file) {
1122 #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
1123 XFILE srf = NULL;
1124 if (args)
1125 ready = args->signal;
1126
1127 if (ready) {
1128 srf = fopen(ready->srfName, "w");
1129
1130 if (srf) {
1131 /* let's write port sever is listening on to ready file
1132 external monitor can then do ephemeral ports by passing
1133 -p 0 to server on supported platforms with -R ready_file
1134 client can then wait for existence of ready_file and see
1135 which port the server is listening on. */
1136 fprintf(srf, "%d\n", (int)port);
1137 fclose(srf);
1138 }
1139 }
1140 #endif
1141 }
1142 }
1143
1144 *clientfd = accept(*sockfd, (struct sockaddr*)&client,
1145 (ACCEPT_THIRD_T)&client_len);
1146 if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) {
1147 err_sys("tcp accept failed");
1148 }
1149}
1150
1151
1152static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
1153{
1154 #ifdef USE_WINDOWS_API
1155 unsigned long blocking = 1;
1156 int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
1157 if (ret == SOCKET_ERROR)
1158 err_sys("ioctlsocket failed");
1159 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \
1160 || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS)
1161 /* non blocking not supported, for now */
1162 #else
1163 int flags = fcntl(*sockfd, F_GETFL, 0);
1164 if (flags < 0)
1165 err_sys("fcntl get failed");
1166 flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
1167 if (flags < 0)
1168 err_sys("fcntl set failed");
1169 #endif
1170}
1171
1172
1173#ifndef NO_PSK
1174
1175/* identity is OpenSSL testing default for openssl s_client, keep same */
1176static const char* kIdentityStr = "Client_identity";
1177
1178static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
1179 char* identity, unsigned int id_max_len, unsigned char* key,
1180 unsigned int key_max_len)
1181{
1182 (void)ssl;
1183 (void)hint;
1184 (void)key_max_len;
1185
1186 /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1187 strncpy(identity, kIdentityStr, id_max_len);
1188
1189 if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
1190 /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
1191 unsigned binary */
1192 key[0] = 0x1a;
1193 key[1] = 0x2b;
1194 key[2] = 0x3c;
1195 key[3] = 0x4d;
1196
1197
1198 return 4; /* length of key in octets or 0 for error */
1199}
1200 else {
1201 int i;
1202 int b = 0x01;
1203
1204 for (i = 0; i < 32; i++, b += 0x22) {
1205 if (b >= 0x100)
1206 b = 0x01;
1207 key[i] = b;
1208 }
1209
1210 return 32; /* length of key in octets or 0 for error */
1211 }
1212}
1213
1214
1215static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
1216 unsigned char* key, unsigned int key_max_len)
1217{
1218 (void)ssl;
1219 (void)key_max_len;
1220
1221 /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1222 if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
1223 return 0;
1224
1225 if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
1226 /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
1227 unsigned binary */
1228 key[0] = 0x1a;
1229 key[1] = 0x2b;
1230 key[2] = 0x3c;
1231 key[3] = 0x4d;
1232
1233
1234 return 4; /* length of key in octets or 0 for error */
1235}
1236 else {
1237 int i;
1238 int b = 0x01;
1239
1240 for (i = 0; i < 32; i++, b += 0x22) {
1241 if (b >= 0x100)
1242 b = 0x01;
1243 key[i] = b;
1244 }
1245
1246 return 32; /* length of key in octets or 0 for error */
1247 }
1248}
1249
1250
1251static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
1252 const char* hint, char* identity, unsigned int id_max_len,
1253 unsigned char* key, unsigned int key_max_len, const char** ciphersuite)
1254{
1255 int i;
1256 int b = 0x01;
1257
1258 (void)ssl;
1259 (void)hint;
1260 (void)key_max_len;
1261
1262 /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1263 strncpy(identity, kIdentityStr, id_max_len);
1264
1265 for (i = 0; i < 32; i++, b += 0x22) {
1266 if (b >= 0x100)
1267 b = 0x01;
1268 key[i] = b;
1269 }
1270
1271 *ciphersuite = "TLS13-AES128-GCM-SHA256";
1272
1273 return 32; /* length of key in octets or 0 for error */
1274}
1275
1276
1277static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
1278 const char* identity, unsigned char* key, unsigned int key_max_len,
1279 const char** ciphersuite)
1280{
1281 int i;
1282 int b = 0x01;
1283
1284 (void)ssl;
1285 (void)key_max_len;
1286
1287 /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1288 if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
1289 return 0;
1290
1291 for (i = 0; i < 32; i++, b += 0x22) {
1292 if (b >= 0x100)
1293 b = 0x01;
1294 key[i] = b;
1295 }
1296
1297 *ciphersuite = "TLS13-AES128-GCM-SHA256";
1298
1299 return 32; /* length of key in octets or 0 for error */
1300}
1301
1302#endif /* NO_PSK */
1303
1304
1305#if defined(WOLFSSL_USER_CURRTIME)
1306 extern double current_time(int reset);
1307
1308#elif defined(USE_WINDOWS_API)
1309
1310 #define WIN32_LEAN_AND_MEAN
1311 #include <windows.h>
1312
1313 static WC_INLINE double current_time(int reset)
1314 {
1315 static int init = 0;
1316 static LARGE_INTEGER freq;
1317
1318 LARGE_INTEGER count;
1319
1320 if (!init) {
1321 QueryPerformanceFrequency(&freq);
1322 init = 1;
1323 }
1324
1325 QueryPerformanceCounter(&count);
1326
1327 (void)reset;
1328 return (double)count.QuadPart / freq.QuadPart;
1329 }
1330
1331#elif defined(WOLFSSL_TIRTOS)
1332 extern double current_time();
1333#else
1334
1335#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_CHIBIOS)
1336 #include <sys/time.h>
1337
1338 static WC_INLINE double current_time(int reset)
1339 {
1340 struct timeval tv;
1341 gettimeofday(&tv, 0);
1342 (void)reset;
1343
1344 return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
1345 }
1346#else
1347 extern double current_time(int reset);
1348#endif
1349#endif /* USE_WINDOWS_API */
1350
1351
1352#if defined(HAVE_OCSP) && defined(WOLFSSL_NONBLOCK_OCSP)
1353static WC_INLINE int OCSPIOCb(void* ioCtx, const char* url, int urlSz,
1354 unsigned char* request, int requestSz, unsigned char** response)
1355{
1356#ifdef TEST_NONBLOCK_CERTS
1357 static int ioCbCnt = 0;
1358#endif
1359
1360 (void)ioCtx;
1361 (void)url;
1362 (void)urlSz;
1363 (void)request;
1364 (void)requestSz;
1365 (void)response;
1366
1367#ifdef TEST_NONBLOCK_CERTS
1368 if (ioCbCnt) {
1369 ioCbCnt = 0;
1370 return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
1371 }
1372 else {
1373 ioCbCnt = 1;
1374 return WOLFSSL_CBIO_ERR_WANT_READ;
1375 }
1376#else
1377 return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
1378#endif
1379}
1380
1381static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
1382{
1383 (void)ioCtx;
1384 (void)response;
1385}
1386#endif
1387
1388#if !defined(NO_CERTS)
1389 #if !defined(NO_FILESYSTEM) || \
1390 (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST))
1391
1392 /* reads file size, allocates buffer, reads into buffer, returns buffer */
1393 static WC_INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
1394 {
1395 int ret;
1396 long int fileSz;
1397 XFILE file;
1398
1399 if (fname == NULL || buf == NULL || bufLen == NULL)
1400 return BAD_FUNC_ARG;
1401
1402 /* set defaults */
1403 *buf = NULL;
1404 *bufLen = 0;
1405
1406 /* open file (read-only binary) */
1407 file = fopen(fname, "rb");
1408 if (!file) {
1409 printf("Error loading %s\n", fname);
1410 return BAD_PATH_ERROR;
1411 }
1412
1413 fseek(file, 0, SEEK_END);
1414 fileSz = (int)ftell(file);
1415 rewind(file);
1416 if (fileSz > 0) {
1417 *bufLen = (size_t)fileSz;
1418 *buf = (byte*)malloc(*bufLen);
1419 if (*buf == NULL) {
1420 ret = MEMORY_E;
1421 printf("Error allocating %lu bytes\n", (unsigned long)*bufLen);
1422 }
1423 else {
1424 size_t readLen = fread(*buf, *bufLen, 1, file);
1425
1426 /* check response code */
1427 ret = (readLen > 0) ? 0 : -1;
1428 }
1429 }
1430 else {
1431 ret = BUFFER_E;
1432 }
1433 fclose(file);
1434
1435 return ret;
1436 }
1437
1438 enum {
1439 WOLFSSL_CA = 1,
1440 WOLFSSL_CERT = 2,
1441 WOLFSSL_KEY = 3,
1442 WOLFSSL_CERT_CHAIN = 4,
1443 };
1444
1445 static WC_INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
1446 {
1447 int format = WOLFSSL_FILETYPE_PEM;
1448 byte* buff = NULL;
1449 size_t sz = 0;
1450
1451 if (load_file(fname, &buff, &sz) != 0) {
1452 err_sys("can't open file for buffer load "
1453 "Please run from wolfSSL home directory if not");
1454 }
1455
1456 /* determine format */
1457 if (strstr(fname, ".der"))
1458 format = WOLFSSL_FILETYPE_ASN1;
1459
1460 if (type == WOLFSSL_CA) {
1461 if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
1462 != WOLFSSL_SUCCESS)
1463 err_sys("can't load buffer ca file");
1464 }
1465 else if (type == WOLFSSL_CERT) {
1466 if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, (long)sz,
1467 format) != WOLFSSL_SUCCESS)
1468 err_sys("can't load buffer cert file");
1469 }
1470 else if (type == WOLFSSL_KEY) {
1471 if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, (long)sz,
1472 format) != WOLFSSL_SUCCESS)
1473 err_sys("can't load buffer key file");
1474 }
1475 else if (type == WOLFSSL_CERT_CHAIN) {
1476 if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff,
1477 (long)sz, format) != WOLFSSL_SUCCESS)
1478 err_sys("can't load cert chain buffer");
1479 }
1480
1481 if (buff)
1482 free(buff);
1483 }
1484
1485 static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type)
1486 {
1487 int format = WOLFSSL_FILETYPE_PEM;
1488 byte* buff = NULL;
1489 size_t sz = 0;
1490
1491 if (load_file(fname, &buff, &sz) != 0) {
1492 err_sys("can't open file for buffer load "
1493 "Please run from wolfSSL home directory if not");
1494 }
1495
1496 /* determine format */
1497 if (strstr(fname, ".der"))
1498 format = WOLFSSL_FILETYPE_ASN1;
1499
1500 if (type == WOLFSSL_CA) {
1501 /* verify certs (CA's) use the shared ctx->cm (WOLFSSL_CERT_MANAGER) */
1502 WOLFSSL_CTX* ctx = wolfSSL_get_SSL_CTX(ssl);
1503 if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
1504 != WOLFSSL_SUCCESS)
1505 err_sys("can't load buffer ca file");
1506 }
1507 else if (type == WOLFSSL_CERT) {
1508 if (wolfSSL_use_certificate_buffer(ssl, buff, (long)sz,
1509 format) != WOLFSSL_SUCCESS)
1510 err_sys("can't load buffer cert file");
1511 }
1512 else if (type == WOLFSSL_KEY) {
1513 if (wolfSSL_use_PrivateKey_buffer(ssl, buff, (long)sz,
1514 format) != WOLFSSL_SUCCESS)
1515 err_sys("can't load buffer key file");
1516 }
1517 else if (type == WOLFSSL_CERT_CHAIN) {
1518 if (wolfSSL_use_certificate_chain_buffer_format(ssl, buff,
1519 (long)sz, format) != WOLFSSL_SUCCESS)
1520 err_sys("can't load cert chain buffer");
1521 }
1522
1523 if (buff)
1524 free(buff);
1525 }
1526
1527 #ifdef TEST_PK_PRIVKEY
1528 static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen)
1529 {
1530 int ret;
1531 byte* buf = NULL;
1532 size_t bufLen;
1533
1534 ret = load_file(fname, &buf, &bufLen);
1535 if (ret != 0)
1536 return ret;
1537
1538 *derBuf = (byte*)malloc(bufLen);
1539 if (*derBuf == NULL) {
1540 free(buf);
1541 return MEMORY_E;
1542 }
1543
1544 ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL);
1545 if (ret < 0) {
1546 free(buf);
1547 free(*derBuf);
1548 return ret;
1549 }
1550 *derLen = ret;
1551 free(buf);
1552
1553 return 0;
1554 }
1555 #endif /* TEST_PK_PRIVKEY */
1556
1557 #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */
1558#endif /* !NO_CERTS */
1559
1560static int myVerifyFail = 0;
1561static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
1562{
1563 char buffer[WOLFSSL_MAX_ERROR_SZ];
1564#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
1565 WOLFSSL_X509* peer;
1566#endif
1567 (void)preverify;
1568
1569 /* Verify Callback Arguments:
1570 * preverify: 1=Verify Okay, 0=Failure
1571 * store->error: Failure error code (0 indicates no failure)
1572 * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA)
1573 * store->error_depth: Current Index
1574 * store->domain: Subject CN as string (null term)
1575 * store->totalCerts: Number of certs presented by peer
1576 * store->certs[i]: A `WOLFSSL_BUFFER_INFO` with plain DER for each cert
1577 * store->store: WOLFSSL_X509_STORE with CA cert chain
1578 * store->store->cm: WOLFSSL_CERT_MANAGER
1579 * store->ex_data: The WOLFSSL object pointer
1580 * store->discardSessionCerts: When set to non-zero value session certs
1581 will be discarded (only with SESSION_CERTS)
1582 */
1583
1584 printf("In verification callback, error = %d, %s\n", store->error,
1585 wolfSSL_ERR_error_string(store->error, buffer));
1586#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
1587 peer = store->current_cert;
1588 if (peer) {
1589 char* issuer = wolfSSL_X509_NAME_oneline(
1590 wolfSSL_X509_get_issuer_name(peer), 0, 0);
1591 char* subject = wolfSSL_X509_NAME_oneline(
1592 wolfSSL_X509_get_subject_name(peer), 0, 0);
1593 printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
1594 subject);
1595 XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
1596 XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
1597 }
1598 else
1599 printf("\tPeer has no cert!\n");
1600#else
1601 printf("\tPeer certs: %d\n", store->totalCerts);
1602 #ifdef SHOW_CERTS
1603 { int i;
1604 for (i=0; i<store->totalCerts; i++) {
1605 WOLFSSL_BUFFER_INFO* cert = &store->certs[i];
1606 printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length);
1607 }
1608 }
1609 #endif
1610#endif
1611
1612 printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain);
1613
1614 /* Testing forced fail case by return zero */
1615 if (myVerifyFail) {
1616 return 0; /* test failure case */
1617 }
1618
1619 /* If error indicate we are overriding it for testing purposes */
1620 if (store->error != 0) {
1621 printf("\tAllowing failed certificate check, testing only "
1622 "(shouldn't do this in production)\n");
1623 }
1624
1625 /* A non-zero return code indicates failure override */
1626 return 1;
1627}
1628
1629
1630static WC_INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
1631{
1632 char buffer[WOLFSSL_MAX_ERROR_SZ];
1633 (void)preverify;
1634
1635 printf("In verification callback, error = %d, %s\n", store->error,
1636 wolfSSL_ERR_error_string(store->error, buffer));
1637 printf("Subject's domain name is %s\n", store->domain);
1638
1639 if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
1640 printf("Overriding cert date error as example for bad clock testing\n");
1641 return 1;
1642 }
1643 printf("Cert error is not date error, not overriding\n");
1644
1645 return 0;
1646}
1647
1648
1649#ifdef HAVE_EXT_CACHE
1650
1651static WC_INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id,
1652 int id_len, int* copy)
1653{
1654 (void)ssl;
1655 (void)id;
1656 (void)id_len;
1657 (void)copy;
1658
1659 /* using internal cache, this is for testing only */
1660 return NULL;
1661}
1662
1663static WC_INLINE int mySessNewCb(WOLFSSL* ssl, WOLFSSL_SESSION* session)
1664{
1665 (void)ssl;
1666 (void)session;
1667
1668 /* using internal cache, this is for testing only */
1669 return 0;
1670}
1671
1672static WC_INLINE void mySessRemCb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
1673{
1674 (void)ctx;
1675 (void)session;
1676
1677 /* using internal cache, this is for testing only */
1678}
1679
1680#endif /* HAVE_EXT_CACHE */
1681
1682
1683#ifdef HAVE_CRL
1684
1685static WC_INLINE void CRL_CallBack(const char* url)
1686{
1687 printf("CRL callback url = %s\n", url);
1688}
1689
1690#endif
1691
1692#ifndef NO_DH
1693static WC_INLINE void SetDH(WOLFSSL* ssl)
1694{
1695 /* dh1024 p */
1696 static const unsigned char p[] =
1697 {
1698 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
1699 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
1700 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
1701 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
1702 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
1703 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
1704 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
1705 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
1706 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
1707 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
1708 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
1709 };
1710
1711 /* dh1024 g */
1712 static const unsigned char g[] =
1713 {
1714 0x02,
1715 };
1716
1717 wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
1718}
1719
1720static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
1721{
1722 /* dh1024 p */
1723 static const unsigned char p[] =
1724 {
1725 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
1726 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
1727 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
1728 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
1729 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
1730 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
1731 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
1732 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
1733 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
1734 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
1735 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
1736 };
1737
1738 /* dh1024 g */
1739 static const unsigned char g[] =
1740 {
1741 0x02,
1742 };
1743
1744 wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
1745}
1746#endif /* NO_DH */
1747
1748#ifndef NO_CERTS
1749
1750static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
1751{
1752 (void)der;
1753 printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
1754}
1755
1756#endif /* !NO_CERTS */
1757
1758
1759/* Wolf Root Directory Helper */
1760/* KEIL-RL File System does not support relative directory */
1761#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS)
1762 /* Maximum depth to search for WolfSSL root */
1763 #define MAX_WOLF_ROOT_DEPTH 5
1764
1765 static WC_INLINE int ChangeToWolfRoot(void)
1766 {
1767 #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
1768 int depth, res;
1769 XFILE file;
1770 for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
1771 file = fopen(ntruKeyFile, "rb");
1772 if (file != NULL) {
1773 fclose(file);
1774 return depth;
1775 }
1776 #ifdef USE_WINDOWS_API
1777 res = SetCurrentDirectoryA("..\\");
1778 #else
1779 res = chdir("../");
1780 #endif
1781 if (res < 0) {
1782 printf("chdir to ../ failed!\n");
1783 break;
1784 }
1785 }
1786
1787 err_sys("wolf root not found");
1788 return -1;
1789 #else
1790 return 0;
1791 #endif
1792 }
1793#endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */
1794
1795#ifdef HAVE_STACK_SIZE
1796
1797typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args);
1798#define STACK_CHECK_VAL 0x01
1799
1800static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
1801{
1802 int ret, i, used;
1803 void* status;
1804 unsigned char* myStack = NULL;
1805 int stackSize = 1024*128;
1806 pthread_attr_t myAttr;
1807 pthread_t threadId;
1808
1809#ifdef PTHREAD_STACK_MIN
1810 if (stackSize < PTHREAD_STACK_MIN)
1811 stackSize = PTHREAD_STACK_MIN;
1812#endif
1813
1814 ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
1815 if (ret != 0 || myStack == NULL)
1816 err_sys("posix_memalign failed\n");
1817
1818 XMEMSET(myStack, STACK_CHECK_VAL, stackSize);
1819
1820 ret = pthread_attr_init(&myAttr);
1821 if (ret != 0)
1822 err_sys("attr_init failed");
1823
1824 ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
1825 if (ret != 0)
1826 err_sys("attr_setstackaddr failed");
1827
1828 ret = pthread_create(&threadId, &myAttr, tf, args);
1829 if (ret != 0) {
1830 perror("pthread_create failed");
1831 exit(EXIT_FAILURE);
1832 }
1833
1834 ret = pthread_join(threadId, &status);
1835 if (ret != 0)
1836 err_sys("pthread_join failed");
1837
1838 for (i = 0; i < stackSize; i++) {
1839 if (myStack[i] != STACK_CHECK_VAL) {
1840 break;
1841 }
1842 }
1843
1844 free(myStack);
1845
1846 used = stackSize - i;
1847 printf("stack used = %d\n", used);
1848
1849 return (int)((size_t)status);
1850}
1851
1852
1853#endif /* HAVE_STACK_SIZE */
1854
1855
1856#ifdef STACK_TRAP
1857
1858/* good settings
1859 --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
1860
1861*/
1862
1863#ifdef HAVE_STACK_SIZE
1864 /* client only for now, setrlimit will fail if pthread_create() called */
1865 /* STACK_SIZE does pthread_create() on client */
1866 #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
1867#endif /* HAVE_STACK_SIZE */
1868
1869static WC_INLINE void StackTrap(void)
1870{
1871 struct rlimit rl;
1872 if (getrlimit(RLIMIT_STACK, &rl) != 0)
1873 err_sys("getrlimit failed");
1874 printf("rlim_cur = %llu\n", rl.rlim_cur);
1875 rl.rlim_cur = 1024*21; /* adjust trap size here */
1876 if (setrlimit(RLIMIT_STACK, &rl) != 0) {
1877 perror("setrlimit");
1878 err_sys("setrlimit failed");
1879 }
1880}
1881
1882#else /* STACK_TRAP */
1883
1884static WC_INLINE void StackTrap(void)
1885{
1886}
1887
1888#endif /* STACK_TRAP */
1889
1890
1891#ifdef ATOMIC_USER
1892
1893/* Atomic Encrypt Context example */
1894typedef struct AtomicEncCtx {
1895 int keySetup; /* have we done key setup yet */
1896 Aes aes; /* for aes example */
1897} AtomicEncCtx;
1898
1899
1900/* Atomic Decrypt Context example */
1901typedef struct AtomicDecCtx {
1902 int keySetup; /* have we done key setup yet */
1903 Aes aes; /* for aes example */
1904} AtomicDecCtx;
1905
1906
1907static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
1908 const unsigned char* macIn, unsigned int macInSz, int macContent,
1909 int macVerify, unsigned char* encOut, const unsigned char* encIn,
1910 unsigned int encSz, void* ctx)
1911{
1912 int ret;
1913 Hmac hmac;
1914 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
1915 AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
1916 const char* tlsStr = "TLS";
1917
1918 /* example supports (d)tls aes */
1919 if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
1920 printf("myMacEncryptCb not using AES\n");
1921 return -1;
1922 }
1923
1924 if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
1925 printf("myMacEncryptCb not using (D)TLS\n");
1926 return -1;
1927 }
1928
1929 /* hmac, not needed if aead mode */
1930 wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
1931
1932 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
1933 wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
1934 if (ret != 0)
1935 return ret;
1936 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
1937 if (ret != 0)
1938 return ret;
1939 ret = wc_HmacUpdate(&hmac, macIn, macInSz);
1940 if (ret != 0)
1941 return ret;
1942 ret = wc_HmacFinal(&hmac, macOut);
1943 if (ret != 0)
1944 return ret;
1945
1946
1947 /* encrypt setup on first time */
1948 if (encCtx->keySetup == 0) {
1949 int keyLen = wolfSSL_GetKeySize(ssl);
1950 const byte* key;
1951 const byte* iv;
1952
1953 if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
1954 key = wolfSSL_GetClientWriteKey(ssl);
1955 iv = wolfSSL_GetClientWriteIV(ssl);
1956 }
1957 else {
1958 key = wolfSSL_GetServerWriteKey(ssl);
1959 iv = wolfSSL_GetServerWriteIV(ssl);
1960 }
1961
1962 ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
1963 if (ret != 0) {
1964 printf("AesSetKey failed in myMacEncryptCb\n");
1965 return ret;
1966 }
1967 encCtx->keySetup = 1;
1968 }
1969
1970 /* encrypt */
1971 return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
1972}
1973
1974
1975static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
1976 unsigned char* decOut, const unsigned char* decIn,
1977 unsigned int decSz, int macContent, int macVerify,
1978 unsigned int* padSz, void* ctx)
1979{
1980 AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
1981 int ret = 0;
1982 int macInSz = 0;
1983 int ivExtra = 0;
1984 int digestSz = wolfSSL_GetHmacSize(ssl);
1985 unsigned int pad = 0;
1986 unsigned int padByte = 0;
1987 Hmac hmac;
1988 byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
1989 byte verify[WC_MAX_DIGEST_SIZE];
1990 const char* tlsStr = "TLS";
1991
1992 /* example supports (d)tls aes */
1993 if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
1994 printf("myMacEncryptCb not using AES\n");
1995 return -1;
1996 }
1997
1998 if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
1999 printf("myMacEncryptCb not using (D)TLS\n");
2000 return -1;
2001 }
2002
2003 /*decrypt */
2004 if (decCtx->keySetup == 0) {
2005 int keyLen = wolfSSL_GetKeySize(ssl);
2006 const byte* key;
2007 const byte* iv;
2008
2009 /* decrypt is from other side (peer) */
2010 if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
2011 key = wolfSSL_GetClientWriteKey(ssl);
2012 iv = wolfSSL_GetClientWriteIV(ssl);
2013 }
2014 else {
2015 key = wolfSSL_GetServerWriteKey(ssl);
2016 iv = wolfSSL_GetServerWriteIV(ssl);
2017 }
2018
2019 ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
2020 if (ret != 0) {
2021 printf("AesSetKey failed in myDecryptVerifyCb\n");
2022 return ret;
2023 }
2024 decCtx->keySetup = 1;
2025 }
2026
2027 /* decrypt */
2028 ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
2029 if (ret != 0)
2030 return ret;
2031
2032 if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
2033 *padSz = wolfSSL_GetAeadMacSize(ssl);
2034 return 0; /* hmac, not needed if aead mode */
2035 }
2036
2037 if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) {
2038 pad = *(decOut + decSz - 1);
2039 padByte = 1;
2040 if (wolfSSL_IsTLSv1_1(ssl))
2041 ivExtra = wolfSSL_GetCipherBlockSize(ssl);
2042 }
2043
2044 *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte;
2045 macInSz = decSz - ivExtra - digestSz - pad - padByte;
2046
2047 wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
2048
2049 ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
2050 wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
2051 if (ret != 0)
2052 return ret;
2053 ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
2054 if (ret != 0)
2055 return ret;
2056 ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz);
2057 if (ret != 0)
2058 return ret;
2059 ret = wc_HmacFinal(&hmac, verify);
2060 if (ret != 0)
2061 return ret;
2062
2063 if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte,
2064 digestSz) != 0) {
2065 printf("myDecryptVerify verify failed\n");
2066 return -1;
2067 }
2068
2069 return ret;
2070}
2071
2072
2073static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
2074{
2075 AtomicEncCtx* encCtx;
2076 AtomicDecCtx* decCtx;
2077
2078 encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
2079 if (encCtx == NULL)
2080 err_sys("AtomicEncCtx malloc failed");
2081 XMEMSET(encCtx, 0, sizeof(AtomicEncCtx));
2082
2083 decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
2084 if (decCtx == NULL) {
2085 free(encCtx);
2086 err_sys("AtomicDecCtx malloc failed");
2087 }
2088 XMEMSET(decCtx, 0, sizeof(AtomicDecCtx));
2089
2090 wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
2091 wolfSSL_SetMacEncryptCtx(ssl, encCtx);
2092
2093 wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
2094 wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
2095}
2096
2097
2098static WC_INLINE void FreeAtomicUser(WOLFSSL* ssl)
2099{
2100 AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl);
2101 AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl);
2102
2103 free(decCtx);
2104 free(encCtx);
2105}
2106
2107#endif /* ATOMIC_USER */
2108
2109#ifdef WOLFSSL_STATIC_MEMORY
2110static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
2111{
2112 word16 i;
2113
2114 if (stats == NULL) {
2115 return 0;
2116 }
2117
2118 /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */
2119 fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc);
2120 fprintf(stderr, "Total frees = %d\n", stats->totalFr);
2121 fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc);
2122 fprintf(stderr, "Available IO = %d\n", stats->avaIO);
2123 fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa);
2124 fprintf(stderr, "Max con. IO = %d\n", stats->maxIO);
2125 fprintf(stderr, "State of memory blocks: size : available \n");
2126 for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
2127 fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i],
2128 stats->avaBlock[i]);
2129 }
2130
2131 return 1;
2132}
2133#endif /* WOLFSSL_STATIC_MEMORY */
2134
2135#ifdef HAVE_PK_CALLBACKS
2136
2137typedef struct PkCbInfo {
2138 const char* ourKey;
2139#ifdef TEST_PK_PRIVKEY
2140 union {
2141#ifdef HAVE_ECC
2142 ecc_key ecc;
2143 #endif
2144 #ifdef HAVE_CURVE25519
2145 curve25519_key curve;
2146 #endif
2147 } keyGen;
2148#endif
2149} PkCbInfo;
2150
2151#if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY)
2152 #define WOLFSSL_PKMSG(_f_, ...) printf(_f_, ##__VA_ARGS__)
2153#else
2154 #define WOLFSSL_PKMSG(_f_, ...)
2155#endif
2156
2157#ifdef HAVE_ECC
2158
2159static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
2160 int ecc_curve, void* ctx)
2161{
2162 int ret;
2163 WC_RNG rng;
2164 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2165 ecc_key* new_key = key;
2166#ifdef TEST_PK_PRIVKEY
2167 byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
2168 word32 qxLen = sizeof(qx), qyLen = sizeof(qy);
2169 new_key = &cbInfo->keyGen.ecc;
2170#endif
2171
2172 (void)ssl;
2173 (void)cbInfo;
2174
2175 WOLFSSL_PKMSG("PK ECC KeyGen: keySz %d, Curve ID %d\n", keySz, ecc_curve);
2176
2177 ret = wc_InitRng(&rng);
2178 if (ret != 0)
2179 return ret;
2180
2181 ret = wc_ecc_init(new_key);
2182 if (ret == 0) {
2183 /* create new key */
2184 ret = wc_ecc_make_key_ex(&rng, keySz, new_key, ecc_curve);
2185
2186 #ifdef TEST_PK_PRIVKEY
2187 if (ret == 0) {
2188 /* extract public portion from new key into `key` arg */
2189 ret = wc_ecc_export_public_raw(new_key, qx, &qxLen, qy, &qyLen);
2190 if (ret == 0) {
2191 /* load public portion only into key */
2192 ret = wc_ecc_import_unsigned(key, qx, qy, NULL, ecc_curve);
2193 }
2194 (void)qxLen;
2195 (void)qyLen;
2196 }
2197 #endif
2198 }
2199
2200 WOLFSSL_PKMSG("PK ECC KeyGen: ret %d\n", ret);
2201
2202 wc_FreeRng(&rng);
2203
2204 return ret;
2205}
2206
2207static WC_INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
2208 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
2209{
2210 int ret;
2211 WC_RNG rng;
2212 word32 idx = 0;
2213 ecc_key myKey;
2214 byte* keyBuf = (byte*)key;
2215 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2216
2217 (void)ssl;
2218 (void)cbInfo;
2219
2220 WOLFSSL_PKMSG("PK ECC Sign: inSz %d, keySz %d\n", inSz, keySz);
2221
2222#ifdef TEST_PK_PRIVKEY
2223 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2224 if (ret != 0)
2225 return ret;
2226#endif
2227
2228 ret = wc_InitRng(&rng);
2229 if (ret != 0)
2230 return ret;
2231
2232 ret = wc_ecc_init(&myKey);
2233 if (ret == 0) {
2234 ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2235 if (ret == 0) {
2236 WOLFSSL_PKMSG("PK ECC Sign: Curve ID %d\n", myKey.dp->id);
2237 ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
2238 }
2239 wc_ecc_free(&myKey);
2240 }
2241 wc_FreeRng(&rng);
2242
2243#ifdef TEST_PK_PRIVKEY
2244 free(keyBuf);
2245#endif
2246
2247 WOLFSSL_PKMSG("PK ECC Sign: ret %d outSz %d\n", ret, *outSz);
2248
2249 return ret;
2250}
2251
2252
2253static WC_INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
2254 const byte* hash, word32 hashSz, const byte* key, word32 keySz,
2255 int* result, void* ctx)
2256{
2257 int ret;
2258 word32 idx = 0;
2259 ecc_key myKey;
2260 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2261
2262 (void)ssl;
2263 (void)cbInfo;
2264
2265 WOLFSSL_PKMSG("PK ECC Verify: sigSz %d, hashSz %d, keySz %d\n", sigSz, hashSz, keySz);
2266
2267 ret = wc_ecc_init(&myKey);
2268 if (ret == 0) {
2269 ret = wc_EccPublicKeyDecode(key, &idx, &myKey, keySz);
2270 if (ret == 0)
2271 ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
2272 wc_ecc_free(&myKey);
2273 }
2274
2275 WOLFSSL_PKMSG("PK ECC Verify: ret %d, result %d\n", ret, *result);
2276
2277 return ret;
2278}
2279
2280static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
2281 unsigned char* pubKeyDer, unsigned int* pubKeySz,
2282 unsigned char* out, unsigned int* outlen,
2283 int side, void* ctx)
2284{
2285 int ret;
2286 ecc_key* privKey = NULL;
2287 ecc_key* pubKey = NULL;
2288 ecc_key tmpKey;
2289 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2290
2291 (void)ssl;
2292 (void)cbInfo;
2293
2294 WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
2295 side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
2296
2297 ret = wc_ecc_init(&tmpKey);
2298 if (ret != 0) {
2299 return ret;
2300 }
2301
2302 /* for client: create and export public key */
2303 if (side == WOLFSSL_CLIENT_END) {
2304 WC_RNG rng;
2305
2306 privKey = &tmpKey;
2307 pubKey = otherKey;
2308
2309 ret = wc_InitRng(&rng);
2310 if (ret == 0) {
2311 ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id);
2312 #ifdef WOLFSSL_ASYNC_CRYPT
2313 if (ret == WC_PENDING_E) {
2314 ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_NONE);
2315 }
2316 #endif
2317 if (ret == 0)
2318 ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz);
2319 wc_FreeRng(&rng);
2320 }
2321 }
2322
2323 /* for server: import public key */
2324 else if (side == WOLFSSL_SERVER_END) {
2325 #ifdef TEST_PK_PRIVKEY
2326 privKey = &cbInfo->keyGen.ecc;
2327 #else
2328 privKey = otherKey;
2329 #endif
2330 pubKey = &tmpKey;
2331
2332 ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey,
2333 otherKey->dp->id);
2334 }
2335 else {
2336 ret = BAD_FUNC_ARG;
2337 }
2338
2339 /* generate shared secret and return it */
2340 if (ret == 0) {
2341 ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
2342
2343 #ifdef WOLFSSL_ASYNC_CRYPT
2344 if (ret == WC_PENDING_E) {
2345 ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
2346 }
2347 #endif
2348 }
2349
2350#ifdef TEST_PK_PRIVKEY
2351 if (side == WOLFSSL_SERVER_END) {
2352 wc_ecc_free(&cbInfo->keyGen.ecc);
2353 }
2354#endif
2355
2356 wc_ecc_free(&tmpKey);
2357
2358 WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
2359
2360 return ret;
2361}
2362
2363#ifdef HAVE_ED25519
2364static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
2365 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
2366{
2367 int ret;
2368 word32 idx = 0;
2369 ed25519_key myKey;
2370 byte* keyBuf = (byte*)key;
2371 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2372
2373 (void)ssl;
2374 (void)cbInfo;
2375
2376 WOLFSSL_PKMSG("PK 25519 Sign: inSz %d, keySz %d\n", inSz, keySz);
2377
2378#ifdef TEST_PK_PRIVKEY
2379 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2380 if (ret != 0)
2381 return ret;
2382#endif
2383
2384 ret = wc_ed25519_init(&myKey);
2385 if (ret == 0) {
2386 ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2387 if (ret == 0)
2388 ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey);
2389 wc_ed25519_free(&myKey);
2390 }
2391
2392#ifdef TEST_PK_PRIVKEY
2393 free(keyBuf);
2394#endif
2395
2396 WOLFSSL_PKMSG("PK 25519 Sign: ret %d, outSz %d\n", ret, *outSz);
2397
2398 return ret;
2399}
2400
2401
2402static WC_INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
2403 const byte* msg, word32 msgSz, const byte* key, word32 keySz,
2404 int* result, void* ctx)
2405{
2406 int ret;
2407 ed25519_key myKey;
2408 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2409
2410 (void)ssl;
2411 (void)cbInfo;
2412
2413 WOLFSSL_PKMSG("PK 25519 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, keySz);
2414
2415 ret = wc_ed25519_init(&myKey);
2416 if (ret == 0) {
2417 ret = wc_ed25519_import_public(key, keySz, &myKey);
2418 if (ret == 0) {
2419 ret = wc_ed25519_verify_msg(sig, sigSz, msg, msgSz, result, &myKey);
2420 }
2421 wc_ed25519_free(&myKey);
2422 }
2423
2424 WOLFSSL_PKMSG("PK 25519 Verify: ret %d, result %d\n", ret, *result);
2425
2426 return ret;
2427}
2428#endif /* HAVE_ED25519 */
2429
2430#ifdef HAVE_CURVE25519
2431static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key,
2432 unsigned int keySz, void* ctx)
2433{
2434 int ret;
2435 WC_RNG rng;
2436 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2437
2438 (void)ssl;
2439 (void)cbInfo;
2440
2441 WOLFSSL_PKMSG("PK 25519 KeyGen: keySz %d\n", keySz);
2442
2443 ret = wc_InitRng(&rng);
2444 if (ret != 0)
2445 return ret;
2446
2447 ret = wc_curve25519_make_key(&rng, keySz, key);
2448
2449 wc_FreeRng(&rng);
2450
2451 WOLFSSL_PKMSG("PK 25519 KeyGen: ret %d\n", ret);
2452
2453 return ret;
2454}
2455
2456static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey,
2457 unsigned char* pubKeyDer, unsigned int* pubKeySz,
2458 unsigned char* out, unsigned int* outlen,
2459 int side, void* ctx)
2460{
2461 int ret;
2462 curve25519_key* privKey = NULL;
2463 curve25519_key* pubKey = NULL;
2464 curve25519_key tmpKey;
2465 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2466
2467 (void)ssl;
2468 (void)cbInfo;
2469
2470 WOLFSSL_PKMSG("PK 25519 PMS: side %s\n",
2471 side == WOLFSSL_CLIENT_END ? "client" : "server");
2472
2473 ret = wc_curve25519_init(&tmpKey);
2474 if (ret != 0) {
2475 return ret;
2476 }
2477
2478 /* for client: create and export public key */
2479 if (side == WOLFSSL_CLIENT_END) {
2480 WC_RNG rng;
2481
2482 privKey = &tmpKey;
2483 pubKey = otherKey;
2484
2485 ret = wc_InitRng(&rng);
2486 if (ret == 0) {
2487 ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, privKey);
2488 if (ret == 0) {
2489 ret = wc_curve25519_export_public_ex(privKey, pubKeyDer,
2490 pubKeySz, EC25519_LITTLE_ENDIAN);
2491 }
2492 wc_FreeRng(&rng);
2493 }
2494 }
2495
2496 /* for server: import public key */
2497 else if (side == WOLFSSL_SERVER_END) {
2498 privKey = otherKey;
2499 pubKey = &tmpKey;
2500
2501 ret = wc_curve25519_import_public_ex(pubKeyDer, *pubKeySz, pubKey,
2502 EC25519_LITTLE_ENDIAN);
2503 }
2504 else {
2505 ret = BAD_FUNC_ARG;
2506 }
2507
2508 /* generate shared secret and return it */
2509 if (ret == 0) {
2510 ret = wc_curve25519_shared_secret_ex(privKey, pubKey, out, outlen,
2511 EC25519_LITTLE_ENDIAN);
2512 }
2513
2514 wc_curve25519_free(&tmpKey);
2515
2516 WOLFSSL_PKMSG("PK 25519 PMS: ret %d, pubKeySz %d, outLen %d\n",
2517 ret, *pubKeySz, *outlen);
2518
2519 return ret;
2520}
2521#endif /* HAVE_CURVE25519 */
2522
2523#endif /* HAVE_ECC */
2524
2525#ifndef NO_DH
2526static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key,
2527 const unsigned char* priv, unsigned int privSz,
2528 const unsigned char* pubKeyDer, unsigned int pubKeySz,
2529 unsigned char* out, unsigned int* outlen,
2530 void* ctx)
2531{
2532 int ret;
2533 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2534
2535 (void)ssl;
2536 (void)cbInfo;
2537
2538 /* return 0 on success */
2539 ret = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
2540
2541 WOLFSSL_PKMSG("PK ED Agree: ret %d, privSz %d, pubKeySz %d, outlen %d\n",
2542 ret, privSz, pubKeySz, *outlen);
2543
2544 return ret;
2545};
2546
2547#endif /* !NO_DH */
2548
2549#ifndef NO_RSA
2550
2551static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
2552 byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
2553{
2554 WC_RNG rng;
2555 int ret;
2556 word32 idx = 0;
2557 RsaKey myKey;
2558 byte* keyBuf = (byte*)key;
2559 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2560
2561 (void)ssl;
2562 (void)cbInfo;
2563
2564 WOLFSSL_PKMSG("PK RSA Sign: inSz %d, keySz %d\n", inSz, keySz);
2565
2566#ifdef TEST_PK_PRIVKEY
2567 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2568 if (ret != 0)
2569 return ret;
2570#endif
2571
2572 ret = wc_InitRng(&rng);
2573 if (ret != 0)
2574 return ret;
2575
2576 ret = wc_InitRsaKey(&myKey, NULL);
2577 if (ret == 0) {
2578 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2579 if (ret == 0)
2580 ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
2581 if (ret > 0) { /* save and convert to 0 success */
2582 *outSz = ret;
2583 ret = 0;
2584 }
2585 wc_FreeRsaKey(&myKey);
2586 }
2587 wc_FreeRng(&rng);
2588
2589#ifdef TEST_PK_PRIVKEY
2590 free(keyBuf);
2591#endif
2592
2593 WOLFSSL_PKMSG("PK RSA Sign: ret %d, outSz %d\n", ret, *outSz);
2594
2595 return ret;
2596}
2597
2598
2599static WC_INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
2600 byte** out, const byte* key, word32 keySz, void* ctx)
2601{
2602 int ret;
2603 word32 idx = 0;
2604 RsaKey myKey;
2605 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2606
2607 (void)ssl;
2608 (void)cbInfo;
2609
2610 WOLFSSL_PKMSG("PK RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz);
2611
2612 ret = wc_InitRsaKey(&myKey, NULL);
2613 if (ret == 0) {
2614 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
2615 if (ret == 0)
2616 ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
2617 wc_FreeRsaKey(&myKey);
2618 }
2619
2620 WOLFSSL_PKMSG("PK RSA Verify: ret %d\n", ret);
2621
2622 return ret;
2623}
2624
2625static WC_INLINE int myRsaSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
2626 byte** out, const byte* key, word32 keySz, void* ctx)
2627{
2628 int ret;
2629 word32 idx = 0;
2630 RsaKey myKey;
2631 byte* keyBuf = (byte*)key;
2632 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2633
2634 (void)ssl;
2635 (void)cbInfo;
2636
2637 WOLFSSL_PKMSG("PK RSA SignCheck: sigSz %d, keySz %d\n", sigSz, keySz);
2638
2639#ifdef TEST_PK_PRIVKEY
2640 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2641 if (ret != 0)
2642 return ret;
2643#endif
2644
2645 ret = wc_InitRsaKey(&myKey, NULL);
2646 if (ret == 0) {
2647 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2648 if (ret == 0)
2649 ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
2650 wc_FreeRsaKey(&myKey);
2651 }
2652#ifdef TEST_PK_PRIVKEY
2653 free(keyBuf);
2654#endif
2655
2656 WOLFSSL_PKMSG("PK RSA SignCheck: ret %d\n", ret);
2657
2658 return ret;
2659}
2660
2661#ifdef WC_RSA_PSS
2662static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
2663 byte* out, word32* outSz, int hash, int mgf, const byte* key,
2664 word32 keySz, void* ctx)
2665{
2666 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
2667 WC_RNG rng;
2668 int ret;
2669 word32 idx = 0;
2670 RsaKey myKey;
2671 byte* keyBuf = (byte*)key;
2672 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2673
2674 (void)ssl;
2675 (void)cbInfo;
2676
2677 WOLFSSL_PKMSG("PK RSA PSS Sign: inSz %d, hash %d, mgf %d, keySz %d\n",
2678 inSz, hash, mgf, keySz);
2679
2680#ifdef TEST_PK_PRIVKEY
2681 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2682 if (ret != 0)
2683 return ret;
2684#endif
2685
2686 switch (hash) {
2687#ifndef NO_SHA256
2688 case SHA256h:
2689 hashType = WC_HASH_TYPE_SHA256;
2690 break;
2691#endif
2692#ifdef WOLFSSL_SHA384
2693 case SHA384h:
2694 hashType = WC_HASH_TYPE_SHA384;
2695 break;
2696#endif
2697#ifdef WOLFSSL_SHA512
2698 case SHA512h:
2699 hashType = WC_HASH_TYPE_SHA512;
2700 break;
2701#endif
2702 }
2703
2704 ret = wc_InitRng(&rng);
2705 if (ret != 0)
2706 return ret;
2707
2708 ret = wc_InitRsaKey(&myKey, NULL);
2709 if (ret == 0) {
2710 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2711 if (ret == 0) {
2712 ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey,
2713 &rng);
2714 }
2715 if (ret > 0) { /* save and convert to 0 success */
2716 *outSz = ret;
2717 ret = 0;
2718 }
2719 wc_FreeRsaKey(&myKey);
2720 }
2721 wc_FreeRng(&rng);
2722
2723#ifdef TEST_PK_PRIVKEY
2724 free(keyBuf);
2725#endif
2726
2727 WOLFSSL_PKMSG("PK RSA PSS Sign: ret %d, outSz %d\n", ret, *outSz);
2728
2729 return ret;
2730}
2731
2732
2733static WC_INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
2734 byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
2735{
2736 int ret;
2737 word32 idx = 0;
2738 RsaKey myKey;
2739 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2740 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
2741
2742 (void)ssl;
2743 (void)cbInfo;
2744
2745 WOLFSSL_PKMSG("PK RSA PSS Verify: sigSz %d, hash %d, mgf %d, keySz %d\n",
2746 sigSz, hash, mgf, keySz);
2747
2748 switch (hash) {
2749#ifndef NO_SHA256
2750 case SHA256h:
2751 hashType = WC_HASH_TYPE_SHA256;
2752 break;
2753#endif
2754#ifdef WOLFSSL_SHA384
2755 case SHA384h:
2756 hashType = WC_HASH_TYPE_SHA384;
2757 break;
2758#endif
2759#ifdef WOLFSSL_SHA512
2760 case SHA512h:
2761 hashType = WC_HASH_TYPE_SHA512;
2762 break;
2763#endif
2764 }
2765
2766 ret = wc_InitRsaKey(&myKey, NULL);
2767 if (ret == 0) {
2768 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
2769 if (ret == 0) {
2770 ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
2771 &myKey);
2772 }
2773 wc_FreeRsaKey(&myKey);
2774 }
2775
2776 WOLFSSL_PKMSG("PK RSA PSS Verify: ret %d\n", ret);
2777
2778 return ret;
2779}
2780
2781static WC_INLINE int myRsaPssSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
2782 byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
2783{
2784 int ret;
2785 word32 idx = 0;
2786 RsaKey myKey;
2787 byte* keyBuf = (byte*)key;
2788 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2789 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
2790
2791 (void)ssl;
2792 (void)cbInfo;
2793
2794 WOLFSSL_PKMSG("PK RSA PSS SignCheck: sigSz %d, hash %d, mgf %d, keySz %d\n",
2795 sigSz, hash, mgf, keySz);
2796
2797#ifdef TEST_PK_PRIVKEY
2798 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2799 if (ret != 0)
2800 return ret;
2801#endif
2802
2803 switch (hash) {
2804#ifndef NO_SHA256
2805 case SHA256h:
2806 hashType = WC_HASH_TYPE_SHA256;
2807 break;
2808#endif
2809#ifdef WOLFSSL_SHA384
2810 case SHA384h:
2811 hashType = WC_HASH_TYPE_SHA384;
2812 break;
2813#endif
2814#ifdef WOLFSSL_SHA512
2815 case SHA512h:
2816 hashType = WC_HASH_TYPE_SHA512;
2817 break;
2818#endif
2819 }
2820
2821 ret = wc_InitRsaKey(&myKey, NULL);
2822 if (ret == 0) {
2823 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2824 if (ret == 0) {
2825 ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
2826 &myKey);
2827 }
2828 wc_FreeRsaKey(&myKey);
2829 }
2830
2831#ifdef TEST_PK_PRIVKEY
2832 free(keyBuf);
2833#endif
2834
2835 WOLFSSL_PKMSG("PK RSA PSS SignCheck: ret %d\n", ret);
2836
2837 return ret;
2838}
2839#endif
2840
2841
2842static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
2843 byte* out, word32* outSz, const byte* key,
2844 word32 keySz, void* ctx)
2845{
2846 int ret;
2847 word32 idx = 0;
2848 RsaKey myKey;
2849 WC_RNG rng;
2850 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2851
2852 (void)ssl;
2853 (void)cbInfo;
2854
2855 WOLFSSL_PKMSG("PK RSA Enc: inSz %d, keySz %d\n", inSz, keySz);
2856
2857 ret = wc_InitRng(&rng);
2858 if (ret != 0)
2859 return ret;
2860
2861 ret = wc_InitRsaKey(&myKey, NULL);
2862 if (ret == 0) {
2863 ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
2864 if (ret == 0) {
2865 ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
2866 if (ret > 0) {
2867 *outSz = ret;
2868 ret = 0; /* reset to success */
2869 }
2870 }
2871 wc_FreeRsaKey(&myKey);
2872 }
2873 wc_FreeRng(&rng);
2874
2875 WOLFSSL_PKMSG("PK RSA Enc: ret %d, outSz %d\n", ret, *outSz);
2876
2877 return ret;
2878}
2879
2880static WC_INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
2881 byte** out,
2882 const byte* key, word32 keySz, void* ctx)
2883{
2884 int ret;
2885 word32 idx = 0;
2886 RsaKey myKey;
2887 byte* keyBuf = (byte*)key;
2888 PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2889
2890 (void)ssl;
2891 (void)cbInfo;
2892
2893 WOLFSSL_PKMSG("PK RSA Dec: inSz %d, keySz %d\n", inSz, keySz);
2894
2895#ifdef TEST_PK_PRIVKEY
2896 ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2897 if (ret != 0)
2898 return ret;
2899#endif
2900
2901 ret = wc_InitRsaKey(&myKey, NULL);
2902 if (ret == 0) {
2903 ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2904 if (ret == 0) {
2905 #ifdef WC_RSA_BLINDING
2906 ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
2907 if (ret != 0) {
2908 wc_FreeRsaKey(&myKey);
2909 return ret;
2910 }
2911 #endif
2912 ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
2913 }
2914 wc_FreeRsaKey(&myKey);
2915 }
2916
2917#ifdef TEST_PK_PRIVKEY
2918 free(keyBuf);
2919#endif
2920
2921 WOLFSSL_PKMSG("PK RSA Dec: ret %d\n", ret);
2922
2923 return ret;
2924}
2925
2926#endif /* NO_RSA */
2927
2928static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx)
2929{
2930 (void)ctx;
2931
2932 #ifdef HAVE_ECC
2933 wolfSSL_CTX_SetEccKeyGenCb(ctx, myEccKeyGen);
2934 wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
2935 wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
2936 wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret);
2937 #endif /* HAVE_ECC */
2938 #ifndef NO_DH
2939 wolfSSL_CTX_SetDhAgreeCb(ctx, myDhCallback);
2940 #endif
2941 #ifdef HAVE_ED25519
2942 wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign);
2943 wolfSSL_CTX_SetEd25519VerifyCb(ctx, myEd25519Verify);
2944 #endif
2945 #ifdef HAVE_CURVE25519
2946 wolfSSL_CTX_SetX25519KeyGenCb(ctx, myX25519KeyGen);
2947 wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret);
2948 #endif
2949 #ifndef NO_RSA
2950 wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
2951 wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
2952 wolfSSL_CTX_SetRsaSignCheckCb(ctx, myRsaSignCheck);
2953 #ifdef WC_RSA_PSS
2954 wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign);
2955 wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify);
2956 wolfSSL_CTX_SetRsaPssSignCheckCb(ctx, myRsaPssSignCheck);
2957 #endif
2958 wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
2959 wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
2960 #endif /* NO_RSA */
2961}
2962
2963static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx)
2964{
2965 #ifdef HAVE_ECC
2966 wolfSSL_SetEccKeyGenCtx(ssl, myCtx);
2967 wolfSSL_SetEccSignCtx(ssl, myCtx);
2968 wolfSSL_SetEccVerifyCtx(ssl, myCtx);
2969 wolfSSL_SetEccSharedSecretCtx(ssl, myCtx);
2970 #endif /* HAVE_ECC */
2971 #ifndef NO_DH
2972 wolfSSL_SetDhAgreeCtx(ssl, myCtx);
2973 #endif
2974 #ifdef HAVE_ED25519
2975 wolfSSL_SetEd25519SignCtx(ssl, myCtx);
2976 wolfSSL_SetEd25519VerifyCtx(ssl, myCtx);
2977 #endif
2978 #ifdef HAVE_CURVE25519
2979 wolfSSL_SetX25519KeyGenCtx(ssl, myCtx);
2980 wolfSSL_SetX25519SharedSecretCtx(ssl, myCtx);
2981 #endif
2982 #ifndef NO_RSA
2983 wolfSSL_SetRsaSignCtx(ssl, myCtx);
2984 wolfSSL_SetRsaVerifyCtx(ssl, myCtx);
2985 #ifdef WC_RSA_PSS
2986 wolfSSL_SetRsaPssSignCtx(ssl, myCtx);
2987 wolfSSL_SetRsaPssVerifyCtx(ssl, myCtx);
2988 #endif
2989 wolfSSL_SetRsaEncCtx(ssl, myCtx);
2990 wolfSSL_SetRsaDecCtx(ssl, myCtx);
2991 #endif /* NO_RSA */
2992}
2993
2994#endif /* HAVE_PK_CALLBACKS */
2995
2996
2997
2998
2999#if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \
3000 || defined(_MSC_VER)
3001
3002/* HP/UX doesn't have strsep, needed by test/suites.c */
3003static WC_INLINE char* strsep(char **stringp, const char *delim)
3004{
3005 char* start;
3006 char* end;
3007
3008 start = *stringp;
3009 if (start == NULL)
3010 return NULL;
3011
3012 if ((end = strpbrk(start, delim))) {
3013 *end++ = '\0';
3014 *stringp = end;
3015 } else {
3016 *stringp = NULL;
3017 }
3018
3019 return start;
3020}
3021
3022#endif /* __hpux__ and others */
3023
3024/* Create unique filename, len is length of tempfn name, assuming
3025 len does not include null terminating character,
3026 num is number of characters in tempfn name to randomize */
3027static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
3028{
3029 int x, size;
3030 static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
3031 "abcdefghijklmnopqrstuvwxyz";
3032 WC_RNG rng;
3033 byte out;
3034
3035 if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
3036 printf("Bad input\n");
3037 return NULL;
3038 }
3039
3040 size = len - 1;
3041
3042 if (wc_InitRng(&rng) != 0) {
3043 printf("InitRng failed\n");
3044 return NULL;
3045 }
3046
3047 for (x = size; x > size - num; x--) {
3048 if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
3049 printf("RNG_GenerateBlock failed\n");
3050 return NULL;
3051 }
3052 tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
3053 }
3054 tempfn[len] = '\0';
3055
3056 wc_FreeRng(&rng);
3057 (void)rng; /* for WC_NO_RNG case */
3058
3059 return tempfn;
3060}
3061
3062
3063
3064#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
3065 defined(HAVE_POLY1305)
3066
3067 #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
3068
3069 typedef struct key_ctx {
3070 byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
3071 byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */
3072 } key_ctx;
3073
3074 static THREAD_LS_T key_ctx myKey_ctx;
3075 static THREAD_LS_T WC_RNG myKey_rng;
3076
3077 static WC_INLINE int TicketInit(void)
3078 {
3079 int ret = wc_InitRng(&myKey_rng);
3080 if (ret != 0) return ret;
3081
3082 ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key));
3083 if (ret != 0) return ret;
3084
3085 ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name));
3086 if (ret != 0) return ret;
3087
3088 return 0;
3089 }
3090
3091 static WC_INLINE void TicketCleanup(void)
3092 {
3093 wc_FreeRng(&myKey_rng);
3094 }
3095
3096 static WC_INLINE int myTicketEncCb(WOLFSSL* ssl,
3097 byte key_name[WOLFSSL_TICKET_NAME_SZ],
3098 byte iv[WOLFSSL_TICKET_IV_SZ],
3099 byte mac[WOLFSSL_TICKET_MAC_SZ],
3100 int enc, byte* ticket, int inLen, int* outLen,
3101 void* userCtx)
3102 {
3103 (void)ssl;
3104 (void)userCtx;
3105
3106 int ret;
3107 word16 sLen = XHTONS(inLen);
3108 byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
3109 int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
3110 byte* tmp = aad;
3111
3112 if (enc) {
3113 XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
3114
3115 ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ);
3116 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
3117
3118 /* build aad from key name, iv, and length */
3119 XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
3120 tmp += WOLFSSL_TICKET_NAME_SZ;
3121 XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
3122 tmp += WOLFSSL_TICKET_IV_SZ;
3123 XMEMCPY(tmp, &sLen, 2);
3124
3125 ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
3126 aad, aadSz,
3127 ticket, inLen,
3128 ticket,
3129 mac);
3130 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
3131 *outLen = inLen; /* no padding in this mode */
3132 } else {
3133 /* decrypt */
3134
3135 /* see if we know this key */
3136 if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
3137 printf("client presented unknown ticket key name ");
3138 return WOLFSSL_TICKET_RET_FATAL;
3139 }
3140
3141 /* build aad from key name, iv, and length */
3142 XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
3143 tmp += WOLFSSL_TICKET_NAME_SZ;
3144 XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
3145 tmp += WOLFSSL_TICKET_IV_SZ;
3146 XMEMCPY(tmp, &sLen, 2);
3147
3148 ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
3149 aad, aadSz,
3150 ticket, inLen,
3151 mac,
3152 ticket);
3153 if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
3154 *outLen = inLen; /* no padding in this mode */
3155 }
3156
3157 return WOLFSSL_TICKET_RET_OK;
3158 }
3159
3160#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
3161
3162static WC_INLINE word16 GetRandomPort(void)
3163{
3164 word16 port = 0;
3165
3166 /* Generate random port for testing */
3167 WC_RNG rng;
3168 if (wc_InitRng(&rng) == 0) {
3169 if (wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)) == 0) {
3170 port |= 0xC000; /* Make sure its in the 49152 - 65535 range */
3171 }
3172 wc_FreeRng(&rng);
3173 }
3174 (void)rng; /* for WC_NO_RNG case */
3175 return port;
3176}
3177
3178#endif /* wolfSSL_TEST_H */
Note: See TracBrowser for help on using the repository browser.