Changeset 464 for azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility

Timestamp:

Jun 22, 2021, 9:00:19 PM (3 years ago)

Author:

coas-nagasima

Message:

WolfSSLとAzure IoT SDKを更新

Location:

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility

Files:

• adapters/httpapi_compact.c (modified) (16 diffs)
• adapters/platform_toppers.c (modified) (1 diff)
• adapters/tlsio_wolfssl.c (modified) (21 diffs)
• inc/azure_c_shared_utility/crt_abstractions.h (modified) (3 diffs)
• inc/azure_c_shared_utility/sastoken.h (modified) (2 diffs)
• inc/azure_c_shared_utility/shared_util_options.h (modified) (2 diffs)
• inc/azure_c_shared_utility/tickcounter.h (modified) (1 diff)
• src/buffer.c (modified) (1 diff)
• src/crt_abstractions.c (modified) (3 diffs)
• src/httpapiexsas.c (modified) (2 diffs)
• src/sastoken.c (modified) (5 diffs)
• src/sha384-512.c (modified) (1 diff)

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/adapters/httpapi_compact.c

@@ -51 +51 @@
     char*           x509ClientCertificate;
     char*           x509ClientPrivateKey;
-    const char*     proxy_host;
-    int             proxy_port;
-    const char*     proxy_username;
-    const char*     proxy_password;
     XIO_HANDLE      xio_handle;
     size_t          received_bytes_count;
@@ -205 +201 @@
 {
     HTTP_HANDLE_DATA* http_instance;
+    TLSIO_CONFIG tlsio_config;
 
     if (hostName == NULL)
@@ -226 +223 @@
             LogError("There is no memory to control the http connection");
         }
-        else if(mallocAndStrcpy_s((char**)&(http_instance->hostName), hostName) != 0)
-        {
-            LogError("failure allocate host name");
+        else if (mallocAndStrcpy_s(&http_instance->hostName, hostName) != 0)
+        {
+            LogError("Failed copying hostname");
             free(http_instance);
             http_instance = NULL;
@@ -234 +231 @@
         else
         {
-            http_instance->xio_handle = NULL;
-            http_instance->is_connected = 0;
-            http_instance->is_io_error = 0;
-            http_instance->received_bytes_count = 0;
-            http_instance->received_bytes = NULL;
-            http_instance->certificate = NULL;
-            http_instance->x509ClientCertificate = NULL;
-            http_instance->x509ClientPrivateKey = NULL;
-            http_instance->proxy_host = NULL;
-            http_instance->proxy_port = 0;
-            http_instance->proxy_username = NULL;
-            http_instance->proxy_password = NULL;
+            tlsio_config.hostname = http_instance->hostName;
+            tlsio_config.port = 443;
+            tlsio_config.underlying_io_interface = NULL;
+            tlsio_config.underlying_io_parameters = NULL;
+
+            http_instance->xio_handle = xio_create(platform_get_default_tlsio(), (void*)&tlsio_config);
+
+            /*Codes_SRS_HTTPAPI_COMPACT_21_016: [ If the HTTPAPI_CreateConnection failed to create the connection, it shall return NULL as the handle. ]*/
+            if (http_instance->xio_handle == NULL)
+            {
+                LogError("Create connection failed");
+                free(http_instance->hostName);
+                free(http_instance);
+                http_instance = NULL;
+            }
+            else
+            {
+                http_instance->is_connected = 0;
+                http_instance->is_io_error = 0;
+                http_instance->received_bytes_count = 0;
+                http_instance->received_bytes = NULL;
+                http_instance->certificate = NULL;
+                http_instance->x509ClientCertificate = NULL;
+                http_instance->x509ClientPrivateKey = NULL;
+            }
         }
     }
@@ -311 +321 @@
         }
 
-        if (http_instance->hostName != NULL)
-        {
-            free((void*)http_instance->hostName);
-        }
-
 #ifndef DO_NOT_COPY_TRUSTED_CERTS_STRING
         /*Codes_SRS_HTTPAPI_COMPACT_21_018: [ If there is a certificate associated to this connection, the HTTPAPI_CloseConnection shall free all allocated memory for the certificate. ]*/
@@ -336 +341 @@
         }
 
-        if (http_instance->proxy_host != NULL)
-        {
-            free((void*)http_instance->proxy_host);
-        }
-        if (http_instance->proxy_username != NULL)
-        {
-            free((void*)http_instance->proxy_username);
-        }
-        if (http_instance->proxy_password != NULL)
-        {
-            free((void*)http_instance->proxy_password);
+        if (http_instance->hostName)
+        {
+            free(http_instance->hostName);
         }
 
@@ -714 +711 @@
 {
     HTTPAPI_RESULT result;
-    TLSIO_CONFIG tlsio_config;
-    HTTP_PROXY_IO_CONFIG http_proxy_io_config;
 
     if (http_instance->is_connected != 0)
@@ -725 +720 @@
     {
         http_instance->is_io_error = 0;
-        tlsio_config.hostname = http_instance->hostName;
-        tlsio_config.port = 443;
-
-        if (http_instance->proxy_host != NULL) {
-            tlsio_config.underlying_io_interface = http_proxy_io_get_interface_description();
-        }
-        else {
-            tlsio_config.underlying_io_interface = NULL;
-        }
-
-        if (tlsio_config.underlying_io_interface != NULL) {
-            tlsio_config.underlying_io_parameters = (void*)&http_proxy_io_config;
-
-            http_proxy_io_config.proxy_hostname = http_instance->proxy_host;
-            http_proxy_io_config.proxy_port = http_instance->proxy_port;
-            http_proxy_io_config.username = http_instance->proxy_username;
-            http_proxy_io_config.password = http_instance->proxy_password;
-            http_proxy_io_config.hostname = http_instance->hostName;
-            http_proxy_io_config.port = 443;
-        }
-        else {
-            tlsio_config.underlying_io_parameters = NULL;
-        }
-
-        http_instance->xio_handle = xio_create(platform_get_default_tlsio(), (void*)&tlsio_config);
-
-        if (http_instance->xio_handle == NULL)
-        {
-            LogError("Create connection failed");
-            free(http_instance);
-            http_instance = NULL;
-            result = HTTPAPI_ERROR;
-        }
+
         /*Codes_SRS_HTTPAPI_COMPACT_21_022: [ If a Certificate was provided, the HTTPAPI_ExecuteRequest shall set this option on the transport layer. ]*/
-        else if ((http_instance->certificate != NULL) &&
+        if ((http_instance->certificate != NULL) &&
             (xio_setoption(http_instance->xio_handle, OPTION_TRUSTED_CERT, http_instance->certificate) != 0))
         {
@@ -777 +740 @@
             (xio_setoption(http_instance->xio_handle, SU_OPTION_X509_PRIVATE_KEY, http_instance->x509ClientPrivateKey) != 0))
         {
+
             /*Codes_SRS_HTTPAPI_COMPACT_06_006: [ If the transport failed setting the client certificate private key, the HTTPAPI_ExecuteRequest shall not send any request and return HTTPAPI_SET_OPTION_FAILED. ] */
             result = HTTPAPI_SET_OPTION_FAILED;
@@ -800 +764 @@
                 {
                     xio_dowork(http_instance->xio_handle);
-                    //LogInfo("Waiting for TLS connection");
+                    LogInfo("Waiting for TLS connection");
                     if ((countRetry--) < 0)
                     {
@@ -1347 +1311 @@
 #endif // DO_NOT_COPY_TRUSTED_CERTS_STRING
     }
-    else if (strcmp(SU_OPTION_X509_CERT, optionName) == 0)
+    else if (strcmp(SU_OPTION_X509_CERT, optionName) == 0 || strcmp(OPTION_X509_ECC_CERT, optionName) == 0)
     {
         int len;
@@ -1370 +1334 @@
         }
     }
-    else if (strcmp(SU_OPTION_X509_PRIVATE_KEY, optionName) == 0)
+    else if (strcmp(SU_OPTION_X509_PRIVATE_KEY, optionName) == 0 || strcmp(OPTION_X509_ECC_KEY, optionName) == 0)
     {
         int len;
@@ -1395 +1359 @@
     else if (strcmp(OPTION_HTTP_PROXY, optionName) == 0)
     {
-        HTTP_PROXY_OPTIONS* proxy_data = (HTTP_PROXY_OPTIONS*)value;
-        if (proxy_data->host_address == NULL || proxy_data->port <= 0)
-        {
-            LogError("invalid proxy_data values ( host_address = %p, port = %d)", proxy_data->host_address, proxy_data->port);
+        TLSIO_CONFIG tlsio_config;
+        HTTP_PROXY_IO_CONFIG proxy_config;
+        HTTP_PROXY_OPTIONS* proxy_options = (HTTP_PROXY_OPTIONS*)value;
+
+        if (proxy_options->host_address == NULL)
+        {
+            LogError("NULL host_address in proxy options");
             result = HTTPAPI_ERROR;
         }
+        else if (((proxy_options->username == NULL) || (proxy_options->password == NULL)) &&
+                (proxy_options->username != proxy_options->password))
+        {
+            LogError("Only one of username and password for proxy settings was NULL");
+            result = HTTPAPI_ERROR;
+        }
         else
         {
-            if(http_instance->proxy_host != NULL)
-            {
-                free((void*)http_instance->proxy_host);
-                http_instance->proxy_host = NULL;
-            }
-            if(mallocAndStrcpy_s((char**)&(http_instance->proxy_host), (const char*)proxy_data->host_address) != 0)
-            {
-                LogError("failure allocate proxy host");
+
+            /* Workaround: xio interface is already created when HTTPAPI_CreateConnection is call without proxy support
+             * need to destroy the interface and create a new one with proxy information
+             */
+            OPTIONHANDLER_HANDLE xio_options;
+            if ((xio_options = xio_retrieveoptions(http_instance->xio_handle)) == NULL)
+            {
+                LogError("failed saving underlying I/O transport options");
                 result = HTTPAPI_ERROR;
             }
             else
             {
-                http_instance->proxy_port = proxy_data->port;
-
-                if (proxy_data->username != NULL && proxy_data->password != NULL)
-                {
-                    if(http_instance->proxy_username != NULL)
+                xio_destroy(http_instance->xio_handle);
+
+                proxy_config.hostname = http_instance->hostName;
+                proxy_config.proxy_hostname = proxy_options->host_address;
+                proxy_config.password = proxy_options->password;
+                proxy_config.username = proxy_options->username;
+                proxy_config.proxy_port = proxy_options->port;
+                proxy_config.port = 443;
+
+                tlsio_config.hostname = http_instance->hostName;
+                tlsio_config.port = 443;
+                tlsio_config.underlying_io_interface =  http_proxy_io_get_interface_description();
+                tlsio_config.underlying_io_parameters = &proxy_config;
+
+                http_instance->xio_handle = xio_create(platform_get_default_tlsio(), (void*)&tlsio_config);
+
+                if (http_instance->xio_handle == NULL)
+                {
+                    LogError("Failed to create xio handle with proxy configuration");
+                    result = HTTPAPI_ERROR;
+                }
+                else
+                {
+                    if (OptionHandler_FeedOptions(xio_options, http_instance->xio_handle) != OPTIONHANDLER_OK)
                     {
-                        free((void*)http_instance->proxy_username);
-                        http_instance->proxy_username = NULL;
-                    }
-                    if(mallocAndStrcpy_s((char**)&(http_instance->proxy_username), (const char*)proxy_data->username) != 0)
-                    {
-                        LogError("failure allocate proxy username");
-                        free((void*)http_instance->proxy_host);
-                        http_instance->proxy_host = NULL;
+                        LogError("Failed feeding existing options to new xio instance.");
                         result = HTTPAPI_ERROR;
                     }
                     else
                     {
-                        if(http_instance->proxy_password != NULL)
-                        {
-                          free((void*)http_instance->proxy_password);
-                          http_instance->proxy_password = NULL;
-                        }
-                        if(mallocAndStrcpy_s((char**)&(http_instance->proxy_password), (const char*)proxy_data->password) != 0)
-                        {
-                            LogError("failure allocate proxy password");
-                            free((void*)http_instance->proxy_host);
-                            http_instance->proxy_host = NULL;
-                            free((void*)http_instance->proxy_username);
-                            http_instance->proxy_username = NULL;
-                            result = HTTPAPI_ERROR;
-                        }
-                        else
-                        {
-                          result = HTTPAPI_OK;
-                        }
+                        result = HTTPAPI_OK;
                     }
                 }
-                else
-                {
-                    result = HTTPAPI_OK;
-                }
+
+                OptionHandler_Destroy(xio_options);
             }
         }
@@ -1466 +1432 @@
         LogInfo("unknown option %s", optionName);
     }
+
     return result;
 }
@@ -1510 +1477 @@
 #endif // DO_NOT_COPY_TRUSTED_CERTS_STRING
     }
-    else if (strcmp(SU_OPTION_X509_CERT, optionName) == 0)
+    else if (strcmp(SU_OPTION_X509_CERT, optionName) == 0 || strcmp(OPTION_X509_ECC_CERT, optionName) == 0)
     {
         certLen = strlen((const char*)value);
@@ -1527 +1494 @@
         }
     }
-    else if (strcmp(SU_OPTION_X509_PRIVATE_KEY, optionName) == 0)
+    else if (strcmp(SU_OPTION_X509_PRIVATE_KEY, optionName) == 0 || strcmp(OPTION_X509_ECC_KEY, optionName) == 0)
     {
         certLen = strlen((const char*)value);

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/adapters/platform_toppers.c

@@ -52 +52 @@
 const IO_INTERFACE_DESCRIPTION* platform_get_default_tlsio(void)
 {
-        //return tlsio_esp_at_get_interface_description();
-        return tlsio_wolfssl_get_interface_description();
+        return tlsio_esp_at_get_interface_description();
+        //return tlsio_wolfssl_get_interface_description();
 }
 

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/adapters/tlsio_wolfssl.c

@@ -19 +19 @@
 #include "azure_c_shared_utility/xlogging.h"
 #include "azure_c_shared_utility/shared_util_options.h"
-#include "azure_c_shared_utility/threadapi.h"
 
 typedef enum TLSIO_STATE_ENUM_TAG
@@ -53 +52 @@
     char* x509privatekey;
     int wolfssl_device_id;
-    size_t socket_reads;
+    char* hostname;
+    bool ignore_host_name_check;
 } TLS_IO_INSTANCE;
 
 STATIC_VAR_UNUSED const char* const OPTION_WOLFSSL_SET_DEVICE_ID = "SetDeviceId";
-static const size_t SOCKET_READ_LIMIT = 10000; // 10,000 ms ?
+static const size_t SOCKET_READ_LIMIT = 5;
 
 /*this function will clone an option given by name and value*/
@@ -106 +106 @@
             }
         }
+        #ifdef INVALID_DEVID
+        else if(strcmp(name, OPTION_WOLFSSL_SET_DEVICE_ID) == 0 )
+        {
+             int* value_clone;
+
+             if ((value_clone = malloc(sizeof(int))) == NULL)
+             {
+                 LogError("unable to clone device id option");
+             }
+             else
+             {
+                 *value_clone = *(int*)value;
+             }
+
+             result = value_clone;
+        }
+        #endif
         else
         {
@@ -127 +144 @@
         if ((strcmp(name, OPTION_TRUSTED_CERT) == 0) ||
             (strcmp(name, SU_OPTION_X509_CERT) == 0) ||
-            (strcmp(name, SU_OPTION_X509_PRIVATE_KEY) == 0))
+            (strcmp(name, SU_OPTION_X509_PRIVATE_KEY) == 0) ||
+            (strcmp(name, OPTION_WOLFSSL_SET_DEVICE_ID) == 0))
         {
             free((void*)value);
@@ -185 +203 @@
                 result = NULL;
             }
+            #ifdef INVALID_DEVID
+            else if (
+                (tls_io_instance->wolfssl_device_id != INVALID_DEVID) &&
+                (OptionHandler_AddOption(result, OPTION_WOLFSSL_SET_DEVICE_ID, &tls_io_instance->wolfssl_device_id) != OPTIONHANDLER_OK)
+                )
+            {
+                LogError("unable to save deviceid option");
+                OptionHandler_Destroy(result);
+                result = NULL;
+            }
+            #endif
             else
             {
@@ -258 +287 @@
         int res;
         tls_io_instance->tlsio_state = TLSIO_STATE_IN_HANDSHAKE;
-        tls_io_instance->socket_reads = 0;
 
         res = wolfSSL_connect(tls_io_instance->ssl);
         if (res != SSL_SUCCESS)
         {
-            LogError("WolfSSL connect failed");
+            // Error codes explained in https://www.wolfssl.com/docs/wolfssl-manual/appendix-c/
+            LogError("WolfSSL connect failed (%d)", wolfSSL_get_error(tls_io_instance->ssl, res));
             indicate_open_complete(tls_io_instance, IO_OPEN_ERROR);
             tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
@@ -355 +384 @@
         TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
         unsigned char* new_socket_io_read_bytes;
+        size_t socket_reads = 0;
 
         AZURE_UNREFERENCED_PARAMETER(ssl);
-        if (tls_io_instance->socket_io_read_byte_count == 0)
-        {
-            if (tls_io_instance->socket_reads >= SOCKET_READ_LIMIT) {
-                return WOLFSSL_CBIO_ERR_TIMEOUT;
-            }
+        while (tls_io_instance->socket_io_read_byte_count == 0 && socket_reads < SOCKET_READ_LIMIT)
+        {
             xio_dowork(tls_io_instance->socket_io);
-            if (tls_io_instance->tlsio_state == TLSIO_STATE_IN_HANDSHAKE)
-            {
-                tls_io_instance->socket_reads++;
-                ThreadAPI_Sleep(1);
-                return 0;
-            }
+            if (tls_io_instance->tlsio_state != TLSIO_STATE_IN_HANDSHAKE)
+            {
+                break;
+            }
+            socket_reads++;
         }
 
@@ -417 +443 @@
 }
 
-static void on_send_complete(void* context, IO_SEND_RESULT send_result)
-{
-        TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
-        if ((tls_io_instance == NULL) || (tls_io_instance->on_send_complete == NULL))
-                return;
-
-        tls_io_instance->on_send_complete(tls_io_instance->on_send_complete_callback_context, send_result);
-
-        tls_io_instance->on_send_complete = NULL;
-        tls_io_instance->on_send_complete_callback_context = NULL;
-}
-
 static int on_io_send(WOLFSSL *ssl, char *buf, int sz, void *context)
 {
-    int result, ret;
+    int result;
     AZURE_UNREFERENCED_PARAMETER(ssl);
 
     TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
 
-    if ((ret = xio_send(tls_io_instance->socket_io, buf, sz, on_send_complete, tls_io_instance)) != 0)
-    {
-        LogError("Failed sending bytes through underlying IO %d", ret);
+    if (xio_send(tls_io_instance->socket_io, buf, sz, tls_io_instance->on_send_complete, tls_io_instance->on_send_complete_callback_context) != 0)
+    {
+        LogError("Failed sending bytes through underlying IO");
         tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
         indicate_error(tls_io_instance);
-        result = 0;
+        result = WOLFSSL_CBIO_ERR_GENERAL;
     }
     else
@@ -455 +469 @@
     AZURE_UNREFERENCED_PARAMETER(ssl);
     TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
-    if (tls_io_instance->tlsio_state == TLSIO_STATE_OPEN) {
-        LogInfo("on_handshake_done called in TLSIO_STATE_OPEN state");
-    }
-    else if (tls_io_instance->tlsio_state != TLSIO_STATE_IN_HANDSHAKE)
+    if (tls_io_instance->tlsio_state != TLSIO_STATE_IN_HANDSHAKE)
     {
         LogInfo("on_handshake_done called when not in IN_HANDSHAKE state");
@@ -558 +569 @@
 }
 
+static int enable_domain_check(TLS_IO_INSTANCE* tls_io_instance)
+{
+    int result = 0;
+
+    if (!tls_io_instance->ignore_host_name_check)
+    {
+        if (wolfSSL_check_domain_name(tls_io_instance->ssl, tls_io_instance->hostname) != WOLFSSL_SUCCESS)
+        {
+            result = MU_FAILURE;
+        }
+    }
+
+    return result;
+}
+
 static int prepare_wolfssl_open(TLS_IO_INSTANCE* tls_io_instance)
 {
     int result;
-    if (add_certificate_to_store(tls_io_instance) != 0)
+
+    if (enable_domain_check(tls_io_instance))
+    {
+        LogError("Failed to configure domain name verification");
+        result = MU_FAILURE;
+    }
+    else if (add_certificate_to_store(tls_io_instance) != 0)
     {
         LogError("Failed to add certificates to store");
@@ -575 +607 @@
         result = MU_FAILURE;
     }
-#ifdef INVALID_DEVID
-    else if (tls_io_instance->wolfssl_device_id != INVALID_DEVID && wolfSSL_SetDevId(tls_io_instance->ssl, tls_io_instance->wolfssl_device_id) != WOLFSSL_SUCCESS)
-    {
-        LogError("Failure setting device id");
-        result = MU_FAILURE;
-    }
-#endif
     else
     {
@@ -628 +653 @@
             {
                 LogError("Cannot create the wolfSSL context");
+                free(result);
+                result = NULL;
+            }
+            else if (mallocAndStrcpy_s(&result->hostname, tls_io_config->hostname) != 0)
+            {
+                LogError("Failed copying the target hostname.");
                 free(result);
                 result = NULL;
@@ -660 +691 @@
                     LogError("Failed getting socket IO interface description.");
                     wolfSSL_CTX_free(result->ssl_context);
+                    free(result->hostname);
                     free(result);
                     result = NULL;
@@ -670 +702 @@
                         LogError("Failure connecting to underlying socket_io");
                         wolfSSL_CTX_free(result->ssl_context);
+                        free(result->hostname);
                         free(result);
                         result = NULL;
@@ -677 +710 @@
                         LogError("Failure connecting to underlying socket_io");
                         wolfSSL_CTX_free(result->ssl_context);
+                        free(result->hostname);
                         free(result);
                         result = NULL;
@@ -719 +753 @@
 
         xio_destroy(tls_io_instance->socket_io);
+        free(tls_io_instance->hostname);
         free(tls_io);
     }
@@ -843 +878 @@
             result = MU_FAILURE;
         }
-        if (tls_io_instance->on_send_complete != NULL)
-        {
-            LogError("Error writing data");
-            result = MU_FAILURE;
-        }
         else
         {
@@ -882 +912 @@
             (tls_io_instance->tlsio_state != TLSIO_STATE_ERROR))
         {
-            if (tls_io_instance->tlsio_state != TLSIO_STATE_OPENING_UNDERLYING_IO)
-                decode_ssl_received_bytes(tls_io_instance);
+            decode_ssl_received_bytes(tls_io_instance);
             xio_dowork(tls_io_instance->socket_io);
         }
@@ -892 +921 @@
 static int process_option(char** destination, const char* name, const char* value)
 {
+
+    (void) name;
+    
     int result;
     if (*destination != NULL)
@@ -944 +976 @@
         {
             int device_id = *((int *)value);
-            if (tls_io_instance->ssl != NULL)
-            {
-                if (tls_io_instance->ssl != NULL && wolfSSL_SetDevId(tls_io_instance->ssl, device_id) != WOLFSSL_SUCCESS)
-                {
-                    LogError("Failure setting device id on ssl");
-                    result = MU_FAILURE;
-                }
-                else
-                {
-                    result = 0;
-                }
+            if (tls_io_instance->ssl != NULL && wolfSSL_SetDevId(tls_io_instance->ssl, device_id) != WOLFSSL_SUCCESS)
+            {
+                LogError("Failure setting device id on ssl");
+                result = MU_FAILURE;
             }
             else
             {
-                // Save the id till we create the ssl object
+                // Save the device Id even if ssl object not yet created.
                 tls_io_instance->wolfssl_device_id = device_id;
                 result = 0;
@@ -964 +989 @@
         }
 #endif
+        else if (strcmp("ignore_host_name_check", optionName) == 0)
+        {
+            bool* server_name_check = (bool*)value;
+            tls_io_instance->ignore_host_name_check = *server_name_check;
+            result = 0;
+        }
         else
         {

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/inc/azure_c_shared_utility/crt_abstractions.h

@@ -6 +6 @@
 
 #ifdef __cplusplus
+#include <cstdint>
 #include <cstdio>
 #include <cstring>
@@ -11 +12 @@
 #include <cmath>
 #else // __cplusplus
+#include <stdint.h>
 #include <stdio.h>
 #include <string.h>
@@ -96 +98 @@
 MOCKABLE_FUNCTION(, int, unsignedIntToString, char*, destination, size_t, destinationSize, unsigned int, value);
 MOCKABLE_FUNCTION(, int, size_tToString, char*, destination, size_t, destinationSize, size_t, value);
+MOCKABLE_FUNCTION(, int, uint64_tToString, char*, destination, size_t, destinationSize, uint64_t, value);
 
 /*following logic shall define the TOUPPER and ISDIGIT, we do that because the SDK is not happy with some Arduino implementation of it.*/

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/inc/azure_c_shared_utility/sastoken.h

@@ -4 +4 @@
 #ifndef SASTOKEN_H
 #define SASTOKEN_H
+
+#include <stdint.h>
 
 #ifdef __cplusplus
@@ -18 +20 @@
 
     MOCKABLE_FUNCTION(, bool, SASToken_Validate, STRING_HANDLE, sasToken);
-    MOCKABLE_FUNCTION(, STRING_HANDLE, SASToken_Create, STRING_HANDLE, key, STRING_HANDLE, scope, STRING_HANDLE, keyName, size_t, expiry);
-    MOCKABLE_FUNCTION(, STRING_HANDLE, SASToken_CreateString, const char*, key, const char*, scope, const char*, keyName, size_t, expiry);
+    MOCKABLE_FUNCTION(, STRING_HANDLE, SASToken_Create, STRING_HANDLE, key, STRING_HANDLE, scope, STRING_HANDLE, keyName, uint64_t, expiry);
+    MOCKABLE_FUNCTION(, STRING_HANDLE, SASToken_CreateString, const char*, key, const char*, scope, const char*, keyName, uint64_t, expiry);
 
 #ifdef __cplusplus

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/inc/azure_c_shared_utility/shared_util_options.h

@@ -29 +29 @@
     static STATIC_VAR_UNUSED const char* const OPTION_OPENSSL_CIPHER_SUITE = "CipherSuite";
 
+    static STATIC_VAR_UNUSED const char* const OPTION_OPENSSL_ENGINE = "Engine";
+    static STATIC_VAR_UNUSED const char* const OPTION_OPENSSL_PRIVATE_KEY_TYPE = "x509PrivatekeyType";
+
+    typedef enum OPTION_OPENSSL_KEY_TYPE_TAG
+    {
+        KEY_TYPE_DEFAULT,
+        KEY_TYPE_ENGINE
+    } OPTION_OPENSSL_KEY_TYPE;
+
     static STATIC_VAR_UNUSED const char* const SU_OPTION_X509_CERT = "x509certificate";
     static STATIC_VAR_UNUSED const char* const SU_OPTION_X509_PRIVATE_KEY = "x509privatekey";
@@ -45 +54 @@
     static STATIC_VAR_UNUSED const char* const OPTION_SET_TLS_RENEGOTIATION = "tls_renegotiation";
 
-    // DEPRECATED: The underlying security library for your platform will use a secure TLS version 
+    // DEPRECATED: The underlying security library for your platform will use a secure TLS version
     // that in general  should not be overridden with OPTION_TLS_VERSION.
     static STATIC_VAR_UNUSED const char* const OPTION_TLS_VERSION = "tls_version";

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/inc/azure_c_shared_utility/tickcounter.h

@@ -18 +18 @@
 #endif /* __cplusplus */
 
-#if defined(_WIN32) || defined(__MBED__) || defined(__APPLE__)
     typedef uint_fast64_t tickcounter_ms_t; // Use 64-bit because of 32-bit is going to roll over back to zero after roughly 49.7 days that is not good for IoT devices which need keep running for months
-#else
-    typedef uint_fast32_t tickcounter_ms_t;
-#endif
     typedef struct TICK_COUNTER_INSTANCE_TAG *TICK_COUNTER_HANDLE;
 

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/src/buffer.c

@@ -541 +541 @@
         {
             //put b2 ahead of b1: [b2][b1], return b1
-            if (b2->size ==0)
+            if (b2->size == 0)
             {
                 // do nothing
                 result = 0;
+            }
+            else if (b1->size + b2->size < b2->size)
+            {
+                LogError("Failure: size_t overflow.");
+                result = MU_FAILURE;
             }
             else

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/src/crt_abstractions.c

@@ -6 +6 @@
 #include <stdlib.h>
 #include <stdarg.h>
+#include <stdint.h>
 #include <string.h>
 #include <limits.h>
@@ -598 +599 @@
         case FST_NUMBER:
             val = fraction * pow(10.0, (double)exponential) * (double)signal;
-            if ((val >= (FLT_MAX * (-1.0f))) && (val <= FLT_MAX))
+            if ((val >= ((double)FLT_MAX * (-1.0))) && (val <= (double)FLT_MAX))
             {
                 /*Codes_SRS_CRT_ABSTRACTIONS_21_016: [The strtof_s must return the float that represents the value in the initial part of the string. If any.]*/
@@ -836 +837 @@
     return result;
 }
+
+/*takes "value" and transforms it into a decimal string*/
+/*10 => "10"*/
+/*return 0 when everything went ok*/
+int uint64_tToString(char* destination, size_t destinationSize, uint64_t value)
+{
+    int result;
+    size_t pos;
+    /*the below loop gets the number in reverse order*/
+    if (
+        (destination == NULL) ||
+        (destinationSize < 2) /*because the smallest number is '0\0' which requires 2 characters*/
+        )
+    {
+        result = MU_FAILURE;
+    }
+    else
+    {
+        pos = 0;
+        do
+        {
+            destination[pos++] = '0' + (value % 10);
+            value /= 10;
+        } while ((value > 0) && (pos < (destinationSize - 1)));
+
+        if (value == 0)
+        {
+            size_t w;
+            destination[pos] = '\0';
+            /*all converted and they fit*/
+            for (w = 0; w <= (pos - 1) >> 1; w++)
+            {
+                char temp;
+                temp = destination[w];
+                destination[w] = destination[pos - 1 - w];
+                destination[pos - 1 - w] = temp;
+            }
+            result = 0;
+        }
+        else
+        {
+            result = MU_FAILURE;
+        }
+    }
+    return result;
+}

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/src/httpapiexsas.c

@@ -107 +107 @@
 {
     /*Codes_SRS_HTTPAPIEXSAS_06_005: [If the parameter handle is NULL then HTTAPIEX_SAS_Destroy shall do nothing and return.]*/
-    if (handle)
+    HTTPAPIEX_SAS_STATE* state = (HTTPAPIEX_SAS_STATE*)handle;
+    if (state)
     {
-        HTTPAPIEX_SAS_STATE* state = (HTTPAPIEX_SAS_STATE*)handle;
         /*Codes_SRS_HTTPAPIEXSAS_06_006: [HTTAPIEX_SAS_Destroy shall deallocate any structures denoted by the parameter handle.]*/
         if (state->key)
@@ -159 +159 @@
                         /*Codes_SRS_HTTPAPIEXSAS_06_011: [SASToken_Create shall be invoked.]*/
                         /*Codes_SRS_HTTPAPIEXSAS_06_012: [If the return result of SASToken_Create is NULL then fallthrough.]*/
-                        size_t expiry = (size_t)(difftime(currentTime, 0) + 3600);
+                        uint64_t expiry = (uint64_t)(difftime(currentTime, 0) + 3600);
                         newSASToken = SASToken_CreateString(state->key, state->uriResource, state->keyName, expiry);
                     }

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/src/sastoken.c

@@ -24 +24 @@
         if (expiryASCII[i] >= '0' && expiryASCII[i] <= '9')
         {
-            value = value * 10 + (double)(expiryASCII[i] - '0');
+            value = value * 10 + ((double)expiryASCII[i] - (double)'0');
         }
         else
@@ -203 +203 @@
 }
 
-static STRING_HANDLE construct_sas_token(const char* key, const char* scope, const char* keyname, size_t expiry)
+static STRING_HANDLE construct_sas_token(const char* key, const char* scope, const char* keyname, uint64_t expiry)
 {
     STRING_HANDLE result;
@@ -221 +221 @@
     {
         /*Codes_SRS_SASTOKEN_06_026: [If the conversion to string form fails for any reason then SASToken_Create shall return NULL.]*/
-        if (size_tToString(tokenExpirationTime, sizeof(tokenExpirationTime), expiry) != 0)
+        if (uint64_tToString(tokenExpirationTime, sizeof(tokenExpirationTime), expiry) != 0)
         {
             LogError("For some reason converting seconds to a string failed.  No SAS can be generated.");
@@ -303 +303 @@
 }
 
-STRING_HANDLE SASToken_Create(STRING_HANDLE key, STRING_HANDLE scope, STRING_HANDLE keyName, size_t expiry)
+STRING_HANDLE SASToken_Create(STRING_HANDLE key, STRING_HANDLE scope, STRING_HANDLE keyName, uint64_t expiry)
 {
     STRING_HANDLE result;
@@ -326 +326 @@
 }
 
-STRING_HANDLE SASToken_CreateString(const char* key, const char* scope, const char* keyName, size_t expiry)
+STRING_HANDLE SASToken_CreateString(const char* key, const char* scope, const char* keyName, uint64_t expiry)
 {
     STRING_HANDLE result;

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/src/sha384-512.c

@@ -469 +469 @@
     if (!length)
         return shaSuccess;
+    
+    if (length > (sizeof(context->Message_Block) / sizeof(context->Message_Block[0])))
+        return shaBadParam;
 
     if (!context || !message_array)