Changeset 464 for azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/adapters/tlsio_wolfssl.c

Timestamp:

Jun 22, 2021, 9:00:19 PM (3 years ago)

Author:

coas-nagasima

Message:

WolfSSLとAzure IoT SDKを更新

File:

• azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/adapters/tlsio_wolfssl.c (modified) (21 diffs)

azure_iot_hub_f767zi/trunk/azure_iot_sdk/c-utility/adapters/tlsio_wolfssl.c

@@ -19 +19 @@
 #include "azure_c_shared_utility/xlogging.h"
 #include "azure_c_shared_utility/shared_util_options.h"
-#include "azure_c_shared_utility/threadapi.h"
 
 typedef enum TLSIO_STATE_ENUM_TAG
@@ -53 +52 @@
     char* x509privatekey;
     int wolfssl_device_id;
-    size_t socket_reads;
+    char* hostname;
+    bool ignore_host_name_check;
 } TLS_IO_INSTANCE;
 
 STATIC_VAR_UNUSED const char* const OPTION_WOLFSSL_SET_DEVICE_ID = "SetDeviceId";
-static const size_t SOCKET_READ_LIMIT = 10000; // 10,000 ms ?
+static const size_t SOCKET_READ_LIMIT = 5;
 
 /*this function will clone an option given by name and value*/
@@ -106 +106 @@
             }
         }
+        #ifdef INVALID_DEVID
+        else if(strcmp(name, OPTION_WOLFSSL_SET_DEVICE_ID) == 0 )
+        {
+             int* value_clone;
+
+             if ((value_clone = malloc(sizeof(int))) == NULL)
+             {
+                 LogError("unable to clone device id option");
+             }
+             else
+             {
+                 *value_clone = *(int*)value;
+             }
+
+             result = value_clone;
+        }
+        #endif
         else
         {
@@ -127 +144 @@
         if ((strcmp(name, OPTION_TRUSTED_CERT) == 0) ||
             (strcmp(name, SU_OPTION_X509_CERT) == 0) ||
-            (strcmp(name, SU_OPTION_X509_PRIVATE_KEY) == 0))
+            (strcmp(name, SU_OPTION_X509_PRIVATE_KEY) == 0) ||
+            (strcmp(name, OPTION_WOLFSSL_SET_DEVICE_ID) == 0))
         {
             free((void*)value);
@@ -185 +203 @@
                 result = NULL;
             }
+            #ifdef INVALID_DEVID
+            else if (
+                (tls_io_instance->wolfssl_device_id != INVALID_DEVID) &&
+                (OptionHandler_AddOption(result, OPTION_WOLFSSL_SET_DEVICE_ID, &tls_io_instance->wolfssl_device_id) != OPTIONHANDLER_OK)
+                )
+            {
+                LogError("unable to save deviceid option");
+                OptionHandler_Destroy(result);
+                result = NULL;
+            }
+            #endif
             else
             {
@@ -258 +287 @@
         int res;
         tls_io_instance->tlsio_state = TLSIO_STATE_IN_HANDSHAKE;
-        tls_io_instance->socket_reads = 0;
 
         res = wolfSSL_connect(tls_io_instance->ssl);
         if (res != SSL_SUCCESS)
         {
-            LogError("WolfSSL connect failed");
+            // Error codes explained in https://www.wolfssl.com/docs/wolfssl-manual/appendix-c/
+            LogError("WolfSSL connect failed (%d)", wolfSSL_get_error(tls_io_instance->ssl, res));
             indicate_open_complete(tls_io_instance, IO_OPEN_ERROR);
             tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
@@ -355 +384 @@
         TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
         unsigned char* new_socket_io_read_bytes;
+        size_t socket_reads = 0;
 
         AZURE_UNREFERENCED_PARAMETER(ssl);
-        if (tls_io_instance->socket_io_read_byte_count == 0)
-        {
-            if (tls_io_instance->socket_reads >= SOCKET_READ_LIMIT) {
-                return WOLFSSL_CBIO_ERR_TIMEOUT;
-            }
+        while (tls_io_instance->socket_io_read_byte_count == 0 && socket_reads < SOCKET_READ_LIMIT)
+        {
             xio_dowork(tls_io_instance->socket_io);
-            if (tls_io_instance->tlsio_state == TLSIO_STATE_IN_HANDSHAKE)
-            {
-                tls_io_instance->socket_reads++;
-                ThreadAPI_Sleep(1);
-                return 0;
-            }
+            if (tls_io_instance->tlsio_state != TLSIO_STATE_IN_HANDSHAKE)
+            {
+                break;
+            }
+            socket_reads++;
         }
 
@@ -417 +443 @@
 }
 
-static void on_send_complete(void* context, IO_SEND_RESULT send_result)
-{
-        TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
-        if ((tls_io_instance == NULL) || (tls_io_instance->on_send_complete == NULL))
-                return;
-
-        tls_io_instance->on_send_complete(tls_io_instance->on_send_complete_callback_context, send_result);
-
-        tls_io_instance->on_send_complete = NULL;
-        tls_io_instance->on_send_complete_callback_context = NULL;
-}
-
 static int on_io_send(WOLFSSL *ssl, char *buf, int sz, void *context)
 {
-    int result, ret;
+    int result;
     AZURE_UNREFERENCED_PARAMETER(ssl);
 
     TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
 
-    if ((ret = xio_send(tls_io_instance->socket_io, buf, sz, on_send_complete, tls_io_instance)) != 0)
-    {
-        LogError("Failed sending bytes through underlying IO %d", ret);
+    if (xio_send(tls_io_instance->socket_io, buf, sz, tls_io_instance->on_send_complete, tls_io_instance->on_send_complete_callback_context) != 0)
+    {
+        LogError("Failed sending bytes through underlying IO");
         tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
         indicate_error(tls_io_instance);
-        result = 0;
+        result = WOLFSSL_CBIO_ERR_GENERAL;
     }
     else
@@ -455 +469 @@
     AZURE_UNREFERENCED_PARAMETER(ssl);
     TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
-    if (tls_io_instance->tlsio_state == TLSIO_STATE_OPEN) {
-        LogInfo("on_handshake_done called in TLSIO_STATE_OPEN state");
-    }
-    else if (tls_io_instance->tlsio_state != TLSIO_STATE_IN_HANDSHAKE)
+    if (tls_io_instance->tlsio_state != TLSIO_STATE_IN_HANDSHAKE)
     {
         LogInfo("on_handshake_done called when not in IN_HANDSHAKE state");
@@ -558 +569 @@
 }
 
+static int enable_domain_check(TLS_IO_INSTANCE* tls_io_instance)
+{
+    int result = 0;
+
+    if (!tls_io_instance->ignore_host_name_check)
+    {
+        if (wolfSSL_check_domain_name(tls_io_instance->ssl, tls_io_instance->hostname) != WOLFSSL_SUCCESS)
+        {
+            result = MU_FAILURE;
+        }
+    }
+
+    return result;
+}
+
 static int prepare_wolfssl_open(TLS_IO_INSTANCE* tls_io_instance)
 {
     int result;
-    if (add_certificate_to_store(tls_io_instance) != 0)
+
+    if (enable_domain_check(tls_io_instance))
+    {
+        LogError("Failed to configure domain name verification");
+        result = MU_FAILURE;
+    }
+    else if (add_certificate_to_store(tls_io_instance) != 0)
     {
         LogError("Failed to add certificates to store");
@@ -575 +607 @@
         result = MU_FAILURE;
     }
-#ifdef INVALID_DEVID
-    else if (tls_io_instance->wolfssl_device_id != INVALID_DEVID && wolfSSL_SetDevId(tls_io_instance->ssl, tls_io_instance->wolfssl_device_id) != WOLFSSL_SUCCESS)
-    {
-        LogError("Failure setting device id");
-        result = MU_FAILURE;
-    }
-#endif
     else
     {
@@ -628 +653 @@
             {
                 LogError("Cannot create the wolfSSL context");
+                free(result);
+                result = NULL;
+            }
+            else if (mallocAndStrcpy_s(&result->hostname, tls_io_config->hostname) != 0)
+            {
+                LogError("Failed copying the target hostname.");
                 free(result);
                 result = NULL;
@@ -660 +691 @@
                     LogError("Failed getting socket IO interface description.");
                     wolfSSL_CTX_free(result->ssl_context);
+                    free(result->hostname);
                     free(result);
                     result = NULL;
@@ -670 +702 @@
                         LogError("Failure connecting to underlying socket_io");
                         wolfSSL_CTX_free(result->ssl_context);
+                        free(result->hostname);
                         free(result);
                         result = NULL;
@@ -677 +710 @@
                         LogError("Failure connecting to underlying socket_io");
                         wolfSSL_CTX_free(result->ssl_context);
+                        free(result->hostname);
                         free(result);
                         result = NULL;
@@ -719 +753 @@
 
         xio_destroy(tls_io_instance->socket_io);
+        free(tls_io_instance->hostname);
         free(tls_io);
     }
@@ -843 +878 @@
             result = MU_FAILURE;
         }
-        if (tls_io_instance->on_send_complete != NULL)
-        {
-            LogError("Error writing data");
-            result = MU_FAILURE;
-        }
         else
         {
@@ -882 +912 @@
             (tls_io_instance->tlsio_state != TLSIO_STATE_ERROR))
         {
-            if (tls_io_instance->tlsio_state != TLSIO_STATE_OPENING_UNDERLYING_IO)
-                decode_ssl_received_bytes(tls_io_instance);
+            decode_ssl_received_bytes(tls_io_instance);
             xio_dowork(tls_io_instance->socket_io);
         }
@@ -892 +921 @@
 static int process_option(char** destination, const char* name, const char* value)
 {
+
+    (void) name;
+    
     int result;
     if (*destination != NULL)
@@ -944 +976 @@
         {
             int device_id = *((int *)value);
-            if (tls_io_instance->ssl != NULL)
-            {
-                if (tls_io_instance->ssl != NULL && wolfSSL_SetDevId(tls_io_instance->ssl, device_id) != WOLFSSL_SUCCESS)
-                {
-                    LogError("Failure setting device id on ssl");
-                    result = MU_FAILURE;
-                }
-                else
-                {
-                    result = 0;
-                }
+            if (tls_io_instance->ssl != NULL && wolfSSL_SetDevId(tls_io_instance->ssl, device_id) != WOLFSSL_SUCCESS)
+            {
+                LogError("Failure setting device id on ssl");
+                result = MU_FAILURE;
             }
             else
             {
-                // Save the id till we create the ssl object
+                // Save the device Id even if ssl object not yet created.
                 tls_io_instance->wolfssl_device_id = device_id;
                 result = 0;
@@ -964 +989 @@
         }
 #endif
+        else if (strcmp("ignore_host_name_check", optionName) == 0)
+        {
+            bool* server_name_check = (bool*)value;
+            tls_io_instance->ignore_host_name_check = *server_name_check;
+            result = 0;
+        }
         else
         {