wolfssl_test.h 94 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373
  1. /* test.h */
  2. #ifndef wolfSSL_TEST_H
  3. #define wolfSSL_TEST_H
  4. #include "tinystdio.h"
  5. #include "user_settings.h"
  6. #include <stdlib.h>
  7. #include <assert.h>
  8. #include <ctype.h>
  9. #include <wolfssl/wolfcrypt/types.h>
  10. #include <wolfssl/wolfcrypt/error-crypt.h>
  11. #include <wolfssl/wolfcrypt/random.h>
  12. #include <wolfssl/wolfcrypt/mem_track.h>
  13. #if defined(SHOW_CERTS) && \
  14. (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
  15. #include <wolfssl/wolfcrypt/asn.h> /* for domain component NID value */
  16. #endif
  17. #ifdef ATOMIC_USER
  18. #include <wolfssl/wolfcrypt/aes.h>
  19. #include <wolfssl/wolfcrypt/arc4.h>
  20. #include <wolfssl/wolfcrypt/hmac.h>
  21. #endif
  22. #ifdef HAVE_PK_CALLBACKS
  23. #include <wolfssl/wolfcrypt/asn.h>
  24. #ifndef NO_RSA
  25. #include <wolfssl/wolfcrypt/rsa.h>
  26. #endif
  27. #ifdef HAVE_ECC
  28. #include <wolfssl/wolfcrypt/ecc.h>
  29. #endif /* HAVE_ECC */
  30. #ifndef NO_DH
  31. #include <wolfssl/wolfcrypt/dh.h>
  32. #endif /* !NO_DH */
  33. #ifdef HAVE_ED25519
  34. #include <wolfssl/wolfcrypt/ed25519.h>
  35. #endif /* HAVE_ED25519 */
  36. #ifdef HAVE_CURVE25519
  37. #include <wolfssl/wolfcrypt/curve25519.h>
  38. #endif /* HAVE_ECC */
  39. #endif /*HAVE_PK_CALLBACKS */
  40. #ifdef USE_WINDOWS_API
  41. #include <winsock2.h>
  42. #include <process.h>
  43. #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */
  44. #include <ws2tcpip.h>
  45. #include <wspiapi.h>
  46. #endif
  47. #define SOCKET_T SOCKET
  48. #define SNPRINTF _snprintf
  49. #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
  50. #include <string.h>
  51. #include "rl_net.h"
  52. #define SOCKET_T int
  53. typedef int socklen_t ;
  54. #define inet_addr wolfSSL_inet_addr
  55. static unsigned long wolfSSL_inet_addr(const char *cp)
  56. {
  57. unsigned int a[4] ; unsigned long ret ;
  58. sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ;
  59. ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
  60. return(ret) ;
  61. }
  62. #if defined(HAVE_KEIL_RTX)
  63. #define sleep(t) os_dly_wait(t/1000+1);
  64. #elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2)
  65. #define sleep(t) osDelay(t/1000+1);
  66. #endif
  67. #elif defined(WOLFSSL_TIRTOS)
  68. #include <string.h>
  69. #include <netdb.h>
  70. #include <sys/types.h>
  71. #include <arpa/inet.h>
  72. #include <sys/socket.h>
  73. #include <ti/sysbios/knl/Task.h>
  74. struct hostent {
  75. char *h_name; /* official name of host */
  76. char **h_aliases; /* alias list */
  77. int h_addrtype; /* host address type */
  78. int h_length; /* length of address */
  79. char **h_addr_list; /* list of addresses from name server */
  80. };
  81. #define SOCKET_T int
  82. #elif defined(WOLFSSL_VXWORKS)
  83. #include <hostLib.h>
  84. #include <sockLib.h>
  85. #include <arpa/inet.h>
  86. #include <string.h>
  87. #include <selectLib.h>
  88. #include <sys/types.h>
  89. #include <netinet/in.h>
  90. #include <fcntl.h>
  91. #include <sys/time.h>
  92. #include <netdb.h>
  93. #include <pthread.h>
  94. #define SOCKET_T int
  95. #elif defined(WOLFSSL_ZEPHYR)
  96. #include <string.h>
  97. #include <sys/types.h>
  98. #include <net/socket.h>
  99. #define SOCKET_T int
  100. #define SOL_SOCKET 1
  101. #define SO_REUSEADDR 201
  102. #define WOLFSSL_USE_GETADDRINFO
  103. static unsigned long inet_addr(const char *cp)
  104. {
  105. unsigned int a[4]; unsigned long ret;
  106. int i, j;
  107. for (i=0, j=0; i<4; i++) {
  108. a[i] = 0;
  109. while (cp[j] != '.' && cp[j] != '\0') {
  110. a[i] *= 10;
  111. a[i] += cp[j] - '0';
  112. j++;
  113. }
  114. }
  115. ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
  116. return(ret) ;
  117. }
  118. #else
  119. #include <string.h>
  120. #include <sys/types.h>
  121. #ifndef WOLFSSL_LEANPSK
  122. #include <unistd.h>
  123. #include <netdb.h>
  124. #include <netinet/in.h>
  125. #include <netinet/tcp.h>
  126. #include <arpa/inet.h>
  127. #include <sys/ioctl.h>
  128. #include <sys/time.h>
  129. #include <sys/socket.h>
  130. #include <pthread.h>
  131. #include <fcntl.h>
  132. #ifdef TEST_IPV6
  133. #include <netdb.h>
  134. #endif
  135. #endif
  136. #define SOCKET_T int
  137. #ifndef SO_NOSIGPIPE
  138. #include <signal.h> /* ignore SIGPIPE */
  139. #endif
  140. #define SNPRINTF snprintf
  141. #endif /* USE_WINDOWS_API */
  142. #ifdef WOLFSSL_ASYNC_CRYPT
  143. #include <wolfssl/wolfcrypt/async.h>
  144. #endif
  145. #ifdef HAVE_CAVIUM
  146. #include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
  147. #endif
  148. #ifdef _MSC_VER
  149. /* disable conversion warning */
  150. /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
  151. #pragma warning(disable:4244 4996)
  152. #endif
  153. #ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE
  154. #define WOLFSSL_CIPHER_LIST_MAX_SIZE 4096
  155. #endif
  156. /* Buffer for benchmark tests */
  157. #ifndef TEST_BUFFER_SIZE
  158. #define TEST_BUFFER_SIZE 16384
  159. #endif
  160. #ifndef WOLFSSL_HAVE_MIN
  161. #define WOLFSSL_HAVE_MIN
  162. static WC_INLINE word32 min(word32 a, word32 b)
  163. {
  164. return a > b ? b : a;
  165. }
  166. #endif /* WOLFSSL_HAVE_MIN */
  167. /* Socket Handling */
  168. #ifndef WOLFSSL_SOCKET_INVALID
  169. #ifdef USE_WINDOWS_API
  170. #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET)
  171. #elif defined(WOLFSSL_TIRTOS)
  172. #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1)
  173. #else
  174. #define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0)
  175. #endif
  176. #endif /* WOLFSSL_SOCKET_INVALID */
  177. #ifndef WOLFSSL_SOCKET_IS_INVALID
  178. #if defined(USE_WINDOWS_API) || defined(WOLFSSL_TIRTOS)
  179. #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID)
  180. #else
  181. #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID)
  182. #endif
  183. #endif /* WOLFSSL_SOCKET_IS_INVALID */
  184. #if defined(__MACH__) || defined(USE_WINDOWS_API)
  185. #ifndef _SOCKLEN_T
  186. typedef int socklen_t;
  187. #endif
  188. #endif
  189. /* HPUX doesn't use socklent_t for third parameter to accept, unless
  190. _XOPEN_SOURCE_EXTENDED is defined */
  191. #if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\
  192. && !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET)
  193. typedef socklen_t* ACCEPT_THIRD_T;
  194. #else
  195. #if defined _XOPEN_SOURCE_EXTENDED
  196. typedef socklen_t* ACCEPT_THIRD_T;
  197. #else
  198. typedef int* ACCEPT_THIRD_T;
  199. #endif
  200. #endif
  201. #ifdef SINGLE_THREADED
  202. typedef unsigned int THREAD_RETURN;
  203. typedef void* THREAD_TYPE;
  204. #define WOLFSSL_THREAD
  205. #else
  206. #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
  207. typedef void* THREAD_RETURN;
  208. typedef pthread_t THREAD_TYPE;
  209. #define WOLFSSL_THREAD
  210. #define INFINITE -1
  211. #define WAIT_OBJECT_0 0L
  212. #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET)
  213. typedef unsigned int THREAD_RETURN;
  214. typedef int THREAD_TYPE;
  215. #define WOLFSSL_THREAD
  216. #elif defined(WOLFSSL_TIRTOS)
  217. typedef void THREAD_RETURN;
  218. typedef Task_Handle THREAD_TYPE;
  219. #define WOLFSSL_THREAD
  220. #elif defined(WOLFSSL_ZEPHYR)
  221. typedef void THREAD_RETURN;
  222. typedef struct k_thread THREAD_TYPE;
  223. #define WOLFSSL_THREAD
  224. #else
  225. typedef unsigned int THREAD_RETURN;
  226. typedef intptr_t THREAD_TYPE;
  227. #define WOLFSSL_THREAD __stdcall
  228. #endif
  229. #endif
  230. #ifdef TEST_IPV6
  231. typedef struct sockaddr_in6 SOCKADDR_IN_T;
  232. #define AF_INET_V AF_INET6
  233. #else
  234. typedef struct sockaddr_in SOCKADDR_IN_T;
  235. #define AF_INET_V AF_INET
  236. #endif
  237. #ifndef WOLFSSL_NO_TLS12
  238. #define SERVER_DEFAULT_VERSION 3
  239. #else
  240. #define SERVER_DEFAULT_VERSION 4
  241. #endif
  242. #define SERVER_DTLS_DEFAULT_VERSION (-2)
  243. #define SERVER_INVALID_VERSION (-99)
  244. #define SERVER_DOWNGRADE_VERSION (-98)
  245. #ifndef WOLFSSL_NO_TLS12
  246. #define CLIENT_DEFAULT_VERSION 3
  247. #else
  248. #define CLIENT_DEFAULT_VERSION 4
  249. #endif
  250. #define CLIENT_DTLS_DEFAULT_VERSION (-2)
  251. #define CLIENT_INVALID_VERSION (-99)
  252. #define CLIENT_DOWNGRADE_VERSION (-98)
  253. #define EITHER_DOWNGRADE_VERSION (-97)
  254. #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
  255. #define DEFAULT_MIN_DHKEY_BITS 2048
  256. #define DEFAULT_MAX_DHKEY_BITS 3072
  257. #else
  258. #define DEFAULT_MIN_DHKEY_BITS 1024
  259. #define DEFAULT_MAX_DHKEY_BITS 2048
  260. #endif
  261. #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
  262. #define DEFAULT_MIN_RSAKEY_BITS 2048
  263. #else
  264. #define DEFAULT_MIN_RSAKEY_BITS 1024
  265. #endif
  266. #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
  267. #define DEFAULT_MIN_ECCKEY_BITS 256
  268. #else
  269. #define DEFAULT_MIN_ECCKEY_BITS 224
  270. #endif
  271. /* all certs relative to wolfSSL home directory now */
  272. #if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL)
  273. #define caCertFile "certs/ca-cert.pem"
  274. #define eccCertFile "certs/server-ecc.pem"
  275. #define eccKeyFile "certs/ecc-key.pem"
  276. #define eccRsaCertFile "certs/server-ecc-rsa.pem"
  277. #define svrCertFile "certs/server-cert.pem"
  278. #define svrKeyFile "certs/server-key.pem"
  279. #define cliCertFile "certs/client-cert.pem"
  280. #define cliCertDerFile "certs/client-cert.der"
  281. #define cliKeyFile "certs/client-key.pem"
  282. #define ntruCertFile "certs/ntru-cert.pem"
  283. #define ntruKeyFile "certs/ntru-key.raw"
  284. #define dhParamFile "certs/dh2048.pem"
  285. #define cliEccKeyFile "certs/ecc-client-key.pem"
  286. #define cliEccCertFile "certs/client-ecc-cert.pem"
  287. #define caEccCertFile "certs/ca-ecc-cert.pem"
  288. #define crlPemDir "certs/crl"
  289. #define edCertFile "certs/ed25519/server-ed25519-cert.pem"
  290. #define edKeyFile "certs/ed25519/server-ed25519-priv.pem"
  291. #define cliEdCertFile "certs/ed25519/client-ed25519.pem"
  292. #define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem"
  293. #define caEdCertFile "certs/ed25519/ca-ed25519.pem"
  294. #ifdef HAVE_WNR
  295. /* Whitewood netRandom default config file */
  296. #define wnrConfig "wnr-example.conf"
  297. #endif
  298. #else
  299. #define caCertFile "./certs/ca-cert.pem"
  300. #define eccCertFile "./certs/server-ecc.pem"
  301. #define eccKeyFile "./certs/ecc-key.pem"
  302. #define eccRsaCertFile "./certs/server-ecc-rsa.pem"
  303. #define svrCertFile "./certs/server-cert.pem"
  304. #define svrKeyFile "./certs/server-key.pem"
  305. #define cliCertFile "./certs/client-cert.pem"
  306. #define cliCertDerFile "./certs/client-cert.der"
  307. #define cliKeyFile "./certs/client-key.pem"
  308. #define ntruCertFile "./certs/ntru-cert.pem"
  309. #define ntruKeyFile "./certs/ntru-key.raw"
  310. #define dhParamFile "./certs/dh2048.pem"
  311. #define cliEccKeyFile "./certs/ecc-client-key.pem"
  312. #define cliEccCertFile "./certs/client-ecc-cert.pem"
  313. #define caEccCertFile "./certs/ca-ecc-cert.pem"
  314. #define crlPemDir "./certs/crl"
  315. #define edCertFile "./certs/ed25519/server-ed25519-cert.pem"
  316. #define edKeyFile "./certs/ed25519/server-ed25519-priv.pem"
  317. #define cliEdCertFile "./certs/ed25519/client-ed25519.pem"
  318. #define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem"
  319. #define caEdCertFile "./certs/ed25519/ca-ed25519.pem"
  320. #ifdef HAVE_WNR
  321. /* Whitewood netRandom default config file */
  322. #define wnrConfig "./wnr-example.conf"
  323. #endif
  324. #endif
  325. typedef struct tcp_ready {
  326. word16 ready; /* predicate */
  327. word16 port;
  328. char* srfName; /* server ready file name */
  329. #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
  330. pthread_mutex_t mutex;
  331. pthread_cond_t cond;
  332. #endif
  333. } tcp_ready;
  334. static WC_INLINE void InitTcpReady(tcp_ready* ready)
  335. {
  336. ready->ready = 0;
  337. ready->port = 0;
  338. ready->srfName = NULL;
  339. #ifdef SINGLE_THREADED
  340. #elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
  341. pthread_mutex_init(&ready->mutex, 0);
  342. pthread_cond_init(&ready->cond, 0);
  343. #endif
  344. }
  345. static WC_INLINE void FreeTcpReady(tcp_ready* ready)
  346. {
  347. #ifdef SINGLE_THREADED
  348. (void)ready;
  349. #elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
  350. pthread_mutex_destroy(&ready->mutex);
  351. pthread_cond_destroy(&ready->cond);
  352. #else
  353. (void)ready;
  354. #endif
  355. }
  356. typedef WOLFSSL_METHOD* (*method_provider)(void);
  357. typedef void (*ctx_callback)(WOLFSSL_CTX* ctx);
  358. typedef void (*ssl_callback)(WOLFSSL* ssl);
  359. typedef struct callback_functions {
  360. method_provider method;
  361. ctx_callback ctx_ready;
  362. ssl_callback ssl_ready;
  363. ssl_callback on_result;
  364. WOLFSSL_CTX* ctx;
  365. } callback_functions;
  366. typedef struct func_args {
  367. int argc;
  368. char** argv;
  369. int return_code;
  370. tcp_ready* signal;
  371. callback_functions *callbacks;
  372. } func_args;
  373. void wait_tcp_ready(func_args*);
  374. #ifdef WOLFSSL_ZEPHYR
  375. typedef void THREAD_FUNC(void*, void*, void*);
  376. #else
  377. typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
  378. #endif
  379. void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
  380. void join_thread(THREAD_TYPE);
  381. /* wolfSSL */
  382. #ifndef TEST_IPV6
  383. static const char* const wolfSSLIP = "127.0.0.1";
  384. #else
  385. static const char* const wolfSSLIP = "::1";
  386. #endif
  387. static const word16 wolfSSLPort = 11111;
  388. #ifndef MY_EX_USAGE
  389. #define MY_EX_USAGE 2
  390. #endif
  391. #ifndef EXIT_FAILURE
  392. #define EXIT_FAILURE 1
  393. #endif
  394. #if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR)
  395. #ifndef EXIT_SUCCESS
  396. #define EXIT_SUCCESS 0
  397. #endif
  398. #define XEXIT(rc) return rc
  399. #define XEXIT_T(rc) return (THREAD_RETURN)rc
  400. #else
  401. #define XEXIT(rc) exit((int)(rc))
  402. #define XEXIT_T(rc) exit((int)(rc))
  403. #endif
  404. static WC_INLINE
  405. #if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR)
  406. THREAD_RETURN
  407. #else
  408. WC_NORETURN void
  409. #endif
  410. err_sys(const char* msg)
  411. {
  412. printf("wolfSSL error: %s\n", msg);
  413. #if !defined(__GNUC__)
  414. /* scan-build (which pretends to be gnuc) can get confused and think the
  415. * msg pointer can be null even when hardcoded and then it won't exit,
  416. * making null pointer checks above the err_sys() call useless.
  417. * We could just always exit() but some compilers will complain about no
  418. * possible return, with gcc we know the attribute to handle that with
  419. * WC_NORETURN. */
  420. if (msg)
  421. #endif
  422. {
  423. XEXIT_T(EXIT_FAILURE);
  424. }
  425. }
  426. #ifdef WOLFSSL_ENCRYPTED_KEYS
  427. static WC_INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
  428. {
  429. (void)rw;
  430. (void)userdata;
  431. if (userdata != NULL) {
  432. strncpy(passwd, (char*)userdata, sz);
  433. return (int)XSTRLEN((char*)userdata);
  434. }
  435. else {
  436. strncpy(passwd, "yassl123", sz);
  437. return 8;
  438. }
  439. }
  440. #endif
  441. static const char* client_showpeer_msg[][8] = {
  442. /* English */
  443. {
  444. "SSL version is",
  445. "SSL cipher suite is",
  446. "SSL curve name is",
  447. "SSL DH size is",
  448. "SSL reused session",
  449. "Alternate cert chain used",
  450. "peer's cert info:",
  451. NULL
  452. },
  453. #ifndef NO_MULTIBYTE_PRINT
  454. /* Japanese */
  455. {
  456. "SSL バージョンは",
  457. "SSL 暗号スイートは",
  458. "SSL 曲線名は",
  459. "SSL DH サイズは",
  460. "SSL 再利用セッション",
  461. "代替証明チェーンを使用",
  462. "相手方証明書情報",
  463. NULL
  464. },
  465. #endif
  466. };
  467. #if defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT) || defined(SESSION_CERTS)
  468. static const char* client_showx509_msg[][5] = {
  469. /* English */
  470. {
  471. "issuer",
  472. "subject",
  473. "altname",
  474. "serial number",
  475. NULL
  476. },
  477. #ifndef NO_MULTIBYTE_PRINT
  478. /* Japanese */
  479. {
  480. "発行者",
  481. "サブジェクト",
  482. "代替名",
  483. "シリアル番号",
  484. NULL
  485. },
  486. #endif
  487. };
  488. /* lng_index is to specify the language for displaying message. */
  489. /* 0:English, 1:Japanese */
  490. static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr,
  491. int lng_index)
  492. {
  493. char* altName;
  494. char* issuer;
  495. char* subject;
  496. byte serial[32];
  497. int ret;
  498. int sz = sizeof(serial);
  499. const char** words = client_showx509_msg[lng_index];
  500. if (x509 == NULL) {
  501. printf("%s No Cert\n", hdr);
  502. return;
  503. }
  504. issuer = wolfSSL_X509_NAME_oneline(
  505. wolfSSL_X509_get_issuer_name(x509), 0, 0);
  506. subject = wolfSSL_X509_NAME_oneline(
  507. wolfSSL_X509_get_subject_name(x509), 0, 0);
  508. printf("%s\n %s : %s\n %s: %s\n", hdr, words[0], issuer, words[1], subject);
  509. while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
  510. printf(" %s = %s\n", words[2], altName);
  511. ret = wolfSSL_X509_get_serial_number(x509, serial, &sz);
  512. if (ret == WOLFSSL_SUCCESS) {
  513. int i;
  514. int strLen;
  515. char serialMsg[80];
  516. /* testsuite has multiple threads writing to stdout, get output
  517. message ready to write once */
  518. strLen = sprintf(serialMsg, " %s", words[3]);
  519. for (i = 0; i < sz; i++)
  520. sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
  521. printf("%s\n", serialMsg);
  522. }
  523. XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
  524. XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
  525. #if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA)
  526. {
  527. WOLFSSL_BIO* bio;
  528. char buf[256]; /* should be size of ASN_NAME_MAX */
  529. int textSz;
  530. /* print out domain component if certificate has it */
  531. textSz = wolfSSL_X509_NAME_get_text_by_NID(
  532. wolfSSL_X509_get_subject_name(x509), NID_domainComponent,
  533. buf, sizeof(buf));
  534. if (textSz > 0) {
  535. printf("Domain Component = %s\n", buf);
  536. }
  537. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
  538. if (bio != NULL) {
  539. wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
  540. wolfSSL_X509_print(bio, x509);
  541. wolfSSL_BIO_free(bio);
  542. }
  543. }
  544. #endif /* SHOW_CERTS && OPENSSL_EXTRA */
  545. }
  546. /* original ShowX509 to maintain compatibility */
  547. static WC_INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
  548. {
  549. ShowX509Ex(x509, hdr, 0);
  550. }
  551. #endif /* KEEP_PEER_CERT || KEEP_OUR_CERT || SESSION_CERTS */
  552. #if defined(SHOW_CERTS) && defined(SESSION_CERTS) && \
  553. (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
  554. static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count,
  555. const char* hdr)
  556. {
  557. int i;
  558. int length;
  559. unsigned char buffer[3072];
  560. WOLFSSL_X509* chainX509;
  561. for (i = 0; i < count; i++) {
  562. wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
  563. buffer[length] = 0;
  564. printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer);
  565. chainX509 = wolfSSL_get_chain_X509(chain, i);
  566. if (chainX509)
  567. ShowX509(chainX509, hdr);
  568. else
  569. printf("get_chain_X509 failed\n");
  570. wolfSSL_FreeX509(chainX509);
  571. }
  572. }
  573. #endif /* SHOW_CERTS && SESSION_CERTS */
  574. /* lng_index is to specify the language for displaying message. */
  575. /* 0:English, 1:Japanese */
  576. static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index)
  577. {
  578. WOLFSSL_CIPHER* cipher;
  579. const char** words = client_showpeer_msg[lng_index];
  580. #if defined(HAVE_ECC) || !defined(NO_DH)
  581. const char *name;
  582. #endif
  583. #ifndef NO_DH
  584. int bits;
  585. #endif
  586. #ifdef KEEP_PEER_CERT
  587. WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
  588. if (peer)
  589. ShowX509Ex(peer, words[6], lng_index);
  590. else
  591. printf("peer has no cert!\n");
  592. wolfSSL_FreeX509(peer);
  593. #endif
  594. #if defined(SHOW_CERTS) && defined(KEEP_OUR_CERT) && \
  595. (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
  596. ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
  597. printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl));
  598. #endif /* SHOW_CERTS && KEEP_OUR_CERT */
  599. printf("%s %s\n", words[0], wolfSSL_get_version(ssl));
  600. cipher = wolfSSL_get_current_cipher(ssl);
  601. #ifdef HAVE_QSH
  602. printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "",
  603. wolfSSL_CIPHER_get_name(cipher));
  604. #else
  605. printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher));
  606. #endif
  607. #if defined(HAVE_ECC) || !defined(NO_DH)
  608. if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
  609. printf("%s %s\n", words[2], name);
  610. #endif
  611. #ifndef NO_DH
  612. else if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0)
  613. printf("%s %d bits\n", words[3], bits);
  614. #endif
  615. if (wolfSSL_session_reused(ssl))
  616. printf("%s\n", words[4]);
  617. #ifdef WOLFSSL_ALT_CERT_CHAINS
  618. if (wolfSSL_is_peer_alt_cert_chain(ssl))
  619. printf("%s\n", words[5]);
  620. #endif
  621. #if defined(SHOW_CERTS) && defined(SESSION_CERTS) && \
  622. (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
  623. {
  624. WOLFSSL_X509_CHAIN* chain;
  625. chain = wolfSSL_get_peer_chain(ssl);
  626. ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "session cert");
  627. #ifdef WOLFSSL_ALT_CERT_CHAINS
  628. if (wolfSSL_is_peer_alt_cert_chain(ssl)) {
  629. chain = wolfSSL_get_peer_alt_chain(ssl);
  630. ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "alt cert");
  631. }
  632. #endif
  633. }
  634. #endif /* SHOW_CERTS && SESSION_CERTS */
  635. (void)ssl;
  636. }
  637. /* original showPeer to maintain compatibility */
  638. static WC_INLINE void showPeer(WOLFSSL* ssl)
  639. {
  640. showPeerEx(ssl, 0);
  641. }
  642. static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
  643. word16 port, int udp, int sctp)
  644. {
  645. int useLookup = 0;
  646. (void)useLookup;
  647. (void)udp;
  648. (void)sctp;
  649. if (addr == NULL)
  650. err_sys("invalid argument to build_addr, addr is NULL");
  651. XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T));
  652. #if 0
  653. #ifndef TEST_IPV6
  654. /* peer could be in human readable form */
  655. if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) {
  656. #ifndef WOLFSSL_USE_GETADDRINFO
  657. #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
  658. int err;
  659. struct hostent* entry = gethostbyname(peer, &err);
  660. #elif defined(WOLFSSL_TIRTOS)
  661. struct hostent* entry = DNSGetHostByName(peer);
  662. #elif defined(WOLFSSL_VXWORKS)
  663. struct hostent* entry = (struct hostent*)hostGetByName((char*)peer);
  664. #else
  665. struct hostent* entry = gethostbyname(peer);
  666. #endif
  667. if (entry) {
  668. XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0],
  669. entry->h_length);
  670. useLookup = 1;
  671. }
  672. #else
  673. struct zsock_addrinfo hints, *addrInfo;
  674. char portStr[6];
  675. XSNPRINTF(portStr, sizeof(portStr), "%d", port);
  676. memset(&hints, 0, sizeof(hints));
  677. hints.ai_family = AF_UNSPEC;
  678. hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
  679. hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
  680. if (getaddrinfo((char*)peer, portStr, &hints, &addrInfo) == 0) {
  681. XMEMCPY(addr, addrInfo->ai_addr, sizeof(*addr));
  682. useLookup = 1;
  683. }
  684. #endif
  685. else
  686. err_sys("no entry for host");
  687. }
  688. #endif
  689. #endif
  690. #ifndef TEST_IPV6
  691. #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
  692. addr->sin_family = PF_INET;
  693. #else
  694. addr->sin_family = AF_INET_V;
  695. #endif
  696. addr->sin_port = XHTONS(port);
  697. if ((size_t)peer == INADDR_ANY)
  698. addr->sin_addr.s_addr = INADDR_ANY;
  699. else {
  700. if (!useLookup)
  701. addr->sin_addr.s_addr = inet_addr(peer);
  702. }
  703. #else
  704. addr->sin6_family = AF_INET_V;
  705. addr->sin6_port = XHTONS(port);
  706. if ((size_t)peer == INADDR_ANY) {
  707. addr->sin6_addr = in6addr_any;
  708. }
  709. else {
  710. #if defined(HAVE_GETADDRINFO) || defined(WOLF_C99)
  711. struct addrinfo hints;
  712. struct addrinfo* answer = NULL;
  713. int ret;
  714. char strPort[80];
  715. XMEMSET(&hints, 0, sizeof(hints));
  716. hints.ai_family = AF_INET_V;
  717. if (udp) {
  718. hints.ai_socktype = SOCK_DGRAM;
  719. hints.ai_protocol = IPPROTO_UDP;
  720. }
  721. #ifdef WOLFSSL_SCTP
  722. else if (sctp) {
  723. hints.ai_socktype = SOCK_STREAM;
  724. hints.ai_protocol = IPPROTO_SCTP;
  725. }
  726. #endif
  727. else {
  728. hints.ai_socktype = SOCK_STREAM;
  729. hints.ai_protocol = IPPROTO_TCP;
  730. }
  731. SNPRINTF(strPort, sizeof(strPort), "%d", port);
  732. strPort[79] = '\0';
  733. ret = getaddrinfo(peer, strPort, &hints, &answer);
  734. if (ret < 0 || answer == NULL)
  735. err_sys("getaddrinfo failed");
  736. XMEMCPY(addr, answer->ai_addr, answer->ai_addrlen);
  737. freeaddrinfo(answer);
  738. #else
  739. printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
  740. addr->sin6_addr = in6addr_loopback;
  741. #endif
  742. }
  743. #endif
  744. }
  745. static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
  746. {
  747. (void)sctp;
  748. if (udp)
  749. *sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP);
  750. #ifdef WOLFSSL_SCTP
  751. else if (sctp)
  752. *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP);
  753. #endif
  754. else
  755. *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP);
  756. if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) {
  757. err_sys("socket failed\n");
  758. }
  759. #ifndef USE_WINDOWS_API
  760. #ifdef SO_NOSIGPIPE
  761. {
  762. int on = 1;
  763. socklen_t len = sizeof(on);
  764. int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
  765. if (res < 0)
  766. err_sys("setsockopt SO_NOSIGPIPE failed\n");
  767. }
  768. #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\
  769. defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR)
  770. /* nothing to define */
  771. #else /* no S_NOSIGPIPE */
  772. signal(SIGPIPE, SIG_IGN);
  773. #endif /* S_NOSIGPIPE */
  774. #if defined(TCP_NODELAY)
  775. if (!udp && !sctp)
  776. {
  777. int on = 1;
  778. socklen_t len = sizeof(on);
  779. int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
  780. if (res < 0)
  781. err_sys("setsockopt TCP_NODELAY failed\n");
  782. }
  783. #endif
  784. #endif /* USE_WINDOWS_API */
  785. }
  786. static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
  787. int udp, int sctp, WOLFSSL* ssl)
  788. {
  789. SOCKADDR_IN_T addr;
  790. build_addr(&addr, ip, port, udp, sctp);
  791. if (udp) {
  792. wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
  793. }
  794. tcp_socket(sockfd, udp, sctp);
  795. if (!udp) {
  796. if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
  797. err_sys("tcp connect failed");
  798. }
  799. }
  800. static WC_INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
  801. {
  802. if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
  803. err_sys("tcp connect failed");
  804. }
  805. enum {
  806. TEST_SELECT_FAIL,
  807. TEST_TIMEOUT,
  808. TEST_RECV_READY,
  809. TEST_SEND_READY,
  810. TEST_ERROR_READY
  811. };
  812. #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \
  813. !defined(WOLFSSL_TIRTOS)
  814. static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx)
  815. {
  816. fd_set fds, errfds;
  817. fd_set* recvfds = NULL;
  818. fd_set* sendfds = NULL;
  819. SOCKET_T nfds = socketfd + 1;
  820. #if !defined(__INTEGRITY)
  821. struct timeval timeout = {(to_sec > 0) ? to_sec : 0, 0};
  822. #else
  823. struct timeval timeout;
  824. #endif
  825. int result;
  826. FD_ZERO(&fds);
  827. FD_SET(socketfd, &fds);
  828. FD_ZERO(&errfds);
  829. FD_SET(socketfd, &errfds);
  830. if (rx)
  831. recvfds = &fds;
  832. else
  833. sendfds = &fds;
  834. #if defined(__INTEGRITY)
  835. timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0;
  836. #endif
  837. result = select(nfds, recvfds, sendfds, &errfds, &timeout);
  838. if (result == 0)
  839. return TEST_TIMEOUT;
  840. else if (result > 0) {
  841. if (FD_ISSET(socketfd, &fds)) {
  842. if (rx)
  843. return TEST_RECV_READY;
  844. else
  845. return TEST_SEND_READY;
  846. }
  847. else if(FD_ISSET(socketfd, &errfds))
  848. return TEST_ERROR_READY;
  849. }
  850. return TEST_SELECT_FAIL;
  851. }
  852. static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
  853. {
  854. return tcp_select_ex(socketfd, to_sec, 1);
  855. }
  856. static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec)
  857. {
  858. return tcp_select_ex(socketfd, to_sec, 0);
  859. }
  860. #elif defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_KEIL_TCP_NET)
  861. static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
  862. {
  863. return TEST_RECV_READY;
  864. }
  865. static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec)
  866. {
  867. return TEST_SEND_READY;
  868. }
  869. #endif /* !WOLFSSL_MDK_ARM */
  870. static WC_INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
  871. int udp, int sctp)
  872. {
  873. SOCKADDR_IN_T addr;
  874. /* don't use INADDR_ANY by default, firewall may block, make user switch
  875. on */
  876. build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp);
  877. tcp_socket(sockfd, udp, sctp);
  878. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
  879. && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR)
  880. {
  881. int res, on = 1;
  882. socklen_t len = sizeof(on);
  883. res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
  884. if (res < 0)
  885. err_sys("setsockopt SO_REUSEADDR failed\n");
  886. }
  887. #endif
  888. if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
  889. err_sys("tcp bind failed");
  890. if (!udp) {
  891. #ifdef WOLFSSL_KEIL_TCP_NET
  892. #define SOCK_LISTEN_MAX_QUEUE 1
  893. #else
  894. #define SOCK_LISTEN_MAX_QUEUE 5
  895. #endif
  896. if (listen(*sockfd, SOCK_LISTEN_MAX_QUEUE) != 0)
  897. err_sys("tcp listen failed");
  898. }
  899. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) \
  900. && !defined(WOLFSSL_ZEPHYR)
  901. if (*port == 0) {
  902. socklen_t len = sizeof(addr);
  903. if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
  904. #ifndef TEST_IPV6
  905. *port = XNTOHS(addr.sin_port);
  906. #else
  907. *port = XNTOHS(addr.sin6_port);
  908. #endif
  909. }
  910. }
  911. #endif
  912. }
  913. #if 0
  914. static WC_INLINE int udp_read_connect(SOCKET_T sockfd)
  915. {
  916. SOCKADDR_IN_T cliaddr;
  917. byte b[1500];
  918. int n;
  919. socklen_t len = sizeof(cliaddr);
  920. n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
  921. (struct sockaddr*)&cliaddr, &len);
  922. if (n > 0) {
  923. if (connect(sockfd, (const struct sockaddr*)&cliaddr,
  924. sizeof(cliaddr)) != 0)
  925. err_sys("udp connect failed");
  926. }
  927. else
  928. err_sys("recvfrom failed");
  929. return sockfd;
  930. }
  931. #endif
  932. static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
  933. int useAnyAddr, word16 port, func_args* args)
  934. {
  935. SOCKADDR_IN_T addr;
  936. (void)args;
  937. build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0);
  938. tcp_socket(sockfd, 1, 0);
  939. #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \
  940. && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR)
  941. {
  942. int res, on = 1;
  943. socklen_t len = sizeof(on);
  944. res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
  945. if (res < 0)
  946. err_sys("setsockopt SO_REUSEADDR failed\n");
  947. }
  948. #endif
  949. if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
  950. err_sys("tcp bind failed");
  951. #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
  952. if (port == 0) {
  953. socklen_t len = sizeof(addr);
  954. if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
  955. #ifndef TEST_IPV6
  956. port = XNTOHS(addr.sin_port);
  957. #else
  958. port = XNTOHS(addr.sin6_port);
  959. #endif
  960. }
  961. }
  962. #endif
  963. #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
  964. /* signal ready to accept data */
  965. {
  966. tcp_ready* ready = args->signal;
  967. pthread_mutex_lock(&ready->mutex);
  968. ready->ready = 1;
  969. ready->port = port;
  970. pthread_cond_signal(&ready->cond);
  971. pthread_mutex_unlock(&ready->mutex);
  972. }
  973. #elif defined (WOLFSSL_TIRTOS)
  974. /* Need mutex? */
  975. tcp_ready* ready = args->signal;
  976. ready->ready = 1;
  977. ready->port = port;
  978. #endif
  979. *clientfd = *sockfd;
  980. }
  981. static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
  982. func_args* args, word16 port, int useAnyAddr,
  983. int udp, int sctp, int ready_file, int do_listen)
  984. {
  985. SOCKADDR_IN_T client;
  986. socklen_t client_len = sizeof(client);
  987. tcp_ready* ready = NULL;
  988. (void) ready; /* Account for case when "ready" is not used */
  989. if (udp) {
  990. udp_accept(sockfd, clientfd, useAnyAddr, port, args);
  991. return;
  992. }
  993. if(do_listen) {
  994. tcp_listen(sockfd, &port, useAnyAddr, udp, sctp);
  995. #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
  996. /* signal ready to tcp_accept */
  997. if (args)
  998. ready = args->signal;
  999. if (ready) {
  1000. pthread_mutex_lock(&ready->mutex);
  1001. ready->ready = 1;
  1002. ready->port = port;
  1003. pthread_cond_signal(&ready->cond);
  1004. pthread_mutex_unlock(&ready->mutex);
  1005. }
  1006. #elif defined (WOLFSSL_TIRTOS)
  1007. /* Need mutex? */
  1008. if (args)
  1009. ready = args->signal;
  1010. if (ready) {
  1011. ready->ready = 1;
  1012. ready->port = port;
  1013. }
  1014. #endif
  1015. if (ready_file) {
  1016. #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
  1017. XFILE srf = NULL;
  1018. if (args)
  1019. ready = args->signal;
  1020. if (ready) {
  1021. srf = fopen(ready->srfName, "w");
  1022. if (srf) {
  1023. /* let's write port sever is listening on to ready file
  1024. external monitor can then do ephemeral ports by passing
  1025. -p 0 to server on supported platforms with -R ready_file
  1026. client can then wait for existence of ready_file and see
  1027. which port the server is listening on. */
  1028. fprintf(srf, "%d\n", (int)port);
  1029. fclose(srf);
  1030. }
  1031. }
  1032. #endif
  1033. }
  1034. }
  1035. *clientfd = accept(*sockfd, (struct sockaddr*)&client,
  1036. (ACCEPT_THIRD_T)&client_len);
  1037. if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) {
  1038. err_sys("tcp accept failed");
  1039. }
  1040. }
  1041. static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
  1042. {
  1043. #ifdef USE_WINDOWS_API
  1044. unsigned long blocking = 1;
  1045. int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
  1046. if (ret == SOCKET_ERROR)
  1047. err_sys("ioctlsocket failed");
  1048. #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \
  1049. || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \
  1050. || defined(WOLFSSL_ZEPHYR)
  1051. /* non blocking not supported, for now */
  1052. #else
  1053. int flags = fcntl(*sockfd, F_GETFL, 0);
  1054. if (flags < 0)
  1055. err_sys("fcntl get failed");
  1056. flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
  1057. if (flags < 0)
  1058. err_sys("fcntl set failed");
  1059. #endif
  1060. }
  1061. #ifndef NO_PSK
  1062. /* identity is OpenSSL testing default for openssl s_client, keep same */
  1063. static const char* kIdentityStr = "Client_identity";
  1064. static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
  1065. char* identity, unsigned int id_max_len, unsigned char* key,
  1066. unsigned int key_max_len)
  1067. {
  1068. (void)ssl;
  1069. (void)hint;
  1070. (void)key_max_len;
  1071. /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
  1072. strncpy(identity, kIdentityStr, id_max_len);
  1073. if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
  1074. /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
  1075. unsigned binary */
  1076. key[0] = 0x1a;
  1077. key[1] = 0x2b;
  1078. key[2] = 0x3c;
  1079. key[3] = 0x4d;
  1080. return 4; /* length of key in octets or 0 for error */
  1081. }
  1082. else {
  1083. int i;
  1084. int b = 0x01;
  1085. for (i = 0; i < 32; i++, b += 0x22) {
  1086. if (b >= 0x100)
  1087. b = 0x01;
  1088. key[i] = b;
  1089. }
  1090. return 32; /* length of key in octets or 0 for error */
  1091. }
  1092. }
  1093. static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
  1094. unsigned char* key, unsigned int key_max_len)
  1095. {
  1096. (void)ssl;
  1097. (void)key_max_len;
  1098. /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
  1099. if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
  1100. return 0;
  1101. if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
  1102. /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
  1103. unsigned binary */
  1104. key[0] = 0x1a;
  1105. key[1] = 0x2b;
  1106. key[2] = 0x3c;
  1107. key[3] = 0x4d;
  1108. return 4; /* length of key in octets or 0 for error */
  1109. }
  1110. else {
  1111. int i;
  1112. int b = 0x01;
  1113. for (i = 0; i < 32; i++, b += 0x22) {
  1114. if (b >= 0x100)
  1115. b = 0x01;
  1116. key[i] = b;
  1117. }
  1118. return 32; /* length of key in octets or 0 for error */
  1119. }
  1120. }
  1121. static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
  1122. const char* hint, char* identity, unsigned int id_max_len,
  1123. unsigned char* key, unsigned int key_max_len, const char** ciphersuite)
  1124. {
  1125. int i;
  1126. int b = 0x01;
  1127. (void)ssl;
  1128. (void)hint;
  1129. (void)key_max_len;
  1130. /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
  1131. strncpy(identity, kIdentityStr, id_max_len);
  1132. for (i = 0; i < 32; i++, b += 0x22) {
  1133. if (b >= 0x100)
  1134. b = 0x01;
  1135. key[i] = b;
  1136. }
  1137. *ciphersuite = "TLS13-AES128-GCM-SHA256";
  1138. return 32; /* length of key in octets or 0 for error */
  1139. }
  1140. static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
  1141. const char* identity, unsigned char* key, unsigned int key_max_len,
  1142. const char** ciphersuite)
  1143. {
  1144. int i;
  1145. int b = 0x01;
  1146. (void)ssl;
  1147. (void)key_max_len;
  1148. /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
  1149. if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
  1150. return 0;
  1151. for (i = 0; i < 32; i++, b += 0x22) {
  1152. if (b >= 0x100)
  1153. b = 0x01;
  1154. key[i] = b;
  1155. }
  1156. *ciphersuite = "TLS13-AES128-GCM-SHA256";
  1157. return 32; /* length of key in octets or 0 for error */
  1158. }
  1159. #endif /* NO_PSK */
  1160. #if defined(WOLFSSL_USER_CURRTIME)
  1161. extern double current_time(int reset);
  1162. #elif defined(USE_WINDOWS_API)
  1163. #define WIN32_LEAN_AND_MEAN
  1164. #include <windows.h>
  1165. static WC_INLINE double current_time(int reset)
  1166. {
  1167. static int init = 0;
  1168. static LARGE_INTEGER freq;
  1169. LARGE_INTEGER count;
  1170. if (!init) {
  1171. QueryPerformanceFrequency(&freq);
  1172. init = 1;
  1173. }
  1174. QueryPerformanceCounter(&count);
  1175. (void)reset;
  1176. return (double)count.QuadPart / freq.QuadPart;
  1177. }
  1178. #elif defined(WOLFSSL_TIRTOS)
  1179. extern double current_time();
  1180. #elif defined(WOLFSSL_ZEPHYR)
  1181. extern double current_time();
  1182. #else
  1183. #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_CHIBIOS)
  1184. #include <sys/time.h>
  1185. static WC_INLINE double current_time(int reset)
  1186. {
  1187. struct timeval tv;
  1188. gettimeofday(&tv, 0);
  1189. (void)reset;
  1190. return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
  1191. }
  1192. #else
  1193. extern double current_time(int reset);
  1194. #endif
  1195. #endif /* USE_WINDOWS_API */
  1196. #if defined(HAVE_OCSP) && defined(WOLFSSL_NONBLOCK_OCSP)
  1197. static WC_INLINE int OCSPIOCb(void* ioCtx, const char* url, int urlSz,
  1198. unsigned char* request, int requestSz, unsigned char** response)
  1199. {
  1200. #ifdef TEST_NONBLOCK_CERTS
  1201. static int ioCbCnt = 0;
  1202. #endif
  1203. (void)ioCtx;
  1204. (void)url;
  1205. (void)urlSz;
  1206. (void)request;
  1207. (void)requestSz;
  1208. (void)response;
  1209. #ifdef TEST_NONBLOCK_CERTS
  1210. if (ioCbCnt) {
  1211. ioCbCnt = 0;
  1212. return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
  1213. }
  1214. else {
  1215. ioCbCnt = 1;
  1216. return WOLFSSL_CBIO_ERR_WANT_READ;
  1217. }
  1218. #else
  1219. return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
  1220. #endif
  1221. }
  1222. static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
  1223. {
  1224. (void)ioCtx;
  1225. (void)response;
  1226. }
  1227. #endif
  1228. #if !defined(NO_CERTS)
  1229. #if !defined(NO_FILESYSTEM) || \
  1230. (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST))
  1231. /* reads file size, allocates buffer, reads into buffer, returns buffer */
  1232. static WC_INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
  1233. {
  1234. int ret;
  1235. long int fileSz;
  1236. XFILE file;
  1237. if (fname == NULL || buf == NULL || bufLen == NULL)
  1238. return BAD_FUNC_ARG;
  1239. /* set defaults */
  1240. *buf = NULL;
  1241. *bufLen = 0;
  1242. /* open file (read-only binary) */
  1243. file = fopen(fname, "rb");
  1244. if (!file) {
  1245. printf("Error loading %s\n", fname);
  1246. return BAD_PATH_ERROR;
  1247. }
  1248. fseek(file, 0, SEEK_END);
  1249. fileSz = (int)ftell(file);
  1250. rewind(file);
  1251. if (fileSz > 0) {
  1252. *bufLen = (size_t)fileSz;
  1253. *buf = (byte*)malloc(*bufLen);
  1254. if (*buf == NULL) {
  1255. ret = MEMORY_E;
  1256. printf("Error allocating %lu bytes\n", (unsigned long)*bufLen);
  1257. }
  1258. else {
  1259. size_t readLen = fread(*buf, *bufLen, 1, file);
  1260. /* check response code */
  1261. ret = (readLen > 0) ? 0 : -1;
  1262. }
  1263. }
  1264. else {
  1265. ret = BUFFER_E;
  1266. }
  1267. fclose(file);
  1268. return ret;
  1269. }
  1270. enum {
  1271. WOLFSSL_CA = 1,
  1272. WOLFSSL_CERT = 2,
  1273. WOLFSSL_KEY = 3,
  1274. WOLFSSL_CERT_CHAIN = 4,
  1275. };
  1276. static WC_INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
  1277. {
  1278. int format = WOLFSSL_FILETYPE_PEM;
  1279. byte* buff = NULL;
  1280. size_t sz = 0;
  1281. if (load_file(fname, &buff, &sz) != 0) {
  1282. err_sys("can't open file for buffer load "
  1283. "Please run from wolfSSL home directory if not");
  1284. }
  1285. /* determine format */
  1286. if (strstr(fname, ".der"))
  1287. format = WOLFSSL_FILETYPE_ASN1;
  1288. if (type == WOLFSSL_CA) {
  1289. if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
  1290. != WOLFSSL_SUCCESS)
  1291. err_sys("can't load buffer ca file");
  1292. }
  1293. else if (type == WOLFSSL_CERT) {
  1294. if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, (long)sz,
  1295. format) != WOLFSSL_SUCCESS)
  1296. err_sys("can't load buffer cert file");
  1297. }
  1298. else if (type == WOLFSSL_KEY) {
  1299. if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, (long)sz,
  1300. format) != WOLFSSL_SUCCESS)
  1301. err_sys("can't load buffer key file");
  1302. }
  1303. else if (type == WOLFSSL_CERT_CHAIN) {
  1304. if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff,
  1305. (long)sz, format) != WOLFSSL_SUCCESS)
  1306. err_sys("can't load cert chain buffer");
  1307. }
  1308. if (buff)
  1309. free(buff);
  1310. }
  1311. static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type)
  1312. {
  1313. int format = WOLFSSL_FILETYPE_PEM;
  1314. byte* buff = NULL;
  1315. size_t sz = 0;
  1316. if (load_file(fname, &buff, &sz) != 0) {
  1317. err_sys("can't open file for buffer load "
  1318. "Please run from wolfSSL home directory if not");
  1319. }
  1320. /* determine format */
  1321. if (strstr(fname, ".der"))
  1322. format = WOLFSSL_FILETYPE_ASN1;
  1323. if (type == WOLFSSL_CA) {
  1324. /* verify certs (CA's) use the shared ctx->cm (WOLFSSL_CERT_MANAGER) */
  1325. WOLFSSL_CTX* ctx = wolfSSL_get_SSL_CTX(ssl);
  1326. if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
  1327. != WOLFSSL_SUCCESS)
  1328. err_sys("can't load buffer ca file");
  1329. }
  1330. else if (type == WOLFSSL_CERT) {
  1331. if (wolfSSL_use_certificate_buffer(ssl, buff, (long)sz,
  1332. format) != WOLFSSL_SUCCESS)
  1333. err_sys("can't load buffer cert file");
  1334. }
  1335. else if (type == WOLFSSL_KEY) {
  1336. if (wolfSSL_use_PrivateKey_buffer(ssl, buff, (long)sz,
  1337. format) != WOLFSSL_SUCCESS)
  1338. err_sys("can't load buffer key file");
  1339. }
  1340. else if (type == WOLFSSL_CERT_CHAIN) {
  1341. if (wolfSSL_use_certificate_chain_buffer_format(ssl, buff,
  1342. (long)sz, format) != WOLFSSL_SUCCESS)
  1343. err_sys("can't load cert chain buffer");
  1344. }
  1345. if (buff)
  1346. free(buff);
  1347. }
  1348. #ifdef TEST_PK_PRIVKEY
  1349. static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen)
  1350. {
  1351. int ret;
  1352. byte* buf = NULL;
  1353. size_t bufLen;
  1354. ret = load_file(fname, &buf, &bufLen);
  1355. if (ret != 0)
  1356. return ret;
  1357. *derBuf = (byte*)malloc(bufLen);
  1358. if (*derBuf == NULL) {
  1359. free(buf);
  1360. return MEMORY_E;
  1361. }
  1362. ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL);
  1363. if (ret < 0) {
  1364. free(buf);
  1365. free(*derBuf);
  1366. return ret;
  1367. }
  1368. *derLen = ret;
  1369. free(buf);
  1370. return 0;
  1371. }
  1372. #endif /* TEST_PK_PRIVKEY */
  1373. #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */
  1374. #endif /* !NO_CERTS */
  1375. static int myVerifyFail = 0;
  1376. static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
  1377. {
  1378. char buffer[WOLFSSL_MAX_ERROR_SZ];
  1379. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  1380. WOLFSSL_X509* peer;
  1381. #endif
  1382. (void)preverify;
  1383. /* Verify Callback Arguments:
  1384. * preverify: 1=Verify Okay, 0=Failure
  1385. * store->error: Failure error code (0 indicates no failure)
  1386. * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA)
  1387. * store->error_depth: Current Index
  1388. * store->domain: Subject CN as string (null term)
  1389. * store->totalCerts: Number of certs presented by peer
  1390. * store->certs[i]: A `WOLFSSL_BUFFER_INFO` with plain DER for each cert
  1391. * store->store: WOLFSSL_X509_STORE with CA cert chain
  1392. * store->store->cm: WOLFSSL_CERT_MANAGER
  1393. * store->ex_data: The WOLFSSL object pointer
  1394. * store->discardSessionCerts: When set to non-zero value session certs
  1395. will be discarded (only with SESSION_CERTS)
  1396. */
  1397. printf("In verification callback, error = %d, %s\n", store->error,
  1398. wolfSSL_ERR_error_string(store->error, buffer));
  1399. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  1400. peer = store->current_cert;
  1401. if (peer) {
  1402. char* issuer = wolfSSL_X509_NAME_oneline(
  1403. wolfSSL_X509_get_issuer_name(peer), 0, 0);
  1404. char* subject = wolfSSL_X509_NAME_oneline(
  1405. wolfSSL_X509_get_subject_name(peer), 0, 0);
  1406. printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
  1407. subject);
  1408. XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
  1409. XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
  1410. }
  1411. else
  1412. printf("\tPeer has no cert!\n");
  1413. #else
  1414. printf("\tPeer certs: %d\n", store->totalCerts);
  1415. #ifdef SHOW_CERTS
  1416. { int i;
  1417. for (i=0; i<store->totalCerts; i++) {
  1418. WOLFSSL_BUFFER_INFO* cert = &store->certs[i];
  1419. printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length);
  1420. }
  1421. }
  1422. #endif /* SHOW_CERTS */
  1423. #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
  1424. printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain);
  1425. /* Testing forced fail case by return zero */
  1426. if (myVerifyFail) {
  1427. return 0; /* test failure case */
  1428. }
  1429. /* If error indicate we are overriding it for testing purposes */
  1430. if (store->error != 0) {
  1431. printf("\tAllowing failed certificate check, testing only "
  1432. "(shouldn't do this in production)\n");
  1433. }
  1434. /* A non-zero return code indicates failure override */
  1435. return 1;
  1436. }
  1437. static WC_INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
  1438. {
  1439. char buffer[WOLFSSL_MAX_ERROR_SZ];
  1440. (void)preverify;
  1441. printf("In verification callback, error = %d, %s\n", store->error,
  1442. wolfSSL_ERR_error_string(store->error, buffer));
  1443. printf("Subject's domain name is %s\n", store->domain);
  1444. if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
  1445. printf("Overriding cert date error as example for bad clock testing\n");
  1446. return 1;
  1447. }
  1448. printf("Cert error is not date error, not overriding\n");
  1449. return 0;
  1450. }
  1451. #ifdef HAVE_EXT_CACHE
  1452. static WC_INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id,
  1453. int id_len, int* copy)
  1454. {
  1455. (void)ssl;
  1456. (void)id;
  1457. (void)id_len;
  1458. (void)copy;
  1459. /* using internal cache, this is for testing only */
  1460. return NULL;
  1461. }
  1462. static WC_INLINE int mySessNewCb(WOLFSSL* ssl, WOLFSSL_SESSION* session)
  1463. {
  1464. (void)ssl;
  1465. (void)session;
  1466. /* using internal cache, this is for testing only */
  1467. return 0;
  1468. }
  1469. static WC_INLINE void mySessRemCb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
  1470. {
  1471. (void)ctx;
  1472. (void)session;
  1473. /* using internal cache, this is for testing only */
  1474. }
  1475. #endif /* HAVE_EXT_CACHE */
  1476. #ifdef HAVE_CRL
  1477. static WC_INLINE void CRL_CallBack(const char* url)
  1478. {
  1479. printf("CRL callback url = %s\n", url);
  1480. }
  1481. #endif
  1482. #ifndef NO_DH
  1483. static WC_INLINE void SetDH(WOLFSSL* ssl)
  1484. {
  1485. /* dh1024 p */
  1486. static const unsigned char p[] =
  1487. {
  1488. 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
  1489. 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
  1490. 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
  1491. 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
  1492. 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
  1493. 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
  1494. 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
  1495. 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
  1496. 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
  1497. 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
  1498. 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
  1499. };
  1500. /* dh1024 g */
  1501. static const unsigned char g[] =
  1502. {
  1503. 0x02,
  1504. };
  1505. wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
  1506. }
  1507. static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
  1508. {
  1509. /* dh1024 p */
  1510. static const unsigned char p[] =
  1511. {
  1512. 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
  1513. 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
  1514. 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
  1515. 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
  1516. 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
  1517. 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
  1518. 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
  1519. 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
  1520. 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
  1521. 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
  1522. 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
  1523. };
  1524. /* dh1024 g */
  1525. static const unsigned char g[] =
  1526. {
  1527. 0x02,
  1528. };
  1529. wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
  1530. }
  1531. #endif /* NO_DH */
  1532. #ifndef NO_CERTS
  1533. static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
  1534. {
  1535. (void)der;
  1536. printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
  1537. }
  1538. #endif /* !NO_CERTS */
  1539. /* Wolf Root Directory Helper */
  1540. /* KEIL-RL File System does not support relative directory */
  1541. #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS)
  1542. /* Maximum depth to search for WolfSSL root */
  1543. #define MAX_WOLF_ROOT_DEPTH 5
  1544. static WC_INLINE int ChangeToWolfRoot(void)
  1545. {
  1546. #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
  1547. int depth, res;
  1548. XFILE file;
  1549. for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
  1550. file = fopen(ntruKeyFile, "rb");
  1551. if (file != NULL) {
  1552. fclose(file);
  1553. return depth;
  1554. }
  1555. #ifdef USE_WINDOWS_API
  1556. res = SetCurrentDirectoryA("..\\");
  1557. #else
  1558. res = chdir("../");
  1559. #endif
  1560. if (res < 0) {
  1561. printf("chdir to ../ failed!\n");
  1562. break;
  1563. }
  1564. }
  1565. err_sys("wolf root not found");
  1566. return -1;
  1567. #else
  1568. return 0;
  1569. #endif
  1570. }
  1571. #endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */
  1572. #ifdef HAVE_STACK_SIZE
  1573. typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args);
  1574. #define STACK_CHECK_VAL 0x01
  1575. static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
  1576. {
  1577. int ret, i, used;
  1578. void* status;
  1579. unsigned char* myStack = NULL;
  1580. int stackSize = 1024*128;
  1581. pthread_attr_t myAttr;
  1582. pthread_t threadId;
  1583. #ifdef PTHREAD_STACK_MIN
  1584. if (stackSize < PTHREAD_STACK_MIN)
  1585. stackSize = PTHREAD_STACK_MIN;
  1586. #endif
  1587. ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
  1588. if (ret != 0 || myStack == NULL)
  1589. err_sys("posix_memalign failed\n");
  1590. XMEMSET(myStack, STACK_CHECK_VAL, stackSize);
  1591. ret = pthread_attr_init(&myAttr);
  1592. if (ret != 0)
  1593. err_sys("attr_init failed");
  1594. ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
  1595. if (ret != 0)
  1596. err_sys("attr_setstackaddr failed");
  1597. ret = pthread_create(&threadId, &myAttr, tf, args);
  1598. if (ret != 0) {
  1599. perror("pthread_create failed");
  1600. exit(EXIT_FAILURE);
  1601. }
  1602. ret = pthread_join(threadId, &status);
  1603. if (ret != 0)
  1604. err_sys("pthread_join failed");
  1605. for (i = 0; i < stackSize; i++) {
  1606. if (myStack[i] != STACK_CHECK_VAL) {
  1607. break;
  1608. }
  1609. }
  1610. free(myStack);
  1611. used = stackSize - i;
  1612. printf("stack used = %d\n", used);
  1613. return (int)((size_t)status);
  1614. }
  1615. #endif /* HAVE_STACK_SIZE */
  1616. #ifdef STACK_TRAP
  1617. /* good settings
  1618. --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
  1619. */
  1620. #ifdef HAVE_STACK_SIZE
  1621. /* client only for now, setrlimit will fail if pthread_create() called */
  1622. /* STACK_SIZE does pthread_create() on client */
  1623. #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
  1624. #endif /* HAVE_STACK_SIZE */
  1625. static WC_INLINE void StackTrap(void)
  1626. {
  1627. struct rlimit rl;
  1628. if (getrlimit(RLIMIT_STACK, &rl) != 0)
  1629. err_sys("getrlimit failed");
  1630. printf("rlim_cur = %llu\n", rl.rlim_cur);
  1631. rl.rlim_cur = 1024*21; /* adjust trap size here */
  1632. if (setrlimit(RLIMIT_STACK, &rl) != 0) {
  1633. perror("setrlimit");
  1634. err_sys("setrlimit failed");
  1635. }
  1636. }
  1637. #else /* STACK_TRAP */
  1638. static WC_INLINE void StackTrap(void)
  1639. {
  1640. }
  1641. #endif /* STACK_TRAP */
  1642. #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
  1643. /* Atomic Encrypt Context example */
  1644. typedef struct AtomicEncCtx {
  1645. int keySetup; /* have we done key setup yet */
  1646. Aes aes; /* for aes example */
  1647. } AtomicEncCtx;
  1648. /* Atomic Decrypt Context example */
  1649. typedef struct AtomicDecCtx {
  1650. int keySetup; /* have we done key setup yet */
  1651. Aes aes; /* for aes example */
  1652. } AtomicDecCtx;
  1653. static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
  1654. const unsigned char* macIn, unsigned int macInSz, int macContent,
  1655. int macVerify, unsigned char* encOut, const unsigned char* encIn,
  1656. unsigned int encSz, void* ctx)
  1657. {
  1658. int ret;
  1659. Hmac hmac;
  1660. byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
  1661. AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
  1662. const char* tlsStr = "TLS";
  1663. /* example supports (d)tls aes */
  1664. if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
  1665. printf("myMacEncryptCb not using AES\n");
  1666. return -1;
  1667. }
  1668. if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
  1669. printf("myMacEncryptCb not using (D)TLS\n");
  1670. return -1;
  1671. }
  1672. /* hmac, not needed if aead mode */
  1673. wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
  1674. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  1675. if (ret != 0)
  1676. return ret;
  1677. ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
  1678. wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
  1679. if (ret != 0)
  1680. return ret;
  1681. ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
  1682. if (ret != 0)
  1683. return ret;
  1684. ret = wc_HmacUpdate(&hmac, macIn, macInSz);
  1685. if (ret != 0)
  1686. return ret;
  1687. ret = wc_HmacFinal(&hmac, macOut);
  1688. if (ret != 0)
  1689. return ret;
  1690. /* encrypt setup on first time */
  1691. if (encCtx->keySetup == 0) {
  1692. int keyLen = wolfSSL_GetKeySize(ssl);
  1693. const byte* key;
  1694. const byte* iv;
  1695. if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
  1696. key = wolfSSL_GetClientWriteKey(ssl);
  1697. iv = wolfSSL_GetClientWriteIV(ssl);
  1698. }
  1699. else {
  1700. key = wolfSSL_GetServerWriteKey(ssl);
  1701. iv = wolfSSL_GetServerWriteIV(ssl);
  1702. }
  1703. ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
  1704. if (ret != 0) {
  1705. printf("AesSetKey failed in myMacEncryptCb\n");
  1706. return ret;
  1707. }
  1708. encCtx->keySetup = 1;
  1709. }
  1710. /* encrypt */
  1711. return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
  1712. }
  1713. static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
  1714. unsigned char* decOut, const unsigned char* decIn,
  1715. unsigned int decSz, int macContent, int macVerify,
  1716. unsigned int* padSz, void* ctx)
  1717. {
  1718. AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
  1719. int ret = 0;
  1720. int macInSz = 0;
  1721. int ivExtra = 0;
  1722. int digestSz = wolfSSL_GetHmacSize(ssl);
  1723. unsigned int pad = 0;
  1724. unsigned int padByte = 0;
  1725. Hmac hmac;
  1726. byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
  1727. byte verify[WC_MAX_DIGEST_SIZE];
  1728. const char* tlsStr = "TLS";
  1729. /* example supports (d)tls aes */
  1730. if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
  1731. printf("myMacEncryptCb not using AES\n");
  1732. return -1;
  1733. }
  1734. if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
  1735. printf("myMacEncryptCb not using (D)TLS\n");
  1736. return -1;
  1737. }
  1738. /*decrypt */
  1739. if (decCtx->keySetup == 0) {
  1740. int keyLen = wolfSSL_GetKeySize(ssl);
  1741. const byte* key;
  1742. const byte* iv;
  1743. /* decrypt is from other side (peer) */
  1744. if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
  1745. key = wolfSSL_GetClientWriteKey(ssl);
  1746. iv = wolfSSL_GetClientWriteIV(ssl);
  1747. }
  1748. else {
  1749. key = wolfSSL_GetServerWriteKey(ssl);
  1750. iv = wolfSSL_GetServerWriteIV(ssl);
  1751. }
  1752. ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
  1753. if (ret != 0) {
  1754. printf("AesSetKey failed in myDecryptVerifyCb\n");
  1755. return ret;
  1756. }
  1757. decCtx->keySetup = 1;
  1758. }
  1759. /* decrypt */
  1760. ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
  1761. if (ret != 0)
  1762. return ret;
  1763. if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
  1764. *padSz = wolfSSL_GetAeadMacSize(ssl);
  1765. return 0; /* hmac, not needed if aead mode */
  1766. }
  1767. if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) {
  1768. pad = *(decOut + decSz - 1);
  1769. padByte = 1;
  1770. if (wolfSSL_IsTLSv1_1(ssl))
  1771. ivExtra = wolfSSL_GetCipherBlockSize(ssl);
  1772. }
  1773. *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte;
  1774. macInSz = decSz - ivExtra - digestSz - pad - padByte;
  1775. wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
  1776. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  1777. if (ret != 0)
  1778. return ret;
  1779. ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
  1780. wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
  1781. if (ret != 0)
  1782. return ret;
  1783. ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
  1784. if (ret != 0)
  1785. return ret;
  1786. ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz);
  1787. if (ret != 0)
  1788. return ret;
  1789. ret = wc_HmacFinal(&hmac, verify);
  1790. if (ret != 0)
  1791. return ret;
  1792. if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte,
  1793. digestSz) != 0) {
  1794. printf("myDecryptVerify verify failed\n");
  1795. return -1;
  1796. }
  1797. return ret;
  1798. }
  1799. #if defined(HAVE_ENCRYPT_THEN_MAC)
  1800. static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut,
  1801. int content, int macVerify, unsigned char* encOut,
  1802. const unsigned char* encIn, unsigned int encSz, void* ctx)
  1803. {
  1804. int ret;
  1805. Hmac hmac;
  1806. AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
  1807. byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
  1808. const char* tlsStr = "TLS";
  1809. /* example supports (d)tls aes */
  1810. if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
  1811. printf("myMacEncryptCb not using AES\n");
  1812. return -1;
  1813. }
  1814. if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
  1815. printf("myMacEncryptCb not using (D)TLS\n");
  1816. return -1;
  1817. }
  1818. /* encrypt setup on first time */
  1819. if (encCtx->keySetup == 0) {
  1820. int keyLen = wolfSSL_GetKeySize(ssl);
  1821. const byte* key;
  1822. const byte* iv;
  1823. if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
  1824. key = wolfSSL_GetClientWriteKey(ssl);
  1825. iv = wolfSSL_GetClientWriteIV(ssl);
  1826. }
  1827. else {
  1828. key = wolfSSL_GetServerWriteKey(ssl);
  1829. iv = wolfSSL_GetServerWriteIV(ssl);
  1830. }
  1831. ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
  1832. if (ret != 0) {
  1833. printf("AesSetKey failed in myMacEncryptCb\n");
  1834. return ret;
  1835. }
  1836. encCtx->keySetup = 1;
  1837. }
  1838. /* encrypt */
  1839. ret = wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
  1840. if (ret != 0)
  1841. return ret;
  1842. /* Reconstruct record header. */
  1843. wolfSSL_SetTlsHmacInner(ssl, myInner, encSz, content, macVerify);
  1844. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  1845. if (ret != 0)
  1846. return ret;
  1847. ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
  1848. wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
  1849. if (ret != 0)
  1850. return ret;
  1851. ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
  1852. if (ret != 0)
  1853. return ret;
  1854. ret = wc_HmacUpdate(&hmac, encOut, encSz);
  1855. if (ret != 0)
  1856. return ret;
  1857. return wc_HmacFinal(&hmac, macOut);
  1858. }
  1859. static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl,
  1860. unsigned char* decOut, const unsigned char* decIn,
  1861. unsigned int decSz, int content, int macVerify,
  1862. unsigned int* padSz, void* ctx)
  1863. {
  1864. AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
  1865. int ret = 0;
  1866. int digestSz = wolfSSL_GetHmacSize(ssl);
  1867. Hmac hmac;
  1868. byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
  1869. byte verify[WC_MAX_DIGEST_SIZE];
  1870. const char* tlsStr = "TLS";
  1871. /* example supports (d)tls aes */
  1872. if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
  1873. printf("myMacEncryptCb not using AES\n");
  1874. return -1;
  1875. }
  1876. if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
  1877. printf("myMacEncryptCb not using (D)TLS\n");
  1878. return -1;
  1879. }
  1880. /* Reconstruct record header. */
  1881. wolfSSL_SetTlsHmacInner(ssl, myInner, decSz, content, macVerify);
  1882. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  1883. if (ret != 0)
  1884. return ret;
  1885. ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
  1886. wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
  1887. if (ret != 0)
  1888. return ret;
  1889. ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
  1890. if (ret != 0)
  1891. return ret;
  1892. ret = wc_HmacUpdate(&hmac, decIn, decSz);
  1893. if (ret != 0)
  1894. return ret;
  1895. ret = wc_HmacFinal(&hmac, verify);
  1896. if (ret != 0)
  1897. return ret;
  1898. if (XMEMCMP(verify, decOut + decSz, digestSz) != 0) {
  1899. printf("myDecryptVerify verify failed\n");
  1900. return -1;
  1901. }
  1902. /* decrypt */
  1903. if (decCtx->keySetup == 0) {
  1904. int keyLen = wolfSSL_GetKeySize(ssl);
  1905. const byte* key;
  1906. const byte* iv;
  1907. /* decrypt is from other side (peer) */
  1908. if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
  1909. key = wolfSSL_GetClientWriteKey(ssl);
  1910. iv = wolfSSL_GetClientWriteIV(ssl);
  1911. }
  1912. else {
  1913. key = wolfSSL_GetServerWriteKey(ssl);
  1914. iv = wolfSSL_GetServerWriteIV(ssl);
  1915. }
  1916. ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
  1917. if (ret != 0) {
  1918. printf("AesSetKey failed in myDecryptVerifyCb\n");
  1919. return ret;
  1920. }
  1921. decCtx->keySetup = 1;
  1922. }
  1923. /* decrypt */
  1924. ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
  1925. if (ret != 0)
  1926. return ret;
  1927. *padSz = *(decOut + decSz - 1) + 1;
  1928. return 0;
  1929. }
  1930. #endif
  1931. static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
  1932. {
  1933. AtomicEncCtx* encCtx;
  1934. AtomicDecCtx* decCtx;
  1935. encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
  1936. if (encCtx == NULL)
  1937. err_sys("AtomicEncCtx malloc failed");
  1938. XMEMSET(encCtx, 0, sizeof(AtomicEncCtx));
  1939. decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
  1940. if (decCtx == NULL) {
  1941. free(encCtx);
  1942. err_sys("AtomicDecCtx malloc failed");
  1943. }
  1944. XMEMSET(decCtx, 0, sizeof(AtomicDecCtx));
  1945. wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
  1946. wolfSSL_SetMacEncryptCtx(ssl, encCtx);
  1947. wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
  1948. wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
  1949. #if defined(HAVE_ENCRYPT_THEN_MAC)
  1950. wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb);
  1951. wolfSSL_SetEncryptMacCtx(ssl, encCtx);
  1952. wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb);
  1953. wolfSSL_SetVerifyDecryptCtx(ssl, decCtx);
  1954. #endif
  1955. }
  1956. static WC_INLINE void FreeAtomicUser(WOLFSSL* ssl)
  1957. {
  1958. AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl);
  1959. AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl);
  1960. /* Encrypt-Then-MAC callbacks use same contexts. */
  1961. free(decCtx);
  1962. free(encCtx);
  1963. }
  1964. #endif /* ATOMIC_USER */
  1965. #ifdef WOLFSSL_STATIC_MEMORY
  1966. static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
  1967. {
  1968. word16 i;
  1969. if (stats == NULL) {
  1970. return 0;
  1971. }
  1972. /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */
  1973. fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc);
  1974. fprintf(stderr, "Total frees = %d\n", stats->totalFr);
  1975. fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc);
  1976. fprintf(stderr, "Available IO = %d\n", stats->avaIO);
  1977. fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa);
  1978. fprintf(stderr, "Max con. IO = %d\n", stats->maxIO);
  1979. fprintf(stderr, "State of memory blocks: size : available \n");
  1980. for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
  1981. fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i],
  1982. stats->avaBlock[i]);
  1983. }
  1984. return 1;
  1985. }
  1986. #endif /* WOLFSSL_STATIC_MEMORY */
  1987. #ifdef HAVE_PK_CALLBACKS
  1988. typedef struct PkCbInfo {
  1989. const char* ourKey;
  1990. #ifdef TEST_PK_PRIVKEY
  1991. union {
  1992. #ifdef HAVE_ECC
  1993. ecc_key ecc;
  1994. #endif
  1995. #ifdef HAVE_CURVE25519
  1996. curve25519_key curve;
  1997. #endif
  1998. } keyGen;
  1999. #endif
  2000. } PkCbInfo;
  2001. #if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY)
  2002. #define WOLFSSL_PKMSG(_f_, ...) printf(_f_, ##__VA_ARGS__)
  2003. #else
  2004. #define WOLFSSL_PKMSG(_f_, ...)
  2005. #endif
  2006. #ifdef HAVE_ECC
  2007. static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
  2008. int ecc_curve, void* ctx)
  2009. {
  2010. int ret;
  2011. WC_RNG rng;
  2012. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2013. ecc_key* new_key = key;
  2014. #ifdef TEST_PK_PRIVKEY
  2015. byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
  2016. word32 qxLen = sizeof(qx), qyLen = sizeof(qy);
  2017. new_key = &cbInfo->keyGen.ecc;
  2018. #endif
  2019. (void)ssl;
  2020. (void)cbInfo;
  2021. WOLFSSL_PKMSG("PK ECC KeyGen: keySz %d, Curve ID %d\n", keySz, ecc_curve);
  2022. ret = wc_InitRng(&rng);
  2023. if (ret != 0)
  2024. return ret;
  2025. ret = wc_ecc_init(new_key);
  2026. if (ret == 0) {
  2027. /* create new key */
  2028. ret = wc_ecc_make_key_ex(&rng, keySz, new_key, ecc_curve);
  2029. #ifdef TEST_PK_PRIVKEY
  2030. if (ret == 0) {
  2031. /* extract public portion from new key into `key` arg */
  2032. ret = wc_ecc_export_public_raw(new_key, qx, &qxLen, qy, &qyLen);
  2033. if (ret == 0) {
  2034. /* load public portion only into key */
  2035. ret = wc_ecc_import_unsigned(key, qx, qy, NULL, ecc_curve);
  2036. }
  2037. (void)qxLen;
  2038. (void)qyLen;
  2039. }
  2040. #endif
  2041. }
  2042. WOLFSSL_PKMSG("PK ECC KeyGen: ret %d\n", ret);
  2043. wc_FreeRng(&rng);
  2044. return ret;
  2045. }
  2046. static WC_INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
  2047. byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
  2048. {
  2049. int ret;
  2050. WC_RNG rng;
  2051. word32 idx = 0;
  2052. ecc_key myKey;
  2053. byte* keyBuf = (byte*)key;
  2054. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2055. (void)ssl;
  2056. (void)cbInfo;
  2057. WOLFSSL_PKMSG("PK ECC Sign: inSz %d, keySz %d\n", inSz, keySz);
  2058. #ifdef TEST_PK_PRIVKEY
  2059. ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
  2060. if (ret != 0)
  2061. return ret;
  2062. #endif
  2063. ret = wc_InitRng(&rng);
  2064. if (ret != 0)
  2065. return ret;
  2066. ret = wc_ecc_init(&myKey);
  2067. if (ret == 0) {
  2068. ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
  2069. if (ret == 0) {
  2070. WOLFSSL_PKMSG("PK ECC Sign: Curve ID %d\n", myKey.dp->id);
  2071. ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
  2072. }
  2073. wc_ecc_free(&myKey);
  2074. }
  2075. wc_FreeRng(&rng);
  2076. #ifdef TEST_PK_PRIVKEY
  2077. free(keyBuf);
  2078. #endif
  2079. WOLFSSL_PKMSG("PK ECC Sign: ret %d outSz %d\n", ret, *outSz);
  2080. return ret;
  2081. }
  2082. static WC_INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
  2083. const byte* hash, word32 hashSz, const byte* key, word32 keySz,
  2084. int* result, void* ctx)
  2085. {
  2086. int ret;
  2087. word32 idx = 0;
  2088. ecc_key myKey;
  2089. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2090. (void)ssl;
  2091. (void)cbInfo;
  2092. WOLFSSL_PKMSG("PK ECC Verify: sigSz %d, hashSz %d, keySz %d\n", sigSz, hashSz, keySz);
  2093. ret = wc_ecc_init(&myKey);
  2094. if (ret == 0) {
  2095. ret = wc_EccPublicKeyDecode(key, &idx, &myKey, keySz);
  2096. if (ret == 0)
  2097. ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
  2098. wc_ecc_free(&myKey);
  2099. }
  2100. WOLFSSL_PKMSG("PK ECC Verify: ret %d, result %d\n", ret, *result);
  2101. return ret;
  2102. }
  2103. static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
  2104. unsigned char* pubKeyDer, unsigned int* pubKeySz,
  2105. unsigned char* out, unsigned int* outlen,
  2106. int side, void* ctx)
  2107. {
  2108. int ret;
  2109. ecc_key* privKey = NULL;
  2110. ecc_key* pubKey = NULL;
  2111. ecc_key tmpKey;
  2112. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2113. (void)ssl;
  2114. (void)cbInfo;
  2115. WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
  2116. side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
  2117. ret = wc_ecc_init(&tmpKey);
  2118. if (ret != 0) {
  2119. return ret;
  2120. }
  2121. /* for client: create and export public key */
  2122. if (side == WOLFSSL_CLIENT_END) {
  2123. WC_RNG rng;
  2124. privKey = &tmpKey;
  2125. pubKey = otherKey;
  2126. ret = wc_InitRng(&rng);
  2127. if (ret == 0) {
  2128. ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id);
  2129. #ifdef WOLFSSL_ASYNC_CRYPT
  2130. if (ret == WC_PENDING_E) {
  2131. ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_NONE);
  2132. }
  2133. #endif
  2134. if (ret == 0)
  2135. ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz);
  2136. wc_FreeRng(&rng);
  2137. }
  2138. }
  2139. /* for server: import public key */
  2140. else if (side == WOLFSSL_SERVER_END) {
  2141. #ifdef TEST_PK_PRIVKEY
  2142. privKey = &cbInfo->keyGen.ecc;
  2143. #else
  2144. privKey = otherKey;
  2145. #endif
  2146. pubKey = &tmpKey;
  2147. ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey,
  2148. otherKey->dp->id);
  2149. }
  2150. else {
  2151. ret = BAD_FUNC_ARG;
  2152. }
  2153. /* generate shared secret and return it */
  2154. if (ret == 0) {
  2155. ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
  2156. #ifdef WOLFSSL_ASYNC_CRYPT
  2157. if (ret == WC_PENDING_E) {
  2158. ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  2159. }
  2160. #endif
  2161. }
  2162. #ifdef TEST_PK_PRIVKEY
  2163. if (side == WOLFSSL_SERVER_END) {
  2164. wc_ecc_free(&cbInfo->keyGen.ecc);
  2165. }
  2166. #endif
  2167. wc_ecc_free(&tmpKey);
  2168. WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
  2169. return ret;
  2170. }
  2171. #ifdef HAVE_ED25519
  2172. static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
  2173. byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
  2174. {
  2175. int ret;
  2176. word32 idx = 0;
  2177. ed25519_key myKey;
  2178. byte* keyBuf = (byte*)key;
  2179. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2180. (void)ssl;
  2181. (void)cbInfo;
  2182. WOLFSSL_PKMSG("PK 25519 Sign: inSz %d, keySz %d\n", inSz, keySz);
  2183. #ifdef TEST_PK_PRIVKEY
  2184. ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
  2185. if (ret != 0)
  2186. return ret;
  2187. #endif
  2188. ret = wc_ed25519_init(&myKey);
  2189. if (ret == 0) {
  2190. ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
  2191. if (ret == 0)
  2192. ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey);
  2193. wc_ed25519_free(&myKey);
  2194. }
  2195. #ifdef TEST_PK_PRIVKEY
  2196. free(keyBuf);
  2197. #endif
  2198. WOLFSSL_PKMSG("PK 25519 Sign: ret %d, outSz %d\n", ret, *outSz);
  2199. return ret;
  2200. }
  2201. static WC_INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
  2202. const byte* msg, word32 msgSz, const byte* key, word32 keySz,
  2203. int* result, void* ctx)
  2204. {
  2205. int ret;
  2206. ed25519_key myKey;
  2207. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2208. (void)ssl;
  2209. (void)cbInfo;
  2210. WOLFSSL_PKMSG("PK 25519 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, keySz);
  2211. ret = wc_ed25519_init(&myKey);
  2212. if (ret == 0) {
  2213. ret = wc_ed25519_import_public(key, keySz, &myKey);
  2214. if (ret == 0) {
  2215. ret = wc_ed25519_verify_msg(sig, sigSz, msg, msgSz, result, &myKey);
  2216. }
  2217. wc_ed25519_free(&myKey);
  2218. }
  2219. WOLFSSL_PKMSG("PK 25519 Verify: ret %d, result %d\n", ret, *result);
  2220. return ret;
  2221. }
  2222. #endif /* HAVE_ED25519 */
  2223. #ifdef HAVE_CURVE25519
  2224. static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key,
  2225. unsigned int keySz, void* ctx)
  2226. {
  2227. int ret;
  2228. WC_RNG rng;
  2229. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2230. (void)ssl;
  2231. (void)cbInfo;
  2232. WOLFSSL_PKMSG("PK 25519 KeyGen: keySz %d\n", keySz);
  2233. ret = wc_InitRng(&rng);
  2234. if (ret != 0)
  2235. return ret;
  2236. ret = wc_curve25519_make_key(&rng, keySz, key);
  2237. wc_FreeRng(&rng);
  2238. WOLFSSL_PKMSG("PK 25519 KeyGen: ret %d\n", ret);
  2239. return ret;
  2240. }
  2241. static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey,
  2242. unsigned char* pubKeyDer, unsigned int* pubKeySz,
  2243. unsigned char* out, unsigned int* outlen,
  2244. int side, void* ctx)
  2245. {
  2246. int ret;
  2247. curve25519_key* privKey = NULL;
  2248. curve25519_key* pubKey = NULL;
  2249. curve25519_key tmpKey;
  2250. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2251. (void)ssl;
  2252. (void)cbInfo;
  2253. WOLFSSL_PKMSG("PK 25519 PMS: side %s\n",
  2254. side == WOLFSSL_CLIENT_END ? "client" : "server");
  2255. ret = wc_curve25519_init(&tmpKey);
  2256. if (ret != 0) {
  2257. return ret;
  2258. }
  2259. /* for client: create and export public key */
  2260. if (side == WOLFSSL_CLIENT_END) {
  2261. WC_RNG rng;
  2262. privKey = &tmpKey;
  2263. pubKey = otherKey;
  2264. ret = wc_InitRng(&rng);
  2265. if (ret == 0) {
  2266. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, privKey);
  2267. if (ret == 0) {
  2268. ret = wc_curve25519_export_public_ex(privKey, pubKeyDer,
  2269. pubKeySz, EC25519_LITTLE_ENDIAN);
  2270. }
  2271. wc_FreeRng(&rng);
  2272. }
  2273. }
  2274. /* for server: import public key */
  2275. else if (side == WOLFSSL_SERVER_END) {
  2276. privKey = otherKey;
  2277. pubKey = &tmpKey;
  2278. ret = wc_curve25519_import_public_ex(pubKeyDer, *pubKeySz, pubKey,
  2279. EC25519_LITTLE_ENDIAN);
  2280. }
  2281. else {
  2282. ret = BAD_FUNC_ARG;
  2283. }
  2284. /* generate shared secret and return it */
  2285. if (ret == 0) {
  2286. ret = wc_curve25519_shared_secret_ex(privKey, pubKey, out, outlen,
  2287. EC25519_LITTLE_ENDIAN);
  2288. }
  2289. wc_curve25519_free(&tmpKey);
  2290. WOLFSSL_PKMSG("PK 25519 PMS: ret %d, pubKeySz %d, outLen %d\n",
  2291. ret, *pubKeySz, *outlen);
  2292. return ret;
  2293. }
  2294. #endif /* HAVE_CURVE25519 */
  2295. #endif /* HAVE_ECC */
  2296. #ifndef NO_DH
  2297. static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key,
  2298. const unsigned char* priv, unsigned int privSz,
  2299. const unsigned char* pubKeyDer, unsigned int pubKeySz,
  2300. unsigned char* out, unsigned int* outlen,
  2301. void* ctx)
  2302. {
  2303. int ret;
  2304. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2305. (void)ssl;
  2306. (void)cbInfo;
  2307. /* return 0 on success */
  2308. ret = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
  2309. WOLFSSL_PKMSG("PK ED Agree: ret %d, privSz %d, pubKeySz %d, outlen %d\n",
  2310. ret, privSz, pubKeySz, *outlen);
  2311. return ret;
  2312. };
  2313. #endif /* !NO_DH */
  2314. #ifndef NO_RSA
  2315. static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
  2316. byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
  2317. {
  2318. WC_RNG rng;
  2319. int ret;
  2320. word32 idx = 0;
  2321. RsaKey myKey;
  2322. byte* keyBuf = (byte*)key;
  2323. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2324. (void)ssl;
  2325. (void)cbInfo;
  2326. WOLFSSL_PKMSG("PK RSA Sign: inSz %d, keySz %d\n", inSz, keySz);
  2327. #ifdef TEST_PK_PRIVKEY
  2328. ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
  2329. if (ret != 0)
  2330. return ret;
  2331. #endif
  2332. ret = wc_InitRng(&rng);
  2333. if (ret != 0)
  2334. return ret;
  2335. ret = wc_InitRsaKey(&myKey, NULL);
  2336. if (ret == 0) {
  2337. ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
  2338. if (ret == 0)
  2339. ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
  2340. if (ret > 0) { /* save and convert to 0 success */
  2341. *outSz = ret;
  2342. ret = 0;
  2343. }
  2344. wc_FreeRsaKey(&myKey);
  2345. }
  2346. wc_FreeRng(&rng);
  2347. #ifdef TEST_PK_PRIVKEY
  2348. free(keyBuf);
  2349. #endif
  2350. WOLFSSL_PKMSG("PK RSA Sign: ret %d, outSz %d\n", ret, *outSz);
  2351. return ret;
  2352. }
  2353. static WC_INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
  2354. byte** out, const byte* key, word32 keySz, void* ctx)
  2355. {
  2356. int ret;
  2357. word32 idx = 0;
  2358. RsaKey myKey;
  2359. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2360. (void)ssl;
  2361. (void)cbInfo;
  2362. WOLFSSL_PKMSG("PK RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz);
  2363. ret = wc_InitRsaKey(&myKey, NULL);
  2364. if (ret == 0) {
  2365. ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
  2366. if (ret == 0)
  2367. ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
  2368. wc_FreeRsaKey(&myKey);
  2369. }
  2370. WOLFSSL_PKMSG("PK RSA Verify: ret %d\n", ret);
  2371. return ret;
  2372. }
  2373. static WC_INLINE int myRsaSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
  2374. byte** out, const byte* key, word32 keySz, void* ctx)
  2375. {
  2376. int ret;
  2377. word32 idx = 0;
  2378. RsaKey myKey;
  2379. byte* keyBuf = (byte*)key;
  2380. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2381. (void)ssl;
  2382. (void)cbInfo;
  2383. WOLFSSL_PKMSG("PK RSA SignCheck: sigSz %d, keySz %d\n", sigSz, keySz);
  2384. #ifdef TEST_PK_PRIVKEY
  2385. ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
  2386. if (ret != 0)
  2387. return ret;
  2388. #endif
  2389. ret = wc_InitRsaKey(&myKey, NULL);
  2390. if (ret == 0) {
  2391. ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
  2392. if (ret == 0)
  2393. ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
  2394. wc_FreeRsaKey(&myKey);
  2395. }
  2396. #ifdef TEST_PK_PRIVKEY
  2397. free(keyBuf);
  2398. #endif
  2399. WOLFSSL_PKMSG("PK RSA SignCheck: ret %d\n", ret);
  2400. return ret;
  2401. }
  2402. #ifdef WC_RSA_PSS
  2403. static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
  2404. byte* out, word32* outSz, int hash, int mgf, const byte* key,
  2405. word32 keySz, void* ctx)
  2406. {
  2407. enum wc_HashType hashType = WC_HASH_TYPE_NONE;
  2408. WC_RNG rng;
  2409. int ret;
  2410. word32 idx = 0;
  2411. RsaKey myKey;
  2412. byte* keyBuf = (byte*)key;
  2413. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2414. (void)ssl;
  2415. (void)cbInfo;
  2416. WOLFSSL_PKMSG("PK RSA PSS Sign: inSz %d, hash %d, mgf %d, keySz %d\n",
  2417. inSz, hash, mgf, keySz);
  2418. #ifdef TEST_PK_PRIVKEY
  2419. ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
  2420. if (ret != 0)
  2421. return ret;
  2422. #endif
  2423. switch (hash) {
  2424. #ifndef NO_SHA256
  2425. case SHA256h:
  2426. hashType = WC_HASH_TYPE_SHA256;
  2427. break;
  2428. #endif
  2429. #ifdef WOLFSSL_SHA384
  2430. case SHA384h:
  2431. hashType = WC_HASH_TYPE_SHA384;
  2432. break;
  2433. #endif
  2434. #ifdef WOLFSSL_SHA512
  2435. case SHA512h:
  2436. hashType = WC_HASH_TYPE_SHA512;
  2437. break;
  2438. #endif
  2439. }
  2440. ret = wc_InitRng(&rng);
  2441. if (ret != 0)
  2442. return ret;
  2443. ret = wc_InitRsaKey(&myKey, NULL);
  2444. if (ret == 0) {
  2445. ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
  2446. if (ret == 0) {
  2447. ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey,
  2448. &rng);
  2449. }
  2450. if (ret > 0) { /* save and convert to 0 success */
  2451. *outSz = ret;
  2452. ret = 0;
  2453. }
  2454. wc_FreeRsaKey(&myKey);
  2455. }
  2456. wc_FreeRng(&rng);
  2457. #ifdef TEST_PK_PRIVKEY
  2458. free(keyBuf);
  2459. #endif
  2460. WOLFSSL_PKMSG("PK RSA PSS Sign: ret %d, outSz %d\n", ret, *outSz);
  2461. return ret;
  2462. }
  2463. static WC_INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
  2464. byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
  2465. {
  2466. int ret;
  2467. word32 idx = 0;
  2468. RsaKey myKey;
  2469. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2470. enum wc_HashType hashType = WC_HASH_TYPE_NONE;
  2471. (void)ssl;
  2472. (void)cbInfo;
  2473. WOLFSSL_PKMSG("PK RSA PSS Verify: sigSz %d, hash %d, mgf %d, keySz %d\n",
  2474. sigSz, hash, mgf, keySz);
  2475. switch (hash) {
  2476. #ifndef NO_SHA256
  2477. case SHA256h:
  2478. hashType = WC_HASH_TYPE_SHA256;
  2479. break;
  2480. #endif
  2481. #ifdef WOLFSSL_SHA384
  2482. case SHA384h:
  2483. hashType = WC_HASH_TYPE_SHA384;
  2484. break;
  2485. #endif
  2486. #ifdef WOLFSSL_SHA512
  2487. case SHA512h:
  2488. hashType = WC_HASH_TYPE_SHA512;
  2489. break;
  2490. #endif
  2491. }
  2492. ret = wc_InitRsaKey(&myKey, NULL);
  2493. if (ret == 0) {
  2494. ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
  2495. if (ret == 0) {
  2496. ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
  2497. &myKey);
  2498. }
  2499. wc_FreeRsaKey(&myKey);
  2500. }
  2501. WOLFSSL_PKMSG("PK RSA PSS Verify: ret %d\n", ret);
  2502. return ret;
  2503. }
  2504. static WC_INLINE int myRsaPssSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
  2505. byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
  2506. {
  2507. int ret;
  2508. word32 idx = 0;
  2509. RsaKey myKey;
  2510. byte* keyBuf = (byte*)key;
  2511. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2512. enum wc_HashType hashType = WC_HASH_TYPE_NONE;
  2513. (void)ssl;
  2514. (void)cbInfo;
  2515. WOLFSSL_PKMSG("PK RSA PSS SignCheck: sigSz %d, hash %d, mgf %d, keySz %d\n",
  2516. sigSz, hash, mgf, keySz);
  2517. #ifdef TEST_PK_PRIVKEY
  2518. ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
  2519. if (ret != 0)
  2520. return ret;
  2521. #endif
  2522. switch (hash) {
  2523. #ifndef NO_SHA256
  2524. case SHA256h:
  2525. hashType = WC_HASH_TYPE_SHA256;
  2526. break;
  2527. #endif
  2528. #ifdef WOLFSSL_SHA384
  2529. case SHA384h:
  2530. hashType = WC_HASH_TYPE_SHA384;
  2531. break;
  2532. #endif
  2533. #ifdef WOLFSSL_SHA512
  2534. case SHA512h:
  2535. hashType = WC_HASH_TYPE_SHA512;
  2536. break;
  2537. #endif
  2538. }
  2539. ret = wc_InitRsaKey(&myKey, NULL);
  2540. if (ret == 0) {
  2541. ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
  2542. if (ret == 0) {
  2543. ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
  2544. &myKey);
  2545. }
  2546. wc_FreeRsaKey(&myKey);
  2547. }
  2548. #ifdef TEST_PK_PRIVKEY
  2549. free(keyBuf);
  2550. #endif
  2551. WOLFSSL_PKMSG("PK RSA PSS SignCheck: ret %d\n", ret);
  2552. return ret;
  2553. }
  2554. #endif
  2555. static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
  2556. byte* out, word32* outSz, const byte* key,
  2557. word32 keySz, void* ctx)
  2558. {
  2559. int ret;
  2560. word32 idx = 0;
  2561. RsaKey myKey;
  2562. WC_RNG rng;
  2563. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2564. (void)ssl;
  2565. (void)cbInfo;
  2566. WOLFSSL_PKMSG("PK RSA Enc: inSz %d, keySz %d\n", inSz, keySz);
  2567. ret = wc_InitRng(&rng);
  2568. if (ret != 0)
  2569. return ret;
  2570. ret = wc_InitRsaKey(&myKey, NULL);
  2571. if (ret == 0) {
  2572. ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
  2573. if (ret == 0) {
  2574. ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
  2575. if (ret > 0) {
  2576. *outSz = ret;
  2577. ret = 0; /* reset to success */
  2578. }
  2579. }
  2580. wc_FreeRsaKey(&myKey);
  2581. }
  2582. wc_FreeRng(&rng);
  2583. WOLFSSL_PKMSG("PK RSA Enc: ret %d, outSz %d\n", ret, *outSz);
  2584. return ret;
  2585. }
  2586. static WC_INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
  2587. byte** out,
  2588. const byte* key, word32 keySz, void* ctx)
  2589. {
  2590. int ret;
  2591. word32 idx = 0;
  2592. RsaKey myKey;
  2593. byte* keyBuf = (byte*)key;
  2594. PkCbInfo* cbInfo = (PkCbInfo*)ctx;
  2595. (void)ssl;
  2596. (void)cbInfo;
  2597. WOLFSSL_PKMSG("PK RSA Dec: inSz %d, keySz %d\n", inSz, keySz);
  2598. #ifdef TEST_PK_PRIVKEY
  2599. ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
  2600. if (ret != 0)
  2601. return ret;
  2602. #endif
  2603. ret = wc_InitRsaKey(&myKey, NULL);
  2604. if (ret == 0) {
  2605. ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
  2606. if (ret == 0) {
  2607. #ifdef WC_RSA_BLINDING
  2608. ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
  2609. if (ret != 0) {
  2610. wc_FreeRsaKey(&myKey);
  2611. return ret;
  2612. }
  2613. #endif
  2614. ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
  2615. }
  2616. wc_FreeRsaKey(&myKey);
  2617. }
  2618. #ifdef TEST_PK_PRIVKEY
  2619. free(keyBuf);
  2620. #endif
  2621. WOLFSSL_PKMSG("PK RSA Dec: ret %d\n", ret);
  2622. return ret;
  2623. }
  2624. #endif /* NO_RSA */
  2625. static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx)
  2626. {
  2627. (void)ctx;
  2628. #ifdef HAVE_ECC
  2629. wolfSSL_CTX_SetEccKeyGenCb(ctx, myEccKeyGen);
  2630. wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
  2631. wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
  2632. wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret);
  2633. #endif /* HAVE_ECC */
  2634. #ifndef NO_DH
  2635. wolfSSL_CTX_SetDhAgreeCb(ctx, myDhCallback);
  2636. #endif
  2637. #ifdef HAVE_ED25519
  2638. wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign);
  2639. wolfSSL_CTX_SetEd25519VerifyCb(ctx, myEd25519Verify);
  2640. #endif
  2641. #ifdef HAVE_CURVE25519
  2642. wolfSSL_CTX_SetX25519KeyGenCb(ctx, myX25519KeyGen);
  2643. wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret);
  2644. #endif
  2645. #ifndef NO_RSA
  2646. wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
  2647. wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
  2648. wolfSSL_CTX_SetRsaSignCheckCb(ctx, myRsaSignCheck);
  2649. #ifdef WC_RSA_PSS
  2650. wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign);
  2651. wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify);
  2652. wolfSSL_CTX_SetRsaPssSignCheckCb(ctx, myRsaPssSignCheck);
  2653. #endif
  2654. wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
  2655. wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
  2656. #endif /* NO_RSA */
  2657. }
  2658. static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx)
  2659. {
  2660. #ifdef HAVE_ECC
  2661. wolfSSL_SetEccKeyGenCtx(ssl, myCtx);
  2662. wolfSSL_SetEccSignCtx(ssl, myCtx);
  2663. wolfSSL_SetEccVerifyCtx(ssl, myCtx);
  2664. wolfSSL_SetEccSharedSecretCtx(ssl, myCtx);
  2665. #endif /* HAVE_ECC */
  2666. #ifndef NO_DH
  2667. wolfSSL_SetDhAgreeCtx(ssl, myCtx);
  2668. #endif
  2669. #ifdef HAVE_ED25519
  2670. wolfSSL_SetEd25519SignCtx(ssl, myCtx);
  2671. wolfSSL_SetEd25519VerifyCtx(ssl, myCtx);
  2672. #endif
  2673. #ifdef HAVE_CURVE25519
  2674. wolfSSL_SetX25519KeyGenCtx(ssl, myCtx);
  2675. wolfSSL_SetX25519SharedSecretCtx(ssl, myCtx);
  2676. #endif
  2677. #ifndef NO_RSA
  2678. wolfSSL_SetRsaSignCtx(ssl, myCtx);
  2679. wolfSSL_SetRsaVerifyCtx(ssl, myCtx);
  2680. #ifdef WC_RSA_PSS
  2681. wolfSSL_SetRsaPssSignCtx(ssl, myCtx);
  2682. wolfSSL_SetRsaPssVerifyCtx(ssl, myCtx);
  2683. #endif
  2684. wolfSSL_SetRsaEncCtx(ssl, myCtx);
  2685. wolfSSL_SetRsaDecCtx(ssl, myCtx);
  2686. #endif /* NO_RSA */
  2687. }
  2688. #endif /* HAVE_PK_CALLBACKS */
  2689. #if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \
  2690. || defined(_MSC_VER)
  2691. /* HP/UX doesn't have strsep, needed by test/suites.c */
  2692. static WC_INLINE char* strsep(char **stringp, const char *delim)
  2693. {
  2694. char* start;
  2695. char* end;
  2696. start = *stringp;
  2697. if (start == NULL)
  2698. return NULL;
  2699. if ((end = strpbrk(start, delim))) {
  2700. *end++ = '\0';
  2701. *stringp = end;
  2702. } else {
  2703. *stringp = NULL;
  2704. }
  2705. return start;
  2706. }
  2707. #endif /* __hpux__ and others */
  2708. /* Create unique filename, len is length of tempfn name, assuming
  2709. len does not include null terminating character,
  2710. num is number of characters in tempfn name to randomize */
  2711. static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
  2712. {
  2713. int x, size;
  2714. static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
  2715. "abcdefghijklmnopqrstuvwxyz";
  2716. WC_RNG rng;
  2717. byte out;
  2718. if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
  2719. printf("Bad input\n");
  2720. return NULL;
  2721. }
  2722. size = len - 1;
  2723. if (wc_InitRng(&rng) != 0) {
  2724. printf("InitRng failed\n");
  2725. return NULL;
  2726. }
  2727. for (x = size; x > size - num; x--) {
  2728. if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
  2729. printf("RNG_GenerateBlock failed\n");
  2730. return NULL;
  2731. }
  2732. tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
  2733. }
  2734. tempfn[len] = '\0';
  2735. wc_FreeRng(&rng);
  2736. (void)rng; /* for WC_NO_RNG case */
  2737. return tempfn;
  2738. }
  2739. #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
  2740. defined(HAVE_POLY1305)
  2741. #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
  2742. typedef struct key_ctx {
  2743. byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
  2744. byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */
  2745. } key_ctx;
  2746. static THREAD_LS_T key_ctx myKey_ctx;
  2747. static THREAD_LS_T WC_RNG myKey_rng;
  2748. static WC_INLINE int TicketInit(void)
  2749. {
  2750. int ret = wc_InitRng(&myKey_rng);
  2751. if (ret != 0) return ret;
  2752. ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key));
  2753. if (ret != 0) return ret;
  2754. ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name));
  2755. if (ret != 0) return ret;
  2756. return 0;
  2757. }
  2758. static WC_INLINE void TicketCleanup(void)
  2759. {
  2760. wc_FreeRng(&myKey_rng);
  2761. }
  2762. static WC_INLINE int myTicketEncCb(WOLFSSL* ssl,
  2763. byte key_name[WOLFSSL_TICKET_NAME_SZ],
  2764. byte iv[WOLFSSL_TICKET_IV_SZ],
  2765. byte mac[WOLFSSL_TICKET_MAC_SZ],
  2766. int enc, byte* ticket, int inLen, int* outLen,
  2767. void* userCtx)
  2768. {
  2769. (void)ssl;
  2770. (void)userCtx;
  2771. int ret;
  2772. word16 sLen = XHTONS(inLen);
  2773. byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
  2774. int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
  2775. byte* tmp = aad;
  2776. if (enc) {
  2777. XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
  2778. ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ);
  2779. if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
  2780. /* build aad from key name, iv, and length */
  2781. XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
  2782. tmp += WOLFSSL_TICKET_NAME_SZ;
  2783. XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
  2784. tmp += WOLFSSL_TICKET_IV_SZ;
  2785. XMEMCPY(tmp, &sLen, 2);
  2786. ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
  2787. aad, aadSz,
  2788. ticket, inLen,
  2789. ticket,
  2790. mac);
  2791. if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
  2792. *outLen = inLen; /* no padding in this mode */
  2793. } else {
  2794. /* decrypt */
  2795. /* see if we know this key */
  2796. if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
  2797. printf("client presented unknown ticket key name ");
  2798. return WOLFSSL_TICKET_RET_FATAL;
  2799. }
  2800. /* build aad from key name, iv, and length */
  2801. XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
  2802. tmp += WOLFSSL_TICKET_NAME_SZ;
  2803. XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
  2804. tmp += WOLFSSL_TICKET_IV_SZ;
  2805. XMEMCPY(tmp, &sLen, 2);
  2806. ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
  2807. aad, aadSz,
  2808. ticket, inLen,
  2809. mac,
  2810. ticket);
  2811. if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
  2812. *outLen = inLen; /* no padding in this mode */
  2813. }
  2814. return WOLFSSL_TICKET_RET_OK;
  2815. }
  2816. #endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
  2817. static WC_INLINE word16 GetRandomPort(void)
  2818. {
  2819. word16 port = 0;
  2820. /* Generate random port for testing */
  2821. WC_RNG rng;
  2822. if (wc_InitRng(&rng) == 0) {
  2823. if (wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)) == 0) {
  2824. port |= 0xC000; /* Make sure its in the 49152 - 65535 range */
  2825. }
  2826. wc_FreeRng(&rng);
  2827. }
  2828. (void)rng; /* for WC_NO_RNG case */
  2829. return port;
  2830. }
  2831. #endif /* wolfSSL_TEST_H */