Azure IoT
Azure IoT common library
Dependents: STM32F746_iothub_client_sample_mqtt f767zi_mqtt iothub_client_sample_amqp iothub_client_sample_http ... more
Diff: tlsio_wolfssl.c
- Revision:
- 40:3f3af6cd8a01
- Parent:
- 39:05674f3c9d9d
- Child:
- 42:0cc3c211ad26
--- a/tlsio_wolfssl.c Tue Jan 30 08:23:35 2018 -0800
+++ b/tlsio_wolfssl.c Thu Feb 15 11:37:42 2018 -0800
@@ -62,7 +62,7 @@
}
else
{
- if (strcmp(name, "TrustedCerts") == 0)
+ if (strcmp(name, OPTION_TRUSTED_CERT) == 0)
{
if (mallocAndStrcpy_s((char**)&result, value) != 0)
{
@@ -117,7 +117,7 @@
}
else
{
- if ((strcmp(name, "TrustedCerts") == 0) ||
+ if ((strcmp(name, OPTION_TRUSTED_CERT) == 0) ||
(strcmp(name, SU_OPTION_X509_CERT) == 0) ||
(strcmp(name, SU_OPTION_X509_PRIVATE_KEY) == 0))
{
@@ -170,7 +170,7 @@
}
else if (
(tls_io_instance->certificate != NULL) &&
- (OptionHandler_AddOption(result, "TrustedCerts", tls_io_instance->certificate) != 0)
+ (OptionHandler_AddOption(result, OPTION_TRUSTED_CERT, tls_io_instance->certificate) != 0)
)
{
LogError("unable to save TrustedCerts option");
@@ -264,47 +264,61 @@
static void on_underlying_io_bytes_received(void* context, const unsigned char* buffer, size_t size)
{
- TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
+ if (context != NULL)
+ {
+ TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
- unsigned char* new_socket_io_read_bytes = (unsigned char*)realloc(tls_io_instance->socket_io_read_bytes, tls_io_instance->socket_io_read_byte_count + size);
- if (new_socket_io_read_bytes == NULL)
- {
- LogError("Failed allocating memory for received bytes");
- tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
- indicate_error(tls_io_instance);
+ unsigned char* new_socket_io_read_bytes = (unsigned char*)realloc(tls_io_instance->socket_io_read_bytes, tls_io_instance->socket_io_read_byte_count + size);
+ if (new_socket_io_read_bytes == NULL)
+ {
+ LogError("Failed allocating memory for received bytes");
+ tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
+ indicate_error(tls_io_instance);
+ }
+ else
+ {
+ tls_io_instance->socket_io_read_bytes = new_socket_io_read_bytes;
+ (void)memcpy(tls_io_instance->socket_io_read_bytes + tls_io_instance->socket_io_read_byte_count, buffer, size);
+ tls_io_instance->socket_io_read_byte_count += size;
+ }
}
else
{
- tls_io_instance->socket_io_read_bytes = new_socket_io_read_bytes;
- (void)memcpy(tls_io_instance->socket_io_read_bytes + tls_io_instance->socket_io_read_byte_count, buffer, size);
- tls_io_instance->socket_io_read_byte_count += size;
+ LogInfo("Supplied context is NULL on bytes_received");
}
}
static void on_underlying_io_error(void* context)
{
- TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
-
- switch (tls_io_instance->tlsio_state)
+ if (context != NULL)
{
- default:
- LogError("Unknown TLS IO WolfSSL state: %d", (int)tls_io_instance->tlsio_state);
- break;
+ TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
+
+ switch (tls_io_instance->tlsio_state)
+ {
+ default:
+ LogError("Unknown TLS IO WolfSSL state: %d", (int)tls_io_instance->tlsio_state);
+ break;
+
+ case TLSIO_STATE_NOT_OPEN:
+ case TLSIO_STATE_ERROR:
+ break;
- case TLSIO_STATE_NOT_OPEN:
- case TLSIO_STATE_ERROR:
- break;
+ case TLSIO_STATE_OPENING_UNDERLYING_IO:
+ case TLSIO_STATE_IN_HANDSHAKE:
+ tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
+ indicate_open_complete(tls_io_instance, IO_OPEN_ERROR);
+ break;
- case TLSIO_STATE_OPENING_UNDERLYING_IO:
- case TLSIO_STATE_IN_HANDSHAKE:
- tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
- indicate_open_complete(tls_io_instance, IO_OPEN_ERROR);
- break;
-
- case TLSIO_STATE_OPEN:
- tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
- indicate_error(tls_io_instance);
- break;
+ case TLSIO_STATE_OPEN:
+ tls_io_instance->tlsio_state = TLSIO_STATE_ERROR;
+ indicate_error(tls_io_instance);
+ break;
+ }
+ }
+ else
+ {
+ LogInfo("Supplied context is NULL on io_error");
}
}
@@ -329,54 +343,60 @@
static int on_io_recv(WOLFSSL *ssl, char *buf, int sz, void *context)
{
int result;
- TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
- unsigned char* new_socket_io_read_bytes;
+ if (context != NULL)
+ {
+ TLS_IO_INSTANCE* tls_io_instance = (TLS_IO_INSTANCE*)context;
+ unsigned char* new_socket_io_read_bytes;
+
+ (void)ssl;
+ while (tls_io_instance->socket_io_read_byte_count == 0)
+ {
+ xio_dowork(tls_io_instance->socket_io);
+ if (tls_io_instance->tlsio_state != TLSIO_STATE_IN_HANDSHAKE)
+ {
+ break;
+ }
+ }
+
+ result = tls_io_instance->socket_io_read_byte_count;
+ if (result > sz)
+ {
+ result = sz;
+ }
- (void)ssl;
- while (tls_io_instance->socket_io_read_byte_count == 0)
- {
- xio_dowork(tls_io_instance->socket_io);
- if (tls_io_instance->tlsio_state != TLSIO_STATE_IN_HANDSHAKE)
+ if (result > 0)
{
- break;
+ (void)memcpy(buf, tls_io_instance->socket_io_read_bytes, result);
+ (void)memmove(tls_io_instance->socket_io_read_bytes, tls_io_instance->socket_io_read_bytes + result, tls_io_instance->socket_io_read_byte_count - result);
+ tls_io_instance->socket_io_read_byte_count -= result;
+ if (tls_io_instance->socket_io_read_byte_count > 0)
+ {
+ new_socket_io_read_bytes = (unsigned char*)realloc(tls_io_instance->socket_io_read_bytes, tls_io_instance->socket_io_read_byte_count);
+ if (new_socket_io_read_bytes != NULL)
+ {
+ tls_io_instance->socket_io_read_bytes = new_socket_io_read_bytes;
+ }
+ }
+ else
+ {
+ free(tls_io_instance->socket_io_read_bytes);
+ tls_io_instance->socket_io_read_bytes = NULL;
+ }
+ }
+
+ if ((result == 0) && (tls_io_instance->tlsio_state == TLSIO_STATE_OPEN))
+ {
+ result = WOLFSSL_CBIO_ERR_WANT_READ;
+ }
+ else if ((result == 0) && (tls_io_instance->tlsio_state == TLSIO_STATE_CLOSING || tls_io_instance->tlsio_state == TLSIO_STATE_NOT_OPEN))
+ {
+ result = WOLFSSL_CBIO_ERR_CONN_CLOSE;
}
}
-
- result = tls_io_instance->socket_io_read_byte_count;
- if (result > sz)
- {
- result = sz;
- }
-
- if (result > 0)
+ else
{
- (void)memcpy(buf, tls_io_instance->socket_io_read_bytes, result);
- (void)memmove(tls_io_instance->socket_io_read_bytes, tls_io_instance->socket_io_read_bytes + result, tls_io_instance->socket_io_read_byte_count - result);
- tls_io_instance->socket_io_read_byte_count -= result;
- if (tls_io_instance->socket_io_read_byte_count > 0)
- {
- new_socket_io_read_bytes = (unsigned char*)realloc(tls_io_instance->socket_io_read_bytes, tls_io_instance->socket_io_read_byte_count);
- if (new_socket_io_read_bytes != NULL)
- {
- tls_io_instance->socket_io_read_bytes = new_socket_io_read_bytes;
- }
- }
- else
- {
- free(tls_io_instance->socket_io_read_bytes);
- tls_io_instance->socket_io_read_bytes = NULL;
- }
+ result = WOLFSSL_CBIO_ERR_GENERAL;
}
-
- if ((result == 0) && (tls_io_instance->tlsio_state == TLSIO_STATE_OPEN))
- {
- result = WOLFSSL_CBIO_ERR_WANT_READ;
- }
- else if ((result == 0) && (tls_io_instance->tlsio_state == TLSIO_STATE_CLOSING || tls_io_instance->tlsio_state == TLSIO_STATE_NOT_OPEN))
- {
- result = WOLFSSL_CBIO_ERR_CONN_CLOSE;
- }
-
return result;
}
@@ -479,47 +499,53 @@
{
int result;
- if (add_certificate_to_store(tls_io_instance) != 0)
+ tls_io_instance->ssl = wolfSSL_new(tls_io_instance->ssl_context);
+ if (tls_io_instance->ssl == NULL)
{
LogError("Failed to add certificates to store");
result = __FAILURE__;
}
else
{
- tls_io_instance->ssl = wolfSSL_new(tls_io_instance->ssl_context);
- if (tls_io_instance->ssl == NULL)
- {
- LogError("Failed to add certificates to store");
- result = __FAILURE__;
- }
- /*x509 authentication can only be build before underlying connection is realized*/
- else if ((tls_io_instance->x509certificate != NULL) &&
- (tls_io_instance->x509privatekey != NULL) &&
- (x509_wolfssl_add_credentials(tls_io_instance->ssl, tls_io_instance->x509certificate, tls_io_instance->x509privatekey) != 0))
- {
- destroy_wolfssl_instance(tls_io_instance);
- LogError("unable to use x509 authentication");
- result = __FAILURE__;
- }
- else
- {
- tls_io_instance->socket_io_read_bytes = NULL;
- tls_io_instance->socket_io_read_byte_count = 0;
- tls_io_instance->on_send_complete = NULL;
- tls_io_instance->on_send_complete_callback_context = NULL;
+ tls_io_instance->socket_io_read_bytes = NULL;
+ tls_io_instance->socket_io_read_byte_count = 0;
+ tls_io_instance->on_send_complete = NULL;
+ tls_io_instance->on_send_complete_callback_context = NULL;
+
+ wolfSSL_set_using_nonblock(tls_io_instance->ssl, 1);
+ wolfSSL_SetIOSend(tls_io_instance->ssl_context, on_io_send);
+ wolfSSL_SetIORecv(tls_io_instance->ssl_context, on_io_recv);
+ wolfSSL_SetHsDoneCb(tls_io_instance->ssl, on_handshake_done, tls_io_instance);
+ wolfSSL_SetIOWriteCtx(tls_io_instance->ssl, tls_io_instance);
+ wolfSSL_SetIOReadCtx(tls_io_instance->ssl, tls_io_instance);
+
+ tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN;
+ result = 0;
+ }
+ return result;
+}
- wolfSSL_set_using_nonblock(tls_io_instance->ssl, 1);
- wolfSSL_SetIOSend(tls_io_instance->ssl_context, on_io_send);
- wolfSSL_SetIORecv(tls_io_instance->ssl_context, on_io_recv);
- wolfSSL_SetHsDoneCb(tls_io_instance->ssl, on_handshake_done, tls_io_instance);
- wolfSSL_SetIOWriteCtx(tls_io_instance->ssl, tls_io_instance);
- wolfSSL_SetIOReadCtx(tls_io_instance->ssl, tls_io_instance);
-
- tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN;
- result = 0;
- }
+static int prepare_wolfssl_open(TLS_IO_INSTANCE* tls_io_instance)
+{
+ int result;
+ if (add_certificate_to_store(tls_io_instance) != 0)
+ {
+ LogError("Failed to add certificates to store");
+ result = __FAILURE__;
}
-
+ /*x509 authentication can only be build before underlying connection is realized*/
+ else if ((tls_io_instance->x509certificate != NULL) &&
+ (tls_io_instance->x509privatekey != NULL) &&
+ (x509_wolfssl_add_credentials(tls_io_instance->ssl, tls_io_instance->x509certificate, tls_io_instance->x509privatekey) != 0))
+ {
+ destroy_wolfssl_instance(tls_io_instance);
+ LogError("unable to use x509 authentication");
+ result = __FAILURE__;
+ }
+ else
+ {
+ result = 0;
+ }
return result;
}
@@ -556,28 +582,6 @@
else
{
(void)memset(result, 0, sizeof(TLS_IO_INSTANCE));
-
- result->socket_io_read_bytes = 0;
- result->socket_io_read_byte_count = 0;
- result->socket_io = NULL;
-
- result->ssl = NULL;
- result->certificate = NULL;
- result->x509certificate = NULL;
- result->x509privatekey = NULL;
-
- result->on_bytes_received = NULL;
- result->on_bytes_received_context = NULL;
-
- result->on_io_open_complete = NULL;
- result->on_io_open_complete_context = NULL;
-
- result->on_io_close_complete = NULL;
- result->on_io_close_complete_context = NULL;
-
- result->on_io_error = NULL;
- result->on_io_error_context = NULL;
-
result->tlsio_state = TLSIO_STATE_NOT_OPEN;
result->ssl_context = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
@@ -626,6 +630,13 @@
free(result);
result = NULL;
}
+ else if (create_wolfssl_instance(result) != 0)
+ {
+ LogError("Failure connecting to underlying socket_io");
+ wolfSSL_CTX_free(result->ssl_context);
+ free(result);
+ result = NULL;
+ }
}
}
}
@@ -659,6 +670,7 @@
free(tls_io_instance->x509privatekey);
tls_io_instance->x509privatekey = NULL;
}
+ destroy_wolfssl_instance(tls_io_instance);
wolfSSL_CTX_free(tls_io_instance->ssl_context);
tls_io_instance->ssl_context = NULL;
@@ -699,7 +711,7 @@
tls_io_instance->tlsio_state = TLSIO_STATE_OPENING_UNDERLYING_IO;
- if (create_wolfssl_instance(tls_io_instance) != 0)
+ if (prepare_wolfssl_open(tls_io_instance) != 0)
{
LogError("Cannot create wolfssl instance.");
tls_io_instance->tlsio_state = TLSIO_STATE_NOT_OPEN;
@@ -762,7 +774,6 @@
}
else
{
- destroy_wolfssl_instance(tls_io_instance);
result = 0;
}
}
