wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/test.h@13:f67a6c6013ca, 2017-08-22 (annotated)

Committer:: wolfSSL
Date:: Tue Aug 22 10:48:22 2017 +0000
Revision:: 13:f67a6c6013ca

wolfSSL3.12.0 with TLS1.3

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	13:f67a6c6013ca	1	/* test.h */
wolfSSL	13:f67a6c6013ca	2
wolfSSL	13:f67a6c6013ca	3	#ifndef wolfSSL_TEST_H
wolfSSL	13:f67a6c6013ca	4	#define wolfSSL_TEST_H
wolfSSL	13:f67a6c6013ca	5
wolfSSL	13:f67a6c6013ca	6	#include <stdio.h>
wolfSSL	13:f67a6c6013ca	7	#include <stdlib.h>
wolfSSL	13:f67a6c6013ca	8	#include <assert.h>
wolfSSL	13:f67a6c6013ca	9	#include <ctype.h>
wolfSSL	13:f67a6c6013ca	10	#include <wolfssl/wolfcrypt/types.h>
wolfSSL	13:f67a6c6013ca	11	#include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL	13:f67a6c6013ca	12	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	13:f67a6c6013ca	13
wolfSSL	13:f67a6c6013ca	14	#ifdef ATOMIC_USER
wolfSSL	13:f67a6c6013ca	15	#include <wolfssl/wolfcrypt/aes.h>
wolfSSL	13:f67a6c6013ca	16	#include <wolfssl/wolfcrypt/arc4.h>
wolfSSL	13:f67a6c6013ca	17	#include <wolfssl/wolfcrypt/hmac.h>
wolfSSL	13:f67a6c6013ca	18	#endif
wolfSSL	13:f67a6c6013ca	19	#ifdef HAVE_PK_CALLBACKS
wolfSSL	13:f67a6c6013ca	20	#include <wolfssl/wolfcrypt/asn.h>
wolfSSL	13:f67a6c6013ca	21	#ifndef NO_RSA
wolfSSL	13:f67a6c6013ca	22	#include <wolfssl/wolfcrypt/rsa.h>
wolfSSL	13:f67a6c6013ca	23	#endif
wolfSSL	13:f67a6c6013ca	24	#ifdef HAVE_ECC
wolfSSL	13:f67a6c6013ca	25	#include <wolfssl/wolfcrypt/ecc.h>
wolfSSL	13:f67a6c6013ca	26	#endif /* HAVE_ECC */
wolfSSL	13:f67a6c6013ca	27	#ifdef HAVE_ED25519
wolfSSL	13:f67a6c6013ca	28	#include <wolfssl/wolfcrypt/ed25519.h>
wolfSSL	13:f67a6c6013ca	29	#endif /* HAVE_ED25519 */
wolfSSL	13:f67a6c6013ca	30	#ifdef HAVE_CURVE25519
wolfSSL	13:f67a6c6013ca	31	#include <wolfssl/wolfcrypt/curve25519.h>
wolfSSL	13:f67a6c6013ca	32	#endif /* HAVE_ECC */
wolfSSL	13:f67a6c6013ca	33	#endif /HAVE_PK_CALLBACKS /
wolfSSL	13:f67a6c6013ca	34
wolfSSL	13:f67a6c6013ca	35	#ifdef USE_WINDOWS_API
wolfSSL	13:f67a6c6013ca	36	#include <winsock2.h>
wolfSSL	13:f67a6c6013ca	37	#include <process.h>
wolfSSL	13:f67a6c6013ca	38	#ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */
wolfSSL	13:f67a6c6013ca	39	#include <ws2tcpip.h>
wolfSSL	13:f67a6c6013ca	40	#include <wspiapi.h>
wolfSSL	13:f67a6c6013ca	41	#endif
wolfSSL	13:f67a6c6013ca	42	#define SOCKET_T SOCKET
wolfSSL	13:f67a6c6013ca	43	#define SNPRINTF _snprintf
wolfSSL	13:f67a6c6013ca	44	#elif defined(WOLFSSL_MDK_ARM) \|\| defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	45	#include <string.h>
wolfSSL	13:f67a6c6013ca	46	#include "rl_net.h"
wolfSSL	13:f67a6c6013ca	47	#define SOCKET_T int
wolfSSL	13:f67a6c6013ca	48	typedef int socklen_t ;
wolfSSL	13:f67a6c6013ca	49	static unsigned long inet_addr(const char *cp)
wolfSSL	13:f67a6c6013ca	50	{
wolfSSL	13:f67a6c6013ca	51	unsigned int a[4] ; unsigned long ret ;
wolfSSL	13:f67a6c6013ca	52	sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ;
wolfSSL	13:f67a6c6013ca	53	ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
wolfSSL	13:f67a6c6013ca	54	return(ret) ;
wolfSSL	13:f67a6c6013ca	55	}
wolfSSL	13:f67a6c6013ca	56	#if defined(HAVE_KEIL_RTX)
wolfSSL	13:f67a6c6013ca	57	#define sleep(t) os_dly_wait(t/1000+1) ;
wolfSSL	13:f67a6c6013ca	58	#elif defined (WOLFSSL_CMSIS_RTOS)
wolfSSL	13:f67a6c6013ca	59	#define sleep(t) osDelay(t/1000+1) ;
wolfSSL	13:f67a6c6013ca	60	#endif
wolfSSL	13:f67a6c6013ca	61
wolfSSL	13:f67a6c6013ca	62	static int wolfssl_tcp_select(int sd, int timeout)
wolfSSL	13:f67a6c6013ca	63	{ return 0 ; }
wolfSSL	13:f67a6c6013ca	64	#define tcp_select(sd,t) wolfssl_tcp_select(sd, t) /* avoid conflicting Keil TCP tcp_select */
wolfSSL	13:f67a6c6013ca	65	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	66	#include <string.h>
wolfSSL	13:f67a6c6013ca	67	#include <netdb.h>
wolfSSL	13:f67a6c6013ca	68	#include <sys/types.h>
wolfSSL	13:f67a6c6013ca	69	#include <arpa/inet.h>
wolfSSL	13:f67a6c6013ca	70	#include <sys/socket.h>
wolfSSL	13:f67a6c6013ca	71	#include <ti/sysbios/knl/Task.h>
wolfSSL	13:f67a6c6013ca	72	struct hostent {
wolfSSL	13:f67a6c6013ca	73	char h_name; / official name of host */
wolfSSL	13:f67a6c6013ca	74	char *h_aliases; / alias list */
wolfSSL	13:f67a6c6013ca	75	int h_addrtype; /* host address type */
wolfSSL	13:f67a6c6013ca	76	int h_length; /* length of address */
wolfSSL	13:f67a6c6013ca	77	char *h_addr_list; / list of addresses from name server */
wolfSSL	13:f67a6c6013ca	78	};
wolfSSL	13:f67a6c6013ca	79	#define SOCKET_T int
wolfSSL	13:f67a6c6013ca	80	#elif defined(WOLFSSL_VXWORKS)
wolfSSL	13:f67a6c6013ca	81	#include <hostLib.h>
wolfSSL	13:f67a6c6013ca	82	#include <sockLib.h>
wolfSSL	13:f67a6c6013ca	83	#include <arpa/inet.h>
wolfSSL	13:f67a6c6013ca	84	#include <string.h>
wolfSSL	13:f67a6c6013ca	85	#include <selectLib.h>
wolfSSL	13:f67a6c6013ca	86	#include <sys/types.h>
wolfSSL	13:f67a6c6013ca	87	#include <netinet/in.h>
wolfSSL	13:f67a6c6013ca	88	#include <fcntl.h>
wolfSSL	13:f67a6c6013ca	89	#include <sys/time.h>
wolfSSL	13:f67a6c6013ca	90	#include <netdb.h>
wolfSSL	13:f67a6c6013ca	91	#include <pthread.h>
wolfSSL	13:f67a6c6013ca	92	#define SOCKET_T int
wolfSSL	13:f67a6c6013ca	93	#else
wolfSSL	13:f67a6c6013ca	94	#include <string.h>
wolfSSL	13:f67a6c6013ca	95	#include <sys/types.h>
wolfSSL	13:f67a6c6013ca	96	#ifndef WOLFSSL_LEANPSK
wolfSSL	13:f67a6c6013ca	97	#include <unistd.h>
wolfSSL	13:f67a6c6013ca	98	#include <netdb.h>
wolfSSL	13:f67a6c6013ca	99	#include <netinet/in.h>
wolfSSL	13:f67a6c6013ca	100	#include <netinet/tcp.h>
wolfSSL	13:f67a6c6013ca	101	#include <arpa/inet.h>
wolfSSL	13:f67a6c6013ca	102	#include <sys/ioctl.h>
wolfSSL	13:f67a6c6013ca	103	#include <sys/time.h>
wolfSSL	13:f67a6c6013ca	104	#include <sys/socket.h>
wolfSSL	13:f67a6c6013ca	105	#include <pthread.h>
wolfSSL	13:f67a6c6013ca	106	#include <fcntl.h>
wolfSSL	13:f67a6c6013ca	107	#ifdef TEST_IPV6
wolfSSL	13:f67a6c6013ca	108	#include <netdb.h>
wolfSSL	13:f67a6c6013ca	109	#endif
wolfSSL	13:f67a6c6013ca	110	#endif
wolfSSL	13:f67a6c6013ca	111	#define SOCKET_T int
wolfSSL	13:f67a6c6013ca	112	#ifndef SO_NOSIGPIPE
wolfSSL	13:f67a6c6013ca	113	#include <signal.h> /* ignore SIGPIPE */
wolfSSL	13:f67a6c6013ca	114	#endif
wolfSSL	13:f67a6c6013ca	115	#define SNPRINTF snprintf
wolfSSL	13:f67a6c6013ca	116	#endif /* USE_WINDOWS_API */
wolfSSL	13:f67a6c6013ca	117
wolfSSL	13:f67a6c6013ca	118	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	13:f67a6c6013ca	119	#include <wolfssl/wolfcrypt/async.h>
wolfSSL	13:f67a6c6013ca	120	#endif
wolfSSL	13:f67a6c6013ca	121	#ifdef HAVE_CAVIUM
wolfSSL	13:f67a6c6013ca	122	#include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
wolfSSL	13:f67a6c6013ca	123	#endif
wolfSSL	13:f67a6c6013ca	124
wolfSSL	13:f67a6c6013ca	125	#ifdef _MSC_VER
wolfSSL	13:f67a6c6013ca	126	/* disable conversion warning */
wolfSSL	13:f67a6c6013ca	127	/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
wolfSSL	13:f67a6c6013ca	128	#pragma warning(disable:4244 4996)
wolfSSL	13:f67a6c6013ca	129	#endif
wolfSSL	13:f67a6c6013ca	130
wolfSSL	13:f67a6c6013ca	131	/* Buffer for benchmark tests */
wolfSSL	13:f67a6c6013ca	132	#ifndef TEST_BUFFER_SIZE
wolfSSL	13:f67a6c6013ca	133	#define TEST_BUFFER_SIZE 16384
wolfSSL	13:f67a6c6013ca	134	#endif
wolfSSL	13:f67a6c6013ca	135
wolfSSL	13:f67a6c6013ca	136	#ifndef WOLFSSL_HAVE_MIN
wolfSSL	13:f67a6c6013ca	137	#define WOLFSSL_HAVE_MIN
wolfSSL	13:f67a6c6013ca	138	static INLINE word32 min(word32 a, word32 b)
wolfSSL	13:f67a6c6013ca	139	{
wolfSSL	13:f67a6c6013ca	140	return a > b ? b : a;
wolfSSL	13:f67a6c6013ca	141	}
wolfSSL	13:f67a6c6013ca	142	#endif /* WOLFSSL_HAVE_MIN */
wolfSSL	13:f67a6c6013ca	143
wolfSSL	13:f67a6c6013ca	144	/* Socket Handling */
wolfSSL	13:f67a6c6013ca	145	#ifndef WOLFSSL_SOCKET_INVALID
wolfSSL	13:f67a6c6013ca	146	#ifdef USE_WINDOWS_API
wolfSSL	13:f67a6c6013ca	147	#define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET)
wolfSSL	13:f67a6c6013ca	148	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	149	#define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1)
wolfSSL	13:f67a6c6013ca	150	#else
wolfSSL	13:f67a6c6013ca	151	#define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0)
wolfSSL	13:f67a6c6013ca	152	#endif
wolfSSL	13:f67a6c6013ca	153	#endif /* WOLFSSL_SOCKET_INVALID */
wolfSSL	13:f67a6c6013ca	154
wolfSSL	13:f67a6c6013ca	155	#ifndef WOLFSSL_SOCKET_IS_INVALID
wolfSSL	13:f67a6c6013ca	156	#if defined(USE_WINDOWS_API) \|\| defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	157	#define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID)
wolfSSL	13:f67a6c6013ca	158	#else
wolfSSL	13:f67a6c6013ca	159	#define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID)
wolfSSL	13:f67a6c6013ca	160	#endif
wolfSSL	13:f67a6c6013ca	161	#endif /* WOLFSSL_SOCKET_IS_INVALID */
wolfSSL	13:f67a6c6013ca	162
wolfSSL	13:f67a6c6013ca	163	#if defined(__MACH__) \|\| defined(USE_WINDOWS_API)
wolfSSL	13:f67a6c6013ca	164	#ifndef _SOCKLEN_T
wolfSSL	13:f67a6c6013ca	165	typedef int socklen_t;
wolfSSL	13:f67a6c6013ca	166	#endif
wolfSSL	13:f67a6c6013ca	167	#endif
wolfSSL	13:f67a6c6013ca	168
wolfSSL	13:f67a6c6013ca	169
wolfSSL	13:f67a6c6013ca	170	/* HPUX doesn't use socklent_t for third parameter to accept, unless
wolfSSL	13:f67a6c6013ca	171	_XOPEN_SOURCE_EXTENDED is defined */
wolfSSL	13:f67a6c6013ca	172	#if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\
wolfSSL	13:f67a6c6013ca	173	&& !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	174	typedef socklen_t* ACCEPT_THIRD_T;
wolfSSL	13:f67a6c6013ca	175	#else
wolfSSL	13:f67a6c6013ca	176	#if defined _XOPEN_SOURCE_EXTENDED
wolfSSL	13:f67a6c6013ca	177	typedef socklen_t* ACCEPT_THIRD_T;
wolfSSL	13:f67a6c6013ca	178	#else
wolfSSL	13:f67a6c6013ca	179	typedef int* ACCEPT_THIRD_T;
wolfSSL	13:f67a6c6013ca	180	#endif
wolfSSL	13:f67a6c6013ca	181	#endif
wolfSSL	13:f67a6c6013ca	182
wolfSSL	13:f67a6c6013ca	183
wolfSSL	13:f67a6c6013ca	184	#ifdef USE_WINDOWS_API
wolfSSL	13:f67a6c6013ca	185	#define CloseSocket(s) closesocket(s)
wolfSSL	13:f67a6c6013ca	186	#define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); }
wolfSSL	13:f67a6c6013ca	187	#elif defined(WOLFSSL_MDK_ARM) \|\| defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	188	#define CloseSocket(s) closesocket(s)
wolfSSL	13:f67a6c6013ca	189	#define StartTCP()
wolfSSL	13:f67a6c6013ca	190	#else
wolfSSL	13:f67a6c6013ca	191	#define CloseSocket(s) close(s)
wolfSSL	13:f67a6c6013ca	192	#define StartTCP()
wolfSSL	13:f67a6c6013ca	193	#endif
wolfSSL	13:f67a6c6013ca	194
wolfSSL	13:f67a6c6013ca	195
wolfSSL	13:f67a6c6013ca	196	#ifdef SINGLE_THREADED
wolfSSL	13:f67a6c6013ca	197	typedef unsigned int THREAD_RETURN;
wolfSSL	13:f67a6c6013ca	198	typedef void* THREAD_TYPE;
wolfSSL	13:f67a6c6013ca	199	#define WOLFSSL_THREAD
wolfSSL	13:f67a6c6013ca	200	#else
wolfSSL	13:f67a6c6013ca	201	#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
wolfSSL	13:f67a6c6013ca	202	typedef void* THREAD_RETURN;
wolfSSL	13:f67a6c6013ca	203	typedef pthread_t THREAD_TYPE;
wolfSSL	13:f67a6c6013ca	204	#define WOLFSSL_THREAD
wolfSSL	13:f67a6c6013ca	205	#define INFINITE -1
wolfSSL	13:f67a6c6013ca	206	#define WAIT_OBJECT_0 0L
wolfSSL	13:f67a6c6013ca	207	#elif defined(WOLFSSL_MDK_ARM)\|\| defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	208	typedef unsigned int THREAD_RETURN;
wolfSSL	13:f67a6c6013ca	209	typedef int THREAD_TYPE;
wolfSSL	13:f67a6c6013ca	210	#define WOLFSSL_THREAD
wolfSSL	13:f67a6c6013ca	211	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	212	typedef void THREAD_RETURN;
wolfSSL	13:f67a6c6013ca	213	typedef Task_Handle THREAD_TYPE;
wolfSSL	13:f67a6c6013ca	214	#define WOLFSSL_THREAD
wolfSSL	13:f67a6c6013ca	215	#else
wolfSSL	13:f67a6c6013ca	216	typedef unsigned int THREAD_RETURN;
wolfSSL	13:f67a6c6013ca	217	typedef intptr_t THREAD_TYPE;
wolfSSL	13:f67a6c6013ca	218	#define WOLFSSL_THREAD __stdcall
wolfSSL	13:f67a6c6013ca	219	#endif
wolfSSL	13:f67a6c6013ca	220	#endif
wolfSSL	13:f67a6c6013ca	221
wolfSSL	13:f67a6c6013ca	222
wolfSSL	13:f67a6c6013ca	223	#ifdef TEST_IPV6
wolfSSL	13:f67a6c6013ca	224	typedef struct sockaddr_in6 SOCKADDR_IN_T;
wolfSSL	13:f67a6c6013ca	225	#define AF_INET_V AF_INET6
wolfSSL	13:f67a6c6013ca	226	#else
wolfSSL	13:f67a6c6013ca	227	typedef struct sockaddr_in SOCKADDR_IN_T;
wolfSSL	13:f67a6c6013ca	228	#define AF_INET_V AF_INET
wolfSSL	13:f67a6c6013ca	229	#endif
wolfSSL	13:f67a6c6013ca	230
wolfSSL	13:f67a6c6013ca	231
wolfSSL	13:f67a6c6013ca	232	#define SERVER_DEFAULT_VERSION 3
wolfSSL	13:f67a6c6013ca	233	#define SERVER_DTLS_DEFAULT_VERSION (-2)
wolfSSL	13:f67a6c6013ca	234	#define SERVER_INVALID_VERSION (-99)
wolfSSL	13:f67a6c6013ca	235	#define CLIENT_DEFAULT_VERSION 3
wolfSSL	13:f67a6c6013ca	236	#define CLIENT_DTLS_DEFAULT_VERSION (-2)
wolfSSL	13:f67a6c6013ca	237	#define CLIENT_INVALID_VERSION (-99)
wolfSSL	13:f67a6c6013ca	238	#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
wolfSSL	13:f67a6c6013ca	239	#define DEFAULT_MIN_DHKEY_BITS 2048
wolfSSL	13:f67a6c6013ca	240	#else
wolfSSL	13:f67a6c6013ca	241	#define DEFAULT_MIN_DHKEY_BITS 1024
wolfSSL	13:f67a6c6013ca	242	#endif
wolfSSL	13:f67a6c6013ca	243	#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
wolfSSL	13:f67a6c6013ca	244	#define DEFAULT_MIN_RSAKEY_BITS 2048
wolfSSL	13:f67a6c6013ca	245	#else
wolfSSL	13:f67a6c6013ca	246	#define DEFAULT_MIN_RSAKEY_BITS 1024
wolfSSL	13:f67a6c6013ca	247	#endif
wolfSSL	13:f67a6c6013ca	248	#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
wolfSSL	13:f67a6c6013ca	249	#define DEFAULT_MIN_ECCKEY_BITS 256
wolfSSL	13:f67a6c6013ca	250	#else
wolfSSL	13:f67a6c6013ca	251	#define DEFAULT_MIN_ECCKEY_BITS 224
wolfSSL	13:f67a6c6013ca	252	#endif
wolfSSL	13:f67a6c6013ca	253
wolfSSL	13:f67a6c6013ca	254	/* all certs relative to wolfSSL home directory now */
wolfSSL	13:f67a6c6013ca	255	#if defined(WOLFSSL_NO_CURRDIR) \|\| defined(WOLFSSL_MDK_SHELL)
wolfSSL	13:f67a6c6013ca	256	#define caCertFile "certs/ca-cert.pem"
wolfSSL	13:f67a6c6013ca	257	#define eccCertFile "certs/server-ecc.pem"
wolfSSL	13:f67a6c6013ca	258	#define eccKeyFile "certs/ecc-key.pem"
wolfSSL	13:f67a6c6013ca	259	#define svrCertFile "certs/server-cert.pem"
wolfSSL	13:f67a6c6013ca	260	#define svrKeyFile "certs/server-key.pem"
wolfSSL	13:f67a6c6013ca	261	#define cliCertFile "certs/client-cert.pem"
wolfSSL	13:f67a6c6013ca	262	#define cliKeyFile "certs/client-key.pem"
wolfSSL	13:f67a6c6013ca	263	#define ntruCertFile "certs/ntru-cert.pem"
wolfSSL	13:f67a6c6013ca	264	#define ntruKeyFile "certs/ntru-key.raw"
wolfSSL	13:f67a6c6013ca	265	#define dhParamFile "certs/dh2048.pem"
wolfSSL	13:f67a6c6013ca	266	#define cliEccKeyFile "certs/ecc-client-key.pem"
wolfSSL	13:f67a6c6013ca	267	#define cliEccCertFile "certs/client-ecc-cert.pem"
wolfSSL	13:f67a6c6013ca	268	#define crlPemDir "certs/crl"
wolfSSL	13:f67a6c6013ca	269	#ifdef HAVE_WNR
wolfSSL	13:f67a6c6013ca	270	/* Whitewood netRandom default config file */
wolfSSL	13:f67a6c6013ca	271	#define wnrConfig "wnr-example.conf"
wolfSSL	13:f67a6c6013ca	272	#endif
wolfSSL	13:f67a6c6013ca	273	#else
wolfSSL	13:f67a6c6013ca	274	#define caCertFile "./certs/ca-cert.pem"
wolfSSL	13:f67a6c6013ca	275	#define eccCertFile "./certs/server-ecc.pem"
wolfSSL	13:f67a6c6013ca	276	#define eccKeyFile "./certs/ecc-key.pem"
wolfSSL	13:f67a6c6013ca	277	#define svrCertFile "./certs/server-cert.pem"
wolfSSL	13:f67a6c6013ca	278	#define svrKeyFile "./certs/server-key.pem"
wolfSSL	13:f67a6c6013ca	279	#define cliCertFile "./certs/client-cert.pem"
wolfSSL	13:f67a6c6013ca	280	#define cliKeyFile "./certs/client-key.pem"
wolfSSL	13:f67a6c6013ca	281	#define ntruCertFile "./certs/ntru-cert.pem"
wolfSSL	13:f67a6c6013ca	282	#define ntruKeyFile "./certs/ntru-key.raw"
wolfSSL	13:f67a6c6013ca	283	#define dhParamFile "./certs/dh2048.pem"
wolfSSL	13:f67a6c6013ca	284	#define cliEccKeyFile "./certs/ecc-client-key.pem"
wolfSSL	13:f67a6c6013ca	285	#define cliEccCertFile "./certs/client-ecc-cert.pem"
wolfSSL	13:f67a6c6013ca	286	#define crlPemDir "./certs/crl"
wolfSSL	13:f67a6c6013ca	287	#ifdef HAVE_WNR
wolfSSL	13:f67a6c6013ca	288	/* Whitewood netRandom default config file */
wolfSSL	13:f67a6c6013ca	289	#define wnrConfig "./wnr-example.conf"
wolfSSL	13:f67a6c6013ca	290	#endif
wolfSSL	13:f67a6c6013ca	291	#endif
wolfSSL	13:f67a6c6013ca	292
wolfSSL	13:f67a6c6013ca	293	typedef struct tcp_ready {
wolfSSL	13:f67a6c6013ca	294	word16 ready; /* predicate */
wolfSSL	13:f67a6c6013ca	295	word16 port;
wolfSSL	13:f67a6c6013ca	296	char* srfName; /* server ready file name */
wolfSSL	13:f67a6c6013ca	297	#if defined(_POSIX_THREADS) && !defined(__MINGW32__)
wolfSSL	13:f67a6c6013ca	298	pthread_mutex_t mutex;
wolfSSL	13:f67a6c6013ca	299	pthread_cond_t cond;
wolfSSL	13:f67a6c6013ca	300	#endif
wolfSSL	13:f67a6c6013ca	301	} tcp_ready;
wolfSSL	13:f67a6c6013ca	302
wolfSSL	13:f67a6c6013ca	303
wolfSSL	13:f67a6c6013ca	304	static INLINE void InitTcpReady(tcp_ready* ready)
wolfSSL	13:f67a6c6013ca	305	{
wolfSSL	13:f67a6c6013ca	306	ready->ready = 0;
wolfSSL	13:f67a6c6013ca	307	ready->port = 0;
wolfSSL	13:f67a6c6013ca	308	ready->srfName = NULL;
wolfSSL	13:f67a6c6013ca	309	#ifdef SINGLE_THREADED
wolfSSL	13:f67a6c6013ca	310	#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
wolfSSL	13:f67a6c6013ca	311	pthread_mutex_init(&ready->mutex, 0);
wolfSSL	13:f67a6c6013ca	312	pthread_cond_init(&ready->cond, 0);
wolfSSL	13:f67a6c6013ca	313	#endif
wolfSSL	13:f67a6c6013ca	314	}
wolfSSL	13:f67a6c6013ca	315
wolfSSL	13:f67a6c6013ca	316
wolfSSL	13:f67a6c6013ca	317	static INLINE void FreeTcpReady(tcp_ready* ready)
wolfSSL	13:f67a6c6013ca	318	{
wolfSSL	13:f67a6c6013ca	319	#ifdef SINGLE_THREADED
wolfSSL	13:f67a6c6013ca	320	(void)ready;
wolfSSL	13:f67a6c6013ca	321	#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
wolfSSL	13:f67a6c6013ca	322	pthread_mutex_destroy(&ready->mutex);
wolfSSL	13:f67a6c6013ca	323	pthread_cond_destroy(&ready->cond);
wolfSSL	13:f67a6c6013ca	324	#else
wolfSSL	13:f67a6c6013ca	325	(void)ready;
wolfSSL	13:f67a6c6013ca	326	#endif
wolfSSL	13:f67a6c6013ca	327	}
wolfSSL	13:f67a6c6013ca	328
wolfSSL	13:f67a6c6013ca	329	typedef WOLFSSL_METHOD* (*method_provider)(void);
wolfSSL	13:f67a6c6013ca	330	typedef void (ctx_callback)(WOLFSSL_CTX ctx);
wolfSSL	13:f67a6c6013ca	331	typedef void (ssl_callback)(WOLFSSL ssl);
wolfSSL	13:f67a6c6013ca	332
wolfSSL	13:f67a6c6013ca	333	typedef struct callback_functions {
wolfSSL	13:f67a6c6013ca	334	method_provider method;
wolfSSL	13:f67a6c6013ca	335	ctx_callback ctx_ready;
wolfSSL	13:f67a6c6013ca	336	ssl_callback ssl_ready;
wolfSSL	13:f67a6c6013ca	337	ssl_callback on_result;
wolfSSL	13:f67a6c6013ca	338	} callback_functions;
wolfSSL	13:f67a6c6013ca	339
wolfSSL	13:f67a6c6013ca	340	typedef struct func_args {
wolfSSL	13:f67a6c6013ca	341	int argc;
wolfSSL	13:f67a6c6013ca	342	char** argv;
wolfSSL	13:f67a6c6013ca	343	int return_code;
wolfSSL	13:f67a6c6013ca	344	tcp_ready* signal;
wolfSSL	13:f67a6c6013ca	345	callback_functions *callbacks;
wolfSSL	13:f67a6c6013ca	346	} func_args;
wolfSSL	13:f67a6c6013ca	347
wolfSSL	13:f67a6c6013ca	348
wolfSSL	13:f67a6c6013ca	349
wolfSSL	13:f67a6c6013ca	350
wolfSSL	13:f67a6c6013ca	351	void wait_tcp_ready(func_args*);
wolfSSL	13:f67a6c6013ca	352
wolfSSL	13:f67a6c6013ca	353	typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
wolfSSL	13:f67a6c6013ca	354
wolfSSL	13:f67a6c6013ca	355	void start_thread(THREAD_FUNC, func_args, THREAD_TYPE);
wolfSSL	13:f67a6c6013ca	356	void join_thread(THREAD_TYPE);
wolfSSL	13:f67a6c6013ca	357
wolfSSL	13:f67a6c6013ca	358	/* wolfSSL */
wolfSSL	13:f67a6c6013ca	359	#ifndef TEST_IPV6
wolfSSL	13:f67a6c6013ca	360	static const char* const wolfSSLIP = "127.0.0.1";
wolfSSL	13:f67a6c6013ca	361	#else
wolfSSL	13:f67a6c6013ca	362	static const char* const wolfSSLIP = "::1";
wolfSSL	13:f67a6c6013ca	363	#endif
wolfSSL	13:f67a6c6013ca	364	static const word16 wolfSSLPort = 11111;
wolfSSL	13:f67a6c6013ca	365
wolfSSL	13:f67a6c6013ca	366
wolfSSL	13:f67a6c6013ca	367	#if defined(__GNUC__)
wolfSSL	13:f67a6c6013ca	368	#define WC_NORETURN __attribute__((noreturn))
wolfSSL	13:f67a6c6013ca	369	#else
wolfSSL	13:f67a6c6013ca	370	#define WC_NORETURN
wolfSSL	13:f67a6c6013ca	371	#endif
wolfSSL	13:f67a6c6013ca	372
wolfSSL	13:f67a6c6013ca	373	static INLINE WC_NORETURN void err_sys(const char* msg)
wolfSSL	13:f67a6c6013ca	374	{
wolfSSL	13:f67a6c6013ca	375	printf("wolfSSL error: %s\n", msg);
wolfSSL	13:f67a6c6013ca	376
wolfSSL	13:f67a6c6013ca	377	#if !defined(__GNUC__)
wolfSSL	13:f67a6c6013ca	378	/* scan-build (which pretends to be gnuc) can get confused and think the
wolfSSL	13:f67a6c6013ca	379	* msg pointer can be null even when hardcoded and then it won't exit,
wolfSSL	13:f67a6c6013ca	380	* making null pointer checks above the err_sys() call useless.
wolfSSL	13:f67a6c6013ca	381	* We could just always exit() but some compilers will complain about no
wolfSSL	13:f67a6c6013ca	382	* possible return, with gcc we know the attribute to handle that with
wolfSSL	13:f67a6c6013ca	383	* WC_NORETURN. */
wolfSSL	13:f67a6c6013ca	384	if (msg)
wolfSSL	13:f67a6c6013ca	385	#endif
wolfSSL	13:f67a6c6013ca	386	{
wolfSSL	13:f67a6c6013ca	387	exit(EXIT_FAILURE);
wolfSSL	13:f67a6c6013ca	388	}
wolfSSL	13:f67a6c6013ca	389	}
wolfSSL	13:f67a6c6013ca	390
wolfSSL	13:f67a6c6013ca	391
wolfSSL	13:f67a6c6013ca	392	#define MY_EX_USAGE 2
wolfSSL	13:f67a6c6013ca	393
wolfSSL	13:f67a6c6013ca	394	extern int myoptind;
wolfSSL	13:f67a6c6013ca	395	extern char* myoptarg;
wolfSSL	13:f67a6c6013ca	396
wolfSSL	13:f67a6c6013ca	397	static INLINE int mygetopt(int argc, char** argv, const char* optstring)
wolfSSL	13:f67a6c6013ca	398	{
wolfSSL	13:f67a6c6013ca	399	static char* next = NULL;
wolfSSL	13:f67a6c6013ca	400
wolfSSL	13:f67a6c6013ca	401	char c;
wolfSSL	13:f67a6c6013ca	402	char* cp;
wolfSSL	13:f67a6c6013ca	403
wolfSSL	13:f67a6c6013ca	404	if (myoptind == 0)
wolfSSL	13:f67a6c6013ca	405	next = NULL; /* we're starting new/over */
wolfSSL	13:f67a6c6013ca	406
wolfSSL	13:f67a6c6013ca	407	if (next == NULL \|\| *next == '\0') {
wolfSSL	13:f67a6c6013ca	408	if (myoptind == 0)
wolfSSL	13:f67a6c6013ca	409	myoptind++;
wolfSSL	13:f67a6c6013ca	410
wolfSSL	13:f67a6c6013ca	411	if (myoptind >= argc \|\| argv[myoptind][0] != '-' \|\|
wolfSSL	13:f67a6c6013ca	412	argv[myoptind][1] == '\0') {
wolfSSL	13:f67a6c6013ca	413	myoptarg = NULL;
wolfSSL	13:f67a6c6013ca	414	if (myoptind < argc)
wolfSSL	13:f67a6c6013ca	415	myoptarg = argv[myoptind];
wolfSSL	13:f67a6c6013ca	416
wolfSSL	13:f67a6c6013ca	417	return -1;
wolfSSL	13:f67a6c6013ca	418	}
wolfSSL	13:f67a6c6013ca	419
wolfSSL	13:f67a6c6013ca	420	if (strcmp(argv[myoptind], "--") == 0) {
wolfSSL	13:f67a6c6013ca	421	myoptind++;
wolfSSL	13:f67a6c6013ca	422	myoptarg = NULL;
wolfSSL	13:f67a6c6013ca	423
wolfSSL	13:f67a6c6013ca	424	if (myoptind < argc)
wolfSSL	13:f67a6c6013ca	425	myoptarg = argv[myoptind];
wolfSSL	13:f67a6c6013ca	426
wolfSSL	13:f67a6c6013ca	427	return -1;
wolfSSL	13:f67a6c6013ca	428	}
wolfSSL	13:f67a6c6013ca	429
wolfSSL	13:f67a6c6013ca	430	next = argv[myoptind];
wolfSSL	13:f67a6c6013ca	431	next++; /* skip - */
wolfSSL	13:f67a6c6013ca	432	myoptind++;
wolfSSL	13:f67a6c6013ca	433	}
wolfSSL	13:f67a6c6013ca	434
wolfSSL	13:f67a6c6013ca	435	c = *next++;
wolfSSL	13:f67a6c6013ca	436	/* The C++ strchr can return a different value */
wolfSSL	13:f67a6c6013ca	437	cp = (char*)strchr(optstring, c);
wolfSSL	13:f67a6c6013ca	438
wolfSSL	13:f67a6c6013ca	439	if (cp == NULL \|\| c == ':')
wolfSSL	13:f67a6c6013ca	440	return '?';
wolfSSL	13:f67a6c6013ca	441
wolfSSL	13:f67a6c6013ca	442	cp++;
wolfSSL	13:f67a6c6013ca	443
wolfSSL	13:f67a6c6013ca	444	if (*cp == ':') {
wolfSSL	13:f67a6c6013ca	445	if (*next != '\0') {
wolfSSL	13:f67a6c6013ca	446	myoptarg = next;
wolfSSL	13:f67a6c6013ca	447	next = NULL;
wolfSSL	13:f67a6c6013ca	448	}
wolfSSL	13:f67a6c6013ca	449	else if (myoptind < argc) {
wolfSSL	13:f67a6c6013ca	450	myoptarg = argv[myoptind];
wolfSSL	13:f67a6c6013ca	451	myoptind++;
wolfSSL	13:f67a6c6013ca	452	}
wolfSSL	13:f67a6c6013ca	453	else
wolfSSL	13:f67a6c6013ca	454	return '?';
wolfSSL	13:f67a6c6013ca	455	}
wolfSSL	13:f67a6c6013ca	456
wolfSSL	13:f67a6c6013ca	457	return c;
wolfSSL	13:f67a6c6013ca	458	}
wolfSSL	13:f67a6c6013ca	459
wolfSSL	13:f67a6c6013ca	460
wolfSSL	13:f67a6c6013ca	461	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	13:f67a6c6013ca	462
wolfSSL	13:f67a6c6013ca	463	static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
wolfSSL	13:f67a6c6013ca	464	{
wolfSSL	13:f67a6c6013ca	465	(void)rw;
wolfSSL	13:f67a6c6013ca	466	(void)userdata;
wolfSSL	13:f67a6c6013ca	467	strncpy(passwd, "yassl123", sz);
wolfSSL	13:f67a6c6013ca	468	return 8;
wolfSSL	13:f67a6c6013ca	469	}
wolfSSL	13:f67a6c6013ca	470
wolfSSL	13:f67a6c6013ca	471	#endif
wolfSSL	13:f67a6c6013ca	472
wolfSSL	13:f67a6c6013ca	473
wolfSSL	13:f67a6c6013ca	474	#if defined(KEEP_PEER_CERT) \|\| defined(SESSION_CERTS)
wolfSSL	13:f67a6c6013ca	475
wolfSSL	13:f67a6c6013ca	476	static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
wolfSSL	13:f67a6c6013ca	477	{
wolfSSL	13:f67a6c6013ca	478	char* altName;
wolfSSL	13:f67a6c6013ca	479	char* issuer;
wolfSSL	13:f67a6c6013ca	480	char* subject;
wolfSSL	13:f67a6c6013ca	481	byte serial[32];
wolfSSL	13:f67a6c6013ca	482	int ret;
wolfSSL	13:f67a6c6013ca	483	int sz = sizeof(serial);
wolfSSL	13:f67a6c6013ca	484
wolfSSL	13:f67a6c6013ca	485	if (x509 == NULL) {
wolfSSL	13:f67a6c6013ca	486	printf("%s No Cert\n", hdr);
wolfSSL	13:f67a6c6013ca	487	return;
wolfSSL	13:f67a6c6013ca	488	}
wolfSSL	13:f67a6c6013ca	489
wolfSSL	13:f67a6c6013ca	490	issuer = wolfSSL_X509_NAME_oneline(
wolfSSL	13:f67a6c6013ca	491	wolfSSL_X509_get_issuer_name(x509), 0, 0);
wolfSSL	13:f67a6c6013ca	492	subject = wolfSSL_X509_NAME_oneline(
wolfSSL	13:f67a6c6013ca	493	wolfSSL_X509_get_subject_name(x509), 0, 0);
wolfSSL	13:f67a6c6013ca	494
wolfSSL	13:f67a6c6013ca	495	printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
wolfSSL	13:f67a6c6013ca	496
wolfSSL	13:f67a6c6013ca	497	while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
wolfSSL	13:f67a6c6013ca	498	printf(" altname = %s\n", altName);
wolfSSL	13:f67a6c6013ca	499
wolfSSL	13:f67a6c6013ca	500	ret = wolfSSL_X509_get_serial_number(x509, serial, &sz);
wolfSSL	13:f67a6c6013ca	501	if (ret == SSL_SUCCESS) {
wolfSSL	13:f67a6c6013ca	502	int i;
wolfSSL	13:f67a6c6013ca	503	int strLen;
wolfSSL	13:f67a6c6013ca	504	char serialMsg[80];
wolfSSL	13:f67a6c6013ca	505
wolfSSL	13:f67a6c6013ca	506	/* testsuite has multiple threads writing to stdout, get output
wolfSSL	13:f67a6c6013ca	507	message ready to write once */
wolfSSL	13:f67a6c6013ca	508	strLen = sprintf(serialMsg, " serial number");
wolfSSL	13:f67a6c6013ca	509	for (i = 0; i < sz; i++)
wolfSSL	13:f67a6c6013ca	510	sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
wolfSSL	13:f67a6c6013ca	511	printf("%s\n", serialMsg);
wolfSSL	13:f67a6c6013ca	512	}
wolfSSL	13:f67a6c6013ca	513
wolfSSL	13:f67a6c6013ca	514	XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	13:f67a6c6013ca	515	XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	13:f67a6c6013ca	516	}
wolfSSL	13:f67a6c6013ca	517
wolfSSL	13:f67a6c6013ca	518	#endif /* KEEP_PEER_CERT \|\| SESSION_CERTS */
wolfSSL	13:f67a6c6013ca	519
wolfSSL	13:f67a6c6013ca	520
wolfSSL	13:f67a6c6013ca	521	static INLINE void showPeer(WOLFSSL* ssl)
wolfSSL	13:f67a6c6013ca	522	{
wolfSSL	13:f67a6c6013ca	523
wolfSSL	13:f67a6c6013ca	524	WOLFSSL_CIPHER* cipher;
wolfSSL	13:f67a6c6013ca	525	#ifdef HAVE_ECC
wolfSSL	13:f67a6c6013ca	526	const char *name;
wolfSSL	13:f67a6c6013ca	527	#endif
wolfSSL	13:f67a6c6013ca	528	#ifndef NO_DH
wolfSSL	13:f67a6c6013ca	529	int bits;
wolfSSL	13:f67a6c6013ca	530	#endif
wolfSSL	13:f67a6c6013ca	531	#ifdef KEEP_PEER_CERT
wolfSSL	13:f67a6c6013ca	532	WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
wolfSSL	13:f67a6c6013ca	533	if (peer)
wolfSSL	13:f67a6c6013ca	534	ShowX509(peer, "peer's cert info:");
wolfSSL	13:f67a6c6013ca	535	else
wolfSSL	13:f67a6c6013ca	536	printf("peer has no cert!\n");
wolfSSL	13:f67a6c6013ca	537	wolfSSL_FreeX509(peer);
wolfSSL	13:f67a6c6013ca	538	#endif
wolfSSL	13:f67a6c6013ca	539	#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
wolfSSL	13:f67a6c6013ca	540	ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
wolfSSL	13:f67a6c6013ca	541	printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl));
wolfSSL	13:f67a6c6013ca	542	#endif /* SHOW_CERTS */
wolfSSL	13:f67a6c6013ca	543	printf("SSL version is %s\n", wolfSSL_get_version(ssl));
wolfSSL	13:f67a6c6013ca	544
wolfSSL	13:f67a6c6013ca	545	cipher = wolfSSL_get_current_cipher(ssl);
wolfSSL	13:f67a6c6013ca	546	#ifdef HAVE_QSH
wolfSSL	13:f67a6c6013ca	547	printf("SSL cipher suite is %s%s\n", (wolfSSL_isQSH(ssl))? "QSH:": "",
wolfSSL	13:f67a6c6013ca	548	wolfSSL_CIPHER_get_name(cipher));
wolfSSL	13:f67a6c6013ca	549	#else
wolfSSL	13:f67a6c6013ca	550	printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
wolfSSL	13:f67a6c6013ca	551	#endif
wolfSSL	13:f67a6c6013ca	552	#ifdef HAVE_ECC
wolfSSL	13:f67a6c6013ca	553	if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
wolfSSL	13:f67a6c6013ca	554	printf("SSL curve name is %s\n", name);
wolfSSL	13:f67a6c6013ca	555	#endif
wolfSSL	13:f67a6c6013ca	556	#ifndef NO_DH
wolfSSL	13:f67a6c6013ca	557	if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0)
wolfSSL	13:f67a6c6013ca	558	printf("SSL DH size is %d bits\n", bits);
wolfSSL	13:f67a6c6013ca	559	#endif
wolfSSL	13:f67a6c6013ca	560	if (wolfSSL_session_reused(ssl))
wolfSSL	13:f67a6c6013ca	561	printf("SSL reused session\n");
wolfSSL	13:f67a6c6013ca	562
wolfSSL	13:f67a6c6013ca	563	#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
wolfSSL	13:f67a6c6013ca	564	{
wolfSSL	13:f67a6c6013ca	565	WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl);
wolfSSL	13:f67a6c6013ca	566	int count = wolfSSL_get_chain_count(chain);
wolfSSL	13:f67a6c6013ca	567	int i;
wolfSSL	13:f67a6c6013ca	568
wolfSSL	13:f67a6c6013ca	569	for (i = 0; i < count; i++) {
wolfSSL	13:f67a6c6013ca	570	int length;
wolfSSL	13:f67a6c6013ca	571	unsigned char buffer[3072];
wolfSSL	13:f67a6c6013ca	572	WOLFSSL_X509* chainX509;
wolfSSL	13:f67a6c6013ca	573
wolfSSL	13:f67a6c6013ca	574	wolfSSL_get_chain_cert_pem(chain,i,buffer, sizeof(buffer), &length);
wolfSSL	13:f67a6c6013ca	575	buffer[length] = 0;
wolfSSL	13:f67a6c6013ca	576	printf("cert %d has length %d data = \n%s\n", i, length, buffer);
wolfSSL	13:f67a6c6013ca	577
wolfSSL	13:f67a6c6013ca	578	chainX509 = wolfSSL_get_chain_X509(chain, i);
wolfSSL	13:f67a6c6013ca	579	if (chainX509)
wolfSSL	13:f67a6c6013ca	580	ShowX509(chainX509, "session cert info:");
wolfSSL	13:f67a6c6013ca	581	else
wolfSSL	13:f67a6c6013ca	582	printf("get_chain_X509 failed\n");
wolfSSL	13:f67a6c6013ca	583	wolfSSL_FreeX509(chainX509);
wolfSSL	13:f67a6c6013ca	584	}
wolfSSL	13:f67a6c6013ca	585	}
wolfSSL	13:f67a6c6013ca	586	#endif
wolfSSL	13:f67a6c6013ca	587	(void)ssl;
wolfSSL	13:f67a6c6013ca	588	}
wolfSSL	13:f67a6c6013ca	589
wolfSSL	13:f67a6c6013ca	590
wolfSSL	13:f67a6c6013ca	591	static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
wolfSSL	13:f67a6c6013ca	592	word16 port, int udp, int sctp)
wolfSSL	13:f67a6c6013ca	593	{
wolfSSL	13:f67a6c6013ca	594	int useLookup = 0;
wolfSSL	13:f67a6c6013ca	595	(void)useLookup;
wolfSSL	13:f67a6c6013ca	596	(void)udp;
wolfSSL	13:f67a6c6013ca	597	(void)sctp;
wolfSSL	13:f67a6c6013ca	598
wolfSSL	13:f67a6c6013ca	599	if (addr == NULL)
wolfSSL	13:f67a6c6013ca	600	err_sys("invalid argument to build_addr, addr is NULL");
wolfSSL	13:f67a6c6013ca	601
wolfSSL	13:f67a6c6013ca	602	memset(addr, 0, sizeof(SOCKADDR_IN_T));
wolfSSL	13:f67a6c6013ca	603
wolfSSL	13:f67a6c6013ca	604	#ifndef TEST_IPV6
wolfSSL	13:f67a6c6013ca	605	/* peer could be in human readable form */
wolfSSL	13:f67a6c6013ca	606	if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) {
wolfSSL	13:f67a6c6013ca	607	#if defined(WOLFSSL_MDK_ARM) \|\| defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	608	int err;
wolfSSL	13:f67a6c6013ca	609	struct hostent* entry = gethostbyname(peer, &err);
wolfSSL	13:f67a6c6013ca	610	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	611	struct hostent* entry = DNSGetHostByName(peer);
wolfSSL	13:f67a6c6013ca	612	#elif defined(WOLFSSL_VXWORKS)
wolfSSL	13:f67a6c6013ca	613	struct hostent* entry = (struct hostent)hostGetByName((char)peer);
wolfSSL	13:f67a6c6013ca	614	#else
wolfSSL	13:f67a6c6013ca	615	struct hostent* entry = gethostbyname(peer);
wolfSSL	13:f67a6c6013ca	616	#endif
wolfSSL	13:f67a6c6013ca	617
wolfSSL	13:f67a6c6013ca	618	if (entry) {
wolfSSL	13:f67a6c6013ca	619	XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0],
wolfSSL	13:f67a6c6013ca	620	entry->h_length);
wolfSSL	13:f67a6c6013ca	621	useLookup = 1;
wolfSSL	13:f67a6c6013ca	622	}
wolfSSL	13:f67a6c6013ca	623	else
wolfSSL	13:f67a6c6013ca	624	err_sys("no entry for host");
wolfSSL	13:f67a6c6013ca	625	}
wolfSSL	13:f67a6c6013ca	626	#endif
wolfSSL	13:f67a6c6013ca	627
wolfSSL	13:f67a6c6013ca	628
wolfSSL	13:f67a6c6013ca	629	#ifndef TEST_IPV6
wolfSSL	13:f67a6c6013ca	630	#if defined(WOLFSSL_MDK_ARM) \|\| defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	631	addr->sin_family = PF_INET;
wolfSSL	13:f67a6c6013ca	632	#else
wolfSSL	13:f67a6c6013ca	633	addr->sin_family = AF_INET_V;
wolfSSL	13:f67a6c6013ca	634	#endif
wolfSSL	13:f67a6c6013ca	635	addr->sin_port = XHTONS(port);
wolfSSL	13:f67a6c6013ca	636	if ((size_t)peer == INADDR_ANY)
wolfSSL	13:f67a6c6013ca	637	addr->sin_addr.s_addr = INADDR_ANY;
wolfSSL	13:f67a6c6013ca	638	else {
wolfSSL	13:f67a6c6013ca	639	if (!useLookup)
wolfSSL	13:f67a6c6013ca	640	addr->sin_addr.s_addr = inet_addr(peer);
wolfSSL	13:f67a6c6013ca	641	}
wolfSSL	13:f67a6c6013ca	642	#else
wolfSSL	13:f67a6c6013ca	643	addr->sin6_family = AF_INET_V;
wolfSSL	13:f67a6c6013ca	644	addr->sin6_port = XHTONS(port);
wolfSSL	13:f67a6c6013ca	645	if (peer == INADDR_ANY)
wolfSSL	13:f67a6c6013ca	646	addr->sin6_addr = in6addr_any;
wolfSSL	13:f67a6c6013ca	647	else {
wolfSSL	13:f67a6c6013ca	648	#ifdef HAVE_GETADDRINFO
wolfSSL	13:f67a6c6013ca	649	struct addrinfo hints;
wolfSSL	13:f67a6c6013ca	650	struct addrinfo* answer = NULL;
wolfSSL	13:f67a6c6013ca	651	int ret;
wolfSSL	13:f67a6c6013ca	652	char strPort[80];
wolfSSL	13:f67a6c6013ca	653
wolfSSL	13:f67a6c6013ca	654	memset(&hints, 0, sizeof(hints));
wolfSSL	13:f67a6c6013ca	655
wolfSSL	13:f67a6c6013ca	656	hints.ai_family = AF_INET_V;
wolfSSL	13:f67a6c6013ca	657	if (udp) {
wolfSSL	13:f67a6c6013ca	658	hints.ai_socktype = SOCK_DGRAM;
wolfSSL	13:f67a6c6013ca	659	hints.ai_protocol = IPPROTO_UDP;
wolfSSL	13:f67a6c6013ca	660	}
wolfSSL	13:f67a6c6013ca	661	#ifdef WOLFSSL_SCTP
wolfSSL	13:f67a6c6013ca	662	else if (sctp) {
wolfSSL	13:f67a6c6013ca	663	hints.ai_socktype = SOCK_STREAM;
wolfSSL	13:f67a6c6013ca	664	hints.ai_protocol = IPPROTO_SCTP;
wolfSSL	13:f67a6c6013ca	665	}
wolfSSL	13:f67a6c6013ca	666	#endif
wolfSSL	13:f67a6c6013ca	667	else {
wolfSSL	13:f67a6c6013ca	668	hints.ai_socktype = SOCK_STREAM;
wolfSSL	13:f67a6c6013ca	669	hints.ai_protocol = IPPROTO_TCP;
wolfSSL	13:f67a6c6013ca	670	}
wolfSSL	13:f67a6c6013ca	671
wolfSSL	13:f67a6c6013ca	672	SNPRINTF(strPort, sizeof(strPort), "%d", port);
wolfSSL	13:f67a6c6013ca	673	strPort[79] = '\0';
wolfSSL	13:f67a6c6013ca	674
wolfSSL	13:f67a6c6013ca	675	ret = getaddrinfo(peer, strPort, &hints, &answer);
wolfSSL	13:f67a6c6013ca	676	if (ret < 0 \|\| answer == NULL)
wolfSSL	13:f67a6c6013ca	677	err_sys("getaddrinfo failed");
wolfSSL	13:f67a6c6013ca	678
wolfSSL	13:f67a6c6013ca	679	XMEMCPY(addr, answer->ai_addr, answer->ai_addrlen);
wolfSSL	13:f67a6c6013ca	680	freeaddrinfo(answer);
wolfSSL	13:f67a6c6013ca	681	#else
wolfSSL	13:f67a6c6013ca	682	printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
wolfSSL	13:f67a6c6013ca	683	addr->sin6_addr = in6addr_loopback;
wolfSSL	13:f67a6c6013ca	684	#endif
wolfSSL	13:f67a6c6013ca	685	}
wolfSSL	13:f67a6c6013ca	686	#endif
wolfSSL	13:f67a6c6013ca	687	}
wolfSSL	13:f67a6c6013ca	688
wolfSSL	13:f67a6c6013ca	689
wolfSSL	13:f67a6c6013ca	690	static INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
wolfSSL	13:f67a6c6013ca	691	{
wolfSSL	13:f67a6c6013ca	692	(void)sctp;
wolfSSL	13:f67a6c6013ca	693
wolfSSL	13:f67a6c6013ca	694	if (udp)
wolfSSL	13:f67a6c6013ca	695	*sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP);
wolfSSL	13:f67a6c6013ca	696	#ifdef WOLFSSL_SCTP
wolfSSL	13:f67a6c6013ca	697	else if (sctp)
wolfSSL	13:f67a6c6013ca	698	*sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP);
wolfSSL	13:f67a6c6013ca	699	#endif
wolfSSL	13:f67a6c6013ca	700	else
wolfSSL	13:f67a6c6013ca	701	*sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP);
wolfSSL	13:f67a6c6013ca	702
wolfSSL	13:f67a6c6013ca	703	if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) {
wolfSSL	13:f67a6c6013ca	704	err_sys("socket failed\n");
wolfSSL	13:f67a6c6013ca	705	}
wolfSSL	13:f67a6c6013ca	706
wolfSSL	13:f67a6c6013ca	707	#ifndef USE_WINDOWS_API
wolfSSL	13:f67a6c6013ca	708	#ifdef SO_NOSIGPIPE
wolfSSL	13:f67a6c6013ca	709	{
wolfSSL	13:f67a6c6013ca	710	int on = 1;
wolfSSL	13:f67a6c6013ca	711	socklen_t len = sizeof(on);
wolfSSL	13:f67a6c6013ca	712	int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
wolfSSL	13:f67a6c6013ca	713	if (res < 0)
wolfSSL	13:f67a6c6013ca	714	err_sys("setsockopt SO_NOSIGPIPE failed\n");
wolfSSL	13:f67a6c6013ca	715	}
wolfSSL	13:f67a6c6013ca	716	#elif defined(WOLFSSL_MDK_ARM) \|\| defined (WOLFSSL_TIRTOS) \|\|\
wolfSSL	13:f67a6c6013ca	717	defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	718	/* nothing to define */
wolfSSL	13:f67a6c6013ca	719	#else /* no S_NOSIGPIPE */
wolfSSL	13:f67a6c6013ca	720	signal(SIGPIPE, SIG_IGN);
wolfSSL	13:f67a6c6013ca	721	#endif /* S_NOSIGPIPE */
wolfSSL	13:f67a6c6013ca	722
wolfSSL	13:f67a6c6013ca	723	#if defined(TCP_NODELAY)
wolfSSL	13:f67a6c6013ca	724	if (!udp && !sctp)
wolfSSL	13:f67a6c6013ca	725	{
wolfSSL	13:f67a6c6013ca	726	int on = 1;
wolfSSL	13:f67a6c6013ca	727	socklen_t len = sizeof(on);
wolfSSL	13:f67a6c6013ca	728	int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
wolfSSL	13:f67a6c6013ca	729	if (res < 0)
wolfSSL	13:f67a6c6013ca	730	err_sys("setsockopt TCP_NODELAY failed\n");
wolfSSL	13:f67a6c6013ca	731	}
wolfSSL	13:f67a6c6013ca	732	#endif
wolfSSL	13:f67a6c6013ca	733	#endif /* USE_WINDOWS_API */
wolfSSL	13:f67a6c6013ca	734	}
wolfSSL	13:f67a6c6013ca	735
wolfSSL	13:f67a6c6013ca	736	static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
wolfSSL	13:f67a6c6013ca	737	int udp, int sctp, WOLFSSL* ssl)
wolfSSL	13:f67a6c6013ca	738	{
wolfSSL	13:f67a6c6013ca	739	SOCKADDR_IN_T addr;
wolfSSL	13:f67a6c6013ca	740	build_addr(&addr, ip, port, udp, sctp);
wolfSSL	13:f67a6c6013ca	741	if (udp) {
wolfSSL	13:f67a6c6013ca	742	wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
wolfSSL	13:f67a6c6013ca	743	}
wolfSSL	13:f67a6c6013ca	744	tcp_socket(sockfd, udp, sctp);
wolfSSL	13:f67a6c6013ca	745
wolfSSL	13:f67a6c6013ca	746	if (!udp) {
wolfSSL	13:f67a6c6013ca	747	if (connect(sockfd, (const struct sockaddr)&addr, sizeof(addr)) != 0)
wolfSSL	13:f67a6c6013ca	748	err_sys("tcp connect failed");
wolfSSL	13:f67a6c6013ca	749	}
wolfSSL	13:f67a6c6013ca	750	}
wolfSSL	13:f67a6c6013ca	751
wolfSSL	13:f67a6c6013ca	752
wolfSSL	13:f67a6c6013ca	753	static INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
wolfSSL	13:f67a6c6013ca	754	{
wolfSSL	13:f67a6c6013ca	755	if (connect(sockfd, (const struct sockaddr)addr, addrSz) != 0)
wolfSSL	13:f67a6c6013ca	756	err_sys("tcp connect failed");
wolfSSL	13:f67a6c6013ca	757	}
wolfSSL	13:f67a6c6013ca	758
wolfSSL	13:f67a6c6013ca	759
wolfSSL	13:f67a6c6013ca	760	enum {
wolfSSL	13:f67a6c6013ca	761	TEST_SELECT_FAIL,
wolfSSL	13:f67a6c6013ca	762	TEST_TIMEOUT,
wolfSSL	13:f67a6c6013ca	763	TEST_RECV_READY,
wolfSSL	13:f67a6c6013ca	764	TEST_ERROR_READY
wolfSSL	13:f67a6c6013ca	765	};
wolfSSL	13:f67a6c6013ca	766
wolfSSL	13:f67a6c6013ca	767
wolfSSL	13:f67a6c6013ca	768	#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \
wolfSSL	13:f67a6c6013ca	769	!defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	770	static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
wolfSSL	13:f67a6c6013ca	771	{
wolfSSL	13:f67a6c6013ca	772	fd_set recvfds, errfds;
wolfSSL	13:f67a6c6013ca	773	SOCKET_T nfds = socketfd + 1;
wolfSSL	13:f67a6c6013ca	774	struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
wolfSSL	13:f67a6c6013ca	775	int result;
wolfSSL	13:f67a6c6013ca	776
wolfSSL	13:f67a6c6013ca	777	FD_ZERO(&recvfds);
wolfSSL	13:f67a6c6013ca	778	FD_SET(socketfd, &recvfds);
wolfSSL	13:f67a6c6013ca	779	FD_ZERO(&errfds);
wolfSSL	13:f67a6c6013ca	780	FD_SET(socketfd, &errfds);
wolfSSL	13:f67a6c6013ca	781
wolfSSL	13:f67a6c6013ca	782	result = select(nfds, &recvfds, NULL, &errfds, &timeout);
wolfSSL	13:f67a6c6013ca	783
wolfSSL	13:f67a6c6013ca	784	if (result == 0)
wolfSSL	13:f67a6c6013ca	785	return TEST_TIMEOUT;
wolfSSL	13:f67a6c6013ca	786	else if (result > 0) {
wolfSSL	13:f67a6c6013ca	787	if (FD_ISSET(socketfd, &recvfds))
wolfSSL	13:f67a6c6013ca	788	return TEST_RECV_READY;
wolfSSL	13:f67a6c6013ca	789	else if(FD_ISSET(socketfd, &errfds))
wolfSSL	13:f67a6c6013ca	790	return TEST_ERROR_READY;
wolfSSL	13:f67a6c6013ca	791	}
wolfSSL	13:f67a6c6013ca	792
wolfSSL	13:f67a6c6013ca	793	return TEST_SELECT_FAIL;
wolfSSL	13:f67a6c6013ca	794	}
wolfSSL	13:f67a6c6013ca	795	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	796	static INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
wolfSSL	13:f67a6c6013ca	797	{
wolfSSL	13:f67a6c6013ca	798	return TEST_RECV_READY;
wolfSSL	13:f67a6c6013ca	799	}
wolfSSL	13:f67a6c6013ca	800	#endif /* !WOLFSSL_MDK_ARM */
wolfSSL	13:f67a6c6013ca	801
wolfSSL	13:f67a6c6013ca	802
wolfSSL	13:f67a6c6013ca	803	static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
wolfSSL	13:f67a6c6013ca	804	int udp, int sctp)
wolfSSL	13:f67a6c6013ca	805	{
wolfSSL	13:f67a6c6013ca	806	SOCKADDR_IN_T addr;
wolfSSL	13:f67a6c6013ca	807
wolfSSL	13:f67a6c6013ca	808	/* don't use INADDR_ANY by default, firewall may block, make user switch
wolfSSL	13:f67a6c6013ca	809	on */
wolfSSL	13:f67a6c6013ca	810	build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp);
wolfSSL	13:f67a6c6013ca	811	tcp_socket(sockfd, udp, sctp);
wolfSSL	13:f67a6c6013ca	812
wolfSSL	13:f67a6c6013ca	813	#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
wolfSSL	13:f67a6c6013ca	814	&& !defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	815	{
wolfSSL	13:f67a6c6013ca	816	int res, on = 1;
wolfSSL	13:f67a6c6013ca	817	socklen_t len = sizeof(on);
wolfSSL	13:f67a6c6013ca	818	res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
wolfSSL	13:f67a6c6013ca	819	if (res < 0)
wolfSSL	13:f67a6c6013ca	820	err_sys("setsockopt SO_REUSEADDR failed\n");
wolfSSL	13:f67a6c6013ca	821	}
wolfSSL	13:f67a6c6013ca	822	#endif
wolfSSL	13:f67a6c6013ca	823
wolfSSL	13:f67a6c6013ca	824	if (bind(sockfd, (const struct sockaddr)&addr, sizeof(addr)) != 0)
wolfSSL	13:f67a6c6013ca	825	err_sys("tcp bind failed");
wolfSSL	13:f67a6c6013ca	826	if (!udp) {
wolfSSL	13:f67a6c6013ca	827	if (listen(*sockfd, 5) != 0)
wolfSSL	13:f67a6c6013ca	828	err_sys("tcp listen failed");
wolfSSL	13:f67a6c6013ca	829	}
wolfSSL	13:f67a6c6013ca	830	#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	831	if (*port == 0) {
wolfSSL	13:f67a6c6013ca	832	socklen_t len = sizeof(addr);
wolfSSL	13:f67a6c6013ca	833	if (getsockname(sockfd, (struct sockaddr)&addr, &len) == 0) {
wolfSSL	13:f67a6c6013ca	834	#ifndef TEST_IPV6
wolfSSL	13:f67a6c6013ca	835	*port = XNTOHS(addr.sin_port);
wolfSSL	13:f67a6c6013ca	836	#else
wolfSSL	13:f67a6c6013ca	837	*port = XNTOHS(addr.sin6_port);
wolfSSL	13:f67a6c6013ca	838	#endif
wolfSSL	13:f67a6c6013ca	839	}
wolfSSL	13:f67a6c6013ca	840	}
wolfSSL	13:f67a6c6013ca	841	#endif
wolfSSL	13:f67a6c6013ca	842	}
wolfSSL	13:f67a6c6013ca	843
wolfSSL	13:f67a6c6013ca	844
wolfSSL	13:f67a6c6013ca	845	#if 0
wolfSSL	13:f67a6c6013ca	846	static INLINE int udp_read_connect(SOCKET_T sockfd)
wolfSSL	13:f67a6c6013ca	847	{
wolfSSL	13:f67a6c6013ca	848	SOCKADDR_IN_T cliaddr;
wolfSSL	13:f67a6c6013ca	849	byte b[1500];
wolfSSL	13:f67a6c6013ca	850	int n;
wolfSSL	13:f67a6c6013ca	851	socklen_t len = sizeof(cliaddr);
wolfSSL	13:f67a6c6013ca	852
wolfSSL	13:f67a6c6013ca	853	n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
wolfSSL	13:f67a6c6013ca	854	(struct sockaddr*)&cliaddr, &len);
wolfSSL	13:f67a6c6013ca	855	if (n > 0) {
wolfSSL	13:f67a6c6013ca	856	if (connect(sockfd, (const struct sockaddr*)&cliaddr,
wolfSSL	13:f67a6c6013ca	857	sizeof(cliaddr)) != 0)
wolfSSL	13:f67a6c6013ca	858	err_sys("udp connect failed");
wolfSSL	13:f67a6c6013ca	859	}
wolfSSL	13:f67a6c6013ca	860	else
wolfSSL	13:f67a6c6013ca	861	err_sys("recvfrom failed");
wolfSSL	13:f67a6c6013ca	862
wolfSSL	13:f67a6c6013ca	863	return sockfd;
wolfSSL	13:f67a6c6013ca	864	}
wolfSSL	13:f67a6c6013ca	865	#endif
wolfSSL	13:f67a6c6013ca	866
wolfSSL	13:f67a6c6013ca	867	static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
wolfSSL	13:f67a6c6013ca	868	int useAnyAddr, word16 port, func_args* args)
wolfSSL	13:f67a6c6013ca	869	{
wolfSSL	13:f67a6c6013ca	870	SOCKADDR_IN_T addr;
wolfSSL	13:f67a6c6013ca	871
wolfSSL	13:f67a6c6013ca	872	(void)args;
wolfSSL	13:f67a6c6013ca	873	build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0);
wolfSSL	13:f67a6c6013ca	874	tcp_socket(sockfd, 1, 0);
wolfSSL	13:f67a6c6013ca	875
wolfSSL	13:f67a6c6013ca	876
wolfSSL	13:f67a6c6013ca	877	#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \
wolfSSL	13:f67a6c6013ca	878	&& !defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	879	{
wolfSSL	13:f67a6c6013ca	880	int res, on = 1;
wolfSSL	13:f67a6c6013ca	881	socklen_t len = sizeof(on);
wolfSSL	13:f67a6c6013ca	882	res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
wolfSSL	13:f67a6c6013ca	883	if (res < 0)
wolfSSL	13:f67a6c6013ca	884	err_sys("setsockopt SO_REUSEADDR failed\n");
wolfSSL	13:f67a6c6013ca	885	}
wolfSSL	13:f67a6c6013ca	886	#endif
wolfSSL	13:f67a6c6013ca	887
wolfSSL	13:f67a6c6013ca	888	if (bind(sockfd, (const struct sockaddr)&addr, sizeof(addr)) != 0)
wolfSSL	13:f67a6c6013ca	889	err_sys("tcp bind failed");
wolfSSL	13:f67a6c6013ca	890
wolfSSL	13:f67a6c6013ca	891	#if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	892	if (port == 0) {
wolfSSL	13:f67a6c6013ca	893	socklen_t len = sizeof(addr);
wolfSSL	13:f67a6c6013ca	894	if (getsockname(sockfd, (struct sockaddr)&addr, &len) == 0) {
wolfSSL	13:f67a6c6013ca	895	#ifndef TEST_IPV6
wolfSSL	13:f67a6c6013ca	896	port = XNTOHS(addr.sin_port);
wolfSSL	13:f67a6c6013ca	897	#else
wolfSSL	13:f67a6c6013ca	898	port = XNTOHS(addr.sin6_port);
wolfSSL	13:f67a6c6013ca	899	#endif
wolfSSL	13:f67a6c6013ca	900	}
wolfSSL	13:f67a6c6013ca	901	}
wolfSSL	13:f67a6c6013ca	902	#endif
wolfSSL	13:f67a6c6013ca	903
wolfSSL	13:f67a6c6013ca	904	#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
wolfSSL	13:f67a6c6013ca	905	/* signal ready to accept data */
wolfSSL	13:f67a6c6013ca	906	{
wolfSSL	13:f67a6c6013ca	907	tcp_ready* ready = args->signal;
wolfSSL	13:f67a6c6013ca	908	pthread_mutex_lock(&ready->mutex);
wolfSSL	13:f67a6c6013ca	909	ready->ready = 1;
wolfSSL	13:f67a6c6013ca	910	ready->port = port;
wolfSSL	13:f67a6c6013ca	911	pthread_cond_signal(&ready->cond);
wolfSSL	13:f67a6c6013ca	912	pthread_mutex_unlock(&ready->mutex);
wolfSSL	13:f67a6c6013ca	913	}
wolfSSL	13:f67a6c6013ca	914	#elif defined (WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	915	/* Need mutex? */
wolfSSL	13:f67a6c6013ca	916	tcp_ready* ready = args->signal;
wolfSSL	13:f67a6c6013ca	917	ready->ready = 1;
wolfSSL	13:f67a6c6013ca	918	ready->port = port;
wolfSSL	13:f67a6c6013ca	919	#endif
wolfSSL	13:f67a6c6013ca	920
wolfSSL	13:f67a6c6013ca	921	clientfd = sockfd;
wolfSSL	13:f67a6c6013ca	922	}
wolfSSL	13:f67a6c6013ca	923
wolfSSL	13:f67a6c6013ca	924	static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
wolfSSL	13:f67a6c6013ca	925	func_args* args, word16 port, int useAnyAddr,
wolfSSL	13:f67a6c6013ca	926	int udp, int sctp, int ready_file, int do_listen)
wolfSSL	13:f67a6c6013ca	927	{
wolfSSL	13:f67a6c6013ca	928	SOCKADDR_IN_T client;
wolfSSL	13:f67a6c6013ca	929	socklen_t client_len = sizeof(client);
wolfSSL	13:f67a6c6013ca	930	tcp_ready* ready = NULL;
wolfSSL	13:f67a6c6013ca	931
wolfSSL	13:f67a6c6013ca	932	(void) ready; /* Account for case when "ready" is not used */
wolfSSL	13:f67a6c6013ca	933
wolfSSL	13:f67a6c6013ca	934	if (udp) {
wolfSSL	13:f67a6c6013ca	935	udp_accept(sockfd, clientfd, useAnyAddr, port, args);
wolfSSL	13:f67a6c6013ca	936	return;
wolfSSL	13:f67a6c6013ca	937	}
wolfSSL	13:f67a6c6013ca	938
wolfSSL	13:f67a6c6013ca	939	if(do_listen) {
wolfSSL	13:f67a6c6013ca	940	tcp_listen(sockfd, &port, useAnyAddr, udp, sctp);
wolfSSL	13:f67a6c6013ca	941
wolfSSL	13:f67a6c6013ca	942	#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
wolfSSL	13:f67a6c6013ca	943	/* signal ready to tcp_accept */
wolfSSL	13:f67a6c6013ca	944	if (args)
wolfSSL	13:f67a6c6013ca	945	ready = args->signal;
wolfSSL	13:f67a6c6013ca	946	if (ready) {
wolfSSL	13:f67a6c6013ca	947	pthread_mutex_lock(&ready->mutex);
wolfSSL	13:f67a6c6013ca	948	ready->ready = 1;
wolfSSL	13:f67a6c6013ca	949	ready->port = port;
wolfSSL	13:f67a6c6013ca	950	pthread_cond_signal(&ready->cond);
wolfSSL	13:f67a6c6013ca	951	pthread_mutex_unlock(&ready->mutex);
wolfSSL	13:f67a6c6013ca	952	}
wolfSSL	13:f67a6c6013ca	953	#elif defined (WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	954	/* Need mutex? */
wolfSSL	13:f67a6c6013ca	955	if (args)
wolfSSL	13:f67a6c6013ca	956	ready = args->signal;
wolfSSL	13:f67a6c6013ca	957	if (ready) {
wolfSSL	13:f67a6c6013ca	958	ready->ready = 1;
wolfSSL	13:f67a6c6013ca	959	ready->port = port;
wolfSSL	13:f67a6c6013ca	960	}
wolfSSL	13:f67a6c6013ca	961	#endif
wolfSSL	13:f67a6c6013ca	962
wolfSSL	13:f67a6c6013ca	963	if (ready_file) {
wolfSSL	13:f67a6c6013ca	964	#if !defined(NO_FILESYSTEM) \|\| defined(FORCE_BUFFER_TEST)
wolfSSL	13:f67a6c6013ca	965	FILE* srf = NULL;
wolfSSL	13:f67a6c6013ca	966	if (args)
wolfSSL	13:f67a6c6013ca	967	ready = args->signal;
wolfSSL	13:f67a6c6013ca	968
wolfSSL	13:f67a6c6013ca	969	if (ready) {
wolfSSL	13:f67a6c6013ca	970	srf = fopen(ready->srfName, "w");
wolfSSL	13:f67a6c6013ca	971
wolfSSL	13:f67a6c6013ca	972	if (srf) {
wolfSSL	13:f67a6c6013ca	973	/* let's write port sever is listening on to ready file
wolfSSL	13:f67a6c6013ca	974	external monitor can then do ephemeral ports by passing
wolfSSL	13:f67a6c6013ca	975	-p 0 to server on supported platforms with -R ready_file
wolfSSL	13:f67a6c6013ca	976	client can then wait for existence of ready_file and see
wolfSSL	13:f67a6c6013ca	977	which port the server is listening on. */
wolfSSL	13:f67a6c6013ca	978	fprintf(srf, "%d\n", (int)port);
wolfSSL	13:f67a6c6013ca	979	fclose(srf);
wolfSSL	13:f67a6c6013ca	980	}
wolfSSL	13:f67a6c6013ca	981	}
wolfSSL	13:f67a6c6013ca	982	#endif
wolfSSL	13:f67a6c6013ca	983	}
wolfSSL	13:f67a6c6013ca	984	}
wolfSSL	13:f67a6c6013ca	985
wolfSSL	13:f67a6c6013ca	986	clientfd = accept(sockfd, (struct sockaddr*)&client,
wolfSSL	13:f67a6c6013ca	987	(ACCEPT_THIRD_T)&client_len);
wolfSSL	13:f67a6c6013ca	988	if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) {
wolfSSL	13:f67a6c6013ca	989	err_sys("tcp accept failed");
wolfSSL	13:f67a6c6013ca	990	}
wolfSSL	13:f67a6c6013ca	991	}
wolfSSL	13:f67a6c6013ca	992
wolfSSL	13:f67a6c6013ca	993
wolfSSL	13:f67a6c6013ca	994	static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
wolfSSL	13:f67a6c6013ca	995	{
wolfSSL	13:f67a6c6013ca	996	#ifdef USE_WINDOWS_API
wolfSSL	13:f67a6c6013ca	997	unsigned long blocking = 1;
wolfSSL	13:f67a6c6013ca	998	int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
wolfSSL	13:f67a6c6013ca	999	if (ret == SOCKET_ERROR)
wolfSSL	13:f67a6c6013ca	1000	err_sys("ioctlsocket failed");
wolfSSL	13:f67a6c6013ca	1001	#elif defined(WOLFSSL_MDK_ARM) \|\| defined(WOLFSSL_KEIL_TCP_NET) \
wolfSSL	13:f67a6c6013ca	1002	\|\| defined (WOLFSSL_TIRTOS)\|\| defined(WOLFSSL_VXWORKS)
wolfSSL	13:f67a6c6013ca	1003	/* non blocking not supported, for now */
wolfSSL	13:f67a6c6013ca	1004	#else
wolfSSL	13:f67a6c6013ca	1005	int flags = fcntl(*sockfd, F_GETFL, 0);
wolfSSL	13:f67a6c6013ca	1006	if (flags < 0)
wolfSSL	13:f67a6c6013ca	1007	err_sys("fcntl get failed");
wolfSSL	13:f67a6c6013ca	1008	flags = fcntl(*sockfd, F_SETFL, flags \| O_NONBLOCK);
wolfSSL	13:f67a6c6013ca	1009	if (flags < 0)
wolfSSL	13:f67a6c6013ca	1010	err_sys("fcntl set failed");
wolfSSL	13:f67a6c6013ca	1011	#endif
wolfSSL	13:f67a6c6013ca	1012	}
wolfSSL	13:f67a6c6013ca	1013
wolfSSL	13:f67a6c6013ca	1014
wolfSSL	13:f67a6c6013ca	1015	#ifndef NO_PSK
wolfSSL	13:f67a6c6013ca	1016
wolfSSL	13:f67a6c6013ca	1017	/* identity is OpenSSL testing default for openssl s_client, keep same */
wolfSSL	13:f67a6c6013ca	1018	static const char* kIdentityStr = "Client_identity";
wolfSSL	13:f67a6c6013ca	1019
wolfSSL	13:f67a6c6013ca	1020	static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
wolfSSL	13:f67a6c6013ca	1021	char* identity, unsigned int id_max_len, unsigned char* key,
wolfSSL	13:f67a6c6013ca	1022	unsigned int key_max_len)
wolfSSL	13:f67a6c6013ca	1023	{
wolfSSL	13:f67a6c6013ca	1024	(void)ssl;
wolfSSL	13:f67a6c6013ca	1025	(void)hint;
wolfSSL	13:f67a6c6013ca	1026	(void)key_max_len;
wolfSSL	13:f67a6c6013ca	1027
wolfSSL	13:f67a6c6013ca	1028	/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
wolfSSL	13:f67a6c6013ca	1029	strncpy(identity, kIdentityStr, id_max_len);
wolfSSL	13:f67a6c6013ca	1030
wolfSSL	13:f67a6c6013ca	1031	/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
wolfSSL	13:f67a6c6013ca	1032	unsigned binary */
wolfSSL	13:f67a6c6013ca	1033	key[0] = 26;
wolfSSL	13:f67a6c6013ca	1034	key[1] = 43;
wolfSSL	13:f67a6c6013ca	1035	key[2] = 60;
wolfSSL	13:f67a6c6013ca	1036	key[3] = 77;
wolfSSL	13:f67a6c6013ca	1037
wolfSSL	13:f67a6c6013ca	1038	return 4; /* length of key in octets or 0 for error */
wolfSSL	13:f67a6c6013ca	1039	}
wolfSSL	13:f67a6c6013ca	1040
wolfSSL	13:f67a6c6013ca	1041
wolfSSL	13:f67a6c6013ca	1042	static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
wolfSSL	13:f67a6c6013ca	1043	unsigned char* key, unsigned int key_max_len)
wolfSSL	13:f67a6c6013ca	1044	{
wolfSSL	13:f67a6c6013ca	1045	(void)ssl;
wolfSSL	13:f67a6c6013ca	1046	(void)key_max_len;
wolfSSL	13:f67a6c6013ca	1047
wolfSSL	13:f67a6c6013ca	1048	/* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
wolfSSL	13:f67a6c6013ca	1049	if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
wolfSSL	13:f67a6c6013ca	1050	return 0;
wolfSSL	13:f67a6c6013ca	1051
wolfSSL	13:f67a6c6013ca	1052	/* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
wolfSSL	13:f67a6c6013ca	1053	unsigned binary */
wolfSSL	13:f67a6c6013ca	1054	key[0] = 26;
wolfSSL	13:f67a6c6013ca	1055	key[1] = 43;
wolfSSL	13:f67a6c6013ca	1056	key[2] = 60;
wolfSSL	13:f67a6c6013ca	1057	key[3] = 77;
wolfSSL	13:f67a6c6013ca	1058
wolfSSL	13:f67a6c6013ca	1059	return 4; /* length of key in octets or 0 for error */
wolfSSL	13:f67a6c6013ca	1060	}
wolfSSL	13:f67a6c6013ca	1061
wolfSSL	13:f67a6c6013ca	1062	#endif /* NO_PSK */
wolfSSL	13:f67a6c6013ca	1063
wolfSSL	13:f67a6c6013ca	1064
wolfSSL	13:f67a6c6013ca	1065	#if defined(WOLFSSL_USER_CURRTIME)
wolfSSL	13:f67a6c6013ca	1066	extern double current_time(int reset);
wolfSSL	13:f67a6c6013ca	1067
wolfSSL	13:f67a6c6013ca	1068	#elif defined(USE_WINDOWS_API)
wolfSSL	13:f67a6c6013ca	1069
wolfSSL	13:f67a6c6013ca	1070	#define WIN32_LEAN_AND_MEAN
wolfSSL	13:f67a6c6013ca	1071	#include <windows.h>
wolfSSL	13:f67a6c6013ca	1072
wolfSSL	13:f67a6c6013ca	1073	static INLINE double current_time(int reset)
wolfSSL	13:f67a6c6013ca	1074	{
wolfSSL	13:f67a6c6013ca	1075	static int init = 0;
wolfSSL	13:f67a6c6013ca	1076	static LARGE_INTEGER freq;
wolfSSL	13:f67a6c6013ca	1077
wolfSSL	13:f67a6c6013ca	1078	LARGE_INTEGER count;
wolfSSL	13:f67a6c6013ca	1079
wolfSSL	13:f67a6c6013ca	1080	if (!init) {
wolfSSL	13:f67a6c6013ca	1081	QueryPerformanceFrequency(&freq);
wolfSSL	13:f67a6c6013ca	1082	init = 1;
wolfSSL	13:f67a6c6013ca	1083	}
wolfSSL	13:f67a6c6013ca	1084
wolfSSL	13:f67a6c6013ca	1085	QueryPerformanceCounter(&count);
wolfSSL	13:f67a6c6013ca	1086
wolfSSL	13:f67a6c6013ca	1087	(void)reset;
wolfSSL	13:f67a6c6013ca	1088	return (double)count.QuadPart / freq.QuadPart;
wolfSSL	13:f67a6c6013ca	1089	}
wolfSSL	13:f67a6c6013ca	1090
wolfSSL	13:f67a6c6013ca	1091	#elif defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	1092	extern double current_time();
wolfSSL	13:f67a6c6013ca	1093	#else
wolfSSL	13:f67a6c6013ca	1094
wolfSSL	13:f67a6c6013ca	1095	#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL	13:f67a6c6013ca	1096	#include <sys/time.h>
wolfSSL	13:f67a6c6013ca	1097
wolfSSL	13:f67a6c6013ca	1098	static INLINE double current_time(int reset)
wolfSSL	13:f67a6c6013ca	1099	{
wolfSSL	13:f67a6c6013ca	1100	struct timeval tv;
wolfSSL	13:f67a6c6013ca	1101	gettimeofday(&tv, 0);
wolfSSL	13:f67a6c6013ca	1102	(void)reset;
wolfSSL	13:f67a6c6013ca	1103
wolfSSL	13:f67a6c6013ca	1104	return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
wolfSSL	13:f67a6c6013ca	1105	}
wolfSSL	13:f67a6c6013ca	1106	#else
wolfSSL	13:f67a6c6013ca	1107	extern double current_time(int reset);
wolfSSL	13:f67a6c6013ca	1108	#endif
wolfSSL	13:f67a6c6013ca	1109	#endif /* USE_WINDOWS_API */
wolfSSL	13:f67a6c6013ca	1110
wolfSSL	13:f67a6c6013ca	1111
wolfSSL	13:f67a6c6013ca	1112	#if !defined(NO_CERTS)
wolfSSL	13:f67a6c6013ca	1113	#if !defined(NO_FILESYSTEM) \|\| \
wolfSSL	13:f67a6c6013ca	1114	(defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST))
wolfSSL	13:f67a6c6013ca	1115
wolfSSL	13:f67a6c6013ca	1116	/* reads file size, allocates buffer, reads into buffer, returns buffer */
wolfSSL	13:f67a6c6013ca	1117	static INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
wolfSSL	13:f67a6c6013ca	1118	{
wolfSSL	13:f67a6c6013ca	1119	int ret;
wolfSSL	13:f67a6c6013ca	1120	long int fileSz;
wolfSSL	13:f67a6c6013ca	1121	FILE* file;
wolfSSL	13:f67a6c6013ca	1122
wolfSSL	13:f67a6c6013ca	1123	if (fname == NULL \|\| buf == NULL \|\| bufLen == NULL)
wolfSSL	13:f67a6c6013ca	1124	return BAD_FUNC_ARG;
wolfSSL	13:f67a6c6013ca	1125
wolfSSL	13:f67a6c6013ca	1126	/* set defaults */
wolfSSL	13:f67a6c6013ca	1127	*buf = NULL;
wolfSSL	13:f67a6c6013ca	1128	*bufLen = 0;
wolfSSL	13:f67a6c6013ca	1129
wolfSSL	13:f67a6c6013ca	1130	/* open file (read-only binary) */
wolfSSL	13:f67a6c6013ca	1131	file = fopen(fname, "rb");
wolfSSL	13:f67a6c6013ca	1132	if (!file) {
wolfSSL	13:f67a6c6013ca	1133	printf("Error loading %s\n", fname);
wolfSSL	13:f67a6c6013ca	1134	return BAD_PATH_ERROR;
wolfSSL	13:f67a6c6013ca	1135	}
wolfSSL	13:f67a6c6013ca	1136
wolfSSL	13:f67a6c6013ca	1137	fseek(file, 0, SEEK_END);
wolfSSL	13:f67a6c6013ca	1138	fileSz = (int)ftell(file);
wolfSSL	13:f67a6c6013ca	1139	rewind(file);
wolfSSL	13:f67a6c6013ca	1140	if (fileSz > 0) {
wolfSSL	13:f67a6c6013ca	1141	*bufLen = (size_t)fileSz;
wolfSSL	13:f67a6c6013ca	1142	buf = (byte)malloc(*bufLen);
wolfSSL	13:f67a6c6013ca	1143	if (*buf == NULL) {
wolfSSL	13:f67a6c6013ca	1144	ret = MEMORY_E;
wolfSSL	13:f67a6c6013ca	1145	printf("Error allocating %lu bytes\n", (unsigned long)*bufLen);
wolfSSL	13:f67a6c6013ca	1146	}
wolfSSL	13:f67a6c6013ca	1147	else {
wolfSSL	13:f67a6c6013ca	1148	size_t readLen = fread(buf, bufLen, 1, file);
wolfSSL	13:f67a6c6013ca	1149
wolfSSL	13:f67a6c6013ca	1150	/* check response code */
wolfSSL	13:f67a6c6013ca	1151	ret = (readLen > 0) ? 0 : -1;
wolfSSL	13:f67a6c6013ca	1152	}
wolfSSL	13:f67a6c6013ca	1153	}
wolfSSL	13:f67a6c6013ca	1154	else {
wolfSSL	13:f67a6c6013ca	1155	ret = BUFFER_E;
wolfSSL	13:f67a6c6013ca	1156	}
wolfSSL	13:f67a6c6013ca	1157	fclose(file);
wolfSSL	13:f67a6c6013ca	1158
wolfSSL	13:f67a6c6013ca	1159	return ret;
wolfSSL	13:f67a6c6013ca	1160	}
wolfSSL	13:f67a6c6013ca	1161
wolfSSL	13:f67a6c6013ca	1162	enum {
wolfSSL	13:f67a6c6013ca	1163	WOLFSSL_CA = 1,
wolfSSL	13:f67a6c6013ca	1164	WOLFSSL_CERT = 2,
wolfSSL	13:f67a6c6013ca	1165	WOLFSSL_KEY = 3,
wolfSSL	13:f67a6c6013ca	1166	WOLFSSL_CERT_CHAIN = 4,
wolfSSL	13:f67a6c6013ca	1167	};
wolfSSL	13:f67a6c6013ca	1168
wolfSSL	13:f67a6c6013ca	1169	static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
wolfSSL	13:f67a6c6013ca	1170	{
wolfSSL	13:f67a6c6013ca	1171	int format = SSL_FILETYPE_PEM;
wolfSSL	13:f67a6c6013ca	1172	byte* buff = NULL;
wolfSSL	13:f67a6c6013ca	1173	size_t sz = 0;
wolfSSL	13:f67a6c6013ca	1174
wolfSSL	13:f67a6c6013ca	1175	if (load_file(fname, &buff, &sz) != 0) {
wolfSSL	13:f67a6c6013ca	1176	err_sys("can't open file for buffer load "
wolfSSL	13:f67a6c6013ca	1177	"Please run from wolfSSL home directory if not");
wolfSSL	13:f67a6c6013ca	1178	}
wolfSSL	13:f67a6c6013ca	1179
wolfSSL	13:f67a6c6013ca	1180	/* determine format */
wolfSSL	13:f67a6c6013ca	1181	if (strstr(fname, ".der"))
wolfSSL	13:f67a6c6013ca	1182	format = SSL_FILETYPE_ASN1;
wolfSSL	13:f67a6c6013ca	1183
wolfSSL	13:f67a6c6013ca	1184	if (type == WOLFSSL_CA) {
wolfSSL	13:f67a6c6013ca	1185	if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
wolfSSL	13:f67a6c6013ca	1186	!= SSL_SUCCESS)
wolfSSL	13:f67a6c6013ca	1187	err_sys("can't load buffer ca file");
wolfSSL	13:f67a6c6013ca	1188	}
wolfSSL	13:f67a6c6013ca	1189	else if (type == WOLFSSL_CERT) {
wolfSSL	13:f67a6c6013ca	1190	if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, (long)sz,
wolfSSL	13:f67a6c6013ca	1191	format) != SSL_SUCCESS)
wolfSSL	13:f67a6c6013ca	1192	err_sys("can't load buffer cert file");
wolfSSL	13:f67a6c6013ca	1193	}
wolfSSL	13:f67a6c6013ca	1194	else if (type == WOLFSSL_KEY) {
wolfSSL	13:f67a6c6013ca	1195	if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, (long)sz,
wolfSSL	13:f67a6c6013ca	1196	format) != SSL_SUCCESS)
wolfSSL	13:f67a6c6013ca	1197	err_sys("can't load buffer key file");
wolfSSL	13:f67a6c6013ca	1198	}
wolfSSL	13:f67a6c6013ca	1199	else if (type == WOLFSSL_CERT_CHAIN) {
wolfSSL	13:f67a6c6013ca	1200	if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff,
wolfSSL	13:f67a6c6013ca	1201	(long)sz, format) != SSL_SUCCESS)
wolfSSL	13:f67a6c6013ca	1202	err_sys("can't load cert chain buffer");
wolfSSL	13:f67a6c6013ca	1203	}
wolfSSL	13:f67a6c6013ca	1204
wolfSSL	13:f67a6c6013ca	1205	if (buff)
wolfSSL	13:f67a6c6013ca	1206	free(buff);
wolfSSL	13:f67a6c6013ca	1207	}
wolfSSL	13:f67a6c6013ca	1208	#endif /* !NO_FILESYSTEM \|\| (NO_FILESYSTEM && FORCE_BUFFER_TEST) */
wolfSSL	13:f67a6c6013ca	1209	#endif /* !NO_CERTS */
wolfSSL	13:f67a6c6013ca	1210
wolfSSL	13:f67a6c6013ca	1211	static INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
wolfSSL	13:f67a6c6013ca	1212	{
wolfSSL	13:f67a6c6013ca	1213	char buffer[WOLFSSL_MAX_ERROR_SZ];
wolfSSL	13:f67a6c6013ca	1214	#ifdef OPENSSL_EXTRA
wolfSSL	13:f67a6c6013ca	1215	WOLFSSL_X509* peer;
wolfSSL	13:f67a6c6013ca	1216	#endif
wolfSSL	13:f67a6c6013ca	1217	(void)preverify;
wolfSSL	13:f67a6c6013ca	1218
wolfSSL	13:f67a6c6013ca	1219	printf("In verification callback, error = %d, %s\n", store->error,
wolfSSL	13:f67a6c6013ca	1220	wolfSSL_ERR_error_string(store->error, buffer));
wolfSSL	13:f67a6c6013ca	1221	#ifdef OPENSSL_EXTRA
wolfSSL	13:f67a6c6013ca	1222	peer = store->current_cert;
wolfSSL	13:f67a6c6013ca	1223	if (peer) {
wolfSSL	13:f67a6c6013ca	1224	char* issuer = wolfSSL_X509_NAME_oneline(
wolfSSL	13:f67a6c6013ca	1225	wolfSSL_X509_get_issuer_name(peer), 0, 0);
wolfSSL	13:f67a6c6013ca	1226	char* subject = wolfSSL_X509_NAME_oneline(
wolfSSL	13:f67a6c6013ca	1227	wolfSSL_X509_get_subject_name(peer), 0, 0);
wolfSSL	13:f67a6c6013ca	1228	printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
wolfSSL	13:f67a6c6013ca	1229	subject);
wolfSSL	13:f67a6c6013ca	1230	XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	13:f67a6c6013ca	1231	XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	13:f67a6c6013ca	1232	}
wolfSSL	13:f67a6c6013ca	1233	else
wolfSSL	13:f67a6c6013ca	1234	printf("\tPeer has no cert!\n");
wolfSSL	13:f67a6c6013ca	1235	#else
wolfSSL	13:f67a6c6013ca	1236	printf("\tPeer certs: %d\n", store->totalCerts);
wolfSSL	13:f67a6c6013ca	1237	#ifdef VERIFY_CALLBACK_SHOW_PEER_CERTS
wolfSSL	13:f67a6c6013ca	1238	{ int i;
wolfSSL	13:f67a6c6013ca	1239	for (i=0; i<store->totalCerts; i++) {
wolfSSL	13:f67a6c6013ca	1240	WOLFSSL_BUFFER_INFO* cert = &store->certs[i];
wolfSSL	13:f67a6c6013ca	1241	printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length);
wolfSSL	13:f67a6c6013ca	1242	}
wolfSSL	13:f67a6c6013ca	1243	}
wolfSSL	13:f67a6c6013ca	1244	#endif
wolfSSL	13:f67a6c6013ca	1245	#endif
wolfSSL	13:f67a6c6013ca	1246
wolfSSL	13:f67a6c6013ca	1247	printf("\tSubject's domain name is %s\n", store->domain);
wolfSSL	13:f67a6c6013ca	1248
wolfSSL	13:f67a6c6013ca	1249	printf("\tAllowing to continue anyway (shouldn't do this, EVER!!!)\n");
wolfSSL	13:f67a6c6013ca	1250	return 1;
wolfSSL	13:f67a6c6013ca	1251	}
wolfSSL	13:f67a6c6013ca	1252
wolfSSL	13:f67a6c6013ca	1253
wolfSSL	13:f67a6c6013ca	1254	static INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
wolfSSL	13:f67a6c6013ca	1255	{
wolfSSL	13:f67a6c6013ca	1256	char buffer[WOLFSSL_MAX_ERROR_SZ];
wolfSSL	13:f67a6c6013ca	1257	(void)preverify;
wolfSSL	13:f67a6c6013ca	1258
wolfSSL	13:f67a6c6013ca	1259	printf("In verification callback, error = %d, %s\n", store->error,
wolfSSL	13:f67a6c6013ca	1260	wolfSSL_ERR_error_string(store->error, buffer));
wolfSSL	13:f67a6c6013ca	1261	printf("Subject's domain name is %s\n", store->domain);
wolfSSL	13:f67a6c6013ca	1262
wolfSSL	13:f67a6c6013ca	1263	if (store->error == ASN_BEFORE_DATE_E \|\| store->error == ASN_AFTER_DATE_E) {
wolfSSL	13:f67a6c6013ca	1264	printf("Overriding cert date error as example for bad clock testing\n");
wolfSSL	13:f67a6c6013ca	1265	return 1;
wolfSSL	13:f67a6c6013ca	1266	}
wolfSSL	13:f67a6c6013ca	1267	printf("Cert error is not date error, not overriding\n");
wolfSSL	13:f67a6c6013ca	1268
wolfSSL	13:f67a6c6013ca	1269	return 0;
wolfSSL	13:f67a6c6013ca	1270	}
wolfSSL	13:f67a6c6013ca	1271
wolfSSL	13:f67a6c6013ca	1272
wolfSSL	13:f67a6c6013ca	1273	#ifdef HAVE_CRL
wolfSSL	13:f67a6c6013ca	1274
wolfSSL	13:f67a6c6013ca	1275	static INLINE void CRL_CallBack(const char* url)
wolfSSL	13:f67a6c6013ca	1276	{
wolfSSL	13:f67a6c6013ca	1277	printf("CRL callback url = %s\n", url);
wolfSSL	13:f67a6c6013ca	1278	}
wolfSSL	13:f67a6c6013ca	1279
wolfSSL	13:f67a6c6013ca	1280	#endif
wolfSSL	13:f67a6c6013ca	1281
wolfSSL	13:f67a6c6013ca	1282	#ifndef NO_DH
wolfSSL	13:f67a6c6013ca	1283	static INLINE void SetDH(WOLFSSL* ssl)
wolfSSL	13:f67a6c6013ca	1284	{
wolfSSL	13:f67a6c6013ca	1285	/* dh1024 p */
wolfSSL	13:f67a6c6013ca	1286	static unsigned char p[] =
wolfSSL	13:f67a6c6013ca	1287	{
wolfSSL	13:f67a6c6013ca	1288	0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
wolfSSL	13:f67a6c6013ca	1289	0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
wolfSSL	13:f67a6c6013ca	1290	0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
wolfSSL	13:f67a6c6013ca	1291	0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
wolfSSL	13:f67a6c6013ca	1292	0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
wolfSSL	13:f67a6c6013ca	1293	0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
wolfSSL	13:f67a6c6013ca	1294	0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
wolfSSL	13:f67a6c6013ca	1295	0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
wolfSSL	13:f67a6c6013ca	1296	0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
wolfSSL	13:f67a6c6013ca	1297	0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
wolfSSL	13:f67a6c6013ca	1298	0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
wolfSSL	13:f67a6c6013ca	1299	};
wolfSSL	13:f67a6c6013ca	1300
wolfSSL	13:f67a6c6013ca	1301	/* dh1024 g */
wolfSSL	13:f67a6c6013ca	1302	static unsigned char g[] =
wolfSSL	13:f67a6c6013ca	1303	{
wolfSSL	13:f67a6c6013ca	1304	0x02,
wolfSSL	13:f67a6c6013ca	1305	};
wolfSSL	13:f67a6c6013ca	1306
wolfSSL	13:f67a6c6013ca	1307	wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
wolfSSL	13:f67a6c6013ca	1308	}
wolfSSL	13:f67a6c6013ca	1309
wolfSSL	13:f67a6c6013ca	1310	static INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
wolfSSL	13:f67a6c6013ca	1311	{
wolfSSL	13:f67a6c6013ca	1312	/* dh1024 p */
wolfSSL	13:f67a6c6013ca	1313	static unsigned char p[] =
wolfSSL	13:f67a6c6013ca	1314	{
wolfSSL	13:f67a6c6013ca	1315	0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
wolfSSL	13:f67a6c6013ca	1316	0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
wolfSSL	13:f67a6c6013ca	1317	0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
wolfSSL	13:f67a6c6013ca	1318	0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
wolfSSL	13:f67a6c6013ca	1319	0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
wolfSSL	13:f67a6c6013ca	1320	0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
wolfSSL	13:f67a6c6013ca	1321	0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
wolfSSL	13:f67a6c6013ca	1322	0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
wolfSSL	13:f67a6c6013ca	1323	0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
wolfSSL	13:f67a6c6013ca	1324	0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
wolfSSL	13:f67a6c6013ca	1325	0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
wolfSSL	13:f67a6c6013ca	1326	};
wolfSSL	13:f67a6c6013ca	1327
wolfSSL	13:f67a6c6013ca	1328	/* dh1024 g */
wolfSSL	13:f67a6c6013ca	1329	static unsigned char g[] =
wolfSSL	13:f67a6c6013ca	1330	{
wolfSSL	13:f67a6c6013ca	1331	0x02,
wolfSSL	13:f67a6c6013ca	1332	};
wolfSSL	13:f67a6c6013ca	1333
wolfSSL	13:f67a6c6013ca	1334	wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
wolfSSL	13:f67a6c6013ca	1335	}
wolfSSL	13:f67a6c6013ca	1336	#endif /* NO_DH */
wolfSSL	13:f67a6c6013ca	1337
wolfSSL	13:f67a6c6013ca	1338	#ifndef NO_CERTS
wolfSSL	13:f67a6c6013ca	1339
wolfSSL	13:f67a6c6013ca	1340	static INLINE void CaCb(unsigned char* der, int sz, int type)
wolfSSL	13:f67a6c6013ca	1341	{
wolfSSL	13:f67a6c6013ca	1342	(void)der;
wolfSSL	13:f67a6c6013ca	1343	printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
wolfSSL	13:f67a6c6013ca	1344	}
wolfSSL	13:f67a6c6013ca	1345
wolfSSL	13:f67a6c6013ca	1346	#endif /* !NO_CERTS */
wolfSSL	13:f67a6c6013ca	1347
wolfSSL	13:f67a6c6013ca	1348
wolfSSL	13:f67a6c6013ca	1349	/* Wolf Root Directory Helper */
wolfSSL	13:f67a6c6013ca	1350	/* KEIL-RL File System does not support relative directory */
wolfSSL	13:f67a6c6013ca	1351	#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS)
wolfSSL	13:f67a6c6013ca	1352	/* Maximum depth to search for WolfSSL root */
wolfSSL	13:f67a6c6013ca	1353	#define MAX_WOLF_ROOT_DEPTH 5
wolfSSL	13:f67a6c6013ca	1354
wolfSSL	13:f67a6c6013ca	1355	static INLINE int ChangeToWolfRoot(void)
wolfSSL	13:f67a6c6013ca	1356	{
wolfSSL	13:f67a6c6013ca	1357	#if !defined(NO_FILESYSTEM) \|\| defined(FORCE_BUFFER_TEST)
wolfSSL	13:f67a6c6013ca	1358	int depth, res;
wolfSSL	13:f67a6c6013ca	1359	FILE* file;
wolfSSL	13:f67a6c6013ca	1360	for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
wolfSSL	13:f67a6c6013ca	1361	file = fopen(ntruKeyFile, "rb");
wolfSSL	13:f67a6c6013ca	1362	if (file != NULL) {
wolfSSL	13:f67a6c6013ca	1363	fclose(file);
wolfSSL	13:f67a6c6013ca	1364	return depth;
wolfSSL	13:f67a6c6013ca	1365	}
wolfSSL	13:f67a6c6013ca	1366	#ifdef USE_WINDOWS_API
wolfSSL	13:f67a6c6013ca	1367	res = SetCurrentDirectoryA("..\\");
wolfSSL	13:f67a6c6013ca	1368	#else
wolfSSL	13:f67a6c6013ca	1369	res = chdir("../");
wolfSSL	13:f67a6c6013ca	1370	#endif
wolfSSL	13:f67a6c6013ca	1371	if (res < 0) {
wolfSSL	13:f67a6c6013ca	1372	printf("chdir to ../ failed!\n");
wolfSSL	13:f67a6c6013ca	1373	break;
wolfSSL	13:f67a6c6013ca	1374	}
wolfSSL	13:f67a6c6013ca	1375	}
wolfSSL	13:f67a6c6013ca	1376
wolfSSL	13:f67a6c6013ca	1377	err_sys("wolf root not found");
wolfSSL	13:f67a6c6013ca	1378	return -1;
wolfSSL	13:f67a6c6013ca	1379	#else
wolfSSL	13:f67a6c6013ca	1380	return 0;
wolfSSL	13:f67a6c6013ca	1381	#endif
wolfSSL	13:f67a6c6013ca	1382	}
wolfSSL	13:f67a6c6013ca	1383	#endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */
wolfSSL	13:f67a6c6013ca	1384
wolfSSL	13:f67a6c6013ca	1385	#ifdef HAVE_STACK_SIZE
wolfSSL	13:f67a6c6013ca	1386
wolfSSL	13:f67a6c6013ca	1387	typedef THREAD_RETURN WOLFSSL_THREAD (thread_func)(void args);
wolfSSL	13:f67a6c6013ca	1388
wolfSSL	13:f67a6c6013ca	1389
wolfSSL	13:f67a6c6013ca	1390	static INLINE int StackSizeCheck(func_args* args, thread_func tf)
wolfSSL	13:f67a6c6013ca	1391	{
wolfSSL	13:f67a6c6013ca	1392	int ret, i, used;
wolfSSL	13:f67a6c6013ca	1393	void* status;
wolfSSL	13:f67a6c6013ca	1394	unsigned char* myStack = NULL;
wolfSSL	13:f67a6c6013ca	1395	int stackSize = 1024*128;
wolfSSL	13:f67a6c6013ca	1396	pthread_attr_t myAttr;
wolfSSL	13:f67a6c6013ca	1397	pthread_t threadId;
wolfSSL	13:f67a6c6013ca	1398
wolfSSL	13:f67a6c6013ca	1399	#ifdef PTHREAD_STACK_MIN
wolfSSL	13:f67a6c6013ca	1400	if (stackSize < PTHREAD_STACK_MIN)
wolfSSL	13:f67a6c6013ca	1401	stackSize = PTHREAD_STACK_MIN;
wolfSSL	13:f67a6c6013ca	1402	#endif
wolfSSL	13:f67a6c6013ca	1403
wolfSSL	13:f67a6c6013ca	1404	ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
wolfSSL	13:f67a6c6013ca	1405	if (ret != 0 \|\| myStack == NULL)
wolfSSL	13:f67a6c6013ca	1406	err_sys("posix_memalign failed\n");
wolfSSL	13:f67a6c6013ca	1407
wolfSSL	13:f67a6c6013ca	1408	XMEMSET(myStack, 0x01, stackSize);
wolfSSL	13:f67a6c6013ca	1409
wolfSSL	13:f67a6c6013ca	1410	ret = pthread_attr_init(&myAttr);
wolfSSL	13:f67a6c6013ca	1411	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1412	err_sys("attr_init failed");
wolfSSL	13:f67a6c6013ca	1413
wolfSSL	13:f67a6c6013ca	1414	ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
wolfSSL	13:f67a6c6013ca	1415	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1416	err_sys("attr_setstackaddr failed");
wolfSSL	13:f67a6c6013ca	1417
wolfSSL	13:f67a6c6013ca	1418	ret = pthread_create(&threadId, &myAttr, tf, args);
wolfSSL	13:f67a6c6013ca	1419	if (ret != 0) {
wolfSSL	13:f67a6c6013ca	1420	perror("pthread_create failed");
wolfSSL	13:f67a6c6013ca	1421	exit(EXIT_FAILURE);
wolfSSL	13:f67a6c6013ca	1422	}
wolfSSL	13:f67a6c6013ca	1423
wolfSSL	13:f67a6c6013ca	1424	ret = pthread_join(threadId, &status);
wolfSSL	13:f67a6c6013ca	1425	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1426	err_sys("pthread_join failed");
wolfSSL	13:f67a6c6013ca	1427
wolfSSL	13:f67a6c6013ca	1428	for (i = 0; i < stackSize; i++) {
wolfSSL	13:f67a6c6013ca	1429	if (myStack[i] != 0x01) {
wolfSSL	13:f67a6c6013ca	1430	break;
wolfSSL	13:f67a6c6013ca	1431	}
wolfSSL	13:f67a6c6013ca	1432	}
wolfSSL	13:f67a6c6013ca	1433
wolfSSL	13:f67a6c6013ca	1434	free(myStack);
wolfSSL	13:f67a6c6013ca	1435
wolfSSL	13:f67a6c6013ca	1436	used = stackSize - i;
wolfSSL	13:f67a6c6013ca	1437	printf("stack used = %d\n", used);
wolfSSL	13:f67a6c6013ca	1438
wolfSSL	13:f67a6c6013ca	1439	return (int)((size_t)status);
wolfSSL	13:f67a6c6013ca	1440	}
wolfSSL	13:f67a6c6013ca	1441
wolfSSL	13:f67a6c6013ca	1442
wolfSSL	13:f67a6c6013ca	1443	#endif /* HAVE_STACK_SIZE */
wolfSSL	13:f67a6c6013ca	1444
wolfSSL	13:f67a6c6013ca	1445
wolfSSL	13:f67a6c6013ca	1446	#ifdef STACK_TRAP
wolfSSL	13:f67a6c6013ca	1447
wolfSSL	13:f67a6c6013ca	1448	/* good settings
wolfSSL	13:f67a6c6013ca	1449	--enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
wolfSSL	13:f67a6c6013ca	1450
wolfSSL	13:f67a6c6013ca	1451	*/
wolfSSL	13:f67a6c6013ca	1452
wolfSSL	13:f67a6c6013ca	1453	#ifdef HAVE_STACK_SIZE
wolfSSL	13:f67a6c6013ca	1454	/* client only for now, setrlimit will fail if pthread_create() called */
wolfSSL	13:f67a6c6013ca	1455	/* STACK_SIZE does pthread_create() on client */
wolfSSL	13:f67a6c6013ca	1456	#error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
wolfSSL	13:f67a6c6013ca	1457	#endif /* HAVE_STACK_SIZE */
wolfSSL	13:f67a6c6013ca	1458
wolfSSL	13:f67a6c6013ca	1459	static INLINE void StackTrap(void)
wolfSSL	13:f67a6c6013ca	1460	{
wolfSSL	13:f67a6c6013ca	1461	struct rlimit rl;
wolfSSL	13:f67a6c6013ca	1462	if (getrlimit(RLIMIT_STACK, &rl) != 0)
wolfSSL	13:f67a6c6013ca	1463	err_sys("getrlimit failed");
wolfSSL	13:f67a6c6013ca	1464	printf("rlim_cur = %llu\n", rl.rlim_cur);
wolfSSL	13:f67a6c6013ca	1465	rl.rlim_cur = 102421; / adjust trap size here */
wolfSSL	13:f67a6c6013ca	1466	if (setrlimit(RLIMIT_STACK, &rl) != 0) {
wolfSSL	13:f67a6c6013ca	1467	perror("setrlimit");
wolfSSL	13:f67a6c6013ca	1468	err_sys("setrlimit failed");
wolfSSL	13:f67a6c6013ca	1469	}
wolfSSL	13:f67a6c6013ca	1470	}
wolfSSL	13:f67a6c6013ca	1471
wolfSSL	13:f67a6c6013ca	1472	#else /* STACK_TRAP */
wolfSSL	13:f67a6c6013ca	1473
wolfSSL	13:f67a6c6013ca	1474	static INLINE void StackTrap(void)
wolfSSL	13:f67a6c6013ca	1475	{
wolfSSL	13:f67a6c6013ca	1476	}
wolfSSL	13:f67a6c6013ca	1477
wolfSSL	13:f67a6c6013ca	1478	#endif /* STACK_TRAP */
wolfSSL	13:f67a6c6013ca	1479
wolfSSL	13:f67a6c6013ca	1480
wolfSSL	13:f67a6c6013ca	1481	#ifdef ATOMIC_USER
wolfSSL	13:f67a6c6013ca	1482
wolfSSL	13:f67a6c6013ca	1483	/* Atomic Encrypt Context example */
wolfSSL	13:f67a6c6013ca	1484	typedef struct AtomicEncCtx {
wolfSSL	13:f67a6c6013ca	1485	int keySetup; /* have we done key setup yet */
wolfSSL	13:f67a6c6013ca	1486	Aes aes; /* for aes example */
wolfSSL	13:f67a6c6013ca	1487	} AtomicEncCtx;
wolfSSL	13:f67a6c6013ca	1488
wolfSSL	13:f67a6c6013ca	1489
wolfSSL	13:f67a6c6013ca	1490	/* Atomic Decrypt Context example */
wolfSSL	13:f67a6c6013ca	1491	typedef struct AtomicDecCtx {
wolfSSL	13:f67a6c6013ca	1492	int keySetup; /* have we done key setup yet */
wolfSSL	13:f67a6c6013ca	1493	Aes aes; /* for aes example */
wolfSSL	13:f67a6c6013ca	1494	} AtomicDecCtx;
wolfSSL	13:f67a6c6013ca	1495
wolfSSL	13:f67a6c6013ca	1496
wolfSSL	13:f67a6c6013ca	1497	static INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
wolfSSL	13:f67a6c6013ca	1498	const unsigned char* macIn, unsigned int macInSz, int macContent,
wolfSSL	13:f67a6c6013ca	1499	int macVerify, unsigned char* encOut, const unsigned char* encIn,
wolfSSL	13:f67a6c6013ca	1500	unsigned int encSz, void* ctx)
wolfSSL	13:f67a6c6013ca	1501	{
wolfSSL	13:f67a6c6013ca	1502	int ret;
wolfSSL	13:f67a6c6013ca	1503	Hmac hmac;
wolfSSL	13:f67a6c6013ca	1504	byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL	13:f67a6c6013ca	1505	AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
wolfSSL	13:f67a6c6013ca	1506	const char* tlsStr = "TLS";
wolfSSL	13:f67a6c6013ca	1507
wolfSSL	13:f67a6c6013ca	1508	/* example supports (d)tls aes */
wolfSSL	13:f67a6c6013ca	1509	if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
wolfSSL	13:f67a6c6013ca	1510	printf("myMacEncryptCb not using AES\n");
wolfSSL	13:f67a6c6013ca	1511	return -1;
wolfSSL	13:f67a6c6013ca	1512	}
wolfSSL	13:f67a6c6013ca	1513
wolfSSL	13:f67a6c6013ca	1514	if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
wolfSSL	13:f67a6c6013ca	1515	printf("myMacEncryptCb not using (D)TLS\n");
wolfSSL	13:f67a6c6013ca	1516	return -1;
wolfSSL	13:f67a6c6013ca	1517	}
wolfSSL	13:f67a6c6013ca	1518
wolfSSL	13:f67a6c6013ca	1519	/* hmac, not needed if aead mode */
wolfSSL	13:f67a6c6013ca	1520	wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
wolfSSL	13:f67a6c6013ca	1521
wolfSSL	13:f67a6c6013ca	1522	ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
wolfSSL	13:f67a6c6013ca	1523	wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
wolfSSL	13:f67a6c6013ca	1524	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1525	return ret;
wolfSSL	13:f67a6c6013ca	1526	ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL	13:f67a6c6013ca	1527	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1528	return ret;
wolfSSL	13:f67a6c6013ca	1529	ret = wc_HmacUpdate(&hmac, macIn, macInSz);
wolfSSL	13:f67a6c6013ca	1530	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1531	return ret;
wolfSSL	13:f67a6c6013ca	1532	ret = wc_HmacFinal(&hmac, macOut);
wolfSSL	13:f67a6c6013ca	1533	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1534	return ret;
wolfSSL	13:f67a6c6013ca	1535
wolfSSL	13:f67a6c6013ca	1536
wolfSSL	13:f67a6c6013ca	1537	/* encrypt setup on first time */
wolfSSL	13:f67a6c6013ca	1538	if (encCtx->keySetup == 0) {
wolfSSL	13:f67a6c6013ca	1539	int keyLen = wolfSSL_GetKeySize(ssl);
wolfSSL	13:f67a6c6013ca	1540	const byte* key;
wolfSSL	13:f67a6c6013ca	1541	const byte* iv;
wolfSSL	13:f67a6c6013ca	1542
wolfSSL	13:f67a6c6013ca	1543	if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
wolfSSL	13:f67a6c6013ca	1544	key = wolfSSL_GetClientWriteKey(ssl);
wolfSSL	13:f67a6c6013ca	1545	iv = wolfSSL_GetClientWriteIV(ssl);
wolfSSL	13:f67a6c6013ca	1546	}
wolfSSL	13:f67a6c6013ca	1547	else {
wolfSSL	13:f67a6c6013ca	1548	key = wolfSSL_GetServerWriteKey(ssl);
wolfSSL	13:f67a6c6013ca	1549	iv = wolfSSL_GetServerWriteIV(ssl);
wolfSSL	13:f67a6c6013ca	1550	}
wolfSSL	13:f67a6c6013ca	1551
wolfSSL	13:f67a6c6013ca	1552	ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
wolfSSL	13:f67a6c6013ca	1553	if (ret != 0) {
wolfSSL	13:f67a6c6013ca	1554	printf("AesSetKey failed in myMacEncryptCb\n");
wolfSSL	13:f67a6c6013ca	1555	return ret;
wolfSSL	13:f67a6c6013ca	1556	}
wolfSSL	13:f67a6c6013ca	1557	encCtx->keySetup = 1;
wolfSSL	13:f67a6c6013ca	1558	}
wolfSSL	13:f67a6c6013ca	1559
wolfSSL	13:f67a6c6013ca	1560	/* encrypt */
wolfSSL	13:f67a6c6013ca	1561	return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
wolfSSL	13:f67a6c6013ca	1562	}
wolfSSL	13:f67a6c6013ca	1563
wolfSSL	13:f67a6c6013ca	1564
wolfSSL	13:f67a6c6013ca	1565	static INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
wolfSSL	13:f67a6c6013ca	1566	unsigned char* decOut, const unsigned char* decIn,
wolfSSL	13:f67a6c6013ca	1567	unsigned int decSz, int macContent, int macVerify,
wolfSSL	13:f67a6c6013ca	1568	unsigned int* padSz, void* ctx)
wolfSSL	13:f67a6c6013ca	1569	{
wolfSSL	13:f67a6c6013ca	1570	AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
wolfSSL	13:f67a6c6013ca	1571	int ret = 0;
wolfSSL	13:f67a6c6013ca	1572	int macInSz = 0;
wolfSSL	13:f67a6c6013ca	1573	int ivExtra = 0;
wolfSSL	13:f67a6c6013ca	1574	int digestSz = wolfSSL_GetHmacSize(ssl);
wolfSSL	13:f67a6c6013ca	1575	unsigned int pad = 0;
wolfSSL	13:f67a6c6013ca	1576	unsigned int padByte = 0;
wolfSSL	13:f67a6c6013ca	1577	Hmac hmac;
wolfSSL	13:f67a6c6013ca	1578	byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
wolfSSL	13:f67a6c6013ca	1579	byte verify[MAX_DIGEST_SIZE];
wolfSSL	13:f67a6c6013ca	1580	const char* tlsStr = "TLS";
wolfSSL	13:f67a6c6013ca	1581
wolfSSL	13:f67a6c6013ca	1582	/* example supports (d)tls aes */
wolfSSL	13:f67a6c6013ca	1583	if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
wolfSSL	13:f67a6c6013ca	1584	printf("myMacEncryptCb not using AES\n");
wolfSSL	13:f67a6c6013ca	1585	return -1;
wolfSSL	13:f67a6c6013ca	1586	}
wolfSSL	13:f67a6c6013ca	1587
wolfSSL	13:f67a6c6013ca	1588	if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
wolfSSL	13:f67a6c6013ca	1589	printf("myMacEncryptCb not using (D)TLS\n");
wolfSSL	13:f67a6c6013ca	1590	return -1;
wolfSSL	13:f67a6c6013ca	1591	}
wolfSSL	13:f67a6c6013ca	1592
wolfSSL	13:f67a6c6013ca	1593	/decrypt /
wolfSSL	13:f67a6c6013ca	1594	if (decCtx->keySetup == 0) {
wolfSSL	13:f67a6c6013ca	1595	int keyLen = wolfSSL_GetKeySize(ssl);
wolfSSL	13:f67a6c6013ca	1596	const byte* key;
wolfSSL	13:f67a6c6013ca	1597	const byte* iv;
wolfSSL	13:f67a6c6013ca	1598
wolfSSL	13:f67a6c6013ca	1599	/* decrypt is from other side (peer) */
wolfSSL	13:f67a6c6013ca	1600	if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
wolfSSL	13:f67a6c6013ca	1601	key = wolfSSL_GetClientWriteKey(ssl);
wolfSSL	13:f67a6c6013ca	1602	iv = wolfSSL_GetClientWriteIV(ssl);
wolfSSL	13:f67a6c6013ca	1603	}
wolfSSL	13:f67a6c6013ca	1604	else {
wolfSSL	13:f67a6c6013ca	1605	key = wolfSSL_GetServerWriteKey(ssl);
wolfSSL	13:f67a6c6013ca	1606	iv = wolfSSL_GetServerWriteIV(ssl);
wolfSSL	13:f67a6c6013ca	1607	}
wolfSSL	13:f67a6c6013ca	1608
wolfSSL	13:f67a6c6013ca	1609	ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
wolfSSL	13:f67a6c6013ca	1610	if (ret != 0) {
wolfSSL	13:f67a6c6013ca	1611	printf("AesSetKey failed in myDecryptVerifyCb\n");
wolfSSL	13:f67a6c6013ca	1612	return ret;
wolfSSL	13:f67a6c6013ca	1613	}
wolfSSL	13:f67a6c6013ca	1614	decCtx->keySetup = 1;
wolfSSL	13:f67a6c6013ca	1615	}
wolfSSL	13:f67a6c6013ca	1616
wolfSSL	13:f67a6c6013ca	1617	/* decrypt */
wolfSSL	13:f67a6c6013ca	1618	ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
wolfSSL	13:f67a6c6013ca	1619	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1620	return ret;
wolfSSL	13:f67a6c6013ca	1621
wolfSSL	13:f67a6c6013ca	1622	if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
wolfSSL	13:f67a6c6013ca	1623	*padSz = wolfSSL_GetAeadMacSize(ssl);
wolfSSL	13:f67a6c6013ca	1624	return 0; /* hmac, not needed if aead mode */
wolfSSL	13:f67a6c6013ca	1625	}
wolfSSL	13:f67a6c6013ca	1626
wolfSSL	13:f67a6c6013ca	1627	if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) {
wolfSSL	13:f67a6c6013ca	1628	pad = *(decOut + decSz - 1);
wolfSSL	13:f67a6c6013ca	1629	padByte = 1;
wolfSSL	13:f67a6c6013ca	1630	if (wolfSSL_IsTLSv1_1(ssl))
wolfSSL	13:f67a6c6013ca	1631	ivExtra = wolfSSL_GetCipherBlockSize(ssl);
wolfSSL	13:f67a6c6013ca	1632	}
wolfSSL	13:f67a6c6013ca	1633
wolfSSL	13:f67a6c6013ca	1634	*padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte;
wolfSSL	13:f67a6c6013ca	1635	macInSz = decSz - ivExtra - digestSz - pad - padByte;
wolfSSL	13:f67a6c6013ca	1636
wolfSSL	13:f67a6c6013ca	1637	wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
wolfSSL	13:f67a6c6013ca	1638
wolfSSL	13:f67a6c6013ca	1639	ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
wolfSSL	13:f67a6c6013ca	1640	wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
wolfSSL	13:f67a6c6013ca	1641	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1642	return ret;
wolfSSL	13:f67a6c6013ca	1643	ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL	13:f67a6c6013ca	1644	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1645	return ret;
wolfSSL	13:f67a6c6013ca	1646	ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz);
wolfSSL	13:f67a6c6013ca	1647	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1648	return ret;
wolfSSL	13:f67a6c6013ca	1649	ret = wc_HmacFinal(&hmac, verify);
wolfSSL	13:f67a6c6013ca	1650	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1651	return ret;
wolfSSL	13:f67a6c6013ca	1652
wolfSSL	13:f67a6c6013ca	1653	if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte,
wolfSSL	13:f67a6c6013ca	1654	digestSz) != 0) {
wolfSSL	13:f67a6c6013ca	1655	printf("myDecryptVerify verify failed\n");
wolfSSL	13:f67a6c6013ca	1656	return -1;
wolfSSL	13:f67a6c6013ca	1657	}
wolfSSL	13:f67a6c6013ca	1658
wolfSSL	13:f67a6c6013ca	1659	return ret;
wolfSSL	13:f67a6c6013ca	1660	}
wolfSSL	13:f67a6c6013ca	1661
wolfSSL	13:f67a6c6013ca	1662
wolfSSL	13:f67a6c6013ca	1663	static INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
wolfSSL	13:f67a6c6013ca	1664	{
wolfSSL	13:f67a6c6013ca	1665	AtomicEncCtx* encCtx;
wolfSSL	13:f67a6c6013ca	1666	AtomicDecCtx* decCtx;
wolfSSL	13:f67a6c6013ca	1667
wolfSSL	13:f67a6c6013ca	1668	encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
wolfSSL	13:f67a6c6013ca	1669	if (encCtx == NULL)
wolfSSL	13:f67a6c6013ca	1670	err_sys("AtomicEncCtx malloc failed");
wolfSSL	13:f67a6c6013ca	1671	memset(encCtx, 0, sizeof(AtomicEncCtx));
wolfSSL	13:f67a6c6013ca	1672
wolfSSL	13:f67a6c6013ca	1673	decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
wolfSSL	13:f67a6c6013ca	1674	if (decCtx == NULL) {
wolfSSL	13:f67a6c6013ca	1675	free(encCtx);
wolfSSL	13:f67a6c6013ca	1676	err_sys("AtomicDecCtx malloc failed");
wolfSSL	13:f67a6c6013ca	1677	}
wolfSSL	13:f67a6c6013ca	1678	memset(decCtx, 0, sizeof(AtomicDecCtx));
wolfSSL	13:f67a6c6013ca	1679
wolfSSL	13:f67a6c6013ca	1680	wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
wolfSSL	13:f67a6c6013ca	1681	wolfSSL_SetMacEncryptCtx(ssl, encCtx);
wolfSSL	13:f67a6c6013ca	1682
wolfSSL	13:f67a6c6013ca	1683	wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
wolfSSL	13:f67a6c6013ca	1684	wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
wolfSSL	13:f67a6c6013ca	1685	}
wolfSSL	13:f67a6c6013ca	1686
wolfSSL	13:f67a6c6013ca	1687
wolfSSL	13:f67a6c6013ca	1688	static INLINE void FreeAtomicUser(WOLFSSL* ssl)
wolfSSL	13:f67a6c6013ca	1689	{
wolfSSL	13:f67a6c6013ca	1690	AtomicEncCtx* encCtx = (AtomicEncCtx*)wolfSSL_GetMacEncryptCtx(ssl);
wolfSSL	13:f67a6c6013ca	1691	AtomicDecCtx* decCtx = (AtomicDecCtx*)wolfSSL_GetDecryptVerifyCtx(ssl);
wolfSSL	13:f67a6c6013ca	1692
wolfSSL	13:f67a6c6013ca	1693	free(decCtx);
wolfSSL	13:f67a6c6013ca	1694	free(encCtx);
wolfSSL	13:f67a6c6013ca	1695	}
wolfSSL	13:f67a6c6013ca	1696
wolfSSL	13:f67a6c6013ca	1697	#endif /* ATOMIC_USER */
wolfSSL	13:f67a6c6013ca	1698
wolfSSL	13:f67a6c6013ca	1699	#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL	13:f67a6c6013ca	1700	static INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
wolfSSL	13:f67a6c6013ca	1701	{
wolfSSL	13:f67a6c6013ca	1702	word16 i;
wolfSSL	13:f67a6c6013ca	1703
wolfSSL	13:f67a6c6013ca	1704	if (stats == NULL) {
wolfSSL	13:f67a6c6013ca	1705	return 0;
wolfSSL	13:f67a6c6013ca	1706	}
wolfSSL	13:f67a6c6013ca	1707
wolfSSL	13:f67a6c6013ca	1708	/* print to stderr so is on the same pipe as WOLFSSL_DEBUG */
wolfSSL	13:f67a6c6013ca	1709	fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc);
wolfSSL	13:f67a6c6013ca	1710	fprintf(stderr, "Total frees = %d\n", stats->totalFr);
wolfSSL	13:f67a6c6013ca	1711	fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc);
wolfSSL	13:f67a6c6013ca	1712	fprintf(stderr, "Available IO = %d\n", stats->avaIO);
wolfSSL	13:f67a6c6013ca	1713	fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa);
wolfSSL	13:f67a6c6013ca	1714	fprintf(stderr, "Max con. IO = %d\n", stats->maxIO);
wolfSSL	13:f67a6c6013ca	1715	fprintf(stderr, "State of memory blocks: size : available \n");
wolfSSL	13:f67a6c6013ca	1716	for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
wolfSSL	13:f67a6c6013ca	1717	fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i],
wolfSSL	13:f67a6c6013ca	1718	stats->avaBlock[i]);
wolfSSL	13:f67a6c6013ca	1719	}
wolfSSL	13:f67a6c6013ca	1720
wolfSSL	13:f67a6c6013ca	1721	return 1;
wolfSSL	13:f67a6c6013ca	1722	}
wolfSSL	13:f67a6c6013ca	1723	#endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL	13:f67a6c6013ca	1724
wolfSSL	13:f67a6c6013ca	1725	#ifdef HAVE_PK_CALLBACKS
wolfSSL	13:f67a6c6013ca	1726
wolfSSL	13:f67a6c6013ca	1727	#ifdef HAVE_ECC
wolfSSL	13:f67a6c6013ca	1728
wolfSSL	13:f67a6c6013ca	1729	static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	13:f67a6c6013ca	1730	byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
wolfSSL	13:f67a6c6013ca	1731	{
wolfSSL	13:f67a6c6013ca	1732	WC_RNG rng;
wolfSSL	13:f67a6c6013ca	1733	int ret;
wolfSSL	13:f67a6c6013ca	1734	word32 idx = 0;
wolfSSL	13:f67a6c6013ca	1735	ecc_key myKey;
wolfSSL	13:f67a6c6013ca	1736
wolfSSL	13:f67a6c6013ca	1737	(void)ssl;
wolfSSL	13:f67a6c6013ca	1738	(void)ctx;
wolfSSL	13:f67a6c6013ca	1739
wolfSSL	13:f67a6c6013ca	1740	ret = wc_InitRng(&rng);
wolfSSL	13:f67a6c6013ca	1741	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1742	return ret;
wolfSSL	13:f67a6c6013ca	1743
wolfSSL	13:f67a6c6013ca	1744	ret = wc_ecc_init(&myKey);
wolfSSL	13:f67a6c6013ca	1745	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1746	ret = wc_EccPrivateKeyDecode(key, &idx, &myKey, keySz);
wolfSSL	13:f67a6c6013ca	1747	if (ret == 0)
wolfSSL	13:f67a6c6013ca	1748	ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
wolfSSL	13:f67a6c6013ca	1749	wc_ecc_free(&myKey);
wolfSSL	13:f67a6c6013ca	1750	}
wolfSSL	13:f67a6c6013ca	1751	wc_FreeRng(&rng);
wolfSSL	13:f67a6c6013ca	1752
wolfSSL	13:f67a6c6013ca	1753	return ret;
wolfSSL	13:f67a6c6013ca	1754	}
wolfSSL	13:f67a6c6013ca	1755
wolfSSL	13:f67a6c6013ca	1756
wolfSSL	13:f67a6c6013ca	1757	static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
wolfSSL	13:f67a6c6013ca	1758	const byte* hash, word32 hashSz, const byte* key, word32 keySz,
wolfSSL	13:f67a6c6013ca	1759	int* result, void* ctx)
wolfSSL	13:f67a6c6013ca	1760	{
wolfSSL	13:f67a6c6013ca	1761	int ret;
wolfSSL	13:f67a6c6013ca	1762	ecc_key myKey;
wolfSSL	13:f67a6c6013ca	1763
wolfSSL	13:f67a6c6013ca	1764	(void)ssl;
wolfSSL	13:f67a6c6013ca	1765	(void)ctx;
wolfSSL	13:f67a6c6013ca	1766
wolfSSL	13:f67a6c6013ca	1767	ret = wc_ecc_init(&myKey);
wolfSSL	13:f67a6c6013ca	1768	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1769	ret = wc_ecc_import_x963(key, keySz, &myKey);
wolfSSL	13:f67a6c6013ca	1770	if (ret == 0)
wolfSSL	13:f67a6c6013ca	1771	ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
wolfSSL	13:f67a6c6013ca	1772	wc_ecc_free(&myKey);
wolfSSL	13:f67a6c6013ca	1773	}
wolfSSL	13:f67a6c6013ca	1774
wolfSSL	13:f67a6c6013ca	1775	return ret;
wolfSSL	13:f67a6c6013ca	1776	}
wolfSSL	13:f67a6c6013ca	1777
wolfSSL	13:f67a6c6013ca	1778	static INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
wolfSSL	13:f67a6c6013ca	1779	unsigned char* pubKeyDer, unsigned int* pubKeySz,
wolfSSL	13:f67a6c6013ca	1780	unsigned char* out, unsigned int* outlen,
wolfSSL	13:f67a6c6013ca	1781	int side, void* ctx)
wolfSSL	13:f67a6c6013ca	1782	{
wolfSSL	13:f67a6c6013ca	1783	int ret;
wolfSSL	13:f67a6c6013ca	1784	ecc_key* privKey = NULL;
wolfSSL	13:f67a6c6013ca	1785	ecc_key* pubKey = NULL;
wolfSSL	13:f67a6c6013ca	1786	ecc_key tmpKey;
wolfSSL	13:f67a6c6013ca	1787
wolfSSL	13:f67a6c6013ca	1788	(void)ssl;
wolfSSL	13:f67a6c6013ca	1789	(void)ctx;
wolfSSL	13:f67a6c6013ca	1790
wolfSSL	13:f67a6c6013ca	1791	ret = wc_ecc_init(&tmpKey);
wolfSSL	13:f67a6c6013ca	1792	if (ret != 0) {
wolfSSL	13:f67a6c6013ca	1793	return ret;
wolfSSL	13:f67a6c6013ca	1794	}
wolfSSL	13:f67a6c6013ca	1795
wolfSSL	13:f67a6c6013ca	1796	/* for client: create and export public key */
wolfSSL	13:f67a6c6013ca	1797	if (side == WOLFSSL_CLIENT_END) {
wolfSSL	13:f67a6c6013ca	1798	WC_RNG rng;
wolfSSL	13:f67a6c6013ca	1799
wolfSSL	13:f67a6c6013ca	1800	privKey = &tmpKey;
wolfSSL	13:f67a6c6013ca	1801	pubKey = otherKey;
wolfSSL	13:f67a6c6013ca	1802
wolfSSL	13:f67a6c6013ca	1803	ret = wc_InitRng(&rng);
wolfSSL	13:f67a6c6013ca	1804	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1805	ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id);
wolfSSL	13:f67a6c6013ca	1806	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	13:f67a6c6013ca	1807	if (ret == WC_PENDING_E) {
wolfSSL	13:f67a6c6013ca	1808	ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL	13:f67a6c6013ca	1809	}
wolfSSL	13:f67a6c6013ca	1810	#endif
wolfSSL	13:f67a6c6013ca	1811	if (ret == 0)
wolfSSL	13:f67a6c6013ca	1812	ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz);
wolfSSL	13:f67a6c6013ca	1813	wc_FreeRng(&rng);
wolfSSL	13:f67a6c6013ca	1814	}
wolfSSL	13:f67a6c6013ca	1815	}
wolfSSL	13:f67a6c6013ca	1816
wolfSSL	13:f67a6c6013ca	1817	/* for server: import public key */
wolfSSL	13:f67a6c6013ca	1818	else if (side == WOLFSSL_SERVER_END) {
wolfSSL	13:f67a6c6013ca	1819	privKey = otherKey;
wolfSSL	13:f67a6c6013ca	1820	pubKey = &tmpKey;
wolfSSL	13:f67a6c6013ca	1821
wolfSSL	13:f67a6c6013ca	1822	ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey,
wolfSSL	13:f67a6c6013ca	1823	otherKey->dp->id);
wolfSSL	13:f67a6c6013ca	1824	}
wolfSSL	13:f67a6c6013ca	1825	else {
wolfSSL	13:f67a6c6013ca	1826	ret = BAD_FUNC_ARG;
wolfSSL	13:f67a6c6013ca	1827	}
wolfSSL	13:f67a6c6013ca	1828
wolfSSL	13:f67a6c6013ca	1829	/* generate shared secret and return it */
wolfSSL	13:f67a6c6013ca	1830	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1831	ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
wolfSSL	13:f67a6c6013ca	1832
wolfSSL	13:f67a6c6013ca	1833	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	13:f67a6c6013ca	1834	if (ret == WC_PENDING_E) {
wolfSSL	13:f67a6c6013ca	1835	ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	13:f67a6c6013ca	1836	}
wolfSSL	13:f67a6c6013ca	1837	#endif
wolfSSL	13:f67a6c6013ca	1838	}
wolfSSL	13:f67a6c6013ca	1839
wolfSSL	13:f67a6c6013ca	1840	wc_ecc_free(&tmpKey);
wolfSSL	13:f67a6c6013ca	1841
wolfSSL	13:f67a6c6013ca	1842	return ret;
wolfSSL	13:f67a6c6013ca	1843	}
wolfSSL	13:f67a6c6013ca	1844
wolfSSL	13:f67a6c6013ca	1845	#ifdef HAVE_ED25519
wolfSSL	13:f67a6c6013ca	1846	static INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	13:f67a6c6013ca	1847	byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
wolfSSL	13:f67a6c6013ca	1848	{
wolfSSL	13:f67a6c6013ca	1849	int ret;
wolfSSL	13:f67a6c6013ca	1850	word32 idx = 0;
wolfSSL	13:f67a6c6013ca	1851	ed25519_key myKey;
wolfSSL	13:f67a6c6013ca	1852
wolfSSL	13:f67a6c6013ca	1853	(void)ssl;
wolfSSL	13:f67a6c6013ca	1854	(void)ctx;
wolfSSL	13:f67a6c6013ca	1855
wolfSSL	13:f67a6c6013ca	1856	ret = wc_ed25519_init(&myKey);
wolfSSL	13:f67a6c6013ca	1857	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1858	ret = wc_Ed25519PrivateKeyDecode(key, &idx, &myKey, keySz);
wolfSSL	13:f67a6c6013ca	1859	if (ret == 0)
wolfSSL	13:f67a6c6013ca	1860	ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey);
wolfSSL	13:f67a6c6013ca	1861	wc_ed25519_free(&myKey);
wolfSSL	13:f67a6c6013ca	1862	}
wolfSSL	13:f67a6c6013ca	1863
wolfSSL	13:f67a6c6013ca	1864	return ret;
wolfSSL	13:f67a6c6013ca	1865	}
wolfSSL	13:f67a6c6013ca	1866
wolfSSL	13:f67a6c6013ca	1867
wolfSSL	13:f67a6c6013ca	1868	static INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
wolfSSL	13:f67a6c6013ca	1869	const byte* msg, word32 msgSz, const byte* key, word32 keySz,
wolfSSL	13:f67a6c6013ca	1870	int* result, void* ctx)
wolfSSL	13:f67a6c6013ca	1871	{
wolfSSL	13:f67a6c6013ca	1872	int ret;
wolfSSL	13:f67a6c6013ca	1873	ed25519_key myKey;
wolfSSL	13:f67a6c6013ca	1874
wolfSSL	13:f67a6c6013ca	1875	(void)ssl;
wolfSSL	13:f67a6c6013ca	1876	(void)ctx;
wolfSSL	13:f67a6c6013ca	1877
wolfSSL	13:f67a6c6013ca	1878	ret = wc_ed25519_init(&myKey);
wolfSSL	13:f67a6c6013ca	1879	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1880	ret = wc_ed25519_import_public(key, keySz, &myKey);
wolfSSL	13:f67a6c6013ca	1881	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1882	ret = wc_ed25519_verify_msg(sig, sigSz, msg, msgSz, result, &myKey);
wolfSSL	13:f67a6c6013ca	1883	}
wolfSSL	13:f67a6c6013ca	1884	wc_ed25519_free(&myKey);
wolfSSL	13:f67a6c6013ca	1885	}
wolfSSL	13:f67a6c6013ca	1886
wolfSSL	13:f67a6c6013ca	1887	return ret;
wolfSSL	13:f67a6c6013ca	1888	}
wolfSSL	13:f67a6c6013ca	1889	#endif /* HAVE_ED25519 */
wolfSSL	13:f67a6c6013ca	1890
wolfSSL	13:f67a6c6013ca	1891	#ifdef HAVE_CURVE25519
wolfSSL	13:f67a6c6013ca	1892	static INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey,
wolfSSL	13:f67a6c6013ca	1893	unsigned char* pubKeyDer, unsigned int* pubKeySz,
wolfSSL	13:f67a6c6013ca	1894	unsigned char* out, unsigned int* outlen,
wolfSSL	13:f67a6c6013ca	1895	int side, void* ctx)
wolfSSL	13:f67a6c6013ca	1896	{
wolfSSL	13:f67a6c6013ca	1897	int ret;
wolfSSL	13:f67a6c6013ca	1898	curve25519_key* privKey = NULL;
wolfSSL	13:f67a6c6013ca	1899	curve25519_key* pubKey = NULL;
wolfSSL	13:f67a6c6013ca	1900	curve25519_key tmpKey;
wolfSSL	13:f67a6c6013ca	1901
wolfSSL	13:f67a6c6013ca	1902	(void)ssl;
wolfSSL	13:f67a6c6013ca	1903	(void)ctx;
wolfSSL	13:f67a6c6013ca	1904
wolfSSL	13:f67a6c6013ca	1905	ret = wc_curve25519_init(&tmpKey);
wolfSSL	13:f67a6c6013ca	1906	if (ret != 0) {
wolfSSL	13:f67a6c6013ca	1907	return ret;
wolfSSL	13:f67a6c6013ca	1908	}
wolfSSL	13:f67a6c6013ca	1909
wolfSSL	13:f67a6c6013ca	1910	/* for client: create and export public key */
wolfSSL	13:f67a6c6013ca	1911	if (side == WOLFSSL_CLIENT_END) {
wolfSSL	13:f67a6c6013ca	1912	WC_RNG rng;
wolfSSL	13:f67a6c6013ca	1913
wolfSSL	13:f67a6c6013ca	1914	privKey = &tmpKey;
wolfSSL	13:f67a6c6013ca	1915	pubKey = otherKey;
wolfSSL	13:f67a6c6013ca	1916
wolfSSL	13:f67a6c6013ca	1917	ret = wc_InitRng(&rng);
wolfSSL	13:f67a6c6013ca	1918	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1919	ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, privKey);
wolfSSL	13:f67a6c6013ca	1920	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1921	ret = wc_curve25519_export_public_ex(privKey, pubKeyDer,
wolfSSL	13:f67a6c6013ca	1922	pubKeySz, EC25519_LITTLE_ENDIAN);
wolfSSL	13:f67a6c6013ca	1923	}
wolfSSL	13:f67a6c6013ca	1924	wc_FreeRng(&rng);
wolfSSL	13:f67a6c6013ca	1925	}
wolfSSL	13:f67a6c6013ca	1926	}
wolfSSL	13:f67a6c6013ca	1927
wolfSSL	13:f67a6c6013ca	1928	/* for server: import public key */
wolfSSL	13:f67a6c6013ca	1929	else if (side == WOLFSSL_SERVER_END) {
wolfSSL	13:f67a6c6013ca	1930	privKey = otherKey;
wolfSSL	13:f67a6c6013ca	1931	pubKey = &tmpKey;
wolfSSL	13:f67a6c6013ca	1932
wolfSSL	13:f67a6c6013ca	1933	ret = wc_curve25519_import_public_ex(pubKeyDer, *pubKeySz, pubKey,
wolfSSL	13:f67a6c6013ca	1934	EC25519_LITTLE_ENDIAN);
wolfSSL	13:f67a6c6013ca	1935	}
wolfSSL	13:f67a6c6013ca	1936	else {
wolfSSL	13:f67a6c6013ca	1937	ret = BAD_FUNC_ARG;
wolfSSL	13:f67a6c6013ca	1938	}
wolfSSL	13:f67a6c6013ca	1939
wolfSSL	13:f67a6c6013ca	1940	/* generate shared secret and return it */
wolfSSL	13:f67a6c6013ca	1941	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1942	ret = wc_curve25519_shared_secret_ex(privKey, pubKey, out, outlen,
wolfSSL	13:f67a6c6013ca	1943	EC25519_LITTLE_ENDIAN);
wolfSSL	13:f67a6c6013ca	1944	}
wolfSSL	13:f67a6c6013ca	1945
wolfSSL	13:f67a6c6013ca	1946	wc_curve25519_free(&tmpKey);
wolfSSL	13:f67a6c6013ca	1947
wolfSSL	13:f67a6c6013ca	1948	return ret;
wolfSSL	13:f67a6c6013ca	1949	}
wolfSSL	13:f67a6c6013ca	1950	#endif /* HAVE_CURVE25519 */
wolfSSL	13:f67a6c6013ca	1951
wolfSSL	13:f67a6c6013ca	1952	#endif /* HAVE_ECC */
wolfSSL	13:f67a6c6013ca	1953
wolfSSL	13:f67a6c6013ca	1954	#ifndef NO_RSA
wolfSSL	13:f67a6c6013ca	1955
wolfSSL	13:f67a6c6013ca	1956	static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	13:f67a6c6013ca	1957	byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
wolfSSL	13:f67a6c6013ca	1958	{
wolfSSL	13:f67a6c6013ca	1959	WC_RNG rng;
wolfSSL	13:f67a6c6013ca	1960	int ret;
wolfSSL	13:f67a6c6013ca	1961	word32 idx = 0;
wolfSSL	13:f67a6c6013ca	1962	RsaKey myKey;
wolfSSL	13:f67a6c6013ca	1963
wolfSSL	13:f67a6c6013ca	1964	(void)ssl;
wolfSSL	13:f67a6c6013ca	1965	(void)ctx;
wolfSSL	13:f67a6c6013ca	1966
wolfSSL	13:f67a6c6013ca	1967	ret = wc_InitRng(&rng);
wolfSSL	13:f67a6c6013ca	1968	if (ret != 0)
wolfSSL	13:f67a6c6013ca	1969	return ret;
wolfSSL	13:f67a6c6013ca	1970
wolfSSL	13:f67a6c6013ca	1971	ret = wc_InitRsaKey(&myKey, NULL);
wolfSSL	13:f67a6c6013ca	1972	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	1973	ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
wolfSSL	13:f67a6c6013ca	1974	if (ret == 0)
wolfSSL	13:f67a6c6013ca	1975	ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
wolfSSL	13:f67a6c6013ca	1976	if (ret > 0) { /* save and convert to 0 success */
wolfSSL	13:f67a6c6013ca	1977	*outSz = ret;
wolfSSL	13:f67a6c6013ca	1978	ret = 0;
wolfSSL	13:f67a6c6013ca	1979	}
wolfSSL	13:f67a6c6013ca	1980	wc_FreeRsaKey(&myKey);
wolfSSL	13:f67a6c6013ca	1981	}
wolfSSL	13:f67a6c6013ca	1982	wc_FreeRng(&rng);
wolfSSL	13:f67a6c6013ca	1983
wolfSSL	13:f67a6c6013ca	1984	return ret;
wolfSSL	13:f67a6c6013ca	1985	}
wolfSSL	13:f67a6c6013ca	1986
wolfSSL	13:f67a6c6013ca	1987
wolfSSL	13:f67a6c6013ca	1988	static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
wolfSSL	13:f67a6c6013ca	1989	byte** out,
wolfSSL	13:f67a6c6013ca	1990	const byte* key, word32 keySz,
wolfSSL	13:f67a6c6013ca	1991	void* ctx)
wolfSSL	13:f67a6c6013ca	1992	{
wolfSSL	13:f67a6c6013ca	1993	int ret;
wolfSSL	13:f67a6c6013ca	1994	word32 idx = 0;
wolfSSL	13:f67a6c6013ca	1995	RsaKey myKey;
wolfSSL	13:f67a6c6013ca	1996
wolfSSL	13:f67a6c6013ca	1997	(void)ssl;
wolfSSL	13:f67a6c6013ca	1998	(void)ctx;
wolfSSL	13:f67a6c6013ca	1999
wolfSSL	13:f67a6c6013ca	2000	ret = wc_InitRsaKey(&myKey, NULL);
wolfSSL	13:f67a6c6013ca	2001	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	2002	ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
wolfSSL	13:f67a6c6013ca	2003	if (ret == 0)
wolfSSL	13:f67a6c6013ca	2004	ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
wolfSSL	13:f67a6c6013ca	2005	wc_FreeRsaKey(&myKey);
wolfSSL	13:f67a6c6013ca	2006	}
wolfSSL	13:f67a6c6013ca	2007
wolfSSL	13:f67a6c6013ca	2008	return ret;
wolfSSL	13:f67a6c6013ca	2009	}
wolfSSL	13:f67a6c6013ca	2010
wolfSSL	13:f67a6c6013ca	2011	#ifdef WC_RSA_PSS
wolfSSL	13:f67a6c6013ca	2012	static INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	13:f67a6c6013ca	2013	byte* out, word32* outSz, int hash, int mgf, const byte* key,
wolfSSL	13:f67a6c6013ca	2014	word32 keySz, void* ctx)
wolfSSL	13:f67a6c6013ca	2015	{
wolfSSL	13:f67a6c6013ca	2016	enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL	13:f67a6c6013ca	2017	WC_RNG rng;
wolfSSL	13:f67a6c6013ca	2018	int ret;
wolfSSL	13:f67a6c6013ca	2019	word32 idx = 0;
wolfSSL	13:f67a6c6013ca	2020	RsaKey myKey;
wolfSSL	13:f67a6c6013ca	2021
wolfSSL	13:f67a6c6013ca	2022	(void)ssl;
wolfSSL	13:f67a6c6013ca	2023	(void)ctx;
wolfSSL	13:f67a6c6013ca	2024
wolfSSL	13:f67a6c6013ca	2025	switch (hash) {
wolfSSL	13:f67a6c6013ca	2026	#ifndef NO_SHA256
wolfSSL	13:f67a6c6013ca	2027	case SHA256h:
wolfSSL	13:f67a6c6013ca	2028	hashType = WC_HASH_TYPE_SHA256;
wolfSSL	13:f67a6c6013ca	2029	break;
wolfSSL	13:f67a6c6013ca	2030	#endif
wolfSSL	13:f67a6c6013ca	2031	#ifdef WOLFSSL_SHA384
wolfSSL	13:f67a6c6013ca	2032	case SHA384h:
wolfSSL	13:f67a6c6013ca	2033	hashType = WC_HASH_TYPE_SHA384;
wolfSSL	13:f67a6c6013ca	2034	break;
wolfSSL	13:f67a6c6013ca	2035	#endif
wolfSSL	13:f67a6c6013ca	2036	#ifdef WOLFSSL_SHA512
wolfSSL	13:f67a6c6013ca	2037	case SHA512h:
wolfSSL	13:f67a6c6013ca	2038	hashType = WC_HASH_TYPE_SHA512;
wolfSSL	13:f67a6c6013ca	2039	break;
wolfSSL	13:f67a6c6013ca	2040	#endif
wolfSSL	13:f67a6c6013ca	2041	}
wolfSSL	13:f67a6c6013ca	2042
wolfSSL	13:f67a6c6013ca	2043	ret = wc_InitRng(&rng);
wolfSSL	13:f67a6c6013ca	2044	if (ret != 0)
wolfSSL	13:f67a6c6013ca	2045	return ret;
wolfSSL	13:f67a6c6013ca	2046
wolfSSL	13:f67a6c6013ca	2047	ret = wc_InitRsaKey(&myKey, NULL);
wolfSSL	13:f67a6c6013ca	2048	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	2049	ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
wolfSSL	13:f67a6c6013ca	2050	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	2051	ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey,
wolfSSL	13:f67a6c6013ca	2052	&rng);
wolfSSL	13:f67a6c6013ca	2053	}
wolfSSL	13:f67a6c6013ca	2054	if (ret > 0) { /* save and convert to 0 success */
wolfSSL	13:f67a6c6013ca	2055	*outSz = ret;
wolfSSL	13:f67a6c6013ca	2056	ret = 0;
wolfSSL	13:f67a6c6013ca	2057	}
wolfSSL	13:f67a6c6013ca	2058	wc_FreeRsaKey(&myKey);
wolfSSL	13:f67a6c6013ca	2059	}
wolfSSL	13:f67a6c6013ca	2060	wc_FreeRng(&rng);
wolfSSL	13:f67a6c6013ca	2061
wolfSSL	13:f67a6c6013ca	2062	return ret;
wolfSSL	13:f67a6c6013ca	2063	}
wolfSSL	13:f67a6c6013ca	2064
wolfSSL	13:f67a6c6013ca	2065
wolfSSL	13:f67a6c6013ca	2066	static INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
wolfSSL	13:f67a6c6013ca	2067	byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
wolfSSL	13:f67a6c6013ca	2068	{
wolfSSL	13:f67a6c6013ca	2069	enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL	13:f67a6c6013ca	2070	int ret;
wolfSSL	13:f67a6c6013ca	2071	word32 idx = 0;
wolfSSL	13:f67a6c6013ca	2072	RsaKey myKey;
wolfSSL	13:f67a6c6013ca	2073
wolfSSL	13:f67a6c6013ca	2074	(void)ssl;
wolfSSL	13:f67a6c6013ca	2075	(void)ctx;
wolfSSL	13:f67a6c6013ca	2076
wolfSSL	13:f67a6c6013ca	2077	switch (hash) {
wolfSSL	13:f67a6c6013ca	2078	#ifndef NO_SHA256
wolfSSL	13:f67a6c6013ca	2079	case SHA256h:
wolfSSL	13:f67a6c6013ca	2080	hashType = WC_HASH_TYPE_SHA256;
wolfSSL	13:f67a6c6013ca	2081	break;
wolfSSL	13:f67a6c6013ca	2082	#endif
wolfSSL	13:f67a6c6013ca	2083	#ifdef WOLFSSL_SHA384
wolfSSL	13:f67a6c6013ca	2084	case SHA384h:
wolfSSL	13:f67a6c6013ca	2085	hashType = WC_HASH_TYPE_SHA384;
wolfSSL	13:f67a6c6013ca	2086	break;
wolfSSL	13:f67a6c6013ca	2087	#endif
wolfSSL	13:f67a6c6013ca	2088	#ifdef WOLFSSL_SHA512
wolfSSL	13:f67a6c6013ca	2089	case SHA512h:
wolfSSL	13:f67a6c6013ca	2090	hashType = WC_HASH_TYPE_SHA512;
wolfSSL	13:f67a6c6013ca	2091	break;
wolfSSL	13:f67a6c6013ca	2092	#endif
wolfSSL	13:f67a6c6013ca	2093	}
wolfSSL	13:f67a6c6013ca	2094
wolfSSL	13:f67a6c6013ca	2095	ret = wc_InitRsaKey(&myKey, NULL);
wolfSSL	13:f67a6c6013ca	2096	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	2097	ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
wolfSSL	13:f67a6c6013ca	2098	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	2099	ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
wolfSSL	13:f67a6c6013ca	2100	&myKey);
wolfSSL	13:f67a6c6013ca	2101	}
wolfSSL	13:f67a6c6013ca	2102	wc_FreeRsaKey(&myKey);
wolfSSL	13:f67a6c6013ca	2103	}
wolfSSL	13:f67a6c6013ca	2104
wolfSSL	13:f67a6c6013ca	2105	return ret;
wolfSSL	13:f67a6c6013ca	2106	}
wolfSSL	13:f67a6c6013ca	2107	#endif
wolfSSL	13:f67a6c6013ca	2108
wolfSSL	13:f67a6c6013ca	2109
wolfSSL	13:f67a6c6013ca	2110	static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
wolfSSL	13:f67a6c6013ca	2111	byte* out, word32* outSz, const byte* key,
wolfSSL	13:f67a6c6013ca	2112	word32 keySz, void* ctx)
wolfSSL	13:f67a6c6013ca	2113	{
wolfSSL	13:f67a6c6013ca	2114	int ret;
wolfSSL	13:f67a6c6013ca	2115	word32 idx = 0;
wolfSSL	13:f67a6c6013ca	2116	RsaKey myKey;
wolfSSL	13:f67a6c6013ca	2117	WC_RNG rng;
wolfSSL	13:f67a6c6013ca	2118
wolfSSL	13:f67a6c6013ca	2119	(void)ssl;
wolfSSL	13:f67a6c6013ca	2120	(void)ctx;
wolfSSL	13:f67a6c6013ca	2121
wolfSSL	13:f67a6c6013ca	2122	ret = wc_InitRng(&rng);
wolfSSL	13:f67a6c6013ca	2123	if (ret != 0)
wolfSSL	13:f67a6c6013ca	2124	return ret;
wolfSSL	13:f67a6c6013ca	2125
wolfSSL	13:f67a6c6013ca	2126	ret = wc_InitRsaKey(&myKey, NULL);
wolfSSL	13:f67a6c6013ca	2127	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	2128	ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
wolfSSL	13:f67a6c6013ca	2129	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	2130	ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
wolfSSL	13:f67a6c6013ca	2131	if (ret > 0) {
wolfSSL	13:f67a6c6013ca	2132	*outSz = ret;
wolfSSL	13:f67a6c6013ca	2133	ret = 0; /* reset to success */
wolfSSL	13:f67a6c6013ca	2134	}
wolfSSL	13:f67a6c6013ca	2135	}
wolfSSL	13:f67a6c6013ca	2136	wc_FreeRsaKey(&myKey);
wolfSSL	13:f67a6c6013ca	2137	}
wolfSSL	13:f67a6c6013ca	2138	wc_FreeRng(&rng);
wolfSSL	13:f67a6c6013ca	2139
wolfSSL	13:f67a6c6013ca	2140	return ret;
wolfSSL	13:f67a6c6013ca	2141	}
wolfSSL	13:f67a6c6013ca	2142
wolfSSL	13:f67a6c6013ca	2143	static INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
wolfSSL	13:f67a6c6013ca	2144	byte** out,
wolfSSL	13:f67a6c6013ca	2145	const byte* key, word32 keySz, void* ctx)
wolfSSL	13:f67a6c6013ca	2146	{
wolfSSL	13:f67a6c6013ca	2147	int ret;
wolfSSL	13:f67a6c6013ca	2148	word32 idx = 0;
wolfSSL	13:f67a6c6013ca	2149	RsaKey myKey;
wolfSSL	13:f67a6c6013ca	2150
wolfSSL	13:f67a6c6013ca	2151	(void)ssl;
wolfSSL	13:f67a6c6013ca	2152	(void)ctx;
wolfSSL	13:f67a6c6013ca	2153
wolfSSL	13:f67a6c6013ca	2154	ret = wc_InitRsaKey(&myKey, NULL);
wolfSSL	13:f67a6c6013ca	2155	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	2156	ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
wolfSSL	13:f67a6c6013ca	2157	if (ret == 0) {
wolfSSL	13:f67a6c6013ca	2158	#ifdef WC_RSA_BLINDING
wolfSSL	13:f67a6c6013ca	2159	ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
wolfSSL	13:f67a6c6013ca	2160	if (ret != 0) {
wolfSSL	13:f67a6c6013ca	2161	wc_FreeRsaKey(&myKey);
wolfSSL	13:f67a6c6013ca	2162	return ret;
wolfSSL	13:f67a6c6013ca	2163	}
wolfSSL	13:f67a6c6013ca	2164	#endif
wolfSSL	13:f67a6c6013ca	2165	ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
wolfSSL	13:f67a6c6013ca	2166	}
wolfSSL	13:f67a6c6013ca	2167	wc_FreeRsaKey(&myKey);
wolfSSL	13:f67a6c6013ca	2168	}
wolfSSL	13:f67a6c6013ca	2169
wolfSSL	13:f67a6c6013ca	2170	return ret;
wolfSSL	13:f67a6c6013ca	2171	}
wolfSSL	13:f67a6c6013ca	2172
wolfSSL	13:f67a6c6013ca	2173	#endif /* NO_RSA */
wolfSSL	13:f67a6c6013ca	2174
wolfSSL	13:f67a6c6013ca	2175	static INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
wolfSSL	13:f67a6c6013ca	2176	{
wolfSSL	13:f67a6c6013ca	2177	(void)ctx;
wolfSSL	13:f67a6c6013ca	2178	(void)ssl;
wolfSSL	13:f67a6c6013ca	2179
wolfSSL	13:f67a6c6013ca	2180	#ifdef HAVE_ECC
wolfSSL	13:f67a6c6013ca	2181	wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
wolfSSL	13:f67a6c6013ca	2182	wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
wolfSSL	13:f67a6c6013ca	2183	wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret);
wolfSSL	13:f67a6c6013ca	2184	#endif /* HAVE_ECC */
wolfSSL	13:f67a6c6013ca	2185	#ifdef HAVE_ED25519
wolfSSL	13:f67a6c6013ca	2186	wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign);
wolfSSL	13:f67a6c6013ca	2187	wolfSSL_CTX_SetEd25519VerifyCb(ctx, myEd25519Verify);
wolfSSL	13:f67a6c6013ca	2188	#endif
wolfSSL	13:f67a6c6013ca	2189	#ifdef HAVE_CURVE25519
wolfSSL	13:f67a6c6013ca	2190	wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret);
wolfSSL	13:f67a6c6013ca	2191	#endif
wolfSSL	13:f67a6c6013ca	2192	#ifndef NO_RSA
wolfSSL	13:f67a6c6013ca	2193	wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
wolfSSL	13:f67a6c6013ca	2194	wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
wolfSSL	13:f67a6c6013ca	2195	#ifdef WC_RSA_PSS
wolfSSL	13:f67a6c6013ca	2196	wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign);
wolfSSL	13:f67a6c6013ca	2197	wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify);
wolfSSL	13:f67a6c6013ca	2198	#endif
wolfSSL	13:f67a6c6013ca	2199	wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
wolfSSL	13:f67a6c6013ca	2200	wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
wolfSSL	13:f67a6c6013ca	2201	#endif /* NO_RSA */
wolfSSL	13:f67a6c6013ca	2202	}
wolfSSL	13:f67a6c6013ca	2203
wolfSSL	13:f67a6c6013ca	2204	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	13:f67a6c6013ca	2205
wolfSSL	13:f67a6c6013ca	2206
wolfSSL	13:f67a6c6013ca	2207
wolfSSL	13:f67a6c6013ca	2208
wolfSSL	13:f67a6c6013ca	2209
wolfSSL	13:f67a6c6013ca	2210	#if defined(__hpux__) \|\| defined(__MINGW32__) \|\| defined (WOLFSSL_TIRTOS) \
wolfSSL	13:f67a6c6013ca	2211	\|\| defined(_MSC_VER)
wolfSSL	13:f67a6c6013ca	2212
wolfSSL	13:f67a6c6013ca	2213	/* HP/UX doesn't have strsep, needed by test/suites.c */
wolfSSL	13:f67a6c6013ca	2214	static INLINE char* strsep(char *stringp, const char delim)
wolfSSL	13:f67a6c6013ca	2215	{
wolfSSL	13:f67a6c6013ca	2216	char* start;
wolfSSL	13:f67a6c6013ca	2217	char* end;
wolfSSL	13:f67a6c6013ca	2218
wolfSSL	13:f67a6c6013ca	2219	start = *stringp;
wolfSSL	13:f67a6c6013ca	2220	if (start == NULL)
wolfSSL	13:f67a6c6013ca	2221	return NULL;
wolfSSL	13:f67a6c6013ca	2222
wolfSSL	13:f67a6c6013ca	2223	if ((end = strpbrk(start, delim))) {
wolfSSL	13:f67a6c6013ca	2224	*end++ = '\0';
wolfSSL	13:f67a6c6013ca	2225	*stringp = end;
wolfSSL	13:f67a6c6013ca	2226	} else {
wolfSSL	13:f67a6c6013ca	2227	*stringp = NULL;
wolfSSL	13:f67a6c6013ca	2228	}
wolfSSL	13:f67a6c6013ca	2229
wolfSSL	13:f67a6c6013ca	2230	return start;
wolfSSL	13:f67a6c6013ca	2231	}
wolfSSL	13:f67a6c6013ca	2232
wolfSSL	13:f67a6c6013ca	2233	#endif /* __hpux__ and others */
wolfSSL	13:f67a6c6013ca	2234
wolfSSL	13:f67a6c6013ca	2235	/* Create unique filename, len is length of tempfn name, assuming
wolfSSL	13:f67a6c6013ca	2236	len does not include null terminating character,
wolfSSL	13:f67a6c6013ca	2237	num is number of characters in tempfn name to randomize */
wolfSSL	13:f67a6c6013ca	2238	static INLINE const char* mymktemp(char *tempfn, int len, int num)
wolfSSL	13:f67a6c6013ca	2239	{
wolfSSL	13:f67a6c6013ca	2240	int x, size;
wolfSSL	13:f67a6c6013ca	2241	static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
wolfSSL	13:f67a6c6013ca	2242	"abcdefghijklmnopqrstuvwxyz";
wolfSSL	13:f67a6c6013ca	2243	WC_RNG rng;
wolfSSL	13:f67a6c6013ca	2244	byte out;
wolfSSL	13:f67a6c6013ca	2245
wolfSSL	13:f67a6c6013ca	2246	if (tempfn == NULL \|\| len < 1 \|\| num < 1 \|\| len <= num) {
wolfSSL	13:f67a6c6013ca	2247	printf("Bad input\n");
wolfSSL	13:f67a6c6013ca	2248	return NULL;
wolfSSL	13:f67a6c6013ca	2249	}
wolfSSL	13:f67a6c6013ca	2250
wolfSSL	13:f67a6c6013ca	2251	size = len - 1;
wolfSSL	13:f67a6c6013ca	2252
wolfSSL	13:f67a6c6013ca	2253	if (wc_InitRng(&rng) != 0) {
wolfSSL	13:f67a6c6013ca	2254	printf("InitRng failed\n");
wolfSSL	13:f67a6c6013ca	2255	return NULL;
wolfSSL	13:f67a6c6013ca	2256	}
wolfSSL	13:f67a6c6013ca	2257
wolfSSL	13:f67a6c6013ca	2258	for (x = size; x > size - num; x--) {
wolfSSL	13:f67a6c6013ca	2259	if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
wolfSSL	13:f67a6c6013ca	2260	printf("RNG_GenerateBlock failed\n");
wolfSSL	13:f67a6c6013ca	2261	return NULL;
wolfSSL	13:f67a6c6013ca	2262	}
wolfSSL	13:f67a6c6013ca	2263	tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
wolfSSL	13:f67a6c6013ca	2264	}
wolfSSL	13:f67a6c6013ca	2265	tempfn[len] = '\0';
wolfSSL	13:f67a6c6013ca	2266
wolfSSL	13:f67a6c6013ca	2267	wc_FreeRng(&rng);
wolfSSL	13:f67a6c6013ca	2268
wolfSSL	13:f67a6c6013ca	2269	return tempfn;
wolfSSL	13:f67a6c6013ca	2270	}
wolfSSL	13:f67a6c6013ca	2271
wolfSSL	13:f67a6c6013ca	2272
wolfSSL	13:f67a6c6013ca	2273
wolfSSL	13:f67a6c6013ca	2274	#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
wolfSSL	13:f67a6c6013ca	2275	defined(HAVE_POLY1305)
wolfSSL	13:f67a6c6013ca	2276
wolfSSL	13:f67a6c6013ca	2277	#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
wolfSSL	13:f67a6c6013ca	2278
wolfSSL	13:f67a6c6013ca	2279	typedef struct key_ctx {
wolfSSL	13:f67a6c6013ca	2280	byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
wolfSSL	13:f67a6c6013ca	2281	byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */
wolfSSL	13:f67a6c6013ca	2282	} key_ctx;
wolfSSL	13:f67a6c6013ca	2283
wolfSSL	13:f67a6c6013ca	2284	static key_ctx myKey_ctx;
wolfSSL	13:f67a6c6013ca	2285	static WC_RNG myKey_rng;
wolfSSL	13:f67a6c6013ca	2286
wolfSSL	13:f67a6c6013ca	2287	static INLINE int TicketInit(void)
wolfSSL	13:f67a6c6013ca	2288	{
wolfSSL	13:f67a6c6013ca	2289	int ret = wc_InitRng(&myKey_rng);
wolfSSL	13:f67a6c6013ca	2290	if (ret != 0) return ret;
wolfSSL	13:f67a6c6013ca	2291
wolfSSL	13:f67a6c6013ca	2292	ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key));
wolfSSL	13:f67a6c6013ca	2293	if (ret != 0) return ret;
wolfSSL	13:f67a6c6013ca	2294
wolfSSL	13:f67a6c6013ca	2295	ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name));
wolfSSL	13:f67a6c6013ca	2296	if (ret != 0) return ret;
wolfSSL	13:f67a6c6013ca	2297
wolfSSL	13:f67a6c6013ca	2298	return 0;
wolfSSL	13:f67a6c6013ca	2299	}
wolfSSL	13:f67a6c6013ca	2300
wolfSSL	13:f67a6c6013ca	2301	static INLINE void TicketCleanup(void)
wolfSSL	13:f67a6c6013ca	2302	{
wolfSSL	13:f67a6c6013ca	2303	wc_FreeRng(&myKey_rng);
wolfSSL	13:f67a6c6013ca	2304	}
wolfSSL	13:f67a6c6013ca	2305
wolfSSL	13:f67a6c6013ca	2306	static INLINE int myTicketEncCb(WOLFSSL* ssl,
wolfSSL	13:f67a6c6013ca	2307	byte key_name[WOLFSSL_TICKET_NAME_SZ],
wolfSSL	13:f67a6c6013ca	2308	byte iv[WOLFSSL_TICKET_IV_SZ],
wolfSSL	13:f67a6c6013ca	2309	byte mac[WOLFSSL_TICKET_MAC_SZ],
wolfSSL	13:f67a6c6013ca	2310	int enc, byte* ticket, int inLen, int* outLen,
wolfSSL	13:f67a6c6013ca	2311	void* userCtx)
wolfSSL	13:f67a6c6013ca	2312	{
wolfSSL	13:f67a6c6013ca	2313	(void)ssl;
wolfSSL	13:f67a6c6013ca	2314	(void)userCtx;
wolfSSL	13:f67a6c6013ca	2315
wolfSSL	13:f67a6c6013ca	2316	int ret;
wolfSSL	13:f67a6c6013ca	2317	word16 sLen = XHTONS(inLen);
wolfSSL	13:f67a6c6013ca	2318	byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
wolfSSL	13:f67a6c6013ca	2319	int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
wolfSSL	13:f67a6c6013ca	2320	byte* tmp = aad;
wolfSSL	13:f67a6c6013ca	2321
wolfSSL	13:f67a6c6013ca	2322	if (enc) {
wolfSSL	13:f67a6c6013ca	2323	XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
wolfSSL	13:f67a6c6013ca	2324
wolfSSL	13:f67a6c6013ca	2325	ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ);
wolfSSL	13:f67a6c6013ca	2326	if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
wolfSSL	13:f67a6c6013ca	2327
wolfSSL	13:f67a6c6013ca	2328	/* build aad from key name, iv, and length */
wolfSSL	13:f67a6c6013ca	2329	XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
wolfSSL	13:f67a6c6013ca	2330	tmp += WOLFSSL_TICKET_NAME_SZ;
wolfSSL	13:f67a6c6013ca	2331	XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
wolfSSL	13:f67a6c6013ca	2332	tmp += WOLFSSL_TICKET_IV_SZ;
wolfSSL	13:f67a6c6013ca	2333	XMEMCPY(tmp, &sLen, 2);
wolfSSL	13:f67a6c6013ca	2334
wolfSSL	13:f67a6c6013ca	2335	ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
wolfSSL	13:f67a6c6013ca	2336	aad, aadSz,
wolfSSL	13:f67a6c6013ca	2337	ticket, inLen,
wolfSSL	13:f67a6c6013ca	2338	ticket,
wolfSSL	13:f67a6c6013ca	2339	mac);
wolfSSL	13:f67a6c6013ca	2340	if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
wolfSSL	13:f67a6c6013ca	2341	outLen = inLen; / no padding in this mode */
wolfSSL	13:f67a6c6013ca	2342	} else {
wolfSSL	13:f67a6c6013ca	2343	/* decrypt */
wolfSSL	13:f67a6c6013ca	2344
wolfSSL	13:f67a6c6013ca	2345	/* see if we know this key */
wolfSSL	13:f67a6c6013ca	2346	if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
wolfSSL	13:f67a6c6013ca	2347	printf("client presented unknown ticket key name ");
wolfSSL	13:f67a6c6013ca	2348	return WOLFSSL_TICKET_RET_FATAL;
wolfSSL	13:f67a6c6013ca	2349	}
wolfSSL	13:f67a6c6013ca	2350
wolfSSL	13:f67a6c6013ca	2351	/* build aad from key name, iv, and length */
wolfSSL	13:f67a6c6013ca	2352	XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
wolfSSL	13:f67a6c6013ca	2353	tmp += WOLFSSL_TICKET_NAME_SZ;
wolfSSL	13:f67a6c6013ca	2354	XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
wolfSSL	13:f67a6c6013ca	2355	tmp += WOLFSSL_TICKET_IV_SZ;
wolfSSL	13:f67a6c6013ca	2356	XMEMCPY(tmp, &sLen, 2);
wolfSSL	13:f67a6c6013ca	2357
wolfSSL	13:f67a6c6013ca	2358	ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
wolfSSL	13:f67a6c6013ca	2359	aad, aadSz,
wolfSSL	13:f67a6c6013ca	2360	ticket, inLen,
wolfSSL	13:f67a6c6013ca	2361	mac,
wolfSSL	13:f67a6c6013ca	2362	ticket);
wolfSSL	13:f67a6c6013ca	2363	if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
wolfSSL	13:f67a6c6013ca	2364	outLen = inLen; / no padding in this mode */
wolfSSL	13:f67a6c6013ca	2365	}
wolfSSL	13:f67a6c6013ca	2366
wolfSSL	13:f67a6c6013ca	2367	return WOLFSSL_TICKET_RET_OK;
wolfSSL	13:f67a6c6013ca	2368	}
wolfSSL	13:f67a6c6013ca	2369
wolfSSL	13:f67a6c6013ca	2370	#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
wolfSSL	13:f67a6c6013ca	2371
wolfSSL	13:f67a6c6013ca	2372	static INLINE word16 GetRandomPort(void)
wolfSSL	13:f67a6c6013ca	2373	{
wolfSSL	13:f67a6c6013ca	2374	word16 port = 0;
wolfSSL	13:f67a6c6013ca	2375
wolfSSL	13:f67a6c6013ca	2376	/* Generate random port for testing */
wolfSSL	13:f67a6c6013ca	2377	WC_RNG rng;
wolfSSL	13:f67a6c6013ca	2378	if (wc_InitRng(&rng) == 0) {
wolfSSL	13:f67a6c6013ca	2379	wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port));
wolfSSL	13:f67a6c6013ca	2380	port \|= 0xC000; /* Make sure its in the 49152 - 65535 range */
wolfSSL	13:f67a6c6013ca	2381	wc_FreeRng(&rng);
wolfSSL	13:f67a6c6013ca	2382	}
wolfSSL	13:f67a6c6013ca	2383	return port;
wolfSSL	13:f67a6c6013ca	2384	}
wolfSSL	13:f67a6c6013ca	2385
wolfSSL	13:f67a6c6013ca	2386	#endif /* wolfSSL_TEST_H */
wolfSSL	13:f67a6c6013ca	2387

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

wolfssl/test.h@13:f67a6c6013ca, 2017-08-22 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning