wolf SSL
wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
Diff: src/io.c
- Revision:
- 0:d92f9d21154c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/io.c Fri Jun 26 00:39:20 2015 +0000
@@ -0,0 +1,1142 @@
+/* io.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef _WIN32_WCE
+ /* On WinCE winsock2.h must be included before windows.h for socket stuff */
+ #include <winsock2.h>
+#endif
+
+#include <wolfssl/internal.h>
+#include <wolfssl/error-ssl.h>
+
+
+/* if user writes own I/O callbacks they can define WOLFSSL_USER_IO to remove
+ automatic setting of default I/O functions EmbedSend() and EmbedReceive()
+ but they'll still need SetCallback xxx() at end of file
+*/
+#ifndef WOLFSSL_USER_IO
+
+#ifdef HAVE_LIBZ
+ #include "zlib.h"
+#endif
+
+#ifndef USE_WINDOWS_API
+ #ifdef WOLFSSL_LWIP
+ /* lwIP needs to be configured to use sockets API in this mode */
+ /* LWIP_SOCKET 1 in lwip/opt.h or in build */
+ #include "lwip/sockets.h"
+ #include <errno.h>
+ #ifndef LWIP_PROVIDE_ERRNO
+ #define LWIP_PROVIDE_ERRNO 1
+ #endif
+ #elif defined(FREESCALE_MQX)
+ #include <posix.h>
+ #include <rtcs.h>
+ #elif defined(WOLFSSL_MDK_ARM)
+ #if defined(WOLFSSL_MDK5)
+ #include "cmsis_os.h"
+ #include "rl_fs.h"
+ #include "rl_net.h"
+ #else
+ #include <rtl.h>
+ #endif
+ #undef RNG
+ #include "WOLFSSL_MDK_ARM.h"
+ #undef RNG
+ #define RNG wolfSSL_RNG
+ /* for avoiding name conflict in "stm32f2xx.h" */
+ static int errno;
+ #elif defined(WOLFSSL_TIRTOS)
+ #include <sys/socket.h>
+ #elif defined(WOLFSSL_IAR_ARM)
+ /* nothing */
+ #else
+ #include <sys/types.h>
+ #include <errno.h>
+ #ifndef EBSNET
+ #include <unistd.h>
+ #endif
+ #include <fcntl.h>
+ #if !(defined(DEVKITPRO) || defined(HAVE_RTP_SYS) || defined(EBSNET)) \
+ && !(defined(WOLFSSL_PICOTCP))
+ #include <sys/socket.h>
+ #include <arpa/inet.h>
+ #include <netinet/in.h>
+ #include <netdb.h>
+ #ifdef __PPU
+ #include <netex/errno.h>
+ #else
+ #include <sys/ioctl.h>
+ #endif
+ #endif
+ #ifdef HAVE_RTP_SYS
+ #include <socket.h>
+ #endif
+ #ifdef EBSNET
+ #include "rtipapi.h" /* errno */
+ #include "socket.h"
+ #endif
+ #endif
+#endif /* USE_WINDOWS_API */
+
+#ifdef __sun
+ #include <sys/filio.h>
+#endif
+
+#ifdef USE_WINDOWS_API
+ /* no epipe yet */
+ #ifndef WSAEPIPE
+ #define WSAEPIPE -12345
+ #endif
+ #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
+ #define SOCKET_EAGAIN WSAETIMEDOUT
+ #define SOCKET_ECONNRESET WSAECONNRESET
+ #define SOCKET_EINTR WSAEINTR
+ #define SOCKET_EPIPE WSAEPIPE
+ #define SOCKET_ECONNREFUSED WSAENOTCONN
+ #define SOCKET_ECONNABORTED WSAECONNABORTED
+ #define close(s) closesocket(s)
+#elif defined(__PPU)
+ #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK
+ #define SOCKET_EAGAIN SYS_NET_EAGAIN
+ #define SOCKET_ECONNRESET SYS_NET_ECONNRESET
+ #define SOCKET_EINTR SYS_NET_EINTR
+ #define SOCKET_EPIPE SYS_NET_EPIPE
+ #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
+ #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
+#elif defined(FREESCALE_MQX)
+ /* RTCS doesn't have an EWOULDBLOCK error */
+ #define SOCKET_EWOULDBLOCK EAGAIN
+ #define SOCKET_EAGAIN EAGAIN
+ #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET
+ #define SOCKET_EINTR EINTR
+ #define SOCKET_EPIPE EPIPE
+ #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
+ #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
+#elif defined(WOLFSSL_MDK_ARM)
+ #if defined(WOLFSSL_MDK5)
+ #define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK
+ #define SOCKET_EAGAIN BSD_ERROR_LOCKED
+ #define SOCKET_ECONNRESET BSD_ERROR_CLOSED
+ #define SOCKET_EINTR BSD_ERROR
+ #define SOCKET_EPIPE BSD_ERROR
+ #define SOCKET_ECONNREFUSED BSD_ERROR
+ #define SOCKET_ECONNABORTED BSD_ERROR
+ #else
+ #define SOCKET_EWOULDBLOCK SCK_EWOULDBLOCK
+ #define SOCKET_EAGAIN SCK_ELOCKED
+ #define SOCKET_ECONNRESET SCK_ECLOSED
+ #define SOCKET_EINTR SCK_ERROR
+ #define SOCKET_EPIPE SCK_ERROR
+ #define SOCKET_ECONNREFUSED SCK_ERROR
+ #define SOCKET_ECONNABORTED SCK_ERROR
+ #endif
+#elif defined(WOLFSSL_PICOTCP)
+ #define SOCKET_EWOULDBLOCK PICO_ERR_EAGAIN
+ #define SOCKET_EAGAIN PICO_ERR_EAGAIN
+ #define SOCKET_ECONNRESET PICO_ERR_ECONNRESET
+ #define SOCKET_EINTR PICO_ERR_EINTR
+ #define SOCKET_EPIPE PICO_ERR_EIO
+ #define SOCKET_ECONNREFUSED PICO_ERR_ECONNREFUSED
+ #define SOCKET_ECONNABORTED PICO_ERR_ESHUTDOWN
+#else
+ #define SOCKET_EWOULDBLOCK EWOULDBLOCK
+ #define SOCKET_EAGAIN EAGAIN
+ #define SOCKET_ECONNRESET ECONNRESET
+ #define SOCKET_EINTR EINTR
+ #define SOCKET_EPIPE EPIPE
+ #define SOCKET_ECONNREFUSED ECONNREFUSED
+ #define SOCKET_ECONNABORTED ECONNABORTED
+#endif /* USE_WINDOWS_API */
+
+
+#ifdef DEVKITPRO
+ /* from network.h */
+ int net_send(int, const void*, int, unsigned int);
+ int net_recv(int, void*, int, unsigned int);
+ #define SEND_FUNCTION net_send
+ #define RECV_FUNCTION net_recv
+#elif defined(WOLFSSL_LWIP)
+ #define SEND_FUNCTION lwip_send
+ #define RECV_FUNCTION lwip_recv
+#elif defined(WOLFSSL_PICOTCP)
+ #define SEND_FUNCTION pico_send
+ #define RECV_FUNCTION pico_recv
+#else
+ #define SEND_FUNCTION send
+ #define RECV_FUNCTION recv
+#endif
+
+
+/* Translates return codes returned from
+ * send() and recv() if need be.
+ */
+static INLINE int TranslateReturnCode(int old, int sd)
+{
+ (void)sd;
+
+#ifdef FREESCALE_MQX
+ if (old == 0) {
+ errno = SOCKET_EWOULDBLOCK;
+ return -1; /* convert to BSD style wouldblock as error */
+ }
+
+ if (old < 0) {
+ errno = RTCS_geterror(sd);
+ if (errno == RTCSERR_TCP_CONN_CLOSING)
+ return 0; /* convert to BSD style closing */
+ }
+#endif
+
+ return old;
+}
+
+static INLINE int LastError(void)
+{
+#ifdef USE_WINDOWS_API
+ return WSAGetLastError();
+#elif defined(EBSNET)
+ return xn_getlasterror();
+#else
+ return errno;
+#endif
+}
+
+/* The receive embedded callback
+ * return : nb bytes read, or error
+ */
+int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
+{
+ int recvd;
+ int err;
+ int sd = *(int*)ctx;
+
+#ifdef WOLFSSL_DTLS
+ {
+ int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
+ if (wolfSSL_dtls(ssl)
+ && !wolfSSL_get_using_nonblock(ssl)
+ && dtls_timeout != 0) {
+ #ifdef USE_WINDOWS_API
+ DWORD timeout = dtls_timeout * 1000;
+ #else
+ struct timeval timeout;
+ XMEMSET(&timeout, 0, sizeof(timeout));
+ timeout.tv_sec = dtls_timeout;
+ #endif
+ if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
+ sizeof(timeout)) != 0) {
+ WOLFSSL_MSG("setsockopt rcvtimeo failed");
+ }
+ }
+ }
+#endif
+
+ recvd = (int)RECV_FUNCTION(sd, buf, sz, ssl->rflags);
+
+ recvd = TranslateReturnCode(recvd, sd);
+
+ if (recvd < 0) {
+ err = LastError();
+ WOLFSSL_MSG("Embed Receive error");
+
+ if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
+ if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
+ WOLFSSL_MSG(" Would block");
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ }
+ else {
+ WOLFSSL_MSG(" Socket timeout");
+ return WOLFSSL_CBIO_ERR_TIMEOUT;
+ }
+ }
+ else if (err == SOCKET_ECONNRESET) {
+ WOLFSSL_MSG(" Connection reset");
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ }
+ else if (err == SOCKET_EINTR) {
+ WOLFSSL_MSG(" Socket interrupted");
+ return WOLFSSL_CBIO_ERR_ISR;
+ }
+ else if (err == SOCKET_ECONNREFUSED) {
+ WOLFSSL_MSG(" Connection refused");
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ }
+ else if (err == SOCKET_ECONNABORTED) {
+ WOLFSSL_MSG(" Connection aborted");
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ else {
+ WOLFSSL_MSG(" General error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+ else if (recvd == 0) {
+ WOLFSSL_MSG("Embed receive connection closed");
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+
+ return recvd;
+}
+
+/* The send embedded callback
+ * return : nb bytes sent, or error
+ */
+int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+{
+ int sd = *(int*)ctx;
+ int sent;
+ int len = sz;
+ int err;
+
+ sent = (int)SEND_FUNCTION(sd, &buf[sz - len], len, ssl->wflags);
+
+ if (sent < 0) {
+ err = LastError();
+ WOLFSSL_MSG("Embed Send error");
+
+ if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
+ WOLFSSL_MSG(" Would Block");
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+ }
+ else if (err == SOCKET_ECONNRESET) {
+ WOLFSSL_MSG(" Connection reset");
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ }
+ else if (err == SOCKET_EINTR) {
+ WOLFSSL_MSG(" Socket interrupted");
+ return WOLFSSL_CBIO_ERR_ISR;
+ }
+ else if (err == SOCKET_EPIPE) {
+ WOLFSSL_MSG(" Socket EPIPE");
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ else {
+ WOLFSSL_MSG(" General error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+
+ return sent;
+}
+
+
+#ifdef WOLFSSL_DTLS
+
+#include <wolfssl/wolfcrypt/sha.h>
+
+#ifdef USE_WINDOWS_API
+ #define XSOCKLENT int
+#else
+ #define XSOCKLENT socklen_t
+#endif
+
+#define SENDTO_FUNCTION sendto
+#define RECVFROM_FUNCTION recvfrom
+
+
+/* The receive embedded callback
+ * return : nb bytes read, or error
+ */
+int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
+{
+ WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
+ int recvd;
+ int err;
+ int sd = dtlsCtx->fd;
+ int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
+ struct sockaddr_storage peer;
+ XSOCKLENT peerSz = sizeof(peer);
+
+ WOLFSSL_ENTER("EmbedReceiveFrom()");
+
+ if (!wolfSSL_get_using_nonblock(ssl) && dtls_timeout != 0) {
+ #ifdef USE_WINDOWS_API
+ DWORD timeout = dtls_timeout * 1000;
+ #else
+ struct timeval timeout;
+ XMEMSET(&timeout, 0, sizeof(timeout));
+ timeout.tv_sec = dtls_timeout;
+ #endif
+ if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
+ sizeof(timeout)) != 0) {
+ WOLFSSL_MSG("setsockopt rcvtimeo failed");
+ }
+ }
+
+ recvd = (int)RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
+ (struct sockaddr*)&peer, &peerSz);
+
+ recvd = TranslateReturnCode(recvd, sd);
+
+ if (recvd < 0) {
+ err = LastError();
+ WOLFSSL_MSG("Embed Receive From error");
+
+ if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
+ if (wolfSSL_get_using_nonblock(ssl)) {
+ WOLFSSL_MSG(" Would block");
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ }
+ else {
+ WOLFSSL_MSG(" Socket timeout");
+ return WOLFSSL_CBIO_ERR_TIMEOUT;
+ }
+ }
+ else if (err == SOCKET_ECONNRESET) {
+ WOLFSSL_MSG(" Connection reset");
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ }
+ else if (err == SOCKET_EINTR) {
+ WOLFSSL_MSG(" Socket interrupted");
+ return WOLFSSL_CBIO_ERR_ISR;
+ }
+ else if (err == SOCKET_ECONNREFUSED) {
+ WOLFSSL_MSG(" Connection refused");
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ }
+ else {
+ WOLFSSL_MSG(" General error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+ else {
+ if (dtlsCtx->peer.sz > 0
+ && peerSz != (XSOCKLENT)dtlsCtx->peer.sz
+ && memcmp(&peer, dtlsCtx->peer.sa, peerSz) != 0) {
+ WOLFSSL_MSG(" Ignored packet from invalid peer");
+ return WOLFSSL_CBIO_ERR_WANT_READ;
+ }
+ }
+
+ return recvd;
+}
+
+
+/* The send embedded callback
+ * return : nb bytes sent, or error
+ */
+int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+{
+ WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
+ int sd = dtlsCtx->fd;
+ int sent;
+ int len = sz;
+ int err;
+
+ WOLFSSL_ENTER("EmbedSendTo()");
+
+ sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags,
+ (const struct sockaddr*)dtlsCtx->peer.sa,
+ dtlsCtx->peer.sz);
+ if (sent < 0) {
+ err = LastError();
+ WOLFSSL_MSG("Embed Send To error");
+
+ if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
+ WOLFSSL_MSG(" Would Block");
+ return WOLFSSL_CBIO_ERR_WANT_WRITE;
+ }
+ else if (err == SOCKET_ECONNRESET) {
+ WOLFSSL_MSG(" Connection reset");
+ return WOLFSSL_CBIO_ERR_CONN_RST;
+ }
+ else if (err == SOCKET_EINTR) {
+ WOLFSSL_MSG(" Socket interrupted");
+ return WOLFSSL_CBIO_ERR_ISR;
+ }
+ else if (err == SOCKET_EPIPE) {
+ WOLFSSL_MSG(" Socket EPIPE");
+ return WOLFSSL_CBIO_ERR_CONN_CLOSE;
+ }
+ else {
+ WOLFSSL_MSG(" General error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+
+ return sent;
+}
+
+
+/* The DTLS Generate Cookie callback
+ * return : number of bytes copied into buf, or error
+ */
+int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
+{
+ int sd = ssl->wfd;
+ struct sockaddr_storage peer;
+ XSOCKLENT peerSz = sizeof(peer);
+ byte digest[SHA_DIGEST_SIZE];
+ int ret = 0;
+
+ (void)ctx;
+
+ XMEMSET(&peer, 0, sizeof(peer));
+ if (getpeername(sd, (struct sockaddr*)&peer, &peerSz) != 0) {
+ WOLFSSL_MSG("getpeername failed in EmbedGenerateCookie");
+ return GEN_COOKIE_E;
+ }
+
+ ret = wc_ShaHash((byte*)&peer, peerSz, digest);
+ if (ret != 0)
+ return ret;
+
+ if (sz > SHA_DIGEST_SIZE)
+ sz = SHA_DIGEST_SIZE;
+ XMEMCPY(buf, digest, sz);
+
+ return sz;
+}
+
+#endif /* WOLFSSL_DTLS */
+
+#ifdef HAVE_OCSP
+
+
+static int Word16ToString(char* d, word16 number)
+{
+ int i = 0;
+
+ if (d != NULL) {
+ word16 order = 10000;
+ word16 digit;
+
+ if (number == 0) {
+ d[i++] = '0';
+ }
+ else {
+ while (order) {
+ digit = number / order;
+ if (i > 0 || digit != 0) {
+ d[i++] = (char)digit + '0';
+ }
+ if (digit != 0)
+ number %= digit * order;
+ if (order > 1)
+ order /= 10;
+ else
+ order = 0;
+ }
+ }
+ d[i] = 0;
+ }
+
+ return i;
+}
+
+
+static int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
+{
+ struct sockaddr_storage addr;
+ int sockaddr_len = sizeof(struct sockaddr_in);
+ XMEMSET(&addr, 0, sizeof(addr));
+
+ #ifdef HAVE_GETADDRINFO
+ {
+ struct addrinfo hints;
+ struct addrinfo* answer = NULL;
+ char strPort[6];
+
+ XMEMSET(&hints, 0, sizeof(hints));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ if (Word16ToString(strPort, port) == 0) {
+ WOLFSSL_MSG("invalid port number for OCSP responder");
+ return -1;
+ }
+
+ if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) {
+ WOLFSSL_MSG("no addr info for OCSP responder");
+ return -1;
+ }
+
+ sockaddr_len = answer->ai_addrlen;
+ XMEMCPY(&addr, answer->ai_addr, sockaddr_len);
+ freeaddrinfo(answer);
+
+ }
+ #else /* HAVE_GETADDRINFO */
+ {
+ struct hostent* entry = gethostbyname(ip);
+ struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
+
+ if (entry) {
+ sin->sin_family = AF_INET;
+ sin->sin_port = htons(port);
+ XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0],
+ entry->h_length);
+ }
+ else {
+ WOLFSSL_MSG("no addr info for OCSP responder");
+ return -1;
+ }
+ }
+ #endif /* HAVE_GETADDRINFO */
+
+ *sockfd = socket(addr.ss_family, SOCK_STREAM, 0);
+
+#ifdef USE_WINDOWS_API
+ if (*sockfd == INVALID_SOCKET) {
+ WOLFSSL_MSG("bad socket fd, out of fds?");
+ return -1;
+ }
+#else
+ if (*sockfd < 0) {
+ WOLFSSL_MSG("bad socket fd, out of fds?");
+ return -1;
+ }
+#endif
+
+ if (connect(*sockfd, (struct sockaddr *)&addr, sockaddr_len) != 0) {
+ WOLFSSL_MSG("OCSP responder tcp connect failed");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int build_http_request(const char* domainName, const char* path,
+ int ocspReqSz, byte* buf, int bufSize)
+{
+ word32 domainNameLen, pathLen, ocspReqSzStrLen, completeLen;
+ char ocspReqSzStr[6];
+
+ domainNameLen = (word32)XSTRLEN(domainName);
+ pathLen = (word32)XSTRLEN(path);
+ ocspReqSzStrLen = Word16ToString(ocspReqSzStr, (word16)ocspReqSz);
+
+ completeLen = domainNameLen + pathLen + ocspReqSzStrLen + 84;
+ if (completeLen > (word32)bufSize)
+ return 0;
+
+ XSTRNCPY((char*)buf, "POST ", 5);
+ buf += 5;
+ XSTRNCPY((char*)buf, path, pathLen);
+ buf += pathLen;
+ XSTRNCPY((char*)buf, " HTTP/1.1\r\nHost: ", 17);
+ buf += 17;
+ XSTRNCPY((char*)buf, domainName, domainNameLen);
+ buf += domainNameLen;
+ XSTRNCPY((char*)buf, "\r\nContent-Length: ", 18);
+ buf += 18;
+ XSTRNCPY((char*)buf, ocspReqSzStr, ocspReqSzStrLen);
+ buf += ocspReqSzStrLen;
+ XSTRNCPY((char*)buf,
+ "\r\nContent-Type: application/ocsp-request\r\n\r\n", 44);
+
+ return completeLen;
+}
+
+
+static int decode_url(const char* url, int urlSz,
+ char* outName, char* outPath, word16* outPort)
+{
+ int result = -1;
+
+ if (outName != NULL && outPath != NULL && outPort != NULL)
+ {
+ if (url == NULL || urlSz == 0)
+ {
+ *outName = 0;
+ *outPath = 0;
+ *outPort = 0;
+ }
+ else
+ {
+ int i, cur;
+
+ /* need to break the url down into scheme, address, and port */
+ /* "http://example.com:8080/" */
+ /* "http://[::1]:443/" */
+ if (XSTRNCMP(url, "http://", 7) == 0) {
+ cur = 7;
+ } else cur = 0;
+
+ i = 0;
+ if (url[cur] == '[') {
+ cur++;
+ /* copy until ']' */
+ while (url[cur] != 0 && url[cur] != ']' && cur < urlSz) {
+ outName[i++] = url[cur++];
+ }
+ cur++; /* skip ']' */
+ }
+ else {
+ while (url[cur] != 0 && url[cur] != ':' &&
+ url[cur] != '/' && cur < urlSz) {
+ outName[i++] = url[cur++];
+ }
+ }
+ outName[i] = 0;
+ /* Need to pick out the path after the domain name */
+
+ if (cur < urlSz && url[cur] == ':') {
+ char port[6];
+ int j;
+ word32 bigPort = 0;
+ i = 0;
+ cur++;
+ while (cur < urlSz && url[cur] != 0 && url[cur] != '/' &&
+ i < 6) {
+ port[i++] = url[cur++];
+ }
+
+ for (j = 0; j < i; j++) {
+ if (port[j] < '0' || port[j] > '9') return -1;
+ bigPort = (bigPort * 10) + (port[j] - '0');
+ }
+ *outPort = (word16)bigPort;
+ }
+ else
+ *outPort = 80;
+
+ if (cur < urlSz && url[cur] == '/') {
+ i = 0;
+ while (cur < urlSz && url[cur] != 0 && i < 80) {
+ outPath[i++] = url[cur++];
+ }
+ outPath[i] = 0;
+ }
+ else {
+ outPath[0] = '/';
+ outPath[1] = 0;
+ }
+ result = 0;
+ }
+ }
+
+ return result;
+}
+
+
+/* return: >0 OCSP Response Size
+ * -1 error */
+static int process_http_response(int sfd, byte** respBuf,
+ byte* httpBuf, int httpBufSz)
+{
+ int result;
+ int len = 0;
+ char *start, *end;
+ byte *recvBuf = NULL;
+ int recvBufSz = 0;
+ enum phr_state { phr_init, phr_http_start, phr_have_length,
+ phr_have_type, phr_wait_end, phr_http_end
+ } state = phr_init;
+
+ start = end = NULL;
+ do {
+ if (end == NULL) {
+ result = (int)recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
+ if (result > 0) {
+ len += result;
+ start = (char*)httpBuf;
+ start[len] = 0;
+ }
+ else {
+ WOLFSSL_MSG("process_http_response recv http from peer failed");
+ return -1;
+ }
+ }
+ end = XSTRSTR(start, "\r\n");
+
+ if (end == NULL) {
+ if (len != 0)
+ XMEMMOVE(httpBuf, start, len);
+ start = end = NULL;
+ }
+ else if (end == start) {
+ if (state == phr_wait_end) {
+ state = phr_http_end;
+ len -= 2;
+ start += 2;
+ }
+ else {
+ WOLFSSL_MSG("process_http_response header ended early");
+ return -1;
+ }
+ }
+ else {
+ *end = 0;
+ len -= (int)(end - start) + 2;
+ /* adjust len to remove the first line including the /r/n */
+
+ if (XSTRNCASECMP(start, "HTTP/1", 6) == 0) {
+ start += 9;
+ if (XSTRNCASECMP(start, "200 OK", 6) != 0 ||
+ state != phr_init) {
+ WOLFSSL_MSG("process_http_response not OK");
+ return -1;
+ }
+ state = phr_http_start;
+ }
+ else if (XSTRNCASECMP(start, "Content-Type:", 13) == 0) {
+ start += 13;
+ while (*start == ' ' && *start != '\0') start++;
+ if (XSTRNCASECMP(start, "application/ocsp-response", 25) != 0) {
+ WOLFSSL_MSG("process_http_response not ocsp-response");
+ return -1;
+ }
+
+ if (state == phr_http_start) state = phr_have_type;
+ else if (state == phr_have_length) state = phr_wait_end;
+ else {
+ WOLFSSL_MSG("process_http_response type invalid state");
+ return -1;
+ }
+ }
+ else if (XSTRNCASECMP(start, "Content-Length:", 15) == 0) {
+ start += 15;
+ while (*start == ' ' && *start != '\0') start++;
+ recvBufSz = atoi(start);
+
+ if (state == phr_http_start) state = phr_have_length;
+ else if (state == phr_have_type) state = phr_wait_end;
+ else {
+ WOLFSSL_MSG("process_http_response length invalid state");
+ return -1;
+ }
+ }
+
+ start = end + 2;
+ }
+ } while (state != phr_http_end);
+
+ recvBuf = (byte*)XMALLOC(recvBufSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
+ if (recvBuf == NULL) {
+ WOLFSSL_MSG("process_http_response couldn't create response buffer");
+ return -1;
+ }
+
+ /* copy the remainder of the httpBuf into the respBuf */
+ if (len != 0)
+ XMEMCPY(recvBuf, start, len);
+
+ /* receive the OCSP response data */
+ do {
+ result = (int)recv(sfd, (char*)recvBuf+len, recvBufSz-len, 0);
+ if (result > 0)
+ len += result;
+ else {
+ WOLFSSL_MSG("process_http_response recv ocsp from peer failed");
+ return -1;
+ }
+ } while (len != recvBufSz);
+
+ *respBuf = recvBuf;
+ return recvBufSz;
+}
+
+
+#define SCRATCH_BUFFER_SIZE 512
+
+int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
+ byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
+{
+ SOCKET_T sfd = 0;
+ word16 port;
+ int ret = -1;
+#ifdef WOLFSSL_SMALL_STACK
+ char* path;
+ char* domainName;
+#else
+ char path[80];
+ char domainName[80];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+ path = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (path == NULL)
+ return -1;
+
+ domainName = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ if (domainName == NULL) {
+ XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ return -1;
+ }
+#endif
+
+ (void)ctx;
+
+ if (ocspReqBuf == NULL || ocspReqSz == 0) {
+ WOLFSSL_MSG("OCSP request is required for lookup");
+ }
+ else if (ocspRespBuf == NULL) {
+ WOLFSSL_MSG("Cannot save OCSP response");
+ }
+ else if (decode_url(url, urlSz, domainName, path, &port) < 0) {
+ WOLFSSL_MSG("Unable to decode OCSP URL");
+ }
+ else {
+ /* Note, the library uses the EmbedOcspRespFree() callback to
+ * free this buffer. */
+ int httpBufSz = SCRATCH_BUFFER_SIZE;
+ byte* httpBuf = (byte*)XMALLOC(httpBufSz, NULL,
+ DYNAMIC_TYPE_IN_BUFFER);
+
+ if (httpBuf == NULL) {
+ WOLFSSL_MSG("Unable to create OCSP response buffer");
+ }
+ else {
+ httpBufSz = build_http_request(domainName, path, ocspReqSz,
+ httpBuf, httpBufSz);
+
+ if ((tcp_connect(&sfd, domainName, port) != 0) || (sfd <= 0)) {
+ WOLFSSL_MSG("OCSP Responder connection failed");
+ }
+ else if ((int)send(sfd, (char*)httpBuf, httpBufSz, 0) !=
+ httpBufSz) {
+ WOLFSSL_MSG("OCSP http request failed");
+ }
+ else if ((int)send(sfd, (char*)ocspReqBuf, ocspReqSz, 0) !=
+ ocspReqSz) {
+ WOLFSSL_MSG("OCSP ocsp request failed");
+ }
+ else {
+ ret = process_http_response(sfd, ocspRespBuf, httpBuf,
+ SCRATCH_BUFFER_SIZE);
+ }
+
+ close(sfd);
+ XFREE(httpBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
+ }
+ }
+
+#ifdef WOLFSSL_SMALL_STACK
+ XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+ XFREE(domainName, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+ return ret;
+}
+
+
+void EmbedOcspRespFree(void* ctx, byte *resp)
+{
+ (void)ctx;
+
+ if (resp)
+ XFREE(resp, NULL, DYNAMIC_TYPE_IN_BUFFER);
+}
+
+
+#endif
+
+#endif /* WOLFSSL_USER_IO */
+
+WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv)
+{
+ ctx->CBIORecv = CBIORecv;
+}
+
+
+WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend)
+{
+ ctx->CBIOSend = CBIOSend;
+}
+
+
+WOLFSSL_API void wolfSSL_SetIOReadCtx(WOLFSSL* ssl, void *rctx)
+{
+ ssl->IOCB_ReadCtx = rctx;
+}
+
+
+WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *wctx)
+{
+ ssl->IOCB_WriteCtx = wctx;
+}
+
+
+WOLFSSL_API void* wolfSSL_GetIOReadCtx(WOLFSSL* ssl)
+{
+ if (ssl)
+ return ssl->IOCB_ReadCtx;
+
+ return NULL;
+}
+
+
+WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl)
+{
+ if (ssl)
+ return ssl->IOCB_WriteCtx;
+
+ return NULL;
+}
+
+
+WOLFSSL_API void wolfSSL_SetIOReadFlags(WOLFSSL* ssl, int flags)
+{
+ ssl->rflags = flags;
+}
+
+
+WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags)
+{
+ ssl->wflags = flags;
+}
+
+
+#ifdef WOLFSSL_DTLS
+
+WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx, CallbackGenCookie cb)
+{
+ ctx->CBIOCookie = cb;
+}
+
+
+WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx)
+{
+ ssl->IOCB_CookieCtx = ctx;
+}
+
+
+WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl)
+{
+ if (ssl)
+ return ssl->IOCB_CookieCtx;
+
+ return NULL;
+}
+
+#endif /* WOLFSSL_DTLS */
+
+
+#ifdef HAVE_NETX
+
+/* The NetX receive callback
+ * return : bytes read, or error
+ */
+int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
+{
+ NetX_Ctx* nxCtx = (NetX_Ctx*)ctx;
+ ULONG left;
+ ULONG total;
+ ULONG copied = 0;
+ UINT status;
+
+ if (nxCtx == NULL || nxCtx->nxSocket == NULL) {
+ WOLFSSL_MSG("NetX Recv NULL parameters");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+
+ if (nxCtx->nxPacket == NULL) {
+ status = nx_tcp_socket_receive(nxCtx->nxSocket, &nxCtx->nxPacket,
+ nxCtx->nxWait);
+ if (status != NX_SUCCESS) {
+ WOLFSSL_MSG("NetX Recv receive error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+ }
+
+ if (nxCtx->nxPacket) {
+ status = nx_packet_length_get(nxCtx->nxPacket, &total);
+ if (status != NX_SUCCESS) {
+ WOLFSSL_MSG("NetX Recv length get error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+
+ left = total - nxCtx->nxOffset;
+ status = nx_packet_data_extract_offset(nxCtx->nxPacket, nxCtx->nxOffset,
+ buf, sz, &copied);
+ if (status != NX_SUCCESS) {
+ WOLFSSL_MSG("NetX Recv data extract offset error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+
+ nxCtx->nxOffset += copied;
+
+ if (copied == left) {
+ WOLFSSL_MSG("NetX Recv Drained packet");
+ nx_packet_release(nxCtx->nxPacket);
+ nxCtx->nxPacket = NULL;
+ nxCtx->nxOffset = 0;
+ }
+ }
+
+ return copied;
+}
+
+
+/* The NetX send callback
+ * return : bytes sent, or error
+ */
+int NetX_Send(WOLFSSL* ssl, char *buf, int sz, void *ctx)
+{
+ NetX_Ctx* nxCtx = (NetX_Ctx*)ctx;
+ NX_PACKET* packet;
+ NX_PACKET_POOL* pool; /* shorthand */
+ UINT status;
+
+ if (nxCtx == NULL || nxCtx->nxSocket == NULL) {
+ WOLFSSL_MSG("NetX Send NULL parameters");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+
+ pool = nxCtx->nxSocket->nx_tcp_socket_ip_ptr->nx_ip_default_packet_pool;
+ status = nx_packet_allocate(pool, &packet, NX_TCP_PACKET,
+ nxCtx->nxWait);
+ if (status != NX_SUCCESS) {
+ WOLFSSL_MSG("NetX Send packet alloc error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+
+ status = nx_packet_data_append(packet, buf, sz, pool, nxCtx->nxWait);
+ if (status != NX_SUCCESS) {
+ nx_packet_release(packet);
+ WOLFSSL_MSG("NetX Send data append error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+
+ status = nx_tcp_socket_send(nxCtx->nxSocket, packet, nxCtx->nxWait);
+ if (status != NX_SUCCESS) {
+ nx_packet_release(packet);
+ WOLFSSL_MSG("NetX Send socket send error");
+ return WOLFSSL_CBIO_ERR_GENERAL;
+ }
+
+ return sz;
+}
+
+
+/* like set_fd, but for default NetX context */
+void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxSocket, ULONG waitOption)
+{
+ if (ssl) {
+ ssl->nxCtx.nxSocket = nxSocket;
+ ssl->nxCtx.nxWait = waitOption;
+ }
+}
+
+#endif /* HAVE_NETX */
+
+