1799 lines
51 KiB
C
1799 lines
51 KiB
C
/* wolfio.c
|
|
*
|
|
* Copyright (C) 2006-2017 wolfSSL Inc.
|
|
*
|
|
* This file is part of wolfSSL.
|
|
*
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include <wolfssl/wolfcrypt/settings.h>
|
|
|
|
#ifndef WOLFCRYPT_ONLY
|
|
|
|
#ifdef _WIN32_WCE
|
|
/* On WinCE winsock2.h must be included before windows.h for socket stuff */
|
|
#include <winsock2.h>
|
|
#endif
|
|
|
|
#include <wolfssl/internal.h>
|
|
#include <wolfssl/error-ssl.h>
|
|
#include <wolfssl/wolfio.h>
|
|
|
|
#if defined(HAVE_HTTP_CLIENT)
|
|
#include <stdlib.h> /* atoi(), strtol() */
|
|
#endif
|
|
|
|
/*
|
|
Possible IO enable options:
|
|
* WOLFSSL_USER_IO: Disables default Embed* callbacks and default: off
|
|
allows user to define their own using
|
|
wolfSSL_SetIORecv and wolfSSL_SetIOSend
|
|
* USE_WOLFSSL_IO: Enables the wolfSSL IO functions default: off
|
|
* HAVE_HTTP_CLIENT: Enables HTTP client API's default: off
|
|
(unless HAVE_OCSP or HAVE_CRL_IO defined)
|
|
* HAVE_IO_TIMEOUT: Enables support for connect timeout default: off
|
|
*/
|
|
|
|
|
|
/* if user writes own I/O callbacks they can define WOLFSSL_USER_IO to remove
|
|
automatic setting of default I/O functions EmbedSend() and EmbedReceive()
|
|
but they'll still need SetCallback xxx() at end of file
|
|
*/
|
|
|
|
#if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
|
|
|
|
/* Translates return codes returned from
|
|
* send() and recv() if need be.
|
|
*/
|
|
static INLINE int TranslateReturnCode(int old, int sd)
|
|
{
|
|
(void)sd;
|
|
|
|
#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
|
|
if (old == 0) {
|
|
errno = SOCKET_EWOULDBLOCK;
|
|
return -1; /* convert to BSD style wouldblock as error */
|
|
}
|
|
|
|
if (old < 0) {
|
|
errno = RTCS_geterror(sd);
|
|
if (errno == RTCSERR_TCP_CONN_CLOSING)
|
|
return 0; /* convert to BSD style closing */
|
|
if (errno == RTCSERR_TCP_CONN_RLSD)
|
|
errno = SOCKET_ECONNRESET;
|
|
if (errno == RTCSERR_TCP_TIMED_OUT)
|
|
errno = SOCKET_EAGAIN;
|
|
}
|
|
#endif
|
|
|
|
return old;
|
|
}
|
|
|
|
static INLINE int LastError(void)
|
|
{
|
|
#ifdef USE_WINDOWS_API
|
|
return WSAGetLastError();
|
|
#elif defined(EBSNET)
|
|
return xn_getlasterror();
|
|
#else
|
|
return errno;
|
|
#endif
|
|
}
|
|
|
|
#endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */
|
|
|
|
|
|
#ifdef USE_WOLFSSL_IO
|
|
|
|
/* The receive embedded callback
|
|
* return : nb bytes read, or error
|
|
*/
|
|
int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
int sd = *(int*)ctx;
|
|
int recvd;
|
|
|
|
#ifdef WOLFSSL_DTLS
|
|
{
|
|
int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
|
|
if (wolfSSL_dtls(ssl)
|
|
&& !wolfSSL_get_using_nonblock(ssl)
|
|
&& dtls_timeout != 0) {
|
|
#ifdef USE_WINDOWS_API
|
|
DWORD timeout = dtls_timeout * 1000;
|
|
#else
|
|
struct timeval timeout;
|
|
XMEMSET(&timeout, 0, sizeof(timeout));
|
|
timeout.tv_sec = dtls_timeout;
|
|
#endif
|
|
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
|
|
sizeof(timeout)) != 0) {
|
|
WOLFSSL_MSG("setsockopt rcvtimeo failed");
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
|
|
recvd = wolfIO_Recv(sd, buf, sz, ssl->rflags);
|
|
if (recvd < 0) {
|
|
int err = LastError();
|
|
WOLFSSL_MSG("Embed Receive error");
|
|
|
|
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
|
|
if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
|
|
WOLFSSL_MSG("\tWould block");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tSocket timeout");
|
|
return WOLFSSL_CBIO_ERR_TIMEOUT;
|
|
}
|
|
}
|
|
else if (err == SOCKET_ECONNRESET) {
|
|
WOLFSSL_MSG("\tConnection reset");
|
|
return WOLFSSL_CBIO_ERR_CONN_RST;
|
|
}
|
|
else if (err == SOCKET_EINTR) {
|
|
WOLFSSL_MSG("\tSocket interrupted");
|
|
return WOLFSSL_CBIO_ERR_ISR;
|
|
}
|
|
else if (err == SOCKET_ECONNREFUSED) {
|
|
WOLFSSL_MSG("\tConnection refused");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
else if (err == SOCKET_ECONNABORTED) {
|
|
WOLFSSL_MSG("\tConnection aborted");
|
|
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tGeneral error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
else if (recvd == 0) {
|
|
WOLFSSL_MSG("Embed receive connection closed");
|
|
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
|
}
|
|
|
|
return recvd;
|
|
}
|
|
|
|
/* The send embedded callback
|
|
* return : nb bytes sent, or error
|
|
*/
|
|
int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
int sd = *(int*)ctx;
|
|
int sent;
|
|
|
|
sent = wolfIO_Send(sd, buf, sz, ssl->wflags);
|
|
if (sent < 0) {
|
|
int err = LastError();
|
|
WOLFSSL_MSG("Embed Send error");
|
|
|
|
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
|
|
WOLFSSL_MSG("\tWould Block");
|
|
return WOLFSSL_CBIO_ERR_WANT_WRITE;
|
|
}
|
|
else if (err == SOCKET_ECONNRESET) {
|
|
WOLFSSL_MSG("\tConnection reset");
|
|
return WOLFSSL_CBIO_ERR_CONN_RST;
|
|
}
|
|
else if (err == SOCKET_EINTR) {
|
|
WOLFSSL_MSG("\tSocket interrupted");
|
|
return WOLFSSL_CBIO_ERR_ISR;
|
|
}
|
|
else if (err == SOCKET_EPIPE) {
|
|
WOLFSSL_MSG("\tSocket EPIPE");
|
|
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tGeneral error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
|
|
return sent;
|
|
}
|
|
|
|
|
|
#ifdef WOLFSSL_DTLS
|
|
|
|
#include <wolfssl/wolfcrypt/sha.h>
|
|
|
|
#define SENDTO_FUNCTION sendto
|
|
#define RECVFROM_FUNCTION recvfrom
|
|
|
|
|
|
/* The receive embedded callback
|
|
* return : nb bytes read, or error
|
|
*/
|
|
int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
|
|
int recvd;
|
|
int err;
|
|
int sd = dtlsCtx->rfd;
|
|
int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
|
|
SOCKADDR_S peer;
|
|
XSOCKLENT peerSz = sizeof(peer);
|
|
|
|
WOLFSSL_ENTER("EmbedReceiveFrom()");
|
|
|
|
if (ssl->options.handShakeDone)
|
|
dtls_timeout = 0;
|
|
|
|
if (!wolfSSL_get_using_nonblock(ssl)) {
|
|
#ifdef USE_WINDOWS_API
|
|
DWORD timeout = dtls_timeout * 1000;
|
|
#else
|
|
struct timeval timeout;
|
|
XMEMSET(&timeout, 0, sizeof(timeout));
|
|
timeout.tv_sec = dtls_timeout;
|
|
#endif
|
|
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
|
|
sizeof(timeout)) != 0) {
|
|
WOLFSSL_MSG("setsockopt rcvtimeo failed");
|
|
}
|
|
}
|
|
|
|
recvd = (int)RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
|
|
(SOCKADDR*)&peer, &peerSz);
|
|
|
|
recvd = TranslateReturnCode(recvd, sd);
|
|
|
|
if (recvd < 0) {
|
|
err = LastError();
|
|
WOLFSSL_MSG("Embed Receive From error");
|
|
|
|
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
|
|
if (wolfSSL_get_using_nonblock(ssl)) {
|
|
WOLFSSL_MSG("\tWould block");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tSocket timeout");
|
|
return WOLFSSL_CBIO_ERR_TIMEOUT;
|
|
}
|
|
}
|
|
else if (err == SOCKET_ECONNRESET) {
|
|
WOLFSSL_MSG("\tConnection reset");
|
|
return WOLFSSL_CBIO_ERR_CONN_RST;
|
|
}
|
|
else if (err == SOCKET_EINTR) {
|
|
WOLFSSL_MSG("\tSocket interrupted");
|
|
return WOLFSSL_CBIO_ERR_ISR;
|
|
}
|
|
else if (err == SOCKET_ECONNREFUSED) {
|
|
WOLFSSL_MSG("\tConnection refused");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tGeneral error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
else {
|
|
if (dtlsCtx->peer.sz > 0
|
|
&& peerSz != (XSOCKLENT)dtlsCtx->peer.sz
|
|
&& XMEMCMP(&peer, dtlsCtx->peer.sa, peerSz) != 0) {
|
|
WOLFSSL_MSG(" Ignored packet from invalid peer");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
}
|
|
|
|
return recvd;
|
|
}
|
|
|
|
|
|
/* The send embedded callback
|
|
* return : nb bytes sent, or error
|
|
*/
|
|
int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
|
|
int sd = dtlsCtx->wfd;
|
|
int sent;
|
|
int len = sz;
|
|
int err;
|
|
|
|
WOLFSSL_ENTER("EmbedSendTo()");
|
|
|
|
sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags,
|
|
(const SOCKADDR*)dtlsCtx->peer.sa,
|
|
dtlsCtx->peer.sz);
|
|
|
|
sent = TranslateReturnCode(sent, sd);
|
|
|
|
if (sent < 0) {
|
|
err = LastError();
|
|
WOLFSSL_MSG("Embed Send To error");
|
|
|
|
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
|
|
WOLFSSL_MSG("\tWould Block");
|
|
return WOLFSSL_CBIO_ERR_WANT_WRITE;
|
|
}
|
|
else if (err == SOCKET_ECONNRESET) {
|
|
WOLFSSL_MSG("\tConnection reset");
|
|
return WOLFSSL_CBIO_ERR_CONN_RST;
|
|
}
|
|
else if (err == SOCKET_EINTR) {
|
|
WOLFSSL_MSG("\tSocket interrupted");
|
|
return WOLFSSL_CBIO_ERR_ISR;
|
|
}
|
|
else if (err == SOCKET_EPIPE) {
|
|
WOLFSSL_MSG("\tSocket EPIPE");
|
|
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tGeneral error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
|
|
return sent;
|
|
}
|
|
|
|
|
|
#ifdef WOLFSSL_MULTICAST
|
|
|
|
/* The alternate receive embedded callback for Multicast
|
|
* return : nb bytes read, or error
|
|
*/
|
|
int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
|
|
int recvd;
|
|
int err;
|
|
int sd = dtlsCtx->rfd;
|
|
|
|
WOLFSSL_ENTER("EmbedReceiveFromMcast()");
|
|
|
|
recvd = (int)RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags, NULL, NULL);
|
|
|
|
recvd = TranslateReturnCode(recvd, sd);
|
|
|
|
if (recvd < 0) {
|
|
err = LastError();
|
|
WOLFSSL_MSG("Embed Receive From error");
|
|
|
|
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
|
|
if (wolfSSL_get_using_nonblock(ssl)) {
|
|
WOLFSSL_MSG("\tWould block");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tSocket timeout");
|
|
return WOLFSSL_CBIO_ERR_TIMEOUT;
|
|
}
|
|
}
|
|
else if (err == SOCKET_ECONNRESET) {
|
|
WOLFSSL_MSG("\tConnection reset");
|
|
return WOLFSSL_CBIO_ERR_CONN_RST;
|
|
}
|
|
else if (err == SOCKET_EINTR) {
|
|
WOLFSSL_MSG("\tSocket interrupted");
|
|
return WOLFSSL_CBIO_ERR_ISR;
|
|
}
|
|
else if (err == SOCKET_ECONNREFUSED) {
|
|
WOLFSSL_MSG("\tConnection refused");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tGeneral error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
|
|
return recvd;
|
|
}
|
|
#endif /* WOLFSSL_MULTICAST */
|
|
|
|
|
|
/* The DTLS Generate Cookie callback
|
|
* return : number of bytes copied into buf, or error
|
|
*/
|
|
int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
|
|
{
|
|
int sd = ssl->wfd;
|
|
SOCKADDR_S peer;
|
|
XSOCKLENT peerSz = sizeof(peer);
|
|
byte digest[WC_SHA256_DIGEST_SIZE];
|
|
int ret = 0;
|
|
|
|
(void)ctx;
|
|
|
|
XMEMSET(&peer, 0, sizeof(peer));
|
|
if (getpeername(sd, (SOCKADDR*)&peer, &peerSz) != 0) {
|
|
WOLFSSL_MSG("getpeername failed in EmbedGenerateCookie");
|
|
return GEN_COOKIE_E;
|
|
}
|
|
|
|
ret = wc_Sha256Hash((byte*)&peer, peerSz, digest);
|
|
if (ret != 0)
|
|
return ret;
|
|
|
|
if (sz > WC_SHA256_DIGEST_SIZE)
|
|
sz = WC_SHA256_DIGEST_SIZE;
|
|
XMEMCPY(buf, digest, sz);
|
|
|
|
return sz;
|
|
}
|
|
|
|
#ifdef WOLFSSL_SESSION_EXPORT
|
|
|
|
/* get the peer information in human readable form (ip, port, family)
|
|
* default function assumes BSD sockets
|
|
* can be overriden with wolfSSL_CTX_SetIOGetPeer
|
|
*/
|
|
int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
|
|
unsigned short* port, int* fam)
|
|
{
|
|
SOCKADDR_S peer;
|
|
word32 peerSz;
|
|
int ret;
|
|
|
|
if (ssl == NULL || ip == NULL || ipSz == NULL ||
|
|
port == NULL || fam == NULL) {
|
|
return BAD_FUNC_ARG;
|
|
}
|
|
|
|
/* get peer information stored in ssl struct */
|
|
peerSz = sizeof(SOCKADDR_S);
|
|
if ((ret = wolfSSL_dtls_get_peer(ssl, (void*)&peer, &peerSz))
|
|
!= WOLFSSL_SUCCESS) {
|
|
return ret;
|
|
}
|
|
|
|
/* extract family, ip, and port */
|
|
*fam = ((SOCKADDR_S*)&peer)->ss_family;
|
|
switch (*fam) {
|
|
case WOLFSSL_IP4:
|
|
if (XINET_NTOP(*fam, &(((SOCKADDR_IN*)&peer)->sin_addr),
|
|
ip, *ipSz) == NULL) {
|
|
WOLFSSL_MSG("XINET_NTOP error");
|
|
return SOCKET_ERROR_E;
|
|
}
|
|
*port = XNTOHS(((SOCKADDR_IN*)&peer)->sin_port);
|
|
break;
|
|
|
|
case WOLFSSL_IP6:
|
|
#ifdef WOLFSSL_IPV6
|
|
if (XINET_NTOP(*fam, &(((SOCKADDR_IN6*)&peer)->sin6_addr),
|
|
ip, *ipSz) == NULL) {
|
|
WOLFSSL_MSG("XINET_NTOP error");
|
|
return SOCKET_ERROR_E;
|
|
}
|
|
*port = XNTOHS(((SOCKADDR_IN6*)&peer)->sin6_port);
|
|
#endif /* WOLFSSL_IPV6 */
|
|
break;
|
|
|
|
default:
|
|
WOLFSSL_MSG("Unknown family type");
|
|
return SOCKET_ERROR_E;
|
|
}
|
|
ip[*ipSz - 1] = '\0'; /* make sure has terminator */
|
|
*ipSz = (word16)XSTRLEN(ip);
|
|
|
|
return WOLFSSL_SUCCESS;
|
|
}
|
|
|
|
/* set the peer information in human readable form (ip, port, family)
|
|
* default function assumes BSD sockets
|
|
* can be overriden with wolfSSL_CTX_SetIOSetPeer
|
|
*/
|
|
int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz,
|
|
unsigned short port, int fam)
|
|
{
|
|
int ret;
|
|
SOCKADDR_S addr;
|
|
|
|
/* sanity checks on arguments */
|
|
if (ssl == NULL || ip == NULL || ipSz < 0 || ipSz > DTLS_EXPORT_IP) {
|
|
return BAD_FUNC_ARG;
|
|
}
|
|
|
|
addr.ss_family = fam;
|
|
switch (addr.ss_family) {
|
|
case WOLFSSL_IP4:
|
|
if (XINET_PTON(addr.ss_family, ip,
|
|
&(((SOCKADDR_IN*)&addr)->sin_addr)) <= 0) {
|
|
WOLFSSL_MSG("XINET_PTON error");
|
|
return SOCKET_ERROR_E;
|
|
}
|
|
((SOCKADDR_IN*)&addr)->sin_port = XHTONS(port);
|
|
|
|
/* peer sa is free'd in SSL_ResourceFree */
|
|
if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN*)&addr,
|
|
sizeof(SOCKADDR_IN)))!= WOLFSSL_SUCCESS) {
|
|
WOLFSSL_MSG("Import DTLS peer info error");
|
|
return ret;
|
|
}
|
|
break;
|
|
|
|
case WOLFSSL_IP6:
|
|
#ifdef WOLFSSL_IPV6
|
|
if (XINET_PTON(addr.ss_family, ip,
|
|
&(((SOCKADDR_IN6*)&addr)->sin6_addr)) <= 0) {
|
|
WOLFSSL_MSG("XINET_PTON error");
|
|
return SOCKET_ERROR_E;
|
|
}
|
|
((SOCKADDR_IN6*)&addr)->sin6_port = XHTONS(port);
|
|
|
|
/* peer sa is free'd in SSL_ResourceFree */
|
|
if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN6*)&addr,
|
|
sizeof(SOCKADDR_IN6)))!= WOLFSSL_SUCCESS) {
|
|
WOLFSSL_MSG("Import DTLS peer info error");
|
|
return ret;
|
|
}
|
|
#endif /* WOLFSSL_IPV6 */
|
|
break;
|
|
|
|
default:
|
|
WOLFSSL_MSG("Unknown address family");
|
|
return BUFFER_E;
|
|
}
|
|
|
|
return WOLFSSL_SUCCESS;
|
|
}
|
|
#endif /* WOLFSSL_SESSION_EXPORT */
|
|
#endif /* WOLFSSL_DTLS */
|
|
|
|
|
|
int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags)
|
|
{
|
|
int recvd;
|
|
|
|
recvd = (int)RECV_FUNCTION(sd, buf, sz, rdFlags);
|
|
recvd = TranslateReturnCode(recvd, sd);
|
|
|
|
return recvd;
|
|
}
|
|
|
|
int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags)
|
|
{
|
|
int sent;
|
|
|
|
sent = (int)SEND_FUNCTION(sd, buf, sz, wrFlags);
|
|
sent = TranslateReturnCode(sent, sd);
|
|
|
|
return sent;
|
|
}
|
|
|
|
#endif /* USE_WOLFSSL_IO */
|
|
|
|
|
|
#ifdef HAVE_HTTP_CLIENT
|
|
|
|
#ifndef HAVE_IO_TIMEOUT
|
|
#define io_timeout_sec 0
|
|
#else
|
|
|
|
#ifndef DEFAULT_TIMEOUT_SEC
|
|
#define DEFAULT_TIMEOUT_SEC 0 /* no timeout */
|
|
#endif
|
|
|
|
static int io_timeout_sec = DEFAULT_TIMEOUT_SEC;
|
|
|
|
void wolfIO_SetTimeout(int to_sec)
|
|
{
|
|
io_timeout_sec = to_sec;
|
|
}
|
|
|
|
int wolfIO_SetBlockingMode(SOCKET_T sockfd, int non_blocking)
|
|
{
|
|
int ret = 0;
|
|
|
|
#ifdef USE_WINDOWS_API
|
|
unsigned long blocking = non_blocking;
|
|
ret = ioctlsocket(sockfd, FIONBIO, &blocking);
|
|
if (ret == SOCKET_ERROR)
|
|
ret = -1;
|
|
#else
|
|
ret = fcntl(sockfd, F_GETFL, 0);
|
|
if (ret >= 0) {
|
|
if (non_blocking)
|
|
ret |= O_NONBLOCK;
|
|
else
|
|
ret &= ~O_NONBLOCK;
|
|
ret = fcntl(sockfd, F_SETFL, ret);
|
|
}
|
|
#endif
|
|
if (ret < 0) {
|
|
WOLFSSL_MSG("wolfIO_SetBlockingMode failed");
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
#ifdef _MSC_VER
|
|
/* 4204: non-constant aggregate initializer (nfds = sockfd + 1) */
|
|
#pragma warning(disable: 4204)
|
|
#endif
|
|
int wolfIO_Select(SOCKET_T sockfd, int to_sec)
|
|
{
|
|
fd_set fds;
|
|
SOCKET_T nfds = sockfd + 1;
|
|
struct timeval timeout = { (to_sec > 0) ? to_sec : 0, 0};
|
|
int ret;
|
|
|
|
FD_ZERO(&fds);
|
|
FD_SET(sockfd, &fds);
|
|
|
|
ret = select(nfds, &fds, &fds, NULL, &timeout);
|
|
if (ret == 0) {
|
|
#ifdef DEBUG_HTTP
|
|
printf("Timeout: %d\n", ret);
|
|
#endif
|
|
return HTTP_TIMEOUT;
|
|
}
|
|
else if (ret > 0) {
|
|
if (FD_ISSET(sockfd, &fds))
|
|
return 0;
|
|
}
|
|
return SOCKET_ERROR_E;
|
|
}
|
|
#endif /* HAVE_IO_TIMEOUT */
|
|
|
|
static int wolfIO_Word16ToString(char* d, word16 number)
|
|
{
|
|
int i = 0;
|
|
word16 order = 10000;
|
|
word16 digit;
|
|
|
|
if (d == NULL)
|
|
return i;
|
|
|
|
if (number == 0)
|
|
d[i++] = '0';
|
|
else {
|
|
while (order) {
|
|
digit = number / order;
|
|
if (i > 0 || digit != 0)
|
|
d[i++] = (char)digit + '0';
|
|
if (digit != 0)
|
|
number %= digit * order;
|
|
|
|
order = (order > 1) ? order / 10 : 0;
|
|
}
|
|
}
|
|
d[i] = 0; /* null terminate */
|
|
|
|
return i;
|
|
}
|
|
|
|
int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
|
|
{
|
|
#ifdef HAVE_SOCKADDR
|
|
int ret = 0;
|
|
SOCKADDR_S addr;
|
|
int sockaddr_len = sizeof(SOCKADDR_IN);
|
|
#ifdef HAVE_GETADDRINFO
|
|
ADDRINFO hints;
|
|
ADDRINFO* answer = NULL;
|
|
char strPort[6];
|
|
#else
|
|
HOSTENT* entry;
|
|
SOCKADDR_IN *sin;
|
|
#endif
|
|
|
|
XMEMSET(&addr, 0, sizeof(addr));
|
|
|
|
#ifdef WOLFIO_DEBUG
|
|
printf("TCP Connect: %s:%d\n", ip, port);
|
|
#endif
|
|
|
|
#ifdef HAVE_GETADDRINFO
|
|
XMEMSET(&hints, 0, sizeof(hints));
|
|
hints.ai_family = AF_UNSPEC;
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
if (wolfIO_Word16ToString(strPort, port) == 0) {
|
|
WOLFSSL_MSG("invalid port number for responder");
|
|
return -1;
|
|
}
|
|
|
|
if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) {
|
|
WOLFSSL_MSG("no addr info for responder");
|
|
return -1;
|
|
}
|
|
|
|
sockaddr_len = answer->ai_addrlen;
|
|
XMEMCPY(&addr, answer->ai_addr, sockaddr_len);
|
|
freeaddrinfo(answer);
|
|
#else
|
|
entry = gethostbyname(ip);
|
|
sin = (SOCKADDR_IN *)&addr;
|
|
|
|
if (entry) {
|
|
sin->sin_family = AF_INET;
|
|
sin->sin_port = XHTONS(port);
|
|
XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0], entry->h_length);
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("no addr info for responder");
|
|
return -1;
|
|
}
|
|
#endif
|
|
|
|
*sockfd = (SOCKET_T)socket(addr.ss_family, SOCK_STREAM, 0);
|
|
|
|
#ifdef USE_WINDOWS_API
|
|
if (*sockfd == INVALID_SOCKET) {
|
|
WOLFSSL_MSG("bad socket fd, out of fds?");
|
|
return -1;
|
|
}
|
|
#else
|
|
if (*sockfd < 0) {
|
|
WOLFSSL_MSG("bad socket fd, out of fds?");
|
|
return -1;
|
|
}
|
|
#endif
|
|
|
|
#ifdef HAVE_IO_TIMEOUT
|
|
/* if timeout value provided then set socket non-blocking */
|
|
if (to_sec > 0) {
|
|
wolfIO_SetBlockingMode(*sockfd, 1);
|
|
}
|
|
#else
|
|
(void)to_sec;
|
|
#endif
|
|
|
|
ret = connect(*sockfd, (SOCKADDR *)&addr, sockaddr_len);
|
|
#ifdef HAVE_IO_TIMEOUT
|
|
if (ret != 0) {
|
|
if ((errno == EINPROGRESS) && (to_sec > 0)) {
|
|
/* wait for connect to complete */
|
|
ret = wolfIO_Select(*sockfd, to_sec);
|
|
|
|
/* restore blocking mode */
|
|
wolfIO_SetBlockingMode(*sockfd, 0);
|
|
}
|
|
}
|
|
#endif
|
|
if (ret != 0) {
|
|
WOLFSSL_MSG("Responder tcp connect failed");
|
|
return -1;
|
|
}
|
|
return ret;
|
|
#else
|
|
(void)sockfd;
|
|
(void)ip;
|
|
(void)port;
|
|
(void)to_sec;
|
|
return -1;
|
|
#endif /* HAVE_SOCKADDR */
|
|
}
|
|
|
|
#ifndef HTTP_SCRATCH_BUFFER_SIZE
|
|
#define HTTP_SCRATCH_BUFFER_SIZE 512
|
|
#endif
|
|
#ifndef MAX_URL_ITEM_SIZE
|
|
#define MAX_URL_ITEM_SIZE 80
|
|
#endif
|
|
|
|
int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath,
|
|
word16* outPort)
|
|
{
|
|
int result = -1;
|
|
|
|
if (url == NULL || urlSz == 0) {
|
|
if (outName)
|
|
*outName = 0;
|
|
if (outPath)
|
|
*outPath = 0;
|
|
if (outPort)
|
|
*outPort = 0;
|
|
}
|
|
else {
|
|
int i, cur;
|
|
|
|
/* need to break the url down into scheme, address, and port */
|
|
/* "http://example.com:8080/" */
|
|
/* "http://[::1]:443/" */
|
|
if (XSTRNCMP(url, "http://", 7) == 0) {
|
|
cur = 7;
|
|
} else cur = 0;
|
|
|
|
i = 0;
|
|
if (url[cur] == '[') {
|
|
cur++;
|
|
/* copy until ']' */
|
|
while (url[cur] != 0 && url[cur] != ']' && cur < urlSz) {
|
|
if (outName)
|
|
outName[i] = url[cur];
|
|
i++; cur++;
|
|
}
|
|
cur++; /* skip ']' */
|
|
}
|
|
else {
|
|
while (url[cur] != 0 && url[cur] != ':' &&
|
|
url[cur] != '/' && cur < urlSz) {
|
|
if (outName)
|
|
outName[i] = url[cur];
|
|
i++; cur++;
|
|
}
|
|
}
|
|
if (outName)
|
|
outName[i] = 0;
|
|
/* Need to pick out the path after the domain name */
|
|
|
|
if (cur < urlSz && url[cur] == ':') {
|
|
char port[6];
|
|
int j;
|
|
word32 bigPort = 0;
|
|
i = 0;
|
|
cur++;
|
|
while (cur < urlSz && url[cur] != 0 && url[cur] != '/' &&
|
|
i < 6) {
|
|
port[i++] = url[cur++];
|
|
}
|
|
|
|
for (j = 0; j < i; j++) {
|
|
if (port[j] < '0' || port[j] > '9') return -1;
|
|
bigPort = (bigPort * 10) + (port[j] - '0');
|
|
}
|
|
if (outPort)
|
|
*outPort = (word16)bigPort;
|
|
}
|
|
else if (outPort)
|
|
*outPort = 80;
|
|
|
|
|
|
if (cur < urlSz && url[cur] == '/') {
|
|
i = 0;
|
|
while (cur < urlSz && url[cur] != 0 && i < MAX_URL_ITEM_SIZE) {
|
|
if (outPath)
|
|
outPath[i] = url[cur];
|
|
i++; cur++;
|
|
}
|
|
if (outPath)
|
|
outPath[i] = 0;
|
|
}
|
|
else if (outPath) {
|
|
outPath[0] = '/';
|
|
outPath[1] = 0;
|
|
}
|
|
|
|
result = 0;
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf, int* recvBufSz,
|
|
int chunkSz, char* start, int len, int dynType, void* heap)
|
|
{
|
|
byte* newRecvBuf = NULL;
|
|
int newRecvSz = *recvBufSz + chunkSz;
|
|
int pos = 0;
|
|
|
|
WOLFSSL_MSG("Processing HTTP response");
|
|
#ifdef WOLFIO_DEBUG
|
|
printf("HTTP Chunk %d->%d\n", *recvBufSz, chunkSz);
|
|
#endif
|
|
|
|
newRecvBuf = (byte*)XMALLOC(newRecvSz, heap, dynType);
|
|
if (newRecvBuf == NULL) {
|
|
WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf malloc failed");
|
|
return MEMORY_E;
|
|
}
|
|
|
|
/* if buffer already exists, then we are growing it */
|
|
if (*recvBuf) {
|
|
XMEMCPY(&newRecvBuf[pos], *recvBuf, *recvBufSz);
|
|
XFREE(*recvBuf, heap, dynType);
|
|
pos += *recvBufSz;
|
|
*recvBuf = NULL;
|
|
}
|
|
|
|
/* copy the remainder of the httpBuf into the respBuf */
|
|
if (len != 0) {
|
|
XMEMCPY(&newRecvBuf[pos], start, len);
|
|
pos += len;
|
|
}
|
|
|
|
/* receive the remainder of chunk */
|
|
while (len < chunkSz) {
|
|
int rxSz = wolfIO_Recv(sfd, (char*)&newRecvBuf[pos], chunkSz-len, 0);
|
|
if (rxSz > 0) {
|
|
len += rxSz;
|
|
pos += rxSz;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf recv failed");
|
|
XFREE(newRecvBuf, heap, dynType);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
*recvBuf = newRecvBuf;
|
|
*recvBufSz = newRecvSz;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
|
|
byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap)
|
|
{
|
|
int result = 0;
|
|
int len = 0;
|
|
char *start, *end;
|
|
int respBufSz = 0;
|
|
int isChunked = 0, chunkSz = 0;
|
|
enum phr_state { phr_init, phr_http_start, phr_have_length, phr_have_type,
|
|
phr_wait_end, phr_get_chunk_len, phr_get_chunk_data,
|
|
phr_http_end
|
|
} state = phr_init;
|
|
|
|
*respBuf = NULL;
|
|
start = end = NULL;
|
|
do {
|
|
if (state == phr_get_chunk_data) {
|
|
/* get chunk of data */
|
|
result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz,
|
|
chunkSz, start, len, dynType, heap);
|
|
|
|
state = (result != 0) ? phr_http_end : phr_get_chunk_len;
|
|
end = NULL;
|
|
len = 0;
|
|
}
|
|
|
|
/* read data if no \r\n or first time */
|
|
if (end == NULL) {
|
|
result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0);
|
|
if (result > 0) {
|
|
len += result;
|
|
start = (char*)httpBuf;
|
|
start[len] = 0;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("wolfIO_HttpProcessResponse recv http from peer failed");
|
|
return -1;
|
|
}
|
|
}
|
|
end = XSTRSTR(start, "\r\n"); /* locate end */
|
|
|
|
/* handle incomplete rx */
|
|
if (end == NULL) {
|
|
if (len != 0)
|
|
XMEMMOVE(httpBuf, start, len);
|
|
start = end = NULL;
|
|
}
|
|
/* when start is "\r\n" */
|
|
else if (end == start) {
|
|
/* if waiting for end or need chunk len */
|
|
if (state == phr_wait_end || state == phr_get_chunk_len) {
|
|
state = (isChunked) ? phr_get_chunk_len : phr_http_end;
|
|
len -= 2; start += 2; /* skip \r\n */
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("wolfIO_HttpProcessResponse header ended early");
|
|
return -1;
|
|
}
|
|
}
|
|
else {
|
|
*end = 0; /* null terminate */
|
|
len -= (int)(end - start) + 2;
|
|
/* adjust len to remove the first line including the /r/n */
|
|
|
|
#ifdef WOLFIO_DEBUG
|
|
printf("HTTP Resp: %s\n", start);
|
|
#endif
|
|
|
|
switch (state) {
|
|
case phr_init:
|
|
if (XSTRNCASECMP(start, "HTTP/1", 6) == 0) {
|
|
start += 9;
|
|
if (XSTRNCASECMP(start, "200 OK", 6) != 0) {
|
|
WOLFSSL_MSG("wolfIO_HttpProcessResponse not OK");
|
|
return -1;
|
|
}
|
|
state = phr_http_start;
|
|
}
|
|
break;
|
|
case phr_http_start:
|
|
case phr_have_length:
|
|
case phr_have_type:
|
|
if (XSTRNCASECMP(start, "Content-Type:", 13) == 0) {
|
|
int i;
|
|
|
|
start += 13;
|
|
while (*start == ' ' && *start != '\0') start++;
|
|
|
|
/* try and match against appStrList */
|
|
i = 0;
|
|
while (appStrList[i] != NULL) {
|
|
if (XSTRNCASECMP(start, appStrList[i],
|
|
XSTRLEN(appStrList[i])) == 0) {
|
|
break;
|
|
}
|
|
i++;
|
|
}
|
|
if (appStrList[i] == NULL) {
|
|
WOLFSSL_MSG("wolfIO_HttpProcessResponse appstr mismatch");
|
|
return -1;
|
|
}
|
|
state = (state == phr_http_start) ? phr_have_type : phr_wait_end;
|
|
}
|
|
else if (XSTRNCASECMP(start, "Content-Length:", 15) == 0) {
|
|
start += 15;
|
|
while (*start == ' ' && *start != '\0') start++;
|
|
chunkSz = atoi(start);
|
|
state = (state == phr_http_start) ? phr_have_length : phr_wait_end;
|
|
}
|
|
else if (XSTRNCASECMP(start, "Transfer-Encoding:", 18) == 0) {
|
|
start += 18;
|
|
while (*start == ' ' && *start != '\0') start++;
|
|
if (XSTRNCASECMP(start, "chunked", 7) == 0) {
|
|
isChunked = 1;
|
|
state = (state == phr_http_start) ? phr_have_length : phr_wait_end;
|
|
}
|
|
}
|
|
break;
|
|
case phr_get_chunk_len:
|
|
chunkSz = (int)strtol(start, NULL, 16); /* hex format */
|
|
state = (chunkSz == 0) ? phr_http_end : phr_get_chunk_data;
|
|
break;
|
|
case phr_get_chunk_data:
|
|
/* processing for chunk data done above, since \r\n isn't required */
|
|
case phr_wait_end:
|
|
case phr_http_end:
|
|
/* do nothing */
|
|
break;
|
|
} /* switch (state) */
|
|
|
|
/* skip to end plus \r\n */
|
|
start = end + 2;
|
|
}
|
|
} while (state != phr_http_end);
|
|
|
|
if (!isChunked) {
|
|
result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz, chunkSz,
|
|
start, len, dynType, heap);
|
|
}
|
|
|
|
if (result >= 0) {
|
|
result = respBufSz;
|
|
}
|
|
else {
|
|
WOLFSSL_ERROR(result);
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
|
|
const char* path, int pathLen, int reqSz, const char* contentType,
|
|
byte* buf, int bufSize)
|
|
{
|
|
word32 reqTypeLen, domainNameLen, reqSzStrLen, contentTypeLen, maxLen;
|
|
char reqSzStr[6];
|
|
char* req = (char*)buf;
|
|
const char* blankStr = " ";
|
|
const char* http11Str = " HTTP/1.1";
|
|
const char* hostStr = "\r\nHost: ";
|
|
const char* contentLenStr = "\r\nContent-Length: ";
|
|
const char* contentTypeStr = "\r\nContent-Type: ";
|
|
const char* doubleCrLfStr = "\r\n\r\n";
|
|
word32 blankStrLen, http11StrLen, hostStrLen, contentLenStrLen,
|
|
contentTypeStrLen, doubleCrLfStrLen;
|
|
|
|
reqTypeLen = (word32)XSTRLEN(reqType);
|
|
domainNameLen = (word32)XSTRLEN(domainName);
|
|
reqSzStrLen = wolfIO_Word16ToString(reqSzStr, (word16)reqSz);
|
|
contentTypeLen = (word32)XSTRLEN(contentType);
|
|
|
|
blankStrLen = (word32)XSTRLEN(blankStr);
|
|
http11StrLen = (word32)XSTRLEN(http11Str);
|
|
hostStrLen = (word32)XSTRLEN(hostStr);
|
|
contentLenStrLen = (word32)XSTRLEN(contentLenStr);
|
|
contentTypeStrLen = (word32)XSTRLEN(contentTypeStr);
|
|
doubleCrLfStrLen = (word32)XSTRLEN(doubleCrLfStr);
|
|
|
|
/* determine max length and check it */
|
|
maxLen =
|
|
reqTypeLen +
|
|
blankStrLen +
|
|
pathLen +
|
|
http11StrLen +
|
|
hostStrLen +
|
|
domainNameLen +
|
|
contentLenStrLen +
|
|
reqSzStrLen +
|
|
contentTypeStrLen +
|
|
contentTypeLen +
|
|
doubleCrLfStrLen +
|
|
1 /* null term */;
|
|
if (maxLen > (word32)bufSize)
|
|
return 0;
|
|
|
|
XSTRNCPY((char*)buf, reqType, reqTypeLen);
|
|
buf += reqTypeLen;
|
|
XSTRNCPY((char*)buf, blankStr, blankStrLen+1);
|
|
buf += blankStrLen;
|
|
XSTRNCPY((char*)buf, path, pathLen);
|
|
buf += pathLen;
|
|
XSTRNCPY((char*)buf, http11Str, http11StrLen+1);
|
|
buf += http11StrLen;
|
|
if (domainNameLen > 0) {
|
|
XSTRNCPY((char*)buf, hostStr, hostStrLen+1);
|
|
buf += hostStrLen;
|
|
XSTRNCPY((char*)buf, domainName, domainNameLen);
|
|
buf += domainNameLen;
|
|
}
|
|
if (reqSz > 0 && reqSzStrLen > 0) {
|
|
XSTRNCPY((char*)buf, contentLenStr, contentLenStrLen+1);
|
|
buf += contentLenStrLen;
|
|
XSTRNCPY((char*)buf, reqSzStr, reqSzStrLen);
|
|
buf += reqSzStrLen;
|
|
}
|
|
if (contentTypeLen > 0) {
|
|
XSTRNCPY((char*)buf, contentTypeStr, contentTypeStrLen+1);
|
|
buf += contentTypeStrLen;
|
|
XSTRNCPY((char*)buf, contentType, contentTypeLen);
|
|
buf += contentTypeLen;
|
|
}
|
|
XSTRNCPY((char*)buf, doubleCrLfStr, doubleCrLfStrLen+1);
|
|
buf += doubleCrLfStrLen;
|
|
|
|
#ifdef WOLFIO_DEBUG
|
|
printf("HTTP %s: %s", reqType, req);
|
|
#endif
|
|
|
|
/* calculate actual length based on original and new pointer */
|
|
return (int)((char*)buf - req);
|
|
}
|
|
|
|
|
|
#ifdef HAVE_OCSP
|
|
|
|
int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path,
|
|
int ocspReqSz, byte* buf, int bufSize)
|
|
{
|
|
return wolfIO_HttpBuildRequest("POST", domainName, path, (int)XSTRLEN(path),
|
|
ocspReqSz, "application/ocsp-request", buf, bufSize);
|
|
}
|
|
|
|
/* return: >0 OCSP Response Size
|
|
* -1 error */
|
|
int wolfIO_HttpProcessResponseOcsp(int sfd, byte** respBuf,
|
|
byte* httpBuf, int httpBufSz, void* heap)
|
|
{
|
|
const char* appStrList[] = {
|
|
"application/ocsp-response",
|
|
NULL
|
|
};
|
|
|
|
return wolfIO_HttpProcessResponse(sfd, appStrList,
|
|
respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap);
|
|
}
|
|
|
|
/* in default wolfSSL callback ctx is the heap pointer */
|
|
int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
|
|
byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
|
|
{
|
|
SOCKET_T sfd = 0;
|
|
word16 port;
|
|
int ret = -1;
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
char* path;
|
|
char* domainName;
|
|
#else
|
|
char path[MAX_URL_ITEM_SIZE];
|
|
char domainName[MAX_URL_ITEM_SIZE];
|
|
#endif
|
|
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
path = (char*)XMALLOC(MAX_URL_ITEM_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
if (path == NULL)
|
|
return MEMORY_E;
|
|
|
|
domainName = (char*)XMALLOC(MAX_URL_ITEM_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
if (domainName == NULL) {
|
|
XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
return MEMORY_E;
|
|
}
|
|
#endif
|
|
|
|
if (ocspReqBuf == NULL || ocspReqSz == 0) {
|
|
WOLFSSL_MSG("OCSP request is required for lookup");
|
|
}
|
|
else if (ocspRespBuf == NULL) {
|
|
WOLFSSL_MSG("Cannot save OCSP response");
|
|
}
|
|
else if (wolfIO_DecodeUrl(url, urlSz, domainName, path, &port) < 0) {
|
|
WOLFSSL_MSG("Unable to decode OCSP URL");
|
|
}
|
|
else {
|
|
/* Note, the library uses the EmbedOcspRespFree() callback to
|
|
* free this buffer. */
|
|
int httpBufSz = HTTP_SCRATCH_BUFFER_SIZE;
|
|
byte* httpBuf = (byte*)XMALLOC(httpBufSz, ctx, DYNAMIC_TYPE_OCSP);
|
|
|
|
if (httpBuf == NULL) {
|
|
WOLFSSL_MSG("Unable to create OCSP response buffer");
|
|
}
|
|
else {
|
|
httpBufSz = wolfIO_HttpBuildRequestOcsp(domainName, path, ocspReqSz,
|
|
httpBuf, httpBufSz);
|
|
|
|
ret = wolfIO_TcpConnect(&sfd, domainName, port, io_timeout_sec);
|
|
if ((ret != 0) || (sfd < 0)) {
|
|
WOLFSSL_MSG("OCSP Responder connection failed");
|
|
}
|
|
else if (wolfIO_Send(sfd, (char*)httpBuf, httpBufSz, 0) !=
|
|
httpBufSz) {
|
|
WOLFSSL_MSG("OCSP http request failed");
|
|
}
|
|
else if (wolfIO_Send(sfd, (char*)ocspReqBuf, ocspReqSz, 0) !=
|
|
ocspReqSz) {
|
|
WOLFSSL_MSG("OCSP ocsp request failed");
|
|
}
|
|
else {
|
|
ret = wolfIO_HttpProcessResponseOcsp(sfd, ocspRespBuf, httpBuf,
|
|
HTTP_SCRATCH_BUFFER_SIZE, ctx);
|
|
}
|
|
|
|
close(sfd);
|
|
XFREE(httpBuf, ctx, DYNAMIC_TYPE_OCSP);
|
|
}
|
|
}
|
|
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
XFREE(domainName, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
#endif
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* in default callback ctx is heap hint */
|
|
void EmbedOcspRespFree(void* ctx, byte *resp)
|
|
{
|
|
if (resp)
|
|
XFREE(resp, ctx, DYNAMIC_TYPE_OCSP);
|
|
|
|
(void)ctx;
|
|
}
|
|
#endif /* HAVE_OCSP */
|
|
|
|
|
|
#if defined(HAVE_CRL) && defined(HAVE_CRL_IO)
|
|
|
|
int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz,
|
|
const char* domainName, byte* buf, int bufSize)
|
|
{
|
|
return wolfIO_HttpBuildRequest("GET", domainName, url, urlSz, 0, "",
|
|
buf, bufSize);
|
|
}
|
|
|
|
int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd, byte* httpBuf,
|
|
int httpBufSz)
|
|
{
|
|
int result;
|
|
byte *respBuf = NULL;
|
|
|
|
const char* appStrList[] = {
|
|
"application/pkix-crl",
|
|
"application/x-pkcs7-crl",
|
|
NULL
|
|
};
|
|
|
|
result = wolfIO_HttpProcessResponse(sfd, appStrList,
|
|
&respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_CRL, crl->heap);
|
|
if (result >= 0) {
|
|
result = BufferLoadCRL(crl, respBuf, result, WOLFSSL_FILETYPE_ASN1, 0);
|
|
}
|
|
XFREE(respBuf, crl->heap, DYNAMIC_TYPE_CRL);
|
|
|
|
return result;
|
|
}
|
|
|
|
int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz)
|
|
{
|
|
SOCKET_T sfd = 0;
|
|
word16 port;
|
|
int ret = -1;
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
char* domainName;
|
|
#else
|
|
char domainName[MAX_URL_ITEM_SIZE];
|
|
#endif
|
|
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
domainName = (char*)XMALLOC(MAX_URL_ITEM_SIZE, crl->heap,
|
|
DYNAMIC_TYPE_TMP_BUFFER);
|
|
if (domainName == NULL) {
|
|
return MEMORY_E;
|
|
}
|
|
#endif
|
|
|
|
if (wolfIO_DecodeUrl(url, urlSz, domainName, NULL, &port) < 0) {
|
|
WOLFSSL_MSG("Unable to decode CRL URL");
|
|
}
|
|
else {
|
|
int httpBufSz = HTTP_SCRATCH_BUFFER_SIZE;
|
|
byte* httpBuf = (byte*)XMALLOC(httpBufSz, crl->heap,
|
|
DYNAMIC_TYPE_CRL);
|
|
if (httpBuf == NULL) {
|
|
WOLFSSL_MSG("Unable to create CRL response buffer");
|
|
}
|
|
else {
|
|
httpBufSz = wolfIO_HttpBuildRequestCrl(url, urlSz, domainName,
|
|
httpBuf, httpBufSz);
|
|
|
|
ret = wolfIO_TcpConnect(&sfd, domainName, port, io_timeout_sec);
|
|
if ((ret != 0) || (sfd < 0)) {
|
|
WOLFSSL_MSG("CRL connection failed");
|
|
}
|
|
else if (wolfIO_Send(sfd, (char*)httpBuf, httpBufSz, 0)
|
|
!= httpBufSz) {
|
|
WOLFSSL_MSG("CRL http get failed");
|
|
}
|
|
else {
|
|
ret = wolfIO_HttpProcessResponseCrl(crl, sfd, httpBuf,
|
|
HTTP_SCRATCH_BUFFER_SIZE);
|
|
}
|
|
|
|
close(sfd);
|
|
XFREE(httpBuf, crl->heap, DYNAMIC_TYPE_CRL);
|
|
}
|
|
}
|
|
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
XFREE(domainName, crl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
|
#endif
|
|
|
|
return ret;
|
|
}
|
|
#endif /* HAVE_CRL && HAVE_CRL_IO */
|
|
|
|
#endif /* HAVE_HTTP_CLIENT */
|
|
|
|
|
|
|
|
WOLFSSL_API void wolfSSL_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv)
|
|
{
|
|
ctx->CBIORecv = CBIORecv;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void wolfSSL_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend)
|
|
{
|
|
ctx->CBIOSend = CBIOSend;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void wolfSSL_SetIOReadCtx(WOLFSSL* ssl, void *rctx)
|
|
{
|
|
ssl->IOCB_ReadCtx = rctx;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *wctx)
|
|
{
|
|
ssl->IOCB_WriteCtx = wctx;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void* wolfSSL_GetIOReadCtx(WOLFSSL* ssl)
|
|
{
|
|
if (ssl)
|
|
return ssl->IOCB_ReadCtx;
|
|
|
|
return NULL;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl)
|
|
{
|
|
if (ssl)
|
|
return ssl->IOCB_WriteCtx;
|
|
|
|
return NULL;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void wolfSSL_SetIOReadFlags(WOLFSSL* ssl, int flags)
|
|
{
|
|
ssl->rflags = flags;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags)
|
|
{
|
|
ssl->wflags = flags;
|
|
}
|
|
|
|
|
|
#ifdef WOLFSSL_DTLS
|
|
|
|
WOLFSSL_API void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx, CallbackGenCookie cb)
|
|
{
|
|
ctx->CBIOCookie = cb;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
ssl->IOCB_CookieCtx = ctx;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl)
|
|
{
|
|
if (ssl)
|
|
return ssl->IOCB_CookieCtx;
|
|
|
|
return NULL;
|
|
}
|
|
|
|
#ifdef WOLFSSL_SESSION_EXPORT
|
|
|
|
WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX* ctx, CallbackGetPeer cb)
|
|
{
|
|
ctx->CBGetPeer = cb;
|
|
}
|
|
|
|
|
|
WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX* ctx, CallbackSetPeer cb)
|
|
{
|
|
ctx->CBSetPeer = cb;
|
|
}
|
|
|
|
#endif /* WOLFSSL_SESSION_EXPORT */
|
|
#endif /* WOLFSSL_DTLS */
|
|
|
|
|
|
#ifdef HAVE_NETX
|
|
|
|
/* The NetX receive callback
|
|
* return : bytes read, or error
|
|
*/
|
|
int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
NetX_Ctx* nxCtx = (NetX_Ctx*)ctx;
|
|
ULONG left;
|
|
ULONG total;
|
|
ULONG copied = 0;
|
|
UINT status;
|
|
|
|
(void)ssl;
|
|
|
|
if (nxCtx == NULL || nxCtx->nxSocket == NULL) {
|
|
WOLFSSL_MSG("NetX Recv NULL parameters");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
|
|
if (nxCtx->nxPacket == NULL) {
|
|
status = nx_tcp_socket_receive(nxCtx->nxSocket, &nxCtx->nxPacket,
|
|
nxCtx->nxWait);
|
|
if (status != NX_SUCCESS) {
|
|
WOLFSSL_MSG("NetX Recv receive error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
|
|
if (nxCtx->nxPacket) {
|
|
status = nx_packet_length_get(nxCtx->nxPacket, &total);
|
|
if (status != NX_SUCCESS) {
|
|
WOLFSSL_MSG("NetX Recv length get error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
|
|
left = total - nxCtx->nxOffset;
|
|
status = nx_packet_data_extract_offset(nxCtx->nxPacket, nxCtx->nxOffset,
|
|
buf, sz, &copied);
|
|
if (status != NX_SUCCESS) {
|
|
WOLFSSL_MSG("NetX Recv data extract offset error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
|
|
nxCtx->nxOffset += copied;
|
|
|
|
if (copied == left) {
|
|
WOLFSSL_MSG("NetX Recv Drained packet");
|
|
nx_packet_release(nxCtx->nxPacket);
|
|
nxCtx->nxPacket = NULL;
|
|
nxCtx->nxOffset = 0;
|
|
}
|
|
}
|
|
|
|
return copied;
|
|
}
|
|
|
|
|
|
/* The NetX send callback
|
|
* return : bytes sent, or error
|
|
*/
|
|
int NetX_Send(WOLFSSL* ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
NetX_Ctx* nxCtx = (NetX_Ctx*)ctx;
|
|
NX_PACKET* packet;
|
|
NX_PACKET_POOL* pool; /* shorthand */
|
|
UINT status;
|
|
|
|
(void)ssl;
|
|
|
|
if (nxCtx == NULL || nxCtx->nxSocket == NULL) {
|
|
WOLFSSL_MSG("NetX Send NULL parameters");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
|
|
pool = nxCtx->nxSocket->nx_tcp_socket_ip_ptr->nx_ip_default_packet_pool;
|
|
status = nx_packet_allocate(pool, &packet, NX_TCP_PACKET,
|
|
nxCtx->nxWait);
|
|
if (status != NX_SUCCESS) {
|
|
WOLFSSL_MSG("NetX Send packet alloc error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
|
|
status = nx_packet_data_append(packet, buf, sz, pool, nxCtx->nxWait);
|
|
if (status != NX_SUCCESS) {
|
|
nx_packet_release(packet);
|
|
WOLFSSL_MSG("NetX Send data append error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
|
|
status = nx_tcp_socket_send(nxCtx->nxSocket, packet, nxCtx->nxWait);
|
|
if (status != NX_SUCCESS) {
|
|
nx_packet_release(packet);
|
|
WOLFSSL_MSG("NetX Send socket send error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
|
|
return sz;
|
|
}
|
|
|
|
|
|
/* like set_fd, but for default NetX context */
|
|
void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxSocket, ULONG waitOption)
|
|
{
|
|
if (ssl) {
|
|
ssl->nxCtx.nxSocket = nxSocket;
|
|
ssl->nxCtx.nxWait = waitOption;
|
|
}
|
|
}
|
|
|
|
#endif /* HAVE_NETX */
|
|
|
|
|
|
#ifdef MICRIUM
|
|
|
|
/* Micrium uTCP/IP port, using the NetSock API
|
|
* TCP and UDP are currently supported with the callbacks below.
|
|
*
|
|
* WOLFSSL_SESSION_EXPORT is not yet supported, would need EmbedGetPeer()
|
|
* and EmbedSetPeer() callbacks implemented.
|
|
*
|
|
* HAVE_CRL is not yet supported, would need an EmbedCrlLookup()
|
|
* callback implemented.
|
|
*
|
|
* HAVE_OCSP is not yet supported, would need an EmbedOCSPLookup()
|
|
* callback implemented.
|
|
*/
|
|
|
|
/* The Micrium uTCP/IP send callback
|
|
* return : bytes sent, or error
|
|
*/
|
|
int MicriumSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
|
|
{
|
|
NET_SOCK_ID sd = *(int*)ctx;
|
|
NET_SOCK_RTN_CODE ret;
|
|
NET_ERR err;
|
|
|
|
ret = NetSock_TxData(sd, buf, sz, ssl->wflags, &err);
|
|
if (ret < 0) {
|
|
WOLFSSL_MSG("Embed Send error");
|
|
|
|
if (err == NET_ERR_TX) {
|
|
WOLFSSL_MSG("\tWould block");
|
|
return WOLFSSL_CBIO_ERR_WANT_WRITE;
|
|
|
|
} else {
|
|
WOLFSSL_MSG("\tGeneral error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* The Micrium uTCP/IP receive callback
|
|
* return : nb bytes read, or error
|
|
*/
|
|
int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
NET_SOCK_ID sd = *(int*)ctx;
|
|
NET_SOCK_RTN_CODE ret;
|
|
NET_ERR err;
|
|
|
|
#ifdef WOLFSSL_DTLS
|
|
{
|
|
int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
|
|
if (wolfSSL_dtls(ssl)
|
|
&& !wolfSSL_get_using_nonblock(ssl)
|
|
&& dtls_timeout != 0) {
|
|
/* needs timeout in milliseconds */
|
|
NetSock_CfgTimeoutRxQ_Set(sd, dtls_timeout * 1000, &err);
|
|
if (err != NET_SOCK_ERR_NONE) {
|
|
WOLFSSL_MSG("NetSock_CfgTimeoutRxQ_Set failed");
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
|
|
ret = NetSock_RxData(sd, buf, sz, ssl->rflags, &err);
|
|
if (ret < 0) {
|
|
WOLFSSL_MSG("Embed Receive error");
|
|
|
|
if (err == NET_ERR_RX || err == NET_SOCK_ERR_RX_Q_EMPTY ||
|
|
err == NET_ERR_FAULT_LOCK_ACQUIRE) {
|
|
if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
|
|
WOLFSSL_MSG("\tWould block");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tSocket timeout");
|
|
return WOLFSSL_CBIO_ERR_TIMEOUT;
|
|
}
|
|
|
|
} else if (err == NET_SOCK_ERR_CLOSED) {
|
|
WOLFSSL_MSG("Embed receive connection closed");
|
|
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
|
|
|
|
} else {
|
|
WOLFSSL_MSG("\tGeneral error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* The Micrium uTCP/IP receivefrom callback
|
|
* return : nb bytes read, or error
|
|
*/
|
|
int MicriumReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
|
|
NET_SOCK_ID sd = dtlsCtx->rfd;
|
|
NET_SOCK_ADDR peer;
|
|
NET_SOCK_ADDR_LEN peerSz = sizeof(peer);
|
|
NET_SOCK_RTN_CODE ret;
|
|
NET_ERR err;
|
|
int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
|
|
|
|
WOLFSSL_ENTER("MicriumReceiveFrom()");
|
|
|
|
if (ssl->options.handShakeDone)
|
|
dtls_timeout = 0;
|
|
|
|
if (!wolfSSL_get_using_nonblock(ssl)) {
|
|
/* needs timeout in milliseconds */
|
|
NetSock_CfgTimeoutRxQ_Set(sd, dtls_timeout * 1000, &err);
|
|
if (err != NET_SOCK_ERR_NONE) {
|
|
WOLFSSL_MSG("NetSock_CfgTimeoutRxQ_Set failed");
|
|
}
|
|
}
|
|
|
|
ret = NetSock_RxDataFrom(sd, buf, sz, ssl->rflags, &peer, &peerSz,
|
|
0, 0, 0, &err);
|
|
if (ret < 0) {
|
|
WOLFSSL_MSG("Embed Receive From error");
|
|
|
|
if (err == NET_ERR_RX || err == NET_SOCK_ERR_RX_Q_EMPTY ||
|
|
err == NET_ERR_FAULT_LOCK_ACQUIRE) {
|
|
if (wolfSSL_get_using_nonblock(ssl)) {
|
|
WOLFSSL_MSG("\tWould block");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
else {
|
|
WOLFSSL_MSG("\tSocket timeout");
|
|
return WOLFSSL_CBIO_ERR_TIMEOUT;
|
|
}
|
|
} else {
|
|
WOLFSSL_MSG("\tGeneral error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
else {
|
|
if (dtlsCtx->peer.sz > 0
|
|
&& peerSz != (NET_SOCK_ADDR_LEN)dtlsCtx->peer.sz
|
|
&& XMEMCMP(&peer, dtlsCtx->peer.sa, peerSz) != 0) {
|
|
WOLFSSL_MSG("\tIgnored packet from invalid peer");
|
|
return WOLFSSL_CBIO_ERR_WANT_READ;
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* The Micrium uTCP/IP sendto callback
|
|
* return : nb bytes sent, or error
|
|
*/
|
|
int MicriumSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
|
|
{
|
|
WOLFSSL_DTLS_CTX* dtlsCtx = (WOLFSSL_DTLS_CTX*)ctx;
|
|
NET_SOCK_ID sd = dtlsCtx->wfd;
|
|
NET_SOCK_RTN_CODE ret;
|
|
int len = sz;
|
|
NET_ERR err;
|
|
|
|
WOLFSSL_ENTER("MicriumSendTo()");
|
|
|
|
ret = NetSock_TxDataTo(sd, &buf[sz - len], len, ssl->wflags,
|
|
(NET_SOCK_ADDR*)dtlsCtx->peer.sa,
|
|
(NET_SOCK_ADDR_LEN)dtlsCtx->peer.sz,
|
|
&err);
|
|
if (err < 0) {
|
|
WOLFSSL_MSG("Embed Send To error");
|
|
|
|
if (err == NET_ERR_TX) {
|
|
WOLFSSL_MSG("\tWould block");
|
|
return WOLFSSL_CBIO_ERR_WANT_WRITE;
|
|
|
|
} else {
|
|
WOLFSSL_MSG("\tGeneral error");
|
|
return WOLFSSL_CBIO_ERR_GENERAL;
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Micrium DTLS Generate Cookie callback
|
|
* return : number of bytes copied into buf, or error
|
|
*/
|
|
int MicriumGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
|
|
{
|
|
NET_SOCK_ADDR peer;
|
|
NET_SOCK_ADDR_LEN peerSz = sizeof(peer);
|
|
byte digest[WC_SHA_DIGEST_SIZE];
|
|
int ret = 0;
|
|
|
|
(void)ctx;
|
|
|
|
XMEMSET(&peer, 0, sizeof(peer));
|
|
if (wolfSSL_dtls_get_peer(ssl, (void*)&peer,
|
|
(unsigned int*)&peerSz) != WOLFSSL_SUCCESS) {
|
|
WOLFSSL_MSG("getpeername failed in MicriumGenerateCookie");
|
|
return GEN_COOKIE_E;
|
|
}
|
|
|
|
ret = wc_ShaHash((byte*)&peer, peerSz, digest);
|
|
if (ret != 0)
|
|
return ret;
|
|
|
|
if (sz > WC_SHA_DIGEST_SIZE)
|
|
sz = WC_SHA_DIGEST_SIZE;
|
|
XMEMCPY(buf, digest, sz);
|
|
|
|
return sz;
|
|
}
|
|
|
|
#endif /* MICRIUM */
|
|
|
|
#endif /* WOLFCRYPT_ONLY */
|