test.h
1 /* test.h */
2 
3 #ifndef wolfSSL_TEST_H
4 #define wolfSSL_TEST_H
5 
6 #include <stdio.h>
7 #include <stdlib.h>
8 #include <assert.h>
9 #include <ctype.h>
13 #include <wolfssl/wolfcrypt/mem_track.h>
14 #if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
15  #include <wolfssl/wolfcrypt/asn.h> /* for domain component NID value */
16 #endif
17 
18 #ifdef ATOMIC_USER
19  #include <wolfssl/wolfcrypt/aes.h>
20  #include <wolfssl/wolfcrypt/arc4.h>
21  #include <wolfssl/wolfcrypt/hmac.h>
22 #endif
23 #ifdef HAVE_PK_CALLBACKS
24  #include <wolfssl/wolfcrypt/asn.h>
25  #ifndef NO_RSA
26  #include <wolfssl/wolfcrypt/rsa.h>
27  #endif
28  #ifdef HAVE_ECC
29  #include <wolfssl/wolfcrypt/ecc.h>
30  #endif /* HAVE_ECC */
31  #ifndef NO_DH
32  #include <wolfssl/wolfcrypt/dh.h>
33  #endif /* !NO_DH */
34  #ifdef HAVE_ED25519
36  #endif /* HAVE_ED25519 */
37  #ifdef HAVE_CURVE25519
39  #endif /* HAVE_ECC */
40 #endif /*HAVE_PK_CALLBACKS */
41 
42 #ifdef USE_WINDOWS_API
43  #include <winsock2.h>
44  #include <process.h>
45  #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */
46  #include <ws2tcpip.h>
47  #include <wspiapi.h>
48  #endif
49  #define SOCKET_T SOCKET
50  #define SNPRINTF _snprintf
51 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
52  #include <string.h>
53  #include "rl_net.h"
54  #define SOCKET_T int
55  typedef int socklen_t ;
56  #define inet_addr wolfSSL_inet_addr
57  static unsigned long wolfSSL_inet_addr(const char *cp)
58  {
59  unsigned int a[4] ; unsigned long ret ;
60  sscanf(cp, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]) ;
61  ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
62  return(ret) ;
63  }
64  #if defined(HAVE_KEIL_RTX)
65  #define sleep(t) os_dly_wait(t/1000+1);
66  #elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2)
67  #define sleep(t) osDelay(t/1000+1);
68  #endif
69 #elif defined(WOLFSSL_TIRTOS)
70  #include <string.h>
71  #include <netdb.h>
72  #include <sys/types.h>
73  #include <arpa/inet.h>
74  #include <sys/socket.h>
75  #include <ti/sysbios/knl/Task.h>
76  struct hostent {
77  char *h_name; /* official name of host */
78  char **h_aliases; /* alias list */
79  int h_addrtype; /* host address type */
80  int h_length; /* length of address */
81  char **h_addr_list; /* list of addresses from name server */
82  };
83  #define SOCKET_T int
84 #elif defined(WOLFSSL_VXWORKS)
85  #include <hostLib.h>
86  #include <sockLib.h>
87  #include <arpa/inet.h>
88  #include <string.h>
89  #include <selectLib.h>
90  #include <sys/types.h>
91  #include <netinet/in.h>
92  #include <fcntl.h>
93  #include <sys/time.h>
94  #include <netdb.h>
95  #include <pthread.h>
96  #define SOCKET_T int
97 #elif defined(WOLFSSL_ZEPHYR)
98  #include <string.h>
99  #include <sys/types.h>
100  #include <net/socket.h>
101  #define SOCKET_T int
102  #define SOL_SOCKET 1
103  #define SO_REUSEADDR 201
104  #define WOLFSSL_USE_GETADDRINFO
105 
106  static unsigned long inet_addr(const char *cp)
107  {
108  unsigned int a[4]; unsigned long ret;
109  int i, j;
110  for (i=0, j=0; i<4; i++) {
111  a[i] = 0;
112  while (cp[j] != '.' && cp[j] != '\0') {
113  a[i] *= 10;
114  a[i] += cp[j] - '0';
115  j++;
116  }
117  }
118  ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
119  return(ret) ;
120  }
121 #else
122  #include <string.h>
123  #include <sys/types.h>
124 #ifndef WOLFSSL_LEANPSK
125  #include <unistd.h>
126  #include <netdb.h>
127  #include <netinet/in.h>
128  #include <netinet/tcp.h>
129  #include <arpa/inet.h>
130  #include <sys/ioctl.h>
131  #include <sys/time.h>
132  #include <sys/socket.h>
133  #include <pthread.h>
134  #include <fcntl.h>
135  #ifdef TEST_IPV6
136  #include <netdb.h>
137  #endif
138 #endif
139  #define SOCKET_T int
140  #ifndef SO_NOSIGPIPE
141  #include <signal.h> /* ignore SIGPIPE */
142  #endif
143  #define SNPRINTF snprintf
144 #endif /* USE_WINDOWS_API */
145 
146 #ifdef WOLFSSL_ASYNC_CRYPT
147  #include <wolfssl/wolfcrypt/async.h>
148 #endif
149 #ifdef HAVE_CAVIUM
150  #include <wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h>
151 #endif
152 #ifdef _MSC_VER
153  /* disable conversion warning */
154  /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
155  #pragma warning(disable:4244 4996)
156 #endif
157 
158 /* Buffer for benchmark tests */
159 #ifndef TEST_BUFFER_SIZE
160 #define TEST_BUFFER_SIZE 16384
161 #endif
162 
163 #ifndef WOLFSSL_HAVE_MIN
164  #define WOLFSSL_HAVE_MIN
165  static WC_INLINE word32 min(word32 a, word32 b)
166  {
167  return a > b ? b : a;
168  }
169 #endif /* WOLFSSL_HAVE_MIN */
170 
171 /* Socket Handling */
172 #ifndef WOLFSSL_SOCKET_INVALID
173 #ifdef USE_WINDOWS_API
174  #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)INVALID_SOCKET)
175 #elif defined(WOLFSSL_TIRTOS)
176  #define WOLFSSL_SOCKET_INVALID ((SOCKET_T)-1)
177 #else
178  #define WOLFSSL_SOCKET_INVALID (SOCKET_T)(0)
179 #endif
180 #endif /* WOLFSSL_SOCKET_INVALID */
181 
182 #ifndef WOLFSSL_SOCKET_IS_INVALID
183 #if defined(USE_WINDOWS_API) || defined(WOLFSSL_TIRTOS)
184  #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) == WOLFSSL_SOCKET_INVALID)
185 #else
186  #define WOLFSSL_SOCKET_IS_INVALID(s) ((SOCKET_T)(s) < WOLFSSL_SOCKET_INVALID)
187 #endif
188 #endif /* WOLFSSL_SOCKET_IS_INVALID */
189 
190 #if defined(__MACH__) || defined(USE_WINDOWS_API)
191  #ifndef _SOCKLEN_T
192  typedef int socklen_t;
193  #endif
194 #endif
195 
196 
197 /* HPUX doesn't use socklent_t for third parameter to accept, unless
198  _XOPEN_SOURCE_EXTENDED is defined */
199 #if !defined(__hpux__) && !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)\
200  && !defined(WOLFSSL_ROWLEY_ARM) && !defined(WOLFSSL_KEIL_TCP_NET)
201  typedef socklen_t* ACCEPT_THIRD_T;
202 #else
203  #if defined _XOPEN_SOURCE_EXTENDED
204  typedef socklen_t* ACCEPT_THIRD_T;
205  #else
206  typedef int* ACCEPT_THIRD_T;
207  #endif
208 #endif
209 
210 
211 
212 #ifdef SINGLE_THREADED
213  typedef unsigned int THREAD_RETURN;
214  typedef void* THREAD_TYPE;
215  #define WOLFSSL_THREAD
216 #else
217  #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
218  typedef void* THREAD_RETURN;
219  typedef pthread_t THREAD_TYPE;
220  #define WOLFSSL_THREAD
221  #define INFINITE -1
222  #define WAIT_OBJECT_0 0L
223  #elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET)
224  typedef unsigned int THREAD_RETURN;
225  typedef int THREAD_TYPE;
226  #define WOLFSSL_THREAD
227  #elif defined(WOLFSSL_TIRTOS)
228  typedef void THREAD_RETURN;
229  typedef Task_Handle THREAD_TYPE;
230  #define WOLFSSL_THREAD
231  #elif defined(WOLFSSL_ZEPHYR)
232  typedef void THREAD_RETURN;
233  typedef struct k_thread THREAD_TYPE;
234  #define WOLFSSL_THREAD
235  #else
236  typedef unsigned int THREAD_RETURN;
237  typedef intptr_t THREAD_TYPE;
238  #define WOLFSSL_THREAD __stdcall
239  #endif
240 #endif
241 
242 
243 #ifdef TEST_IPV6
244  typedef struct sockaddr_in6 SOCKADDR_IN_T;
245  #define AF_INET_V AF_INET6
246 #else
247  typedef struct sockaddr_in SOCKADDR_IN_T;
248  #define AF_INET_V AF_INET
249 #endif
250 
251 
252 #ifndef WOLFSSL_NO_TLS12
253 #define SERVER_DEFAULT_VERSION 3
254 #else
255 #define SERVER_DEFAULT_VERSION 4
256 #endif
257 #define SERVER_DTLS_DEFAULT_VERSION (-2)
258 #define SERVER_INVALID_VERSION (-99)
259 #define SERVER_DOWNGRADE_VERSION (-98)
260 #ifndef WOLFSSL_NO_TLS12
261 #define CLIENT_DEFAULT_VERSION 3
262 #else
263 #define CLIENT_DEFAULT_VERSION 4
264 #endif
265 #define CLIENT_DTLS_DEFAULT_VERSION (-2)
266 #define CLIENT_INVALID_VERSION (-99)
267 #define CLIENT_DOWNGRADE_VERSION (-98)
268 #define EITHER_DOWNGRADE_VERSION (-97)
269 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
270  #define DEFAULT_MIN_DHKEY_BITS 2048
271  #define DEFAULT_MAX_DHKEY_BITS 3072
272 #else
273  #define DEFAULT_MIN_DHKEY_BITS 1024
274  #define DEFAULT_MAX_DHKEY_BITS 2048
275 #endif
276 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
277  #define DEFAULT_MIN_RSAKEY_BITS 2048
278 #else
279  #define DEFAULT_MIN_RSAKEY_BITS 1024
280 #endif
281 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
282  #define DEFAULT_MIN_ECCKEY_BITS 256
283 #else
284  #define DEFAULT_MIN_ECCKEY_BITS 224
285 #endif
286 
287 /* all certs relative to wolfSSL home directory now */
288 #if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL)
289 #define caCertFile "certs/ca-cert.pem"
290 #define eccCertFile "certs/server-ecc.pem"
291 #define eccKeyFile "certs/ecc-key.pem"
292 #define eccRsaCertFile "certs/server-ecc-rsa.pem"
293 #define svrCertFile "certs/server-cert.pem"
294 #define svrKeyFile "certs/server-key.pem"
295 #define cliCertFile "certs/client-cert.pem"
296 #define cliCertDerFile "certs/client-cert.der"
297 #define cliKeyFile "certs/client-key.pem"
298 #define ntruCertFile "certs/ntru-cert.pem"
299 #define ntruKeyFile "certs/ntru-key.raw"
300 #define dhParamFile "certs/dh2048.pem"
301 #define cliEccKeyFile "certs/ecc-client-key.pem"
302 #define cliEccCertFile "certs/client-ecc-cert.pem"
303 #define caEccCertFile "certs/ca-ecc-cert.pem"
304 #define crlPemDir "certs/crl"
305 #define edCertFile "certs/ed25519/server-ed25519-cert.pem"
306 #define edKeyFile "certs/ed25519/server-ed25519-priv.pem"
307 #define cliEdCertFile "certs/ed25519/client-ed25519.pem"
308 #define cliEdKeyFile "certs/ed25519/client-ed25519-priv.pem"
309 #define caEdCertFile "certs/ed25519/ca-ed25519.pem"
310 #ifdef HAVE_WNR
311  /* Whitewood netRandom default config file */
312  #define wnrConfig "wnr-example.conf"
313 #endif
314 #else
315 #define caCertFile "./certs/ca-cert.pem"
316 #define eccCertFile "./certs/server-ecc.pem"
317 #define eccKeyFile "./certs/ecc-key.pem"
318 #define eccRsaCertFile "./certs/server-ecc-rsa.pem"
319 #define svrCertFile "./certs/server-cert.pem"
320 #define svrKeyFile "./certs/server-key.pem"
321 #define cliCertFile "./certs/client-cert.pem"
322 #define cliCertDerFile "./certs/client-cert.der"
323 #define cliKeyFile "./certs/client-key.pem"
324 #define ntruCertFile "./certs/ntru-cert.pem"
325 #define ntruKeyFile "./certs/ntru-key.raw"
326 #define dhParamFile "./certs/dh2048.pem"
327 #define cliEccKeyFile "./certs/ecc-client-key.pem"
328 #define cliEccCertFile "./certs/client-ecc-cert.pem"
329 #define caEccCertFile "./certs/ca-ecc-cert.pem"
330 #define crlPemDir "./certs/crl"
331 #define edCertFile "./certs/ed25519/server-ed25519-cert.pem"
332 #define edKeyFile "./certs/ed25519/server-ed25519-priv.pem"
333 #define cliEdCertFile "./certs/ed25519/client-ed25519.pem"
334 #define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem"
335 #define caEdCertFile "./certs/ed25519/ca-ed25519.pem"
336 #ifdef HAVE_WNR
337  /* Whitewood netRandom default config file */
338  #define wnrConfig "./wnr-example.conf"
339 #endif
340 #endif
341 
342 typedef struct tcp_ready {
343  word16 ready; /* predicate */
344  word16 port;
345  char* srfName; /* server ready file name */
346 #if defined(_POSIX_THREADS) && !defined(__MINGW32__)
347  pthread_mutex_t mutex;
348  pthread_cond_t cond;
349 #endif
350 } tcp_ready;
351 
352 
353 static WC_INLINE void InitTcpReady(tcp_ready* ready)
354 {
355  ready->ready = 0;
356  ready->port = 0;
357  ready->srfName = NULL;
358 #ifdef SINGLE_THREADED
359 #elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
360  pthread_mutex_init(&ready->mutex, 0);
361  pthread_cond_init(&ready->cond, 0);
362 #endif
363 }
364 
365 
366 static WC_INLINE void FreeTcpReady(tcp_ready* ready)
367 {
368 #ifdef SINGLE_THREADED
369  (void)ready;
370 #elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
371  pthread_mutex_destroy(&ready->mutex);
372  pthread_cond_destroy(&ready->cond);
373 #else
374  (void)ready;
375 #endif
376 }
377 
378 typedef WOLFSSL_METHOD* (*method_provider)(void);
379 typedef void (*ctx_callback)(WOLFSSL_CTX* ctx);
380 typedef void (*ssl_callback)(WOLFSSL* ssl);
381 
382 typedef struct callback_functions {
383  method_provider method;
384  ctx_callback ctx_ready;
385  ssl_callback ssl_ready;
386  ssl_callback on_result;
387  WOLFSSL_CTX* ctx;
389 
390 typedef struct func_args {
391  int argc;
392  char** argv;
393  int return_code;
394  tcp_ready* signal;
395  callback_functions *callbacks;
396 } func_args;
397 
398 
399 
400 
401 void wait_tcp_ready(func_args*);
402 
403 #ifdef WOLFSSL_ZEPHYR
404 typedef void THREAD_FUNC(void*, void*, void*);
405 #else
406 typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
407 #endif
408 
409 void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
410 void join_thread(THREAD_TYPE);
411 
412 /* wolfSSL */
413 #ifndef TEST_IPV6
414  static const char* const wolfSSLIP = "127.0.0.1";
415 #else
416  static const char* const wolfSSLIP = "::1";
417 #endif
418 static const word16 wolfSSLPort = 11111;
419 
420 
421 
422 #ifndef MY_EX_USAGE
423 #define MY_EX_USAGE 2
424 #endif
425 
426 #ifndef EXIT_FAILURE
427 #define EXIT_FAILURE 1
428 #endif
429 
430 #if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR)
431  #ifndef EXIT_SUCCESS
432  #define EXIT_SUCCESS 0
433  #endif
434  #define XEXIT(rc) return rc
435  #define XEXIT_T(rc) return (THREAD_RETURN)rc
436 #else
437  #define XEXIT(rc) exit((int)(rc))
438  #define XEXIT_T(rc) exit((int)(rc))
439 #endif
440 
441 
442 static WC_INLINE
443 #if defined(WOLFSSL_FORCE_MALLOC_FAIL_TEST) || defined(WOLFSSL_ZEPHYR)
444 THREAD_RETURN
445 #else
446 WC_NORETURN void
447 #endif
448 err_sys(const char* msg)
449 {
450  printf("wolfSSL error: %s\n", msg);
451 
452 #if !defined(__GNUC__)
453  /* scan-build (which pretends to be gnuc) can get confused and think the
454  * msg pointer can be null even when hardcoded and then it won't exit,
455  * making null pointer checks above the err_sys() call useless.
456  * We could just always exit() but some compilers will complain about no
457  * possible return, with gcc we know the attribute to handle that with
458  * WC_NORETURN. */
459  if (msg)
460 #endif
461  {
462  XEXIT_T(EXIT_FAILURE);
463  }
464 }
465 
466 
467 extern int myoptind;
468 extern char* myoptarg;
469 
470 static WC_INLINE int mygetopt(int argc, char** argv, const char* optstring)
471 {
472  static char* next = NULL;
473 
474  char c;
475  char* cp;
476 
477  if (myoptind == 0)
478  next = NULL; /* we're starting new/over */
479 
480  if (next == NULL || *next == '\0') {
481  if (myoptind == 0)
482  myoptind++;
483 
484  if (myoptind >= argc || argv[myoptind][0] != '-' ||
485  argv[myoptind][1] == '\0') {
486  myoptarg = NULL;
487  if (myoptind < argc)
488  myoptarg = argv[myoptind];
489 
490  return -1;
491  }
492 
493  if (strcmp(argv[myoptind], "--") == 0) {
494  myoptind++;
495  myoptarg = NULL;
496 
497  if (myoptind < argc)
498  myoptarg = argv[myoptind];
499 
500  return -1;
501  }
502 
503  next = argv[myoptind];
504  next++; /* skip - */
505  myoptind++;
506  }
507 
508  c = *next++;
509  /* The C++ strchr can return a different value */
510  cp = (char*)strchr(optstring, c);
511 
512  if (cp == NULL || c == ':')
513  return '?';
514 
515  cp++;
516 
517  if (*cp == ':') {
518  if (*next != '\0') {
519  myoptarg = next;
520  next = NULL;
521  }
522  else if (myoptind < argc) {
523  myoptarg = argv[myoptind];
524  myoptind++;
525  }
526  else
527  return '?';
528  }
529 
530  return c;
531 }
532 
533 
534 #ifdef WOLFSSL_ENCRYPTED_KEYS
535 
536 static WC_INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
537 {
538  (void)rw;
539  (void)userdata;
540  if (userdata != NULL) {
541  strncpy(passwd, (char*)userdata, sz);
542  return (int)XSTRLEN((char*)userdata);
543  }
544  else {
545  strncpy(passwd, "yassl123", sz);
546  return 8;
547  }
548 }
549 
550 #endif
551 
552 static const char* client_showpeer_msg[][8] = {
553  /* English */
554  {
555  "SSL version is",
556  "SSL cipher suite is",
557  "SSL curve name is",
558  "SSL DH size is",
559  "SSL reused session",
560  "Alternate cert chain used",
561  "peer's cert info:",
562  NULL
563  },
564 #ifndef NO_MULTIBYTE_PRINT
565  /* Japanese */
566  {
567  "SSL バージョンは",
568  "SSL 暗号スイートは",
569  "SSL 曲線名は",
570  "SSL DH サイズは",
571  "SSL 再利用セッション",
572  "代替証明チェーンを使用",
573  "相手方証明書情報",
574  NULL
575  },
576 #endif
577 };
578 
579 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
580 static const char* client_showx509_msg[][5] = {
581  /* English */
582  {
583  "issuer",
584  "subject",
585  "altname",
586  "serial number",
587  NULL
588  },
589 #ifndef NO_MULTIBYTE_PRINT
590  /* Japanese */
591  {
592  "発行者",
593  "サブジェクト",
594  "代替名",
595  "シリアル番号",
596  NULL
597  },
598 #endif
599 };
600 
601 /* lng_index is to specify the language for displaying message. */
602 /* 0:English, 1:Japanese */
603 static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr,
604  int lng_index)
605 {
606  char* altName;
607  char* issuer;
608  char* subject;
609  byte serial[32];
610  int ret;
611  int sz = sizeof(serial);
612  const char** words = client_showx509_msg[lng_index];
613 
614  if (x509 == NULL) {
615  printf("%s No Cert\n", hdr);
616  return;
617  }
618 
619  issuer = wolfSSL_X509_NAME_oneline(
620  wolfSSL_X509_get_issuer_name(x509), 0, 0);
621  subject = wolfSSL_X509_NAME_oneline(
622  wolfSSL_X509_get_subject_name(x509), 0, 0);
623 
624  printf("%s\n %s : %s\n %s: %s\n", hdr, words[0], issuer, words[1], subject);
625 
626  while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
627  printf(" %s = %s\n", words[2], altName);
628 
629  ret = wolfSSL_X509_get_serial_number(x509, serial, &sz);
630  if (ret == WOLFSSL_SUCCESS) {
631  int i;
632  int strLen;
633  char serialMsg[80];
634 
635  /* testsuite has multiple threads writing to stdout, get output
636  message ready to write once */
637  strLen = sprintf(serialMsg, " %s", words[3]);
638  for (i = 0; i < sz; i++)
639  sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]);
640  printf("%s\n", serialMsg);
641  }
642 
643  XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
644  XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
645 
646 #if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS)
647  {
648  WOLFSSL_BIO* bio;
649  char buf[256]; /* should be size of ASN_NAME_MAX */
650  int textSz;
651 
652 
653  /* print out domain component if certificate has it */
655  wolfSSL_X509_get_subject_name(x509), NID_domainComponent,
656  buf, sizeof(buf));
657  if (textSz > 0) {
658  printf("Domain Component = %s\n", buf);
659  }
660 
661  bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
662  if (bio != NULL) {
663  wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
664  wolfSSL_X509_print(bio, x509);
665  wolfSSL_BIO_free(bio);
666  }
667  }
668 #endif
669 }
670 /* original ShowX509 to maintain compatibility */
671 static WC_INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
672 {
673  ShowX509Ex(x509, hdr, 0);
674 }
675 
676 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
677 
678 #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
679 static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count,
680  const char* hdr)
681 {
682  int i;
683  int length;
684  unsigned char buffer[3072];
685  WOLFSSL_X509* chainX509;
686 
687  for (i = 0; i < count; i++) {
688  wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
689  buffer[length] = 0;
690  printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer);
691 
692  chainX509 = wolfSSL_get_chain_X509(chain, i);
693  if (chainX509)
694  ShowX509(chainX509, hdr);
695  else
696  printf("get_chain_X509 failed\n");
697  wolfSSL_FreeX509(chainX509);
698  }
699 }
700 #endif
701 
702 /* lng_index is to specify the language for displaying message. */
703 /* 0:English, 1:Japanese */
704 static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index)
705 {
706  WOLFSSL_CIPHER* cipher;
707  const char** words = client_showpeer_msg[lng_index];
708 
709 #if defined(HAVE_ECC) || !defined(NO_DH)
710  const char *name;
711 #endif
712 #ifndef NO_DH
713  int bits;
714 #endif
715 #ifdef KEEP_PEER_CERT
717  if (peer)
718  ShowX509Ex(peer, words[6], lng_index);
719  else
720  printf("peer has no cert!\n");
721  wolfSSL_FreeX509(peer);
722 #endif
723 #if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
724  ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
725  printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl));
726 #endif /* SHOW_CERTS */
727  printf("%s %s\n", words[0], wolfSSL_get_version(ssl));
728 
729  cipher = wolfSSL_get_current_cipher(ssl);
730 #ifdef HAVE_QSH
731  printf("%s %s%s\n", words[1], (wolfSSL_isQSH(ssl))? "QSH:": "",
732  wolfSSL_CIPHER_get_name(cipher));
733 #else
734  printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher));
735 #endif
736 #if defined(HAVE_ECC) || !defined(NO_DH)
737  if ((name = wolfSSL_get_curve_name(ssl)) != NULL)
738  printf("%s %s\n", words[2], name);
739 #endif
740 #ifndef NO_DH
741  else if ((bits = wolfSSL_GetDhKey_Sz(ssl)) > 0)
742  printf("%s %d bits\n", words[3], bits);
743 #endif
744  if (wolfSSL_session_reused(ssl))
745  printf("%s\n", words[4]);
746 #ifdef WOLFSSL_ALT_CERT_CHAINS
747  if (wolfSSL_is_peer_alt_cert_chain(ssl))
748  printf("%s\n", words[5]);
749 #endif
750 
751 #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
752  {
753  WOLFSSL_X509_CHAIN* chain;
754 
755  chain = wolfSSL_get_peer_chain(ssl);
756  ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "session cert");
757 
758  #ifdef WOLFSSL_ALT_CERT_CHAINS
759  if (wolfSSL_is_peer_alt_cert_chain(ssl)) {
760  chain = wolfSSL_get_peer_alt_chain(ssl);
761  ShowX509Chain(chain, wolfSSL_get_chain_count(chain), "alt cert");
762  }
763  #endif
764  }
765 #endif /* SESSION_CERTS && SHOW_CERTS */
766  (void)ssl;
767 }
768 /* original showPeer to maintain compatibility */
769 static WC_INLINE void showPeer(WOLFSSL* ssl)
770 {
771  showPeerEx(ssl, 0);
772 }
773 
774 static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
775  word16 port, int udp, int sctp)
776 {
777  int useLookup = 0;
778  (void)useLookup;
779  (void)udp;
780  (void)sctp;
781 
782  if (addr == NULL)
783  err_sys("invalid argument to build_addr, addr is NULL");
784 
785  XMEMSET(addr, 0, sizeof(SOCKADDR_IN_T));
786 
787 #ifndef TEST_IPV6
788  /* peer could be in human readable form */
789  if ( ((size_t)peer != INADDR_ANY) && isalpha((int)peer[0])) {
790  #ifndef WOLFSSL_USE_GETADDRINFO
791  #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
792  int err;
793  struct hostent* entry = gethostbyname(peer, &err);
794  #elif defined(WOLFSSL_TIRTOS)
795  struct hostent* entry = DNSGetHostByName(peer);
796  #elif defined(WOLFSSL_VXWORKS)
797  struct hostent* entry = (struct hostent*)hostGetByName((char*)peer);
798  #else
799  struct hostent* entry = gethostbyname(peer);
800  #endif
801 
802  if (entry) {
803  XMEMCPY(&addr->sin_addr.s_addr, entry->h_addr_list[0],
804  entry->h_length);
805  useLookup = 1;
806  }
807  #else
808  struct zsock_addrinfo hints, *addrInfo;
809  char portStr[6];
810  XSNPRINTF(portStr, sizeof(portStr), "%d", port);
811  memset(&hints, 0, sizeof(hints));
812  hints.ai_family = AF_UNSPEC;
813  hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
814  hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
815  if (getaddrinfo((char*)peer, portStr, &hints, &addrInfo) == 0) {
816  XMEMCPY(addr, addrInfo->ai_addr, sizeof(*addr));
817  useLookup = 1;
818  }
819  #endif
820  else
821  err_sys("no entry for host");
822  }
823 #endif
824 
825 
826 #ifndef TEST_IPV6
827  #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
828  addr->sin_family = PF_INET;
829  #else
830  addr->sin_family = AF_INET_V;
831  #endif
832  addr->sin_port = XHTONS(port);
833  if ((size_t)peer == INADDR_ANY)
834  addr->sin_addr.s_addr = INADDR_ANY;
835  else {
836  if (!useLookup)
837  addr->sin_addr.s_addr = inet_addr(peer);
838  }
839 #else
840  addr->sin6_family = AF_INET_V;
841  addr->sin6_port = XHTONS(port);
842  if ((size_t)peer == INADDR_ANY) {
843  addr->sin6_addr = in6addr_any;
844  }
845  else {
846  #if defined(HAVE_GETADDRINFO) || defined(WOLF_C99)
847  struct addrinfo hints;
848  struct addrinfo* answer = NULL;
849  int ret;
850  char strPort[80];
851 
852  XMEMSET(&hints, 0, sizeof(hints));
853 
854  hints.ai_family = AF_INET_V;
855  if (udp) {
856  hints.ai_socktype = SOCK_DGRAM;
857  hints.ai_protocol = IPPROTO_UDP;
858  }
859  #ifdef WOLFSSL_SCTP
860  else if (sctp) {
861  hints.ai_socktype = SOCK_STREAM;
862  hints.ai_protocol = IPPROTO_SCTP;
863  }
864  #endif
865  else {
866  hints.ai_socktype = SOCK_STREAM;
867  hints.ai_protocol = IPPROTO_TCP;
868  }
869 
870  SNPRINTF(strPort, sizeof(strPort), "%d", port);
871  strPort[79] = '\0';
872 
873  ret = getaddrinfo(peer, strPort, &hints, &answer);
874  if (ret < 0 || answer == NULL)
875  err_sys("getaddrinfo failed");
876 
877  XMEMCPY(addr, answer->ai_addr, answer->ai_addrlen);
878  freeaddrinfo(answer);
879  #else
880  printf("no ipv6 getaddrinfo, loopback only tests/examples\n");
881  addr->sin6_addr = in6addr_loopback;
882  #endif
883  }
884 #endif
885 }
886 
887 
888 static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
889 {
890  (void)sctp;
891 
892  if (udp)
893  *sockfd = socket(AF_INET_V, SOCK_DGRAM, IPPROTO_UDP);
894 #ifdef WOLFSSL_SCTP
895  else if (sctp)
896  *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_SCTP);
897 #endif
898  else
899  *sockfd = socket(AF_INET_V, SOCK_STREAM, IPPROTO_TCP);
900 
901  if(WOLFSSL_SOCKET_IS_INVALID(*sockfd)) {
902  err_sys("socket failed\n");
903  }
904 
905 #ifndef USE_WINDOWS_API
906 #ifdef SO_NOSIGPIPE
907  {
908  int on = 1;
909  socklen_t len = sizeof(on);
910  int res = setsockopt(*sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, len);
911  if (res < 0)
912  err_sys("setsockopt SO_NOSIGPIPE failed\n");
913  }
914 #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\
915  defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR)
916  /* nothing to define */
917 #else /* no S_NOSIGPIPE */
918  signal(SIGPIPE, SIG_IGN);
919 #endif /* S_NOSIGPIPE */
920 
921 #if defined(TCP_NODELAY)
922  if (!udp && !sctp)
923  {
924  int on = 1;
925  socklen_t len = sizeof(on);
926  int res = setsockopt(*sockfd, IPPROTO_TCP, TCP_NODELAY, &on, len);
927  if (res < 0)
928  err_sys("setsockopt TCP_NODELAY failed\n");
929  }
930 #endif
931 #endif /* USE_WINDOWS_API */
932 }
933 
934 static WC_INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
935  int udp, int sctp, WOLFSSL* ssl)
936 {
937  SOCKADDR_IN_T addr;
938  build_addr(&addr, ip, port, udp, sctp);
939  if (udp) {
940  wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
941  }
942  tcp_socket(sockfd, udp, sctp);
943 
944  if (!udp) {
945  if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
946  err_sys("tcp connect failed");
947  }
948 }
949 
950 
951 static WC_INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
952 {
953  if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
954  err_sys("tcp connect failed");
955 }
956 
957 
958 enum {
959  TEST_SELECT_FAIL,
960  TEST_TIMEOUT,
961  TEST_RECV_READY,
962  TEST_SEND_READY,
963  TEST_ERROR_READY
964 };
965 
966 
967 #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && \
968  !defined(WOLFSSL_TIRTOS)
969 static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx)
970 {
971  fd_set fds, errfds;
972  fd_set* recvfds = NULL;
973  fd_set* sendfds = NULL;
974  SOCKET_T nfds = socketfd + 1;
975 #if !defined(__INTEGRITY)
976  struct timeval timeout = {(to_sec > 0) ? to_sec : 0, 0};
977 #else
978  struct timeval timeout;
979 #endif
980  int result;
981 
982  FD_ZERO(&fds);
983  FD_SET(socketfd, &fds);
984  FD_ZERO(&errfds);
985  FD_SET(socketfd, &errfds);
986 
987  if (rx)
988  recvfds = &fds;
989  else
990  sendfds = &fds;
991 
992 #if defined(__INTEGRITY)
993  timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0;
994 #endif
995  result = select(nfds, recvfds, sendfds, &errfds, &timeout);
996 
997  if (result == 0)
998  return TEST_TIMEOUT;
999  else if (result > 0) {
1000  if (FD_ISSET(socketfd, &fds)) {
1001  if (rx)
1002  return TEST_RECV_READY;
1003  else
1004  return TEST_SEND_READY;
1005  }
1006  else if(FD_ISSET(socketfd, &errfds))
1007  return TEST_ERROR_READY;
1008  }
1009 
1010  return TEST_SELECT_FAIL;
1011 }
1012 
1013 static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
1014 {
1015  return tcp_select_ex(socketfd, to_sec, 1);
1016 }
1017 
1018 static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec)
1019 {
1020  return tcp_select_ex(socketfd, to_sec, 0);
1021 }
1022 
1023 #elif defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_KEIL_TCP_NET)
1024 static WC_INLINE int tcp_select(SOCKET_T socketfd, int to_sec)
1025 {
1026  return TEST_RECV_READY;
1027 }
1028 static WC_INLINE int tcp_select_tx(SOCKET_T socketfd, int to_sec)
1029 {
1030  return TEST_SEND_READY;
1031 }
1032 #endif /* !WOLFSSL_MDK_ARM */
1033 
1034 
1035 static WC_INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
1036  int udp, int sctp)
1037 {
1038  SOCKADDR_IN_T addr;
1039 
1040  /* don't use INADDR_ANY by default, firewall may block, make user switch
1041  on */
1042  build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), *port, udp, sctp);
1043  tcp_socket(sockfd, udp, sctp);
1044 
1045 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\
1046  && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR)
1047  {
1048  int res, on = 1;
1049  socklen_t len = sizeof(on);
1050  res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
1051  if (res < 0)
1052  err_sys("setsockopt SO_REUSEADDR failed\n");
1053  }
1054 #endif
1055 
1056  if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
1057  err_sys("tcp bind failed");
1058  if (!udp) {
1059  #ifdef WOLFSSL_KEIL_TCP_NET
1060  #define SOCK_LISTEN_MAX_QUEUE 1
1061  #else
1062  #define SOCK_LISTEN_MAX_QUEUE 5
1063  #endif
1064  if (listen(*sockfd, SOCK_LISTEN_MAX_QUEUE) != 0)
1065  err_sys("tcp listen failed");
1066  }
1067  #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) \
1068  && !defined(WOLFSSL_ZEPHYR)
1069  if (*port == 0) {
1070  socklen_t len = sizeof(addr);
1071  if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
1072  #ifndef TEST_IPV6
1073  *port = XNTOHS(addr.sin_port);
1074  #else
1075  *port = XNTOHS(addr.sin6_port);
1076  #endif
1077  }
1078  }
1079  #endif
1080 }
1081 
1082 
1083 #if 0
1084 static WC_INLINE int udp_read_connect(SOCKET_T sockfd)
1085 {
1086  SOCKADDR_IN_T cliaddr;
1087  byte b[1500];
1088  int n;
1089  socklen_t len = sizeof(cliaddr);
1090 
1091  n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
1092  (struct sockaddr*)&cliaddr, &len);
1093  if (n > 0) {
1094  if (connect(sockfd, (const struct sockaddr*)&cliaddr,
1095  sizeof(cliaddr)) != 0)
1096  err_sys("udp connect failed");
1097  }
1098  else
1099  err_sys("recvfrom failed");
1100 
1101  return sockfd;
1102 }
1103 #endif
1104 
1105 static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
1106  int useAnyAddr, word16 port, func_args* args)
1107 {
1108  SOCKADDR_IN_T addr;
1109 
1110  (void)args;
1111  build_addr(&addr, (useAnyAddr ? INADDR_ANY : wolfSSLIP), port, 1, 0);
1112  tcp_socket(sockfd, 1, 0);
1113 
1114 
1115 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM) \
1116  && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_ZEPHYR)
1117  {
1118  int res, on = 1;
1119  socklen_t len = sizeof(on);
1120  res = setsockopt(*sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
1121  if (res < 0)
1122  err_sys("setsockopt SO_REUSEADDR failed\n");
1123  }
1124 #endif
1125 
1126  if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
1127  err_sys("tcp bind failed");
1128 
1129  #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
1130  if (port == 0) {
1131  socklen_t len = sizeof(addr);
1132  if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
1133  #ifndef TEST_IPV6
1134  port = XNTOHS(addr.sin_port);
1135  #else
1136  port = XNTOHS(addr.sin6_port);
1137  #endif
1138  }
1139  }
1140  #endif
1141 
1142 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
1143  /* signal ready to accept data */
1144  {
1145  tcp_ready* ready = args->signal;
1146  pthread_mutex_lock(&ready->mutex);
1147  ready->ready = 1;
1148  ready->port = port;
1149  pthread_cond_signal(&ready->cond);
1150  pthread_mutex_unlock(&ready->mutex);
1151  }
1152 #elif defined (WOLFSSL_TIRTOS)
1153  /* Need mutex? */
1154  tcp_ready* ready = args->signal;
1155  ready->ready = 1;
1156  ready->port = port;
1157 #endif
1158 
1159  *clientfd = *sockfd;
1160 }
1161 
1162 static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
1163  func_args* args, word16 port, int useAnyAddr,
1164  int udp, int sctp, int ready_file, int do_listen)
1165 {
1166  SOCKADDR_IN_T client;
1167  socklen_t client_len = sizeof(client);
1168  tcp_ready* ready = NULL;
1169 
1170  (void) ready; /* Account for case when "ready" is not used */
1171 
1172  if (udp) {
1173  udp_accept(sockfd, clientfd, useAnyAddr, port, args);
1174  return;
1175  }
1176 
1177  if(do_listen) {
1178  tcp_listen(sockfd, &port, useAnyAddr, udp, sctp);
1179 
1180  #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) && !defined(__MINGW32__)
1181  /* signal ready to tcp_accept */
1182  if (args)
1183  ready = args->signal;
1184  if (ready) {
1185  pthread_mutex_lock(&ready->mutex);
1186  ready->ready = 1;
1187  ready->port = port;
1188  pthread_cond_signal(&ready->cond);
1189  pthread_mutex_unlock(&ready->mutex);
1190  }
1191  #elif defined (WOLFSSL_TIRTOS)
1192  /* Need mutex? */
1193  if (args)
1194  ready = args->signal;
1195  if (ready) {
1196  ready->ready = 1;
1197  ready->port = port;
1198  }
1199  #endif
1200 
1201  if (ready_file) {
1202  #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
1203  XFILE srf = NULL;
1204  if (args)
1205  ready = args->signal;
1206 
1207  if (ready) {
1208  srf = fopen(ready->srfName, "w");
1209 
1210  if (srf) {
1211  /* let's write port sever is listening on to ready file
1212  external monitor can then do ephemeral ports by passing
1213  -p 0 to server on supported platforms with -R ready_file
1214  client can then wait for existence of ready_file and see
1215  which port the server is listening on. */
1216  fprintf(srf, "%d\n", (int)port);
1217  fclose(srf);
1218  }
1219  }
1220  #endif
1221  }
1222  }
1223 
1224  *clientfd = accept(*sockfd, (struct sockaddr*)&client,
1225  (ACCEPT_THIRD_T)&client_len);
1226  if(WOLFSSL_SOCKET_IS_INVALID(*clientfd)) {
1227  err_sys("tcp accept failed");
1228  }
1229 }
1230 
1231 
1232 static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
1233 {
1234  #ifdef USE_WINDOWS_API
1235  unsigned long blocking = 1;
1236  int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
1237  if (ret == SOCKET_ERROR)
1238  err_sys("ioctlsocket failed");
1239  #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) \
1240  || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \
1241  || defined(WOLFSSL_ZEPHYR)
1242  /* non blocking not supported, for now */
1243  #else
1244  int flags = fcntl(*sockfd, F_GETFL, 0);
1245  if (flags < 0)
1246  err_sys("fcntl get failed");
1247  flags = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
1248  if (flags < 0)
1249  err_sys("fcntl set failed");
1250  #endif
1251 }
1252 
1253 
1254 #ifndef NO_PSK
1255 
1256 /* identity is OpenSSL testing default for openssl s_client, keep same */
1257 static const char* kIdentityStr = "Client_identity";
1258 
1259 static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
1260  char* identity, unsigned int id_max_len, unsigned char* key,
1261  unsigned int key_max_len)
1262 {
1263  (void)ssl;
1264  (void)hint;
1265  (void)key_max_len;
1266 
1267  /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1268  strncpy(identity, kIdentityStr, id_max_len);
1269 
1270  if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
1271  /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
1272  unsigned binary */
1273  key[0] = 0x1a;
1274  key[1] = 0x2b;
1275  key[2] = 0x3c;
1276  key[3] = 0x4d;
1277 
1278  return 4; /* length of key in octets or 0 for error */
1279  }
1280  else {
1281  int i;
1282  int b = 0x01;
1283 
1284  for (i = 0; i < 32; i++, b += 0x22) {
1285  if (b >= 0x100)
1286  b = 0x01;
1287  key[i] = b;
1288  }
1289 
1290  return 32; /* length of key in octets or 0 for error */
1291  }
1292 }
1293 
1294 
1295 static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
1296  unsigned char* key, unsigned int key_max_len)
1297 {
1298  (void)ssl;
1299  (void)key_max_len;
1300 
1301  /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1302  if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
1303  return 0;
1304 
1305  if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) {
1306  /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
1307  unsigned binary */
1308  key[0] = 0x1a;
1309  key[1] = 0x2b;
1310  key[2] = 0x3c;
1311  key[3] = 0x4d;
1312 
1313  return 4; /* length of key in octets or 0 for error */
1314  }
1315  else {
1316  int i;
1317  int b = 0x01;
1318 
1319  for (i = 0; i < 32; i++, b += 0x22) {
1320  if (b >= 0x100)
1321  b = 0x01;
1322  key[i] = b;
1323  }
1324 
1325  return 32; /* length of key in octets or 0 for error */
1326  }
1327 }
1328 
1329 
1330 static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
1331  const char* hint, char* identity, unsigned int id_max_len,
1332  unsigned char* key, unsigned int key_max_len, const char** ciphersuite)
1333 {
1334  int i;
1335  int b = 0x01;
1336 
1337  (void)ssl;
1338  (void)hint;
1339  (void)key_max_len;
1340 
1341  /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1342  strncpy(identity, kIdentityStr, id_max_len);
1343 
1344  for (i = 0; i < 32; i++, b += 0x22) {
1345  if (b >= 0x100)
1346  b = 0x01;
1347  key[i] = b;
1348  }
1349 
1350  *ciphersuite = "TLS13-AES128-GCM-SHA256";
1351 
1352  return 32; /* length of key in octets or 0 for error */
1353 }
1354 
1355 
1356 static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
1357  const char* identity, unsigned char* key, unsigned int key_max_len,
1358  const char** ciphersuite)
1359 {
1360  int i;
1361  int b = 0x01;
1362 
1363  (void)ssl;
1364  (void)key_max_len;
1365 
1366  /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
1367  if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
1368  return 0;
1369 
1370  for (i = 0; i < 32; i++, b += 0x22) {
1371  if (b >= 0x100)
1372  b = 0x01;
1373  key[i] = b;
1374  }
1375 
1376  *ciphersuite = "TLS13-AES128-GCM-SHA256";
1377 
1378  return 32; /* length of key in octets or 0 for error */
1379 }
1380 
1381 #endif /* NO_PSK */
1382 
1383 
1384 #if defined(WOLFSSL_USER_CURRTIME)
1385  extern double current_time(int reset);
1386 
1387 #elif defined(USE_WINDOWS_API)
1388 
1389  #define WIN32_LEAN_AND_MEAN
1390  #include <windows.h>
1391 
1392  static WC_INLINE double current_time(int reset)
1393  {
1394  static int init = 0;
1395  static LARGE_INTEGER freq;
1396 
1397  LARGE_INTEGER count;
1398 
1399  if (!init) {
1400  QueryPerformanceFrequency(&freq);
1401  init = 1;
1402  }
1403 
1404  QueryPerformanceCounter(&count);
1405 
1406  (void)reset;
1407  return (double)count.QuadPart / freq.QuadPart;
1408  }
1409 
1410 #elif defined(WOLFSSL_TIRTOS)
1411  extern double current_time();
1412 #elif defined(WOLFSSL_ZEPHYR)
1413  extern double current_time();
1414 #else
1415 
1416 #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_CHIBIOS)
1417  #include <sys/time.h>
1418 
1419  static WC_INLINE double current_time(int reset)
1420  {
1421  struct timeval tv;
1422  gettimeofday(&tv, 0);
1423  (void)reset;
1424 
1425  return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
1426  }
1427 #else
1428  extern double current_time(int reset);
1429 #endif
1430 #endif /* USE_WINDOWS_API */
1431 
1432 
1433 #if defined(HAVE_OCSP) && defined(WOLFSSL_NONBLOCK_OCSP)
1434 static WC_INLINE int OCSPIOCb(void* ioCtx, const char* url, int urlSz,
1435  unsigned char* request, int requestSz, unsigned char** response)
1436 {
1437 #ifdef TEST_NONBLOCK_CERTS
1438  static int ioCbCnt = 0;
1439 #endif
1440 
1441  (void)ioCtx;
1442  (void)url;
1443  (void)urlSz;
1444  (void)request;
1445  (void)requestSz;
1446  (void)response;
1447 
1448 #ifdef TEST_NONBLOCK_CERTS
1449  if (ioCbCnt) {
1450  ioCbCnt = 0;
1451  return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
1452  }
1453  else {
1454  ioCbCnt = 1;
1455  return WOLFSSL_CBIO_ERR_WANT_READ;
1456  }
1457 #else
1458  return EmbedOcspLookup(ioCtx, url, urlSz, request, requestSz, response);
1459 #endif
1460 }
1461 
1462 static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
1463 {
1464  (void)ioCtx;
1465  (void)response;
1466 }
1467 #endif
1468 
1469 #if !defined(NO_CERTS)
1470  #if !defined(NO_FILESYSTEM) || \
1471  (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST))
1472 
1473  /* reads file size, allocates buffer, reads into buffer, returns buffer */
1474  static WC_INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
1475  {
1476  int ret;
1477  long int fileSz;
1478  XFILE file;
1479 
1480  if (fname == NULL || buf == NULL || bufLen == NULL)
1481  return BAD_FUNC_ARG;
1482 
1483  /* set defaults */
1484  *buf = NULL;
1485  *bufLen = 0;
1486 
1487  /* open file (read-only binary) */
1488  file = fopen(fname, "rb");
1489  if (!file) {
1490  printf("Error loading %s\n", fname);
1491  return BAD_PATH_ERROR;
1492  }
1493 
1494  fseek(file, 0, SEEK_END);
1495  fileSz = (int)ftell(file);
1496  rewind(file);
1497  if (fileSz > 0) {
1498  *bufLen = (size_t)fileSz;
1499  *buf = (byte*)malloc(*bufLen);
1500  if (*buf == NULL) {
1501  ret = MEMORY_E;
1502  printf("Error allocating %lu bytes\n", (unsigned long)*bufLen);
1503  }
1504  else {
1505  size_t readLen = fread(*buf, *bufLen, 1, file);
1506 
1507  /* check response code */
1508  ret = (readLen > 0) ? 0 : -1;
1509  }
1510  }
1511  else {
1512  ret = BUFFER_E;
1513  }
1514  fclose(file);
1515 
1516  return ret;
1517  }
1518 
1519  enum {
1520  WOLFSSL_CA = 1,
1521  WOLFSSL_CERT = 2,
1522  WOLFSSL_KEY = 3,
1523  WOLFSSL_CERT_CHAIN = 4,
1524  };
1525 
1526  static WC_INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
1527  {
1528  int format = WOLFSSL_FILETYPE_PEM;
1529  byte* buff = NULL;
1530  size_t sz = 0;
1531 
1532  if (load_file(fname, &buff, &sz) != 0) {
1533  err_sys("can't open file for buffer load "
1534  "Please run from wolfSSL home directory if not");
1535  }
1536 
1537  /* determine format */
1538  if (strstr(fname, ".der"))
1539  format = WOLFSSL_FILETYPE_ASN1;
1540 
1541  if (type == WOLFSSL_CA) {
1542  if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
1543  != WOLFSSL_SUCCESS)
1544  err_sys("can't load buffer ca file");
1545  }
1546  else if (type == WOLFSSL_CERT) {
1547  if (wolfSSL_CTX_use_certificate_buffer(ctx, buff, (long)sz,
1548  format) != WOLFSSL_SUCCESS)
1549  err_sys("can't load buffer cert file");
1550  }
1551  else if (type == WOLFSSL_KEY) {
1552  if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, (long)sz,
1553  format) != WOLFSSL_SUCCESS)
1554  err_sys("can't load buffer key file");
1555  }
1556  else if (type == WOLFSSL_CERT_CHAIN) {
1557  if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buff,
1558  (long)sz, format) != WOLFSSL_SUCCESS)
1559  err_sys("can't load cert chain buffer");
1560  }
1561 
1562  if (buff)
1563  free(buff);
1564  }
1565 
1566  static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type)
1567  {
1568  int format = WOLFSSL_FILETYPE_PEM;
1569  byte* buff = NULL;
1570  size_t sz = 0;
1571 
1572  if (load_file(fname, &buff, &sz) != 0) {
1573  err_sys("can't open file for buffer load "
1574  "Please run from wolfSSL home directory if not");
1575  }
1576 
1577  /* determine format */
1578  if (strstr(fname, ".der"))
1579  format = WOLFSSL_FILETYPE_ASN1;
1580 
1581  if (type == WOLFSSL_CA) {
1582  /* verify certs (CA's) use the shared ctx->cm (WOLFSSL_CERT_MANAGER) */
1583  WOLFSSL_CTX* ctx = wolfSSL_get_SSL_CTX(ssl);
1584  if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
1585  != WOLFSSL_SUCCESS)
1586  err_sys("can't load buffer ca file");
1587  }
1588  else if (type == WOLFSSL_CERT) {
1589  if (wolfSSL_use_certificate_buffer(ssl, buff, (long)sz,
1590  format) != WOLFSSL_SUCCESS)
1591  err_sys("can't load buffer cert file");
1592  }
1593  else if (type == WOLFSSL_KEY) {
1594  if (wolfSSL_use_PrivateKey_buffer(ssl, buff, (long)sz,
1595  format) != WOLFSSL_SUCCESS)
1596  err_sys("can't load buffer key file");
1597  }
1598  else if (type == WOLFSSL_CERT_CHAIN) {
1599  if (wolfSSL_use_certificate_chain_buffer_format(ssl, buff,
1600  (long)sz, format) != WOLFSSL_SUCCESS)
1601  err_sys("can't load cert chain buffer");
1602  }
1603 
1604  if (buff)
1605  free(buff);
1606  }
1607 
1608  #ifdef TEST_PK_PRIVKEY
1609  static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen)
1610  {
1611  int ret;
1612  byte* buf = NULL;
1613  size_t bufLen;
1614 
1615  ret = load_file(fname, &buf, &bufLen);
1616  if (ret != 0)
1617  return ret;
1618 
1619  *derBuf = (byte*)malloc(bufLen);
1620  if (*derBuf == NULL) {
1621  free(buf);
1622  return MEMORY_E;
1623  }
1624 
1625  ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL);
1626  if (ret < 0) {
1627  free(buf);
1628  free(*derBuf);
1629  return ret;
1630  }
1631  *derLen = ret;
1632  free(buf);
1633 
1634  return 0;
1635  }
1636  #endif /* TEST_PK_PRIVKEY */
1637 
1638  #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */
1639 #endif /* !NO_CERTS */
1640 
1641 static int myVerifyFail = 0;
1642 static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
1643 {
1644  char buffer[WOLFSSL_MAX_ERROR_SZ];
1645 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
1646  WOLFSSL_X509* peer;
1647 #endif
1648  (void)preverify;
1649 
1650  /* Verify Callback Arguments:
1651  * preverify: 1=Verify Okay, 0=Failure
1652  * store->error: Failure error code (0 indicates no failure)
1653  * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA)
1654  * store->error_depth: Current Index
1655  * store->domain: Subject CN as string (null term)
1656  * store->totalCerts: Number of certs presented by peer
1657  * store->certs[i]: A `WOLFSSL_BUFFER_INFO` with plain DER for each cert
1658  * store->store: WOLFSSL_X509_STORE with CA cert chain
1659  * store->store->cm: WOLFSSL_CERT_MANAGER
1660  * store->ex_data: The WOLFSSL object pointer
1661  * store->discardSessionCerts: When set to non-zero value session certs
1662  will be discarded (only with SESSION_CERTS)
1663  */
1664 
1665  printf("In verification callback, error = %d, %s\n", store->error,
1666  wolfSSL_ERR_error_string(store->error, buffer));
1667 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
1668  peer = store->current_cert;
1669  if (peer) {
1670  char* issuer = wolfSSL_X509_NAME_oneline(
1671  wolfSSL_X509_get_issuer_name(peer), 0, 0);
1672  char* subject = wolfSSL_X509_NAME_oneline(
1673  wolfSSL_X509_get_subject_name(peer), 0, 0);
1674  printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
1675  subject);
1676  XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
1677  XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
1678  }
1679  else
1680  printf("\tPeer has no cert!\n");
1681 #else
1682  printf("\tPeer certs: %d\n", store->totalCerts);
1683  #ifdef SHOW_CERTS
1684  { int i;
1685  for (i=0; i<store->totalCerts; i++) {
1686  WOLFSSL_BUFFER_INFO* cert = &store->certs[i];
1687  printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length);
1688  }
1689  }
1690  #endif
1691 #endif
1692 
1693  printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain);
1694 
1695  /* Testing forced fail case by return zero */
1696  if (myVerifyFail) {
1697  return 0; /* test failure case */
1698  }
1699 
1700  /* If error indicate we are overriding it for testing purposes */
1701  if (store->error != 0) {
1702  printf("\tAllowing failed certificate check, testing only "
1703  "(shouldn't do this in production)\n");
1704  }
1705 
1706  /* A non-zero return code indicates failure override */
1707  return 1;
1708 }
1709 
1710 
1711 static WC_INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store)
1712 {
1713  char buffer[WOLFSSL_MAX_ERROR_SZ];
1714  (void)preverify;
1715 
1716  printf("In verification callback, error = %d, %s\n", store->error,
1717  wolfSSL_ERR_error_string(store->error, buffer));
1718  printf("Subject's domain name is %s\n", store->domain);
1719 
1720  if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) {
1721  printf("Overriding cert date error as example for bad clock testing\n");
1722  return 1;
1723  }
1724  printf("Cert error is not date error, not overriding\n");
1725 
1726  return 0;
1727 }
1728 
1729 
1730 #ifdef HAVE_EXT_CACHE
1731 
1732 static WC_INLINE WOLFSSL_SESSION* mySessGetCb(WOLFSSL* ssl, unsigned char* id,
1733  int id_len, int* copy)
1734 {
1735  (void)ssl;
1736  (void)id;
1737  (void)id_len;
1738  (void)copy;
1739 
1740  /* using internal cache, this is for testing only */
1741  return NULL;
1742 }
1743 
1744 static WC_INLINE int mySessNewCb(WOLFSSL* ssl, WOLFSSL_SESSION* session)
1745 {
1746  (void)ssl;
1747  (void)session;
1748 
1749  /* using internal cache, this is for testing only */
1750  return 0;
1751 }
1752 
1753 static WC_INLINE void mySessRemCb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
1754 {
1755  (void)ctx;
1756  (void)session;
1757 
1758  /* using internal cache, this is for testing only */
1759 }
1760 
1761 #endif /* HAVE_EXT_CACHE */
1762 
1763 
1764 #ifdef HAVE_CRL
1765 
1766 static WC_INLINE void CRL_CallBack(const char* url)
1767 {
1768  printf("CRL callback url = %s\n", url);
1769 }
1770 
1771 #endif
1772 
1773 #ifndef NO_DH
1774 static WC_INLINE void SetDH(WOLFSSL* ssl)
1775 {
1776  /* dh1024 p */
1777  static const unsigned char p[] =
1778  {
1779  0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
1780  0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
1781  0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
1782  0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
1783  0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
1784  0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
1785  0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
1786  0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
1787  0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
1788  0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
1789  0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
1790  };
1791 
1792  /* dh1024 g */
1793  static const unsigned char g[] =
1794  {
1795  0x02,
1796  };
1797 
1798  wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g));
1799 }
1800 
1801 static WC_INLINE void SetDHCtx(WOLFSSL_CTX* ctx)
1802 {
1803  /* dh1024 p */
1804  static const unsigned char p[] =
1805  {
1806  0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
1807  0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
1808  0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
1809  0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
1810  0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
1811  0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
1812  0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
1813  0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
1814  0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
1815  0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
1816  0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
1817  };
1818 
1819  /* dh1024 g */
1820  static const unsigned char g[] =
1821  {
1822  0x02,
1823  };
1824 
1825  wolfSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
1826 }
1827 #endif /* NO_DH */
1828 
1829 #ifndef NO_CERTS
1830 
1831 static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
1832 {
1833  (void)der;
1834  printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
1835 }
1836 
1837 #endif /* !NO_CERTS */
1838 
1839 
1840 /* Wolf Root Directory Helper */
1841 /* KEIL-RL File System does not support relative directory */
1842 #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS)
1843  /* Maximum depth to search for WolfSSL root */
1844  #define MAX_WOLF_ROOT_DEPTH 5
1845 
1846  static WC_INLINE int ChangeToWolfRoot(void)
1847  {
1848  #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
1849  int depth, res;
1850  XFILE file;
1851  for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
1852  file = fopen(ntruKeyFile, "rb");
1853  if (file != NULL) {
1854  fclose(file);
1855  return depth;
1856  }
1857  #ifdef USE_WINDOWS_API
1858  res = SetCurrentDirectoryA("..\\");
1859  #else
1860  res = chdir("../");
1861  #endif
1862  if (res < 0) {
1863  printf("chdir to ../ failed!\n");
1864  break;
1865  }
1866  }
1867 
1868  err_sys("wolf root not found");
1869  return -1;
1870  #else
1871  return 0;
1872  #endif
1873  }
1874 #endif /* !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_FS) && !defined(WOLFSSL_TIRTOS) */
1875 
1876 #ifdef HAVE_STACK_SIZE
1877 
1878 typedef THREAD_RETURN WOLFSSL_THREAD (*thread_func)(void* args);
1879 #define STACK_CHECK_VAL 0x01
1880 
1881 static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf)
1882 {
1883  int ret, i, used;
1884  void* status;
1885  unsigned char* myStack = NULL;
1886  int stackSize = 1024*128;
1887  pthread_attr_t myAttr;
1888  pthread_t threadId;
1889 
1890 #ifdef PTHREAD_STACK_MIN
1891  if (stackSize < PTHREAD_STACK_MIN)
1892  stackSize = PTHREAD_STACK_MIN;
1893 #endif
1894 
1895  ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize);
1896  if (ret != 0 || myStack == NULL)
1897  err_sys("posix_memalign failed\n");
1898 
1899  XMEMSET(myStack, STACK_CHECK_VAL, stackSize);
1900 
1901  ret = pthread_attr_init(&myAttr);
1902  if (ret != 0)
1903  err_sys("attr_init failed");
1904 
1905  ret = pthread_attr_setstack(&myAttr, myStack, stackSize);
1906  if (ret != 0)
1907  err_sys("attr_setstackaddr failed");
1908 
1909  ret = pthread_create(&threadId, &myAttr, tf, args);
1910  if (ret != 0) {
1911  perror("pthread_create failed");
1912  exit(EXIT_FAILURE);
1913  }
1914 
1915  ret = pthread_join(threadId, &status);
1916  if (ret != 0)
1917  err_sys("pthread_join failed");
1918 
1919  for (i = 0; i < stackSize; i++) {
1920  if (myStack[i] != STACK_CHECK_VAL) {
1921  break;
1922  }
1923  }
1924 
1925  free(myStack);
1926 
1927  used = stackSize - i;
1928  printf("stack used = %d\n", used);
1929 
1930  return (int)((size_t)status);
1931 }
1932 
1933 
1934 #endif /* HAVE_STACK_SIZE */
1935 
1936 
1937 #ifdef STACK_TRAP
1938 
1939 /* good settings
1940  --enable-debug --disable-shared C_EXTRA_FLAGS="-DUSER_TIME -DTFM_TIMING_RESISTANT -DPOSITIVE_EXP_ONLY -DSTACK_TRAP"
1941 
1942 */
1943 
1944 #ifdef HAVE_STACK_SIZE
1945  /* client only for now, setrlimit will fail if pthread_create() called */
1946  /* STACK_SIZE does pthread_create() on client */
1947  #error "can't use STACK_TRAP with STACK_SIZE, setrlimit will fail"
1948 #endif /* HAVE_STACK_SIZE */
1949 
1950 static WC_INLINE void StackTrap(void)
1951 {
1952  struct rlimit rl;
1953  if (getrlimit(RLIMIT_STACK, &rl) != 0)
1954  err_sys("getrlimit failed");
1955  printf("rlim_cur = %llu\n", rl.rlim_cur);
1956  rl.rlim_cur = 1024*21; /* adjust trap size here */
1957  if (setrlimit(RLIMIT_STACK, &rl) != 0) {
1958  perror("setrlimit");
1959  err_sys("setrlimit failed");
1960  }
1961 }
1962 
1963 #else /* STACK_TRAP */
1964 
1965 static WC_INLINE void StackTrap(void)
1966 {
1967 }
1968 
1969 #endif /* STACK_TRAP */
1970 
1971 
1972 #ifdef ATOMIC_USER
1973 
1974 /* Atomic Encrypt Context example */
1975 typedef struct AtomicEncCtx {
1976  int keySetup; /* have we done key setup yet */
1977  Aes aes; /* for aes example */
1978 } AtomicEncCtx;
1979 
1980 
1981 /* Atomic Decrypt Context example */
1982 typedef struct AtomicDecCtx {
1983  int keySetup; /* have we done key setup yet */
1984  Aes aes; /* for aes example */
1985 } AtomicDecCtx;
1986 
1987 
1988 static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
1989  const unsigned char* macIn, unsigned int macInSz, int macContent,
1990  int macVerify, unsigned char* encOut, const unsigned char* encIn,
1991  unsigned int encSz, void* ctx)
1992 {
1993  int ret;
1994  Hmac hmac;
1995  byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
1996  AtomicEncCtx* encCtx = (AtomicEncCtx*)ctx;
1997  const char* tlsStr = "TLS";
1998 
1999  /* example supports (d)tls aes */
2000  if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
2001  printf("myMacEncryptCb not using AES\n");
2002  return -1;
2003  }
2004 
2005  if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
2006  printf("myMacEncryptCb not using (D)TLS\n");
2007  return -1;
2008  }
2009 
2010  /* hmac, not needed if aead mode */
2011  wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
2012 
2013  ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
2014  wolfSSL_GetMacSecret(ssl, macVerify), wolfSSL_GetHmacSize(ssl));
2015  if (ret != 0)
2016  return ret;
2017  ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
2018  if (ret != 0)
2019  return ret;
2020  ret = wc_HmacUpdate(&hmac, macIn, macInSz);
2021  if (ret != 0)
2022  return ret;
2023  ret = wc_HmacFinal(&hmac, macOut);
2024  if (ret != 0)
2025  return ret;
2026 
2027 
2028  /* encrypt setup on first time */
2029  if (encCtx->keySetup == 0) {
2030  int keyLen = wolfSSL_GetKeySize(ssl);
2031  const byte* key;
2032  const byte* iv;
2033 
2034  if (wolfSSL_GetSide(ssl) == WOLFSSL_CLIENT_END) {
2035  key = wolfSSL_GetClientWriteKey(ssl);
2036  iv = wolfSSL_GetClientWriteIV(ssl);
2037  }
2038  else {
2039  key = wolfSSL_GetServerWriteKey(ssl);
2040  iv = wolfSSL_GetServerWriteIV(ssl);
2041  }
2042 
2043  ret = wc_AesSetKey(&encCtx->aes, key, keyLen, iv, AES_ENCRYPTION);
2044  if (ret != 0) {
2045  printf("AesSetKey failed in myMacEncryptCb\n");
2046  return ret;
2047  }
2048  encCtx->keySetup = 1;
2049  }
2050 
2051  /* encrypt */
2052  return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
2053 }
2054 
2055 
2056 static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
2057  unsigned char* decOut, const unsigned char* decIn,
2058  unsigned int decSz, int macContent, int macVerify,
2059  unsigned int* padSz, void* ctx)
2060 {
2061  AtomicDecCtx* decCtx = (AtomicDecCtx*)ctx;
2062  int ret = 0;
2063  int macInSz = 0;
2064  int ivExtra = 0;
2065  int digestSz = wolfSSL_GetHmacSize(ssl);
2066  unsigned int pad = 0;
2067  unsigned int padByte = 0;
2068  Hmac hmac;
2069  byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ];
2070  byte verify[WC_MAX_DIGEST_SIZE];
2071  const char* tlsStr = "TLS";
2072 
2073  /* example supports (d)tls aes */
2074  if (wolfSSL_GetBulkCipher(ssl) != wolfssl_aes) {
2075  printf("myMacEncryptCb not using AES\n");
2076  return -1;
2077  }
2078 
2079  if (strstr(wolfSSL_get_version(ssl), tlsStr) == NULL) {
2080  printf("myMacEncryptCb not using (D)TLS\n");
2081  return -1;
2082  }
2083 
2084  /*decrypt */
2085  if (decCtx->keySetup == 0) {
2086  int keyLen = wolfSSL_GetKeySize(ssl);
2087  const byte* key;
2088  const byte* iv;
2089 
2090  /* decrypt is from other side (peer) */
2091  if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) {
2092  key = wolfSSL_GetClientWriteKey(ssl);
2093  iv = wolfSSL_GetClientWriteIV(ssl);
2094  }
2095  else {
2096  key = wolfSSL_GetServerWriteKey(ssl);
2097  iv = wolfSSL_GetServerWriteIV(ssl);
2098  }
2099 
2100  ret = wc_AesSetKey(&decCtx->aes, key, keyLen, iv, AES_DECRYPTION);
2101  if (ret != 0) {
2102  printf("AesSetKey failed in myDecryptVerifyCb\n");
2103  return ret;
2104  }
2105  decCtx->keySetup = 1;
2106  }
2107 
2108  /* decrypt */
2109  ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
2110  if (ret != 0)
2111  return ret;
2112 
2113  if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
2114  *padSz = wolfSSL_GetAeadMacSize(ssl);
2115  return 0; /* hmac, not needed if aead mode */
2116  }
2117 
2118  if (wolfSSL_GetCipherType(ssl) == WOLFSSL_BLOCK_TYPE) {
2119  pad = *(decOut + decSz - 1);
2120  padByte = 1;
2121  if (wolfSSL_IsTLSv1_1(ssl))
2122  ivExtra = wolfSSL_GetCipherBlockSize(ssl);
2123  }
2124 
2125  *padSz = wolfSSL_GetHmacSize(ssl) + pad + padByte;
2126  macInSz = decSz - ivExtra - digestSz - pad - padByte;
2127 
2128  wolfSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify);
2129 
2130  ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl),
2131  wolfSSL_GetMacSecret(ssl, macVerify), digestSz);
2132  if (ret != 0)
2133  return ret;
2134  ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner));
2135  if (ret != 0)
2136  return ret;
2137  ret = wc_HmacUpdate(&hmac, decOut + ivExtra, macInSz);
2138  if (ret != 0)
2139  return ret;
2140  ret = wc_HmacFinal(&hmac, verify);
2141  if (ret != 0)
2142  return ret;
2143 
2144  if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte,
2145  digestSz) != 0) {
2146  printf("myDecryptVerify verify failed\n");
2147  return -1;
2148  }
2149 
2150  return ret;
2151 }
2152 
2153 
2154 static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
2155 {
2156  AtomicEncCtx* encCtx;
2157  AtomicDecCtx* decCtx;
2158 
2159  encCtx = (AtomicEncCtx*)malloc(sizeof(AtomicEncCtx));
2160  if (encCtx == NULL)
2161  err_sys("AtomicEncCtx malloc failed");
2162  XMEMSET(encCtx, 0, sizeof(AtomicEncCtx));
2163 
2164  decCtx = (AtomicDecCtx*)malloc(sizeof(AtomicDecCtx));
2165  if (decCtx == NULL) {
2166  free(encCtx);
2167  err_sys("AtomicDecCtx malloc failed");
2168  }
2169  XMEMSET(decCtx, 0, sizeof(AtomicDecCtx));
2170 
2171  wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
2172  wolfSSL_SetMacEncryptCtx(ssl, encCtx);
2173 
2174  wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
2175  wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
2176 }
2177 
2178 
2179 static WC_INLINE void FreeAtomicUser(WOLFSSL* ssl)
2180 {
2183 
2184  free(decCtx);
2185  free(encCtx);
2186 }
2187 
2188 #endif /* ATOMIC_USER */
2189 
2190 #ifdef WOLFSSL_STATIC_MEMORY
2191 static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
2192 {
2193  word16 i;
2194 
2195  if (stats == NULL) {
2196  return 0;
2197  }
2198 
2199  /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */
2200  fprintf(stderr, "Total mallocs = %d\n", stats->totalAlloc);
2201  fprintf(stderr, "Total frees = %d\n", stats->totalFr);
2202  fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc);
2203  fprintf(stderr, "Available IO = %d\n", stats->avaIO);
2204  fprintf(stderr, "Max con. handshakes = %d\n", stats->maxHa);
2205  fprintf(stderr, "Max con. IO = %d\n", stats->maxIO);
2206  fprintf(stderr, "State of memory blocks: size : available \n");
2207  for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
2208  fprintf(stderr, " : %d\t : %d\n", stats->blockSz[i],
2209  stats->avaBlock[i]);
2210  }
2211 
2212  return 1;
2213 }
2214 #endif /* WOLFSSL_STATIC_MEMORY */
2215 
2216 #ifdef HAVE_PK_CALLBACKS
2217 
2218 typedef struct PkCbInfo {
2219  const char* ourKey;
2220 #ifdef TEST_PK_PRIVKEY
2221  union {
2222  #ifdef HAVE_ECC
2223  ecc_key ecc;
2224  #endif
2225  #ifdef HAVE_CURVE25519
2226  curve25519_key curve;
2227  #endif
2228  } keyGen;
2229 #endif
2230 } PkCbInfo;
2231 
2232 #if defined(DEBUG_PK_CB) || defined(TEST_PK_PRIVKEY)
2233  #define WOLFSSL_PKMSG(_f_, ...) printf(_f_, ##__VA_ARGS__)
2234 #else
2235  #define WOLFSSL_PKMSG(_f_, ...)
2236 #endif
2237 
2238 #ifdef HAVE_ECC
2239 
2240 static WC_INLINE int myEccKeyGen(WOLFSSL* ssl, ecc_key* key, word32 keySz,
2241  int ecc_curve, void* ctx)
2242 {
2243  int ret;
2244  WC_RNG rng;
2245  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2246  ecc_key* new_key = key;
2247 #ifdef TEST_PK_PRIVKEY
2248  byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
2249  word32 qxLen = sizeof(qx), qyLen = sizeof(qy);
2250  new_key = &cbInfo->keyGen.ecc;
2251 #endif
2252 
2253  (void)ssl;
2254  (void)cbInfo;
2255 
2256  WOLFSSL_PKMSG("PK ECC KeyGen: keySz %d, Curve ID %d\n", keySz, ecc_curve);
2257 
2258  ret = wc_InitRng(&rng);
2259  if (ret != 0)
2260  return ret;
2261 
2262  ret = wc_ecc_init(new_key);
2263  if (ret == 0) {
2264  /* create new key */
2265  ret = wc_ecc_make_key_ex(&rng, keySz, new_key, ecc_curve);
2266 
2267  #ifdef TEST_PK_PRIVKEY
2268  if (ret == 0) {
2269  /* extract public portion from new key into `key` arg */
2270  ret = wc_ecc_export_public_raw(new_key, qx, &qxLen, qy, &qyLen);
2271  if (ret == 0) {
2272  /* load public portion only into key */
2273  ret = wc_ecc_import_unsigned(key, qx, qy, NULL, ecc_curve);
2274  }
2275  (void)qxLen;
2276  (void)qyLen;
2277  }
2278  #endif
2279  }
2280 
2281  WOLFSSL_PKMSG("PK ECC KeyGen: ret %d\n", ret);
2282 
2283  wc_FreeRng(&rng);
2284 
2285  return ret;
2286 }
2287 
2288 static WC_INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
2289  byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
2290 {
2291  int ret;
2292  WC_RNG rng;
2293  word32 idx = 0;
2294  ecc_key myKey;
2295  byte* keyBuf = (byte*)key;
2296  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2297 
2298  (void)ssl;
2299  (void)cbInfo;
2300 
2301  WOLFSSL_PKMSG("PK ECC Sign: inSz %d, keySz %d\n", inSz, keySz);
2302 
2303 #ifdef TEST_PK_PRIVKEY
2304  ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2305  if (ret != 0)
2306  return ret;
2307 #endif
2308 
2309  ret = wc_InitRng(&rng);
2310  if (ret != 0)
2311  return ret;
2312 
2313  ret = wc_ecc_init(&myKey);
2314  if (ret == 0) {
2315  ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2316  if (ret == 0) {
2317  WOLFSSL_PKMSG("PK ECC Sign: Curve ID %d\n", myKey.dp->id);
2318  ret = wc_ecc_sign_hash(in, inSz, out, outSz, &rng, &myKey);
2319  }
2320  wc_ecc_free(&myKey);
2321  }
2322  wc_FreeRng(&rng);
2323 
2324 #ifdef TEST_PK_PRIVKEY
2325  free(keyBuf);
2326 #endif
2327 
2328  WOLFSSL_PKMSG("PK ECC Sign: ret %d outSz %d\n", ret, *outSz);
2329 
2330  return ret;
2331 }
2332 
2333 
2334 static WC_INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
2335  const byte* hash, word32 hashSz, const byte* key, word32 keySz,
2336  int* result, void* ctx)
2337 {
2338  int ret;
2339  word32 idx = 0;
2340  ecc_key myKey;
2341  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2342 
2343  (void)ssl;
2344  (void)cbInfo;
2345 
2346  WOLFSSL_PKMSG("PK ECC Verify: sigSz %d, hashSz %d, keySz %d\n", sigSz, hashSz, keySz);
2347 
2348  ret = wc_ecc_init(&myKey);
2349  if (ret == 0) {
2350  ret = wc_EccPublicKeyDecode(key, &idx, &myKey, keySz);
2351  if (ret == 0)
2352  ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, result, &myKey);
2353  wc_ecc_free(&myKey);
2354  }
2355 
2356  WOLFSSL_PKMSG("PK ECC Verify: ret %d, result %d\n", ret, *result);
2357 
2358  return ret;
2359 }
2360 
2361 static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
2362  unsigned char* pubKeyDer, unsigned int* pubKeySz,
2363  unsigned char* out, unsigned int* outlen,
2364  int side, void* ctx)
2365 {
2366  int ret;
2367  ecc_key* privKey = NULL;
2368  ecc_key* pubKey = NULL;
2369  ecc_key tmpKey;
2370  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2371 
2372  (void)ssl;
2373  (void)cbInfo;
2374 
2375  WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
2376  side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
2377 
2378  ret = wc_ecc_init(&tmpKey);
2379  if (ret != 0) {
2380  return ret;
2381  }
2382 
2383  /* for client: create and export public key */
2384  if (side == WOLFSSL_CLIENT_END) {
2385  WC_RNG rng;
2386 
2387  privKey = &tmpKey;
2388  pubKey = otherKey;
2389 
2390  ret = wc_InitRng(&rng);
2391  if (ret == 0) {
2392  ret = wc_ecc_make_key_ex(&rng, 0, privKey, otherKey->dp->id);
2393  #ifdef WOLFSSL_ASYNC_CRYPT
2394  if (ret == WC_PENDING_E) {
2395  ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_NONE);
2396  }
2397  #endif
2398  if (ret == 0)
2399  ret = wc_ecc_export_x963(privKey, pubKeyDer, pubKeySz);
2400  wc_FreeRng(&rng);
2401  }
2402  }
2403 
2404  /* for server: import public key */
2405  else if (side == WOLFSSL_SERVER_END) {
2406  #ifdef TEST_PK_PRIVKEY
2407  privKey = &cbInfo->keyGen.ecc;
2408  #else
2409  privKey = otherKey;
2410  #endif
2411  pubKey = &tmpKey;
2412 
2413  ret = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, pubKey,
2414  otherKey->dp->id);
2415  }
2416  else {
2417  ret = BAD_FUNC_ARG;
2418  }
2419 
2420  /* generate shared secret and return it */
2421  if (ret == 0) {
2422  ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen);
2423 
2424  #ifdef WOLFSSL_ASYNC_CRYPT
2425  if (ret == WC_PENDING_E) {
2426  ret = wc_AsyncWait(ret, &privKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
2427  }
2428  #endif
2429  }
2430 
2431 #ifdef TEST_PK_PRIVKEY
2432  if (side == WOLFSSL_SERVER_END) {
2433  wc_ecc_free(&cbInfo->keyGen.ecc);
2434  }
2435 #endif
2436 
2437  wc_ecc_free(&tmpKey);
2438 
2439  WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
2440 
2441  return ret;
2442 }
2443 
2444 #ifdef HAVE_ED25519
2445 static WC_INLINE int myEd25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
2446  byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
2447 {
2448  int ret;
2449  word32 idx = 0;
2450  ed25519_key myKey;
2451  byte* keyBuf = (byte*)key;
2452  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2453 
2454  (void)ssl;
2455  (void)cbInfo;
2456 
2457  WOLFSSL_PKMSG("PK 25519 Sign: inSz %d, keySz %d\n", inSz, keySz);
2458 
2459 #ifdef TEST_PK_PRIVKEY
2460  ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2461  if (ret != 0)
2462  return ret;
2463 #endif
2464 
2465  ret = wc_ed25519_init(&myKey);
2466  if (ret == 0) {
2467  ret = wc_Ed25519PrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2468  if (ret == 0)
2469  ret = wc_ed25519_sign_msg(in, inSz, out, outSz, &myKey);
2470  wc_ed25519_free(&myKey);
2471  }
2472 
2473 #ifdef TEST_PK_PRIVKEY
2474  free(keyBuf);
2475 #endif
2476 
2477  WOLFSSL_PKMSG("PK 25519 Sign: ret %d, outSz %d\n", ret, *outSz);
2478 
2479  return ret;
2480 }
2481 
2482 
2483 static WC_INLINE int myEd25519Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
2484  const byte* msg, word32 msgSz, const byte* key, word32 keySz,
2485  int* result, void* ctx)
2486 {
2487  int ret;
2488  ed25519_key myKey;
2489  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2490 
2491  (void)ssl;
2492  (void)cbInfo;
2493 
2494  WOLFSSL_PKMSG("PK 25519 Verify: sigSz %d, msgSz %d, keySz %d\n", sigSz, msgSz, keySz);
2495 
2496  ret = wc_ed25519_init(&myKey);
2497  if (ret == 0) {
2498  ret = wc_ed25519_import_public(key, keySz, &myKey);
2499  if (ret == 0) {
2500  ret = wc_ed25519_verify_msg(sig, sigSz, msg, msgSz, result, &myKey);
2501  }
2502  wc_ed25519_free(&myKey);
2503  }
2504 
2505  WOLFSSL_PKMSG("PK 25519 Verify: ret %d, result %d\n", ret, *result);
2506 
2507  return ret;
2508 }
2509 #endif /* HAVE_ED25519 */
2510 
2511 #ifdef HAVE_CURVE25519
2512 static WC_INLINE int myX25519KeyGen(WOLFSSL* ssl, curve25519_key* key,
2513  unsigned int keySz, void* ctx)
2514 {
2515  int ret;
2516  WC_RNG rng;
2517  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2518 
2519  (void)ssl;
2520  (void)cbInfo;
2521 
2522  WOLFSSL_PKMSG("PK 25519 KeyGen: keySz %d\n", keySz);
2523 
2524  ret = wc_InitRng(&rng);
2525  if (ret != 0)
2526  return ret;
2527 
2528  ret = wc_curve25519_make_key(&rng, keySz, key);
2529 
2530  wc_FreeRng(&rng);
2531 
2532  WOLFSSL_PKMSG("PK 25519 KeyGen: ret %d\n", ret);
2533 
2534  return ret;
2535 }
2536 
2537 static WC_INLINE int myX25519SharedSecret(WOLFSSL* ssl, curve25519_key* otherKey,
2538  unsigned char* pubKeyDer, unsigned int* pubKeySz,
2539  unsigned char* out, unsigned int* outlen,
2540  int side, void* ctx)
2541 {
2542  int ret;
2543  curve25519_key* privKey = NULL;
2544  curve25519_key* pubKey = NULL;
2545  curve25519_key tmpKey;
2546  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2547 
2548  (void)ssl;
2549  (void)cbInfo;
2550 
2551  WOLFSSL_PKMSG("PK 25519 PMS: side %s\n",
2552  side == WOLFSSL_CLIENT_END ? "client" : "server");
2553 
2554  ret = wc_curve25519_init(&tmpKey);
2555  if (ret != 0) {
2556  return ret;
2557  }
2558 
2559  /* for client: create and export public key */
2560  if (side == WOLFSSL_CLIENT_END) {
2561  WC_RNG rng;
2562 
2563  privKey = &tmpKey;
2564  pubKey = otherKey;
2565 
2566  ret = wc_InitRng(&rng);
2567  if (ret == 0) {
2568  ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, privKey);
2569  if (ret == 0) {
2570  ret = wc_curve25519_export_public_ex(privKey, pubKeyDer,
2571  pubKeySz, EC25519_LITTLE_ENDIAN);
2572  }
2573  wc_FreeRng(&rng);
2574  }
2575  }
2576 
2577  /* for server: import public key */
2578  else if (side == WOLFSSL_SERVER_END) {
2579  privKey = otherKey;
2580  pubKey = &tmpKey;
2581 
2582  ret = wc_curve25519_import_public_ex(pubKeyDer, *pubKeySz, pubKey,
2583  EC25519_LITTLE_ENDIAN);
2584  }
2585  else {
2586  ret = BAD_FUNC_ARG;
2587  }
2588 
2589  /* generate shared secret and return it */
2590  if (ret == 0) {
2591  ret = wc_curve25519_shared_secret_ex(privKey, pubKey, out, outlen,
2592  EC25519_LITTLE_ENDIAN);
2593  }
2594 
2595  wc_curve25519_free(&tmpKey);
2596 
2597  WOLFSSL_PKMSG("PK 25519 PMS: ret %d, pubKeySz %d, outLen %d\n",
2598  ret, *pubKeySz, *outlen);
2599 
2600  return ret;
2601 }
2602 #endif /* HAVE_CURVE25519 */
2603 
2604 #endif /* HAVE_ECC */
2605 
2606 #ifndef NO_DH
2607 static WC_INLINE int myDhCallback(WOLFSSL* ssl, struct DhKey* key,
2608  const unsigned char* priv, unsigned int privSz,
2609  const unsigned char* pubKeyDer, unsigned int pubKeySz,
2610  unsigned char* out, unsigned int* outlen,
2611  void* ctx)
2612 {
2613  int ret;
2614  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2615 
2616  (void)ssl;
2617  (void)cbInfo;
2618 
2619  /* return 0 on success */
2620  ret = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
2621 
2622  WOLFSSL_PKMSG("PK ED Agree: ret %d, privSz %d, pubKeySz %d, outlen %d\n",
2623  ret, privSz, pubKeySz, *outlen);
2624 
2625  return ret;
2626 };
2627 
2628 #endif /* !NO_DH */
2629 
2630 #ifndef NO_RSA
2631 
2632 static WC_INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
2633  byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
2634 {
2635  WC_RNG rng;
2636  int ret;
2637  word32 idx = 0;
2638  RsaKey myKey;
2639  byte* keyBuf = (byte*)key;
2640  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2641 
2642  (void)ssl;
2643  (void)cbInfo;
2644 
2645  WOLFSSL_PKMSG("PK RSA Sign: inSz %d, keySz %d\n", inSz, keySz);
2646 
2647 #ifdef TEST_PK_PRIVKEY
2648  ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2649  if (ret != 0)
2650  return ret;
2651 #endif
2652 
2653  ret = wc_InitRng(&rng);
2654  if (ret != 0)
2655  return ret;
2656 
2657  ret = wc_InitRsaKey(&myKey, NULL);
2658  if (ret == 0) {
2659  ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2660  if (ret == 0)
2661  ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, &myKey, &rng);
2662  if (ret > 0) { /* save and convert to 0 success */
2663  *outSz = ret;
2664  ret = 0;
2665  }
2666  wc_FreeRsaKey(&myKey);
2667  }
2668  wc_FreeRng(&rng);
2669 
2670 #ifdef TEST_PK_PRIVKEY
2671  free(keyBuf);
2672 #endif
2673 
2674  WOLFSSL_PKMSG("PK RSA Sign: ret %d, outSz %d\n", ret, *outSz);
2675 
2676  return ret;
2677 }
2678 
2679 
2680 static WC_INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
2681  byte** out, const byte* key, word32 keySz, void* ctx)
2682 {
2683  int ret;
2684  word32 idx = 0;
2685  RsaKey myKey;
2686  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2687 
2688  (void)ssl;
2689  (void)cbInfo;
2690 
2691  WOLFSSL_PKMSG("PK RSA Verify: sigSz %d, keySz %d\n", sigSz, keySz);
2692 
2693  ret = wc_InitRsaKey(&myKey, NULL);
2694  if (ret == 0) {
2695  ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
2696  if (ret == 0)
2697  ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
2698  wc_FreeRsaKey(&myKey);
2699  }
2700 
2701  WOLFSSL_PKMSG("PK RSA Verify: ret %d\n", ret);
2702 
2703  return ret;
2704 }
2705 
2706 static WC_INLINE int myRsaSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
2707  byte** out, const byte* key, word32 keySz, void* ctx)
2708 {
2709  int ret;
2710  word32 idx = 0;
2711  RsaKey myKey;
2712  byte* keyBuf = (byte*)key;
2713  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2714 
2715  (void)ssl;
2716  (void)cbInfo;
2717 
2718  WOLFSSL_PKMSG("PK RSA SignCheck: sigSz %d, keySz %d\n", sigSz, keySz);
2719 
2720 #ifdef TEST_PK_PRIVKEY
2721  ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2722  if (ret != 0)
2723  return ret;
2724 #endif
2725 
2726  ret = wc_InitRsaKey(&myKey, NULL);
2727  if (ret == 0) {
2728  ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2729  if (ret == 0)
2730  ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
2731  wc_FreeRsaKey(&myKey);
2732  }
2733 #ifdef TEST_PK_PRIVKEY
2734  free(keyBuf);
2735 #endif
2736 
2737  WOLFSSL_PKMSG("PK RSA SignCheck: ret %d\n", ret);
2738 
2739  return ret;
2740 }
2741 
2742 #ifdef WC_RSA_PSS
2743 static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
2744  byte* out, word32* outSz, int hash, int mgf, const byte* key,
2745  word32 keySz, void* ctx)
2746 {
2747  enum wc_HashType hashType = WC_HASH_TYPE_NONE;
2748  WC_RNG rng;
2749  int ret;
2750  word32 idx = 0;
2751  RsaKey myKey;
2752  byte* keyBuf = (byte*)key;
2753  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2754 
2755  (void)ssl;
2756  (void)cbInfo;
2757 
2758  WOLFSSL_PKMSG("PK RSA PSS Sign: inSz %d, hash %d, mgf %d, keySz %d\n",
2759  inSz, hash, mgf, keySz);
2760 
2761 #ifdef TEST_PK_PRIVKEY
2762  ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2763  if (ret != 0)
2764  return ret;
2765 #endif
2766 
2767  switch (hash) {
2768 #ifndef NO_SHA256
2769  case SHA256h:
2770  hashType = WC_HASH_TYPE_SHA256;
2771  break;
2772 #endif
2773 #ifdef WOLFSSL_SHA384
2774  case SHA384h:
2775  hashType = WC_HASH_TYPE_SHA384;
2776  break;
2777 #endif
2778 #ifdef WOLFSSL_SHA512
2779  case SHA512h:
2780  hashType = WC_HASH_TYPE_SHA512;
2781  break;
2782 #endif
2783  }
2784 
2785  ret = wc_InitRng(&rng);
2786  if (ret != 0)
2787  return ret;
2788 
2789  ret = wc_InitRsaKey(&myKey, NULL);
2790  if (ret == 0) {
2791  ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2792  if (ret == 0) {
2793  ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey,
2794  &rng);
2795  }
2796  if (ret > 0) { /* save and convert to 0 success */
2797  *outSz = ret;
2798  ret = 0;
2799  }
2800  wc_FreeRsaKey(&myKey);
2801  }
2802  wc_FreeRng(&rng);
2803 
2804 #ifdef TEST_PK_PRIVKEY
2805  free(keyBuf);
2806 #endif
2807 
2808  WOLFSSL_PKMSG("PK RSA PSS Sign: ret %d, outSz %d\n", ret, *outSz);
2809 
2810  return ret;
2811 }
2812 
2813 
2814 static WC_INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
2815  byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
2816 {
2817  int ret;
2818  word32 idx = 0;
2819  RsaKey myKey;
2820  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2821  enum wc_HashType hashType = WC_HASH_TYPE_NONE;
2822 
2823  (void)ssl;
2824  (void)cbInfo;
2825 
2826  WOLFSSL_PKMSG("PK RSA PSS Verify: sigSz %d, hash %d, mgf %d, keySz %d\n",
2827  sigSz, hash, mgf, keySz);
2828 
2829  switch (hash) {
2830 #ifndef NO_SHA256
2831  case SHA256h:
2832  hashType = WC_HASH_TYPE_SHA256;
2833  break;
2834 #endif
2835 #ifdef WOLFSSL_SHA384
2836  case SHA384h:
2837  hashType = WC_HASH_TYPE_SHA384;
2838  break;
2839 #endif
2840 #ifdef WOLFSSL_SHA512
2841  case SHA512h:
2842  hashType = WC_HASH_TYPE_SHA512;
2843  break;
2844 #endif
2845  }
2846 
2847  ret = wc_InitRsaKey(&myKey, NULL);
2848  if (ret == 0) {
2849  ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
2850  if (ret == 0) {
2851  ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
2852  &myKey);
2853  }
2854  wc_FreeRsaKey(&myKey);
2855  }
2856 
2857  WOLFSSL_PKMSG("PK RSA PSS Verify: ret %d\n", ret);
2858 
2859  return ret;
2860 }
2861 
2862 static WC_INLINE int myRsaPssSignCheck(WOLFSSL* ssl, byte* sig, word32 sigSz,
2863  byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
2864 {
2865  int ret;
2866  word32 idx = 0;
2867  RsaKey myKey;
2868  byte* keyBuf = (byte*)key;
2869  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2870  enum wc_HashType hashType = WC_HASH_TYPE_NONE;
2871 
2872  (void)ssl;
2873  (void)cbInfo;
2874 
2875  WOLFSSL_PKMSG("PK RSA PSS SignCheck: sigSz %d, hash %d, mgf %d, keySz %d\n",
2876  sigSz, hash, mgf, keySz);
2877 
2878 #ifdef TEST_PK_PRIVKEY
2879  ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2880  if (ret != 0)
2881  return ret;
2882 #endif
2883 
2884  switch (hash) {
2885 #ifndef NO_SHA256
2886  case SHA256h:
2887  hashType = WC_HASH_TYPE_SHA256;
2888  break;
2889 #endif
2890 #ifdef WOLFSSL_SHA384
2891  case SHA384h:
2892  hashType = WC_HASH_TYPE_SHA384;
2893  break;
2894 #endif
2895 #ifdef WOLFSSL_SHA512
2896  case SHA512h:
2897  hashType = WC_HASH_TYPE_SHA512;
2898  break;
2899 #endif
2900  }
2901 
2902  ret = wc_InitRsaKey(&myKey, NULL);
2903  if (ret == 0) {
2904  ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2905  if (ret == 0) {
2906  ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
2907  &myKey);
2908  }
2909  wc_FreeRsaKey(&myKey);
2910  }
2911 
2912 #ifdef TEST_PK_PRIVKEY
2913  free(keyBuf);
2914 #endif
2915 
2916  WOLFSSL_PKMSG("PK RSA PSS SignCheck: ret %d\n", ret);
2917 
2918  return ret;
2919 }
2920 #endif
2921 
2922 
2923 static WC_INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
2924  byte* out, word32* outSz, const byte* key,
2925  word32 keySz, void* ctx)
2926 {
2927  int ret;
2928  word32 idx = 0;
2929  RsaKey myKey;
2930  WC_RNG rng;
2931  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2932 
2933  (void)ssl;
2934  (void)cbInfo;
2935 
2936  WOLFSSL_PKMSG("PK RSA Enc: inSz %d, keySz %d\n", inSz, keySz);
2937 
2938  ret = wc_InitRng(&rng);
2939  if (ret != 0)
2940  return ret;
2941 
2942  ret = wc_InitRsaKey(&myKey, NULL);
2943  if (ret == 0) {
2944  ret = wc_RsaPublicKeyDecode(key, &idx, &myKey, keySz);
2945  if (ret == 0) {
2946  ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, &myKey, &rng);
2947  if (ret > 0) {
2948  *outSz = ret;
2949  ret = 0; /* reset to success */
2950  }
2951  }
2952  wc_FreeRsaKey(&myKey);
2953  }
2954  wc_FreeRng(&rng);
2955 
2956  WOLFSSL_PKMSG("PK RSA Enc: ret %d, outSz %d\n", ret, *outSz);
2957 
2958  return ret;
2959 }
2960 
2961 static WC_INLINE int myRsaDec(WOLFSSL* ssl, byte* in, word32 inSz,
2962  byte** out,
2963  const byte* key, word32 keySz, void* ctx)
2964 {
2965  int ret;
2966  word32 idx = 0;
2967  RsaKey myKey;
2968  byte* keyBuf = (byte*)key;
2969  PkCbInfo* cbInfo = (PkCbInfo*)ctx;
2970 
2971  (void)ssl;
2972  (void)cbInfo;
2973 
2974  WOLFSSL_PKMSG("PK RSA Dec: inSz %d, keySz %d\n", inSz, keySz);
2975 
2976 #ifdef TEST_PK_PRIVKEY
2977  ret = load_key_file(cbInfo->ourKey, &keyBuf, &keySz);
2978  if (ret != 0)
2979  return ret;
2980 #endif
2981 
2982  ret = wc_InitRsaKey(&myKey, NULL);
2983  if (ret == 0) {
2984  ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
2985  if (ret == 0) {
2986  #ifdef WC_RSA_BLINDING
2987  ret = wc_RsaSetRNG(&myKey, wolfSSL_GetRNG(ssl));
2988  if (ret != 0) {
2989  wc_FreeRsaKey(&myKey);
2990  return ret;
2991  }
2992  #endif
2993  ret = wc_RsaPrivateDecryptInline(in, inSz, out, &myKey);
2994  }
2995  wc_FreeRsaKey(&myKey);
2996  }
2997 
2998 #ifdef TEST_PK_PRIVKEY
2999  free(keyBuf);
3000 #endif
3001 
3002  WOLFSSL_PKMSG("PK RSA Dec: ret %d\n", ret);
3003 
3004  return ret;
3005 }
3006 
3007 #endif /* NO_RSA */
3008 
3009 static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx)
3010 {
3011  (void)ctx;
3012 
3013  #ifdef HAVE_ECC
3014  wolfSSL_CTX_SetEccKeyGenCb(ctx, myEccKeyGen);
3015  wolfSSL_CTX_SetEccSignCb(ctx, myEccSign);
3016  wolfSSL_CTX_SetEccVerifyCb(ctx, myEccVerify);
3017  wolfSSL_CTX_SetEccSharedSecretCb(ctx, myEccSharedSecret);
3018  #endif /* HAVE_ECC */
3019  #ifndef NO_DH
3020  wolfSSL_CTX_SetDhAgreeCb(ctx, myDhCallback);
3021  #endif
3022  #ifdef HAVE_ED25519
3023  wolfSSL_CTX_SetEd25519SignCb(ctx, myEd25519Sign);
3024  wolfSSL_CTX_SetEd25519VerifyCb(ctx, myEd25519Verify);
3025  #endif
3026  #ifdef HAVE_CURVE25519
3027  wolfSSL_CTX_SetX25519KeyGenCb(ctx, myX25519KeyGen);
3028  wolfSSL_CTX_SetX25519SharedSecretCb(ctx, myX25519SharedSecret);
3029  #endif
3030  #ifndef NO_RSA
3031  wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
3032  wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
3033  wolfSSL_CTX_SetRsaSignCheckCb(ctx, myRsaSignCheck);
3034  #ifdef WC_RSA_PSS
3035  wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign);
3036  wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify);
3037  wolfSSL_CTX_SetRsaPssSignCheckCb(ctx, myRsaPssSignCheck);
3038  #endif
3039  wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
3040  wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec);
3041  #endif /* NO_RSA */
3042 }
3043 
3044 static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx)
3045 {
3046  #ifdef HAVE_ECC
3047  wolfSSL_SetEccKeyGenCtx(ssl, myCtx);
3048  wolfSSL_SetEccSignCtx(ssl, myCtx);
3049  wolfSSL_SetEccVerifyCtx(ssl, myCtx);
3050  wolfSSL_SetEccSharedSecretCtx(ssl, myCtx);
3051  #endif /* HAVE_ECC */
3052  #ifndef NO_DH
3053  wolfSSL_SetDhAgreeCtx(ssl, myCtx);
3054  #endif
3055  #ifdef HAVE_ED25519
3056  wolfSSL_SetEd25519SignCtx(ssl, myCtx);
3057  wolfSSL_SetEd25519VerifyCtx(ssl, myCtx);
3058  #endif
3059  #ifdef HAVE_CURVE25519
3060  wolfSSL_SetX25519KeyGenCtx(ssl, myCtx);
3061  wolfSSL_SetX25519SharedSecretCtx(ssl, myCtx);
3062  #endif
3063  #ifndef NO_RSA
3064  wolfSSL_SetRsaSignCtx(ssl, myCtx);
3065  wolfSSL_SetRsaVerifyCtx(ssl, myCtx);
3066  #ifdef WC_RSA_PSS
3067  wolfSSL_SetRsaPssSignCtx(ssl, myCtx);
3068  wolfSSL_SetRsaPssVerifyCtx(ssl, myCtx);
3069  #endif
3070  wolfSSL_SetRsaEncCtx(ssl, myCtx);
3071  wolfSSL_SetRsaDecCtx(ssl, myCtx);
3072  #endif /* NO_RSA */
3073 }
3074 
3075 #endif /* HAVE_PK_CALLBACKS */
3076 
3077 
3078 
3079 
3080 #if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \
3081  || defined(_MSC_VER)
3082 
3083 /* HP/UX doesn't have strsep, needed by test/suites.c */
3084 static WC_INLINE char* strsep(char **stringp, const char *delim)
3085 {
3086  char* start;
3087  char* end;
3088 
3089  start = *stringp;
3090  if (start == NULL)
3091  return NULL;
3092 
3093  if ((end = strpbrk(start, delim))) {
3094  *end++ = '\0';
3095  *stringp = end;
3096  } else {
3097  *stringp = NULL;
3098  }
3099 
3100  return start;
3101 }
3102 
3103 #endif /* __hpux__ and others */
3104 
3105 /* Create unique filename, len is length of tempfn name, assuming
3106  len does not include null terminating character,
3107  num is number of characters in tempfn name to randomize */
3108 static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
3109 {
3110  int x, size;
3111  static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
3112  "abcdefghijklmnopqrstuvwxyz";
3113  WC_RNG rng;
3114  byte out;
3115 
3116  if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
3117  printf("Bad input\n");
3118  return NULL;
3119  }
3120 
3121  size = len - 1;
3122 
3123  if (wc_InitRng(&rng) != 0) {
3124  printf("InitRng failed\n");
3125  return NULL;
3126  }
3127 
3128  for (x = size; x > size - num; x--) {
3129  if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
3130  printf("RNG_GenerateBlock failed\n");
3131  return NULL;
3132  }
3133  tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
3134  }
3135  tempfn[len] = '\0';
3136 
3137  wc_FreeRng(&rng);
3138  (void)rng; /* for WC_NO_RNG case */
3139 
3140  return tempfn;
3141 }
3142 
3143 
3144 
3145 #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
3146  defined(HAVE_POLY1305)
3147 
3149 
3150  typedef struct key_ctx {
3151  byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
3152  byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */
3153  } key_ctx;
3154 
3155  static THREAD_LS_T key_ctx myKey_ctx;
3156  static THREAD_LS_T WC_RNG myKey_rng;
3157 
3158  static WC_INLINE int TicketInit(void)
3159  {
3160  int ret = wc_InitRng(&myKey_rng);
3161  if (ret != 0) return ret;
3162 
3163  ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.key, sizeof(myKey_ctx.key));
3164  if (ret != 0) return ret;
3165 
3166  ret = wc_RNG_GenerateBlock(&myKey_rng, myKey_ctx.name,sizeof(myKey_ctx.name));
3167  if (ret != 0) return ret;
3168 
3169  return 0;
3170  }
3171 
3172  static WC_INLINE void TicketCleanup(void)
3173  {
3174  wc_FreeRng(&myKey_rng);
3175  }
3176 
3177  static WC_INLINE int myTicketEncCb(WOLFSSL* ssl,
3178  byte key_name[WOLFSSL_TICKET_NAME_SZ],
3179  byte iv[WOLFSSL_TICKET_IV_SZ],
3180  byte mac[WOLFSSL_TICKET_MAC_SZ],
3181  int enc, byte* ticket, int inLen, int* outLen,
3182  void* userCtx)
3183  {
3184  (void)ssl;
3185  (void)userCtx;
3186 
3187  int ret;
3188  word16 sLen = XHTONS(inLen);
3189  byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
3190  int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
3191  byte* tmp = aad;
3192 
3193  if (enc) {
3194  XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
3195 
3196  ret = wc_RNG_GenerateBlock(&myKey_rng, iv, WOLFSSL_TICKET_IV_SZ);
3197  if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
3198 
3199  /* build aad from key name, iv, and length */
3200  XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
3201  tmp += WOLFSSL_TICKET_NAME_SZ;
3202  XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
3203  tmp += WOLFSSL_TICKET_IV_SZ;
3204  XMEMCPY(tmp, &sLen, 2);
3205 
3206  ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
3207  aad, aadSz,
3208  ticket, inLen,
3209  ticket,
3210  mac);
3211  if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
3212  *outLen = inLen; /* no padding in this mode */
3213  } else {
3214  /* decrypt */
3215 
3216  /* see if we know this key */
3217  if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
3218  printf("client presented unknown ticket key name ");
3219  return WOLFSSL_TICKET_RET_FATAL;
3220  }
3221 
3222  /* build aad from key name, iv, and length */
3223  XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
3224  tmp += WOLFSSL_TICKET_NAME_SZ;
3225  XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
3226  tmp += WOLFSSL_TICKET_IV_SZ;
3227  XMEMCPY(tmp, &sLen, 2);
3228 
3229  ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
3230  aad, aadSz,
3231  ticket, inLen,
3232  mac,
3233  ticket);
3234  if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
3235  *outLen = inLen; /* no padding in this mode */
3236  }
3237 
3238  return WOLFSSL_TICKET_RET_OK;
3239  }
3240 
3241 #endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
3242 
3243 static WC_INLINE word16 GetRandomPort(void)
3244 {
3245  word16 port = 0;
3246 
3247  /* Generate random port for testing */
3248  WC_RNG rng;
3249  if (wc_InitRng(&rng) == 0) {
3250  if (wc_RNG_GenerateBlock(&rng, (byte*)&port, sizeof(port)) == 0) {
3251  port |= 0xC000; /* Make sure its in the 49152 - 65535 range */
3252  }
3253  wc_FreeRng(&rng);
3254  }
3255  (void)rng; /* for WC_NO_RNG case */
3256  return port;
3257 }
3258 
3259 #endif /* wolfSSL_TEST_H */
Definition: wolfssl_MDK_ARM.h:46
Definition: test.h:342
WOLFSSL_API int wc_AesCbcDecrypt(Aes *aes, byte *out, const byte *in, word32 sz)
Decrypts a cipher from the input buffer in, and places the resulting plain text in the output buffer ...
Definition: aes.c:2412
WOLFSSL_API WOLFSSL_CIPHER * wolfSSL_get_current_cipher(WOLFSSL *)
This function returns a pointer to the current cipher in the ssl session.
Definition: ssl.c:16268
WOLFSSL_API const unsigned char * wolfSSL_GetMacSecret(WOLFSSL *, int)
Allows retrieval of the Hmac/Mac secret from the handshake process. The verify parameter specifies wh...
Definition: ssl.c:2912
WOLFSSL_API int wolfSSL_GetKeySize(WOLFSSL *)
Allows retrieval of the key size from the handshake process.
Definition: ssl.c:3015
WOLFSSL_API void * wolfSSL_GetMacEncryptCtx(WOLFSSL *ssl)
Allows caller to retrieve the Atomic User Record Processing Mac/Encrypt Callback Context previously s...
Definition: ssl.c:2948
WOLFSSL_API int wc_FreeRsaKey(RsaKey *key)
This function frees a provided RsaKey struct using mp_clear.
Definition: rsa.c:437
WOLFSSL_API void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX *, CallbackMacEncrypt)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback. The callback should retu...
Definition: ssl.c:2934
WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a certificate buffer into the WOLFSSL Context. It behaves like the non-buffered v...
Definition: ssl.c:11237
Definition: memory.h:142
WOLFSSL_API int wc_DhAgree(DhKey *key, byte *agree, word32 *agreeSz, const byte *priv, word32 privSz, const byte *otherPub, word32 pubSz)
This function generates an agreed upon secret key based on a local private key and a received public ...
Definition: dh.c:1959
WOLFSSL_API const unsigned char * wolfSSL_GetClientWriteKey(WOLFSSL *)
Allows retrieval of the client write key from the handshake process.
Definition: ssl.c:2980
WOLFSSL_API int wc_ed25519_verify_msg(const byte *sig, word32 siglen, const byte *msg, word32 msglen, int *stat, ed25519_key *key)
This function verifies the ed25519 signature of a message to ensure authenticity. It returns the answ...
Definition: ed25519.c:233
WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL *, const unsigned char *, long, int)
This function loads a certificate buffer into the WOLFSSL object. It behaves like the non-buffered ve...
Definition: ssl.c:11394
WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME *, int, char *, int)
This function gets the text related to the passed in NID value.
Definition: ssl.c:16453
WOLFSSL_API int wc_ed25519_import_public(const byte *in, word32 inLen, ed25519_key *key)
This function imports a public ed25519_key pair from a buffer containing the public key...
Definition: ed25519.c:368
WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509 *, unsigned char *, int *)
Retrieves the peer’s certificate serial number. The serial number buffer (in) should be at least 32 ...
Definition: ssl.c:15332
WOLFSSL_API int wc_HmacSetKey(Hmac *, int type, const byte *key, word32 keySz)
This function initializes an Hmac object, setting its encryption type, key and HMAC length...
Definition: hmac.c:293
WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN *, int idx, unsigned char *buf, int inLen, int *outLen)
Retrieves the peer’s PEM certificate at index (idx).
Definition: test.h:76
WOLFSSL_API int wc_KeyPemToDer(const unsigned char *, int, unsigned char *, int, const char *)
Converts a key in PEM format to DER format.
Definition: asn.c:9179
WOLFSSL_API int wc_ed25519_sign_msg(const byte *in, word32 inlen, byte *out, word32 *outlen, ed25519_key *key)
This function signs a message digest using an ed25519_key object to guarantee authenticity.
Definition: ed25519.c:128
WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL *, void *, unsigned int)
This function sets the DTLS peer, peer (sockaddr_in) with size of peerSz.
Definition: ssl.c:758
WOLFSSL_API void * wolfSSL_GetDecryptVerifyCtx(WOLFSSL *ssl)
Allows caller to retrieve the Atomic User Record Processing Decrypt/Verify Callback Context previousl...
Definition: ssl.c:2971
WOLFSSL_API int wc_ecc_free(ecc_key *key)
This function frees an ecc_key object after it has been used.
Definition: ecc.c:4805
WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG *, byte *, word32 sz)
Copies a sz bytes of pseudorandom data to output. Will reseed rng if needed (blocking).
Definition: random.c:838
WOLFSSL_API int wolfSSL_GetCipherBlockSize(WOLFSSL *)
Allows caller to determine the negotiated cipher block size from the handshake.
Definition: ssl.c:3058
Definition: test.h:2218
WOLFSSL_API int wc_ecc_export_x963(ecc_key *, byte *out, word32 *outLen)
This function exports the ECC key from the ecc_key structure, storing the result in out...
Definition: ecc.c:5855
WOLFSSL_API int wc_AesCbcEncrypt(Aes *aes, byte *out, const byte *in, word32 sz)
Encrypts a plaintext message from the input buffer in, and places the resulting cipher text in the ou...
Definition: aes.c:2368
WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL *)
Returns the value of dhKeySz that is a member of the options structure. This value represents the Dif...
Definition: ssl.c:1673
WOLFSSL_API int wc_RsaPublicEncrypt(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng)
This function encrypts a message from in and stores the result in out. It requires an initialized pub...
Definition: rsa.c:2565
Definition: internal.h:2494
WOLFSSL_API WOLFSSL_X509_NAME * wolfSSL_X509_get_issuer_name(WOLFSSL_X509 *)
This function returns the name of the certificate issuer.
Definition: ssl.c:16413
WOLFSSL_API int wolfSSL_GetCipherType(WOLFSSL *)
Allows caller to determine the negotiated cipher type from the handshake.
Definition: ssl.c:3042
Definition: aes.h:130
Definition: test.h:1975
WOLFSSL_API int wc_HmacFinal(Hmac *, byte *)
This function computes the final hash of an Hmac object&#39;s message.
Definition: hmac.c:804
WOLFSSL_API int wolfSSL_GetSide(WOLFSSL *)
Allows retrieval of the side of this WOLFSSL connection.
Definition: ssl.c:3088
WOLFSSL_API char * wolfSSL_ERR_error_string(unsigned long, char *)
This function converts an error code returned by wolfSSL_get_error() into a more human-readable error...
Definition: ssl.c:2802
WOLFSSL_API int wolfSSL_GetAeadMacSize(WOLFSSL *)
Allows caller to determine the negotiated aead mac size from the handshake. For cipher type WOLFSSL_A...
Definition: ssl.c:3067
WOLFSSL_API WOLFSSL_X509 * wolfSSL_get_peer_certificate(WOLFSSL *ssl)
This function gets the peer’s certificate.
Definition: ssl.c:15135
WOLFSSL_API int wc_RsaSSL_VerifyInline(byte *in, word32 inLen, byte **out, RsaKey *key)
Used to verify that the message was signed by RSA key. The output uses the same byte array as the inp...
Definition: rsa.c:2646
WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte *input, word32 *inOutIdx, RsaKey *, word32)
This function parses a DER-formatted RSA private key, extracts the private key and stores it in the g...
Definition: asn.c:2236
WOLFSSL_API int wc_curve25519_make_key(WC_RNG *rng, int keysize, curve25519_key *key)
This function generates a curve25519 key using the given random number generator, rng...
Definition: curve25519.c:54
WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL *, const unsigned char *, long, int)
This function loads a private key buffer into the WOLFSSL object. It behaves like the non-buffered ve...
Definition: ssl.c:11402
WOLFSSL_API int wc_InitRng(WC_RNG *)
Gets the seed (from OS) and key cipher for rng. rng->drbg (deterministic random bit generator) alloca...
Definition: random.c:812
WOLFSSL_API int wc_RsaPublicKeyDecode(const byte *input, word32 *inOutIdx, RsaKey *, word32)
This function parses a DER-formatted RSA public key, extracts the public key and stores it in the giv...
Definition: asn.c:3897
Definition: ssl.h:347
Definition: client.py:1
WOLFSSL_API void wc_curve25519_free(curve25519_key *key)
This function frees a curve 25519 object.
Definition: curve25519.c:430
WOLFSSL_API void wolfSSL_SetMacEncryptCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback Context to ctx...
Definition: ssl.c:2941
WOLFSSL_API int wc_ed25519_init(ed25519_key *key)
This function initializes an ed25519_key object for future use with message verification.
Definition: ed25519.c:309
WOLFSSL_API int wc_curve25519_export_public_ex(curve25519_key *key, byte *out, word32 *outLen, int endian)
This function exports a public key from the given key structure and stores the result in the out buff...
Definition: curve25519.c:186
Definition: hmac.h:143
Definition: dh.h:60
Definition: internal.h:3392
WOLFSSL_API int wc_curve25519_import_public_ex(const byte *in, word32 inLen, curve25519_key *key, int endian)
This function imports a public key from the given in buffer and stores it in the curve25519_key struc...
Definition: curve25519.c:226
WOLFSSL_API int wolfSSL_SetTlsHmacInner(WOLFSSL *, unsigned char *, word32, int, int)
Allows caller to set the Hmac Inner vector for message sending/receiving. The result is written to in...
Definition: tls.c:711
WOLFSSL_API WOLFSSL_X509 * wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN *, int idx)
This function gets the peer’s wolfSSL_X509_certificate at index (idx) from the chain of certificates...
Definition: internal.h:2945
Definition: test.h:3150
Definition: ssl.h:352
WOLFSSL_API int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX *, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
Sets the parameters for the server CTX Diffie-Hellman.
Definition: ssl.c:1568
WOLFSSL_API int wc_RsaSSL_Sign(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng)
Signs the provided array with the private key.
Definition: rsa.c:2941
WOLFSSL_API void XFREE(void *p, void *heap, int type)
This is not actually a function, but rather a preprocessor macro, which allows the user to substitute...
Definition: memory.c:1015
Definition: wolfssl_MDK_ARM.h:51
WOLFSSL_API int wc_curve25519_shared_secret_ex(curve25519_key *private_key, curve25519_key *public_key, byte *out, word32 *outlen, int endian)
This function computes a shared secret key given a secret private key and a received public key...
Definition: curve25519.c:109
WOLFSSL_API const char * wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER *cipher)
This function matches the cipher suite in the SSL object with the available suites and returns the st...
Definition: ssl.c:16278
WOLFSSL_API int wolfSSL_GetBulkCipher(WOLFSSL *)
Allows caller to determine the negotiated bulk cipher algorithm from the handshake.
Definition: ssl.c:3033
WOLFSSL_API int wc_HmacUpdate(Hmac *, const byte *, word32)
This function updates the message to authenticate using HMAC. It should be called after the Hmac obje...
Definition: hmac.c:695
WOLFSSL_API int wc_ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, byte *out, word32 *outlen)
This function generates a new secret key using a local private key and a received public key...
Definition: ecc.c:3374
WOLFSSL_API void wc_ed25519_free(ed25519_key *key)
This function frees an ed25519 object after it has been used.
Definition: ed25519.c:325
WOLFSSL_API int wc_ChaCha20Poly1305_Decrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, const word32 inAADLen, const byte *inCiphertext, const word32 inCiphertextLen, const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte *outPlaintext)
This function decrypts input ciphertext, inCiphertext, using the ChaCha20 stream cipher, into the output buffer, outPlaintext. It also performs Poly-1305 authentication, comparing the given inAuthTag to an authentication generated with the inAAD (arbitrary length additional authentication data). Note: If the generated authentication tag does not match the supplied authentication tag, the text is not decrypted.
Definition: chacha20_poly1305.c:110
WOLFSSL_API const unsigned char * wolfSSL_GetServerWriteKey(WOLFSSL *)
Allows retrieval of the server write key from the handshake process.
Definition: ssl.c:2998
WOLFSSL_API const unsigned char * wolfSSL_GetServerWriteIV(WOLFSSL *)
Allows retrieval of the server write IV (initialization vector) from the handshake process...
Definition: ssl.c:3007
WOLFSSL_API int wc_InitRsaKey(RsaKey *key, void *heap)
This function initializes a provided RsaKey struct. It also takes in a heap identifier, for use with user defined memory overrides (see XMALLOC, XFREE, XREALLOC).
Definition: rsa.c:333
WOLFSSL_API void wolfSSL_SetDecryptVerifyCtx(WOLFSSL *ssl, void *ctx)
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback Context to ctx...
Definition: ssl.c:2964
Definition: internal.h:1791
WOLFSSL_API int wolfSSL_isQSH(WOLFSSL *ssl)
Checks if QSH is used in the supplied SSL session.
Definition: ssl.c:2196
Definition: ecc.h:341
WOLFSSL_API int wc_ecc_verify_hash(const byte *sig, word32 siglen, const byte *hash, word32 hashlen, int *stat, ecc_key *key)
This function verifies the ECC signature of a hash to ensure authenticity. It returns the answer thro...
Definition: ecc.c:5166
WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl)
This is used to get the results after trying to verify the peer&#39;s certificate.
Definition: ssl.c:20938
WOLFSSL_API int wc_EccPublicKeyDecode(const byte *, word32 *, ecc_key *, word32)
Decodes an ECC public key from an input buffer. It will parse an ASN sequence to retrieve the ECC key...
Definition: asn.c:13531
WOLFSSL_API void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX *, CallbackDecryptVerify)
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback. The callback should r...
Definition: ssl.c:2957
Definition: random.h:153
WOLFSSL_API int wolfSSL_GetHmacSize(WOLFSSL *)
Allows caller to determine the negotiated (h)mac size from the handshake. For cipher types except WOL...
Definition: ssl.c:3097
WOLFSSL_API int wc_EccPrivateKeyDecode(const byte *, word32 *, ecc_key *, word32)
This function reads in an ECC private key from the input buffer, input, parses the private key...
Definition: asn.c:13363
Definition: internal.h:1571
WOLFSSL_API int wc_AesSetKey(Aes *aes, const byte *key, word32 len, const byte *iv, int dir)
This function initializes an AES structure by setting the key and then setting the initialization vec...
Definition: aes.c:1781
WOLFSSL_API int wolfSSL_GetHmacType(WOLFSSL *)
Allows caller to determine the negotiated (h)mac type from the handshake. For cipher types except WOL...
Definition: tls.c:666
WOLFSSL_API char * wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME *, char *, int)
This function copies the name of the x509 into a buffer.
Definition: ssl.c:15186
Definition: internal.h:1596
WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a CA certificate buffer into the WOLFSSL Context. It behaves like the non-buffere...
Definition: ssl.c:11191
WOLFSSL_API int wolfSSL_SetTmpDH(WOLFSSL *, const unsigned char *p, int pSz, const unsigned char *g, int gSz)
Server Diffie-Hellman Ephemeral parameters setting. This function sets up the group parameters to be ...
Definition: ssl.c:1466
WOLFSSL_API WOLFSSL_X509_NAME * wolfSSL_X509_get_subject_name(WOLFSSL_X509 *)
This function returns the subject member of the WOLFSSL_X509 structure.
Definition: ssl.c:16403
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX *, const unsigned char *, long, int)
This function loads a private key buffer into the SSL Context. It behaves like the non-buffered versi...
Definition: ssl.c:11245
Definition: ed25519.h:72
WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c)
This is used to set the internal file pointer for a BIO.
Definition: bio.c:1067
WOLFSSL_API char * wolfSSL_X509_get_next_altname(WOLFSSL_X509 *)
This function returns the next, if any, altname from the peer certificate.
Definition: ssl.c:15280
Definition: internal.h:2952
WOLFSSL_API int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN *chain)
Retrieve&#39;s the peers certificate chain count.
WOLFSSL_API int wc_ecc_init(ecc_key *key)
This function initializes an ecc_key object for future use with message verification or key negotiati...
Definition: ecc.c:4187
WOLFSSL_API const char * wolfSSL_get_version(WOLFSSL *)
Returns the SSL version being used as a string.
Definition: ssl.c:16189
WOLFSSL_API int wc_curve25519_init(curve25519_key *key)
This function initializes a curve25519 key. It should be called before generating a key for the struc...
Definition: curve25519.c:411
Definition: user_rsa.h:60
WOLFSSL_API int wc_ecc_sign_hash(const byte *in, word32 inlen, byte *out, word32 *outlen, WC_RNG *rng, ecc_key *key)
This function signs a message digest using an ecc_key object to guarantee authenticity.
Definition: ecc.c:4318
WOLFSSL_API const unsigned char * wolfSSL_GetClientWriteIV(WOLFSSL *)
Allows retrieval of the client write IV (initialization vector) from the handshake process...
Definition: ssl.c:2989
Definition: curve25519.h:64
WOLFSSL_API int wolfSSL_IsTLSv1_1(WOLFSSL *)
Allows caller to determine if the negotiated protocol version is at least TLS version 1...
Definition: ssl.c:3076
WOLFSSL_API WOLFSSL_X509_CHAIN * wolfSSL_get_peer_chain(WOLFSSL *ssl)
Retrieves the peer’s certificate chain.
Definition: internal.h:3622
WOLFSSL_API int wc_FreeRng(WC_RNG *)
Should be called when RNG no longer needed in order to securely free drgb. Zeros and XFREEs rng-drbg...
Definition: random.c:939
Definition: test.h:382
WOLFSSL_API int wolfSSL_session_reused(WOLFSSL *)
This function returns the resuming member of the options struct. The flag indicates whether or not to...
Definition: ssl.c:16160
WOLFSSL_API int wc_ChaCha20Poly1305_Encrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, const word32 inAADLen, const byte *inPlaintext, const word32 inPlaintextLen, byte *outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE])
This function encrypts an input message, inPlaintext, using the ChaCha20 stream cipher, into the output buffer, outCiphertext. It also performs Poly-1305 authentication (on the cipher text), and stores the generated authentication tag in the output buffer, outAuthTag.
Definition: chacha20_poly1305.c:59
WOLFSSL_API int wc_RsaPrivateDecryptInline(byte *in, word32 inLen, byte **out, RsaKey *key)
This functions is utilized by the wc_RsaPrivateDecrypt function for decrypting.
Definition: rsa.c:2588
Definition: test.h:1982