mirror of https://github.com/wolfSSL/wolfssl
Merge branch 'master' of ssh://github.com/wolfSSL/wolfssl
This commit is contained in:
commit
317e7fdb08
|
@ -141,6 +141,7 @@ static void Usage(void)
|
|||
printf("-m Match domain name in cert\n");
|
||||
printf("-N Use Non-blocking sockets\n");
|
||||
printf("-r Resume session\n");
|
||||
printf("-w Wait for bidirectional shutdown\n");
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
printf("-R Allow Secure Renegotiation\n");
|
||||
printf("-i Force client Initiated Secure Renegotiation\n");
|
||||
|
@ -207,6 +208,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||
int doPeerCheck = 1;
|
||||
int nonBlocking = 0;
|
||||
int resumeSession = 0;
|
||||
int shutdown = 0;
|
||||
int ret;
|
||||
int scr = 0; /* allow secure renegotiation */
|
||||
int forceScr = 0; /* force client initiaed scr */
|
||||
int trackMemory = 0;
|
||||
|
@ -258,7 +261,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||
StackTrap();
|
||||
|
||||
while ((ch = mygetopt(argc, argv,
|
||||
"?gdDusmNrRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
|
||||
"?gdDusmNrwRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
Usage();
|
||||
|
@ -367,6 +370,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||
resumeSession = 1;
|
||||
break;
|
||||
|
||||
case 'w' :
|
||||
shutdown = 1;
|
||||
break;
|
||||
|
||||
case 'R' :
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
scr = 1;
|
||||
|
@ -802,8 +809,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||
}
|
||||
#endif
|
||||
|
||||
if (doDTLS == 0) /* don't send alert after "break" command */
|
||||
wolfSSL_shutdown(ssl); /* echoserver will interpret as new conn */
|
||||
if (doDTLS == 0) { /* don't send alert after "break" command */
|
||||
ret = wolfSSL_shutdown(ssl);
|
||||
if (shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
|
||||
wolfSSL_shutdown(ssl); /* bidirectional shutdown */
|
||||
}
|
||||
#ifdef ATOMIC_USER
|
||||
if (atomicUser)
|
||||
FreeAtomicUser(ssl);
|
||||
|
@ -879,7 +889,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||
/* try to send session break */
|
||||
wolfSSL_write(sslResume, msg, msgSz);
|
||||
|
||||
wolfSSL_shutdown(sslResume);
|
||||
ret = wolfSSL_shutdown(sslResume);
|
||||
if (shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
|
||||
wolfSSL_shutdown(sslResume); /* bidirectional shutdown */
|
||||
|
||||
wolfSSL_free(sslResume);
|
||||
CloseSocket(sockfd);
|
||||
}
|
||||
|
|
|
@ -135,6 +135,7 @@ static void Usage(void)
|
|||
printf("-r Create server ready file, for external monitor\n");
|
||||
printf("-N Use Non-blocking sockets\n");
|
||||
printf("-S <str> Use Host Name Indication\n");
|
||||
printf("-w Wait for bidirectional shutdown\n");
|
||||
#ifdef HAVE_OCSP
|
||||
printf("-o Perform OCSP lookup on peer certificate\n");
|
||||
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
|
||||
|
@ -173,6 +174,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
int fewerPackets = 0;
|
||||
int pkCallbacks = 0;
|
||||
int serverReadyFile = 0;
|
||||
int shutdown = 0;
|
||||
int ret;
|
||||
char* cipherList = NULL;
|
||||
const char* verifyCert = cliCert;
|
||||
const char* ourCert = svrCert;
|
||||
|
@ -203,7 +206,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
fdOpenSession(Task_self());
|
||||
#endif
|
||||
|
||||
while ((ch = mygetopt(argc, argv, "?dbstnNufraPp:v:l:A:c:k:S:oO:")) != -1) {
|
||||
while ((ch = mygetopt(argc, argv, "?dbstnNufrawPp:v:l:A:c:k:S:oO:")) != -1) {
|
||||
switch (ch) {
|
||||
case '?' :
|
||||
Usage();
|
||||
|
@ -257,6 +260,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
#endif
|
||||
break;
|
||||
|
||||
case 'w' :
|
||||
shutdown = 1;
|
||||
break;
|
||||
|
||||
case 'v' :
|
||||
version = atoi(myoptarg);
|
||||
if (version < 0 || version > 3) {
|
||||
|
@ -560,7 +567,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||
Task_yield();
|
||||
#endif
|
||||
|
||||
SSL_shutdown(ssl);
|
||||
ret = SSL_shutdown(ssl);
|
||||
if (shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
|
||||
SSL_shutdown(ssl); /* bidirectional shutdown */
|
||||
SSL_free(ssl);
|
||||
SSL_CTX_free(ctx);
|
||||
|
||||
|
|
|
@ -6352,7 +6352,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
|
|||
ssl->options.closeNotify = 1;
|
||||
}
|
||||
WOLFSSL_ERROR(*type);
|
||||
|
||||
if (ssl->keys.encryptionOn) {
|
||||
if (*inOutIdx + ssl->keys.padSz > totalSz)
|
||||
return BUFFER_E;
|
||||
|
|
25
src/ssl.c
25
src/ssl.c
|
@ -917,6 +917,8 @@ int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
|
|||
/* SSL_SUCCESS on ok */
|
||||
int wolfSSL_shutdown(WOLFSSL* ssl)
|
||||
{
|
||||
int ret = SSL_FATAL_ERROR;
|
||||
byte tmp;
|
||||
WOLFSSL_ENTER("SSL_shutdown()");
|
||||
|
||||
if (ssl == NULL)
|
||||
|
@ -936,13 +938,30 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
|
|||
return SSL_FATAL_ERROR;
|
||||
}
|
||||
ssl->options.sentNotify = 1; /* don't send close_notify twice */
|
||||
if (ssl->options.closeNotify)
|
||||
ret = SSL_SUCCESS;
|
||||
else
|
||||
ret = SSL_SHUTDOWN_NOT_DONE;
|
||||
|
||||
WOLFSSL_LEAVE("SSL_shutdown()", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
WOLFSSL_LEAVE("SSL_shutdown()", ssl->error);
|
||||
/* call wolfSSL_shutdown again for bidirectional shudown */
|
||||
if (ssl->options.sentNotify && !ssl->options.closeNotify) {
|
||||
ret = wolfSSL_read(ssl, &tmp, 0);
|
||||
if (ret < 0) {
|
||||
WOLFSSL_ERROR(ssl->error);
|
||||
ret = SSL_FATAL_ERROR;
|
||||
} else if (ssl->options.closeNotify) {
|
||||
ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
|
||||
ret = SSL_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
|
||||
WOLFSSL_LEAVE("SSL_shutdown()", ret);
|
||||
|
||||
return SSL_SUCCESS;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -47,12 +47,7 @@ enum {
|
|||
NUMARGS = 3
|
||||
};
|
||||
|
||||
#ifndef USE_WINDOWS_API
|
||||
static const char outputName[] = "/tmp/output";
|
||||
#else
|
||||
static const char outputName[] = "output";
|
||||
#endif
|
||||
|
||||
static const char *outputName;
|
||||
|
||||
int myoptind = 0;
|
||||
char* myoptarg = NULL;
|
||||
|
@ -77,6 +72,16 @@ int testsuite_test(int argc, char** argv)
|
|||
tcp_ready ready;
|
||||
THREAD_TYPE serverThread;
|
||||
|
||||
#ifndef USE_WINDOWS_API
|
||||
char tempName[] = "/tmp/output-XXXXXX";
|
||||
int len = 18;
|
||||
int num = 6;
|
||||
#else
|
||||
char tempName[] = "fnXXXXXX";
|
||||
int len = 8;
|
||||
int num = 6;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
|
||||
if (ret != 0)
|
||||
|
@ -136,6 +141,13 @@ int testsuite_test(int argc, char** argv)
|
|||
echo_args.argc = 3;
|
||||
echo_args.argv = myArgv;
|
||||
|
||||
/* Create unique file name */
|
||||
outputName = mymktemp(tempName, len, num);
|
||||
if (outputName == NULL) {
|
||||
printf("Could not create unique file name");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
strcpy(echo_args.argv[0], "echoclient");
|
||||
strcpy(echo_args.argv[1], "input");
|
||||
strcpy(echo_args.argv[2], outputName);
|
||||
|
|
|
@ -3179,30 +3179,49 @@ int rsa_test(void)
|
|||
wc_RsaInitCavium(&key, CAVIUM_DEV_ID);
|
||||
#endif
|
||||
ret = wc_InitRsaKey(&key, 0);
|
||||
if (ret != 0) return -39;
|
||||
if (ret != 0) {
|
||||
free(tmp);
|
||||
return -39;
|
||||
}
|
||||
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
|
||||
if (ret != 0) return -41;
|
||||
|
||||
if (ret != 0) {
|
||||
free(tmp);
|
||||
return -41;
|
||||
}
|
||||
ret = wc_InitRng(&rng);
|
||||
if (ret != 0) return -42;
|
||||
|
||||
if (ret != 0) {
|
||||
free(tmp);
|
||||
return -42;
|
||||
}
|
||||
ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
|
||||
if (ret < 0) return -43;
|
||||
|
||||
if (ret < 0) {
|
||||
free(tmp);
|
||||
return -43;
|
||||
}
|
||||
ret = wc_RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key);
|
||||
if (ret < 0) return -44;
|
||||
|
||||
if (memcmp(plain, in, inLen)) return -45;
|
||||
|
||||
if (ret < 0) {
|
||||
free(tmp);
|
||||
return -44;
|
||||
}
|
||||
if (memcmp(plain, in, inLen)) {
|
||||
free(tmp);
|
||||
return -45;
|
||||
}
|
||||
ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
|
||||
if (ret < 0) return -46;
|
||||
|
||||
if (ret < 0) {
|
||||
free(tmp);
|
||||
return -46;
|
||||
}
|
||||
memset(plain, 0, sizeof(plain));
|
||||
ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
|
||||
if (ret < 0) return -47;
|
||||
|
||||
if (memcmp(plain, in, ret)) return -48;
|
||||
|
||||
if (ret < 0) {
|
||||
free(tmp);
|
||||
return -47;
|
||||
}
|
||||
if (memcmp(plain, in, ret)) {
|
||||
free(tmp);
|
||||
return -48;
|
||||
}
|
||||
#if defined(WOLFSSL_MDK_ARM)
|
||||
#define sizeof(s) strlen((char *)(s))
|
||||
#endif
|
||||
|
@ -3215,8 +3234,10 @@ int rsa_test(void)
|
|||
bytes = sizeof_client_cert_der_2048;
|
||||
#else
|
||||
file2 = fopen(clientCert, "rb");
|
||||
if (!file2)
|
||||
if (!file2) {
|
||||
free(tmp);
|
||||
return -49;
|
||||
}
|
||||
|
||||
bytes = fread(tmp, 1, FOURK_BUF, file2);
|
||||
fclose(file2);
|
||||
|
|
|
@ -644,6 +644,7 @@ enum { /* ssl Constants */
|
|||
SSL_ERROR_NONE = 0, /* for most functions */
|
||||
SSL_FAILURE = 0, /* for some functions */
|
||||
SSL_SUCCESS = 1,
|
||||
SSL_SHUTDOWN_NOT_DONE = 2, /* call wolfSSL_shutdown again to complete */
|
||||
|
||||
SSL_BAD_CERTTYPE = -8,
|
||||
SSL_BAD_STAT = -7,
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
#include <cyassl/ssl.h> /* portability layer */
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
#ifdef ATOMIC_USER
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
|
@ -17,7 +18,6 @@
|
|||
#include <wolfssl/wolfcrypt/hmac.h>
|
||||
#endif
|
||||
#ifdef HAVE_PK_CALLBACKS
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/wolfcrypt/asn.h>
|
||||
#ifdef HAVE_ECC
|
||||
#include <wolfssl/wolfcrypt/ecc.h>
|
||||
|
@ -1791,5 +1791,44 @@ static INLINE char* strsep(char **stringp, const char *delim)
|
|||
|
||||
#endif /* __hpux__ */
|
||||
|
||||
/* Create unique filename, len is length of tempfn name, assuming
|
||||
len does not include null terminating character,
|
||||
num is number of characters in tempfn name to randomize */
|
||||
static INLINE const char* mymktemp(char *tempfn, int len, int num)
|
||||
{
|
||||
int x, size;
|
||||
static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||
"abcdefghijklmnopqrstuvwxyz";
|
||||
RNG rng;
|
||||
byte out;
|
||||
|
||||
if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
|
||||
printf("Bad input\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
size = len - 1;
|
||||
|
||||
if (wc_InitRng(&rng) != 0) {
|
||||
printf("InitRng failed\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
for (x = size; x > size - num; x--) {
|
||||
if (wc_RNG_GenerateBlock(&rng,(byte*)&out, sizeof(out)) != 0) {
|
||||
printf("RNG_GenerateBlock failed\n");
|
||||
return NULL;
|
||||
}
|
||||
tempfn[x] = alphanum[out % (sizeof(alphanum) - 1)];
|
||||
}
|
||||
tempfn[len] = '\0';
|
||||
|
||||
#if defined(HAVE_HASHDRBG)
|
||||
wc_FreeRng(&rng);
|
||||
#endif
|
||||
|
||||
return tempfn;
|
||||
}
|
||||
|
||||
#endif /* wolfSSL_TEST_H */
|
||||
|
||||
|
|
Loading…
Reference in New Issue