int CyaSSL_get_using_nonblock(CYASSL* ssl) { CYASSL_ENTER("CyaSSL_get_using_nonblock"); CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock); return ssl->options.usingNonblock; }
int CheckCertOCSP(CYASSL_OCSP* ocsp, DecodedCert* cert) { byte* ocspReqBuf = NULL; int ocspReqSz = 2048; byte* ocspRespBuf = NULL; OcspRequest ocspRequest; OcspResponse ocspResponse; int result = -1; OCSP_Entry* ocspe; CertStatus* certStatus = NULL; CertStatus newStatus; const char *url; int urlSz; CYASSL_ENTER("CheckCertOCSP"); if (LockMutex(&ocsp->ocspLock) != 0) { CYASSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E); return BAD_MUTEX_E; } ocspe = ocsp->ocspList; while (ocspe) { if (XMEMCMP(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0 && XMEMCMP(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE) == 0) break; else ocspe = ocspe->next; } if (ocspe == NULL) { ocspe = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry), NULL, DYNAMIC_TYPE_OCSP_ENTRY); if (ocspe != NULL) { InitOCSP_Entry(ocspe, cert); ocspe->next = ocsp->ocspList; ocsp->ocspList = ocspe; } else { UnLockMutex(&ocsp->ocspLock); CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); return MEMORY_ERROR; } } else { certStatus = ocspe->status; while (certStatus) { if (certStatus->serialSz == cert->serialSz && XMEMCMP(certStatus->serial, cert->serial, cert->serialSz) == 0) break; else certStatus = certStatus->next; } } if (certStatus != NULL) { if (!ValidateDate(certStatus->thisDate, certStatus->thisDateFormat, BEFORE) || (certStatus->nextDate[0] == 0) || !ValidateDate(certStatus->nextDate, certStatus->nextDateFormat, AFTER)) { CYASSL_MSG("\tinvalid status date, looking up cert"); } else { result = xstat2err(certStatus->status); UnLockMutex(&ocsp->ocspLock); CYASSL_LEAVE("CheckCertOCSP", result); return result; } } UnLockMutex(&ocsp->ocspLock); if (ocsp->cm->ocspUseOverrideURL) { url = ocsp->cm->ocspOverrideURL; if (url != NULL && url[0] != '\0') urlSz = (int)XSTRLEN(url); else return OCSP_NEED_URL; } else if (cert->extAuthInfoSz != 0 && cert->extAuthInfo != NULL) { url = (const char *)cert->extAuthInfo; urlSz = cert->extAuthInfoSz; } else { /* cert doesn't have extAuthInfo, assuming CERT_GOOD */ return 0; } ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER); if (ocspReqBuf == NULL) { CYASSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); return MEMORY_ERROR; } InitOcspRequest(&ocspRequest, cert, ocsp->cm->ocspSendNonce, ocspReqBuf, ocspReqSz); ocspReqSz = EncodeOcspRequest(&ocspRequest); if (ocsp->cm->ocspIOCb) result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz, ocspReqBuf, ocspReqSz, &ocspRespBuf); if (result >= 0 && ocspRespBuf) { XMEMSET(&newStatus, 0, sizeof(CertStatus)); InitOcspResponse(&ocspResponse, &newStatus, ocspRespBuf, result); OcspResponseDecode(&ocspResponse); if (ocspResponse.responseStatus != OCSP_SUCCESSFUL) result = OCSP_LOOKUP_FAIL; else { if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0) { result = xstat2err(ocspResponse.status->status); if (LockMutex(&ocsp->ocspLock) != 0) result = BAD_MUTEX_E; else { if (certStatus != NULL) /* Replace existing certificate entry with updated */ XMEMCPY(certStatus, &newStatus, sizeof(CertStatus)); else { /* Save new certificate entry */ certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, DYNAMIC_TYPE_OCSP_STATUS); if (certStatus != NULL) { XMEMCPY(certStatus, &newStatus, sizeof(CertStatus)); certStatus->next = ocspe->status; ocspe->status = certStatus; ocspe->totalStatus++; } } UnLockMutex(&ocsp->ocspLock); } } else result = OCSP_LOOKUP_FAIL; } } else result = OCSP_LOOKUP_FAIL; if (ocspReqBuf != NULL) XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER); if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb) ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf); CYASSL_LEAVE("CheckCertOCSP", result); return result; }
/* The send embedded callback * return : nb bytes sent, or error */ int EmbedSend(CYASSL* ssl, char *buf, int sz, void *ctx) { int sd = *(int*)ctx; int sent; int len = sz; int err; uint32_t timeout = 500; socklen_t sizeOfTimeOut = sizeof(timeout); int result = setsockopt (sd, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeOfTimeOut); if (result<0) { logOffNominal("setsockopt SO_SNDTIMEO failed(%d).",result); return CYASSL_CBIO_ERR_GENERAL; } CYASSL_ENTER("EmbedSend"); CYASSL_DEBUG("EmbedSend - lwip_send ssl=%08x sd=%08x, buf=%08x len=%u flags=%x", (unsigned)ssl, (unsigned)sd, (unsigned)&buf[sz - len], len, ssl->wflags); sent = (int)SEND_FUNCTION(sd, &buf[sz - len], len, ssl->wflags); CYASSL_DEBUG("EmbedSend - lwip_send ssl=%08x sd=%08x, buf=%08x len=%u flags=%x returned=%d", (unsigned)ssl, (unsigned)sd, (unsigned)&buf[sz - len], len, ssl->wflags, sent); if (sent < 0) { err = LastError(); CYASSL_MSG("Embed Send error"); if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { CYASSL_MSG(" Would Block"); return CYASSL_CBIO_ERR_WANT_WRITE; } else if (err == SOCKET_ECONNRESET) { CYASSL_MSG(" Connection reset"); return CYASSL_CBIO_ERR_CONN_RST; } else if (err == SOCKET_EINTR) { CYASSL_MSG(" Socket interrupted"); return CYASSL_CBIO_ERR_ISR; } else if (err == SOCKET_EPIPE) { CYASSL_MSG(" Socket EPIPE"); return CYASSL_CBIO_ERR_CONN_CLOSE; } else { CYASSL_MSG(" General error"); return CYASSL_CBIO_ERR_GENERAL; } } socklen_t getSizeOfTimeOut = sizeof(timeout); timeout = 0xdeadbeef; result = getsockopt (sd, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, &getSizeOfTimeOut); if (result<0) logFatal("getsockopt SO_SNDTIMEO failed."); if (timeout != 500) logFatal("getsockopt SO_SNDTIMEO did not read what we wrote %u %u.", getSizeOfTimeOut, timeout); CYASSL_LEAVE("EmbedSend", sent); return sent; }