/* empties out the error queue into the file */
void wc_ERR_print_errors_fp(FILE* fp)
{
WOLFSSL_ENTER("wc_ERR_print_errors_fp");
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
}
else {
/* free all nodes from error queue and print them to file */
{
struct wc_error_queue* current;
struct wc_error_queue* next;
current = (struct wc_error_queue*)wc_errors;
while (current != NULL) {
next = current->next;
fprintf(fp, "%s\n", current->error);
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
current = next;
}
/* set global pointers to match having been freed */
wc_errors = NULL;
wc_last_node = NULL;
}
wc_UnLockMutex(&debug_mutex);
}
}
static int GetOcspEntry(WOLFSSL_OCSP* ocsp, OcspRequest* request,
OcspEntry** entry)
{
WOLFSSL_ENTER("GetOcspEntry");
*entry = NULL;
if (wc_LockMutex(&ocsp->ocspLock) != 0) {
WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
return BAD_MUTEX_E;
}
for (*entry = ocsp->ocspList; *entry; *entry = (*entry)->next)
if (XMEMCMP((*entry)->issuerHash, request->issuerHash,
OCSP_DIGEST_SIZE) == 0
&& XMEMCMP((*entry)->issuerKeyHash, request->issuerKeyHash,
OCSP_DIGEST_SIZE) == 0)
break;
if (*entry == NULL) {
*entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry),
ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY);
if (*entry) {
InitOcspEntry(*entry, request);
(*entry)->next = ocsp->ocspList;
ocsp->ocspList = *entry;
}
}
wc_UnLockMutex(&ocsp->ocspLock);
return *entry ? 0 : MEMORY_ERROR;
}
/*********** Invoke Forground Command *********************/
static void command_invoke(void *args)
{
void (*func)(void * ) ;
int i,iteration ;
func = (void(*)(void *))((func_args *)args)->argv[0] ;
#ifdef HAVE_KEIL_RTX
wc_LockMutex((wolfSSL_Mutex *)&command_mutex) ;
#endif
iteration = for_iteration ;
for(i=0; i< iteration; i++) {
if(iteration > 1) printf("--- Start for %d ---->\n", i) ;
#if defined(HAVE_KEIL_RTX)
stack_fill(command_stack, COMMAND_STACK_SIZE) ;
#endif
func(args) ; /* invoke command */
#if defined(HAVE_KEIL_RTX)
stack_check(command_stack, COMMAND_STACK_SIZE) ;
#endif
}
if(iteration > 1)
for_iteration = 1 ;
#ifdef HAVE_KEIL_RTX
wc_UnLockMutex((wolfSSL_Mutex *)&command_mutex) ;
os_tsk_delete_self() ;
#endif
}
/* Add Decoded CRL, 0 on success */
static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl)
{
CRL_Entry* crle;
WOLFSSL_ENTER("AddCRL");
crle = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
if (crle == NULL) {
WOLFSSL_MSG("alloc CRL Entry failed");
return -1;
}
if (InitCRL_Entry(crle, dcrl) < 0) {
WOLFSSL_MSG("Init CRL Entry failed");
XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
return -1;
}
if (wc_LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("wc_LockMutex failed");
FreeCRL_Entry(crle, crl->heap);
XFREE(crle, crl->heap, DYNAMIC_TYPE_CRL_ENTRY);
return BAD_MUTEX_E;
}
crle->next = crl->crlList;
crl->crlList = crle;
wc_UnLockMutex(&crl->crlLock);
return 0;
}
/*********** Invoke Forground Command *********************/
static void command_invoke(void const *args)
{
void (*func)(void const * ) ;
int i,iteration ;
func = (void(*)(void const *))((func_args *)args)->argv[0] ;
#if defined(HAVE_KEIL_RTX)
wc_LockMutex((wolfSSL_Mutex *)&command_mutex) ;
#endif
iteration = for_iteration ;
for(i=0; i< iteration; i++) {
if(iteration > 1) printf("--- Start for %d ---->\n", i) ;
#if defined(HAVE_KEIL_RTX) && !defined(WOLFSSL_CMSIS_RTOS)
stack_fill(command_stack, COMMAND_STACK_SIZE) ;
#endif
func(args) ; /* invoke command */
#if defined(HAVE_KEIL_RTX)&& !defined(WOLFSSL_CMSIS_RTOS)
stack_check(command_stack, COMMAND_STACK_SIZE) ;
#endif
}
if(iteration > 1)
for_iteration = 1 ;
osDelay(20000) ;
#ifdef HAVE_KEIL_RTX
wc_UnLockMutex((wolfSSL_Mutex *)&command_mutex) ;
#ifdef WOLFSSL_CMSIS_RTOS
osThreadTerminate(osThreadGetId()) ;
#else
os_tsk_delete_self() ;
#endif
#endif
}
/* Removes the error node at the specified index.
* idx : if -1 then the most recent node is looked at, otherwise search
* through queue for node at the given index
*/
void wc_RemoveErrorNode(int idx)
{
struct wc_error_queue* current;
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return;
}
if (idx == -1)
current = wc_last_node;
else {
current = (struct wc_error_queue*)wc_errors;
for (; current != NULL && idx > 0; idx--)
current = current->next;
}
if (current != NULL) {
if (current->prev != NULL)
current->prev->next = current->next;
if (wc_last_node == current)
wc_last_node = current->prev;
if (wc_errors == current)
wc_errors = current->next;
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
}
wc_UnLockMutex(&debug_mutex);
}
static THREAD_RETURN WOLFSSH_THREAD server_worker(void* vArgs)
{
int ret = 0;
thread_ctx_t* threadCtx = (thread_ctx_t*)vArgs;
if (!threadCtx->nonBlock)
ret = wolfSSH_accept(threadCtx->ssh);
else
ret = NonBlockSSH_accept(threadCtx->ssh);
switch (ret) {
case WS_SCP_COMPLETE:
printf("scp file transfer completed\n");
ret = 0;
break;
case WS_SFTP_COMPLETE:
#ifdef WOLFSSH_SFTP
ret = sftp_worker(threadCtx);
#else
err_sys("SFTP not compiled in. Please use --enable-sftp");
#endif
break;
case WS_SUCCESS:
ret = ssh_worker(threadCtx);
break;
}
if (ret == WS_FATAL_ERROR && wolfSSH_get_error(threadCtx->ssh) ==
WS_VERSION_E) {
ret = 0; /* don't break out of loop with version miss match */
printf("Unsupported version error\n");
}
if (wolfSSH_shutdown(threadCtx->ssh) != WS_SUCCESS) {
fprintf(stderr, "Error with SSH shutdown.\n");
}
WCLOSESOCKET(threadCtx->fd);
wolfSSH_free(threadCtx->ssh);
if (ret != 0) {
fprintf(stderr, "Error [%d] \"%s\" with handling connection.\n", ret,
wolfSSH_ErrorToName(ret));
#ifndef WOLFSSH_NO_EXIT
wc_LockMutex(&doneLock);
quit = 1;
wc_UnLockMutex(&doneLock);
#endif
}
free(threadCtx);
return 0;
}
int wc_SetLoggingHeap(void* h)
{
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return BAD_MUTEX_E;
}
wc_error_heap = h;
wc_UnLockMutex(&debug_mutex);
return 0;
}
int wolfSSL_CryptHwMutexLock(void) {
int ret = BAD_MUTEX_E;
/* Make sure HW Mutex has been initialized */
wolfSSL_CryptHwMutexInit();
if(wcCryptHwMutexInit) {
ret = wc_LockMutex(&wcCryptHwMutex);
}
return ret;
}
/********* SHEULL MAIN LOOP ***********************************/
void shell_main(void) {
int i ;
func_args args ;
int bf_flg ;
i = BackGround ;
/* Dummy for avoiding warning: BackGround is defined but not used. */
#if defined(HAVE_KEIL_RTX)
wc_InitMutex(&command_mutex) ;
#endif
printf("Starting Shell\n") ;
while(1) {
if(getline(line, LINESIZE, &args, &bf_flg) > 0) {
for(i=0; commandTable[i].func != NULL; i++) {
if(strcmp(commandTable[i].command, args.argv[0]) == 0) {
args.argv[0] = (char *) commandTable[i].func ;
if(bf_flg == FORGROUND) {
#ifdef HAVE_KEIL_RTX
wc_UnLockMutex((wolfSSL_Mutex *)&command_mutex) ;
os_tsk_create_user_ex( (void(*)(void *))&command_invoke, 7,
command_stack, COMMAND_STACK_SIZE, &args) ;
#else
command_invoke(&args) ;
#endif
#ifdef HAVE_KEIL_RTX
wc_LockMutex((wolfSSL_Mutex *)&command_mutex) ;
#endif
} else {
#if (!defined(NO_SIMPLE_SERVER) && \
!defined(NO_ECHOSERVER)) && \
defined(HAVE_KEIL_RTX)
if(BackGround != 0) {
printf("Multiple background servers not supported.\n") ;
} else {
printf("\"%s\" is running with the background mode.\n",
commandTable[i].command) ;
os_tsk_create_user_ex( (void(*)(void *))&bg_job_invoke,
6, bg_job_stack, BG_JOB_STACK_SIZE, &args) ;
}
#else
printf("Invalid Command: no background job\n") ;
#endif
}
break ;
}
}
if(commandTable[i].func == NULL)
printf("Command not found\n") ;
}
}
}
/* peek at an error node
*
* idx : if -1 then the most recent node is looked at, otherwise search
* through queue for node at the given index
* file : pointer to internal file string
* reason : pointer to internal error reason
* line : line number that error happened at
*
* Returns a negative value in error case, on success returns the nodes error
* value which is positve (absolute value)
*/
int wc_PeekErrorNode(int idx, const char **file, const char **reason,
int *line)
{
struct wc_error_queue* err;
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return BAD_MUTEX_E;
}
if (idx < 0) {
err = wc_last_node;
if (err == NULL) {
WOLFSSL_MSG("No Errors in queue");
wc_UnLockMutex(&debug_mutex);
return BAD_STATE_E;
}
}
else {
int i;
err = (struct wc_error_queue*)wc_errors;
for (i = 0; i < idx; i++) {
if (err == NULL) {
WOLFSSL_MSG("Error node not found. Bad index?");
wc_UnLockMutex(&debug_mutex);
return BAD_FUNC_ARG;
}
err = err->next;
}
}
if (file != NULL) {
*file = err->file;
}
if (reason != NULL) {
*reason = err->error;
}
if (line != NULL) {
*line = err->line;
}
wc_UnLockMutex(&debug_mutex);
return err->value;
}
static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
OcspEntry* entry, CertStatus** status, buffer* responseBuffer)
{
int ret = OCSP_INVALID_STATUS;
WOLFSSL_ENTER("GetOcspStatus");
*status = NULL;
if (wc_LockMutex(&ocsp->ocspLock) != 0) {
WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
return BAD_MUTEX_E;
}
for (*status = entry->status; *status; *status = (*status)->next)
if ((*status)->serialSz == request->serialSz
&& !XMEMCMP((*status)->serial, request->serial, (*status)->serialSz))
break;
if (responseBuffer && *status && !(*status)->rawOcspResponse) {
/* force fetching again */
ret = OCSP_INVALID_STATUS;
}
else if (*status) {
if (ValidateDate((*status)->thisDate, (*status)->thisDateFormat, BEFORE)
&& ((*status)->nextDate[0] != 0)
&& ValidateDate((*status)->nextDate, (*status)->nextDateFormat, AFTER))
{
ret = xstat2err((*status)->status);
if (responseBuffer) {
responseBuffer->buffer = (byte*)XMALLOC(
(*status)->rawOcspResponseSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (responseBuffer->buffer) {
responseBuffer->length = (*status)->rawOcspResponseSz;
XMEMCPY(responseBuffer->buffer,
(*status)->rawOcspResponse,
(*status)->rawOcspResponseSz);
}
}
}
}
wc_UnLockMutex(&ocsp->ocspLock);
return ret;
}
/* Start Monitoring the CRL path(s) in a thread */
static int StartMonitorCRL(WOLFSSL_CRL* crl)
{
int ret = SSL_SUCCESS;
WOLFSSL_ENTER("StartMonitorCRL");
if (crl == NULL)
return BAD_FUNC_ARG;
if (crl->tid != 0) {
WOLFSSL_MSG("Monitor thread already running");
return ret; /* that's ok, someone already started */
}
if (pthread_create(&crl->tid, NULL, DoMonitor, crl) != 0) {
WOLFSSL_MSG("Thread creation error");
return THREAD_CREATE_E;
}
/* wait for setup to complete */
if (wc_LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("wc_LockMutex crlLock error");
return BAD_MUTEX_E;
}
while (crl->setup == 0) {
if (pthread_cond_wait(&crl->cond, &crl->crlLock) != 0) {
ret = BAD_COND_E;
break;
}
}
if (crl->setup < 0)
ret = crl->setup; /* store setup error */
wc_UnLockMutex(&crl->crlLock);
if (ret < 0) {
WOLFSSL_MSG("DoMonitor setup failure");
crl->tid = 0; /* thread already done */
}
return ret;
}
/* Signal Monitor thread is setup, save status to setup flag, 0 on success */
static int SignalSetup(WOLFSSL_CRL* crl, int status)
{
int ret;
/* signal to calling thread we're setup */
if (wc_LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("wc_LockMutex crlLock failed");
return BAD_MUTEX_E;
}
crl->setup = status;
ret = pthread_cond_signal(&crl->cond);
wc_UnLockMutex(&crl->crlLock);
if (ret != 0)
return BAD_COND_E;
return 0;
}
/* Clears out the list of error nodes.
*/
void wc_ClearErrorNodes(void)
{
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
return;
}
/* free all nodes from error queue */
{
struct wc_error_queue* current;
struct wc_error_queue* next;
current = (struct wc_error_queue*)wc_errors;
while (current != NULL) {
next = current->next;
XFREE(current, current->heap, DYNAMIC_TYPE_LOG);
current = next;
}
}
wc_errors = NULL;
wc_last_node = NULL;
wc_UnLockMutex(&debug_mutex);
}
void WOLFSSL_ERROR(int error)
#endif
{
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_NGINX)
if (loggingEnabled && error != WC_PENDING_E)
#endif
{
char buffer[80];
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
(void)usrCtx; /* a user ctx for future flexibility */
(void)func;
if (wc_LockMutex(&debug_mutex) != 0) {
WOLFSSL_MSG("Lock debug mutex failed");
sprintf(buffer, "wolfSSL error occurred, error = %d", error);
}
else {
if (error < 0) error = error - (2*error); /*get absolute value*/
sprintf(buffer, "wolfSSL error occurred, error = %d line:%d file:%s",
error, line, file);
if (wc_AddErrorNode(error, line, buffer, (char*)file) != 0) {
WOLFSSL_MSG("Error creating logging node");
/* with void function there is no return here, continue on
* to unlock mutex and log what buffer was created. */
}
wc_UnLockMutex(&debug_mutex);
}
#else
sprintf(buffer, "wolfSSL error occurred, error = %d", error);
#endif
#ifdef DEBUG_WOLFSSL
wolfssl_log(ERROR_LOG , buffer);
#endif
}
}
static THREAD_RET readInput(void* in)
{
byte buf[256];
int bufSz = sizeof(buf);
thread_args* args = (thread_args*)in;
int ret = 0;
word32 sz = 0;
#ifdef USE_WINDOWS_API
HANDLE stdinHandle = GetStdHandle(STD_INPUT_HANDLE);
#endif
while (ret >= 0) {
WMEMSET(buf, 0, bufSz);
#ifdef USE_WINDOWS_API
/* Using A version to avoid potential 2 byte chars */
ret = ReadConsoleA(stdinHandle, (void*)buf, bufSz - 1, (DWORD*)&sz,
NULL);
#else
ret = (int)read(STDIN_FILENO, buf, bufSz -1);
sz = (word32)ret;
#endif
if (ret <= 0) {
err_sys("Error reading stdin");
}
/* lock SSH structure access */
wc_LockMutex(&args->lock);
ret = wolfSSH_stream_send(args->ssh, buf, sz);
wc_UnLockMutex(&args->lock);
if (ret <= 0)
err_sys("Couldn't send data");
}
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
return THREAD_RET_SUCCESS;
}
/* 0 on success */
int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
buffer* responseBuffer)
{
OcspEntry* entry = NULL;
CertStatus* status = NULL;
byte* request = NULL;
int requestSz = 2048;
int responseSz = 0;
byte* response = NULL;
const char* url = NULL;
int urlSz = 0;
int ret = -1;
int validated = 0; /* ocsp validation flag */
#ifdef WOLFSSL_SMALL_STACK
CertStatus* newStatus;
OcspResponse* ocspResponse;
#else
CertStatus newStatus[1];
OcspResponse ocspResponse[1];
#endif
WOLFSSL_ENTER("CheckOcspRequest");
if (responseBuffer) {
responseBuffer->buffer = NULL;
responseBuffer->length = 0;
}
ret = GetOcspEntry(ocsp, ocspRequest, &entry);
if (ret != 0)
return ret;
ret = GetOcspStatus(ocsp, ocspRequest, entry, &status, responseBuffer);
if (ret != OCSP_INVALID_STATUS)
return ret;
if (ocsp->cm->ocspUseOverrideURL) {
url = ocsp->cm->ocspOverrideURL;
if (url != NULL && url[0] != '\0')
urlSz = (int)XSTRLEN(url);
else
return OCSP_NEED_URL;
}
else if (ocspRequest->urlSz != 0 && ocspRequest->url != NULL) {
url = (const char *)ocspRequest->url;
urlSz = ocspRequest->urlSz;
}
else {
/* cert doesn't have extAuthInfo, assuming CERT_GOOD */
return 0;
}
request = (byte*)XMALLOC(requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
if (request == NULL) {
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_ERROR;
}
#ifdef WOLFSSL_SMALL_STACK
newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (newStatus == NULL || ocspResponse == NULL) {
if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(request, NULL, DYNAMIC_TYPE_OCSP);
WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
return MEMORY_E;
}
#endif
requestSz = EncodeOcspRequest(ocspRequest, request, requestSz);
if (requestSz > 0 && ocsp->cm->ocspIOCb) {
responseSz = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
request, requestSz, &response);
}
if (responseSz >= 0 && response) {
XMEMSET(newStatus, 0, sizeof(CertStatus));
InitOcspResponse(ocspResponse, newStatus, response, responseSz);
if (OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap) != 0) {
WOLFSSL_MSG("OcspResponseDecode failed");
}
else if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) {
WOLFSSL_MSG("OcspResponse status bad");
}
else {
if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) {
if (responseBuffer) {
responseBuffer->buffer = (byte*)XMALLOC(responseSz,
ocsp->cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (responseBuffer->buffer) {
responseBuffer->length = responseSz;
XMEMCPY(responseBuffer->buffer, response, responseSz);
}
}
/* only way to get to good state */
ret = xstat2err(ocspResponse->status->status);
if (ret == 0) {
validated = 1;
}
if (wc_LockMutex(&ocsp->ocspLock) != 0)
ret = BAD_MUTEX_E;
else {
if (status != NULL) {
if (status->rawOcspResponse)
XFREE(status->rawOcspResponse, ocsp->cm->heap,
DYNAMIC_TYPE_OCSP_STATUS);
/* Replace existing certificate entry with updated */
XMEMCPY(status, newStatus, sizeof(CertStatus));
}
else {
/* Save new certificate entry */
status = (CertStatus*)XMALLOC(sizeof(CertStatus),
ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS);
if (status != NULL) {
XMEMCPY(status, newStatus, sizeof(CertStatus));
status->next = entry->status;
entry->status = status;
entry->totalStatus++;
}
}
if (status && responseBuffer && responseBuffer->buffer) {
status->rawOcspResponse = (byte*)XMALLOC(
responseBuffer->length,
ocsp->cm->heap,
DYNAMIC_TYPE_OCSP_STATUS);
if (status->rawOcspResponse) {
status->rawOcspResponseSz = responseBuffer->length;
XMEMCPY(status->rawOcspResponse,
responseBuffer->buffer,
responseBuffer->length);
}
}
wc_UnLockMutex(&ocsp->ocspLock);
}
}
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (response != NULL && ocsp->cm->ocspRespFreeCb)
ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, response);
if (ret == 0 && validated == 1) {
WOLFSSL_MSG("New OcspResponse validated");
} else {
ret = OCSP_LOOKUP_FAIL;
}
WOLFSSL_LEAVE("CheckOcspRequest", ret);
return ret;
}
/* Is the cert ok with CRL, return 0 on success */
int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
{
CRL_Entry* crle;
int foundEntry = 0;
int ret = 0;
WOLFSSL_ENTER("CheckCertCRL");
if (wc_LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("wc_LockMutex failed");
return BAD_MUTEX_E;
}
crle = crl->crlList;
while (crle) {
if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
int doNextDate = 1;
WOLFSSL_MSG("Found CRL Entry on list");
WOLFSSL_MSG("Checking next date validity");
#ifdef WOLFSSL_NO_CRL_NEXT_DATE
if (crle->nextDateFormat == ASN_OTHER_TYPE)
doNextDate = 0; /* skip */
#endif
if (doNextDate && !ValidateDate(crle->nextDate,
crle->nextDateFormat, AFTER)) {
WOLFSSL_MSG("CRL next date is no longer valid");
ret = ASN_AFTER_DATE_E;
}
else
foundEntry = 1;
break;
}
crle = crle->next;
}
if (foundEntry) {
RevokedCert* rc = crle->certs;
while (rc) {
if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
WOLFSSL_MSG("Cert revoked");
ret = CRL_CERT_REVOKED;
break;
}
rc = rc->next;
}
}
wc_UnLockMutex(&crl->crlLock);
if (foundEntry == 0) {
WOLFSSL_MSG("Couldn't find CRL for status check");
ret = CRL_MISSING;
if (crl->cm->cbMissingCRL) {
char url[256];
WOLFSSL_MSG("Issuing missing CRL callback");
url[0] = '\0';
if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
url[cert->extCrlInfoSz] = '\0';
}
else {
WOLFSSL_MSG("CRL url too long");
}
crl->cm->cbMissingCRL(url);
}
}
return ret;
}
/* read in new CRL entries and save new list */
static int SwapLists(WOLFSSL_CRL* crl)
{
int ret;
CRL_Entry* newList;
#ifdef WOLFSSL_SMALL_STACK
WOLFSSL_CRL* tmp;
#else
WOLFSSL_CRL tmp[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
return MEMORY_E;
#endif
if (InitCRL(tmp, crl->cm) < 0) {
WOLFSSL_MSG("Init tmp CRL failed");
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return -1;
}
if (crl->monitors[0].path) {
ret = LoadCRL(tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0);
if (ret != SSL_SUCCESS) {
WOLFSSL_MSG("PEM LoadCRL on dir change failed");
FreeCRL(tmp, 0);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return -1;
}
}
if (crl->monitors[1].path) {
ret = LoadCRL(tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0);
if (ret != SSL_SUCCESS) {
WOLFSSL_MSG("DER LoadCRL on dir change failed");
FreeCRL(tmp, 0);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return -1;
}
}
if (wc_LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("wc_LockMutex failed");
FreeCRL(tmp, 0);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return -1;
}
newList = tmp->crlList;
/* swap lists */
tmp->crlList = crl->crlList;
crl->crlList = newList;
wc_UnLockMutex(&crl->crlLock);
FreeCRL(tmp, 0);
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return 0;
}
static THREAD_RET readPeer(void* in)
{
byte buf[80];
int bufSz = sizeof(buf);
thread_args* args = (thread_args*)in;
int ret = 0;
int fd = wolfSSH_get_fd(args->ssh);
word32 bytes;
#ifdef USE_WINDOWS_API
HANDLE stdoutHandle = GetStdHandle(STD_OUTPUT_HANDLE);
#endif
fd_set readSet;
fd_set errSet;
FD_ZERO(&readSet);
FD_ZERO(&errSet);
FD_SET(fd, &readSet);
FD_SET(fd, &errSet);
while (ret >= 0) {
bytes = select(fd + 1, &readSet, NULL, &errSet, NULL);
wc_LockMutex(&args->lock);
while (bytes > 0 && (FD_ISSET(fd, &readSet) || FD_ISSET(fd, &errSet))) {
/* there is something to read off the wire */
WMEMSET(buf, 0, bufSz);
ret = wolfSSH_stream_read(args->ssh, buf, bufSz - 1);
if (ret == WS_EXTDATA) { /* handle extended data */
do {
WMEMSET(buf, 0, bufSz);
ret = wolfSSH_extended_data_read(args->ssh, buf, bufSz - 1);
if (ret < 0)
err_sys("Extended data read failed.");
buf[bufSz - 1] = '\0';
fprintf(stderr, "%s", buf);
} while (ret > 0);
}
else if (ret <= 0) {
if (ret != WS_EOF) {
err_sys("Stream read failed.");
}
}
else {
buf[bufSz - 1] = '\0';
#ifdef USE_WINDOWS_API
if (args->rawMode == 0) {
ret = wolfSSH_ConvertConsole(args->ssh, stdoutHandle, buf,
ret);
if (ret != WS_SUCCESS && ret != WS_WANT_READ) {
err_sys("issue with print out");
}
if (ret == WS_WANT_READ) {
ret = 0;
}
}
else {
printf("%s", buf);
fflush(stdout);
}
#else
printf("%s", buf);
fflush(stdout);
#endif
}
if (wolfSSH_stream_peek(args->ssh, buf, bufSz) <= 0) {
bytes = 0; /* read it all */
}
}
wc_UnLockMutex(&args->lock);
}
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
return THREAD_RET_SUCCESS;
}
void wolfSSL_TI_lockCCM(void)
{
#ifndef TI_DUMMY_BUILD
wc_LockMutex(&TI_CCM_Mutex);
#endif
}
