PageRenderTime 56ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 1ms

/src/io.c

https://github.com/andersmalm/cyassl
C | 792 lines | 616 code | 121 blank | 55 comment | 190 complexity | 29191a2e10a94780cfda6b2a14a3f165 MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. /* io.c
    2. 

  2.  *
    3. 

  3.  * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
    4. 

  4.  *
    5. 

  5.  * This file is part of CyaSSL.
    6. 

  6.  *
    7. 

  7.  * CyaSSL is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * CyaSSL is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program; if not, write to the Free Software
    19. 

  19.  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
    20. 

  20.  */
    21. 

  21. 

  22. #ifdef HAVE_CONFIG_H
    23. 

  23.     #include <config.h>
    24. 

  24. #endif
    25. 

  25. 

  26. #ifdef _WIN32_WCE
    27. 

  27.     /* On WinCE winsock2.h must be included before windows.h for socket stuff */
    28. 

  28.     #include <winsock2.h>
    29. 

  29. #endif
    30. 

  30. 

  31. #include <cyassl/internal.h>
    32. 

  32. 

  33. /* if user writes own I/O callbacks they can define CYASSL_USER_IO to remove
    34. 

  34.    automatic setting of default I/O functions EmbedSend() and EmbedReceive()
    35. 

  35.    but they'll still need SetCallback xxx() at end of file 
    36. 

  36. */
    37. 

  37. #ifndef CYASSL_USER_IO
    38. 

  38. 

  39. #ifdef HAVE_LIBZ
    40. 

  40.     #include "zlib.h"
    41. 

  41. #endif
    42. 

  42. 

  43. #ifndef USE_WINDOWS_API
    44. 

  44.     #ifdef CYASSL_LWIP
    45. 

  45.         /* lwIP needs to be configured to use sockets API in this mode */
    46. 

  46.         /* LWIP_SOCKET 1 in lwip/opt.h or in build */
    47. 

  47.         #include "lwip/sockets.h"
    48. 

  48.         #include <errno.h>
    49. 

  49.         #ifndef LWIP_PROVIDE_ERRNO
    50. 

  50.             #define LWIP_PROVIDE_ERRNO 1
    51. 

  51.         #endif
    52. 

  52.     #elif defined(FREESCALE_MQX)
    53. 

  53.         #include <posix.h>
    54. 

  54.         #include <rtcs.h>
    55. 

  55.     #else
    56. 

  56.         #include <sys/types.h>
    57. 

  57.         #include <errno.h>
    58. 

  58.         #ifndef EBSNET
    59. 

  59.             #include <unistd.h>
    60. 

  60.         #endif
    61. 

  61.         #include <fcntl.h>
    62. 

  62.         #if !(defined(DEVKITPRO) || defined(THREADX) || defined(EBSNET))
    63. 

  63.             #include <sys/socket.h>
    64. 

  64.             #include <arpa/inet.h>
    65. 

  65.             #include <netinet/in.h>
    66. 

  66.             #include <netdb.h>
    67. 

  67.             #ifdef __PPU
    68. 

  68.                 #include <netex/errno.h>
    69. 

  69.             #else
    70. 

  70.                 #include <sys/ioctl.h>
    71. 

  71.             #endif
    72. 

  72.         #endif
    73. 

  73.         #ifdef THREADX
    74. 

  74.             #include <socket.h>
    75. 

  75.         #endif
    76. 

  76.         #ifdef EBSNET
    77. 

  77.             #include "rtipapi.h"  /* errno */
    78. 

  78.             #include "socket.h"
    79. 

  79.         #endif
    80. 

  80.     #endif
    81. 

  81. #endif /* USE_WINDOWS_API */
    82. 

  82. 

  83. #ifdef __sun
    84. 

  84.     #include <sys/filio.h>
    85. 

  85. #endif
    86. 

  86. 

  87. #ifdef USE_WINDOWS_API 
    88. 

  88.     /* no epipe yet */
    89. 

  89.     #ifndef WSAEPIPE
    90. 

  90.         #define WSAEPIPE       -12345
    91. 

  91.     #endif
    92. 

  92.     #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
    93. 

  93.     #define SOCKET_EAGAIN      WSAETIMEDOUT
    94. 

  94.     #define SOCKET_ECONNRESET  WSAECONNRESET
    95. 

  95.     #define SOCKET_EINTR       WSAEINTR
    96. 

  96.     #define SOCKET_EPIPE       WSAEPIPE
    97. 

  97.     #define SOCKET_ECONNREFUSED WSAENOTCONN
    98. 

  98. #elif defined(__PPU)
    99. 

  99.     #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK
    100. 

  100.     #define SOCKET_EAGAIN      SYS_NET_EAGAIN
    101. 

  101.     #define SOCKET_ECONNRESET  SYS_NET_ECONNRESET
    102. 

  102.     #define SOCKET_EINTR       SYS_NET_EINTR
    103. 

  103.     #define SOCKET_EPIPE       SYS_NET_EPIPE
    104. 

  104.     #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
    105. 

  105. #elif defined(FREESCALE_MQX)
    106. 

  106.     /* RTCS doesn't have an EWOULDBLOCK error */
    107. 

  107.     #define SOCKET_EWOULDBLOCK EAGAIN
    108. 

  108.     #define SOCKET_EAGAIN      EAGAIN
    109. 

  109.     #define SOCKET_ECONNRESET  RTCSERR_TCP_CONN_RESET
    110. 

  110.     #define SOCKET_EINTR       EINTR
    111. 

  111.     #define SOCKET_EPIPE       EPIPE
    112. 

  112.     #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
    113. 

  113. #else
    114. 

  114.     #define SOCKET_EWOULDBLOCK EWOULDBLOCK
    115. 

  115.     #define SOCKET_EAGAIN      EAGAIN
    116. 

  116.     #define SOCKET_ECONNRESET  ECONNRESET
    117. 

  117.     #define SOCKET_EINTR       EINTR
    118. 

  118.     #define SOCKET_EPIPE       EPIPE
    119. 

  119.     #define SOCKET_ECONNREFUSED ECONNREFUSED
    120. 

  120. #endif /* USE_WINDOWS_API */
    121. 

  121. 

  122. 

  123. #ifdef DEVKITPRO
    124. 

  124.     /* from network.h */
    125. 

  125.     int net_send(int, const void*, int, unsigned int);
    126. 

  126.     int net_recv(int, void*, int, unsigned int);
    127. 

  127.     #define SEND_FUNCTION net_send
    128. 

  128.     #define RECV_FUNCTION net_recv
    129. 

  129. #elif defined(CYASSL_LWIP)
    130. 

  130.     #define SEND_FUNCTION lwip_send
    131. 

  131.     #define RECV_FUNCTION lwip_recv
    132. 

  132. #else
    133. 

  133.     #define SEND_FUNCTION send
    134. 

  134.     #define RECV_FUNCTION recv
    135. 

  135. #endif
    136. 

  136. 

  137. 

  138. #ifdef CYASSL_DTLS
    139. 

  139.     /* sizeof(struct timeval) will pass uninit bytes to setsockopt if padded */
    140. 

  140.     #ifdef USE_WINDOWS_API
    141. 

  141.         #define TIMEVAL_BYTES sizeof(timeout)
    142. 

  142.     #else
    143. 

  143.         #define TIMEVAL_BYTES sizeof(timeout.tv_sec) + sizeof(timeout.tv_usec)
    144. 

  144.     #endif
    145. 

  145. #endif
    146. 

  146. 

  147. 

  148. /* Translates return codes returned from 
    149. 

  149.  * send() and recv() if need be. 
    150. 

  150.  */
    151. 

  151. static INLINE int TranslateReturnCode(int old, int sd)
    152. 

  152. {
    153. 

  153.     (void)sd;
    154. 

  154. 

  155. #ifdef FREESCALE_MQX
    156. 

  156.     if (old == 0) {
    157. 

  157.         errno = SOCKET_EWOULDBLOCK;
    158. 

  158.         return -1;  /* convert to BSD style wouldblock as error */
    159. 

  159.     }
    160. 

  160. 

  161.     if (old < 0) {
    162. 

  162.         errno = RTCS_geterror(sd);
    163. 

  163.         if (errno == RTCSERR_TCP_CONN_CLOSING)
    164. 

  164.             return 0;   /* convert to BSD style closing */
    165. 

  165.     }
    166. 

  166. #endif
    167. 

  167. 

  168.     return old;
    169. 

  169. }
    170. 

  170. 

  171. static INLINE int LastError(void)
    172. 

  172. {
    173. 

  173. #ifdef USE_WINDOWS_API 
    174. 

  174.     return WSAGetLastError();
    175. 

  175. #elif defined(EBSNET)
    176. 

  176.     return xn_getlasterror();
    177. 

  177. #else
    178. 

  178.     return errno;
    179. 

  179. #endif
    180. 

  180. }
    181. 

  181. 

  182. /* The receive embedded callback
    183. 

  183.  *  return : nb bytes read, or error
    184. 

  184.  */
    185. 

  185. int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx)
    186. 

  186. {
    187. 

  187.     int recvd;
    188. 

  188.     int err;
    189. 

  189.     int sd = *(int*)ctx;
    190. 

  190. 

  191. #ifdef CYASSL_DTLS
    192. 

  192.     {
    193. 

  193.         int dtls_timeout = CyaSSL_dtls_get_current_timeout(ssl);
    194. 

  194.         if (CyaSSL_dtls(ssl)
    195. 

  195.                      && !CyaSSL_get_using_nonblock(ssl)
    196. 

  196.                      && dtls_timeout != 0) {
    197. 

  197.             #ifdef USE_WINDOWS_API
    198. 

  198.                 DWORD timeout = dtls_timeout * 1000;
    199. 

  199.             #else
    200. 

  200.                 struct timeval timeout = {dtls_timeout, 0};
    201. 

  201.             #endif
    202. 

  202.             setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO,
    203. 

  203.                                             (char*)&timeout, TIMEVAL_BYTES);
    204. 

  204.         }
    205. 

  205.     }
    206. 

  206. #endif
    207. 

  207. 

  208.     recvd = (int)RECV_FUNCTION(sd, buf, sz, ssl->rflags);
    209. 

  209. 

  210.     recvd = TranslateReturnCode(recvd, sd);
    211. 

  211. 

  212.     if (recvd < 0) {
    213. 

  213.         err = LastError();
    214. 

  214.         CYASSL_MSG("Embed Receive error");
    215. 

  215. 

  216.         if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
    217. 

  217.             if (!CyaSSL_dtls(ssl) || CyaSSL_get_using_nonblock(ssl)) {
    218. 

  218.                 CYASSL_MSG("    Would block");
    219. 

  219.                 return IO_ERR_WANT_READ;
    220. 

  220.             }
    221. 

  221.             else {
    222. 

  222.                 CYASSL_MSG("    Socket timeout");
    223. 

  223.                 return IO_ERR_TIMEOUT;
    224. 

  224.             }
    225. 

  225.         }
    226. 

  226.         else if (err == SOCKET_ECONNRESET) {
    227. 

  227.             CYASSL_MSG("    Connection reset");
    228. 

  228.             return IO_ERR_CONN_RST;
    229. 

  229.         }
    230. 

  230.         else if (err == SOCKET_EINTR) {
    231. 

  231.             CYASSL_MSG("    Socket interrupted");
    232. 

  232.             return IO_ERR_ISR;
    233. 

  233.         }
    234. 

  234.         else if (err == SOCKET_ECONNREFUSED) {
    235. 

  235.             CYASSL_MSG("    Connection refused");
    236. 

  236.             return IO_ERR_WANT_READ;
    237. 

  237.         }
    238. 

  238.         else {
    239. 

  239.             CYASSL_MSG("    General error");
    240. 

  240.             return IO_ERR_GENERAL;
    241. 

  241.         }
    242. 

  242.     }
    243. 

  243.     else if (recvd == 0) {
    244. 

  244.         CYASSL_MSG("Embed receive connection closed");
    245. 

  245.         return IO_ERR_CONN_CLOSE;
    246. 

  246.     }
    247. 

  247. 

  248.     return recvd;
    249. 

  249. }
    250. 

  250. 

  251. /* The send embedded callback
    252. 

  252.  *  return : nb bytes sent, or error
    253. 

  253.  */
    254. 

  254. int EmbedSend(CYASSL* ssl, char *buf, int sz, void *ctx)
    255. 

  255. {
    256. 

  256.     int sd = *(int*)ctx;
    257. 

  257.     int sent;
    258. 

  258.     int len = sz;
    259. 

  259.     int err;
    260. 

  260. 

  261.     sent = (int)SEND_FUNCTION(sd, &buf[sz - len], len, ssl->wflags);
    262. 

  262. 

  263.     if (sent < 0) {
    264. 

  264.         err = LastError();
    265. 

  265.         CYASSL_MSG("Embed Send error");
    266. 

  266. 

  267.         if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
    268. 

  268.             CYASSL_MSG("    Would Block");
    269. 

  269.             return IO_ERR_WANT_WRITE;
    270. 

  270.         }
    271. 

  271.         else if (err == SOCKET_ECONNRESET) {
    272. 

  272.             CYASSL_MSG("    Connection reset");
    273. 

  273.             return IO_ERR_CONN_RST;
    274. 

  274.         }
    275. 

  275.         else if (err == SOCKET_EINTR) {
    276. 

  276.             CYASSL_MSG("    Socket interrupted");
    277. 

  277.             return IO_ERR_ISR;
    278. 

  278.         }
    279. 

  279.         else if (err == SOCKET_EPIPE) {
    280. 

  280.             CYASSL_MSG("    Socket EPIPE");
    281. 

  281.             return IO_ERR_CONN_CLOSE;
    282. 

  282.         }
    283. 

  283.         else {
    284. 

  284.             CYASSL_MSG("    General error");
    285. 

  285.             return IO_ERR_GENERAL;
    286. 

  286.         }
    287. 

  287.     }
    288. 

  288.  
    289. 

  289.     return sent;
    290. 

  290. }
    291. 

  291. 

  292. 

  293. #ifdef CYASSL_DTLS
    294. 

  294. 

  295. #include <cyassl/ctaocrypt/sha.h>
    296. 

  296. 

  297. #ifdef USE_WINDOWS_API
    298. 

  298.    #define XSOCKLENT int
    299. 

  299. #else
    300. 

  300.    #define XSOCKLENT socklen_t
    301. 

  301. #endif
    302. 

  302. 

  303. #define SENDTO_FUNCTION sendto
    304. 

  304. #define RECVFROM_FUNCTION recvfrom
    305. 

  305. 

  306. 

  307. /* The receive embedded callback
    308. 

  308.  *  return : nb bytes read, or error
    309. 

  309.  */
    310. 

  310. int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx)
    311. 

  311. {
    312. 

  312.     CYASSL_DTLS_CTX* dtlsCtx = (CYASSL_DTLS_CTX*)ctx;
    313. 

  313.     int recvd;
    314. 

  314.     int err;
    315. 

  315.     int sd = dtlsCtx->fd;
    316. 

  316.     int dtls_timeout = CyaSSL_dtls_get_current_timeout(ssl);
    317. 

  317.     struct sockaddr_in peer;
    318. 

  318.     XSOCKLENT peerSz = sizeof(peer);
    319. 

  319. 

  320.     CYASSL_ENTER("EmbedReceiveFrom()");
    321. 

  321.     if (!CyaSSL_get_using_nonblock(ssl) && dtls_timeout != 0) {
    322. 

  322.         #ifdef USE_WINDOWS_API
    323. 

  323.             DWORD timeout = dtls_timeout * 1000;
    324. 

  324.         #else
    325. 

  325.             struct timeval timeout = { dtls_timeout, 0 };
    326. 

  326.         #endif
    327. 

  327.         setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO,
    328. 

  328.                                             (char*)&timeout, TIMEVAL_BYTES);
    329. 

  329.     }
    330. 

  330. 

  331.     recvd = (int)RECVFROM_FUNCTION(sd, buf, sz, ssl->rflags,
    332. 

  332.                                   (struct sockaddr*)&peer, &peerSz);
    333. 

  333. 

  334.     recvd = TranslateReturnCode(recvd, sd);
    335. 

  335. 

  336.     if (recvd < 0) {
    337. 

  337.         err = LastError();
    338. 

  338.         CYASSL_MSG("Embed Receive From error");
    339. 

  339. 

  340.         if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
    341. 

  341.             if (CyaSSL_get_using_nonblock(ssl)) {
    342. 

  342.                 CYASSL_MSG("    Would block");
    343. 

  343.                 return IO_ERR_WANT_READ;
    344. 

  344.             }
    345. 

  345.             else {
    346. 

  346.                 CYASSL_MSG("    Socket timeout");
    347. 

  347.                 return IO_ERR_TIMEOUT;
    348. 

  348.             }
    349. 

  349.         }
    350. 

  350.         else if (err == SOCKET_ECONNRESET) {
    351. 

  351.             CYASSL_MSG("    Connection reset");
    352. 

  352.             return IO_ERR_CONN_RST;
    353. 

  353.         }
    354. 

  354.         else if (err == SOCKET_EINTR) {
    355. 

  355.             CYASSL_MSG("    Socket interrupted");
    356. 

  356.             return IO_ERR_ISR;
    357. 

  357.         }
    358. 

  358.         else if (err == SOCKET_ECONNREFUSED) {
    359. 

  359.             CYASSL_MSG("    Connection refused");
    360. 

  360.             return IO_ERR_WANT_READ;
    361. 

  361.         }
    362. 

  362.         else {
    363. 

  363.             CYASSL_MSG("    General error");
    364. 

  364.             return IO_ERR_GENERAL;
    365. 

  365.         }
    366. 

  366.     }
    367. 

  367.     else {
    368. 

  368.         if (dtlsCtx != NULL
    369. 

  369.                 && dtlsCtx->peer.sz > 0
    370. 

  370.                 && peerSz != (XSOCKLENT)dtlsCtx->peer.sz
    371. 

  371.                 && memcmp(&peer, dtlsCtx->peer.sa, peerSz) != 0) {
    372. 

  372.             CYASSL_MSG("    Ignored packet from invalid peer");
    373. 

  373.             return IO_ERR_WANT_READ;
    374. 

  374.         }
    375. 

  375.     }
    376. 

  376. 

  377.     return recvd;
    378. 

  378. }
    379. 

  379. 

  380. 

  381. /* The send embedded callback
    382. 

  382.  *  return : nb bytes sent, or error
    383. 

  383.  */
    384. 

  384. int EmbedSendTo(CYASSL* ssl, char *buf, int sz, void *ctx)
    385. 

  385. {
    386. 

  386.     CYASSL_DTLS_CTX* dtlsCtx = (CYASSL_DTLS_CTX*)ctx;
    387. 

  387.     int sd = dtlsCtx->fd;
    388. 

  388.     int sent;
    389. 

  389.     int len = sz;
    390. 

  390.     int err;
    391. 

  391. 

  392.     CYASSL_ENTER("EmbedSendTo()");
    393. 

  393.     sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags,
    394. 

  394.                                 dtlsCtx->peer.sa, dtlsCtx->peer.sz);
    395. 

  395.     if (sent < 0) {
    396. 

  396.         err = LastError();
    397. 

  397.         CYASSL_MSG("Embed Send To error");
    398. 

  398. 

  399.         if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
    400. 

  400.             CYASSL_MSG("    Would Block");
    401. 

  401.             return IO_ERR_WANT_WRITE;
    402. 

  402.         }
    403. 

  403.         else if (err == SOCKET_ECONNRESET) {
    404. 

  404.             CYASSL_MSG("    Connection reset");
    405. 

  405.             return IO_ERR_CONN_RST;
    406. 

  406.         }
    407. 

  407.         else if (err == SOCKET_EINTR) {
    408. 

  408.             CYASSL_MSG("    Socket interrupted");
    409. 

  409.             return IO_ERR_ISR;
    410. 

  410.         }
    411. 

  411.         else if (err == SOCKET_EPIPE) {
    412. 

  412.             CYASSL_MSG("    Socket EPIPE");
    413. 

  413.             return IO_ERR_CONN_CLOSE;
    414. 

  414.         }
    415. 

  415.         else {
    416. 

  416.             CYASSL_MSG("    General error");
    417. 

  417.             return IO_ERR_GENERAL;
    418. 

  418.         }
    419. 

  419.     }
    420. 

  420.  
    421. 

  421.     return sent;
    422. 

  422. }
    423. 

  423. 

  424. 

  425. /* The DTLS Generate Cookie callback
    426. 

  426.  *  return : number of bytes copied into buf, or error
    427. 

  427.  */
    428. 

  428. int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
    429. 

  429. {
    430. 

  430.     CYASSL* ssl = (CYASSL*)ctx;
    431. 

  431.     int sd = ssl->wfd;
    432. 

  432.     struct sockaddr_in peer;
    433. 

  433.     XSOCKLENT peerSz = sizeof(peer);
    434. 

  434.     byte cookieSrc[sizeof(struct in_addr) + sizeof(int)];
    435. 

  435.     int cookieSrcSz = 0;
    436. 

  436.     Sha sha;
    437. 

  437. 

  438.     getpeername(sd, (struct sockaddr*)&peer, &peerSz);
    439. 

  439.     
    440. 

  440.     if (peer.sin_family == AF_INET) {
    441. 

  441.         struct sockaddr_in *s = (struct sockaddr_in*)&peer;
    442. 

  442. 

  443.         cookieSrcSz = sizeof(struct in_addr) + sizeof(s->sin_port);
    444. 

  444.         XMEMCPY(cookieSrc, &s->sin_port, sizeof(s->sin_port));
    445. 

  445.         XMEMCPY(cookieSrc + sizeof(s->sin_port),
    446. 

  446.                                      &s->sin_addr, sizeof(struct in_addr));
    447. 

  447.     }
    448. 

  448. 

  449.     InitSha(&sha);
    450. 

  450.     ShaUpdate(&sha, cookieSrc, cookieSrcSz);
    451. 

  451. 

  452.     if (sz < SHA_DIGEST_SIZE) {
    453. 

  453.         byte digest[SHA_DIGEST_SIZE];
    454. 

  454.         ShaFinal(&sha, digest);
    455. 

  455.         XMEMCPY(buf, digest, sz);
    456. 

  456.         return sz;
    457. 

  457.     }
    458. 

  458. 

  459.     ShaFinal(&sha, buf);
    460. 

  460. 

  461.     return SHA_DIGEST_SIZE;
    462. 

  462. }
    463. 

  463. 

  464. #endif /* CYASSL_DTLS */
    465. 

  465. 

  466. #ifdef HAVE_OCSP
    467. 

  467. 

  468. #ifdef TEST_IPV6
    469. 

  469.     typedef struct sockaddr_in6 SOCKADDR_IN_T;
    470. 

  470.     #define AF_INET_V    AF_INET6
    471. 

  471. #else
    472. 

  472.     typedef struct sockaddr_in  SOCKADDR_IN_T;
    473. 

  473.     #define AF_INET_V    AF_INET
    474. 

  474. #endif
    475. 

  475. 

  476. 

  477. static INLINE int tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
    478. 

  478. {
    479. 

  479.     SOCKADDR_IN_T addr;
    480. 

  480.     const char* host = ip;
    481. 

  481. 

  482.     /* peer could be in human readable form */
    483. 

  483.     if (ip != INADDR_ANY && isalpha(ip[0])) {
    484. 

  484.         struct hostent* entry = gethostbyname(ip);
    485. 

  485. 

  486.         if (entry) {
    487. 

  487.             struct sockaddr_in tmp;
    488. 

  488.             XMEMSET(&tmp, 0, sizeof(struct sockaddr_in));
    489. 

  489.             XMEMCPY(&tmp.sin_addr.s_addr, entry->h_addr_list[0],
    490. 

  490.                    entry->h_length);
    491. 

  491.             host = inet_ntoa(tmp.sin_addr);
    492. 

  492.         }
    493. 

  493.         else {
    494. 

  494.             CYASSL_MSG("no addr entry for OCSP responder");
    495. 

  495.             return -1;
    496. 

  496.         }
    497. 

  497.     }
    498. 

  498. 

  499.     *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
    500. 

  500.     XMEMSET(&addr, 0, sizeof(SOCKADDR_IN_T));
    501. 

  501. 

  502.     addr.sin_family = AF_INET_V;
    503. 

  503.     addr.sin_port = htons(port);
    504. 

  504.     if (host == INADDR_ANY)
    505. 

  505.         addr.sin_addr.s_addr = INADDR_ANY;
    506. 

  506.     else
    507. 

  507.         addr.sin_addr.s_addr = inet_addr(host);
    508. 

  508. 

  509.     if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) {
    510. 

  510.         CYASSL_MSG("OCSP responder tcp connect failed");
    511. 

  511.         return -1;
    512. 

  512.     }
    513. 

  513. 

  514.     return 0;
    515. 

  515. }
    516. 

  516. 

  517. 

  518. static int build_http_request(const char* domainName, const char* path,
    519. 

  519.                                     int ocspReqSz, byte* buf, int bufSize)
    520. 

  520. {
    521. 

  521.     return snprintf((char*)buf, bufSize,
    522. 

  522.         "POST %s HTTP/1.1\r\n"
    523. 

  523.         "Host: %s\r\n"
    524. 

  524.         "Content-Length: %d\r\n"
    525. 

  525.         "Content-Type: application/ocsp-request\r\n"
    526. 

  526.         "\r\n", 
    527. 

  527.         path, domainName, ocspReqSz);
    528. 

  528. }
    529. 

  529. 

  530. 

  531. static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst)
    532. 

  532. {
    533. 

  533.     int idx = 0;
    534. 

  534.     int stop = 0;
    535. 

  535.     int len = 0;
    536. 

  536.     byte* contentType = NULL;
    537. 

  537.     byte* contentLength = NULL;
    538. 

  538.     char* buf = (char*)httpBuf; /* kludge so I'm not constantly casting */
    539. 

  539. 

  540.     if (XSTRNCASECMP(buf, "HTTP/1", 6) != 0)
    541. 

  541.         return 0;
    542. 

  542.     
    543. 

  543.     idx = 9; /* sets to the first byte after "HTTP/1.X ", which should be the
    544. 

  544.               * HTTP result code */
    545. 

  545. 

  546.      if (XSTRNCASECMP(&buf[idx], "200 OK", 6) != 0)
    547. 

  547.         return 0;
    548. 

  548.     
    549. 

  549.     idx += 8;
    550. 

  550. 

  551.     while (idx < httpBufSz && !stop) {
    552. 

  552.         if (buf[idx] == '\r' && buf[idx+1] == '\n') {
    553. 

  553.             stop = 1;
    554. 

  554.             idx += 2;
    555. 

  555.         }
    556. 

  556.         else {
    557. 

  557.             if (contentType == NULL &&
    558. 

  558.                            XSTRNCASECMP(&buf[idx], "Content-Type:", 13) == 0) {
    559. 

  559.                 idx += 13;
    560. 

  560.                 if (buf[idx] == ' ') idx++;
    561. 

  561.                 if (XSTRNCASECMP(&buf[idx],
    562. 

  562.                                        "application/ocsp-response", 25) != 0) {
    563. 

  563.                     return 0;
    564. 

  564.                 }
    565. 

  565.                 idx += 27;
    566. 

  566.             }
    567. 

  567.             else if (contentLength == NULL &&
    568. 

  568.                          XSTRNCASECMP(&buf[idx], "Content-Length:", 15) == 0) {
    569. 

  569.                 idx += 15;
    570. 

  570.                 if (buf[idx] == ' ') idx++;
    571. 

  571.                 while (buf[idx] >= '0' && buf[idx] <= '9' && idx < httpBufSz) {
    572. 

  572.                     len = (len * 10) + (buf[idx] - '0');
    573. 

  573.                     idx++;
    574. 

  574.                 }
    575. 

  575.                 idx += 2; /* skip the crlf */
    576. 

  576.             }
    577. 

  577.             else {
    578. 

  578.                 /* Advance idx past the next \r\n */
    579. 

  579.                 char* end = XSTRSTR(&buf[idx], "\r\n");
    580. 

  580.                 idx = (int)(end - buf + 2);
    581. 

  581.                 stop = 1;
    582. 

  582.             }
    583. 

  583.         }
    584. 

  584.     }
    585. 

  585.     
    586. 

  586.     if (len > 0) {
    587. 

  587.         *dst = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_IN_BUFFER);
    588. 

  588.         XMEMCPY(*dst, httpBuf + idx, len);
    589. 

  589.     }
    590. 

  590. 

  591.     return len;
    592. 

  592. }
    593. 

  593. 

  594. 

  595. static int decode_url(const char* url, int urlSz,
    596. 

  596.     char* outName, char* outPath, int* outPort)
    597. 

  597. {
    598. 

  598.     if (outName != NULL && outPath != NULL && outPort != NULL)
    599. 

  599.     {
    600. 

  600.         if (url == NULL || urlSz == 0)
    601. 

  601.         {
    602. 

  602.             *outName = 0;
    603. 

  603.             *outPath = 0;
    604. 

  604.             *outPort = 0;
    605. 

  605.         }
    606. 

  606.         else
    607. 

  607.         {
    608. 

  608.             int i, cur;
    609. 

  609.     
    610. 

  610.             /* need to break the url down into scheme, address, and port */
    611. 

  611.             /* "http://example.com:8080/" */
    612. 

  612.             if (XSTRNCMP(url, "http://", 7) == 0) {
    613. 

  613.                 cur = 7;
    614. 

  614.             } else cur = 0;
    615. 

  615.     
    616. 

  616.             i = 0;
    617. 

  617.             while (url[cur] != 0 && url[cur] != ':' && url[cur] != '/') {
    618. 

  618.                 outName[i++] = url[cur++];
    619. 

  619.             }
    620. 

  620.             outName[i] = 0;
    621. 

  621.             /* Need to pick out the path after the domain name */
    622. 

  622.     
    623. 

  623.             if (cur < urlSz && url[cur] == ':') {
    624. 

  624.                 char port[6];
    625. 

  625.                 int j;
    626. 

  626.                 i = 0;
    627. 

  627.                 cur++;
    628. 

  628.                 while (cur < urlSz && url[cur] != 0 && url[cur] != '/' &&
    629. 

  629.                         i < 6) {
    630. 

  630.                     port[i++] = url[cur++];
    631. 

  631.                 }
    632. 

  632.     
    633. 

  633.                 *outPort = 0;
    634. 

  634.                 for (j = 0; j < i; j++) {
    635. 

  635.                     if (port[j] < '0' || port[j] > '9') return -1;
    636. 

  636.                     *outPort = (*outPort * 10) + (port[j] - '0');
    637. 

  637.                 }
    638. 

  638.             }
    639. 

  639.             else
    640. 

  640.                 *outPort = 80;
    641. 

  641.     
    642. 

  642.             if (cur < urlSz && url[cur] == '/') {
    643. 

  643.                 i = 0;
    644. 

  644.                 while (cur < urlSz && url[cur] != 0 && i < 80) {
    645. 

  645.                     outPath[i++] = url[cur++];
    646. 

  646.                 }
    647. 

  647.                 outPath[i] = 0;
    648. 

  648.             }
    649. 

  649.             else {
    650. 

  650.                 outPath[0] = '/';
    651. 

  651.                 outPath[1] = 0;
    652. 

  652.             }
    653. 

  653.         }
    654. 

  654.     }
    655. 

  655. 

  656.     return 0;
    657. 

  657. }
    658. 

  658. 

  659. 

  660. #define SCRATCH_BUFFER_SIZE 2048
    661. 

  661. 

  662. int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
    663. 

  663.                         byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
    664. 

  664. {
    665. 

  665.     char domainName[80], path[80];
    666. 

  666.     int port, httpBufSz, sfd;
    667. 

  667.     int ocspRespSz = 0;
    668. 

  668.     byte* httpBuf = NULL;
    669. 

  669. 

  670.     (void)ctx;
    671. 

  671. 

  672.     if (ocspReqBuf == NULL || ocspReqSz == 0) {
    673. 

  673.         CYASSL_MSG("OCSP request is required for lookup");
    674. 

  674.         return -1;
    675. 

  675.     }
    676. 

  676. 

  677.     if (ocspRespBuf == NULL) {
    678. 

  678.         CYASSL_MSG("Cannot save OCSP response");
    679. 

  679.         return -1;
    680. 

  680.     }
    681. 

  681. 

  682.     if (decode_url(url, urlSz, domainName, path, &port) < 0) {
    683. 

  683.         CYASSL_MSG("Unable to decode OCSP URL");
    684. 

  684.         return -1;
    685. 

  685.     }
    686. 

  686.     
    687. 

  687.     httpBufSz = SCRATCH_BUFFER_SIZE;
    688. 

  688.     httpBuf = (byte*)XMALLOC(httpBufSz, NULL, DYNAMIC_TYPE_IN_BUFFER);
    689. 

  689. 

  690.     if (httpBuf == NULL) {
    691. 

  691.         CYASSL_MSG("Unable to create OCSP response buffer");
    692. 

  692.         return -1;
    693. 

  693.     }
    694. 

  694.     *ocspRespBuf = httpBuf;
    695. 

  695. 

  696.     httpBufSz = build_http_request(domainName, path, ocspReqSz,
    697. 

  697.                                                         httpBuf, httpBufSz);
    698. 

  698. 

  699.     if ((tcp_connect(&sfd, domainName, port) == 0) && (sfd > 0)) {
    700. 

  700.         int written;
    701. 

  701.         written = (int)write(sfd, httpBuf, httpBufSz);
    702. 

  702.         if (written == httpBufSz) {
    703. 

  703.             written = (int)write(sfd, ocspReqBuf, ocspReqSz);
    704. 

  704.             if (written == ocspReqSz) {
    705. 

  705.                 httpBufSz = (int)read(sfd, httpBuf, SCRATCH_BUFFER_SIZE);
    706. 

  706.                 if (httpBufSz > 0) {
    707. 

  707.                     ocspRespSz = decode_http_response(httpBuf, httpBufSz,
    708. 

  708.                         ocspRespBuf);
    709. 

  709.                 }
    710. 

  710.             }
    711. 

  711.         }
    712. 

  712.         close(sfd);
    713. 

  713.         if (ocspRespSz == 0) {
    714. 

  714.             CYASSL_MSG("OCSP response was not OK, no OCSP response");
    715. 

  715.             return -1;
    716. 

  716.         }
    717. 

  717.     } else {
    718. 

  718.         CYASSL_MSG("OCSP Responder connection failed");
    719. 

  719.         return -1;
    720. 

  720.     }
    721. 

  721. 

  722.     return ocspRespSz;
    723. 

  723. }
    724. 

  724. 

  725. 

  726. void EmbedOcspRespFree(void* ctx, byte *resp)
    727. 

  727. {
    728. 

  728.     (void)ctx;
    729. 

  729. 

  730.     if (resp)
    731. 

  731.         XFREE(resp, NULL, DYNAMIC_TYPE_IN_BUFFER);
    732. 

  732. }
    733. 

  733. 

  734. 

  735. #endif
    736. 

  736. 

  737. #endif /* CYASSL_USER_IO */
    738. 

  738. 

  739. CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX *ctx, CallbackIORecv CBIORecv)
    740. 

  740. {
    741. 

  741.     ctx->CBIORecv = CBIORecv;
    742. 

  742. }
    743. 

  743. 

  744. 

  745. CYASSL_API void CyaSSL_SetIOSend(CYASSL_CTX *ctx, CallbackIOSend CBIOSend)
    746. 

  746. {
    747. 

  747.     ctx->CBIOSend = CBIOSend;
    748. 

  748. }
    749. 

  749. 

  750. 

  751. CYASSL_API void CyaSSL_SetIOReadCtx(CYASSL* ssl, void *rctx)
    752. 

  752. {
    753. 

  753. 	ssl->IOCB_ReadCtx = rctx;
    754. 

  754. }
    755. 

  755. 

  756. 

  757. CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *wctx)
    758. 

  758. {
    759. 

  759. 	ssl->IOCB_WriteCtx = wctx;
    760. 

  760. }
    761. 

  761. 

  762. 

  763. CYASSL_API void CyaSSL_SetIOReadFlags(CYASSL* ssl, int flags)
    764. 

  764. {
    765. 

  765.     ssl->rflags = flags; 
    766. 

  766. }
    767. 

  767. 

  768. 

  769. CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags)
    770. 

  770. {
    771. 

  771.     ssl->wflags = flags;
    772. 

  772. }
    773. 

  773. 

  774. #ifdef HAVE_OCSP
    775. 

  775. 

  776. CYASSL_API void CyaSSL_SetIOOcsp(CYASSL_CTX* ctx, CallbackIOOcsp cb)
    777. 

  777. {
    778. 

  778.     ctx->ocsp.CBIOOcsp = cb;
    779. 

  779. }
    780. 

  780. 

  781. CYASSL_API void CyaSSL_SetIOOcspRespFree(CYASSL_CTX* ctx,
    782. 

  782.                                                      CallbackIOOcspRespFree cb)
    783. 

  783. {
    784. 

  784.     ctx->ocsp.CBIOOcspRespFree = cb;
    785. 

  785. }
    786. 

  786. 

  787. CYASSL_API void CyaSSL_SetIOOcspCtx(CYASSL_CTX* ctx, void *octx)
    788. 

  788. {
    789. 

  789.     ctx->ocsp.IOCB_OcspCtx = octx;
    790. 

  790. }
    791. 

  791. 

  792. #endif
    793. 

  793.