diff --git a/configure.ac b/configure.ac index 6e4669717..e95ac7dc2 100644 --- a/configure.ac +++ b/configure.ac @@ -2860,3 +2860,9 @@ echo " * Fast RSA: $ENABLED_FAST_RSA" echo " * Async Crypto: $ENABLED_ASYNCCRYPT" echo "" echo "---" + +# Show warnings at bottom so they are noticed +if test "$ENABLED_ASYNCCRYPT" = "yes" +then + AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.]) +fi diff --git a/examples/client/client.c b/examples/client/client.c index d800cb26e..0741d2512 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -68,7 +68,7 @@ #endif -static void NonBlockingSSL_Connect(WOLFSSL_CTX* ctx, WOLFSSL* ssl) +static void NonBlockingSSL_Connect(WOLFSSL* ssl) { #ifndef WOLFSSL_CALLBACKS int ret = wolfSSL_connect(ssl); @@ -79,8 +79,6 @@ static void NonBlockingSSL_Connect(WOLFSSL_CTX* ctx, WOLFSSL* ssl) SOCKET_T sockfd = (SOCKET_T)wolfSSL_get_fd(ssl); int select_ret; - (void)ctx; - while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE || error == WC_PENDING_E)) { @@ -92,7 +90,7 @@ static void NonBlockingSSL_Connect(WOLFSSL_CTX* ctx, WOLFSSL* ssl) printf("... client would write block\n"); #ifdef WOLFSSL_ASYNC_CRYPT else if (error == WC_PENDING_E) { - ret = AsyncCryptPoll(ctx, ssl); + ret = AsyncCryptPoll(ssl); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif @@ -1180,13 +1178,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (nonBlocking) { wolfSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&sockfd); - NonBlockingSSL_Connect(ctx, ssl); + NonBlockingSSL_Connect(ssl); } else { do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { - ret = AsyncCryptPoll(ctx, ssl); + ret = AsyncCryptPoll(ssl); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif @@ -1338,7 +1336,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) if (nonBlocking) { wolfSSL_set_using_nonblock(sslResume, 1); tcp_set_nonblocking(&sockfd); - NonBlockingSSL_Connect(ctx, sslResume); + NonBlockingSSL_Connect(sslResume); } else if (wolfSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index 4957b7a34..330324ce4 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -177,7 +177,7 @@ void echoclient_test(void* args) do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { - ret = AsyncCryptPoll(ctx, ssl); + ret = AsyncCryptPoll(ssl); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 4318a5816..11a087452 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -266,7 +266,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { - ret = AsyncCryptPoll(ctx, ssl); + ret = AsyncCryptPoll(ssl); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif diff --git a/examples/server/server.c b/examples/server/server.c index 0774a3142..29a07522f 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -843,7 +843,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { - ret = AsyncCryptPoll(ctx, ssl); + ret = AsyncCryptPoll(ssl); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif diff --git a/src/ssl.c b/src/ssl.c index 78ae3edcb..9ff1a28cf 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3433,7 +3433,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, ecc_key key; wc_ecc_init(&key); - if (wc_EccPrivateKeyDecode(der->buffer, &idx, &key, + if (wc_EccPrivateKeyDecode(der->buffer, &idx, &key, der->length) != 0) { wc_ecc_free(&key); return SSL_BAD_FILE; @@ -4542,7 +4542,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) else dynamic = 1; } - + if (ret == 0) { if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) { ret = SSL_BAD_FILE; @@ -6429,10 +6429,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifndef NO_CERTS /* in case used set_accept_state after init */ - if (!havePSK && !haveAnon && - (!ssl->buffers.certificate || + if (!havePSK && !haveAnon && + (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer || - !ssl->buffers.key || + !ssl->buffers.key || !ssl->buffers.key->buffer)) { WOLFSSL_MSG("accept error: don't have server cert and key"); ssl->error = NO_PRIVATE_KEY; @@ -11200,10 +11200,10 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) int result = SSL_FATAL_ERROR; WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert"); - if (store != NULL && store->cm != NULL && x509 != NULL + if (store != NULL && store->cm != NULL && x509 != NULL && x509->derCert != NULL) { DerBuffer* derCert = NULL; - + result = AllocDer(&derCert, x509->derCert->length, x509->derCert->type, NULL); if (result == 0) { @@ -17827,48 +17827,23 @@ void* wolfSSL_get_jobject(WOLFSSL* ssl) #endif /* WOLFSSL_JNI */ #ifdef HAVE_WOLF_EVENT -int wolfssl_CTX_poll_peek(WOLFSSL_CTX* ctx, int* eventCount) -{ - WOLF_EVENT* event; - int count = 0; - - if (ctx == NULL) { - return BAD_FUNC_ARG; - } - -#ifndef SINGLE_THREADED - if (LockMutex(&ctx->event_queue.lock) != 0) { - return BAD_MUTEX_E; - } -#endif - - /* Itterate event queue */ - for (event = ctx->event_queue.head; event != NULL; event = event->next) { - count++; - } - -#ifndef SINGLE_THREADED - UnLockMutex(&ctx->event_queue.lock); -#endif - - if (eventCount) { - *eventCount = count; - } - - return 0; -} - -int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events, int maxEvents, - unsigned char flags, int* eventCount) +static int _wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLFSSL* ssl, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount) { WOLF_EVENT* event, *event_prev = NULL; int count = 0, ret = SSL_ERROR_NONE; - if (ctx == NULL || events == NULL || maxEvents <= 0) { + if (ctx == NULL || maxEvents <= 0) { + return BAD_FUNC_ARG; + } + + /* Events arg can be NULL only if peek */ + if (events == NULL && !(flags & WOLF_POLL_FLAG_PEEK)) { return BAD_FUNC_ARG; } #ifndef SINGLE_THREADED + /* In single threaded mode "event_queue.lock" doesn't exist */ if (LockMutex(&ctx->event_queue.lock) != 0) { return BAD_MUTEX_E; } @@ -17879,25 +17854,35 @@ int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events, int maxEvents, { byte removeEvent = 0; - #ifdef WOLFSSL_ASYNC_CRYPT - if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST && - event->type <= WOLF_EVENT_TYPE_ASYNC_LAST) - { - ret = wolfSSL_async_poll(event, flags); - } - #endif /* WOLFSSL_ASYNC_CRYPT */ - - /* If event is done add to returned event data */ - if (event->done) { - /* Check to make sure we have room for event */ - if (count >= maxEvents) { - break; /* Exit for */ + /* Optionally filter by ssl object pointer */ + if (ssl == NULL || (ssl == event->ssl)) { + if (flags & WOLF_POLL_FLAG_PEEK) { + if (events) { + /* Copy event data to provided buffer */ + XMEMCPY(&events[count], event, sizeof(WOLF_EVENT)); + } + count++; } + else { + /* Check hardware */ + if (flags & WOLF_POLL_FLAG_CHECK_HW) { + #ifdef WOLFSSL_ASYNC_CRYPT + if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST && + event->type <= WOLF_EVENT_TYPE_ASYNC_LAST) + { + ret = wolfSSL_async_poll(event, flags); + } + #endif /* WOLFSSL_ASYNC_CRYPT */ + } - /* Copy event data to provided buffer */ - XMEMCPY(&events[count], event, sizeof(WOLF_EVENT)); - count++; - removeEvent = 1; + /* If event is done then return in 'events' argument */ + if (event->done) { + /* Copy event data to provided buffer */ + XMEMCPY(&events[count], event, sizeof(WOLF_EVENT)); + count++; + removeEvent = 1; + } + } } if (removeEvent) { @@ -17917,6 +17902,11 @@ int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events, int maxEvents, event_prev = event; } + /* Check to make sure our event list isn't full */ + if (events && count >= maxEvents) { + break; /* Exit for */ + } + /* Check for error */ if (ret < 0) { break; /* Exit for */ @@ -17926,19 +17916,28 @@ int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events, int maxEvents, #ifndef SINGLE_THREADED UnLockMutex(&ctx->event_queue.lock); #endif - - /* Return number of poperly populated events */ + + /* Return number of properly populated events */ if (eventCount) { *eventCount = count; } - /* Make sure success returns 0 */ - if (ret > 0) { - ret = 0; - } - return ret; } + +int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount) +{ + return _wolfSSL_CTX_poll(ctx, NULL, events, maxEvents, flags, eventCount); +} + +int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount) +{ + return _wolfSSL_CTX_poll(ssl->ctx, ssl, events, maxEvents, flags, + eventCount); +} + #endif /* HAVE_WOLF_EVENT */ #endif /* WOLFCRYPT_ONLY */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 046176542..3ee601b7d 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1806,11 +1806,14 @@ struct WOLF_EVENT { enum WOLF_POLL_FLAGS { WOLF_POLL_FLAG_CHECK_HW = 0x01, + WOLF_POLL_FLAG_PEEK = 0x02, }; -WOLFSSL_API int wolfssl_CTX_poll_peek(WOLFSSL_CTX* ctx, int* eventCount); -WOLFSSL_API int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events, int maxEvents, - unsigned char flags, int* eventCount); +WOLFSSL_API int wolfSSL_CTX_poll(WOLFSSL_CTX* ctx, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount); +WOLFSSL_API int wolfSSL_poll(WOLFSSL* ssl, WOLF_EVENT* events, + int maxEvents, unsigned char flags, int* eventCount); + #endif /* HAVE_WOLF_EVENT */ #ifdef __cplusplus diff --git a/wolfssl/test.h b/wolfssl/test.h index 6d1ed6cd8..293ef0309 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1908,19 +1908,17 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num) #endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */ #ifdef WOLFSSL_ASYNC_CRYPT - static INLINE int AsyncCryptPoll(WOLFSSL_CTX* ctx, WOLFSSL* ssl) + static INLINE int AsyncCryptPoll(WOLFSSL* ssl) { int ret, eventCount = 0; WOLF_EVENT events[1]; printf("Connect/Accept got WC_PENDING_E\n"); - ret = wolfSSL_CTX_poll(ctx, events, sizeof(events)/sizeof(WOLF_EVENT), WOLF_POLL_FLAG_CHECK_HW, &eventCount); + ret = wolfSSL_poll(ssl, events, sizeof(events)/sizeof(WOLF_EVENT), + WOLF_POLL_FLAG_CHECK_HW, &eventCount); if (ret == 0 && eventCount > 0) { - /* Check the SSL context in the event matches ours */ - if (events[0].ssl == ssl) { - ret = 1; /* Success */ - } + ret = 1; /* Success */ } return ret;