diff options
| author | Khem Raj <raj.khem@gmail.com> | 2025-05-24 00:38:56 -0700 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2025-05-29 00:08:10 -0700 |
| commit | 5cf87bcb8704b7ed1fe4aa5953870a2e627dd50a (patch) | |
| tree | b38d231d85c9bc348a3e4b49d5abda35a7652026 | |
| parent | 9ff6cce43f819640a515a905f8dcbbec00ec10a0 (diff) | |
| download | meta-openembedded-5cf87bcb8704b7ed1fe4aa5953870a2e627dd50a.tar.gz | |
wolfssl: Upgrade to 5.8.0
Define relative path for certs
Backport patch to fix ptests
Fixes
WARNING: wolfssl-5.8.0-r0 do_package_qa: QA Issue: File /usr/lib/wolfssl/ptest/test/.libs/unit.test in package wolfssl-ptest contains reference to TMPDIR [buildpaths]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-networking/recipes-connectivity/wolfssl/files/0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch | 791 | ||||
| -rw-r--r-- | meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb (renamed from meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb) | 7 |
2 files changed, 797 insertions, 1 deletions
diff --git a/meta-networking/recipes-connectivity/wolfssl/files/0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch b/meta-networking/recipes-connectivity/wolfssl/files/0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch new file mode 100644 index 0000000000..f4f149c7e8 --- /dev/null +++ b/meta-networking/recipes-connectivity/wolfssl/files/0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch | |||
| @@ -0,0 +1,791 @@ | |||
| 1 | From 04975ac158e6d33875c2855f74792efb2258bb93 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daniel Pouzzner <douzzer@wolfssl.com> | ||
| 3 | Date: Tue, 13 May 2025 20:30:48 -0500 | ||
| 4 | Subject: [PATCH] wolfssl/wolfcrypt/logging.h and wolfcrypt/src/logging.c: add | ||
| 5 | WOLFSSL_DEBUG_PRINTF() macro adapted from wolfssl_log(), refactor | ||
| 6 | wolfssl_log() to use it, and move printf setup includes/prototypes from | ||
| 7 | logging.c to logging.h; | ||
| 8 | |||
| 9 | src/ssl_load.c: add source_name arg and WOLFSSL_DEBUG_CERTIFICATE_LOADS clauses | ||
| 10 | to ProcessBuffer() and ProcessChainBuffer(), and pass reasonable values from | ||
| 11 | callers; | ||
| 12 | |||
| 13 | remove expired "Baltimore CyberTrust Root" from certs/external/ca_collection.pem | ||
| 14 | and certs/external/baltimore-cybertrust-root.pem. | ||
| 15 | |||
| 16 | Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/55460a52619626f614e86d528b9a60445562eb34] | ||
| 17 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
| 18 | --- | ||
| 19 | certs/external/baltimore-cybertrust-root.pem | 21 --- | ||
| 20 | certs/external/ca_collection.pem | 77 ---------- | ||
| 21 | src/ssl_load.c | 111 +++++++++++---- | ||
| 22 | wolfcrypt/src/error.c | 4 +- | ||
| 23 | wolfcrypt/src/logging.c | 142 ++----------------- | ||
| 24 | wolfssl/internal.h | 3 +- | ||
| 25 | wolfssl/wolfcrypt/logging.h | 93 +++++++++++- | ||
| 26 | 7 files changed, 190 insertions(+), 261 deletions(-) | ||
| 27 | delete mode 100644 certs/external/baltimore-cybertrust-root.pem | ||
| 28 | |||
| 29 | diff --git a/certs/external/baltimore-cybertrust-root.pem b/certs/external/baltimore-cybertrust-root.pem | ||
| 30 | deleted file mode 100644 | ||
| 31 | index 519028c63..000000000 | ||
| 32 | --- a/certs/external/baltimore-cybertrust-root.pem | ||
| 33 | +++ /dev/null | ||
| 34 | @@ -1,21 +0,0 @@ | ||
| 35 | ------BEGIN CERTIFICATE----- | ||
| 36 | -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ | ||
| 37 | -RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD | ||
| 38 | -VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX | ||
| 39 | -DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y | ||
| 40 | -ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy | ||
| 41 | -VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr | ||
| 42 | -mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr | ||
| 43 | -IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK | ||
| 44 | -mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu | ||
| 45 | -XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy | ||
| 46 | -dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye | ||
| 47 | -jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 | ||
| 48 | -BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 | ||
| 49 | -DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 | ||
| 50 | -9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx | ||
| 51 | -jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 | ||
| 52 | -Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz | ||
| 53 | -ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS | ||
| 54 | -R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp | ||
| 55 | ------END CERTIFICATE----- | ||
| 56 | diff --git a/certs/external/ca_collection.pem b/certs/external/ca_collection.pem | ||
| 57 | index ddfdf9cee..c76d6c605 100644 | ||
| 58 | --- a/certs/external/ca_collection.pem | ||
| 59 | +++ b/certs/external/ca_collection.pem | ||
| 60 | @@ -1,80 +1,3 @@ | ||
| 61 | -Certificate: | ||
| 62 | - Data: | ||
| 63 | - Version: 3 (0x2) | ||
| 64 | - Serial Number: 33554617 (0x20000b9) | ||
| 65 | - Signature Algorithm: sha1WithRSAEncryption | ||
| 66 | - Issuer: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root | ||
| 67 | - Validity | ||
| 68 | - Not Before: May 12 18:46:00 2000 GMT | ||
| 69 | - Not After : May 12 23:59:00 2025 GMT | ||
| 70 | - Subject: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root | ||
| 71 | - Subject Public Key Info: | ||
| 72 | - Public Key Algorithm: rsaEncryption | ||
| 73 | - RSA Public-Key: (2048 bit) | ||
| 74 | - Modulus: | ||
| 75 | - 00:a3:04:bb:22:ab:98:3d:57:e8:26:72:9a:b5:79: | ||
| 76 | - d4:29:e2:e1:e8:95:80:b1:b0:e3:5b:8e:2b:29:9a: | ||
| 77 | - 64:df:a1:5d:ed:b0:09:05:6d:db:28:2e:ce:62:a2: | ||
| 78 | - 62:fe:b4:88:da:12:eb:38:eb:21:9d:c0:41:2b:01: | ||
| 79 | - 52:7b:88:77:d3:1c:8f:c7:ba:b9:88:b5:6a:09:e7: | ||
| 80 | - 73:e8:11:40:a7:d1:cc:ca:62:8d:2d:e5:8f:0b:a6: | ||
| 81 | - 50:d2:a8:50:c3:28:ea:f5:ab:25:87:8a:9a:96:1c: | ||
| 82 | - a9:67:b8:3f:0c:d5:f7:f9:52:13:2f:c2:1b:d5:70: | ||
| 83 | - 70:f0:8f:c0:12:ca:06:cb:9a:e1:d9:ca:33:7a:77: | ||
| 84 | - d6:f8:ec:b9:f1:68:44:42:48:13:d2:c0:c2:a4:ae: | ||
| 85 | - 5e:60:fe:b6:a6:05:fc:b4:dd:07:59:02:d4:59:18: | ||
| 86 | - 98:63:f5:a5:63:e0:90:0c:7d:5d:b2:06:7a:f3:85: | ||
| 87 | - ea:eb:d4:03:ae:5e:84:3e:5f:ff:15:ed:69:bc:f9: | ||
| 88 | - 39:36:72:75:cf:77:52:4d:f3:c9:90:2c:b9:3d:e5: | ||
| 89 | - c9:23:53:3f:1f:24:98:21:5c:07:99:29:bd:c6:3a: | ||
| 90 | - ec:e7:6e:86:3a:6b:97:74:63:33:bd:68:18:31:f0: | ||
| 91 | - 78:8d:76:bf:fc:9e:8e:5d:2a:86:a7:4d:90:dc:27: | ||
| 92 | - 1a:39 | ||
| 93 | - Exponent: 65537 (0x10001) | ||
| 94 | - X509v3 extensions: | ||
| 95 | - X509v3 Subject Key Identifier: | ||
| 96 | - E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0 | ||
| 97 | - X509v3 Basic Constraints: critical | ||
| 98 | - CA:TRUE, pathlen:3 | ||
| 99 | - X509v3 Key Usage: critical | ||
| 100 | - Certificate Sign, CRL Sign | ||
| 101 | - Signature Algorithm: sha1WithRSAEncryption | ||
| 102 | - 85:0c:5d:8e:e4:6f:51:68:42:05:a0:dd:bb:4f:27:25:84:03: | ||
| 103 | - bd:f7:64:fd:2d:d7:30:e3:a4:10:17:eb:da:29:29:b6:79:3f: | ||
| 104 | - 76:f6:19:13:23:b8:10:0a:f9:58:a4:d4:61:70:bd:04:61:6a: | ||
| 105 | - 12:8a:17:d5:0a:bd:c5:bc:30:7c:d6:e9:0c:25:8d:86:40:4f: | ||
| 106 | - ec:cc:a3:7e:38:c6:37:11:4f:ed:dd:68:31:8e:4c:d2:b3:01: | ||
| 107 | - 74:ee:be:75:5e:07:48:1a:7f:70:ff:16:5c:84:c0:79:85:b8: | ||
| 108 | - 05:fd:7f:be:65:11:a3:0f:c0:02:b4:f8:52:37:39:04:d5:a9: | ||
| 109 | - 31:7a:18:bf:a0:2a:f4:12:99:f7:a3:45:82:e3:3c:5e:f5:9d: | ||
| 110 | - 9e:b5:c8:9e:7c:2e:c8:a4:9e:4e:08:14:4b:6d:fd:70:6d:6b: | ||
| 111 | - 1a:63:bd:64:e6:1f:b7:ce:f0:f2:9f:2e:bb:1b:b7:f2:50:88: | ||
| 112 | - 73:92:c2:e2:e3:16:8d:9a:32:02:ab:8e:18:dd:e9:10:11:ee: | ||
| 113 | - 7e:35:ab:90:af:3e:30:94:7a:d0:33:3d:a7:65:0f:f5:fc:8e: | ||
| 114 | - 9e:62:cf:47:44:2c:01:5d:bb:1d:b5:32:d2:47:d2:38:2e:d0: | ||
| 115 | - fe:81:dc:32:6a:1e:b5:ee:3c:d5:fc:e7:81:1d:19:c3:24:42: | ||
| 116 | - ea:63:39:a9 | ||
| 117 | ------BEGIN CERTIFICATE----- | ||
| 118 | -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ | ||
| 119 | -RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD | ||
| 120 | -VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX | ||
| 121 | -DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y | ||
| 122 | -ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy | ||
| 123 | -VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr | ||
| 124 | -mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr | ||
| 125 | -IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK | ||
| 126 | -mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu | ||
| 127 | -XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy | ||
| 128 | -dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye | ||
| 129 | -jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 | ||
| 130 | -BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 | ||
| 131 | -DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 | ||
| 132 | -9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx | ||
| 133 | -jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 | ||
| 134 | -Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz | ||
| 135 | -ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS | ||
| 136 | -R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp | ||
| 137 | ------END CERTIFICATE----- | ||
| 138 | Certificate: | ||
| 139 | Data: | ||
| 140 | Version: 3 (0x2) | ||
| 141 | diff --git a/src/ssl_load.c b/src/ssl_load.c | ||
| 142 | index 24c8af1be..d803b4093 100644 | ||
| 143 | --- a/src/ssl_load.c | ||
| 144 | +++ b/src/ssl_load.c | ||
| 145 | @@ -2352,11 +2352,13 @@ static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type) | ||
| 146 | * @param [out] used Number of bytes consumed. | ||
| 147 | * @param [in[ userChain Whether this certificate is for user's chain. | ||
| 148 | * @param [in] verify How to verify certificate. | ||
| 149 | + * @param [in] source_name Associated filename or other source ID. | ||
| 150 | * @return 1 on success. | ||
| 151 | * @return Less than 1 on failure. | ||
| 152 | */ | ||
| 153 | int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, | ||
| 154 | - int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify) | ||
| 155 | + int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify, | ||
| 156 | + const char *source_name) | ||
| 157 | { | ||
| 158 | DerBuffer* der = NULL; | ||
| 159 | int ret = 0; | ||
| 160 | @@ -2367,6 +2369,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, | ||
| 161 | EncryptedInfo info[1]; | ||
| 162 | #endif | ||
| 163 | int algId = 0; | ||
| 164 | +#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS | ||
| 165 | + long usedAtStart = used ? *used : 0L; | ||
| 166 | +#else | ||
| 167 | + (void)source_name; | ||
| 168 | +#endif | ||
| 169 | |||
| 170 | WOLFSSL_ENTER("ProcessBuffer"); | ||
| 171 | |||
| 172 | @@ -2444,6 +2451,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, | ||
| 173 | CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr); | ||
| 174 | ret = 0; | ||
| 175 | } | ||
| 176 | +#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS | ||
| 177 | + if (ret < 0) { | ||
| 178 | +#ifdef NO_ERROR_STRINGS | ||
| 179 | + WOLFSSL_DEBUG_PRINTF( | ||
| 180 | + "ERROR: ProcessUserChain: certificate from %s at offset %ld" | ||
| 181 | + " rejected with code %d\n", | ||
| 182 | + source_name, usedAtStart, ret); | ||
| 183 | +#else | ||
| 184 | + WOLFSSL_DEBUG_PRINTF( | ||
| 185 | + "ERROR: ProcessUserChain: certificate from %s at offset %ld" | ||
| 186 | + " rejected with code %d: %s\n", | ||
| 187 | + source_name, usedAtStart, ret, | ||
| 188 | + wolfSSL_ERR_reason_error_string(ret)); | ||
| 189 | +#endif | ||
| 190 | + } | ||
| 191 | +#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */ | ||
| 192 | } | ||
| 193 | |||
| 194 | #ifdef WOLFSSL_SMALL_STACK | ||
| 195 | @@ -2455,6 +2478,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, | ||
| 196 | /* Process the different types of certificates. */ | ||
| 197 | ret = ProcessBufferCertTypes(ctx, ssl, buff, sz, der, format, type, | ||
| 198 | verify); | ||
| 199 | +#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS | ||
| 200 | + if (ret < 0) { | ||
| 201 | +#ifdef NO_ERROR_STRINGS | ||
| 202 | + WOLFSSL_DEBUG_PRINTF( | ||
| 203 | + "ERROR: ProcessBufferCertTypes: certificate from %s at" | ||
| 204 | + " offset %ld rejected with code %d\n", | ||
| 205 | + source_name, usedAtStart, ret); | ||
| 206 | +#else | ||
| 207 | + WOLFSSL_DEBUG_PRINTF( | ||
| 208 | + "ERROR: ProcessBufferCertTypes: certificate from %s at" | ||
| 209 | + " offset %ld rejected with code %d: %s\n", | ||
| 210 | + source_name, usedAtStart, ret, | ||
| 211 | + wolfSSL_ERR_reason_error_string(ret)); | ||
| 212 | +#endif | ||
| 213 | + } | ||
| 214 | +#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */ | ||
| 215 | } | ||
| 216 | else { | ||
| 217 | FreeDer(&der); | ||
| 218 | @@ -2515,12 +2554,14 @@ static int ProcessChainBufferCRL(WOLFSSL_CTX* ctx, const unsigned char* buff, | ||
| 219 | * @param [in] sz Size of data in buffer. | ||
| 220 | * @param [in] type Type of data. | ||
| 221 | * @param [in] verify How to verify certificate. | ||
| 222 | + * @param [in] source_name Associated filename or other source ID. | ||
| 223 | * @return 1 on success. | ||
| 224 | * @return 0 on failure. | ||
| 225 | * @return MEMORY_E when dynamic memory allocation fails. | ||
| 226 | */ | ||
| 227 | static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl, | ||
| 228 | - const unsigned char* buff, long sz, int type, int verify) | ||
| 229 | + const unsigned char* buff, long sz, int type, int verify, | ||
| 230 | + const char *source_name) | ||
| 231 | { | ||
| 232 | int ret = 0; | ||
| 233 | long used = 0; | ||
| 234 | @@ -2529,11 +2570,11 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl, | ||
| 235 | WOLFSSL_MSG("Processing CA PEM file"); | ||
| 236 | /* Keep processing file while no errors and data to parse. */ | ||
| 237 | while ((ret >= 0) && (used < sz)) { | ||
| 238 | - long consumed = 0; | ||
| 239 | + long consumed = used; | ||
| 240 | |||
| 241 | /* Process the buffer. */ | ||
| 242 | ret = ProcessBuffer(ctx, buff + used, sz - used, WOLFSSL_FILETYPE_PEM, | ||
| 243 | - type, ssl, &consumed, 0, verify); | ||
| 244 | + type, ssl, &consumed, 0, verify, source_name); | ||
| 245 | /* Memory allocation failure is fatal. */ | ||
| 246 | if (ret == WC_NO_ERR_TRACE(MEMORY_E)) { | ||
| 247 | gotOne = 0; | ||
| 248 | @@ -2665,6 +2706,12 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, | ||
| 249 | { | ||
| 250 | /* Not a header that we support. */ | ||
| 251 | WOLFSSL_MSG("Failed to detect certificate type"); | ||
| 252 | +#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS | ||
| 253 | + WOLFSSL_DEBUG_PRINTF( | ||
| 254 | + "ERROR: ProcessFile: Failed to detect certificate type" | ||
| 255 | + " of \"%s\"\n", | ||
| 256 | + fname); | ||
| 257 | +#endif | ||
| 258 | ret = WOLFSSL_BAD_CERTTYPE; | ||
| 259 | } | ||
| 260 | } | ||
| 261 | @@ -2673,7 +2720,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, | ||
| 262 | if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) && | ||
| 263 | (format == WOLFSSL_FILETYPE_PEM)) { | ||
| 264 | ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type, | ||
| 265 | - verify); | ||
| 266 | + verify, fname); | ||
| 267 | } | ||
| 268 | #ifdef HAVE_CRL | ||
| 269 | else if (type == CRL_TYPE) { | ||
| 270 | @@ -2690,18 +2737,18 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, | ||
| 271 | long consumed = 0; | ||
| 272 | |||
| 273 | ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl, | ||
| 274 | - &consumed, userChain, verify); | ||
| 275 | + &consumed, userChain, verify, fname); | ||
| 276 | if ((ret == 1) && (consumed < sz)) { | ||
| 277 | ret = ProcessBuffer(ctx, content.buffer + consumed, | ||
| 278 | sz - consumed, format, ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, | ||
| 279 | - verify); | ||
| 280 | + verify, fname); | ||
| 281 | } | ||
| 282 | } | ||
| 283 | #endif | ||
| 284 | else { | ||
| 285 | /* Load all other certificate types. */ | ||
| 286 | ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl, | ||
| 287 | - NULL, userChain, verify); | ||
| 288 | + NULL, userChain, verify, fname); | ||
| 289 | } | ||
| 290 | } | ||
| 291 | |||
| 292 | @@ -3030,7 +3077,8 @@ static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded) | ||
| 293 | if (ProcessBuffer(ctx, certCtx->pbCertEncoded, | ||
| 294 | certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1, | ||
| 295 | CA_TYPE, NULL, NULL, 0, | ||
| 296 | - GET_VERIFY_SETTING_CTX(ctx)) == 1) { | ||
| 297 | + GET_VERIFY_SETTING_CTX(ctx), | ||
| 298 | + storeNames[i]) == 1) { | ||
| 299 | /* | ||
| 300 | * Set "loaded" as long as we've loaded one CA | ||
| 301 | * cert. | ||
| 302 | @@ -3105,7 +3153,8 @@ static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded) | ||
| 303 | if (ProcessBuffer(ctx, CFDataGetBytePtr(der), | ||
| 304 | CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1, | ||
| 305 | CA_TYPE, NULL, NULL, 0, | ||
| 306 | - GET_VERIFY_SETTING_CTX(ctx)) == 1) { | ||
| 307 | + GET_VERIFY_SETTING_CTX(ctx), | ||
| 308 | + "MacOSX trustDomains") == 1) { | ||
| 309 | /* | ||
| 310 | * Set "loaded" as long as we've loaded one CA | ||
| 311 | * cert. | ||
| 312 | @@ -3644,7 +3693,8 @@ int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509) | ||
| 313 | /* Get DER encoded certificate data from X509 object. */ | ||
| 314 | ret = ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length, | ||
| 315 | WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0, | ||
| 316 | - GET_VERIFY_SETTING_SSL(ssl)); | ||
| 317 | + GET_VERIFY_SETTING_SSL(ssl), | ||
| 318 | + "x509 buffer"); | ||
| 319 | } | ||
| 320 | |||
| 321 | /* Return 1 on success or 0 on failure. */ | ||
| 322 | @@ -3676,7 +3726,8 @@ int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der, | ||
| 323 | long idx = 0; | ||
| 324 | |||
| 325 | ret = ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, | ||
| 326 | - ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl)); | ||
| 327 | + ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl), | ||
| 328 | + "asn1 buffer"); | ||
| 329 | } | ||
| 330 | |||
| 331 | /* Return 1 on success or 0 on failure. */ | ||
| 332 | @@ -3884,12 +3935,13 @@ int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, const unsigned char* in, | ||
| 333 | |||
| 334 | /* When PEM, treat as certificate chain of CA certificates. */ | ||
| 335 | if (format == WOLFSSL_FILETYPE_PEM) { | ||
| 336 | - ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify); | ||
| 337 | + ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify, | ||
| 338 | + "PEM buffer"); | ||
| 339 | } | ||
| 340 | /* When DER, load the CA certificate. */ | ||
| 341 | else { | ||
| 342 | ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL, | ||
| 343 | - userChain, verify); | ||
| 344 | + userChain, verify, "buffer"); | ||
| 345 | } | ||
| 346 | #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) | ||
| 347 | if (ret == 1) { | ||
| 348 | @@ -3973,12 +4025,12 @@ int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, | ||
| 349 | /* When PEM, treat as certificate chain of trusted peer certificates. */ | ||
| 350 | if (format == WOLFSSL_FILETYPE_PEM) { | ||
| 351 | ret = ProcessChainBuffer(ctx, NULL, in, sz, TRUSTED_PEER_TYPE, | ||
| 352 | - verify); | ||
| 353 | + verify, "peer"); | ||
| 354 | } | ||
| 355 | /* When DER, load the trusted peer certificate. */ | ||
| 356 | else { | ||
| 357 | ret = ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL, | ||
| 358 | - NULL, 0, verify); | ||
| 359 | + NULL, 0, verify, "peer"); | ||
| 360 | } | ||
| 361 | } | ||
| 362 | |||
| 363 | @@ -4004,7 +4056,7 @@ int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx, | ||
| 364 | |||
| 365 | WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer"); | ||
| 366 | ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0, | ||
| 367 | - GET_VERIFY_SETTING_CTX(ctx)); | ||
| 368 | + GET_VERIFY_SETTING_CTX(ctx), "buffer"); | ||
| 369 | WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret); | ||
| 370 | |||
| 371 | return ret; | ||
| 372 | @@ -4030,7 +4082,7 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, | ||
| 373 | WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer"); | ||
| 374 | |||
| 375 | ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, &consumed, | ||
| 376 | - 0, GET_VERIFY_SETTING_CTX(ctx)); | ||
| 377 | + 0, GET_VERIFY_SETTING_CTX(ctx), "key buffer"); | ||
| 378 | #ifdef WOLFSSL_DUAL_ALG_CERTS | ||
| 379 | if ((ret == 1) && (consumed < sz)) { | ||
| 380 | /* When support for dual algorithm certificates is enabled, the | ||
| 381 | @@ -4038,7 +4090,8 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, | ||
| 382 | * private key. Hence, we have to parse both of them. | ||
| 383 | */ | ||
| 384 | ret = ProcessBuffer(ctx, in + consumed, sz - consumed, format, | ||
| 385 | - ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); | ||
| 386 | + ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx), | ||
| 387 | + "key buffer"); | ||
| 388 | } | ||
| 389 | #endif | ||
| 390 | |||
| 391 | @@ -4056,7 +4109,7 @@ int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx, | ||
| 392 | |||
| 393 | WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_buffer"); | ||
| 394 | ret = ProcessBuffer(ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, NULL, | ||
| 395 | - NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); | ||
| 396 | + NULL, 0, GET_VERIFY_SETTING_CTX(ctx), "alt key buffer"); | ||
| 397 | WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_buffer", ret); | ||
| 398 | |||
| 399 | return ret; | ||
| 400 | @@ -4271,7 +4324,8 @@ static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx, | ||
| 401 | } | ||
| 402 | |||
| 403 | ret = ProcessBuffer(ctx, certData, certDataLen, certFormat, | ||
| 404 | - CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); | ||
| 405 | + CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx), | ||
| 406 | + label ? label : "cert buffer"); | ||
| 407 | |||
| 408 | exit: | ||
| 409 | XFREE(certData, ctx->heap, DYNAMIC_TYPE_CERT); | ||
| 410 | @@ -4333,7 +4387,7 @@ int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx, | ||
| 411 | { | ||
| 412 | WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format"); | ||
| 413 | return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1, | ||
| 414 | - GET_VERIFY_SETTING_CTX(ctx)); | ||
| 415 | + GET_VERIFY_SETTING_CTX(ctx), "cert chain buffer"); | ||
| 416 | } | ||
| 417 | |||
| 418 | /* Load a PEM encoded certificate chain in a buffer into SSL context. | ||
| 419 | @@ -4376,7 +4430,7 @@ int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in, | ||
| 420 | } | ||
| 421 | else { | ||
| 422 | ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0, | ||
| 423 | - GET_VERIFY_SETTING_SSL(ssl)); | ||
| 424 | + GET_VERIFY_SETTING_SSL(ssl), "cert buffer"); | ||
| 425 | } | ||
| 426 | |||
| 427 | return ret; | ||
| 428 | @@ -4407,7 +4461,7 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, | ||
| 429 | } | ||
| 430 | else { | ||
| 431 | ret = ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, ssl, | ||
| 432 | - &consumed, 0, GET_VERIFY_SETTING_SSL(ssl)); | ||
| 433 | + &consumed, 0, GET_VERIFY_SETTING_SSL(ssl), "key buffer"); | ||
| 434 | #ifdef WOLFSSL_DUAL_ALG_CERTS | ||
| 435 | if ((ret == 1) && (consumed < sz)) { | ||
| 436 | /* When support for dual algorithm certificates is enabled, the | ||
| 437 | @@ -4415,7 +4469,8 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, | ||
| 438 | * private key. Hence, we have to parse both of them. | ||
| 439 | */ | ||
| 440 | ret = ProcessBuffer(ssl->ctx, in + consumed, sz - consumed, format, | ||
| 441 | - ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl)); | ||
| 442 | + ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl), | ||
| 443 | + "key buffer"); | ||
| 444 | } | ||
| 445 | #endif | ||
| 446 | } | ||
| 447 | @@ -4431,7 +4486,7 @@ int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, | ||
| 448 | |||
| 449 | WOLFSSL_ENTER("wolfSSL_use_AltPrivateKey_buffer"); | ||
| 450 | ret = ProcessBuffer(ssl->ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, ssl, | ||
| 451 | - NULL, 0, GET_VERIFY_SETTING_SSL(ssl)); | ||
| 452 | + NULL, 0, GET_VERIFY_SETTING_SSL(ssl), "alt key buffer"); | ||
| 453 | WOLFSSL_LEAVE("wolfSSL_use_AltPrivateKey_buffer", ret); | ||
| 454 | |||
| 455 | return ret; | ||
| 456 | @@ -4669,7 +4724,7 @@ int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl, | ||
| 457 | } | ||
| 458 | else { | ||
| 459 | ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 1, | ||
| 460 | - GET_VERIFY_SETTING_SSL(ssl)); | ||
| 461 | + GET_VERIFY_SETTING_SSL(ssl), "cert chain buffer"); | ||
| 462 | } | ||
| 463 | |||
| 464 | return ret; | ||
| 465 | @@ -4826,7 +4881,7 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) | ||
| 466 | |||
| 467 | /* Process buffer makes first certificate the leaf. */ | ||
| 468 | ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, | ||
| 469 | - NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx)); | ||
| 470 | + NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx), "extra chain buffer"); | ||
| 471 | if (ret != 1) { | ||
| 472 | ret = 0; | ||
| 473 | } | ||
| 474 | diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c | ||
| 475 | index af5ba36b4..9ec9484d4 100644 | ||
| 476 | --- a/wolfcrypt/src/error.c | ||
| 477 | +++ b/wolfcrypt/src/error.c | ||
| 478 | @@ -182,10 +182,10 @@ const char* wc_GetErrorString(int error) | ||
| 479 | return "ASN date error, bad size"; | ||
| 480 | |||
| 481 | case ASN_BEFORE_DATE_E : | ||
| 482 | - return "ASN date error, current date before"; | ||
| 483 | + return "ASN date error, current date is before start of validity"; | ||
| 484 | |||
| 485 | case ASN_AFTER_DATE_E : | ||
| 486 | - return "ASN date error, current date after"; | ||
| 487 | + return "ASN date error, current date is after expiration"; | ||
| 488 | |||
| 489 | case ASN_SIG_OID_E : | ||
| 490 | return "ASN signature error, mismatched oid"; | ||
| 491 | diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c | ||
| 492 | index 29b9221df..b80fc3a56 100644 | ||
| 493 | --- a/wolfcrypt/src/logging.c | ||
| 494 | +++ b/wolfcrypt/src/logging.c | ||
| 495 | @@ -230,42 +230,6 @@ void WOLFSSL_TIME(int count) | ||
| 496 | |||
| 497 | #ifdef DEBUG_WOLFSSL | ||
| 498 | |||
| 499 | -#if defined(ARDUINO) | ||
| 500 | - /* see Arduino wolfssl.h for wolfSSL_Arduino_Serial_Print */ | ||
| 501 | -#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) | ||
| 502 | - /* see wc_port.h for fio.h and nio.h includes */ | ||
| 503 | -#elif defined(WOLFSSL_SGX) | ||
| 504 | - /* Declare sprintf for ocall */ | ||
| 505 | - int sprintf(char* buf, const char *fmt, ...); | ||
| 506 | -#elif defined(WOLFSSL_DEOS) | ||
| 507 | -#elif defined(MICRIUM) | ||
| 508 | - #if (BSP_SER_COMM_EN == DEF_ENABLED) | ||
| 509 | - #include <bsp_ser.h> | ||
| 510 | - #endif | ||
| 511 | -#elif defined(WOLFSSL_USER_LOG) | ||
| 512 | - /* user includes their own headers */ | ||
| 513 | -#elif defined(WOLFSSL_ESPIDF) | ||
| 514 | - #include "esp_types.h" | ||
| 515 | - #include "esp_log.h" | ||
| 516 | -#elif defined(WOLFSSL_TELIT_M2MB) | ||
| 517 | - #include <stdio.h> | ||
| 518 | - #include "m2m_log.h" | ||
| 519 | -#elif defined(WOLFSSL_ANDROID_DEBUG) | ||
| 520 | - #include <android/log.h> | ||
| 521 | -#elif defined(WOLFSSL_XILINX) | ||
| 522 | - #include "xil_printf.h" | ||
| 523 | -#elif defined(WOLFSSL_LINUXKM) | ||
| 524 | - /* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */ | ||
| 525 | -#elif defined(FUSION_RTOS) | ||
| 526 | - #include <fclstdio.h> | ||
| 527 | - #define fprintf FCL_FPRINTF | ||
| 528 | -#else | ||
| 529 | - #include <stdio.h> /* for default printf stuff */ | ||
| 530 | -#endif | ||
| 531 | - | ||
| 532 | -#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) | ||
| 533 | - int dc_log_printf(char*, ...); | ||
| 534 | -#endif | ||
| 535 | |||
| 536 | #ifdef HAVE_STACK_SIZE_VERBOSE | ||
| 537 | #include <wolfssl/wolfcrypt/mem_track.h> | ||
| 538 | @@ -281,106 +245,30 @@ static void wolfssl_log(const int logLevel, const char* const file_name, | ||
| 539 | else { | ||
| 540 | #if defined(WOLFSSL_USER_LOG) | ||
| 541 | WOLFSSL_USER_LOG(logMessage); | ||
| 542 | -#elif defined(ARDUINO) | ||
| 543 | - wolfSSL_Arduino_Serial_Print(logMessage); | ||
| 544 | -#elif defined(WOLFSSL_LOG_PRINTF) | ||
| 545 | - if (file_name != NULL) | ||
| 546 | - printf("[%s L %d] %s\n", file_name, line_number, logMessage); | ||
| 547 | - else | ||
| 548 | - printf("%s\n", logMessage); | ||
| 549 | -#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) | ||
| 550 | - if (file_name != NULL) | ||
| 551 | - dc_log_printf("[%s L %d] %s\n", file_name, line_number, logMessage); | ||
| 552 | - else | ||
| 553 | - dc_log_printf("%s\n", logMessage); | ||
| 554 | -#elif defined(WOLFSSL_DEOS) | ||
| 555 | - if (file_name != NULL) | ||
| 556 | - printf("[%s L %d] %s\r\n", file_name, line_number, logMessage); | ||
| 557 | - else | ||
| 558 | - printf("%s\r\n", logMessage); | ||
| 559 | -#elif defined(MICRIUM) | ||
| 560 | - if (file_name != NULL) | ||
| 561 | - BSP_Ser_Printf("[%s L %d] %s\r\n", | ||
| 562 | - file_name, line_number, logMessage); | ||
| 563 | - else | ||
| 564 | - BSP_Ser_Printf("%s\r\n", logMessage); | ||
| 565 | -#elif defined(WOLFSSL_MDK_ARM) | ||
| 566 | - fflush(stdout) ; | ||
| 567 | - if (file_name != NULL) | ||
| 568 | - printf("[%s L %d] %s\n", file_name, line_number, logMessage); | ||
| 569 | - else | ||
| 570 | - printf("%s\n", logMessage); | ||
| 571 | - fflush(stdout) ; | ||
| 572 | -#elif defined(WOLFSSL_UTASKER) | ||
| 573 | - fnDebugMsg((char*)logMessage); | ||
| 574 | - fnDebugMsg("\r\n"); | ||
| 575 | -#elif defined(MQX_USE_IO_OLD) | ||
| 576 | - if (file_name != NULL) | ||
| 577 | - fprintf(_mqxio_stderr, "[%s L %d] %s\n", | ||
| 578 | - file_name, line_number, logMessage); | ||
| 579 | - else | ||
| 580 | - fprintf(_mqxio_stderr, "%s\n", logMessage); | ||
| 581 | -#elif defined(WOLFSSL_APACHE_MYNEWT) | ||
| 582 | - if (file_name != NULL) | ||
| 583 | - LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "[%s L %d] %s\n", | ||
| 584 | - file_name, line_number, logMessage); | ||
| 585 | - else | ||
| 586 | - LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage); | ||
| 587 | -#elif defined(WOLFSSL_ESPIDF) | ||
| 588 | - if (file_name != NULL) | ||
| 589 | - ESP_LOGI("wolfssl", "[%s L %d] %s", | ||
| 590 | - file_name, line_number, logMessage); | ||
| 591 | - else | ||
| 592 | - ESP_LOGI("wolfssl", "%s", logMessage); | ||
| 593 | -#elif defined(WOLFSSL_ZEPHYR) | ||
| 594 | - if (file_name != NULL) | ||
| 595 | - printk("[%s L %d] %s\n", file_name, line_number, logMessage); | ||
| 596 | - else | ||
| 597 | - printk("%s\n", logMessage); | ||
| 598 | -#elif defined(WOLFSSL_TELIT_M2MB) | ||
| 599 | - if (file_name != NULL) | ||
| 600 | - M2M_LOG_INFO("[%s L %d] %s\n", file_name, line_number, logMessage); | ||
| 601 | - else | ||
| 602 | - M2M_LOG_INFO("%s\n", logMessage); | ||
| 603 | -#elif defined(WOLFSSL_ANDROID_DEBUG) | ||
| 604 | - if (file_name != NULL) | ||
| 605 | - __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "[%s L %d] %s", | ||
| 606 | - file_name, line_number, logMessage); | ||
| 607 | - else | ||
| 608 | - __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s", | ||
| 609 | - logMessage); | ||
| 610 | -#elif defined(WOLFSSL_XILINX) | ||
| 611 | - if (file_name != NULL) | ||
| 612 | - xil_printf("[%s L %d] %s\r\n", file_name, line_number, logMessage); | ||
| 613 | - else | ||
| 614 | - xil_printf("%s\r\n", logMessage); | ||
| 615 | -#elif defined(WOLFSSL_LINUXKM) | ||
| 616 | - if (file_name != NULL) | ||
| 617 | - printk("[%s L %d] %s\n", file_name, line_number, logMessage); | ||
| 618 | - else | ||
| 619 | - printk("%s\n", logMessage); | ||
| 620 | -#elif defined(WOLFSSL_RENESAS_RA6M4) | ||
| 621 | - if (file_name != NULL) | ||
| 622 | - myprintf("[%s L %d] %s\n", file_name, line_number, logMessage); | ||
| 623 | - else | ||
| 624 | - myprintf("%s\n", logMessage); | ||
| 625 | -#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \ | ||
| 626 | - defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG) | ||
| 627 | - STACK_SIZE_CHECKPOINT_MSG(logMessage); | ||
| 628 | -#else | ||
| 629 | +#elif defined(WOLFSSL_DEBUG_PRINTF) | ||
| 630 | if (log_prefix != NULL) { | ||
| 631 | if (file_name != NULL) | ||
| 632 | - fprintf(stderr, "[%s]: [%s L %d] %s\n", | ||
| 633 | + WOLFSSL_DEBUG_PRINTF("[%s]: [%s L %d] %s\n", | ||
| 634 | log_prefix, file_name, line_number, logMessage); | ||
| 635 | else | ||
| 636 | - fprintf(stderr, "[%s]: %s\n", log_prefix, logMessage); | ||
| 637 | + WOLFSSL_DEBUG_PRINTF("[%s]: %s\n", log_prefix, logMessage); | ||
| 638 | } else { | ||
| 639 | if (file_name != NULL) | ||
| 640 | - fprintf(stderr, "[%s L %d] %s\n", | ||
| 641 | + WOLFSSL_DEBUG_PRINTF("[%s L %d] %s\n", | ||
| 642 | file_name, line_number, logMessage); | ||
| 643 | else | ||
| 644 | - fprintf(stderr, "%s\n", logMessage); | ||
| 645 | + WOLFSSL_DEBUG_PRINTF("%s\n", logMessage); | ||
| 646 | } | ||
| 647 | +#elif defined(ARDUINO) | ||
| 648 | + wolfSSL_Arduino_Serial_Print(logMessage); | ||
| 649 | +#elif defined(WOLFSSL_UTASKER) | ||
| 650 | + fnDebugMsg((char*)logMessage); | ||
| 651 | + fnDebugMsg("\r\n"); | ||
| 652 | +#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \ | ||
| 653 | + defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG) | ||
| 654 | + STACK_SIZE_CHECKPOINT_MSG(logMessage); | ||
| 655 | +#else | ||
| 656 | + #error No log method defined. | ||
| 657 | #endif | ||
| 658 | } | ||
| 659 | } | ||
| 660 | diff --git a/wolfssl/internal.h b/wolfssl/internal.h | ||
| 661 | index 9cdbdb697..dd191fb1a 100644 | ||
| 662 | --- a/wolfssl/internal.h | ||
| 663 | +++ b/wolfssl/internal.h | ||
| 664 | @@ -6389,7 +6389,8 @@ WOLFSSL_TEST_VIS void wolfSSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ | ||
| 665 | |||
| 666 | WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, | ||
| 667 | long sz, int format, int type, WOLFSSL* ssl, | ||
| 668 | - long* used, int userChain, int verify); | ||
| 669 | + long* used, int userChain, int verify, | ||
| 670 | + const char *source_name); | ||
| 671 | WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, | ||
| 672 | int type, WOLFSSL* ssl, int userChain, | ||
| 673 | WOLFSSL_CRL* crl, int verify); | ||
| 674 | diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h | ||
| 675 | index 49de70147..8b3cf0fd8 100644 | ||
| 676 | --- a/wolfssl/wolfcrypt/logging.h | ||
| 677 | +++ b/wolfssl/wolfcrypt/logging.h | ||
| 678 | @@ -89,11 +89,6 @@ enum wc_FuncNum { | ||
| 679 | }; | ||
| 680 | #endif | ||
| 681 | |||
| 682 | -#if defined(ARDUINO) | ||
| 683 | -/* implemented in Arduino wolfssl.h */ | ||
| 684 | -extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s); | ||
| 685 | -#endif /* ARDUINO */ | ||
| 686 | - | ||
| 687 | typedef void (*wolfSSL_Logging_cb)(const int logLevel, | ||
| 688 | const char *const logMessage); | ||
| 689 | |||
| 690 | @@ -157,6 +152,10 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); | ||
| 691 | #define WOLFSSL_TIME(n) WC_DO_NOTHING | ||
| 692 | #endif | ||
| 693 | |||
| 694 | +#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_CERTIFICATE_LOADS) | ||
| 695 | + #define WOLFSSL_DEBUG_CERTIFICATE_LOADS | ||
| 696 | +#endif | ||
| 697 | + | ||
| 698 | #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY) | ||
| 699 | #if defined(_WIN32) | ||
| 700 | #if defined(INTIME_RTOS) | ||
| 701 | @@ -268,6 +267,90 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); | ||
| 702 | extern WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer; | ||
| 703 | #endif | ||
| 704 | |||
| 705 | +/* Port-specific includes and printf methods: */ | ||
| 706 | + | ||
| 707 | +#if defined(ARDUINO) | ||
| 708 | + /* implemented in Arduino wolfssl.h */ | ||
| 709 | + extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s); | ||
| 710 | +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) | ||
| 711 | + /* see wc_port.h for fio.h and nio.h includes */ | ||
| 712 | +#elif defined(WOLFSSL_SGX) | ||
| 713 | + /* Declare sprintf for ocall */ | ||
| 714 | + int sprintf(char* buf, const char *fmt, ...); | ||
| 715 | +#elif defined(WOLFSSL_DEOS) | ||
| 716 | +#elif defined(MICRIUM) | ||
| 717 | + #if (BSP_SER_COMM_EN == DEF_ENABLED) | ||
| 718 | + #include <bsp_ser.h> | ||
| 719 | + #endif | ||
| 720 | +#elif defined(WOLFSSL_USER_LOG) | ||
| 721 | + /* user includes their own headers */ | ||
| 722 | +#elif defined(WOLFSSL_ESPIDF) | ||
| 723 | + #include "esp_types.h" | ||
| 724 | + #include "esp_log.h" | ||
| 725 | +#elif defined(WOLFSSL_TELIT_M2MB) | ||
| 726 | + #include <stdio.h> | ||
| 727 | + #include "m2m_log.h" | ||
| 728 | +#elif defined(WOLFSSL_ANDROID_DEBUG) | ||
| 729 | + #include <android/log.h> | ||
| 730 | +#elif defined(WOLFSSL_XILINX) | ||
| 731 | + #include "xil_printf.h" | ||
| 732 | +#elif defined(WOLFSSL_LINUXKM) | ||
| 733 | + /* the requisite linux/kernel.h is included in linuxkm_wc_port.h, with | ||
| 734 | + * incompatible warnings masked out. | ||
| 735 | + */ | ||
| 736 | +#elif defined(FUSION_RTOS) | ||
| 737 | + #include <fclstdio.h> | ||
| 738 | + #define fprintf FCL_FPRINTF | ||
| 739 | +#else | ||
| 740 | + #include <stdio.h> /* for default printf stuff */ | ||
| 741 | +#endif | ||
| 742 | + | ||
| 743 | +#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) | ||
| 744 | + int dc_log_printf(char*, ...); | ||
| 745 | +#endif | ||
| 746 | + | ||
| 747 | +#ifdef WOLFSSL_DEBUG_PRINTF | ||
| 748 | + /* user-supplied definition */ | ||
| 749 | +#elif defined(ARDUINO) | ||
| 750 | + /* ARDUINO only has print and sprintf, no printf. */ | ||
| 751 | +#elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS) | ||
| 752 | + #define WOLFSSL_DEBUG_PRINTF(...) printf(__VA_ARGS__) | ||
| 753 | +#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) | ||
| 754 | + #define WOLFSSL_DEBUG_PRINTF(...) dc_log_printf(__VA_ARGS__) | ||
| 755 | +#elif defined(MICRIUM) | ||
| 756 | + #define WOLFSSL_DEBUG_PRINTF(...) BSP_Ser_Printf(__VA_ARGS__) | ||
| 757 | +#elif defined(WOLFSSL_MDK_ARM) | ||
| 758 | + #define WOLFSSL_DEBUG_PRINTF(...) do { \ | ||
| 759 | + fflush(stdout); \ | ||
| 760 | + printf(__VA_ARGS__); \ | ||
| 761 | + fflush(stdout); \ | ||
| 762 | + } while (0) | ||
| 763 | +#elif defined(WOLFSSL_UTASKER) | ||
| 764 | + /* WOLFSSL_UTASKER only has fnDebugMsg and related primitives, no printf. */ | ||
| 765 | +#elif defined(MQX_USE_IO_OLD) | ||
| 766 | + #define WOLFSSL_DEBUG_PRINTF(...) fprintf(_mqxio_stderr, __VAR_ARGS) | ||
| 767 | +#elif defined(WOLFSSL_APACHE_MYNEWT) | ||
| 768 | + #define WOLFSSL_DEBUG_PRINTF(...) LOG_DEBUG(&mynewt_log, \ | ||
| 769 | + LOG_MODULE_DEFAULT, __VA_ARGS__) | ||
| 770 | +#elif defined(WOLFSSL_ESPIDF) | ||
| 771 | + #define WOLFSSL_DEBUG_PRINTF(...) ESP_LOGI("wolfssl", __VA_ARGS__) | ||
| 772 | +#elif defined(WOLFSSL_ZEPHYR) | ||
| 773 | + #define WOLFSSL_DEBUG_PRINTF(...) printk(__VA_ARGS__) | ||
| 774 | +#elif defined(WOLFSSL_TELIT_M2MB) | ||
| 775 | + #define WOLFSSL_DEBUG_PRINTF(...) M2M_LOG_INFO(__VA_ARGS__) | ||
| 776 | +#elif defined(WOLFSSL_ANDROID_DEBUG) | ||
| 777 | + #define WOLFSSL_DEBUG_PRINTF(...) __android_log_print(ANDROID_LOG_VERBOSE, \ | ||
| 778 | + "[wolfSSL]", __VA_ARGS__) | ||
| 779 | +#elif defined(WOLFSSL_XILINX) | ||
| 780 | + #define WOLFSSL_DEBUG_PRINTF(...) xil_printf(__VA_ARGS__) | ||
| 781 | +#elif defined(WOLFSSL_LINUXKM) | ||
| 782 | + #define WOLFSSL_DEBUG_PRINTF(...) printk(__VA_ARGS__) | ||
| 783 | +#elif defined(WOLFSSL_RENESAS_RA6M4) | ||
| 784 | + #define WOLFSSL_DEBUG_PRINTF(...) myprintf(__VA_ARGS__) | ||
| 785 | +#else | ||
| 786 | + #define WOLFSSL_DEBUG_PRINTF(...) fprintf(stderr, __VA_ARGS__) | ||
| 787 | +#endif | ||
| 788 | + | ||
| 789 | #ifdef __cplusplus | ||
| 790 | } | ||
| 791 | #endif | ||
diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb index b7ff23e719..b420795cee 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.7.2.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb | |||
| @@ -14,20 +14,25 @@ RPROVIDES:${PN} = "cyassl" | |||
| 14 | 14 | ||
| 15 | SRC_URI = " \ | 15 | SRC_URI = " \ |
| 16 | git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master \ | 16 | git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master \ |
| 17 | file://0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch \ | ||
| 17 | file://run-ptest \ | 18 | file://run-ptest \ |
| 18 | " | 19 | " |
| 19 | 20 | ||
| 20 | SRCREV = "00e42151ca061463ba6a95adb2290f678cbca472" | 21 | SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" |
| 21 | 22 | ||
| 22 | S = "${WORKDIR}/git" | 23 | S = "${WORKDIR}/git" |
| 23 | 24 | ||
| 24 | inherit autotools ptest | 25 | inherit autotools ptest |
| 25 | 26 | ||
| 27 | EXTRA_OECONF += "--enable-certreq --enable-dtls --enable-opensslextra --enable-certext --enable-certgen" | ||
| 28 | |||
| 26 | PACKAGECONFIG ?= "reproducible-build" | 29 | PACKAGECONFIG ?= "reproducible-build" |
| 27 | 30 | ||
| 28 | PACKAGECONFIG[reproducible-build] = "--enable-reproducible-build,--disable-reproducible-build," | 31 | PACKAGECONFIG[reproducible-build] = "--enable-reproducible-build,--disable-reproducible-build," |
| 29 | BBCLASSEXTEND += "native nativesdk" | 32 | BBCLASSEXTEND += "native nativesdk" |
| 30 | 33 | ||
| 34 | CFLAGS += '-fPIC -DCERT_REL_PREFIX=\\"./\\"' | ||
| 35 | |||
| 31 | RDEPENDS:${PN}-ptest += " bash" | 36 | RDEPENDS:${PN}-ptest += " bash" |
| 32 | 37 | ||
| 33 | do_install_ptest() { | 38 | do_install_ptest() { |