forked from wolfSSL/gnutls-wolfssl
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathwolfssl.c
More file actions
162 lines (139 loc) · 3.56 KB
/
wolfssl.c
File metadata and controls
162 lines (139 loc) · 3.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
/* Integration of wolfssl crypto with GnuTLS */
#include <wolfssl/options.h>
#include "gnutls_compat.h"
#include "wolfssl.h"
#include "logging.h"
#include "cipher.h"
#include "mac.h"
#include "digest.h"
#include "pk.h"
#include <wolfssl/wolfcrypt/fips_test.h>
#include <stdarg.h>
#include <sys/types.h>
#include <unistd.h>
#define MAX_DH_BITS 4096
#define MAX_DH_Q_SIZE 256
/*
* TODO
* o Consider making bigint_t implementation use mp_int.
*/
/**
* Constructor for shared library.
*
* Initializes the library.
*/
void __attribute__((constructor)) wolfssl_init(void) {
_gnutls_wolfssl_init();
}
#ifdef ENABLE_WOLFSSL
/**
* Module initialization
*
* @return 0 on success.
* @return Other value on failure.
*/
int _gnutls_wolfssl_init(void)
{
int ret;
char* str;
/* Set logging to be disabled by default. */
loggingEnabled = 0;
/* Set default logging file descriptor. */
loggingFd = stderr;
#if defined(XGETENV) && !defined(NO_GETENV)
/* Get the environment variable for logging level. */
if ((str = XGETENV("WGW_LOGGING")) != NULL) {
loggingEnabled = atoi(str);
}
/* Get the environment variable for logging filename. */
if ((str = XGETENV("WGW_LOGFILE")) != NULL) {
/* Use stdout if string is says so. */
if ((XSTRCMP(str, "STDOUT") == 0) ||
(XSTRCMP(str, "stdout") == 0)) {
loggingFd = stdout;
/* Use stderr if string is says so. */
} else if ((XSTRCMP(str, "STDERR") == 0) ||
(XSTRCMP(str, "stderr") == 0)) {
loggingFd = stderr;
} else {
/* Try opening file for writing. */
FILE* fd = XFOPEN(str, "w");
if (fd == XBADFILE) {
fprintf(stderr, "Failed to open log file: %s\n", str);
fprintf(stderr, "Using default output file descriptor\n");
} else {
/* Use the file. */
loggingFd = fd;
}
}
}
#endif
#ifdef DEBUG_WOLFSSL
if (loggingEnabled) {
wolfSSL_Debugging_ON();
}
#endif
WGW_FUNC_ENTER();
/* register digest algorithms */
ret = wolfssl_digest_register();
if (ret < 0) {
return ret;
}
/* register mac algorithms */
ret = wolfssl_mac_register();
if (ret < 0) {
return ret;
}
/* register cipher algorithms */
ret = wolfssl_cipher_register();
if (ret < 0) {
return ret;
}
/* register pk algorithms */
ret = wolfssl_pk_register();
if (ret < 0) {
return ret;
}
/* If FIPS is enabled, check its status */
#if defined(HAVE_FIPS)
/* Check the status of FIPS in wolfssl */
if (wolfCrypt_GetStatus_fips() != 0) {
WGW_LOG("FIPS mode initialization failed");
return GNUTLS_E_INVALID_REQUEST;
} else {
WGW_LOG("FIPS mode enabled in wolfSSL");
}
/* Make sure that FIPS mode is enabled
* on gnutls also */
if (!gnutls_fips140_mode_enabled()) {
WGW_LOG("FIPS mode not enabled in gnutls");
return GNUTLS_E_INVALID_REQUEST;
} else {
WGW_LOG("FIPS mode enabled in GnuTLS");
}
#endif
return 0;
}
/**
* Module deinitialization
*/
void _gnutls_wolfssl_deinit(void)
{
WGW_FUNC_ENTER();
if (loggingFd != stdout && loggingFd != stderr && loggingFd != XBADFILE) {
XFCLOSE(loggingFd);
}
return;
}
#else /* ENABLE_WOLFSSL */
int _gnutls_wolfssl_init(void)
{
WGW_FUNC_ENTER();
return 0;
}
void _gnutls_wolfssl_deinit(void)
{
WGW_FUNC_ENTER();
return;
}
#endif /* ENABLE_WOLFSSL */