A library for setting up Secure Socket Layer (SSL) connections and verifying remote hosts using certificates. Contains only the source files for mbed platform implementation of the library.
Dependents: HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL
src/internal.c@6:cf58d49e1a86, 2015-03-23 (annotated)
- Committer:
- Mike Fiore
- Date:
- Mon Mar 23 16:51:07 2015 -0500
- Revision:
- 6:cf58d49e1a86
- Parent:
- 0:b86d15c6ba29
fix whitespace in sha512.c
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
Vanger | 0:b86d15c6ba29 | 1 | /* internal.c |
Vanger | 0:b86d15c6ba29 | 2 | * |
Vanger | 0:b86d15c6ba29 | 3 | * Copyright (C) 2006-2014 wolfSSL Inc. |
Vanger | 0:b86d15c6ba29 | 4 | * |
Vanger | 0:b86d15c6ba29 | 5 | * This file is part of CyaSSL. |
Vanger | 0:b86d15c6ba29 | 6 | * |
Vanger | 0:b86d15c6ba29 | 7 | * CyaSSL is free software; you can redistribute it and/or modify |
Vanger | 0:b86d15c6ba29 | 8 | * it under the terms of the GNU General Public License as published by |
Vanger | 0:b86d15c6ba29 | 9 | * the Free Software Foundation; either version 2 of the License, or |
Vanger | 0:b86d15c6ba29 | 10 | * (at your option) any later version. |
Vanger | 0:b86d15c6ba29 | 11 | * |
Vanger | 0:b86d15c6ba29 | 12 | * CyaSSL is distributed in the hope that it will be useful, |
Vanger | 0:b86d15c6ba29 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
Vanger | 0:b86d15c6ba29 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
Vanger | 0:b86d15c6ba29 | 15 | * GNU General Public License for more details. |
Vanger | 0:b86d15c6ba29 | 16 | * |
Vanger | 0:b86d15c6ba29 | 17 | * You should have received a copy of the GNU General Public License |
Vanger | 0:b86d15c6ba29 | 18 | * along with this program; if not, write to the Free Software |
Vanger | 0:b86d15c6ba29 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
Vanger | 0:b86d15c6ba29 | 20 | */ |
Vanger | 0:b86d15c6ba29 | 21 | |
Vanger | 0:b86d15c6ba29 | 22 | |
Vanger | 0:b86d15c6ba29 | 23 | #ifdef HAVE_CONFIG_H |
Vanger | 0:b86d15c6ba29 | 24 | #include <config.h> |
Vanger | 0:b86d15c6ba29 | 25 | #endif |
Vanger | 0:b86d15c6ba29 | 26 | |
Vanger | 0:b86d15c6ba29 | 27 | #include <cyassl/ctaocrypt/settings.h> |
Vanger | 0:b86d15c6ba29 | 28 | |
Vanger | 0:b86d15c6ba29 | 29 | #include <cyassl/internal.h> |
Vanger | 0:b86d15c6ba29 | 30 | #include <cyassl/error-ssl.h> |
Vanger | 0:b86d15c6ba29 | 31 | #include <cyassl/ctaocrypt/asn.h> |
Vanger | 0:b86d15c6ba29 | 32 | |
Vanger | 0:b86d15c6ba29 | 33 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 34 | #include "zlib.h" |
Vanger | 0:b86d15c6ba29 | 35 | #endif |
Vanger | 0:b86d15c6ba29 | 36 | |
Vanger | 0:b86d15c6ba29 | 37 | #ifdef HAVE_NTRU |
Vanger | 0:b86d15c6ba29 | 38 | #include "ntru_crypto.h" |
Vanger | 0:b86d15c6ba29 | 39 | #endif |
Vanger | 0:b86d15c6ba29 | 40 | |
Vanger | 0:b86d15c6ba29 | 41 | #if defined(DEBUG_CYASSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST) |
Vanger | 0:b86d15c6ba29 | 42 | #ifdef FREESCALE_MQX |
Vanger | 0:b86d15c6ba29 | 43 | #include <fio.h> |
Vanger | 0:b86d15c6ba29 | 44 | #else |
Vanger | 0:b86d15c6ba29 | 45 | #include <stdio.h> |
Vanger | 0:b86d15c6ba29 | 46 | #endif |
Vanger | 0:b86d15c6ba29 | 47 | #endif |
Vanger | 0:b86d15c6ba29 | 48 | |
Vanger | 0:b86d15c6ba29 | 49 | #ifdef __sun |
Vanger | 0:b86d15c6ba29 | 50 | #include <sys/filio.h> |
Vanger | 0:b86d15c6ba29 | 51 | #endif |
Vanger | 0:b86d15c6ba29 | 52 | |
Vanger | 0:b86d15c6ba29 | 53 | #ifndef TRUE |
Vanger | 0:b86d15c6ba29 | 54 | #define TRUE 1 |
Vanger | 0:b86d15c6ba29 | 55 | #endif |
Vanger | 0:b86d15c6ba29 | 56 | #ifndef FALSE |
Vanger | 0:b86d15c6ba29 | 57 | #define FALSE 0 |
Vanger | 0:b86d15c6ba29 | 58 | #endif |
Vanger | 0:b86d15c6ba29 | 59 | |
Vanger | 0:b86d15c6ba29 | 60 | |
Vanger | 0:b86d15c6ba29 | 61 | #if defined(CYASSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS) |
Vanger | 0:b86d15c6ba29 | 62 | #error \ |
Vanger | 0:b86d15c6ba29 | 63 | CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS |
Vanger | 0:b86d15c6ba29 | 64 | #endif |
Vanger | 0:b86d15c6ba29 | 65 | |
Vanger | 0:b86d15c6ba29 | 66 | #if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_RENEGOTIATION_INDICATION) |
Vanger | 0:b86d15c6ba29 | 67 | #error Cannot use both secure-renegotiation and renegotiation-indication |
Vanger | 0:b86d15c6ba29 | 68 | #endif |
Vanger | 0:b86d15c6ba29 | 69 | |
Vanger | 0:b86d15c6ba29 | 70 | static int BuildMessage(CYASSL* ssl, byte* output, int outSz, |
Vanger | 0:b86d15c6ba29 | 71 | const byte* input, int inSz, int type); |
Vanger | 0:b86d15c6ba29 | 72 | |
Vanger | 0:b86d15c6ba29 | 73 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 74 | static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*, |
Vanger | 0:b86d15c6ba29 | 75 | word32); |
Vanger | 0:b86d15c6ba29 | 76 | static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32); |
Vanger | 0:b86d15c6ba29 | 77 | static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*, |
Vanger | 0:b86d15c6ba29 | 78 | word32); |
Vanger | 0:b86d15c6ba29 | 79 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 80 | static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*, |
Vanger | 0:b86d15c6ba29 | 81 | word32); |
Vanger | 0:b86d15c6ba29 | 82 | #endif |
Vanger | 0:b86d15c6ba29 | 83 | #ifdef HAVE_SESSION_TICKET |
Vanger | 0:b86d15c6ba29 | 84 | static int DoSessionTicket(CYASSL* ssl, const byte* input, word32*, |
Vanger | 0:b86d15c6ba29 | 85 | word32); |
Vanger | 0:b86d15c6ba29 | 86 | #endif |
Vanger | 0:b86d15c6ba29 | 87 | #endif |
Vanger | 0:b86d15c6ba29 | 88 | |
Vanger | 0:b86d15c6ba29 | 89 | |
Vanger | 0:b86d15c6ba29 | 90 | #ifndef NO_CYASSL_SERVER |
Vanger | 0:b86d15c6ba29 | 91 | static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32); |
Vanger | 0:b86d15c6ba29 | 92 | static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32); |
Vanger | 0:b86d15c6ba29 | 93 | #if !defined(NO_RSA) || defined(HAVE_ECC) |
Vanger | 0:b86d15c6ba29 | 94 | static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32); |
Vanger | 0:b86d15c6ba29 | 95 | #endif |
Vanger | 0:b86d15c6ba29 | 96 | #endif |
Vanger | 0:b86d15c6ba29 | 97 | |
Vanger | 0:b86d15c6ba29 | 98 | |
Vanger | 0:b86d15c6ba29 | 99 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 100 | static INLINE int DtlsCheckWindow(DtlsState* state); |
Vanger | 0:b86d15c6ba29 | 101 | static INLINE int DtlsUpdateWindow(DtlsState* state); |
Vanger | 0:b86d15c6ba29 | 102 | #endif |
Vanger | 0:b86d15c6ba29 | 103 | |
Vanger | 0:b86d15c6ba29 | 104 | |
Vanger | 0:b86d15c6ba29 | 105 | typedef enum { |
Vanger | 0:b86d15c6ba29 | 106 | doProcessInit = 0, |
Vanger | 0:b86d15c6ba29 | 107 | #ifndef NO_CYASSL_SERVER |
Vanger | 0:b86d15c6ba29 | 108 | runProcessOldClientHello, |
Vanger | 0:b86d15c6ba29 | 109 | #endif |
Vanger | 0:b86d15c6ba29 | 110 | getRecordLayerHeader, |
Vanger | 0:b86d15c6ba29 | 111 | getData, |
Vanger | 0:b86d15c6ba29 | 112 | runProcessingOneMessage |
Vanger | 0:b86d15c6ba29 | 113 | } processReply; |
Vanger | 0:b86d15c6ba29 | 114 | |
Vanger | 0:b86d15c6ba29 | 115 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 116 | static int SSL_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, |
Vanger | 0:b86d15c6ba29 | 117 | int content, int verify); |
Vanger | 0:b86d15c6ba29 | 118 | |
Vanger | 0:b86d15c6ba29 | 119 | #endif |
Vanger | 0:b86d15c6ba29 | 120 | |
Vanger | 0:b86d15c6ba29 | 121 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 122 | static int BuildCertHashes(CYASSL* ssl, Hashes* hashes); |
Vanger | 0:b86d15c6ba29 | 123 | #endif |
Vanger | 0:b86d15c6ba29 | 124 | |
Vanger | 0:b86d15c6ba29 | 125 | static void PickHashSigAlgo(CYASSL* ssl, |
Vanger | 0:b86d15c6ba29 | 126 | const byte* hashSigAlgo, word32 hashSigAlgoSz); |
Vanger | 0:b86d15c6ba29 | 127 | |
Vanger | 0:b86d15c6ba29 | 128 | #ifndef min |
Vanger | 0:b86d15c6ba29 | 129 | |
Vanger | 0:b86d15c6ba29 | 130 | static INLINE word32 min(word32 a, word32 b) |
Vanger | 0:b86d15c6ba29 | 131 | { |
Vanger | 0:b86d15c6ba29 | 132 | return a > b ? b : a; |
Vanger | 0:b86d15c6ba29 | 133 | } |
Vanger | 0:b86d15c6ba29 | 134 | |
Vanger | 0:b86d15c6ba29 | 135 | #endif /* min */ |
Vanger | 0:b86d15c6ba29 | 136 | |
Vanger | 0:b86d15c6ba29 | 137 | |
Vanger | 0:b86d15c6ba29 | 138 | int IsTLS(const CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 139 | { |
Vanger | 0:b86d15c6ba29 | 140 | if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR) |
Vanger | 0:b86d15c6ba29 | 141 | return 1; |
Vanger | 0:b86d15c6ba29 | 142 | |
Vanger | 0:b86d15c6ba29 | 143 | return 0; |
Vanger | 0:b86d15c6ba29 | 144 | } |
Vanger | 0:b86d15c6ba29 | 145 | |
Vanger | 0:b86d15c6ba29 | 146 | |
Vanger | 0:b86d15c6ba29 | 147 | int IsAtLeastTLSv1_2(const CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 148 | { |
Vanger | 0:b86d15c6ba29 | 149 | if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR) |
Vanger | 0:b86d15c6ba29 | 150 | return 1; |
Vanger | 0:b86d15c6ba29 | 151 | if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR) |
Vanger | 0:b86d15c6ba29 | 152 | return 1; |
Vanger | 0:b86d15c6ba29 | 153 | |
Vanger | 0:b86d15c6ba29 | 154 | return 0; |
Vanger | 0:b86d15c6ba29 | 155 | } |
Vanger | 0:b86d15c6ba29 | 156 | |
Vanger | 0:b86d15c6ba29 | 157 | |
Vanger | 0:b86d15c6ba29 | 158 | #ifdef HAVE_NTRU |
Vanger | 0:b86d15c6ba29 | 159 | |
Vanger | 0:b86d15c6ba29 | 160 | static byte GetEntropy(ENTROPY_CMD cmd, byte* out) |
Vanger | 0:b86d15c6ba29 | 161 | { |
Vanger | 0:b86d15c6ba29 | 162 | /* TODO: add locking? */ |
Vanger | 0:b86d15c6ba29 | 163 | static RNG rng; |
Vanger | 0:b86d15c6ba29 | 164 | |
Vanger | 0:b86d15c6ba29 | 165 | if (cmd == INIT) |
Vanger | 0:b86d15c6ba29 | 166 | return (InitRng(&rng) == 0) ? 1 : 0; |
Vanger | 0:b86d15c6ba29 | 167 | |
Vanger | 0:b86d15c6ba29 | 168 | if (out == NULL) |
Vanger | 0:b86d15c6ba29 | 169 | return 0; |
Vanger | 0:b86d15c6ba29 | 170 | |
Vanger | 0:b86d15c6ba29 | 171 | if (cmd == GET_BYTE_OF_ENTROPY) |
Vanger | 0:b86d15c6ba29 | 172 | return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0; |
Vanger | 0:b86d15c6ba29 | 173 | |
Vanger | 0:b86d15c6ba29 | 174 | if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { |
Vanger | 0:b86d15c6ba29 | 175 | *out = 1; |
Vanger | 0:b86d15c6ba29 | 176 | return 1; |
Vanger | 0:b86d15c6ba29 | 177 | } |
Vanger | 0:b86d15c6ba29 | 178 | |
Vanger | 0:b86d15c6ba29 | 179 | return 0; |
Vanger | 0:b86d15c6ba29 | 180 | } |
Vanger | 0:b86d15c6ba29 | 181 | |
Vanger | 0:b86d15c6ba29 | 182 | #endif /* HAVE_NTRU */ |
Vanger | 0:b86d15c6ba29 | 183 | |
Vanger | 0:b86d15c6ba29 | 184 | /* used by ssl.c too */ |
Vanger | 0:b86d15c6ba29 | 185 | void c32to24(word32 in, word24 out) |
Vanger | 0:b86d15c6ba29 | 186 | { |
Vanger | 0:b86d15c6ba29 | 187 | out[0] = (in >> 16) & 0xff; |
Vanger | 0:b86d15c6ba29 | 188 | out[1] = (in >> 8) & 0xff; |
Vanger | 0:b86d15c6ba29 | 189 | out[2] = in & 0xff; |
Vanger | 0:b86d15c6ba29 | 190 | } |
Vanger | 0:b86d15c6ba29 | 191 | |
Vanger | 0:b86d15c6ba29 | 192 | |
Vanger | 0:b86d15c6ba29 | 193 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 194 | |
Vanger | 0:b86d15c6ba29 | 195 | static INLINE void c32to48(word32 in, byte out[6]) |
Vanger | 0:b86d15c6ba29 | 196 | { |
Vanger | 0:b86d15c6ba29 | 197 | out[0] = 0; |
Vanger | 0:b86d15c6ba29 | 198 | out[1] = 0; |
Vanger | 0:b86d15c6ba29 | 199 | out[2] = (in >> 24) & 0xff; |
Vanger | 0:b86d15c6ba29 | 200 | out[3] = (in >> 16) & 0xff; |
Vanger | 0:b86d15c6ba29 | 201 | out[4] = (in >> 8) & 0xff; |
Vanger | 0:b86d15c6ba29 | 202 | out[5] = in & 0xff; |
Vanger | 0:b86d15c6ba29 | 203 | } |
Vanger | 0:b86d15c6ba29 | 204 | |
Vanger | 0:b86d15c6ba29 | 205 | #endif /* CYASSL_DTLS */ |
Vanger | 0:b86d15c6ba29 | 206 | |
Vanger | 0:b86d15c6ba29 | 207 | |
Vanger | 0:b86d15c6ba29 | 208 | /* convert 16 bit integer to opaque */ |
Vanger | 0:b86d15c6ba29 | 209 | static INLINE void c16toa(word16 u16, byte* c) |
Vanger | 0:b86d15c6ba29 | 210 | { |
Vanger | 0:b86d15c6ba29 | 211 | c[0] = (u16 >> 8) & 0xff; |
Vanger | 0:b86d15c6ba29 | 212 | c[1] = u16 & 0xff; |
Vanger | 0:b86d15c6ba29 | 213 | } |
Vanger | 0:b86d15c6ba29 | 214 | |
Vanger | 0:b86d15c6ba29 | 215 | |
Vanger | 0:b86d15c6ba29 | 216 | #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \ |
Vanger | 0:b86d15c6ba29 | 217 | || defined(HAVE_AESGCM) |
Vanger | 0:b86d15c6ba29 | 218 | /* convert 32 bit integer to opaque */ |
Vanger | 0:b86d15c6ba29 | 219 | static INLINE void c32toa(word32 u32, byte* c) |
Vanger | 0:b86d15c6ba29 | 220 | { |
Vanger | 0:b86d15c6ba29 | 221 | c[0] = (u32 >> 24) & 0xff; |
Vanger | 0:b86d15c6ba29 | 222 | c[1] = (u32 >> 16) & 0xff; |
Vanger | 0:b86d15c6ba29 | 223 | c[2] = (u32 >> 8) & 0xff; |
Vanger | 0:b86d15c6ba29 | 224 | c[3] = u32 & 0xff; |
Vanger | 0:b86d15c6ba29 | 225 | } |
Vanger | 0:b86d15c6ba29 | 226 | #endif |
Vanger | 0:b86d15c6ba29 | 227 | |
Vanger | 0:b86d15c6ba29 | 228 | |
Vanger | 0:b86d15c6ba29 | 229 | /* convert a 24 bit integer into a 32 bit one */ |
Vanger | 0:b86d15c6ba29 | 230 | static INLINE void c24to32(const word24 u24, word32* u32) |
Vanger | 0:b86d15c6ba29 | 231 | { |
Vanger | 0:b86d15c6ba29 | 232 | *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2]; |
Vanger | 0:b86d15c6ba29 | 233 | } |
Vanger | 0:b86d15c6ba29 | 234 | |
Vanger | 0:b86d15c6ba29 | 235 | |
Vanger | 0:b86d15c6ba29 | 236 | /* convert opaque to 16 bit integer */ |
Vanger | 0:b86d15c6ba29 | 237 | static INLINE void ato16(const byte* c, word16* u16) |
Vanger | 0:b86d15c6ba29 | 238 | { |
Vanger | 0:b86d15c6ba29 | 239 | *u16 = (word16) ((c[0] << 8) | (c[1])); |
Vanger | 0:b86d15c6ba29 | 240 | } |
Vanger | 0:b86d15c6ba29 | 241 | |
Vanger | 0:b86d15c6ba29 | 242 | |
Vanger | 0:b86d15c6ba29 | 243 | #if defined(CYASSL_DTLS) || defined(HAVE_SESSION_TICKET) |
Vanger | 0:b86d15c6ba29 | 244 | |
Vanger | 0:b86d15c6ba29 | 245 | /* convert opaque to 32 bit integer */ |
Vanger | 0:b86d15c6ba29 | 246 | static INLINE void ato32(const byte* c, word32* u32) |
Vanger | 0:b86d15c6ba29 | 247 | { |
Vanger | 0:b86d15c6ba29 | 248 | *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; |
Vanger | 0:b86d15c6ba29 | 249 | } |
Vanger | 0:b86d15c6ba29 | 250 | |
Vanger | 0:b86d15c6ba29 | 251 | #endif /* CYASSL_DTLS */ |
Vanger | 0:b86d15c6ba29 | 252 | |
Vanger | 0:b86d15c6ba29 | 253 | |
Vanger | 0:b86d15c6ba29 | 254 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 255 | |
Vanger | 0:b86d15c6ba29 | 256 | /* alloc user allocs to work with zlib */ |
Vanger | 0:b86d15c6ba29 | 257 | static void* myAlloc(void* opaque, unsigned int item, unsigned int size) |
Vanger | 0:b86d15c6ba29 | 258 | { |
Vanger | 0:b86d15c6ba29 | 259 | (void)opaque; |
Vanger | 0:b86d15c6ba29 | 260 | return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ); |
Vanger | 0:b86d15c6ba29 | 261 | } |
Vanger | 0:b86d15c6ba29 | 262 | |
Vanger | 0:b86d15c6ba29 | 263 | |
Vanger | 0:b86d15c6ba29 | 264 | static void myFree(void* opaque, void* memory) |
Vanger | 0:b86d15c6ba29 | 265 | { |
Vanger | 0:b86d15c6ba29 | 266 | (void)opaque; |
Vanger | 0:b86d15c6ba29 | 267 | XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ); |
Vanger | 0:b86d15c6ba29 | 268 | } |
Vanger | 0:b86d15c6ba29 | 269 | |
Vanger | 0:b86d15c6ba29 | 270 | |
Vanger | 0:b86d15c6ba29 | 271 | /* init zlib comp/decomp streams, 0 on success */ |
Vanger | 0:b86d15c6ba29 | 272 | static int InitStreams(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 273 | { |
Vanger | 0:b86d15c6ba29 | 274 | ssl->c_stream.zalloc = (alloc_func)myAlloc; |
Vanger | 0:b86d15c6ba29 | 275 | ssl->c_stream.zfree = (free_func)myFree; |
Vanger | 0:b86d15c6ba29 | 276 | ssl->c_stream.opaque = (voidpf)ssl->heap; |
Vanger | 0:b86d15c6ba29 | 277 | |
Vanger | 0:b86d15c6ba29 | 278 | if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK) |
Vanger | 0:b86d15c6ba29 | 279 | return ZLIB_INIT_ERROR; |
Vanger | 0:b86d15c6ba29 | 280 | |
Vanger | 0:b86d15c6ba29 | 281 | ssl->didStreamInit = 1; |
Vanger | 0:b86d15c6ba29 | 282 | |
Vanger | 0:b86d15c6ba29 | 283 | ssl->d_stream.zalloc = (alloc_func)myAlloc; |
Vanger | 0:b86d15c6ba29 | 284 | ssl->d_stream.zfree = (free_func)myFree; |
Vanger | 0:b86d15c6ba29 | 285 | ssl->d_stream.opaque = (voidpf)ssl->heap; |
Vanger | 0:b86d15c6ba29 | 286 | |
Vanger | 0:b86d15c6ba29 | 287 | if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR; |
Vanger | 0:b86d15c6ba29 | 288 | |
Vanger | 0:b86d15c6ba29 | 289 | return 0; |
Vanger | 0:b86d15c6ba29 | 290 | } |
Vanger | 0:b86d15c6ba29 | 291 | |
Vanger | 0:b86d15c6ba29 | 292 | |
Vanger | 0:b86d15c6ba29 | 293 | static void FreeStreams(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 294 | { |
Vanger | 0:b86d15c6ba29 | 295 | if (ssl->didStreamInit) { |
Vanger | 0:b86d15c6ba29 | 296 | deflateEnd(&ssl->c_stream); |
Vanger | 0:b86d15c6ba29 | 297 | inflateEnd(&ssl->d_stream); |
Vanger | 0:b86d15c6ba29 | 298 | } |
Vanger | 0:b86d15c6ba29 | 299 | } |
Vanger | 0:b86d15c6ba29 | 300 | |
Vanger | 0:b86d15c6ba29 | 301 | |
Vanger | 0:b86d15c6ba29 | 302 | /* compress in to out, return out size or error */ |
Vanger | 0:b86d15c6ba29 | 303 | static int myCompress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz) |
Vanger | 0:b86d15c6ba29 | 304 | { |
Vanger | 0:b86d15c6ba29 | 305 | int err; |
Vanger | 0:b86d15c6ba29 | 306 | int currTotal = (int)ssl->c_stream.total_out; |
Vanger | 0:b86d15c6ba29 | 307 | |
Vanger | 0:b86d15c6ba29 | 308 | ssl->c_stream.next_in = in; |
Vanger | 0:b86d15c6ba29 | 309 | ssl->c_stream.avail_in = inSz; |
Vanger | 0:b86d15c6ba29 | 310 | ssl->c_stream.next_out = out; |
Vanger | 0:b86d15c6ba29 | 311 | ssl->c_stream.avail_out = outSz; |
Vanger | 0:b86d15c6ba29 | 312 | |
Vanger | 0:b86d15c6ba29 | 313 | err = deflate(&ssl->c_stream, Z_SYNC_FLUSH); |
Vanger | 0:b86d15c6ba29 | 314 | if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR; |
Vanger | 0:b86d15c6ba29 | 315 | |
Vanger | 0:b86d15c6ba29 | 316 | return (int)ssl->c_stream.total_out - currTotal; |
Vanger | 0:b86d15c6ba29 | 317 | } |
Vanger | 0:b86d15c6ba29 | 318 | |
Vanger | 0:b86d15c6ba29 | 319 | |
Vanger | 0:b86d15c6ba29 | 320 | /* decompress in to out, returnn out size or error */ |
Vanger | 0:b86d15c6ba29 | 321 | static int myDeCompress(CYASSL* ssl, byte* in,int inSz, byte* out,int outSz) |
Vanger | 0:b86d15c6ba29 | 322 | { |
Vanger | 0:b86d15c6ba29 | 323 | int err; |
Vanger | 0:b86d15c6ba29 | 324 | int currTotal = (int)ssl->d_stream.total_out; |
Vanger | 0:b86d15c6ba29 | 325 | |
Vanger | 0:b86d15c6ba29 | 326 | ssl->d_stream.next_in = in; |
Vanger | 0:b86d15c6ba29 | 327 | ssl->d_stream.avail_in = inSz; |
Vanger | 0:b86d15c6ba29 | 328 | ssl->d_stream.next_out = out; |
Vanger | 0:b86d15c6ba29 | 329 | ssl->d_stream.avail_out = outSz; |
Vanger | 0:b86d15c6ba29 | 330 | |
Vanger | 0:b86d15c6ba29 | 331 | err = inflate(&ssl->d_stream, Z_SYNC_FLUSH); |
Vanger | 0:b86d15c6ba29 | 332 | if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR; |
Vanger | 0:b86d15c6ba29 | 333 | |
Vanger | 0:b86d15c6ba29 | 334 | return (int)ssl->d_stream.total_out - currTotal; |
Vanger | 0:b86d15c6ba29 | 335 | } |
Vanger | 0:b86d15c6ba29 | 336 | |
Vanger | 0:b86d15c6ba29 | 337 | #endif /* HAVE_LIBZ */ |
Vanger | 0:b86d15c6ba29 | 338 | |
Vanger | 0:b86d15c6ba29 | 339 | |
Vanger | 0:b86d15c6ba29 | 340 | void InitSSL_Method(CYASSL_METHOD* method, ProtocolVersion pv) |
Vanger | 0:b86d15c6ba29 | 341 | { |
Vanger | 0:b86d15c6ba29 | 342 | method->version = pv; |
Vanger | 0:b86d15c6ba29 | 343 | method->side = CYASSL_CLIENT_END; |
Vanger | 0:b86d15c6ba29 | 344 | method->downgrade = 0; |
Vanger | 0:b86d15c6ba29 | 345 | } |
Vanger | 0:b86d15c6ba29 | 346 | |
Vanger | 0:b86d15c6ba29 | 347 | |
Vanger | 0:b86d15c6ba29 | 348 | /* Initialze SSL context, return 0 on success */ |
Vanger | 0:b86d15c6ba29 | 349 | int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method) |
Vanger | 0:b86d15c6ba29 | 350 | { |
Vanger | 0:b86d15c6ba29 | 351 | ctx->method = method; |
Vanger | 0:b86d15c6ba29 | 352 | ctx->refCount = 1; /* so either CTX_free or SSL_free can release */ |
Vanger | 0:b86d15c6ba29 | 353 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 354 | ctx->certificate.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 355 | ctx->certChain.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 356 | ctx->privateKey.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 357 | ctx->serverDH_P.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 358 | ctx->serverDH_G.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 359 | #endif |
Vanger | 0:b86d15c6ba29 | 360 | ctx->haveDH = 0; |
Vanger | 0:b86d15c6ba29 | 361 | ctx->haveNTRU = 0; /* start off */ |
Vanger | 0:b86d15c6ba29 | 362 | ctx->haveECDSAsig = 0; /* start off */ |
Vanger | 0:b86d15c6ba29 | 363 | ctx->haveStaticECC = 0; /* start off */ |
Vanger | 0:b86d15c6ba29 | 364 | ctx->heap = ctx; /* defaults to self */ |
Vanger | 0:b86d15c6ba29 | 365 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 366 | ctx->havePSK = 0; |
Vanger | 0:b86d15c6ba29 | 367 | ctx->server_hint[0] = 0; |
Vanger | 0:b86d15c6ba29 | 368 | ctx->client_psk_cb = 0; |
Vanger | 0:b86d15c6ba29 | 369 | ctx->server_psk_cb = 0; |
Vanger | 0:b86d15c6ba29 | 370 | #endif /* NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 371 | #ifdef HAVE_ANON |
Vanger | 0:b86d15c6ba29 | 372 | ctx->haveAnon = 0; |
Vanger | 0:b86d15c6ba29 | 373 | #endif /* HAVE_ANON */ |
Vanger | 0:b86d15c6ba29 | 374 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 375 | ctx->eccTempKeySz = ECDHE_SIZE; |
Vanger | 0:b86d15c6ba29 | 376 | #endif |
Vanger | 0:b86d15c6ba29 | 377 | |
Vanger | 0:b86d15c6ba29 | 378 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
Vanger | 0:b86d15c6ba29 | 379 | ctx->passwd_cb = 0; |
Vanger | 0:b86d15c6ba29 | 380 | ctx->userdata = 0; |
Vanger | 0:b86d15c6ba29 | 381 | #endif /* OPENSSL_EXTRA */ |
Vanger | 0:b86d15c6ba29 | 382 | |
Vanger | 0:b86d15c6ba29 | 383 | ctx->timeout = CYASSL_SESSION_TIMEOUT; |
Vanger | 0:b86d15c6ba29 | 384 | |
Vanger | 0:b86d15c6ba29 | 385 | #ifndef CYASSL_USER_IO |
Vanger | 0:b86d15c6ba29 | 386 | ctx->CBIORecv = EmbedReceive; |
Vanger | 0:b86d15c6ba29 | 387 | ctx->CBIOSend = EmbedSend; |
Vanger | 0:b86d15c6ba29 | 388 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 389 | if (method->version.major == DTLS_MAJOR) { |
Vanger | 0:b86d15c6ba29 | 390 | ctx->CBIORecv = EmbedReceiveFrom; |
Vanger | 0:b86d15c6ba29 | 391 | ctx->CBIOSend = EmbedSendTo; |
Vanger | 0:b86d15c6ba29 | 392 | ctx->CBIOCookie = EmbedGenerateCookie; |
Vanger | 0:b86d15c6ba29 | 393 | } |
Vanger | 0:b86d15c6ba29 | 394 | #endif |
Vanger | 0:b86d15c6ba29 | 395 | #else |
Vanger | 0:b86d15c6ba29 | 396 | /* user will set */ |
Vanger | 0:b86d15c6ba29 | 397 | ctx->CBIORecv = NULL; |
Vanger | 0:b86d15c6ba29 | 398 | ctx->CBIOSend = NULL; |
Vanger | 0:b86d15c6ba29 | 399 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 400 | ctx->CBIOCookie = NULL; |
Vanger | 0:b86d15c6ba29 | 401 | #endif |
Vanger | 0:b86d15c6ba29 | 402 | #endif /* CYASSL_USER_IO */ |
Vanger | 0:b86d15c6ba29 | 403 | #ifdef HAVE_NETX |
Vanger | 0:b86d15c6ba29 | 404 | ctx->CBIORecv = NetX_Receive; |
Vanger | 0:b86d15c6ba29 | 405 | ctx->CBIOSend = NetX_Send; |
Vanger | 0:b86d15c6ba29 | 406 | #endif |
Vanger | 0:b86d15c6ba29 | 407 | ctx->partialWrite = 0; |
Vanger | 0:b86d15c6ba29 | 408 | ctx->verifyCallback = 0; |
Vanger | 0:b86d15c6ba29 | 409 | |
Vanger | 0:b86d15c6ba29 | 410 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 411 | ctx->cm = CyaSSL_CertManagerNew(); |
Vanger | 0:b86d15c6ba29 | 412 | #endif |
Vanger | 0:b86d15c6ba29 | 413 | #ifdef HAVE_NTRU |
Vanger | 0:b86d15c6ba29 | 414 | if (method->side == CYASSL_CLIENT_END) |
Vanger | 0:b86d15c6ba29 | 415 | ctx->haveNTRU = 1; /* always on cliet side */ |
Vanger | 0:b86d15c6ba29 | 416 | /* server can turn on by loading key */ |
Vanger | 0:b86d15c6ba29 | 417 | #endif |
Vanger | 0:b86d15c6ba29 | 418 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 419 | if (method->side == CYASSL_CLIENT_END) { |
Vanger | 0:b86d15c6ba29 | 420 | ctx->haveECDSAsig = 1; /* always on cliet side */ |
Vanger | 0:b86d15c6ba29 | 421 | ctx->haveStaticECC = 1; /* server can turn on by loading key */ |
Vanger | 0:b86d15c6ba29 | 422 | } |
Vanger | 0:b86d15c6ba29 | 423 | #endif |
Vanger | 0:b86d15c6ba29 | 424 | ctx->suites.setSuites = 0; /* user hasn't set yet */ |
Vanger | 0:b86d15c6ba29 | 425 | /* remove DH later if server didn't set, add psk later */ |
Vanger | 0:b86d15c6ba29 | 426 | InitSuites(&ctx->suites, method->version, TRUE, FALSE, TRUE, ctx->haveNTRU, |
Vanger | 0:b86d15c6ba29 | 427 | ctx->haveECDSAsig, ctx->haveStaticECC, method->side); |
Vanger | 0:b86d15c6ba29 | 428 | ctx->verifyPeer = 0; |
Vanger | 0:b86d15c6ba29 | 429 | ctx->verifyNone = 0; |
Vanger | 0:b86d15c6ba29 | 430 | ctx->failNoCert = 0; |
Vanger | 0:b86d15c6ba29 | 431 | ctx->sessionCacheOff = 0; /* initially on */ |
Vanger | 0:b86d15c6ba29 | 432 | ctx->sessionCacheFlushOff = 0; /* initially on */ |
Vanger | 0:b86d15c6ba29 | 433 | ctx->sendVerify = 0; |
Vanger | 0:b86d15c6ba29 | 434 | ctx->quietShutdown = 0; |
Vanger | 0:b86d15c6ba29 | 435 | ctx->groupMessages = 0; |
Vanger | 0:b86d15c6ba29 | 436 | #ifdef HAVE_CAVIUM |
Vanger | 0:b86d15c6ba29 | 437 | ctx->devId = NO_CAVIUM_DEVICE; |
Vanger | 0:b86d15c6ba29 | 438 | #endif |
Vanger | 0:b86d15c6ba29 | 439 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 440 | ctx->extensions = NULL; |
Vanger | 0:b86d15c6ba29 | 441 | #endif |
Vanger | 0:b86d15c6ba29 | 442 | #ifdef ATOMIC_USER |
Vanger | 0:b86d15c6ba29 | 443 | ctx->MacEncryptCb = NULL; |
Vanger | 0:b86d15c6ba29 | 444 | ctx->DecryptVerifyCb = NULL; |
Vanger | 0:b86d15c6ba29 | 445 | #endif |
Vanger | 0:b86d15c6ba29 | 446 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 447 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 448 | ctx->EccSignCb = NULL; |
Vanger | 0:b86d15c6ba29 | 449 | ctx->EccVerifyCb = NULL; |
Vanger | 0:b86d15c6ba29 | 450 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 451 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 452 | ctx->RsaSignCb = NULL; |
Vanger | 0:b86d15c6ba29 | 453 | ctx->RsaVerifyCb = NULL; |
Vanger | 0:b86d15c6ba29 | 454 | ctx->RsaEncCb = NULL; |
Vanger | 0:b86d15c6ba29 | 455 | ctx->RsaDecCb = NULL; |
Vanger | 0:b86d15c6ba29 | 456 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 457 | #endif /* HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 458 | |
Vanger | 0:b86d15c6ba29 | 459 | if (InitMutex(&ctx->countMutex) < 0) { |
Vanger | 0:b86d15c6ba29 | 460 | CYASSL_MSG("Mutex error on CTX init"); |
Vanger | 0:b86d15c6ba29 | 461 | return BAD_MUTEX_E; |
Vanger | 0:b86d15c6ba29 | 462 | } |
Vanger | 0:b86d15c6ba29 | 463 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 464 | if (ctx->cm == NULL) { |
Vanger | 0:b86d15c6ba29 | 465 | CYASSL_MSG("Bad Cert Manager New"); |
Vanger | 0:b86d15c6ba29 | 466 | return BAD_CERT_MANAGER_ERROR; |
Vanger | 0:b86d15c6ba29 | 467 | } |
Vanger | 0:b86d15c6ba29 | 468 | #endif |
Vanger | 0:b86d15c6ba29 | 469 | return 0; |
Vanger | 0:b86d15c6ba29 | 470 | } |
Vanger | 0:b86d15c6ba29 | 471 | |
Vanger | 0:b86d15c6ba29 | 472 | |
Vanger | 0:b86d15c6ba29 | 473 | /* In case contexts are held in array and don't want to free actual ctx */ |
Vanger | 0:b86d15c6ba29 | 474 | void SSL_CtxResourceFree(CYASSL_CTX* ctx) |
Vanger | 0:b86d15c6ba29 | 475 | { |
Vanger | 0:b86d15c6ba29 | 476 | XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD); |
Vanger | 0:b86d15c6ba29 | 477 | |
Vanger | 0:b86d15c6ba29 | 478 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 479 | XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 480 | XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 481 | XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY); |
Vanger | 0:b86d15c6ba29 | 482 | XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT); |
Vanger | 0:b86d15c6ba29 | 483 | XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT); |
Vanger | 0:b86d15c6ba29 | 484 | CyaSSL_CertManagerFree(ctx->cm); |
Vanger | 0:b86d15c6ba29 | 485 | #endif |
Vanger | 0:b86d15c6ba29 | 486 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 487 | TLSX_FreeAll(ctx->extensions); |
Vanger | 0:b86d15c6ba29 | 488 | #endif |
Vanger | 0:b86d15c6ba29 | 489 | } |
Vanger | 0:b86d15c6ba29 | 490 | |
Vanger | 0:b86d15c6ba29 | 491 | |
Vanger | 0:b86d15c6ba29 | 492 | void FreeSSL_Ctx(CYASSL_CTX* ctx) |
Vanger | 0:b86d15c6ba29 | 493 | { |
Vanger | 0:b86d15c6ba29 | 494 | int doFree = 0; |
Vanger | 0:b86d15c6ba29 | 495 | |
Vanger | 0:b86d15c6ba29 | 496 | if (LockMutex(&ctx->countMutex) != 0) { |
Vanger | 0:b86d15c6ba29 | 497 | CYASSL_MSG("Couldn't lock count mutex"); |
Vanger | 0:b86d15c6ba29 | 498 | return; |
Vanger | 0:b86d15c6ba29 | 499 | } |
Vanger | 0:b86d15c6ba29 | 500 | ctx->refCount--; |
Vanger | 0:b86d15c6ba29 | 501 | if (ctx->refCount == 0) |
Vanger | 0:b86d15c6ba29 | 502 | doFree = 1; |
Vanger | 0:b86d15c6ba29 | 503 | UnLockMutex(&ctx->countMutex); |
Vanger | 0:b86d15c6ba29 | 504 | |
Vanger | 0:b86d15c6ba29 | 505 | if (doFree) { |
Vanger | 0:b86d15c6ba29 | 506 | CYASSL_MSG("CTX ref count down to 0, doing full free"); |
Vanger | 0:b86d15c6ba29 | 507 | SSL_CtxResourceFree(ctx); |
Vanger | 0:b86d15c6ba29 | 508 | FreeMutex(&ctx->countMutex); |
Vanger | 0:b86d15c6ba29 | 509 | XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX); |
Vanger | 0:b86d15c6ba29 | 510 | } |
Vanger | 0:b86d15c6ba29 | 511 | else { |
Vanger | 0:b86d15c6ba29 | 512 | (void)ctx; |
Vanger | 0:b86d15c6ba29 | 513 | CYASSL_MSG("CTX ref count not 0 yet, no free"); |
Vanger | 0:b86d15c6ba29 | 514 | } |
Vanger | 0:b86d15c6ba29 | 515 | } |
Vanger | 0:b86d15c6ba29 | 516 | |
Vanger | 0:b86d15c6ba29 | 517 | |
Vanger | 0:b86d15c6ba29 | 518 | /* Set cipher pointers to null */ |
Vanger | 0:b86d15c6ba29 | 519 | void InitCiphers(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 520 | { |
Vanger | 0:b86d15c6ba29 | 521 | #ifdef BUILD_ARC4 |
Vanger | 0:b86d15c6ba29 | 522 | ssl->encrypt.arc4 = NULL; |
Vanger | 0:b86d15c6ba29 | 523 | ssl->decrypt.arc4 = NULL; |
Vanger | 0:b86d15c6ba29 | 524 | #endif |
Vanger | 0:b86d15c6ba29 | 525 | #ifdef BUILD_DES3 |
Vanger | 0:b86d15c6ba29 | 526 | ssl->encrypt.des3 = NULL; |
Vanger | 0:b86d15c6ba29 | 527 | ssl->decrypt.des3 = NULL; |
Vanger | 0:b86d15c6ba29 | 528 | #endif |
Vanger | 0:b86d15c6ba29 | 529 | #ifdef BUILD_AES |
Vanger | 0:b86d15c6ba29 | 530 | ssl->encrypt.aes = NULL; |
Vanger | 0:b86d15c6ba29 | 531 | ssl->decrypt.aes = NULL; |
Vanger | 0:b86d15c6ba29 | 532 | #endif |
Vanger | 0:b86d15c6ba29 | 533 | #ifdef HAVE_CAMELLIA |
Vanger | 0:b86d15c6ba29 | 534 | ssl->encrypt.cam = NULL; |
Vanger | 0:b86d15c6ba29 | 535 | ssl->decrypt.cam = NULL; |
Vanger | 0:b86d15c6ba29 | 536 | #endif |
Vanger | 0:b86d15c6ba29 | 537 | #ifdef HAVE_HC128 |
Vanger | 0:b86d15c6ba29 | 538 | ssl->encrypt.hc128 = NULL; |
Vanger | 0:b86d15c6ba29 | 539 | ssl->decrypt.hc128 = NULL; |
Vanger | 0:b86d15c6ba29 | 540 | #endif |
Vanger | 0:b86d15c6ba29 | 541 | #ifdef BUILD_RABBIT |
Vanger | 0:b86d15c6ba29 | 542 | ssl->encrypt.rabbit = NULL; |
Vanger | 0:b86d15c6ba29 | 543 | ssl->decrypt.rabbit = NULL; |
Vanger | 0:b86d15c6ba29 | 544 | #endif |
Vanger | 0:b86d15c6ba29 | 545 | #ifdef HAVE_CHACHA |
Vanger | 0:b86d15c6ba29 | 546 | ssl->encrypt.chacha = NULL; |
Vanger | 0:b86d15c6ba29 | 547 | ssl->decrypt.chacha = NULL; |
Vanger | 0:b86d15c6ba29 | 548 | #endif |
Vanger | 0:b86d15c6ba29 | 549 | #ifdef HAVE_POLY1305 |
Vanger | 0:b86d15c6ba29 | 550 | ssl->auth.poly1305 = NULL; |
Vanger | 0:b86d15c6ba29 | 551 | #endif |
Vanger | 0:b86d15c6ba29 | 552 | ssl->encrypt.setup = 0; |
Vanger | 0:b86d15c6ba29 | 553 | ssl->decrypt.setup = 0; |
Vanger | 0:b86d15c6ba29 | 554 | #ifdef HAVE_ONE_TIME_AUTH |
Vanger | 0:b86d15c6ba29 | 555 | ssl->auth.setup = 0; |
Vanger | 0:b86d15c6ba29 | 556 | #endif |
Vanger | 0:b86d15c6ba29 | 557 | } |
Vanger | 0:b86d15c6ba29 | 558 | |
Vanger | 0:b86d15c6ba29 | 559 | |
Vanger | 0:b86d15c6ba29 | 560 | /* Free ciphers */ |
Vanger | 0:b86d15c6ba29 | 561 | void FreeCiphers(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 562 | { |
Vanger | 0:b86d15c6ba29 | 563 | (void)ssl; |
Vanger | 0:b86d15c6ba29 | 564 | #ifdef BUILD_ARC4 |
Vanger | 0:b86d15c6ba29 | 565 | #ifdef HAVE_CAVIUM |
Vanger | 0:b86d15c6ba29 | 566 | if (ssl->devId != NO_CAVIUM_DEVICE) { |
Vanger | 0:b86d15c6ba29 | 567 | Arc4FreeCavium(ssl->encrypt.arc4); |
Vanger | 0:b86d15c6ba29 | 568 | Arc4FreeCavium(ssl->decrypt.arc4); |
Vanger | 0:b86d15c6ba29 | 569 | } |
Vanger | 0:b86d15c6ba29 | 570 | #endif |
Vanger | 0:b86d15c6ba29 | 571 | XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 572 | XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 573 | #endif |
Vanger | 0:b86d15c6ba29 | 574 | #ifdef BUILD_DES3 |
Vanger | 0:b86d15c6ba29 | 575 | #ifdef HAVE_CAVIUM |
Vanger | 0:b86d15c6ba29 | 576 | if (ssl->devId != NO_CAVIUM_DEVICE) { |
Vanger | 0:b86d15c6ba29 | 577 | Des3_FreeCavium(ssl->encrypt.des3); |
Vanger | 0:b86d15c6ba29 | 578 | Des3_FreeCavium(ssl->decrypt.des3); |
Vanger | 0:b86d15c6ba29 | 579 | } |
Vanger | 0:b86d15c6ba29 | 580 | #endif |
Vanger | 0:b86d15c6ba29 | 581 | XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 582 | XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 583 | #endif |
Vanger | 0:b86d15c6ba29 | 584 | #ifdef BUILD_AES |
Vanger | 0:b86d15c6ba29 | 585 | #ifdef HAVE_CAVIUM |
Vanger | 0:b86d15c6ba29 | 586 | if (ssl->devId != NO_CAVIUM_DEVICE) { |
Vanger | 0:b86d15c6ba29 | 587 | AesFreeCavium(ssl->encrypt.aes); |
Vanger | 0:b86d15c6ba29 | 588 | AesFreeCavium(ssl->decrypt.aes); |
Vanger | 0:b86d15c6ba29 | 589 | } |
Vanger | 0:b86d15c6ba29 | 590 | #endif |
Vanger | 0:b86d15c6ba29 | 591 | XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 592 | XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 593 | #endif |
Vanger | 0:b86d15c6ba29 | 594 | #ifdef HAVE_CAMELLIA |
Vanger | 0:b86d15c6ba29 | 595 | XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 596 | XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 597 | #endif |
Vanger | 0:b86d15c6ba29 | 598 | #ifdef HAVE_HC128 |
Vanger | 0:b86d15c6ba29 | 599 | XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 600 | XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 601 | #endif |
Vanger | 0:b86d15c6ba29 | 602 | #ifdef BUILD_RABBIT |
Vanger | 0:b86d15c6ba29 | 603 | XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 604 | XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 605 | #endif |
Vanger | 0:b86d15c6ba29 | 606 | #ifdef HAVE_CHACHA |
Vanger | 0:b86d15c6ba29 | 607 | XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 608 | XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 609 | #endif |
Vanger | 0:b86d15c6ba29 | 610 | #ifdef HAVE_POLY1305 |
Vanger | 0:b86d15c6ba29 | 611 | XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); |
Vanger | 0:b86d15c6ba29 | 612 | #endif |
Vanger | 0:b86d15c6ba29 | 613 | } |
Vanger | 0:b86d15c6ba29 | 614 | |
Vanger | 0:b86d15c6ba29 | 615 | |
Vanger | 0:b86d15c6ba29 | 616 | void InitCipherSpecs(CipherSpecs* cs) |
Vanger | 0:b86d15c6ba29 | 617 | { |
Vanger | 0:b86d15c6ba29 | 618 | cs->bulk_cipher_algorithm = INVALID_BYTE; |
Vanger | 0:b86d15c6ba29 | 619 | cs->cipher_type = INVALID_BYTE; |
Vanger | 0:b86d15c6ba29 | 620 | cs->mac_algorithm = INVALID_BYTE; |
Vanger | 0:b86d15c6ba29 | 621 | cs->kea = INVALID_BYTE; |
Vanger | 0:b86d15c6ba29 | 622 | cs->sig_algo = INVALID_BYTE; |
Vanger | 0:b86d15c6ba29 | 623 | |
Vanger | 0:b86d15c6ba29 | 624 | cs->hash_size = 0; |
Vanger | 0:b86d15c6ba29 | 625 | cs->static_ecdh = 0; |
Vanger | 0:b86d15c6ba29 | 626 | cs->key_size = 0; |
Vanger | 0:b86d15c6ba29 | 627 | cs->iv_size = 0; |
Vanger | 0:b86d15c6ba29 | 628 | cs->block_size = 0; |
Vanger | 0:b86d15c6ba29 | 629 | } |
Vanger | 0:b86d15c6ba29 | 630 | |
Vanger | 0:b86d15c6ba29 | 631 | static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, |
Vanger | 0:b86d15c6ba29 | 632 | int haveRSAsig, int haveAnon) |
Vanger | 0:b86d15c6ba29 | 633 | { |
Vanger | 0:b86d15c6ba29 | 634 | int idx = 0; |
Vanger | 0:b86d15c6ba29 | 635 | |
Vanger | 0:b86d15c6ba29 | 636 | if (haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 637 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 638 | suites->hashSigAlgo[idx++] = sha384_mac; |
Vanger | 0:b86d15c6ba29 | 639 | suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; |
Vanger | 0:b86d15c6ba29 | 640 | #endif |
Vanger | 0:b86d15c6ba29 | 641 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 642 | suites->hashSigAlgo[idx++] = sha256_mac; |
Vanger | 0:b86d15c6ba29 | 643 | suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; |
Vanger | 0:b86d15c6ba29 | 644 | #endif |
Vanger | 0:b86d15c6ba29 | 645 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 646 | suites->hashSigAlgo[idx++] = sha_mac; |
Vanger | 0:b86d15c6ba29 | 647 | suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; |
Vanger | 0:b86d15c6ba29 | 648 | #endif |
Vanger | 0:b86d15c6ba29 | 649 | } |
Vanger | 0:b86d15c6ba29 | 650 | |
Vanger | 0:b86d15c6ba29 | 651 | if (haveRSAsig) { |
Vanger | 0:b86d15c6ba29 | 652 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 653 | suites->hashSigAlgo[idx++] = sha384_mac; |
Vanger | 0:b86d15c6ba29 | 654 | suites->hashSigAlgo[idx++] = rsa_sa_algo; |
Vanger | 0:b86d15c6ba29 | 655 | #endif |
Vanger | 0:b86d15c6ba29 | 656 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 657 | suites->hashSigAlgo[idx++] = sha256_mac; |
Vanger | 0:b86d15c6ba29 | 658 | suites->hashSigAlgo[idx++] = rsa_sa_algo; |
Vanger | 0:b86d15c6ba29 | 659 | #endif |
Vanger | 0:b86d15c6ba29 | 660 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 661 | suites->hashSigAlgo[idx++] = sha_mac; |
Vanger | 0:b86d15c6ba29 | 662 | suites->hashSigAlgo[idx++] = rsa_sa_algo; |
Vanger | 0:b86d15c6ba29 | 663 | #endif |
Vanger | 0:b86d15c6ba29 | 664 | } |
Vanger | 0:b86d15c6ba29 | 665 | |
Vanger | 0:b86d15c6ba29 | 666 | if (haveAnon) { |
Vanger | 0:b86d15c6ba29 | 667 | #ifdef HAVE_ANON |
Vanger | 0:b86d15c6ba29 | 668 | suites->hashSigAlgo[idx++] = sha_mac; |
Vanger | 0:b86d15c6ba29 | 669 | suites->hashSigAlgo[idx++] = anonymous_sa_algo; |
Vanger | 0:b86d15c6ba29 | 670 | #endif |
Vanger | 0:b86d15c6ba29 | 671 | } |
Vanger | 0:b86d15c6ba29 | 672 | |
Vanger | 0:b86d15c6ba29 | 673 | suites->hashSigAlgoSz = (word16)idx; |
Vanger | 0:b86d15c6ba29 | 674 | } |
Vanger | 0:b86d15c6ba29 | 675 | |
Vanger | 0:b86d15c6ba29 | 676 | void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, |
Vanger | 0:b86d15c6ba29 | 677 | byte haveDH, byte haveNTRU, byte haveECDSAsig, |
Vanger | 0:b86d15c6ba29 | 678 | byte haveStaticECC, int side) |
Vanger | 0:b86d15c6ba29 | 679 | { |
Vanger | 0:b86d15c6ba29 | 680 | word16 idx = 0; |
Vanger | 0:b86d15c6ba29 | 681 | int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR; |
Vanger | 0:b86d15c6ba29 | 682 | int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR; |
Vanger | 0:b86d15c6ba29 | 683 | int haveRSAsig = 1; |
Vanger | 0:b86d15c6ba29 | 684 | |
Vanger | 0:b86d15c6ba29 | 685 | (void)tls; /* shut up compiler */ |
Vanger | 0:b86d15c6ba29 | 686 | (void)tls1_2; |
Vanger | 0:b86d15c6ba29 | 687 | (void)haveDH; |
Vanger | 0:b86d15c6ba29 | 688 | (void)havePSK; |
Vanger | 0:b86d15c6ba29 | 689 | (void)haveNTRU; |
Vanger | 0:b86d15c6ba29 | 690 | (void)haveStaticECC; |
Vanger | 0:b86d15c6ba29 | 691 | |
Vanger | 0:b86d15c6ba29 | 692 | if (suites == NULL) { |
Vanger | 0:b86d15c6ba29 | 693 | CYASSL_MSG("InitSuites pointer error"); |
Vanger | 0:b86d15c6ba29 | 694 | return; |
Vanger | 0:b86d15c6ba29 | 695 | } |
Vanger | 0:b86d15c6ba29 | 696 | |
Vanger | 0:b86d15c6ba29 | 697 | if (suites->setSuites) |
Vanger | 0:b86d15c6ba29 | 698 | return; /* trust user settings, don't override */ |
Vanger | 0:b86d15c6ba29 | 699 | |
Vanger | 0:b86d15c6ba29 | 700 | if (side == CYASSL_SERVER_END && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 701 | haveRSA = 0; /* can't do RSA with ECDSA key */ |
Vanger | 0:b86d15c6ba29 | 702 | (void)haveRSA; /* some builds won't read */ |
Vanger | 0:b86d15c6ba29 | 703 | } |
Vanger | 0:b86d15c6ba29 | 704 | |
Vanger | 0:b86d15c6ba29 | 705 | if (side == CYASSL_SERVER_END && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 706 | haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ |
Vanger | 0:b86d15c6ba29 | 707 | (void)haveRSAsig; /* non ecc builds won't read */ |
Vanger | 0:b86d15c6ba29 | 708 | } |
Vanger | 0:b86d15c6ba29 | 709 | |
Vanger | 0:b86d15c6ba29 | 710 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 711 | if (pv.major == DTLS_MAJOR) { |
Vanger | 0:b86d15c6ba29 | 712 | tls = 1; |
Vanger | 0:b86d15c6ba29 | 713 | tls1_2 = pv.minor <= DTLSv1_2_MINOR; |
Vanger | 0:b86d15c6ba29 | 714 | } |
Vanger | 0:b86d15c6ba29 | 715 | #endif |
Vanger | 0:b86d15c6ba29 | 716 | |
Vanger | 0:b86d15c6ba29 | 717 | #ifdef HAVE_RENEGOTIATION_INDICATION |
Vanger | 0:b86d15c6ba29 | 718 | if (side == CYASSL_CLIENT_END) { |
Vanger | 0:b86d15c6ba29 | 719 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 720 | suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; |
Vanger | 0:b86d15c6ba29 | 721 | } |
Vanger | 0:b86d15c6ba29 | 722 | #endif |
Vanger | 0:b86d15c6ba29 | 723 | |
Vanger | 0:b86d15c6ba29 | 724 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 725 | if (tls && haveNTRU && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 726 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 727 | suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 728 | } |
Vanger | 0:b86d15c6ba29 | 729 | #endif |
Vanger | 0:b86d15c6ba29 | 730 | |
Vanger | 0:b86d15c6ba29 | 731 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 732 | if (tls && haveNTRU && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 733 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 734 | suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 735 | } |
Vanger | 0:b86d15c6ba29 | 736 | #endif |
Vanger | 0:b86d15c6ba29 | 737 | |
Vanger | 0:b86d15c6ba29 | 738 | #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 739 | if (tls && haveNTRU && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 740 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 741 | suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA; |
Vanger | 0:b86d15c6ba29 | 742 | } |
Vanger | 0:b86d15c6ba29 | 743 | #endif |
Vanger | 0:b86d15c6ba29 | 744 | |
Vanger | 0:b86d15c6ba29 | 745 | #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 746 | if (tls && haveNTRU && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 747 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 748 | suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 749 | } |
Vanger | 0:b86d15c6ba29 | 750 | #endif |
Vanger | 0:b86d15c6ba29 | 751 | |
Vanger | 0:b86d15c6ba29 | 752 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 753 | if (tls1_2 && haveRSAsig) { |
Vanger | 0:b86d15c6ba29 | 754 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 755 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 756 | } |
Vanger | 0:b86d15c6ba29 | 757 | #endif |
Vanger | 0:b86d15c6ba29 | 758 | |
Vanger | 0:b86d15c6ba29 | 759 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 760 | if (tls1_2 && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 761 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 762 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 763 | } |
Vanger | 0:b86d15c6ba29 | 764 | #endif |
Vanger | 0:b86d15c6ba29 | 765 | |
Vanger | 0:b86d15c6ba29 | 766 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 767 | if (tls1_2 && haveRSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 768 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 769 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 770 | } |
Vanger | 0:b86d15c6ba29 | 771 | #endif |
Vanger | 0:b86d15c6ba29 | 772 | |
Vanger | 0:b86d15c6ba29 | 773 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 774 | if (tls1_2 && haveECDSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 775 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 776 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 777 | } |
Vanger | 0:b86d15c6ba29 | 778 | #endif |
Vanger | 0:b86d15c6ba29 | 779 | |
Vanger | 0:b86d15c6ba29 | 780 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 781 | if (tls1_2 && haveRSAsig) { |
Vanger | 0:b86d15c6ba29 | 782 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 783 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384; |
Vanger | 0:b86d15c6ba29 | 784 | } |
Vanger | 0:b86d15c6ba29 | 785 | #endif |
Vanger | 0:b86d15c6ba29 | 786 | |
Vanger | 0:b86d15c6ba29 | 787 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 788 | if (tls1_2 && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 789 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 790 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384; |
Vanger | 0:b86d15c6ba29 | 791 | } |
Vanger | 0:b86d15c6ba29 | 792 | #endif |
Vanger | 0:b86d15c6ba29 | 793 | |
Vanger | 0:b86d15c6ba29 | 794 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 795 | if (tls1_2 && haveRSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 796 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 797 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384; |
Vanger | 0:b86d15c6ba29 | 798 | } |
Vanger | 0:b86d15c6ba29 | 799 | #endif |
Vanger | 0:b86d15c6ba29 | 800 | |
Vanger | 0:b86d15c6ba29 | 801 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 802 | if (tls1_2 && haveECDSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 803 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 804 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384; |
Vanger | 0:b86d15c6ba29 | 805 | } |
Vanger | 0:b86d15c6ba29 | 806 | #endif |
Vanger | 0:b86d15c6ba29 | 807 | |
Vanger | 0:b86d15c6ba29 | 808 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 809 | if (tls1_2 && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 810 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 811 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384; |
Vanger | 0:b86d15c6ba29 | 812 | } |
Vanger | 0:b86d15c6ba29 | 813 | #endif |
Vanger | 0:b86d15c6ba29 | 814 | |
Vanger | 0:b86d15c6ba29 | 815 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 816 | if (tls && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 817 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 818 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 819 | } |
Vanger | 0:b86d15c6ba29 | 820 | #endif |
Vanger | 0:b86d15c6ba29 | 821 | |
Vanger | 0:b86d15c6ba29 | 822 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 823 | if (tls1_2 && haveECDSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 824 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 825 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384; |
Vanger | 0:b86d15c6ba29 | 826 | } |
Vanger | 0:b86d15c6ba29 | 827 | #endif |
Vanger | 0:b86d15c6ba29 | 828 | |
Vanger | 0:b86d15c6ba29 | 829 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 830 | if (tls && haveECDSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 831 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 832 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 833 | } |
Vanger | 0:b86d15c6ba29 | 834 | #endif |
Vanger | 0:b86d15c6ba29 | 835 | |
Vanger | 0:b86d15c6ba29 | 836 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 837 | if (tls1_2 && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 838 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 839 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256; |
Vanger | 0:b86d15c6ba29 | 840 | } |
Vanger | 0:b86d15c6ba29 | 841 | #endif |
Vanger | 0:b86d15c6ba29 | 842 | |
Vanger | 0:b86d15c6ba29 | 843 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 844 | if (tls && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 845 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 846 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 847 | } |
Vanger | 0:b86d15c6ba29 | 848 | #endif |
Vanger | 0:b86d15c6ba29 | 849 | |
Vanger | 0:b86d15c6ba29 | 850 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 851 | if (tls1_2 && haveECDSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 852 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 853 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256; |
Vanger | 0:b86d15c6ba29 | 854 | } |
Vanger | 0:b86d15c6ba29 | 855 | #endif |
Vanger | 0:b86d15c6ba29 | 856 | |
Vanger | 0:b86d15c6ba29 | 857 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 858 | if (tls && haveECDSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 859 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 860 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 861 | } |
Vanger | 0:b86d15c6ba29 | 862 | #endif |
Vanger | 0:b86d15c6ba29 | 863 | |
Vanger | 0:b86d15c6ba29 | 864 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 865 | if (tls && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 866 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 867 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA; |
Vanger | 0:b86d15c6ba29 | 868 | } |
Vanger | 0:b86d15c6ba29 | 869 | #endif |
Vanger | 0:b86d15c6ba29 | 870 | |
Vanger | 0:b86d15c6ba29 | 871 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 872 | if (tls && haveECDSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 873 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 874 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA; |
Vanger | 0:b86d15c6ba29 | 875 | } |
Vanger | 0:b86d15c6ba29 | 876 | #endif |
Vanger | 0:b86d15c6ba29 | 877 | |
Vanger | 0:b86d15c6ba29 | 878 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 879 | if (tls && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 880 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 881 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 882 | } |
Vanger | 0:b86d15c6ba29 | 883 | #endif |
Vanger | 0:b86d15c6ba29 | 884 | |
Vanger | 0:b86d15c6ba29 | 885 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 886 | if (tls && haveECDSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 887 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 888 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 889 | } |
Vanger | 0:b86d15c6ba29 | 890 | #endif |
Vanger | 0:b86d15c6ba29 | 891 | |
Vanger | 0:b86d15c6ba29 | 892 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 893 | if (tls1_2 && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 894 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 895 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384; |
Vanger | 0:b86d15c6ba29 | 896 | } |
Vanger | 0:b86d15c6ba29 | 897 | #endif |
Vanger | 0:b86d15c6ba29 | 898 | |
Vanger | 0:b86d15c6ba29 | 899 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 900 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 901 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 902 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 903 | } |
Vanger | 0:b86d15c6ba29 | 904 | #endif |
Vanger | 0:b86d15c6ba29 | 905 | |
Vanger | 0:b86d15c6ba29 | 906 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 907 | if (tls1_2 && haveRSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 908 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 909 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384; |
Vanger | 0:b86d15c6ba29 | 910 | } |
Vanger | 0:b86d15c6ba29 | 911 | #endif |
Vanger | 0:b86d15c6ba29 | 912 | |
Vanger | 0:b86d15c6ba29 | 913 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 914 | if (tls && haveRSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 915 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 916 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 917 | } |
Vanger | 0:b86d15c6ba29 | 918 | #endif |
Vanger | 0:b86d15c6ba29 | 919 | |
Vanger | 0:b86d15c6ba29 | 920 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 921 | if (tls1_2 && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 922 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 923 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256; |
Vanger | 0:b86d15c6ba29 | 924 | } |
Vanger | 0:b86d15c6ba29 | 925 | #endif |
Vanger | 0:b86d15c6ba29 | 926 | |
Vanger | 0:b86d15c6ba29 | 927 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 928 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 929 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 930 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 931 | } |
Vanger | 0:b86d15c6ba29 | 932 | #endif |
Vanger | 0:b86d15c6ba29 | 933 | |
Vanger | 0:b86d15c6ba29 | 934 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 935 | if (tls1_2 && haveRSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 936 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 937 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256; |
Vanger | 0:b86d15c6ba29 | 938 | } |
Vanger | 0:b86d15c6ba29 | 939 | #endif |
Vanger | 0:b86d15c6ba29 | 940 | |
Vanger | 0:b86d15c6ba29 | 941 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 942 | if (tls && haveRSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 943 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 944 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 945 | } |
Vanger | 0:b86d15c6ba29 | 946 | #endif |
Vanger | 0:b86d15c6ba29 | 947 | |
Vanger | 0:b86d15c6ba29 | 948 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 949 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 950 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 951 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA; |
Vanger | 0:b86d15c6ba29 | 952 | } |
Vanger | 0:b86d15c6ba29 | 953 | #endif |
Vanger | 0:b86d15c6ba29 | 954 | |
Vanger | 0:b86d15c6ba29 | 955 | #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 956 | if (tls && haveRSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 957 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 958 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA; |
Vanger | 0:b86d15c6ba29 | 959 | } |
Vanger | 0:b86d15c6ba29 | 960 | #endif |
Vanger | 0:b86d15c6ba29 | 961 | |
Vanger | 0:b86d15c6ba29 | 962 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 963 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 964 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 965 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 966 | } |
Vanger | 0:b86d15c6ba29 | 967 | #endif |
Vanger | 0:b86d15c6ba29 | 968 | |
Vanger | 0:b86d15c6ba29 | 969 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
Vanger | 0:b86d15c6ba29 | 970 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 971 | suites->suites[idx++] = CHACHA_BYTE; |
Vanger | 0:b86d15c6ba29 | 972 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256; |
Vanger | 0:b86d15c6ba29 | 973 | } |
Vanger | 0:b86d15c6ba29 | 974 | #endif |
Vanger | 0:b86d15c6ba29 | 975 | |
Vanger | 0:b86d15c6ba29 | 976 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
Vanger | 0:b86d15c6ba29 | 977 | if (tls1_2 && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 978 | suites->suites[idx++] = CHACHA_BYTE; |
Vanger | 0:b86d15c6ba29 | 979 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256; |
Vanger | 0:b86d15c6ba29 | 980 | } |
Vanger | 0:b86d15c6ba29 | 981 | #endif |
Vanger | 0:b86d15c6ba29 | 982 | |
Vanger | 0:b86d15c6ba29 | 983 | #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
Vanger | 0:b86d15c6ba29 | 984 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 985 | suites->suites[idx++] = CHACHA_BYTE; |
Vanger | 0:b86d15c6ba29 | 986 | suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256; |
Vanger | 0:b86d15c6ba29 | 987 | } |
Vanger | 0:b86d15c6ba29 | 988 | #endif |
Vanger | 0:b86d15c6ba29 | 989 | |
Vanger | 0:b86d15c6ba29 | 990 | #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 991 | if (tls && haveRSAsig && haveStaticECC) { |
Vanger | 0:b86d15c6ba29 | 992 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 993 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 994 | } |
Vanger | 0:b86d15c6ba29 | 995 | #endif |
Vanger | 0:b86d15c6ba29 | 996 | |
Vanger | 0:b86d15c6ba29 | 997 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 998 | if (tls1_2 && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 999 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1000 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384; |
Vanger | 0:b86d15c6ba29 | 1001 | } |
Vanger | 0:b86d15c6ba29 | 1002 | #endif |
Vanger | 0:b86d15c6ba29 | 1003 | |
Vanger | 0:b86d15c6ba29 | 1004 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 |
Vanger | 0:b86d15c6ba29 | 1005 | if (tls1_2 && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 1006 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1007 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8; |
Vanger | 0:b86d15c6ba29 | 1008 | } |
Vanger | 0:b86d15c6ba29 | 1009 | #endif |
Vanger | 0:b86d15c6ba29 | 1010 | |
Vanger | 0:b86d15c6ba29 | 1011 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 |
Vanger | 0:b86d15c6ba29 | 1012 | if (tls1_2 && haveECDSAsig) { |
Vanger | 0:b86d15c6ba29 | 1013 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1014 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8; |
Vanger | 0:b86d15c6ba29 | 1015 | } |
Vanger | 0:b86d15c6ba29 | 1016 | #endif |
Vanger | 0:b86d15c6ba29 | 1017 | |
Vanger | 0:b86d15c6ba29 | 1018 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 |
Vanger | 0:b86d15c6ba29 | 1019 | if (tls1_2 && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1020 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1021 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8; |
Vanger | 0:b86d15c6ba29 | 1022 | } |
Vanger | 0:b86d15c6ba29 | 1023 | #endif |
Vanger | 0:b86d15c6ba29 | 1024 | |
Vanger | 0:b86d15c6ba29 | 1025 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 |
Vanger | 0:b86d15c6ba29 | 1026 | if (tls1_2 && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1027 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1028 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8; |
Vanger | 0:b86d15c6ba29 | 1029 | } |
Vanger | 0:b86d15c6ba29 | 1030 | #endif |
Vanger | 0:b86d15c6ba29 | 1031 | |
Vanger | 0:b86d15c6ba29 | 1032 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1033 | if (tls1_2 && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1034 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1035 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1036 | } |
Vanger | 0:b86d15c6ba29 | 1037 | #endif |
Vanger | 0:b86d15c6ba29 | 1038 | |
Vanger | 0:b86d15c6ba29 | 1039 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 1040 | if (tls1_2 && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1041 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1042 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256; |
Vanger | 0:b86d15c6ba29 | 1043 | } |
Vanger | 0:b86d15c6ba29 | 1044 | #endif |
Vanger | 0:b86d15c6ba29 | 1045 | |
Vanger | 0:b86d15c6ba29 | 1046 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1047 | if (tls1_2 && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1048 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1049 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1050 | } |
Vanger | 0:b86d15c6ba29 | 1051 | #endif |
Vanger | 0:b86d15c6ba29 | 1052 | |
Vanger | 0:b86d15c6ba29 | 1053 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1054 | if (tls && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1055 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1056 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1057 | } |
Vanger | 0:b86d15c6ba29 | 1058 | #endif |
Vanger | 0:b86d15c6ba29 | 1059 | |
Vanger | 0:b86d15c6ba29 | 1060 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1061 | if (tls && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1062 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1063 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1064 | } |
Vanger | 0:b86d15c6ba29 | 1065 | #endif |
Vanger | 0:b86d15c6ba29 | 1066 | |
Vanger | 0:b86d15c6ba29 | 1067 | #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 1068 | if (tls1_2 && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1069 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1070 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384; |
Vanger | 0:b86d15c6ba29 | 1071 | } |
Vanger | 0:b86d15c6ba29 | 1072 | #endif |
Vanger | 0:b86d15c6ba29 | 1073 | |
Vanger | 0:b86d15c6ba29 | 1074 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1075 | if (tls1_2 && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1076 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1077 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1078 | } |
Vanger | 0:b86d15c6ba29 | 1079 | #endif |
Vanger | 0:b86d15c6ba29 | 1080 | |
Vanger | 0:b86d15c6ba29 | 1081 | #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 1082 | if (tls1_2 && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1083 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1084 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256; |
Vanger | 0:b86d15c6ba29 | 1085 | } |
Vanger | 0:b86d15c6ba29 | 1086 | #endif |
Vanger | 0:b86d15c6ba29 | 1087 | |
Vanger | 0:b86d15c6ba29 | 1088 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1089 | if (tls1_2 && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1090 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1091 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1092 | } |
Vanger | 0:b86d15c6ba29 | 1093 | #endif |
Vanger | 0:b86d15c6ba29 | 1094 | |
Vanger | 0:b86d15c6ba29 | 1095 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1096 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1097 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1098 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1099 | } |
Vanger | 0:b86d15c6ba29 | 1100 | #endif |
Vanger | 0:b86d15c6ba29 | 1101 | |
Vanger | 0:b86d15c6ba29 | 1102 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1103 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1104 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1105 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1106 | } |
Vanger | 0:b86d15c6ba29 | 1107 | #endif |
Vanger | 0:b86d15c6ba29 | 1108 | |
Vanger | 0:b86d15c6ba29 | 1109 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA |
Vanger | 0:b86d15c6ba29 | 1110 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1111 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1112 | suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA; |
Vanger | 0:b86d15c6ba29 | 1113 | } |
Vanger | 0:b86d15c6ba29 | 1114 | #endif |
Vanger | 0:b86d15c6ba29 | 1115 | |
Vanger | 0:b86d15c6ba29 | 1116 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 |
Vanger | 0:b86d15c6ba29 | 1117 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1118 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1119 | suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256; |
Vanger | 0:b86d15c6ba29 | 1120 | } |
Vanger | 0:b86d15c6ba29 | 1121 | #endif |
Vanger | 0:b86d15c6ba29 | 1122 | |
Vanger | 0:b86d15c6ba29 | 1123 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 1124 | if (tls1_2 && haveDH && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1125 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1126 | suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384; |
Vanger | 0:b86d15c6ba29 | 1127 | } |
Vanger | 0:b86d15c6ba29 | 1128 | #endif |
Vanger | 0:b86d15c6ba29 | 1129 | |
Vanger | 0:b86d15c6ba29 | 1130 | #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 1131 | if (tls1_2 && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1132 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1133 | suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384; |
Vanger | 0:b86d15c6ba29 | 1134 | } |
Vanger | 0:b86d15c6ba29 | 1135 | #endif |
Vanger | 0:b86d15c6ba29 | 1136 | |
Vanger | 0:b86d15c6ba29 | 1137 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1138 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1139 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1140 | suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1141 | } |
Vanger | 0:b86d15c6ba29 | 1142 | #endif |
Vanger | 0:b86d15c6ba29 | 1143 | |
Vanger | 0:b86d15c6ba29 | 1144 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 1145 | if (tls && haveDH && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1146 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1147 | suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; |
Vanger | 0:b86d15c6ba29 | 1148 | } |
Vanger | 0:b86d15c6ba29 | 1149 | #endif |
Vanger | 0:b86d15c6ba29 | 1150 | |
Vanger | 0:b86d15c6ba29 | 1151 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 1152 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1153 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1154 | suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; |
Vanger | 0:b86d15c6ba29 | 1155 | } |
Vanger | 0:b86d15c6ba29 | 1156 | #endif |
Vanger | 0:b86d15c6ba29 | 1157 | |
Vanger | 0:b86d15c6ba29 | 1158 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 1159 | if (tls1_2 && haveDH && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1160 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1161 | suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256; |
Vanger | 0:b86d15c6ba29 | 1162 | } |
Vanger | 0:b86d15c6ba29 | 1163 | #endif |
Vanger | 0:b86d15c6ba29 | 1164 | |
Vanger | 0:b86d15c6ba29 | 1165 | #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 1166 | if (tls1_2 && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1167 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1168 | suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256; |
Vanger | 0:b86d15c6ba29 | 1169 | } |
Vanger | 0:b86d15c6ba29 | 1170 | #endif |
Vanger | 0:b86d15c6ba29 | 1171 | |
Vanger | 0:b86d15c6ba29 | 1172 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1173 | if (tls && haveDH && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1174 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1175 | suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1176 | } |
Vanger | 0:b86d15c6ba29 | 1177 | #endif |
Vanger | 0:b86d15c6ba29 | 1178 | |
Vanger | 0:b86d15c6ba29 | 1179 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1180 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1181 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1182 | suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1183 | } |
Vanger | 0:b86d15c6ba29 | 1184 | #endif |
Vanger | 0:b86d15c6ba29 | 1185 | |
Vanger | 0:b86d15c6ba29 | 1186 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1187 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1188 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1189 | suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1190 | } |
Vanger | 0:b86d15c6ba29 | 1191 | #endif |
Vanger | 0:b86d15c6ba29 | 1192 | |
Vanger | 0:b86d15c6ba29 | 1193 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM |
Vanger | 0:b86d15c6ba29 | 1194 | if (tls && haveDH && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1195 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1196 | suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM; |
Vanger | 0:b86d15c6ba29 | 1197 | } |
Vanger | 0:b86d15c6ba29 | 1198 | #endif |
Vanger | 0:b86d15c6ba29 | 1199 | |
Vanger | 0:b86d15c6ba29 | 1200 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM |
Vanger | 0:b86d15c6ba29 | 1201 | if (tls && haveDH && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1202 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1203 | suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM; |
Vanger | 0:b86d15c6ba29 | 1204 | } |
Vanger | 0:b86d15c6ba29 | 1205 | #endif |
Vanger | 0:b86d15c6ba29 | 1206 | |
Vanger | 0:b86d15c6ba29 | 1207 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM |
Vanger | 0:b86d15c6ba29 | 1208 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1209 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1210 | suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM; |
Vanger | 0:b86d15c6ba29 | 1211 | } |
Vanger | 0:b86d15c6ba29 | 1212 | #endif |
Vanger | 0:b86d15c6ba29 | 1213 | |
Vanger | 0:b86d15c6ba29 | 1214 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM |
Vanger | 0:b86d15c6ba29 | 1215 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1216 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1217 | suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM; |
Vanger | 0:b86d15c6ba29 | 1218 | } |
Vanger | 0:b86d15c6ba29 | 1219 | #endif |
Vanger | 0:b86d15c6ba29 | 1220 | |
Vanger | 0:b86d15c6ba29 | 1221 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 |
Vanger | 0:b86d15c6ba29 | 1222 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1223 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1224 | suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8; |
Vanger | 0:b86d15c6ba29 | 1225 | } |
Vanger | 0:b86d15c6ba29 | 1226 | #endif |
Vanger | 0:b86d15c6ba29 | 1227 | |
Vanger | 0:b86d15c6ba29 | 1228 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 |
Vanger | 0:b86d15c6ba29 | 1229 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1230 | suites->suites[idx++] = ECC_BYTE; |
Vanger | 0:b86d15c6ba29 | 1231 | suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8; |
Vanger | 0:b86d15c6ba29 | 1232 | } |
Vanger | 0:b86d15c6ba29 | 1233 | #endif |
Vanger | 0:b86d15c6ba29 | 1234 | |
Vanger | 0:b86d15c6ba29 | 1235 | #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 |
Vanger | 0:b86d15c6ba29 | 1236 | if (tls && haveDH && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1237 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1238 | suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; |
Vanger | 0:b86d15c6ba29 | 1239 | } |
Vanger | 0:b86d15c6ba29 | 1240 | #endif |
Vanger | 0:b86d15c6ba29 | 1241 | |
Vanger | 0:b86d15c6ba29 | 1242 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 |
Vanger | 0:b86d15c6ba29 | 1243 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1244 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1245 | suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; |
Vanger | 0:b86d15c6ba29 | 1246 | } |
Vanger | 0:b86d15c6ba29 | 1247 | #endif |
Vanger | 0:b86d15c6ba29 | 1248 | |
Vanger | 0:b86d15c6ba29 | 1249 | #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 |
Vanger | 0:b86d15c6ba29 | 1250 | if (tls && haveDH && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1251 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1252 | suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; |
Vanger | 0:b86d15c6ba29 | 1253 | } |
Vanger | 0:b86d15c6ba29 | 1254 | #endif |
Vanger | 0:b86d15c6ba29 | 1255 | |
Vanger | 0:b86d15c6ba29 | 1256 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 |
Vanger | 0:b86d15c6ba29 | 1257 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1258 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1259 | suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256; |
Vanger | 0:b86d15c6ba29 | 1260 | } |
Vanger | 0:b86d15c6ba29 | 1261 | #endif |
Vanger | 0:b86d15c6ba29 | 1262 | |
Vanger | 0:b86d15c6ba29 | 1263 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA |
Vanger | 0:b86d15c6ba29 | 1264 | if (tls && havePSK) { |
Vanger | 0:b86d15c6ba29 | 1265 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1266 | suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA; |
Vanger | 0:b86d15c6ba29 | 1267 | } |
Vanger | 0:b86d15c6ba29 | 1268 | #endif |
Vanger | 0:b86d15c6ba29 | 1269 | |
Vanger | 0:b86d15c6ba29 | 1270 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 1271 | if (haveRSA ) { |
Vanger | 0:b86d15c6ba29 | 1272 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1273 | suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA; |
Vanger | 0:b86d15c6ba29 | 1274 | } |
Vanger | 0:b86d15c6ba29 | 1275 | #endif |
Vanger | 0:b86d15c6ba29 | 1276 | |
Vanger | 0:b86d15c6ba29 | 1277 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 |
Vanger | 0:b86d15c6ba29 | 1278 | if (haveRSA ) { |
Vanger | 0:b86d15c6ba29 | 1279 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1280 | suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5; |
Vanger | 0:b86d15c6ba29 | 1281 | } |
Vanger | 0:b86d15c6ba29 | 1282 | #endif |
Vanger | 0:b86d15c6ba29 | 1283 | |
Vanger | 0:b86d15c6ba29 | 1284 | #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1285 | if (haveRSA ) { |
Vanger | 0:b86d15c6ba29 | 1286 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1287 | suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1288 | } |
Vanger | 0:b86d15c6ba29 | 1289 | #endif |
Vanger | 0:b86d15c6ba29 | 1290 | |
Vanger | 0:b86d15c6ba29 | 1291 | #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 |
Vanger | 0:b86d15c6ba29 | 1292 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1293 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1294 | suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5; |
Vanger | 0:b86d15c6ba29 | 1295 | } |
Vanger | 0:b86d15c6ba29 | 1296 | #endif |
Vanger | 0:b86d15c6ba29 | 1297 | |
Vanger | 0:b86d15c6ba29 | 1298 | #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA |
Vanger | 0:b86d15c6ba29 | 1299 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1300 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1301 | suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA; |
Vanger | 0:b86d15c6ba29 | 1302 | } |
Vanger | 0:b86d15c6ba29 | 1303 | #endif |
Vanger | 0:b86d15c6ba29 | 1304 | |
Vanger | 0:b86d15c6ba29 | 1305 | #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 |
Vanger | 0:b86d15c6ba29 | 1306 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1307 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1308 | suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256; |
Vanger | 0:b86d15c6ba29 | 1309 | } |
Vanger | 0:b86d15c6ba29 | 1310 | #endif |
Vanger | 0:b86d15c6ba29 | 1311 | |
Vanger | 0:b86d15c6ba29 | 1312 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 |
Vanger | 0:b86d15c6ba29 | 1313 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1314 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1315 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256; |
Vanger | 0:b86d15c6ba29 | 1316 | } |
Vanger | 0:b86d15c6ba29 | 1317 | #endif |
Vanger | 0:b86d15c6ba29 | 1318 | |
Vanger | 0:b86d15c6ba29 | 1319 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 |
Vanger | 0:b86d15c6ba29 | 1320 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1321 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1322 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256; |
Vanger | 0:b86d15c6ba29 | 1323 | } |
Vanger | 0:b86d15c6ba29 | 1324 | #endif |
Vanger | 0:b86d15c6ba29 | 1325 | |
Vanger | 0:b86d15c6ba29 | 1326 | #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA |
Vanger | 0:b86d15c6ba29 | 1327 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1328 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1329 | suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA; |
Vanger | 0:b86d15c6ba29 | 1330 | } |
Vanger | 0:b86d15c6ba29 | 1331 | #endif |
Vanger | 0:b86d15c6ba29 | 1332 | |
Vanger | 0:b86d15c6ba29 | 1333 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1334 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1335 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1336 | suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1337 | } |
Vanger | 0:b86d15c6ba29 | 1338 | #endif |
Vanger | 0:b86d15c6ba29 | 1339 | |
Vanger | 0:b86d15c6ba29 | 1340 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1341 | if (tls && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1342 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1343 | suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1344 | } |
Vanger | 0:b86d15c6ba29 | 1345 | #endif |
Vanger | 0:b86d15c6ba29 | 1346 | |
Vanger | 0:b86d15c6ba29 | 1347 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1348 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1349 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1350 | suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1351 | } |
Vanger | 0:b86d15c6ba29 | 1352 | #endif |
Vanger | 0:b86d15c6ba29 | 1353 | |
Vanger | 0:b86d15c6ba29 | 1354 | #ifdef BUILD_TLS_DHE_WITH_RSA_CAMELLIA_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 1355 | if (tls && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1356 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1357 | suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA; |
Vanger | 0:b86d15c6ba29 | 1358 | } |
Vanger | 0:b86d15c6ba29 | 1359 | #endif |
Vanger | 0:b86d15c6ba29 | 1360 | |
Vanger | 0:b86d15c6ba29 | 1361 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1362 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1363 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1364 | suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1365 | } |
Vanger | 0:b86d15c6ba29 | 1366 | #endif |
Vanger | 0:b86d15c6ba29 | 1367 | |
Vanger | 0:b86d15c6ba29 | 1368 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1369 | if (tls && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1370 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1371 | suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1372 | } |
Vanger | 0:b86d15c6ba29 | 1373 | #endif |
Vanger | 0:b86d15c6ba29 | 1374 | |
Vanger | 0:b86d15c6ba29 | 1375 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1376 | if (tls && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1377 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1378 | suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1379 | } |
Vanger | 0:b86d15c6ba29 | 1380 | #endif |
Vanger | 0:b86d15c6ba29 | 1381 | |
Vanger | 0:b86d15c6ba29 | 1382 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 1383 | if (tls && haveDH && haveRSA) { |
Vanger | 0:b86d15c6ba29 | 1384 | suites->suites[idx++] = 0; |
Vanger | 0:b86d15c6ba29 | 1385 | suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256; |
Vanger | 0:b86d15c6ba29 | 1386 | } |
Vanger | 0:b86d15c6ba29 | 1387 | #endif |
Vanger | 0:b86d15c6ba29 | 1388 | |
Vanger | 0:b86d15c6ba29 | 1389 | suites->suiteSz = idx; |
Vanger | 0:b86d15c6ba29 | 1390 | |
Vanger | 0:b86d15c6ba29 | 1391 | InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0); |
Vanger | 0:b86d15c6ba29 | 1392 | } |
Vanger | 0:b86d15c6ba29 | 1393 | |
Vanger | 0:b86d15c6ba29 | 1394 | |
Vanger | 0:b86d15c6ba29 | 1395 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 1396 | |
Vanger | 0:b86d15c6ba29 | 1397 | |
Vanger | 0:b86d15c6ba29 | 1398 | void InitX509Name(CYASSL_X509_NAME* name, int dynamicFlag) |
Vanger | 0:b86d15c6ba29 | 1399 | { |
Vanger | 0:b86d15c6ba29 | 1400 | (void)dynamicFlag; |
Vanger | 0:b86d15c6ba29 | 1401 | |
Vanger | 0:b86d15c6ba29 | 1402 | if (name != NULL) { |
Vanger | 0:b86d15c6ba29 | 1403 | name->name = name->staticName; |
Vanger | 0:b86d15c6ba29 | 1404 | name->dynamicName = 0; |
Vanger | 0:b86d15c6ba29 | 1405 | #ifdef OPENSSL_EXTRA |
Vanger | 0:b86d15c6ba29 | 1406 | XMEMSET(&name->fullName, 0, sizeof(DecodedName)); |
Vanger | 0:b86d15c6ba29 | 1407 | #endif /* OPENSSL_EXTRA */ |
Vanger | 0:b86d15c6ba29 | 1408 | } |
Vanger | 0:b86d15c6ba29 | 1409 | } |
Vanger | 0:b86d15c6ba29 | 1410 | |
Vanger | 0:b86d15c6ba29 | 1411 | |
Vanger | 0:b86d15c6ba29 | 1412 | void FreeX509Name(CYASSL_X509_NAME* name) |
Vanger | 0:b86d15c6ba29 | 1413 | { |
Vanger | 0:b86d15c6ba29 | 1414 | if (name != NULL) { |
Vanger | 0:b86d15c6ba29 | 1415 | if (name->dynamicName) |
Vanger | 0:b86d15c6ba29 | 1416 | XFREE(name->name, NULL, DYNAMIC_TYPE_SUBJECT_CN); |
Vanger | 0:b86d15c6ba29 | 1417 | #ifdef OPENSSL_EXTRA |
Vanger | 0:b86d15c6ba29 | 1418 | if (name->fullName.fullName != NULL) |
Vanger | 0:b86d15c6ba29 | 1419 | XFREE(name->fullName.fullName, NULL, DYNAMIC_TYPE_X509); |
Vanger | 0:b86d15c6ba29 | 1420 | #endif /* OPENSSL_EXTRA */ |
Vanger | 0:b86d15c6ba29 | 1421 | } |
Vanger | 0:b86d15c6ba29 | 1422 | } |
Vanger | 0:b86d15c6ba29 | 1423 | |
Vanger | 0:b86d15c6ba29 | 1424 | |
Vanger | 0:b86d15c6ba29 | 1425 | /* Initialize CyaSSL X509 type */ |
Vanger | 0:b86d15c6ba29 | 1426 | void InitX509(CYASSL_X509* x509, int dynamicFlag) |
Vanger | 0:b86d15c6ba29 | 1427 | { |
Vanger | 0:b86d15c6ba29 | 1428 | InitX509Name(&x509->issuer, 0); |
Vanger | 0:b86d15c6ba29 | 1429 | InitX509Name(&x509->subject, 0); |
Vanger | 0:b86d15c6ba29 | 1430 | x509->version = 0; |
Vanger | 0:b86d15c6ba29 | 1431 | x509->pubKey.buffer = NULL; |
Vanger | 0:b86d15c6ba29 | 1432 | x509->sig.buffer = NULL; |
Vanger | 0:b86d15c6ba29 | 1433 | x509->derCert.buffer = NULL; |
Vanger | 0:b86d15c6ba29 | 1434 | x509->altNames = NULL; |
Vanger | 0:b86d15c6ba29 | 1435 | x509->altNamesNext = NULL; |
Vanger | 0:b86d15c6ba29 | 1436 | x509->dynamicMemory = (byte)dynamicFlag; |
Vanger | 0:b86d15c6ba29 | 1437 | x509->isCa = 0; |
Vanger | 0:b86d15c6ba29 | 1438 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 1439 | x509->pkCurveOID = 0; |
Vanger | 0:b86d15c6ba29 | 1440 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 1441 | #ifdef OPENSSL_EXTRA |
Vanger | 0:b86d15c6ba29 | 1442 | x509->pathLength = 0; |
Vanger | 0:b86d15c6ba29 | 1443 | x509->basicConstSet = 0; |
Vanger | 0:b86d15c6ba29 | 1444 | x509->basicConstCrit = 0; |
Vanger | 0:b86d15c6ba29 | 1445 | x509->basicConstPlSet = 0; |
Vanger | 0:b86d15c6ba29 | 1446 | x509->subjAltNameSet = 0; |
Vanger | 0:b86d15c6ba29 | 1447 | x509->subjAltNameCrit = 0; |
Vanger | 0:b86d15c6ba29 | 1448 | x509->authKeyIdSet = 0; |
Vanger | 0:b86d15c6ba29 | 1449 | x509->authKeyIdCrit = 0; |
Vanger | 0:b86d15c6ba29 | 1450 | x509->authKeyId = NULL; |
Vanger | 0:b86d15c6ba29 | 1451 | x509->authKeyIdSz = 0; |
Vanger | 0:b86d15c6ba29 | 1452 | x509->subjKeyIdSet = 0; |
Vanger | 0:b86d15c6ba29 | 1453 | x509->subjKeyIdCrit = 0; |
Vanger | 0:b86d15c6ba29 | 1454 | x509->subjKeyId = NULL; |
Vanger | 0:b86d15c6ba29 | 1455 | x509->subjKeyIdSz = 0; |
Vanger | 0:b86d15c6ba29 | 1456 | x509->keyUsageSet = 0; |
Vanger | 0:b86d15c6ba29 | 1457 | x509->keyUsageCrit = 0; |
Vanger | 0:b86d15c6ba29 | 1458 | x509->keyUsage = 0; |
Vanger | 0:b86d15c6ba29 | 1459 | #ifdef CYASSL_SEP |
Vanger | 0:b86d15c6ba29 | 1460 | x509->certPolicySet = 0; |
Vanger | 0:b86d15c6ba29 | 1461 | x509->certPolicyCrit = 0; |
Vanger | 0:b86d15c6ba29 | 1462 | #endif /* CYASSL_SEP */ |
Vanger | 0:b86d15c6ba29 | 1463 | #endif /* OPENSSL_EXTRA */ |
Vanger | 0:b86d15c6ba29 | 1464 | } |
Vanger | 0:b86d15c6ba29 | 1465 | |
Vanger | 0:b86d15c6ba29 | 1466 | |
Vanger | 0:b86d15c6ba29 | 1467 | /* Free CyaSSL X509 type */ |
Vanger | 0:b86d15c6ba29 | 1468 | void FreeX509(CYASSL_X509* x509) |
Vanger | 0:b86d15c6ba29 | 1469 | { |
Vanger | 0:b86d15c6ba29 | 1470 | if (x509 == NULL) |
Vanger | 0:b86d15c6ba29 | 1471 | return; |
Vanger | 0:b86d15c6ba29 | 1472 | |
Vanger | 0:b86d15c6ba29 | 1473 | FreeX509Name(&x509->issuer); |
Vanger | 0:b86d15c6ba29 | 1474 | FreeX509Name(&x509->subject); |
Vanger | 0:b86d15c6ba29 | 1475 | if (x509->pubKey.buffer) |
Vanger | 0:b86d15c6ba29 | 1476 | XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY); |
Vanger | 0:b86d15c6ba29 | 1477 | XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN); |
Vanger | 0:b86d15c6ba29 | 1478 | XFREE(x509->sig.buffer, NULL, DYNAMIC_TYPE_SIGNATURE); |
Vanger | 0:b86d15c6ba29 | 1479 | #ifdef OPENSSL_EXTRA |
Vanger | 0:b86d15c6ba29 | 1480 | XFREE(x509->authKeyId, NULL, 0); |
Vanger | 0:b86d15c6ba29 | 1481 | XFREE(x509->subjKeyId, NULL, 0); |
Vanger | 0:b86d15c6ba29 | 1482 | #endif /* OPENSSL_EXTRA */ |
Vanger | 0:b86d15c6ba29 | 1483 | if (x509->altNames) |
Vanger | 0:b86d15c6ba29 | 1484 | FreeAltNames(x509->altNames, NULL); |
Vanger | 0:b86d15c6ba29 | 1485 | if (x509->dynamicMemory) |
Vanger | 0:b86d15c6ba29 | 1486 | XFREE(x509, NULL, DYNAMIC_TYPE_X509); |
Vanger | 0:b86d15c6ba29 | 1487 | } |
Vanger | 0:b86d15c6ba29 | 1488 | |
Vanger | 0:b86d15c6ba29 | 1489 | #endif /* NO_CERTS */ |
Vanger | 0:b86d15c6ba29 | 1490 | |
Vanger | 0:b86d15c6ba29 | 1491 | |
Vanger | 0:b86d15c6ba29 | 1492 | /* init everything to 0, NULL, default values before calling anything that may |
Vanger | 0:b86d15c6ba29 | 1493 | fail so that desctructor has a "good" state to cleanup */ |
Vanger | 0:b86d15c6ba29 | 1494 | int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) |
Vanger | 0:b86d15c6ba29 | 1495 | { |
Vanger | 0:b86d15c6ba29 | 1496 | int ret; |
Vanger | 0:b86d15c6ba29 | 1497 | byte haveRSA = 0; |
Vanger | 0:b86d15c6ba29 | 1498 | byte havePSK = 0; |
Vanger | 0:b86d15c6ba29 | 1499 | byte haveAnon = 0; |
Vanger | 0:b86d15c6ba29 | 1500 | |
Vanger | 0:b86d15c6ba29 | 1501 | ssl->ctx = ctx; /* only for passing to calls, options could change */ |
Vanger | 0:b86d15c6ba29 | 1502 | ssl->version = ctx->method->version; |
Vanger | 0:b86d15c6ba29 | 1503 | ssl->suites = NULL; |
Vanger | 0:b86d15c6ba29 | 1504 | |
Vanger | 0:b86d15c6ba29 | 1505 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 1506 | ssl->didStreamInit = 0; |
Vanger | 0:b86d15c6ba29 | 1507 | #endif |
Vanger | 0:b86d15c6ba29 | 1508 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 1509 | haveRSA = 1; |
Vanger | 0:b86d15c6ba29 | 1510 | #endif |
Vanger | 0:b86d15c6ba29 | 1511 | |
Vanger | 0:b86d15c6ba29 | 1512 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 1513 | ssl->buffers.certificate.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1514 | ssl->buffers.key.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1515 | ssl->buffers.certChain.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1516 | #endif |
Vanger | 0:b86d15c6ba29 | 1517 | ssl->buffers.inputBuffer.length = 0; |
Vanger | 0:b86d15c6ba29 | 1518 | ssl->buffers.inputBuffer.idx = 0; |
Vanger | 0:b86d15c6ba29 | 1519 | ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; |
Vanger | 0:b86d15c6ba29 | 1520 | ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN; |
Vanger | 0:b86d15c6ba29 | 1521 | ssl->buffers.inputBuffer.dynamicFlag = 0; |
Vanger | 0:b86d15c6ba29 | 1522 | ssl->buffers.inputBuffer.offset = 0; |
Vanger | 0:b86d15c6ba29 | 1523 | ssl->buffers.outputBuffer.length = 0; |
Vanger | 0:b86d15c6ba29 | 1524 | ssl->buffers.outputBuffer.idx = 0; |
Vanger | 0:b86d15c6ba29 | 1525 | ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; |
Vanger | 0:b86d15c6ba29 | 1526 | ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; |
Vanger | 0:b86d15c6ba29 | 1527 | ssl->buffers.outputBuffer.dynamicFlag = 0; |
Vanger | 0:b86d15c6ba29 | 1528 | ssl->buffers.outputBuffer.offset = 0; |
Vanger | 0:b86d15c6ba29 | 1529 | ssl->buffers.domainName.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1530 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 1531 | ssl->buffers.serverDH_P.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1532 | ssl->buffers.serverDH_G.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1533 | ssl->buffers.serverDH_Pub.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1534 | ssl->buffers.serverDH_Priv.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1535 | #endif |
Vanger | 0:b86d15c6ba29 | 1536 | ssl->buffers.clearOutputBuffer.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1537 | ssl->buffers.clearOutputBuffer.length = 0; |
Vanger | 0:b86d15c6ba29 | 1538 | ssl->buffers.prevSent = 0; |
Vanger | 0:b86d15c6ba29 | 1539 | ssl->buffers.plainSz = 0; |
Vanger | 0:b86d15c6ba29 | 1540 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 1541 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 1542 | ssl->buffers.peerEccDsaKey.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1543 | ssl->buffers.peerEccDsaKey.length = 0; |
Vanger | 0:b86d15c6ba29 | 1544 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 1545 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 1546 | ssl->buffers.peerRsaKey.buffer = 0; |
Vanger | 0:b86d15c6ba29 | 1547 | ssl->buffers.peerRsaKey.length = 0; |
Vanger | 0:b86d15c6ba29 | 1548 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 1549 | #endif /* HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 1550 | |
Vanger | 0:b86d15c6ba29 | 1551 | #ifdef KEEP_PEER_CERT |
Vanger | 0:b86d15c6ba29 | 1552 | InitX509(&ssl->peerCert, 0); |
Vanger | 0:b86d15c6ba29 | 1553 | #endif |
Vanger | 0:b86d15c6ba29 | 1554 | |
Vanger | 0:b86d15c6ba29 | 1555 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 1556 | ssl->eccTempKeySz = ctx->eccTempKeySz; |
Vanger | 0:b86d15c6ba29 | 1557 | ssl->pkCurveOID = ctx->pkCurveOID; |
Vanger | 0:b86d15c6ba29 | 1558 | ssl->peerEccKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 1559 | ssl->peerEccDsaKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 1560 | ssl->eccDsaKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 1561 | ssl->eccTempKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 1562 | ssl->peerEccKey = NULL; |
Vanger | 0:b86d15c6ba29 | 1563 | ssl->peerEccDsaKey = NULL; |
Vanger | 0:b86d15c6ba29 | 1564 | ssl->eccDsaKey = NULL; |
Vanger | 0:b86d15c6ba29 | 1565 | ssl->eccTempKey = NULL; |
Vanger | 0:b86d15c6ba29 | 1566 | #endif |
Vanger | 0:b86d15c6ba29 | 1567 | |
Vanger | 0:b86d15c6ba29 | 1568 | ssl->timeout = ctx->timeout; |
Vanger | 0:b86d15c6ba29 | 1569 | ssl->rfd = -1; /* set to invalid descriptor */ |
Vanger | 0:b86d15c6ba29 | 1570 | ssl->wfd = -1; |
Vanger | 0:b86d15c6ba29 | 1571 | ssl->rflags = 0; /* no user flags yet */ |
Vanger | 0:b86d15c6ba29 | 1572 | ssl->wflags = 0; /* no user flags yet */ |
Vanger | 0:b86d15c6ba29 | 1573 | ssl->biord = 0; |
Vanger | 0:b86d15c6ba29 | 1574 | ssl->biowr = 0; |
Vanger | 0:b86d15c6ba29 | 1575 | |
Vanger | 0:b86d15c6ba29 | 1576 | ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */ |
Vanger | 0:b86d15c6ba29 | 1577 | ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */ |
Vanger | 0:b86d15c6ba29 | 1578 | #ifdef HAVE_NETX |
Vanger | 0:b86d15c6ba29 | 1579 | ssl->nxCtx.nxSocket = NULL; |
Vanger | 0:b86d15c6ba29 | 1580 | ssl->nxCtx.nxPacket = NULL; |
Vanger | 0:b86d15c6ba29 | 1581 | ssl->nxCtx.nxOffset = 0; |
Vanger | 0:b86d15c6ba29 | 1582 | ssl->nxCtx.nxWait = 0; |
Vanger | 0:b86d15c6ba29 | 1583 | ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */ |
Vanger | 0:b86d15c6ba29 | 1584 | ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */ |
Vanger | 0:b86d15c6ba29 | 1585 | #endif |
Vanger | 0:b86d15c6ba29 | 1586 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 1587 | ssl->IOCB_CookieCtx = NULL; /* we don't use for default cb */ |
Vanger | 0:b86d15c6ba29 | 1588 | ssl->dtls_expected_rx = MAX_MTU; |
Vanger | 0:b86d15c6ba29 | 1589 | ssl->keys.dtls_state.window = 0; |
Vanger | 0:b86d15c6ba29 | 1590 | ssl->keys.dtls_state.nextEpoch = 0; |
Vanger | 0:b86d15c6ba29 | 1591 | ssl->keys.dtls_state.nextSeq = 0; |
Vanger | 0:b86d15c6ba29 | 1592 | #endif |
Vanger | 0:b86d15c6ba29 | 1593 | |
Vanger | 0:b86d15c6ba29 | 1594 | XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); |
Vanger | 0:b86d15c6ba29 | 1595 | |
Vanger | 0:b86d15c6ba29 | 1596 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 1597 | ssl->peerRsaKey = NULL; |
Vanger | 0:b86d15c6ba29 | 1598 | ssl->peerRsaKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 1599 | #endif |
Vanger | 0:b86d15c6ba29 | 1600 | ssl->verifyCallback = ctx->verifyCallback; |
Vanger | 0:b86d15c6ba29 | 1601 | ssl->verifyCbCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1602 | ssl->options.side = ctx->method->side; |
Vanger | 0:b86d15c6ba29 | 1603 | ssl->options.downgrade = ctx->method->downgrade; |
Vanger | 0:b86d15c6ba29 | 1604 | ssl->options.minDowngrade = TLSv1_MINOR; /* current default */ |
Vanger | 0:b86d15c6ba29 | 1605 | ssl->error = 0; |
Vanger | 0:b86d15c6ba29 | 1606 | ssl->options.connReset = 0; |
Vanger | 0:b86d15c6ba29 | 1607 | ssl->options.isClosed = 0; |
Vanger | 0:b86d15c6ba29 | 1608 | ssl->options.closeNotify = 0; |
Vanger | 0:b86d15c6ba29 | 1609 | ssl->options.sentNotify = 0; |
Vanger | 0:b86d15c6ba29 | 1610 | ssl->options.usingCompression = 0; |
Vanger | 0:b86d15c6ba29 | 1611 | if (ssl->options.side == CYASSL_SERVER_END) |
Vanger | 0:b86d15c6ba29 | 1612 | ssl->options.haveDH = ctx->haveDH; |
Vanger | 0:b86d15c6ba29 | 1613 | else |
Vanger | 0:b86d15c6ba29 | 1614 | ssl->options.haveDH = 0; |
Vanger | 0:b86d15c6ba29 | 1615 | ssl->options.haveNTRU = ctx->haveNTRU; |
Vanger | 0:b86d15c6ba29 | 1616 | ssl->options.haveECDSAsig = ctx->haveECDSAsig; |
Vanger | 0:b86d15c6ba29 | 1617 | ssl->options.haveStaticECC = ctx->haveStaticECC; |
Vanger | 0:b86d15c6ba29 | 1618 | ssl->options.havePeerCert = 0; |
Vanger | 0:b86d15c6ba29 | 1619 | ssl->options.havePeerVerify = 0; |
Vanger | 0:b86d15c6ba29 | 1620 | ssl->options.usingPSK_cipher = 0; |
Vanger | 0:b86d15c6ba29 | 1621 | ssl->options.usingAnon_cipher = 0; |
Vanger | 0:b86d15c6ba29 | 1622 | ssl->options.sendAlertState = 0; |
Vanger | 0:b86d15c6ba29 | 1623 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 1624 | havePSK = ctx->havePSK; |
Vanger | 0:b86d15c6ba29 | 1625 | ssl->options.havePSK = ctx->havePSK; |
Vanger | 0:b86d15c6ba29 | 1626 | ssl->options.client_psk_cb = ctx->client_psk_cb; |
Vanger | 0:b86d15c6ba29 | 1627 | ssl->options.server_psk_cb = ctx->server_psk_cb; |
Vanger | 0:b86d15c6ba29 | 1628 | #endif /* NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 1629 | #ifdef HAVE_ANON |
Vanger | 0:b86d15c6ba29 | 1630 | haveAnon = ctx->haveAnon; |
Vanger | 0:b86d15c6ba29 | 1631 | ssl->options.haveAnon = ctx->haveAnon; |
Vanger | 0:b86d15c6ba29 | 1632 | #endif |
Vanger | 0:b86d15c6ba29 | 1633 | |
Vanger | 0:b86d15c6ba29 | 1634 | ssl->options.serverState = NULL_STATE; |
Vanger | 0:b86d15c6ba29 | 1635 | ssl->options.clientState = NULL_STATE; |
Vanger | 0:b86d15c6ba29 | 1636 | ssl->options.connectState = CONNECT_BEGIN; |
Vanger | 0:b86d15c6ba29 | 1637 | ssl->options.acceptState = ACCEPT_BEGIN; |
Vanger | 0:b86d15c6ba29 | 1638 | ssl->options.handShakeState = NULL_STATE; |
Vanger | 0:b86d15c6ba29 | 1639 | ssl->options.handShakeDone = 0; |
Vanger | 0:b86d15c6ba29 | 1640 | ssl->options.processReply = doProcessInit; |
Vanger | 0:b86d15c6ba29 | 1641 | |
Vanger | 0:b86d15c6ba29 | 1642 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 1643 | ssl->keys.dtls_sequence_number = 0; |
Vanger | 0:b86d15c6ba29 | 1644 | ssl->keys.dtls_state.curSeq = 0; |
Vanger | 0:b86d15c6ba29 | 1645 | ssl->keys.dtls_state.nextSeq = 0; |
Vanger | 0:b86d15c6ba29 | 1646 | ssl->keys.dtls_handshake_number = 0; |
Vanger | 0:b86d15c6ba29 | 1647 | ssl->keys.dtls_expected_peer_handshake_number = 0; |
Vanger | 0:b86d15c6ba29 | 1648 | ssl->keys.dtls_epoch = 0; |
Vanger | 0:b86d15c6ba29 | 1649 | ssl->keys.dtls_state.curEpoch = 0; |
Vanger | 0:b86d15c6ba29 | 1650 | ssl->keys.dtls_state.nextEpoch = 0; |
Vanger | 0:b86d15c6ba29 | 1651 | ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT; |
Vanger | 0:b86d15c6ba29 | 1652 | ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX; |
Vanger | 0:b86d15c6ba29 | 1653 | ssl->dtls_timeout = ssl->dtls_timeout_init; |
Vanger | 0:b86d15c6ba29 | 1654 | ssl->dtls_pool = NULL; |
Vanger | 0:b86d15c6ba29 | 1655 | ssl->dtls_msg_list = NULL; |
Vanger | 0:b86d15c6ba29 | 1656 | #endif |
Vanger | 0:b86d15c6ba29 | 1657 | ssl->keys.encryptSz = 0; |
Vanger | 0:b86d15c6ba29 | 1658 | ssl->keys.padSz = 0; |
Vanger | 0:b86d15c6ba29 | 1659 | ssl->keys.encryptionOn = 0; /* initially off */ |
Vanger | 0:b86d15c6ba29 | 1660 | ssl->keys.decryptedCur = 0; /* initially off */ |
Vanger | 0:b86d15c6ba29 | 1661 | ssl->options.sessionCacheOff = ctx->sessionCacheOff; |
Vanger | 0:b86d15c6ba29 | 1662 | ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff; |
Vanger | 0:b86d15c6ba29 | 1663 | |
Vanger | 0:b86d15c6ba29 | 1664 | ssl->options.verifyPeer = ctx->verifyPeer; |
Vanger | 0:b86d15c6ba29 | 1665 | ssl->options.verifyNone = ctx->verifyNone; |
Vanger | 0:b86d15c6ba29 | 1666 | ssl->options.failNoCert = ctx->failNoCert; |
Vanger | 0:b86d15c6ba29 | 1667 | ssl->options.sendVerify = ctx->sendVerify; |
Vanger | 0:b86d15c6ba29 | 1668 | |
Vanger | 0:b86d15c6ba29 | 1669 | ssl->options.resuming = 0; |
Vanger | 0:b86d15c6ba29 | 1670 | ssl->options.haveSessionId = 0; |
Vanger | 0:b86d15c6ba29 | 1671 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 1672 | ssl->hmac = SSL_hmac; /* default to SSLv3 */ |
Vanger | 0:b86d15c6ba29 | 1673 | #else |
Vanger | 0:b86d15c6ba29 | 1674 | ssl->hmac = TLS_hmac; |
Vanger | 0:b86d15c6ba29 | 1675 | #endif |
Vanger | 0:b86d15c6ba29 | 1676 | ssl->heap = ctx->heap; /* defaults to self */ |
Vanger | 0:b86d15c6ba29 | 1677 | ssl->options.tls = 0; |
Vanger | 0:b86d15c6ba29 | 1678 | ssl->options.tls1_1 = 0; |
Vanger | 0:b86d15c6ba29 | 1679 | ssl->options.dtls = ssl->version.major == DTLS_MAJOR; |
Vanger | 0:b86d15c6ba29 | 1680 | ssl->options.partialWrite = ctx->partialWrite; |
Vanger | 0:b86d15c6ba29 | 1681 | ssl->options.quietShutdown = ctx->quietShutdown; |
Vanger | 0:b86d15c6ba29 | 1682 | ssl->options.certOnly = 0; |
Vanger | 0:b86d15c6ba29 | 1683 | ssl->options.groupMessages = ctx->groupMessages; |
Vanger | 0:b86d15c6ba29 | 1684 | ssl->options.usingNonblock = 0; |
Vanger | 0:b86d15c6ba29 | 1685 | ssl->options.saveArrays = 0; |
Vanger | 0:b86d15c6ba29 | 1686 | #ifdef HAVE_POLY1305 |
Vanger | 0:b86d15c6ba29 | 1687 | ssl->options.oldPoly = 0; |
Vanger | 0:b86d15c6ba29 | 1688 | #endif |
Vanger | 0:b86d15c6ba29 | 1689 | |
Vanger | 0:b86d15c6ba29 | 1690 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 1691 | /* ctx still owns certificate, certChain, key, dh, and cm */ |
Vanger | 0:b86d15c6ba29 | 1692 | ssl->buffers.certificate = ctx->certificate; |
Vanger | 0:b86d15c6ba29 | 1693 | ssl->buffers.certChain = ctx->certChain; |
Vanger | 0:b86d15c6ba29 | 1694 | ssl->buffers.key = ctx->privateKey; |
Vanger | 0:b86d15c6ba29 | 1695 | if (ssl->options.side == CYASSL_SERVER_END) { |
Vanger | 0:b86d15c6ba29 | 1696 | ssl->buffers.serverDH_P = ctx->serverDH_P; |
Vanger | 0:b86d15c6ba29 | 1697 | ssl->buffers.serverDH_G = ctx->serverDH_G; |
Vanger | 0:b86d15c6ba29 | 1698 | } |
Vanger | 0:b86d15c6ba29 | 1699 | #endif |
Vanger | 0:b86d15c6ba29 | 1700 | ssl->buffers.weOwnCert = 0; |
Vanger | 0:b86d15c6ba29 | 1701 | ssl->buffers.weOwnCertChain = 0; |
Vanger | 0:b86d15c6ba29 | 1702 | ssl->buffers.weOwnKey = 0; |
Vanger | 0:b86d15c6ba29 | 1703 | ssl->buffers.weOwnDH = 0; |
Vanger | 0:b86d15c6ba29 | 1704 | |
Vanger | 0:b86d15c6ba29 | 1705 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 1706 | ssl->buffers.dtlsCtx.fd = -1; |
Vanger | 0:b86d15c6ba29 | 1707 | ssl->buffers.dtlsCtx.peer.sa = NULL; |
Vanger | 0:b86d15c6ba29 | 1708 | ssl->buffers.dtlsCtx.peer.sz = 0; |
Vanger | 0:b86d15c6ba29 | 1709 | #endif |
Vanger | 0:b86d15c6ba29 | 1710 | |
Vanger | 0:b86d15c6ba29 | 1711 | #ifdef KEEP_PEER_CERT |
Vanger | 0:b86d15c6ba29 | 1712 | ssl->peerCert.issuer.sz = 0; |
Vanger | 0:b86d15c6ba29 | 1713 | ssl->peerCert.subject.sz = 0; |
Vanger | 0:b86d15c6ba29 | 1714 | #endif |
Vanger | 0:b86d15c6ba29 | 1715 | |
Vanger | 0:b86d15c6ba29 | 1716 | #ifdef SESSION_CERTS |
Vanger | 0:b86d15c6ba29 | 1717 | ssl->session.chain.count = 0; |
Vanger | 0:b86d15c6ba29 | 1718 | #endif |
Vanger | 0:b86d15c6ba29 | 1719 | |
Vanger | 0:b86d15c6ba29 | 1720 | #ifndef NO_CLIENT_CACHE |
Vanger | 0:b86d15c6ba29 | 1721 | ssl->session.idLen = 0; |
Vanger | 0:b86d15c6ba29 | 1722 | #endif |
Vanger | 0:b86d15c6ba29 | 1723 | |
Vanger | 0:b86d15c6ba29 | 1724 | #ifdef HAVE_SESSION_TICKET |
Vanger | 0:b86d15c6ba29 | 1725 | ssl->session.ticketLen = 0; |
Vanger | 0:b86d15c6ba29 | 1726 | #endif |
Vanger | 0:b86d15c6ba29 | 1727 | |
Vanger | 0:b86d15c6ba29 | 1728 | ssl->cipher.ssl = ssl; |
Vanger | 0:b86d15c6ba29 | 1729 | |
Vanger | 0:b86d15c6ba29 | 1730 | #ifdef FORTRESS |
Vanger | 0:b86d15c6ba29 | 1731 | ssl->ex_data[0] = 0; |
Vanger | 0:b86d15c6ba29 | 1732 | ssl->ex_data[1] = 0; |
Vanger | 0:b86d15c6ba29 | 1733 | ssl->ex_data[2] = 0; |
Vanger | 0:b86d15c6ba29 | 1734 | #endif |
Vanger | 0:b86d15c6ba29 | 1735 | |
Vanger | 0:b86d15c6ba29 | 1736 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 1737 | ssl->hsInfoOn = 0; |
Vanger | 0:b86d15c6ba29 | 1738 | ssl->toInfoOn = 0; |
Vanger | 0:b86d15c6ba29 | 1739 | #endif |
Vanger | 0:b86d15c6ba29 | 1740 | |
Vanger | 0:b86d15c6ba29 | 1741 | #ifdef HAVE_CAVIUM |
Vanger | 0:b86d15c6ba29 | 1742 | ssl->devId = ctx->devId; |
Vanger | 0:b86d15c6ba29 | 1743 | #endif |
Vanger | 0:b86d15c6ba29 | 1744 | |
Vanger | 0:b86d15c6ba29 | 1745 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 1746 | ssl->extensions = NULL; |
Vanger | 0:b86d15c6ba29 | 1747 | #ifdef HAVE_MAX_FRAGMENT |
Vanger | 0:b86d15c6ba29 | 1748 | ssl->max_fragment = MAX_RECORD_SIZE; |
Vanger | 0:b86d15c6ba29 | 1749 | #endif |
Vanger | 0:b86d15c6ba29 | 1750 | #ifdef HAVE_TRUNCATED_HMAC |
Vanger | 0:b86d15c6ba29 | 1751 | ssl->truncated_hmac = 0; |
Vanger | 0:b86d15c6ba29 | 1752 | #endif |
Vanger | 0:b86d15c6ba29 | 1753 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 1754 | ssl->secure_renegotiation = NULL; |
Vanger | 0:b86d15c6ba29 | 1755 | #endif |
Vanger | 0:b86d15c6ba29 | 1756 | #if !defined(NO_CYASSL_CLIENT) && defined(HAVE_SESSION_TICKET) |
Vanger | 0:b86d15c6ba29 | 1757 | ssl->session_ticket_cb = NULL; |
Vanger | 0:b86d15c6ba29 | 1758 | ssl->session_ticket_ctx = NULL; |
Vanger | 0:b86d15c6ba29 | 1759 | ssl->expect_session_ticket = 0; |
Vanger | 0:b86d15c6ba29 | 1760 | #endif |
Vanger | 0:b86d15c6ba29 | 1761 | #endif |
Vanger | 0:b86d15c6ba29 | 1762 | |
Vanger | 0:b86d15c6ba29 | 1763 | ssl->rng = NULL; |
Vanger | 0:b86d15c6ba29 | 1764 | ssl->arrays = NULL; |
Vanger | 0:b86d15c6ba29 | 1765 | |
Vanger | 0:b86d15c6ba29 | 1766 | /* default alert state (none) */ |
Vanger | 0:b86d15c6ba29 | 1767 | ssl->alert_history.last_rx.code = -1; |
Vanger | 0:b86d15c6ba29 | 1768 | ssl->alert_history.last_rx.level = -1; |
Vanger | 0:b86d15c6ba29 | 1769 | ssl->alert_history.last_tx.code = -1; |
Vanger | 0:b86d15c6ba29 | 1770 | ssl->alert_history.last_tx.level = -1; |
Vanger | 0:b86d15c6ba29 | 1771 | |
Vanger | 0:b86d15c6ba29 | 1772 | InitCiphers(ssl); |
Vanger | 0:b86d15c6ba29 | 1773 | InitCipherSpecs(&ssl->specs); |
Vanger | 0:b86d15c6ba29 | 1774 | #ifdef ATOMIC_USER |
Vanger | 0:b86d15c6ba29 | 1775 | ssl->MacEncryptCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1776 | ssl->DecryptVerifyCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1777 | #endif |
Vanger | 0:b86d15c6ba29 | 1778 | #ifdef HAVE_FUZZER |
Vanger | 0:b86d15c6ba29 | 1779 | ssl->fuzzerCb = NULL; |
Vanger | 0:b86d15c6ba29 | 1780 | ssl->fuzzerCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1781 | #endif |
Vanger | 0:b86d15c6ba29 | 1782 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 1783 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 1784 | ssl->EccSignCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1785 | ssl->EccVerifyCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1786 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 1787 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 1788 | ssl->RsaSignCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1789 | ssl->RsaVerifyCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1790 | ssl->RsaEncCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1791 | ssl->RsaDecCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1792 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 1793 | #endif /* HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 1794 | |
Vanger | 0:b86d15c6ba29 | 1795 | /* all done with init, now can return errors, call other stuff */ |
Vanger | 0:b86d15c6ba29 | 1796 | |
Vanger | 0:b86d15c6ba29 | 1797 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 1798 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 1799 | InitMd5(&ssl->hashMd5); |
Vanger | 0:b86d15c6ba29 | 1800 | #endif |
Vanger | 0:b86d15c6ba29 | 1801 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 1802 | ret = InitSha(&ssl->hashSha); |
Vanger | 0:b86d15c6ba29 | 1803 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 1804 | return ret; |
Vanger | 0:b86d15c6ba29 | 1805 | } |
Vanger | 0:b86d15c6ba29 | 1806 | #endif |
Vanger | 0:b86d15c6ba29 | 1807 | #endif |
Vanger | 0:b86d15c6ba29 | 1808 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 1809 | ret = InitSha256(&ssl->hashSha256); |
Vanger | 0:b86d15c6ba29 | 1810 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 1811 | return ret; |
Vanger | 0:b86d15c6ba29 | 1812 | } |
Vanger | 0:b86d15c6ba29 | 1813 | #endif |
Vanger | 0:b86d15c6ba29 | 1814 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 1815 | ret = InitSha384(&ssl->hashSha384); |
Vanger | 0:b86d15c6ba29 | 1816 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 1817 | return ret; |
Vanger | 0:b86d15c6ba29 | 1818 | } |
Vanger | 0:b86d15c6ba29 | 1819 | #endif |
Vanger | 0:b86d15c6ba29 | 1820 | |
Vanger | 0:b86d15c6ba29 | 1821 | /* increment CTX reference count */ |
Vanger | 0:b86d15c6ba29 | 1822 | if (LockMutex(&ctx->countMutex) != 0) { |
Vanger | 0:b86d15c6ba29 | 1823 | CYASSL_MSG("Couldn't lock CTX count mutex"); |
Vanger | 0:b86d15c6ba29 | 1824 | return BAD_MUTEX_E; |
Vanger | 0:b86d15c6ba29 | 1825 | } |
Vanger | 0:b86d15c6ba29 | 1826 | ctx->refCount++; |
Vanger | 0:b86d15c6ba29 | 1827 | UnLockMutex(&ctx->countMutex); |
Vanger | 0:b86d15c6ba29 | 1828 | |
Vanger | 0:b86d15c6ba29 | 1829 | /* arrays */ |
Vanger | 0:b86d15c6ba29 | 1830 | ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap, |
Vanger | 0:b86d15c6ba29 | 1831 | DYNAMIC_TYPE_ARRAYS); |
Vanger | 0:b86d15c6ba29 | 1832 | if (ssl->arrays == NULL) { |
Vanger | 0:b86d15c6ba29 | 1833 | CYASSL_MSG("Arrays Memory error"); |
Vanger | 0:b86d15c6ba29 | 1834 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 1835 | } |
Vanger | 0:b86d15c6ba29 | 1836 | XMEMSET(ssl->arrays, 0, sizeof(Arrays)); |
Vanger | 0:b86d15c6ba29 | 1837 | |
Vanger | 0:b86d15c6ba29 | 1838 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 1839 | ssl->arrays->client_identity[0] = 0; |
Vanger | 0:b86d15c6ba29 | 1840 | if (ctx->server_hint[0]) { /* set in CTX */ |
Vanger | 0:b86d15c6ba29 | 1841 | XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint, MAX_PSK_ID_LEN); |
Vanger | 0:b86d15c6ba29 | 1842 | ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0'; |
Vanger | 0:b86d15c6ba29 | 1843 | } |
Vanger | 0:b86d15c6ba29 | 1844 | else |
Vanger | 0:b86d15c6ba29 | 1845 | ssl->arrays->server_hint[0] = 0; |
Vanger | 0:b86d15c6ba29 | 1846 | #endif /* NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 1847 | |
Vanger | 0:b86d15c6ba29 | 1848 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 1849 | ssl->arrays->cookieSz = 0; |
Vanger | 0:b86d15c6ba29 | 1850 | #endif |
Vanger | 0:b86d15c6ba29 | 1851 | |
Vanger | 0:b86d15c6ba29 | 1852 | /* RNG */ |
Vanger | 0:b86d15c6ba29 | 1853 | ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG); |
Vanger | 0:b86d15c6ba29 | 1854 | if (ssl->rng == NULL) { |
Vanger | 0:b86d15c6ba29 | 1855 | CYASSL_MSG("RNG Memory error"); |
Vanger | 0:b86d15c6ba29 | 1856 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 1857 | } |
Vanger | 0:b86d15c6ba29 | 1858 | |
Vanger | 0:b86d15c6ba29 | 1859 | if ( (ret = InitRng(ssl->rng)) != 0) { |
Vanger | 0:b86d15c6ba29 | 1860 | CYASSL_MSG("RNG Init error"); |
Vanger | 0:b86d15c6ba29 | 1861 | return ret; |
Vanger | 0:b86d15c6ba29 | 1862 | } |
Vanger | 0:b86d15c6ba29 | 1863 | |
Vanger | 0:b86d15c6ba29 | 1864 | /* suites */ |
Vanger | 0:b86d15c6ba29 | 1865 | ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, |
Vanger | 0:b86d15c6ba29 | 1866 | DYNAMIC_TYPE_SUITES); |
Vanger | 0:b86d15c6ba29 | 1867 | if (ssl->suites == NULL) { |
Vanger | 0:b86d15c6ba29 | 1868 | CYASSL_MSG("Suites Memory error"); |
Vanger | 0:b86d15c6ba29 | 1869 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 1870 | } |
Vanger | 0:b86d15c6ba29 | 1871 | *ssl->suites = ctx->suites; |
Vanger | 0:b86d15c6ba29 | 1872 | |
Vanger | 0:b86d15c6ba29 | 1873 | /* peer key */ |
Vanger | 0:b86d15c6ba29 | 1874 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 1875 | ssl->peerRsaKey = (RsaKey*)XMALLOC(sizeof(RsaKey), ssl->heap, |
Vanger | 0:b86d15c6ba29 | 1876 | DYNAMIC_TYPE_RSA); |
Vanger | 0:b86d15c6ba29 | 1877 | if (ssl->peerRsaKey == NULL) { |
Vanger | 0:b86d15c6ba29 | 1878 | CYASSL_MSG("PeerRsaKey Memory error"); |
Vanger | 0:b86d15c6ba29 | 1879 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 1880 | } |
Vanger | 0:b86d15c6ba29 | 1881 | ret = InitRsaKey(ssl->peerRsaKey, ctx->heap); |
Vanger | 0:b86d15c6ba29 | 1882 | if (ret != 0) return ret; |
Vanger | 0:b86d15c6ba29 | 1883 | #endif |
Vanger | 0:b86d15c6ba29 | 1884 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 1885 | /* make sure server has cert and key unless using PSK or Anon */ |
Vanger | 0:b86d15c6ba29 | 1886 | if (ssl->options.side == CYASSL_SERVER_END && !havePSK && !haveAnon) |
Vanger | 0:b86d15c6ba29 | 1887 | if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) { |
Vanger | 0:b86d15c6ba29 | 1888 | CYASSL_MSG("Server missing certificate and/or private key"); |
Vanger | 0:b86d15c6ba29 | 1889 | return NO_PRIVATE_KEY; |
Vanger | 0:b86d15c6ba29 | 1890 | } |
Vanger | 0:b86d15c6ba29 | 1891 | #endif |
Vanger | 0:b86d15c6ba29 | 1892 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 1893 | ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), |
Vanger | 0:b86d15c6ba29 | 1894 | ctx->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 1895 | if (ssl->peerEccKey == NULL) { |
Vanger | 0:b86d15c6ba29 | 1896 | CYASSL_MSG("PeerEccKey Memory error"); |
Vanger | 0:b86d15c6ba29 | 1897 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 1898 | } |
Vanger | 0:b86d15c6ba29 | 1899 | ssl->peerEccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key), |
Vanger | 0:b86d15c6ba29 | 1900 | ctx->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 1901 | if (ssl->peerEccDsaKey == NULL) { |
Vanger | 0:b86d15c6ba29 | 1902 | CYASSL_MSG("PeerEccDsaKey Memory error"); |
Vanger | 0:b86d15c6ba29 | 1903 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 1904 | } |
Vanger | 0:b86d15c6ba29 | 1905 | ssl->eccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key), |
Vanger | 0:b86d15c6ba29 | 1906 | ctx->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 1907 | if (ssl->eccDsaKey == NULL) { |
Vanger | 0:b86d15c6ba29 | 1908 | CYASSL_MSG("EccDsaKey Memory error"); |
Vanger | 0:b86d15c6ba29 | 1909 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 1910 | } |
Vanger | 0:b86d15c6ba29 | 1911 | ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key), |
Vanger | 0:b86d15c6ba29 | 1912 | ctx->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 1913 | if (ssl->eccTempKey == NULL) { |
Vanger | 0:b86d15c6ba29 | 1914 | CYASSL_MSG("EccTempKey Memory error"); |
Vanger | 0:b86d15c6ba29 | 1915 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 1916 | } |
Vanger | 0:b86d15c6ba29 | 1917 | ecc_init(ssl->peerEccKey); |
Vanger | 0:b86d15c6ba29 | 1918 | ecc_init(ssl->peerEccDsaKey); |
Vanger | 0:b86d15c6ba29 | 1919 | ecc_init(ssl->eccDsaKey); |
Vanger | 0:b86d15c6ba29 | 1920 | ecc_init(ssl->eccTempKey); |
Vanger | 0:b86d15c6ba29 | 1921 | #endif |
Vanger | 0:b86d15c6ba29 | 1922 | #ifdef HAVE_SECRET_CALLBACK |
Vanger | 0:b86d15c6ba29 | 1923 | ssl->sessionSecretCb = NULL; |
Vanger | 0:b86d15c6ba29 | 1924 | ssl->sessionSecretCtx = NULL; |
Vanger | 0:b86d15c6ba29 | 1925 | #endif |
Vanger | 0:b86d15c6ba29 | 1926 | |
Vanger | 0:b86d15c6ba29 | 1927 | /* make sure server has DH parms, and add PSK if there, add NTRU too */ |
Vanger | 0:b86d15c6ba29 | 1928 | if (ssl->options.side == CYASSL_SERVER_END) |
Vanger | 0:b86d15c6ba29 | 1929 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
Vanger | 0:b86d15c6ba29 | 1930 | ssl->options.haveDH, ssl->options.haveNTRU, |
Vanger | 0:b86d15c6ba29 | 1931 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
Vanger | 0:b86d15c6ba29 | 1932 | ssl->options.side); |
Vanger | 0:b86d15c6ba29 | 1933 | else |
Vanger | 0:b86d15c6ba29 | 1934 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, TRUE, |
Vanger | 0:b86d15c6ba29 | 1935 | ssl->options.haveNTRU, ssl->options.haveECDSAsig, |
Vanger | 0:b86d15c6ba29 | 1936 | ssl->options.haveStaticECC, ssl->options.side); |
Vanger | 0:b86d15c6ba29 | 1937 | |
Vanger | 0:b86d15c6ba29 | 1938 | return 0; |
Vanger | 0:b86d15c6ba29 | 1939 | } |
Vanger | 0:b86d15c6ba29 | 1940 | |
Vanger | 0:b86d15c6ba29 | 1941 | |
Vanger | 0:b86d15c6ba29 | 1942 | /* free use of temporary arrays */ |
Vanger | 0:b86d15c6ba29 | 1943 | void FreeArrays(CYASSL* ssl, int keep) |
Vanger | 0:b86d15c6ba29 | 1944 | { |
Vanger | 0:b86d15c6ba29 | 1945 | if (ssl->arrays && keep) { |
Vanger | 0:b86d15c6ba29 | 1946 | /* keeps session id for user retrieval */ |
Vanger | 0:b86d15c6ba29 | 1947 | XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN); |
Vanger | 0:b86d15c6ba29 | 1948 | ssl->session.sessionIDSz = ssl->arrays->sessionIDSz; |
Vanger | 0:b86d15c6ba29 | 1949 | } |
Vanger | 0:b86d15c6ba29 | 1950 | XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS); |
Vanger | 0:b86d15c6ba29 | 1951 | ssl->arrays = NULL; |
Vanger | 0:b86d15c6ba29 | 1952 | } |
Vanger | 0:b86d15c6ba29 | 1953 | |
Vanger | 0:b86d15c6ba29 | 1954 | |
Vanger | 0:b86d15c6ba29 | 1955 | /* In case holding SSL object in array and don't want to free actual ssl */ |
Vanger | 0:b86d15c6ba29 | 1956 | void SSL_ResourceFree(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 1957 | { |
Vanger | 0:b86d15c6ba29 | 1958 | /* Note: any resources used during the handshake should be released in the |
Vanger | 0:b86d15c6ba29 | 1959 | * function FreeHandshakeResources(). Be careful with the special cases |
Vanger | 0:b86d15c6ba29 | 1960 | * like the RNG which may optionally be kept for the whole session. (For |
Vanger | 0:b86d15c6ba29 | 1961 | * example with the RNG, it isn't used beyond the handshake except when |
Vanger | 0:b86d15c6ba29 | 1962 | * using stream ciphers where it is retained. */ |
Vanger | 0:b86d15c6ba29 | 1963 | |
Vanger | 0:b86d15c6ba29 | 1964 | FreeCiphers(ssl); |
Vanger | 0:b86d15c6ba29 | 1965 | FreeArrays(ssl, 0); |
Vanger | 0:b86d15c6ba29 | 1966 | #if defined(HAVE_HASHDRBG) || defined(NO_RC4) |
Vanger | 0:b86d15c6ba29 | 1967 | FreeRng(ssl->rng); |
Vanger | 0:b86d15c6ba29 | 1968 | #endif |
Vanger | 0:b86d15c6ba29 | 1969 | XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); |
Vanger | 0:b86d15c6ba29 | 1970 | XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); |
Vanger | 0:b86d15c6ba29 | 1971 | XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); |
Vanger | 0:b86d15c6ba29 | 1972 | |
Vanger | 0:b86d15c6ba29 | 1973 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 1974 | XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 1975 | XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 1976 | /* parameters (p,g) may be owned by ctx */ |
Vanger | 0:b86d15c6ba29 | 1977 | if (ssl->buffers.weOwnDH || ssl->options.side == CYASSL_CLIENT_END) { |
Vanger | 0:b86d15c6ba29 | 1978 | XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 1979 | XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 1980 | } |
Vanger | 0:b86d15c6ba29 | 1981 | |
Vanger | 0:b86d15c6ba29 | 1982 | if (ssl->buffers.weOwnCert) |
Vanger | 0:b86d15c6ba29 | 1983 | XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT); |
Vanger | 0:b86d15c6ba29 | 1984 | if (ssl->buffers.weOwnCertChain) |
Vanger | 0:b86d15c6ba29 | 1985 | XFREE(ssl->buffers.certChain.buffer, ssl->heap, DYNAMIC_TYPE_CERT); |
Vanger | 0:b86d15c6ba29 | 1986 | if (ssl->buffers.weOwnKey) |
Vanger | 0:b86d15c6ba29 | 1987 | XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); |
Vanger | 0:b86d15c6ba29 | 1988 | #endif |
Vanger | 0:b86d15c6ba29 | 1989 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 1990 | if (ssl->peerRsaKey) { |
Vanger | 0:b86d15c6ba29 | 1991 | FreeRsaKey(ssl->peerRsaKey); |
Vanger | 0:b86d15c6ba29 | 1992 | XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA); |
Vanger | 0:b86d15c6ba29 | 1993 | } |
Vanger | 0:b86d15c6ba29 | 1994 | #endif |
Vanger | 0:b86d15c6ba29 | 1995 | if (ssl->buffers.inputBuffer.dynamicFlag) |
Vanger | 0:b86d15c6ba29 | 1996 | ShrinkInputBuffer(ssl, FORCED_FREE); |
Vanger | 0:b86d15c6ba29 | 1997 | if (ssl->buffers.outputBuffer.dynamicFlag) |
Vanger | 0:b86d15c6ba29 | 1998 | ShrinkOutputBuffer(ssl); |
Vanger | 0:b86d15c6ba29 | 1999 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2000 | if (ssl->dtls_pool != NULL) { |
Vanger | 0:b86d15c6ba29 | 2001 | DtlsPoolReset(ssl); |
Vanger | 0:b86d15c6ba29 | 2002 | XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_NONE); |
Vanger | 0:b86d15c6ba29 | 2003 | } |
Vanger | 0:b86d15c6ba29 | 2004 | if (ssl->dtls_msg_list != NULL) { |
Vanger | 0:b86d15c6ba29 | 2005 | DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 2006 | ssl->dtls_msg_list = NULL; |
Vanger | 0:b86d15c6ba29 | 2007 | } |
Vanger | 0:b86d15c6ba29 | 2008 | XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR); |
Vanger | 0:b86d15c6ba29 | 2009 | ssl->buffers.dtlsCtx.peer.sa = NULL; |
Vanger | 0:b86d15c6ba29 | 2010 | #endif |
Vanger | 0:b86d15c6ba29 | 2011 | #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS) |
Vanger | 0:b86d15c6ba29 | 2012 | FreeX509(&ssl->peerCert); |
Vanger | 0:b86d15c6ba29 | 2013 | #endif |
Vanger | 0:b86d15c6ba29 | 2014 | #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) |
Vanger | 0:b86d15c6ba29 | 2015 | CyaSSL_BIO_free(ssl->biord); |
Vanger | 0:b86d15c6ba29 | 2016 | if (ssl->biord != ssl->biowr) /* in case same as write */ |
Vanger | 0:b86d15c6ba29 | 2017 | CyaSSL_BIO_free(ssl->biowr); |
Vanger | 0:b86d15c6ba29 | 2018 | #endif |
Vanger | 0:b86d15c6ba29 | 2019 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 2020 | FreeStreams(ssl); |
Vanger | 0:b86d15c6ba29 | 2021 | #endif |
Vanger | 0:b86d15c6ba29 | 2022 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 2023 | if (ssl->peerEccKey) { |
Vanger | 0:b86d15c6ba29 | 2024 | if (ssl->peerEccKeyPresent) |
Vanger | 0:b86d15c6ba29 | 2025 | ecc_free(ssl->peerEccKey); |
Vanger | 0:b86d15c6ba29 | 2026 | XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2027 | } |
Vanger | 0:b86d15c6ba29 | 2028 | if (ssl->peerEccDsaKey) { |
Vanger | 0:b86d15c6ba29 | 2029 | if (ssl->peerEccDsaKeyPresent) |
Vanger | 0:b86d15c6ba29 | 2030 | ecc_free(ssl->peerEccDsaKey); |
Vanger | 0:b86d15c6ba29 | 2031 | XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2032 | } |
Vanger | 0:b86d15c6ba29 | 2033 | if (ssl->eccTempKey) { |
Vanger | 0:b86d15c6ba29 | 2034 | if (ssl->eccTempKeyPresent) |
Vanger | 0:b86d15c6ba29 | 2035 | ecc_free(ssl->eccTempKey); |
Vanger | 0:b86d15c6ba29 | 2036 | XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2037 | } |
Vanger | 0:b86d15c6ba29 | 2038 | if (ssl->eccDsaKey) { |
Vanger | 0:b86d15c6ba29 | 2039 | if (ssl->eccDsaKeyPresent) |
Vanger | 0:b86d15c6ba29 | 2040 | ecc_free(ssl->eccDsaKey); |
Vanger | 0:b86d15c6ba29 | 2041 | XFREE(ssl->eccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2042 | } |
Vanger | 0:b86d15c6ba29 | 2043 | #endif |
Vanger | 0:b86d15c6ba29 | 2044 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 2045 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 2046 | XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2047 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 2048 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 2049 | XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA); |
Vanger | 0:b86d15c6ba29 | 2050 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 2051 | #endif /* HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 2052 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 2053 | TLSX_FreeAll(ssl->extensions); |
Vanger | 0:b86d15c6ba29 | 2054 | #endif |
Vanger | 0:b86d15c6ba29 | 2055 | #ifdef HAVE_NETX |
Vanger | 0:b86d15c6ba29 | 2056 | if (ssl->nxCtx.nxPacket) |
Vanger | 0:b86d15c6ba29 | 2057 | nx_packet_release(ssl->nxCtx.nxPacket); |
Vanger | 0:b86d15c6ba29 | 2058 | #endif |
Vanger | 0:b86d15c6ba29 | 2059 | } |
Vanger | 0:b86d15c6ba29 | 2060 | |
Vanger | 0:b86d15c6ba29 | 2061 | |
Vanger | 0:b86d15c6ba29 | 2062 | /* Free any handshake resources no longer needed */ |
Vanger | 0:b86d15c6ba29 | 2063 | void FreeHandshakeResources(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2064 | { |
Vanger | 0:b86d15c6ba29 | 2065 | |
Vanger | 0:b86d15c6ba29 | 2066 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 2067 | if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) { |
Vanger | 0:b86d15c6ba29 | 2068 | CYASSL_MSG("Secure Renegotiation needs to retain handshake resources"); |
Vanger | 0:b86d15c6ba29 | 2069 | return; |
Vanger | 0:b86d15c6ba29 | 2070 | } |
Vanger | 0:b86d15c6ba29 | 2071 | #endif |
Vanger | 0:b86d15c6ba29 | 2072 | |
Vanger | 0:b86d15c6ba29 | 2073 | /* input buffer */ |
Vanger | 0:b86d15c6ba29 | 2074 | if (ssl->buffers.inputBuffer.dynamicFlag) |
Vanger | 0:b86d15c6ba29 | 2075 | ShrinkInputBuffer(ssl, NO_FORCED_FREE); |
Vanger | 0:b86d15c6ba29 | 2076 | |
Vanger | 0:b86d15c6ba29 | 2077 | /* suites */ |
Vanger | 0:b86d15c6ba29 | 2078 | XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); |
Vanger | 0:b86d15c6ba29 | 2079 | ssl->suites = NULL; |
Vanger | 0:b86d15c6ba29 | 2080 | |
Vanger | 0:b86d15c6ba29 | 2081 | /* RNG */ |
Vanger | 0:b86d15c6ba29 | 2082 | if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) { |
Vanger | 0:b86d15c6ba29 | 2083 | #if defined(HAVE_HASHDRBG) || defined(NO_RC4) |
Vanger | 0:b86d15c6ba29 | 2084 | FreeRng(ssl->rng); |
Vanger | 0:b86d15c6ba29 | 2085 | #endif |
Vanger | 0:b86d15c6ba29 | 2086 | XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); |
Vanger | 0:b86d15c6ba29 | 2087 | ssl->rng = NULL; |
Vanger | 0:b86d15c6ba29 | 2088 | } |
Vanger | 0:b86d15c6ba29 | 2089 | |
Vanger | 0:b86d15c6ba29 | 2090 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2091 | /* DTLS_POOL */ |
Vanger | 0:b86d15c6ba29 | 2092 | if (ssl->options.dtls && ssl->dtls_pool != NULL) { |
Vanger | 0:b86d15c6ba29 | 2093 | DtlsPoolReset(ssl); |
Vanger | 0:b86d15c6ba29 | 2094 | XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_DTLS_POOL); |
Vanger | 0:b86d15c6ba29 | 2095 | ssl->dtls_pool = NULL; |
Vanger | 0:b86d15c6ba29 | 2096 | } |
Vanger | 0:b86d15c6ba29 | 2097 | #endif |
Vanger | 0:b86d15c6ba29 | 2098 | |
Vanger | 0:b86d15c6ba29 | 2099 | /* arrays */ |
Vanger | 0:b86d15c6ba29 | 2100 | if (ssl->options.saveArrays) |
Vanger | 0:b86d15c6ba29 | 2101 | FreeArrays(ssl, 1); |
Vanger | 0:b86d15c6ba29 | 2102 | |
Vanger | 0:b86d15c6ba29 | 2103 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 2104 | /* peerRsaKey */ |
Vanger | 0:b86d15c6ba29 | 2105 | if (ssl->peerRsaKey) { |
Vanger | 0:b86d15c6ba29 | 2106 | FreeRsaKey(ssl->peerRsaKey); |
Vanger | 0:b86d15c6ba29 | 2107 | XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA); |
Vanger | 0:b86d15c6ba29 | 2108 | ssl->peerRsaKey = NULL; |
Vanger | 0:b86d15c6ba29 | 2109 | } |
Vanger | 0:b86d15c6ba29 | 2110 | #endif |
Vanger | 0:b86d15c6ba29 | 2111 | |
Vanger | 0:b86d15c6ba29 | 2112 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 2113 | if (ssl->peerEccKey) |
Vanger | 0:b86d15c6ba29 | 2114 | { |
Vanger | 0:b86d15c6ba29 | 2115 | if (ssl->peerEccKeyPresent) { |
Vanger | 0:b86d15c6ba29 | 2116 | ecc_free(ssl->peerEccKey); |
Vanger | 0:b86d15c6ba29 | 2117 | ssl->peerEccKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 2118 | } |
Vanger | 0:b86d15c6ba29 | 2119 | XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2120 | ssl->peerEccKey = NULL; |
Vanger | 0:b86d15c6ba29 | 2121 | } |
Vanger | 0:b86d15c6ba29 | 2122 | if (ssl->peerEccDsaKey) |
Vanger | 0:b86d15c6ba29 | 2123 | { |
Vanger | 0:b86d15c6ba29 | 2124 | if (ssl->peerEccDsaKeyPresent) { |
Vanger | 0:b86d15c6ba29 | 2125 | ecc_free(ssl->peerEccDsaKey); |
Vanger | 0:b86d15c6ba29 | 2126 | ssl->peerEccDsaKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 2127 | } |
Vanger | 0:b86d15c6ba29 | 2128 | XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2129 | ssl->peerEccDsaKey = NULL; |
Vanger | 0:b86d15c6ba29 | 2130 | } |
Vanger | 0:b86d15c6ba29 | 2131 | if (ssl->eccTempKey) |
Vanger | 0:b86d15c6ba29 | 2132 | { |
Vanger | 0:b86d15c6ba29 | 2133 | if (ssl->eccTempKeyPresent) { |
Vanger | 0:b86d15c6ba29 | 2134 | ecc_free(ssl->eccTempKey); |
Vanger | 0:b86d15c6ba29 | 2135 | ssl->eccTempKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 2136 | } |
Vanger | 0:b86d15c6ba29 | 2137 | XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2138 | ssl->eccTempKey = NULL; |
Vanger | 0:b86d15c6ba29 | 2139 | } |
Vanger | 0:b86d15c6ba29 | 2140 | if (ssl->eccDsaKey) |
Vanger | 0:b86d15c6ba29 | 2141 | { |
Vanger | 0:b86d15c6ba29 | 2142 | if (ssl->eccDsaKeyPresent) { |
Vanger | 0:b86d15c6ba29 | 2143 | ecc_free(ssl->eccDsaKey); |
Vanger | 0:b86d15c6ba29 | 2144 | ssl->eccDsaKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 2145 | } |
Vanger | 0:b86d15c6ba29 | 2146 | XFREE(ssl->eccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2147 | ssl->eccDsaKey = NULL; |
Vanger | 0:b86d15c6ba29 | 2148 | } |
Vanger | 0:b86d15c6ba29 | 2149 | #endif |
Vanger | 0:b86d15c6ba29 | 2150 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 2151 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 2152 | XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 2153 | ssl->buffers.peerEccDsaKey.buffer = NULL; |
Vanger | 0:b86d15c6ba29 | 2154 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 2155 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 2156 | XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA); |
Vanger | 0:b86d15c6ba29 | 2157 | ssl->buffers.peerRsaKey.buffer = NULL; |
Vanger | 0:b86d15c6ba29 | 2158 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 2159 | #endif /* HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 2160 | } |
Vanger | 0:b86d15c6ba29 | 2161 | |
Vanger | 0:b86d15c6ba29 | 2162 | |
Vanger | 0:b86d15c6ba29 | 2163 | void FreeSSL(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2164 | { |
Vanger | 0:b86d15c6ba29 | 2165 | FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */ |
Vanger | 0:b86d15c6ba29 | 2166 | SSL_ResourceFree(ssl); |
Vanger | 0:b86d15c6ba29 | 2167 | XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL); |
Vanger | 0:b86d15c6ba29 | 2168 | } |
Vanger | 0:b86d15c6ba29 | 2169 | |
Vanger | 0:b86d15c6ba29 | 2170 | |
Vanger | 0:b86d15c6ba29 | 2171 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2172 | |
Vanger | 0:b86d15c6ba29 | 2173 | int DtlsPoolInit(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2174 | { |
Vanger | 0:b86d15c6ba29 | 2175 | if (ssl->dtls_pool == NULL) { |
Vanger | 0:b86d15c6ba29 | 2176 | DtlsPool *pool = (DtlsPool*)XMALLOC(sizeof(DtlsPool), |
Vanger | 0:b86d15c6ba29 | 2177 | ssl->heap, DYNAMIC_TYPE_DTLS_POOL); |
Vanger | 0:b86d15c6ba29 | 2178 | if (pool == NULL) { |
Vanger | 0:b86d15c6ba29 | 2179 | CYASSL_MSG("DTLS Buffer Pool Memory error"); |
Vanger | 0:b86d15c6ba29 | 2180 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 2181 | } |
Vanger | 0:b86d15c6ba29 | 2182 | else { |
Vanger | 0:b86d15c6ba29 | 2183 | int i; |
Vanger | 0:b86d15c6ba29 | 2184 | |
Vanger | 0:b86d15c6ba29 | 2185 | for (i = 0; i < DTLS_POOL_SZ; i++) { |
Vanger | 0:b86d15c6ba29 | 2186 | pool->buf[i].length = 0; |
Vanger | 0:b86d15c6ba29 | 2187 | pool->buf[i].buffer = NULL; |
Vanger | 0:b86d15c6ba29 | 2188 | } |
Vanger | 0:b86d15c6ba29 | 2189 | pool->used = 0; |
Vanger | 0:b86d15c6ba29 | 2190 | ssl->dtls_pool = pool; |
Vanger | 0:b86d15c6ba29 | 2191 | } |
Vanger | 0:b86d15c6ba29 | 2192 | } |
Vanger | 0:b86d15c6ba29 | 2193 | return 0; |
Vanger | 0:b86d15c6ba29 | 2194 | } |
Vanger | 0:b86d15c6ba29 | 2195 | |
Vanger | 0:b86d15c6ba29 | 2196 | |
Vanger | 0:b86d15c6ba29 | 2197 | int DtlsPoolSave(CYASSL* ssl, const byte *src, int sz) |
Vanger | 0:b86d15c6ba29 | 2198 | { |
Vanger | 0:b86d15c6ba29 | 2199 | DtlsPool *pool = ssl->dtls_pool; |
Vanger | 0:b86d15c6ba29 | 2200 | if (pool != NULL && pool->used < DTLS_POOL_SZ) { |
Vanger | 0:b86d15c6ba29 | 2201 | buffer *pBuf = &pool->buf[pool->used]; |
Vanger | 0:b86d15c6ba29 | 2202 | pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_DTLS_POOL); |
Vanger | 0:b86d15c6ba29 | 2203 | if (pBuf->buffer == NULL) { |
Vanger | 0:b86d15c6ba29 | 2204 | CYASSL_MSG("DTLS Buffer Memory error"); |
Vanger | 0:b86d15c6ba29 | 2205 | return MEMORY_ERROR; |
Vanger | 0:b86d15c6ba29 | 2206 | } |
Vanger | 0:b86d15c6ba29 | 2207 | XMEMCPY(pBuf->buffer, src, sz); |
Vanger | 0:b86d15c6ba29 | 2208 | pBuf->length = (word32)sz; |
Vanger | 0:b86d15c6ba29 | 2209 | pool->used++; |
Vanger | 0:b86d15c6ba29 | 2210 | } |
Vanger | 0:b86d15c6ba29 | 2211 | return 0; |
Vanger | 0:b86d15c6ba29 | 2212 | } |
Vanger | 0:b86d15c6ba29 | 2213 | |
Vanger | 0:b86d15c6ba29 | 2214 | |
Vanger | 0:b86d15c6ba29 | 2215 | void DtlsPoolReset(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2216 | { |
Vanger | 0:b86d15c6ba29 | 2217 | DtlsPool *pool = ssl->dtls_pool; |
Vanger | 0:b86d15c6ba29 | 2218 | if (pool != NULL) { |
Vanger | 0:b86d15c6ba29 | 2219 | buffer *pBuf; |
Vanger | 0:b86d15c6ba29 | 2220 | int i, used; |
Vanger | 0:b86d15c6ba29 | 2221 | |
Vanger | 0:b86d15c6ba29 | 2222 | used = pool->used; |
Vanger | 0:b86d15c6ba29 | 2223 | for (i = 0, pBuf = &pool->buf[0]; i < used; i++, pBuf++) { |
Vanger | 0:b86d15c6ba29 | 2224 | XFREE(pBuf->buffer, ssl->heap, DYNAMIC_TYPE_DTLS_POOL); |
Vanger | 0:b86d15c6ba29 | 2225 | pBuf->buffer = NULL; |
Vanger | 0:b86d15c6ba29 | 2226 | pBuf->length = 0; |
Vanger | 0:b86d15c6ba29 | 2227 | } |
Vanger | 0:b86d15c6ba29 | 2228 | pool->used = 0; |
Vanger | 0:b86d15c6ba29 | 2229 | } |
Vanger | 0:b86d15c6ba29 | 2230 | ssl->dtls_timeout = ssl->dtls_timeout_init; |
Vanger | 0:b86d15c6ba29 | 2231 | } |
Vanger | 0:b86d15c6ba29 | 2232 | |
Vanger | 0:b86d15c6ba29 | 2233 | |
Vanger | 0:b86d15c6ba29 | 2234 | int DtlsPoolTimeout(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2235 | { |
Vanger | 0:b86d15c6ba29 | 2236 | int result = -1; |
Vanger | 0:b86d15c6ba29 | 2237 | if (ssl->dtls_timeout < ssl->dtls_timeout_max) { |
Vanger | 0:b86d15c6ba29 | 2238 | ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER; |
Vanger | 0:b86d15c6ba29 | 2239 | result = 0; |
Vanger | 0:b86d15c6ba29 | 2240 | } |
Vanger | 0:b86d15c6ba29 | 2241 | return result; |
Vanger | 0:b86d15c6ba29 | 2242 | } |
Vanger | 0:b86d15c6ba29 | 2243 | |
Vanger | 0:b86d15c6ba29 | 2244 | |
Vanger | 0:b86d15c6ba29 | 2245 | int DtlsPoolSend(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2246 | { |
Vanger | 0:b86d15c6ba29 | 2247 | int ret; |
Vanger | 0:b86d15c6ba29 | 2248 | DtlsPool *pool = ssl->dtls_pool; |
Vanger | 0:b86d15c6ba29 | 2249 | |
Vanger | 0:b86d15c6ba29 | 2250 | if (pool != NULL && pool->used > 0) { |
Vanger | 0:b86d15c6ba29 | 2251 | int i; |
Vanger | 0:b86d15c6ba29 | 2252 | for (i = 0; i < pool->used; i++) { |
Vanger | 0:b86d15c6ba29 | 2253 | int sendResult; |
Vanger | 0:b86d15c6ba29 | 2254 | buffer* buf = &pool->buf[i]; |
Vanger | 0:b86d15c6ba29 | 2255 | |
Vanger | 0:b86d15c6ba29 | 2256 | DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)buf->buffer; |
Vanger | 0:b86d15c6ba29 | 2257 | |
Vanger | 0:b86d15c6ba29 | 2258 | word16 message_epoch; |
Vanger | 0:b86d15c6ba29 | 2259 | ato16(dtls->epoch, &message_epoch); |
Vanger | 0:b86d15c6ba29 | 2260 | if (message_epoch == ssl->keys.dtls_epoch) { |
Vanger | 0:b86d15c6ba29 | 2261 | /* Increment record sequence number on retransmitted handshake |
Vanger | 0:b86d15c6ba29 | 2262 | * messages */ |
Vanger | 0:b86d15c6ba29 | 2263 | c32to48(ssl->keys.dtls_sequence_number, dtls->sequence_number); |
Vanger | 0:b86d15c6ba29 | 2264 | ssl->keys.dtls_sequence_number++; |
Vanger | 0:b86d15c6ba29 | 2265 | } |
Vanger | 0:b86d15c6ba29 | 2266 | else { |
Vanger | 0:b86d15c6ba29 | 2267 | /* The Finished message is sent with the next epoch, keep its |
Vanger | 0:b86d15c6ba29 | 2268 | * sequence number */ |
Vanger | 0:b86d15c6ba29 | 2269 | } |
Vanger | 0:b86d15c6ba29 | 2270 | |
Vanger | 0:b86d15c6ba29 | 2271 | if ((ret = CheckAvailableSize(ssl, buf->length)) != 0) |
Vanger | 0:b86d15c6ba29 | 2272 | return ret; |
Vanger | 0:b86d15c6ba29 | 2273 | |
Vanger | 0:b86d15c6ba29 | 2274 | XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length); |
Vanger | 0:b86d15c6ba29 | 2275 | ssl->buffers.outputBuffer.idx = 0; |
Vanger | 0:b86d15c6ba29 | 2276 | ssl->buffers.outputBuffer.length = buf->length; |
Vanger | 0:b86d15c6ba29 | 2277 | |
Vanger | 0:b86d15c6ba29 | 2278 | sendResult = SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 2279 | if (sendResult < 0) { |
Vanger | 0:b86d15c6ba29 | 2280 | return sendResult; |
Vanger | 0:b86d15c6ba29 | 2281 | } |
Vanger | 0:b86d15c6ba29 | 2282 | } |
Vanger | 0:b86d15c6ba29 | 2283 | } |
Vanger | 0:b86d15c6ba29 | 2284 | return 0; |
Vanger | 0:b86d15c6ba29 | 2285 | } |
Vanger | 0:b86d15c6ba29 | 2286 | |
Vanger | 0:b86d15c6ba29 | 2287 | |
Vanger | 0:b86d15c6ba29 | 2288 | /* functions for managing DTLS datagram reordering */ |
Vanger | 0:b86d15c6ba29 | 2289 | |
Vanger | 0:b86d15c6ba29 | 2290 | /* Need to allocate space for the handshake message header. The hashing |
Vanger | 0:b86d15c6ba29 | 2291 | * routines assume the message pointer is still within the buffer that |
Vanger | 0:b86d15c6ba29 | 2292 | * has the headers, and will include those headers in the hash. The store |
Vanger | 0:b86d15c6ba29 | 2293 | * routines need to take that into account as well. New will allocate |
Vanger | 0:b86d15c6ba29 | 2294 | * extra space for the headers. */ |
Vanger | 0:b86d15c6ba29 | 2295 | DtlsMsg* DtlsMsgNew(word32 sz, void* heap) |
Vanger | 0:b86d15c6ba29 | 2296 | { |
Vanger | 0:b86d15c6ba29 | 2297 | DtlsMsg* msg = NULL; |
Vanger | 0:b86d15c6ba29 | 2298 | |
Vanger | 0:b86d15c6ba29 | 2299 | msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG); |
Vanger | 0:b86d15c6ba29 | 2300 | |
Vanger | 0:b86d15c6ba29 | 2301 | if (msg != NULL) { |
Vanger | 0:b86d15c6ba29 | 2302 | msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ, |
Vanger | 0:b86d15c6ba29 | 2303 | heap, DYNAMIC_TYPE_NONE); |
Vanger | 0:b86d15c6ba29 | 2304 | if (msg->buf != NULL) { |
Vanger | 0:b86d15c6ba29 | 2305 | msg->next = NULL; |
Vanger | 0:b86d15c6ba29 | 2306 | msg->seq = 0; |
Vanger | 0:b86d15c6ba29 | 2307 | msg->sz = sz; |
Vanger | 0:b86d15c6ba29 | 2308 | msg->fragSz = 0; |
Vanger | 0:b86d15c6ba29 | 2309 | msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 2310 | } |
Vanger | 0:b86d15c6ba29 | 2311 | else { |
Vanger | 0:b86d15c6ba29 | 2312 | XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG); |
Vanger | 0:b86d15c6ba29 | 2313 | msg = NULL; |
Vanger | 0:b86d15c6ba29 | 2314 | } |
Vanger | 0:b86d15c6ba29 | 2315 | } |
Vanger | 0:b86d15c6ba29 | 2316 | |
Vanger | 0:b86d15c6ba29 | 2317 | return msg; |
Vanger | 0:b86d15c6ba29 | 2318 | } |
Vanger | 0:b86d15c6ba29 | 2319 | |
Vanger | 0:b86d15c6ba29 | 2320 | void DtlsMsgDelete(DtlsMsg* item, void* heap) |
Vanger | 0:b86d15c6ba29 | 2321 | { |
Vanger | 0:b86d15c6ba29 | 2322 | (void)heap; |
Vanger | 0:b86d15c6ba29 | 2323 | |
Vanger | 0:b86d15c6ba29 | 2324 | if (item != NULL) { |
Vanger | 0:b86d15c6ba29 | 2325 | if (item->buf != NULL) |
Vanger | 0:b86d15c6ba29 | 2326 | XFREE(item->buf, heap, DYNAMIC_TYPE_NONE); |
Vanger | 0:b86d15c6ba29 | 2327 | XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG); |
Vanger | 0:b86d15c6ba29 | 2328 | } |
Vanger | 0:b86d15c6ba29 | 2329 | } |
Vanger | 0:b86d15c6ba29 | 2330 | |
Vanger | 0:b86d15c6ba29 | 2331 | |
Vanger | 0:b86d15c6ba29 | 2332 | void DtlsMsgListDelete(DtlsMsg* head, void* heap) |
Vanger | 0:b86d15c6ba29 | 2333 | { |
Vanger | 0:b86d15c6ba29 | 2334 | DtlsMsg* next; |
Vanger | 0:b86d15c6ba29 | 2335 | while (head) { |
Vanger | 0:b86d15c6ba29 | 2336 | next = head->next; |
Vanger | 0:b86d15c6ba29 | 2337 | DtlsMsgDelete(head, heap); |
Vanger | 0:b86d15c6ba29 | 2338 | head = next; |
Vanger | 0:b86d15c6ba29 | 2339 | } |
Vanger | 0:b86d15c6ba29 | 2340 | } |
Vanger | 0:b86d15c6ba29 | 2341 | |
Vanger | 0:b86d15c6ba29 | 2342 | |
Vanger | 0:b86d15c6ba29 | 2343 | void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type, |
Vanger | 0:b86d15c6ba29 | 2344 | word32 fragOffset, word32 fragSz) |
Vanger | 0:b86d15c6ba29 | 2345 | { |
Vanger | 0:b86d15c6ba29 | 2346 | if (msg != NULL && data != NULL && msg->fragSz <= msg->sz && |
Vanger | 0:b86d15c6ba29 | 2347 | fragOffset < msg->sz && (fragOffset + fragSz) <= msg->sz) { |
Vanger | 0:b86d15c6ba29 | 2348 | |
Vanger | 0:b86d15c6ba29 | 2349 | msg->seq = seq; |
Vanger | 0:b86d15c6ba29 | 2350 | msg->type = type; |
Vanger | 0:b86d15c6ba29 | 2351 | msg->fragSz += fragSz; |
Vanger | 0:b86d15c6ba29 | 2352 | /* If fragOffset is zero, this is either a full message that is out |
Vanger | 0:b86d15c6ba29 | 2353 | * of order, or the first fragment of a fragmented message. Copy the |
Vanger | 0:b86d15c6ba29 | 2354 | * handshake message header as well as the message data. */ |
Vanger | 0:b86d15c6ba29 | 2355 | if (fragOffset == 0) |
Vanger | 0:b86d15c6ba29 | 2356 | XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ, |
Vanger | 0:b86d15c6ba29 | 2357 | fragSz + DTLS_HANDSHAKE_HEADER_SZ); |
Vanger | 0:b86d15c6ba29 | 2358 | else { |
Vanger | 0:b86d15c6ba29 | 2359 | /* If fragOffet is non-zero, this is an additional fragment that |
Vanger | 0:b86d15c6ba29 | 2360 | * needs to be copied to its location in the message buffer. Also |
Vanger | 0:b86d15c6ba29 | 2361 | * copy the total size of the message over the fragment size. The |
Vanger | 0:b86d15c6ba29 | 2362 | * hash routines look at a defragmented message if it had actually |
Vanger | 0:b86d15c6ba29 | 2363 | * come across as a single handshake message. */ |
Vanger | 0:b86d15c6ba29 | 2364 | XMEMCPY(msg->msg + fragOffset, data, fragSz); |
Vanger | 0:b86d15c6ba29 | 2365 | c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ); |
Vanger | 0:b86d15c6ba29 | 2366 | } |
Vanger | 0:b86d15c6ba29 | 2367 | } |
Vanger | 0:b86d15c6ba29 | 2368 | } |
Vanger | 0:b86d15c6ba29 | 2369 | |
Vanger | 0:b86d15c6ba29 | 2370 | |
Vanger | 0:b86d15c6ba29 | 2371 | DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq) |
Vanger | 0:b86d15c6ba29 | 2372 | { |
Vanger | 0:b86d15c6ba29 | 2373 | while (head != NULL && head->seq != seq) { |
Vanger | 0:b86d15c6ba29 | 2374 | head = head->next; |
Vanger | 0:b86d15c6ba29 | 2375 | } |
Vanger | 0:b86d15c6ba29 | 2376 | return head; |
Vanger | 0:b86d15c6ba29 | 2377 | } |
Vanger | 0:b86d15c6ba29 | 2378 | |
Vanger | 0:b86d15c6ba29 | 2379 | |
Vanger | 0:b86d15c6ba29 | 2380 | DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data, |
Vanger | 0:b86d15c6ba29 | 2381 | word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap) |
Vanger | 0:b86d15c6ba29 | 2382 | { |
Vanger | 0:b86d15c6ba29 | 2383 | |
Vanger | 0:b86d15c6ba29 | 2384 | /* See if seq exists in the list. If it isn't in the list, make |
Vanger | 0:b86d15c6ba29 | 2385 | * a new item of size dataSz, copy fragSz bytes from data to msg->msg |
Vanger | 0:b86d15c6ba29 | 2386 | * starting at offset fragOffset, and add fragSz to msg->fragSz. If |
Vanger | 0:b86d15c6ba29 | 2387 | * the seq is in the list and it isn't full, copy fragSz bytes from |
Vanger | 0:b86d15c6ba29 | 2388 | * data to msg->msg starting at offset fragOffset, and add fragSz to |
Vanger | 0:b86d15c6ba29 | 2389 | * msg->fragSz. The new item should be inserted into the list in its |
Vanger | 0:b86d15c6ba29 | 2390 | * proper position. |
Vanger | 0:b86d15c6ba29 | 2391 | * |
Vanger | 0:b86d15c6ba29 | 2392 | * 1. Find seq in list, or where seq should go in list. If seq not in |
Vanger | 0:b86d15c6ba29 | 2393 | * list, create new item and insert into list. Either case, keep |
Vanger | 0:b86d15c6ba29 | 2394 | * pointer to item. |
Vanger | 0:b86d15c6ba29 | 2395 | * 2. If msg->fragSz + fragSz < sz, copy data to msg->msg at offset |
Vanger | 0:b86d15c6ba29 | 2396 | * fragOffset. Add fragSz to msg->fragSz. |
Vanger | 0:b86d15c6ba29 | 2397 | */ |
Vanger | 0:b86d15c6ba29 | 2398 | |
Vanger | 0:b86d15c6ba29 | 2399 | if (head != NULL) { |
Vanger | 0:b86d15c6ba29 | 2400 | DtlsMsg* cur = DtlsMsgFind(head, seq); |
Vanger | 0:b86d15c6ba29 | 2401 | if (cur == NULL) { |
Vanger | 0:b86d15c6ba29 | 2402 | cur = DtlsMsgNew(dataSz, heap); |
Vanger | 0:b86d15c6ba29 | 2403 | if (cur != NULL) { |
Vanger | 0:b86d15c6ba29 | 2404 | DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz); |
Vanger | 0:b86d15c6ba29 | 2405 | head = DtlsMsgInsert(head, cur); |
Vanger | 0:b86d15c6ba29 | 2406 | } |
Vanger | 0:b86d15c6ba29 | 2407 | } |
Vanger | 0:b86d15c6ba29 | 2408 | else { |
Vanger | 0:b86d15c6ba29 | 2409 | DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz); |
Vanger | 0:b86d15c6ba29 | 2410 | } |
Vanger | 0:b86d15c6ba29 | 2411 | } |
Vanger | 0:b86d15c6ba29 | 2412 | else { |
Vanger | 0:b86d15c6ba29 | 2413 | head = DtlsMsgNew(dataSz, heap); |
Vanger | 0:b86d15c6ba29 | 2414 | DtlsMsgSet(head, seq, data, type, fragOffset, fragSz); |
Vanger | 0:b86d15c6ba29 | 2415 | } |
Vanger | 0:b86d15c6ba29 | 2416 | |
Vanger | 0:b86d15c6ba29 | 2417 | return head; |
Vanger | 0:b86d15c6ba29 | 2418 | } |
Vanger | 0:b86d15c6ba29 | 2419 | |
Vanger | 0:b86d15c6ba29 | 2420 | |
Vanger | 0:b86d15c6ba29 | 2421 | /* DtlsMsgInsert() is an in-order insert. */ |
Vanger | 0:b86d15c6ba29 | 2422 | DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item) |
Vanger | 0:b86d15c6ba29 | 2423 | { |
Vanger | 0:b86d15c6ba29 | 2424 | if (head == NULL || item->seq < head->seq) { |
Vanger | 0:b86d15c6ba29 | 2425 | item->next = head; |
Vanger | 0:b86d15c6ba29 | 2426 | head = item; |
Vanger | 0:b86d15c6ba29 | 2427 | } |
Vanger | 0:b86d15c6ba29 | 2428 | else if (head->next == NULL) { |
Vanger | 0:b86d15c6ba29 | 2429 | head->next = item; |
Vanger | 0:b86d15c6ba29 | 2430 | } |
Vanger | 0:b86d15c6ba29 | 2431 | else { |
Vanger | 0:b86d15c6ba29 | 2432 | DtlsMsg* cur = head->next; |
Vanger | 0:b86d15c6ba29 | 2433 | DtlsMsg* prev = head; |
Vanger | 0:b86d15c6ba29 | 2434 | while (cur) { |
Vanger | 0:b86d15c6ba29 | 2435 | if (item->seq < cur->seq) { |
Vanger | 0:b86d15c6ba29 | 2436 | item->next = cur; |
Vanger | 0:b86d15c6ba29 | 2437 | prev->next = item; |
Vanger | 0:b86d15c6ba29 | 2438 | break; |
Vanger | 0:b86d15c6ba29 | 2439 | } |
Vanger | 0:b86d15c6ba29 | 2440 | prev = cur; |
Vanger | 0:b86d15c6ba29 | 2441 | cur = cur->next; |
Vanger | 0:b86d15c6ba29 | 2442 | } |
Vanger | 0:b86d15c6ba29 | 2443 | if (cur == NULL) { |
Vanger | 0:b86d15c6ba29 | 2444 | prev->next = item; |
Vanger | 0:b86d15c6ba29 | 2445 | } |
Vanger | 0:b86d15c6ba29 | 2446 | } |
Vanger | 0:b86d15c6ba29 | 2447 | |
Vanger | 0:b86d15c6ba29 | 2448 | return head; |
Vanger | 0:b86d15c6ba29 | 2449 | } |
Vanger | 0:b86d15c6ba29 | 2450 | |
Vanger | 0:b86d15c6ba29 | 2451 | #endif /* CYASSL_DTLS */ |
Vanger | 0:b86d15c6ba29 | 2452 | |
Vanger | 0:b86d15c6ba29 | 2453 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 2454 | |
Vanger | 0:b86d15c6ba29 | 2455 | ProtocolVersion MakeSSLv3(void) |
Vanger | 0:b86d15c6ba29 | 2456 | { |
Vanger | 0:b86d15c6ba29 | 2457 | ProtocolVersion pv; |
Vanger | 0:b86d15c6ba29 | 2458 | pv.major = SSLv3_MAJOR; |
Vanger | 0:b86d15c6ba29 | 2459 | pv.minor = SSLv3_MINOR; |
Vanger | 0:b86d15c6ba29 | 2460 | |
Vanger | 0:b86d15c6ba29 | 2461 | return pv; |
Vanger | 0:b86d15c6ba29 | 2462 | } |
Vanger | 0:b86d15c6ba29 | 2463 | |
Vanger | 0:b86d15c6ba29 | 2464 | #endif /* NO_OLD_TLS */ |
Vanger | 0:b86d15c6ba29 | 2465 | |
Vanger | 0:b86d15c6ba29 | 2466 | |
Vanger | 0:b86d15c6ba29 | 2467 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2468 | |
Vanger | 0:b86d15c6ba29 | 2469 | ProtocolVersion MakeDTLSv1(void) |
Vanger | 0:b86d15c6ba29 | 2470 | { |
Vanger | 0:b86d15c6ba29 | 2471 | ProtocolVersion pv; |
Vanger | 0:b86d15c6ba29 | 2472 | pv.major = DTLS_MAJOR; |
Vanger | 0:b86d15c6ba29 | 2473 | pv.minor = DTLS_MINOR; |
Vanger | 0:b86d15c6ba29 | 2474 | |
Vanger | 0:b86d15c6ba29 | 2475 | return pv; |
Vanger | 0:b86d15c6ba29 | 2476 | } |
Vanger | 0:b86d15c6ba29 | 2477 | |
Vanger | 0:b86d15c6ba29 | 2478 | ProtocolVersion MakeDTLSv1_2(void) |
Vanger | 0:b86d15c6ba29 | 2479 | { |
Vanger | 0:b86d15c6ba29 | 2480 | ProtocolVersion pv; |
Vanger | 0:b86d15c6ba29 | 2481 | pv.major = DTLS_MAJOR; |
Vanger | 0:b86d15c6ba29 | 2482 | pv.minor = DTLSv1_2_MINOR; |
Vanger | 0:b86d15c6ba29 | 2483 | |
Vanger | 0:b86d15c6ba29 | 2484 | return pv; |
Vanger | 0:b86d15c6ba29 | 2485 | } |
Vanger | 0:b86d15c6ba29 | 2486 | |
Vanger | 0:b86d15c6ba29 | 2487 | #endif /* CYASSL_DTLS */ |
Vanger | 0:b86d15c6ba29 | 2488 | |
Vanger | 0:b86d15c6ba29 | 2489 | |
Vanger | 0:b86d15c6ba29 | 2490 | |
Vanger | 0:b86d15c6ba29 | 2491 | |
Vanger | 0:b86d15c6ba29 | 2492 | #ifdef USE_WINDOWS_API |
Vanger | 0:b86d15c6ba29 | 2493 | |
Vanger | 0:b86d15c6ba29 | 2494 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2495 | { |
Vanger | 0:b86d15c6ba29 | 2496 | static int init = 0; |
Vanger | 0:b86d15c6ba29 | 2497 | static LARGE_INTEGER freq; |
Vanger | 0:b86d15c6ba29 | 2498 | LARGE_INTEGER count; |
Vanger | 0:b86d15c6ba29 | 2499 | |
Vanger | 0:b86d15c6ba29 | 2500 | if (!init) { |
Vanger | 0:b86d15c6ba29 | 2501 | QueryPerformanceFrequency(&freq); |
Vanger | 0:b86d15c6ba29 | 2502 | init = 1; |
Vanger | 0:b86d15c6ba29 | 2503 | } |
Vanger | 0:b86d15c6ba29 | 2504 | |
Vanger | 0:b86d15c6ba29 | 2505 | QueryPerformanceCounter(&count); |
Vanger | 0:b86d15c6ba29 | 2506 | |
Vanger | 0:b86d15c6ba29 | 2507 | return (word32)(count.QuadPart / freq.QuadPart); |
Vanger | 0:b86d15c6ba29 | 2508 | } |
Vanger | 0:b86d15c6ba29 | 2509 | |
Vanger | 0:b86d15c6ba29 | 2510 | #elif defined(HAVE_RTP_SYS) |
Vanger | 0:b86d15c6ba29 | 2511 | |
Vanger | 0:b86d15c6ba29 | 2512 | #include "rtptime.h" |
Vanger | 0:b86d15c6ba29 | 2513 | |
Vanger | 0:b86d15c6ba29 | 2514 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2515 | { |
Vanger | 0:b86d15c6ba29 | 2516 | return (word32)rtp_get_system_sec(); |
Vanger | 0:b86d15c6ba29 | 2517 | } |
Vanger | 0:b86d15c6ba29 | 2518 | |
Vanger | 0:b86d15c6ba29 | 2519 | |
Vanger | 0:b86d15c6ba29 | 2520 | #elif defined(MICRIUM) |
Vanger | 0:b86d15c6ba29 | 2521 | |
Vanger | 0:b86d15c6ba29 | 2522 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2523 | { |
Vanger | 0:b86d15c6ba29 | 2524 | NET_SECURE_OS_TICK clk; |
Vanger | 0:b86d15c6ba29 | 2525 | |
Vanger | 0:b86d15c6ba29 | 2526 | #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) |
Vanger | 0:b86d15c6ba29 | 2527 | clk = NetSecure_OS_TimeGet(); |
Vanger | 0:b86d15c6ba29 | 2528 | #endif |
Vanger | 0:b86d15c6ba29 | 2529 | return (word32)clk; |
Vanger | 0:b86d15c6ba29 | 2530 | } |
Vanger | 0:b86d15c6ba29 | 2531 | |
Vanger | 0:b86d15c6ba29 | 2532 | |
Vanger | 0:b86d15c6ba29 | 2533 | #elif defined(MICROCHIP_TCPIP_V5) |
Vanger | 0:b86d15c6ba29 | 2534 | |
Vanger | 0:b86d15c6ba29 | 2535 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2536 | { |
Vanger | 0:b86d15c6ba29 | 2537 | return (word32) TickGet(); |
Vanger | 0:b86d15c6ba29 | 2538 | } |
Vanger | 0:b86d15c6ba29 | 2539 | |
Vanger | 0:b86d15c6ba29 | 2540 | |
Vanger | 0:b86d15c6ba29 | 2541 | #elif defined(MICROCHIP_TCPIP) |
Vanger | 0:b86d15c6ba29 | 2542 | |
Vanger | 0:b86d15c6ba29 | 2543 | #if defined(MICROCHIP_MPLAB_HARMONY) |
Vanger | 0:b86d15c6ba29 | 2544 | |
Vanger | 0:b86d15c6ba29 | 2545 | #include <system/tmr/sys_tmr.h> |
Vanger | 0:b86d15c6ba29 | 2546 | |
Vanger | 0:b86d15c6ba29 | 2547 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2548 | { |
Vanger | 0:b86d15c6ba29 | 2549 | return (word32) SYS_TMR_TickCountGet(); |
Vanger | 0:b86d15c6ba29 | 2550 | } |
Vanger | 0:b86d15c6ba29 | 2551 | |
Vanger | 0:b86d15c6ba29 | 2552 | #else |
Vanger | 0:b86d15c6ba29 | 2553 | |
Vanger | 0:b86d15c6ba29 | 2554 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2555 | { |
Vanger | 0:b86d15c6ba29 | 2556 | return (word32) SYS_TICK_Get(); |
Vanger | 0:b86d15c6ba29 | 2557 | } |
Vanger | 0:b86d15c6ba29 | 2558 | |
Vanger | 0:b86d15c6ba29 | 2559 | #endif |
Vanger | 0:b86d15c6ba29 | 2560 | |
Vanger | 0:b86d15c6ba29 | 2561 | #elif defined(FREESCALE_MQX) |
Vanger | 0:b86d15c6ba29 | 2562 | |
Vanger | 0:b86d15c6ba29 | 2563 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2564 | { |
Vanger | 0:b86d15c6ba29 | 2565 | TIME_STRUCT mqxTime; |
Vanger | 0:b86d15c6ba29 | 2566 | |
Vanger | 0:b86d15c6ba29 | 2567 | _time_get_elapsed(&mqxTime); |
Vanger | 0:b86d15c6ba29 | 2568 | |
Vanger | 0:b86d15c6ba29 | 2569 | return (word32) mqxTime.SECONDS; |
Vanger | 0:b86d15c6ba29 | 2570 | } |
Vanger | 0:b86d15c6ba29 | 2571 | |
Vanger | 0:b86d15c6ba29 | 2572 | #elif defined(CYASSL_TIRTOS) |
Vanger | 0:b86d15c6ba29 | 2573 | |
Vanger | 0:b86d15c6ba29 | 2574 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2575 | { |
Vanger | 0:b86d15c6ba29 | 2576 | return (word32) MYTIME_gettime(); |
Vanger | 0:b86d15c6ba29 | 2577 | } |
Vanger | 0:b86d15c6ba29 | 2578 | |
Vanger | 0:b86d15c6ba29 | 2579 | #elif defined(USER_TICKS) |
Vanger | 0:b86d15c6ba29 | 2580 | #if 0 |
Vanger | 0:b86d15c6ba29 | 2581 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2582 | { |
Vanger | 0:b86d15c6ba29 | 2583 | /* |
Vanger | 0:b86d15c6ba29 | 2584 | write your own clock tick function if don't want time(0) |
Vanger | 0:b86d15c6ba29 | 2585 | needs second accuracy but doesn't have to correlated to EPOCH |
Vanger | 0:b86d15c6ba29 | 2586 | */ |
Vanger | 0:b86d15c6ba29 | 2587 | } |
Vanger | 0:b86d15c6ba29 | 2588 | #endif |
Vanger | 0:b86d15c6ba29 | 2589 | #else /* !USE_WINDOWS_API && !HAVE_RTP_SYS && !MICRIUM && !USER_TICKS */ |
Vanger | 0:b86d15c6ba29 | 2590 | |
Vanger | 0:b86d15c6ba29 | 2591 | #include <time.h> |
Vanger | 0:b86d15c6ba29 | 2592 | |
Vanger | 0:b86d15c6ba29 | 2593 | word32 LowResTimer(void) |
Vanger | 0:b86d15c6ba29 | 2594 | { |
Vanger | 0:b86d15c6ba29 | 2595 | return (word32)time(0); |
Vanger | 0:b86d15c6ba29 | 2596 | } |
Vanger | 0:b86d15c6ba29 | 2597 | |
Vanger | 0:b86d15c6ba29 | 2598 | |
Vanger | 0:b86d15c6ba29 | 2599 | #endif /* USE_WINDOWS_API */ |
Vanger | 0:b86d15c6ba29 | 2600 | |
Vanger | 0:b86d15c6ba29 | 2601 | |
Vanger | 0:b86d15c6ba29 | 2602 | /* add output to md5 and sha handshake hashes, exclude record header */ |
Vanger | 0:b86d15c6ba29 | 2603 | static int HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz) |
Vanger | 0:b86d15c6ba29 | 2604 | { |
Vanger | 0:b86d15c6ba29 | 2605 | const byte* adj = output + RECORD_HEADER_SZ + ivSz; |
Vanger | 0:b86d15c6ba29 | 2606 | sz -= RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 2607 | |
Vanger | 0:b86d15c6ba29 | 2608 | #ifdef HAVE_FUZZER |
Vanger | 0:b86d15c6ba29 | 2609 | if (ssl->fuzzerCb) |
Vanger | 0:b86d15c6ba29 | 2610 | ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx); |
Vanger | 0:b86d15c6ba29 | 2611 | #endif |
Vanger | 0:b86d15c6ba29 | 2612 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2613 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 2614 | adj += DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 2615 | sz -= DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 2616 | } |
Vanger | 0:b86d15c6ba29 | 2617 | #endif |
Vanger | 0:b86d15c6ba29 | 2618 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 2619 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 2620 | ShaUpdate(&ssl->hashSha, adj, sz); |
Vanger | 0:b86d15c6ba29 | 2621 | #endif |
Vanger | 0:b86d15c6ba29 | 2622 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 2623 | Md5Update(&ssl->hashMd5, adj, sz); |
Vanger | 0:b86d15c6ba29 | 2624 | #endif |
Vanger | 0:b86d15c6ba29 | 2625 | #endif |
Vanger | 0:b86d15c6ba29 | 2626 | |
Vanger | 0:b86d15c6ba29 | 2627 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 2628 | int ret; |
Vanger | 0:b86d15c6ba29 | 2629 | |
Vanger | 0:b86d15c6ba29 | 2630 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 2631 | ret = Sha256Update(&ssl->hashSha256, adj, sz); |
Vanger | 0:b86d15c6ba29 | 2632 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 2633 | return ret; |
Vanger | 0:b86d15c6ba29 | 2634 | #endif |
Vanger | 0:b86d15c6ba29 | 2635 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 2636 | ret = Sha384Update(&ssl->hashSha384, adj, sz); |
Vanger | 0:b86d15c6ba29 | 2637 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 2638 | return ret; |
Vanger | 0:b86d15c6ba29 | 2639 | #endif |
Vanger | 0:b86d15c6ba29 | 2640 | } |
Vanger | 0:b86d15c6ba29 | 2641 | |
Vanger | 0:b86d15c6ba29 | 2642 | return 0; |
Vanger | 0:b86d15c6ba29 | 2643 | } |
Vanger | 0:b86d15c6ba29 | 2644 | |
Vanger | 0:b86d15c6ba29 | 2645 | |
Vanger | 0:b86d15c6ba29 | 2646 | /* add input to md5 and sha handshake hashes, include handshake header */ |
Vanger | 0:b86d15c6ba29 | 2647 | static int HashInput(CYASSL* ssl, const byte* input, int sz) |
Vanger | 0:b86d15c6ba29 | 2648 | { |
Vanger | 0:b86d15c6ba29 | 2649 | const byte* adj = input - HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 2650 | sz += HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 2651 | |
Vanger | 0:b86d15c6ba29 | 2652 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2653 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 2654 | adj -= DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 2655 | sz += DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 2656 | } |
Vanger | 0:b86d15c6ba29 | 2657 | #endif |
Vanger | 0:b86d15c6ba29 | 2658 | |
Vanger | 0:b86d15c6ba29 | 2659 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 2660 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 2661 | ShaUpdate(&ssl->hashSha, adj, sz); |
Vanger | 0:b86d15c6ba29 | 2662 | #endif |
Vanger | 0:b86d15c6ba29 | 2663 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 2664 | Md5Update(&ssl->hashMd5, adj, sz); |
Vanger | 0:b86d15c6ba29 | 2665 | #endif |
Vanger | 0:b86d15c6ba29 | 2666 | #endif |
Vanger | 0:b86d15c6ba29 | 2667 | |
Vanger | 0:b86d15c6ba29 | 2668 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 2669 | int ret; |
Vanger | 0:b86d15c6ba29 | 2670 | |
Vanger | 0:b86d15c6ba29 | 2671 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 2672 | ret = Sha256Update(&ssl->hashSha256, adj, sz); |
Vanger | 0:b86d15c6ba29 | 2673 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 2674 | return ret; |
Vanger | 0:b86d15c6ba29 | 2675 | #endif |
Vanger | 0:b86d15c6ba29 | 2676 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 2677 | ret = Sha384Update(&ssl->hashSha384, adj, sz); |
Vanger | 0:b86d15c6ba29 | 2678 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 2679 | return ret; |
Vanger | 0:b86d15c6ba29 | 2680 | #endif |
Vanger | 0:b86d15c6ba29 | 2681 | } |
Vanger | 0:b86d15c6ba29 | 2682 | |
Vanger | 0:b86d15c6ba29 | 2683 | return 0; |
Vanger | 0:b86d15c6ba29 | 2684 | } |
Vanger | 0:b86d15c6ba29 | 2685 | |
Vanger | 0:b86d15c6ba29 | 2686 | |
Vanger | 0:b86d15c6ba29 | 2687 | /* add record layer header for message */ |
Vanger | 0:b86d15c6ba29 | 2688 | static void AddRecordHeader(byte* output, word32 length, byte type, CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2689 | { |
Vanger | 0:b86d15c6ba29 | 2690 | RecordLayerHeader* rl; |
Vanger | 0:b86d15c6ba29 | 2691 | |
Vanger | 0:b86d15c6ba29 | 2692 | /* record layer header */ |
Vanger | 0:b86d15c6ba29 | 2693 | rl = (RecordLayerHeader*)output; |
Vanger | 0:b86d15c6ba29 | 2694 | rl->type = type; |
Vanger | 0:b86d15c6ba29 | 2695 | rl->pvMajor = ssl->version.major; /* type and version same in each */ |
Vanger | 0:b86d15c6ba29 | 2696 | rl->pvMinor = ssl->version.minor; |
Vanger | 0:b86d15c6ba29 | 2697 | |
Vanger | 0:b86d15c6ba29 | 2698 | if (!ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 2699 | c16toa((word16)length, rl->length); |
Vanger | 0:b86d15c6ba29 | 2700 | else { |
Vanger | 0:b86d15c6ba29 | 2701 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2702 | DtlsRecordLayerHeader* dtls; |
Vanger | 0:b86d15c6ba29 | 2703 | |
Vanger | 0:b86d15c6ba29 | 2704 | /* dtls record layer header extensions */ |
Vanger | 0:b86d15c6ba29 | 2705 | dtls = (DtlsRecordLayerHeader*)output; |
Vanger | 0:b86d15c6ba29 | 2706 | c16toa(ssl->keys.dtls_epoch, dtls->epoch); |
Vanger | 0:b86d15c6ba29 | 2707 | c32to48(ssl->keys.dtls_sequence_number++, dtls->sequence_number); |
Vanger | 0:b86d15c6ba29 | 2708 | c16toa((word16)length, dtls->length); |
Vanger | 0:b86d15c6ba29 | 2709 | #endif |
Vanger | 0:b86d15c6ba29 | 2710 | } |
Vanger | 0:b86d15c6ba29 | 2711 | } |
Vanger | 0:b86d15c6ba29 | 2712 | |
Vanger | 0:b86d15c6ba29 | 2713 | |
Vanger | 0:b86d15c6ba29 | 2714 | /* add handshake header for message */ |
Vanger | 0:b86d15c6ba29 | 2715 | static void AddHandShakeHeader(byte* output, word32 length, byte type, |
Vanger | 0:b86d15c6ba29 | 2716 | CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2717 | { |
Vanger | 0:b86d15c6ba29 | 2718 | HandShakeHeader* hs; |
Vanger | 0:b86d15c6ba29 | 2719 | (void)ssl; |
Vanger | 0:b86d15c6ba29 | 2720 | |
Vanger | 0:b86d15c6ba29 | 2721 | /* handshake header */ |
Vanger | 0:b86d15c6ba29 | 2722 | hs = (HandShakeHeader*)output; |
Vanger | 0:b86d15c6ba29 | 2723 | hs->type = type; |
Vanger | 0:b86d15c6ba29 | 2724 | c32to24(length, hs->length); /* type and length same for each */ |
Vanger | 0:b86d15c6ba29 | 2725 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2726 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 2727 | DtlsHandShakeHeader* dtls; |
Vanger | 0:b86d15c6ba29 | 2728 | |
Vanger | 0:b86d15c6ba29 | 2729 | /* dtls handshake header extensions */ |
Vanger | 0:b86d15c6ba29 | 2730 | dtls = (DtlsHandShakeHeader*)output; |
Vanger | 0:b86d15c6ba29 | 2731 | c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq); |
Vanger | 0:b86d15c6ba29 | 2732 | c32to24(0, dtls->fragment_offset); |
Vanger | 0:b86d15c6ba29 | 2733 | c32to24(length, dtls->fragment_length); |
Vanger | 0:b86d15c6ba29 | 2734 | } |
Vanger | 0:b86d15c6ba29 | 2735 | #endif |
Vanger | 0:b86d15c6ba29 | 2736 | } |
Vanger | 0:b86d15c6ba29 | 2737 | |
Vanger | 0:b86d15c6ba29 | 2738 | |
Vanger | 0:b86d15c6ba29 | 2739 | /* add both headers for handshake message */ |
Vanger | 0:b86d15c6ba29 | 2740 | static void AddHeaders(byte* output, word32 length, byte type, CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2741 | { |
Vanger | 0:b86d15c6ba29 | 2742 | if (!ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 2743 | AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl); |
Vanger | 0:b86d15c6ba29 | 2744 | AddHandShakeHeader(output + RECORD_HEADER_SZ, length, type, ssl); |
Vanger | 0:b86d15c6ba29 | 2745 | } |
Vanger | 0:b86d15c6ba29 | 2746 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2747 | else { |
Vanger | 0:b86d15c6ba29 | 2748 | AddRecordHeader(output, length+DTLS_HANDSHAKE_HEADER_SZ, handshake,ssl); |
Vanger | 0:b86d15c6ba29 | 2749 | AddHandShakeHeader(output + DTLS_RECORD_HEADER_SZ, length, type, ssl); |
Vanger | 0:b86d15c6ba29 | 2750 | } |
Vanger | 0:b86d15c6ba29 | 2751 | #endif |
Vanger | 0:b86d15c6ba29 | 2752 | } |
Vanger | 0:b86d15c6ba29 | 2753 | |
Vanger | 0:b86d15c6ba29 | 2754 | |
Vanger | 0:b86d15c6ba29 | 2755 | /* return bytes received, -1 on error */ |
Vanger | 0:b86d15c6ba29 | 2756 | static int Receive(CYASSL* ssl, byte* buf, word32 sz) |
Vanger | 0:b86d15c6ba29 | 2757 | { |
Vanger | 0:b86d15c6ba29 | 2758 | int recvd; |
Vanger | 0:b86d15c6ba29 | 2759 | |
Vanger | 0:b86d15c6ba29 | 2760 | if (ssl->ctx->CBIORecv == NULL) { |
Vanger | 0:b86d15c6ba29 | 2761 | CYASSL_MSG("Your IO Recv callback is null, please set"); |
Vanger | 0:b86d15c6ba29 | 2762 | return -1; |
Vanger | 0:b86d15c6ba29 | 2763 | } |
Vanger | 0:b86d15c6ba29 | 2764 | |
Vanger | 0:b86d15c6ba29 | 2765 | retry: |
Vanger | 0:b86d15c6ba29 | 2766 | recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx); |
Vanger | 0:b86d15c6ba29 | 2767 | if (recvd < 0) |
Vanger | 0:b86d15c6ba29 | 2768 | switch (recvd) { |
Vanger | 0:b86d15c6ba29 | 2769 | case CYASSL_CBIO_ERR_GENERAL: /* general/unknown error */ |
Vanger | 0:b86d15c6ba29 | 2770 | return -1; |
Vanger | 0:b86d15c6ba29 | 2771 | |
Vanger | 0:b86d15c6ba29 | 2772 | case CYASSL_CBIO_ERR_WANT_READ: /* want read, would block */ |
Vanger | 0:b86d15c6ba29 | 2773 | return WANT_READ; |
Vanger | 0:b86d15c6ba29 | 2774 | |
Vanger | 0:b86d15c6ba29 | 2775 | case CYASSL_CBIO_ERR_CONN_RST: /* connection reset */ |
Vanger | 0:b86d15c6ba29 | 2776 | #ifdef USE_WINDOWS_API |
Vanger | 0:b86d15c6ba29 | 2777 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 2778 | goto retry; |
Vanger | 0:b86d15c6ba29 | 2779 | } |
Vanger | 0:b86d15c6ba29 | 2780 | #endif |
Vanger | 0:b86d15c6ba29 | 2781 | ssl->options.connReset = 1; |
Vanger | 0:b86d15c6ba29 | 2782 | return -1; |
Vanger | 0:b86d15c6ba29 | 2783 | |
Vanger | 0:b86d15c6ba29 | 2784 | case CYASSL_CBIO_ERR_ISR: /* interrupt */ |
Vanger | 0:b86d15c6ba29 | 2785 | /* see if we got our timeout */ |
Vanger | 0:b86d15c6ba29 | 2786 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 2787 | if (ssl->toInfoOn) { |
Vanger | 0:b86d15c6ba29 | 2788 | struct itimerval timeout; |
Vanger | 0:b86d15c6ba29 | 2789 | getitimer(ITIMER_REAL, &timeout); |
Vanger | 0:b86d15c6ba29 | 2790 | if (timeout.it_value.tv_sec == 0 && |
Vanger | 0:b86d15c6ba29 | 2791 | timeout.it_value.tv_usec == 0) { |
Vanger | 0:b86d15c6ba29 | 2792 | XSTRNCPY(ssl->timeoutInfo.timeoutName, |
Vanger | 0:b86d15c6ba29 | 2793 | "recv() timeout", MAX_TIMEOUT_NAME_SZ); |
Vanger | 0:b86d15c6ba29 | 2794 | CYASSL_MSG("Got our timeout"); |
Vanger | 0:b86d15c6ba29 | 2795 | return WANT_READ; |
Vanger | 0:b86d15c6ba29 | 2796 | } |
Vanger | 0:b86d15c6ba29 | 2797 | } |
Vanger | 0:b86d15c6ba29 | 2798 | #endif |
Vanger | 0:b86d15c6ba29 | 2799 | goto retry; |
Vanger | 0:b86d15c6ba29 | 2800 | |
Vanger | 0:b86d15c6ba29 | 2801 | case CYASSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */ |
Vanger | 0:b86d15c6ba29 | 2802 | ssl->options.isClosed = 1; |
Vanger | 0:b86d15c6ba29 | 2803 | return -1; |
Vanger | 0:b86d15c6ba29 | 2804 | |
Vanger | 0:b86d15c6ba29 | 2805 | case CYASSL_CBIO_ERR_TIMEOUT: |
Vanger | 0:b86d15c6ba29 | 2806 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 2807 | if (DtlsPoolTimeout(ssl) == 0 && DtlsPoolSend(ssl) == 0) |
Vanger | 0:b86d15c6ba29 | 2808 | goto retry; |
Vanger | 0:b86d15c6ba29 | 2809 | else |
Vanger | 0:b86d15c6ba29 | 2810 | #endif |
Vanger | 0:b86d15c6ba29 | 2811 | return -1; |
Vanger | 0:b86d15c6ba29 | 2812 | |
Vanger | 0:b86d15c6ba29 | 2813 | default: |
Vanger | 0:b86d15c6ba29 | 2814 | return recvd; |
Vanger | 0:b86d15c6ba29 | 2815 | } |
Vanger | 0:b86d15c6ba29 | 2816 | |
Vanger | 0:b86d15c6ba29 | 2817 | return recvd; |
Vanger | 0:b86d15c6ba29 | 2818 | } |
Vanger | 0:b86d15c6ba29 | 2819 | |
Vanger | 0:b86d15c6ba29 | 2820 | |
Vanger | 0:b86d15c6ba29 | 2821 | /* Switch dynamic output buffer back to static, buffer is assumed clear */ |
Vanger | 0:b86d15c6ba29 | 2822 | void ShrinkOutputBuffer(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2823 | { |
Vanger | 0:b86d15c6ba29 | 2824 | CYASSL_MSG("Shrinking output buffer\n"); |
Vanger | 0:b86d15c6ba29 | 2825 | XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset, |
Vanger | 0:b86d15c6ba29 | 2826 | ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); |
Vanger | 0:b86d15c6ba29 | 2827 | ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; |
Vanger | 0:b86d15c6ba29 | 2828 | ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; |
Vanger | 0:b86d15c6ba29 | 2829 | ssl->buffers.outputBuffer.dynamicFlag = 0; |
Vanger | 0:b86d15c6ba29 | 2830 | ssl->buffers.outputBuffer.offset = 0; |
Vanger | 0:b86d15c6ba29 | 2831 | } |
Vanger | 0:b86d15c6ba29 | 2832 | |
Vanger | 0:b86d15c6ba29 | 2833 | |
Vanger | 0:b86d15c6ba29 | 2834 | /* Switch dynamic input buffer back to static, keep any remaining input */ |
Vanger | 0:b86d15c6ba29 | 2835 | /* forced free means cleaning up */ |
Vanger | 0:b86d15c6ba29 | 2836 | void ShrinkInputBuffer(CYASSL* ssl, int forcedFree) |
Vanger | 0:b86d15c6ba29 | 2837 | { |
Vanger | 0:b86d15c6ba29 | 2838 | int usedLength = ssl->buffers.inputBuffer.length - |
Vanger | 0:b86d15c6ba29 | 2839 | ssl->buffers.inputBuffer.idx; |
Vanger | 0:b86d15c6ba29 | 2840 | if (!forcedFree && usedLength > STATIC_BUFFER_LEN) |
Vanger | 0:b86d15c6ba29 | 2841 | return; |
Vanger | 0:b86d15c6ba29 | 2842 | |
Vanger | 0:b86d15c6ba29 | 2843 | CYASSL_MSG("Shrinking input buffer\n"); |
Vanger | 0:b86d15c6ba29 | 2844 | |
Vanger | 0:b86d15c6ba29 | 2845 | if (!forcedFree && usedLength) |
Vanger | 0:b86d15c6ba29 | 2846 | XMEMCPY(ssl->buffers.inputBuffer.staticBuffer, |
Vanger | 0:b86d15c6ba29 | 2847 | ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 2848 | usedLength); |
Vanger | 0:b86d15c6ba29 | 2849 | |
Vanger | 0:b86d15c6ba29 | 2850 | XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset, |
Vanger | 0:b86d15c6ba29 | 2851 | ssl->heap, DYNAMIC_TYPE_IN_BUFFER); |
Vanger | 0:b86d15c6ba29 | 2852 | ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; |
Vanger | 0:b86d15c6ba29 | 2853 | ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN; |
Vanger | 0:b86d15c6ba29 | 2854 | ssl->buffers.inputBuffer.dynamicFlag = 0; |
Vanger | 0:b86d15c6ba29 | 2855 | ssl->buffers.inputBuffer.offset = 0; |
Vanger | 0:b86d15c6ba29 | 2856 | ssl->buffers.inputBuffer.idx = 0; |
Vanger | 0:b86d15c6ba29 | 2857 | ssl->buffers.inputBuffer.length = usedLength; |
Vanger | 0:b86d15c6ba29 | 2858 | } |
Vanger | 0:b86d15c6ba29 | 2859 | |
Vanger | 0:b86d15c6ba29 | 2860 | |
Vanger | 0:b86d15c6ba29 | 2861 | int SendBuffered(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 2862 | { |
Vanger | 0:b86d15c6ba29 | 2863 | if (ssl->ctx->CBIOSend == NULL) { |
Vanger | 0:b86d15c6ba29 | 2864 | CYASSL_MSG("Your IO Send callback is null, please set"); |
Vanger | 0:b86d15c6ba29 | 2865 | return SOCKET_ERROR_E; |
Vanger | 0:b86d15c6ba29 | 2866 | } |
Vanger | 0:b86d15c6ba29 | 2867 | |
Vanger | 0:b86d15c6ba29 | 2868 | while (ssl->buffers.outputBuffer.length > 0) { |
Vanger | 0:b86d15c6ba29 | 2869 | int sent = ssl->ctx->CBIOSend(ssl, |
Vanger | 0:b86d15c6ba29 | 2870 | (char*)ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 2871 | ssl->buffers.outputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 2872 | (int)ssl->buffers.outputBuffer.length, |
Vanger | 0:b86d15c6ba29 | 2873 | ssl->IOCB_WriteCtx); |
Vanger | 0:b86d15c6ba29 | 2874 | if (sent < 0) { |
Vanger | 0:b86d15c6ba29 | 2875 | switch (sent) { |
Vanger | 0:b86d15c6ba29 | 2876 | |
Vanger | 0:b86d15c6ba29 | 2877 | case CYASSL_CBIO_ERR_WANT_WRITE: /* would block */ |
Vanger | 0:b86d15c6ba29 | 2878 | return WANT_WRITE; |
Vanger | 0:b86d15c6ba29 | 2879 | |
Vanger | 0:b86d15c6ba29 | 2880 | case CYASSL_CBIO_ERR_CONN_RST: /* connection reset */ |
Vanger | 0:b86d15c6ba29 | 2881 | ssl->options.connReset = 1; |
Vanger | 0:b86d15c6ba29 | 2882 | break; |
Vanger | 0:b86d15c6ba29 | 2883 | |
Vanger | 0:b86d15c6ba29 | 2884 | case CYASSL_CBIO_ERR_ISR: /* interrupt */ |
Vanger | 0:b86d15c6ba29 | 2885 | /* see if we got our timeout */ |
Vanger | 0:b86d15c6ba29 | 2886 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 2887 | if (ssl->toInfoOn) { |
Vanger | 0:b86d15c6ba29 | 2888 | struct itimerval timeout; |
Vanger | 0:b86d15c6ba29 | 2889 | getitimer(ITIMER_REAL, &timeout); |
Vanger | 0:b86d15c6ba29 | 2890 | if (timeout.it_value.tv_sec == 0 && |
Vanger | 0:b86d15c6ba29 | 2891 | timeout.it_value.tv_usec == 0) { |
Vanger | 0:b86d15c6ba29 | 2892 | XSTRNCPY(ssl->timeoutInfo.timeoutName, |
Vanger | 0:b86d15c6ba29 | 2893 | "send() timeout", MAX_TIMEOUT_NAME_SZ); |
Vanger | 0:b86d15c6ba29 | 2894 | CYASSL_MSG("Got our timeout"); |
Vanger | 0:b86d15c6ba29 | 2895 | return WANT_WRITE; |
Vanger | 0:b86d15c6ba29 | 2896 | } |
Vanger | 0:b86d15c6ba29 | 2897 | } |
Vanger | 0:b86d15c6ba29 | 2898 | #endif |
Vanger | 0:b86d15c6ba29 | 2899 | continue; |
Vanger | 0:b86d15c6ba29 | 2900 | |
Vanger | 0:b86d15c6ba29 | 2901 | case CYASSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */ |
Vanger | 0:b86d15c6ba29 | 2902 | ssl->options.connReset = 1; /* treat same as reset */ |
Vanger | 0:b86d15c6ba29 | 2903 | break; |
Vanger | 0:b86d15c6ba29 | 2904 | |
Vanger | 0:b86d15c6ba29 | 2905 | default: |
Vanger | 0:b86d15c6ba29 | 2906 | return SOCKET_ERROR_E; |
Vanger | 0:b86d15c6ba29 | 2907 | } |
Vanger | 0:b86d15c6ba29 | 2908 | |
Vanger | 0:b86d15c6ba29 | 2909 | return SOCKET_ERROR_E; |
Vanger | 0:b86d15c6ba29 | 2910 | } |
Vanger | 0:b86d15c6ba29 | 2911 | |
Vanger | 0:b86d15c6ba29 | 2912 | if (sent > (int)ssl->buffers.outputBuffer.length) { |
Vanger | 0:b86d15c6ba29 | 2913 | CYASSL_MSG("SendBuffered() out of bounds read"); |
Vanger | 0:b86d15c6ba29 | 2914 | return SEND_OOB_READ_E; |
Vanger | 0:b86d15c6ba29 | 2915 | } |
Vanger | 0:b86d15c6ba29 | 2916 | |
Vanger | 0:b86d15c6ba29 | 2917 | ssl->buffers.outputBuffer.idx += sent; |
Vanger | 0:b86d15c6ba29 | 2918 | ssl->buffers.outputBuffer.length -= sent; |
Vanger | 0:b86d15c6ba29 | 2919 | } |
Vanger | 0:b86d15c6ba29 | 2920 | |
Vanger | 0:b86d15c6ba29 | 2921 | ssl->buffers.outputBuffer.idx = 0; |
Vanger | 0:b86d15c6ba29 | 2922 | |
Vanger | 0:b86d15c6ba29 | 2923 | if (ssl->buffers.outputBuffer.dynamicFlag) |
Vanger | 0:b86d15c6ba29 | 2924 | ShrinkOutputBuffer(ssl); |
Vanger | 0:b86d15c6ba29 | 2925 | |
Vanger | 0:b86d15c6ba29 | 2926 | return 0; |
Vanger | 0:b86d15c6ba29 | 2927 | } |
Vanger | 0:b86d15c6ba29 | 2928 | |
Vanger | 0:b86d15c6ba29 | 2929 | |
Vanger | 0:b86d15c6ba29 | 2930 | /* Grow the output buffer */ |
Vanger | 0:b86d15c6ba29 | 2931 | static INLINE int GrowOutputBuffer(CYASSL* ssl, int size) |
Vanger | 0:b86d15c6ba29 | 2932 | { |
Vanger | 0:b86d15c6ba29 | 2933 | byte* tmp; |
Vanger | 0:b86d15c6ba29 | 2934 | byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ : |
Vanger | 0:b86d15c6ba29 | 2935 | RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 2936 | byte align = CYASSL_GENERAL_ALIGNMENT; |
Vanger | 0:b86d15c6ba29 | 2937 | /* the encrypted data will be offset from the front of the buffer by |
Vanger | 0:b86d15c6ba29 | 2938 | the header, if the user wants encrypted alignment they need |
Vanger | 0:b86d15c6ba29 | 2939 | to define their alignment requirement */ |
Vanger | 0:b86d15c6ba29 | 2940 | |
Vanger | 0:b86d15c6ba29 | 2941 | if (align) { |
Vanger | 0:b86d15c6ba29 | 2942 | while (align < hdrSz) |
Vanger | 0:b86d15c6ba29 | 2943 | align *= 2; |
Vanger | 0:b86d15c6ba29 | 2944 | } |
Vanger | 0:b86d15c6ba29 | 2945 | |
Vanger | 0:b86d15c6ba29 | 2946 | tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align, |
Vanger | 0:b86d15c6ba29 | 2947 | ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); |
Vanger | 0:b86d15c6ba29 | 2948 | CYASSL_MSG("growing output buffer\n"); |
Vanger | 0:b86d15c6ba29 | 2949 | |
Vanger | 0:b86d15c6ba29 | 2950 | if (!tmp) return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 2951 | if (align) |
Vanger | 0:b86d15c6ba29 | 2952 | tmp += align - hdrSz; |
Vanger | 0:b86d15c6ba29 | 2953 | |
Vanger | 0:b86d15c6ba29 | 2954 | if (ssl->buffers.outputBuffer.length) |
Vanger | 0:b86d15c6ba29 | 2955 | XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer, |
Vanger | 0:b86d15c6ba29 | 2956 | ssl->buffers.outputBuffer.length); |
Vanger | 0:b86d15c6ba29 | 2957 | |
Vanger | 0:b86d15c6ba29 | 2958 | if (ssl->buffers.outputBuffer.dynamicFlag) |
Vanger | 0:b86d15c6ba29 | 2959 | XFREE(ssl->buffers.outputBuffer.buffer - |
Vanger | 0:b86d15c6ba29 | 2960 | ssl->buffers.outputBuffer.offset, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 2961 | DYNAMIC_TYPE_OUT_BUFFER); |
Vanger | 0:b86d15c6ba29 | 2962 | ssl->buffers.outputBuffer.dynamicFlag = 1; |
Vanger | 0:b86d15c6ba29 | 2963 | if (align) |
Vanger | 0:b86d15c6ba29 | 2964 | ssl->buffers.outputBuffer.offset = align - hdrSz; |
Vanger | 0:b86d15c6ba29 | 2965 | else |
Vanger | 0:b86d15c6ba29 | 2966 | ssl->buffers.outputBuffer.offset = 0; |
Vanger | 0:b86d15c6ba29 | 2967 | ssl->buffers.outputBuffer.buffer = tmp; |
Vanger | 0:b86d15c6ba29 | 2968 | ssl->buffers.outputBuffer.bufferSize = size + |
Vanger | 0:b86d15c6ba29 | 2969 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 2970 | return 0; |
Vanger | 0:b86d15c6ba29 | 2971 | } |
Vanger | 0:b86d15c6ba29 | 2972 | |
Vanger | 0:b86d15c6ba29 | 2973 | |
Vanger | 0:b86d15c6ba29 | 2974 | /* Grow the input buffer, should only be to read cert or big app data */ |
Vanger | 0:b86d15c6ba29 | 2975 | int GrowInputBuffer(CYASSL* ssl, int size, int usedLength) |
Vanger | 0:b86d15c6ba29 | 2976 | { |
Vanger | 0:b86d15c6ba29 | 2977 | byte* tmp; |
Vanger | 0:b86d15c6ba29 | 2978 | byte hdrSz = DTLS_RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 2979 | byte align = ssl->options.dtls ? CYASSL_GENERAL_ALIGNMENT : 0; |
Vanger | 0:b86d15c6ba29 | 2980 | /* the encrypted data will be offset from the front of the buffer by |
Vanger | 0:b86d15c6ba29 | 2981 | the dtls record header, if the user wants encrypted alignment they need |
Vanger | 0:b86d15c6ba29 | 2982 | to define their alignment requirement. in tls we read record header |
Vanger | 0:b86d15c6ba29 | 2983 | to get size of record and put actual data back at front, so don't need */ |
Vanger | 0:b86d15c6ba29 | 2984 | |
Vanger | 0:b86d15c6ba29 | 2985 | if (align) { |
Vanger | 0:b86d15c6ba29 | 2986 | while (align < hdrSz) |
Vanger | 0:b86d15c6ba29 | 2987 | align *= 2; |
Vanger | 0:b86d15c6ba29 | 2988 | } |
Vanger | 0:b86d15c6ba29 | 2989 | tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 2990 | DYNAMIC_TYPE_IN_BUFFER); |
Vanger | 0:b86d15c6ba29 | 2991 | CYASSL_MSG("growing input buffer\n"); |
Vanger | 0:b86d15c6ba29 | 2992 | |
Vanger | 0:b86d15c6ba29 | 2993 | if (!tmp) return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 2994 | if (align) |
Vanger | 0:b86d15c6ba29 | 2995 | tmp += align - hdrSz; |
Vanger | 0:b86d15c6ba29 | 2996 | |
Vanger | 0:b86d15c6ba29 | 2997 | if (usedLength) |
Vanger | 0:b86d15c6ba29 | 2998 | XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 2999 | ssl->buffers.inputBuffer.idx, usedLength); |
Vanger | 0:b86d15c6ba29 | 3000 | |
Vanger | 0:b86d15c6ba29 | 3001 | if (ssl->buffers.inputBuffer.dynamicFlag) |
Vanger | 0:b86d15c6ba29 | 3002 | XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset, |
Vanger | 0:b86d15c6ba29 | 3003 | ssl->heap,DYNAMIC_TYPE_IN_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3004 | |
Vanger | 0:b86d15c6ba29 | 3005 | ssl->buffers.inputBuffer.dynamicFlag = 1; |
Vanger | 0:b86d15c6ba29 | 3006 | if (align) |
Vanger | 0:b86d15c6ba29 | 3007 | ssl->buffers.inputBuffer.offset = align - hdrSz; |
Vanger | 0:b86d15c6ba29 | 3008 | else |
Vanger | 0:b86d15c6ba29 | 3009 | ssl->buffers.inputBuffer.offset = 0; |
Vanger | 0:b86d15c6ba29 | 3010 | ssl->buffers.inputBuffer.buffer = tmp; |
Vanger | 0:b86d15c6ba29 | 3011 | ssl->buffers.inputBuffer.bufferSize = size + usedLength; |
Vanger | 0:b86d15c6ba29 | 3012 | ssl->buffers.inputBuffer.idx = 0; |
Vanger | 0:b86d15c6ba29 | 3013 | ssl->buffers.inputBuffer.length = usedLength; |
Vanger | 0:b86d15c6ba29 | 3014 | |
Vanger | 0:b86d15c6ba29 | 3015 | return 0; |
Vanger | 0:b86d15c6ba29 | 3016 | } |
Vanger | 0:b86d15c6ba29 | 3017 | |
Vanger | 0:b86d15c6ba29 | 3018 | |
Vanger | 0:b86d15c6ba29 | 3019 | /* check available size into output buffer, make room if needed */ |
Vanger | 0:b86d15c6ba29 | 3020 | int CheckAvailableSize(CYASSL *ssl, int size) |
Vanger | 0:b86d15c6ba29 | 3021 | { |
Vanger | 0:b86d15c6ba29 | 3022 | |
Vanger | 0:b86d15c6ba29 | 3023 | if (size < 0) { |
Vanger | 0:b86d15c6ba29 | 3024 | CYASSL_MSG("CheckAvailableSize() called with negative number"); |
Vanger | 0:b86d15c6ba29 | 3025 | return BAD_FUNC_ARG; |
Vanger | 0:b86d15c6ba29 | 3026 | } |
Vanger | 0:b86d15c6ba29 | 3027 | |
Vanger | 0:b86d15c6ba29 | 3028 | if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length |
Vanger | 0:b86d15c6ba29 | 3029 | < (word32)size) { |
Vanger | 0:b86d15c6ba29 | 3030 | if (GrowOutputBuffer(ssl, size) < 0) |
Vanger | 0:b86d15c6ba29 | 3031 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 3032 | } |
Vanger | 0:b86d15c6ba29 | 3033 | |
Vanger | 0:b86d15c6ba29 | 3034 | return 0; |
Vanger | 0:b86d15c6ba29 | 3035 | } |
Vanger | 0:b86d15c6ba29 | 3036 | |
Vanger | 0:b86d15c6ba29 | 3037 | |
Vanger | 0:b86d15c6ba29 | 3038 | /* do all verify and sanity checks on record header */ |
Vanger | 0:b86d15c6ba29 | 3039 | static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 3040 | RecordLayerHeader* rh, word16 *size) |
Vanger | 0:b86d15c6ba29 | 3041 | { |
Vanger | 0:b86d15c6ba29 | 3042 | if (!ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 3043 | #ifdef HAVE_FUZZER |
Vanger | 0:b86d15c6ba29 | 3044 | if (ssl->fuzzerCb) |
Vanger | 0:b86d15c6ba29 | 3045 | ssl->fuzzerCb(ssl, input + *inOutIdx, RECORD_HEADER_SZ, FUZZ_HEAD, |
Vanger | 0:b86d15c6ba29 | 3046 | ssl->fuzzerCtx); |
Vanger | 0:b86d15c6ba29 | 3047 | #endif |
Vanger | 0:b86d15c6ba29 | 3048 | XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ); |
Vanger | 0:b86d15c6ba29 | 3049 | *inOutIdx += RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 3050 | ato16(rh->length, size); |
Vanger | 0:b86d15c6ba29 | 3051 | } |
Vanger | 0:b86d15c6ba29 | 3052 | else { |
Vanger | 0:b86d15c6ba29 | 3053 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 3054 | /* type and version in same sport */ |
Vanger | 0:b86d15c6ba29 | 3055 | XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ); |
Vanger | 0:b86d15c6ba29 | 3056 | *inOutIdx += ENUM_LEN + VERSION_SZ; |
Vanger | 0:b86d15c6ba29 | 3057 | ato16(input + *inOutIdx, &ssl->keys.dtls_state.curEpoch); |
Vanger | 0:b86d15c6ba29 | 3058 | *inOutIdx += 4; /* advance past epoch, skip first 2 seq bytes for now */ |
Vanger | 0:b86d15c6ba29 | 3059 | ato32(input + *inOutIdx, &ssl->keys.dtls_state.curSeq); |
Vanger | 0:b86d15c6ba29 | 3060 | *inOutIdx += 4; /* advance past rest of seq */ |
Vanger | 0:b86d15c6ba29 | 3061 | ato16(input + *inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 3062 | *inOutIdx += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 3063 | #ifdef HAVE_FUZZER |
Vanger | 0:b86d15c6ba29 | 3064 | if (ssl->fuzzerCb) |
Vanger | 0:b86d15c6ba29 | 3065 | ssl->fuzzerCb(ssl, input + *inOutIdx - LENGTH_SZ - 8 - ENUM_LEN - |
Vanger | 0:b86d15c6ba29 | 3066 | VERSION_SZ, ENUM_LEN + VERSION_SZ + 8 + LENGTH_SZ, |
Vanger | 0:b86d15c6ba29 | 3067 | FUZZ_HEAD, ssl->fuzzerCtx); |
Vanger | 0:b86d15c6ba29 | 3068 | #endif |
Vanger | 0:b86d15c6ba29 | 3069 | #endif |
Vanger | 0:b86d15c6ba29 | 3070 | } |
Vanger | 0:b86d15c6ba29 | 3071 | |
Vanger | 0:b86d15c6ba29 | 3072 | /* catch version mismatch */ |
Vanger | 0:b86d15c6ba29 | 3073 | if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){ |
Vanger | 0:b86d15c6ba29 | 3074 | if (ssl->options.side == CYASSL_SERVER_END && |
Vanger | 0:b86d15c6ba29 | 3075 | ssl->options.acceptState == ACCEPT_BEGIN) |
Vanger | 0:b86d15c6ba29 | 3076 | CYASSL_MSG("Client attempting to connect with different version"); |
Vanger | 0:b86d15c6ba29 | 3077 | else if (ssl->options.side == CYASSL_CLIENT_END && |
Vanger | 0:b86d15c6ba29 | 3078 | ssl->options.downgrade && |
Vanger | 0:b86d15c6ba29 | 3079 | ssl->options.connectState < FIRST_REPLY_DONE) |
Vanger | 0:b86d15c6ba29 | 3080 | CYASSL_MSG("Server attempting to accept with different version"); |
Vanger | 0:b86d15c6ba29 | 3081 | else { |
Vanger | 0:b86d15c6ba29 | 3082 | CYASSL_MSG("SSL version error"); |
Vanger | 0:b86d15c6ba29 | 3083 | return VERSION_ERROR; /* only use requested version */ |
Vanger | 0:b86d15c6ba29 | 3084 | } |
Vanger | 0:b86d15c6ba29 | 3085 | } |
Vanger | 0:b86d15c6ba29 | 3086 | |
Vanger | 0:b86d15c6ba29 | 3087 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 3088 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 3089 | if (DtlsCheckWindow(&ssl->keys.dtls_state) != 1) |
Vanger | 0:b86d15c6ba29 | 3090 | return SEQUENCE_ERROR; |
Vanger | 0:b86d15c6ba29 | 3091 | } |
Vanger | 0:b86d15c6ba29 | 3092 | #endif |
Vanger | 0:b86d15c6ba29 | 3093 | |
Vanger | 0:b86d15c6ba29 | 3094 | /* record layer length check */ |
Vanger | 0:b86d15c6ba29 | 3095 | #ifdef HAVE_MAX_FRAGMENT |
Vanger | 0:b86d15c6ba29 | 3096 | if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) { |
Vanger | 0:b86d15c6ba29 | 3097 | SendAlert(ssl, alert_fatal, record_overflow); |
Vanger | 0:b86d15c6ba29 | 3098 | return LENGTH_ERROR; |
Vanger | 0:b86d15c6ba29 | 3099 | } |
Vanger | 0:b86d15c6ba29 | 3100 | #else |
Vanger | 0:b86d15c6ba29 | 3101 | if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) |
Vanger | 0:b86d15c6ba29 | 3102 | return LENGTH_ERROR; |
Vanger | 0:b86d15c6ba29 | 3103 | #endif |
Vanger | 0:b86d15c6ba29 | 3104 | |
Vanger | 0:b86d15c6ba29 | 3105 | /* verify record type here as well */ |
Vanger | 0:b86d15c6ba29 | 3106 | switch (rh->type) { |
Vanger | 0:b86d15c6ba29 | 3107 | case handshake: |
Vanger | 0:b86d15c6ba29 | 3108 | case change_cipher_spec: |
Vanger | 0:b86d15c6ba29 | 3109 | case application_data: |
Vanger | 0:b86d15c6ba29 | 3110 | case alert: |
Vanger | 0:b86d15c6ba29 | 3111 | break; |
Vanger | 0:b86d15c6ba29 | 3112 | case no_type: |
Vanger | 0:b86d15c6ba29 | 3113 | default: |
Vanger | 0:b86d15c6ba29 | 3114 | CYASSL_MSG("Unknown Record Type"); |
Vanger | 0:b86d15c6ba29 | 3115 | return UNKNOWN_RECORD_TYPE; |
Vanger | 0:b86d15c6ba29 | 3116 | } |
Vanger | 0:b86d15c6ba29 | 3117 | |
Vanger | 0:b86d15c6ba29 | 3118 | /* haven't decrypted this record yet */ |
Vanger | 0:b86d15c6ba29 | 3119 | ssl->keys.decryptedCur = 0; |
Vanger | 0:b86d15c6ba29 | 3120 | |
Vanger | 0:b86d15c6ba29 | 3121 | return 0; |
Vanger | 0:b86d15c6ba29 | 3122 | } |
Vanger | 0:b86d15c6ba29 | 3123 | |
Vanger | 0:b86d15c6ba29 | 3124 | |
Vanger | 0:b86d15c6ba29 | 3125 | static int GetHandShakeHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 3126 | byte *type, word32 *size, word32 totalSz) |
Vanger | 0:b86d15c6ba29 | 3127 | { |
Vanger | 0:b86d15c6ba29 | 3128 | const byte *ptr = input + *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 3129 | (void)ssl; |
Vanger | 0:b86d15c6ba29 | 3130 | |
Vanger | 0:b86d15c6ba29 | 3131 | *inOutIdx += HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 3132 | if (*inOutIdx > totalSz) |
Vanger | 0:b86d15c6ba29 | 3133 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 3134 | |
Vanger | 0:b86d15c6ba29 | 3135 | *type = ptr[0]; |
Vanger | 0:b86d15c6ba29 | 3136 | c24to32(&ptr[1], size); |
Vanger | 0:b86d15c6ba29 | 3137 | |
Vanger | 0:b86d15c6ba29 | 3138 | return 0; |
Vanger | 0:b86d15c6ba29 | 3139 | } |
Vanger | 0:b86d15c6ba29 | 3140 | |
Vanger | 0:b86d15c6ba29 | 3141 | |
Vanger | 0:b86d15c6ba29 | 3142 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 3143 | static int GetDtlsHandShakeHeader(CYASSL* ssl, const byte* input, |
Vanger | 0:b86d15c6ba29 | 3144 | word32* inOutIdx, byte *type, word32 *size, |
Vanger | 0:b86d15c6ba29 | 3145 | word32 *fragOffset, word32 *fragSz, |
Vanger | 0:b86d15c6ba29 | 3146 | word32 totalSz) |
Vanger | 0:b86d15c6ba29 | 3147 | { |
Vanger | 0:b86d15c6ba29 | 3148 | word32 idx = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 3149 | |
Vanger | 0:b86d15c6ba29 | 3150 | *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 3151 | if (*inOutIdx > totalSz) |
Vanger | 0:b86d15c6ba29 | 3152 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 3153 | |
Vanger | 0:b86d15c6ba29 | 3154 | *type = input[idx++]; |
Vanger | 0:b86d15c6ba29 | 3155 | c24to32(input + idx, size); |
Vanger | 0:b86d15c6ba29 | 3156 | idx += BYTE3_LEN; |
Vanger | 0:b86d15c6ba29 | 3157 | |
Vanger | 0:b86d15c6ba29 | 3158 | ato16(input + idx, &ssl->keys.dtls_peer_handshake_number); |
Vanger | 0:b86d15c6ba29 | 3159 | idx += DTLS_HANDSHAKE_SEQ_SZ; |
Vanger | 0:b86d15c6ba29 | 3160 | |
Vanger | 0:b86d15c6ba29 | 3161 | c24to32(input + idx, fragOffset); |
Vanger | 0:b86d15c6ba29 | 3162 | idx += DTLS_HANDSHAKE_FRAG_SZ; |
Vanger | 0:b86d15c6ba29 | 3163 | c24to32(input + idx, fragSz); |
Vanger | 0:b86d15c6ba29 | 3164 | |
Vanger | 0:b86d15c6ba29 | 3165 | return 0; |
Vanger | 0:b86d15c6ba29 | 3166 | } |
Vanger | 0:b86d15c6ba29 | 3167 | #endif |
Vanger | 0:b86d15c6ba29 | 3168 | |
Vanger | 0:b86d15c6ba29 | 3169 | |
Vanger | 0:b86d15c6ba29 | 3170 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 3171 | /* fill with MD5 pad size since biggest required */ |
Vanger | 0:b86d15c6ba29 | 3172 | static const byte PAD1[PAD_MD5] = |
Vanger | 0:b86d15c6ba29 | 3173 | { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
Vanger | 0:b86d15c6ba29 | 3174 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
Vanger | 0:b86d15c6ba29 | 3175 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
Vanger | 0:b86d15c6ba29 | 3176 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
Vanger | 0:b86d15c6ba29 | 3177 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
Vanger | 0:b86d15c6ba29 | 3178 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 |
Vanger | 0:b86d15c6ba29 | 3179 | }; |
Vanger | 0:b86d15c6ba29 | 3180 | static const byte PAD2[PAD_MD5] = |
Vanger | 0:b86d15c6ba29 | 3181 | { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
Vanger | 0:b86d15c6ba29 | 3182 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
Vanger | 0:b86d15c6ba29 | 3183 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
Vanger | 0:b86d15c6ba29 | 3184 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
Vanger | 0:b86d15c6ba29 | 3185 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
Vanger | 0:b86d15c6ba29 | 3186 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c |
Vanger | 0:b86d15c6ba29 | 3187 | }; |
Vanger | 0:b86d15c6ba29 | 3188 | |
Vanger | 0:b86d15c6ba29 | 3189 | /* calculate MD5 hash for finished */ |
Vanger | 0:b86d15c6ba29 | 3190 | static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) |
Vanger | 0:b86d15c6ba29 | 3191 | { |
Vanger | 0:b86d15c6ba29 | 3192 | byte md5_result[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 3193 | |
Vanger | 0:b86d15c6ba29 | 3194 | /* make md5 inner */ |
Vanger | 0:b86d15c6ba29 | 3195 | Md5Update(&ssl->hashMd5, sender, SIZEOF_SENDER); |
Vanger | 0:b86d15c6ba29 | 3196 | Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 3197 | Md5Update(&ssl->hashMd5, PAD1, PAD_MD5); |
Vanger | 0:b86d15c6ba29 | 3198 | Md5Final(&ssl->hashMd5, md5_result); |
Vanger | 0:b86d15c6ba29 | 3199 | |
Vanger | 0:b86d15c6ba29 | 3200 | /* make md5 outer */ |
Vanger | 0:b86d15c6ba29 | 3201 | Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 3202 | Md5Update(&ssl->hashMd5, PAD2, PAD_MD5); |
Vanger | 0:b86d15c6ba29 | 3203 | Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE); |
Vanger | 0:b86d15c6ba29 | 3204 | |
Vanger | 0:b86d15c6ba29 | 3205 | Md5Final(&ssl->hashMd5, hashes->md5); |
Vanger | 0:b86d15c6ba29 | 3206 | } |
Vanger | 0:b86d15c6ba29 | 3207 | |
Vanger | 0:b86d15c6ba29 | 3208 | |
Vanger | 0:b86d15c6ba29 | 3209 | /* calculate SHA hash for finished */ |
Vanger | 0:b86d15c6ba29 | 3210 | static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender) |
Vanger | 0:b86d15c6ba29 | 3211 | { |
Vanger | 0:b86d15c6ba29 | 3212 | byte sha_result[SHA_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 3213 | |
Vanger | 0:b86d15c6ba29 | 3214 | /* make sha inner */ |
Vanger | 0:b86d15c6ba29 | 3215 | ShaUpdate(&ssl->hashSha, sender, SIZEOF_SENDER); |
Vanger | 0:b86d15c6ba29 | 3216 | ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 3217 | ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA); |
Vanger | 0:b86d15c6ba29 | 3218 | ShaFinal(&ssl->hashSha, sha_result); |
Vanger | 0:b86d15c6ba29 | 3219 | |
Vanger | 0:b86d15c6ba29 | 3220 | /* make sha outer */ |
Vanger | 0:b86d15c6ba29 | 3221 | ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 3222 | ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA); |
Vanger | 0:b86d15c6ba29 | 3223 | ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE); |
Vanger | 0:b86d15c6ba29 | 3224 | |
Vanger | 0:b86d15c6ba29 | 3225 | ShaFinal(&ssl->hashSha, hashes->sha); |
Vanger | 0:b86d15c6ba29 | 3226 | } |
Vanger | 0:b86d15c6ba29 | 3227 | #endif |
Vanger | 0:b86d15c6ba29 | 3228 | |
Vanger | 0:b86d15c6ba29 | 3229 | |
Vanger | 0:b86d15c6ba29 | 3230 | static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) |
Vanger | 0:b86d15c6ba29 | 3231 | { |
Vanger | 0:b86d15c6ba29 | 3232 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 3233 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 3234 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 3235 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 3236 | Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3237 | #endif |
Vanger | 0:b86d15c6ba29 | 3238 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 3239 | Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3240 | #endif |
Vanger | 0:b86d15c6ba29 | 3241 | #endif |
Vanger | 0:b86d15c6ba29 | 3242 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 3243 | Sha256* sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, |
Vanger | 0:b86d15c6ba29 | 3244 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3245 | #endif |
Vanger | 0:b86d15c6ba29 | 3246 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 3247 | Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3248 | #endif |
Vanger | 0:b86d15c6ba29 | 3249 | #else |
Vanger | 0:b86d15c6ba29 | 3250 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 3251 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 3252 | Md5 md5[1]; |
Vanger | 0:b86d15c6ba29 | 3253 | #endif |
Vanger | 0:b86d15c6ba29 | 3254 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 3255 | Sha sha[1]; |
Vanger | 0:b86d15c6ba29 | 3256 | #endif |
Vanger | 0:b86d15c6ba29 | 3257 | #endif |
Vanger | 0:b86d15c6ba29 | 3258 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 3259 | Sha256 sha256[1]; |
Vanger | 0:b86d15c6ba29 | 3260 | #endif |
Vanger | 0:b86d15c6ba29 | 3261 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 3262 | Sha384 sha384[1]; |
Vanger | 0:b86d15c6ba29 | 3263 | #endif |
Vanger | 0:b86d15c6ba29 | 3264 | #endif |
Vanger | 0:b86d15c6ba29 | 3265 | |
Vanger | 0:b86d15c6ba29 | 3266 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 3267 | if (ssl == NULL |
Vanger | 0:b86d15c6ba29 | 3268 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 3269 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 3270 | || md5 == NULL |
Vanger | 0:b86d15c6ba29 | 3271 | #endif |
Vanger | 0:b86d15c6ba29 | 3272 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 3273 | || sha == NULL |
Vanger | 0:b86d15c6ba29 | 3274 | #endif |
Vanger | 0:b86d15c6ba29 | 3275 | #endif |
Vanger | 0:b86d15c6ba29 | 3276 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 3277 | || sha256 == NULL |
Vanger | 0:b86d15c6ba29 | 3278 | #endif |
Vanger | 0:b86d15c6ba29 | 3279 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 3280 | || sha384 == NULL |
Vanger | 0:b86d15c6ba29 | 3281 | #endif |
Vanger | 0:b86d15c6ba29 | 3282 | ) { |
Vanger | 0:b86d15c6ba29 | 3283 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 3284 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 3285 | XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3286 | #endif |
Vanger | 0:b86d15c6ba29 | 3287 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 3288 | XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3289 | #endif |
Vanger | 0:b86d15c6ba29 | 3290 | #endif |
Vanger | 0:b86d15c6ba29 | 3291 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 3292 | XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3293 | #endif |
Vanger | 0:b86d15c6ba29 | 3294 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 3295 | XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3296 | #endif |
Vanger | 0:b86d15c6ba29 | 3297 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 3298 | } |
Vanger | 0:b86d15c6ba29 | 3299 | #endif |
Vanger | 0:b86d15c6ba29 | 3300 | |
Vanger | 0:b86d15c6ba29 | 3301 | /* store current states, building requires get_digest which resets state */ |
Vanger | 0:b86d15c6ba29 | 3302 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 3303 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 3304 | md5[0] = ssl->hashMd5; |
Vanger | 0:b86d15c6ba29 | 3305 | #endif |
Vanger | 0:b86d15c6ba29 | 3306 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 3307 | sha[0] = ssl->hashSha; |
Vanger | 0:b86d15c6ba29 | 3308 | #endif |
Vanger | 0:b86d15c6ba29 | 3309 | #endif |
Vanger | 0:b86d15c6ba29 | 3310 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 3311 | sha256[0] = ssl->hashSha256; |
Vanger | 0:b86d15c6ba29 | 3312 | #endif |
Vanger | 0:b86d15c6ba29 | 3313 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 3314 | sha384[0] = ssl->hashSha384; |
Vanger | 0:b86d15c6ba29 | 3315 | #endif |
Vanger | 0:b86d15c6ba29 | 3316 | |
Vanger | 0:b86d15c6ba29 | 3317 | #ifndef NO_TLS |
Vanger | 0:b86d15c6ba29 | 3318 | if (ssl->options.tls) { |
Vanger | 0:b86d15c6ba29 | 3319 | ret = BuildTlsFinished(ssl, hashes, sender); |
Vanger | 0:b86d15c6ba29 | 3320 | } |
Vanger | 0:b86d15c6ba29 | 3321 | #endif |
Vanger | 0:b86d15c6ba29 | 3322 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 3323 | if (!ssl->options.tls) { |
Vanger | 0:b86d15c6ba29 | 3324 | BuildMD5(ssl, hashes, sender); |
Vanger | 0:b86d15c6ba29 | 3325 | BuildSHA(ssl, hashes, sender); |
Vanger | 0:b86d15c6ba29 | 3326 | } |
Vanger | 0:b86d15c6ba29 | 3327 | #endif |
Vanger | 0:b86d15c6ba29 | 3328 | |
Vanger | 0:b86d15c6ba29 | 3329 | /* restore */ |
Vanger | 0:b86d15c6ba29 | 3330 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 3331 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 3332 | ssl->hashMd5 = md5[0]; |
Vanger | 0:b86d15c6ba29 | 3333 | #endif |
Vanger | 0:b86d15c6ba29 | 3334 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 3335 | ssl->hashSha = sha[0]; |
Vanger | 0:b86d15c6ba29 | 3336 | #endif |
Vanger | 0:b86d15c6ba29 | 3337 | #endif |
Vanger | 0:b86d15c6ba29 | 3338 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 3339 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 3340 | ssl->hashSha256 = sha256[0]; |
Vanger | 0:b86d15c6ba29 | 3341 | #endif |
Vanger | 0:b86d15c6ba29 | 3342 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 3343 | ssl->hashSha384 = sha384[0]; |
Vanger | 0:b86d15c6ba29 | 3344 | #endif |
Vanger | 0:b86d15c6ba29 | 3345 | } |
Vanger | 0:b86d15c6ba29 | 3346 | |
Vanger | 0:b86d15c6ba29 | 3347 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 3348 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 3349 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 3350 | XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3351 | #endif |
Vanger | 0:b86d15c6ba29 | 3352 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 3353 | XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3354 | #endif |
Vanger | 0:b86d15c6ba29 | 3355 | #endif |
Vanger | 0:b86d15c6ba29 | 3356 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 3357 | XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3358 | #endif |
Vanger | 0:b86d15c6ba29 | 3359 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 3360 | XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 3361 | #endif |
Vanger | 0:b86d15c6ba29 | 3362 | #endif |
Vanger | 0:b86d15c6ba29 | 3363 | |
Vanger | 0:b86d15c6ba29 | 3364 | return ret; |
Vanger | 0:b86d15c6ba29 | 3365 | } |
Vanger | 0:b86d15c6ba29 | 3366 | |
Vanger | 0:b86d15c6ba29 | 3367 | |
Vanger | 0:b86d15c6ba29 | 3368 | /* cipher requirements */ |
Vanger | 0:b86d15c6ba29 | 3369 | enum { |
Vanger | 0:b86d15c6ba29 | 3370 | REQUIRES_RSA, |
Vanger | 0:b86d15c6ba29 | 3371 | REQUIRES_DHE, |
Vanger | 0:b86d15c6ba29 | 3372 | REQUIRES_ECC_DSA, |
Vanger | 0:b86d15c6ba29 | 3373 | REQUIRES_ECC_STATIC, |
Vanger | 0:b86d15c6ba29 | 3374 | REQUIRES_PSK, |
Vanger | 0:b86d15c6ba29 | 3375 | REQUIRES_NTRU, |
Vanger | 0:b86d15c6ba29 | 3376 | REQUIRES_RSA_SIG |
Vanger | 0:b86d15c6ba29 | 3377 | }; |
Vanger | 0:b86d15c6ba29 | 3378 | |
Vanger | 0:b86d15c6ba29 | 3379 | |
Vanger | 0:b86d15c6ba29 | 3380 | |
Vanger | 0:b86d15c6ba29 | 3381 | /* Does this cipher suite (first, second) have the requirement |
Vanger | 0:b86d15c6ba29 | 3382 | an ephemeral key exchange will still require the key for signing |
Vanger | 0:b86d15c6ba29 | 3383 | the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */ |
Vanger | 0:b86d15c6ba29 | 3384 | static int CipherRequires(byte first, byte second, int requirement) |
Vanger | 0:b86d15c6ba29 | 3385 | { |
Vanger | 0:b86d15c6ba29 | 3386 | |
Vanger | 0:b86d15c6ba29 | 3387 | if (first == CHACHA_BYTE) { |
Vanger | 0:b86d15c6ba29 | 3388 | |
Vanger | 0:b86d15c6ba29 | 3389 | switch (second) { |
Vanger | 0:b86d15c6ba29 | 3390 | |
Vanger | 0:b86d15c6ba29 | 3391 | case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3392 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3393 | return 1; |
Vanger | 0:b86d15c6ba29 | 3394 | break; |
Vanger | 0:b86d15c6ba29 | 3395 | |
Vanger | 0:b86d15c6ba29 | 3396 | case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3397 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3398 | return 1; |
Vanger | 0:b86d15c6ba29 | 3399 | break; |
Vanger | 0:b86d15c6ba29 | 3400 | |
Vanger | 0:b86d15c6ba29 | 3401 | case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3402 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3403 | return 1; |
Vanger | 0:b86d15c6ba29 | 3404 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3405 | return 1; |
Vanger | 0:b86d15c6ba29 | 3406 | break; |
Vanger | 0:b86d15c6ba29 | 3407 | } |
Vanger | 0:b86d15c6ba29 | 3408 | } |
Vanger | 0:b86d15c6ba29 | 3409 | |
Vanger | 0:b86d15c6ba29 | 3410 | /* ECC extensions */ |
Vanger | 0:b86d15c6ba29 | 3411 | if (first == ECC_BYTE) { |
Vanger | 0:b86d15c6ba29 | 3412 | |
Vanger | 0:b86d15c6ba29 | 3413 | switch (second) { |
Vanger | 0:b86d15c6ba29 | 3414 | |
Vanger | 0:b86d15c6ba29 | 3415 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 3416 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3417 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3418 | return 1; |
Vanger | 0:b86d15c6ba29 | 3419 | break; |
Vanger | 0:b86d15c6ba29 | 3420 | |
Vanger | 0:b86d15c6ba29 | 3421 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3422 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3423 | return 1; |
Vanger | 0:b86d15c6ba29 | 3424 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3425 | return 1; |
Vanger | 0:b86d15c6ba29 | 3426 | break; |
Vanger | 0:b86d15c6ba29 | 3427 | |
Vanger | 0:b86d15c6ba29 | 3428 | #ifndef NO_DES3 |
Vanger | 0:b86d15c6ba29 | 3429 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3430 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3431 | return 1; |
Vanger | 0:b86d15c6ba29 | 3432 | break; |
Vanger | 0:b86d15c6ba29 | 3433 | |
Vanger | 0:b86d15c6ba29 | 3434 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3435 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3436 | return 1; |
Vanger | 0:b86d15c6ba29 | 3437 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3438 | return 1; |
Vanger | 0:b86d15c6ba29 | 3439 | break; |
Vanger | 0:b86d15c6ba29 | 3440 | #endif |
Vanger | 0:b86d15c6ba29 | 3441 | |
Vanger | 0:b86d15c6ba29 | 3442 | #ifndef NO_RC4 |
Vanger | 0:b86d15c6ba29 | 3443 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA : |
Vanger | 0:b86d15c6ba29 | 3444 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3445 | return 1; |
Vanger | 0:b86d15c6ba29 | 3446 | break; |
Vanger | 0:b86d15c6ba29 | 3447 | |
Vanger | 0:b86d15c6ba29 | 3448 | case TLS_ECDH_RSA_WITH_RC4_128_SHA : |
Vanger | 0:b86d15c6ba29 | 3449 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3450 | return 1; |
Vanger | 0:b86d15c6ba29 | 3451 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3452 | return 1; |
Vanger | 0:b86d15c6ba29 | 3453 | break; |
Vanger | 0:b86d15c6ba29 | 3454 | #endif |
Vanger | 0:b86d15c6ba29 | 3455 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 3456 | |
Vanger | 0:b86d15c6ba29 | 3457 | #ifndef NO_DES3 |
Vanger | 0:b86d15c6ba29 | 3458 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3459 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3460 | return 1; |
Vanger | 0:b86d15c6ba29 | 3461 | break; |
Vanger | 0:b86d15c6ba29 | 3462 | |
Vanger | 0:b86d15c6ba29 | 3463 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3464 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3465 | return 1; |
Vanger | 0:b86d15c6ba29 | 3466 | break; |
Vanger | 0:b86d15c6ba29 | 3467 | #endif |
Vanger | 0:b86d15c6ba29 | 3468 | #ifndef NO_RC4 |
Vanger | 0:b86d15c6ba29 | 3469 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : |
Vanger | 0:b86d15c6ba29 | 3470 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3471 | return 1; |
Vanger | 0:b86d15c6ba29 | 3472 | break; |
Vanger | 0:b86d15c6ba29 | 3473 | |
Vanger | 0:b86d15c6ba29 | 3474 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : |
Vanger | 0:b86d15c6ba29 | 3475 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3476 | return 1; |
Vanger | 0:b86d15c6ba29 | 3477 | break; |
Vanger | 0:b86d15c6ba29 | 3478 | #endif |
Vanger | 0:b86d15c6ba29 | 3479 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 3480 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3481 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3482 | return 1; |
Vanger | 0:b86d15c6ba29 | 3483 | break; |
Vanger | 0:b86d15c6ba29 | 3484 | |
Vanger | 0:b86d15c6ba29 | 3485 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3486 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3487 | return 1; |
Vanger | 0:b86d15c6ba29 | 3488 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3489 | return 1; |
Vanger | 0:b86d15c6ba29 | 3490 | break; |
Vanger | 0:b86d15c6ba29 | 3491 | #endif |
Vanger | 0:b86d15c6ba29 | 3492 | |
Vanger | 0:b86d15c6ba29 | 3493 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3494 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3495 | return 1; |
Vanger | 0:b86d15c6ba29 | 3496 | break; |
Vanger | 0:b86d15c6ba29 | 3497 | |
Vanger | 0:b86d15c6ba29 | 3498 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3499 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3500 | return 1; |
Vanger | 0:b86d15c6ba29 | 3501 | break; |
Vanger | 0:b86d15c6ba29 | 3502 | |
Vanger | 0:b86d15c6ba29 | 3503 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3504 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3505 | return 1; |
Vanger | 0:b86d15c6ba29 | 3506 | break; |
Vanger | 0:b86d15c6ba29 | 3507 | |
Vanger | 0:b86d15c6ba29 | 3508 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3509 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3510 | return 1; |
Vanger | 0:b86d15c6ba29 | 3511 | break; |
Vanger | 0:b86d15c6ba29 | 3512 | |
Vanger | 0:b86d15c6ba29 | 3513 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3514 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3515 | return 1; |
Vanger | 0:b86d15c6ba29 | 3516 | break; |
Vanger | 0:b86d15c6ba29 | 3517 | |
Vanger | 0:b86d15c6ba29 | 3518 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3519 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3520 | return 1; |
Vanger | 0:b86d15c6ba29 | 3521 | break; |
Vanger | 0:b86d15c6ba29 | 3522 | |
Vanger | 0:b86d15c6ba29 | 3523 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3524 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3525 | return 1; |
Vanger | 0:b86d15c6ba29 | 3526 | break; |
Vanger | 0:b86d15c6ba29 | 3527 | |
Vanger | 0:b86d15c6ba29 | 3528 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3529 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3530 | return 1; |
Vanger | 0:b86d15c6ba29 | 3531 | break; |
Vanger | 0:b86d15c6ba29 | 3532 | |
Vanger | 0:b86d15c6ba29 | 3533 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 3534 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3535 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3536 | return 1; |
Vanger | 0:b86d15c6ba29 | 3537 | break; |
Vanger | 0:b86d15c6ba29 | 3538 | |
Vanger | 0:b86d15c6ba29 | 3539 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3540 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3541 | return 1; |
Vanger | 0:b86d15c6ba29 | 3542 | break; |
Vanger | 0:b86d15c6ba29 | 3543 | |
Vanger | 0:b86d15c6ba29 | 3544 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3545 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3546 | return 1; |
Vanger | 0:b86d15c6ba29 | 3547 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3548 | return 1; |
Vanger | 0:b86d15c6ba29 | 3549 | break; |
Vanger | 0:b86d15c6ba29 | 3550 | |
Vanger | 0:b86d15c6ba29 | 3551 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3552 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3553 | return 1; |
Vanger | 0:b86d15c6ba29 | 3554 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3555 | return 1; |
Vanger | 0:b86d15c6ba29 | 3556 | break; |
Vanger | 0:b86d15c6ba29 | 3557 | |
Vanger | 0:b86d15c6ba29 | 3558 | case TLS_RSA_WITH_AES_128_CCM_8 : |
Vanger | 0:b86d15c6ba29 | 3559 | case TLS_RSA_WITH_AES_256_CCM_8 : |
Vanger | 0:b86d15c6ba29 | 3560 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3561 | return 1; |
Vanger | 0:b86d15c6ba29 | 3562 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3563 | return 1; |
Vanger | 0:b86d15c6ba29 | 3564 | break; |
Vanger | 0:b86d15c6ba29 | 3565 | |
Vanger | 0:b86d15c6ba29 | 3566 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3567 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3568 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3569 | return 1; |
Vanger | 0:b86d15c6ba29 | 3570 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3571 | return 1; |
Vanger | 0:b86d15c6ba29 | 3572 | break; |
Vanger | 0:b86d15c6ba29 | 3573 | |
Vanger | 0:b86d15c6ba29 | 3574 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3575 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3576 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3577 | return 1; |
Vanger | 0:b86d15c6ba29 | 3578 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3579 | return 1; |
Vanger | 0:b86d15c6ba29 | 3580 | break; |
Vanger | 0:b86d15c6ba29 | 3581 | #endif |
Vanger | 0:b86d15c6ba29 | 3582 | |
Vanger | 0:b86d15c6ba29 | 3583 | case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : |
Vanger | 0:b86d15c6ba29 | 3584 | case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : |
Vanger | 0:b86d15c6ba29 | 3585 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3586 | return 1; |
Vanger | 0:b86d15c6ba29 | 3587 | break; |
Vanger | 0:b86d15c6ba29 | 3588 | |
Vanger | 0:b86d15c6ba29 | 3589 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3590 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3591 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3592 | return 1; |
Vanger | 0:b86d15c6ba29 | 3593 | break; |
Vanger | 0:b86d15c6ba29 | 3594 | |
Vanger | 0:b86d15c6ba29 | 3595 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3596 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3597 | if (requirement == REQUIRES_ECC_DSA) |
Vanger | 0:b86d15c6ba29 | 3598 | return 1; |
Vanger | 0:b86d15c6ba29 | 3599 | if (requirement == REQUIRES_ECC_STATIC) |
Vanger | 0:b86d15c6ba29 | 3600 | return 1; |
Vanger | 0:b86d15c6ba29 | 3601 | break; |
Vanger | 0:b86d15c6ba29 | 3602 | |
Vanger | 0:b86d15c6ba29 | 3603 | case TLS_PSK_WITH_AES_128_CCM: |
Vanger | 0:b86d15c6ba29 | 3604 | case TLS_PSK_WITH_AES_256_CCM: |
Vanger | 0:b86d15c6ba29 | 3605 | case TLS_PSK_WITH_AES_128_CCM_8: |
Vanger | 0:b86d15c6ba29 | 3606 | case TLS_PSK_WITH_AES_256_CCM_8: |
Vanger | 0:b86d15c6ba29 | 3607 | if (requirement == REQUIRES_PSK) |
Vanger | 0:b86d15c6ba29 | 3608 | return 1; |
Vanger | 0:b86d15c6ba29 | 3609 | break; |
Vanger | 0:b86d15c6ba29 | 3610 | |
Vanger | 0:b86d15c6ba29 | 3611 | case TLS_DHE_PSK_WITH_AES_128_CCM: |
Vanger | 0:b86d15c6ba29 | 3612 | case TLS_DHE_PSK_WITH_AES_256_CCM: |
Vanger | 0:b86d15c6ba29 | 3613 | if (requirement == REQUIRES_PSK) |
Vanger | 0:b86d15c6ba29 | 3614 | return 1; |
Vanger | 0:b86d15c6ba29 | 3615 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3616 | return 1; |
Vanger | 0:b86d15c6ba29 | 3617 | break; |
Vanger | 0:b86d15c6ba29 | 3618 | |
Vanger | 0:b86d15c6ba29 | 3619 | default: |
Vanger | 0:b86d15c6ba29 | 3620 | CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); |
Vanger | 0:b86d15c6ba29 | 3621 | return 0; |
Vanger | 0:b86d15c6ba29 | 3622 | } /* switch */ |
Vanger | 0:b86d15c6ba29 | 3623 | } /* if */ |
Vanger | 0:b86d15c6ba29 | 3624 | if (first != ECC_BYTE) { /* normal suites */ |
Vanger | 0:b86d15c6ba29 | 3625 | switch (second) { |
Vanger | 0:b86d15c6ba29 | 3626 | |
Vanger | 0:b86d15c6ba29 | 3627 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 3628 | case SSL_RSA_WITH_RC4_128_SHA : |
Vanger | 0:b86d15c6ba29 | 3629 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3630 | return 1; |
Vanger | 0:b86d15c6ba29 | 3631 | break; |
Vanger | 0:b86d15c6ba29 | 3632 | |
Vanger | 0:b86d15c6ba29 | 3633 | case TLS_NTRU_RSA_WITH_RC4_128_SHA : |
Vanger | 0:b86d15c6ba29 | 3634 | if (requirement == REQUIRES_NTRU) |
Vanger | 0:b86d15c6ba29 | 3635 | return 1; |
Vanger | 0:b86d15c6ba29 | 3636 | break; |
Vanger | 0:b86d15c6ba29 | 3637 | |
Vanger | 0:b86d15c6ba29 | 3638 | case SSL_RSA_WITH_RC4_128_MD5 : |
Vanger | 0:b86d15c6ba29 | 3639 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3640 | return 1; |
Vanger | 0:b86d15c6ba29 | 3641 | break; |
Vanger | 0:b86d15c6ba29 | 3642 | |
Vanger | 0:b86d15c6ba29 | 3643 | case SSL_RSA_WITH_3DES_EDE_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3644 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3645 | return 1; |
Vanger | 0:b86d15c6ba29 | 3646 | break; |
Vanger | 0:b86d15c6ba29 | 3647 | |
Vanger | 0:b86d15c6ba29 | 3648 | case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3649 | if (requirement == REQUIRES_NTRU) |
Vanger | 0:b86d15c6ba29 | 3650 | return 1; |
Vanger | 0:b86d15c6ba29 | 3651 | break; |
Vanger | 0:b86d15c6ba29 | 3652 | |
Vanger | 0:b86d15c6ba29 | 3653 | case TLS_RSA_WITH_AES_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3654 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3655 | return 1; |
Vanger | 0:b86d15c6ba29 | 3656 | break; |
Vanger | 0:b86d15c6ba29 | 3657 | |
Vanger | 0:b86d15c6ba29 | 3658 | case TLS_RSA_WITH_AES_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3659 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3660 | return 1; |
Vanger | 0:b86d15c6ba29 | 3661 | break; |
Vanger | 0:b86d15c6ba29 | 3662 | |
Vanger | 0:b86d15c6ba29 | 3663 | case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3664 | if (requirement == REQUIRES_NTRU) |
Vanger | 0:b86d15c6ba29 | 3665 | return 1; |
Vanger | 0:b86d15c6ba29 | 3666 | break; |
Vanger | 0:b86d15c6ba29 | 3667 | |
Vanger | 0:b86d15c6ba29 | 3668 | case TLS_RSA_WITH_AES_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3669 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3670 | return 1; |
Vanger | 0:b86d15c6ba29 | 3671 | break; |
Vanger | 0:b86d15c6ba29 | 3672 | |
Vanger | 0:b86d15c6ba29 | 3673 | case TLS_RSA_WITH_AES_256_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3674 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3675 | return 1; |
Vanger | 0:b86d15c6ba29 | 3676 | break; |
Vanger | 0:b86d15c6ba29 | 3677 | |
Vanger | 0:b86d15c6ba29 | 3678 | case TLS_RSA_WITH_NULL_SHA : |
Vanger | 0:b86d15c6ba29 | 3679 | case TLS_RSA_WITH_NULL_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3680 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3681 | return 1; |
Vanger | 0:b86d15c6ba29 | 3682 | break; |
Vanger | 0:b86d15c6ba29 | 3683 | |
Vanger | 0:b86d15c6ba29 | 3684 | case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3685 | if (requirement == REQUIRES_NTRU) |
Vanger | 0:b86d15c6ba29 | 3686 | return 1; |
Vanger | 0:b86d15c6ba29 | 3687 | break; |
Vanger | 0:b86d15c6ba29 | 3688 | #endif |
Vanger | 0:b86d15c6ba29 | 3689 | |
Vanger | 0:b86d15c6ba29 | 3690 | case TLS_PSK_WITH_AES_128_GCM_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3691 | case TLS_PSK_WITH_AES_256_GCM_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3692 | case TLS_PSK_WITH_AES_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3693 | case TLS_PSK_WITH_AES_256_CBC_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3694 | case TLS_PSK_WITH_AES_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3695 | case TLS_PSK_WITH_AES_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3696 | case TLS_PSK_WITH_NULL_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3697 | case TLS_PSK_WITH_NULL_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3698 | case TLS_PSK_WITH_NULL_SHA : |
Vanger | 0:b86d15c6ba29 | 3699 | if (requirement == REQUIRES_PSK) |
Vanger | 0:b86d15c6ba29 | 3700 | return 1; |
Vanger | 0:b86d15c6ba29 | 3701 | break; |
Vanger | 0:b86d15c6ba29 | 3702 | |
Vanger | 0:b86d15c6ba29 | 3703 | case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3704 | case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3705 | case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3706 | case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3707 | case TLS_DHE_PSK_WITH_NULL_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3708 | case TLS_DHE_PSK_WITH_NULL_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3709 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3710 | return 1; |
Vanger | 0:b86d15c6ba29 | 3711 | if (requirement == REQUIRES_PSK) |
Vanger | 0:b86d15c6ba29 | 3712 | return 1; |
Vanger | 0:b86d15c6ba29 | 3713 | break; |
Vanger | 0:b86d15c6ba29 | 3714 | |
Vanger | 0:b86d15c6ba29 | 3715 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 3716 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3717 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3718 | return 1; |
Vanger | 0:b86d15c6ba29 | 3719 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3720 | return 1; |
Vanger | 0:b86d15c6ba29 | 3721 | break; |
Vanger | 0:b86d15c6ba29 | 3722 | |
Vanger | 0:b86d15c6ba29 | 3723 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3724 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3725 | return 1; |
Vanger | 0:b86d15c6ba29 | 3726 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3727 | return 1; |
Vanger | 0:b86d15c6ba29 | 3728 | break; |
Vanger | 0:b86d15c6ba29 | 3729 | |
Vanger | 0:b86d15c6ba29 | 3730 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3731 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3732 | return 1; |
Vanger | 0:b86d15c6ba29 | 3733 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3734 | return 1; |
Vanger | 0:b86d15c6ba29 | 3735 | break; |
Vanger | 0:b86d15c6ba29 | 3736 | |
Vanger | 0:b86d15c6ba29 | 3737 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3738 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3739 | return 1; |
Vanger | 0:b86d15c6ba29 | 3740 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3741 | return 1; |
Vanger | 0:b86d15c6ba29 | 3742 | break; |
Vanger | 0:b86d15c6ba29 | 3743 | |
Vanger | 0:b86d15c6ba29 | 3744 | case TLS_RSA_WITH_HC_128_MD5 : |
Vanger | 0:b86d15c6ba29 | 3745 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3746 | return 1; |
Vanger | 0:b86d15c6ba29 | 3747 | break; |
Vanger | 0:b86d15c6ba29 | 3748 | |
Vanger | 0:b86d15c6ba29 | 3749 | case TLS_RSA_WITH_HC_128_SHA : |
Vanger | 0:b86d15c6ba29 | 3750 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3751 | return 1; |
Vanger | 0:b86d15c6ba29 | 3752 | break; |
Vanger | 0:b86d15c6ba29 | 3753 | |
Vanger | 0:b86d15c6ba29 | 3754 | case TLS_RSA_WITH_HC_128_B2B256: |
Vanger | 0:b86d15c6ba29 | 3755 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3756 | return 1; |
Vanger | 0:b86d15c6ba29 | 3757 | break; |
Vanger | 0:b86d15c6ba29 | 3758 | |
Vanger | 0:b86d15c6ba29 | 3759 | case TLS_RSA_WITH_AES_128_CBC_B2B256: |
Vanger | 0:b86d15c6ba29 | 3760 | case TLS_RSA_WITH_AES_256_CBC_B2B256: |
Vanger | 0:b86d15c6ba29 | 3761 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3762 | return 1; |
Vanger | 0:b86d15c6ba29 | 3763 | break; |
Vanger | 0:b86d15c6ba29 | 3764 | |
Vanger | 0:b86d15c6ba29 | 3765 | case TLS_RSA_WITH_RABBIT_SHA : |
Vanger | 0:b86d15c6ba29 | 3766 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3767 | return 1; |
Vanger | 0:b86d15c6ba29 | 3768 | break; |
Vanger | 0:b86d15c6ba29 | 3769 | |
Vanger | 0:b86d15c6ba29 | 3770 | case TLS_RSA_WITH_AES_128_GCM_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3771 | case TLS_RSA_WITH_AES_256_GCM_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3772 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3773 | return 1; |
Vanger | 0:b86d15c6ba29 | 3774 | break; |
Vanger | 0:b86d15c6ba29 | 3775 | |
Vanger | 0:b86d15c6ba29 | 3776 | case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3777 | case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : |
Vanger | 0:b86d15c6ba29 | 3778 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3779 | return 1; |
Vanger | 0:b86d15c6ba29 | 3780 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3781 | return 1; |
Vanger | 0:b86d15c6ba29 | 3782 | break; |
Vanger | 0:b86d15c6ba29 | 3783 | |
Vanger | 0:b86d15c6ba29 | 3784 | case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3785 | case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3786 | case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3787 | case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3788 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3789 | return 1; |
Vanger | 0:b86d15c6ba29 | 3790 | break; |
Vanger | 0:b86d15c6ba29 | 3791 | |
Vanger | 0:b86d15c6ba29 | 3792 | case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3793 | case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3794 | case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3795 | case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : |
Vanger | 0:b86d15c6ba29 | 3796 | if (requirement == REQUIRES_RSA) |
Vanger | 0:b86d15c6ba29 | 3797 | return 1; |
Vanger | 0:b86d15c6ba29 | 3798 | if (requirement == REQUIRES_RSA_SIG) |
Vanger | 0:b86d15c6ba29 | 3799 | return 1; |
Vanger | 0:b86d15c6ba29 | 3800 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3801 | return 1; |
Vanger | 0:b86d15c6ba29 | 3802 | break; |
Vanger | 0:b86d15c6ba29 | 3803 | #endif |
Vanger | 0:b86d15c6ba29 | 3804 | #ifdef HAVE_ANON |
Vanger | 0:b86d15c6ba29 | 3805 | case TLS_DH_anon_WITH_AES_128_CBC_SHA : |
Vanger | 0:b86d15c6ba29 | 3806 | if (requirement == REQUIRES_DHE) |
Vanger | 0:b86d15c6ba29 | 3807 | return 1; |
Vanger | 0:b86d15c6ba29 | 3808 | break; |
Vanger | 0:b86d15c6ba29 | 3809 | #endif |
Vanger | 0:b86d15c6ba29 | 3810 | |
Vanger | 0:b86d15c6ba29 | 3811 | default: |
Vanger | 0:b86d15c6ba29 | 3812 | CYASSL_MSG("Unsupported cipher suite, CipherRequires"); |
Vanger | 0:b86d15c6ba29 | 3813 | return 0; |
Vanger | 0:b86d15c6ba29 | 3814 | } /* switch */ |
Vanger | 0:b86d15c6ba29 | 3815 | } /* if ECC / Normal suites else */ |
Vanger | 0:b86d15c6ba29 | 3816 | |
Vanger | 0:b86d15c6ba29 | 3817 | return 0; |
Vanger | 0:b86d15c6ba29 | 3818 | } |
Vanger | 0:b86d15c6ba29 | 3819 | |
Vanger | 0:b86d15c6ba29 | 3820 | |
Vanger | 0:b86d15c6ba29 | 3821 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 3822 | |
Vanger | 0:b86d15c6ba29 | 3823 | |
Vanger | 0:b86d15c6ba29 | 3824 | /* Match names with wildcards, each wildcard can represent a single name |
Vanger | 0:b86d15c6ba29 | 3825 | component or fragment but not mulitple names, i.e., |
Vanger | 0:b86d15c6ba29 | 3826 | *.z.com matches y.z.com but not x.y.z.com |
Vanger | 0:b86d15c6ba29 | 3827 | |
Vanger | 0:b86d15c6ba29 | 3828 | return 1 on success */ |
Vanger | 0:b86d15c6ba29 | 3829 | static int MatchDomainName(const char* pattern, int len, const char* str) |
Vanger | 0:b86d15c6ba29 | 3830 | { |
Vanger | 0:b86d15c6ba29 | 3831 | char p, s; |
Vanger | 0:b86d15c6ba29 | 3832 | |
Vanger | 0:b86d15c6ba29 | 3833 | if (pattern == NULL || str == NULL || len <= 0) |
Vanger | 0:b86d15c6ba29 | 3834 | return 0; |
Vanger | 0:b86d15c6ba29 | 3835 | |
Vanger | 0:b86d15c6ba29 | 3836 | while (len > 0) { |
Vanger | 0:b86d15c6ba29 | 3837 | |
Vanger | 0:b86d15c6ba29 | 3838 | p = (char)XTOLOWER(*pattern++); |
Vanger | 0:b86d15c6ba29 | 3839 | if (p == 0) |
Vanger | 0:b86d15c6ba29 | 3840 | break; |
Vanger | 0:b86d15c6ba29 | 3841 | |
Vanger | 0:b86d15c6ba29 | 3842 | if (p == '*') { |
Vanger | 0:b86d15c6ba29 | 3843 | while (--len > 0 && (p = (char)XTOLOWER(*pattern++)) == '*') |
Vanger | 0:b86d15c6ba29 | 3844 | ; |
Vanger | 0:b86d15c6ba29 | 3845 | |
Vanger | 0:b86d15c6ba29 | 3846 | if (len == 0) |
Vanger | 0:b86d15c6ba29 | 3847 | p = '\0'; |
Vanger | 0:b86d15c6ba29 | 3848 | |
Vanger | 0:b86d15c6ba29 | 3849 | while ( (s = (char)XTOLOWER(*str)) != '\0') { |
Vanger | 0:b86d15c6ba29 | 3850 | if (s == p) |
Vanger | 0:b86d15c6ba29 | 3851 | break; |
Vanger | 0:b86d15c6ba29 | 3852 | if (s == '.') |
Vanger | 0:b86d15c6ba29 | 3853 | return 0; |
Vanger | 0:b86d15c6ba29 | 3854 | str++; |
Vanger | 0:b86d15c6ba29 | 3855 | } |
Vanger | 0:b86d15c6ba29 | 3856 | } |
Vanger | 0:b86d15c6ba29 | 3857 | else { |
Vanger | 0:b86d15c6ba29 | 3858 | if (p != (char)XTOLOWER(*str)) |
Vanger | 0:b86d15c6ba29 | 3859 | return 0; |
Vanger | 0:b86d15c6ba29 | 3860 | } |
Vanger | 0:b86d15c6ba29 | 3861 | |
Vanger | 0:b86d15c6ba29 | 3862 | if (*str != '\0') |
Vanger | 0:b86d15c6ba29 | 3863 | str++; |
Vanger | 0:b86d15c6ba29 | 3864 | |
Vanger | 0:b86d15c6ba29 | 3865 | if (len > 0) |
Vanger | 0:b86d15c6ba29 | 3866 | len--; |
Vanger | 0:b86d15c6ba29 | 3867 | } |
Vanger | 0:b86d15c6ba29 | 3868 | |
Vanger | 0:b86d15c6ba29 | 3869 | return *str == '\0'; |
Vanger | 0:b86d15c6ba29 | 3870 | } |
Vanger | 0:b86d15c6ba29 | 3871 | |
Vanger | 0:b86d15c6ba29 | 3872 | |
Vanger | 0:b86d15c6ba29 | 3873 | /* try to find an altName match to domain, return 1 on success */ |
Vanger | 0:b86d15c6ba29 | 3874 | static int CheckAltNames(DecodedCert* dCert, char* domain) |
Vanger | 0:b86d15c6ba29 | 3875 | { |
Vanger | 0:b86d15c6ba29 | 3876 | int match = 0; |
Vanger | 0:b86d15c6ba29 | 3877 | DNS_entry* altName = NULL; |
Vanger | 0:b86d15c6ba29 | 3878 | |
Vanger | 0:b86d15c6ba29 | 3879 | CYASSL_MSG("Checking AltNames"); |
Vanger | 0:b86d15c6ba29 | 3880 | |
Vanger | 0:b86d15c6ba29 | 3881 | if (dCert) |
Vanger | 0:b86d15c6ba29 | 3882 | altName = dCert->altNames; |
Vanger | 0:b86d15c6ba29 | 3883 | |
Vanger | 0:b86d15c6ba29 | 3884 | while (altName) { |
Vanger | 0:b86d15c6ba29 | 3885 | CYASSL_MSG(" individual AltName check"); |
Vanger | 0:b86d15c6ba29 | 3886 | |
Vanger | 0:b86d15c6ba29 | 3887 | if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){ |
Vanger | 0:b86d15c6ba29 | 3888 | match = 1; |
Vanger | 0:b86d15c6ba29 | 3889 | break; |
Vanger | 0:b86d15c6ba29 | 3890 | } |
Vanger | 0:b86d15c6ba29 | 3891 | |
Vanger | 0:b86d15c6ba29 | 3892 | altName = altName->next; |
Vanger | 0:b86d15c6ba29 | 3893 | } |
Vanger | 0:b86d15c6ba29 | 3894 | |
Vanger | 0:b86d15c6ba29 | 3895 | return match; |
Vanger | 0:b86d15c6ba29 | 3896 | } |
Vanger | 0:b86d15c6ba29 | 3897 | |
Vanger | 0:b86d15c6ba29 | 3898 | |
Vanger | 0:b86d15c6ba29 | 3899 | #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) |
Vanger | 0:b86d15c6ba29 | 3900 | |
Vanger | 0:b86d15c6ba29 | 3901 | /* Copy parts X509 needs from Decoded cert, 0 on success */ |
Vanger | 0:b86d15c6ba29 | 3902 | int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert) |
Vanger | 0:b86d15c6ba29 | 3903 | { |
Vanger | 0:b86d15c6ba29 | 3904 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 3905 | |
Vanger | 0:b86d15c6ba29 | 3906 | if (x509 == NULL || dCert == NULL) |
Vanger | 0:b86d15c6ba29 | 3907 | return BAD_FUNC_ARG; |
Vanger | 0:b86d15c6ba29 | 3908 | |
Vanger | 0:b86d15c6ba29 | 3909 | x509->version = dCert->version + 1; |
Vanger | 0:b86d15c6ba29 | 3910 | |
Vanger | 0:b86d15c6ba29 | 3911 | XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX); |
Vanger | 0:b86d15c6ba29 | 3912 | x509->issuer.name[ASN_NAME_MAX - 1] = '\0'; |
Vanger | 0:b86d15c6ba29 | 3913 | x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1; |
Vanger | 0:b86d15c6ba29 | 3914 | #ifdef OPENSSL_EXTRA |
Vanger | 0:b86d15c6ba29 | 3915 | if (dCert->issuerName.fullName != NULL) { |
Vanger | 0:b86d15c6ba29 | 3916 | XMEMCPY(&x509->issuer.fullName, |
Vanger | 0:b86d15c6ba29 | 3917 | &dCert->issuerName, sizeof(DecodedName)); |
Vanger | 0:b86d15c6ba29 | 3918 | x509->issuer.fullName.fullName = (char*)XMALLOC( |
Vanger | 0:b86d15c6ba29 | 3919 | dCert->issuerName.fullNameLen, NULL, DYNAMIC_TYPE_X509); |
Vanger | 0:b86d15c6ba29 | 3920 | if (x509->issuer.fullName.fullName != NULL) |
Vanger | 0:b86d15c6ba29 | 3921 | XMEMCPY(x509->issuer.fullName.fullName, |
Vanger | 0:b86d15c6ba29 | 3922 | dCert->issuerName.fullName, dCert->issuerName.fullNameLen); |
Vanger | 0:b86d15c6ba29 | 3923 | } |
Vanger | 0:b86d15c6ba29 | 3924 | #endif /* OPENSSL_EXTRA */ |
Vanger | 0:b86d15c6ba29 | 3925 | |
Vanger | 0:b86d15c6ba29 | 3926 | XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX); |
Vanger | 0:b86d15c6ba29 | 3927 | x509->subject.name[ASN_NAME_MAX - 1] = '\0'; |
Vanger | 0:b86d15c6ba29 | 3928 | x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1; |
Vanger | 0:b86d15c6ba29 | 3929 | #ifdef OPENSSL_EXTRA |
Vanger | 0:b86d15c6ba29 | 3930 | if (dCert->subjectName.fullName != NULL) { |
Vanger | 0:b86d15c6ba29 | 3931 | XMEMCPY(&x509->subject.fullName, |
Vanger | 0:b86d15c6ba29 | 3932 | &dCert->subjectName, sizeof(DecodedName)); |
Vanger | 0:b86d15c6ba29 | 3933 | x509->subject.fullName.fullName = (char*)XMALLOC( |
Vanger | 0:b86d15c6ba29 | 3934 | dCert->subjectName.fullNameLen, NULL, DYNAMIC_TYPE_X509); |
Vanger | 0:b86d15c6ba29 | 3935 | if (x509->subject.fullName.fullName != NULL) |
Vanger | 0:b86d15c6ba29 | 3936 | XMEMCPY(x509->subject.fullName.fullName, |
Vanger | 0:b86d15c6ba29 | 3937 | dCert->subjectName.fullName, dCert->subjectName.fullNameLen); |
Vanger | 0:b86d15c6ba29 | 3938 | } |
Vanger | 0:b86d15c6ba29 | 3939 | #endif /* OPENSSL_EXTRA */ |
Vanger | 0:b86d15c6ba29 | 3940 | |
Vanger | 0:b86d15c6ba29 | 3941 | XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE); |
Vanger | 0:b86d15c6ba29 | 3942 | x509->serialSz = dCert->serialSz; |
Vanger | 0:b86d15c6ba29 | 3943 | if (dCert->subjectCNLen < ASN_NAME_MAX) { |
Vanger | 0:b86d15c6ba29 | 3944 | XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen); |
Vanger | 0:b86d15c6ba29 | 3945 | x509->subjectCN[dCert->subjectCNLen] = '\0'; |
Vanger | 0:b86d15c6ba29 | 3946 | } |
Vanger | 0:b86d15c6ba29 | 3947 | else |
Vanger | 0:b86d15c6ba29 | 3948 | x509->subjectCN[0] = '\0'; |
Vanger | 0:b86d15c6ba29 | 3949 | |
Vanger | 0:b86d15c6ba29 | 3950 | #ifdef CYASSL_SEP |
Vanger | 0:b86d15c6ba29 | 3951 | { |
Vanger | 0:b86d15c6ba29 | 3952 | int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE); |
Vanger | 0:b86d15c6ba29 | 3953 | if (minSz > 0) { |
Vanger | 0:b86d15c6ba29 | 3954 | x509->deviceTypeSz = minSz; |
Vanger | 0:b86d15c6ba29 | 3955 | XMEMCPY(x509->deviceType, dCert->deviceType, minSz); |
Vanger | 0:b86d15c6ba29 | 3956 | } |
Vanger | 0:b86d15c6ba29 | 3957 | else |
Vanger | 0:b86d15c6ba29 | 3958 | x509->deviceTypeSz = 0; |
Vanger | 0:b86d15c6ba29 | 3959 | minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); |
Vanger | 0:b86d15c6ba29 | 3960 | if (minSz != 0) { |
Vanger | 0:b86d15c6ba29 | 3961 | x509->hwTypeSz = minSz; |
Vanger | 0:b86d15c6ba29 | 3962 | XMEMCPY(x509->hwType, dCert->hwType, minSz); |
Vanger | 0:b86d15c6ba29 | 3963 | } |
Vanger | 0:b86d15c6ba29 | 3964 | else |
Vanger | 0:b86d15c6ba29 | 3965 | x509->hwTypeSz = 0; |
Vanger | 0:b86d15c6ba29 | 3966 | minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); |
Vanger | 0:b86d15c6ba29 | 3967 | if (minSz != 0) { |
Vanger | 0:b86d15c6ba29 | 3968 | x509->hwSerialNumSz = minSz; |
Vanger | 0:b86d15c6ba29 | 3969 | XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); |
Vanger | 0:b86d15c6ba29 | 3970 | } |
Vanger | 0:b86d15c6ba29 | 3971 | else |
Vanger | 0:b86d15c6ba29 | 3972 | x509->hwSerialNumSz = 0; |
Vanger | 0:b86d15c6ba29 | 3973 | } |
Vanger | 0:b86d15c6ba29 | 3974 | #endif /* CYASSL_SEP */ |
Vanger | 0:b86d15c6ba29 | 3975 | { |
Vanger | 0:b86d15c6ba29 | 3976 | int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ); |
Vanger | 0:b86d15c6ba29 | 3977 | if (minSz != 0) { |
Vanger | 0:b86d15c6ba29 | 3978 | x509->notBeforeSz = minSz; |
Vanger | 0:b86d15c6ba29 | 3979 | XMEMCPY(x509->notBefore, dCert->beforeDate, minSz); |
Vanger | 0:b86d15c6ba29 | 3980 | } |
Vanger | 0:b86d15c6ba29 | 3981 | else |
Vanger | 0:b86d15c6ba29 | 3982 | x509->notBeforeSz = 0; |
Vanger | 0:b86d15c6ba29 | 3983 | minSz = min(dCert->afterDateLen, MAX_DATE_SZ); |
Vanger | 0:b86d15c6ba29 | 3984 | if (minSz != 0) { |
Vanger | 0:b86d15c6ba29 | 3985 | x509->notAfterSz = minSz; |
Vanger | 0:b86d15c6ba29 | 3986 | XMEMCPY(x509->notAfter, dCert->afterDate, minSz); |
Vanger | 0:b86d15c6ba29 | 3987 | } |
Vanger | 0:b86d15c6ba29 | 3988 | else |
Vanger | 0:b86d15c6ba29 | 3989 | x509->notAfterSz = 0; |
Vanger | 0:b86d15c6ba29 | 3990 | } |
Vanger | 0:b86d15c6ba29 | 3991 | |
Vanger | 0:b86d15c6ba29 | 3992 | if (dCert->publicKey != NULL && dCert->pubKeySize != 0) { |
Vanger | 0:b86d15c6ba29 | 3993 | x509->pubKey.buffer = (byte*)XMALLOC( |
Vanger | 0:b86d15c6ba29 | 3994 | dCert->pubKeySize, NULL, DYNAMIC_TYPE_PUBLIC_KEY); |
Vanger | 0:b86d15c6ba29 | 3995 | if (x509->pubKey.buffer != NULL) { |
Vanger | 0:b86d15c6ba29 | 3996 | x509->pubKeyOID = dCert->keyOID; |
Vanger | 0:b86d15c6ba29 | 3997 | x509->pubKey.length = dCert->pubKeySize; |
Vanger | 0:b86d15c6ba29 | 3998 | XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize); |
Vanger | 0:b86d15c6ba29 | 3999 | } |
Vanger | 0:b86d15c6ba29 | 4000 | else |
Vanger | 0:b86d15c6ba29 | 4001 | ret = MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 4002 | } |
Vanger | 0:b86d15c6ba29 | 4003 | |
Vanger | 0:b86d15c6ba29 | 4004 | if (dCert->signature != NULL && dCert->sigLength != 0) { |
Vanger | 0:b86d15c6ba29 | 4005 | x509->sig.buffer = (byte*)XMALLOC( |
Vanger | 0:b86d15c6ba29 | 4006 | dCert->sigLength, NULL, DYNAMIC_TYPE_SIGNATURE); |
Vanger | 0:b86d15c6ba29 | 4007 | if (x509->sig.buffer == NULL) { |
Vanger | 0:b86d15c6ba29 | 4008 | ret = MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 4009 | } |
Vanger | 0:b86d15c6ba29 | 4010 | else { |
Vanger | 0:b86d15c6ba29 | 4011 | XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength); |
Vanger | 0:b86d15c6ba29 | 4012 | x509->sig.length = dCert->sigLength; |
Vanger | 0:b86d15c6ba29 | 4013 | x509->sigOID = dCert->signatureOID; |
Vanger | 0:b86d15c6ba29 | 4014 | } |
Vanger | 0:b86d15c6ba29 | 4015 | } |
Vanger | 0:b86d15c6ba29 | 4016 | |
Vanger | 0:b86d15c6ba29 | 4017 | /* store cert for potential retrieval */ |
Vanger | 0:b86d15c6ba29 | 4018 | x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL, |
Vanger | 0:b86d15c6ba29 | 4019 | DYNAMIC_TYPE_CERT); |
Vanger | 0:b86d15c6ba29 | 4020 | if (x509->derCert.buffer == NULL) { |
Vanger | 0:b86d15c6ba29 | 4021 | ret = MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 4022 | } |
Vanger | 0:b86d15c6ba29 | 4023 | else { |
Vanger | 0:b86d15c6ba29 | 4024 | XMEMCPY(x509->derCert.buffer, dCert->source, dCert->maxIdx); |
Vanger | 0:b86d15c6ba29 | 4025 | x509->derCert.length = dCert->maxIdx; |
Vanger | 0:b86d15c6ba29 | 4026 | } |
Vanger | 0:b86d15c6ba29 | 4027 | |
Vanger | 0:b86d15c6ba29 | 4028 | x509->altNames = dCert->altNames; |
Vanger | 0:b86d15c6ba29 | 4029 | dCert->altNames = NULL; /* takes ownership */ |
Vanger | 0:b86d15c6ba29 | 4030 | x509->altNamesNext = x509->altNames; /* index hint */ |
Vanger | 0:b86d15c6ba29 | 4031 | |
Vanger | 0:b86d15c6ba29 | 4032 | x509->isCa = dCert->isCA; |
Vanger | 0:b86d15c6ba29 | 4033 | #ifdef OPENSSL_EXTRA |
Vanger | 0:b86d15c6ba29 | 4034 | x509->pathLength = dCert->pathLength; |
Vanger | 0:b86d15c6ba29 | 4035 | x509->keyUsage = dCert->extKeyUsage; |
Vanger | 0:b86d15c6ba29 | 4036 | |
Vanger | 0:b86d15c6ba29 | 4037 | x509->basicConstSet = dCert->extBasicConstSet; |
Vanger | 0:b86d15c6ba29 | 4038 | x509->basicConstCrit = dCert->extBasicConstCrit; |
Vanger | 0:b86d15c6ba29 | 4039 | x509->basicConstPlSet = dCert->extBasicConstPlSet; |
Vanger | 0:b86d15c6ba29 | 4040 | x509->subjAltNameSet = dCert->extSubjAltNameSet; |
Vanger | 0:b86d15c6ba29 | 4041 | x509->subjAltNameCrit = dCert->extSubjAltNameCrit; |
Vanger | 0:b86d15c6ba29 | 4042 | x509->authKeyIdSet = dCert->extAuthKeyIdSet; |
Vanger | 0:b86d15c6ba29 | 4043 | x509->authKeyIdCrit = dCert->extAuthKeyIdCrit; |
Vanger | 0:b86d15c6ba29 | 4044 | if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) { |
Vanger | 0:b86d15c6ba29 | 4045 | x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL, 0); |
Vanger | 0:b86d15c6ba29 | 4046 | if (x509->authKeyId != NULL) { |
Vanger | 0:b86d15c6ba29 | 4047 | XMEMCPY(x509->authKeyId, |
Vanger | 0:b86d15c6ba29 | 4048 | dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz); |
Vanger | 0:b86d15c6ba29 | 4049 | x509->authKeyIdSz = dCert->extAuthKeyIdSz; |
Vanger | 0:b86d15c6ba29 | 4050 | } |
Vanger | 0:b86d15c6ba29 | 4051 | else |
Vanger | 0:b86d15c6ba29 | 4052 | ret = MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 4053 | } |
Vanger | 0:b86d15c6ba29 | 4054 | x509->subjKeyIdSet = dCert->extSubjKeyIdSet; |
Vanger | 0:b86d15c6ba29 | 4055 | x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit; |
Vanger | 0:b86d15c6ba29 | 4056 | if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) { |
Vanger | 0:b86d15c6ba29 | 4057 | x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL, 0); |
Vanger | 0:b86d15c6ba29 | 4058 | if (x509->subjKeyId != NULL) { |
Vanger | 0:b86d15c6ba29 | 4059 | XMEMCPY(x509->subjKeyId, |
Vanger | 0:b86d15c6ba29 | 4060 | dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz); |
Vanger | 0:b86d15c6ba29 | 4061 | x509->subjKeyIdSz = dCert->extSubjKeyIdSz; |
Vanger | 0:b86d15c6ba29 | 4062 | } |
Vanger | 0:b86d15c6ba29 | 4063 | else |
Vanger | 0:b86d15c6ba29 | 4064 | ret = MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 4065 | } |
Vanger | 0:b86d15c6ba29 | 4066 | x509->keyUsageSet = dCert->extKeyUsageSet; |
Vanger | 0:b86d15c6ba29 | 4067 | x509->keyUsageCrit = dCert->extKeyUsageCrit; |
Vanger | 0:b86d15c6ba29 | 4068 | #ifdef CYASSL_SEP |
Vanger | 0:b86d15c6ba29 | 4069 | x509->certPolicySet = dCert->extCertPolicySet; |
Vanger | 0:b86d15c6ba29 | 4070 | x509->certPolicyCrit = dCert->extCertPolicyCrit; |
Vanger | 0:b86d15c6ba29 | 4071 | #endif /* CYASSL_SEP */ |
Vanger | 0:b86d15c6ba29 | 4072 | #endif /* OPENSSL_EXTRA */ |
Vanger | 0:b86d15c6ba29 | 4073 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 4074 | x509->pkCurveOID = dCert->pkCurveOID; |
Vanger | 0:b86d15c6ba29 | 4075 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 4076 | |
Vanger | 0:b86d15c6ba29 | 4077 | return ret; |
Vanger | 0:b86d15c6ba29 | 4078 | } |
Vanger | 0:b86d15c6ba29 | 4079 | |
Vanger | 0:b86d15c6ba29 | 4080 | #endif /* KEEP_PEER_CERT || SESSION_CERTS */ |
Vanger | 0:b86d15c6ba29 | 4081 | |
Vanger | 0:b86d15c6ba29 | 4082 | |
Vanger | 0:b86d15c6ba29 | 4083 | static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 4084 | word32 size) |
Vanger | 0:b86d15c6ba29 | 4085 | { |
Vanger | 0:b86d15c6ba29 | 4086 | word32 listSz; |
Vanger | 0:b86d15c6ba29 | 4087 | word32 begin = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 4088 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 4089 | int anyError = 0; |
Vanger | 0:b86d15c6ba29 | 4090 | int totalCerts = 0; /* number of certs in certs buffer */ |
Vanger | 0:b86d15c6ba29 | 4091 | int count; |
Vanger | 0:b86d15c6ba29 | 4092 | buffer certs[MAX_CHAIN_DEPTH]; |
Vanger | 0:b86d15c6ba29 | 4093 | |
Vanger | 0:b86d15c6ba29 | 4094 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 4095 | char* domain = NULL; |
Vanger | 0:b86d15c6ba29 | 4096 | DecodedCert* dCert = NULL; |
Vanger | 0:b86d15c6ba29 | 4097 | CYASSL_X509_STORE_CTX* store = NULL; |
Vanger | 0:b86d15c6ba29 | 4098 | #else |
Vanger | 0:b86d15c6ba29 | 4099 | char domain[ASN_NAME_MAX]; |
Vanger | 0:b86d15c6ba29 | 4100 | DecodedCert dCert[1]; |
Vanger | 0:b86d15c6ba29 | 4101 | CYASSL_X509_STORE_CTX store[1]; |
Vanger | 0:b86d15c6ba29 | 4102 | #endif |
Vanger | 0:b86d15c6ba29 | 4103 | |
Vanger | 0:b86d15c6ba29 | 4104 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 4105 | if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 4106 | if (ssl->toInfoOn) AddLateName("Certificate", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 4107 | #endif |
Vanger | 0:b86d15c6ba29 | 4108 | |
Vanger | 0:b86d15c6ba29 | 4109 | if ((*inOutIdx - begin) + OPAQUE24_LEN > size) |
Vanger | 0:b86d15c6ba29 | 4110 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 4111 | |
Vanger | 0:b86d15c6ba29 | 4112 | c24to32(input + *inOutIdx, &listSz); |
Vanger | 0:b86d15c6ba29 | 4113 | *inOutIdx += OPAQUE24_LEN; |
Vanger | 0:b86d15c6ba29 | 4114 | |
Vanger | 0:b86d15c6ba29 | 4115 | #ifdef HAVE_MAX_FRAGMENT |
Vanger | 0:b86d15c6ba29 | 4116 | if (listSz > ssl->max_fragment) { |
Vanger | 0:b86d15c6ba29 | 4117 | SendAlert(ssl, alert_fatal, record_overflow); |
Vanger | 0:b86d15c6ba29 | 4118 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 4119 | } |
Vanger | 0:b86d15c6ba29 | 4120 | #else |
Vanger | 0:b86d15c6ba29 | 4121 | if (listSz > MAX_RECORD_SIZE) |
Vanger | 0:b86d15c6ba29 | 4122 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 4123 | #endif |
Vanger | 0:b86d15c6ba29 | 4124 | |
Vanger | 0:b86d15c6ba29 | 4125 | if ((*inOutIdx - begin) + listSz != size) |
Vanger | 0:b86d15c6ba29 | 4126 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 4127 | |
Vanger | 0:b86d15c6ba29 | 4128 | CYASSL_MSG("Loading peer's cert chain"); |
Vanger | 0:b86d15c6ba29 | 4129 | /* first put cert chain into buffer so can verify top down |
Vanger | 0:b86d15c6ba29 | 4130 | we're sent bottom up */ |
Vanger | 0:b86d15c6ba29 | 4131 | while (listSz) { |
Vanger | 0:b86d15c6ba29 | 4132 | word32 certSz; |
Vanger | 0:b86d15c6ba29 | 4133 | |
Vanger | 0:b86d15c6ba29 | 4134 | if (totalCerts >= MAX_CHAIN_DEPTH) |
Vanger | 0:b86d15c6ba29 | 4135 | return MAX_CHAIN_ERROR; |
Vanger | 0:b86d15c6ba29 | 4136 | |
Vanger | 0:b86d15c6ba29 | 4137 | if ((*inOutIdx - begin) + OPAQUE24_LEN > size) |
Vanger | 0:b86d15c6ba29 | 4138 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 4139 | |
Vanger | 0:b86d15c6ba29 | 4140 | c24to32(input + *inOutIdx, &certSz); |
Vanger | 0:b86d15c6ba29 | 4141 | *inOutIdx += OPAQUE24_LEN; |
Vanger | 0:b86d15c6ba29 | 4142 | |
Vanger | 0:b86d15c6ba29 | 4143 | if ((*inOutIdx - begin) + certSz > size) |
Vanger | 0:b86d15c6ba29 | 4144 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 4145 | |
Vanger | 0:b86d15c6ba29 | 4146 | certs[totalCerts].length = certSz; |
Vanger | 0:b86d15c6ba29 | 4147 | certs[totalCerts].buffer = input + *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 4148 | |
Vanger | 0:b86d15c6ba29 | 4149 | #ifdef SESSION_CERTS |
Vanger | 0:b86d15c6ba29 | 4150 | if (ssl->session.chain.count < MAX_CHAIN_DEPTH && |
Vanger | 0:b86d15c6ba29 | 4151 | certSz < MAX_X509_SIZE) { |
Vanger | 0:b86d15c6ba29 | 4152 | ssl->session.chain.certs[ssl->session.chain.count].length = certSz; |
Vanger | 0:b86d15c6ba29 | 4153 | XMEMCPY(ssl->session.chain.certs[ssl->session.chain.count].buffer, |
Vanger | 0:b86d15c6ba29 | 4154 | input + *inOutIdx, certSz); |
Vanger | 0:b86d15c6ba29 | 4155 | ssl->session.chain.count++; |
Vanger | 0:b86d15c6ba29 | 4156 | } else { |
Vanger | 0:b86d15c6ba29 | 4157 | CYASSL_MSG("Couldn't store chain cert for session"); |
Vanger | 0:b86d15c6ba29 | 4158 | } |
Vanger | 0:b86d15c6ba29 | 4159 | #endif |
Vanger | 0:b86d15c6ba29 | 4160 | |
Vanger | 0:b86d15c6ba29 | 4161 | *inOutIdx += certSz; |
Vanger | 0:b86d15c6ba29 | 4162 | listSz -= certSz + CERT_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 4163 | |
Vanger | 0:b86d15c6ba29 | 4164 | totalCerts++; |
Vanger | 0:b86d15c6ba29 | 4165 | CYASSL_MSG(" Put another cert into chain"); |
Vanger | 0:b86d15c6ba29 | 4166 | } |
Vanger | 0:b86d15c6ba29 | 4167 | |
Vanger | 0:b86d15c6ba29 | 4168 | count = totalCerts; |
Vanger | 0:b86d15c6ba29 | 4169 | |
Vanger | 0:b86d15c6ba29 | 4170 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 4171 | dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, |
Vanger | 0:b86d15c6ba29 | 4172 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 4173 | if (dCert == NULL) |
Vanger | 0:b86d15c6ba29 | 4174 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 4175 | #endif |
Vanger | 0:b86d15c6ba29 | 4176 | |
Vanger | 0:b86d15c6ba29 | 4177 | /* verify up to peer's first */ |
Vanger | 0:b86d15c6ba29 | 4178 | while (count > 1) { |
Vanger | 0:b86d15c6ba29 | 4179 | buffer myCert = certs[count - 1]; |
Vanger | 0:b86d15c6ba29 | 4180 | byte* subjectHash; |
Vanger | 0:b86d15c6ba29 | 4181 | |
Vanger | 0:b86d15c6ba29 | 4182 | InitDecodedCert(dCert, myCert.buffer, myCert.length, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 4183 | ret = ParseCertRelative(dCert, CERT_TYPE, !ssl->options.verifyNone, |
Vanger | 0:b86d15c6ba29 | 4184 | ssl->ctx->cm); |
Vanger | 0:b86d15c6ba29 | 4185 | #ifndef NO_SKID |
Vanger | 0:b86d15c6ba29 | 4186 | subjectHash = dCert->extSubjKeyId; |
Vanger | 0:b86d15c6ba29 | 4187 | #else |
Vanger | 0:b86d15c6ba29 | 4188 | subjectHash = dCert->subjectHash; |
Vanger | 0:b86d15c6ba29 | 4189 | #endif |
Vanger | 0:b86d15c6ba29 | 4190 | |
Vanger | 0:b86d15c6ba29 | 4191 | if (ret == 0 && dCert->isCA == 0) { |
Vanger | 0:b86d15c6ba29 | 4192 | CYASSL_MSG("Chain cert is not a CA, not adding as one"); |
Vanger | 0:b86d15c6ba29 | 4193 | } |
Vanger | 0:b86d15c6ba29 | 4194 | else if (ret == 0 && ssl->options.verifyNone) { |
Vanger | 0:b86d15c6ba29 | 4195 | CYASSL_MSG("Chain cert not verified by option, not adding as CA"); |
Vanger | 0:b86d15c6ba29 | 4196 | } |
Vanger | 0:b86d15c6ba29 | 4197 | else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) { |
Vanger | 0:b86d15c6ba29 | 4198 | buffer add; |
Vanger | 0:b86d15c6ba29 | 4199 | add.length = myCert.length; |
Vanger | 0:b86d15c6ba29 | 4200 | add.buffer = (byte*)XMALLOC(myCert.length, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 4201 | DYNAMIC_TYPE_CA); |
Vanger | 0:b86d15c6ba29 | 4202 | CYASSL_MSG("Adding CA from chain"); |
Vanger | 0:b86d15c6ba29 | 4203 | |
Vanger | 0:b86d15c6ba29 | 4204 | if (add.buffer == NULL) |
Vanger | 0:b86d15c6ba29 | 4205 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 4206 | XMEMCPY(add.buffer, myCert.buffer, myCert.length); |
Vanger | 0:b86d15c6ba29 | 4207 | |
Vanger | 0:b86d15c6ba29 | 4208 | ret = AddCA(ssl->ctx->cm, add, CYASSL_CHAIN_CA, |
Vanger | 0:b86d15c6ba29 | 4209 | ssl->ctx->verifyPeer); |
Vanger | 0:b86d15c6ba29 | 4210 | if (ret == 1) ret = 0; /* SSL_SUCCESS for external */ |
Vanger | 0:b86d15c6ba29 | 4211 | } |
Vanger | 0:b86d15c6ba29 | 4212 | else if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 4213 | CYASSL_MSG("Failed to verify CA from chain"); |
Vanger | 0:b86d15c6ba29 | 4214 | } |
Vanger | 0:b86d15c6ba29 | 4215 | else { |
Vanger | 0:b86d15c6ba29 | 4216 | CYASSL_MSG("Verified CA from chain and already had it"); |
Vanger | 0:b86d15c6ba29 | 4217 | } |
Vanger | 0:b86d15c6ba29 | 4218 | |
Vanger | 0:b86d15c6ba29 | 4219 | #ifdef HAVE_CRL |
Vanger | 0:b86d15c6ba29 | 4220 | if (ret == 0 && ssl->ctx->cm->crlEnabled && ssl->ctx->cm->crlCheckAll) { |
Vanger | 0:b86d15c6ba29 | 4221 | CYASSL_MSG("Doing Non Leaf CRL check"); |
Vanger | 0:b86d15c6ba29 | 4222 | ret = CheckCertCRL(ssl->ctx->cm->crl, dCert); |
Vanger | 0:b86d15c6ba29 | 4223 | |
Vanger | 0:b86d15c6ba29 | 4224 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 4225 | CYASSL_MSG("\tCRL check not ok"); |
Vanger | 0:b86d15c6ba29 | 4226 | } |
Vanger | 0:b86d15c6ba29 | 4227 | } |
Vanger | 0:b86d15c6ba29 | 4228 | #endif /* HAVE_CRL */ |
Vanger | 0:b86d15c6ba29 | 4229 | |
Vanger | 0:b86d15c6ba29 | 4230 | if (ret != 0 && anyError == 0) |
Vanger | 0:b86d15c6ba29 | 4231 | anyError = ret; /* save error from last time */ |
Vanger | 0:b86d15c6ba29 | 4232 | |
Vanger | 0:b86d15c6ba29 | 4233 | FreeDecodedCert(dCert); |
Vanger | 0:b86d15c6ba29 | 4234 | count--; |
Vanger | 0:b86d15c6ba29 | 4235 | } |
Vanger | 0:b86d15c6ba29 | 4236 | |
Vanger | 0:b86d15c6ba29 | 4237 | /* peer's, may not have one if blank client cert sent by TLSv1.2 */ |
Vanger | 0:b86d15c6ba29 | 4238 | if (count) { |
Vanger | 0:b86d15c6ba29 | 4239 | buffer myCert = certs[0]; |
Vanger | 0:b86d15c6ba29 | 4240 | int fatal = 0; |
Vanger | 0:b86d15c6ba29 | 4241 | |
Vanger | 0:b86d15c6ba29 | 4242 | CYASSL_MSG("Verifying Peer's cert"); |
Vanger | 0:b86d15c6ba29 | 4243 | |
Vanger | 0:b86d15c6ba29 | 4244 | InitDecodedCert(dCert, myCert.buffer, myCert.length, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 4245 | ret = ParseCertRelative(dCert, CERT_TYPE, !ssl->options.verifyNone, |
Vanger | 0:b86d15c6ba29 | 4246 | ssl->ctx->cm); |
Vanger | 0:b86d15c6ba29 | 4247 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 4248 | CYASSL_MSG("Verified Peer's cert"); |
Vanger | 0:b86d15c6ba29 | 4249 | fatal = 0; |
Vanger | 0:b86d15c6ba29 | 4250 | } |
Vanger | 0:b86d15c6ba29 | 4251 | else if (ret == ASN_PARSE_E) { |
Vanger | 0:b86d15c6ba29 | 4252 | CYASSL_MSG("Got Peer cert ASN PARSE ERROR, fatal"); |
Vanger | 0:b86d15c6ba29 | 4253 | fatal = 1; |
Vanger | 0:b86d15c6ba29 | 4254 | } |
Vanger | 0:b86d15c6ba29 | 4255 | else { |
Vanger | 0:b86d15c6ba29 | 4256 | CYASSL_MSG("Failed to verify Peer's cert"); |
Vanger | 0:b86d15c6ba29 | 4257 | if (ssl->verifyCallback) { |
Vanger | 0:b86d15c6ba29 | 4258 | CYASSL_MSG("\tCallback override available, will continue"); |
Vanger | 0:b86d15c6ba29 | 4259 | fatal = 0; |
Vanger | 0:b86d15c6ba29 | 4260 | } |
Vanger | 0:b86d15c6ba29 | 4261 | else { |
Vanger | 0:b86d15c6ba29 | 4262 | CYASSL_MSG("\tNo callback override available, fatal"); |
Vanger | 0:b86d15c6ba29 | 4263 | fatal = 1; |
Vanger | 0:b86d15c6ba29 | 4264 | } |
Vanger | 0:b86d15c6ba29 | 4265 | } |
Vanger | 0:b86d15c6ba29 | 4266 | |
Vanger | 0:b86d15c6ba29 | 4267 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 4268 | if (fatal == 0 && ssl->secure_renegotiation |
Vanger | 0:b86d15c6ba29 | 4269 | && ssl->secure_renegotiation->enabled) { |
Vanger | 0:b86d15c6ba29 | 4270 | |
Vanger | 0:b86d15c6ba29 | 4271 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 4272 | /* compare against previous time */ |
Vanger | 0:b86d15c6ba29 | 4273 | if (XMEMCMP(dCert->subjectHash, |
Vanger | 0:b86d15c6ba29 | 4274 | ssl->secure_renegotiation->subject_hash, |
Vanger | 0:b86d15c6ba29 | 4275 | SHA_DIGEST_SIZE) != 0) { |
Vanger | 0:b86d15c6ba29 | 4276 | CYASSL_MSG("Peer sent different cert during scr, fatal"); |
Vanger | 0:b86d15c6ba29 | 4277 | fatal = 1; |
Vanger | 0:b86d15c6ba29 | 4278 | ret = SCR_DIFFERENT_CERT_E; |
Vanger | 0:b86d15c6ba29 | 4279 | } |
Vanger | 0:b86d15c6ba29 | 4280 | } |
Vanger | 0:b86d15c6ba29 | 4281 | |
Vanger | 0:b86d15c6ba29 | 4282 | /* cache peer's hash */ |
Vanger | 0:b86d15c6ba29 | 4283 | if (fatal == 0) { |
Vanger | 0:b86d15c6ba29 | 4284 | XMEMCPY(ssl->secure_renegotiation->subject_hash, |
Vanger | 0:b86d15c6ba29 | 4285 | dCert->subjectHash, SHA_DIGEST_SIZE); |
Vanger | 0:b86d15c6ba29 | 4286 | } |
Vanger | 0:b86d15c6ba29 | 4287 | } |
Vanger | 0:b86d15c6ba29 | 4288 | #endif |
Vanger | 0:b86d15c6ba29 | 4289 | |
Vanger | 0:b86d15c6ba29 | 4290 | #ifdef HAVE_OCSP |
Vanger | 0:b86d15c6ba29 | 4291 | if (fatal == 0 && ssl->ctx->cm->ocspEnabled) { |
Vanger | 0:b86d15c6ba29 | 4292 | ret = CheckCertOCSP(ssl->ctx->cm->ocsp, dCert); |
Vanger | 0:b86d15c6ba29 | 4293 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 4294 | CYASSL_MSG("\tOCSP Lookup not ok"); |
Vanger | 0:b86d15c6ba29 | 4295 | fatal = 0; |
Vanger | 0:b86d15c6ba29 | 4296 | } |
Vanger | 0:b86d15c6ba29 | 4297 | } |
Vanger | 0:b86d15c6ba29 | 4298 | #endif |
Vanger | 0:b86d15c6ba29 | 4299 | |
Vanger | 0:b86d15c6ba29 | 4300 | #ifdef HAVE_CRL |
Vanger | 0:b86d15c6ba29 | 4301 | if (fatal == 0 && ssl->ctx->cm->crlEnabled) { |
Vanger | 0:b86d15c6ba29 | 4302 | int doCrlLookup = 1; |
Vanger | 0:b86d15c6ba29 | 4303 | |
Vanger | 0:b86d15c6ba29 | 4304 | #ifdef HAVE_OCSP |
Vanger | 0:b86d15c6ba29 | 4305 | if (ssl->ctx->cm->ocspEnabled) { |
Vanger | 0:b86d15c6ba29 | 4306 | doCrlLookup = (ret == OCSP_CERT_UNKNOWN); |
Vanger | 0:b86d15c6ba29 | 4307 | } |
Vanger | 0:b86d15c6ba29 | 4308 | #endif /* HAVE_OCSP */ |
Vanger | 0:b86d15c6ba29 | 4309 | |
Vanger | 0:b86d15c6ba29 | 4310 | if (doCrlLookup) { |
Vanger | 0:b86d15c6ba29 | 4311 | CYASSL_MSG("Doing Leaf CRL check"); |
Vanger | 0:b86d15c6ba29 | 4312 | ret = CheckCertCRL(ssl->ctx->cm->crl, dCert); |
Vanger | 0:b86d15c6ba29 | 4313 | |
Vanger | 0:b86d15c6ba29 | 4314 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 4315 | CYASSL_MSG("\tCRL check not ok"); |
Vanger | 0:b86d15c6ba29 | 4316 | fatal = 0; |
Vanger | 0:b86d15c6ba29 | 4317 | } |
Vanger | 0:b86d15c6ba29 | 4318 | } |
Vanger | 0:b86d15c6ba29 | 4319 | } |
Vanger | 0:b86d15c6ba29 | 4320 | |
Vanger | 0:b86d15c6ba29 | 4321 | #endif /* HAVE_CRL */ |
Vanger | 0:b86d15c6ba29 | 4322 | |
Vanger | 0:b86d15c6ba29 | 4323 | #ifdef KEEP_PEER_CERT |
Vanger | 0:b86d15c6ba29 | 4324 | { |
Vanger | 0:b86d15c6ba29 | 4325 | /* set X509 format for peer cert even if fatal */ |
Vanger | 0:b86d15c6ba29 | 4326 | int copyRet = CopyDecodedToX509(&ssl->peerCert, dCert); |
Vanger | 0:b86d15c6ba29 | 4327 | if (copyRet == MEMORY_E) |
Vanger | 0:b86d15c6ba29 | 4328 | fatal = 1; |
Vanger | 0:b86d15c6ba29 | 4329 | } |
Vanger | 0:b86d15c6ba29 | 4330 | #endif |
Vanger | 0:b86d15c6ba29 | 4331 | |
Vanger | 0:b86d15c6ba29 | 4332 | #ifndef IGNORE_KEY_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 4333 | if (dCert->extKeyUsageSet) { |
Vanger | 0:b86d15c6ba29 | 4334 | if ((ssl->specs.kea == rsa_kea) && |
Vanger | 0:b86d15c6ba29 | 4335 | (dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) { |
Vanger | 0:b86d15c6ba29 | 4336 | ret = KEYUSE_ENCIPHER_E; |
Vanger | 0:b86d15c6ba29 | 4337 | } |
Vanger | 0:b86d15c6ba29 | 4338 | if ((ssl->specs.sig_algo == rsa_sa_algo || |
Vanger | 0:b86d15c6ba29 | 4339 | (ssl->specs.sig_algo == ecc_dsa_sa_algo && |
Vanger | 0:b86d15c6ba29 | 4340 | !ssl->specs.static_ecdh)) && |
Vanger | 0:b86d15c6ba29 | 4341 | (dCert->extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) { |
Vanger | 0:b86d15c6ba29 | 4342 | CYASSL_MSG("KeyUse Digital Sig not set"); |
Vanger | 0:b86d15c6ba29 | 4343 | ret = KEYUSE_SIGNATURE_E; |
Vanger | 0:b86d15c6ba29 | 4344 | } |
Vanger | 0:b86d15c6ba29 | 4345 | } |
Vanger | 0:b86d15c6ba29 | 4346 | |
Vanger | 0:b86d15c6ba29 | 4347 | if (dCert->extExtKeyUsageSet) { |
Vanger | 0:b86d15c6ba29 | 4348 | if (ssl->options.side == CYASSL_CLIENT_END) { |
Vanger | 0:b86d15c6ba29 | 4349 | if ((dCert->extExtKeyUsage & |
Vanger | 0:b86d15c6ba29 | 4350 | (EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) { |
Vanger | 0:b86d15c6ba29 | 4351 | CYASSL_MSG("ExtKeyUse Server Auth not set"); |
Vanger | 0:b86d15c6ba29 | 4352 | ret = EXTKEYUSE_AUTH_E; |
Vanger | 0:b86d15c6ba29 | 4353 | } |
Vanger | 0:b86d15c6ba29 | 4354 | } |
Vanger | 0:b86d15c6ba29 | 4355 | else { |
Vanger | 0:b86d15c6ba29 | 4356 | if ((dCert->extExtKeyUsage & |
Vanger | 0:b86d15c6ba29 | 4357 | (EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) { |
Vanger | 0:b86d15c6ba29 | 4358 | CYASSL_MSG("ExtKeyUse Client Auth not set"); |
Vanger | 0:b86d15c6ba29 | 4359 | ret = EXTKEYUSE_AUTH_E; |
Vanger | 0:b86d15c6ba29 | 4360 | } |
Vanger | 0:b86d15c6ba29 | 4361 | } |
Vanger | 0:b86d15c6ba29 | 4362 | } |
Vanger | 0:b86d15c6ba29 | 4363 | #endif /* IGNORE_KEY_EXTENSIONS */ |
Vanger | 0:b86d15c6ba29 | 4364 | |
Vanger | 0:b86d15c6ba29 | 4365 | if (fatal) { |
Vanger | 0:b86d15c6ba29 | 4366 | FreeDecodedCert(dCert); |
Vanger | 0:b86d15c6ba29 | 4367 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 4368 | XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 4369 | #endif |
Vanger | 0:b86d15c6ba29 | 4370 | ssl->error = ret; |
Vanger | 0:b86d15c6ba29 | 4371 | return ret; |
Vanger | 0:b86d15c6ba29 | 4372 | } |
Vanger | 0:b86d15c6ba29 | 4373 | ssl->options.havePeerCert = 1; |
Vanger | 0:b86d15c6ba29 | 4374 | |
Vanger | 0:b86d15c6ba29 | 4375 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 4376 | domain = (char*)XMALLOC(ASN_NAME_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 4377 | if (domain == NULL) { |
Vanger | 0:b86d15c6ba29 | 4378 | FreeDecodedCert(dCert); |
Vanger | 0:b86d15c6ba29 | 4379 | XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 4380 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 4381 | } |
Vanger | 0:b86d15c6ba29 | 4382 | #endif |
Vanger | 0:b86d15c6ba29 | 4383 | /* store for callback use */ |
Vanger | 0:b86d15c6ba29 | 4384 | if (dCert->subjectCNLen < ASN_NAME_MAX) { |
Vanger | 0:b86d15c6ba29 | 4385 | XMEMCPY(domain, dCert->subjectCN, dCert->subjectCNLen); |
Vanger | 0:b86d15c6ba29 | 4386 | domain[dCert->subjectCNLen] = '\0'; |
Vanger | 0:b86d15c6ba29 | 4387 | } |
Vanger | 0:b86d15c6ba29 | 4388 | else |
Vanger | 0:b86d15c6ba29 | 4389 | domain[0] = '\0'; |
Vanger | 0:b86d15c6ba29 | 4390 | |
Vanger | 0:b86d15c6ba29 | 4391 | if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) { |
Vanger | 0:b86d15c6ba29 | 4392 | if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen, |
Vanger | 0:b86d15c6ba29 | 4393 | (char*)ssl->buffers.domainName.buffer) == 0) { |
Vanger | 0:b86d15c6ba29 | 4394 | CYASSL_MSG("DomainName match on common name failed"); |
Vanger | 0:b86d15c6ba29 | 4395 | if (CheckAltNames(dCert, |
Vanger | 0:b86d15c6ba29 | 4396 | (char*)ssl->buffers.domainName.buffer) == 0 ) { |
Vanger | 0:b86d15c6ba29 | 4397 | CYASSL_MSG("DomainName match on alt names failed too"); |
Vanger | 0:b86d15c6ba29 | 4398 | ret = DOMAIN_NAME_MISMATCH; /* try to get peer key still */ |
Vanger | 0:b86d15c6ba29 | 4399 | } |
Vanger | 0:b86d15c6ba29 | 4400 | } |
Vanger | 0:b86d15c6ba29 | 4401 | } |
Vanger | 0:b86d15c6ba29 | 4402 | |
Vanger | 0:b86d15c6ba29 | 4403 | /* decode peer key */ |
Vanger | 0:b86d15c6ba29 | 4404 | switch (dCert->keyOID) { |
Vanger | 0:b86d15c6ba29 | 4405 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 4406 | case RSAk: |
Vanger | 0:b86d15c6ba29 | 4407 | { |
Vanger | 0:b86d15c6ba29 | 4408 | word32 idx = 0; |
Vanger | 0:b86d15c6ba29 | 4409 | int keyRet = 0; |
Vanger | 0:b86d15c6ba29 | 4410 | |
Vanger | 0:b86d15c6ba29 | 4411 | if (ssl->peerRsaKeyPresent) { /* don't leak on reuse */ |
Vanger | 0:b86d15c6ba29 | 4412 | FreeRsaKey(ssl->peerRsaKey); |
Vanger | 0:b86d15c6ba29 | 4413 | ssl->peerRsaKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 4414 | keyRet = InitRsaKey(ssl->peerRsaKey, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 4415 | } |
Vanger | 0:b86d15c6ba29 | 4416 | |
Vanger | 0:b86d15c6ba29 | 4417 | if (keyRet != 0 || RsaPublicKeyDecode(dCert->publicKey, |
Vanger | 0:b86d15c6ba29 | 4418 | &idx, ssl->peerRsaKey, dCert->pubKeySize) != 0) { |
Vanger | 0:b86d15c6ba29 | 4419 | ret = PEER_KEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 4420 | } |
Vanger | 0:b86d15c6ba29 | 4421 | else { |
Vanger | 0:b86d15c6ba29 | 4422 | ssl->peerRsaKeyPresent = 1; |
Vanger | 0:b86d15c6ba29 | 4423 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 4424 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 4425 | ssl->buffers.peerRsaKey.buffer = |
Vanger | 0:b86d15c6ba29 | 4426 | (byte*)XMALLOC(dCert->pubKeySize, |
Vanger | 0:b86d15c6ba29 | 4427 | ssl->heap, DYNAMIC_TYPE_RSA); |
Vanger | 0:b86d15c6ba29 | 4428 | if (ssl->buffers.peerRsaKey.buffer == NULL) |
Vanger | 0:b86d15c6ba29 | 4429 | ret = MEMORY_ERROR; |
Vanger | 0:b86d15c6ba29 | 4430 | else { |
Vanger | 0:b86d15c6ba29 | 4431 | XMEMCPY(ssl->buffers.peerRsaKey.buffer, |
Vanger | 0:b86d15c6ba29 | 4432 | dCert->publicKey, dCert->pubKeySize); |
Vanger | 0:b86d15c6ba29 | 4433 | ssl->buffers.peerRsaKey.length = |
Vanger | 0:b86d15c6ba29 | 4434 | dCert->pubKeySize; |
Vanger | 0:b86d15c6ba29 | 4435 | } |
Vanger | 0:b86d15c6ba29 | 4436 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 4437 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 4438 | } |
Vanger | 0:b86d15c6ba29 | 4439 | } |
Vanger | 0:b86d15c6ba29 | 4440 | break; |
Vanger | 0:b86d15c6ba29 | 4441 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 4442 | #ifdef HAVE_NTRU |
Vanger | 0:b86d15c6ba29 | 4443 | case NTRUk: |
Vanger | 0:b86d15c6ba29 | 4444 | { |
Vanger | 0:b86d15c6ba29 | 4445 | if (dCert->pubKeySize > sizeof(ssl->peerNtruKey)) { |
Vanger | 0:b86d15c6ba29 | 4446 | ret = PEER_KEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 4447 | } |
Vanger | 0:b86d15c6ba29 | 4448 | else { |
Vanger | 0:b86d15c6ba29 | 4449 | XMEMCPY(ssl->peerNtruKey, dCert->publicKey, |
Vanger | 0:b86d15c6ba29 | 4450 | dCert->pubKeySize); |
Vanger | 0:b86d15c6ba29 | 4451 | ssl->peerNtruKeyLen = (word16)dCert->pubKeySize; |
Vanger | 0:b86d15c6ba29 | 4452 | ssl->peerNtruKeyPresent = 1; |
Vanger | 0:b86d15c6ba29 | 4453 | } |
Vanger | 0:b86d15c6ba29 | 4454 | } |
Vanger | 0:b86d15c6ba29 | 4455 | break; |
Vanger | 0:b86d15c6ba29 | 4456 | #endif /* HAVE_NTRU */ |
Vanger | 0:b86d15c6ba29 | 4457 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 4458 | case ECDSAk: |
Vanger | 0:b86d15c6ba29 | 4459 | { |
Vanger | 0:b86d15c6ba29 | 4460 | if (ssl->peerEccDsaKeyPresent) { /* don't leak on reuse */ |
Vanger | 0:b86d15c6ba29 | 4461 | ecc_free(ssl->peerEccDsaKey); |
Vanger | 0:b86d15c6ba29 | 4462 | ssl->peerEccDsaKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 4463 | ecc_init(ssl->peerEccDsaKey); |
Vanger | 0:b86d15c6ba29 | 4464 | } |
Vanger | 0:b86d15c6ba29 | 4465 | if (ecc_import_x963(dCert->publicKey, dCert->pubKeySize, |
Vanger | 0:b86d15c6ba29 | 4466 | ssl->peerEccDsaKey) != 0) { |
Vanger | 0:b86d15c6ba29 | 4467 | ret = PEER_KEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 4468 | } |
Vanger | 0:b86d15c6ba29 | 4469 | else { |
Vanger | 0:b86d15c6ba29 | 4470 | ssl->peerEccDsaKeyPresent = 1; |
Vanger | 0:b86d15c6ba29 | 4471 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 4472 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 4473 | ssl->buffers.peerEccDsaKey.buffer = |
Vanger | 0:b86d15c6ba29 | 4474 | (byte*)XMALLOC(dCert->pubKeySize, |
Vanger | 0:b86d15c6ba29 | 4475 | ssl->heap, DYNAMIC_TYPE_ECC); |
Vanger | 0:b86d15c6ba29 | 4476 | if (ssl->buffers.peerEccDsaKey.buffer == NULL) |
Vanger | 0:b86d15c6ba29 | 4477 | ret = MEMORY_ERROR; |
Vanger | 0:b86d15c6ba29 | 4478 | else { |
Vanger | 0:b86d15c6ba29 | 4479 | XMEMCPY(ssl->buffers.peerEccDsaKey.buffer, |
Vanger | 0:b86d15c6ba29 | 4480 | dCert->publicKey, dCert->pubKeySize); |
Vanger | 0:b86d15c6ba29 | 4481 | ssl->buffers.peerEccDsaKey.length = |
Vanger | 0:b86d15c6ba29 | 4482 | dCert->pubKeySize; |
Vanger | 0:b86d15c6ba29 | 4483 | } |
Vanger | 0:b86d15c6ba29 | 4484 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 4485 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 4486 | } |
Vanger | 0:b86d15c6ba29 | 4487 | } |
Vanger | 0:b86d15c6ba29 | 4488 | break; |
Vanger | 0:b86d15c6ba29 | 4489 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 4490 | default: |
Vanger | 0:b86d15c6ba29 | 4491 | break; |
Vanger | 0:b86d15c6ba29 | 4492 | } |
Vanger | 0:b86d15c6ba29 | 4493 | |
Vanger | 0:b86d15c6ba29 | 4494 | FreeDecodedCert(dCert); |
Vanger | 0:b86d15c6ba29 | 4495 | } |
Vanger | 0:b86d15c6ba29 | 4496 | |
Vanger | 0:b86d15c6ba29 | 4497 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 4498 | XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 4499 | |
Vanger | 0:b86d15c6ba29 | 4500 | store = (CYASSL_X509_STORE_CTX*)XMALLOC(sizeof(CYASSL_X509_STORE_CTX), |
Vanger | 0:b86d15c6ba29 | 4501 | NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 4502 | if (store == NULL) { |
Vanger | 0:b86d15c6ba29 | 4503 | XFREE(domain, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 4504 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 4505 | } |
Vanger | 0:b86d15c6ba29 | 4506 | #endif |
Vanger | 0:b86d15c6ba29 | 4507 | |
Vanger | 0:b86d15c6ba29 | 4508 | if (anyError != 0 && ret == 0) |
Vanger | 0:b86d15c6ba29 | 4509 | ret = anyError; |
Vanger | 0:b86d15c6ba29 | 4510 | |
Vanger | 0:b86d15c6ba29 | 4511 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 4512 | if (!ssl->options.verifyNone) { |
Vanger | 0:b86d15c6ba29 | 4513 | int why = bad_certificate; |
Vanger | 0:b86d15c6ba29 | 4514 | |
Vanger | 0:b86d15c6ba29 | 4515 | if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) |
Vanger | 0:b86d15c6ba29 | 4516 | why = certificate_expired; |
Vanger | 0:b86d15c6ba29 | 4517 | if (ssl->verifyCallback) { |
Vanger | 0:b86d15c6ba29 | 4518 | int ok; |
Vanger | 0:b86d15c6ba29 | 4519 | |
Vanger | 0:b86d15c6ba29 | 4520 | store->error = ret; |
Vanger | 0:b86d15c6ba29 | 4521 | store->error_depth = totalCerts; |
Vanger | 0:b86d15c6ba29 | 4522 | store->discardSessionCerts = 0; |
Vanger | 0:b86d15c6ba29 | 4523 | store->domain = domain; |
Vanger | 0:b86d15c6ba29 | 4524 | store->userCtx = ssl->verifyCbCtx; |
Vanger | 0:b86d15c6ba29 | 4525 | #ifdef KEEP_PEER_CERT |
Vanger | 0:b86d15c6ba29 | 4526 | store->current_cert = &ssl->peerCert; |
Vanger | 0:b86d15c6ba29 | 4527 | #else |
Vanger | 0:b86d15c6ba29 | 4528 | store->current_cert = NULL; |
Vanger | 0:b86d15c6ba29 | 4529 | #endif |
Vanger | 0:b86d15c6ba29 | 4530 | #ifdef FORTRESS |
Vanger | 0:b86d15c6ba29 | 4531 | store->ex_data = ssl; |
Vanger | 0:b86d15c6ba29 | 4532 | #endif |
Vanger | 0:b86d15c6ba29 | 4533 | ok = ssl->verifyCallback(0, store); |
Vanger | 0:b86d15c6ba29 | 4534 | if (ok) { |
Vanger | 0:b86d15c6ba29 | 4535 | CYASSL_MSG("Verify callback overriding error!"); |
Vanger | 0:b86d15c6ba29 | 4536 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 4537 | } |
Vanger | 0:b86d15c6ba29 | 4538 | #ifdef SESSION_CERTS |
Vanger | 0:b86d15c6ba29 | 4539 | if (store->discardSessionCerts) { |
Vanger | 0:b86d15c6ba29 | 4540 | CYASSL_MSG("Verify callback requested discard sess certs"); |
Vanger | 0:b86d15c6ba29 | 4541 | ssl->session.chain.count = 0; |
Vanger | 0:b86d15c6ba29 | 4542 | } |
Vanger | 0:b86d15c6ba29 | 4543 | #endif |
Vanger | 0:b86d15c6ba29 | 4544 | } |
Vanger | 0:b86d15c6ba29 | 4545 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 4546 | SendAlert(ssl, alert_fatal, why); /* try to send */ |
Vanger | 0:b86d15c6ba29 | 4547 | ssl->options.isClosed = 1; |
Vanger | 0:b86d15c6ba29 | 4548 | } |
Vanger | 0:b86d15c6ba29 | 4549 | } |
Vanger | 0:b86d15c6ba29 | 4550 | ssl->error = ret; |
Vanger | 0:b86d15c6ba29 | 4551 | } |
Vanger | 0:b86d15c6ba29 | 4552 | #ifdef CYASSL_ALWAYS_VERIFY_CB |
Vanger | 0:b86d15c6ba29 | 4553 | else { |
Vanger | 0:b86d15c6ba29 | 4554 | if (ssl->verifyCallback) { |
Vanger | 0:b86d15c6ba29 | 4555 | int ok; |
Vanger | 0:b86d15c6ba29 | 4556 | |
Vanger | 0:b86d15c6ba29 | 4557 | store->error = ret; |
Vanger | 0:b86d15c6ba29 | 4558 | store->error_depth = totalCerts; |
Vanger | 0:b86d15c6ba29 | 4559 | store->discardSessionCerts = 0; |
Vanger | 0:b86d15c6ba29 | 4560 | store->domain = domain; |
Vanger | 0:b86d15c6ba29 | 4561 | store->userCtx = ssl->verifyCbCtx; |
Vanger | 0:b86d15c6ba29 | 4562 | #ifdef KEEP_PEER_CERT |
Vanger | 0:b86d15c6ba29 | 4563 | store->current_cert = &ssl->peerCert; |
Vanger | 0:b86d15c6ba29 | 4564 | #endif |
Vanger | 0:b86d15c6ba29 | 4565 | store->ex_data = ssl; |
Vanger | 0:b86d15c6ba29 | 4566 | |
Vanger | 0:b86d15c6ba29 | 4567 | ok = ssl->verifyCallback(1, store); |
Vanger | 0:b86d15c6ba29 | 4568 | if (!ok) { |
Vanger | 0:b86d15c6ba29 | 4569 | CYASSL_MSG("Verify callback overriding valid certificate!"); |
Vanger | 0:b86d15c6ba29 | 4570 | ret = -1; |
Vanger | 0:b86d15c6ba29 | 4571 | SendAlert(ssl, alert_fatal, bad_certificate); |
Vanger | 0:b86d15c6ba29 | 4572 | ssl->options.isClosed = 1; |
Vanger | 0:b86d15c6ba29 | 4573 | } |
Vanger | 0:b86d15c6ba29 | 4574 | #ifdef SESSION_CERTS |
Vanger | 0:b86d15c6ba29 | 4575 | if (store->discardSessionCerts) { |
Vanger | 0:b86d15c6ba29 | 4576 | CYASSL_MSG("Verify callback requested discard sess certs"); |
Vanger | 0:b86d15c6ba29 | 4577 | ssl->session.chain.count = 0; |
Vanger | 0:b86d15c6ba29 | 4578 | } |
Vanger | 0:b86d15c6ba29 | 4579 | #endif |
Vanger | 0:b86d15c6ba29 | 4580 | } |
Vanger | 0:b86d15c6ba29 | 4581 | } |
Vanger | 0:b86d15c6ba29 | 4582 | #endif |
Vanger | 0:b86d15c6ba29 | 4583 | |
Vanger | 0:b86d15c6ba29 | 4584 | if (ssl->options.verifyNone && |
Vanger | 0:b86d15c6ba29 | 4585 | (ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) { |
Vanger | 0:b86d15c6ba29 | 4586 | CYASSL_MSG("Ignoring CRL problem based on verify setting"); |
Vanger | 0:b86d15c6ba29 | 4587 | ret = ssl->error = 0; |
Vanger | 0:b86d15c6ba29 | 4588 | } |
Vanger | 0:b86d15c6ba29 | 4589 | |
Vanger | 0:b86d15c6ba29 | 4590 | if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END) |
Vanger | 0:b86d15c6ba29 | 4591 | ssl->options.serverState = SERVER_CERT_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 4592 | |
Vanger | 0:b86d15c6ba29 | 4593 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 4594 | *inOutIdx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 4595 | } |
Vanger | 0:b86d15c6ba29 | 4596 | |
Vanger | 0:b86d15c6ba29 | 4597 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 4598 | XFREE(store, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 4599 | XFREE(domain, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 4600 | #endif |
Vanger | 0:b86d15c6ba29 | 4601 | |
Vanger | 0:b86d15c6ba29 | 4602 | return ret; |
Vanger | 0:b86d15c6ba29 | 4603 | } |
Vanger | 0:b86d15c6ba29 | 4604 | |
Vanger | 0:b86d15c6ba29 | 4605 | #endif /* !NO_CERTS */ |
Vanger | 0:b86d15c6ba29 | 4606 | |
Vanger | 0:b86d15c6ba29 | 4607 | |
Vanger | 0:b86d15c6ba29 | 4608 | static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 4609 | word32 size, word32 totalSz) |
Vanger | 0:b86d15c6ba29 | 4610 | { |
Vanger | 0:b86d15c6ba29 | 4611 | (void)input; |
Vanger | 0:b86d15c6ba29 | 4612 | |
Vanger | 0:b86d15c6ba29 | 4613 | if (size) /* must be 0 */ |
Vanger | 0:b86d15c6ba29 | 4614 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 4615 | |
Vanger | 0:b86d15c6ba29 | 4616 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 4617 | /* access beyond input + size should be checked against totalSz */ |
Vanger | 0:b86d15c6ba29 | 4618 | if (*inOutIdx + ssl->keys.padSz > totalSz) |
Vanger | 0:b86d15c6ba29 | 4619 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 4620 | |
Vanger | 0:b86d15c6ba29 | 4621 | *inOutIdx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 4622 | } |
Vanger | 0:b86d15c6ba29 | 4623 | |
Vanger | 0:b86d15c6ba29 | 4624 | if (ssl->options.side == CYASSL_SERVER_END) { |
Vanger | 0:b86d15c6ba29 | 4625 | SendAlert(ssl, alert_fatal, unexpected_message); /* try */ |
Vanger | 0:b86d15c6ba29 | 4626 | return FATAL_ERROR; |
Vanger | 0:b86d15c6ba29 | 4627 | } |
Vanger | 0:b86d15c6ba29 | 4628 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 4629 | else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) { |
Vanger | 0:b86d15c6ba29 | 4630 | ssl->secure_renegotiation->startScr = 1; |
Vanger | 0:b86d15c6ba29 | 4631 | return 0; |
Vanger | 0:b86d15c6ba29 | 4632 | } |
Vanger | 0:b86d15c6ba29 | 4633 | #endif |
Vanger | 0:b86d15c6ba29 | 4634 | else { |
Vanger | 0:b86d15c6ba29 | 4635 | return SendAlert(ssl, alert_warning, no_renegotiation); |
Vanger | 0:b86d15c6ba29 | 4636 | } |
Vanger | 0:b86d15c6ba29 | 4637 | } |
Vanger | 0:b86d15c6ba29 | 4638 | |
Vanger | 0:b86d15c6ba29 | 4639 | |
Vanger | 0:b86d15c6ba29 | 4640 | int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, |
Vanger | 0:b86d15c6ba29 | 4641 | word32 totalSz, int sniff) |
Vanger | 0:b86d15c6ba29 | 4642 | { |
Vanger | 0:b86d15c6ba29 | 4643 | word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ); |
Vanger | 0:b86d15c6ba29 | 4644 | |
Vanger | 0:b86d15c6ba29 | 4645 | if (finishedSz != size) |
Vanger | 0:b86d15c6ba29 | 4646 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 4647 | |
Vanger | 0:b86d15c6ba29 | 4648 | /* check against totalSz */ |
Vanger | 0:b86d15c6ba29 | 4649 | if (*inOutIdx + size + ssl->keys.padSz > totalSz) |
Vanger | 0:b86d15c6ba29 | 4650 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 4651 | |
Vanger | 0:b86d15c6ba29 | 4652 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 4653 | if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 4654 | if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 4655 | #endif |
Vanger | 0:b86d15c6ba29 | 4656 | |
Vanger | 0:b86d15c6ba29 | 4657 | if (sniff == NO_SNIFF) { |
Vanger | 0:b86d15c6ba29 | 4658 | if (XMEMCMP(input + *inOutIdx, &ssl->verifyHashes, size) != 0) { |
Vanger | 0:b86d15c6ba29 | 4659 | CYASSL_MSG("Verify finished error on hashes"); |
Vanger | 0:b86d15c6ba29 | 4660 | return VERIFY_FINISHED_ERROR; |
Vanger | 0:b86d15c6ba29 | 4661 | } |
Vanger | 0:b86d15c6ba29 | 4662 | } |
Vanger | 0:b86d15c6ba29 | 4663 | |
Vanger | 0:b86d15c6ba29 | 4664 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 4665 | if (ssl->secure_renegotiation) { |
Vanger | 0:b86d15c6ba29 | 4666 | /* save peer's state */ |
Vanger | 0:b86d15c6ba29 | 4667 | if (ssl->options.side == CYASSL_CLIENT_END) |
Vanger | 0:b86d15c6ba29 | 4668 | XMEMCPY(ssl->secure_renegotiation->server_verify_data, |
Vanger | 0:b86d15c6ba29 | 4669 | input + *inOutIdx, TLS_FINISHED_SZ); |
Vanger | 0:b86d15c6ba29 | 4670 | else |
Vanger | 0:b86d15c6ba29 | 4671 | XMEMCPY(ssl->secure_renegotiation->client_verify_data, |
Vanger | 0:b86d15c6ba29 | 4672 | input + *inOutIdx, TLS_FINISHED_SZ); |
Vanger | 0:b86d15c6ba29 | 4673 | } |
Vanger | 0:b86d15c6ba29 | 4674 | #endif |
Vanger | 0:b86d15c6ba29 | 4675 | |
Vanger | 0:b86d15c6ba29 | 4676 | /* force input exhaustion at ProcessReply consuming padSz */ |
Vanger | 0:b86d15c6ba29 | 4677 | *inOutIdx += size + ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 4678 | |
Vanger | 0:b86d15c6ba29 | 4679 | if (ssl->options.side == CYASSL_CLIENT_END) { |
Vanger | 0:b86d15c6ba29 | 4680 | ssl->options.serverState = SERVER_FINISHED_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 4681 | if (!ssl->options.resuming) { |
Vanger | 0:b86d15c6ba29 | 4682 | ssl->options.handShakeState = HANDSHAKE_DONE; |
Vanger | 0:b86d15c6ba29 | 4683 | ssl->options.handShakeDone = 1; |
Vanger | 0:b86d15c6ba29 | 4684 | |
Vanger | 0:b86d15c6ba29 | 4685 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 4686 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 4687 | /* Other side has received our Finished, go to next epoch */ |
Vanger | 0:b86d15c6ba29 | 4688 | ssl->keys.dtls_epoch++; |
Vanger | 0:b86d15c6ba29 | 4689 | ssl->keys.dtls_sequence_number = 1; |
Vanger | 0:b86d15c6ba29 | 4690 | } |
Vanger | 0:b86d15c6ba29 | 4691 | #endif |
Vanger | 0:b86d15c6ba29 | 4692 | } |
Vanger | 0:b86d15c6ba29 | 4693 | } |
Vanger | 0:b86d15c6ba29 | 4694 | else { |
Vanger | 0:b86d15c6ba29 | 4695 | ssl->options.clientState = CLIENT_FINISHED_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 4696 | if (ssl->options.resuming) { |
Vanger | 0:b86d15c6ba29 | 4697 | ssl->options.handShakeState = HANDSHAKE_DONE; |
Vanger | 0:b86d15c6ba29 | 4698 | ssl->options.handShakeDone = 1; |
Vanger | 0:b86d15c6ba29 | 4699 | |
Vanger | 0:b86d15c6ba29 | 4700 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 4701 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 4702 | /* Other side has received our Finished, go to next epoch */ |
Vanger | 0:b86d15c6ba29 | 4703 | ssl->keys.dtls_epoch++; |
Vanger | 0:b86d15c6ba29 | 4704 | ssl->keys.dtls_sequence_number = 1; |
Vanger | 0:b86d15c6ba29 | 4705 | } |
Vanger | 0:b86d15c6ba29 | 4706 | #endif |
Vanger | 0:b86d15c6ba29 | 4707 | } |
Vanger | 0:b86d15c6ba29 | 4708 | } |
Vanger | 0:b86d15c6ba29 | 4709 | |
Vanger | 0:b86d15c6ba29 | 4710 | return 0; |
Vanger | 0:b86d15c6ba29 | 4711 | } |
Vanger | 0:b86d15c6ba29 | 4712 | |
Vanger | 0:b86d15c6ba29 | 4713 | |
Vanger | 0:b86d15c6ba29 | 4714 | /* Make sure no duplicates, no fast forward, or other problems; 0 on success */ |
Vanger | 0:b86d15c6ba29 | 4715 | static int SanityCheckMsgReceived(CYASSL* ssl, byte type) |
Vanger | 0:b86d15c6ba29 | 4716 | { |
Vanger | 0:b86d15c6ba29 | 4717 | /* verify not a duplicate, mark received, check state */ |
Vanger | 0:b86d15c6ba29 | 4718 | switch (type) { |
Vanger | 0:b86d15c6ba29 | 4719 | |
Vanger | 0:b86d15c6ba29 | 4720 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 4721 | case hello_request: |
Vanger | 0:b86d15c6ba29 | 4722 | if (ssl->msgsReceived.got_hello_request) { |
Vanger | 0:b86d15c6ba29 | 4723 | CYASSL_MSG("Duplicate HelloRequest received"); |
Vanger | 0:b86d15c6ba29 | 4724 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4725 | } |
Vanger | 0:b86d15c6ba29 | 4726 | ssl->msgsReceived.got_hello_request = 1; |
Vanger | 0:b86d15c6ba29 | 4727 | |
Vanger | 0:b86d15c6ba29 | 4728 | break; |
Vanger | 0:b86d15c6ba29 | 4729 | #endif |
Vanger | 0:b86d15c6ba29 | 4730 | |
Vanger | 0:b86d15c6ba29 | 4731 | #ifndef NO_CYASSL_SERVER |
Vanger | 0:b86d15c6ba29 | 4732 | case client_hello: |
Vanger | 0:b86d15c6ba29 | 4733 | if (ssl->msgsReceived.got_client_hello) { |
Vanger | 0:b86d15c6ba29 | 4734 | CYASSL_MSG("Duplicate ClientHello received"); |
Vanger | 0:b86d15c6ba29 | 4735 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4736 | } |
Vanger | 0:b86d15c6ba29 | 4737 | ssl->msgsReceived.got_client_hello = 1; |
Vanger | 0:b86d15c6ba29 | 4738 | |
Vanger | 0:b86d15c6ba29 | 4739 | break; |
Vanger | 0:b86d15c6ba29 | 4740 | #endif |
Vanger | 0:b86d15c6ba29 | 4741 | |
Vanger | 0:b86d15c6ba29 | 4742 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 4743 | case server_hello: |
Vanger | 0:b86d15c6ba29 | 4744 | if (ssl->msgsReceived.got_server_hello) { |
Vanger | 0:b86d15c6ba29 | 4745 | CYASSL_MSG("Duplicate ServerHello received"); |
Vanger | 0:b86d15c6ba29 | 4746 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4747 | } |
Vanger | 0:b86d15c6ba29 | 4748 | ssl->msgsReceived.got_server_hello = 1; |
Vanger | 0:b86d15c6ba29 | 4749 | |
Vanger | 0:b86d15c6ba29 | 4750 | break; |
Vanger | 0:b86d15c6ba29 | 4751 | #endif |
Vanger | 0:b86d15c6ba29 | 4752 | |
Vanger | 0:b86d15c6ba29 | 4753 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 4754 | case hello_verify_request: |
Vanger | 0:b86d15c6ba29 | 4755 | if (ssl->msgsReceived.got_hello_verify_request) { |
Vanger | 0:b86d15c6ba29 | 4756 | CYASSL_MSG("Duplicate HelloVerifyRequest received"); |
Vanger | 0:b86d15c6ba29 | 4757 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4758 | } |
Vanger | 0:b86d15c6ba29 | 4759 | ssl->msgsReceived.got_hello_verify_request = 1; |
Vanger | 0:b86d15c6ba29 | 4760 | |
Vanger | 0:b86d15c6ba29 | 4761 | break; |
Vanger | 0:b86d15c6ba29 | 4762 | #endif |
Vanger | 0:b86d15c6ba29 | 4763 | |
Vanger | 0:b86d15c6ba29 | 4764 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 4765 | case session_ticket: |
Vanger | 0:b86d15c6ba29 | 4766 | if (ssl->msgsReceived.got_session_ticket) { |
Vanger | 0:b86d15c6ba29 | 4767 | CYASSL_MSG("Duplicate SessionTicket received"); |
Vanger | 0:b86d15c6ba29 | 4768 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4769 | } |
Vanger | 0:b86d15c6ba29 | 4770 | ssl->msgsReceived.got_session_ticket = 1; |
Vanger | 0:b86d15c6ba29 | 4771 | |
Vanger | 0:b86d15c6ba29 | 4772 | break; |
Vanger | 0:b86d15c6ba29 | 4773 | #endif |
Vanger | 0:b86d15c6ba29 | 4774 | |
Vanger | 0:b86d15c6ba29 | 4775 | case certificate: |
Vanger | 0:b86d15c6ba29 | 4776 | if (ssl->msgsReceived.got_certificate) { |
Vanger | 0:b86d15c6ba29 | 4777 | CYASSL_MSG("Duplicate Certificate received"); |
Vanger | 0:b86d15c6ba29 | 4778 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4779 | } |
Vanger | 0:b86d15c6ba29 | 4780 | ssl->msgsReceived.got_certificate = 1; |
Vanger | 0:b86d15c6ba29 | 4781 | |
Vanger | 0:b86d15c6ba29 | 4782 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 4783 | if (ssl->options.side == CYASSL_CLIENT_END) { |
Vanger | 0:b86d15c6ba29 | 4784 | if ( ssl->msgsReceived.got_server_hello == 0) { |
Vanger | 0:b86d15c6ba29 | 4785 | CYASSL_MSG("No ServerHello before Cert"); |
Vanger | 0:b86d15c6ba29 | 4786 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4787 | } |
Vanger | 0:b86d15c6ba29 | 4788 | } |
Vanger | 0:b86d15c6ba29 | 4789 | #endif |
Vanger | 0:b86d15c6ba29 | 4790 | #ifndef NO_CYASSL_SERVER |
Vanger | 0:b86d15c6ba29 | 4791 | if (ssl->options.side == CYASSL_SERVER_END) { |
Vanger | 0:b86d15c6ba29 | 4792 | if ( ssl->msgsReceived.got_client_hello == 0) { |
Vanger | 0:b86d15c6ba29 | 4793 | CYASSL_MSG("No ClientHello before Cert"); |
Vanger | 0:b86d15c6ba29 | 4794 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4795 | } |
Vanger | 0:b86d15c6ba29 | 4796 | } |
Vanger | 0:b86d15c6ba29 | 4797 | #endif |
Vanger | 0:b86d15c6ba29 | 4798 | break; |
Vanger | 0:b86d15c6ba29 | 4799 | |
Vanger | 0:b86d15c6ba29 | 4800 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 4801 | case server_key_exchange: |
Vanger | 0:b86d15c6ba29 | 4802 | if (ssl->msgsReceived.got_server_key_exchange) { |
Vanger | 0:b86d15c6ba29 | 4803 | CYASSL_MSG("Duplicate ServerKeyExchange received"); |
Vanger | 0:b86d15c6ba29 | 4804 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4805 | } |
Vanger | 0:b86d15c6ba29 | 4806 | ssl->msgsReceived.got_server_key_exchange = 1; |
Vanger | 0:b86d15c6ba29 | 4807 | |
Vanger | 0:b86d15c6ba29 | 4808 | if ( ssl->msgsReceived.got_server_hello == 0) { |
Vanger | 0:b86d15c6ba29 | 4809 | CYASSL_MSG("No ServerHello before Cert"); |
Vanger | 0:b86d15c6ba29 | 4810 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4811 | } |
Vanger | 0:b86d15c6ba29 | 4812 | |
Vanger | 0:b86d15c6ba29 | 4813 | break; |
Vanger | 0:b86d15c6ba29 | 4814 | #endif |
Vanger | 0:b86d15c6ba29 | 4815 | |
Vanger | 0:b86d15c6ba29 | 4816 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 4817 | case certificate_request: |
Vanger | 0:b86d15c6ba29 | 4818 | if (ssl->msgsReceived.got_certificate_request) { |
Vanger | 0:b86d15c6ba29 | 4819 | CYASSL_MSG("Duplicate CertificateRequest received"); |
Vanger | 0:b86d15c6ba29 | 4820 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4821 | } |
Vanger | 0:b86d15c6ba29 | 4822 | ssl->msgsReceived.got_certificate_request = 1; |
Vanger | 0:b86d15c6ba29 | 4823 | |
Vanger | 0:b86d15c6ba29 | 4824 | break; |
Vanger | 0:b86d15c6ba29 | 4825 | #endif |
Vanger | 0:b86d15c6ba29 | 4826 | |
Vanger | 0:b86d15c6ba29 | 4827 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 4828 | case server_hello_done: |
Vanger | 0:b86d15c6ba29 | 4829 | if (ssl->msgsReceived.got_server_hello_done) { |
Vanger | 0:b86d15c6ba29 | 4830 | CYASSL_MSG("Duplicate ServerHelloDone received"); |
Vanger | 0:b86d15c6ba29 | 4831 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4832 | } |
Vanger | 0:b86d15c6ba29 | 4833 | ssl->msgsReceived.got_server_hello_done = 1; |
Vanger | 0:b86d15c6ba29 | 4834 | |
Vanger | 0:b86d15c6ba29 | 4835 | if (ssl->msgsReceived.got_certificate == 0) { |
Vanger | 0:b86d15c6ba29 | 4836 | if (ssl->specs.kea == psk_kea || |
Vanger | 0:b86d15c6ba29 | 4837 | ssl->specs.kea == dhe_psk_kea || |
Vanger | 0:b86d15c6ba29 | 4838 | ssl->options.usingAnon_cipher) { |
Vanger | 0:b86d15c6ba29 | 4839 | CYASSL_MSG("No Cert required"); |
Vanger | 0:b86d15c6ba29 | 4840 | } else { |
Vanger | 0:b86d15c6ba29 | 4841 | CYASSL_MSG("No Certificate before ServerHelloDone"); |
Vanger | 0:b86d15c6ba29 | 4842 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4843 | } |
Vanger | 0:b86d15c6ba29 | 4844 | } |
Vanger | 0:b86d15c6ba29 | 4845 | if (ssl->msgsReceived.got_server_key_exchange == 0) { |
Vanger | 0:b86d15c6ba29 | 4846 | if (ssl->specs.static_ecdh == 1 || |
Vanger | 0:b86d15c6ba29 | 4847 | ssl->specs.kea == rsa_kea || |
Vanger | 0:b86d15c6ba29 | 4848 | ssl->specs.kea == ntru_kea) { |
Vanger | 0:b86d15c6ba29 | 4849 | CYASSL_MSG("No KeyExchange required"); |
Vanger | 0:b86d15c6ba29 | 4850 | } else { |
Vanger | 0:b86d15c6ba29 | 4851 | CYASSL_MSG("No ServerKeyExchange before ServerDone"); |
Vanger | 0:b86d15c6ba29 | 4852 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4853 | } |
Vanger | 0:b86d15c6ba29 | 4854 | } |
Vanger | 0:b86d15c6ba29 | 4855 | break; |
Vanger | 0:b86d15c6ba29 | 4856 | #endif |
Vanger | 0:b86d15c6ba29 | 4857 | |
Vanger | 0:b86d15c6ba29 | 4858 | #ifndef NO_CYASSL_SERVER |
Vanger | 0:b86d15c6ba29 | 4859 | case certificate_verify: |
Vanger | 0:b86d15c6ba29 | 4860 | if (ssl->msgsReceived.got_certificate_verify) { |
Vanger | 0:b86d15c6ba29 | 4861 | CYASSL_MSG("Duplicate CertificateVerify received"); |
Vanger | 0:b86d15c6ba29 | 4862 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4863 | } |
Vanger | 0:b86d15c6ba29 | 4864 | ssl->msgsReceived.got_certificate_verify = 1; |
Vanger | 0:b86d15c6ba29 | 4865 | |
Vanger | 0:b86d15c6ba29 | 4866 | if ( ssl->msgsReceived.got_certificate == 0) { |
Vanger | 0:b86d15c6ba29 | 4867 | CYASSL_MSG("No Cert before CertVerify"); |
Vanger | 0:b86d15c6ba29 | 4868 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4869 | } |
Vanger | 0:b86d15c6ba29 | 4870 | break; |
Vanger | 0:b86d15c6ba29 | 4871 | #endif |
Vanger | 0:b86d15c6ba29 | 4872 | |
Vanger | 0:b86d15c6ba29 | 4873 | #ifndef NO_CYASSL_SERVER |
Vanger | 0:b86d15c6ba29 | 4874 | case client_key_exchange: |
Vanger | 0:b86d15c6ba29 | 4875 | if (ssl->msgsReceived.got_client_key_exchange) { |
Vanger | 0:b86d15c6ba29 | 4876 | CYASSL_MSG("Duplicate ClientKeyExchange received"); |
Vanger | 0:b86d15c6ba29 | 4877 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4878 | } |
Vanger | 0:b86d15c6ba29 | 4879 | ssl->msgsReceived.got_client_key_exchange = 1; |
Vanger | 0:b86d15c6ba29 | 4880 | |
Vanger | 0:b86d15c6ba29 | 4881 | if (ssl->msgsReceived.got_client_hello == 0) { |
Vanger | 0:b86d15c6ba29 | 4882 | CYASSL_MSG("No ClientHello before ClientKeyExchange"); |
Vanger | 0:b86d15c6ba29 | 4883 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4884 | } |
Vanger | 0:b86d15c6ba29 | 4885 | break; |
Vanger | 0:b86d15c6ba29 | 4886 | #endif |
Vanger | 0:b86d15c6ba29 | 4887 | |
Vanger | 0:b86d15c6ba29 | 4888 | case finished: |
Vanger | 0:b86d15c6ba29 | 4889 | if (ssl->msgsReceived.got_finished) { |
Vanger | 0:b86d15c6ba29 | 4890 | CYASSL_MSG("Duplicate Finished received"); |
Vanger | 0:b86d15c6ba29 | 4891 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4892 | } |
Vanger | 0:b86d15c6ba29 | 4893 | ssl->msgsReceived.got_finished = 1; |
Vanger | 0:b86d15c6ba29 | 4894 | |
Vanger | 0:b86d15c6ba29 | 4895 | if (ssl->msgsReceived.got_change_cipher == 0) { |
Vanger | 0:b86d15c6ba29 | 4896 | CYASSL_MSG("Finished received before ChangeCipher"); |
Vanger | 0:b86d15c6ba29 | 4897 | return NO_CHANGE_CIPHER_E; |
Vanger | 0:b86d15c6ba29 | 4898 | } |
Vanger | 0:b86d15c6ba29 | 4899 | |
Vanger | 0:b86d15c6ba29 | 4900 | break; |
Vanger | 0:b86d15c6ba29 | 4901 | |
Vanger | 0:b86d15c6ba29 | 4902 | case change_cipher_hs: |
Vanger | 0:b86d15c6ba29 | 4903 | if (ssl->msgsReceived.got_change_cipher) { |
Vanger | 0:b86d15c6ba29 | 4904 | CYASSL_MSG("Duplicate ChangeCipher received"); |
Vanger | 0:b86d15c6ba29 | 4905 | return DUPLICATE_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4906 | } |
Vanger | 0:b86d15c6ba29 | 4907 | ssl->msgsReceived.got_change_cipher = 1; |
Vanger | 0:b86d15c6ba29 | 4908 | |
Vanger | 0:b86d15c6ba29 | 4909 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 4910 | if (ssl->options.side == CYASSL_CLIENT_END) { |
Vanger | 0:b86d15c6ba29 | 4911 | if (!ssl->options.resuming && |
Vanger | 0:b86d15c6ba29 | 4912 | ssl->msgsReceived.got_server_hello_done == 0) { |
Vanger | 0:b86d15c6ba29 | 4913 | CYASSL_MSG("No ServerHelloDone before ChangeCipher"); |
Vanger | 0:b86d15c6ba29 | 4914 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4915 | } |
Vanger | 0:b86d15c6ba29 | 4916 | } |
Vanger | 0:b86d15c6ba29 | 4917 | #endif |
Vanger | 0:b86d15c6ba29 | 4918 | #ifndef NO_CYASSL_SERVER |
Vanger | 0:b86d15c6ba29 | 4919 | if (ssl->options.side == CYASSL_SERVER_END) { |
Vanger | 0:b86d15c6ba29 | 4920 | if (!ssl->options.resuming && |
Vanger | 0:b86d15c6ba29 | 4921 | ssl->msgsReceived.got_client_key_exchange == 0) { |
Vanger | 0:b86d15c6ba29 | 4922 | CYASSL_MSG("No ClientKeyExchange before ChangeCipher"); |
Vanger | 0:b86d15c6ba29 | 4923 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4924 | } |
Vanger | 0:b86d15c6ba29 | 4925 | } |
Vanger | 0:b86d15c6ba29 | 4926 | #endif |
Vanger | 0:b86d15c6ba29 | 4927 | |
Vanger | 0:b86d15c6ba29 | 4928 | break; |
Vanger | 0:b86d15c6ba29 | 4929 | |
Vanger | 0:b86d15c6ba29 | 4930 | default: |
Vanger | 0:b86d15c6ba29 | 4931 | CYASSL_MSG("Unknown message type"); |
Vanger | 0:b86d15c6ba29 | 4932 | return SANITY_MSG_E; |
Vanger | 0:b86d15c6ba29 | 4933 | } |
Vanger | 0:b86d15c6ba29 | 4934 | |
Vanger | 0:b86d15c6ba29 | 4935 | return 0; |
Vanger | 0:b86d15c6ba29 | 4936 | } |
Vanger | 0:b86d15c6ba29 | 4937 | |
Vanger | 0:b86d15c6ba29 | 4938 | |
Vanger | 0:b86d15c6ba29 | 4939 | static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 4940 | byte type, word32 size, word32 totalSz) |
Vanger | 0:b86d15c6ba29 | 4941 | { |
Vanger | 0:b86d15c6ba29 | 4942 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 4943 | (void)totalSz; |
Vanger | 0:b86d15c6ba29 | 4944 | |
Vanger | 0:b86d15c6ba29 | 4945 | CYASSL_ENTER("DoHandShakeMsgType"); |
Vanger | 0:b86d15c6ba29 | 4946 | |
Vanger | 0:b86d15c6ba29 | 4947 | /* make sure can read the message */ |
Vanger | 0:b86d15c6ba29 | 4948 | if (*inOutIdx + size > totalSz) |
Vanger | 0:b86d15c6ba29 | 4949 | return INCOMPLETE_DATA; |
Vanger | 0:b86d15c6ba29 | 4950 | |
Vanger | 0:b86d15c6ba29 | 4951 | /* sanity check msg received */ |
Vanger | 0:b86d15c6ba29 | 4952 | if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) { |
Vanger | 0:b86d15c6ba29 | 4953 | CYASSL_MSG("Sanity Check on handshake message type received failed"); |
Vanger | 0:b86d15c6ba29 | 4954 | return ret; |
Vanger | 0:b86d15c6ba29 | 4955 | } |
Vanger | 0:b86d15c6ba29 | 4956 | |
Vanger | 0:b86d15c6ba29 | 4957 | /* hello_request not hashed */ |
Vanger | 0:b86d15c6ba29 | 4958 | if (type != hello_request) { |
Vanger | 0:b86d15c6ba29 | 4959 | ret = HashInput(ssl, input + *inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 4960 | if (ret != 0) return ret; |
Vanger | 0:b86d15c6ba29 | 4961 | } |
Vanger | 0:b86d15c6ba29 | 4962 | |
Vanger | 0:b86d15c6ba29 | 4963 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 4964 | /* add name later, add on record and handshake header part back on */ |
Vanger | 0:b86d15c6ba29 | 4965 | if (ssl->toInfoOn) { |
Vanger | 0:b86d15c6ba29 | 4966 | int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 4967 | AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add, |
Vanger | 0:b86d15c6ba29 | 4968 | size + add, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 4969 | AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 4970 | } |
Vanger | 0:b86d15c6ba29 | 4971 | #endif |
Vanger | 0:b86d15c6ba29 | 4972 | |
Vanger | 0:b86d15c6ba29 | 4973 | if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){ |
Vanger | 0:b86d15c6ba29 | 4974 | CYASSL_MSG("HandShake message after handshake complete"); |
Vanger | 0:b86d15c6ba29 | 4975 | SendAlert(ssl, alert_fatal, unexpected_message); |
Vanger | 0:b86d15c6ba29 | 4976 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4977 | } |
Vanger | 0:b86d15c6ba29 | 4978 | |
Vanger | 0:b86d15c6ba29 | 4979 | if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls == 0 && |
Vanger | 0:b86d15c6ba29 | 4980 | ssl->options.serverState == NULL_STATE && type != server_hello) { |
Vanger | 0:b86d15c6ba29 | 4981 | CYASSL_MSG("First server message not server hello"); |
Vanger | 0:b86d15c6ba29 | 4982 | SendAlert(ssl, alert_fatal, unexpected_message); |
Vanger | 0:b86d15c6ba29 | 4983 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4984 | } |
Vanger | 0:b86d15c6ba29 | 4985 | |
Vanger | 0:b86d15c6ba29 | 4986 | if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls && |
Vanger | 0:b86d15c6ba29 | 4987 | type == server_hello_done && |
Vanger | 0:b86d15c6ba29 | 4988 | ssl->options.serverState < SERVER_HELLO_COMPLETE) { |
Vanger | 0:b86d15c6ba29 | 4989 | CYASSL_MSG("Server hello done received before server hello in DTLS"); |
Vanger | 0:b86d15c6ba29 | 4990 | SendAlert(ssl, alert_fatal, unexpected_message); |
Vanger | 0:b86d15c6ba29 | 4991 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4992 | } |
Vanger | 0:b86d15c6ba29 | 4993 | |
Vanger | 0:b86d15c6ba29 | 4994 | if (ssl->options.side == CYASSL_SERVER_END && |
Vanger | 0:b86d15c6ba29 | 4995 | ssl->options.clientState == NULL_STATE && type != client_hello) { |
Vanger | 0:b86d15c6ba29 | 4996 | CYASSL_MSG("First client message not client hello"); |
Vanger | 0:b86d15c6ba29 | 4997 | SendAlert(ssl, alert_fatal, unexpected_message); |
Vanger | 0:b86d15c6ba29 | 4998 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 4999 | } |
Vanger | 0:b86d15c6ba29 | 5000 | |
Vanger | 0:b86d15c6ba29 | 5001 | |
Vanger | 0:b86d15c6ba29 | 5002 | switch (type) { |
Vanger | 0:b86d15c6ba29 | 5003 | |
Vanger | 0:b86d15c6ba29 | 5004 | case hello_request: |
Vanger | 0:b86d15c6ba29 | 5005 | CYASSL_MSG("processing hello request"); |
Vanger | 0:b86d15c6ba29 | 5006 | ret = DoHelloRequest(ssl, input, inOutIdx, size, totalSz); |
Vanger | 0:b86d15c6ba29 | 5007 | break; |
Vanger | 0:b86d15c6ba29 | 5008 | |
Vanger | 0:b86d15c6ba29 | 5009 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 5010 | case hello_verify_request: |
Vanger | 0:b86d15c6ba29 | 5011 | CYASSL_MSG("processing hello verify request"); |
Vanger | 0:b86d15c6ba29 | 5012 | ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 5013 | break; |
Vanger | 0:b86d15c6ba29 | 5014 | |
Vanger | 0:b86d15c6ba29 | 5015 | case server_hello: |
Vanger | 0:b86d15c6ba29 | 5016 | CYASSL_MSG("processing server hello"); |
Vanger | 0:b86d15c6ba29 | 5017 | ret = DoServerHello(ssl, input, inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 5018 | break; |
Vanger | 0:b86d15c6ba29 | 5019 | |
Vanger | 0:b86d15c6ba29 | 5020 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 5021 | case certificate_request: |
Vanger | 0:b86d15c6ba29 | 5022 | CYASSL_MSG("processing certificate request"); |
Vanger | 0:b86d15c6ba29 | 5023 | ret = DoCertificateRequest(ssl, input, inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 5024 | break; |
Vanger | 0:b86d15c6ba29 | 5025 | #endif |
Vanger | 0:b86d15c6ba29 | 5026 | |
Vanger | 0:b86d15c6ba29 | 5027 | case server_key_exchange: |
Vanger | 0:b86d15c6ba29 | 5028 | CYASSL_MSG("processing server key exchange"); |
Vanger | 0:b86d15c6ba29 | 5029 | ret = DoServerKeyExchange(ssl, input, inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 5030 | break; |
Vanger | 0:b86d15c6ba29 | 5031 | |
Vanger | 0:b86d15c6ba29 | 5032 | #ifdef HAVE_SESSION_TICKET |
Vanger | 0:b86d15c6ba29 | 5033 | case session_ticket: |
Vanger | 0:b86d15c6ba29 | 5034 | CYASSL_MSG("processing session ticket"); |
Vanger | 0:b86d15c6ba29 | 5035 | ret = DoSessionTicket(ssl, input, inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 5036 | break; |
Vanger | 0:b86d15c6ba29 | 5037 | #endif /* HAVE_SESSION_TICKET */ |
Vanger | 0:b86d15c6ba29 | 5038 | #endif |
Vanger | 0:b86d15c6ba29 | 5039 | |
Vanger | 0:b86d15c6ba29 | 5040 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 5041 | case certificate: |
Vanger | 0:b86d15c6ba29 | 5042 | CYASSL_MSG("processing certificate"); |
Vanger | 0:b86d15c6ba29 | 5043 | ret = DoCertificate(ssl, input, inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 5044 | break; |
Vanger | 0:b86d15c6ba29 | 5045 | #endif |
Vanger | 0:b86d15c6ba29 | 5046 | |
Vanger | 0:b86d15c6ba29 | 5047 | case server_hello_done: |
Vanger | 0:b86d15c6ba29 | 5048 | CYASSL_MSG("processing server hello done"); |
Vanger | 0:b86d15c6ba29 | 5049 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 5050 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 5051 | AddPacketName("ServerHelloDone", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 5052 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 5053 | AddLateName("ServerHelloDone", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 5054 | #endif |
Vanger | 0:b86d15c6ba29 | 5055 | ssl->options.serverState = SERVER_HELLODONE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 5056 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 5057 | *inOutIdx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 5058 | } |
Vanger | 0:b86d15c6ba29 | 5059 | break; |
Vanger | 0:b86d15c6ba29 | 5060 | |
Vanger | 0:b86d15c6ba29 | 5061 | case finished: |
Vanger | 0:b86d15c6ba29 | 5062 | CYASSL_MSG("processing finished"); |
Vanger | 0:b86d15c6ba29 | 5063 | ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF); |
Vanger | 0:b86d15c6ba29 | 5064 | break; |
Vanger | 0:b86d15c6ba29 | 5065 | |
Vanger | 0:b86d15c6ba29 | 5066 | #ifndef NO_CYASSL_SERVER |
Vanger | 0:b86d15c6ba29 | 5067 | case client_hello: |
Vanger | 0:b86d15c6ba29 | 5068 | CYASSL_MSG("processing client hello"); |
Vanger | 0:b86d15c6ba29 | 5069 | ret = DoClientHello(ssl, input, inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 5070 | break; |
Vanger | 0:b86d15c6ba29 | 5071 | |
Vanger | 0:b86d15c6ba29 | 5072 | case client_key_exchange: |
Vanger | 0:b86d15c6ba29 | 5073 | CYASSL_MSG("processing client key exchange"); |
Vanger | 0:b86d15c6ba29 | 5074 | ret = DoClientKeyExchange(ssl, input, inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 5075 | break; |
Vanger | 0:b86d15c6ba29 | 5076 | |
Vanger | 0:b86d15c6ba29 | 5077 | #if !defined(NO_RSA) || defined(HAVE_ECC) |
Vanger | 0:b86d15c6ba29 | 5078 | case certificate_verify: |
Vanger | 0:b86d15c6ba29 | 5079 | CYASSL_MSG("processing certificate verify"); |
Vanger | 0:b86d15c6ba29 | 5080 | ret = DoCertificateVerify(ssl, input, inOutIdx, size); |
Vanger | 0:b86d15c6ba29 | 5081 | break; |
Vanger | 0:b86d15c6ba29 | 5082 | #endif /* !NO_RSA || HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 5083 | |
Vanger | 0:b86d15c6ba29 | 5084 | #endif /* !NO_CYASSL_SERVER */ |
Vanger | 0:b86d15c6ba29 | 5085 | |
Vanger | 0:b86d15c6ba29 | 5086 | default: |
Vanger | 0:b86d15c6ba29 | 5087 | CYASSL_MSG("Unknown handshake message type"); |
Vanger | 0:b86d15c6ba29 | 5088 | ret = UNKNOWN_HANDSHAKE_TYPE; |
Vanger | 0:b86d15c6ba29 | 5089 | break; |
Vanger | 0:b86d15c6ba29 | 5090 | } |
Vanger | 0:b86d15c6ba29 | 5091 | |
Vanger | 0:b86d15c6ba29 | 5092 | CYASSL_LEAVE("DoHandShakeMsgType()", ret); |
Vanger | 0:b86d15c6ba29 | 5093 | return ret; |
Vanger | 0:b86d15c6ba29 | 5094 | } |
Vanger | 0:b86d15c6ba29 | 5095 | |
Vanger | 0:b86d15c6ba29 | 5096 | |
Vanger | 0:b86d15c6ba29 | 5097 | static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 5098 | word32 totalSz) |
Vanger | 0:b86d15c6ba29 | 5099 | { |
Vanger | 0:b86d15c6ba29 | 5100 | byte type; |
Vanger | 0:b86d15c6ba29 | 5101 | word32 size; |
Vanger | 0:b86d15c6ba29 | 5102 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 5103 | |
Vanger | 0:b86d15c6ba29 | 5104 | CYASSL_ENTER("DoHandShakeMsg()"); |
Vanger | 0:b86d15c6ba29 | 5105 | |
Vanger | 0:b86d15c6ba29 | 5106 | if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size, totalSz) != 0) |
Vanger | 0:b86d15c6ba29 | 5107 | return PARSE_ERROR; |
Vanger | 0:b86d15c6ba29 | 5108 | |
Vanger | 0:b86d15c6ba29 | 5109 | ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); |
Vanger | 0:b86d15c6ba29 | 5110 | |
Vanger | 0:b86d15c6ba29 | 5111 | CYASSL_LEAVE("DoHandShakeMsg()", ret); |
Vanger | 0:b86d15c6ba29 | 5112 | return ret; |
Vanger | 0:b86d15c6ba29 | 5113 | } |
Vanger | 0:b86d15c6ba29 | 5114 | |
Vanger | 0:b86d15c6ba29 | 5115 | |
Vanger | 0:b86d15c6ba29 | 5116 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 5117 | |
Vanger | 0:b86d15c6ba29 | 5118 | static INLINE int DtlsCheckWindow(DtlsState* state) |
Vanger | 0:b86d15c6ba29 | 5119 | { |
Vanger | 0:b86d15c6ba29 | 5120 | word32 cur; |
Vanger | 0:b86d15c6ba29 | 5121 | word32 next; |
Vanger | 0:b86d15c6ba29 | 5122 | DtlsSeq window; |
Vanger | 0:b86d15c6ba29 | 5123 | |
Vanger | 0:b86d15c6ba29 | 5124 | if (state->curEpoch == state->nextEpoch) { |
Vanger | 0:b86d15c6ba29 | 5125 | next = state->nextSeq; |
Vanger | 0:b86d15c6ba29 | 5126 | window = state->window; |
Vanger | 0:b86d15c6ba29 | 5127 | } |
Vanger | 0:b86d15c6ba29 | 5128 | else if (state->curEpoch < state->nextEpoch) { |
Vanger | 0:b86d15c6ba29 | 5129 | next = state->prevSeq; |
Vanger | 0:b86d15c6ba29 | 5130 | window = state->prevWindow; |
Vanger | 0:b86d15c6ba29 | 5131 | } |
Vanger | 0:b86d15c6ba29 | 5132 | else { |
Vanger | 0:b86d15c6ba29 | 5133 | return 0; |
Vanger | 0:b86d15c6ba29 | 5134 | } |
Vanger | 0:b86d15c6ba29 | 5135 | |
Vanger | 0:b86d15c6ba29 | 5136 | cur = state->curSeq; |
Vanger | 0:b86d15c6ba29 | 5137 | |
Vanger | 0:b86d15c6ba29 | 5138 | if ((next > DTLS_SEQ_BITS) && (cur < next - DTLS_SEQ_BITS)) { |
Vanger | 0:b86d15c6ba29 | 5139 | return 0; |
Vanger | 0:b86d15c6ba29 | 5140 | } |
Vanger | 0:b86d15c6ba29 | 5141 | else if ((cur < next) && (window & ((DtlsSeq)1 << (next - cur - 1)))) { |
Vanger | 0:b86d15c6ba29 | 5142 | return 0; |
Vanger | 0:b86d15c6ba29 | 5143 | } |
Vanger | 0:b86d15c6ba29 | 5144 | |
Vanger | 0:b86d15c6ba29 | 5145 | return 1; |
Vanger | 0:b86d15c6ba29 | 5146 | } |
Vanger | 0:b86d15c6ba29 | 5147 | |
Vanger | 0:b86d15c6ba29 | 5148 | |
Vanger | 0:b86d15c6ba29 | 5149 | static INLINE int DtlsUpdateWindow(DtlsState* state) |
Vanger | 0:b86d15c6ba29 | 5150 | { |
Vanger | 0:b86d15c6ba29 | 5151 | word32 cur; |
Vanger | 0:b86d15c6ba29 | 5152 | word32* next; |
Vanger | 0:b86d15c6ba29 | 5153 | DtlsSeq* window; |
Vanger | 0:b86d15c6ba29 | 5154 | |
Vanger | 0:b86d15c6ba29 | 5155 | if (state->curEpoch == state->nextEpoch) { |
Vanger | 0:b86d15c6ba29 | 5156 | next = &state->nextSeq; |
Vanger | 0:b86d15c6ba29 | 5157 | window = &state->window; |
Vanger | 0:b86d15c6ba29 | 5158 | } |
Vanger | 0:b86d15c6ba29 | 5159 | else { |
Vanger | 0:b86d15c6ba29 | 5160 | next = &state->prevSeq; |
Vanger | 0:b86d15c6ba29 | 5161 | window = &state->prevWindow; |
Vanger | 0:b86d15c6ba29 | 5162 | } |
Vanger | 0:b86d15c6ba29 | 5163 | |
Vanger | 0:b86d15c6ba29 | 5164 | cur = state->curSeq; |
Vanger | 0:b86d15c6ba29 | 5165 | |
Vanger | 0:b86d15c6ba29 | 5166 | if (cur < *next) { |
Vanger | 0:b86d15c6ba29 | 5167 | *window |= ((DtlsSeq)1 << (*next - cur - 1)); |
Vanger | 0:b86d15c6ba29 | 5168 | } |
Vanger | 0:b86d15c6ba29 | 5169 | else { |
Vanger | 0:b86d15c6ba29 | 5170 | *window <<= (1 + cur - *next); |
Vanger | 0:b86d15c6ba29 | 5171 | *window |= 1; |
Vanger | 0:b86d15c6ba29 | 5172 | *next = cur + 1; |
Vanger | 0:b86d15c6ba29 | 5173 | } |
Vanger | 0:b86d15c6ba29 | 5174 | |
Vanger | 0:b86d15c6ba29 | 5175 | return 1; |
Vanger | 0:b86d15c6ba29 | 5176 | } |
Vanger | 0:b86d15c6ba29 | 5177 | |
Vanger | 0:b86d15c6ba29 | 5178 | |
Vanger | 0:b86d15c6ba29 | 5179 | static int DtlsMsgDrain(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 5180 | { |
Vanger | 0:b86d15c6ba29 | 5181 | DtlsMsg* item = ssl->dtls_msg_list; |
Vanger | 0:b86d15c6ba29 | 5182 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 5183 | |
Vanger | 0:b86d15c6ba29 | 5184 | /* While there is an item in the store list, and it is the expected |
Vanger | 0:b86d15c6ba29 | 5185 | * message, and it is complete, and there hasn't been an error in the |
Vanger | 0:b86d15c6ba29 | 5186 | * last messge... */ |
Vanger | 0:b86d15c6ba29 | 5187 | while (item != NULL && |
Vanger | 0:b86d15c6ba29 | 5188 | ssl->keys.dtls_expected_peer_handshake_number == item->seq && |
Vanger | 0:b86d15c6ba29 | 5189 | item->fragSz == item->sz && |
Vanger | 0:b86d15c6ba29 | 5190 | ret == 0) { |
Vanger | 0:b86d15c6ba29 | 5191 | word32 idx = 0; |
Vanger | 0:b86d15c6ba29 | 5192 | ssl->keys.dtls_expected_peer_handshake_number++; |
Vanger | 0:b86d15c6ba29 | 5193 | ret = DoHandShakeMsgType(ssl, item->msg, |
Vanger | 0:b86d15c6ba29 | 5194 | &idx, item->type, item->sz, item->sz); |
Vanger | 0:b86d15c6ba29 | 5195 | ssl->dtls_msg_list = item->next; |
Vanger | 0:b86d15c6ba29 | 5196 | DtlsMsgDelete(item, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 5197 | item = ssl->dtls_msg_list; |
Vanger | 0:b86d15c6ba29 | 5198 | } |
Vanger | 0:b86d15c6ba29 | 5199 | |
Vanger | 0:b86d15c6ba29 | 5200 | return ret; |
Vanger | 0:b86d15c6ba29 | 5201 | } |
Vanger | 0:b86d15c6ba29 | 5202 | |
Vanger | 0:b86d15c6ba29 | 5203 | |
Vanger | 0:b86d15c6ba29 | 5204 | static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 5205 | word32 totalSz) |
Vanger | 0:b86d15c6ba29 | 5206 | { |
Vanger | 0:b86d15c6ba29 | 5207 | byte type; |
Vanger | 0:b86d15c6ba29 | 5208 | word32 size; |
Vanger | 0:b86d15c6ba29 | 5209 | word32 fragOffset, fragSz; |
Vanger | 0:b86d15c6ba29 | 5210 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 5211 | |
Vanger | 0:b86d15c6ba29 | 5212 | CYASSL_ENTER("DoDtlsHandShakeMsg()"); |
Vanger | 0:b86d15c6ba29 | 5213 | if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type, |
Vanger | 0:b86d15c6ba29 | 5214 | &size, &fragOffset, &fragSz, totalSz) != 0) |
Vanger | 0:b86d15c6ba29 | 5215 | return PARSE_ERROR; |
Vanger | 0:b86d15c6ba29 | 5216 | |
Vanger | 0:b86d15c6ba29 | 5217 | if (*inOutIdx + fragSz > totalSz) |
Vanger | 0:b86d15c6ba29 | 5218 | return INCOMPLETE_DATA; |
Vanger | 0:b86d15c6ba29 | 5219 | |
Vanger | 0:b86d15c6ba29 | 5220 | /* Check the handshake sequence number first. If out of order, |
Vanger | 0:b86d15c6ba29 | 5221 | * add the current message to the list. If the message is in order, |
Vanger | 0:b86d15c6ba29 | 5222 | * but it is a fragment, add the current message to the list, then |
Vanger | 0:b86d15c6ba29 | 5223 | * check the head of the list to see if it is complete, if so, pop |
Vanger | 0:b86d15c6ba29 | 5224 | * it out as the current message. If the message is complete and in |
Vanger | 0:b86d15c6ba29 | 5225 | * order, process it. Check the head of the list to see if it is in |
Vanger | 0:b86d15c6ba29 | 5226 | * order, if so, process it. (Repeat until list exhausted.) If the |
Vanger | 0:b86d15c6ba29 | 5227 | * head is out of order, return for more processing. |
Vanger | 0:b86d15c6ba29 | 5228 | */ |
Vanger | 0:b86d15c6ba29 | 5229 | if (ssl->keys.dtls_peer_handshake_number > |
Vanger | 0:b86d15c6ba29 | 5230 | ssl->keys.dtls_expected_peer_handshake_number) { |
Vanger | 0:b86d15c6ba29 | 5231 | /* Current message is out of order. It will get stored in the list. |
Vanger | 0:b86d15c6ba29 | 5232 | * Storing also takes care of defragmentation. */ |
Vanger | 0:b86d15c6ba29 | 5233 | ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, |
Vanger | 0:b86d15c6ba29 | 5234 | ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, |
Vanger | 0:b86d15c6ba29 | 5235 | size, type, fragOffset, fragSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 5236 | *inOutIdx += fragSz; |
Vanger | 0:b86d15c6ba29 | 5237 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 5238 | } |
Vanger | 0:b86d15c6ba29 | 5239 | else if (ssl->keys.dtls_peer_handshake_number < |
Vanger | 0:b86d15c6ba29 | 5240 | ssl->keys.dtls_expected_peer_handshake_number) { |
Vanger | 0:b86d15c6ba29 | 5241 | /* Already saw this message and processed it. It can be ignored. */ |
Vanger | 0:b86d15c6ba29 | 5242 | *inOutIdx += fragSz; |
Vanger | 0:b86d15c6ba29 | 5243 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 5244 | } |
Vanger | 0:b86d15c6ba29 | 5245 | else if (fragSz < size) { |
Vanger | 0:b86d15c6ba29 | 5246 | /* Since this branch is in order, but fragmented, dtls_msg_list will be |
Vanger | 0:b86d15c6ba29 | 5247 | * pointing to the message with this fragment in it. Check it to see |
Vanger | 0:b86d15c6ba29 | 5248 | * if it is completed. */ |
Vanger | 0:b86d15c6ba29 | 5249 | ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, |
Vanger | 0:b86d15c6ba29 | 5250 | ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, |
Vanger | 0:b86d15c6ba29 | 5251 | size, type, fragOffset, fragSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 5252 | *inOutIdx += fragSz; |
Vanger | 0:b86d15c6ba29 | 5253 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 5254 | if (ssl->dtls_msg_list != NULL && |
Vanger | 0:b86d15c6ba29 | 5255 | ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz) |
Vanger | 0:b86d15c6ba29 | 5256 | ret = DtlsMsgDrain(ssl); |
Vanger | 0:b86d15c6ba29 | 5257 | } |
Vanger | 0:b86d15c6ba29 | 5258 | else { |
Vanger | 0:b86d15c6ba29 | 5259 | /* This branch is in order next, and a complete message. */ |
Vanger | 0:b86d15c6ba29 | 5260 | ssl->keys.dtls_expected_peer_handshake_number++; |
Vanger | 0:b86d15c6ba29 | 5261 | ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); |
Vanger | 0:b86d15c6ba29 | 5262 | if (ret == 0 && ssl->dtls_msg_list != NULL) |
Vanger | 0:b86d15c6ba29 | 5263 | ret = DtlsMsgDrain(ssl); |
Vanger | 0:b86d15c6ba29 | 5264 | } |
Vanger | 0:b86d15c6ba29 | 5265 | |
Vanger | 0:b86d15c6ba29 | 5266 | CYASSL_LEAVE("DoDtlsHandShakeMsg()", ret); |
Vanger | 0:b86d15c6ba29 | 5267 | return ret; |
Vanger | 0:b86d15c6ba29 | 5268 | } |
Vanger | 0:b86d15c6ba29 | 5269 | #endif |
Vanger | 0:b86d15c6ba29 | 5270 | |
Vanger | 0:b86d15c6ba29 | 5271 | |
Vanger | 0:b86d15c6ba29 | 5272 | #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \ |
Vanger | 0:b86d15c6ba29 | 5273 | || defined(HAVE_AESGCM) |
Vanger | 0:b86d15c6ba29 | 5274 | static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify) |
Vanger | 0:b86d15c6ba29 | 5275 | { |
Vanger | 0:b86d15c6ba29 | 5276 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 5277 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 5278 | if (verify) |
Vanger | 0:b86d15c6ba29 | 5279 | return ssl->keys.dtls_state.curSeq; /* explicit from peer */ |
Vanger | 0:b86d15c6ba29 | 5280 | else |
Vanger | 0:b86d15c6ba29 | 5281 | return ssl->keys.dtls_sequence_number - 1; /* already incremented */ |
Vanger | 0:b86d15c6ba29 | 5282 | } |
Vanger | 0:b86d15c6ba29 | 5283 | #endif |
Vanger | 0:b86d15c6ba29 | 5284 | if (verify) |
Vanger | 0:b86d15c6ba29 | 5285 | return ssl->keys.peer_sequence_number++; |
Vanger | 0:b86d15c6ba29 | 5286 | else |
Vanger | 0:b86d15c6ba29 | 5287 | return ssl->keys.sequence_number++; |
Vanger | 0:b86d15c6ba29 | 5288 | } |
Vanger | 0:b86d15c6ba29 | 5289 | #endif |
Vanger | 0:b86d15c6ba29 | 5290 | |
Vanger | 0:b86d15c6ba29 | 5291 | |
Vanger | 0:b86d15c6ba29 | 5292 | #ifdef HAVE_AEAD |
Vanger | 0:b86d15c6ba29 | 5293 | static INLINE void AeadIncrementExpIV(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 5294 | { |
Vanger | 0:b86d15c6ba29 | 5295 | int i; |
Vanger | 0:b86d15c6ba29 | 5296 | for (i = AEAD_EXP_IV_SZ-1; i >= 0; i--) { |
Vanger | 0:b86d15c6ba29 | 5297 | if (++ssl->keys.aead_exp_IV[i]) return; |
Vanger | 0:b86d15c6ba29 | 5298 | } |
Vanger | 0:b86d15c6ba29 | 5299 | } |
Vanger | 0:b86d15c6ba29 | 5300 | |
Vanger | 0:b86d15c6ba29 | 5301 | |
Vanger | 0:b86d15c6ba29 | 5302 | #ifdef HAVE_POLY1305 |
Vanger | 0:b86d15c6ba29 | 5303 | /*more recent rfc's concatonate input for poly1305 differently*/ |
Vanger | 0:b86d15c6ba29 | 5304 | static int Poly1305Tag(CYASSL* ssl, byte* additional, const byte* out, |
Vanger | 0:b86d15c6ba29 | 5305 | byte* cipher, word16 sz, byte* tag) |
Vanger | 0:b86d15c6ba29 | 5306 | { |
Vanger | 0:b86d15c6ba29 | 5307 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 5308 | int paddingSz = 0; |
Vanger | 0:b86d15c6ba29 | 5309 | int msglen = (sz - ssl->specs.aead_mac_size); |
Vanger | 0:b86d15c6ba29 | 5310 | word32 keySz = 32; |
Vanger | 0:b86d15c6ba29 | 5311 | byte padding[16]; |
Vanger | 0:b86d15c6ba29 | 5312 | |
Vanger | 0:b86d15c6ba29 | 5313 | if (msglen < 0) |
Vanger | 0:b86d15c6ba29 | 5314 | return INPUT_CASE_ERROR; |
Vanger | 0:b86d15c6ba29 | 5315 | |
Vanger | 0:b86d15c6ba29 | 5316 | XMEMSET(padding, 0, sizeof(padding)); |
Vanger | 0:b86d15c6ba29 | 5317 | |
Vanger | 0:b86d15c6ba29 | 5318 | if ((ret = Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0) |
Vanger | 0:b86d15c6ba29 | 5319 | return ret; |
Vanger | 0:b86d15c6ba29 | 5320 | |
Vanger | 0:b86d15c6ba29 | 5321 | /* additional input to poly1305 */ |
Vanger | 0:b86d15c6ba29 | 5322 | if ((ret = Poly1305Update(ssl->auth.poly1305, additional, |
Vanger | 0:b86d15c6ba29 | 5323 | CHACHA20_BLOCK_SIZE)) != 0) |
Vanger | 0:b86d15c6ba29 | 5324 | return ret; |
Vanger | 0:b86d15c6ba29 | 5325 | |
Vanger | 0:b86d15c6ba29 | 5326 | /* cipher input */ |
Vanger | 0:b86d15c6ba29 | 5327 | if ((ret = Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0) |
Vanger | 0:b86d15c6ba29 | 5328 | return ret; |
Vanger | 0:b86d15c6ba29 | 5329 | |
Vanger | 0:b86d15c6ba29 | 5330 | /* handle padding for cipher input to make it 16 bytes long */ |
Vanger | 0:b86d15c6ba29 | 5331 | if (msglen % 16 != 0) { |
Vanger | 0:b86d15c6ba29 | 5332 | paddingSz = (16 - (sz - ssl->specs.aead_mac_size) % 16); |
Vanger | 0:b86d15c6ba29 | 5333 | if (paddingSz < 0) |
Vanger | 0:b86d15c6ba29 | 5334 | return INPUT_CASE_ERROR; |
Vanger | 0:b86d15c6ba29 | 5335 | |
Vanger | 0:b86d15c6ba29 | 5336 | if ((ret = Poly1305Update(ssl->auth.poly1305, padding, paddingSz)) |
Vanger | 0:b86d15c6ba29 | 5337 | != 0) |
Vanger | 0:b86d15c6ba29 | 5338 | return ret; |
Vanger | 0:b86d15c6ba29 | 5339 | } |
Vanger | 0:b86d15c6ba29 | 5340 | |
Vanger | 0:b86d15c6ba29 | 5341 | /* add size of AD and size of cipher to poly input */ |
Vanger | 0:b86d15c6ba29 | 5342 | XMEMSET(padding, 0, sizeof(padding)); |
Vanger | 0:b86d15c6ba29 | 5343 | padding[0] = CHACHA20_BLOCK_SIZE; |
Vanger | 0:b86d15c6ba29 | 5344 | |
Vanger | 0:b86d15c6ba29 | 5345 | /* 32 bit size of cipher to 64 bit endian */ |
Vanger | 0:b86d15c6ba29 | 5346 | padding[8] = msglen & 0xff; |
Vanger | 0:b86d15c6ba29 | 5347 | padding[9] = (msglen >> 8) & 0xff; |
Vanger | 0:b86d15c6ba29 | 5348 | padding[10] = (msglen >>16) & 0xff; |
Vanger | 0:b86d15c6ba29 | 5349 | padding[11] = (msglen >>24) & 0xff; |
Vanger | 0:b86d15c6ba29 | 5350 | if ((ret = Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding))) |
Vanger | 0:b86d15c6ba29 | 5351 | != 0) |
Vanger | 0:b86d15c6ba29 | 5352 | return ret; |
Vanger | 0:b86d15c6ba29 | 5353 | |
Vanger | 0:b86d15c6ba29 | 5354 | /* generate tag */ |
Vanger | 0:b86d15c6ba29 | 5355 | if ((ret = Poly1305Final(ssl->auth.poly1305, tag)) != 0) |
Vanger | 0:b86d15c6ba29 | 5356 | return ret; |
Vanger | 0:b86d15c6ba29 | 5357 | |
Vanger | 0:b86d15c6ba29 | 5358 | return ret; |
Vanger | 0:b86d15c6ba29 | 5359 | } |
Vanger | 0:b86d15c6ba29 | 5360 | |
Vanger | 0:b86d15c6ba29 | 5361 | |
Vanger | 0:b86d15c6ba29 | 5362 | /* Used for the older version of creating AEAD tags with Poly1305 */ |
Vanger | 0:b86d15c6ba29 | 5363 | static int Poly1305TagOld(CYASSL* ssl, byte* additional, const byte* out, |
Vanger | 0:b86d15c6ba29 | 5364 | byte* cipher, word16 sz, byte* tag) |
Vanger | 0:b86d15c6ba29 | 5365 | { |
Vanger | 0:b86d15c6ba29 | 5366 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 5367 | int msglen = (sz - ssl->specs.aead_mac_size); |
Vanger | 0:b86d15c6ba29 | 5368 | word32 keySz = 32; |
Vanger | 0:b86d15c6ba29 | 5369 | byte padding[8]; /* used to temporarly store lengths */ |
Vanger | 0:b86d15c6ba29 | 5370 | |
Vanger | 0:b86d15c6ba29 | 5371 | #ifdef CHACHA_AEAD_TEST |
Vanger | 0:b86d15c6ba29 | 5372 | printf("Using old version of poly1305 input.\n"); |
Vanger | 0:b86d15c6ba29 | 5373 | #endif |
Vanger | 0:b86d15c6ba29 | 5374 | |
Vanger | 0:b86d15c6ba29 | 5375 | if (msglen < 0) |
Vanger | 0:b86d15c6ba29 | 5376 | return INPUT_CASE_ERROR; |
Vanger | 0:b86d15c6ba29 | 5377 | |
Vanger | 0:b86d15c6ba29 | 5378 | if ((ret = Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0) |
Vanger | 0:b86d15c6ba29 | 5379 | return ret; |
Vanger | 0:b86d15c6ba29 | 5380 | |
Vanger | 0:b86d15c6ba29 | 5381 | /* add TLS compressed length and additional input to poly1305 */ |
Vanger | 0:b86d15c6ba29 | 5382 | additional[AEAD_AUTH_DATA_SZ - 2] = (msglen >> 8) & 0xff; |
Vanger | 0:b86d15c6ba29 | 5383 | additional[AEAD_AUTH_DATA_SZ - 1] = msglen & 0xff; |
Vanger | 0:b86d15c6ba29 | 5384 | if ((ret = Poly1305Update(ssl->auth.poly1305, additional, |
Vanger | 0:b86d15c6ba29 | 5385 | AEAD_AUTH_DATA_SZ)) != 0) |
Vanger | 0:b86d15c6ba29 | 5386 | return ret; |
Vanger | 0:b86d15c6ba29 | 5387 | |
Vanger | 0:b86d15c6ba29 | 5388 | /* length of additional input plus padding */ |
Vanger | 0:b86d15c6ba29 | 5389 | XMEMSET(padding, 0, sizeof(padding)); |
Vanger | 0:b86d15c6ba29 | 5390 | padding[0] = AEAD_AUTH_DATA_SZ; |
Vanger | 0:b86d15c6ba29 | 5391 | if ((ret = Poly1305Update(ssl->auth.poly1305, padding, |
Vanger | 0:b86d15c6ba29 | 5392 | sizeof(padding))) != 0) |
Vanger | 0:b86d15c6ba29 | 5393 | return ret; |
Vanger | 0:b86d15c6ba29 | 5394 | |
Vanger | 0:b86d15c6ba29 | 5395 | |
Vanger | 0:b86d15c6ba29 | 5396 | /* add cipher info and then its length */ |
Vanger | 0:b86d15c6ba29 | 5397 | XMEMSET(padding, 0, sizeof(padding)); |
Vanger | 0:b86d15c6ba29 | 5398 | if ((ret = Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0) |
Vanger | 0:b86d15c6ba29 | 5399 | return ret; |
Vanger | 0:b86d15c6ba29 | 5400 | |
Vanger | 0:b86d15c6ba29 | 5401 | /* 32 bit size of cipher to 64 bit endian */ |
Vanger | 0:b86d15c6ba29 | 5402 | padding[0] = msglen & 0xff; |
Vanger | 0:b86d15c6ba29 | 5403 | padding[1] = (msglen >> 8) & 0xff; |
Vanger | 0:b86d15c6ba29 | 5404 | padding[2] = (msglen >> 16) & 0xff; |
Vanger | 0:b86d15c6ba29 | 5405 | padding[3] = (msglen >> 24) & 0xff; |
Vanger | 0:b86d15c6ba29 | 5406 | if ((ret = Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding))) |
Vanger | 0:b86d15c6ba29 | 5407 | != 0) |
Vanger | 0:b86d15c6ba29 | 5408 | return ret; |
Vanger | 0:b86d15c6ba29 | 5409 | |
Vanger | 0:b86d15c6ba29 | 5410 | /* generate tag */ |
Vanger | 0:b86d15c6ba29 | 5411 | if ((ret = Poly1305Final(ssl->auth.poly1305, tag)) != 0) |
Vanger | 0:b86d15c6ba29 | 5412 | return ret; |
Vanger | 0:b86d15c6ba29 | 5413 | |
Vanger | 0:b86d15c6ba29 | 5414 | return ret; |
Vanger | 0:b86d15c6ba29 | 5415 | } |
Vanger | 0:b86d15c6ba29 | 5416 | #endif /*HAVE_POLY1305*/ |
Vanger | 0:b86d15c6ba29 | 5417 | |
Vanger | 0:b86d15c6ba29 | 5418 | |
Vanger | 0:b86d15c6ba29 | 5419 | #ifdef HAVE_CHACHA |
Vanger | 0:b86d15c6ba29 | 5420 | static int ChachaAEADEncrypt(CYASSL* ssl, byte* out, const byte* input, |
Vanger | 0:b86d15c6ba29 | 5421 | word16 sz) |
Vanger | 0:b86d15c6ba29 | 5422 | { |
Vanger | 0:b86d15c6ba29 | 5423 | const byte* additionalSrc = input - RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 5424 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 5425 | byte tag[POLY1305_AUTH_SZ]; |
Vanger | 0:b86d15c6ba29 | 5426 | byte additional[CHACHA20_BLOCK_SIZE]; |
Vanger | 0:b86d15c6ba29 | 5427 | byte nonce[AEAD_NONCE_SZ]; |
Vanger | 0:b86d15c6ba29 | 5428 | byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */ |
Vanger | 0:b86d15c6ba29 | 5429 | #ifdef CHACHA_AEAD_TEST |
Vanger | 0:b86d15c6ba29 | 5430 | int i; |
Vanger | 0:b86d15c6ba29 | 5431 | #endif |
Vanger | 0:b86d15c6ba29 | 5432 | |
Vanger | 0:b86d15c6ba29 | 5433 | XMEMSET(tag, 0, sizeof(tag)); |
Vanger | 0:b86d15c6ba29 | 5434 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5435 | XMEMSET(cipher, 0, sizeof(cipher)); |
Vanger | 0:b86d15c6ba29 | 5436 | XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); |
Vanger | 0:b86d15c6ba29 | 5437 | |
Vanger | 0:b86d15c6ba29 | 5438 | /* get nonce */ |
Vanger | 0:b86d15c6ba29 | 5439 | c32toa(ssl->keys.sequence_number, nonce + AEAD_IMP_IV_SZ |
Vanger | 0:b86d15c6ba29 | 5440 | + AEAD_SEQ_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5441 | |
Vanger | 0:b86d15c6ba29 | 5442 | /* opaque SEQ number stored for AD */ |
Vanger | 0:b86d15c6ba29 | 5443 | c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5444 | |
Vanger | 0:b86d15c6ba29 | 5445 | /* Store the type, version. Unfortunately, they are in |
Vanger | 0:b86d15c6ba29 | 5446 | * the input buffer ahead of the plaintext. */ |
Vanger | 0:b86d15c6ba29 | 5447 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 5448 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 5449 | c16toa(ssl->keys.dtls_epoch, additional); |
Vanger | 0:b86d15c6ba29 | 5450 | additionalSrc -= DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 5451 | } |
Vanger | 0:b86d15c6ba29 | 5452 | #endif |
Vanger | 0:b86d15c6ba29 | 5453 | |
Vanger | 0:b86d15c6ba29 | 5454 | XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); |
Vanger | 0:b86d15c6ba29 | 5455 | |
Vanger | 0:b86d15c6ba29 | 5456 | #ifdef CHACHA_AEAD_TEST |
Vanger | 0:b86d15c6ba29 | 5457 | printf("Encrypt Additional : "); |
Vanger | 0:b86d15c6ba29 | 5458 | for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { |
Vanger | 0:b86d15c6ba29 | 5459 | printf("%02x", additional[i]); |
Vanger | 0:b86d15c6ba29 | 5460 | } |
Vanger | 0:b86d15c6ba29 | 5461 | printf("\n\n"); |
Vanger | 0:b86d15c6ba29 | 5462 | printf("input before encryption :\n"); |
Vanger | 0:b86d15c6ba29 | 5463 | for (i = 0; i < sz; i++) { |
Vanger | 0:b86d15c6ba29 | 5464 | printf("%02x", input[i]); |
Vanger | 0:b86d15c6ba29 | 5465 | if ((i + 1) % 16 == 0) |
Vanger | 0:b86d15c6ba29 | 5466 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 5467 | } |
Vanger | 0:b86d15c6ba29 | 5468 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 5469 | #endif |
Vanger | 0:b86d15c6ba29 | 5470 | |
Vanger | 0:b86d15c6ba29 | 5471 | /* set the nonce for chacha and get poly1305 key */ |
Vanger | 0:b86d15c6ba29 | 5472 | if ((ret = Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0) |
Vanger | 0:b86d15c6ba29 | 5473 | return ret; |
Vanger | 0:b86d15c6ba29 | 5474 | |
Vanger | 0:b86d15c6ba29 | 5475 | if ((ret = Chacha_Process(ssl->encrypt.chacha, cipher, |
Vanger | 0:b86d15c6ba29 | 5476 | cipher, sizeof(cipher))) != 0) |
Vanger | 0:b86d15c6ba29 | 5477 | return ret; |
Vanger | 0:b86d15c6ba29 | 5478 | |
Vanger | 0:b86d15c6ba29 | 5479 | /* encrypt the plain text */ |
Vanger | 0:b86d15c6ba29 | 5480 | if ((ret = Chacha_Process(ssl->encrypt.chacha, out, input, |
Vanger | 0:b86d15c6ba29 | 5481 | sz - ssl->specs.aead_mac_size)) != 0) |
Vanger | 0:b86d15c6ba29 | 5482 | return ret; |
Vanger | 0:b86d15c6ba29 | 5483 | |
Vanger | 0:b86d15c6ba29 | 5484 | #ifdef HAVE_POLY1305 |
Vanger | 0:b86d15c6ba29 | 5485 | /* get the tag : future use of hmac could go here*/ |
Vanger | 0:b86d15c6ba29 | 5486 | if (ssl->options.oldPoly == 1) { |
Vanger | 0:b86d15c6ba29 | 5487 | if ((ret = Poly1305TagOld(ssl, additional, (const byte* )out, |
Vanger | 0:b86d15c6ba29 | 5488 | cipher, sz, tag)) != 0) |
Vanger | 0:b86d15c6ba29 | 5489 | return ret; |
Vanger | 0:b86d15c6ba29 | 5490 | } |
Vanger | 0:b86d15c6ba29 | 5491 | else { |
Vanger | 0:b86d15c6ba29 | 5492 | if ((ret = Poly1305Tag(ssl, additional, (const byte* )out, |
Vanger | 0:b86d15c6ba29 | 5493 | cipher, sz, tag)) != 0) |
Vanger | 0:b86d15c6ba29 | 5494 | return ret; |
Vanger | 0:b86d15c6ba29 | 5495 | } |
Vanger | 0:b86d15c6ba29 | 5496 | #endif |
Vanger | 0:b86d15c6ba29 | 5497 | |
Vanger | 0:b86d15c6ba29 | 5498 | /* append tag to ciphertext */ |
Vanger | 0:b86d15c6ba29 | 5499 | XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag)); |
Vanger | 0:b86d15c6ba29 | 5500 | |
Vanger | 0:b86d15c6ba29 | 5501 | AeadIncrementExpIV(ssl); |
Vanger | 0:b86d15c6ba29 | 5502 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5503 | |
Vanger | 0:b86d15c6ba29 | 5504 | #ifdef CHACHA_AEAD_TEST |
Vanger | 0:b86d15c6ba29 | 5505 | printf("mac tag :\n"); |
Vanger | 0:b86d15c6ba29 | 5506 | for (i = 0; i < 16; i++) { |
Vanger | 0:b86d15c6ba29 | 5507 | printf("%02x", tag[i]); |
Vanger | 0:b86d15c6ba29 | 5508 | if ((i + 1) % 16 == 0) |
Vanger | 0:b86d15c6ba29 | 5509 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 5510 | } |
Vanger | 0:b86d15c6ba29 | 5511 | printf("\n\noutput after encrypt :\n"); |
Vanger | 0:b86d15c6ba29 | 5512 | for (i = 0; i < sz; i++) { |
Vanger | 0:b86d15c6ba29 | 5513 | printf("%02x", out[i]); |
Vanger | 0:b86d15c6ba29 | 5514 | if ((i + 1) % 16 == 0) |
Vanger | 0:b86d15c6ba29 | 5515 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 5516 | } |
Vanger | 0:b86d15c6ba29 | 5517 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 5518 | #endif |
Vanger | 0:b86d15c6ba29 | 5519 | |
Vanger | 0:b86d15c6ba29 | 5520 | return ret; |
Vanger | 0:b86d15c6ba29 | 5521 | } |
Vanger | 0:b86d15c6ba29 | 5522 | |
Vanger | 0:b86d15c6ba29 | 5523 | |
Vanger | 0:b86d15c6ba29 | 5524 | static int ChachaAEADDecrypt(CYASSL* ssl, byte* plain, const byte* input, |
Vanger | 0:b86d15c6ba29 | 5525 | word16 sz) |
Vanger | 0:b86d15c6ba29 | 5526 | { |
Vanger | 0:b86d15c6ba29 | 5527 | byte additional[CHACHA20_BLOCK_SIZE]; |
Vanger | 0:b86d15c6ba29 | 5528 | byte nonce[AEAD_NONCE_SZ]; |
Vanger | 0:b86d15c6ba29 | 5529 | byte tag[POLY1305_AUTH_SZ]; |
Vanger | 0:b86d15c6ba29 | 5530 | byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */ |
Vanger | 0:b86d15c6ba29 | 5531 | int i; |
Vanger | 0:b86d15c6ba29 | 5532 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 5533 | |
Vanger | 0:b86d15c6ba29 | 5534 | XMEMSET(tag, 0, sizeof(tag)); |
Vanger | 0:b86d15c6ba29 | 5535 | XMEMSET(cipher, 0, sizeof(cipher)); |
Vanger | 0:b86d15c6ba29 | 5536 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5537 | XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE); |
Vanger | 0:b86d15c6ba29 | 5538 | |
Vanger | 0:b86d15c6ba29 | 5539 | #ifdef CHACHA_AEAD_TEST |
Vanger | 0:b86d15c6ba29 | 5540 | printf("input before decrypt :\n"); |
Vanger | 0:b86d15c6ba29 | 5541 | for (i = 0; i < sz; i++) { |
Vanger | 0:b86d15c6ba29 | 5542 | printf("%02x", input[i]); |
Vanger | 0:b86d15c6ba29 | 5543 | if ((i + 1) % 16 == 0) |
Vanger | 0:b86d15c6ba29 | 5544 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 5545 | } |
Vanger | 0:b86d15c6ba29 | 5546 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 5547 | #endif |
Vanger | 0:b86d15c6ba29 | 5548 | |
Vanger | 0:b86d15c6ba29 | 5549 | /* get nonce */ |
Vanger | 0:b86d15c6ba29 | 5550 | c32toa(ssl->keys.peer_sequence_number, nonce + AEAD_IMP_IV_SZ |
Vanger | 0:b86d15c6ba29 | 5551 | + AEAD_SEQ_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5552 | |
Vanger | 0:b86d15c6ba29 | 5553 | /* sequence number field is 64-bits, we only use 32-bits */ |
Vanger | 0:b86d15c6ba29 | 5554 | c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5555 | |
Vanger | 0:b86d15c6ba29 | 5556 | /* get AD info */ |
Vanger | 0:b86d15c6ba29 | 5557 | additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; |
Vanger | 0:b86d15c6ba29 | 5558 | additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; |
Vanger | 0:b86d15c6ba29 | 5559 | additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; |
Vanger | 0:b86d15c6ba29 | 5560 | |
Vanger | 0:b86d15c6ba29 | 5561 | /* Store the type, version. */ |
Vanger | 0:b86d15c6ba29 | 5562 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 5563 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 5564 | c16toa(ssl->keys.dtls_state.curEpoch, additional); |
Vanger | 0:b86d15c6ba29 | 5565 | #endif |
Vanger | 0:b86d15c6ba29 | 5566 | |
Vanger | 0:b86d15c6ba29 | 5567 | #ifdef CHACHA_AEAD_TEST |
Vanger | 0:b86d15c6ba29 | 5568 | printf("Decrypt Additional : "); |
Vanger | 0:b86d15c6ba29 | 5569 | for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) { |
Vanger | 0:b86d15c6ba29 | 5570 | printf("%02x", additional[i]); |
Vanger | 0:b86d15c6ba29 | 5571 | } |
Vanger | 0:b86d15c6ba29 | 5572 | printf("\n\n"); |
Vanger | 0:b86d15c6ba29 | 5573 | #endif |
Vanger | 0:b86d15c6ba29 | 5574 | |
Vanger | 0:b86d15c6ba29 | 5575 | /* set nonce and get poly1305 key */ |
Vanger | 0:b86d15c6ba29 | 5576 | if ((ret = Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0) |
Vanger | 0:b86d15c6ba29 | 5577 | return ret; |
Vanger | 0:b86d15c6ba29 | 5578 | |
Vanger | 0:b86d15c6ba29 | 5579 | if ((ret = Chacha_Process(ssl->decrypt.chacha, cipher, |
Vanger | 0:b86d15c6ba29 | 5580 | cipher, sizeof(cipher))) != 0) |
Vanger | 0:b86d15c6ba29 | 5581 | return ret; |
Vanger | 0:b86d15c6ba29 | 5582 | |
Vanger | 0:b86d15c6ba29 | 5583 | #ifdef HAVE_POLY1305 |
Vanger | 0:b86d15c6ba29 | 5584 | /* get the tag : future use of hmac could go here*/ |
Vanger | 0:b86d15c6ba29 | 5585 | if (ssl->options.oldPoly == 1) { |
Vanger | 0:b86d15c6ba29 | 5586 | if ((ret = Poly1305TagOld(ssl, additional, input, cipher, |
Vanger | 0:b86d15c6ba29 | 5587 | sz, tag)) != 0) |
Vanger | 0:b86d15c6ba29 | 5588 | return ret; |
Vanger | 0:b86d15c6ba29 | 5589 | } |
Vanger | 0:b86d15c6ba29 | 5590 | else { |
Vanger | 0:b86d15c6ba29 | 5591 | if ((ret = Poly1305Tag(ssl, additional, input, cipher, |
Vanger | 0:b86d15c6ba29 | 5592 | sz, tag)) != 0) |
Vanger | 0:b86d15c6ba29 | 5593 | return ret; |
Vanger | 0:b86d15c6ba29 | 5594 | } |
Vanger | 0:b86d15c6ba29 | 5595 | #endif |
Vanger | 0:b86d15c6ba29 | 5596 | |
Vanger | 0:b86d15c6ba29 | 5597 | /* check mac sent along with packet */ |
Vanger | 0:b86d15c6ba29 | 5598 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 5599 | for (i = 0; i < ssl->specs.aead_mac_size; i++) { |
Vanger | 0:b86d15c6ba29 | 5600 | if ((input + sz - ssl->specs.aead_mac_size)[i] != tag[i]) |
Vanger | 0:b86d15c6ba29 | 5601 | ret = 1; |
Vanger | 0:b86d15c6ba29 | 5602 | } |
Vanger | 0:b86d15c6ba29 | 5603 | |
Vanger | 0:b86d15c6ba29 | 5604 | if (ret == 1) { |
Vanger | 0:b86d15c6ba29 | 5605 | CYASSL_MSG("Mac did not match"); |
Vanger | 0:b86d15c6ba29 | 5606 | SendAlert(ssl, alert_fatal, bad_record_mac); |
Vanger | 0:b86d15c6ba29 | 5607 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5608 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 5609 | } |
Vanger | 0:b86d15c6ba29 | 5610 | |
Vanger | 0:b86d15c6ba29 | 5611 | /* if mac was good decrypt message */ |
Vanger | 0:b86d15c6ba29 | 5612 | if ((ret = Chacha_Process(ssl->decrypt.chacha, plain, input, |
Vanger | 0:b86d15c6ba29 | 5613 | sz - ssl->specs.aead_mac_size)) != 0) |
Vanger | 0:b86d15c6ba29 | 5614 | return ret; |
Vanger | 0:b86d15c6ba29 | 5615 | |
Vanger | 0:b86d15c6ba29 | 5616 | #ifdef CHACHA_AEAD_TEST |
Vanger | 0:b86d15c6ba29 | 5617 | printf("plain after decrypt :\n"); |
Vanger | 0:b86d15c6ba29 | 5618 | for (i = 0; i < sz; i++) { |
Vanger | 0:b86d15c6ba29 | 5619 | printf("%02x", plain[i]); |
Vanger | 0:b86d15c6ba29 | 5620 | if ((i + 1) % 16 == 0) |
Vanger | 0:b86d15c6ba29 | 5621 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 5622 | } |
Vanger | 0:b86d15c6ba29 | 5623 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 5624 | #endif |
Vanger | 0:b86d15c6ba29 | 5625 | |
Vanger | 0:b86d15c6ba29 | 5626 | return ret; |
Vanger | 0:b86d15c6ba29 | 5627 | } |
Vanger | 0:b86d15c6ba29 | 5628 | #endif /* HAVE_CHACHA */ |
Vanger | 0:b86d15c6ba29 | 5629 | #endif |
Vanger | 0:b86d15c6ba29 | 5630 | |
Vanger | 0:b86d15c6ba29 | 5631 | |
Vanger | 0:b86d15c6ba29 | 5632 | static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) |
Vanger | 0:b86d15c6ba29 | 5633 | { |
Vanger | 0:b86d15c6ba29 | 5634 | (void)out; |
Vanger | 0:b86d15c6ba29 | 5635 | (void)input; |
Vanger | 0:b86d15c6ba29 | 5636 | (void)sz; |
Vanger | 0:b86d15c6ba29 | 5637 | |
Vanger | 0:b86d15c6ba29 | 5638 | if (ssl->encrypt.setup == 0) { |
Vanger | 0:b86d15c6ba29 | 5639 | CYASSL_MSG("Encrypt ciphers not setup"); |
Vanger | 0:b86d15c6ba29 | 5640 | return ENCRYPT_ERROR; |
Vanger | 0:b86d15c6ba29 | 5641 | } |
Vanger | 0:b86d15c6ba29 | 5642 | |
Vanger | 0:b86d15c6ba29 | 5643 | #ifdef HAVE_FUZZER |
Vanger | 0:b86d15c6ba29 | 5644 | if (ssl->fuzzerCb) |
Vanger | 0:b86d15c6ba29 | 5645 | ssl->fuzzerCb(ssl, input, sz, FUZZ_ENCRYPT, ssl->fuzzerCtx); |
Vanger | 0:b86d15c6ba29 | 5646 | #endif |
Vanger | 0:b86d15c6ba29 | 5647 | |
Vanger | 0:b86d15c6ba29 | 5648 | switch (ssl->specs.bulk_cipher_algorithm) { |
Vanger | 0:b86d15c6ba29 | 5649 | #ifdef BUILD_ARC4 |
Vanger | 0:b86d15c6ba29 | 5650 | case cyassl_rc4: |
Vanger | 0:b86d15c6ba29 | 5651 | Arc4Process(ssl->encrypt.arc4, out, input, sz); |
Vanger | 0:b86d15c6ba29 | 5652 | break; |
Vanger | 0:b86d15c6ba29 | 5653 | #endif |
Vanger | 0:b86d15c6ba29 | 5654 | |
Vanger | 0:b86d15c6ba29 | 5655 | #ifdef BUILD_DES3 |
Vanger | 0:b86d15c6ba29 | 5656 | case cyassl_triple_des: |
Vanger | 0:b86d15c6ba29 | 5657 | return Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz); |
Vanger | 0:b86d15c6ba29 | 5658 | #endif |
Vanger | 0:b86d15c6ba29 | 5659 | |
Vanger | 0:b86d15c6ba29 | 5660 | #ifdef BUILD_AES |
Vanger | 0:b86d15c6ba29 | 5661 | case cyassl_aes: |
Vanger | 0:b86d15c6ba29 | 5662 | return AesCbcEncrypt(ssl->encrypt.aes, out, input, sz); |
Vanger | 0:b86d15c6ba29 | 5663 | #endif |
Vanger | 0:b86d15c6ba29 | 5664 | |
Vanger | 0:b86d15c6ba29 | 5665 | #ifdef BUILD_AESGCM |
Vanger | 0:b86d15c6ba29 | 5666 | case cyassl_aes_gcm: |
Vanger | 0:b86d15c6ba29 | 5667 | { |
Vanger | 0:b86d15c6ba29 | 5668 | int gcmRet; |
Vanger | 0:b86d15c6ba29 | 5669 | byte additional[AEAD_AUTH_DATA_SZ]; |
Vanger | 0:b86d15c6ba29 | 5670 | byte nonce[AEAD_NONCE_SZ]; |
Vanger | 0:b86d15c6ba29 | 5671 | const byte* additionalSrc = input - 5; |
Vanger | 0:b86d15c6ba29 | 5672 | |
Vanger | 0:b86d15c6ba29 | 5673 | XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); |
Vanger | 0:b86d15c6ba29 | 5674 | |
Vanger | 0:b86d15c6ba29 | 5675 | /* sequence number field is 64-bits, we only use 32-bits */ |
Vanger | 0:b86d15c6ba29 | 5676 | c32toa(GetSEQIncrement(ssl, 0), |
Vanger | 0:b86d15c6ba29 | 5677 | additional + AEAD_SEQ_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5678 | |
Vanger | 0:b86d15c6ba29 | 5679 | /* Store the type, version. Unfortunately, they are in |
Vanger | 0:b86d15c6ba29 | 5680 | * the input buffer ahead of the plaintext. */ |
Vanger | 0:b86d15c6ba29 | 5681 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 5682 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 5683 | c16toa(ssl->keys.dtls_epoch, additional); |
Vanger | 0:b86d15c6ba29 | 5684 | additionalSrc -= DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 5685 | } |
Vanger | 0:b86d15c6ba29 | 5686 | #endif |
Vanger | 0:b86d15c6ba29 | 5687 | XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); |
Vanger | 0:b86d15c6ba29 | 5688 | |
Vanger | 0:b86d15c6ba29 | 5689 | /* Store the length of the plain text minus the explicit |
Vanger | 0:b86d15c6ba29 | 5690 | * IV length minus the authentication tag size. */ |
Vanger | 0:b86d15c6ba29 | 5691 | c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5692 | additional + AEAD_LEN_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5693 | XMEMCPY(nonce, |
Vanger | 0:b86d15c6ba29 | 5694 | ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ); |
Vanger | 0:b86d15c6ba29 | 5695 | XMEMCPY(nonce + AEAD_IMP_IV_SZ, |
Vanger | 0:b86d15c6ba29 | 5696 | ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); |
Vanger | 0:b86d15c6ba29 | 5697 | gcmRet = AesGcmEncrypt(ssl->encrypt.aes, |
Vanger | 0:b86d15c6ba29 | 5698 | out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ, |
Vanger | 0:b86d15c6ba29 | 5699 | sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5700 | nonce, AEAD_NONCE_SZ, |
Vanger | 0:b86d15c6ba29 | 5701 | out + sz - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5702 | ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5703 | additional, AEAD_AUTH_DATA_SZ); |
Vanger | 0:b86d15c6ba29 | 5704 | if (gcmRet == 0) |
Vanger | 0:b86d15c6ba29 | 5705 | AeadIncrementExpIV(ssl); |
Vanger | 0:b86d15c6ba29 | 5706 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5707 | return gcmRet; |
Vanger | 0:b86d15c6ba29 | 5708 | } |
Vanger | 0:b86d15c6ba29 | 5709 | break; |
Vanger | 0:b86d15c6ba29 | 5710 | #endif |
Vanger | 0:b86d15c6ba29 | 5711 | |
Vanger | 0:b86d15c6ba29 | 5712 | #ifdef HAVE_AESCCM |
Vanger | 0:b86d15c6ba29 | 5713 | case cyassl_aes_ccm: |
Vanger | 0:b86d15c6ba29 | 5714 | { |
Vanger | 0:b86d15c6ba29 | 5715 | byte additional[AEAD_AUTH_DATA_SZ]; |
Vanger | 0:b86d15c6ba29 | 5716 | byte nonce[AEAD_NONCE_SZ]; |
Vanger | 0:b86d15c6ba29 | 5717 | const byte* additionalSrc = input - 5; |
Vanger | 0:b86d15c6ba29 | 5718 | |
Vanger | 0:b86d15c6ba29 | 5719 | XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); |
Vanger | 0:b86d15c6ba29 | 5720 | |
Vanger | 0:b86d15c6ba29 | 5721 | /* sequence number field is 64-bits, we only use 32-bits */ |
Vanger | 0:b86d15c6ba29 | 5722 | c32toa(GetSEQIncrement(ssl, 0), |
Vanger | 0:b86d15c6ba29 | 5723 | additional + AEAD_SEQ_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5724 | |
Vanger | 0:b86d15c6ba29 | 5725 | /* Store the type, version. Unfortunately, they are in |
Vanger | 0:b86d15c6ba29 | 5726 | * the input buffer ahead of the plaintext. */ |
Vanger | 0:b86d15c6ba29 | 5727 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 5728 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 5729 | c16toa(ssl->keys.dtls_epoch, additional); |
Vanger | 0:b86d15c6ba29 | 5730 | additionalSrc -= DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 5731 | } |
Vanger | 0:b86d15c6ba29 | 5732 | #endif |
Vanger | 0:b86d15c6ba29 | 5733 | XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); |
Vanger | 0:b86d15c6ba29 | 5734 | |
Vanger | 0:b86d15c6ba29 | 5735 | /* Store the length of the plain text minus the explicit |
Vanger | 0:b86d15c6ba29 | 5736 | * IV length minus the authentication tag size. */ |
Vanger | 0:b86d15c6ba29 | 5737 | c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5738 | additional + AEAD_LEN_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5739 | XMEMCPY(nonce, |
Vanger | 0:b86d15c6ba29 | 5740 | ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ); |
Vanger | 0:b86d15c6ba29 | 5741 | XMEMCPY(nonce + AEAD_IMP_IV_SZ, |
Vanger | 0:b86d15c6ba29 | 5742 | ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); |
Vanger | 0:b86d15c6ba29 | 5743 | AesCcmEncrypt(ssl->encrypt.aes, |
Vanger | 0:b86d15c6ba29 | 5744 | out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ, |
Vanger | 0:b86d15c6ba29 | 5745 | sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5746 | nonce, AEAD_NONCE_SZ, |
Vanger | 0:b86d15c6ba29 | 5747 | out + sz - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5748 | ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5749 | additional, AEAD_AUTH_DATA_SZ); |
Vanger | 0:b86d15c6ba29 | 5750 | AeadIncrementExpIV(ssl); |
Vanger | 0:b86d15c6ba29 | 5751 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5752 | } |
Vanger | 0:b86d15c6ba29 | 5753 | break; |
Vanger | 0:b86d15c6ba29 | 5754 | #endif |
Vanger | 0:b86d15c6ba29 | 5755 | |
Vanger | 0:b86d15c6ba29 | 5756 | #ifdef HAVE_CAMELLIA |
Vanger | 0:b86d15c6ba29 | 5757 | case cyassl_camellia: |
Vanger | 0:b86d15c6ba29 | 5758 | CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz); |
Vanger | 0:b86d15c6ba29 | 5759 | break; |
Vanger | 0:b86d15c6ba29 | 5760 | #endif |
Vanger | 0:b86d15c6ba29 | 5761 | |
Vanger | 0:b86d15c6ba29 | 5762 | #ifdef HAVE_HC128 |
Vanger | 0:b86d15c6ba29 | 5763 | case cyassl_hc128: |
Vanger | 0:b86d15c6ba29 | 5764 | return Hc128_Process(ssl->encrypt.hc128, out, input, sz); |
Vanger | 0:b86d15c6ba29 | 5765 | #endif |
Vanger | 0:b86d15c6ba29 | 5766 | |
Vanger | 0:b86d15c6ba29 | 5767 | #ifdef BUILD_RABBIT |
Vanger | 0:b86d15c6ba29 | 5768 | case cyassl_rabbit: |
Vanger | 0:b86d15c6ba29 | 5769 | return RabbitProcess(ssl->encrypt.rabbit, out, input, sz); |
Vanger | 0:b86d15c6ba29 | 5770 | #endif |
Vanger | 0:b86d15c6ba29 | 5771 | |
Vanger | 0:b86d15c6ba29 | 5772 | #ifdef HAVE_CHACHA |
Vanger | 0:b86d15c6ba29 | 5773 | case cyassl_chacha: |
Vanger | 0:b86d15c6ba29 | 5774 | return ChachaAEADEncrypt(ssl, out, input, sz); |
Vanger | 0:b86d15c6ba29 | 5775 | #endif |
Vanger | 0:b86d15c6ba29 | 5776 | |
Vanger | 0:b86d15c6ba29 | 5777 | #ifdef HAVE_NULL_CIPHER |
Vanger | 0:b86d15c6ba29 | 5778 | case cyassl_cipher_null: |
Vanger | 0:b86d15c6ba29 | 5779 | if (input != out) { |
Vanger | 0:b86d15c6ba29 | 5780 | XMEMMOVE(out, input, sz); |
Vanger | 0:b86d15c6ba29 | 5781 | } |
Vanger | 0:b86d15c6ba29 | 5782 | break; |
Vanger | 0:b86d15c6ba29 | 5783 | #endif |
Vanger | 0:b86d15c6ba29 | 5784 | |
Vanger | 0:b86d15c6ba29 | 5785 | default: |
Vanger | 0:b86d15c6ba29 | 5786 | CYASSL_MSG("CyaSSL Encrypt programming error"); |
Vanger | 0:b86d15c6ba29 | 5787 | return ENCRYPT_ERROR; |
Vanger | 0:b86d15c6ba29 | 5788 | } |
Vanger | 0:b86d15c6ba29 | 5789 | |
Vanger | 0:b86d15c6ba29 | 5790 | return 0; |
Vanger | 0:b86d15c6ba29 | 5791 | } |
Vanger | 0:b86d15c6ba29 | 5792 | |
Vanger | 0:b86d15c6ba29 | 5793 | |
Vanger | 0:b86d15c6ba29 | 5794 | |
Vanger | 0:b86d15c6ba29 | 5795 | static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, |
Vanger | 0:b86d15c6ba29 | 5796 | word16 sz) |
Vanger | 0:b86d15c6ba29 | 5797 | { |
Vanger | 0:b86d15c6ba29 | 5798 | (void)plain; |
Vanger | 0:b86d15c6ba29 | 5799 | (void)input; |
Vanger | 0:b86d15c6ba29 | 5800 | (void)sz; |
Vanger | 0:b86d15c6ba29 | 5801 | |
Vanger | 0:b86d15c6ba29 | 5802 | if (ssl->decrypt.setup == 0) { |
Vanger | 0:b86d15c6ba29 | 5803 | CYASSL_MSG("Decrypt ciphers not setup"); |
Vanger | 0:b86d15c6ba29 | 5804 | return DECRYPT_ERROR; |
Vanger | 0:b86d15c6ba29 | 5805 | } |
Vanger | 0:b86d15c6ba29 | 5806 | |
Vanger | 0:b86d15c6ba29 | 5807 | switch (ssl->specs.bulk_cipher_algorithm) { |
Vanger | 0:b86d15c6ba29 | 5808 | #ifdef BUILD_ARC4 |
Vanger | 0:b86d15c6ba29 | 5809 | case cyassl_rc4: |
Vanger | 0:b86d15c6ba29 | 5810 | Arc4Process(ssl->decrypt.arc4, plain, input, sz); |
Vanger | 0:b86d15c6ba29 | 5811 | break; |
Vanger | 0:b86d15c6ba29 | 5812 | #endif |
Vanger | 0:b86d15c6ba29 | 5813 | |
Vanger | 0:b86d15c6ba29 | 5814 | #ifdef BUILD_DES3 |
Vanger | 0:b86d15c6ba29 | 5815 | case cyassl_triple_des: |
Vanger | 0:b86d15c6ba29 | 5816 | return Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz); |
Vanger | 0:b86d15c6ba29 | 5817 | #endif |
Vanger | 0:b86d15c6ba29 | 5818 | |
Vanger | 0:b86d15c6ba29 | 5819 | #ifdef BUILD_AES |
Vanger | 0:b86d15c6ba29 | 5820 | case cyassl_aes: |
Vanger | 0:b86d15c6ba29 | 5821 | return AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz); |
Vanger | 0:b86d15c6ba29 | 5822 | #endif |
Vanger | 0:b86d15c6ba29 | 5823 | |
Vanger | 0:b86d15c6ba29 | 5824 | #ifdef BUILD_AESGCM |
Vanger | 0:b86d15c6ba29 | 5825 | case cyassl_aes_gcm: |
Vanger | 0:b86d15c6ba29 | 5826 | { |
Vanger | 0:b86d15c6ba29 | 5827 | byte additional[AEAD_AUTH_DATA_SZ]; |
Vanger | 0:b86d15c6ba29 | 5828 | byte nonce[AEAD_NONCE_SZ]; |
Vanger | 0:b86d15c6ba29 | 5829 | |
Vanger | 0:b86d15c6ba29 | 5830 | XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); |
Vanger | 0:b86d15c6ba29 | 5831 | |
Vanger | 0:b86d15c6ba29 | 5832 | /* sequence number field is 64-bits, we only use 32-bits */ |
Vanger | 0:b86d15c6ba29 | 5833 | c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5834 | |
Vanger | 0:b86d15c6ba29 | 5835 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 5836 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 5837 | c16toa(ssl->keys.dtls_state.curEpoch, additional); |
Vanger | 0:b86d15c6ba29 | 5838 | #endif |
Vanger | 0:b86d15c6ba29 | 5839 | |
Vanger | 0:b86d15c6ba29 | 5840 | additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; |
Vanger | 0:b86d15c6ba29 | 5841 | additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; |
Vanger | 0:b86d15c6ba29 | 5842 | additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; |
Vanger | 0:b86d15c6ba29 | 5843 | |
Vanger | 0:b86d15c6ba29 | 5844 | c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5845 | additional + AEAD_LEN_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5846 | XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); |
Vanger | 0:b86d15c6ba29 | 5847 | XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ); |
Vanger | 0:b86d15c6ba29 | 5848 | if (AesGcmDecrypt(ssl->decrypt.aes, |
Vanger | 0:b86d15c6ba29 | 5849 | plain + AEAD_EXP_IV_SZ, |
Vanger | 0:b86d15c6ba29 | 5850 | input + AEAD_EXP_IV_SZ, |
Vanger | 0:b86d15c6ba29 | 5851 | sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5852 | nonce, AEAD_NONCE_SZ, |
Vanger | 0:b86d15c6ba29 | 5853 | input + sz - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5854 | ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5855 | additional, AEAD_AUTH_DATA_SZ) < 0) { |
Vanger | 0:b86d15c6ba29 | 5856 | SendAlert(ssl, alert_fatal, bad_record_mac); |
Vanger | 0:b86d15c6ba29 | 5857 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5858 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 5859 | } |
Vanger | 0:b86d15c6ba29 | 5860 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5861 | } |
Vanger | 0:b86d15c6ba29 | 5862 | break; |
Vanger | 0:b86d15c6ba29 | 5863 | #endif |
Vanger | 0:b86d15c6ba29 | 5864 | |
Vanger | 0:b86d15c6ba29 | 5865 | #ifdef HAVE_AESCCM |
Vanger | 0:b86d15c6ba29 | 5866 | case cyassl_aes_ccm: |
Vanger | 0:b86d15c6ba29 | 5867 | { |
Vanger | 0:b86d15c6ba29 | 5868 | byte additional[AEAD_AUTH_DATA_SZ]; |
Vanger | 0:b86d15c6ba29 | 5869 | byte nonce[AEAD_NONCE_SZ]; |
Vanger | 0:b86d15c6ba29 | 5870 | |
Vanger | 0:b86d15c6ba29 | 5871 | XMEMSET(additional, 0, AEAD_AUTH_DATA_SZ); |
Vanger | 0:b86d15c6ba29 | 5872 | |
Vanger | 0:b86d15c6ba29 | 5873 | /* sequence number field is 64-bits, we only use 32-bits */ |
Vanger | 0:b86d15c6ba29 | 5874 | c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5875 | |
Vanger | 0:b86d15c6ba29 | 5876 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 5877 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 5878 | c16toa(ssl->keys.dtls_state.curEpoch, additional); |
Vanger | 0:b86d15c6ba29 | 5879 | #endif |
Vanger | 0:b86d15c6ba29 | 5880 | |
Vanger | 0:b86d15c6ba29 | 5881 | additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; |
Vanger | 0:b86d15c6ba29 | 5882 | additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; |
Vanger | 0:b86d15c6ba29 | 5883 | additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; |
Vanger | 0:b86d15c6ba29 | 5884 | |
Vanger | 0:b86d15c6ba29 | 5885 | c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5886 | additional + AEAD_LEN_OFFSET); |
Vanger | 0:b86d15c6ba29 | 5887 | XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); |
Vanger | 0:b86d15c6ba29 | 5888 | XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ); |
Vanger | 0:b86d15c6ba29 | 5889 | if (AesCcmDecrypt(ssl->decrypt.aes, |
Vanger | 0:b86d15c6ba29 | 5890 | plain + AEAD_EXP_IV_SZ, |
Vanger | 0:b86d15c6ba29 | 5891 | input + AEAD_EXP_IV_SZ, |
Vanger | 0:b86d15c6ba29 | 5892 | sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5893 | nonce, AEAD_NONCE_SZ, |
Vanger | 0:b86d15c6ba29 | 5894 | input + sz - ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5895 | ssl->specs.aead_mac_size, |
Vanger | 0:b86d15c6ba29 | 5896 | additional, AEAD_AUTH_DATA_SZ) < 0) { |
Vanger | 0:b86d15c6ba29 | 5897 | SendAlert(ssl, alert_fatal, bad_record_mac); |
Vanger | 0:b86d15c6ba29 | 5898 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5899 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 5900 | } |
Vanger | 0:b86d15c6ba29 | 5901 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
Vanger | 0:b86d15c6ba29 | 5902 | } |
Vanger | 0:b86d15c6ba29 | 5903 | break; |
Vanger | 0:b86d15c6ba29 | 5904 | #endif |
Vanger | 0:b86d15c6ba29 | 5905 | |
Vanger | 0:b86d15c6ba29 | 5906 | #ifdef HAVE_CAMELLIA |
Vanger | 0:b86d15c6ba29 | 5907 | case cyassl_camellia: |
Vanger | 0:b86d15c6ba29 | 5908 | CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz); |
Vanger | 0:b86d15c6ba29 | 5909 | break; |
Vanger | 0:b86d15c6ba29 | 5910 | #endif |
Vanger | 0:b86d15c6ba29 | 5911 | |
Vanger | 0:b86d15c6ba29 | 5912 | #ifdef HAVE_HC128 |
Vanger | 0:b86d15c6ba29 | 5913 | case cyassl_hc128: |
Vanger | 0:b86d15c6ba29 | 5914 | return Hc128_Process(ssl->decrypt.hc128, plain, input, sz); |
Vanger | 0:b86d15c6ba29 | 5915 | #endif |
Vanger | 0:b86d15c6ba29 | 5916 | |
Vanger | 0:b86d15c6ba29 | 5917 | #ifdef BUILD_RABBIT |
Vanger | 0:b86d15c6ba29 | 5918 | case cyassl_rabbit: |
Vanger | 0:b86d15c6ba29 | 5919 | return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz); |
Vanger | 0:b86d15c6ba29 | 5920 | #endif |
Vanger | 0:b86d15c6ba29 | 5921 | |
Vanger | 0:b86d15c6ba29 | 5922 | #ifdef HAVE_CHACHA |
Vanger | 0:b86d15c6ba29 | 5923 | case cyassl_chacha: |
Vanger | 0:b86d15c6ba29 | 5924 | return ChachaAEADDecrypt(ssl, plain, input, sz); |
Vanger | 0:b86d15c6ba29 | 5925 | #endif |
Vanger | 0:b86d15c6ba29 | 5926 | |
Vanger | 0:b86d15c6ba29 | 5927 | #ifdef HAVE_NULL_CIPHER |
Vanger | 0:b86d15c6ba29 | 5928 | case cyassl_cipher_null: |
Vanger | 0:b86d15c6ba29 | 5929 | if (input != plain) { |
Vanger | 0:b86d15c6ba29 | 5930 | XMEMMOVE(plain, input, sz); |
Vanger | 0:b86d15c6ba29 | 5931 | } |
Vanger | 0:b86d15c6ba29 | 5932 | break; |
Vanger | 0:b86d15c6ba29 | 5933 | #endif |
Vanger | 0:b86d15c6ba29 | 5934 | |
Vanger | 0:b86d15c6ba29 | 5935 | default: |
Vanger | 0:b86d15c6ba29 | 5936 | CYASSL_MSG("CyaSSL Decrypt programming error"); |
Vanger | 0:b86d15c6ba29 | 5937 | return DECRYPT_ERROR; |
Vanger | 0:b86d15c6ba29 | 5938 | } |
Vanger | 0:b86d15c6ba29 | 5939 | return 0; |
Vanger | 0:b86d15c6ba29 | 5940 | } |
Vanger | 0:b86d15c6ba29 | 5941 | |
Vanger | 0:b86d15c6ba29 | 5942 | |
Vanger | 0:b86d15c6ba29 | 5943 | /* check cipher text size for sanity */ |
Vanger | 0:b86d15c6ba29 | 5944 | static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz) |
Vanger | 0:b86d15c6ba29 | 5945 | { |
Vanger | 0:b86d15c6ba29 | 5946 | #ifdef HAVE_TRUNCATED_HMAC |
Vanger | 0:b86d15c6ba29 | 5947 | word32 minLength = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ |
Vanger | 0:b86d15c6ba29 | 5948 | : ssl->specs.hash_size; |
Vanger | 0:b86d15c6ba29 | 5949 | #else |
Vanger | 0:b86d15c6ba29 | 5950 | word32 minLength = ssl->specs.hash_size; /* covers stream */ |
Vanger | 0:b86d15c6ba29 | 5951 | #endif |
Vanger | 0:b86d15c6ba29 | 5952 | |
Vanger | 0:b86d15c6ba29 | 5953 | if (ssl->specs.cipher_type == block) { |
Vanger | 0:b86d15c6ba29 | 5954 | if (encryptSz % ssl->specs.block_size) { |
Vanger | 0:b86d15c6ba29 | 5955 | CYASSL_MSG("Block ciphertext not block size"); |
Vanger | 0:b86d15c6ba29 | 5956 | return SANITY_CIPHER_E; |
Vanger | 0:b86d15c6ba29 | 5957 | } |
Vanger | 0:b86d15c6ba29 | 5958 | |
Vanger | 0:b86d15c6ba29 | 5959 | minLength++; /* pad byte */ |
Vanger | 0:b86d15c6ba29 | 5960 | |
Vanger | 0:b86d15c6ba29 | 5961 | if (ssl->specs.block_size > minLength) |
Vanger | 0:b86d15c6ba29 | 5962 | minLength = ssl->specs.block_size; |
Vanger | 0:b86d15c6ba29 | 5963 | |
Vanger | 0:b86d15c6ba29 | 5964 | if (ssl->options.tls1_1) |
Vanger | 0:b86d15c6ba29 | 5965 | minLength += ssl->specs.block_size; /* explicit IV */ |
Vanger | 0:b86d15c6ba29 | 5966 | } |
Vanger | 0:b86d15c6ba29 | 5967 | else if (ssl->specs.cipher_type == aead) { |
Vanger | 0:b86d15c6ba29 | 5968 | minLength = ssl->specs.aead_mac_size; /* authTag size */ |
Vanger | 0:b86d15c6ba29 | 5969 | if (ssl->specs.bulk_cipher_algorithm != cyassl_chacha) |
Vanger | 0:b86d15c6ba29 | 5970 | minLength += AEAD_EXP_IV_SZ; /* explicit IV */ |
Vanger | 0:b86d15c6ba29 | 5971 | } |
Vanger | 0:b86d15c6ba29 | 5972 | |
Vanger | 0:b86d15c6ba29 | 5973 | if (encryptSz < minLength) { |
Vanger | 0:b86d15c6ba29 | 5974 | CYASSL_MSG("Ciphertext not minimum size"); |
Vanger | 0:b86d15c6ba29 | 5975 | return SANITY_CIPHER_E; |
Vanger | 0:b86d15c6ba29 | 5976 | } |
Vanger | 0:b86d15c6ba29 | 5977 | |
Vanger | 0:b86d15c6ba29 | 5978 | return 0; |
Vanger | 0:b86d15c6ba29 | 5979 | } |
Vanger | 0:b86d15c6ba29 | 5980 | |
Vanger | 0:b86d15c6ba29 | 5981 | |
Vanger | 0:b86d15c6ba29 | 5982 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 5983 | |
Vanger | 0:b86d15c6ba29 | 5984 | static INLINE void Md5Rounds(int rounds, const byte* data, int sz) |
Vanger | 0:b86d15c6ba29 | 5985 | { |
Vanger | 0:b86d15c6ba29 | 5986 | Md5 md5; |
Vanger | 0:b86d15c6ba29 | 5987 | int i; |
Vanger | 0:b86d15c6ba29 | 5988 | |
Vanger | 0:b86d15c6ba29 | 5989 | InitMd5(&md5); |
Vanger | 0:b86d15c6ba29 | 5990 | |
Vanger | 0:b86d15c6ba29 | 5991 | for (i = 0; i < rounds; i++) |
Vanger | 0:b86d15c6ba29 | 5992 | Md5Update(&md5, data, sz); |
Vanger | 0:b86d15c6ba29 | 5993 | } |
Vanger | 0:b86d15c6ba29 | 5994 | |
Vanger | 0:b86d15c6ba29 | 5995 | |
Vanger | 0:b86d15c6ba29 | 5996 | |
Vanger | 0:b86d15c6ba29 | 5997 | /* do a dummy sha round */ |
Vanger | 0:b86d15c6ba29 | 5998 | static INLINE void ShaRounds(int rounds, const byte* data, int sz) |
Vanger | 0:b86d15c6ba29 | 5999 | { |
Vanger | 0:b86d15c6ba29 | 6000 | Sha sha; |
Vanger | 0:b86d15c6ba29 | 6001 | int i; |
Vanger | 0:b86d15c6ba29 | 6002 | |
Vanger | 0:b86d15c6ba29 | 6003 | InitSha(&sha); /* no error check on purpose, dummy round */ |
Vanger | 0:b86d15c6ba29 | 6004 | |
Vanger | 0:b86d15c6ba29 | 6005 | for (i = 0; i < rounds; i++) |
Vanger | 0:b86d15c6ba29 | 6006 | ShaUpdate(&sha, data, sz); |
Vanger | 0:b86d15c6ba29 | 6007 | } |
Vanger | 0:b86d15c6ba29 | 6008 | #endif |
Vanger | 0:b86d15c6ba29 | 6009 | |
Vanger | 0:b86d15c6ba29 | 6010 | |
Vanger | 0:b86d15c6ba29 | 6011 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 6012 | |
Vanger | 0:b86d15c6ba29 | 6013 | static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) |
Vanger | 0:b86d15c6ba29 | 6014 | { |
Vanger | 0:b86d15c6ba29 | 6015 | Sha256 sha256; |
Vanger | 0:b86d15c6ba29 | 6016 | int i; |
Vanger | 0:b86d15c6ba29 | 6017 | |
Vanger | 0:b86d15c6ba29 | 6018 | InitSha256(&sha256); /* no error check on purpose, dummy round */ |
Vanger | 0:b86d15c6ba29 | 6019 | |
Vanger | 0:b86d15c6ba29 | 6020 | for (i = 0; i < rounds; i++) { |
Vanger | 0:b86d15c6ba29 | 6021 | Sha256Update(&sha256, data, sz); |
Vanger | 0:b86d15c6ba29 | 6022 | /* no error check on purpose, dummy round */ |
Vanger | 0:b86d15c6ba29 | 6023 | } |
Vanger | 0:b86d15c6ba29 | 6024 | |
Vanger | 0:b86d15c6ba29 | 6025 | } |
Vanger | 0:b86d15c6ba29 | 6026 | |
Vanger | 0:b86d15c6ba29 | 6027 | #endif |
Vanger | 0:b86d15c6ba29 | 6028 | |
Vanger | 0:b86d15c6ba29 | 6029 | |
Vanger | 0:b86d15c6ba29 | 6030 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 6031 | |
Vanger | 0:b86d15c6ba29 | 6032 | static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) |
Vanger | 0:b86d15c6ba29 | 6033 | { |
Vanger | 0:b86d15c6ba29 | 6034 | Sha384 sha384; |
Vanger | 0:b86d15c6ba29 | 6035 | int i; |
Vanger | 0:b86d15c6ba29 | 6036 | |
Vanger | 0:b86d15c6ba29 | 6037 | InitSha384(&sha384); /* no error check on purpose, dummy round */ |
Vanger | 0:b86d15c6ba29 | 6038 | |
Vanger | 0:b86d15c6ba29 | 6039 | for (i = 0; i < rounds; i++) { |
Vanger | 0:b86d15c6ba29 | 6040 | Sha384Update(&sha384, data, sz); |
Vanger | 0:b86d15c6ba29 | 6041 | /* no error check on purpose, dummy round */ |
Vanger | 0:b86d15c6ba29 | 6042 | } |
Vanger | 0:b86d15c6ba29 | 6043 | } |
Vanger | 0:b86d15c6ba29 | 6044 | |
Vanger | 0:b86d15c6ba29 | 6045 | #endif |
Vanger | 0:b86d15c6ba29 | 6046 | |
Vanger | 0:b86d15c6ba29 | 6047 | |
Vanger | 0:b86d15c6ba29 | 6048 | #ifdef CYASSL_SHA512 |
Vanger | 0:b86d15c6ba29 | 6049 | |
Vanger | 0:b86d15c6ba29 | 6050 | static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) |
Vanger | 0:b86d15c6ba29 | 6051 | { |
Vanger | 0:b86d15c6ba29 | 6052 | Sha512 sha512; |
Vanger | 0:b86d15c6ba29 | 6053 | int i; |
Vanger | 0:b86d15c6ba29 | 6054 | |
Vanger | 0:b86d15c6ba29 | 6055 | InitSha512(&sha512); /* no error check on purpose, dummy round */ |
Vanger | 0:b86d15c6ba29 | 6056 | |
Vanger | 0:b86d15c6ba29 | 6057 | for (i = 0; i < rounds; i++) { |
Vanger | 0:b86d15c6ba29 | 6058 | Sha512Update(&sha512, data, sz); |
Vanger | 0:b86d15c6ba29 | 6059 | /* no error check on purpose, dummy round */ |
Vanger | 0:b86d15c6ba29 | 6060 | } |
Vanger | 0:b86d15c6ba29 | 6061 | } |
Vanger | 0:b86d15c6ba29 | 6062 | |
Vanger | 0:b86d15c6ba29 | 6063 | #endif |
Vanger | 0:b86d15c6ba29 | 6064 | |
Vanger | 0:b86d15c6ba29 | 6065 | |
Vanger | 0:b86d15c6ba29 | 6066 | #ifdef CYASSL_RIPEMD |
Vanger | 0:b86d15c6ba29 | 6067 | |
Vanger | 0:b86d15c6ba29 | 6068 | static INLINE void RmdRounds(int rounds, const byte* data, int sz) |
Vanger | 0:b86d15c6ba29 | 6069 | { |
Vanger | 0:b86d15c6ba29 | 6070 | RipeMd ripemd; |
Vanger | 0:b86d15c6ba29 | 6071 | int i; |
Vanger | 0:b86d15c6ba29 | 6072 | |
Vanger | 0:b86d15c6ba29 | 6073 | InitRipeMd(&ripemd); |
Vanger | 0:b86d15c6ba29 | 6074 | |
Vanger | 0:b86d15c6ba29 | 6075 | for (i = 0; i < rounds; i++) |
Vanger | 0:b86d15c6ba29 | 6076 | RipeMdUpdate(&ripemd, data, sz); |
Vanger | 0:b86d15c6ba29 | 6077 | } |
Vanger | 0:b86d15c6ba29 | 6078 | |
Vanger | 0:b86d15c6ba29 | 6079 | #endif |
Vanger | 0:b86d15c6ba29 | 6080 | |
Vanger | 0:b86d15c6ba29 | 6081 | |
Vanger | 0:b86d15c6ba29 | 6082 | /* Do dummy rounds */ |
Vanger | 0:b86d15c6ba29 | 6083 | static INLINE void DoRounds(int type, int rounds, const byte* data, int sz) |
Vanger | 0:b86d15c6ba29 | 6084 | { |
Vanger | 0:b86d15c6ba29 | 6085 | switch (type) { |
Vanger | 0:b86d15c6ba29 | 6086 | |
Vanger | 0:b86d15c6ba29 | 6087 | case no_mac : |
Vanger | 0:b86d15c6ba29 | 6088 | break; |
Vanger | 0:b86d15c6ba29 | 6089 | |
Vanger | 0:b86d15c6ba29 | 6090 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 6091 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 6092 | case md5_mac : |
Vanger | 0:b86d15c6ba29 | 6093 | Md5Rounds(rounds, data, sz); |
Vanger | 0:b86d15c6ba29 | 6094 | break; |
Vanger | 0:b86d15c6ba29 | 6095 | #endif |
Vanger | 0:b86d15c6ba29 | 6096 | |
Vanger | 0:b86d15c6ba29 | 6097 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 6098 | case sha_mac : |
Vanger | 0:b86d15c6ba29 | 6099 | ShaRounds(rounds, data, sz); |
Vanger | 0:b86d15c6ba29 | 6100 | break; |
Vanger | 0:b86d15c6ba29 | 6101 | #endif |
Vanger | 0:b86d15c6ba29 | 6102 | #endif |
Vanger | 0:b86d15c6ba29 | 6103 | |
Vanger | 0:b86d15c6ba29 | 6104 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 6105 | case sha256_mac : |
Vanger | 0:b86d15c6ba29 | 6106 | Sha256Rounds(rounds, data, sz); |
Vanger | 0:b86d15c6ba29 | 6107 | break; |
Vanger | 0:b86d15c6ba29 | 6108 | #endif |
Vanger | 0:b86d15c6ba29 | 6109 | |
Vanger | 0:b86d15c6ba29 | 6110 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 6111 | case sha384_mac : |
Vanger | 0:b86d15c6ba29 | 6112 | Sha384Rounds(rounds, data, sz); |
Vanger | 0:b86d15c6ba29 | 6113 | break; |
Vanger | 0:b86d15c6ba29 | 6114 | #endif |
Vanger | 0:b86d15c6ba29 | 6115 | |
Vanger | 0:b86d15c6ba29 | 6116 | #ifdef CYASSL_SHA512 |
Vanger | 0:b86d15c6ba29 | 6117 | case sha512_mac : |
Vanger | 0:b86d15c6ba29 | 6118 | Sha512Rounds(rounds, data, sz); |
Vanger | 0:b86d15c6ba29 | 6119 | break; |
Vanger | 0:b86d15c6ba29 | 6120 | #endif |
Vanger | 0:b86d15c6ba29 | 6121 | |
Vanger | 0:b86d15c6ba29 | 6122 | #ifdef CYASSL_RIPEMD |
Vanger | 0:b86d15c6ba29 | 6123 | case rmd_mac : |
Vanger | 0:b86d15c6ba29 | 6124 | RmdRounds(rounds, data, sz); |
Vanger | 0:b86d15c6ba29 | 6125 | break; |
Vanger | 0:b86d15c6ba29 | 6126 | #endif |
Vanger | 0:b86d15c6ba29 | 6127 | |
Vanger | 0:b86d15c6ba29 | 6128 | default: |
Vanger | 0:b86d15c6ba29 | 6129 | CYASSL_MSG("Bad round type"); |
Vanger | 0:b86d15c6ba29 | 6130 | break; |
Vanger | 0:b86d15c6ba29 | 6131 | } |
Vanger | 0:b86d15c6ba29 | 6132 | } |
Vanger | 0:b86d15c6ba29 | 6133 | |
Vanger | 0:b86d15c6ba29 | 6134 | |
Vanger | 0:b86d15c6ba29 | 6135 | /* do number of compression rounds on dummy data */ |
Vanger | 0:b86d15c6ba29 | 6136 | static INLINE void CompressRounds(CYASSL* ssl, int rounds, const byte* dummy) |
Vanger | 0:b86d15c6ba29 | 6137 | { |
Vanger | 0:b86d15c6ba29 | 6138 | if (rounds) |
Vanger | 0:b86d15c6ba29 | 6139 | DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER); |
Vanger | 0:b86d15c6ba29 | 6140 | } |
Vanger | 0:b86d15c6ba29 | 6141 | |
Vanger | 0:b86d15c6ba29 | 6142 | |
Vanger | 0:b86d15c6ba29 | 6143 | /* check all length bytes for equality, return 0 on success */ |
Vanger | 0:b86d15c6ba29 | 6144 | static int ConstantCompare(const byte* a, const byte* b, int length) |
Vanger | 0:b86d15c6ba29 | 6145 | { |
Vanger | 0:b86d15c6ba29 | 6146 | int i; |
Vanger | 0:b86d15c6ba29 | 6147 | int good = 0; |
Vanger | 0:b86d15c6ba29 | 6148 | int bad = 0; |
Vanger | 0:b86d15c6ba29 | 6149 | |
Vanger | 0:b86d15c6ba29 | 6150 | for (i = 0; i < length; i++) { |
Vanger | 0:b86d15c6ba29 | 6151 | if (a[i] == b[i]) |
Vanger | 0:b86d15c6ba29 | 6152 | good++; |
Vanger | 0:b86d15c6ba29 | 6153 | else |
Vanger | 0:b86d15c6ba29 | 6154 | bad++; |
Vanger | 0:b86d15c6ba29 | 6155 | } |
Vanger | 0:b86d15c6ba29 | 6156 | |
Vanger | 0:b86d15c6ba29 | 6157 | if (good == length) |
Vanger | 0:b86d15c6ba29 | 6158 | return 0; |
Vanger | 0:b86d15c6ba29 | 6159 | else |
Vanger | 0:b86d15c6ba29 | 6160 | return 0 - bad; /* compare failed */ |
Vanger | 0:b86d15c6ba29 | 6161 | } |
Vanger | 0:b86d15c6ba29 | 6162 | |
Vanger | 0:b86d15c6ba29 | 6163 | |
Vanger | 0:b86d15c6ba29 | 6164 | /* check all length bytes for the pad value, return 0 on success */ |
Vanger | 0:b86d15c6ba29 | 6165 | static int PadCheck(const byte* input, byte pad, int length) |
Vanger | 0:b86d15c6ba29 | 6166 | { |
Vanger | 0:b86d15c6ba29 | 6167 | int i; |
Vanger | 0:b86d15c6ba29 | 6168 | int good = 0; |
Vanger | 0:b86d15c6ba29 | 6169 | int bad = 0; |
Vanger | 0:b86d15c6ba29 | 6170 | |
Vanger | 0:b86d15c6ba29 | 6171 | for (i = 0; i < length; i++) { |
Vanger | 0:b86d15c6ba29 | 6172 | if (input[i] == pad) |
Vanger | 0:b86d15c6ba29 | 6173 | good++; |
Vanger | 0:b86d15c6ba29 | 6174 | else |
Vanger | 0:b86d15c6ba29 | 6175 | bad++; |
Vanger | 0:b86d15c6ba29 | 6176 | } |
Vanger | 0:b86d15c6ba29 | 6177 | |
Vanger | 0:b86d15c6ba29 | 6178 | if (good == length) |
Vanger | 0:b86d15c6ba29 | 6179 | return 0; |
Vanger | 0:b86d15c6ba29 | 6180 | else |
Vanger | 0:b86d15c6ba29 | 6181 | return 0 - bad; /* pad check failed */ |
Vanger | 0:b86d15c6ba29 | 6182 | } |
Vanger | 0:b86d15c6ba29 | 6183 | |
Vanger | 0:b86d15c6ba29 | 6184 | |
Vanger | 0:b86d15c6ba29 | 6185 | /* get compression extra rounds */ |
Vanger | 0:b86d15c6ba29 | 6186 | static INLINE int GetRounds(int pLen, int padLen, int t) |
Vanger | 0:b86d15c6ba29 | 6187 | { |
Vanger | 0:b86d15c6ba29 | 6188 | int roundL1 = 1; /* round up flags */ |
Vanger | 0:b86d15c6ba29 | 6189 | int roundL2 = 1; |
Vanger | 0:b86d15c6ba29 | 6190 | |
Vanger | 0:b86d15c6ba29 | 6191 | int L1 = COMPRESS_CONSTANT + pLen - t; |
Vanger | 0:b86d15c6ba29 | 6192 | int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t; |
Vanger | 0:b86d15c6ba29 | 6193 | |
Vanger | 0:b86d15c6ba29 | 6194 | L1 -= COMPRESS_UPPER; |
Vanger | 0:b86d15c6ba29 | 6195 | L2 -= COMPRESS_UPPER; |
Vanger | 0:b86d15c6ba29 | 6196 | |
Vanger | 0:b86d15c6ba29 | 6197 | if ( (L1 % COMPRESS_LOWER) == 0) |
Vanger | 0:b86d15c6ba29 | 6198 | roundL1 = 0; |
Vanger | 0:b86d15c6ba29 | 6199 | if ( (L2 % COMPRESS_LOWER) == 0) |
Vanger | 0:b86d15c6ba29 | 6200 | roundL2 = 0; |
Vanger | 0:b86d15c6ba29 | 6201 | |
Vanger | 0:b86d15c6ba29 | 6202 | L1 /= COMPRESS_LOWER; |
Vanger | 0:b86d15c6ba29 | 6203 | L2 /= COMPRESS_LOWER; |
Vanger | 0:b86d15c6ba29 | 6204 | |
Vanger | 0:b86d15c6ba29 | 6205 | L1 += roundL1; |
Vanger | 0:b86d15c6ba29 | 6206 | L2 += roundL2; |
Vanger | 0:b86d15c6ba29 | 6207 | |
Vanger | 0:b86d15c6ba29 | 6208 | return L1 - L2; |
Vanger | 0:b86d15c6ba29 | 6209 | } |
Vanger | 0:b86d15c6ba29 | 6210 | |
Vanger | 0:b86d15c6ba29 | 6211 | |
Vanger | 0:b86d15c6ba29 | 6212 | /* timing resistant pad/verify check, return 0 on success */ |
Vanger | 0:b86d15c6ba29 | 6213 | static int TimingPadVerify(CYASSL* ssl, const byte* input, int padLen, int t, |
Vanger | 0:b86d15c6ba29 | 6214 | int pLen, int content) |
Vanger | 0:b86d15c6ba29 | 6215 | { |
Vanger | 0:b86d15c6ba29 | 6216 | byte verify[MAX_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 6217 | byte dummy[MAX_PAD_SIZE]; |
Vanger | 0:b86d15c6ba29 | 6218 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 6219 | |
Vanger | 0:b86d15c6ba29 | 6220 | XMEMSET(dummy, 1, sizeof(dummy)); |
Vanger | 0:b86d15c6ba29 | 6221 | |
Vanger | 0:b86d15c6ba29 | 6222 | if ( (t + padLen + 1) > pLen) { |
Vanger | 0:b86d15c6ba29 | 6223 | CYASSL_MSG("Plain Len not long enough for pad/mac"); |
Vanger | 0:b86d15c6ba29 | 6224 | PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE); |
Vanger | 0:b86d15c6ba29 | 6225 | ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ |
Vanger | 0:b86d15c6ba29 | 6226 | ConstantCompare(verify, input + pLen - t, t); |
Vanger | 0:b86d15c6ba29 | 6227 | |
Vanger | 0:b86d15c6ba29 | 6228 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 6229 | } |
Vanger | 0:b86d15c6ba29 | 6230 | |
Vanger | 0:b86d15c6ba29 | 6231 | if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) { |
Vanger | 0:b86d15c6ba29 | 6232 | CYASSL_MSG("PadCheck failed"); |
Vanger | 0:b86d15c6ba29 | 6233 | PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); |
Vanger | 0:b86d15c6ba29 | 6234 | ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ |
Vanger | 0:b86d15c6ba29 | 6235 | ConstantCompare(verify, input + pLen - t, t); |
Vanger | 0:b86d15c6ba29 | 6236 | |
Vanger | 0:b86d15c6ba29 | 6237 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 6238 | } |
Vanger | 0:b86d15c6ba29 | 6239 | |
Vanger | 0:b86d15c6ba29 | 6240 | PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); |
Vanger | 0:b86d15c6ba29 | 6241 | ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1); |
Vanger | 0:b86d15c6ba29 | 6242 | |
Vanger | 0:b86d15c6ba29 | 6243 | CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy); |
Vanger | 0:b86d15c6ba29 | 6244 | |
Vanger | 0:b86d15c6ba29 | 6245 | if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) { |
Vanger | 0:b86d15c6ba29 | 6246 | CYASSL_MSG("Verify MAC compare failed"); |
Vanger | 0:b86d15c6ba29 | 6247 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 6248 | } |
Vanger | 0:b86d15c6ba29 | 6249 | |
Vanger | 0:b86d15c6ba29 | 6250 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 6251 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 6252 | return 0; |
Vanger | 0:b86d15c6ba29 | 6253 | } |
Vanger | 0:b86d15c6ba29 | 6254 | |
Vanger | 0:b86d15c6ba29 | 6255 | |
Vanger | 0:b86d15c6ba29 | 6256 | int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx) |
Vanger | 0:b86d15c6ba29 | 6257 | { |
Vanger | 0:b86d15c6ba29 | 6258 | word32 msgSz = ssl->keys.encryptSz; |
Vanger | 0:b86d15c6ba29 | 6259 | word32 idx = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 6260 | int dataSz; |
Vanger | 0:b86d15c6ba29 | 6261 | int ivExtra = 0; |
Vanger | 0:b86d15c6ba29 | 6262 | byte* rawData = input + idx; /* keep current for hmac */ |
Vanger | 0:b86d15c6ba29 | 6263 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 6264 | byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; |
Vanger | 0:b86d15c6ba29 | 6265 | #endif |
Vanger | 0:b86d15c6ba29 | 6266 | |
Vanger | 0:b86d15c6ba29 | 6267 | if (ssl->options.handShakeDone == 0) { |
Vanger | 0:b86d15c6ba29 | 6268 | CYASSL_MSG("Received App data before a handshake completed"); |
Vanger | 0:b86d15c6ba29 | 6269 | SendAlert(ssl, alert_fatal, unexpected_message); |
Vanger | 0:b86d15c6ba29 | 6270 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 6271 | } |
Vanger | 0:b86d15c6ba29 | 6272 | |
Vanger | 0:b86d15c6ba29 | 6273 | if (ssl->specs.cipher_type == block) { |
Vanger | 0:b86d15c6ba29 | 6274 | if (ssl->options.tls1_1) |
Vanger | 0:b86d15c6ba29 | 6275 | ivExtra = ssl->specs.block_size; |
Vanger | 0:b86d15c6ba29 | 6276 | } |
Vanger | 0:b86d15c6ba29 | 6277 | else if (ssl->specs.cipher_type == aead) { |
Vanger | 0:b86d15c6ba29 | 6278 | if (ssl->specs.bulk_cipher_algorithm != cyassl_chacha) |
Vanger | 0:b86d15c6ba29 | 6279 | ivExtra = AEAD_EXP_IV_SZ; |
Vanger | 0:b86d15c6ba29 | 6280 | } |
Vanger | 0:b86d15c6ba29 | 6281 | |
Vanger | 0:b86d15c6ba29 | 6282 | dataSz = msgSz - ivExtra - ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 6283 | if (dataSz < 0) { |
Vanger | 0:b86d15c6ba29 | 6284 | CYASSL_MSG("App data buffer error, malicious input?"); |
Vanger | 0:b86d15c6ba29 | 6285 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 6286 | } |
Vanger | 0:b86d15c6ba29 | 6287 | |
Vanger | 0:b86d15c6ba29 | 6288 | /* read data */ |
Vanger | 0:b86d15c6ba29 | 6289 | if (dataSz) { |
Vanger | 0:b86d15c6ba29 | 6290 | int rawSz = dataSz; /* keep raw size for idx adjustment */ |
Vanger | 0:b86d15c6ba29 | 6291 | |
Vanger | 0:b86d15c6ba29 | 6292 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 6293 | if (ssl->options.usingCompression) { |
Vanger | 0:b86d15c6ba29 | 6294 | dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp)); |
Vanger | 0:b86d15c6ba29 | 6295 | if (dataSz < 0) return dataSz; |
Vanger | 0:b86d15c6ba29 | 6296 | } |
Vanger | 0:b86d15c6ba29 | 6297 | #endif |
Vanger | 0:b86d15c6ba29 | 6298 | idx += rawSz; |
Vanger | 0:b86d15c6ba29 | 6299 | |
Vanger | 0:b86d15c6ba29 | 6300 | ssl->buffers.clearOutputBuffer.buffer = rawData; |
Vanger | 0:b86d15c6ba29 | 6301 | ssl->buffers.clearOutputBuffer.length = dataSz; |
Vanger | 0:b86d15c6ba29 | 6302 | } |
Vanger | 0:b86d15c6ba29 | 6303 | |
Vanger | 0:b86d15c6ba29 | 6304 | idx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 6305 | |
Vanger | 0:b86d15c6ba29 | 6306 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 6307 | /* decompress could be bigger, overwrite after verify */ |
Vanger | 0:b86d15c6ba29 | 6308 | if (ssl->options.usingCompression) |
Vanger | 0:b86d15c6ba29 | 6309 | XMEMMOVE(rawData, decomp, dataSz); |
Vanger | 0:b86d15c6ba29 | 6310 | #endif |
Vanger | 0:b86d15c6ba29 | 6311 | |
Vanger | 0:b86d15c6ba29 | 6312 | *inOutIdx = idx; |
Vanger | 0:b86d15c6ba29 | 6313 | return 0; |
Vanger | 0:b86d15c6ba29 | 6314 | } |
Vanger | 0:b86d15c6ba29 | 6315 | |
Vanger | 0:b86d15c6ba29 | 6316 | |
Vanger | 0:b86d15c6ba29 | 6317 | /* process alert, return level */ |
Vanger | 0:b86d15c6ba29 | 6318 | static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type, |
Vanger | 0:b86d15c6ba29 | 6319 | word32 totalSz) |
Vanger | 0:b86d15c6ba29 | 6320 | { |
Vanger | 0:b86d15c6ba29 | 6321 | byte level; |
Vanger | 0:b86d15c6ba29 | 6322 | byte code; |
Vanger | 0:b86d15c6ba29 | 6323 | |
Vanger | 0:b86d15c6ba29 | 6324 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 6325 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 6326 | AddPacketName("Alert", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 6327 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 6328 | /* add record header back on to info + 2 byte level, data */ |
Vanger | 0:b86d15c6ba29 | 6329 | AddPacketInfo("Alert", &ssl->timeoutInfo, input + *inOutIdx - |
Vanger | 0:b86d15c6ba29 | 6330 | RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 6331 | #endif |
Vanger | 0:b86d15c6ba29 | 6332 | |
Vanger | 0:b86d15c6ba29 | 6333 | /* make sure can read the message */ |
Vanger | 0:b86d15c6ba29 | 6334 | if (*inOutIdx + ALERT_SIZE > totalSz) |
Vanger | 0:b86d15c6ba29 | 6335 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 6336 | |
Vanger | 0:b86d15c6ba29 | 6337 | level = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 6338 | code = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 6339 | ssl->alert_history.last_rx.code = code; |
Vanger | 0:b86d15c6ba29 | 6340 | ssl->alert_history.last_rx.level = level; |
Vanger | 0:b86d15c6ba29 | 6341 | *type = code; |
Vanger | 0:b86d15c6ba29 | 6342 | if (level == alert_fatal) { |
Vanger | 0:b86d15c6ba29 | 6343 | ssl->options.isClosed = 1; /* Don't send close_notify */ |
Vanger | 0:b86d15c6ba29 | 6344 | } |
Vanger | 0:b86d15c6ba29 | 6345 | |
Vanger | 0:b86d15c6ba29 | 6346 | CYASSL_MSG("Got alert"); |
Vanger | 0:b86d15c6ba29 | 6347 | if (*type == close_notify) { |
Vanger | 0:b86d15c6ba29 | 6348 | CYASSL_MSG(" close notify"); |
Vanger | 0:b86d15c6ba29 | 6349 | ssl->options.closeNotify = 1; |
Vanger | 0:b86d15c6ba29 | 6350 | } |
Vanger | 0:b86d15c6ba29 | 6351 | CYASSL_ERROR(*type); |
Vanger | 0:b86d15c6ba29 | 6352 | |
Vanger | 0:b86d15c6ba29 | 6353 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 6354 | if (*inOutIdx + ssl->keys.padSz > totalSz) |
Vanger | 0:b86d15c6ba29 | 6355 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 6356 | *inOutIdx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 6357 | } |
Vanger | 0:b86d15c6ba29 | 6358 | |
Vanger | 0:b86d15c6ba29 | 6359 | return level; |
Vanger | 0:b86d15c6ba29 | 6360 | } |
Vanger | 0:b86d15c6ba29 | 6361 | |
Vanger | 0:b86d15c6ba29 | 6362 | static int GetInputData(CYASSL *ssl, word32 size) |
Vanger | 0:b86d15c6ba29 | 6363 | { |
Vanger | 0:b86d15c6ba29 | 6364 | int in; |
Vanger | 0:b86d15c6ba29 | 6365 | int inSz; |
Vanger | 0:b86d15c6ba29 | 6366 | int maxLength; |
Vanger | 0:b86d15c6ba29 | 6367 | int usedLength; |
Vanger | 0:b86d15c6ba29 | 6368 | int dtlsExtra = 0; |
Vanger | 0:b86d15c6ba29 | 6369 | |
Vanger | 0:b86d15c6ba29 | 6370 | |
Vanger | 0:b86d15c6ba29 | 6371 | /* check max input length */ |
Vanger | 0:b86d15c6ba29 | 6372 | usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx; |
Vanger | 0:b86d15c6ba29 | 6373 | maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength; |
Vanger | 0:b86d15c6ba29 | 6374 | inSz = (int)(size - usedLength); /* from last partial read */ |
Vanger | 0:b86d15c6ba29 | 6375 | |
Vanger | 0:b86d15c6ba29 | 6376 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6377 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6378 | if (size < ssl->dtls_expected_rx) |
Vanger | 0:b86d15c6ba29 | 6379 | dtlsExtra = (int)(ssl->dtls_expected_rx - size); |
Vanger | 0:b86d15c6ba29 | 6380 | inSz = ssl->dtls_expected_rx; |
Vanger | 0:b86d15c6ba29 | 6381 | } |
Vanger | 0:b86d15c6ba29 | 6382 | #endif |
Vanger | 0:b86d15c6ba29 | 6383 | |
Vanger | 0:b86d15c6ba29 | 6384 | if (inSz > maxLength) { |
Vanger | 0:b86d15c6ba29 | 6385 | if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0) |
Vanger | 0:b86d15c6ba29 | 6386 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 6387 | } |
Vanger | 0:b86d15c6ba29 | 6388 | |
Vanger | 0:b86d15c6ba29 | 6389 | if (inSz <= 0) |
Vanger | 0:b86d15c6ba29 | 6390 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 6391 | |
Vanger | 0:b86d15c6ba29 | 6392 | /* Put buffer data at start if not there */ |
Vanger | 0:b86d15c6ba29 | 6393 | if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0) |
Vanger | 0:b86d15c6ba29 | 6394 | XMEMMOVE(ssl->buffers.inputBuffer.buffer, |
Vanger | 0:b86d15c6ba29 | 6395 | ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6396 | usedLength); |
Vanger | 0:b86d15c6ba29 | 6397 | |
Vanger | 0:b86d15c6ba29 | 6398 | /* remove processed data */ |
Vanger | 0:b86d15c6ba29 | 6399 | ssl->buffers.inputBuffer.idx = 0; |
Vanger | 0:b86d15c6ba29 | 6400 | ssl->buffers.inputBuffer.length = usedLength; |
Vanger | 0:b86d15c6ba29 | 6401 | |
Vanger | 0:b86d15c6ba29 | 6402 | /* read data from network */ |
Vanger | 0:b86d15c6ba29 | 6403 | do { |
Vanger | 0:b86d15c6ba29 | 6404 | in = Receive(ssl, |
Vanger | 0:b86d15c6ba29 | 6405 | ssl->buffers.inputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 6406 | ssl->buffers.inputBuffer.length, |
Vanger | 0:b86d15c6ba29 | 6407 | inSz); |
Vanger | 0:b86d15c6ba29 | 6408 | if (in == -1) |
Vanger | 0:b86d15c6ba29 | 6409 | return SOCKET_ERROR_E; |
Vanger | 0:b86d15c6ba29 | 6410 | |
Vanger | 0:b86d15c6ba29 | 6411 | if (in == WANT_READ) |
Vanger | 0:b86d15c6ba29 | 6412 | return WANT_READ; |
Vanger | 0:b86d15c6ba29 | 6413 | |
Vanger | 0:b86d15c6ba29 | 6414 | if (in > inSz) |
Vanger | 0:b86d15c6ba29 | 6415 | return RECV_OVERFLOW_E; |
Vanger | 0:b86d15c6ba29 | 6416 | |
Vanger | 0:b86d15c6ba29 | 6417 | ssl->buffers.inputBuffer.length += in; |
Vanger | 0:b86d15c6ba29 | 6418 | inSz -= in; |
Vanger | 0:b86d15c6ba29 | 6419 | |
Vanger | 0:b86d15c6ba29 | 6420 | } while (ssl->buffers.inputBuffer.length < size); |
Vanger | 0:b86d15c6ba29 | 6421 | |
Vanger | 0:b86d15c6ba29 | 6422 | return 0; |
Vanger | 0:b86d15c6ba29 | 6423 | } |
Vanger | 0:b86d15c6ba29 | 6424 | |
Vanger | 0:b86d15c6ba29 | 6425 | |
Vanger | 0:b86d15c6ba29 | 6426 | static INLINE int VerifyMac(CYASSL* ssl, const byte* input, word32 msgSz, |
Vanger | 0:b86d15c6ba29 | 6427 | int content, word32* padSz) |
Vanger | 0:b86d15c6ba29 | 6428 | { |
Vanger | 0:b86d15c6ba29 | 6429 | int ivExtra = 0; |
Vanger | 0:b86d15c6ba29 | 6430 | int ret; |
Vanger | 0:b86d15c6ba29 | 6431 | word32 pad = 0; |
Vanger | 0:b86d15c6ba29 | 6432 | word32 padByte = 0; |
Vanger | 0:b86d15c6ba29 | 6433 | #ifdef HAVE_TRUNCATED_HMAC |
Vanger | 0:b86d15c6ba29 | 6434 | word32 digestSz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ |
Vanger | 0:b86d15c6ba29 | 6435 | : ssl->specs.hash_size; |
Vanger | 0:b86d15c6ba29 | 6436 | #else |
Vanger | 0:b86d15c6ba29 | 6437 | word32 digestSz = ssl->specs.hash_size; |
Vanger | 0:b86d15c6ba29 | 6438 | #endif |
Vanger | 0:b86d15c6ba29 | 6439 | byte verify[MAX_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 6440 | |
Vanger | 0:b86d15c6ba29 | 6441 | if (ssl->specs.cipher_type == block) { |
Vanger | 0:b86d15c6ba29 | 6442 | if (ssl->options.tls1_1) |
Vanger | 0:b86d15c6ba29 | 6443 | ivExtra = ssl->specs.block_size; |
Vanger | 0:b86d15c6ba29 | 6444 | pad = *(input + msgSz - ivExtra - 1); |
Vanger | 0:b86d15c6ba29 | 6445 | padByte = 1; |
Vanger | 0:b86d15c6ba29 | 6446 | |
Vanger | 0:b86d15c6ba29 | 6447 | if (ssl->options.tls) { |
Vanger | 0:b86d15c6ba29 | 6448 | ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra, |
Vanger | 0:b86d15c6ba29 | 6449 | content); |
Vanger | 0:b86d15c6ba29 | 6450 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 6451 | return ret; |
Vanger | 0:b86d15c6ba29 | 6452 | } |
Vanger | 0:b86d15c6ba29 | 6453 | else { /* sslv3, some implementations have bad padding, but don't |
Vanger | 0:b86d15c6ba29 | 6454 | * allow bad read */ |
Vanger | 0:b86d15c6ba29 | 6455 | int badPadLen = 0; |
Vanger | 0:b86d15c6ba29 | 6456 | byte dummy[MAX_PAD_SIZE]; |
Vanger | 0:b86d15c6ba29 | 6457 | |
Vanger | 0:b86d15c6ba29 | 6458 | XMEMSET(dummy, 1, sizeof(dummy)); |
Vanger | 0:b86d15c6ba29 | 6459 | |
Vanger | 0:b86d15c6ba29 | 6460 | if (pad > (msgSz - digestSz - 1)) { |
Vanger | 0:b86d15c6ba29 | 6461 | CYASSL_MSG("Plain Len not long enough for pad/mac"); |
Vanger | 0:b86d15c6ba29 | 6462 | pad = 0; /* no bad read */ |
Vanger | 0:b86d15c6ba29 | 6463 | badPadLen = 1; |
Vanger | 0:b86d15c6ba29 | 6464 | } |
Vanger | 0:b86d15c6ba29 | 6465 | PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */ |
Vanger | 0:b86d15c6ba29 | 6466 | ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, |
Vanger | 0:b86d15c6ba29 | 6467 | content, 1); |
Vanger | 0:b86d15c6ba29 | 6468 | if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1, |
Vanger | 0:b86d15c6ba29 | 6469 | digestSz) != 0) |
Vanger | 0:b86d15c6ba29 | 6470 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 6471 | if (ret != 0 || badPadLen) |
Vanger | 0:b86d15c6ba29 | 6472 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 6473 | } |
Vanger | 0:b86d15c6ba29 | 6474 | } |
Vanger | 0:b86d15c6ba29 | 6475 | else if (ssl->specs.cipher_type == stream) { |
Vanger | 0:b86d15c6ba29 | 6476 | ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1); |
Vanger | 0:b86d15c6ba29 | 6477 | if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){ |
Vanger | 0:b86d15c6ba29 | 6478 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 6479 | } |
Vanger | 0:b86d15c6ba29 | 6480 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 6481 | return VERIFY_MAC_ERROR; |
Vanger | 0:b86d15c6ba29 | 6482 | } |
Vanger | 0:b86d15c6ba29 | 6483 | |
Vanger | 0:b86d15c6ba29 | 6484 | if (ssl->specs.cipher_type == aead) { |
Vanger | 0:b86d15c6ba29 | 6485 | *padSz = ssl->specs.aead_mac_size; |
Vanger | 0:b86d15c6ba29 | 6486 | } |
Vanger | 0:b86d15c6ba29 | 6487 | else { |
Vanger | 0:b86d15c6ba29 | 6488 | *padSz = digestSz + pad + padByte; |
Vanger | 0:b86d15c6ba29 | 6489 | } |
Vanger | 0:b86d15c6ba29 | 6490 | |
Vanger | 0:b86d15c6ba29 | 6491 | return 0; |
Vanger | 0:b86d15c6ba29 | 6492 | } |
Vanger | 0:b86d15c6ba29 | 6493 | |
Vanger | 0:b86d15c6ba29 | 6494 | |
Vanger | 0:b86d15c6ba29 | 6495 | /* process input requests, return 0 is done, 1 is call again to complete, and |
Vanger | 0:b86d15c6ba29 | 6496 | negative number is error */ |
Vanger | 0:b86d15c6ba29 | 6497 | int ProcessReply(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 6498 | { |
Vanger | 0:b86d15c6ba29 | 6499 | int ret = 0, type, readSz; |
Vanger | 0:b86d15c6ba29 | 6500 | int atomicUser = 0; |
Vanger | 0:b86d15c6ba29 | 6501 | word32 startIdx = 0; |
Vanger | 0:b86d15c6ba29 | 6502 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6503 | int used; |
Vanger | 0:b86d15c6ba29 | 6504 | #endif |
Vanger | 0:b86d15c6ba29 | 6505 | |
Vanger | 0:b86d15c6ba29 | 6506 | #ifdef ATOMIC_USER |
Vanger | 0:b86d15c6ba29 | 6507 | if (ssl->ctx->DecryptVerifyCb) |
Vanger | 0:b86d15c6ba29 | 6508 | atomicUser = 1; |
Vanger | 0:b86d15c6ba29 | 6509 | #endif |
Vanger | 0:b86d15c6ba29 | 6510 | |
Vanger | 0:b86d15c6ba29 | 6511 | if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE){ |
Vanger | 0:b86d15c6ba29 | 6512 | CYASSL_MSG("ProcessReply retry in error state, not allowed"); |
Vanger | 0:b86d15c6ba29 | 6513 | return ssl->error; |
Vanger | 0:b86d15c6ba29 | 6514 | } |
Vanger | 0:b86d15c6ba29 | 6515 | |
Vanger | 0:b86d15c6ba29 | 6516 | for (;;) { |
Vanger | 0:b86d15c6ba29 | 6517 | switch (ssl->options.processReply) { |
Vanger | 0:b86d15c6ba29 | 6518 | |
Vanger | 0:b86d15c6ba29 | 6519 | /* in the CYASSL_SERVER case, get the first byte for detecting |
Vanger | 0:b86d15c6ba29 | 6520 | * old client hello */ |
Vanger | 0:b86d15c6ba29 | 6521 | case doProcessInit: |
Vanger | 0:b86d15c6ba29 | 6522 | |
Vanger | 0:b86d15c6ba29 | 6523 | readSz = RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 6524 | |
Vanger | 0:b86d15c6ba29 | 6525 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6526 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 6527 | readSz = DTLS_RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 6528 | #endif |
Vanger | 0:b86d15c6ba29 | 6529 | |
Vanger | 0:b86d15c6ba29 | 6530 | /* get header or return error */ |
Vanger | 0:b86d15c6ba29 | 6531 | if (!ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6532 | if ((ret = GetInputData(ssl, readSz)) < 0) |
Vanger | 0:b86d15c6ba29 | 6533 | return ret; |
Vanger | 0:b86d15c6ba29 | 6534 | } else { |
Vanger | 0:b86d15c6ba29 | 6535 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6536 | /* read ahead may already have header */ |
Vanger | 0:b86d15c6ba29 | 6537 | used = ssl->buffers.inputBuffer.length - |
Vanger | 0:b86d15c6ba29 | 6538 | ssl->buffers.inputBuffer.idx; |
Vanger | 0:b86d15c6ba29 | 6539 | if (used < readSz) |
Vanger | 0:b86d15c6ba29 | 6540 | if ((ret = GetInputData(ssl, readSz)) < 0) |
Vanger | 0:b86d15c6ba29 | 6541 | return ret; |
Vanger | 0:b86d15c6ba29 | 6542 | #endif |
Vanger | 0:b86d15c6ba29 | 6543 | } |
Vanger | 0:b86d15c6ba29 | 6544 | |
Vanger | 0:b86d15c6ba29 | 6545 | #ifdef OLD_HELLO_ALLOWED |
Vanger | 0:b86d15c6ba29 | 6546 | |
Vanger | 0:b86d15c6ba29 | 6547 | /* see if sending SSLv2 client hello */ |
Vanger | 0:b86d15c6ba29 | 6548 | if ( ssl->options.side == CYASSL_SERVER_END && |
Vanger | 0:b86d15c6ba29 | 6549 | ssl->options.clientState == NULL_STATE && |
Vanger | 0:b86d15c6ba29 | 6550 | ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] |
Vanger | 0:b86d15c6ba29 | 6551 | != handshake) { |
Vanger | 0:b86d15c6ba29 | 6552 | byte b0, b1; |
Vanger | 0:b86d15c6ba29 | 6553 | |
Vanger | 0:b86d15c6ba29 | 6554 | ssl->options.processReply = runProcessOldClientHello; |
Vanger | 0:b86d15c6ba29 | 6555 | |
Vanger | 0:b86d15c6ba29 | 6556 | /* sanity checks before getting size at front */ |
Vanger | 0:b86d15c6ba29 | 6557 | if (ssl->buffers.inputBuffer.buffer[ |
Vanger | 0:b86d15c6ba29 | 6558 | ssl->buffers.inputBuffer.idx + 2] != OLD_HELLO_ID) { |
Vanger | 0:b86d15c6ba29 | 6559 | CYASSL_MSG("Not a valid old client hello"); |
Vanger | 0:b86d15c6ba29 | 6560 | return PARSE_ERROR; |
Vanger | 0:b86d15c6ba29 | 6561 | } |
Vanger | 0:b86d15c6ba29 | 6562 | |
Vanger | 0:b86d15c6ba29 | 6563 | if (ssl->buffers.inputBuffer.buffer[ |
Vanger | 0:b86d15c6ba29 | 6564 | ssl->buffers.inputBuffer.idx + 3] != SSLv3_MAJOR && |
Vanger | 0:b86d15c6ba29 | 6565 | ssl->buffers.inputBuffer.buffer[ |
Vanger | 0:b86d15c6ba29 | 6566 | ssl->buffers.inputBuffer.idx + 3] != DTLS_MAJOR) { |
Vanger | 0:b86d15c6ba29 | 6567 | CYASSL_MSG("Not a valid version in old client hello"); |
Vanger | 0:b86d15c6ba29 | 6568 | return PARSE_ERROR; |
Vanger | 0:b86d15c6ba29 | 6569 | } |
Vanger | 0:b86d15c6ba29 | 6570 | |
Vanger | 0:b86d15c6ba29 | 6571 | /* how many bytes need ProcessOldClientHello */ |
Vanger | 0:b86d15c6ba29 | 6572 | b0 = |
Vanger | 0:b86d15c6ba29 | 6573 | ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++]; |
Vanger | 0:b86d15c6ba29 | 6574 | b1 = |
Vanger | 0:b86d15c6ba29 | 6575 | ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++]; |
Vanger | 0:b86d15c6ba29 | 6576 | ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1); |
Vanger | 0:b86d15c6ba29 | 6577 | } |
Vanger | 0:b86d15c6ba29 | 6578 | else { |
Vanger | 0:b86d15c6ba29 | 6579 | ssl->options.processReply = getRecordLayerHeader; |
Vanger | 0:b86d15c6ba29 | 6580 | continue; |
Vanger | 0:b86d15c6ba29 | 6581 | } |
Vanger | 0:b86d15c6ba29 | 6582 | |
Vanger | 0:b86d15c6ba29 | 6583 | /* in the CYASSL_SERVER case, run the old client hello */ |
Vanger | 0:b86d15c6ba29 | 6584 | case runProcessOldClientHello: |
Vanger | 0:b86d15c6ba29 | 6585 | |
Vanger | 0:b86d15c6ba29 | 6586 | /* get sz bytes or return error */ |
Vanger | 0:b86d15c6ba29 | 6587 | if (!ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6588 | if ((ret = GetInputData(ssl, ssl->curSize)) < 0) |
Vanger | 0:b86d15c6ba29 | 6589 | return ret; |
Vanger | 0:b86d15c6ba29 | 6590 | } else { |
Vanger | 0:b86d15c6ba29 | 6591 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6592 | /* read ahead may already have */ |
Vanger | 0:b86d15c6ba29 | 6593 | used = ssl->buffers.inputBuffer.length - |
Vanger | 0:b86d15c6ba29 | 6594 | ssl->buffers.inputBuffer.idx; |
Vanger | 0:b86d15c6ba29 | 6595 | if (used < ssl->curSize) |
Vanger | 0:b86d15c6ba29 | 6596 | if ((ret = GetInputData(ssl, ssl->curSize)) < 0) |
Vanger | 0:b86d15c6ba29 | 6597 | return ret; |
Vanger | 0:b86d15c6ba29 | 6598 | #endif /* CYASSL_DTLS */ |
Vanger | 0:b86d15c6ba29 | 6599 | } |
Vanger | 0:b86d15c6ba29 | 6600 | |
Vanger | 0:b86d15c6ba29 | 6601 | ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer, |
Vanger | 0:b86d15c6ba29 | 6602 | &ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6603 | ssl->buffers.inputBuffer.length - |
Vanger | 0:b86d15c6ba29 | 6604 | ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6605 | ssl->curSize); |
Vanger | 0:b86d15c6ba29 | 6606 | if (ret < 0) |
Vanger | 0:b86d15c6ba29 | 6607 | return ret; |
Vanger | 0:b86d15c6ba29 | 6608 | |
Vanger | 0:b86d15c6ba29 | 6609 | else if (ssl->buffers.inputBuffer.idx == |
Vanger | 0:b86d15c6ba29 | 6610 | ssl->buffers.inputBuffer.length) { |
Vanger | 0:b86d15c6ba29 | 6611 | ssl->options.processReply = doProcessInit; |
Vanger | 0:b86d15c6ba29 | 6612 | return 0; |
Vanger | 0:b86d15c6ba29 | 6613 | } |
Vanger | 0:b86d15c6ba29 | 6614 | |
Vanger | 0:b86d15c6ba29 | 6615 | #endif /* OLD_HELLO_ALLOWED */ |
Vanger | 0:b86d15c6ba29 | 6616 | |
Vanger | 0:b86d15c6ba29 | 6617 | /* get the record layer header */ |
Vanger | 0:b86d15c6ba29 | 6618 | case getRecordLayerHeader: |
Vanger | 0:b86d15c6ba29 | 6619 | |
Vanger | 0:b86d15c6ba29 | 6620 | ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer, |
Vanger | 0:b86d15c6ba29 | 6621 | &ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6622 | &ssl->curRL, &ssl->curSize); |
Vanger | 0:b86d15c6ba29 | 6623 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6624 | if (ssl->options.dtls && ret == SEQUENCE_ERROR) { |
Vanger | 0:b86d15c6ba29 | 6625 | ssl->options.processReply = doProcessInit; |
Vanger | 0:b86d15c6ba29 | 6626 | ssl->buffers.inputBuffer.length = 0; |
Vanger | 0:b86d15c6ba29 | 6627 | ssl->buffers.inputBuffer.idx = 0; |
Vanger | 0:b86d15c6ba29 | 6628 | continue; |
Vanger | 0:b86d15c6ba29 | 6629 | } |
Vanger | 0:b86d15c6ba29 | 6630 | #endif |
Vanger | 0:b86d15c6ba29 | 6631 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 6632 | return ret; |
Vanger | 0:b86d15c6ba29 | 6633 | |
Vanger | 0:b86d15c6ba29 | 6634 | ssl->options.processReply = getData; |
Vanger | 0:b86d15c6ba29 | 6635 | |
Vanger | 0:b86d15c6ba29 | 6636 | /* retrieve record layer data */ |
Vanger | 0:b86d15c6ba29 | 6637 | case getData: |
Vanger | 0:b86d15c6ba29 | 6638 | |
Vanger | 0:b86d15c6ba29 | 6639 | /* get sz bytes or return error */ |
Vanger | 0:b86d15c6ba29 | 6640 | if (!ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6641 | if ((ret = GetInputData(ssl, ssl->curSize)) < 0) |
Vanger | 0:b86d15c6ba29 | 6642 | return ret; |
Vanger | 0:b86d15c6ba29 | 6643 | } else { |
Vanger | 0:b86d15c6ba29 | 6644 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6645 | /* read ahead may already have */ |
Vanger | 0:b86d15c6ba29 | 6646 | used = ssl->buffers.inputBuffer.length - |
Vanger | 0:b86d15c6ba29 | 6647 | ssl->buffers.inputBuffer.idx; |
Vanger | 0:b86d15c6ba29 | 6648 | if (used < ssl->curSize) |
Vanger | 0:b86d15c6ba29 | 6649 | if ((ret = GetInputData(ssl, ssl->curSize)) < 0) |
Vanger | 0:b86d15c6ba29 | 6650 | return ret; |
Vanger | 0:b86d15c6ba29 | 6651 | #endif |
Vanger | 0:b86d15c6ba29 | 6652 | } |
Vanger | 0:b86d15c6ba29 | 6653 | |
Vanger | 0:b86d15c6ba29 | 6654 | ssl->options.processReply = runProcessingOneMessage; |
Vanger | 0:b86d15c6ba29 | 6655 | startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */ |
Vanger | 0:b86d15c6ba29 | 6656 | |
Vanger | 0:b86d15c6ba29 | 6657 | /* the record layer is here */ |
Vanger | 0:b86d15c6ba29 | 6658 | case runProcessingOneMessage: |
Vanger | 0:b86d15c6ba29 | 6659 | |
Vanger | 0:b86d15c6ba29 | 6660 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6661 | if (ssl->options.dtls && |
Vanger | 0:b86d15c6ba29 | 6662 | ssl->keys.dtls_state.curEpoch < ssl->keys.dtls_state.nextEpoch) |
Vanger | 0:b86d15c6ba29 | 6663 | ssl->keys.decryptedCur = 1; |
Vanger | 0:b86d15c6ba29 | 6664 | #endif |
Vanger | 0:b86d15c6ba29 | 6665 | |
Vanger | 0:b86d15c6ba29 | 6666 | if (ssl->keys.encryptionOn && ssl->keys.decryptedCur == 0) |
Vanger | 0:b86d15c6ba29 | 6667 | { |
Vanger | 0:b86d15c6ba29 | 6668 | ret = SanityCheckCipherText(ssl, ssl->curSize); |
Vanger | 0:b86d15c6ba29 | 6669 | if (ret < 0) |
Vanger | 0:b86d15c6ba29 | 6670 | return ret; |
Vanger | 0:b86d15c6ba29 | 6671 | |
Vanger | 0:b86d15c6ba29 | 6672 | if (atomicUser) { |
Vanger | 0:b86d15c6ba29 | 6673 | #ifdef ATOMIC_USER |
Vanger | 0:b86d15c6ba29 | 6674 | ret = ssl->ctx->DecryptVerifyCb(ssl, |
Vanger | 0:b86d15c6ba29 | 6675 | ssl->buffers.inputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 6676 | ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6677 | ssl->buffers.inputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 6678 | ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6679 | ssl->curSize, ssl->curRL.type, 1, |
Vanger | 0:b86d15c6ba29 | 6680 | &ssl->keys.padSz, ssl->DecryptVerifyCtx); |
Vanger | 0:b86d15c6ba29 | 6681 | if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) |
Vanger | 0:b86d15c6ba29 | 6682 | ssl->buffers.inputBuffer.idx += ssl->specs.block_size; |
Vanger | 0:b86d15c6ba29 | 6683 | /* go past TLSv1.1 IV */ |
Vanger | 0:b86d15c6ba29 | 6684 | if (ssl->specs.cipher_type == aead && |
Vanger | 0:b86d15c6ba29 | 6685 | ssl->specs.bulk_cipher_algorithm != cyassl_chacha) |
Vanger | 0:b86d15c6ba29 | 6686 | ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ; |
Vanger | 0:b86d15c6ba29 | 6687 | #endif /* ATOMIC_USER */ |
Vanger | 0:b86d15c6ba29 | 6688 | } |
Vanger | 0:b86d15c6ba29 | 6689 | else { |
Vanger | 0:b86d15c6ba29 | 6690 | ret = Decrypt(ssl, ssl->buffers.inputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 6691 | ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6692 | ssl->buffers.inputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 6693 | ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6694 | ssl->curSize); |
Vanger | 0:b86d15c6ba29 | 6695 | if (ret < 0) { |
Vanger | 0:b86d15c6ba29 | 6696 | CYASSL_ERROR(ret); |
Vanger | 0:b86d15c6ba29 | 6697 | return DECRYPT_ERROR; |
Vanger | 0:b86d15c6ba29 | 6698 | } |
Vanger | 0:b86d15c6ba29 | 6699 | if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) |
Vanger | 0:b86d15c6ba29 | 6700 | ssl->buffers.inputBuffer.idx += ssl->specs.block_size; |
Vanger | 0:b86d15c6ba29 | 6701 | /* go past TLSv1.1 IV */ |
Vanger | 0:b86d15c6ba29 | 6702 | if (ssl->specs.cipher_type == aead && |
Vanger | 0:b86d15c6ba29 | 6703 | ssl->specs.bulk_cipher_algorithm != cyassl_chacha) |
Vanger | 0:b86d15c6ba29 | 6704 | ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ; |
Vanger | 0:b86d15c6ba29 | 6705 | |
Vanger | 0:b86d15c6ba29 | 6706 | ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 6707 | ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6708 | ssl->curSize, ssl->curRL.type, |
Vanger | 0:b86d15c6ba29 | 6709 | &ssl->keys.padSz); |
Vanger | 0:b86d15c6ba29 | 6710 | } |
Vanger | 0:b86d15c6ba29 | 6711 | if (ret < 0) { |
Vanger | 0:b86d15c6ba29 | 6712 | CYASSL_ERROR(ret); |
Vanger | 0:b86d15c6ba29 | 6713 | return DECRYPT_ERROR; |
Vanger | 0:b86d15c6ba29 | 6714 | } |
Vanger | 0:b86d15c6ba29 | 6715 | ssl->keys.encryptSz = ssl->curSize; |
Vanger | 0:b86d15c6ba29 | 6716 | ssl->keys.decryptedCur = 1; |
Vanger | 0:b86d15c6ba29 | 6717 | } |
Vanger | 0:b86d15c6ba29 | 6718 | |
Vanger | 0:b86d15c6ba29 | 6719 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6720 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6721 | DtlsUpdateWindow(&ssl->keys.dtls_state); |
Vanger | 0:b86d15c6ba29 | 6722 | #endif /* CYASSL_DTLS */ |
Vanger | 0:b86d15c6ba29 | 6723 | } |
Vanger | 0:b86d15c6ba29 | 6724 | |
Vanger | 0:b86d15c6ba29 | 6725 | CYASSL_MSG("received record layer msg"); |
Vanger | 0:b86d15c6ba29 | 6726 | |
Vanger | 0:b86d15c6ba29 | 6727 | switch (ssl->curRL.type) { |
Vanger | 0:b86d15c6ba29 | 6728 | case handshake : |
Vanger | 0:b86d15c6ba29 | 6729 | /* debugging in DoHandShakeMsg */ |
Vanger | 0:b86d15c6ba29 | 6730 | if (!ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6731 | ret = DoHandShakeMsg(ssl, |
Vanger | 0:b86d15c6ba29 | 6732 | ssl->buffers.inputBuffer.buffer, |
Vanger | 0:b86d15c6ba29 | 6733 | &ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6734 | ssl->buffers.inputBuffer.length); |
Vanger | 0:b86d15c6ba29 | 6735 | } |
Vanger | 0:b86d15c6ba29 | 6736 | else { |
Vanger | 0:b86d15c6ba29 | 6737 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6738 | ret = DoDtlsHandShakeMsg(ssl, |
Vanger | 0:b86d15c6ba29 | 6739 | ssl->buffers.inputBuffer.buffer, |
Vanger | 0:b86d15c6ba29 | 6740 | &ssl->buffers.inputBuffer.idx, |
Vanger | 0:b86d15c6ba29 | 6741 | ssl->buffers.inputBuffer.length); |
Vanger | 0:b86d15c6ba29 | 6742 | #endif |
Vanger | 0:b86d15c6ba29 | 6743 | } |
Vanger | 0:b86d15c6ba29 | 6744 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 6745 | return ret; |
Vanger | 0:b86d15c6ba29 | 6746 | break; |
Vanger | 0:b86d15c6ba29 | 6747 | |
Vanger | 0:b86d15c6ba29 | 6748 | case change_cipher_spec: |
Vanger | 0:b86d15c6ba29 | 6749 | CYASSL_MSG("got CHANGE CIPHER SPEC"); |
Vanger | 0:b86d15c6ba29 | 6750 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 6751 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 6752 | AddPacketName("ChangeCipher", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 6753 | /* add record header back on info */ |
Vanger | 0:b86d15c6ba29 | 6754 | if (ssl->toInfoOn) { |
Vanger | 0:b86d15c6ba29 | 6755 | AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, |
Vanger | 0:b86d15c6ba29 | 6756 | ssl->buffers.inputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 6757 | ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ, |
Vanger | 0:b86d15c6ba29 | 6758 | 1 + RECORD_HEADER_SZ, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 6759 | AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 6760 | } |
Vanger | 0:b86d15c6ba29 | 6761 | #endif |
Vanger | 0:b86d15c6ba29 | 6762 | |
Vanger | 0:b86d15c6ba29 | 6763 | ret = SanityCheckMsgReceived(ssl, change_cipher_hs); |
Vanger | 0:b86d15c6ba29 | 6764 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 6765 | return ret; |
Vanger | 0:b86d15c6ba29 | 6766 | |
Vanger | 0:b86d15c6ba29 | 6767 | #ifdef HAVE_SESSION_TICKET |
Vanger | 0:b86d15c6ba29 | 6768 | if (ssl->options.side == CYASSL_CLIENT_END && |
Vanger | 0:b86d15c6ba29 | 6769 | ssl->expect_session_ticket) { |
Vanger | 0:b86d15c6ba29 | 6770 | CYASSL_MSG("Expected session ticket missing"); |
Vanger | 0:b86d15c6ba29 | 6771 | return SESSION_TICKET_EXPECT_E; |
Vanger | 0:b86d15c6ba29 | 6772 | } |
Vanger | 0:b86d15c6ba29 | 6773 | #endif |
Vanger | 0:b86d15c6ba29 | 6774 | |
Vanger | 0:b86d15c6ba29 | 6775 | if (ssl->keys.encryptionOn && ssl->options.handShakeDone) { |
Vanger | 0:b86d15c6ba29 | 6776 | ssl->buffers.inputBuffer.idx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 6777 | ssl->curSize -= ssl->buffers.inputBuffer.idx; |
Vanger | 0:b86d15c6ba29 | 6778 | } |
Vanger | 0:b86d15c6ba29 | 6779 | |
Vanger | 0:b86d15c6ba29 | 6780 | if (ssl->curSize != 1) { |
Vanger | 0:b86d15c6ba29 | 6781 | CYASSL_MSG("Malicious or corrupted ChangeCipher msg"); |
Vanger | 0:b86d15c6ba29 | 6782 | return LENGTH_ERROR; |
Vanger | 0:b86d15c6ba29 | 6783 | } |
Vanger | 0:b86d15c6ba29 | 6784 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 6785 | if (ssl->options.side == CYASSL_SERVER_END && |
Vanger | 0:b86d15c6ba29 | 6786 | ssl->options.verifyPeer && |
Vanger | 0:b86d15c6ba29 | 6787 | ssl->options.havePeerCert) |
Vanger | 0:b86d15c6ba29 | 6788 | if (!ssl->options.havePeerVerify) { |
Vanger | 0:b86d15c6ba29 | 6789 | CYASSL_MSG("client didn't send cert verify"); |
Vanger | 0:b86d15c6ba29 | 6790 | return NO_PEER_VERIFY; |
Vanger | 0:b86d15c6ba29 | 6791 | } |
Vanger | 0:b86d15c6ba29 | 6792 | #endif |
Vanger | 0:b86d15c6ba29 | 6793 | |
Vanger | 0:b86d15c6ba29 | 6794 | |
Vanger | 0:b86d15c6ba29 | 6795 | ssl->buffers.inputBuffer.idx++; |
Vanger | 0:b86d15c6ba29 | 6796 | ssl->keys.encryptionOn = 1; |
Vanger | 0:b86d15c6ba29 | 6797 | |
Vanger | 0:b86d15c6ba29 | 6798 | /* setup decrypt keys for following messages */ |
Vanger | 0:b86d15c6ba29 | 6799 | if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) |
Vanger | 0:b86d15c6ba29 | 6800 | return ret; |
Vanger | 0:b86d15c6ba29 | 6801 | |
Vanger | 0:b86d15c6ba29 | 6802 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6803 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6804 | DtlsPoolReset(ssl); |
Vanger | 0:b86d15c6ba29 | 6805 | ssl->keys.dtls_state.nextEpoch++; |
Vanger | 0:b86d15c6ba29 | 6806 | ssl->keys.dtls_state.nextSeq = 0; |
Vanger | 0:b86d15c6ba29 | 6807 | } |
Vanger | 0:b86d15c6ba29 | 6808 | #endif |
Vanger | 0:b86d15c6ba29 | 6809 | |
Vanger | 0:b86d15c6ba29 | 6810 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 6811 | if (ssl->options.usingCompression) |
Vanger | 0:b86d15c6ba29 | 6812 | if ( (ret = InitStreams(ssl)) != 0) |
Vanger | 0:b86d15c6ba29 | 6813 | return ret; |
Vanger | 0:b86d15c6ba29 | 6814 | #endif |
Vanger | 0:b86d15c6ba29 | 6815 | if (ssl->options.resuming && ssl->options.side == |
Vanger | 0:b86d15c6ba29 | 6816 | CYASSL_CLIENT_END) |
Vanger | 0:b86d15c6ba29 | 6817 | ret = BuildFinished(ssl, &ssl->verifyHashes, server); |
Vanger | 0:b86d15c6ba29 | 6818 | else if (!ssl->options.resuming && ssl->options.side == |
Vanger | 0:b86d15c6ba29 | 6819 | CYASSL_SERVER_END) |
Vanger | 0:b86d15c6ba29 | 6820 | ret = BuildFinished(ssl, &ssl->verifyHashes, client); |
Vanger | 0:b86d15c6ba29 | 6821 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 6822 | return ret; |
Vanger | 0:b86d15c6ba29 | 6823 | break; |
Vanger | 0:b86d15c6ba29 | 6824 | |
Vanger | 0:b86d15c6ba29 | 6825 | case application_data: |
Vanger | 0:b86d15c6ba29 | 6826 | CYASSL_MSG("got app DATA"); |
Vanger | 0:b86d15c6ba29 | 6827 | if ((ret = DoApplicationData(ssl, |
Vanger | 0:b86d15c6ba29 | 6828 | ssl->buffers.inputBuffer.buffer, |
Vanger | 0:b86d15c6ba29 | 6829 | &ssl->buffers.inputBuffer.idx)) |
Vanger | 0:b86d15c6ba29 | 6830 | != 0) { |
Vanger | 0:b86d15c6ba29 | 6831 | CYASSL_ERROR(ret); |
Vanger | 0:b86d15c6ba29 | 6832 | return ret; |
Vanger | 0:b86d15c6ba29 | 6833 | } |
Vanger | 0:b86d15c6ba29 | 6834 | break; |
Vanger | 0:b86d15c6ba29 | 6835 | |
Vanger | 0:b86d15c6ba29 | 6836 | case alert: |
Vanger | 0:b86d15c6ba29 | 6837 | CYASSL_MSG("got ALERT!"); |
Vanger | 0:b86d15c6ba29 | 6838 | ret = DoAlert(ssl, ssl->buffers.inputBuffer.buffer, |
Vanger | 0:b86d15c6ba29 | 6839 | &ssl->buffers.inputBuffer.idx, &type, |
Vanger | 0:b86d15c6ba29 | 6840 | ssl->buffers.inputBuffer.length); |
Vanger | 0:b86d15c6ba29 | 6841 | if (ret == alert_fatal) |
Vanger | 0:b86d15c6ba29 | 6842 | return FATAL_ERROR; |
Vanger | 0:b86d15c6ba29 | 6843 | else if (ret < 0) |
Vanger | 0:b86d15c6ba29 | 6844 | return ret; |
Vanger | 0:b86d15c6ba29 | 6845 | |
Vanger | 0:b86d15c6ba29 | 6846 | /* catch warnings that are handled as errors */ |
Vanger | 0:b86d15c6ba29 | 6847 | if (type == close_notify) |
Vanger | 0:b86d15c6ba29 | 6848 | return ssl->error = ZERO_RETURN; |
Vanger | 0:b86d15c6ba29 | 6849 | |
Vanger | 0:b86d15c6ba29 | 6850 | if (type == decrypt_error) |
Vanger | 0:b86d15c6ba29 | 6851 | return FATAL_ERROR; |
Vanger | 0:b86d15c6ba29 | 6852 | break; |
Vanger | 0:b86d15c6ba29 | 6853 | |
Vanger | 0:b86d15c6ba29 | 6854 | default: |
Vanger | 0:b86d15c6ba29 | 6855 | CYASSL_ERROR(UNKNOWN_RECORD_TYPE); |
Vanger | 0:b86d15c6ba29 | 6856 | return UNKNOWN_RECORD_TYPE; |
Vanger | 0:b86d15c6ba29 | 6857 | } |
Vanger | 0:b86d15c6ba29 | 6858 | |
Vanger | 0:b86d15c6ba29 | 6859 | ssl->options.processReply = doProcessInit; |
Vanger | 0:b86d15c6ba29 | 6860 | |
Vanger | 0:b86d15c6ba29 | 6861 | /* input exhausted? */ |
Vanger | 0:b86d15c6ba29 | 6862 | if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length) |
Vanger | 0:b86d15c6ba29 | 6863 | return 0; |
Vanger | 0:b86d15c6ba29 | 6864 | /* more messages per record */ |
Vanger | 0:b86d15c6ba29 | 6865 | else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) { |
Vanger | 0:b86d15c6ba29 | 6866 | CYASSL_MSG("More messages in record"); |
Vanger | 0:b86d15c6ba29 | 6867 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6868 | /* read-ahead but dtls doesn't bundle messages per record */ |
Vanger | 0:b86d15c6ba29 | 6869 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6870 | ssl->options.processReply = doProcessInit; |
Vanger | 0:b86d15c6ba29 | 6871 | continue; |
Vanger | 0:b86d15c6ba29 | 6872 | } |
Vanger | 0:b86d15c6ba29 | 6873 | #endif |
Vanger | 0:b86d15c6ba29 | 6874 | ssl->options.processReply = runProcessingOneMessage; |
Vanger | 0:b86d15c6ba29 | 6875 | |
Vanger | 0:b86d15c6ba29 | 6876 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 6877 | CYASSL_MSG("Bundled encrypted messages, remove middle pad"); |
Vanger | 0:b86d15c6ba29 | 6878 | ssl->buffers.inputBuffer.idx -= ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 6879 | } |
Vanger | 0:b86d15c6ba29 | 6880 | |
Vanger | 0:b86d15c6ba29 | 6881 | continue; |
Vanger | 0:b86d15c6ba29 | 6882 | } |
Vanger | 0:b86d15c6ba29 | 6883 | /* more records */ |
Vanger | 0:b86d15c6ba29 | 6884 | else { |
Vanger | 0:b86d15c6ba29 | 6885 | CYASSL_MSG("More records in input"); |
Vanger | 0:b86d15c6ba29 | 6886 | ssl->options.processReply = doProcessInit; |
Vanger | 0:b86d15c6ba29 | 6887 | continue; |
Vanger | 0:b86d15c6ba29 | 6888 | } |
Vanger | 0:b86d15c6ba29 | 6889 | |
Vanger | 0:b86d15c6ba29 | 6890 | default: |
Vanger | 0:b86d15c6ba29 | 6891 | CYASSL_MSG("Bad process input state, programming error"); |
Vanger | 0:b86d15c6ba29 | 6892 | return INPUT_CASE_ERROR; |
Vanger | 0:b86d15c6ba29 | 6893 | } |
Vanger | 0:b86d15c6ba29 | 6894 | } |
Vanger | 0:b86d15c6ba29 | 6895 | } |
Vanger | 0:b86d15c6ba29 | 6896 | |
Vanger | 0:b86d15c6ba29 | 6897 | |
Vanger | 0:b86d15c6ba29 | 6898 | int SendChangeCipher(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 6899 | { |
Vanger | 0:b86d15c6ba29 | 6900 | byte *output; |
Vanger | 0:b86d15c6ba29 | 6901 | int sendSz = RECORD_HEADER_SZ + ENUM_LEN; |
Vanger | 0:b86d15c6ba29 | 6902 | int idx = RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 6903 | int ret; |
Vanger | 0:b86d15c6ba29 | 6904 | |
Vanger | 0:b86d15c6ba29 | 6905 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6906 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6907 | sendSz += DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 6908 | idx += DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 6909 | } |
Vanger | 0:b86d15c6ba29 | 6910 | #endif |
Vanger | 0:b86d15c6ba29 | 6911 | |
Vanger | 0:b86d15c6ba29 | 6912 | /* are we in scr */ |
Vanger | 0:b86d15c6ba29 | 6913 | if (ssl->keys.encryptionOn && ssl->options.handShakeDone) { |
Vanger | 0:b86d15c6ba29 | 6914 | sendSz += MAX_MSG_EXTRA; |
Vanger | 0:b86d15c6ba29 | 6915 | } |
Vanger | 0:b86d15c6ba29 | 6916 | |
Vanger | 0:b86d15c6ba29 | 6917 | /* check for avalaible size */ |
Vanger | 0:b86d15c6ba29 | 6918 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 6919 | return ret; |
Vanger | 0:b86d15c6ba29 | 6920 | |
Vanger | 0:b86d15c6ba29 | 6921 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 6922 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 6923 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 6924 | |
Vanger | 0:b86d15c6ba29 | 6925 | AddRecordHeader(output, 1, change_cipher_spec, ssl); |
Vanger | 0:b86d15c6ba29 | 6926 | |
Vanger | 0:b86d15c6ba29 | 6927 | output[idx] = 1; /* turn it on */ |
Vanger | 0:b86d15c6ba29 | 6928 | |
Vanger | 0:b86d15c6ba29 | 6929 | if (ssl->keys.encryptionOn && ssl->options.handShakeDone) { |
Vanger | 0:b86d15c6ba29 | 6930 | byte input[ENUM_LEN]; |
Vanger | 0:b86d15c6ba29 | 6931 | int inputSz = ENUM_LEN; |
Vanger | 0:b86d15c6ba29 | 6932 | |
Vanger | 0:b86d15c6ba29 | 6933 | input[0] = 1; /* turn it on */ |
Vanger | 0:b86d15c6ba29 | 6934 | sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, |
Vanger | 0:b86d15c6ba29 | 6935 | change_cipher_spec); |
Vanger | 0:b86d15c6ba29 | 6936 | if (sendSz < 0) |
Vanger | 0:b86d15c6ba29 | 6937 | return sendSz; |
Vanger | 0:b86d15c6ba29 | 6938 | } |
Vanger | 0:b86d15c6ba29 | 6939 | |
Vanger | 0:b86d15c6ba29 | 6940 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6941 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6942 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 6943 | return ret; |
Vanger | 0:b86d15c6ba29 | 6944 | } |
Vanger | 0:b86d15c6ba29 | 6945 | #endif |
Vanger | 0:b86d15c6ba29 | 6946 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 6947 | if (ssl->hsInfoOn) AddPacketName("ChangeCipher", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 6948 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 6949 | AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, output, sendSz, |
Vanger | 0:b86d15c6ba29 | 6950 | ssl->heap); |
Vanger | 0:b86d15c6ba29 | 6951 | #endif |
Vanger | 0:b86d15c6ba29 | 6952 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 6953 | |
Vanger | 0:b86d15c6ba29 | 6954 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 6955 | return 0; |
Vanger | 0:b86d15c6ba29 | 6956 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 6957 | else if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 6958 | /* If using DTLS, force the ChangeCipherSpec message to be in the |
Vanger | 0:b86d15c6ba29 | 6959 | * same datagram as the finished message. */ |
Vanger | 0:b86d15c6ba29 | 6960 | return 0; |
Vanger | 0:b86d15c6ba29 | 6961 | } |
Vanger | 0:b86d15c6ba29 | 6962 | #endif |
Vanger | 0:b86d15c6ba29 | 6963 | else |
Vanger | 0:b86d15c6ba29 | 6964 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 6965 | } |
Vanger | 0:b86d15c6ba29 | 6966 | |
Vanger | 0:b86d15c6ba29 | 6967 | |
Vanger | 0:b86d15c6ba29 | 6968 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 6969 | static int SSL_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, |
Vanger | 0:b86d15c6ba29 | 6970 | int content, int verify) |
Vanger | 0:b86d15c6ba29 | 6971 | { |
Vanger | 0:b86d15c6ba29 | 6972 | byte result[MAX_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 6973 | word32 digestSz = ssl->specs.hash_size; /* actual sizes */ |
Vanger | 0:b86d15c6ba29 | 6974 | word32 padSz = ssl->specs.pad_size; |
Vanger | 0:b86d15c6ba29 | 6975 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 6976 | |
Vanger | 0:b86d15c6ba29 | 6977 | Md5 md5; |
Vanger | 0:b86d15c6ba29 | 6978 | Sha sha; |
Vanger | 0:b86d15c6ba29 | 6979 | |
Vanger | 0:b86d15c6ba29 | 6980 | /* data */ |
Vanger | 0:b86d15c6ba29 | 6981 | byte seq[SEQ_SZ]; |
Vanger | 0:b86d15c6ba29 | 6982 | byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */ |
Vanger | 0:b86d15c6ba29 | 6983 | const byte* macSecret = CyaSSL_GetMacSecret(ssl, verify); |
Vanger | 0:b86d15c6ba29 | 6984 | |
Vanger | 0:b86d15c6ba29 | 6985 | #ifdef HAVE_FUZZER |
Vanger | 0:b86d15c6ba29 | 6986 | if (ssl->fuzzerCb) |
Vanger | 0:b86d15c6ba29 | 6987 | ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); |
Vanger | 0:b86d15c6ba29 | 6988 | #endif |
Vanger | 0:b86d15c6ba29 | 6989 | |
Vanger | 0:b86d15c6ba29 | 6990 | XMEMSET(seq, 0, SEQ_SZ); |
Vanger | 0:b86d15c6ba29 | 6991 | conLen[0] = (byte)content; |
Vanger | 0:b86d15c6ba29 | 6992 | c16toa((word16)sz, &conLen[ENUM_LEN]); |
Vanger | 0:b86d15c6ba29 | 6993 | c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]); |
Vanger | 0:b86d15c6ba29 | 6994 | |
Vanger | 0:b86d15c6ba29 | 6995 | if (ssl->specs.mac_algorithm == md5_mac) { |
Vanger | 0:b86d15c6ba29 | 6996 | InitMd5(&md5); |
Vanger | 0:b86d15c6ba29 | 6997 | /* inner */ |
Vanger | 0:b86d15c6ba29 | 6998 | Md5Update(&md5, macSecret, digestSz); |
Vanger | 0:b86d15c6ba29 | 6999 | Md5Update(&md5, PAD1, padSz); |
Vanger | 0:b86d15c6ba29 | 7000 | Md5Update(&md5, seq, SEQ_SZ); |
Vanger | 0:b86d15c6ba29 | 7001 | Md5Update(&md5, conLen, sizeof(conLen)); |
Vanger | 0:b86d15c6ba29 | 7002 | /* in buffer */ |
Vanger | 0:b86d15c6ba29 | 7003 | Md5Update(&md5, in, sz); |
Vanger | 0:b86d15c6ba29 | 7004 | Md5Final(&md5, result); |
Vanger | 0:b86d15c6ba29 | 7005 | /* outer */ |
Vanger | 0:b86d15c6ba29 | 7006 | Md5Update(&md5, macSecret, digestSz); |
Vanger | 0:b86d15c6ba29 | 7007 | Md5Update(&md5, PAD2, padSz); |
Vanger | 0:b86d15c6ba29 | 7008 | Md5Update(&md5, result, digestSz); |
Vanger | 0:b86d15c6ba29 | 7009 | Md5Final(&md5, digest); |
Vanger | 0:b86d15c6ba29 | 7010 | } |
Vanger | 0:b86d15c6ba29 | 7011 | else { |
Vanger | 0:b86d15c6ba29 | 7012 | ret = InitSha(&sha); |
Vanger | 0:b86d15c6ba29 | 7013 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 7014 | return ret; |
Vanger | 0:b86d15c6ba29 | 7015 | /* inner */ |
Vanger | 0:b86d15c6ba29 | 7016 | ShaUpdate(&sha, macSecret, digestSz); |
Vanger | 0:b86d15c6ba29 | 7017 | ShaUpdate(&sha, PAD1, padSz); |
Vanger | 0:b86d15c6ba29 | 7018 | ShaUpdate(&sha, seq, SEQ_SZ); |
Vanger | 0:b86d15c6ba29 | 7019 | ShaUpdate(&sha, conLen, sizeof(conLen)); |
Vanger | 0:b86d15c6ba29 | 7020 | /* in buffer */ |
Vanger | 0:b86d15c6ba29 | 7021 | ShaUpdate(&sha, in, sz); |
Vanger | 0:b86d15c6ba29 | 7022 | ShaFinal(&sha, result); |
Vanger | 0:b86d15c6ba29 | 7023 | /* outer */ |
Vanger | 0:b86d15c6ba29 | 7024 | ShaUpdate(&sha, macSecret, digestSz); |
Vanger | 0:b86d15c6ba29 | 7025 | ShaUpdate(&sha, PAD2, padSz); |
Vanger | 0:b86d15c6ba29 | 7026 | ShaUpdate(&sha, result, digestSz); |
Vanger | 0:b86d15c6ba29 | 7027 | ShaFinal(&sha, digest); |
Vanger | 0:b86d15c6ba29 | 7028 | } |
Vanger | 0:b86d15c6ba29 | 7029 | return 0; |
Vanger | 0:b86d15c6ba29 | 7030 | } |
Vanger | 0:b86d15c6ba29 | 7031 | |
Vanger | 0:b86d15c6ba29 | 7032 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 7033 | static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest) |
Vanger | 0:b86d15c6ba29 | 7034 | { |
Vanger | 0:b86d15c6ba29 | 7035 | byte md5_result[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 7036 | |
Vanger | 0:b86d15c6ba29 | 7037 | /* make md5 inner */ |
Vanger | 0:b86d15c6ba29 | 7038 | Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 7039 | Md5Update(&ssl->hashMd5, PAD1, PAD_MD5); |
Vanger | 0:b86d15c6ba29 | 7040 | Md5Final(&ssl->hashMd5, md5_result); |
Vanger | 0:b86d15c6ba29 | 7041 | |
Vanger | 0:b86d15c6ba29 | 7042 | /* make md5 outer */ |
Vanger | 0:b86d15c6ba29 | 7043 | Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 7044 | Md5Update(&ssl->hashMd5, PAD2, PAD_MD5); |
Vanger | 0:b86d15c6ba29 | 7045 | Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE); |
Vanger | 0:b86d15c6ba29 | 7046 | |
Vanger | 0:b86d15c6ba29 | 7047 | Md5Final(&ssl->hashMd5, digest); |
Vanger | 0:b86d15c6ba29 | 7048 | } |
Vanger | 0:b86d15c6ba29 | 7049 | |
Vanger | 0:b86d15c6ba29 | 7050 | |
Vanger | 0:b86d15c6ba29 | 7051 | static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest) |
Vanger | 0:b86d15c6ba29 | 7052 | { |
Vanger | 0:b86d15c6ba29 | 7053 | byte sha_result[SHA_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 7054 | |
Vanger | 0:b86d15c6ba29 | 7055 | /* make sha inner */ |
Vanger | 0:b86d15c6ba29 | 7056 | ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 7057 | ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA); |
Vanger | 0:b86d15c6ba29 | 7058 | ShaFinal(&ssl->hashSha, sha_result); |
Vanger | 0:b86d15c6ba29 | 7059 | |
Vanger | 0:b86d15c6ba29 | 7060 | /* make sha outer */ |
Vanger | 0:b86d15c6ba29 | 7061 | ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 7062 | ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA); |
Vanger | 0:b86d15c6ba29 | 7063 | ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE); |
Vanger | 0:b86d15c6ba29 | 7064 | |
Vanger | 0:b86d15c6ba29 | 7065 | ShaFinal(&ssl->hashSha, digest); |
Vanger | 0:b86d15c6ba29 | 7066 | } |
Vanger | 0:b86d15c6ba29 | 7067 | #endif /* NO_CERTS */ |
Vanger | 0:b86d15c6ba29 | 7068 | #endif /* NO_OLD_TLS */ |
Vanger | 0:b86d15c6ba29 | 7069 | |
Vanger | 0:b86d15c6ba29 | 7070 | |
Vanger | 0:b86d15c6ba29 | 7071 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 7072 | |
Vanger | 0:b86d15c6ba29 | 7073 | static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) |
Vanger | 0:b86d15c6ba29 | 7074 | { |
Vanger | 0:b86d15c6ba29 | 7075 | /* store current states, building requires get_digest which resets state */ |
Vanger | 0:b86d15c6ba29 | 7076 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 7077 | Md5 md5 = ssl->hashMd5; |
Vanger | 0:b86d15c6ba29 | 7078 | Sha sha = ssl->hashSha; |
Vanger | 0:b86d15c6ba29 | 7079 | #endif |
Vanger | 0:b86d15c6ba29 | 7080 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 7081 | Sha256 sha256 = ssl->hashSha256; |
Vanger | 0:b86d15c6ba29 | 7082 | #endif |
Vanger | 0:b86d15c6ba29 | 7083 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 7084 | Sha384 sha384 = ssl->hashSha384; |
Vanger | 0:b86d15c6ba29 | 7085 | #endif |
Vanger | 0:b86d15c6ba29 | 7086 | |
Vanger | 0:b86d15c6ba29 | 7087 | if (ssl->options.tls) { |
Vanger | 0:b86d15c6ba29 | 7088 | #if ! defined( NO_OLD_TLS ) |
Vanger | 0:b86d15c6ba29 | 7089 | Md5Final(&ssl->hashMd5, hashes->md5); |
Vanger | 0:b86d15c6ba29 | 7090 | ShaFinal(&ssl->hashSha, hashes->sha); |
Vanger | 0:b86d15c6ba29 | 7091 | #endif |
Vanger | 0:b86d15c6ba29 | 7092 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 7093 | int ret; |
Vanger | 0:b86d15c6ba29 | 7094 | |
Vanger | 0:b86d15c6ba29 | 7095 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 7096 | ret = Sha256Final(&ssl->hashSha256, hashes->sha256); |
Vanger | 0:b86d15c6ba29 | 7097 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 7098 | return ret; |
Vanger | 0:b86d15c6ba29 | 7099 | #endif |
Vanger | 0:b86d15c6ba29 | 7100 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 7101 | ret = Sha384Final(&ssl->hashSha384, hashes->sha384); |
Vanger | 0:b86d15c6ba29 | 7102 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 7103 | return ret; |
Vanger | 0:b86d15c6ba29 | 7104 | #endif |
Vanger | 0:b86d15c6ba29 | 7105 | } |
Vanger | 0:b86d15c6ba29 | 7106 | } |
Vanger | 0:b86d15c6ba29 | 7107 | #if ! defined( NO_OLD_TLS ) |
Vanger | 0:b86d15c6ba29 | 7108 | else { |
Vanger | 0:b86d15c6ba29 | 7109 | BuildMD5_CertVerify(ssl, hashes->md5); |
Vanger | 0:b86d15c6ba29 | 7110 | BuildSHA_CertVerify(ssl, hashes->sha); |
Vanger | 0:b86d15c6ba29 | 7111 | } |
Vanger | 0:b86d15c6ba29 | 7112 | |
Vanger | 0:b86d15c6ba29 | 7113 | /* restore */ |
Vanger | 0:b86d15c6ba29 | 7114 | ssl->hashMd5 = md5; |
Vanger | 0:b86d15c6ba29 | 7115 | ssl->hashSha = sha; |
Vanger | 0:b86d15c6ba29 | 7116 | #endif |
Vanger | 0:b86d15c6ba29 | 7117 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 7118 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 7119 | ssl->hashSha256 = sha256; |
Vanger | 0:b86d15c6ba29 | 7120 | #endif |
Vanger | 0:b86d15c6ba29 | 7121 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 7122 | ssl->hashSha384 = sha384; |
Vanger | 0:b86d15c6ba29 | 7123 | #endif |
Vanger | 0:b86d15c6ba29 | 7124 | } |
Vanger | 0:b86d15c6ba29 | 7125 | |
Vanger | 0:b86d15c6ba29 | 7126 | return 0; |
Vanger | 0:b86d15c6ba29 | 7127 | } |
Vanger | 0:b86d15c6ba29 | 7128 | |
Vanger | 0:b86d15c6ba29 | 7129 | #endif /* CYASSL_LEANPSK */ |
Vanger | 0:b86d15c6ba29 | 7130 | |
Vanger | 0:b86d15c6ba29 | 7131 | /* Build SSL Message, encrypted */ |
Vanger | 0:b86d15c6ba29 | 7132 | static int BuildMessage(CYASSL* ssl, byte* output, int outSz, |
Vanger | 0:b86d15c6ba29 | 7133 | const byte* input, int inSz, int type) |
Vanger | 0:b86d15c6ba29 | 7134 | { |
Vanger | 0:b86d15c6ba29 | 7135 | #ifdef HAVE_TRUNCATED_HMAC |
Vanger | 0:b86d15c6ba29 | 7136 | word32 digestSz = min(ssl->specs.hash_size, |
Vanger | 0:b86d15c6ba29 | 7137 | ssl->truncated_hmac ? TRUNCATED_HMAC_SZ : ssl->specs.hash_size); |
Vanger | 0:b86d15c6ba29 | 7138 | #else |
Vanger | 0:b86d15c6ba29 | 7139 | word32 digestSz = ssl->specs.hash_size; |
Vanger | 0:b86d15c6ba29 | 7140 | #endif |
Vanger | 0:b86d15c6ba29 | 7141 | word32 sz = RECORD_HEADER_SZ + inSz + digestSz; |
Vanger | 0:b86d15c6ba29 | 7142 | word32 pad = 0, i; |
Vanger | 0:b86d15c6ba29 | 7143 | word32 idx = RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7144 | word32 ivSz = 0; /* TLSv1.1 IV */ |
Vanger | 0:b86d15c6ba29 | 7145 | word32 headerSz = RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7146 | word16 size; |
Vanger | 0:b86d15c6ba29 | 7147 | byte iv[AES_BLOCK_SIZE]; /* max size */ |
Vanger | 0:b86d15c6ba29 | 7148 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 7149 | int atomicUser = 0; |
Vanger | 0:b86d15c6ba29 | 7150 | |
Vanger | 0:b86d15c6ba29 | 7151 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7152 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7153 | sz += DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7154 | idx += DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7155 | headerSz += DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7156 | } |
Vanger | 0:b86d15c6ba29 | 7157 | #endif |
Vanger | 0:b86d15c6ba29 | 7158 | |
Vanger | 0:b86d15c6ba29 | 7159 | #ifdef ATOMIC_USER |
Vanger | 0:b86d15c6ba29 | 7160 | if (ssl->ctx->MacEncryptCb) |
Vanger | 0:b86d15c6ba29 | 7161 | atomicUser = 1; |
Vanger | 0:b86d15c6ba29 | 7162 | #endif |
Vanger | 0:b86d15c6ba29 | 7163 | |
Vanger | 0:b86d15c6ba29 | 7164 | if (ssl->specs.cipher_type == block) { |
Vanger | 0:b86d15c6ba29 | 7165 | word32 blockSz = ssl->specs.block_size; |
Vanger | 0:b86d15c6ba29 | 7166 | if (ssl->options.tls1_1) { |
Vanger | 0:b86d15c6ba29 | 7167 | ivSz = blockSz; |
Vanger | 0:b86d15c6ba29 | 7168 | sz += ivSz; |
Vanger | 0:b86d15c6ba29 | 7169 | |
Vanger | 0:b86d15c6ba29 | 7170 | if (ivSz > (word32)sizeof(iv)) |
Vanger | 0:b86d15c6ba29 | 7171 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 7172 | |
Vanger | 0:b86d15c6ba29 | 7173 | ret = RNG_GenerateBlock(ssl->rng, iv, ivSz); |
Vanger | 0:b86d15c6ba29 | 7174 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 7175 | return ret; |
Vanger | 0:b86d15c6ba29 | 7176 | |
Vanger | 0:b86d15c6ba29 | 7177 | } |
Vanger | 0:b86d15c6ba29 | 7178 | sz += 1; /* pad byte */ |
Vanger | 0:b86d15c6ba29 | 7179 | pad = (sz - headerSz) % blockSz; |
Vanger | 0:b86d15c6ba29 | 7180 | pad = blockSz - pad; |
Vanger | 0:b86d15c6ba29 | 7181 | sz += pad; |
Vanger | 0:b86d15c6ba29 | 7182 | } |
Vanger | 0:b86d15c6ba29 | 7183 | |
Vanger | 0:b86d15c6ba29 | 7184 | #ifdef HAVE_AEAD |
Vanger | 0:b86d15c6ba29 | 7185 | if (ssl->specs.cipher_type == aead) { |
Vanger | 0:b86d15c6ba29 | 7186 | if (ssl->specs.bulk_cipher_algorithm != cyassl_chacha) |
Vanger | 0:b86d15c6ba29 | 7187 | ivSz = AEAD_EXP_IV_SZ; |
Vanger | 0:b86d15c6ba29 | 7188 | |
Vanger | 0:b86d15c6ba29 | 7189 | sz += (ivSz + ssl->specs.aead_mac_size - digestSz); |
Vanger | 0:b86d15c6ba29 | 7190 | XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); |
Vanger | 0:b86d15c6ba29 | 7191 | } |
Vanger | 0:b86d15c6ba29 | 7192 | #endif |
Vanger | 0:b86d15c6ba29 | 7193 | if (sz > (word32)outSz) { |
Vanger | 0:b86d15c6ba29 | 7194 | CYASSL_MSG("Oops, want to write past output buffer size"); |
Vanger | 0:b86d15c6ba29 | 7195 | return BUFFER_E; |
Vanger | 0:b86d15c6ba29 | 7196 | } |
Vanger | 0:b86d15c6ba29 | 7197 | size = (word16)(sz - headerSz); /* include mac and digest */ |
Vanger | 0:b86d15c6ba29 | 7198 | AddRecordHeader(output, size, (byte)type, ssl); |
Vanger | 0:b86d15c6ba29 | 7199 | |
Vanger | 0:b86d15c6ba29 | 7200 | /* write to output */ |
Vanger | 0:b86d15c6ba29 | 7201 | if (ivSz) { |
Vanger | 0:b86d15c6ba29 | 7202 | XMEMCPY(output + idx, iv, min(ivSz, sizeof(iv))); |
Vanger | 0:b86d15c6ba29 | 7203 | idx += ivSz; |
Vanger | 0:b86d15c6ba29 | 7204 | } |
Vanger | 0:b86d15c6ba29 | 7205 | XMEMCPY(output + idx, input, inSz); |
Vanger | 0:b86d15c6ba29 | 7206 | idx += inSz; |
Vanger | 0:b86d15c6ba29 | 7207 | |
Vanger | 0:b86d15c6ba29 | 7208 | if (type == handshake) { |
Vanger | 0:b86d15c6ba29 | 7209 | ret = HashOutput(ssl, output, headerSz + inSz, ivSz); |
Vanger | 0:b86d15c6ba29 | 7210 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 7211 | return ret; |
Vanger | 0:b86d15c6ba29 | 7212 | } |
Vanger | 0:b86d15c6ba29 | 7213 | |
Vanger | 0:b86d15c6ba29 | 7214 | if (ssl->specs.cipher_type == block) { |
Vanger | 0:b86d15c6ba29 | 7215 | word32 tmpIdx = idx + digestSz; |
Vanger | 0:b86d15c6ba29 | 7216 | |
Vanger | 0:b86d15c6ba29 | 7217 | for (i = 0; i <= pad; i++) |
Vanger | 0:b86d15c6ba29 | 7218 | output[tmpIdx++] = (byte)pad; /* pad byte gets pad value too */ |
Vanger | 0:b86d15c6ba29 | 7219 | } |
Vanger | 0:b86d15c6ba29 | 7220 | |
Vanger | 0:b86d15c6ba29 | 7221 | if (atomicUser) { /* User Record Layer Callback handling */ |
Vanger | 0:b86d15c6ba29 | 7222 | #ifdef ATOMIC_USER |
Vanger | 0:b86d15c6ba29 | 7223 | if ( (ret = ssl->ctx->MacEncryptCb(ssl, output + idx, |
Vanger | 0:b86d15c6ba29 | 7224 | output + headerSz + ivSz, inSz, type, 0, |
Vanger | 0:b86d15c6ba29 | 7225 | output + headerSz, output + headerSz, size, |
Vanger | 0:b86d15c6ba29 | 7226 | ssl->MacEncryptCtx)) != 0) |
Vanger | 0:b86d15c6ba29 | 7227 | return ret; |
Vanger | 0:b86d15c6ba29 | 7228 | #endif |
Vanger | 0:b86d15c6ba29 | 7229 | } |
Vanger | 0:b86d15c6ba29 | 7230 | else { |
Vanger | 0:b86d15c6ba29 | 7231 | if (ssl->specs.cipher_type != aead) { |
Vanger | 0:b86d15c6ba29 | 7232 | #ifdef HAVE_TRUNCATED_HMAC |
Vanger | 0:b86d15c6ba29 | 7233 | if (ssl->truncated_hmac && ssl->specs.hash_size > digestSz) { |
Vanger | 0:b86d15c6ba29 | 7234 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 7235 | byte* hmac = NULL; |
Vanger | 0:b86d15c6ba29 | 7236 | #else |
Vanger | 0:b86d15c6ba29 | 7237 | byte hmac[MAX_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 7238 | #endif |
Vanger | 0:b86d15c6ba29 | 7239 | |
Vanger | 0:b86d15c6ba29 | 7240 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 7241 | hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, NULL, |
Vanger | 0:b86d15c6ba29 | 7242 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 7243 | if (hmac == NULL) |
Vanger | 0:b86d15c6ba29 | 7244 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 7245 | #endif |
Vanger | 0:b86d15c6ba29 | 7246 | |
Vanger | 0:b86d15c6ba29 | 7247 | ret = ssl->hmac(ssl, hmac, output + headerSz + ivSz, inSz, |
Vanger | 0:b86d15c6ba29 | 7248 | type, 0); |
Vanger | 0:b86d15c6ba29 | 7249 | XMEMCPY(output + idx, hmac, digestSz); |
Vanger | 0:b86d15c6ba29 | 7250 | |
Vanger | 0:b86d15c6ba29 | 7251 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 7252 | XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 7253 | #endif |
Vanger | 0:b86d15c6ba29 | 7254 | } else |
Vanger | 0:b86d15c6ba29 | 7255 | #endif |
Vanger | 0:b86d15c6ba29 | 7256 | ret = ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz, |
Vanger | 0:b86d15c6ba29 | 7257 | type, 0); |
Vanger | 0:b86d15c6ba29 | 7258 | } |
Vanger | 0:b86d15c6ba29 | 7259 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 7260 | return ret; |
Vanger | 0:b86d15c6ba29 | 7261 | |
Vanger | 0:b86d15c6ba29 | 7262 | if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0) |
Vanger | 0:b86d15c6ba29 | 7263 | return ret; |
Vanger | 0:b86d15c6ba29 | 7264 | } |
Vanger | 0:b86d15c6ba29 | 7265 | |
Vanger | 0:b86d15c6ba29 | 7266 | return sz; |
Vanger | 0:b86d15c6ba29 | 7267 | } |
Vanger | 0:b86d15c6ba29 | 7268 | |
Vanger | 0:b86d15c6ba29 | 7269 | |
Vanger | 0:b86d15c6ba29 | 7270 | int SendFinished(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 7271 | { |
Vanger | 0:b86d15c6ba29 | 7272 | int sendSz, |
Vanger | 0:b86d15c6ba29 | 7273 | finishedSz = ssl->options.tls ? TLS_FINISHED_SZ : |
Vanger | 0:b86d15c6ba29 | 7274 | FINISHED_SZ; |
Vanger | 0:b86d15c6ba29 | 7275 | byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */ |
Vanger | 0:b86d15c6ba29 | 7276 | byte *output; |
Vanger | 0:b86d15c6ba29 | 7277 | Hashes* hashes; |
Vanger | 0:b86d15c6ba29 | 7278 | int ret; |
Vanger | 0:b86d15c6ba29 | 7279 | int headerSz = HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7280 | int outputSz; |
Vanger | 0:b86d15c6ba29 | 7281 | |
Vanger | 0:b86d15c6ba29 | 7282 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7283 | word32 sequence_number = ssl->keys.dtls_sequence_number; |
Vanger | 0:b86d15c6ba29 | 7284 | word16 epoch = ssl->keys.dtls_epoch; |
Vanger | 0:b86d15c6ba29 | 7285 | #endif |
Vanger | 0:b86d15c6ba29 | 7286 | |
Vanger | 0:b86d15c6ba29 | 7287 | /* setup encrypt keys */ |
Vanger | 0:b86d15c6ba29 | 7288 | if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0) |
Vanger | 0:b86d15c6ba29 | 7289 | return ret; |
Vanger | 0:b86d15c6ba29 | 7290 | |
Vanger | 0:b86d15c6ba29 | 7291 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 7292 | outputSz = sizeof(input) + MAX_MSG_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7293 | if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 7294 | return ret; |
Vanger | 0:b86d15c6ba29 | 7295 | |
Vanger | 0:b86d15c6ba29 | 7296 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7297 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7298 | /* Send Finished message with the next epoch, but don't commit that |
Vanger | 0:b86d15c6ba29 | 7299 | * change until the other end confirms its reception. */ |
Vanger | 0:b86d15c6ba29 | 7300 | headerSz += DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7301 | ssl->keys.dtls_epoch++; |
Vanger | 0:b86d15c6ba29 | 7302 | ssl->keys.dtls_sequence_number = 0; /* reset after epoch change */ |
Vanger | 0:b86d15c6ba29 | 7303 | } |
Vanger | 0:b86d15c6ba29 | 7304 | #endif |
Vanger | 0:b86d15c6ba29 | 7305 | |
Vanger | 0:b86d15c6ba29 | 7306 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 7307 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 7308 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 7309 | |
Vanger | 0:b86d15c6ba29 | 7310 | AddHandShakeHeader(input, finishedSz, finished, ssl); |
Vanger | 0:b86d15c6ba29 | 7311 | |
Vanger | 0:b86d15c6ba29 | 7312 | /* make finished hashes */ |
Vanger | 0:b86d15c6ba29 | 7313 | hashes = (Hashes*)&input[headerSz]; |
Vanger | 0:b86d15c6ba29 | 7314 | ret = BuildFinished(ssl, hashes, |
Vanger | 0:b86d15c6ba29 | 7315 | ssl->options.side == CYASSL_CLIENT_END ? client : server); |
Vanger | 0:b86d15c6ba29 | 7316 | if (ret != 0) return ret; |
Vanger | 0:b86d15c6ba29 | 7317 | |
Vanger | 0:b86d15c6ba29 | 7318 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 7319 | if (ssl->secure_renegotiation) { |
Vanger | 0:b86d15c6ba29 | 7320 | if (ssl->options.side == CYASSL_CLIENT_END) |
Vanger | 0:b86d15c6ba29 | 7321 | XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes, |
Vanger | 0:b86d15c6ba29 | 7322 | TLS_FINISHED_SZ); |
Vanger | 0:b86d15c6ba29 | 7323 | else |
Vanger | 0:b86d15c6ba29 | 7324 | XMEMCPY(ssl->secure_renegotiation->server_verify_data, hashes, |
Vanger | 0:b86d15c6ba29 | 7325 | TLS_FINISHED_SZ); |
Vanger | 0:b86d15c6ba29 | 7326 | } |
Vanger | 0:b86d15c6ba29 | 7327 | #endif |
Vanger | 0:b86d15c6ba29 | 7328 | |
Vanger | 0:b86d15c6ba29 | 7329 | sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, |
Vanger | 0:b86d15c6ba29 | 7330 | handshake); |
Vanger | 0:b86d15c6ba29 | 7331 | if (sendSz < 0) |
Vanger | 0:b86d15c6ba29 | 7332 | return BUILD_MSG_ERROR; |
Vanger | 0:b86d15c6ba29 | 7333 | |
Vanger | 0:b86d15c6ba29 | 7334 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7335 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7336 | ssl->keys.dtls_epoch = epoch; |
Vanger | 0:b86d15c6ba29 | 7337 | ssl->keys.dtls_sequence_number = sequence_number; |
Vanger | 0:b86d15c6ba29 | 7338 | } |
Vanger | 0:b86d15c6ba29 | 7339 | #endif |
Vanger | 0:b86d15c6ba29 | 7340 | |
Vanger | 0:b86d15c6ba29 | 7341 | if (!ssl->options.resuming) { |
Vanger | 0:b86d15c6ba29 | 7342 | #ifndef NO_SESSION_CACHE |
Vanger | 0:b86d15c6ba29 | 7343 | AddSession(ssl); /* just try */ |
Vanger | 0:b86d15c6ba29 | 7344 | #endif |
Vanger | 0:b86d15c6ba29 | 7345 | if (ssl->options.side == CYASSL_CLIENT_END) { |
Vanger | 0:b86d15c6ba29 | 7346 | ret = BuildFinished(ssl, &ssl->verifyHashes, server); |
Vanger | 0:b86d15c6ba29 | 7347 | if (ret != 0) return ret; |
Vanger | 0:b86d15c6ba29 | 7348 | } |
Vanger | 0:b86d15c6ba29 | 7349 | else { |
Vanger | 0:b86d15c6ba29 | 7350 | ssl->options.handShakeState = HANDSHAKE_DONE; |
Vanger | 0:b86d15c6ba29 | 7351 | ssl->options.handShakeDone = 1; |
Vanger | 0:b86d15c6ba29 | 7352 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7353 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7354 | /* Other side will soon receive our Finished, go to next |
Vanger | 0:b86d15c6ba29 | 7355 | * epoch. */ |
Vanger | 0:b86d15c6ba29 | 7356 | ssl->keys.dtls_epoch++; |
Vanger | 0:b86d15c6ba29 | 7357 | ssl->keys.dtls_sequence_number = 1; |
Vanger | 0:b86d15c6ba29 | 7358 | } |
Vanger | 0:b86d15c6ba29 | 7359 | #endif |
Vanger | 0:b86d15c6ba29 | 7360 | } |
Vanger | 0:b86d15c6ba29 | 7361 | } |
Vanger | 0:b86d15c6ba29 | 7362 | else { |
Vanger | 0:b86d15c6ba29 | 7363 | if (ssl->options.side == CYASSL_CLIENT_END) { |
Vanger | 0:b86d15c6ba29 | 7364 | ssl->options.handShakeState = HANDSHAKE_DONE; |
Vanger | 0:b86d15c6ba29 | 7365 | ssl->options.handShakeDone = 1; |
Vanger | 0:b86d15c6ba29 | 7366 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7367 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7368 | /* Other side will soon receive our Finished, go to next |
Vanger | 0:b86d15c6ba29 | 7369 | * epoch. */ |
Vanger | 0:b86d15c6ba29 | 7370 | ssl->keys.dtls_epoch++; |
Vanger | 0:b86d15c6ba29 | 7371 | ssl->keys.dtls_sequence_number = 1; |
Vanger | 0:b86d15c6ba29 | 7372 | } |
Vanger | 0:b86d15c6ba29 | 7373 | #endif |
Vanger | 0:b86d15c6ba29 | 7374 | } |
Vanger | 0:b86d15c6ba29 | 7375 | else { |
Vanger | 0:b86d15c6ba29 | 7376 | ret = BuildFinished(ssl, &ssl->verifyHashes, client); |
Vanger | 0:b86d15c6ba29 | 7377 | if (ret != 0) return ret; |
Vanger | 0:b86d15c6ba29 | 7378 | } |
Vanger | 0:b86d15c6ba29 | 7379 | } |
Vanger | 0:b86d15c6ba29 | 7380 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7381 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7382 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 7383 | return ret; |
Vanger | 0:b86d15c6ba29 | 7384 | } |
Vanger | 0:b86d15c6ba29 | 7385 | #endif |
Vanger | 0:b86d15c6ba29 | 7386 | |
Vanger | 0:b86d15c6ba29 | 7387 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 7388 | if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 7389 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 7390 | AddPacketInfo("Finished", &ssl->timeoutInfo, output, sendSz, |
Vanger | 0:b86d15c6ba29 | 7391 | ssl->heap); |
Vanger | 0:b86d15c6ba29 | 7392 | #endif |
Vanger | 0:b86d15c6ba29 | 7393 | |
Vanger | 0:b86d15c6ba29 | 7394 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 7395 | |
Vanger | 0:b86d15c6ba29 | 7396 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 7397 | } |
Vanger | 0:b86d15c6ba29 | 7398 | |
Vanger | 0:b86d15c6ba29 | 7399 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 7400 | int SendCertificate(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 7401 | { |
Vanger | 0:b86d15c6ba29 | 7402 | int sendSz, length, ret = 0; |
Vanger | 0:b86d15c6ba29 | 7403 | word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7404 | word32 certSz, listSz; |
Vanger | 0:b86d15c6ba29 | 7405 | byte* output = 0; |
Vanger | 0:b86d15c6ba29 | 7406 | |
Vanger | 0:b86d15c6ba29 | 7407 | if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher) |
Vanger | 0:b86d15c6ba29 | 7408 | return 0; /* not needed */ |
Vanger | 0:b86d15c6ba29 | 7409 | |
Vanger | 0:b86d15c6ba29 | 7410 | if (ssl->options.sendVerify == SEND_BLANK_CERT) { |
Vanger | 0:b86d15c6ba29 | 7411 | certSz = 0; |
Vanger | 0:b86d15c6ba29 | 7412 | length = CERT_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7413 | listSz = 0; |
Vanger | 0:b86d15c6ba29 | 7414 | } |
Vanger | 0:b86d15c6ba29 | 7415 | else { |
Vanger | 0:b86d15c6ba29 | 7416 | certSz = ssl->buffers.certificate.length; |
Vanger | 0:b86d15c6ba29 | 7417 | /* list + cert size */ |
Vanger | 0:b86d15c6ba29 | 7418 | length = certSz + 2 * CERT_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7419 | listSz = certSz + CERT_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7420 | |
Vanger | 0:b86d15c6ba29 | 7421 | /* may need to send rest of chain, already has leading size(s) */ |
Vanger | 0:b86d15c6ba29 | 7422 | if (ssl->buffers.certChain.buffer) { |
Vanger | 0:b86d15c6ba29 | 7423 | length += ssl->buffers.certChain.length; |
Vanger | 0:b86d15c6ba29 | 7424 | listSz += ssl->buffers.certChain.length; |
Vanger | 0:b86d15c6ba29 | 7425 | } |
Vanger | 0:b86d15c6ba29 | 7426 | } |
Vanger | 0:b86d15c6ba29 | 7427 | sendSz = length + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7428 | |
Vanger | 0:b86d15c6ba29 | 7429 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7430 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7431 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7432 | i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7433 | } |
Vanger | 0:b86d15c6ba29 | 7434 | #endif |
Vanger | 0:b86d15c6ba29 | 7435 | |
Vanger | 0:b86d15c6ba29 | 7436 | if (ssl->keys.encryptionOn) |
Vanger | 0:b86d15c6ba29 | 7437 | sendSz += MAX_MSG_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7438 | |
Vanger | 0:b86d15c6ba29 | 7439 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 7440 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 7441 | return ret; |
Vanger | 0:b86d15c6ba29 | 7442 | |
Vanger | 0:b86d15c6ba29 | 7443 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 7444 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 7445 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 7446 | |
Vanger | 0:b86d15c6ba29 | 7447 | AddHeaders(output, length, certificate, ssl); |
Vanger | 0:b86d15c6ba29 | 7448 | |
Vanger | 0:b86d15c6ba29 | 7449 | /* list total */ |
Vanger | 0:b86d15c6ba29 | 7450 | c32to24(listSz, output + i); |
Vanger | 0:b86d15c6ba29 | 7451 | i += CERT_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7452 | |
Vanger | 0:b86d15c6ba29 | 7453 | /* member */ |
Vanger | 0:b86d15c6ba29 | 7454 | if (certSz) { |
Vanger | 0:b86d15c6ba29 | 7455 | c32to24(certSz, output + i); |
Vanger | 0:b86d15c6ba29 | 7456 | i += CERT_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7457 | XMEMCPY(output + i, ssl->buffers.certificate.buffer, certSz); |
Vanger | 0:b86d15c6ba29 | 7458 | i += certSz; |
Vanger | 0:b86d15c6ba29 | 7459 | |
Vanger | 0:b86d15c6ba29 | 7460 | /* send rest of chain? */ |
Vanger | 0:b86d15c6ba29 | 7461 | if (ssl->buffers.certChain.buffer) { |
Vanger | 0:b86d15c6ba29 | 7462 | XMEMCPY(output + i, ssl->buffers.certChain.buffer, |
Vanger | 0:b86d15c6ba29 | 7463 | ssl->buffers.certChain.length); |
Vanger | 0:b86d15c6ba29 | 7464 | i += ssl->buffers.certChain.length; |
Vanger | 0:b86d15c6ba29 | 7465 | } |
Vanger | 0:b86d15c6ba29 | 7466 | } |
Vanger | 0:b86d15c6ba29 | 7467 | |
Vanger | 0:b86d15c6ba29 | 7468 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 7469 | byte* input; |
Vanger | 0:b86d15c6ba29 | 7470 | int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */ |
Vanger | 0:b86d15c6ba29 | 7471 | |
Vanger | 0:b86d15c6ba29 | 7472 | input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 7473 | if (input == NULL) |
Vanger | 0:b86d15c6ba29 | 7474 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 7475 | |
Vanger | 0:b86d15c6ba29 | 7476 | XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); |
Vanger | 0:b86d15c6ba29 | 7477 | sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); |
Vanger | 0:b86d15c6ba29 | 7478 | XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 7479 | |
Vanger | 0:b86d15c6ba29 | 7480 | if (sendSz < 0) |
Vanger | 0:b86d15c6ba29 | 7481 | return sendSz; |
Vanger | 0:b86d15c6ba29 | 7482 | } else { |
Vanger | 0:b86d15c6ba29 | 7483 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 7484 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 7485 | return ret; |
Vanger | 0:b86d15c6ba29 | 7486 | } |
Vanger | 0:b86d15c6ba29 | 7487 | |
Vanger | 0:b86d15c6ba29 | 7488 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7489 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7490 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 7491 | return ret; |
Vanger | 0:b86d15c6ba29 | 7492 | } |
Vanger | 0:b86d15c6ba29 | 7493 | #endif |
Vanger | 0:b86d15c6ba29 | 7494 | |
Vanger | 0:b86d15c6ba29 | 7495 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 7496 | if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 7497 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 7498 | AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz, |
Vanger | 0:b86d15c6ba29 | 7499 | ssl->heap); |
Vanger | 0:b86d15c6ba29 | 7500 | #endif |
Vanger | 0:b86d15c6ba29 | 7501 | |
Vanger | 0:b86d15c6ba29 | 7502 | if (ssl->options.side == CYASSL_SERVER_END) |
Vanger | 0:b86d15c6ba29 | 7503 | ssl->options.serverState = SERVER_CERT_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 7504 | |
Vanger | 0:b86d15c6ba29 | 7505 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 7506 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 7507 | return 0; |
Vanger | 0:b86d15c6ba29 | 7508 | else |
Vanger | 0:b86d15c6ba29 | 7509 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 7510 | } |
Vanger | 0:b86d15c6ba29 | 7511 | |
Vanger | 0:b86d15c6ba29 | 7512 | |
Vanger | 0:b86d15c6ba29 | 7513 | int SendCertificateRequest(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 7514 | { |
Vanger | 0:b86d15c6ba29 | 7515 | byte *output; |
Vanger | 0:b86d15c6ba29 | 7516 | int ret; |
Vanger | 0:b86d15c6ba29 | 7517 | int sendSz; |
Vanger | 0:b86d15c6ba29 | 7518 | word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7519 | |
Vanger | 0:b86d15c6ba29 | 7520 | int typeTotal = 1; /* only 1 for now */ |
Vanger | 0:b86d15c6ba29 | 7521 | int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */ |
Vanger | 0:b86d15c6ba29 | 7522 | |
Vanger | 0:b86d15c6ba29 | 7523 | if (IsAtLeastTLSv1_2(ssl)) |
Vanger | 0:b86d15c6ba29 | 7524 | reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz; |
Vanger | 0:b86d15c6ba29 | 7525 | |
Vanger | 0:b86d15c6ba29 | 7526 | if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher) |
Vanger | 0:b86d15c6ba29 | 7527 | return 0; /* not needed */ |
Vanger | 0:b86d15c6ba29 | 7528 | |
Vanger | 0:b86d15c6ba29 | 7529 | sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz; |
Vanger | 0:b86d15c6ba29 | 7530 | |
Vanger | 0:b86d15c6ba29 | 7531 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7532 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7533 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7534 | i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7535 | } |
Vanger | 0:b86d15c6ba29 | 7536 | #endif |
Vanger | 0:b86d15c6ba29 | 7537 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 7538 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 7539 | return ret; |
Vanger | 0:b86d15c6ba29 | 7540 | |
Vanger | 0:b86d15c6ba29 | 7541 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 7542 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 7543 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 7544 | |
Vanger | 0:b86d15c6ba29 | 7545 | AddHeaders(output, reqSz, certificate_request, ssl); |
Vanger | 0:b86d15c6ba29 | 7546 | |
Vanger | 0:b86d15c6ba29 | 7547 | /* write to output */ |
Vanger | 0:b86d15c6ba29 | 7548 | output[i++] = (byte)typeTotal; /* # of types */ |
Vanger | 0:b86d15c6ba29 | 7549 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 7550 | if (ssl->options.cipherSuite0 == ECC_BYTE && |
Vanger | 0:b86d15c6ba29 | 7551 | ssl->specs.sig_algo == ecc_dsa_sa_algo) { |
Vanger | 0:b86d15c6ba29 | 7552 | output[i++] = ecdsa_sign; |
Vanger | 0:b86d15c6ba29 | 7553 | } else |
Vanger | 0:b86d15c6ba29 | 7554 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 7555 | { |
Vanger | 0:b86d15c6ba29 | 7556 | output[i++] = rsa_sign; |
Vanger | 0:b86d15c6ba29 | 7557 | } |
Vanger | 0:b86d15c6ba29 | 7558 | |
Vanger | 0:b86d15c6ba29 | 7559 | /* supported hash/sig */ |
Vanger | 0:b86d15c6ba29 | 7560 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 7561 | c16toa(ssl->suites->hashSigAlgoSz, &output[i]); |
Vanger | 0:b86d15c6ba29 | 7562 | i += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 7563 | |
Vanger | 0:b86d15c6ba29 | 7564 | XMEMCPY(&output[i], |
Vanger | 0:b86d15c6ba29 | 7565 | ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz); |
Vanger | 0:b86d15c6ba29 | 7566 | i += ssl->suites->hashSigAlgoSz; |
Vanger | 0:b86d15c6ba29 | 7567 | } |
Vanger | 0:b86d15c6ba29 | 7568 | |
Vanger | 0:b86d15c6ba29 | 7569 | c16toa(0, &output[i]); /* auth's */ |
Vanger | 0:b86d15c6ba29 | 7570 | /* if add more to output, adjust i |
Vanger | 0:b86d15c6ba29 | 7571 | i += REQ_HEADER_SZ; */ |
Vanger | 0:b86d15c6ba29 | 7572 | |
Vanger | 0:b86d15c6ba29 | 7573 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7574 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7575 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 7576 | return ret; |
Vanger | 0:b86d15c6ba29 | 7577 | } |
Vanger | 0:b86d15c6ba29 | 7578 | #endif |
Vanger | 0:b86d15c6ba29 | 7579 | |
Vanger | 0:b86d15c6ba29 | 7580 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 7581 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 7582 | return ret; |
Vanger | 0:b86d15c6ba29 | 7583 | |
Vanger | 0:b86d15c6ba29 | 7584 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 7585 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 7586 | AddPacketName("CertificateRequest", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 7587 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 7588 | AddPacketInfo("CertificateRequest", &ssl->timeoutInfo, output, |
Vanger | 0:b86d15c6ba29 | 7589 | sendSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 7590 | #endif |
Vanger | 0:b86d15c6ba29 | 7591 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 7592 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 7593 | return 0; |
Vanger | 0:b86d15c6ba29 | 7594 | else |
Vanger | 0:b86d15c6ba29 | 7595 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 7596 | } |
Vanger | 0:b86d15c6ba29 | 7597 | #endif /* !NO_CERTS */ |
Vanger | 0:b86d15c6ba29 | 7598 | |
Vanger | 0:b86d15c6ba29 | 7599 | |
Vanger | 0:b86d15c6ba29 | 7600 | int SendData(CYASSL* ssl, const void* data, int sz) |
Vanger | 0:b86d15c6ba29 | 7601 | { |
Vanger | 0:b86d15c6ba29 | 7602 | int sent = 0, /* plainText size */ |
Vanger | 0:b86d15c6ba29 | 7603 | sendSz, |
Vanger | 0:b86d15c6ba29 | 7604 | ret, |
Vanger | 0:b86d15c6ba29 | 7605 | dtlsExtra = 0; |
Vanger | 0:b86d15c6ba29 | 7606 | |
Vanger | 0:b86d15c6ba29 | 7607 | if (ssl->error == WANT_WRITE) |
Vanger | 0:b86d15c6ba29 | 7608 | ssl->error = 0; |
Vanger | 0:b86d15c6ba29 | 7609 | |
Vanger | 0:b86d15c6ba29 | 7610 | if (ssl->options.handShakeState != HANDSHAKE_DONE) { |
Vanger | 0:b86d15c6ba29 | 7611 | int err; |
Vanger | 0:b86d15c6ba29 | 7612 | CYASSL_MSG("handshake not complete, trying to finish"); |
Vanger | 0:b86d15c6ba29 | 7613 | if ( (err = CyaSSL_negotiate(ssl)) != SSL_SUCCESS) |
Vanger | 0:b86d15c6ba29 | 7614 | return err; |
Vanger | 0:b86d15c6ba29 | 7615 | } |
Vanger | 0:b86d15c6ba29 | 7616 | |
Vanger | 0:b86d15c6ba29 | 7617 | /* last time system socket output buffer was full, try again to send */ |
Vanger | 0:b86d15c6ba29 | 7618 | if (ssl->buffers.outputBuffer.length > 0) { |
Vanger | 0:b86d15c6ba29 | 7619 | CYASSL_MSG("output buffer was full, trying to send again"); |
Vanger | 0:b86d15c6ba29 | 7620 | if ( (ssl->error = SendBuffered(ssl)) < 0) { |
Vanger | 0:b86d15c6ba29 | 7621 | CYASSL_ERROR(ssl->error); |
Vanger | 0:b86d15c6ba29 | 7622 | if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset) |
Vanger | 0:b86d15c6ba29 | 7623 | return 0; /* peer reset */ |
Vanger | 0:b86d15c6ba29 | 7624 | return ssl->error; |
Vanger | 0:b86d15c6ba29 | 7625 | } |
Vanger | 0:b86d15c6ba29 | 7626 | else { |
Vanger | 0:b86d15c6ba29 | 7627 | /* advance sent to previous sent + plain size just sent */ |
Vanger | 0:b86d15c6ba29 | 7628 | sent = ssl->buffers.prevSent + ssl->buffers.plainSz; |
Vanger | 0:b86d15c6ba29 | 7629 | CYASSL_MSG("sent write buffered data"); |
Vanger | 0:b86d15c6ba29 | 7630 | |
Vanger | 0:b86d15c6ba29 | 7631 | if (sent > sz) { |
Vanger | 0:b86d15c6ba29 | 7632 | CYASSL_MSG("error: write() after WANT_WRITE with short size"); |
Vanger | 0:b86d15c6ba29 | 7633 | return ssl->error = BAD_FUNC_ARG; |
Vanger | 0:b86d15c6ba29 | 7634 | } |
Vanger | 0:b86d15c6ba29 | 7635 | } |
Vanger | 0:b86d15c6ba29 | 7636 | } |
Vanger | 0:b86d15c6ba29 | 7637 | |
Vanger | 0:b86d15c6ba29 | 7638 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7639 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7640 | dtlsExtra = DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7641 | } |
Vanger | 0:b86d15c6ba29 | 7642 | #endif |
Vanger | 0:b86d15c6ba29 | 7643 | |
Vanger | 0:b86d15c6ba29 | 7644 | for (;;) { |
Vanger | 0:b86d15c6ba29 | 7645 | #ifdef HAVE_MAX_FRAGMENT |
Vanger | 0:b86d15c6ba29 | 7646 | int len = min(sz - sent, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)); |
Vanger | 0:b86d15c6ba29 | 7647 | #else |
Vanger | 0:b86d15c6ba29 | 7648 | int len = min(sz - sent, OUTPUT_RECORD_SIZE); |
Vanger | 0:b86d15c6ba29 | 7649 | #endif |
Vanger | 0:b86d15c6ba29 | 7650 | byte* out; |
Vanger | 0:b86d15c6ba29 | 7651 | byte* sendBuffer = (byte*)data + sent; /* may switch on comp */ |
Vanger | 0:b86d15c6ba29 | 7652 | int buffSz = len; /* may switch on comp */ |
Vanger | 0:b86d15c6ba29 | 7653 | int outputSz; |
Vanger | 0:b86d15c6ba29 | 7654 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 7655 | byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; |
Vanger | 0:b86d15c6ba29 | 7656 | #endif |
Vanger | 0:b86d15c6ba29 | 7657 | |
Vanger | 0:b86d15c6ba29 | 7658 | if (sent == sz) break; |
Vanger | 0:b86d15c6ba29 | 7659 | |
Vanger | 0:b86d15c6ba29 | 7660 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7661 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 7662 | len = min(len, MAX_UDP_SIZE); |
Vanger | 0:b86d15c6ba29 | 7663 | buffSz = len; |
Vanger | 0:b86d15c6ba29 | 7664 | } |
Vanger | 0:b86d15c6ba29 | 7665 | #endif |
Vanger | 0:b86d15c6ba29 | 7666 | |
Vanger | 0:b86d15c6ba29 | 7667 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 7668 | outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7669 | if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 7670 | return ssl->error = ret; |
Vanger | 0:b86d15c6ba29 | 7671 | |
Vanger | 0:b86d15c6ba29 | 7672 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 7673 | out = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 7674 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 7675 | |
Vanger | 0:b86d15c6ba29 | 7676 | #ifdef HAVE_LIBZ |
Vanger | 0:b86d15c6ba29 | 7677 | if (ssl->options.usingCompression) { |
Vanger | 0:b86d15c6ba29 | 7678 | buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp)); |
Vanger | 0:b86d15c6ba29 | 7679 | if (buffSz < 0) { |
Vanger | 0:b86d15c6ba29 | 7680 | return buffSz; |
Vanger | 0:b86d15c6ba29 | 7681 | } |
Vanger | 0:b86d15c6ba29 | 7682 | sendBuffer = comp; |
Vanger | 0:b86d15c6ba29 | 7683 | } |
Vanger | 0:b86d15c6ba29 | 7684 | #endif |
Vanger | 0:b86d15c6ba29 | 7685 | sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz, |
Vanger | 0:b86d15c6ba29 | 7686 | application_data); |
Vanger | 0:b86d15c6ba29 | 7687 | if (sendSz < 0) |
Vanger | 0:b86d15c6ba29 | 7688 | return BUILD_MSG_ERROR; |
Vanger | 0:b86d15c6ba29 | 7689 | |
Vanger | 0:b86d15c6ba29 | 7690 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 7691 | |
Vanger | 0:b86d15c6ba29 | 7692 | if ( (ret = SendBuffered(ssl)) < 0) { |
Vanger | 0:b86d15c6ba29 | 7693 | CYASSL_ERROR(ret); |
Vanger | 0:b86d15c6ba29 | 7694 | /* store for next call if WANT_WRITE or user embedSend() that |
Vanger | 0:b86d15c6ba29 | 7695 | doesn't present like WANT_WRITE */ |
Vanger | 0:b86d15c6ba29 | 7696 | ssl->buffers.plainSz = len; |
Vanger | 0:b86d15c6ba29 | 7697 | ssl->buffers.prevSent = sent; |
Vanger | 0:b86d15c6ba29 | 7698 | if (ret == SOCKET_ERROR_E && ssl->options.connReset) |
Vanger | 0:b86d15c6ba29 | 7699 | return 0; /* peer reset */ |
Vanger | 0:b86d15c6ba29 | 7700 | return ssl->error = ret; |
Vanger | 0:b86d15c6ba29 | 7701 | } |
Vanger | 0:b86d15c6ba29 | 7702 | |
Vanger | 0:b86d15c6ba29 | 7703 | sent += len; |
Vanger | 0:b86d15c6ba29 | 7704 | |
Vanger | 0:b86d15c6ba29 | 7705 | /* only one message per attempt */ |
Vanger | 0:b86d15c6ba29 | 7706 | if (ssl->options.partialWrite == 1) { |
Vanger | 0:b86d15c6ba29 | 7707 | CYASSL_MSG("Paritial Write on, only sending one record"); |
Vanger | 0:b86d15c6ba29 | 7708 | break; |
Vanger | 0:b86d15c6ba29 | 7709 | } |
Vanger | 0:b86d15c6ba29 | 7710 | } |
Vanger | 0:b86d15c6ba29 | 7711 | |
Vanger | 0:b86d15c6ba29 | 7712 | return sent; |
Vanger | 0:b86d15c6ba29 | 7713 | } |
Vanger | 0:b86d15c6ba29 | 7714 | |
Vanger | 0:b86d15c6ba29 | 7715 | /* process input data */ |
Vanger | 0:b86d15c6ba29 | 7716 | int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek) |
Vanger | 0:b86d15c6ba29 | 7717 | { |
Vanger | 0:b86d15c6ba29 | 7718 | int size; |
Vanger | 0:b86d15c6ba29 | 7719 | |
Vanger | 0:b86d15c6ba29 | 7720 | CYASSL_ENTER("ReceiveData()"); |
Vanger | 0:b86d15c6ba29 | 7721 | |
Vanger | 0:b86d15c6ba29 | 7722 | if (ssl->error == WANT_READ) |
Vanger | 0:b86d15c6ba29 | 7723 | ssl->error = 0; |
Vanger | 0:b86d15c6ba29 | 7724 | |
Vanger | 0:b86d15c6ba29 | 7725 | if (ssl->error != 0 && ssl->error != WANT_WRITE) { |
Vanger | 0:b86d15c6ba29 | 7726 | CYASSL_MSG("User calling CyaSSL_read in error state, not allowed"); |
Vanger | 0:b86d15c6ba29 | 7727 | return ssl->error; |
Vanger | 0:b86d15c6ba29 | 7728 | } |
Vanger | 0:b86d15c6ba29 | 7729 | |
Vanger | 0:b86d15c6ba29 | 7730 | if (ssl->options.handShakeState != HANDSHAKE_DONE) { |
Vanger | 0:b86d15c6ba29 | 7731 | int err; |
Vanger | 0:b86d15c6ba29 | 7732 | CYASSL_MSG("Handshake not complete, trying to finish"); |
Vanger | 0:b86d15c6ba29 | 7733 | if ( (err = CyaSSL_negotiate(ssl)) != SSL_SUCCESS) |
Vanger | 0:b86d15c6ba29 | 7734 | return err; |
Vanger | 0:b86d15c6ba29 | 7735 | } |
Vanger | 0:b86d15c6ba29 | 7736 | |
Vanger | 0:b86d15c6ba29 | 7737 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 7738 | startScr: |
Vanger | 0:b86d15c6ba29 | 7739 | if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { |
Vanger | 0:b86d15c6ba29 | 7740 | int err; |
Vanger | 0:b86d15c6ba29 | 7741 | ssl->secure_renegotiation->startScr = 0; /* only start once */ |
Vanger | 0:b86d15c6ba29 | 7742 | CYASSL_MSG("Need to start scr, server requested"); |
Vanger | 0:b86d15c6ba29 | 7743 | if ( (err = CyaSSL_Rehandshake(ssl)) != SSL_SUCCESS) |
Vanger | 0:b86d15c6ba29 | 7744 | return err; |
Vanger | 0:b86d15c6ba29 | 7745 | } |
Vanger | 0:b86d15c6ba29 | 7746 | #endif |
Vanger | 0:b86d15c6ba29 | 7747 | |
Vanger | 0:b86d15c6ba29 | 7748 | while (ssl->buffers.clearOutputBuffer.length == 0) { |
Vanger | 0:b86d15c6ba29 | 7749 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
Vanger | 0:b86d15c6ba29 | 7750 | CYASSL_ERROR(ssl->error); |
Vanger | 0:b86d15c6ba29 | 7751 | if (ssl->error == ZERO_RETURN) { |
Vanger | 0:b86d15c6ba29 | 7752 | CYASSL_MSG("Zero return, no more data coming"); |
Vanger | 0:b86d15c6ba29 | 7753 | return 0; /* no more data coming */ |
Vanger | 0:b86d15c6ba29 | 7754 | } |
Vanger | 0:b86d15c6ba29 | 7755 | if (ssl->error == SOCKET_ERROR_E) { |
Vanger | 0:b86d15c6ba29 | 7756 | if (ssl->options.connReset || ssl->options.isClosed) { |
Vanger | 0:b86d15c6ba29 | 7757 | CYASSL_MSG("Peer reset or closed, connection done"); |
Vanger | 0:b86d15c6ba29 | 7758 | return 0; /* peer reset or closed */ |
Vanger | 0:b86d15c6ba29 | 7759 | } |
Vanger | 0:b86d15c6ba29 | 7760 | } |
Vanger | 0:b86d15c6ba29 | 7761 | return ssl->error; |
Vanger | 0:b86d15c6ba29 | 7762 | } |
Vanger | 0:b86d15c6ba29 | 7763 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 7764 | if (ssl->secure_renegotiation && |
Vanger | 0:b86d15c6ba29 | 7765 | ssl->secure_renegotiation->startScr) { |
Vanger | 0:b86d15c6ba29 | 7766 | goto startScr; |
Vanger | 0:b86d15c6ba29 | 7767 | } |
Vanger | 0:b86d15c6ba29 | 7768 | #endif |
Vanger | 0:b86d15c6ba29 | 7769 | } |
Vanger | 0:b86d15c6ba29 | 7770 | |
Vanger | 0:b86d15c6ba29 | 7771 | if (sz < (int)ssl->buffers.clearOutputBuffer.length) |
Vanger | 0:b86d15c6ba29 | 7772 | size = sz; |
Vanger | 0:b86d15c6ba29 | 7773 | else |
Vanger | 0:b86d15c6ba29 | 7774 | size = ssl->buffers.clearOutputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 7775 | |
Vanger | 0:b86d15c6ba29 | 7776 | XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size); |
Vanger | 0:b86d15c6ba29 | 7777 | |
Vanger | 0:b86d15c6ba29 | 7778 | if (peek == 0) { |
Vanger | 0:b86d15c6ba29 | 7779 | ssl->buffers.clearOutputBuffer.length -= size; |
Vanger | 0:b86d15c6ba29 | 7780 | ssl->buffers.clearOutputBuffer.buffer += size; |
Vanger | 0:b86d15c6ba29 | 7781 | } |
Vanger | 0:b86d15c6ba29 | 7782 | |
Vanger | 0:b86d15c6ba29 | 7783 | if (ssl->buffers.clearOutputBuffer.length == 0 && |
Vanger | 0:b86d15c6ba29 | 7784 | ssl->buffers.inputBuffer.dynamicFlag) |
Vanger | 0:b86d15c6ba29 | 7785 | ShrinkInputBuffer(ssl, NO_FORCED_FREE); |
Vanger | 0:b86d15c6ba29 | 7786 | |
Vanger | 0:b86d15c6ba29 | 7787 | CYASSL_LEAVE("ReceiveData()", size); |
Vanger | 0:b86d15c6ba29 | 7788 | return size; |
Vanger | 0:b86d15c6ba29 | 7789 | } |
Vanger | 0:b86d15c6ba29 | 7790 | |
Vanger | 0:b86d15c6ba29 | 7791 | |
Vanger | 0:b86d15c6ba29 | 7792 | /* send alert message */ |
Vanger | 0:b86d15c6ba29 | 7793 | int SendAlert(CYASSL* ssl, int severity, int type) |
Vanger | 0:b86d15c6ba29 | 7794 | { |
Vanger | 0:b86d15c6ba29 | 7795 | byte input[ALERT_SIZE]; |
Vanger | 0:b86d15c6ba29 | 7796 | byte *output; |
Vanger | 0:b86d15c6ba29 | 7797 | int sendSz; |
Vanger | 0:b86d15c6ba29 | 7798 | int ret; |
Vanger | 0:b86d15c6ba29 | 7799 | int outputSz; |
Vanger | 0:b86d15c6ba29 | 7800 | int dtlsExtra = 0; |
Vanger | 0:b86d15c6ba29 | 7801 | |
Vanger | 0:b86d15c6ba29 | 7802 | /* if sendalert is called again for nonbloking */ |
Vanger | 0:b86d15c6ba29 | 7803 | if (ssl->options.sendAlertState != 0) { |
Vanger | 0:b86d15c6ba29 | 7804 | ret = SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 7805 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 7806 | ssl->options.sendAlertState = 0; |
Vanger | 0:b86d15c6ba29 | 7807 | return ret; |
Vanger | 0:b86d15c6ba29 | 7808 | } |
Vanger | 0:b86d15c6ba29 | 7809 | |
Vanger | 0:b86d15c6ba29 | 7810 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7811 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 7812 | dtlsExtra = DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7813 | #endif |
Vanger | 0:b86d15c6ba29 | 7814 | |
Vanger | 0:b86d15c6ba29 | 7815 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 7816 | outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra; |
Vanger | 0:b86d15c6ba29 | 7817 | if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 7818 | return ret; |
Vanger | 0:b86d15c6ba29 | 7819 | |
Vanger | 0:b86d15c6ba29 | 7820 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 7821 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 7822 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 7823 | |
Vanger | 0:b86d15c6ba29 | 7824 | input[0] = (byte)severity; |
Vanger | 0:b86d15c6ba29 | 7825 | input[1] = (byte)type; |
Vanger | 0:b86d15c6ba29 | 7826 | ssl->alert_history.last_tx.code = type; |
Vanger | 0:b86d15c6ba29 | 7827 | ssl->alert_history.last_tx.level = severity; |
Vanger | 0:b86d15c6ba29 | 7828 | if (severity == alert_fatal) { |
Vanger | 0:b86d15c6ba29 | 7829 | ssl->options.isClosed = 1; /* Don't send close_notify */ |
Vanger | 0:b86d15c6ba29 | 7830 | } |
Vanger | 0:b86d15c6ba29 | 7831 | |
Vanger | 0:b86d15c6ba29 | 7832 | /* only send encrypted alert if handshake actually complete, otherwise |
Vanger | 0:b86d15c6ba29 | 7833 | other side may not be able to handle it */ |
Vanger | 0:b86d15c6ba29 | 7834 | if (ssl->keys.encryptionOn && ssl->options.handShakeDone) |
Vanger | 0:b86d15c6ba29 | 7835 | sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE, alert); |
Vanger | 0:b86d15c6ba29 | 7836 | else { |
Vanger | 0:b86d15c6ba29 | 7837 | |
Vanger | 0:b86d15c6ba29 | 7838 | AddRecordHeader(output, ALERT_SIZE, alert, ssl); |
Vanger | 0:b86d15c6ba29 | 7839 | output += RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 7840 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7841 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 7842 | output += DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7843 | #endif |
Vanger | 0:b86d15c6ba29 | 7844 | XMEMCPY(output, input, ALERT_SIZE); |
Vanger | 0:b86d15c6ba29 | 7845 | |
Vanger | 0:b86d15c6ba29 | 7846 | sendSz = RECORD_HEADER_SZ + ALERT_SIZE; |
Vanger | 0:b86d15c6ba29 | 7847 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 7848 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 7849 | sendSz += DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 7850 | #endif |
Vanger | 0:b86d15c6ba29 | 7851 | } |
Vanger | 0:b86d15c6ba29 | 7852 | if (sendSz < 0) |
Vanger | 0:b86d15c6ba29 | 7853 | return BUILD_MSG_ERROR; |
Vanger | 0:b86d15c6ba29 | 7854 | |
Vanger | 0:b86d15c6ba29 | 7855 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 7856 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 7857 | AddPacketName("Alert", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 7858 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 7859 | AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap); |
Vanger | 0:b86d15c6ba29 | 7860 | #endif |
Vanger | 0:b86d15c6ba29 | 7861 | |
Vanger | 0:b86d15c6ba29 | 7862 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 7863 | ssl->options.sendAlertState = 1; |
Vanger | 0:b86d15c6ba29 | 7864 | |
Vanger | 0:b86d15c6ba29 | 7865 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 7866 | } |
Vanger | 0:b86d15c6ba29 | 7867 | |
Vanger | 0:b86d15c6ba29 | 7868 | const char* CyaSSL_ERR_reason_error_string(unsigned long e) |
Vanger | 0:b86d15c6ba29 | 7869 | { |
Vanger | 0:b86d15c6ba29 | 7870 | #ifdef NO_ERROR_STRINGS |
Vanger | 0:b86d15c6ba29 | 7871 | |
Vanger | 0:b86d15c6ba29 | 7872 | (void)e; |
Vanger | 0:b86d15c6ba29 | 7873 | return "no support for error strings built in"; |
Vanger | 0:b86d15c6ba29 | 7874 | |
Vanger | 0:b86d15c6ba29 | 7875 | #else |
Vanger | 0:b86d15c6ba29 | 7876 | |
Vanger | 0:b86d15c6ba29 | 7877 | int error = (int)e; |
Vanger | 0:b86d15c6ba29 | 7878 | |
Vanger | 0:b86d15c6ba29 | 7879 | /* pass to CTaoCrypt */ |
Vanger | 0:b86d15c6ba29 | 7880 | if (error < MAX_CODE_E && error > MIN_CODE_E) { |
Vanger | 0:b86d15c6ba29 | 7881 | return CTaoCryptGetErrorString(error); |
Vanger | 0:b86d15c6ba29 | 7882 | } |
Vanger | 0:b86d15c6ba29 | 7883 | |
Vanger | 0:b86d15c6ba29 | 7884 | switch (error) { |
Vanger | 0:b86d15c6ba29 | 7885 | |
Vanger | 0:b86d15c6ba29 | 7886 | case UNSUPPORTED_SUITE : |
Vanger | 0:b86d15c6ba29 | 7887 | return "unsupported cipher suite"; |
Vanger | 0:b86d15c6ba29 | 7888 | |
Vanger | 0:b86d15c6ba29 | 7889 | case INPUT_CASE_ERROR : |
Vanger | 0:b86d15c6ba29 | 7890 | return "input state error"; |
Vanger | 0:b86d15c6ba29 | 7891 | |
Vanger | 0:b86d15c6ba29 | 7892 | case PREFIX_ERROR : |
Vanger | 0:b86d15c6ba29 | 7893 | return "bad index to key rounds"; |
Vanger | 0:b86d15c6ba29 | 7894 | |
Vanger | 0:b86d15c6ba29 | 7895 | case MEMORY_ERROR : |
Vanger | 0:b86d15c6ba29 | 7896 | return "out of memory"; |
Vanger | 0:b86d15c6ba29 | 7897 | |
Vanger | 0:b86d15c6ba29 | 7898 | case VERIFY_FINISHED_ERROR : |
Vanger | 0:b86d15c6ba29 | 7899 | return "verify problem on finished"; |
Vanger | 0:b86d15c6ba29 | 7900 | |
Vanger | 0:b86d15c6ba29 | 7901 | case VERIFY_MAC_ERROR : |
Vanger | 0:b86d15c6ba29 | 7902 | return "verify mac problem"; |
Vanger | 0:b86d15c6ba29 | 7903 | |
Vanger | 0:b86d15c6ba29 | 7904 | case PARSE_ERROR : |
Vanger | 0:b86d15c6ba29 | 7905 | return "parse error on header"; |
Vanger | 0:b86d15c6ba29 | 7906 | |
Vanger | 0:b86d15c6ba29 | 7907 | case SIDE_ERROR : |
Vanger | 0:b86d15c6ba29 | 7908 | return "wrong client/server type"; |
Vanger | 0:b86d15c6ba29 | 7909 | |
Vanger | 0:b86d15c6ba29 | 7910 | case NO_PEER_CERT : |
Vanger | 0:b86d15c6ba29 | 7911 | return "peer didn't send cert"; |
Vanger | 0:b86d15c6ba29 | 7912 | |
Vanger | 0:b86d15c6ba29 | 7913 | case UNKNOWN_HANDSHAKE_TYPE : |
Vanger | 0:b86d15c6ba29 | 7914 | return "weird handshake type"; |
Vanger | 0:b86d15c6ba29 | 7915 | |
Vanger | 0:b86d15c6ba29 | 7916 | case SOCKET_ERROR_E : |
Vanger | 0:b86d15c6ba29 | 7917 | return "error state on socket"; |
Vanger | 0:b86d15c6ba29 | 7918 | |
Vanger | 0:b86d15c6ba29 | 7919 | case SOCKET_NODATA : |
Vanger | 0:b86d15c6ba29 | 7920 | return "expected data, not there"; |
Vanger | 0:b86d15c6ba29 | 7921 | |
Vanger | 0:b86d15c6ba29 | 7922 | case INCOMPLETE_DATA : |
Vanger | 0:b86d15c6ba29 | 7923 | return "don't have enough data to complete task"; |
Vanger | 0:b86d15c6ba29 | 7924 | |
Vanger | 0:b86d15c6ba29 | 7925 | case UNKNOWN_RECORD_TYPE : |
Vanger | 0:b86d15c6ba29 | 7926 | return "unknown type in record hdr"; |
Vanger | 0:b86d15c6ba29 | 7927 | |
Vanger | 0:b86d15c6ba29 | 7928 | case DECRYPT_ERROR : |
Vanger | 0:b86d15c6ba29 | 7929 | return "error during decryption"; |
Vanger | 0:b86d15c6ba29 | 7930 | |
Vanger | 0:b86d15c6ba29 | 7931 | case FATAL_ERROR : |
Vanger | 0:b86d15c6ba29 | 7932 | return "revcd alert fatal error"; |
Vanger | 0:b86d15c6ba29 | 7933 | |
Vanger | 0:b86d15c6ba29 | 7934 | case ENCRYPT_ERROR : |
Vanger | 0:b86d15c6ba29 | 7935 | return "error during encryption"; |
Vanger | 0:b86d15c6ba29 | 7936 | |
Vanger | 0:b86d15c6ba29 | 7937 | case FREAD_ERROR : |
Vanger | 0:b86d15c6ba29 | 7938 | return "fread problem"; |
Vanger | 0:b86d15c6ba29 | 7939 | |
Vanger | 0:b86d15c6ba29 | 7940 | case NO_PEER_KEY : |
Vanger | 0:b86d15c6ba29 | 7941 | return "need peer's key"; |
Vanger | 0:b86d15c6ba29 | 7942 | |
Vanger | 0:b86d15c6ba29 | 7943 | case NO_PRIVATE_KEY : |
Vanger | 0:b86d15c6ba29 | 7944 | return "need the private key"; |
Vanger | 0:b86d15c6ba29 | 7945 | |
Vanger | 0:b86d15c6ba29 | 7946 | case NO_DH_PARAMS : |
Vanger | 0:b86d15c6ba29 | 7947 | return "server missing DH params"; |
Vanger | 0:b86d15c6ba29 | 7948 | |
Vanger | 0:b86d15c6ba29 | 7949 | case RSA_PRIVATE_ERROR : |
Vanger | 0:b86d15c6ba29 | 7950 | return "error during rsa priv op"; |
Vanger | 0:b86d15c6ba29 | 7951 | |
Vanger | 0:b86d15c6ba29 | 7952 | case MATCH_SUITE_ERROR : |
Vanger | 0:b86d15c6ba29 | 7953 | return "can't match cipher suite"; |
Vanger | 0:b86d15c6ba29 | 7954 | |
Vanger | 0:b86d15c6ba29 | 7955 | case BUILD_MSG_ERROR : |
Vanger | 0:b86d15c6ba29 | 7956 | return "build message failure"; |
Vanger | 0:b86d15c6ba29 | 7957 | |
Vanger | 0:b86d15c6ba29 | 7958 | case BAD_HELLO : |
Vanger | 0:b86d15c6ba29 | 7959 | return "client hello malformed"; |
Vanger | 0:b86d15c6ba29 | 7960 | |
Vanger | 0:b86d15c6ba29 | 7961 | case DOMAIN_NAME_MISMATCH : |
Vanger | 0:b86d15c6ba29 | 7962 | return "peer subject name mismatch"; |
Vanger | 0:b86d15c6ba29 | 7963 | |
Vanger | 0:b86d15c6ba29 | 7964 | case WANT_READ : |
Vanger | 0:b86d15c6ba29 | 7965 | case SSL_ERROR_WANT_READ : |
Vanger | 0:b86d15c6ba29 | 7966 | return "non-blocking socket wants data to be read"; |
Vanger | 0:b86d15c6ba29 | 7967 | |
Vanger | 0:b86d15c6ba29 | 7968 | case NOT_READY_ERROR : |
Vanger | 0:b86d15c6ba29 | 7969 | return "handshake layer not ready yet, complete first"; |
Vanger | 0:b86d15c6ba29 | 7970 | |
Vanger | 0:b86d15c6ba29 | 7971 | case PMS_VERSION_ERROR : |
Vanger | 0:b86d15c6ba29 | 7972 | return "premaster secret version mismatch error"; |
Vanger | 0:b86d15c6ba29 | 7973 | |
Vanger | 0:b86d15c6ba29 | 7974 | case VERSION_ERROR : |
Vanger | 0:b86d15c6ba29 | 7975 | return "record layer version error"; |
Vanger | 0:b86d15c6ba29 | 7976 | |
Vanger | 0:b86d15c6ba29 | 7977 | case WANT_WRITE : |
Vanger | 0:b86d15c6ba29 | 7978 | case SSL_ERROR_WANT_WRITE : |
Vanger | 0:b86d15c6ba29 | 7979 | return "non-blocking socket write buffer full"; |
Vanger | 0:b86d15c6ba29 | 7980 | |
Vanger | 0:b86d15c6ba29 | 7981 | case BUFFER_ERROR : |
Vanger | 0:b86d15c6ba29 | 7982 | return "malformed buffer input error"; |
Vanger | 0:b86d15c6ba29 | 7983 | |
Vanger | 0:b86d15c6ba29 | 7984 | case VERIFY_CERT_ERROR : |
Vanger | 0:b86d15c6ba29 | 7985 | return "verify problem on certificate"; |
Vanger | 0:b86d15c6ba29 | 7986 | |
Vanger | 0:b86d15c6ba29 | 7987 | case VERIFY_SIGN_ERROR : |
Vanger | 0:b86d15c6ba29 | 7988 | return "verify problem based on signature"; |
Vanger | 0:b86d15c6ba29 | 7989 | |
Vanger | 0:b86d15c6ba29 | 7990 | case CLIENT_ID_ERROR : |
Vanger | 0:b86d15c6ba29 | 7991 | return "psk client identity error"; |
Vanger | 0:b86d15c6ba29 | 7992 | |
Vanger | 0:b86d15c6ba29 | 7993 | case SERVER_HINT_ERROR: |
Vanger | 0:b86d15c6ba29 | 7994 | return "psk server hint error"; |
Vanger | 0:b86d15c6ba29 | 7995 | |
Vanger | 0:b86d15c6ba29 | 7996 | case PSK_KEY_ERROR: |
Vanger | 0:b86d15c6ba29 | 7997 | return "psk key callback error"; |
Vanger | 0:b86d15c6ba29 | 7998 | |
Vanger | 0:b86d15c6ba29 | 7999 | case NTRU_KEY_ERROR: |
Vanger | 0:b86d15c6ba29 | 8000 | return "NTRU key error"; |
Vanger | 0:b86d15c6ba29 | 8001 | |
Vanger | 0:b86d15c6ba29 | 8002 | case NTRU_DRBG_ERROR: |
Vanger | 0:b86d15c6ba29 | 8003 | return "NTRU drbg error"; |
Vanger | 0:b86d15c6ba29 | 8004 | |
Vanger | 0:b86d15c6ba29 | 8005 | case NTRU_ENCRYPT_ERROR: |
Vanger | 0:b86d15c6ba29 | 8006 | return "NTRU encrypt error"; |
Vanger | 0:b86d15c6ba29 | 8007 | |
Vanger | 0:b86d15c6ba29 | 8008 | case NTRU_DECRYPT_ERROR: |
Vanger | 0:b86d15c6ba29 | 8009 | return "NTRU decrypt error"; |
Vanger | 0:b86d15c6ba29 | 8010 | |
Vanger | 0:b86d15c6ba29 | 8011 | case ZLIB_INIT_ERROR: |
Vanger | 0:b86d15c6ba29 | 8012 | return "zlib init error"; |
Vanger | 0:b86d15c6ba29 | 8013 | |
Vanger | 0:b86d15c6ba29 | 8014 | case ZLIB_COMPRESS_ERROR: |
Vanger | 0:b86d15c6ba29 | 8015 | return "zlib compress error"; |
Vanger | 0:b86d15c6ba29 | 8016 | |
Vanger | 0:b86d15c6ba29 | 8017 | case ZLIB_DECOMPRESS_ERROR: |
Vanger | 0:b86d15c6ba29 | 8018 | return "zlib decompress error"; |
Vanger | 0:b86d15c6ba29 | 8019 | |
Vanger | 0:b86d15c6ba29 | 8020 | case GETTIME_ERROR: |
Vanger | 0:b86d15c6ba29 | 8021 | return "gettimeofday() error"; |
Vanger | 0:b86d15c6ba29 | 8022 | |
Vanger | 0:b86d15c6ba29 | 8023 | case GETITIMER_ERROR: |
Vanger | 0:b86d15c6ba29 | 8024 | return "getitimer() error"; |
Vanger | 0:b86d15c6ba29 | 8025 | |
Vanger | 0:b86d15c6ba29 | 8026 | case SIGACT_ERROR: |
Vanger | 0:b86d15c6ba29 | 8027 | return "sigaction() error"; |
Vanger | 0:b86d15c6ba29 | 8028 | |
Vanger | 0:b86d15c6ba29 | 8029 | case SETITIMER_ERROR: |
Vanger | 0:b86d15c6ba29 | 8030 | return "setitimer() error"; |
Vanger | 0:b86d15c6ba29 | 8031 | |
Vanger | 0:b86d15c6ba29 | 8032 | case LENGTH_ERROR: |
Vanger | 0:b86d15c6ba29 | 8033 | return "record layer length error"; |
Vanger | 0:b86d15c6ba29 | 8034 | |
Vanger | 0:b86d15c6ba29 | 8035 | case PEER_KEY_ERROR: |
Vanger | 0:b86d15c6ba29 | 8036 | return "cant decode peer key"; |
Vanger | 0:b86d15c6ba29 | 8037 | |
Vanger | 0:b86d15c6ba29 | 8038 | case ZERO_RETURN: |
Vanger | 0:b86d15c6ba29 | 8039 | case SSL_ERROR_ZERO_RETURN: |
Vanger | 0:b86d15c6ba29 | 8040 | return "peer sent close notify alert"; |
Vanger | 0:b86d15c6ba29 | 8041 | |
Vanger | 0:b86d15c6ba29 | 8042 | case ECC_CURVETYPE_ERROR: |
Vanger | 0:b86d15c6ba29 | 8043 | return "Bad ECC Curve Type or unsupported"; |
Vanger | 0:b86d15c6ba29 | 8044 | |
Vanger | 0:b86d15c6ba29 | 8045 | case ECC_CURVE_ERROR: |
Vanger | 0:b86d15c6ba29 | 8046 | return "Bad ECC Curve or unsupported"; |
Vanger | 0:b86d15c6ba29 | 8047 | |
Vanger | 0:b86d15c6ba29 | 8048 | case ECC_PEERKEY_ERROR: |
Vanger | 0:b86d15c6ba29 | 8049 | return "Bad ECC Peer Key"; |
Vanger | 0:b86d15c6ba29 | 8050 | |
Vanger | 0:b86d15c6ba29 | 8051 | case ECC_MAKEKEY_ERROR: |
Vanger | 0:b86d15c6ba29 | 8052 | return "ECC Make Key failure"; |
Vanger | 0:b86d15c6ba29 | 8053 | |
Vanger | 0:b86d15c6ba29 | 8054 | case ECC_EXPORT_ERROR: |
Vanger | 0:b86d15c6ba29 | 8055 | return "ECC Export Key failure"; |
Vanger | 0:b86d15c6ba29 | 8056 | |
Vanger | 0:b86d15c6ba29 | 8057 | case ECC_SHARED_ERROR: |
Vanger | 0:b86d15c6ba29 | 8058 | return "ECC DHE shared failure"; |
Vanger | 0:b86d15c6ba29 | 8059 | |
Vanger | 0:b86d15c6ba29 | 8060 | case NOT_CA_ERROR: |
Vanger | 0:b86d15c6ba29 | 8061 | return "Not a CA by basic constraint error"; |
Vanger | 0:b86d15c6ba29 | 8062 | |
Vanger | 0:b86d15c6ba29 | 8063 | case BAD_PATH_ERROR: |
Vanger | 0:b86d15c6ba29 | 8064 | return "Bad path for opendir error"; |
Vanger | 0:b86d15c6ba29 | 8065 | |
Vanger | 0:b86d15c6ba29 | 8066 | case BAD_CERT_MANAGER_ERROR: |
Vanger | 0:b86d15c6ba29 | 8067 | return "Bad Cert Manager error"; |
Vanger | 0:b86d15c6ba29 | 8068 | |
Vanger | 0:b86d15c6ba29 | 8069 | case OCSP_CERT_REVOKED: |
Vanger | 0:b86d15c6ba29 | 8070 | return "OCSP Cert revoked"; |
Vanger | 0:b86d15c6ba29 | 8071 | |
Vanger | 0:b86d15c6ba29 | 8072 | case CRL_CERT_REVOKED: |
Vanger | 0:b86d15c6ba29 | 8073 | return "CRL Cert revoked"; |
Vanger | 0:b86d15c6ba29 | 8074 | |
Vanger | 0:b86d15c6ba29 | 8075 | case CRL_MISSING: |
Vanger | 0:b86d15c6ba29 | 8076 | return "CRL missing, not loaded"; |
Vanger | 0:b86d15c6ba29 | 8077 | |
Vanger | 0:b86d15c6ba29 | 8078 | case MONITOR_RUNNING_E: |
Vanger | 0:b86d15c6ba29 | 8079 | return "CRL monitor already running"; |
Vanger | 0:b86d15c6ba29 | 8080 | |
Vanger | 0:b86d15c6ba29 | 8081 | case THREAD_CREATE_E: |
Vanger | 0:b86d15c6ba29 | 8082 | return "Thread creation problem"; |
Vanger | 0:b86d15c6ba29 | 8083 | |
Vanger | 0:b86d15c6ba29 | 8084 | case OCSP_NEED_URL: |
Vanger | 0:b86d15c6ba29 | 8085 | return "OCSP need URL"; |
Vanger | 0:b86d15c6ba29 | 8086 | |
Vanger | 0:b86d15c6ba29 | 8087 | case OCSP_CERT_UNKNOWN: |
Vanger | 0:b86d15c6ba29 | 8088 | return "OCSP Cert unknown"; |
Vanger | 0:b86d15c6ba29 | 8089 | |
Vanger | 0:b86d15c6ba29 | 8090 | case OCSP_LOOKUP_FAIL: |
Vanger | 0:b86d15c6ba29 | 8091 | return "OCSP Responder lookup fail"; |
Vanger | 0:b86d15c6ba29 | 8092 | |
Vanger | 0:b86d15c6ba29 | 8093 | case MAX_CHAIN_ERROR: |
Vanger | 0:b86d15c6ba29 | 8094 | return "Maximum Chain Depth Exceeded"; |
Vanger | 0:b86d15c6ba29 | 8095 | |
Vanger | 0:b86d15c6ba29 | 8096 | case COOKIE_ERROR: |
Vanger | 0:b86d15c6ba29 | 8097 | return "DTLS Cookie Error"; |
Vanger | 0:b86d15c6ba29 | 8098 | |
Vanger | 0:b86d15c6ba29 | 8099 | case SEQUENCE_ERROR: |
Vanger | 0:b86d15c6ba29 | 8100 | return "DTLS Sequence Error"; |
Vanger | 0:b86d15c6ba29 | 8101 | |
Vanger | 0:b86d15c6ba29 | 8102 | case SUITES_ERROR: |
Vanger | 0:b86d15c6ba29 | 8103 | return "Suites Pointer Error"; |
Vanger | 0:b86d15c6ba29 | 8104 | |
Vanger | 0:b86d15c6ba29 | 8105 | case SSL_NO_PEM_HEADER: |
Vanger | 0:b86d15c6ba29 | 8106 | return "No PEM Header Error"; |
Vanger | 0:b86d15c6ba29 | 8107 | |
Vanger | 0:b86d15c6ba29 | 8108 | case OUT_OF_ORDER_E: |
Vanger | 0:b86d15c6ba29 | 8109 | return "Out of order message, fatal"; |
Vanger | 0:b86d15c6ba29 | 8110 | |
Vanger | 0:b86d15c6ba29 | 8111 | case BAD_KEA_TYPE_E: |
Vanger | 0:b86d15c6ba29 | 8112 | return "Bad KEA type found"; |
Vanger | 0:b86d15c6ba29 | 8113 | |
Vanger | 0:b86d15c6ba29 | 8114 | case SANITY_CIPHER_E: |
Vanger | 0:b86d15c6ba29 | 8115 | return "Sanity check on ciphertext failed"; |
Vanger | 0:b86d15c6ba29 | 8116 | |
Vanger | 0:b86d15c6ba29 | 8117 | case RECV_OVERFLOW_E: |
Vanger | 0:b86d15c6ba29 | 8118 | return "Receive callback returned more than requested"; |
Vanger | 0:b86d15c6ba29 | 8119 | |
Vanger | 0:b86d15c6ba29 | 8120 | case GEN_COOKIE_E: |
Vanger | 0:b86d15c6ba29 | 8121 | return "Generate Cookie Error"; |
Vanger | 0:b86d15c6ba29 | 8122 | |
Vanger | 0:b86d15c6ba29 | 8123 | case NO_PEER_VERIFY: |
Vanger | 0:b86d15c6ba29 | 8124 | return "Need peer certificate verify Error"; |
Vanger | 0:b86d15c6ba29 | 8125 | |
Vanger | 0:b86d15c6ba29 | 8126 | case FWRITE_ERROR: |
Vanger | 0:b86d15c6ba29 | 8127 | return "fwrite Error"; |
Vanger | 0:b86d15c6ba29 | 8128 | |
Vanger | 0:b86d15c6ba29 | 8129 | case CACHE_MATCH_ERROR: |
Vanger | 0:b86d15c6ba29 | 8130 | return "Cache restore header match Error"; |
Vanger | 0:b86d15c6ba29 | 8131 | |
Vanger | 0:b86d15c6ba29 | 8132 | case UNKNOWN_SNI_HOST_NAME_E: |
Vanger | 0:b86d15c6ba29 | 8133 | return "Unrecognized host name Error"; |
Vanger | 0:b86d15c6ba29 | 8134 | |
Vanger | 0:b86d15c6ba29 | 8135 | case KEYUSE_SIGNATURE_E: |
Vanger | 0:b86d15c6ba29 | 8136 | return "Key Use digitalSignature not set Error"; |
Vanger | 0:b86d15c6ba29 | 8137 | |
Vanger | 0:b86d15c6ba29 | 8138 | case KEYUSE_ENCIPHER_E: |
Vanger | 0:b86d15c6ba29 | 8139 | return "Key Use keyEncipherment not set Error"; |
Vanger | 0:b86d15c6ba29 | 8140 | |
Vanger | 0:b86d15c6ba29 | 8141 | case EXTKEYUSE_AUTH_E: |
Vanger | 0:b86d15c6ba29 | 8142 | return "Ext Key Use server/client auth not set Error"; |
Vanger | 0:b86d15c6ba29 | 8143 | |
Vanger | 0:b86d15c6ba29 | 8144 | case SEND_OOB_READ_E: |
Vanger | 0:b86d15c6ba29 | 8145 | return "Send Callback Out of Bounds Read Error"; |
Vanger | 0:b86d15c6ba29 | 8146 | |
Vanger | 0:b86d15c6ba29 | 8147 | case SECURE_RENEGOTIATION_E: |
Vanger | 0:b86d15c6ba29 | 8148 | return "Invalid Renegotiation Error"; |
Vanger | 0:b86d15c6ba29 | 8149 | |
Vanger | 0:b86d15c6ba29 | 8150 | case SESSION_TICKET_LEN_E: |
Vanger | 0:b86d15c6ba29 | 8151 | return "Session Ticket Too Long Error"; |
Vanger | 0:b86d15c6ba29 | 8152 | |
Vanger | 0:b86d15c6ba29 | 8153 | case SESSION_TICKET_EXPECT_E: |
Vanger | 0:b86d15c6ba29 | 8154 | return "Session Ticket Error"; |
Vanger | 0:b86d15c6ba29 | 8155 | |
Vanger | 0:b86d15c6ba29 | 8156 | case SCR_DIFFERENT_CERT_E: |
Vanger | 0:b86d15c6ba29 | 8157 | return "Peer sent different cert during SCR"; |
Vanger | 0:b86d15c6ba29 | 8158 | |
Vanger | 0:b86d15c6ba29 | 8159 | case SESSION_SECRET_CB_E: |
Vanger | 0:b86d15c6ba29 | 8160 | return "Session Secret Callback Error"; |
Vanger | 0:b86d15c6ba29 | 8161 | |
Vanger | 0:b86d15c6ba29 | 8162 | case NO_CHANGE_CIPHER_E: |
Vanger | 0:b86d15c6ba29 | 8163 | return "Finished received from peer before Change Cipher Error"; |
Vanger | 0:b86d15c6ba29 | 8164 | |
Vanger | 0:b86d15c6ba29 | 8165 | case SANITY_MSG_E: |
Vanger | 0:b86d15c6ba29 | 8166 | return "Sanity Check on message order Error"; |
Vanger | 0:b86d15c6ba29 | 8167 | |
Vanger | 0:b86d15c6ba29 | 8168 | case DUPLICATE_MSG_E: |
Vanger | 0:b86d15c6ba29 | 8169 | return "Duplicate HandShake message Error"; |
Vanger | 0:b86d15c6ba29 | 8170 | |
Vanger | 0:b86d15c6ba29 | 8171 | default : |
Vanger | 0:b86d15c6ba29 | 8172 | return "unknown error number"; |
Vanger | 0:b86d15c6ba29 | 8173 | } |
Vanger | 0:b86d15c6ba29 | 8174 | |
Vanger | 0:b86d15c6ba29 | 8175 | #endif /* NO_ERROR_STRINGS */ |
Vanger | 0:b86d15c6ba29 | 8176 | } |
Vanger | 0:b86d15c6ba29 | 8177 | |
Vanger | 0:b86d15c6ba29 | 8178 | void SetErrorString(int error, char* str) |
Vanger | 0:b86d15c6ba29 | 8179 | { |
Vanger | 0:b86d15c6ba29 | 8180 | XSTRNCPY(str, CyaSSL_ERR_reason_error_string(error), CYASSL_MAX_ERROR_SZ); |
Vanger | 0:b86d15c6ba29 | 8181 | } |
Vanger | 0:b86d15c6ba29 | 8182 | |
Vanger | 0:b86d15c6ba29 | 8183 | |
Vanger | 0:b86d15c6ba29 | 8184 | /* be sure to add to cipher_name_idx too !!!! */ |
Vanger | 0:b86d15c6ba29 | 8185 | static const char* const cipher_names[] = |
Vanger | 0:b86d15c6ba29 | 8186 | { |
Vanger | 0:b86d15c6ba29 | 8187 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8188 | "RC4-SHA", |
Vanger | 0:b86d15c6ba29 | 8189 | #endif |
Vanger | 0:b86d15c6ba29 | 8190 | |
Vanger | 0:b86d15c6ba29 | 8191 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 |
Vanger | 0:b86d15c6ba29 | 8192 | "RC4-MD5", |
Vanger | 0:b86d15c6ba29 | 8193 | #endif |
Vanger | 0:b86d15c6ba29 | 8194 | |
Vanger | 0:b86d15c6ba29 | 8195 | #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8196 | "DES-CBC3-SHA", |
Vanger | 0:b86d15c6ba29 | 8197 | #endif |
Vanger | 0:b86d15c6ba29 | 8198 | |
Vanger | 0:b86d15c6ba29 | 8199 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8200 | "AES128-SHA", |
Vanger | 0:b86d15c6ba29 | 8201 | #endif |
Vanger | 0:b86d15c6ba29 | 8202 | |
Vanger | 0:b86d15c6ba29 | 8203 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8204 | "AES256-SHA", |
Vanger | 0:b86d15c6ba29 | 8205 | #endif |
Vanger | 0:b86d15c6ba29 | 8206 | |
Vanger | 0:b86d15c6ba29 | 8207 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA |
Vanger | 0:b86d15c6ba29 | 8208 | "NULL-SHA", |
Vanger | 0:b86d15c6ba29 | 8209 | #endif |
Vanger | 0:b86d15c6ba29 | 8210 | |
Vanger | 0:b86d15c6ba29 | 8211 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 |
Vanger | 0:b86d15c6ba29 | 8212 | "NULL-SHA256", |
Vanger | 0:b86d15c6ba29 | 8213 | #endif |
Vanger | 0:b86d15c6ba29 | 8214 | |
Vanger | 0:b86d15c6ba29 | 8215 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8216 | "DHE-RSA-AES128-SHA", |
Vanger | 0:b86d15c6ba29 | 8217 | #endif |
Vanger | 0:b86d15c6ba29 | 8218 | |
Vanger | 0:b86d15c6ba29 | 8219 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8220 | "DHE-RSA-AES256-SHA", |
Vanger | 0:b86d15c6ba29 | 8221 | #endif |
Vanger | 0:b86d15c6ba29 | 8222 | |
Vanger | 0:b86d15c6ba29 | 8223 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8224 | "DHE-PSK-AES256-GCM-SHA384", |
Vanger | 0:b86d15c6ba29 | 8225 | #endif |
Vanger | 0:b86d15c6ba29 | 8226 | |
Vanger | 0:b86d15c6ba29 | 8227 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8228 | "DHE-PSK-AES128-GCM-SHA256", |
Vanger | 0:b86d15c6ba29 | 8229 | #endif |
Vanger | 0:b86d15c6ba29 | 8230 | |
Vanger | 0:b86d15c6ba29 | 8231 | #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8232 | "PSK-AES256-GCM-SHA384", |
Vanger | 0:b86d15c6ba29 | 8233 | #endif |
Vanger | 0:b86d15c6ba29 | 8234 | |
Vanger | 0:b86d15c6ba29 | 8235 | #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8236 | "PSK-AES128-GCM-SHA256", |
Vanger | 0:b86d15c6ba29 | 8237 | #endif |
Vanger | 0:b86d15c6ba29 | 8238 | |
Vanger | 0:b86d15c6ba29 | 8239 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8240 | "DHE-PSK-AES256-CBC-SHA384", |
Vanger | 0:b86d15c6ba29 | 8241 | #endif |
Vanger | 0:b86d15c6ba29 | 8242 | |
Vanger | 0:b86d15c6ba29 | 8243 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8244 | "DHE-PSK-AES128-CBC-SHA256", |
Vanger | 0:b86d15c6ba29 | 8245 | #endif |
Vanger | 0:b86d15c6ba29 | 8246 | |
Vanger | 0:b86d15c6ba29 | 8247 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8248 | "PSK-AES256-CBC-SHA384", |
Vanger | 0:b86d15c6ba29 | 8249 | #endif |
Vanger | 0:b86d15c6ba29 | 8250 | |
Vanger | 0:b86d15c6ba29 | 8251 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8252 | "PSK-AES128-CBC-SHA256", |
Vanger | 0:b86d15c6ba29 | 8253 | #endif |
Vanger | 0:b86d15c6ba29 | 8254 | |
Vanger | 0:b86d15c6ba29 | 8255 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8256 | "PSK-AES128-CBC-SHA", |
Vanger | 0:b86d15c6ba29 | 8257 | #endif |
Vanger | 0:b86d15c6ba29 | 8258 | |
Vanger | 0:b86d15c6ba29 | 8259 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8260 | "PSK-AES256-CBC-SHA", |
Vanger | 0:b86d15c6ba29 | 8261 | #endif |
Vanger | 0:b86d15c6ba29 | 8262 | |
Vanger | 0:b86d15c6ba29 | 8263 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM |
Vanger | 0:b86d15c6ba29 | 8264 | "DHE-PSK-AES128-CCM", |
Vanger | 0:b86d15c6ba29 | 8265 | #endif |
Vanger | 0:b86d15c6ba29 | 8266 | |
Vanger | 0:b86d15c6ba29 | 8267 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM |
Vanger | 0:b86d15c6ba29 | 8268 | "DHE-PSK-AES256-CCM", |
Vanger | 0:b86d15c6ba29 | 8269 | #endif |
Vanger | 0:b86d15c6ba29 | 8270 | |
Vanger | 0:b86d15c6ba29 | 8271 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM |
Vanger | 0:b86d15c6ba29 | 8272 | "PSK-AES128-CCM", |
Vanger | 0:b86d15c6ba29 | 8273 | #endif |
Vanger | 0:b86d15c6ba29 | 8274 | |
Vanger | 0:b86d15c6ba29 | 8275 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM |
Vanger | 0:b86d15c6ba29 | 8276 | "PSK-AES256-CCM", |
Vanger | 0:b86d15c6ba29 | 8277 | #endif |
Vanger | 0:b86d15c6ba29 | 8278 | |
Vanger | 0:b86d15c6ba29 | 8279 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8280 | "PSK-AES128-CCM-8", |
Vanger | 0:b86d15c6ba29 | 8281 | #endif |
Vanger | 0:b86d15c6ba29 | 8282 | |
Vanger | 0:b86d15c6ba29 | 8283 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8284 | "PSK-AES256-CCM-8", |
Vanger | 0:b86d15c6ba29 | 8285 | #endif |
Vanger | 0:b86d15c6ba29 | 8286 | |
Vanger | 0:b86d15c6ba29 | 8287 | #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 |
Vanger | 0:b86d15c6ba29 | 8288 | "DHE-PSK-NULL-SHA384", |
Vanger | 0:b86d15c6ba29 | 8289 | #endif |
Vanger | 0:b86d15c6ba29 | 8290 | |
Vanger | 0:b86d15c6ba29 | 8291 | #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 |
Vanger | 0:b86d15c6ba29 | 8292 | "DHE-PSK-NULL-SHA256", |
Vanger | 0:b86d15c6ba29 | 8293 | #endif |
Vanger | 0:b86d15c6ba29 | 8294 | |
Vanger | 0:b86d15c6ba29 | 8295 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 |
Vanger | 0:b86d15c6ba29 | 8296 | "PSK-NULL-SHA384", |
Vanger | 0:b86d15c6ba29 | 8297 | #endif |
Vanger | 0:b86d15c6ba29 | 8298 | |
Vanger | 0:b86d15c6ba29 | 8299 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 |
Vanger | 0:b86d15c6ba29 | 8300 | "PSK-NULL-SHA256", |
Vanger | 0:b86d15c6ba29 | 8301 | #endif |
Vanger | 0:b86d15c6ba29 | 8302 | |
Vanger | 0:b86d15c6ba29 | 8303 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA |
Vanger | 0:b86d15c6ba29 | 8304 | "PSK-NULL-SHA", |
Vanger | 0:b86d15c6ba29 | 8305 | #endif |
Vanger | 0:b86d15c6ba29 | 8306 | |
Vanger | 0:b86d15c6ba29 | 8307 | #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 |
Vanger | 0:b86d15c6ba29 | 8308 | "HC128-MD5", |
Vanger | 0:b86d15c6ba29 | 8309 | #endif |
Vanger | 0:b86d15c6ba29 | 8310 | |
Vanger | 0:b86d15c6ba29 | 8311 | #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA |
Vanger | 0:b86d15c6ba29 | 8312 | "HC128-SHA", |
Vanger | 0:b86d15c6ba29 | 8313 | #endif |
Vanger | 0:b86d15c6ba29 | 8314 | |
Vanger | 0:b86d15c6ba29 | 8315 | #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 |
Vanger | 0:b86d15c6ba29 | 8316 | "HC128-B2B256", |
Vanger | 0:b86d15c6ba29 | 8317 | #endif |
Vanger | 0:b86d15c6ba29 | 8318 | |
Vanger | 0:b86d15c6ba29 | 8319 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 |
Vanger | 0:b86d15c6ba29 | 8320 | "AES128-B2B256", |
Vanger | 0:b86d15c6ba29 | 8321 | #endif |
Vanger | 0:b86d15c6ba29 | 8322 | |
Vanger | 0:b86d15c6ba29 | 8323 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 |
Vanger | 0:b86d15c6ba29 | 8324 | "AES256-B2B256", |
Vanger | 0:b86d15c6ba29 | 8325 | #endif |
Vanger | 0:b86d15c6ba29 | 8326 | |
Vanger | 0:b86d15c6ba29 | 8327 | #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA |
Vanger | 0:b86d15c6ba29 | 8328 | "RABBIT-SHA", |
Vanger | 0:b86d15c6ba29 | 8329 | #endif |
Vanger | 0:b86d15c6ba29 | 8330 | |
Vanger | 0:b86d15c6ba29 | 8331 | #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8332 | "NTRU-RC4-SHA", |
Vanger | 0:b86d15c6ba29 | 8333 | #endif |
Vanger | 0:b86d15c6ba29 | 8334 | |
Vanger | 0:b86d15c6ba29 | 8335 | #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8336 | "NTRU-DES-CBC3-SHA", |
Vanger | 0:b86d15c6ba29 | 8337 | #endif |
Vanger | 0:b86d15c6ba29 | 8338 | |
Vanger | 0:b86d15c6ba29 | 8339 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8340 | "NTRU-AES128-SHA", |
Vanger | 0:b86d15c6ba29 | 8341 | #endif |
Vanger | 0:b86d15c6ba29 | 8342 | |
Vanger | 0:b86d15c6ba29 | 8343 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8344 | "NTRU-AES256-SHA", |
Vanger | 0:b86d15c6ba29 | 8345 | #endif |
Vanger | 0:b86d15c6ba29 | 8346 | |
Vanger | 0:b86d15c6ba29 | 8347 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8348 | "AES128-CCM-8", |
Vanger | 0:b86d15c6ba29 | 8349 | #endif |
Vanger | 0:b86d15c6ba29 | 8350 | |
Vanger | 0:b86d15c6ba29 | 8351 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8352 | "AES256-CCM-8", |
Vanger | 0:b86d15c6ba29 | 8353 | #endif |
Vanger | 0:b86d15c6ba29 | 8354 | |
Vanger | 0:b86d15c6ba29 | 8355 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8356 | "ECDHE-ECDSA-AES128-CCM-8", |
Vanger | 0:b86d15c6ba29 | 8357 | #endif |
Vanger | 0:b86d15c6ba29 | 8358 | |
Vanger | 0:b86d15c6ba29 | 8359 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8360 | "ECDHE-ECDSA-AES256-CCM-8", |
Vanger | 0:b86d15c6ba29 | 8361 | #endif |
Vanger | 0:b86d15c6ba29 | 8362 | |
Vanger | 0:b86d15c6ba29 | 8363 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8364 | "ECDHE-RSA-AES128-SHA", |
Vanger | 0:b86d15c6ba29 | 8365 | #endif |
Vanger | 0:b86d15c6ba29 | 8366 | |
Vanger | 0:b86d15c6ba29 | 8367 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8368 | "ECDHE-RSA-AES256-SHA", |
Vanger | 0:b86d15c6ba29 | 8369 | #endif |
Vanger | 0:b86d15c6ba29 | 8370 | |
Vanger | 0:b86d15c6ba29 | 8371 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8372 | "ECDHE-ECDSA-AES128-SHA", |
Vanger | 0:b86d15c6ba29 | 8373 | #endif |
Vanger | 0:b86d15c6ba29 | 8374 | |
Vanger | 0:b86d15c6ba29 | 8375 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8376 | "ECDHE-ECDSA-AES256-SHA", |
Vanger | 0:b86d15c6ba29 | 8377 | #endif |
Vanger | 0:b86d15c6ba29 | 8378 | |
Vanger | 0:b86d15c6ba29 | 8379 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8380 | "ECDHE-RSA-RC4-SHA", |
Vanger | 0:b86d15c6ba29 | 8381 | #endif |
Vanger | 0:b86d15c6ba29 | 8382 | |
Vanger | 0:b86d15c6ba29 | 8383 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8384 | "ECDHE-RSA-DES-CBC3-SHA", |
Vanger | 0:b86d15c6ba29 | 8385 | #endif |
Vanger | 0:b86d15c6ba29 | 8386 | |
Vanger | 0:b86d15c6ba29 | 8387 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8388 | "ECDHE-ECDSA-RC4-SHA", |
Vanger | 0:b86d15c6ba29 | 8389 | #endif |
Vanger | 0:b86d15c6ba29 | 8390 | |
Vanger | 0:b86d15c6ba29 | 8391 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8392 | "ECDHE-ECDSA-DES-CBC3-SHA", |
Vanger | 0:b86d15c6ba29 | 8393 | #endif |
Vanger | 0:b86d15c6ba29 | 8394 | |
Vanger | 0:b86d15c6ba29 | 8395 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8396 | "AES128-SHA256", |
Vanger | 0:b86d15c6ba29 | 8397 | #endif |
Vanger | 0:b86d15c6ba29 | 8398 | |
Vanger | 0:b86d15c6ba29 | 8399 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8400 | "AES256-SHA256", |
Vanger | 0:b86d15c6ba29 | 8401 | #endif |
Vanger | 0:b86d15c6ba29 | 8402 | |
Vanger | 0:b86d15c6ba29 | 8403 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8404 | "DHE-RSA-AES128-SHA256", |
Vanger | 0:b86d15c6ba29 | 8405 | #endif |
Vanger | 0:b86d15c6ba29 | 8406 | |
Vanger | 0:b86d15c6ba29 | 8407 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8408 | "DHE-RSA-AES256-SHA256", |
Vanger | 0:b86d15c6ba29 | 8409 | #endif |
Vanger | 0:b86d15c6ba29 | 8410 | |
Vanger | 0:b86d15c6ba29 | 8411 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8412 | "ECDH-RSA-AES128-SHA", |
Vanger | 0:b86d15c6ba29 | 8413 | #endif |
Vanger | 0:b86d15c6ba29 | 8414 | |
Vanger | 0:b86d15c6ba29 | 8415 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8416 | "ECDH-RSA-AES256-SHA", |
Vanger | 0:b86d15c6ba29 | 8417 | #endif |
Vanger | 0:b86d15c6ba29 | 8418 | |
Vanger | 0:b86d15c6ba29 | 8419 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8420 | "ECDH-ECDSA-AES128-SHA", |
Vanger | 0:b86d15c6ba29 | 8421 | #endif |
Vanger | 0:b86d15c6ba29 | 8422 | |
Vanger | 0:b86d15c6ba29 | 8423 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8424 | "ECDH-ECDSA-AES256-SHA", |
Vanger | 0:b86d15c6ba29 | 8425 | #endif |
Vanger | 0:b86d15c6ba29 | 8426 | |
Vanger | 0:b86d15c6ba29 | 8427 | #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8428 | "ECDH-RSA-RC4-SHA", |
Vanger | 0:b86d15c6ba29 | 8429 | #endif |
Vanger | 0:b86d15c6ba29 | 8430 | |
Vanger | 0:b86d15c6ba29 | 8431 | #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8432 | "ECDH-RSA-DES-CBC3-SHA", |
Vanger | 0:b86d15c6ba29 | 8433 | #endif |
Vanger | 0:b86d15c6ba29 | 8434 | |
Vanger | 0:b86d15c6ba29 | 8435 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8436 | "ECDH-ECDSA-RC4-SHA", |
Vanger | 0:b86d15c6ba29 | 8437 | #endif |
Vanger | 0:b86d15c6ba29 | 8438 | |
Vanger | 0:b86d15c6ba29 | 8439 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8440 | "ECDH-ECDSA-DES-CBC3-SHA", |
Vanger | 0:b86d15c6ba29 | 8441 | #endif |
Vanger | 0:b86d15c6ba29 | 8442 | |
Vanger | 0:b86d15c6ba29 | 8443 | #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8444 | "AES128-GCM-SHA256", |
Vanger | 0:b86d15c6ba29 | 8445 | #endif |
Vanger | 0:b86d15c6ba29 | 8446 | |
Vanger | 0:b86d15c6ba29 | 8447 | #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8448 | "AES256-GCM-SHA384", |
Vanger | 0:b86d15c6ba29 | 8449 | #endif |
Vanger | 0:b86d15c6ba29 | 8450 | |
Vanger | 0:b86d15c6ba29 | 8451 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8452 | "DHE-RSA-AES128-GCM-SHA256", |
Vanger | 0:b86d15c6ba29 | 8453 | #endif |
Vanger | 0:b86d15c6ba29 | 8454 | |
Vanger | 0:b86d15c6ba29 | 8455 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8456 | "DHE-RSA-AES256-GCM-SHA384", |
Vanger | 0:b86d15c6ba29 | 8457 | #endif |
Vanger | 0:b86d15c6ba29 | 8458 | |
Vanger | 0:b86d15c6ba29 | 8459 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8460 | "ECDHE-RSA-AES128-GCM-SHA256", |
Vanger | 0:b86d15c6ba29 | 8461 | #endif |
Vanger | 0:b86d15c6ba29 | 8462 | |
Vanger | 0:b86d15c6ba29 | 8463 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8464 | "ECDHE-RSA-AES256-GCM-SHA384", |
Vanger | 0:b86d15c6ba29 | 8465 | #endif |
Vanger | 0:b86d15c6ba29 | 8466 | |
Vanger | 0:b86d15c6ba29 | 8467 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8468 | "ECDHE-ECDSA-AES128-GCM-SHA256", |
Vanger | 0:b86d15c6ba29 | 8469 | #endif |
Vanger | 0:b86d15c6ba29 | 8470 | |
Vanger | 0:b86d15c6ba29 | 8471 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8472 | "ECDHE-ECDSA-AES256-GCM-SHA384", |
Vanger | 0:b86d15c6ba29 | 8473 | #endif |
Vanger | 0:b86d15c6ba29 | 8474 | |
Vanger | 0:b86d15c6ba29 | 8475 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8476 | "ECDH-RSA-AES128-GCM-SHA256", |
Vanger | 0:b86d15c6ba29 | 8477 | #endif |
Vanger | 0:b86d15c6ba29 | 8478 | |
Vanger | 0:b86d15c6ba29 | 8479 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8480 | "ECDH-RSA-AES256-GCM-SHA384", |
Vanger | 0:b86d15c6ba29 | 8481 | #endif |
Vanger | 0:b86d15c6ba29 | 8482 | |
Vanger | 0:b86d15c6ba29 | 8483 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8484 | "ECDH-ECDSA-AES128-GCM-SHA256", |
Vanger | 0:b86d15c6ba29 | 8485 | #endif |
Vanger | 0:b86d15c6ba29 | 8486 | |
Vanger | 0:b86d15c6ba29 | 8487 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8488 | "ECDH-ECDSA-AES256-GCM-SHA384", |
Vanger | 0:b86d15c6ba29 | 8489 | #endif |
Vanger | 0:b86d15c6ba29 | 8490 | |
Vanger | 0:b86d15c6ba29 | 8491 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8492 | "CAMELLIA128-SHA", |
Vanger | 0:b86d15c6ba29 | 8493 | #endif |
Vanger | 0:b86d15c6ba29 | 8494 | |
Vanger | 0:b86d15c6ba29 | 8495 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8496 | "DHE-RSA-CAMELLIA128-SHA", |
Vanger | 0:b86d15c6ba29 | 8497 | #endif |
Vanger | 0:b86d15c6ba29 | 8498 | |
Vanger | 0:b86d15c6ba29 | 8499 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8500 | "CAMELLIA256-SHA", |
Vanger | 0:b86d15c6ba29 | 8501 | #endif |
Vanger | 0:b86d15c6ba29 | 8502 | |
Vanger | 0:b86d15c6ba29 | 8503 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8504 | "DHE-RSA-CAMELLIA256-SHA", |
Vanger | 0:b86d15c6ba29 | 8505 | #endif |
Vanger | 0:b86d15c6ba29 | 8506 | |
Vanger | 0:b86d15c6ba29 | 8507 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8508 | "CAMELLIA128-SHA256", |
Vanger | 0:b86d15c6ba29 | 8509 | #endif |
Vanger | 0:b86d15c6ba29 | 8510 | |
Vanger | 0:b86d15c6ba29 | 8511 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8512 | "DHE-RSA-CAMELLIA128-SHA256", |
Vanger | 0:b86d15c6ba29 | 8513 | #endif |
Vanger | 0:b86d15c6ba29 | 8514 | |
Vanger | 0:b86d15c6ba29 | 8515 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8516 | "CAMELLIA256-SHA256", |
Vanger | 0:b86d15c6ba29 | 8517 | #endif |
Vanger | 0:b86d15c6ba29 | 8518 | |
Vanger | 0:b86d15c6ba29 | 8519 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8520 | "DHE-RSA-CAMELLIA256-SHA256", |
Vanger | 0:b86d15c6ba29 | 8521 | #endif |
Vanger | 0:b86d15c6ba29 | 8522 | |
Vanger | 0:b86d15c6ba29 | 8523 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8524 | "ECDHE-RSA-AES128-SHA256", |
Vanger | 0:b86d15c6ba29 | 8525 | #endif |
Vanger | 0:b86d15c6ba29 | 8526 | |
Vanger | 0:b86d15c6ba29 | 8527 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8528 | "ECDHE-ECDSA-AES128-SHA256", |
Vanger | 0:b86d15c6ba29 | 8529 | #endif |
Vanger | 0:b86d15c6ba29 | 8530 | |
Vanger | 0:b86d15c6ba29 | 8531 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8532 | "ECDH-RSA-AES128-SHA256", |
Vanger | 0:b86d15c6ba29 | 8533 | #endif |
Vanger | 0:b86d15c6ba29 | 8534 | |
Vanger | 0:b86d15c6ba29 | 8535 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8536 | "ECDH-ECDSA-AES128-SHA256", |
Vanger | 0:b86d15c6ba29 | 8537 | #endif |
Vanger | 0:b86d15c6ba29 | 8538 | |
Vanger | 0:b86d15c6ba29 | 8539 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8540 | "ECDHE-RSA-AES256-SHA384", |
Vanger | 0:b86d15c6ba29 | 8541 | #endif |
Vanger | 0:b86d15c6ba29 | 8542 | |
Vanger | 0:b86d15c6ba29 | 8543 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8544 | "ECDHE-ECDSA-AES256-SHA384", |
Vanger | 0:b86d15c6ba29 | 8545 | #endif |
Vanger | 0:b86d15c6ba29 | 8546 | |
Vanger | 0:b86d15c6ba29 | 8547 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8548 | "ECDH-RSA-AES256-SHA384", |
Vanger | 0:b86d15c6ba29 | 8549 | #endif |
Vanger | 0:b86d15c6ba29 | 8550 | |
Vanger | 0:b86d15c6ba29 | 8551 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8552 | "ECDH-ECDSA-AES256-SHA384", |
Vanger | 0:b86d15c6ba29 | 8553 | #endif |
Vanger | 0:b86d15c6ba29 | 8554 | |
Vanger | 0:b86d15c6ba29 | 8555 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
Vanger | 0:b86d15c6ba29 | 8556 | "ECDHE-RSA-CHACHA20-POLY1305", |
Vanger | 0:b86d15c6ba29 | 8557 | #endif |
Vanger | 0:b86d15c6ba29 | 8558 | |
Vanger | 0:b86d15c6ba29 | 8559 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
Vanger | 0:b86d15c6ba29 | 8560 | "ECDHE-ECDSA-CHACHA20-POLY1305", |
Vanger | 0:b86d15c6ba29 | 8561 | #endif |
Vanger | 0:b86d15c6ba29 | 8562 | |
Vanger | 0:b86d15c6ba29 | 8563 | #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
Vanger | 0:b86d15c6ba29 | 8564 | "DHE-RSA-CHACHA20-POLY1305", |
Vanger | 0:b86d15c6ba29 | 8565 | #endif |
Vanger | 0:b86d15c6ba29 | 8566 | |
Vanger | 0:b86d15c6ba29 | 8567 | #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8568 | "ADH-AES128-SHA", |
Vanger | 0:b86d15c6ba29 | 8569 | #endif |
Vanger | 0:b86d15c6ba29 | 8570 | |
Vanger | 0:b86d15c6ba29 | 8571 | #ifdef HAVE_RENEGOTIATION_INDICATION |
Vanger | 0:b86d15c6ba29 | 8572 | "RENEGOTIATION-INFO", |
Vanger | 0:b86d15c6ba29 | 8573 | #endif |
Vanger | 0:b86d15c6ba29 | 8574 | }; |
Vanger | 0:b86d15c6ba29 | 8575 | |
Vanger | 0:b86d15c6ba29 | 8576 | |
Vanger | 0:b86d15c6ba29 | 8577 | /* cipher suite number that matches above name table */ |
Vanger | 0:b86d15c6ba29 | 8578 | static int cipher_name_idx[] = |
Vanger | 0:b86d15c6ba29 | 8579 | { |
Vanger | 0:b86d15c6ba29 | 8580 | |
Vanger | 0:b86d15c6ba29 | 8581 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8582 | SSL_RSA_WITH_RC4_128_SHA, |
Vanger | 0:b86d15c6ba29 | 8583 | #endif |
Vanger | 0:b86d15c6ba29 | 8584 | |
Vanger | 0:b86d15c6ba29 | 8585 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 |
Vanger | 0:b86d15c6ba29 | 8586 | SSL_RSA_WITH_RC4_128_MD5, |
Vanger | 0:b86d15c6ba29 | 8587 | #endif |
Vanger | 0:b86d15c6ba29 | 8588 | |
Vanger | 0:b86d15c6ba29 | 8589 | #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8590 | SSL_RSA_WITH_3DES_EDE_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8591 | #endif |
Vanger | 0:b86d15c6ba29 | 8592 | |
Vanger | 0:b86d15c6ba29 | 8593 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8594 | TLS_RSA_WITH_AES_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8595 | #endif |
Vanger | 0:b86d15c6ba29 | 8596 | |
Vanger | 0:b86d15c6ba29 | 8597 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8598 | TLS_RSA_WITH_AES_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8599 | #endif |
Vanger | 0:b86d15c6ba29 | 8600 | |
Vanger | 0:b86d15c6ba29 | 8601 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA |
Vanger | 0:b86d15c6ba29 | 8602 | TLS_RSA_WITH_NULL_SHA, |
Vanger | 0:b86d15c6ba29 | 8603 | #endif |
Vanger | 0:b86d15c6ba29 | 8604 | |
Vanger | 0:b86d15c6ba29 | 8605 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 |
Vanger | 0:b86d15c6ba29 | 8606 | TLS_RSA_WITH_NULL_SHA256, |
Vanger | 0:b86d15c6ba29 | 8607 | #endif |
Vanger | 0:b86d15c6ba29 | 8608 | |
Vanger | 0:b86d15c6ba29 | 8609 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8610 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8611 | #endif |
Vanger | 0:b86d15c6ba29 | 8612 | |
Vanger | 0:b86d15c6ba29 | 8613 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8614 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8615 | #endif |
Vanger | 0:b86d15c6ba29 | 8616 | |
Vanger | 0:b86d15c6ba29 | 8617 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8618 | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, |
Vanger | 0:b86d15c6ba29 | 8619 | #endif |
Vanger | 0:b86d15c6ba29 | 8620 | |
Vanger | 0:b86d15c6ba29 | 8621 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8622 | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, |
Vanger | 0:b86d15c6ba29 | 8623 | #endif |
Vanger | 0:b86d15c6ba29 | 8624 | |
Vanger | 0:b86d15c6ba29 | 8625 | #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8626 | TLS_PSK_WITH_AES_256_GCM_SHA384, |
Vanger | 0:b86d15c6ba29 | 8627 | #endif |
Vanger | 0:b86d15c6ba29 | 8628 | |
Vanger | 0:b86d15c6ba29 | 8629 | #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8630 | TLS_PSK_WITH_AES_128_GCM_SHA256, |
Vanger | 0:b86d15c6ba29 | 8631 | #endif |
Vanger | 0:b86d15c6ba29 | 8632 | |
Vanger | 0:b86d15c6ba29 | 8633 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8634 | TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, |
Vanger | 0:b86d15c6ba29 | 8635 | #endif |
Vanger | 0:b86d15c6ba29 | 8636 | |
Vanger | 0:b86d15c6ba29 | 8637 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8638 | TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8639 | #endif |
Vanger | 0:b86d15c6ba29 | 8640 | |
Vanger | 0:b86d15c6ba29 | 8641 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8642 | TLS_PSK_WITH_AES_256_CBC_SHA384, |
Vanger | 0:b86d15c6ba29 | 8643 | #endif |
Vanger | 0:b86d15c6ba29 | 8644 | |
Vanger | 0:b86d15c6ba29 | 8645 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8646 | TLS_PSK_WITH_AES_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8647 | #endif |
Vanger | 0:b86d15c6ba29 | 8648 | |
Vanger | 0:b86d15c6ba29 | 8649 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8650 | TLS_PSK_WITH_AES_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8651 | #endif |
Vanger | 0:b86d15c6ba29 | 8652 | |
Vanger | 0:b86d15c6ba29 | 8653 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8654 | TLS_PSK_WITH_AES_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8655 | #endif |
Vanger | 0:b86d15c6ba29 | 8656 | |
Vanger | 0:b86d15c6ba29 | 8657 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM |
Vanger | 0:b86d15c6ba29 | 8658 | TLS_DHE_PSK_WITH_AES_128_CCM, |
Vanger | 0:b86d15c6ba29 | 8659 | #endif |
Vanger | 0:b86d15c6ba29 | 8660 | |
Vanger | 0:b86d15c6ba29 | 8661 | #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM |
Vanger | 0:b86d15c6ba29 | 8662 | TLS_DHE_PSK_WITH_AES_256_CCM, |
Vanger | 0:b86d15c6ba29 | 8663 | #endif |
Vanger | 0:b86d15c6ba29 | 8664 | |
Vanger | 0:b86d15c6ba29 | 8665 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM |
Vanger | 0:b86d15c6ba29 | 8666 | TLS_PSK_WITH_AES_128_CCM, |
Vanger | 0:b86d15c6ba29 | 8667 | #endif |
Vanger | 0:b86d15c6ba29 | 8668 | |
Vanger | 0:b86d15c6ba29 | 8669 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM |
Vanger | 0:b86d15c6ba29 | 8670 | TLS_PSK_WITH_AES_256_CCM, |
Vanger | 0:b86d15c6ba29 | 8671 | #endif |
Vanger | 0:b86d15c6ba29 | 8672 | |
Vanger | 0:b86d15c6ba29 | 8673 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8674 | TLS_PSK_WITH_AES_128_CCM_8, |
Vanger | 0:b86d15c6ba29 | 8675 | #endif |
Vanger | 0:b86d15c6ba29 | 8676 | |
Vanger | 0:b86d15c6ba29 | 8677 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8678 | TLS_PSK_WITH_AES_256_CCM_8, |
Vanger | 0:b86d15c6ba29 | 8679 | #endif |
Vanger | 0:b86d15c6ba29 | 8680 | |
Vanger | 0:b86d15c6ba29 | 8681 | #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 |
Vanger | 0:b86d15c6ba29 | 8682 | TLS_DHE_PSK_WITH_NULL_SHA384, |
Vanger | 0:b86d15c6ba29 | 8683 | #endif |
Vanger | 0:b86d15c6ba29 | 8684 | |
Vanger | 0:b86d15c6ba29 | 8685 | #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 |
Vanger | 0:b86d15c6ba29 | 8686 | TLS_DHE_PSK_WITH_NULL_SHA256, |
Vanger | 0:b86d15c6ba29 | 8687 | #endif |
Vanger | 0:b86d15c6ba29 | 8688 | |
Vanger | 0:b86d15c6ba29 | 8689 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 |
Vanger | 0:b86d15c6ba29 | 8690 | TLS_PSK_WITH_NULL_SHA384, |
Vanger | 0:b86d15c6ba29 | 8691 | #endif |
Vanger | 0:b86d15c6ba29 | 8692 | |
Vanger | 0:b86d15c6ba29 | 8693 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 |
Vanger | 0:b86d15c6ba29 | 8694 | TLS_PSK_WITH_NULL_SHA256, |
Vanger | 0:b86d15c6ba29 | 8695 | #endif |
Vanger | 0:b86d15c6ba29 | 8696 | |
Vanger | 0:b86d15c6ba29 | 8697 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA |
Vanger | 0:b86d15c6ba29 | 8698 | TLS_PSK_WITH_NULL_SHA, |
Vanger | 0:b86d15c6ba29 | 8699 | #endif |
Vanger | 0:b86d15c6ba29 | 8700 | |
Vanger | 0:b86d15c6ba29 | 8701 | #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 |
Vanger | 0:b86d15c6ba29 | 8702 | TLS_RSA_WITH_HC_128_MD5, |
Vanger | 0:b86d15c6ba29 | 8703 | #endif |
Vanger | 0:b86d15c6ba29 | 8704 | |
Vanger | 0:b86d15c6ba29 | 8705 | #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA |
Vanger | 0:b86d15c6ba29 | 8706 | TLS_RSA_WITH_HC_128_SHA, |
Vanger | 0:b86d15c6ba29 | 8707 | #endif |
Vanger | 0:b86d15c6ba29 | 8708 | |
Vanger | 0:b86d15c6ba29 | 8709 | #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 |
Vanger | 0:b86d15c6ba29 | 8710 | TLS_RSA_WITH_HC_128_B2B256, |
Vanger | 0:b86d15c6ba29 | 8711 | #endif |
Vanger | 0:b86d15c6ba29 | 8712 | |
Vanger | 0:b86d15c6ba29 | 8713 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 |
Vanger | 0:b86d15c6ba29 | 8714 | TLS_RSA_WITH_AES_128_CBC_B2B256, |
Vanger | 0:b86d15c6ba29 | 8715 | #endif |
Vanger | 0:b86d15c6ba29 | 8716 | |
Vanger | 0:b86d15c6ba29 | 8717 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 |
Vanger | 0:b86d15c6ba29 | 8718 | TLS_RSA_WITH_AES_256_CBC_B2B256, |
Vanger | 0:b86d15c6ba29 | 8719 | #endif |
Vanger | 0:b86d15c6ba29 | 8720 | |
Vanger | 0:b86d15c6ba29 | 8721 | #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA |
Vanger | 0:b86d15c6ba29 | 8722 | TLS_RSA_WITH_RABBIT_SHA, |
Vanger | 0:b86d15c6ba29 | 8723 | #endif |
Vanger | 0:b86d15c6ba29 | 8724 | |
Vanger | 0:b86d15c6ba29 | 8725 | #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8726 | TLS_NTRU_RSA_WITH_RC4_128_SHA, |
Vanger | 0:b86d15c6ba29 | 8727 | #endif |
Vanger | 0:b86d15c6ba29 | 8728 | |
Vanger | 0:b86d15c6ba29 | 8729 | #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8730 | TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8731 | #endif |
Vanger | 0:b86d15c6ba29 | 8732 | |
Vanger | 0:b86d15c6ba29 | 8733 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8734 | TLS_NTRU_RSA_WITH_AES_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8735 | #endif |
Vanger | 0:b86d15c6ba29 | 8736 | |
Vanger | 0:b86d15c6ba29 | 8737 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8738 | TLS_NTRU_RSA_WITH_AES_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8739 | #endif |
Vanger | 0:b86d15c6ba29 | 8740 | |
Vanger | 0:b86d15c6ba29 | 8741 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8742 | TLS_RSA_WITH_AES_128_CCM_8, |
Vanger | 0:b86d15c6ba29 | 8743 | #endif |
Vanger | 0:b86d15c6ba29 | 8744 | |
Vanger | 0:b86d15c6ba29 | 8745 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8746 | TLS_RSA_WITH_AES_256_CCM_8, |
Vanger | 0:b86d15c6ba29 | 8747 | #endif |
Vanger | 0:b86d15c6ba29 | 8748 | |
Vanger | 0:b86d15c6ba29 | 8749 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8750 | TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, |
Vanger | 0:b86d15c6ba29 | 8751 | #endif |
Vanger | 0:b86d15c6ba29 | 8752 | |
Vanger | 0:b86d15c6ba29 | 8753 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 |
Vanger | 0:b86d15c6ba29 | 8754 | TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, |
Vanger | 0:b86d15c6ba29 | 8755 | #endif |
Vanger | 0:b86d15c6ba29 | 8756 | |
Vanger | 0:b86d15c6ba29 | 8757 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8758 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8759 | #endif |
Vanger | 0:b86d15c6ba29 | 8760 | |
Vanger | 0:b86d15c6ba29 | 8761 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8762 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8763 | #endif |
Vanger | 0:b86d15c6ba29 | 8764 | |
Vanger | 0:b86d15c6ba29 | 8765 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8766 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8767 | #endif |
Vanger | 0:b86d15c6ba29 | 8768 | |
Vanger | 0:b86d15c6ba29 | 8769 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8770 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8771 | #endif |
Vanger | 0:b86d15c6ba29 | 8772 | |
Vanger | 0:b86d15c6ba29 | 8773 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8774 | TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
Vanger | 0:b86d15c6ba29 | 8775 | #endif |
Vanger | 0:b86d15c6ba29 | 8776 | |
Vanger | 0:b86d15c6ba29 | 8777 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8778 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8779 | #endif |
Vanger | 0:b86d15c6ba29 | 8780 | |
Vanger | 0:b86d15c6ba29 | 8781 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8782 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
Vanger | 0:b86d15c6ba29 | 8783 | #endif |
Vanger | 0:b86d15c6ba29 | 8784 | |
Vanger | 0:b86d15c6ba29 | 8785 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8786 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8787 | #endif |
Vanger | 0:b86d15c6ba29 | 8788 | |
Vanger | 0:b86d15c6ba29 | 8789 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8790 | TLS_RSA_WITH_AES_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8791 | #endif |
Vanger | 0:b86d15c6ba29 | 8792 | |
Vanger | 0:b86d15c6ba29 | 8793 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8794 | TLS_RSA_WITH_AES_256_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8795 | #endif |
Vanger | 0:b86d15c6ba29 | 8796 | |
Vanger | 0:b86d15c6ba29 | 8797 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8798 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8799 | #endif |
Vanger | 0:b86d15c6ba29 | 8800 | |
Vanger | 0:b86d15c6ba29 | 8801 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8802 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8803 | #endif |
Vanger | 0:b86d15c6ba29 | 8804 | |
Vanger | 0:b86d15c6ba29 | 8805 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8806 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8807 | #endif |
Vanger | 0:b86d15c6ba29 | 8808 | |
Vanger | 0:b86d15c6ba29 | 8809 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8810 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8811 | #endif |
Vanger | 0:b86d15c6ba29 | 8812 | |
Vanger | 0:b86d15c6ba29 | 8813 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8814 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8815 | #endif |
Vanger | 0:b86d15c6ba29 | 8816 | |
Vanger | 0:b86d15c6ba29 | 8817 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8818 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8819 | #endif |
Vanger | 0:b86d15c6ba29 | 8820 | |
Vanger | 0:b86d15c6ba29 | 8821 | #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8822 | TLS_ECDH_RSA_WITH_RC4_128_SHA, |
Vanger | 0:b86d15c6ba29 | 8823 | #endif |
Vanger | 0:b86d15c6ba29 | 8824 | |
Vanger | 0:b86d15c6ba29 | 8825 | #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8826 | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8827 | #endif |
Vanger | 0:b86d15c6ba29 | 8828 | |
Vanger | 0:b86d15c6ba29 | 8829 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
Vanger | 0:b86d15c6ba29 | 8830 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA, |
Vanger | 0:b86d15c6ba29 | 8831 | #endif |
Vanger | 0:b86d15c6ba29 | 8832 | |
Vanger | 0:b86d15c6ba29 | 8833 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8834 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8835 | #endif |
Vanger | 0:b86d15c6ba29 | 8836 | |
Vanger | 0:b86d15c6ba29 | 8837 | #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8838 | TLS_RSA_WITH_AES_128_GCM_SHA256, |
Vanger | 0:b86d15c6ba29 | 8839 | #endif |
Vanger | 0:b86d15c6ba29 | 8840 | |
Vanger | 0:b86d15c6ba29 | 8841 | #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8842 | TLS_RSA_WITH_AES_256_GCM_SHA384, |
Vanger | 0:b86d15c6ba29 | 8843 | #endif |
Vanger | 0:b86d15c6ba29 | 8844 | |
Vanger | 0:b86d15c6ba29 | 8845 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8846 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, |
Vanger | 0:b86d15c6ba29 | 8847 | #endif |
Vanger | 0:b86d15c6ba29 | 8848 | |
Vanger | 0:b86d15c6ba29 | 8849 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8850 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, |
Vanger | 0:b86d15c6ba29 | 8851 | #endif |
Vanger | 0:b86d15c6ba29 | 8852 | |
Vanger | 0:b86d15c6ba29 | 8853 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8854 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
Vanger | 0:b86d15c6ba29 | 8855 | #endif |
Vanger | 0:b86d15c6ba29 | 8856 | |
Vanger | 0:b86d15c6ba29 | 8857 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8858 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
Vanger | 0:b86d15c6ba29 | 8859 | #endif |
Vanger | 0:b86d15c6ba29 | 8860 | |
Vanger | 0:b86d15c6ba29 | 8861 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8862 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
Vanger | 0:b86d15c6ba29 | 8863 | #endif |
Vanger | 0:b86d15c6ba29 | 8864 | |
Vanger | 0:b86d15c6ba29 | 8865 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8866 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
Vanger | 0:b86d15c6ba29 | 8867 | #endif |
Vanger | 0:b86d15c6ba29 | 8868 | |
Vanger | 0:b86d15c6ba29 | 8869 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8870 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, |
Vanger | 0:b86d15c6ba29 | 8871 | #endif |
Vanger | 0:b86d15c6ba29 | 8872 | |
Vanger | 0:b86d15c6ba29 | 8873 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8874 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, |
Vanger | 0:b86d15c6ba29 | 8875 | #endif |
Vanger | 0:b86d15c6ba29 | 8876 | |
Vanger | 0:b86d15c6ba29 | 8877 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
Vanger | 0:b86d15c6ba29 | 8878 | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, |
Vanger | 0:b86d15c6ba29 | 8879 | #endif |
Vanger | 0:b86d15c6ba29 | 8880 | |
Vanger | 0:b86d15c6ba29 | 8881 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
Vanger | 0:b86d15c6ba29 | 8882 | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, |
Vanger | 0:b86d15c6ba29 | 8883 | #endif |
Vanger | 0:b86d15c6ba29 | 8884 | |
Vanger | 0:b86d15c6ba29 | 8885 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8886 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8887 | #endif |
Vanger | 0:b86d15c6ba29 | 8888 | |
Vanger | 0:b86d15c6ba29 | 8889 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8890 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8891 | #endif |
Vanger | 0:b86d15c6ba29 | 8892 | |
Vanger | 0:b86d15c6ba29 | 8893 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8894 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8895 | #endif |
Vanger | 0:b86d15c6ba29 | 8896 | |
Vanger | 0:b86d15c6ba29 | 8897 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8898 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8899 | #endif |
Vanger | 0:b86d15c6ba29 | 8900 | |
Vanger | 0:b86d15c6ba29 | 8901 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8902 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8903 | #endif |
Vanger | 0:b86d15c6ba29 | 8904 | |
Vanger | 0:b86d15c6ba29 | 8905 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8906 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8907 | #endif |
Vanger | 0:b86d15c6ba29 | 8908 | |
Vanger | 0:b86d15c6ba29 | 8909 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8910 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8911 | #endif |
Vanger | 0:b86d15c6ba29 | 8912 | |
Vanger | 0:b86d15c6ba29 | 8913 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8914 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8915 | #endif |
Vanger | 0:b86d15c6ba29 | 8916 | |
Vanger | 0:b86d15c6ba29 | 8917 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8918 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8919 | #endif |
Vanger | 0:b86d15c6ba29 | 8920 | |
Vanger | 0:b86d15c6ba29 | 8921 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8922 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8923 | #endif |
Vanger | 0:b86d15c6ba29 | 8924 | |
Vanger | 0:b86d15c6ba29 | 8925 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8926 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8927 | #endif |
Vanger | 0:b86d15c6ba29 | 8928 | |
Vanger | 0:b86d15c6ba29 | 8929 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
Vanger | 0:b86d15c6ba29 | 8930 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, |
Vanger | 0:b86d15c6ba29 | 8931 | #endif |
Vanger | 0:b86d15c6ba29 | 8932 | |
Vanger | 0:b86d15c6ba29 | 8933 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8934 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, |
Vanger | 0:b86d15c6ba29 | 8935 | #endif |
Vanger | 0:b86d15c6ba29 | 8936 | |
Vanger | 0:b86d15c6ba29 | 8937 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8938 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, |
Vanger | 0:b86d15c6ba29 | 8939 | #endif |
Vanger | 0:b86d15c6ba29 | 8940 | |
Vanger | 0:b86d15c6ba29 | 8941 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8942 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, |
Vanger | 0:b86d15c6ba29 | 8943 | #endif |
Vanger | 0:b86d15c6ba29 | 8944 | |
Vanger | 0:b86d15c6ba29 | 8945 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
Vanger | 0:b86d15c6ba29 | 8946 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, |
Vanger | 0:b86d15c6ba29 | 8947 | #endif |
Vanger | 0:b86d15c6ba29 | 8948 | |
Vanger | 0:b86d15c6ba29 | 8949 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
Vanger | 0:b86d15c6ba29 | 8950 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
Vanger | 0:b86d15c6ba29 | 8951 | #endif |
Vanger | 0:b86d15c6ba29 | 8952 | |
Vanger | 0:b86d15c6ba29 | 8953 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
Vanger | 0:b86d15c6ba29 | 8954 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, |
Vanger | 0:b86d15c6ba29 | 8955 | #endif |
Vanger | 0:b86d15c6ba29 | 8956 | |
Vanger | 0:b86d15c6ba29 | 8957 | #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
Vanger | 0:b86d15c6ba29 | 8958 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
Vanger | 0:b86d15c6ba29 | 8959 | #endif |
Vanger | 0:b86d15c6ba29 | 8960 | |
Vanger | 0:b86d15c6ba29 | 8961 | #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA |
Vanger | 0:b86d15c6ba29 | 8962 | TLS_DH_anon_WITH_AES_128_CBC_SHA, |
Vanger | 0:b86d15c6ba29 | 8963 | #endif |
Vanger | 0:b86d15c6ba29 | 8964 | |
Vanger | 0:b86d15c6ba29 | 8965 | #ifdef HAVE_RENEGOTIATION_INDICATION |
Vanger | 0:b86d15c6ba29 | 8966 | TLS_EMPTY_RENEGOTIATION_INFO_SCSV, |
Vanger | 0:b86d15c6ba29 | 8967 | #endif |
Vanger | 0:b86d15c6ba29 | 8968 | }; |
Vanger | 0:b86d15c6ba29 | 8969 | |
Vanger | 0:b86d15c6ba29 | 8970 | |
Vanger | 0:b86d15c6ba29 | 8971 | /* returns the cipher_names array */ |
Vanger | 0:b86d15c6ba29 | 8972 | const char* const* GetCipherNames(void) |
Vanger | 0:b86d15c6ba29 | 8973 | { |
Vanger | 0:b86d15c6ba29 | 8974 | return cipher_names; |
Vanger | 0:b86d15c6ba29 | 8975 | } |
Vanger | 0:b86d15c6ba29 | 8976 | |
Vanger | 0:b86d15c6ba29 | 8977 | |
Vanger | 0:b86d15c6ba29 | 8978 | /* returns the size of the cipher_names array */ |
Vanger | 0:b86d15c6ba29 | 8979 | int GetCipherNamesSize(void) |
Vanger | 0:b86d15c6ba29 | 8980 | { |
Vanger | 0:b86d15c6ba29 | 8981 | return (int)(sizeof(cipher_names) / sizeof(char*)); |
Vanger | 0:b86d15c6ba29 | 8982 | } |
Vanger | 0:b86d15c6ba29 | 8983 | |
Vanger | 0:b86d15c6ba29 | 8984 | |
Vanger | 0:b86d15c6ba29 | 8985 | /** |
Vanger | 0:b86d15c6ba29 | 8986 | Set the enabled cipher suites. |
Vanger | 0:b86d15c6ba29 | 8987 | |
Vanger | 0:b86d15c6ba29 | 8988 | @param [out] suites Suites structure. |
Vanger | 0:b86d15c6ba29 | 8989 | @param [in] list List of cipher suites, only supports full name from |
Vanger | 0:b86d15c6ba29 | 8990 | cipher_name[] delimited by ':'. |
Vanger | 0:b86d15c6ba29 | 8991 | |
Vanger | 0:b86d15c6ba29 | 8992 | @return true on success, else false. |
Vanger | 0:b86d15c6ba29 | 8993 | */ |
Vanger | 0:b86d15c6ba29 | 8994 | int SetCipherList(Suites* suites, const char* list) |
Vanger | 0:b86d15c6ba29 | 8995 | { |
Vanger | 0:b86d15c6ba29 | 8996 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 8997 | int idx = 0; |
Vanger | 0:b86d15c6ba29 | 8998 | int haveRSAsig = 0; |
Vanger | 0:b86d15c6ba29 | 8999 | int haveECDSAsig = 0; |
Vanger | 0:b86d15c6ba29 | 9000 | int haveAnon = 0; |
Vanger | 0:b86d15c6ba29 | 9001 | const int suiteSz = GetCipherNamesSize(); |
Vanger | 0:b86d15c6ba29 | 9002 | char* next = (char*)list; |
Vanger | 0:b86d15c6ba29 | 9003 | |
Vanger | 0:b86d15c6ba29 | 9004 | if (suites == NULL || list == NULL) { |
Vanger | 0:b86d15c6ba29 | 9005 | CYASSL_MSG("SetCipherList parameter error"); |
Vanger | 0:b86d15c6ba29 | 9006 | return 0; |
Vanger | 0:b86d15c6ba29 | 9007 | } |
Vanger | 0:b86d15c6ba29 | 9008 | |
Vanger | 0:b86d15c6ba29 | 9009 | if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0) |
Vanger | 0:b86d15c6ba29 | 9010 | return 1; /* CyaSSL defualt */ |
Vanger | 0:b86d15c6ba29 | 9011 | |
Vanger | 0:b86d15c6ba29 | 9012 | do { |
Vanger | 0:b86d15c6ba29 | 9013 | char* current = next; |
Vanger | 0:b86d15c6ba29 | 9014 | char name[MAX_SUITE_NAME + 1]; |
Vanger | 0:b86d15c6ba29 | 9015 | int i; |
Vanger | 0:b86d15c6ba29 | 9016 | word32 length; |
Vanger | 0:b86d15c6ba29 | 9017 | |
Vanger | 0:b86d15c6ba29 | 9018 | next = XSTRSTR(next, ":"); |
Vanger | 0:b86d15c6ba29 | 9019 | length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */ |
Vanger | 0:b86d15c6ba29 | 9020 | : (word32)(next - current)); |
Vanger | 0:b86d15c6ba29 | 9021 | |
Vanger | 0:b86d15c6ba29 | 9022 | XSTRNCPY(name, current, length); |
Vanger | 0:b86d15c6ba29 | 9023 | name[(length == sizeof(name)) ? length - 1 : length] = 0; |
Vanger | 0:b86d15c6ba29 | 9024 | |
Vanger | 0:b86d15c6ba29 | 9025 | for (i = 0; i < suiteSz; i++) { |
Vanger | 0:b86d15c6ba29 | 9026 | if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) { |
Vanger | 0:b86d15c6ba29 | 9027 | suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE |
Vanger | 0:b86d15c6ba29 | 9028 | : (XSTRSTR(name, "EC")) ? ECC_BYTE |
Vanger | 0:b86d15c6ba29 | 9029 | : (XSTRSTR(name, "CCM")) ? ECC_BYTE |
Vanger | 0:b86d15c6ba29 | 9030 | : 0x00; /* normal */ |
Vanger | 0:b86d15c6ba29 | 9031 | |
Vanger | 0:b86d15c6ba29 | 9032 | suites->suites[idx++] = (byte)cipher_name_idx[i]; |
Vanger | 0:b86d15c6ba29 | 9033 | |
Vanger | 0:b86d15c6ba29 | 9034 | /* The suites are either ECDSA, RSA, PSK, or Anon. The RSA |
Vanger | 0:b86d15c6ba29 | 9035 | * suites don't necessarily have RSA in the name. */ |
Vanger | 0:b86d15c6ba29 | 9036 | if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA")) |
Vanger | 0:b86d15c6ba29 | 9037 | haveECDSAsig = 1; |
Vanger | 0:b86d15c6ba29 | 9038 | else if (XSTRSTR(name, "ADH")) |
Vanger | 0:b86d15c6ba29 | 9039 | haveAnon = 1; |
Vanger | 0:b86d15c6ba29 | 9040 | else if ((haveRSAsig == 0) && (XSTRSTR(name, "PSK") == NULL)) |
Vanger | 0:b86d15c6ba29 | 9041 | haveRSAsig = 1; |
Vanger | 0:b86d15c6ba29 | 9042 | |
Vanger | 0:b86d15c6ba29 | 9043 | ret = 1; /* found at least one */ |
Vanger | 0:b86d15c6ba29 | 9044 | break; |
Vanger | 0:b86d15c6ba29 | 9045 | } |
Vanger | 0:b86d15c6ba29 | 9046 | } |
Vanger | 0:b86d15c6ba29 | 9047 | } |
Vanger | 0:b86d15c6ba29 | 9048 | while (next++); /* ++ needed to skip ':' */ |
Vanger | 0:b86d15c6ba29 | 9049 | |
Vanger | 0:b86d15c6ba29 | 9050 | if (ret) { |
Vanger | 0:b86d15c6ba29 | 9051 | suites->setSuites = 1; |
Vanger | 0:b86d15c6ba29 | 9052 | suites->suiteSz = (word16)idx; |
Vanger | 0:b86d15c6ba29 | 9053 | InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveAnon); |
Vanger | 0:b86d15c6ba29 | 9054 | } |
Vanger | 0:b86d15c6ba29 | 9055 | |
Vanger | 0:b86d15c6ba29 | 9056 | return ret; |
Vanger | 0:b86d15c6ba29 | 9057 | } |
Vanger | 0:b86d15c6ba29 | 9058 | |
Vanger | 0:b86d15c6ba29 | 9059 | |
Vanger | 0:b86d15c6ba29 | 9060 | static void PickHashSigAlgo(CYASSL* ssl, |
Vanger | 0:b86d15c6ba29 | 9061 | const byte* hashSigAlgo, word32 hashSigAlgoSz) |
Vanger | 0:b86d15c6ba29 | 9062 | { |
Vanger | 0:b86d15c6ba29 | 9063 | word32 i; |
Vanger | 0:b86d15c6ba29 | 9064 | |
Vanger | 0:b86d15c6ba29 | 9065 | ssl->suites->sigAlgo = ssl->specs.sig_algo; |
Vanger | 0:b86d15c6ba29 | 9066 | ssl->suites->hashAlgo = sha_mac; |
Vanger | 0:b86d15c6ba29 | 9067 | |
Vanger | 0:b86d15c6ba29 | 9068 | /* i+1 since peek a byte ahead for type */ |
Vanger | 0:b86d15c6ba29 | 9069 | for (i = 0; (i+1) < hashSigAlgoSz; i += 2) { |
Vanger | 0:b86d15c6ba29 | 9070 | if (hashSigAlgo[i+1] == ssl->specs.sig_algo) { |
Vanger | 0:b86d15c6ba29 | 9071 | if (hashSigAlgo[i] == sha_mac) { |
Vanger | 0:b86d15c6ba29 | 9072 | break; |
Vanger | 0:b86d15c6ba29 | 9073 | } |
Vanger | 0:b86d15c6ba29 | 9074 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 9075 | else if (hashSigAlgo[i] == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 9076 | ssl->suites->hashAlgo = sha256_mac; |
Vanger | 0:b86d15c6ba29 | 9077 | break; |
Vanger | 0:b86d15c6ba29 | 9078 | } |
Vanger | 0:b86d15c6ba29 | 9079 | #endif |
Vanger | 0:b86d15c6ba29 | 9080 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 9081 | else if (hashSigAlgo[i] == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 9082 | ssl->suites->hashAlgo = sha384_mac; |
Vanger | 0:b86d15c6ba29 | 9083 | break; |
Vanger | 0:b86d15c6ba29 | 9084 | } |
Vanger | 0:b86d15c6ba29 | 9085 | #endif |
Vanger | 0:b86d15c6ba29 | 9086 | } |
Vanger | 0:b86d15c6ba29 | 9087 | } |
Vanger | 0:b86d15c6ba29 | 9088 | } |
Vanger | 0:b86d15c6ba29 | 9089 | |
Vanger | 0:b86d15c6ba29 | 9090 | |
Vanger | 0:b86d15c6ba29 | 9091 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 9092 | |
Vanger | 0:b86d15c6ba29 | 9093 | /* Initialisze HandShakeInfo */ |
Vanger | 0:b86d15c6ba29 | 9094 | void InitHandShakeInfo(HandShakeInfo* info) |
Vanger | 0:b86d15c6ba29 | 9095 | { |
Vanger | 0:b86d15c6ba29 | 9096 | int i; |
Vanger | 0:b86d15c6ba29 | 9097 | |
Vanger | 0:b86d15c6ba29 | 9098 | info->cipherName[0] = 0; |
Vanger | 0:b86d15c6ba29 | 9099 | for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) |
Vanger | 0:b86d15c6ba29 | 9100 | info->packetNames[i][0] = 0; |
Vanger | 0:b86d15c6ba29 | 9101 | info->numberPackets = 0; |
Vanger | 0:b86d15c6ba29 | 9102 | info->negotiationError = 0; |
Vanger | 0:b86d15c6ba29 | 9103 | } |
Vanger | 0:b86d15c6ba29 | 9104 | |
Vanger | 0:b86d15c6ba29 | 9105 | /* Set Final HandShakeInfo parameters */ |
Vanger | 0:b86d15c6ba29 | 9106 | void FinishHandShakeInfo(HandShakeInfo* info, const CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 9107 | { |
Vanger | 0:b86d15c6ba29 | 9108 | int i; |
Vanger | 0:b86d15c6ba29 | 9109 | int sz = sizeof(cipher_name_idx)/sizeof(int); |
Vanger | 0:b86d15c6ba29 | 9110 | |
Vanger | 0:b86d15c6ba29 | 9111 | for (i = 0; i < sz; i++) |
Vanger | 0:b86d15c6ba29 | 9112 | if (ssl->options.cipherSuite == (byte)cipher_name_idx[i]) { |
Vanger | 0:b86d15c6ba29 | 9113 | if (ssl->options.cipherSuite0 == ECC_BYTE) |
Vanger | 0:b86d15c6ba29 | 9114 | continue; /* ECC suites at end */ |
Vanger | 0:b86d15c6ba29 | 9115 | XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ); |
Vanger | 0:b86d15c6ba29 | 9116 | break; |
Vanger | 0:b86d15c6ba29 | 9117 | } |
Vanger | 0:b86d15c6ba29 | 9118 | |
Vanger | 0:b86d15c6ba29 | 9119 | /* error max and min are negative numbers */ |
Vanger | 0:b86d15c6ba29 | 9120 | if (ssl->error <= MIN_PARAM_ERR && ssl->error >= MAX_PARAM_ERR) |
Vanger | 0:b86d15c6ba29 | 9121 | info->negotiationError = ssl->error; |
Vanger | 0:b86d15c6ba29 | 9122 | } |
Vanger | 0:b86d15c6ba29 | 9123 | |
Vanger | 0:b86d15c6ba29 | 9124 | |
Vanger | 0:b86d15c6ba29 | 9125 | /* Add name to info packet names, increase packet name count */ |
Vanger | 0:b86d15c6ba29 | 9126 | void AddPacketName(const char* name, HandShakeInfo* info) |
Vanger | 0:b86d15c6ba29 | 9127 | { |
Vanger | 0:b86d15c6ba29 | 9128 | if (info->numberPackets < MAX_PACKETS_HANDSHAKE) { |
Vanger | 0:b86d15c6ba29 | 9129 | XSTRNCPY(info->packetNames[info->numberPackets++], name, |
Vanger | 0:b86d15c6ba29 | 9130 | MAX_PACKETNAME_SZ); |
Vanger | 0:b86d15c6ba29 | 9131 | } |
Vanger | 0:b86d15c6ba29 | 9132 | } |
Vanger | 0:b86d15c6ba29 | 9133 | |
Vanger | 0:b86d15c6ba29 | 9134 | |
Vanger | 0:b86d15c6ba29 | 9135 | /* Initialisze TimeoutInfo */ |
Vanger | 0:b86d15c6ba29 | 9136 | void InitTimeoutInfo(TimeoutInfo* info) |
Vanger | 0:b86d15c6ba29 | 9137 | { |
Vanger | 0:b86d15c6ba29 | 9138 | int i; |
Vanger | 0:b86d15c6ba29 | 9139 | |
Vanger | 0:b86d15c6ba29 | 9140 | info->timeoutName[0] = 0; |
Vanger | 0:b86d15c6ba29 | 9141 | info->flags = 0; |
Vanger | 0:b86d15c6ba29 | 9142 | |
Vanger | 0:b86d15c6ba29 | 9143 | for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) { |
Vanger | 0:b86d15c6ba29 | 9144 | info->packets[i].packetName[0] = 0; |
Vanger | 0:b86d15c6ba29 | 9145 | info->packets[i].timestamp.tv_sec = 0; |
Vanger | 0:b86d15c6ba29 | 9146 | info->packets[i].timestamp.tv_usec = 0; |
Vanger | 0:b86d15c6ba29 | 9147 | info->packets[i].bufferValue = 0; |
Vanger | 0:b86d15c6ba29 | 9148 | info->packets[i].valueSz = 0; |
Vanger | 0:b86d15c6ba29 | 9149 | } |
Vanger | 0:b86d15c6ba29 | 9150 | info->numberPackets = 0; |
Vanger | 0:b86d15c6ba29 | 9151 | info->timeoutValue.tv_sec = 0; |
Vanger | 0:b86d15c6ba29 | 9152 | info->timeoutValue.tv_usec = 0; |
Vanger | 0:b86d15c6ba29 | 9153 | } |
Vanger | 0:b86d15c6ba29 | 9154 | |
Vanger | 0:b86d15c6ba29 | 9155 | |
Vanger | 0:b86d15c6ba29 | 9156 | /* Free TimeoutInfo */ |
Vanger | 0:b86d15c6ba29 | 9157 | void FreeTimeoutInfo(TimeoutInfo* info, void* heap) |
Vanger | 0:b86d15c6ba29 | 9158 | { |
Vanger | 0:b86d15c6ba29 | 9159 | int i; |
Vanger | 0:b86d15c6ba29 | 9160 | (void)heap; |
Vanger | 0:b86d15c6ba29 | 9161 | for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) |
Vanger | 0:b86d15c6ba29 | 9162 | if (info->packets[i].bufferValue) { |
Vanger | 0:b86d15c6ba29 | 9163 | XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO); |
Vanger | 0:b86d15c6ba29 | 9164 | info->packets[i].bufferValue = 0; |
Vanger | 0:b86d15c6ba29 | 9165 | } |
Vanger | 0:b86d15c6ba29 | 9166 | |
Vanger | 0:b86d15c6ba29 | 9167 | } |
Vanger | 0:b86d15c6ba29 | 9168 | |
Vanger | 0:b86d15c6ba29 | 9169 | |
Vanger | 0:b86d15c6ba29 | 9170 | /* Add PacketInfo to TimeoutInfo */ |
Vanger | 0:b86d15c6ba29 | 9171 | void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data, |
Vanger | 0:b86d15c6ba29 | 9172 | int sz, void* heap) |
Vanger | 0:b86d15c6ba29 | 9173 | { |
Vanger | 0:b86d15c6ba29 | 9174 | if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) { |
Vanger | 0:b86d15c6ba29 | 9175 | Timeval currTime; |
Vanger | 0:b86d15c6ba29 | 9176 | |
Vanger | 0:b86d15c6ba29 | 9177 | /* may add name after */ |
Vanger | 0:b86d15c6ba29 | 9178 | if (name) |
Vanger | 0:b86d15c6ba29 | 9179 | XSTRNCPY(info->packets[info->numberPackets].packetName, name, |
Vanger | 0:b86d15c6ba29 | 9180 | MAX_PACKETNAME_SZ); |
Vanger | 0:b86d15c6ba29 | 9181 | |
Vanger | 0:b86d15c6ba29 | 9182 | /* add data, put in buffer if bigger than static buffer */ |
Vanger | 0:b86d15c6ba29 | 9183 | info->packets[info->numberPackets].valueSz = sz; |
Vanger | 0:b86d15c6ba29 | 9184 | if (sz < MAX_VALUE_SZ) |
Vanger | 0:b86d15c6ba29 | 9185 | XMEMCPY(info->packets[info->numberPackets].value, data, sz); |
Vanger | 0:b86d15c6ba29 | 9186 | else { |
Vanger | 0:b86d15c6ba29 | 9187 | info->packets[info->numberPackets].bufferValue = |
Vanger | 0:b86d15c6ba29 | 9188 | XMALLOC(sz, heap, DYNAMIC_TYPE_INFO); |
Vanger | 0:b86d15c6ba29 | 9189 | if (!info->packets[info->numberPackets].bufferValue) |
Vanger | 0:b86d15c6ba29 | 9190 | /* let next alloc catch, just don't fill, not fatal here */ |
Vanger | 0:b86d15c6ba29 | 9191 | info->packets[info->numberPackets].valueSz = 0; |
Vanger | 0:b86d15c6ba29 | 9192 | else |
Vanger | 0:b86d15c6ba29 | 9193 | XMEMCPY(info->packets[info->numberPackets].bufferValue, |
Vanger | 0:b86d15c6ba29 | 9194 | data, sz); |
Vanger | 0:b86d15c6ba29 | 9195 | } |
Vanger | 0:b86d15c6ba29 | 9196 | gettimeofday(&currTime, 0); |
Vanger | 0:b86d15c6ba29 | 9197 | info->packets[info->numberPackets].timestamp.tv_sec = |
Vanger | 0:b86d15c6ba29 | 9198 | currTime.tv_sec; |
Vanger | 0:b86d15c6ba29 | 9199 | info->packets[info->numberPackets].timestamp.tv_usec = |
Vanger | 0:b86d15c6ba29 | 9200 | currTime.tv_usec; |
Vanger | 0:b86d15c6ba29 | 9201 | info->numberPackets++; |
Vanger | 0:b86d15c6ba29 | 9202 | } |
Vanger | 0:b86d15c6ba29 | 9203 | } |
Vanger | 0:b86d15c6ba29 | 9204 | |
Vanger | 0:b86d15c6ba29 | 9205 | |
Vanger | 0:b86d15c6ba29 | 9206 | /* Add packet name to previsouly added packet info */ |
Vanger | 0:b86d15c6ba29 | 9207 | void AddLateName(const char* name, TimeoutInfo* info) |
Vanger | 0:b86d15c6ba29 | 9208 | { |
Vanger | 0:b86d15c6ba29 | 9209 | /* make sure we have a valid previous one */ |
Vanger | 0:b86d15c6ba29 | 9210 | if (info->numberPackets > 0 && info->numberPackets < |
Vanger | 0:b86d15c6ba29 | 9211 | MAX_PACKETS_HANDSHAKE) { |
Vanger | 0:b86d15c6ba29 | 9212 | XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name, |
Vanger | 0:b86d15c6ba29 | 9213 | MAX_PACKETNAME_SZ); |
Vanger | 0:b86d15c6ba29 | 9214 | } |
Vanger | 0:b86d15c6ba29 | 9215 | } |
Vanger | 0:b86d15c6ba29 | 9216 | |
Vanger | 0:b86d15c6ba29 | 9217 | /* Add record header to previsouly added packet info */ |
Vanger | 0:b86d15c6ba29 | 9218 | void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info) |
Vanger | 0:b86d15c6ba29 | 9219 | { |
Vanger | 0:b86d15c6ba29 | 9220 | /* make sure we have a valid previous one */ |
Vanger | 0:b86d15c6ba29 | 9221 | if (info->numberPackets > 0 && info->numberPackets < |
Vanger | 0:b86d15c6ba29 | 9222 | MAX_PACKETS_HANDSHAKE) { |
Vanger | 0:b86d15c6ba29 | 9223 | if (info->packets[info->numberPackets - 1].bufferValue) |
Vanger | 0:b86d15c6ba29 | 9224 | XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl, |
Vanger | 0:b86d15c6ba29 | 9225 | RECORD_HEADER_SZ); |
Vanger | 0:b86d15c6ba29 | 9226 | else |
Vanger | 0:b86d15c6ba29 | 9227 | XMEMCPY(info->packets[info->numberPackets - 1].value, rl, |
Vanger | 0:b86d15c6ba29 | 9228 | RECORD_HEADER_SZ); |
Vanger | 0:b86d15c6ba29 | 9229 | } |
Vanger | 0:b86d15c6ba29 | 9230 | } |
Vanger | 0:b86d15c6ba29 | 9231 | |
Vanger | 0:b86d15c6ba29 | 9232 | #endif /* CYASSL_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 9233 | |
Vanger | 0:b86d15c6ba29 | 9234 | |
Vanger | 0:b86d15c6ba29 | 9235 | |
Vanger | 0:b86d15c6ba29 | 9236 | /* client only parts */ |
Vanger | 0:b86d15c6ba29 | 9237 | #ifndef NO_CYASSL_CLIENT |
Vanger | 0:b86d15c6ba29 | 9238 | |
Vanger | 0:b86d15c6ba29 | 9239 | int SendClientHello(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 9240 | { |
Vanger | 0:b86d15c6ba29 | 9241 | byte *output; |
Vanger | 0:b86d15c6ba29 | 9242 | word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 9243 | int sendSz; |
Vanger | 0:b86d15c6ba29 | 9244 | int idSz = ssl->options.resuming |
Vanger | 0:b86d15c6ba29 | 9245 | ? ssl->session.sessionIDSz |
Vanger | 0:b86d15c6ba29 | 9246 | : 0; |
Vanger | 0:b86d15c6ba29 | 9247 | int ret; |
Vanger | 0:b86d15c6ba29 | 9248 | |
Vanger | 0:b86d15c6ba29 | 9249 | if (ssl->suites == NULL) { |
Vanger | 0:b86d15c6ba29 | 9250 | CYASSL_MSG("Bad suites pointer in SendClientHello"); |
Vanger | 0:b86d15c6ba29 | 9251 | return SUITES_ERROR; |
Vanger | 0:b86d15c6ba29 | 9252 | } |
Vanger | 0:b86d15c6ba29 | 9253 | |
Vanger | 0:b86d15c6ba29 | 9254 | #ifdef HAVE_SESSION_TICKET |
Vanger | 0:b86d15c6ba29 | 9255 | if (ssl->options.resuming && ssl->session.ticketLen > 0) { |
Vanger | 0:b86d15c6ba29 | 9256 | SessionTicket* ticket; |
Vanger | 0:b86d15c6ba29 | 9257 | |
Vanger | 0:b86d15c6ba29 | 9258 | ticket = TLSX_SessionTicket_Create(0, |
Vanger | 0:b86d15c6ba29 | 9259 | ssl->session.ticket, ssl->session.ticketLen); |
Vanger | 0:b86d15c6ba29 | 9260 | if (ticket == NULL) return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 9261 | |
Vanger | 0:b86d15c6ba29 | 9262 | ret = TLSX_UseSessionTicket(&ssl->extensions, ticket); |
Vanger | 0:b86d15c6ba29 | 9263 | if (ret != SSL_SUCCESS) return ret; |
Vanger | 0:b86d15c6ba29 | 9264 | |
Vanger | 0:b86d15c6ba29 | 9265 | idSz = 0; |
Vanger | 0:b86d15c6ba29 | 9266 | } |
Vanger | 0:b86d15c6ba29 | 9267 | #endif |
Vanger | 0:b86d15c6ba29 | 9268 | |
Vanger | 0:b86d15c6ba29 | 9269 | length = VERSION_SZ + RAN_LEN |
Vanger | 0:b86d15c6ba29 | 9270 | + idSz + ENUM_LEN |
Vanger | 0:b86d15c6ba29 | 9271 | + ssl->suites->suiteSz + SUITE_LEN |
Vanger | 0:b86d15c6ba29 | 9272 | + COMP_LEN + ENUM_LEN; |
Vanger | 0:b86d15c6ba29 | 9273 | |
Vanger | 0:b86d15c6ba29 | 9274 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 9275 | length += TLSX_GetRequestSize(ssl); |
Vanger | 0:b86d15c6ba29 | 9276 | #else |
Vanger | 0:b86d15c6ba29 | 9277 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { |
Vanger | 0:b86d15c6ba29 | 9278 | length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ; |
Vanger | 0:b86d15c6ba29 | 9279 | } |
Vanger | 0:b86d15c6ba29 | 9280 | #endif |
Vanger | 0:b86d15c6ba29 | 9281 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 9282 | |
Vanger | 0:b86d15c6ba29 | 9283 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 9284 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 9285 | length += ENUM_LEN; /* cookie */ |
Vanger | 0:b86d15c6ba29 | 9286 | if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz; |
Vanger | 0:b86d15c6ba29 | 9287 | sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 9288 | idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 9289 | } |
Vanger | 0:b86d15c6ba29 | 9290 | #endif |
Vanger | 0:b86d15c6ba29 | 9291 | |
Vanger | 0:b86d15c6ba29 | 9292 | if (ssl->keys.encryptionOn) |
Vanger | 0:b86d15c6ba29 | 9293 | sendSz += MAX_MSG_EXTRA; |
Vanger | 0:b86d15c6ba29 | 9294 | |
Vanger | 0:b86d15c6ba29 | 9295 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 9296 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 9297 | return ret; |
Vanger | 0:b86d15c6ba29 | 9298 | |
Vanger | 0:b86d15c6ba29 | 9299 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 9300 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 9301 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 9302 | |
Vanger | 0:b86d15c6ba29 | 9303 | AddHeaders(output, length, client_hello, ssl); |
Vanger | 0:b86d15c6ba29 | 9304 | |
Vanger | 0:b86d15c6ba29 | 9305 | /* client hello, first version */ |
Vanger | 0:b86d15c6ba29 | 9306 | output[idx++] = ssl->version.major; |
Vanger | 0:b86d15c6ba29 | 9307 | output[idx++] = ssl->version.minor; |
Vanger | 0:b86d15c6ba29 | 9308 | ssl->chVersion = ssl->version; /* store in case changed */ |
Vanger | 0:b86d15c6ba29 | 9309 | |
Vanger | 0:b86d15c6ba29 | 9310 | /* then random */ |
Vanger | 0:b86d15c6ba29 | 9311 | if (ssl->options.connectState == CONNECT_BEGIN) { |
Vanger | 0:b86d15c6ba29 | 9312 | ret = RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 9313 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 9314 | return ret; |
Vanger | 0:b86d15c6ba29 | 9315 | |
Vanger | 0:b86d15c6ba29 | 9316 | /* store random */ |
Vanger | 0:b86d15c6ba29 | 9317 | XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 9318 | } else { |
Vanger | 0:b86d15c6ba29 | 9319 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 9320 | /* send same random on hello again */ |
Vanger | 0:b86d15c6ba29 | 9321 | XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 9322 | #endif |
Vanger | 0:b86d15c6ba29 | 9323 | } |
Vanger | 0:b86d15c6ba29 | 9324 | idx += RAN_LEN; |
Vanger | 0:b86d15c6ba29 | 9325 | |
Vanger | 0:b86d15c6ba29 | 9326 | /* then session id */ |
Vanger | 0:b86d15c6ba29 | 9327 | output[idx++] = (byte)idSz; |
Vanger | 0:b86d15c6ba29 | 9328 | if (idSz) { |
Vanger | 0:b86d15c6ba29 | 9329 | XMEMCPY(output + idx, ssl->session.sessionID, |
Vanger | 0:b86d15c6ba29 | 9330 | ssl->session.sessionIDSz); |
Vanger | 0:b86d15c6ba29 | 9331 | idx += ssl->session.sessionIDSz; |
Vanger | 0:b86d15c6ba29 | 9332 | } |
Vanger | 0:b86d15c6ba29 | 9333 | |
Vanger | 0:b86d15c6ba29 | 9334 | /* then DTLS cookie */ |
Vanger | 0:b86d15c6ba29 | 9335 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 9336 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 9337 | byte cookieSz = ssl->arrays->cookieSz; |
Vanger | 0:b86d15c6ba29 | 9338 | |
Vanger | 0:b86d15c6ba29 | 9339 | output[idx++] = cookieSz; |
Vanger | 0:b86d15c6ba29 | 9340 | if (cookieSz) { |
Vanger | 0:b86d15c6ba29 | 9341 | XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz); |
Vanger | 0:b86d15c6ba29 | 9342 | idx += cookieSz; |
Vanger | 0:b86d15c6ba29 | 9343 | } |
Vanger | 0:b86d15c6ba29 | 9344 | } |
Vanger | 0:b86d15c6ba29 | 9345 | #endif |
Vanger | 0:b86d15c6ba29 | 9346 | /* then cipher suites */ |
Vanger | 0:b86d15c6ba29 | 9347 | c16toa(ssl->suites->suiteSz, output + idx); |
Vanger | 0:b86d15c6ba29 | 9348 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 9349 | XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz); |
Vanger | 0:b86d15c6ba29 | 9350 | idx += ssl->suites->suiteSz; |
Vanger | 0:b86d15c6ba29 | 9351 | |
Vanger | 0:b86d15c6ba29 | 9352 | /* last, compression */ |
Vanger | 0:b86d15c6ba29 | 9353 | output[idx++] = COMP_LEN; |
Vanger | 0:b86d15c6ba29 | 9354 | if (ssl->options.usingCompression) |
Vanger | 0:b86d15c6ba29 | 9355 | output[idx++] = ZLIB_COMPRESSION; |
Vanger | 0:b86d15c6ba29 | 9356 | else |
Vanger | 0:b86d15c6ba29 | 9357 | output[idx++] = NO_COMPRESSION; |
Vanger | 0:b86d15c6ba29 | 9358 | |
Vanger | 0:b86d15c6ba29 | 9359 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 9360 | idx += TLSX_WriteRequest(ssl, output + idx); |
Vanger | 0:b86d15c6ba29 | 9361 | |
Vanger | 0:b86d15c6ba29 | 9362 | (void)idx; /* suppress analyzer warning, keep idx current */ |
Vanger | 0:b86d15c6ba29 | 9363 | #else |
Vanger | 0:b86d15c6ba29 | 9364 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) |
Vanger | 0:b86d15c6ba29 | 9365 | { |
Vanger | 0:b86d15c6ba29 | 9366 | int i; |
Vanger | 0:b86d15c6ba29 | 9367 | /* add in the extensions length */ |
Vanger | 0:b86d15c6ba29 | 9368 | c16toa(HELLO_EXT_LEN + ssl->suites->hashSigAlgoSz, output + idx); |
Vanger | 0:b86d15c6ba29 | 9369 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 9370 | |
Vanger | 0:b86d15c6ba29 | 9371 | c16toa(HELLO_EXT_SIG_ALGO, output + idx); |
Vanger | 0:b86d15c6ba29 | 9372 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 9373 | c16toa(HELLO_EXT_SIGALGO_SZ+ssl->suites->hashSigAlgoSz, output+idx); |
Vanger | 0:b86d15c6ba29 | 9374 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 9375 | c16toa(ssl->suites->hashSigAlgoSz, output + idx); |
Vanger | 0:b86d15c6ba29 | 9376 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 9377 | for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) { |
Vanger | 0:b86d15c6ba29 | 9378 | output[idx] = ssl->suites->hashSigAlgo[i]; |
Vanger | 0:b86d15c6ba29 | 9379 | } |
Vanger | 0:b86d15c6ba29 | 9380 | } |
Vanger | 0:b86d15c6ba29 | 9381 | #endif |
Vanger | 0:b86d15c6ba29 | 9382 | |
Vanger | 0:b86d15c6ba29 | 9383 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 9384 | byte* input; |
Vanger | 0:b86d15c6ba29 | 9385 | int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */ |
Vanger | 0:b86d15c6ba29 | 9386 | |
Vanger | 0:b86d15c6ba29 | 9387 | input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 9388 | if (input == NULL) |
Vanger | 0:b86d15c6ba29 | 9389 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 9390 | |
Vanger | 0:b86d15c6ba29 | 9391 | XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); |
Vanger | 0:b86d15c6ba29 | 9392 | sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake); |
Vanger | 0:b86d15c6ba29 | 9393 | XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 9394 | |
Vanger | 0:b86d15c6ba29 | 9395 | if (sendSz < 0) |
Vanger | 0:b86d15c6ba29 | 9396 | return sendSz; |
Vanger | 0:b86d15c6ba29 | 9397 | } else { |
Vanger | 0:b86d15c6ba29 | 9398 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 9399 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 9400 | return ret; |
Vanger | 0:b86d15c6ba29 | 9401 | } |
Vanger | 0:b86d15c6ba29 | 9402 | |
Vanger | 0:b86d15c6ba29 | 9403 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 9404 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 9405 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 9406 | return ret; |
Vanger | 0:b86d15c6ba29 | 9407 | } |
Vanger | 0:b86d15c6ba29 | 9408 | #endif |
Vanger | 0:b86d15c6ba29 | 9409 | |
Vanger | 0:b86d15c6ba29 | 9410 | ssl->options.clientState = CLIENT_HELLO_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 9411 | |
Vanger | 0:b86d15c6ba29 | 9412 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 9413 | if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 9414 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 9415 | AddPacketInfo("ClientHello", &ssl->timeoutInfo, output, sendSz, |
Vanger | 0:b86d15c6ba29 | 9416 | ssl->heap); |
Vanger | 0:b86d15c6ba29 | 9417 | #endif |
Vanger | 0:b86d15c6ba29 | 9418 | |
Vanger | 0:b86d15c6ba29 | 9419 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 9420 | |
Vanger | 0:b86d15c6ba29 | 9421 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 9422 | } |
Vanger | 0:b86d15c6ba29 | 9423 | |
Vanger | 0:b86d15c6ba29 | 9424 | |
Vanger | 0:b86d15c6ba29 | 9425 | static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, |
Vanger | 0:b86d15c6ba29 | 9426 | word32* inOutIdx, word32 size) |
Vanger | 0:b86d15c6ba29 | 9427 | { |
Vanger | 0:b86d15c6ba29 | 9428 | ProtocolVersion pv; |
Vanger | 0:b86d15c6ba29 | 9429 | byte cookieSz; |
Vanger | 0:b86d15c6ba29 | 9430 | word32 begin = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 9431 | |
Vanger | 0:b86d15c6ba29 | 9432 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 9433 | if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest", |
Vanger | 0:b86d15c6ba29 | 9434 | &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 9435 | if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 9436 | #endif |
Vanger | 0:b86d15c6ba29 | 9437 | |
Vanger | 0:b86d15c6ba29 | 9438 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 9439 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 9440 | DtlsPoolReset(ssl); |
Vanger | 0:b86d15c6ba29 | 9441 | } |
Vanger | 0:b86d15c6ba29 | 9442 | #endif |
Vanger | 0:b86d15c6ba29 | 9443 | |
Vanger | 0:b86d15c6ba29 | 9444 | if ((*inOutIdx - begin) + OPAQUE16_LEN + OPAQUE8_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9445 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9446 | |
Vanger | 0:b86d15c6ba29 | 9447 | XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN); |
Vanger | 0:b86d15c6ba29 | 9448 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9449 | |
Vanger | 0:b86d15c6ba29 | 9450 | cookieSz = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 9451 | |
Vanger | 0:b86d15c6ba29 | 9452 | if (cookieSz) { |
Vanger | 0:b86d15c6ba29 | 9453 | if ((*inOutIdx - begin) + cookieSz > size) |
Vanger | 0:b86d15c6ba29 | 9454 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9455 | |
Vanger | 0:b86d15c6ba29 | 9456 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 9457 | if (cookieSz <= MAX_COOKIE_LEN) { |
Vanger | 0:b86d15c6ba29 | 9458 | XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz); |
Vanger | 0:b86d15c6ba29 | 9459 | ssl->arrays->cookieSz = cookieSz; |
Vanger | 0:b86d15c6ba29 | 9460 | } |
Vanger | 0:b86d15c6ba29 | 9461 | #endif |
Vanger | 0:b86d15c6ba29 | 9462 | *inOutIdx += cookieSz; |
Vanger | 0:b86d15c6ba29 | 9463 | } |
Vanger | 0:b86d15c6ba29 | 9464 | |
Vanger | 0:b86d15c6ba29 | 9465 | ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 9466 | return 0; |
Vanger | 0:b86d15c6ba29 | 9467 | } |
Vanger | 0:b86d15c6ba29 | 9468 | |
Vanger | 0:b86d15c6ba29 | 9469 | |
Vanger | 0:b86d15c6ba29 | 9470 | static INLINE int DSH_CheckSessionId(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 9471 | { |
Vanger | 0:b86d15c6ba29 | 9472 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 9473 | |
Vanger | 0:b86d15c6ba29 | 9474 | #ifdef HAVE_SECRET_CALLBACK |
Vanger | 0:b86d15c6ba29 | 9475 | /* If a session secret callback exists, we are using that |
Vanger | 0:b86d15c6ba29 | 9476 | * key instead of the saved session key. */ |
Vanger | 0:b86d15c6ba29 | 9477 | ret = ret || (ssl->sessionSecretCb != NULL); |
Vanger | 0:b86d15c6ba29 | 9478 | #endif |
Vanger | 0:b86d15c6ba29 | 9479 | |
Vanger | 0:b86d15c6ba29 | 9480 | #ifdef HAVE_SESSION_TICKET |
Vanger | 0:b86d15c6ba29 | 9481 | ret = ret || |
Vanger | 0:b86d15c6ba29 | 9482 | (!ssl->expect_session_ticket && ssl->session.ticketLen > 0); |
Vanger | 0:b86d15c6ba29 | 9483 | #endif |
Vanger | 0:b86d15c6ba29 | 9484 | |
Vanger | 0:b86d15c6ba29 | 9485 | ret = ret || |
Vanger | 0:b86d15c6ba29 | 9486 | (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID, |
Vanger | 0:b86d15c6ba29 | 9487 | ssl->session.sessionID, ID_LEN) == 0); |
Vanger | 0:b86d15c6ba29 | 9488 | |
Vanger | 0:b86d15c6ba29 | 9489 | return ret; |
Vanger | 0:b86d15c6ba29 | 9490 | } |
Vanger | 0:b86d15c6ba29 | 9491 | |
Vanger | 0:b86d15c6ba29 | 9492 | static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 9493 | word32 helloSz) |
Vanger | 0:b86d15c6ba29 | 9494 | { |
Vanger | 0:b86d15c6ba29 | 9495 | byte cs0; /* cipher suite bytes 0, 1 */ |
Vanger | 0:b86d15c6ba29 | 9496 | byte cs1; |
Vanger | 0:b86d15c6ba29 | 9497 | ProtocolVersion pv; |
Vanger | 0:b86d15c6ba29 | 9498 | byte compression; |
Vanger | 0:b86d15c6ba29 | 9499 | word32 i = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 9500 | word32 begin = i; |
Vanger | 0:b86d15c6ba29 | 9501 | |
Vanger | 0:b86d15c6ba29 | 9502 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 9503 | if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 9504 | if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 9505 | #endif |
Vanger | 0:b86d15c6ba29 | 9506 | |
Vanger | 0:b86d15c6ba29 | 9507 | /* protocol version, random and session id length check */ |
Vanger | 0:b86d15c6ba29 | 9508 | if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz) |
Vanger | 0:b86d15c6ba29 | 9509 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9510 | |
Vanger | 0:b86d15c6ba29 | 9511 | /* protocol version */ |
Vanger | 0:b86d15c6ba29 | 9512 | XMEMCPY(&pv, input + i, OPAQUE16_LEN); |
Vanger | 0:b86d15c6ba29 | 9513 | i += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9514 | |
Vanger | 0:b86d15c6ba29 | 9515 | if (pv.minor > ssl->version.minor) { |
Vanger | 0:b86d15c6ba29 | 9516 | CYASSL_MSG("Server using higher version, fatal error"); |
Vanger | 0:b86d15c6ba29 | 9517 | return VERSION_ERROR; |
Vanger | 0:b86d15c6ba29 | 9518 | } |
Vanger | 0:b86d15c6ba29 | 9519 | else if (pv.minor < ssl->version.minor) { |
Vanger | 0:b86d15c6ba29 | 9520 | CYASSL_MSG("server using lower version"); |
Vanger | 0:b86d15c6ba29 | 9521 | |
Vanger | 0:b86d15c6ba29 | 9522 | if (!ssl->options.downgrade) { |
Vanger | 0:b86d15c6ba29 | 9523 | CYASSL_MSG(" no downgrade allowed, fatal error"); |
Vanger | 0:b86d15c6ba29 | 9524 | return VERSION_ERROR; |
Vanger | 0:b86d15c6ba29 | 9525 | } |
Vanger | 0:b86d15c6ba29 | 9526 | if (pv.minor < ssl->options.minDowngrade) { |
Vanger | 0:b86d15c6ba29 | 9527 | CYASSL_MSG(" version below minimum allowed, fatal error"); |
Vanger | 0:b86d15c6ba29 | 9528 | return VERSION_ERROR; |
Vanger | 0:b86d15c6ba29 | 9529 | } |
Vanger | 0:b86d15c6ba29 | 9530 | |
Vanger | 0:b86d15c6ba29 | 9531 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 9532 | if (ssl->secure_renegotiation && |
Vanger | 0:b86d15c6ba29 | 9533 | ssl->secure_renegotiation->enabled && |
Vanger | 0:b86d15c6ba29 | 9534 | ssl->options.handShakeDone) { |
Vanger | 0:b86d15c6ba29 | 9535 | CYASSL_MSG("Server changed version during scr"); |
Vanger | 0:b86d15c6ba29 | 9536 | return VERSION_ERROR; |
Vanger | 0:b86d15c6ba29 | 9537 | } |
Vanger | 0:b86d15c6ba29 | 9538 | #endif |
Vanger | 0:b86d15c6ba29 | 9539 | |
Vanger | 0:b86d15c6ba29 | 9540 | if (pv.minor == SSLv3_MINOR) { |
Vanger | 0:b86d15c6ba29 | 9541 | /* turn off tls */ |
Vanger | 0:b86d15c6ba29 | 9542 | CYASSL_MSG(" downgrading to SSLv3"); |
Vanger | 0:b86d15c6ba29 | 9543 | ssl->options.tls = 0; |
Vanger | 0:b86d15c6ba29 | 9544 | ssl->options.tls1_1 = 0; |
Vanger | 0:b86d15c6ba29 | 9545 | ssl->version.minor = SSLv3_MINOR; |
Vanger | 0:b86d15c6ba29 | 9546 | } |
Vanger | 0:b86d15c6ba29 | 9547 | else if (pv.minor == TLSv1_MINOR) { |
Vanger | 0:b86d15c6ba29 | 9548 | /* turn off tls 1.1+ */ |
Vanger | 0:b86d15c6ba29 | 9549 | CYASSL_MSG(" downgrading to TLSv1"); |
Vanger | 0:b86d15c6ba29 | 9550 | ssl->options.tls1_1 = 0; |
Vanger | 0:b86d15c6ba29 | 9551 | ssl->version.minor = TLSv1_MINOR; |
Vanger | 0:b86d15c6ba29 | 9552 | } |
Vanger | 0:b86d15c6ba29 | 9553 | else if (pv.minor == TLSv1_1_MINOR) { |
Vanger | 0:b86d15c6ba29 | 9554 | CYASSL_MSG(" downgrading to TLSv1.1"); |
Vanger | 0:b86d15c6ba29 | 9555 | ssl->version.minor = TLSv1_1_MINOR; |
Vanger | 0:b86d15c6ba29 | 9556 | } |
Vanger | 0:b86d15c6ba29 | 9557 | } |
Vanger | 0:b86d15c6ba29 | 9558 | |
Vanger | 0:b86d15c6ba29 | 9559 | /* random */ |
Vanger | 0:b86d15c6ba29 | 9560 | XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 9561 | i += RAN_LEN; |
Vanger | 0:b86d15c6ba29 | 9562 | |
Vanger | 0:b86d15c6ba29 | 9563 | /* session id */ |
Vanger | 0:b86d15c6ba29 | 9564 | ssl->arrays->sessionIDSz = input[i++]; |
Vanger | 0:b86d15c6ba29 | 9565 | |
Vanger | 0:b86d15c6ba29 | 9566 | if (ssl->arrays->sessionIDSz > ID_LEN) { |
Vanger | 0:b86d15c6ba29 | 9567 | CYASSL_MSG("Invalid session ID size"); |
Vanger | 0:b86d15c6ba29 | 9568 | ssl->arrays->sessionIDSz = 0; |
Vanger | 0:b86d15c6ba29 | 9569 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9570 | } |
Vanger | 0:b86d15c6ba29 | 9571 | else if (ssl->arrays->sessionIDSz) { |
Vanger | 0:b86d15c6ba29 | 9572 | if ((i - begin) + ssl->arrays->sessionIDSz > helloSz) |
Vanger | 0:b86d15c6ba29 | 9573 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9574 | |
Vanger | 0:b86d15c6ba29 | 9575 | XMEMCPY(ssl->arrays->sessionID, input + i, |
Vanger | 0:b86d15c6ba29 | 9576 | ssl->arrays->sessionIDSz); |
Vanger | 0:b86d15c6ba29 | 9577 | i += ssl->arrays->sessionIDSz; |
Vanger | 0:b86d15c6ba29 | 9578 | ssl->options.haveSessionId = 1; |
Vanger | 0:b86d15c6ba29 | 9579 | } |
Vanger | 0:b86d15c6ba29 | 9580 | |
Vanger | 0:b86d15c6ba29 | 9581 | |
Vanger | 0:b86d15c6ba29 | 9582 | /* suite and compression */ |
Vanger | 0:b86d15c6ba29 | 9583 | if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz) |
Vanger | 0:b86d15c6ba29 | 9584 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9585 | |
Vanger | 0:b86d15c6ba29 | 9586 | cs0 = input[i++]; |
Vanger | 0:b86d15c6ba29 | 9587 | cs1 = input[i++]; |
Vanger | 0:b86d15c6ba29 | 9588 | |
Vanger | 0:b86d15c6ba29 | 9589 | #ifdef HAVE_SECURE_RENEGOTIATION |
Vanger | 0:b86d15c6ba29 | 9590 | if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled && |
Vanger | 0:b86d15c6ba29 | 9591 | ssl->options.handShakeDone) { |
Vanger | 0:b86d15c6ba29 | 9592 | if (ssl->options.cipherSuite0 != cs0 || |
Vanger | 0:b86d15c6ba29 | 9593 | ssl->options.cipherSuite != cs1) { |
Vanger | 0:b86d15c6ba29 | 9594 | CYASSL_MSG("Server changed cipher suite during scr"); |
Vanger | 0:b86d15c6ba29 | 9595 | return MATCH_SUITE_ERROR; |
Vanger | 0:b86d15c6ba29 | 9596 | } |
Vanger | 0:b86d15c6ba29 | 9597 | } |
Vanger | 0:b86d15c6ba29 | 9598 | #endif |
Vanger | 0:b86d15c6ba29 | 9599 | |
Vanger | 0:b86d15c6ba29 | 9600 | ssl->options.cipherSuite0 = cs0; |
Vanger | 0:b86d15c6ba29 | 9601 | ssl->options.cipherSuite = cs1; |
Vanger | 0:b86d15c6ba29 | 9602 | compression = input[i++]; |
Vanger | 0:b86d15c6ba29 | 9603 | |
Vanger | 0:b86d15c6ba29 | 9604 | if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) { |
Vanger | 0:b86d15c6ba29 | 9605 | CYASSL_MSG("Server refused compression, turning off"); |
Vanger | 0:b86d15c6ba29 | 9606 | ssl->options.usingCompression = 0; /* turn off if server refused */ |
Vanger | 0:b86d15c6ba29 | 9607 | } |
Vanger | 0:b86d15c6ba29 | 9608 | |
Vanger | 0:b86d15c6ba29 | 9609 | *inOutIdx = i; |
Vanger | 0:b86d15c6ba29 | 9610 | |
Vanger | 0:b86d15c6ba29 | 9611 | /* tls extensions */ |
Vanger | 0:b86d15c6ba29 | 9612 | if ( (i - begin) < helloSz) { |
Vanger | 0:b86d15c6ba29 | 9613 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 9614 | if (TLSX_SupportExtensions(ssl)) { |
Vanger | 0:b86d15c6ba29 | 9615 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 9616 | word16 totalExtSz; |
Vanger | 0:b86d15c6ba29 | 9617 | |
Vanger | 0:b86d15c6ba29 | 9618 | if ((i - begin) + OPAQUE16_LEN > helloSz) |
Vanger | 0:b86d15c6ba29 | 9619 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9620 | |
Vanger | 0:b86d15c6ba29 | 9621 | ato16(&input[i], &totalExtSz); |
Vanger | 0:b86d15c6ba29 | 9622 | i += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9623 | |
Vanger | 0:b86d15c6ba29 | 9624 | if ((i - begin) + totalExtSz > helloSz) |
Vanger | 0:b86d15c6ba29 | 9625 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9626 | |
Vanger | 0:b86d15c6ba29 | 9627 | if ((ret = TLSX_Parse(ssl, (byte *) input + i, |
Vanger | 0:b86d15c6ba29 | 9628 | totalExtSz, 0, NULL))) |
Vanger | 0:b86d15c6ba29 | 9629 | return ret; |
Vanger | 0:b86d15c6ba29 | 9630 | |
Vanger | 0:b86d15c6ba29 | 9631 | i += totalExtSz; |
Vanger | 0:b86d15c6ba29 | 9632 | *inOutIdx = i; |
Vanger | 0:b86d15c6ba29 | 9633 | } |
Vanger | 0:b86d15c6ba29 | 9634 | else |
Vanger | 0:b86d15c6ba29 | 9635 | #endif |
Vanger | 0:b86d15c6ba29 | 9636 | *inOutIdx = begin + helloSz; /* skip extensions */ |
Vanger | 0:b86d15c6ba29 | 9637 | } |
Vanger | 0:b86d15c6ba29 | 9638 | |
Vanger | 0:b86d15c6ba29 | 9639 | ssl->options.serverState = SERVER_HELLO_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 9640 | |
Vanger | 0:b86d15c6ba29 | 9641 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 9642 | *inOutIdx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 9643 | } |
Vanger | 0:b86d15c6ba29 | 9644 | |
Vanger | 0:b86d15c6ba29 | 9645 | #ifdef HAVE_SECRET_CALLBACK |
Vanger | 0:b86d15c6ba29 | 9646 | if (ssl->sessionSecretCb != NULL) { |
Vanger | 0:b86d15c6ba29 | 9647 | int secretSz = SECRET_LEN, ret; |
Vanger | 0:b86d15c6ba29 | 9648 | ret = ssl->sessionSecretCb(ssl, ssl->session.masterSecret, |
Vanger | 0:b86d15c6ba29 | 9649 | &secretSz, ssl->sessionSecretCtx); |
Vanger | 0:b86d15c6ba29 | 9650 | if (ret != 0 || secretSz != SECRET_LEN) |
Vanger | 0:b86d15c6ba29 | 9651 | return SESSION_SECRET_CB_E; |
Vanger | 0:b86d15c6ba29 | 9652 | } |
Vanger | 0:b86d15c6ba29 | 9653 | #endif /* HAVE_SECRET_CALLBACK */ |
Vanger | 0:b86d15c6ba29 | 9654 | |
Vanger | 0:b86d15c6ba29 | 9655 | if (ssl->options.resuming) { |
Vanger | 0:b86d15c6ba29 | 9656 | if (DSH_CheckSessionId(ssl)) { |
Vanger | 0:b86d15c6ba29 | 9657 | if (SetCipherSpecs(ssl) == 0) { |
Vanger | 0:b86d15c6ba29 | 9658 | int ret = -1; |
Vanger | 0:b86d15c6ba29 | 9659 | |
Vanger | 0:b86d15c6ba29 | 9660 | XMEMCPY(ssl->arrays->masterSecret, |
Vanger | 0:b86d15c6ba29 | 9661 | ssl->session.masterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 9662 | #ifdef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 9663 | ret = DeriveTlsKeys(ssl); |
Vanger | 0:b86d15c6ba29 | 9664 | #else |
Vanger | 0:b86d15c6ba29 | 9665 | #ifndef NO_TLS |
Vanger | 0:b86d15c6ba29 | 9666 | if (ssl->options.tls) |
Vanger | 0:b86d15c6ba29 | 9667 | ret = DeriveTlsKeys(ssl); |
Vanger | 0:b86d15c6ba29 | 9668 | #endif |
Vanger | 0:b86d15c6ba29 | 9669 | if (!ssl->options.tls) |
Vanger | 0:b86d15c6ba29 | 9670 | ret = DeriveKeys(ssl); |
Vanger | 0:b86d15c6ba29 | 9671 | #endif |
Vanger | 0:b86d15c6ba29 | 9672 | ssl->options.serverState = SERVER_HELLODONE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 9673 | |
Vanger | 0:b86d15c6ba29 | 9674 | return ret; |
Vanger | 0:b86d15c6ba29 | 9675 | } |
Vanger | 0:b86d15c6ba29 | 9676 | else { |
Vanger | 0:b86d15c6ba29 | 9677 | CYASSL_MSG("Unsupported cipher suite, DoServerHello"); |
Vanger | 0:b86d15c6ba29 | 9678 | return UNSUPPORTED_SUITE; |
Vanger | 0:b86d15c6ba29 | 9679 | } |
Vanger | 0:b86d15c6ba29 | 9680 | } |
Vanger | 0:b86d15c6ba29 | 9681 | else { |
Vanger | 0:b86d15c6ba29 | 9682 | CYASSL_MSG("Server denied resumption attempt"); |
Vanger | 0:b86d15c6ba29 | 9683 | ssl->options.resuming = 0; /* server denied resumption try */ |
Vanger | 0:b86d15c6ba29 | 9684 | } |
Vanger | 0:b86d15c6ba29 | 9685 | } |
Vanger | 0:b86d15c6ba29 | 9686 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 9687 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 9688 | DtlsPoolReset(ssl); |
Vanger | 0:b86d15c6ba29 | 9689 | } |
Vanger | 0:b86d15c6ba29 | 9690 | #endif |
Vanger | 0:b86d15c6ba29 | 9691 | |
Vanger | 0:b86d15c6ba29 | 9692 | return SetCipherSpecs(ssl); |
Vanger | 0:b86d15c6ba29 | 9693 | } |
Vanger | 0:b86d15c6ba29 | 9694 | |
Vanger | 0:b86d15c6ba29 | 9695 | |
Vanger | 0:b86d15c6ba29 | 9696 | /* Make sure client setup is valid for this suite, true on success */ |
Vanger | 0:b86d15c6ba29 | 9697 | int VerifyClientSuite(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 9698 | { |
Vanger | 0:b86d15c6ba29 | 9699 | int havePSK = 0; |
Vanger | 0:b86d15c6ba29 | 9700 | byte first = ssl->options.cipherSuite0; |
Vanger | 0:b86d15c6ba29 | 9701 | byte second = ssl->options.cipherSuite; |
Vanger | 0:b86d15c6ba29 | 9702 | |
Vanger | 0:b86d15c6ba29 | 9703 | CYASSL_ENTER("VerifyClientSuite"); |
Vanger | 0:b86d15c6ba29 | 9704 | |
Vanger | 0:b86d15c6ba29 | 9705 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 9706 | havePSK = ssl->options.havePSK; |
Vanger | 0:b86d15c6ba29 | 9707 | #endif |
Vanger | 0:b86d15c6ba29 | 9708 | |
Vanger | 0:b86d15c6ba29 | 9709 | if (CipherRequires(first, second, REQUIRES_PSK)) { |
Vanger | 0:b86d15c6ba29 | 9710 | CYASSL_MSG("Requires PSK"); |
Vanger | 0:b86d15c6ba29 | 9711 | if (havePSK == 0) { |
Vanger | 0:b86d15c6ba29 | 9712 | CYASSL_MSG("Don't have PSK"); |
Vanger | 0:b86d15c6ba29 | 9713 | return 0; |
Vanger | 0:b86d15c6ba29 | 9714 | } |
Vanger | 0:b86d15c6ba29 | 9715 | } |
Vanger | 0:b86d15c6ba29 | 9716 | |
Vanger | 0:b86d15c6ba29 | 9717 | return 1; /* success */ |
Vanger | 0:b86d15c6ba29 | 9718 | } |
Vanger | 0:b86d15c6ba29 | 9719 | |
Vanger | 0:b86d15c6ba29 | 9720 | |
Vanger | 0:b86d15c6ba29 | 9721 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 9722 | /* just read in and ignore for now TODO: */ |
Vanger | 0:b86d15c6ba29 | 9723 | static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32* |
Vanger | 0:b86d15c6ba29 | 9724 | inOutIdx, word32 size) |
Vanger | 0:b86d15c6ba29 | 9725 | { |
Vanger | 0:b86d15c6ba29 | 9726 | word16 len; |
Vanger | 0:b86d15c6ba29 | 9727 | word32 begin = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 9728 | |
Vanger | 0:b86d15c6ba29 | 9729 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 9730 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 9731 | AddPacketName("CertificateRequest", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 9732 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 9733 | AddLateName("CertificateRequest", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 9734 | #endif |
Vanger | 0:b86d15c6ba29 | 9735 | |
Vanger | 0:b86d15c6ba29 | 9736 | if ((*inOutIdx - begin) + OPAQUE8_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9737 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9738 | |
Vanger | 0:b86d15c6ba29 | 9739 | len = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 9740 | |
Vanger | 0:b86d15c6ba29 | 9741 | if ((*inOutIdx - begin) + len > size) |
Vanger | 0:b86d15c6ba29 | 9742 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9743 | |
Vanger | 0:b86d15c6ba29 | 9744 | /* types, read in here */ |
Vanger | 0:b86d15c6ba29 | 9745 | *inOutIdx += len; |
Vanger | 0:b86d15c6ba29 | 9746 | |
Vanger | 0:b86d15c6ba29 | 9747 | /* signature and hash signature algorithm */ |
Vanger | 0:b86d15c6ba29 | 9748 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 9749 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9750 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9751 | |
Vanger | 0:b86d15c6ba29 | 9752 | ato16(input + *inOutIdx, &len); |
Vanger | 0:b86d15c6ba29 | 9753 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9754 | |
Vanger | 0:b86d15c6ba29 | 9755 | if ((*inOutIdx - begin) + len > size) |
Vanger | 0:b86d15c6ba29 | 9756 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9757 | |
Vanger | 0:b86d15c6ba29 | 9758 | PickHashSigAlgo(ssl, input + *inOutIdx, len); |
Vanger | 0:b86d15c6ba29 | 9759 | *inOutIdx += len; |
Vanger | 0:b86d15c6ba29 | 9760 | } |
Vanger | 0:b86d15c6ba29 | 9761 | |
Vanger | 0:b86d15c6ba29 | 9762 | /* authorities */ |
Vanger | 0:b86d15c6ba29 | 9763 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9764 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9765 | |
Vanger | 0:b86d15c6ba29 | 9766 | ato16(input + *inOutIdx, &len); |
Vanger | 0:b86d15c6ba29 | 9767 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9768 | |
Vanger | 0:b86d15c6ba29 | 9769 | if ((*inOutIdx - begin) + len > size) |
Vanger | 0:b86d15c6ba29 | 9770 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9771 | |
Vanger | 0:b86d15c6ba29 | 9772 | while (len) { |
Vanger | 0:b86d15c6ba29 | 9773 | word16 dnSz; |
Vanger | 0:b86d15c6ba29 | 9774 | |
Vanger | 0:b86d15c6ba29 | 9775 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9776 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9777 | |
Vanger | 0:b86d15c6ba29 | 9778 | ato16(input + *inOutIdx, &dnSz); |
Vanger | 0:b86d15c6ba29 | 9779 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9780 | |
Vanger | 0:b86d15c6ba29 | 9781 | if ((*inOutIdx - begin) + dnSz > size) |
Vanger | 0:b86d15c6ba29 | 9782 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9783 | |
Vanger | 0:b86d15c6ba29 | 9784 | *inOutIdx += dnSz; |
Vanger | 0:b86d15c6ba29 | 9785 | len -= OPAQUE16_LEN + dnSz; |
Vanger | 0:b86d15c6ba29 | 9786 | } |
Vanger | 0:b86d15c6ba29 | 9787 | |
Vanger | 0:b86d15c6ba29 | 9788 | /* don't send client cert or cert verify if user hasn't provided |
Vanger | 0:b86d15c6ba29 | 9789 | cert and private key */ |
Vanger | 0:b86d15c6ba29 | 9790 | if (ssl->buffers.certificate.buffer && ssl->buffers.key.buffer) |
Vanger | 0:b86d15c6ba29 | 9791 | ssl->options.sendVerify = SEND_CERT; |
Vanger | 0:b86d15c6ba29 | 9792 | else if (IsTLS(ssl)) |
Vanger | 0:b86d15c6ba29 | 9793 | ssl->options.sendVerify = SEND_BLANK_CERT; |
Vanger | 0:b86d15c6ba29 | 9794 | |
Vanger | 0:b86d15c6ba29 | 9795 | if (ssl->keys.encryptionOn) |
Vanger | 0:b86d15c6ba29 | 9796 | *inOutIdx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 9797 | |
Vanger | 0:b86d15c6ba29 | 9798 | return 0; |
Vanger | 0:b86d15c6ba29 | 9799 | } |
Vanger | 0:b86d15c6ba29 | 9800 | #endif /* !NO_CERTS */ |
Vanger | 0:b86d15c6ba29 | 9801 | |
Vanger | 0:b86d15c6ba29 | 9802 | |
Vanger | 0:b86d15c6ba29 | 9803 | static int DoServerKeyExchange(CYASSL* ssl, const byte* input, |
Vanger | 0:b86d15c6ba29 | 9804 | word32* inOutIdx, word32 size) |
Vanger | 0:b86d15c6ba29 | 9805 | { |
Vanger | 0:b86d15c6ba29 | 9806 | word16 length = 0; |
Vanger | 0:b86d15c6ba29 | 9807 | word32 begin = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 9808 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 9809 | #define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0) |
Vanger | 0:b86d15c6ba29 | 9810 | |
Vanger | 0:b86d15c6ba29 | 9811 | (void)length; /* shut up compiler warnings */ |
Vanger | 0:b86d15c6ba29 | 9812 | (void)begin; |
Vanger | 0:b86d15c6ba29 | 9813 | (void)ssl; |
Vanger | 0:b86d15c6ba29 | 9814 | (void)input; |
Vanger | 0:b86d15c6ba29 | 9815 | (void)size; |
Vanger | 0:b86d15c6ba29 | 9816 | (void)ret; |
Vanger | 0:b86d15c6ba29 | 9817 | |
Vanger | 0:b86d15c6ba29 | 9818 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 9819 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 9820 | AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 9821 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 9822 | AddLateName("ServerKeyExchange", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 9823 | #endif |
Vanger | 0:b86d15c6ba29 | 9824 | |
Vanger | 0:b86d15c6ba29 | 9825 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 9826 | if (ssl->specs.kea == psk_kea) { |
Vanger | 0:b86d15c6ba29 | 9827 | |
Vanger | 0:b86d15c6ba29 | 9828 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9829 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9830 | |
Vanger | 0:b86d15c6ba29 | 9831 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 9832 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9833 | |
Vanger | 0:b86d15c6ba29 | 9834 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 9835 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9836 | |
Vanger | 0:b86d15c6ba29 | 9837 | XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx, |
Vanger | 0:b86d15c6ba29 | 9838 | min(length, MAX_PSK_ID_LEN)); |
Vanger | 0:b86d15c6ba29 | 9839 | |
Vanger | 0:b86d15c6ba29 | 9840 | ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0; |
Vanger | 0:b86d15c6ba29 | 9841 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 9842 | |
Vanger | 0:b86d15c6ba29 | 9843 | return 0; |
Vanger | 0:b86d15c6ba29 | 9844 | } |
Vanger | 0:b86d15c6ba29 | 9845 | #endif |
Vanger | 0:b86d15c6ba29 | 9846 | #ifndef NO_DH |
Vanger | 0:b86d15c6ba29 | 9847 | if (ssl->specs.kea == diffie_hellman_kea) |
Vanger | 0:b86d15c6ba29 | 9848 | { |
Vanger | 0:b86d15c6ba29 | 9849 | /* p */ |
Vanger | 0:b86d15c6ba29 | 9850 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9851 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9852 | |
Vanger | 0:b86d15c6ba29 | 9853 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 9854 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9855 | |
Vanger | 0:b86d15c6ba29 | 9856 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 9857 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9858 | |
Vanger | 0:b86d15c6ba29 | 9859 | ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 9860 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 9861 | |
Vanger | 0:b86d15c6ba29 | 9862 | if (ssl->buffers.serverDH_P.buffer) |
Vanger | 0:b86d15c6ba29 | 9863 | ssl->buffers.serverDH_P.length = length; |
Vanger | 0:b86d15c6ba29 | 9864 | else |
Vanger | 0:b86d15c6ba29 | 9865 | return MEMORY_ERROR; |
Vanger | 0:b86d15c6ba29 | 9866 | |
Vanger | 0:b86d15c6ba29 | 9867 | XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); |
Vanger | 0:b86d15c6ba29 | 9868 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 9869 | |
Vanger | 0:b86d15c6ba29 | 9870 | /* g */ |
Vanger | 0:b86d15c6ba29 | 9871 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9872 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9873 | |
Vanger | 0:b86d15c6ba29 | 9874 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 9875 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9876 | |
Vanger | 0:b86d15c6ba29 | 9877 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 9878 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9879 | |
Vanger | 0:b86d15c6ba29 | 9880 | ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 9881 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 9882 | |
Vanger | 0:b86d15c6ba29 | 9883 | if (ssl->buffers.serverDH_G.buffer) |
Vanger | 0:b86d15c6ba29 | 9884 | ssl->buffers.serverDH_G.length = length; |
Vanger | 0:b86d15c6ba29 | 9885 | else |
Vanger | 0:b86d15c6ba29 | 9886 | return MEMORY_ERROR; |
Vanger | 0:b86d15c6ba29 | 9887 | |
Vanger | 0:b86d15c6ba29 | 9888 | XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); |
Vanger | 0:b86d15c6ba29 | 9889 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 9890 | |
Vanger | 0:b86d15c6ba29 | 9891 | /* pub */ |
Vanger | 0:b86d15c6ba29 | 9892 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9893 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9894 | |
Vanger | 0:b86d15c6ba29 | 9895 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 9896 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9897 | |
Vanger | 0:b86d15c6ba29 | 9898 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 9899 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9900 | |
Vanger | 0:b86d15c6ba29 | 9901 | ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 9902 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 9903 | |
Vanger | 0:b86d15c6ba29 | 9904 | if (ssl->buffers.serverDH_Pub.buffer) |
Vanger | 0:b86d15c6ba29 | 9905 | ssl->buffers.serverDH_Pub.length = length; |
Vanger | 0:b86d15c6ba29 | 9906 | else |
Vanger | 0:b86d15c6ba29 | 9907 | return MEMORY_ERROR; |
Vanger | 0:b86d15c6ba29 | 9908 | |
Vanger | 0:b86d15c6ba29 | 9909 | XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); |
Vanger | 0:b86d15c6ba29 | 9910 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 9911 | } /* dh_kea */ |
Vanger | 0:b86d15c6ba29 | 9912 | #endif /* NO_DH */ |
Vanger | 0:b86d15c6ba29 | 9913 | |
Vanger | 0:b86d15c6ba29 | 9914 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 9915 | if (ssl->specs.kea == ecc_diffie_hellman_kea) |
Vanger | 0:b86d15c6ba29 | 9916 | { |
Vanger | 0:b86d15c6ba29 | 9917 | byte b; |
Vanger | 0:b86d15c6ba29 | 9918 | |
Vanger | 0:b86d15c6ba29 | 9919 | if ((*inOutIdx - begin) + ENUM_LEN + OPAQUE16_LEN + OPAQUE8_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9920 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9921 | |
Vanger | 0:b86d15c6ba29 | 9922 | b = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 9923 | |
Vanger | 0:b86d15c6ba29 | 9924 | if (b != named_curve) |
Vanger | 0:b86d15c6ba29 | 9925 | return ECC_CURVETYPE_ERROR; |
Vanger | 0:b86d15c6ba29 | 9926 | |
Vanger | 0:b86d15c6ba29 | 9927 | *inOutIdx += 1; /* curve type, eat leading 0 */ |
Vanger | 0:b86d15c6ba29 | 9928 | b = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 9929 | |
Vanger | 0:b86d15c6ba29 | 9930 | if (b != secp256r1 && b != secp384r1 && b != secp521r1 && b != |
Vanger | 0:b86d15c6ba29 | 9931 | secp160r1 && b != secp192r1 && b != secp224r1) |
Vanger | 0:b86d15c6ba29 | 9932 | return ECC_CURVE_ERROR; |
Vanger | 0:b86d15c6ba29 | 9933 | |
Vanger | 0:b86d15c6ba29 | 9934 | length = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 9935 | |
Vanger | 0:b86d15c6ba29 | 9936 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 9937 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9938 | |
Vanger | 0:b86d15c6ba29 | 9939 | if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ |
Vanger | 0:b86d15c6ba29 | 9940 | ecc_free(ssl->peerEccKey); |
Vanger | 0:b86d15c6ba29 | 9941 | ssl->peerEccKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 9942 | ecc_init(ssl->peerEccKey); |
Vanger | 0:b86d15c6ba29 | 9943 | } |
Vanger | 0:b86d15c6ba29 | 9944 | |
Vanger | 0:b86d15c6ba29 | 9945 | if (ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey) != 0) |
Vanger | 0:b86d15c6ba29 | 9946 | return ECC_PEERKEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 9947 | |
Vanger | 0:b86d15c6ba29 | 9948 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 9949 | ssl->peerEccKeyPresent = 1; |
Vanger | 0:b86d15c6ba29 | 9950 | } |
Vanger | 0:b86d15c6ba29 | 9951 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 9952 | |
Vanger | 0:b86d15c6ba29 | 9953 | #if !defined(NO_DH) && !defined(NO_PSK) |
Vanger | 0:b86d15c6ba29 | 9954 | if (ssl->specs.kea == dhe_psk_kea) { |
Vanger | 0:b86d15c6ba29 | 9955 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9956 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9957 | |
Vanger | 0:b86d15c6ba29 | 9958 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 9959 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9960 | |
Vanger | 0:b86d15c6ba29 | 9961 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 9962 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9963 | |
Vanger | 0:b86d15c6ba29 | 9964 | XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx, |
Vanger | 0:b86d15c6ba29 | 9965 | min(length, MAX_PSK_ID_LEN)); |
Vanger | 0:b86d15c6ba29 | 9966 | |
Vanger | 0:b86d15c6ba29 | 9967 | ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0; |
Vanger | 0:b86d15c6ba29 | 9968 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 9969 | |
Vanger | 0:b86d15c6ba29 | 9970 | /* p */ |
Vanger | 0:b86d15c6ba29 | 9971 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9972 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9973 | |
Vanger | 0:b86d15c6ba29 | 9974 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 9975 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9976 | |
Vanger | 0:b86d15c6ba29 | 9977 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 9978 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9979 | |
Vanger | 0:b86d15c6ba29 | 9980 | ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 9981 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 9982 | |
Vanger | 0:b86d15c6ba29 | 9983 | if (ssl->buffers.serverDH_P.buffer) |
Vanger | 0:b86d15c6ba29 | 9984 | ssl->buffers.serverDH_P.length = length; |
Vanger | 0:b86d15c6ba29 | 9985 | else |
Vanger | 0:b86d15c6ba29 | 9986 | return MEMORY_ERROR; |
Vanger | 0:b86d15c6ba29 | 9987 | |
Vanger | 0:b86d15c6ba29 | 9988 | XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); |
Vanger | 0:b86d15c6ba29 | 9989 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 9990 | |
Vanger | 0:b86d15c6ba29 | 9991 | /* g */ |
Vanger | 0:b86d15c6ba29 | 9992 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 9993 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 9994 | |
Vanger | 0:b86d15c6ba29 | 9995 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 9996 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 9997 | |
Vanger | 0:b86d15c6ba29 | 9998 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 9999 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 10000 | |
Vanger | 0:b86d15c6ba29 | 10001 | ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 10002 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 10003 | |
Vanger | 0:b86d15c6ba29 | 10004 | if (ssl->buffers.serverDH_G.buffer) |
Vanger | 0:b86d15c6ba29 | 10005 | ssl->buffers.serverDH_G.length = length; |
Vanger | 0:b86d15c6ba29 | 10006 | else |
Vanger | 0:b86d15c6ba29 | 10007 | return MEMORY_ERROR; |
Vanger | 0:b86d15c6ba29 | 10008 | |
Vanger | 0:b86d15c6ba29 | 10009 | XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); |
Vanger | 0:b86d15c6ba29 | 10010 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 10011 | |
Vanger | 0:b86d15c6ba29 | 10012 | /* pub */ |
Vanger | 0:b86d15c6ba29 | 10013 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 10014 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 10015 | |
Vanger | 0:b86d15c6ba29 | 10016 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 10017 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 10018 | |
Vanger | 0:b86d15c6ba29 | 10019 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 10020 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 10021 | |
Vanger | 0:b86d15c6ba29 | 10022 | ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 10023 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 10024 | |
Vanger | 0:b86d15c6ba29 | 10025 | if (ssl->buffers.serverDH_Pub.buffer) |
Vanger | 0:b86d15c6ba29 | 10026 | ssl->buffers.serverDH_Pub.length = length; |
Vanger | 0:b86d15c6ba29 | 10027 | else |
Vanger | 0:b86d15c6ba29 | 10028 | return MEMORY_ERROR; |
Vanger | 0:b86d15c6ba29 | 10029 | |
Vanger | 0:b86d15c6ba29 | 10030 | XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); |
Vanger | 0:b86d15c6ba29 | 10031 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 10032 | } |
Vanger | 0:b86d15c6ba29 | 10033 | #endif /* !NO_DH || !NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 10034 | |
Vanger | 0:b86d15c6ba29 | 10035 | #if !defined(NO_DH) || defined(HAVE_ECC) |
Vanger | 0:b86d15c6ba29 | 10036 | if (!ssl->options.usingAnon_cipher && |
Vanger | 0:b86d15c6ba29 | 10037 | (ssl->specs.kea == ecc_diffie_hellman_kea || |
Vanger | 0:b86d15c6ba29 | 10038 | ssl->specs.kea == diffie_hellman_kea)) |
Vanger | 0:b86d15c6ba29 | 10039 | { |
Vanger | 0:b86d15c6ba29 | 10040 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 10041 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10042 | Md5* md5 = NULL; |
Vanger | 0:b86d15c6ba29 | 10043 | Sha* sha = NULL; |
Vanger | 0:b86d15c6ba29 | 10044 | #else |
Vanger | 0:b86d15c6ba29 | 10045 | Md5 md5[1]; |
Vanger | 0:b86d15c6ba29 | 10046 | Sha sha[1]; |
Vanger | 0:b86d15c6ba29 | 10047 | #endif |
Vanger | 0:b86d15c6ba29 | 10048 | #endif |
Vanger | 0:b86d15c6ba29 | 10049 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 10050 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10051 | Sha256* sha256 = NULL; |
Vanger | 0:b86d15c6ba29 | 10052 | byte* hash256 = NULL; |
Vanger | 0:b86d15c6ba29 | 10053 | #else |
Vanger | 0:b86d15c6ba29 | 10054 | Sha256 sha256[1]; |
Vanger | 0:b86d15c6ba29 | 10055 | byte hash256[SHA256_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 10056 | #endif |
Vanger | 0:b86d15c6ba29 | 10057 | #endif |
Vanger | 0:b86d15c6ba29 | 10058 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 10059 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10060 | Sha384* sha384 = NULL; |
Vanger | 0:b86d15c6ba29 | 10061 | byte* hash384 = NULL; |
Vanger | 0:b86d15c6ba29 | 10062 | #else |
Vanger | 0:b86d15c6ba29 | 10063 | Sha384 sha384[1]; |
Vanger | 0:b86d15c6ba29 | 10064 | byte hash384[SHA384_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 10065 | #endif |
Vanger | 0:b86d15c6ba29 | 10066 | #endif |
Vanger | 0:b86d15c6ba29 | 10067 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10068 | byte* hash = NULL; |
Vanger | 0:b86d15c6ba29 | 10069 | byte* messageVerify = NULL; |
Vanger | 0:b86d15c6ba29 | 10070 | #else |
Vanger | 0:b86d15c6ba29 | 10071 | byte hash[FINISHED_SZ]; |
Vanger | 0:b86d15c6ba29 | 10072 | byte messageVerify[MAX_DH_SZ]; |
Vanger | 0:b86d15c6ba29 | 10073 | #endif |
Vanger | 0:b86d15c6ba29 | 10074 | byte hashAlgo = sha_mac; |
Vanger | 0:b86d15c6ba29 | 10075 | byte sigAlgo = ssl->specs.sig_algo; |
Vanger | 0:b86d15c6ba29 | 10076 | word16 verifySz = (word16) (*inOutIdx - begin); |
Vanger | 0:b86d15c6ba29 | 10077 | |
Vanger | 0:b86d15c6ba29 | 10078 | /* save message for hash verify */ |
Vanger | 0:b86d15c6ba29 | 10079 | if (verifySz > MAX_DH_SZ) |
Vanger | 0:b86d15c6ba29 | 10080 | ERROR_OUT(BUFFER_ERROR, done); |
Vanger | 0:b86d15c6ba29 | 10081 | |
Vanger | 0:b86d15c6ba29 | 10082 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10083 | messageVerify = (byte*)XMALLOC(MAX_DH_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 10084 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10085 | if (messageVerify == NULL) |
Vanger | 0:b86d15c6ba29 | 10086 | ERROR_OUT(MEMORY_E, done); |
Vanger | 0:b86d15c6ba29 | 10087 | #endif |
Vanger | 0:b86d15c6ba29 | 10088 | |
Vanger | 0:b86d15c6ba29 | 10089 | XMEMCPY(messageVerify, input + begin, verifySz); |
Vanger | 0:b86d15c6ba29 | 10090 | |
Vanger | 0:b86d15c6ba29 | 10091 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 10092 | if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size) |
Vanger | 0:b86d15c6ba29 | 10093 | ERROR_OUT(BUFFER_ERROR, done); |
Vanger | 0:b86d15c6ba29 | 10094 | |
Vanger | 0:b86d15c6ba29 | 10095 | hashAlgo = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 10096 | sigAlgo = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 10097 | } |
Vanger | 0:b86d15c6ba29 | 10098 | |
Vanger | 0:b86d15c6ba29 | 10099 | /* signature */ |
Vanger | 0:b86d15c6ba29 | 10100 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 10101 | ERROR_OUT(BUFFER_ERROR, done); |
Vanger | 0:b86d15c6ba29 | 10102 | |
Vanger | 0:b86d15c6ba29 | 10103 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 10104 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 10105 | |
Vanger | 0:b86d15c6ba29 | 10106 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 10107 | ERROR_OUT(BUFFER_ERROR, done); |
Vanger | 0:b86d15c6ba29 | 10108 | |
Vanger | 0:b86d15c6ba29 | 10109 | /* inOutIdx updated at the end of the function */ |
Vanger | 0:b86d15c6ba29 | 10110 | |
Vanger | 0:b86d15c6ba29 | 10111 | /* verify signature */ |
Vanger | 0:b86d15c6ba29 | 10112 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10113 | hash = (byte*)XMALLOC(FINISHED_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10114 | if (hash == NULL) |
Vanger | 0:b86d15c6ba29 | 10115 | ERROR_OUT(MEMORY_E, done); |
Vanger | 0:b86d15c6ba29 | 10116 | #endif |
Vanger | 0:b86d15c6ba29 | 10117 | |
Vanger | 0:b86d15c6ba29 | 10118 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 10119 | /* md5 */ |
Vanger | 0:b86d15c6ba29 | 10120 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10121 | md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10122 | if (md5 == NULL) |
Vanger | 0:b86d15c6ba29 | 10123 | ERROR_OUT(MEMORY_E, done); |
Vanger | 0:b86d15c6ba29 | 10124 | #endif |
Vanger | 0:b86d15c6ba29 | 10125 | InitMd5(md5); |
Vanger | 0:b86d15c6ba29 | 10126 | Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 10127 | Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 10128 | Md5Update(md5, messageVerify, verifySz); |
Vanger | 0:b86d15c6ba29 | 10129 | Md5Final(md5, hash); |
Vanger | 0:b86d15c6ba29 | 10130 | |
Vanger | 0:b86d15c6ba29 | 10131 | /* sha */ |
Vanger | 0:b86d15c6ba29 | 10132 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10133 | sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10134 | if (sha == NULL) |
Vanger | 0:b86d15c6ba29 | 10135 | ERROR_OUT(MEMORY_E, done); |
Vanger | 0:b86d15c6ba29 | 10136 | #endif |
Vanger | 0:b86d15c6ba29 | 10137 | ret = InitSha(sha); |
Vanger | 0:b86d15c6ba29 | 10138 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 10139 | goto done; |
Vanger | 0:b86d15c6ba29 | 10140 | ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 10141 | ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 10142 | ShaUpdate(sha, messageVerify, verifySz); |
Vanger | 0:b86d15c6ba29 | 10143 | ShaFinal(sha, hash + MD5_DIGEST_SIZE); |
Vanger | 0:b86d15c6ba29 | 10144 | #endif |
Vanger | 0:b86d15c6ba29 | 10145 | |
Vanger | 0:b86d15c6ba29 | 10146 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 10147 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10148 | sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, |
Vanger | 0:b86d15c6ba29 | 10149 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10150 | hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, |
Vanger | 0:b86d15c6ba29 | 10151 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10152 | if (sha256 == NULL || hash256 == NULL) |
Vanger | 0:b86d15c6ba29 | 10153 | ERROR_OUT(MEMORY_E, done); |
Vanger | 0:b86d15c6ba29 | 10154 | #endif |
Vanger | 0:b86d15c6ba29 | 10155 | if (!(ret = InitSha256(sha256)) |
Vanger | 0:b86d15c6ba29 | 10156 | && !(ret = Sha256Update(sha256, ssl->arrays->clientRandom, RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 10157 | && !(ret = Sha256Update(sha256, ssl->arrays->serverRandom, RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 10158 | && !(ret = Sha256Update(sha256, messageVerify, verifySz))) |
Vanger | 0:b86d15c6ba29 | 10159 | ret = Sha256Final(sha256, hash256); |
Vanger | 0:b86d15c6ba29 | 10160 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 10161 | goto done; |
Vanger | 0:b86d15c6ba29 | 10162 | #endif |
Vanger | 0:b86d15c6ba29 | 10163 | |
Vanger | 0:b86d15c6ba29 | 10164 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 10165 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10166 | sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, |
Vanger | 0:b86d15c6ba29 | 10167 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10168 | hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, |
Vanger | 0:b86d15c6ba29 | 10169 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10170 | if (sha384 == NULL || hash384 == NULL) |
Vanger | 0:b86d15c6ba29 | 10171 | ERROR_OUT(MEMORY_E, done); |
Vanger | 0:b86d15c6ba29 | 10172 | #endif |
Vanger | 0:b86d15c6ba29 | 10173 | if (!(ret = InitSha384(sha384)) |
Vanger | 0:b86d15c6ba29 | 10174 | && !(ret = Sha384Update(sha384, ssl->arrays->clientRandom, RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 10175 | && !(ret = Sha384Update(sha384, ssl->arrays->serverRandom, RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 10176 | && !(ret = Sha384Update(sha384, messageVerify, verifySz))) |
Vanger | 0:b86d15c6ba29 | 10177 | ret = Sha384Final(sha384, hash384); |
Vanger | 0:b86d15c6ba29 | 10178 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 10179 | goto done; |
Vanger | 0:b86d15c6ba29 | 10180 | #endif |
Vanger | 0:b86d15c6ba29 | 10181 | |
Vanger | 0:b86d15c6ba29 | 10182 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 10183 | /* rsa */ |
Vanger | 0:b86d15c6ba29 | 10184 | if (sigAlgo == rsa_sa_algo) |
Vanger | 0:b86d15c6ba29 | 10185 | { |
Vanger | 0:b86d15c6ba29 | 10186 | byte* out = NULL; |
Vanger | 0:b86d15c6ba29 | 10187 | byte doUserRsa = 0; |
Vanger | 0:b86d15c6ba29 | 10188 | word32 verifiedSz = 0; |
Vanger | 0:b86d15c6ba29 | 10189 | |
Vanger | 0:b86d15c6ba29 | 10190 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 10191 | if (ssl->ctx->RsaVerifyCb) |
Vanger | 0:b86d15c6ba29 | 10192 | doUserRsa = 1; |
Vanger | 0:b86d15c6ba29 | 10193 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 10194 | |
Vanger | 0:b86d15c6ba29 | 10195 | if (!ssl->peerRsaKeyPresent) |
Vanger | 0:b86d15c6ba29 | 10196 | ERROR_OUT(NO_PEER_KEY, done); |
Vanger | 0:b86d15c6ba29 | 10197 | |
Vanger | 0:b86d15c6ba29 | 10198 | if (doUserRsa) { |
Vanger | 0:b86d15c6ba29 | 10199 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 10200 | verifiedSz = ssl->ctx->RsaVerifyCb(ssl, |
Vanger | 0:b86d15c6ba29 | 10201 | (byte *)input + *inOutIdx, |
Vanger | 0:b86d15c6ba29 | 10202 | length, &out, |
Vanger | 0:b86d15c6ba29 | 10203 | ssl->buffers.peerRsaKey.buffer, |
Vanger | 0:b86d15c6ba29 | 10204 | ssl->buffers.peerRsaKey.length, |
Vanger | 0:b86d15c6ba29 | 10205 | ssl->RsaVerifyCtx); |
Vanger | 0:b86d15c6ba29 | 10206 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 10207 | } |
Vanger | 0:b86d15c6ba29 | 10208 | else |
Vanger | 0:b86d15c6ba29 | 10209 | verifiedSz = RsaSSL_VerifyInline((byte *)input + *inOutIdx, |
Vanger | 0:b86d15c6ba29 | 10210 | length, &out, ssl->peerRsaKey); |
Vanger | 0:b86d15c6ba29 | 10211 | |
Vanger | 0:b86d15c6ba29 | 10212 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 10213 | word32 encSigSz; |
Vanger | 0:b86d15c6ba29 | 10214 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 10215 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 10216 | int typeH = SHAh; |
Vanger | 0:b86d15c6ba29 | 10217 | int digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10218 | #else |
Vanger | 0:b86d15c6ba29 | 10219 | byte* digest = hash256; |
Vanger | 0:b86d15c6ba29 | 10220 | int typeH = SHA256h; |
Vanger | 0:b86d15c6ba29 | 10221 | int digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10222 | #endif |
Vanger | 0:b86d15c6ba29 | 10223 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10224 | byte* encodedSig = NULL; |
Vanger | 0:b86d15c6ba29 | 10225 | #else |
Vanger | 0:b86d15c6ba29 | 10226 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
Vanger | 0:b86d15c6ba29 | 10227 | #endif |
Vanger | 0:b86d15c6ba29 | 10228 | |
Vanger | 0:b86d15c6ba29 | 10229 | if (hashAlgo == sha_mac) { |
Vanger | 0:b86d15c6ba29 | 10230 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 10231 | digest = &hash[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 10232 | typeH = SHAh; |
Vanger | 0:b86d15c6ba29 | 10233 | digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10234 | #endif |
Vanger | 0:b86d15c6ba29 | 10235 | } |
Vanger | 0:b86d15c6ba29 | 10236 | else if (hashAlgo == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 10237 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 10238 | digest = hash256; |
Vanger | 0:b86d15c6ba29 | 10239 | typeH = SHA256h; |
Vanger | 0:b86d15c6ba29 | 10240 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10241 | #endif |
Vanger | 0:b86d15c6ba29 | 10242 | } |
Vanger | 0:b86d15c6ba29 | 10243 | else if (hashAlgo == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 10244 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 10245 | digest = hash384; |
Vanger | 0:b86d15c6ba29 | 10246 | typeH = SHA384h; |
Vanger | 0:b86d15c6ba29 | 10247 | digestSz = SHA384_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10248 | #endif |
Vanger | 0:b86d15c6ba29 | 10249 | } |
Vanger | 0:b86d15c6ba29 | 10250 | |
Vanger | 0:b86d15c6ba29 | 10251 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10252 | encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 10253 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10254 | if (encodedSig == NULL) |
Vanger | 0:b86d15c6ba29 | 10255 | ERROR_OUT(MEMORY_E, done); |
Vanger | 0:b86d15c6ba29 | 10256 | #endif |
Vanger | 0:b86d15c6ba29 | 10257 | |
Vanger | 0:b86d15c6ba29 | 10258 | encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); |
Vanger | 0:b86d15c6ba29 | 10259 | |
Vanger | 0:b86d15c6ba29 | 10260 | if (encSigSz != verifiedSz || !out || XMEMCMP(out, encodedSig, |
Vanger | 0:b86d15c6ba29 | 10261 | min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) |
Vanger | 0:b86d15c6ba29 | 10262 | ret = VERIFY_SIGN_ERROR; |
Vanger | 0:b86d15c6ba29 | 10263 | |
Vanger | 0:b86d15c6ba29 | 10264 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10265 | XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10266 | #endif |
Vanger | 0:b86d15c6ba29 | 10267 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 10268 | goto done; |
Vanger | 0:b86d15c6ba29 | 10269 | } |
Vanger | 0:b86d15c6ba29 | 10270 | else if (verifiedSz != FINISHED_SZ || !out || XMEMCMP(out, |
Vanger | 0:b86d15c6ba29 | 10271 | hash, FINISHED_SZ) != 0) |
Vanger | 0:b86d15c6ba29 | 10272 | ERROR_OUT(VERIFY_SIGN_ERROR, done); |
Vanger | 0:b86d15c6ba29 | 10273 | } else |
Vanger | 0:b86d15c6ba29 | 10274 | #endif |
Vanger | 0:b86d15c6ba29 | 10275 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 10276 | /* ecdsa */ |
Vanger | 0:b86d15c6ba29 | 10277 | if (sigAlgo == ecc_dsa_sa_algo) { |
Vanger | 0:b86d15c6ba29 | 10278 | int verify = 0; |
Vanger | 0:b86d15c6ba29 | 10279 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 10280 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 10281 | word32 digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10282 | #else |
Vanger | 0:b86d15c6ba29 | 10283 | byte* digest = hash256; |
Vanger | 0:b86d15c6ba29 | 10284 | word32 digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10285 | #endif |
Vanger | 0:b86d15c6ba29 | 10286 | byte doUserEcc = 0; |
Vanger | 0:b86d15c6ba29 | 10287 | |
Vanger | 0:b86d15c6ba29 | 10288 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 10289 | if (ssl->ctx->EccVerifyCb) |
Vanger | 0:b86d15c6ba29 | 10290 | doUserEcc = 1; |
Vanger | 0:b86d15c6ba29 | 10291 | #endif |
Vanger | 0:b86d15c6ba29 | 10292 | |
Vanger | 0:b86d15c6ba29 | 10293 | if (!ssl->peerEccDsaKeyPresent) |
Vanger | 0:b86d15c6ba29 | 10294 | ERROR_OUT(NO_PEER_KEY, done); |
Vanger | 0:b86d15c6ba29 | 10295 | |
Vanger | 0:b86d15c6ba29 | 10296 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 10297 | if (hashAlgo == sha_mac) { |
Vanger | 0:b86d15c6ba29 | 10298 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 10299 | digest = &hash[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 10300 | digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10301 | #endif |
Vanger | 0:b86d15c6ba29 | 10302 | } |
Vanger | 0:b86d15c6ba29 | 10303 | else if (hashAlgo == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 10304 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 10305 | digest = hash256; |
Vanger | 0:b86d15c6ba29 | 10306 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10307 | #endif |
Vanger | 0:b86d15c6ba29 | 10308 | } |
Vanger | 0:b86d15c6ba29 | 10309 | else if (hashAlgo == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 10310 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 10311 | digest = hash384; |
Vanger | 0:b86d15c6ba29 | 10312 | digestSz = SHA384_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 10313 | #endif |
Vanger | 0:b86d15c6ba29 | 10314 | } |
Vanger | 0:b86d15c6ba29 | 10315 | } |
Vanger | 0:b86d15c6ba29 | 10316 | if (doUserEcc) { |
Vanger | 0:b86d15c6ba29 | 10317 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 10318 | ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, length, |
Vanger | 0:b86d15c6ba29 | 10319 | digest, digestSz, |
Vanger | 0:b86d15c6ba29 | 10320 | ssl->buffers.peerEccDsaKey.buffer, |
Vanger | 0:b86d15c6ba29 | 10321 | ssl->buffers.peerEccDsaKey.length, |
Vanger | 0:b86d15c6ba29 | 10322 | &verify, ssl->EccVerifyCtx); |
Vanger | 0:b86d15c6ba29 | 10323 | #endif |
Vanger | 0:b86d15c6ba29 | 10324 | } |
Vanger | 0:b86d15c6ba29 | 10325 | else { |
Vanger | 0:b86d15c6ba29 | 10326 | ret = ecc_verify_hash(input + *inOutIdx, length, |
Vanger | 0:b86d15c6ba29 | 10327 | digest, digestSz, &verify, ssl->peerEccDsaKey); |
Vanger | 0:b86d15c6ba29 | 10328 | } |
Vanger | 0:b86d15c6ba29 | 10329 | if (ret != 0 || verify == 0) |
Vanger | 0:b86d15c6ba29 | 10330 | ERROR_OUT(VERIFY_SIGN_ERROR, done); |
Vanger | 0:b86d15c6ba29 | 10331 | } |
Vanger | 0:b86d15c6ba29 | 10332 | else |
Vanger | 0:b86d15c6ba29 | 10333 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 10334 | ERROR_OUT(ALGO_ID_E, done); |
Vanger | 0:b86d15c6ba29 | 10335 | |
Vanger | 0:b86d15c6ba29 | 10336 | /* signature length */ |
Vanger | 0:b86d15c6ba29 | 10337 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 10338 | |
Vanger | 0:b86d15c6ba29 | 10339 | ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 10340 | |
Vanger | 0:b86d15c6ba29 | 10341 | done: |
Vanger | 0:b86d15c6ba29 | 10342 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10343 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 10344 | XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10345 | XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10346 | #endif |
Vanger | 0:b86d15c6ba29 | 10347 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 10348 | XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10349 | XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10350 | #endif |
Vanger | 0:b86d15c6ba29 | 10351 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 10352 | XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10353 | XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10354 | #endif |
Vanger | 0:b86d15c6ba29 | 10355 | XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10356 | XFREE(messageVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10357 | #endif |
Vanger | 0:b86d15c6ba29 | 10358 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 10359 | return ret; |
Vanger | 0:b86d15c6ba29 | 10360 | } |
Vanger | 0:b86d15c6ba29 | 10361 | |
Vanger | 0:b86d15c6ba29 | 10362 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 10363 | *inOutIdx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 10364 | } |
Vanger | 0:b86d15c6ba29 | 10365 | |
Vanger | 0:b86d15c6ba29 | 10366 | return 0; |
Vanger | 0:b86d15c6ba29 | 10367 | #else /* !NO_DH or HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 10368 | return NOT_COMPILED_IN; /* not supported by build */ |
Vanger | 0:b86d15c6ba29 | 10369 | #endif /* !NO_DH or HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 10370 | |
Vanger | 0:b86d15c6ba29 | 10371 | #undef ERROR_OUT |
Vanger | 0:b86d15c6ba29 | 10372 | } |
Vanger | 0:b86d15c6ba29 | 10373 | |
Vanger | 0:b86d15c6ba29 | 10374 | |
Vanger | 0:b86d15c6ba29 | 10375 | int SendClientKeyExchange(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 10376 | { |
Vanger | 0:b86d15c6ba29 | 10377 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10378 | byte* encSecret = NULL; |
Vanger | 0:b86d15c6ba29 | 10379 | #else |
Vanger | 0:b86d15c6ba29 | 10380 | byte encSecret[MAX_ENCRYPT_SZ]; |
Vanger | 0:b86d15c6ba29 | 10381 | #endif |
Vanger | 0:b86d15c6ba29 | 10382 | word32 encSz = 0; |
Vanger | 0:b86d15c6ba29 | 10383 | word32 idx = 0; |
Vanger | 0:b86d15c6ba29 | 10384 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 10385 | byte doUserRsa = 0; |
Vanger | 0:b86d15c6ba29 | 10386 | |
Vanger | 0:b86d15c6ba29 | 10387 | (void)doUserRsa; |
Vanger | 0:b86d15c6ba29 | 10388 | |
Vanger | 0:b86d15c6ba29 | 10389 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 10390 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 10391 | if (ssl->ctx->RsaEncCb) |
Vanger | 0:b86d15c6ba29 | 10392 | doUserRsa = 1; |
Vanger | 0:b86d15c6ba29 | 10393 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 10394 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 10395 | |
Vanger | 0:b86d15c6ba29 | 10396 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10397 | encSecret = (byte*)XMALLOC(MAX_ENCRYPT_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 10398 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10399 | if (encSecret == NULL) |
Vanger | 0:b86d15c6ba29 | 10400 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 10401 | #endif |
Vanger | 0:b86d15c6ba29 | 10402 | |
Vanger | 0:b86d15c6ba29 | 10403 | switch (ssl->specs.kea) { |
Vanger | 0:b86d15c6ba29 | 10404 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 10405 | case rsa_kea: |
Vanger | 0:b86d15c6ba29 | 10406 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, |
Vanger | 0:b86d15c6ba29 | 10407 | SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 10408 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 10409 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10410 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10411 | #endif |
Vanger | 0:b86d15c6ba29 | 10412 | return ret; |
Vanger | 0:b86d15c6ba29 | 10413 | } |
Vanger | 0:b86d15c6ba29 | 10414 | |
Vanger | 0:b86d15c6ba29 | 10415 | ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; |
Vanger | 0:b86d15c6ba29 | 10416 | ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor; |
Vanger | 0:b86d15c6ba29 | 10417 | ssl->arrays->preMasterSz = SECRET_LEN; |
Vanger | 0:b86d15c6ba29 | 10418 | |
Vanger | 0:b86d15c6ba29 | 10419 | if (ssl->peerRsaKeyPresent == 0) { |
Vanger | 0:b86d15c6ba29 | 10420 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10421 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10422 | #endif |
Vanger | 0:b86d15c6ba29 | 10423 | return NO_PEER_KEY; |
Vanger | 0:b86d15c6ba29 | 10424 | } |
Vanger | 0:b86d15c6ba29 | 10425 | |
Vanger | 0:b86d15c6ba29 | 10426 | if (doUserRsa) { |
Vanger | 0:b86d15c6ba29 | 10427 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 10428 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 10429 | encSz = MAX_ENCRYPT_SZ; |
Vanger | 0:b86d15c6ba29 | 10430 | ret = ssl->ctx->RsaEncCb(ssl, |
Vanger | 0:b86d15c6ba29 | 10431 | ssl->arrays->preMasterSecret, |
Vanger | 0:b86d15c6ba29 | 10432 | SECRET_LEN, |
Vanger | 0:b86d15c6ba29 | 10433 | encSecret, &encSz, |
Vanger | 0:b86d15c6ba29 | 10434 | ssl->buffers.peerRsaKey.buffer, |
Vanger | 0:b86d15c6ba29 | 10435 | ssl->buffers.peerRsaKey.length, |
Vanger | 0:b86d15c6ba29 | 10436 | ssl->RsaEncCtx); |
Vanger | 0:b86d15c6ba29 | 10437 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 10438 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 10439 | } |
Vanger | 0:b86d15c6ba29 | 10440 | else { |
Vanger | 0:b86d15c6ba29 | 10441 | ret = RsaPublicEncrypt(ssl->arrays->preMasterSecret, |
Vanger | 0:b86d15c6ba29 | 10442 | SECRET_LEN, encSecret, MAX_ENCRYPT_SZ, |
Vanger | 0:b86d15c6ba29 | 10443 | ssl->peerRsaKey, ssl->rng); |
Vanger | 0:b86d15c6ba29 | 10444 | if (ret > 0) { |
Vanger | 0:b86d15c6ba29 | 10445 | encSz = ret; |
Vanger | 0:b86d15c6ba29 | 10446 | ret = 0; /* set success to 0 */ |
Vanger | 0:b86d15c6ba29 | 10447 | } |
Vanger | 0:b86d15c6ba29 | 10448 | } |
Vanger | 0:b86d15c6ba29 | 10449 | break; |
Vanger | 0:b86d15c6ba29 | 10450 | #endif |
Vanger | 0:b86d15c6ba29 | 10451 | #ifndef NO_DH |
Vanger | 0:b86d15c6ba29 | 10452 | case diffie_hellman_kea: |
Vanger | 0:b86d15c6ba29 | 10453 | { |
Vanger | 0:b86d15c6ba29 | 10454 | buffer serverP = ssl->buffers.serverDH_P; |
Vanger | 0:b86d15c6ba29 | 10455 | buffer serverG = ssl->buffers.serverDH_G; |
Vanger | 0:b86d15c6ba29 | 10456 | buffer serverPub = ssl->buffers.serverDH_Pub; |
Vanger | 0:b86d15c6ba29 | 10457 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10458 | byte* priv = NULL; |
Vanger | 0:b86d15c6ba29 | 10459 | #else |
Vanger | 0:b86d15c6ba29 | 10460 | byte priv[ENCRYPT_LEN]; |
Vanger | 0:b86d15c6ba29 | 10461 | #endif |
Vanger | 0:b86d15c6ba29 | 10462 | word32 privSz = 0; |
Vanger | 0:b86d15c6ba29 | 10463 | DhKey key; |
Vanger | 0:b86d15c6ba29 | 10464 | |
Vanger | 0:b86d15c6ba29 | 10465 | if (serverP.buffer == 0 || serverG.buffer == 0 || |
Vanger | 0:b86d15c6ba29 | 10466 | serverPub.buffer == 0) { |
Vanger | 0:b86d15c6ba29 | 10467 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10468 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10469 | #endif |
Vanger | 0:b86d15c6ba29 | 10470 | return NO_PEER_KEY; |
Vanger | 0:b86d15c6ba29 | 10471 | } |
Vanger | 0:b86d15c6ba29 | 10472 | |
Vanger | 0:b86d15c6ba29 | 10473 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10474 | priv = (byte*)XMALLOC(ENCRYPT_LEN, NULL, |
Vanger | 0:b86d15c6ba29 | 10475 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10476 | if (priv == NULL) { |
Vanger | 0:b86d15c6ba29 | 10477 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10478 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 10479 | } |
Vanger | 0:b86d15c6ba29 | 10480 | #endif |
Vanger | 0:b86d15c6ba29 | 10481 | |
Vanger | 0:b86d15c6ba29 | 10482 | InitDhKey(&key); |
Vanger | 0:b86d15c6ba29 | 10483 | ret = DhSetKey(&key, serverP.buffer, serverP.length, |
Vanger | 0:b86d15c6ba29 | 10484 | serverG.buffer, serverG.length); |
Vanger | 0:b86d15c6ba29 | 10485 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 10486 | /* for DH, encSecret is Yc, agree is pre-master */ |
Vanger | 0:b86d15c6ba29 | 10487 | ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, |
Vanger | 0:b86d15c6ba29 | 10488 | encSecret, &encSz); |
Vanger | 0:b86d15c6ba29 | 10489 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 10490 | ret = DhAgree(&key, ssl->arrays->preMasterSecret, |
Vanger | 0:b86d15c6ba29 | 10491 | &ssl->arrays->preMasterSz, priv, privSz, |
Vanger | 0:b86d15c6ba29 | 10492 | serverPub.buffer, serverPub.length); |
Vanger | 0:b86d15c6ba29 | 10493 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10494 | XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10495 | #endif |
Vanger | 0:b86d15c6ba29 | 10496 | FreeDhKey(&key); |
Vanger | 0:b86d15c6ba29 | 10497 | } |
Vanger | 0:b86d15c6ba29 | 10498 | break; |
Vanger | 0:b86d15c6ba29 | 10499 | #endif /* NO_DH */ |
Vanger | 0:b86d15c6ba29 | 10500 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 10501 | case psk_kea: |
Vanger | 0:b86d15c6ba29 | 10502 | { |
Vanger | 0:b86d15c6ba29 | 10503 | byte* pms = ssl->arrays->preMasterSecret; |
Vanger | 0:b86d15c6ba29 | 10504 | |
Vanger | 0:b86d15c6ba29 | 10505 | ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, |
Vanger | 0:b86d15c6ba29 | 10506 | ssl->arrays->server_hint, ssl->arrays->client_identity, |
Vanger | 0:b86d15c6ba29 | 10507 | MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); |
Vanger | 0:b86d15c6ba29 | 10508 | if (ssl->arrays->psk_keySz == 0 || |
Vanger | 0:b86d15c6ba29 | 10509 | ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { |
Vanger | 0:b86d15c6ba29 | 10510 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10511 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10512 | #endif |
Vanger | 0:b86d15c6ba29 | 10513 | return PSK_KEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 10514 | } |
Vanger | 0:b86d15c6ba29 | 10515 | encSz = (word32)XSTRLEN(ssl->arrays->client_identity); |
Vanger | 0:b86d15c6ba29 | 10516 | if (encSz > MAX_PSK_ID_LEN) { |
Vanger | 0:b86d15c6ba29 | 10517 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10518 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10519 | #endif |
Vanger | 0:b86d15c6ba29 | 10520 | return CLIENT_ID_ERROR; |
Vanger | 0:b86d15c6ba29 | 10521 | } |
Vanger | 0:b86d15c6ba29 | 10522 | XMEMCPY(encSecret, ssl->arrays->client_identity, encSz); |
Vanger | 0:b86d15c6ba29 | 10523 | |
Vanger | 0:b86d15c6ba29 | 10524 | /* make psk pre master secret */ |
Vanger | 0:b86d15c6ba29 | 10525 | /* length of key + length 0s + length of key + key */ |
Vanger | 0:b86d15c6ba29 | 10526 | c16toa((word16)ssl->arrays->psk_keySz, pms); |
Vanger | 0:b86d15c6ba29 | 10527 | pms += 2; |
Vanger | 0:b86d15c6ba29 | 10528 | XMEMSET(pms, 0, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 10529 | pms += ssl->arrays->psk_keySz; |
Vanger | 0:b86d15c6ba29 | 10530 | c16toa((word16)ssl->arrays->psk_keySz, pms); |
Vanger | 0:b86d15c6ba29 | 10531 | pms += 2; |
Vanger | 0:b86d15c6ba29 | 10532 | XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 10533 | ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; |
Vanger | 0:b86d15c6ba29 | 10534 | XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 10535 | ssl->arrays->psk_keySz = 0; /* No further need */ |
Vanger | 0:b86d15c6ba29 | 10536 | } |
Vanger | 0:b86d15c6ba29 | 10537 | break; |
Vanger | 0:b86d15c6ba29 | 10538 | #endif /* NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 10539 | #if !defined(NO_DH) && !defined(NO_PSK) |
Vanger | 0:b86d15c6ba29 | 10540 | case dhe_psk_kea: |
Vanger | 0:b86d15c6ba29 | 10541 | { |
Vanger | 0:b86d15c6ba29 | 10542 | byte* pms = ssl->arrays->preMasterSecret; |
Vanger | 0:b86d15c6ba29 | 10543 | byte* es = encSecret; |
Vanger | 0:b86d15c6ba29 | 10544 | buffer serverP = ssl->buffers.serverDH_P; |
Vanger | 0:b86d15c6ba29 | 10545 | buffer serverG = ssl->buffers.serverDH_G; |
Vanger | 0:b86d15c6ba29 | 10546 | buffer serverPub = ssl->buffers.serverDH_Pub; |
Vanger | 0:b86d15c6ba29 | 10547 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10548 | byte* priv = NULL; |
Vanger | 0:b86d15c6ba29 | 10549 | #else |
Vanger | 0:b86d15c6ba29 | 10550 | byte priv[ENCRYPT_LEN]; |
Vanger | 0:b86d15c6ba29 | 10551 | #endif |
Vanger | 0:b86d15c6ba29 | 10552 | word32 privSz = 0; |
Vanger | 0:b86d15c6ba29 | 10553 | word32 pubSz = 0; |
Vanger | 0:b86d15c6ba29 | 10554 | word32 esSz = 0; |
Vanger | 0:b86d15c6ba29 | 10555 | DhKey key; |
Vanger | 0:b86d15c6ba29 | 10556 | |
Vanger | 0:b86d15c6ba29 | 10557 | if (serverP.buffer == 0 || serverG.buffer == 0 || |
Vanger | 0:b86d15c6ba29 | 10558 | serverPub.buffer == 0) { |
Vanger | 0:b86d15c6ba29 | 10559 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10560 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10561 | #endif |
Vanger | 0:b86d15c6ba29 | 10562 | return NO_PEER_KEY; |
Vanger | 0:b86d15c6ba29 | 10563 | } |
Vanger | 0:b86d15c6ba29 | 10564 | |
Vanger | 0:b86d15c6ba29 | 10565 | ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, |
Vanger | 0:b86d15c6ba29 | 10566 | ssl->arrays->server_hint, ssl->arrays->client_identity, |
Vanger | 0:b86d15c6ba29 | 10567 | MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); |
Vanger | 0:b86d15c6ba29 | 10568 | if (ssl->arrays->psk_keySz == 0 || |
Vanger | 0:b86d15c6ba29 | 10569 | ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { |
Vanger | 0:b86d15c6ba29 | 10570 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10571 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10572 | #endif |
Vanger | 0:b86d15c6ba29 | 10573 | return PSK_KEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 10574 | } |
Vanger | 0:b86d15c6ba29 | 10575 | esSz = (word32)XSTRLEN(ssl->arrays->client_identity); |
Vanger | 0:b86d15c6ba29 | 10576 | |
Vanger | 0:b86d15c6ba29 | 10577 | if (esSz > MAX_PSK_ID_LEN) { |
Vanger | 0:b86d15c6ba29 | 10578 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10579 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10580 | #endif |
Vanger | 0:b86d15c6ba29 | 10581 | return CLIENT_ID_ERROR; |
Vanger | 0:b86d15c6ba29 | 10582 | } |
Vanger | 0:b86d15c6ba29 | 10583 | |
Vanger | 0:b86d15c6ba29 | 10584 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10585 | priv = (byte*)XMALLOC(ENCRYPT_LEN, NULL, |
Vanger | 0:b86d15c6ba29 | 10586 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10587 | if (priv == NULL) { |
Vanger | 0:b86d15c6ba29 | 10588 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10589 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 10590 | } |
Vanger | 0:b86d15c6ba29 | 10591 | #endif |
Vanger | 0:b86d15c6ba29 | 10592 | c16toa((word16)esSz, es); |
Vanger | 0:b86d15c6ba29 | 10593 | es += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 10594 | XMEMCPY(es, ssl->arrays->client_identity, esSz); |
Vanger | 0:b86d15c6ba29 | 10595 | es += esSz; |
Vanger | 0:b86d15c6ba29 | 10596 | encSz = esSz + OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 10597 | |
Vanger | 0:b86d15c6ba29 | 10598 | InitDhKey(&key); |
Vanger | 0:b86d15c6ba29 | 10599 | ret = DhSetKey(&key, serverP.buffer, serverP.length, |
Vanger | 0:b86d15c6ba29 | 10600 | serverG.buffer, serverG.length); |
Vanger | 0:b86d15c6ba29 | 10601 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 10602 | /* for DH, encSecret is Yc, agree is pre-master */ |
Vanger | 0:b86d15c6ba29 | 10603 | ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, |
Vanger | 0:b86d15c6ba29 | 10604 | es + OPAQUE16_LEN, &pubSz); |
Vanger | 0:b86d15c6ba29 | 10605 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 10606 | ret = DhAgree(&key, pms + OPAQUE16_LEN, |
Vanger | 0:b86d15c6ba29 | 10607 | &ssl->arrays->preMasterSz, priv, privSz, |
Vanger | 0:b86d15c6ba29 | 10608 | serverPub.buffer, serverPub.length); |
Vanger | 0:b86d15c6ba29 | 10609 | FreeDhKey(&key); |
Vanger | 0:b86d15c6ba29 | 10610 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10611 | XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10612 | #endif |
Vanger | 0:b86d15c6ba29 | 10613 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 10614 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10615 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10616 | #endif |
Vanger | 0:b86d15c6ba29 | 10617 | return ret; |
Vanger | 0:b86d15c6ba29 | 10618 | } |
Vanger | 0:b86d15c6ba29 | 10619 | |
Vanger | 0:b86d15c6ba29 | 10620 | c16toa((word16)pubSz, es); |
Vanger | 0:b86d15c6ba29 | 10621 | encSz += pubSz + OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 10622 | c16toa((word16)ssl->arrays->preMasterSz, pms); |
Vanger | 0:b86d15c6ba29 | 10623 | ssl->arrays->preMasterSz += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 10624 | pms += ssl->arrays->preMasterSz; |
Vanger | 0:b86d15c6ba29 | 10625 | |
Vanger | 0:b86d15c6ba29 | 10626 | /* make psk pre master secret */ |
Vanger | 0:b86d15c6ba29 | 10627 | /* length of key + length 0s + length of key + key */ |
Vanger | 0:b86d15c6ba29 | 10628 | c16toa((word16)ssl->arrays->psk_keySz, pms); |
Vanger | 0:b86d15c6ba29 | 10629 | pms += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 10630 | XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 10631 | ssl->arrays->preMasterSz += |
Vanger | 0:b86d15c6ba29 | 10632 | ssl->arrays->psk_keySz + OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 10633 | XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 10634 | ssl->arrays->psk_keySz = 0; /* No further need */ |
Vanger | 0:b86d15c6ba29 | 10635 | } |
Vanger | 0:b86d15c6ba29 | 10636 | break; |
Vanger | 0:b86d15c6ba29 | 10637 | #endif /* !NO_DH && !NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 10638 | #ifdef HAVE_NTRU |
Vanger | 0:b86d15c6ba29 | 10639 | case ntru_kea: |
Vanger | 0:b86d15c6ba29 | 10640 | { |
Vanger | 0:b86d15c6ba29 | 10641 | word32 rc; |
Vanger | 0:b86d15c6ba29 | 10642 | word16 cipherLen = MAX_ENCRYPT_SZ; |
Vanger | 0:b86d15c6ba29 | 10643 | DRBG_HANDLE drbg; |
Vanger | 0:b86d15c6ba29 | 10644 | static uint8_t const cyasslStr[] = { |
Vanger | 0:b86d15c6ba29 | 10645 | 'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U' |
Vanger | 0:b86d15c6ba29 | 10646 | }; |
Vanger | 0:b86d15c6ba29 | 10647 | |
Vanger | 0:b86d15c6ba29 | 10648 | ret = RNG_GenerateBlock(ssl->rng, |
Vanger | 0:b86d15c6ba29 | 10649 | ssl->arrays->preMasterSecret, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 10650 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 10651 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10652 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10653 | #endif |
Vanger | 0:b86d15c6ba29 | 10654 | return ret; |
Vanger | 0:b86d15c6ba29 | 10655 | } |
Vanger | 0:b86d15c6ba29 | 10656 | |
Vanger | 0:b86d15c6ba29 | 10657 | ssl->arrays->preMasterSz = SECRET_LEN; |
Vanger | 0:b86d15c6ba29 | 10658 | |
Vanger | 0:b86d15c6ba29 | 10659 | if (ssl->peerNtruKeyPresent == 0) { |
Vanger | 0:b86d15c6ba29 | 10660 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10661 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10662 | #endif |
Vanger | 0:b86d15c6ba29 | 10663 | return NO_PEER_KEY; |
Vanger | 0:b86d15c6ba29 | 10664 | } |
Vanger | 0:b86d15c6ba29 | 10665 | |
Vanger | 0:b86d15c6ba29 | 10666 | rc = ntru_crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr, |
Vanger | 0:b86d15c6ba29 | 10667 | sizeof(cyasslStr), GetEntropy, |
Vanger | 0:b86d15c6ba29 | 10668 | &drbg); |
Vanger | 0:b86d15c6ba29 | 10669 | if (rc != DRBG_OK) { |
Vanger | 0:b86d15c6ba29 | 10670 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10671 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10672 | #endif |
Vanger | 0:b86d15c6ba29 | 10673 | return NTRU_DRBG_ERROR; |
Vanger | 0:b86d15c6ba29 | 10674 | } |
Vanger | 0:b86d15c6ba29 | 10675 | |
Vanger | 0:b86d15c6ba29 | 10676 | rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen, |
Vanger | 0:b86d15c6ba29 | 10677 | ssl->peerNtruKey, |
Vanger | 0:b86d15c6ba29 | 10678 | ssl->arrays->preMasterSz, |
Vanger | 0:b86d15c6ba29 | 10679 | ssl->arrays->preMasterSecret, |
Vanger | 0:b86d15c6ba29 | 10680 | &cipherLen, encSecret); |
Vanger | 0:b86d15c6ba29 | 10681 | ntru_crypto_drbg_uninstantiate(drbg); |
Vanger | 0:b86d15c6ba29 | 10682 | if (rc != NTRU_OK) { |
Vanger | 0:b86d15c6ba29 | 10683 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10684 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10685 | #endif |
Vanger | 0:b86d15c6ba29 | 10686 | return NTRU_ENCRYPT_ERROR; |
Vanger | 0:b86d15c6ba29 | 10687 | } |
Vanger | 0:b86d15c6ba29 | 10688 | |
Vanger | 0:b86d15c6ba29 | 10689 | encSz = cipherLen; |
Vanger | 0:b86d15c6ba29 | 10690 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 10691 | } |
Vanger | 0:b86d15c6ba29 | 10692 | break; |
Vanger | 0:b86d15c6ba29 | 10693 | #endif /* HAVE_NTRU */ |
Vanger | 0:b86d15c6ba29 | 10694 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 10695 | case ecc_diffie_hellman_kea: |
Vanger | 0:b86d15c6ba29 | 10696 | { |
Vanger | 0:b86d15c6ba29 | 10697 | ecc_key myKey; |
Vanger | 0:b86d15c6ba29 | 10698 | ecc_key* peerKey = NULL; |
Vanger | 0:b86d15c6ba29 | 10699 | word32 size = MAX_ENCRYPT_SZ; |
Vanger | 0:b86d15c6ba29 | 10700 | |
Vanger | 0:b86d15c6ba29 | 10701 | if (ssl->specs.static_ecdh) { |
Vanger | 0:b86d15c6ba29 | 10702 | /* TODO: EccDsa is really fixed Ecc change naming */ |
Vanger | 0:b86d15c6ba29 | 10703 | if (!ssl->peerEccDsaKeyPresent || |
Vanger | 0:b86d15c6ba29 | 10704 | !ssl->peerEccDsaKey->dp) { |
Vanger | 0:b86d15c6ba29 | 10705 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10706 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10707 | #endif |
Vanger | 0:b86d15c6ba29 | 10708 | return NO_PEER_KEY; |
Vanger | 0:b86d15c6ba29 | 10709 | } |
Vanger | 0:b86d15c6ba29 | 10710 | peerKey = ssl->peerEccDsaKey; |
Vanger | 0:b86d15c6ba29 | 10711 | } |
Vanger | 0:b86d15c6ba29 | 10712 | else { |
Vanger | 0:b86d15c6ba29 | 10713 | if (!ssl->peerEccKeyPresent || !ssl->peerEccKey->dp) { |
Vanger | 0:b86d15c6ba29 | 10714 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10715 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10716 | #endif |
Vanger | 0:b86d15c6ba29 | 10717 | return NO_PEER_KEY; |
Vanger | 0:b86d15c6ba29 | 10718 | } |
Vanger | 0:b86d15c6ba29 | 10719 | peerKey = ssl->peerEccKey; |
Vanger | 0:b86d15c6ba29 | 10720 | } |
Vanger | 0:b86d15c6ba29 | 10721 | |
Vanger | 0:b86d15c6ba29 | 10722 | if (peerKey == NULL) { |
Vanger | 0:b86d15c6ba29 | 10723 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10724 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10725 | #endif |
Vanger | 0:b86d15c6ba29 | 10726 | return NO_PEER_KEY; |
Vanger | 0:b86d15c6ba29 | 10727 | } |
Vanger | 0:b86d15c6ba29 | 10728 | |
Vanger | 0:b86d15c6ba29 | 10729 | ecc_init(&myKey); |
Vanger | 0:b86d15c6ba29 | 10730 | ret = ecc_make_key(ssl->rng, peerKey->dp->size, &myKey); |
Vanger | 0:b86d15c6ba29 | 10731 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 10732 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10733 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10734 | #endif |
Vanger | 0:b86d15c6ba29 | 10735 | return ECC_MAKEKEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 10736 | } |
Vanger | 0:b86d15c6ba29 | 10737 | |
Vanger | 0:b86d15c6ba29 | 10738 | /* precede export with 1 byte length */ |
Vanger | 0:b86d15c6ba29 | 10739 | ret = ecc_export_x963(&myKey, encSecret + 1, &size); |
Vanger | 0:b86d15c6ba29 | 10740 | encSecret[0] = (byte)size; |
Vanger | 0:b86d15c6ba29 | 10741 | encSz = size + 1; |
Vanger | 0:b86d15c6ba29 | 10742 | |
Vanger | 0:b86d15c6ba29 | 10743 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 10744 | ret = ECC_EXPORT_ERROR; |
Vanger | 0:b86d15c6ba29 | 10745 | else { |
Vanger | 0:b86d15c6ba29 | 10746 | size = sizeof(ssl->arrays->preMasterSecret); |
Vanger | 0:b86d15c6ba29 | 10747 | ret = ecc_shared_secret(&myKey, peerKey, |
Vanger | 0:b86d15c6ba29 | 10748 | ssl->arrays->preMasterSecret, &size); |
Vanger | 0:b86d15c6ba29 | 10749 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 10750 | ret = ECC_SHARED_ERROR; |
Vanger | 0:b86d15c6ba29 | 10751 | } |
Vanger | 0:b86d15c6ba29 | 10752 | |
Vanger | 0:b86d15c6ba29 | 10753 | ssl->arrays->preMasterSz = size; |
Vanger | 0:b86d15c6ba29 | 10754 | ecc_free(&myKey); |
Vanger | 0:b86d15c6ba29 | 10755 | } |
Vanger | 0:b86d15c6ba29 | 10756 | break; |
Vanger | 0:b86d15c6ba29 | 10757 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 10758 | default: |
Vanger | 0:b86d15c6ba29 | 10759 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10760 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10761 | #endif |
Vanger | 0:b86d15c6ba29 | 10762 | return ALGO_ID_E; /* unsupported kea */ |
Vanger | 0:b86d15c6ba29 | 10763 | } |
Vanger | 0:b86d15c6ba29 | 10764 | |
Vanger | 0:b86d15c6ba29 | 10765 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 10766 | byte *output; |
Vanger | 0:b86d15c6ba29 | 10767 | int sendSz; |
Vanger | 0:b86d15c6ba29 | 10768 | word32 tlsSz = 0; |
Vanger | 0:b86d15c6ba29 | 10769 | |
Vanger | 0:b86d15c6ba29 | 10770 | if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea) |
Vanger | 0:b86d15c6ba29 | 10771 | tlsSz = 2; |
Vanger | 0:b86d15c6ba29 | 10772 | |
Vanger | 0:b86d15c6ba29 | 10773 | if (ssl->specs.kea == ecc_diffie_hellman_kea || |
Vanger | 0:b86d15c6ba29 | 10774 | ssl->specs.kea == dhe_psk_kea) /* always off */ |
Vanger | 0:b86d15c6ba29 | 10775 | tlsSz = 0; |
Vanger | 0:b86d15c6ba29 | 10776 | |
Vanger | 0:b86d15c6ba29 | 10777 | sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 10778 | idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 10779 | |
Vanger | 0:b86d15c6ba29 | 10780 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 10781 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 10782 | sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 10783 | idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA; |
Vanger | 0:b86d15c6ba29 | 10784 | } |
Vanger | 0:b86d15c6ba29 | 10785 | #endif |
Vanger | 0:b86d15c6ba29 | 10786 | |
Vanger | 0:b86d15c6ba29 | 10787 | if (ssl->keys.encryptionOn) |
Vanger | 0:b86d15c6ba29 | 10788 | sendSz += MAX_MSG_EXTRA; |
Vanger | 0:b86d15c6ba29 | 10789 | |
Vanger | 0:b86d15c6ba29 | 10790 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 10791 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { |
Vanger | 0:b86d15c6ba29 | 10792 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10793 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10794 | #endif |
Vanger | 0:b86d15c6ba29 | 10795 | return ret; |
Vanger | 0:b86d15c6ba29 | 10796 | } |
Vanger | 0:b86d15c6ba29 | 10797 | |
Vanger | 0:b86d15c6ba29 | 10798 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 10799 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 10800 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 10801 | |
Vanger | 0:b86d15c6ba29 | 10802 | AddHeaders(output, encSz + tlsSz, client_key_exchange, ssl); |
Vanger | 0:b86d15c6ba29 | 10803 | |
Vanger | 0:b86d15c6ba29 | 10804 | if (tlsSz) { |
Vanger | 0:b86d15c6ba29 | 10805 | c16toa((word16)encSz, &output[idx]); |
Vanger | 0:b86d15c6ba29 | 10806 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 10807 | } |
Vanger | 0:b86d15c6ba29 | 10808 | XMEMCPY(output + idx, encSecret, encSz); |
Vanger | 0:b86d15c6ba29 | 10809 | idx += encSz; |
Vanger | 0:b86d15c6ba29 | 10810 | |
Vanger | 0:b86d15c6ba29 | 10811 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 10812 | byte* input; |
Vanger | 0:b86d15c6ba29 | 10813 | int inputSz = idx-RECORD_HEADER_SZ; /* buildmsg adds rechdr */ |
Vanger | 0:b86d15c6ba29 | 10814 | |
Vanger | 0:b86d15c6ba29 | 10815 | input = (byte*)XMALLOC(inputSz, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 10816 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10817 | if (input == NULL) { |
Vanger | 0:b86d15c6ba29 | 10818 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10819 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10820 | #endif |
Vanger | 0:b86d15c6ba29 | 10821 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 10822 | } |
Vanger | 0:b86d15c6ba29 | 10823 | |
Vanger | 0:b86d15c6ba29 | 10824 | XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); |
Vanger | 0:b86d15c6ba29 | 10825 | sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, |
Vanger | 0:b86d15c6ba29 | 10826 | handshake); |
Vanger | 0:b86d15c6ba29 | 10827 | XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10828 | if (sendSz < 0) { |
Vanger | 0:b86d15c6ba29 | 10829 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10830 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10831 | #endif |
Vanger | 0:b86d15c6ba29 | 10832 | return sendSz; |
Vanger | 0:b86d15c6ba29 | 10833 | } |
Vanger | 0:b86d15c6ba29 | 10834 | } else { |
Vanger | 0:b86d15c6ba29 | 10835 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 10836 | if (ret != 0) { |
Vanger | 0:b86d15c6ba29 | 10837 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10838 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10839 | #endif |
Vanger | 0:b86d15c6ba29 | 10840 | return ret; |
Vanger | 0:b86d15c6ba29 | 10841 | } |
Vanger | 0:b86d15c6ba29 | 10842 | } |
Vanger | 0:b86d15c6ba29 | 10843 | |
Vanger | 0:b86d15c6ba29 | 10844 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 10845 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 10846 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) { |
Vanger | 0:b86d15c6ba29 | 10847 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10848 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10849 | #endif |
Vanger | 0:b86d15c6ba29 | 10850 | return ret; |
Vanger | 0:b86d15c6ba29 | 10851 | } |
Vanger | 0:b86d15c6ba29 | 10852 | } |
Vanger | 0:b86d15c6ba29 | 10853 | #endif |
Vanger | 0:b86d15c6ba29 | 10854 | |
Vanger | 0:b86d15c6ba29 | 10855 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 10856 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 10857 | AddPacketName("ClientKeyExchange", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 10858 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 10859 | AddPacketInfo("ClientKeyExchange", &ssl->timeoutInfo, |
Vanger | 0:b86d15c6ba29 | 10860 | output, sendSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 10861 | #endif |
Vanger | 0:b86d15c6ba29 | 10862 | |
Vanger | 0:b86d15c6ba29 | 10863 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 10864 | |
Vanger | 0:b86d15c6ba29 | 10865 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 10866 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 10867 | else |
Vanger | 0:b86d15c6ba29 | 10868 | ret = SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 10869 | } |
Vanger | 0:b86d15c6ba29 | 10870 | |
Vanger | 0:b86d15c6ba29 | 10871 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10872 | XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10873 | #endif |
Vanger | 0:b86d15c6ba29 | 10874 | |
Vanger | 0:b86d15c6ba29 | 10875 | if (ret == 0 || ret == WANT_WRITE) { |
Vanger | 0:b86d15c6ba29 | 10876 | int tmpRet = MakeMasterSecret(ssl); |
Vanger | 0:b86d15c6ba29 | 10877 | if (tmpRet != 0) |
Vanger | 0:b86d15c6ba29 | 10878 | ret = tmpRet; /* save WANT_WRITE unless more serious */ |
Vanger | 0:b86d15c6ba29 | 10879 | ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 10880 | } |
Vanger | 0:b86d15c6ba29 | 10881 | /* No further need for PMS */ |
Vanger | 0:b86d15c6ba29 | 10882 | XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz); |
Vanger | 0:b86d15c6ba29 | 10883 | ssl->arrays->preMasterSz = 0; |
Vanger | 0:b86d15c6ba29 | 10884 | |
Vanger | 0:b86d15c6ba29 | 10885 | return ret; |
Vanger | 0:b86d15c6ba29 | 10886 | } |
Vanger | 0:b86d15c6ba29 | 10887 | |
Vanger | 0:b86d15c6ba29 | 10888 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 10889 | int SendCertificateVerify(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 10890 | { |
Vanger | 0:b86d15c6ba29 | 10891 | byte *output; |
Vanger | 0:b86d15c6ba29 | 10892 | int sendSz = MAX_CERT_VERIFY_SZ, length, ret; |
Vanger | 0:b86d15c6ba29 | 10893 | word32 idx = 0; |
Vanger | 0:b86d15c6ba29 | 10894 | word32 sigOutSz = 0; |
Vanger | 0:b86d15c6ba29 | 10895 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 10896 | RsaKey key; |
Vanger | 0:b86d15c6ba29 | 10897 | int initRsaKey = 0; |
Vanger | 0:b86d15c6ba29 | 10898 | #endif |
Vanger | 0:b86d15c6ba29 | 10899 | int usingEcc = 0; |
Vanger | 0:b86d15c6ba29 | 10900 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 10901 | ecc_key eccKey; |
Vanger | 0:b86d15c6ba29 | 10902 | #endif |
Vanger | 0:b86d15c6ba29 | 10903 | |
Vanger | 0:b86d15c6ba29 | 10904 | (void)idx; |
Vanger | 0:b86d15c6ba29 | 10905 | |
Vanger | 0:b86d15c6ba29 | 10906 | if (ssl->options.sendVerify == SEND_BLANK_CERT) |
Vanger | 0:b86d15c6ba29 | 10907 | return 0; /* sent blank cert, can't verify */ |
Vanger | 0:b86d15c6ba29 | 10908 | |
Vanger | 0:b86d15c6ba29 | 10909 | if (ssl->keys.encryptionOn) |
Vanger | 0:b86d15c6ba29 | 10910 | sendSz += MAX_MSG_EXTRA; |
Vanger | 0:b86d15c6ba29 | 10911 | |
Vanger | 0:b86d15c6ba29 | 10912 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 10913 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 10914 | return ret; |
Vanger | 0:b86d15c6ba29 | 10915 | |
Vanger | 0:b86d15c6ba29 | 10916 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 10917 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 10918 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 10919 | |
Vanger | 0:b86d15c6ba29 | 10920 | ret = BuildCertHashes(ssl, &ssl->certHashes); |
Vanger | 0:b86d15c6ba29 | 10921 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 10922 | return ret; |
Vanger | 0:b86d15c6ba29 | 10923 | |
Vanger | 0:b86d15c6ba29 | 10924 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 10925 | ecc_init(&eccKey); |
Vanger | 0:b86d15c6ba29 | 10926 | #endif |
Vanger | 0:b86d15c6ba29 | 10927 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 10928 | ret = InitRsaKey(&key, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 10929 | if (ret == 0) initRsaKey = 1; |
Vanger | 0:b86d15c6ba29 | 10930 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 10931 | ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &key, |
Vanger | 0:b86d15c6ba29 | 10932 | ssl->buffers.key.length); |
Vanger | 0:b86d15c6ba29 | 10933 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 10934 | sigOutSz = RsaEncryptSize(&key); |
Vanger | 0:b86d15c6ba29 | 10935 | else |
Vanger | 0:b86d15c6ba29 | 10936 | #endif |
Vanger | 0:b86d15c6ba29 | 10937 | { |
Vanger | 0:b86d15c6ba29 | 10938 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 10939 | CYASSL_MSG("Trying ECC client cert, RSA didn't work"); |
Vanger | 0:b86d15c6ba29 | 10940 | |
Vanger | 0:b86d15c6ba29 | 10941 | idx = 0; |
Vanger | 0:b86d15c6ba29 | 10942 | ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &eccKey, |
Vanger | 0:b86d15c6ba29 | 10943 | ssl->buffers.key.length); |
Vanger | 0:b86d15c6ba29 | 10944 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 10945 | CYASSL_MSG("Using ECC client cert"); |
Vanger | 0:b86d15c6ba29 | 10946 | usingEcc = 1; |
Vanger | 0:b86d15c6ba29 | 10947 | sigOutSz = MAX_ENCODED_SIG_SZ; |
Vanger | 0:b86d15c6ba29 | 10948 | } |
Vanger | 0:b86d15c6ba29 | 10949 | else { |
Vanger | 0:b86d15c6ba29 | 10950 | CYASSL_MSG("Bad client cert type"); |
Vanger | 0:b86d15c6ba29 | 10951 | } |
Vanger | 0:b86d15c6ba29 | 10952 | #endif |
Vanger | 0:b86d15c6ba29 | 10953 | } |
Vanger | 0:b86d15c6ba29 | 10954 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 10955 | byte* verify = (byte*)&output[RECORD_HEADER_SZ + |
Vanger | 0:b86d15c6ba29 | 10956 | HANDSHAKE_HEADER_SZ]; |
Vanger | 0:b86d15c6ba29 | 10957 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 10958 | byte* signBuffer = ssl->certHashes.md5; |
Vanger | 0:b86d15c6ba29 | 10959 | #else |
Vanger | 0:b86d15c6ba29 | 10960 | byte* signBuffer = NULL; |
Vanger | 0:b86d15c6ba29 | 10961 | #endif |
Vanger | 0:b86d15c6ba29 | 10962 | word32 signSz = FINISHED_SZ; |
Vanger | 0:b86d15c6ba29 | 10963 | word32 extraSz = 0; /* tls 1.2 hash/sig */ |
Vanger | 0:b86d15c6ba29 | 10964 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10965 | byte* encodedSig = NULL; |
Vanger | 0:b86d15c6ba29 | 10966 | #else |
Vanger | 0:b86d15c6ba29 | 10967 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
Vanger | 0:b86d15c6ba29 | 10968 | #endif |
Vanger | 0:b86d15c6ba29 | 10969 | |
Vanger | 0:b86d15c6ba29 | 10970 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 10971 | encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 10972 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 10973 | if (encodedSig == NULL) { |
Vanger | 0:b86d15c6ba29 | 10974 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 10975 | if (initRsaKey) |
Vanger | 0:b86d15c6ba29 | 10976 | FreeRsaKey(&key); |
Vanger | 0:b86d15c6ba29 | 10977 | #endif |
Vanger | 0:b86d15c6ba29 | 10978 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 10979 | ecc_free(&eccKey); |
Vanger | 0:b86d15c6ba29 | 10980 | #endif |
Vanger | 0:b86d15c6ba29 | 10981 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 10982 | } |
Vanger | 0:b86d15c6ba29 | 10983 | #endif |
Vanger | 0:b86d15c6ba29 | 10984 | |
Vanger | 0:b86d15c6ba29 | 10985 | (void)encodedSig; |
Vanger | 0:b86d15c6ba29 | 10986 | (void)signSz; |
Vanger | 0:b86d15c6ba29 | 10987 | (void)signBuffer; |
Vanger | 0:b86d15c6ba29 | 10988 | |
Vanger | 0:b86d15c6ba29 | 10989 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 10990 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 10991 | verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 10992 | #endif |
Vanger | 0:b86d15c6ba29 | 10993 | length = sigOutSz; |
Vanger | 0:b86d15c6ba29 | 10994 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 10995 | verify[0] = ssl->suites->hashAlgo; |
Vanger | 0:b86d15c6ba29 | 10996 | verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo; |
Vanger | 0:b86d15c6ba29 | 10997 | extraSz = HASH_SIG_SIZE; |
Vanger | 0:b86d15c6ba29 | 10998 | } |
Vanger | 0:b86d15c6ba29 | 10999 | |
Vanger | 0:b86d15c6ba29 | 11000 | if (usingEcc) { |
Vanger | 0:b86d15c6ba29 | 11001 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 11002 | word32 localSz = MAX_ENCODED_SIG_SZ; |
Vanger | 0:b86d15c6ba29 | 11003 | word32 digestSz; |
Vanger | 0:b86d15c6ba29 | 11004 | byte* digest; |
Vanger | 0:b86d15c6ba29 | 11005 | byte doUserEcc = 0; |
Vanger | 0:b86d15c6ba29 | 11006 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 11007 | /* old tls default */ |
Vanger | 0:b86d15c6ba29 | 11008 | digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11009 | digest = ssl->certHashes.sha; |
Vanger | 0:b86d15c6ba29 | 11010 | #else |
Vanger | 0:b86d15c6ba29 | 11011 | /* new tls default */ |
Vanger | 0:b86d15c6ba29 | 11012 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11013 | digest = ssl->certHashes.sha256; |
Vanger | 0:b86d15c6ba29 | 11014 | #endif |
Vanger | 0:b86d15c6ba29 | 11015 | |
Vanger | 0:b86d15c6ba29 | 11016 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11017 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 11018 | if (ssl->ctx->EccSignCb) |
Vanger | 0:b86d15c6ba29 | 11019 | doUserEcc = 1; |
Vanger | 0:b86d15c6ba29 | 11020 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 11021 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 11022 | |
Vanger | 0:b86d15c6ba29 | 11023 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 11024 | if (ssl->suites->hashAlgo == sha_mac) { |
Vanger | 0:b86d15c6ba29 | 11025 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 11026 | digest = ssl->certHashes.sha; |
Vanger | 0:b86d15c6ba29 | 11027 | digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11028 | #endif |
Vanger | 0:b86d15c6ba29 | 11029 | } |
Vanger | 0:b86d15c6ba29 | 11030 | else if (ssl->suites->hashAlgo == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 11031 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 11032 | digest = ssl->certHashes.sha256; |
Vanger | 0:b86d15c6ba29 | 11033 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11034 | #endif |
Vanger | 0:b86d15c6ba29 | 11035 | } |
Vanger | 0:b86d15c6ba29 | 11036 | else if (ssl->suites->hashAlgo == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 11037 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 11038 | digest = ssl->certHashes.sha384; |
Vanger | 0:b86d15c6ba29 | 11039 | digestSz = SHA384_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11040 | #endif |
Vanger | 0:b86d15c6ba29 | 11041 | } |
Vanger | 0:b86d15c6ba29 | 11042 | } |
Vanger | 0:b86d15c6ba29 | 11043 | |
Vanger | 0:b86d15c6ba29 | 11044 | if (doUserEcc) { |
Vanger | 0:b86d15c6ba29 | 11045 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11046 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 11047 | ret = ssl->ctx->EccSignCb(ssl, digest, digestSz, |
Vanger | 0:b86d15c6ba29 | 11048 | encodedSig, &localSz, |
Vanger | 0:b86d15c6ba29 | 11049 | ssl->buffers.key.buffer, |
Vanger | 0:b86d15c6ba29 | 11050 | ssl->buffers.key.length, |
Vanger | 0:b86d15c6ba29 | 11051 | ssl->EccSignCtx); |
Vanger | 0:b86d15c6ba29 | 11052 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 11053 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 11054 | } |
Vanger | 0:b86d15c6ba29 | 11055 | else { |
Vanger | 0:b86d15c6ba29 | 11056 | ret = ecc_sign_hash(digest, digestSz, encodedSig, |
Vanger | 0:b86d15c6ba29 | 11057 | &localSz, ssl->rng, &eccKey); |
Vanger | 0:b86d15c6ba29 | 11058 | } |
Vanger | 0:b86d15c6ba29 | 11059 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 11060 | length = localSz; |
Vanger | 0:b86d15c6ba29 | 11061 | c16toa((word16)length, verify + extraSz); /* prepend hdr */ |
Vanger | 0:b86d15c6ba29 | 11062 | XMEMCPY(verify + extraSz + VERIFY_HEADER,encodedSig,length); |
Vanger | 0:b86d15c6ba29 | 11063 | } |
Vanger | 0:b86d15c6ba29 | 11064 | #endif |
Vanger | 0:b86d15c6ba29 | 11065 | } |
Vanger | 0:b86d15c6ba29 | 11066 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11067 | else { |
Vanger | 0:b86d15c6ba29 | 11068 | byte doUserRsa = 0; |
Vanger | 0:b86d15c6ba29 | 11069 | |
Vanger | 0:b86d15c6ba29 | 11070 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11071 | if (ssl->ctx->RsaSignCb) |
Vanger | 0:b86d15c6ba29 | 11072 | doUserRsa = 1; |
Vanger | 0:b86d15c6ba29 | 11073 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 11074 | |
Vanger | 0:b86d15c6ba29 | 11075 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 11076 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 11077 | byte* digest = ssl->certHashes.sha; |
Vanger | 0:b86d15c6ba29 | 11078 | int digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11079 | int typeH = SHAh; |
Vanger | 0:b86d15c6ba29 | 11080 | #else |
Vanger | 0:b86d15c6ba29 | 11081 | byte* digest = ssl->certHashes.sha256; |
Vanger | 0:b86d15c6ba29 | 11082 | int digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11083 | int typeH = SHA256h; |
Vanger | 0:b86d15c6ba29 | 11084 | #endif |
Vanger | 0:b86d15c6ba29 | 11085 | |
Vanger | 0:b86d15c6ba29 | 11086 | if (ssl->suites->hashAlgo == sha_mac) { |
Vanger | 0:b86d15c6ba29 | 11087 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 11088 | digest = ssl->certHashes.sha; |
Vanger | 0:b86d15c6ba29 | 11089 | typeH = SHAh; |
Vanger | 0:b86d15c6ba29 | 11090 | digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11091 | #endif |
Vanger | 0:b86d15c6ba29 | 11092 | } |
Vanger | 0:b86d15c6ba29 | 11093 | else if (ssl->suites->hashAlgo == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 11094 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 11095 | digest = ssl->certHashes.sha256; |
Vanger | 0:b86d15c6ba29 | 11096 | typeH = SHA256h; |
Vanger | 0:b86d15c6ba29 | 11097 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11098 | #endif |
Vanger | 0:b86d15c6ba29 | 11099 | } |
Vanger | 0:b86d15c6ba29 | 11100 | else if (ssl->suites->hashAlgo == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 11101 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 11102 | digest = ssl->certHashes.sha384; |
Vanger | 0:b86d15c6ba29 | 11103 | typeH = SHA384h; |
Vanger | 0:b86d15c6ba29 | 11104 | digestSz = SHA384_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11105 | #endif |
Vanger | 0:b86d15c6ba29 | 11106 | } |
Vanger | 0:b86d15c6ba29 | 11107 | |
Vanger | 0:b86d15c6ba29 | 11108 | signSz = EncodeSignature(encodedSig, digest,digestSz,typeH); |
Vanger | 0:b86d15c6ba29 | 11109 | signBuffer = encodedSig; |
Vanger | 0:b86d15c6ba29 | 11110 | } |
Vanger | 0:b86d15c6ba29 | 11111 | |
Vanger | 0:b86d15c6ba29 | 11112 | c16toa((word16)length, verify + extraSz); /* prepend hdr */ |
Vanger | 0:b86d15c6ba29 | 11113 | if (doUserRsa) { |
Vanger | 0:b86d15c6ba29 | 11114 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11115 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11116 | word32 ioLen = ENCRYPT_LEN; |
Vanger | 0:b86d15c6ba29 | 11117 | ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz, |
Vanger | 0:b86d15c6ba29 | 11118 | verify + extraSz + VERIFY_HEADER, |
Vanger | 0:b86d15c6ba29 | 11119 | &ioLen, |
Vanger | 0:b86d15c6ba29 | 11120 | ssl->buffers.key.buffer, |
Vanger | 0:b86d15c6ba29 | 11121 | ssl->buffers.key.length, |
Vanger | 0:b86d15c6ba29 | 11122 | ssl->RsaSignCtx); |
Vanger | 0:b86d15c6ba29 | 11123 | #endif /* NO_RSA */ |
Vanger | 0:b86d15c6ba29 | 11124 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 11125 | } |
Vanger | 0:b86d15c6ba29 | 11126 | else { |
Vanger | 0:b86d15c6ba29 | 11127 | ret = RsaSSL_Sign(signBuffer, signSz, verify + extraSz + |
Vanger | 0:b86d15c6ba29 | 11128 | VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng); |
Vanger | 0:b86d15c6ba29 | 11129 | } |
Vanger | 0:b86d15c6ba29 | 11130 | |
Vanger | 0:b86d15c6ba29 | 11131 | if (ret > 0) |
Vanger | 0:b86d15c6ba29 | 11132 | ret = 0; /* RSA reset */ |
Vanger | 0:b86d15c6ba29 | 11133 | } |
Vanger | 0:b86d15c6ba29 | 11134 | #endif |
Vanger | 0:b86d15c6ba29 | 11135 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11136 | XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11137 | #endif |
Vanger | 0:b86d15c6ba29 | 11138 | |
Vanger | 0:b86d15c6ba29 | 11139 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 11140 | AddHeaders(output, length + extraSz + VERIFY_HEADER, |
Vanger | 0:b86d15c6ba29 | 11141 | certificate_verify, ssl); |
Vanger | 0:b86d15c6ba29 | 11142 | |
Vanger | 0:b86d15c6ba29 | 11143 | sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length + |
Vanger | 0:b86d15c6ba29 | 11144 | extraSz + VERIFY_HEADER; |
Vanger | 0:b86d15c6ba29 | 11145 | |
Vanger | 0:b86d15c6ba29 | 11146 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 11147 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 11148 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 11149 | } |
Vanger | 0:b86d15c6ba29 | 11150 | #endif |
Vanger | 0:b86d15c6ba29 | 11151 | |
Vanger | 0:b86d15c6ba29 | 11152 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 11153 | byte* input; |
Vanger | 0:b86d15c6ba29 | 11154 | int inputSz = sendSz - RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 11155 | /* build msg adds rec hdr */ |
Vanger | 0:b86d15c6ba29 | 11156 | input = (byte*)XMALLOC(inputSz, ssl->heap, |
Vanger | 0:b86d15c6ba29 | 11157 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11158 | if (input == NULL) |
Vanger | 0:b86d15c6ba29 | 11159 | ret = MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 11160 | else { |
Vanger | 0:b86d15c6ba29 | 11161 | XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); |
Vanger | 0:b86d15c6ba29 | 11162 | sendSz = BuildMessage(ssl, output, |
Vanger | 0:b86d15c6ba29 | 11163 | MAX_CERT_VERIFY_SZ +MAX_MSG_EXTRA, |
Vanger | 0:b86d15c6ba29 | 11164 | input, inputSz, handshake); |
Vanger | 0:b86d15c6ba29 | 11165 | XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11166 | |
Vanger | 0:b86d15c6ba29 | 11167 | if (sendSz < 0) |
Vanger | 0:b86d15c6ba29 | 11168 | ret = sendSz; |
Vanger | 0:b86d15c6ba29 | 11169 | } |
Vanger | 0:b86d15c6ba29 | 11170 | } else { |
Vanger | 0:b86d15c6ba29 | 11171 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 11172 | } |
Vanger | 0:b86d15c6ba29 | 11173 | |
Vanger | 0:b86d15c6ba29 | 11174 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 11175 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 11176 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 11177 | return ret; |
Vanger | 0:b86d15c6ba29 | 11178 | } |
Vanger | 0:b86d15c6ba29 | 11179 | #endif |
Vanger | 0:b86d15c6ba29 | 11180 | } |
Vanger | 0:b86d15c6ba29 | 11181 | } |
Vanger | 0:b86d15c6ba29 | 11182 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11183 | if (initRsaKey) |
Vanger | 0:b86d15c6ba29 | 11184 | FreeRsaKey(&key); |
Vanger | 0:b86d15c6ba29 | 11185 | #endif |
Vanger | 0:b86d15c6ba29 | 11186 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 11187 | ecc_free(&eccKey); |
Vanger | 0:b86d15c6ba29 | 11188 | #endif |
Vanger | 0:b86d15c6ba29 | 11189 | |
Vanger | 0:b86d15c6ba29 | 11190 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 11191 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11192 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 11193 | AddPacketName("CertificateVerify", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 11194 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 11195 | AddPacketInfo("CertificateVerify", &ssl->timeoutInfo, |
Vanger | 0:b86d15c6ba29 | 11196 | output, sendSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 11197 | #endif |
Vanger | 0:b86d15c6ba29 | 11198 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 11199 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 11200 | return 0; |
Vanger | 0:b86d15c6ba29 | 11201 | else |
Vanger | 0:b86d15c6ba29 | 11202 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 11203 | } |
Vanger | 0:b86d15c6ba29 | 11204 | else |
Vanger | 0:b86d15c6ba29 | 11205 | return ret; |
Vanger | 0:b86d15c6ba29 | 11206 | } |
Vanger | 0:b86d15c6ba29 | 11207 | #endif /* NO_CERTS */ |
Vanger | 0:b86d15c6ba29 | 11208 | |
Vanger | 0:b86d15c6ba29 | 11209 | #ifdef HAVE_SESSION_TICKET |
Vanger | 0:b86d15c6ba29 | 11210 | int DoSessionTicket(CYASSL* ssl, |
Vanger | 0:b86d15c6ba29 | 11211 | const byte* input, word32* inOutIdx, word32 size) |
Vanger | 0:b86d15c6ba29 | 11212 | { |
Vanger | 0:b86d15c6ba29 | 11213 | word32 begin = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 11214 | word32 lifetime; |
Vanger | 0:b86d15c6ba29 | 11215 | word16 length; |
Vanger | 0:b86d15c6ba29 | 11216 | |
Vanger | 0:b86d15c6ba29 | 11217 | if (ssl->expect_session_ticket == 0) { |
Vanger | 0:b86d15c6ba29 | 11218 | CYASSL_MSG("Unexpected session ticket"); |
Vanger | 0:b86d15c6ba29 | 11219 | return SESSION_TICKET_EXPECT_E; |
Vanger | 0:b86d15c6ba29 | 11220 | } |
Vanger | 0:b86d15c6ba29 | 11221 | |
Vanger | 0:b86d15c6ba29 | 11222 | if ((*inOutIdx - begin) + OPAQUE32_LEN > size) |
Vanger | 0:b86d15c6ba29 | 11223 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 11224 | |
Vanger | 0:b86d15c6ba29 | 11225 | ato32(input + *inOutIdx, &lifetime); |
Vanger | 0:b86d15c6ba29 | 11226 | *inOutIdx += OPAQUE32_LEN; |
Vanger | 0:b86d15c6ba29 | 11227 | |
Vanger | 0:b86d15c6ba29 | 11228 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 11229 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 11230 | |
Vanger | 0:b86d15c6ba29 | 11231 | ato16(input + *inOutIdx, &length); |
Vanger | 0:b86d15c6ba29 | 11232 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 11233 | |
Vanger | 0:b86d15c6ba29 | 11234 | if (length > sizeof(ssl->session.ticket)) |
Vanger | 0:b86d15c6ba29 | 11235 | return SESSION_TICKET_LEN_E; |
Vanger | 0:b86d15c6ba29 | 11236 | |
Vanger | 0:b86d15c6ba29 | 11237 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 11238 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 11239 | |
Vanger | 0:b86d15c6ba29 | 11240 | /* If the received ticket including its length is greater than |
Vanger | 0:b86d15c6ba29 | 11241 | * a length value, the save it. Otherwise, don't save it. */ |
Vanger | 0:b86d15c6ba29 | 11242 | if (length > 0) { |
Vanger | 0:b86d15c6ba29 | 11243 | XMEMCPY(ssl->session.ticket, input + *inOutIdx, length); |
Vanger | 0:b86d15c6ba29 | 11244 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 11245 | ssl->session.ticketLen = length; |
Vanger | 0:b86d15c6ba29 | 11246 | ssl->timeout = lifetime; |
Vanger | 0:b86d15c6ba29 | 11247 | if (ssl->session_ticket_cb != NULL) { |
Vanger | 0:b86d15c6ba29 | 11248 | ssl->session_ticket_cb(ssl, |
Vanger | 0:b86d15c6ba29 | 11249 | ssl->session.ticket, ssl->session.ticketLen, |
Vanger | 0:b86d15c6ba29 | 11250 | ssl->session_ticket_ctx); |
Vanger | 0:b86d15c6ba29 | 11251 | } |
Vanger | 0:b86d15c6ba29 | 11252 | /* Create a fake sessionID based on the ticket, this will |
Vanger | 0:b86d15c6ba29 | 11253 | * supercede the existing session cache info. */ |
Vanger | 0:b86d15c6ba29 | 11254 | ssl->options.haveSessionId = 1; |
Vanger | 0:b86d15c6ba29 | 11255 | XMEMCPY(ssl->arrays->sessionID, |
Vanger | 0:b86d15c6ba29 | 11256 | ssl->session.ticket + length - ID_LEN, ID_LEN); |
Vanger | 0:b86d15c6ba29 | 11257 | #ifndef NO_SESSION_CACHE |
Vanger | 0:b86d15c6ba29 | 11258 | AddSession(ssl); |
Vanger | 0:b86d15c6ba29 | 11259 | #endif |
Vanger | 0:b86d15c6ba29 | 11260 | |
Vanger | 0:b86d15c6ba29 | 11261 | } |
Vanger | 0:b86d15c6ba29 | 11262 | else { |
Vanger | 0:b86d15c6ba29 | 11263 | ssl->session.ticketLen = 0; |
Vanger | 0:b86d15c6ba29 | 11264 | } |
Vanger | 0:b86d15c6ba29 | 11265 | |
Vanger | 0:b86d15c6ba29 | 11266 | if (ssl->keys.encryptionOn) { |
Vanger | 0:b86d15c6ba29 | 11267 | *inOutIdx += ssl->keys.padSz; |
Vanger | 0:b86d15c6ba29 | 11268 | } |
Vanger | 0:b86d15c6ba29 | 11269 | |
Vanger | 0:b86d15c6ba29 | 11270 | ssl->expect_session_ticket = 0; |
Vanger | 0:b86d15c6ba29 | 11271 | |
Vanger | 0:b86d15c6ba29 | 11272 | return BuildFinished(ssl, &ssl->verifyHashes, server); |
Vanger | 0:b86d15c6ba29 | 11273 | } |
Vanger | 0:b86d15c6ba29 | 11274 | #endif /* HAVE_SESSION_TICKET */ |
Vanger | 0:b86d15c6ba29 | 11275 | |
Vanger | 0:b86d15c6ba29 | 11276 | #endif /* NO_CYASSL_CLIENT */ |
Vanger | 0:b86d15c6ba29 | 11277 | |
Vanger | 0:b86d15c6ba29 | 11278 | |
Vanger | 0:b86d15c6ba29 | 11279 | #ifndef NO_CYASSL_SERVER |
Vanger | 0:b86d15c6ba29 | 11280 | |
Vanger | 0:b86d15c6ba29 | 11281 | int SendServerHello(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 11282 | { |
Vanger | 0:b86d15c6ba29 | 11283 | byte *output; |
Vanger | 0:b86d15c6ba29 | 11284 | word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 11285 | int sendSz; |
Vanger | 0:b86d15c6ba29 | 11286 | int ret; |
Vanger | 0:b86d15c6ba29 | 11287 | |
Vanger | 0:b86d15c6ba29 | 11288 | length = VERSION_SZ + RAN_LEN |
Vanger | 0:b86d15c6ba29 | 11289 | + ID_LEN + ENUM_LEN |
Vanger | 0:b86d15c6ba29 | 11290 | + SUITE_LEN |
Vanger | 0:b86d15c6ba29 | 11291 | + ENUM_LEN; |
Vanger | 0:b86d15c6ba29 | 11292 | |
Vanger | 0:b86d15c6ba29 | 11293 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 11294 | length += TLSX_GetResponseSize(ssl); |
Vanger | 0:b86d15c6ba29 | 11295 | #endif |
Vanger | 0:b86d15c6ba29 | 11296 | |
Vanger | 0:b86d15c6ba29 | 11297 | /* check for avalaible size */ |
Vanger | 0:b86d15c6ba29 | 11298 | if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0) |
Vanger | 0:b86d15c6ba29 | 11299 | return ret; |
Vanger | 0:b86d15c6ba29 | 11300 | |
Vanger | 0:b86d15c6ba29 | 11301 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 11302 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 11303 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 11304 | |
Vanger | 0:b86d15c6ba29 | 11305 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 11306 | AddHeaders(output, length, server_hello, ssl); |
Vanger | 0:b86d15c6ba29 | 11307 | |
Vanger | 0:b86d15c6ba29 | 11308 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 11309 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 11310 | idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 11311 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 11312 | } |
Vanger | 0:b86d15c6ba29 | 11313 | #endif |
Vanger | 0:b86d15c6ba29 | 11314 | /* now write to output */ |
Vanger | 0:b86d15c6ba29 | 11315 | /* first version */ |
Vanger | 0:b86d15c6ba29 | 11316 | output[idx++] = ssl->version.major; |
Vanger | 0:b86d15c6ba29 | 11317 | output[idx++] = ssl->version.minor; |
Vanger | 0:b86d15c6ba29 | 11318 | |
Vanger | 0:b86d15c6ba29 | 11319 | /* then random */ |
Vanger | 0:b86d15c6ba29 | 11320 | if (!ssl->options.resuming) { |
Vanger | 0:b86d15c6ba29 | 11321 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, |
Vanger | 0:b86d15c6ba29 | 11322 | RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 11323 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11324 | return ret; |
Vanger | 0:b86d15c6ba29 | 11325 | } |
Vanger | 0:b86d15c6ba29 | 11326 | |
Vanger | 0:b86d15c6ba29 | 11327 | XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 11328 | idx += RAN_LEN; |
Vanger | 0:b86d15c6ba29 | 11329 | |
Vanger | 0:b86d15c6ba29 | 11330 | #ifdef SHOW_SECRETS |
Vanger | 0:b86d15c6ba29 | 11331 | { |
Vanger | 0:b86d15c6ba29 | 11332 | int j; |
Vanger | 0:b86d15c6ba29 | 11333 | printf("server random: "); |
Vanger | 0:b86d15c6ba29 | 11334 | for (j = 0; j < RAN_LEN; j++) |
Vanger | 0:b86d15c6ba29 | 11335 | printf("%02x", ssl->arrays->serverRandom[j]); |
Vanger | 0:b86d15c6ba29 | 11336 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 11337 | } |
Vanger | 0:b86d15c6ba29 | 11338 | #endif |
Vanger | 0:b86d15c6ba29 | 11339 | /* then session id */ |
Vanger | 0:b86d15c6ba29 | 11340 | output[idx++] = ID_LEN; |
Vanger | 0:b86d15c6ba29 | 11341 | |
Vanger | 0:b86d15c6ba29 | 11342 | if (!ssl->options.resuming) { |
Vanger | 0:b86d15c6ba29 | 11343 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN); |
Vanger | 0:b86d15c6ba29 | 11344 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11345 | return ret; |
Vanger | 0:b86d15c6ba29 | 11346 | } |
Vanger | 0:b86d15c6ba29 | 11347 | |
Vanger | 0:b86d15c6ba29 | 11348 | XMEMCPY(output + idx, ssl->arrays->sessionID, ID_LEN); |
Vanger | 0:b86d15c6ba29 | 11349 | idx += ID_LEN; |
Vanger | 0:b86d15c6ba29 | 11350 | |
Vanger | 0:b86d15c6ba29 | 11351 | /* then cipher suite */ |
Vanger | 0:b86d15c6ba29 | 11352 | output[idx++] = ssl->options.cipherSuite0; |
Vanger | 0:b86d15c6ba29 | 11353 | output[idx++] = ssl->options.cipherSuite; |
Vanger | 0:b86d15c6ba29 | 11354 | |
Vanger | 0:b86d15c6ba29 | 11355 | /* then compression */ |
Vanger | 0:b86d15c6ba29 | 11356 | if (ssl->options.usingCompression) |
Vanger | 0:b86d15c6ba29 | 11357 | output[idx++] = ZLIB_COMPRESSION; |
Vanger | 0:b86d15c6ba29 | 11358 | else |
Vanger | 0:b86d15c6ba29 | 11359 | output[idx++] = NO_COMPRESSION; |
Vanger | 0:b86d15c6ba29 | 11360 | |
Vanger | 0:b86d15c6ba29 | 11361 | /* last, extensions */ |
Vanger | 0:b86d15c6ba29 | 11362 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 11363 | TLSX_WriteResponse(ssl, output + idx); |
Vanger | 0:b86d15c6ba29 | 11364 | #endif |
Vanger | 0:b86d15c6ba29 | 11365 | |
Vanger | 0:b86d15c6ba29 | 11366 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 11367 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 11368 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 11369 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 11370 | return ret; |
Vanger | 0:b86d15c6ba29 | 11371 | } |
Vanger | 0:b86d15c6ba29 | 11372 | #endif |
Vanger | 0:b86d15c6ba29 | 11373 | |
Vanger | 0:b86d15c6ba29 | 11374 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 11375 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11376 | return ret; |
Vanger | 0:b86d15c6ba29 | 11377 | |
Vanger | 0:b86d15c6ba29 | 11378 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11379 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 11380 | AddPacketName("ServerHello", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 11381 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 11382 | AddPacketInfo("ServerHello", &ssl->timeoutInfo, output, sendSz, |
Vanger | 0:b86d15c6ba29 | 11383 | ssl->heap); |
Vanger | 0:b86d15c6ba29 | 11384 | #endif |
Vanger | 0:b86d15c6ba29 | 11385 | |
Vanger | 0:b86d15c6ba29 | 11386 | ssl->options.serverState = SERVER_HELLO_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 11387 | |
Vanger | 0:b86d15c6ba29 | 11388 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 11389 | return 0; |
Vanger | 0:b86d15c6ba29 | 11390 | else |
Vanger | 0:b86d15c6ba29 | 11391 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 11392 | } |
Vanger | 0:b86d15c6ba29 | 11393 | |
Vanger | 0:b86d15c6ba29 | 11394 | |
Vanger | 0:b86d15c6ba29 | 11395 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 11396 | |
Vanger | 0:b86d15c6ba29 | 11397 | static byte SetCurveId(int size) |
Vanger | 0:b86d15c6ba29 | 11398 | { |
Vanger | 0:b86d15c6ba29 | 11399 | switch(size) { |
Vanger | 0:b86d15c6ba29 | 11400 | case 20: |
Vanger | 0:b86d15c6ba29 | 11401 | return secp160r1; |
Vanger | 0:b86d15c6ba29 | 11402 | case 24: |
Vanger | 0:b86d15c6ba29 | 11403 | return secp192r1; |
Vanger | 0:b86d15c6ba29 | 11404 | case 28: |
Vanger | 0:b86d15c6ba29 | 11405 | return secp224r1; |
Vanger | 0:b86d15c6ba29 | 11406 | case 32: |
Vanger | 0:b86d15c6ba29 | 11407 | return secp256r1; |
Vanger | 0:b86d15c6ba29 | 11408 | case 48: |
Vanger | 0:b86d15c6ba29 | 11409 | return secp384r1; |
Vanger | 0:b86d15c6ba29 | 11410 | case 66: |
Vanger | 0:b86d15c6ba29 | 11411 | return secp521r1; |
Vanger | 0:b86d15c6ba29 | 11412 | default: |
Vanger | 0:b86d15c6ba29 | 11413 | return 0; |
Vanger | 0:b86d15c6ba29 | 11414 | } |
Vanger | 0:b86d15c6ba29 | 11415 | } |
Vanger | 0:b86d15c6ba29 | 11416 | |
Vanger | 0:b86d15c6ba29 | 11417 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 11418 | |
Vanger | 0:b86d15c6ba29 | 11419 | |
Vanger | 0:b86d15c6ba29 | 11420 | int SendServerKeyExchange(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 11421 | { |
Vanger | 0:b86d15c6ba29 | 11422 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 11423 | (void)ssl; |
Vanger | 0:b86d15c6ba29 | 11424 | #define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0) |
Vanger | 0:b86d15c6ba29 | 11425 | |
Vanger | 0:b86d15c6ba29 | 11426 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 11427 | if (ssl->specs.kea == psk_kea) |
Vanger | 0:b86d15c6ba29 | 11428 | { |
Vanger | 0:b86d15c6ba29 | 11429 | byte *output; |
Vanger | 0:b86d15c6ba29 | 11430 | word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 11431 | int sendSz; |
Vanger | 0:b86d15c6ba29 | 11432 | if (ssl->arrays->server_hint[0] == 0) return 0; /* don't send */ |
Vanger | 0:b86d15c6ba29 | 11433 | |
Vanger | 0:b86d15c6ba29 | 11434 | /* include size part */ |
Vanger | 0:b86d15c6ba29 | 11435 | length = (word32)XSTRLEN(ssl->arrays->server_hint); |
Vanger | 0:b86d15c6ba29 | 11436 | if (length > MAX_PSK_ID_LEN) |
Vanger | 0:b86d15c6ba29 | 11437 | return SERVER_HINT_ERROR; |
Vanger | 0:b86d15c6ba29 | 11438 | |
Vanger | 0:b86d15c6ba29 | 11439 | length += HINT_LEN_SZ; |
Vanger | 0:b86d15c6ba29 | 11440 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 11441 | |
Vanger | 0:b86d15c6ba29 | 11442 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 11443 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 11444 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 11445 | idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 11446 | } |
Vanger | 0:b86d15c6ba29 | 11447 | #endif |
Vanger | 0:b86d15c6ba29 | 11448 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 11449 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 11450 | return ret; |
Vanger | 0:b86d15c6ba29 | 11451 | |
Vanger | 0:b86d15c6ba29 | 11452 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 11453 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 11454 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 11455 | |
Vanger | 0:b86d15c6ba29 | 11456 | AddHeaders(output, length, server_key_exchange, ssl); |
Vanger | 0:b86d15c6ba29 | 11457 | |
Vanger | 0:b86d15c6ba29 | 11458 | /* key data */ |
Vanger | 0:b86d15c6ba29 | 11459 | c16toa((word16)(length - HINT_LEN_SZ), output + idx); |
Vanger | 0:b86d15c6ba29 | 11460 | idx += HINT_LEN_SZ; |
Vanger | 0:b86d15c6ba29 | 11461 | XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ); |
Vanger | 0:b86d15c6ba29 | 11462 | |
Vanger | 0:b86d15c6ba29 | 11463 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 11464 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 11465 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 11466 | return ret; |
Vanger | 0:b86d15c6ba29 | 11467 | #endif |
Vanger | 0:b86d15c6ba29 | 11468 | |
Vanger | 0:b86d15c6ba29 | 11469 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 11470 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11471 | return ret; |
Vanger | 0:b86d15c6ba29 | 11472 | |
Vanger | 0:b86d15c6ba29 | 11473 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11474 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 11475 | AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 11476 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 11477 | AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, |
Vanger | 0:b86d15c6ba29 | 11478 | sendSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 11479 | #endif |
Vanger | 0:b86d15c6ba29 | 11480 | |
Vanger | 0:b86d15c6ba29 | 11481 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 11482 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 11483 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 11484 | else |
Vanger | 0:b86d15c6ba29 | 11485 | ret = SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 11486 | ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 11487 | } |
Vanger | 0:b86d15c6ba29 | 11488 | #endif /*NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 11489 | |
Vanger | 0:b86d15c6ba29 | 11490 | #if !defined(NO_DH) && !defined(NO_PSK) |
Vanger | 0:b86d15c6ba29 | 11491 | if (ssl->specs.kea == dhe_psk_kea) { |
Vanger | 0:b86d15c6ba29 | 11492 | byte *output; |
Vanger | 0:b86d15c6ba29 | 11493 | word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 11494 | word32 hintLen; |
Vanger | 0:b86d15c6ba29 | 11495 | int sendSz; |
Vanger | 0:b86d15c6ba29 | 11496 | DhKey dhKey; |
Vanger | 0:b86d15c6ba29 | 11497 | |
Vanger | 0:b86d15c6ba29 | 11498 | if (ssl->buffers.serverDH_P.buffer == NULL || |
Vanger | 0:b86d15c6ba29 | 11499 | ssl->buffers.serverDH_G.buffer == NULL) |
Vanger | 0:b86d15c6ba29 | 11500 | return NO_DH_PARAMS; |
Vanger | 0:b86d15c6ba29 | 11501 | |
Vanger | 0:b86d15c6ba29 | 11502 | if (ssl->buffers.serverDH_Pub.buffer == NULL) { |
Vanger | 0:b86d15c6ba29 | 11503 | ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( |
Vanger | 0:b86d15c6ba29 | 11504 | ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, |
Vanger | 0:b86d15c6ba29 | 11505 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 11506 | if (ssl->buffers.serverDH_Pub.buffer == NULL) |
Vanger | 0:b86d15c6ba29 | 11507 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 11508 | } |
Vanger | 0:b86d15c6ba29 | 11509 | |
Vanger | 0:b86d15c6ba29 | 11510 | if (ssl->buffers.serverDH_Priv.buffer == NULL) { |
Vanger | 0:b86d15c6ba29 | 11511 | ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( |
Vanger | 0:b86d15c6ba29 | 11512 | ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, |
Vanger | 0:b86d15c6ba29 | 11513 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 11514 | if (ssl->buffers.serverDH_Priv.buffer == NULL) |
Vanger | 0:b86d15c6ba29 | 11515 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 11516 | } |
Vanger | 0:b86d15c6ba29 | 11517 | |
Vanger | 0:b86d15c6ba29 | 11518 | InitDhKey(&dhKey); |
Vanger | 0:b86d15c6ba29 | 11519 | ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, |
Vanger | 0:b86d15c6ba29 | 11520 | ssl->buffers.serverDH_P.length, |
Vanger | 0:b86d15c6ba29 | 11521 | ssl->buffers.serverDH_G.buffer, |
Vanger | 0:b86d15c6ba29 | 11522 | ssl->buffers.serverDH_G.length); |
Vanger | 0:b86d15c6ba29 | 11523 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 11524 | ret = DhGenerateKeyPair(&dhKey, ssl->rng, |
Vanger | 0:b86d15c6ba29 | 11525 | ssl->buffers.serverDH_Priv.buffer, |
Vanger | 0:b86d15c6ba29 | 11526 | &ssl->buffers.serverDH_Priv.length, |
Vanger | 0:b86d15c6ba29 | 11527 | ssl->buffers.serverDH_Pub.buffer, |
Vanger | 0:b86d15c6ba29 | 11528 | &ssl->buffers.serverDH_Pub.length); |
Vanger | 0:b86d15c6ba29 | 11529 | FreeDhKey(&dhKey); |
Vanger | 0:b86d15c6ba29 | 11530 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11531 | return ret; |
Vanger | 0:b86d15c6ba29 | 11532 | |
Vanger | 0:b86d15c6ba29 | 11533 | length = LENGTH_SZ * 3 + /* p, g, pub */ |
Vanger | 0:b86d15c6ba29 | 11534 | ssl->buffers.serverDH_P.length + |
Vanger | 0:b86d15c6ba29 | 11535 | ssl->buffers.serverDH_G.length + |
Vanger | 0:b86d15c6ba29 | 11536 | ssl->buffers.serverDH_Pub.length; |
Vanger | 0:b86d15c6ba29 | 11537 | |
Vanger | 0:b86d15c6ba29 | 11538 | /* include size part */ |
Vanger | 0:b86d15c6ba29 | 11539 | hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); |
Vanger | 0:b86d15c6ba29 | 11540 | if (hintLen > MAX_PSK_ID_LEN) |
Vanger | 0:b86d15c6ba29 | 11541 | return SERVER_HINT_ERROR; |
Vanger | 0:b86d15c6ba29 | 11542 | length += hintLen + HINT_LEN_SZ; |
Vanger | 0:b86d15c6ba29 | 11543 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 11544 | |
Vanger | 0:b86d15c6ba29 | 11545 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 11546 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 11547 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 11548 | idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 11549 | } |
Vanger | 0:b86d15c6ba29 | 11550 | #endif |
Vanger | 0:b86d15c6ba29 | 11551 | |
Vanger | 0:b86d15c6ba29 | 11552 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 11553 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 11554 | return ret; |
Vanger | 0:b86d15c6ba29 | 11555 | |
Vanger | 0:b86d15c6ba29 | 11556 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 11557 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 11558 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 11559 | |
Vanger | 0:b86d15c6ba29 | 11560 | AddHeaders(output, length, server_key_exchange, ssl); |
Vanger | 0:b86d15c6ba29 | 11561 | |
Vanger | 0:b86d15c6ba29 | 11562 | /* key data */ |
Vanger | 0:b86d15c6ba29 | 11563 | c16toa((word16)hintLen, output + idx); |
Vanger | 0:b86d15c6ba29 | 11564 | idx += HINT_LEN_SZ; |
Vanger | 0:b86d15c6ba29 | 11565 | XMEMCPY(output + idx, ssl->arrays->server_hint, hintLen); |
Vanger | 0:b86d15c6ba29 | 11566 | idx += hintLen; |
Vanger | 0:b86d15c6ba29 | 11567 | |
Vanger | 0:b86d15c6ba29 | 11568 | /* add p, g, pub */ |
Vanger | 0:b86d15c6ba29 | 11569 | c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); |
Vanger | 0:b86d15c6ba29 | 11570 | idx += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 11571 | XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, |
Vanger | 0:b86d15c6ba29 | 11572 | ssl->buffers.serverDH_P.length); |
Vanger | 0:b86d15c6ba29 | 11573 | idx += ssl->buffers.serverDH_P.length; |
Vanger | 0:b86d15c6ba29 | 11574 | |
Vanger | 0:b86d15c6ba29 | 11575 | /* g */ |
Vanger | 0:b86d15c6ba29 | 11576 | c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); |
Vanger | 0:b86d15c6ba29 | 11577 | idx += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 11578 | XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, |
Vanger | 0:b86d15c6ba29 | 11579 | ssl->buffers.serverDH_G.length); |
Vanger | 0:b86d15c6ba29 | 11580 | idx += ssl->buffers.serverDH_G.length; |
Vanger | 0:b86d15c6ba29 | 11581 | |
Vanger | 0:b86d15c6ba29 | 11582 | /* pub */ |
Vanger | 0:b86d15c6ba29 | 11583 | c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); |
Vanger | 0:b86d15c6ba29 | 11584 | idx += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 11585 | XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, |
Vanger | 0:b86d15c6ba29 | 11586 | ssl->buffers.serverDH_Pub.length); |
Vanger | 0:b86d15c6ba29 | 11587 | idx += ssl->buffers.serverDH_Pub.length; |
Vanger | 0:b86d15c6ba29 | 11588 | (void)idx; /* suppress analyzer warning, and keep idx current */ |
Vanger | 0:b86d15c6ba29 | 11589 | |
Vanger | 0:b86d15c6ba29 | 11590 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 11591 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 11592 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 11593 | return ret; |
Vanger | 0:b86d15c6ba29 | 11594 | #endif |
Vanger | 0:b86d15c6ba29 | 11595 | |
Vanger | 0:b86d15c6ba29 | 11596 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 11597 | |
Vanger | 0:b86d15c6ba29 | 11598 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11599 | return ret; |
Vanger | 0:b86d15c6ba29 | 11600 | |
Vanger | 0:b86d15c6ba29 | 11601 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11602 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 11603 | AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 11604 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 11605 | AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, output, |
Vanger | 0:b86d15c6ba29 | 11606 | sendSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 11607 | #endif |
Vanger | 0:b86d15c6ba29 | 11608 | |
Vanger | 0:b86d15c6ba29 | 11609 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 11610 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 11611 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 11612 | else |
Vanger | 0:b86d15c6ba29 | 11613 | ret = SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 11614 | ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 11615 | } |
Vanger | 0:b86d15c6ba29 | 11616 | #endif /* !NO_DH && !NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 11617 | |
Vanger | 0:b86d15c6ba29 | 11618 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 11619 | if (ssl->specs.kea == ecc_diffie_hellman_kea) |
Vanger | 0:b86d15c6ba29 | 11620 | { |
Vanger | 0:b86d15c6ba29 | 11621 | byte *output; |
Vanger | 0:b86d15c6ba29 | 11622 | word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 11623 | int sendSz; |
Vanger | 0:b86d15c6ba29 | 11624 | word32 sigSz; |
Vanger | 0:b86d15c6ba29 | 11625 | word32 preSigSz, preSigIdx; |
Vanger | 0:b86d15c6ba29 | 11626 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11627 | RsaKey rsaKey; |
Vanger | 0:b86d15c6ba29 | 11628 | #endif |
Vanger | 0:b86d15c6ba29 | 11629 | ecc_key dsaKey; |
Vanger | 0:b86d15c6ba29 | 11630 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11631 | byte* exportBuf = NULL; |
Vanger | 0:b86d15c6ba29 | 11632 | #else |
Vanger | 0:b86d15c6ba29 | 11633 | byte exportBuf[MAX_EXPORT_ECC_SZ]; |
Vanger | 0:b86d15c6ba29 | 11634 | #endif |
Vanger | 0:b86d15c6ba29 | 11635 | word32 expSz = MAX_EXPORT_ECC_SZ; |
Vanger | 0:b86d15c6ba29 | 11636 | |
Vanger | 0:b86d15c6ba29 | 11637 | if (ssl->specs.static_ecdh) { |
Vanger | 0:b86d15c6ba29 | 11638 | CYASSL_MSG("Using Static ECDH, not sending ServerKeyExchagne"); |
Vanger | 0:b86d15c6ba29 | 11639 | return 0; |
Vanger | 0:b86d15c6ba29 | 11640 | } |
Vanger | 0:b86d15c6ba29 | 11641 | |
Vanger | 0:b86d15c6ba29 | 11642 | /* curve type, named curve, length(1) */ |
Vanger | 0:b86d15c6ba29 | 11643 | length = ENUM_LEN + CURVE_LEN + ENUM_LEN; |
Vanger | 0:b86d15c6ba29 | 11644 | /* pub key size */ |
Vanger | 0:b86d15c6ba29 | 11645 | CYASSL_MSG("Using ephemeral ECDH"); |
Vanger | 0:b86d15c6ba29 | 11646 | |
Vanger | 0:b86d15c6ba29 | 11647 | /* need ephemeral key now, create it if missing */ |
Vanger | 0:b86d15c6ba29 | 11648 | if (ssl->eccTempKeyPresent == 0) { |
Vanger | 0:b86d15c6ba29 | 11649 | if (ecc_make_key(ssl->rng, ssl->eccTempKeySz, |
Vanger | 0:b86d15c6ba29 | 11650 | ssl->eccTempKey) != 0) { |
Vanger | 0:b86d15c6ba29 | 11651 | return ECC_MAKEKEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 11652 | } |
Vanger | 0:b86d15c6ba29 | 11653 | ssl->eccTempKeyPresent = 1; |
Vanger | 0:b86d15c6ba29 | 11654 | } |
Vanger | 0:b86d15c6ba29 | 11655 | |
Vanger | 0:b86d15c6ba29 | 11656 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11657 | exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 11658 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11659 | if (exportBuf == NULL) |
Vanger | 0:b86d15c6ba29 | 11660 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 11661 | #endif |
Vanger | 0:b86d15c6ba29 | 11662 | |
Vanger | 0:b86d15c6ba29 | 11663 | if (ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) |
Vanger | 0:b86d15c6ba29 | 11664 | ERROR_OUT(ECC_EXPORT_ERROR, done_a); |
Vanger | 0:b86d15c6ba29 | 11665 | length += expSz; |
Vanger | 0:b86d15c6ba29 | 11666 | |
Vanger | 0:b86d15c6ba29 | 11667 | preSigSz = length; |
Vanger | 0:b86d15c6ba29 | 11668 | preSigIdx = idx; |
Vanger | 0:b86d15c6ba29 | 11669 | |
Vanger | 0:b86d15c6ba29 | 11670 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11671 | ret = InitRsaKey(&rsaKey, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 11672 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11673 | goto done_a; |
Vanger | 0:b86d15c6ba29 | 11674 | #endif |
Vanger | 0:b86d15c6ba29 | 11675 | |
Vanger | 0:b86d15c6ba29 | 11676 | ecc_init(&dsaKey); |
Vanger | 0:b86d15c6ba29 | 11677 | |
Vanger | 0:b86d15c6ba29 | 11678 | /* sig length */ |
Vanger | 0:b86d15c6ba29 | 11679 | length += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 11680 | |
Vanger | 0:b86d15c6ba29 | 11681 | if (!ssl->buffers.key.buffer) { |
Vanger | 0:b86d15c6ba29 | 11682 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11683 | FreeRsaKey(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 11684 | #endif |
Vanger | 0:b86d15c6ba29 | 11685 | ecc_free(&dsaKey); |
Vanger | 0:b86d15c6ba29 | 11686 | ERROR_OUT(NO_PRIVATE_KEY, done_a); |
Vanger | 0:b86d15c6ba29 | 11687 | } |
Vanger | 0:b86d15c6ba29 | 11688 | |
Vanger | 0:b86d15c6ba29 | 11689 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11690 | if (ssl->specs.sig_algo == rsa_sa_algo) { |
Vanger | 0:b86d15c6ba29 | 11691 | /* rsa sig size */ |
Vanger | 0:b86d15c6ba29 | 11692 | word32 i = 0; |
Vanger | 0:b86d15c6ba29 | 11693 | ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, |
Vanger | 0:b86d15c6ba29 | 11694 | &rsaKey, ssl->buffers.key.length); |
Vanger | 0:b86d15c6ba29 | 11695 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11696 | goto done_a; |
Vanger | 0:b86d15c6ba29 | 11697 | sigSz = RsaEncryptSize(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 11698 | } else |
Vanger | 0:b86d15c6ba29 | 11699 | #endif |
Vanger | 0:b86d15c6ba29 | 11700 | |
Vanger | 0:b86d15c6ba29 | 11701 | if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { |
Vanger | 0:b86d15c6ba29 | 11702 | /* ecdsa sig size */ |
Vanger | 0:b86d15c6ba29 | 11703 | word32 i = 0; |
Vanger | 0:b86d15c6ba29 | 11704 | ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, |
Vanger | 0:b86d15c6ba29 | 11705 | &dsaKey, ssl->buffers.key.length); |
Vanger | 0:b86d15c6ba29 | 11706 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11707 | goto done_a; |
Vanger | 0:b86d15c6ba29 | 11708 | sigSz = ecc_sig_size(&dsaKey); /* worst case estimate */ |
Vanger | 0:b86d15c6ba29 | 11709 | } |
Vanger | 0:b86d15c6ba29 | 11710 | else { |
Vanger | 0:b86d15c6ba29 | 11711 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11712 | FreeRsaKey(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 11713 | #endif |
Vanger | 0:b86d15c6ba29 | 11714 | ecc_free(&dsaKey); |
Vanger | 0:b86d15c6ba29 | 11715 | ERROR_OUT(ALGO_ID_E, done_a); /* unsupported type */ |
Vanger | 0:b86d15c6ba29 | 11716 | } |
Vanger | 0:b86d15c6ba29 | 11717 | length += sigSz; |
Vanger | 0:b86d15c6ba29 | 11718 | |
Vanger | 0:b86d15c6ba29 | 11719 | if (IsAtLeastTLSv1_2(ssl)) |
Vanger | 0:b86d15c6ba29 | 11720 | length += HASH_SIG_SIZE; |
Vanger | 0:b86d15c6ba29 | 11721 | |
Vanger | 0:b86d15c6ba29 | 11722 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 11723 | |
Vanger | 0:b86d15c6ba29 | 11724 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 11725 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 11726 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 11727 | idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 11728 | preSigIdx = idx; |
Vanger | 0:b86d15c6ba29 | 11729 | } |
Vanger | 0:b86d15c6ba29 | 11730 | #endif |
Vanger | 0:b86d15c6ba29 | 11731 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 11732 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { |
Vanger | 0:b86d15c6ba29 | 11733 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11734 | FreeRsaKey(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 11735 | #endif |
Vanger | 0:b86d15c6ba29 | 11736 | ecc_free(&dsaKey); |
Vanger | 0:b86d15c6ba29 | 11737 | goto done_a; |
Vanger | 0:b86d15c6ba29 | 11738 | } |
Vanger | 0:b86d15c6ba29 | 11739 | |
Vanger | 0:b86d15c6ba29 | 11740 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 11741 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 11742 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 11743 | |
Vanger | 0:b86d15c6ba29 | 11744 | /* record and message headers will be added below, when we're sure |
Vanger | 0:b86d15c6ba29 | 11745 | of the sig length */ |
Vanger | 0:b86d15c6ba29 | 11746 | |
Vanger | 0:b86d15c6ba29 | 11747 | /* key exchange data */ |
Vanger | 0:b86d15c6ba29 | 11748 | output[idx++] = named_curve; |
Vanger | 0:b86d15c6ba29 | 11749 | output[idx++] = 0x00; /* leading zero */ |
Vanger | 0:b86d15c6ba29 | 11750 | output[idx++] = SetCurveId(ecc_size(ssl->eccTempKey)); |
Vanger | 0:b86d15c6ba29 | 11751 | output[idx++] = (byte)expSz; |
Vanger | 0:b86d15c6ba29 | 11752 | XMEMCPY(output + idx, exportBuf, expSz); |
Vanger | 0:b86d15c6ba29 | 11753 | idx += expSz; |
Vanger | 0:b86d15c6ba29 | 11754 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 11755 | output[idx++] = ssl->suites->hashAlgo; |
Vanger | 0:b86d15c6ba29 | 11756 | output[idx++] = ssl->suites->sigAlgo; |
Vanger | 0:b86d15c6ba29 | 11757 | } |
Vanger | 0:b86d15c6ba29 | 11758 | |
Vanger | 0:b86d15c6ba29 | 11759 | /* Signtaure length will be written later, when we're sure what it |
Vanger | 0:b86d15c6ba29 | 11760 | is */ |
Vanger | 0:b86d15c6ba29 | 11761 | |
Vanger | 0:b86d15c6ba29 | 11762 | #ifdef HAVE_FUZZER |
Vanger | 0:b86d15c6ba29 | 11763 | if (ssl->fuzzerCb) |
Vanger | 0:b86d15c6ba29 | 11764 | ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, FUZZ_SIGNATURE, |
Vanger | 0:b86d15c6ba29 | 11765 | ssl->fuzzerCtx); |
Vanger | 0:b86d15c6ba29 | 11766 | #endif |
Vanger | 0:b86d15c6ba29 | 11767 | |
Vanger | 0:b86d15c6ba29 | 11768 | /* do signature */ |
Vanger | 0:b86d15c6ba29 | 11769 | { |
Vanger | 0:b86d15c6ba29 | 11770 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 11771 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11772 | Md5* md5 = NULL; |
Vanger | 0:b86d15c6ba29 | 11773 | Sha* sha = NULL; |
Vanger | 0:b86d15c6ba29 | 11774 | #else |
Vanger | 0:b86d15c6ba29 | 11775 | Md5 md5[1]; |
Vanger | 0:b86d15c6ba29 | 11776 | Sha sha[1]; |
Vanger | 0:b86d15c6ba29 | 11777 | #endif |
Vanger | 0:b86d15c6ba29 | 11778 | #endif |
Vanger | 0:b86d15c6ba29 | 11779 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11780 | byte* hash = NULL; |
Vanger | 0:b86d15c6ba29 | 11781 | #else |
Vanger | 0:b86d15c6ba29 | 11782 | byte hash[FINISHED_SZ]; |
Vanger | 0:b86d15c6ba29 | 11783 | #endif |
Vanger | 0:b86d15c6ba29 | 11784 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 11785 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11786 | Sha256* sha256 = NULL; |
Vanger | 0:b86d15c6ba29 | 11787 | byte* hash256 = NULL; |
Vanger | 0:b86d15c6ba29 | 11788 | #else |
Vanger | 0:b86d15c6ba29 | 11789 | Sha256 sha256[1]; |
Vanger | 0:b86d15c6ba29 | 11790 | byte hash256[SHA256_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 11791 | #endif |
Vanger | 0:b86d15c6ba29 | 11792 | #endif |
Vanger | 0:b86d15c6ba29 | 11793 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 11794 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11795 | Sha384* sha384 = NULL; |
Vanger | 0:b86d15c6ba29 | 11796 | byte* hash384 = NULL; |
Vanger | 0:b86d15c6ba29 | 11797 | #else |
Vanger | 0:b86d15c6ba29 | 11798 | Sha384 sha384[1]; |
Vanger | 0:b86d15c6ba29 | 11799 | byte hash384[SHA384_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 11800 | #endif |
Vanger | 0:b86d15c6ba29 | 11801 | #endif |
Vanger | 0:b86d15c6ba29 | 11802 | |
Vanger | 0:b86d15c6ba29 | 11803 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11804 | hash = (byte*)XMALLOC(FINISHED_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 11805 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11806 | if (hash == NULL) |
Vanger | 0:b86d15c6ba29 | 11807 | ERROR_OUT(MEMORY_E, done_a); |
Vanger | 0:b86d15c6ba29 | 11808 | #endif |
Vanger | 0:b86d15c6ba29 | 11809 | |
Vanger | 0:b86d15c6ba29 | 11810 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 11811 | /* md5 */ |
Vanger | 0:b86d15c6ba29 | 11812 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11813 | md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11814 | if (md5 == NULL) |
Vanger | 0:b86d15c6ba29 | 11815 | ERROR_OUT(MEMORY_E, done_a2); |
Vanger | 0:b86d15c6ba29 | 11816 | #endif |
Vanger | 0:b86d15c6ba29 | 11817 | InitMd5(md5); |
Vanger | 0:b86d15c6ba29 | 11818 | Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 11819 | Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 11820 | Md5Update(md5, output + preSigIdx, preSigSz); |
Vanger | 0:b86d15c6ba29 | 11821 | Md5Final(md5, hash); |
Vanger | 0:b86d15c6ba29 | 11822 | |
Vanger | 0:b86d15c6ba29 | 11823 | /* sha */ |
Vanger | 0:b86d15c6ba29 | 11824 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11825 | sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11826 | if (sha == NULL) |
Vanger | 0:b86d15c6ba29 | 11827 | ERROR_OUT(MEMORY_E, done_a2); |
Vanger | 0:b86d15c6ba29 | 11828 | #endif |
Vanger | 0:b86d15c6ba29 | 11829 | ret = InitSha(sha); |
Vanger | 0:b86d15c6ba29 | 11830 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11831 | goto done_a2; |
Vanger | 0:b86d15c6ba29 | 11832 | ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 11833 | ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 11834 | ShaUpdate(sha, output + preSigIdx, preSigSz); |
Vanger | 0:b86d15c6ba29 | 11835 | ShaFinal(sha, &hash[MD5_DIGEST_SIZE]); |
Vanger | 0:b86d15c6ba29 | 11836 | #endif |
Vanger | 0:b86d15c6ba29 | 11837 | |
Vanger | 0:b86d15c6ba29 | 11838 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 11839 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11840 | sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, |
Vanger | 0:b86d15c6ba29 | 11841 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11842 | hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, |
Vanger | 0:b86d15c6ba29 | 11843 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11844 | if (sha256 == NULL || hash256 == NULL) |
Vanger | 0:b86d15c6ba29 | 11845 | ERROR_OUT(MEMORY_E, done_a2); |
Vanger | 0:b86d15c6ba29 | 11846 | #endif |
Vanger | 0:b86d15c6ba29 | 11847 | |
Vanger | 0:b86d15c6ba29 | 11848 | if (!(ret = InitSha256(sha256)) |
Vanger | 0:b86d15c6ba29 | 11849 | && !(ret = Sha256Update(sha256, ssl->arrays->clientRandom, |
Vanger | 0:b86d15c6ba29 | 11850 | RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 11851 | && !(ret = Sha256Update(sha256, ssl->arrays->serverRandom, |
Vanger | 0:b86d15c6ba29 | 11852 | RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 11853 | && !(ret = Sha256Update(sha256, output + preSigIdx, preSigSz))) |
Vanger | 0:b86d15c6ba29 | 11854 | ret = Sha256Final(sha256, hash256); |
Vanger | 0:b86d15c6ba29 | 11855 | |
Vanger | 0:b86d15c6ba29 | 11856 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11857 | goto done_a2; |
Vanger | 0:b86d15c6ba29 | 11858 | #endif |
Vanger | 0:b86d15c6ba29 | 11859 | |
Vanger | 0:b86d15c6ba29 | 11860 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 11861 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11862 | sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, |
Vanger | 0:b86d15c6ba29 | 11863 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11864 | hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, |
Vanger | 0:b86d15c6ba29 | 11865 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11866 | if (sha384 == NULL || hash384 == NULL) |
Vanger | 0:b86d15c6ba29 | 11867 | ERROR_OUT(MEMORY_E, done_a2); |
Vanger | 0:b86d15c6ba29 | 11868 | #endif |
Vanger | 0:b86d15c6ba29 | 11869 | |
Vanger | 0:b86d15c6ba29 | 11870 | if (!(ret = InitSha384(sha384)) |
Vanger | 0:b86d15c6ba29 | 11871 | && !(ret = Sha384Update(sha384, ssl->arrays->clientRandom, |
Vanger | 0:b86d15c6ba29 | 11872 | RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 11873 | && !(ret = Sha384Update(sha384, ssl->arrays->serverRandom, |
Vanger | 0:b86d15c6ba29 | 11874 | RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 11875 | && !(ret = Sha384Update(sha384, output + preSigIdx, preSigSz))) |
Vanger | 0:b86d15c6ba29 | 11876 | ret = Sha384Final(sha384, hash384); |
Vanger | 0:b86d15c6ba29 | 11877 | |
Vanger | 0:b86d15c6ba29 | 11878 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 11879 | goto done_a2; |
Vanger | 0:b86d15c6ba29 | 11880 | #endif |
Vanger | 0:b86d15c6ba29 | 11881 | |
Vanger | 0:b86d15c6ba29 | 11882 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 11883 | if (ssl->suites->sigAlgo == rsa_sa_algo) { |
Vanger | 0:b86d15c6ba29 | 11884 | byte* signBuffer = hash; |
Vanger | 0:b86d15c6ba29 | 11885 | word32 signSz = FINISHED_SZ; |
Vanger | 0:b86d15c6ba29 | 11886 | byte doUserRsa = 0; |
Vanger | 0:b86d15c6ba29 | 11887 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11888 | byte* encodedSig = NULL; |
Vanger | 0:b86d15c6ba29 | 11889 | #else |
Vanger | 0:b86d15c6ba29 | 11890 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
Vanger | 0:b86d15c6ba29 | 11891 | #endif |
Vanger | 0:b86d15c6ba29 | 11892 | |
Vanger | 0:b86d15c6ba29 | 11893 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11894 | if (ssl->ctx->RsaSignCb) |
Vanger | 0:b86d15c6ba29 | 11895 | doUserRsa = 1; |
Vanger | 0:b86d15c6ba29 | 11896 | #endif |
Vanger | 0:b86d15c6ba29 | 11897 | |
Vanger | 0:b86d15c6ba29 | 11898 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11899 | encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 11900 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11901 | if (encodedSig == NULL) |
Vanger | 0:b86d15c6ba29 | 11902 | ERROR_OUT(MEMORY_E, done_a2); |
Vanger | 0:b86d15c6ba29 | 11903 | #endif |
Vanger | 0:b86d15c6ba29 | 11904 | |
Vanger | 0:b86d15c6ba29 | 11905 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 11906 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 11907 | int typeH = SHAh; |
Vanger | 0:b86d15c6ba29 | 11908 | int digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11909 | |
Vanger | 0:b86d15c6ba29 | 11910 | if (ssl->suites->hashAlgo == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 11911 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 11912 | digest = hash256; |
Vanger | 0:b86d15c6ba29 | 11913 | typeH = SHA256h; |
Vanger | 0:b86d15c6ba29 | 11914 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11915 | #endif |
Vanger | 0:b86d15c6ba29 | 11916 | } |
Vanger | 0:b86d15c6ba29 | 11917 | else if (ssl->suites->hashAlgo == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 11918 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 11919 | digest = hash384; |
Vanger | 0:b86d15c6ba29 | 11920 | typeH = SHA384h; |
Vanger | 0:b86d15c6ba29 | 11921 | digestSz = SHA384_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11922 | #endif |
Vanger | 0:b86d15c6ba29 | 11923 | } |
Vanger | 0:b86d15c6ba29 | 11924 | |
Vanger | 0:b86d15c6ba29 | 11925 | signSz = EncodeSignature(encodedSig, digest, digestSz, |
Vanger | 0:b86d15c6ba29 | 11926 | typeH); |
Vanger | 0:b86d15c6ba29 | 11927 | signBuffer = encodedSig; |
Vanger | 0:b86d15c6ba29 | 11928 | } |
Vanger | 0:b86d15c6ba29 | 11929 | /* write sig size here */ |
Vanger | 0:b86d15c6ba29 | 11930 | c16toa((word16)sigSz, output + idx); |
Vanger | 0:b86d15c6ba29 | 11931 | idx += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 11932 | |
Vanger | 0:b86d15c6ba29 | 11933 | if (doUserRsa) { |
Vanger | 0:b86d15c6ba29 | 11934 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 11935 | word32 ioLen = sigSz; |
Vanger | 0:b86d15c6ba29 | 11936 | ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz, |
Vanger | 0:b86d15c6ba29 | 11937 | output + idx, &ioLen, |
Vanger | 0:b86d15c6ba29 | 11938 | ssl->buffers.key.buffer, |
Vanger | 0:b86d15c6ba29 | 11939 | ssl->buffers.key.length, |
Vanger | 0:b86d15c6ba29 | 11940 | ssl->RsaSignCtx); |
Vanger | 0:b86d15c6ba29 | 11941 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 11942 | } |
Vanger | 0:b86d15c6ba29 | 11943 | else |
Vanger | 0:b86d15c6ba29 | 11944 | ret = RsaSSL_Sign(signBuffer, signSz, output + idx, |
Vanger | 0:b86d15c6ba29 | 11945 | sigSz, &rsaKey, ssl->rng); |
Vanger | 0:b86d15c6ba29 | 11946 | |
Vanger | 0:b86d15c6ba29 | 11947 | FreeRsaKey(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 11948 | ecc_free(&dsaKey); |
Vanger | 0:b86d15c6ba29 | 11949 | |
Vanger | 0:b86d15c6ba29 | 11950 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 11951 | XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 11952 | #endif |
Vanger | 0:b86d15c6ba29 | 11953 | |
Vanger | 0:b86d15c6ba29 | 11954 | if (ret < 0) |
Vanger | 0:b86d15c6ba29 | 11955 | goto done_a2; |
Vanger | 0:b86d15c6ba29 | 11956 | } else |
Vanger | 0:b86d15c6ba29 | 11957 | #endif |
Vanger | 0:b86d15c6ba29 | 11958 | |
Vanger | 0:b86d15c6ba29 | 11959 | if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) { |
Vanger | 0:b86d15c6ba29 | 11960 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 11961 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 11962 | word32 digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11963 | #else |
Vanger | 0:b86d15c6ba29 | 11964 | byte* digest = hash256; |
Vanger | 0:b86d15c6ba29 | 11965 | word32 digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11966 | #endif |
Vanger | 0:b86d15c6ba29 | 11967 | word32 sz = sigSz; |
Vanger | 0:b86d15c6ba29 | 11968 | byte doUserEcc = 0; |
Vanger | 0:b86d15c6ba29 | 11969 | |
Vanger | 0:b86d15c6ba29 | 11970 | #if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC) |
Vanger | 0:b86d15c6ba29 | 11971 | if (ssl->ctx->EccSignCb) |
Vanger | 0:b86d15c6ba29 | 11972 | doUserEcc = 1; |
Vanger | 0:b86d15c6ba29 | 11973 | #endif |
Vanger | 0:b86d15c6ba29 | 11974 | |
Vanger | 0:b86d15c6ba29 | 11975 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 11976 | if (ssl->suites->hashAlgo == sha_mac) { |
Vanger | 0:b86d15c6ba29 | 11977 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 11978 | digest = &hash[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 11979 | digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11980 | #endif |
Vanger | 0:b86d15c6ba29 | 11981 | } |
Vanger | 0:b86d15c6ba29 | 11982 | else if (ssl->suites->hashAlgo == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 11983 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 11984 | digest = hash256; |
Vanger | 0:b86d15c6ba29 | 11985 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11986 | #endif |
Vanger | 0:b86d15c6ba29 | 11987 | } |
Vanger | 0:b86d15c6ba29 | 11988 | else if (ssl->suites->hashAlgo == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 11989 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 11990 | digest = hash384; |
Vanger | 0:b86d15c6ba29 | 11991 | digestSz = SHA384_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 11992 | #endif |
Vanger | 0:b86d15c6ba29 | 11993 | } |
Vanger | 0:b86d15c6ba29 | 11994 | } |
Vanger | 0:b86d15c6ba29 | 11995 | |
Vanger | 0:b86d15c6ba29 | 11996 | if (doUserEcc) { |
Vanger | 0:b86d15c6ba29 | 11997 | #if defined(HAVE_PK_CALLBACKS) && defined(HAVE_ECC) |
Vanger | 0:b86d15c6ba29 | 11998 | ret = ssl->ctx->EccSignCb(ssl, digest, digestSz, |
Vanger | 0:b86d15c6ba29 | 11999 | output + LENGTH_SZ + idx, &sz, |
Vanger | 0:b86d15c6ba29 | 12000 | ssl->buffers.key.buffer, |
Vanger | 0:b86d15c6ba29 | 12001 | ssl->buffers.key.length, |
Vanger | 0:b86d15c6ba29 | 12002 | ssl->EccSignCtx); |
Vanger | 0:b86d15c6ba29 | 12003 | #endif |
Vanger | 0:b86d15c6ba29 | 12004 | } |
Vanger | 0:b86d15c6ba29 | 12005 | else { |
Vanger | 0:b86d15c6ba29 | 12006 | ret = ecc_sign_hash(digest, digestSz, |
Vanger | 0:b86d15c6ba29 | 12007 | output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey); |
Vanger | 0:b86d15c6ba29 | 12008 | } |
Vanger | 0:b86d15c6ba29 | 12009 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 12010 | FreeRsaKey(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 12011 | #endif |
Vanger | 0:b86d15c6ba29 | 12012 | ecc_free(&dsaKey); |
Vanger | 0:b86d15c6ba29 | 12013 | |
Vanger | 0:b86d15c6ba29 | 12014 | if (ret < 0) |
Vanger | 0:b86d15c6ba29 | 12015 | goto done_a2; |
Vanger | 0:b86d15c6ba29 | 12016 | |
Vanger | 0:b86d15c6ba29 | 12017 | /* Now that we know the real sig size, write it. */ |
Vanger | 0:b86d15c6ba29 | 12018 | c16toa((word16)sz, output + idx); |
Vanger | 0:b86d15c6ba29 | 12019 | |
Vanger | 0:b86d15c6ba29 | 12020 | /* And adjust length and sendSz from estimates */ |
Vanger | 0:b86d15c6ba29 | 12021 | length += sz - sigSz; |
Vanger | 0:b86d15c6ba29 | 12022 | sendSz += sz - sigSz; |
Vanger | 0:b86d15c6ba29 | 12023 | } |
Vanger | 0:b86d15c6ba29 | 12024 | |
Vanger | 0:b86d15c6ba29 | 12025 | done_a2: |
Vanger | 0:b86d15c6ba29 | 12026 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12027 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 12028 | XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12029 | XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12030 | #endif |
Vanger | 0:b86d15c6ba29 | 12031 | XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12032 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 12033 | XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12034 | XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12035 | #endif |
Vanger | 0:b86d15c6ba29 | 12036 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 12037 | XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12038 | XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12039 | #endif |
Vanger | 0:b86d15c6ba29 | 12040 | #endif |
Vanger | 0:b86d15c6ba29 | 12041 | |
Vanger | 0:b86d15c6ba29 | 12042 | if (ret < 0) |
Vanger | 0:b86d15c6ba29 | 12043 | goto done_a; |
Vanger | 0:b86d15c6ba29 | 12044 | } |
Vanger | 0:b86d15c6ba29 | 12045 | |
Vanger | 0:b86d15c6ba29 | 12046 | AddHeaders(output, length, server_key_exchange, ssl); |
Vanger | 0:b86d15c6ba29 | 12047 | |
Vanger | 0:b86d15c6ba29 | 12048 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 12049 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 12050 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 12051 | goto done_a; |
Vanger | 0:b86d15c6ba29 | 12052 | #endif |
Vanger | 0:b86d15c6ba29 | 12053 | |
Vanger | 0:b86d15c6ba29 | 12054 | if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) |
Vanger | 0:b86d15c6ba29 | 12055 | goto done_a; |
Vanger | 0:b86d15c6ba29 | 12056 | |
Vanger | 0:b86d15c6ba29 | 12057 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 12058 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 12059 | AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 12060 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 12061 | AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, |
Vanger | 0:b86d15c6ba29 | 12062 | output, sendSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 12063 | #endif |
Vanger | 0:b86d15c6ba29 | 12064 | |
Vanger | 0:b86d15c6ba29 | 12065 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 12066 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 12067 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 12068 | else |
Vanger | 0:b86d15c6ba29 | 12069 | ret = SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 12070 | ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 12071 | |
Vanger | 0:b86d15c6ba29 | 12072 | done_a: |
Vanger | 0:b86d15c6ba29 | 12073 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12074 | XFREE(exportBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12075 | #endif |
Vanger | 0:b86d15c6ba29 | 12076 | |
Vanger | 0:b86d15c6ba29 | 12077 | return ret; |
Vanger | 0:b86d15c6ba29 | 12078 | } |
Vanger | 0:b86d15c6ba29 | 12079 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 12080 | |
Vanger | 0:b86d15c6ba29 | 12081 | #if !defined(NO_DH) && !defined(NO_RSA) |
Vanger | 0:b86d15c6ba29 | 12082 | if (ssl->specs.kea == diffie_hellman_kea) { |
Vanger | 0:b86d15c6ba29 | 12083 | byte *output; |
Vanger | 0:b86d15c6ba29 | 12084 | word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 12085 | int sendSz; |
Vanger | 0:b86d15c6ba29 | 12086 | word32 sigSz = 0, i = 0; |
Vanger | 0:b86d15c6ba29 | 12087 | word32 preSigSz = 0, preSigIdx = 0; |
Vanger | 0:b86d15c6ba29 | 12088 | RsaKey rsaKey; |
Vanger | 0:b86d15c6ba29 | 12089 | DhKey dhKey; |
Vanger | 0:b86d15c6ba29 | 12090 | |
Vanger | 0:b86d15c6ba29 | 12091 | if (ssl->buffers.serverDH_P.buffer == NULL || |
Vanger | 0:b86d15c6ba29 | 12092 | ssl->buffers.serverDH_G.buffer == NULL) |
Vanger | 0:b86d15c6ba29 | 12093 | return NO_DH_PARAMS; |
Vanger | 0:b86d15c6ba29 | 12094 | |
Vanger | 0:b86d15c6ba29 | 12095 | if (ssl->buffers.serverDH_Pub.buffer == NULL) { |
Vanger | 0:b86d15c6ba29 | 12096 | ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( |
Vanger | 0:b86d15c6ba29 | 12097 | ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, |
Vanger | 0:b86d15c6ba29 | 12098 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 12099 | if (ssl->buffers.serverDH_Pub.buffer == NULL) |
Vanger | 0:b86d15c6ba29 | 12100 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 12101 | } |
Vanger | 0:b86d15c6ba29 | 12102 | |
Vanger | 0:b86d15c6ba29 | 12103 | if (ssl->buffers.serverDH_Priv.buffer == NULL) { |
Vanger | 0:b86d15c6ba29 | 12104 | ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( |
Vanger | 0:b86d15c6ba29 | 12105 | ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, |
Vanger | 0:b86d15c6ba29 | 12106 | DYNAMIC_TYPE_DH); |
Vanger | 0:b86d15c6ba29 | 12107 | if (ssl->buffers.serverDH_Priv.buffer == NULL) |
Vanger | 0:b86d15c6ba29 | 12108 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 12109 | } |
Vanger | 0:b86d15c6ba29 | 12110 | |
Vanger | 0:b86d15c6ba29 | 12111 | InitDhKey(&dhKey); |
Vanger | 0:b86d15c6ba29 | 12112 | ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, |
Vanger | 0:b86d15c6ba29 | 12113 | ssl->buffers.serverDH_P.length, |
Vanger | 0:b86d15c6ba29 | 12114 | ssl->buffers.serverDH_G.buffer, |
Vanger | 0:b86d15c6ba29 | 12115 | ssl->buffers.serverDH_G.length); |
Vanger | 0:b86d15c6ba29 | 12116 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 12117 | ret = DhGenerateKeyPair(&dhKey, ssl->rng, |
Vanger | 0:b86d15c6ba29 | 12118 | ssl->buffers.serverDH_Priv.buffer, |
Vanger | 0:b86d15c6ba29 | 12119 | &ssl->buffers.serverDH_Priv.length, |
Vanger | 0:b86d15c6ba29 | 12120 | ssl->buffers.serverDH_Pub.buffer, |
Vanger | 0:b86d15c6ba29 | 12121 | &ssl->buffers.serverDH_Pub.length); |
Vanger | 0:b86d15c6ba29 | 12122 | FreeDhKey(&dhKey); |
Vanger | 0:b86d15c6ba29 | 12123 | |
Vanger | 0:b86d15c6ba29 | 12124 | if (ret != 0) return ret; |
Vanger | 0:b86d15c6ba29 | 12125 | |
Vanger | 0:b86d15c6ba29 | 12126 | length = LENGTH_SZ * 3; /* p, g, pub */ |
Vanger | 0:b86d15c6ba29 | 12127 | length += ssl->buffers.serverDH_P.length + |
Vanger | 0:b86d15c6ba29 | 12128 | ssl->buffers.serverDH_G.length + |
Vanger | 0:b86d15c6ba29 | 12129 | ssl->buffers.serverDH_Pub.length; |
Vanger | 0:b86d15c6ba29 | 12130 | |
Vanger | 0:b86d15c6ba29 | 12131 | preSigIdx = idx; |
Vanger | 0:b86d15c6ba29 | 12132 | preSigSz = length; |
Vanger | 0:b86d15c6ba29 | 12133 | |
Vanger | 0:b86d15c6ba29 | 12134 | if (!ssl->options.usingAnon_cipher) { |
Vanger | 0:b86d15c6ba29 | 12135 | ret = InitRsaKey(&rsaKey, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 12136 | if (ret != 0) return ret; |
Vanger | 0:b86d15c6ba29 | 12137 | |
Vanger | 0:b86d15c6ba29 | 12138 | /* sig length */ |
Vanger | 0:b86d15c6ba29 | 12139 | length += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 12140 | |
Vanger | 0:b86d15c6ba29 | 12141 | if (!ssl->buffers.key.buffer) |
Vanger | 0:b86d15c6ba29 | 12142 | return NO_PRIVATE_KEY; |
Vanger | 0:b86d15c6ba29 | 12143 | |
Vanger | 0:b86d15c6ba29 | 12144 | ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, &rsaKey, |
Vanger | 0:b86d15c6ba29 | 12145 | ssl->buffers.key.length); |
Vanger | 0:b86d15c6ba29 | 12146 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 12147 | sigSz = RsaEncryptSize(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 12148 | length += sigSz; |
Vanger | 0:b86d15c6ba29 | 12149 | } |
Vanger | 0:b86d15c6ba29 | 12150 | else { |
Vanger | 0:b86d15c6ba29 | 12151 | FreeRsaKey(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 12152 | return ret; |
Vanger | 0:b86d15c6ba29 | 12153 | } |
Vanger | 0:b86d15c6ba29 | 12154 | |
Vanger | 0:b86d15c6ba29 | 12155 | if (IsAtLeastTLSv1_2(ssl)) |
Vanger | 0:b86d15c6ba29 | 12156 | length += HASH_SIG_SIZE; |
Vanger | 0:b86d15c6ba29 | 12157 | } |
Vanger | 0:b86d15c6ba29 | 12158 | |
Vanger | 0:b86d15c6ba29 | 12159 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 12160 | |
Vanger | 0:b86d15c6ba29 | 12161 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 12162 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 12163 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 12164 | idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 12165 | preSigIdx = idx; |
Vanger | 0:b86d15c6ba29 | 12166 | } |
Vanger | 0:b86d15c6ba29 | 12167 | #endif |
Vanger | 0:b86d15c6ba29 | 12168 | |
Vanger | 0:b86d15c6ba29 | 12169 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 12170 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { |
Vanger | 0:b86d15c6ba29 | 12171 | if (!ssl->options.usingAnon_cipher) |
Vanger | 0:b86d15c6ba29 | 12172 | FreeRsaKey(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 12173 | return ret; |
Vanger | 0:b86d15c6ba29 | 12174 | } |
Vanger | 0:b86d15c6ba29 | 12175 | |
Vanger | 0:b86d15c6ba29 | 12176 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 12177 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 12178 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 12179 | |
Vanger | 0:b86d15c6ba29 | 12180 | AddHeaders(output, length, server_key_exchange, ssl); |
Vanger | 0:b86d15c6ba29 | 12181 | |
Vanger | 0:b86d15c6ba29 | 12182 | /* add p, g, pub */ |
Vanger | 0:b86d15c6ba29 | 12183 | c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); |
Vanger | 0:b86d15c6ba29 | 12184 | idx += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 12185 | XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, |
Vanger | 0:b86d15c6ba29 | 12186 | ssl->buffers.serverDH_P.length); |
Vanger | 0:b86d15c6ba29 | 12187 | idx += ssl->buffers.serverDH_P.length; |
Vanger | 0:b86d15c6ba29 | 12188 | |
Vanger | 0:b86d15c6ba29 | 12189 | /* g */ |
Vanger | 0:b86d15c6ba29 | 12190 | c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); |
Vanger | 0:b86d15c6ba29 | 12191 | idx += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 12192 | XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, |
Vanger | 0:b86d15c6ba29 | 12193 | ssl->buffers.serverDH_G.length); |
Vanger | 0:b86d15c6ba29 | 12194 | idx += ssl->buffers.serverDH_G.length; |
Vanger | 0:b86d15c6ba29 | 12195 | |
Vanger | 0:b86d15c6ba29 | 12196 | /* pub */ |
Vanger | 0:b86d15c6ba29 | 12197 | c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); |
Vanger | 0:b86d15c6ba29 | 12198 | idx += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 12199 | XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, |
Vanger | 0:b86d15c6ba29 | 12200 | ssl->buffers.serverDH_Pub.length); |
Vanger | 0:b86d15c6ba29 | 12201 | idx += ssl->buffers.serverDH_Pub.length; |
Vanger | 0:b86d15c6ba29 | 12202 | |
Vanger | 0:b86d15c6ba29 | 12203 | #ifdef HAVE_FUZZER |
Vanger | 0:b86d15c6ba29 | 12204 | if (ssl->fuzzerCb) |
Vanger | 0:b86d15c6ba29 | 12205 | ssl->fuzzerCb(ssl, output + preSigIdx, preSigSz, FUZZ_SIGNATURE, |
Vanger | 0:b86d15c6ba29 | 12206 | ssl->fuzzerCtx); |
Vanger | 0:b86d15c6ba29 | 12207 | #endif |
Vanger | 0:b86d15c6ba29 | 12208 | |
Vanger | 0:b86d15c6ba29 | 12209 | /* Add signature */ |
Vanger | 0:b86d15c6ba29 | 12210 | if (!ssl->options.usingAnon_cipher) { |
Vanger | 0:b86d15c6ba29 | 12211 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 12212 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12213 | Md5* md5 = NULL; |
Vanger | 0:b86d15c6ba29 | 12214 | Sha* sha = NULL; |
Vanger | 0:b86d15c6ba29 | 12215 | #else |
Vanger | 0:b86d15c6ba29 | 12216 | Md5 md5[1]; |
Vanger | 0:b86d15c6ba29 | 12217 | Sha sha[1]; |
Vanger | 0:b86d15c6ba29 | 12218 | #endif |
Vanger | 0:b86d15c6ba29 | 12219 | #endif |
Vanger | 0:b86d15c6ba29 | 12220 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12221 | byte* hash = NULL; |
Vanger | 0:b86d15c6ba29 | 12222 | #else |
Vanger | 0:b86d15c6ba29 | 12223 | byte hash[FINISHED_SZ]; |
Vanger | 0:b86d15c6ba29 | 12224 | #endif |
Vanger | 0:b86d15c6ba29 | 12225 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 12226 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12227 | Sha256* sha256 = NULL; |
Vanger | 0:b86d15c6ba29 | 12228 | byte* hash256 = NULL; |
Vanger | 0:b86d15c6ba29 | 12229 | #else |
Vanger | 0:b86d15c6ba29 | 12230 | Sha256 sha256[1]; |
Vanger | 0:b86d15c6ba29 | 12231 | byte hash256[SHA256_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 12232 | #endif |
Vanger | 0:b86d15c6ba29 | 12233 | #endif |
Vanger | 0:b86d15c6ba29 | 12234 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 12235 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12236 | Sha384* sha384 = NULL; |
Vanger | 0:b86d15c6ba29 | 12237 | byte* hash384 = NULL; |
Vanger | 0:b86d15c6ba29 | 12238 | #else |
Vanger | 0:b86d15c6ba29 | 12239 | Sha384 sha384[1]; |
Vanger | 0:b86d15c6ba29 | 12240 | byte hash384[SHA384_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 12241 | #endif |
Vanger | 0:b86d15c6ba29 | 12242 | #endif |
Vanger | 0:b86d15c6ba29 | 12243 | |
Vanger | 0:b86d15c6ba29 | 12244 | /* Add hash/signature algo ID */ |
Vanger | 0:b86d15c6ba29 | 12245 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 12246 | output[idx++] = ssl->suites->hashAlgo; |
Vanger | 0:b86d15c6ba29 | 12247 | output[idx++] = ssl->suites->sigAlgo; |
Vanger | 0:b86d15c6ba29 | 12248 | } |
Vanger | 0:b86d15c6ba29 | 12249 | |
Vanger | 0:b86d15c6ba29 | 12250 | /* signature size */ |
Vanger | 0:b86d15c6ba29 | 12251 | c16toa((word16)sigSz, output + idx); |
Vanger | 0:b86d15c6ba29 | 12252 | idx += LENGTH_SZ; |
Vanger | 0:b86d15c6ba29 | 12253 | |
Vanger | 0:b86d15c6ba29 | 12254 | /* do signature */ |
Vanger | 0:b86d15c6ba29 | 12255 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12256 | hash = (byte*)XMALLOC(FINISHED_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 12257 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12258 | if (hash == NULL) |
Vanger | 0:b86d15c6ba29 | 12259 | return MEMORY_E; /* No heap commitment before this point, |
Vanger | 0:b86d15c6ba29 | 12260 | from now on, the resources are freed |
Vanger | 0:b86d15c6ba29 | 12261 | at done_b. */ |
Vanger | 0:b86d15c6ba29 | 12262 | #endif |
Vanger | 0:b86d15c6ba29 | 12263 | |
Vanger | 0:b86d15c6ba29 | 12264 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 12265 | /* md5 */ |
Vanger | 0:b86d15c6ba29 | 12266 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12267 | md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12268 | if (md5 == NULL) |
Vanger | 0:b86d15c6ba29 | 12269 | ERROR_OUT(MEMORY_E, done_b); |
Vanger | 0:b86d15c6ba29 | 12270 | #endif |
Vanger | 0:b86d15c6ba29 | 12271 | InitMd5(md5); |
Vanger | 0:b86d15c6ba29 | 12272 | Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 12273 | Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 12274 | Md5Update(md5, output + preSigIdx, preSigSz); |
Vanger | 0:b86d15c6ba29 | 12275 | Md5Final(md5, hash); |
Vanger | 0:b86d15c6ba29 | 12276 | |
Vanger | 0:b86d15c6ba29 | 12277 | /* sha */ |
Vanger | 0:b86d15c6ba29 | 12278 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12279 | sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12280 | if (sha == NULL) |
Vanger | 0:b86d15c6ba29 | 12281 | ERROR_OUT(MEMORY_E, done_b); |
Vanger | 0:b86d15c6ba29 | 12282 | #endif |
Vanger | 0:b86d15c6ba29 | 12283 | |
Vanger | 0:b86d15c6ba29 | 12284 | if ((ret = InitSha(sha) != 0)) |
Vanger | 0:b86d15c6ba29 | 12285 | goto done_b; |
Vanger | 0:b86d15c6ba29 | 12286 | |
Vanger | 0:b86d15c6ba29 | 12287 | ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 12288 | ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 12289 | ShaUpdate(sha, output + preSigIdx, preSigSz); |
Vanger | 0:b86d15c6ba29 | 12290 | ShaFinal(sha, &hash[MD5_DIGEST_SIZE]); |
Vanger | 0:b86d15c6ba29 | 12291 | #endif |
Vanger | 0:b86d15c6ba29 | 12292 | |
Vanger | 0:b86d15c6ba29 | 12293 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 12294 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12295 | sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, |
Vanger | 0:b86d15c6ba29 | 12296 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12297 | hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL, |
Vanger | 0:b86d15c6ba29 | 12298 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12299 | if (sha256 == NULL || hash256 == NULL) |
Vanger | 0:b86d15c6ba29 | 12300 | ERROR_OUT(MEMORY_E, done_b); |
Vanger | 0:b86d15c6ba29 | 12301 | #endif |
Vanger | 0:b86d15c6ba29 | 12302 | |
Vanger | 0:b86d15c6ba29 | 12303 | if (!(ret = InitSha256(sha256)) |
Vanger | 0:b86d15c6ba29 | 12304 | && !(ret = Sha256Update(sha256, ssl->arrays->clientRandom, |
Vanger | 0:b86d15c6ba29 | 12305 | RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 12306 | && !(ret = Sha256Update(sha256, ssl->arrays->serverRandom, |
Vanger | 0:b86d15c6ba29 | 12307 | RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 12308 | && !(ret = Sha256Update(sha256, output + preSigIdx, preSigSz))) |
Vanger | 0:b86d15c6ba29 | 12309 | ret = Sha256Final(sha256, hash256); |
Vanger | 0:b86d15c6ba29 | 12310 | |
Vanger | 0:b86d15c6ba29 | 12311 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 12312 | goto done_b; |
Vanger | 0:b86d15c6ba29 | 12313 | #endif |
Vanger | 0:b86d15c6ba29 | 12314 | |
Vanger | 0:b86d15c6ba29 | 12315 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 12316 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12317 | sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, |
Vanger | 0:b86d15c6ba29 | 12318 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12319 | hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL, |
Vanger | 0:b86d15c6ba29 | 12320 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12321 | if (sha384 == NULL || hash384 == NULL) |
Vanger | 0:b86d15c6ba29 | 12322 | ERROR_OUT(MEMORY_E, done_b); |
Vanger | 0:b86d15c6ba29 | 12323 | #endif |
Vanger | 0:b86d15c6ba29 | 12324 | |
Vanger | 0:b86d15c6ba29 | 12325 | if (!(ret = InitSha384(sha384)) |
Vanger | 0:b86d15c6ba29 | 12326 | && !(ret = Sha384Update(sha384, ssl->arrays->clientRandom, |
Vanger | 0:b86d15c6ba29 | 12327 | RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 12328 | && !(ret = Sha384Update(sha384, ssl->arrays->serverRandom, |
Vanger | 0:b86d15c6ba29 | 12329 | RAN_LEN)) |
Vanger | 0:b86d15c6ba29 | 12330 | && !(ret = Sha384Update(sha384, output + preSigIdx, preSigSz))) |
Vanger | 0:b86d15c6ba29 | 12331 | ret = Sha384Final(sha384, hash384); |
Vanger | 0:b86d15c6ba29 | 12332 | |
Vanger | 0:b86d15c6ba29 | 12333 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 12334 | goto done_b; |
Vanger | 0:b86d15c6ba29 | 12335 | #endif |
Vanger | 0:b86d15c6ba29 | 12336 | |
Vanger | 0:b86d15c6ba29 | 12337 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 12338 | if (ssl->suites->sigAlgo == rsa_sa_algo) { |
Vanger | 0:b86d15c6ba29 | 12339 | byte* signBuffer = hash; |
Vanger | 0:b86d15c6ba29 | 12340 | word32 signSz = FINISHED_SZ; |
Vanger | 0:b86d15c6ba29 | 12341 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12342 | byte* encodedSig = NULL; |
Vanger | 0:b86d15c6ba29 | 12343 | #else |
Vanger | 0:b86d15c6ba29 | 12344 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
Vanger | 0:b86d15c6ba29 | 12345 | #endif |
Vanger | 0:b86d15c6ba29 | 12346 | byte doUserRsa = 0; |
Vanger | 0:b86d15c6ba29 | 12347 | |
Vanger | 0:b86d15c6ba29 | 12348 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 12349 | if (ssl->ctx->RsaSignCb) |
Vanger | 0:b86d15c6ba29 | 12350 | doUserRsa = 1; |
Vanger | 0:b86d15c6ba29 | 12351 | #endif |
Vanger | 0:b86d15c6ba29 | 12352 | |
Vanger | 0:b86d15c6ba29 | 12353 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12354 | encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 12355 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12356 | if (encodedSig == NULL) |
Vanger | 0:b86d15c6ba29 | 12357 | ERROR_OUT(MEMORY_E, done_b); |
Vanger | 0:b86d15c6ba29 | 12358 | #endif |
Vanger | 0:b86d15c6ba29 | 12359 | |
Vanger | 0:b86d15c6ba29 | 12360 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 12361 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
Vanger | 0:b86d15c6ba29 | 12362 | int typeH = SHAh; |
Vanger | 0:b86d15c6ba29 | 12363 | int digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 12364 | |
Vanger | 0:b86d15c6ba29 | 12365 | if (ssl->suites->hashAlgo == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 12366 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 12367 | digest = hash256; |
Vanger | 0:b86d15c6ba29 | 12368 | typeH = SHA256h; |
Vanger | 0:b86d15c6ba29 | 12369 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 12370 | #endif |
Vanger | 0:b86d15c6ba29 | 12371 | } |
Vanger | 0:b86d15c6ba29 | 12372 | else if (ssl->suites->hashAlgo == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 12373 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 12374 | digest = hash384; |
Vanger | 0:b86d15c6ba29 | 12375 | typeH = SHA384h; |
Vanger | 0:b86d15c6ba29 | 12376 | digestSz = SHA384_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 12377 | #endif |
Vanger | 0:b86d15c6ba29 | 12378 | } |
Vanger | 0:b86d15c6ba29 | 12379 | |
Vanger | 0:b86d15c6ba29 | 12380 | signSz = EncodeSignature(encodedSig, digest, digestSz, |
Vanger | 0:b86d15c6ba29 | 12381 | typeH); |
Vanger | 0:b86d15c6ba29 | 12382 | signBuffer = encodedSig; |
Vanger | 0:b86d15c6ba29 | 12383 | } |
Vanger | 0:b86d15c6ba29 | 12384 | if (doUserRsa) { |
Vanger | 0:b86d15c6ba29 | 12385 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 12386 | word32 ioLen = sigSz; |
Vanger | 0:b86d15c6ba29 | 12387 | ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz, |
Vanger | 0:b86d15c6ba29 | 12388 | output + idx, &ioLen, |
Vanger | 0:b86d15c6ba29 | 12389 | ssl->buffers.key.buffer, |
Vanger | 0:b86d15c6ba29 | 12390 | ssl->buffers.key.length, |
Vanger | 0:b86d15c6ba29 | 12391 | ssl->RsaSignCtx); |
Vanger | 0:b86d15c6ba29 | 12392 | #endif |
Vanger | 0:b86d15c6ba29 | 12393 | } |
Vanger | 0:b86d15c6ba29 | 12394 | else |
Vanger | 0:b86d15c6ba29 | 12395 | ret = RsaSSL_Sign(signBuffer, signSz, output + idx, |
Vanger | 0:b86d15c6ba29 | 12396 | sigSz, &rsaKey, ssl->rng); |
Vanger | 0:b86d15c6ba29 | 12397 | |
Vanger | 0:b86d15c6ba29 | 12398 | FreeRsaKey(&rsaKey); |
Vanger | 0:b86d15c6ba29 | 12399 | |
Vanger | 0:b86d15c6ba29 | 12400 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12401 | XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12402 | #endif |
Vanger | 0:b86d15c6ba29 | 12403 | } |
Vanger | 0:b86d15c6ba29 | 12404 | #endif |
Vanger | 0:b86d15c6ba29 | 12405 | |
Vanger | 0:b86d15c6ba29 | 12406 | done_b: |
Vanger | 0:b86d15c6ba29 | 12407 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 12408 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 12409 | XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12410 | XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12411 | #endif |
Vanger | 0:b86d15c6ba29 | 12412 | XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12413 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 12414 | XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12415 | XFREE(hash256, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12416 | #endif |
Vanger | 0:b86d15c6ba29 | 12417 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 12418 | XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12419 | XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 12420 | #endif |
Vanger | 0:b86d15c6ba29 | 12421 | #endif |
Vanger | 0:b86d15c6ba29 | 12422 | |
Vanger | 0:b86d15c6ba29 | 12423 | if (ret < 0) return ret; |
Vanger | 0:b86d15c6ba29 | 12424 | } |
Vanger | 0:b86d15c6ba29 | 12425 | |
Vanger | 0:b86d15c6ba29 | 12426 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 12427 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 12428 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 12429 | return ret; |
Vanger | 0:b86d15c6ba29 | 12430 | #endif |
Vanger | 0:b86d15c6ba29 | 12431 | |
Vanger | 0:b86d15c6ba29 | 12432 | if ((ret = HashOutput(ssl, output, sendSz, 0)) != 0) |
Vanger | 0:b86d15c6ba29 | 12433 | return ret; |
Vanger | 0:b86d15c6ba29 | 12434 | |
Vanger | 0:b86d15c6ba29 | 12435 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 12436 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 12437 | AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 12438 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 12439 | AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, |
Vanger | 0:b86d15c6ba29 | 12440 | output, sendSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 12441 | #endif |
Vanger | 0:b86d15c6ba29 | 12442 | |
Vanger | 0:b86d15c6ba29 | 12443 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 12444 | if (ssl->options.groupMessages) |
Vanger | 0:b86d15c6ba29 | 12445 | ret = 0; |
Vanger | 0:b86d15c6ba29 | 12446 | else |
Vanger | 0:b86d15c6ba29 | 12447 | ret = SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 12448 | ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 12449 | } |
Vanger | 0:b86d15c6ba29 | 12450 | #endif /* NO_DH */ |
Vanger | 0:b86d15c6ba29 | 12451 | |
Vanger | 0:b86d15c6ba29 | 12452 | return ret; |
Vanger | 0:b86d15c6ba29 | 12453 | #undef ERROR_OUT |
Vanger | 0:b86d15c6ba29 | 12454 | } |
Vanger | 0:b86d15c6ba29 | 12455 | |
Vanger | 0:b86d15c6ba29 | 12456 | |
Vanger | 0:b86d15c6ba29 | 12457 | /* Make sure server cert/key are valid for this suite, true on success */ |
Vanger | 0:b86d15c6ba29 | 12458 | static int VerifyServerSuite(CYASSL* ssl, word16 idx) |
Vanger | 0:b86d15c6ba29 | 12459 | { |
Vanger | 0:b86d15c6ba29 | 12460 | int haveRSA = !ssl->options.haveStaticECC; |
Vanger | 0:b86d15c6ba29 | 12461 | int havePSK = 0; |
Vanger | 0:b86d15c6ba29 | 12462 | byte first; |
Vanger | 0:b86d15c6ba29 | 12463 | byte second; |
Vanger | 0:b86d15c6ba29 | 12464 | |
Vanger | 0:b86d15c6ba29 | 12465 | CYASSL_ENTER("VerifyServerSuite"); |
Vanger | 0:b86d15c6ba29 | 12466 | |
Vanger | 0:b86d15c6ba29 | 12467 | if (ssl->suites == NULL) { |
Vanger | 0:b86d15c6ba29 | 12468 | CYASSL_MSG("Suites pointer error"); |
Vanger | 0:b86d15c6ba29 | 12469 | return 0; |
Vanger | 0:b86d15c6ba29 | 12470 | } |
Vanger | 0:b86d15c6ba29 | 12471 | |
Vanger | 0:b86d15c6ba29 | 12472 | first = ssl->suites->suites[idx]; |
Vanger | 0:b86d15c6ba29 | 12473 | second = ssl->suites->suites[idx+1]; |
Vanger | 0:b86d15c6ba29 | 12474 | |
Vanger | 0:b86d15c6ba29 | 12475 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 12476 | havePSK = ssl->options.havePSK; |
Vanger | 0:b86d15c6ba29 | 12477 | #endif |
Vanger | 0:b86d15c6ba29 | 12478 | |
Vanger | 0:b86d15c6ba29 | 12479 | if (ssl->options.haveNTRU) |
Vanger | 0:b86d15c6ba29 | 12480 | haveRSA = 0; |
Vanger | 0:b86d15c6ba29 | 12481 | |
Vanger | 0:b86d15c6ba29 | 12482 | if (CipherRequires(first, second, REQUIRES_RSA)) { |
Vanger | 0:b86d15c6ba29 | 12483 | CYASSL_MSG("Requires RSA"); |
Vanger | 0:b86d15c6ba29 | 12484 | if (haveRSA == 0) { |
Vanger | 0:b86d15c6ba29 | 12485 | CYASSL_MSG("Don't have RSA"); |
Vanger | 0:b86d15c6ba29 | 12486 | return 0; |
Vanger | 0:b86d15c6ba29 | 12487 | } |
Vanger | 0:b86d15c6ba29 | 12488 | } |
Vanger | 0:b86d15c6ba29 | 12489 | |
Vanger | 0:b86d15c6ba29 | 12490 | if (CipherRequires(first, second, REQUIRES_DHE)) { |
Vanger | 0:b86d15c6ba29 | 12491 | CYASSL_MSG("Requires DHE"); |
Vanger | 0:b86d15c6ba29 | 12492 | if (ssl->options.haveDH == 0) { |
Vanger | 0:b86d15c6ba29 | 12493 | CYASSL_MSG("Don't have DHE"); |
Vanger | 0:b86d15c6ba29 | 12494 | return 0; |
Vanger | 0:b86d15c6ba29 | 12495 | } |
Vanger | 0:b86d15c6ba29 | 12496 | } |
Vanger | 0:b86d15c6ba29 | 12497 | |
Vanger | 0:b86d15c6ba29 | 12498 | if (CipherRequires(first, second, REQUIRES_ECC_DSA)) { |
Vanger | 0:b86d15c6ba29 | 12499 | CYASSL_MSG("Requires ECCDSA"); |
Vanger | 0:b86d15c6ba29 | 12500 | if (ssl->options.haveECDSAsig == 0) { |
Vanger | 0:b86d15c6ba29 | 12501 | CYASSL_MSG("Don't have ECCDSA"); |
Vanger | 0:b86d15c6ba29 | 12502 | return 0; |
Vanger | 0:b86d15c6ba29 | 12503 | } |
Vanger | 0:b86d15c6ba29 | 12504 | } |
Vanger | 0:b86d15c6ba29 | 12505 | |
Vanger | 0:b86d15c6ba29 | 12506 | if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) { |
Vanger | 0:b86d15c6ba29 | 12507 | CYASSL_MSG("Requires static ECC"); |
Vanger | 0:b86d15c6ba29 | 12508 | if (ssl->options.haveStaticECC == 0) { |
Vanger | 0:b86d15c6ba29 | 12509 | CYASSL_MSG("Don't have static ECC"); |
Vanger | 0:b86d15c6ba29 | 12510 | return 0; |
Vanger | 0:b86d15c6ba29 | 12511 | } |
Vanger | 0:b86d15c6ba29 | 12512 | } |
Vanger | 0:b86d15c6ba29 | 12513 | |
Vanger | 0:b86d15c6ba29 | 12514 | if (CipherRequires(first, second, REQUIRES_PSK)) { |
Vanger | 0:b86d15c6ba29 | 12515 | CYASSL_MSG("Requires PSK"); |
Vanger | 0:b86d15c6ba29 | 12516 | if (havePSK == 0) { |
Vanger | 0:b86d15c6ba29 | 12517 | CYASSL_MSG("Don't have PSK"); |
Vanger | 0:b86d15c6ba29 | 12518 | return 0; |
Vanger | 0:b86d15c6ba29 | 12519 | } |
Vanger | 0:b86d15c6ba29 | 12520 | } |
Vanger | 0:b86d15c6ba29 | 12521 | |
Vanger | 0:b86d15c6ba29 | 12522 | if (CipherRequires(first, second, REQUIRES_NTRU)) { |
Vanger | 0:b86d15c6ba29 | 12523 | CYASSL_MSG("Requires NTRU"); |
Vanger | 0:b86d15c6ba29 | 12524 | if (ssl->options.haveNTRU == 0) { |
Vanger | 0:b86d15c6ba29 | 12525 | CYASSL_MSG("Don't have NTRU"); |
Vanger | 0:b86d15c6ba29 | 12526 | return 0; |
Vanger | 0:b86d15c6ba29 | 12527 | } |
Vanger | 0:b86d15c6ba29 | 12528 | } |
Vanger | 0:b86d15c6ba29 | 12529 | |
Vanger | 0:b86d15c6ba29 | 12530 | if (CipherRequires(first, second, REQUIRES_RSA_SIG)) { |
Vanger | 0:b86d15c6ba29 | 12531 | CYASSL_MSG("Requires RSA Signature"); |
Vanger | 0:b86d15c6ba29 | 12532 | if (ssl->options.side == CYASSL_SERVER_END && |
Vanger | 0:b86d15c6ba29 | 12533 | ssl->options.haveECDSAsig == 1) { |
Vanger | 0:b86d15c6ba29 | 12534 | CYASSL_MSG("Don't have RSA Signature"); |
Vanger | 0:b86d15c6ba29 | 12535 | return 0; |
Vanger | 0:b86d15c6ba29 | 12536 | } |
Vanger | 0:b86d15c6ba29 | 12537 | } |
Vanger | 0:b86d15c6ba29 | 12538 | |
Vanger | 0:b86d15c6ba29 | 12539 | #ifdef HAVE_SUPPORTED_CURVES |
Vanger | 0:b86d15c6ba29 | 12540 | if (!TLSX_ValidateEllipticCurves(ssl, first, second)) { |
Vanger | 0:b86d15c6ba29 | 12541 | CYASSL_MSG("Don't have matching curves"); |
Vanger | 0:b86d15c6ba29 | 12542 | return 0; |
Vanger | 0:b86d15c6ba29 | 12543 | } |
Vanger | 0:b86d15c6ba29 | 12544 | #endif |
Vanger | 0:b86d15c6ba29 | 12545 | |
Vanger | 0:b86d15c6ba29 | 12546 | /* ECCDHE is always supported if ECC on */ |
Vanger | 0:b86d15c6ba29 | 12547 | |
Vanger | 0:b86d15c6ba29 | 12548 | return 1; |
Vanger | 0:b86d15c6ba29 | 12549 | } |
Vanger | 0:b86d15c6ba29 | 12550 | |
Vanger | 0:b86d15c6ba29 | 12551 | |
Vanger | 0:b86d15c6ba29 | 12552 | static int MatchSuite(CYASSL* ssl, Suites* peerSuites) |
Vanger | 0:b86d15c6ba29 | 12553 | { |
Vanger | 0:b86d15c6ba29 | 12554 | word16 i, j; |
Vanger | 0:b86d15c6ba29 | 12555 | |
Vanger | 0:b86d15c6ba29 | 12556 | CYASSL_ENTER("MatchSuite"); |
Vanger | 0:b86d15c6ba29 | 12557 | |
Vanger | 0:b86d15c6ba29 | 12558 | /* & 0x1 equivalent % 2 */ |
Vanger | 0:b86d15c6ba29 | 12559 | if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1) |
Vanger | 0:b86d15c6ba29 | 12560 | return MATCH_SUITE_ERROR; |
Vanger | 0:b86d15c6ba29 | 12561 | |
Vanger | 0:b86d15c6ba29 | 12562 | if (ssl->suites == NULL) |
Vanger | 0:b86d15c6ba29 | 12563 | return SUITES_ERROR; |
Vanger | 0:b86d15c6ba29 | 12564 | /* start with best, if a match we are good */ |
Vanger | 0:b86d15c6ba29 | 12565 | for (i = 0; i < ssl->suites->suiteSz; i += 2) |
Vanger | 0:b86d15c6ba29 | 12566 | for (j = 0; j < peerSuites->suiteSz; j += 2) |
Vanger | 0:b86d15c6ba29 | 12567 | if (ssl->suites->suites[i] == peerSuites->suites[j] && |
Vanger | 0:b86d15c6ba29 | 12568 | ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { |
Vanger | 0:b86d15c6ba29 | 12569 | |
Vanger | 0:b86d15c6ba29 | 12570 | if (VerifyServerSuite(ssl, i)) { |
Vanger | 0:b86d15c6ba29 | 12571 | int result; |
Vanger | 0:b86d15c6ba29 | 12572 | CYASSL_MSG("Verified suite validity"); |
Vanger | 0:b86d15c6ba29 | 12573 | ssl->options.cipherSuite0 = ssl->suites->suites[i]; |
Vanger | 0:b86d15c6ba29 | 12574 | ssl->options.cipherSuite = ssl->suites->suites[i+1]; |
Vanger | 0:b86d15c6ba29 | 12575 | result = SetCipherSpecs(ssl); |
Vanger | 0:b86d15c6ba29 | 12576 | if (result == 0) |
Vanger | 0:b86d15c6ba29 | 12577 | PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, |
Vanger | 0:b86d15c6ba29 | 12578 | peerSuites->hashSigAlgoSz); |
Vanger | 0:b86d15c6ba29 | 12579 | return result; |
Vanger | 0:b86d15c6ba29 | 12580 | } |
Vanger | 0:b86d15c6ba29 | 12581 | else { |
Vanger | 0:b86d15c6ba29 | 12582 | CYASSL_MSG("Could not verify suite validity, continue"); |
Vanger | 0:b86d15c6ba29 | 12583 | } |
Vanger | 0:b86d15c6ba29 | 12584 | } |
Vanger | 0:b86d15c6ba29 | 12585 | |
Vanger | 0:b86d15c6ba29 | 12586 | return MATCH_SUITE_ERROR; |
Vanger | 0:b86d15c6ba29 | 12587 | } |
Vanger | 0:b86d15c6ba29 | 12588 | |
Vanger | 0:b86d15c6ba29 | 12589 | |
Vanger | 0:b86d15c6ba29 | 12590 | #ifdef OLD_HELLO_ALLOWED |
Vanger | 0:b86d15c6ba29 | 12591 | |
Vanger | 0:b86d15c6ba29 | 12592 | /* process old style client hello, deprecate? */ |
Vanger | 0:b86d15c6ba29 | 12593 | int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 12594 | word32 inSz, word16 sz) |
Vanger | 0:b86d15c6ba29 | 12595 | { |
Vanger | 0:b86d15c6ba29 | 12596 | word32 idx = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 12597 | word16 sessionSz; |
Vanger | 0:b86d15c6ba29 | 12598 | word16 randomSz; |
Vanger | 0:b86d15c6ba29 | 12599 | word16 i, j; |
Vanger | 0:b86d15c6ba29 | 12600 | ProtocolVersion pv; |
Vanger | 0:b86d15c6ba29 | 12601 | Suites clSuites; |
Vanger | 0:b86d15c6ba29 | 12602 | |
Vanger | 0:b86d15c6ba29 | 12603 | (void)inSz; |
Vanger | 0:b86d15c6ba29 | 12604 | CYASSL_MSG("Got old format client hello"); |
Vanger | 0:b86d15c6ba29 | 12605 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 12606 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 12607 | AddPacketName("ClientHello", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 12608 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 12609 | AddLateName("ClientHello", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 12610 | #endif |
Vanger | 0:b86d15c6ba29 | 12611 | |
Vanger | 0:b86d15c6ba29 | 12612 | /* manually hash input since different format */ |
Vanger | 0:b86d15c6ba29 | 12613 | #ifndef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 12614 | #ifndef NO_MD5 |
Vanger | 0:b86d15c6ba29 | 12615 | Md5Update(&ssl->hashMd5, input + idx, sz); |
Vanger | 0:b86d15c6ba29 | 12616 | #endif |
Vanger | 0:b86d15c6ba29 | 12617 | #ifndef NO_SHA |
Vanger | 0:b86d15c6ba29 | 12618 | ShaUpdate(&ssl->hashSha, input + idx, sz); |
Vanger | 0:b86d15c6ba29 | 12619 | #endif |
Vanger | 0:b86d15c6ba29 | 12620 | #endif |
Vanger | 0:b86d15c6ba29 | 12621 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 12622 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 12623 | int shaRet = Sha256Update(&ssl->hashSha256, input + idx, sz); |
Vanger | 0:b86d15c6ba29 | 12624 | |
Vanger | 0:b86d15c6ba29 | 12625 | if (shaRet != 0) |
Vanger | 0:b86d15c6ba29 | 12626 | return shaRet; |
Vanger | 0:b86d15c6ba29 | 12627 | } |
Vanger | 0:b86d15c6ba29 | 12628 | #endif |
Vanger | 0:b86d15c6ba29 | 12629 | |
Vanger | 0:b86d15c6ba29 | 12630 | /* does this value mean client_hello? */ |
Vanger | 0:b86d15c6ba29 | 12631 | idx++; |
Vanger | 0:b86d15c6ba29 | 12632 | |
Vanger | 0:b86d15c6ba29 | 12633 | /* version */ |
Vanger | 0:b86d15c6ba29 | 12634 | pv.major = input[idx++]; |
Vanger | 0:b86d15c6ba29 | 12635 | pv.minor = input[idx++]; |
Vanger | 0:b86d15c6ba29 | 12636 | ssl->chVersion = pv; /* store */ |
Vanger | 0:b86d15c6ba29 | 12637 | |
Vanger | 0:b86d15c6ba29 | 12638 | if (ssl->version.minor > pv.minor) { |
Vanger | 0:b86d15c6ba29 | 12639 | byte haveRSA = 0; |
Vanger | 0:b86d15c6ba29 | 12640 | byte havePSK = 0; |
Vanger | 0:b86d15c6ba29 | 12641 | if (!ssl->options.downgrade) { |
Vanger | 0:b86d15c6ba29 | 12642 | CYASSL_MSG("Client trying to connect with lesser version"); |
Vanger | 0:b86d15c6ba29 | 12643 | return VERSION_ERROR; |
Vanger | 0:b86d15c6ba29 | 12644 | } |
Vanger | 0:b86d15c6ba29 | 12645 | if (pv.minor < ssl->options.minDowngrade) { |
Vanger | 0:b86d15c6ba29 | 12646 | CYASSL_MSG(" version below minimum allowed, fatal error"); |
Vanger | 0:b86d15c6ba29 | 12647 | return VERSION_ERROR; |
Vanger | 0:b86d15c6ba29 | 12648 | } |
Vanger | 0:b86d15c6ba29 | 12649 | if (pv.minor == SSLv3_MINOR) { |
Vanger | 0:b86d15c6ba29 | 12650 | /* turn off tls */ |
Vanger | 0:b86d15c6ba29 | 12651 | CYASSL_MSG(" downgrading to SSLv3"); |
Vanger | 0:b86d15c6ba29 | 12652 | ssl->options.tls = 0; |
Vanger | 0:b86d15c6ba29 | 12653 | ssl->options.tls1_1 = 0; |
Vanger | 0:b86d15c6ba29 | 12654 | ssl->version.minor = SSLv3_MINOR; |
Vanger | 0:b86d15c6ba29 | 12655 | } |
Vanger | 0:b86d15c6ba29 | 12656 | else if (pv.minor == TLSv1_MINOR) { |
Vanger | 0:b86d15c6ba29 | 12657 | CYASSL_MSG(" downgrading to TLSv1"); |
Vanger | 0:b86d15c6ba29 | 12658 | /* turn off tls 1.1+ */ |
Vanger | 0:b86d15c6ba29 | 12659 | ssl->options.tls1_1 = 0; |
Vanger | 0:b86d15c6ba29 | 12660 | ssl->version.minor = TLSv1_MINOR; |
Vanger | 0:b86d15c6ba29 | 12661 | } |
Vanger | 0:b86d15c6ba29 | 12662 | else if (pv.minor == TLSv1_1_MINOR) { |
Vanger | 0:b86d15c6ba29 | 12663 | CYASSL_MSG(" downgrading to TLSv1.1"); |
Vanger | 0:b86d15c6ba29 | 12664 | ssl->version.minor = TLSv1_1_MINOR; |
Vanger | 0:b86d15c6ba29 | 12665 | } |
Vanger | 0:b86d15c6ba29 | 12666 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 12667 | haveRSA = 1; |
Vanger | 0:b86d15c6ba29 | 12668 | #endif |
Vanger | 0:b86d15c6ba29 | 12669 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 12670 | havePSK = ssl->options.havePSK; |
Vanger | 0:b86d15c6ba29 | 12671 | #endif |
Vanger | 0:b86d15c6ba29 | 12672 | |
Vanger | 0:b86d15c6ba29 | 12673 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
Vanger | 0:b86d15c6ba29 | 12674 | ssl->options.haveDH, ssl->options.haveNTRU, |
Vanger | 0:b86d15c6ba29 | 12675 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
Vanger | 0:b86d15c6ba29 | 12676 | ssl->options.side); |
Vanger | 0:b86d15c6ba29 | 12677 | } |
Vanger | 0:b86d15c6ba29 | 12678 | |
Vanger | 0:b86d15c6ba29 | 12679 | /* suite size */ |
Vanger | 0:b86d15c6ba29 | 12680 | ato16(&input[idx], &clSuites.suiteSz); |
Vanger | 0:b86d15c6ba29 | 12681 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 12682 | |
Vanger | 0:b86d15c6ba29 | 12683 | if (clSuites.suiteSz > MAX_SUITE_SZ) |
Vanger | 0:b86d15c6ba29 | 12684 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12685 | clSuites.hashSigAlgoSz = 0; |
Vanger | 0:b86d15c6ba29 | 12686 | |
Vanger | 0:b86d15c6ba29 | 12687 | /* session size */ |
Vanger | 0:b86d15c6ba29 | 12688 | ato16(&input[idx], &sessionSz); |
Vanger | 0:b86d15c6ba29 | 12689 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 12690 | |
Vanger | 0:b86d15c6ba29 | 12691 | if (sessionSz > ID_LEN) |
Vanger | 0:b86d15c6ba29 | 12692 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12693 | |
Vanger | 0:b86d15c6ba29 | 12694 | /* random size */ |
Vanger | 0:b86d15c6ba29 | 12695 | ato16(&input[idx], &randomSz); |
Vanger | 0:b86d15c6ba29 | 12696 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 12697 | |
Vanger | 0:b86d15c6ba29 | 12698 | if (randomSz > RAN_LEN) |
Vanger | 0:b86d15c6ba29 | 12699 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12700 | |
Vanger | 0:b86d15c6ba29 | 12701 | /* suites */ |
Vanger | 0:b86d15c6ba29 | 12702 | for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) { |
Vanger | 0:b86d15c6ba29 | 12703 | byte first = input[idx++]; |
Vanger | 0:b86d15c6ba29 | 12704 | if (!first) { /* implicit: skip sslv2 type */ |
Vanger | 0:b86d15c6ba29 | 12705 | XMEMCPY(&clSuites.suites[j], &input[idx], 2); |
Vanger | 0:b86d15c6ba29 | 12706 | j += 2; |
Vanger | 0:b86d15c6ba29 | 12707 | } |
Vanger | 0:b86d15c6ba29 | 12708 | idx += 2; |
Vanger | 0:b86d15c6ba29 | 12709 | } |
Vanger | 0:b86d15c6ba29 | 12710 | clSuites.suiteSz = j; |
Vanger | 0:b86d15c6ba29 | 12711 | |
Vanger | 0:b86d15c6ba29 | 12712 | /* session id */ |
Vanger | 0:b86d15c6ba29 | 12713 | if (sessionSz) { |
Vanger | 0:b86d15c6ba29 | 12714 | XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz); |
Vanger | 0:b86d15c6ba29 | 12715 | idx += sessionSz; |
Vanger | 0:b86d15c6ba29 | 12716 | ssl->options.resuming = 1; |
Vanger | 0:b86d15c6ba29 | 12717 | } |
Vanger | 0:b86d15c6ba29 | 12718 | |
Vanger | 0:b86d15c6ba29 | 12719 | /* random */ |
Vanger | 0:b86d15c6ba29 | 12720 | if (randomSz < RAN_LEN) |
Vanger | 0:b86d15c6ba29 | 12721 | XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz); |
Vanger | 0:b86d15c6ba29 | 12722 | XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx, |
Vanger | 0:b86d15c6ba29 | 12723 | randomSz); |
Vanger | 0:b86d15c6ba29 | 12724 | idx += randomSz; |
Vanger | 0:b86d15c6ba29 | 12725 | |
Vanger | 0:b86d15c6ba29 | 12726 | if (ssl->options.usingCompression) |
Vanger | 0:b86d15c6ba29 | 12727 | ssl->options.usingCompression = 0; /* turn off */ |
Vanger | 0:b86d15c6ba29 | 12728 | |
Vanger | 0:b86d15c6ba29 | 12729 | ssl->options.clientState = CLIENT_HELLO_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 12730 | *inOutIdx = idx; |
Vanger | 0:b86d15c6ba29 | 12731 | |
Vanger | 0:b86d15c6ba29 | 12732 | ssl->options.haveSessionId = 1; |
Vanger | 0:b86d15c6ba29 | 12733 | /* DoClientHello uses same resume code */ |
Vanger | 0:b86d15c6ba29 | 12734 | if (ssl->options.resuming) { /* let's try */ |
Vanger | 0:b86d15c6ba29 | 12735 | int ret = -1; |
Vanger | 0:b86d15c6ba29 | 12736 | CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret); |
Vanger | 0:b86d15c6ba29 | 12737 | if (!session) { |
Vanger | 0:b86d15c6ba29 | 12738 | CYASSL_MSG("Session lookup for resume failed"); |
Vanger | 0:b86d15c6ba29 | 12739 | ssl->options.resuming = 0; |
Vanger | 0:b86d15c6ba29 | 12740 | } else { |
Vanger | 0:b86d15c6ba29 | 12741 | if (MatchSuite(ssl, &clSuites) < 0) { |
Vanger | 0:b86d15c6ba29 | 12742 | CYASSL_MSG("Unsupported cipher suite, OldClientHello"); |
Vanger | 0:b86d15c6ba29 | 12743 | return UNSUPPORTED_SUITE; |
Vanger | 0:b86d15c6ba29 | 12744 | } |
Vanger | 0:b86d15c6ba29 | 12745 | #ifdef SESSION_CERTS |
Vanger | 0:b86d15c6ba29 | 12746 | ssl->session = *session; /* restore session certs. */ |
Vanger | 0:b86d15c6ba29 | 12747 | #endif |
Vanger | 0:b86d15c6ba29 | 12748 | |
Vanger | 0:b86d15c6ba29 | 12749 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, |
Vanger | 0:b86d15c6ba29 | 12750 | RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 12751 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 12752 | return ret; |
Vanger | 0:b86d15c6ba29 | 12753 | |
Vanger | 0:b86d15c6ba29 | 12754 | #ifdef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 12755 | ret = DeriveTlsKeys(ssl); |
Vanger | 0:b86d15c6ba29 | 12756 | #else |
Vanger | 0:b86d15c6ba29 | 12757 | #ifndef NO_TLS |
Vanger | 0:b86d15c6ba29 | 12758 | if (ssl->options.tls) |
Vanger | 0:b86d15c6ba29 | 12759 | ret = DeriveTlsKeys(ssl); |
Vanger | 0:b86d15c6ba29 | 12760 | #endif |
Vanger | 0:b86d15c6ba29 | 12761 | if (!ssl->options.tls) |
Vanger | 0:b86d15c6ba29 | 12762 | ret = DeriveKeys(ssl); |
Vanger | 0:b86d15c6ba29 | 12763 | #endif |
Vanger | 0:b86d15c6ba29 | 12764 | ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 12765 | |
Vanger | 0:b86d15c6ba29 | 12766 | return ret; |
Vanger | 0:b86d15c6ba29 | 12767 | } |
Vanger | 0:b86d15c6ba29 | 12768 | } |
Vanger | 0:b86d15c6ba29 | 12769 | |
Vanger | 0:b86d15c6ba29 | 12770 | return MatchSuite(ssl, &clSuites); |
Vanger | 0:b86d15c6ba29 | 12771 | } |
Vanger | 0:b86d15c6ba29 | 12772 | |
Vanger | 0:b86d15c6ba29 | 12773 | #endif /* OLD_HELLO_ALLOWED */ |
Vanger | 0:b86d15c6ba29 | 12774 | |
Vanger | 0:b86d15c6ba29 | 12775 | |
Vanger | 0:b86d15c6ba29 | 12776 | static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 12777 | word32 helloSz) |
Vanger | 0:b86d15c6ba29 | 12778 | { |
Vanger | 0:b86d15c6ba29 | 12779 | byte b; |
Vanger | 0:b86d15c6ba29 | 12780 | ProtocolVersion pv; |
Vanger | 0:b86d15c6ba29 | 12781 | Suites clSuites; |
Vanger | 0:b86d15c6ba29 | 12782 | word32 i = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 12783 | word32 begin = i; |
Vanger | 0:b86d15c6ba29 | 12784 | |
Vanger | 0:b86d15c6ba29 | 12785 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 12786 | if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 12787 | if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 12788 | #endif |
Vanger | 0:b86d15c6ba29 | 12789 | |
Vanger | 0:b86d15c6ba29 | 12790 | /* protocol version, random and session id length check */ |
Vanger | 0:b86d15c6ba29 | 12791 | if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz) |
Vanger | 0:b86d15c6ba29 | 12792 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12793 | |
Vanger | 0:b86d15c6ba29 | 12794 | /* protocol version */ |
Vanger | 0:b86d15c6ba29 | 12795 | XMEMCPY(&pv, input + i, OPAQUE16_LEN); |
Vanger | 0:b86d15c6ba29 | 12796 | ssl->chVersion = pv; /* store */ |
Vanger | 0:b86d15c6ba29 | 12797 | i += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 12798 | |
Vanger | 0:b86d15c6ba29 | 12799 | if (ssl->version.minor > pv.minor) { |
Vanger | 0:b86d15c6ba29 | 12800 | byte haveRSA = 0; |
Vanger | 0:b86d15c6ba29 | 12801 | byte havePSK = 0; |
Vanger | 0:b86d15c6ba29 | 12802 | |
Vanger | 0:b86d15c6ba29 | 12803 | if (!ssl->options.downgrade) { |
Vanger | 0:b86d15c6ba29 | 12804 | CYASSL_MSG("Client trying to connect with lesser version"); |
Vanger | 0:b86d15c6ba29 | 12805 | return VERSION_ERROR; |
Vanger | 0:b86d15c6ba29 | 12806 | } |
Vanger | 0:b86d15c6ba29 | 12807 | if (pv.minor < ssl->options.minDowngrade) { |
Vanger | 0:b86d15c6ba29 | 12808 | CYASSL_MSG(" version below minimum allowed, fatal error"); |
Vanger | 0:b86d15c6ba29 | 12809 | return VERSION_ERROR; |
Vanger | 0:b86d15c6ba29 | 12810 | } |
Vanger | 0:b86d15c6ba29 | 12811 | |
Vanger | 0:b86d15c6ba29 | 12812 | if (pv.minor == SSLv3_MINOR) { |
Vanger | 0:b86d15c6ba29 | 12813 | /* turn off tls */ |
Vanger | 0:b86d15c6ba29 | 12814 | CYASSL_MSG(" downgrading to SSLv3"); |
Vanger | 0:b86d15c6ba29 | 12815 | ssl->options.tls = 0; |
Vanger | 0:b86d15c6ba29 | 12816 | ssl->options.tls1_1 = 0; |
Vanger | 0:b86d15c6ba29 | 12817 | ssl->version.minor = SSLv3_MINOR; |
Vanger | 0:b86d15c6ba29 | 12818 | } |
Vanger | 0:b86d15c6ba29 | 12819 | else if (pv.minor == TLSv1_MINOR) { |
Vanger | 0:b86d15c6ba29 | 12820 | /* turn off tls 1.1+ */ |
Vanger | 0:b86d15c6ba29 | 12821 | CYASSL_MSG(" downgrading to TLSv1"); |
Vanger | 0:b86d15c6ba29 | 12822 | ssl->options.tls1_1 = 0; |
Vanger | 0:b86d15c6ba29 | 12823 | ssl->version.minor = TLSv1_MINOR; |
Vanger | 0:b86d15c6ba29 | 12824 | } |
Vanger | 0:b86d15c6ba29 | 12825 | else if (pv.minor == TLSv1_1_MINOR) { |
Vanger | 0:b86d15c6ba29 | 12826 | CYASSL_MSG(" downgrading to TLSv1.1"); |
Vanger | 0:b86d15c6ba29 | 12827 | ssl->version.minor = TLSv1_1_MINOR; |
Vanger | 0:b86d15c6ba29 | 12828 | } |
Vanger | 0:b86d15c6ba29 | 12829 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 12830 | haveRSA = 1; |
Vanger | 0:b86d15c6ba29 | 12831 | #endif |
Vanger | 0:b86d15c6ba29 | 12832 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 12833 | havePSK = ssl->options.havePSK; |
Vanger | 0:b86d15c6ba29 | 12834 | #endif |
Vanger | 0:b86d15c6ba29 | 12835 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
Vanger | 0:b86d15c6ba29 | 12836 | ssl->options.haveDH, ssl->options.haveNTRU, |
Vanger | 0:b86d15c6ba29 | 12837 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
Vanger | 0:b86d15c6ba29 | 12838 | ssl->options.side); |
Vanger | 0:b86d15c6ba29 | 12839 | } |
Vanger | 0:b86d15c6ba29 | 12840 | |
Vanger | 0:b86d15c6ba29 | 12841 | /* random */ |
Vanger | 0:b86d15c6ba29 | 12842 | XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 12843 | i += RAN_LEN; |
Vanger | 0:b86d15c6ba29 | 12844 | |
Vanger | 0:b86d15c6ba29 | 12845 | #ifdef SHOW_SECRETS |
Vanger | 0:b86d15c6ba29 | 12846 | { |
Vanger | 0:b86d15c6ba29 | 12847 | int j; |
Vanger | 0:b86d15c6ba29 | 12848 | printf("client random: "); |
Vanger | 0:b86d15c6ba29 | 12849 | for (j = 0; j < RAN_LEN; j++) |
Vanger | 0:b86d15c6ba29 | 12850 | printf("%02x", ssl->arrays->clientRandom[j]); |
Vanger | 0:b86d15c6ba29 | 12851 | printf("\n"); |
Vanger | 0:b86d15c6ba29 | 12852 | } |
Vanger | 0:b86d15c6ba29 | 12853 | #endif |
Vanger | 0:b86d15c6ba29 | 12854 | |
Vanger | 0:b86d15c6ba29 | 12855 | /* session id */ |
Vanger | 0:b86d15c6ba29 | 12856 | b = input[i++]; |
Vanger | 0:b86d15c6ba29 | 12857 | |
Vanger | 0:b86d15c6ba29 | 12858 | if (b == ID_LEN) { |
Vanger | 0:b86d15c6ba29 | 12859 | if ((i - begin) + ID_LEN > helloSz) |
Vanger | 0:b86d15c6ba29 | 12860 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12861 | |
Vanger | 0:b86d15c6ba29 | 12862 | XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN); |
Vanger | 0:b86d15c6ba29 | 12863 | i += ID_LEN; |
Vanger | 0:b86d15c6ba29 | 12864 | ssl->options.resuming = 1; /* client wants to resume */ |
Vanger | 0:b86d15c6ba29 | 12865 | CYASSL_MSG("Client wants to resume session"); |
Vanger | 0:b86d15c6ba29 | 12866 | } |
Vanger | 0:b86d15c6ba29 | 12867 | else if (b) { |
Vanger | 0:b86d15c6ba29 | 12868 | CYASSL_MSG("Invalid session ID size"); |
Vanger | 0:b86d15c6ba29 | 12869 | return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */ |
Vanger | 0:b86d15c6ba29 | 12870 | } |
Vanger | 0:b86d15c6ba29 | 12871 | |
Vanger | 0:b86d15c6ba29 | 12872 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 12873 | /* cookie */ |
Vanger | 0:b86d15c6ba29 | 12874 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 12875 | |
Vanger | 0:b86d15c6ba29 | 12876 | if ((i - begin) + OPAQUE8_LEN > helloSz) |
Vanger | 0:b86d15c6ba29 | 12877 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12878 | |
Vanger | 0:b86d15c6ba29 | 12879 | b = input[i++]; |
Vanger | 0:b86d15c6ba29 | 12880 | |
Vanger | 0:b86d15c6ba29 | 12881 | if (b) { |
Vanger | 0:b86d15c6ba29 | 12882 | byte cookie[MAX_COOKIE_LEN]; |
Vanger | 0:b86d15c6ba29 | 12883 | |
Vanger | 0:b86d15c6ba29 | 12884 | if (b > MAX_COOKIE_LEN) |
Vanger | 0:b86d15c6ba29 | 12885 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12886 | |
Vanger | 0:b86d15c6ba29 | 12887 | if ((i - begin) + b > helloSz) |
Vanger | 0:b86d15c6ba29 | 12888 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12889 | |
Vanger | 0:b86d15c6ba29 | 12890 | if (ssl->ctx->CBIOCookie == NULL) { |
Vanger | 0:b86d15c6ba29 | 12891 | CYASSL_MSG("Your Cookie callback is null, please set"); |
Vanger | 0:b86d15c6ba29 | 12892 | return COOKIE_ERROR; |
Vanger | 0:b86d15c6ba29 | 12893 | } |
Vanger | 0:b86d15c6ba29 | 12894 | |
Vanger | 0:b86d15c6ba29 | 12895 | if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ, |
Vanger | 0:b86d15c6ba29 | 12896 | ssl->IOCB_CookieCtx) != COOKIE_SZ) |
Vanger | 0:b86d15c6ba29 | 12897 | || (b != COOKIE_SZ) |
Vanger | 0:b86d15c6ba29 | 12898 | || (XMEMCMP(cookie, input + i, b) != 0)) { |
Vanger | 0:b86d15c6ba29 | 12899 | return COOKIE_ERROR; |
Vanger | 0:b86d15c6ba29 | 12900 | } |
Vanger | 0:b86d15c6ba29 | 12901 | |
Vanger | 0:b86d15c6ba29 | 12902 | i += b; |
Vanger | 0:b86d15c6ba29 | 12903 | } |
Vanger | 0:b86d15c6ba29 | 12904 | } |
Vanger | 0:b86d15c6ba29 | 12905 | #endif |
Vanger | 0:b86d15c6ba29 | 12906 | |
Vanger | 0:b86d15c6ba29 | 12907 | /* suites */ |
Vanger | 0:b86d15c6ba29 | 12908 | if ((i - begin) + OPAQUE16_LEN > helloSz) |
Vanger | 0:b86d15c6ba29 | 12909 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12910 | |
Vanger | 0:b86d15c6ba29 | 12911 | ato16(&input[i], &clSuites.suiteSz); |
Vanger | 0:b86d15c6ba29 | 12912 | i += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 12913 | |
Vanger | 0:b86d15c6ba29 | 12914 | /* suites and compression length check */ |
Vanger | 0:b86d15c6ba29 | 12915 | if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz) |
Vanger | 0:b86d15c6ba29 | 12916 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12917 | |
Vanger | 0:b86d15c6ba29 | 12918 | if (clSuites.suiteSz > MAX_SUITE_SZ) |
Vanger | 0:b86d15c6ba29 | 12919 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12920 | |
Vanger | 0:b86d15c6ba29 | 12921 | XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz); |
Vanger | 0:b86d15c6ba29 | 12922 | i += clSuites.suiteSz; |
Vanger | 0:b86d15c6ba29 | 12923 | clSuites.hashSigAlgoSz = 0; |
Vanger | 0:b86d15c6ba29 | 12924 | |
Vanger | 0:b86d15c6ba29 | 12925 | /* compression length */ |
Vanger | 0:b86d15c6ba29 | 12926 | b = input[i++]; |
Vanger | 0:b86d15c6ba29 | 12927 | |
Vanger | 0:b86d15c6ba29 | 12928 | if ((i - begin) + b > helloSz) |
Vanger | 0:b86d15c6ba29 | 12929 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12930 | |
Vanger | 0:b86d15c6ba29 | 12931 | if (ssl->options.usingCompression) { |
Vanger | 0:b86d15c6ba29 | 12932 | int match = 0; |
Vanger | 0:b86d15c6ba29 | 12933 | |
Vanger | 0:b86d15c6ba29 | 12934 | while (b--) { |
Vanger | 0:b86d15c6ba29 | 12935 | byte comp = input[i++]; |
Vanger | 0:b86d15c6ba29 | 12936 | |
Vanger | 0:b86d15c6ba29 | 12937 | if (comp == ZLIB_COMPRESSION) |
Vanger | 0:b86d15c6ba29 | 12938 | match = 1; |
Vanger | 0:b86d15c6ba29 | 12939 | } |
Vanger | 0:b86d15c6ba29 | 12940 | |
Vanger | 0:b86d15c6ba29 | 12941 | if (!match) { |
Vanger | 0:b86d15c6ba29 | 12942 | CYASSL_MSG("Not matching compression, turning off"); |
Vanger | 0:b86d15c6ba29 | 12943 | ssl->options.usingCompression = 0; /* turn off */ |
Vanger | 0:b86d15c6ba29 | 12944 | } |
Vanger | 0:b86d15c6ba29 | 12945 | } |
Vanger | 0:b86d15c6ba29 | 12946 | else |
Vanger | 0:b86d15c6ba29 | 12947 | i += b; /* ignore, since we're not on */ |
Vanger | 0:b86d15c6ba29 | 12948 | |
Vanger | 0:b86d15c6ba29 | 12949 | *inOutIdx = i; |
Vanger | 0:b86d15c6ba29 | 12950 | |
Vanger | 0:b86d15c6ba29 | 12951 | /* tls extensions */ |
Vanger | 0:b86d15c6ba29 | 12952 | if ((i - begin) < helloSz) { |
Vanger | 0:b86d15c6ba29 | 12953 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 12954 | if (TLSX_SupportExtensions(ssl)) { |
Vanger | 0:b86d15c6ba29 | 12955 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 12956 | #else |
Vanger | 0:b86d15c6ba29 | 12957 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 12958 | #endif |
Vanger | 0:b86d15c6ba29 | 12959 | /* Process the hello extension. Skip unsupported. */ |
Vanger | 0:b86d15c6ba29 | 12960 | word16 totalExtSz; |
Vanger | 0:b86d15c6ba29 | 12961 | |
Vanger | 0:b86d15c6ba29 | 12962 | if ((i - begin) + OPAQUE16_LEN > helloSz) |
Vanger | 0:b86d15c6ba29 | 12963 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12964 | |
Vanger | 0:b86d15c6ba29 | 12965 | ato16(&input[i], &totalExtSz); |
Vanger | 0:b86d15c6ba29 | 12966 | i += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 12967 | |
Vanger | 0:b86d15c6ba29 | 12968 | if ((i - begin) + totalExtSz > helloSz) |
Vanger | 0:b86d15c6ba29 | 12969 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12970 | |
Vanger | 0:b86d15c6ba29 | 12971 | #ifdef HAVE_TLS_EXTENSIONS |
Vanger | 0:b86d15c6ba29 | 12972 | if ((ret = TLSX_Parse(ssl, (byte *) input + i, |
Vanger | 0:b86d15c6ba29 | 12973 | totalExtSz, 1, &clSuites))) |
Vanger | 0:b86d15c6ba29 | 12974 | return ret; |
Vanger | 0:b86d15c6ba29 | 12975 | |
Vanger | 0:b86d15c6ba29 | 12976 | i += totalExtSz; |
Vanger | 0:b86d15c6ba29 | 12977 | #else |
Vanger | 0:b86d15c6ba29 | 12978 | while (totalExtSz) { |
Vanger | 0:b86d15c6ba29 | 12979 | word16 extId, extSz; |
Vanger | 0:b86d15c6ba29 | 12980 | |
Vanger | 0:b86d15c6ba29 | 12981 | if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz) |
Vanger | 0:b86d15c6ba29 | 12982 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12983 | |
Vanger | 0:b86d15c6ba29 | 12984 | ato16(&input[i], &extId); |
Vanger | 0:b86d15c6ba29 | 12985 | i += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 12986 | ato16(&input[i], &extSz); |
Vanger | 0:b86d15c6ba29 | 12987 | i += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 12988 | |
Vanger | 0:b86d15c6ba29 | 12989 | if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz) |
Vanger | 0:b86d15c6ba29 | 12990 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12991 | |
Vanger | 0:b86d15c6ba29 | 12992 | if (extId == HELLO_EXT_SIG_ALGO) { |
Vanger | 0:b86d15c6ba29 | 12993 | ato16(&input[i], &clSuites.hashSigAlgoSz); |
Vanger | 0:b86d15c6ba29 | 12994 | i += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 12995 | |
Vanger | 0:b86d15c6ba29 | 12996 | if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz) |
Vanger | 0:b86d15c6ba29 | 12997 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 12998 | |
Vanger | 0:b86d15c6ba29 | 12999 | XMEMCPY(clSuites.hashSigAlgo, &input[i], |
Vanger | 0:b86d15c6ba29 | 13000 | min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX)); |
Vanger | 0:b86d15c6ba29 | 13001 | i += clSuites.hashSigAlgoSz; |
Vanger | 0:b86d15c6ba29 | 13002 | |
Vanger | 0:b86d15c6ba29 | 13003 | if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX) |
Vanger | 0:b86d15c6ba29 | 13004 | clSuites.hashSigAlgoSz = HELLO_EXT_SIGALGO_MAX; |
Vanger | 0:b86d15c6ba29 | 13005 | } |
Vanger | 0:b86d15c6ba29 | 13006 | else |
Vanger | 0:b86d15c6ba29 | 13007 | i += extSz; |
Vanger | 0:b86d15c6ba29 | 13008 | |
Vanger | 0:b86d15c6ba29 | 13009 | totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz; |
Vanger | 0:b86d15c6ba29 | 13010 | } |
Vanger | 0:b86d15c6ba29 | 13011 | #endif |
Vanger | 0:b86d15c6ba29 | 13012 | *inOutIdx = i; |
Vanger | 0:b86d15c6ba29 | 13013 | } |
Vanger | 0:b86d15c6ba29 | 13014 | else |
Vanger | 0:b86d15c6ba29 | 13015 | *inOutIdx = begin + helloSz; /* skip extensions */ |
Vanger | 0:b86d15c6ba29 | 13016 | } |
Vanger | 0:b86d15c6ba29 | 13017 | |
Vanger | 0:b86d15c6ba29 | 13018 | ssl->options.clientState = CLIENT_HELLO_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 13019 | ssl->options.haveSessionId = 1; |
Vanger | 0:b86d15c6ba29 | 13020 | |
Vanger | 0:b86d15c6ba29 | 13021 | /* ProcessOld uses same resume code */ |
Vanger | 0:b86d15c6ba29 | 13022 | if (ssl->options.resuming && (!ssl->options.dtls || |
Vanger | 0:b86d15c6ba29 | 13023 | ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */ |
Vanger | 0:b86d15c6ba29 | 13024 | int ret = -1; |
Vanger | 0:b86d15c6ba29 | 13025 | CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret); |
Vanger | 0:b86d15c6ba29 | 13026 | |
Vanger | 0:b86d15c6ba29 | 13027 | if (!session) { |
Vanger | 0:b86d15c6ba29 | 13028 | CYASSL_MSG("Session lookup for resume failed"); |
Vanger | 0:b86d15c6ba29 | 13029 | ssl->options.resuming = 0; |
Vanger | 0:b86d15c6ba29 | 13030 | } |
Vanger | 0:b86d15c6ba29 | 13031 | else { |
Vanger | 0:b86d15c6ba29 | 13032 | if (MatchSuite(ssl, &clSuites) < 0) { |
Vanger | 0:b86d15c6ba29 | 13033 | CYASSL_MSG("Unsupported cipher suite, ClientHello"); |
Vanger | 0:b86d15c6ba29 | 13034 | return UNSUPPORTED_SUITE; |
Vanger | 0:b86d15c6ba29 | 13035 | } |
Vanger | 0:b86d15c6ba29 | 13036 | #ifdef SESSION_CERTS |
Vanger | 0:b86d15c6ba29 | 13037 | ssl->session = *session; /* restore session certs. */ |
Vanger | 0:b86d15c6ba29 | 13038 | #endif |
Vanger | 0:b86d15c6ba29 | 13039 | |
Vanger | 0:b86d15c6ba29 | 13040 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, |
Vanger | 0:b86d15c6ba29 | 13041 | RAN_LEN); |
Vanger | 0:b86d15c6ba29 | 13042 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 13043 | return ret; |
Vanger | 0:b86d15c6ba29 | 13044 | |
Vanger | 0:b86d15c6ba29 | 13045 | #ifdef NO_OLD_TLS |
Vanger | 0:b86d15c6ba29 | 13046 | ret = DeriveTlsKeys(ssl); |
Vanger | 0:b86d15c6ba29 | 13047 | #else |
Vanger | 0:b86d15c6ba29 | 13048 | #ifndef NO_TLS |
Vanger | 0:b86d15c6ba29 | 13049 | if (ssl->options.tls) |
Vanger | 0:b86d15c6ba29 | 13050 | ret = DeriveTlsKeys(ssl); |
Vanger | 0:b86d15c6ba29 | 13051 | #endif |
Vanger | 0:b86d15c6ba29 | 13052 | if (!ssl->options.tls) |
Vanger | 0:b86d15c6ba29 | 13053 | ret = DeriveKeys(ssl); |
Vanger | 0:b86d15c6ba29 | 13054 | #endif |
Vanger | 0:b86d15c6ba29 | 13055 | ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 13056 | |
Vanger | 0:b86d15c6ba29 | 13057 | return ret; |
Vanger | 0:b86d15c6ba29 | 13058 | } |
Vanger | 0:b86d15c6ba29 | 13059 | } |
Vanger | 0:b86d15c6ba29 | 13060 | return MatchSuite(ssl, &clSuites); |
Vanger | 0:b86d15c6ba29 | 13061 | } |
Vanger | 0:b86d15c6ba29 | 13062 | |
Vanger | 0:b86d15c6ba29 | 13063 | #if !defined(NO_RSA) || defined(HAVE_ECC) |
Vanger | 0:b86d15c6ba29 | 13064 | static int DoCertificateVerify(CYASSL* ssl, byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 13065 | word32 size) |
Vanger | 0:b86d15c6ba29 | 13066 | { |
Vanger | 0:b86d15c6ba29 | 13067 | word16 sz = 0; |
Vanger | 0:b86d15c6ba29 | 13068 | int ret = VERIFY_CERT_ERROR; /* start in error state */ |
Vanger | 0:b86d15c6ba29 | 13069 | byte hashAlgo = sha_mac; |
Vanger | 0:b86d15c6ba29 | 13070 | byte sigAlgo = anonymous_sa_algo; |
Vanger | 0:b86d15c6ba29 | 13071 | word32 begin = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 13072 | |
Vanger | 0:b86d15c6ba29 | 13073 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13074 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 13075 | AddPacketName("CertificateVerify", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 13076 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 13077 | AddLateName("CertificateVerify", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 13078 | #endif |
Vanger | 0:b86d15c6ba29 | 13079 | |
Vanger | 0:b86d15c6ba29 | 13080 | |
Vanger | 0:b86d15c6ba29 | 13081 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 13082 | if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size) |
Vanger | 0:b86d15c6ba29 | 13083 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13084 | |
Vanger | 0:b86d15c6ba29 | 13085 | hashAlgo = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 13086 | sigAlgo = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 13087 | } |
Vanger | 0:b86d15c6ba29 | 13088 | |
Vanger | 0:b86d15c6ba29 | 13089 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 13090 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13091 | |
Vanger | 0:b86d15c6ba29 | 13092 | ato16(input + *inOutIdx, &sz); |
Vanger | 0:b86d15c6ba29 | 13093 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13094 | |
Vanger | 0:b86d15c6ba29 | 13095 | if ((*inOutIdx - begin) + sz > size || sz > ENCRYPT_LEN) |
Vanger | 0:b86d15c6ba29 | 13096 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13097 | |
Vanger | 0:b86d15c6ba29 | 13098 | /* RSA */ |
Vanger | 0:b86d15c6ba29 | 13099 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 13100 | if (ssl->peerRsaKeyPresent != 0) { |
Vanger | 0:b86d15c6ba29 | 13101 | byte* out = NULL; |
Vanger | 0:b86d15c6ba29 | 13102 | int outLen = 0; |
Vanger | 0:b86d15c6ba29 | 13103 | byte doUserRsa = 0; |
Vanger | 0:b86d15c6ba29 | 13104 | |
Vanger | 0:b86d15c6ba29 | 13105 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13106 | if (ssl->ctx->RsaVerifyCb) |
Vanger | 0:b86d15c6ba29 | 13107 | doUserRsa = 1; |
Vanger | 0:b86d15c6ba29 | 13108 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 13109 | |
Vanger | 0:b86d15c6ba29 | 13110 | CYASSL_MSG("Doing RSA peer cert verify"); |
Vanger | 0:b86d15c6ba29 | 13111 | |
Vanger | 0:b86d15c6ba29 | 13112 | if (doUserRsa) { |
Vanger | 0:b86d15c6ba29 | 13113 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13114 | outLen = ssl->ctx->RsaVerifyCb(ssl, input + *inOutIdx, sz, |
Vanger | 0:b86d15c6ba29 | 13115 | &out, |
Vanger | 0:b86d15c6ba29 | 13116 | ssl->buffers.peerRsaKey.buffer, |
Vanger | 0:b86d15c6ba29 | 13117 | ssl->buffers.peerRsaKey.length, |
Vanger | 0:b86d15c6ba29 | 13118 | ssl->RsaVerifyCtx); |
Vanger | 0:b86d15c6ba29 | 13119 | #endif /*HAVE_PK_CALLBACKS */ |
Vanger | 0:b86d15c6ba29 | 13120 | } |
Vanger | 0:b86d15c6ba29 | 13121 | else { |
Vanger | 0:b86d15c6ba29 | 13122 | outLen = RsaSSL_VerifyInline(input + *inOutIdx, sz, &out, |
Vanger | 0:b86d15c6ba29 | 13123 | ssl->peerRsaKey); |
Vanger | 0:b86d15c6ba29 | 13124 | } |
Vanger | 0:b86d15c6ba29 | 13125 | |
Vanger | 0:b86d15c6ba29 | 13126 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 13127 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 13128 | byte* encodedSig = NULL; |
Vanger | 0:b86d15c6ba29 | 13129 | #else |
Vanger | 0:b86d15c6ba29 | 13130 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
Vanger | 0:b86d15c6ba29 | 13131 | #endif |
Vanger | 0:b86d15c6ba29 | 13132 | word32 sigSz; |
Vanger | 0:b86d15c6ba29 | 13133 | byte* digest = ssl->certHashes.sha; |
Vanger | 0:b86d15c6ba29 | 13134 | int typeH = SHAh; |
Vanger | 0:b86d15c6ba29 | 13135 | int digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 13136 | |
Vanger | 0:b86d15c6ba29 | 13137 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 13138 | encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, |
Vanger | 0:b86d15c6ba29 | 13139 | DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 13140 | if (encodedSig == NULL) |
Vanger | 0:b86d15c6ba29 | 13141 | return MEMORY_E; |
Vanger | 0:b86d15c6ba29 | 13142 | #endif |
Vanger | 0:b86d15c6ba29 | 13143 | |
Vanger | 0:b86d15c6ba29 | 13144 | if (sigAlgo != rsa_sa_algo) { |
Vanger | 0:b86d15c6ba29 | 13145 | CYASSL_MSG("Oops, peer sent RSA key but not in verify"); |
Vanger | 0:b86d15c6ba29 | 13146 | } |
Vanger | 0:b86d15c6ba29 | 13147 | |
Vanger | 0:b86d15c6ba29 | 13148 | if (hashAlgo == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 13149 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 13150 | digest = ssl->certHashes.sha256; |
Vanger | 0:b86d15c6ba29 | 13151 | typeH = SHA256h; |
Vanger | 0:b86d15c6ba29 | 13152 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 13153 | #endif |
Vanger | 0:b86d15c6ba29 | 13154 | } |
Vanger | 0:b86d15c6ba29 | 13155 | else if (hashAlgo == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 13156 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 13157 | digest = ssl->certHashes.sha384; |
Vanger | 0:b86d15c6ba29 | 13158 | typeH = SHA384h; |
Vanger | 0:b86d15c6ba29 | 13159 | digestSz = SHA384_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 13160 | #endif |
Vanger | 0:b86d15c6ba29 | 13161 | } |
Vanger | 0:b86d15c6ba29 | 13162 | |
Vanger | 0:b86d15c6ba29 | 13163 | sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); |
Vanger | 0:b86d15c6ba29 | 13164 | |
Vanger | 0:b86d15c6ba29 | 13165 | if (outLen == (int)sigSz && out && XMEMCMP(out, encodedSig, |
Vanger | 0:b86d15c6ba29 | 13166 | min(sigSz, MAX_ENCODED_SIG_SZ)) == 0) |
Vanger | 0:b86d15c6ba29 | 13167 | ret = 0; /* verified */ |
Vanger | 0:b86d15c6ba29 | 13168 | |
Vanger | 0:b86d15c6ba29 | 13169 | #ifdef CYASSL_SMALL_STACK |
Vanger | 0:b86d15c6ba29 | 13170 | XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
Vanger | 0:b86d15c6ba29 | 13171 | #endif |
Vanger | 0:b86d15c6ba29 | 13172 | } |
Vanger | 0:b86d15c6ba29 | 13173 | else { |
Vanger | 0:b86d15c6ba29 | 13174 | if (outLen == FINISHED_SZ && out && XMEMCMP(out, |
Vanger | 0:b86d15c6ba29 | 13175 | &ssl->certHashes, FINISHED_SZ) == 0) |
Vanger | 0:b86d15c6ba29 | 13176 | ret = 0; /* verified */ |
Vanger | 0:b86d15c6ba29 | 13177 | } |
Vanger | 0:b86d15c6ba29 | 13178 | } |
Vanger | 0:b86d15c6ba29 | 13179 | #endif |
Vanger | 0:b86d15c6ba29 | 13180 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 13181 | if (ssl->peerEccDsaKeyPresent) { |
Vanger | 0:b86d15c6ba29 | 13182 | int verify = 0; |
Vanger | 0:b86d15c6ba29 | 13183 | int err = -1; |
Vanger | 0:b86d15c6ba29 | 13184 | byte* digest = ssl->certHashes.sha; |
Vanger | 0:b86d15c6ba29 | 13185 | word32 digestSz = SHA_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 13186 | byte doUserEcc = 0; |
Vanger | 0:b86d15c6ba29 | 13187 | |
Vanger | 0:b86d15c6ba29 | 13188 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13189 | if (ssl->ctx->EccVerifyCb) |
Vanger | 0:b86d15c6ba29 | 13190 | doUserEcc = 1; |
Vanger | 0:b86d15c6ba29 | 13191 | #endif |
Vanger | 0:b86d15c6ba29 | 13192 | |
Vanger | 0:b86d15c6ba29 | 13193 | CYASSL_MSG("Doing ECC peer cert verify"); |
Vanger | 0:b86d15c6ba29 | 13194 | |
Vanger | 0:b86d15c6ba29 | 13195 | if (IsAtLeastTLSv1_2(ssl)) { |
Vanger | 0:b86d15c6ba29 | 13196 | if (sigAlgo != ecc_dsa_sa_algo) { |
Vanger | 0:b86d15c6ba29 | 13197 | CYASSL_MSG("Oops, peer sent ECC key but not in verify"); |
Vanger | 0:b86d15c6ba29 | 13198 | } |
Vanger | 0:b86d15c6ba29 | 13199 | |
Vanger | 0:b86d15c6ba29 | 13200 | if (hashAlgo == sha256_mac) { |
Vanger | 0:b86d15c6ba29 | 13201 | #ifndef NO_SHA256 |
Vanger | 0:b86d15c6ba29 | 13202 | digest = ssl->certHashes.sha256; |
Vanger | 0:b86d15c6ba29 | 13203 | digestSz = SHA256_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 13204 | #endif |
Vanger | 0:b86d15c6ba29 | 13205 | } |
Vanger | 0:b86d15c6ba29 | 13206 | else if (hashAlgo == sha384_mac) { |
Vanger | 0:b86d15c6ba29 | 13207 | #ifdef CYASSL_SHA384 |
Vanger | 0:b86d15c6ba29 | 13208 | digest = ssl->certHashes.sha384; |
Vanger | 0:b86d15c6ba29 | 13209 | digestSz = SHA384_DIGEST_SIZE; |
Vanger | 0:b86d15c6ba29 | 13210 | #endif |
Vanger | 0:b86d15c6ba29 | 13211 | } |
Vanger | 0:b86d15c6ba29 | 13212 | } |
Vanger | 0:b86d15c6ba29 | 13213 | |
Vanger | 0:b86d15c6ba29 | 13214 | if (doUserEcc) { |
Vanger | 0:b86d15c6ba29 | 13215 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13216 | ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, sz, digest, |
Vanger | 0:b86d15c6ba29 | 13217 | digestSz, |
Vanger | 0:b86d15c6ba29 | 13218 | ssl->buffers.peerEccDsaKey.buffer, |
Vanger | 0:b86d15c6ba29 | 13219 | ssl->buffers.peerEccDsaKey.length, |
Vanger | 0:b86d15c6ba29 | 13220 | &verify, ssl->EccVerifyCtx); |
Vanger | 0:b86d15c6ba29 | 13221 | #endif |
Vanger | 0:b86d15c6ba29 | 13222 | } |
Vanger | 0:b86d15c6ba29 | 13223 | else { |
Vanger | 0:b86d15c6ba29 | 13224 | err = ecc_verify_hash(input + *inOutIdx, sz, digest, digestSz, |
Vanger | 0:b86d15c6ba29 | 13225 | &verify, ssl->peerEccDsaKey); |
Vanger | 0:b86d15c6ba29 | 13226 | } |
Vanger | 0:b86d15c6ba29 | 13227 | |
Vanger | 0:b86d15c6ba29 | 13228 | if (err == 0 && verify == 1) |
Vanger | 0:b86d15c6ba29 | 13229 | ret = 0; /* verified */ |
Vanger | 0:b86d15c6ba29 | 13230 | } |
Vanger | 0:b86d15c6ba29 | 13231 | #endif |
Vanger | 0:b86d15c6ba29 | 13232 | *inOutIdx += sz; |
Vanger | 0:b86d15c6ba29 | 13233 | |
Vanger | 0:b86d15c6ba29 | 13234 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 13235 | ssl->options.havePeerVerify = 1; |
Vanger | 0:b86d15c6ba29 | 13236 | |
Vanger | 0:b86d15c6ba29 | 13237 | return ret; |
Vanger | 0:b86d15c6ba29 | 13238 | } |
Vanger | 0:b86d15c6ba29 | 13239 | #endif /* !NO_RSA || HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 13240 | |
Vanger | 0:b86d15c6ba29 | 13241 | int SendServerHelloDone(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 13242 | { |
Vanger | 0:b86d15c6ba29 | 13243 | byte *output; |
Vanger | 0:b86d15c6ba29 | 13244 | int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 13245 | int ret; |
Vanger | 0:b86d15c6ba29 | 13246 | |
Vanger | 0:b86d15c6ba29 | 13247 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 13248 | if (ssl->options.dtls) |
Vanger | 0:b86d15c6ba29 | 13249 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
Vanger | 0:b86d15c6ba29 | 13250 | #endif |
Vanger | 0:b86d15c6ba29 | 13251 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 13252 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 13253 | return ret; |
Vanger | 0:b86d15c6ba29 | 13254 | |
Vanger | 0:b86d15c6ba29 | 13255 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 13256 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 13257 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 13258 | |
Vanger | 0:b86d15c6ba29 | 13259 | AddHeaders(output, 0, server_hello_done, ssl); |
Vanger | 0:b86d15c6ba29 | 13260 | |
Vanger | 0:b86d15c6ba29 | 13261 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 13262 | if (ssl->options.dtls) { |
Vanger | 0:b86d15c6ba29 | 13263 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 13264 | return 0; |
Vanger | 0:b86d15c6ba29 | 13265 | } |
Vanger | 0:b86d15c6ba29 | 13266 | #endif |
Vanger | 0:b86d15c6ba29 | 13267 | |
Vanger | 0:b86d15c6ba29 | 13268 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 13269 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 13270 | return ret; |
Vanger | 0:b86d15c6ba29 | 13271 | |
Vanger | 0:b86d15c6ba29 | 13272 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13273 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 13274 | AddPacketName("ServerHelloDone", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 13275 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 13276 | AddPacketInfo("ServerHelloDone", &ssl->timeoutInfo, output, sendSz, |
Vanger | 0:b86d15c6ba29 | 13277 | ssl->heap); |
Vanger | 0:b86d15c6ba29 | 13278 | #endif |
Vanger | 0:b86d15c6ba29 | 13279 | ssl->options.serverState = SERVER_HELLODONE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 13280 | |
Vanger | 0:b86d15c6ba29 | 13281 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 13282 | |
Vanger | 0:b86d15c6ba29 | 13283 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 13284 | } |
Vanger | 0:b86d15c6ba29 | 13285 | |
Vanger | 0:b86d15c6ba29 | 13286 | #ifdef CYASSL_DTLS |
Vanger | 0:b86d15c6ba29 | 13287 | int SendHelloVerifyRequest(CYASSL* ssl) |
Vanger | 0:b86d15c6ba29 | 13288 | { |
Vanger | 0:b86d15c6ba29 | 13289 | byte* output; |
Vanger | 0:b86d15c6ba29 | 13290 | byte cookieSz = COOKIE_SZ; |
Vanger | 0:b86d15c6ba29 | 13291 | int length = VERSION_SZ + ENUM_LEN + cookieSz; |
Vanger | 0:b86d15c6ba29 | 13292 | int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ; |
Vanger | 0:b86d15c6ba29 | 13293 | int sendSz = length + idx; |
Vanger | 0:b86d15c6ba29 | 13294 | int ret; |
Vanger | 0:b86d15c6ba29 | 13295 | |
Vanger | 0:b86d15c6ba29 | 13296 | /* check for available size */ |
Vanger | 0:b86d15c6ba29 | 13297 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
Vanger | 0:b86d15c6ba29 | 13298 | return ret; |
Vanger | 0:b86d15c6ba29 | 13299 | |
Vanger | 0:b86d15c6ba29 | 13300 | /* get ouput buffer */ |
Vanger | 0:b86d15c6ba29 | 13301 | output = ssl->buffers.outputBuffer.buffer + |
Vanger | 0:b86d15c6ba29 | 13302 | ssl->buffers.outputBuffer.length; |
Vanger | 0:b86d15c6ba29 | 13303 | |
Vanger | 0:b86d15c6ba29 | 13304 | AddHeaders(output, length, hello_verify_request, ssl); |
Vanger | 0:b86d15c6ba29 | 13305 | |
Vanger | 0:b86d15c6ba29 | 13306 | output[idx++] = ssl->chVersion.major; |
Vanger | 0:b86d15c6ba29 | 13307 | output[idx++] = ssl->chVersion.minor; |
Vanger | 0:b86d15c6ba29 | 13308 | |
Vanger | 0:b86d15c6ba29 | 13309 | output[idx++] = cookieSz; |
Vanger | 0:b86d15c6ba29 | 13310 | if (ssl->ctx->CBIOCookie == NULL) { |
Vanger | 0:b86d15c6ba29 | 13311 | CYASSL_MSG("Your Cookie callback is null, please set"); |
Vanger | 0:b86d15c6ba29 | 13312 | return COOKIE_ERROR; |
Vanger | 0:b86d15c6ba29 | 13313 | } |
Vanger | 0:b86d15c6ba29 | 13314 | if ((ret = ssl->ctx->CBIOCookie(ssl, output + idx, cookieSz, |
Vanger | 0:b86d15c6ba29 | 13315 | ssl->IOCB_CookieCtx)) < 0) |
Vanger | 0:b86d15c6ba29 | 13316 | return ret; |
Vanger | 0:b86d15c6ba29 | 13317 | |
Vanger | 0:b86d15c6ba29 | 13318 | ret = HashOutput(ssl, output, sendSz, 0); |
Vanger | 0:b86d15c6ba29 | 13319 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 13320 | return ret; |
Vanger | 0:b86d15c6ba29 | 13321 | |
Vanger | 0:b86d15c6ba29 | 13322 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13323 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 13324 | AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 13325 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 13326 | AddPacketInfo("HelloVerifyRequest", &ssl->timeoutInfo, output, |
Vanger | 0:b86d15c6ba29 | 13327 | sendSz, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 13328 | #endif |
Vanger | 0:b86d15c6ba29 | 13329 | ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 13330 | |
Vanger | 0:b86d15c6ba29 | 13331 | ssl->buffers.outputBuffer.length += sendSz; |
Vanger | 0:b86d15c6ba29 | 13332 | |
Vanger | 0:b86d15c6ba29 | 13333 | return SendBuffered(ssl); |
Vanger | 0:b86d15c6ba29 | 13334 | } |
Vanger | 0:b86d15c6ba29 | 13335 | #endif |
Vanger | 0:b86d15c6ba29 | 13336 | |
Vanger | 0:b86d15c6ba29 | 13337 | static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32* inOutIdx, |
Vanger | 0:b86d15c6ba29 | 13338 | word32 size) |
Vanger | 0:b86d15c6ba29 | 13339 | { |
Vanger | 0:b86d15c6ba29 | 13340 | int ret = 0; |
Vanger | 0:b86d15c6ba29 | 13341 | word32 length = 0; |
Vanger | 0:b86d15c6ba29 | 13342 | byte* out = NULL; |
Vanger | 0:b86d15c6ba29 | 13343 | word32 begin = *inOutIdx; |
Vanger | 0:b86d15c6ba29 | 13344 | |
Vanger | 0:b86d15c6ba29 | 13345 | (void)length; /* shut up compiler warnings */ |
Vanger | 0:b86d15c6ba29 | 13346 | (void)out; |
Vanger | 0:b86d15c6ba29 | 13347 | (void)input; |
Vanger | 0:b86d15c6ba29 | 13348 | (void)size; |
Vanger | 0:b86d15c6ba29 | 13349 | (void)begin; |
Vanger | 0:b86d15c6ba29 | 13350 | |
Vanger | 0:b86d15c6ba29 | 13351 | if (ssl->options.side != CYASSL_SERVER_END) { |
Vanger | 0:b86d15c6ba29 | 13352 | CYASSL_MSG("Client received client keyexchange, attack?"); |
Vanger | 0:b86d15c6ba29 | 13353 | CYASSL_ERROR(ssl->error = SIDE_ERROR); |
Vanger | 0:b86d15c6ba29 | 13354 | return SSL_FATAL_ERROR; |
Vanger | 0:b86d15c6ba29 | 13355 | } |
Vanger | 0:b86d15c6ba29 | 13356 | |
Vanger | 0:b86d15c6ba29 | 13357 | if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { |
Vanger | 0:b86d15c6ba29 | 13358 | CYASSL_MSG("Client sending keyexchange at wrong time"); |
Vanger | 0:b86d15c6ba29 | 13359 | SendAlert(ssl, alert_fatal, unexpected_message); |
Vanger | 0:b86d15c6ba29 | 13360 | return OUT_OF_ORDER_E; |
Vanger | 0:b86d15c6ba29 | 13361 | } |
Vanger | 0:b86d15c6ba29 | 13362 | |
Vanger | 0:b86d15c6ba29 | 13363 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 13364 | if (ssl->options.verifyPeer && ssl->options.failNoCert) |
Vanger | 0:b86d15c6ba29 | 13365 | if (!ssl->options.havePeerCert) { |
Vanger | 0:b86d15c6ba29 | 13366 | CYASSL_MSG("client didn't present peer cert"); |
Vanger | 0:b86d15c6ba29 | 13367 | return NO_PEER_CERT; |
Vanger | 0:b86d15c6ba29 | 13368 | } |
Vanger | 0:b86d15c6ba29 | 13369 | #endif |
Vanger | 0:b86d15c6ba29 | 13370 | |
Vanger | 0:b86d15c6ba29 | 13371 | #ifdef CYASSL_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13372 | if (ssl->hsInfoOn) |
Vanger | 0:b86d15c6ba29 | 13373 | AddPacketName("ClientKeyExchange", &ssl->handShakeInfo); |
Vanger | 0:b86d15c6ba29 | 13374 | if (ssl->toInfoOn) |
Vanger | 0:b86d15c6ba29 | 13375 | AddLateName("ClientKeyExchange", &ssl->timeoutInfo); |
Vanger | 0:b86d15c6ba29 | 13376 | #endif |
Vanger | 0:b86d15c6ba29 | 13377 | |
Vanger | 0:b86d15c6ba29 | 13378 | switch (ssl->specs.kea) { |
Vanger | 0:b86d15c6ba29 | 13379 | #ifndef NO_RSA |
Vanger | 0:b86d15c6ba29 | 13380 | case rsa_kea: |
Vanger | 0:b86d15c6ba29 | 13381 | { |
Vanger | 0:b86d15c6ba29 | 13382 | word32 idx = 0; |
Vanger | 0:b86d15c6ba29 | 13383 | RsaKey key; |
Vanger | 0:b86d15c6ba29 | 13384 | byte doUserRsa = 0; |
Vanger | 0:b86d15c6ba29 | 13385 | |
Vanger | 0:b86d15c6ba29 | 13386 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13387 | if (ssl->ctx->RsaDecCb) |
Vanger | 0:b86d15c6ba29 | 13388 | doUserRsa = 1; |
Vanger | 0:b86d15c6ba29 | 13389 | #endif |
Vanger | 0:b86d15c6ba29 | 13390 | |
Vanger | 0:b86d15c6ba29 | 13391 | ret = InitRsaKey(&key, ssl->heap); |
Vanger | 0:b86d15c6ba29 | 13392 | if (ret != 0) return ret; |
Vanger | 0:b86d15c6ba29 | 13393 | |
Vanger | 0:b86d15c6ba29 | 13394 | if (ssl->buffers.key.buffer) |
Vanger | 0:b86d15c6ba29 | 13395 | ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, |
Vanger | 0:b86d15c6ba29 | 13396 | &key, ssl->buffers.key.length); |
Vanger | 0:b86d15c6ba29 | 13397 | else |
Vanger | 0:b86d15c6ba29 | 13398 | return NO_PRIVATE_KEY; |
Vanger | 0:b86d15c6ba29 | 13399 | |
Vanger | 0:b86d15c6ba29 | 13400 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 13401 | length = RsaEncryptSize(&key); |
Vanger | 0:b86d15c6ba29 | 13402 | ssl->arrays->preMasterSz = SECRET_LEN; |
Vanger | 0:b86d15c6ba29 | 13403 | |
Vanger | 0:b86d15c6ba29 | 13404 | if (ssl->options.tls) { |
Vanger | 0:b86d15c6ba29 | 13405 | word16 check; |
Vanger | 0:b86d15c6ba29 | 13406 | |
Vanger | 0:b86d15c6ba29 | 13407 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 13408 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13409 | |
Vanger | 0:b86d15c6ba29 | 13410 | ato16(input + *inOutIdx, &check); |
Vanger | 0:b86d15c6ba29 | 13411 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13412 | |
Vanger | 0:b86d15c6ba29 | 13413 | if ((word32) check != length) { |
Vanger | 0:b86d15c6ba29 | 13414 | CYASSL_MSG("RSA explicit size doesn't match"); |
Vanger | 0:b86d15c6ba29 | 13415 | FreeRsaKey(&key); |
Vanger | 0:b86d15c6ba29 | 13416 | return RSA_PRIVATE_ERROR; |
Vanger | 0:b86d15c6ba29 | 13417 | } |
Vanger | 0:b86d15c6ba29 | 13418 | } |
Vanger | 0:b86d15c6ba29 | 13419 | |
Vanger | 0:b86d15c6ba29 | 13420 | if ((*inOutIdx - begin) + length > size) { |
Vanger | 0:b86d15c6ba29 | 13421 | CYASSL_MSG("RSA message too big"); |
Vanger | 0:b86d15c6ba29 | 13422 | FreeRsaKey(&key); |
Vanger | 0:b86d15c6ba29 | 13423 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13424 | } |
Vanger | 0:b86d15c6ba29 | 13425 | |
Vanger | 0:b86d15c6ba29 | 13426 | if (doUserRsa) { |
Vanger | 0:b86d15c6ba29 | 13427 | #ifdef HAVE_PK_CALLBACKS |
Vanger | 0:b86d15c6ba29 | 13428 | ret = ssl->ctx->RsaDecCb(ssl, |
Vanger | 0:b86d15c6ba29 | 13429 | input + *inOutIdx, length, &out, |
Vanger | 0:b86d15c6ba29 | 13430 | ssl->buffers.key.buffer, |
Vanger | 0:b86d15c6ba29 | 13431 | ssl->buffers.key.length, |
Vanger | 0:b86d15c6ba29 | 13432 | ssl->RsaDecCtx); |
Vanger | 0:b86d15c6ba29 | 13433 | #endif |
Vanger | 0:b86d15c6ba29 | 13434 | } |
Vanger | 0:b86d15c6ba29 | 13435 | else { |
Vanger | 0:b86d15c6ba29 | 13436 | ret = RsaPrivateDecryptInline(input + *inOutIdx, length, |
Vanger | 0:b86d15c6ba29 | 13437 | &out, &key); |
Vanger | 0:b86d15c6ba29 | 13438 | } |
Vanger | 0:b86d15c6ba29 | 13439 | |
Vanger | 0:b86d15c6ba29 | 13440 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 13441 | |
Vanger | 0:b86d15c6ba29 | 13442 | if (ret == SECRET_LEN) { |
Vanger | 0:b86d15c6ba29 | 13443 | XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN); |
Vanger | 0:b86d15c6ba29 | 13444 | if (ssl->arrays->preMasterSecret[0] != |
Vanger | 0:b86d15c6ba29 | 13445 | ssl->chVersion.major |
Vanger | 0:b86d15c6ba29 | 13446 | || ssl->arrays->preMasterSecret[1] != |
Vanger | 0:b86d15c6ba29 | 13447 | ssl->chVersion.minor) |
Vanger | 0:b86d15c6ba29 | 13448 | ret = PMS_VERSION_ERROR; |
Vanger | 0:b86d15c6ba29 | 13449 | else |
Vanger | 0:b86d15c6ba29 | 13450 | ret = MakeMasterSecret(ssl); |
Vanger | 0:b86d15c6ba29 | 13451 | } |
Vanger | 0:b86d15c6ba29 | 13452 | else { |
Vanger | 0:b86d15c6ba29 | 13453 | ret = RSA_PRIVATE_ERROR; |
Vanger | 0:b86d15c6ba29 | 13454 | } |
Vanger | 0:b86d15c6ba29 | 13455 | } |
Vanger | 0:b86d15c6ba29 | 13456 | |
Vanger | 0:b86d15c6ba29 | 13457 | FreeRsaKey(&key); |
Vanger | 0:b86d15c6ba29 | 13458 | } |
Vanger | 0:b86d15c6ba29 | 13459 | break; |
Vanger | 0:b86d15c6ba29 | 13460 | #endif |
Vanger | 0:b86d15c6ba29 | 13461 | #ifndef NO_PSK |
Vanger | 0:b86d15c6ba29 | 13462 | case psk_kea: |
Vanger | 0:b86d15c6ba29 | 13463 | { |
Vanger | 0:b86d15c6ba29 | 13464 | byte* pms = ssl->arrays->preMasterSecret; |
Vanger | 0:b86d15c6ba29 | 13465 | word16 ci_sz; |
Vanger | 0:b86d15c6ba29 | 13466 | |
Vanger | 0:b86d15c6ba29 | 13467 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 13468 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13469 | |
Vanger | 0:b86d15c6ba29 | 13470 | ato16(input + *inOutIdx, &ci_sz); |
Vanger | 0:b86d15c6ba29 | 13471 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13472 | |
Vanger | 0:b86d15c6ba29 | 13473 | if (ci_sz > MAX_PSK_ID_LEN) |
Vanger | 0:b86d15c6ba29 | 13474 | return CLIENT_ID_ERROR; |
Vanger | 0:b86d15c6ba29 | 13475 | |
Vanger | 0:b86d15c6ba29 | 13476 | if ((*inOutIdx - begin) + ci_sz > size) |
Vanger | 0:b86d15c6ba29 | 13477 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13478 | |
Vanger | 0:b86d15c6ba29 | 13479 | XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz); |
Vanger | 0:b86d15c6ba29 | 13480 | *inOutIdx += ci_sz; |
Vanger | 0:b86d15c6ba29 | 13481 | |
Vanger | 0:b86d15c6ba29 | 13482 | ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0; |
Vanger | 0:b86d15c6ba29 | 13483 | ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, |
Vanger | 0:b86d15c6ba29 | 13484 | ssl->arrays->client_identity, ssl->arrays->psk_key, |
Vanger | 0:b86d15c6ba29 | 13485 | MAX_PSK_KEY_LEN); |
Vanger | 0:b86d15c6ba29 | 13486 | |
Vanger | 0:b86d15c6ba29 | 13487 | if (ssl->arrays->psk_keySz == 0 || |
Vanger | 0:b86d15c6ba29 | 13488 | ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) |
Vanger | 0:b86d15c6ba29 | 13489 | return PSK_KEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 13490 | |
Vanger | 0:b86d15c6ba29 | 13491 | /* make psk pre master secret */ |
Vanger | 0:b86d15c6ba29 | 13492 | /* length of key + length 0s + length of key + key */ |
Vanger | 0:b86d15c6ba29 | 13493 | c16toa((word16) ssl->arrays->psk_keySz, pms); |
Vanger | 0:b86d15c6ba29 | 13494 | pms += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13495 | |
Vanger | 0:b86d15c6ba29 | 13496 | XMEMSET(pms, 0, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 13497 | pms += ssl->arrays->psk_keySz; |
Vanger | 0:b86d15c6ba29 | 13498 | |
Vanger | 0:b86d15c6ba29 | 13499 | c16toa((word16) ssl->arrays->psk_keySz, pms); |
Vanger | 0:b86d15c6ba29 | 13500 | pms += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13501 | |
Vanger | 0:b86d15c6ba29 | 13502 | XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 13503 | ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; |
Vanger | 0:b86d15c6ba29 | 13504 | |
Vanger | 0:b86d15c6ba29 | 13505 | ret = MakeMasterSecret(ssl); |
Vanger | 0:b86d15c6ba29 | 13506 | |
Vanger | 0:b86d15c6ba29 | 13507 | /* No further need for PSK */ |
Vanger | 0:b86d15c6ba29 | 13508 | XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 13509 | ssl->arrays->psk_keySz = 0; |
Vanger | 0:b86d15c6ba29 | 13510 | } |
Vanger | 0:b86d15c6ba29 | 13511 | break; |
Vanger | 0:b86d15c6ba29 | 13512 | #endif /* NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 13513 | #ifdef HAVE_NTRU |
Vanger | 0:b86d15c6ba29 | 13514 | case ntru_kea: |
Vanger | 0:b86d15c6ba29 | 13515 | { |
Vanger | 0:b86d15c6ba29 | 13516 | word16 cipherLen; |
Vanger | 0:b86d15c6ba29 | 13517 | word16 plainLen = sizeof(ssl->arrays->preMasterSecret); |
Vanger | 0:b86d15c6ba29 | 13518 | |
Vanger | 0:b86d15c6ba29 | 13519 | if (!ssl->buffers.key.buffer) |
Vanger | 0:b86d15c6ba29 | 13520 | return NO_PRIVATE_KEY; |
Vanger | 0:b86d15c6ba29 | 13521 | |
Vanger | 0:b86d15c6ba29 | 13522 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 13523 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13524 | |
Vanger | 0:b86d15c6ba29 | 13525 | ato16(input + *inOutIdx, &cipherLen); |
Vanger | 0:b86d15c6ba29 | 13526 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13527 | |
Vanger | 0:b86d15c6ba29 | 13528 | if (cipherLen > MAX_NTRU_ENCRYPT_SZ) |
Vanger | 0:b86d15c6ba29 | 13529 | return NTRU_KEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 13530 | |
Vanger | 0:b86d15c6ba29 | 13531 | if ((*inOutIdx - begin) + cipherLen > size) |
Vanger | 0:b86d15c6ba29 | 13532 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13533 | |
Vanger | 0:b86d15c6ba29 | 13534 | if (NTRU_OK != ntru_crypto_ntru_decrypt( |
Vanger | 0:b86d15c6ba29 | 13535 | (word16) ssl->buffers.key.length, |
Vanger | 0:b86d15c6ba29 | 13536 | ssl->buffers.key.buffer, cipherLen, |
Vanger | 0:b86d15c6ba29 | 13537 | input + *inOutIdx, &plainLen, |
Vanger | 0:b86d15c6ba29 | 13538 | ssl->arrays->preMasterSecret)) |
Vanger | 0:b86d15c6ba29 | 13539 | return NTRU_DECRYPT_ERROR; |
Vanger | 0:b86d15c6ba29 | 13540 | |
Vanger | 0:b86d15c6ba29 | 13541 | if (plainLen != SECRET_LEN) |
Vanger | 0:b86d15c6ba29 | 13542 | return NTRU_DECRYPT_ERROR; |
Vanger | 0:b86d15c6ba29 | 13543 | |
Vanger | 0:b86d15c6ba29 | 13544 | *inOutIdx += cipherLen; |
Vanger | 0:b86d15c6ba29 | 13545 | |
Vanger | 0:b86d15c6ba29 | 13546 | ssl->arrays->preMasterSz = plainLen; |
Vanger | 0:b86d15c6ba29 | 13547 | ret = MakeMasterSecret(ssl); |
Vanger | 0:b86d15c6ba29 | 13548 | } |
Vanger | 0:b86d15c6ba29 | 13549 | break; |
Vanger | 0:b86d15c6ba29 | 13550 | #endif /* HAVE_NTRU */ |
Vanger | 0:b86d15c6ba29 | 13551 | #ifdef HAVE_ECC |
Vanger | 0:b86d15c6ba29 | 13552 | case ecc_diffie_hellman_kea: |
Vanger | 0:b86d15c6ba29 | 13553 | { |
Vanger | 0:b86d15c6ba29 | 13554 | if ((*inOutIdx - begin) + OPAQUE8_LEN > size) |
Vanger | 0:b86d15c6ba29 | 13555 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13556 | |
Vanger | 0:b86d15c6ba29 | 13557 | length = input[(*inOutIdx)++]; |
Vanger | 0:b86d15c6ba29 | 13558 | |
Vanger | 0:b86d15c6ba29 | 13559 | if ((*inOutIdx - begin) + length > size) |
Vanger | 0:b86d15c6ba29 | 13560 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13561 | |
Vanger | 0:b86d15c6ba29 | 13562 | if (ssl->peerEccKeyPresent) { /* don't leak on reuse */ |
Vanger | 0:b86d15c6ba29 | 13563 | ecc_free(ssl->peerEccKey); |
Vanger | 0:b86d15c6ba29 | 13564 | ssl->peerEccKeyPresent = 0; |
Vanger | 0:b86d15c6ba29 | 13565 | ecc_init(ssl->peerEccKey); |
Vanger | 0:b86d15c6ba29 | 13566 | } |
Vanger | 0:b86d15c6ba29 | 13567 | |
Vanger | 0:b86d15c6ba29 | 13568 | if (ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey)) |
Vanger | 0:b86d15c6ba29 | 13569 | return ECC_PEERKEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 13570 | |
Vanger | 0:b86d15c6ba29 | 13571 | *inOutIdx += length; |
Vanger | 0:b86d15c6ba29 | 13572 | ssl->peerEccKeyPresent = 1; |
Vanger | 0:b86d15c6ba29 | 13573 | |
Vanger | 0:b86d15c6ba29 | 13574 | length = sizeof(ssl->arrays->preMasterSecret); |
Vanger | 0:b86d15c6ba29 | 13575 | |
Vanger | 0:b86d15c6ba29 | 13576 | if (ssl->specs.static_ecdh) { |
Vanger | 0:b86d15c6ba29 | 13577 | ecc_key staticKey; |
Vanger | 0:b86d15c6ba29 | 13578 | word32 i = 0; |
Vanger | 0:b86d15c6ba29 | 13579 | |
Vanger | 0:b86d15c6ba29 | 13580 | ecc_init(&staticKey); |
Vanger | 0:b86d15c6ba29 | 13581 | ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, |
Vanger | 0:b86d15c6ba29 | 13582 | &staticKey, ssl->buffers.key.length); |
Vanger | 0:b86d15c6ba29 | 13583 | |
Vanger | 0:b86d15c6ba29 | 13584 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 13585 | ret = ecc_shared_secret(&staticKey, ssl->peerEccKey, |
Vanger | 0:b86d15c6ba29 | 13586 | ssl->arrays->preMasterSecret, &length); |
Vanger | 0:b86d15c6ba29 | 13587 | |
Vanger | 0:b86d15c6ba29 | 13588 | ecc_free(&staticKey); |
Vanger | 0:b86d15c6ba29 | 13589 | } |
Vanger | 0:b86d15c6ba29 | 13590 | else { |
Vanger | 0:b86d15c6ba29 | 13591 | if (ssl->eccTempKeyPresent == 0) { |
Vanger | 0:b86d15c6ba29 | 13592 | CYASSL_MSG("Ecc ephemeral key not made correctly"); |
Vanger | 0:b86d15c6ba29 | 13593 | ret = ECC_MAKEKEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 13594 | } else { |
Vanger | 0:b86d15c6ba29 | 13595 | ret = ecc_shared_secret(ssl->eccTempKey,ssl->peerEccKey, |
Vanger | 0:b86d15c6ba29 | 13596 | ssl->arrays->preMasterSecret, &length); |
Vanger | 0:b86d15c6ba29 | 13597 | } |
Vanger | 0:b86d15c6ba29 | 13598 | } |
Vanger | 0:b86d15c6ba29 | 13599 | |
Vanger | 0:b86d15c6ba29 | 13600 | if (ret != 0) |
Vanger | 0:b86d15c6ba29 | 13601 | return ECC_SHARED_ERROR; |
Vanger | 0:b86d15c6ba29 | 13602 | |
Vanger | 0:b86d15c6ba29 | 13603 | ssl->arrays->preMasterSz = length; |
Vanger | 0:b86d15c6ba29 | 13604 | ret = MakeMasterSecret(ssl); |
Vanger | 0:b86d15c6ba29 | 13605 | } |
Vanger | 0:b86d15c6ba29 | 13606 | break; |
Vanger | 0:b86d15c6ba29 | 13607 | #endif /* HAVE_ECC */ |
Vanger | 0:b86d15c6ba29 | 13608 | #ifndef NO_DH |
Vanger | 0:b86d15c6ba29 | 13609 | case diffie_hellman_kea: |
Vanger | 0:b86d15c6ba29 | 13610 | { |
Vanger | 0:b86d15c6ba29 | 13611 | word16 clientPubSz; |
Vanger | 0:b86d15c6ba29 | 13612 | DhKey dhKey; |
Vanger | 0:b86d15c6ba29 | 13613 | |
Vanger | 0:b86d15c6ba29 | 13614 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 13615 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13616 | |
Vanger | 0:b86d15c6ba29 | 13617 | ato16(input + *inOutIdx, &clientPubSz); |
Vanger | 0:b86d15c6ba29 | 13618 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13619 | |
Vanger | 0:b86d15c6ba29 | 13620 | if ((*inOutIdx - begin) + clientPubSz > size) |
Vanger | 0:b86d15c6ba29 | 13621 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13622 | |
Vanger | 0:b86d15c6ba29 | 13623 | InitDhKey(&dhKey); |
Vanger | 0:b86d15c6ba29 | 13624 | ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, |
Vanger | 0:b86d15c6ba29 | 13625 | ssl->buffers.serverDH_P.length, |
Vanger | 0:b86d15c6ba29 | 13626 | ssl->buffers.serverDH_G.buffer, |
Vanger | 0:b86d15c6ba29 | 13627 | ssl->buffers.serverDH_G.length); |
Vanger | 0:b86d15c6ba29 | 13628 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 13629 | ret = DhAgree(&dhKey, ssl->arrays->preMasterSecret, |
Vanger | 0:b86d15c6ba29 | 13630 | &ssl->arrays->preMasterSz, |
Vanger | 0:b86d15c6ba29 | 13631 | ssl->buffers.serverDH_Priv.buffer, |
Vanger | 0:b86d15c6ba29 | 13632 | ssl->buffers.serverDH_Priv.length, |
Vanger | 0:b86d15c6ba29 | 13633 | input + *inOutIdx, clientPubSz); |
Vanger | 0:b86d15c6ba29 | 13634 | FreeDhKey(&dhKey); |
Vanger | 0:b86d15c6ba29 | 13635 | |
Vanger | 0:b86d15c6ba29 | 13636 | *inOutIdx += clientPubSz; |
Vanger | 0:b86d15c6ba29 | 13637 | |
Vanger | 0:b86d15c6ba29 | 13638 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 13639 | ret = MakeMasterSecret(ssl); |
Vanger | 0:b86d15c6ba29 | 13640 | } |
Vanger | 0:b86d15c6ba29 | 13641 | break; |
Vanger | 0:b86d15c6ba29 | 13642 | #endif /* NO_DH */ |
Vanger | 0:b86d15c6ba29 | 13643 | #if !defined(NO_DH) && !defined(NO_PSK) |
Vanger | 0:b86d15c6ba29 | 13644 | case dhe_psk_kea: |
Vanger | 0:b86d15c6ba29 | 13645 | { |
Vanger | 0:b86d15c6ba29 | 13646 | byte* pms = ssl->arrays->preMasterSecret; |
Vanger | 0:b86d15c6ba29 | 13647 | word16 clientSz; |
Vanger | 0:b86d15c6ba29 | 13648 | DhKey dhKey; |
Vanger | 0:b86d15c6ba29 | 13649 | |
Vanger | 0:b86d15c6ba29 | 13650 | /* Read in the PSK hint */ |
Vanger | 0:b86d15c6ba29 | 13651 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 13652 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13653 | |
Vanger | 0:b86d15c6ba29 | 13654 | ato16(input + *inOutIdx, &clientSz); |
Vanger | 0:b86d15c6ba29 | 13655 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13656 | if (clientSz > MAX_PSK_ID_LEN) |
Vanger | 0:b86d15c6ba29 | 13657 | return CLIENT_ID_ERROR; |
Vanger | 0:b86d15c6ba29 | 13658 | |
Vanger | 0:b86d15c6ba29 | 13659 | if ((*inOutIdx - begin) + clientSz > size) |
Vanger | 0:b86d15c6ba29 | 13660 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13661 | |
Vanger | 0:b86d15c6ba29 | 13662 | XMEMCPY(ssl->arrays->client_identity, |
Vanger | 0:b86d15c6ba29 | 13663 | input + *inOutIdx, clientSz); |
Vanger | 0:b86d15c6ba29 | 13664 | *inOutIdx += clientSz; |
Vanger | 0:b86d15c6ba29 | 13665 | ssl->arrays->client_identity[min(clientSz, MAX_PSK_ID_LEN-1)] = |
Vanger | 0:b86d15c6ba29 | 13666 | 0; |
Vanger | 0:b86d15c6ba29 | 13667 | |
Vanger | 0:b86d15c6ba29 | 13668 | /* Read in the DHE business */ |
Vanger | 0:b86d15c6ba29 | 13669 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
Vanger | 0:b86d15c6ba29 | 13670 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13671 | |
Vanger | 0:b86d15c6ba29 | 13672 | ato16(input + *inOutIdx, &clientSz); |
Vanger | 0:b86d15c6ba29 | 13673 | *inOutIdx += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13674 | |
Vanger | 0:b86d15c6ba29 | 13675 | if ((*inOutIdx - begin) + clientSz > size) |
Vanger | 0:b86d15c6ba29 | 13676 | return BUFFER_ERROR; |
Vanger | 0:b86d15c6ba29 | 13677 | |
Vanger | 0:b86d15c6ba29 | 13678 | InitDhKey(&dhKey); |
Vanger | 0:b86d15c6ba29 | 13679 | ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, |
Vanger | 0:b86d15c6ba29 | 13680 | ssl->buffers.serverDH_P.length, |
Vanger | 0:b86d15c6ba29 | 13681 | ssl->buffers.serverDH_G.buffer, |
Vanger | 0:b86d15c6ba29 | 13682 | ssl->buffers.serverDH_G.length); |
Vanger | 0:b86d15c6ba29 | 13683 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 13684 | ret = DhAgree(&dhKey, pms + OPAQUE16_LEN, |
Vanger | 0:b86d15c6ba29 | 13685 | &ssl->arrays->preMasterSz, |
Vanger | 0:b86d15c6ba29 | 13686 | ssl->buffers.serverDH_Priv.buffer, |
Vanger | 0:b86d15c6ba29 | 13687 | ssl->buffers.serverDH_Priv.length, |
Vanger | 0:b86d15c6ba29 | 13688 | input + *inOutIdx, clientSz); |
Vanger | 0:b86d15c6ba29 | 13689 | FreeDhKey(&dhKey); |
Vanger | 0:b86d15c6ba29 | 13690 | |
Vanger | 0:b86d15c6ba29 | 13691 | *inOutIdx += clientSz; |
Vanger | 0:b86d15c6ba29 | 13692 | c16toa((word16)ssl->arrays->preMasterSz, pms); |
Vanger | 0:b86d15c6ba29 | 13693 | ssl->arrays->preMasterSz += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13694 | pms += ssl->arrays->preMasterSz; |
Vanger | 0:b86d15c6ba29 | 13695 | |
Vanger | 0:b86d15c6ba29 | 13696 | /* Use the PSK hint to look up the PSK and add it to the |
Vanger | 0:b86d15c6ba29 | 13697 | * preMasterSecret here. */ |
Vanger | 0:b86d15c6ba29 | 13698 | ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, |
Vanger | 0:b86d15c6ba29 | 13699 | ssl->arrays->client_identity, ssl->arrays->psk_key, |
Vanger | 0:b86d15c6ba29 | 13700 | MAX_PSK_KEY_LEN); |
Vanger | 0:b86d15c6ba29 | 13701 | |
Vanger | 0:b86d15c6ba29 | 13702 | if (ssl->arrays->psk_keySz == 0 || |
Vanger | 0:b86d15c6ba29 | 13703 | ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) |
Vanger | 0:b86d15c6ba29 | 13704 | return PSK_KEY_ERROR; |
Vanger | 0:b86d15c6ba29 | 13705 | |
Vanger | 0:b86d15c6ba29 | 13706 | c16toa((word16) ssl->arrays->psk_keySz, pms); |
Vanger | 0:b86d15c6ba29 | 13707 | pms += OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13708 | |
Vanger | 0:b86d15c6ba29 | 13709 | XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 13710 | ssl->arrays->preMasterSz += |
Vanger | 0:b86d15c6ba29 | 13711 | ssl->arrays->psk_keySz + OPAQUE16_LEN; |
Vanger | 0:b86d15c6ba29 | 13712 | if (ret == 0) |
Vanger | 0:b86d15c6ba29 | 13713 | ret = MakeMasterSecret(ssl); |
Vanger | 0:b86d15c6ba29 | 13714 | |
Vanger | 0:b86d15c6ba29 | 13715 | /* No further need for PSK */ |
Vanger | 0:b86d15c6ba29 | 13716 | XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); |
Vanger | 0:b86d15c6ba29 | 13717 | ssl->arrays->psk_keySz = 0; |
Vanger | 0:b86d15c6ba29 | 13718 | } |
Vanger | 0:b86d15c6ba29 | 13719 | break; |
Vanger | 0:b86d15c6ba29 | 13720 | #endif /* !NO_DH && !NO_PSK */ |
Vanger | 0:b86d15c6ba29 | 13721 | default: |
Vanger | 0:b86d15c6ba29 | 13722 | { |
Vanger | 0:b86d15c6ba29 | 13723 | CYASSL_MSG("Bad kea type"); |
Vanger | 0:b86d15c6ba29 | 13724 | ret = BAD_KEA_TYPE_E; |
Vanger | 0:b86d15c6ba29 | 13725 | } |
Vanger | 0:b86d15c6ba29 | 13726 | break; |
Vanger | 0:b86d15c6ba29 | 13727 | } |
Vanger | 0:b86d15c6ba29 | 13728 | |
Vanger | 0:b86d15c6ba29 | 13729 | /* No further need for PMS */ |
Vanger | 0:b86d15c6ba29 | 13730 | XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz); |
Vanger | 0:b86d15c6ba29 | 13731 | ssl->arrays->preMasterSz = 0; |
Vanger | 0:b86d15c6ba29 | 13732 | |
Vanger | 0:b86d15c6ba29 | 13733 | if (ret == 0) { |
Vanger | 0:b86d15c6ba29 | 13734 | ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; |
Vanger | 0:b86d15c6ba29 | 13735 | #ifndef NO_CERTS |
Vanger | 0:b86d15c6ba29 | 13736 | if (ssl->options.verifyPeer) |
Vanger | 0:b86d15c6ba29 | 13737 | ret = BuildCertHashes(ssl, &ssl->certHashes); |
Vanger | 0:b86d15c6ba29 | 13738 | #endif |
Vanger | 0:b86d15c6ba29 | 13739 | } |
Vanger | 0:b86d15c6ba29 | 13740 | |
Vanger | 0:b86d15c6ba29 | 13741 | return ret; |
Vanger | 0:b86d15c6ba29 | 13742 | } |
Vanger | 0:b86d15c6ba29 | 13743 | |
Vanger | 0:b86d15c6ba29 | 13744 | #endif /* NO_CYASSL_SERVER */ |