Elijah P / CyaSSL

CyaSSL changed for NucleoF401RE board: implemented random and time functions for build. (Has trouble with wildcard domains like *.google.com, *.yahoo.com)

Fork of CyaSSL by wolf SSL

src/ssl.c@4:e505054279ed, 2015-01-14 (annotated)

Committer:
Vanger
Date:
Wed Jan 14 22:07:14 2015 +0000
Revision:
4:e505054279ed
Parent:
0:1239e9b70ca2 
Implemented some platform specific functions in the Cyassl library code: time functions, seed random functions, and also changed the settings.h file to define settings specific to the platform being used

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:1239e9b70ca2 1 /* ssl.c
wolfSSL 0:1239e9b70ca2 2 *
wolfSSL 0:1239e9b70ca2 3 * Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL 0:1239e9b70ca2 4 *
wolfSSL 0:1239e9b70ca2 5 * This file is part of CyaSSL.
wolfSSL 0:1239e9b70ca2 6 *
wolfSSL 0:1239e9b70ca2 7 * CyaSSL is free software; you can redistribute it and/or modify
wolfSSL 0:1239e9b70ca2 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:1239e9b70ca2 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:1239e9b70ca2 10 * (at your option) any later version.
wolfSSL 0:1239e9b70ca2 11 *
wolfSSL 0:1239e9b70ca2 12 * CyaSSL is distributed in the hope that it will be useful,
wolfSSL 0:1239e9b70ca2 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:1239e9b70ca2 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:1239e9b70ca2 15 * GNU General Public License for more details.
wolfSSL 0:1239e9b70ca2 16 *
wolfSSL 0:1239e9b70ca2 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:1239e9b70ca2 18 * along with this program; if not, write to the Free Software
wolfSSL 0:1239e9b70ca2 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:1239e9b70ca2 20 */
wolfSSL 0:1239e9b70ca2 21
wolfSSL 0:1239e9b70ca2 22 #ifdef HAVE_CONFIG_H
wolfSSL 0:1239e9b70ca2 23 #include <config.h>
wolfSSL 0:1239e9b70ca2 24 #endif
wolfSSL 0:1239e9b70ca2 25
wolfSSL 0:1239e9b70ca2 26 #include <cyassl/ctaocrypt/settings.h>
wolfSSL 0:1239e9b70ca2 27
wolfSSL 0:1239e9b70ca2 28 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 29 #include <errno.h>
wolfSSL 0:1239e9b70ca2 30 #endif
wolfSSL 0:1239e9b70ca2 31
wolfSSL 0:1239e9b70ca2 32
wolfSSL 0:1239e9b70ca2 33 #include <cyassl/ssl.h>
wolfSSL 0:1239e9b70ca2 34 #include <cyassl/internal.h>
wolfSSL 0:1239e9b70ca2 35 #include <cyassl/error-ssl.h>
wolfSSL 0:1239e9b70ca2 36 #include <cyassl/ctaocrypt/coding.h>
wolfSSL 0:1239e9b70ca2 37
wolfSSL 0:1239e9b70ca2 38 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 39 #include <cyassl/openssl/evp.h>
wolfSSL 0:1239e9b70ca2 40 #endif
wolfSSL 0:1239e9b70ca2 41
wolfSSL 0:1239e9b70ca2 42 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 43 /* openssl headers begin */
wolfSSL 0:1239e9b70ca2 44 #include <cyassl/openssl/hmac.h>
wolfSSL 0:1239e9b70ca2 45 #include <cyassl/openssl/crypto.h>
wolfSSL 0:1239e9b70ca2 46 #include <cyassl/openssl/des.h>
wolfSSL 0:1239e9b70ca2 47 #include <cyassl/openssl/bn.h>
wolfSSL 0:1239e9b70ca2 48 #include <cyassl/openssl/dh.h>
wolfSSL 0:1239e9b70ca2 49 #include <cyassl/openssl/rsa.h>
wolfSSL 0:1239e9b70ca2 50 #include <cyassl/openssl/pem.h>
wolfSSL 0:1239e9b70ca2 51 /* openssl headers end, cyassl internal headers next */
wolfSSL 0:1239e9b70ca2 52 #include <cyassl/ctaocrypt/hmac.h>
wolfSSL 0:1239e9b70ca2 53 #include <cyassl/ctaocrypt/random.h>
wolfSSL 0:1239e9b70ca2 54 #include <cyassl/ctaocrypt/des3.h>
wolfSSL 0:1239e9b70ca2 55 #include <cyassl/ctaocrypt/md4.h>
wolfSSL 0:1239e9b70ca2 56 #include <cyassl/ctaocrypt/md5.h>
wolfSSL 0:1239e9b70ca2 57 #include <cyassl/ctaocrypt/arc4.h>
wolfSSL 0:1239e9b70ca2 58 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 59 #include <cyassl/ctaocrypt/sha512.h>
wolfSSL 0:1239e9b70ca2 60 #endif
wolfSSL 0:1239e9b70ca2 61 #endif
wolfSSL 0:1239e9b70ca2 62
wolfSSL 0:1239e9b70ca2 63 #ifndef NO_FILESYSTEM
wolfSSL 0:1239e9b70ca2 64 #if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \
wolfSSL 0:1239e9b70ca2 65 && !defined(EBSNET)
wolfSSL 0:1239e9b70ca2 66 #include <dirent.h>
wolfSSL 0:1239e9b70ca2 67 #include <sys/stat.h>
wolfSSL 0:1239e9b70ca2 68 #endif
wolfSSL 0:1239e9b70ca2 69 #ifdef EBSNET
wolfSSL 0:1239e9b70ca2 70 #include "vfapi.h"
wolfSSL 0:1239e9b70ca2 71 #include "vfile.h"
wolfSSL 0:1239e9b70ca2 72 #endif
wolfSSL 0:1239e9b70ca2 73 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 74
wolfSSL 0:1239e9b70ca2 75 #ifndef TRUE
wolfSSL 0:1239e9b70ca2 76 #define TRUE 1
wolfSSL 0:1239e9b70ca2 77 #endif
wolfSSL 0:1239e9b70ca2 78 #ifndef FALSE
wolfSSL 0:1239e9b70ca2 79 #define FALSE 0
wolfSSL 0:1239e9b70ca2 80 #endif
wolfSSL 0:1239e9b70ca2 81
wolfSSL 0:1239e9b70ca2 82 #ifndef min
wolfSSL 0:1239e9b70ca2 83
wolfSSL 0:1239e9b70ca2 84 static INLINE word32 min(word32 a, word32 b)
wolfSSL 0:1239e9b70ca2 85 {
wolfSSL 0:1239e9b70ca2 86 return a > b ? b : a;
wolfSSL 0:1239e9b70ca2 87 }
wolfSSL 0:1239e9b70ca2 88
wolfSSL 0:1239e9b70ca2 89 #endif /* min */
wolfSSL 0:1239e9b70ca2 90
wolfSSL 0:1239e9b70ca2 91 #ifndef max
wolfSSL 0:1239e9b70ca2 92 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 93 static INLINE word32 max(word32 a, word32 b)
wolfSSL 0:1239e9b70ca2 94 {
wolfSSL 0:1239e9b70ca2 95 return a > b ? a : b;
wolfSSL 0:1239e9b70ca2 96 }
wolfSSL 0:1239e9b70ca2 97 #endif
wolfSSL 0:1239e9b70ca2 98 #endif /* min */
wolfSSL 0:1239e9b70ca2 99
wolfSSL 0:1239e9b70ca2 100
wolfSSL 0:1239e9b70ca2 101 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 102 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
wolfSSL 0:1239e9b70ca2 103 {
wolfSSL 0:1239e9b70ca2 104 unsigned int s2_len = (unsigned int)XSTRLEN(s2);
wolfSSL 0:1239e9b70ca2 105
wolfSSL 0:1239e9b70ca2 106 if (s2_len == 0)
wolfSSL 0:1239e9b70ca2 107 return (char*)s1;
wolfSSL 0:1239e9b70ca2 108
wolfSSL 0:1239e9b70ca2 109 while (n >= s2_len && s1[0]) {
wolfSSL 0:1239e9b70ca2 110 if (s1[0] == s2[0])
wolfSSL 0:1239e9b70ca2 111 if (XMEMCMP(s1, s2, s2_len) == 0)
wolfSSL 0:1239e9b70ca2 112 return (char*)s1;
wolfSSL 0:1239e9b70ca2 113 s1++;
wolfSSL 0:1239e9b70ca2 114 n--;
wolfSSL 0:1239e9b70ca2 115 }
wolfSSL 0:1239e9b70ca2 116
wolfSSL 0:1239e9b70ca2 117 return NULL;
wolfSSL 0:1239e9b70ca2 118 }
wolfSSL 0:1239e9b70ca2 119 #endif
wolfSSL 0:1239e9b70ca2 120
wolfSSL 0:1239e9b70ca2 121
wolfSSL 0:1239e9b70ca2 122 /* prevent multiple mutex initializations */
wolfSSL 0:1239e9b70ca2 123 static volatile int initRefCount = 0;
wolfSSL 0:1239e9b70ca2 124 static CyaSSL_Mutex count_mutex; /* init ref count mutex */
wolfSSL 0:1239e9b70ca2 125
wolfSSL 0:1239e9b70ca2 126
wolfSSL 0:1239e9b70ca2 127 CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD* method)
wolfSSL 0:1239e9b70ca2 128 {
wolfSSL 0:1239e9b70ca2 129 CYASSL_CTX* ctx = NULL;
wolfSSL 0:1239e9b70ca2 130
wolfSSL 0:1239e9b70ca2 131 CYASSL_ENTER("CYASSL_CTX_new");
wolfSSL 0:1239e9b70ca2 132
wolfSSL 0:1239e9b70ca2 133 if (initRefCount == 0)
wolfSSL 0:1239e9b70ca2 134 CyaSSL_Init(); /* user no longer forced to call Init themselves */
wolfSSL 0:1239e9b70ca2 135
wolfSSL 0:1239e9b70ca2 136 if (method == NULL)
wolfSSL 0:1239e9b70ca2 137 return ctx;
wolfSSL 0:1239e9b70ca2 138
wolfSSL 0:1239e9b70ca2 139 ctx = (CYASSL_CTX*) XMALLOC(sizeof(CYASSL_CTX), 0, DYNAMIC_TYPE_CTX);
wolfSSL 0:1239e9b70ca2 140 if (ctx) {
wolfSSL 0:1239e9b70ca2 141 if (InitSSL_Ctx(ctx, method) < 0) {
wolfSSL 0:1239e9b70ca2 142 CYASSL_MSG("Init CTX failed");
wolfSSL 0:1239e9b70ca2 143 CyaSSL_CTX_free(ctx);
wolfSSL 0:1239e9b70ca2 144 ctx = NULL;
wolfSSL 0:1239e9b70ca2 145 }
wolfSSL 0:1239e9b70ca2 146 }
wolfSSL 0:1239e9b70ca2 147 else {
wolfSSL 0:1239e9b70ca2 148 CYASSL_MSG("Alloc CTX failed, method freed");
wolfSSL 0:1239e9b70ca2 149 XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 150 }
wolfSSL 0:1239e9b70ca2 151
wolfSSL 0:1239e9b70ca2 152 CYASSL_LEAVE("CYASSL_CTX_new", 0);
wolfSSL 0:1239e9b70ca2 153 return ctx;
wolfSSL 0:1239e9b70ca2 154 }
wolfSSL 0:1239e9b70ca2 155
wolfSSL 0:1239e9b70ca2 156
wolfSSL 0:1239e9b70ca2 157 void CyaSSL_CTX_free(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 158 {
wolfSSL 0:1239e9b70ca2 159 CYASSL_ENTER("SSL_CTX_free");
wolfSSL 0:1239e9b70ca2 160 if (ctx)
wolfSSL 0:1239e9b70ca2 161 FreeSSL_Ctx(ctx);
wolfSSL 0:1239e9b70ca2 162 CYASSL_LEAVE("SSL_CTX_free", 0);
wolfSSL 0:1239e9b70ca2 163 }
wolfSSL 0:1239e9b70ca2 164
wolfSSL 0:1239e9b70ca2 165
wolfSSL 0:1239e9b70ca2 166 CYASSL* CyaSSL_new(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 167 {
wolfSSL 0:1239e9b70ca2 168 CYASSL* ssl = NULL;
wolfSSL 0:1239e9b70ca2 169 int ret = 0;
wolfSSL 0:1239e9b70ca2 170
wolfSSL 0:1239e9b70ca2 171 (void)ret;
wolfSSL 0:1239e9b70ca2 172 CYASSL_ENTER("SSL_new");
wolfSSL 0:1239e9b70ca2 173
wolfSSL 0:1239e9b70ca2 174 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 175 return ssl;
wolfSSL 0:1239e9b70ca2 176
wolfSSL 0:1239e9b70ca2 177 ssl = (CYASSL*) XMALLOC(sizeof(CYASSL), ctx->heap,DYNAMIC_TYPE_SSL);
wolfSSL 0:1239e9b70ca2 178 if (ssl)
wolfSSL 0:1239e9b70ca2 179 if ( (ret = InitSSL(ssl, ctx)) < 0) {
wolfSSL 0:1239e9b70ca2 180 FreeSSL(ssl);
wolfSSL 0:1239e9b70ca2 181 ssl = 0;
wolfSSL 0:1239e9b70ca2 182 }
wolfSSL 0:1239e9b70ca2 183
wolfSSL 0:1239e9b70ca2 184 CYASSL_LEAVE("SSL_new", ret);
wolfSSL 0:1239e9b70ca2 185 return ssl;
wolfSSL 0:1239e9b70ca2 186 }
wolfSSL 0:1239e9b70ca2 187
wolfSSL 0:1239e9b70ca2 188
wolfSSL 0:1239e9b70ca2 189 void CyaSSL_free(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 190 {
wolfSSL 0:1239e9b70ca2 191 CYASSL_ENTER("SSL_free");
wolfSSL 0:1239e9b70ca2 192 if (ssl)
wolfSSL 0:1239e9b70ca2 193 FreeSSL(ssl);
wolfSSL 0:1239e9b70ca2 194 CYASSL_LEAVE("SSL_free", 0);
wolfSSL 0:1239e9b70ca2 195 }
wolfSSL 0:1239e9b70ca2 196
wolfSSL 0:1239e9b70ca2 197
wolfSSL 0:1239e9b70ca2 198 int CyaSSL_set_fd(CYASSL* ssl, int fd)
wolfSSL 0:1239e9b70ca2 199 {
wolfSSL 0:1239e9b70ca2 200 CYASSL_ENTER("SSL_set_fd");
wolfSSL 0:1239e9b70ca2 201 ssl->rfd = fd; /* not used directly to allow IO callbacks */
wolfSSL 0:1239e9b70ca2 202 ssl->wfd = fd;
wolfSSL 0:1239e9b70ca2 203
wolfSSL 0:1239e9b70ca2 204 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 0:1239e9b70ca2 205 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 0:1239e9b70ca2 206
wolfSSL 0:1239e9b70ca2 207 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 208 if (ssl->options.dtls) {
wolfSSL 0:1239e9b70ca2 209 ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
wolfSSL 0:1239e9b70ca2 210 ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
wolfSSL 0:1239e9b70ca2 211 ssl->buffers.dtlsCtx.fd = fd;
wolfSSL 0:1239e9b70ca2 212 }
wolfSSL 0:1239e9b70ca2 213 #endif
wolfSSL 0:1239e9b70ca2 214
wolfSSL 0:1239e9b70ca2 215 CYASSL_LEAVE("SSL_set_fd", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 216 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 217 }
wolfSSL 0:1239e9b70ca2 218
wolfSSL 0:1239e9b70ca2 219
wolfSSL 0:1239e9b70ca2 220 int CyaSSL_get_fd(const CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 221 {
wolfSSL 0:1239e9b70ca2 222 CYASSL_ENTER("SSL_get_fd");
wolfSSL 0:1239e9b70ca2 223 CYASSL_LEAVE("SSL_get_fd", ssl->rfd);
wolfSSL 0:1239e9b70ca2 224 return ssl->rfd;
wolfSSL 0:1239e9b70ca2 225 }
wolfSSL 0:1239e9b70ca2 226
wolfSSL 0:1239e9b70ca2 227
wolfSSL 0:1239e9b70ca2 228 int CyaSSL_get_using_nonblock(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 229 {
wolfSSL 0:1239e9b70ca2 230 CYASSL_ENTER("CyaSSL_get_using_nonblock");
wolfSSL 0:1239e9b70ca2 231 CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock);
wolfSSL 0:1239e9b70ca2 232 return ssl->options.usingNonblock;
wolfSSL 0:1239e9b70ca2 233 }
wolfSSL 0:1239e9b70ca2 234
wolfSSL 0:1239e9b70ca2 235
wolfSSL 0:1239e9b70ca2 236 int CyaSSL_dtls(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 237 {
wolfSSL 0:1239e9b70ca2 238 return ssl->options.dtls;
wolfSSL 0:1239e9b70ca2 239 }
wolfSSL 0:1239e9b70ca2 240
wolfSSL 0:1239e9b70ca2 241
wolfSSL 0:1239e9b70ca2 242 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 243 void CyaSSL_set_using_nonblock(CYASSL* ssl, int nonblock)
wolfSSL 0:1239e9b70ca2 244 {
wolfSSL 0:1239e9b70ca2 245 CYASSL_ENTER("CyaSSL_set_using_nonblock");
wolfSSL 0:1239e9b70ca2 246 ssl->options.usingNonblock = (nonblock != 0);
wolfSSL 0:1239e9b70ca2 247 }
wolfSSL 0:1239e9b70ca2 248
wolfSSL 0:1239e9b70ca2 249
wolfSSL 0:1239e9b70ca2 250 int CyaSSL_dtls_set_peer(CYASSL* ssl, void* peer, unsigned int peerSz)
wolfSSL 0:1239e9b70ca2 251 {
wolfSSL 0:1239e9b70ca2 252 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 253 void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL 0:1239e9b70ca2 254 if (sa != NULL) {
wolfSSL 0:1239e9b70ca2 255 XMEMCPY(sa, peer, peerSz);
wolfSSL 0:1239e9b70ca2 256 ssl->buffers.dtlsCtx.peer.sa = sa;
wolfSSL 0:1239e9b70ca2 257 ssl->buffers.dtlsCtx.peer.sz = peerSz;
wolfSSL 0:1239e9b70ca2 258 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 259 }
wolfSSL 0:1239e9b70ca2 260 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 261 #else
wolfSSL 0:1239e9b70ca2 262 (void)ssl;
wolfSSL 0:1239e9b70ca2 263 (void)peer;
wolfSSL 0:1239e9b70ca2 264 (void)peerSz;
wolfSSL 0:1239e9b70ca2 265 return SSL_NOT_IMPLEMENTED;
wolfSSL 0:1239e9b70ca2 266 #endif
wolfSSL 0:1239e9b70ca2 267 }
wolfSSL 0:1239e9b70ca2 268
wolfSSL 0:1239e9b70ca2 269 int CyaSSL_dtls_get_peer(CYASSL* ssl, void* peer, unsigned int* peerSz)
wolfSSL 0:1239e9b70ca2 270 {
wolfSSL 0:1239e9b70ca2 271 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 272 if (peer != NULL && peerSz != NULL
wolfSSL 0:1239e9b70ca2 273 && *peerSz >= ssl->buffers.dtlsCtx.peer.sz) {
wolfSSL 0:1239e9b70ca2 274 *peerSz = ssl->buffers.dtlsCtx.peer.sz;
wolfSSL 0:1239e9b70ca2 275 XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
wolfSSL 0:1239e9b70ca2 276 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 277 }
wolfSSL 0:1239e9b70ca2 278 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 279 #else
wolfSSL 0:1239e9b70ca2 280 (void)ssl;
wolfSSL 0:1239e9b70ca2 281 (void)peer;
wolfSSL 0:1239e9b70ca2 282 (void)peerSz;
wolfSSL 0:1239e9b70ca2 283 return SSL_NOT_IMPLEMENTED;
wolfSSL 0:1239e9b70ca2 284 #endif
wolfSSL 0:1239e9b70ca2 285 }
wolfSSL 0:1239e9b70ca2 286 #endif /* CYASSL_LEANPSK */
wolfSSL 0:1239e9b70ca2 287
wolfSSL 0:1239e9b70ca2 288
wolfSSL 0:1239e9b70ca2 289 /* return underlyig connect or accept, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 290 int CyaSSL_negotiate(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 291 {
wolfSSL 0:1239e9b70ca2 292 int err = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 293
wolfSSL 0:1239e9b70ca2 294 CYASSL_ENTER("CyaSSL_negotiate");
wolfSSL 0:1239e9b70ca2 295 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 296 if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 297 err = CyaSSL_accept(ssl);
wolfSSL 0:1239e9b70ca2 298 #endif
wolfSSL 0:1239e9b70ca2 299
wolfSSL 0:1239e9b70ca2 300 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 301 if (ssl->options.side == CYASSL_CLIENT_END)
wolfSSL 0:1239e9b70ca2 302 err = CyaSSL_connect(ssl);
wolfSSL 0:1239e9b70ca2 303 #endif
wolfSSL 0:1239e9b70ca2 304
wolfSSL 0:1239e9b70ca2 305 CYASSL_LEAVE("CyaSSL_negotiate", err);
wolfSSL 0:1239e9b70ca2 306
wolfSSL 0:1239e9b70ca2 307 return err;
wolfSSL 0:1239e9b70ca2 308 }
wolfSSL 0:1239e9b70ca2 309
wolfSSL 0:1239e9b70ca2 310
wolfSSL 0:1239e9b70ca2 311 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 312 /* object size based on build */
wolfSSL 0:1239e9b70ca2 313 int CyaSSL_GetObjectSize(void)
wolfSSL 0:1239e9b70ca2 314 {
wolfSSL 0:1239e9b70ca2 315 #ifdef SHOW_SIZES
wolfSSL 0:1239e9b70ca2 316 printf("sizeof suites = %lu\n", sizeof(Suites));
wolfSSL 0:1239e9b70ca2 317 printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
wolfSSL 0:1239e9b70ca2 318 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 319 printf(" sizeof arc4 = %lu\n", sizeof(Arc4));
wolfSSL 0:1239e9b70ca2 320 #endif
wolfSSL 0:1239e9b70ca2 321 printf(" sizeof aes = %lu\n", sizeof(Aes));
wolfSSL 0:1239e9b70ca2 322 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 323 printf(" sizeof des3 = %lu\n", sizeof(Des3));
wolfSSL 0:1239e9b70ca2 324 #endif
wolfSSL 0:1239e9b70ca2 325 #ifndef NO_RABBIT
wolfSSL 0:1239e9b70ca2 326 printf(" sizeof rabbit = %lu\n", sizeof(Rabbit));
wolfSSL 0:1239e9b70ca2 327 #endif
wolfSSL 0:1239e9b70ca2 328 printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
wolfSSL 0:1239e9b70ca2 329 printf("sizeof keys = %lu\n", sizeof(Keys));
wolfSSL 0:1239e9b70ca2 330 printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
wolfSSL 0:1239e9b70ca2 331 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 332 printf(" sizeof MD5 = %lu\n", sizeof(Md5));
wolfSSL 0:1239e9b70ca2 333 #endif
wolfSSL 0:1239e9b70ca2 334 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 335 printf(" sizeof SHA = %lu\n", sizeof(Sha));
wolfSSL 0:1239e9b70ca2 336 #endif
wolfSSL 0:1239e9b70ca2 337 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 338 printf(" sizeof SHA256 = %lu\n", sizeof(Sha256));
wolfSSL 0:1239e9b70ca2 339 #endif
wolfSSL 0:1239e9b70ca2 340 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 341 printf(" sizeof SHA384 = %lu\n", sizeof(Sha384));
wolfSSL 0:1239e9b70ca2 342 #endif
wolfSSL 0:1239e9b70ca2 343 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 344 printf(" sizeof SHA512 = %lu\n", sizeof(Sha512));
wolfSSL 0:1239e9b70ca2 345 #endif
wolfSSL 0:1239e9b70ca2 346 printf("sizeof Buffers = %lu\n", sizeof(Buffers));
wolfSSL 0:1239e9b70ca2 347 printf("sizeof Options = %lu\n", sizeof(Options));
wolfSSL 0:1239e9b70ca2 348 printf("sizeof Arrays = %lu\n", sizeof(Arrays));
wolfSSL 0:1239e9b70ca2 349 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 350 printf("sizeof RsaKey = %lu\n", sizeof(RsaKey));
wolfSSL 0:1239e9b70ca2 351 #endif
wolfSSL 0:1239e9b70ca2 352 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 353 printf("sizeof ecc_key = %lu\n", sizeof(ecc_key));
wolfSSL 0:1239e9b70ca2 354 #endif
wolfSSL 0:1239e9b70ca2 355 printf("sizeof CYASSL_CIPHER = %lu\n", sizeof(CYASSL_CIPHER));
wolfSSL 0:1239e9b70ca2 356 printf("sizeof CYASSL_SESSION = %lu\n", sizeof(CYASSL_SESSION));
wolfSSL 0:1239e9b70ca2 357 printf("sizeof CYASSL = %lu\n", sizeof(CYASSL));
wolfSSL 0:1239e9b70ca2 358 printf("sizeof CYASSL_CTX = %lu\n", sizeof(CYASSL_CTX));
wolfSSL 0:1239e9b70ca2 359 #endif
wolfSSL 0:1239e9b70ca2 360
wolfSSL 0:1239e9b70ca2 361 return sizeof(CYASSL);
wolfSSL 0:1239e9b70ca2 362 }
wolfSSL 0:1239e9b70ca2 363 #endif
wolfSSL 0:1239e9b70ca2 364
wolfSSL 0:1239e9b70ca2 365 /* XXX should be NO_DH */
wolfSSL 0:1239e9b70ca2 366 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 367 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 368 int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
wolfSSL 0:1239e9b70ca2 369 const unsigned char* g, int gSz)
wolfSSL 0:1239e9b70ca2 370 {
wolfSSL 0:1239e9b70ca2 371 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 372 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 373
wolfSSL 0:1239e9b70ca2 374 CYASSL_ENTER("CyaSSL_SetTmpDH");
wolfSSL 0:1239e9b70ca2 375 if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 376
wolfSSL 0:1239e9b70ca2 377 if (ssl->options.side != CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 378 return SIDE_ERROR;
wolfSSL 0:1239e9b70ca2 379
wolfSSL 0:1239e9b70ca2 380 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH)
wolfSSL 0:1239e9b70ca2 381 XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 382 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH)
wolfSSL 0:1239e9b70ca2 383 XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 384
wolfSSL 0:1239e9b70ca2 385 ssl->buffers.weOwnDH = 1; /* SSL owns now */
wolfSSL 0:1239e9b70ca2 386 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap,
wolfSSL 0:1239e9b70ca2 387 DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 388 if (ssl->buffers.serverDH_P.buffer == NULL)
wolfSSL 0:1239e9b70ca2 389 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 390
wolfSSL 0:1239e9b70ca2 391 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap,
wolfSSL 0:1239e9b70ca2 392 DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 393 if (ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL 0:1239e9b70ca2 394 XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 395 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 396 }
wolfSSL 0:1239e9b70ca2 397
wolfSSL 0:1239e9b70ca2 398 ssl->buffers.serverDH_P.length = pSz;
wolfSSL 0:1239e9b70ca2 399 ssl->buffers.serverDH_G.length = gSz;
wolfSSL 0:1239e9b70ca2 400
wolfSSL 0:1239e9b70ca2 401 XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
wolfSSL 0:1239e9b70ca2 402 XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
wolfSSL 0:1239e9b70ca2 403
wolfSSL 0:1239e9b70ca2 404 ssl->options.haveDH = 1;
wolfSSL 0:1239e9b70ca2 405 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 406 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 407 #endif
wolfSSL 0:1239e9b70ca2 408 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 409 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 410 #endif
wolfSSL 0:1239e9b70ca2 411 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 0:1239e9b70ca2 412 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 0:1239e9b70ca2 413 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 0:1239e9b70ca2 414
wolfSSL 0:1239e9b70ca2 415 CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
wolfSSL 0:1239e9b70ca2 416 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 417 }
wolfSSL 0:1239e9b70ca2 418 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 419
wolfSSL 0:1239e9b70ca2 420
wolfSSL 0:1239e9b70ca2 421 int CyaSSL_write(CYASSL* ssl, const void* data, int sz)
wolfSSL 0:1239e9b70ca2 422 {
wolfSSL 0:1239e9b70ca2 423 int ret;
wolfSSL 0:1239e9b70ca2 424
wolfSSL 0:1239e9b70ca2 425 CYASSL_ENTER("SSL_write()");
wolfSSL 0:1239e9b70ca2 426
wolfSSL 0:1239e9b70ca2 427 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:1239e9b70ca2 428 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 429
wolfSSL 0:1239e9b70ca2 430 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 431 errno = 0;
wolfSSL 0:1239e9b70ca2 432 #endif
wolfSSL 0:1239e9b70ca2 433
wolfSSL 0:1239e9b70ca2 434 ret = SendData(ssl, data, sz);
wolfSSL 0:1239e9b70ca2 435
wolfSSL 0:1239e9b70ca2 436 CYASSL_LEAVE("SSL_write()", ret);
wolfSSL 0:1239e9b70ca2 437
wolfSSL 0:1239e9b70ca2 438 if (ret < 0)
wolfSSL 0:1239e9b70ca2 439 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 440 else
wolfSSL 0:1239e9b70ca2 441 return ret;
wolfSSL 0:1239e9b70ca2 442 }
wolfSSL 0:1239e9b70ca2 443
wolfSSL 0:1239e9b70ca2 444
wolfSSL 0:1239e9b70ca2 445 static int CyaSSL_read_internal(CYASSL* ssl, void* data, int sz, int peek)
wolfSSL 0:1239e9b70ca2 446 {
wolfSSL 0:1239e9b70ca2 447 int ret;
wolfSSL 0:1239e9b70ca2 448
wolfSSL 0:1239e9b70ca2 449 CYASSL_ENTER("CyaSSL_read_internal()");
wolfSSL 0:1239e9b70ca2 450
wolfSSL 0:1239e9b70ca2 451 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:1239e9b70ca2 452 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 453
wolfSSL 0:1239e9b70ca2 454 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 455 errno = 0;
wolfSSL 0:1239e9b70ca2 456 #endif
wolfSSL 0:1239e9b70ca2 457 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 458 if (ssl->options.dtls)
wolfSSL 0:1239e9b70ca2 459 ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
wolfSSL 0:1239e9b70ca2 460 #endif
wolfSSL 0:1239e9b70ca2 461
wolfSSL 0:1239e9b70ca2 462 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 0:1239e9b70ca2 463 ret = ReceiveData(ssl, (byte*)data,
wolfSSL 0:1239e9b70ca2 464 min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)), peek);
wolfSSL 0:1239e9b70ca2 465 #else
wolfSSL 0:1239e9b70ca2 466 ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
wolfSSL 0:1239e9b70ca2 467 #endif
wolfSSL 0:1239e9b70ca2 468
wolfSSL 0:1239e9b70ca2 469 CYASSL_LEAVE("CyaSSL_read_internal()", ret);
wolfSSL 0:1239e9b70ca2 470
wolfSSL 0:1239e9b70ca2 471 if (ret < 0)
wolfSSL 0:1239e9b70ca2 472 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 473 else
wolfSSL 0:1239e9b70ca2 474 return ret;
wolfSSL 0:1239e9b70ca2 475 }
wolfSSL 0:1239e9b70ca2 476
wolfSSL 0:1239e9b70ca2 477
wolfSSL 0:1239e9b70ca2 478 int CyaSSL_peek(CYASSL* ssl, void* data, int sz)
wolfSSL 0:1239e9b70ca2 479 {
wolfSSL 0:1239e9b70ca2 480 CYASSL_ENTER("CyaSSL_peek()");
wolfSSL 0:1239e9b70ca2 481
wolfSSL 0:1239e9b70ca2 482 return CyaSSL_read_internal(ssl, data, sz, TRUE);
wolfSSL 0:1239e9b70ca2 483 }
wolfSSL 0:1239e9b70ca2 484
wolfSSL 0:1239e9b70ca2 485
wolfSSL 0:1239e9b70ca2 486 int CyaSSL_read(CYASSL* ssl, void* data, int sz)
wolfSSL 0:1239e9b70ca2 487 {
wolfSSL 0:1239e9b70ca2 488 CYASSL_ENTER("CyaSSL_read()");
wolfSSL 0:1239e9b70ca2 489
wolfSSL 0:1239e9b70ca2 490 return CyaSSL_read_internal(ssl, data, sz, FALSE);
wolfSSL 0:1239e9b70ca2 491 }
wolfSSL 0:1239e9b70ca2 492
wolfSSL 0:1239e9b70ca2 493
wolfSSL 0:1239e9b70ca2 494 #ifdef HAVE_CAVIUM
wolfSSL 0:1239e9b70ca2 495
wolfSSL 0:1239e9b70ca2 496 /* let's use cavium, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 497 int CyaSSL_UseCavium(CYASSL* ssl, int devId)
wolfSSL 0:1239e9b70ca2 498 {
wolfSSL 0:1239e9b70ca2 499 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 500 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 501
wolfSSL 0:1239e9b70ca2 502 ssl->devId = devId;
wolfSSL 0:1239e9b70ca2 503
wolfSSL 0:1239e9b70ca2 504 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 505 }
wolfSSL 0:1239e9b70ca2 506
wolfSSL 0:1239e9b70ca2 507
wolfSSL 0:1239e9b70ca2 508 /* let's use cavium, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 509 int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId)
wolfSSL 0:1239e9b70ca2 510 {
wolfSSL 0:1239e9b70ca2 511 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 512 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 513
wolfSSL 0:1239e9b70ca2 514 ctx->devId = devId;
wolfSSL 0:1239e9b70ca2 515
wolfSSL 0:1239e9b70ca2 516 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 517 }
wolfSSL 0:1239e9b70ca2 518
wolfSSL 0:1239e9b70ca2 519
wolfSSL 0:1239e9b70ca2 520 #endif /* HAVE_CAVIUM */
wolfSSL 0:1239e9b70ca2 521
wolfSSL 0:1239e9b70ca2 522 #ifdef HAVE_SNI
wolfSSL 0:1239e9b70ca2 523
wolfSSL 0:1239e9b70ca2 524 int CyaSSL_UseSNI(CYASSL* ssl, byte type, const void* data, word16 size)
wolfSSL 0:1239e9b70ca2 525 {
wolfSSL 0:1239e9b70ca2 526 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 527 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 528
wolfSSL 0:1239e9b70ca2 529 return TLSX_UseSNI(&ssl->extensions, type, data, size);
wolfSSL 0:1239e9b70ca2 530 }
wolfSSL 0:1239e9b70ca2 531
wolfSSL 0:1239e9b70ca2 532 int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, byte type, const void* data, word16 size)
wolfSSL 0:1239e9b70ca2 533 {
wolfSSL 0:1239e9b70ca2 534 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 535 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 536
wolfSSL 0:1239e9b70ca2 537 return TLSX_UseSNI(&ctx->extensions, type, data, size);
wolfSSL 0:1239e9b70ca2 538 }
wolfSSL 0:1239e9b70ca2 539
wolfSSL 0:1239e9b70ca2 540 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 541
wolfSSL 0:1239e9b70ca2 542 void CyaSSL_SNI_SetOptions(CYASSL* ssl, byte type, byte options)
wolfSSL 0:1239e9b70ca2 543 {
wolfSSL 0:1239e9b70ca2 544 if (ssl && ssl->extensions)
wolfSSL 0:1239e9b70ca2 545 TLSX_SNI_SetOptions(ssl->extensions, type, options);
wolfSSL 0:1239e9b70ca2 546 }
wolfSSL 0:1239e9b70ca2 547
wolfSSL 0:1239e9b70ca2 548 void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, byte type, byte options)
wolfSSL 0:1239e9b70ca2 549 {
wolfSSL 0:1239e9b70ca2 550 if (ctx && ctx->extensions)
wolfSSL 0:1239e9b70ca2 551 TLSX_SNI_SetOptions(ctx->extensions, type, options);
wolfSSL 0:1239e9b70ca2 552 }
wolfSSL 0:1239e9b70ca2 553
wolfSSL 0:1239e9b70ca2 554 byte CyaSSL_SNI_Status(CYASSL* ssl, byte type)
wolfSSL 0:1239e9b70ca2 555 {
wolfSSL 0:1239e9b70ca2 556 return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
wolfSSL 0:1239e9b70ca2 557 }
wolfSSL 0:1239e9b70ca2 558
wolfSSL 0:1239e9b70ca2 559 word16 CyaSSL_SNI_GetRequest(CYASSL* ssl, byte type, void** data)
wolfSSL 0:1239e9b70ca2 560 {
wolfSSL 0:1239e9b70ca2 561 if (data)
wolfSSL 0:1239e9b70ca2 562 *data = NULL;
wolfSSL 0:1239e9b70ca2 563
wolfSSL 0:1239e9b70ca2 564 if (ssl && ssl->extensions)
wolfSSL 0:1239e9b70ca2 565 return TLSX_SNI_GetRequest(ssl->extensions, type, data);
wolfSSL 0:1239e9b70ca2 566
wolfSSL 0:1239e9b70ca2 567 return 0;
wolfSSL 0:1239e9b70ca2 568 }
wolfSSL 0:1239e9b70ca2 569
wolfSSL 0:1239e9b70ca2 570 int CyaSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type,
wolfSSL 0:1239e9b70ca2 571 byte* sni, word32* inOutSz)
wolfSSL 0:1239e9b70ca2 572 {
wolfSSL 0:1239e9b70ca2 573 if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
wolfSSL 0:1239e9b70ca2 574 return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
wolfSSL 0:1239e9b70ca2 575
wolfSSL 0:1239e9b70ca2 576 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 577 }
wolfSSL 0:1239e9b70ca2 578
wolfSSL 0:1239e9b70ca2 579 #endif /* NO_CYASSL_SERVER */
wolfSSL 0:1239e9b70ca2 580
wolfSSL 0:1239e9b70ca2 581 #endif /* HAVE_SNI */
wolfSSL 0:1239e9b70ca2 582
wolfSSL 0:1239e9b70ca2 583
wolfSSL 0:1239e9b70ca2 584 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 0:1239e9b70ca2 585 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 586 int CyaSSL_UseMaxFragment(CYASSL* ssl, byte mfl)
wolfSSL 0:1239e9b70ca2 587 {
wolfSSL 0:1239e9b70ca2 588 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 589 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 590
wolfSSL 0:1239e9b70ca2 591 return TLSX_UseMaxFragment(&ssl->extensions, mfl);
wolfSSL 0:1239e9b70ca2 592 }
wolfSSL 0:1239e9b70ca2 593
wolfSSL 0:1239e9b70ca2 594 int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, byte mfl)
wolfSSL 0:1239e9b70ca2 595 {
wolfSSL 0:1239e9b70ca2 596 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 597 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 598
wolfSSL 0:1239e9b70ca2 599 return TLSX_UseMaxFragment(&ctx->extensions, mfl);
wolfSSL 0:1239e9b70ca2 600 }
wolfSSL 0:1239e9b70ca2 601 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 602 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 0:1239e9b70ca2 603
wolfSSL 0:1239e9b70ca2 604 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 0:1239e9b70ca2 605 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 606 int CyaSSL_UseTruncatedHMAC(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 607 {
wolfSSL 0:1239e9b70ca2 608 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 609 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 610
wolfSSL 0:1239e9b70ca2 611 return TLSX_UseTruncatedHMAC(&ssl->extensions);
wolfSSL 0:1239e9b70ca2 612 }
wolfSSL 0:1239e9b70ca2 613
wolfSSL 0:1239e9b70ca2 614 int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 615 {
wolfSSL 0:1239e9b70ca2 616 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 617 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 618
wolfSSL 0:1239e9b70ca2 619 return TLSX_UseTruncatedHMAC(&ctx->extensions);
wolfSSL 0:1239e9b70ca2 620 }
wolfSSL 0:1239e9b70ca2 621 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 622 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 0:1239e9b70ca2 623
wolfSSL 0:1239e9b70ca2 624 /* Elliptic Curves */
wolfSSL 0:1239e9b70ca2 625 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 0:1239e9b70ca2 626 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 627
wolfSSL 0:1239e9b70ca2 628 int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name)
wolfSSL 0:1239e9b70ca2 629 {
wolfSSL 0:1239e9b70ca2 630 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 631 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 632
wolfSSL 0:1239e9b70ca2 633 switch (name) {
wolfSSL 0:1239e9b70ca2 634 case CYASSL_ECC_SECP160R1:
wolfSSL 0:1239e9b70ca2 635 case CYASSL_ECC_SECP192R1:
wolfSSL 0:1239e9b70ca2 636 case CYASSL_ECC_SECP224R1:
wolfSSL 0:1239e9b70ca2 637 case CYASSL_ECC_SECP256R1:
wolfSSL 0:1239e9b70ca2 638 case CYASSL_ECC_SECP384R1:
wolfSSL 0:1239e9b70ca2 639 case CYASSL_ECC_SECP521R1:
wolfSSL 0:1239e9b70ca2 640 break;
wolfSSL 0:1239e9b70ca2 641
wolfSSL 0:1239e9b70ca2 642 default:
wolfSSL 0:1239e9b70ca2 643 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 644 }
wolfSSL 0:1239e9b70ca2 645
wolfSSL 0:1239e9b70ca2 646 return TLSX_UseSupportedCurve(&ssl->extensions, name);
wolfSSL 0:1239e9b70ca2 647 }
wolfSSL 0:1239e9b70ca2 648
wolfSSL 0:1239e9b70ca2 649 int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name)
wolfSSL 0:1239e9b70ca2 650 {
wolfSSL 0:1239e9b70ca2 651 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 652 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 653
wolfSSL 0:1239e9b70ca2 654 switch (name) {
wolfSSL 0:1239e9b70ca2 655 case CYASSL_ECC_SECP160R1:
wolfSSL 0:1239e9b70ca2 656 case CYASSL_ECC_SECP192R1:
wolfSSL 0:1239e9b70ca2 657 case CYASSL_ECC_SECP224R1:
wolfSSL 0:1239e9b70ca2 658 case CYASSL_ECC_SECP256R1:
wolfSSL 0:1239e9b70ca2 659 case CYASSL_ECC_SECP384R1:
wolfSSL 0:1239e9b70ca2 660 case CYASSL_ECC_SECP521R1:
wolfSSL 0:1239e9b70ca2 661 break;
wolfSSL 0:1239e9b70ca2 662
wolfSSL 0:1239e9b70ca2 663 default:
wolfSSL 0:1239e9b70ca2 664 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 665 }
wolfSSL 0:1239e9b70ca2 666
wolfSSL 0:1239e9b70ca2 667 return TLSX_UseSupportedCurve(&ctx->extensions, name);
wolfSSL 0:1239e9b70ca2 668 }
wolfSSL 0:1239e9b70ca2 669
wolfSSL 0:1239e9b70ca2 670 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 671 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 0:1239e9b70ca2 672
wolfSSL 0:1239e9b70ca2 673
wolfSSL 0:1239e9b70ca2 674 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 675 int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags)
wolfSSL 0:1239e9b70ca2 676 {
wolfSSL 0:1239e9b70ca2 677 int ret;
wolfSSL 0:1239e9b70ca2 678 int oldFlags;
wolfSSL 0:1239e9b70ca2 679
wolfSSL 0:1239e9b70ca2 680 CYASSL_ENTER("CyaSSL_send()");
wolfSSL 0:1239e9b70ca2 681
wolfSSL 0:1239e9b70ca2 682 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:1239e9b70ca2 683 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 684
wolfSSL 0:1239e9b70ca2 685 oldFlags = ssl->wflags;
wolfSSL 0:1239e9b70ca2 686
wolfSSL 0:1239e9b70ca2 687 ssl->wflags = flags;
wolfSSL 0:1239e9b70ca2 688 ret = CyaSSL_write(ssl, data, sz);
wolfSSL 0:1239e9b70ca2 689 ssl->wflags = oldFlags;
wolfSSL 0:1239e9b70ca2 690
wolfSSL 0:1239e9b70ca2 691 CYASSL_LEAVE("CyaSSL_send()", ret);
wolfSSL 0:1239e9b70ca2 692
wolfSSL 0:1239e9b70ca2 693 return ret;
wolfSSL 0:1239e9b70ca2 694 }
wolfSSL 0:1239e9b70ca2 695
wolfSSL 0:1239e9b70ca2 696
wolfSSL 0:1239e9b70ca2 697 int CyaSSL_recv(CYASSL* ssl, void* data, int sz, int flags)
wolfSSL 0:1239e9b70ca2 698 {
wolfSSL 0:1239e9b70ca2 699 int ret;
wolfSSL 0:1239e9b70ca2 700 int oldFlags;
wolfSSL 0:1239e9b70ca2 701
wolfSSL 0:1239e9b70ca2 702 CYASSL_ENTER("CyaSSL_recv()");
wolfSSL 0:1239e9b70ca2 703
wolfSSL 0:1239e9b70ca2 704 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:1239e9b70ca2 705 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 706
wolfSSL 0:1239e9b70ca2 707 oldFlags = ssl->rflags;
wolfSSL 0:1239e9b70ca2 708
wolfSSL 0:1239e9b70ca2 709 ssl->rflags = flags;
wolfSSL 0:1239e9b70ca2 710 ret = CyaSSL_read(ssl, data, sz);
wolfSSL 0:1239e9b70ca2 711 ssl->rflags = oldFlags;
wolfSSL 0:1239e9b70ca2 712
wolfSSL 0:1239e9b70ca2 713 CYASSL_LEAVE("CyaSSL_recv()", ret);
wolfSSL 0:1239e9b70ca2 714
wolfSSL 0:1239e9b70ca2 715 return ret;
wolfSSL 0:1239e9b70ca2 716 }
wolfSSL 0:1239e9b70ca2 717 #endif
wolfSSL 0:1239e9b70ca2 718
wolfSSL 0:1239e9b70ca2 719
wolfSSL 0:1239e9b70ca2 720 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 721 int CyaSSL_shutdown(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 722 {
wolfSSL 0:1239e9b70ca2 723 CYASSL_ENTER("SSL_shutdown()");
wolfSSL 0:1239e9b70ca2 724
wolfSSL 0:1239e9b70ca2 725 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 726 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 727
wolfSSL 0:1239e9b70ca2 728 if (ssl->options.quietShutdown) {
wolfSSL 0:1239e9b70ca2 729 CYASSL_MSG("quiet shutdown, no close notify sent");
wolfSSL 0:1239e9b70ca2 730 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 731 }
wolfSSL 0:1239e9b70ca2 732
wolfSSL 0:1239e9b70ca2 733 /* try to send close notify, not an error if can't */
wolfSSL 0:1239e9b70ca2 734 if (!ssl->options.isClosed && !ssl->options.connReset &&
wolfSSL 0:1239e9b70ca2 735 !ssl->options.sentNotify) {
wolfSSL 0:1239e9b70ca2 736 ssl->error = SendAlert(ssl, alert_warning, close_notify);
wolfSSL 0:1239e9b70ca2 737 if (ssl->error < 0) {
wolfSSL 0:1239e9b70ca2 738 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 739 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 740 }
wolfSSL 0:1239e9b70ca2 741 ssl->options.sentNotify = 1; /* don't send close_notify twice */
wolfSSL 0:1239e9b70ca2 742 }
wolfSSL 0:1239e9b70ca2 743
wolfSSL 0:1239e9b70ca2 744 CYASSL_LEAVE("SSL_shutdown()", ssl->error);
wolfSSL 0:1239e9b70ca2 745
wolfSSL 0:1239e9b70ca2 746 ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
wolfSSL 0:1239e9b70ca2 747
wolfSSL 0:1239e9b70ca2 748 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 749 }
wolfSSL 0:1239e9b70ca2 750
wolfSSL 0:1239e9b70ca2 751
wolfSSL 0:1239e9b70ca2 752 int CyaSSL_get_error(CYASSL* ssl, int ret)
wolfSSL 0:1239e9b70ca2 753 {
wolfSSL 0:1239e9b70ca2 754 CYASSL_ENTER("SSL_get_error");
wolfSSL 0:1239e9b70ca2 755
wolfSSL 0:1239e9b70ca2 756 if (ret > 0)
wolfSSL 0:1239e9b70ca2 757 return SSL_ERROR_NONE;
wolfSSL 0:1239e9b70ca2 758 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 759 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 760
wolfSSL 0:1239e9b70ca2 761 CYASSL_LEAVE("SSL_get_error", ssl->error);
wolfSSL 0:1239e9b70ca2 762
wolfSSL 0:1239e9b70ca2 763 /* make sure converted types are handled in SetErrorString() too */
wolfSSL 0:1239e9b70ca2 764 if (ssl->error == WANT_READ)
wolfSSL 0:1239e9b70ca2 765 return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */
wolfSSL 0:1239e9b70ca2 766 else if (ssl->error == WANT_WRITE)
wolfSSL 0:1239e9b70ca2 767 return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
wolfSSL 0:1239e9b70ca2 768 else if (ssl->error == ZERO_RETURN)
wolfSSL 0:1239e9b70ca2 769 return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
wolfSSL 0:1239e9b70ca2 770 return ssl->error;
wolfSSL 0:1239e9b70ca2 771 }
wolfSSL 0:1239e9b70ca2 772
wolfSSL 0:1239e9b70ca2 773
wolfSSL 0:1239e9b70ca2 774 /* retrive alert history, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 775 int CyaSSL_get_alert_history(CYASSL* ssl, CYASSL_ALERT_HISTORY *h)
wolfSSL 0:1239e9b70ca2 776 {
wolfSSL 0:1239e9b70ca2 777 if (ssl && h) {
wolfSSL 0:1239e9b70ca2 778 *h = ssl->alert_history;
wolfSSL 0:1239e9b70ca2 779 }
wolfSSL 0:1239e9b70ca2 780 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 781 }
wolfSSL 0:1239e9b70ca2 782
wolfSSL 0:1239e9b70ca2 783
wolfSSL 0:1239e9b70ca2 784 /* return TRUE if current error is want read */
wolfSSL 0:1239e9b70ca2 785 int CyaSSL_want_read(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 786 {
wolfSSL 0:1239e9b70ca2 787 CYASSL_ENTER("SSL_want_read");
wolfSSL 0:1239e9b70ca2 788 if (ssl->error == WANT_READ)
wolfSSL 0:1239e9b70ca2 789 return 1;
wolfSSL 0:1239e9b70ca2 790
wolfSSL 0:1239e9b70ca2 791 return 0;
wolfSSL 0:1239e9b70ca2 792 }
wolfSSL 0:1239e9b70ca2 793
wolfSSL 0:1239e9b70ca2 794
wolfSSL 0:1239e9b70ca2 795 /* return TRUE if current error is want write */
wolfSSL 0:1239e9b70ca2 796 int CyaSSL_want_write(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 797 {
wolfSSL 0:1239e9b70ca2 798 CYASSL_ENTER("SSL_want_write");
wolfSSL 0:1239e9b70ca2 799 if (ssl->error == WANT_WRITE)
wolfSSL 0:1239e9b70ca2 800 return 1;
wolfSSL 0:1239e9b70ca2 801
wolfSSL 0:1239e9b70ca2 802 return 0;
wolfSSL 0:1239e9b70ca2 803 }
wolfSSL 0:1239e9b70ca2 804
wolfSSL 0:1239e9b70ca2 805
wolfSSL 0:1239e9b70ca2 806 char* CyaSSL_ERR_error_string(unsigned long errNumber, char* data)
wolfSSL 0:1239e9b70ca2 807 {
wolfSSL 0:1239e9b70ca2 808 static const char* msg = "Please supply a buffer for error string";
wolfSSL 0:1239e9b70ca2 809
wolfSSL 0:1239e9b70ca2 810 CYASSL_ENTER("ERR_error_string");
wolfSSL 0:1239e9b70ca2 811 if (data) {
wolfSSL 0:1239e9b70ca2 812 SetErrorString((int)errNumber, data);
wolfSSL 0:1239e9b70ca2 813 return data;
wolfSSL 0:1239e9b70ca2 814 }
wolfSSL 0:1239e9b70ca2 815
wolfSSL 0:1239e9b70ca2 816 return (char*)msg;
wolfSSL 0:1239e9b70ca2 817 }
wolfSSL 0:1239e9b70ca2 818
wolfSSL 0:1239e9b70ca2 819
wolfSSL 0:1239e9b70ca2 820 void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
wolfSSL 0:1239e9b70ca2 821 {
wolfSSL 0:1239e9b70ca2 822 CYASSL_ENTER("CyaSSL_ERR_error_string_n");
wolfSSL 0:1239e9b70ca2 823 if (len >= CYASSL_MAX_ERROR_SZ)
wolfSSL 0:1239e9b70ca2 824 CyaSSL_ERR_error_string(e, buf);
wolfSSL 0:1239e9b70ca2 825 else {
wolfSSL 0:1239e9b70ca2 826 char tmp[CYASSL_MAX_ERROR_SZ];
wolfSSL 0:1239e9b70ca2 827
wolfSSL 0:1239e9b70ca2 828 CYASSL_MSG("Error buffer too short, truncating");
wolfSSL 0:1239e9b70ca2 829 if (len) {
wolfSSL 0:1239e9b70ca2 830 CyaSSL_ERR_error_string(e, tmp);
wolfSSL 0:1239e9b70ca2 831 XMEMCPY(buf, tmp, len-1);
wolfSSL 0:1239e9b70ca2 832 buf[len-1] = '\0';
wolfSSL 0:1239e9b70ca2 833 }
wolfSSL 0:1239e9b70ca2 834 }
wolfSSL 0:1239e9b70ca2 835 }
wolfSSL 0:1239e9b70ca2 836
wolfSSL 0:1239e9b70ca2 837
wolfSSL 0:1239e9b70ca2 838 /* don't free temporary arrays at end of handshake */
wolfSSL 0:1239e9b70ca2 839 void CyaSSL_KeepArrays(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 840 {
wolfSSL 0:1239e9b70ca2 841 if (ssl)
wolfSSL 0:1239e9b70ca2 842 ssl->options.saveArrays = 1;
wolfSSL 0:1239e9b70ca2 843 }
wolfSSL 0:1239e9b70ca2 844
wolfSSL 0:1239e9b70ca2 845
wolfSSL 0:1239e9b70ca2 846 /* user doesn't need temporary arrays anymore, Free */
wolfSSL 0:1239e9b70ca2 847 void CyaSSL_FreeArrays(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 848 {
wolfSSL 0:1239e9b70ca2 849 if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 0:1239e9b70ca2 850 ssl->options.saveArrays = 0;
wolfSSL 0:1239e9b70ca2 851 FreeArrays(ssl, 1);
wolfSSL 0:1239e9b70ca2 852 }
wolfSSL 0:1239e9b70ca2 853 }
wolfSSL 0:1239e9b70ca2 854
wolfSSL 0:1239e9b70ca2 855
wolfSSL 0:1239e9b70ca2 856 const byte* CyaSSL_GetMacSecret(CYASSL* ssl, int verify)
wolfSSL 0:1239e9b70ca2 857 {
wolfSSL 0:1239e9b70ca2 858 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 859 return NULL;
wolfSSL 0:1239e9b70ca2 860
wolfSSL 0:1239e9b70ca2 861 if ( (ssl->options.side == CYASSL_CLIENT_END && !verify) ||
wolfSSL 0:1239e9b70ca2 862 (ssl->options.side == CYASSL_SERVER_END && verify) )
wolfSSL 0:1239e9b70ca2 863 return ssl->keys.client_write_MAC_secret;
wolfSSL 0:1239e9b70ca2 864 else
wolfSSL 0:1239e9b70ca2 865 return ssl->keys.server_write_MAC_secret;
wolfSSL 0:1239e9b70ca2 866 }
wolfSSL 0:1239e9b70ca2 867
wolfSSL 0:1239e9b70ca2 868
wolfSSL 0:1239e9b70ca2 869 #ifdef ATOMIC_USER
wolfSSL 0:1239e9b70ca2 870
wolfSSL 0:1239e9b70ca2 871 void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX* ctx, CallbackMacEncrypt cb)
wolfSSL 0:1239e9b70ca2 872 {
wolfSSL 0:1239e9b70ca2 873 if (ctx)
wolfSSL 0:1239e9b70ca2 874 ctx->MacEncryptCb = cb;
wolfSSL 0:1239e9b70ca2 875 }
wolfSSL 0:1239e9b70ca2 876
wolfSSL 0:1239e9b70ca2 877
wolfSSL 0:1239e9b70ca2 878 void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 879 {
wolfSSL 0:1239e9b70ca2 880 if (ssl)
wolfSSL 0:1239e9b70ca2 881 ssl->MacEncryptCtx = ctx;
wolfSSL 0:1239e9b70ca2 882 }
wolfSSL 0:1239e9b70ca2 883
wolfSSL 0:1239e9b70ca2 884
wolfSSL 0:1239e9b70ca2 885 void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 886 {
wolfSSL 0:1239e9b70ca2 887 if (ssl)
wolfSSL 0:1239e9b70ca2 888 return ssl->MacEncryptCtx;
wolfSSL 0:1239e9b70ca2 889
wolfSSL 0:1239e9b70ca2 890 return NULL;
wolfSSL 0:1239e9b70ca2 891 }
wolfSSL 0:1239e9b70ca2 892
wolfSSL 0:1239e9b70ca2 893
wolfSSL 0:1239e9b70ca2 894 void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX* ctx, CallbackDecryptVerify cb)
wolfSSL 0:1239e9b70ca2 895 {
wolfSSL 0:1239e9b70ca2 896 if (ctx)
wolfSSL 0:1239e9b70ca2 897 ctx->DecryptVerifyCb = cb;
wolfSSL 0:1239e9b70ca2 898 }
wolfSSL 0:1239e9b70ca2 899
wolfSSL 0:1239e9b70ca2 900
wolfSSL 0:1239e9b70ca2 901 void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 902 {
wolfSSL 0:1239e9b70ca2 903 if (ssl)
wolfSSL 0:1239e9b70ca2 904 ssl->DecryptVerifyCtx = ctx;
wolfSSL 0:1239e9b70ca2 905 }
wolfSSL 0:1239e9b70ca2 906
wolfSSL 0:1239e9b70ca2 907
wolfSSL 0:1239e9b70ca2 908 void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 909 {
wolfSSL 0:1239e9b70ca2 910 if (ssl)
wolfSSL 0:1239e9b70ca2 911 return ssl->DecryptVerifyCtx;
wolfSSL 0:1239e9b70ca2 912
wolfSSL 0:1239e9b70ca2 913 return NULL;
wolfSSL 0:1239e9b70ca2 914 }
wolfSSL 0:1239e9b70ca2 915
wolfSSL 0:1239e9b70ca2 916
wolfSSL 0:1239e9b70ca2 917 const byte* CyaSSL_GetClientWriteKey(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 918 {
wolfSSL 0:1239e9b70ca2 919 if (ssl)
wolfSSL 0:1239e9b70ca2 920 return ssl->keys.client_write_key;
wolfSSL 0:1239e9b70ca2 921
wolfSSL 0:1239e9b70ca2 922 return NULL;
wolfSSL 0:1239e9b70ca2 923 }
wolfSSL 0:1239e9b70ca2 924
wolfSSL 0:1239e9b70ca2 925
wolfSSL 0:1239e9b70ca2 926 const byte* CyaSSL_GetClientWriteIV(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 927 {
wolfSSL 0:1239e9b70ca2 928 if (ssl)
wolfSSL 0:1239e9b70ca2 929 return ssl->keys.client_write_IV;
wolfSSL 0:1239e9b70ca2 930
wolfSSL 0:1239e9b70ca2 931 return NULL;
wolfSSL 0:1239e9b70ca2 932 }
wolfSSL 0:1239e9b70ca2 933
wolfSSL 0:1239e9b70ca2 934
wolfSSL 0:1239e9b70ca2 935 const byte* CyaSSL_GetServerWriteKey(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 936 {
wolfSSL 0:1239e9b70ca2 937 if (ssl)
wolfSSL 0:1239e9b70ca2 938 return ssl->keys.server_write_key;
wolfSSL 0:1239e9b70ca2 939
wolfSSL 0:1239e9b70ca2 940 return NULL;
wolfSSL 0:1239e9b70ca2 941 }
wolfSSL 0:1239e9b70ca2 942
wolfSSL 0:1239e9b70ca2 943
wolfSSL 0:1239e9b70ca2 944 const byte* CyaSSL_GetServerWriteIV(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 945 {
wolfSSL 0:1239e9b70ca2 946 if (ssl)
wolfSSL 0:1239e9b70ca2 947 return ssl->keys.server_write_IV;
wolfSSL 0:1239e9b70ca2 948
wolfSSL 0:1239e9b70ca2 949 return NULL;
wolfSSL 0:1239e9b70ca2 950 }
wolfSSL 0:1239e9b70ca2 951
wolfSSL 0:1239e9b70ca2 952
wolfSSL 0:1239e9b70ca2 953 int CyaSSL_GetKeySize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 954 {
wolfSSL 0:1239e9b70ca2 955 if (ssl)
wolfSSL 0:1239e9b70ca2 956 return ssl->specs.key_size;
wolfSSL 0:1239e9b70ca2 957
wolfSSL 0:1239e9b70ca2 958 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 959 }
wolfSSL 0:1239e9b70ca2 960
wolfSSL 0:1239e9b70ca2 961
wolfSSL 0:1239e9b70ca2 962 int CyaSSL_GetIVSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 963 {
wolfSSL 0:1239e9b70ca2 964 if (ssl)
wolfSSL 0:1239e9b70ca2 965 return ssl->specs.iv_size;
wolfSSL 0:1239e9b70ca2 966
wolfSSL 0:1239e9b70ca2 967 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 968 }
wolfSSL 0:1239e9b70ca2 969
wolfSSL 0:1239e9b70ca2 970
wolfSSL 0:1239e9b70ca2 971 int CyaSSL_GetBulkCipher(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 972 {
wolfSSL 0:1239e9b70ca2 973 if (ssl)
wolfSSL 0:1239e9b70ca2 974 return ssl->specs.bulk_cipher_algorithm;
wolfSSL 0:1239e9b70ca2 975
wolfSSL 0:1239e9b70ca2 976 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 977 }
wolfSSL 0:1239e9b70ca2 978
wolfSSL 0:1239e9b70ca2 979
wolfSSL 0:1239e9b70ca2 980 int CyaSSL_GetCipherType(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 981 {
wolfSSL 0:1239e9b70ca2 982 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 983 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 984
wolfSSL 0:1239e9b70ca2 985 if (ssl->specs.cipher_type == block)
wolfSSL 0:1239e9b70ca2 986 return CYASSL_BLOCK_TYPE;
wolfSSL 0:1239e9b70ca2 987 if (ssl->specs.cipher_type == stream)
wolfSSL 0:1239e9b70ca2 988 return CYASSL_STREAM_TYPE;
wolfSSL 0:1239e9b70ca2 989 if (ssl->specs.cipher_type == aead)
wolfSSL 0:1239e9b70ca2 990 return CYASSL_AEAD_TYPE;
wolfSSL 0:1239e9b70ca2 991
wolfSSL 0:1239e9b70ca2 992 return -1;
wolfSSL 0:1239e9b70ca2 993 }
wolfSSL 0:1239e9b70ca2 994
wolfSSL 0:1239e9b70ca2 995
wolfSSL 0:1239e9b70ca2 996 int CyaSSL_GetCipherBlockSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 997 {
wolfSSL 0:1239e9b70ca2 998 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 999 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1000
wolfSSL 0:1239e9b70ca2 1001 return ssl->specs.block_size;
wolfSSL 0:1239e9b70ca2 1002 }
wolfSSL 0:1239e9b70ca2 1003
wolfSSL 0:1239e9b70ca2 1004
wolfSSL 0:1239e9b70ca2 1005 int CyaSSL_GetAeadMacSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1006 {
wolfSSL 0:1239e9b70ca2 1007 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 1008 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1009
wolfSSL 0:1239e9b70ca2 1010 return ssl->specs.aead_mac_size;
wolfSSL 0:1239e9b70ca2 1011 }
wolfSSL 0:1239e9b70ca2 1012
wolfSSL 0:1239e9b70ca2 1013
wolfSSL 0:1239e9b70ca2 1014 int CyaSSL_IsTLSv1_1(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1015 {
wolfSSL 0:1239e9b70ca2 1016 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 1017 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1018
wolfSSL 0:1239e9b70ca2 1019 if (ssl->options.tls1_1)
wolfSSL 0:1239e9b70ca2 1020 return 1;
wolfSSL 0:1239e9b70ca2 1021
wolfSSL 0:1239e9b70ca2 1022 return 0;
wolfSSL 0:1239e9b70ca2 1023 }
wolfSSL 0:1239e9b70ca2 1024
wolfSSL 0:1239e9b70ca2 1025
wolfSSL 0:1239e9b70ca2 1026 int CyaSSL_GetSide(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1027 {
wolfSSL 0:1239e9b70ca2 1028 if (ssl)
wolfSSL 0:1239e9b70ca2 1029 return ssl->options.side;
wolfSSL 0:1239e9b70ca2 1030
wolfSSL 0:1239e9b70ca2 1031 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1032 }
wolfSSL 0:1239e9b70ca2 1033
wolfSSL 0:1239e9b70ca2 1034
wolfSSL 0:1239e9b70ca2 1035 int CyaSSL_GetHmacSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1036 {
wolfSSL 0:1239e9b70ca2 1037 /* AEAD ciphers don't have HMAC keys */
wolfSSL 0:1239e9b70ca2 1038 if (ssl)
wolfSSL 0:1239e9b70ca2 1039 return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
wolfSSL 0:1239e9b70ca2 1040
wolfSSL 0:1239e9b70ca2 1041 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1042 }
wolfSSL 0:1239e9b70ca2 1043
wolfSSL 0:1239e9b70ca2 1044 #endif /* ATOMIC_USER */
wolfSSL 0:1239e9b70ca2 1045
wolfSSL 0:1239e9b70ca2 1046 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 1047
wolfSSL 0:1239e9b70ca2 1048 CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
wolfSSL 0:1239e9b70ca2 1049 {
wolfSSL 0:1239e9b70ca2 1050 CYASSL_CERT_MANAGER* cm = NULL;
wolfSSL 0:1239e9b70ca2 1051
wolfSSL 0:1239e9b70ca2 1052 CYASSL_ENTER("CyaSSL_CertManagerNew");
wolfSSL 0:1239e9b70ca2 1053
wolfSSL 0:1239e9b70ca2 1054 cm = (CYASSL_CERT_MANAGER*) XMALLOC(sizeof(CYASSL_CERT_MANAGER), 0,
wolfSSL 0:1239e9b70ca2 1055 DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 0:1239e9b70ca2 1056 if (cm) {
wolfSSL 0:1239e9b70ca2 1057 XMEMSET(cm, 0, sizeof(CYASSL_CERT_MANAGER));
wolfSSL 0:1239e9b70ca2 1058
wolfSSL 0:1239e9b70ca2 1059 if (InitMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 1060 CYASSL_MSG("Bad mutex init");
wolfSSL 0:1239e9b70ca2 1061 CyaSSL_CertManagerFree(cm);
wolfSSL 0:1239e9b70ca2 1062 return NULL;
wolfSSL 0:1239e9b70ca2 1063 }
wolfSSL 0:1239e9b70ca2 1064 }
wolfSSL 0:1239e9b70ca2 1065
wolfSSL 0:1239e9b70ca2 1066 return cm;
wolfSSL 0:1239e9b70ca2 1067 }
wolfSSL 0:1239e9b70ca2 1068
wolfSSL 0:1239e9b70ca2 1069
wolfSSL 0:1239e9b70ca2 1070 void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 1071 {
wolfSSL 0:1239e9b70ca2 1072 CYASSL_ENTER("CyaSSL_CertManagerFree");
wolfSSL 0:1239e9b70ca2 1073
wolfSSL 0:1239e9b70ca2 1074 if (cm) {
wolfSSL 0:1239e9b70ca2 1075 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 1076 if (cm->crl)
wolfSSL 0:1239e9b70ca2 1077 FreeCRL(cm->crl, 1);
wolfSSL 0:1239e9b70ca2 1078 #endif
wolfSSL 0:1239e9b70ca2 1079 #ifdef HAVE_OCSP
wolfSSL 0:1239e9b70ca2 1080 if (cm->ocsp)
wolfSSL 0:1239e9b70ca2 1081 FreeOCSP(cm->ocsp, 1);
wolfSSL 0:1239e9b70ca2 1082 #endif
wolfSSL 0:1239e9b70ca2 1083 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL 0:1239e9b70ca2 1084 FreeMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1085 XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 0:1239e9b70ca2 1086 }
wolfSSL 0:1239e9b70ca2 1087
wolfSSL 0:1239e9b70ca2 1088 }
wolfSSL 0:1239e9b70ca2 1089
wolfSSL 0:1239e9b70ca2 1090
wolfSSL 0:1239e9b70ca2 1091 /* Unload the CA signer list */
wolfSSL 0:1239e9b70ca2 1092 int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 1093 {
wolfSSL 0:1239e9b70ca2 1094 CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs");
wolfSSL 0:1239e9b70ca2 1095
wolfSSL 0:1239e9b70ca2 1096 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 1097 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1098
wolfSSL 0:1239e9b70ca2 1099 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:1239e9b70ca2 1100 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1101
wolfSSL 0:1239e9b70ca2 1102 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL 0:1239e9b70ca2 1103
wolfSSL 0:1239e9b70ca2 1104 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1105
wolfSSL 0:1239e9b70ca2 1106
wolfSSL 0:1239e9b70ca2 1107 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1108 }
wolfSSL 0:1239e9b70ca2 1109
wolfSSL 0:1239e9b70ca2 1110
wolfSSL 0:1239e9b70ca2 1111 /* Return bytes written to buff or < 0 for error */
wolfSSL 0:1239e9b70ca2 1112 int CyaSSL_CertPemToDer(const unsigned char* pem, int pemSz,
wolfSSL 0:1239e9b70ca2 1113 unsigned char* buff, int buffSz,
wolfSSL 0:1239e9b70ca2 1114 int type)
wolfSSL 0:1239e9b70ca2 1115 {
wolfSSL 0:1239e9b70ca2 1116 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 1117 int eccKey = 0;
wolfSSL 0:1239e9b70ca2 1118 int ret;
wolfSSL 0:1239e9b70ca2 1119 buffer der;
wolfSSL 0:1239e9b70ca2 1120
wolfSSL 0:1239e9b70ca2 1121 CYASSL_ENTER("CyaSSL_CertPemToDer");
wolfSSL 0:1239e9b70ca2 1122
wolfSSL 0:1239e9b70ca2 1123 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 0:1239e9b70ca2 1124 CYASSL_MSG("Bad pem der args");
wolfSSL 0:1239e9b70ca2 1125 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1126 }
wolfSSL 0:1239e9b70ca2 1127
wolfSSL 0:1239e9b70ca2 1128 if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
wolfSSL 0:1239e9b70ca2 1129 CYASSL_MSG("Bad cert type");
wolfSSL 0:1239e9b70ca2 1130 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1131 }
wolfSSL 0:1239e9b70ca2 1132
wolfSSL 0:1239e9b70ca2 1133 info.set = 0;
wolfSSL 0:1239e9b70ca2 1134 info.ctx = NULL;
wolfSSL 0:1239e9b70ca2 1135 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 1136 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 1137
wolfSSL 0:1239e9b70ca2 1138 ret = PemToDer(pem, pemSz, type, &der, NULL, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 1139 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 1140 CYASSL_MSG("Bad Pem To Der");
wolfSSL 0:1239e9b70ca2 1141 }
wolfSSL 0:1239e9b70ca2 1142 else {
wolfSSL 0:1239e9b70ca2 1143 if (der.length <= (word32)buffSz) {
wolfSSL 0:1239e9b70ca2 1144 XMEMCPY(buff, der.buffer, der.length);
wolfSSL 0:1239e9b70ca2 1145 ret = der.length;
wolfSSL 0:1239e9b70ca2 1146 }
wolfSSL 0:1239e9b70ca2 1147 else {
wolfSSL 0:1239e9b70ca2 1148 CYASSL_MSG("Bad der length");
wolfSSL 0:1239e9b70ca2 1149 ret = BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1150 }
wolfSSL 0:1239e9b70ca2 1151 }
wolfSSL 0:1239e9b70ca2 1152
wolfSSL 0:1239e9b70ca2 1153 XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 1154
wolfSSL 0:1239e9b70ca2 1155 return ret;
wolfSSL 0:1239e9b70ca2 1156 }
wolfSSL 0:1239e9b70ca2 1157
wolfSSL 0:1239e9b70ca2 1158
wolfSSL 0:1239e9b70ca2 1159 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 1160
wolfSSL 0:1239e9b70ca2 1161 /* our KeyPemToDer password callback, password in userData */
wolfSSL 0:1239e9b70ca2 1162 static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
wolfSSL 0:1239e9b70ca2 1163 {
wolfSSL 0:1239e9b70ca2 1164 (void)rw;
wolfSSL 0:1239e9b70ca2 1165
wolfSSL 0:1239e9b70ca2 1166 if (userdata == NULL)
wolfSSL 0:1239e9b70ca2 1167 return 0;
wolfSSL 0:1239e9b70ca2 1168
wolfSSL 0:1239e9b70ca2 1169 XSTRNCPY(passwd, (char*)userdata, sz);
wolfSSL 0:1239e9b70ca2 1170 return min((word32)sz, (word32)XSTRLEN((char*)userdata));
wolfSSL 0:1239e9b70ca2 1171 }
wolfSSL 0:1239e9b70ca2 1172
wolfSSL 0:1239e9b70ca2 1173 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:1239e9b70ca2 1174
wolfSSL 0:1239e9b70ca2 1175
wolfSSL 0:1239e9b70ca2 1176 /* Return bytes written to buff or < 0 for error */
wolfSSL 0:1239e9b70ca2 1177 int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
wolfSSL 0:1239e9b70ca2 1178 int buffSz, const char* pass)
wolfSSL 0:1239e9b70ca2 1179 {
wolfSSL 0:1239e9b70ca2 1180 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 1181 int eccKey = 0;
wolfSSL 0:1239e9b70ca2 1182 int ret;
wolfSSL 0:1239e9b70ca2 1183 buffer der;
wolfSSL 0:1239e9b70ca2 1184
wolfSSL 0:1239e9b70ca2 1185 (void)pass;
wolfSSL 0:1239e9b70ca2 1186
wolfSSL 0:1239e9b70ca2 1187 CYASSL_ENTER("CyaSSL_KeyPemToDer");
wolfSSL 0:1239e9b70ca2 1188
wolfSSL 0:1239e9b70ca2 1189 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 0:1239e9b70ca2 1190 CYASSL_MSG("Bad pem der args");
wolfSSL 0:1239e9b70ca2 1191 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1192 }
wolfSSL 0:1239e9b70ca2 1193
wolfSSL 0:1239e9b70ca2 1194 info.set = 0;
wolfSSL 0:1239e9b70ca2 1195 info.ctx = NULL;
wolfSSL 0:1239e9b70ca2 1196 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 1197 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 1198
wolfSSL 0:1239e9b70ca2 1199 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 1200 if (pass) {
wolfSSL 0:1239e9b70ca2 1201 info.ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
wolfSSL 0:1239e9b70ca2 1202 if (info.ctx == NULL)
wolfSSL 0:1239e9b70ca2 1203 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 1204 CyaSSL_CTX_set_default_passwd_cb(info.ctx, OurPasswordCb);
wolfSSL 0:1239e9b70ca2 1205 CyaSSL_CTX_set_default_passwd_cb_userdata(info.ctx, (void*)pass);
wolfSSL 0:1239e9b70ca2 1206 }
wolfSSL 0:1239e9b70ca2 1207 #endif
wolfSSL 0:1239e9b70ca2 1208
wolfSSL 0:1239e9b70ca2 1209 ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 1210 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 1211 CYASSL_MSG("Bad Pem To Der");
wolfSSL 0:1239e9b70ca2 1212 }
wolfSSL 0:1239e9b70ca2 1213 else {
wolfSSL 0:1239e9b70ca2 1214 if (der.length <= (word32)buffSz) {
wolfSSL 0:1239e9b70ca2 1215 XMEMCPY(buff, der.buffer, der.length);
wolfSSL 0:1239e9b70ca2 1216 ret = der.length;
wolfSSL 0:1239e9b70ca2 1217 }
wolfSSL 0:1239e9b70ca2 1218 else {
wolfSSL 0:1239e9b70ca2 1219 CYASSL_MSG("Bad der length");
wolfSSL 0:1239e9b70ca2 1220 ret = BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1221 }
wolfSSL 0:1239e9b70ca2 1222 }
wolfSSL 0:1239e9b70ca2 1223
wolfSSL 0:1239e9b70ca2 1224 XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 1225
wolfSSL 0:1239e9b70ca2 1226 if (info.ctx)
wolfSSL 0:1239e9b70ca2 1227 CyaSSL_CTX_free(info.ctx);
wolfSSL 0:1239e9b70ca2 1228
wolfSSL 0:1239e9b70ca2 1229 return ret;
wolfSSL 0:1239e9b70ca2 1230 }
wolfSSL 0:1239e9b70ca2 1231
wolfSSL 0:1239e9b70ca2 1232
wolfSSL 0:1239e9b70ca2 1233 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 1234
wolfSSL 0:1239e9b70ca2 1235
wolfSSL 0:1239e9b70ca2 1236
wolfSSL 0:1239e9b70ca2 1237 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 1238
wolfSSL 0:1239e9b70ca2 1239 void CyaSSL_ERR_print_errors_fp(FILE* fp, int err)
wolfSSL 0:1239e9b70ca2 1240 {
wolfSSL 0:1239e9b70ca2 1241 char data[CYASSL_MAX_ERROR_SZ + 1];
wolfSSL 0:1239e9b70ca2 1242
wolfSSL 0:1239e9b70ca2 1243 CYASSL_ENTER("CyaSSL_ERR_print_errors_fp");
wolfSSL 0:1239e9b70ca2 1244 SetErrorString(err, data);
wolfSSL 0:1239e9b70ca2 1245 fprintf(fp, "%s", data);
wolfSSL 0:1239e9b70ca2 1246 }
wolfSSL 0:1239e9b70ca2 1247
wolfSSL 0:1239e9b70ca2 1248 #endif
wolfSSL 0:1239e9b70ca2 1249
wolfSSL 0:1239e9b70ca2 1250
wolfSSL 0:1239e9b70ca2 1251 int CyaSSL_pending(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1252 {
wolfSSL 0:1239e9b70ca2 1253 CYASSL_ENTER("SSL_pending");
wolfSSL 0:1239e9b70ca2 1254 return ssl->buffers.clearOutputBuffer.length;
wolfSSL 0:1239e9b70ca2 1255 }
wolfSSL 0:1239e9b70ca2 1256
wolfSSL 0:1239e9b70ca2 1257
wolfSSL 0:1239e9b70ca2 1258 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 1259 /* trun on handshake group messages for context */
wolfSSL 0:1239e9b70ca2 1260 int CyaSSL_CTX_set_group_messages(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 1261 {
wolfSSL 0:1239e9b70ca2 1262 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 1263 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1264
wolfSSL 0:1239e9b70ca2 1265 ctx->groupMessages = 1;
wolfSSL 0:1239e9b70ca2 1266
wolfSSL 0:1239e9b70ca2 1267 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1268 }
wolfSSL 0:1239e9b70ca2 1269 #endif
wolfSSL 0:1239e9b70ca2 1270
wolfSSL 0:1239e9b70ca2 1271
wolfSSL 0:1239e9b70ca2 1272 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 1273 /* connect enough to get peer cert chain */
wolfSSL 0:1239e9b70ca2 1274 int CyaSSL_connect_cert(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1275 {
wolfSSL 0:1239e9b70ca2 1276 int ret;
wolfSSL 0:1239e9b70ca2 1277
wolfSSL 0:1239e9b70ca2 1278 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 1279 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 1280
wolfSSL 0:1239e9b70ca2 1281 ssl->options.certOnly = 1;
wolfSSL 0:1239e9b70ca2 1282 ret = CyaSSL_connect(ssl);
wolfSSL 0:1239e9b70ca2 1283 ssl->options.certOnly = 0;
wolfSSL 0:1239e9b70ca2 1284
wolfSSL 0:1239e9b70ca2 1285 return ret;
wolfSSL 0:1239e9b70ca2 1286 }
wolfSSL 0:1239e9b70ca2 1287 #endif
wolfSSL 0:1239e9b70ca2 1288
wolfSSL 0:1239e9b70ca2 1289
wolfSSL 0:1239e9b70ca2 1290 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 1291 /* trun on handshake group messages for ssl object */
wolfSSL 0:1239e9b70ca2 1292 int CyaSSL_set_group_messages(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1293 {
wolfSSL 0:1239e9b70ca2 1294 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 1295 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1296
wolfSSL 0:1239e9b70ca2 1297 ssl->options.groupMessages = 1;
wolfSSL 0:1239e9b70ca2 1298
wolfSSL 0:1239e9b70ca2 1299 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1300 }
wolfSSL 0:1239e9b70ca2 1301
wolfSSL 0:1239e9b70ca2 1302
wolfSSL 0:1239e9b70ca2 1303 int CyaSSL_SetVersion(CYASSL* ssl, int version)
wolfSSL 0:1239e9b70ca2 1304 {
wolfSSL 0:1239e9b70ca2 1305 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 1306 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 1307
wolfSSL 0:1239e9b70ca2 1308 CYASSL_ENTER("CyaSSL_SetVersion");
wolfSSL 0:1239e9b70ca2 1309
wolfSSL 0:1239e9b70ca2 1310 if (ssl == NULL) {
wolfSSL 0:1239e9b70ca2 1311 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 1312 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1313 }
wolfSSL 0:1239e9b70ca2 1314
wolfSSL 0:1239e9b70ca2 1315 switch (version) {
wolfSSL 0:1239e9b70ca2 1316 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 1317 case CYASSL_SSLV3:
wolfSSL 0:1239e9b70ca2 1318 ssl->version = MakeSSLv3();
wolfSSL 0:1239e9b70ca2 1319 break;
wolfSSL 0:1239e9b70ca2 1320 #endif
wolfSSL 0:1239e9b70ca2 1321
wolfSSL 0:1239e9b70ca2 1322 #ifndef NO_TLS
wolfSSL 0:1239e9b70ca2 1323 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 1324 case CYASSL_TLSV1:
wolfSSL 0:1239e9b70ca2 1325 ssl->version = MakeTLSv1();
wolfSSL 0:1239e9b70ca2 1326 break;
wolfSSL 0:1239e9b70ca2 1327
wolfSSL 0:1239e9b70ca2 1328 case CYASSL_TLSV1_1:
wolfSSL 0:1239e9b70ca2 1329 ssl->version = MakeTLSv1_1();
wolfSSL 0:1239e9b70ca2 1330 break;
wolfSSL 0:1239e9b70ca2 1331 #endif
wolfSSL 0:1239e9b70ca2 1332 case CYASSL_TLSV1_2:
wolfSSL 0:1239e9b70ca2 1333 ssl->version = MakeTLSv1_2();
wolfSSL 0:1239e9b70ca2 1334 break;
wolfSSL 0:1239e9b70ca2 1335 #endif
wolfSSL 0:1239e9b70ca2 1336
wolfSSL 0:1239e9b70ca2 1337 default:
wolfSSL 0:1239e9b70ca2 1338 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 1339 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1340 }
wolfSSL 0:1239e9b70ca2 1341
wolfSSL 0:1239e9b70ca2 1342 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 1343 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 1344 #endif
wolfSSL 0:1239e9b70ca2 1345 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 1346 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 1347 #endif
wolfSSL 0:1239e9b70ca2 1348
wolfSSL 0:1239e9b70ca2 1349 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 0:1239e9b70ca2 1350 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 0:1239e9b70ca2 1351 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 0:1239e9b70ca2 1352
wolfSSL 0:1239e9b70ca2 1353 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1354 }
wolfSSL 0:1239e9b70ca2 1355 #endif /* !leanpsk */
wolfSSL 0:1239e9b70ca2 1356
wolfSSL 0:1239e9b70ca2 1357
wolfSSL 0:1239e9b70ca2 1358 #if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 1359
wolfSSL 0:1239e9b70ca2 1360 /* Make a work from the front of random hash */
wolfSSL 0:1239e9b70ca2 1361 static INLINE word32 MakeWordFromHash(const byte* hashID)
wolfSSL 0:1239e9b70ca2 1362 {
wolfSSL 0:1239e9b70ca2 1363 return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
wolfSSL 0:1239e9b70ca2 1364 hashID[3];
wolfSSL 0:1239e9b70ca2 1365 }
wolfSSL 0:1239e9b70ca2 1366
wolfSSL 0:1239e9b70ca2 1367 #endif /* !NO_CERTS || !NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 1368
wolfSSL 0:1239e9b70ca2 1369
wolfSSL 0:1239e9b70ca2 1370 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 1371
wolfSSL 0:1239e9b70ca2 1372 /* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL 0:1239e9b70ca2 1373 static INLINE word32 HashSigner(const byte* hash)
wolfSSL 0:1239e9b70ca2 1374 {
wolfSSL 0:1239e9b70ca2 1375 return MakeWordFromHash(hash) % CA_TABLE_SIZE;
wolfSSL 0:1239e9b70ca2 1376 }
wolfSSL 0:1239e9b70ca2 1377
wolfSSL 0:1239e9b70ca2 1378
wolfSSL 0:1239e9b70ca2 1379 /* does CA already exist on signer list */
wolfSSL 0:1239e9b70ca2 1380 int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
wolfSSL 0:1239e9b70ca2 1381 {
wolfSSL 0:1239e9b70ca2 1382 Signer* signers;
wolfSSL 0:1239e9b70ca2 1383 int ret = 0;
wolfSSL 0:1239e9b70ca2 1384 word32 row = HashSigner(hash);
wolfSSL 0:1239e9b70ca2 1385
wolfSSL 0:1239e9b70ca2 1386 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:1239e9b70ca2 1387 return ret;
wolfSSL 0:1239e9b70ca2 1388 signers = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 1389 while (signers) {
wolfSSL 0:1239e9b70ca2 1390 byte* subjectHash;
wolfSSL 0:1239e9b70ca2 1391 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1392 subjectHash = signers->subjectKeyIdHash;
wolfSSL 0:1239e9b70ca2 1393 #else
wolfSSL 0:1239e9b70ca2 1394 subjectHash = signers->subjectNameHash;
wolfSSL 0:1239e9b70ca2 1395 #endif
wolfSSL 0:1239e9b70ca2 1396 if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL 0:1239e9b70ca2 1397 ret = 1;
wolfSSL 0:1239e9b70ca2 1398 break;
wolfSSL 0:1239e9b70ca2 1399 }
wolfSSL 0:1239e9b70ca2 1400 signers = signers->next;
wolfSSL 0:1239e9b70ca2 1401 }
wolfSSL 0:1239e9b70ca2 1402 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1403
wolfSSL 0:1239e9b70ca2 1404 return ret;
wolfSSL 0:1239e9b70ca2 1405 }
wolfSSL 0:1239e9b70ca2 1406
wolfSSL 0:1239e9b70ca2 1407
wolfSSL 0:1239e9b70ca2 1408 /* return CA if found, otherwise NULL */
wolfSSL 0:1239e9b70ca2 1409 Signer* GetCA(void* vp, byte* hash)
wolfSSL 0:1239e9b70ca2 1410 {
wolfSSL 0:1239e9b70ca2 1411 CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
wolfSSL 0:1239e9b70ca2 1412 Signer* ret = NULL;
wolfSSL 0:1239e9b70ca2 1413 Signer* signers;
wolfSSL 0:1239e9b70ca2 1414 word32 row = HashSigner(hash);
wolfSSL 0:1239e9b70ca2 1415
wolfSSL 0:1239e9b70ca2 1416 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 1417 return NULL;
wolfSSL 0:1239e9b70ca2 1418
wolfSSL 0:1239e9b70ca2 1419 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:1239e9b70ca2 1420 return ret;
wolfSSL 0:1239e9b70ca2 1421
wolfSSL 0:1239e9b70ca2 1422 signers = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 1423 while (signers) {
wolfSSL 0:1239e9b70ca2 1424 byte* subjectHash;
wolfSSL 0:1239e9b70ca2 1425 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1426 subjectHash = signers->subjectKeyIdHash;
wolfSSL 0:1239e9b70ca2 1427 #else
wolfSSL 0:1239e9b70ca2 1428 subjectHash = signers->subjectNameHash;
wolfSSL 0:1239e9b70ca2 1429 #endif
wolfSSL 0:1239e9b70ca2 1430 if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL 0:1239e9b70ca2 1431 ret = signers;
wolfSSL 0:1239e9b70ca2 1432 break;
wolfSSL 0:1239e9b70ca2 1433 }
wolfSSL 0:1239e9b70ca2 1434 signers = signers->next;
wolfSSL 0:1239e9b70ca2 1435 }
wolfSSL 0:1239e9b70ca2 1436 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1437
wolfSSL 0:1239e9b70ca2 1438 return ret;
wolfSSL 0:1239e9b70ca2 1439 }
wolfSSL 0:1239e9b70ca2 1440
wolfSSL 0:1239e9b70ca2 1441
wolfSSL 0:1239e9b70ca2 1442 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1443 /* return CA if found, otherwise NULL. Walk through hash table. */
wolfSSL 0:1239e9b70ca2 1444 Signer* GetCAByName(void* vp, byte* hash)
wolfSSL 0:1239e9b70ca2 1445 {
wolfSSL 0:1239e9b70ca2 1446 CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
wolfSSL 0:1239e9b70ca2 1447 Signer* ret = NULL;
wolfSSL 0:1239e9b70ca2 1448 Signer* signers;
wolfSSL 0:1239e9b70ca2 1449 word32 row;
wolfSSL 0:1239e9b70ca2 1450
wolfSSL 0:1239e9b70ca2 1451 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 1452 return NULL;
wolfSSL 0:1239e9b70ca2 1453
wolfSSL 0:1239e9b70ca2 1454 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:1239e9b70ca2 1455 return ret;
wolfSSL 0:1239e9b70ca2 1456
wolfSSL 0:1239e9b70ca2 1457 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
wolfSSL 0:1239e9b70ca2 1458 signers = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 1459 while (signers && ret == NULL) {
wolfSSL 0:1239e9b70ca2 1460 if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL 0:1239e9b70ca2 1461 ret = signers;
wolfSSL 0:1239e9b70ca2 1462 }
wolfSSL 0:1239e9b70ca2 1463 signers = signers->next;
wolfSSL 0:1239e9b70ca2 1464 }
wolfSSL 0:1239e9b70ca2 1465 }
wolfSSL 0:1239e9b70ca2 1466 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1467
wolfSSL 0:1239e9b70ca2 1468 return ret;
wolfSSL 0:1239e9b70ca2 1469 }
wolfSSL 0:1239e9b70ca2 1470 #endif
wolfSSL 0:1239e9b70ca2 1471
wolfSSL 0:1239e9b70ca2 1472
wolfSSL 0:1239e9b70ca2 1473 /* owns der, internal now uses too */
wolfSSL 0:1239e9b70ca2 1474 /* type flag ids from user or from chain received during verify
wolfSSL 0:1239e9b70ca2 1475 don't allow chain ones to be added w/o isCA extension */
wolfSSL 0:1239e9b70ca2 1476 int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
wolfSSL 0:1239e9b70ca2 1477 {
wolfSSL 0:1239e9b70ca2 1478 int ret;
wolfSSL 0:1239e9b70ca2 1479 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 1480 Signer* signer = 0;
wolfSSL 0:1239e9b70ca2 1481 word32 row;
wolfSSL 0:1239e9b70ca2 1482 byte* subjectHash;
wolfSSL 0:1239e9b70ca2 1483
wolfSSL 0:1239e9b70ca2 1484 CYASSL_MSG("Adding a CA");
wolfSSL 0:1239e9b70ca2 1485 InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
wolfSSL 0:1239e9b70ca2 1486 ret = ParseCert(&cert, CA_TYPE, verify, cm);
wolfSSL 0:1239e9b70ca2 1487 CYASSL_MSG(" Parsed new CA");
wolfSSL 0:1239e9b70ca2 1488
wolfSSL 0:1239e9b70ca2 1489 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1490 subjectHash = cert.extSubjKeyId;
wolfSSL 0:1239e9b70ca2 1491 #else
wolfSSL 0:1239e9b70ca2 1492 subjectHash = cert.subjectHash;
wolfSSL 0:1239e9b70ca2 1493 #endif
wolfSSL 0:1239e9b70ca2 1494
wolfSSL 0:1239e9b70ca2 1495 if (ret == 0 && cert.isCA == 0 && type != CYASSL_USER_CA) {
wolfSSL 0:1239e9b70ca2 1496 CYASSL_MSG(" Can't add as CA if not actually one");
wolfSSL 0:1239e9b70ca2 1497 ret = NOT_CA_ERROR;
wolfSSL 0:1239e9b70ca2 1498 }
wolfSSL 0:1239e9b70ca2 1499 #ifndef ALLOW_INVALID_CERTSIGN
wolfSSL 0:1239e9b70ca2 1500 else if (ret == 0 && cert.isCA == 1 && type != CYASSL_USER_CA &&
wolfSSL 0:1239e9b70ca2 1501 (cert.extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
wolfSSL 0:1239e9b70ca2 1502 /* Intermediate CA certs are required to have the keyCertSign
wolfSSL 0:1239e9b70ca2 1503 * extension set. User loaded root certs are not. */
wolfSSL 0:1239e9b70ca2 1504 CYASSL_MSG(" Doesn't have key usage certificate signing");
wolfSSL 0:1239e9b70ca2 1505 ret = NOT_CA_ERROR;
wolfSSL 0:1239e9b70ca2 1506 }
wolfSSL 0:1239e9b70ca2 1507 #endif
wolfSSL 0:1239e9b70ca2 1508 else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
wolfSSL 0:1239e9b70ca2 1509 CYASSL_MSG(" Already have this CA, not adding again");
wolfSSL 0:1239e9b70ca2 1510 (void)ret;
wolfSSL 0:1239e9b70ca2 1511 }
wolfSSL 0:1239e9b70ca2 1512 else if (ret == 0) {
wolfSSL 0:1239e9b70ca2 1513 /* take over signer parts */
wolfSSL 0:1239e9b70ca2 1514 signer = MakeSigner(cm->heap);
wolfSSL 0:1239e9b70ca2 1515 if (!signer)
wolfSSL 0:1239e9b70ca2 1516 ret = MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 1517 else {
wolfSSL 0:1239e9b70ca2 1518 signer->keyOID = cert.keyOID;
wolfSSL 0:1239e9b70ca2 1519 signer->publicKey = cert.publicKey;
wolfSSL 0:1239e9b70ca2 1520 signer->pubKeySize = cert.pubKeySize;
wolfSSL 0:1239e9b70ca2 1521 signer->nameLen = cert.subjectCNLen;
wolfSSL 0:1239e9b70ca2 1522 signer->name = cert.subjectCN;
wolfSSL 0:1239e9b70ca2 1523 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:1239e9b70ca2 1524 signer->permittedNames = cert.permittedNames;
wolfSSL 0:1239e9b70ca2 1525 signer->excludedNames = cert.excludedNames;
wolfSSL 0:1239e9b70ca2 1526 #endif
wolfSSL 0:1239e9b70ca2 1527 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1528 XMEMCPY(signer->subjectKeyIdHash,
wolfSSL 0:1239e9b70ca2 1529 cert.extSubjKeyId, SHA_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 1530 #endif
wolfSSL 0:1239e9b70ca2 1531 XMEMCPY(signer->subjectNameHash, cert.subjectHash, SHA_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 1532 signer->keyUsage = cert.extKeyUsageSet ? cert.extKeyUsage : 0xFFFF;
wolfSSL 0:1239e9b70ca2 1533 /* If Key Usage not set, all uses valid. */
wolfSSL 0:1239e9b70ca2 1534 signer->next = NULL; /* in case lock fails */
wolfSSL 0:1239e9b70ca2 1535
wolfSSL 0:1239e9b70ca2 1536 cert.publicKey = 0; /* don't free here */
wolfSSL 0:1239e9b70ca2 1537 cert.subjectCN = 0;
wolfSSL 0:1239e9b70ca2 1538 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:1239e9b70ca2 1539 cert.permittedNames = NULL;
wolfSSL 0:1239e9b70ca2 1540 cert.excludedNames = NULL;
wolfSSL 0:1239e9b70ca2 1541 #endif
wolfSSL 0:1239e9b70ca2 1542
wolfSSL 0:1239e9b70ca2 1543 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1544 row = HashSigner(signer->subjectKeyIdHash);
wolfSSL 0:1239e9b70ca2 1545 #else
wolfSSL 0:1239e9b70ca2 1546 row = HashSigner(signer->subjectNameHash);
wolfSSL 0:1239e9b70ca2 1547 #endif
wolfSSL 0:1239e9b70ca2 1548
wolfSSL 0:1239e9b70ca2 1549 if (LockMutex(&cm->caLock) == 0) {
wolfSSL 0:1239e9b70ca2 1550 signer->next = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 1551 cm->caTable[row] = signer; /* takes ownership */
wolfSSL 0:1239e9b70ca2 1552 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1553 if (cm->caCacheCallback)
wolfSSL 0:1239e9b70ca2 1554 cm->caCacheCallback(der.buffer, (int)der.length, type);
wolfSSL 0:1239e9b70ca2 1555 }
wolfSSL 0:1239e9b70ca2 1556 else {
wolfSSL 0:1239e9b70ca2 1557 CYASSL_MSG(" CA Mutex Lock failed");
wolfSSL 0:1239e9b70ca2 1558 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1559 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 1560 }
wolfSSL 0:1239e9b70ca2 1561 }
wolfSSL 0:1239e9b70ca2 1562 }
wolfSSL 0:1239e9b70ca2 1563
wolfSSL 0:1239e9b70ca2 1564 CYASSL_MSG(" Freeing Parsed CA");
wolfSSL 0:1239e9b70ca2 1565 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 1566 CYASSL_MSG(" Freeing der CA");
wolfSSL 0:1239e9b70ca2 1567 XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA);
wolfSSL 0:1239e9b70ca2 1568 CYASSL_MSG(" OK Freeing der CA");
wolfSSL 0:1239e9b70ca2 1569
wolfSSL 0:1239e9b70ca2 1570 CYASSL_LEAVE("AddCA", ret);
wolfSSL 0:1239e9b70ca2 1571 if (ret == 0) return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1572 return ret;
wolfSSL 0:1239e9b70ca2 1573 }
wolfSSL 0:1239e9b70ca2 1574
wolfSSL 0:1239e9b70ca2 1575 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 1576
wolfSSL 0:1239e9b70ca2 1577
wolfSSL 0:1239e9b70ca2 1578 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 1579
wolfSSL 0:1239e9b70ca2 1580 /* basic config gives a cache with 33 sessions, adequate for clients and
wolfSSL 0:1239e9b70ca2 1581 embedded servers
wolfSSL 0:1239e9b70ca2 1582
wolfSSL 0:1239e9b70ca2 1583 MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
wolfSSL 0:1239e9b70ca2 1584 aren't under heavy load, basically allows 200 new sessions per minute
wolfSSL 0:1239e9b70ca2 1585
wolfSSL 0:1239e9b70ca2 1586 BIG_SESSION_CACHE yields 20,027 sessions
wolfSSL 0:1239e9b70ca2 1587
wolfSSL 0:1239e9b70ca2 1588 HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
wolfSSL 0:1239e9b70ca2 1589 allows over 13,000 new sessions per minute or over 200 new sessions per
wolfSSL 0:1239e9b70ca2 1590 second
wolfSSL 0:1239e9b70ca2 1591
wolfSSL 0:1239e9b70ca2 1592 SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
wolfSSL 0:1239e9b70ca2 1593 or systems where the default of nearly 3kB is too much RAM, this define
wolfSSL 0:1239e9b70ca2 1594 uses less than 500 bytes RAM
wolfSSL 0:1239e9b70ca2 1595
wolfSSL 0:1239e9b70ca2 1596 default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
wolfSSL 0:1239e9b70ca2 1597 */
wolfSSL 0:1239e9b70ca2 1598 #ifdef HUGE_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 1599 #define SESSIONS_PER_ROW 11
wolfSSL 0:1239e9b70ca2 1600 #define SESSION_ROWS 5981
wolfSSL 0:1239e9b70ca2 1601 #elif defined(BIG_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 1602 #define SESSIONS_PER_ROW 7
wolfSSL 0:1239e9b70ca2 1603 #define SESSION_ROWS 2861
wolfSSL 0:1239e9b70ca2 1604 #elif defined(MEDIUM_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 1605 #define SESSIONS_PER_ROW 5
wolfSSL 0:1239e9b70ca2 1606 #define SESSION_ROWS 211
wolfSSL 0:1239e9b70ca2 1607 #elif defined(SMALL_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 1608 #define SESSIONS_PER_ROW 2
wolfSSL 0:1239e9b70ca2 1609 #define SESSION_ROWS 3
wolfSSL 0:1239e9b70ca2 1610 #else
wolfSSL 0:1239e9b70ca2 1611 #define SESSIONS_PER_ROW 3
wolfSSL 0:1239e9b70ca2 1612 #define SESSION_ROWS 11
wolfSSL 0:1239e9b70ca2 1613 #endif
wolfSSL 0:1239e9b70ca2 1614
wolfSSL 0:1239e9b70ca2 1615 typedef struct SessionRow {
wolfSSL 0:1239e9b70ca2 1616 int nextIdx; /* where to place next one */
wolfSSL 0:1239e9b70ca2 1617 int totalCount; /* sessions ever on this row */
wolfSSL 0:1239e9b70ca2 1618 CYASSL_SESSION Sessions[SESSIONS_PER_ROW];
wolfSSL 0:1239e9b70ca2 1619 } SessionRow;
wolfSSL 0:1239e9b70ca2 1620
wolfSSL 0:1239e9b70ca2 1621 static SessionRow SessionCache[SESSION_ROWS];
wolfSSL 0:1239e9b70ca2 1622
wolfSSL 0:1239e9b70ca2 1623 static CyaSSL_Mutex session_mutex; /* SessionCache mutex */
wolfSSL 0:1239e9b70ca2 1624
wolfSSL 0:1239e9b70ca2 1625 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 1626
wolfSSL 0:1239e9b70ca2 1627 typedef struct ClientSession {
wolfSSL 0:1239e9b70ca2 1628 word16 serverRow; /* SessionCache Row id */
wolfSSL 0:1239e9b70ca2 1629 word16 serverIdx; /* SessionCache Idx (column) */
wolfSSL 0:1239e9b70ca2 1630 } ClientSession;
wolfSSL 0:1239e9b70ca2 1631
wolfSSL 0:1239e9b70ca2 1632 typedef struct ClientRow {
wolfSSL 0:1239e9b70ca2 1633 int nextIdx; /* where to place next one */
wolfSSL 0:1239e9b70ca2 1634 int totalCount; /* sessions ever on this row */
wolfSSL 0:1239e9b70ca2 1635 ClientSession Clients[SESSIONS_PER_ROW];
wolfSSL 0:1239e9b70ca2 1636 } ClientRow;
wolfSSL 0:1239e9b70ca2 1637
wolfSSL 0:1239e9b70ca2 1638 static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
wolfSSL 0:1239e9b70ca2 1639 /* uses session mutex */
wolfSSL 0:1239e9b70ca2 1640 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 1641
wolfSSL 0:1239e9b70ca2 1642 #endif /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 1643
wolfSSL 0:1239e9b70ca2 1644
wolfSSL 0:1239e9b70ca2 1645 int CyaSSL_Init(void)
wolfSSL 0:1239e9b70ca2 1646 {
wolfSSL 0:1239e9b70ca2 1647 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1648
wolfSSL 0:1239e9b70ca2 1649 CYASSL_ENTER("CyaSSL_Init");
wolfSSL 0:1239e9b70ca2 1650
wolfSSL 0:1239e9b70ca2 1651 if (initRefCount == 0) {
wolfSSL 0:1239e9b70ca2 1652 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 1653 if (InitMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 1654 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1655 #endif
wolfSSL 0:1239e9b70ca2 1656 if (InitMutex(&count_mutex) != 0)
wolfSSL 0:1239e9b70ca2 1657 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1658 }
wolfSSL 0:1239e9b70ca2 1659 if (ret == SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 1660 if (LockMutex(&count_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 1661 CYASSL_MSG("Bad Lock Mutex count");
wolfSSL 0:1239e9b70ca2 1662 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1663 }
wolfSSL 0:1239e9b70ca2 1664 initRefCount++;
wolfSSL 0:1239e9b70ca2 1665 UnLockMutex(&count_mutex);
wolfSSL 0:1239e9b70ca2 1666 }
wolfSSL 0:1239e9b70ca2 1667
wolfSSL 0:1239e9b70ca2 1668 return ret;
wolfSSL 0:1239e9b70ca2 1669 }
wolfSSL 0:1239e9b70ca2 1670
wolfSSL 0:1239e9b70ca2 1671
wolfSSL 0:1239e9b70ca2 1672 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 1673
wolfSSL 0:1239e9b70ca2 1674 /* Remove PEM header/footer, convert to ASN1, store any encrypted data
wolfSSL 0:1239e9b70ca2 1675 info->consumed tracks of PEM bytes consumed in case multiple parts */
wolfSSL 0:1239e9b70ca2 1676 int PemToDer(const unsigned char* buff, long longSz, int type,
wolfSSL 0:1239e9b70ca2 1677 buffer* der, void* heap, EncryptedInfo* info, int* eccKey)
wolfSSL 0:1239e9b70ca2 1678 {
wolfSSL 0:1239e9b70ca2 1679 char header[PEM_LINE_LEN];
wolfSSL 0:1239e9b70ca2 1680 char footer[PEM_LINE_LEN];
wolfSSL 0:1239e9b70ca2 1681 char* headerEnd;
wolfSSL 0:1239e9b70ca2 1682 char* footerEnd;
wolfSSL 0:1239e9b70ca2 1683 char* consumedEnd;
wolfSSL 0:1239e9b70ca2 1684 char* bufferEnd = (char*)(buff + longSz);
wolfSSL 0:1239e9b70ca2 1685 long neededSz;
wolfSSL 0:1239e9b70ca2 1686 int ret = 0;
wolfSSL 0:1239e9b70ca2 1687 int pkcs8 = 0;
wolfSSL 0:1239e9b70ca2 1688 int pkcs8Enc = 0;
wolfSSL 0:1239e9b70ca2 1689 int dynamicType = 0;
wolfSSL 0:1239e9b70ca2 1690 int sz = (int)longSz;
wolfSSL 0:1239e9b70ca2 1691
wolfSSL 0:1239e9b70ca2 1692 (void)heap;
wolfSSL 0:1239e9b70ca2 1693 (void)dynamicType;
wolfSSL 0:1239e9b70ca2 1694
wolfSSL 0:1239e9b70ca2 1695 if (type == CERT_TYPE || type == CA_TYPE) {
wolfSSL 0:1239e9b70ca2 1696 XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1697 XSTRNCPY(footer, "-----END CERTIFICATE-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1698 dynamicType = (type == CA_TYPE) ? DYNAMIC_TYPE_CA :
wolfSSL 0:1239e9b70ca2 1699 DYNAMIC_TYPE_CERT;
wolfSSL 0:1239e9b70ca2 1700 } else if (type == CERTREQ_TYPE) {
wolfSSL 0:1239e9b70ca2 1701 XSTRNCPY(header, "-----BEGIN CERTIFICATE REQUEST-----",
wolfSSL 0:1239e9b70ca2 1702 sizeof(header));
wolfSSL 0:1239e9b70ca2 1703 XSTRNCPY(footer, "-----END CERTIFICATE REQUEST-----",
wolfSSL 0:1239e9b70ca2 1704 sizeof(footer));
wolfSSL 0:1239e9b70ca2 1705 dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL 0:1239e9b70ca2 1706 } else if (type == DH_PARAM_TYPE) {
wolfSSL 0:1239e9b70ca2 1707 XSTRNCPY(header, "-----BEGIN DH PARAMETERS-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1708 XSTRNCPY(footer, "-----END DH PARAMETERS-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1709 dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL 0:1239e9b70ca2 1710 } else if (type == CRL_TYPE) {
wolfSSL 0:1239e9b70ca2 1711 XSTRNCPY(header, "-----BEGIN X509 CRL-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1712 XSTRNCPY(footer, "-----END X509 CRL-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1713 dynamicType = DYNAMIC_TYPE_CRL;
wolfSSL 0:1239e9b70ca2 1714 } else {
wolfSSL 0:1239e9b70ca2 1715 XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1716 XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1717 dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL 0:1239e9b70ca2 1718 }
wolfSSL 0:1239e9b70ca2 1719
wolfSSL 0:1239e9b70ca2 1720 /* find header */
wolfSSL 0:1239e9b70ca2 1721 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1722 if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be pkcs8 */
wolfSSL 0:1239e9b70ca2 1723 XSTRNCPY(header, "-----BEGIN PRIVATE KEY-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1724 XSTRNCPY(footer, "-----END PRIVATE KEY-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1725
wolfSSL 0:1239e9b70ca2 1726 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1727 if (headerEnd)
wolfSSL 0:1239e9b70ca2 1728 pkcs8 = 1;
wolfSSL 0:1239e9b70ca2 1729 else {
wolfSSL 0:1239e9b70ca2 1730 XSTRNCPY(header, "-----BEGIN ENCRYPTED PRIVATE KEY-----",
wolfSSL 0:1239e9b70ca2 1731 sizeof(header));
wolfSSL 0:1239e9b70ca2 1732 XSTRNCPY(footer, "-----END ENCRYPTED PRIVATE KEY-----",
wolfSSL 0:1239e9b70ca2 1733 sizeof(footer));
wolfSSL 0:1239e9b70ca2 1734
wolfSSL 0:1239e9b70ca2 1735 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1736 if (headerEnd) {
wolfSSL 0:1239e9b70ca2 1737 pkcs8Enc = 1;
wolfSSL 0:1239e9b70ca2 1738 (void)pkcs8Enc; /* only opensslextra will read */
wolfSSL 0:1239e9b70ca2 1739 }
wolfSSL 0:1239e9b70ca2 1740 }
wolfSSL 0:1239e9b70ca2 1741 }
wolfSSL 0:1239e9b70ca2 1742 if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */
wolfSSL 0:1239e9b70ca2 1743 XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1744 XSTRNCPY(footer, "-----END EC PRIVATE KEY-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1745
wolfSSL 0:1239e9b70ca2 1746 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1747 if (headerEnd)
wolfSSL 0:1239e9b70ca2 1748 *eccKey = 1;
wolfSSL 0:1239e9b70ca2 1749 }
wolfSSL 0:1239e9b70ca2 1750 if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be dsa */
wolfSSL 0:1239e9b70ca2 1751 XSTRNCPY(header, "-----BEGIN DSA PRIVATE KEY-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1752 XSTRNCPY(footer, "-----END DSA PRIVATE KEY-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1753
wolfSSL 0:1239e9b70ca2 1754 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1755 }
wolfSSL 0:1239e9b70ca2 1756 if (!headerEnd) {
wolfSSL 0:1239e9b70ca2 1757 CYASSL_MSG("Couldn't find PEM header");
wolfSSL 0:1239e9b70ca2 1758 return SSL_NO_PEM_HEADER;
wolfSSL 0:1239e9b70ca2 1759 }
wolfSSL 0:1239e9b70ca2 1760 headerEnd += XSTRLEN(header);
wolfSSL 0:1239e9b70ca2 1761
wolfSSL 0:1239e9b70ca2 1762 /* eat end of line */
wolfSSL 0:1239e9b70ca2 1763 if (headerEnd[0] == '\n')
wolfSSL 0:1239e9b70ca2 1764 headerEnd++;
wolfSSL 0:1239e9b70ca2 1765 else if (headerEnd[1] == '\n')
wolfSSL 0:1239e9b70ca2 1766 headerEnd += 2;
wolfSSL 0:1239e9b70ca2 1767 else
wolfSSL 0:1239e9b70ca2 1768 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1769
wolfSSL 0:1239e9b70ca2 1770 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 1771 {
wolfSSL 0:1239e9b70ca2 1772 /* remove encrypted header if there */
wolfSSL 0:1239e9b70ca2 1773 char encHeader[] = "Proc-Type";
wolfSSL 0:1239e9b70ca2 1774 char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1775 if (line) {
wolfSSL 0:1239e9b70ca2 1776 char* newline;
wolfSSL 0:1239e9b70ca2 1777 char* finish;
wolfSSL 0:1239e9b70ca2 1778 char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1779
wolfSSL 0:1239e9b70ca2 1780 if (!start)
wolfSSL 0:1239e9b70ca2 1781 start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1782
wolfSSL 0:1239e9b70ca2 1783 if (!start) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1784 if (!info) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1785
wolfSSL 0:1239e9b70ca2 1786 finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1787
wolfSSL 0:1239e9b70ca2 1788 if (start && finish && (start < finish)) {
wolfSSL 0:1239e9b70ca2 1789 newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1790
wolfSSL 0:1239e9b70ca2 1791 XMEMCPY(info->name, start, finish - start);
wolfSSL 0:1239e9b70ca2 1792 info->name[finish - start] = 0;
wolfSSL 0:1239e9b70ca2 1793 XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
wolfSSL 0:1239e9b70ca2 1794
wolfSSL 0:1239e9b70ca2 1795 if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1796 if (newline && (newline > finish)) {
wolfSSL 0:1239e9b70ca2 1797 info->ivSz = (word32)(newline - (finish + 1));
wolfSSL 0:1239e9b70ca2 1798 info->set = 1;
wolfSSL 0:1239e9b70ca2 1799 }
wolfSSL 0:1239e9b70ca2 1800 else
wolfSSL 0:1239e9b70ca2 1801 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1802 }
wolfSSL 0:1239e9b70ca2 1803 else
wolfSSL 0:1239e9b70ca2 1804 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1805
wolfSSL 0:1239e9b70ca2 1806 /* eat blank line */
wolfSSL 0:1239e9b70ca2 1807 while (*newline == '\r' || *newline == '\n')
wolfSSL 0:1239e9b70ca2 1808 newline++;
wolfSSL 0:1239e9b70ca2 1809 headerEnd = newline;
wolfSSL 0:1239e9b70ca2 1810 }
wolfSSL 0:1239e9b70ca2 1811 }
wolfSSL 0:1239e9b70ca2 1812 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:1239e9b70ca2 1813
wolfSSL 0:1239e9b70ca2 1814 /* find footer */
wolfSSL 0:1239e9b70ca2 1815 footerEnd = XSTRNSTR((char*)buff, footer, sz);
wolfSSL 0:1239e9b70ca2 1816 if (!footerEnd) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1817
wolfSSL 0:1239e9b70ca2 1818 consumedEnd = footerEnd + XSTRLEN(footer);
wolfSSL 0:1239e9b70ca2 1819
wolfSSL 0:1239e9b70ca2 1820 if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
wolfSSL 0:1239e9b70ca2 1821 /* eat end of line */
wolfSSL 0:1239e9b70ca2 1822 if (consumedEnd[0] == '\n')
wolfSSL 0:1239e9b70ca2 1823 consumedEnd++;
wolfSSL 0:1239e9b70ca2 1824 else if (consumedEnd[1] == '\n')
wolfSSL 0:1239e9b70ca2 1825 consumedEnd += 2;
wolfSSL 0:1239e9b70ca2 1826 else
wolfSSL 0:1239e9b70ca2 1827 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1828 }
wolfSSL 0:1239e9b70ca2 1829
wolfSSL 0:1239e9b70ca2 1830 if (info)
wolfSSL 0:1239e9b70ca2 1831 info->consumed = (long)(consumedEnd - (char*)buff);
wolfSSL 0:1239e9b70ca2 1832
wolfSSL 0:1239e9b70ca2 1833 /* set up der buffer */
wolfSSL 0:1239e9b70ca2 1834 neededSz = (long)(footerEnd - headerEnd);
wolfSSL 0:1239e9b70ca2 1835 if (neededSz > sz || neededSz < 0) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1836 der->buffer = (byte*) XMALLOC(neededSz, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1837 if (!der->buffer) return MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 1838 der->length = (word32)neededSz;
wolfSSL 0:1239e9b70ca2 1839
wolfSSL 0:1239e9b70ca2 1840 if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer,
wolfSSL 0:1239e9b70ca2 1841 &der->length) < 0)
wolfSSL 0:1239e9b70ca2 1842 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1843
wolfSSL 0:1239e9b70ca2 1844 if (pkcs8) {
wolfSSL 0:1239e9b70ca2 1845 /* convert and adjust length */
wolfSSL 0:1239e9b70ca2 1846 if ( (ret = ToTraditional(der->buffer, der->length)) < 0 ) {
wolfSSL 0:1239e9b70ca2 1847 return ret;
wolfSSL 0:1239e9b70ca2 1848 } else {
wolfSSL 0:1239e9b70ca2 1849 der->length = ret;
wolfSSL 0:1239e9b70ca2 1850 return 0;
wolfSSL 0:1239e9b70ca2 1851 }
wolfSSL 0:1239e9b70ca2 1852 }
wolfSSL 0:1239e9b70ca2 1853
wolfSSL 0:1239e9b70ca2 1854 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
wolfSSL 0:1239e9b70ca2 1855 if (pkcs8Enc) {
wolfSSL 0:1239e9b70ca2 1856 int passwordSz;
wolfSSL 0:1239e9b70ca2 1857 char password[80];
wolfSSL 0:1239e9b70ca2 1858
wolfSSL 0:1239e9b70ca2 1859 if (!info || !info->ctx || !info->ctx->passwd_cb)
wolfSSL 0:1239e9b70ca2 1860 return SSL_BAD_FILE; /* no callback error */
wolfSSL 0:1239e9b70ca2 1861 passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL 0:1239e9b70ca2 1862 info->ctx->userdata);
wolfSSL 0:1239e9b70ca2 1863 /* convert and adjust length */
wolfSSL 0:1239e9b70ca2 1864 if ( (ret = ToTraditionalEnc(der->buffer, der->length, password,
wolfSSL 0:1239e9b70ca2 1865 passwordSz)) < 0 ) {
wolfSSL 0:1239e9b70ca2 1866 return ret;
wolfSSL 0:1239e9b70ca2 1867 } else {
wolfSSL 0:1239e9b70ca2 1868 der->length = ret;
wolfSSL 0:1239e9b70ca2 1869 return 0;
wolfSSL 0:1239e9b70ca2 1870 }
wolfSSL 0:1239e9b70ca2 1871 }
wolfSSL 0:1239e9b70ca2 1872 #endif
wolfSSL 0:1239e9b70ca2 1873
wolfSSL 0:1239e9b70ca2 1874 return 0;
wolfSSL 0:1239e9b70ca2 1875 }
wolfSSL 0:1239e9b70ca2 1876
wolfSSL 0:1239e9b70ca2 1877
wolfSSL 0:1239e9b70ca2 1878 /* process the buffer buff, legnth sz, into ctx of format and type
wolfSSL 0:1239e9b70ca2 1879 used tracks bytes consumed, userChain specifies a user cert chain
wolfSSL 0:1239e9b70ca2 1880 to pass during the handshake */
wolfSSL 0:1239e9b70ca2 1881 static int ProcessBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
wolfSSL 0:1239e9b70ca2 1882 long sz, int format, int type, CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 1883 long* used, int userChain)
wolfSSL 0:1239e9b70ca2 1884 {
wolfSSL 0:1239e9b70ca2 1885 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 1886 buffer der; /* holds DER or RAW (for NTRU) */
wolfSSL 0:1239e9b70ca2 1887 int ret;
wolfSSL 0:1239e9b70ca2 1888 int dynamicType = 0;
wolfSSL 0:1239e9b70ca2 1889 int eccKey = 0;
wolfSSL 0:1239e9b70ca2 1890 int rsaKey = 0;
wolfSSL 0:1239e9b70ca2 1891 void* heap = ctx ? ctx->heap : NULL;
wolfSSL 0:1239e9b70ca2 1892
wolfSSL 0:1239e9b70ca2 1893 info.set = 0;
wolfSSL 0:1239e9b70ca2 1894 info.ctx = ctx;
wolfSSL 0:1239e9b70ca2 1895 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 1896 der.buffer = 0;
wolfSSL 0:1239e9b70ca2 1897
wolfSSL 0:1239e9b70ca2 1898 (void)dynamicType;
wolfSSL 0:1239e9b70ca2 1899 (void)rsaKey;
wolfSSL 0:1239e9b70ca2 1900
wolfSSL 0:1239e9b70ca2 1901 if (used)
wolfSSL 0:1239e9b70ca2 1902 *used = sz; /* used bytes default to sz, PEM chain may shorten*/
wolfSSL 0:1239e9b70ca2 1903
wolfSSL 0:1239e9b70ca2 1904 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
wolfSSL 0:1239e9b70ca2 1905 && format != SSL_FILETYPE_RAW)
wolfSSL 0:1239e9b70ca2 1906 return SSL_BAD_FILETYPE;
wolfSSL 0:1239e9b70ca2 1907
wolfSSL 0:1239e9b70ca2 1908 if (type == CA_TYPE)
wolfSSL 0:1239e9b70ca2 1909 dynamicType = DYNAMIC_TYPE_CA;
wolfSSL 0:1239e9b70ca2 1910 else if (type == CERT_TYPE)
wolfSSL 0:1239e9b70ca2 1911 dynamicType = DYNAMIC_TYPE_CERT;
wolfSSL 0:1239e9b70ca2 1912 else
wolfSSL 0:1239e9b70ca2 1913 dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL 0:1239e9b70ca2 1914
wolfSSL 0:1239e9b70ca2 1915 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:1239e9b70ca2 1916 ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 1917 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 1918 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1919 return ret;
wolfSSL 0:1239e9b70ca2 1920 }
wolfSSL 0:1239e9b70ca2 1921 if (used)
wolfSSL 0:1239e9b70ca2 1922 *used = info.consumed;
wolfSSL 0:1239e9b70ca2 1923 /* we may have a user cert chain, try to consume */
wolfSSL 0:1239e9b70ca2 1924 if (userChain && type == CERT_TYPE && info.consumed < sz) {
wolfSSL 0:1239e9b70ca2 1925 byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
wolfSSL 0:1239e9b70ca2 1926 byte* chainBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 1927 int dynamicBuffer = 0;
wolfSSL 0:1239e9b70ca2 1928 word32 bufferSz = sizeof(staticBuffer);
wolfSSL 0:1239e9b70ca2 1929 long consumed = info.consumed;
wolfSSL 0:1239e9b70ca2 1930 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 1931 int gotOne = 0;
wolfSSL 0:1239e9b70ca2 1932
wolfSSL 0:1239e9b70ca2 1933 if ( (sz - consumed) > (int)bufferSz) {
wolfSSL 0:1239e9b70ca2 1934 CYASSL_MSG("Growing Tmp Chain Buffer");
wolfSSL 0:1239e9b70ca2 1935 bufferSz = (word32)(sz - consumed);
wolfSSL 0:1239e9b70ca2 1936 /* will shrink to actual size */
wolfSSL 0:1239e9b70ca2 1937 chainBuffer = (byte*)XMALLOC(bufferSz, heap,
wolfSSL 0:1239e9b70ca2 1938 DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 1939 if (chainBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 1940 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1941 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 1942 }
wolfSSL 0:1239e9b70ca2 1943 dynamicBuffer = 1;
wolfSSL 0:1239e9b70ca2 1944 }
wolfSSL 0:1239e9b70ca2 1945
wolfSSL 0:1239e9b70ca2 1946 CYASSL_MSG("Processing Cert Chain");
wolfSSL 0:1239e9b70ca2 1947 while (consumed < sz) {
wolfSSL 0:1239e9b70ca2 1948 buffer part;
wolfSSL 0:1239e9b70ca2 1949 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 1950 part.buffer = 0;
wolfSSL 0:1239e9b70ca2 1951
wolfSSL 0:1239e9b70ca2 1952 ret = PemToDer(buff + consumed, sz - consumed, type, &part,
wolfSSL 0:1239e9b70ca2 1953 heap, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 1954 if (ret == 0) {
wolfSSL 0:1239e9b70ca2 1955 gotOne = 1;
wolfSSL 0:1239e9b70ca2 1956 if ( (idx + part.length) > bufferSz) {
wolfSSL 0:1239e9b70ca2 1957 CYASSL_MSG(" Cert Chain bigger than buffer");
wolfSSL 0:1239e9b70ca2 1958 ret = BUFFER_E;
wolfSSL 0:1239e9b70ca2 1959 }
wolfSSL 0:1239e9b70ca2 1960 else {
wolfSSL 0:1239e9b70ca2 1961 c32to24(part.length, &chainBuffer[idx]);
wolfSSL 0:1239e9b70ca2 1962 idx += CERT_HEADER_SZ;
wolfSSL 0:1239e9b70ca2 1963 XMEMCPY(&chainBuffer[idx], part.buffer,part.length);
wolfSSL 0:1239e9b70ca2 1964 idx += part.length;
wolfSSL 0:1239e9b70ca2 1965 consumed += info.consumed;
wolfSSL 0:1239e9b70ca2 1966 if (used)
wolfSSL 0:1239e9b70ca2 1967 *used += info.consumed;
wolfSSL 0:1239e9b70ca2 1968 }
wolfSSL 0:1239e9b70ca2 1969 }
wolfSSL 0:1239e9b70ca2 1970
wolfSSL 0:1239e9b70ca2 1971 XFREE(part.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1972
wolfSSL 0:1239e9b70ca2 1973 if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL 0:1239e9b70ca2 1974 CYASSL_MSG("We got one good PEM so stuff at end ok");
wolfSSL 0:1239e9b70ca2 1975 break;
wolfSSL 0:1239e9b70ca2 1976 }
wolfSSL 0:1239e9b70ca2 1977
wolfSSL 0:1239e9b70ca2 1978 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 1979 CYASSL_MSG(" Error in Cert in Chain");
wolfSSL 0:1239e9b70ca2 1980 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1981 return ret;
wolfSSL 0:1239e9b70ca2 1982 }
wolfSSL 0:1239e9b70ca2 1983 CYASSL_MSG(" Consumed another Cert in Chain");
wolfSSL 0:1239e9b70ca2 1984 }
wolfSSL 0:1239e9b70ca2 1985 CYASSL_MSG("Finished Processing Cert Chain");
wolfSSL 0:1239e9b70ca2 1986
wolfSSL 0:1239e9b70ca2 1987 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 1988 CYASSL_MSG("certChain needs context");
wolfSSL 0:1239e9b70ca2 1989 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1990 }
wolfSSL 0:1239e9b70ca2 1991 ctx->certChain.buffer = (byte*)XMALLOC(idx, heap,
wolfSSL 0:1239e9b70ca2 1992 dynamicType);
wolfSSL 0:1239e9b70ca2 1993 if (ctx->certChain.buffer) {
wolfSSL 0:1239e9b70ca2 1994 ctx->certChain.length = idx;
wolfSSL 0:1239e9b70ca2 1995 XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
wolfSSL 0:1239e9b70ca2 1996 }
wolfSSL 0:1239e9b70ca2 1997 if (dynamicBuffer)
wolfSSL 0:1239e9b70ca2 1998 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 1999 if (ctx->certChain.buffer == NULL) {
wolfSSL 0:1239e9b70ca2 2000 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2001 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 2002 }
wolfSSL 0:1239e9b70ca2 2003 }
wolfSSL 0:1239e9b70ca2 2004 }
wolfSSL 0:1239e9b70ca2 2005 else { /* ASN1 (DER) or RAW (NTRU) */
wolfSSL 0:1239e9b70ca2 2006 der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2007 if (!der.buffer) return MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 2008 XMEMCPY(der.buffer, buff, sz);
wolfSSL 0:1239e9b70ca2 2009 der.length = (word32)sz;
wolfSSL 0:1239e9b70ca2 2010 }
wolfSSL 0:1239e9b70ca2 2011
wolfSSL 0:1239e9b70ca2 2012 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 2013 if (info.set) {
wolfSSL 0:1239e9b70ca2 2014 /* decrypt */
wolfSSL 0:1239e9b70ca2 2015 char password[80];
wolfSSL 0:1239e9b70ca2 2016 int passwordSz;
wolfSSL 0:1239e9b70ca2 2017
wolfSSL 0:1239e9b70ca2 2018 byte key[AES_256_KEY_SIZE];
wolfSSL 0:1239e9b70ca2 2019 byte iv[AES_IV_SIZE];
wolfSSL 0:1239e9b70ca2 2020
wolfSSL 0:1239e9b70ca2 2021 if (!ctx || !ctx->passwd_cb) {
wolfSSL 0:1239e9b70ca2 2022 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2023 return NO_PASSWORD;
wolfSSL 0:1239e9b70ca2 2024 }
wolfSSL 0:1239e9b70ca2 2025
wolfSSL 0:1239e9b70ca2 2026 /* use file's salt for key derivation, hex decode first */
wolfSSL 0:1239e9b70ca2 2027 if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
wolfSSL 0:1239e9b70ca2 2028 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2029 return ASN_INPUT_E;
wolfSSL 0:1239e9b70ca2 2030 }
wolfSSL 0:1239e9b70ca2 2031
wolfSSL 0:1239e9b70ca2 2032 passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL 0:1239e9b70ca2 2033 ctx->userdata);
wolfSSL 0:1239e9b70ca2 2034 if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
wolfSSL 0:1239e9b70ca2 2035 (byte*)password, passwordSz, 1, key, iv)) <= 0) {
wolfSSL 0:1239e9b70ca2 2036 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2037 return ret;
wolfSSL 0:1239e9b70ca2 2038 }
wolfSSL 0:1239e9b70ca2 2039
wolfSSL 0:1239e9b70ca2 2040 if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) {
wolfSSL 0:1239e9b70ca2 2041 Des enc;
wolfSSL 0:1239e9b70ca2 2042
wolfSSL 0:1239e9b70ca2 2043 ret = Des_SetKey(&enc, key, info.iv, DES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2044 if (ret != 0)
wolfSSL 0:1239e9b70ca2 2045 return ret;
wolfSSL 0:1239e9b70ca2 2046
wolfSSL 0:1239e9b70ca2 2047 Des_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
wolfSSL 0:1239e9b70ca2 2048 }
wolfSSL 0:1239e9b70ca2 2049 else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) {
wolfSSL 0:1239e9b70ca2 2050 Des3 enc;
wolfSSL 0:1239e9b70ca2 2051
wolfSSL 0:1239e9b70ca2 2052 ret = Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2053 if (ret != 0)
wolfSSL 0:1239e9b70ca2 2054 return ret;
wolfSSL 0:1239e9b70ca2 2055
wolfSSL 0:1239e9b70ca2 2056 ret = Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
wolfSSL 0:1239e9b70ca2 2057 if (ret != 0)
wolfSSL 0:1239e9b70ca2 2058 return ret;
wolfSSL 0:1239e9b70ca2 2059 }
wolfSSL 0:1239e9b70ca2 2060 else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) {
wolfSSL 0:1239e9b70ca2 2061 Aes enc;
wolfSSL 0:1239e9b70ca2 2062 ret = AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv,
wolfSSL 0:1239e9b70ca2 2063 AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2064 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2065 ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
wolfSSL 0:1239e9b70ca2 2066 }
wolfSSL 0:1239e9b70ca2 2067 else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) {
wolfSSL 0:1239e9b70ca2 2068 Aes enc;
wolfSSL 0:1239e9b70ca2 2069 ret = AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv,
wolfSSL 0:1239e9b70ca2 2070 AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2071 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2072 ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
wolfSSL 0:1239e9b70ca2 2073 }
wolfSSL 0:1239e9b70ca2 2074 else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) {
wolfSSL 0:1239e9b70ca2 2075 Aes enc;
wolfSSL 0:1239e9b70ca2 2076 ret = AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv,
wolfSSL 0:1239e9b70ca2 2077 AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2078 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2079 ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
wolfSSL 0:1239e9b70ca2 2080 }
wolfSSL 0:1239e9b70ca2 2081 else {
wolfSSL 0:1239e9b70ca2 2082 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2083 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2084 }
wolfSSL 0:1239e9b70ca2 2085
wolfSSL 0:1239e9b70ca2 2086 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2087 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2088 return ret;
wolfSSL 0:1239e9b70ca2 2089 }
wolfSSL 0:1239e9b70ca2 2090 }
wolfSSL 0:1239e9b70ca2 2091 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:1239e9b70ca2 2092
wolfSSL 0:1239e9b70ca2 2093 if (type == CA_TYPE) {
wolfSSL 0:1239e9b70ca2 2094 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 2095 CYASSL_MSG("Need context for CA load");
wolfSSL 0:1239e9b70ca2 2096 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2097 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2098 }
wolfSSL 0:1239e9b70ca2 2099 return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer);
wolfSSL 0:1239e9b70ca2 2100 /* takes der over */
wolfSSL 0:1239e9b70ca2 2101 }
wolfSSL 0:1239e9b70ca2 2102 else if (type == CERT_TYPE) {
wolfSSL 0:1239e9b70ca2 2103 if (ssl) {
wolfSSL 0:1239e9b70ca2 2104 if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
wolfSSL 0:1239e9b70ca2 2105 XFREE(ssl->buffers.certificate.buffer, heap,
wolfSSL 0:1239e9b70ca2 2106 dynamicType);
wolfSSL 0:1239e9b70ca2 2107 ssl->buffers.certificate = der;
wolfSSL 0:1239e9b70ca2 2108 ssl->buffers.weOwnCert = 1;
wolfSSL 0:1239e9b70ca2 2109 }
wolfSSL 0:1239e9b70ca2 2110 else if (ctx) {
wolfSSL 0:1239e9b70ca2 2111 if (ctx->certificate.buffer)
wolfSSL 0:1239e9b70ca2 2112 XFREE(ctx->certificate.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2113 ctx->certificate = der; /* takes der over */
wolfSSL 0:1239e9b70ca2 2114 }
wolfSSL 0:1239e9b70ca2 2115 }
wolfSSL 0:1239e9b70ca2 2116 else if (type == PRIVATEKEY_TYPE) {
wolfSSL 0:1239e9b70ca2 2117 if (ssl) {
wolfSSL 0:1239e9b70ca2 2118 if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
wolfSSL 0:1239e9b70ca2 2119 XFREE(ssl->buffers.key.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2120 ssl->buffers.key = der;
wolfSSL 0:1239e9b70ca2 2121 ssl->buffers.weOwnKey = 1;
wolfSSL 0:1239e9b70ca2 2122 }
wolfSSL 0:1239e9b70ca2 2123 else if (ctx) {
wolfSSL 0:1239e9b70ca2 2124 if (ctx->privateKey.buffer)
wolfSSL 0:1239e9b70ca2 2125 XFREE(ctx->privateKey.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2126 ctx->privateKey = der; /* takes der over */
wolfSSL 0:1239e9b70ca2 2127 }
wolfSSL 0:1239e9b70ca2 2128 }
wolfSSL 0:1239e9b70ca2 2129 else {
wolfSSL 0:1239e9b70ca2 2130 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2131 return SSL_BAD_CERTTYPE;
wolfSSL 0:1239e9b70ca2 2132 }
wolfSSL 0:1239e9b70ca2 2133
wolfSSL 0:1239e9b70ca2 2134 if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) {
wolfSSL 0:1239e9b70ca2 2135 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 2136 if (!eccKey) {
wolfSSL 0:1239e9b70ca2 2137 /* make sure RSA key can be used */
wolfSSL 0:1239e9b70ca2 2138 RsaKey key;
wolfSSL 0:1239e9b70ca2 2139 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 2140
wolfSSL 0:1239e9b70ca2 2141 ret = InitRsaKey(&key, 0);
wolfSSL 0:1239e9b70ca2 2142 if (ret != 0) return ret;
wolfSSL 0:1239e9b70ca2 2143 if (RsaPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
wolfSSL 0:1239e9b70ca2 2144 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 2145 /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
wolfSSL 0:1239e9b70ca2 2146 eccKey = 1; /* so try it out */
wolfSSL 0:1239e9b70ca2 2147 #endif
wolfSSL 0:1239e9b70ca2 2148 if (!eccKey) {
wolfSSL 0:1239e9b70ca2 2149 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 2150 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2151 }
wolfSSL 0:1239e9b70ca2 2152 } else {
wolfSSL 0:1239e9b70ca2 2153 rsaKey = 1;
wolfSSL 0:1239e9b70ca2 2154 (void)rsaKey; /* for no ecc builds */
wolfSSL 0:1239e9b70ca2 2155 }
wolfSSL 0:1239e9b70ca2 2156 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 2157 }
wolfSSL 0:1239e9b70ca2 2158 #endif
wolfSSL 0:1239e9b70ca2 2159 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 2160 if (!rsaKey) {
wolfSSL 0:1239e9b70ca2 2161 /* make sure ECC key can be used */
wolfSSL 0:1239e9b70ca2 2162 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 2163 ecc_key key;
wolfSSL 0:1239e9b70ca2 2164
wolfSSL 0:1239e9b70ca2 2165 ecc_init(&key);
wolfSSL 0:1239e9b70ca2 2166 if (EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
wolfSSL 0:1239e9b70ca2 2167 ecc_free(&key);
wolfSSL 0:1239e9b70ca2 2168 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2169 }
wolfSSL 0:1239e9b70ca2 2170 ecc_free(&key);
wolfSSL 0:1239e9b70ca2 2171 eccKey = 1;
wolfSSL 0:1239e9b70ca2 2172 if (ctx)
wolfSSL 0:1239e9b70ca2 2173 ctx->haveStaticECC = 1;
wolfSSL 0:1239e9b70ca2 2174 if (ssl)
wolfSSL 0:1239e9b70ca2 2175 ssl->options.haveStaticECC = 1;
wolfSSL 0:1239e9b70ca2 2176 }
wolfSSL 0:1239e9b70ca2 2177 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 2178 }
wolfSSL 0:1239e9b70ca2 2179 else if (type == CERT_TYPE) {
wolfSSL 0:1239e9b70ca2 2180 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 2181
wolfSSL 0:1239e9b70ca2 2182 CYASSL_MSG("Checking cert signature type");
wolfSSL 0:1239e9b70ca2 2183 InitDecodedCert(&cert, der.buffer, der.length, heap);
wolfSSL 0:1239e9b70ca2 2184
wolfSSL 0:1239e9b70ca2 2185 if (DecodeToKey(&cert, 0) < 0) {
wolfSSL 0:1239e9b70ca2 2186 CYASSL_MSG("Decode to key failed");
wolfSSL 0:1239e9b70ca2 2187 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2188 }
wolfSSL 0:1239e9b70ca2 2189 switch (cert.signatureOID) {
wolfSSL 0:1239e9b70ca2 2190 case CTC_SHAwECDSA:
wolfSSL 0:1239e9b70ca2 2191 case CTC_SHA256wECDSA:
wolfSSL 0:1239e9b70ca2 2192 case CTC_SHA384wECDSA:
wolfSSL 0:1239e9b70ca2 2193 case CTC_SHA512wECDSA:
wolfSSL 0:1239e9b70ca2 2194 CYASSL_MSG("ECDSA cert signature");
wolfSSL 0:1239e9b70ca2 2195 if (ctx)
wolfSSL 0:1239e9b70ca2 2196 ctx->haveECDSAsig = 1;
wolfSSL 0:1239e9b70ca2 2197 if (ssl)
wolfSSL 0:1239e9b70ca2 2198 ssl->options.haveECDSAsig = 1;
wolfSSL 0:1239e9b70ca2 2199 break;
wolfSSL 0:1239e9b70ca2 2200 default:
wolfSSL 0:1239e9b70ca2 2201 CYASSL_MSG("Not ECDSA cert signature");
wolfSSL 0:1239e9b70ca2 2202 break;
wolfSSL 0:1239e9b70ca2 2203 }
wolfSSL 0:1239e9b70ca2 2204
wolfSSL 0:1239e9b70ca2 2205 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 2206 if (ctx)
wolfSSL 0:1239e9b70ca2 2207 ctx->pkCurveOID = cert.pkCurveOID;
wolfSSL 0:1239e9b70ca2 2208 if (ssl)
wolfSSL 0:1239e9b70ca2 2209 ssl->pkCurveOID = cert.pkCurveOID;
wolfSSL 0:1239e9b70ca2 2210 #endif
wolfSSL 0:1239e9b70ca2 2211
wolfSSL 0:1239e9b70ca2 2212 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 2213 }
wolfSSL 0:1239e9b70ca2 2214
wolfSSL 0:1239e9b70ca2 2215 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2216 }
wolfSSL 0:1239e9b70ca2 2217
wolfSSL 0:1239e9b70ca2 2218
wolfSSL 0:1239e9b70ca2 2219
wolfSSL 0:1239e9b70ca2 2220
wolfSSL 0:1239e9b70ca2 2221 /* CA PEM file for verification, may have multiple/chain certs to process */
wolfSSL 0:1239e9b70ca2 2222 static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
wolfSSL 0:1239e9b70ca2 2223 long sz, int format, int type, CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 2224 {
wolfSSL 0:1239e9b70ca2 2225 long used = 0;
wolfSSL 0:1239e9b70ca2 2226 int ret = 0;
wolfSSL 0:1239e9b70ca2 2227 int gotOne = 0;
wolfSSL 0:1239e9b70ca2 2228
wolfSSL 0:1239e9b70ca2 2229 CYASSL_MSG("Processing CA PEM file");
wolfSSL 0:1239e9b70ca2 2230 while (used < sz) {
wolfSSL 0:1239e9b70ca2 2231 long consumed = 0;
wolfSSL 0:1239e9b70ca2 2232
wolfSSL 0:1239e9b70ca2 2233 ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
wolfSSL 0:1239e9b70ca2 2234 &consumed, 0);
wolfSSL 0:1239e9b70ca2 2235
wolfSSL 0:1239e9b70ca2 2236 if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL 0:1239e9b70ca2 2237 CYASSL_MSG("We got one good PEM file so stuff at end ok");
wolfSSL 0:1239e9b70ca2 2238 ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2239 break;
wolfSSL 0:1239e9b70ca2 2240 }
wolfSSL 0:1239e9b70ca2 2241
wolfSSL 0:1239e9b70ca2 2242 if (ret < 0)
wolfSSL 0:1239e9b70ca2 2243 break;
wolfSSL 0:1239e9b70ca2 2244
wolfSSL 0:1239e9b70ca2 2245 CYASSL_MSG(" Processed a CA");
wolfSSL 0:1239e9b70ca2 2246 gotOne = 1;
wolfSSL 0:1239e9b70ca2 2247 used += consumed;
wolfSSL 0:1239e9b70ca2 2248 }
wolfSSL 0:1239e9b70ca2 2249
wolfSSL 0:1239e9b70ca2 2250 return ret;
wolfSSL 0:1239e9b70ca2 2251 }
wolfSSL 0:1239e9b70ca2 2252
wolfSSL 0:1239e9b70ca2 2253
wolfSSL 0:1239e9b70ca2 2254 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 0:1239e9b70ca2 2255 int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
wolfSSL 0:1239e9b70ca2 2256 long sz, int format)
wolfSSL 0:1239e9b70ca2 2257 {
wolfSSL 0:1239e9b70ca2 2258 int ret = 0;
wolfSSL 0:1239e9b70ca2 2259 int eccKey = 0; /* not used */
wolfSSL 0:1239e9b70ca2 2260
wolfSSL 0:1239e9b70ca2 2261 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 2262 buffer der;
wolfSSL 0:1239e9b70ca2 2263
wolfSSL 0:1239e9b70ca2 2264 CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
wolfSSL 0:1239e9b70ca2 2265
wolfSSL 0:1239e9b70ca2 2266 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 2267 der.length = 0;
wolfSSL 0:1239e9b70ca2 2268
wolfSSL 0:1239e9b70ca2 2269 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:1239e9b70ca2 2270 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 2271
wolfSSL 0:1239e9b70ca2 2272 info.set = 0;
wolfSSL 0:1239e9b70ca2 2273 info.ctx = NULL;
wolfSSL 0:1239e9b70ca2 2274 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 2275 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 2276 InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
wolfSSL 0:1239e9b70ca2 2277 }
wolfSSL 0:1239e9b70ca2 2278 else
wolfSSL 0:1239e9b70ca2 2279 InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap);
wolfSSL 0:1239e9b70ca2 2280
wolfSSL 0:1239e9b70ca2 2281 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2282 ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
wolfSSL 0:1239e9b70ca2 2283 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 2284 if (ret == 0 && cm->crlEnabled)
wolfSSL 0:1239e9b70ca2 2285 ret = CheckCertCRL(cm->crl, &cert);
wolfSSL 0:1239e9b70ca2 2286 #endif
wolfSSL 0:1239e9b70ca2 2287
wolfSSL 0:1239e9b70ca2 2288 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 2289 XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 2290
wolfSSL 0:1239e9b70ca2 2291 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2292 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2293 return ret;
wolfSSL 0:1239e9b70ca2 2294 }
wolfSSL 0:1239e9b70ca2 2295
wolfSSL 0:1239e9b70ca2 2296
wolfSSL 0:1239e9b70ca2 2297 #ifndef NO_FILESYSTEM
wolfSSL 0:1239e9b70ca2 2298
wolfSSL 0:1239e9b70ca2 2299 #if defined(CYASSL_MDK_ARM)
wolfSSL 0:1239e9b70ca2 2300 extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
wolfSSL 0:1239e9b70ca2 2301 #define XFOPEN CyaSSL_fopen
wolfSSL 0:1239e9b70ca2 2302 #else
wolfSSL 0:1239e9b70ca2 2303 #define XFOPEN fopen
wolfSSL 0:1239e9b70ca2 2304 #endif
wolfSSL 0:1239e9b70ca2 2305
wolfSSL 0:1239e9b70ca2 2306 /* process a file with name fname into ctx of format and type
wolfSSL 0:1239e9b70ca2 2307 userChain specifies a user certificate chain to pass during handshake */
wolfSSL 0:1239e9b70ca2 2308 int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
wolfSSL 0:1239e9b70ca2 2309 CYASSL* ssl, int userChain, CYASSL_CRL* crl)
wolfSSL 0:1239e9b70ca2 2310 {
wolfSSL 0:1239e9b70ca2 2311 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 2312 byte* myBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 2313 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 2314 int ret;
wolfSSL 0:1239e9b70ca2 2315 long sz = 0;
wolfSSL 0:1239e9b70ca2 2316 XFILE file;
wolfSSL 0:1239e9b70ca2 2317 void* heapHint = ctx ? ctx->heap : NULL;
wolfSSL 0:1239e9b70ca2 2318
wolfSSL 0:1239e9b70ca2 2319 (void)crl;
wolfSSL 0:1239e9b70ca2 2320 (void)heapHint;
wolfSSL 0:1239e9b70ca2 2321
wolfSSL 0:1239e9b70ca2 2322 if (fname == NULL) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2323
wolfSSL 0:1239e9b70ca2 2324 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 2325 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2326 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 2327 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 2328 XREWIND(file);
wolfSSL 0:1239e9b70ca2 2329
wolfSSL 0:1239e9b70ca2 2330 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 2331 CYASSL_MSG("Getting dynamic buffer");
wolfSSL 0:1239e9b70ca2 2332 myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 2333 if (myBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 2334 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2335 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2336 }
wolfSSL 0:1239e9b70ca2 2337 dynamic = 1;
wolfSSL 0:1239e9b70ca2 2338 }
wolfSSL 0:1239e9b70ca2 2339 else if (sz < 0) {
wolfSSL 0:1239e9b70ca2 2340 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2341 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2342 }
wolfSSL 0:1239e9b70ca2 2343
wolfSSL 0:1239e9b70ca2 2344 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 0:1239e9b70ca2 2345 ret = SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2346 else {
wolfSSL 0:1239e9b70ca2 2347 if (type == CA_TYPE && format == SSL_FILETYPE_PEM)
wolfSSL 0:1239e9b70ca2 2348 ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
wolfSSL 0:1239e9b70ca2 2349 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 2350 else if (type == CRL_TYPE)
wolfSSL 0:1239e9b70ca2 2351 ret = BufferLoadCRL(crl, myBuffer, sz, format);
wolfSSL 0:1239e9b70ca2 2352 #endif
wolfSSL 0:1239e9b70ca2 2353 else
wolfSSL 0:1239e9b70ca2 2354 ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
wolfSSL 0:1239e9b70ca2 2355 userChain);
wolfSSL 0:1239e9b70ca2 2356 }
wolfSSL 0:1239e9b70ca2 2357
wolfSSL 0:1239e9b70ca2 2358 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2359 if (dynamic) XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 2360
wolfSSL 0:1239e9b70ca2 2361 return ret;
wolfSSL 0:1239e9b70ca2 2362 }
wolfSSL 0:1239e9b70ca2 2363
wolfSSL 0:1239e9b70ca2 2364
wolfSSL 0:1239e9b70ca2 2365 /* loads file then loads each file in path, no c_rehash */
wolfSSL 0:1239e9b70ca2 2366 int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
wolfSSL 0:1239e9b70ca2 2367 const char* path)
wolfSSL 0:1239e9b70ca2 2368 {
wolfSSL 0:1239e9b70ca2 2369 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2370
wolfSSL 0:1239e9b70ca2 2371 CYASSL_ENTER("CyaSSL_CTX_load_verify_locations");
wolfSSL 0:1239e9b70ca2 2372 (void)path;
wolfSSL 0:1239e9b70ca2 2373
wolfSSL 0:1239e9b70ca2 2374 if (ctx == NULL || (file == NULL && path == NULL) )
wolfSSL 0:1239e9b70ca2 2375 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2376
wolfSSL 0:1239e9b70ca2 2377 if (file)
wolfSSL 0:1239e9b70ca2 2378 ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
wolfSSL 0:1239e9b70ca2 2379
wolfSSL 0:1239e9b70ca2 2380 if (ret == SSL_SUCCESS && path) {
wolfSSL 0:1239e9b70ca2 2381 /* try to load each regular file in path */
wolfSSL 0:1239e9b70ca2 2382 #ifdef USE_WINDOWS_API
wolfSSL 0:1239e9b70ca2 2383 WIN32_FIND_DATAA FindFileData;
wolfSSL 0:1239e9b70ca2 2384 HANDLE hFind;
wolfSSL 0:1239e9b70ca2 2385 char name[MAX_FILENAME_SZ];
wolfSSL 0:1239e9b70ca2 2386
wolfSSL 0:1239e9b70ca2 2387 XMEMSET(name, 0, sizeof(name));
wolfSSL 0:1239e9b70ca2 2388 XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
wolfSSL 0:1239e9b70ca2 2389 XSTRNCAT(name, "\\*", 3);
wolfSSL 0:1239e9b70ca2 2390
wolfSSL 0:1239e9b70ca2 2391 hFind = FindFirstFileA(name, &FindFileData);
wolfSSL 0:1239e9b70ca2 2392 if (hFind == INVALID_HANDLE_VALUE) {
wolfSSL 0:1239e9b70ca2 2393 CYASSL_MSG("FindFirstFile for path verify locations failed");
wolfSSL 0:1239e9b70ca2 2394 return BAD_PATH_ERROR;
wolfSSL 0:1239e9b70ca2 2395 }
wolfSSL 0:1239e9b70ca2 2396
wolfSSL 0:1239e9b70ca2 2397 do {
wolfSSL 0:1239e9b70ca2 2398 if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
wolfSSL 0:1239e9b70ca2 2399 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3);
wolfSSL 0:1239e9b70ca2 2400 XSTRNCAT(name, "\\", 2);
wolfSSL 0:1239e9b70ca2 2401 XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
wolfSSL 0:1239e9b70ca2 2402
wolfSSL 0:1239e9b70ca2 2403 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
wolfSSL 0:1239e9b70ca2 2404 NULL);
wolfSSL 0:1239e9b70ca2 2405 }
wolfSSL 0:1239e9b70ca2 2406 } while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
wolfSSL 0:1239e9b70ca2 2407
wolfSSL 0:1239e9b70ca2 2408 FindClose(hFind);
wolfSSL 0:1239e9b70ca2 2409 #elif !defined(NO_CYASSL_DIR)
wolfSSL 0:1239e9b70ca2 2410 struct dirent* entry;
wolfSSL 0:1239e9b70ca2 2411 DIR* dir = opendir(path);
wolfSSL 0:1239e9b70ca2 2412
wolfSSL 0:1239e9b70ca2 2413 if (dir == NULL) {
wolfSSL 0:1239e9b70ca2 2414 CYASSL_MSG("opendir path verify locations failed");
wolfSSL 0:1239e9b70ca2 2415 return BAD_PATH_ERROR;
wolfSSL 0:1239e9b70ca2 2416 }
wolfSSL 0:1239e9b70ca2 2417 while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
wolfSSL 0:1239e9b70ca2 2418 char name[MAX_FILENAME_SZ];
wolfSSL 0:1239e9b70ca2 2419 struct stat s;
wolfSSL 0:1239e9b70ca2 2420
wolfSSL 0:1239e9b70ca2 2421 XMEMSET(name, 0, sizeof(name));
wolfSSL 0:1239e9b70ca2 2422 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
wolfSSL 0:1239e9b70ca2 2423 XSTRNCAT(name, "/", 1);
wolfSSL 0:1239e9b70ca2 2424 XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
wolfSSL 0:1239e9b70ca2 2425
wolfSSL 0:1239e9b70ca2 2426 if (stat(name, &s) != 0) {
wolfSSL 0:1239e9b70ca2 2427 CYASSL_MSG("stat on name failed");
wolfSSL 0:1239e9b70ca2 2428 closedir(dir);
wolfSSL 0:1239e9b70ca2 2429 return BAD_PATH_ERROR;
wolfSSL 0:1239e9b70ca2 2430 }
wolfSSL 0:1239e9b70ca2 2431 if (s.st_mode & S_IFREG) {
wolfSSL 0:1239e9b70ca2 2432 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
wolfSSL 0:1239e9b70ca2 2433 NULL);
wolfSSL 0:1239e9b70ca2 2434 }
wolfSSL 0:1239e9b70ca2 2435 }
wolfSSL 0:1239e9b70ca2 2436 closedir(dir);
wolfSSL 0:1239e9b70ca2 2437 #endif
wolfSSL 0:1239e9b70ca2 2438 }
wolfSSL 0:1239e9b70ca2 2439
wolfSSL 0:1239e9b70ca2 2440 return ret;
wolfSSL 0:1239e9b70ca2 2441 }
wolfSSL 0:1239e9b70ca2 2442
wolfSSL 0:1239e9b70ca2 2443
wolfSSL 0:1239e9b70ca2 2444 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 0:1239e9b70ca2 2445 int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
wolfSSL 0:1239e9b70ca2 2446 int format)
wolfSSL 0:1239e9b70ca2 2447 {
wolfSSL 0:1239e9b70ca2 2448 int ret = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 2449 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 2450 byte* myBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 2451 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 2452 long sz = 0;
wolfSSL 0:1239e9b70ca2 2453 XFILE file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 2454
wolfSSL 0:1239e9b70ca2 2455 CYASSL_ENTER("CyaSSL_CertManagerVerify");
wolfSSL 0:1239e9b70ca2 2456
wolfSSL 0:1239e9b70ca2 2457 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2458 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 2459 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 2460 XREWIND(file);
wolfSSL 0:1239e9b70ca2 2461
wolfSSL 0:1239e9b70ca2 2462 if (sz > MAX_CYASSL_FILE_SIZE || sz < 0) {
wolfSSL 0:1239e9b70ca2 2463 CYASSL_MSG("CertManagerVerify file bad size");
wolfSSL 0:1239e9b70ca2 2464 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2465 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2466 }
wolfSSL 0:1239e9b70ca2 2467
wolfSSL 0:1239e9b70ca2 2468 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 2469 CYASSL_MSG("Getting dynamic buffer");
wolfSSL 0:1239e9b70ca2 2470 myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 2471 if (myBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 2472 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2473 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2474 }
wolfSSL 0:1239e9b70ca2 2475 dynamic = 1;
wolfSSL 0:1239e9b70ca2 2476 }
wolfSSL 0:1239e9b70ca2 2477
wolfSSL 0:1239e9b70ca2 2478 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 0:1239e9b70ca2 2479 ret = SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2480 else
wolfSSL 0:1239e9b70ca2 2481 ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
wolfSSL 0:1239e9b70ca2 2482
wolfSSL 0:1239e9b70ca2 2483 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2484 if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 2485
wolfSSL 0:1239e9b70ca2 2486 return ret;
wolfSSL 0:1239e9b70ca2 2487 }
wolfSSL 0:1239e9b70ca2 2488
wolfSSL 0:1239e9b70ca2 2489
wolfSSL 0:1239e9b70ca2 2490 static INLINE CYASSL_METHOD* cm_pick_method(void)
wolfSSL 0:1239e9b70ca2 2491 {
wolfSSL 0:1239e9b70ca2 2492 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 2493 #ifdef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 2494 return CyaTLSv1_2_client_method();
wolfSSL 0:1239e9b70ca2 2495 #else
wolfSSL 0:1239e9b70ca2 2496 return CyaSSLv3_client_method();
wolfSSL 0:1239e9b70ca2 2497 #endif
wolfSSL 0:1239e9b70ca2 2498 #elif !defined(NO_CYASSL_SERVER)
wolfSSL 0:1239e9b70ca2 2499 #ifdef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 2500 return CyaTLSv1_2_server_method();
wolfSSL 0:1239e9b70ca2 2501 #else
wolfSSL 0:1239e9b70ca2 2502 return CyaSSLv3_server_method();
wolfSSL 0:1239e9b70ca2 2503 #endif
wolfSSL 0:1239e9b70ca2 2504 #else
wolfSSL 0:1239e9b70ca2 2505 return NULL;
wolfSSL 0:1239e9b70ca2 2506 #endif
wolfSSL 0:1239e9b70ca2 2507 }
wolfSSL 0:1239e9b70ca2 2508
wolfSSL 0:1239e9b70ca2 2509
wolfSSL 0:1239e9b70ca2 2510 /* like load verify locations, 1 for success, < 0 for error */
wolfSSL 0:1239e9b70ca2 2511 int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
wolfSSL 0:1239e9b70ca2 2512 const char* path)
wolfSSL 0:1239e9b70ca2 2513 {
wolfSSL 0:1239e9b70ca2 2514 int ret = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 2515 CYASSL_CTX* tmp;
wolfSSL 0:1239e9b70ca2 2516
wolfSSL 0:1239e9b70ca2 2517 CYASSL_ENTER("CyaSSL_CertManagerLoadCA");
wolfSSL 0:1239e9b70ca2 2518
wolfSSL 0:1239e9b70ca2 2519 if (cm == NULL) {
wolfSSL 0:1239e9b70ca2 2520 CYASSL_MSG("No CertManager error");
wolfSSL 0:1239e9b70ca2 2521 return ret;
wolfSSL 0:1239e9b70ca2 2522 }
wolfSSL 0:1239e9b70ca2 2523 tmp = CyaSSL_CTX_new(cm_pick_method());
wolfSSL 0:1239e9b70ca2 2524
wolfSSL 0:1239e9b70ca2 2525 if (tmp == NULL) {
wolfSSL 0:1239e9b70ca2 2526 CYASSL_MSG("CTX new failed");
wolfSSL 0:1239e9b70ca2 2527 return ret;
wolfSSL 0:1239e9b70ca2 2528 }
wolfSSL 0:1239e9b70ca2 2529
wolfSSL 0:1239e9b70ca2 2530 /* for tmp use */
wolfSSL 0:1239e9b70ca2 2531 CyaSSL_CertManagerFree(tmp->cm);
wolfSSL 0:1239e9b70ca2 2532 tmp->cm = cm;
wolfSSL 0:1239e9b70ca2 2533
wolfSSL 0:1239e9b70ca2 2534 ret = CyaSSL_CTX_load_verify_locations(tmp, file, path);
wolfSSL 0:1239e9b70ca2 2535
wolfSSL 0:1239e9b70ca2 2536 /* don't loose our good one */
wolfSSL 0:1239e9b70ca2 2537 tmp->cm = NULL;
wolfSSL 0:1239e9b70ca2 2538 CyaSSL_CTX_free(tmp);
wolfSSL 0:1239e9b70ca2 2539
wolfSSL 0:1239e9b70ca2 2540 return ret;
wolfSSL 0:1239e9b70ca2 2541 }
wolfSSL 0:1239e9b70ca2 2542
wolfSSL 0:1239e9b70ca2 2543
wolfSSL 0:1239e9b70ca2 2544
wolfSSL 0:1239e9b70ca2 2545 /* turn on CRL if off and compiled in, set options */
wolfSSL 0:1239e9b70ca2 2546 int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
wolfSSL 0:1239e9b70ca2 2547 {
wolfSSL 0:1239e9b70ca2 2548 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2549
wolfSSL 0:1239e9b70ca2 2550 (void)options;
wolfSSL 0:1239e9b70ca2 2551
wolfSSL 0:1239e9b70ca2 2552 CYASSL_ENTER("CyaSSL_CertManagerEnableCRL");
wolfSSL 0:1239e9b70ca2 2553 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2554 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2555
wolfSSL 0:1239e9b70ca2 2556 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 2557 if (cm->crl == NULL) {
wolfSSL 0:1239e9b70ca2 2558 cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap,
wolfSSL 0:1239e9b70ca2 2559 DYNAMIC_TYPE_CRL);
wolfSSL 0:1239e9b70ca2 2560 if (cm->crl == NULL)
wolfSSL 0:1239e9b70ca2 2561 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 2562
wolfSSL 0:1239e9b70ca2 2563 if (InitCRL(cm->crl, cm) != 0) {
wolfSSL 0:1239e9b70ca2 2564 CYASSL_MSG("Init CRL failed");
wolfSSL 0:1239e9b70ca2 2565 FreeCRL(cm->crl, 1);
wolfSSL 0:1239e9b70ca2 2566 cm->crl = NULL;
wolfSSL 0:1239e9b70ca2 2567 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2568 }
wolfSSL 0:1239e9b70ca2 2569 }
wolfSSL 0:1239e9b70ca2 2570 cm->crlEnabled = 1;
wolfSSL 0:1239e9b70ca2 2571 if (options & CYASSL_CRL_CHECKALL)
wolfSSL 0:1239e9b70ca2 2572 cm->crlCheckAll = 1;
wolfSSL 0:1239e9b70ca2 2573 #else
wolfSSL 0:1239e9b70ca2 2574 ret = NOT_COMPILED_IN;
wolfSSL 0:1239e9b70ca2 2575 #endif
wolfSSL 0:1239e9b70ca2 2576
wolfSSL 0:1239e9b70ca2 2577 return ret;
wolfSSL 0:1239e9b70ca2 2578 }
wolfSSL 0:1239e9b70ca2 2579
wolfSSL 0:1239e9b70ca2 2580
wolfSSL 0:1239e9b70ca2 2581 int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 2582 {
wolfSSL 0:1239e9b70ca2 2583 CYASSL_ENTER("CyaSSL_CertManagerDisableCRL");
wolfSSL 0:1239e9b70ca2 2584 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2585 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2586
wolfSSL 0:1239e9b70ca2 2587 cm->crlEnabled = 0;
wolfSSL 0:1239e9b70ca2 2588
wolfSSL 0:1239e9b70ca2 2589 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2590 }
wolfSSL 0:1239e9b70ca2 2591
wolfSSL 0:1239e9b70ca2 2592
wolfSSL 0:1239e9b70ca2 2593 /* turn on OCSP if off and compiled in, set options */
wolfSSL 0:1239e9b70ca2 2594 int CyaSSL_CertManagerEnableOCSP(CYASSL_CERT_MANAGER* cm, int options)
wolfSSL 0:1239e9b70ca2 2595 {
wolfSSL 0:1239e9b70ca2 2596 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2597
wolfSSL 0:1239e9b70ca2 2598 (void)options;
wolfSSL 0:1239e9b70ca2 2599
wolfSSL 0:1239e9b70ca2 2600 CYASSL_ENTER("CyaSSL_CertManagerEnableOCSP");
wolfSSL 0:1239e9b70ca2 2601 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2602 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2603
wolfSSL 0:1239e9b70ca2 2604 #ifdef HAVE_OCSP
wolfSSL 0:1239e9b70ca2 2605 if (cm->ocsp == NULL) {
wolfSSL 0:1239e9b70ca2 2606 cm->ocsp = (CYASSL_OCSP*)XMALLOC(sizeof(CYASSL_OCSP), cm->heap,
wolfSSL 0:1239e9b70ca2 2607 DYNAMIC_TYPE_OCSP);
wolfSSL 0:1239e9b70ca2 2608 if (cm->ocsp == NULL)
wolfSSL 0:1239e9b70ca2 2609 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 2610
wolfSSL 0:1239e9b70ca2 2611 if (InitOCSP(cm->ocsp, cm) != 0) {
wolfSSL 0:1239e9b70ca2 2612 CYASSL_MSG("Init OCSP failed");
wolfSSL 0:1239e9b70ca2 2613 FreeOCSP(cm->ocsp, 1);
wolfSSL 0:1239e9b70ca2 2614 cm->ocsp = NULL;
wolfSSL 0:1239e9b70ca2 2615 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2616 }
wolfSSL 0:1239e9b70ca2 2617 }
wolfSSL 0:1239e9b70ca2 2618 cm->ocspEnabled = 1;
wolfSSL 0:1239e9b70ca2 2619 if (options & CYASSL_OCSP_URL_OVERRIDE)
wolfSSL 0:1239e9b70ca2 2620 cm->ocspUseOverrideURL = 1;
wolfSSL 0:1239e9b70ca2 2621 if (options & CYASSL_OCSP_NO_NONCE)
wolfSSL 0:1239e9b70ca2 2622 cm->ocspSendNonce = 0;
wolfSSL 0:1239e9b70ca2 2623 else
wolfSSL 0:1239e9b70ca2 2624 cm->ocspSendNonce = 1;
wolfSSL 0:1239e9b70ca2 2625 #ifndef CYASSL_USER_IO
wolfSSL 0:1239e9b70ca2 2626 cm->ocspIOCb = EmbedOcspLookup;
wolfSSL 0:1239e9b70ca2 2627 cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL 0:1239e9b70ca2 2628 #endif /* CYASSL_USER_IO */
wolfSSL 0:1239e9b70ca2 2629 #else
wolfSSL 0:1239e9b70ca2 2630 ret = NOT_COMPILED_IN;
wolfSSL 0:1239e9b70ca2 2631 #endif
wolfSSL 0:1239e9b70ca2 2632
wolfSSL 0:1239e9b70ca2 2633 return ret;
wolfSSL 0:1239e9b70ca2 2634 }
wolfSSL 0:1239e9b70ca2 2635
wolfSSL 0:1239e9b70ca2 2636
wolfSSL 0:1239e9b70ca2 2637 int CyaSSL_CertManagerDisableOCSP(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 2638 {
wolfSSL 0:1239e9b70ca2 2639 CYASSL_ENTER("CyaSSL_CertManagerDisableOCSP");
wolfSSL 0:1239e9b70ca2 2640 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2641 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2642
wolfSSL 0:1239e9b70ca2 2643 cm->ocspEnabled = 0;
wolfSSL 0:1239e9b70ca2 2644
wolfSSL 0:1239e9b70ca2 2645 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2646 }
wolfSSL 0:1239e9b70ca2 2647
wolfSSL 0:1239e9b70ca2 2648
wolfSSL 0:1239e9b70ca2 2649 int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 2650 {
wolfSSL 0:1239e9b70ca2 2651 /* TODO: check private against public for RSA match */
wolfSSL 0:1239e9b70ca2 2652 (void)ctx;
wolfSSL 0:1239e9b70ca2 2653 CYASSL_ENTER("SSL_CTX_check_private_key");
wolfSSL 0:1239e9b70ca2 2654 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2655 }
wolfSSL 0:1239e9b70ca2 2656
wolfSSL 0:1239e9b70ca2 2657
wolfSSL 0:1239e9b70ca2 2658 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 2659
wolfSSL 0:1239e9b70ca2 2660
wolfSSL 0:1239e9b70ca2 2661 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 0:1239e9b70ca2 2662 int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 0:1239e9b70ca2 2663 {
wolfSSL 0:1239e9b70ca2 2664 int ret;
wolfSSL 0:1239e9b70ca2 2665 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 2666
wolfSSL 0:1239e9b70ca2 2667 CYASSL_ENTER("CyaSSL_CertManagerCheckCRL");
wolfSSL 0:1239e9b70ca2 2668
wolfSSL 0:1239e9b70ca2 2669 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2670 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2671
wolfSSL 0:1239e9b70ca2 2672 if (cm->crlEnabled == 0)
wolfSSL 0:1239e9b70ca2 2673 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2674
wolfSSL 0:1239e9b70ca2 2675 InitDecodedCert(&cert, der, sz, NULL);
wolfSSL 0:1239e9b70ca2 2676
wolfSSL 0:1239e9b70ca2 2677 ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
wolfSSL 0:1239e9b70ca2 2678 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2679 CYASSL_MSG("ParseCert failed");
wolfSSL 0:1239e9b70ca2 2680 return ret;
wolfSSL 0:1239e9b70ca2 2681 }
wolfSSL 0:1239e9b70ca2 2682 else {
wolfSSL 0:1239e9b70ca2 2683 ret = CheckCertCRL(cm->crl, &cert);
wolfSSL 0:1239e9b70ca2 2684 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2685 CYASSL_MSG("CheckCertCRL failed");
wolfSSL 0:1239e9b70ca2 2686 }
wolfSSL 0:1239e9b70ca2 2687 }
wolfSSL 0:1239e9b70ca2 2688
wolfSSL 0:1239e9b70ca2 2689 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 2690
wolfSSL 0:1239e9b70ca2 2691 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2692 return SSL_SUCCESS; /* convert */
wolfSSL 0:1239e9b70ca2 2693
wolfSSL 0:1239e9b70ca2 2694 return ret;
wolfSSL 0:1239e9b70ca2 2695 }
wolfSSL 0:1239e9b70ca2 2696
wolfSSL 0:1239e9b70ca2 2697
wolfSSL 0:1239e9b70ca2 2698 int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
wolfSSL 0:1239e9b70ca2 2699 {
wolfSSL 0:1239e9b70ca2 2700 CYASSL_ENTER("CyaSSL_CertManagerSetCRL_Cb");
wolfSSL 0:1239e9b70ca2 2701 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2702 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2703
wolfSSL 0:1239e9b70ca2 2704 cm->cbMissingCRL = cb;
wolfSSL 0:1239e9b70ca2 2705
wolfSSL 0:1239e9b70ca2 2706 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2707 }
wolfSSL 0:1239e9b70ca2 2708
wolfSSL 0:1239e9b70ca2 2709
wolfSSL 0:1239e9b70ca2 2710 int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
wolfSSL 0:1239e9b70ca2 2711 int type, int monitor)
wolfSSL 0:1239e9b70ca2 2712 {
wolfSSL 0:1239e9b70ca2 2713 CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
wolfSSL 0:1239e9b70ca2 2714 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2715 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2716
wolfSSL 0:1239e9b70ca2 2717 if (cm->crl == NULL) {
wolfSSL 0:1239e9b70ca2 2718 if (CyaSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 2719 CYASSL_MSG("Enable CRL failed");
wolfSSL 0:1239e9b70ca2 2720 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 2721 }
wolfSSL 0:1239e9b70ca2 2722 }
wolfSSL 0:1239e9b70ca2 2723
wolfSSL 0:1239e9b70ca2 2724 return LoadCRL(cm->crl, path, type, monitor);
wolfSSL 0:1239e9b70ca2 2725 }
wolfSSL 0:1239e9b70ca2 2726
wolfSSL 0:1239e9b70ca2 2727
wolfSSL 0:1239e9b70ca2 2728 int CyaSSL_EnableCRL(CYASSL* ssl, int options)
wolfSSL 0:1239e9b70ca2 2729 {
wolfSSL 0:1239e9b70ca2 2730 CYASSL_ENTER("CyaSSL_EnableCRL");
wolfSSL 0:1239e9b70ca2 2731 if (ssl)
wolfSSL 0:1239e9b70ca2 2732 return CyaSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
wolfSSL 0:1239e9b70ca2 2733 else
wolfSSL 0:1239e9b70ca2 2734 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2735 }
wolfSSL 0:1239e9b70ca2 2736
wolfSSL 0:1239e9b70ca2 2737
wolfSSL 0:1239e9b70ca2 2738 int CyaSSL_DisableCRL(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 2739 {
wolfSSL 0:1239e9b70ca2 2740 CYASSL_ENTER("CyaSSL_DisableCRL");
wolfSSL 0:1239e9b70ca2 2741 if (ssl)
wolfSSL 0:1239e9b70ca2 2742 return CyaSSL_CertManagerDisableCRL(ssl->ctx->cm);
wolfSSL 0:1239e9b70ca2 2743 else
wolfSSL 0:1239e9b70ca2 2744 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2745 }
wolfSSL 0:1239e9b70ca2 2746
wolfSSL 0:1239e9b70ca2 2747
wolfSSL 0:1239e9b70ca2 2748 int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor)
wolfSSL 0:1239e9b70ca2 2749 {
wolfSSL 0:1239e9b70ca2 2750 CYASSL_ENTER("CyaSSL_LoadCRL");
wolfSSL 0:1239e9b70ca2 2751 if (ssl)
wolfSSL 0:1239e9b70ca2 2752 return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
wolfSSL 0:1239e9b70ca2 2753 else
wolfSSL 0:1239e9b70ca2 2754 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2755 }
wolfSSL 0:1239e9b70ca2 2756
wolfSSL 0:1239e9b70ca2 2757
wolfSSL 0:1239e9b70ca2 2758 int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb)
wolfSSL 0:1239e9b70ca2 2759 {
wolfSSL 0:1239e9b70ca2 2760 CYASSL_ENTER("CyaSSL_SetCRL_Cb");
wolfSSL 0:1239e9b70ca2 2761 if (ssl)
wolfSSL 0:1239e9b70ca2 2762 return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
wolfSSL 0:1239e9b70ca2 2763 else
wolfSSL 0:1239e9b70ca2 2764 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2765 }
wolfSSL 0:1239e9b70ca2 2766
wolfSSL 0:1239e9b70ca2 2767
wolfSSL 0:1239e9b70ca2 2768 int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options)
wolfSSL 0:1239e9b70ca2 2769 {
wolfSSL 0:1239e9b70ca2 2770 CYASSL_ENTER("CyaSSL_CTX_EnableCRL");
wolfSSL 0:1239e9b70ca2 2771 if (ctx)
wolfSSL 0:1239e9b70ca2 2772 return CyaSSL_CertManagerEnableCRL(ctx->cm, options);
wolfSSL 0:1239e9b70ca2 2773 else
wolfSSL 0:1239e9b70ca2 2774 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2775 }
wolfSSL 0:1239e9b70ca2 2776
wolfSSL 0:1239e9b70ca2 2777
wolfSSL 0:1239e9b70ca2 2778 int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 2779 {
wolfSSL 0:1239e9b70ca2 2780 CYASSL_ENTER("CyaSSL_CTX_DisableCRL");
wolfSSL 0:1239e9b70ca2 2781 if (ctx)
wolfSSL 0:1239e9b70ca2 2782 return CyaSSL_CertManagerDisableCRL(ctx->cm);
wolfSSL 0:1239e9b70ca2 2783 else
wolfSSL 0:1239e9b70ca2 2784 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2785 }
wolfSSL 0:1239e9b70ca2 2786
wolfSSL 0:1239e9b70ca2 2787
wolfSSL 0:1239e9b70ca2 2788 int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor)
wolfSSL 0:1239e9b70ca2 2789 {
wolfSSL 0:1239e9b70ca2 2790 CYASSL_ENTER("CyaSSL_CTX_LoadCRL");
wolfSSL 0:1239e9b70ca2 2791 if (ctx)
wolfSSL 0:1239e9b70ca2 2792 return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
wolfSSL 0:1239e9b70ca2 2793 else
wolfSSL 0:1239e9b70ca2 2794 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2795 }
wolfSSL 0:1239e9b70ca2 2796
wolfSSL 0:1239e9b70ca2 2797
wolfSSL 0:1239e9b70ca2 2798 int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb)
wolfSSL 0:1239e9b70ca2 2799 {
wolfSSL 0:1239e9b70ca2 2800 CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb");
wolfSSL 0:1239e9b70ca2 2801 if (ctx)
wolfSSL 0:1239e9b70ca2 2802 return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
wolfSSL 0:1239e9b70ca2 2803 else
wolfSSL 0:1239e9b70ca2 2804 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2805 }
wolfSSL 0:1239e9b70ca2 2806
wolfSSL 0:1239e9b70ca2 2807
wolfSSL 0:1239e9b70ca2 2808 #endif /* HAVE_CRL */
wolfSSL 0:1239e9b70ca2 2809
wolfSSL 0:1239e9b70ca2 2810
wolfSSL 0:1239e9b70ca2 2811 #ifdef HAVE_OCSP
wolfSSL 0:1239e9b70ca2 2812
wolfSSL 0:1239e9b70ca2 2813
wolfSSL 0:1239e9b70ca2 2814 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 0:1239e9b70ca2 2815 int CyaSSL_CertManagerCheckOCSP(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 0:1239e9b70ca2 2816 {
wolfSSL 0:1239e9b70ca2 2817 int ret;
wolfSSL 0:1239e9b70ca2 2818 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 2819
wolfSSL 0:1239e9b70ca2 2820 CYASSL_ENTER("CyaSSL_CertManagerCheckOCSP");
wolfSSL 0:1239e9b70ca2 2821
wolfSSL 0:1239e9b70ca2 2822 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2823 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2824
wolfSSL 0:1239e9b70ca2 2825 if (cm->ocspEnabled == 0)
wolfSSL 0:1239e9b70ca2 2826 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2827
wolfSSL 0:1239e9b70ca2 2828 InitDecodedCert(&cert, der, sz, NULL);
wolfSSL 0:1239e9b70ca2 2829
wolfSSL 0:1239e9b70ca2 2830 ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
wolfSSL 0:1239e9b70ca2 2831 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2832 CYASSL_MSG("ParseCert failed");
wolfSSL 0:1239e9b70ca2 2833 return ret;
wolfSSL 0:1239e9b70ca2 2834 }
wolfSSL 0:1239e9b70ca2 2835 else {
wolfSSL 0:1239e9b70ca2 2836 ret = CheckCertOCSP(cm->ocsp, &cert);
wolfSSL 0:1239e9b70ca2 2837 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2838 CYASSL_MSG("CheckCertOCSP failed");
wolfSSL 0:1239e9b70ca2 2839 }
wolfSSL 0:1239e9b70ca2 2840 }
wolfSSL 0:1239e9b70ca2 2841
wolfSSL 0:1239e9b70ca2 2842 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 2843
wolfSSL 0:1239e9b70ca2 2844 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2845 return SSL_SUCCESS; /* convert */
wolfSSL 0:1239e9b70ca2 2846
wolfSSL 0:1239e9b70ca2 2847 return ret;
wolfSSL 0:1239e9b70ca2 2848 }
wolfSSL 0:1239e9b70ca2 2849
wolfSSL 0:1239e9b70ca2 2850
wolfSSL 0:1239e9b70ca2 2851 int CyaSSL_CertManagerSetOCSPOverrideURL(CYASSL_CERT_MANAGER* cm,
wolfSSL 0:1239e9b70ca2 2852 const char* url)
wolfSSL 0:1239e9b70ca2 2853 {
wolfSSL 0:1239e9b70ca2 2854 CYASSL_ENTER("CyaSSL_CertManagerSetOCSPOverrideURL");
wolfSSL 0:1239e9b70ca2 2855 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2856 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2857
wolfSSL 0:1239e9b70ca2 2858 XFREE(cm->ocspOverrideURL, cm->heap, 0);
wolfSSL 0:1239e9b70ca2 2859 if (url != NULL) {
wolfSSL 0:1239e9b70ca2 2860 int urlSz = (int)XSTRLEN(url) + 1;
wolfSSL 0:1239e9b70ca2 2861 cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, 0);
wolfSSL 0:1239e9b70ca2 2862 if (cm->ocspOverrideURL != NULL) {
wolfSSL 0:1239e9b70ca2 2863 XMEMCPY(cm->ocspOverrideURL, url, urlSz);
wolfSSL 0:1239e9b70ca2 2864 }
wolfSSL 0:1239e9b70ca2 2865 else
wolfSSL 0:1239e9b70ca2 2866 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 2867 }
wolfSSL 0:1239e9b70ca2 2868 else
wolfSSL 0:1239e9b70ca2 2869 cm->ocspOverrideURL = NULL;
wolfSSL 0:1239e9b70ca2 2870
wolfSSL 0:1239e9b70ca2 2871 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2872 }
wolfSSL 0:1239e9b70ca2 2873
wolfSSL 0:1239e9b70ca2 2874
wolfSSL 0:1239e9b70ca2 2875 int CyaSSL_CertManagerSetOCSP_Cb(CYASSL_CERT_MANAGER* cm,
wolfSSL 0:1239e9b70ca2 2876 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 0:1239e9b70ca2 2877 {
wolfSSL 0:1239e9b70ca2 2878 CYASSL_ENTER("CyaSSL_CertManagerSetOCSP_Cb");
wolfSSL 0:1239e9b70ca2 2879 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2880 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2881
wolfSSL 0:1239e9b70ca2 2882 cm->ocspIOCb = ioCb;
wolfSSL 0:1239e9b70ca2 2883 cm->ocspRespFreeCb = respFreeCb;
wolfSSL 0:1239e9b70ca2 2884 cm->ocspIOCtx = ioCbCtx;
wolfSSL 0:1239e9b70ca2 2885
wolfSSL 0:1239e9b70ca2 2886 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2887 }
wolfSSL 0:1239e9b70ca2 2888
wolfSSL 0:1239e9b70ca2 2889
wolfSSL 0:1239e9b70ca2 2890 int CyaSSL_EnableOCSP(CYASSL* ssl, int options)
wolfSSL 0:1239e9b70ca2 2891 {
wolfSSL 0:1239e9b70ca2 2892 CYASSL_ENTER("CyaSSL_EnableOCSP");
wolfSSL 0:1239e9b70ca2 2893 if (ssl)
wolfSSL 0:1239e9b70ca2 2894 return CyaSSL_CertManagerEnableOCSP(ssl->ctx->cm, options);
wolfSSL 0:1239e9b70ca2 2895 else
wolfSSL 0:1239e9b70ca2 2896 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2897 }
wolfSSL 0:1239e9b70ca2 2898
wolfSSL 0:1239e9b70ca2 2899
wolfSSL 0:1239e9b70ca2 2900 int CyaSSL_DisableOCSP(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 2901 {
wolfSSL 0:1239e9b70ca2 2902 CYASSL_ENTER("CyaSSL_DisableOCSP");
wolfSSL 0:1239e9b70ca2 2903 if (ssl)
wolfSSL 0:1239e9b70ca2 2904 return CyaSSL_CertManagerDisableOCSP(ssl->ctx->cm);
wolfSSL 0:1239e9b70ca2 2905 else
wolfSSL 0:1239e9b70ca2 2906 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2907 }
wolfSSL 0:1239e9b70ca2 2908
wolfSSL 0:1239e9b70ca2 2909
wolfSSL 0:1239e9b70ca2 2910 int CyaSSL_SetOCSP_OverrideURL(CYASSL* ssl, const char* url)
wolfSSL 0:1239e9b70ca2 2911 {
wolfSSL 0:1239e9b70ca2 2912 CYASSL_ENTER("CyaSSL_SetOCSP_OverrideURL");
wolfSSL 0:1239e9b70ca2 2913 if (ssl)
wolfSSL 0:1239e9b70ca2 2914 return CyaSSL_CertManagerSetOCSPOverrideURL(ssl->ctx->cm, url);
wolfSSL 0:1239e9b70ca2 2915 else
wolfSSL 0:1239e9b70ca2 2916 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2917 }
wolfSSL 0:1239e9b70ca2 2918
wolfSSL 0:1239e9b70ca2 2919
wolfSSL 0:1239e9b70ca2 2920 int CyaSSL_SetOCSP_Cb(CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 2921 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 0:1239e9b70ca2 2922 {
wolfSSL 0:1239e9b70ca2 2923 CYASSL_ENTER("CyaSSL_SetOCSP_Cb");
wolfSSL 0:1239e9b70ca2 2924 if (ssl)
wolfSSL 0:1239e9b70ca2 2925 return CyaSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
wolfSSL 0:1239e9b70ca2 2926 ioCb, respFreeCb, ioCbCtx);
wolfSSL 0:1239e9b70ca2 2927 else
wolfSSL 0:1239e9b70ca2 2928 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2929 }
wolfSSL 0:1239e9b70ca2 2930
wolfSSL 0:1239e9b70ca2 2931
wolfSSL 0:1239e9b70ca2 2932 int CyaSSL_CTX_EnableOCSP(CYASSL_CTX* ctx, int options)
wolfSSL 0:1239e9b70ca2 2933 {
wolfSSL 0:1239e9b70ca2 2934 CYASSL_ENTER("CyaSSL_CTX_EnableOCSP");
wolfSSL 0:1239e9b70ca2 2935 if (ctx)
wolfSSL 0:1239e9b70ca2 2936 return CyaSSL_CertManagerEnableOCSP(ctx->cm, options);
wolfSSL 0:1239e9b70ca2 2937 else
wolfSSL 0:1239e9b70ca2 2938 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2939 }
wolfSSL 0:1239e9b70ca2 2940
wolfSSL 0:1239e9b70ca2 2941
wolfSSL 0:1239e9b70ca2 2942 int CyaSSL_CTX_DisableOCSP(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 2943 {
wolfSSL 0:1239e9b70ca2 2944 CYASSL_ENTER("CyaSSL_CTX_DisableOCSP");
wolfSSL 0:1239e9b70ca2 2945 if (ctx)
wolfSSL 0:1239e9b70ca2 2946 return CyaSSL_CertManagerDisableOCSP(ctx->cm);
wolfSSL 0:1239e9b70ca2 2947 else
wolfSSL 0:1239e9b70ca2 2948 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2949 }
wolfSSL 0:1239e9b70ca2 2950
wolfSSL 0:1239e9b70ca2 2951
wolfSSL 0:1239e9b70ca2 2952 int CyaSSL_CTX_SetOCSP_OverrideURL(CYASSL_CTX* ctx, const char* url)
wolfSSL 0:1239e9b70ca2 2953 {
wolfSSL 0:1239e9b70ca2 2954 CYASSL_ENTER("CyaSSL_SetOCSP_OverrideURL");
wolfSSL 0:1239e9b70ca2 2955 if (ctx)
wolfSSL 0:1239e9b70ca2 2956 return CyaSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
wolfSSL 0:1239e9b70ca2 2957 else
wolfSSL 0:1239e9b70ca2 2958 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2959 }
wolfSSL 0:1239e9b70ca2 2960
wolfSSL 0:1239e9b70ca2 2961
wolfSSL 0:1239e9b70ca2 2962 int CyaSSL_CTX_SetOCSP_Cb(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 2963 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 0:1239e9b70ca2 2964 {
wolfSSL 0:1239e9b70ca2 2965 CYASSL_ENTER("CyaSSL_CTX_SetOCSP_Cb");
wolfSSL 0:1239e9b70ca2 2966 if (ctx)
wolfSSL 0:1239e9b70ca2 2967 return CyaSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, respFreeCb, ioCbCtx);
wolfSSL 0:1239e9b70ca2 2968 else
wolfSSL 0:1239e9b70ca2 2969 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2970 }
wolfSSL 0:1239e9b70ca2 2971
wolfSSL 0:1239e9b70ca2 2972
wolfSSL 0:1239e9b70ca2 2973 #endif /* HAVE_OCSP */
wolfSSL 0:1239e9b70ca2 2974
wolfSSL 0:1239e9b70ca2 2975
wolfSSL 0:1239e9b70ca2 2976 #ifdef CYASSL_DER_LOAD
wolfSSL 0:1239e9b70ca2 2977
wolfSSL 0:1239e9b70ca2 2978 /* Add format parameter to allow DER load of CA files */
wolfSSL 0:1239e9b70ca2 2979 int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file,
wolfSSL 0:1239e9b70ca2 2980 int format)
wolfSSL 0:1239e9b70ca2 2981 {
wolfSSL 0:1239e9b70ca2 2982 CYASSL_ENTER("CyaSSL_CTX_der_load_verify_locations");
wolfSSL 0:1239e9b70ca2 2983 if (ctx == NULL || file == NULL)
wolfSSL 0:1239e9b70ca2 2984 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2985
wolfSSL 0:1239e9b70ca2 2986 if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 2987 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2988
wolfSSL 0:1239e9b70ca2 2989 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2990 }
wolfSSL 0:1239e9b70ca2 2991
wolfSSL 0:1239e9b70ca2 2992 #endif /* CYASSL_DER_LOAD */
wolfSSL 0:1239e9b70ca2 2993
wolfSSL 0:1239e9b70ca2 2994
wolfSSL 0:1239e9b70ca2 2995 #ifdef CYASSL_CERT_GEN
wolfSSL 0:1239e9b70ca2 2996
wolfSSL 0:1239e9b70ca2 2997 /* load pem cert from file into der buffer, return der size or error */
wolfSSL 0:1239e9b70ca2 2998 int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
wolfSSL 0:1239e9b70ca2 2999 {
wolfSSL 0:1239e9b70ca2 3000 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 3001 byte* fileBuf = staticBuffer;
wolfSSL 0:1239e9b70ca2 3002 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 3003 int ret;
wolfSSL 0:1239e9b70ca2 3004 int ecc = 0;
wolfSSL 0:1239e9b70ca2 3005 long sz = 0;
wolfSSL 0:1239e9b70ca2 3006 XFILE file = XFOPEN(fileName, "rb");
wolfSSL 0:1239e9b70ca2 3007 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 3008 buffer converted;
wolfSSL 0:1239e9b70ca2 3009
wolfSSL 0:1239e9b70ca2 3010 CYASSL_ENTER("CyaSSL_PemCertToDer");
wolfSSL 0:1239e9b70ca2 3011 converted.buffer = 0;
wolfSSL 0:1239e9b70ca2 3012
wolfSSL 0:1239e9b70ca2 3013 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3014 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 3015 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 3016 XREWIND(file);
wolfSSL 0:1239e9b70ca2 3017
wolfSSL 0:1239e9b70ca2 3018 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 3019 fileBuf = (byte*) XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 3020 if (fileBuf == NULL) {
wolfSSL 0:1239e9b70ca2 3021 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3022 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3023 }
wolfSSL 0:1239e9b70ca2 3024 dynamic = 1;
wolfSSL 0:1239e9b70ca2 3025 }
wolfSSL 0:1239e9b70ca2 3026 else if (sz < 0) {
wolfSSL 0:1239e9b70ca2 3027 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3028 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3029 }
wolfSSL 0:1239e9b70ca2 3030
wolfSSL 0:1239e9b70ca2 3031 if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
wolfSSL 0:1239e9b70ca2 3032 ret = SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3033 else
wolfSSL 0:1239e9b70ca2 3034 ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, &info, &ecc);
wolfSSL 0:1239e9b70ca2 3035
wolfSSL 0:1239e9b70ca2 3036 if (ret == 0) {
wolfSSL 0:1239e9b70ca2 3037 if (converted.length < (word32)derSz) {
wolfSSL 0:1239e9b70ca2 3038 XMEMCPY(derBuf, converted.buffer, converted.length);
wolfSSL 0:1239e9b70ca2 3039 ret = converted.length;
wolfSSL 0:1239e9b70ca2 3040 }
wolfSSL 0:1239e9b70ca2 3041 else
wolfSSL 0:1239e9b70ca2 3042 ret = BUFFER_E;
wolfSSL 0:1239e9b70ca2 3043 }
wolfSSL 0:1239e9b70ca2 3044
wolfSSL 0:1239e9b70ca2 3045 XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA);
wolfSSL 0:1239e9b70ca2 3046 if (dynamic)
wolfSSL 0:1239e9b70ca2 3047 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 3048 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3049
wolfSSL 0:1239e9b70ca2 3050 return ret;
wolfSSL 0:1239e9b70ca2 3051 }
wolfSSL 0:1239e9b70ca2 3052
wolfSSL 0:1239e9b70ca2 3053 #endif /* CYASSL_CERT_GEN */
wolfSSL 0:1239e9b70ca2 3054
wolfSSL 0:1239e9b70ca2 3055
wolfSSL 0:1239e9b70ca2 3056 int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file,
wolfSSL 0:1239e9b70ca2 3057 int format)
wolfSSL 0:1239e9b70ca2 3058 {
wolfSSL 0:1239e9b70ca2 3059 CYASSL_ENTER("CyaSSL_CTX_use_certificate_file");
wolfSSL 0:1239e9b70ca2 3060 if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3061 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3062
wolfSSL 0:1239e9b70ca2 3063 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3064 }
wolfSSL 0:1239e9b70ca2 3065
wolfSSL 0:1239e9b70ca2 3066
wolfSSL 0:1239e9b70ca2 3067 int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX* ctx, const char* file,int format)
wolfSSL 0:1239e9b70ca2 3068 {
wolfSSL 0:1239e9b70ca2 3069 CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_file");
wolfSSL 0:1239e9b70ca2 3070 if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 0:1239e9b70ca2 3071 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3072 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3073
wolfSSL 0:1239e9b70ca2 3074 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3075 }
wolfSSL 0:1239e9b70ca2 3076
wolfSSL 0:1239e9b70ca2 3077
wolfSSL 0:1239e9b70ca2 3078 int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file)
wolfSSL 0:1239e9b70ca2 3079 {
wolfSSL 0:1239e9b70ca2 3080 /* procces up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 0:1239e9b70ca2 3081 CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_file");
wolfSSL 0:1239e9b70ca2 3082 if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
wolfSSL 0:1239e9b70ca2 3083 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3084 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3085
wolfSSL 0:1239e9b70ca2 3086 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3087 }
wolfSSL 0:1239e9b70ca2 3088
wolfSSL 0:1239e9b70ca2 3089
wolfSSL 0:1239e9b70ca2 3090 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 3091 /* put SSL type in extra for now, not very common */
wolfSSL 0:1239e9b70ca2 3092
wolfSSL 0:1239e9b70ca2 3093 int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
wolfSSL 0:1239e9b70ca2 3094 {
wolfSSL 0:1239e9b70ca2 3095 CYASSL_ENTER("CyaSSL_use_certificate_file");
wolfSSL 0:1239e9b70ca2 3096 if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
wolfSSL 0:1239e9b70ca2 3097 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3098 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3099
wolfSSL 0:1239e9b70ca2 3100 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3101 }
wolfSSL 0:1239e9b70ca2 3102
wolfSSL 0:1239e9b70ca2 3103
wolfSSL 0:1239e9b70ca2 3104 int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
wolfSSL 0:1239e9b70ca2 3105 {
wolfSSL 0:1239e9b70ca2 3106 CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
wolfSSL 0:1239e9b70ca2 3107 if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
wolfSSL 0:1239e9b70ca2 3108 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3109 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3110
wolfSSL 0:1239e9b70ca2 3111 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3112 }
wolfSSL 0:1239e9b70ca2 3113
wolfSSL 0:1239e9b70ca2 3114
wolfSSL 0:1239e9b70ca2 3115 int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
wolfSSL 0:1239e9b70ca2 3116 {
wolfSSL 0:1239e9b70ca2 3117 /* procces up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 0:1239e9b70ca2 3118 CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
wolfSSL 0:1239e9b70ca2 3119 if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
wolfSSL 0:1239e9b70ca2 3120 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3121 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3122
wolfSSL 0:1239e9b70ca2 3123 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3124 }
wolfSSL 0:1239e9b70ca2 3125
wolfSSL 0:1239e9b70ca2 3126
wolfSSL 0:1239e9b70ca2 3127 /* server wrapper for ctx or ssl Diffie-Hellman parameters */
wolfSSL 0:1239e9b70ca2 3128 static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 3129 const unsigned char* buf, long sz, int format)
wolfSSL 0:1239e9b70ca2 3130 {
wolfSSL 0:1239e9b70ca2 3131 buffer der;
wolfSSL 0:1239e9b70ca2 3132 int ret;
wolfSSL 0:1239e9b70ca2 3133 int weOwnDer = 0;
wolfSSL 0:1239e9b70ca2 3134 byte p[MAX_DH_SIZE];
wolfSSL 0:1239e9b70ca2 3135 byte g[MAX_DH_SIZE];
wolfSSL 0:1239e9b70ca2 3136 word32 pSz = sizeof(p);
wolfSSL 0:1239e9b70ca2 3137 word32 gSz = sizeof(g);
wolfSSL 0:1239e9b70ca2 3138
wolfSSL 0:1239e9b70ca2 3139 der.buffer = (byte*)buf;
wolfSSL 0:1239e9b70ca2 3140 der.length = (word32)sz;
wolfSSL 0:1239e9b70ca2 3141
wolfSSL 0:1239e9b70ca2 3142 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
wolfSSL 0:1239e9b70ca2 3143 return SSL_BAD_FILETYPE;
wolfSSL 0:1239e9b70ca2 3144
wolfSSL 0:1239e9b70ca2 3145 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:1239e9b70ca2 3146 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 3147 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL);
wolfSSL 0:1239e9b70ca2 3148 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 3149 XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 3150 return ret;
wolfSSL 0:1239e9b70ca2 3151 }
wolfSSL 0:1239e9b70ca2 3152 weOwnDer = 1;
wolfSSL 0:1239e9b70ca2 3153 }
wolfSSL 0:1239e9b70ca2 3154
wolfSSL 0:1239e9b70ca2 3155 if (DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0)
wolfSSL 0:1239e9b70ca2 3156 ret = SSL_BAD_FILETYPE;
wolfSSL 0:1239e9b70ca2 3157 else {
wolfSSL 0:1239e9b70ca2 3158 if (ssl)
wolfSSL 0:1239e9b70ca2 3159 ret = CyaSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL 0:1239e9b70ca2 3160 else
wolfSSL 0:1239e9b70ca2 3161 ret = CyaSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL 0:1239e9b70ca2 3162 }
wolfSSL 0:1239e9b70ca2 3163
wolfSSL 0:1239e9b70ca2 3164 if (weOwnDer)
wolfSSL 0:1239e9b70ca2 3165 XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 3166
wolfSSL 0:1239e9b70ca2 3167 return ret;
wolfSSL 0:1239e9b70ca2 3168 }
wolfSSL 0:1239e9b70ca2 3169
wolfSSL 0:1239e9b70ca2 3170 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 3171 int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz,
wolfSSL 0:1239e9b70ca2 3172 int format)
wolfSSL 0:1239e9b70ca2 3173 {
wolfSSL 0:1239e9b70ca2 3174 return CyaSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
wolfSSL 0:1239e9b70ca2 3175 }
wolfSSL 0:1239e9b70ca2 3176
wolfSSL 0:1239e9b70ca2 3177
wolfSSL 0:1239e9b70ca2 3178 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 3179 int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf,
wolfSSL 0:1239e9b70ca2 3180 long sz, int format)
wolfSSL 0:1239e9b70ca2 3181 {
wolfSSL 0:1239e9b70ca2 3182 return CyaSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
wolfSSL 0:1239e9b70ca2 3183 }
wolfSSL 0:1239e9b70ca2 3184
wolfSSL 0:1239e9b70ca2 3185
wolfSSL 0:1239e9b70ca2 3186 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 3187
wolfSSL 0:1239e9b70ca2 3188 /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 0:1239e9b70ca2 3189 int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz)
wolfSSL 0:1239e9b70ca2 3190 {
wolfSSL 0:1239e9b70ca2 3191 if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 0:1239e9b70ca2 3192 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3193
wolfSSL 0:1239e9b70ca2 3194 ctx->eccTempKeySz = sz;
wolfSSL 0:1239e9b70ca2 3195
wolfSSL 0:1239e9b70ca2 3196 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3197 }
wolfSSL 0:1239e9b70ca2 3198
wolfSSL 0:1239e9b70ca2 3199
wolfSSL 0:1239e9b70ca2 3200 /* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 0:1239e9b70ca2 3201 int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz)
wolfSSL 0:1239e9b70ca2 3202 {
wolfSSL 0:1239e9b70ca2 3203 if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 0:1239e9b70ca2 3204 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3205
wolfSSL 0:1239e9b70ca2 3206 ssl->eccTempKeySz = sz;
wolfSSL 0:1239e9b70ca2 3207
wolfSSL 0:1239e9b70ca2 3208 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3209 }
wolfSSL 0:1239e9b70ca2 3210
wolfSSL 0:1239e9b70ca2 3211 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 3212
wolfSSL 0:1239e9b70ca2 3213
wolfSSL 0:1239e9b70ca2 3214 #if !defined(NO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 3215
wolfSSL 0:1239e9b70ca2 3216 /* server Diffie-Hellman parameters */
wolfSSL 0:1239e9b70ca2 3217 static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 3218 const char* fname, int format)
wolfSSL 0:1239e9b70ca2 3219 {
wolfSSL 0:1239e9b70ca2 3220 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 3221 byte* myBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 3222 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 3223 int ret;
wolfSSL 0:1239e9b70ca2 3224 long sz = 0;
wolfSSL 0:1239e9b70ca2 3225 XFILE file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 3226
wolfSSL 0:1239e9b70ca2 3227 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3228 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 3229 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 3230 XREWIND(file);
wolfSSL 0:1239e9b70ca2 3231
wolfSSL 0:1239e9b70ca2 3232 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 3233 CYASSL_MSG("Getting dynamic buffer");
wolfSSL 0:1239e9b70ca2 3234 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 3235 if (myBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 3236 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3237 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3238 }
wolfSSL 0:1239e9b70ca2 3239 dynamic = 1;
wolfSSL 0:1239e9b70ca2 3240 }
wolfSSL 0:1239e9b70ca2 3241 else if (sz < 0) {
wolfSSL 0:1239e9b70ca2 3242 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3243 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3244 }
wolfSSL 0:1239e9b70ca2 3245
wolfSSL 0:1239e9b70ca2 3246 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 0:1239e9b70ca2 3247 ret = SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3248 else {
wolfSSL 0:1239e9b70ca2 3249 if (ssl)
wolfSSL 0:1239e9b70ca2 3250 ret = CyaSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
wolfSSL 0:1239e9b70ca2 3251 else
wolfSSL 0:1239e9b70ca2 3252 ret = CyaSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
wolfSSL 0:1239e9b70ca2 3253 }
wolfSSL 0:1239e9b70ca2 3254
wolfSSL 0:1239e9b70ca2 3255 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3256 if (dynamic) XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 3257
wolfSSL 0:1239e9b70ca2 3258 return ret;
wolfSSL 0:1239e9b70ca2 3259 }
wolfSSL 0:1239e9b70ca2 3260
wolfSSL 0:1239e9b70ca2 3261 /* server Diffie-Hellman parameters */
wolfSSL 0:1239e9b70ca2 3262 int CyaSSL_SetTmpDH_file(CYASSL* ssl, const char* fname, int format)
wolfSSL 0:1239e9b70ca2 3263 {
wolfSSL 0:1239e9b70ca2 3264 return CyaSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
wolfSSL 0:1239e9b70ca2 3265 }
wolfSSL 0:1239e9b70ca2 3266
wolfSSL 0:1239e9b70ca2 3267
wolfSSL 0:1239e9b70ca2 3268 /* server Diffie-Hellman parameters */
wolfSSL 0:1239e9b70ca2 3269 int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format)
wolfSSL 0:1239e9b70ca2 3270 {
wolfSSL 0:1239e9b70ca2 3271 return CyaSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
wolfSSL 0:1239e9b70ca2 3272 }
wolfSSL 0:1239e9b70ca2 3273
wolfSSL 0:1239e9b70ca2 3274
wolfSSL 0:1239e9b70ca2 3275 #endif /* !NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 3276 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 3277
wolfSSL 0:1239e9b70ca2 3278 #ifdef HAVE_NTRU
wolfSSL 0:1239e9b70ca2 3279
wolfSSL 0:1239e9b70ca2 3280 int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
wolfSSL 0:1239e9b70ca2 3281 {
wolfSSL 0:1239e9b70ca2 3282 CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file");
wolfSSL 0:1239e9b70ca2 3283 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 3284 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3285
wolfSSL 0:1239e9b70ca2 3286 if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 0:1239e9b70ca2 3287 == SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 3288 ctx->haveNTRU = 1;
wolfSSL 0:1239e9b70ca2 3289 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3290 }
wolfSSL 0:1239e9b70ca2 3291
wolfSSL 0:1239e9b70ca2 3292 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3293 }
wolfSSL 0:1239e9b70ca2 3294
wolfSSL 0:1239e9b70ca2 3295 #endif /* HAVE_NTRU */
wolfSSL 0:1239e9b70ca2 3296
wolfSSL 0:1239e9b70ca2 3297
wolfSSL 0:1239e9b70ca2 3298
wolfSSL 0:1239e9b70ca2 3299 #if defined(OPENSSL_EXTRA)
wolfSSL 0:1239e9b70ca2 3300
wolfSSL 0:1239e9b70ca2 3301 int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file,
wolfSSL 0:1239e9b70ca2 3302 int format)
wolfSSL 0:1239e9b70ca2 3303 {
wolfSSL 0:1239e9b70ca2 3304 CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
wolfSSL 0:1239e9b70ca2 3305
wolfSSL 0:1239e9b70ca2 3306 return CyaSSL_CTX_use_PrivateKey_file(ctx, file, format);
wolfSSL 0:1239e9b70ca2 3307 }
wolfSSL 0:1239e9b70ca2 3308
wolfSSL 0:1239e9b70ca2 3309 int CyaSSL_use_RSAPrivateKey_file(CYASSL* ssl, const char* file, int format)
wolfSSL 0:1239e9b70ca2 3310 {
wolfSSL 0:1239e9b70ca2 3311 CYASSL_ENTER("CyaSSL_use_RSAPrivateKey_file");
wolfSSL 0:1239e9b70ca2 3312
wolfSSL 0:1239e9b70ca2 3313 return CyaSSL_use_PrivateKey_file(ssl, file, format);
wolfSSL 0:1239e9b70ca2 3314 }
wolfSSL 0:1239e9b70ca2 3315
wolfSSL 0:1239e9b70ca2 3316 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 3317
wolfSSL 0:1239e9b70ca2 3318 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 3319
wolfSSL 0:1239e9b70ca2 3320
wolfSSL 0:1239e9b70ca2 3321 void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
wolfSSL 0:1239e9b70ca2 3322 {
wolfSSL 0:1239e9b70ca2 3323 CYASSL_ENTER("CyaSSL_CTX_set_verify");
wolfSSL 0:1239e9b70ca2 3324 if (mode & SSL_VERIFY_PEER) {
wolfSSL 0:1239e9b70ca2 3325 ctx->verifyPeer = 1;
wolfSSL 0:1239e9b70ca2 3326 ctx->verifyNone = 0; /* in case perviously set */
wolfSSL 0:1239e9b70ca2 3327 }
wolfSSL 0:1239e9b70ca2 3328
wolfSSL 0:1239e9b70ca2 3329 if (mode == SSL_VERIFY_NONE) {
wolfSSL 0:1239e9b70ca2 3330 ctx->verifyNone = 1;
wolfSSL 0:1239e9b70ca2 3331 ctx->verifyPeer = 0; /* in case previously set */
wolfSSL 0:1239e9b70ca2 3332 }
wolfSSL 0:1239e9b70ca2 3333
wolfSSL 0:1239e9b70ca2 3334 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 0:1239e9b70ca2 3335 ctx->failNoCert = 1;
wolfSSL 0:1239e9b70ca2 3336
wolfSSL 0:1239e9b70ca2 3337 ctx->verifyCallback = vc;
wolfSSL 0:1239e9b70ca2 3338 }
wolfSSL 0:1239e9b70ca2 3339
wolfSSL 0:1239e9b70ca2 3340
wolfSSL 0:1239e9b70ca2 3341 void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
wolfSSL 0:1239e9b70ca2 3342 {
wolfSSL 0:1239e9b70ca2 3343 CYASSL_ENTER("CyaSSL_set_verify");
wolfSSL 0:1239e9b70ca2 3344 if (mode & SSL_VERIFY_PEER) {
wolfSSL 0:1239e9b70ca2 3345 ssl->options.verifyPeer = 1;
wolfSSL 0:1239e9b70ca2 3346 ssl->options.verifyNone = 0; /* in case perviously set */
wolfSSL 0:1239e9b70ca2 3347 }
wolfSSL 0:1239e9b70ca2 3348
wolfSSL 0:1239e9b70ca2 3349 if (mode == SSL_VERIFY_NONE) {
wolfSSL 0:1239e9b70ca2 3350 ssl->options.verifyNone = 1;
wolfSSL 0:1239e9b70ca2 3351 ssl->options.verifyPeer = 0; /* in case previously set */
wolfSSL 0:1239e9b70ca2 3352 }
wolfSSL 0:1239e9b70ca2 3353
wolfSSL 0:1239e9b70ca2 3354 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 0:1239e9b70ca2 3355 ssl->options.failNoCert = 1;
wolfSSL 0:1239e9b70ca2 3356
wolfSSL 0:1239e9b70ca2 3357 ssl->verifyCallback = vc;
wolfSSL 0:1239e9b70ca2 3358 }
wolfSSL 0:1239e9b70ca2 3359
wolfSSL 0:1239e9b70ca2 3360
wolfSSL 0:1239e9b70ca2 3361 /* store user ctx for verify callback */
wolfSSL 0:1239e9b70ca2 3362 void CyaSSL_SetCertCbCtx(CYASSL* ssl, void* ctx)
wolfSSL 0:1239e9b70ca2 3363 {
wolfSSL 0:1239e9b70ca2 3364 CYASSL_ENTER("CyaSSL_SetCertCbCtx");
wolfSSL 0:1239e9b70ca2 3365 if (ssl)
wolfSSL 0:1239e9b70ca2 3366 ssl->verifyCbCtx = ctx;
wolfSSL 0:1239e9b70ca2 3367 }
wolfSSL 0:1239e9b70ca2 3368
wolfSSL 0:1239e9b70ca2 3369
wolfSSL 0:1239e9b70ca2 3370 /* store context CA Cache addition callback */
wolfSSL 0:1239e9b70ca2 3371 void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
wolfSSL 0:1239e9b70ca2 3372 {
wolfSSL 0:1239e9b70ca2 3373 if (ctx && ctx->cm)
wolfSSL 0:1239e9b70ca2 3374 ctx->cm->caCacheCallback = cb;
wolfSSL 0:1239e9b70ca2 3375 }
wolfSSL 0:1239e9b70ca2 3376
wolfSSL 0:1239e9b70ca2 3377
wolfSSL 0:1239e9b70ca2 3378 #if defined(PERSIST_CERT_CACHE)
wolfSSL 0:1239e9b70ca2 3379
wolfSSL 0:1239e9b70ca2 3380 #if !defined(NO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 3381
wolfSSL 0:1239e9b70ca2 3382 /* Persist cert cache to file */
wolfSSL 0:1239e9b70ca2 3383 int CyaSSL_CTX_save_cert_cache(CYASSL_CTX* ctx, const char* fname)
wolfSSL 0:1239e9b70ca2 3384 {
wolfSSL 0:1239e9b70ca2 3385 CYASSL_ENTER("CyaSSL_CTX_save_cert_cache");
wolfSSL 0:1239e9b70ca2 3386
wolfSSL 0:1239e9b70ca2 3387 if (ctx == NULL || fname == NULL)
wolfSSL 0:1239e9b70ca2 3388 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3389
wolfSSL 0:1239e9b70ca2 3390 return CM_SaveCertCache(ctx->cm, fname);
wolfSSL 0:1239e9b70ca2 3391 }
wolfSSL 0:1239e9b70ca2 3392
wolfSSL 0:1239e9b70ca2 3393
wolfSSL 0:1239e9b70ca2 3394 /* Persist cert cache from file */
wolfSSL 0:1239e9b70ca2 3395 int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX* ctx, const char* fname)
wolfSSL 0:1239e9b70ca2 3396 {
wolfSSL 0:1239e9b70ca2 3397 CYASSL_ENTER("CyaSSL_CTX_restore_cert_cache");
wolfSSL 0:1239e9b70ca2 3398
wolfSSL 0:1239e9b70ca2 3399 if (ctx == NULL || fname == NULL)
wolfSSL 0:1239e9b70ca2 3400 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3401
wolfSSL 0:1239e9b70ca2 3402 return CM_RestoreCertCache(ctx->cm, fname);
wolfSSL 0:1239e9b70ca2 3403 }
wolfSSL 0:1239e9b70ca2 3404
wolfSSL 0:1239e9b70ca2 3405 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 3406
wolfSSL 0:1239e9b70ca2 3407 /* Persist cert cache to memory */
wolfSSL 0:1239e9b70ca2 3408 int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX* ctx, void* mem, int sz, int* used)
wolfSSL 0:1239e9b70ca2 3409 {
wolfSSL 0:1239e9b70ca2 3410 CYASSL_ENTER("CyaSSL_CTX_memsave_cert_cache");
wolfSSL 0:1239e9b70ca2 3411
wolfSSL 0:1239e9b70ca2 3412 if (ctx == NULL || mem == NULL || used == NULL || sz <= 0)
wolfSSL 0:1239e9b70ca2 3413 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3414
wolfSSL 0:1239e9b70ca2 3415 return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
wolfSSL 0:1239e9b70ca2 3416 }
wolfSSL 0:1239e9b70ca2 3417
wolfSSL 0:1239e9b70ca2 3418
wolfSSL 0:1239e9b70ca2 3419 /* Restore cert cache from memory */
wolfSSL 0:1239e9b70ca2 3420 int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX* ctx, const void* mem, int sz)
wolfSSL 0:1239e9b70ca2 3421 {
wolfSSL 0:1239e9b70ca2 3422 CYASSL_ENTER("CyaSSL_CTX_memrestore_cert_cache");
wolfSSL 0:1239e9b70ca2 3423
wolfSSL 0:1239e9b70ca2 3424 if (ctx == NULL || mem == NULL || sz <= 0)
wolfSSL 0:1239e9b70ca2 3425 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3426
wolfSSL 0:1239e9b70ca2 3427 return CM_MemRestoreCertCache(ctx->cm, mem, sz);
wolfSSL 0:1239e9b70ca2 3428 }
wolfSSL 0:1239e9b70ca2 3429
wolfSSL 0:1239e9b70ca2 3430
wolfSSL 0:1239e9b70ca2 3431 /* get how big the the cert cache save buffer needs to be */
wolfSSL 0:1239e9b70ca2 3432 int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 3433 {
wolfSSL 0:1239e9b70ca2 3434 CYASSL_ENTER("CyaSSL_CTX_get_cert_cache_memsize");
wolfSSL 0:1239e9b70ca2 3435
wolfSSL 0:1239e9b70ca2 3436 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 3437 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3438
wolfSSL 0:1239e9b70ca2 3439 return CM_GetCertCacheMemSize(ctx->cm);
wolfSSL 0:1239e9b70ca2 3440 }
wolfSSL 0:1239e9b70ca2 3441
wolfSSL 0:1239e9b70ca2 3442 #endif /* PERSISTE_CERT_CACHE */
wolfSSL 0:1239e9b70ca2 3443 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 3444
wolfSSL 0:1239e9b70ca2 3445
wolfSSL 0:1239e9b70ca2 3446 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 3447
wolfSSL 0:1239e9b70ca2 3448 CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 3449 {
wolfSSL 0:1239e9b70ca2 3450 CYASSL_ENTER("SSL_get_session");
wolfSSL 0:1239e9b70ca2 3451 if (ssl)
wolfSSL 0:1239e9b70ca2 3452 return GetSession(ssl, 0);
wolfSSL 0:1239e9b70ca2 3453
wolfSSL 0:1239e9b70ca2 3454 return NULL;
wolfSSL 0:1239e9b70ca2 3455 }
wolfSSL 0:1239e9b70ca2 3456
wolfSSL 0:1239e9b70ca2 3457
wolfSSL 0:1239e9b70ca2 3458 int CyaSSL_set_session(CYASSL* ssl, CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 3459 {
wolfSSL 0:1239e9b70ca2 3460 CYASSL_ENTER("SSL_set_session");
wolfSSL 0:1239e9b70ca2 3461 if (session)
wolfSSL 0:1239e9b70ca2 3462 return SetSession(ssl, session);
wolfSSL 0:1239e9b70ca2 3463
wolfSSL 0:1239e9b70ca2 3464 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3465 }
wolfSSL 0:1239e9b70ca2 3466
wolfSSL 0:1239e9b70ca2 3467
wolfSSL 0:1239e9b70ca2 3468 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3469
wolfSSL 0:1239e9b70ca2 3470 /* Associate client session with serverID, find existing or store for saving
wolfSSL 0:1239e9b70ca2 3471 if newSession flag on, don't reuse existing session
wolfSSL 0:1239e9b70ca2 3472 SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 3473 int CyaSSL_SetServerID(CYASSL* ssl, const byte* id, int len, int newSession)
wolfSSL 0:1239e9b70ca2 3474 {
wolfSSL 0:1239e9b70ca2 3475 CYASSL_SESSION* session = NULL;
wolfSSL 0:1239e9b70ca2 3476
wolfSSL 0:1239e9b70ca2 3477 CYASSL_ENTER("CyaSSL_SetServerID");
wolfSSL 0:1239e9b70ca2 3478
wolfSSL 0:1239e9b70ca2 3479 if (ssl == NULL || id == NULL || len <= 0)
wolfSSL 0:1239e9b70ca2 3480 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3481
wolfSSL 0:1239e9b70ca2 3482 if (newSession == 0) {
wolfSSL 0:1239e9b70ca2 3483 session = GetSessionClient(ssl, id, len);
wolfSSL 0:1239e9b70ca2 3484 if (session) {
wolfSSL 0:1239e9b70ca2 3485 if (SetSession(ssl, session) != SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 3486 CYASSL_MSG("SetSession failed");
wolfSSL 0:1239e9b70ca2 3487 session = NULL;
wolfSSL 0:1239e9b70ca2 3488 }
wolfSSL 0:1239e9b70ca2 3489 }
wolfSSL 0:1239e9b70ca2 3490 }
wolfSSL 0:1239e9b70ca2 3491
wolfSSL 0:1239e9b70ca2 3492 if (session == NULL) {
wolfSSL 0:1239e9b70ca2 3493 CYASSL_MSG("Valid ServerID not cached already");
wolfSSL 0:1239e9b70ca2 3494
wolfSSL 0:1239e9b70ca2 3495 ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
wolfSSL 0:1239e9b70ca2 3496 XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
wolfSSL 0:1239e9b70ca2 3497 }
wolfSSL 0:1239e9b70ca2 3498
wolfSSL 0:1239e9b70ca2 3499 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3500 }
wolfSSL 0:1239e9b70ca2 3501
wolfSSL 0:1239e9b70ca2 3502 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 3503
wolfSSL 0:1239e9b70ca2 3504 #if defined(PERSIST_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 3505
wolfSSL 0:1239e9b70ca2 3506 /* for persistance, if changes to layout need to increment and modify
wolfSSL 0:1239e9b70ca2 3507 save_session_cache() and restore_session_cache and memory versions too */
wolfSSL 0:1239e9b70ca2 3508 #define CYASSL_CACHE_VERSION 2
wolfSSL 0:1239e9b70ca2 3509
wolfSSL 0:1239e9b70ca2 3510 /* Session Cache Header information */
wolfSSL 0:1239e9b70ca2 3511 typedef struct {
wolfSSL 0:1239e9b70ca2 3512 int version; /* cache layout version id */
wolfSSL 0:1239e9b70ca2 3513 int rows; /* session rows */
wolfSSL 0:1239e9b70ca2 3514 int columns; /* session columns */
wolfSSL 0:1239e9b70ca2 3515 int sessionSz; /* sizeof CYASSL_SESSION */
wolfSSL 0:1239e9b70ca2 3516 } cache_header_t;
wolfSSL 0:1239e9b70ca2 3517
wolfSSL 0:1239e9b70ca2 3518 /* current persistence layout is:
wolfSSL 0:1239e9b70ca2 3519
wolfSSL 0:1239e9b70ca2 3520 1) cache_header_t
wolfSSL 0:1239e9b70ca2 3521 2) SessionCache
wolfSSL 0:1239e9b70ca2 3522 3) ClientCache
wolfSSL 0:1239e9b70ca2 3523
wolfSSL 0:1239e9b70ca2 3524 update CYASSL_CACHE_VERSION if change layout for the following
wolfSSL 0:1239e9b70ca2 3525 PERSISTENT_SESSION_CACHE functions
wolfSSL 0:1239e9b70ca2 3526 */
wolfSSL 0:1239e9b70ca2 3527
wolfSSL 0:1239e9b70ca2 3528
wolfSSL 0:1239e9b70ca2 3529 /* get how big the the session cache save buffer needs to be */
wolfSSL 0:1239e9b70ca2 3530 int CyaSSL_get_session_cache_memsize(void)
wolfSSL 0:1239e9b70ca2 3531 {
wolfSSL 0:1239e9b70ca2 3532 int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
wolfSSL 0:1239e9b70ca2 3533
wolfSSL 0:1239e9b70ca2 3534 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3535 sz += (int)(sizeof(ClientCache));
wolfSSL 0:1239e9b70ca2 3536 #endif
wolfSSL 0:1239e9b70ca2 3537
wolfSSL 0:1239e9b70ca2 3538 return sz;
wolfSSL 0:1239e9b70ca2 3539 }
wolfSSL 0:1239e9b70ca2 3540
wolfSSL 0:1239e9b70ca2 3541
wolfSSL 0:1239e9b70ca2 3542 /* Persist session cache to memory */
wolfSSL 0:1239e9b70ca2 3543 int CyaSSL_memsave_session_cache(void* mem, int sz)
wolfSSL 0:1239e9b70ca2 3544 {
wolfSSL 0:1239e9b70ca2 3545 int i;
wolfSSL 0:1239e9b70ca2 3546 cache_header_t cache_header;
wolfSSL 0:1239e9b70ca2 3547 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 0:1239e9b70ca2 3548 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3549 ClientRow* clRow;
wolfSSL 0:1239e9b70ca2 3550 #endif
wolfSSL 0:1239e9b70ca2 3551
wolfSSL 0:1239e9b70ca2 3552 CYASSL_ENTER("CyaSSL_memsave_session_cache");
wolfSSL 0:1239e9b70ca2 3553
wolfSSL 0:1239e9b70ca2 3554 if (sz < CyaSSL_get_session_cache_memsize()) {
wolfSSL 0:1239e9b70ca2 3555 CYASSL_MSG("Memory buffer too small");
wolfSSL 0:1239e9b70ca2 3556 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3557 }
wolfSSL 0:1239e9b70ca2 3558
wolfSSL 0:1239e9b70ca2 3559 cache_header.version = CYASSL_CACHE_VERSION;
wolfSSL 0:1239e9b70ca2 3560 cache_header.rows = SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 3561 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 0:1239e9b70ca2 3562 cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
wolfSSL 0:1239e9b70ca2 3563 XMEMCPY(mem, &cache_header, sizeof(cache_header));
wolfSSL 0:1239e9b70ca2 3564
wolfSSL 0:1239e9b70ca2 3565 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 3566 CYASSL_MSG("Session cache mutex lock failed");
wolfSSL 0:1239e9b70ca2 3567 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 3568 }
wolfSSL 0:1239e9b70ca2 3569
wolfSSL 0:1239e9b70ca2 3570 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:1239e9b70ca2 3571 XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
wolfSSL 0:1239e9b70ca2 3572
wolfSSL 0:1239e9b70ca2 3573 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3574 clRow = (ClientRow*)row;
wolfSSL 0:1239e9b70ca2 3575 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:1239e9b70ca2 3576 XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
wolfSSL 0:1239e9b70ca2 3577 #endif
wolfSSL 0:1239e9b70ca2 3578
wolfSSL 0:1239e9b70ca2 3579 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 3580
wolfSSL 0:1239e9b70ca2 3581 CYASSL_LEAVE("CyaSSL_memsave_session_cache", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 3582
wolfSSL 0:1239e9b70ca2 3583 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3584 }
wolfSSL 0:1239e9b70ca2 3585
wolfSSL 0:1239e9b70ca2 3586
wolfSSL 0:1239e9b70ca2 3587 /* Restore the persistant session cache from memory */
wolfSSL 0:1239e9b70ca2 3588 int CyaSSL_memrestore_session_cache(const void* mem, int sz)
wolfSSL 0:1239e9b70ca2 3589 {
wolfSSL 0:1239e9b70ca2 3590 int i;
wolfSSL 0:1239e9b70ca2 3591 cache_header_t cache_header;
wolfSSL 0:1239e9b70ca2 3592 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 0:1239e9b70ca2 3593 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3594 ClientRow* clRow;
wolfSSL 0:1239e9b70ca2 3595 #endif
wolfSSL 0:1239e9b70ca2 3596
wolfSSL 0:1239e9b70ca2 3597 CYASSL_ENTER("CyaSSL_memrestore_session_cache");
wolfSSL 0:1239e9b70ca2 3598
wolfSSL 0:1239e9b70ca2 3599 if (sz < CyaSSL_get_session_cache_memsize()) {
wolfSSL 0:1239e9b70ca2 3600 CYASSL_MSG("Memory buffer too small");
wolfSSL 0:1239e9b70ca2 3601 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3602 }
wolfSSL 0:1239e9b70ca2 3603
wolfSSL 0:1239e9b70ca2 3604 XMEMCPY(&cache_header, mem, sizeof(cache_header));
wolfSSL 0:1239e9b70ca2 3605 if (cache_header.version != CYASSL_CACHE_VERSION ||
wolfSSL 0:1239e9b70ca2 3606 cache_header.rows != SESSION_ROWS ||
wolfSSL 0:1239e9b70ca2 3607 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 0:1239e9b70ca2 3608 cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
wolfSSL 0:1239e9b70ca2 3609
wolfSSL 0:1239e9b70ca2 3610 CYASSL_MSG("Session cache header match failed");
wolfSSL 0:1239e9b70ca2 3611 return CACHE_MATCH_ERROR;
wolfSSL 0:1239e9b70ca2 3612 }
wolfSSL 0:1239e9b70ca2 3613
wolfSSL 0:1239e9b70ca2 3614 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 3615 CYASSL_MSG("Session cache mutex lock failed");
wolfSSL 0:1239e9b70ca2 3616 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 3617 }
wolfSSL 0:1239e9b70ca2 3618
wolfSSL 0:1239e9b70ca2 3619 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:1239e9b70ca2 3620 XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
wolfSSL 0:1239e9b70ca2 3621
wolfSSL 0:1239e9b70ca2 3622 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3623 clRow = (ClientRow*)row;
wolfSSL 0:1239e9b70ca2 3624 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:1239e9b70ca2 3625 XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
wolfSSL 0:1239e9b70ca2 3626 #endif
wolfSSL 0:1239e9b70ca2 3627
wolfSSL 0:1239e9b70ca2 3628 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 3629
wolfSSL 0:1239e9b70ca2 3630 CYASSL_LEAVE("CyaSSL_memrestore_session_cache", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 3631
wolfSSL 0:1239e9b70ca2 3632 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3633 }
wolfSSL 0:1239e9b70ca2 3634
wolfSSL 0:1239e9b70ca2 3635 #if !defined(NO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 3636
wolfSSL 0:1239e9b70ca2 3637 /* Persist session cache to file */
wolfSSL 0:1239e9b70ca2 3638 /* doesn't use memsave because of additional memory use */
wolfSSL 0:1239e9b70ca2 3639 int CyaSSL_save_session_cache(const char *fname)
wolfSSL 0:1239e9b70ca2 3640 {
wolfSSL 0:1239e9b70ca2 3641 XFILE file;
wolfSSL 0:1239e9b70ca2 3642 int ret;
wolfSSL 0:1239e9b70ca2 3643 int rc = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3644 int i;
wolfSSL 0:1239e9b70ca2 3645 cache_header_t cache_header;
wolfSSL 0:1239e9b70ca2 3646
wolfSSL 0:1239e9b70ca2 3647 CYASSL_ENTER("CyaSSL_save_session_cache");
wolfSSL 0:1239e9b70ca2 3648
wolfSSL 0:1239e9b70ca2 3649 file = XFOPEN(fname, "w+b");
wolfSSL 0:1239e9b70ca2 3650 if (file == XBADFILE) {
wolfSSL 0:1239e9b70ca2 3651 CYASSL_MSG("Couldn't open session cache save file");
wolfSSL 0:1239e9b70ca2 3652 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3653 }
wolfSSL 0:1239e9b70ca2 3654 cache_header.version = CYASSL_CACHE_VERSION;
wolfSSL 0:1239e9b70ca2 3655 cache_header.rows = SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 3656 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 0:1239e9b70ca2 3657 cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
wolfSSL 0:1239e9b70ca2 3658
wolfSSL 0:1239e9b70ca2 3659 /* cache header */
wolfSSL 0:1239e9b70ca2 3660 ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
wolfSSL 0:1239e9b70ca2 3661 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3662 CYASSL_MSG("Session cache header file write failed");
wolfSSL 0:1239e9b70ca2 3663 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3664 return FWRITE_ERROR;
wolfSSL 0:1239e9b70ca2 3665 }
wolfSSL 0:1239e9b70ca2 3666
wolfSSL 0:1239e9b70ca2 3667 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 3668 CYASSL_MSG("Session cache mutex lock failed");
wolfSSL 0:1239e9b70ca2 3669 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3670 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 3671 }
wolfSSL 0:1239e9b70ca2 3672
wolfSSL 0:1239e9b70ca2 3673 /* session cache */
wolfSSL 0:1239e9b70ca2 3674 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:1239e9b70ca2 3675 ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 0:1239e9b70ca2 3676 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3677 CYASSL_MSG("Session cache member file write failed");
wolfSSL 0:1239e9b70ca2 3678 rc = FWRITE_ERROR;
wolfSSL 0:1239e9b70ca2 3679 break;
wolfSSL 0:1239e9b70ca2 3680 }
wolfSSL 0:1239e9b70ca2 3681 }
wolfSSL 0:1239e9b70ca2 3682
wolfSSL 0:1239e9b70ca2 3683 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3684 /* client cache */
wolfSSL 0:1239e9b70ca2 3685 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:1239e9b70ca2 3686 ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 0:1239e9b70ca2 3687 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3688 CYASSL_MSG("Client cache member file write failed");
wolfSSL 0:1239e9b70ca2 3689 rc = FWRITE_ERROR;
wolfSSL 0:1239e9b70ca2 3690 break;
wolfSSL 0:1239e9b70ca2 3691 }
wolfSSL 0:1239e9b70ca2 3692 }
wolfSSL 0:1239e9b70ca2 3693 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 3694
wolfSSL 0:1239e9b70ca2 3695 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 3696
wolfSSL 0:1239e9b70ca2 3697 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3698 CYASSL_LEAVE("CyaSSL_save_session_cache", rc);
wolfSSL 0:1239e9b70ca2 3699
wolfSSL 0:1239e9b70ca2 3700 return rc;
wolfSSL 0:1239e9b70ca2 3701 }
wolfSSL 0:1239e9b70ca2 3702
wolfSSL 0:1239e9b70ca2 3703
wolfSSL 0:1239e9b70ca2 3704 /* Restore the persistant session cache from file */
wolfSSL 0:1239e9b70ca2 3705 /* doesn't use memstore because of additional memory use */
wolfSSL 0:1239e9b70ca2 3706 int CyaSSL_restore_session_cache(const char *fname)
wolfSSL 0:1239e9b70ca2 3707 {
wolfSSL 0:1239e9b70ca2 3708 XFILE file;
wolfSSL 0:1239e9b70ca2 3709 int rc = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3710 int ret;
wolfSSL 0:1239e9b70ca2 3711 int i;
wolfSSL 0:1239e9b70ca2 3712 cache_header_t cache_header;
wolfSSL 0:1239e9b70ca2 3713
wolfSSL 0:1239e9b70ca2 3714 CYASSL_ENTER("CyaSSL_restore_session_cache");
wolfSSL 0:1239e9b70ca2 3715
wolfSSL 0:1239e9b70ca2 3716 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 3717 if (file == XBADFILE) {
wolfSSL 0:1239e9b70ca2 3718 CYASSL_MSG("Couldn't open session cache save file");
wolfSSL 0:1239e9b70ca2 3719 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3720 }
wolfSSL 0:1239e9b70ca2 3721 /* cache header */
wolfSSL 0:1239e9b70ca2 3722 ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
wolfSSL 0:1239e9b70ca2 3723 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3724 CYASSL_MSG("Session cache header file read failed");
wolfSSL 0:1239e9b70ca2 3725 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3726 return FREAD_ERROR;
wolfSSL 0:1239e9b70ca2 3727 }
wolfSSL 0:1239e9b70ca2 3728 if (cache_header.version != CYASSL_CACHE_VERSION ||
wolfSSL 0:1239e9b70ca2 3729 cache_header.rows != SESSION_ROWS ||
wolfSSL 0:1239e9b70ca2 3730 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 0:1239e9b70ca2 3731 cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
wolfSSL 0:1239e9b70ca2 3732
wolfSSL 0:1239e9b70ca2 3733 CYASSL_MSG("Session cache header match failed");
wolfSSL 0:1239e9b70ca2 3734 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3735 return CACHE_MATCH_ERROR;
wolfSSL 0:1239e9b70ca2 3736 }
wolfSSL 0:1239e9b70ca2 3737
wolfSSL 0:1239e9b70ca2 3738 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 3739 CYASSL_MSG("Session cache mutex lock failed");
wolfSSL 0:1239e9b70ca2 3740 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3741 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 3742 }
wolfSSL 0:1239e9b70ca2 3743
wolfSSL 0:1239e9b70ca2 3744 /* session cache */
wolfSSL 0:1239e9b70ca2 3745 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:1239e9b70ca2 3746 ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 0:1239e9b70ca2 3747 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3748 CYASSL_MSG("Session cache member file read failed");
wolfSSL 0:1239e9b70ca2 3749 XMEMSET(SessionCache, 0, sizeof SessionCache);
wolfSSL 0:1239e9b70ca2 3750 rc = FREAD_ERROR;
wolfSSL 0:1239e9b70ca2 3751 break;
wolfSSL 0:1239e9b70ca2 3752 }
wolfSSL 0:1239e9b70ca2 3753 }
wolfSSL 0:1239e9b70ca2 3754
wolfSSL 0:1239e9b70ca2 3755 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3756 /* client cache */
wolfSSL 0:1239e9b70ca2 3757 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:1239e9b70ca2 3758 ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 0:1239e9b70ca2 3759 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3760 CYASSL_MSG("Client cache member file read failed");
wolfSSL 0:1239e9b70ca2 3761 XMEMSET(ClientCache, 0, sizeof ClientCache);
wolfSSL 0:1239e9b70ca2 3762 rc = FREAD_ERROR;
wolfSSL 0:1239e9b70ca2 3763 break;
wolfSSL 0:1239e9b70ca2 3764 }
wolfSSL 0:1239e9b70ca2 3765 }
wolfSSL 0:1239e9b70ca2 3766
wolfSSL 0:1239e9b70ca2 3767 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 3768
wolfSSL 0:1239e9b70ca2 3769 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 3770
wolfSSL 0:1239e9b70ca2 3771 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3772 CYASSL_LEAVE("CyaSSL_restore_session_cache", rc);
wolfSSL 0:1239e9b70ca2 3773
wolfSSL 0:1239e9b70ca2 3774 return rc;
wolfSSL 0:1239e9b70ca2 3775 }
wolfSSL 0:1239e9b70ca2 3776
wolfSSL 0:1239e9b70ca2 3777 #endif /* !NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 3778 #endif /* PERSIST_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 3779 #endif /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 3780
wolfSSL 0:1239e9b70ca2 3781
wolfSSL 0:1239e9b70ca2 3782 void CyaSSL_load_error_strings(void) /* compatibility only */
wolfSSL 0:1239e9b70ca2 3783 {}
wolfSSL 0:1239e9b70ca2 3784
wolfSSL 0:1239e9b70ca2 3785
wolfSSL 0:1239e9b70ca2 3786 int CyaSSL_library_init(void)
wolfSSL 0:1239e9b70ca2 3787 {
wolfSSL 0:1239e9b70ca2 3788 CYASSL_ENTER("SSL_library_init");
wolfSSL 0:1239e9b70ca2 3789 if (CyaSSL_Init() == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3790 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3791 else
wolfSSL 0:1239e9b70ca2 3792 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 3793 }
wolfSSL 0:1239e9b70ca2 3794
wolfSSL 0:1239e9b70ca2 3795
wolfSSL 0:1239e9b70ca2 3796 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 3797
wolfSSL 0:1239e9b70ca2 3798 /* on by default if built in but allow user to turn off */
wolfSSL 0:1239e9b70ca2 3799 long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode)
wolfSSL 0:1239e9b70ca2 3800 {
wolfSSL 0:1239e9b70ca2 3801 CYASSL_ENTER("SSL_CTX_set_session_cache_mode");
wolfSSL 0:1239e9b70ca2 3802 if (mode == SSL_SESS_CACHE_OFF)
wolfSSL 0:1239e9b70ca2 3803 ctx->sessionCacheOff = 1;
wolfSSL 0:1239e9b70ca2 3804
wolfSSL 0:1239e9b70ca2 3805 if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
wolfSSL 0:1239e9b70ca2 3806 ctx->sessionCacheFlushOff = 1;
wolfSSL 0:1239e9b70ca2 3807
wolfSSL 0:1239e9b70ca2 3808 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3809 }
wolfSSL 0:1239e9b70ca2 3810
wolfSSL 0:1239e9b70ca2 3811 #endif /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 3812
wolfSSL 0:1239e9b70ca2 3813
wolfSSL 0:1239e9b70ca2 3814 #if !defined(NO_CERTS)
wolfSSL 0:1239e9b70ca2 3815 #if defined(PERSIST_CERT_CACHE)
wolfSSL 0:1239e9b70ca2 3816
wolfSSL 0:1239e9b70ca2 3817
wolfSSL 0:1239e9b70ca2 3818 #define CYASSL_CACHE_CERT_VERSION 1
wolfSSL 0:1239e9b70ca2 3819
wolfSSL 0:1239e9b70ca2 3820 typedef struct {
wolfSSL 0:1239e9b70ca2 3821 int version; /* cache cert layout version id */
wolfSSL 0:1239e9b70ca2 3822 int rows; /* hash table rows, CA_TABLE_SIZE */
wolfSSL 0:1239e9b70ca2 3823 int columns[CA_TABLE_SIZE]; /* columns per row on list */
wolfSSL 0:1239e9b70ca2 3824 int signerSz; /* sizeof Signer object */
wolfSSL 0:1239e9b70ca2 3825 } CertCacheHeader;
wolfSSL 0:1239e9b70ca2 3826
wolfSSL 0:1239e9b70ca2 3827 /* current cert persistance layout is:
wolfSSL 0:1239e9b70ca2 3828
wolfSSL 0:1239e9b70ca2 3829 1) CertCacheHeader
wolfSSL 0:1239e9b70ca2 3830 2) caTable
wolfSSL 0:1239e9b70ca2 3831
wolfSSL 0:1239e9b70ca2 3832 update CYASSL_CERT_CACHE_VERSION if change layout for the following
wolfSSL 0:1239e9b70ca2 3833 PERSIST_CERT_CACHE functions
wolfSSL 0:1239e9b70ca2 3834 */
wolfSSL 0:1239e9b70ca2 3835
wolfSSL 0:1239e9b70ca2 3836
wolfSSL 0:1239e9b70ca2 3837 /* Return memory needed to persist this signer, have lock */
wolfSSL 0:1239e9b70ca2 3838 static INLINE int GetSignerMemory(Signer* signer)
wolfSSL 0:1239e9b70ca2 3839 {
wolfSSL 0:1239e9b70ca2 3840 int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
wolfSSL 0:1239e9b70ca2 3841 + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 0:1239e9b70ca2 3842
wolfSSL 0:1239e9b70ca2 3843 #if !defined(NO_SKID)
wolfSSL 0:1239e9b70ca2 3844 sz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 0:1239e9b70ca2 3845 #endif
wolfSSL 0:1239e9b70ca2 3846
wolfSSL 0:1239e9b70ca2 3847 /* add dynamic bytes needed */
wolfSSL 0:1239e9b70ca2 3848 sz += signer->pubKeySize;
wolfSSL 0:1239e9b70ca2 3849 sz += signer->nameLen;
wolfSSL 0:1239e9b70ca2 3850
wolfSSL 0:1239e9b70ca2 3851 return sz;
wolfSSL 0:1239e9b70ca2 3852 }
wolfSSL 0:1239e9b70ca2 3853
wolfSSL 0:1239e9b70ca2 3854
wolfSSL 0:1239e9b70ca2 3855 /* Return memory needed to persist this row, have lock */
wolfSSL 0:1239e9b70ca2 3856 static INLINE int GetCertCacheRowMemory(Signer* row)
wolfSSL 0:1239e9b70ca2 3857 {
wolfSSL 0:1239e9b70ca2 3858 int sz = 0;
wolfSSL 0:1239e9b70ca2 3859
wolfSSL 0:1239e9b70ca2 3860 while (row) {
wolfSSL 0:1239e9b70ca2 3861 sz += GetSignerMemory(row);
wolfSSL 0:1239e9b70ca2 3862 row = row->next;
wolfSSL 0:1239e9b70ca2 3863 }
wolfSSL 0:1239e9b70ca2 3864
wolfSSL 0:1239e9b70ca2 3865 return sz;
wolfSSL 0:1239e9b70ca2 3866 }
wolfSSL 0:1239e9b70ca2 3867
wolfSSL 0:1239e9b70ca2 3868
wolfSSL 0:1239e9b70ca2 3869 /* get the size of persist cert cache, have lock */
wolfSSL 0:1239e9b70ca2 3870 static INLINE int GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 3871 {
wolfSSL 0:1239e9b70ca2 3872 int sz;
wolfSSL 0:1239e9b70ca2 3873 int i;
wolfSSL 0:1239e9b70ca2 3874
wolfSSL 0:1239e9b70ca2 3875 sz = sizeof(CertCacheHeader);
wolfSSL 0:1239e9b70ca2 3876
wolfSSL 0:1239e9b70ca2 3877 for (i = 0; i < CA_TABLE_SIZE; i++)
wolfSSL 0:1239e9b70ca2 3878 sz += GetCertCacheRowMemory(cm->caTable[i]);
wolfSSL 0:1239e9b70ca2 3879
wolfSSL 0:1239e9b70ca2 3880 return sz;
wolfSSL 0:1239e9b70ca2 3881 }
wolfSSL 0:1239e9b70ca2 3882
wolfSSL 0:1239e9b70ca2 3883
wolfSSL 0:1239e9b70ca2 3884 /* Store cert cache header columns with number of items per list, have lock */
wolfSSL 0:1239e9b70ca2 3885 static INLINE void SetCertHeaderColumns(CYASSL_CERT_MANAGER* cm, int* columns)
wolfSSL 0:1239e9b70ca2 3886 {
wolfSSL 0:1239e9b70ca2 3887 int i;
wolfSSL 0:1239e9b70ca2 3888 Signer* row;
wolfSSL 0:1239e9b70ca2 3889
wolfSSL 0:1239e9b70ca2 3890 for (i = 0; i < CA_TABLE_SIZE; i++) {
wolfSSL 0:1239e9b70ca2 3891 int count = 0;
wolfSSL 0:1239e9b70ca2 3892 row = cm->caTable[i];
wolfSSL 0:1239e9b70ca2 3893
wolfSSL 0:1239e9b70ca2 3894 while (row) {
wolfSSL 0:1239e9b70ca2 3895 ++count;
wolfSSL 0:1239e9b70ca2 3896 row = row->next;
wolfSSL 0:1239e9b70ca2 3897 }
wolfSSL 0:1239e9b70ca2 3898 columns[i] = count;
wolfSSL 0:1239e9b70ca2 3899 }
wolfSSL 0:1239e9b70ca2 3900 }
wolfSSL 0:1239e9b70ca2 3901
wolfSSL 0:1239e9b70ca2 3902
wolfSSL 0:1239e9b70ca2 3903 /* Restore whole cert row from memory, have lock, return bytes consumed,
wolfSSL 0:1239e9b70ca2 3904 < 0 on error, have lock */
wolfSSL 0:1239e9b70ca2 3905 static INLINE int RestoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current,
wolfSSL 0:1239e9b70ca2 3906 int row, int listSz, const byte* end)
wolfSSL 0:1239e9b70ca2 3907 {
wolfSSL 0:1239e9b70ca2 3908 int idx = 0;
wolfSSL 0:1239e9b70ca2 3909
wolfSSL 0:1239e9b70ca2 3910 if (listSz < 0) {
wolfSSL 0:1239e9b70ca2 3911 CYASSL_MSG("Row header corrupted, negative value");
wolfSSL 0:1239e9b70ca2 3912 return PARSE_ERROR;
wolfSSL 0:1239e9b70ca2 3913 }
wolfSSL 0:1239e9b70ca2 3914
wolfSSL 0:1239e9b70ca2 3915 while (listSz) {
wolfSSL 0:1239e9b70ca2 3916 Signer* signer;
wolfSSL 0:1239e9b70ca2 3917 byte* start = current + idx; /* for end checks on this signer */
wolfSSL 0:1239e9b70ca2 3918 int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
wolfSSL 0:1239e9b70ca2 3919 sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 0:1239e9b70ca2 3920 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 3921 minSz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 0:1239e9b70ca2 3922 #endif
wolfSSL 0:1239e9b70ca2 3923
wolfSSL 0:1239e9b70ca2 3924 if (start + minSz > end) {
wolfSSL 0:1239e9b70ca2 3925 CYASSL_MSG("Would overread restore buffer");
wolfSSL 0:1239e9b70ca2 3926 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3927 }
wolfSSL 0:1239e9b70ca2 3928 signer = MakeSigner(cm->heap);
wolfSSL 0:1239e9b70ca2 3929 if (signer == NULL)
wolfSSL 0:1239e9b70ca2 3930 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 3931
wolfSSL 0:1239e9b70ca2 3932 /* pubKeySize */
wolfSSL 0:1239e9b70ca2 3933 XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
wolfSSL 0:1239e9b70ca2 3934 idx += (int)sizeof(signer->pubKeySize);
wolfSSL 0:1239e9b70ca2 3935
wolfSSL 0:1239e9b70ca2 3936 /* keyOID */
wolfSSL 0:1239e9b70ca2 3937 XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
wolfSSL 0:1239e9b70ca2 3938 idx += (int)sizeof(signer->keyOID);
wolfSSL 0:1239e9b70ca2 3939
wolfSSL 0:1239e9b70ca2 3940 /* pulicKey */
wolfSSL 0:1239e9b70ca2 3941 if (start + minSz + signer->pubKeySize > end) {
wolfSSL 0:1239e9b70ca2 3942 CYASSL_MSG("Would overread restore buffer");
wolfSSL 0:1239e9b70ca2 3943 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 3944 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3945 }
wolfSSL 0:1239e9b70ca2 3946 signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
wolfSSL 0:1239e9b70ca2 3947 DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 3948 if (signer->publicKey == NULL) {
wolfSSL 0:1239e9b70ca2 3949 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 3950 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 3951 }
wolfSSL 0:1239e9b70ca2 3952
wolfSSL 0:1239e9b70ca2 3953 XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize);
wolfSSL 0:1239e9b70ca2 3954 idx += signer->pubKeySize;
wolfSSL 0:1239e9b70ca2 3955
wolfSSL 0:1239e9b70ca2 3956 /* nameLen */
wolfSSL 0:1239e9b70ca2 3957 XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
wolfSSL 0:1239e9b70ca2 3958 idx += (int)sizeof(signer->nameLen);
wolfSSL 0:1239e9b70ca2 3959
wolfSSL 0:1239e9b70ca2 3960 /* name */
wolfSSL 0:1239e9b70ca2 3961 if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
wolfSSL 0:1239e9b70ca2 3962 CYASSL_MSG("Would overread restore buffer");
wolfSSL 0:1239e9b70ca2 3963 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 3964 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3965 }
wolfSSL 0:1239e9b70ca2 3966 signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
wolfSSL 0:1239e9b70ca2 3967 DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 0:1239e9b70ca2 3968 if (signer->name == NULL) {
wolfSSL 0:1239e9b70ca2 3969 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 3970 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 3971 }
wolfSSL 0:1239e9b70ca2 3972
wolfSSL 0:1239e9b70ca2 3973 XMEMCPY(signer->name, current + idx, signer->nameLen);
wolfSSL 0:1239e9b70ca2 3974 idx += signer->nameLen;
wolfSSL 0:1239e9b70ca2 3975
wolfSSL 0:1239e9b70ca2 3976 /* subjectNameHash */
wolfSSL 0:1239e9b70ca2 3977 XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 3978 idx += SIGNER_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 3979
wolfSSL 0:1239e9b70ca2 3980 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 3981 /* subjectKeyIdHash */
wolfSSL 0:1239e9b70ca2 3982 XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 3983 idx += SIGNER_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 3984 #endif
wolfSSL 0:1239e9b70ca2 3985
wolfSSL 0:1239e9b70ca2 3986 signer->next = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 3987 cm->caTable[row] = signer;
wolfSSL 0:1239e9b70ca2 3988
wolfSSL 0:1239e9b70ca2 3989 --listSz;
wolfSSL 0:1239e9b70ca2 3990 }
wolfSSL 0:1239e9b70ca2 3991
wolfSSL 0:1239e9b70ca2 3992 return idx;
wolfSSL 0:1239e9b70ca2 3993 }
wolfSSL 0:1239e9b70ca2 3994
wolfSSL 0:1239e9b70ca2 3995
wolfSSL 0:1239e9b70ca2 3996 /* Store whole cert row into memory, have lock, return bytes added */
wolfSSL 0:1239e9b70ca2 3997 static INLINE int StoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current, int row)
wolfSSL 0:1239e9b70ca2 3998 {
wolfSSL 0:1239e9b70ca2 3999 int added = 0;
wolfSSL 0:1239e9b70ca2 4000 Signer* list = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 4001
wolfSSL 0:1239e9b70ca2 4002 while (list) {
wolfSSL 0:1239e9b70ca2 4003 XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
wolfSSL 0:1239e9b70ca2 4004 added += (int)sizeof(list->pubKeySize);
wolfSSL 0:1239e9b70ca2 4005
wolfSSL 0:1239e9b70ca2 4006 XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
wolfSSL 0:1239e9b70ca2 4007 added += (int)sizeof(list->keyOID);
wolfSSL 0:1239e9b70ca2 4008
wolfSSL 0:1239e9b70ca2 4009 XMEMCPY(current + added, list->publicKey, list->pubKeySize);
wolfSSL 0:1239e9b70ca2 4010 added += list->pubKeySize;
wolfSSL 0:1239e9b70ca2 4011
wolfSSL 0:1239e9b70ca2 4012 XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
wolfSSL 0:1239e9b70ca2 4013 added += (int)sizeof(list->nameLen);
wolfSSL 0:1239e9b70ca2 4014
wolfSSL 0:1239e9b70ca2 4015 XMEMCPY(current + added, list->name, list->nameLen);
wolfSSL 0:1239e9b70ca2 4016 added += list->nameLen;
wolfSSL 0:1239e9b70ca2 4017
wolfSSL 0:1239e9b70ca2 4018 XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 4019 added += SIGNER_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 4020
wolfSSL 0:1239e9b70ca2 4021 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 4022 XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 4023 added += SIGNER_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 4024 #endif
wolfSSL 0:1239e9b70ca2 4025
wolfSSL 0:1239e9b70ca2 4026 list = list->next;
wolfSSL 0:1239e9b70ca2 4027 }
wolfSSL 0:1239e9b70ca2 4028
wolfSSL 0:1239e9b70ca2 4029 return added;
wolfSSL 0:1239e9b70ca2 4030 }
wolfSSL 0:1239e9b70ca2 4031
wolfSSL 0:1239e9b70ca2 4032
wolfSSL 0:1239e9b70ca2 4033 /* Persist cert cache to memory, have lock */
wolfSSL 0:1239e9b70ca2 4034 static INLINE int DoMemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz)
wolfSSL 0:1239e9b70ca2 4035 {
wolfSSL 0:1239e9b70ca2 4036 int realSz;
wolfSSL 0:1239e9b70ca2 4037 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4038 int i;
wolfSSL 0:1239e9b70ca2 4039
wolfSSL 0:1239e9b70ca2 4040 CYASSL_ENTER("DoMemSaveCertCache");
wolfSSL 0:1239e9b70ca2 4041
wolfSSL 0:1239e9b70ca2 4042 realSz = GetCertCacheMemSize(cm);
wolfSSL 0:1239e9b70ca2 4043 if (realSz > sz) {
wolfSSL 0:1239e9b70ca2 4044 CYASSL_MSG("Mem output buffer too small");
wolfSSL 0:1239e9b70ca2 4045 ret = BUFFER_E;
wolfSSL 0:1239e9b70ca2 4046 }
wolfSSL 0:1239e9b70ca2 4047 else {
wolfSSL 0:1239e9b70ca2 4048 byte* current;
wolfSSL 0:1239e9b70ca2 4049 CertCacheHeader hdr;
wolfSSL 0:1239e9b70ca2 4050
wolfSSL 0:1239e9b70ca2 4051 hdr.version = CYASSL_CACHE_CERT_VERSION;
wolfSSL 0:1239e9b70ca2 4052 hdr.rows = CA_TABLE_SIZE;
wolfSSL 0:1239e9b70ca2 4053 SetCertHeaderColumns(cm, hdr.columns);
wolfSSL 0:1239e9b70ca2 4054 hdr.signerSz = (int)sizeof(Signer);
wolfSSL 0:1239e9b70ca2 4055
wolfSSL 0:1239e9b70ca2 4056 XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
wolfSSL 0:1239e9b70ca2 4057 current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 0:1239e9b70ca2 4058
wolfSSL 0:1239e9b70ca2 4059 for (i = 0; i < CA_TABLE_SIZE; ++i)
wolfSSL 0:1239e9b70ca2 4060 current += StoreCertRow(cm, current, i);
wolfSSL 0:1239e9b70ca2 4061 }
wolfSSL 0:1239e9b70ca2 4062
wolfSSL 0:1239e9b70ca2 4063 return ret;
wolfSSL 0:1239e9b70ca2 4064 }
wolfSSL 0:1239e9b70ca2 4065
wolfSSL 0:1239e9b70ca2 4066
wolfSSL 0:1239e9b70ca2 4067 #if !defined(NO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 4068
wolfSSL 0:1239e9b70ca2 4069 /* Persist cert cache to file */
wolfSSL 0:1239e9b70ca2 4070 int CM_SaveCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 0:1239e9b70ca2 4071 {
wolfSSL 0:1239e9b70ca2 4072 XFILE file;
wolfSSL 0:1239e9b70ca2 4073 int rc = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4074 int memSz;
wolfSSL 0:1239e9b70ca2 4075 byte* mem;
wolfSSL 0:1239e9b70ca2 4076
wolfSSL 0:1239e9b70ca2 4077 CYASSL_ENTER("CM_SaveCertCache");
wolfSSL 0:1239e9b70ca2 4078
wolfSSL 0:1239e9b70ca2 4079 file = XFOPEN(fname, "w+b");
wolfSSL 0:1239e9b70ca2 4080 if (file == XBADFILE) {
wolfSSL 0:1239e9b70ca2 4081 CYASSL_MSG("Couldn't open cert cache save file");
wolfSSL 0:1239e9b70ca2 4082 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 4083 }
wolfSSL 0:1239e9b70ca2 4084
wolfSSL 0:1239e9b70ca2 4085 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 4086 CYASSL_MSG("LockMutex on caLock failed");
wolfSSL 0:1239e9b70ca2 4087 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4088 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4089 }
wolfSSL 0:1239e9b70ca2 4090
wolfSSL 0:1239e9b70ca2 4091 memSz = GetCertCacheMemSize(cm);
wolfSSL 0:1239e9b70ca2 4092 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 4093 if (mem == NULL) {
wolfSSL 0:1239e9b70ca2 4094 CYASSL_MSG("Alloc for tmp buffer failed");
wolfSSL 0:1239e9b70ca2 4095 rc = MEMORY_E;
wolfSSL 0:1239e9b70ca2 4096 } else {
wolfSSL 0:1239e9b70ca2 4097 rc = DoMemSaveCertCache(cm, mem, memSz);
wolfSSL 0:1239e9b70ca2 4098 if (rc == SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 4099 int ret = (int)XFWRITE(mem, memSz, 1, file);
wolfSSL 0:1239e9b70ca2 4100 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 4101 CYASSL_MSG("Cert cache file write failed");
wolfSSL 0:1239e9b70ca2 4102 rc = FWRITE_ERROR;
wolfSSL 0:1239e9b70ca2 4103 }
wolfSSL 0:1239e9b70ca2 4104 }
wolfSSL 0:1239e9b70ca2 4105 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 4106 }
wolfSSL 0:1239e9b70ca2 4107
wolfSSL 0:1239e9b70ca2 4108 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 4109 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4110
wolfSSL 0:1239e9b70ca2 4111 return rc;
wolfSSL 0:1239e9b70ca2 4112 }
wolfSSL 0:1239e9b70ca2 4113
wolfSSL 0:1239e9b70ca2 4114
wolfSSL 0:1239e9b70ca2 4115 /* Restore cert cache from file */
wolfSSL 0:1239e9b70ca2 4116 int CM_RestoreCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 0:1239e9b70ca2 4117 {
wolfSSL 0:1239e9b70ca2 4118 XFILE file;
wolfSSL 0:1239e9b70ca2 4119 int rc = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4120 int ret;
wolfSSL 0:1239e9b70ca2 4121 int memSz;
wolfSSL 0:1239e9b70ca2 4122 byte* mem;
wolfSSL 0:1239e9b70ca2 4123
wolfSSL 0:1239e9b70ca2 4124 CYASSL_ENTER("CM_RestoreCertCache");
wolfSSL 0:1239e9b70ca2 4125
wolfSSL 0:1239e9b70ca2 4126 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 4127 if (file == XBADFILE) {
wolfSSL 0:1239e9b70ca2 4128 CYASSL_MSG("Couldn't open cert cache save file");
wolfSSL 0:1239e9b70ca2 4129 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 4130 }
wolfSSL 0:1239e9b70ca2 4131
wolfSSL 0:1239e9b70ca2 4132 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 4133 memSz = (int)XFTELL(file);
wolfSSL 0:1239e9b70ca2 4134 XREWIND(file);
wolfSSL 0:1239e9b70ca2 4135
wolfSSL 0:1239e9b70ca2 4136 if (memSz <= 0) {
wolfSSL 0:1239e9b70ca2 4137 CYASSL_MSG("Bad file size");
wolfSSL 0:1239e9b70ca2 4138 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4139 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 4140 }
wolfSSL 0:1239e9b70ca2 4141
wolfSSL 0:1239e9b70ca2 4142 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 4143 if (mem == NULL) {
wolfSSL 0:1239e9b70ca2 4144 CYASSL_MSG("Alloc for tmp buffer failed");
wolfSSL 0:1239e9b70ca2 4145 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4146 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 4147 }
wolfSSL 0:1239e9b70ca2 4148
wolfSSL 0:1239e9b70ca2 4149 ret = (int)XFREAD(mem, memSz, 1, file);
wolfSSL 0:1239e9b70ca2 4150 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 4151 CYASSL_MSG("Cert file read error");
wolfSSL 0:1239e9b70ca2 4152 rc = FREAD_ERROR;
wolfSSL 0:1239e9b70ca2 4153 } else {
wolfSSL 0:1239e9b70ca2 4154 rc = CM_MemRestoreCertCache(cm, mem, memSz);
wolfSSL 0:1239e9b70ca2 4155 if (rc != SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 4156 CYASSL_MSG("Mem restore cert cache failed");
wolfSSL 0:1239e9b70ca2 4157 }
wolfSSL 0:1239e9b70ca2 4158 }
wolfSSL 0:1239e9b70ca2 4159
wolfSSL 0:1239e9b70ca2 4160 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 4161 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4162
wolfSSL 0:1239e9b70ca2 4163 return rc;
wolfSSL 0:1239e9b70ca2 4164 }
wolfSSL 0:1239e9b70ca2 4165
wolfSSL 0:1239e9b70ca2 4166 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 4167
wolfSSL 0:1239e9b70ca2 4168
wolfSSL 0:1239e9b70ca2 4169 /* Persist cert cache to memory */
wolfSSL 0:1239e9b70ca2 4170 int CM_MemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
wolfSSL 0:1239e9b70ca2 4171 {
wolfSSL 0:1239e9b70ca2 4172 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4173
wolfSSL 0:1239e9b70ca2 4174 CYASSL_ENTER("CM_MemSaveCertCache");
wolfSSL 0:1239e9b70ca2 4175
wolfSSL 0:1239e9b70ca2 4176 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 4177 CYASSL_MSG("LockMutex on caLock failed");
wolfSSL 0:1239e9b70ca2 4178 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4179 }
wolfSSL 0:1239e9b70ca2 4180
wolfSSL 0:1239e9b70ca2 4181 ret = DoMemSaveCertCache(cm, mem, sz);
wolfSSL 0:1239e9b70ca2 4182 if (ret == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 4183 *used = GetCertCacheMemSize(cm);
wolfSSL 0:1239e9b70ca2 4184
wolfSSL 0:1239e9b70ca2 4185 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 4186
wolfSSL 0:1239e9b70ca2 4187 return ret;
wolfSSL 0:1239e9b70ca2 4188 }
wolfSSL 0:1239e9b70ca2 4189
wolfSSL 0:1239e9b70ca2 4190
wolfSSL 0:1239e9b70ca2 4191 /* Restore cert cache from memory */
wolfSSL 0:1239e9b70ca2 4192 int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER* cm, const void* mem, int sz)
wolfSSL 0:1239e9b70ca2 4193 {
wolfSSL 0:1239e9b70ca2 4194 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4195 int i;
wolfSSL 0:1239e9b70ca2 4196 CertCacheHeader* hdr = (CertCacheHeader*)mem;
wolfSSL 0:1239e9b70ca2 4197 byte* current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 0:1239e9b70ca2 4198 byte* end = (byte*)mem + sz; /* don't go over */
wolfSSL 0:1239e9b70ca2 4199
wolfSSL 0:1239e9b70ca2 4200 CYASSL_ENTER("CM_MemRestoreCertCache");
wolfSSL 0:1239e9b70ca2 4201
wolfSSL 0:1239e9b70ca2 4202 if (current > end) {
wolfSSL 0:1239e9b70ca2 4203 CYASSL_MSG("Cert Cache Memory buffer too small");
wolfSSL 0:1239e9b70ca2 4204 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 4205 }
wolfSSL 0:1239e9b70ca2 4206
wolfSSL 0:1239e9b70ca2 4207 if (hdr->version != CYASSL_CACHE_CERT_VERSION ||
wolfSSL 0:1239e9b70ca2 4208 hdr->rows != CA_TABLE_SIZE ||
wolfSSL 0:1239e9b70ca2 4209 hdr->signerSz != (int)sizeof(Signer)) {
wolfSSL 0:1239e9b70ca2 4210
wolfSSL 0:1239e9b70ca2 4211 CYASSL_MSG("Cert Cache Memory header mismatch");
wolfSSL 0:1239e9b70ca2 4212 return CACHE_MATCH_ERROR;
wolfSSL 0:1239e9b70ca2 4213 }
wolfSSL 0:1239e9b70ca2 4214
wolfSSL 0:1239e9b70ca2 4215 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 4216 CYASSL_MSG("LockMutex on caLock failed");
wolfSSL 0:1239e9b70ca2 4217 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4218 }
wolfSSL 0:1239e9b70ca2 4219
wolfSSL 0:1239e9b70ca2 4220 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 0:1239e9b70ca2 4221
wolfSSL 0:1239e9b70ca2 4222 for (i = 0; i < CA_TABLE_SIZE; ++i) {
wolfSSL 0:1239e9b70ca2 4223 int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
wolfSSL 0:1239e9b70ca2 4224 if (added < 0) {
wolfSSL 0:1239e9b70ca2 4225 CYASSL_MSG("RestoreCertRow error");
wolfSSL 0:1239e9b70ca2 4226 ret = added;
wolfSSL 0:1239e9b70ca2 4227 break;
wolfSSL 0:1239e9b70ca2 4228 }
wolfSSL 0:1239e9b70ca2 4229 current += added;
wolfSSL 0:1239e9b70ca2 4230 }
wolfSSL 0:1239e9b70ca2 4231
wolfSSL 0:1239e9b70ca2 4232 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 4233
wolfSSL 0:1239e9b70ca2 4234 return ret;
wolfSSL 0:1239e9b70ca2 4235 }
wolfSSL 0:1239e9b70ca2 4236
wolfSSL 0:1239e9b70ca2 4237
wolfSSL 0:1239e9b70ca2 4238 /* get how big the the cert cache save buffer needs to be */
wolfSSL 0:1239e9b70ca2 4239 int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 4240 {
wolfSSL 0:1239e9b70ca2 4241 int sz;
wolfSSL 0:1239e9b70ca2 4242
wolfSSL 0:1239e9b70ca2 4243 CYASSL_ENTER("CM_GetCertCacheMemSize");
wolfSSL 0:1239e9b70ca2 4244
wolfSSL 0:1239e9b70ca2 4245 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 4246 CYASSL_MSG("LockMutex on caLock failed");
wolfSSL 0:1239e9b70ca2 4247 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4248 }
wolfSSL 0:1239e9b70ca2 4249
wolfSSL 0:1239e9b70ca2 4250 sz = GetCertCacheMemSize(cm);
wolfSSL 0:1239e9b70ca2 4251
wolfSSL 0:1239e9b70ca2 4252 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 4253
wolfSSL 0:1239e9b70ca2 4254 return sz;
wolfSSL 0:1239e9b70ca2 4255 }
wolfSSL 0:1239e9b70ca2 4256
wolfSSL 0:1239e9b70ca2 4257 #endif /* PERSIST_CERT_CACHE */
wolfSSL 0:1239e9b70ca2 4258 #endif /* NO_CERTS */
wolfSSL 0:1239e9b70ca2 4259
wolfSSL 0:1239e9b70ca2 4260
wolfSSL 0:1239e9b70ca2 4261 int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
wolfSSL 0:1239e9b70ca2 4262 {
wolfSSL 0:1239e9b70ca2 4263 CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
wolfSSL 0:1239e9b70ca2 4264 if (SetCipherList(&ctx->suites, list))
wolfSSL 0:1239e9b70ca2 4265 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4266 else
wolfSSL 0:1239e9b70ca2 4267 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 4268 }
wolfSSL 0:1239e9b70ca2 4269
wolfSSL 0:1239e9b70ca2 4270
wolfSSL 0:1239e9b70ca2 4271 int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
wolfSSL 0:1239e9b70ca2 4272 {
wolfSSL 0:1239e9b70ca2 4273 CYASSL_ENTER("CyaSSL_set_cipher_list");
wolfSSL 0:1239e9b70ca2 4274 if (SetCipherList(ssl->suites, list)) {
wolfSSL 0:1239e9b70ca2 4275 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 4276 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 4277
wolfSSL 0:1239e9b70ca2 4278 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 4279 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 4280 #endif
wolfSSL 0:1239e9b70ca2 4281 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 4282 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 4283 #endif
wolfSSL 0:1239e9b70ca2 4284
wolfSSL 0:1239e9b70ca2 4285 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 0:1239e9b70ca2 4286 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:1239e9b70ca2 4287 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:1239e9b70ca2 4288 ssl->options.side);
wolfSSL 0:1239e9b70ca2 4289
wolfSSL 0:1239e9b70ca2 4290 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4291 }
wolfSSL 0:1239e9b70ca2 4292 else
wolfSSL 0:1239e9b70ca2 4293 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 4294 }
wolfSSL 0:1239e9b70ca2 4295
wolfSSL 0:1239e9b70ca2 4296
wolfSSL 0:1239e9b70ca2 4297 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 4298 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4299
wolfSSL 0:1239e9b70ca2 4300 int CyaSSL_dtls_get_current_timeout(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 4301 {
wolfSSL 0:1239e9b70ca2 4302 (void)ssl;
wolfSSL 0:1239e9b70ca2 4303
wolfSSL 0:1239e9b70ca2 4304 return ssl->dtls_timeout;
wolfSSL 0:1239e9b70ca2 4305 }
wolfSSL 0:1239e9b70ca2 4306
wolfSSL 0:1239e9b70ca2 4307
wolfSSL 0:1239e9b70ca2 4308 /* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 4309 int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int timeout)
wolfSSL 0:1239e9b70ca2 4310 {
wolfSSL 0:1239e9b70ca2 4311 if (ssl == NULL || timeout < 0)
wolfSSL 0:1239e9b70ca2 4312 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 4313
wolfSSL 0:1239e9b70ca2 4314 if (timeout > ssl->dtls_timeout_max) {
wolfSSL 0:1239e9b70ca2 4315 CYASSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
wolfSSL 0:1239e9b70ca2 4316 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 4317 }
wolfSSL 0:1239e9b70ca2 4318
wolfSSL 0:1239e9b70ca2 4319 ssl->dtls_timeout_init = timeout;
wolfSSL 0:1239e9b70ca2 4320 ssl->dtls_timeout = timeout;
wolfSSL 0:1239e9b70ca2 4321
wolfSSL 0:1239e9b70ca2 4322 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4323 }
wolfSSL 0:1239e9b70ca2 4324
wolfSSL 0:1239e9b70ca2 4325
wolfSSL 0:1239e9b70ca2 4326 /* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 4327 int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int timeout)
wolfSSL 0:1239e9b70ca2 4328 {
wolfSSL 0:1239e9b70ca2 4329 if (ssl == NULL || timeout < 0)
wolfSSL 0:1239e9b70ca2 4330 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 4331
wolfSSL 0:1239e9b70ca2 4332 if (timeout < ssl->dtls_timeout_init) {
wolfSSL 0:1239e9b70ca2 4333 CYASSL_MSG("Can't set dtls timeout max less than dtls timeout init");
wolfSSL 0:1239e9b70ca2 4334 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 4335 }
wolfSSL 0:1239e9b70ca2 4336
wolfSSL 0:1239e9b70ca2 4337 ssl->dtls_timeout_max = timeout;
wolfSSL 0:1239e9b70ca2 4338
wolfSSL 0:1239e9b70ca2 4339 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4340 }
wolfSSL 0:1239e9b70ca2 4341
wolfSSL 0:1239e9b70ca2 4342
wolfSSL 0:1239e9b70ca2 4343 int CyaSSL_dtls_got_timeout(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 4344 {
wolfSSL 0:1239e9b70ca2 4345 int result = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4346
wolfSSL 0:1239e9b70ca2 4347 DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
wolfSSL 0:1239e9b70ca2 4348 ssl->dtls_msg_list = NULL;
wolfSSL 0:1239e9b70ca2 4349 if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) {
wolfSSL 0:1239e9b70ca2 4350 result = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4351 }
wolfSSL 0:1239e9b70ca2 4352 return result;
wolfSSL 0:1239e9b70ca2 4353 }
wolfSSL 0:1239e9b70ca2 4354
wolfSSL 0:1239e9b70ca2 4355 #endif /* DTLS */
wolfSSL 0:1239e9b70ca2 4356 #endif /* LEANPSK */
wolfSSL 0:1239e9b70ca2 4357
wolfSSL 0:1239e9b70ca2 4358
wolfSSL 0:1239e9b70ca2 4359 /* client only parts */
wolfSSL 0:1239e9b70ca2 4360 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 4361
wolfSSL 0:1239e9b70ca2 4362 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 4363 CYASSL_METHOD* CyaSSLv3_client_method(void)
wolfSSL 0:1239e9b70ca2 4364 {
wolfSSL 0:1239e9b70ca2 4365 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4366 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4367 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4368 CYASSL_ENTER("SSLv3_client_method");
wolfSSL 0:1239e9b70ca2 4369 if (method)
wolfSSL 0:1239e9b70ca2 4370 InitSSL_Method(method, MakeSSLv3());
wolfSSL 0:1239e9b70ca2 4371 return method;
wolfSSL 0:1239e9b70ca2 4372 }
wolfSSL 0:1239e9b70ca2 4373 #endif
wolfSSL 0:1239e9b70ca2 4374
wolfSSL 0:1239e9b70ca2 4375 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4376 CYASSL_METHOD* CyaDTLSv1_client_method(void)
wolfSSL 0:1239e9b70ca2 4377 {
wolfSSL 0:1239e9b70ca2 4378 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4379 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4380 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4381 CYASSL_ENTER("DTLSv1_client_method");
wolfSSL 0:1239e9b70ca2 4382 if (method)
wolfSSL 0:1239e9b70ca2 4383 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 0:1239e9b70ca2 4384 return method;
wolfSSL 0:1239e9b70ca2 4385 }
wolfSSL 0:1239e9b70ca2 4386
wolfSSL 0:1239e9b70ca2 4387 CYASSL_METHOD* CyaDTLSv1_2_client_method(void)
wolfSSL 0:1239e9b70ca2 4388 {
wolfSSL 0:1239e9b70ca2 4389 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4390 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4391 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4392 CYASSL_ENTER("DTLSv1_2_client_method");
wolfSSL 0:1239e9b70ca2 4393 if (method)
wolfSSL 0:1239e9b70ca2 4394 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 0:1239e9b70ca2 4395 return method;
wolfSSL 0:1239e9b70ca2 4396 }
wolfSSL 0:1239e9b70ca2 4397 #endif
wolfSSL 0:1239e9b70ca2 4398
wolfSSL 0:1239e9b70ca2 4399
wolfSSL 0:1239e9b70ca2 4400 /* please see note at top of README if you get an error from connect */
wolfSSL 0:1239e9b70ca2 4401 int CyaSSL_connect(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 4402 {
wolfSSL 0:1239e9b70ca2 4403 int neededState;
wolfSSL 0:1239e9b70ca2 4404
wolfSSL 0:1239e9b70ca2 4405 CYASSL_ENTER("SSL_connect()");
wolfSSL 0:1239e9b70ca2 4406
wolfSSL 0:1239e9b70ca2 4407 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 4408 errno = 0;
wolfSSL 0:1239e9b70ca2 4409 #endif
wolfSSL 0:1239e9b70ca2 4410
wolfSSL 0:1239e9b70ca2 4411 if (ssl->options.side != CYASSL_CLIENT_END) {
wolfSSL 0:1239e9b70ca2 4412 CYASSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 0:1239e9b70ca2 4413 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4414 }
wolfSSL 0:1239e9b70ca2 4415
wolfSSL 0:1239e9b70ca2 4416 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4417 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 0:1239e9b70ca2 4418 ssl->options.dtls = 1;
wolfSSL 0:1239e9b70ca2 4419 ssl->options.tls = 1;
wolfSSL 0:1239e9b70ca2 4420 ssl->options.tls1_1 = 1;
wolfSSL 0:1239e9b70ca2 4421
wolfSSL 0:1239e9b70ca2 4422 if (DtlsPoolInit(ssl) != 0) {
wolfSSL 0:1239e9b70ca2 4423 ssl->error = MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 4424 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4425 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4426 }
wolfSSL 0:1239e9b70ca2 4427 }
wolfSSL 0:1239e9b70ca2 4428 #endif
wolfSSL 0:1239e9b70ca2 4429
wolfSSL 0:1239e9b70ca2 4430 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 0:1239e9b70ca2 4431 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 0:1239e9b70ca2 4432 ssl->options.connectState++;
wolfSSL 0:1239e9b70ca2 4433 CYASSL_MSG("connect state: Advanced from buffered send");
wolfSSL 0:1239e9b70ca2 4434 }
wolfSSL 0:1239e9b70ca2 4435 else {
wolfSSL 0:1239e9b70ca2 4436 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4437 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4438 }
wolfSSL 0:1239e9b70ca2 4439 }
wolfSSL 0:1239e9b70ca2 4440
wolfSSL 0:1239e9b70ca2 4441 switch (ssl->options.connectState) {
wolfSSL 0:1239e9b70ca2 4442
wolfSSL 0:1239e9b70ca2 4443 case CONNECT_BEGIN :
wolfSSL 0:1239e9b70ca2 4444 /* always send client hello first */
wolfSSL 0:1239e9b70ca2 4445 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4446 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4447 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4448 }
wolfSSL 0:1239e9b70ca2 4449 ssl->options.connectState = CLIENT_HELLO_SENT;
wolfSSL 0:1239e9b70ca2 4450 CYASSL_MSG("connect state: CLIENT_HELLO_SENT");
wolfSSL 0:1239e9b70ca2 4451
wolfSSL 0:1239e9b70ca2 4452 case CLIENT_HELLO_SENT :
wolfSSL 0:1239e9b70ca2 4453 neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
wolfSSL 0:1239e9b70ca2 4454 SERVER_HELLODONE_COMPLETE;
wolfSSL 0:1239e9b70ca2 4455 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4456 /* In DTLS, when resuming, we can go straight to FINISHED,
wolfSSL 0:1239e9b70ca2 4457 * or do a cookie exchange and then skip to FINISHED, assume
wolfSSL 0:1239e9b70ca2 4458 * we need the cookie exchange first. */
wolfSSL 0:1239e9b70ca2 4459 if (ssl->options.dtls)
wolfSSL 0:1239e9b70ca2 4460 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 0:1239e9b70ca2 4461 #endif
wolfSSL 0:1239e9b70ca2 4462 /* get response */
wolfSSL 0:1239e9b70ca2 4463 while (ssl->options.serverState < neededState) {
wolfSSL 0:1239e9b70ca2 4464 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4465 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4466 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4467 }
wolfSSL 0:1239e9b70ca2 4468 /* if resumption failed, reset needed state */
wolfSSL 0:1239e9b70ca2 4469 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4470 if (!ssl->options.resuming) {
wolfSSL 0:1239e9b70ca2 4471 if (!ssl->options.dtls)
wolfSSL 0:1239e9b70ca2 4472 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 0:1239e9b70ca2 4473 else
wolfSSL 0:1239e9b70ca2 4474 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 0:1239e9b70ca2 4475 }
wolfSSL 0:1239e9b70ca2 4476 }
wolfSSL 0:1239e9b70ca2 4477
wolfSSL 0:1239e9b70ca2 4478 ssl->options.connectState = HELLO_AGAIN;
wolfSSL 0:1239e9b70ca2 4479 CYASSL_MSG("connect state: HELLO_AGAIN");
wolfSSL 0:1239e9b70ca2 4480
wolfSSL 0:1239e9b70ca2 4481 case HELLO_AGAIN :
wolfSSL 0:1239e9b70ca2 4482 if (ssl->options.certOnly)
wolfSSL 0:1239e9b70ca2 4483 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4484
wolfSSL 0:1239e9b70ca2 4485 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4486 if (ssl->options.dtls) {
wolfSSL 0:1239e9b70ca2 4487 /* re-init hashes, exclude first hello and verify request */
wolfSSL 0:1239e9b70ca2 4488 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 4489 InitMd5(&ssl->hashMd5);
wolfSSL 0:1239e9b70ca2 4490 if ( (ssl->error = InitSha(&ssl->hashSha)) != 0) {
wolfSSL 0:1239e9b70ca2 4491 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4492 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4493 }
wolfSSL 0:1239e9b70ca2 4494 #endif
wolfSSL 0:1239e9b70ca2 4495 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:1239e9b70ca2 4496 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 4497 if ( (ssl->error =
wolfSSL 0:1239e9b70ca2 4498 InitSha256(&ssl->hashSha256)) != 0) {
wolfSSL 0:1239e9b70ca2 4499 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4500 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4501 }
wolfSSL 0:1239e9b70ca2 4502 #endif
wolfSSL 0:1239e9b70ca2 4503 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 4504 if ( (ssl->error =
wolfSSL 0:1239e9b70ca2 4505 InitSha384(&ssl->hashSha384)) != 0) {
wolfSSL 0:1239e9b70ca2 4506 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4507 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4508 }
wolfSSL 0:1239e9b70ca2 4509 #endif
wolfSSL 0:1239e9b70ca2 4510 }
wolfSSL 0:1239e9b70ca2 4511 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4512 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4513 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4514 }
wolfSSL 0:1239e9b70ca2 4515 }
wolfSSL 0:1239e9b70ca2 4516 #endif
wolfSSL 0:1239e9b70ca2 4517
wolfSSL 0:1239e9b70ca2 4518 ssl->options.connectState = HELLO_AGAIN_REPLY;
wolfSSL 0:1239e9b70ca2 4519 CYASSL_MSG("connect state: HELLO_AGAIN_REPLY");
wolfSSL 0:1239e9b70ca2 4520
wolfSSL 0:1239e9b70ca2 4521 case HELLO_AGAIN_REPLY :
wolfSSL 0:1239e9b70ca2 4522 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4523 if (ssl->options.dtls) {
wolfSSL 0:1239e9b70ca2 4524 neededState = ssl->options.resuming ?
wolfSSL 0:1239e9b70ca2 4525 SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
wolfSSL 0:1239e9b70ca2 4526
wolfSSL 0:1239e9b70ca2 4527 /* get response */
wolfSSL 0:1239e9b70ca2 4528 while (ssl->options.serverState < neededState) {
wolfSSL 0:1239e9b70ca2 4529 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4530 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4531 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4532 }
wolfSSL 0:1239e9b70ca2 4533 /* if resumption failed, reset needed state */
wolfSSL 0:1239e9b70ca2 4534 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4535 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4536 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 0:1239e9b70ca2 4537 }
wolfSSL 0:1239e9b70ca2 4538 }
wolfSSL 0:1239e9b70ca2 4539 #endif
wolfSSL 0:1239e9b70ca2 4540
wolfSSL 0:1239e9b70ca2 4541 ssl->options.connectState = FIRST_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4542 CYASSL_MSG("connect state: FIRST_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4543
wolfSSL 0:1239e9b70ca2 4544 case FIRST_REPLY_DONE :
wolfSSL 0:1239e9b70ca2 4545 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4546 if (ssl->options.sendVerify) {
wolfSSL 0:1239e9b70ca2 4547 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4548 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4549 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4550 }
wolfSSL 0:1239e9b70ca2 4551 CYASSL_MSG("sent: certificate");
wolfSSL 0:1239e9b70ca2 4552 }
wolfSSL 0:1239e9b70ca2 4553
wolfSSL 0:1239e9b70ca2 4554 #endif
wolfSSL 0:1239e9b70ca2 4555 ssl->options.connectState = FIRST_REPLY_FIRST;
wolfSSL 0:1239e9b70ca2 4556 CYASSL_MSG("connect state: FIRST_REPLY_FIRST");
wolfSSL 0:1239e9b70ca2 4557
wolfSSL 0:1239e9b70ca2 4558 case FIRST_REPLY_FIRST :
wolfSSL 0:1239e9b70ca2 4559 if (!ssl->options.resuming) {
wolfSSL 0:1239e9b70ca2 4560 if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4561 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4562 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4563 }
wolfSSL 0:1239e9b70ca2 4564 CYASSL_MSG("sent: client key exchange");
wolfSSL 0:1239e9b70ca2 4565 }
wolfSSL 0:1239e9b70ca2 4566
wolfSSL 0:1239e9b70ca2 4567 ssl->options.connectState = FIRST_REPLY_SECOND;
wolfSSL 0:1239e9b70ca2 4568 CYASSL_MSG("connect state: FIRST_REPLY_SECOND");
wolfSSL 0:1239e9b70ca2 4569
wolfSSL 0:1239e9b70ca2 4570 case FIRST_REPLY_SECOND :
wolfSSL 0:1239e9b70ca2 4571 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4572 if (ssl->options.sendVerify) {
wolfSSL 0:1239e9b70ca2 4573 if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4574 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4575 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4576 }
wolfSSL 0:1239e9b70ca2 4577 CYASSL_MSG("sent: certificate verify");
wolfSSL 0:1239e9b70ca2 4578 }
wolfSSL 0:1239e9b70ca2 4579 #endif
wolfSSL 0:1239e9b70ca2 4580 ssl->options.connectState = FIRST_REPLY_THIRD;
wolfSSL 0:1239e9b70ca2 4581 CYASSL_MSG("connect state: FIRST_REPLY_THIRD");
wolfSSL 0:1239e9b70ca2 4582
wolfSSL 0:1239e9b70ca2 4583 case FIRST_REPLY_THIRD :
wolfSSL 0:1239e9b70ca2 4584 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4585 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4586 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4587 }
wolfSSL 0:1239e9b70ca2 4588 CYASSL_MSG("sent: change cipher spec");
wolfSSL 0:1239e9b70ca2 4589 ssl->options.connectState = FIRST_REPLY_FOURTH;
wolfSSL 0:1239e9b70ca2 4590 CYASSL_MSG("connect state: FIRST_REPLY_FOURTH");
wolfSSL 0:1239e9b70ca2 4591
wolfSSL 0:1239e9b70ca2 4592 case FIRST_REPLY_FOURTH :
wolfSSL 0:1239e9b70ca2 4593 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4594 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4595 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4596 }
wolfSSL 0:1239e9b70ca2 4597 CYASSL_MSG("sent: finished");
wolfSSL 0:1239e9b70ca2 4598 ssl->options.connectState = FINISHED_DONE;
wolfSSL 0:1239e9b70ca2 4599 CYASSL_MSG("connect state: FINISHED_DONE");
wolfSSL 0:1239e9b70ca2 4600
wolfSSL 0:1239e9b70ca2 4601 case FINISHED_DONE :
wolfSSL 0:1239e9b70ca2 4602 /* get response */
wolfSSL 0:1239e9b70ca2 4603 while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4604 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4605 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4606 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4607 }
wolfSSL 0:1239e9b70ca2 4608
wolfSSL 0:1239e9b70ca2 4609 ssl->options.connectState = SECOND_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4610 CYASSL_MSG("connect state: SECOND_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4611
wolfSSL 0:1239e9b70ca2 4612 case SECOND_REPLY_DONE:
wolfSSL 0:1239e9b70ca2 4613 FreeHandshakeResources(ssl);
wolfSSL 0:1239e9b70ca2 4614 CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 4615 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4616
wolfSSL 0:1239e9b70ca2 4617 default:
wolfSSL 0:1239e9b70ca2 4618 CYASSL_MSG("Unknown connect state ERROR");
wolfSSL 0:1239e9b70ca2 4619 return SSL_FATAL_ERROR; /* unknown connect state */
wolfSSL 0:1239e9b70ca2 4620 }
wolfSSL 0:1239e9b70ca2 4621 }
wolfSSL 0:1239e9b70ca2 4622
wolfSSL 0:1239e9b70ca2 4623 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 4624
wolfSSL 0:1239e9b70ca2 4625
wolfSSL 0:1239e9b70ca2 4626 /* server only parts */
wolfSSL 0:1239e9b70ca2 4627 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 4628
wolfSSL 0:1239e9b70ca2 4629 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 4630 CYASSL_METHOD* CyaSSLv3_server_method(void)
wolfSSL 0:1239e9b70ca2 4631 {
wolfSSL 0:1239e9b70ca2 4632 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4633 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4634 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4635 CYASSL_ENTER("SSLv3_server_method");
wolfSSL 0:1239e9b70ca2 4636 if (method) {
wolfSSL 0:1239e9b70ca2 4637 InitSSL_Method(method, MakeSSLv3());
wolfSSL 0:1239e9b70ca2 4638 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 4639 }
wolfSSL 0:1239e9b70ca2 4640 return method;
wolfSSL 0:1239e9b70ca2 4641 }
wolfSSL 0:1239e9b70ca2 4642 #endif
wolfSSL 0:1239e9b70ca2 4643
wolfSSL 0:1239e9b70ca2 4644
wolfSSL 0:1239e9b70ca2 4645 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4646 CYASSL_METHOD* CyaDTLSv1_server_method(void)
wolfSSL 0:1239e9b70ca2 4647 {
wolfSSL 0:1239e9b70ca2 4648 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4649 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4650 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4651 CYASSL_ENTER("DTLSv1_server_method");
wolfSSL 0:1239e9b70ca2 4652 if (method) {
wolfSSL 0:1239e9b70ca2 4653 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 0:1239e9b70ca2 4654 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 4655 }
wolfSSL 0:1239e9b70ca2 4656 return method;
wolfSSL 0:1239e9b70ca2 4657 }
wolfSSL 0:1239e9b70ca2 4658
wolfSSL 0:1239e9b70ca2 4659 CYASSL_METHOD* CyaDTLSv1_2_server_method(void)
wolfSSL 0:1239e9b70ca2 4660 {
wolfSSL 0:1239e9b70ca2 4661 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4662 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4663 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4664 CYASSL_ENTER("DTLSv1_2_server_method");
wolfSSL 0:1239e9b70ca2 4665 if (method) {
wolfSSL 0:1239e9b70ca2 4666 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 0:1239e9b70ca2 4667 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 4668 }
wolfSSL 0:1239e9b70ca2 4669 return method;
wolfSSL 0:1239e9b70ca2 4670 }
wolfSSL 0:1239e9b70ca2 4671 #endif
wolfSSL 0:1239e9b70ca2 4672
wolfSSL 0:1239e9b70ca2 4673
wolfSSL 0:1239e9b70ca2 4674 int CyaSSL_accept(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 4675 {
wolfSSL 0:1239e9b70ca2 4676 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 4677 CYASSL_ENTER("SSL_accept()");
wolfSSL 0:1239e9b70ca2 4678
wolfSSL 0:1239e9b70ca2 4679 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 4680 errno = 0;
wolfSSL 0:1239e9b70ca2 4681 #endif
wolfSSL 0:1239e9b70ca2 4682
wolfSSL 0:1239e9b70ca2 4683 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 4684 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 4685 #endif
wolfSSL 0:1239e9b70ca2 4686 (void)havePSK;
wolfSSL 0:1239e9b70ca2 4687
wolfSSL 0:1239e9b70ca2 4688 if (ssl->options.side != CYASSL_SERVER_END) {
wolfSSL 0:1239e9b70ca2 4689 CYASSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 0:1239e9b70ca2 4690 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4691 }
wolfSSL 0:1239e9b70ca2 4692
wolfSSL 0:1239e9b70ca2 4693 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4694 /* in case used set_accept_state after init */
wolfSSL 0:1239e9b70ca2 4695 if (!havePSK && (ssl->buffers.certificate.buffer == NULL ||
wolfSSL 0:1239e9b70ca2 4696 ssl->buffers.key.buffer == NULL)) {
wolfSSL 0:1239e9b70ca2 4697 CYASSL_MSG("accept error: don't have server cert and key");
wolfSSL 0:1239e9b70ca2 4698 ssl->error = NO_PRIVATE_KEY;
wolfSSL 0:1239e9b70ca2 4699 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4700 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4701 }
wolfSSL 0:1239e9b70ca2 4702 #endif
wolfSSL 0:1239e9b70ca2 4703
wolfSSL 0:1239e9b70ca2 4704 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 4705 /* in case used set_accept_state after init */
wolfSSL 0:1239e9b70ca2 4706 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 0:1239e9b70ca2 4707 if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
wolfSSL 0:1239e9b70ca2 4708 ssl->eccTempKey) != 0) {
wolfSSL 0:1239e9b70ca2 4709 ssl->error = ECC_MAKEKEY_ERROR;
wolfSSL 0:1239e9b70ca2 4710 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4711 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4712 }
wolfSSL 0:1239e9b70ca2 4713 ssl->eccTempKeyPresent = 1;
wolfSSL 0:1239e9b70ca2 4714 }
wolfSSL 0:1239e9b70ca2 4715 #endif
wolfSSL 0:1239e9b70ca2 4716
wolfSSL 0:1239e9b70ca2 4717 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4718 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 0:1239e9b70ca2 4719 ssl->options.dtls = 1;
wolfSSL 0:1239e9b70ca2 4720 ssl->options.tls = 1;
wolfSSL 0:1239e9b70ca2 4721 ssl->options.tls1_1 = 1;
wolfSSL 0:1239e9b70ca2 4722
wolfSSL 0:1239e9b70ca2 4723 if (DtlsPoolInit(ssl) != 0) {
wolfSSL 0:1239e9b70ca2 4724 ssl->error = MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 4725 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4726 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4727 }
wolfSSL 0:1239e9b70ca2 4728 }
wolfSSL 0:1239e9b70ca2 4729 #endif
wolfSSL 0:1239e9b70ca2 4730
wolfSSL 0:1239e9b70ca2 4731 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 0:1239e9b70ca2 4732 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 0:1239e9b70ca2 4733 ssl->options.acceptState++;
wolfSSL 0:1239e9b70ca2 4734 CYASSL_MSG("accept state: Advanced from buffered send");
wolfSSL 0:1239e9b70ca2 4735 }
wolfSSL 0:1239e9b70ca2 4736 else {
wolfSSL 0:1239e9b70ca2 4737 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4738 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4739 }
wolfSSL 0:1239e9b70ca2 4740 }
wolfSSL 0:1239e9b70ca2 4741
wolfSSL 0:1239e9b70ca2 4742 switch (ssl->options.acceptState) {
wolfSSL 0:1239e9b70ca2 4743
wolfSSL 0:1239e9b70ca2 4744 case ACCEPT_BEGIN :
wolfSSL 0:1239e9b70ca2 4745 /* get response */
wolfSSL 0:1239e9b70ca2 4746 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL 0:1239e9b70ca2 4747 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4748 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4749 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4750 }
wolfSSL 0:1239e9b70ca2 4751 ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
wolfSSL 0:1239e9b70ca2 4752 CYASSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
wolfSSL 0:1239e9b70ca2 4753
wolfSSL 0:1239e9b70ca2 4754 case ACCEPT_CLIENT_HELLO_DONE :
wolfSSL 0:1239e9b70ca2 4755 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4756 if (ssl->options.dtls)
wolfSSL 0:1239e9b70ca2 4757 if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4758 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4759 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4760 }
wolfSSL 0:1239e9b70ca2 4761 #endif
wolfSSL 0:1239e9b70ca2 4762 ssl->options.acceptState = HELLO_VERIFY_SENT;
wolfSSL 0:1239e9b70ca2 4763 CYASSL_MSG("accept state HELLO_VERIFY_SENT");
wolfSSL 0:1239e9b70ca2 4764
wolfSSL 0:1239e9b70ca2 4765 case HELLO_VERIFY_SENT:
wolfSSL 0:1239e9b70ca2 4766 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4767 if (ssl->options.dtls) {
wolfSSL 0:1239e9b70ca2 4768 ssl->options.clientState = NULL_STATE; /* get again */
wolfSSL 0:1239e9b70ca2 4769 /* re-init hashes, exclude first hello and verify request */
wolfSSL 0:1239e9b70ca2 4770 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 4771 InitMd5(&ssl->hashMd5);
wolfSSL 0:1239e9b70ca2 4772 if ( (ssl->error = InitSha(&ssl->hashSha)) != 0) {
wolfSSL 0:1239e9b70ca2 4773 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4774 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4775 }
wolfSSL 0:1239e9b70ca2 4776 #endif
wolfSSL 0:1239e9b70ca2 4777 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:1239e9b70ca2 4778 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 4779 if ( (ssl->error =
wolfSSL 0:1239e9b70ca2 4780 InitSha256(&ssl->hashSha256)) != 0) {
wolfSSL 0:1239e9b70ca2 4781 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4782 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4783 }
wolfSSL 0:1239e9b70ca2 4784 #endif
wolfSSL 0:1239e9b70ca2 4785 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 4786 if ( (ssl->error =
wolfSSL 0:1239e9b70ca2 4787 InitSha384(&ssl->hashSha384)) != 0) {
wolfSSL 0:1239e9b70ca2 4788 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4789 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4790 }
wolfSSL 0:1239e9b70ca2 4791 #endif
wolfSSL 0:1239e9b70ca2 4792 }
wolfSSL 0:1239e9b70ca2 4793
wolfSSL 0:1239e9b70ca2 4794 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL 0:1239e9b70ca2 4795 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4796 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4797 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4798 }
wolfSSL 0:1239e9b70ca2 4799 }
wolfSSL 0:1239e9b70ca2 4800 #endif
wolfSSL 0:1239e9b70ca2 4801 ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4802 CYASSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4803
wolfSSL 0:1239e9b70ca2 4804 case ACCEPT_FIRST_REPLY_DONE :
wolfSSL 0:1239e9b70ca2 4805 if ( (ssl->error = SendServerHello(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4806 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4807 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4808 }
wolfSSL 0:1239e9b70ca2 4809 ssl->options.acceptState = SERVER_HELLO_SENT;
wolfSSL 0:1239e9b70ca2 4810 CYASSL_MSG("accept state SERVER_HELLO_SENT");
wolfSSL 0:1239e9b70ca2 4811
wolfSSL 0:1239e9b70ca2 4812 case SERVER_HELLO_SENT :
wolfSSL 0:1239e9b70ca2 4813 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4814 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4815 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4816 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4817 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4818 }
wolfSSL 0:1239e9b70ca2 4819 #endif
wolfSSL 0:1239e9b70ca2 4820 ssl->options.acceptState = CERT_SENT;
wolfSSL 0:1239e9b70ca2 4821 CYASSL_MSG("accept state CERT_SENT");
wolfSSL 0:1239e9b70ca2 4822
wolfSSL 0:1239e9b70ca2 4823 case CERT_SENT :
wolfSSL 0:1239e9b70ca2 4824 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4825 if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4826 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4827 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4828 }
wolfSSL 0:1239e9b70ca2 4829 ssl->options.acceptState = KEY_EXCHANGE_SENT;
wolfSSL 0:1239e9b70ca2 4830 CYASSL_MSG("accept state KEY_EXCHANGE_SENT");
wolfSSL 0:1239e9b70ca2 4831
wolfSSL 0:1239e9b70ca2 4832 case KEY_EXCHANGE_SENT :
wolfSSL 0:1239e9b70ca2 4833 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4834 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4835 if (ssl->options.verifyPeer)
wolfSSL 0:1239e9b70ca2 4836 if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4837 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4838 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4839 }
wolfSSL 0:1239e9b70ca2 4840 #endif
wolfSSL 0:1239e9b70ca2 4841 ssl->options.acceptState = CERT_REQ_SENT;
wolfSSL 0:1239e9b70ca2 4842 CYASSL_MSG("accept state CERT_REQ_SENT");
wolfSSL 0:1239e9b70ca2 4843
wolfSSL 0:1239e9b70ca2 4844 case CERT_REQ_SENT :
wolfSSL 0:1239e9b70ca2 4845 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4846 if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4847 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4848 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4849 }
wolfSSL 0:1239e9b70ca2 4850 ssl->options.acceptState = SERVER_HELLO_DONE;
wolfSSL 0:1239e9b70ca2 4851 CYASSL_MSG("accept state SERVER_HELLO_DONE");
wolfSSL 0:1239e9b70ca2 4852
wolfSSL 0:1239e9b70ca2 4853 case SERVER_HELLO_DONE :
wolfSSL 0:1239e9b70ca2 4854 if (!ssl->options.resuming) {
wolfSSL 0:1239e9b70ca2 4855 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4856 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4857 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4858 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4859 }
wolfSSL 0:1239e9b70ca2 4860 }
wolfSSL 0:1239e9b70ca2 4861 ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4862 CYASSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4863
wolfSSL 0:1239e9b70ca2 4864 case ACCEPT_SECOND_REPLY_DONE :
wolfSSL 0:1239e9b70ca2 4865 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4866 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4867 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4868 }
wolfSSL 0:1239e9b70ca2 4869 ssl->options.acceptState = CHANGE_CIPHER_SENT;
wolfSSL 0:1239e9b70ca2 4870 CYASSL_MSG("accept state CHANGE_CIPHER_SENT");
wolfSSL 0:1239e9b70ca2 4871
wolfSSL 0:1239e9b70ca2 4872 case CHANGE_CIPHER_SENT :
wolfSSL 0:1239e9b70ca2 4873 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4874 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4875 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4876 }
wolfSSL 0:1239e9b70ca2 4877
wolfSSL 0:1239e9b70ca2 4878 ssl->options.acceptState = ACCEPT_FINISHED_DONE;
wolfSSL 0:1239e9b70ca2 4879 CYASSL_MSG("accept state ACCEPT_FINISHED_DONE");
wolfSSL 0:1239e9b70ca2 4880
wolfSSL 0:1239e9b70ca2 4881 case ACCEPT_FINISHED_DONE :
wolfSSL 0:1239e9b70ca2 4882 if (ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4883 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4884 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4885 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4886 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4887 }
wolfSSL 0:1239e9b70ca2 4888
wolfSSL 0:1239e9b70ca2 4889 ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4890 CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4891
wolfSSL 0:1239e9b70ca2 4892 case ACCEPT_THIRD_REPLY_DONE :
wolfSSL 0:1239e9b70ca2 4893 FreeHandshakeResources(ssl);
wolfSSL 0:1239e9b70ca2 4894 CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 4895 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4896
wolfSSL 0:1239e9b70ca2 4897 default :
wolfSSL 0:1239e9b70ca2 4898 CYASSL_MSG("Unknown accept state ERROR");
wolfSSL 0:1239e9b70ca2 4899 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4900 }
wolfSSL 0:1239e9b70ca2 4901 }
wolfSSL 0:1239e9b70ca2 4902
wolfSSL 0:1239e9b70ca2 4903 #endif /* NO_CYASSL_SERVER */
wolfSSL 0:1239e9b70ca2 4904
wolfSSL 0:1239e9b70ca2 4905
wolfSSL 0:1239e9b70ca2 4906 int CyaSSL_Cleanup(void)
wolfSSL 0:1239e9b70ca2 4907 {
wolfSSL 0:1239e9b70ca2 4908 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4909 int release = 0;
wolfSSL 0:1239e9b70ca2 4910
wolfSSL 0:1239e9b70ca2 4911 CYASSL_ENTER("CyaSSL_Cleanup");
wolfSSL 0:1239e9b70ca2 4912
wolfSSL 0:1239e9b70ca2 4913 if (initRefCount == 0)
wolfSSL 0:1239e9b70ca2 4914 return ret; /* possibly no init yet, but not failure either way */
wolfSSL 0:1239e9b70ca2 4915
wolfSSL 0:1239e9b70ca2 4916 if (LockMutex(&count_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 4917 CYASSL_MSG("Bad Lock Mutex count");
wolfSSL 0:1239e9b70ca2 4918 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4919 }
wolfSSL 0:1239e9b70ca2 4920
wolfSSL 0:1239e9b70ca2 4921 release = initRefCount-- == 1;
wolfSSL 0:1239e9b70ca2 4922 if (initRefCount < 0)
wolfSSL 0:1239e9b70ca2 4923 initRefCount = 0;
wolfSSL 0:1239e9b70ca2 4924
wolfSSL 0:1239e9b70ca2 4925 UnLockMutex(&count_mutex);
wolfSSL 0:1239e9b70ca2 4926
wolfSSL 0:1239e9b70ca2 4927 if (!release)
wolfSSL 0:1239e9b70ca2 4928 return ret;
wolfSSL 0:1239e9b70ca2 4929
wolfSSL 0:1239e9b70ca2 4930 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 4931 if (FreeMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 4932 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4933 #endif
wolfSSL 0:1239e9b70ca2 4934 if (FreeMutex(&count_mutex) != 0)
wolfSSL 0:1239e9b70ca2 4935 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4936
wolfSSL 0:1239e9b70ca2 4937 #if defined(HAVE_ECC) && defined(FP_ECC)
wolfSSL 0:1239e9b70ca2 4938 ecc_fp_free();
wolfSSL 0:1239e9b70ca2 4939 #endif
wolfSSL 0:1239e9b70ca2 4940
wolfSSL 0:1239e9b70ca2 4941 return ret;
wolfSSL 0:1239e9b70ca2 4942 }
wolfSSL 0:1239e9b70ca2 4943
wolfSSL 0:1239e9b70ca2 4944
wolfSSL 0:1239e9b70ca2 4945 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 4946
wolfSSL 0:1239e9b70ca2 4947 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 4948
wolfSSL 0:1239e9b70ca2 4949 /* some session IDs aren't random afterall, let's make them random */
wolfSSL 0:1239e9b70ca2 4950
wolfSSL 0:1239e9b70ca2 4951 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 0:1239e9b70ca2 4952 {
wolfSSL 0:1239e9b70ca2 4953 byte digest[MD5_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 4954 Md5 md5;
wolfSSL 0:1239e9b70ca2 4955
wolfSSL 0:1239e9b70ca2 4956 (void)error;
wolfSSL 0:1239e9b70ca2 4957
wolfSSL 0:1239e9b70ca2 4958 InitMd5(&md5);
wolfSSL 0:1239e9b70ca2 4959 Md5Update(&md5, sessionID, len);
wolfSSL 0:1239e9b70ca2 4960 Md5Final(&md5, digest);
wolfSSL 0:1239e9b70ca2 4961
wolfSSL 0:1239e9b70ca2 4962 return MakeWordFromHash(digest);
wolfSSL 0:1239e9b70ca2 4963 }
wolfSSL 0:1239e9b70ca2 4964
wolfSSL 0:1239e9b70ca2 4965 #elif !defined(NO_SHA)
wolfSSL 0:1239e9b70ca2 4966
wolfSSL 0:1239e9b70ca2 4967 /* 0 on failure */
wolfSSL 0:1239e9b70ca2 4968 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 0:1239e9b70ca2 4969 {
wolfSSL 0:1239e9b70ca2 4970 byte digest[SHA_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 4971 Sha sha;
wolfSSL 0:1239e9b70ca2 4972 int ret = 0;
wolfSSL 0:1239e9b70ca2 4973
wolfSSL 0:1239e9b70ca2 4974 ret = InitSha(&sha);
wolfSSL 0:1239e9b70ca2 4975 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 4976 *error = ret;
wolfSSL 0:1239e9b70ca2 4977 return 0;
wolfSSL 0:1239e9b70ca2 4978 }
wolfSSL 0:1239e9b70ca2 4979 ShaUpdate(&sha, sessionID, len);
wolfSSL 0:1239e9b70ca2 4980 ShaFinal(&sha, digest);
wolfSSL 0:1239e9b70ca2 4981
wolfSSL 0:1239e9b70ca2 4982 return MakeWordFromHash(digest);
wolfSSL 0:1239e9b70ca2 4983 }
wolfSSL 0:1239e9b70ca2 4984
wolfSSL 0:1239e9b70ca2 4985 #elif !defined(NO_SHA256)
wolfSSL 0:1239e9b70ca2 4986
wolfSSL 0:1239e9b70ca2 4987 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 0:1239e9b70ca2 4988 {
wolfSSL 0:1239e9b70ca2 4989 byte digest[SHA256_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 4990 Sha256 sha256;
wolfSSL 0:1239e9b70ca2 4991 int ret;
wolfSSL 0:1239e9b70ca2 4992
wolfSSL 0:1239e9b70ca2 4993 ret = InitSha256(&sha256);
wolfSSL 0:1239e9b70ca2 4994 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 4995 *error = ret;
wolfSSL 0:1239e9b70ca2 4996 return 0;
wolfSSL 0:1239e9b70ca2 4997 }
wolfSSL 0:1239e9b70ca2 4998
wolfSSL 0:1239e9b70ca2 4999 ret = Sha256Update(&sha256, sessionID, len);
wolfSSL 0:1239e9b70ca2 5000 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 5001 *error = ret;
wolfSSL 0:1239e9b70ca2 5002 return 0;
wolfSSL 0:1239e9b70ca2 5003 }
wolfSSL 0:1239e9b70ca2 5004
wolfSSL 0:1239e9b70ca2 5005 ret = Sha256Final(&sha256, digest);
wolfSSL 0:1239e9b70ca2 5006 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 5007 *error = ret;
wolfSSL 0:1239e9b70ca2 5008 return 0;
wolfSSL 0:1239e9b70ca2 5009 }
wolfSSL 0:1239e9b70ca2 5010
wolfSSL 0:1239e9b70ca2 5011 return MakeWordFromHash(digest);
wolfSSL 0:1239e9b70ca2 5012 }
wolfSSL 0:1239e9b70ca2 5013
wolfSSL 0:1239e9b70ca2 5014 #else
wolfSSL 0:1239e9b70ca2 5015
wolfSSL 0:1239e9b70ca2 5016 #error "We need a digest to hash the session IDs"
wolfSSL 0:1239e9b70ca2 5017
wolfSSL 0:1239e9b70ca2 5018 #endif /* NO_MD5 */
wolfSSL 0:1239e9b70ca2 5019
wolfSSL 0:1239e9b70ca2 5020
wolfSSL 0:1239e9b70ca2 5021 void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm)
wolfSSL 0:1239e9b70ca2 5022 {
wolfSSL 0:1239e9b70ca2 5023 /* static table now, no flusing needed */
wolfSSL 0:1239e9b70ca2 5024 (void)ctx;
wolfSSL 0:1239e9b70ca2 5025 (void)tm;
wolfSSL 0:1239e9b70ca2 5026 }
wolfSSL 0:1239e9b70ca2 5027
wolfSSL 0:1239e9b70ca2 5028
wolfSSL 0:1239e9b70ca2 5029 /* set ssl session timeout in seconds */
wolfSSL 0:1239e9b70ca2 5030 int CyaSSL_set_timeout(CYASSL* ssl, unsigned int to)
wolfSSL 0:1239e9b70ca2 5031 {
wolfSSL 0:1239e9b70ca2 5032 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 5033 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 5034
wolfSSL 0:1239e9b70ca2 5035 ssl->timeout = to;
wolfSSL 0:1239e9b70ca2 5036
wolfSSL 0:1239e9b70ca2 5037 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5038 }
wolfSSL 0:1239e9b70ca2 5039
wolfSSL 0:1239e9b70ca2 5040
wolfSSL 0:1239e9b70ca2 5041 /* set ctx session timeout in seconds */
wolfSSL 0:1239e9b70ca2 5042 int CyaSSL_CTX_set_timeout(CYASSL_CTX* ctx, unsigned int to)
wolfSSL 0:1239e9b70ca2 5043 {
wolfSSL 0:1239e9b70ca2 5044 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 5045 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 5046
wolfSSL 0:1239e9b70ca2 5047 ctx->timeout = to;
wolfSSL 0:1239e9b70ca2 5048
wolfSSL 0:1239e9b70ca2 5049 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5050 }
wolfSSL 0:1239e9b70ca2 5051
wolfSSL 0:1239e9b70ca2 5052
wolfSSL 0:1239e9b70ca2 5053 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 5054
wolfSSL 0:1239e9b70ca2 5055 /* Get Session from Client cache based on id/len, return NULL on failure */
wolfSSL 0:1239e9b70ca2 5056 CYASSL_SESSION* GetSessionClient(CYASSL* ssl, const byte* id, int len)
wolfSSL 0:1239e9b70ca2 5057 {
wolfSSL 0:1239e9b70ca2 5058 CYASSL_SESSION* ret = NULL;
wolfSSL 0:1239e9b70ca2 5059 word32 row;
wolfSSL 0:1239e9b70ca2 5060 int idx;
wolfSSL 0:1239e9b70ca2 5061 int count;
wolfSSL 0:1239e9b70ca2 5062 int error = 0;
wolfSSL 0:1239e9b70ca2 5063
wolfSSL 0:1239e9b70ca2 5064 CYASSL_ENTER("GetSessionClient");
wolfSSL 0:1239e9b70ca2 5065
wolfSSL 0:1239e9b70ca2 5066 if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 5067 return NULL;
wolfSSL 0:1239e9b70ca2 5068
wolfSSL 0:1239e9b70ca2 5069 len = min(SERVER_ID_LEN, (word32)len);
wolfSSL 0:1239e9b70ca2 5070 row = HashSession(id, len, &error) % SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5071 if (error != 0) {
wolfSSL 0:1239e9b70ca2 5072 CYASSL_MSG("Hash session failed");
wolfSSL 0:1239e9b70ca2 5073 return NULL;
wolfSSL 0:1239e9b70ca2 5074 }
wolfSSL 0:1239e9b70ca2 5075
wolfSSL 0:1239e9b70ca2 5076 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 5077 CYASSL_MSG("Lock session mutex failed");
wolfSSL 0:1239e9b70ca2 5078 return NULL;
wolfSSL 0:1239e9b70ca2 5079 }
wolfSSL 0:1239e9b70ca2 5080
wolfSSL 0:1239e9b70ca2 5081 /* start from most recently used */
wolfSSL 0:1239e9b70ca2 5082 count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 0:1239e9b70ca2 5083 idx = ClientCache[row].nextIdx - 1;
wolfSSL 0:1239e9b70ca2 5084 if (idx < 0)
wolfSSL 0:1239e9b70ca2 5085 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 0:1239e9b70ca2 5086
wolfSSL 0:1239e9b70ca2 5087 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 0:1239e9b70ca2 5088 CYASSL_SESSION* current;
wolfSSL 0:1239e9b70ca2 5089 ClientSession clSess;
wolfSSL 0:1239e9b70ca2 5090
wolfSSL 0:1239e9b70ca2 5091 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 0:1239e9b70ca2 5092 CYASSL_MSG("Bad idx");
wolfSSL 0:1239e9b70ca2 5093 break;
wolfSSL 0:1239e9b70ca2 5094 }
wolfSSL 0:1239e9b70ca2 5095
wolfSSL 0:1239e9b70ca2 5096 clSess = ClientCache[row].Clients[idx];
wolfSSL 0:1239e9b70ca2 5097
wolfSSL 0:1239e9b70ca2 5098 current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
wolfSSL 0:1239e9b70ca2 5099 if (XMEMCMP(current->serverID, id, len) == 0) {
wolfSSL 0:1239e9b70ca2 5100 CYASSL_MSG("Found a serverid match for client");
wolfSSL 0:1239e9b70ca2 5101 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 0:1239e9b70ca2 5102 CYASSL_MSG("Session valid");
wolfSSL 0:1239e9b70ca2 5103 ret = current;
wolfSSL 0:1239e9b70ca2 5104 break;
wolfSSL 0:1239e9b70ca2 5105 } else {
wolfSSL 0:1239e9b70ca2 5106 CYASSL_MSG("Session timed out"); /* could have more for id */
wolfSSL 0:1239e9b70ca2 5107 }
wolfSSL 0:1239e9b70ca2 5108 } else {
wolfSSL 0:1239e9b70ca2 5109 CYASSL_MSG("ServerID not a match from client table");
wolfSSL 0:1239e9b70ca2 5110 }
wolfSSL 0:1239e9b70ca2 5111 }
wolfSSL 0:1239e9b70ca2 5112
wolfSSL 0:1239e9b70ca2 5113 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 5114
wolfSSL 0:1239e9b70ca2 5115 return ret;
wolfSSL 0:1239e9b70ca2 5116 }
wolfSSL 0:1239e9b70ca2 5117
wolfSSL 0:1239e9b70ca2 5118 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 5119
wolfSSL 0:1239e9b70ca2 5120
wolfSSL 0:1239e9b70ca2 5121 CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
wolfSSL 0:1239e9b70ca2 5122 {
wolfSSL 0:1239e9b70ca2 5123 CYASSL_SESSION* ret = 0;
wolfSSL 0:1239e9b70ca2 5124 const byte* id = NULL;
wolfSSL 0:1239e9b70ca2 5125 word32 row;
wolfSSL 0:1239e9b70ca2 5126 int idx;
wolfSSL 0:1239e9b70ca2 5127 int count;
wolfSSL 0:1239e9b70ca2 5128 int error = 0;
wolfSSL 0:1239e9b70ca2 5129
wolfSSL 0:1239e9b70ca2 5130 if (ssl->options.sessionCacheOff)
wolfSSL 0:1239e9b70ca2 5131 return NULL;
wolfSSL 0:1239e9b70ca2 5132
wolfSSL 0:1239e9b70ca2 5133 if (ssl->options.haveSessionId == 0)
wolfSSL 0:1239e9b70ca2 5134 return NULL;
wolfSSL 0:1239e9b70ca2 5135
wolfSSL 0:1239e9b70ca2 5136 if (ssl->arrays)
wolfSSL 0:1239e9b70ca2 5137 id = ssl->arrays->sessionID;
wolfSSL 0:1239e9b70ca2 5138 else
wolfSSL 0:1239e9b70ca2 5139 id = ssl->session.sessionID;
wolfSSL 0:1239e9b70ca2 5140
wolfSSL 0:1239e9b70ca2 5141 row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5142 if (error != 0) {
wolfSSL 0:1239e9b70ca2 5143 CYASSL_MSG("Hash session failed");
wolfSSL 0:1239e9b70ca2 5144 return NULL;
wolfSSL 0:1239e9b70ca2 5145 }
wolfSSL 0:1239e9b70ca2 5146
wolfSSL 0:1239e9b70ca2 5147 if (LockMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 5148 return 0;
wolfSSL 0:1239e9b70ca2 5149
wolfSSL 0:1239e9b70ca2 5150 /* start from most recently used */
wolfSSL 0:1239e9b70ca2 5151 count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 0:1239e9b70ca2 5152 idx = SessionCache[row].nextIdx - 1;
wolfSSL 0:1239e9b70ca2 5153 if (idx < 0)
wolfSSL 0:1239e9b70ca2 5154 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 0:1239e9b70ca2 5155
wolfSSL 0:1239e9b70ca2 5156 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 0:1239e9b70ca2 5157 CYASSL_SESSION* current;
wolfSSL 0:1239e9b70ca2 5158
wolfSSL 0:1239e9b70ca2 5159 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 0:1239e9b70ca2 5160 CYASSL_MSG("Bad idx");
wolfSSL 0:1239e9b70ca2 5161 break;
wolfSSL 0:1239e9b70ca2 5162 }
wolfSSL 0:1239e9b70ca2 5163
wolfSSL 0:1239e9b70ca2 5164 current = &SessionCache[row].Sessions[idx];
wolfSSL 0:1239e9b70ca2 5165 if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
wolfSSL 0:1239e9b70ca2 5166 CYASSL_MSG("Found a session match");
wolfSSL 0:1239e9b70ca2 5167 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 0:1239e9b70ca2 5168 CYASSL_MSG("Session valid");
wolfSSL 0:1239e9b70ca2 5169 ret = current;
wolfSSL 0:1239e9b70ca2 5170 if (masterSecret)
wolfSSL 0:1239e9b70ca2 5171 XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
wolfSSL 0:1239e9b70ca2 5172 } else {
wolfSSL 0:1239e9b70ca2 5173 CYASSL_MSG("Session timed out");
wolfSSL 0:1239e9b70ca2 5174 }
wolfSSL 0:1239e9b70ca2 5175 break; /* no more sessionIDs whether valid or not that match */
wolfSSL 0:1239e9b70ca2 5176 } else {
wolfSSL 0:1239e9b70ca2 5177 CYASSL_MSG("SessionID not a match at this idx");
wolfSSL 0:1239e9b70ca2 5178 }
wolfSSL 0:1239e9b70ca2 5179 }
wolfSSL 0:1239e9b70ca2 5180
wolfSSL 0:1239e9b70ca2 5181 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 5182
wolfSSL 0:1239e9b70ca2 5183 return ret;
wolfSSL 0:1239e9b70ca2 5184 }
wolfSSL 0:1239e9b70ca2 5185
wolfSSL 0:1239e9b70ca2 5186
wolfSSL 0:1239e9b70ca2 5187 int SetSession(CYASSL* ssl, CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 5188 {
wolfSSL 0:1239e9b70ca2 5189 if (ssl->options.sessionCacheOff)
wolfSSL 0:1239e9b70ca2 5190 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 5191
wolfSSL 0:1239e9b70ca2 5192 if (LowResTimer() < (session->bornOn + session->timeout)) {
wolfSSL 0:1239e9b70ca2 5193 ssl->session = *session;
wolfSSL 0:1239e9b70ca2 5194 ssl->options.resuming = 1;
wolfSSL 0:1239e9b70ca2 5195
wolfSSL 0:1239e9b70ca2 5196 #ifdef SESSION_CERTS
wolfSSL 0:1239e9b70ca2 5197 ssl->version = session->version;
wolfSSL 0:1239e9b70ca2 5198 ssl->options.cipherSuite0 = session->cipherSuite0;
wolfSSL 0:1239e9b70ca2 5199 ssl->options.cipherSuite = session->cipherSuite;
wolfSSL 0:1239e9b70ca2 5200 #endif
wolfSSL 0:1239e9b70ca2 5201
wolfSSL 0:1239e9b70ca2 5202 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5203 }
wolfSSL 0:1239e9b70ca2 5204 return SSL_FAILURE; /* session timed out */
wolfSSL 0:1239e9b70ca2 5205 }
wolfSSL 0:1239e9b70ca2 5206
wolfSSL 0:1239e9b70ca2 5207
wolfSSL 0:1239e9b70ca2 5208 int AddSession(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5209 {
wolfSSL 0:1239e9b70ca2 5210 word32 row, idx;
wolfSSL 0:1239e9b70ca2 5211 int error = 0;
wolfSSL 0:1239e9b70ca2 5212
wolfSSL 0:1239e9b70ca2 5213 if (ssl->options.sessionCacheOff)
wolfSSL 0:1239e9b70ca2 5214 return 0;
wolfSSL 0:1239e9b70ca2 5215
wolfSSL 0:1239e9b70ca2 5216 if (ssl->options.haveSessionId == 0)
wolfSSL 0:1239e9b70ca2 5217 return 0;
wolfSSL 0:1239e9b70ca2 5218
wolfSSL 0:1239e9b70ca2 5219 row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5220 if (error != 0) {
wolfSSL 0:1239e9b70ca2 5221 CYASSL_MSG("Hash session failed");
wolfSSL 0:1239e9b70ca2 5222 return error;
wolfSSL 0:1239e9b70ca2 5223 }
wolfSSL 0:1239e9b70ca2 5224
wolfSSL 0:1239e9b70ca2 5225 if (LockMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 5226 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 5227
wolfSSL 0:1239e9b70ca2 5228 idx = SessionCache[row].nextIdx++;
wolfSSL 0:1239e9b70ca2 5229 #ifdef SESSION_INDEX
wolfSSL 0:1239e9b70ca2 5230 ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
wolfSSL 0:1239e9b70ca2 5231 #endif
wolfSSL 0:1239e9b70ca2 5232
wolfSSL 0:1239e9b70ca2 5233 XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
wolfSSL 0:1239e9b70ca2 5234 ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 0:1239e9b70ca2 5235 XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
wolfSSL 0:1239e9b70ca2 5236 ID_LEN);
wolfSSL 0:1239e9b70ca2 5237
wolfSSL 0:1239e9b70ca2 5238 SessionCache[row].Sessions[idx].timeout = ssl->timeout;
wolfSSL 0:1239e9b70ca2 5239 SessionCache[row].Sessions[idx].bornOn = LowResTimer();
wolfSSL 0:1239e9b70ca2 5240
wolfSSL 0:1239e9b70ca2 5241 #ifdef SESSION_CERTS
wolfSSL 0:1239e9b70ca2 5242 SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
wolfSSL 0:1239e9b70ca2 5243 XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
wolfSSL 0:1239e9b70ca2 5244 ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
wolfSSL 0:1239e9b70ca2 5245
wolfSSL 0:1239e9b70ca2 5246 SessionCache[row].Sessions[idx].version = ssl->version;
wolfSSL 0:1239e9b70ca2 5247 SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
wolfSSL 0:1239e9b70ca2 5248 SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
wolfSSL 0:1239e9b70ca2 5249 #endif /* SESSION_CERTS */
wolfSSL 0:1239e9b70ca2 5250
wolfSSL 0:1239e9b70ca2 5251 SessionCache[row].totalCount++;
wolfSSL 0:1239e9b70ca2 5252 if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
wolfSSL 0:1239e9b70ca2 5253 SessionCache[row].nextIdx = 0;
wolfSSL 0:1239e9b70ca2 5254
wolfSSL 0:1239e9b70ca2 5255 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 5256 if (ssl->options.side == CYASSL_CLIENT_END && ssl->session.idLen) {
wolfSSL 0:1239e9b70ca2 5257 word32 clientRow, clientIdx;
wolfSSL 0:1239e9b70ca2 5258
wolfSSL 0:1239e9b70ca2 5259 CYASSL_MSG("Adding client cache entry");
wolfSSL 0:1239e9b70ca2 5260
wolfSSL 0:1239e9b70ca2 5261 SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
wolfSSL 0:1239e9b70ca2 5262 XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID,
wolfSSL 0:1239e9b70ca2 5263 ssl->session.idLen);
wolfSSL 0:1239e9b70ca2 5264
wolfSSL 0:1239e9b70ca2 5265 clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
wolfSSL 0:1239e9b70ca2 5266 &error) % SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5267 if (error != 0) {
wolfSSL 0:1239e9b70ca2 5268 CYASSL_MSG("Hash session failed");
wolfSSL 0:1239e9b70ca2 5269 return error;
wolfSSL 0:1239e9b70ca2 5270 }
wolfSSL 0:1239e9b70ca2 5271 clientIdx = ClientCache[clientRow].nextIdx++;
wolfSSL 0:1239e9b70ca2 5272
wolfSSL 0:1239e9b70ca2 5273 ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row;
wolfSSL 0:1239e9b70ca2 5274 ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx;
wolfSSL 0:1239e9b70ca2 5275
wolfSSL 0:1239e9b70ca2 5276 ClientCache[clientRow].totalCount++;
wolfSSL 0:1239e9b70ca2 5277 if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
wolfSSL 0:1239e9b70ca2 5278 ClientCache[clientRow].nextIdx = 0;
wolfSSL 0:1239e9b70ca2 5279 }
wolfSSL 0:1239e9b70ca2 5280 else
wolfSSL 0:1239e9b70ca2 5281 SessionCache[row].Sessions[idx].idLen = 0;
wolfSSL 0:1239e9b70ca2 5282 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 5283
wolfSSL 0:1239e9b70ca2 5284 if (UnLockMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 5285 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 5286
wolfSSL 0:1239e9b70ca2 5287 return 0;
wolfSSL 0:1239e9b70ca2 5288 }
wolfSSL 0:1239e9b70ca2 5289
wolfSSL 0:1239e9b70ca2 5290
wolfSSL 0:1239e9b70ca2 5291 #ifdef SESSION_INDEX
wolfSSL 0:1239e9b70ca2 5292
wolfSSL 0:1239e9b70ca2 5293 int CyaSSL_GetSessionIndex(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5294 {
wolfSSL 0:1239e9b70ca2 5295 CYASSL_ENTER("CyaSSL_GetSessionIndex");
wolfSSL 0:1239e9b70ca2 5296 CYASSL_LEAVE("CyaSSL_GetSessionIndex", ssl->sessionIndex);
wolfSSL 0:1239e9b70ca2 5297 return ssl->sessionIndex;
wolfSSL 0:1239e9b70ca2 5298 }
wolfSSL 0:1239e9b70ca2 5299
wolfSSL 0:1239e9b70ca2 5300
wolfSSL 0:1239e9b70ca2 5301 int CyaSSL_GetSessionAtIndex(int idx, CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 5302 {
wolfSSL 0:1239e9b70ca2 5303 int row, col, result = SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 5304
wolfSSL 0:1239e9b70ca2 5305 CYASSL_ENTER("CyaSSL_GetSessionAtIndex");
wolfSSL 0:1239e9b70ca2 5306
wolfSSL 0:1239e9b70ca2 5307 row = idx >> SESSIDX_ROW_SHIFT;
wolfSSL 0:1239e9b70ca2 5308 col = idx & SESSIDX_IDX_MASK;
wolfSSL 0:1239e9b70ca2 5309
wolfSSL 0:1239e9b70ca2 5310 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 5311 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 5312 }
wolfSSL 0:1239e9b70ca2 5313
wolfSSL 0:1239e9b70ca2 5314 if (row < SESSION_ROWS &&
wolfSSL 0:1239e9b70ca2 5315 col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
wolfSSL 0:1239e9b70ca2 5316 XMEMCPY(session,
wolfSSL 0:1239e9b70ca2 5317 &SessionCache[row].Sessions[col], sizeof(CYASSL_SESSION));
wolfSSL 0:1239e9b70ca2 5318 result = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5319 }
wolfSSL 0:1239e9b70ca2 5320
wolfSSL 0:1239e9b70ca2 5321 if (UnLockMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 5322 result = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 5323
wolfSSL 0:1239e9b70ca2 5324 CYASSL_LEAVE("CyaSSL_GetSessionAtIndex", result);
wolfSSL 0:1239e9b70ca2 5325 return result;
wolfSSL 0:1239e9b70ca2 5326 }
wolfSSL 0:1239e9b70ca2 5327
wolfSSL 0:1239e9b70ca2 5328 #endif /* SESSION_INDEX */
wolfSSL 0:1239e9b70ca2 5329
wolfSSL 0:1239e9b70ca2 5330 #if defined(SESSION_INDEX) && defined(SESSION_CERTS)
wolfSSL 0:1239e9b70ca2 5331
wolfSSL 0:1239e9b70ca2 5332 CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 5333 {
wolfSSL 0:1239e9b70ca2 5334 CYASSL_X509_CHAIN* chain = NULL;
wolfSSL 0:1239e9b70ca2 5335
wolfSSL 0:1239e9b70ca2 5336 CYASSL_ENTER("CyaSSL_SESSION_get_peer_chain");
wolfSSL 0:1239e9b70ca2 5337 if (session)
wolfSSL 0:1239e9b70ca2 5338 chain = &session->chain;
wolfSSL 0:1239e9b70ca2 5339
wolfSSL 0:1239e9b70ca2 5340 CYASSL_LEAVE("CyaSSL_SESSION_get_peer_chain", chain ? 1 : 0);
wolfSSL 0:1239e9b70ca2 5341 return chain;
wolfSSL 0:1239e9b70ca2 5342 }
wolfSSL 0:1239e9b70ca2 5343
wolfSSL 0:1239e9b70ca2 5344 #endif /* SESSION_INDEX && SESSION_CERTS */
wolfSSL 0:1239e9b70ca2 5345
wolfSSL 0:1239e9b70ca2 5346
wolfSSL 0:1239e9b70ca2 5347 #ifdef SESSION_STATS
wolfSSL 0:1239e9b70ca2 5348
wolfSSL 0:1239e9b70ca2 5349 CYASSL_API
wolfSSL 0:1239e9b70ca2 5350 void PrintSessionStats(void)
wolfSSL 0:1239e9b70ca2 5351 {
wolfSSL 0:1239e9b70ca2 5352 word32 totalSessionsSeen = 0;
wolfSSL 0:1239e9b70ca2 5353 word32 totalSessionsNow = 0;
wolfSSL 0:1239e9b70ca2 5354 word32 rowNow;
wolfSSL 0:1239e9b70ca2 5355 int i;
wolfSSL 0:1239e9b70ca2 5356 double E; /* expected freq */
wolfSSL 0:1239e9b70ca2 5357 double chiSquare = 0;
wolfSSL 0:1239e9b70ca2 5358
wolfSSL 0:1239e9b70ca2 5359 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 0:1239e9b70ca2 5360 totalSessionsSeen += SessionCache[i].totalCount;
wolfSSL 0:1239e9b70ca2 5361
wolfSSL 0:1239e9b70ca2 5362 if (SessionCache[i].totalCount >= SESSIONS_PER_ROW)
wolfSSL 0:1239e9b70ca2 5363 rowNow = SESSIONS_PER_ROW;
wolfSSL 0:1239e9b70ca2 5364 else if (SessionCache[i].nextIdx == 0)
wolfSSL 0:1239e9b70ca2 5365 rowNow = 0;
wolfSSL 0:1239e9b70ca2 5366 else
wolfSSL 0:1239e9b70ca2 5367 rowNow = SessionCache[i].nextIdx;
wolfSSL 0:1239e9b70ca2 5368
wolfSSL 0:1239e9b70ca2 5369 totalSessionsNow += rowNow;
wolfSSL 0:1239e9b70ca2 5370 }
wolfSSL 0:1239e9b70ca2 5371
wolfSSL 0:1239e9b70ca2 5372 printf("Total Sessions Seen = %d\n", totalSessionsSeen);
wolfSSL 0:1239e9b70ca2 5373 printf("Total Sessions Now = %d\n", totalSessionsNow);
wolfSSL 0:1239e9b70ca2 5374
wolfSSL 0:1239e9b70ca2 5375 E = (double)totalSessionsSeen / SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5376
wolfSSL 0:1239e9b70ca2 5377 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 0:1239e9b70ca2 5378 double diff = SessionCache[i].totalCount - E;
wolfSSL 0:1239e9b70ca2 5379 diff *= diff; /* square */
wolfSSL 0:1239e9b70ca2 5380 diff /= E; /* normalize */
wolfSSL 0:1239e9b70ca2 5381
wolfSSL 0:1239e9b70ca2 5382 chiSquare += diff;
wolfSSL 0:1239e9b70ca2 5383 }
wolfSSL 0:1239e9b70ca2 5384 printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
wolfSSL 0:1239e9b70ca2 5385 SESSION_ROWS - 1);
wolfSSL 0:1239e9b70ca2 5386 if (SESSION_ROWS == 11)
wolfSSL 0:1239e9b70ca2 5387 printf(" .05 p value = 18.3, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5388 else if (SESSION_ROWS == 211)
wolfSSL 0:1239e9b70ca2 5389 printf(".05 p value = 244.8, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5390 else if (SESSION_ROWS == 5981)
wolfSSL 0:1239e9b70ca2 5391 printf(".05 p value = 6161.0, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5392 else if (SESSION_ROWS == 3)
wolfSSL 0:1239e9b70ca2 5393 printf(".05 p value = 6.0, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5394 else if (SESSION_ROWS == 2861)
wolfSSL 0:1239e9b70ca2 5395 printf(".05 p value = 2985.5, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5396 printf("\n");
wolfSSL 0:1239e9b70ca2 5397 }
wolfSSL 0:1239e9b70ca2 5398
wolfSSL 0:1239e9b70ca2 5399 #endif /* SESSION_STATS */
wolfSSL 0:1239e9b70ca2 5400
wolfSSL 0:1239e9b70ca2 5401 #else /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 5402
wolfSSL 0:1239e9b70ca2 5403 /* No session cache version */
wolfSSL 0:1239e9b70ca2 5404 CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
wolfSSL 0:1239e9b70ca2 5405 {
wolfSSL 0:1239e9b70ca2 5406 (void)ssl;
wolfSSL 0:1239e9b70ca2 5407 (void)masterSecret;
wolfSSL 0:1239e9b70ca2 5408
wolfSSL 0:1239e9b70ca2 5409 return NULL;
wolfSSL 0:1239e9b70ca2 5410 }
wolfSSL 0:1239e9b70ca2 5411
wolfSSL 0:1239e9b70ca2 5412 #endif /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 5413
wolfSSL 0:1239e9b70ca2 5414
wolfSSL 0:1239e9b70ca2 5415 /* call before SSL_connect, if verifying will add name check to
wolfSSL 0:1239e9b70ca2 5416 date check and signature check */
wolfSSL 0:1239e9b70ca2 5417 int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn)
wolfSSL 0:1239e9b70ca2 5418 {
wolfSSL 0:1239e9b70ca2 5419 CYASSL_ENTER("CyaSSL_check_domain_name");
wolfSSL 0:1239e9b70ca2 5420 if (ssl->buffers.domainName.buffer)
wolfSSL 0:1239e9b70ca2 5421 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 0:1239e9b70ca2 5422
wolfSSL 0:1239e9b70ca2 5423 ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;
wolfSSL 0:1239e9b70ca2 5424 ssl->buffers.domainName.buffer = (byte*) XMALLOC(
wolfSSL 0:1239e9b70ca2 5425 ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 0:1239e9b70ca2 5426
wolfSSL 0:1239e9b70ca2 5427 if (ssl->buffers.domainName.buffer) {
wolfSSL 0:1239e9b70ca2 5428 XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn,
wolfSSL 0:1239e9b70ca2 5429 ssl->buffers.domainName.length);
wolfSSL 0:1239e9b70ca2 5430 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5431 }
wolfSSL 0:1239e9b70ca2 5432 else {
wolfSSL 0:1239e9b70ca2 5433 ssl->error = MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 5434 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 5435 }
wolfSSL 0:1239e9b70ca2 5436 }
wolfSSL 0:1239e9b70ca2 5437
wolfSSL 0:1239e9b70ca2 5438
wolfSSL 0:1239e9b70ca2 5439 /* turn on CyaSSL zlib compression
wolfSSL 0:1239e9b70ca2 5440 returns SSL_SUCCESS for success, else error (not built in)
wolfSSL 0:1239e9b70ca2 5441 */
wolfSSL 0:1239e9b70ca2 5442 int CyaSSL_set_compression(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5443 {
wolfSSL 0:1239e9b70ca2 5444 CYASSL_ENTER("CyaSSL_set_compression");
wolfSSL 0:1239e9b70ca2 5445 (void)ssl;
wolfSSL 0:1239e9b70ca2 5446 #ifdef HAVE_LIBZ
wolfSSL 0:1239e9b70ca2 5447 ssl->options.usingCompression = 1;
wolfSSL 0:1239e9b70ca2 5448 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5449 #else
wolfSSL 0:1239e9b70ca2 5450 return NOT_COMPILED_IN;
wolfSSL 0:1239e9b70ca2 5451 #endif
wolfSSL 0:1239e9b70ca2 5452 }
wolfSSL 0:1239e9b70ca2 5453
wolfSSL 0:1239e9b70ca2 5454
wolfSSL 0:1239e9b70ca2 5455 #ifndef USE_WINDOWS_API
wolfSSL 0:1239e9b70ca2 5456 #ifndef NO_WRITEV
wolfSSL 0:1239e9b70ca2 5457
wolfSSL 0:1239e9b70ca2 5458 /* simulate writev semantics, doesn't actually do block at a time though
wolfSSL 0:1239e9b70ca2 5459 because of SSL_write behavior and because front adds may be small */
wolfSSL 0:1239e9b70ca2 5460 int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, int iovcnt)
wolfSSL 0:1239e9b70ca2 5461 {
wolfSSL 0:1239e9b70ca2 5462 byte tmp[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 5463 byte* myBuffer = tmp;
wolfSSL 0:1239e9b70ca2 5464 int sending = 0;
wolfSSL 0:1239e9b70ca2 5465 int newBuffer = 0;
wolfSSL 0:1239e9b70ca2 5466 int idx = 0;
wolfSSL 0:1239e9b70ca2 5467 int i;
wolfSSL 0:1239e9b70ca2 5468 int ret;
wolfSSL 0:1239e9b70ca2 5469
wolfSSL 0:1239e9b70ca2 5470 CYASSL_ENTER("CyaSSL_writev");
wolfSSL 0:1239e9b70ca2 5471
wolfSSL 0:1239e9b70ca2 5472 for (i = 0; i < iovcnt; i++)
wolfSSL 0:1239e9b70ca2 5473 sending += (int)iov[i].iov_len;
wolfSSL 0:1239e9b70ca2 5474
wolfSSL 0:1239e9b70ca2 5475 if (sending > (int)sizeof(tmp)) {
wolfSSL 0:1239e9b70ca2 5476 byte* tmp2 = (byte*) XMALLOC(sending, ssl->heap,
wolfSSL 0:1239e9b70ca2 5477 DYNAMIC_TYPE_WRITEV);
wolfSSL 0:1239e9b70ca2 5478 if (!tmp2)
wolfSSL 0:1239e9b70ca2 5479 return MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 5480 myBuffer = tmp2;
wolfSSL 0:1239e9b70ca2 5481 newBuffer = 1;
wolfSSL 0:1239e9b70ca2 5482 }
wolfSSL 0:1239e9b70ca2 5483
wolfSSL 0:1239e9b70ca2 5484 for (i = 0; i < iovcnt; i++) {
wolfSSL 0:1239e9b70ca2 5485 XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
wolfSSL 0:1239e9b70ca2 5486 idx += (int)iov[i].iov_len;
wolfSSL 0:1239e9b70ca2 5487 }
wolfSSL 0:1239e9b70ca2 5488
wolfSSL 0:1239e9b70ca2 5489 ret = CyaSSL_write(ssl, myBuffer, sending);
wolfSSL 0:1239e9b70ca2 5490
wolfSSL 0:1239e9b70ca2 5491 if (newBuffer) XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
wolfSSL 0:1239e9b70ca2 5492
wolfSSL 0:1239e9b70ca2 5493 return ret;
wolfSSL 0:1239e9b70ca2 5494 }
wolfSSL 0:1239e9b70ca2 5495 #endif
wolfSSL 0:1239e9b70ca2 5496 #endif
wolfSSL 0:1239e9b70ca2 5497
wolfSSL 0:1239e9b70ca2 5498
wolfSSL 0:1239e9b70ca2 5499 #ifdef CYASSL_CALLBACKS
wolfSSL 0:1239e9b70ca2 5500
wolfSSL 0:1239e9b70ca2 5501 typedef struct itimerval Itimerval;
wolfSSL 0:1239e9b70ca2 5502
wolfSSL 0:1239e9b70ca2 5503 /* don't keep calling simple functions while setting up timer and singals
wolfSSL 0:1239e9b70ca2 5504 if no inlining these are the next best */
wolfSSL 0:1239e9b70ca2 5505
wolfSSL 0:1239e9b70ca2 5506 #define AddTimes(a, b, c) \
wolfSSL 0:1239e9b70ca2 5507 do { \
wolfSSL 0:1239e9b70ca2 5508 c.tv_sec = a.tv_sec + b.tv_sec; \
wolfSSL 0:1239e9b70ca2 5509 c.tv_usec = a.tv_usec + b.tv_usec; \
wolfSSL 0:1239e9b70ca2 5510 if (c.tv_usec >= 1000000) { \
wolfSSL 0:1239e9b70ca2 5511 c.tv_sec++; \
wolfSSL 0:1239e9b70ca2 5512 c.tv_usec -= 1000000; \
wolfSSL 0:1239e9b70ca2 5513 } \
wolfSSL 0:1239e9b70ca2 5514 } while (0)
wolfSSL 0:1239e9b70ca2 5515
wolfSSL 0:1239e9b70ca2 5516
wolfSSL 0:1239e9b70ca2 5517 #define SubtractTimes(a, b, c) \
wolfSSL 0:1239e9b70ca2 5518 do { \
wolfSSL 0:1239e9b70ca2 5519 c.tv_sec = a.tv_sec - b.tv_sec; \
wolfSSL 0:1239e9b70ca2 5520 c.tv_usec = a.tv_usec - b.tv_usec; \
wolfSSL 0:1239e9b70ca2 5521 if (c.tv_usec < 0) { \
wolfSSL 0:1239e9b70ca2 5522 c.tv_sec--; \
wolfSSL 0:1239e9b70ca2 5523 c.tv_usec += 1000000; \
wolfSSL 0:1239e9b70ca2 5524 } \
wolfSSL 0:1239e9b70ca2 5525 } while (0)
wolfSSL 0:1239e9b70ca2 5526
wolfSSL 0:1239e9b70ca2 5527 #define CmpTimes(a, b, cmp) \
wolfSSL 0:1239e9b70ca2 5528 ((a.tv_sec == b.tv_sec) ? \
wolfSSL 0:1239e9b70ca2 5529 (a.tv_usec cmp b.tv_usec) : \
wolfSSL 0:1239e9b70ca2 5530 (a.tv_sec cmp b.tv_sec)) \
wolfSSL 0:1239e9b70ca2 5531
wolfSSL 0:1239e9b70ca2 5532
wolfSSL 0:1239e9b70ca2 5533 /* do nothing handler */
wolfSSL 0:1239e9b70ca2 5534 static void myHandler(int signo)
wolfSSL 0:1239e9b70ca2 5535 {
wolfSSL 0:1239e9b70ca2 5536 (void)signo;
wolfSSL 0:1239e9b70ca2 5537 return;
wolfSSL 0:1239e9b70ca2 5538 }
wolfSSL 0:1239e9b70ca2 5539
wolfSSL 0:1239e9b70ca2 5540
wolfSSL 0:1239e9b70ca2 5541 static int CyaSSL_ex_wrapper(CYASSL* ssl, HandShakeCallBack hsCb,
wolfSSL 0:1239e9b70ca2 5542 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 0:1239e9b70ca2 5543 {
wolfSSL 0:1239e9b70ca2 5544 int ret = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 5545 int oldTimerOn = 0; /* was timer already on */
wolfSSL 0:1239e9b70ca2 5546 Timeval startTime;
wolfSSL 0:1239e9b70ca2 5547 Timeval endTime;
wolfSSL 0:1239e9b70ca2 5548 Timeval totalTime;
wolfSSL 0:1239e9b70ca2 5549 Itimerval myTimeout;
wolfSSL 0:1239e9b70ca2 5550 Itimerval oldTimeout; /* if old timer adjust from total time to reset */
wolfSSL 0:1239e9b70ca2 5551 struct sigaction act, oact;
wolfSSL 0:1239e9b70ca2 5552
wolfSSL 0:1239e9b70ca2 5553 #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
wolfSSL 0:1239e9b70ca2 5554
wolfSSL 0:1239e9b70ca2 5555 if (hsCb) {
wolfSSL 0:1239e9b70ca2 5556 ssl->hsInfoOn = 1;
wolfSSL 0:1239e9b70ca2 5557 InitHandShakeInfo(&ssl->handShakeInfo);
wolfSSL 0:1239e9b70ca2 5558 }
wolfSSL 0:1239e9b70ca2 5559 if (toCb) {
wolfSSL 0:1239e9b70ca2 5560 ssl->toInfoOn = 1;
wolfSSL 0:1239e9b70ca2 5561 InitTimeoutInfo(&ssl->timeoutInfo);
wolfSSL 0:1239e9b70ca2 5562
wolfSSL 0:1239e9b70ca2 5563 if (gettimeofday(&startTime, 0) < 0)
wolfSSL 0:1239e9b70ca2 5564 ERR_OUT(GETTIME_ERROR);
wolfSSL 0:1239e9b70ca2 5565
wolfSSL 0:1239e9b70ca2 5566 /* use setitimer to simulate getitimer, init 0 myTimeout */
wolfSSL 0:1239e9b70ca2 5567 myTimeout.it_interval.tv_sec = 0;
wolfSSL 0:1239e9b70ca2 5568 myTimeout.it_interval.tv_usec = 0;
wolfSSL 0:1239e9b70ca2 5569 myTimeout.it_value.tv_sec = 0;
wolfSSL 0:1239e9b70ca2 5570 myTimeout.it_value.tv_usec = 0;
wolfSSL 0:1239e9b70ca2 5571 if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
wolfSSL 0:1239e9b70ca2 5572 ERR_OUT(SETITIMER_ERROR);
wolfSSL 0:1239e9b70ca2 5573
wolfSSL 0:1239e9b70ca2 5574 if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) {
wolfSSL 0:1239e9b70ca2 5575 oldTimerOn = 1;
wolfSSL 0:1239e9b70ca2 5576
wolfSSL 0:1239e9b70ca2 5577 /* is old timer going to expire before ours */
wolfSSL 0:1239e9b70ca2 5578 if (CmpTimes(oldTimeout.it_value, timeout, <)) {
wolfSSL 0:1239e9b70ca2 5579 timeout.tv_sec = oldTimeout.it_value.tv_sec;
wolfSSL 0:1239e9b70ca2 5580 timeout.tv_usec = oldTimeout.it_value.tv_usec;
wolfSSL 0:1239e9b70ca2 5581 }
wolfSSL 0:1239e9b70ca2 5582 }
wolfSSL 0:1239e9b70ca2 5583 myTimeout.it_value.tv_sec = timeout.tv_sec;
wolfSSL 0:1239e9b70ca2 5584 myTimeout.it_value.tv_usec = timeout.tv_usec;
wolfSSL 0:1239e9b70ca2 5585
wolfSSL 0:1239e9b70ca2 5586 /* set up signal handler, don't restart socket send/recv */
wolfSSL 0:1239e9b70ca2 5587 act.sa_handler = myHandler;
wolfSSL 0:1239e9b70ca2 5588 sigemptyset(&act.sa_mask);
wolfSSL 0:1239e9b70ca2 5589 act.sa_flags = 0;
wolfSSL 0:1239e9b70ca2 5590 #ifdef SA_INTERRUPT
wolfSSL 0:1239e9b70ca2 5591 act.sa_flags |= SA_INTERRUPT;
wolfSSL 0:1239e9b70ca2 5592 #endif
wolfSSL 0:1239e9b70ca2 5593 if (sigaction(SIGALRM, &act, &oact) < 0)
wolfSSL 0:1239e9b70ca2 5594 ERR_OUT(SIGACT_ERROR);
wolfSSL 0:1239e9b70ca2 5595
wolfSSL 0:1239e9b70ca2 5596 if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
wolfSSL 0:1239e9b70ca2 5597 ERR_OUT(SETITIMER_ERROR);
wolfSSL 0:1239e9b70ca2 5598 }
wolfSSL 0:1239e9b70ca2 5599
wolfSSL 0:1239e9b70ca2 5600 /* do main work */
wolfSSL 0:1239e9b70ca2 5601 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 5602 if (ssl->options.side == CYASSL_CLIENT_END)
wolfSSL 0:1239e9b70ca2 5603 ret = CyaSSL_connect(ssl);
wolfSSL 0:1239e9b70ca2 5604 #endif
wolfSSL 0:1239e9b70ca2 5605 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 5606 if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 5607 ret = CyaSSL_accept(ssl);
wolfSSL 0:1239e9b70ca2 5608 #endif
wolfSSL 0:1239e9b70ca2 5609
wolfSSL 0:1239e9b70ca2 5610 /* do callbacks */
wolfSSL 0:1239e9b70ca2 5611 if (toCb) {
wolfSSL 0:1239e9b70ca2 5612 if (oldTimerOn) {
wolfSSL 0:1239e9b70ca2 5613 gettimeofday(&endTime, 0);
wolfSSL 0:1239e9b70ca2 5614 SubtractTimes(endTime, startTime, totalTime);
wolfSSL 0:1239e9b70ca2 5615 /* adjust old timer for elapsed time */
wolfSSL 0:1239e9b70ca2 5616 if (CmpTimes(totalTime, oldTimeout.it_value, <))
wolfSSL 0:1239e9b70ca2 5617 SubtractTimes(oldTimeout.it_value, totalTime,
wolfSSL 0:1239e9b70ca2 5618 oldTimeout.it_value);
wolfSSL 0:1239e9b70ca2 5619 else {
wolfSSL 0:1239e9b70ca2 5620 /* reset value to interval, may be off */
wolfSSL 0:1239e9b70ca2 5621 oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
wolfSSL 0:1239e9b70ca2 5622 oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
wolfSSL 0:1239e9b70ca2 5623 }
wolfSSL 0:1239e9b70ca2 5624 /* keep iter the same whether there or not */
wolfSSL 0:1239e9b70ca2 5625 }
wolfSSL 0:1239e9b70ca2 5626 /* restore old handler */
wolfSSL 0:1239e9b70ca2 5627 if (sigaction(SIGALRM, &oact, 0) < 0)
wolfSSL 0:1239e9b70ca2 5628 ret = SIGACT_ERROR; /* more pressing error, stomp */
wolfSSL 0:1239e9b70ca2 5629 else
wolfSSL 0:1239e9b70ca2 5630 /* use old settings which may turn off (expired or not there) */
wolfSSL 0:1239e9b70ca2 5631 if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
wolfSSL 0:1239e9b70ca2 5632 ret = SETITIMER_ERROR;
wolfSSL 0:1239e9b70ca2 5633
wolfSSL 0:1239e9b70ca2 5634 /* if we had a timeout call callback */
wolfSSL 0:1239e9b70ca2 5635 if (ssl->timeoutInfo.timeoutName[0]) {
wolfSSL 0:1239e9b70ca2 5636 ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
wolfSSL 0:1239e9b70ca2 5637 ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
wolfSSL 0:1239e9b70ca2 5638 (toCb)(&ssl->timeoutInfo);
wolfSSL 0:1239e9b70ca2 5639 }
wolfSSL 0:1239e9b70ca2 5640 /* clean up */
wolfSSL 0:1239e9b70ca2 5641 FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
wolfSSL 0:1239e9b70ca2 5642 ssl->toInfoOn = 0;
wolfSSL 0:1239e9b70ca2 5643 }
wolfSSL 0:1239e9b70ca2 5644 if (hsCb) {
wolfSSL 0:1239e9b70ca2 5645 FinishHandShakeInfo(&ssl->handShakeInfo, ssl);
wolfSSL 0:1239e9b70ca2 5646 (hsCb)(&ssl->handShakeInfo);
wolfSSL 0:1239e9b70ca2 5647 ssl->hsInfoOn = 0;
wolfSSL 0:1239e9b70ca2 5648 }
wolfSSL 0:1239e9b70ca2 5649 return ret;
wolfSSL 0:1239e9b70ca2 5650 }
wolfSSL 0:1239e9b70ca2 5651
wolfSSL 0:1239e9b70ca2 5652
wolfSSL 0:1239e9b70ca2 5653 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 5654
wolfSSL 0:1239e9b70ca2 5655 int CyaSSL_connect_ex(CYASSL* ssl, HandShakeCallBack hsCb,
wolfSSL 0:1239e9b70ca2 5656 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 0:1239e9b70ca2 5657 {
wolfSSL 0:1239e9b70ca2 5658 CYASSL_ENTER("CyaSSL_connect_ex");
wolfSSL 0:1239e9b70ca2 5659 return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 0:1239e9b70ca2 5660 }
wolfSSL 0:1239e9b70ca2 5661
wolfSSL 0:1239e9b70ca2 5662 #endif
wolfSSL 0:1239e9b70ca2 5663
wolfSSL 0:1239e9b70ca2 5664
wolfSSL 0:1239e9b70ca2 5665 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 5666
wolfSSL 0:1239e9b70ca2 5667 int CyaSSL_accept_ex(CYASSL* ssl, HandShakeCallBack hsCb,
wolfSSL 0:1239e9b70ca2 5668 TimeoutCallBack toCb,Timeval timeout)
wolfSSL 0:1239e9b70ca2 5669 {
wolfSSL 0:1239e9b70ca2 5670 CYASSL_ENTER("CyaSSL_accept_ex");
wolfSSL 0:1239e9b70ca2 5671 return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 0:1239e9b70ca2 5672 }
wolfSSL 0:1239e9b70ca2 5673
wolfSSL 0:1239e9b70ca2 5674 #endif
wolfSSL 0:1239e9b70ca2 5675
wolfSSL 0:1239e9b70ca2 5676 #endif /* CYASSL_CALLBACKS */
wolfSSL 0:1239e9b70ca2 5677
wolfSSL 0:1239e9b70ca2 5678
wolfSSL 0:1239e9b70ca2 5679 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 5680
wolfSSL 0:1239e9b70ca2 5681 void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5682 psk_client_callback cb)
wolfSSL 0:1239e9b70ca2 5683 {
wolfSSL 0:1239e9b70ca2 5684 CYASSL_ENTER("SSL_CTX_set_psk_client_callback");
wolfSSL 0:1239e9b70ca2 5685 ctx->havePSK = 1;
wolfSSL 0:1239e9b70ca2 5686 ctx->client_psk_cb = cb;
wolfSSL 0:1239e9b70ca2 5687 }
wolfSSL 0:1239e9b70ca2 5688
wolfSSL 0:1239e9b70ca2 5689
wolfSSL 0:1239e9b70ca2 5690 void CyaSSL_set_psk_client_callback(CYASSL* ssl, psk_client_callback cb)
wolfSSL 0:1239e9b70ca2 5691 {
wolfSSL 0:1239e9b70ca2 5692 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 5693
wolfSSL 0:1239e9b70ca2 5694 CYASSL_ENTER("SSL_set_psk_client_callback");
wolfSSL 0:1239e9b70ca2 5695 ssl->options.havePSK = 1;
wolfSSL 0:1239e9b70ca2 5696 ssl->options.client_psk_cb = cb;
wolfSSL 0:1239e9b70ca2 5697
wolfSSL 0:1239e9b70ca2 5698 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 5699 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 5700 #endif
wolfSSL 0:1239e9b70ca2 5701 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 0:1239e9b70ca2 5702 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:1239e9b70ca2 5703 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:1239e9b70ca2 5704 ssl->options.side);
wolfSSL 0:1239e9b70ca2 5705 }
wolfSSL 0:1239e9b70ca2 5706
wolfSSL 0:1239e9b70ca2 5707
wolfSSL 0:1239e9b70ca2 5708 void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5709 psk_server_callback cb)
wolfSSL 0:1239e9b70ca2 5710 {
wolfSSL 0:1239e9b70ca2 5711 CYASSL_ENTER("SSL_CTX_set_psk_server_callback");
wolfSSL 0:1239e9b70ca2 5712 ctx->havePSK = 1;
wolfSSL 0:1239e9b70ca2 5713 ctx->server_psk_cb = cb;
wolfSSL 0:1239e9b70ca2 5714 }
wolfSSL 0:1239e9b70ca2 5715
wolfSSL 0:1239e9b70ca2 5716
wolfSSL 0:1239e9b70ca2 5717 void CyaSSL_set_psk_server_callback(CYASSL* ssl, psk_server_callback cb)
wolfSSL 0:1239e9b70ca2 5718 {
wolfSSL 0:1239e9b70ca2 5719 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 5720
wolfSSL 0:1239e9b70ca2 5721 CYASSL_ENTER("SSL_set_psk_server_callback");
wolfSSL 0:1239e9b70ca2 5722 ssl->options.havePSK = 1;
wolfSSL 0:1239e9b70ca2 5723 ssl->options.server_psk_cb = cb;
wolfSSL 0:1239e9b70ca2 5724
wolfSSL 0:1239e9b70ca2 5725 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 5726 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 5727 #endif
wolfSSL 0:1239e9b70ca2 5728 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 0:1239e9b70ca2 5729 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:1239e9b70ca2 5730 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:1239e9b70ca2 5731 ssl->options.side);
wolfSSL 0:1239e9b70ca2 5732 }
wolfSSL 0:1239e9b70ca2 5733
wolfSSL 0:1239e9b70ca2 5734
wolfSSL 0:1239e9b70ca2 5735 const char* CyaSSL_get_psk_identity_hint(const CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5736 {
wolfSSL 0:1239e9b70ca2 5737 CYASSL_ENTER("SSL_get_psk_identity_hint");
wolfSSL 0:1239e9b70ca2 5738
wolfSSL 0:1239e9b70ca2 5739 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:1239e9b70ca2 5740 return NULL;
wolfSSL 0:1239e9b70ca2 5741
wolfSSL 0:1239e9b70ca2 5742 return ssl->arrays->server_hint;
wolfSSL 0:1239e9b70ca2 5743 }
wolfSSL 0:1239e9b70ca2 5744
wolfSSL 0:1239e9b70ca2 5745
wolfSSL 0:1239e9b70ca2 5746 const char* CyaSSL_get_psk_identity(const CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5747 {
wolfSSL 0:1239e9b70ca2 5748 CYASSL_ENTER("SSL_get_psk_identity");
wolfSSL 0:1239e9b70ca2 5749
wolfSSL 0:1239e9b70ca2 5750 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:1239e9b70ca2 5751 return NULL;
wolfSSL 0:1239e9b70ca2 5752
wolfSSL 0:1239e9b70ca2 5753 return ssl->arrays->client_identity;
wolfSSL 0:1239e9b70ca2 5754 }
wolfSSL 0:1239e9b70ca2 5755
wolfSSL 0:1239e9b70ca2 5756
wolfSSL 0:1239e9b70ca2 5757 int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX* ctx, const char* hint)
wolfSSL 0:1239e9b70ca2 5758 {
wolfSSL 0:1239e9b70ca2 5759 CYASSL_ENTER("SSL_CTX_use_psk_identity_hint");
wolfSSL 0:1239e9b70ca2 5760 if (hint == 0)
wolfSSL 0:1239e9b70ca2 5761 ctx->server_hint[0] = 0;
wolfSSL 0:1239e9b70ca2 5762 else {
wolfSSL 0:1239e9b70ca2 5763 XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL 0:1239e9b70ca2 5764 ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL 0:1239e9b70ca2 5765 }
wolfSSL 0:1239e9b70ca2 5766 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5767 }
wolfSSL 0:1239e9b70ca2 5768
wolfSSL 0:1239e9b70ca2 5769
wolfSSL 0:1239e9b70ca2 5770 int CyaSSL_use_psk_identity_hint(CYASSL* ssl, const char* hint)
wolfSSL 0:1239e9b70ca2 5771 {
wolfSSL 0:1239e9b70ca2 5772 CYASSL_ENTER("SSL_use_psk_identity_hint");
wolfSSL 0:1239e9b70ca2 5773
wolfSSL 0:1239e9b70ca2 5774 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:1239e9b70ca2 5775 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 5776
wolfSSL 0:1239e9b70ca2 5777 if (hint == 0)
wolfSSL 0:1239e9b70ca2 5778 ssl->arrays->server_hint[0] = 0;
wolfSSL 0:1239e9b70ca2 5779 else {
wolfSSL 0:1239e9b70ca2 5780 XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL 0:1239e9b70ca2 5781 ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL 0:1239e9b70ca2 5782 }
wolfSSL 0:1239e9b70ca2 5783 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5784 }
wolfSSL 0:1239e9b70ca2 5785
wolfSSL 0:1239e9b70ca2 5786 #endif /* NO_PSK */
wolfSSL 0:1239e9b70ca2 5787
wolfSSL 0:1239e9b70ca2 5788
wolfSSL 0:1239e9b70ca2 5789 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 5790 /* used to be defined on NO_FILESYSTEM only, but are generally useful */
wolfSSL 0:1239e9b70ca2 5791
wolfSSL 0:1239e9b70ca2 5792 /* CyaSSL extension allows DER files to be loaded from buffers as well */
wolfSSL 0:1239e9b70ca2 5793 int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX* ctx, const unsigned char* in,
wolfSSL 0:1239e9b70ca2 5794 long sz, int format)
wolfSSL 0:1239e9b70ca2 5795 {
wolfSSL 0:1239e9b70ca2 5796 CYASSL_ENTER("CyaSSL_CTX_load_verify_buffer");
wolfSSL 0:1239e9b70ca2 5797 if (format == SSL_FILETYPE_PEM)
wolfSSL 0:1239e9b70ca2 5798 return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
wolfSSL 0:1239e9b70ca2 5799 else
wolfSSL 0:1239e9b70ca2 5800 return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0);
wolfSSL 0:1239e9b70ca2 5801 }
wolfSSL 0:1239e9b70ca2 5802
wolfSSL 0:1239e9b70ca2 5803
wolfSSL 0:1239e9b70ca2 5804 int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5805 const unsigned char* in, long sz, int format)
wolfSSL 0:1239e9b70ca2 5806 {
wolfSSL 0:1239e9b70ca2 5807 CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer");
wolfSSL 0:1239e9b70ca2 5808 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0);
wolfSSL 0:1239e9b70ca2 5809 }
wolfSSL 0:1239e9b70ca2 5810
wolfSSL 0:1239e9b70ca2 5811
wolfSSL 0:1239e9b70ca2 5812 int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5813 const unsigned char* in, long sz, int format)
wolfSSL 0:1239e9b70ca2 5814 {
wolfSSL 0:1239e9b70ca2 5815 CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer");
wolfSSL 0:1239e9b70ca2 5816 return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0);
wolfSSL 0:1239e9b70ca2 5817 }
wolfSSL 0:1239e9b70ca2 5818
wolfSSL 0:1239e9b70ca2 5819
wolfSSL 0:1239e9b70ca2 5820 int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5821 const unsigned char* in, long sz)
wolfSSL 0:1239e9b70ca2 5822 {
wolfSSL 0:1239e9b70ca2 5823 CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer");
wolfSSL 0:1239e9b70ca2 5824 return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL,
wolfSSL 0:1239e9b70ca2 5825 NULL, 1);
wolfSSL 0:1239e9b70ca2 5826 }
wolfSSL 0:1239e9b70ca2 5827
wolfSSL 0:1239e9b70ca2 5828 int CyaSSL_use_certificate_buffer(CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 5829 const unsigned char* in, long sz, int format)
wolfSSL 0:1239e9b70ca2 5830 {
wolfSSL 0:1239e9b70ca2 5831 CYASSL_ENTER("CyaSSL_use_certificate_buffer");
wolfSSL 0:1239e9b70ca2 5832 return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0);
wolfSSL 0:1239e9b70ca2 5833 }
wolfSSL 0:1239e9b70ca2 5834
wolfSSL 0:1239e9b70ca2 5835
wolfSSL 0:1239e9b70ca2 5836 int CyaSSL_use_PrivateKey_buffer(CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 5837 const unsigned char* in, long sz, int format)
wolfSSL 0:1239e9b70ca2 5838 {
wolfSSL 0:1239e9b70ca2 5839 CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer");
wolfSSL 0:1239e9b70ca2 5840 return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
wolfSSL 0:1239e9b70ca2 5841 ssl, NULL, 0);
wolfSSL 0:1239e9b70ca2 5842 }
wolfSSL 0:1239e9b70ca2 5843
wolfSSL 0:1239e9b70ca2 5844
wolfSSL 0:1239e9b70ca2 5845 int CyaSSL_use_certificate_chain_buffer(CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 5846 const unsigned char* in, long sz)
wolfSSL 0:1239e9b70ca2 5847 {
wolfSSL 0:1239e9b70ca2 5848 CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer");
wolfSSL 0:1239e9b70ca2 5849 return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE,
wolfSSL 0:1239e9b70ca2 5850 ssl, NULL, 1);
wolfSSL 0:1239e9b70ca2 5851 }
wolfSSL 0:1239e9b70ca2 5852
wolfSSL 0:1239e9b70ca2 5853
wolfSSL 0:1239e9b70ca2 5854 /* unload any certs or keys that SSL owns, leave CTX as is
wolfSSL 0:1239e9b70ca2 5855 SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 5856 int CyaSSL_UnloadCertsKeys(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5857 {
wolfSSL 0:1239e9b70ca2 5858 if (ssl == NULL) {
wolfSSL 0:1239e9b70ca2 5859 CYASSL_MSG("Null function arg");
wolfSSL 0:1239e9b70ca2 5860 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 5861 }
wolfSSL 0:1239e9b70ca2 5862
wolfSSL 0:1239e9b70ca2 5863 if (ssl->buffers.weOwnCert) {
wolfSSL 0:1239e9b70ca2 5864 CYASSL_MSG("Unloading cert");
wolfSSL 0:1239e9b70ca2 5865 XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 5866 ssl->buffers.weOwnCert = 0;
wolfSSL 0:1239e9b70ca2 5867 ssl->buffers.certificate.length = 0;
wolfSSL 0:1239e9b70ca2 5868 ssl->buffers.certificate.buffer = NULL;
wolfSSL 0:1239e9b70ca2 5869 }
wolfSSL 0:1239e9b70ca2 5870
wolfSSL 0:1239e9b70ca2 5871 if (ssl->buffers.weOwnKey) {
wolfSSL 0:1239e9b70ca2 5872 CYASSL_MSG("Unloading key");
wolfSSL 0:1239e9b70ca2 5873 XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 5874 ssl->buffers.weOwnKey = 0;
wolfSSL 0:1239e9b70ca2 5875 ssl->buffers.key.length = 0;
wolfSSL 0:1239e9b70ca2 5876 ssl->buffers.key.buffer = NULL;
wolfSSL 0:1239e9b70ca2 5877 }
wolfSSL 0:1239e9b70ca2 5878
wolfSSL 0:1239e9b70ca2 5879 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5880 }
wolfSSL 0:1239e9b70ca2 5881
wolfSSL 0:1239e9b70ca2 5882
wolfSSL 0:1239e9b70ca2 5883 int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 5884 {
wolfSSL 0:1239e9b70ca2 5885 CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");
wolfSSL 0:1239e9b70ca2 5886
wolfSSL 0:1239e9b70ca2 5887 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 5888 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 5889
wolfSSL 0:1239e9b70ca2 5890 return CyaSSL_CertManagerUnloadCAs(ctx->cm);
wolfSSL 0:1239e9b70ca2 5891 }
wolfSSL 0:1239e9b70ca2 5892
wolfSSL 0:1239e9b70ca2 5893 /* old NO_FILESYSTEM end */
wolfSSL 0:1239e9b70ca2 5894 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 5895
wolfSSL 0:1239e9b70ca2 5896
wolfSSL 0:1239e9b70ca2 5897 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 0:1239e9b70ca2 5898
wolfSSL 0:1239e9b70ca2 5899
wolfSSL 0:1239e9b70ca2 5900 int CyaSSL_add_all_algorithms(void)
wolfSSL 0:1239e9b70ca2 5901 {
wolfSSL 0:1239e9b70ca2 5902 CYASSL_ENTER("CyaSSL_add_all_algorithms");
wolfSSL 0:1239e9b70ca2 5903 CyaSSL_Init();
wolfSSL 0:1239e9b70ca2 5904 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5905 }
wolfSSL 0:1239e9b70ca2 5906
wolfSSL 0:1239e9b70ca2 5907
wolfSSL 0:1239e9b70ca2 5908 long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX* ctx, long sz)
wolfSSL 0:1239e9b70ca2 5909 {
wolfSSL 0:1239e9b70ca2 5910 /* cache size fixed at compile time in CyaSSL */
wolfSSL 0:1239e9b70ca2 5911 (void)ctx;
wolfSSL 0:1239e9b70ca2 5912 (void)sz;
wolfSSL 0:1239e9b70ca2 5913 return 0;
wolfSSL 0:1239e9b70ca2 5914 }
wolfSSL 0:1239e9b70ca2 5915
wolfSSL 0:1239e9b70ca2 5916
wolfSSL 0:1239e9b70ca2 5917 void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode)
wolfSSL 0:1239e9b70ca2 5918 {
wolfSSL 0:1239e9b70ca2 5919 CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
wolfSSL 0:1239e9b70ca2 5920 if (mode)
wolfSSL 0:1239e9b70ca2 5921 ctx->quietShutdown = 1;
wolfSSL 0:1239e9b70ca2 5922 }
wolfSSL 0:1239e9b70ca2 5923
wolfSSL 0:1239e9b70ca2 5924
wolfSSL 0:1239e9b70ca2 5925 void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode)
wolfSSL 0:1239e9b70ca2 5926 {
wolfSSL 0:1239e9b70ca2 5927 CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
wolfSSL 0:1239e9b70ca2 5928 if (mode)
wolfSSL 0:1239e9b70ca2 5929 ssl->options.quietShutdown = 1;
wolfSSL 0:1239e9b70ca2 5930 }
wolfSSL 0:1239e9b70ca2 5931
wolfSSL 0:1239e9b70ca2 5932
wolfSSL 0:1239e9b70ca2 5933 void CyaSSL_set_bio(CYASSL* ssl, CYASSL_BIO* rd, CYASSL_BIO* wr)
wolfSSL 0:1239e9b70ca2 5934 {
wolfSSL 0:1239e9b70ca2 5935 CYASSL_ENTER("SSL_set_bio");
wolfSSL 0:1239e9b70ca2 5936 CyaSSL_set_rfd(ssl, rd->fd);
wolfSSL 0:1239e9b70ca2 5937 CyaSSL_set_wfd(ssl, wr->fd);
wolfSSL 0:1239e9b70ca2 5938
wolfSSL 0:1239e9b70ca2 5939 ssl->biord = rd;
wolfSSL 0:1239e9b70ca2 5940 ssl->biowr = wr;
wolfSSL 0:1239e9b70ca2 5941 }
wolfSSL 0:1239e9b70ca2 5942
wolfSSL 0:1239e9b70ca2 5943
wolfSSL 0:1239e9b70ca2 5944 void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5945 STACK_OF(CYASSL_X509_NAME)* names)
wolfSSL 0:1239e9b70ca2 5946 {
wolfSSL 0:1239e9b70ca2 5947 (void)ctx;
wolfSSL 0:1239e9b70ca2 5948 (void)names;
wolfSSL 0:1239e9b70ca2 5949 }
wolfSSL 0:1239e9b70ca2 5950
wolfSSL 0:1239e9b70ca2 5951
wolfSSL 0:1239e9b70ca2 5952 STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char* fname)
wolfSSL 0:1239e9b70ca2 5953 {
wolfSSL 0:1239e9b70ca2 5954 (void)fname;
wolfSSL 0:1239e9b70ca2 5955 return 0;
wolfSSL 0:1239e9b70ca2 5956 }
wolfSSL 0:1239e9b70ca2 5957
wolfSSL 0:1239e9b70ca2 5958
wolfSSL 0:1239e9b70ca2 5959 int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 5960 {
wolfSSL 0:1239e9b70ca2 5961 /* TODO:, not needed in goahead */
wolfSSL 0:1239e9b70ca2 5962 (void)ctx;
wolfSSL 0:1239e9b70ca2 5963 return SSL_NOT_IMPLEMENTED;
wolfSSL 0:1239e9b70ca2 5964 }
wolfSSL 0:1239e9b70ca2 5965
wolfSSL 0:1239e9b70ca2 5966
wolfSSL 0:1239e9b70ca2 5967 /* keyblock size in bytes or -1 */
wolfSSL 0:1239e9b70ca2 5968 int CyaSSL_get_keyblock_size(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5969 {
wolfSSL 0:1239e9b70ca2 5970 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 5971 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 5972
wolfSSL 0:1239e9b70ca2 5973 return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
wolfSSL 0:1239e9b70ca2 5974 ssl->specs.hash_size);
wolfSSL 0:1239e9b70ca2 5975 }
wolfSSL 0:1239e9b70ca2 5976
wolfSSL 0:1239e9b70ca2 5977
wolfSSL 0:1239e9b70ca2 5978 /* store keys returns SSL_SUCCESS or -1 on error */
wolfSSL 0:1239e9b70ca2 5979 int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen,
wolfSSL 0:1239e9b70ca2 5980 unsigned char** sr, unsigned int* srLen,
wolfSSL 0:1239e9b70ca2 5981 unsigned char** cr, unsigned int* crLen)
wolfSSL 0:1239e9b70ca2 5982 {
wolfSSL 0:1239e9b70ca2 5983 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:1239e9b70ca2 5984 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 5985
wolfSSL 0:1239e9b70ca2 5986 *ms = ssl->arrays->masterSecret;
wolfSSL 0:1239e9b70ca2 5987 *sr = ssl->arrays->serverRandom;
wolfSSL 0:1239e9b70ca2 5988 *cr = ssl->arrays->clientRandom;
wolfSSL 0:1239e9b70ca2 5989
wolfSSL 0:1239e9b70ca2 5990 *msLen = SECRET_LEN;
wolfSSL 0:1239e9b70ca2 5991 *srLen = RAN_LEN;
wolfSSL 0:1239e9b70ca2 5992 *crLen = RAN_LEN;
wolfSSL 0:1239e9b70ca2 5993
wolfSSL 0:1239e9b70ca2 5994 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5995 }
wolfSSL 0:1239e9b70ca2 5996
wolfSSL 0:1239e9b70ca2 5997
wolfSSL 0:1239e9b70ca2 5998 void CyaSSL_set_accept_state(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5999 {
wolfSSL 0:1239e9b70ca2 6000 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 6001 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 6002
wolfSSL 0:1239e9b70ca2 6003 CYASSL_ENTER("SSL_set_accept_state");
wolfSSL 0:1239e9b70ca2 6004 ssl->options.side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 6005 /* reset suites in case user switched */
wolfSSL 0:1239e9b70ca2 6006
wolfSSL 0:1239e9b70ca2 6007 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 6008 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 6009 #endif
wolfSSL 0:1239e9b70ca2 6010 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 6011 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 6012 #endif
wolfSSL 0:1239e9b70ca2 6013 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 0:1239e9b70ca2 6014 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:1239e9b70ca2 6015 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:1239e9b70ca2 6016 ssl->options.side);
wolfSSL 0:1239e9b70ca2 6017 }
wolfSSL 0:1239e9b70ca2 6018 #endif
wolfSSL 0:1239e9b70ca2 6019
wolfSSL 0:1239e9b70ca2 6020 /* return true if connection established */
wolfSSL 0:1239e9b70ca2 6021 int CyaSSL_is_init_finished(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 6022 {
wolfSSL 0:1239e9b70ca2 6023 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 6024 return 0;
wolfSSL 0:1239e9b70ca2 6025
wolfSSL 0:1239e9b70ca2 6026 if (ssl->options.handShakeState == HANDSHAKE_DONE)
wolfSSL 0:1239e9b70ca2 6027 return 1;
wolfSSL 0:1239e9b70ca2 6028
wolfSSL 0:1239e9b70ca2 6029 return 0;
wolfSSL 0:1239e9b70ca2 6030 }
wolfSSL 0:1239e9b70ca2 6031
wolfSSL 0:1239e9b70ca2 6032 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 0:1239e9b70ca2 6033 void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 6034 CYASSL_RSA*(*f)(CYASSL*, int, int))
wolfSSL 0:1239e9b70ca2 6035 {
wolfSSL 0:1239e9b70ca2 6036 /* CyaSSL verifies all these internally */
wolfSSL 0:1239e9b70ca2 6037 (void)ctx;
wolfSSL 0:1239e9b70ca2 6038 (void)f;
wolfSSL 0:1239e9b70ca2 6039 }
wolfSSL 0:1239e9b70ca2 6040
wolfSSL 0:1239e9b70ca2 6041
wolfSSL 0:1239e9b70ca2 6042 void CyaSSL_set_shutdown(CYASSL* ssl, int opt)
wolfSSL 0:1239e9b70ca2 6043 {
wolfSSL 0:1239e9b70ca2 6044 (void)ssl;
wolfSSL 0:1239e9b70ca2 6045 (void)opt;
wolfSSL 0:1239e9b70ca2 6046 }
wolfSSL 0:1239e9b70ca2 6047
wolfSSL 0:1239e9b70ca2 6048
wolfSSL 0:1239e9b70ca2 6049 long CyaSSL_CTX_set_options(CYASSL_CTX* ctx, long opt)
wolfSSL 0:1239e9b70ca2 6050 {
wolfSSL 0:1239e9b70ca2 6051 /* goahead calls with 0, do nothing */
wolfSSL 0:1239e9b70ca2 6052 CYASSL_ENTER("SSL_CTX_set_options");
wolfSSL 0:1239e9b70ca2 6053 (void)ctx;
wolfSSL 0:1239e9b70ca2 6054 return opt;
wolfSSL 0:1239e9b70ca2 6055 }
wolfSSL 0:1239e9b70ca2 6056
wolfSSL 0:1239e9b70ca2 6057
wolfSSL 0:1239e9b70ca2 6058 int CyaSSL_set_rfd(CYASSL* ssl, int rfd)
wolfSSL 0:1239e9b70ca2 6059 {
wolfSSL 0:1239e9b70ca2 6060 CYASSL_ENTER("SSL_set_rfd");
wolfSSL 0:1239e9b70ca2 6061 ssl->rfd = rfd; /* not used directly to allow IO callbacks */
wolfSSL 0:1239e9b70ca2 6062
wolfSSL 0:1239e9b70ca2 6063 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 0:1239e9b70ca2 6064
wolfSSL 0:1239e9b70ca2 6065 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 6066 }
wolfSSL 0:1239e9b70ca2 6067
wolfSSL 0:1239e9b70ca2 6068
wolfSSL 0:1239e9b70ca2 6069 int CyaSSL_set_wfd(CYASSL* ssl, int wfd)
wolfSSL 0:1239e9b70ca2 6070 {
wolfSSL 0:1239e9b70ca2 6071 CYASSL_ENTER("SSL_set_wfd");
wolfSSL 0:1239e9b70ca2 6072 ssl->wfd = wfd; /* not used directly to allow IO callbacks */
wolfSSL 0:1239e9b70ca2 6073
wolfSSL 0:1239e9b70ca2 6074 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 0:1239e9b70ca2 6075
wolfSSL 0:1239e9b70ca2 6076 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 6077 }
wolfSSL 0:1239e9b70ca2 6078
wolfSSL 0:1239e9b70ca2 6079
wolfSSL 0:1239e9b70ca2 6080 CYASSL_RSA* CyaSSL_RSA_generate_key(int len, unsigned long bits,
wolfSSL 0:1239e9b70ca2 6081 void(*f)(int, int, void*), void* data)
wolfSSL 0:1239e9b70ca2 6082 {
wolfSSL 0:1239e9b70ca2 6083 /* no tmp key needed, actual generation not supported */
wolfSSL 0:1239e9b70ca2 6084 CYASSL_ENTER("RSA_generate_key");
wolfSSL 0:1239e9b70ca2 6085 (void)len;
wolfSSL 0:1239e9b70ca2 6086 (void)bits;
wolfSSL 0:1239e9b70ca2 6087 (void)f;
wolfSSL 0:1239e9b70ca2 6088 (void)data;
wolfSSL 0:1239e9b70ca2 6089 return NULL;
wolfSSL 0:1239e9b70ca2 6090 }
wolfSSL 0:1239e9b70ca2 6091
wolfSSL 0:1239e9b70ca2 6092
wolfSSL 0:1239e9b70ca2 6093
wolfSSL 0:1239e9b70ca2 6094 CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
wolfSSL 0:1239e9b70ca2 6095 CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6096 {
wolfSSL 0:1239e9b70ca2 6097 (void)ctx;
wolfSSL 0:1239e9b70ca2 6098 return 0;
wolfSSL 0:1239e9b70ca2 6099 }
wolfSSL 0:1239e9b70ca2 6100
wolfSSL 0:1239e9b70ca2 6101
wolfSSL 0:1239e9b70ca2 6102 int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6103 {
wolfSSL 0:1239e9b70ca2 6104 if (ctx != NULL)
wolfSSL 0:1239e9b70ca2 6105 return ctx->error;
wolfSSL 0:1239e9b70ca2 6106 return 0;
wolfSSL 0:1239e9b70ca2 6107 }
wolfSSL 0:1239e9b70ca2 6108
wolfSSL 0:1239e9b70ca2 6109
wolfSSL 0:1239e9b70ca2 6110 int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6111 {
wolfSSL 0:1239e9b70ca2 6112 (void)ctx;
wolfSSL 0:1239e9b70ca2 6113 return 0;
wolfSSL 0:1239e9b70ca2 6114 }
wolfSSL 0:1239e9b70ca2 6115
wolfSSL 0:1239e9b70ca2 6116
wolfSSL 0:1239e9b70ca2 6117 CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void)
wolfSSL 0:1239e9b70ca2 6118 {
wolfSSL 0:1239e9b70ca2 6119 static CYASSL_BIO_METHOD meth;
wolfSSL 0:1239e9b70ca2 6120
wolfSSL 0:1239e9b70ca2 6121 CYASSL_ENTER("BIO_f_buffer");
wolfSSL 0:1239e9b70ca2 6122 meth.type = BIO_BUFFER;
wolfSSL 0:1239e9b70ca2 6123
wolfSSL 0:1239e9b70ca2 6124 return &meth;
wolfSSL 0:1239e9b70ca2 6125 }
wolfSSL 0:1239e9b70ca2 6126
wolfSSL 0:1239e9b70ca2 6127
wolfSSL 0:1239e9b70ca2 6128 long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO* bio, long size)
wolfSSL 0:1239e9b70ca2 6129 {
wolfSSL 0:1239e9b70ca2 6130 /* CyaSSL has internal buffer, compatibility only */
wolfSSL 0:1239e9b70ca2 6131 CYASSL_ENTER("BIO_set_write_buffer_size");
wolfSSL 0:1239e9b70ca2 6132 (void)bio;
wolfSSL 0:1239e9b70ca2 6133 return size;
wolfSSL 0:1239e9b70ca2 6134 }
wolfSSL 0:1239e9b70ca2 6135
wolfSSL 0:1239e9b70ca2 6136
wolfSSL 0:1239e9b70ca2 6137 CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void)
wolfSSL 0:1239e9b70ca2 6138 {
wolfSSL 0:1239e9b70ca2 6139 static CYASSL_BIO_METHOD meth;
wolfSSL 0:1239e9b70ca2 6140
wolfSSL 0:1239e9b70ca2 6141 CYASSL_ENTER("BIO_f_ssl");
wolfSSL 0:1239e9b70ca2 6142 meth.type = BIO_SSL;
wolfSSL 0:1239e9b70ca2 6143
wolfSSL 0:1239e9b70ca2 6144 return &meth;
wolfSSL 0:1239e9b70ca2 6145 }
wolfSSL 0:1239e9b70ca2 6146
wolfSSL 0:1239e9b70ca2 6147
wolfSSL 0:1239e9b70ca2 6148 CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int closeF)
wolfSSL 0:1239e9b70ca2 6149 {
wolfSSL 0:1239e9b70ca2 6150 CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
wolfSSL 0:1239e9b70ca2 6151 DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6152
wolfSSL 0:1239e9b70ca2 6153 CYASSL_ENTER("BIO_new_socket");
wolfSSL 0:1239e9b70ca2 6154 if (bio) {
wolfSSL 0:1239e9b70ca2 6155 bio->type = BIO_SOCKET;
wolfSSL 0:1239e9b70ca2 6156 bio->close = (byte)closeF;
wolfSSL 0:1239e9b70ca2 6157 bio->eof = 0;
wolfSSL 0:1239e9b70ca2 6158 bio->ssl = 0;
wolfSSL 0:1239e9b70ca2 6159 bio->fd = sfd;
wolfSSL 0:1239e9b70ca2 6160 bio->prev = 0;
wolfSSL 0:1239e9b70ca2 6161 bio->next = 0;
wolfSSL 0:1239e9b70ca2 6162 bio->mem = NULL;
wolfSSL 0:1239e9b70ca2 6163 bio->memLen = 0;
wolfSSL 0:1239e9b70ca2 6164 }
wolfSSL 0:1239e9b70ca2 6165 return bio;
wolfSSL 0:1239e9b70ca2 6166 }
wolfSSL 0:1239e9b70ca2 6167
wolfSSL 0:1239e9b70ca2 6168
wolfSSL 0:1239e9b70ca2 6169 int CyaSSL_BIO_eof(CYASSL_BIO* b)
wolfSSL 0:1239e9b70ca2 6170 {
wolfSSL 0:1239e9b70ca2 6171 CYASSL_ENTER("BIO_eof");
wolfSSL 0:1239e9b70ca2 6172 if (b->eof)
wolfSSL 0:1239e9b70ca2 6173 return 1;
wolfSSL 0:1239e9b70ca2 6174
wolfSSL 0:1239e9b70ca2 6175 return 0;
wolfSSL 0:1239e9b70ca2 6176 }
wolfSSL 0:1239e9b70ca2 6177
wolfSSL 0:1239e9b70ca2 6178
wolfSSL 0:1239e9b70ca2 6179 long CyaSSL_BIO_set_ssl(CYASSL_BIO* b, CYASSL* ssl, int closeF)
wolfSSL 0:1239e9b70ca2 6180 {
wolfSSL 0:1239e9b70ca2 6181 CYASSL_ENTER("BIO_set_ssl");
wolfSSL 0:1239e9b70ca2 6182 b->ssl = ssl;
wolfSSL 0:1239e9b70ca2 6183 b->close = (byte)closeF;
wolfSSL 0:1239e9b70ca2 6184 /* add to ssl for bio free if SSL_free called before/instead of free_all? */
wolfSSL 0:1239e9b70ca2 6185
wolfSSL 0:1239e9b70ca2 6186 return 0;
wolfSSL 0:1239e9b70ca2 6187 }
wolfSSL 0:1239e9b70ca2 6188
wolfSSL 0:1239e9b70ca2 6189
wolfSSL 0:1239e9b70ca2 6190 CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD* method)
wolfSSL 0:1239e9b70ca2 6191 {
wolfSSL 0:1239e9b70ca2 6192 CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
wolfSSL 0:1239e9b70ca2 6193 DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6194 CYASSL_ENTER("BIO_new");
wolfSSL 0:1239e9b70ca2 6195 if (bio) {
wolfSSL 0:1239e9b70ca2 6196 bio->type = method->type;
wolfSSL 0:1239e9b70ca2 6197 bio->close = 0;
wolfSSL 0:1239e9b70ca2 6198 bio->eof = 0;
wolfSSL 0:1239e9b70ca2 6199 bio->ssl = NULL;
wolfSSL 0:1239e9b70ca2 6200 bio->mem = NULL;
wolfSSL 0:1239e9b70ca2 6201 bio->memLen = 0;
wolfSSL 0:1239e9b70ca2 6202 bio->fd = 0;
wolfSSL 0:1239e9b70ca2 6203 bio->prev = NULL;
wolfSSL 0:1239e9b70ca2 6204 bio->next = NULL;
wolfSSL 0:1239e9b70ca2 6205 }
wolfSSL 0:1239e9b70ca2 6206 return bio;
wolfSSL 0:1239e9b70ca2 6207 }
wolfSSL 0:1239e9b70ca2 6208
wolfSSL 0:1239e9b70ca2 6209
wolfSSL 0:1239e9b70ca2 6210 int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio, const byte** p)
wolfSSL 0:1239e9b70ca2 6211 {
wolfSSL 0:1239e9b70ca2 6212 if (bio == NULL || p == NULL)
wolfSSL 0:1239e9b70ca2 6213 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 6214
wolfSSL 0:1239e9b70ca2 6215 *p = bio->mem;
wolfSSL 0:1239e9b70ca2 6216
wolfSSL 0:1239e9b70ca2 6217 return bio->memLen;
wolfSSL 0:1239e9b70ca2 6218 }
wolfSSL 0:1239e9b70ca2 6219
wolfSSL 0:1239e9b70ca2 6220
wolfSSL 0:1239e9b70ca2 6221 CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len)
wolfSSL 0:1239e9b70ca2 6222 {
wolfSSL 0:1239e9b70ca2 6223 CYASSL_BIO* bio = NULL;
wolfSSL 0:1239e9b70ca2 6224 if (buf == NULL)
wolfSSL 0:1239e9b70ca2 6225 return bio;
wolfSSL 0:1239e9b70ca2 6226
wolfSSL 0:1239e9b70ca2 6227 bio = CyaSSL_BIO_new(CyaSSL_BIO_s_mem());
wolfSSL 0:1239e9b70ca2 6228 if (bio == NULL)
wolfSSL 0:1239e9b70ca2 6229 return bio;
wolfSSL 0:1239e9b70ca2 6230
wolfSSL 0:1239e9b70ca2 6231 bio->memLen = len;
wolfSSL 0:1239e9b70ca2 6232 bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6233 if (bio->mem == NULL) {
wolfSSL 0:1239e9b70ca2 6234 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6235 return NULL;
wolfSSL 0:1239e9b70ca2 6236 }
wolfSSL 0:1239e9b70ca2 6237
wolfSSL 0:1239e9b70ca2 6238 XMEMCPY(bio->mem, buf, len);
wolfSSL 0:1239e9b70ca2 6239
wolfSSL 0:1239e9b70ca2 6240 return bio;
wolfSSL 0:1239e9b70ca2 6241 }
wolfSSL 0:1239e9b70ca2 6242
wolfSSL 0:1239e9b70ca2 6243
wolfSSL 0:1239e9b70ca2 6244 #ifdef USE_WINDOWS_API
wolfSSL 0:1239e9b70ca2 6245 #define CloseSocket(s) closesocket(s)
wolfSSL 0:1239e9b70ca2 6246 #elif defined(CYASSL_MDK_ARM)
wolfSSL 0:1239e9b70ca2 6247 #define CloseSocket(s) closesocket(s)
wolfSSL 0:1239e9b70ca2 6248 extern int closesocket(int) ;
wolfSSL 0:1239e9b70ca2 6249 #else
wolfSSL 0:1239e9b70ca2 6250 #define CloseSocket(s) close(s)
wolfSSL 0:1239e9b70ca2 6251 #endif
wolfSSL 0:1239e9b70ca2 6252
wolfSSL 0:1239e9b70ca2 6253 int CyaSSL_BIO_free(CYASSL_BIO* bio)
wolfSSL 0:1239e9b70ca2 6254 {
wolfSSL 0:1239e9b70ca2 6255 /* unchain?, doesn't matter in goahead since from free all */
wolfSSL 0:1239e9b70ca2 6256 CYASSL_ENTER("BIO_free");
wolfSSL 0:1239e9b70ca2 6257 if (bio) {
wolfSSL 0:1239e9b70ca2 6258 if (bio->close) {
wolfSSL 0:1239e9b70ca2 6259 if (bio->ssl)
wolfSSL 0:1239e9b70ca2 6260 CyaSSL_free(bio->ssl);
wolfSSL 0:1239e9b70ca2 6261 if (bio->fd)
wolfSSL 0:1239e9b70ca2 6262 CloseSocket(bio->fd);
wolfSSL 0:1239e9b70ca2 6263 }
wolfSSL 0:1239e9b70ca2 6264 if (bio->mem)
wolfSSL 0:1239e9b70ca2 6265 XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6266 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6267 }
wolfSSL 0:1239e9b70ca2 6268 return 0;
wolfSSL 0:1239e9b70ca2 6269 }
wolfSSL 0:1239e9b70ca2 6270
wolfSSL 0:1239e9b70ca2 6271
wolfSSL 0:1239e9b70ca2 6272 int CyaSSL_BIO_free_all(CYASSL_BIO* bio)
wolfSSL 0:1239e9b70ca2 6273 {
wolfSSL 0:1239e9b70ca2 6274 CYASSL_ENTER("BIO_free_all");
wolfSSL 0:1239e9b70ca2 6275 while (bio) {
wolfSSL 0:1239e9b70ca2 6276 CYASSL_BIO* next = bio->next;
wolfSSL 0:1239e9b70ca2 6277 CyaSSL_BIO_free(bio);
wolfSSL 0:1239e9b70ca2 6278 bio = next;
wolfSSL 0:1239e9b70ca2 6279 }
wolfSSL 0:1239e9b70ca2 6280 return 0;
wolfSSL 0:1239e9b70ca2 6281 }
wolfSSL 0:1239e9b70ca2 6282
wolfSSL 0:1239e9b70ca2 6283
wolfSSL 0:1239e9b70ca2 6284 int CyaSSL_BIO_read(CYASSL_BIO* bio, void* buf, int len)
wolfSSL 0:1239e9b70ca2 6285 {
wolfSSL 0:1239e9b70ca2 6286 int ret;
wolfSSL 0:1239e9b70ca2 6287 CYASSL* ssl = 0;
wolfSSL 0:1239e9b70ca2 6288 CYASSL_BIO* front = bio;
wolfSSL 0:1239e9b70ca2 6289
wolfSSL 0:1239e9b70ca2 6290 CYASSL_ENTER("BIO_read");
wolfSSL 0:1239e9b70ca2 6291 /* already got eof, again is error */
wolfSSL 0:1239e9b70ca2 6292 if (front->eof)
wolfSSL 0:1239e9b70ca2 6293 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 6294
wolfSSL 0:1239e9b70ca2 6295 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 0:1239e9b70ca2 6296 bio = bio->next;
wolfSSL 0:1239e9b70ca2 6297
wolfSSL 0:1239e9b70ca2 6298 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 6299
wolfSSL 0:1239e9b70ca2 6300 ret = CyaSSL_read(ssl, buf, len);
wolfSSL 0:1239e9b70ca2 6301 if (ret == 0)
wolfSSL 0:1239e9b70ca2 6302 front->eof = 1;
wolfSSL 0:1239e9b70ca2 6303 else if (ret < 0) {
wolfSSL 0:1239e9b70ca2 6304 int err = CyaSSL_get_error(ssl, 0);
wolfSSL 0:1239e9b70ca2 6305 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 0:1239e9b70ca2 6306 front->eof = 1;
wolfSSL 0:1239e9b70ca2 6307 }
wolfSSL 0:1239e9b70ca2 6308 return ret;
wolfSSL 0:1239e9b70ca2 6309 }
wolfSSL 0:1239e9b70ca2 6310
wolfSSL 0:1239e9b70ca2 6311
wolfSSL 0:1239e9b70ca2 6312 int CyaSSL_BIO_write(CYASSL_BIO* bio, const void* data, int len)
wolfSSL 0:1239e9b70ca2 6313 {
wolfSSL 0:1239e9b70ca2 6314 int ret;
wolfSSL 0:1239e9b70ca2 6315 CYASSL* ssl = 0;
wolfSSL 0:1239e9b70ca2 6316 CYASSL_BIO* front = bio;
wolfSSL 0:1239e9b70ca2 6317
wolfSSL 0:1239e9b70ca2 6318 CYASSL_ENTER("BIO_write");
wolfSSL 0:1239e9b70ca2 6319 /* already got eof, again is error */
wolfSSL 0:1239e9b70ca2 6320 if (front->eof)
wolfSSL 0:1239e9b70ca2 6321 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 6322
wolfSSL 0:1239e9b70ca2 6323 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 0:1239e9b70ca2 6324 bio = bio->next;
wolfSSL 0:1239e9b70ca2 6325
wolfSSL 0:1239e9b70ca2 6326 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 6327
wolfSSL 0:1239e9b70ca2 6328 ret = CyaSSL_write(ssl, data, len);
wolfSSL 0:1239e9b70ca2 6329 if (ret == 0)
wolfSSL 0:1239e9b70ca2 6330 front->eof = 1;
wolfSSL 0:1239e9b70ca2 6331 else if (ret < 0) {
wolfSSL 0:1239e9b70ca2 6332 int err = CyaSSL_get_error(ssl, 0);
wolfSSL 0:1239e9b70ca2 6333 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 0:1239e9b70ca2 6334 front->eof = 1;
wolfSSL 0:1239e9b70ca2 6335 }
wolfSSL 0:1239e9b70ca2 6336
wolfSSL 0:1239e9b70ca2 6337 return ret;
wolfSSL 0:1239e9b70ca2 6338 }
wolfSSL 0:1239e9b70ca2 6339
wolfSSL 0:1239e9b70ca2 6340
wolfSSL 0:1239e9b70ca2 6341 CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO* top, CYASSL_BIO* append)
wolfSSL 0:1239e9b70ca2 6342 {
wolfSSL 0:1239e9b70ca2 6343 CYASSL_ENTER("BIO_push");
wolfSSL 0:1239e9b70ca2 6344 top->next = append;
wolfSSL 0:1239e9b70ca2 6345 append->prev = top;
wolfSSL 0:1239e9b70ca2 6346
wolfSSL 0:1239e9b70ca2 6347 return top;
wolfSSL 0:1239e9b70ca2 6348 }
wolfSSL 0:1239e9b70ca2 6349
wolfSSL 0:1239e9b70ca2 6350
wolfSSL 0:1239e9b70ca2 6351 int CyaSSL_BIO_flush(CYASSL_BIO* bio)
wolfSSL 0:1239e9b70ca2 6352 {
wolfSSL 0:1239e9b70ca2 6353 /* for CyaSSL no flushing needed */
wolfSSL 0:1239e9b70ca2 6354 CYASSL_ENTER("BIO_flush");
wolfSSL 0:1239e9b70ca2 6355 (void)bio;
wolfSSL 0:1239e9b70ca2 6356 return 1;
wolfSSL 0:1239e9b70ca2 6357 }
wolfSSL 0:1239e9b70ca2 6358
wolfSSL 0:1239e9b70ca2 6359
wolfSSL 0:1239e9b70ca2 6360 #endif /* OPENSSL_EXTRA || GOAHEAD_WS */
wolfSSL 0:1239e9b70ca2 6361
wolfSSL 0:1239e9b70ca2 6362
wolfSSL 0:1239e9b70ca2 6363 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 6364
wolfSSL 0:1239e9b70ca2 6365 void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 6366 void* userdata)
wolfSSL 0:1239e9b70ca2 6367 {
wolfSSL 0:1239e9b70ca2 6368 CYASSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
wolfSSL 0:1239e9b70ca2 6369 ctx->userdata = userdata;
wolfSSL 0:1239e9b70ca2 6370 }
wolfSSL 0:1239e9b70ca2 6371
wolfSSL 0:1239e9b70ca2 6372
wolfSSL 0:1239e9b70ca2 6373 void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX* ctx, pem_password_cb cb)
wolfSSL 0:1239e9b70ca2 6374 {
wolfSSL 0:1239e9b70ca2 6375 CYASSL_ENTER("SSL_CTX_set_default_passwd_cb");
wolfSSL 0:1239e9b70ca2 6376 ctx->passwd_cb = cb;
wolfSSL 0:1239e9b70ca2 6377 }
wolfSSL 0:1239e9b70ca2 6378
wolfSSL 0:1239e9b70ca2 6379 int CyaSSL_num_locks(void)
wolfSSL 0:1239e9b70ca2 6380 {
wolfSSL 0:1239e9b70ca2 6381 return 0;
wolfSSL 0:1239e9b70ca2 6382 }
wolfSSL 0:1239e9b70ca2 6383
wolfSSL 0:1239e9b70ca2 6384 void CyaSSL_set_locking_callback(void (*f)(int, int, const char*, int))
wolfSSL 0:1239e9b70ca2 6385 {
wolfSSL 0:1239e9b70ca2 6386 (void)f;
wolfSSL 0:1239e9b70ca2 6387 }
wolfSSL 0:1239e9b70ca2 6388
wolfSSL 0:1239e9b70ca2 6389 void CyaSSL_set_id_callback(unsigned long (*f)(void))
wolfSSL 0:1239e9b70ca2 6390 {
wolfSSL 0:1239e9b70ca2 6391 (void)f;
wolfSSL 0:1239e9b70ca2 6392 }
wolfSSL 0:1239e9b70ca2 6393
wolfSSL 0:1239e9b70ca2 6394 unsigned long CyaSSL_ERR_get_error(void)
wolfSSL 0:1239e9b70ca2 6395 {
wolfSSL 0:1239e9b70ca2 6396 /* TODO: */
wolfSSL 0:1239e9b70ca2 6397 return 0;
wolfSSL 0:1239e9b70ca2 6398 }
wolfSSL 0:1239e9b70ca2 6399
wolfSSL 0:1239e9b70ca2 6400 int CyaSSL_EVP_BytesToKey(const CYASSL_EVP_CIPHER* type,
wolfSSL 0:1239e9b70ca2 6401 const CYASSL_EVP_MD* md, const byte* salt,
wolfSSL 0:1239e9b70ca2 6402 const byte* data, int sz, int count, byte* key, byte* iv)
wolfSSL 0:1239e9b70ca2 6403 {
wolfSSL 0:1239e9b70ca2 6404 int keyLen = 0;
wolfSSL 0:1239e9b70ca2 6405 int ivLen = 0;
wolfSSL 0:1239e9b70ca2 6406
wolfSSL 0:1239e9b70ca2 6407 Md5 myMD;
wolfSSL 0:1239e9b70ca2 6408 byte digest[MD5_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 6409
wolfSSL 0:1239e9b70ca2 6410 int j;
wolfSSL 0:1239e9b70ca2 6411 int keyLeft;
wolfSSL 0:1239e9b70ca2 6412 int ivLeft;
wolfSSL 0:1239e9b70ca2 6413 int keyOutput = 0;
wolfSSL 0:1239e9b70ca2 6414
wolfSSL 0:1239e9b70ca2 6415 CYASSL_ENTER("EVP_BytesToKey");
wolfSSL 0:1239e9b70ca2 6416 InitMd5(&myMD);
wolfSSL 0:1239e9b70ca2 6417
wolfSSL 0:1239e9b70ca2 6418 /* only support MD5 for now */
wolfSSL 0:1239e9b70ca2 6419 if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
wolfSSL 0:1239e9b70ca2 6420
wolfSSL 0:1239e9b70ca2 6421 /* only support CBC DES and AES for now */
wolfSSL 0:1239e9b70ca2 6422 if (XSTRNCMP(type, "DES-CBC", 7) == 0) {
wolfSSL 0:1239e9b70ca2 6423 keyLen = DES_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6424 ivLen = DES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6425 }
wolfSSL 0:1239e9b70ca2 6426 else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) {
wolfSSL 0:1239e9b70ca2 6427 keyLen = DES3_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6428 ivLen = DES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6429 }
wolfSSL 0:1239e9b70ca2 6430 else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) {
wolfSSL 0:1239e9b70ca2 6431 keyLen = AES_128_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6432 ivLen = AES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6433 }
wolfSSL 0:1239e9b70ca2 6434 else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) {
wolfSSL 0:1239e9b70ca2 6435 keyLen = AES_192_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6436 ivLen = AES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6437 }
wolfSSL 0:1239e9b70ca2 6438 else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) {
wolfSSL 0:1239e9b70ca2 6439 keyLen = AES_256_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6440 ivLen = AES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6441 }
wolfSSL 0:1239e9b70ca2 6442 else
wolfSSL 0:1239e9b70ca2 6443 return 0;
wolfSSL 0:1239e9b70ca2 6444
wolfSSL 0:1239e9b70ca2 6445 keyLeft = keyLen;
wolfSSL 0:1239e9b70ca2 6446 ivLeft = ivLen;
wolfSSL 0:1239e9b70ca2 6447
wolfSSL 0:1239e9b70ca2 6448 while (keyOutput < (keyLen + ivLen)) {
wolfSSL 0:1239e9b70ca2 6449 int digestLeft = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 6450 /* D_(i - 1) */
wolfSSL 0:1239e9b70ca2 6451 if (keyOutput) /* first time D_0 is empty */
wolfSSL 0:1239e9b70ca2 6452 Md5Update(&myMD, digest, MD5_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 6453 /* data */
wolfSSL 0:1239e9b70ca2 6454 Md5Update(&myMD, data, sz);
wolfSSL 0:1239e9b70ca2 6455 /* salt */
wolfSSL 0:1239e9b70ca2 6456 if (salt)
wolfSSL 0:1239e9b70ca2 6457 Md5Update(&myMD, salt, EVP_SALT_SIZE);
wolfSSL 0:1239e9b70ca2 6458 Md5Final(&myMD, digest);
wolfSSL 0:1239e9b70ca2 6459 /* count */
wolfSSL 0:1239e9b70ca2 6460 for (j = 1; j < count; j++) {
wolfSSL 0:1239e9b70ca2 6461 Md5Update(&myMD, digest, MD5_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 6462 Md5Final(&myMD, digest);
wolfSSL 0:1239e9b70ca2 6463 }
wolfSSL 0:1239e9b70ca2 6464
wolfSSL 0:1239e9b70ca2 6465 if (keyLeft) {
wolfSSL 0:1239e9b70ca2 6466 int store = min(keyLeft, MD5_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 6467 XMEMCPY(&key[keyLen - keyLeft], digest, store);
wolfSSL 0:1239e9b70ca2 6468
wolfSSL 0:1239e9b70ca2 6469 keyOutput += store;
wolfSSL 0:1239e9b70ca2 6470 keyLeft -= store;
wolfSSL 0:1239e9b70ca2 6471 digestLeft -= store;
wolfSSL 0:1239e9b70ca2 6472 }
wolfSSL 0:1239e9b70ca2 6473
wolfSSL 0:1239e9b70ca2 6474 if (ivLeft && digestLeft) {
wolfSSL 0:1239e9b70ca2 6475 int store = min(ivLeft, digestLeft);
wolfSSL 0:1239e9b70ca2 6476 XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE -
wolfSSL 0:1239e9b70ca2 6477 digestLeft], store);
wolfSSL 0:1239e9b70ca2 6478 keyOutput += store;
wolfSSL 0:1239e9b70ca2 6479 ivLeft -= store;
wolfSSL 0:1239e9b70ca2 6480 }
wolfSSL 0:1239e9b70ca2 6481 }
wolfSSL 0:1239e9b70ca2 6482 if (keyOutput != (keyLen + ivLen))
wolfSSL 0:1239e9b70ca2 6483 return 0;
wolfSSL 0:1239e9b70ca2 6484 return keyOutput;
wolfSSL 0:1239e9b70ca2 6485 }
wolfSSL 0:1239e9b70ca2 6486
wolfSSL 0:1239e9b70ca2 6487 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:1239e9b70ca2 6488
wolfSSL 0:1239e9b70ca2 6489
wolfSSL 0:1239e9b70ca2 6490 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 6491
wolfSSL 0:1239e9b70ca2 6492 unsigned long CyaSSLeay(void)
wolfSSL 0:1239e9b70ca2 6493 {
wolfSSL 0:1239e9b70ca2 6494 return SSLEAY_VERSION_NUMBER;
wolfSSL 0:1239e9b70ca2 6495 }
wolfSSL 0:1239e9b70ca2 6496
wolfSSL 0:1239e9b70ca2 6497
wolfSSL 0:1239e9b70ca2 6498 const char* CyaSSLeay_version(int type)
wolfSSL 0:1239e9b70ca2 6499 {
wolfSSL 0:1239e9b70ca2 6500 static const char* version = "SSLeay CyaSSL compatibility";
wolfSSL 0:1239e9b70ca2 6501 (void)type;
wolfSSL 0:1239e9b70ca2 6502 return version;
wolfSSL 0:1239e9b70ca2 6503 }
wolfSSL 0:1239e9b70ca2 6504
wolfSSL 0:1239e9b70ca2 6505
wolfSSL 0:1239e9b70ca2 6506 void CyaSSL_MD5_Init(CYASSL_MD5_CTX* md5)
wolfSSL 0:1239e9b70ca2 6507 {
wolfSSL 0:1239e9b70ca2 6508 typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6509 (void)sizeof(md5_test);
wolfSSL 0:1239e9b70ca2 6510
wolfSSL 0:1239e9b70ca2 6511 CYASSL_ENTER("MD5_Init");
wolfSSL 0:1239e9b70ca2 6512 InitMd5((Md5*)md5);
wolfSSL 0:1239e9b70ca2 6513 }
wolfSSL 0:1239e9b70ca2 6514
wolfSSL 0:1239e9b70ca2 6515
wolfSSL 0:1239e9b70ca2 6516 void CyaSSL_MD5_Update(CYASSL_MD5_CTX* md5, const void* input,
wolfSSL 0:1239e9b70ca2 6517 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6518 {
wolfSSL 0:1239e9b70ca2 6519 CYASSL_ENTER("CyaSSL_MD5_Update");
wolfSSL 0:1239e9b70ca2 6520 Md5Update((Md5*)md5, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6521 }
wolfSSL 0:1239e9b70ca2 6522
wolfSSL 0:1239e9b70ca2 6523
wolfSSL 0:1239e9b70ca2 6524 void CyaSSL_MD5_Final(byte* input, CYASSL_MD5_CTX* md5)
wolfSSL 0:1239e9b70ca2 6525 {
wolfSSL 0:1239e9b70ca2 6526 CYASSL_ENTER("MD5_Final");
wolfSSL 0:1239e9b70ca2 6527 Md5Final((Md5*)md5, input);
wolfSSL 0:1239e9b70ca2 6528 }
wolfSSL 0:1239e9b70ca2 6529
wolfSSL 0:1239e9b70ca2 6530
wolfSSL 0:1239e9b70ca2 6531 void CyaSSL_SHA_Init(CYASSL_SHA_CTX* sha)
wolfSSL 0:1239e9b70ca2 6532 {
wolfSSL 0:1239e9b70ca2 6533 typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6534 (void)sizeof(sha_test);
wolfSSL 0:1239e9b70ca2 6535
wolfSSL 0:1239e9b70ca2 6536 CYASSL_ENTER("SHA_Init");
wolfSSL 0:1239e9b70ca2 6537 InitSha((Sha*)sha); /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 6538 }
wolfSSL 0:1239e9b70ca2 6539
wolfSSL 0:1239e9b70ca2 6540
wolfSSL 0:1239e9b70ca2 6541 void CyaSSL_SHA_Update(CYASSL_SHA_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6542 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6543 {
wolfSSL 0:1239e9b70ca2 6544 CYASSL_ENTER("SHA_Update");
wolfSSL 0:1239e9b70ca2 6545 ShaUpdate((Sha*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6546 }
wolfSSL 0:1239e9b70ca2 6547
wolfSSL 0:1239e9b70ca2 6548
wolfSSL 0:1239e9b70ca2 6549 void CyaSSL_SHA_Final(byte* input, CYASSL_SHA_CTX* sha)
wolfSSL 0:1239e9b70ca2 6550 {
wolfSSL 0:1239e9b70ca2 6551 CYASSL_ENTER("SHA_Final");
wolfSSL 0:1239e9b70ca2 6552 ShaFinal((Sha*)sha, input);
wolfSSL 0:1239e9b70ca2 6553 }
wolfSSL 0:1239e9b70ca2 6554
wolfSSL 0:1239e9b70ca2 6555
wolfSSL 0:1239e9b70ca2 6556 void CyaSSL_SHA1_Init(CYASSL_SHA_CTX* sha)
wolfSSL 0:1239e9b70ca2 6557 {
wolfSSL 0:1239e9b70ca2 6558 CYASSL_ENTER("SHA1_Init");
wolfSSL 0:1239e9b70ca2 6559 SHA_Init(sha);
wolfSSL 0:1239e9b70ca2 6560 }
wolfSSL 0:1239e9b70ca2 6561
wolfSSL 0:1239e9b70ca2 6562
wolfSSL 0:1239e9b70ca2 6563 void CyaSSL_SHA1_Update(CYASSL_SHA_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6564 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6565 {
wolfSSL 0:1239e9b70ca2 6566 CYASSL_ENTER("SHA1_Update");
wolfSSL 0:1239e9b70ca2 6567 SHA_Update(sha, input, sz);
wolfSSL 0:1239e9b70ca2 6568 }
wolfSSL 0:1239e9b70ca2 6569
wolfSSL 0:1239e9b70ca2 6570
wolfSSL 0:1239e9b70ca2 6571 void CyaSSL_SHA1_Final(byte* input, CYASSL_SHA_CTX* sha)
wolfSSL 0:1239e9b70ca2 6572 {
wolfSSL 0:1239e9b70ca2 6573 CYASSL_ENTER("SHA1_Final");
wolfSSL 0:1239e9b70ca2 6574 SHA_Final(input, sha);
wolfSSL 0:1239e9b70ca2 6575 }
wolfSSL 0:1239e9b70ca2 6576
wolfSSL 0:1239e9b70ca2 6577
wolfSSL 0:1239e9b70ca2 6578 void CyaSSL_SHA256_Init(CYASSL_SHA256_CTX* sha256)
wolfSSL 0:1239e9b70ca2 6579 {
wolfSSL 0:1239e9b70ca2 6580 typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6581 (void)sizeof(sha_test);
wolfSSL 0:1239e9b70ca2 6582
wolfSSL 0:1239e9b70ca2 6583 CYASSL_ENTER("SHA256_Init");
wolfSSL 0:1239e9b70ca2 6584 InitSha256((Sha256*)sha256); /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6585 }
wolfSSL 0:1239e9b70ca2 6586
wolfSSL 0:1239e9b70ca2 6587
wolfSSL 0:1239e9b70ca2 6588 void CyaSSL_SHA256_Update(CYASSL_SHA256_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6589 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6590 {
wolfSSL 0:1239e9b70ca2 6591 CYASSL_ENTER("SHA256_Update");
wolfSSL 0:1239e9b70ca2 6592 Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6593 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6594 }
wolfSSL 0:1239e9b70ca2 6595
wolfSSL 0:1239e9b70ca2 6596
wolfSSL 0:1239e9b70ca2 6597 void CyaSSL_SHA256_Final(byte* input, CYASSL_SHA256_CTX* sha)
wolfSSL 0:1239e9b70ca2 6598 {
wolfSSL 0:1239e9b70ca2 6599 CYASSL_ENTER("SHA256_Final");
wolfSSL 0:1239e9b70ca2 6600 Sha256Final((Sha256*)sha, input);
wolfSSL 0:1239e9b70ca2 6601 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6602 }
wolfSSL 0:1239e9b70ca2 6603
wolfSSL 0:1239e9b70ca2 6604
wolfSSL 0:1239e9b70ca2 6605 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 6606
wolfSSL 0:1239e9b70ca2 6607 void CyaSSL_SHA384_Init(CYASSL_SHA384_CTX* sha)
wolfSSL 0:1239e9b70ca2 6608 {
wolfSSL 0:1239e9b70ca2 6609 typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6610 (void)sizeof(sha_test);
wolfSSL 0:1239e9b70ca2 6611
wolfSSL 0:1239e9b70ca2 6612 CYASSL_ENTER("SHA384_Init");
wolfSSL 0:1239e9b70ca2 6613 InitSha384((Sha384*)sha); /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6614 }
wolfSSL 0:1239e9b70ca2 6615
wolfSSL 0:1239e9b70ca2 6616
wolfSSL 0:1239e9b70ca2 6617 void CyaSSL_SHA384_Update(CYASSL_SHA384_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6618 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6619 {
wolfSSL 0:1239e9b70ca2 6620 CYASSL_ENTER("SHA384_Update");
wolfSSL 0:1239e9b70ca2 6621 Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6622 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6623 }
wolfSSL 0:1239e9b70ca2 6624
wolfSSL 0:1239e9b70ca2 6625
wolfSSL 0:1239e9b70ca2 6626 void CyaSSL_SHA384_Final(byte* input, CYASSL_SHA384_CTX* sha)
wolfSSL 0:1239e9b70ca2 6627 {
wolfSSL 0:1239e9b70ca2 6628 CYASSL_ENTER("SHA384_Final");
wolfSSL 0:1239e9b70ca2 6629 Sha384Final((Sha384*)sha, input);
wolfSSL 0:1239e9b70ca2 6630 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6631 }
wolfSSL 0:1239e9b70ca2 6632
wolfSSL 0:1239e9b70ca2 6633 #endif /* CYASSL_SHA384 */
wolfSSL 0:1239e9b70ca2 6634
wolfSSL 0:1239e9b70ca2 6635
wolfSSL 0:1239e9b70ca2 6636 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 6637
wolfSSL 0:1239e9b70ca2 6638 void CyaSSL_SHA512_Init(CYASSL_SHA512_CTX* sha)
wolfSSL 0:1239e9b70ca2 6639 {
wolfSSL 0:1239e9b70ca2 6640 typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6641 (void)sizeof(sha_test);
wolfSSL 0:1239e9b70ca2 6642
wolfSSL 0:1239e9b70ca2 6643 CYASSL_ENTER("SHA512_Init");
wolfSSL 0:1239e9b70ca2 6644 InitSha512((Sha512*)sha); /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6645 }
wolfSSL 0:1239e9b70ca2 6646
wolfSSL 0:1239e9b70ca2 6647
wolfSSL 0:1239e9b70ca2 6648 void CyaSSL_SHA512_Update(CYASSL_SHA512_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6649 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6650 {
wolfSSL 0:1239e9b70ca2 6651 CYASSL_ENTER("SHA512_Update");
wolfSSL 0:1239e9b70ca2 6652 Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6653 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6654 }
wolfSSL 0:1239e9b70ca2 6655
wolfSSL 0:1239e9b70ca2 6656
wolfSSL 0:1239e9b70ca2 6657 void CyaSSL_SHA512_Final(byte* input, CYASSL_SHA512_CTX* sha)
wolfSSL 0:1239e9b70ca2 6658 {
wolfSSL 0:1239e9b70ca2 6659 CYASSL_ENTER("SHA512_Final");
wolfSSL 0:1239e9b70ca2 6660 Sha512Final((Sha512*)sha, input);
wolfSSL 0:1239e9b70ca2 6661 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6662 }
wolfSSL 0:1239e9b70ca2 6663
wolfSSL 0:1239e9b70ca2 6664 #endif /* CYASSL_SHA512 */
wolfSSL 0:1239e9b70ca2 6665
wolfSSL 0:1239e9b70ca2 6666
wolfSSL 0:1239e9b70ca2 6667 const CYASSL_EVP_MD* CyaSSL_EVP_md5(void)
wolfSSL 0:1239e9b70ca2 6668 {
wolfSSL 0:1239e9b70ca2 6669 static const char* type = "MD5";
wolfSSL 0:1239e9b70ca2 6670 CYASSL_ENTER("EVP_md5");
wolfSSL 0:1239e9b70ca2 6671 return type;
wolfSSL 0:1239e9b70ca2 6672 }
wolfSSL 0:1239e9b70ca2 6673
wolfSSL 0:1239e9b70ca2 6674
wolfSSL 0:1239e9b70ca2 6675 const CYASSL_EVP_MD* CyaSSL_EVP_sha1(void)
wolfSSL 0:1239e9b70ca2 6676 {
wolfSSL 0:1239e9b70ca2 6677 static const char* type = "SHA";
wolfSSL 0:1239e9b70ca2 6678 CYASSL_ENTER("EVP_sha1");
wolfSSL 0:1239e9b70ca2 6679 return type;
wolfSSL 0:1239e9b70ca2 6680 }
wolfSSL 0:1239e9b70ca2 6681
wolfSSL 0:1239e9b70ca2 6682
wolfSSL 0:1239e9b70ca2 6683 const CYASSL_EVP_MD* CyaSSL_EVP_sha256(void)
wolfSSL 0:1239e9b70ca2 6684 {
wolfSSL 0:1239e9b70ca2 6685 static const char* type = "SHA256";
wolfSSL 0:1239e9b70ca2 6686 CYASSL_ENTER("EVP_sha256");
wolfSSL 0:1239e9b70ca2 6687 return type;
wolfSSL 0:1239e9b70ca2 6688 }
wolfSSL 0:1239e9b70ca2 6689
wolfSSL 0:1239e9b70ca2 6690 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 6691
wolfSSL 0:1239e9b70ca2 6692 const CYASSL_EVP_MD* CyaSSL_EVP_sha384(void)
wolfSSL 0:1239e9b70ca2 6693 {
wolfSSL 0:1239e9b70ca2 6694 static const char* type = "SHA384";
wolfSSL 0:1239e9b70ca2 6695 CYASSL_ENTER("EVP_sha384");
wolfSSL 0:1239e9b70ca2 6696 return type;
wolfSSL 0:1239e9b70ca2 6697 }
wolfSSL 0:1239e9b70ca2 6698
wolfSSL 0:1239e9b70ca2 6699 #endif /* CYASSL_SHA384 */
wolfSSL 0:1239e9b70ca2 6700
wolfSSL 0:1239e9b70ca2 6701 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 6702
wolfSSL 0:1239e9b70ca2 6703 const CYASSL_EVP_MD* CyaSSL_EVP_sha512(void)
wolfSSL 0:1239e9b70ca2 6704 {
wolfSSL 0:1239e9b70ca2 6705 static const char* type = "SHA512";
wolfSSL 0:1239e9b70ca2 6706 CYASSL_ENTER("EVP_sha512");
wolfSSL 0:1239e9b70ca2 6707 return type;
wolfSSL 0:1239e9b70ca2 6708 }
wolfSSL 0:1239e9b70ca2 6709
wolfSSL 0:1239e9b70ca2 6710 #endif /* CYASSL_SHA512 */
wolfSSL 0:1239e9b70ca2 6711
wolfSSL 0:1239e9b70ca2 6712
wolfSSL 0:1239e9b70ca2 6713 void CyaSSL_EVP_MD_CTX_init(CYASSL_EVP_MD_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6714 {
wolfSSL 0:1239e9b70ca2 6715 CYASSL_ENTER("EVP_CIPHER_MD_CTX_init");
wolfSSL 0:1239e9b70ca2 6716 (void)ctx;
wolfSSL 0:1239e9b70ca2 6717 /* do nothing */
wolfSSL 0:1239e9b70ca2 6718 }
wolfSSL 0:1239e9b70ca2 6719
wolfSSL 0:1239e9b70ca2 6720
wolfSSL 0:1239e9b70ca2 6721 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_cbc(void)
wolfSSL 0:1239e9b70ca2 6722 {
wolfSSL 0:1239e9b70ca2 6723 static const char* type = "AES128-CBC";
wolfSSL 0:1239e9b70ca2 6724 CYASSL_ENTER("CyaSSL_EVP_aes_128_cbc");
wolfSSL 0:1239e9b70ca2 6725 return type;
wolfSSL 0:1239e9b70ca2 6726 }
wolfSSL 0:1239e9b70ca2 6727
wolfSSL 0:1239e9b70ca2 6728
wolfSSL 0:1239e9b70ca2 6729 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_cbc(void)
wolfSSL 0:1239e9b70ca2 6730 {
wolfSSL 0:1239e9b70ca2 6731 static const char* type = "AES192-CBC";
wolfSSL 0:1239e9b70ca2 6732 CYASSL_ENTER("CyaSSL_EVP_aes_192_cbc");
wolfSSL 0:1239e9b70ca2 6733 return type;
wolfSSL 0:1239e9b70ca2 6734 }
wolfSSL 0:1239e9b70ca2 6735
wolfSSL 0:1239e9b70ca2 6736
wolfSSL 0:1239e9b70ca2 6737 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_cbc(void)
wolfSSL 0:1239e9b70ca2 6738 {
wolfSSL 0:1239e9b70ca2 6739 static const char* type = "AES256-CBC";
wolfSSL 0:1239e9b70ca2 6740 CYASSL_ENTER("CyaSSL_EVP_aes_256_cbc");
wolfSSL 0:1239e9b70ca2 6741 return type;
wolfSSL 0:1239e9b70ca2 6742 }
wolfSSL 0:1239e9b70ca2 6743
wolfSSL 0:1239e9b70ca2 6744
wolfSSL 0:1239e9b70ca2 6745 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_ctr(void)
wolfSSL 0:1239e9b70ca2 6746 {
wolfSSL 0:1239e9b70ca2 6747 static const char* type = "AES128-CTR";
wolfSSL 0:1239e9b70ca2 6748 CYASSL_ENTER("CyaSSL_EVP_aes_128_ctr");
wolfSSL 0:1239e9b70ca2 6749 return type;
wolfSSL 0:1239e9b70ca2 6750 }
wolfSSL 0:1239e9b70ca2 6751
wolfSSL 0:1239e9b70ca2 6752
wolfSSL 0:1239e9b70ca2 6753 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_ctr(void)
wolfSSL 0:1239e9b70ca2 6754 {
wolfSSL 0:1239e9b70ca2 6755 static const char* type = "AES192-CTR";
wolfSSL 0:1239e9b70ca2 6756 CYASSL_ENTER("CyaSSL_EVP_aes_192_ctr");
wolfSSL 0:1239e9b70ca2 6757 return type;
wolfSSL 0:1239e9b70ca2 6758 }
wolfSSL 0:1239e9b70ca2 6759
wolfSSL 0:1239e9b70ca2 6760
wolfSSL 0:1239e9b70ca2 6761 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_ctr(void)
wolfSSL 0:1239e9b70ca2 6762 {
wolfSSL 0:1239e9b70ca2 6763 static const char* type = "AES256-CTR";
wolfSSL 0:1239e9b70ca2 6764 CYASSL_ENTER("CyaSSL_EVP_aes_256_ctr");
wolfSSL 0:1239e9b70ca2 6765 return type;
wolfSSL 0:1239e9b70ca2 6766 }
wolfSSL 0:1239e9b70ca2 6767
wolfSSL 0:1239e9b70ca2 6768
wolfSSL 0:1239e9b70ca2 6769 const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_cbc(void)
wolfSSL 0:1239e9b70ca2 6770 {
wolfSSL 0:1239e9b70ca2 6771 static const char* type = "DES-CBC";
wolfSSL 0:1239e9b70ca2 6772 CYASSL_ENTER("CyaSSL_EVP_des_cbc");
wolfSSL 0:1239e9b70ca2 6773 return type;
wolfSSL 0:1239e9b70ca2 6774 }
wolfSSL 0:1239e9b70ca2 6775
wolfSSL 0:1239e9b70ca2 6776
wolfSSL 0:1239e9b70ca2 6777 const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_ede3_cbc(void)
wolfSSL 0:1239e9b70ca2 6778 {
wolfSSL 0:1239e9b70ca2 6779 static const char* type = "DES-EDE3-CBC";
wolfSSL 0:1239e9b70ca2 6780 CYASSL_ENTER("CyaSSL_EVP_des_ede3_cbc");
wolfSSL 0:1239e9b70ca2 6781 return type;
wolfSSL 0:1239e9b70ca2 6782 }
wolfSSL 0:1239e9b70ca2 6783
wolfSSL 0:1239e9b70ca2 6784
wolfSSL 0:1239e9b70ca2 6785 const CYASSL_EVP_CIPHER* CyaSSL_EVP_rc4(void)
wolfSSL 0:1239e9b70ca2 6786 {
wolfSSL 0:1239e9b70ca2 6787 static const char* type = "ARC4";
wolfSSL 0:1239e9b70ca2 6788 CYASSL_ENTER("CyaSSL_EVP_rc4");
wolfSSL 0:1239e9b70ca2 6789 return type;
wolfSSL 0:1239e9b70ca2 6790 }
wolfSSL 0:1239e9b70ca2 6791
wolfSSL 0:1239e9b70ca2 6792
wolfSSL 0:1239e9b70ca2 6793 const CYASSL_EVP_CIPHER* CyaSSL_EVP_enc_null(void)
wolfSSL 0:1239e9b70ca2 6794 {
wolfSSL 0:1239e9b70ca2 6795 static const char* type = "NULL";
wolfSSL 0:1239e9b70ca2 6796 CYASSL_ENTER("CyaSSL_EVP_enc_null");
wolfSSL 0:1239e9b70ca2 6797 return type;
wolfSSL 0:1239e9b70ca2 6798 }
wolfSSL 0:1239e9b70ca2 6799
wolfSSL 0:1239e9b70ca2 6800
wolfSSL 0:1239e9b70ca2 6801 int CyaSSL_EVP_MD_CTX_cleanup(CYASSL_EVP_MD_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6802 {
wolfSSL 0:1239e9b70ca2 6803 CYASSL_ENTER("EVP_MD_CTX_cleanup");
wolfSSL 0:1239e9b70ca2 6804 (void)ctx;
wolfSSL 0:1239e9b70ca2 6805 return 0;
wolfSSL 0:1239e9b70ca2 6806 }
wolfSSL 0:1239e9b70ca2 6807
wolfSSL 0:1239e9b70ca2 6808
wolfSSL 0:1239e9b70ca2 6809
wolfSSL 0:1239e9b70ca2 6810 void CyaSSL_EVP_CIPHER_CTX_init(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6811 {
wolfSSL 0:1239e9b70ca2 6812 CYASSL_ENTER("EVP_CIPHER_CTX_init");
wolfSSL 0:1239e9b70ca2 6813 if (ctx) {
wolfSSL 0:1239e9b70ca2 6814 ctx->cipherType = 0xff; /* no init */
wolfSSL 0:1239e9b70ca2 6815 ctx->keyLen = 0;
wolfSSL 0:1239e9b70ca2 6816 ctx->enc = 1; /* start in encrypt mode */
wolfSSL 0:1239e9b70ca2 6817 }
wolfSSL 0:1239e9b70ca2 6818 }
wolfSSL 0:1239e9b70ca2 6819
wolfSSL 0:1239e9b70ca2 6820
wolfSSL 0:1239e9b70ca2 6821 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 6822 int CyaSSL_EVP_CIPHER_CTX_cleanup(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6823 {
wolfSSL 0:1239e9b70ca2 6824 CYASSL_ENTER("EVP_CIPHER_CTX_cleanup");
wolfSSL 0:1239e9b70ca2 6825 if (ctx) {
wolfSSL 0:1239e9b70ca2 6826 ctx->cipherType = 0xff; /* no more init */
wolfSSL 0:1239e9b70ca2 6827 ctx->keyLen = 0;
wolfSSL 0:1239e9b70ca2 6828 }
wolfSSL 0:1239e9b70ca2 6829
wolfSSL 0:1239e9b70ca2 6830 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 6831 }
wolfSSL 0:1239e9b70ca2 6832
wolfSSL 0:1239e9b70ca2 6833
wolfSSL 0:1239e9b70ca2 6834 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 6835 int CyaSSL_EVP_CipherInit(CYASSL_EVP_CIPHER_CTX* ctx,
wolfSSL 0:1239e9b70ca2 6836 const CYASSL_EVP_CIPHER* type, byte* key,
wolfSSL 0:1239e9b70ca2 6837 byte* iv, int enc)
wolfSSL 0:1239e9b70ca2 6838 {
wolfSSL 0:1239e9b70ca2 6839 int ret = 0;
wolfSSL 0:1239e9b70ca2 6840
wolfSSL 0:1239e9b70ca2 6841 CYASSL_ENTER("CyaSSL_EVP_CipherInit");
wolfSSL 0:1239e9b70ca2 6842 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 6843 CYASSL_MSG("no ctx");
wolfSSL 0:1239e9b70ca2 6844 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 6845 }
wolfSSL 0:1239e9b70ca2 6846
wolfSSL 0:1239e9b70ca2 6847 if (type == NULL && ctx->cipherType == 0xff) {
wolfSSL 0:1239e9b70ca2 6848 CYASSL_MSG("no type set");
wolfSSL 0:1239e9b70ca2 6849 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 6850 }
wolfSSL 0:1239e9b70ca2 6851
wolfSSL 0:1239e9b70ca2 6852 if (ctx->cipherType == AES_128_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6853 XSTRNCMP(type, "AES128-CBC", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6854 CYASSL_MSG("AES-128-CBC");
wolfSSL 0:1239e9b70ca2 6855 ctx->cipherType = AES_128_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6856 ctx->keyLen = 16;
wolfSSL 0:1239e9b70ca2 6857 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6858 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6859 if (key) {
wolfSSL 0:1239e9b70ca2 6860 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6861 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6862 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6863 return ret;
wolfSSL 0:1239e9b70ca2 6864 }
wolfSSL 0:1239e9b70ca2 6865 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6866 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6867 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6868 return ret;
wolfSSL 0:1239e9b70ca2 6869 }
wolfSSL 0:1239e9b70ca2 6870 }
wolfSSL 0:1239e9b70ca2 6871 else if (ctx->cipherType == AES_192_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6872 XSTRNCMP(type, "AES192-CBC", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6873 CYASSL_MSG("AES-192-CBC");
wolfSSL 0:1239e9b70ca2 6874 ctx->cipherType = AES_192_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6875 ctx->keyLen = 24;
wolfSSL 0:1239e9b70ca2 6876 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6877 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6878 if (key) {
wolfSSL 0:1239e9b70ca2 6879 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6880 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6881 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6882 return ret;
wolfSSL 0:1239e9b70ca2 6883 }
wolfSSL 0:1239e9b70ca2 6884 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6885 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6886 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6887 return ret;
wolfSSL 0:1239e9b70ca2 6888 }
wolfSSL 0:1239e9b70ca2 6889 }
wolfSSL 0:1239e9b70ca2 6890 else if (ctx->cipherType == AES_256_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6891 XSTRNCMP(type, "AES256-CBC", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6892 CYASSL_MSG("AES-256-CBC");
wolfSSL 0:1239e9b70ca2 6893 ctx->cipherType = AES_256_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6894 ctx->keyLen = 32;
wolfSSL 0:1239e9b70ca2 6895 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6896 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6897 if (key) {
wolfSSL 0:1239e9b70ca2 6898 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6899 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6900 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6901 return ret;
wolfSSL 0:1239e9b70ca2 6902 }
wolfSSL 0:1239e9b70ca2 6903 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6904 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6905 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6906 return ret;
wolfSSL 0:1239e9b70ca2 6907 }
wolfSSL 0:1239e9b70ca2 6908 }
wolfSSL 0:1239e9b70ca2 6909 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 6910 else if (ctx->cipherType == AES_128_CTR_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6911 XSTRNCMP(type, "AES128-CTR", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6912 CYASSL_MSG("AES-128-CTR");
wolfSSL 0:1239e9b70ca2 6913 ctx->cipherType = AES_128_CTR_TYPE;
wolfSSL 0:1239e9b70ca2 6914 ctx->keyLen = 16;
wolfSSL 0:1239e9b70ca2 6915 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6916 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6917 if (key) {
wolfSSL 0:1239e9b70ca2 6918 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6919 AES_ENCRYPTION);
wolfSSL 0:1239e9b70ca2 6920 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6921 return ret;
wolfSSL 0:1239e9b70ca2 6922 }
wolfSSL 0:1239e9b70ca2 6923 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6924 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6925 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6926 return ret;
wolfSSL 0:1239e9b70ca2 6927 }
wolfSSL 0:1239e9b70ca2 6928 }
wolfSSL 0:1239e9b70ca2 6929 else if (ctx->cipherType == AES_192_CTR_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6930 XSTRNCMP(type, "AES192-CTR", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6931 CYASSL_MSG("AES-192-CTR");
wolfSSL 0:1239e9b70ca2 6932 ctx->cipherType = AES_192_CTR_TYPE;
wolfSSL 0:1239e9b70ca2 6933 ctx->keyLen = 24;
wolfSSL 0:1239e9b70ca2 6934 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6935 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6936 if (key) {
wolfSSL 0:1239e9b70ca2 6937 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6938 AES_ENCRYPTION);
wolfSSL 0:1239e9b70ca2 6939 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6940 return ret;
wolfSSL 0:1239e9b70ca2 6941 }
wolfSSL 0:1239e9b70ca2 6942 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6943 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6944 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6945 return ret;
wolfSSL 0:1239e9b70ca2 6946 }
wolfSSL 0:1239e9b70ca2 6947 }
wolfSSL 0:1239e9b70ca2 6948 else if (ctx->cipherType == AES_256_CTR_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6949 XSTRNCMP(type, "AES256-CTR", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6950 CYASSL_MSG("AES-256-CTR");
wolfSSL 0:1239e9b70ca2 6951 ctx->cipherType = AES_256_CTR_TYPE;
wolfSSL 0:1239e9b70ca2 6952 ctx->keyLen = 32;
wolfSSL 0:1239e9b70ca2 6953 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6954 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6955 if (key) {
wolfSSL 0:1239e9b70ca2 6956 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6957 AES_ENCRYPTION);
wolfSSL 0:1239e9b70ca2 6958 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6959 return ret;
wolfSSL 0:1239e9b70ca2 6960 }
wolfSSL 0:1239e9b70ca2 6961 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6962 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6963 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6964 return ret;
wolfSSL 0:1239e9b70ca2 6965 }
wolfSSL 0:1239e9b70ca2 6966 }
wolfSSL 0:1239e9b70ca2 6967 #endif /* CYASSL_AES_CTR */
wolfSSL 0:1239e9b70ca2 6968 else if (ctx->cipherType == DES_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6969 XSTRNCMP(type, "DES-CBC", 7) == 0)) {
wolfSSL 0:1239e9b70ca2 6970 CYASSL_MSG("DES-CBC");
wolfSSL 0:1239e9b70ca2 6971 ctx->cipherType = DES_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6972 ctx->keyLen = 8;
wolfSSL 0:1239e9b70ca2 6973 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6974 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6975 if (key) {
wolfSSL 0:1239e9b70ca2 6976 ret = Des_SetKey(&ctx->cipher.des, key, iv,
wolfSSL 0:1239e9b70ca2 6977 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6978 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6979 return ret;
wolfSSL 0:1239e9b70ca2 6980 }
wolfSSL 0:1239e9b70ca2 6981
wolfSSL 0:1239e9b70ca2 6982 if (iv && key == NULL)
wolfSSL 0:1239e9b70ca2 6983 Des_SetIV(&ctx->cipher.des, iv);
wolfSSL 0:1239e9b70ca2 6984 }
wolfSSL 0:1239e9b70ca2 6985 else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6986 XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) {
wolfSSL 0:1239e9b70ca2 6987 CYASSL_MSG("DES-EDE3-CBC");
wolfSSL 0:1239e9b70ca2 6988 ctx->cipherType = DES_EDE3_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6989 ctx->keyLen = 24;
wolfSSL 0:1239e9b70ca2 6990 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6991 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6992 if (key) {
wolfSSL 0:1239e9b70ca2 6993 ret = Des3_SetKey(&ctx->cipher.des3, key, iv,
wolfSSL 0:1239e9b70ca2 6994 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6995 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6996 return ret;
wolfSSL 0:1239e9b70ca2 6997 }
wolfSSL 0:1239e9b70ca2 6998
wolfSSL 0:1239e9b70ca2 6999 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 7000 ret = Des3_SetIV(&ctx->cipher.des3, iv);
wolfSSL 0:1239e9b70ca2 7001 if (ret != 0)
wolfSSL 0:1239e9b70ca2 7002 return ret;
wolfSSL 0:1239e9b70ca2 7003 }
wolfSSL 0:1239e9b70ca2 7004 }
wolfSSL 0:1239e9b70ca2 7005 else if (ctx->cipherType == ARC4_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 7006 XSTRNCMP(type, "ARC4", 4) == 0)) {
wolfSSL 0:1239e9b70ca2 7007 CYASSL_MSG("ARC4");
wolfSSL 0:1239e9b70ca2 7008 ctx->cipherType = ARC4_TYPE;
wolfSSL 0:1239e9b70ca2 7009 if (ctx->keyLen == 0) /* user may have already set */
wolfSSL 0:1239e9b70ca2 7010 ctx->keyLen = 16; /* default to 128 */
wolfSSL 0:1239e9b70ca2 7011 if (key)
wolfSSL 0:1239e9b70ca2 7012 Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
wolfSSL 0:1239e9b70ca2 7013 }
wolfSSL 0:1239e9b70ca2 7014 else if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 7015 XSTRNCMP(type, "NULL", 4) == 0)) {
wolfSSL 0:1239e9b70ca2 7016 CYASSL_MSG("NULL cipher");
wolfSSL 0:1239e9b70ca2 7017 ctx->cipherType = NULL_CIPHER_TYPE;
wolfSSL 0:1239e9b70ca2 7018 ctx->keyLen = 0;
wolfSSL 0:1239e9b70ca2 7019 }
wolfSSL 0:1239e9b70ca2 7020 else
wolfSSL 0:1239e9b70ca2 7021 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7022
wolfSSL 0:1239e9b70ca2 7023
wolfSSL 0:1239e9b70ca2 7024 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7025 }
wolfSSL 0:1239e9b70ca2 7026
wolfSSL 0:1239e9b70ca2 7027
wolfSSL 0:1239e9b70ca2 7028 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7029 int CyaSSL_EVP_CIPHER_CTX_key_length(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7030 {
wolfSSL 0:1239e9b70ca2 7031 CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_key_length");
wolfSSL 0:1239e9b70ca2 7032 if (ctx)
wolfSSL 0:1239e9b70ca2 7033 return ctx->keyLen;
wolfSSL 0:1239e9b70ca2 7034
wolfSSL 0:1239e9b70ca2 7035 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7036 }
wolfSSL 0:1239e9b70ca2 7037
wolfSSL 0:1239e9b70ca2 7038
wolfSSL 0:1239e9b70ca2 7039 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7040 int CyaSSL_EVP_CIPHER_CTX_set_key_length(CYASSL_EVP_CIPHER_CTX* ctx,
wolfSSL 0:1239e9b70ca2 7041 int keylen)
wolfSSL 0:1239e9b70ca2 7042 {
wolfSSL 0:1239e9b70ca2 7043 CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_set_key_length");
wolfSSL 0:1239e9b70ca2 7044 if (ctx)
wolfSSL 0:1239e9b70ca2 7045 ctx->keyLen = keylen;
wolfSSL 0:1239e9b70ca2 7046 else
wolfSSL 0:1239e9b70ca2 7047 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7048
wolfSSL 0:1239e9b70ca2 7049 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7050 }
wolfSSL 0:1239e9b70ca2 7051
wolfSSL 0:1239e9b70ca2 7052
wolfSSL 0:1239e9b70ca2 7053 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7054 int CyaSSL_EVP_Cipher(CYASSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
wolfSSL 0:1239e9b70ca2 7055 word32 len)
wolfSSL 0:1239e9b70ca2 7056 {
wolfSSL 0:1239e9b70ca2 7057 int ret = 0;
wolfSSL 0:1239e9b70ca2 7058 CYASSL_ENTER("CyaSSL_EVP_Cipher");
wolfSSL 0:1239e9b70ca2 7059
wolfSSL 0:1239e9b70ca2 7060 if (ctx == NULL || dst == NULL || src == NULL) {
wolfSSL 0:1239e9b70ca2 7061 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 7062 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7063 }
wolfSSL 0:1239e9b70ca2 7064
wolfSSL 0:1239e9b70ca2 7065 if (ctx->cipherType == 0xff) {
wolfSSL 0:1239e9b70ca2 7066 CYASSL_MSG("no init");
wolfSSL 0:1239e9b70ca2 7067 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7068 }
wolfSSL 0:1239e9b70ca2 7069
wolfSSL 0:1239e9b70ca2 7070 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 7071
wolfSSL 0:1239e9b70ca2 7072 case AES_128_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7073 case AES_192_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7074 case AES_256_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7075 CYASSL_MSG("AES CBC");
wolfSSL 0:1239e9b70ca2 7076 if (ctx->enc)
wolfSSL 0:1239e9b70ca2 7077 ret = AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 0:1239e9b70ca2 7078 else
wolfSSL 0:1239e9b70ca2 7079 ret = AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 0:1239e9b70ca2 7080 break;
wolfSSL 0:1239e9b70ca2 7081
wolfSSL 0:1239e9b70ca2 7082 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 7083 case AES_128_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7084 case AES_192_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7085 case AES_256_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7086 CYASSL_MSG("AES CTR");
wolfSSL 0:1239e9b70ca2 7087 AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 0:1239e9b70ca2 7088 break;
wolfSSL 0:1239e9b70ca2 7089 #endif
wolfSSL 0:1239e9b70ca2 7090
wolfSSL 0:1239e9b70ca2 7091 case DES_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7092 if (ctx->enc)
wolfSSL 0:1239e9b70ca2 7093 Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 0:1239e9b70ca2 7094 else
wolfSSL 0:1239e9b70ca2 7095 Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 0:1239e9b70ca2 7096 break;
wolfSSL 0:1239e9b70ca2 7097
wolfSSL 0:1239e9b70ca2 7098 case DES_EDE3_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7099 if (ctx->enc)
wolfSSL 0:1239e9b70ca2 7100 ret = Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 0:1239e9b70ca2 7101 else
wolfSSL 0:1239e9b70ca2 7102 ret = Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 0:1239e9b70ca2 7103 break;
wolfSSL 0:1239e9b70ca2 7104
wolfSSL 0:1239e9b70ca2 7105 case ARC4_TYPE :
wolfSSL 0:1239e9b70ca2 7106 Arc4Process(&ctx->cipher.arc4, dst, src, len);
wolfSSL 0:1239e9b70ca2 7107 break;
wolfSSL 0:1239e9b70ca2 7108
wolfSSL 0:1239e9b70ca2 7109 case NULL_CIPHER_TYPE :
wolfSSL 0:1239e9b70ca2 7110 XMEMCPY(dst, src, len);
wolfSSL 0:1239e9b70ca2 7111 break;
wolfSSL 0:1239e9b70ca2 7112
wolfSSL 0:1239e9b70ca2 7113 default: {
wolfSSL 0:1239e9b70ca2 7114 CYASSL_MSG("bad type");
wolfSSL 0:1239e9b70ca2 7115 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7116 }
wolfSSL 0:1239e9b70ca2 7117 }
wolfSSL 0:1239e9b70ca2 7118
wolfSSL 0:1239e9b70ca2 7119 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 7120 CYASSL_MSG("CyaSSL_EVP_Cipher failure");
wolfSSL 0:1239e9b70ca2 7121 return 0; /* failuer */
wolfSSL 0:1239e9b70ca2 7122 }
wolfSSL 0:1239e9b70ca2 7123
wolfSSL 0:1239e9b70ca2 7124 CYASSL_MSG("CyaSSL_EVP_Cipher success");
wolfSSL 0:1239e9b70ca2 7125 return SSL_SUCCESS; /* success */
wolfSSL 0:1239e9b70ca2 7126 }
wolfSSL 0:1239e9b70ca2 7127
wolfSSL 0:1239e9b70ca2 7128
wolfSSL 0:1239e9b70ca2 7129 /* store for external read of iv, SSL_SUCCESS on success */
wolfSSL 0:1239e9b70ca2 7130 int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7131 {
wolfSSL 0:1239e9b70ca2 7132 CYASSL_ENTER("CyaSSL_StoreExternalIV");
wolfSSL 0:1239e9b70ca2 7133
wolfSSL 0:1239e9b70ca2 7134 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 7135 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 7136 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7137 }
wolfSSL 0:1239e9b70ca2 7138
wolfSSL 0:1239e9b70ca2 7139 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 7140
wolfSSL 0:1239e9b70ca2 7141 case AES_128_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7142 case AES_192_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7143 case AES_256_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7144 CYASSL_MSG("AES CBC");
wolfSSL 0:1239e9b70ca2 7145 memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7146 break;
wolfSSL 0:1239e9b70ca2 7147
wolfSSL 0:1239e9b70ca2 7148 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 7149 case AES_128_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7150 case AES_192_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7151 case AES_256_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7152 CYASSL_MSG("AES CTR");
wolfSSL 0:1239e9b70ca2 7153 memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7154 break;
wolfSSL 0:1239e9b70ca2 7155 #endif
wolfSSL 0:1239e9b70ca2 7156
wolfSSL 0:1239e9b70ca2 7157 case DES_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7158 CYASSL_MSG("DES CBC");
wolfSSL 0:1239e9b70ca2 7159 memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7160 break;
wolfSSL 0:1239e9b70ca2 7161
wolfSSL 0:1239e9b70ca2 7162 case DES_EDE3_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7163 CYASSL_MSG("DES EDE3 CBC");
wolfSSL 0:1239e9b70ca2 7164 memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7165 break;
wolfSSL 0:1239e9b70ca2 7166
wolfSSL 0:1239e9b70ca2 7167 case ARC4_TYPE :
wolfSSL 0:1239e9b70ca2 7168 CYASSL_MSG("ARC4");
wolfSSL 0:1239e9b70ca2 7169 break;
wolfSSL 0:1239e9b70ca2 7170
wolfSSL 0:1239e9b70ca2 7171 case NULL_CIPHER_TYPE :
wolfSSL 0:1239e9b70ca2 7172 CYASSL_MSG("NULL");
wolfSSL 0:1239e9b70ca2 7173 break;
wolfSSL 0:1239e9b70ca2 7174
wolfSSL 0:1239e9b70ca2 7175 default: {
wolfSSL 0:1239e9b70ca2 7176 CYASSL_MSG("bad type");
wolfSSL 0:1239e9b70ca2 7177 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7178 }
wolfSSL 0:1239e9b70ca2 7179 }
wolfSSL 0:1239e9b70ca2 7180 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7181 }
wolfSSL 0:1239e9b70ca2 7182
wolfSSL 0:1239e9b70ca2 7183
wolfSSL 0:1239e9b70ca2 7184 /* set internal IV from external, SSL_SUCCESS on success */
wolfSSL 0:1239e9b70ca2 7185 int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7186 {
wolfSSL 0:1239e9b70ca2 7187
wolfSSL 0:1239e9b70ca2 7188 CYASSL_ENTER("CyaSSL_SetInternalIV");
wolfSSL 0:1239e9b70ca2 7189
wolfSSL 0:1239e9b70ca2 7190 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 7191 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 7192 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7193 }
wolfSSL 0:1239e9b70ca2 7194
wolfSSL 0:1239e9b70ca2 7195 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 7196
wolfSSL 0:1239e9b70ca2 7197 case AES_128_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7198 case AES_192_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7199 case AES_256_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7200 CYASSL_MSG("AES CBC");
wolfSSL 0:1239e9b70ca2 7201 memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7202 break;
wolfSSL 0:1239e9b70ca2 7203
wolfSSL 0:1239e9b70ca2 7204 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 7205 case AES_128_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7206 case AES_192_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7207 case AES_256_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7208 CYASSL_MSG("AES CTR");
wolfSSL 0:1239e9b70ca2 7209 memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7210 break;
wolfSSL 0:1239e9b70ca2 7211 #endif
wolfSSL 0:1239e9b70ca2 7212
wolfSSL 0:1239e9b70ca2 7213 case DES_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7214 CYASSL_MSG("DES CBC");
wolfSSL 0:1239e9b70ca2 7215 memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7216 break;
wolfSSL 0:1239e9b70ca2 7217
wolfSSL 0:1239e9b70ca2 7218 case DES_EDE3_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7219 CYASSL_MSG("DES EDE3 CBC");
wolfSSL 0:1239e9b70ca2 7220 memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7221 break;
wolfSSL 0:1239e9b70ca2 7222
wolfSSL 0:1239e9b70ca2 7223 case ARC4_TYPE :
wolfSSL 0:1239e9b70ca2 7224 CYASSL_MSG("ARC4");
wolfSSL 0:1239e9b70ca2 7225 break;
wolfSSL 0:1239e9b70ca2 7226
wolfSSL 0:1239e9b70ca2 7227 case NULL_CIPHER_TYPE :
wolfSSL 0:1239e9b70ca2 7228 CYASSL_MSG("NULL");
wolfSSL 0:1239e9b70ca2 7229 break;
wolfSSL 0:1239e9b70ca2 7230
wolfSSL 0:1239e9b70ca2 7231 default: {
wolfSSL 0:1239e9b70ca2 7232 CYASSL_MSG("bad type");
wolfSSL 0:1239e9b70ca2 7233 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7234 }
wolfSSL 0:1239e9b70ca2 7235 }
wolfSSL 0:1239e9b70ca2 7236 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7237 }
wolfSSL 0:1239e9b70ca2 7238
wolfSSL 0:1239e9b70ca2 7239
wolfSSL 0:1239e9b70ca2 7240 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7241 int CyaSSL_EVP_DigestInit(CYASSL_EVP_MD_CTX* ctx, const CYASSL_EVP_MD* type)
wolfSSL 0:1239e9b70ca2 7242 {
wolfSSL 0:1239e9b70ca2 7243 CYASSL_ENTER("EVP_DigestInit");
wolfSSL 0:1239e9b70ca2 7244 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 0:1239e9b70ca2 7245 ctx->macType = MD5;
wolfSSL 0:1239e9b70ca2 7246 CyaSSL_MD5_Init((MD5_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7247 }
wolfSSL 0:1239e9b70ca2 7248 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 0:1239e9b70ca2 7249 ctx->macType = SHA256;
wolfSSL 0:1239e9b70ca2 7250 CyaSSL_SHA256_Init((SHA256_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7251 }
wolfSSL 0:1239e9b70ca2 7252 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 7253 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 0:1239e9b70ca2 7254 ctx->macType = SHA384;
wolfSSL 0:1239e9b70ca2 7255 CyaSSL_SHA384_Init((SHA384_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7256 }
wolfSSL 0:1239e9b70ca2 7257 #endif
wolfSSL 0:1239e9b70ca2 7258 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 7259 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 0:1239e9b70ca2 7260 ctx->macType = SHA512;
wolfSSL 0:1239e9b70ca2 7261 CyaSSL_SHA512_Init((SHA512_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7262 }
wolfSSL 0:1239e9b70ca2 7263 #endif
wolfSSL 0:1239e9b70ca2 7264 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 0:1239e9b70ca2 7265 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 0:1239e9b70ca2 7266 ctx->macType = SHA;
wolfSSL 0:1239e9b70ca2 7267 CyaSSL_SHA_Init((SHA_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7268 }
wolfSSL 0:1239e9b70ca2 7269 else
wolfSSL 0:1239e9b70ca2 7270 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 7271
wolfSSL 0:1239e9b70ca2 7272 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7273 }
wolfSSL 0:1239e9b70ca2 7274
wolfSSL 0:1239e9b70ca2 7275
wolfSSL 0:1239e9b70ca2 7276 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7277 int CyaSSL_EVP_DigestUpdate(CYASSL_EVP_MD_CTX* ctx, const void* data,
wolfSSL 0:1239e9b70ca2 7278 unsigned long sz)
wolfSSL 0:1239e9b70ca2 7279 {
wolfSSL 0:1239e9b70ca2 7280 CYASSL_ENTER("EVP_DigestUpdate");
wolfSSL 0:1239e9b70ca2 7281 if (ctx->macType == MD5)
wolfSSL 0:1239e9b70ca2 7282 CyaSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7283 else if (ctx->macType == SHA)
wolfSSL 0:1239e9b70ca2 7284 CyaSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7285 else if (ctx->macType == SHA256)
wolfSSL 0:1239e9b70ca2 7286 CyaSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
wolfSSL 0:1239e9b70ca2 7287 (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7288 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 7289 else if (ctx->macType == SHA384)
wolfSSL 0:1239e9b70ca2 7290 CyaSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
wolfSSL 0:1239e9b70ca2 7291 (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7292 #endif
wolfSSL 0:1239e9b70ca2 7293 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 7294 else if (ctx->macType == SHA512)
wolfSSL 0:1239e9b70ca2 7295 CyaSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
wolfSSL 0:1239e9b70ca2 7296 (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7297 #endif
wolfSSL 0:1239e9b70ca2 7298 else
wolfSSL 0:1239e9b70ca2 7299 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 7300
wolfSSL 0:1239e9b70ca2 7301 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7302 }
wolfSSL 0:1239e9b70ca2 7303
wolfSSL 0:1239e9b70ca2 7304
wolfSSL 0:1239e9b70ca2 7305 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7306 int CyaSSL_EVP_DigestFinal(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 0:1239e9b70ca2 7307 unsigned int* s)
wolfSSL 0:1239e9b70ca2 7308 {
wolfSSL 0:1239e9b70ca2 7309 CYASSL_ENTER("EVP_DigestFinal");
wolfSSL 0:1239e9b70ca2 7310 if (ctx->macType == MD5) {
wolfSSL 0:1239e9b70ca2 7311 CyaSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7312 if (s) *s = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7313 }
wolfSSL 0:1239e9b70ca2 7314 else if (ctx->macType == SHA) {
wolfSSL 0:1239e9b70ca2 7315 CyaSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7316 if (s) *s = SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7317 }
wolfSSL 0:1239e9b70ca2 7318 else if (ctx->macType == SHA256) {
wolfSSL 0:1239e9b70ca2 7319 CyaSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7320 if (s) *s = SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7321 }
wolfSSL 0:1239e9b70ca2 7322 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 7323 else if (ctx->macType == SHA384) {
wolfSSL 0:1239e9b70ca2 7324 CyaSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7325 if (s) *s = SHA384_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7326 }
wolfSSL 0:1239e9b70ca2 7327 #endif
wolfSSL 0:1239e9b70ca2 7328 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 7329 else if (ctx->macType == SHA512) {
wolfSSL 0:1239e9b70ca2 7330 CyaSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7331 if (s) *s = SHA512_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7332 }
wolfSSL 0:1239e9b70ca2 7333 #endif
wolfSSL 0:1239e9b70ca2 7334 else
wolfSSL 0:1239e9b70ca2 7335 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 7336
wolfSSL 0:1239e9b70ca2 7337 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7338 }
wolfSSL 0:1239e9b70ca2 7339
wolfSSL 0:1239e9b70ca2 7340
wolfSSL 0:1239e9b70ca2 7341 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7342 int CyaSSL_EVP_DigestFinal_ex(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 0:1239e9b70ca2 7343 unsigned int* s)
wolfSSL 0:1239e9b70ca2 7344 {
wolfSSL 0:1239e9b70ca2 7345 CYASSL_ENTER("EVP_DigestFinal_ex");
wolfSSL 0:1239e9b70ca2 7346 return EVP_DigestFinal(ctx, md, s);
wolfSSL 0:1239e9b70ca2 7347 }
wolfSSL 0:1239e9b70ca2 7348
wolfSSL 0:1239e9b70ca2 7349
wolfSSL 0:1239e9b70ca2 7350 unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md, const void* key,
wolfSSL 0:1239e9b70ca2 7351 int key_len, const unsigned char* d, int n,
wolfSSL 0:1239e9b70ca2 7352 unsigned char* md, unsigned int* md_len)
wolfSSL 0:1239e9b70ca2 7353 {
wolfSSL 0:1239e9b70ca2 7354 Hmac hmac;
wolfSSL 0:1239e9b70ca2 7355
wolfSSL 0:1239e9b70ca2 7356 CYASSL_ENTER("HMAC");
wolfSSL 0:1239e9b70ca2 7357 if (!md) return NULL; /* no static buffer support */
wolfSSL 0:1239e9b70ca2 7358
wolfSSL 0:1239e9b70ca2 7359 if (XSTRNCMP(evp_md, "MD5", 3) == 0) {
wolfSSL 0:1239e9b70ca2 7360 if (HmacSetKey(&hmac, MD5, (const byte*)key, key_len) != 0)
wolfSSL 0:1239e9b70ca2 7361 return NULL;
wolfSSL 0:1239e9b70ca2 7362
wolfSSL 0:1239e9b70ca2 7363 if (md_len) *md_len = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7364 }
wolfSSL 0:1239e9b70ca2 7365 else if (XSTRNCMP(evp_md, "SHA", 3) == 0) {
wolfSSL 0:1239e9b70ca2 7366 if (HmacSetKey(&hmac, SHA, (const byte*)key, key_len) != 0)
wolfSSL 0:1239e9b70ca2 7367 return NULL;
wolfSSL 0:1239e9b70ca2 7368
wolfSSL 0:1239e9b70ca2 7369 if (md_len) *md_len = SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7370 }
wolfSSL 0:1239e9b70ca2 7371 else
wolfSSL 0:1239e9b70ca2 7372 return NULL;
wolfSSL 0:1239e9b70ca2 7373
wolfSSL 0:1239e9b70ca2 7374 if (HmacUpdate(&hmac, d, n) != 0)
wolfSSL 0:1239e9b70ca2 7375 return NULL;
wolfSSL 0:1239e9b70ca2 7376
wolfSSL 0:1239e9b70ca2 7377 if (HmacFinal(&hmac, md) != 0)
wolfSSL 0:1239e9b70ca2 7378 return NULL;
wolfSSL 0:1239e9b70ca2 7379
wolfSSL 0:1239e9b70ca2 7380 return md;
wolfSSL 0:1239e9b70ca2 7381 }
wolfSSL 0:1239e9b70ca2 7382
wolfSSL 0:1239e9b70ca2 7383 void CyaSSL_ERR_clear_error(void)
wolfSSL 0:1239e9b70ca2 7384 {
wolfSSL 0:1239e9b70ca2 7385 /* TODO: */
wolfSSL 0:1239e9b70ca2 7386 }
wolfSSL 0:1239e9b70ca2 7387
wolfSSL 0:1239e9b70ca2 7388
wolfSSL 0:1239e9b70ca2 7389 int CyaSSL_RAND_status(void)
wolfSSL 0:1239e9b70ca2 7390 {
wolfSSL 0:1239e9b70ca2 7391 return SSL_SUCCESS; /* CTaoCrypt provides enough seed internally */
wolfSSL 0:1239e9b70ca2 7392 }
wolfSSL 0:1239e9b70ca2 7393
wolfSSL 0:1239e9b70ca2 7394
wolfSSL 0:1239e9b70ca2 7395
wolfSSL 0:1239e9b70ca2 7396 void CyaSSL_RAND_add(const void* add, int len, double entropy)
wolfSSL 0:1239e9b70ca2 7397 {
wolfSSL 0:1239e9b70ca2 7398 (void)add;
wolfSSL 0:1239e9b70ca2 7399 (void)len;
wolfSSL 0:1239e9b70ca2 7400 (void)entropy;
wolfSSL 0:1239e9b70ca2 7401
wolfSSL 0:1239e9b70ca2 7402 /* CyaSSL seeds/adds internally, use explicit RNG if you want
wolfSSL 0:1239e9b70ca2 7403 to take control */
wolfSSL 0:1239e9b70ca2 7404 }
wolfSSL 0:1239e9b70ca2 7405
wolfSSL 0:1239e9b70ca2 7406
wolfSSL 0:1239e9b70ca2 7407 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7408 int CyaSSL_DES_key_sched(CYASSL_const_DES_cblock* key,
wolfSSL 0:1239e9b70ca2 7409 CYASSL_DES_key_schedule* schedule)
wolfSSL 0:1239e9b70ca2 7410 {
wolfSSL 0:1239e9b70ca2 7411 CYASSL_ENTER("DES_key_sched");
wolfSSL 0:1239e9b70ca2 7412 XMEMCPY(schedule, key, sizeof(const_DES_cblock));
wolfSSL 0:1239e9b70ca2 7413 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7414 }
wolfSSL 0:1239e9b70ca2 7415
wolfSSL 0:1239e9b70ca2 7416
wolfSSL 0:1239e9b70ca2 7417 void CyaSSL_DES_cbc_encrypt(const unsigned char* input,
wolfSSL 0:1239e9b70ca2 7418 unsigned char* output, long length,
wolfSSL 0:1239e9b70ca2 7419 CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
wolfSSL 0:1239e9b70ca2 7420 int enc)
wolfSSL 0:1239e9b70ca2 7421 {
wolfSSL 0:1239e9b70ca2 7422 Des myDes;
wolfSSL 0:1239e9b70ca2 7423
wolfSSL 0:1239e9b70ca2 7424 CYASSL_ENTER("DES_cbc_encrypt");
wolfSSL 0:1239e9b70ca2 7425
wolfSSL 0:1239e9b70ca2 7426 /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 7427 Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 0:1239e9b70ca2 7428
wolfSSL 0:1239e9b70ca2 7429 if (enc)
wolfSSL 0:1239e9b70ca2 7430 Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 0:1239e9b70ca2 7431 else
wolfSSL 0:1239e9b70ca2 7432 Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 0:1239e9b70ca2 7433 }
wolfSSL 0:1239e9b70ca2 7434
wolfSSL 0:1239e9b70ca2 7435
wolfSSL 0:1239e9b70ca2 7436 /* correctly sets ivec for next call */
wolfSSL 0:1239e9b70ca2 7437 void CyaSSL_DES_ncbc_encrypt(const unsigned char* input,
wolfSSL 0:1239e9b70ca2 7438 unsigned char* output, long length,
wolfSSL 0:1239e9b70ca2 7439 CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
wolfSSL 0:1239e9b70ca2 7440 int enc)
wolfSSL 0:1239e9b70ca2 7441 {
wolfSSL 0:1239e9b70ca2 7442 Des myDes;
wolfSSL 0:1239e9b70ca2 7443
wolfSSL 0:1239e9b70ca2 7444 CYASSL_ENTER("DES_ncbc_encrypt");
wolfSSL 0:1239e9b70ca2 7445
wolfSSL 0:1239e9b70ca2 7446 /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 7447 Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 0:1239e9b70ca2 7448
wolfSSL 0:1239e9b70ca2 7449 if (enc)
wolfSSL 0:1239e9b70ca2 7450 Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 0:1239e9b70ca2 7451 else
wolfSSL 0:1239e9b70ca2 7452 Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 0:1239e9b70ca2 7453
wolfSSL 0:1239e9b70ca2 7454 XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock));
wolfSSL 0:1239e9b70ca2 7455 }
wolfSSL 0:1239e9b70ca2 7456
wolfSSL 0:1239e9b70ca2 7457
wolfSSL 0:1239e9b70ca2 7458 void CyaSSL_ERR_free_strings(void)
wolfSSL 0:1239e9b70ca2 7459 {
wolfSSL 0:1239e9b70ca2 7460 /* handled internally */
wolfSSL 0:1239e9b70ca2 7461 }
wolfSSL 0:1239e9b70ca2 7462
wolfSSL 0:1239e9b70ca2 7463
wolfSSL 0:1239e9b70ca2 7464 void CyaSSL_ERR_remove_state(unsigned long state)
wolfSSL 0:1239e9b70ca2 7465 {
wolfSSL 0:1239e9b70ca2 7466 /* TODO: GetErrors().Remove(); */
wolfSSL 0:1239e9b70ca2 7467 (void)state;
wolfSSL 0:1239e9b70ca2 7468 }
wolfSSL 0:1239e9b70ca2 7469
wolfSSL 0:1239e9b70ca2 7470
wolfSSL 0:1239e9b70ca2 7471 void CyaSSL_EVP_cleanup(void)
wolfSSL 0:1239e9b70ca2 7472 {
wolfSSL 0:1239e9b70ca2 7473 /* nothing to do here */
wolfSSL 0:1239e9b70ca2 7474 }
wolfSSL 0:1239e9b70ca2 7475
wolfSSL 0:1239e9b70ca2 7476
wolfSSL 0:1239e9b70ca2 7477 void CyaSSL_cleanup_all_ex_data(void)
wolfSSL 0:1239e9b70ca2 7478 {
wolfSSL 0:1239e9b70ca2 7479 /* nothing to do here */
wolfSSL 0:1239e9b70ca2 7480 }
wolfSSL 0:1239e9b70ca2 7481
wolfSSL 0:1239e9b70ca2 7482
wolfSSL 0:1239e9b70ca2 7483 long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode)
wolfSSL 0:1239e9b70ca2 7484 {
wolfSSL 0:1239e9b70ca2 7485 /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is CyaSSL default mode */
wolfSSL 0:1239e9b70ca2 7486
wolfSSL 0:1239e9b70ca2 7487 CYASSL_ENTER("SSL_CTX_set_mode");
wolfSSL 0:1239e9b70ca2 7488 if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE)
wolfSSL 0:1239e9b70ca2 7489 ctx->partialWrite = 1;
wolfSSL 0:1239e9b70ca2 7490
wolfSSL 0:1239e9b70ca2 7491 return mode;
wolfSSL 0:1239e9b70ca2 7492 }
wolfSSL 0:1239e9b70ca2 7493
wolfSSL 0:1239e9b70ca2 7494
wolfSSL 0:1239e9b70ca2 7495 long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7496 {
wolfSSL 0:1239e9b70ca2 7497 /* TODO: */
wolfSSL 0:1239e9b70ca2 7498 (void)ctx;
wolfSSL 0:1239e9b70ca2 7499 return 0;
wolfSSL 0:1239e9b70ca2 7500 }
wolfSSL 0:1239e9b70ca2 7501
wolfSSL 0:1239e9b70ca2 7502
wolfSSL 0:1239e9b70ca2 7503 void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m)
wolfSSL 0:1239e9b70ca2 7504 {
wolfSSL 0:1239e9b70ca2 7505 /* TODO: maybe? */
wolfSSL 0:1239e9b70ca2 7506 (void)ctx;
wolfSSL 0:1239e9b70ca2 7507 (void)m;
wolfSSL 0:1239e9b70ca2 7508 }
wolfSSL 0:1239e9b70ca2 7509
wolfSSL 0:1239e9b70ca2 7510
wolfSSL 0:1239e9b70ca2 7511 int CyaSSL_CTX_set_session_id_context(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 7512 const unsigned char* sid_ctx,
wolfSSL 0:1239e9b70ca2 7513 unsigned int sid_ctx_len)
wolfSSL 0:1239e9b70ca2 7514 {
wolfSSL 0:1239e9b70ca2 7515 /* No application specific context needed for cyaSSL */
wolfSSL 0:1239e9b70ca2 7516 (void)ctx;
wolfSSL 0:1239e9b70ca2 7517 (void)sid_ctx;
wolfSSL 0:1239e9b70ca2 7518 (void)sid_ctx_len;
wolfSSL 0:1239e9b70ca2 7519 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7520 }
wolfSSL 0:1239e9b70ca2 7521
wolfSSL 0:1239e9b70ca2 7522
wolfSSL 0:1239e9b70ca2 7523 long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7524 {
wolfSSL 0:1239e9b70ca2 7525 /* TODO: maybe? */
wolfSSL 0:1239e9b70ca2 7526 (void)ctx;
wolfSSL 0:1239e9b70ca2 7527 return (~0);
wolfSSL 0:1239e9b70ca2 7528 }
wolfSSL 0:1239e9b70ca2 7529
wolfSSL 0:1239e9b70ca2 7530 unsigned long CyaSSL_ERR_get_error_line_data(const char** file, int* line,
wolfSSL 0:1239e9b70ca2 7531 const char** data, int *flags)
wolfSSL 0:1239e9b70ca2 7532 {
wolfSSL 0:1239e9b70ca2 7533 /* Not implemented */
wolfSSL 0:1239e9b70ca2 7534 (void)file;
wolfSSL 0:1239e9b70ca2 7535 (void)line;
wolfSSL 0:1239e9b70ca2 7536 (void)data;
wolfSSL 0:1239e9b70ca2 7537 (void)flags;
wolfSSL 0:1239e9b70ca2 7538 return 0;
wolfSSL 0:1239e9b70ca2 7539 }
wolfSSL 0:1239e9b70ca2 7540
wolfSSL 0:1239e9b70ca2 7541 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 7542
wolfSSL 0:1239e9b70ca2 7543
wolfSSL 0:1239e9b70ca2 7544 #if defined(KEEP_PEER_CERT)
wolfSSL 0:1239e9b70ca2 7545
wolfSSL 0:1239e9b70ca2 7546 CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 7547 {
wolfSSL 0:1239e9b70ca2 7548 CYASSL_ENTER("SSL_get_peer_certificate");
wolfSSL 0:1239e9b70ca2 7549 if (ssl->peerCert.issuer.sz)
wolfSSL 0:1239e9b70ca2 7550 return &ssl->peerCert;
wolfSSL 0:1239e9b70ca2 7551 else
wolfSSL 0:1239e9b70ca2 7552 return 0;
wolfSSL 0:1239e9b70ca2 7553 }
wolfSSL 0:1239e9b70ca2 7554
wolfSSL 0:1239e9b70ca2 7555 #endif /* KEEP_PEER_CERT */
wolfSSL 0:1239e9b70ca2 7556
wolfSSL 0:1239e9b70ca2 7557
wolfSSL 0:1239e9b70ca2 7558 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
wolfSSL 0:1239e9b70ca2 7559
wolfSSL 0:1239e9b70ca2 7560 void CyaSSL_FreeX509(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7561 {
wolfSSL 0:1239e9b70ca2 7562 CYASSL_ENTER("CyaSSL_FreeX509");
wolfSSL 0:1239e9b70ca2 7563 FreeX509(x509);
wolfSSL 0:1239e9b70ca2 7564 }
wolfSSL 0:1239e9b70ca2 7565
wolfSSL 0:1239e9b70ca2 7566
wolfSSL 0:1239e9b70ca2 7567 /* return the next, if any, altname from the peer cert */
wolfSSL 0:1239e9b70ca2 7568 char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
wolfSSL 0:1239e9b70ca2 7569 {
wolfSSL 0:1239e9b70ca2 7570 char* ret = NULL;
wolfSSL 0:1239e9b70ca2 7571 CYASSL_ENTER("CyaSSL_X509_get_next_altname");
wolfSSL 0:1239e9b70ca2 7572
wolfSSL 0:1239e9b70ca2 7573 /* don't have any to work with */
wolfSSL 0:1239e9b70ca2 7574 if (cert == NULL || cert->altNames == NULL)
wolfSSL 0:1239e9b70ca2 7575 return NULL;
wolfSSL 0:1239e9b70ca2 7576
wolfSSL 0:1239e9b70ca2 7577 /* already went through them */
wolfSSL 0:1239e9b70ca2 7578 if (cert->altNamesNext == NULL)
wolfSSL 0:1239e9b70ca2 7579 return NULL;
wolfSSL 0:1239e9b70ca2 7580
wolfSSL 0:1239e9b70ca2 7581 ret = cert->altNamesNext->name;
wolfSSL 0:1239e9b70ca2 7582 cert->altNamesNext = cert->altNamesNext->next;
wolfSSL 0:1239e9b70ca2 7583
wolfSSL 0:1239e9b70ca2 7584 return ret;
wolfSSL 0:1239e9b70ca2 7585 }
wolfSSL 0:1239e9b70ca2 7586
wolfSSL 0:1239e9b70ca2 7587
wolfSSL 0:1239e9b70ca2 7588 CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
wolfSSL 0:1239e9b70ca2 7589 {
wolfSSL 0:1239e9b70ca2 7590 CYASSL_ENTER("X509_get_issuer_name");
wolfSSL 0:1239e9b70ca2 7591 return &cert->issuer;
wolfSSL 0:1239e9b70ca2 7592 }
wolfSSL 0:1239e9b70ca2 7593
wolfSSL 0:1239e9b70ca2 7594
wolfSSL 0:1239e9b70ca2 7595 CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
wolfSSL 0:1239e9b70ca2 7596 {
wolfSSL 0:1239e9b70ca2 7597 CYASSL_ENTER("X509_get_subject_name");
wolfSSL 0:1239e9b70ca2 7598 return &cert->subject;
wolfSSL 0:1239e9b70ca2 7599 }
wolfSSL 0:1239e9b70ca2 7600
wolfSSL 0:1239e9b70ca2 7601
wolfSSL 0:1239e9b70ca2 7602 int CyaSSL_X509_get_isCA(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7603 {
wolfSSL 0:1239e9b70ca2 7604 int isCA = 0;
wolfSSL 0:1239e9b70ca2 7605
wolfSSL 0:1239e9b70ca2 7606 CYASSL_ENTER("CyaSSL_X509_get_isCA");
wolfSSL 0:1239e9b70ca2 7607
wolfSSL 0:1239e9b70ca2 7608 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7609 isCA = x509->isCa;
wolfSSL 0:1239e9b70ca2 7610
wolfSSL 0:1239e9b70ca2 7611 CYASSL_LEAVE("CyaSSL_X509_get_isCA", isCA);
wolfSSL 0:1239e9b70ca2 7612
wolfSSL 0:1239e9b70ca2 7613 return isCA;
wolfSSL 0:1239e9b70ca2 7614 }
wolfSSL 0:1239e9b70ca2 7615
wolfSSL 0:1239e9b70ca2 7616
wolfSSL 0:1239e9b70ca2 7617 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 7618 int CyaSSL_X509_ext_isSet_by_NID(CYASSL_X509* x509, int nid)
wolfSSL 0:1239e9b70ca2 7619 {
wolfSSL 0:1239e9b70ca2 7620 int isSet = 0;
wolfSSL 0:1239e9b70ca2 7621
wolfSSL 0:1239e9b70ca2 7622 CYASSL_ENTER("CyaSSL_X509_ext_isSet_by_NID");
wolfSSL 0:1239e9b70ca2 7623
wolfSSL 0:1239e9b70ca2 7624 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 7625 switch (nid) {
wolfSSL 0:1239e9b70ca2 7626 case BASIC_CA_OID: isSet = x509->basicConstSet; break;
wolfSSL 0:1239e9b70ca2 7627 case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;
wolfSSL 0:1239e9b70ca2 7628 case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;
wolfSSL 0:1239e9b70ca2 7629 case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;
wolfSSL 0:1239e9b70ca2 7630 case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;
wolfSSL 0:1239e9b70ca2 7631 #ifdef CYASSL_SEP
wolfSSL 0:1239e9b70ca2 7632 case CERT_POLICY_OID: isSet = x509->certPolicySet; break;
wolfSSL 0:1239e9b70ca2 7633 #endif /* CYASSL_SEP */
wolfSSL 0:1239e9b70ca2 7634 }
wolfSSL 0:1239e9b70ca2 7635 }
wolfSSL 0:1239e9b70ca2 7636
wolfSSL 0:1239e9b70ca2 7637 CYASSL_LEAVE("CyaSSL_X509_ext_isSet_by_NID", isSet);
wolfSSL 0:1239e9b70ca2 7638
wolfSSL 0:1239e9b70ca2 7639 return isSet;
wolfSSL 0:1239e9b70ca2 7640 }
wolfSSL 0:1239e9b70ca2 7641
wolfSSL 0:1239e9b70ca2 7642
wolfSSL 0:1239e9b70ca2 7643 int CyaSSL_X509_ext_get_critical_by_NID(CYASSL_X509* x509, int nid)
wolfSSL 0:1239e9b70ca2 7644 {
wolfSSL 0:1239e9b70ca2 7645 int crit = 0;
wolfSSL 0:1239e9b70ca2 7646
wolfSSL 0:1239e9b70ca2 7647 CYASSL_ENTER("CyaSSL_X509_ext_get_critical_by_NID");
wolfSSL 0:1239e9b70ca2 7648
wolfSSL 0:1239e9b70ca2 7649 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 7650 switch (nid) {
wolfSSL 0:1239e9b70ca2 7651 case BASIC_CA_OID: crit = x509->basicConstCrit; break;
wolfSSL 0:1239e9b70ca2 7652 case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;
wolfSSL 0:1239e9b70ca2 7653 case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;
wolfSSL 0:1239e9b70ca2 7654 case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;
wolfSSL 0:1239e9b70ca2 7655 case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;
wolfSSL 0:1239e9b70ca2 7656 #ifdef CYASSL_SEP
wolfSSL 0:1239e9b70ca2 7657 case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;
wolfSSL 0:1239e9b70ca2 7658 #endif /* CYASSL_SEP */
wolfSSL 0:1239e9b70ca2 7659 }
wolfSSL 0:1239e9b70ca2 7660 }
wolfSSL 0:1239e9b70ca2 7661
wolfSSL 0:1239e9b70ca2 7662 CYASSL_LEAVE("CyaSSL_X509_ext_get_critical_by_NID", crit);
wolfSSL 0:1239e9b70ca2 7663
wolfSSL 0:1239e9b70ca2 7664 return crit;
wolfSSL 0:1239e9b70ca2 7665 }
wolfSSL 0:1239e9b70ca2 7666
wolfSSL 0:1239e9b70ca2 7667
wolfSSL 0:1239e9b70ca2 7668 int CyaSSL_X509_get_isSet_pathLength(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7669 {
wolfSSL 0:1239e9b70ca2 7670 int isSet = 0;
wolfSSL 0:1239e9b70ca2 7671
wolfSSL 0:1239e9b70ca2 7672 CYASSL_ENTER("CyaSSL_X509_get_isSet_pathLength");
wolfSSL 0:1239e9b70ca2 7673
wolfSSL 0:1239e9b70ca2 7674 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7675 isSet = x509->basicConstPlSet;
wolfSSL 0:1239e9b70ca2 7676
wolfSSL 0:1239e9b70ca2 7677 CYASSL_LEAVE("CyaSSL_X509_get_isSet_pathLength", isSet);
wolfSSL 0:1239e9b70ca2 7678
wolfSSL 0:1239e9b70ca2 7679 return isSet;
wolfSSL 0:1239e9b70ca2 7680 }
wolfSSL 0:1239e9b70ca2 7681
wolfSSL 0:1239e9b70ca2 7682
wolfSSL 0:1239e9b70ca2 7683 word32 CyaSSL_X509_get_pathLength(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7684 {
wolfSSL 0:1239e9b70ca2 7685 word32 pathLength = 0;
wolfSSL 0:1239e9b70ca2 7686
wolfSSL 0:1239e9b70ca2 7687 CYASSL_ENTER("CyaSSL_X509_get_pathLength");
wolfSSL 0:1239e9b70ca2 7688
wolfSSL 0:1239e9b70ca2 7689 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7690 pathLength = x509->pathLength;
wolfSSL 0:1239e9b70ca2 7691
wolfSSL 0:1239e9b70ca2 7692 CYASSL_LEAVE("CyaSSL_X509_get_pathLength", pathLength);
wolfSSL 0:1239e9b70ca2 7693
wolfSSL 0:1239e9b70ca2 7694 return pathLength;
wolfSSL 0:1239e9b70ca2 7695 }
wolfSSL 0:1239e9b70ca2 7696
wolfSSL 0:1239e9b70ca2 7697
wolfSSL 0:1239e9b70ca2 7698 unsigned int CyaSSL_X509_get_keyUsage(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7699 {
wolfSSL 0:1239e9b70ca2 7700 word16 usage = 0;
wolfSSL 0:1239e9b70ca2 7701
wolfSSL 0:1239e9b70ca2 7702 CYASSL_ENTER("CyaSSL_X509_get_keyUsage");
wolfSSL 0:1239e9b70ca2 7703
wolfSSL 0:1239e9b70ca2 7704 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7705 usage = x509->keyUsage;
wolfSSL 0:1239e9b70ca2 7706
wolfSSL 0:1239e9b70ca2 7707 CYASSL_LEAVE("CyaSSL_X509_get_keyUsage", usage);
wolfSSL 0:1239e9b70ca2 7708
wolfSSL 0:1239e9b70ca2 7709 return usage;
wolfSSL 0:1239e9b70ca2 7710 }
wolfSSL 0:1239e9b70ca2 7711
wolfSSL 0:1239e9b70ca2 7712
wolfSSL 0:1239e9b70ca2 7713 byte* CyaSSL_X509_get_authorityKeyID(
wolfSSL 0:1239e9b70ca2 7714 CYASSL_X509* x509, byte* dst, int* dstLen)
wolfSSL 0:1239e9b70ca2 7715 {
wolfSSL 0:1239e9b70ca2 7716 byte *id = NULL;
wolfSSL 0:1239e9b70ca2 7717 int copySz = 0;
wolfSSL 0:1239e9b70ca2 7718
wolfSSL 0:1239e9b70ca2 7719 CYASSL_ENTER("CyaSSL_X509_get_authorityKeyID");
wolfSSL 0:1239e9b70ca2 7720
wolfSSL 0:1239e9b70ca2 7721 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 7722 if (x509->authKeyIdSet) {
wolfSSL 0:1239e9b70ca2 7723 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 0:1239e9b70ca2 7724 (int)x509->authKeyIdSz);
wolfSSL 0:1239e9b70ca2 7725 id = x509->authKeyId;
wolfSSL 0:1239e9b70ca2 7726 }
wolfSSL 0:1239e9b70ca2 7727
wolfSSL 0:1239e9b70ca2 7728 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 0:1239e9b70ca2 7729 XMEMCPY(dst, id, copySz);
wolfSSL 0:1239e9b70ca2 7730 id = dst;
wolfSSL 0:1239e9b70ca2 7731 *dstLen = copySz;
wolfSSL 0:1239e9b70ca2 7732 }
wolfSSL 0:1239e9b70ca2 7733 }
wolfSSL 0:1239e9b70ca2 7734
wolfSSL 0:1239e9b70ca2 7735 CYASSL_LEAVE("CyaSSL_X509_get_authorityKeyID", copySz);
wolfSSL 0:1239e9b70ca2 7736
wolfSSL 0:1239e9b70ca2 7737 return id;
wolfSSL 0:1239e9b70ca2 7738 }
wolfSSL 0:1239e9b70ca2 7739
wolfSSL 0:1239e9b70ca2 7740
wolfSSL 0:1239e9b70ca2 7741 byte* CyaSSL_X509_get_subjectKeyID(
wolfSSL 0:1239e9b70ca2 7742 CYASSL_X509* x509, byte* dst, int* dstLen)
wolfSSL 0:1239e9b70ca2 7743 {
wolfSSL 0:1239e9b70ca2 7744 byte *id = NULL;
wolfSSL 0:1239e9b70ca2 7745 int copySz = 0;
wolfSSL 0:1239e9b70ca2 7746
wolfSSL 0:1239e9b70ca2 7747 CYASSL_ENTER("CyaSSL_X509_get_subjectKeyID");
wolfSSL 0:1239e9b70ca2 7748
wolfSSL 0:1239e9b70ca2 7749 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 7750 if (x509->subjKeyIdSet) {
wolfSSL 0:1239e9b70ca2 7751 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 0:1239e9b70ca2 7752 (int)x509->subjKeyIdSz);
wolfSSL 0:1239e9b70ca2 7753 id = x509->subjKeyId;
wolfSSL 0:1239e9b70ca2 7754 }
wolfSSL 0:1239e9b70ca2 7755
wolfSSL 0:1239e9b70ca2 7756 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 0:1239e9b70ca2 7757 XMEMCPY(dst, id, copySz);
wolfSSL 0:1239e9b70ca2 7758 id = dst;
wolfSSL 0:1239e9b70ca2 7759 *dstLen = copySz;
wolfSSL 0:1239e9b70ca2 7760 }
wolfSSL 0:1239e9b70ca2 7761 }
wolfSSL 0:1239e9b70ca2 7762
wolfSSL 0:1239e9b70ca2 7763 CYASSL_LEAVE("CyaSSL_X509_get_subjectKeyID", copySz);
wolfSSL 0:1239e9b70ca2 7764
wolfSSL 0:1239e9b70ca2 7765 return id;
wolfSSL 0:1239e9b70ca2 7766 }
wolfSSL 0:1239e9b70ca2 7767
wolfSSL 0:1239e9b70ca2 7768
wolfSSL 0:1239e9b70ca2 7769 int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME* name)
wolfSSL 0:1239e9b70ca2 7770 {
wolfSSL 0:1239e9b70ca2 7771 int count = 0;
wolfSSL 0:1239e9b70ca2 7772
wolfSSL 0:1239e9b70ca2 7773 CYASSL_ENTER("CyaSSL_X509_NAME_entry_count");
wolfSSL 0:1239e9b70ca2 7774
wolfSSL 0:1239e9b70ca2 7775 if (name != NULL)
wolfSSL 0:1239e9b70ca2 7776 count = name->fullName.entryCount;
wolfSSL 0:1239e9b70ca2 7777
wolfSSL 0:1239e9b70ca2 7778 CYASSL_LEAVE("CyaSSL_X509_NAME_entry_count", count);
wolfSSL 0:1239e9b70ca2 7779 return count;
wolfSSL 0:1239e9b70ca2 7780 }
wolfSSL 0:1239e9b70ca2 7781
wolfSSL 0:1239e9b70ca2 7782
wolfSSL 0:1239e9b70ca2 7783 int CyaSSL_X509_NAME_get_text_by_NID(CYASSL_X509_NAME* name,
wolfSSL 0:1239e9b70ca2 7784 int nid, char* buf, int len)
wolfSSL 0:1239e9b70ca2 7785 {
wolfSSL 0:1239e9b70ca2 7786 char *text = NULL;
wolfSSL 0:1239e9b70ca2 7787 int textSz = 0;
wolfSSL 0:1239e9b70ca2 7788
wolfSSL 0:1239e9b70ca2 7789 CYASSL_ENTER("CyaSSL_X509_NAME_get_text_by_NID");
wolfSSL 0:1239e9b70ca2 7790
wolfSSL 0:1239e9b70ca2 7791 switch (nid) {
wolfSSL 0:1239e9b70ca2 7792 case ASN_COMMON_NAME:
wolfSSL 0:1239e9b70ca2 7793 text = name->fullName.fullName + name->fullName.cnIdx;
wolfSSL 0:1239e9b70ca2 7794 textSz = name->fullName.cnLen;
wolfSSL 0:1239e9b70ca2 7795 break;
wolfSSL 0:1239e9b70ca2 7796 case ASN_SUR_NAME:
wolfSSL 0:1239e9b70ca2 7797 text = name->fullName.fullName + name->fullName.snIdx;
wolfSSL 0:1239e9b70ca2 7798 textSz = name->fullName.snLen;
wolfSSL 0:1239e9b70ca2 7799 break;
wolfSSL 0:1239e9b70ca2 7800 case ASN_SERIAL_NUMBER:
wolfSSL 0:1239e9b70ca2 7801 text = name->fullName.fullName + name->fullName.serialIdx;
wolfSSL 0:1239e9b70ca2 7802 textSz = name->fullName.serialLen;
wolfSSL 0:1239e9b70ca2 7803 break;
wolfSSL 0:1239e9b70ca2 7804 case ASN_COUNTRY_NAME:
wolfSSL 0:1239e9b70ca2 7805 text = name->fullName.fullName + name->fullName.cIdx;
wolfSSL 0:1239e9b70ca2 7806 textSz = name->fullName.cLen;
wolfSSL 0:1239e9b70ca2 7807 break;
wolfSSL 0:1239e9b70ca2 7808 case ASN_LOCALITY_NAME:
wolfSSL 0:1239e9b70ca2 7809 text = name->fullName.fullName + name->fullName.lIdx;
wolfSSL 0:1239e9b70ca2 7810 textSz = name->fullName.lLen;
wolfSSL 0:1239e9b70ca2 7811 break;
wolfSSL 0:1239e9b70ca2 7812 case ASN_STATE_NAME:
wolfSSL 0:1239e9b70ca2 7813 text = name->fullName.fullName + name->fullName.stIdx;
wolfSSL 0:1239e9b70ca2 7814 textSz = name->fullName.stLen;
wolfSSL 0:1239e9b70ca2 7815 break;
wolfSSL 0:1239e9b70ca2 7816 case ASN_ORG_NAME:
wolfSSL 0:1239e9b70ca2 7817 text = name->fullName.fullName + name->fullName.oIdx;
wolfSSL 0:1239e9b70ca2 7818 textSz = name->fullName.oLen;
wolfSSL 0:1239e9b70ca2 7819 break;
wolfSSL 0:1239e9b70ca2 7820 case ASN_ORGUNIT_NAME:
wolfSSL 0:1239e9b70ca2 7821 text = name->fullName.fullName + name->fullName.ouIdx;
wolfSSL 0:1239e9b70ca2 7822 textSz = name->fullName.ouLen;
wolfSSL 0:1239e9b70ca2 7823 break;
wolfSSL 0:1239e9b70ca2 7824 default:
wolfSSL 0:1239e9b70ca2 7825 break;
wolfSSL 0:1239e9b70ca2 7826 }
wolfSSL 0:1239e9b70ca2 7827
wolfSSL 0:1239e9b70ca2 7828 if (buf != NULL && text != NULL) {
wolfSSL 0:1239e9b70ca2 7829 textSz = min(textSz, len);
wolfSSL 0:1239e9b70ca2 7830 XMEMCPY(buf, text, textSz);
wolfSSL 0:1239e9b70ca2 7831 buf[textSz] = '\0';
wolfSSL 0:1239e9b70ca2 7832 }
wolfSSL 0:1239e9b70ca2 7833
wolfSSL 0:1239e9b70ca2 7834 CYASSL_LEAVE("CyaSSL_X509_NAME_get_text_by_NID", textSz);
wolfSSL 0:1239e9b70ca2 7835 return textSz;
wolfSSL 0:1239e9b70ca2 7836 }
wolfSSL 0:1239e9b70ca2 7837 #endif
wolfSSL 0:1239e9b70ca2 7838
wolfSSL 0:1239e9b70ca2 7839
wolfSSL 0:1239e9b70ca2 7840 /* copy name into in buffer, at most sz bytes, if buffer is null will
wolfSSL 0:1239e9b70ca2 7841 malloc buffer, call responsible for freeing */
wolfSSL 0:1239e9b70ca2 7842 char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
wolfSSL 0:1239e9b70ca2 7843 {
wolfSSL 0:1239e9b70ca2 7844 int copySz = min(sz, name->sz);
wolfSSL 0:1239e9b70ca2 7845
wolfSSL 0:1239e9b70ca2 7846 CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
wolfSSL 0:1239e9b70ca2 7847 if (!name->sz) return in;
wolfSSL 0:1239e9b70ca2 7848
wolfSSL 0:1239e9b70ca2 7849 if (!in) {
wolfSSL 0:1239e9b70ca2 7850 in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 7851 if (!in ) return in;
wolfSSL 0:1239e9b70ca2 7852 copySz = name->sz;
wolfSSL 0:1239e9b70ca2 7853 }
wolfSSL 0:1239e9b70ca2 7854
wolfSSL 0:1239e9b70ca2 7855 if (copySz == 0)
wolfSSL 0:1239e9b70ca2 7856 return in;
wolfSSL 0:1239e9b70ca2 7857
wolfSSL 0:1239e9b70ca2 7858 XMEMCPY(in, name->name, copySz - 1);
wolfSSL 0:1239e9b70ca2 7859 in[copySz - 1] = 0;
wolfSSL 0:1239e9b70ca2 7860
wolfSSL 0:1239e9b70ca2 7861 return in;
wolfSSL 0:1239e9b70ca2 7862 }
wolfSSL 0:1239e9b70ca2 7863
wolfSSL 0:1239e9b70ca2 7864
wolfSSL 0:1239e9b70ca2 7865 int CyaSSL_X509_get_signature_type(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7866 {
wolfSSL 0:1239e9b70ca2 7867 int type = 0;
wolfSSL 0:1239e9b70ca2 7868
wolfSSL 0:1239e9b70ca2 7869 CYASSL_ENTER("CyaSSL_X509_get_signature_type");
wolfSSL 0:1239e9b70ca2 7870
wolfSSL 0:1239e9b70ca2 7871 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7872 type = x509->sigOID;
wolfSSL 0:1239e9b70ca2 7873
wolfSSL 0:1239e9b70ca2 7874 return type;
wolfSSL 0:1239e9b70ca2 7875 }
wolfSSL 0:1239e9b70ca2 7876
wolfSSL 0:1239e9b70ca2 7877
wolfSSL 0:1239e9b70ca2 7878 int CyaSSL_X509_get_signature(CYASSL_X509* x509,
wolfSSL 0:1239e9b70ca2 7879 unsigned char* buf, int* bufSz)
wolfSSL 0:1239e9b70ca2 7880 {
wolfSSL 0:1239e9b70ca2 7881 CYASSL_ENTER("CyaSSL_X509_get_signature");
wolfSSL 0:1239e9b70ca2 7882 if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length)
wolfSSL 0:1239e9b70ca2 7883 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7884
wolfSSL 0:1239e9b70ca2 7885 if (buf != NULL)
wolfSSL 0:1239e9b70ca2 7886 XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
wolfSSL 0:1239e9b70ca2 7887 *bufSz = x509->sig.length;
wolfSSL 0:1239e9b70ca2 7888
wolfSSL 0:1239e9b70ca2 7889 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7890 }
wolfSSL 0:1239e9b70ca2 7891
wolfSSL 0:1239e9b70ca2 7892
wolfSSL 0:1239e9b70ca2 7893 /* write X509 serial number in unsigned binary to buffer
wolfSSL 0:1239e9b70ca2 7894 buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
wolfSSL 0:1239e9b70ca2 7895 return SSL_SUCCESS on success */
wolfSSL 0:1239e9b70ca2 7896 int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
wolfSSL 0:1239e9b70ca2 7897 {
wolfSSL 0:1239e9b70ca2 7898 CYASSL_ENTER("CyaSSL_X509_get_serial_number");
wolfSSL 0:1239e9b70ca2 7899 if (x509 == NULL || in == NULL ||
wolfSSL 0:1239e9b70ca2 7900 inOutSz == NULL || *inOutSz < x509->serialSz)
wolfSSL 0:1239e9b70ca2 7901 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 7902
wolfSSL 0:1239e9b70ca2 7903 XMEMCPY(in, x509->serial, x509->serialSz);
wolfSSL 0:1239e9b70ca2 7904 *inOutSz = x509->serialSz;
wolfSSL 0:1239e9b70ca2 7905
wolfSSL 0:1239e9b70ca2 7906 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7907 }
wolfSSL 0:1239e9b70ca2 7908
wolfSSL 0:1239e9b70ca2 7909
wolfSSL 0:1239e9b70ca2 7910 const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
wolfSSL 0:1239e9b70ca2 7911 {
wolfSSL 0:1239e9b70ca2 7912 CYASSL_ENTER("CyaSSL_X509_get_der");
wolfSSL 0:1239e9b70ca2 7913
wolfSSL 0:1239e9b70ca2 7914 if (x509 == NULL || outSz == NULL)
wolfSSL 0:1239e9b70ca2 7915 return NULL;
wolfSSL 0:1239e9b70ca2 7916
wolfSSL 0:1239e9b70ca2 7917 *outSz = (int)x509->derCert.length;
wolfSSL 0:1239e9b70ca2 7918 return x509->derCert.buffer;
wolfSSL 0:1239e9b70ca2 7919 }
wolfSSL 0:1239e9b70ca2 7920
wolfSSL 0:1239e9b70ca2 7921
wolfSSL 0:1239e9b70ca2 7922 int CyaSSL_X509_version(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7923 {
wolfSSL 0:1239e9b70ca2 7924 CYASSL_ENTER("CyaSSL_X509_version");
wolfSSL 0:1239e9b70ca2 7925
wolfSSL 0:1239e9b70ca2 7926 if (x509 == NULL)
wolfSSL 0:1239e9b70ca2 7927 return 0;
wolfSSL 0:1239e9b70ca2 7928
wolfSSL 0:1239e9b70ca2 7929 return x509->version;
wolfSSL 0:1239e9b70ca2 7930 }
wolfSSL 0:1239e9b70ca2 7931
wolfSSL 0:1239e9b70ca2 7932
wolfSSL 0:1239e9b70ca2 7933 const byte* CyaSSL_X509_notBefore(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7934 {
wolfSSL 0:1239e9b70ca2 7935 CYASSL_ENTER("CyaSSL_X509_notBefore");
wolfSSL 0:1239e9b70ca2 7936
wolfSSL 0:1239e9b70ca2 7937 if (x509 == NULL)
wolfSSL 0:1239e9b70ca2 7938 return NULL;
wolfSSL 0:1239e9b70ca2 7939
wolfSSL 0:1239e9b70ca2 7940 return x509->notBefore;
wolfSSL 0:1239e9b70ca2 7941 }
wolfSSL 0:1239e9b70ca2 7942
wolfSSL 0:1239e9b70ca2 7943
wolfSSL 0:1239e9b70ca2 7944 const byte* CyaSSL_X509_notAfter(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7945 {
wolfSSL 0:1239e9b70ca2 7946 CYASSL_ENTER("CyaSSL_X509_notAfter");
wolfSSL 0:1239e9b70ca2 7947
wolfSSL 0:1239e9b70ca2 7948 if (x509 == NULL)
wolfSSL 0:1239e9b70ca2 7949 return NULL;
wolfSSL 0:1239e9b70ca2 7950
wolfSSL 0:1239e9b70ca2 7951 return x509->notAfter;
wolfSSL 0:1239e9b70ca2 7952 }
wolfSSL 0:1239e9b70ca2 7953
wolfSSL 0:1239e9b70ca2 7954
wolfSSL 0:1239e9b70ca2 7955 #ifdef CYASSL_SEP
wolfSSL 0:1239e9b70ca2 7956
wolfSSL 0:1239e9b70ca2 7957 /* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
wolfSSL 0:1239e9b70ca2 7958 malloc buffer, call responsible for freeing. Actual size returned in
wolfSSL 0:1239e9b70ca2 7959 *inOutSz. Requires inOutSz be non-null */
wolfSSL 0:1239e9b70ca2 7960 byte* CyaSSL_X509_get_device_type(CYASSL_X509* x509, byte* in, int *inOutSz)
wolfSSL 0:1239e9b70ca2 7961 {
wolfSSL 0:1239e9b70ca2 7962 int copySz;
wolfSSL 0:1239e9b70ca2 7963
wolfSSL 0:1239e9b70ca2 7964 CYASSL_ENTER("CyaSSL_X509_get_dev_type");
wolfSSL 0:1239e9b70ca2 7965 if (inOutSz == NULL) return NULL;
wolfSSL 0:1239e9b70ca2 7966 if (!x509->deviceTypeSz) return in;
wolfSSL 0:1239e9b70ca2 7967
wolfSSL 0:1239e9b70ca2 7968 copySz = min(*inOutSz, x509->deviceTypeSz);
wolfSSL 0:1239e9b70ca2 7969
wolfSSL 0:1239e9b70ca2 7970 if (!in) {
wolfSSL 0:1239e9b70ca2 7971 in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 7972 if (!in) return in;
wolfSSL 0:1239e9b70ca2 7973 copySz = x509->deviceTypeSz;
wolfSSL 0:1239e9b70ca2 7974 }
wolfSSL 0:1239e9b70ca2 7975
wolfSSL 0:1239e9b70ca2 7976 XMEMCPY(in, x509->deviceType, copySz);
wolfSSL 0:1239e9b70ca2 7977 *inOutSz = copySz;
wolfSSL 0:1239e9b70ca2 7978
wolfSSL 0:1239e9b70ca2 7979 return in;
wolfSSL 0:1239e9b70ca2 7980 }
wolfSSL 0:1239e9b70ca2 7981
wolfSSL 0:1239e9b70ca2 7982
wolfSSL 0:1239e9b70ca2 7983 byte* CyaSSL_X509_get_hw_type(CYASSL_X509* x509, byte* in, int* inOutSz)
wolfSSL 0:1239e9b70ca2 7984 {
wolfSSL 0:1239e9b70ca2 7985 int copySz;
wolfSSL 0:1239e9b70ca2 7986
wolfSSL 0:1239e9b70ca2 7987 CYASSL_ENTER("CyaSSL_X509_get_hw_type");
wolfSSL 0:1239e9b70ca2 7988 if (inOutSz == NULL) return NULL;
wolfSSL 0:1239e9b70ca2 7989 if (!x509->hwTypeSz) return in;
wolfSSL 0:1239e9b70ca2 7990
wolfSSL 0:1239e9b70ca2 7991 copySz = min(*inOutSz, x509->hwTypeSz);
wolfSSL 0:1239e9b70ca2 7992
wolfSSL 0:1239e9b70ca2 7993 if (!in) {
wolfSSL 0:1239e9b70ca2 7994 in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 7995 if (!in) return in;
wolfSSL 0:1239e9b70ca2 7996 copySz = x509->hwTypeSz;
wolfSSL 0:1239e9b70ca2 7997 }
wolfSSL 0:1239e9b70ca2 7998
wolfSSL 0:1239e9b70ca2 7999 XMEMCPY(in, x509->hwType, copySz);
wolfSSL 0:1239e9b70ca2 8000 *inOutSz = copySz;
wolfSSL 0:1239e9b70ca2 8001
wolfSSL 0:1239e9b70ca2 8002 return in;
wolfSSL 0:1239e9b70ca2 8003 }
wolfSSL 0:1239e9b70ca2 8004
wolfSSL 0:1239e9b70ca2 8005
wolfSSL 0:1239e9b70ca2 8006 byte* CyaSSL_X509_get_hw_serial_number(CYASSL_X509* x509,byte* in,int* inOutSz)
wolfSSL 0:1239e9b70ca2 8007 {
wolfSSL 0:1239e9b70ca2 8008 int copySz;
wolfSSL 0:1239e9b70ca2 8009
wolfSSL 0:1239e9b70ca2 8010 CYASSL_ENTER("CyaSSL_X509_get_hw_serial_number");
wolfSSL 0:1239e9b70ca2 8011 if (inOutSz == NULL) return NULL;
wolfSSL 0:1239e9b70ca2 8012 if (!x509->hwTypeSz) return in;
wolfSSL 0:1239e9b70ca2 8013
wolfSSL 0:1239e9b70ca2 8014 copySz = min(*inOutSz, x509->hwSerialNumSz);
wolfSSL 0:1239e9b70ca2 8015
wolfSSL 0:1239e9b70ca2 8016 if (!in) {
wolfSSL 0:1239e9b70ca2 8017 in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 8018 if (!in) return in;
wolfSSL 0:1239e9b70ca2 8019 copySz = x509->hwSerialNumSz;
wolfSSL 0:1239e9b70ca2 8020 }
wolfSSL 0:1239e9b70ca2 8021
wolfSSL 0:1239e9b70ca2 8022 XMEMCPY(in, x509->hwSerialNum, copySz);
wolfSSL 0:1239e9b70ca2 8023 *inOutSz = copySz;
wolfSSL 0:1239e9b70ca2 8024
wolfSSL 0:1239e9b70ca2 8025 return in;
wolfSSL 0:1239e9b70ca2 8026 }
wolfSSL 0:1239e9b70ca2 8027
wolfSSL 0:1239e9b70ca2 8028 #endif /* CYASSL_SEP */
wolfSSL 0:1239e9b70ca2 8029
wolfSSL 0:1239e9b70ca2 8030
wolfSSL 0:1239e9b70ca2 8031 CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
wolfSSL 0:1239e9b70ca2 8032 {
wolfSSL 0:1239e9b70ca2 8033 CYASSL_X509 *newX509 = NULL;
wolfSSL 0:1239e9b70ca2 8034
wolfSSL 0:1239e9b70ca2 8035 CYASSL_ENTER("CyaSSL_X509_d2i");
wolfSSL 0:1239e9b70ca2 8036
wolfSSL 0:1239e9b70ca2 8037 if (in != NULL && len != 0) {
wolfSSL 0:1239e9b70ca2 8038 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 8039
wolfSSL 0:1239e9b70ca2 8040 InitDecodedCert(&cert, (byte*)in, len, NULL);
wolfSSL 0:1239e9b70ca2 8041 if (ParseCertRelative(&cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 0:1239e9b70ca2 8042 newX509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509),
wolfSSL 0:1239e9b70ca2 8043 NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 8044 if (newX509 != NULL) {
wolfSSL 0:1239e9b70ca2 8045 InitX509(newX509, 1);
wolfSSL 0:1239e9b70ca2 8046 if (CopyDecodedToX509(newX509, &cert) != 0) {
wolfSSL 0:1239e9b70ca2 8047 XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 8048 newX509 = NULL;
wolfSSL 0:1239e9b70ca2 8049 }
wolfSSL 0:1239e9b70ca2 8050 }
wolfSSL 0:1239e9b70ca2 8051 }
wolfSSL 0:1239e9b70ca2 8052 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 8053 }
wolfSSL 0:1239e9b70ca2 8054
wolfSSL 0:1239e9b70ca2 8055 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 8056 *x509 = newX509;
wolfSSL 0:1239e9b70ca2 8057
wolfSSL 0:1239e9b70ca2 8058 return newX509;
wolfSSL 0:1239e9b70ca2 8059 }
wolfSSL 0:1239e9b70ca2 8060
wolfSSL 0:1239e9b70ca2 8061
wolfSSL 0:1239e9b70ca2 8062 #ifndef NO_FILESYSTEM
wolfSSL 0:1239e9b70ca2 8063
wolfSSL 0:1239e9b70ca2 8064 #ifndef NO_STDIO_FILESYSTEM
wolfSSL 0:1239e9b70ca2 8065
wolfSSL 0:1239e9b70ca2 8066 CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
wolfSSL 0:1239e9b70ca2 8067 {
wolfSSL 0:1239e9b70ca2 8068 CYASSL_X509* newX509 = NULL;
wolfSSL 0:1239e9b70ca2 8069
wolfSSL 0:1239e9b70ca2 8070 CYASSL_ENTER("CyaSSL_X509_d2i_fp");
wolfSSL 0:1239e9b70ca2 8071
wolfSSL 0:1239e9b70ca2 8072 if (file != XBADFILE) {
wolfSSL 0:1239e9b70ca2 8073 byte* fileBuffer = NULL;
wolfSSL 0:1239e9b70ca2 8074 long sz = 0;
wolfSSL 0:1239e9b70ca2 8075
wolfSSL 0:1239e9b70ca2 8076 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 8077 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 8078 XREWIND(file);
wolfSSL 0:1239e9b70ca2 8079
wolfSSL 0:1239e9b70ca2 8080 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8081 if (fileBuffer != NULL) {
wolfSSL 0:1239e9b70ca2 8082 if ((int)XFREAD(fileBuffer, sz, 1, file) > 0) {
wolfSSL 0:1239e9b70ca2 8083 newX509 = CyaSSL_X509_d2i(NULL, fileBuffer, (int)sz);
wolfSSL 0:1239e9b70ca2 8084 }
wolfSSL 0:1239e9b70ca2 8085 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8086 }
wolfSSL 0:1239e9b70ca2 8087 }
wolfSSL 0:1239e9b70ca2 8088
wolfSSL 0:1239e9b70ca2 8089 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 8090 *x509 = newX509;
wolfSSL 0:1239e9b70ca2 8091
wolfSSL 0:1239e9b70ca2 8092 return newX509;
wolfSSL 0:1239e9b70ca2 8093 }
wolfSSL 0:1239e9b70ca2 8094
wolfSSL 0:1239e9b70ca2 8095 #endif /* NO_STDIO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 8096
wolfSSL 0:1239e9b70ca2 8097 CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
wolfSSL 0:1239e9b70ca2 8098 {
wolfSSL 0:1239e9b70ca2 8099 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 8100 byte* fileBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 8101 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 8102 long sz = 0;
wolfSSL 0:1239e9b70ca2 8103 XFILE file;
wolfSSL 0:1239e9b70ca2 8104 CYASSL_X509* x509 = NULL;
wolfSSL 0:1239e9b70ca2 8105 buffer der;
wolfSSL 0:1239e9b70ca2 8106
wolfSSL 0:1239e9b70ca2 8107 CYASSL_ENTER("CyaSSL_X509_load_certificate");
wolfSSL 0:1239e9b70ca2 8108
wolfSSL 0:1239e9b70ca2 8109 /* Check the inputs */
wolfSSL 0:1239e9b70ca2 8110 if ((fname == NULL) ||
wolfSSL 0:1239e9b70ca2 8111 (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM))
wolfSSL 0:1239e9b70ca2 8112 return NULL;
wolfSSL 0:1239e9b70ca2 8113
wolfSSL 0:1239e9b70ca2 8114 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 8115 if (file == XBADFILE) return NULL;
wolfSSL 0:1239e9b70ca2 8116 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 8117 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 8118 XREWIND(file);
wolfSSL 0:1239e9b70ca2 8119
wolfSSL 0:1239e9b70ca2 8120 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 8121 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8122 if (fileBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 8123 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 8124 return NULL;
wolfSSL 0:1239e9b70ca2 8125 }
wolfSSL 0:1239e9b70ca2 8126 dynamic = 1;
wolfSSL 0:1239e9b70ca2 8127 }
wolfSSL 0:1239e9b70ca2 8128 if ((int)XFREAD(fileBuffer, sz, 1, file) < 0) {
wolfSSL 0:1239e9b70ca2 8129 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 8130 if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8131 return NULL;
wolfSSL 0:1239e9b70ca2 8132 }
wolfSSL 0:1239e9b70ca2 8133 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 8134
wolfSSL 0:1239e9b70ca2 8135 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 8136 der.length = 0;
wolfSSL 0:1239e9b70ca2 8137
wolfSSL 0:1239e9b70ca2 8138 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:1239e9b70ca2 8139 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 8140 int ecc = 0;
wolfSSL 0:1239e9b70ca2 8141
wolfSSL 0:1239e9b70ca2 8142 info.set = 0;
wolfSSL 0:1239e9b70ca2 8143 info.ctx = NULL;
wolfSSL 0:1239e9b70ca2 8144 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 8145
wolfSSL 0:1239e9b70ca2 8146 if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, &info, &ecc) != 0)
wolfSSL 0:1239e9b70ca2 8147 {
wolfSSL 0:1239e9b70ca2 8148 /* Only time this should fail, and leave `der` with a buffer
wolfSSL 0:1239e9b70ca2 8149 is when the Base64 Decode fails. Release `der.buffer` in
wolfSSL 0:1239e9b70ca2 8150 that case. */
wolfSSL 0:1239e9b70ca2 8151 if (der.buffer != NULL) {
wolfSSL 0:1239e9b70ca2 8152 XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 8153 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 8154 }
wolfSSL 0:1239e9b70ca2 8155 }
wolfSSL 0:1239e9b70ca2 8156 }
wolfSSL 0:1239e9b70ca2 8157 else {
wolfSSL 0:1239e9b70ca2 8158 der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 8159 if (der.buffer != NULL) {
wolfSSL 0:1239e9b70ca2 8160 XMEMCPY(der.buffer, fileBuffer, sz);
wolfSSL 0:1239e9b70ca2 8161 der.length = (word32)sz;
wolfSSL 0:1239e9b70ca2 8162 }
wolfSSL 0:1239e9b70ca2 8163 }
wolfSSL 0:1239e9b70ca2 8164 if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8165
wolfSSL 0:1239e9b70ca2 8166 /* At this point we want `der` to have the certificate in DER format */
wolfSSL 0:1239e9b70ca2 8167 /* ready to be decoded. */
wolfSSL 0:1239e9b70ca2 8168 if (der.buffer != NULL) {
wolfSSL 0:1239e9b70ca2 8169 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 8170
wolfSSL 0:1239e9b70ca2 8171 InitDecodedCert(&cert, der.buffer, der.length, NULL);
wolfSSL 0:1239e9b70ca2 8172 if (ParseCertRelative(&cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 0:1239e9b70ca2 8173 x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509),
wolfSSL 0:1239e9b70ca2 8174 NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 8175 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 8176 InitX509(x509, 1);
wolfSSL 0:1239e9b70ca2 8177 if (CopyDecodedToX509(x509, &cert) != 0) {
wolfSSL 0:1239e9b70ca2 8178 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 8179 x509 = NULL;
wolfSSL 0:1239e9b70ca2 8180 }
wolfSSL 0:1239e9b70ca2 8181 }
wolfSSL 0:1239e9b70ca2 8182 }
wolfSSL 0:1239e9b70ca2 8183 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 8184
wolfSSL 0:1239e9b70ca2 8185 XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 8186 }
wolfSSL 0:1239e9b70ca2 8187
wolfSSL 0:1239e9b70ca2 8188 return x509;
wolfSSL 0:1239e9b70ca2 8189 }
wolfSSL 0:1239e9b70ca2 8190
wolfSSL 0:1239e9b70ca2 8191 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 8192
wolfSSL 0:1239e9b70ca2 8193 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
wolfSSL 0:1239e9b70ca2 8194
wolfSSL 0:1239e9b70ca2 8195
wolfSSL 0:1239e9b70ca2 8196 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 8197 int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
wolfSSL 0:1239e9b70ca2 8198 {
wolfSSL 0:1239e9b70ca2 8199 #ifdef FORTRESS
wolfSSL 0:1239e9b70ca2 8200 if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL 0:1239e9b70ca2 8201 {
wolfSSL 0:1239e9b70ca2 8202 ssl->ex_data[idx] = data;
wolfSSL 0:1239e9b70ca2 8203 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 8204 }
wolfSSL 0:1239e9b70ca2 8205 #else
wolfSSL 0:1239e9b70ca2 8206 (void)ssl;
wolfSSL 0:1239e9b70ca2 8207 (void)idx;
wolfSSL 0:1239e9b70ca2 8208 (void)data;
wolfSSL 0:1239e9b70ca2 8209 #endif
wolfSSL 0:1239e9b70ca2 8210 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 8211 }
wolfSSL 0:1239e9b70ca2 8212
wolfSSL 0:1239e9b70ca2 8213
wolfSSL 0:1239e9b70ca2 8214 int CyaSSL_set_session_id_context(CYASSL* ssl, const unsigned char* id,
wolfSSL 0:1239e9b70ca2 8215 unsigned int len)
wolfSSL 0:1239e9b70ca2 8216 {
wolfSSL 0:1239e9b70ca2 8217 (void)ssl;
wolfSSL 0:1239e9b70ca2 8218 (void)id;
wolfSSL 0:1239e9b70ca2 8219 (void)len;
wolfSSL 0:1239e9b70ca2 8220 return 0;
wolfSSL 0:1239e9b70ca2 8221 }
wolfSSL 0:1239e9b70ca2 8222
wolfSSL 0:1239e9b70ca2 8223
wolfSSL 0:1239e9b70ca2 8224 void CyaSSL_set_connect_state(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8225 {
wolfSSL 0:1239e9b70ca2 8226 (void)ssl;
wolfSSL 0:1239e9b70ca2 8227 /* client by default */
wolfSSL 0:1239e9b70ca2 8228 }
wolfSSL 0:1239e9b70ca2 8229 #endif
wolfSSL 0:1239e9b70ca2 8230
wolfSSL 0:1239e9b70ca2 8231 int CyaSSL_get_shutdown(const CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8232 {
wolfSSL 0:1239e9b70ca2 8233 return (ssl->options.isClosed ||
wolfSSL 0:1239e9b70ca2 8234 ssl->options.connReset ||
wolfSSL 0:1239e9b70ca2 8235 ssl->options.sentNotify);
wolfSSL 0:1239e9b70ca2 8236 }
wolfSSL 0:1239e9b70ca2 8237
wolfSSL 0:1239e9b70ca2 8238
wolfSSL 0:1239e9b70ca2 8239 int CyaSSL_session_reused(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8240 {
wolfSSL 0:1239e9b70ca2 8241 return ssl->options.resuming;
wolfSSL 0:1239e9b70ca2 8242 }
wolfSSL 0:1239e9b70ca2 8243
wolfSSL 0:1239e9b70ca2 8244 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 8245 void CyaSSL_SESSION_free(CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 8246 {
wolfSSL 0:1239e9b70ca2 8247 (void)session;
wolfSSL 0:1239e9b70ca2 8248 }
wolfSSL 0:1239e9b70ca2 8249 #endif
wolfSSL 0:1239e9b70ca2 8250
wolfSSL 0:1239e9b70ca2 8251 const char* CyaSSL_get_version(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8252 {
wolfSSL 0:1239e9b70ca2 8253 CYASSL_ENTER("SSL_get_version");
wolfSSL 0:1239e9b70ca2 8254 if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL 0:1239e9b70ca2 8255 switch (ssl->version.minor) {
wolfSSL 0:1239e9b70ca2 8256 case SSLv3_MINOR :
wolfSSL 0:1239e9b70ca2 8257 return "SSLv3";
wolfSSL 0:1239e9b70ca2 8258 case TLSv1_MINOR :
wolfSSL 0:1239e9b70ca2 8259 return "TLSv1";
wolfSSL 0:1239e9b70ca2 8260 case TLSv1_1_MINOR :
wolfSSL 0:1239e9b70ca2 8261 return "TLSv1.1";
wolfSSL 0:1239e9b70ca2 8262 case TLSv1_2_MINOR :
wolfSSL 0:1239e9b70ca2 8263 return "TLSv1.2";
wolfSSL 0:1239e9b70ca2 8264 default:
wolfSSL 0:1239e9b70ca2 8265 return "unknown";
wolfSSL 0:1239e9b70ca2 8266 }
wolfSSL 0:1239e9b70ca2 8267 }
wolfSSL 0:1239e9b70ca2 8268 else if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 0:1239e9b70ca2 8269 switch (ssl->version.minor) {
wolfSSL 0:1239e9b70ca2 8270 case DTLS_MINOR :
wolfSSL 0:1239e9b70ca2 8271 return "DTLS";
wolfSSL 0:1239e9b70ca2 8272 case DTLSv1_2_MINOR :
wolfSSL 0:1239e9b70ca2 8273 return "DTLSv1.2";
wolfSSL 0:1239e9b70ca2 8274 default:
wolfSSL 0:1239e9b70ca2 8275 return "unknown";
wolfSSL 0:1239e9b70ca2 8276 }
wolfSSL 0:1239e9b70ca2 8277 }
wolfSSL 0:1239e9b70ca2 8278 return "unknown";
wolfSSL 0:1239e9b70ca2 8279 }
wolfSSL 0:1239e9b70ca2 8280
wolfSSL 0:1239e9b70ca2 8281 int CyaSSL_get_current_cipher_suite(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8282 {
wolfSSL 0:1239e9b70ca2 8283 CYASSL_ENTER("SSL_get_current_cipher_suite");
wolfSSL 0:1239e9b70ca2 8284 if (ssl)
wolfSSL 0:1239e9b70ca2 8285 return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
wolfSSL 0:1239e9b70ca2 8286 return 0;
wolfSSL 0:1239e9b70ca2 8287 }
wolfSSL 0:1239e9b70ca2 8288
wolfSSL 0:1239e9b70ca2 8289 CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8290 {
wolfSSL 0:1239e9b70ca2 8291 CYASSL_ENTER("SSL_get_current_cipher");
wolfSSL 0:1239e9b70ca2 8292 if (ssl)
wolfSSL 0:1239e9b70ca2 8293 return &ssl->cipher;
wolfSSL 0:1239e9b70ca2 8294 else
wolfSSL 0:1239e9b70ca2 8295 return NULL;
wolfSSL 0:1239e9b70ca2 8296 }
wolfSSL 0:1239e9b70ca2 8297
wolfSSL 0:1239e9b70ca2 8298
wolfSSL 0:1239e9b70ca2 8299 const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher)
wolfSSL 0:1239e9b70ca2 8300 {
wolfSSL 0:1239e9b70ca2 8301 (void)cipher;
wolfSSL 0:1239e9b70ca2 8302
wolfSSL 0:1239e9b70ca2 8303 CYASSL_ENTER("SSL_CIPHER_get_name");
wolfSSL 0:1239e9b70ca2 8304 #ifndef NO_ERROR_STRINGS
wolfSSL 0:1239e9b70ca2 8305 if (cipher) {
wolfSSL 0:1239e9b70ca2 8306 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 8307 if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
wolfSSL 0:1239e9b70ca2 8308 /* ECC suites */
wolfSSL 0:1239e9b70ca2 8309 switch (cipher->ssl->options.cipherSuite) {
wolfSSL 0:1239e9b70ca2 8310 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8311 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8312 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8313 #endif
wolfSSL 0:1239e9b70ca2 8314 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8315 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8316 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8317 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8318 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8319 #endif
wolfSSL 0:1239e9b70ca2 8320 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8321 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8322 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8323 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:1239e9b70ca2 8324 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:1239e9b70ca2 8325 #endif
wolfSSL 0:1239e9b70ca2 8326 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:1239e9b70ca2 8327 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:1239e9b70ca2 8328 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8329 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:1239e9b70ca2 8330 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:1239e9b70ca2 8331 #endif
wolfSSL 0:1239e9b70ca2 8332 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:1239e9b70ca2 8333 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:1239e9b70ca2 8334 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8335 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8336 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8337 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8338 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8339 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8340 #endif
wolfSSL 0:1239e9b70ca2 8341 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8342 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8343 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8344 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8345 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 8346 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8347 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8348 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8349 #endif
wolfSSL 0:1239e9b70ca2 8350 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8351 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8352 #endif
wolfSSL 0:1239e9b70ca2 8353 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 8354 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8355 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8356 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8357 #endif
wolfSSL 0:1239e9b70ca2 8358 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8359 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8360 #endif
wolfSSL 0:1239e9b70ca2 8361
wolfSSL 0:1239e9b70ca2 8362 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8363 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8364 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8365 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8366 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8367 #endif
wolfSSL 0:1239e9b70ca2 8368 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8369 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8370 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8371 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8372 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 8373 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8374 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8375 return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8376 #endif
wolfSSL 0:1239e9b70ca2 8377 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8378 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8379 #endif
wolfSSL 0:1239e9b70ca2 8380 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 8381 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8382 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8383 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8384 #endif
wolfSSL 0:1239e9b70ca2 8385 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8386 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8387 #endif
wolfSSL 0:1239e9b70ca2 8388 #endif /* NO_SHA */
wolfSSL 0:1239e9b70ca2 8389
wolfSSL 0:1239e9b70ca2 8390 #ifdef HAVE_AESGCM
wolfSSL 0:1239e9b70ca2 8391 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8392 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8393 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8394 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8395 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8396 #endif
wolfSSL 0:1239e9b70ca2 8397 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8398 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8399 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8400 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8401 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8402 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8403 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8404 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8405 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8406 #endif
wolfSSL 0:1239e9b70ca2 8407 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8408 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8409 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8410 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8411 #endif
wolfSSL 0:1239e9b70ca2 8412
wolfSSL 0:1239e9b70ca2 8413 #ifdef HAVE_AESCCM
wolfSSL 0:1239e9b70ca2 8414 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8415 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 0:1239e9b70ca2 8416 return "TLS_RSA_WITH_AES_128_CCM_8";
wolfSSL 0:1239e9b70ca2 8417 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 0:1239e9b70ca2 8418 return "TLS_RSA_WITH_AES_256_CCM_8";
wolfSSL 0:1239e9b70ca2 8419 #endif
wolfSSL 0:1239e9b70ca2 8420 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 0:1239e9b70ca2 8421 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
wolfSSL 0:1239e9b70ca2 8422 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 0:1239e9b70ca2 8423 return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
wolfSSL 0:1239e9b70ca2 8424 #endif
wolfSSL 0:1239e9b70ca2 8425
wolfSSL 0:1239e9b70ca2 8426 default:
wolfSSL 0:1239e9b70ca2 8427 return "NONE";
wolfSSL 0:1239e9b70ca2 8428 }
wolfSSL 0:1239e9b70ca2 8429 }
wolfSSL 0:1239e9b70ca2 8430 #endif /* ECC */
wolfSSL 0:1239e9b70ca2 8431 if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) {
wolfSSL 0:1239e9b70ca2 8432 /* normal suites */
wolfSSL 0:1239e9b70ca2 8433 switch (cipher->ssl->options.cipherSuite) {
wolfSSL 0:1239e9b70ca2 8434 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8435 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 8436 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8437 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8438 return "SSL_RSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8439 #endif
wolfSSL 0:1239e9b70ca2 8440 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 8441 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 0:1239e9b70ca2 8442 return "SSL_RSA_WITH_RC4_128_MD5";
wolfSSL 0:1239e9b70ca2 8443 #endif
wolfSSL 0:1239e9b70ca2 8444 #endif
wolfSSL 0:1239e9b70ca2 8445 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8446 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 8447 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8448 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8449 #endif
wolfSSL 0:1239e9b70ca2 8450 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8451 return "TLS_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8452 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8453 return "TLS_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8454 #endif
wolfSSL 0:1239e9b70ca2 8455 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8456 return "TLS_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8457 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8458 return "TLS_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8459 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 8460 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 0:1239e9b70ca2 8461 return "TLS_RSA_WITH_AES_128_CBC_B2B256";
wolfSSL 0:1239e9b70ca2 8462 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 0:1239e9b70ca2 8463 return "TLS_RSA_WITH_AES_256_CBC_B2B256";
wolfSSL 0:1239e9b70ca2 8464 #endif
wolfSSL 0:1239e9b70ca2 8465 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8466 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 0:1239e9b70ca2 8467 return "TLS_RSA_WITH_NULL_SHA";
wolfSSL 0:1239e9b70ca2 8468 #endif
wolfSSL 0:1239e9b70ca2 8469 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 0:1239e9b70ca2 8470 return "TLS_RSA_WITH_NULL_SHA256";
wolfSSL 0:1239e9b70ca2 8471 #endif /* NO_RSA */
wolfSSL 0:1239e9b70ca2 8472 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 8473 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8474 return "TLS_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8475 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8476 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8477 return "TLS_PSK_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8478 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8479 return "TLS_PSK_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8480 #endif
wolfSSL 0:1239e9b70ca2 8481 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 8482 #ifdef HAVE_AESCCM
wolfSSL 0:1239e9b70ca2 8483 case TLS_PSK_WITH_AES_128_CCM_8 :
wolfSSL 0:1239e9b70ca2 8484 return "TLS_PSK_WITH_AES_128_CCM_8";
wolfSSL 0:1239e9b70ca2 8485 case TLS_PSK_WITH_AES_256_CCM_8 :
wolfSSL 0:1239e9b70ca2 8486 return "TLS_PSK_WITH_AES_256_CCM_8";
wolfSSL 0:1239e9b70ca2 8487 #endif
wolfSSL 0:1239e9b70ca2 8488 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 0:1239e9b70ca2 8489 return "TLS_PSK_WITH_NULL_SHA256";
wolfSSL 0:1239e9b70ca2 8490 #endif
wolfSSL 0:1239e9b70ca2 8491 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8492 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 0:1239e9b70ca2 8493 return "TLS_PSK_WITH_NULL_SHA";
wolfSSL 0:1239e9b70ca2 8494 #endif
wolfSSL 0:1239e9b70ca2 8495 #endif /* NO_PSK */
wolfSSL 0:1239e9b70ca2 8496 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8497 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8498 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8499 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8500 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8501 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8502 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8503 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8504 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8505 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8506 #endif
wolfSSL 0:1239e9b70ca2 8507 #ifndef NO_HC128
wolfSSL 0:1239e9b70ca2 8508 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 8509 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 0:1239e9b70ca2 8510 return "TLS_RSA_WITH_HC_128_MD5";
wolfSSL 0:1239e9b70ca2 8511 #endif
wolfSSL 0:1239e9b70ca2 8512 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8513 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 0:1239e9b70ca2 8514 return "TLS_RSA_WITH_HC_128_SHA";
wolfSSL 0:1239e9b70ca2 8515 #endif
wolfSSL 0:1239e9b70ca2 8516 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 8517 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 0:1239e9b70ca2 8518 return "TLS_RSA_WITH_HC_128_B2B256";
wolfSSL 0:1239e9b70ca2 8519 #endif
wolfSSL 0:1239e9b70ca2 8520 #endif /* NO_HC128 */
wolfSSL 0:1239e9b70ca2 8521 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8522 #ifndef NO_RABBIT
wolfSSL 0:1239e9b70ca2 8523 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 0:1239e9b70ca2 8524 return "TLS_RSA_WITH_RABBIT_SHA";
wolfSSL 0:1239e9b70ca2 8525 #endif
wolfSSL 0:1239e9b70ca2 8526 #ifdef HAVE_NTRU
wolfSSL 0:1239e9b70ca2 8527 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 8528 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8529 return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8530 #endif
wolfSSL 0:1239e9b70ca2 8531 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 8532 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8533 return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8534 #endif
wolfSSL 0:1239e9b70ca2 8535 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8536 return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8537 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8538 return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8539 #endif /* HAVE_NTRU */
wolfSSL 0:1239e9b70ca2 8540 #endif /* NO_SHA */
wolfSSL 0:1239e9b70ca2 8541 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8542 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8543 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8544 return "TLS_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8545 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8546 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8547 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8548 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8549 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8550 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8551 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8552 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8553 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8554 #endif
wolfSSL 0:1239e9b70ca2 8555 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8556 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8557 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8558 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8559 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8560 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8561 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8562 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8563 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8564 #endif
wolfSSL 0:1239e9b70ca2 8565 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8566 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8567 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8568 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8569 #endif /* NO_RSA */
wolfSSL 0:1239e9b70ca2 8570 default:
wolfSSL 0:1239e9b70ca2 8571 return "NONE";
wolfSSL 0:1239e9b70ca2 8572 } /* switch */
wolfSSL 0:1239e9b70ca2 8573 } /* normal / ECC */
wolfSSL 0:1239e9b70ca2 8574 }
wolfSSL 0:1239e9b70ca2 8575 #endif /* NO_ERROR_STRINGS */
wolfSSL 0:1239e9b70ca2 8576 return "NONE";
wolfSSL 0:1239e9b70ca2 8577 }
wolfSSL 0:1239e9b70ca2 8578
wolfSSL 0:1239e9b70ca2 8579
wolfSSL 0:1239e9b70ca2 8580 const char* CyaSSL_get_cipher(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8581 {
wolfSSL 0:1239e9b70ca2 8582 CYASSL_ENTER("CyaSSL_get_cipher");
wolfSSL 0:1239e9b70ca2 8583 return CyaSSL_CIPHER_get_name(CyaSSL_get_current_cipher(ssl));
wolfSSL 0:1239e9b70ca2 8584 }
wolfSSL 0:1239e9b70ca2 8585
wolfSSL 0:1239e9b70ca2 8586 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 8587
wolfSSL 0:1239e9b70ca2 8588 /* XXX shuld be NO_DH */
wolfSSL 0:1239e9b70ca2 8589 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 8590 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 8591 int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
wolfSSL 0:1239e9b70ca2 8592 const unsigned char* g, int gSz)
wolfSSL 0:1239e9b70ca2 8593 {
wolfSSL 0:1239e9b70ca2 8594 CYASSL_ENTER("CyaSSL_CTX_SetTmpDH");
wolfSSL 0:1239e9b70ca2 8595 if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 8596
wolfSSL 0:1239e9b70ca2 8597 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8598 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8599
wolfSSL 0:1239e9b70ca2 8600 ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8601 if (ctx->serverDH_P.buffer == NULL)
wolfSSL 0:1239e9b70ca2 8602 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 8603
wolfSSL 0:1239e9b70ca2 8604 ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8605 if (ctx->serverDH_G.buffer == NULL) {
wolfSSL 0:1239e9b70ca2 8606 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8607 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 8608 }
wolfSSL 0:1239e9b70ca2 8609
wolfSSL 0:1239e9b70ca2 8610 ctx->serverDH_P.length = pSz;
wolfSSL 0:1239e9b70ca2 8611 ctx->serverDH_G.length = gSz;
wolfSSL 0:1239e9b70ca2 8612
wolfSSL 0:1239e9b70ca2 8613 XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
wolfSSL 0:1239e9b70ca2 8614 XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
wolfSSL 0:1239e9b70ca2 8615
wolfSSL 0:1239e9b70ca2 8616 ctx->haveDH = 1;
wolfSSL 0:1239e9b70ca2 8617
wolfSSL 0:1239e9b70ca2 8618 CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
wolfSSL 0:1239e9b70ca2 8619 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 8620 }
wolfSSL 0:1239e9b70ca2 8621 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 8622
wolfSSL 0:1239e9b70ca2 8623
wolfSSL 0:1239e9b70ca2 8624 char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len)
wolfSSL 0:1239e9b70ca2 8625 {
wolfSSL 0:1239e9b70ca2 8626 (void)cipher;
wolfSSL 0:1239e9b70ca2 8627 (void)in;
wolfSSL 0:1239e9b70ca2 8628 (void)len;
wolfSSL 0:1239e9b70ca2 8629 return 0;
wolfSSL 0:1239e9b70ca2 8630 }
wolfSSL 0:1239e9b70ca2 8631
wolfSSL 0:1239e9b70ca2 8632
wolfSSL 0:1239e9b70ca2 8633 CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl) /* what's ref count */
wolfSSL 0:1239e9b70ca2 8634 {
wolfSSL 0:1239e9b70ca2 8635 (void)ssl;
wolfSSL 0:1239e9b70ca2 8636 return 0;
wolfSSL 0:1239e9b70ca2 8637 }
wolfSSL 0:1239e9b70ca2 8638
wolfSSL 0:1239e9b70ca2 8639
wolfSSL 0:1239e9b70ca2 8640 void CyaSSL_X509_free(CYASSL_X509* buf)
wolfSSL 0:1239e9b70ca2 8641 {
wolfSSL 0:1239e9b70ca2 8642 (void)buf;
wolfSSL 0:1239e9b70ca2 8643 }
wolfSSL 0:1239e9b70ca2 8644
wolfSSL 0:1239e9b70ca2 8645
wolfSSL 0:1239e9b70ca2 8646 /* was do nothing */
wolfSSL 0:1239e9b70ca2 8647 /*
wolfSSL 0:1239e9b70ca2 8648 void OPENSSL_free(void* buf)
wolfSSL 0:1239e9b70ca2 8649 {
wolfSSL 0:1239e9b70ca2 8650 (void)buf;
wolfSSL 0:1239e9b70ca2 8651 }
wolfSSL 0:1239e9b70ca2 8652 */
wolfSSL 0:1239e9b70ca2 8653
wolfSSL 0:1239e9b70ca2 8654
wolfSSL 0:1239e9b70ca2 8655 int CyaSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
wolfSSL 0:1239e9b70ca2 8656 int* ssl)
wolfSSL 0:1239e9b70ca2 8657 {
wolfSSL 0:1239e9b70ca2 8658 (void)url;
wolfSSL 0:1239e9b70ca2 8659 (void)host;
wolfSSL 0:1239e9b70ca2 8660 (void)port;
wolfSSL 0:1239e9b70ca2 8661 (void)path;
wolfSSL 0:1239e9b70ca2 8662 (void)ssl;
wolfSSL 0:1239e9b70ca2 8663 return 0;
wolfSSL 0:1239e9b70ca2 8664 }
wolfSSL 0:1239e9b70ca2 8665
wolfSSL 0:1239e9b70ca2 8666
wolfSSL 0:1239e9b70ca2 8667 CYASSL_METHOD* CyaSSLv2_client_method(void)
wolfSSL 0:1239e9b70ca2 8668 {
wolfSSL 0:1239e9b70ca2 8669 return 0;
wolfSSL 0:1239e9b70ca2 8670 }
wolfSSL 0:1239e9b70ca2 8671
wolfSSL 0:1239e9b70ca2 8672
wolfSSL 0:1239e9b70ca2 8673 CYASSL_METHOD* CyaSSLv2_server_method(void)
wolfSSL 0:1239e9b70ca2 8674 {
wolfSSL 0:1239e9b70ca2 8675 return 0;
wolfSSL 0:1239e9b70ca2 8676 }
wolfSSL 0:1239e9b70ca2 8677
wolfSSL 0:1239e9b70ca2 8678
wolfSSL 0:1239e9b70ca2 8679 #ifndef NO_MD4
wolfSSL 0:1239e9b70ca2 8680
wolfSSL 0:1239e9b70ca2 8681 void CyaSSL_MD4_Init(CYASSL_MD4_CTX* md4)
wolfSSL 0:1239e9b70ca2 8682 {
wolfSSL 0:1239e9b70ca2 8683 /* make sure we have a big enough buffer */
wolfSSL 0:1239e9b70ca2 8684 typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 8685 (void) sizeof(ok);
wolfSSL 0:1239e9b70ca2 8686
wolfSSL 0:1239e9b70ca2 8687 CYASSL_ENTER("MD4_Init");
wolfSSL 0:1239e9b70ca2 8688 InitMd4((Md4*)md4);
wolfSSL 0:1239e9b70ca2 8689 }
wolfSSL 0:1239e9b70ca2 8690
wolfSSL 0:1239e9b70ca2 8691
wolfSSL 0:1239e9b70ca2 8692 void CyaSSL_MD4_Update(CYASSL_MD4_CTX* md4, const void* data,
wolfSSL 0:1239e9b70ca2 8693 unsigned long len)
wolfSSL 0:1239e9b70ca2 8694 {
wolfSSL 0:1239e9b70ca2 8695 CYASSL_ENTER("MD4_Update");
wolfSSL 0:1239e9b70ca2 8696 Md4Update((Md4*)md4, (const byte*)data, (word32)len);
wolfSSL 0:1239e9b70ca2 8697 }
wolfSSL 0:1239e9b70ca2 8698
wolfSSL 0:1239e9b70ca2 8699
wolfSSL 0:1239e9b70ca2 8700 void CyaSSL_MD4_Final(unsigned char* digest, CYASSL_MD4_CTX* md4)
wolfSSL 0:1239e9b70ca2 8701 {
wolfSSL 0:1239e9b70ca2 8702 CYASSL_ENTER("MD4_Final");
wolfSSL 0:1239e9b70ca2 8703 Md4Final((Md4*)md4, digest);
wolfSSL 0:1239e9b70ca2 8704 }
wolfSSL 0:1239e9b70ca2 8705
wolfSSL 0:1239e9b70ca2 8706 #endif /* NO_MD4 */
wolfSSL 0:1239e9b70ca2 8707
wolfSSL 0:1239e9b70ca2 8708
wolfSSL 0:1239e9b70ca2 8709 CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO* top)
wolfSSL 0:1239e9b70ca2 8710 {
wolfSSL 0:1239e9b70ca2 8711 (void)top;
wolfSSL 0:1239e9b70ca2 8712 return 0;
wolfSSL 0:1239e9b70ca2 8713 }
wolfSSL 0:1239e9b70ca2 8714
wolfSSL 0:1239e9b70ca2 8715
wolfSSL 0:1239e9b70ca2 8716 int CyaSSL_BIO_pending(CYASSL_BIO* bio)
wolfSSL 0:1239e9b70ca2 8717 {
wolfSSL 0:1239e9b70ca2 8718 (void)bio;
wolfSSL 0:1239e9b70ca2 8719 return 0;
wolfSSL 0:1239e9b70ca2 8720 }
wolfSSL 0:1239e9b70ca2 8721
wolfSSL 0:1239e9b70ca2 8722
wolfSSL 0:1239e9b70ca2 8723
wolfSSL 0:1239e9b70ca2 8724 CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void)
wolfSSL 0:1239e9b70ca2 8725 {
wolfSSL 0:1239e9b70ca2 8726 static CYASSL_BIO_METHOD meth;
wolfSSL 0:1239e9b70ca2 8727
wolfSSL 0:1239e9b70ca2 8728 CYASSL_ENTER("BIO_s_mem");
wolfSSL 0:1239e9b70ca2 8729 meth.type = BIO_MEMORY;
wolfSSL 0:1239e9b70ca2 8730
wolfSSL 0:1239e9b70ca2 8731 return &meth;
wolfSSL 0:1239e9b70ca2 8732 }
wolfSSL 0:1239e9b70ca2 8733
wolfSSL 0:1239e9b70ca2 8734
wolfSSL 0:1239e9b70ca2 8735 CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void)
wolfSSL 0:1239e9b70ca2 8736 {
wolfSSL 0:1239e9b70ca2 8737 return 0;
wolfSSL 0:1239e9b70ca2 8738 }
wolfSSL 0:1239e9b70ca2 8739
wolfSSL 0:1239e9b70ca2 8740
wolfSSL 0:1239e9b70ca2 8741 void CyaSSL_BIO_set_flags(CYASSL_BIO* bio, int flags)
wolfSSL 0:1239e9b70ca2 8742 {
wolfSSL 0:1239e9b70ca2 8743 (void)bio;
wolfSSL 0:1239e9b70ca2 8744 (void)flags;
wolfSSL 0:1239e9b70ca2 8745 }
wolfSSL 0:1239e9b70ca2 8746
wolfSSL 0:1239e9b70ca2 8747
wolfSSL 0:1239e9b70ca2 8748
wolfSSL 0:1239e9b70ca2 8749 void CyaSSL_RAND_screen(void)
wolfSSL 0:1239e9b70ca2 8750 {
wolfSSL 0:1239e9b70ca2 8751
wolfSSL 0:1239e9b70ca2 8752 }
wolfSSL 0:1239e9b70ca2 8753
wolfSSL 0:1239e9b70ca2 8754
wolfSSL 0:1239e9b70ca2 8755 const char* CyaSSL_RAND_file_name(char* fname, unsigned long len)
wolfSSL 0:1239e9b70ca2 8756 {
wolfSSL 0:1239e9b70ca2 8757 (void)fname;
wolfSSL 0:1239e9b70ca2 8758 (void)len;
wolfSSL 0:1239e9b70ca2 8759 return 0;
wolfSSL 0:1239e9b70ca2 8760 }
wolfSSL 0:1239e9b70ca2 8761
wolfSSL 0:1239e9b70ca2 8762
wolfSSL 0:1239e9b70ca2 8763 int CyaSSL_RAND_write_file(const char* fname)
wolfSSL 0:1239e9b70ca2 8764 {
wolfSSL 0:1239e9b70ca2 8765 (void)fname;
wolfSSL 0:1239e9b70ca2 8766 return 0;
wolfSSL 0:1239e9b70ca2 8767 }
wolfSSL 0:1239e9b70ca2 8768
wolfSSL 0:1239e9b70ca2 8769
wolfSSL 0:1239e9b70ca2 8770 int CyaSSL_RAND_load_file(const char* fname, long len)
wolfSSL 0:1239e9b70ca2 8771 {
wolfSSL 0:1239e9b70ca2 8772 (void)fname;
wolfSSL 0:1239e9b70ca2 8773 /* CTaoCrypt provides enough entropy internally or will report error */
wolfSSL 0:1239e9b70ca2 8774 if (len == -1)
wolfSSL 0:1239e9b70ca2 8775 return 1024;
wolfSSL 0:1239e9b70ca2 8776 else
wolfSSL 0:1239e9b70ca2 8777 return (int)len;
wolfSSL 0:1239e9b70ca2 8778 }
wolfSSL 0:1239e9b70ca2 8779
wolfSSL 0:1239e9b70ca2 8780
wolfSSL 0:1239e9b70ca2 8781 int CyaSSL_RAND_egd(const char* path)
wolfSSL 0:1239e9b70ca2 8782 {
wolfSSL 0:1239e9b70ca2 8783 (void)path;
wolfSSL 0:1239e9b70ca2 8784 return 0;
wolfSSL 0:1239e9b70ca2 8785 }
wolfSSL 0:1239e9b70ca2 8786
wolfSSL 0:1239e9b70ca2 8787
wolfSSL 0:1239e9b70ca2 8788
wolfSSL 0:1239e9b70ca2 8789 CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void)
wolfSSL 0:1239e9b70ca2 8790 {
wolfSSL 0:1239e9b70ca2 8791 return 0;
wolfSSL 0:1239e9b70ca2 8792 }
wolfSSL 0:1239e9b70ca2 8793
wolfSSL 0:1239e9b70ca2 8794
wolfSSL 0:1239e9b70ca2 8795 CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void)
wolfSSL 0:1239e9b70ca2 8796 {
wolfSSL 0:1239e9b70ca2 8797 return 0;
wolfSSL 0:1239e9b70ca2 8798 }
wolfSSL 0:1239e9b70ca2 8799
wolfSSL 0:1239e9b70ca2 8800
wolfSSL 0:1239e9b70ca2 8801 int CyaSSL_COMP_add_compression_method(int method, void* data)
wolfSSL 0:1239e9b70ca2 8802 {
wolfSSL 0:1239e9b70ca2 8803 (void)method;
wolfSSL 0:1239e9b70ca2 8804 (void)data;
wolfSSL 0:1239e9b70ca2 8805 return 0;
wolfSSL 0:1239e9b70ca2 8806 }
wolfSSL 0:1239e9b70ca2 8807
wolfSSL 0:1239e9b70ca2 8808
wolfSSL 0:1239e9b70ca2 8809
wolfSSL 0:1239e9b70ca2 8810 int CyaSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
wolfSSL 0:1239e9b70ca2 8811 void* cb3)
wolfSSL 0:1239e9b70ca2 8812 {
wolfSSL 0:1239e9b70ca2 8813 (void)idx;
wolfSSL 0:1239e9b70ca2 8814 (void)data;
wolfSSL 0:1239e9b70ca2 8815 (void)cb1;
wolfSSL 0:1239e9b70ca2 8816 (void)cb2;
wolfSSL 0:1239e9b70ca2 8817 (void)cb3;
wolfSSL 0:1239e9b70ca2 8818 return 0;
wolfSSL 0:1239e9b70ca2 8819 }
wolfSSL 0:1239e9b70ca2 8820
wolfSSL 0:1239e9b70ca2 8821
wolfSSL 0:1239e9b70ca2 8822 void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f)(
wolfSSL 0:1239e9b70ca2 8823 const char*, int))
wolfSSL 0:1239e9b70ca2 8824 {
wolfSSL 0:1239e9b70ca2 8825 (void)f;
wolfSSL 0:1239e9b70ca2 8826 }
wolfSSL 0:1239e9b70ca2 8827
wolfSSL 0:1239e9b70ca2 8828
wolfSSL 0:1239e9b70ca2 8829 void CyaSSL_set_dynlock_lock_callback(
wolfSSL 0:1239e9b70ca2 8830 void (*f)(int, CYASSL_dynlock_value*, const char*, int))
wolfSSL 0:1239e9b70ca2 8831 {
wolfSSL 0:1239e9b70ca2 8832 (void)f;
wolfSSL 0:1239e9b70ca2 8833 }
wolfSSL 0:1239e9b70ca2 8834
wolfSSL 0:1239e9b70ca2 8835
wolfSSL 0:1239e9b70ca2 8836 void CyaSSL_set_dynlock_destroy_callback(
wolfSSL 0:1239e9b70ca2 8837 void (*f)(CYASSL_dynlock_value*, const char*, int))
wolfSSL 0:1239e9b70ca2 8838 {
wolfSSL 0:1239e9b70ca2 8839 (void)f;
wolfSSL 0:1239e9b70ca2 8840 }
wolfSSL 0:1239e9b70ca2 8841
wolfSSL 0:1239e9b70ca2 8842
wolfSSL 0:1239e9b70ca2 8843
wolfSSL 0:1239e9b70ca2 8844 const char* CyaSSL_X509_verify_cert_error_string(long err)
wolfSSL 0:1239e9b70ca2 8845 {
wolfSSL 0:1239e9b70ca2 8846 (void)err;
wolfSSL 0:1239e9b70ca2 8847 return 0;
wolfSSL 0:1239e9b70ca2 8848 }
wolfSSL 0:1239e9b70ca2 8849
wolfSSL 0:1239e9b70ca2 8850
wolfSSL 0:1239e9b70ca2 8851
wolfSSL 0:1239e9b70ca2 8852 int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP* lookup, const char* dir,
wolfSSL 0:1239e9b70ca2 8853 long len)
wolfSSL 0:1239e9b70ca2 8854 {
wolfSSL 0:1239e9b70ca2 8855 (void)lookup;
wolfSSL 0:1239e9b70ca2 8856 (void)dir;
wolfSSL 0:1239e9b70ca2 8857 (void)len;
wolfSSL 0:1239e9b70ca2 8858 return 0;
wolfSSL 0:1239e9b70ca2 8859 }
wolfSSL 0:1239e9b70ca2 8860
wolfSSL 0:1239e9b70ca2 8861
wolfSSL 0:1239e9b70ca2 8862 int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP* lookup,
wolfSSL 0:1239e9b70ca2 8863 const char* file, long len)
wolfSSL 0:1239e9b70ca2 8864 {
wolfSSL 0:1239e9b70ca2 8865 (void)lookup;
wolfSSL 0:1239e9b70ca2 8866 (void)file;
wolfSSL 0:1239e9b70ca2 8867 (void)len;
wolfSSL 0:1239e9b70ca2 8868 return 0;
wolfSSL 0:1239e9b70ca2 8869 }
wolfSSL 0:1239e9b70ca2 8870
wolfSSL 0:1239e9b70ca2 8871
wolfSSL 0:1239e9b70ca2 8872 CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void)
wolfSSL 0:1239e9b70ca2 8873 {
wolfSSL 0:1239e9b70ca2 8874 return 0;
wolfSSL 0:1239e9b70ca2 8875 }
wolfSSL 0:1239e9b70ca2 8876
wolfSSL 0:1239e9b70ca2 8877
wolfSSL 0:1239e9b70ca2 8878 CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void)
wolfSSL 0:1239e9b70ca2 8879 {
wolfSSL 0:1239e9b70ca2 8880 return 0;
wolfSSL 0:1239e9b70ca2 8881 }
wolfSSL 0:1239e9b70ca2 8882
wolfSSL 0:1239e9b70ca2 8883
wolfSSL 0:1239e9b70ca2 8884
wolfSSL 0:1239e9b70ca2 8885 CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE* store,
wolfSSL 0:1239e9b70ca2 8886 CYASSL_X509_LOOKUP_METHOD* m)
wolfSSL 0:1239e9b70ca2 8887 {
wolfSSL 0:1239e9b70ca2 8888 (void)store;
wolfSSL 0:1239e9b70ca2 8889 (void)m;
wolfSSL 0:1239e9b70ca2 8890 return 0;
wolfSSL 0:1239e9b70ca2 8891 }
wolfSSL 0:1239e9b70ca2 8892
wolfSSL 0:1239e9b70ca2 8893
wolfSSL 0:1239e9b70ca2 8894 int CyaSSL_X509_STORE_add_cert(CYASSL_X509_STORE* store, CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 8895 {
wolfSSL 0:1239e9b70ca2 8896 int result = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 8897
wolfSSL 0:1239e9b70ca2 8898 CYASSL_ENTER("CyaSSL_X509_STORE_add_cert");
wolfSSL 0:1239e9b70ca2 8899 if (store != NULL && store->cm != NULL && x509 != NULL) {
wolfSSL 0:1239e9b70ca2 8900 buffer derCert;
wolfSSL 0:1239e9b70ca2 8901 derCert.buffer = (byte*)XMALLOC(x509->derCert.length,
wolfSSL 0:1239e9b70ca2 8902 NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 8903 if (derCert.buffer != NULL) {
wolfSSL 0:1239e9b70ca2 8904 derCert.length = x509->derCert.length;
wolfSSL 0:1239e9b70ca2 8905 // AddCA() frees the buffer.
wolfSSL 0:1239e9b70ca2 8906 XMEMCPY(derCert.buffer,
wolfSSL 0:1239e9b70ca2 8907 x509->derCert.buffer, x509->derCert.length);
wolfSSL 0:1239e9b70ca2 8908 result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1);
wolfSSL 0:1239e9b70ca2 8909 if (result != SSL_SUCCESS) result = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 8910 }
wolfSSL 0:1239e9b70ca2 8911 }
wolfSSL 0:1239e9b70ca2 8912
wolfSSL 0:1239e9b70ca2 8913 CYASSL_LEAVE("CyaSSL_X509_STORE_add_cert", result);
wolfSSL 0:1239e9b70ca2 8914 return result;
wolfSSL 0:1239e9b70ca2 8915 }
wolfSSL 0:1239e9b70ca2 8916
wolfSSL 0:1239e9b70ca2 8917
wolfSSL 0:1239e9b70ca2 8918 CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void)
wolfSSL 0:1239e9b70ca2 8919 {
wolfSSL 0:1239e9b70ca2 8920 CYASSL_X509_STORE* store = NULL;
wolfSSL 0:1239e9b70ca2 8921
wolfSSL 0:1239e9b70ca2 8922 store = (CYASSL_X509_STORE*)XMALLOC(sizeof(CYASSL_X509_STORE), NULL, 0);
wolfSSL 0:1239e9b70ca2 8923 if (store != NULL) {
wolfSSL 0:1239e9b70ca2 8924 store->cm = CyaSSL_CertManagerNew();
wolfSSL 0:1239e9b70ca2 8925 if (store->cm == NULL) {
wolfSSL 0:1239e9b70ca2 8926 XFREE(store, NULL, 0);
wolfSSL 0:1239e9b70ca2 8927 store = NULL;
wolfSSL 0:1239e9b70ca2 8928 }
wolfSSL 0:1239e9b70ca2 8929 }
wolfSSL 0:1239e9b70ca2 8930
wolfSSL 0:1239e9b70ca2 8931 return store;
wolfSSL 0:1239e9b70ca2 8932 }
wolfSSL 0:1239e9b70ca2 8933
wolfSSL 0:1239e9b70ca2 8934
wolfSSL 0:1239e9b70ca2 8935 void CyaSSL_X509_STORE_free(CYASSL_X509_STORE* store)
wolfSSL 0:1239e9b70ca2 8936 {
wolfSSL 0:1239e9b70ca2 8937 if (store != NULL) {
wolfSSL 0:1239e9b70ca2 8938 if (store->cm != NULL)
wolfSSL 0:1239e9b70ca2 8939 CyaSSL_CertManagerFree(store->cm);
wolfSSL 0:1239e9b70ca2 8940 XFREE(store, NULL, 0);
wolfSSL 0:1239e9b70ca2 8941 }
wolfSSL 0:1239e9b70ca2 8942 }
wolfSSL 0:1239e9b70ca2 8943
wolfSSL 0:1239e9b70ca2 8944
wolfSSL 0:1239e9b70ca2 8945 int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE* store)
wolfSSL 0:1239e9b70ca2 8946 {
wolfSSL 0:1239e9b70ca2 8947 (void)store;
wolfSSL 0:1239e9b70ca2 8948 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 8949 }
wolfSSL 0:1239e9b70ca2 8950
wolfSSL 0:1239e9b70ca2 8951
wolfSSL 0:1239e9b70ca2 8952 int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX* ctx, int idx,
wolfSSL 0:1239e9b70ca2 8953 CYASSL_X509_NAME* name, CYASSL_X509_OBJECT* obj)
wolfSSL 0:1239e9b70ca2 8954 {
wolfSSL 0:1239e9b70ca2 8955 (void)ctx;
wolfSSL 0:1239e9b70ca2 8956 (void)idx;
wolfSSL 0:1239e9b70ca2 8957 (void)name;
wolfSSL 0:1239e9b70ca2 8958 (void)obj;
wolfSSL 0:1239e9b70ca2 8959 return 0;
wolfSSL 0:1239e9b70ca2 8960 }
wolfSSL 0:1239e9b70ca2 8961
wolfSSL 0:1239e9b70ca2 8962
wolfSSL 0:1239e9b70ca2 8963 CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void)
wolfSSL 0:1239e9b70ca2 8964 {
wolfSSL 0:1239e9b70ca2 8965 CYASSL_X509_STORE_CTX* ctx = (CYASSL_X509_STORE_CTX*)XMALLOC(
wolfSSL 0:1239e9b70ca2 8966 sizeof(CYASSL_X509_STORE_CTX), NULL, 0);
wolfSSL 0:1239e9b70ca2 8967
wolfSSL 0:1239e9b70ca2 8968 if (ctx != NULL)
wolfSSL 0:1239e9b70ca2 8969 CyaSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
wolfSSL 0:1239e9b70ca2 8970
wolfSSL 0:1239e9b70ca2 8971 return ctx;
wolfSSL 0:1239e9b70ca2 8972 }
wolfSSL 0:1239e9b70ca2 8973
wolfSSL 0:1239e9b70ca2 8974
wolfSSL 0:1239e9b70ca2 8975 int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX* ctx,
wolfSSL 0:1239e9b70ca2 8976 CYASSL_X509_STORE* store, CYASSL_X509* x509, STACK_OF(CYASSL_X509)* sk)
wolfSSL 0:1239e9b70ca2 8977 {
wolfSSL 0:1239e9b70ca2 8978 (void)sk;
wolfSSL 0:1239e9b70ca2 8979 if (ctx != NULL) {
wolfSSL 0:1239e9b70ca2 8980 ctx->store = store;
wolfSSL 0:1239e9b70ca2 8981 ctx->current_cert = x509;
wolfSSL 0:1239e9b70ca2 8982 ctx->domain = NULL;
wolfSSL 0:1239e9b70ca2 8983 ctx->ex_data = NULL;
wolfSSL 0:1239e9b70ca2 8984 ctx->userCtx = NULL;
wolfSSL 0:1239e9b70ca2 8985 ctx->error = 0;
wolfSSL 0:1239e9b70ca2 8986 ctx->error_depth = 0;
wolfSSL 0:1239e9b70ca2 8987 ctx->discardSessionCerts = 0;
wolfSSL 0:1239e9b70ca2 8988 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 8989 }
wolfSSL 0:1239e9b70ca2 8990 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 8991 }
wolfSSL 0:1239e9b70ca2 8992
wolfSSL 0:1239e9b70ca2 8993
wolfSSL 0:1239e9b70ca2 8994 void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 8995 {
wolfSSL 0:1239e9b70ca2 8996 if (ctx != NULL) {
wolfSSL 0:1239e9b70ca2 8997 if (ctx->store != NULL)
wolfSSL 0:1239e9b70ca2 8998 CyaSSL_X509_STORE_free(ctx->store);
wolfSSL 0:1239e9b70ca2 8999 if (ctx->current_cert != NULL)
wolfSSL 0:1239e9b70ca2 9000 CyaSSL_FreeX509(ctx->current_cert);
wolfSSL 0:1239e9b70ca2 9001 XFREE(ctx, NULL, 0);
wolfSSL 0:1239e9b70ca2 9002 }
wolfSSL 0:1239e9b70ca2 9003 }
wolfSSL 0:1239e9b70ca2 9004
wolfSSL 0:1239e9b70ca2 9005
wolfSSL 0:1239e9b70ca2 9006 void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9007 {
wolfSSL 0:1239e9b70ca2 9008 (void)ctx;
wolfSSL 0:1239e9b70ca2 9009 }
wolfSSL 0:1239e9b70ca2 9010
wolfSSL 0:1239e9b70ca2 9011
wolfSSL 0:1239e9b70ca2 9012 int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9013 {
wolfSSL 0:1239e9b70ca2 9014 if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
wolfSSL 0:1239e9b70ca2 9015 && ctx->current_cert != NULL) {
wolfSSL 0:1239e9b70ca2 9016 return CyaSSL_CertManagerVerifyBuffer(ctx->store->cm,
wolfSSL 0:1239e9b70ca2 9017 ctx->current_cert->derCert.buffer,
wolfSSL 0:1239e9b70ca2 9018 ctx->current_cert->derCert.length,
wolfSSL 0:1239e9b70ca2 9019 SSL_FILETYPE_ASN1);
wolfSSL 0:1239e9b70ca2 9020 }
wolfSSL 0:1239e9b70ca2 9021 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9022 }
wolfSSL 0:1239e9b70ca2 9023
wolfSSL 0:1239e9b70ca2 9024
wolfSSL 0:1239e9b70ca2 9025 CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL* crl)
wolfSSL 0:1239e9b70ca2 9026 {
wolfSSL 0:1239e9b70ca2 9027 (void)crl;
wolfSSL 0:1239e9b70ca2 9028 return 0;
wolfSSL 0:1239e9b70ca2 9029 }
wolfSSL 0:1239e9b70ca2 9030
wolfSSL 0:1239e9b70ca2 9031
wolfSSL 0:1239e9b70ca2 9032 CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL* crl)
wolfSSL 0:1239e9b70ca2 9033 {
wolfSSL 0:1239e9b70ca2 9034 (void)crl;
wolfSSL 0:1239e9b70ca2 9035 return 0;
wolfSSL 0:1239e9b70ca2 9036 }
wolfSSL 0:1239e9b70ca2 9037
wolfSSL 0:1239e9b70ca2 9038
wolfSSL 0:1239e9b70ca2 9039
wolfSSL 0:1239e9b70ca2 9040 CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 9041 {
wolfSSL 0:1239e9b70ca2 9042 CYASSL_EVP_PKEY* key = NULL;
wolfSSL 0:1239e9b70ca2 9043 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 9044 key = (CYASSL_EVP_PKEY*)XMALLOC(
wolfSSL 0:1239e9b70ca2 9045 sizeof(CYASSL_EVP_PKEY), NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 0:1239e9b70ca2 9046 if (key != NULL) {
wolfSSL 0:1239e9b70ca2 9047 key->type = x509->pubKeyOID;
wolfSSL 0:1239e9b70ca2 9048 key->save_type = 0;
wolfSSL 0:1239e9b70ca2 9049 key->pkey.ptr = (char*)XMALLOC(
wolfSSL 0:1239e9b70ca2 9050 x509->pubKey.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 0:1239e9b70ca2 9051 if (key->pkey.ptr == NULL) {
wolfSSL 0:1239e9b70ca2 9052 XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 0:1239e9b70ca2 9053 return NULL;
wolfSSL 0:1239e9b70ca2 9054 }
wolfSSL 0:1239e9b70ca2 9055 XMEMCPY(key->pkey.ptr,
wolfSSL 0:1239e9b70ca2 9056 x509->pubKey.buffer, x509->pubKey.length);
wolfSSL 0:1239e9b70ca2 9057 key->pkey_sz = x509->pubKey.length;
wolfSSL 0:1239e9b70ca2 9058 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 9059 key->pkey_curve = (int)x509->pkCurveOID;
wolfSSL 0:1239e9b70ca2 9060 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 9061 }
wolfSSL 0:1239e9b70ca2 9062 }
wolfSSL 0:1239e9b70ca2 9063 return key;
wolfSSL 0:1239e9b70ca2 9064 }
wolfSSL 0:1239e9b70ca2 9065
wolfSSL 0:1239e9b70ca2 9066
wolfSSL 0:1239e9b70ca2 9067 int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL* crl, CYASSL_EVP_PKEY* key)
wolfSSL 0:1239e9b70ca2 9068 {
wolfSSL 0:1239e9b70ca2 9069 (void)crl;
wolfSSL 0:1239e9b70ca2 9070 (void)key;
wolfSSL 0:1239e9b70ca2 9071 return 0;
wolfSSL 0:1239e9b70ca2 9072 }
wolfSSL 0:1239e9b70ca2 9073
wolfSSL 0:1239e9b70ca2 9074
wolfSSL 0:1239e9b70ca2 9075 void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX* ctx, int err)
wolfSSL 0:1239e9b70ca2 9076 {
wolfSSL 0:1239e9b70ca2 9077 (void)ctx;
wolfSSL 0:1239e9b70ca2 9078 (void)err;
wolfSSL 0:1239e9b70ca2 9079 }
wolfSSL 0:1239e9b70ca2 9080
wolfSSL 0:1239e9b70ca2 9081
wolfSSL 0:1239e9b70ca2 9082 void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT* obj)
wolfSSL 0:1239e9b70ca2 9083 {
wolfSSL 0:1239e9b70ca2 9084 (void)obj;
wolfSSL 0:1239e9b70ca2 9085 }
wolfSSL 0:1239e9b70ca2 9086
wolfSSL 0:1239e9b70ca2 9087
wolfSSL 0:1239e9b70ca2 9088 void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY* key)
wolfSSL 0:1239e9b70ca2 9089 {
wolfSSL 0:1239e9b70ca2 9090 if (key != NULL) {
wolfSSL 0:1239e9b70ca2 9091 if (key->pkey.ptr != NULL)
wolfSSL 0:1239e9b70ca2 9092 XFREE(key->pkey.ptr, NULL, 0);
wolfSSL 0:1239e9b70ca2 9093 XFREE(key, NULL, 0);
wolfSSL 0:1239e9b70ca2 9094 }
wolfSSL 0:1239e9b70ca2 9095 }
wolfSSL 0:1239e9b70ca2 9096
wolfSSL 0:1239e9b70ca2 9097
wolfSSL 0:1239e9b70ca2 9098 int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME* asnTime)
wolfSSL 0:1239e9b70ca2 9099 {
wolfSSL 0:1239e9b70ca2 9100 (void)asnTime;
wolfSSL 0:1239e9b70ca2 9101 return 0;
wolfSSL 0:1239e9b70ca2 9102 }
wolfSSL 0:1239e9b70ca2 9103
wolfSSL 0:1239e9b70ca2 9104
wolfSSL 0:1239e9b70ca2 9105 int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED* revoked)
wolfSSL 0:1239e9b70ca2 9106 {
wolfSSL 0:1239e9b70ca2 9107 (void)revoked;
wolfSSL 0:1239e9b70ca2 9108 return 0;
wolfSSL 0:1239e9b70ca2 9109 }
wolfSSL 0:1239e9b70ca2 9110
wolfSSL 0:1239e9b70ca2 9111
wolfSSL 0:1239e9b70ca2 9112
wolfSSL 0:1239e9b70ca2 9113 CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL* crl)
wolfSSL 0:1239e9b70ca2 9114 {
wolfSSL 0:1239e9b70ca2 9115 (void)crl;
wolfSSL 0:1239e9b70ca2 9116 return 0;
wolfSSL 0:1239e9b70ca2 9117 }
wolfSSL 0:1239e9b70ca2 9118
wolfSSL 0:1239e9b70ca2 9119
wolfSSL 0:1239e9b70ca2 9120 CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value(
wolfSSL 0:1239e9b70ca2 9121 CYASSL_X509_REVOKED* revoked, int value)
wolfSSL 0:1239e9b70ca2 9122 {
wolfSSL 0:1239e9b70ca2 9123 (void)revoked;
wolfSSL 0:1239e9b70ca2 9124 (void)value;
wolfSSL 0:1239e9b70ca2 9125 return 0;
wolfSSL 0:1239e9b70ca2 9126 }
wolfSSL 0:1239e9b70ca2 9127
wolfSSL 0:1239e9b70ca2 9128
wolfSSL 0:1239e9b70ca2 9129
wolfSSL 0:1239e9b70ca2 9130 CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 9131 {
wolfSSL 0:1239e9b70ca2 9132 (void)x509;
wolfSSL 0:1239e9b70ca2 9133 return 0;
wolfSSL 0:1239e9b70ca2 9134 }
wolfSSL 0:1239e9b70ca2 9135
wolfSSL 0:1239e9b70ca2 9136
wolfSSL 0:1239e9b70ca2 9137 int CyaSSL_ASN1_TIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_TIME* asnTime)
wolfSSL 0:1239e9b70ca2 9138 {
wolfSSL 0:1239e9b70ca2 9139 (void)bio;
wolfSSL 0:1239e9b70ca2 9140 (void)asnTime;
wolfSSL 0:1239e9b70ca2 9141 return 0;
wolfSSL 0:1239e9b70ca2 9142 }
wolfSSL 0:1239e9b70ca2 9143
wolfSSL 0:1239e9b70ca2 9144
wolfSSL 0:1239e9b70ca2 9145
wolfSSL 0:1239e9b70ca2 9146 int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER* a,
wolfSSL 0:1239e9b70ca2 9147 const CYASSL_ASN1_INTEGER* b)
wolfSSL 0:1239e9b70ca2 9148 {
wolfSSL 0:1239e9b70ca2 9149 (void)a;
wolfSSL 0:1239e9b70ca2 9150 (void)b;
wolfSSL 0:1239e9b70ca2 9151 return 0;
wolfSSL 0:1239e9b70ca2 9152 }
wolfSSL 0:1239e9b70ca2 9153
wolfSSL 0:1239e9b70ca2 9154
wolfSSL 0:1239e9b70ca2 9155 long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER* i)
wolfSSL 0:1239e9b70ca2 9156 {
wolfSSL 0:1239e9b70ca2 9157 (void)i;
wolfSSL 0:1239e9b70ca2 9158 return 0;
wolfSSL 0:1239e9b70ca2 9159 }
wolfSSL 0:1239e9b70ca2 9160
wolfSSL 0:1239e9b70ca2 9161
wolfSSL 0:1239e9b70ca2 9162
wolfSSL 0:1239e9b70ca2 9163 void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX* ctx, int idx)
wolfSSL 0:1239e9b70ca2 9164 {
wolfSSL 0:1239e9b70ca2 9165 #ifdef FORTRESS
wolfSSL 0:1239e9b70ca2 9166 if (ctx != NULL && idx == 0)
wolfSSL 0:1239e9b70ca2 9167 return ctx->ex_data;
wolfSSL 0:1239e9b70ca2 9168 #else
wolfSSL 0:1239e9b70ca2 9169 (void)ctx;
wolfSSL 0:1239e9b70ca2 9170 (void)idx;
wolfSSL 0:1239e9b70ca2 9171 #endif
wolfSSL 0:1239e9b70ca2 9172 return 0;
wolfSSL 0:1239e9b70ca2 9173 }
wolfSSL 0:1239e9b70ca2 9174
wolfSSL 0:1239e9b70ca2 9175
wolfSSL 0:1239e9b70ca2 9176 int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void)
wolfSSL 0:1239e9b70ca2 9177 {
wolfSSL 0:1239e9b70ca2 9178 return 0;
wolfSSL 0:1239e9b70ca2 9179 }
wolfSSL 0:1239e9b70ca2 9180
wolfSSL 0:1239e9b70ca2 9181
wolfSSL 0:1239e9b70ca2 9182 void* CyaSSL_get_ex_data(const CYASSL* ssl, int idx)
wolfSSL 0:1239e9b70ca2 9183 {
wolfSSL 0:1239e9b70ca2 9184 #ifdef FORTRESS
wolfSSL 0:1239e9b70ca2 9185 if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL 0:1239e9b70ca2 9186 return ssl->ex_data[idx];
wolfSSL 0:1239e9b70ca2 9187 #else
wolfSSL 0:1239e9b70ca2 9188 (void)ssl;
wolfSSL 0:1239e9b70ca2 9189 (void)idx;
wolfSSL 0:1239e9b70ca2 9190 #endif
wolfSSL 0:1239e9b70ca2 9191 return 0;
wolfSSL 0:1239e9b70ca2 9192 }
wolfSSL 0:1239e9b70ca2 9193
wolfSSL 0:1239e9b70ca2 9194
wolfSSL 0:1239e9b70ca2 9195 void CyaSSL_CTX_set_info_callback(CYASSL_CTX* ctx, void (*f)(void))
wolfSSL 0:1239e9b70ca2 9196 {
wolfSSL 0:1239e9b70ca2 9197 (void)ctx;
wolfSSL 0:1239e9b70ca2 9198 (void)f;
wolfSSL 0:1239e9b70ca2 9199 }
wolfSSL 0:1239e9b70ca2 9200
wolfSSL 0:1239e9b70ca2 9201
wolfSSL 0:1239e9b70ca2 9202 unsigned long CyaSSL_ERR_peek_error(void)
wolfSSL 0:1239e9b70ca2 9203 {
wolfSSL 0:1239e9b70ca2 9204 return 0;
wolfSSL 0:1239e9b70ca2 9205 }
wolfSSL 0:1239e9b70ca2 9206
wolfSSL 0:1239e9b70ca2 9207
wolfSSL 0:1239e9b70ca2 9208 int CyaSSL_ERR_GET_REASON(int err)
wolfSSL 0:1239e9b70ca2 9209 {
wolfSSL 0:1239e9b70ca2 9210 (void)err;
wolfSSL 0:1239e9b70ca2 9211 return 0;
wolfSSL 0:1239e9b70ca2 9212 }
wolfSSL 0:1239e9b70ca2 9213
wolfSSL 0:1239e9b70ca2 9214
wolfSSL 0:1239e9b70ca2 9215 char* CyaSSL_alert_type_string_long(int alertID)
wolfSSL 0:1239e9b70ca2 9216 {
wolfSSL 0:1239e9b70ca2 9217 (void)alertID;
wolfSSL 0:1239e9b70ca2 9218 return 0;
wolfSSL 0:1239e9b70ca2 9219 }
wolfSSL 0:1239e9b70ca2 9220
wolfSSL 0:1239e9b70ca2 9221
wolfSSL 0:1239e9b70ca2 9222 char* CyaSSL_alert_desc_string_long(int alertID)
wolfSSL 0:1239e9b70ca2 9223 {
wolfSSL 0:1239e9b70ca2 9224 (void)alertID;
wolfSSL 0:1239e9b70ca2 9225 return 0;
wolfSSL 0:1239e9b70ca2 9226 }
wolfSSL 0:1239e9b70ca2 9227
wolfSSL 0:1239e9b70ca2 9228
wolfSSL 0:1239e9b70ca2 9229 char* CyaSSL_state_string_long(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 9230 {
wolfSSL 0:1239e9b70ca2 9231 (void)ssl;
wolfSSL 0:1239e9b70ca2 9232 return 0;
wolfSSL 0:1239e9b70ca2 9233 }
wolfSSL 0:1239e9b70ca2 9234
wolfSSL 0:1239e9b70ca2 9235
wolfSSL 0:1239e9b70ca2 9236 int CyaSSL_PEM_def_callback(char* name, int num, int w, void* key)
wolfSSL 0:1239e9b70ca2 9237 {
wolfSSL 0:1239e9b70ca2 9238 (void)name;
wolfSSL 0:1239e9b70ca2 9239 (void)num;
wolfSSL 0:1239e9b70ca2 9240 (void)w;
wolfSSL 0:1239e9b70ca2 9241 (void)key;
wolfSSL 0:1239e9b70ca2 9242 return 0;
wolfSSL 0:1239e9b70ca2 9243 }
wolfSSL 0:1239e9b70ca2 9244
wolfSSL 0:1239e9b70ca2 9245
wolfSSL 0:1239e9b70ca2 9246 long CyaSSL_CTX_sess_accept(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9247 {
wolfSSL 0:1239e9b70ca2 9248 (void)ctx;
wolfSSL 0:1239e9b70ca2 9249 return 0;
wolfSSL 0:1239e9b70ca2 9250 }
wolfSSL 0:1239e9b70ca2 9251
wolfSSL 0:1239e9b70ca2 9252
wolfSSL 0:1239e9b70ca2 9253 long CyaSSL_CTX_sess_connect(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9254 {
wolfSSL 0:1239e9b70ca2 9255 (void)ctx;
wolfSSL 0:1239e9b70ca2 9256 return 0;
wolfSSL 0:1239e9b70ca2 9257 }
wolfSSL 0:1239e9b70ca2 9258
wolfSSL 0:1239e9b70ca2 9259
wolfSSL 0:1239e9b70ca2 9260 long CyaSSL_CTX_sess_accept_good(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9261 {
wolfSSL 0:1239e9b70ca2 9262 (void)ctx;
wolfSSL 0:1239e9b70ca2 9263 return 0;
wolfSSL 0:1239e9b70ca2 9264 }
wolfSSL 0:1239e9b70ca2 9265
wolfSSL 0:1239e9b70ca2 9266
wolfSSL 0:1239e9b70ca2 9267 long CyaSSL_CTX_sess_connect_good(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9268 {
wolfSSL 0:1239e9b70ca2 9269 (void)ctx;
wolfSSL 0:1239e9b70ca2 9270 return 0;
wolfSSL 0:1239e9b70ca2 9271 }
wolfSSL 0:1239e9b70ca2 9272
wolfSSL 0:1239e9b70ca2 9273
wolfSSL 0:1239e9b70ca2 9274 long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9275 {
wolfSSL 0:1239e9b70ca2 9276 (void)ctx;
wolfSSL 0:1239e9b70ca2 9277 return 0;
wolfSSL 0:1239e9b70ca2 9278 }
wolfSSL 0:1239e9b70ca2 9279
wolfSSL 0:1239e9b70ca2 9280
wolfSSL 0:1239e9b70ca2 9281 long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9282 {
wolfSSL 0:1239e9b70ca2 9283 (void)ctx;
wolfSSL 0:1239e9b70ca2 9284 return 0;
wolfSSL 0:1239e9b70ca2 9285 }
wolfSSL 0:1239e9b70ca2 9286
wolfSSL 0:1239e9b70ca2 9287
wolfSSL 0:1239e9b70ca2 9288 long CyaSSL_CTX_sess_hits(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9289 {
wolfSSL 0:1239e9b70ca2 9290 (void)ctx;
wolfSSL 0:1239e9b70ca2 9291 return 0;
wolfSSL 0:1239e9b70ca2 9292 }
wolfSSL 0:1239e9b70ca2 9293
wolfSSL 0:1239e9b70ca2 9294
wolfSSL 0:1239e9b70ca2 9295 long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9296 {
wolfSSL 0:1239e9b70ca2 9297 (void)ctx;
wolfSSL 0:1239e9b70ca2 9298 return 0;
wolfSSL 0:1239e9b70ca2 9299 }
wolfSSL 0:1239e9b70ca2 9300
wolfSSL 0:1239e9b70ca2 9301
wolfSSL 0:1239e9b70ca2 9302 long CyaSSL_CTX_sess_cache_full(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9303 {
wolfSSL 0:1239e9b70ca2 9304 (void)ctx;
wolfSSL 0:1239e9b70ca2 9305 return 0;
wolfSSL 0:1239e9b70ca2 9306 }
wolfSSL 0:1239e9b70ca2 9307
wolfSSL 0:1239e9b70ca2 9308
wolfSSL 0:1239e9b70ca2 9309 long CyaSSL_CTX_sess_misses(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9310 {
wolfSSL 0:1239e9b70ca2 9311 (void)ctx;
wolfSSL 0:1239e9b70ca2 9312 return 0;
wolfSSL 0:1239e9b70ca2 9313 }
wolfSSL 0:1239e9b70ca2 9314
wolfSSL 0:1239e9b70ca2 9315
wolfSSL 0:1239e9b70ca2 9316 long CyaSSL_CTX_sess_timeouts(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9317 {
wolfSSL 0:1239e9b70ca2 9318 (void)ctx;
wolfSSL 0:1239e9b70ca2 9319 return 0;
wolfSSL 0:1239e9b70ca2 9320 }
wolfSSL 0:1239e9b70ca2 9321
wolfSSL 0:1239e9b70ca2 9322
wolfSSL 0:1239e9b70ca2 9323 long CyaSSL_CTX_sess_number(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9324 {
wolfSSL 0:1239e9b70ca2 9325 (void)ctx;
wolfSSL 0:1239e9b70ca2 9326 return 0;
wolfSSL 0:1239e9b70ca2 9327 }
wolfSSL 0:1239e9b70ca2 9328
wolfSSL 0:1239e9b70ca2 9329
wolfSSL 0:1239e9b70ca2 9330 void CyaSSL_DES_set_key_unchecked(CYASSL_const_DES_cblock* myDes,
wolfSSL 0:1239e9b70ca2 9331 CYASSL_DES_key_schedule* key)
wolfSSL 0:1239e9b70ca2 9332 {
wolfSSL 0:1239e9b70ca2 9333 (void)myDes;
wolfSSL 0:1239e9b70ca2 9334 (void)key;
wolfSSL 0:1239e9b70ca2 9335 }
wolfSSL 0:1239e9b70ca2 9336
wolfSSL 0:1239e9b70ca2 9337
wolfSSL 0:1239e9b70ca2 9338 void CyaSSL_DES_set_odd_parity(CYASSL_DES_cblock* myDes)
wolfSSL 0:1239e9b70ca2 9339 {
wolfSSL 0:1239e9b70ca2 9340 (void)myDes;
wolfSSL 0:1239e9b70ca2 9341 }
wolfSSL 0:1239e9b70ca2 9342
wolfSSL 0:1239e9b70ca2 9343
wolfSSL 0:1239e9b70ca2 9344 void CyaSSL_DES_ecb_encrypt(CYASSL_DES_cblock* desa,
wolfSSL 0:1239e9b70ca2 9345 CYASSL_DES_cblock* desb, CYASSL_DES_key_schedule* key, int len)
wolfSSL 0:1239e9b70ca2 9346 {
wolfSSL 0:1239e9b70ca2 9347 (void)desa;
wolfSSL 0:1239e9b70ca2 9348 (void)desb;
wolfSSL 0:1239e9b70ca2 9349 (void)key;
wolfSSL 0:1239e9b70ca2 9350 (void)len;
wolfSSL 0:1239e9b70ca2 9351 }
wolfSSL 0:1239e9b70ca2 9352
wolfSSL 0:1239e9b70ca2 9353 int CyaSSL_BIO_printf(CYASSL_BIO* bio, const char* format, ...)
wolfSSL 0:1239e9b70ca2 9354 {
wolfSSL 0:1239e9b70ca2 9355 (void)bio;
wolfSSL 0:1239e9b70ca2 9356 (void)format;
wolfSSL 0:1239e9b70ca2 9357 return 0;
wolfSSL 0:1239e9b70ca2 9358 }
wolfSSL 0:1239e9b70ca2 9359
wolfSSL 0:1239e9b70ca2 9360
wolfSSL 0:1239e9b70ca2 9361 int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_UTCTIME* a)
wolfSSL 0:1239e9b70ca2 9362 {
wolfSSL 0:1239e9b70ca2 9363 (void)bio;
wolfSSL 0:1239e9b70ca2 9364 (void)a;
wolfSSL 0:1239e9b70ca2 9365 return 0;
wolfSSL 0:1239e9b70ca2 9366 }
wolfSSL 0:1239e9b70ca2 9367
wolfSSL 0:1239e9b70ca2 9368
wolfSSL 0:1239e9b70ca2 9369 int CyaSSL_sk_num(CYASSL_X509_REVOKED* rev)
wolfSSL 0:1239e9b70ca2 9370 {
wolfSSL 0:1239e9b70ca2 9371 (void)rev;
wolfSSL 0:1239e9b70ca2 9372 return 0;
wolfSSL 0:1239e9b70ca2 9373 }
wolfSSL 0:1239e9b70ca2 9374
wolfSSL 0:1239e9b70ca2 9375
wolfSSL 0:1239e9b70ca2 9376 void* CyaSSL_sk_value(CYASSL_X509_REVOKED* rev, int i)
wolfSSL 0:1239e9b70ca2 9377 {
wolfSSL 0:1239e9b70ca2 9378 (void)rev;
wolfSSL 0:1239e9b70ca2 9379 (void)i;
wolfSSL 0:1239e9b70ca2 9380 return 0;
wolfSSL 0:1239e9b70ca2 9381 }
wolfSSL 0:1239e9b70ca2 9382
wolfSSL 0:1239e9b70ca2 9383
wolfSSL 0:1239e9b70ca2 9384 /* stunnel 4.28 needs */
wolfSSL 0:1239e9b70ca2 9385 void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX* ctx, int d)
wolfSSL 0:1239e9b70ca2 9386 {
wolfSSL 0:1239e9b70ca2 9387 (void)ctx;
wolfSSL 0:1239e9b70ca2 9388 (void)d;
wolfSSL 0:1239e9b70ca2 9389 return 0;
wolfSSL 0:1239e9b70ca2 9390 }
wolfSSL 0:1239e9b70ca2 9391
wolfSSL 0:1239e9b70ca2 9392
wolfSSL 0:1239e9b70ca2 9393 int CyaSSL_CTX_set_ex_data(CYASSL_CTX* ctx, int d, void* p)
wolfSSL 0:1239e9b70ca2 9394 {
wolfSSL 0:1239e9b70ca2 9395 (void)ctx;
wolfSSL 0:1239e9b70ca2 9396 (void)d;
wolfSSL 0:1239e9b70ca2 9397 (void)p;
wolfSSL 0:1239e9b70ca2 9398 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9399 }
wolfSSL 0:1239e9b70ca2 9400
wolfSSL 0:1239e9b70ca2 9401
wolfSSL 0:1239e9b70ca2 9402 void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 9403 CYASSL_SESSION*(*f)(CYASSL*, unsigned char*, int, int*))
wolfSSL 0:1239e9b70ca2 9404 {
wolfSSL 0:1239e9b70ca2 9405 (void)ctx;
wolfSSL 0:1239e9b70ca2 9406 (void)f;
wolfSSL 0:1239e9b70ca2 9407 }
wolfSSL 0:1239e9b70ca2 9408
wolfSSL 0:1239e9b70ca2 9409
wolfSSL 0:1239e9b70ca2 9410 void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 9411 int (*f)(CYASSL*, CYASSL_SESSION*))
wolfSSL 0:1239e9b70ca2 9412 {
wolfSSL 0:1239e9b70ca2 9413 (void)ctx;
wolfSSL 0:1239e9b70ca2 9414 (void)f;
wolfSSL 0:1239e9b70ca2 9415 }
wolfSSL 0:1239e9b70ca2 9416
wolfSSL 0:1239e9b70ca2 9417
wolfSSL 0:1239e9b70ca2 9418 void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX* ctx, void (*f)(CYASSL_CTX*,
wolfSSL 0:1239e9b70ca2 9419 CYASSL_SESSION*))
wolfSSL 0:1239e9b70ca2 9420 {
wolfSSL 0:1239e9b70ca2 9421 (void)ctx;
wolfSSL 0:1239e9b70ca2 9422 (void)f;
wolfSSL 0:1239e9b70ca2 9423 }
wolfSSL 0:1239e9b70ca2 9424
wolfSSL 0:1239e9b70ca2 9425
wolfSSL 0:1239e9b70ca2 9426 int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION* sess, unsigned char** p)
wolfSSL 0:1239e9b70ca2 9427 {
wolfSSL 0:1239e9b70ca2 9428 (void)sess;
wolfSSL 0:1239e9b70ca2 9429 (void)p;
wolfSSL 0:1239e9b70ca2 9430 return sizeof(CYASSL_SESSION);
wolfSSL 0:1239e9b70ca2 9431 }
wolfSSL 0:1239e9b70ca2 9432
wolfSSL 0:1239e9b70ca2 9433
wolfSSL 0:1239e9b70ca2 9434 CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION** sess,
wolfSSL 0:1239e9b70ca2 9435 const unsigned char** p, long i)
wolfSSL 0:1239e9b70ca2 9436 {
wolfSSL 0:1239e9b70ca2 9437 (void)p;
wolfSSL 0:1239e9b70ca2 9438 (void)i;
wolfSSL 0:1239e9b70ca2 9439 if (sess)
wolfSSL 0:1239e9b70ca2 9440 return *sess;
wolfSSL 0:1239e9b70ca2 9441 return NULL;
wolfSSL 0:1239e9b70ca2 9442 }
wolfSSL 0:1239e9b70ca2 9443
wolfSSL 0:1239e9b70ca2 9444
wolfSSL 0:1239e9b70ca2 9445 long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION* sess)
wolfSSL 0:1239e9b70ca2 9446 {
wolfSSL 0:1239e9b70ca2 9447 CYASSL_ENTER("CyaSSL_SESSION_get_timeout");
wolfSSL 0:1239e9b70ca2 9448 return sess->timeout;
wolfSSL 0:1239e9b70ca2 9449 }
wolfSSL 0:1239e9b70ca2 9450
wolfSSL 0:1239e9b70ca2 9451
wolfSSL 0:1239e9b70ca2 9452 long CyaSSL_SESSION_get_time(const CYASSL_SESSION* sess)
wolfSSL 0:1239e9b70ca2 9453 {
wolfSSL 0:1239e9b70ca2 9454 CYASSL_ENTER("CyaSSL_SESSION_get_time");
wolfSSL 0:1239e9b70ca2 9455 return sess->bornOn;
wolfSSL 0:1239e9b70ca2 9456 }
wolfSSL 0:1239e9b70ca2 9457
wolfSSL 0:1239e9b70ca2 9458
wolfSSL 0:1239e9b70ca2 9459 int CyaSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
wolfSSL 0:1239e9b70ca2 9460 void* c)
wolfSSL 0:1239e9b70ca2 9461 {
wolfSSL 0:1239e9b70ca2 9462 (void)idx;
wolfSSL 0:1239e9b70ca2 9463 (void)arg;
wolfSSL 0:1239e9b70ca2 9464 (void)a;
wolfSSL 0:1239e9b70ca2 9465 (void)b;
wolfSSL 0:1239e9b70ca2 9466 (void)c;
wolfSSL 0:1239e9b70ca2 9467 return 0;
wolfSSL 0:1239e9b70ca2 9468 }
wolfSSL 0:1239e9b70ca2 9469
wolfSSL 0:1239e9b70ca2 9470 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 9471
wolfSSL 0:1239e9b70ca2 9472
wolfSSL 0:1239e9b70ca2 9473 #ifdef KEEP_PEER_CERT
wolfSSL 0:1239e9b70ca2 9474 char* CyaSSL_X509_get_subjectCN(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 9475 {
wolfSSL 0:1239e9b70ca2 9476 if (x509 == NULL)
wolfSSL 0:1239e9b70ca2 9477 return NULL;
wolfSSL 0:1239e9b70ca2 9478
wolfSSL 0:1239e9b70ca2 9479 return x509->subjectCN;
wolfSSL 0:1239e9b70ca2 9480 }
wolfSSL 0:1239e9b70ca2 9481 #endif /* KEEP_PEER_CERT */
wolfSSL 0:1239e9b70ca2 9482
wolfSSL 0:1239e9b70ca2 9483 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 9484
wolfSSL 0:1239e9b70ca2 9485 #ifdef FORTRESS
wolfSSL 0:1239e9b70ca2 9486 int CyaSSL_cmp_peer_cert_to_file(CYASSL* ssl, const char *fname)
wolfSSL 0:1239e9b70ca2 9487 {
wolfSSL 0:1239e9b70ca2 9488 int ret = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9489
wolfSSL 0:1239e9b70ca2 9490 CYASSL_ENTER("CyaSSL_cmp_peer_cert_to_file");
wolfSSL 0:1239e9b70ca2 9491 if (ssl != NULL && fname != NULL)
wolfSSL 0:1239e9b70ca2 9492 {
wolfSSL 0:1239e9b70ca2 9493 XFILE file = XBADFILE;
wolfSSL 0:1239e9b70ca2 9494 long sz = 0;
wolfSSL 0:1239e9b70ca2 9495 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 9496 byte* myBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 9497 CYASSL_CTX* ctx = ssl->ctx;
wolfSSL 0:1239e9b70ca2 9498 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 9499 buffer fileDer;
wolfSSL 0:1239e9b70ca2 9500 int eccKey = 0;
wolfSSL 0:1239e9b70ca2 9501 CYASSL_X509* peer_cert = &ssl->peerCert;
wolfSSL 0:1239e9b70ca2 9502
wolfSSL 0:1239e9b70ca2 9503 info.set = 0;
wolfSSL 0:1239e9b70ca2 9504 info.ctx = ctx;
wolfSSL 0:1239e9b70ca2 9505 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 9506 fileDer.buffer = 0;
wolfSSL 0:1239e9b70ca2 9507
wolfSSL 0:1239e9b70ca2 9508 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 9509 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 9510 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 9511 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 9512 XREWIND(file);
wolfSSL 0:1239e9b70ca2 9513 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 9514 CYASSL_MSG("Getting dynamic buffer");
wolfSSL 0:1239e9b70ca2 9515 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 9516 }
wolfSSL 0:1239e9b70ca2 9517
wolfSSL 0:1239e9b70ca2 9518 if ((myBuffer != NULL) &&
wolfSSL 0:1239e9b70ca2 9519 (sz > 0) &&
wolfSSL 0:1239e9b70ca2 9520 (XFREAD(myBuffer, sz, 1, file) > 0) &&
wolfSSL 0:1239e9b70ca2 9521 (PemToDer(myBuffer, sz, CERT_TYPE,
wolfSSL 0:1239e9b70ca2 9522 &fileDer, ctx->heap, &info, &eccKey) == 0) &&
wolfSSL 0:1239e9b70ca2 9523 (fileDer.length != 0) &&
wolfSSL 0:1239e9b70ca2 9524 (fileDer.length == peer_cert->derCert.length) &&
wolfSSL 0:1239e9b70ca2 9525 (XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer,
wolfSSL 0:1239e9b70ca2 9526 fileDer.length) == 0))
wolfSSL 0:1239e9b70ca2 9527 {
wolfSSL 0:1239e9b70ca2 9528 ret = 0;
wolfSSL 0:1239e9b70ca2 9529 }
wolfSSL 0:1239e9b70ca2 9530
wolfSSL 0:1239e9b70ca2 9531 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 9532 if (fileDer.buffer)
wolfSSL 0:1239e9b70ca2 9533 XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 9534 if (myBuffer && (myBuffer != staticBuffer))
wolfSSL 0:1239e9b70ca2 9535 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 9536 }
wolfSSL 0:1239e9b70ca2 9537
wolfSSL 0:1239e9b70ca2 9538 return ret;
wolfSSL 0:1239e9b70ca2 9539 }
wolfSSL 0:1239e9b70ca2 9540 #endif
wolfSSL 0:1239e9b70ca2 9541
wolfSSL 0:1239e9b70ca2 9542
wolfSSL 0:1239e9b70ca2 9543 static RNG globalRNG;
wolfSSL 0:1239e9b70ca2 9544 static int initGlobalRNG = 0;
wolfSSL 0:1239e9b70ca2 9545
wolfSSL 0:1239e9b70ca2 9546 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9547 int CyaSSL_RAND_seed(const void* seed, int len)
wolfSSL 0:1239e9b70ca2 9548 {
wolfSSL 0:1239e9b70ca2 9549
wolfSSL 0:1239e9b70ca2 9550 CYASSL_MSG("CyaSSL_RAND_seed");
wolfSSL 0:1239e9b70ca2 9551
wolfSSL 0:1239e9b70ca2 9552 (void)seed;
wolfSSL 0:1239e9b70ca2 9553 (void)len;
wolfSSL 0:1239e9b70ca2 9554
wolfSSL 0:1239e9b70ca2 9555 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 9556 if (InitRng(&globalRNG) < 0) {
wolfSSL 0:1239e9b70ca2 9557 CYASSL_MSG("CyaSSL Init Global RNG failed");
wolfSSL 0:1239e9b70ca2 9558 return 0;
wolfSSL 0:1239e9b70ca2 9559 }
wolfSSL 0:1239e9b70ca2 9560 initGlobalRNG = 1;
wolfSSL 0:1239e9b70ca2 9561 }
wolfSSL 0:1239e9b70ca2 9562
wolfSSL 0:1239e9b70ca2 9563 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9564 }
wolfSSL 0:1239e9b70ca2 9565
wolfSSL 0:1239e9b70ca2 9566
wolfSSL 0:1239e9b70ca2 9567 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9568 int CyaSSL_RAND_bytes(unsigned char* buf, int num)
wolfSSL 0:1239e9b70ca2 9569 {
wolfSSL 0:1239e9b70ca2 9570 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 9571 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 9572
wolfSSL 0:1239e9b70ca2 9573 CYASSL_ENTER("RAND_bytes");
wolfSSL 0:1239e9b70ca2 9574 if (InitRng(&tmpRNG) != 0) {
wolfSSL 0:1239e9b70ca2 9575 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 9576 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 9577 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 9578 return 0;
wolfSSL 0:1239e9b70ca2 9579 }
wolfSSL 0:1239e9b70ca2 9580 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 9581 }
wolfSSL 0:1239e9b70ca2 9582
wolfSSL 0:1239e9b70ca2 9583 if (RNG_GenerateBlock(rng, buf, num) != 0) {
wolfSSL 0:1239e9b70ca2 9584 CYASSL_MSG("Bad RNG_GenerateBlock");
wolfSSL 0:1239e9b70ca2 9585 return 0;
wolfSSL 0:1239e9b70ca2 9586 }
wolfSSL 0:1239e9b70ca2 9587
wolfSSL 0:1239e9b70ca2 9588 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9589 }
wolfSSL 0:1239e9b70ca2 9590
wolfSSL 0:1239e9b70ca2 9591 CYASSL_BN_CTX* CyaSSL_BN_CTX_new(void)
wolfSSL 0:1239e9b70ca2 9592 {
wolfSSL 0:1239e9b70ca2 9593 static int ctx; /* ctaocrypt doesn't now need ctx */
wolfSSL 0:1239e9b70ca2 9594
wolfSSL 0:1239e9b70ca2 9595 CYASSL_MSG("CyaSSL_BN_CTX_new");
wolfSSL 0:1239e9b70ca2 9596
wolfSSL 0:1239e9b70ca2 9597 return (CYASSL_BN_CTX*)&ctx;
wolfSSL 0:1239e9b70ca2 9598 }
wolfSSL 0:1239e9b70ca2 9599
wolfSSL 0:1239e9b70ca2 9600 void CyaSSL_BN_CTX_init(CYASSL_BN_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9601 {
wolfSSL 0:1239e9b70ca2 9602 (void)ctx;
wolfSSL 0:1239e9b70ca2 9603 CYASSL_MSG("CyaSSL_BN_CTX_init");
wolfSSL 0:1239e9b70ca2 9604 }
wolfSSL 0:1239e9b70ca2 9605
wolfSSL 0:1239e9b70ca2 9606
wolfSSL 0:1239e9b70ca2 9607 void CyaSSL_BN_CTX_free(CYASSL_BN_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9608 {
wolfSSL 0:1239e9b70ca2 9609 (void)ctx;
wolfSSL 0:1239e9b70ca2 9610 CYASSL_MSG("CyaSSL_BN_CTX_free");
wolfSSL 0:1239e9b70ca2 9611
wolfSSL 0:1239e9b70ca2 9612 /* do free since static ctx that does nothing */
wolfSSL 0:1239e9b70ca2 9613 }
wolfSSL 0:1239e9b70ca2 9614
wolfSSL 0:1239e9b70ca2 9615
wolfSSL 0:1239e9b70ca2 9616 static void InitCyaSSL_BigNum(CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9617 {
wolfSSL 0:1239e9b70ca2 9618 CYASSL_MSG("InitCyaSSL_BigNum");
wolfSSL 0:1239e9b70ca2 9619 if (bn) {
wolfSSL 0:1239e9b70ca2 9620 bn->neg = 0;
wolfSSL 0:1239e9b70ca2 9621 bn->internal = NULL;
wolfSSL 0:1239e9b70ca2 9622 }
wolfSSL 0:1239e9b70ca2 9623 }
wolfSSL 0:1239e9b70ca2 9624
wolfSSL 0:1239e9b70ca2 9625
wolfSSL 0:1239e9b70ca2 9626 CYASSL_BIGNUM* CyaSSL_BN_new(void)
wolfSSL 0:1239e9b70ca2 9627 {
wolfSSL 0:1239e9b70ca2 9628 CYASSL_BIGNUM* external;
wolfSSL 0:1239e9b70ca2 9629 mp_int* mpi;
wolfSSL 0:1239e9b70ca2 9630
wolfSSL 0:1239e9b70ca2 9631 CYASSL_MSG("CyaSSL_BN_new");
wolfSSL 0:1239e9b70ca2 9632
wolfSSL 0:1239e9b70ca2 9633 mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9634 if (mpi == NULL) {
wolfSSL 0:1239e9b70ca2 9635 CYASSL_MSG("CyaSSL_BN_new malloc mpi failure");
wolfSSL 0:1239e9b70ca2 9636 return NULL;
wolfSSL 0:1239e9b70ca2 9637 }
wolfSSL 0:1239e9b70ca2 9638
wolfSSL 0:1239e9b70ca2 9639 external = (CYASSL_BIGNUM*) XMALLOC(sizeof(CYASSL_BIGNUM), NULL,
wolfSSL 0:1239e9b70ca2 9640 DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9641 if (external == NULL) {
wolfSSL 0:1239e9b70ca2 9642 CYASSL_MSG("CyaSSL_BN_new malloc CYASSL_BIGNUM failure");
wolfSSL 0:1239e9b70ca2 9643 XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9644 return NULL;
wolfSSL 0:1239e9b70ca2 9645 }
wolfSSL 0:1239e9b70ca2 9646
wolfSSL 0:1239e9b70ca2 9647 InitCyaSSL_BigNum(external);
wolfSSL 0:1239e9b70ca2 9648 external->internal = mpi;
wolfSSL 0:1239e9b70ca2 9649 if (mp_init(mpi) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 9650 CyaSSL_BN_free(external);
wolfSSL 0:1239e9b70ca2 9651 return NULL;
wolfSSL 0:1239e9b70ca2 9652 }
wolfSSL 0:1239e9b70ca2 9653
wolfSSL 0:1239e9b70ca2 9654 return external;
wolfSSL 0:1239e9b70ca2 9655 }
wolfSSL 0:1239e9b70ca2 9656
wolfSSL 0:1239e9b70ca2 9657
wolfSSL 0:1239e9b70ca2 9658 void CyaSSL_BN_free(CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9659 {
wolfSSL 0:1239e9b70ca2 9660 CYASSL_MSG("CyaSSL_BN_free");
wolfSSL 0:1239e9b70ca2 9661 if (bn) {
wolfSSL 0:1239e9b70ca2 9662 if (bn->internal) {
wolfSSL 0:1239e9b70ca2 9663 mp_clear((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9664 XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9665 bn->internal = NULL;
wolfSSL 0:1239e9b70ca2 9666 }
wolfSSL 0:1239e9b70ca2 9667 XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9668 }
wolfSSL 0:1239e9b70ca2 9669 }
wolfSSL 0:1239e9b70ca2 9670
wolfSSL 0:1239e9b70ca2 9671
wolfSSL 0:1239e9b70ca2 9672 void CyaSSL_BN_clear_free(CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9673 {
wolfSSL 0:1239e9b70ca2 9674 CYASSL_MSG("CyaSSL_BN_clear_free");
wolfSSL 0:1239e9b70ca2 9675
wolfSSL 0:1239e9b70ca2 9676 CyaSSL_BN_free(bn);
wolfSSL 0:1239e9b70ca2 9677 }
wolfSSL 0:1239e9b70ca2 9678
wolfSSL 0:1239e9b70ca2 9679
wolfSSL 0:1239e9b70ca2 9680 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9681 int CyaSSL_BN_sub(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
wolfSSL 0:1239e9b70ca2 9682 const CYASSL_BIGNUM* b)
wolfSSL 0:1239e9b70ca2 9683 {
wolfSSL 0:1239e9b70ca2 9684 CYASSL_MSG("CyaSSL_BN_sub");
wolfSSL 0:1239e9b70ca2 9685
wolfSSL 0:1239e9b70ca2 9686 if (r == NULL || a == NULL || b == NULL)
wolfSSL 0:1239e9b70ca2 9687 return 0;
wolfSSL 0:1239e9b70ca2 9688
wolfSSL 0:1239e9b70ca2 9689 if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 0:1239e9b70ca2 9690 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 0:1239e9b70ca2 9691 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9692
wolfSSL 0:1239e9b70ca2 9693 CYASSL_MSG("CyaSSL_BN_sub mp_sub failed");
wolfSSL 0:1239e9b70ca2 9694 return 0;
wolfSSL 0:1239e9b70ca2 9695 }
wolfSSL 0:1239e9b70ca2 9696
wolfSSL 0:1239e9b70ca2 9697
wolfSSL 0:1239e9b70ca2 9698 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9699 int CyaSSL_BN_mod(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
wolfSSL 0:1239e9b70ca2 9700 const CYASSL_BIGNUM* b, const CYASSL_BN_CTX* c)
wolfSSL 0:1239e9b70ca2 9701 {
wolfSSL 0:1239e9b70ca2 9702 (void)c;
wolfSSL 0:1239e9b70ca2 9703 CYASSL_MSG("CyaSSL_BN_mod");
wolfSSL 0:1239e9b70ca2 9704
wolfSSL 0:1239e9b70ca2 9705 if (r == NULL || a == NULL || b == NULL)
wolfSSL 0:1239e9b70ca2 9706 return 0;
wolfSSL 0:1239e9b70ca2 9707
wolfSSL 0:1239e9b70ca2 9708 if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 0:1239e9b70ca2 9709 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 0:1239e9b70ca2 9710 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9711
wolfSSL 0:1239e9b70ca2 9712 CYASSL_MSG("CyaSSL_BN_mod mp_mod failed");
wolfSSL 0:1239e9b70ca2 9713 return 0;
wolfSSL 0:1239e9b70ca2 9714 }
wolfSSL 0:1239e9b70ca2 9715
wolfSSL 0:1239e9b70ca2 9716
wolfSSL 0:1239e9b70ca2 9717 const CYASSL_BIGNUM* CyaSSL_BN_value_one(void)
wolfSSL 0:1239e9b70ca2 9718 {
wolfSSL 0:1239e9b70ca2 9719 static CYASSL_BIGNUM* bn_one = NULL;
wolfSSL 0:1239e9b70ca2 9720
wolfSSL 0:1239e9b70ca2 9721 CYASSL_MSG("CyaSSL_BN_value_one");
wolfSSL 0:1239e9b70ca2 9722
wolfSSL 0:1239e9b70ca2 9723 if (bn_one == NULL) {
wolfSSL 0:1239e9b70ca2 9724 bn_one = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 9725 if (bn_one)
wolfSSL 0:1239e9b70ca2 9726 mp_set_int((mp_int*)bn_one->internal, 1);
wolfSSL 0:1239e9b70ca2 9727 }
wolfSSL 0:1239e9b70ca2 9728
wolfSSL 0:1239e9b70ca2 9729 return bn_one;
wolfSSL 0:1239e9b70ca2 9730 }
wolfSSL 0:1239e9b70ca2 9731
wolfSSL 0:1239e9b70ca2 9732
wolfSSL 0:1239e9b70ca2 9733 int CyaSSL_BN_num_bytes(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9734 {
wolfSSL 0:1239e9b70ca2 9735 CYASSL_MSG("CyaSSL_BN_num_bytes");
wolfSSL 0:1239e9b70ca2 9736
wolfSSL 0:1239e9b70ca2 9737 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9738 return 0;
wolfSSL 0:1239e9b70ca2 9739
wolfSSL 0:1239e9b70ca2 9740 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9741 }
wolfSSL 0:1239e9b70ca2 9742
wolfSSL 0:1239e9b70ca2 9743
wolfSSL 0:1239e9b70ca2 9744 int CyaSSL_BN_num_bits(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9745 {
wolfSSL 0:1239e9b70ca2 9746 CYASSL_MSG("CyaSSL_BN_num_bits");
wolfSSL 0:1239e9b70ca2 9747
wolfSSL 0:1239e9b70ca2 9748 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9749 return 0;
wolfSSL 0:1239e9b70ca2 9750
wolfSSL 0:1239e9b70ca2 9751 return mp_count_bits((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9752 }
wolfSSL 0:1239e9b70ca2 9753
wolfSSL 0:1239e9b70ca2 9754
wolfSSL 0:1239e9b70ca2 9755 int CyaSSL_BN_is_zero(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9756 {
wolfSSL 0:1239e9b70ca2 9757 CYASSL_MSG("CyaSSL_BN_is_zero");
wolfSSL 0:1239e9b70ca2 9758
wolfSSL 0:1239e9b70ca2 9759 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9760 return 0;
wolfSSL 0:1239e9b70ca2 9761
wolfSSL 0:1239e9b70ca2 9762 return mp_iszero((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9763 }
wolfSSL 0:1239e9b70ca2 9764
wolfSSL 0:1239e9b70ca2 9765
wolfSSL 0:1239e9b70ca2 9766 int CyaSSL_BN_is_one(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9767 {
wolfSSL 0:1239e9b70ca2 9768 CYASSL_MSG("CyaSSL_BN_is_one");
wolfSSL 0:1239e9b70ca2 9769
wolfSSL 0:1239e9b70ca2 9770 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9771 return 0;
wolfSSL 0:1239e9b70ca2 9772
wolfSSL 0:1239e9b70ca2 9773 if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
wolfSSL 0:1239e9b70ca2 9774 return 1;
wolfSSL 0:1239e9b70ca2 9775
wolfSSL 0:1239e9b70ca2 9776 return 0;
wolfSSL 0:1239e9b70ca2 9777 }
wolfSSL 0:1239e9b70ca2 9778
wolfSSL 0:1239e9b70ca2 9779
wolfSSL 0:1239e9b70ca2 9780 int CyaSSL_BN_is_odd(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9781 {
wolfSSL 0:1239e9b70ca2 9782 CYASSL_MSG("CyaSSL_BN_is_odd");
wolfSSL 0:1239e9b70ca2 9783
wolfSSL 0:1239e9b70ca2 9784 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9785 return 0;
wolfSSL 0:1239e9b70ca2 9786
wolfSSL 0:1239e9b70ca2 9787 return mp_isodd((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9788 }
wolfSSL 0:1239e9b70ca2 9789
wolfSSL 0:1239e9b70ca2 9790
wolfSSL 0:1239e9b70ca2 9791 int CyaSSL_BN_cmp(const CYASSL_BIGNUM* a, const CYASSL_BIGNUM* b)
wolfSSL 0:1239e9b70ca2 9792 {
wolfSSL 0:1239e9b70ca2 9793 CYASSL_MSG("CyaSSL_BN_cmp");
wolfSSL 0:1239e9b70ca2 9794
wolfSSL 0:1239e9b70ca2 9795 if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL)
wolfSSL 0:1239e9b70ca2 9796 return 0;
wolfSSL 0:1239e9b70ca2 9797
wolfSSL 0:1239e9b70ca2 9798 return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
wolfSSL 0:1239e9b70ca2 9799 }
wolfSSL 0:1239e9b70ca2 9800
wolfSSL 0:1239e9b70ca2 9801
wolfSSL 0:1239e9b70ca2 9802 int CyaSSL_BN_bn2bin(const CYASSL_BIGNUM* bn, unsigned char* r)
wolfSSL 0:1239e9b70ca2 9803 {
wolfSSL 0:1239e9b70ca2 9804 CYASSL_MSG("CyaSSL_BN_bn2bin");
wolfSSL 0:1239e9b70ca2 9805
wolfSSL 0:1239e9b70ca2 9806 if (bn == NULL || bn->internal == NULL) {
wolfSSL 0:1239e9b70ca2 9807 CYASSL_MSG("NULL bn error");
wolfSSL 0:1239e9b70ca2 9808 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9809 }
wolfSSL 0:1239e9b70ca2 9810
wolfSSL 0:1239e9b70ca2 9811 if (r == NULL)
wolfSSL 0:1239e9b70ca2 9812 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9813
wolfSSL 0:1239e9b70ca2 9814 if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 9815 CYASSL_MSG("mp_to_unsigned_bin error");
wolfSSL 0:1239e9b70ca2 9816 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9817 }
wolfSSL 0:1239e9b70ca2 9818
wolfSSL 0:1239e9b70ca2 9819 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9820 }
wolfSSL 0:1239e9b70ca2 9821
wolfSSL 0:1239e9b70ca2 9822
wolfSSL 0:1239e9b70ca2 9823 CYASSL_BIGNUM* CyaSSL_BN_bin2bn(const unsigned char* str, int len,
wolfSSL 0:1239e9b70ca2 9824 CYASSL_BIGNUM* ret)
wolfSSL 0:1239e9b70ca2 9825 {
wolfSSL 0:1239e9b70ca2 9826 CYASSL_MSG("CyaSSL_BN_bin2bn");
wolfSSL 0:1239e9b70ca2 9827
wolfSSL 0:1239e9b70ca2 9828 if (ret && ret->internal) {
wolfSSL 0:1239e9b70ca2 9829 if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
wolfSSL 0:1239e9b70ca2 9830 CYASSL_MSG("mp_read_unsigned_bin failure");
wolfSSL 0:1239e9b70ca2 9831 return NULL;
wolfSSL 0:1239e9b70ca2 9832 }
wolfSSL 0:1239e9b70ca2 9833 }
wolfSSL 0:1239e9b70ca2 9834 else {
wolfSSL 0:1239e9b70ca2 9835 CYASSL_MSG("CyaSSL_BN_bin2bn wants return bignum");
wolfSSL 0:1239e9b70ca2 9836 }
wolfSSL 0:1239e9b70ca2 9837
wolfSSL 0:1239e9b70ca2 9838 return ret;
wolfSSL 0:1239e9b70ca2 9839 }
wolfSSL 0:1239e9b70ca2 9840
wolfSSL 0:1239e9b70ca2 9841
wolfSSL 0:1239e9b70ca2 9842 int CyaSSL_mask_bits(CYASSL_BIGNUM* bn, int n)
wolfSSL 0:1239e9b70ca2 9843 {
wolfSSL 0:1239e9b70ca2 9844 (void)bn;
wolfSSL 0:1239e9b70ca2 9845 (void)n;
wolfSSL 0:1239e9b70ca2 9846 CYASSL_MSG("CyaSSL_BN_mask_bits");
wolfSSL 0:1239e9b70ca2 9847
wolfSSL 0:1239e9b70ca2 9848 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9849 }
wolfSSL 0:1239e9b70ca2 9850
wolfSSL 0:1239e9b70ca2 9851
wolfSSL 0:1239e9b70ca2 9852 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9853 int CyaSSL_BN_rand(CYASSL_BIGNUM* bn, int bits, int top, int bottom)
wolfSSL 0:1239e9b70ca2 9854 {
wolfSSL 0:1239e9b70ca2 9855 byte buff[1024];
wolfSSL 0:1239e9b70ca2 9856 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 9857 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 9858 int len = bits/8;
wolfSSL 0:1239e9b70ca2 9859
wolfSSL 0:1239e9b70ca2 9860 (void)top;
wolfSSL 0:1239e9b70ca2 9861 (void)bottom;
wolfSSL 0:1239e9b70ca2 9862 CYASSL_MSG("CyaSSL_BN_rand");
wolfSSL 0:1239e9b70ca2 9863
wolfSSL 0:1239e9b70ca2 9864 if (bn == NULL || bn->internal == NULL) {
wolfSSL 0:1239e9b70ca2 9865 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 9866 return 0;
wolfSSL 0:1239e9b70ca2 9867 }
wolfSSL 0:1239e9b70ca2 9868
wolfSSL 0:1239e9b70ca2 9869 if (bits % 8)
wolfSSL 0:1239e9b70ca2 9870 len++;
wolfSSL 0:1239e9b70ca2 9871
wolfSSL 0:1239e9b70ca2 9872 if ( (InitRng(&tmpRNG)) != 0) {
wolfSSL 0:1239e9b70ca2 9873 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 9874 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 9875 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 9876 return 0;
wolfSSL 0:1239e9b70ca2 9877 }
wolfSSL 0:1239e9b70ca2 9878 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 9879 }
wolfSSL 0:1239e9b70ca2 9880
wolfSSL 0:1239e9b70ca2 9881 if (RNG_GenerateBlock(rng, buff, len) != 0) {
wolfSSL 0:1239e9b70ca2 9882 CYASSL_MSG("Bad RNG_GenerateBlock");
wolfSSL 0:1239e9b70ca2 9883 return 0;
wolfSSL 0:1239e9b70ca2 9884 }
wolfSSL 0:1239e9b70ca2 9885
wolfSSL 0:1239e9b70ca2 9886 buff[0] |= 0x80 | 0x40;
wolfSSL 0:1239e9b70ca2 9887 buff[len-1] |= 0x01;
wolfSSL 0:1239e9b70ca2 9888
wolfSSL 0:1239e9b70ca2 9889 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 9890 CYASSL_MSG("mp read bin failed");
wolfSSL 0:1239e9b70ca2 9891 return 0;
wolfSSL 0:1239e9b70ca2 9892 }
wolfSSL 0:1239e9b70ca2 9893
wolfSSL 0:1239e9b70ca2 9894 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9895 }
wolfSSL 0:1239e9b70ca2 9896
wolfSSL 0:1239e9b70ca2 9897
wolfSSL 0:1239e9b70ca2 9898 int CyaSSL_BN_is_bit_set(const CYASSL_BIGNUM* bn, int n)
wolfSSL 0:1239e9b70ca2 9899 {
wolfSSL 0:1239e9b70ca2 9900 (void)bn;
wolfSSL 0:1239e9b70ca2 9901 (void)n;
wolfSSL 0:1239e9b70ca2 9902
wolfSSL 0:1239e9b70ca2 9903 CYASSL_MSG("CyaSSL_BN_is_bit_set");
wolfSSL 0:1239e9b70ca2 9904
wolfSSL 0:1239e9b70ca2 9905 return 0;
wolfSSL 0:1239e9b70ca2 9906 }
wolfSSL 0:1239e9b70ca2 9907
wolfSSL 0:1239e9b70ca2 9908
wolfSSL 0:1239e9b70ca2 9909 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9910 int CyaSSL_BN_hex2bn(CYASSL_BIGNUM** bn, const char* str)
wolfSSL 0:1239e9b70ca2 9911 {
wolfSSL 0:1239e9b70ca2 9912 byte decoded[1024];
wolfSSL 0:1239e9b70ca2 9913 word32 decSz = sizeof(decoded);
wolfSSL 0:1239e9b70ca2 9914
wolfSSL 0:1239e9b70ca2 9915 CYASSL_MSG("CyaSSL_BN_hex2bn");
wolfSSL 0:1239e9b70ca2 9916
wolfSSL 0:1239e9b70ca2 9917 if (str == NULL) {
wolfSSL 0:1239e9b70ca2 9918 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 9919 return 0;
wolfSSL 0:1239e9b70ca2 9920 }
wolfSSL 0:1239e9b70ca2 9921
wolfSSL 0:1239e9b70ca2 9922 if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0) {
wolfSSL 0:1239e9b70ca2 9923 CYASSL_MSG("Bad Base16_Decode error");
wolfSSL 0:1239e9b70ca2 9924 return 0;
wolfSSL 0:1239e9b70ca2 9925 }
wolfSSL 0:1239e9b70ca2 9926
wolfSSL 0:1239e9b70ca2 9927 if (bn == NULL)
wolfSSL 0:1239e9b70ca2 9928 return decSz;
wolfSSL 0:1239e9b70ca2 9929
wolfSSL 0:1239e9b70ca2 9930 if (*bn == NULL) {
wolfSSL 0:1239e9b70ca2 9931 *bn = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 9932 if (*bn == NULL) {
wolfSSL 0:1239e9b70ca2 9933 CYASSL_MSG("BN new failed");
wolfSSL 0:1239e9b70ca2 9934 return 0;
wolfSSL 0:1239e9b70ca2 9935 }
wolfSSL 0:1239e9b70ca2 9936 }
wolfSSL 0:1239e9b70ca2 9937
wolfSSL 0:1239e9b70ca2 9938 if (CyaSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) {
wolfSSL 0:1239e9b70ca2 9939 CYASSL_MSG("Bad bin2bn error");
wolfSSL 0:1239e9b70ca2 9940 return 0;
wolfSSL 0:1239e9b70ca2 9941 }
wolfSSL 0:1239e9b70ca2 9942
wolfSSL 0:1239e9b70ca2 9943 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9944 }
wolfSSL 0:1239e9b70ca2 9945
wolfSSL 0:1239e9b70ca2 9946
wolfSSL 0:1239e9b70ca2 9947 CYASSL_BIGNUM* CyaSSL_BN_dup(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9948 {
wolfSSL 0:1239e9b70ca2 9949 CYASSL_BIGNUM* ret;
wolfSSL 0:1239e9b70ca2 9950
wolfSSL 0:1239e9b70ca2 9951 CYASSL_MSG("CyaSSL_BN_dup");
wolfSSL 0:1239e9b70ca2 9952
wolfSSL 0:1239e9b70ca2 9953 if (bn == NULL || bn->internal == NULL) {
wolfSSL 0:1239e9b70ca2 9954 CYASSL_MSG("bn NULL error");
wolfSSL 0:1239e9b70ca2 9955 return NULL;
wolfSSL 0:1239e9b70ca2 9956 }
wolfSSL 0:1239e9b70ca2 9957
wolfSSL 0:1239e9b70ca2 9958 ret = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 9959 if (ret == NULL) {
wolfSSL 0:1239e9b70ca2 9960 CYASSL_MSG("bn new error");
wolfSSL 0:1239e9b70ca2 9961 return NULL;
wolfSSL 0:1239e9b70ca2 9962 }
wolfSSL 0:1239e9b70ca2 9963
wolfSSL 0:1239e9b70ca2 9964 if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 9965 CYASSL_MSG("mp_copy error");
wolfSSL 0:1239e9b70ca2 9966 CyaSSL_BN_free(ret);
wolfSSL 0:1239e9b70ca2 9967 return NULL;
wolfSSL 0:1239e9b70ca2 9968 }
wolfSSL 0:1239e9b70ca2 9969
wolfSSL 0:1239e9b70ca2 9970 return ret;
wolfSSL 0:1239e9b70ca2 9971 }
wolfSSL 0:1239e9b70ca2 9972
wolfSSL 0:1239e9b70ca2 9973
wolfSSL 0:1239e9b70ca2 9974 CYASSL_BIGNUM* CyaSSL_BN_copy(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9975 {
wolfSSL 0:1239e9b70ca2 9976 (void)r;
wolfSSL 0:1239e9b70ca2 9977 (void)bn;
wolfSSL 0:1239e9b70ca2 9978
wolfSSL 0:1239e9b70ca2 9979 CYASSL_MSG("CyaSSL_BN_copy");
wolfSSL 0:1239e9b70ca2 9980
wolfSSL 0:1239e9b70ca2 9981 return NULL;
wolfSSL 0:1239e9b70ca2 9982 }
wolfSSL 0:1239e9b70ca2 9983
wolfSSL 0:1239e9b70ca2 9984
wolfSSL 0:1239e9b70ca2 9985 int CyaSSL_BN_set_word(CYASSL_BIGNUM* bn, unsigned long w)
wolfSSL 0:1239e9b70ca2 9986 {
wolfSSL 0:1239e9b70ca2 9987 (void)bn;
wolfSSL 0:1239e9b70ca2 9988 (void)w;
wolfSSL 0:1239e9b70ca2 9989
wolfSSL 0:1239e9b70ca2 9990 CYASSL_MSG("CyaSSL_BN_set_word");
wolfSSL 0:1239e9b70ca2 9991
wolfSSL 0:1239e9b70ca2 9992 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9993 }
wolfSSL 0:1239e9b70ca2 9994
wolfSSL 0:1239e9b70ca2 9995
wolfSSL 0:1239e9b70ca2 9996 int CyaSSL_BN_dec2bn(CYASSL_BIGNUM** bn, const char* str)
wolfSSL 0:1239e9b70ca2 9997 {
wolfSSL 0:1239e9b70ca2 9998 (void)bn;
wolfSSL 0:1239e9b70ca2 9999 (void)str;
wolfSSL 0:1239e9b70ca2 10000
wolfSSL 0:1239e9b70ca2 10001 CYASSL_MSG("CyaSSL_BN_dec2bn");
wolfSSL 0:1239e9b70ca2 10002
wolfSSL 0:1239e9b70ca2 10003 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10004 }
wolfSSL 0:1239e9b70ca2 10005
wolfSSL 0:1239e9b70ca2 10006
wolfSSL 0:1239e9b70ca2 10007 char* CyaSSL_BN_bn2dec(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 10008 {
wolfSSL 0:1239e9b70ca2 10009 (void)bn;
wolfSSL 0:1239e9b70ca2 10010
wolfSSL 0:1239e9b70ca2 10011 CYASSL_MSG("CyaSSL_BN_bn2dec");
wolfSSL 0:1239e9b70ca2 10012
wolfSSL 0:1239e9b70ca2 10013 return NULL;
wolfSSL 0:1239e9b70ca2 10014 }
wolfSSL 0:1239e9b70ca2 10015
wolfSSL 0:1239e9b70ca2 10016
wolfSSL 0:1239e9b70ca2 10017 static void InitCyaSSL_DH(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10018 {
wolfSSL 0:1239e9b70ca2 10019 if (dh) {
wolfSSL 0:1239e9b70ca2 10020 dh->p = NULL;
wolfSSL 0:1239e9b70ca2 10021 dh->g = NULL;
wolfSSL 0:1239e9b70ca2 10022 dh->pub_key = NULL;
wolfSSL 0:1239e9b70ca2 10023 dh->priv_key = NULL;
wolfSSL 0:1239e9b70ca2 10024 dh->internal = NULL;
wolfSSL 0:1239e9b70ca2 10025 dh->inSet = 0;
wolfSSL 0:1239e9b70ca2 10026 dh->exSet = 0;
wolfSSL 0:1239e9b70ca2 10027 }
wolfSSL 0:1239e9b70ca2 10028 }
wolfSSL 0:1239e9b70ca2 10029
wolfSSL 0:1239e9b70ca2 10030
wolfSSL 0:1239e9b70ca2 10031 CYASSL_DH* CyaSSL_DH_new(void)
wolfSSL 0:1239e9b70ca2 10032 {
wolfSSL 0:1239e9b70ca2 10033 CYASSL_DH* external;
wolfSSL 0:1239e9b70ca2 10034 DhKey* key;
wolfSSL 0:1239e9b70ca2 10035
wolfSSL 0:1239e9b70ca2 10036 CYASSL_MSG("CyaSSL_DH_new");
wolfSSL 0:1239e9b70ca2 10037
wolfSSL 0:1239e9b70ca2 10038 key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10039 if (key == NULL) {
wolfSSL 0:1239e9b70ca2 10040 CYASSL_MSG("CyaSSL_DH_new malloc DhKey failure");
wolfSSL 0:1239e9b70ca2 10041 return NULL;
wolfSSL 0:1239e9b70ca2 10042 }
wolfSSL 0:1239e9b70ca2 10043
wolfSSL 0:1239e9b70ca2 10044 external = (CYASSL_DH*) XMALLOC(sizeof(CYASSL_DH), NULL,
wolfSSL 0:1239e9b70ca2 10045 DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10046 if (external == NULL) {
wolfSSL 0:1239e9b70ca2 10047 CYASSL_MSG("CyaSSL_DH_new malloc CYASSL_DH failure");
wolfSSL 0:1239e9b70ca2 10048 XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10049 return NULL;
wolfSSL 0:1239e9b70ca2 10050 }
wolfSSL 0:1239e9b70ca2 10051
wolfSSL 0:1239e9b70ca2 10052 InitCyaSSL_DH(external);
wolfSSL 0:1239e9b70ca2 10053 InitDhKey(key);
wolfSSL 0:1239e9b70ca2 10054 external->internal = key;
wolfSSL 0:1239e9b70ca2 10055
wolfSSL 0:1239e9b70ca2 10056 return external;
wolfSSL 0:1239e9b70ca2 10057 }
wolfSSL 0:1239e9b70ca2 10058
wolfSSL 0:1239e9b70ca2 10059
wolfSSL 0:1239e9b70ca2 10060 void CyaSSL_DH_free(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10061 {
wolfSSL 0:1239e9b70ca2 10062 CYASSL_MSG("CyaSSL_DH_free");
wolfSSL 0:1239e9b70ca2 10063
wolfSSL 0:1239e9b70ca2 10064 if (dh) {
wolfSSL 0:1239e9b70ca2 10065 if (dh->internal) {
wolfSSL 0:1239e9b70ca2 10066 FreeDhKey((DhKey*)dh->internal);
wolfSSL 0:1239e9b70ca2 10067 XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10068 dh->internal = NULL;
wolfSSL 0:1239e9b70ca2 10069 }
wolfSSL 0:1239e9b70ca2 10070 CyaSSL_BN_free(dh->priv_key);
wolfSSL 0:1239e9b70ca2 10071 CyaSSL_BN_free(dh->pub_key);
wolfSSL 0:1239e9b70ca2 10072 CyaSSL_BN_free(dh->g);
wolfSSL 0:1239e9b70ca2 10073 CyaSSL_BN_free(dh->p);
wolfSSL 0:1239e9b70ca2 10074 InitCyaSSL_DH(dh); /* set back to NULLs for safety */
wolfSSL 0:1239e9b70ca2 10075
wolfSSL 0:1239e9b70ca2 10076 XFREE(dh, NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10077 }
wolfSSL 0:1239e9b70ca2 10078 }
wolfSSL 0:1239e9b70ca2 10079
wolfSSL 0:1239e9b70ca2 10080
wolfSSL 0:1239e9b70ca2 10081 static int SetDhInternal(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10082 {
wolfSSL 0:1239e9b70ca2 10083 unsigned char p[1024];
wolfSSL 0:1239e9b70ca2 10084 unsigned char g[1024];
wolfSSL 0:1239e9b70ca2 10085 int pSz = sizeof(p);
wolfSSL 0:1239e9b70ca2 10086 int gSz = sizeof(g);
wolfSSL 0:1239e9b70ca2 10087
wolfSSL 0:1239e9b70ca2 10088 CYASSL_ENTER("SetDhInternal");
wolfSSL 0:1239e9b70ca2 10089
wolfSSL 0:1239e9b70ca2 10090 if (dh == NULL || dh->p == NULL || dh->g == NULL) {
wolfSSL 0:1239e9b70ca2 10091 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10092 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10093 }
wolfSSL 0:1239e9b70ca2 10094
wolfSSL 0:1239e9b70ca2 10095 if (CyaSSL_BN_bn2bin(dh->p, NULL) > pSz) {
wolfSSL 0:1239e9b70ca2 10096 CYASSL_MSG("Bad p internal size");
wolfSSL 0:1239e9b70ca2 10097 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10098 }
wolfSSL 0:1239e9b70ca2 10099
wolfSSL 0:1239e9b70ca2 10100 if (CyaSSL_BN_bn2bin(dh->g, NULL) > gSz) {
wolfSSL 0:1239e9b70ca2 10101 CYASSL_MSG("Bad g internal size");
wolfSSL 0:1239e9b70ca2 10102 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10103 }
wolfSSL 0:1239e9b70ca2 10104
wolfSSL 0:1239e9b70ca2 10105 pSz = CyaSSL_BN_bn2bin(dh->p, p);
wolfSSL 0:1239e9b70ca2 10106 gSz = CyaSSL_BN_bn2bin(dh->g, g);
wolfSSL 0:1239e9b70ca2 10107
wolfSSL 0:1239e9b70ca2 10108 if (pSz <= 0 || gSz <= 0) {
wolfSSL 0:1239e9b70ca2 10109 CYASSL_MSG("Bad BN2bin set");
wolfSSL 0:1239e9b70ca2 10110 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10111 }
wolfSSL 0:1239e9b70ca2 10112
wolfSSL 0:1239e9b70ca2 10113 if (DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0) {
wolfSSL 0:1239e9b70ca2 10114 CYASSL_MSG("Bad DH SetKey");
wolfSSL 0:1239e9b70ca2 10115 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10116 }
wolfSSL 0:1239e9b70ca2 10117
wolfSSL 0:1239e9b70ca2 10118 dh->inSet = 1;
wolfSSL 0:1239e9b70ca2 10119
wolfSSL 0:1239e9b70ca2 10120 return 0;
wolfSSL 0:1239e9b70ca2 10121 }
wolfSSL 0:1239e9b70ca2 10122
wolfSSL 0:1239e9b70ca2 10123
wolfSSL 0:1239e9b70ca2 10124 int CyaSSL_DH_size(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10125 {
wolfSSL 0:1239e9b70ca2 10126 CYASSL_MSG("CyaSSL_DH_size");
wolfSSL 0:1239e9b70ca2 10127
wolfSSL 0:1239e9b70ca2 10128 if (dh == NULL)
wolfSSL 0:1239e9b70ca2 10129 return 0;
wolfSSL 0:1239e9b70ca2 10130
wolfSSL 0:1239e9b70ca2 10131 return CyaSSL_BN_num_bytes(dh->p);
wolfSSL 0:1239e9b70ca2 10132 }
wolfSSL 0:1239e9b70ca2 10133
wolfSSL 0:1239e9b70ca2 10134
wolfSSL 0:1239e9b70ca2 10135 /* return SSL_SUCCESS on ok, else 0 */
wolfSSL 0:1239e9b70ca2 10136 int CyaSSL_DH_generate_key(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10137 {
wolfSSL 0:1239e9b70ca2 10138 unsigned char pub [768];
wolfSSL 0:1239e9b70ca2 10139 unsigned char priv[768];
wolfSSL 0:1239e9b70ca2 10140 word32 pubSz = sizeof(pub);
wolfSSL 0:1239e9b70ca2 10141 word32 privSz = sizeof(priv);
wolfSSL 0:1239e9b70ca2 10142 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 10143 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 10144
wolfSSL 0:1239e9b70ca2 10145 CYASSL_MSG("CyaSSL_DH_generate_key");
wolfSSL 0:1239e9b70ca2 10146
wolfSSL 0:1239e9b70ca2 10147 if (dh == NULL || dh->p == NULL || dh->g == NULL) {
wolfSSL 0:1239e9b70ca2 10148 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10149 return 0;
wolfSSL 0:1239e9b70ca2 10150 }
wolfSSL 0:1239e9b70ca2 10151
wolfSSL 0:1239e9b70ca2 10152 if (dh->inSet == 0) {
wolfSSL 0:1239e9b70ca2 10153 if (SetDhInternal(dh) < 0) {
wolfSSL 0:1239e9b70ca2 10154 CYASSL_MSG("Bad DH set internal");
wolfSSL 0:1239e9b70ca2 10155 return 0;
wolfSSL 0:1239e9b70ca2 10156 }
wolfSSL 0:1239e9b70ca2 10157 }
wolfSSL 0:1239e9b70ca2 10158
wolfSSL 0:1239e9b70ca2 10159 if ( (InitRng(&tmpRNG)) != 0) {
wolfSSL 0:1239e9b70ca2 10160 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 10161 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 10162 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 10163 return 0;
wolfSSL 0:1239e9b70ca2 10164 }
wolfSSL 0:1239e9b70ca2 10165 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 10166 }
wolfSSL 0:1239e9b70ca2 10167
wolfSSL 0:1239e9b70ca2 10168 if (DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
wolfSSL 0:1239e9b70ca2 10169 pub, &pubSz) < 0) {
wolfSSL 0:1239e9b70ca2 10170 CYASSL_MSG("Bad DhGenerateKeyPair");
wolfSSL 0:1239e9b70ca2 10171 return 0;
wolfSSL 0:1239e9b70ca2 10172 }
wolfSSL 0:1239e9b70ca2 10173
wolfSSL 0:1239e9b70ca2 10174 if (dh->pub_key)
wolfSSL 0:1239e9b70ca2 10175 CyaSSL_BN_free(dh->pub_key);
wolfSSL 0:1239e9b70ca2 10176 dh->pub_key = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 10177 if (dh->pub_key == NULL) {
wolfSSL 0:1239e9b70ca2 10178 CYASSL_MSG("Bad DH new pub");
wolfSSL 0:1239e9b70ca2 10179 return 0;
wolfSSL 0:1239e9b70ca2 10180 }
wolfSSL 0:1239e9b70ca2 10181
wolfSSL 0:1239e9b70ca2 10182 if (dh->priv_key)
wolfSSL 0:1239e9b70ca2 10183 CyaSSL_BN_free(dh->priv_key);
wolfSSL 0:1239e9b70ca2 10184 dh->priv_key = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 10185 if (dh->priv_key == NULL) {
wolfSSL 0:1239e9b70ca2 10186 CYASSL_MSG("Bad DH new priv");
wolfSSL 0:1239e9b70ca2 10187 return 0;
wolfSSL 0:1239e9b70ca2 10188 }
wolfSSL 0:1239e9b70ca2 10189
wolfSSL 0:1239e9b70ca2 10190 if (CyaSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL) {
wolfSSL 0:1239e9b70ca2 10191 CYASSL_MSG("Bad DH bn2bin error pub");
wolfSSL 0:1239e9b70ca2 10192 return 0;
wolfSSL 0:1239e9b70ca2 10193 }
wolfSSL 0:1239e9b70ca2 10194
wolfSSL 0:1239e9b70ca2 10195 if (CyaSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL) {
wolfSSL 0:1239e9b70ca2 10196 CYASSL_MSG("Bad DH bn2bin error priv");
wolfSSL 0:1239e9b70ca2 10197 return 0;
wolfSSL 0:1239e9b70ca2 10198 }
wolfSSL 0:1239e9b70ca2 10199
wolfSSL 0:1239e9b70ca2 10200 CYASSL_MSG("CyaSSL_generate_key success");
wolfSSL 0:1239e9b70ca2 10201 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10202 }
wolfSSL 0:1239e9b70ca2 10203
wolfSSL 0:1239e9b70ca2 10204
wolfSSL 0:1239e9b70ca2 10205 /* return key size on ok, 0 otherwise */
wolfSSL 0:1239e9b70ca2 10206 int CyaSSL_DH_compute_key(unsigned char* key, CYASSL_BIGNUM* otherPub,
wolfSSL 0:1239e9b70ca2 10207 CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10208 {
wolfSSL 0:1239e9b70ca2 10209 unsigned char pub [1024];
wolfSSL 0:1239e9b70ca2 10210 unsigned char priv[1024];
wolfSSL 0:1239e9b70ca2 10211 word32 pubSz = sizeof(pub);
wolfSSL 0:1239e9b70ca2 10212 word32 privSz = sizeof(priv);
wolfSSL 0:1239e9b70ca2 10213 word32 keySz;
wolfSSL 0:1239e9b70ca2 10214
wolfSSL 0:1239e9b70ca2 10215 CYASSL_MSG("CyaSSL_DH_compute_key");
wolfSSL 0:1239e9b70ca2 10216
wolfSSL 0:1239e9b70ca2 10217 if (dh == NULL || dh->priv_key == NULL || otherPub == NULL) {
wolfSSL 0:1239e9b70ca2 10218 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10219 return 0;
wolfSSL 0:1239e9b70ca2 10220 }
wolfSSL 0:1239e9b70ca2 10221
wolfSSL 0:1239e9b70ca2 10222 keySz = (word32)DH_size(dh);
wolfSSL 0:1239e9b70ca2 10223 if (keySz == 0) {
wolfSSL 0:1239e9b70ca2 10224 CYASSL_MSG("Bad DH_size");
wolfSSL 0:1239e9b70ca2 10225 return 0;
wolfSSL 0:1239e9b70ca2 10226 }
wolfSSL 0:1239e9b70ca2 10227
wolfSSL 0:1239e9b70ca2 10228 if (CyaSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz) {
wolfSSL 0:1239e9b70ca2 10229 CYASSL_MSG("Bad priv internal size");
wolfSSL 0:1239e9b70ca2 10230 return 0;
wolfSSL 0:1239e9b70ca2 10231 }
wolfSSL 0:1239e9b70ca2 10232
wolfSSL 0:1239e9b70ca2 10233 if (CyaSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz) {
wolfSSL 0:1239e9b70ca2 10234 CYASSL_MSG("Bad otherPub size");
wolfSSL 0:1239e9b70ca2 10235 return 0;
wolfSSL 0:1239e9b70ca2 10236 }
wolfSSL 0:1239e9b70ca2 10237
wolfSSL 0:1239e9b70ca2 10238 privSz = CyaSSL_BN_bn2bin(dh->priv_key, priv);
wolfSSL 0:1239e9b70ca2 10239 pubSz = CyaSSL_BN_bn2bin(otherPub, pub);
wolfSSL 0:1239e9b70ca2 10240
wolfSSL 0:1239e9b70ca2 10241 if (privSz <= 0 || pubSz <= 0) {
wolfSSL 0:1239e9b70ca2 10242 CYASSL_MSG("Bad BN2bin set");
wolfSSL 0:1239e9b70ca2 10243 return 0;
wolfSSL 0:1239e9b70ca2 10244 }
wolfSSL 0:1239e9b70ca2 10245
wolfSSL 0:1239e9b70ca2 10246 if (DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub,
wolfSSL 0:1239e9b70ca2 10247 pubSz) < 0) {
wolfSSL 0:1239e9b70ca2 10248 CYASSL_MSG("DhAgree failed");
wolfSSL 0:1239e9b70ca2 10249 return 0;
wolfSSL 0:1239e9b70ca2 10250 }
wolfSSL 0:1239e9b70ca2 10251
wolfSSL 0:1239e9b70ca2 10252 CYASSL_MSG("CyaSSL_compute_key success");
wolfSSL 0:1239e9b70ca2 10253 return (int)keySz;
wolfSSL 0:1239e9b70ca2 10254 }
wolfSSL 0:1239e9b70ca2 10255
wolfSSL 0:1239e9b70ca2 10256
wolfSSL 0:1239e9b70ca2 10257 #ifndef NO_DSA
wolfSSL 0:1239e9b70ca2 10258 static void InitCyaSSL_DSA(CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10259 {
wolfSSL 0:1239e9b70ca2 10260 if (dsa) {
wolfSSL 0:1239e9b70ca2 10261 dsa->p = NULL;
wolfSSL 0:1239e9b70ca2 10262 dsa->q = NULL;
wolfSSL 0:1239e9b70ca2 10263 dsa->g = NULL;
wolfSSL 0:1239e9b70ca2 10264 dsa->pub_key = NULL;
wolfSSL 0:1239e9b70ca2 10265 dsa->priv_key = NULL;
wolfSSL 0:1239e9b70ca2 10266 dsa->internal = NULL;
wolfSSL 0:1239e9b70ca2 10267 dsa->inSet = 0;
wolfSSL 0:1239e9b70ca2 10268 dsa->exSet = 0;
wolfSSL 0:1239e9b70ca2 10269 }
wolfSSL 0:1239e9b70ca2 10270 }
wolfSSL 0:1239e9b70ca2 10271
wolfSSL 0:1239e9b70ca2 10272
wolfSSL 0:1239e9b70ca2 10273 CYASSL_DSA* CyaSSL_DSA_new(void)
wolfSSL 0:1239e9b70ca2 10274 {
wolfSSL 0:1239e9b70ca2 10275 CYASSL_DSA* external;
wolfSSL 0:1239e9b70ca2 10276 DsaKey* key;
wolfSSL 0:1239e9b70ca2 10277
wolfSSL 0:1239e9b70ca2 10278 CYASSL_MSG("CyaSSL_DSA_new");
wolfSSL 0:1239e9b70ca2 10279
wolfSSL 0:1239e9b70ca2 10280 key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10281 if (key == NULL) {
wolfSSL 0:1239e9b70ca2 10282 CYASSL_MSG("CyaSSL_DSA_new malloc DsaKey failure");
wolfSSL 0:1239e9b70ca2 10283 return NULL;
wolfSSL 0:1239e9b70ca2 10284 }
wolfSSL 0:1239e9b70ca2 10285
wolfSSL 0:1239e9b70ca2 10286 external = (CYASSL_DSA*) XMALLOC(sizeof(CYASSL_DSA), NULL,
wolfSSL 0:1239e9b70ca2 10287 DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10288 if (external == NULL) {
wolfSSL 0:1239e9b70ca2 10289 CYASSL_MSG("CyaSSL_DSA_new malloc CYASSL_DSA failure");
wolfSSL 0:1239e9b70ca2 10290 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10291 return NULL;
wolfSSL 0:1239e9b70ca2 10292 }
wolfSSL 0:1239e9b70ca2 10293
wolfSSL 0:1239e9b70ca2 10294 InitCyaSSL_DSA(external);
wolfSSL 0:1239e9b70ca2 10295 InitDsaKey(key);
wolfSSL 0:1239e9b70ca2 10296 external->internal = key;
wolfSSL 0:1239e9b70ca2 10297
wolfSSL 0:1239e9b70ca2 10298 return external;
wolfSSL 0:1239e9b70ca2 10299 }
wolfSSL 0:1239e9b70ca2 10300
wolfSSL 0:1239e9b70ca2 10301
wolfSSL 0:1239e9b70ca2 10302 void CyaSSL_DSA_free(CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10303 {
wolfSSL 0:1239e9b70ca2 10304 CYASSL_MSG("CyaSSL_DSA_free");
wolfSSL 0:1239e9b70ca2 10305
wolfSSL 0:1239e9b70ca2 10306 if (dsa) {
wolfSSL 0:1239e9b70ca2 10307 if (dsa->internal) {
wolfSSL 0:1239e9b70ca2 10308 FreeDsaKey((DsaKey*)dsa->internal);
wolfSSL 0:1239e9b70ca2 10309 XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10310 dsa->internal = NULL;
wolfSSL 0:1239e9b70ca2 10311 }
wolfSSL 0:1239e9b70ca2 10312 CyaSSL_BN_free(dsa->priv_key);
wolfSSL 0:1239e9b70ca2 10313 CyaSSL_BN_free(dsa->pub_key);
wolfSSL 0:1239e9b70ca2 10314 CyaSSL_BN_free(dsa->g);
wolfSSL 0:1239e9b70ca2 10315 CyaSSL_BN_free(dsa->q);
wolfSSL 0:1239e9b70ca2 10316 CyaSSL_BN_free(dsa->p);
wolfSSL 0:1239e9b70ca2 10317 InitCyaSSL_DSA(dsa); /* set back to NULLs for safety */
wolfSSL 0:1239e9b70ca2 10318
wolfSSL 0:1239e9b70ca2 10319 XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10320 }
wolfSSL 0:1239e9b70ca2 10321 }
wolfSSL 0:1239e9b70ca2 10322
wolfSSL 0:1239e9b70ca2 10323
wolfSSL 0:1239e9b70ca2 10324 int CyaSSL_DSA_generate_key(CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10325 {
wolfSSL 0:1239e9b70ca2 10326 (void)dsa;
wolfSSL 0:1239e9b70ca2 10327
wolfSSL 0:1239e9b70ca2 10328 CYASSL_MSG("CyaSSL_DSA_generate_key");
wolfSSL 0:1239e9b70ca2 10329
wolfSSL 0:1239e9b70ca2 10330 return 0; /* key gen not needed by server */
wolfSSL 0:1239e9b70ca2 10331 }
wolfSSL 0:1239e9b70ca2 10332
wolfSSL 0:1239e9b70ca2 10333
wolfSSL 0:1239e9b70ca2 10334 int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA* dsa, int bits,
wolfSSL 0:1239e9b70ca2 10335 unsigned char* seed, int seedLen, int* counterRet,
wolfSSL 0:1239e9b70ca2 10336 unsigned long* hRet, void* cb)
wolfSSL 0:1239e9b70ca2 10337 {
wolfSSL 0:1239e9b70ca2 10338 (void)dsa;
wolfSSL 0:1239e9b70ca2 10339 (void)bits;
wolfSSL 0:1239e9b70ca2 10340 (void)seed;
wolfSSL 0:1239e9b70ca2 10341 (void)seedLen;
wolfSSL 0:1239e9b70ca2 10342 (void)counterRet;
wolfSSL 0:1239e9b70ca2 10343 (void)hRet;
wolfSSL 0:1239e9b70ca2 10344 (void)cb;
wolfSSL 0:1239e9b70ca2 10345
wolfSSL 0:1239e9b70ca2 10346 CYASSL_MSG("CyaSSL_DSA_generate_parameters_ex");
wolfSSL 0:1239e9b70ca2 10347
wolfSSL 0:1239e9b70ca2 10348 return 0; /* key gen not needed by server */
wolfSSL 0:1239e9b70ca2 10349 }
wolfSSL 0:1239e9b70ca2 10350 #endif /* NO_DSA */
wolfSSL 0:1239e9b70ca2 10351
wolfSSL 0:1239e9b70ca2 10352 static void InitCyaSSL_Rsa(CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10353 {
wolfSSL 0:1239e9b70ca2 10354 if (rsa) {
wolfSSL 0:1239e9b70ca2 10355 rsa->n = NULL;
wolfSSL 0:1239e9b70ca2 10356 rsa->e = NULL;
wolfSSL 0:1239e9b70ca2 10357 rsa->d = NULL;
wolfSSL 0:1239e9b70ca2 10358 rsa->p = NULL;
wolfSSL 0:1239e9b70ca2 10359 rsa->q = NULL;
wolfSSL 0:1239e9b70ca2 10360 rsa->dmp1 = NULL;
wolfSSL 0:1239e9b70ca2 10361 rsa->dmq1 = NULL;
wolfSSL 0:1239e9b70ca2 10362 rsa->iqmp = NULL;
wolfSSL 0:1239e9b70ca2 10363 rsa->internal = NULL;
wolfSSL 0:1239e9b70ca2 10364 rsa->inSet = 0;
wolfSSL 0:1239e9b70ca2 10365 rsa->exSet = 0;
wolfSSL 0:1239e9b70ca2 10366 }
wolfSSL 0:1239e9b70ca2 10367 }
wolfSSL 0:1239e9b70ca2 10368
wolfSSL 0:1239e9b70ca2 10369
wolfSSL 0:1239e9b70ca2 10370 CYASSL_RSA* CyaSSL_RSA_new(void)
wolfSSL 0:1239e9b70ca2 10371 {
wolfSSL 0:1239e9b70ca2 10372 CYASSL_RSA* external;
wolfSSL 0:1239e9b70ca2 10373 RsaKey* key;
wolfSSL 0:1239e9b70ca2 10374
wolfSSL 0:1239e9b70ca2 10375 CYASSL_MSG("CyaSSL_RSA_new");
wolfSSL 0:1239e9b70ca2 10376
wolfSSL 0:1239e9b70ca2 10377 key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10378 if (key == NULL) {
wolfSSL 0:1239e9b70ca2 10379 CYASSL_MSG("CyaSSL_RSA_new malloc RsaKey failure");
wolfSSL 0:1239e9b70ca2 10380 return NULL;
wolfSSL 0:1239e9b70ca2 10381 }
wolfSSL 0:1239e9b70ca2 10382
wolfSSL 0:1239e9b70ca2 10383 external = (CYASSL_RSA*) XMALLOC(sizeof(CYASSL_RSA), NULL,
wolfSSL 0:1239e9b70ca2 10384 DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10385 if (external == NULL) {
wolfSSL 0:1239e9b70ca2 10386 CYASSL_MSG("CyaSSL_RSA_new malloc CYASSL_RSA failure");
wolfSSL 0:1239e9b70ca2 10387 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10388 return NULL;
wolfSSL 0:1239e9b70ca2 10389 }
wolfSSL 0:1239e9b70ca2 10390
wolfSSL 0:1239e9b70ca2 10391 InitCyaSSL_Rsa(external);
wolfSSL 0:1239e9b70ca2 10392 if (InitRsaKey(key, NULL) != 0) {
wolfSSL 0:1239e9b70ca2 10393 CYASSL_MSG("InitRsaKey CYASSL_RSA failure");
wolfSSL 0:1239e9b70ca2 10394 XFREE(external, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10395 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10396 return NULL;
wolfSSL 0:1239e9b70ca2 10397 }
wolfSSL 0:1239e9b70ca2 10398 external->internal = key;
wolfSSL 0:1239e9b70ca2 10399
wolfSSL 0:1239e9b70ca2 10400 return external;
wolfSSL 0:1239e9b70ca2 10401 }
wolfSSL 0:1239e9b70ca2 10402
wolfSSL 0:1239e9b70ca2 10403
wolfSSL 0:1239e9b70ca2 10404 void CyaSSL_RSA_free(CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10405 {
wolfSSL 0:1239e9b70ca2 10406 CYASSL_MSG("CyaSSL_RSA_free");
wolfSSL 0:1239e9b70ca2 10407
wolfSSL 0:1239e9b70ca2 10408 if (rsa) {
wolfSSL 0:1239e9b70ca2 10409 if (rsa->internal) {
wolfSSL 0:1239e9b70ca2 10410 FreeRsaKey((RsaKey*)rsa->internal);
wolfSSL 0:1239e9b70ca2 10411 XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10412 rsa->internal = NULL;
wolfSSL 0:1239e9b70ca2 10413 }
wolfSSL 0:1239e9b70ca2 10414 CyaSSL_BN_free(rsa->iqmp);
wolfSSL 0:1239e9b70ca2 10415 CyaSSL_BN_free(rsa->dmq1);
wolfSSL 0:1239e9b70ca2 10416 CyaSSL_BN_free(rsa->dmp1);
wolfSSL 0:1239e9b70ca2 10417 CyaSSL_BN_free(rsa->q);
wolfSSL 0:1239e9b70ca2 10418 CyaSSL_BN_free(rsa->p);
wolfSSL 0:1239e9b70ca2 10419 CyaSSL_BN_free(rsa->d);
wolfSSL 0:1239e9b70ca2 10420 CyaSSL_BN_free(rsa->e);
wolfSSL 0:1239e9b70ca2 10421 CyaSSL_BN_free(rsa->n);
wolfSSL 0:1239e9b70ca2 10422 InitCyaSSL_Rsa(rsa); /* set back to NULLs for safety */
wolfSSL 0:1239e9b70ca2 10423
wolfSSL 0:1239e9b70ca2 10424 XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10425 }
wolfSSL 0:1239e9b70ca2 10426 }
wolfSSL 0:1239e9b70ca2 10427
wolfSSL 0:1239e9b70ca2 10428
wolfSSL 0:1239e9b70ca2 10429 static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi)
wolfSSL 0:1239e9b70ca2 10430 {
wolfSSL 0:1239e9b70ca2 10431 CYASSL_MSG("Entering SetIndividualExternal");
wolfSSL 0:1239e9b70ca2 10432
wolfSSL 0:1239e9b70ca2 10433 if (mpi == NULL) {
wolfSSL 0:1239e9b70ca2 10434 CYASSL_MSG("mpi NULL error");
wolfSSL 0:1239e9b70ca2 10435 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10436 }
wolfSSL 0:1239e9b70ca2 10437
wolfSSL 0:1239e9b70ca2 10438 if (*bn == NULL) {
wolfSSL 0:1239e9b70ca2 10439 *bn = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 10440 if (*bn == NULL) {
wolfSSL 0:1239e9b70ca2 10441 CYASSL_MSG("SetIndividualExternal alloc failed");
wolfSSL 0:1239e9b70ca2 10442 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10443 }
wolfSSL 0:1239e9b70ca2 10444 }
wolfSSL 0:1239e9b70ca2 10445
wolfSSL 0:1239e9b70ca2 10446 if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10447 CYASSL_MSG("mp_copy error");
wolfSSL 0:1239e9b70ca2 10448 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10449 }
wolfSSL 0:1239e9b70ca2 10450
wolfSSL 0:1239e9b70ca2 10451 return 0;
wolfSSL 0:1239e9b70ca2 10452 }
wolfSSL 0:1239e9b70ca2 10453
wolfSSL 0:1239e9b70ca2 10454
wolfSSL 0:1239e9b70ca2 10455 #ifndef NO_DSA
wolfSSL 0:1239e9b70ca2 10456 static int SetDsaExternal(CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10457 {
wolfSSL 0:1239e9b70ca2 10458 DsaKey* key;
wolfSSL 0:1239e9b70ca2 10459 CYASSL_MSG("Entering SetDsaExternal");
wolfSSL 0:1239e9b70ca2 10460
wolfSSL 0:1239e9b70ca2 10461 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 0:1239e9b70ca2 10462 CYASSL_MSG("dsa key NULL error");
wolfSSL 0:1239e9b70ca2 10463 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10464 }
wolfSSL 0:1239e9b70ca2 10465
wolfSSL 0:1239e9b70ca2 10466 key = (DsaKey*)dsa->internal;
wolfSSL 0:1239e9b70ca2 10467
wolfSSL 0:1239e9b70ca2 10468 if (SetIndividualExternal(&dsa->p, &key->p) < 0) {
wolfSSL 0:1239e9b70ca2 10469 CYASSL_MSG("dsa p key error");
wolfSSL 0:1239e9b70ca2 10470 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10471 }
wolfSSL 0:1239e9b70ca2 10472
wolfSSL 0:1239e9b70ca2 10473 if (SetIndividualExternal(&dsa->q, &key->q) < 0) {
wolfSSL 0:1239e9b70ca2 10474 CYASSL_MSG("dsa q key error");
wolfSSL 0:1239e9b70ca2 10475 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10476 }
wolfSSL 0:1239e9b70ca2 10477
wolfSSL 0:1239e9b70ca2 10478 if (SetIndividualExternal(&dsa->g, &key->g) < 0) {
wolfSSL 0:1239e9b70ca2 10479 CYASSL_MSG("dsa g key error");
wolfSSL 0:1239e9b70ca2 10480 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10481 }
wolfSSL 0:1239e9b70ca2 10482
wolfSSL 0:1239e9b70ca2 10483 if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) {
wolfSSL 0:1239e9b70ca2 10484 CYASSL_MSG("dsa y key error");
wolfSSL 0:1239e9b70ca2 10485 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10486 }
wolfSSL 0:1239e9b70ca2 10487
wolfSSL 0:1239e9b70ca2 10488 if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) {
wolfSSL 0:1239e9b70ca2 10489 CYASSL_MSG("dsa x key error");
wolfSSL 0:1239e9b70ca2 10490 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10491 }
wolfSSL 0:1239e9b70ca2 10492
wolfSSL 0:1239e9b70ca2 10493 dsa->exSet = 1;
wolfSSL 0:1239e9b70ca2 10494
wolfSSL 0:1239e9b70ca2 10495 return 0;
wolfSSL 0:1239e9b70ca2 10496 }
wolfSSL 0:1239e9b70ca2 10497 #endif /* NO_DSA */
wolfSSL 0:1239e9b70ca2 10498
wolfSSL 0:1239e9b70ca2 10499
wolfSSL 0:1239e9b70ca2 10500 static int SetRsaExternal(CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10501 {
wolfSSL 0:1239e9b70ca2 10502 RsaKey* key;
wolfSSL 0:1239e9b70ca2 10503 CYASSL_MSG("Entering SetRsaExternal");
wolfSSL 0:1239e9b70ca2 10504
wolfSSL 0:1239e9b70ca2 10505 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 0:1239e9b70ca2 10506 CYASSL_MSG("rsa key NULL error");
wolfSSL 0:1239e9b70ca2 10507 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10508 }
wolfSSL 0:1239e9b70ca2 10509
wolfSSL 0:1239e9b70ca2 10510 key = (RsaKey*)rsa->internal;
wolfSSL 0:1239e9b70ca2 10511
wolfSSL 0:1239e9b70ca2 10512 if (SetIndividualExternal(&rsa->n, &key->n) < 0) {
wolfSSL 0:1239e9b70ca2 10513 CYASSL_MSG("rsa n key error");
wolfSSL 0:1239e9b70ca2 10514 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10515 }
wolfSSL 0:1239e9b70ca2 10516
wolfSSL 0:1239e9b70ca2 10517 if (SetIndividualExternal(&rsa->e, &key->e) < 0) {
wolfSSL 0:1239e9b70ca2 10518 CYASSL_MSG("rsa e key error");
wolfSSL 0:1239e9b70ca2 10519 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10520 }
wolfSSL 0:1239e9b70ca2 10521
wolfSSL 0:1239e9b70ca2 10522 if (SetIndividualExternal(&rsa->d, &key->d) < 0) {
wolfSSL 0:1239e9b70ca2 10523 CYASSL_MSG("rsa d key error");
wolfSSL 0:1239e9b70ca2 10524 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10525 }
wolfSSL 0:1239e9b70ca2 10526
wolfSSL 0:1239e9b70ca2 10527 if (SetIndividualExternal(&rsa->p, &key->p) < 0) {
wolfSSL 0:1239e9b70ca2 10528 CYASSL_MSG("rsa p key error");
wolfSSL 0:1239e9b70ca2 10529 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10530 }
wolfSSL 0:1239e9b70ca2 10531
wolfSSL 0:1239e9b70ca2 10532 if (SetIndividualExternal(&rsa->q, &key->q) < 0) {
wolfSSL 0:1239e9b70ca2 10533 CYASSL_MSG("rsa q key error");
wolfSSL 0:1239e9b70ca2 10534 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10535 }
wolfSSL 0:1239e9b70ca2 10536
wolfSSL 0:1239e9b70ca2 10537 if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) {
wolfSSL 0:1239e9b70ca2 10538 CYASSL_MSG("rsa dP key error");
wolfSSL 0:1239e9b70ca2 10539 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10540 }
wolfSSL 0:1239e9b70ca2 10541
wolfSSL 0:1239e9b70ca2 10542 if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) {
wolfSSL 0:1239e9b70ca2 10543 CYASSL_MSG("rsa dQ key error");
wolfSSL 0:1239e9b70ca2 10544 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10545 }
wolfSSL 0:1239e9b70ca2 10546
wolfSSL 0:1239e9b70ca2 10547 if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) {
wolfSSL 0:1239e9b70ca2 10548 CYASSL_MSG("rsa u key error");
wolfSSL 0:1239e9b70ca2 10549 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10550 }
wolfSSL 0:1239e9b70ca2 10551
wolfSSL 0:1239e9b70ca2 10552 rsa->exSet = 1;
wolfSSL 0:1239e9b70ca2 10553
wolfSSL 0:1239e9b70ca2 10554 return 0;
wolfSSL 0:1239e9b70ca2 10555 }
wolfSSL 0:1239e9b70ca2 10556
wolfSSL 0:1239e9b70ca2 10557
wolfSSL 0:1239e9b70ca2 10558 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 10559 int CyaSSL_RSA_generate_key_ex(CYASSL_RSA* rsa, int bits, CYASSL_BIGNUM* bn,
wolfSSL 0:1239e9b70ca2 10560 void* cb)
wolfSSL 0:1239e9b70ca2 10561 {
wolfSSL 0:1239e9b70ca2 10562 RNG rng;
wolfSSL 0:1239e9b70ca2 10563
wolfSSL 0:1239e9b70ca2 10564 CYASSL_MSG("CyaSSL_RSA_generate_key_ex");
wolfSSL 0:1239e9b70ca2 10565
wolfSSL 0:1239e9b70ca2 10566 (void)rsa;
wolfSSL 0:1239e9b70ca2 10567 (void)bits;
wolfSSL 0:1239e9b70ca2 10568 (void)cb;
wolfSSL 0:1239e9b70ca2 10569 (void)bn;
wolfSSL 0:1239e9b70ca2 10570
wolfSSL 0:1239e9b70ca2 10571 if (InitRng(&rng) < 0) {
wolfSSL 0:1239e9b70ca2 10572 CYASSL_MSG("RNG init failed");
wolfSSL 0:1239e9b70ca2 10573 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10574 }
wolfSSL 0:1239e9b70ca2 10575
wolfSSL 0:1239e9b70ca2 10576 #ifdef CYASSL_KEY_GEN
wolfSSL 0:1239e9b70ca2 10577 if (MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, &rng) < 0) {
wolfSSL 0:1239e9b70ca2 10578 CYASSL_MSG("MakeRsaKey failed");
wolfSSL 0:1239e9b70ca2 10579 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10580 }
wolfSSL 0:1239e9b70ca2 10581
wolfSSL 0:1239e9b70ca2 10582 if (SetRsaExternal(rsa) < 0) {
wolfSSL 0:1239e9b70ca2 10583 CYASSL_MSG("SetRsaExternal failed");
wolfSSL 0:1239e9b70ca2 10584 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10585 }
wolfSSL 0:1239e9b70ca2 10586
wolfSSL 0:1239e9b70ca2 10587 rsa->inSet = 1;
wolfSSL 0:1239e9b70ca2 10588
wolfSSL 0:1239e9b70ca2 10589 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10590 #else
wolfSSL 0:1239e9b70ca2 10591 CYASSL_MSG("No Key Gen built in");
wolfSSL 0:1239e9b70ca2 10592 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10593 #endif
wolfSSL 0:1239e9b70ca2 10594
wolfSSL 0:1239e9b70ca2 10595 }
wolfSSL 0:1239e9b70ca2 10596
wolfSSL 0:1239e9b70ca2 10597
wolfSSL 0:1239e9b70ca2 10598 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 10599 int CyaSSL_RSA_blinding_on(CYASSL_RSA* rsa, CYASSL_BN_CTX* bn)
wolfSSL 0:1239e9b70ca2 10600 {
wolfSSL 0:1239e9b70ca2 10601 (void)rsa;
wolfSSL 0:1239e9b70ca2 10602 (void)bn;
wolfSSL 0:1239e9b70ca2 10603
wolfSSL 0:1239e9b70ca2 10604 CYASSL_MSG("CyaSSL_RSA_blinding_on");
wolfSSL 0:1239e9b70ca2 10605
wolfSSL 0:1239e9b70ca2 10606 return SSL_SUCCESS; /* on by default */
wolfSSL 0:1239e9b70ca2 10607 }
wolfSSL 0:1239e9b70ca2 10608
wolfSSL 0:1239e9b70ca2 10609
wolfSSL 0:1239e9b70ca2 10610 int CyaSSL_RSA_public_encrypt(int len, unsigned char* fr,
wolfSSL 0:1239e9b70ca2 10611 unsigned char* to, CYASSL_RSA* rsa, int padding)
wolfSSL 0:1239e9b70ca2 10612 {
wolfSSL 0:1239e9b70ca2 10613 (void)len;
wolfSSL 0:1239e9b70ca2 10614 (void)fr;
wolfSSL 0:1239e9b70ca2 10615 (void)to;
wolfSSL 0:1239e9b70ca2 10616 (void)rsa;
wolfSSL 0:1239e9b70ca2 10617 (void)padding;
wolfSSL 0:1239e9b70ca2 10618
wolfSSL 0:1239e9b70ca2 10619 CYASSL_MSG("CyaSSL_RSA_public_encrypt");
wolfSSL 0:1239e9b70ca2 10620
wolfSSL 0:1239e9b70ca2 10621 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10622 }
wolfSSL 0:1239e9b70ca2 10623
wolfSSL 0:1239e9b70ca2 10624
wolfSSL 0:1239e9b70ca2 10625 int CyaSSL_RSA_private_decrypt(int len, unsigned char* fr,
wolfSSL 0:1239e9b70ca2 10626 unsigned char* to, CYASSL_RSA* rsa, int padding)
wolfSSL 0:1239e9b70ca2 10627 {
wolfSSL 0:1239e9b70ca2 10628 (void)len;
wolfSSL 0:1239e9b70ca2 10629 (void)fr;
wolfSSL 0:1239e9b70ca2 10630 (void)to;
wolfSSL 0:1239e9b70ca2 10631 (void)rsa;
wolfSSL 0:1239e9b70ca2 10632 (void)padding;
wolfSSL 0:1239e9b70ca2 10633
wolfSSL 0:1239e9b70ca2 10634 CYASSL_MSG("CyaSSL_RSA_private_decrypt");
wolfSSL 0:1239e9b70ca2 10635
wolfSSL 0:1239e9b70ca2 10636 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10637 }
wolfSSL 0:1239e9b70ca2 10638
wolfSSL 0:1239e9b70ca2 10639
wolfSSL 0:1239e9b70ca2 10640 int CyaSSL_RSA_size(const CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10641 {
wolfSSL 0:1239e9b70ca2 10642 CYASSL_MSG("CyaSSL_RSA_size");
wolfSSL 0:1239e9b70ca2 10643
wolfSSL 0:1239e9b70ca2 10644 if (rsa == NULL)
wolfSSL 0:1239e9b70ca2 10645 return 0;
wolfSSL 0:1239e9b70ca2 10646
wolfSSL 0:1239e9b70ca2 10647 return CyaSSL_BN_num_bytes(rsa->n);
wolfSSL 0:1239e9b70ca2 10648 }
wolfSSL 0:1239e9b70ca2 10649
wolfSSL 0:1239e9b70ca2 10650
wolfSSL 0:1239e9b70ca2 10651 #ifndef NO_DSA
wolfSSL 0:1239e9b70ca2 10652 /* return SSL_SUCCESS on success, < 0 otherwise */
wolfSSL 0:1239e9b70ca2 10653 int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
wolfSSL 0:1239e9b70ca2 10654 CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10655 {
wolfSSL 0:1239e9b70ca2 10656 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 10657 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 10658
wolfSSL 0:1239e9b70ca2 10659 CYASSL_MSG("CyaSSL_DSA_do_sign");
wolfSSL 0:1239e9b70ca2 10660
wolfSSL 0:1239e9b70ca2 10661 if (d == NULL || sigRet == NULL || dsa == NULL) {
wolfSSL 0:1239e9b70ca2 10662 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10663 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10664 }
wolfSSL 0:1239e9b70ca2 10665
wolfSSL 0:1239e9b70ca2 10666 if (dsa->inSet == 0) {
wolfSSL 0:1239e9b70ca2 10667 CYASSL_MSG("No DSA internal set");
wolfSSL 0:1239e9b70ca2 10668 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10669 }
wolfSSL 0:1239e9b70ca2 10670
wolfSSL 0:1239e9b70ca2 10671 if (InitRng(&tmpRNG) != 0) {
wolfSSL 0:1239e9b70ca2 10672 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 10673 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 10674 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 10675 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10676 }
wolfSSL 0:1239e9b70ca2 10677 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 10678 }
wolfSSL 0:1239e9b70ca2 10679
wolfSSL 0:1239e9b70ca2 10680 if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
wolfSSL 0:1239e9b70ca2 10681 CYASSL_MSG("DsaSign failed");
wolfSSL 0:1239e9b70ca2 10682 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10683 }
wolfSSL 0:1239e9b70ca2 10684
wolfSSL 0:1239e9b70ca2 10685 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10686 }
wolfSSL 0:1239e9b70ca2 10687 #endif /* NO_DSA */
wolfSSL 0:1239e9b70ca2 10688
wolfSSL 0:1239e9b70ca2 10689
wolfSSL 0:1239e9b70ca2 10690 /* return SSL_SUCCES on ok, 0 otherwise */
wolfSSL 0:1239e9b70ca2 10691 int CyaSSL_RSA_sign(int type, const unsigned char* m,
wolfSSL 0:1239e9b70ca2 10692 unsigned int mLen, unsigned char* sigRet,
wolfSSL 0:1239e9b70ca2 10693 unsigned int* sigLen, CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10694 {
wolfSSL 0:1239e9b70ca2 10695 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 0:1239e9b70ca2 10696 word32 outLen;
wolfSSL 0:1239e9b70ca2 10697 word32 signSz;
wolfSSL 0:1239e9b70ca2 10698 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 10699 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 10700
wolfSSL 0:1239e9b70ca2 10701 CYASSL_MSG("CyaSSL_RSA_sign");
wolfSSL 0:1239e9b70ca2 10702
wolfSSL 0:1239e9b70ca2 10703 if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
wolfSSL 0:1239e9b70ca2 10704 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10705 return 0;
wolfSSL 0:1239e9b70ca2 10706 }
wolfSSL 0:1239e9b70ca2 10707
wolfSSL 0:1239e9b70ca2 10708 if (rsa->inSet == 0) {
wolfSSL 0:1239e9b70ca2 10709 CYASSL_MSG("No RSA internal set");
wolfSSL 0:1239e9b70ca2 10710 return 0;
wolfSSL 0:1239e9b70ca2 10711 }
wolfSSL 0:1239e9b70ca2 10712
wolfSSL 0:1239e9b70ca2 10713 outLen = (word32)CyaSSL_BN_num_bytes(rsa->n);
wolfSSL 0:1239e9b70ca2 10714 if (outLen == 0) {
wolfSSL 0:1239e9b70ca2 10715 CYASSL_MSG("Bad RSA size");
wolfSSL 0:1239e9b70ca2 10716 return 0;
wolfSSL 0:1239e9b70ca2 10717 }
wolfSSL 0:1239e9b70ca2 10718
wolfSSL 0:1239e9b70ca2 10719 if (InitRng(&tmpRNG) != 0) {
wolfSSL 0:1239e9b70ca2 10720 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 10721 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 10722 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 10723 return 0;
wolfSSL 0:1239e9b70ca2 10724 }
wolfSSL 0:1239e9b70ca2 10725 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 10726 }
wolfSSL 0:1239e9b70ca2 10727
wolfSSL 0:1239e9b70ca2 10728 switch (type) {
wolfSSL 0:1239e9b70ca2 10729 case NID_md5:
wolfSSL 0:1239e9b70ca2 10730 type = MD5h;
wolfSSL 0:1239e9b70ca2 10731 break;
wolfSSL 0:1239e9b70ca2 10732
wolfSSL 0:1239e9b70ca2 10733 case NID_sha1:
wolfSSL 0:1239e9b70ca2 10734 type = SHAh;
wolfSSL 0:1239e9b70ca2 10735 break;
wolfSSL 0:1239e9b70ca2 10736
wolfSSL 0:1239e9b70ca2 10737 default:
wolfSSL 0:1239e9b70ca2 10738 CYASSL_MSG("Bad md type");
wolfSSL 0:1239e9b70ca2 10739 return 0;
wolfSSL 0:1239e9b70ca2 10740 }
wolfSSL 0:1239e9b70ca2 10741
wolfSSL 0:1239e9b70ca2 10742 signSz = EncodeSignature(encodedSig, m, mLen, type);
wolfSSL 0:1239e9b70ca2 10743 if (signSz == 0) {
wolfSSL 0:1239e9b70ca2 10744 CYASSL_MSG("Bad Encode Signature");
wolfSSL 0:1239e9b70ca2 10745 return 0;
wolfSSL 0:1239e9b70ca2 10746 }
wolfSSL 0:1239e9b70ca2 10747
wolfSSL 0:1239e9b70ca2 10748 *sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
wolfSSL 0:1239e9b70ca2 10749 (RsaKey*)rsa->internal, rng);
wolfSSL 0:1239e9b70ca2 10750 if (*sigLen <= 0) {
wolfSSL 0:1239e9b70ca2 10751 CYASSL_MSG("Bad Rsa Sign");
wolfSSL 0:1239e9b70ca2 10752 return 0;
wolfSSL 0:1239e9b70ca2 10753 }
wolfSSL 0:1239e9b70ca2 10754
wolfSSL 0:1239e9b70ca2 10755 CYASSL_MSG("CyaSSL_RSA_sign success");
wolfSSL 0:1239e9b70ca2 10756 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10757 }
wolfSSL 0:1239e9b70ca2 10758
wolfSSL 0:1239e9b70ca2 10759
wolfSSL 0:1239e9b70ca2 10760 int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from,
wolfSSL 0:1239e9b70ca2 10761 unsigned char* to, CYASSL_RSA* rsa, int padding)
wolfSSL 0:1239e9b70ca2 10762 {
wolfSSL 0:1239e9b70ca2 10763 (void)flen;
wolfSSL 0:1239e9b70ca2 10764 (void)from;
wolfSSL 0:1239e9b70ca2 10765 (void)to;
wolfSSL 0:1239e9b70ca2 10766 (void)rsa;
wolfSSL 0:1239e9b70ca2 10767 (void)padding;
wolfSSL 0:1239e9b70ca2 10768
wolfSSL 0:1239e9b70ca2 10769 CYASSL_MSG("CyaSSL_RSA_public_decrypt");
wolfSSL 0:1239e9b70ca2 10770
wolfSSL 0:1239e9b70ca2 10771 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10772 }
wolfSSL 0:1239e9b70ca2 10773
wolfSSL 0:1239e9b70ca2 10774
wolfSSL 0:1239e9b70ca2 10775 /* generate p-1 and q-1, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 10776 int CyaSSL_RSA_GenAdd(CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10777 {
wolfSSL 0:1239e9b70ca2 10778 int err;
wolfSSL 0:1239e9b70ca2 10779 mp_int tmp;
wolfSSL 0:1239e9b70ca2 10780
wolfSSL 0:1239e9b70ca2 10781 CYASSL_MSG("CyaSSL_RsaGenAdd");
wolfSSL 0:1239e9b70ca2 10782
wolfSSL 0:1239e9b70ca2 10783 if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL ||
wolfSSL 0:1239e9b70ca2 10784 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
wolfSSL 0:1239e9b70ca2 10785 CYASSL_MSG("rsa no init error");
wolfSSL 0:1239e9b70ca2 10786 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10787 }
wolfSSL 0:1239e9b70ca2 10788
wolfSSL 0:1239e9b70ca2 10789 if (mp_init(&tmp) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10790 CYASSL_MSG("mp_init error");
wolfSSL 0:1239e9b70ca2 10791 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10792 }
wolfSSL 0:1239e9b70ca2 10793
wolfSSL 0:1239e9b70ca2 10794 err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
wolfSSL 0:1239e9b70ca2 10795 if (err != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10796 CYASSL_MSG("mp_sub_d error");
wolfSSL 0:1239e9b70ca2 10797 }
wolfSSL 0:1239e9b70ca2 10798 else
wolfSSL 0:1239e9b70ca2 10799 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 0:1239e9b70ca2 10800 (mp_int*)rsa->dmp1->internal);
wolfSSL 0:1239e9b70ca2 10801
wolfSSL 0:1239e9b70ca2 10802 if (err != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10803 CYASSL_MSG("mp_mod error");
wolfSSL 0:1239e9b70ca2 10804 }
wolfSSL 0:1239e9b70ca2 10805 else
wolfSSL 0:1239e9b70ca2 10806 err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
wolfSSL 0:1239e9b70ca2 10807 if (err != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10808 CYASSL_MSG("mp_sub_d error");
wolfSSL 0:1239e9b70ca2 10809 }
wolfSSL 0:1239e9b70ca2 10810 else
wolfSSL 0:1239e9b70ca2 10811 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 0:1239e9b70ca2 10812 (mp_int*)rsa->dmq1->internal);
wolfSSL 0:1239e9b70ca2 10813
wolfSSL 0:1239e9b70ca2 10814 mp_clear(&tmp);
wolfSSL 0:1239e9b70ca2 10815
wolfSSL 0:1239e9b70ca2 10816 if (err == MP_OKAY)
wolfSSL 0:1239e9b70ca2 10817 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10818 else
wolfSSL 0:1239e9b70ca2 10819 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10820 }
wolfSSL 0:1239e9b70ca2 10821
wolfSSL 0:1239e9b70ca2 10822
wolfSSL 0:1239e9b70ca2 10823 void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen,
wolfSSL 0:1239e9b70ca2 10824 const EVP_MD* type)
wolfSSL 0:1239e9b70ca2 10825 {
wolfSSL 0:1239e9b70ca2 10826 CYASSL_MSG("CyaSSL_HMAC_Init");
wolfSSL 0:1239e9b70ca2 10827
wolfSSL 0:1239e9b70ca2 10828 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 10829 CYASSL_MSG("no ctx on init");
wolfSSL 0:1239e9b70ca2 10830 return;
wolfSSL 0:1239e9b70ca2 10831 }
wolfSSL 0:1239e9b70ca2 10832
wolfSSL 0:1239e9b70ca2 10833 if (type) {
wolfSSL 0:1239e9b70ca2 10834 CYASSL_MSG("init has type");
wolfSSL 0:1239e9b70ca2 10835
wolfSSL 0:1239e9b70ca2 10836 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 0:1239e9b70ca2 10837 CYASSL_MSG("md5 hmac");
wolfSSL 0:1239e9b70ca2 10838 ctx->type = MD5;
wolfSSL 0:1239e9b70ca2 10839 }
wolfSSL 0:1239e9b70ca2 10840 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 0:1239e9b70ca2 10841 CYASSL_MSG("sha256 hmac");
wolfSSL 0:1239e9b70ca2 10842 ctx->type = SHA256;
wolfSSL 0:1239e9b70ca2 10843 }
wolfSSL 0:1239e9b70ca2 10844
wolfSSL 0:1239e9b70ca2 10845 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 0:1239e9b70ca2 10846 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 0:1239e9b70ca2 10847 CYASSL_MSG("sha hmac");
wolfSSL 0:1239e9b70ca2 10848 ctx->type = SHA;
wolfSSL 0:1239e9b70ca2 10849 }
wolfSSL 0:1239e9b70ca2 10850 else {
wolfSSL 0:1239e9b70ca2 10851 CYASSL_MSG("bad init type");
wolfSSL 0:1239e9b70ca2 10852 }
wolfSSL 0:1239e9b70ca2 10853 }
wolfSSL 0:1239e9b70ca2 10854
wolfSSL 0:1239e9b70ca2 10855 if (key && keylen) {
wolfSSL 0:1239e9b70ca2 10856 CYASSL_MSG("keying hmac");
wolfSSL 0:1239e9b70ca2 10857 HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
wolfSSL 0:1239e9b70ca2 10858 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 10859 }
wolfSSL 0:1239e9b70ca2 10860 }
wolfSSL 0:1239e9b70ca2 10861
wolfSSL 0:1239e9b70ca2 10862
wolfSSL 0:1239e9b70ca2 10863 void CyaSSL_HMAC_Update(CYASSL_HMAC_CTX* ctx, const unsigned char* data,
wolfSSL 0:1239e9b70ca2 10864 int len)
wolfSSL 0:1239e9b70ca2 10865 {
wolfSSL 0:1239e9b70ca2 10866 CYASSL_MSG("CyaSSL_HMAC_Update");
wolfSSL 0:1239e9b70ca2 10867
wolfSSL 0:1239e9b70ca2 10868 if (ctx && data) {
wolfSSL 0:1239e9b70ca2 10869 CYASSL_MSG("updating hmac");
wolfSSL 0:1239e9b70ca2 10870 HmacUpdate(&ctx->hmac, data, (word32)len);
wolfSSL 0:1239e9b70ca2 10871 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 10872 }
wolfSSL 0:1239e9b70ca2 10873 }
wolfSSL 0:1239e9b70ca2 10874
wolfSSL 0:1239e9b70ca2 10875
wolfSSL 0:1239e9b70ca2 10876 void CyaSSL_HMAC_Final(CYASSL_HMAC_CTX* ctx, unsigned char* hash,
wolfSSL 0:1239e9b70ca2 10877 unsigned int* len)
wolfSSL 0:1239e9b70ca2 10878 {
wolfSSL 0:1239e9b70ca2 10879 CYASSL_MSG("CyaSSL_HMAC_Final");
wolfSSL 0:1239e9b70ca2 10880
wolfSSL 0:1239e9b70ca2 10881 if (ctx && hash) {
wolfSSL 0:1239e9b70ca2 10882 CYASSL_MSG("final hmac");
wolfSSL 0:1239e9b70ca2 10883 HmacFinal(&ctx->hmac, hash);
wolfSSL 0:1239e9b70ca2 10884 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 10885
wolfSSL 0:1239e9b70ca2 10886 if (len) {
wolfSSL 0:1239e9b70ca2 10887 CYASSL_MSG("setting output len");
wolfSSL 0:1239e9b70ca2 10888 switch (ctx->type) {
wolfSSL 0:1239e9b70ca2 10889 case MD5:
wolfSSL 0:1239e9b70ca2 10890 *len = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 10891 break;
wolfSSL 0:1239e9b70ca2 10892
wolfSSL 0:1239e9b70ca2 10893 case SHA:
wolfSSL 0:1239e9b70ca2 10894 *len = SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 10895 break;
wolfSSL 0:1239e9b70ca2 10896
wolfSSL 0:1239e9b70ca2 10897 case SHA256:
wolfSSL 0:1239e9b70ca2 10898 *len = SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 10899 break;
wolfSSL 0:1239e9b70ca2 10900
wolfSSL 0:1239e9b70ca2 10901 default:
wolfSSL 0:1239e9b70ca2 10902 CYASSL_MSG("bad hmac type");
wolfSSL 0:1239e9b70ca2 10903 }
wolfSSL 0:1239e9b70ca2 10904 }
wolfSSL 0:1239e9b70ca2 10905 }
wolfSSL 0:1239e9b70ca2 10906 }
wolfSSL 0:1239e9b70ca2 10907
wolfSSL 0:1239e9b70ca2 10908
wolfSSL 0:1239e9b70ca2 10909 void CyaSSL_HMAC_cleanup(CYASSL_HMAC_CTX* ctx)
wolfSSL 0:1239e9b70ca2 10910 {
wolfSSL 0:1239e9b70ca2 10911 (void)ctx;
wolfSSL 0:1239e9b70ca2 10912
wolfSSL 0:1239e9b70ca2 10913 CYASSL_MSG("CyaSSL_HMAC_cleanup");
wolfSSL 0:1239e9b70ca2 10914 }
wolfSSL 0:1239e9b70ca2 10915
wolfSSL 0:1239e9b70ca2 10916
wolfSSL 0:1239e9b70ca2 10917 const CYASSL_EVP_MD* CyaSSL_EVP_get_digestbynid(int id)
wolfSSL 0:1239e9b70ca2 10918 {
wolfSSL 0:1239e9b70ca2 10919 CYASSL_MSG("CyaSSL_get_digestbynid");
wolfSSL 0:1239e9b70ca2 10920
wolfSSL 0:1239e9b70ca2 10921 switch(id) {
wolfSSL 0:1239e9b70ca2 10922 case NID_md5:
wolfSSL 0:1239e9b70ca2 10923 return CyaSSL_EVP_md5();
wolfSSL 0:1239e9b70ca2 10924
wolfSSL 0:1239e9b70ca2 10925 case NID_sha1:
wolfSSL 0:1239e9b70ca2 10926 return CyaSSL_EVP_sha1();
wolfSSL 0:1239e9b70ca2 10927
wolfSSL 0:1239e9b70ca2 10928 default:
wolfSSL 0:1239e9b70ca2 10929 CYASSL_MSG("Bad digest id value");
wolfSSL 0:1239e9b70ca2 10930 }
wolfSSL 0:1239e9b70ca2 10931
wolfSSL 0:1239e9b70ca2 10932 return NULL;
wolfSSL 0:1239e9b70ca2 10933 }
wolfSSL 0:1239e9b70ca2 10934
wolfSSL 0:1239e9b70ca2 10935
wolfSSL 0:1239e9b70ca2 10936 CYASSL_RSA* CyaSSL_EVP_PKEY_get1_RSA(CYASSL_EVP_PKEY* key)
wolfSSL 0:1239e9b70ca2 10937 {
wolfSSL 0:1239e9b70ca2 10938 (void)key;
wolfSSL 0:1239e9b70ca2 10939 CYASSL_MSG("CyaSSL_EVP_PKEY_get1_RSA");
wolfSSL 0:1239e9b70ca2 10940
wolfSSL 0:1239e9b70ca2 10941 return NULL;
wolfSSL 0:1239e9b70ca2 10942 }
wolfSSL 0:1239e9b70ca2 10943
wolfSSL 0:1239e9b70ca2 10944
wolfSSL 0:1239e9b70ca2 10945 CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY* key)
wolfSSL 0:1239e9b70ca2 10946 {
wolfSSL 0:1239e9b70ca2 10947 (void)key;
wolfSSL 0:1239e9b70ca2 10948 CYASSL_MSG("CyaSSL_EVP_PKEY_get1_DSA");
wolfSSL 0:1239e9b70ca2 10949
wolfSSL 0:1239e9b70ca2 10950 return NULL;
wolfSSL 0:1239e9b70ca2 10951 }
wolfSSL 0:1239e9b70ca2 10952
wolfSSL 0:1239e9b70ca2 10953
wolfSSL 0:1239e9b70ca2 10954 void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 10955 {
wolfSSL 0:1239e9b70ca2 10956 CYASSL_MSG("CyaSSL_EVP_X_STATE");
wolfSSL 0:1239e9b70ca2 10957
wolfSSL 0:1239e9b70ca2 10958 if (ctx) {
wolfSSL 0:1239e9b70ca2 10959 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 10960 case ARC4_TYPE:
wolfSSL 0:1239e9b70ca2 10961 CYASSL_MSG("returning arc4 state");
wolfSSL 0:1239e9b70ca2 10962 return (void*)&ctx->cipher.arc4.x;
wolfSSL 0:1239e9b70ca2 10963
wolfSSL 0:1239e9b70ca2 10964 default:
wolfSSL 0:1239e9b70ca2 10965 CYASSL_MSG("bad x state type");
wolfSSL 0:1239e9b70ca2 10966 return 0;
wolfSSL 0:1239e9b70ca2 10967 }
wolfSSL 0:1239e9b70ca2 10968 }
wolfSSL 0:1239e9b70ca2 10969
wolfSSL 0:1239e9b70ca2 10970 return NULL;
wolfSSL 0:1239e9b70ca2 10971 }
wolfSSL 0:1239e9b70ca2 10972
wolfSSL 0:1239e9b70ca2 10973
wolfSSL 0:1239e9b70ca2 10974 int CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 10975 {
wolfSSL 0:1239e9b70ca2 10976 CYASSL_MSG("CyaSSL_EVP_X_STATE_LEN");
wolfSSL 0:1239e9b70ca2 10977
wolfSSL 0:1239e9b70ca2 10978 if (ctx) {
wolfSSL 0:1239e9b70ca2 10979 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 10980 case ARC4_TYPE:
wolfSSL 0:1239e9b70ca2 10981 CYASSL_MSG("returning arc4 state size");
wolfSSL 0:1239e9b70ca2 10982 return sizeof(Arc4);
wolfSSL 0:1239e9b70ca2 10983
wolfSSL 0:1239e9b70ca2 10984 default:
wolfSSL 0:1239e9b70ca2 10985 CYASSL_MSG("bad x state type");
wolfSSL 0:1239e9b70ca2 10986 return 0;
wolfSSL 0:1239e9b70ca2 10987 }
wolfSSL 0:1239e9b70ca2 10988 }
wolfSSL 0:1239e9b70ca2 10989
wolfSSL 0:1239e9b70ca2 10990 return 0;
wolfSSL 0:1239e9b70ca2 10991 }
wolfSSL 0:1239e9b70ca2 10992
wolfSSL 0:1239e9b70ca2 10993
wolfSSL 0:1239e9b70ca2 10994 void CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 0:1239e9b70ca2 10995 unsigned char* iv, int len)
wolfSSL 0:1239e9b70ca2 10996 {
wolfSSL 0:1239e9b70ca2 10997 (void)len;
wolfSSL 0:1239e9b70ca2 10998
wolfSSL 0:1239e9b70ca2 10999 CYASSL_MSG("CyaSSL_3des_iv");
wolfSSL 0:1239e9b70ca2 11000
wolfSSL 0:1239e9b70ca2 11001 if (ctx == NULL || iv == NULL) {
wolfSSL 0:1239e9b70ca2 11002 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 11003 return;
wolfSSL 0:1239e9b70ca2 11004 }
wolfSSL 0:1239e9b70ca2 11005
wolfSSL 0:1239e9b70ca2 11006 if (doset)
wolfSSL 0:1239e9b70ca2 11007 Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 11008 else
wolfSSL 0:1239e9b70ca2 11009 memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 11010 }
wolfSSL 0:1239e9b70ca2 11011
wolfSSL 0:1239e9b70ca2 11012
wolfSSL 0:1239e9b70ca2 11013 void CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 0:1239e9b70ca2 11014 unsigned char* iv, int len)
wolfSSL 0:1239e9b70ca2 11015 {
wolfSSL 0:1239e9b70ca2 11016 (void)len;
wolfSSL 0:1239e9b70ca2 11017
wolfSSL 0:1239e9b70ca2 11018 CYASSL_MSG("CyaSSL_aes_ctr_iv");
wolfSSL 0:1239e9b70ca2 11019
wolfSSL 0:1239e9b70ca2 11020 if (ctx == NULL || iv == NULL) {
wolfSSL 0:1239e9b70ca2 11021 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 11022 return;
wolfSSL 0:1239e9b70ca2 11023 }
wolfSSL 0:1239e9b70ca2 11024
wolfSSL 0:1239e9b70ca2 11025 if (doset)
wolfSSL 0:1239e9b70ca2 11026 AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 11027 else
wolfSSL 0:1239e9b70ca2 11028 memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 11029 }
wolfSSL 0:1239e9b70ca2 11030
wolfSSL 0:1239e9b70ca2 11031
wolfSSL 0:1239e9b70ca2 11032 const CYASSL_EVP_MD* CyaSSL_EVP_ripemd160(void)
wolfSSL 0:1239e9b70ca2 11033 {
wolfSSL 0:1239e9b70ca2 11034 CYASSL_MSG("CyaSSL_ripemd160");
wolfSSL 0:1239e9b70ca2 11035
wolfSSL 0:1239e9b70ca2 11036 return NULL;
wolfSSL 0:1239e9b70ca2 11037 }
wolfSSL 0:1239e9b70ca2 11038
wolfSSL 0:1239e9b70ca2 11039
wolfSSL 0:1239e9b70ca2 11040 int CyaSSL_EVP_MD_size(const CYASSL_EVP_MD* type)
wolfSSL 0:1239e9b70ca2 11041 {
wolfSSL 0:1239e9b70ca2 11042 CYASSL_MSG("CyaSSL_EVP_MD_size");
wolfSSL 0:1239e9b70ca2 11043
wolfSSL 0:1239e9b70ca2 11044 if (type == NULL) {
wolfSSL 0:1239e9b70ca2 11045 CYASSL_MSG("No md type arg");
wolfSSL 0:1239e9b70ca2 11046 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11047 }
wolfSSL 0:1239e9b70ca2 11048
wolfSSL 0:1239e9b70ca2 11049 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 0:1239e9b70ca2 11050 return MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11051 }
wolfSSL 0:1239e9b70ca2 11052 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 0:1239e9b70ca2 11053 return SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11054 }
wolfSSL 0:1239e9b70ca2 11055 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 11056 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 0:1239e9b70ca2 11057 return SHA384_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11058 }
wolfSSL 0:1239e9b70ca2 11059 #endif
wolfSSL 0:1239e9b70ca2 11060 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 11061 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 0:1239e9b70ca2 11062 return SHA512_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11063 }
wolfSSL 0:1239e9b70ca2 11064 #endif
wolfSSL 0:1239e9b70ca2 11065 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 0:1239e9b70ca2 11066 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 0:1239e9b70ca2 11067 return SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11068 }
wolfSSL 0:1239e9b70ca2 11069
wolfSSL 0:1239e9b70ca2 11070 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11071 }
wolfSSL 0:1239e9b70ca2 11072
wolfSSL 0:1239e9b70ca2 11073
wolfSSL 0:1239e9b70ca2 11074 int CyaSSL_EVP_CIPHER_CTX_iv_length(const CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 11075 {
wolfSSL 0:1239e9b70ca2 11076 CYASSL_MSG("CyaSSL_EVP_CIPHER_CTX_iv_length");
wolfSSL 0:1239e9b70ca2 11077
wolfSSL 0:1239e9b70ca2 11078 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 11079
wolfSSL 0:1239e9b70ca2 11080 case AES_128_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11081 case AES_192_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11082 case AES_256_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11083 CYASSL_MSG("AES CBC");
wolfSSL 0:1239e9b70ca2 11084 return AES_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 11085
wolfSSL 0:1239e9b70ca2 11086 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 11087 case AES_128_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 11088 case AES_192_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 11089 case AES_256_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 11090 CYASSL_MSG("AES CTR");
wolfSSL 0:1239e9b70ca2 11091 return AES_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 11092 #endif
wolfSSL 0:1239e9b70ca2 11093
wolfSSL 0:1239e9b70ca2 11094 case DES_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11095 CYASSL_MSG("DES CBC");
wolfSSL 0:1239e9b70ca2 11096 return DES_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 11097
wolfSSL 0:1239e9b70ca2 11098 case DES_EDE3_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11099 CYASSL_MSG("DES EDE3 CBC");
wolfSSL 0:1239e9b70ca2 11100 return DES_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 11101
wolfSSL 0:1239e9b70ca2 11102 case ARC4_TYPE :
wolfSSL 0:1239e9b70ca2 11103 CYASSL_MSG("ARC4");
wolfSSL 0:1239e9b70ca2 11104 return 0;
wolfSSL 0:1239e9b70ca2 11105
wolfSSL 0:1239e9b70ca2 11106 case NULL_CIPHER_TYPE :
wolfSSL 0:1239e9b70ca2 11107 CYASSL_MSG("NULL");
wolfSSL 0:1239e9b70ca2 11108 return 0;
wolfSSL 0:1239e9b70ca2 11109
wolfSSL 0:1239e9b70ca2 11110 default: {
wolfSSL 0:1239e9b70ca2 11111 CYASSL_MSG("bad type");
wolfSSL 0:1239e9b70ca2 11112 }
wolfSSL 0:1239e9b70ca2 11113 }
wolfSSL 0:1239e9b70ca2 11114 return 0;
wolfSSL 0:1239e9b70ca2 11115 }
wolfSSL 0:1239e9b70ca2 11116
wolfSSL 0:1239e9b70ca2 11117
wolfSSL 0:1239e9b70ca2 11118 void CyaSSL_OPENSSL_free(void* p)
wolfSSL 0:1239e9b70ca2 11119 {
wolfSSL 0:1239e9b70ca2 11120 CYASSL_MSG("CyaSSL_OPENSSL_free");
wolfSSL 0:1239e9b70ca2 11121
wolfSSL 0:1239e9b70ca2 11122 XFREE(p, NULL, 0);
wolfSSL 0:1239e9b70ca2 11123 }
wolfSSL 0:1239e9b70ca2 11124
wolfSSL 0:1239e9b70ca2 11125
wolfSSL 0:1239e9b70ca2 11126 int CyaSSL_PEM_write_bio_RSAPrivateKey(CYASSL_BIO* bio, RSA* rsa,
wolfSSL 0:1239e9b70ca2 11127 const EVP_CIPHER* cipher,
wolfSSL 0:1239e9b70ca2 11128 unsigned char* passwd, int len,
wolfSSL 0:1239e9b70ca2 11129 pem_password_cb cb, void* arg)
wolfSSL 0:1239e9b70ca2 11130 {
wolfSSL 0:1239e9b70ca2 11131 (void)bio;
wolfSSL 0:1239e9b70ca2 11132 (void)rsa;
wolfSSL 0:1239e9b70ca2 11133 (void)cipher;
wolfSSL 0:1239e9b70ca2 11134 (void)passwd;
wolfSSL 0:1239e9b70ca2 11135 (void)len;
wolfSSL 0:1239e9b70ca2 11136 (void)cb;
wolfSSL 0:1239e9b70ca2 11137 (void)arg;
wolfSSL 0:1239e9b70ca2 11138
wolfSSL 0:1239e9b70ca2 11139 CYASSL_MSG("CyaSSL_PEM_write_bio_RSAPrivateKey");
wolfSSL 0:1239e9b70ca2 11140
wolfSSL 0:1239e9b70ca2 11141 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 11142 }
wolfSSL 0:1239e9b70ca2 11143
wolfSSL 0:1239e9b70ca2 11144
wolfSSL 0:1239e9b70ca2 11145
wolfSSL 0:1239e9b70ca2 11146 int CyaSSL_PEM_write_bio_DSAPrivateKey(CYASSL_BIO* bio, DSA* rsa,
wolfSSL 0:1239e9b70ca2 11147 const EVP_CIPHER* cipher,
wolfSSL 0:1239e9b70ca2 11148 unsigned char* passwd, int len,
wolfSSL 0:1239e9b70ca2 11149 pem_password_cb cb, void* arg)
wolfSSL 0:1239e9b70ca2 11150 {
wolfSSL 0:1239e9b70ca2 11151 (void)bio;
wolfSSL 0:1239e9b70ca2 11152 (void)rsa;
wolfSSL 0:1239e9b70ca2 11153 (void)cipher;
wolfSSL 0:1239e9b70ca2 11154 (void)passwd;
wolfSSL 0:1239e9b70ca2 11155 (void)len;
wolfSSL 0:1239e9b70ca2 11156 (void)cb;
wolfSSL 0:1239e9b70ca2 11157 (void)arg;
wolfSSL 0:1239e9b70ca2 11158
wolfSSL 0:1239e9b70ca2 11159 CYASSL_MSG("CyaSSL_PEM_write_bio_DSAPrivateKey");
wolfSSL 0:1239e9b70ca2 11160
wolfSSL 0:1239e9b70ca2 11161 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 11162 }
wolfSSL 0:1239e9b70ca2 11163
wolfSSL 0:1239e9b70ca2 11164
wolfSSL 0:1239e9b70ca2 11165
wolfSSL 0:1239e9b70ca2 11166 CYASSL_EVP_PKEY* CyaSSL_PEM_read_bio_PrivateKey(CYASSL_BIO* bio,
wolfSSL 0:1239e9b70ca2 11167 CYASSL_EVP_PKEY** key, pem_password_cb cb, void* arg)
wolfSSL 0:1239e9b70ca2 11168 {
wolfSSL 0:1239e9b70ca2 11169 (void)bio;
wolfSSL 0:1239e9b70ca2 11170 (void)key;
wolfSSL 0:1239e9b70ca2 11171 (void)cb;
wolfSSL 0:1239e9b70ca2 11172 (void)arg;
wolfSSL 0:1239e9b70ca2 11173
wolfSSL 0:1239e9b70ca2 11174 CYASSL_MSG("CyaSSL_PEM_read_bio_PrivateKey");
wolfSSL 0:1239e9b70ca2 11175
wolfSSL 0:1239e9b70ca2 11176 return NULL;
wolfSSL 0:1239e9b70ca2 11177 }
wolfSSL 0:1239e9b70ca2 11178
wolfSSL 0:1239e9b70ca2 11179
wolfSSL 0:1239e9b70ca2 11180
wolfSSL 0:1239e9b70ca2 11181
wolfSSL 0:1239e9b70ca2 11182 /* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
wolfSSL 0:1239e9b70ca2 11183 int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
wolfSSL 0:1239e9b70ca2 11184 {
wolfSSL 0:1239e9b70ca2 11185 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 11186 int ret;
wolfSSL 0:1239e9b70ca2 11187
wolfSSL 0:1239e9b70ca2 11188 CYASSL_ENTER("CyaSSL_RSA_LoadDer");
wolfSSL 0:1239e9b70ca2 11189
wolfSSL 0:1239e9b70ca2 11190 if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) {
wolfSSL 0:1239e9b70ca2 11191 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 11192 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11193 }
wolfSSL 0:1239e9b70ca2 11194
wolfSSL 0:1239e9b70ca2 11195 ret = RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz);
wolfSSL 0:1239e9b70ca2 11196 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 11197 CYASSL_MSG("RsaPrivateKeyDecode failed");
wolfSSL 0:1239e9b70ca2 11198 return ret;
wolfSSL 0:1239e9b70ca2 11199 }
wolfSSL 0:1239e9b70ca2 11200
wolfSSL 0:1239e9b70ca2 11201 if (SetRsaExternal(rsa) < 0) {
wolfSSL 0:1239e9b70ca2 11202 CYASSL_MSG("SetRsaExternal failed");
wolfSSL 0:1239e9b70ca2 11203 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 11204 }
wolfSSL 0:1239e9b70ca2 11205
wolfSSL 0:1239e9b70ca2 11206 rsa->inSet = 1;
wolfSSL 0:1239e9b70ca2 11207
wolfSSL 0:1239e9b70ca2 11208 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 11209 }
wolfSSL 0:1239e9b70ca2 11210
wolfSSL 0:1239e9b70ca2 11211
wolfSSL 0:1239e9b70ca2 11212 #ifndef NO_DSA
wolfSSL 0:1239e9b70ca2 11213 /* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
wolfSSL 0:1239e9b70ca2 11214 int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
wolfSSL 0:1239e9b70ca2 11215 {
wolfSSL 0:1239e9b70ca2 11216 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 11217 int ret;
wolfSSL 0:1239e9b70ca2 11218
wolfSSL 0:1239e9b70ca2 11219 CYASSL_ENTER("CyaSSL_DSA_LoadDer");
wolfSSL 0:1239e9b70ca2 11220
wolfSSL 0:1239e9b70ca2 11221 if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) {
wolfSSL 0:1239e9b70ca2 11222 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 11223 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11224 }
wolfSSL 0:1239e9b70ca2 11225
wolfSSL 0:1239e9b70ca2 11226 ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz);
wolfSSL 0:1239e9b70ca2 11227 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 11228 CYASSL_MSG("DsaPrivateKeyDecode failed");
wolfSSL 0:1239e9b70ca2 11229 return ret;
wolfSSL 0:1239e9b70ca2 11230 }
wolfSSL 0:1239e9b70ca2 11231
wolfSSL 0:1239e9b70ca2 11232 if (SetDsaExternal(dsa) < 0) {
wolfSSL 0:1239e9b70ca2 11233 CYASSL_MSG("SetDsaExternal failed");
wolfSSL 0:1239e9b70ca2 11234 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 11235 }
wolfSSL 0:1239e9b70ca2 11236
wolfSSL 0:1239e9b70ca2 11237 dsa->inSet = 1;
wolfSSL 0:1239e9b70ca2 11238
wolfSSL 0:1239e9b70ca2 11239 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 11240 }
wolfSSL 0:1239e9b70ca2 11241 #endif /* NO_DSA */
wolfSSL 0:1239e9b70ca2 11242
wolfSSL 0:1239e9b70ca2 11243
wolfSSL 0:1239e9b70ca2 11244
wolfSSL 0:1239e9b70ca2 11245
wolfSSL 0:1239e9b70ca2 11246 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 11247
wolfSSL 0:1239e9b70ca2 11248
wolfSSL 0:1239e9b70ca2 11249 #ifdef SESSION_CERTS
wolfSSL 0:1239e9b70ca2 11250
wolfSSL 0:1239e9b70ca2 11251
wolfSSL 0:1239e9b70ca2 11252 /* Get peer's certificate chain */
wolfSSL 0:1239e9b70ca2 11253 CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11254 {
wolfSSL 0:1239e9b70ca2 11255 CYASSL_ENTER("CyaSSL_get_peer_chain");
wolfSSL 0:1239e9b70ca2 11256 if (ssl)
wolfSSL 0:1239e9b70ca2 11257 return &ssl->session.chain;
wolfSSL 0:1239e9b70ca2 11258
wolfSSL 0:1239e9b70ca2 11259 return 0;
wolfSSL 0:1239e9b70ca2 11260 }
wolfSSL 0:1239e9b70ca2 11261
wolfSSL 0:1239e9b70ca2 11262
wolfSSL 0:1239e9b70ca2 11263 /* Get peer's certificate chain total count */
wolfSSL 0:1239e9b70ca2 11264 int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain)
wolfSSL 0:1239e9b70ca2 11265 {
wolfSSL 0:1239e9b70ca2 11266 CYASSL_ENTER("CyaSSL_get_chain_count");
wolfSSL 0:1239e9b70ca2 11267 if (chain)
wolfSSL 0:1239e9b70ca2 11268 return chain->count;
wolfSSL 0:1239e9b70ca2 11269
wolfSSL 0:1239e9b70ca2 11270 return 0;
wolfSSL 0:1239e9b70ca2 11271 }
wolfSSL 0:1239e9b70ca2 11272
wolfSSL 0:1239e9b70ca2 11273
wolfSSL 0:1239e9b70ca2 11274 /* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */
wolfSSL 0:1239e9b70ca2 11275 int CyaSSL_get_chain_length(CYASSL_X509_CHAIN* chain, int idx)
wolfSSL 0:1239e9b70ca2 11276 {
wolfSSL 0:1239e9b70ca2 11277 CYASSL_ENTER("CyaSSL_get_chain_length");
wolfSSL 0:1239e9b70ca2 11278 if (chain)
wolfSSL 0:1239e9b70ca2 11279 return chain->certs[idx].length;
wolfSSL 0:1239e9b70ca2 11280
wolfSSL 0:1239e9b70ca2 11281 return 0;
wolfSSL 0:1239e9b70ca2 11282 }
wolfSSL 0:1239e9b70ca2 11283
wolfSSL 0:1239e9b70ca2 11284
wolfSSL 0:1239e9b70ca2 11285 /* Get peer's ASN.1 DER ceritifcate at index (idx) */
wolfSSL 0:1239e9b70ca2 11286 byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx)
wolfSSL 0:1239e9b70ca2 11287 {
wolfSSL 0:1239e9b70ca2 11288 CYASSL_ENTER("CyaSSL_get_chain_cert");
wolfSSL 0:1239e9b70ca2 11289 if (chain)
wolfSSL 0:1239e9b70ca2 11290 return chain->certs[idx].buffer;
wolfSSL 0:1239e9b70ca2 11291
wolfSSL 0:1239e9b70ca2 11292 return 0;
wolfSSL 0:1239e9b70ca2 11293 }
wolfSSL 0:1239e9b70ca2 11294
wolfSSL 0:1239e9b70ca2 11295
wolfSSL 0:1239e9b70ca2 11296 /* Get peer's CyaSSL X509 ceritifcate at index (idx) */
wolfSSL 0:1239e9b70ca2 11297 CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx)
wolfSSL 0:1239e9b70ca2 11298 {
wolfSSL 0:1239e9b70ca2 11299 int ret;
wolfSSL 0:1239e9b70ca2 11300 CYASSL_X509* x509;
wolfSSL 0:1239e9b70ca2 11301 DecodedCert dCert;
wolfSSL 0:1239e9b70ca2 11302
wolfSSL 0:1239e9b70ca2 11303 CYASSL_ENTER("CyaSSL_get_chain_X509");
wolfSSL 0:1239e9b70ca2 11304 if (chain == NULL)
wolfSSL 0:1239e9b70ca2 11305 return NULL;
wolfSSL 0:1239e9b70ca2 11306
wolfSSL 0:1239e9b70ca2 11307 InitDecodedCert(&dCert, chain->certs[idx].buffer, chain->certs[idx].length,
wolfSSL 0:1239e9b70ca2 11308 NULL);
wolfSSL 0:1239e9b70ca2 11309 ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
wolfSSL 0:1239e9b70ca2 11310 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 11311 CYASSL_MSG("Failed to parse cert");
wolfSSL 0:1239e9b70ca2 11312 FreeDecodedCert(&dCert);
wolfSSL 0:1239e9b70ca2 11313 return NULL;
wolfSSL 0:1239e9b70ca2 11314 }
wolfSSL 0:1239e9b70ca2 11315
wolfSSL 0:1239e9b70ca2 11316 x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 11317 if (x509 == NULL) {
wolfSSL 0:1239e9b70ca2 11318 CYASSL_MSG("Failed alloc X509");
wolfSSL 0:1239e9b70ca2 11319 FreeDecodedCert(&dCert);
wolfSSL 0:1239e9b70ca2 11320 return NULL;
wolfSSL 0:1239e9b70ca2 11321 }
wolfSSL 0:1239e9b70ca2 11322 InitX509(x509, 1);
wolfSSL 0:1239e9b70ca2 11323
wolfSSL 0:1239e9b70ca2 11324 ret = CopyDecodedToX509(x509, &dCert);
wolfSSL 0:1239e9b70ca2 11325 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 11326 CYASSL_MSG("Failed to copy decoded");
wolfSSL 0:1239e9b70ca2 11327 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 11328 x509 = NULL;
wolfSSL 0:1239e9b70ca2 11329 }
wolfSSL 0:1239e9b70ca2 11330 FreeDecodedCert(&dCert);
wolfSSL 0:1239e9b70ca2 11331
wolfSSL 0:1239e9b70ca2 11332 return x509;
wolfSSL 0:1239e9b70ca2 11333 }
wolfSSL 0:1239e9b70ca2 11334
wolfSSL 0:1239e9b70ca2 11335
wolfSSL 0:1239e9b70ca2 11336 /* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
wolfSSL 0:1239e9b70ca2 11337 enough else return error (-1), output length is in *outLen
wolfSSL 0:1239e9b70ca2 11338 SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 11339 int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx,
wolfSSL 0:1239e9b70ca2 11340 unsigned char* buf, int inLen, int* outLen)
wolfSSL 0:1239e9b70ca2 11341 {
wolfSSL 0:1239e9b70ca2 11342 const char header[] = "-----BEGIN CERTIFICATE-----\n";
wolfSSL 0:1239e9b70ca2 11343 const char footer[] = "-----END CERTIFICATE-----\n";
wolfSSL 0:1239e9b70ca2 11344
wolfSSL 0:1239e9b70ca2 11345 int headerLen = sizeof(header) - 1;
wolfSSL 0:1239e9b70ca2 11346 int footerLen = sizeof(footer) - 1;
wolfSSL 0:1239e9b70ca2 11347 int i;
wolfSSL 0:1239e9b70ca2 11348 int err;
wolfSSL 0:1239e9b70ca2 11349
wolfSSL 0:1239e9b70ca2 11350 CYASSL_ENTER("CyaSSL_get_chain_cert_pem");
wolfSSL 0:1239e9b70ca2 11351 if (!chain || !outLen || !buf)
wolfSSL 0:1239e9b70ca2 11352 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11353
wolfSSL 0:1239e9b70ca2 11354 /* don't even try if inLen too short */
wolfSSL 0:1239e9b70ca2 11355 if (inLen < headerLen + footerLen + chain->certs[idx].length)
wolfSSL 0:1239e9b70ca2 11356 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11357
wolfSSL 0:1239e9b70ca2 11358 /* header */
wolfSSL 0:1239e9b70ca2 11359 XMEMCPY(buf, header, headerLen);
wolfSSL 0:1239e9b70ca2 11360 i = headerLen;
wolfSSL 0:1239e9b70ca2 11361
wolfSSL 0:1239e9b70ca2 11362 /* body */
wolfSSL 0:1239e9b70ca2 11363 *outLen = inLen; /* input to Base64_Encode */
wolfSSL 0:1239e9b70ca2 11364 if ( (err = Base64_Encode(chain->certs[idx].buffer,
wolfSSL 0:1239e9b70ca2 11365 chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
wolfSSL 0:1239e9b70ca2 11366 return err;
wolfSSL 0:1239e9b70ca2 11367 i += *outLen;
wolfSSL 0:1239e9b70ca2 11368
wolfSSL 0:1239e9b70ca2 11369 /* footer */
wolfSSL 0:1239e9b70ca2 11370 if ( (i + footerLen) > inLen)
wolfSSL 0:1239e9b70ca2 11371 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11372 XMEMCPY(buf + i, footer, footerLen);
wolfSSL 0:1239e9b70ca2 11373 *outLen += headerLen + footerLen;
wolfSSL 0:1239e9b70ca2 11374
wolfSSL 0:1239e9b70ca2 11375 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 11376 }
wolfSSL 0:1239e9b70ca2 11377
wolfSSL 0:1239e9b70ca2 11378
wolfSSL 0:1239e9b70ca2 11379 /* get session ID */
wolfSSL 0:1239e9b70ca2 11380 const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 11381 {
wolfSSL 0:1239e9b70ca2 11382 CYASSL_ENTER("CyaSSL_get_sessionID");
wolfSSL 0:1239e9b70ca2 11383 if (session)
wolfSSL 0:1239e9b70ca2 11384 return session->sessionID;
wolfSSL 0:1239e9b70ca2 11385
wolfSSL 0:1239e9b70ca2 11386 return NULL;
wolfSSL 0:1239e9b70ca2 11387 }
wolfSSL 0:1239e9b70ca2 11388
wolfSSL 0:1239e9b70ca2 11389
wolfSSL 0:1239e9b70ca2 11390 #endif /* SESSION_CERTS */
wolfSSL 0:1239e9b70ca2 11391
wolfSSL 0:1239e9b70ca2 11392
wolfSSL 0:1239e9b70ca2 11393 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 11394 #ifdef HAVE_PK_CALLBACKS
wolfSSL 0:1239e9b70ca2 11395
wolfSSL 0:1239e9b70ca2 11396 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 11397
wolfSSL 0:1239e9b70ca2 11398 void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX* ctx, CallbackEccSign cb)
wolfSSL 0:1239e9b70ca2 11399 {
wolfSSL 0:1239e9b70ca2 11400 if (ctx)
wolfSSL 0:1239e9b70ca2 11401 ctx->EccSignCb = cb;
wolfSSL 0:1239e9b70ca2 11402 }
wolfSSL 0:1239e9b70ca2 11403
wolfSSL 0:1239e9b70ca2 11404
wolfSSL 0:1239e9b70ca2 11405 void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11406 {
wolfSSL 0:1239e9b70ca2 11407 if (ssl)
wolfSSL 0:1239e9b70ca2 11408 ssl->EccSignCtx = ctx;
wolfSSL 0:1239e9b70ca2 11409 }
wolfSSL 0:1239e9b70ca2 11410
wolfSSL 0:1239e9b70ca2 11411
wolfSSL 0:1239e9b70ca2 11412 void* CyaSSL_GetEccSignCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11413 {
wolfSSL 0:1239e9b70ca2 11414 if (ssl)
wolfSSL 0:1239e9b70ca2 11415 return ssl->EccSignCtx;
wolfSSL 0:1239e9b70ca2 11416
wolfSSL 0:1239e9b70ca2 11417 return NULL;
wolfSSL 0:1239e9b70ca2 11418 }
wolfSSL 0:1239e9b70ca2 11419
wolfSSL 0:1239e9b70ca2 11420
wolfSSL 0:1239e9b70ca2 11421 void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX* ctx, CallbackEccVerify cb)
wolfSSL 0:1239e9b70ca2 11422 {
wolfSSL 0:1239e9b70ca2 11423 if (ctx)
wolfSSL 0:1239e9b70ca2 11424 ctx->EccVerifyCb = cb;
wolfSSL 0:1239e9b70ca2 11425 }
wolfSSL 0:1239e9b70ca2 11426
wolfSSL 0:1239e9b70ca2 11427
wolfSSL 0:1239e9b70ca2 11428 void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11429 {
wolfSSL 0:1239e9b70ca2 11430 if (ssl)
wolfSSL 0:1239e9b70ca2 11431 ssl->EccVerifyCtx = ctx;
wolfSSL 0:1239e9b70ca2 11432 }
wolfSSL 0:1239e9b70ca2 11433
wolfSSL 0:1239e9b70ca2 11434
wolfSSL 0:1239e9b70ca2 11435 void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11436 {
wolfSSL 0:1239e9b70ca2 11437 if (ssl)
wolfSSL 0:1239e9b70ca2 11438 return ssl->EccVerifyCtx;
wolfSSL 0:1239e9b70ca2 11439
wolfSSL 0:1239e9b70ca2 11440 return NULL;
wolfSSL 0:1239e9b70ca2 11441 }
wolfSSL 0:1239e9b70ca2 11442
wolfSSL 0:1239e9b70ca2 11443 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 11444
wolfSSL 0:1239e9b70ca2 11445 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 11446
wolfSSL 0:1239e9b70ca2 11447 void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX* ctx, CallbackRsaSign cb)
wolfSSL 0:1239e9b70ca2 11448 {
wolfSSL 0:1239e9b70ca2 11449 if (ctx)
wolfSSL 0:1239e9b70ca2 11450 ctx->RsaSignCb = cb;
wolfSSL 0:1239e9b70ca2 11451 }
wolfSSL 0:1239e9b70ca2 11452
wolfSSL 0:1239e9b70ca2 11453
wolfSSL 0:1239e9b70ca2 11454 void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11455 {
wolfSSL 0:1239e9b70ca2 11456 if (ssl)
wolfSSL 0:1239e9b70ca2 11457 ssl->RsaSignCtx = ctx;
wolfSSL 0:1239e9b70ca2 11458 }
wolfSSL 0:1239e9b70ca2 11459
wolfSSL 0:1239e9b70ca2 11460
wolfSSL 0:1239e9b70ca2 11461 void* CyaSSL_GetRsaSignCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11462 {
wolfSSL 0:1239e9b70ca2 11463 if (ssl)
wolfSSL 0:1239e9b70ca2 11464 return ssl->RsaSignCtx;
wolfSSL 0:1239e9b70ca2 11465
wolfSSL 0:1239e9b70ca2 11466 return NULL;
wolfSSL 0:1239e9b70ca2 11467 }
wolfSSL 0:1239e9b70ca2 11468
wolfSSL 0:1239e9b70ca2 11469
wolfSSL 0:1239e9b70ca2 11470 void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX* ctx, CallbackRsaVerify cb)
wolfSSL 0:1239e9b70ca2 11471 {
wolfSSL 0:1239e9b70ca2 11472 if (ctx)
wolfSSL 0:1239e9b70ca2 11473 ctx->RsaVerifyCb = cb;
wolfSSL 0:1239e9b70ca2 11474 }
wolfSSL 0:1239e9b70ca2 11475
wolfSSL 0:1239e9b70ca2 11476
wolfSSL 0:1239e9b70ca2 11477 void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11478 {
wolfSSL 0:1239e9b70ca2 11479 if (ssl)
wolfSSL 0:1239e9b70ca2 11480 ssl->RsaVerifyCtx = ctx;
wolfSSL 0:1239e9b70ca2 11481 }
wolfSSL 0:1239e9b70ca2 11482
wolfSSL 0:1239e9b70ca2 11483
wolfSSL 0:1239e9b70ca2 11484 void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11485 {
wolfSSL 0:1239e9b70ca2 11486 if (ssl)
wolfSSL 0:1239e9b70ca2 11487 return ssl->RsaVerifyCtx;
wolfSSL 0:1239e9b70ca2 11488
wolfSSL 0:1239e9b70ca2 11489 return NULL;
wolfSSL 0:1239e9b70ca2 11490 }
wolfSSL 0:1239e9b70ca2 11491
wolfSSL 0:1239e9b70ca2 11492 void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX* ctx, CallbackRsaEnc cb)
wolfSSL 0:1239e9b70ca2 11493 {
wolfSSL 0:1239e9b70ca2 11494 if (ctx)
wolfSSL 0:1239e9b70ca2 11495 ctx->RsaEncCb = cb;
wolfSSL 0:1239e9b70ca2 11496 }
wolfSSL 0:1239e9b70ca2 11497
wolfSSL 0:1239e9b70ca2 11498
wolfSSL 0:1239e9b70ca2 11499 void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11500 {
wolfSSL 0:1239e9b70ca2 11501 if (ssl)
wolfSSL 0:1239e9b70ca2 11502 ssl->RsaEncCtx = ctx;
wolfSSL 0:1239e9b70ca2 11503 }
wolfSSL 0:1239e9b70ca2 11504
wolfSSL 0:1239e9b70ca2 11505
wolfSSL 0:1239e9b70ca2 11506 void* CyaSSL_GetRsaEncCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11507 {
wolfSSL 0:1239e9b70ca2 11508 if (ssl)
wolfSSL 0:1239e9b70ca2 11509 return ssl->RsaEncCtx;
wolfSSL 0:1239e9b70ca2 11510
wolfSSL 0:1239e9b70ca2 11511 return NULL;
wolfSSL 0:1239e9b70ca2 11512 }
wolfSSL 0:1239e9b70ca2 11513
wolfSSL 0:1239e9b70ca2 11514 void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX* ctx, CallbackRsaDec cb)
wolfSSL 0:1239e9b70ca2 11515 {
wolfSSL 0:1239e9b70ca2 11516 if (ctx)
wolfSSL 0:1239e9b70ca2 11517 ctx->RsaDecCb = cb;
wolfSSL 0:1239e9b70ca2 11518 }
wolfSSL 0:1239e9b70ca2 11519
wolfSSL 0:1239e9b70ca2 11520
wolfSSL 0:1239e9b70ca2 11521 void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11522 {
wolfSSL 0:1239e9b70ca2 11523 if (ssl)
wolfSSL 0:1239e9b70ca2 11524 ssl->RsaDecCtx = ctx;
wolfSSL 0:1239e9b70ca2 11525 }
wolfSSL 0:1239e9b70ca2 11526
wolfSSL 0:1239e9b70ca2 11527
wolfSSL 0:1239e9b70ca2 11528 void* CyaSSL_GetRsaDecCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11529 {
wolfSSL 0:1239e9b70ca2 11530 if (ssl)
wolfSSL 0:1239e9b70ca2 11531 return ssl->RsaDecCtx;
wolfSSL 0:1239e9b70ca2 11532
wolfSSL 0:1239e9b70ca2 11533 return NULL;
wolfSSL 0:1239e9b70ca2 11534 }
wolfSSL 0:1239e9b70ca2 11535
wolfSSL 0:1239e9b70ca2 11536
wolfSSL 0:1239e9b70ca2 11537 #endif /* NO_RSA */
wolfSSL 0:1239e9b70ca2 11538
wolfSSL 0:1239e9b70ca2 11539 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 0:1239e9b70ca2 11540 #endif /* NO_CERTS */
wolfSSL 0:1239e9b70ca2 11541
wolfSSL 0:1239e9b70ca2 11542
wolfSSL 0:1239e9b70ca2 11543 #ifdef CYASSL_HAVE_WOLFSCEP
wolfSSL 0:1239e9b70ca2 11544 /* Used by autoconf to see if wolfSCEP is available */
wolfSSL 0:1239e9b70ca2 11545 void CyaSSL_wolfSCEP(void) {}
wolfSSL 0:1239e9b70ca2 11546 #endif
wolfSSL 0:1239e9b70ca2 11547
wolfSSL 0:1239e9b70ca2 11548
wolfSSL 0:1239e9b70ca2 11549 #ifdef CYASSL_HAVE_CERT_SERVICE
wolfSSL 0:1239e9b70ca2 11550 /* Used by autoconf to see if cert service is available */
wolfSSL 0:1239e9b70ca2 11551 void CyaSSL_cert_service(void) {}
wolfSSL 0:1239e9b70ca2 11552 #endif
wolfSSL 0:1239e9b70ca2 11553
wolfSSL 0:1239e9b70ca2 11554