CyaSSL - CyaSSL changed for NucleoF401RE board: implemente…

Users » Vanger » Code » CyaSSL

CyaSSL changed for NucleoF401RE board: implemented random and time functions for build. (Has trouble with wildcard domains like *.google.com, *.yahoo.com)

Fork of CyaSSL by wolf SSL

src/tls.c@4:e505054279ed, 2015-01-14 (annotated)

Committer:: Vanger
Date:: Wed Jan 14 22:07:14 2015 +0000
Revision:: 4:e505054279ed
Parent:: 0:1239e9b70ca2

Implemented some platform specific functions in the Cyassl library code: time functions, seed random functions, and also changed the settings.h file to define settings specific to the platform being used

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	0:1239e9b70ca2	1	/* tls.c
wolfSSL	0:1239e9b70ca2	2	*
wolfSSL	0:1239e9b70ca2	3	* Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL	0:1239e9b70ca2	4	*
wolfSSL	0:1239e9b70ca2	5	* This file is part of CyaSSL.
wolfSSL	0:1239e9b70ca2	6	*
wolfSSL	0:1239e9b70ca2	7	* CyaSSL is free software; you can redistribute it and/or modify
wolfSSL	0:1239e9b70ca2	8	* it under the terms of the GNU General Public License as published by
wolfSSL	0:1239e9b70ca2	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	0:1239e9b70ca2	10	* (at your option) any later version.
wolfSSL	0:1239e9b70ca2	11	*
wolfSSL	0:1239e9b70ca2	12	* CyaSSL is distributed in the hope that it will be useful,
wolfSSL	0:1239e9b70ca2	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	0:1239e9b70ca2	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	0:1239e9b70ca2	15	* GNU General Public License for more details.
wolfSSL	0:1239e9b70ca2	16	*
wolfSSL	0:1239e9b70ca2	17	* You should have received a copy of the GNU General Public License
wolfSSL	0:1239e9b70ca2	18	* along with this program; if not, write to the Free Software
wolfSSL	0:1239e9b70ca2	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL	0:1239e9b70ca2	20	*/
wolfSSL	0:1239e9b70ca2	21
wolfSSL	0:1239e9b70ca2	22	#ifdef HAVE_CONFIG_H
wolfSSL	0:1239e9b70ca2	23	#include <config.h>
wolfSSL	0:1239e9b70ca2	24	#endif
wolfSSL	0:1239e9b70ca2	25
wolfSSL	0:1239e9b70ca2	26	#include <cyassl/ctaocrypt/settings.h>
wolfSSL	0:1239e9b70ca2	27
wolfSSL	0:1239e9b70ca2	28	#include <cyassl/ssl.h>
wolfSSL	0:1239e9b70ca2	29	#include <cyassl/internal.h>
wolfSSL	0:1239e9b70ca2	30	#include <cyassl/error-ssl.h>
wolfSSL	0:1239e9b70ca2	31	#include <cyassl/ctaocrypt/hmac.h>
wolfSSL	0:1239e9b70ca2	32
wolfSSL	0:1239e9b70ca2	33
wolfSSL	0:1239e9b70ca2	34
wolfSSL	0:1239e9b70ca2	35	#ifndef NO_TLS
wolfSSL	0:1239e9b70ca2	36
wolfSSL	0:1239e9b70ca2	37
wolfSSL	0:1239e9b70ca2	38	#ifndef min
wolfSSL	0:1239e9b70ca2	39
wolfSSL	0:1239e9b70ca2	40	static INLINE word32 min(word32 a, word32 b)
wolfSSL	0:1239e9b70ca2	41	{
wolfSSL	0:1239e9b70ca2	42	return a > b ? b : a;
wolfSSL	0:1239e9b70ca2	43	}
wolfSSL	0:1239e9b70ca2	44
wolfSSL	0:1239e9b70ca2	45	#endif /* min */
wolfSSL	0:1239e9b70ca2	46
wolfSSL	0:1239e9b70ca2	47
wolfSSL	0:1239e9b70ca2	48	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	49	#define PHASH_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
wolfSSL	0:1239e9b70ca2	50	#else
wolfSSL	0:1239e9b70ca2	51	#define PHASH_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
wolfSSL	0:1239e9b70ca2	52	#endif
wolfSSL	0:1239e9b70ca2	53
wolfSSL	0:1239e9b70ca2	54	/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
wolfSSL	0:1239e9b70ca2	55	static int p_hash(byte* result, word32 resLen, const byte* secret,
wolfSSL	0:1239e9b70ca2	56	word32 secLen, const byte* seed, word32 seedLen, int hash)
wolfSSL	0:1239e9b70ca2	57	{
wolfSSL	0:1239e9b70ca2	58	word32 len = PHASH_MAX_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	59	word32 times;
wolfSSL	0:1239e9b70ca2	60	word32 lastLen;
wolfSSL	0:1239e9b70ca2	61	word32 lastTime;
wolfSSL	0:1239e9b70ca2	62	word32 i;
wolfSSL	0:1239e9b70ca2	63	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	64	int ret;
wolfSSL	0:1239e9b70ca2	65	byte previous[PHASH_MAX_DIGEST_SIZE]; /* max size */
wolfSSL	0:1239e9b70ca2	66	byte current[PHASH_MAX_DIGEST_SIZE]; /* max size */
wolfSSL	0:1239e9b70ca2	67
wolfSSL	0:1239e9b70ca2	68	Hmac hmac;
wolfSSL	0:1239e9b70ca2	69
wolfSSL	0:1239e9b70ca2	70	switch (hash) {
wolfSSL	0:1239e9b70ca2	71	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	72	case md5_mac:
wolfSSL	0:1239e9b70ca2	73	{
wolfSSL	0:1239e9b70ca2	74	len = MD5_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	75	hash = MD5;
wolfSSL	0:1239e9b70ca2	76	}
wolfSSL	0:1239e9b70ca2	77	break;
wolfSSL	0:1239e9b70ca2	78	#endif
wolfSSL	0:1239e9b70ca2	79	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	80	case sha256_mac:
wolfSSL	0:1239e9b70ca2	81	{
wolfSSL	0:1239e9b70ca2	82	len = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	83	hash = SHA256;
wolfSSL	0:1239e9b70ca2	84	}
wolfSSL	0:1239e9b70ca2	85	break;
wolfSSL	0:1239e9b70ca2	86	#endif
wolfSSL	0:1239e9b70ca2	87	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	88	case sha384_mac:
wolfSSL	0:1239e9b70ca2	89	{
wolfSSL	0:1239e9b70ca2	90	len = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	91	hash = SHA384;
wolfSSL	0:1239e9b70ca2	92	}
wolfSSL	0:1239e9b70ca2	93	break;
wolfSSL	0:1239e9b70ca2	94	#endif
wolfSSL	0:1239e9b70ca2	95	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	96	case sha_mac:
wolfSSL	0:1239e9b70ca2	97	default:
wolfSSL	0:1239e9b70ca2	98	{
wolfSSL	0:1239e9b70ca2	99	len = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	100	hash = SHA;
wolfSSL	0:1239e9b70ca2	101	}
wolfSSL	0:1239e9b70ca2	102	break;
wolfSSL	0:1239e9b70ca2	103	#endif
wolfSSL	0:1239e9b70ca2	104	}
wolfSSL	0:1239e9b70ca2	105
wolfSSL	0:1239e9b70ca2	106	times = resLen / len;
wolfSSL	0:1239e9b70ca2	107	lastLen = resLen % len;
wolfSSL	0:1239e9b70ca2	108	if (lastLen) times += 1;
wolfSSL	0:1239e9b70ca2	109	lastTime = times - 1;
wolfSSL	0:1239e9b70ca2	110
wolfSSL	0:1239e9b70ca2	111	ret = HmacSetKey(&hmac, hash, secret, secLen);
wolfSSL	0:1239e9b70ca2	112	if (ret != 0)
wolfSSL	0:1239e9b70ca2	113	return ret;
wolfSSL	0:1239e9b70ca2	114	ret = HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */
wolfSSL	0:1239e9b70ca2	115	if (ret != 0)
wolfSSL	0:1239e9b70ca2	116	return ret;
wolfSSL	0:1239e9b70ca2	117	ret = HmacFinal(&hmac, previous); /* A1 */
wolfSSL	0:1239e9b70ca2	118	if (ret != 0)
wolfSSL	0:1239e9b70ca2	119	return ret;
wolfSSL	0:1239e9b70ca2	120
wolfSSL	0:1239e9b70ca2	121	for (i = 0; i < times; i++) {
wolfSSL	0:1239e9b70ca2	122	ret = HmacUpdate(&hmac, previous, len);
wolfSSL	0:1239e9b70ca2	123	if (ret != 0)
wolfSSL	0:1239e9b70ca2	124	return ret;
wolfSSL	0:1239e9b70ca2	125	ret = HmacUpdate(&hmac, seed, seedLen);
wolfSSL	0:1239e9b70ca2	126	if (ret != 0)
wolfSSL	0:1239e9b70ca2	127	return ret;
wolfSSL	0:1239e9b70ca2	128	ret = HmacFinal(&hmac, current);
wolfSSL	0:1239e9b70ca2	129	if (ret != 0)
wolfSSL	0:1239e9b70ca2	130	return ret;
wolfSSL	0:1239e9b70ca2	131
wolfSSL	0:1239e9b70ca2	132	if ( (i == lastTime) && lastLen)
wolfSSL	0:1239e9b70ca2	133	XMEMCPY(&result[idx], current, min(lastLen, sizeof(current)));
wolfSSL	0:1239e9b70ca2	134	else {
wolfSSL	0:1239e9b70ca2	135	XMEMCPY(&result[idx], current, len);
wolfSSL	0:1239e9b70ca2	136	idx += len;
wolfSSL	0:1239e9b70ca2	137	ret = HmacUpdate(&hmac, previous, len);
wolfSSL	0:1239e9b70ca2	138	if (ret != 0)
wolfSSL	0:1239e9b70ca2	139	return ret;
wolfSSL	0:1239e9b70ca2	140	ret = HmacFinal(&hmac, previous);
wolfSSL	0:1239e9b70ca2	141	if (ret != 0)
wolfSSL	0:1239e9b70ca2	142	return ret;
wolfSSL	0:1239e9b70ca2	143	}
wolfSSL	0:1239e9b70ca2	144	}
wolfSSL	0:1239e9b70ca2	145	XMEMSET(previous, 0, sizeof previous);
wolfSSL	0:1239e9b70ca2	146	XMEMSET(current, 0, sizeof current);
wolfSSL	0:1239e9b70ca2	147	XMEMSET(&hmac, 0, sizeof hmac);
wolfSSL	0:1239e9b70ca2	148
wolfSSL	0:1239e9b70ca2	149	return 0;
wolfSSL	0:1239e9b70ca2	150	}
wolfSSL	0:1239e9b70ca2	151
wolfSSL	0:1239e9b70ca2	152
wolfSSL	0:1239e9b70ca2	153
wolfSSL	0:1239e9b70ca2	154	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	155
wolfSSL	0:1239e9b70ca2	156	/* calculate XOR for TLSv1 PRF */
wolfSSL	0:1239e9b70ca2	157	static INLINE void get_xor(byte digest, word32 digLen, byte md5, byte* sha)
wolfSSL	0:1239e9b70ca2	158	{
wolfSSL	0:1239e9b70ca2	159	word32 i;
wolfSSL	0:1239e9b70ca2	160
wolfSSL	0:1239e9b70ca2	161	for (i = 0; i < digLen; i++)
wolfSSL	0:1239e9b70ca2	162	digest[i] = md5[i] ^ sha[i];
wolfSSL	0:1239e9b70ca2	163	}
wolfSSL	0:1239e9b70ca2	164
wolfSSL	0:1239e9b70ca2	165
wolfSSL	0:1239e9b70ca2	166	/* compute TLSv1 PRF (pseudo random function using HMAC) */
wolfSSL	0:1239e9b70ca2	167	static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
wolfSSL	0:1239e9b70ca2	168	const byte* label, word32 labLen, const byte* seed,
wolfSSL	0:1239e9b70ca2	169	word32 seedLen)
wolfSSL	0:1239e9b70ca2	170	{
wolfSSL	0:1239e9b70ca2	171	int ret;
wolfSSL	0:1239e9b70ca2	172	word32 half = (secLen + 1) / 2;
wolfSSL	0:1239e9b70ca2	173
wolfSSL	0:1239e9b70ca2	174	byte md5_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL	0:1239e9b70ca2	175	byte sha_half[MAX_PRF_HALF]; /* half is real size */
wolfSSL	0:1239e9b70ca2	176	byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL	0:1239e9b70ca2	177	byte md5_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL	0:1239e9b70ca2	178	byte sha_result[MAX_PRF_DIG]; /* digLen is real size */
wolfSSL	0:1239e9b70ca2	179
wolfSSL	0:1239e9b70ca2	180	if (half > MAX_PRF_HALF)
wolfSSL	0:1239e9b70ca2	181	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	182	if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL	0:1239e9b70ca2	183	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	184	if (digLen > MAX_PRF_DIG)
wolfSSL	0:1239e9b70ca2	185	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	186
wolfSSL	0:1239e9b70ca2	187	XMEMSET(md5_result, 0, digLen);
wolfSSL	0:1239e9b70ca2	188	XMEMSET(sha_result, 0, digLen);
wolfSSL	0:1239e9b70ca2	189
wolfSSL	0:1239e9b70ca2	190	XMEMCPY(md5_half, secret, half);
wolfSSL	0:1239e9b70ca2	191	XMEMCPY(sha_half, secret + half - secLen % 2, half);
wolfSSL	0:1239e9b70ca2	192
wolfSSL	0:1239e9b70ca2	193	XMEMCPY(labelSeed, label, labLen);
wolfSSL	0:1239e9b70ca2	194	XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL	0:1239e9b70ca2	195
wolfSSL	0:1239e9b70ca2	196	ret = p_hash(md5_result, digLen, md5_half, half, labelSeed,
wolfSSL	0:1239e9b70ca2	197	labLen + seedLen, md5_mac);
wolfSSL	0:1239e9b70ca2	198	if (ret != 0)
wolfSSL	0:1239e9b70ca2	199	return ret;
wolfSSL	0:1239e9b70ca2	200	ret = p_hash(sha_result, digLen, sha_half, half, labelSeed,
wolfSSL	0:1239e9b70ca2	201	labLen + seedLen, sha_mac);
wolfSSL	0:1239e9b70ca2	202	if (ret != 0)
wolfSSL	0:1239e9b70ca2	203	return ret;
wolfSSL	0:1239e9b70ca2	204	get_xor(digest, digLen, md5_result, sha_result);
wolfSSL	0:1239e9b70ca2	205
wolfSSL	0:1239e9b70ca2	206	return 0;
wolfSSL	0:1239e9b70ca2	207	}
wolfSSL	0:1239e9b70ca2	208
wolfSSL	0:1239e9b70ca2	209	#endif
wolfSSL	0:1239e9b70ca2	210
wolfSSL	0:1239e9b70ca2	211
wolfSSL	0:1239e9b70ca2	212	/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
wolfSSL	0:1239e9b70ca2	213	use */
wolfSSL	0:1239e9b70ca2	214	static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
wolfSSL	0:1239e9b70ca2	215	const byte* label, word32 labLen, const byte* seed, word32 seedLen,
wolfSSL	0:1239e9b70ca2	216	int useAtLeastSha256, int hash_type)
wolfSSL	0:1239e9b70ca2	217	{
wolfSSL	0:1239e9b70ca2	218	int ret = 0;
wolfSSL	0:1239e9b70ca2	219
wolfSSL	0:1239e9b70ca2	220	if (useAtLeastSha256) {
wolfSSL	0:1239e9b70ca2	221	byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
wolfSSL	0:1239e9b70ca2	222
wolfSSL	0:1239e9b70ca2	223	if (labLen + seedLen > MAX_PRF_LABSEED)
wolfSSL	0:1239e9b70ca2	224	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	225
wolfSSL	0:1239e9b70ca2	226	XMEMCPY(labelSeed, label, labLen);
wolfSSL	0:1239e9b70ca2	227	XMEMCPY(labelSeed + labLen, seed, seedLen);
wolfSSL	0:1239e9b70ca2	228
wolfSSL	0:1239e9b70ca2	229	/* If a cipher suite wants an algorithm better than sha256, it
wolfSSL	0:1239e9b70ca2	230	* should use better. */
wolfSSL	0:1239e9b70ca2	231	if (hash_type < sha256_mac)
wolfSSL	0:1239e9b70ca2	232	hash_type = sha256_mac;
wolfSSL	0:1239e9b70ca2	233	ret = p_hash(digest, digLen, secret, secLen, labelSeed,
wolfSSL	0:1239e9b70ca2	234	labLen + seedLen, hash_type);
wolfSSL	0:1239e9b70ca2	235	}
wolfSSL	0:1239e9b70ca2	236	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	237	else {
wolfSSL	0:1239e9b70ca2	238	ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed,
wolfSSL	0:1239e9b70ca2	239	seedLen);
wolfSSL	0:1239e9b70ca2	240	}
wolfSSL	0:1239e9b70ca2	241	#endif
wolfSSL	0:1239e9b70ca2	242
wolfSSL	0:1239e9b70ca2	243	return ret;
wolfSSL	0:1239e9b70ca2	244	}
wolfSSL	0:1239e9b70ca2	245
wolfSSL	0:1239e9b70ca2	246
wolfSSL	0:1239e9b70ca2	247	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	248	#define HSHASH_SZ SHA384_DIGEST_SIZE
wolfSSL	0:1239e9b70ca2	249	#else
wolfSSL	0:1239e9b70ca2	250	#define HSHASH_SZ FINISHED_SZ
wolfSSL	0:1239e9b70ca2	251	#endif
wolfSSL	0:1239e9b70ca2	252
wolfSSL	0:1239e9b70ca2	253
wolfSSL	0:1239e9b70ca2	254	int BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	0:1239e9b70ca2	255	{
wolfSSL	0:1239e9b70ca2	256	const byte* side;
wolfSSL	0:1239e9b70ca2	257	byte handshake_hash[HSHASH_SZ];
wolfSSL	0:1239e9b70ca2	258	word32 hashSz = FINISHED_SZ;
wolfSSL	0:1239e9b70ca2	259
wolfSSL	0:1239e9b70ca2	260	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	261	Md5Final(&ssl->hashMd5, handshake_hash);
wolfSSL	0:1239e9b70ca2	262	ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
wolfSSL	0:1239e9b70ca2	263	#endif
wolfSSL	0:1239e9b70ca2	264
wolfSSL	0:1239e9b70ca2	265	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	266	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	267	if (ssl->specs.mac_algorithm <= sha256_mac) {
wolfSSL	0:1239e9b70ca2	268	int ret = Sha256Final(&ssl->hashSha256, handshake_hash);
wolfSSL	0:1239e9b70ca2	269
wolfSSL	0:1239e9b70ca2	270	if (ret != 0)
wolfSSL	0:1239e9b70ca2	271	return ret;
wolfSSL	0:1239e9b70ca2	272
wolfSSL	0:1239e9b70ca2	273	hashSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	274	}
wolfSSL	0:1239e9b70ca2	275	#endif
wolfSSL	0:1239e9b70ca2	276	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	277	if (ssl->specs.mac_algorithm == sha384_mac) {
wolfSSL	0:1239e9b70ca2	278	int ret = Sha384Final(&ssl->hashSha384, handshake_hash);
wolfSSL	0:1239e9b70ca2	279
wolfSSL	0:1239e9b70ca2	280	if (ret != 0)
wolfSSL	0:1239e9b70ca2	281	return ret;
wolfSSL	0:1239e9b70ca2	282
wolfSSL	0:1239e9b70ca2	283	hashSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	284	}
wolfSSL	0:1239e9b70ca2	285	#endif
wolfSSL	0:1239e9b70ca2	286	}
wolfSSL	0:1239e9b70ca2	287
wolfSSL	0:1239e9b70ca2	288	if ( XSTRNCMP((const char)sender, (const char)client, SIZEOF_SENDER) == 0)
wolfSSL	0:1239e9b70ca2	289	side = tls_client;
wolfSSL	0:1239e9b70ca2	290	else
wolfSSL	0:1239e9b70ca2	291	side = tls_server;
wolfSSL	0:1239e9b70ca2	292
wolfSSL	0:1239e9b70ca2	293	return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret,
wolfSSL	0:1239e9b70ca2	294	SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz,
wolfSSL	0:1239e9b70ca2	295	IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	0:1239e9b70ca2	296	}
wolfSSL	0:1239e9b70ca2	297
wolfSSL	0:1239e9b70ca2	298
wolfSSL	0:1239e9b70ca2	299	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	300
wolfSSL	0:1239e9b70ca2	301	ProtocolVersion MakeTLSv1(void)
wolfSSL	0:1239e9b70ca2	302	{
wolfSSL	0:1239e9b70ca2	303	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	304	pv.major = SSLv3_MAJOR;
wolfSSL	0:1239e9b70ca2	305	pv.minor = TLSv1_MINOR;
wolfSSL	0:1239e9b70ca2	306
wolfSSL	0:1239e9b70ca2	307	return pv;
wolfSSL	0:1239e9b70ca2	308	}
wolfSSL	0:1239e9b70ca2	309
wolfSSL	0:1239e9b70ca2	310
wolfSSL	0:1239e9b70ca2	311	ProtocolVersion MakeTLSv1_1(void)
wolfSSL	0:1239e9b70ca2	312	{
wolfSSL	0:1239e9b70ca2	313	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	314	pv.major = SSLv3_MAJOR;
wolfSSL	0:1239e9b70ca2	315	pv.minor = TLSv1_1_MINOR;
wolfSSL	0:1239e9b70ca2	316
wolfSSL	0:1239e9b70ca2	317	return pv;
wolfSSL	0:1239e9b70ca2	318	}
wolfSSL	0:1239e9b70ca2	319
wolfSSL	0:1239e9b70ca2	320	#endif
wolfSSL	0:1239e9b70ca2	321
wolfSSL	0:1239e9b70ca2	322
wolfSSL	0:1239e9b70ca2	323	ProtocolVersion MakeTLSv1_2(void)
wolfSSL	0:1239e9b70ca2	324	{
wolfSSL	0:1239e9b70ca2	325	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	326	pv.major = SSLv3_MAJOR;
wolfSSL	0:1239e9b70ca2	327	pv.minor = TLSv1_2_MINOR;
wolfSSL	0:1239e9b70ca2	328
wolfSSL	0:1239e9b70ca2	329	return pv;
wolfSSL	0:1239e9b70ca2	330	}
wolfSSL	0:1239e9b70ca2	331
wolfSSL	0:1239e9b70ca2	332
wolfSSL	0:1239e9b70ca2	333	static const byte master_label[MASTER_LABEL_SZ + 1] = "master secret";
wolfSSL	0:1239e9b70ca2	334	static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion";
wolfSSL	0:1239e9b70ca2	335
wolfSSL	0:1239e9b70ca2	336
wolfSSL	0:1239e9b70ca2	337	int DeriveTlsKeys(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	338	{
wolfSSL	0:1239e9b70ca2	339	int ret;
wolfSSL	0:1239e9b70ca2	340	int length = 2 * ssl->specs.hash_size +
wolfSSL	0:1239e9b70ca2	341	2 * ssl->specs.key_size +
wolfSSL	0:1239e9b70ca2	342	2 * ssl->specs.iv_size;
wolfSSL	0:1239e9b70ca2	343	byte seed[SEED_LEN];
wolfSSL	0:1239e9b70ca2	344	byte key_data[MAX_PRF_DIG];
wolfSSL	0:1239e9b70ca2	345
wolfSSL	0:1239e9b70ca2	346	XMEMCPY(seed, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	347	XMEMCPY(&seed[RAN_LEN], ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	348
wolfSSL	0:1239e9b70ca2	349	ret = PRF(key_data, length, ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	0:1239e9b70ca2	350	key_label, KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl),
wolfSSL	0:1239e9b70ca2	351	ssl->specs.mac_algorithm);
wolfSSL	0:1239e9b70ca2	352	if (ret != 0)
wolfSSL	0:1239e9b70ca2	353	return ret;
wolfSSL	0:1239e9b70ca2	354
wolfSSL	0:1239e9b70ca2	355	return StoreKeys(ssl, key_data);
wolfSSL	0:1239e9b70ca2	356	}
wolfSSL	0:1239e9b70ca2	357
wolfSSL	0:1239e9b70ca2	358
wolfSSL	0:1239e9b70ca2	359	int MakeTlsMasterSecret(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	360	{
wolfSSL	0:1239e9b70ca2	361	int ret;
wolfSSL	0:1239e9b70ca2	362	byte seed[SEED_LEN];
wolfSSL	0:1239e9b70ca2	363
wolfSSL	0:1239e9b70ca2	364	XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	365	XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	366
wolfSSL	0:1239e9b70ca2	367	ret = PRF(ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	0:1239e9b70ca2	368	ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz,
wolfSSL	0:1239e9b70ca2	369	master_label, MASTER_LABEL_SZ,
wolfSSL	0:1239e9b70ca2	370	seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	0:1239e9b70ca2	371	if (ret != 0)
wolfSSL	0:1239e9b70ca2	372	return ret;
wolfSSL	0:1239e9b70ca2	373
wolfSSL	0:1239e9b70ca2	374	#ifdef SHOW_SECRETS
wolfSSL	0:1239e9b70ca2	375	{
wolfSSL	0:1239e9b70ca2	376	int i;
wolfSSL	0:1239e9b70ca2	377	printf("master secret: ");
wolfSSL	0:1239e9b70ca2	378	for (i = 0; i < SECRET_LEN; i++)
wolfSSL	0:1239e9b70ca2	379	printf("%02x", ssl->arrays->masterSecret[i]);
wolfSSL	0:1239e9b70ca2	380	printf("\n");
wolfSSL	0:1239e9b70ca2	381	}
wolfSSL	0:1239e9b70ca2	382	#endif
wolfSSL	0:1239e9b70ca2	383
wolfSSL	0:1239e9b70ca2	384	return DeriveTlsKeys(ssl);
wolfSSL	0:1239e9b70ca2	385	}
wolfSSL	0:1239e9b70ca2	386
wolfSSL	0:1239e9b70ca2	387
wolfSSL	0:1239e9b70ca2	388	/* Used by EAP-TLS and EAP-TTLS to derive keying material from
wolfSSL	0:1239e9b70ca2	389	* the master_secret. */
wolfSSL	0:1239e9b70ca2	390	int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len,
wolfSSL	0:1239e9b70ca2	391	const char* label)
wolfSSL	0:1239e9b70ca2	392	{
wolfSSL	0:1239e9b70ca2	393	byte seed[SEED_LEN];
wolfSSL	0:1239e9b70ca2	394
wolfSSL	0:1239e9b70ca2	395	/*
wolfSSL	0:1239e9b70ca2	396	* As per RFC-5281, the order of the client and server randoms is reversed
wolfSSL	0:1239e9b70ca2	397	* from that used by the TLS protocol to derive keys.
wolfSSL	0:1239e9b70ca2	398	*/
wolfSSL	0:1239e9b70ca2	399	XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	400	XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	401
wolfSSL	0:1239e9b70ca2	402	return PRF((byte*)msk, len,
wolfSSL	0:1239e9b70ca2	403	ssl->arrays->masterSecret, SECRET_LEN,
wolfSSL	0:1239e9b70ca2	404	(const byte *)label, (word32)strlen(label),
wolfSSL	0:1239e9b70ca2	405	seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
wolfSSL	0:1239e9b70ca2	406
wolfSSL	0:1239e9b70ca2	407	}
wolfSSL	0:1239e9b70ca2	408
wolfSSL	0:1239e9b70ca2	409
wolfSSL	0:1239e9b70ca2	410	/* next for static INLINE s copied internal.c */
wolfSSL	0:1239e9b70ca2	411
wolfSSL	0:1239e9b70ca2	412	/* convert 16 bit integer to opaque */
wolfSSL	0:1239e9b70ca2	413	static INLINE void c16toa(word16 u16, byte* c)
wolfSSL	0:1239e9b70ca2	414	{
wolfSSL	0:1239e9b70ca2	415	c[0] = (u16 >> 8) & 0xff;
wolfSSL	0:1239e9b70ca2	416	c[1] = u16 & 0xff;
wolfSSL	0:1239e9b70ca2	417	}
wolfSSL	0:1239e9b70ca2	418
wolfSSL	0:1239e9b70ca2	419	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	420	/* convert opaque to 16 bit integer */
wolfSSL	0:1239e9b70ca2	421	static INLINE void ato16(const byte* c, word16* u16)
wolfSSL	0:1239e9b70ca2	422	{
wolfSSL	0:1239e9b70ca2	423	*u16 = (c[0] << 8) \| (c[1]);
wolfSSL	0:1239e9b70ca2	424	}
wolfSSL	0:1239e9b70ca2	425
wolfSSL	0:1239e9b70ca2	426	#ifdef HAVE_SNI
wolfSSL	0:1239e9b70ca2	427	/* convert a 24 bit integer into a 32 bit one */
wolfSSL	0:1239e9b70ca2	428	static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL	0:1239e9b70ca2	429	{
wolfSSL	0:1239e9b70ca2	430	*u32 = (u24[0] << 16) \| (u24[1] << 8) \| u24[2];
wolfSSL	0:1239e9b70ca2	431	}
wolfSSL	0:1239e9b70ca2	432	#endif
wolfSSL	0:1239e9b70ca2	433	#endif
wolfSSL	0:1239e9b70ca2	434
wolfSSL	0:1239e9b70ca2	435	/* convert 32 bit integer to opaque */
wolfSSL	0:1239e9b70ca2	436	static INLINE void c32toa(word32 u32, byte* c)
wolfSSL	0:1239e9b70ca2	437	{
wolfSSL	0:1239e9b70ca2	438	c[0] = (u32 >> 24) & 0xff;
wolfSSL	0:1239e9b70ca2	439	c[1] = (u32 >> 16) & 0xff;
wolfSSL	0:1239e9b70ca2	440	c[2] = (u32 >> 8) & 0xff;
wolfSSL	0:1239e9b70ca2	441	c[3] = u32 & 0xff;
wolfSSL	0:1239e9b70ca2	442	}
wolfSSL	0:1239e9b70ca2	443
wolfSSL	0:1239e9b70ca2	444
wolfSSL	0:1239e9b70ca2	445	static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
wolfSSL	0:1239e9b70ca2	446	{
wolfSSL	0:1239e9b70ca2	447	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	448	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	449	if (verify)
wolfSSL	0:1239e9b70ca2	450	return ssl->keys.dtls_state.curSeq; /* explicit from peer */
wolfSSL	0:1239e9b70ca2	451	else
wolfSSL	0:1239e9b70ca2	452	return ssl->keys.dtls_sequence_number - 1; /* already incremented */
wolfSSL	0:1239e9b70ca2	453	}
wolfSSL	0:1239e9b70ca2	454	#endif
wolfSSL	0:1239e9b70ca2	455	if (verify)
wolfSSL	0:1239e9b70ca2	456	return ssl->keys.peer_sequence_number++;
wolfSSL	0:1239e9b70ca2	457	else
wolfSSL	0:1239e9b70ca2	458	return ssl->keys.sequence_number++;
wolfSSL	0:1239e9b70ca2	459	}
wolfSSL	0:1239e9b70ca2	460
wolfSSL	0:1239e9b70ca2	461
wolfSSL	0:1239e9b70ca2	462	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	463
wolfSSL	0:1239e9b70ca2	464	static INLINE word32 GetEpoch(CYASSL* ssl, int verify)
wolfSSL	0:1239e9b70ca2	465	{
wolfSSL	0:1239e9b70ca2	466	if (verify)
wolfSSL	0:1239e9b70ca2	467	return ssl->keys.dtls_state.curEpoch;
wolfSSL	0:1239e9b70ca2	468	else
wolfSSL	0:1239e9b70ca2	469	return ssl->keys.dtls_epoch;
wolfSSL	0:1239e9b70ca2	470	}
wolfSSL	0:1239e9b70ca2	471
wolfSSL	0:1239e9b70ca2	472	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	473
wolfSSL	0:1239e9b70ca2	474
wolfSSL	0:1239e9b70ca2	475	/* end copy */
wolfSSL	0:1239e9b70ca2	476
wolfSSL	0:1239e9b70ca2	477
wolfSSL	0:1239e9b70ca2	478	/* return HMAC digest type in CyaSSL format */
wolfSSL	0:1239e9b70ca2	479	int CyaSSL_GetHmacType(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	480	{
wolfSSL	0:1239e9b70ca2	481	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	482	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	483
wolfSSL	0:1239e9b70ca2	484	switch (ssl->specs.mac_algorithm) {
wolfSSL	0:1239e9b70ca2	485	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	486	case md5_mac:
wolfSSL	0:1239e9b70ca2	487	{
wolfSSL	0:1239e9b70ca2	488	return MD5;
wolfSSL	0:1239e9b70ca2	489	}
wolfSSL	0:1239e9b70ca2	490	#endif
wolfSSL	0:1239e9b70ca2	491	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	492	case sha256_mac:
wolfSSL	0:1239e9b70ca2	493	{
wolfSSL	0:1239e9b70ca2	494	return SHA256;
wolfSSL	0:1239e9b70ca2	495	}
wolfSSL	0:1239e9b70ca2	496	#endif
wolfSSL	0:1239e9b70ca2	497	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	498	case sha384_mac:
wolfSSL	0:1239e9b70ca2	499	{
wolfSSL	0:1239e9b70ca2	500	return SHA384;
wolfSSL	0:1239e9b70ca2	501	}
wolfSSL	0:1239e9b70ca2	502
wolfSSL	0:1239e9b70ca2	503	#endif
wolfSSL	0:1239e9b70ca2	504	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	505	case sha_mac:
wolfSSL	0:1239e9b70ca2	506	{
wolfSSL	0:1239e9b70ca2	507	return SHA;
wolfSSL	0:1239e9b70ca2	508	}
wolfSSL	0:1239e9b70ca2	509	#endif
wolfSSL	0:1239e9b70ca2	510	#ifdef HAVE_BLAKE2
wolfSSL	0:1239e9b70ca2	511	case blake2b_mac:
wolfSSL	0:1239e9b70ca2	512	{
wolfSSL	0:1239e9b70ca2	513	return BLAKE2B_ID;
wolfSSL	0:1239e9b70ca2	514	}
wolfSSL	0:1239e9b70ca2	515	#endif
wolfSSL	0:1239e9b70ca2	516	default:
wolfSSL	0:1239e9b70ca2	517	{
wolfSSL	0:1239e9b70ca2	518	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	519	}
wolfSSL	0:1239e9b70ca2	520	}
wolfSSL	0:1239e9b70ca2	521	}
wolfSSL	0:1239e9b70ca2	522
wolfSSL	0:1239e9b70ca2	523
wolfSSL	0:1239e9b70ca2	524	int CyaSSL_SetTlsHmacInner(CYASSL* ssl, byte* inner, word32 sz, int content,
wolfSSL	0:1239e9b70ca2	525	int verify)
wolfSSL	0:1239e9b70ca2	526	{
wolfSSL	0:1239e9b70ca2	527	if (ssl == NULL \|\| inner == NULL)
wolfSSL	0:1239e9b70ca2	528	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	529
wolfSSL	0:1239e9b70ca2	530	XMEMSET(inner, 0, CYASSL_TLS_HMAC_INNER_SZ);
wolfSSL	0:1239e9b70ca2	531
wolfSSL	0:1239e9b70ca2	532	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	533	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	534	c16toa((word16)GetEpoch(ssl, verify), inner);
wolfSSL	0:1239e9b70ca2	535	#endif
wolfSSL	0:1239e9b70ca2	536	c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
wolfSSL	0:1239e9b70ca2	537	inner[SEQ_SZ] = (byte)content;
wolfSSL	0:1239e9b70ca2	538	inner[SEQ_SZ + ENUM_LEN] = ssl->version.major;
wolfSSL	0:1239e9b70ca2	539	inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
wolfSSL	0:1239e9b70ca2	540	c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
wolfSSL	0:1239e9b70ca2	541
wolfSSL	0:1239e9b70ca2	542	return 0;
wolfSSL	0:1239e9b70ca2	543	}
wolfSSL	0:1239e9b70ca2	544
wolfSSL	0:1239e9b70ca2	545
wolfSSL	0:1239e9b70ca2	546	/* TLS type HMAC */
wolfSSL	0:1239e9b70ca2	547	int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL	0:1239e9b70ca2	548	int content, int verify)
wolfSSL	0:1239e9b70ca2	549	{
wolfSSL	0:1239e9b70ca2	550	Hmac hmac;
wolfSSL	0:1239e9b70ca2	551	int ret;
wolfSSL	0:1239e9b70ca2	552	byte myInner[CYASSL_TLS_HMAC_INNER_SZ];
wolfSSL	0:1239e9b70ca2	553
wolfSSL	0:1239e9b70ca2	554	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	555	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	556
wolfSSL	0:1239e9b70ca2	557	CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify);
wolfSSL	0:1239e9b70ca2	558
wolfSSL	0:1239e9b70ca2	559	ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl),
wolfSSL	0:1239e9b70ca2	560	CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size);
wolfSSL	0:1239e9b70ca2	561	if (ret != 0)
wolfSSL	0:1239e9b70ca2	562	return ret;
wolfSSL	0:1239e9b70ca2	563	ret = HmacUpdate(&hmac, myInner, sizeof(myInner));
wolfSSL	0:1239e9b70ca2	564	if (ret != 0)
wolfSSL	0:1239e9b70ca2	565	return ret;
wolfSSL	0:1239e9b70ca2	566	ret = HmacUpdate(&hmac, in, sz); /* content */
wolfSSL	0:1239e9b70ca2	567	if (ret != 0)
wolfSSL	0:1239e9b70ca2	568	return ret;
wolfSSL	0:1239e9b70ca2	569	ret = HmacFinal(&hmac, digest);
wolfSSL	0:1239e9b70ca2	570	if (ret != 0)
wolfSSL	0:1239e9b70ca2	571	return ret;
wolfSSL	0:1239e9b70ca2	572
wolfSSL	0:1239e9b70ca2	573	return 0;
wolfSSL	0:1239e9b70ca2	574	}
wolfSSL	0:1239e9b70ca2	575
wolfSSL	0:1239e9b70ca2	576	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	577
wolfSSL	0:1239e9b70ca2	578	#define IS_OFF(semaphore, light) \
wolfSSL	0:1239e9b70ca2	579	((semaphore)[(light) / 8] ^ (byte) (0x01 << ((light) % 8)))
wolfSSL	0:1239e9b70ca2	580
wolfSSL	0:1239e9b70ca2	581	#define TURN_ON(semaphore, light) \
wolfSSL	0:1239e9b70ca2	582	((semaphore)[(light) / 8] \|= (byte) (0x01 << ((light) % 8)))
wolfSSL	0:1239e9b70ca2	583
wolfSSL	0:1239e9b70ca2	584	static int TLSX_Append(TLSX** list, TLSX_Type type)
wolfSSL	0:1239e9b70ca2	585	{
wolfSSL	0:1239e9b70ca2	586	TLSX* extension;
wolfSSL	0:1239e9b70ca2	587
wolfSSL	0:1239e9b70ca2	588	if (list == NULL) /* won't check type since this function is static */
wolfSSL	0:1239e9b70ca2	589	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	590
wolfSSL	0:1239e9b70ca2	591	if ((extension = XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	0:1239e9b70ca2	592	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	593
wolfSSL	0:1239e9b70ca2	594	extension->type = type;
wolfSSL	0:1239e9b70ca2	595	extension->data = NULL;
wolfSSL	0:1239e9b70ca2	596	extension->resp = 0;
wolfSSL	0:1239e9b70ca2	597	extension->next = *list;
wolfSSL	0:1239e9b70ca2	598	*list = extension;
wolfSSL	0:1239e9b70ca2	599
wolfSSL	0:1239e9b70ca2	600	return 0;
wolfSSL	0:1239e9b70ca2	601	}
wolfSSL	0:1239e9b70ca2	602
wolfSSL	0:1239e9b70ca2	603	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	604
wolfSSL	0:1239e9b70ca2	605	void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type);
wolfSSL	0:1239e9b70ca2	606
wolfSSL	0:1239e9b70ca2	607	void TLSX_SetResponse(CYASSL* ssl, TLSX_Type type)
wolfSSL	0:1239e9b70ca2	608	{
wolfSSL	0:1239e9b70ca2	609	TLSX *ext = TLSX_Find(ssl->extensions, type);
wolfSSL	0:1239e9b70ca2	610
wolfSSL	0:1239e9b70ca2	611	if (ext)
wolfSSL	0:1239e9b70ca2	612	ext->resp = 1;
wolfSSL	0:1239e9b70ca2	613	}
wolfSSL	0:1239e9b70ca2	614
wolfSSL	0:1239e9b70ca2	615	#endif
wolfSSL	0:1239e9b70ca2	616
wolfSSL	0:1239e9b70ca2	617	/* SNI - Server Name Indication */
wolfSSL	0:1239e9b70ca2	618
wolfSSL	0:1239e9b70ca2	619	#ifdef HAVE_SNI
wolfSSL	0:1239e9b70ca2	620
wolfSSL	0:1239e9b70ca2	621	static void TLSX_SNI_Free(SNI* sni)
wolfSSL	0:1239e9b70ca2	622	{
wolfSSL	0:1239e9b70ca2	623	if (sni) {
wolfSSL	0:1239e9b70ca2	624	switch (sni->type) {
wolfSSL	0:1239e9b70ca2	625	case CYASSL_SNI_HOST_NAME:
wolfSSL	0:1239e9b70ca2	626	XFREE(sni->data.host_name, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	627	break;
wolfSSL	0:1239e9b70ca2	628	}
wolfSSL	0:1239e9b70ca2	629
wolfSSL	0:1239e9b70ca2	630	XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	631	}
wolfSSL	0:1239e9b70ca2	632	}
wolfSSL	0:1239e9b70ca2	633
wolfSSL	0:1239e9b70ca2	634	static void TLSX_SNI_FreeAll(SNI* list)
wolfSSL	0:1239e9b70ca2	635	{
wolfSSL	0:1239e9b70ca2	636	SNI* sni;
wolfSSL	0:1239e9b70ca2	637
wolfSSL	0:1239e9b70ca2	638	while ((sni = list)) {
wolfSSL	0:1239e9b70ca2	639	list = sni->next;
wolfSSL	0:1239e9b70ca2	640	TLSX_SNI_Free(sni);
wolfSSL	0:1239e9b70ca2	641	}
wolfSSL	0:1239e9b70ca2	642	}
wolfSSL	0:1239e9b70ca2	643
wolfSSL	0:1239e9b70ca2	644	static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
wolfSSL	0:1239e9b70ca2	645	{
wolfSSL	0:1239e9b70ca2	646	SNI* sni;
wolfSSL	0:1239e9b70ca2	647
wolfSSL	0:1239e9b70ca2	648	if (list == NULL)
wolfSSL	0:1239e9b70ca2	649	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	650
wolfSSL	0:1239e9b70ca2	651	if ((sni = XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	0:1239e9b70ca2	652	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	653
wolfSSL	0:1239e9b70ca2	654	switch (type) {
wolfSSL	0:1239e9b70ca2	655	case CYASSL_SNI_HOST_NAME: {
wolfSSL	0:1239e9b70ca2	656	sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	657
wolfSSL	0:1239e9b70ca2	658	if (sni->data.host_name) {
wolfSSL	0:1239e9b70ca2	659	XSTRNCPY(sni->data.host_name, (const char*) data, size);
wolfSSL	0:1239e9b70ca2	660	sni->data.host_name[size] = 0;
wolfSSL	0:1239e9b70ca2	661	} else {
wolfSSL	0:1239e9b70ca2	662	XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	663	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	664	}
wolfSSL	0:1239e9b70ca2	665	}
wolfSSL	0:1239e9b70ca2	666	break;
wolfSSL	0:1239e9b70ca2	667
wolfSSL	0:1239e9b70ca2	668	default: /* invalid type */
wolfSSL	0:1239e9b70ca2	669	XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	670	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	671	}
wolfSSL	0:1239e9b70ca2	672
wolfSSL	0:1239e9b70ca2	673	sni->type = type;
wolfSSL	0:1239e9b70ca2	674	sni->next = *list;
wolfSSL	0:1239e9b70ca2	675
wolfSSL	0:1239e9b70ca2	676	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	677	sni->options = 0;
wolfSSL	0:1239e9b70ca2	678	sni->status = CYASSL_SNI_NO_MATCH;
wolfSSL	0:1239e9b70ca2	679	#endif
wolfSSL	0:1239e9b70ca2	680
wolfSSL	0:1239e9b70ca2	681	*list = sni;
wolfSSL	0:1239e9b70ca2	682
wolfSSL	0:1239e9b70ca2	683	return 0;
wolfSSL	0:1239e9b70ca2	684	}
wolfSSL	0:1239e9b70ca2	685
wolfSSL	0:1239e9b70ca2	686	static word16 TLSX_SNI_GetSize(SNI* list)
wolfSSL	0:1239e9b70ca2	687	{
wolfSSL	0:1239e9b70ca2	688	SNI* sni;
wolfSSL	0:1239e9b70ca2	689	word16 length = OPAQUE16_LEN; /* list length */
wolfSSL	0:1239e9b70ca2	690
wolfSSL	0:1239e9b70ca2	691	while ((sni = list)) {
wolfSSL	0:1239e9b70ca2	692	list = sni->next;
wolfSSL	0:1239e9b70ca2	693
wolfSSL	0:1239e9b70ca2	694	length += ENUM_LEN + OPAQUE16_LEN; /* sni type + sni length */
wolfSSL	0:1239e9b70ca2	695
wolfSSL	0:1239e9b70ca2	696	switch (sni->type) {
wolfSSL	0:1239e9b70ca2	697	case CYASSL_SNI_HOST_NAME:
wolfSSL	0:1239e9b70ca2	698	length += XSTRLEN((char*) sni->data.host_name);
wolfSSL	0:1239e9b70ca2	699	break;
wolfSSL	0:1239e9b70ca2	700	}
wolfSSL	0:1239e9b70ca2	701	}
wolfSSL	0:1239e9b70ca2	702
wolfSSL	0:1239e9b70ca2	703	return length;
wolfSSL	0:1239e9b70ca2	704	}
wolfSSL	0:1239e9b70ca2	705
wolfSSL	0:1239e9b70ca2	706	static word16 TLSX_SNI_Write(SNI* list, byte* output)
wolfSSL	0:1239e9b70ca2	707	{
wolfSSL	0:1239e9b70ca2	708	SNI* sni;
wolfSSL	0:1239e9b70ca2	709	word16 length = 0;
wolfSSL	0:1239e9b70ca2	710	word16 offset = OPAQUE16_LEN; /* list length offset */
wolfSSL	0:1239e9b70ca2	711
wolfSSL	0:1239e9b70ca2	712	while ((sni = list)) {
wolfSSL	0:1239e9b70ca2	713	list = sni->next;
wolfSSL	0:1239e9b70ca2	714
wolfSSL	0:1239e9b70ca2	715	output[offset++] = sni->type; /* sni type */
wolfSSL	0:1239e9b70ca2	716
wolfSSL	0:1239e9b70ca2	717	switch (sni->type) {
wolfSSL	0:1239e9b70ca2	718	case CYASSL_SNI_HOST_NAME:
wolfSSL	0:1239e9b70ca2	719	length = XSTRLEN((char*) sni->data.host_name);
wolfSSL	0:1239e9b70ca2	720
wolfSSL	0:1239e9b70ca2	721	c16toa(length, output + offset); /* sni length */
wolfSSL	0:1239e9b70ca2	722	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	723
wolfSSL	0:1239e9b70ca2	724	XMEMCPY(output + offset, sni->data.host_name, length);
wolfSSL	0:1239e9b70ca2	725
wolfSSL	0:1239e9b70ca2	726	offset += length;
wolfSSL	0:1239e9b70ca2	727	break;
wolfSSL	0:1239e9b70ca2	728	}
wolfSSL	0:1239e9b70ca2	729	}
wolfSSL	0:1239e9b70ca2	730
wolfSSL	0:1239e9b70ca2	731	c16toa(offset - OPAQUE16_LEN, output); /* writing list length */
wolfSSL	0:1239e9b70ca2	732
wolfSSL	0:1239e9b70ca2	733	return offset;
wolfSSL	0:1239e9b70ca2	734	}
wolfSSL	0:1239e9b70ca2	735
wolfSSL	0:1239e9b70ca2	736	static SNI* TLSX_SNI_Find(SNI *list, byte type)
wolfSSL	0:1239e9b70ca2	737	{
wolfSSL	0:1239e9b70ca2	738	SNI *sni = list;
wolfSSL	0:1239e9b70ca2	739
wolfSSL	0:1239e9b70ca2	740	while (sni && sni->type != type)
wolfSSL	0:1239e9b70ca2	741	sni = sni->next;
wolfSSL	0:1239e9b70ca2	742
wolfSSL	0:1239e9b70ca2	743	return sni;
wolfSSL	0:1239e9b70ca2	744	}
wolfSSL	0:1239e9b70ca2	745
wolfSSL	0:1239e9b70ca2	746	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	747	static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
wolfSSL	0:1239e9b70ca2	748	{
wolfSSL	0:1239e9b70ca2	749	TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL	0:1239e9b70ca2	750	SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL	0:1239e9b70ca2	751
wolfSSL	0:1239e9b70ca2	752	if (sni) {
wolfSSL	0:1239e9b70ca2	753	sni->status = status;
wolfSSL	0:1239e9b70ca2	754	CYASSL_MSG("SNI did match!");
wolfSSL	0:1239e9b70ca2	755	}
wolfSSL	0:1239e9b70ca2	756	}
wolfSSL	0:1239e9b70ca2	757
wolfSSL	0:1239e9b70ca2	758	byte TLSX_SNI_Status(TLSX* extensions, byte type)
wolfSSL	0:1239e9b70ca2	759	{
wolfSSL	0:1239e9b70ca2	760	TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL	0:1239e9b70ca2	761	SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL	0:1239e9b70ca2	762
wolfSSL	0:1239e9b70ca2	763	if (sni)
wolfSSL	0:1239e9b70ca2	764	return sni->status;
wolfSSL	0:1239e9b70ca2	765
wolfSSL	0:1239e9b70ca2	766	return 0;
wolfSSL	0:1239e9b70ca2	767	}
wolfSSL	0:1239e9b70ca2	768	#endif
wolfSSL	0:1239e9b70ca2	769
wolfSSL	0:1239e9b70ca2	770	static int TLSX_SNI_Parse(CYASSL* ssl, byte* input, word16 length,
wolfSSL	0:1239e9b70ca2	771	byte isRequest)
wolfSSL	0:1239e9b70ca2	772	{
wolfSSL	0:1239e9b70ca2	773	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	774	word16 size = 0;
wolfSSL	0:1239e9b70ca2	775	word16 offset = 0;
wolfSSL	0:1239e9b70ca2	776	#endif
wolfSSL	0:1239e9b70ca2	777
wolfSSL	0:1239e9b70ca2	778	TLSX *extension = TLSX_Find(ssl->extensions, SERVER_NAME_INDICATION);
wolfSSL	0:1239e9b70ca2	779
wolfSSL	0:1239e9b70ca2	780	if (!extension)
wolfSSL	0:1239e9b70ca2	781	extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
wolfSSL	0:1239e9b70ca2	782
wolfSSL	0:1239e9b70ca2	783	if (!extension \|\| !extension->data)
wolfSSL	0:1239e9b70ca2	784	return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected
wolfSSL	0:1239e9b70ca2	785	SNI response from server. */
wolfSSL	0:1239e9b70ca2	786
wolfSSL	0:1239e9b70ca2	787	if (!isRequest)
wolfSSL	0:1239e9b70ca2	788	return length ? BUFFER_ERROR : 0; /* SNI response must be empty!
wolfSSL	0:1239e9b70ca2	789	Nothing else to do. */
wolfSSL	0:1239e9b70ca2	790
wolfSSL	0:1239e9b70ca2	791	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	792
wolfSSL	0:1239e9b70ca2	793	if (OPAQUE16_LEN > length)
wolfSSL	0:1239e9b70ca2	794	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	795
wolfSSL	0:1239e9b70ca2	796	ato16(input, &size);
wolfSSL	0:1239e9b70ca2	797	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	798
wolfSSL	0:1239e9b70ca2	799	/* validating sni list length */
wolfSSL	0:1239e9b70ca2	800	if (length != OPAQUE16_LEN + size)
wolfSSL	0:1239e9b70ca2	801	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	802
wolfSSL	0:1239e9b70ca2	803	for (size = 0; offset < length; offset += size) {
wolfSSL	0:1239e9b70ca2	804	SNI *sni;
wolfSSL	0:1239e9b70ca2	805	byte type = input[offset++];
wolfSSL	0:1239e9b70ca2	806
wolfSSL	0:1239e9b70ca2	807	if (offset + OPAQUE16_LEN > length)
wolfSSL	0:1239e9b70ca2	808	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	809
wolfSSL	0:1239e9b70ca2	810	ato16(input + offset, &size);
wolfSSL	0:1239e9b70ca2	811	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	812
wolfSSL	0:1239e9b70ca2	813	if (offset + size > length)
wolfSSL	0:1239e9b70ca2	814	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	815
wolfSSL	0:1239e9b70ca2	816	if (!(sni = TLSX_SNI_Find((SNI *) extension->data, type))) {
wolfSSL	0:1239e9b70ca2	817	continue; /* not using this SNI type */
wolfSSL	0:1239e9b70ca2	818	}
wolfSSL	0:1239e9b70ca2	819
wolfSSL	0:1239e9b70ca2	820	switch(type) {
wolfSSL	0:1239e9b70ca2	821	case CYASSL_SNI_HOST_NAME: {
wolfSSL	0:1239e9b70ca2	822	byte matched = (XSTRLEN(sni->data.host_name) == size)
wolfSSL	0:1239e9b70ca2	823	&& (XSTRNCMP(sni->data.host_name,
wolfSSL	0:1239e9b70ca2	824	(const char *) input + offset, size) == 0);
wolfSSL	0:1239e9b70ca2	825
wolfSSL	0:1239e9b70ca2	826	if (matched \|\| sni->options & CYASSL_SNI_ANSWER_ON_MISMATCH) {
wolfSSL	0:1239e9b70ca2	827	int r = TLSX_UseSNI(&ssl->extensions,
wolfSSL	0:1239e9b70ca2	828	type, input + offset, size);
wolfSSL	0:1239e9b70ca2	829
wolfSSL	0:1239e9b70ca2	830	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	0:1239e9b70ca2	831
wolfSSL	0:1239e9b70ca2	832	TLSX_SNI_SetStatus(ssl->extensions, type,
wolfSSL	0:1239e9b70ca2	833	matched ? CYASSL_SNI_REAL_MATCH : CYASSL_SNI_FAKE_MATCH);
wolfSSL	0:1239e9b70ca2	834
wolfSSL	0:1239e9b70ca2	835	} else if (!(sni->options & CYASSL_SNI_CONTINUE_ON_MISMATCH)) {
wolfSSL	0:1239e9b70ca2	836	SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL	0:1239e9b70ca2	837
wolfSSL	0:1239e9b70ca2	838	return UNKNOWN_SNI_HOST_NAME_E;
wolfSSL	0:1239e9b70ca2	839	}
wolfSSL	0:1239e9b70ca2	840	break;
wolfSSL	0:1239e9b70ca2	841	}
wolfSSL	0:1239e9b70ca2	842	}
wolfSSL	0:1239e9b70ca2	843
wolfSSL	0:1239e9b70ca2	844	TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
wolfSSL	0:1239e9b70ca2	845	}
wolfSSL	0:1239e9b70ca2	846
wolfSSL	0:1239e9b70ca2	847	#endif
wolfSSL	0:1239e9b70ca2	848
wolfSSL	0:1239e9b70ca2	849	return 0;
wolfSSL	0:1239e9b70ca2	850	}
wolfSSL	0:1239e9b70ca2	851
wolfSSL	0:1239e9b70ca2	852	int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
wolfSSL	0:1239e9b70ca2	853	{
wolfSSL	0:1239e9b70ca2	854	TLSX* extension = NULL;
wolfSSL	0:1239e9b70ca2	855	SNI* sni = NULL;
wolfSSL	0:1239e9b70ca2	856	int ret = 0;
wolfSSL	0:1239e9b70ca2	857
wolfSSL	0:1239e9b70ca2	858	if (extensions == NULL \|\| data == NULL)
wolfSSL	0:1239e9b70ca2	859	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	860
wolfSSL	0:1239e9b70ca2	861	if ((ret = TLSX_SNI_Append(&sni, type, data, size)) != 0)
wolfSSL	0:1239e9b70ca2	862	return ret;
wolfSSL	0:1239e9b70ca2	863
wolfSSL	0:1239e9b70ca2	864	extension = *extensions;
wolfSSL	0:1239e9b70ca2	865
wolfSSL	0:1239e9b70ca2	866	/* find SNI extension if it already exists. */
wolfSSL	0:1239e9b70ca2	867	while (extension && extension->type != SERVER_NAME_INDICATION)
wolfSSL	0:1239e9b70ca2	868	extension = extension->next;
wolfSSL	0:1239e9b70ca2	869
wolfSSL	0:1239e9b70ca2	870	/* push new SNI extension if it doesn't exists. */
wolfSSL	0:1239e9b70ca2	871	if (!extension) {
wolfSSL	0:1239e9b70ca2	872	if ((ret = TLSX_Append(extensions, SERVER_NAME_INDICATION)) != 0) {
wolfSSL	0:1239e9b70ca2	873	TLSX_SNI_Free(sni);
wolfSSL	0:1239e9b70ca2	874	return ret;
wolfSSL	0:1239e9b70ca2	875	}
wolfSSL	0:1239e9b70ca2	876
wolfSSL	0:1239e9b70ca2	877	extension = *extensions;
wolfSSL	0:1239e9b70ca2	878	}
wolfSSL	0:1239e9b70ca2	879
wolfSSL	0:1239e9b70ca2	880	/* push new SNI object to extension data. */
wolfSSL	0:1239e9b70ca2	881	sni->next = (SNI*) extension->data;
wolfSSL	0:1239e9b70ca2	882	extension->data = (void*) sni;
wolfSSL	0:1239e9b70ca2	883
wolfSSL	0:1239e9b70ca2	884	/* look for another server name of the same type to remove (replacement) */
wolfSSL	0:1239e9b70ca2	885	do {
wolfSSL	0:1239e9b70ca2	886	if (sni->next && sni->next->type == type) {
wolfSSL	0:1239e9b70ca2	887	SNI *next = sni->next;
wolfSSL	0:1239e9b70ca2	888
wolfSSL	0:1239e9b70ca2	889	sni->next = next->next;
wolfSSL	0:1239e9b70ca2	890	TLSX_SNI_Free(next);
wolfSSL	0:1239e9b70ca2	891
wolfSSL	0:1239e9b70ca2	892	break;
wolfSSL	0:1239e9b70ca2	893	}
wolfSSL	0:1239e9b70ca2	894	} while ((sni = sni->next));
wolfSSL	0:1239e9b70ca2	895
wolfSSL	0:1239e9b70ca2	896	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	897	}
wolfSSL	0:1239e9b70ca2	898
wolfSSL	0:1239e9b70ca2	899	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	900	word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
wolfSSL	0:1239e9b70ca2	901	{
wolfSSL	0:1239e9b70ca2	902	TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL	0:1239e9b70ca2	903	SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL	0:1239e9b70ca2	904
wolfSSL	0:1239e9b70ca2	905	if (sni && sni->status != CYASSL_SNI_NO_MATCH) {
wolfSSL	0:1239e9b70ca2	906	switch (sni->type) {
wolfSSL	0:1239e9b70ca2	907	case CYASSL_SNI_HOST_NAME:
wolfSSL	0:1239e9b70ca2	908	*data = sni->data.host_name;
wolfSSL	0:1239e9b70ca2	909	return XSTRLEN(*data);
wolfSSL	0:1239e9b70ca2	910	}
wolfSSL	0:1239e9b70ca2	911	}
wolfSSL	0:1239e9b70ca2	912
wolfSSL	0:1239e9b70ca2	913	return 0;
wolfSSL	0:1239e9b70ca2	914	}
wolfSSL	0:1239e9b70ca2	915
wolfSSL	0:1239e9b70ca2	916	void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
wolfSSL	0:1239e9b70ca2	917	{
wolfSSL	0:1239e9b70ca2	918	TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
wolfSSL	0:1239e9b70ca2	919	SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
wolfSSL	0:1239e9b70ca2	920
wolfSSL	0:1239e9b70ca2	921	if (sni)
wolfSSL	0:1239e9b70ca2	922	sni->options = options;
wolfSSL	0:1239e9b70ca2	923	}
wolfSSL	0:1239e9b70ca2	924
wolfSSL	0:1239e9b70ca2	925	int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL	0:1239e9b70ca2	926	byte type, byte* sni, word32* inOutSz)
wolfSSL	0:1239e9b70ca2	927	{
wolfSSL	0:1239e9b70ca2	928	word32 offset = 0;
wolfSSL	0:1239e9b70ca2	929	word32 len32 = 0;
wolfSSL	0:1239e9b70ca2	930	word16 len16 = 0;
wolfSSL	0:1239e9b70ca2	931
wolfSSL	0:1239e9b70ca2	932	if (helloSz < RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + CLIENT_HELLO_FIRST)
wolfSSL	0:1239e9b70ca2	933	return INCOMPLETE_DATA;
wolfSSL	0:1239e9b70ca2	934
wolfSSL	0:1239e9b70ca2	935	/* TLS record header */
wolfSSL	0:1239e9b70ca2	936	if ((enum ContentType) clientHello[offset++] != handshake)
wolfSSL	0:1239e9b70ca2	937	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	938
wolfSSL	0:1239e9b70ca2	939	if (clientHello[offset++] != SSLv3_MAJOR)
wolfSSL	0:1239e9b70ca2	940	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	941
wolfSSL	0:1239e9b70ca2	942	if (clientHello[offset++] < TLSv1_MINOR)
wolfSSL	0:1239e9b70ca2	943	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	944
wolfSSL	0:1239e9b70ca2	945	ato16(clientHello + offset, &len16);
wolfSSL	0:1239e9b70ca2	946	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	947
wolfSSL	0:1239e9b70ca2	948	if (offset + len16 > helloSz)
wolfSSL	0:1239e9b70ca2	949	return INCOMPLETE_DATA;
wolfSSL	0:1239e9b70ca2	950
wolfSSL	0:1239e9b70ca2	951	/* Handshake header */
wolfSSL	0:1239e9b70ca2	952	if ((enum HandShakeType) clientHello[offset] != client_hello)
wolfSSL	0:1239e9b70ca2	953	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	954
wolfSSL	0:1239e9b70ca2	955	c24to32(clientHello + offset + 1, &len32);
wolfSSL	0:1239e9b70ca2	956	offset += HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	957
wolfSSL	0:1239e9b70ca2	958	if (offset + len32 > helloSz)
wolfSSL	0:1239e9b70ca2	959	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	960
wolfSSL	0:1239e9b70ca2	961	/* client hello */
wolfSSL	0:1239e9b70ca2	962	offset += VERSION_SZ + RAN_LEN; /* version, random */
wolfSSL	0:1239e9b70ca2	963
wolfSSL	0:1239e9b70ca2	964	if (helloSz < offset + clientHello[offset])
wolfSSL	0:1239e9b70ca2	965	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	966
wolfSSL	0:1239e9b70ca2	967	offset += ENUM_LEN + clientHello[offset]; /* skip session id */
wolfSSL	0:1239e9b70ca2	968
wolfSSL	0:1239e9b70ca2	969	/* cypher suites */
wolfSSL	0:1239e9b70ca2	970	if (helloSz < offset + OPAQUE16_LEN)
wolfSSL	0:1239e9b70ca2	971	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	972
wolfSSL	0:1239e9b70ca2	973	ato16(clientHello + offset, &len16);
wolfSSL	0:1239e9b70ca2	974	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	975
wolfSSL	0:1239e9b70ca2	976	if (helloSz < offset + len16)
wolfSSL	0:1239e9b70ca2	977	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	978
wolfSSL	0:1239e9b70ca2	979	offset += len16; /* skip cypher suites */
wolfSSL	0:1239e9b70ca2	980
wolfSSL	0:1239e9b70ca2	981	/* compression methods */
wolfSSL	0:1239e9b70ca2	982	if (helloSz < offset + 1)
wolfSSL	0:1239e9b70ca2	983	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	984
wolfSSL	0:1239e9b70ca2	985	if (helloSz < offset + clientHello[offset])
wolfSSL	0:1239e9b70ca2	986	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	987
wolfSSL	0:1239e9b70ca2	988	offset += ENUM_LEN + clientHello[offset]; /* skip compression methods */
wolfSSL	0:1239e9b70ca2	989
wolfSSL	0:1239e9b70ca2	990	/* extensions */
wolfSSL	0:1239e9b70ca2	991	if (helloSz < offset + OPAQUE16_LEN)
wolfSSL	0:1239e9b70ca2	992	return 0; /* no extensions in client hello. */
wolfSSL	0:1239e9b70ca2	993
wolfSSL	0:1239e9b70ca2	994	ato16(clientHello + offset, &len16);
wolfSSL	0:1239e9b70ca2	995	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	996
wolfSSL	0:1239e9b70ca2	997	if (helloSz < offset + len16)
wolfSSL	0:1239e9b70ca2	998	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	999
wolfSSL	0:1239e9b70ca2	1000	while (len16 > OPAQUE16_LEN + OPAQUE16_LEN) {
wolfSSL	0:1239e9b70ca2	1001	word16 extType;
wolfSSL	0:1239e9b70ca2	1002	word16 extLen;
wolfSSL	0:1239e9b70ca2	1003
wolfSSL	0:1239e9b70ca2	1004	ato16(clientHello + offset, &extType);
wolfSSL	0:1239e9b70ca2	1005	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1006
wolfSSL	0:1239e9b70ca2	1007	ato16(clientHello + offset, &extLen);
wolfSSL	0:1239e9b70ca2	1008	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1009
wolfSSL	0:1239e9b70ca2	1010	if (helloSz < offset + extLen)
wolfSSL	0:1239e9b70ca2	1011	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1012
wolfSSL	0:1239e9b70ca2	1013	if (extType != SERVER_NAME_INDICATION) {
wolfSSL	0:1239e9b70ca2	1014	offset += extLen; /* skip extension */
wolfSSL	0:1239e9b70ca2	1015	} else {
wolfSSL	0:1239e9b70ca2	1016	word16 listLen;
wolfSSL	0:1239e9b70ca2	1017
wolfSSL	0:1239e9b70ca2	1018	ato16(clientHello + offset, &listLen);
wolfSSL	0:1239e9b70ca2	1019	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1020
wolfSSL	0:1239e9b70ca2	1021	if (helloSz < offset + listLen)
wolfSSL	0:1239e9b70ca2	1022	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1023
wolfSSL	0:1239e9b70ca2	1024	while (listLen > ENUM_LEN + OPAQUE16_LEN) {
wolfSSL	0:1239e9b70ca2	1025	byte sniType = clientHello[offset++];
wolfSSL	0:1239e9b70ca2	1026	word16 sniLen;
wolfSSL	0:1239e9b70ca2	1027
wolfSSL	0:1239e9b70ca2	1028	ato16(clientHello + offset, &sniLen);
wolfSSL	0:1239e9b70ca2	1029	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1030
wolfSSL	0:1239e9b70ca2	1031	if (helloSz < offset + sniLen)
wolfSSL	0:1239e9b70ca2	1032	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1033
wolfSSL	0:1239e9b70ca2	1034	if (sniType != type) {
wolfSSL	0:1239e9b70ca2	1035	offset += sniLen;
wolfSSL	0:1239e9b70ca2	1036	listLen -= min(ENUM_LEN + OPAQUE16_LEN + sniLen, listLen);
wolfSSL	0:1239e9b70ca2	1037	continue;
wolfSSL	0:1239e9b70ca2	1038	}
wolfSSL	0:1239e9b70ca2	1039
wolfSSL	0:1239e9b70ca2	1040	inOutSz = min(sniLen, inOutSz);
wolfSSL	0:1239e9b70ca2	1041	XMEMCPY(sni, clientHello + offset, *inOutSz);
wolfSSL	0:1239e9b70ca2	1042
wolfSSL	0:1239e9b70ca2	1043	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1044	}
wolfSSL	0:1239e9b70ca2	1045	}
wolfSSL	0:1239e9b70ca2	1046
wolfSSL	0:1239e9b70ca2	1047	len16 -= min(2 * OPAQUE16_LEN + extLen, len16);
wolfSSL	0:1239e9b70ca2	1048	}
wolfSSL	0:1239e9b70ca2	1049
wolfSSL	0:1239e9b70ca2	1050	return len16 ? BUFFER_ERROR : SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1051	}
wolfSSL	0:1239e9b70ca2	1052
wolfSSL	0:1239e9b70ca2	1053	#endif
wolfSSL	0:1239e9b70ca2	1054
wolfSSL	0:1239e9b70ca2	1055	#define SNI_FREE_ALL TLSX_SNI_FreeAll
wolfSSL	0:1239e9b70ca2	1056	#define SNI_GET_SIZE TLSX_SNI_GetSize
wolfSSL	0:1239e9b70ca2	1057	#define SNI_WRITE TLSX_SNI_Write
wolfSSL	0:1239e9b70ca2	1058	#define SNI_PARSE TLSX_SNI_Parse
wolfSSL	0:1239e9b70ca2	1059
wolfSSL	0:1239e9b70ca2	1060	#else
wolfSSL	0:1239e9b70ca2	1061
wolfSSL	0:1239e9b70ca2	1062	#define SNI_FREE_ALL(list)
wolfSSL	0:1239e9b70ca2	1063	#define SNI_GET_SIZE(list) 0
wolfSSL	0:1239e9b70ca2	1064	#define SNI_WRITE(a, b) 0
wolfSSL	0:1239e9b70ca2	1065	#define SNI_PARSE(a, b, c, d) 0
wolfSSL	0:1239e9b70ca2	1066
wolfSSL	0:1239e9b70ca2	1067	#endif /* HAVE_SNI */
wolfSSL	0:1239e9b70ca2	1068
wolfSSL	0:1239e9b70ca2	1069	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	0:1239e9b70ca2	1070
wolfSSL	0:1239e9b70ca2	1071	static word16 TLSX_MFL_Write(byte* data, byte* output)
wolfSSL	0:1239e9b70ca2	1072	{
wolfSSL	0:1239e9b70ca2	1073	output[0] = data[0];
wolfSSL	0:1239e9b70ca2	1074
wolfSSL	0:1239e9b70ca2	1075	return ENUM_LEN;
wolfSSL	0:1239e9b70ca2	1076	}
wolfSSL	0:1239e9b70ca2	1077
wolfSSL	0:1239e9b70ca2	1078	static int TLSX_MFL_Parse(CYASSL* ssl, byte* input, word16 length,
wolfSSL	0:1239e9b70ca2	1079	byte isRequest)
wolfSSL	0:1239e9b70ca2	1080	{
wolfSSL	0:1239e9b70ca2	1081	if (length != ENUM_LEN)
wolfSSL	0:1239e9b70ca2	1082	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1083
wolfSSL	0:1239e9b70ca2	1084	switch (*input) {
wolfSSL	0:1239e9b70ca2	1085	case CYASSL_MFL_2_9 : ssl->max_fragment = 512; break;
wolfSSL	0:1239e9b70ca2	1086	case CYASSL_MFL_2_10: ssl->max_fragment = 1024; break;
wolfSSL	0:1239e9b70ca2	1087	case CYASSL_MFL_2_11: ssl->max_fragment = 2048; break;
wolfSSL	0:1239e9b70ca2	1088	case CYASSL_MFL_2_12: ssl->max_fragment = 4096; break;
wolfSSL	0:1239e9b70ca2	1089	case CYASSL_MFL_2_13: ssl->max_fragment = 8192; break;
wolfSSL	0:1239e9b70ca2	1090
wolfSSL	0:1239e9b70ca2	1091	default:
wolfSSL	0:1239e9b70ca2	1092	SendAlert(ssl, alert_fatal, illegal_parameter);
wolfSSL	0:1239e9b70ca2	1093
wolfSSL	0:1239e9b70ca2	1094	return UNKNOWN_MAX_FRAG_LEN_E;
wolfSSL	0:1239e9b70ca2	1095	}
wolfSSL	0:1239e9b70ca2	1096
wolfSSL	0:1239e9b70ca2	1097	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1098	if (isRequest) {
wolfSSL	0:1239e9b70ca2	1099	int r = TLSX_UseMaxFragment(&ssl->extensions, *input);
wolfSSL	0:1239e9b70ca2	1100
wolfSSL	0:1239e9b70ca2	1101	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	0:1239e9b70ca2	1102
wolfSSL	0:1239e9b70ca2	1103	TLSX_SetResponse(ssl, MAX_FRAGMENT_LENGTH);
wolfSSL	0:1239e9b70ca2	1104	}
wolfSSL	0:1239e9b70ca2	1105	#endif
wolfSSL	0:1239e9b70ca2	1106
wolfSSL	0:1239e9b70ca2	1107	return 0;
wolfSSL	0:1239e9b70ca2	1108	}
wolfSSL	0:1239e9b70ca2	1109
wolfSSL	0:1239e9b70ca2	1110	int TLSX_UseMaxFragment(TLSX** extensions, byte mfl)
wolfSSL	0:1239e9b70ca2	1111	{
wolfSSL	0:1239e9b70ca2	1112	TLSX* extension = NULL;
wolfSSL	0:1239e9b70ca2	1113	byte* data = NULL;
wolfSSL	0:1239e9b70ca2	1114	int ret = 0;
wolfSSL	0:1239e9b70ca2	1115
wolfSSL	0:1239e9b70ca2	1116	if (extensions == NULL)
wolfSSL	0:1239e9b70ca2	1117	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1118
wolfSSL	0:1239e9b70ca2	1119	if (mfl < CYASSL_MFL_2_9 \|\| CYASSL_MFL_2_13 < mfl)
wolfSSL	0:1239e9b70ca2	1120	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1121
wolfSSL	0:1239e9b70ca2	1122	if ((data = XMALLOC(ENUM_LEN, 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	0:1239e9b70ca2	1123	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1124
wolfSSL	0:1239e9b70ca2	1125	data[0] = mfl;
wolfSSL	0:1239e9b70ca2	1126
wolfSSL	0:1239e9b70ca2	1127	/* push new MFL extension. */
wolfSSL	0:1239e9b70ca2	1128	if ((ret = TLSX_Append(extensions, MAX_FRAGMENT_LENGTH)) != 0) {
wolfSSL	0:1239e9b70ca2	1129	XFREE(data, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	1130	return ret;
wolfSSL	0:1239e9b70ca2	1131	}
wolfSSL	0:1239e9b70ca2	1132
wolfSSL	0:1239e9b70ca2	1133	/* place new mfl to extension data. */
wolfSSL	0:1239e9b70ca2	1134	extension = *extensions;
wolfSSL	0:1239e9b70ca2	1135	extension->data = (void*) data;
wolfSSL	0:1239e9b70ca2	1136
wolfSSL	0:1239e9b70ca2	1137	/* remove duplicated extensions */
wolfSSL	0:1239e9b70ca2	1138	do {
wolfSSL	0:1239e9b70ca2	1139	if (extension->next && extension->next->type == MAX_FRAGMENT_LENGTH) {
wolfSSL	0:1239e9b70ca2	1140	TLSX *next = extension->next;
wolfSSL	0:1239e9b70ca2	1141
wolfSSL	0:1239e9b70ca2	1142	extension->next = next->next;
wolfSSL	0:1239e9b70ca2	1143	next->next = NULL;
wolfSSL	0:1239e9b70ca2	1144
wolfSSL	0:1239e9b70ca2	1145	TLSX_FreeAll(next);
wolfSSL	0:1239e9b70ca2	1146
wolfSSL	0:1239e9b70ca2	1147	break;
wolfSSL	0:1239e9b70ca2	1148	}
wolfSSL	0:1239e9b70ca2	1149	} while ((extension = extension->next));
wolfSSL	0:1239e9b70ca2	1150
wolfSSL	0:1239e9b70ca2	1151	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1152	}
wolfSSL	0:1239e9b70ca2	1153
wolfSSL	0:1239e9b70ca2	1154
wolfSSL	0:1239e9b70ca2	1155	#define MFL_FREE_ALL(data) XFREE(data, 0, DYNAMIC_TYPE_TLSX)
wolfSSL	0:1239e9b70ca2	1156	#define MFL_GET_SIZE(data) ENUM_LEN
wolfSSL	0:1239e9b70ca2	1157	#define MFL_WRITE TLSX_MFL_Write
wolfSSL	0:1239e9b70ca2	1158	#define MFL_PARSE TLSX_MFL_Parse
wolfSSL	0:1239e9b70ca2	1159
wolfSSL	0:1239e9b70ca2	1160	#else
wolfSSL	0:1239e9b70ca2	1161
wolfSSL	0:1239e9b70ca2	1162	#define MFL_FREE_ALL(a)
wolfSSL	0:1239e9b70ca2	1163	#define MFL_GET_SIZE(a) 0
wolfSSL	0:1239e9b70ca2	1164	#define MFL_WRITE(a, b) 0
wolfSSL	0:1239e9b70ca2	1165	#define MFL_PARSE(a, b, c, d) 0
wolfSSL	0:1239e9b70ca2	1166
wolfSSL	0:1239e9b70ca2	1167	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	0:1239e9b70ca2	1168
wolfSSL	0:1239e9b70ca2	1169	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	0:1239e9b70ca2	1170
wolfSSL	0:1239e9b70ca2	1171	int TLSX_UseTruncatedHMAC(TLSX** extensions)
wolfSSL	0:1239e9b70ca2	1172	{
wolfSSL	0:1239e9b70ca2	1173	int ret = 0;
wolfSSL	0:1239e9b70ca2	1174
wolfSSL	0:1239e9b70ca2	1175	if (extensions == NULL)
wolfSSL	0:1239e9b70ca2	1176	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1177
wolfSSL	0:1239e9b70ca2	1178	if (!TLSX_Find(*extensions, TRUNCATED_HMAC))
wolfSSL	0:1239e9b70ca2	1179	if ((ret = TLSX_Append(extensions, TRUNCATED_HMAC)) != 0)
wolfSSL	0:1239e9b70ca2	1180	return ret;
wolfSSL	0:1239e9b70ca2	1181
wolfSSL	0:1239e9b70ca2	1182	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1183	}
wolfSSL	0:1239e9b70ca2	1184
wolfSSL	0:1239e9b70ca2	1185	static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
wolfSSL	0:1239e9b70ca2	1186	byte isRequest)
wolfSSL	0:1239e9b70ca2	1187	{
wolfSSL	0:1239e9b70ca2	1188	if (length != 0 \|\| input == NULL)
wolfSSL	0:1239e9b70ca2	1189	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1190
wolfSSL	0:1239e9b70ca2	1191	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1192	if (isRequest) {
wolfSSL	0:1239e9b70ca2	1193	int r = TLSX_UseTruncatedHMAC(&ssl->extensions);
wolfSSL	0:1239e9b70ca2	1194
wolfSSL	0:1239e9b70ca2	1195	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	0:1239e9b70ca2	1196
wolfSSL	0:1239e9b70ca2	1197	TLSX_SetResponse(ssl, TRUNCATED_HMAC);
wolfSSL	0:1239e9b70ca2	1198	}
wolfSSL	0:1239e9b70ca2	1199	#endif
wolfSSL	0:1239e9b70ca2	1200
wolfSSL	0:1239e9b70ca2	1201	ssl->truncated_hmac = 1;
wolfSSL	0:1239e9b70ca2	1202
wolfSSL	0:1239e9b70ca2	1203	return 0;
wolfSSL	0:1239e9b70ca2	1204	}
wolfSSL	0:1239e9b70ca2	1205
wolfSSL	0:1239e9b70ca2	1206	#define THM_PARSE TLSX_THM_Parse
wolfSSL	0:1239e9b70ca2	1207
wolfSSL	0:1239e9b70ca2	1208	#else
wolfSSL	0:1239e9b70ca2	1209
wolfSSL	0:1239e9b70ca2	1210	#define THM_PARSE(a, b, c, d) 0
wolfSSL	0:1239e9b70ca2	1211
wolfSSL	0:1239e9b70ca2	1212	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	0:1239e9b70ca2	1213
wolfSSL	0:1239e9b70ca2	1214	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	0:1239e9b70ca2	1215
wolfSSL	0:1239e9b70ca2	1216	#ifndef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1217	#error "Elliptic Curves Extension requires Elliptic Curve Cryptography. \
wolfSSL	0:1239e9b70ca2	1218	Use --enable-ecc in the configure script or define HAVE_ECC."
wolfSSL	0:1239e9b70ca2	1219	#endif
wolfSSL	0:1239e9b70ca2	1220
wolfSSL	0:1239e9b70ca2	1221	static void TLSX_EllipticCurve_FreeAll(EllipticCurve* list)
wolfSSL	0:1239e9b70ca2	1222	{
wolfSSL	0:1239e9b70ca2	1223	EllipticCurve* curve;
wolfSSL	0:1239e9b70ca2	1224
wolfSSL	0:1239e9b70ca2	1225	while ((curve = list)) {
wolfSSL	0:1239e9b70ca2	1226	list = curve->next;
wolfSSL	0:1239e9b70ca2	1227	XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	1228	}
wolfSSL	0:1239e9b70ca2	1229	}
wolfSSL	0:1239e9b70ca2	1230
wolfSSL	0:1239e9b70ca2	1231	static int TLSX_EllipticCurve_Append(EllipticCurve** list, word16 name)
wolfSSL	0:1239e9b70ca2	1232	{
wolfSSL	0:1239e9b70ca2	1233	EllipticCurve* curve;
wolfSSL	0:1239e9b70ca2	1234
wolfSSL	0:1239e9b70ca2	1235	if (list == NULL)
wolfSSL	0:1239e9b70ca2	1236	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1237
wolfSSL	0:1239e9b70ca2	1238	if ((curve = XMALLOC(sizeof(EllipticCurve), 0, DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL	0:1239e9b70ca2	1239	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1240
wolfSSL	0:1239e9b70ca2	1241	curve->name = name;
wolfSSL	0:1239e9b70ca2	1242	curve->next = *list;
wolfSSL	0:1239e9b70ca2	1243
wolfSSL	0:1239e9b70ca2	1244	*list = curve;
wolfSSL	0:1239e9b70ca2	1245
wolfSSL	0:1239e9b70ca2	1246	return 0;
wolfSSL	0:1239e9b70ca2	1247	}
wolfSSL	0:1239e9b70ca2	1248
wolfSSL	0:1239e9b70ca2	1249	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	1250
wolfSSL	0:1239e9b70ca2	1251	static void TLSX_EllipticCurve_ValidateRequest(CYASSL* ssl, byte* semaphore)
wolfSSL	0:1239e9b70ca2	1252	{
wolfSSL	0:1239e9b70ca2	1253	int i;
wolfSSL	0:1239e9b70ca2	1254
wolfSSL	0:1239e9b70ca2	1255	for (i = 0; i < ssl->suites->suiteSz; i+= 2)
wolfSSL	0:1239e9b70ca2	1256	if (ssl->suites->suites[i] == ECC_BYTE)
wolfSSL	0:1239e9b70ca2	1257	return;
wolfSSL	0:1239e9b70ca2	1258
wolfSSL	0:1239e9b70ca2	1259	/* No elliptic curve suite found */
wolfSSL	0:1239e9b70ca2	1260	TURN_ON(semaphore, ELLIPTIC_CURVES);
wolfSSL	0:1239e9b70ca2	1261	}
wolfSSL	0:1239e9b70ca2	1262
wolfSSL	0:1239e9b70ca2	1263	static word16 TLSX_EllipticCurve_GetSize(EllipticCurve* list)
wolfSSL	0:1239e9b70ca2	1264	{
wolfSSL	0:1239e9b70ca2	1265	EllipticCurve* curve;
wolfSSL	0:1239e9b70ca2	1266	word16 length = OPAQUE16_LEN; /* list length */
wolfSSL	0:1239e9b70ca2	1267
wolfSSL	0:1239e9b70ca2	1268	while ((curve = list)) {
wolfSSL	0:1239e9b70ca2	1269	list = curve->next;
wolfSSL	0:1239e9b70ca2	1270	length += OPAQUE16_LEN; /* curve length */
wolfSSL	0:1239e9b70ca2	1271	}
wolfSSL	0:1239e9b70ca2	1272
wolfSSL	0:1239e9b70ca2	1273	return length;
wolfSSL	0:1239e9b70ca2	1274	}
wolfSSL	0:1239e9b70ca2	1275
wolfSSL	0:1239e9b70ca2	1276	static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output);
wolfSSL	0:1239e9b70ca2	1277	static word16 TLSX_EllipticCurve_WriteR(EllipticCurve* curve, byte* output)
wolfSSL	0:1239e9b70ca2	1278	{
wolfSSL	0:1239e9b70ca2	1279	word16 offset = 0;
wolfSSL	0:1239e9b70ca2	1280
wolfSSL	0:1239e9b70ca2	1281	if (!curve)
wolfSSL	0:1239e9b70ca2	1282	return offset;
wolfSSL	0:1239e9b70ca2	1283
wolfSSL	0:1239e9b70ca2	1284	offset = TLSX_EllipticCurve_WriteR(curve->next, output);
wolfSSL	0:1239e9b70ca2	1285	c16toa(curve->name, output + offset);
wolfSSL	0:1239e9b70ca2	1286
wolfSSL	0:1239e9b70ca2	1287	return OPAQUE16_LEN + offset;
wolfSSL	0:1239e9b70ca2	1288	}
wolfSSL	0:1239e9b70ca2	1289
wolfSSL	0:1239e9b70ca2	1290	static word16 TLSX_EllipticCurve_Write(EllipticCurve* list, byte* output)
wolfSSL	0:1239e9b70ca2	1291	{
wolfSSL	0:1239e9b70ca2	1292	word16 length = TLSX_EllipticCurve_WriteR(list, output + OPAQUE16_LEN);
wolfSSL	0:1239e9b70ca2	1293
wolfSSL	0:1239e9b70ca2	1294	c16toa(length, output); /* writing list length */
wolfSSL	0:1239e9b70ca2	1295
wolfSSL	0:1239e9b70ca2	1296	return OPAQUE16_LEN + length;
wolfSSL	0:1239e9b70ca2	1297	}
wolfSSL	0:1239e9b70ca2	1298
wolfSSL	0:1239e9b70ca2	1299	#endif /* NO_CYASSL_CLIENT */
wolfSSL	0:1239e9b70ca2	1300	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1301
wolfSSL	0:1239e9b70ca2	1302	static int TLSX_EllipticCurve_Parse(CYASSL* ssl, byte* input, word16 length,
wolfSSL	0:1239e9b70ca2	1303	byte isRequest)
wolfSSL	0:1239e9b70ca2	1304	{
wolfSSL	0:1239e9b70ca2	1305	word16 offset;
wolfSSL	0:1239e9b70ca2	1306	word16 name;
wolfSSL	0:1239e9b70ca2	1307	int r;
wolfSSL	0:1239e9b70ca2	1308
wolfSSL	0:1239e9b70ca2	1309	(void) isRequest; /* shut up compiler! */
wolfSSL	0:1239e9b70ca2	1310
wolfSSL	0:1239e9b70ca2	1311	if (OPAQUE16_LEN > length \|\| length % OPAQUE16_LEN)
wolfSSL	0:1239e9b70ca2	1312	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1313
wolfSSL	0:1239e9b70ca2	1314	ato16(input, &offset);
wolfSSL	0:1239e9b70ca2	1315
wolfSSL	0:1239e9b70ca2	1316	/* validating curve list length */
wolfSSL	0:1239e9b70ca2	1317	if (length != OPAQUE16_LEN + offset)
wolfSSL	0:1239e9b70ca2	1318	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1319
wolfSSL	0:1239e9b70ca2	1320	while (offset) {
wolfSSL	0:1239e9b70ca2	1321	ato16(input + offset, &name);
wolfSSL	0:1239e9b70ca2	1322	offset -= OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1323
wolfSSL	0:1239e9b70ca2	1324	r = TLSX_UseSupportedCurve(&ssl->extensions, name);
wolfSSL	0:1239e9b70ca2	1325
wolfSSL	0:1239e9b70ca2	1326	if (r != SSL_SUCCESS) return r; /* throw error */
wolfSSL	0:1239e9b70ca2	1327	}
wolfSSL	0:1239e9b70ca2	1328
wolfSSL	0:1239e9b70ca2	1329	return 0;
wolfSSL	0:1239e9b70ca2	1330	}
wolfSSL	0:1239e9b70ca2	1331
wolfSSL	0:1239e9b70ca2	1332	int TLSX_ValidateEllipticCurves(CYASSL* ssl, byte first, byte second) {
wolfSSL	0:1239e9b70ca2	1333	TLSX* extension = (first == ECC_BYTE)
wolfSSL	0:1239e9b70ca2	1334	? TLSX_Find(ssl->extensions, ELLIPTIC_CURVES)
wolfSSL	0:1239e9b70ca2	1335	: NULL;
wolfSSL	0:1239e9b70ca2	1336	EllipticCurve* curve = NULL;
wolfSSL	0:1239e9b70ca2	1337	word32 oid = 0;
wolfSSL	0:1239e9b70ca2	1338	word16 octets = 0; /* acording to 'ecc_set_type ecc_sets[];' */
wolfSSL	0:1239e9b70ca2	1339	int sig = 0; /* valitade signature */
wolfSSL	0:1239e9b70ca2	1340	int key = 0; /* validate key */
wolfSSL	0:1239e9b70ca2	1341
wolfSSL	0:1239e9b70ca2	1342	if (!extension)
wolfSSL	0:1239e9b70ca2	1343	return 1; /* no suite restriction */
wolfSSL	0:1239e9b70ca2	1344
wolfSSL	0:1239e9b70ca2	1345	for (curve = extension->data; curve && !(sig && key); curve = curve->next) {
wolfSSL	0:1239e9b70ca2	1346
wolfSSL	0:1239e9b70ca2	1347	switch (curve->name) {
wolfSSL	0:1239e9b70ca2	1348	case CYASSL_ECC_SECP160R1: oid = ECC_160R1; octets = 20; break;
wolfSSL	0:1239e9b70ca2	1349	case CYASSL_ECC_SECP192R1: oid = ECC_192R1; octets = 24; break;
wolfSSL	0:1239e9b70ca2	1350	case CYASSL_ECC_SECP224R1: oid = ECC_224R1; octets = 28; break;
wolfSSL	0:1239e9b70ca2	1351	case CYASSL_ECC_SECP256R1: oid = ECC_256R1; octets = 32; break;
wolfSSL	0:1239e9b70ca2	1352	case CYASSL_ECC_SECP384R1: oid = ECC_384R1; octets = 48; break;
wolfSSL	0:1239e9b70ca2	1353	case CYASSL_ECC_SECP521R1: oid = ECC_521R1; octets = 66; break;
wolfSSL	0:1239e9b70ca2	1354	default: continue; /* unsupported curve */
wolfSSL	0:1239e9b70ca2	1355	}
wolfSSL	0:1239e9b70ca2	1356
wolfSSL	0:1239e9b70ca2	1357	switch (second) {
wolfSSL	0:1239e9b70ca2	1358	#ifndef NO_DSA
wolfSSL	0:1239e9b70ca2	1359	/* ECDHE_ECDSA */
wolfSSL	0:1239e9b70ca2	1360	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1361	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1362	case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
wolfSSL	0:1239e9b70ca2	1363	case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1364	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL	0:1239e9b70ca2	1365	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL	0:1239e9b70ca2	1366	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL	0:1239e9b70ca2	1367	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL	0:1239e9b70ca2	1368	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL	0:1239e9b70ca2	1369	case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
wolfSSL	0:1239e9b70ca2	1370	sig \|= ssl->pkCurveOID == oid;
wolfSSL	0:1239e9b70ca2	1371	key \|= ssl->eccTempKeySz == octets;
wolfSSL	0:1239e9b70ca2	1372	break;
wolfSSL	0:1239e9b70ca2	1373
wolfSSL	0:1239e9b70ca2	1374	/* ECDH_ECDSA */
wolfSSL	0:1239e9b70ca2	1375	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1376	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1377	case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
wolfSSL	0:1239e9b70ca2	1378	case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1379	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
wolfSSL	0:1239e9b70ca2	1380	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
wolfSSL	0:1239e9b70ca2	1381	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
wolfSSL	0:1239e9b70ca2	1382	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
wolfSSL	0:1239e9b70ca2	1383	sig \|= ssl->pkCurveOID == oid;
wolfSSL	0:1239e9b70ca2	1384	key \|= ssl->pkCurveOID == oid;
wolfSSL	0:1239e9b70ca2	1385	break;
wolfSSL	0:1239e9b70ca2	1386	#endif
wolfSSL	0:1239e9b70ca2	1387	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1388	/* ECDHE_RSA */
wolfSSL	0:1239e9b70ca2	1389	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1390	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1391	case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
wolfSSL	0:1239e9b70ca2	1392	case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1393	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL	0:1239e9b70ca2	1394	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL	0:1239e9b70ca2	1395	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL	0:1239e9b70ca2	1396	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL	0:1239e9b70ca2	1397	sig = 1;
wolfSSL	0:1239e9b70ca2	1398	key \|= ssl->eccTempKeySz == octets;
wolfSSL	0:1239e9b70ca2	1399	break;
wolfSSL	0:1239e9b70ca2	1400
wolfSSL	0:1239e9b70ca2	1401	/* ECDH_RSA */
wolfSSL	0:1239e9b70ca2	1402	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1403	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1404	case TLS_ECDH_RSA_WITH_RC4_128_SHA:
wolfSSL	0:1239e9b70ca2	1405	case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL	0:1239e9b70ca2	1406	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
wolfSSL	0:1239e9b70ca2	1407	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
wolfSSL	0:1239e9b70ca2	1408	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
wolfSSL	0:1239e9b70ca2	1409	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
wolfSSL	0:1239e9b70ca2	1410	sig = 1;
wolfSSL	0:1239e9b70ca2	1411	key \|= ssl->pkCurveOID == oid;
wolfSSL	0:1239e9b70ca2	1412	break;
wolfSSL	0:1239e9b70ca2	1413	#endif
wolfSSL	0:1239e9b70ca2	1414	default:
wolfSSL	0:1239e9b70ca2	1415	sig = 1;
wolfSSL	0:1239e9b70ca2	1416	key = 1;
wolfSSL	0:1239e9b70ca2	1417	break;
wolfSSL	0:1239e9b70ca2	1418	}
wolfSSL	0:1239e9b70ca2	1419	}
wolfSSL	0:1239e9b70ca2	1420
wolfSSL	0:1239e9b70ca2	1421	return sig && key;
wolfSSL	0:1239e9b70ca2	1422	}
wolfSSL	0:1239e9b70ca2	1423
wolfSSL	0:1239e9b70ca2	1424	#endif /* NO_CYASSL_SERVER */
wolfSSL	0:1239e9b70ca2	1425
wolfSSL	0:1239e9b70ca2	1426	int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
wolfSSL	0:1239e9b70ca2	1427	{
wolfSSL	0:1239e9b70ca2	1428	TLSX* extension = NULL;
wolfSSL	0:1239e9b70ca2	1429	EllipticCurve* curve = NULL;
wolfSSL	0:1239e9b70ca2	1430	int ret = 0;
wolfSSL	0:1239e9b70ca2	1431
wolfSSL	0:1239e9b70ca2	1432	if (extensions == NULL)
wolfSSL	0:1239e9b70ca2	1433	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1434
wolfSSL	0:1239e9b70ca2	1435	if ((ret = TLSX_EllipticCurve_Append(&curve, name)) != 0)
wolfSSL	0:1239e9b70ca2	1436	return ret;
wolfSSL	0:1239e9b70ca2	1437
wolfSSL	0:1239e9b70ca2	1438	extension = *extensions;
wolfSSL	0:1239e9b70ca2	1439
wolfSSL	0:1239e9b70ca2	1440	/* find EllipticCurve extension if it already exists. */
wolfSSL	0:1239e9b70ca2	1441	while (extension && extension->type != ELLIPTIC_CURVES)
wolfSSL	0:1239e9b70ca2	1442	extension = extension->next;
wolfSSL	0:1239e9b70ca2	1443
wolfSSL	0:1239e9b70ca2	1444	/* push new EllipticCurve extension if it doesn't exists. */
wolfSSL	0:1239e9b70ca2	1445	if (!extension) {
wolfSSL	0:1239e9b70ca2	1446	if ((ret = TLSX_Append(extensions, ELLIPTIC_CURVES)) != 0) {
wolfSSL	0:1239e9b70ca2	1447	XFREE(curve, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	1448	return ret;
wolfSSL	0:1239e9b70ca2	1449	}
wolfSSL	0:1239e9b70ca2	1450
wolfSSL	0:1239e9b70ca2	1451	extension = *extensions;
wolfSSL	0:1239e9b70ca2	1452	}
wolfSSL	0:1239e9b70ca2	1453
wolfSSL	0:1239e9b70ca2	1454	/* push new EllipticCurve object to extension data. */
wolfSSL	0:1239e9b70ca2	1455	curve->next = (EllipticCurve*) extension->data;
wolfSSL	0:1239e9b70ca2	1456	extension->data = (void*) curve;
wolfSSL	0:1239e9b70ca2	1457
wolfSSL	0:1239e9b70ca2	1458	/* look for another curve of the same name to remove (replacement) */
wolfSSL	0:1239e9b70ca2	1459	do {
wolfSSL	0:1239e9b70ca2	1460	if (curve->next && curve->next->name == name) {
wolfSSL	0:1239e9b70ca2	1461	EllipticCurve *next = curve->next;
wolfSSL	0:1239e9b70ca2	1462
wolfSSL	0:1239e9b70ca2	1463	curve->next = next->next;
wolfSSL	0:1239e9b70ca2	1464	XFREE(next, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	1465
wolfSSL	0:1239e9b70ca2	1466	break;
wolfSSL	0:1239e9b70ca2	1467	}
wolfSSL	0:1239e9b70ca2	1468	} while ((curve = curve->next));
wolfSSL	0:1239e9b70ca2	1469
wolfSSL	0:1239e9b70ca2	1470	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1471	}
wolfSSL	0:1239e9b70ca2	1472
wolfSSL	0:1239e9b70ca2	1473	#define EC_FREE_ALL TLSX_EllipticCurve_FreeAll
wolfSSL	0:1239e9b70ca2	1474	#define EC_VALIDATE_REQUEST TLSX_EllipticCurve_ValidateRequest
wolfSSL	0:1239e9b70ca2	1475
wolfSSL	0:1239e9b70ca2	1476	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	1477	#define EC_GET_SIZE TLSX_EllipticCurve_GetSize
wolfSSL	0:1239e9b70ca2	1478	#define EC_WRITE TLSX_EllipticCurve_Write
wolfSSL	0:1239e9b70ca2	1479	#else
wolfSSL	0:1239e9b70ca2	1480	#define EC_GET_SIZE(list) 0
wolfSSL	0:1239e9b70ca2	1481	#define EC_WRITE(a, b) 0
wolfSSL	0:1239e9b70ca2	1482	#endif
wolfSSL	0:1239e9b70ca2	1483
wolfSSL	0:1239e9b70ca2	1484	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1485	#define EC_PARSE TLSX_EllipticCurve_Parse
wolfSSL	0:1239e9b70ca2	1486	#else
wolfSSL	0:1239e9b70ca2	1487	#define EC_PARSE(a, b, c, d) 0
wolfSSL	0:1239e9b70ca2	1488	#endif
wolfSSL	0:1239e9b70ca2	1489
wolfSSL	0:1239e9b70ca2	1490	#else
wolfSSL	0:1239e9b70ca2	1491
wolfSSL	0:1239e9b70ca2	1492	#define EC_FREE_ALL(list)
wolfSSL	0:1239e9b70ca2	1493	#define EC_GET_SIZE(list) 0
wolfSSL	0:1239e9b70ca2	1494	#define EC_WRITE(a, b) 0
wolfSSL	0:1239e9b70ca2	1495	#define EC_PARSE(a, b, c, d) 0
wolfSSL	0:1239e9b70ca2	1496	#define EC_VALIDATE_REQUEST(a, b)
wolfSSL	0:1239e9b70ca2	1497
wolfSSL	0:1239e9b70ca2	1498	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	0:1239e9b70ca2	1499
wolfSSL	0:1239e9b70ca2	1500	TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
wolfSSL	0:1239e9b70ca2	1501	{
wolfSSL	0:1239e9b70ca2	1502	TLSX* extension = list;
wolfSSL	0:1239e9b70ca2	1503
wolfSSL	0:1239e9b70ca2	1504	while (extension && extension->type != type)
wolfSSL	0:1239e9b70ca2	1505	extension = extension->next;
wolfSSL	0:1239e9b70ca2	1506
wolfSSL	0:1239e9b70ca2	1507	return extension;
wolfSSL	0:1239e9b70ca2	1508	}
wolfSSL	0:1239e9b70ca2	1509
wolfSSL	0:1239e9b70ca2	1510	void TLSX_FreeAll(TLSX* list)
wolfSSL	0:1239e9b70ca2	1511	{
wolfSSL	0:1239e9b70ca2	1512	TLSX* extension;
wolfSSL	0:1239e9b70ca2	1513
wolfSSL	0:1239e9b70ca2	1514	while ((extension = list)) {
wolfSSL	0:1239e9b70ca2	1515	list = extension->next;
wolfSSL	0:1239e9b70ca2	1516
wolfSSL	0:1239e9b70ca2	1517	switch (extension->type) {
wolfSSL	0:1239e9b70ca2	1518	case SERVER_NAME_INDICATION:
wolfSSL	0:1239e9b70ca2	1519	SNI_FREE_ALL((SNI *) extension->data);
wolfSSL	0:1239e9b70ca2	1520	break;
wolfSSL	0:1239e9b70ca2	1521
wolfSSL	0:1239e9b70ca2	1522	case MAX_FRAGMENT_LENGTH:
wolfSSL	0:1239e9b70ca2	1523	MFL_FREE_ALL(extension->data);
wolfSSL	0:1239e9b70ca2	1524	break;
wolfSSL	0:1239e9b70ca2	1525
wolfSSL	0:1239e9b70ca2	1526	case TRUNCATED_HMAC:
wolfSSL	0:1239e9b70ca2	1527	/* Nothing to do. */
wolfSSL	0:1239e9b70ca2	1528	break;
wolfSSL	0:1239e9b70ca2	1529
wolfSSL	0:1239e9b70ca2	1530	case ELLIPTIC_CURVES:
wolfSSL	0:1239e9b70ca2	1531	EC_FREE_ALL(extension->data);
wolfSSL	0:1239e9b70ca2	1532	break;
wolfSSL	0:1239e9b70ca2	1533	}
wolfSSL	0:1239e9b70ca2	1534
wolfSSL	0:1239e9b70ca2	1535	XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
wolfSSL	0:1239e9b70ca2	1536	}
wolfSSL	0:1239e9b70ca2	1537	}
wolfSSL	0:1239e9b70ca2	1538
wolfSSL	0:1239e9b70ca2	1539	static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
wolfSSL	0:1239e9b70ca2	1540	{
wolfSSL	0:1239e9b70ca2	1541	TLSX* extension;
wolfSSL	0:1239e9b70ca2	1542	word16 length = 0;
wolfSSL	0:1239e9b70ca2	1543
wolfSSL	0:1239e9b70ca2	1544	while ((extension = list)) {
wolfSSL	0:1239e9b70ca2	1545	list = extension->next;
wolfSSL	0:1239e9b70ca2	1546
wolfSSL	0:1239e9b70ca2	1547	if (!isRequest && !extension->resp)
wolfSSL	0:1239e9b70ca2	1548	continue; /* skip! */
wolfSSL	0:1239e9b70ca2	1549
wolfSSL	0:1239e9b70ca2	1550	if (IS_OFF(semaphore, extension->type)) {
wolfSSL	0:1239e9b70ca2	1551	/* type + data length */
wolfSSL	0:1239e9b70ca2	1552	length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1553
wolfSSL	0:1239e9b70ca2	1554	switch (extension->type) {
wolfSSL	0:1239e9b70ca2	1555	case SERVER_NAME_INDICATION:
wolfSSL	0:1239e9b70ca2	1556	if (isRequest)
wolfSSL	0:1239e9b70ca2	1557	length += SNI_GET_SIZE((SNI *) extension->data);
wolfSSL	0:1239e9b70ca2	1558	break;
wolfSSL	0:1239e9b70ca2	1559	case MAX_FRAGMENT_LENGTH:
wolfSSL	0:1239e9b70ca2	1560	length += MFL_GET_SIZE(extension->data);
wolfSSL	0:1239e9b70ca2	1561	break;
wolfSSL	0:1239e9b70ca2	1562
wolfSSL	0:1239e9b70ca2	1563	case TRUNCATED_HMAC:
wolfSSL	0:1239e9b70ca2	1564	/* empty extension. */
wolfSSL	0:1239e9b70ca2	1565	break;
wolfSSL	0:1239e9b70ca2	1566
wolfSSL	0:1239e9b70ca2	1567	case ELLIPTIC_CURVES:
wolfSSL	0:1239e9b70ca2	1568	length += EC_GET_SIZE((EllipticCurve *) extension->data);
wolfSSL	0:1239e9b70ca2	1569	break;
wolfSSL	0:1239e9b70ca2	1570	}
wolfSSL	0:1239e9b70ca2	1571
wolfSSL	0:1239e9b70ca2	1572	TURN_ON(semaphore, extension->type);
wolfSSL	0:1239e9b70ca2	1573	}
wolfSSL	0:1239e9b70ca2	1574	}
wolfSSL	0:1239e9b70ca2	1575
wolfSSL	0:1239e9b70ca2	1576	return length;
wolfSSL	0:1239e9b70ca2	1577	}
wolfSSL	0:1239e9b70ca2	1578
wolfSSL	0:1239e9b70ca2	1579	static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
wolfSSL	0:1239e9b70ca2	1580	byte isRequest)
wolfSSL	0:1239e9b70ca2	1581	{
wolfSSL	0:1239e9b70ca2	1582	TLSX* extension;
wolfSSL	0:1239e9b70ca2	1583	word16 offset = 0;
wolfSSL	0:1239e9b70ca2	1584	word16 length_offset = 0;
wolfSSL	0:1239e9b70ca2	1585
wolfSSL	0:1239e9b70ca2	1586	while ((extension = list)) {
wolfSSL	0:1239e9b70ca2	1587	list = extension->next;
wolfSSL	0:1239e9b70ca2	1588
wolfSSL	0:1239e9b70ca2	1589	if (!isRequest && !extension->resp)
wolfSSL	0:1239e9b70ca2	1590	continue; /* skip! */
wolfSSL	0:1239e9b70ca2	1591
wolfSSL	0:1239e9b70ca2	1592	if (IS_OFF(semaphore, extension->type)) {
wolfSSL	0:1239e9b70ca2	1593	/* extension type */
wolfSSL	0:1239e9b70ca2	1594	c16toa(extension->type, output + offset);
wolfSSL	0:1239e9b70ca2	1595	offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1596	length_offset = offset;
wolfSSL	0:1239e9b70ca2	1597
wolfSSL	0:1239e9b70ca2	1598	/* extension data should be written internally */
wolfSSL	0:1239e9b70ca2	1599	switch (extension->type) {
wolfSSL	0:1239e9b70ca2	1600	case SERVER_NAME_INDICATION:
wolfSSL	0:1239e9b70ca2	1601	if (isRequest)
wolfSSL	0:1239e9b70ca2	1602	offset += SNI_WRITE((SNI *) extension->data,
wolfSSL	0:1239e9b70ca2	1603	output + offset);
wolfSSL	0:1239e9b70ca2	1604	break;
wolfSSL	0:1239e9b70ca2	1605
wolfSSL	0:1239e9b70ca2	1606	case MAX_FRAGMENT_LENGTH:
wolfSSL	0:1239e9b70ca2	1607	offset += MFL_WRITE((byte *) extension->data,
wolfSSL	0:1239e9b70ca2	1608	output + offset);
wolfSSL	0:1239e9b70ca2	1609	break;
wolfSSL	0:1239e9b70ca2	1610
wolfSSL	0:1239e9b70ca2	1611	case TRUNCATED_HMAC:
wolfSSL	0:1239e9b70ca2	1612	/* empty extension. */
wolfSSL	0:1239e9b70ca2	1613	break;
wolfSSL	0:1239e9b70ca2	1614
wolfSSL	0:1239e9b70ca2	1615	case ELLIPTIC_CURVES:
wolfSSL	0:1239e9b70ca2	1616	offset += EC_WRITE((EllipticCurve *) extension->data,
wolfSSL	0:1239e9b70ca2	1617	output + offset);
wolfSSL	0:1239e9b70ca2	1618	break;
wolfSSL	0:1239e9b70ca2	1619	}
wolfSSL	0:1239e9b70ca2	1620
wolfSSL	0:1239e9b70ca2	1621	/* writing extension data length */
wolfSSL	0:1239e9b70ca2	1622	c16toa(offset - length_offset,
wolfSSL	0:1239e9b70ca2	1623	output + length_offset - OPAQUE16_LEN);
wolfSSL	0:1239e9b70ca2	1624
wolfSSL	0:1239e9b70ca2	1625	TURN_ON(semaphore, extension->type);
wolfSSL	0:1239e9b70ca2	1626	}
wolfSSL	0:1239e9b70ca2	1627	}
wolfSSL	0:1239e9b70ca2	1628
wolfSSL	0:1239e9b70ca2	1629	return offset;
wolfSSL	0:1239e9b70ca2	1630	}
wolfSSL	0:1239e9b70ca2	1631
wolfSSL	0:1239e9b70ca2	1632	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	1633
wolfSSL	0:1239e9b70ca2	1634	word16 TLSX_GetRequestSize(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1635	{
wolfSSL	0:1239e9b70ca2	1636	word16 length = 0;
wolfSSL	0:1239e9b70ca2	1637
wolfSSL	0:1239e9b70ca2	1638	if (ssl && IsTLS(ssl)) {
wolfSSL	0:1239e9b70ca2	1639	byte semaphore[16] = {0};
wolfSSL	0:1239e9b70ca2	1640
wolfSSL	0:1239e9b70ca2	1641	EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	0:1239e9b70ca2	1642
wolfSSL	0:1239e9b70ca2	1643	if (ssl->extensions)
wolfSSL	0:1239e9b70ca2	1644	length += TLSX_GetSize(ssl->extensions, semaphore, 1);
wolfSSL	0:1239e9b70ca2	1645
wolfSSL	0:1239e9b70ca2	1646	if (ssl->ctx && ssl->ctx->extensions)
wolfSSL	0:1239e9b70ca2	1647	length += TLSX_GetSize(ssl->ctx->extensions, semaphore, 1);
wolfSSL	0:1239e9b70ca2	1648
wolfSSL	0:1239e9b70ca2	1649	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL	0:1239e9b70ca2	1650	length += ssl->suites->hashSigAlgoSz + HELLO_EXT_LEN;
wolfSSL	0:1239e9b70ca2	1651	}
wolfSSL	0:1239e9b70ca2	1652
wolfSSL	0:1239e9b70ca2	1653	if (length)
wolfSSL	0:1239e9b70ca2	1654	length += OPAQUE16_LEN; /* for total length storage */
wolfSSL	0:1239e9b70ca2	1655
wolfSSL	0:1239e9b70ca2	1656	return length;
wolfSSL	0:1239e9b70ca2	1657	}
wolfSSL	0:1239e9b70ca2	1658
wolfSSL	0:1239e9b70ca2	1659	word16 TLSX_WriteRequest(CYASSL* ssl, byte* output)
wolfSSL	0:1239e9b70ca2	1660	{
wolfSSL	0:1239e9b70ca2	1661	word16 offset = 0;
wolfSSL	0:1239e9b70ca2	1662
wolfSSL	0:1239e9b70ca2	1663	if (ssl && IsTLS(ssl) && output) {
wolfSSL	0:1239e9b70ca2	1664	byte semaphore[16] = {0};
wolfSSL	0:1239e9b70ca2	1665
wolfSSL	0:1239e9b70ca2	1666	offset += OPAQUE16_LEN; /* extensions length */
wolfSSL	0:1239e9b70ca2	1667
wolfSSL	0:1239e9b70ca2	1668	EC_VALIDATE_REQUEST(ssl, semaphore);
wolfSSL	0:1239e9b70ca2	1669
wolfSSL	0:1239e9b70ca2	1670	if (ssl->extensions)
wolfSSL	0:1239e9b70ca2	1671	offset += TLSX_Write(ssl->extensions, output + offset,
wolfSSL	0:1239e9b70ca2	1672	semaphore, 1);
wolfSSL	0:1239e9b70ca2	1673
wolfSSL	0:1239e9b70ca2	1674	if (ssl->ctx && ssl->ctx->extensions)
wolfSSL	0:1239e9b70ca2	1675	offset += TLSX_Write(ssl->ctx->extensions, output + offset,
wolfSSL	0:1239e9b70ca2	1676	semaphore, 1);
wolfSSL	0:1239e9b70ca2	1677
wolfSSL	0:1239e9b70ca2	1678	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL	0:1239e9b70ca2	1679	{
wolfSSL	0:1239e9b70ca2	1680	int i;
wolfSSL	0:1239e9b70ca2	1681	/* extension type */
wolfSSL	0:1239e9b70ca2	1682	c16toa(HELLO_EXT_SIG_ALGO, output + offset);
wolfSSL	0:1239e9b70ca2	1683	offset += HELLO_EXT_TYPE_SZ;
wolfSSL	0:1239e9b70ca2	1684
wolfSSL	0:1239e9b70ca2	1685	/* extension data length */
wolfSSL	0:1239e9b70ca2	1686	c16toa(OPAQUE16_LEN + ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL	0:1239e9b70ca2	1687	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1688
wolfSSL	0:1239e9b70ca2	1689	/* sig algos length */
wolfSSL	0:1239e9b70ca2	1690	c16toa(ssl->suites->hashSigAlgoSz, output + offset);
wolfSSL	0:1239e9b70ca2	1691	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1692
wolfSSL	0:1239e9b70ca2	1693	/* sig algos */
wolfSSL	0:1239e9b70ca2	1694	for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, offset++)
wolfSSL	0:1239e9b70ca2	1695	output[offset] = ssl->suites->hashSigAlgo[i];
wolfSSL	0:1239e9b70ca2	1696	}
wolfSSL	0:1239e9b70ca2	1697
wolfSSL	0:1239e9b70ca2	1698	if (offset > OPAQUE16_LEN)
wolfSSL	0:1239e9b70ca2	1699	c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL	0:1239e9b70ca2	1700	}
wolfSSL	0:1239e9b70ca2	1701
wolfSSL	0:1239e9b70ca2	1702	return offset;
wolfSSL	0:1239e9b70ca2	1703	}
wolfSSL	0:1239e9b70ca2	1704
wolfSSL	0:1239e9b70ca2	1705	#endif /* NO_CYASSL_CLIENT */
wolfSSL	0:1239e9b70ca2	1706
wolfSSL	0:1239e9b70ca2	1707	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1708
wolfSSL	0:1239e9b70ca2	1709	word16 TLSX_GetResponseSize(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1710	{
wolfSSL	0:1239e9b70ca2	1711	word16 length = 0;
wolfSSL	0:1239e9b70ca2	1712	byte semaphore[16] = {0};
wolfSSL	0:1239e9b70ca2	1713
wolfSSL	0:1239e9b70ca2	1714	if (ssl && IsTLS(ssl))
wolfSSL	0:1239e9b70ca2	1715	length += TLSX_GetSize(ssl->extensions, semaphore, 0);
wolfSSL	0:1239e9b70ca2	1716
wolfSSL	0:1239e9b70ca2	1717	/* All the response data is set at the ssl object only, so no ctx here. */
wolfSSL	0:1239e9b70ca2	1718
wolfSSL	0:1239e9b70ca2	1719	if (length)
wolfSSL	0:1239e9b70ca2	1720	length += OPAQUE16_LEN; /* for total length storage */
wolfSSL	0:1239e9b70ca2	1721
wolfSSL	0:1239e9b70ca2	1722	return length;
wolfSSL	0:1239e9b70ca2	1723	}
wolfSSL	0:1239e9b70ca2	1724
wolfSSL	0:1239e9b70ca2	1725	word16 TLSX_WriteResponse(CYASSL ssl, byte output)
wolfSSL	0:1239e9b70ca2	1726	{
wolfSSL	0:1239e9b70ca2	1727	word16 offset = 0;
wolfSSL	0:1239e9b70ca2	1728
wolfSSL	0:1239e9b70ca2	1729	if (ssl && IsTLS(ssl) && output) {
wolfSSL	0:1239e9b70ca2	1730	byte semaphore[16] = {0};
wolfSSL	0:1239e9b70ca2	1731
wolfSSL	0:1239e9b70ca2	1732	offset += OPAQUE16_LEN; /* extensions length */
wolfSSL	0:1239e9b70ca2	1733
wolfSSL	0:1239e9b70ca2	1734	offset += TLSX_Write(ssl->extensions, output + offset, semaphore, 0);
wolfSSL	0:1239e9b70ca2	1735
wolfSSL	0:1239e9b70ca2	1736	if (offset > OPAQUE16_LEN)
wolfSSL	0:1239e9b70ca2	1737	c16toa(offset - OPAQUE16_LEN, output); /* extensions length */
wolfSSL	0:1239e9b70ca2	1738	}
wolfSSL	0:1239e9b70ca2	1739
wolfSSL	0:1239e9b70ca2	1740	return offset;
wolfSSL	0:1239e9b70ca2	1741	}
wolfSSL	0:1239e9b70ca2	1742
wolfSSL	0:1239e9b70ca2	1743	#endif /* NO_CYASSL_SERVER */
wolfSSL	0:1239e9b70ca2	1744
wolfSSL	0:1239e9b70ca2	1745	int TLSX_Parse(CYASSL* ssl, byte* input, word16 length, byte isRequest,
wolfSSL	0:1239e9b70ca2	1746	Suites *suites)
wolfSSL	0:1239e9b70ca2	1747	{
wolfSSL	0:1239e9b70ca2	1748	int ret = 0;
wolfSSL	0:1239e9b70ca2	1749	word16 offset = 0;
wolfSSL	0:1239e9b70ca2	1750
wolfSSL	0:1239e9b70ca2	1751	if (!ssl \|\| !input \|\| !suites)
wolfSSL	0:1239e9b70ca2	1752	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1753
wolfSSL	0:1239e9b70ca2	1754	while (ret == 0 && offset < length) {
wolfSSL	0:1239e9b70ca2	1755	word16 type;
wolfSSL	0:1239e9b70ca2	1756	word16 size;
wolfSSL	0:1239e9b70ca2	1757
wolfSSL	0:1239e9b70ca2	1758	if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN)
wolfSSL	0:1239e9b70ca2	1759	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1760
wolfSSL	0:1239e9b70ca2	1761	ato16(input + offset, &type);
wolfSSL	0:1239e9b70ca2	1762	offset += HELLO_EXT_TYPE_SZ;
wolfSSL	0:1239e9b70ca2	1763
wolfSSL	0:1239e9b70ca2	1764	ato16(input + offset, &size);
wolfSSL	0:1239e9b70ca2	1765	offset += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	1766
wolfSSL	0:1239e9b70ca2	1767	if (offset + size > length)
wolfSSL	0:1239e9b70ca2	1768	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1769
wolfSSL	0:1239e9b70ca2	1770	switch (type) {
wolfSSL	0:1239e9b70ca2	1771	case SERVER_NAME_INDICATION:
wolfSSL	0:1239e9b70ca2	1772	CYASSL_MSG("SNI extension received");
wolfSSL	0:1239e9b70ca2	1773
wolfSSL	0:1239e9b70ca2	1774	ret = SNI_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	0:1239e9b70ca2	1775	break;
wolfSSL	0:1239e9b70ca2	1776
wolfSSL	0:1239e9b70ca2	1777	case MAX_FRAGMENT_LENGTH:
wolfSSL	0:1239e9b70ca2	1778	CYASSL_MSG("Max Fragment Length extension received");
wolfSSL	0:1239e9b70ca2	1779
wolfSSL	0:1239e9b70ca2	1780	ret = MFL_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	0:1239e9b70ca2	1781	break;
wolfSSL	0:1239e9b70ca2	1782
wolfSSL	0:1239e9b70ca2	1783	case TRUNCATED_HMAC:
wolfSSL	0:1239e9b70ca2	1784	CYASSL_MSG("Truncated HMAC extension received");
wolfSSL	0:1239e9b70ca2	1785
wolfSSL	0:1239e9b70ca2	1786	ret = THM_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	0:1239e9b70ca2	1787	break;
wolfSSL	0:1239e9b70ca2	1788
wolfSSL	0:1239e9b70ca2	1789	case ELLIPTIC_CURVES:
wolfSSL	0:1239e9b70ca2	1790	CYASSL_MSG("Elliptic Curves extension received");
wolfSSL	0:1239e9b70ca2	1791
wolfSSL	0:1239e9b70ca2	1792	ret = EC_PARSE(ssl, input + offset, size, isRequest);
wolfSSL	0:1239e9b70ca2	1793	break;
wolfSSL	0:1239e9b70ca2	1794
wolfSSL	0:1239e9b70ca2	1795	case HELLO_EXT_SIG_ALGO:
wolfSSL	0:1239e9b70ca2	1796	if (isRequest) {
wolfSSL	0:1239e9b70ca2	1797	/* do not mess with offset inside the switch! */
wolfSSL	0:1239e9b70ca2	1798	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	1799	ato16(input + offset, &suites->hashSigAlgoSz);
wolfSSL	0:1239e9b70ca2	1800
wolfSSL	0:1239e9b70ca2	1801	if (suites->hashSigAlgoSz > size - OPAQUE16_LEN)
wolfSSL	0:1239e9b70ca2	1802	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	1803
wolfSSL	0:1239e9b70ca2	1804	XMEMCPY(suites->hashSigAlgo,
wolfSSL	0:1239e9b70ca2	1805	input + offset + OPAQUE16_LEN,
wolfSSL	0:1239e9b70ca2	1806	min(suites->hashSigAlgoSz,
wolfSSL	0:1239e9b70ca2	1807	HELLO_EXT_SIGALGO_MAX));
wolfSSL	0:1239e9b70ca2	1808	}
wolfSSL	0:1239e9b70ca2	1809	} else {
wolfSSL	0:1239e9b70ca2	1810	CYASSL_MSG("Servers MUST NOT send SIG ALGO extension.");
wolfSSL	0:1239e9b70ca2	1811	}
wolfSSL	0:1239e9b70ca2	1812
wolfSSL	0:1239e9b70ca2	1813	break;
wolfSSL	0:1239e9b70ca2	1814	}
wolfSSL	0:1239e9b70ca2	1815
wolfSSL	0:1239e9b70ca2	1816	/* offset should be updated here! */
wolfSSL	0:1239e9b70ca2	1817	offset += size;
wolfSSL	0:1239e9b70ca2	1818	}
wolfSSL	0:1239e9b70ca2	1819
wolfSSL	0:1239e9b70ca2	1820	return ret;
wolfSSL	0:1239e9b70ca2	1821	}
wolfSSL	0:1239e9b70ca2	1822
wolfSSL	0:1239e9b70ca2	1823	/* undefining semaphore macros */
wolfSSL	0:1239e9b70ca2	1824	#undef IS_OFF
wolfSSL	0:1239e9b70ca2	1825	#undef TURN_ON
wolfSSL	0:1239e9b70ca2	1826
wolfSSL	0:1239e9b70ca2	1827	#elif defined(HAVE_SNI) \
wolfSSL	0:1239e9b70ca2	1828	\|\| defined(HAVE_MAX_FRAGMENT) \
wolfSSL	0:1239e9b70ca2	1829	\|\| defined(HAVE_TRUNCATED_HMAC) \
wolfSSL	0:1239e9b70ca2	1830	\|\| defined(HAVE_SUPPORTED_CURVES)
wolfSSL	0:1239e9b70ca2	1831
wolfSSL	0:1239e9b70ca2	1832	#error "Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined."
wolfSSL	0:1239e9b70ca2	1833
wolfSSL	0:1239e9b70ca2	1834	#endif /* HAVE_TLS_EXTENSIONS */
wolfSSL	0:1239e9b70ca2	1835
wolfSSL	0:1239e9b70ca2	1836
wolfSSL	0:1239e9b70ca2	1837	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	1838
wolfSSL	0:1239e9b70ca2	1839	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1840
wolfSSL	0:1239e9b70ca2	1841	CYASSL_METHOD* CyaTLSv1_client_method(void)
wolfSSL	0:1239e9b70ca2	1842	{
wolfSSL	0:1239e9b70ca2	1843	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	1844	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	1845	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	1846	if (method)
wolfSSL	0:1239e9b70ca2	1847	InitSSL_Method(method, MakeTLSv1());
wolfSSL	0:1239e9b70ca2	1848	return method;
wolfSSL	0:1239e9b70ca2	1849	}
wolfSSL	0:1239e9b70ca2	1850
wolfSSL	0:1239e9b70ca2	1851
wolfSSL	0:1239e9b70ca2	1852	CYASSL_METHOD* CyaTLSv1_1_client_method(void)
wolfSSL	0:1239e9b70ca2	1853	{
wolfSSL	0:1239e9b70ca2	1854	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	1855	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	1856	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	1857	if (method)
wolfSSL	0:1239e9b70ca2	1858	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	0:1239e9b70ca2	1859	return method;
wolfSSL	0:1239e9b70ca2	1860	}
wolfSSL	0:1239e9b70ca2	1861
wolfSSL	0:1239e9b70ca2	1862	#endif /* !NO_OLD_TLS */
wolfSSL	0:1239e9b70ca2	1863
wolfSSL	0:1239e9b70ca2	1864	#ifndef NO_SHA256 /* can't use without SHA256 */
wolfSSL	0:1239e9b70ca2	1865
wolfSSL	0:1239e9b70ca2	1866	CYASSL_METHOD* CyaTLSv1_2_client_method(void)
wolfSSL	0:1239e9b70ca2	1867	{
wolfSSL	0:1239e9b70ca2	1868	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	1869	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	1870	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	1871	if (method)
wolfSSL	0:1239e9b70ca2	1872	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	0:1239e9b70ca2	1873	return method;
wolfSSL	0:1239e9b70ca2	1874	}
wolfSSL	0:1239e9b70ca2	1875
wolfSSL	0:1239e9b70ca2	1876	#endif
wolfSSL	0:1239e9b70ca2	1877
wolfSSL	0:1239e9b70ca2	1878
wolfSSL	0:1239e9b70ca2	1879	CYASSL_METHOD* CyaSSLv23_client_method(void)
wolfSSL	0:1239e9b70ca2	1880	{
wolfSSL	0:1239e9b70ca2	1881	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	1882	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	1883	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	1884	if (method) {
wolfSSL	0:1239e9b70ca2	1885	#ifndef NO_SHA256 /* 1.2 requires SHA256 */
wolfSSL	0:1239e9b70ca2	1886	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	0:1239e9b70ca2	1887	#else
wolfSSL	0:1239e9b70ca2	1888	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	0:1239e9b70ca2	1889	#endif
wolfSSL	0:1239e9b70ca2	1890	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1891	method->downgrade = 1;
wolfSSL	0:1239e9b70ca2	1892	#endif
wolfSSL	0:1239e9b70ca2	1893	}
wolfSSL	0:1239e9b70ca2	1894	return method;
wolfSSL	0:1239e9b70ca2	1895	}
wolfSSL	0:1239e9b70ca2	1896
wolfSSL	0:1239e9b70ca2	1897
wolfSSL	0:1239e9b70ca2	1898	#endif /* NO_CYASSL_CLIENT */
wolfSSL	0:1239e9b70ca2	1899
wolfSSL	0:1239e9b70ca2	1900
wolfSSL	0:1239e9b70ca2	1901
wolfSSL	0:1239e9b70ca2	1902	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	1903
wolfSSL	0:1239e9b70ca2	1904	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1905
wolfSSL	0:1239e9b70ca2	1906	CYASSL_METHOD* CyaTLSv1_server_method(void)
wolfSSL	0:1239e9b70ca2	1907	{
wolfSSL	0:1239e9b70ca2	1908	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	1909	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	1910	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	1911	if (method) {
wolfSSL	0:1239e9b70ca2	1912	InitSSL_Method(method, MakeTLSv1());
wolfSSL	0:1239e9b70ca2	1913	method->side = CYASSL_SERVER_END;
wolfSSL	0:1239e9b70ca2	1914	}
wolfSSL	0:1239e9b70ca2	1915	return method;
wolfSSL	0:1239e9b70ca2	1916	}
wolfSSL	0:1239e9b70ca2	1917
wolfSSL	0:1239e9b70ca2	1918
wolfSSL	0:1239e9b70ca2	1919	CYASSL_METHOD* CyaTLSv1_1_server_method(void)
wolfSSL	0:1239e9b70ca2	1920	{
wolfSSL	0:1239e9b70ca2	1921	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	1922	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	1923	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	1924	if (method) {
wolfSSL	0:1239e9b70ca2	1925	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	0:1239e9b70ca2	1926	method->side = CYASSL_SERVER_END;
wolfSSL	0:1239e9b70ca2	1927	}
wolfSSL	0:1239e9b70ca2	1928	return method;
wolfSSL	0:1239e9b70ca2	1929	}
wolfSSL	0:1239e9b70ca2	1930
wolfSSL	0:1239e9b70ca2	1931	#endif /* !NO_OLD_TLS */
wolfSSL	0:1239e9b70ca2	1932
wolfSSL	0:1239e9b70ca2	1933	#ifndef NO_SHA256 /* can't use without SHA256 */
wolfSSL	0:1239e9b70ca2	1934
wolfSSL	0:1239e9b70ca2	1935	CYASSL_METHOD* CyaTLSv1_2_server_method(void)
wolfSSL	0:1239e9b70ca2	1936	{
wolfSSL	0:1239e9b70ca2	1937	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	1938	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	1939	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	1940	if (method) {
wolfSSL	0:1239e9b70ca2	1941	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	0:1239e9b70ca2	1942	method->side = CYASSL_SERVER_END;
wolfSSL	0:1239e9b70ca2	1943	}
wolfSSL	0:1239e9b70ca2	1944	return method;
wolfSSL	0:1239e9b70ca2	1945	}
wolfSSL	0:1239e9b70ca2	1946
wolfSSL	0:1239e9b70ca2	1947	#endif
wolfSSL	0:1239e9b70ca2	1948
wolfSSL	0:1239e9b70ca2	1949
wolfSSL	0:1239e9b70ca2	1950	CYASSL_METHOD* CyaSSLv23_server_method(void)
wolfSSL	0:1239e9b70ca2	1951	{
wolfSSL	0:1239e9b70ca2	1952	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	1953	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	1954	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	1955	if (method) {
wolfSSL	0:1239e9b70ca2	1956	#ifndef NO_SHA256 /* 1.2 requires SHA256 */
wolfSSL	0:1239e9b70ca2	1957	InitSSL_Method(method, MakeTLSv1_2());
wolfSSL	0:1239e9b70ca2	1958	#else
wolfSSL	0:1239e9b70ca2	1959	InitSSL_Method(method, MakeTLSv1_1());
wolfSSL	0:1239e9b70ca2	1960	#endif
wolfSSL	0:1239e9b70ca2	1961	method->side = CYASSL_SERVER_END;
wolfSSL	0:1239e9b70ca2	1962	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1963	method->downgrade = 1;
wolfSSL	0:1239e9b70ca2	1964	#endif /* !NO_OLD_TLS */
wolfSSL	0:1239e9b70ca2	1965	}
wolfSSL	0:1239e9b70ca2	1966	return method;
wolfSSL	0:1239e9b70ca2	1967	}
wolfSSL	0:1239e9b70ca2	1968
wolfSSL	0:1239e9b70ca2	1969
wolfSSL	0:1239e9b70ca2	1970
wolfSSL	0:1239e9b70ca2	1971	#endif /* NO_CYASSL_SERVER */
wolfSSL	0:1239e9b70ca2	1972	#endif /* NO_TLS */
wolfSSL	0:1239e9b70ca2	1973
wolfSSL	0:1239e9b70ca2	1974

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	14 Jan 2015
Imports:	1
Forks:	0
Commits:	5
Dependents:	0
Dependencies:	0
Followers:	2

src/tls.c@4:e505054279ed, 2015-01-14 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning