Elijah P
CyaSSL changed for NucleoF401RE board: implemented random and time functions for build. (Has trouble with wildcard domains like *.google.com, *.yahoo.com)
src/internal.c@4:e505054279ed, 2015-01-14 (annotated)
- Committer:
- Vanger
- Date:
- Wed Jan 14 22:07:14 2015 +0000
- Revision:
- 4:e505054279ed
- Parent:
- 0:1239e9b70ca2
Implemented some platform specific functions in the Cyassl library code: time functions, seed random functions, and also changed the settings.h file to define settings specific to the platform being used
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| Vanger | 4:e505054279ed | 1 | /* internal.c |
| Vanger | 4:e505054279ed | 2 | * |
| Vanger | 4:e505054279ed | 3 | * Copyright (C) 2006-2014 wolfSSL Inc. |
| Vanger | 4:e505054279ed | 4 | * |
| Vanger | 4:e505054279ed | 5 | * This file is part of CyaSSL. |
| Vanger | 4:e505054279ed | 6 | * |
| Vanger | 4:e505054279ed | 7 | * CyaSSL is free software; you can redistribute it and/or modify |
| Vanger | 4:e505054279ed | 8 | * it under the terms of the GNU General Public License as published by |
| Vanger | 4:e505054279ed | 9 | * the Free Software Foundation; either version 2 of the License, or |
| Vanger | 4:e505054279ed | 10 | * (at your option) any later version. |
| Vanger | 4:e505054279ed | 11 | * |
| Vanger | 4:e505054279ed | 12 | * CyaSSL is distributed in the hope that it will be useful, |
| Vanger | 4:e505054279ed | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| Vanger | 4:e505054279ed | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| Vanger | 4:e505054279ed | 15 | * GNU General Public License for more details. |
| Vanger | 4:e505054279ed | 16 | * |
| Vanger | 4:e505054279ed | 17 | * You should have received a copy of the GNU General Public License |
| Vanger | 4:e505054279ed | 18 | * along with this program; if not, write to the Free Software |
| Vanger | 4:e505054279ed | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
| Vanger | 4:e505054279ed | 20 | */ |
| Vanger | 4:e505054279ed | 21 | |
| Vanger | 4:e505054279ed | 22 | |
| Vanger | 4:e505054279ed | 23 | #ifdef HAVE_CONFIG_H |
| Vanger | 4:e505054279ed | 24 | #include <config.h> |
| Vanger | 4:e505054279ed | 25 | #endif |
| Vanger | 4:e505054279ed | 26 | |
| Vanger | 4:e505054279ed | 27 | #include <cyassl/ctaocrypt/settings.h> |
| Vanger | 4:e505054279ed | 28 | |
| Vanger | 4:e505054279ed | 29 | #include <cyassl/internal.h> |
| Vanger | 4:e505054279ed | 30 | #include <cyassl/error-ssl.h> |
| Vanger | 4:e505054279ed | 31 | #include <cyassl/ctaocrypt/asn.h> |
| Vanger | 4:e505054279ed | 32 | |
| Vanger | 4:e505054279ed | 33 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 34 | #include "zlib.h" |
| Vanger | 4:e505054279ed | 35 | #endif |
| Vanger | 4:e505054279ed | 36 | |
| Vanger | 4:e505054279ed | 37 | #ifdef HAVE_NTRU |
| Vanger | 4:e505054279ed | 38 | #include "crypto_ntru.h" |
| Vanger | 4:e505054279ed | 39 | #endif |
| Vanger | 4:e505054279ed | 40 | |
| Vanger | 4:e505054279ed | 41 | #if defined(DEBUG_CYASSL) || defined(SHOW_SECRETS) |
| Vanger | 4:e505054279ed | 42 | #ifdef FREESCALE_MQX |
| Vanger | 4:e505054279ed | 43 | #include <fio.h> |
| Vanger | 4:e505054279ed | 44 | #else |
| Vanger | 4:e505054279ed | 45 | #include <stdio.h> |
| Vanger | 4:e505054279ed | 46 | #endif |
| Vanger | 4:e505054279ed | 47 | #endif |
| Vanger | 4:e505054279ed | 48 | |
| Vanger | 4:e505054279ed | 49 | #ifdef __sun |
| Vanger | 4:e505054279ed | 50 | #include <sys/filio.h> |
| Vanger | 4:e505054279ed | 51 | #endif |
| Vanger | 4:e505054279ed | 52 | |
| Vanger | 4:e505054279ed | 53 | #ifndef TRUE |
| Vanger | 4:e505054279ed | 54 | #define TRUE 1 |
| Vanger | 4:e505054279ed | 55 | #endif |
| Vanger | 4:e505054279ed | 56 | #ifndef FALSE |
| Vanger | 4:e505054279ed | 57 | #define FALSE 0 |
| Vanger | 4:e505054279ed | 58 | #endif |
| Vanger | 4:e505054279ed | 59 | |
| Vanger | 4:e505054279ed | 60 | |
| Vanger | 4:e505054279ed | 61 | #if defined(OPENSSL_EXTRA) && defined(NO_DH) |
| Vanger | 4:e505054279ed | 62 | #error OPENSSL_EXTRA needs DH, please remove NO_DH |
| Vanger | 4:e505054279ed | 63 | #endif |
| Vanger | 4:e505054279ed | 64 | |
| Vanger | 4:e505054279ed | 65 | #if defined(CYASSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS) |
| Vanger | 4:e505054279ed | 66 | #error \ |
| Vanger | 4:e505054279ed | 67 | CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS |
| Vanger | 4:e505054279ed | 68 | #endif |
| Vanger | 4:e505054279ed | 69 | |
| Vanger | 4:e505054279ed | 70 | |
| Vanger | 4:e505054279ed | 71 | #ifndef NO_CYASSL_CLIENT |
| Vanger | 4:e505054279ed | 72 | static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*, |
| Vanger | 4:e505054279ed | 73 | word32); |
| Vanger | 4:e505054279ed | 74 | static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32); |
| Vanger | 4:e505054279ed | 75 | static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*, |
| Vanger | 4:e505054279ed | 76 | word32); |
| Vanger | 4:e505054279ed | 77 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 78 | static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*, |
| Vanger | 4:e505054279ed | 79 | word32); |
| Vanger | 4:e505054279ed | 80 | #endif |
| Vanger | 4:e505054279ed | 81 | #endif |
| Vanger | 4:e505054279ed | 82 | |
| Vanger | 4:e505054279ed | 83 | |
| Vanger | 4:e505054279ed | 84 | #ifndef NO_CYASSL_SERVER |
| Vanger | 4:e505054279ed | 85 | static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32); |
| Vanger | 4:e505054279ed | 86 | static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32); |
| Vanger | 4:e505054279ed | 87 | #if !defined(NO_RSA) || defined(HAVE_ECC) |
| Vanger | 4:e505054279ed | 88 | static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32); |
| Vanger | 4:e505054279ed | 89 | #endif |
| Vanger | 4:e505054279ed | 90 | #endif |
| Vanger | 4:e505054279ed | 91 | |
| Vanger | 4:e505054279ed | 92 | |
| Vanger | 4:e505054279ed | 93 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 94 | static INLINE int DtlsCheckWindow(DtlsState* state); |
| Vanger | 4:e505054279ed | 95 | static INLINE int DtlsUpdateWindow(DtlsState* state); |
| Vanger | 4:e505054279ed | 96 | #endif |
| Vanger | 4:e505054279ed | 97 | |
| Vanger | 4:e505054279ed | 98 | |
| Vanger | 4:e505054279ed | 99 | typedef enum { |
| Vanger | 4:e505054279ed | 100 | doProcessInit = 0, |
| Vanger | 4:e505054279ed | 101 | #ifndef NO_CYASSL_SERVER |
| Vanger | 4:e505054279ed | 102 | runProcessOldClientHello, |
| Vanger | 4:e505054279ed | 103 | #endif |
| Vanger | 4:e505054279ed | 104 | getRecordLayerHeader, |
| Vanger | 4:e505054279ed | 105 | getData, |
| Vanger | 4:e505054279ed | 106 | runProcessingOneMessage |
| Vanger | 4:e505054279ed | 107 | } processReply; |
| Vanger | 4:e505054279ed | 108 | |
| Vanger | 4:e505054279ed | 109 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 110 | static int SSL_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, |
| Vanger | 4:e505054279ed | 111 | int content, int verify); |
| Vanger | 4:e505054279ed | 112 | |
| Vanger | 4:e505054279ed | 113 | #endif |
| Vanger | 4:e505054279ed | 114 | |
| Vanger | 4:e505054279ed | 115 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 116 | static int BuildCertHashes(CYASSL* ssl, Hashes* hashes); |
| Vanger | 4:e505054279ed | 117 | #endif |
| Vanger | 4:e505054279ed | 118 | |
| Vanger | 4:e505054279ed | 119 | static void PickHashSigAlgo(CYASSL* ssl, |
| Vanger | 4:e505054279ed | 120 | const byte* hashSigAlgo, word32 hashSigAlgoSz); |
| Vanger | 4:e505054279ed | 121 | |
| Vanger | 4:e505054279ed | 122 | #ifndef min |
| Vanger | 4:e505054279ed | 123 | |
| Vanger | 4:e505054279ed | 124 | static INLINE word32 min(word32 a, word32 b) |
| Vanger | 4:e505054279ed | 125 | { |
| Vanger | 4:e505054279ed | 126 | return a > b ? b : a; |
| Vanger | 4:e505054279ed | 127 | } |
| Vanger | 4:e505054279ed | 128 | |
| Vanger | 4:e505054279ed | 129 | #endif /* min */ |
| Vanger | 4:e505054279ed | 130 | |
| Vanger | 4:e505054279ed | 131 | |
| Vanger | 4:e505054279ed | 132 | int IsTLS(const CYASSL* ssl) |
| Vanger | 4:e505054279ed | 133 | { |
| Vanger | 4:e505054279ed | 134 | if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR) |
| Vanger | 4:e505054279ed | 135 | return 1; |
| Vanger | 4:e505054279ed | 136 | |
| Vanger | 4:e505054279ed | 137 | return 0; |
| Vanger | 4:e505054279ed | 138 | } |
| Vanger | 4:e505054279ed | 139 | |
| Vanger | 4:e505054279ed | 140 | |
| Vanger | 4:e505054279ed | 141 | int IsAtLeastTLSv1_2(const CYASSL* ssl) |
| Vanger | 4:e505054279ed | 142 | { |
| Vanger | 4:e505054279ed | 143 | if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR) |
| Vanger | 4:e505054279ed | 144 | return 1; |
| Vanger | 4:e505054279ed | 145 | if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR) |
| Vanger | 4:e505054279ed | 146 | return 1; |
| Vanger | 4:e505054279ed | 147 | |
| Vanger | 4:e505054279ed | 148 | return 0; |
| Vanger | 4:e505054279ed | 149 | } |
| Vanger | 4:e505054279ed | 150 | |
| Vanger | 4:e505054279ed | 151 | |
| Vanger | 4:e505054279ed | 152 | #ifdef HAVE_NTRU |
| Vanger | 4:e505054279ed | 153 | |
| Vanger | 4:e505054279ed | 154 | static byte GetEntropy(ENTROPY_CMD cmd, byte* out) |
| Vanger | 4:e505054279ed | 155 | { |
| Vanger | 4:e505054279ed | 156 | /* TODO: add locking? */ |
| Vanger | 4:e505054279ed | 157 | static RNG rng; |
| Vanger | 4:e505054279ed | 158 | |
| Vanger | 4:e505054279ed | 159 | if (cmd == INIT) |
| Vanger | 4:e505054279ed | 160 | return (InitRng(&rng) == 0) ? 1 : 0; |
| Vanger | 4:e505054279ed | 161 | |
| Vanger | 4:e505054279ed | 162 | if (out == NULL) |
| Vanger | 4:e505054279ed | 163 | return 0; |
| Vanger | 4:e505054279ed | 164 | |
| Vanger | 4:e505054279ed | 165 | if (cmd == GET_BYTE_OF_ENTROPY) |
| Vanger | 4:e505054279ed | 166 | return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0; |
| Vanger | 4:e505054279ed | 167 | |
| Vanger | 4:e505054279ed | 168 | if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { |
| Vanger | 4:e505054279ed | 169 | *out = 1; |
| Vanger | 4:e505054279ed | 170 | return 1; |
| Vanger | 4:e505054279ed | 171 | } |
| Vanger | 4:e505054279ed | 172 | |
| Vanger | 4:e505054279ed | 173 | return 0; |
| Vanger | 4:e505054279ed | 174 | } |
| Vanger | 4:e505054279ed | 175 | |
| Vanger | 4:e505054279ed | 176 | #endif /* HAVE_NTRU */ |
| Vanger | 4:e505054279ed | 177 | |
| Vanger | 4:e505054279ed | 178 | /* used by ssl.c too */ |
| Vanger | 4:e505054279ed | 179 | void c32to24(word32 in, word24 out) |
| Vanger | 4:e505054279ed | 180 | { |
| Vanger | 4:e505054279ed | 181 | out[0] = (in >> 16) & 0xff; |
| Vanger | 4:e505054279ed | 182 | out[1] = (in >> 8) & 0xff; |
| Vanger | 4:e505054279ed | 183 | out[2] = in & 0xff; |
| Vanger | 4:e505054279ed | 184 | } |
| Vanger | 4:e505054279ed | 185 | |
| Vanger | 4:e505054279ed | 186 | |
| Vanger | 4:e505054279ed | 187 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 188 | |
| Vanger | 4:e505054279ed | 189 | static INLINE void c32to48(word32 in, byte out[6]) |
| Vanger | 4:e505054279ed | 190 | { |
| Vanger | 4:e505054279ed | 191 | out[0] = 0; |
| Vanger | 4:e505054279ed | 192 | out[1] = 0; |
| Vanger | 4:e505054279ed | 193 | out[2] = (in >> 24) & 0xff; |
| Vanger | 4:e505054279ed | 194 | out[3] = (in >> 16) & 0xff; |
| Vanger | 4:e505054279ed | 195 | out[4] = (in >> 8) & 0xff; |
| Vanger | 4:e505054279ed | 196 | out[5] = in & 0xff; |
| Vanger | 4:e505054279ed | 197 | } |
| Vanger | 4:e505054279ed | 198 | |
| Vanger | 4:e505054279ed | 199 | #endif /* CYASSL_DTLS */ |
| Vanger | 4:e505054279ed | 200 | |
| Vanger | 4:e505054279ed | 201 | |
| Vanger | 4:e505054279ed | 202 | /* convert 16 bit integer to opaque */ |
| Vanger | 4:e505054279ed | 203 | static INLINE void c16toa(word16 u16, byte* c) |
| Vanger | 4:e505054279ed | 204 | { |
| Vanger | 4:e505054279ed | 205 | c[0] = (u16 >> 8) & 0xff; |
| Vanger | 4:e505054279ed | 206 | c[1] = u16 & 0xff; |
| Vanger | 4:e505054279ed | 207 | } |
| Vanger | 4:e505054279ed | 208 | |
| Vanger | 4:e505054279ed | 209 | |
| Vanger | 4:e505054279ed | 210 | /* convert 32 bit integer to opaque */ |
| Vanger | 4:e505054279ed | 211 | static INLINE void c32toa(word32 u32, byte* c) |
| Vanger | 4:e505054279ed | 212 | { |
| Vanger | 4:e505054279ed | 213 | c[0] = (u32 >> 24) & 0xff; |
| Vanger | 4:e505054279ed | 214 | c[1] = (u32 >> 16) & 0xff; |
| Vanger | 4:e505054279ed | 215 | c[2] = (u32 >> 8) & 0xff; |
| Vanger | 4:e505054279ed | 216 | c[3] = u32 & 0xff; |
| Vanger | 4:e505054279ed | 217 | } |
| Vanger | 4:e505054279ed | 218 | |
| Vanger | 4:e505054279ed | 219 | |
| Vanger | 4:e505054279ed | 220 | /* convert a 24 bit integer into a 32 bit one */ |
| Vanger | 4:e505054279ed | 221 | static INLINE void c24to32(const word24 u24, word32* u32) |
| Vanger | 4:e505054279ed | 222 | { |
| Vanger | 4:e505054279ed | 223 | *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2]; |
| Vanger | 4:e505054279ed | 224 | } |
| Vanger | 4:e505054279ed | 225 | |
| Vanger | 4:e505054279ed | 226 | |
| Vanger | 4:e505054279ed | 227 | /* convert opaque to 16 bit integer */ |
| Vanger | 4:e505054279ed | 228 | static INLINE void ato16(const byte* c, word16* u16) |
| Vanger | 4:e505054279ed | 229 | { |
| Vanger | 4:e505054279ed | 230 | *u16 = (word16) ((c[0] << 8) | (c[1])); |
| Vanger | 4:e505054279ed | 231 | } |
| Vanger | 4:e505054279ed | 232 | |
| Vanger | 4:e505054279ed | 233 | |
| Vanger | 4:e505054279ed | 234 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 235 | |
| Vanger | 4:e505054279ed | 236 | /* convert opaque to 32 bit integer */ |
| Vanger | 4:e505054279ed | 237 | static INLINE void ato32(const byte* c, word32* u32) |
| Vanger | 4:e505054279ed | 238 | { |
| Vanger | 4:e505054279ed | 239 | *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3]; |
| Vanger | 4:e505054279ed | 240 | } |
| Vanger | 4:e505054279ed | 241 | |
| Vanger | 4:e505054279ed | 242 | #endif /* CYASSL_DTLS */ |
| Vanger | 4:e505054279ed | 243 | |
| Vanger | 4:e505054279ed | 244 | |
| Vanger | 4:e505054279ed | 245 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 246 | |
| Vanger | 4:e505054279ed | 247 | /* alloc user allocs to work with zlib */ |
| Vanger | 4:e505054279ed | 248 | static void* myAlloc(void* opaque, unsigned int item, unsigned int size) |
| Vanger | 4:e505054279ed | 249 | { |
| Vanger | 4:e505054279ed | 250 | (void)opaque; |
| Vanger | 4:e505054279ed | 251 | return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ); |
| Vanger | 4:e505054279ed | 252 | } |
| Vanger | 4:e505054279ed | 253 | |
| Vanger | 4:e505054279ed | 254 | |
| Vanger | 4:e505054279ed | 255 | static void myFree(void* opaque, void* memory) |
| Vanger | 4:e505054279ed | 256 | { |
| Vanger | 4:e505054279ed | 257 | (void)opaque; |
| Vanger | 4:e505054279ed | 258 | XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ); |
| Vanger | 4:e505054279ed | 259 | } |
| Vanger | 4:e505054279ed | 260 | |
| Vanger | 4:e505054279ed | 261 | |
| Vanger | 4:e505054279ed | 262 | /* init zlib comp/decomp streams, 0 on success */ |
| Vanger | 4:e505054279ed | 263 | static int InitStreams(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 264 | { |
| Vanger | 4:e505054279ed | 265 | ssl->c_stream.zalloc = (alloc_func)myAlloc; |
| Vanger | 4:e505054279ed | 266 | ssl->c_stream.zfree = (free_func)myFree; |
| Vanger | 4:e505054279ed | 267 | ssl->c_stream.opaque = (voidpf)ssl->heap; |
| Vanger | 4:e505054279ed | 268 | |
| Vanger | 4:e505054279ed | 269 | if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK) |
| Vanger | 4:e505054279ed | 270 | return ZLIB_INIT_ERROR; |
| Vanger | 4:e505054279ed | 271 | |
| Vanger | 4:e505054279ed | 272 | ssl->didStreamInit = 1; |
| Vanger | 4:e505054279ed | 273 | |
| Vanger | 4:e505054279ed | 274 | ssl->d_stream.zalloc = (alloc_func)myAlloc; |
| Vanger | 4:e505054279ed | 275 | ssl->d_stream.zfree = (free_func)myFree; |
| Vanger | 4:e505054279ed | 276 | ssl->d_stream.opaque = (voidpf)ssl->heap; |
| Vanger | 4:e505054279ed | 277 | |
| Vanger | 4:e505054279ed | 278 | if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR; |
| Vanger | 4:e505054279ed | 279 | |
| Vanger | 4:e505054279ed | 280 | return 0; |
| Vanger | 4:e505054279ed | 281 | } |
| Vanger | 4:e505054279ed | 282 | |
| Vanger | 4:e505054279ed | 283 | |
| Vanger | 4:e505054279ed | 284 | static void FreeStreams(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 285 | { |
| Vanger | 4:e505054279ed | 286 | if (ssl->didStreamInit) { |
| Vanger | 4:e505054279ed | 287 | deflateEnd(&ssl->c_stream); |
| Vanger | 4:e505054279ed | 288 | inflateEnd(&ssl->d_stream); |
| Vanger | 4:e505054279ed | 289 | } |
| Vanger | 4:e505054279ed | 290 | } |
| Vanger | 4:e505054279ed | 291 | |
| Vanger | 4:e505054279ed | 292 | |
| Vanger | 4:e505054279ed | 293 | /* compress in to out, return out size or error */ |
| Vanger | 4:e505054279ed | 294 | static int myCompress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz) |
| Vanger | 4:e505054279ed | 295 | { |
| Vanger | 4:e505054279ed | 296 | int err; |
| Vanger | 4:e505054279ed | 297 | int currTotal = (int)ssl->c_stream.total_out; |
| Vanger | 4:e505054279ed | 298 | |
| Vanger | 4:e505054279ed | 299 | ssl->c_stream.next_in = in; |
| Vanger | 4:e505054279ed | 300 | ssl->c_stream.avail_in = inSz; |
| Vanger | 4:e505054279ed | 301 | ssl->c_stream.next_out = out; |
| Vanger | 4:e505054279ed | 302 | ssl->c_stream.avail_out = outSz; |
| Vanger | 4:e505054279ed | 303 | |
| Vanger | 4:e505054279ed | 304 | err = deflate(&ssl->c_stream, Z_SYNC_FLUSH); |
| Vanger | 4:e505054279ed | 305 | if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR; |
| Vanger | 4:e505054279ed | 306 | |
| Vanger | 4:e505054279ed | 307 | return (int)ssl->c_stream.total_out - currTotal; |
| Vanger | 4:e505054279ed | 308 | } |
| Vanger | 4:e505054279ed | 309 | |
| Vanger | 4:e505054279ed | 310 | |
| Vanger | 4:e505054279ed | 311 | /* decompress in to out, returnn out size or error */ |
| Vanger | 4:e505054279ed | 312 | static int myDeCompress(CYASSL* ssl, byte* in,int inSz, byte* out,int outSz) |
| Vanger | 4:e505054279ed | 313 | { |
| Vanger | 4:e505054279ed | 314 | int err; |
| Vanger | 4:e505054279ed | 315 | int currTotal = (int)ssl->d_stream.total_out; |
| Vanger | 4:e505054279ed | 316 | |
| Vanger | 4:e505054279ed | 317 | ssl->d_stream.next_in = in; |
| Vanger | 4:e505054279ed | 318 | ssl->d_stream.avail_in = inSz; |
| Vanger | 4:e505054279ed | 319 | ssl->d_stream.next_out = out; |
| Vanger | 4:e505054279ed | 320 | ssl->d_stream.avail_out = outSz; |
| Vanger | 4:e505054279ed | 321 | |
| Vanger | 4:e505054279ed | 322 | err = inflate(&ssl->d_stream, Z_SYNC_FLUSH); |
| Vanger | 4:e505054279ed | 323 | if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR; |
| Vanger | 4:e505054279ed | 324 | |
| Vanger | 4:e505054279ed | 325 | return (int)ssl->d_stream.total_out - currTotal; |
| Vanger | 4:e505054279ed | 326 | } |
| Vanger | 4:e505054279ed | 327 | |
| Vanger | 4:e505054279ed | 328 | #endif /* HAVE_LIBZ */ |
| Vanger | 4:e505054279ed | 329 | |
| Vanger | 4:e505054279ed | 330 | |
| Vanger | 4:e505054279ed | 331 | void InitSSL_Method(CYASSL_METHOD* method, ProtocolVersion pv) |
| Vanger | 4:e505054279ed | 332 | { |
| Vanger | 4:e505054279ed | 333 | method->version = pv; |
| Vanger | 4:e505054279ed | 334 | method->side = CYASSL_CLIENT_END; |
| Vanger | 4:e505054279ed | 335 | method->downgrade = 0; |
| Vanger | 4:e505054279ed | 336 | } |
| Vanger | 4:e505054279ed | 337 | |
| Vanger | 4:e505054279ed | 338 | |
| Vanger | 4:e505054279ed | 339 | /* Initialze SSL context, return 0 on success */ |
| Vanger | 4:e505054279ed | 340 | int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method) |
| Vanger | 4:e505054279ed | 341 | { |
| Vanger | 4:e505054279ed | 342 | ctx->method = method; |
| Vanger | 4:e505054279ed | 343 | ctx->refCount = 1; /* so either CTX_free or SSL_free can release */ |
| Vanger | 4:e505054279ed | 344 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 345 | ctx->certificate.buffer = 0; |
| Vanger | 4:e505054279ed | 346 | ctx->certChain.buffer = 0; |
| Vanger | 4:e505054279ed | 347 | ctx->privateKey.buffer = 0; |
| Vanger | 4:e505054279ed | 348 | ctx->serverDH_P.buffer = 0; |
| Vanger | 4:e505054279ed | 349 | ctx->serverDH_G.buffer = 0; |
| Vanger | 4:e505054279ed | 350 | #endif |
| Vanger | 4:e505054279ed | 351 | ctx->haveDH = 0; |
| Vanger | 4:e505054279ed | 352 | ctx->haveNTRU = 0; /* start off */ |
| Vanger | 4:e505054279ed | 353 | ctx->haveECDSAsig = 0; /* start off */ |
| Vanger | 4:e505054279ed | 354 | ctx->haveStaticECC = 0; /* start off */ |
| Vanger | 4:e505054279ed | 355 | ctx->heap = ctx; /* defaults to self */ |
| Vanger | 4:e505054279ed | 356 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 357 | ctx->havePSK = 0; |
| Vanger | 4:e505054279ed | 358 | ctx->server_hint[0] = 0; |
| Vanger | 4:e505054279ed | 359 | ctx->client_psk_cb = 0; |
| Vanger | 4:e505054279ed | 360 | ctx->server_psk_cb = 0; |
| Vanger | 4:e505054279ed | 361 | #endif /* NO_PSK */ |
| Vanger | 4:e505054279ed | 362 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 363 | ctx->eccTempKeySz = ECDHE_SIZE; |
| Vanger | 4:e505054279ed | 364 | #endif |
| Vanger | 4:e505054279ed | 365 | |
| Vanger | 4:e505054279ed | 366 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
| Vanger | 4:e505054279ed | 367 | ctx->passwd_cb = 0; |
| Vanger | 4:e505054279ed | 368 | ctx->userdata = 0; |
| Vanger | 4:e505054279ed | 369 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 370 | |
| Vanger | 4:e505054279ed | 371 | ctx->timeout = DEFAULT_TIMEOUT; |
| Vanger | 4:e505054279ed | 372 | |
| Vanger | 4:e505054279ed | 373 | #ifndef CYASSL_USER_IO |
| Vanger | 4:e505054279ed | 374 | ctx->CBIORecv = EmbedReceive; |
| Vanger | 4:e505054279ed | 375 | ctx->CBIOSend = EmbedSend; |
| Vanger | 4:e505054279ed | 376 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 377 | if (method->version.major == DTLS_MAJOR) { |
| Vanger | 4:e505054279ed | 378 | ctx->CBIORecv = EmbedReceiveFrom; |
| Vanger | 4:e505054279ed | 379 | ctx->CBIOSend = EmbedSendTo; |
| Vanger | 4:e505054279ed | 380 | ctx->CBIOCookie = EmbedGenerateCookie; |
| Vanger | 4:e505054279ed | 381 | } |
| Vanger | 4:e505054279ed | 382 | #endif |
| Vanger | 4:e505054279ed | 383 | #else |
| Vanger | 4:e505054279ed | 384 | /* user will set */ |
| Vanger | 4:e505054279ed | 385 | ctx->CBIORecv = NULL; |
| Vanger | 4:e505054279ed | 386 | ctx->CBIOSend = NULL; |
| Vanger | 4:e505054279ed | 387 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 388 | ctx->CBIOCookie = NULL; |
| Vanger | 4:e505054279ed | 389 | #endif |
| Vanger | 4:e505054279ed | 390 | #endif /* CYASSL_USER_IO */ |
| Vanger | 4:e505054279ed | 391 | #ifdef HAVE_NETX |
| Vanger | 4:e505054279ed | 392 | ctx->CBIORecv = NetX_Receive; |
| Vanger | 4:e505054279ed | 393 | ctx->CBIOSend = NetX_Send; |
| Vanger | 4:e505054279ed | 394 | #endif |
| Vanger | 4:e505054279ed | 395 | ctx->partialWrite = 0; |
| Vanger | 4:e505054279ed | 396 | ctx->verifyCallback = 0; |
| Vanger | 4:e505054279ed | 397 | |
| Vanger | 4:e505054279ed | 398 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 399 | ctx->cm = CyaSSL_CertManagerNew(); |
| Vanger | 4:e505054279ed | 400 | #endif |
| Vanger | 4:e505054279ed | 401 | #ifdef HAVE_NTRU |
| Vanger | 4:e505054279ed | 402 | if (method->side == CYASSL_CLIENT_END) |
| Vanger | 4:e505054279ed | 403 | ctx->haveNTRU = 1; /* always on cliet side */ |
| Vanger | 4:e505054279ed | 404 | /* server can turn on by loading key */ |
| Vanger | 4:e505054279ed | 405 | #endif |
| Vanger | 4:e505054279ed | 406 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 407 | if (method->side == CYASSL_CLIENT_END) { |
| Vanger | 4:e505054279ed | 408 | ctx->haveECDSAsig = 1; /* always on cliet side */ |
| Vanger | 4:e505054279ed | 409 | ctx->haveStaticECC = 1; /* server can turn on by loading key */ |
| Vanger | 4:e505054279ed | 410 | } |
| Vanger | 4:e505054279ed | 411 | #endif |
| Vanger | 4:e505054279ed | 412 | ctx->suites.setSuites = 0; /* user hasn't set yet */ |
| Vanger | 4:e505054279ed | 413 | /* remove DH later if server didn't set, add psk later */ |
| Vanger | 4:e505054279ed | 414 | InitSuites(&ctx->suites, method->version, TRUE, FALSE, TRUE, ctx->haveNTRU, |
| Vanger | 4:e505054279ed | 415 | ctx->haveECDSAsig, ctx->haveStaticECC, method->side); |
| Vanger | 4:e505054279ed | 416 | ctx->verifyPeer = 0; |
| Vanger | 4:e505054279ed | 417 | ctx->verifyNone = 0; |
| Vanger | 4:e505054279ed | 418 | ctx->failNoCert = 0; |
| Vanger | 4:e505054279ed | 419 | ctx->sessionCacheOff = 0; /* initially on */ |
| Vanger | 4:e505054279ed | 420 | ctx->sessionCacheFlushOff = 0; /* initially on */ |
| Vanger | 4:e505054279ed | 421 | ctx->sendVerify = 0; |
| Vanger | 4:e505054279ed | 422 | ctx->quietShutdown = 0; |
| Vanger | 4:e505054279ed | 423 | ctx->groupMessages = 0; |
| Vanger | 4:e505054279ed | 424 | #ifdef HAVE_CAVIUM |
| Vanger | 4:e505054279ed | 425 | ctx->devId = NO_CAVIUM_DEVICE; |
| Vanger | 4:e505054279ed | 426 | #endif |
| Vanger | 4:e505054279ed | 427 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 428 | ctx->extensions = NULL; |
| Vanger | 4:e505054279ed | 429 | #endif |
| Vanger | 4:e505054279ed | 430 | #ifdef ATOMIC_USER |
| Vanger | 4:e505054279ed | 431 | ctx->MacEncryptCb = NULL; |
| Vanger | 4:e505054279ed | 432 | ctx->DecryptVerifyCb = NULL; |
| Vanger | 4:e505054279ed | 433 | #endif |
| Vanger | 4:e505054279ed | 434 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 435 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 436 | ctx->EccSignCb = NULL; |
| Vanger | 4:e505054279ed | 437 | ctx->EccVerifyCb = NULL; |
| Vanger | 4:e505054279ed | 438 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 439 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 440 | ctx->RsaSignCb = NULL; |
| Vanger | 4:e505054279ed | 441 | ctx->RsaVerifyCb = NULL; |
| Vanger | 4:e505054279ed | 442 | ctx->RsaEncCb = NULL; |
| Vanger | 4:e505054279ed | 443 | ctx->RsaDecCb = NULL; |
| Vanger | 4:e505054279ed | 444 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 445 | #endif /* HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 446 | |
| Vanger | 4:e505054279ed | 447 | if (InitMutex(&ctx->countMutex) < 0) { |
| Vanger | 4:e505054279ed | 448 | CYASSL_MSG("Mutex error on CTX init"); |
| Vanger | 4:e505054279ed | 449 | return BAD_MUTEX_E; |
| Vanger | 4:e505054279ed | 450 | } |
| Vanger | 4:e505054279ed | 451 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 452 | if (ctx->cm == NULL) { |
| Vanger | 4:e505054279ed | 453 | CYASSL_MSG("Bad Cert Manager New"); |
| Vanger | 4:e505054279ed | 454 | return BAD_CERT_MANAGER_ERROR; |
| Vanger | 4:e505054279ed | 455 | } |
| Vanger | 4:e505054279ed | 456 | #endif |
| Vanger | 4:e505054279ed | 457 | return 0; |
| Vanger | 4:e505054279ed | 458 | } |
| Vanger | 4:e505054279ed | 459 | |
| Vanger | 4:e505054279ed | 460 | |
| Vanger | 4:e505054279ed | 461 | /* In case contexts are held in array and don't want to free actual ctx */ |
| Vanger | 4:e505054279ed | 462 | void SSL_CtxResourceFree(CYASSL_CTX* ctx) |
| Vanger | 4:e505054279ed | 463 | { |
| Vanger | 4:e505054279ed | 464 | XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD); |
| Vanger | 4:e505054279ed | 465 | |
| Vanger | 4:e505054279ed | 466 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 467 | XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 468 | XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 469 | XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY); |
| Vanger | 4:e505054279ed | 470 | XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT); |
| Vanger | 4:e505054279ed | 471 | XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT); |
| Vanger | 4:e505054279ed | 472 | CyaSSL_CertManagerFree(ctx->cm); |
| Vanger | 4:e505054279ed | 473 | #endif |
| Vanger | 4:e505054279ed | 474 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 475 | TLSX_FreeAll(ctx->extensions); |
| Vanger | 4:e505054279ed | 476 | #endif |
| Vanger | 4:e505054279ed | 477 | } |
| Vanger | 4:e505054279ed | 478 | |
| Vanger | 4:e505054279ed | 479 | |
| Vanger | 4:e505054279ed | 480 | void FreeSSL_Ctx(CYASSL_CTX* ctx) |
| Vanger | 4:e505054279ed | 481 | { |
| Vanger | 4:e505054279ed | 482 | int doFree = 0; |
| Vanger | 4:e505054279ed | 483 | |
| Vanger | 4:e505054279ed | 484 | if (LockMutex(&ctx->countMutex) != 0) { |
| Vanger | 4:e505054279ed | 485 | CYASSL_MSG("Couldn't lock count mutex"); |
| Vanger | 4:e505054279ed | 486 | return; |
| Vanger | 4:e505054279ed | 487 | } |
| Vanger | 4:e505054279ed | 488 | ctx->refCount--; |
| Vanger | 4:e505054279ed | 489 | if (ctx->refCount == 0) |
| Vanger | 4:e505054279ed | 490 | doFree = 1; |
| Vanger | 4:e505054279ed | 491 | UnLockMutex(&ctx->countMutex); |
| Vanger | 4:e505054279ed | 492 | |
| Vanger | 4:e505054279ed | 493 | if (doFree) { |
| Vanger | 4:e505054279ed | 494 | CYASSL_MSG("CTX ref count down to 0, doing full free"); |
| Vanger | 4:e505054279ed | 495 | SSL_CtxResourceFree(ctx); |
| Vanger | 4:e505054279ed | 496 | FreeMutex(&ctx->countMutex); |
| Vanger | 4:e505054279ed | 497 | XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX); |
| Vanger | 4:e505054279ed | 498 | } |
| Vanger | 4:e505054279ed | 499 | else { |
| Vanger | 4:e505054279ed | 500 | (void)ctx; |
| Vanger | 4:e505054279ed | 501 | CYASSL_MSG("CTX ref count not 0 yet, no free"); |
| Vanger | 4:e505054279ed | 502 | } |
| Vanger | 4:e505054279ed | 503 | } |
| Vanger | 4:e505054279ed | 504 | |
| Vanger | 4:e505054279ed | 505 | |
| Vanger | 4:e505054279ed | 506 | /* Set cipher pointers to null */ |
| Vanger | 4:e505054279ed | 507 | void InitCiphers(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 508 | { |
| Vanger | 4:e505054279ed | 509 | #ifdef BUILD_ARC4 |
| Vanger | 4:e505054279ed | 510 | ssl->encrypt.arc4 = NULL; |
| Vanger | 4:e505054279ed | 511 | ssl->decrypt.arc4 = NULL; |
| Vanger | 4:e505054279ed | 512 | #endif |
| Vanger | 4:e505054279ed | 513 | #ifdef BUILD_DES3 |
| Vanger | 4:e505054279ed | 514 | ssl->encrypt.des3 = NULL; |
| Vanger | 4:e505054279ed | 515 | ssl->decrypt.des3 = NULL; |
| Vanger | 4:e505054279ed | 516 | #endif |
| Vanger | 4:e505054279ed | 517 | #ifdef BUILD_AES |
| Vanger | 4:e505054279ed | 518 | ssl->encrypt.aes = NULL; |
| Vanger | 4:e505054279ed | 519 | ssl->decrypt.aes = NULL; |
| Vanger | 4:e505054279ed | 520 | #endif |
| Vanger | 4:e505054279ed | 521 | #ifdef HAVE_CAMELLIA |
| Vanger | 4:e505054279ed | 522 | ssl->encrypt.cam = NULL; |
| Vanger | 4:e505054279ed | 523 | ssl->decrypt.cam = NULL; |
| Vanger | 4:e505054279ed | 524 | #endif |
| Vanger | 4:e505054279ed | 525 | #ifdef HAVE_HC128 |
| Vanger | 4:e505054279ed | 526 | ssl->encrypt.hc128 = NULL; |
| Vanger | 4:e505054279ed | 527 | ssl->decrypt.hc128 = NULL; |
| Vanger | 4:e505054279ed | 528 | #endif |
| Vanger | 4:e505054279ed | 529 | #ifdef BUILD_RABBIT |
| Vanger | 4:e505054279ed | 530 | ssl->encrypt.rabbit = NULL; |
| Vanger | 4:e505054279ed | 531 | ssl->decrypt.rabbit = NULL; |
| Vanger | 4:e505054279ed | 532 | #endif |
| Vanger | 4:e505054279ed | 533 | ssl->encrypt.setup = 0; |
| Vanger | 4:e505054279ed | 534 | ssl->decrypt.setup = 0; |
| Vanger | 4:e505054279ed | 535 | } |
| Vanger | 4:e505054279ed | 536 | |
| Vanger | 4:e505054279ed | 537 | |
| Vanger | 4:e505054279ed | 538 | /* Free ciphers */ |
| Vanger | 4:e505054279ed | 539 | void FreeCiphers(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 540 | { |
| Vanger | 4:e505054279ed | 541 | (void)ssl; |
| Vanger | 4:e505054279ed | 542 | #ifdef BUILD_ARC4 |
| Vanger | 4:e505054279ed | 543 | #ifdef HAVE_CAVIUM |
| Vanger | 4:e505054279ed | 544 | if (ssl->devId != NO_CAVIUM_DEVICE) { |
| Vanger | 4:e505054279ed | 545 | Arc4FreeCavium(ssl->encrypt.arc4); |
| Vanger | 4:e505054279ed | 546 | Arc4FreeCavium(ssl->decrypt.arc4); |
| Vanger | 4:e505054279ed | 547 | } |
| Vanger | 4:e505054279ed | 548 | #endif |
| Vanger | 4:e505054279ed | 549 | XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 550 | XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 551 | #endif |
| Vanger | 4:e505054279ed | 552 | #ifdef BUILD_DES3 |
| Vanger | 4:e505054279ed | 553 | #ifdef HAVE_CAVIUM |
| Vanger | 4:e505054279ed | 554 | if (ssl->devId != NO_CAVIUM_DEVICE) { |
| Vanger | 4:e505054279ed | 555 | Des3_FreeCavium(ssl->encrypt.des3); |
| Vanger | 4:e505054279ed | 556 | Des3_FreeCavium(ssl->decrypt.des3); |
| Vanger | 4:e505054279ed | 557 | } |
| Vanger | 4:e505054279ed | 558 | #endif |
| Vanger | 4:e505054279ed | 559 | XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 560 | XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 561 | #endif |
| Vanger | 4:e505054279ed | 562 | #ifdef BUILD_AES |
| Vanger | 4:e505054279ed | 563 | #ifdef HAVE_CAVIUM |
| Vanger | 4:e505054279ed | 564 | if (ssl->devId != NO_CAVIUM_DEVICE) { |
| Vanger | 4:e505054279ed | 565 | AesFreeCavium(ssl->encrypt.aes); |
| Vanger | 4:e505054279ed | 566 | AesFreeCavium(ssl->decrypt.aes); |
| Vanger | 4:e505054279ed | 567 | } |
| Vanger | 4:e505054279ed | 568 | #endif |
| Vanger | 4:e505054279ed | 569 | XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 570 | XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 571 | #endif |
| Vanger | 4:e505054279ed | 572 | #ifdef HAVE_CAMELLIA |
| Vanger | 4:e505054279ed | 573 | XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 574 | XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 575 | #endif |
| Vanger | 4:e505054279ed | 576 | #ifdef HAVE_HC128 |
| Vanger | 4:e505054279ed | 577 | XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 578 | XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 579 | #endif |
| Vanger | 4:e505054279ed | 580 | #ifdef BUILD_RABBIT |
| Vanger | 4:e505054279ed | 581 | XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 582 | XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER); |
| Vanger | 4:e505054279ed | 583 | #endif |
| Vanger | 4:e505054279ed | 584 | } |
| Vanger | 4:e505054279ed | 585 | |
| Vanger | 4:e505054279ed | 586 | |
| Vanger | 4:e505054279ed | 587 | void InitCipherSpecs(CipherSpecs* cs) |
| Vanger | 4:e505054279ed | 588 | { |
| Vanger | 4:e505054279ed | 589 | cs->bulk_cipher_algorithm = INVALID_BYTE; |
| Vanger | 4:e505054279ed | 590 | cs->cipher_type = INVALID_BYTE; |
| Vanger | 4:e505054279ed | 591 | cs->mac_algorithm = INVALID_BYTE; |
| Vanger | 4:e505054279ed | 592 | cs->kea = INVALID_BYTE; |
| Vanger | 4:e505054279ed | 593 | cs->sig_algo = INVALID_BYTE; |
| Vanger | 4:e505054279ed | 594 | |
| Vanger | 4:e505054279ed | 595 | cs->hash_size = 0; |
| Vanger | 4:e505054279ed | 596 | cs->static_ecdh = 0; |
| Vanger | 4:e505054279ed | 597 | cs->key_size = 0; |
| Vanger | 4:e505054279ed | 598 | cs->iv_size = 0; |
| Vanger | 4:e505054279ed | 599 | cs->block_size = 0; |
| Vanger | 4:e505054279ed | 600 | } |
| Vanger | 4:e505054279ed | 601 | |
| Vanger | 4:e505054279ed | 602 | |
| Vanger | 4:e505054279ed | 603 | void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, |
| Vanger | 4:e505054279ed | 604 | byte haveDH, byte haveNTRU, byte haveECDSAsig, |
| Vanger | 4:e505054279ed | 605 | byte haveStaticECC, int side) |
| Vanger | 4:e505054279ed | 606 | { |
| Vanger | 4:e505054279ed | 607 | word16 idx = 0; |
| Vanger | 4:e505054279ed | 608 | int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR; |
| Vanger | 4:e505054279ed | 609 | int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR; |
| Vanger | 4:e505054279ed | 610 | int haveRSAsig = 1; |
| Vanger | 4:e505054279ed | 611 | |
| Vanger | 4:e505054279ed | 612 | (void)tls; /* shut up compiler */ |
| Vanger | 4:e505054279ed | 613 | (void)tls1_2; |
| Vanger | 4:e505054279ed | 614 | (void)haveDH; |
| Vanger | 4:e505054279ed | 615 | (void)havePSK; |
| Vanger | 4:e505054279ed | 616 | (void)haveNTRU; |
| Vanger | 4:e505054279ed | 617 | (void)haveStaticECC; |
| Vanger | 4:e505054279ed | 618 | |
| Vanger | 4:e505054279ed | 619 | if (suites == NULL) { |
| Vanger | 4:e505054279ed | 620 | CYASSL_MSG("InitSuites pointer error"); |
| Vanger | 4:e505054279ed | 621 | return; |
| Vanger | 4:e505054279ed | 622 | } |
| Vanger | 4:e505054279ed | 623 | |
| Vanger | 4:e505054279ed | 624 | if (suites->setSuites) |
| Vanger | 4:e505054279ed | 625 | return; /* trust user settings, don't override */ |
| Vanger | 4:e505054279ed | 626 | |
| Vanger | 4:e505054279ed | 627 | if (side == CYASSL_SERVER_END && haveStaticECC) { |
| Vanger | 4:e505054279ed | 628 | haveRSA = 0; /* can't do RSA with ECDSA key */ |
| Vanger | 4:e505054279ed | 629 | (void)haveRSA; /* some builds won't read */ |
| Vanger | 4:e505054279ed | 630 | } |
| Vanger | 4:e505054279ed | 631 | |
| Vanger | 4:e505054279ed | 632 | if (side == CYASSL_SERVER_END && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 633 | haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ |
| Vanger | 4:e505054279ed | 634 | (void)haveRSAsig; /* non ecc builds won't read */ |
| Vanger | 4:e505054279ed | 635 | } |
| Vanger | 4:e505054279ed | 636 | |
| Vanger | 4:e505054279ed | 637 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 638 | if (pv.major == DTLS_MAJOR) { |
| Vanger | 4:e505054279ed | 639 | tls = 1; |
| Vanger | 4:e505054279ed | 640 | tls1_2 = pv.minor <= DTLSv1_2_MINOR; |
| Vanger | 4:e505054279ed | 641 | } |
| Vanger | 4:e505054279ed | 642 | #endif |
| Vanger | 4:e505054279ed | 643 | |
| Vanger | 4:e505054279ed | 644 | #ifdef HAVE_RENEGOTIATION_INDICATION |
| Vanger | 4:e505054279ed | 645 | if (side == CYASSL_CLIENT_END) { |
| Vanger | 4:e505054279ed | 646 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 647 | suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; |
| Vanger | 4:e505054279ed | 648 | } |
| Vanger | 4:e505054279ed | 649 | #endif |
| Vanger | 4:e505054279ed | 650 | |
| Vanger | 4:e505054279ed | 651 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 652 | if (tls && haveNTRU && haveRSA) { |
| Vanger | 4:e505054279ed | 653 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 654 | suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 655 | } |
| Vanger | 4:e505054279ed | 656 | #endif |
| Vanger | 4:e505054279ed | 657 | |
| Vanger | 4:e505054279ed | 658 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 659 | if (tls && haveNTRU && haveRSA) { |
| Vanger | 4:e505054279ed | 660 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 661 | suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 662 | } |
| Vanger | 4:e505054279ed | 663 | #endif |
| Vanger | 4:e505054279ed | 664 | |
| Vanger | 4:e505054279ed | 665 | #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 666 | if (tls && haveNTRU && haveRSA) { |
| Vanger | 4:e505054279ed | 667 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 668 | suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA; |
| Vanger | 4:e505054279ed | 669 | } |
| Vanger | 4:e505054279ed | 670 | #endif |
| Vanger | 4:e505054279ed | 671 | |
| Vanger | 4:e505054279ed | 672 | #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 673 | if (tls && haveNTRU && haveRSA) { |
| Vanger | 4:e505054279ed | 674 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 675 | suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA; |
| Vanger | 4:e505054279ed | 676 | } |
| Vanger | 4:e505054279ed | 677 | #endif |
| Vanger | 4:e505054279ed | 678 | |
| Vanger | 4:e505054279ed | 679 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 680 | if (tls1_2 && haveRSAsig) { |
| Vanger | 4:e505054279ed | 681 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 682 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256; |
| Vanger | 4:e505054279ed | 683 | } |
| Vanger | 4:e505054279ed | 684 | #endif |
| Vanger | 4:e505054279ed | 685 | |
| Vanger | 4:e505054279ed | 686 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 687 | if (tls1_2 && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 688 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 689 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256; |
| Vanger | 4:e505054279ed | 690 | } |
| Vanger | 4:e505054279ed | 691 | #endif |
| Vanger | 4:e505054279ed | 692 | |
| Vanger | 4:e505054279ed | 693 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 694 | if (tls1_2 && haveRSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 695 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 696 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256; |
| Vanger | 4:e505054279ed | 697 | } |
| Vanger | 4:e505054279ed | 698 | #endif |
| Vanger | 4:e505054279ed | 699 | |
| Vanger | 4:e505054279ed | 700 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 701 | if (tls1_2 && haveECDSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 702 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 703 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256; |
| Vanger | 4:e505054279ed | 704 | } |
| Vanger | 4:e505054279ed | 705 | #endif |
| Vanger | 4:e505054279ed | 706 | |
| Vanger | 4:e505054279ed | 707 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 708 | if (tls1_2 && haveRSAsig) { |
| Vanger | 4:e505054279ed | 709 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 710 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384; |
| Vanger | 4:e505054279ed | 711 | } |
| Vanger | 4:e505054279ed | 712 | #endif |
| Vanger | 4:e505054279ed | 713 | |
| Vanger | 4:e505054279ed | 714 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 715 | if (tls1_2 && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 716 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 717 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384; |
| Vanger | 4:e505054279ed | 718 | } |
| Vanger | 4:e505054279ed | 719 | #endif |
| Vanger | 4:e505054279ed | 720 | |
| Vanger | 4:e505054279ed | 721 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 722 | if (tls1_2 && haveRSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 723 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 724 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384; |
| Vanger | 4:e505054279ed | 725 | } |
| Vanger | 4:e505054279ed | 726 | #endif |
| Vanger | 4:e505054279ed | 727 | |
| Vanger | 4:e505054279ed | 728 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 729 | if (tls1_2 && haveECDSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 730 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 731 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384; |
| Vanger | 4:e505054279ed | 732 | } |
| Vanger | 4:e505054279ed | 733 | #endif |
| Vanger | 4:e505054279ed | 734 | |
| Vanger | 4:e505054279ed | 735 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 736 | if (tls1_2 && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 737 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 738 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384; |
| Vanger | 4:e505054279ed | 739 | } |
| Vanger | 4:e505054279ed | 740 | #endif |
| Vanger | 4:e505054279ed | 741 | |
| Vanger | 4:e505054279ed | 742 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 743 | if (tls && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 744 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 745 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 746 | } |
| Vanger | 4:e505054279ed | 747 | #endif |
| Vanger | 4:e505054279ed | 748 | |
| Vanger | 4:e505054279ed | 749 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 750 | if (tls1_2 && haveECDSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 751 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 752 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384; |
| Vanger | 4:e505054279ed | 753 | } |
| Vanger | 4:e505054279ed | 754 | #endif |
| Vanger | 4:e505054279ed | 755 | |
| Vanger | 4:e505054279ed | 756 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 757 | if (tls && haveECDSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 758 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 759 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 760 | } |
| Vanger | 4:e505054279ed | 761 | #endif |
| Vanger | 4:e505054279ed | 762 | |
| Vanger | 4:e505054279ed | 763 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 764 | if (tls1_2 && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 765 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 766 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256; |
| Vanger | 4:e505054279ed | 767 | } |
| Vanger | 4:e505054279ed | 768 | #endif |
| Vanger | 4:e505054279ed | 769 | |
| Vanger | 4:e505054279ed | 770 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 771 | if (tls && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 772 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 773 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 774 | } |
| Vanger | 4:e505054279ed | 775 | #endif |
| Vanger | 4:e505054279ed | 776 | |
| Vanger | 4:e505054279ed | 777 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 778 | if (tls1_2 && haveECDSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 779 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 780 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256; |
| Vanger | 4:e505054279ed | 781 | } |
| Vanger | 4:e505054279ed | 782 | #endif |
| Vanger | 4:e505054279ed | 783 | |
| Vanger | 4:e505054279ed | 784 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 785 | if (tls && haveECDSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 786 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 787 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 788 | } |
| Vanger | 4:e505054279ed | 789 | #endif |
| Vanger | 4:e505054279ed | 790 | |
| Vanger | 4:e505054279ed | 791 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 792 | if (tls && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 793 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 794 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA; |
| Vanger | 4:e505054279ed | 795 | } |
| Vanger | 4:e505054279ed | 796 | #endif |
| Vanger | 4:e505054279ed | 797 | |
| Vanger | 4:e505054279ed | 798 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 799 | if (tls && haveECDSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 800 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 801 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA; |
| Vanger | 4:e505054279ed | 802 | } |
| Vanger | 4:e505054279ed | 803 | #endif |
| Vanger | 4:e505054279ed | 804 | |
| Vanger | 4:e505054279ed | 805 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 806 | if (tls && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 807 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 808 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA; |
| Vanger | 4:e505054279ed | 809 | } |
| Vanger | 4:e505054279ed | 810 | #endif |
| Vanger | 4:e505054279ed | 811 | |
| Vanger | 4:e505054279ed | 812 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 813 | if (tls && haveECDSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 814 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 815 | suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA; |
| Vanger | 4:e505054279ed | 816 | } |
| Vanger | 4:e505054279ed | 817 | #endif |
| Vanger | 4:e505054279ed | 818 | |
| Vanger | 4:e505054279ed | 819 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 820 | if (tls1_2 && haveRSA) { |
| Vanger | 4:e505054279ed | 821 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 822 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384; |
| Vanger | 4:e505054279ed | 823 | } |
| Vanger | 4:e505054279ed | 824 | #endif |
| Vanger | 4:e505054279ed | 825 | |
| Vanger | 4:e505054279ed | 826 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 827 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 828 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 829 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 830 | } |
| Vanger | 4:e505054279ed | 831 | #endif |
| Vanger | 4:e505054279ed | 832 | |
| Vanger | 4:e505054279ed | 833 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 834 | if (tls1_2 && haveRSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 835 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 836 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384; |
| Vanger | 4:e505054279ed | 837 | } |
| Vanger | 4:e505054279ed | 838 | #endif |
| Vanger | 4:e505054279ed | 839 | |
| Vanger | 4:e505054279ed | 840 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 841 | if (tls && haveRSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 842 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 843 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 844 | } |
| Vanger | 4:e505054279ed | 845 | #endif |
| Vanger | 4:e505054279ed | 846 | |
| Vanger | 4:e505054279ed | 847 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 848 | if (tls1_2 && haveRSA) { |
| Vanger | 4:e505054279ed | 849 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 850 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256; |
| Vanger | 4:e505054279ed | 851 | } |
| Vanger | 4:e505054279ed | 852 | #endif |
| Vanger | 4:e505054279ed | 853 | |
| Vanger | 4:e505054279ed | 854 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 855 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 856 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 857 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 858 | } |
| Vanger | 4:e505054279ed | 859 | #endif |
| Vanger | 4:e505054279ed | 860 | |
| Vanger | 4:e505054279ed | 861 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 862 | if (tls1_2 && haveRSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 863 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 864 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256; |
| Vanger | 4:e505054279ed | 865 | } |
| Vanger | 4:e505054279ed | 866 | #endif |
| Vanger | 4:e505054279ed | 867 | |
| Vanger | 4:e505054279ed | 868 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 869 | if (tls && haveRSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 870 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 871 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 872 | } |
| Vanger | 4:e505054279ed | 873 | #endif |
| Vanger | 4:e505054279ed | 874 | |
| Vanger | 4:e505054279ed | 875 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 876 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 877 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 878 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA; |
| Vanger | 4:e505054279ed | 879 | } |
| Vanger | 4:e505054279ed | 880 | #endif |
| Vanger | 4:e505054279ed | 881 | |
| Vanger | 4:e505054279ed | 882 | #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 883 | if (tls && haveRSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 884 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 885 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA; |
| Vanger | 4:e505054279ed | 886 | } |
| Vanger | 4:e505054279ed | 887 | #endif |
| Vanger | 4:e505054279ed | 888 | |
| Vanger | 4:e505054279ed | 889 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 890 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 891 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 892 | suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA; |
| Vanger | 4:e505054279ed | 893 | } |
| Vanger | 4:e505054279ed | 894 | #endif |
| Vanger | 4:e505054279ed | 895 | |
| Vanger | 4:e505054279ed | 896 | #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 897 | if (tls && haveRSAsig && haveStaticECC) { |
| Vanger | 4:e505054279ed | 898 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 899 | suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA; |
| Vanger | 4:e505054279ed | 900 | } |
| Vanger | 4:e505054279ed | 901 | #endif |
| Vanger | 4:e505054279ed | 902 | |
| Vanger | 4:e505054279ed | 903 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 904 | if (tls1_2 && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 905 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 906 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384; |
| Vanger | 4:e505054279ed | 907 | } |
| Vanger | 4:e505054279ed | 908 | #endif |
| Vanger | 4:e505054279ed | 909 | |
| Vanger | 4:e505054279ed | 910 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 |
| Vanger | 4:e505054279ed | 911 | if (tls1_2 && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 912 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 913 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8; |
| Vanger | 4:e505054279ed | 914 | } |
| Vanger | 4:e505054279ed | 915 | #endif |
| Vanger | 4:e505054279ed | 916 | |
| Vanger | 4:e505054279ed | 917 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 |
| Vanger | 4:e505054279ed | 918 | if (tls1_2 && haveECDSAsig) { |
| Vanger | 4:e505054279ed | 919 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 920 | suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8; |
| Vanger | 4:e505054279ed | 921 | } |
| Vanger | 4:e505054279ed | 922 | #endif |
| Vanger | 4:e505054279ed | 923 | |
| Vanger | 4:e505054279ed | 924 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 |
| Vanger | 4:e505054279ed | 925 | if (tls1_2 && haveRSA) { |
| Vanger | 4:e505054279ed | 926 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 927 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8; |
| Vanger | 4:e505054279ed | 928 | } |
| Vanger | 4:e505054279ed | 929 | #endif |
| Vanger | 4:e505054279ed | 930 | |
| Vanger | 4:e505054279ed | 931 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 |
| Vanger | 4:e505054279ed | 932 | if (tls1_2 && haveRSA) { |
| Vanger | 4:e505054279ed | 933 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 934 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8; |
| Vanger | 4:e505054279ed | 935 | } |
| Vanger | 4:e505054279ed | 936 | #endif |
| Vanger | 4:e505054279ed | 937 | |
| Vanger | 4:e505054279ed | 938 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 939 | if (tls1_2 && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 940 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 941 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256; |
| Vanger | 4:e505054279ed | 942 | } |
| Vanger | 4:e505054279ed | 943 | #endif |
| Vanger | 4:e505054279ed | 944 | |
| Vanger | 4:e505054279ed | 945 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 946 | if (tls1_2 && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 947 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 948 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256; |
| Vanger | 4:e505054279ed | 949 | } |
| Vanger | 4:e505054279ed | 950 | #endif |
| Vanger | 4:e505054279ed | 951 | |
| Vanger | 4:e505054279ed | 952 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 953 | if (tls1_2 && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 954 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 955 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256; |
| Vanger | 4:e505054279ed | 956 | } |
| Vanger | 4:e505054279ed | 957 | #endif |
| Vanger | 4:e505054279ed | 958 | |
| Vanger | 4:e505054279ed | 959 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 960 | if (tls && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 961 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 962 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 963 | } |
| Vanger | 4:e505054279ed | 964 | #endif |
| Vanger | 4:e505054279ed | 965 | |
| Vanger | 4:e505054279ed | 966 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 967 | if (tls && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 968 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 969 | suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 970 | } |
| Vanger | 4:e505054279ed | 971 | #endif |
| Vanger | 4:e505054279ed | 972 | |
| Vanger | 4:e505054279ed | 973 | #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 974 | if (tls1_2 && haveRSA) { |
| Vanger | 4:e505054279ed | 975 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 976 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384; |
| Vanger | 4:e505054279ed | 977 | } |
| Vanger | 4:e505054279ed | 978 | #endif |
| Vanger | 4:e505054279ed | 979 | |
| Vanger | 4:e505054279ed | 980 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 981 | if (tls1_2 && haveRSA) { |
| Vanger | 4:e505054279ed | 982 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 983 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256; |
| Vanger | 4:e505054279ed | 984 | } |
| Vanger | 4:e505054279ed | 985 | #endif |
| Vanger | 4:e505054279ed | 986 | |
| Vanger | 4:e505054279ed | 987 | #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 988 | if (tls1_2 && haveRSA) { |
| Vanger | 4:e505054279ed | 989 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 990 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256; |
| Vanger | 4:e505054279ed | 991 | } |
| Vanger | 4:e505054279ed | 992 | #endif |
| Vanger | 4:e505054279ed | 993 | |
| Vanger | 4:e505054279ed | 994 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 995 | if (tls1_2 && haveRSA) { |
| Vanger | 4:e505054279ed | 996 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 997 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256; |
| Vanger | 4:e505054279ed | 998 | } |
| Vanger | 4:e505054279ed | 999 | #endif |
| Vanger | 4:e505054279ed | 1000 | |
| Vanger | 4:e505054279ed | 1001 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 1002 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1003 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1004 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 1005 | } |
| Vanger | 4:e505054279ed | 1006 | #endif |
| Vanger | 4:e505054279ed | 1007 | |
| Vanger | 4:e505054279ed | 1008 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 1009 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1010 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1011 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 1012 | } |
| Vanger | 4:e505054279ed | 1013 | #endif |
| Vanger | 4:e505054279ed | 1014 | |
| Vanger | 4:e505054279ed | 1015 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA |
| Vanger | 4:e505054279ed | 1016 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1017 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1018 | suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA; |
| Vanger | 4:e505054279ed | 1019 | } |
| Vanger | 4:e505054279ed | 1020 | #endif |
| Vanger | 4:e505054279ed | 1021 | |
| Vanger | 4:e505054279ed | 1022 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 |
| Vanger | 4:e505054279ed | 1023 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1024 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1025 | suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256; |
| Vanger | 4:e505054279ed | 1026 | } |
| Vanger | 4:e505054279ed | 1027 | #endif |
| Vanger | 4:e505054279ed | 1028 | |
| Vanger | 4:e505054279ed | 1029 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 1030 | if (tls && havePSK) { |
| Vanger | 4:e505054279ed | 1031 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1032 | suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 1033 | } |
| Vanger | 4:e505054279ed | 1034 | #endif |
| Vanger | 4:e505054279ed | 1035 | |
| Vanger | 4:e505054279ed | 1036 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 1037 | if (tls && havePSK) { |
| Vanger | 4:e505054279ed | 1038 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1039 | suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256; |
| Vanger | 4:e505054279ed | 1040 | } |
| Vanger | 4:e505054279ed | 1041 | #endif |
| Vanger | 4:e505054279ed | 1042 | |
| Vanger | 4:e505054279ed | 1043 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 1044 | if (tls && havePSK) { |
| Vanger | 4:e505054279ed | 1045 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1046 | suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 1047 | } |
| Vanger | 4:e505054279ed | 1048 | #endif |
| Vanger | 4:e505054279ed | 1049 | |
| Vanger | 4:e505054279ed | 1050 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 |
| Vanger | 4:e505054279ed | 1051 | if (tls && havePSK) { |
| Vanger | 4:e505054279ed | 1052 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 1053 | suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8; |
| Vanger | 4:e505054279ed | 1054 | } |
| Vanger | 4:e505054279ed | 1055 | #endif |
| Vanger | 4:e505054279ed | 1056 | |
| Vanger | 4:e505054279ed | 1057 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 |
| Vanger | 4:e505054279ed | 1058 | if (tls && havePSK) { |
| Vanger | 4:e505054279ed | 1059 | suites->suites[idx++] = ECC_BYTE; |
| Vanger | 4:e505054279ed | 1060 | suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8; |
| Vanger | 4:e505054279ed | 1061 | } |
| Vanger | 4:e505054279ed | 1062 | #endif |
| Vanger | 4:e505054279ed | 1063 | |
| Vanger | 4:e505054279ed | 1064 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 |
| Vanger | 4:e505054279ed | 1065 | if (tls && havePSK) { |
| Vanger | 4:e505054279ed | 1066 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1067 | suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256; |
| Vanger | 4:e505054279ed | 1068 | } |
| Vanger | 4:e505054279ed | 1069 | #endif |
| Vanger | 4:e505054279ed | 1070 | |
| Vanger | 4:e505054279ed | 1071 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA |
| Vanger | 4:e505054279ed | 1072 | if (tls && havePSK) { |
| Vanger | 4:e505054279ed | 1073 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1074 | suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA; |
| Vanger | 4:e505054279ed | 1075 | } |
| Vanger | 4:e505054279ed | 1076 | #endif |
| Vanger | 4:e505054279ed | 1077 | |
| Vanger | 4:e505054279ed | 1078 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 1079 | if (haveRSA ) { |
| Vanger | 4:e505054279ed | 1080 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1081 | suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA; |
| Vanger | 4:e505054279ed | 1082 | } |
| Vanger | 4:e505054279ed | 1083 | #endif |
| Vanger | 4:e505054279ed | 1084 | |
| Vanger | 4:e505054279ed | 1085 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 |
| Vanger | 4:e505054279ed | 1086 | if (haveRSA ) { |
| Vanger | 4:e505054279ed | 1087 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1088 | suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5; |
| Vanger | 4:e505054279ed | 1089 | } |
| Vanger | 4:e505054279ed | 1090 | #endif |
| Vanger | 4:e505054279ed | 1091 | |
| Vanger | 4:e505054279ed | 1092 | #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 1093 | if (haveRSA ) { |
| Vanger | 4:e505054279ed | 1094 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1095 | suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA; |
| Vanger | 4:e505054279ed | 1096 | } |
| Vanger | 4:e505054279ed | 1097 | #endif |
| Vanger | 4:e505054279ed | 1098 | |
| Vanger | 4:e505054279ed | 1099 | #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 |
| Vanger | 4:e505054279ed | 1100 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1101 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1102 | suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5; |
| Vanger | 4:e505054279ed | 1103 | } |
| Vanger | 4:e505054279ed | 1104 | #endif |
| Vanger | 4:e505054279ed | 1105 | |
| Vanger | 4:e505054279ed | 1106 | #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA |
| Vanger | 4:e505054279ed | 1107 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1108 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1109 | suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA; |
| Vanger | 4:e505054279ed | 1110 | } |
| Vanger | 4:e505054279ed | 1111 | #endif |
| Vanger | 4:e505054279ed | 1112 | |
| Vanger | 4:e505054279ed | 1113 | #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 |
| Vanger | 4:e505054279ed | 1114 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1115 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1116 | suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256; |
| Vanger | 4:e505054279ed | 1117 | } |
| Vanger | 4:e505054279ed | 1118 | #endif |
| Vanger | 4:e505054279ed | 1119 | |
| Vanger | 4:e505054279ed | 1120 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 |
| Vanger | 4:e505054279ed | 1121 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1122 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1123 | suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256; |
| Vanger | 4:e505054279ed | 1124 | } |
| Vanger | 4:e505054279ed | 1125 | #endif |
| Vanger | 4:e505054279ed | 1126 | |
| Vanger | 4:e505054279ed | 1127 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 |
| Vanger | 4:e505054279ed | 1128 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1129 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1130 | suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256; |
| Vanger | 4:e505054279ed | 1131 | } |
| Vanger | 4:e505054279ed | 1132 | #endif |
| Vanger | 4:e505054279ed | 1133 | |
| Vanger | 4:e505054279ed | 1134 | #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA |
| Vanger | 4:e505054279ed | 1135 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1136 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1137 | suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA; |
| Vanger | 4:e505054279ed | 1138 | } |
| Vanger | 4:e505054279ed | 1139 | #endif |
| Vanger | 4:e505054279ed | 1140 | |
| Vanger | 4:e505054279ed | 1141 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
| Vanger | 4:e505054279ed | 1142 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1143 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1144 | suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 1145 | } |
| Vanger | 4:e505054279ed | 1146 | #endif |
| Vanger | 4:e505054279ed | 1147 | |
| Vanger | 4:e505054279ed | 1148 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
| Vanger | 4:e505054279ed | 1149 | if (tls && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 1150 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1151 | suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA; |
| Vanger | 4:e505054279ed | 1152 | } |
| Vanger | 4:e505054279ed | 1153 | #endif |
| Vanger | 4:e505054279ed | 1154 | |
| Vanger | 4:e505054279ed | 1155 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
| Vanger | 4:e505054279ed | 1156 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1157 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1158 | suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 1159 | } |
| Vanger | 4:e505054279ed | 1160 | #endif |
| Vanger | 4:e505054279ed | 1161 | |
| Vanger | 4:e505054279ed | 1162 | #ifdef BUILD_TLS_DHE_WITH_RSA_CAMELLIA_256_CBC_SHA |
| Vanger | 4:e505054279ed | 1163 | if (tls && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 1164 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1165 | suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA; |
| Vanger | 4:e505054279ed | 1166 | } |
| Vanger | 4:e505054279ed | 1167 | #endif |
| Vanger | 4:e505054279ed | 1168 | |
| Vanger | 4:e505054279ed | 1169 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 1170 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1171 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1172 | suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256; |
| Vanger | 4:e505054279ed | 1173 | } |
| Vanger | 4:e505054279ed | 1174 | #endif |
| Vanger | 4:e505054279ed | 1175 | |
| Vanger | 4:e505054279ed | 1176 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 1177 | if (tls && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 1178 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1179 | suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256; |
| Vanger | 4:e505054279ed | 1180 | } |
| Vanger | 4:e505054279ed | 1181 | #endif |
| Vanger | 4:e505054279ed | 1182 | |
| Vanger | 4:e505054279ed | 1183 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 1184 | if (tls && haveRSA) { |
| Vanger | 4:e505054279ed | 1185 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1186 | suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256; |
| Vanger | 4:e505054279ed | 1187 | } |
| Vanger | 4:e505054279ed | 1188 | #endif |
| Vanger | 4:e505054279ed | 1189 | |
| Vanger | 4:e505054279ed | 1190 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 1191 | if (tls && haveDH && haveRSA) { |
| Vanger | 4:e505054279ed | 1192 | suites->suites[idx++] = 0; |
| Vanger | 4:e505054279ed | 1193 | suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256; |
| Vanger | 4:e505054279ed | 1194 | } |
| Vanger | 4:e505054279ed | 1195 | #endif |
| Vanger | 4:e505054279ed | 1196 | |
| Vanger | 4:e505054279ed | 1197 | suites->suiteSz = idx; |
| Vanger | 4:e505054279ed | 1198 | |
| Vanger | 4:e505054279ed | 1199 | { |
| Vanger | 4:e505054279ed | 1200 | idx = 0; |
| Vanger | 4:e505054279ed | 1201 | |
| Vanger | 4:e505054279ed | 1202 | if (haveECDSAsig) { |
| Vanger | 4:e505054279ed | 1203 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 1204 | suites->hashSigAlgo[idx++] = sha384_mac; |
| Vanger | 4:e505054279ed | 1205 | suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; |
| Vanger | 4:e505054279ed | 1206 | #endif |
| Vanger | 4:e505054279ed | 1207 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 1208 | suites->hashSigAlgo[idx++] = sha256_mac; |
| Vanger | 4:e505054279ed | 1209 | suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; |
| Vanger | 4:e505054279ed | 1210 | #endif |
| Vanger | 4:e505054279ed | 1211 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 1212 | suites->hashSigAlgo[idx++] = sha_mac; |
| Vanger | 4:e505054279ed | 1213 | suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; |
| Vanger | 4:e505054279ed | 1214 | #endif |
| Vanger | 4:e505054279ed | 1215 | } |
| Vanger | 4:e505054279ed | 1216 | |
| Vanger | 4:e505054279ed | 1217 | if (haveRSAsig) { |
| Vanger | 4:e505054279ed | 1218 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 1219 | suites->hashSigAlgo[idx++] = sha384_mac; |
| Vanger | 4:e505054279ed | 1220 | suites->hashSigAlgo[idx++] = rsa_sa_algo; |
| Vanger | 4:e505054279ed | 1221 | #endif |
| Vanger | 4:e505054279ed | 1222 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 1223 | suites->hashSigAlgo[idx++] = sha256_mac; |
| Vanger | 4:e505054279ed | 1224 | suites->hashSigAlgo[idx++] = rsa_sa_algo; |
| Vanger | 4:e505054279ed | 1225 | #endif |
| Vanger | 4:e505054279ed | 1226 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 1227 | suites->hashSigAlgo[idx++] = sha_mac; |
| Vanger | 4:e505054279ed | 1228 | suites->hashSigAlgo[idx++] = rsa_sa_algo; |
| Vanger | 4:e505054279ed | 1229 | #endif |
| Vanger | 4:e505054279ed | 1230 | } |
| Vanger | 4:e505054279ed | 1231 | |
| Vanger | 4:e505054279ed | 1232 | suites->hashSigAlgoSz = idx; |
| Vanger | 4:e505054279ed | 1233 | } |
| Vanger | 4:e505054279ed | 1234 | } |
| Vanger | 4:e505054279ed | 1235 | |
| Vanger | 4:e505054279ed | 1236 | |
| Vanger | 4:e505054279ed | 1237 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 1238 | |
| Vanger | 4:e505054279ed | 1239 | |
| Vanger | 4:e505054279ed | 1240 | void InitX509Name(CYASSL_X509_NAME* name, int dynamicFlag) |
| Vanger | 4:e505054279ed | 1241 | { |
| Vanger | 4:e505054279ed | 1242 | (void)dynamicFlag; |
| Vanger | 4:e505054279ed | 1243 | |
| Vanger | 4:e505054279ed | 1244 | if (name != NULL) { |
| Vanger | 4:e505054279ed | 1245 | name->name = name->staticName; |
| Vanger | 4:e505054279ed | 1246 | name->dynamicName = 0; |
| Vanger | 4:e505054279ed | 1247 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 1248 | XMEMSET(&name->fullName, 0, sizeof(DecodedName)); |
| Vanger | 4:e505054279ed | 1249 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 1250 | } |
| Vanger | 4:e505054279ed | 1251 | } |
| Vanger | 4:e505054279ed | 1252 | |
| Vanger | 4:e505054279ed | 1253 | |
| Vanger | 4:e505054279ed | 1254 | void FreeX509Name(CYASSL_X509_NAME* name) |
| Vanger | 4:e505054279ed | 1255 | { |
| Vanger | 4:e505054279ed | 1256 | if (name != NULL) { |
| Vanger | 4:e505054279ed | 1257 | if (name->dynamicName) |
| Vanger | 4:e505054279ed | 1258 | XFREE(name->name, NULL, DYNAMIC_TYPE_SUBJECT_CN); |
| Vanger | 4:e505054279ed | 1259 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 1260 | if (name->fullName.fullName != NULL) |
| Vanger | 4:e505054279ed | 1261 | XFREE(name->fullName.fullName, NULL, DYNAMIC_TYPE_X509); |
| Vanger | 4:e505054279ed | 1262 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 1263 | } |
| Vanger | 4:e505054279ed | 1264 | } |
| Vanger | 4:e505054279ed | 1265 | |
| Vanger | 4:e505054279ed | 1266 | |
| Vanger | 4:e505054279ed | 1267 | /* Initialize CyaSSL X509 type */ |
| Vanger | 4:e505054279ed | 1268 | void InitX509(CYASSL_X509* x509, int dynamicFlag) |
| Vanger | 4:e505054279ed | 1269 | { |
| Vanger | 4:e505054279ed | 1270 | InitX509Name(&x509->issuer, 0); |
| Vanger | 4:e505054279ed | 1271 | InitX509Name(&x509->subject, 0); |
| Vanger | 4:e505054279ed | 1272 | x509->version = 0; |
| Vanger | 4:e505054279ed | 1273 | x509->pubKey.buffer = NULL; |
| Vanger | 4:e505054279ed | 1274 | x509->sig.buffer = NULL; |
| Vanger | 4:e505054279ed | 1275 | x509->derCert.buffer = NULL; |
| Vanger | 4:e505054279ed | 1276 | x509->altNames = NULL; |
| Vanger | 4:e505054279ed | 1277 | x509->altNamesNext = NULL; |
| Vanger | 4:e505054279ed | 1278 | x509->dynamicMemory = (byte)dynamicFlag; |
| Vanger | 4:e505054279ed | 1279 | x509->isCa = 0; |
| Vanger | 4:e505054279ed | 1280 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 1281 | x509->pkCurveOID = 0; |
| Vanger | 4:e505054279ed | 1282 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 1283 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 1284 | x509->pathLength = 0; |
| Vanger | 4:e505054279ed | 1285 | x509->basicConstSet = 0; |
| Vanger | 4:e505054279ed | 1286 | x509->basicConstCrit = 0; |
| Vanger | 4:e505054279ed | 1287 | x509->basicConstPlSet = 0; |
| Vanger | 4:e505054279ed | 1288 | x509->subjAltNameSet = 0; |
| Vanger | 4:e505054279ed | 1289 | x509->subjAltNameCrit = 0; |
| Vanger | 4:e505054279ed | 1290 | x509->authKeyIdSet = 0; |
| Vanger | 4:e505054279ed | 1291 | x509->authKeyIdCrit = 0; |
| Vanger | 4:e505054279ed | 1292 | x509->authKeyId = NULL; |
| Vanger | 4:e505054279ed | 1293 | x509->authKeyIdSz = 0; |
| Vanger | 4:e505054279ed | 1294 | x509->subjKeyIdSet = 0; |
| Vanger | 4:e505054279ed | 1295 | x509->subjKeyIdCrit = 0; |
| Vanger | 4:e505054279ed | 1296 | x509->subjKeyId = NULL; |
| Vanger | 4:e505054279ed | 1297 | x509->subjKeyIdSz = 0; |
| Vanger | 4:e505054279ed | 1298 | x509->keyUsageSet = 0; |
| Vanger | 4:e505054279ed | 1299 | x509->keyUsageCrit = 0; |
| Vanger | 4:e505054279ed | 1300 | x509->keyUsage = 0; |
| Vanger | 4:e505054279ed | 1301 | #ifdef CYASSL_SEP |
| Vanger | 4:e505054279ed | 1302 | x509->certPolicySet = 0; |
| Vanger | 4:e505054279ed | 1303 | x509->certPolicyCrit = 0; |
| Vanger | 4:e505054279ed | 1304 | #endif /* CYASSL_SEP */ |
| Vanger | 4:e505054279ed | 1305 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 1306 | } |
| Vanger | 4:e505054279ed | 1307 | |
| Vanger | 4:e505054279ed | 1308 | |
| Vanger | 4:e505054279ed | 1309 | /* Free CyaSSL X509 type */ |
| Vanger | 4:e505054279ed | 1310 | void FreeX509(CYASSL_X509* x509) |
| Vanger | 4:e505054279ed | 1311 | { |
| Vanger | 4:e505054279ed | 1312 | if (x509 == NULL) |
| Vanger | 4:e505054279ed | 1313 | return; |
| Vanger | 4:e505054279ed | 1314 | |
| Vanger | 4:e505054279ed | 1315 | FreeX509Name(&x509->issuer); |
| Vanger | 4:e505054279ed | 1316 | FreeX509Name(&x509->subject); |
| Vanger | 4:e505054279ed | 1317 | if (x509->pubKey.buffer) |
| Vanger | 4:e505054279ed | 1318 | XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY); |
| Vanger | 4:e505054279ed | 1319 | XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN); |
| Vanger | 4:e505054279ed | 1320 | XFREE(x509->sig.buffer, NULL, DYNAMIC_TYPE_SIGNATURE); |
| Vanger | 4:e505054279ed | 1321 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 1322 | XFREE(x509->authKeyId, NULL, 0); |
| Vanger | 4:e505054279ed | 1323 | XFREE(x509->subjKeyId, NULL, 0); |
| Vanger | 4:e505054279ed | 1324 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 1325 | if (x509->altNames) |
| Vanger | 4:e505054279ed | 1326 | FreeAltNames(x509->altNames, NULL); |
| Vanger | 4:e505054279ed | 1327 | if (x509->dynamicMemory) |
| Vanger | 4:e505054279ed | 1328 | XFREE(x509, NULL, DYNAMIC_TYPE_X509); |
| Vanger | 4:e505054279ed | 1329 | } |
| Vanger | 4:e505054279ed | 1330 | |
| Vanger | 4:e505054279ed | 1331 | #endif /* NO_CERTS */ |
| Vanger | 4:e505054279ed | 1332 | |
| Vanger | 4:e505054279ed | 1333 | |
| Vanger | 4:e505054279ed | 1334 | /* init everything to 0, NULL, default values before calling anything that may |
| Vanger | 4:e505054279ed | 1335 | fail so that desctructor has a "good" state to cleanup */ |
| Vanger | 4:e505054279ed | 1336 | int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) |
| Vanger | 4:e505054279ed | 1337 | { |
| Vanger | 4:e505054279ed | 1338 | int ret; |
| Vanger | 4:e505054279ed | 1339 | byte haveRSA = 0; |
| Vanger | 4:e505054279ed | 1340 | byte havePSK = 0; |
| Vanger | 4:e505054279ed | 1341 | |
| Vanger | 4:e505054279ed | 1342 | ssl->ctx = ctx; /* only for passing to calls, options could change */ |
| Vanger | 4:e505054279ed | 1343 | ssl->version = ctx->method->version; |
| Vanger | 4:e505054279ed | 1344 | ssl->suites = NULL; |
| Vanger | 4:e505054279ed | 1345 | |
| Vanger | 4:e505054279ed | 1346 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 1347 | ssl->didStreamInit = 0; |
| Vanger | 4:e505054279ed | 1348 | #endif |
| Vanger | 4:e505054279ed | 1349 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 1350 | haveRSA = 1; |
| Vanger | 4:e505054279ed | 1351 | #endif |
| Vanger | 4:e505054279ed | 1352 | |
| Vanger | 4:e505054279ed | 1353 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 1354 | ssl->buffers.certificate.buffer = 0; |
| Vanger | 4:e505054279ed | 1355 | ssl->buffers.key.buffer = 0; |
| Vanger | 4:e505054279ed | 1356 | ssl->buffers.certChain.buffer = 0; |
| Vanger | 4:e505054279ed | 1357 | #endif |
| Vanger | 4:e505054279ed | 1358 | ssl->buffers.inputBuffer.length = 0; |
| Vanger | 4:e505054279ed | 1359 | ssl->buffers.inputBuffer.idx = 0; |
| Vanger | 4:e505054279ed | 1360 | ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; |
| Vanger | 4:e505054279ed | 1361 | ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN; |
| Vanger | 4:e505054279ed | 1362 | ssl->buffers.inputBuffer.dynamicFlag = 0; |
| Vanger | 4:e505054279ed | 1363 | ssl->buffers.inputBuffer.offset = 0; |
| Vanger | 4:e505054279ed | 1364 | ssl->buffers.outputBuffer.length = 0; |
| Vanger | 4:e505054279ed | 1365 | ssl->buffers.outputBuffer.idx = 0; |
| Vanger | 4:e505054279ed | 1366 | ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; |
| Vanger | 4:e505054279ed | 1367 | ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; |
| Vanger | 4:e505054279ed | 1368 | ssl->buffers.outputBuffer.dynamicFlag = 0; |
| Vanger | 4:e505054279ed | 1369 | ssl->buffers.outputBuffer.offset = 0; |
| Vanger | 4:e505054279ed | 1370 | ssl->buffers.domainName.buffer = 0; |
| Vanger | 4:e505054279ed | 1371 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 1372 | ssl->buffers.serverDH_P.buffer = 0; |
| Vanger | 4:e505054279ed | 1373 | ssl->buffers.serverDH_G.buffer = 0; |
| Vanger | 4:e505054279ed | 1374 | ssl->buffers.serverDH_Pub.buffer = 0; |
| Vanger | 4:e505054279ed | 1375 | ssl->buffers.serverDH_Priv.buffer = 0; |
| Vanger | 4:e505054279ed | 1376 | #endif |
| Vanger | 4:e505054279ed | 1377 | ssl->buffers.clearOutputBuffer.buffer = 0; |
| Vanger | 4:e505054279ed | 1378 | ssl->buffers.clearOutputBuffer.length = 0; |
| Vanger | 4:e505054279ed | 1379 | ssl->buffers.prevSent = 0; |
| Vanger | 4:e505054279ed | 1380 | ssl->buffers.plainSz = 0; |
| Vanger | 4:e505054279ed | 1381 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 1382 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 1383 | ssl->buffers.peerEccDsaKey.buffer = 0; |
| Vanger | 4:e505054279ed | 1384 | ssl->buffers.peerEccDsaKey.length = 0; |
| Vanger | 4:e505054279ed | 1385 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 1386 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 1387 | ssl->buffers.peerRsaKey.buffer = 0; |
| Vanger | 4:e505054279ed | 1388 | ssl->buffers.peerRsaKey.length = 0; |
| Vanger | 4:e505054279ed | 1389 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 1390 | #endif /* HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 1391 | |
| Vanger | 4:e505054279ed | 1392 | #ifdef KEEP_PEER_CERT |
| Vanger | 4:e505054279ed | 1393 | InitX509(&ssl->peerCert, 0); |
| Vanger | 4:e505054279ed | 1394 | #endif |
| Vanger | 4:e505054279ed | 1395 | |
| Vanger | 4:e505054279ed | 1396 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 1397 | ssl->eccTempKeySz = ctx->eccTempKeySz; |
| Vanger | 4:e505054279ed | 1398 | ssl->pkCurveOID = ctx->pkCurveOID; |
| Vanger | 4:e505054279ed | 1399 | ssl->peerEccKeyPresent = 0; |
| Vanger | 4:e505054279ed | 1400 | ssl->peerEccDsaKeyPresent = 0; |
| Vanger | 4:e505054279ed | 1401 | ssl->eccDsaKeyPresent = 0; |
| Vanger | 4:e505054279ed | 1402 | ssl->eccTempKeyPresent = 0; |
| Vanger | 4:e505054279ed | 1403 | ssl->peerEccKey = NULL; |
| Vanger | 4:e505054279ed | 1404 | ssl->peerEccDsaKey = NULL; |
| Vanger | 4:e505054279ed | 1405 | ssl->eccDsaKey = NULL; |
| Vanger | 4:e505054279ed | 1406 | ssl->eccTempKey = NULL; |
| Vanger | 4:e505054279ed | 1407 | #endif |
| Vanger | 4:e505054279ed | 1408 | |
| Vanger | 4:e505054279ed | 1409 | ssl->timeout = ctx->timeout; |
| Vanger | 4:e505054279ed | 1410 | ssl->rfd = -1; /* set to invalid descriptor */ |
| Vanger | 4:e505054279ed | 1411 | ssl->wfd = -1; |
| Vanger | 4:e505054279ed | 1412 | ssl->rflags = 0; /* no user flags yet */ |
| Vanger | 4:e505054279ed | 1413 | ssl->wflags = 0; /* no user flags yet */ |
| Vanger | 4:e505054279ed | 1414 | ssl->biord = 0; |
| Vanger | 4:e505054279ed | 1415 | ssl->biowr = 0; |
| Vanger | 4:e505054279ed | 1416 | |
| Vanger | 4:e505054279ed | 1417 | ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */ |
| Vanger | 4:e505054279ed | 1418 | ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */ |
| Vanger | 4:e505054279ed | 1419 | #ifdef HAVE_NETX |
| Vanger | 4:e505054279ed | 1420 | ssl->nxCtx.nxSocket = NULL; |
| Vanger | 4:e505054279ed | 1421 | ssl->nxCtx.nxPacket = NULL; |
| Vanger | 4:e505054279ed | 1422 | ssl->nxCtx.nxOffset = 0; |
| Vanger | 4:e505054279ed | 1423 | ssl->nxCtx.nxWait = 0; |
| Vanger | 4:e505054279ed | 1424 | ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */ |
| Vanger | 4:e505054279ed | 1425 | ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */ |
| Vanger | 4:e505054279ed | 1426 | #endif |
| Vanger | 4:e505054279ed | 1427 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 1428 | ssl->IOCB_CookieCtx = NULL; /* we don't use for default cb */ |
| Vanger | 4:e505054279ed | 1429 | ssl->dtls_expected_rx = MAX_MTU; |
| Vanger | 4:e505054279ed | 1430 | ssl->keys.dtls_state.window = 0; |
| Vanger | 4:e505054279ed | 1431 | ssl->keys.dtls_state.nextEpoch = 0; |
| Vanger | 4:e505054279ed | 1432 | ssl->keys.dtls_state.nextSeq = 0; |
| Vanger | 4:e505054279ed | 1433 | #endif |
| Vanger | 4:e505054279ed | 1434 | |
| Vanger | 4:e505054279ed | 1435 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 1436 | #ifndef NO_MD5 |
| Vanger | 4:e505054279ed | 1437 | InitMd5(&ssl->hashMd5); |
| Vanger | 4:e505054279ed | 1438 | #endif |
| Vanger | 4:e505054279ed | 1439 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 1440 | ret = InitSha(&ssl->hashSha); |
| Vanger | 4:e505054279ed | 1441 | if (ret != 0) { |
| Vanger | 4:e505054279ed | 1442 | return ret; |
| Vanger | 4:e505054279ed | 1443 | } |
| Vanger | 4:e505054279ed | 1444 | #endif |
| Vanger | 4:e505054279ed | 1445 | #endif |
| Vanger | 4:e505054279ed | 1446 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 1447 | ret = InitSha256(&ssl->hashSha256); |
| Vanger | 4:e505054279ed | 1448 | if (ret != 0) { |
| Vanger | 4:e505054279ed | 1449 | return ret; |
| Vanger | 4:e505054279ed | 1450 | } |
| Vanger | 4:e505054279ed | 1451 | #endif |
| Vanger | 4:e505054279ed | 1452 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 1453 | ret = InitSha384(&ssl->hashSha384); |
| Vanger | 4:e505054279ed | 1454 | if (ret != 0) { |
| Vanger | 4:e505054279ed | 1455 | return ret; |
| Vanger | 4:e505054279ed | 1456 | } |
| Vanger | 4:e505054279ed | 1457 | #endif |
| Vanger | 4:e505054279ed | 1458 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 1459 | ssl->peerRsaKey = NULL; |
| Vanger | 4:e505054279ed | 1460 | ssl->peerRsaKeyPresent = 0; |
| Vanger | 4:e505054279ed | 1461 | #endif |
| Vanger | 4:e505054279ed | 1462 | ssl->verifyCallback = ctx->verifyCallback; |
| Vanger | 4:e505054279ed | 1463 | ssl->verifyCbCtx = NULL; |
| Vanger | 4:e505054279ed | 1464 | ssl->options.side = ctx->method->side; |
| Vanger | 4:e505054279ed | 1465 | ssl->options.downgrade = ctx->method->downgrade; |
| Vanger | 4:e505054279ed | 1466 | ssl->error = 0; |
| Vanger | 4:e505054279ed | 1467 | ssl->options.connReset = 0; |
| Vanger | 4:e505054279ed | 1468 | ssl->options.isClosed = 0; |
| Vanger | 4:e505054279ed | 1469 | ssl->options.closeNotify = 0; |
| Vanger | 4:e505054279ed | 1470 | ssl->options.sentNotify = 0; |
| Vanger | 4:e505054279ed | 1471 | ssl->options.usingCompression = 0; |
| Vanger | 4:e505054279ed | 1472 | if (ssl->options.side == CYASSL_SERVER_END) |
| Vanger | 4:e505054279ed | 1473 | ssl->options.haveDH = ctx->haveDH; |
| Vanger | 4:e505054279ed | 1474 | else |
| Vanger | 4:e505054279ed | 1475 | ssl->options.haveDH = 0; |
| Vanger | 4:e505054279ed | 1476 | ssl->options.haveNTRU = ctx->haveNTRU; |
| Vanger | 4:e505054279ed | 1477 | ssl->options.haveECDSAsig = ctx->haveECDSAsig; |
| Vanger | 4:e505054279ed | 1478 | ssl->options.haveStaticECC = ctx->haveStaticECC; |
| Vanger | 4:e505054279ed | 1479 | ssl->options.havePeerCert = 0; |
| Vanger | 4:e505054279ed | 1480 | ssl->options.havePeerVerify = 0; |
| Vanger | 4:e505054279ed | 1481 | ssl->options.usingPSK_cipher = 0; |
| Vanger | 4:e505054279ed | 1482 | ssl->options.sendAlertState = 0; |
| Vanger | 4:e505054279ed | 1483 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 1484 | havePSK = ctx->havePSK; |
| Vanger | 4:e505054279ed | 1485 | ssl->options.havePSK = ctx->havePSK; |
| Vanger | 4:e505054279ed | 1486 | ssl->options.client_psk_cb = ctx->client_psk_cb; |
| Vanger | 4:e505054279ed | 1487 | ssl->options.server_psk_cb = ctx->server_psk_cb; |
| Vanger | 4:e505054279ed | 1488 | #endif /* NO_PSK */ |
| Vanger | 4:e505054279ed | 1489 | |
| Vanger | 4:e505054279ed | 1490 | ssl->options.serverState = NULL_STATE; |
| Vanger | 4:e505054279ed | 1491 | ssl->options.clientState = NULL_STATE; |
| Vanger | 4:e505054279ed | 1492 | ssl->options.connectState = CONNECT_BEGIN; |
| Vanger | 4:e505054279ed | 1493 | ssl->options.acceptState = ACCEPT_BEGIN; |
| Vanger | 4:e505054279ed | 1494 | ssl->options.handShakeState = NULL_STATE; |
| Vanger | 4:e505054279ed | 1495 | ssl->options.processReply = doProcessInit; |
| Vanger | 4:e505054279ed | 1496 | |
| Vanger | 4:e505054279ed | 1497 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 1498 | ssl->keys.dtls_sequence_number = 0; |
| Vanger | 4:e505054279ed | 1499 | ssl->keys.dtls_state.curSeq = 0; |
| Vanger | 4:e505054279ed | 1500 | ssl->keys.dtls_state.nextSeq = 0; |
| Vanger | 4:e505054279ed | 1501 | ssl->keys.dtls_handshake_number = 0; |
| Vanger | 4:e505054279ed | 1502 | ssl->keys.dtls_expected_peer_handshake_number = 0; |
| Vanger | 4:e505054279ed | 1503 | ssl->keys.dtls_epoch = 0; |
| Vanger | 4:e505054279ed | 1504 | ssl->keys.dtls_state.curEpoch = 0; |
| Vanger | 4:e505054279ed | 1505 | ssl->keys.dtls_state.nextEpoch = 0; |
| Vanger | 4:e505054279ed | 1506 | ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT; |
| Vanger | 4:e505054279ed | 1507 | ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX; |
| Vanger | 4:e505054279ed | 1508 | ssl->dtls_timeout = ssl->dtls_timeout_init; |
| Vanger | 4:e505054279ed | 1509 | ssl->dtls_pool = NULL; |
| Vanger | 4:e505054279ed | 1510 | ssl->dtls_msg_list = NULL; |
| Vanger | 4:e505054279ed | 1511 | #endif |
| Vanger | 4:e505054279ed | 1512 | ssl->keys.encryptSz = 0; |
| Vanger | 4:e505054279ed | 1513 | ssl->keys.padSz = 0; |
| Vanger | 4:e505054279ed | 1514 | ssl->keys.encryptionOn = 0; /* initially off */ |
| Vanger | 4:e505054279ed | 1515 | ssl->keys.decryptedCur = 0; /* initially off */ |
| Vanger | 4:e505054279ed | 1516 | ssl->options.sessionCacheOff = ctx->sessionCacheOff; |
| Vanger | 4:e505054279ed | 1517 | ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff; |
| Vanger | 4:e505054279ed | 1518 | |
| Vanger | 4:e505054279ed | 1519 | ssl->options.verifyPeer = ctx->verifyPeer; |
| Vanger | 4:e505054279ed | 1520 | ssl->options.verifyNone = ctx->verifyNone; |
| Vanger | 4:e505054279ed | 1521 | ssl->options.failNoCert = ctx->failNoCert; |
| Vanger | 4:e505054279ed | 1522 | ssl->options.sendVerify = ctx->sendVerify; |
| Vanger | 4:e505054279ed | 1523 | |
| Vanger | 4:e505054279ed | 1524 | ssl->options.resuming = 0; |
| Vanger | 4:e505054279ed | 1525 | ssl->options.haveSessionId = 0; |
| Vanger | 4:e505054279ed | 1526 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 1527 | ssl->hmac = SSL_hmac; /* default to SSLv3 */ |
| Vanger | 4:e505054279ed | 1528 | #else |
| Vanger | 4:e505054279ed | 1529 | ssl->hmac = TLS_hmac; |
| Vanger | 4:e505054279ed | 1530 | #endif |
| Vanger | 4:e505054279ed | 1531 | ssl->heap = ctx->heap; /* defaults to self */ |
| Vanger | 4:e505054279ed | 1532 | ssl->options.tls = 0; |
| Vanger | 4:e505054279ed | 1533 | ssl->options.tls1_1 = 0; |
| Vanger | 4:e505054279ed | 1534 | ssl->options.dtls = ssl->version.major == DTLS_MAJOR; |
| Vanger | 4:e505054279ed | 1535 | ssl->options.partialWrite = ctx->partialWrite; |
| Vanger | 4:e505054279ed | 1536 | ssl->options.quietShutdown = ctx->quietShutdown; |
| Vanger | 4:e505054279ed | 1537 | ssl->options.certOnly = 0; |
| Vanger | 4:e505054279ed | 1538 | ssl->options.groupMessages = ctx->groupMessages; |
| Vanger | 4:e505054279ed | 1539 | ssl->options.usingNonblock = 0; |
| Vanger | 4:e505054279ed | 1540 | ssl->options.saveArrays = 0; |
| Vanger | 4:e505054279ed | 1541 | |
| Vanger | 4:e505054279ed | 1542 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 1543 | /* ctx still owns certificate, certChain, key, dh, and cm */ |
| Vanger | 4:e505054279ed | 1544 | ssl->buffers.certificate = ctx->certificate; |
| Vanger | 4:e505054279ed | 1545 | ssl->buffers.certChain = ctx->certChain; |
| Vanger | 4:e505054279ed | 1546 | ssl->buffers.key = ctx->privateKey; |
| Vanger | 4:e505054279ed | 1547 | if (ssl->options.side == CYASSL_SERVER_END) { |
| Vanger | 4:e505054279ed | 1548 | ssl->buffers.serverDH_P = ctx->serverDH_P; |
| Vanger | 4:e505054279ed | 1549 | ssl->buffers.serverDH_G = ctx->serverDH_G; |
| Vanger | 4:e505054279ed | 1550 | } |
| Vanger | 4:e505054279ed | 1551 | #endif |
| Vanger | 4:e505054279ed | 1552 | ssl->buffers.weOwnCert = 0; |
| Vanger | 4:e505054279ed | 1553 | ssl->buffers.weOwnKey = 0; |
| Vanger | 4:e505054279ed | 1554 | ssl->buffers.weOwnDH = 0; |
| Vanger | 4:e505054279ed | 1555 | |
| Vanger | 4:e505054279ed | 1556 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 1557 | ssl->buffers.dtlsCtx.fd = -1; |
| Vanger | 4:e505054279ed | 1558 | ssl->buffers.dtlsCtx.peer.sa = NULL; |
| Vanger | 4:e505054279ed | 1559 | ssl->buffers.dtlsCtx.peer.sz = 0; |
| Vanger | 4:e505054279ed | 1560 | #endif |
| Vanger | 4:e505054279ed | 1561 | |
| Vanger | 4:e505054279ed | 1562 | #ifdef KEEP_PEER_CERT |
| Vanger | 4:e505054279ed | 1563 | ssl->peerCert.issuer.sz = 0; |
| Vanger | 4:e505054279ed | 1564 | ssl->peerCert.subject.sz = 0; |
| Vanger | 4:e505054279ed | 1565 | #endif |
| Vanger | 4:e505054279ed | 1566 | |
| Vanger | 4:e505054279ed | 1567 | #ifdef SESSION_CERTS |
| Vanger | 4:e505054279ed | 1568 | ssl->session.chain.count = 0; |
| Vanger | 4:e505054279ed | 1569 | #endif |
| Vanger | 4:e505054279ed | 1570 | |
| Vanger | 4:e505054279ed | 1571 | #ifndef NO_CLIENT_CACHE |
| Vanger | 4:e505054279ed | 1572 | ssl->session.idLen = 0; |
| Vanger | 4:e505054279ed | 1573 | #endif |
| Vanger | 4:e505054279ed | 1574 | |
| Vanger | 4:e505054279ed | 1575 | ssl->cipher.ssl = ssl; |
| Vanger | 4:e505054279ed | 1576 | |
| Vanger | 4:e505054279ed | 1577 | #ifdef FORTRESS |
| Vanger | 4:e505054279ed | 1578 | ssl->ex_data[0] = 0; |
| Vanger | 4:e505054279ed | 1579 | ssl->ex_data[1] = 0; |
| Vanger | 4:e505054279ed | 1580 | ssl->ex_data[2] = 0; |
| Vanger | 4:e505054279ed | 1581 | #endif |
| Vanger | 4:e505054279ed | 1582 | |
| Vanger | 4:e505054279ed | 1583 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 1584 | ssl->hsInfoOn = 0; |
| Vanger | 4:e505054279ed | 1585 | ssl->toInfoOn = 0; |
| Vanger | 4:e505054279ed | 1586 | #endif |
| Vanger | 4:e505054279ed | 1587 | |
| Vanger | 4:e505054279ed | 1588 | #ifdef HAVE_CAVIUM |
| Vanger | 4:e505054279ed | 1589 | ssl->devId = ctx->devId; |
| Vanger | 4:e505054279ed | 1590 | #endif |
| Vanger | 4:e505054279ed | 1591 | |
| Vanger | 4:e505054279ed | 1592 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 1593 | ssl->extensions = NULL; |
| Vanger | 4:e505054279ed | 1594 | #ifdef HAVE_MAX_FRAGMENT |
| Vanger | 4:e505054279ed | 1595 | ssl->max_fragment = MAX_RECORD_SIZE; |
| Vanger | 4:e505054279ed | 1596 | #endif |
| Vanger | 4:e505054279ed | 1597 | #ifdef HAVE_TRUNCATED_HMAC |
| Vanger | 4:e505054279ed | 1598 | ssl->truncated_hmac = 0; |
| Vanger | 4:e505054279ed | 1599 | #endif |
| Vanger | 4:e505054279ed | 1600 | #endif |
| Vanger | 4:e505054279ed | 1601 | |
| Vanger | 4:e505054279ed | 1602 | ssl->rng = NULL; |
| Vanger | 4:e505054279ed | 1603 | ssl->arrays = NULL; |
| Vanger | 4:e505054279ed | 1604 | |
| Vanger | 4:e505054279ed | 1605 | /* default alert state (none) */ |
| Vanger | 4:e505054279ed | 1606 | ssl->alert_history.last_rx.code = -1; |
| Vanger | 4:e505054279ed | 1607 | ssl->alert_history.last_rx.level = -1; |
| Vanger | 4:e505054279ed | 1608 | ssl->alert_history.last_tx.code = -1; |
| Vanger | 4:e505054279ed | 1609 | ssl->alert_history.last_tx.level = -1; |
| Vanger | 4:e505054279ed | 1610 | |
| Vanger | 4:e505054279ed | 1611 | InitCiphers(ssl); |
| Vanger | 4:e505054279ed | 1612 | InitCipherSpecs(&ssl->specs); |
| Vanger | 4:e505054279ed | 1613 | #ifdef ATOMIC_USER |
| Vanger | 4:e505054279ed | 1614 | ssl->MacEncryptCtx = NULL; |
| Vanger | 4:e505054279ed | 1615 | ssl->DecryptVerifyCtx = NULL; |
| Vanger | 4:e505054279ed | 1616 | #endif |
| Vanger | 4:e505054279ed | 1617 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 1618 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 1619 | ssl->EccSignCtx = NULL; |
| Vanger | 4:e505054279ed | 1620 | ssl->EccVerifyCtx = NULL; |
| Vanger | 4:e505054279ed | 1621 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 1622 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 1623 | ssl->RsaSignCtx = NULL; |
| Vanger | 4:e505054279ed | 1624 | ssl->RsaVerifyCtx = NULL; |
| Vanger | 4:e505054279ed | 1625 | ssl->RsaEncCtx = NULL; |
| Vanger | 4:e505054279ed | 1626 | ssl->RsaDecCtx = NULL; |
| Vanger | 4:e505054279ed | 1627 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 1628 | #endif /* HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 1629 | |
| Vanger | 4:e505054279ed | 1630 | /* all done with init, now can return errors, call other stuff */ |
| Vanger | 4:e505054279ed | 1631 | |
| Vanger | 4:e505054279ed | 1632 | /* increment CTX reference count */ |
| Vanger | 4:e505054279ed | 1633 | if (LockMutex(&ctx->countMutex) != 0) { |
| Vanger | 4:e505054279ed | 1634 | CYASSL_MSG("Couldn't lock CTX count mutex"); |
| Vanger | 4:e505054279ed | 1635 | return BAD_MUTEX_E; |
| Vanger | 4:e505054279ed | 1636 | } |
| Vanger | 4:e505054279ed | 1637 | ctx->refCount++; |
| Vanger | 4:e505054279ed | 1638 | UnLockMutex(&ctx->countMutex); |
| Vanger | 4:e505054279ed | 1639 | |
| Vanger | 4:e505054279ed | 1640 | /* arrays */ |
| Vanger | 4:e505054279ed | 1641 | ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap, |
| Vanger | 4:e505054279ed | 1642 | DYNAMIC_TYPE_ARRAYS); |
| Vanger | 4:e505054279ed | 1643 | if (ssl->arrays == NULL) { |
| Vanger | 4:e505054279ed | 1644 | CYASSL_MSG("Arrays Memory error"); |
| Vanger | 4:e505054279ed | 1645 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 1646 | } |
| Vanger | 4:e505054279ed | 1647 | XMEMSET(ssl->arrays, 0, sizeof(Arrays)); |
| Vanger | 4:e505054279ed | 1648 | |
| Vanger | 4:e505054279ed | 1649 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 1650 | ssl->arrays->client_identity[0] = 0; |
| Vanger | 4:e505054279ed | 1651 | if (ctx->server_hint[0]) { /* set in CTX */ |
| Vanger | 4:e505054279ed | 1652 | XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint, MAX_PSK_ID_LEN); |
| Vanger | 4:e505054279ed | 1653 | ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0'; |
| Vanger | 4:e505054279ed | 1654 | } |
| Vanger | 4:e505054279ed | 1655 | else |
| Vanger | 4:e505054279ed | 1656 | ssl->arrays->server_hint[0] = 0; |
| Vanger | 4:e505054279ed | 1657 | #endif /* NO_PSK */ |
| Vanger | 4:e505054279ed | 1658 | |
| Vanger | 4:e505054279ed | 1659 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 1660 | ssl->arrays->cookieSz = 0; |
| Vanger | 4:e505054279ed | 1661 | #endif |
| Vanger | 4:e505054279ed | 1662 | |
| Vanger | 4:e505054279ed | 1663 | /* RNG */ |
| Vanger | 4:e505054279ed | 1664 | ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG); |
| Vanger | 4:e505054279ed | 1665 | if (ssl->rng == NULL) { |
| Vanger | 4:e505054279ed | 1666 | CYASSL_MSG("RNG Memory error"); |
| Vanger | 4:e505054279ed | 1667 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 1668 | } |
| Vanger | 4:e505054279ed | 1669 | |
| Vanger | 4:e505054279ed | 1670 | if ( (ret = InitRng(ssl->rng)) != 0) { |
| Vanger | 4:e505054279ed | 1671 | CYASSL_MSG("RNG Init error"); |
| Vanger | 4:e505054279ed | 1672 | return ret; |
| Vanger | 4:e505054279ed | 1673 | } |
| Vanger | 4:e505054279ed | 1674 | |
| Vanger | 4:e505054279ed | 1675 | /* suites */ |
| Vanger | 4:e505054279ed | 1676 | ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, |
| Vanger | 4:e505054279ed | 1677 | DYNAMIC_TYPE_SUITES); |
| Vanger | 4:e505054279ed | 1678 | if (ssl->suites == NULL) { |
| Vanger | 4:e505054279ed | 1679 | CYASSL_MSG("Suites Memory error"); |
| Vanger | 4:e505054279ed | 1680 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 1681 | } |
| Vanger | 4:e505054279ed | 1682 | *ssl->suites = ctx->suites; |
| Vanger | 4:e505054279ed | 1683 | |
| Vanger | 4:e505054279ed | 1684 | /* peer key */ |
| Vanger | 4:e505054279ed | 1685 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 1686 | ssl->peerRsaKey = (RsaKey*)XMALLOC(sizeof(RsaKey), ssl->heap, |
| Vanger | 4:e505054279ed | 1687 | DYNAMIC_TYPE_RSA); |
| Vanger | 4:e505054279ed | 1688 | if (ssl->peerRsaKey == NULL) { |
| Vanger | 4:e505054279ed | 1689 | CYASSL_MSG("PeerRsaKey Memory error"); |
| Vanger | 4:e505054279ed | 1690 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 1691 | } |
| Vanger | 4:e505054279ed | 1692 | ret = InitRsaKey(ssl->peerRsaKey, ctx->heap); |
| Vanger | 4:e505054279ed | 1693 | if (ret != 0) return ret; |
| Vanger | 4:e505054279ed | 1694 | #endif |
| Vanger | 4:e505054279ed | 1695 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 1696 | /* make sure server has cert and key unless using PSK */ |
| Vanger | 4:e505054279ed | 1697 | if (ssl->options.side == CYASSL_SERVER_END && !havePSK) |
| Vanger | 4:e505054279ed | 1698 | if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) { |
| Vanger | 4:e505054279ed | 1699 | CYASSL_MSG("Server missing certificate and/or private key"); |
| Vanger | 4:e505054279ed | 1700 | return NO_PRIVATE_KEY; |
| Vanger | 4:e505054279ed | 1701 | } |
| Vanger | 4:e505054279ed | 1702 | #endif |
| Vanger | 4:e505054279ed | 1703 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 1704 | ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), |
| Vanger | 4:e505054279ed | 1705 | ctx->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1706 | if (ssl->peerEccKey == NULL) { |
| Vanger | 4:e505054279ed | 1707 | CYASSL_MSG("PeerEccKey Memory error"); |
| Vanger | 4:e505054279ed | 1708 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 1709 | } |
| Vanger | 4:e505054279ed | 1710 | ssl->peerEccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key), |
| Vanger | 4:e505054279ed | 1711 | ctx->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1712 | if (ssl->peerEccDsaKey == NULL) { |
| Vanger | 4:e505054279ed | 1713 | CYASSL_MSG("PeerEccDsaKey Memory error"); |
| Vanger | 4:e505054279ed | 1714 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 1715 | } |
| Vanger | 4:e505054279ed | 1716 | ssl->eccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key), |
| Vanger | 4:e505054279ed | 1717 | ctx->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1718 | if (ssl->eccDsaKey == NULL) { |
| Vanger | 4:e505054279ed | 1719 | CYASSL_MSG("EccDsaKey Memory error"); |
| Vanger | 4:e505054279ed | 1720 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 1721 | } |
| Vanger | 4:e505054279ed | 1722 | ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key), |
| Vanger | 4:e505054279ed | 1723 | ctx->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1724 | if (ssl->eccTempKey == NULL) { |
| Vanger | 4:e505054279ed | 1725 | CYASSL_MSG("EccTempKey Memory error"); |
| Vanger | 4:e505054279ed | 1726 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 1727 | } |
| Vanger | 4:e505054279ed | 1728 | ecc_init(ssl->peerEccKey); |
| Vanger | 4:e505054279ed | 1729 | ecc_init(ssl->peerEccDsaKey); |
| Vanger | 4:e505054279ed | 1730 | ecc_init(ssl->eccDsaKey); |
| Vanger | 4:e505054279ed | 1731 | ecc_init(ssl->eccTempKey); |
| Vanger | 4:e505054279ed | 1732 | #endif |
| Vanger | 4:e505054279ed | 1733 | |
| Vanger | 4:e505054279ed | 1734 | /* make sure server has DH parms, and add PSK if there, add NTRU too */ |
| Vanger | 4:e505054279ed | 1735 | if (ssl->options.side == CYASSL_SERVER_END) |
| Vanger | 4:e505054279ed | 1736 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
| Vanger | 4:e505054279ed | 1737 | ssl->options.haveDH, ssl->options.haveNTRU, |
| Vanger | 4:e505054279ed | 1738 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
| Vanger | 4:e505054279ed | 1739 | ssl->options.side); |
| Vanger | 4:e505054279ed | 1740 | else |
| Vanger | 4:e505054279ed | 1741 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, TRUE, |
| Vanger | 4:e505054279ed | 1742 | ssl->options.haveNTRU, ssl->options.haveECDSAsig, |
| Vanger | 4:e505054279ed | 1743 | ssl->options.haveStaticECC, ssl->options.side); |
| Vanger | 4:e505054279ed | 1744 | |
| Vanger | 4:e505054279ed | 1745 | return 0; |
| Vanger | 4:e505054279ed | 1746 | } |
| Vanger | 4:e505054279ed | 1747 | |
| Vanger | 4:e505054279ed | 1748 | |
| Vanger | 4:e505054279ed | 1749 | /* free use of temporary arrays */ |
| Vanger | 4:e505054279ed | 1750 | void FreeArrays(CYASSL* ssl, int keep) |
| Vanger | 4:e505054279ed | 1751 | { |
| Vanger | 4:e505054279ed | 1752 | if (ssl->arrays && keep) { |
| Vanger | 4:e505054279ed | 1753 | /* keeps session id for user retrieval */ |
| Vanger | 4:e505054279ed | 1754 | XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN); |
| Vanger | 4:e505054279ed | 1755 | } |
| Vanger | 4:e505054279ed | 1756 | XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS); |
| Vanger | 4:e505054279ed | 1757 | ssl->arrays = NULL; |
| Vanger | 4:e505054279ed | 1758 | } |
| Vanger | 4:e505054279ed | 1759 | |
| Vanger | 4:e505054279ed | 1760 | |
| Vanger | 4:e505054279ed | 1761 | /* In case holding SSL object in array and don't want to free actual ssl */ |
| Vanger | 4:e505054279ed | 1762 | void SSL_ResourceFree(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 1763 | { |
| Vanger | 4:e505054279ed | 1764 | FreeCiphers(ssl); |
| Vanger | 4:e505054279ed | 1765 | FreeArrays(ssl, 0); |
| Vanger | 4:e505054279ed | 1766 | XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); |
| Vanger | 4:e505054279ed | 1767 | XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); |
| Vanger | 4:e505054279ed | 1768 | XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); |
| Vanger | 4:e505054279ed | 1769 | |
| Vanger | 4:e505054279ed | 1770 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 1771 | XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 1772 | XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 1773 | /* parameters (p,g) may be owned by ctx */ |
| Vanger | 4:e505054279ed | 1774 | if (ssl->buffers.weOwnDH || ssl->options.side == CYASSL_CLIENT_END) { |
| Vanger | 4:e505054279ed | 1775 | XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 1776 | XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 1777 | } |
| Vanger | 4:e505054279ed | 1778 | |
| Vanger | 4:e505054279ed | 1779 | /* CYASSL_CTX always owns certChain */ |
| Vanger | 4:e505054279ed | 1780 | if (ssl->buffers.weOwnCert) |
| Vanger | 4:e505054279ed | 1781 | XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT); |
| Vanger | 4:e505054279ed | 1782 | if (ssl->buffers.weOwnKey) |
| Vanger | 4:e505054279ed | 1783 | XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY); |
| Vanger | 4:e505054279ed | 1784 | #endif |
| Vanger | 4:e505054279ed | 1785 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 1786 | if (ssl->peerRsaKey) { |
| Vanger | 4:e505054279ed | 1787 | FreeRsaKey(ssl->peerRsaKey); |
| Vanger | 4:e505054279ed | 1788 | XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA); |
| Vanger | 4:e505054279ed | 1789 | } |
| Vanger | 4:e505054279ed | 1790 | #endif |
| Vanger | 4:e505054279ed | 1791 | if (ssl->buffers.inputBuffer.dynamicFlag) |
| Vanger | 4:e505054279ed | 1792 | ShrinkInputBuffer(ssl, FORCED_FREE); |
| Vanger | 4:e505054279ed | 1793 | if (ssl->buffers.outputBuffer.dynamicFlag) |
| Vanger | 4:e505054279ed | 1794 | ShrinkOutputBuffer(ssl); |
| Vanger | 4:e505054279ed | 1795 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 1796 | if (ssl->dtls_pool != NULL) { |
| Vanger | 4:e505054279ed | 1797 | DtlsPoolReset(ssl); |
| Vanger | 4:e505054279ed | 1798 | XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_NONE); |
| Vanger | 4:e505054279ed | 1799 | } |
| Vanger | 4:e505054279ed | 1800 | if (ssl->dtls_msg_list != NULL) { |
| Vanger | 4:e505054279ed | 1801 | DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); |
| Vanger | 4:e505054279ed | 1802 | ssl->dtls_msg_list = NULL; |
| Vanger | 4:e505054279ed | 1803 | } |
| Vanger | 4:e505054279ed | 1804 | XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR); |
| Vanger | 4:e505054279ed | 1805 | ssl->buffers.dtlsCtx.peer.sa = NULL; |
| Vanger | 4:e505054279ed | 1806 | #endif |
| Vanger | 4:e505054279ed | 1807 | #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS) |
| Vanger | 4:e505054279ed | 1808 | FreeX509(&ssl->peerCert); |
| Vanger | 4:e505054279ed | 1809 | #endif |
| Vanger | 4:e505054279ed | 1810 | #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) |
| Vanger | 4:e505054279ed | 1811 | CyaSSL_BIO_free(ssl->biord); |
| Vanger | 4:e505054279ed | 1812 | if (ssl->biord != ssl->biowr) /* in case same as write */ |
| Vanger | 4:e505054279ed | 1813 | CyaSSL_BIO_free(ssl->biowr); |
| Vanger | 4:e505054279ed | 1814 | #endif |
| Vanger | 4:e505054279ed | 1815 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 1816 | FreeStreams(ssl); |
| Vanger | 4:e505054279ed | 1817 | #endif |
| Vanger | 4:e505054279ed | 1818 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 1819 | if (ssl->peerEccKey) { |
| Vanger | 4:e505054279ed | 1820 | if (ssl->peerEccKeyPresent) |
| Vanger | 4:e505054279ed | 1821 | ecc_free(ssl->peerEccKey); |
| Vanger | 4:e505054279ed | 1822 | XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1823 | } |
| Vanger | 4:e505054279ed | 1824 | if (ssl->peerEccDsaKey) { |
| Vanger | 4:e505054279ed | 1825 | if (ssl->peerEccDsaKeyPresent) |
| Vanger | 4:e505054279ed | 1826 | ecc_free(ssl->peerEccDsaKey); |
| Vanger | 4:e505054279ed | 1827 | XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1828 | } |
| Vanger | 4:e505054279ed | 1829 | if (ssl->eccTempKey) { |
| Vanger | 4:e505054279ed | 1830 | if (ssl->eccTempKeyPresent) |
| Vanger | 4:e505054279ed | 1831 | ecc_free(ssl->eccTempKey); |
| Vanger | 4:e505054279ed | 1832 | XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1833 | } |
| Vanger | 4:e505054279ed | 1834 | if (ssl->eccDsaKey) { |
| Vanger | 4:e505054279ed | 1835 | if (ssl->eccDsaKeyPresent) |
| Vanger | 4:e505054279ed | 1836 | ecc_free(ssl->eccDsaKey); |
| Vanger | 4:e505054279ed | 1837 | XFREE(ssl->eccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1838 | } |
| Vanger | 4:e505054279ed | 1839 | #endif |
| Vanger | 4:e505054279ed | 1840 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 1841 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 1842 | XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1843 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 1844 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 1845 | XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA); |
| Vanger | 4:e505054279ed | 1846 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 1847 | #endif /* HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 1848 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 1849 | TLSX_FreeAll(ssl->extensions); |
| Vanger | 4:e505054279ed | 1850 | #endif |
| Vanger | 4:e505054279ed | 1851 | #ifdef HAVE_NETX |
| Vanger | 4:e505054279ed | 1852 | if (ssl->nxCtx.nxPacket) |
| Vanger | 4:e505054279ed | 1853 | nx_packet_release(ssl->nxCtx.nxPacket); |
| Vanger | 4:e505054279ed | 1854 | #endif |
| Vanger | 4:e505054279ed | 1855 | } |
| Vanger | 4:e505054279ed | 1856 | |
| Vanger | 4:e505054279ed | 1857 | |
| Vanger | 4:e505054279ed | 1858 | /* Free any handshake resources no longer needed */ |
| Vanger | 4:e505054279ed | 1859 | void FreeHandshakeResources(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 1860 | { |
| Vanger | 4:e505054279ed | 1861 | /* input buffer */ |
| Vanger | 4:e505054279ed | 1862 | if (ssl->buffers.inputBuffer.dynamicFlag) |
| Vanger | 4:e505054279ed | 1863 | ShrinkInputBuffer(ssl, NO_FORCED_FREE); |
| Vanger | 4:e505054279ed | 1864 | |
| Vanger | 4:e505054279ed | 1865 | /* suites */ |
| Vanger | 4:e505054279ed | 1866 | XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); |
| Vanger | 4:e505054279ed | 1867 | ssl->suites = NULL; |
| Vanger | 4:e505054279ed | 1868 | |
| Vanger | 4:e505054279ed | 1869 | /* RNG */ |
| Vanger | 4:e505054279ed | 1870 | if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) { |
| Vanger | 4:e505054279ed | 1871 | XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); |
| Vanger | 4:e505054279ed | 1872 | ssl->rng = NULL; |
| Vanger | 4:e505054279ed | 1873 | } |
| Vanger | 4:e505054279ed | 1874 | |
| Vanger | 4:e505054279ed | 1875 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 1876 | /* DTLS_POOL */ |
| Vanger | 4:e505054279ed | 1877 | if (ssl->options.dtls && ssl->dtls_pool != NULL) { |
| Vanger | 4:e505054279ed | 1878 | DtlsPoolReset(ssl); |
| Vanger | 4:e505054279ed | 1879 | XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_DTLS_POOL); |
| Vanger | 4:e505054279ed | 1880 | ssl->dtls_pool = NULL; |
| Vanger | 4:e505054279ed | 1881 | } |
| Vanger | 4:e505054279ed | 1882 | #endif |
| Vanger | 4:e505054279ed | 1883 | |
| Vanger | 4:e505054279ed | 1884 | /* arrays */ |
| Vanger | 4:e505054279ed | 1885 | if (ssl->options.saveArrays) |
| Vanger | 4:e505054279ed | 1886 | FreeArrays(ssl, 1); |
| Vanger | 4:e505054279ed | 1887 | |
| Vanger | 4:e505054279ed | 1888 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 1889 | /* peerRsaKey */ |
| Vanger | 4:e505054279ed | 1890 | if (ssl->peerRsaKey) { |
| Vanger | 4:e505054279ed | 1891 | FreeRsaKey(ssl->peerRsaKey); |
| Vanger | 4:e505054279ed | 1892 | XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA); |
| Vanger | 4:e505054279ed | 1893 | ssl->peerRsaKey = NULL; |
| Vanger | 4:e505054279ed | 1894 | } |
| Vanger | 4:e505054279ed | 1895 | #endif |
| Vanger | 4:e505054279ed | 1896 | |
| Vanger | 4:e505054279ed | 1897 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 1898 | if (ssl->peerEccKey) |
| Vanger | 4:e505054279ed | 1899 | { |
| Vanger | 4:e505054279ed | 1900 | if (ssl->peerEccKeyPresent) { |
| Vanger | 4:e505054279ed | 1901 | ecc_free(ssl->peerEccKey); |
| Vanger | 4:e505054279ed | 1902 | ssl->peerEccKeyPresent = 0; |
| Vanger | 4:e505054279ed | 1903 | } |
| Vanger | 4:e505054279ed | 1904 | XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1905 | ssl->peerEccKey = NULL; |
| Vanger | 4:e505054279ed | 1906 | } |
| Vanger | 4:e505054279ed | 1907 | if (ssl->peerEccDsaKey) |
| Vanger | 4:e505054279ed | 1908 | { |
| Vanger | 4:e505054279ed | 1909 | if (ssl->peerEccDsaKeyPresent) { |
| Vanger | 4:e505054279ed | 1910 | ecc_free(ssl->peerEccDsaKey); |
| Vanger | 4:e505054279ed | 1911 | ssl->peerEccDsaKeyPresent = 0; |
| Vanger | 4:e505054279ed | 1912 | } |
| Vanger | 4:e505054279ed | 1913 | XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1914 | ssl->peerEccDsaKey = NULL; |
| Vanger | 4:e505054279ed | 1915 | } |
| Vanger | 4:e505054279ed | 1916 | if (ssl->eccTempKey) |
| Vanger | 4:e505054279ed | 1917 | { |
| Vanger | 4:e505054279ed | 1918 | if (ssl->eccTempKeyPresent) { |
| Vanger | 4:e505054279ed | 1919 | ecc_free(ssl->eccTempKey); |
| Vanger | 4:e505054279ed | 1920 | ssl->eccTempKeyPresent = 0; |
| Vanger | 4:e505054279ed | 1921 | } |
| Vanger | 4:e505054279ed | 1922 | XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1923 | ssl->eccTempKey = NULL; |
| Vanger | 4:e505054279ed | 1924 | } |
| Vanger | 4:e505054279ed | 1925 | if (ssl->eccDsaKey) |
| Vanger | 4:e505054279ed | 1926 | { |
| Vanger | 4:e505054279ed | 1927 | if (ssl->eccDsaKeyPresent) { |
| Vanger | 4:e505054279ed | 1928 | ecc_free(ssl->eccDsaKey); |
| Vanger | 4:e505054279ed | 1929 | ssl->eccDsaKeyPresent = 0; |
| Vanger | 4:e505054279ed | 1930 | } |
| Vanger | 4:e505054279ed | 1931 | XFREE(ssl->eccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1932 | ssl->eccDsaKey = NULL; |
| Vanger | 4:e505054279ed | 1933 | } |
| Vanger | 4:e505054279ed | 1934 | #endif |
| Vanger | 4:e505054279ed | 1935 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 1936 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 1937 | XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 1938 | ssl->buffers.peerEccDsaKey.buffer = NULL; |
| Vanger | 4:e505054279ed | 1939 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 1940 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 1941 | XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA); |
| Vanger | 4:e505054279ed | 1942 | ssl->buffers.peerRsaKey.buffer = NULL; |
| Vanger | 4:e505054279ed | 1943 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 1944 | #endif /* HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 1945 | } |
| Vanger | 4:e505054279ed | 1946 | |
| Vanger | 4:e505054279ed | 1947 | |
| Vanger | 4:e505054279ed | 1948 | void FreeSSL(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 1949 | { |
| Vanger | 4:e505054279ed | 1950 | FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */ |
| Vanger | 4:e505054279ed | 1951 | SSL_ResourceFree(ssl); |
| Vanger | 4:e505054279ed | 1952 | XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL); |
| Vanger | 4:e505054279ed | 1953 | } |
| Vanger | 4:e505054279ed | 1954 | |
| Vanger | 4:e505054279ed | 1955 | |
| Vanger | 4:e505054279ed | 1956 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 1957 | |
| Vanger | 4:e505054279ed | 1958 | int DtlsPoolInit(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 1959 | { |
| Vanger | 4:e505054279ed | 1960 | if (ssl->dtls_pool == NULL) { |
| Vanger | 4:e505054279ed | 1961 | DtlsPool *pool = (DtlsPool*)XMALLOC(sizeof(DtlsPool), |
| Vanger | 4:e505054279ed | 1962 | ssl->heap, DYNAMIC_TYPE_DTLS_POOL); |
| Vanger | 4:e505054279ed | 1963 | if (pool == NULL) { |
| Vanger | 4:e505054279ed | 1964 | CYASSL_MSG("DTLS Buffer Pool Memory error"); |
| Vanger | 4:e505054279ed | 1965 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 1966 | } |
| Vanger | 4:e505054279ed | 1967 | else { |
| Vanger | 4:e505054279ed | 1968 | int i; |
| Vanger | 4:e505054279ed | 1969 | |
| Vanger | 4:e505054279ed | 1970 | for (i = 0; i < DTLS_POOL_SZ; i++) { |
| Vanger | 4:e505054279ed | 1971 | pool->buf[i].length = 0; |
| Vanger | 4:e505054279ed | 1972 | pool->buf[i].buffer = NULL; |
| Vanger | 4:e505054279ed | 1973 | } |
| Vanger | 4:e505054279ed | 1974 | pool->used = 0; |
| Vanger | 4:e505054279ed | 1975 | ssl->dtls_pool = pool; |
| Vanger | 4:e505054279ed | 1976 | } |
| Vanger | 4:e505054279ed | 1977 | } |
| Vanger | 4:e505054279ed | 1978 | return 0; |
| Vanger | 4:e505054279ed | 1979 | } |
| Vanger | 4:e505054279ed | 1980 | |
| Vanger | 4:e505054279ed | 1981 | |
| Vanger | 4:e505054279ed | 1982 | int DtlsPoolSave(CYASSL* ssl, const byte *src, int sz) |
| Vanger | 4:e505054279ed | 1983 | { |
| Vanger | 4:e505054279ed | 1984 | DtlsPool *pool = ssl->dtls_pool; |
| Vanger | 4:e505054279ed | 1985 | if (pool != NULL && pool->used < DTLS_POOL_SZ) { |
| Vanger | 4:e505054279ed | 1986 | buffer *pBuf = &pool->buf[pool->used]; |
| Vanger | 4:e505054279ed | 1987 | pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); |
| Vanger | 4:e505054279ed | 1988 | if (pBuf->buffer == NULL) { |
| Vanger | 4:e505054279ed | 1989 | CYASSL_MSG("DTLS Buffer Memory error"); |
| Vanger | 4:e505054279ed | 1990 | return MEMORY_ERROR; |
| Vanger | 4:e505054279ed | 1991 | } |
| Vanger | 4:e505054279ed | 1992 | XMEMCPY(pBuf->buffer, src, sz); |
| Vanger | 4:e505054279ed | 1993 | pBuf->length = (word32)sz; |
| Vanger | 4:e505054279ed | 1994 | pool->used++; |
| Vanger | 4:e505054279ed | 1995 | } |
| Vanger | 4:e505054279ed | 1996 | return 0; |
| Vanger | 4:e505054279ed | 1997 | } |
| Vanger | 4:e505054279ed | 1998 | |
| Vanger | 4:e505054279ed | 1999 | |
| Vanger | 4:e505054279ed | 2000 | void DtlsPoolReset(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 2001 | { |
| Vanger | 4:e505054279ed | 2002 | DtlsPool *pool = ssl->dtls_pool; |
| Vanger | 4:e505054279ed | 2003 | if (pool != NULL) { |
| Vanger | 4:e505054279ed | 2004 | buffer *pBuf; |
| Vanger | 4:e505054279ed | 2005 | int i, used; |
| Vanger | 4:e505054279ed | 2006 | |
| Vanger | 4:e505054279ed | 2007 | used = pool->used; |
| Vanger | 4:e505054279ed | 2008 | for (i = 0, pBuf = &pool->buf[0]; i < used; i++, pBuf++) { |
| Vanger | 4:e505054279ed | 2009 | XFREE(pBuf->buffer, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); |
| Vanger | 4:e505054279ed | 2010 | pBuf->buffer = NULL; |
| Vanger | 4:e505054279ed | 2011 | pBuf->length = 0; |
| Vanger | 4:e505054279ed | 2012 | } |
| Vanger | 4:e505054279ed | 2013 | pool->used = 0; |
| Vanger | 4:e505054279ed | 2014 | } |
| Vanger | 4:e505054279ed | 2015 | ssl->dtls_timeout = ssl->dtls_timeout_init; |
| Vanger | 4:e505054279ed | 2016 | } |
| Vanger | 4:e505054279ed | 2017 | |
| Vanger | 4:e505054279ed | 2018 | |
| Vanger | 4:e505054279ed | 2019 | int DtlsPoolTimeout(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 2020 | { |
| Vanger | 4:e505054279ed | 2021 | int result = -1; |
| Vanger | 4:e505054279ed | 2022 | if (ssl->dtls_timeout < ssl->dtls_timeout_max) { |
| Vanger | 4:e505054279ed | 2023 | ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER; |
| Vanger | 4:e505054279ed | 2024 | result = 0; |
| Vanger | 4:e505054279ed | 2025 | } |
| Vanger | 4:e505054279ed | 2026 | return result; |
| Vanger | 4:e505054279ed | 2027 | } |
| Vanger | 4:e505054279ed | 2028 | |
| Vanger | 4:e505054279ed | 2029 | |
| Vanger | 4:e505054279ed | 2030 | int DtlsPoolSend(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 2031 | { |
| Vanger | 4:e505054279ed | 2032 | int ret; |
| Vanger | 4:e505054279ed | 2033 | DtlsPool *pool = ssl->dtls_pool; |
| Vanger | 4:e505054279ed | 2034 | |
| Vanger | 4:e505054279ed | 2035 | if (pool != NULL && pool->used > 0) { |
| Vanger | 4:e505054279ed | 2036 | int i; |
| Vanger | 4:e505054279ed | 2037 | for (i = 0; i < pool->used; i++) { |
| Vanger | 4:e505054279ed | 2038 | int sendResult; |
| Vanger | 4:e505054279ed | 2039 | buffer* buf = &pool->buf[i]; |
| Vanger | 4:e505054279ed | 2040 | |
| Vanger | 4:e505054279ed | 2041 | DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)buf->buffer; |
| Vanger | 4:e505054279ed | 2042 | |
| Vanger | 4:e505054279ed | 2043 | word16 message_epoch; |
| Vanger | 4:e505054279ed | 2044 | ato16(dtls->epoch, &message_epoch); |
| Vanger | 4:e505054279ed | 2045 | if (message_epoch == ssl->keys.dtls_epoch) { |
| Vanger | 4:e505054279ed | 2046 | /* Increment record sequence number on retransmitted handshake |
| Vanger | 4:e505054279ed | 2047 | * messages */ |
| Vanger | 4:e505054279ed | 2048 | c32to48(ssl->keys.dtls_sequence_number, dtls->sequence_number); |
| Vanger | 4:e505054279ed | 2049 | ssl->keys.dtls_sequence_number++; |
| Vanger | 4:e505054279ed | 2050 | } |
| Vanger | 4:e505054279ed | 2051 | else { |
| Vanger | 4:e505054279ed | 2052 | /* The Finished message is sent with the next epoch, keep its |
| Vanger | 4:e505054279ed | 2053 | * sequence number */ |
| Vanger | 4:e505054279ed | 2054 | } |
| Vanger | 4:e505054279ed | 2055 | |
| Vanger | 4:e505054279ed | 2056 | if ((ret = CheckAvailableSize(ssl, buf->length)) != 0) |
| Vanger | 4:e505054279ed | 2057 | return ret; |
| Vanger | 4:e505054279ed | 2058 | |
| Vanger | 4:e505054279ed | 2059 | XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length); |
| Vanger | 4:e505054279ed | 2060 | ssl->buffers.outputBuffer.idx = 0; |
| Vanger | 4:e505054279ed | 2061 | ssl->buffers.outputBuffer.length = buf->length; |
| Vanger | 4:e505054279ed | 2062 | |
| Vanger | 4:e505054279ed | 2063 | sendResult = SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 2064 | if (sendResult < 0) { |
| Vanger | 4:e505054279ed | 2065 | return sendResult; |
| Vanger | 4:e505054279ed | 2066 | } |
| Vanger | 4:e505054279ed | 2067 | } |
| Vanger | 4:e505054279ed | 2068 | } |
| Vanger | 4:e505054279ed | 2069 | return 0; |
| Vanger | 4:e505054279ed | 2070 | } |
| Vanger | 4:e505054279ed | 2071 | |
| Vanger | 4:e505054279ed | 2072 | |
| Vanger | 4:e505054279ed | 2073 | /* functions for managing DTLS datagram reordering */ |
| Vanger | 4:e505054279ed | 2074 | |
| Vanger | 4:e505054279ed | 2075 | /* Need to allocate space for the handshake message header. The hashing |
| Vanger | 4:e505054279ed | 2076 | * routines assume the message pointer is still within the buffer that |
| Vanger | 4:e505054279ed | 2077 | * has the headers, and will include those headers in the hash. The store |
| Vanger | 4:e505054279ed | 2078 | * routines need to take that into account as well. New will allocate |
| Vanger | 4:e505054279ed | 2079 | * extra space for the headers. */ |
| Vanger | 4:e505054279ed | 2080 | DtlsMsg* DtlsMsgNew(word32 sz, void* heap) |
| Vanger | 4:e505054279ed | 2081 | { |
| Vanger | 4:e505054279ed | 2082 | DtlsMsg* msg = NULL; |
| Vanger | 4:e505054279ed | 2083 | |
| Vanger | 4:e505054279ed | 2084 | msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG); |
| Vanger | 4:e505054279ed | 2085 | |
| Vanger | 4:e505054279ed | 2086 | if (msg != NULL) { |
| Vanger | 4:e505054279ed | 2087 | msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ, |
| Vanger | 4:e505054279ed | 2088 | heap, DYNAMIC_TYPE_NONE); |
| Vanger | 4:e505054279ed | 2089 | if (msg->buf != NULL) { |
| Vanger | 4:e505054279ed | 2090 | msg->next = NULL; |
| Vanger | 4:e505054279ed | 2091 | msg->seq = 0; |
| Vanger | 4:e505054279ed | 2092 | msg->sz = sz; |
| Vanger | 4:e505054279ed | 2093 | msg->fragSz = 0; |
| Vanger | 4:e505054279ed | 2094 | msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 2095 | } |
| Vanger | 4:e505054279ed | 2096 | else { |
| Vanger | 4:e505054279ed | 2097 | XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG); |
| Vanger | 4:e505054279ed | 2098 | msg = NULL; |
| Vanger | 4:e505054279ed | 2099 | } |
| Vanger | 4:e505054279ed | 2100 | } |
| Vanger | 4:e505054279ed | 2101 | |
| Vanger | 4:e505054279ed | 2102 | return msg; |
| Vanger | 4:e505054279ed | 2103 | } |
| Vanger | 4:e505054279ed | 2104 | |
| Vanger | 4:e505054279ed | 2105 | void DtlsMsgDelete(DtlsMsg* item, void* heap) |
| Vanger | 4:e505054279ed | 2106 | { |
| Vanger | 4:e505054279ed | 2107 | (void)heap; |
| Vanger | 4:e505054279ed | 2108 | |
| Vanger | 4:e505054279ed | 2109 | if (item != NULL) { |
| Vanger | 4:e505054279ed | 2110 | if (item->buf != NULL) |
| Vanger | 4:e505054279ed | 2111 | XFREE(item->buf, heap, DYNAMIC_TYPE_NONE); |
| Vanger | 4:e505054279ed | 2112 | XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG); |
| Vanger | 4:e505054279ed | 2113 | } |
| Vanger | 4:e505054279ed | 2114 | } |
| Vanger | 4:e505054279ed | 2115 | |
| Vanger | 4:e505054279ed | 2116 | |
| Vanger | 4:e505054279ed | 2117 | void DtlsMsgListDelete(DtlsMsg* head, void* heap) |
| Vanger | 4:e505054279ed | 2118 | { |
| Vanger | 4:e505054279ed | 2119 | DtlsMsg* next; |
| Vanger | 4:e505054279ed | 2120 | while (head) { |
| Vanger | 4:e505054279ed | 2121 | next = head->next; |
| Vanger | 4:e505054279ed | 2122 | DtlsMsgDelete(head, heap); |
| Vanger | 4:e505054279ed | 2123 | head = next; |
| Vanger | 4:e505054279ed | 2124 | } |
| Vanger | 4:e505054279ed | 2125 | } |
| Vanger | 4:e505054279ed | 2126 | |
| Vanger | 4:e505054279ed | 2127 | |
| Vanger | 4:e505054279ed | 2128 | void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type, |
| Vanger | 4:e505054279ed | 2129 | word32 fragOffset, word32 fragSz) |
| Vanger | 4:e505054279ed | 2130 | { |
| Vanger | 4:e505054279ed | 2131 | if (msg != NULL && data != NULL && msg->fragSz <= msg->sz) { |
| Vanger | 4:e505054279ed | 2132 | msg->seq = seq; |
| Vanger | 4:e505054279ed | 2133 | msg->type = type; |
| Vanger | 4:e505054279ed | 2134 | msg->fragSz += fragSz; |
| Vanger | 4:e505054279ed | 2135 | /* If fragOffset is zero, this is either a full message that is out |
| Vanger | 4:e505054279ed | 2136 | * of order, or the first fragment of a fragmented message. Copy the |
| Vanger | 4:e505054279ed | 2137 | * handshake message header as well as the message data. */ |
| Vanger | 4:e505054279ed | 2138 | if (fragOffset == 0) |
| Vanger | 4:e505054279ed | 2139 | XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ, |
| Vanger | 4:e505054279ed | 2140 | fragSz + DTLS_HANDSHAKE_HEADER_SZ); |
| Vanger | 4:e505054279ed | 2141 | else { |
| Vanger | 4:e505054279ed | 2142 | /* If fragOffet is non-zero, this is an additional fragment that |
| Vanger | 4:e505054279ed | 2143 | * needs to be copied to its location in the message buffer. Also |
| Vanger | 4:e505054279ed | 2144 | * copy the total size of the message over the fragment size. The |
| Vanger | 4:e505054279ed | 2145 | * hash routines look at a defragmented message if it had actually |
| Vanger | 4:e505054279ed | 2146 | * come across as a single handshake message. */ |
| Vanger | 4:e505054279ed | 2147 | XMEMCPY(msg->msg + fragOffset, data, fragSz); |
| Vanger | 4:e505054279ed | 2148 | c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ); |
| Vanger | 4:e505054279ed | 2149 | } |
| Vanger | 4:e505054279ed | 2150 | } |
| Vanger | 4:e505054279ed | 2151 | } |
| Vanger | 4:e505054279ed | 2152 | |
| Vanger | 4:e505054279ed | 2153 | |
| Vanger | 4:e505054279ed | 2154 | DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq) |
| Vanger | 4:e505054279ed | 2155 | { |
| Vanger | 4:e505054279ed | 2156 | while (head != NULL && head->seq != seq) { |
| Vanger | 4:e505054279ed | 2157 | head = head->next; |
| Vanger | 4:e505054279ed | 2158 | } |
| Vanger | 4:e505054279ed | 2159 | return head; |
| Vanger | 4:e505054279ed | 2160 | } |
| Vanger | 4:e505054279ed | 2161 | |
| Vanger | 4:e505054279ed | 2162 | |
| Vanger | 4:e505054279ed | 2163 | DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data, |
| Vanger | 4:e505054279ed | 2164 | word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap) |
| Vanger | 4:e505054279ed | 2165 | { |
| Vanger | 4:e505054279ed | 2166 | |
| Vanger | 4:e505054279ed | 2167 | /* See if seq exists in the list. If it isn't in the list, make |
| Vanger | 4:e505054279ed | 2168 | * a new item of size dataSz, copy fragSz bytes from data to msg->msg |
| Vanger | 4:e505054279ed | 2169 | * starting at offset fragOffset, and add fragSz to msg->fragSz. If |
| Vanger | 4:e505054279ed | 2170 | * the seq is in the list and it isn't full, copy fragSz bytes from |
| Vanger | 4:e505054279ed | 2171 | * data to msg->msg starting at offset fragOffset, and add fragSz to |
| Vanger | 4:e505054279ed | 2172 | * msg->fragSz. The new item should be inserted into the list in its |
| Vanger | 4:e505054279ed | 2173 | * proper position. |
| Vanger | 4:e505054279ed | 2174 | * |
| Vanger | 4:e505054279ed | 2175 | * 1. Find seq in list, or where seq should go in list. If seq not in |
| Vanger | 4:e505054279ed | 2176 | * list, create new item and insert into list. Either case, keep |
| Vanger | 4:e505054279ed | 2177 | * pointer to item. |
| Vanger | 4:e505054279ed | 2178 | * 2. If msg->fragSz + fragSz < sz, copy data to msg->msg at offset |
| Vanger | 4:e505054279ed | 2179 | * fragOffset. Add fragSz to msg->fragSz. |
| Vanger | 4:e505054279ed | 2180 | */ |
| Vanger | 4:e505054279ed | 2181 | |
| Vanger | 4:e505054279ed | 2182 | if (head != NULL) { |
| Vanger | 4:e505054279ed | 2183 | DtlsMsg* cur = DtlsMsgFind(head, seq); |
| Vanger | 4:e505054279ed | 2184 | if (cur == NULL) { |
| Vanger | 4:e505054279ed | 2185 | cur = DtlsMsgNew(dataSz, heap); |
| Vanger | 4:e505054279ed | 2186 | if (cur != NULL) { |
| Vanger | 4:e505054279ed | 2187 | DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz); |
| Vanger | 4:e505054279ed | 2188 | head = DtlsMsgInsert(head, cur); |
| Vanger | 4:e505054279ed | 2189 | } |
| Vanger | 4:e505054279ed | 2190 | } |
| Vanger | 4:e505054279ed | 2191 | else { |
| Vanger | 4:e505054279ed | 2192 | DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz); |
| Vanger | 4:e505054279ed | 2193 | } |
| Vanger | 4:e505054279ed | 2194 | } |
| Vanger | 4:e505054279ed | 2195 | else { |
| Vanger | 4:e505054279ed | 2196 | head = DtlsMsgNew(dataSz, heap); |
| Vanger | 4:e505054279ed | 2197 | DtlsMsgSet(head, seq, data, type, fragOffset, fragSz); |
| Vanger | 4:e505054279ed | 2198 | } |
| Vanger | 4:e505054279ed | 2199 | |
| Vanger | 4:e505054279ed | 2200 | return head; |
| Vanger | 4:e505054279ed | 2201 | } |
| Vanger | 4:e505054279ed | 2202 | |
| Vanger | 4:e505054279ed | 2203 | |
| Vanger | 4:e505054279ed | 2204 | /* DtlsMsgInsert() is an in-order insert. */ |
| Vanger | 4:e505054279ed | 2205 | DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item) |
| Vanger | 4:e505054279ed | 2206 | { |
| Vanger | 4:e505054279ed | 2207 | if (head == NULL || item->seq < head->seq) { |
| Vanger | 4:e505054279ed | 2208 | item->next = head; |
| Vanger | 4:e505054279ed | 2209 | head = item; |
| Vanger | 4:e505054279ed | 2210 | } |
| Vanger | 4:e505054279ed | 2211 | else if (head->next == NULL) { |
| Vanger | 4:e505054279ed | 2212 | head->next = item; |
| Vanger | 4:e505054279ed | 2213 | } |
| Vanger | 4:e505054279ed | 2214 | else { |
| Vanger | 4:e505054279ed | 2215 | DtlsMsg* cur = head->next; |
| Vanger | 4:e505054279ed | 2216 | DtlsMsg* prev = head; |
| Vanger | 4:e505054279ed | 2217 | while (cur) { |
| Vanger | 4:e505054279ed | 2218 | if (item->seq < cur->seq) { |
| Vanger | 4:e505054279ed | 2219 | item->next = cur; |
| Vanger | 4:e505054279ed | 2220 | prev->next = item; |
| Vanger | 4:e505054279ed | 2221 | break; |
| Vanger | 4:e505054279ed | 2222 | } |
| Vanger | 4:e505054279ed | 2223 | prev = cur; |
| Vanger | 4:e505054279ed | 2224 | cur = cur->next; |
| Vanger | 4:e505054279ed | 2225 | } |
| Vanger | 4:e505054279ed | 2226 | if (cur == NULL) { |
| Vanger | 4:e505054279ed | 2227 | prev->next = item; |
| Vanger | 4:e505054279ed | 2228 | } |
| Vanger | 4:e505054279ed | 2229 | } |
| Vanger | 4:e505054279ed | 2230 | |
| Vanger | 4:e505054279ed | 2231 | return head; |
| Vanger | 4:e505054279ed | 2232 | } |
| Vanger | 4:e505054279ed | 2233 | |
| Vanger | 4:e505054279ed | 2234 | #endif /* CYASSL_DTLS */ |
| Vanger | 4:e505054279ed | 2235 | |
| Vanger | 4:e505054279ed | 2236 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 2237 | |
| Vanger | 4:e505054279ed | 2238 | ProtocolVersion MakeSSLv3(void) |
| Vanger | 4:e505054279ed | 2239 | { |
| Vanger | 4:e505054279ed | 2240 | ProtocolVersion pv; |
| Vanger | 4:e505054279ed | 2241 | pv.major = SSLv3_MAJOR; |
| Vanger | 4:e505054279ed | 2242 | pv.minor = SSLv3_MINOR; |
| Vanger | 4:e505054279ed | 2243 | |
| Vanger | 4:e505054279ed | 2244 | return pv; |
| Vanger | 4:e505054279ed | 2245 | } |
| Vanger | 4:e505054279ed | 2246 | |
| Vanger | 4:e505054279ed | 2247 | #endif /* NO_OLD_TLS */ |
| Vanger | 4:e505054279ed | 2248 | |
| Vanger | 4:e505054279ed | 2249 | |
| Vanger | 4:e505054279ed | 2250 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2251 | |
| Vanger | 4:e505054279ed | 2252 | ProtocolVersion MakeDTLSv1(void) |
| Vanger | 4:e505054279ed | 2253 | { |
| Vanger | 4:e505054279ed | 2254 | ProtocolVersion pv; |
| Vanger | 4:e505054279ed | 2255 | pv.major = DTLS_MAJOR; |
| Vanger | 4:e505054279ed | 2256 | pv.minor = DTLS_MINOR; |
| Vanger | 4:e505054279ed | 2257 | |
| Vanger | 4:e505054279ed | 2258 | return pv; |
| Vanger | 4:e505054279ed | 2259 | } |
| Vanger | 4:e505054279ed | 2260 | |
| Vanger | 4:e505054279ed | 2261 | ProtocolVersion MakeDTLSv1_2(void) |
| Vanger | 4:e505054279ed | 2262 | { |
| Vanger | 4:e505054279ed | 2263 | ProtocolVersion pv; |
| Vanger | 4:e505054279ed | 2264 | pv.major = DTLS_MAJOR; |
| Vanger | 4:e505054279ed | 2265 | pv.minor = DTLSv1_2_MINOR; |
| Vanger | 4:e505054279ed | 2266 | |
| Vanger | 4:e505054279ed | 2267 | return pv; |
| Vanger | 4:e505054279ed | 2268 | } |
| Vanger | 4:e505054279ed | 2269 | |
| Vanger | 4:e505054279ed | 2270 | #endif /* CYASSL_DTLS */ |
| Vanger | 4:e505054279ed | 2271 | |
| Vanger | 4:e505054279ed | 2272 | |
| Vanger | 4:e505054279ed | 2273 | |
| Vanger | 4:e505054279ed | 2274 | |
| Vanger | 4:e505054279ed | 2275 | #ifdef USE_WINDOWS_API |
| Vanger | 4:e505054279ed | 2276 | |
| Vanger | 4:e505054279ed | 2277 | word32 LowResTimer(void) |
| Vanger | 4:e505054279ed | 2278 | { |
| Vanger | 4:e505054279ed | 2279 | static int init = 0; |
| Vanger | 4:e505054279ed | 2280 | static LARGE_INTEGER freq; |
| Vanger | 4:e505054279ed | 2281 | LARGE_INTEGER count; |
| Vanger | 4:e505054279ed | 2282 | |
| Vanger | 4:e505054279ed | 2283 | if (!init) { |
| Vanger | 4:e505054279ed | 2284 | QueryPerformanceFrequency(&freq); |
| Vanger | 4:e505054279ed | 2285 | init = 1; |
| Vanger | 4:e505054279ed | 2286 | } |
| Vanger | 4:e505054279ed | 2287 | |
| Vanger | 4:e505054279ed | 2288 | QueryPerformanceCounter(&count); |
| Vanger | 4:e505054279ed | 2289 | |
| Vanger | 4:e505054279ed | 2290 | return (word32)(count.QuadPart / freq.QuadPart); |
| Vanger | 4:e505054279ed | 2291 | } |
| Vanger | 4:e505054279ed | 2292 | |
| Vanger | 4:e505054279ed | 2293 | #elif defined(HAVE_RTP_SYS) |
| Vanger | 4:e505054279ed | 2294 | |
| Vanger | 4:e505054279ed | 2295 | #include "rtptime.h" |
| Vanger | 4:e505054279ed | 2296 | |
| Vanger | 4:e505054279ed | 2297 | word32 LowResTimer(void) |
| Vanger | 4:e505054279ed | 2298 | { |
| Vanger | 4:e505054279ed | 2299 | return (word32)rtp_get_system_sec(); |
| Vanger | 4:e505054279ed | 2300 | } |
| Vanger | 4:e505054279ed | 2301 | |
| Vanger | 4:e505054279ed | 2302 | |
| Vanger | 4:e505054279ed | 2303 | #elif defined(MICRIUM) |
| Vanger | 4:e505054279ed | 2304 | |
| Vanger | 4:e505054279ed | 2305 | word32 LowResTimer(void) |
| Vanger | 4:e505054279ed | 2306 | { |
| Vanger | 4:e505054279ed | 2307 | NET_SECURE_OS_TICK clk; |
| Vanger | 4:e505054279ed | 2308 | |
| Vanger | 4:e505054279ed | 2309 | #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED) |
| Vanger | 4:e505054279ed | 2310 | clk = NetSecure_OS_TimeGet(); |
| Vanger | 4:e505054279ed | 2311 | #endif |
| Vanger | 4:e505054279ed | 2312 | return (word32)clk; |
| Vanger | 4:e505054279ed | 2313 | } |
| Vanger | 4:e505054279ed | 2314 | |
| Vanger | 4:e505054279ed | 2315 | |
| Vanger | 4:e505054279ed | 2316 | #elif defined(MICROCHIP_TCPIP_V5) |
| Vanger | 4:e505054279ed | 2317 | |
| Vanger | 4:e505054279ed | 2318 | word32 LowResTimer(void) |
| Vanger | 4:e505054279ed | 2319 | { |
| Vanger | 4:e505054279ed | 2320 | return (word32) TickGet(); |
| Vanger | 4:e505054279ed | 2321 | } |
| Vanger | 4:e505054279ed | 2322 | |
| Vanger | 4:e505054279ed | 2323 | |
| Vanger | 4:e505054279ed | 2324 | #elif defined(MICROCHIP_TCPIP) |
| Vanger | 4:e505054279ed | 2325 | |
| Vanger | 4:e505054279ed | 2326 | #if defined(MICROCHIP_MPLAB_HARMONY) |
| Vanger | 4:e505054279ed | 2327 | |
| Vanger | 4:e505054279ed | 2328 | #include <system/tmr/sys_tmr.h> |
| Vanger | 4:e505054279ed | 2329 | |
| Vanger | 4:e505054279ed | 2330 | word32 LowResTimer(void) |
| Vanger | 4:e505054279ed | 2331 | { |
| Vanger | 4:e505054279ed | 2332 | return (word32) SYS_TMR_TickCountGet(); |
| Vanger | 4:e505054279ed | 2333 | } |
| Vanger | 4:e505054279ed | 2334 | |
| Vanger | 4:e505054279ed | 2335 | #else |
| Vanger | 4:e505054279ed | 2336 | |
| Vanger | 4:e505054279ed | 2337 | word32 LowResTimer(void) |
| Vanger | 4:e505054279ed | 2338 | { |
| Vanger | 4:e505054279ed | 2339 | return (word32) SYS_TICK_Get(); |
| Vanger | 4:e505054279ed | 2340 | } |
| Vanger | 4:e505054279ed | 2341 | |
| Vanger | 4:e505054279ed | 2342 | #endif |
| Vanger | 4:e505054279ed | 2343 | |
| Vanger | 4:e505054279ed | 2344 | #elif defined(FREESCALE_MQX) |
| Vanger | 4:e505054279ed | 2345 | |
| Vanger | 4:e505054279ed | 2346 | word32 LowResTimer(void) |
| Vanger | 4:e505054279ed | 2347 | { |
| Vanger | 4:e505054279ed | 2348 | TIME_STRUCT mqxTime; |
| Vanger | 4:e505054279ed | 2349 | |
| Vanger | 4:e505054279ed | 2350 | _time_get_elapsed(&mqxTime); |
| Vanger | 4:e505054279ed | 2351 | |
| Vanger | 4:e505054279ed | 2352 | return (word32) mqxTime.SECONDS; |
| Vanger | 4:e505054279ed | 2353 | } |
| Vanger | 4:e505054279ed | 2354 | |
| Vanger | 4:e505054279ed | 2355 | |
| Vanger | 4:e505054279ed | 2356 | #elif defined(USER_TICKS) |
| Vanger | 4:e505054279ed | 2357 | #if 0 |
| Vanger | 4:e505054279ed | 2358 | word32 LowResTimer(void) |
| Vanger | 4:e505054279ed | 2359 | { |
| Vanger | 4:e505054279ed | 2360 | /* |
| Vanger | 4:e505054279ed | 2361 | write your own clock tick function if don't want time(0) |
| Vanger | 4:e505054279ed | 2362 | needs second accuracy but doesn't have to correlated to EPOCH |
| Vanger | 4:e505054279ed | 2363 | */ |
| Vanger | 4:e505054279ed | 2364 | } |
| Vanger | 4:e505054279ed | 2365 | #endif |
| Vanger | 4:e505054279ed | 2366 | #else /* !USE_WINDOWS_API && !HAVE_RTP_SYS && !MICRIUM && !USER_TICKS */ |
| Vanger | 4:e505054279ed | 2367 | |
| Vanger | 4:e505054279ed | 2368 | #include <time.h> |
| Vanger | 4:e505054279ed | 2369 | |
| Vanger | 4:e505054279ed | 2370 | word32 LowResTimer(void) |
| Vanger | 4:e505054279ed | 2371 | { |
| Vanger | 4:e505054279ed | 2372 | return (word32)time(0); |
| Vanger | 4:e505054279ed | 2373 | } |
| Vanger | 4:e505054279ed | 2374 | |
| Vanger | 4:e505054279ed | 2375 | |
| Vanger | 4:e505054279ed | 2376 | #endif /* USE_WINDOWS_API */ |
| Vanger | 4:e505054279ed | 2377 | |
| Vanger | 4:e505054279ed | 2378 | |
| Vanger | 4:e505054279ed | 2379 | /* add output to md5 and sha handshake hashes, exclude record header */ |
| Vanger | 4:e505054279ed | 2380 | static int HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz) |
| Vanger | 4:e505054279ed | 2381 | { |
| Vanger | 4:e505054279ed | 2382 | const byte* adj = output + RECORD_HEADER_SZ + ivSz; |
| Vanger | 4:e505054279ed | 2383 | sz -= RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 2384 | |
| Vanger | 4:e505054279ed | 2385 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2386 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 2387 | adj += DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 2388 | sz -= DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 2389 | } |
| Vanger | 4:e505054279ed | 2390 | #endif |
| Vanger | 4:e505054279ed | 2391 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 2392 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 2393 | ShaUpdate(&ssl->hashSha, adj, sz); |
| Vanger | 4:e505054279ed | 2394 | #endif |
| Vanger | 4:e505054279ed | 2395 | #ifndef NO_MD5 |
| Vanger | 4:e505054279ed | 2396 | Md5Update(&ssl->hashMd5, adj, sz); |
| Vanger | 4:e505054279ed | 2397 | #endif |
| Vanger | 4:e505054279ed | 2398 | #endif |
| Vanger | 4:e505054279ed | 2399 | |
| Vanger | 4:e505054279ed | 2400 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 2401 | int ret; |
| Vanger | 4:e505054279ed | 2402 | |
| Vanger | 4:e505054279ed | 2403 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 2404 | ret = Sha256Update(&ssl->hashSha256, adj, sz); |
| Vanger | 4:e505054279ed | 2405 | if (ret != 0) |
| Vanger | 4:e505054279ed | 2406 | return ret; |
| Vanger | 4:e505054279ed | 2407 | #endif |
| Vanger | 4:e505054279ed | 2408 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 2409 | ret = Sha384Update(&ssl->hashSha384, adj, sz); |
| Vanger | 4:e505054279ed | 2410 | if (ret != 0) |
| Vanger | 4:e505054279ed | 2411 | return ret; |
| Vanger | 4:e505054279ed | 2412 | #endif |
| Vanger | 4:e505054279ed | 2413 | } |
| Vanger | 4:e505054279ed | 2414 | |
| Vanger | 4:e505054279ed | 2415 | return 0; |
| Vanger | 4:e505054279ed | 2416 | } |
| Vanger | 4:e505054279ed | 2417 | |
| Vanger | 4:e505054279ed | 2418 | |
| Vanger | 4:e505054279ed | 2419 | /* add input to md5 and sha handshake hashes, include handshake header */ |
| Vanger | 4:e505054279ed | 2420 | static int HashInput(CYASSL* ssl, const byte* input, int sz) |
| Vanger | 4:e505054279ed | 2421 | { |
| Vanger | 4:e505054279ed | 2422 | const byte* adj = input - HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 2423 | sz += HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 2424 | |
| Vanger | 4:e505054279ed | 2425 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2426 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 2427 | adj -= DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 2428 | sz += DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 2429 | } |
| Vanger | 4:e505054279ed | 2430 | #endif |
| Vanger | 4:e505054279ed | 2431 | |
| Vanger | 4:e505054279ed | 2432 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 2433 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 2434 | ShaUpdate(&ssl->hashSha, adj, sz); |
| Vanger | 4:e505054279ed | 2435 | #endif |
| Vanger | 4:e505054279ed | 2436 | #ifndef NO_MD5 |
| Vanger | 4:e505054279ed | 2437 | Md5Update(&ssl->hashMd5, adj, sz); |
| Vanger | 4:e505054279ed | 2438 | #endif |
| Vanger | 4:e505054279ed | 2439 | #endif |
| Vanger | 4:e505054279ed | 2440 | |
| Vanger | 4:e505054279ed | 2441 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 2442 | int ret; |
| Vanger | 4:e505054279ed | 2443 | |
| Vanger | 4:e505054279ed | 2444 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 2445 | ret = Sha256Update(&ssl->hashSha256, adj, sz); |
| Vanger | 4:e505054279ed | 2446 | if (ret != 0) |
| Vanger | 4:e505054279ed | 2447 | return ret; |
| Vanger | 4:e505054279ed | 2448 | #endif |
| Vanger | 4:e505054279ed | 2449 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 2450 | ret = Sha384Update(&ssl->hashSha384, adj, sz); |
| Vanger | 4:e505054279ed | 2451 | if (ret != 0) |
| Vanger | 4:e505054279ed | 2452 | return ret; |
| Vanger | 4:e505054279ed | 2453 | #endif |
| Vanger | 4:e505054279ed | 2454 | } |
| Vanger | 4:e505054279ed | 2455 | |
| Vanger | 4:e505054279ed | 2456 | return 0; |
| Vanger | 4:e505054279ed | 2457 | } |
| Vanger | 4:e505054279ed | 2458 | |
| Vanger | 4:e505054279ed | 2459 | |
| Vanger | 4:e505054279ed | 2460 | /* add record layer header for message */ |
| Vanger | 4:e505054279ed | 2461 | static void AddRecordHeader(byte* output, word32 length, byte type, CYASSL* ssl) |
| Vanger | 4:e505054279ed | 2462 | { |
| Vanger | 4:e505054279ed | 2463 | RecordLayerHeader* rl; |
| Vanger | 4:e505054279ed | 2464 | |
| Vanger | 4:e505054279ed | 2465 | /* record layer header */ |
| Vanger | 4:e505054279ed | 2466 | rl = (RecordLayerHeader*)output; |
| Vanger | 4:e505054279ed | 2467 | rl->type = type; |
| Vanger | 4:e505054279ed | 2468 | rl->pvMajor = ssl->version.major; /* type and version same in each */ |
| Vanger | 4:e505054279ed | 2469 | rl->pvMinor = ssl->version.minor; |
| Vanger | 4:e505054279ed | 2470 | |
| Vanger | 4:e505054279ed | 2471 | if (!ssl->options.dtls) |
| Vanger | 4:e505054279ed | 2472 | c16toa((word16)length, rl->length); |
| Vanger | 4:e505054279ed | 2473 | else { |
| Vanger | 4:e505054279ed | 2474 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2475 | DtlsRecordLayerHeader* dtls; |
| Vanger | 4:e505054279ed | 2476 | |
| Vanger | 4:e505054279ed | 2477 | /* dtls record layer header extensions */ |
| Vanger | 4:e505054279ed | 2478 | dtls = (DtlsRecordLayerHeader*)output; |
| Vanger | 4:e505054279ed | 2479 | c16toa(ssl->keys.dtls_epoch, dtls->epoch); |
| Vanger | 4:e505054279ed | 2480 | c32to48(ssl->keys.dtls_sequence_number++, dtls->sequence_number); |
| Vanger | 4:e505054279ed | 2481 | c16toa((word16)length, dtls->length); |
| Vanger | 4:e505054279ed | 2482 | #endif |
| Vanger | 4:e505054279ed | 2483 | } |
| Vanger | 4:e505054279ed | 2484 | } |
| Vanger | 4:e505054279ed | 2485 | |
| Vanger | 4:e505054279ed | 2486 | |
| Vanger | 4:e505054279ed | 2487 | /* add handshake header for message */ |
| Vanger | 4:e505054279ed | 2488 | static void AddHandShakeHeader(byte* output, word32 length, byte type, |
| Vanger | 4:e505054279ed | 2489 | CYASSL* ssl) |
| Vanger | 4:e505054279ed | 2490 | { |
| Vanger | 4:e505054279ed | 2491 | HandShakeHeader* hs; |
| Vanger | 4:e505054279ed | 2492 | (void)ssl; |
| Vanger | 4:e505054279ed | 2493 | |
| Vanger | 4:e505054279ed | 2494 | /* handshake header */ |
| Vanger | 4:e505054279ed | 2495 | hs = (HandShakeHeader*)output; |
| Vanger | 4:e505054279ed | 2496 | hs->type = type; |
| Vanger | 4:e505054279ed | 2497 | c32to24(length, hs->length); /* type and length same for each */ |
| Vanger | 4:e505054279ed | 2498 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2499 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 2500 | DtlsHandShakeHeader* dtls; |
| Vanger | 4:e505054279ed | 2501 | |
| Vanger | 4:e505054279ed | 2502 | /* dtls handshake header extensions */ |
| Vanger | 4:e505054279ed | 2503 | dtls = (DtlsHandShakeHeader*)output; |
| Vanger | 4:e505054279ed | 2504 | c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq); |
| Vanger | 4:e505054279ed | 2505 | c32to24(0, dtls->fragment_offset); |
| Vanger | 4:e505054279ed | 2506 | c32to24(length, dtls->fragment_length); |
| Vanger | 4:e505054279ed | 2507 | } |
| Vanger | 4:e505054279ed | 2508 | #endif |
| Vanger | 4:e505054279ed | 2509 | } |
| Vanger | 4:e505054279ed | 2510 | |
| Vanger | 4:e505054279ed | 2511 | |
| Vanger | 4:e505054279ed | 2512 | /* add both headers for handshake message */ |
| Vanger | 4:e505054279ed | 2513 | static void AddHeaders(byte* output, word32 length, byte type, CYASSL* ssl) |
| Vanger | 4:e505054279ed | 2514 | { |
| Vanger | 4:e505054279ed | 2515 | if (!ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 2516 | AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl); |
| Vanger | 4:e505054279ed | 2517 | AddHandShakeHeader(output + RECORD_HEADER_SZ, length, type, ssl); |
| Vanger | 4:e505054279ed | 2518 | } |
| Vanger | 4:e505054279ed | 2519 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2520 | else { |
| Vanger | 4:e505054279ed | 2521 | AddRecordHeader(output, length+DTLS_HANDSHAKE_HEADER_SZ, handshake,ssl); |
| Vanger | 4:e505054279ed | 2522 | AddHandShakeHeader(output + DTLS_RECORD_HEADER_SZ, length, type, ssl); |
| Vanger | 4:e505054279ed | 2523 | } |
| Vanger | 4:e505054279ed | 2524 | #endif |
| Vanger | 4:e505054279ed | 2525 | } |
| Vanger | 4:e505054279ed | 2526 | |
| Vanger | 4:e505054279ed | 2527 | |
| Vanger | 4:e505054279ed | 2528 | /* return bytes received, -1 on error */ |
| Vanger | 4:e505054279ed | 2529 | static int Receive(CYASSL* ssl, byte* buf, word32 sz) |
| Vanger | 4:e505054279ed | 2530 | { |
| Vanger | 4:e505054279ed | 2531 | int recvd; |
| Vanger | 4:e505054279ed | 2532 | |
| Vanger | 4:e505054279ed | 2533 | if (ssl->ctx->CBIORecv == NULL) { |
| Vanger | 4:e505054279ed | 2534 | CYASSL_MSG("Your IO Recv callback is null, please set"); |
| Vanger | 4:e505054279ed | 2535 | return -1; |
| Vanger | 4:e505054279ed | 2536 | } |
| Vanger | 4:e505054279ed | 2537 | |
| Vanger | 4:e505054279ed | 2538 | retry: |
| Vanger | 4:e505054279ed | 2539 | recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx); |
| Vanger | 4:e505054279ed | 2540 | if (recvd < 0) |
| Vanger | 4:e505054279ed | 2541 | switch (recvd) { |
| Vanger | 4:e505054279ed | 2542 | case CYASSL_CBIO_ERR_GENERAL: /* general/unknown error */ |
| Vanger | 4:e505054279ed | 2543 | return -1; |
| Vanger | 4:e505054279ed | 2544 | |
| Vanger | 4:e505054279ed | 2545 | case CYASSL_CBIO_ERR_WANT_READ: /* want read, would block */ |
| Vanger | 4:e505054279ed | 2546 | return WANT_READ; |
| Vanger | 4:e505054279ed | 2547 | |
| Vanger | 4:e505054279ed | 2548 | case CYASSL_CBIO_ERR_CONN_RST: /* connection reset */ |
| Vanger | 4:e505054279ed | 2549 | #ifdef USE_WINDOWS_API |
| Vanger | 4:e505054279ed | 2550 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 2551 | goto retry; |
| Vanger | 4:e505054279ed | 2552 | } |
| Vanger | 4:e505054279ed | 2553 | #endif |
| Vanger | 4:e505054279ed | 2554 | ssl->options.connReset = 1; |
| Vanger | 4:e505054279ed | 2555 | return -1; |
| Vanger | 4:e505054279ed | 2556 | |
| Vanger | 4:e505054279ed | 2557 | case CYASSL_CBIO_ERR_ISR: /* interrupt */ |
| Vanger | 4:e505054279ed | 2558 | /* see if we got our timeout */ |
| Vanger | 4:e505054279ed | 2559 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 2560 | if (ssl->toInfoOn) { |
| Vanger | 4:e505054279ed | 2561 | struct itimerval timeout; |
| Vanger | 4:e505054279ed | 2562 | getitimer(ITIMER_REAL, &timeout); |
| Vanger | 4:e505054279ed | 2563 | if (timeout.it_value.tv_sec == 0 && |
| Vanger | 4:e505054279ed | 2564 | timeout.it_value.tv_usec == 0) { |
| Vanger | 4:e505054279ed | 2565 | XSTRNCPY(ssl->timeoutInfo.timeoutName, |
| Vanger | 4:e505054279ed | 2566 | "recv() timeout", MAX_TIMEOUT_NAME_SZ); |
| Vanger | 4:e505054279ed | 2567 | CYASSL_MSG("Got our timeout"); |
| Vanger | 4:e505054279ed | 2568 | return WANT_READ; |
| Vanger | 4:e505054279ed | 2569 | } |
| Vanger | 4:e505054279ed | 2570 | } |
| Vanger | 4:e505054279ed | 2571 | #endif |
| Vanger | 4:e505054279ed | 2572 | goto retry; |
| Vanger | 4:e505054279ed | 2573 | |
| Vanger | 4:e505054279ed | 2574 | case CYASSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */ |
| Vanger | 4:e505054279ed | 2575 | ssl->options.isClosed = 1; |
| Vanger | 4:e505054279ed | 2576 | return -1; |
| Vanger | 4:e505054279ed | 2577 | |
| Vanger | 4:e505054279ed | 2578 | case CYASSL_CBIO_ERR_TIMEOUT: |
| Vanger | 4:e505054279ed | 2579 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2580 | if (DtlsPoolTimeout(ssl) == 0 && DtlsPoolSend(ssl) == 0) |
| Vanger | 4:e505054279ed | 2581 | goto retry; |
| Vanger | 4:e505054279ed | 2582 | else |
| Vanger | 4:e505054279ed | 2583 | #endif |
| Vanger | 4:e505054279ed | 2584 | return -1; |
| Vanger | 4:e505054279ed | 2585 | |
| Vanger | 4:e505054279ed | 2586 | default: |
| Vanger | 4:e505054279ed | 2587 | return recvd; |
| Vanger | 4:e505054279ed | 2588 | } |
| Vanger | 4:e505054279ed | 2589 | |
| Vanger | 4:e505054279ed | 2590 | return recvd; |
| Vanger | 4:e505054279ed | 2591 | } |
| Vanger | 4:e505054279ed | 2592 | |
| Vanger | 4:e505054279ed | 2593 | |
| Vanger | 4:e505054279ed | 2594 | /* Switch dynamic output buffer back to static, buffer is assumed clear */ |
| Vanger | 4:e505054279ed | 2595 | void ShrinkOutputBuffer(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 2596 | { |
| Vanger | 4:e505054279ed | 2597 | CYASSL_MSG("Shrinking output buffer\n"); |
| Vanger | 4:e505054279ed | 2598 | XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset, |
| Vanger | 4:e505054279ed | 2599 | ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); |
| Vanger | 4:e505054279ed | 2600 | ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; |
| Vanger | 4:e505054279ed | 2601 | ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; |
| Vanger | 4:e505054279ed | 2602 | ssl->buffers.outputBuffer.dynamicFlag = 0; |
| Vanger | 4:e505054279ed | 2603 | ssl->buffers.outputBuffer.offset = 0; |
| Vanger | 4:e505054279ed | 2604 | } |
| Vanger | 4:e505054279ed | 2605 | |
| Vanger | 4:e505054279ed | 2606 | |
| Vanger | 4:e505054279ed | 2607 | /* Switch dynamic input buffer back to static, keep any remaining input */ |
| Vanger | 4:e505054279ed | 2608 | /* forced free means cleaning up */ |
| Vanger | 4:e505054279ed | 2609 | void ShrinkInputBuffer(CYASSL* ssl, int forcedFree) |
| Vanger | 4:e505054279ed | 2610 | { |
| Vanger | 4:e505054279ed | 2611 | int usedLength = ssl->buffers.inputBuffer.length - |
| Vanger | 4:e505054279ed | 2612 | ssl->buffers.inputBuffer.idx; |
| Vanger | 4:e505054279ed | 2613 | if (!forcedFree && usedLength > STATIC_BUFFER_LEN) |
| Vanger | 4:e505054279ed | 2614 | return; |
| Vanger | 4:e505054279ed | 2615 | |
| Vanger | 4:e505054279ed | 2616 | CYASSL_MSG("Shrinking input buffer\n"); |
| Vanger | 4:e505054279ed | 2617 | |
| Vanger | 4:e505054279ed | 2618 | if (!forcedFree && usedLength) |
| Vanger | 4:e505054279ed | 2619 | XMEMCPY(ssl->buffers.inputBuffer.staticBuffer, |
| Vanger | 4:e505054279ed | 2620 | ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 2621 | usedLength); |
| Vanger | 4:e505054279ed | 2622 | |
| Vanger | 4:e505054279ed | 2623 | XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset, |
| Vanger | 4:e505054279ed | 2624 | ssl->heap, DYNAMIC_TYPE_IN_BUFFER); |
| Vanger | 4:e505054279ed | 2625 | ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer; |
| Vanger | 4:e505054279ed | 2626 | ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN; |
| Vanger | 4:e505054279ed | 2627 | ssl->buffers.inputBuffer.dynamicFlag = 0; |
| Vanger | 4:e505054279ed | 2628 | ssl->buffers.inputBuffer.offset = 0; |
| Vanger | 4:e505054279ed | 2629 | ssl->buffers.inputBuffer.idx = 0; |
| Vanger | 4:e505054279ed | 2630 | ssl->buffers.inputBuffer.length = usedLength; |
| Vanger | 4:e505054279ed | 2631 | } |
| Vanger | 4:e505054279ed | 2632 | |
| Vanger | 4:e505054279ed | 2633 | |
| Vanger | 4:e505054279ed | 2634 | int SendBuffered(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 2635 | { |
| Vanger | 4:e505054279ed | 2636 | if (ssl->ctx->CBIOSend == NULL) { |
| Vanger | 4:e505054279ed | 2637 | CYASSL_MSG("Your IO Send callback is null, please set"); |
| Vanger | 4:e505054279ed | 2638 | return SOCKET_ERROR_E; |
| Vanger | 4:e505054279ed | 2639 | } |
| Vanger | 4:e505054279ed | 2640 | |
| Vanger | 4:e505054279ed | 2641 | while (ssl->buffers.outputBuffer.length > 0) { |
| Vanger | 4:e505054279ed | 2642 | int sent = ssl->ctx->CBIOSend(ssl, |
| Vanger | 4:e505054279ed | 2643 | (char*)ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 2644 | ssl->buffers.outputBuffer.idx, |
| Vanger | 4:e505054279ed | 2645 | (int)ssl->buffers.outputBuffer.length, |
| Vanger | 4:e505054279ed | 2646 | ssl->IOCB_WriteCtx); |
| Vanger | 4:e505054279ed | 2647 | if (sent < 0) { |
| Vanger | 4:e505054279ed | 2648 | switch (sent) { |
| Vanger | 4:e505054279ed | 2649 | |
| Vanger | 4:e505054279ed | 2650 | case CYASSL_CBIO_ERR_WANT_WRITE: /* would block */ |
| Vanger | 4:e505054279ed | 2651 | return WANT_WRITE; |
| Vanger | 4:e505054279ed | 2652 | |
| Vanger | 4:e505054279ed | 2653 | case CYASSL_CBIO_ERR_CONN_RST: /* connection reset */ |
| Vanger | 4:e505054279ed | 2654 | ssl->options.connReset = 1; |
| Vanger | 4:e505054279ed | 2655 | break; |
| Vanger | 4:e505054279ed | 2656 | |
| Vanger | 4:e505054279ed | 2657 | case CYASSL_CBIO_ERR_ISR: /* interrupt */ |
| Vanger | 4:e505054279ed | 2658 | /* see if we got our timeout */ |
| Vanger | 4:e505054279ed | 2659 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 2660 | if (ssl->toInfoOn) { |
| Vanger | 4:e505054279ed | 2661 | struct itimerval timeout; |
| Vanger | 4:e505054279ed | 2662 | getitimer(ITIMER_REAL, &timeout); |
| Vanger | 4:e505054279ed | 2663 | if (timeout.it_value.tv_sec == 0 && |
| Vanger | 4:e505054279ed | 2664 | timeout.it_value.tv_usec == 0) { |
| Vanger | 4:e505054279ed | 2665 | XSTRNCPY(ssl->timeoutInfo.timeoutName, |
| Vanger | 4:e505054279ed | 2666 | "send() timeout", MAX_TIMEOUT_NAME_SZ); |
| Vanger | 4:e505054279ed | 2667 | CYASSL_MSG("Got our timeout"); |
| Vanger | 4:e505054279ed | 2668 | return WANT_WRITE; |
| Vanger | 4:e505054279ed | 2669 | } |
| Vanger | 4:e505054279ed | 2670 | } |
| Vanger | 4:e505054279ed | 2671 | #endif |
| Vanger | 4:e505054279ed | 2672 | continue; |
| Vanger | 4:e505054279ed | 2673 | |
| Vanger | 4:e505054279ed | 2674 | case CYASSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */ |
| Vanger | 4:e505054279ed | 2675 | ssl->options.connReset = 1; /* treat same as reset */ |
| Vanger | 4:e505054279ed | 2676 | break; |
| Vanger | 4:e505054279ed | 2677 | |
| Vanger | 4:e505054279ed | 2678 | default: |
| Vanger | 4:e505054279ed | 2679 | return SOCKET_ERROR_E; |
| Vanger | 4:e505054279ed | 2680 | } |
| Vanger | 4:e505054279ed | 2681 | |
| Vanger | 4:e505054279ed | 2682 | return SOCKET_ERROR_E; |
| Vanger | 4:e505054279ed | 2683 | } |
| Vanger | 4:e505054279ed | 2684 | |
| Vanger | 4:e505054279ed | 2685 | ssl->buffers.outputBuffer.idx += sent; |
| Vanger | 4:e505054279ed | 2686 | ssl->buffers.outputBuffer.length -= sent; |
| Vanger | 4:e505054279ed | 2687 | } |
| Vanger | 4:e505054279ed | 2688 | |
| Vanger | 4:e505054279ed | 2689 | ssl->buffers.outputBuffer.idx = 0; |
| Vanger | 4:e505054279ed | 2690 | |
| Vanger | 4:e505054279ed | 2691 | if (ssl->buffers.outputBuffer.dynamicFlag) |
| Vanger | 4:e505054279ed | 2692 | ShrinkOutputBuffer(ssl); |
| Vanger | 4:e505054279ed | 2693 | |
| Vanger | 4:e505054279ed | 2694 | return 0; |
| Vanger | 4:e505054279ed | 2695 | } |
| Vanger | 4:e505054279ed | 2696 | |
| Vanger | 4:e505054279ed | 2697 | |
| Vanger | 4:e505054279ed | 2698 | /* Grow the output buffer */ |
| Vanger | 4:e505054279ed | 2699 | static INLINE int GrowOutputBuffer(CYASSL* ssl, int size) |
| Vanger | 4:e505054279ed | 2700 | { |
| Vanger | 4:e505054279ed | 2701 | byte* tmp; |
| Vanger | 4:e505054279ed | 2702 | byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ : |
| Vanger | 4:e505054279ed | 2703 | RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 2704 | byte align = CYASSL_GENERAL_ALIGNMENT; |
| Vanger | 4:e505054279ed | 2705 | /* the encrypted data will be offset from the front of the buffer by |
| Vanger | 4:e505054279ed | 2706 | the header, if the user wants encrypted alignment they need |
| Vanger | 4:e505054279ed | 2707 | to define their alignment requirement */ |
| Vanger | 4:e505054279ed | 2708 | |
| Vanger | 4:e505054279ed | 2709 | if (align) { |
| Vanger | 4:e505054279ed | 2710 | while (align < hdrSz) |
| Vanger | 4:e505054279ed | 2711 | align *= 2; |
| Vanger | 4:e505054279ed | 2712 | } |
| Vanger | 4:e505054279ed | 2713 | |
| Vanger | 4:e505054279ed | 2714 | tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align, |
| Vanger | 4:e505054279ed | 2715 | ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); |
| Vanger | 4:e505054279ed | 2716 | CYASSL_MSG("growing output buffer\n"); |
| Vanger | 4:e505054279ed | 2717 | |
| Vanger | 4:e505054279ed | 2718 | if (!tmp) return MEMORY_E; |
| Vanger | 4:e505054279ed | 2719 | if (align) |
| Vanger | 4:e505054279ed | 2720 | tmp += align - hdrSz; |
| Vanger | 4:e505054279ed | 2721 | |
| Vanger | 4:e505054279ed | 2722 | if (ssl->buffers.outputBuffer.length) |
| Vanger | 4:e505054279ed | 2723 | XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer, |
| Vanger | 4:e505054279ed | 2724 | ssl->buffers.outputBuffer.length); |
| Vanger | 4:e505054279ed | 2725 | |
| Vanger | 4:e505054279ed | 2726 | if (ssl->buffers.outputBuffer.dynamicFlag) |
| Vanger | 4:e505054279ed | 2727 | XFREE(ssl->buffers.outputBuffer.buffer - |
| Vanger | 4:e505054279ed | 2728 | ssl->buffers.outputBuffer.offset, ssl->heap, |
| Vanger | 4:e505054279ed | 2729 | DYNAMIC_TYPE_OUT_BUFFER); |
| Vanger | 4:e505054279ed | 2730 | ssl->buffers.outputBuffer.dynamicFlag = 1; |
| Vanger | 4:e505054279ed | 2731 | if (align) |
| Vanger | 4:e505054279ed | 2732 | ssl->buffers.outputBuffer.offset = align - hdrSz; |
| Vanger | 4:e505054279ed | 2733 | else |
| Vanger | 4:e505054279ed | 2734 | ssl->buffers.outputBuffer.offset = 0; |
| Vanger | 4:e505054279ed | 2735 | ssl->buffers.outputBuffer.buffer = tmp; |
| Vanger | 4:e505054279ed | 2736 | ssl->buffers.outputBuffer.bufferSize = size + |
| Vanger | 4:e505054279ed | 2737 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 2738 | return 0; |
| Vanger | 4:e505054279ed | 2739 | } |
| Vanger | 4:e505054279ed | 2740 | |
| Vanger | 4:e505054279ed | 2741 | |
| Vanger | 4:e505054279ed | 2742 | /* Grow the input buffer, should only be to read cert or big app data */ |
| Vanger | 4:e505054279ed | 2743 | int GrowInputBuffer(CYASSL* ssl, int size, int usedLength) |
| Vanger | 4:e505054279ed | 2744 | { |
| Vanger | 4:e505054279ed | 2745 | byte* tmp; |
| Vanger | 4:e505054279ed | 2746 | byte hdrSz = DTLS_RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 2747 | byte align = ssl->options.dtls ? CYASSL_GENERAL_ALIGNMENT : 0; |
| Vanger | 4:e505054279ed | 2748 | /* the encrypted data will be offset from the front of the buffer by |
| Vanger | 4:e505054279ed | 2749 | the dtls record header, if the user wants encrypted alignment they need |
| Vanger | 4:e505054279ed | 2750 | to define their alignment requirement. in tls we read record header |
| Vanger | 4:e505054279ed | 2751 | to get size of record and put actual data back at front, so don't need */ |
| Vanger | 4:e505054279ed | 2752 | |
| Vanger | 4:e505054279ed | 2753 | if (align) { |
| Vanger | 4:e505054279ed | 2754 | while (align < hdrSz) |
| Vanger | 4:e505054279ed | 2755 | align *= 2; |
| Vanger | 4:e505054279ed | 2756 | } |
| Vanger | 4:e505054279ed | 2757 | tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap, |
| Vanger | 4:e505054279ed | 2758 | DYNAMIC_TYPE_IN_BUFFER); |
| Vanger | 4:e505054279ed | 2759 | CYASSL_MSG("growing input buffer\n"); |
| Vanger | 4:e505054279ed | 2760 | |
| Vanger | 4:e505054279ed | 2761 | if (!tmp) return MEMORY_E; |
| Vanger | 4:e505054279ed | 2762 | if (align) |
| Vanger | 4:e505054279ed | 2763 | tmp += align - hdrSz; |
| Vanger | 4:e505054279ed | 2764 | |
| Vanger | 4:e505054279ed | 2765 | if (usedLength) |
| Vanger | 4:e505054279ed | 2766 | XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer + |
| Vanger | 4:e505054279ed | 2767 | ssl->buffers.inputBuffer.idx, usedLength); |
| Vanger | 4:e505054279ed | 2768 | |
| Vanger | 4:e505054279ed | 2769 | if (ssl->buffers.inputBuffer.dynamicFlag) |
| Vanger | 4:e505054279ed | 2770 | XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset, |
| Vanger | 4:e505054279ed | 2771 | ssl->heap,DYNAMIC_TYPE_IN_BUFFER); |
| Vanger | 4:e505054279ed | 2772 | |
| Vanger | 4:e505054279ed | 2773 | ssl->buffers.inputBuffer.dynamicFlag = 1; |
| Vanger | 4:e505054279ed | 2774 | if (align) |
| Vanger | 4:e505054279ed | 2775 | ssl->buffers.inputBuffer.offset = align - hdrSz; |
| Vanger | 4:e505054279ed | 2776 | else |
| Vanger | 4:e505054279ed | 2777 | ssl->buffers.inputBuffer.offset = 0; |
| Vanger | 4:e505054279ed | 2778 | ssl->buffers.inputBuffer.buffer = tmp; |
| Vanger | 4:e505054279ed | 2779 | ssl->buffers.inputBuffer.bufferSize = size + usedLength; |
| Vanger | 4:e505054279ed | 2780 | ssl->buffers.inputBuffer.idx = 0; |
| Vanger | 4:e505054279ed | 2781 | ssl->buffers.inputBuffer.length = usedLength; |
| Vanger | 4:e505054279ed | 2782 | |
| Vanger | 4:e505054279ed | 2783 | return 0; |
| Vanger | 4:e505054279ed | 2784 | } |
| Vanger | 4:e505054279ed | 2785 | |
| Vanger | 4:e505054279ed | 2786 | |
| Vanger | 4:e505054279ed | 2787 | /* check available size into output buffer, make room if needed */ |
| Vanger | 4:e505054279ed | 2788 | int CheckAvailableSize(CYASSL *ssl, int size) |
| Vanger | 4:e505054279ed | 2789 | { |
| Vanger | 4:e505054279ed | 2790 | if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length |
| Vanger | 4:e505054279ed | 2791 | < (word32)size) { |
| Vanger | 4:e505054279ed | 2792 | if (GrowOutputBuffer(ssl, size) < 0) |
| Vanger | 4:e505054279ed | 2793 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 2794 | } |
| Vanger | 4:e505054279ed | 2795 | |
| Vanger | 4:e505054279ed | 2796 | return 0; |
| Vanger | 4:e505054279ed | 2797 | } |
| Vanger | 4:e505054279ed | 2798 | |
| Vanger | 4:e505054279ed | 2799 | |
| Vanger | 4:e505054279ed | 2800 | /* do all verify and sanity checks on record header */ |
| Vanger | 4:e505054279ed | 2801 | static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 2802 | RecordLayerHeader* rh, word16 *size) |
| Vanger | 4:e505054279ed | 2803 | { |
| Vanger | 4:e505054279ed | 2804 | if (!ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 2805 | XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ); |
| Vanger | 4:e505054279ed | 2806 | *inOutIdx += RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 2807 | ato16(rh->length, size); |
| Vanger | 4:e505054279ed | 2808 | } |
| Vanger | 4:e505054279ed | 2809 | else { |
| Vanger | 4:e505054279ed | 2810 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2811 | /* type and version in same sport */ |
| Vanger | 4:e505054279ed | 2812 | XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ); |
| Vanger | 4:e505054279ed | 2813 | *inOutIdx += ENUM_LEN + VERSION_SZ; |
| Vanger | 4:e505054279ed | 2814 | ato16(input + *inOutIdx, &ssl->keys.dtls_state.curEpoch); |
| Vanger | 4:e505054279ed | 2815 | *inOutIdx += 4; /* advance past epoch, skip first 2 seq bytes for now */ |
| Vanger | 4:e505054279ed | 2816 | ato32(input + *inOutIdx, &ssl->keys.dtls_state.curSeq); |
| Vanger | 4:e505054279ed | 2817 | *inOutIdx += 4; /* advance past rest of seq */ |
| Vanger | 4:e505054279ed | 2818 | ato16(input + *inOutIdx, size); |
| Vanger | 4:e505054279ed | 2819 | *inOutIdx += LENGTH_SZ; |
| Vanger | 4:e505054279ed | 2820 | #endif |
| Vanger | 4:e505054279ed | 2821 | } |
| Vanger | 4:e505054279ed | 2822 | |
| Vanger | 4:e505054279ed | 2823 | /* catch version mismatch */ |
| Vanger | 4:e505054279ed | 2824 | if ((rh->pvMajor != ssl->version.major) || (rh->pvMinor != ssl->version.minor)){ |
| Vanger | 4:e505054279ed | 2825 | if (ssl->options.side == CYASSL_SERVER_END && |
| Vanger | 4:e505054279ed | 2826 | ssl->options.acceptState == ACCEPT_BEGIN) |
| Vanger | 4:e505054279ed | 2827 | CYASSL_MSG("Client attempting to connect with different version"); |
| Vanger | 4:e505054279ed | 2828 | else if (ssl->options.side == CYASSL_CLIENT_END && |
| Vanger | 4:e505054279ed | 2829 | ssl->options.downgrade && |
| Vanger | 4:e505054279ed | 2830 | ssl->options.connectState < FIRST_REPLY_DONE) |
| Vanger | 4:e505054279ed | 2831 | CYASSL_MSG("Server attempting to accept with different version"); |
| Vanger | 4:e505054279ed | 2832 | else { |
| Vanger | 4:e505054279ed | 2833 | CYASSL_MSG("SSL version error"); |
| Vanger | 4:e505054279ed | 2834 | return VERSION_ERROR; /* only use requested version */ |
| Vanger | 4:e505054279ed | 2835 | } |
| Vanger | 4:e505054279ed | 2836 | } |
| Vanger | 4:e505054279ed | 2837 | |
| Vanger | 4:e505054279ed | 2838 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2839 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 2840 | if (DtlsCheckWindow(&ssl->keys.dtls_state) != 1) |
| Vanger | 4:e505054279ed | 2841 | return SEQUENCE_ERROR; |
| Vanger | 4:e505054279ed | 2842 | } |
| Vanger | 4:e505054279ed | 2843 | #endif |
| Vanger | 4:e505054279ed | 2844 | |
| Vanger | 4:e505054279ed | 2845 | /* record layer length check */ |
| Vanger | 4:e505054279ed | 2846 | #ifdef HAVE_MAX_FRAGMENT |
| Vanger | 4:e505054279ed | 2847 | if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) |
| Vanger | 4:e505054279ed | 2848 | return LENGTH_ERROR; |
| Vanger | 4:e505054279ed | 2849 | #else |
| Vanger | 4:e505054279ed | 2850 | if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) |
| Vanger | 4:e505054279ed | 2851 | return LENGTH_ERROR; |
| Vanger | 4:e505054279ed | 2852 | #endif |
| Vanger | 4:e505054279ed | 2853 | |
| Vanger | 4:e505054279ed | 2854 | /* verify record type here as well */ |
| Vanger | 4:e505054279ed | 2855 | switch (rh->type) { |
| Vanger | 4:e505054279ed | 2856 | case handshake: |
| Vanger | 4:e505054279ed | 2857 | case change_cipher_spec: |
| Vanger | 4:e505054279ed | 2858 | case application_data: |
| Vanger | 4:e505054279ed | 2859 | case alert: |
| Vanger | 4:e505054279ed | 2860 | break; |
| Vanger | 4:e505054279ed | 2861 | case no_type: |
| Vanger | 4:e505054279ed | 2862 | default: |
| Vanger | 4:e505054279ed | 2863 | CYASSL_MSG("Unknown Record Type"); |
| Vanger | 4:e505054279ed | 2864 | return UNKNOWN_RECORD_TYPE; |
| Vanger | 4:e505054279ed | 2865 | } |
| Vanger | 4:e505054279ed | 2866 | |
| Vanger | 4:e505054279ed | 2867 | /* haven't decrypted this record yet */ |
| Vanger | 4:e505054279ed | 2868 | ssl->keys.decryptedCur = 0; |
| Vanger | 4:e505054279ed | 2869 | |
| Vanger | 4:e505054279ed | 2870 | return 0; |
| Vanger | 4:e505054279ed | 2871 | } |
| Vanger | 4:e505054279ed | 2872 | |
| Vanger | 4:e505054279ed | 2873 | |
| Vanger | 4:e505054279ed | 2874 | static int GetHandShakeHeader(CYASSL* ssl, const byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 2875 | byte *type, word32 *size) |
| Vanger | 4:e505054279ed | 2876 | { |
| Vanger | 4:e505054279ed | 2877 | const byte *ptr = input + *inOutIdx; |
| Vanger | 4:e505054279ed | 2878 | (void)ssl; |
| Vanger | 4:e505054279ed | 2879 | *inOutIdx += HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 2880 | |
| Vanger | 4:e505054279ed | 2881 | *type = ptr[0]; |
| Vanger | 4:e505054279ed | 2882 | c24to32(&ptr[1], size); |
| Vanger | 4:e505054279ed | 2883 | |
| Vanger | 4:e505054279ed | 2884 | return 0; |
| Vanger | 4:e505054279ed | 2885 | } |
| Vanger | 4:e505054279ed | 2886 | |
| Vanger | 4:e505054279ed | 2887 | |
| Vanger | 4:e505054279ed | 2888 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 2889 | static int GetDtlsHandShakeHeader(CYASSL* ssl, const byte* input, |
| Vanger | 4:e505054279ed | 2890 | word32* inOutIdx, byte *type, word32 *size, |
| Vanger | 4:e505054279ed | 2891 | word32 *fragOffset, word32 *fragSz) |
| Vanger | 4:e505054279ed | 2892 | { |
| Vanger | 4:e505054279ed | 2893 | word32 idx = *inOutIdx; |
| Vanger | 4:e505054279ed | 2894 | |
| Vanger | 4:e505054279ed | 2895 | *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 2896 | |
| Vanger | 4:e505054279ed | 2897 | *type = input[idx++]; |
| Vanger | 4:e505054279ed | 2898 | c24to32(input + idx, size); |
| Vanger | 4:e505054279ed | 2899 | idx += BYTE3_LEN; |
| Vanger | 4:e505054279ed | 2900 | |
| Vanger | 4:e505054279ed | 2901 | ato16(input + idx, &ssl->keys.dtls_peer_handshake_number); |
| Vanger | 4:e505054279ed | 2902 | idx += DTLS_HANDSHAKE_SEQ_SZ; |
| Vanger | 4:e505054279ed | 2903 | |
| Vanger | 4:e505054279ed | 2904 | c24to32(input + idx, fragOffset); |
| Vanger | 4:e505054279ed | 2905 | idx += DTLS_HANDSHAKE_FRAG_SZ; |
| Vanger | 4:e505054279ed | 2906 | c24to32(input + idx, fragSz); |
| Vanger | 4:e505054279ed | 2907 | |
| Vanger | 4:e505054279ed | 2908 | return 0; |
| Vanger | 4:e505054279ed | 2909 | } |
| Vanger | 4:e505054279ed | 2910 | #endif |
| Vanger | 4:e505054279ed | 2911 | |
| Vanger | 4:e505054279ed | 2912 | |
| Vanger | 4:e505054279ed | 2913 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 2914 | /* fill with MD5 pad size since biggest required */ |
| Vanger | 4:e505054279ed | 2915 | static const byte PAD1[PAD_MD5] = |
| Vanger | 4:e505054279ed | 2916 | { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
| Vanger | 4:e505054279ed | 2917 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
| Vanger | 4:e505054279ed | 2918 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
| Vanger | 4:e505054279ed | 2919 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
| Vanger | 4:e505054279ed | 2920 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, |
| Vanger | 4:e505054279ed | 2921 | 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 |
| Vanger | 4:e505054279ed | 2922 | }; |
| Vanger | 4:e505054279ed | 2923 | static const byte PAD2[PAD_MD5] = |
| Vanger | 4:e505054279ed | 2924 | { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
| Vanger | 4:e505054279ed | 2925 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
| Vanger | 4:e505054279ed | 2926 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
| Vanger | 4:e505054279ed | 2927 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
| Vanger | 4:e505054279ed | 2928 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, |
| Vanger | 4:e505054279ed | 2929 | 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c |
| Vanger | 4:e505054279ed | 2930 | }; |
| Vanger | 4:e505054279ed | 2931 | |
| Vanger | 4:e505054279ed | 2932 | /* calculate MD5 hash for finished */ |
| Vanger | 4:e505054279ed | 2933 | static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender) |
| Vanger | 4:e505054279ed | 2934 | { |
| Vanger | 4:e505054279ed | 2935 | byte md5_result[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 2936 | |
| Vanger | 4:e505054279ed | 2937 | /* make md5 inner */ |
| Vanger | 4:e505054279ed | 2938 | Md5Update(&ssl->hashMd5, sender, SIZEOF_SENDER); |
| Vanger | 4:e505054279ed | 2939 | Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 2940 | Md5Update(&ssl->hashMd5, PAD1, PAD_MD5); |
| Vanger | 4:e505054279ed | 2941 | Md5Final(&ssl->hashMd5, md5_result); |
| Vanger | 4:e505054279ed | 2942 | |
| Vanger | 4:e505054279ed | 2943 | /* make md5 outer */ |
| Vanger | 4:e505054279ed | 2944 | Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 2945 | Md5Update(&ssl->hashMd5, PAD2, PAD_MD5); |
| Vanger | 4:e505054279ed | 2946 | Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE); |
| Vanger | 4:e505054279ed | 2947 | |
| Vanger | 4:e505054279ed | 2948 | Md5Final(&ssl->hashMd5, hashes->md5); |
| Vanger | 4:e505054279ed | 2949 | } |
| Vanger | 4:e505054279ed | 2950 | |
| Vanger | 4:e505054279ed | 2951 | |
| Vanger | 4:e505054279ed | 2952 | /* calculate SHA hash for finished */ |
| Vanger | 4:e505054279ed | 2953 | static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender) |
| Vanger | 4:e505054279ed | 2954 | { |
| Vanger | 4:e505054279ed | 2955 | byte sha_result[SHA_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 2956 | |
| Vanger | 4:e505054279ed | 2957 | /* make sha inner */ |
| Vanger | 4:e505054279ed | 2958 | ShaUpdate(&ssl->hashSha, sender, SIZEOF_SENDER); |
| Vanger | 4:e505054279ed | 2959 | ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 2960 | ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA); |
| Vanger | 4:e505054279ed | 2961 | ShaFinal(&ssl->hashSha, sha_result); |
| Vanger | 4:e505054279ed | 2962 | |
| Vanger | 4:e505054279ed | 2963 | /* make sha outer */ |
| Vanger | 4:e505054279ed | 2964 | ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 2965 | ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA); |
| Vanger | 4:e505054279ed | 2966 | ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE); |
| Vanger | 4:e505054279ed | 2967 | |
| Vanger | 4:e505054279ed | 2968 | ShaFinal(&ssl->hashSha, hashes->sha); |
| Vanger | 4:e505054279ed | 2969 | } |
| Vanger | 4:e505054279ed | 2970 | #endif |
| Vanger | 4:e505054279ed | 2971 | |
| Vanger | 4:e505054279ed | 2972 | |
| Vanger | 4:e505054279ed | 2973 | static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) |
| Vanger | 4:e505054279ed | 2974 | { |
| Vanger | 4:e505054279ed | 2975 | /* store current states, building requires get_digest which resets state */ |
| Vanger | 4:e505054279ed | 2976 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 2977 | #ifndef NO_MD5 |
| Vanger | 4:e505054279ed | 2978 | Md5 md5 = ssl->hashMd5; |
| Vanger | 4:e505054279ed | 2979 | #endif |
| Vanger | 4:e505054279ed | 2980 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 2981 | Sha sha = ssl->hashSha; |
| Vanger | 4:e505054279ed | 2982 | #endif |
| Vanger | 4:e505054279ed | 2983 | #endif |
| Vanger | 4:e505054279ed | 2984 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 2985 | Sha256 sha256 = ssl->hashSha256; |
| Vanger | 4:e505054279ed | 2986 | #endif |
| Vanger | 4:e505054279ed | 2987 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 2988 | Sha384 sha384 = ssl->hashSha384; |
| Vanger | 4:e505054279ed | 2989 | #endif |
| Vanger | 4:e505054279ed | 2990 | |
| Vanger | 4:e505054279ed | 2991 | int ret = 0; |
| Vanger | 4:e505054279ed | 2992 | |
| Vanger | 4:e505054279ed | 2993 | #ifndef NO_TLS |
| Vanger | 4:e505054279ed | 2994 | if (ssl->options.tls) { |
| Vanger | 4:e505054279ed | 2995 | ret = BuildTlsFinished(ssl, hashes, sender); |
| Vanger | 4:e505054279ed | 2996 | } |
| Vanger | 4:e505054279ed | 2997 | #endif |
| Vanger | 4:e505054279ed | 2998 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 2999 | if (!ssl->options.tls) { |
| Vanger | 4:e505054279ed | 3000 | BuildMD5(ssl, hashes, sender); |
| Vanger | 4:e505054279ed | 3001 | BuildSHA(ssl, hashes, sender); |
| Vanger | 4:e505054279ed | 3002 | } |
| Vanger | 4:e505054279ed | 3003 | #endif |
| Vanger | 4:e505054279ed | 3004 | |
| Vanger | 4:e505054279ed | 3005 | /* restore */ |
| Vanger | 4:e505054279ed | 3006 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 3007 | #ifndef NO_MD5 |
| Vanger | 4:e505054279ed | 3008 | ssl->hashMd5 = md5; |
| Vanger | 4:e505054279ed | 3009 | #endif |
| Vanger | 4:e505054279ed | 3010 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 3011 | ssl->hashSha = sha; |
| Vanger | 4:e505054279ed | 3012 | #endif |
| Vanger | 4:e505054279ed | 3013 | #endif |
| Vanger | 4:e505054279ed | 3014 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 3015 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 3016 | ssl->hashSha256 = sha256; |
| Vanger | 4:e505054279ed | 3017 | #endif |
| Vanger | 4:e505054279ed | 3018 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 3019 | ssl->hashSha384 = sha384; |
| Vanger | 4:e505054279ed | 3020 | #endif |
| Vanger | 4:e505054279ed | 3021 | } |
| Vanger | 4:e505054279ed | 3022 | |
| Vanger | 4:e505054279ed | 3023 | return ret; |
| Vanger | 4:e505054279ed | 3024 | } |
| Vanger | 4:e505054279ed | 3025 | |
| Vanger | 4:e505054279ed | 3026 | |
| Vanger | 4:e505054279ed | 3027 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 3028 | |
| Vanger | 4:e505054279ed | 3029 | |
| Vanger | 4:e505054279ed | 3030 | /* Match names with wildcards, each wildcard can represent a single name |
| Vanger | 4:e505054279ed | 3031 | component or fragment but not mulitple names, i.e., |
| Vanger | 4:e505054279ed | 3032 | *.z.com matches y.z.com but not x.y.z.com |
| Vanger | 4:e505054279ed | 3033 | |
| Vanger | 4:e505054279ed | 3034 | return 1 on success */ |
| Vanger | 4:e505054279ed | 3035 | static int MatchDomainName(const char* pattern, int len, const char* str) |
| Vanger | 4:e505054279ed | 3036 | { |
| Vanger | 4:e505054279ed | 3037 | char p, s; |
| Vanger | 4:e505054279ed | 3038 | |
| Vanger | 4:e505054279ed | 3039 | if (pattern == NULL || str == NULL || len <= 0) |
| Vanger | 4:e505054279ed | 3040 | return 0; |
| Vanger | 4:e505054279ed | 3041 | |
| Vanger | 4:e505054279ed | 3042 | while (len > 0) { |
| Vanger | 4:e505054279ed | 3043 | |
| Vanger | 4:e505054279ed | 3044 | p = (char)XTOLOWER(*pattern++); |
| Vanger | 4:e505054279ed | 3045 | if (p == 0) |
| Vanger | 4:e505054279ed | 3046 | break; |
| Vanger | 4:e505054279ed | 3047 | |
| Vanger | 4:e505054279ed | 3048 | if (p == '*') { |
| Vanger | 4:e505054279ed | 3049 | while (--len > 0 && (p = (char)XTOLOWER(*pattern++)) == '*') |
| Vanger | 4:e505054279ed | 3050 | ; |
| Vanger | 4:e505054279ed | 3051 | |
| Vanger | 4:e505054279ed | 3052 | if (len == 0) |
| Vanger | 4:e505054279ed | 3053 | p = '\0'; |
| Vanger | 4:e505054279ed | 3054 | |
| Vanger | 4:e505054279ed | 3055 | while ( (s = (char)XTOLOWER(*str)) != '\0') { |
| Vanger | 4:e505054279ed | 3056 | if (s == p) |
| Vanger | 4:e505054279ed | 3057 | break; |
| Vanger | 4:e505054279ed | 3058 | if (s == '.') |
| Vanger | 4:e505054279ed | 3059 | return 0; |
| Vanger | 4:e505054279ed | 3060 | str++; |
| Vanger | 4:e505054279ed | 3061 | } |
| Vanger | 4:e505054279ed | 3062 | } |
| Vanger | 4:e505054279ed | 3063 | else { |
| Vanger | 4:e505054279ed | 3064 | if (p != (char)XTOLOWER(*str)) |
| Vanger | 4:e505054279ed | 3065 | return 0; |
| Vanger | 4:e505054279ed | 3066 | } |
| Vanger | 4:e505054279ed | 3067 | |
| Vanger | 4:e505054279ed | 3068 | if (*str != '\0') |
| Vanger | 4:e505054279ed | 3069 | str++; |
| Vanger | 4:e505054279ed | 3070 | |
| Vanger | 4:e505054279ed | 3071 | if (len > 0) |
| Vanger | 4:e505054279ed | 3072 | len--; |
| Vanger | 4:e505054279ed | 3073 | } |
| Vanger | 4:e505054279ed | 3074 | |
| Vanger | 4:e505054279ed | 3075 | return *str == '\0'; |
| Vanger | 4:e505054279ed | 3076 | } |
| Vanger | 4:e505054279ed | 3077 | |
| Vanger | 4:e505054279ed | 3078 | |
| Vanger | 4:e505054279ed | 3079 | /* try to find an altName match to domain, return 1 on success */ |
| Vanger | 4:e505054279ed | 3080 | static int CheckAltNames(DecodedCert* dCert, char* domain) |
| Vanger | 4:e505054279ed | 3081 | { |
| Vanger | 4:e505054279ed | 3082 | int match = 0; |
| Vanger | 4:e505054279ed | 3083 | DNS_entry* altName = NULL; |
| Vanger | 4:e505054279ed | 3084 | |
| Vanger | 4:e505054279ed | 3085 | CYASSL_MSG("Checking AltNames"); |
| Vanger | 4:e505054279ed | 3086 | |
| Vanger | 4:e505054279ed | 3087 | if (dCert) |
| Vanger | 4:e505054279ed | 3088 | altName = dCert->altNames; |
| Vanger | 4:e505054279ed | 3089 | |
| Vanger | 4:e505054279ed | 3090 | while (altName) { |
| Vanger | 4:e505054279ed | 3091 | CYASSL_MSG(" individual AltName check"); |
| Vanger | 4:e505054279ed | 3092 | |
| Vanger | 4:e505054279ed | 3093 | if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){ |
| Vanger | 4:e505054279ed | 3094 | match = 1; |
| Vanger | 4:e505054279ed | 3095 | break; |
| Vanger | 4:e505054279ed | 3096 | } |
| Vanger | 4:e505054279ed | 3097 | |
| Vanger | 4:e505054279ed | 3098 | altName = altName->next; |
| Vanger | 4:e505054279ed | 3099 | } |
| Vanger | 4:e505054279ed | 3100 | |
| Vanger | 4:e505054279ed | 3101 | return match; |
| Vanger | 4:e505054279ed | 3102 | } |
| Vanger | 4:e505054279ed | 3103 | |
| Vanger | 4:e505054279ed | 3104 | |
| Vanger | 4:e505054279ed | 3105 | #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) |
| Vanger | 4:e505054279ed | 3106 | |
| Vanger | 4:e505054279ed | 3107 | /* Copy parts X509 needs from Decoded cert, 0 on success */ |
| Vanger | 4:e505054279ed | 3108 | int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert) |
| Vanger | 4:e505054279ed | 3109 | { |
| Vanger | 4:e505054279ed | 3110 | int ret = 0; |
| Vanger | 4:e505054279ed | 3111 | |
| Vanger | 4:e505054279ed | 3112 | if (x509 == NULL || dCert == NULL) |
| Vanger | 4:e505054279ed | 3113 | return BAD_FUNC_ARG; |
| Vanger | 4:e505054279ed | 3114 | |
| Vanger | 4:e505054279ed | 3115 | x509->version = dCert->version + 1; |
| Vanger | 4:e505054279ed | 3116 | |
| Vanger | 4:e505054279ed | 3117 | XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX); |
| Vanger | 4:e505054279ed | 3118 | x509->issuer.name[ASN_NAME_MAX - 1] = '\0'; |
| Vanger | 4:e505054279ed | 3119 | x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1; |
| Vanger | 4:e505054279ed | 3120 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 3121 | if (dCert->issuerName.fullName != NULL) { |
| Vanger | 4:e505054279ed | 3122 | XMEMCPY(&x509->issuer.fullName, |
| Vanger | 4:e505054279ed | 3123 | &dCert->issuerName, sizeof(DecodedName)); |
| Vanger | 4:e505054279ed | 3124 | x509->issuer.fullName.fullName = (char*)XMALLOC( |
| Vanger | 4:e505054279ed | 3125 | dCert->issuerName.fullNameLen, NULL, DYNAMIC_TYPE_X509); |
| Vanger | 4:e505054279ed | 3126 | if (x509->issuer.fullName.fullName != NULL) |
| Vanger | 4:e505054279ed | 3127 | XMEMCPY(x509->issuer.fullName.fullName, |
| Vanger | 4:e505054279ed | 3128 | dCert->issuerName.fullName, dCert->issuerName.fullNameLen); |
| Vanger | 4:e505054279ed | 3129 | } |
| Vanger | 4:e505054279ed | 3130 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 3131 | |
| Vanger | 4:e505054279ed | 3132 | XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX); |
| Vanger | 4:e505054279ed | 3133 | x509->subject.name[ASN_NAME_MAX - 1] = '\0'; |
| Vanger | 4:e505054279ed | 3134 | x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1; |
| Vanger | 4:e505054279ed | 3135 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 3136 | if (dCert->subjectName.fullName != NULL) { |
| Vanger | 4:e505054279ed | 3137 | XMEMCPY(&x509->subject.fullName, |
| Vanger | 4:e505054279ed | 3138 | &dCert->subjectName, sizeof(DecodedName)); |
| Vanger | 4:e505054279ed | 3139 | x509->subject.fullName.fullName = (char*)XMALLOC( |
| Vanger | 4:e505054279ed | 3140 | dCert->subjectName.fullNameLen, NULL, DYNAMIC_TYPE_X509); |
| Vanger | 4:e505054279ed | 3141 | if (x509->subject.fullName.fullName != NULL) |
| Vanger | 4:e505054279ed | 3142 | XMEMCPY(x509->subject.fullName.fullName, |
| Vanger | 4:e505054279ed | 3143 | dCert->subjectName.fullName, dCert->subjectName.fullNameLen); |
| Vanger | 4:e505054279ed | 3144 | } |
| Vanger | 4:e505054279ed | 3145 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 3146 | |
| Vanger | 4:e505054279ed | 3147 | XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE); |
| Vanger | 4:e505054279ed | 3148 | x509->serialSz = dCert->serialSz; |
| Vanger | 4:e505054279ed | 3149 | if (dCert->subjectCNLen < ASN_NAME_MAX) { |
| Vanger | 4:e505054279ed | 3150 | XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen); |
| Vanger | 4:e505054279ed | 3151 | x509->subjectCN[dCert->subjectCNLen] = '\0'; |
| Vanger | 4:e505054279ed | 3152 | } |
| Vanger | 4:e505054279ed | 3153 | else |
| Vanger | 4:e505054279ed | 3154 | x509->subjectCN[0] = '\0'; |
| Vanger | 4:e505054279ed | 3155 | |
| Vanger | 4:e505054279ed | 3156 | #ifdef CYASSL_SEP |
| Vanger | 4:e505054279ed | 3157 | { |
| Vanger | 4:e505054279ed | 3158 | int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE); |
| Vanger | 4:e505054279ed | 3159 | if (minSz > 0) { |
| Vanger | 4:e505054279ed | 3160 | x509->deviceTypeSz = minSz; |
| Vanger | 4:e505054279ed | 3161 | XMEMCPY(x509->deviceType, dCert->deviceType, minSz); |
| Vanger | 4:e505054279ed | 3162 | } |
| Vanger | 4:e505054279ed | 3163 | else |
| Vanger | 4:e505054279ed | 3164 | x509->deviceTypeSz = 0; |
| Vanger | 4:e505054279ed | 3165 | minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); |
| Vanger | 4:e505054279ed | 3166 | if (minSz != 0) { |
| Vanger | 4:e505054279ed | 3167 | x509->hwTypeSz = minSz; |
| Vanger | 4:e505054279ed | 3168 | XMEMCPY(x509->hwType, dCert->hwType, minSz); |
| Vanger | 4:e505054279ed | 3169 | } |
| Vanger | 4:e505054279ed | 3170 | else |
| Vanger | 4:e505054279ed | 3171 | x509->hwTypeSz = 0; |
| Vanger | 4:e505054279ed | 3172 | minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); |
| Vanger | 4:e505054279ed | 3173 | if (minSz != 0) { |
| Vanger | 4:e505054279ed | 3174 | x509->hwSerialNumSz = minSz; |
| Vanger | 4:e505054279ed | 3175 | XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); |
| Vanger | 4:e505054279ed | 3176 | } |
| Vanger | 4:e505054279ed | 3177 | else |
| Vanger | 4:e505054279ed | 3178 | x509->hwSerialNumSz = 0; |
| Vanger | 4:e505054279ed | 3179 | } |
| Vanger | 4:e505054279ed | 3180 | #endif /* CYASSL_SEP */ |
| Vanger | 4:e505054279ed | 3181 | { |
| Vanger | 4:e505054279ed | 3182 | int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ); |
| Vanger | 4:e505054279ed | 3183 | if (minSz != 0) { |
| Vanger | 4:e505054279ed | 3184 | x509->notBeforeSz = minSz; |
| Vanger | 4:e505054279ed | 3185 | XMEMCPY(x509->notBefore, dCert->beforeDate, minSz); |
| Vanger | 4:e505054279ed | 3186 | } |
| Vanger | 4:e505054279ed | 3187 | else |
| Vanger | 4:e505054279ed | 3188 | x509->notBeforeSz = 0; |
| Vanger | 4:e505054279ed | 3189 | minSz = min(dCert->afterDateLen, MAX_DATE_SZ); |
| Vanger | 4:e505054279ed | 3190 | if (minSz != 0) { |
| Vanger | 4:e505054279ed | 3191 | x509->notAfterSz = minSz; |
| Vanger | 4:e505054279ed | 3192 | XMEMCPY(x509->notAfter, dCert->afterDate, minSz); |
| Vanger | 4:e505054279ed | 3193 | } |
| Vanger | 4:e505054279ed | 3194 | else |
| Vanger | 4:e505054279ed | 3195 | x509->notAfterSz = 0; |
| Vanger | 4:e505054279ed | 3196 | } |
| Vanger | 4:e505054279ed | 3197 | |
| Vanger | 4:e505054279ed | 3198 | if (dCert->publicKey != NULL && dCert->pubKeySize != 0) { |
| Vanger | 4:e505054279ed | 3199 | x509->pubKey.buffer = (byte*)XMALLOC( |
| Vanger | 4:e505054279ed | 3200 | dCert->pubKeySize, NULL, DYNAMIC_TYPE_PUBLIC_KEY); |
| Vanger | 4:e505054279ed | 3201 | if (x509->pubKey.buffer != NULL) { |
| Vanger | 4:e505054279ed | 3202 | x509->pubKeyOID = dCert->keyOID; |
| Vanger | 4:e505054279ed | 3203 | x509->pubKey.length = dCert->pubKeySize; |
| Vanger | 4:e505054279ed | 3204 | XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize); |
| Vanger | 4:e505054279ed | 3205 | } |
| Vanger | 4:e505054279ed | 3206 | else |
| Vanger | 4:e505054279ed | 3207 | ret = MEMORY_E; |
| Vanger | 4:e505054279ed | 3208 | } |
| Vanger | 4:e505054279ed | 3209 | |
| Vanger | 4:e505054279ed | 3210 | if (dCert->signature != NULL && dCert->sigLength != 0) { |
| Vanger | 4:e505054279ed | 3211 | x509->sig.buffer = (byte*)XMALLOC( |
| Vanger | 4:e505054279ed | 3212 | dCert->sigLength, NULL, DYNAMIC_TYPE_SIGNATURE); |
| Vanger | 4:e505054279ed | 3213 | if (x509->sig.buffer == NULL) { |
| Vanger | 4:e505054279ed | 3214 | ret = MEMORY_E; |
| Vanger | 4:e505054279ed | 3215 | } |
| Vanger | 4:e505054279ed | 3216 | else { |
| Vanger | 4:e505054279ed | 3217 | XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength); |
| Vanger | 4:e505054279ed | 3218 | x509->sig.length = dCert->sigLength; |
| Vanger | 4:e505054279ed | 3219 | x509->sigOID = dCert->signatureOID; |
| Vanger | 4:e505054279ed | 3220 | } |
| Vanger | 4:e505054279ed | 3221 | } |
| Vanger | 4:e505054279ed | 3222 | |
| Vanger | 4:e505054279ed | 3223 | /* store cert for potential retrieval */ |
| Vanger | 4:e505054279ed | 3224 | x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL, |
| Vanger | 4:e505054279ed | 3225 | DYNAMIC_TYPE_CERT); |
| Vanger | 4:e505054279ed | 3226 | if (x509->derCert.buffer == NULL) { |
| Vanger | 4:e505054279ed | 3227 | ret = MEMORY_E; |
| Vanger | 4:e505054279ed | 3228 | } |
| Vanger | 4:e505054279ed | 3229 | else { |
| Vanger | 4:e505054279ed | 3230 | XMEMCPY(x509->derCert.buffer, dCert->source, dCert->maxIdx); |
| Vanger | 4:e505054279ed | 3231 | x509->derCert.length = dCert->maxIdx; |
| Vanger | 4:e505054279ed | 3232 | } |
| Vanger | 4:e505054279ed | 3233 | |
| Vanger | 4:e505054279ed | 3234 | x509->altNames = dCert->altNames; |
| Vanger | 4:e505054279ed | 3235 | dCert->altNames = NULL; /* takes ownership */ |
| Vanger | 4:e505054279ed | 3236 | x509->altNamesNext = x509->altNames; /* index hint */ |
| Vanger | 4:e505054279ed | 3237 | |
| Vanger | 4:e505054279ed | 3238 | x509->isCa = dCert->isCA; |
| Vanger | 4:e505054279ed | 3239 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 3240 | x509->pathLength = dCert->pathLength; |
| Vanger | 4:e505054279ed | 3241 | x509->keyUsage = dCert->extKeyUsage; |
| Vanger | 4:e505054279ed | 3242 | |
| Vanger | 4:e505054279ed | 3243 | x509->basicConstSet = dCert->extBasicConstSet; |
| Vanger | 4:e505054279ed | 3244 | x509->basicConstCrit = dCert->extBasicConstCrit; |
| Vanger | 4:e505054279ed | 3245 | x509->basicConstPlSet = dCert->extBasicConstPlSet; |
| Vanger | 4:e505054279ed | 3246 | x509->subjAltNameSet = dCert->extSubjAltNameSet; |
| Vanger | 4:e505054279ed | 3247 | x509->subjAltNameCrit = dCert->extSubjAltNameCrit; |
| Vanger | 4:e505054279ed | 3248 | x509->authKeyIdSet = dCert->extAuthKeyIdSet; |
| Vanger | 4:e505054279ed | 3249 | x509->authKeyIdCrit = dCert->extAuthKeyIdCrit; |
| Vanger | 4:e505054279ed | 3250 | if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) { |
| Vanger | 4:e505054279ed | 3251 | x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL, 0); |
| Vanger | 4:e505054279ed | 3252 | if (x509->authKeyId != NULL) { |
| Vanger | 4:e505054279ed | 3253 | XMEMCPY(x509->authKeyId, |
| Vanger | 4:e505054279ed | 3254 | dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz); |
| Vanger | 4:e505054279ed | 3255 | x509->authKeyIdSz = dCert->extAuthKeyIdSz; |
| Vanger | 4:e505054279ed | 3256 | } |
| Vanger | 4:e505054279ed | 3257 | else |
| Vanger | 4:e505054279ed | 3258 | ret = MEMORY_E; |
| Vanger | 4:e505054279ed | 3259 | } |
| Vanger | 4:e505054279ed | 3260 | x509->subjKeyIdSet = dCert->extSubjKeyIdSet; |
| Vanger | 4:e505054279ed | 3261 | x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit; |
| Vanger | 4:e505054279ed | 3262 | if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) { |
| Vanger | 4:e505054279ed | 3263 | x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL, 0); |
| Vanger | 4:e505054279ed | 3264 | if (x509->subjKeyId != NULL) { |
| Vanger | 4:e505054279ed | 3265 | XMEMCPY(x509->subjKeyId, |
| Vanger | 4:e505054279ed | 3266 | dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz); |
| Vanger | 4:e505054279ed | 3267 | x509->subjKeyIdSz = dCert->extSubjKeyIdSz; |
| Vanger | 4:e505054279ed | 3268 | } |
| Vanger | 4:e505054279ed | 3269 | else |
| Vanger | 4:e505054279ed | 3270 | ret = MEMORY_E; |
| Vanger | 4:e505054279ed | 3271 | } |
| Vanger | 4:e505054279ed | 3272 | x509->keyUsageSet = dCert->extKeyUsageSet; |
| Vanger | 4:e505054279ed | 3273 | x509->keyUsageCrit = dCert->extKeyUsageCrit; |
| Vanger | 4:e505054279ed | 3274 | #ifdef CYASSL_SEP |
| Vanger | 4:e505054279ed | 3275 | x509->certPolicySet = dCert->extCertPolicySet; |
| Vanger | 4:e505054279ed | 3276 | x509->certPolicyCrit = dCert->extCertPolicyCrit; |
| Vanger | 4:e505054279ed | 3277 | #endif /* CYASSL_SEP */ |
| Vanger | 4:e505054279ed | 3278 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 3279 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 3280 | x509->pkCurveOID = dCert->pkCurveOID; |
| Vanger | 4:e505054279ed | 3281 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 3282 | |
| Vanger | 4:e505054279ed | 3283 | return ret; |
| Vanger | 4:e505054279ed | 3284 | } |
| Vanger | 4:e505054279ed | 3285 | |
| Vanger | 4:e505054279ed | 3286 | #endif /* KEEP_PEER_CERT || SESSION_CERTS */ |
| Vanger | 4:e505054279ed | 3287 | |
| Vanger | 4:e505054279ed | 3288 | |
| Vanger | 4:e505054279ed | 3289 | static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 3290 | word32 size) |
| Vanger | 4:e505054279ed | 3291 | { |
| Vanger | 4:e505054279ed | 3292 | word32 listSz, begin = *inOutIdx; |
| Vanger | 4:e505054279ed | 3293 | int ret = 0; |
| Vanger | 4:e505054279ed | 3294 | int anyError = 0; |
| Vanger | 4:e505054279ed | 3295 | int totalCerts = 0; /* number of certs in certs buffer */ |
| Vanger | 4:e505054279ed | 3296 | int count; |
| Vanger | 4:e505054279ed | 3297 | char domain[ASN_NAME_MAX]; |
| Vanger | 4:e505054279ed | 3298 | buffer certs[MAX_CHAIN_DEPTH]; |
| Vanger | 4:e505054279ed | 3299 | |
| Vanger | 4:e505054279ed | 3300 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 3301 | if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 3302 | if (ssl->toInfoOn) AddLateName("Certificate", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 3303 | #endif |
| Vanger | 4:e505054279ed | 3304 | |
| Vanger | 4:e505054279ed | 3305 | if ((*inOutIdx - begin) + OPAQUE24_LEN > size) |
| Vanger | 4:e505054279ed | 3306 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 3307 | |
| Vanger | 4:e505054279ed | 3308 | c24to32(input + *inOutIdx, &listSz); |
| Vanger | 4:e505054279ed | 3309 | *inOutIdx += OPAQUE24_LEN; |
| Vanger | 4:e505054279ed | 3310 | |
| Vanger | 4:e505054279ed | 3311 | #ifdef HAVE_MAX_FRAGMENT |
| Vanger | 4:e505054279ed | 3312 | if (listSz > ssl->max_fragment) |
| Vanger | 4:e505054279ed | 3313 | return BUFFER_E; |
| Vanger | 4:e505054279ed | 3314 | #else |
| Vanger | 4:e505054279ed | 3315 | if (listSz > MAX_RECORD_SIZE) |
| Vanger | 4:e505054279ed | 3316 | return BUFFER_E; |
| Vanger | 4:e505054279ed | 3317 | #endif |
| Vanger | 4:e505054279ed | 3318 | |
| Vanger | 4:e505054279ed | 3319 | if ((*inOutIdx - begin) + listSz != size) |
| Vanger | 4:e505054279ed | 3320 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 3321 | |
| Vanger | 4:e505054279ed | 3322 | CYASSL_MSG("Loading peer's cert chain"); |
| Vanger | 4:e505054279ed | 3323 | /* first put cert chain into buffer so can verify top down |
| Vanger | 4:e505054279ed | 3324 | we're sent bottom up */ |
| Vanger | 4:e505054279ed | 3325 | while (listSz) { |
| Vanger | 4:e505054279ed | 3326 | word32 certSz; |
| Vanger | 4:e505054279ed | 3327 | |
| Vanger | 4:e505054279ed | 3328 | if (totalCerts >= MAX_CHAIN_DEPTH) |
| Vanger | 4:e505054279ed | 3329 | return MAX_CHAIN_ERROR; |
| Vanger | 4:e505054279ed | 3330 | |
| Vanger | 4:e505054279ed | 3331 | if ((*inOutIdx - begin) + OPAQUE24_LEN > size) |
| Vanger | 4:e505054279ed | 3332 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 3333 | |
| Vanger | 4:e505054279ed | 3334 | c24to32(input + *inOutIdx, &certSz); |
| Vanger | 4:e505054279ed | 3335 | *inOutIdx += OPAQUE24_LEN; |
| Vanger | 4:e505054279ed | 3336 | |
| Vanger | 4:e505054279ed | 3337 | if ((*inOutIdx - begin) + certSz > size) |
| Vanger | 4:e505054279ed | 3338 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 3339 | |
| Vanger | 4:e505054279ed | 3340 | certs[totalCerts].length = certSz; |
| Vanger | 4:e505054279ed | 3341 | certs[totalCerts].buffer = input + *inOutIdx; |
| Vanger | 4:e505054279ed | 3342 | |
| Vanger | 4:e505054279ed | 3343 | #ifdef SESSION_CERTS |
| Vanger | 4:e505054279ed | 3344 | if (ssl->session.chain.count < MAX_CHAIN_DEPTH && |
| Vanger | 4:e505054279ed | 3345 | certSz < MAX_X509_SIZE) { |
| Vanger | 4:e505054279ed | 3346 | ssl->session.chain.certs[ssl->session.chain.count].length = certSz; |
| Vanger | 4:e505054279ed | 3347 | XMEMCPY(ssl->session.chain.certs[ssl->session.chain.count].buffer, |
| Vanger | 4:e505054279ed | 3348 | input + *inOutIdx, certSz); |
| Vanger | 4:e505054279ed | 3349 | ssl->session.chain.count++; |
| Vanger | 4:e505054279ed | 3350 | } else { |
| Vanger | 4:e505054279ed | 3351 | CYASSL_MSG("Couldn't store chain cert for session"); |
| Vanger | 4:e505054279ed | 3352 | } |
| Vanger | 4:e505054279ed | 3353 | #endif |
| Vanger | 4:e505054279ed | 3354 | |
| Vanger | 4:e505054279ed | 3355 | *inOutIdx += certSz; |
| Vanger | 4:e505054279ed | 3356 | listSz -= certSz + CERT_HEADER_SZ; |
| Vanger | 4:e505054279ed | 3357 | |
| Vanger | 4:e505054279ed | 3358 | totalCerts++; |
| Vanger | 4:e505054279ed | 3359 | CYASSL_MSG(" Put another cert into chain"); |
| Vanger | 4:e505054279ed | 3360 | } |
| Vanger | 4:e505054279ed | 3361 | |
| Vanger | 4:e505054279ed | 3362 | count = totalCerts; |
| Vanger | 4:e505054279ed | 3363 | |
| Vanger | 4:e505054279ed | 3364 | /* verify up to peer's first */ |
| Vanger | 4:e505054279ed | 3365 | while (count > 1) { |
| Vanger | 4:e505054279ed | 3366 | buffer myCert = certs[count - 1]; |
| Vanger | 4:e505054279ed | 3367 | DecodedCert dCert; |
| Vanger | 4:e505054279ed | 3368 | byte* subjectHash; |
| Vanger | 4:e505054279ed | 3369 | |
| Vanger | 4:e505054279ed | 3370 | InitDecodedCert(&dCert, myCert.buffer, myCert.length, ssl->heap); |
| Vanger | 4:e505054279ed | 3371 | ret = ParseCertRelative(&dCert, CERT_TYPE, !ssl->options.verifyNone, |
| Vanger | 4:e505054279ed | 3372 | ssl->ctx->cm); |
| Vanger | 4:e505054279ed | 3373 | #ifndef NO_SKID |
| Vanger | 4:e505054279ed | 3374 | subjectHash = dCert.extSubjKeyId; |
| Vanger | 4:e505054279ed | 3375 | #else |
| Vanger | 4:e505054279ed | 3376 | subjectHash = dCert.subjectHash; |
| Vanger | 4:e505054279ed | 3377 | #endif |
| Vanger | 4:e505054279ed | 3378 | |
| Vanger | 4:e505054279ed | 3379 | if (ret == 0 && dCert.isCA == 0) { |
| Vanger | 4:e505054279ed | 3380 | CYASSL_MSG("Chain cert is not a CA, not adding as one"); |
| Vanger | 4:e505054279ed | 3381 | } |
| Vanger | 4:e505054279ed | 3382 | else if (ret == 0 && ssl->options.verifyNone) { |
| Vanger | 4:e505054279ed | 3383 | CYASSL_MSG("Chain cert not verified by option, not adding as CA"); |
| Vanger | 4:e505054279ed | 3384 | } |
| Vanger | 4:e505054279ed | 3385 | else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) { |
| Vanger | 4:e505054279ed | 3386 | buffer add; |
| Vanger | 4:e505054279ed | 3387 | add.length = myCert.length; |
| Vanger | 4:e505054279ed | 3388 | add.buffer = (byte*)XMALLOC(myCert.length, ssl->heap, |
| Vanger | 4:e505054279ed | 3389 | DYNAMIC_TYPE_CA); |
| Vanger | 4:e505054279ed | 3390 | CYASSL_MSG("Adding CA from chain"); |
| Vanger | 4:e505054279ed | 3391 | |
| Vanger | 4:e505054279ed | 3392 | if (add.buffer == NULL) |
| Vanger | 4:e505054279ed | 3393 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 3394 | XMEMCPY(add.buffer, myCert.buffer, myCert.length); |
| Vanger | 4:e505054279ed | 3395 | |
| Vanger | 4:e505054279ed | 3396 | ret = AddCA(ssl->ctx->cm, add, CYASSL_CHAIN_CA, |
| Vanger | 4:e505054279ed | 3397 | ssl->ctx->verifyPeer); |
| Vanger | 4:e505054279ed | 3398 | if (ret == 1) ret = 0; /* SSL_SUCCESS for external */ |
| Vanger | 4:e505054279ed | 3399 | } |
| Vanger | 4:e505054279ed | 3400 | else if (ret != 0) { |
| Vanger | 4:e505054279ed | 3401 | CYASSL_MSG("Failed to verify CA from chain"); |
| Vanger | 4:e505054279ed | 3402 | } |
| Vanger | 4:e505054279ed | 3403 | else { |
| Vanger | 4:e505054279ed | 3404 | CYASSL_MSG("Verified CA from chain and already had it"); |
| Vanger | 4:e505054279ed | 3405 | } |
| Vanger | 4:e505054279ed | 3406 | |
| Vanger | 4:e505054279ed | 3407 | #ifdef HAVE_CRL |
| Vanger | 4:e505054279ed | 3408 | if (ret == 0 && ssl->ctx->cm->crlEnabled && ssl->ctx->cm->crlCheckAll) { |
| Vanger | 4:e505054279ed | 3409 | CYASSL_MSG("Doing Non Leaf CRL check"); |
| Vanger | 4:e505054279ed | 3410 | ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert); |
| Vanger | 4:e505054279ed | 3411 | |
| Vanger | 4:e505054279ed | 3412 | if (ret != 0) { |
| Vanger | 4:e505054279ed | 3413 | CYASSL_MSG("\tCRL check not ok"); |
| Vanger | 4:e505054279ed | 3414 | } |
| Vanger | 4:e505054279ed | 3415 | } |
| Vanger | 4:e505054279ed | 3416 | #endif /* HAVE_CRL */ |
| Vanger | 4:e505054279ed | 3417 | |
| Vanger | 4:e505054279ed | 3418 | if (ret != 0 && anyError == 0) |
| Vanger | 4:e505054279ed | 3419 | anyError = ret; /* save error from last time */ |
| Vanger | 4:e505054279ed | 3420 | |
| Vanger | 4:e505054279ed | 3421 | FreeDecodedCert(&dCert); |
| Vanger | 4:e505054279ed | 3422 | count--; |
| Vanger | 4:e505054279ed | 3423 | } |
| Vanger | 4:e505054279ed | 3424 | |
| Vanger | 4:e505054279ed | 3425 | /* peer's, may not have one if blank client cert sent by TLSv1.2 */ |
| Vanger | 4:e505054279ed | 3426 | if (count) { |
| Vanger | 4:e505054279ed | 3427 | buffer myCert = certs[0]; |
| Vanger | 4:e505054279ed | 3428 | DecodedCert dCert; |
| Vanger | 4:e505054279ed | 3429 | int fatal = 0; |
| Vanger | 4:e505054279ed | 3430 | |
| Vanger | 4:e505054279ed | 3431 | CYASSL_MSG("Verifying Peer's cert"); |
| Vanger | 4:e505054279ed | 3432 | |
| Vanger | 4:e505054279ed | 3433 | InitDecodedCert(&dCert, myCert.buffer, myCert.length, ssl->heap); |
| Vanger | 4:e505054279ed | 3434 | ret = ParseCertRelative(&dCert, CERT_TYPE, !ssl->options.verifyNone, |
| Vanger | 4:e505054279ed | 3435 | ssl->ctx->cm); |
| Vanger | 4:e505054279ed | 3436 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 3437 | CYASSL_MSG("Verified Peer's cert"); |
| Vanger | 4:e505054279ed | 3438 | fatal = 0; |
| Vanger | 4:e505054279ed | 3439 | } |
| Vanger | 4:e505054279ed | 3440 | else if (ret == ASN_PARSE_E) { |
| Vanger | 4:e505054279ed | 3441 | CYASSL_MSG("Got Peer cert ASN PARSE ERROR, fatal"); |
| Vanger | 4:e505054279ed | 3442 | fatal = 1; |
| Vanger | 4:e505054279ed | 3443 | } |
| Vanger | 4:e505054279ed | 3444 | else { |
| Vanger | 4:e505054279ed | 3445 | CYASSL_MSG("Failed to verify Peer's cert"); |
| Vanger | 4:e505054279ed | 3446 | if (ssl->verifyCallback) { |
| Vanger | 4:e505054279ed | 3447 | CYASSL_MSG("\tCallback override available, will continue"); |
| Vanger | 4:e505054279ed | 3448 | fatal = 0; |
| Vanger | 4:e505054279ed | 3449 | } |
| Vanger | 4:e505054279ed | 3450 | else { |
| Vanger | 4:e505054279ed | 3451 | CYASSL_MSG("\tNo callback override available, fatal"); |
| Vanger | 4:e505054279ed | 3452 | fatal = 1; |
| Vanger | 4:e505054279ed | 3453 | } |
| Vanger | 4:e505054279ed | 3454 | } |
| Vanger | 4:e505054279ed | 3455 | |
| Vanger | 4:e505054279ed | 3456 | #ifdef HAVE_OCSP |
| Vanger | 4:e505054279ed | 3457 | if (fatal == 0 && ssl->ctx->cm->ocspEnabled) { |
| Vanger | 4:e505054279ed | 3458 | ret = CheckCertOCSP(ssl->ctx->cm->ocsp, &dCert); |
| Vanger | 4:e505054279ed | 3459 | if (ret != 0) { |
| Vanger | 4:e505054279ed | 3460 | CYASSL_MSG("\tOCSP Lookup not ok"); |
| Vanger | 4:e505054279ed | 3461 | fatal = 0; |
| Vanger | 4:e505054279ed | 3462 | } |
| Vanger | 4:e505054279ed | 3463 | } |
| Vanger | 4:e505054279ed | 3464 | #endif |
| Vanger | 4:e505054279ed | 3465 | |
| Vanger | 4:e505054279ed | 3466 | #ifdef HAVE_CRL |
| Vanger | 4:e505054279ed | 3467 | if (fatal == 0 && ssl->ctx->cm->crlEnabled) { |
| Vanger | 4:e505054279ed | 3468 | int doCrlLookup = 1; |
| Vanger | 4:e505054279ed | 3469 | |
| Vanger | 4:e505054279ed | 3470 | #ifdef HAVE_OCSP |
| Vanger | 4:e505054279ed | 3471 | if (ssl->ctx->cm->ocspEnabled) { |
| Vanger | 4:e505054279ed | 3472 | doCrlLookup = (ret == OCSP_CERT_UNKNOWN); |
| Vanger | 4:e505054279ed | 3473 | } |
| Vanger | 4:e505054279ed | 3474 | #endif /* HAVE_OCSP */ |
| Vanger | 4:e505054279ed | 3475 | |
| Vanger | 4:e505054279ed | 3476 | if (doCrlLookup) { |
| Vanger | 4:e505054279ed | 3477 | CYASSL_MSG("Doing Leaf CRL check"); |
| Vanger | 4:e505054279ed | 3478 | ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert); |
| Vanger | 4:e505054279ed | 3479 | |
| Vanger | 4:e505054279ed | 3480 | if (ret != 0) { |
| Vanger | 4:e505054279ed | 3481 | CYASSL_MSG("\tCRL check not ok"); |
| Vanger | 4:e505054279ed | 3482 | fatal = 0; |
| Vanger | 4:e505054279ed | 3483 | } |
| Vanger | 4:e505054279ed | 3484 | } |
| Vanger | 4:e505054279ed | 3485 | } |
| Vanger | 4:e505054279ed | 3486 | |
| Vanger | 4:e505054279ed | 3487 | #endif /* HAVE_CRL */ |
| Vanger | 4:e505054279ed | 3488 | |
| Vanger | 4:e505054279ed | 3489 | #ifdef KEEP_PEER_CERT |
| Vanger | 4:e505054279ed | 3490 | { |
| Vanger | 4:e505054279ed | 3491 | /* set X509 format for peer cert even if fatal */ |
| Vanger | 4:e505054279ed | 3492 | int copyRet = CopyDecodedToX509(&ssl->peerCert, &dCert); |
| Vanger | 4:e505054279ed | 3493 | if (copyRet == MEMORY_E) |
| Vanger | 4:e505054279ed | 3494 | fatal = 1; |
| Vanger | 4:e505054279ed | 3495 | } |
| Vanger | 4:e505054279ed | 3496 | #endif |
| Vanger | 4:e505054279ed | 3497 | |
| Vanger | 4:e505054279ed | 3498 | #ifndef IGNORE_KEY_EXTENSIONS |
| Vanger | 4:e505054279ed | 3499 | if (dCert.extKeyUsageSet) { |
| Vanger | 4:e505054279ed | 3500 | if ((ssl->specs.kea == rsa_kea) && |
| Vanger | 4:e505054279ed | 3501 | (dCert.extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) { |
| Vanger | 4:e505054279ed | 3502 | ret = KEYUSE_ENCIPHER_E; |
| Vanger | 4:e505054279ed | 3503 | } |
| Vanger | 4:e505054279ed | 3504 | if ((ssl->specs.sig_algo == rsa_sa_algo || |
| Vanger | 4:e505054279ed | 3505 | ssl->specs.sig_algo == ecc_dsa_sa_algo) && |
| Vanger | 4:e505054279ed | 3506 | (dCert.extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) { |
| Vanger | 4:e505054279ed | 3507 | CYASSL_MSG("KeyUse Digital Sig not set"); |
| Vanger | 4:e505054279ed | 3508 | ret = KEYUSE_SIGNATURE_E; |
| Vanger | 4:e505054279ed | 3509 | } |
| Vanger | 4:e505054279ed | 3510 | } |
| Vanger | 4:e505054279ed | 3511 | |
| Vanger | 4:e505054279ed | 3512 | if (dCert.extExtKeyUsageSet) { |
| Vanger | 4:e505054279ed | 3513 | if (ssl->options.side == CYASSL_CLIENT_END) { |
| Vanger | 4:e505054279ed | 3514 | if ((dCert.extExtKeyUsage & |
| Vanger | 4:e505054279ed | 3515 | (EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) { |
| Vanger | 4:e505054279ed | 3516 | CYASSL_MSG("ExtKeyUse Server Auth not set"); |
| Vanger | 4:e505054279ed | 3517 | ret = EXTKEYUSE_AUTH_E; |
| Vanger | 4:e505054279ed | 3518 | } |
| Vanger | 4:e505054279ed | 3519 | } |
| Vanger | 4:e505054279ed | 3520 | else { |
| Vanger | 4:e505054279ed | 3521 | if ((dCert.extExtKeyUsage & |
| Vanger | 4:e505054279ed | 3522 | (EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) { |
| Vanger | 4:e505054279ed | 3523 | CYASSL_MSG("ExtKeyUse Client Auth not set"); |
| Vanger | 4:e505054279ed | 3524 | ret = EXTKEYUSE_AUTH_E; |
| Vanger | 4:e505054279ed | 3525 | } |
| Vanger | 4:e505054279ed | 3526 | } |
| Vanger | 4:e505054279ed | 3527 | } |
| Vanger | 4:e505054279ed | 3528 | #endif /* IGNORE_KEY_EXTENSIONS */ |
| Vanger | 4:e505054279ed | 3529 | |
| Vanger | 4:e505054279ed | 3530 | if (fatal) { |
| Vanger | 4:e505054279ed | 3531 | FreeDecodedCert(&dCert); |
| Vanger | 4:e505054279ed | 3532 | ssl->error = ret; |
| Vanger | 4:e505054279ed | 3533 | return ret; |
| Vanger | 4:e505054279ed | 3534 | } |
| Vanger | 4:e505054279ed | 3535 | ssl->options.havePeerCert = 1; |
| Vanger | 4:e505054279ed | 3536 | |
| Vanger | 4:e505054279ed | 3537 | /* store for callback use */ |
| Vanger | 4:e505054279ed | 3538 | if (dCert.subjectCNLen < ASN_NAME_MAX) { |
| Vanger | 4:e505054279ed | 3539 | XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen); |
| Vanger | 4:e505054279ed | 3540 | domain[dCert.subjectCNLen] = '\0'; |
| Vanger | 4:e505054279ed | 3541 | } |
| Vanger | 4:e505054279ed | 3542 | else |
| Vanger | 4:e505054279ed | 3543 | domain[0] = '\0'; |
| Vanger | 4:e505054279ed | 3544 | |
| Vanger | 4:e505054279ed | 3545 | if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) { |
| Vanger | 4:e505054279ed | 3546 | if (MatchDomainName(dCert.subjectCN, dCert.subjectCNLen, |
| Vanger | 4:e505054279ed | 3547 | (char*)ssl->buffers.domainName.buffer) == 0) { |
| Vanger | 4:e505054279ed | 3548 | CYASSL_MSG("DomainName match on common name failed"); |
| Vanger | 4:e505054279ed | 3549 | if (CheckAltNames(&dCert, |
| Vanger | 4:e505054279ed | 3550 | (char*)ssl->buffers.domainName.buffer) == 0 ) { |
| Vanger | 4:e505054279ed | 3551 | CYASSL_MSG("DomainName match on alt names failed too"); |
| Vanger | 4:e505054279ed | 3552 | ret = DOMAIN_NAME_MISMATCH; /* try to get peer key still */ |
| Vanger | 4:e505054279ed | 3553 | } |
| Vanger | 4:e505054279ed | 3554 | } |
| Vanger | 4:e505054279ed | 3555 | } |
| Vanger | 4:e505054279ed | 3556 | |
| Vanger | 4:e505054279ed | 3557 | /* decode peer key */ |
| Vanger | 4:e505054279ed | 3558 | switch (dCert.keyOID) { |
| Vanger | 4:e505054279ed | 3559 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 3560 | case RSAk: |
| Vanger | 4:e505054279ed | 3561 | { |
| Vanger | 4:e505054279ed | 3562 | word32 idx = 0; |
| Vanger | 4:e505054279ed | 3563 | if (RsaPublicKeyDecode(dCert.publicKey, &idx, |
| Vanger | 4:e505054279ed | 3564 | ssl->peerRsaKey, dCert.pubKeySize) != 0) { |
| Vanger | 4:e505054279ed | 3565 | ret = PEER_KEY_ERROR; |
| Vanger | 4:e505054279ed | 3566 | } |
| Vanger | 4:e505054279ed | 3567 | else { |
| Vanger | 4:e505054279ed | 3568 | ssl->peerRsaKeyPresent = 1; |
| Vanger | 4:e505054279ed | 3569 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 3570 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 3571 | ssl->buffers.peerRsaKey.buffer = |
| Vanger | 4:e505054279ed | 3572 | XMALLOC(dCert.pubKeySize, |
| Vanger | 4:e505054279ed | 3573 | ssl->heap, DYNAMIC_TYPE_RSA); |
| Vanger | 4:e505054279ed | 3574 | if (ssl->buffers.peerRsaKey.buffer == NULL) |
| Vanger | 4:e505054279ed | 3575 | ret = MEMORY_ERROR; |
| Vanger | 4:e505054279ed | 3576 | else { |
| Vanger | 4:e505054279ed | 3577 | XMEMCPY(ssl->buffers.peerRsaKey.buffer, |
| Vanger | 4:e505054279ed | 3578 | dCert.publicKey, dCert.pubKeySize); |
| Vanger | 4:e505054279ed | 3579 | ssl->buffers.peerRsaKey.length = |
| Vanger | 4:e505054279ed | 3580 | dCert.pubKeySize; |
| Vanger | 4:e505054279ed | 3581 | } |
| Vanger | 4:e505054279ed | 3582 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 3583 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 3584 | } |
| Vanger | 4:e505054279ed | 3585 | } |
| Vanger | 4:e505054279ed | 3586 | break; |
| Vanger | 4:e505054279ed | 3587 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 3588 | #ifdef HAVE_NTRU |
| Vanger | 4:e505054279ed | 3589 | case NTRUk: |
| Vanger | 4:e505054279ed | 3590 | { |
| Vanger | 4:e505054279ed | 3591 | if (dCert.pubKeySize > sizeof(ssl->peerNtruKey)) { |
| Vanger | 4:e505054279ed | 3592 | ret = PEER_KEY_ERROR; |
| Vanger | 4:e505054279ed | 3593 | } |
| Vanger | 4:e505054279ed | 3594 | else { |
| Vanger | 4:e505054279ed | 3595 | XMEMCPY(ssl->peerNtruKey, dCert.publicKey, dCert.pubKeySize); |
| Vanger | 4:e505054279ed | 3596 | ssl->peerNtruKeyLen = (word16)dCert.pubKeySize; |
| Vanger | 4:e505054279ed | 3597 | ssl->peerNtruKeyPresent = 1; |
| Vanger | 4:e505054279ed | 3598 | } |
| Vanger | 4:e505054279ed | 3599 | } |
| Vanger | 4:e505054279ed | 3600 | break; |
| Vanger | 4:e505054279ed | 3601 | #endif /* HAVE_NTRU */ |
| Vanger | 4:e505054279ed | 3602 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 3603 | case ECDSAk: |
| Vanger | 4:e505054279ed | 3604 | { |
| Vanger | 4:e505054279ed | 3605 | if (ecc_import_x963(dCert.publicKey, dCert.pubKeySize, |
| Vanger | 4:e505054279ed | 3606 | ssl->peerEccDsaKey) != 0) { |
| Vanger | 4:e505054279ed | 3607 | ret = PEER_KEY_ERROR; |
| Vanger | 4:e505054279ed | 3608 | } |
| Vanger | 4:e505054279ed | 3609 | else { |
| Vanger | 4:e505054279ed | 3610 | ssl->peerEccDsaKeyPresent = 1; |
| Vanger | 4:e505054279ed | 3611 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 3612 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 3613 | ssl->buffers.peerEccDsaKey.buffer = |
| Vanger | 4:e505054279ed | 3614 | XMALLOC(dCert.pubKeySize, |
| Vanger | 4:e505054279ed | 3615 | ssl->heap, DYNAMIC_TYPE_ECC); |
| Vanger | 4:e505054279ed | 3616 | if (ssl->buffers.peerEccDsaKey.buffer == NULL) |
| Vanger | 4:e505054279ed | 3617 | ret = MEMORY_ERROR; |
| Vanger | 4:e505054279ed | 3618 | else { |
| Vanger | 4:e505054279ed | 3619 | XMEMCPY(ssl->buffers.peerEccDsaKey.buffer, |
| Vanger | 4:e505054279ed | 3620 | dCert.publicKey, dCert.pubKeySize); |
| Vanger | 4:e505054279ed | 3621 | ssl->buffers.peerEccDsaKey.length = |
| Vanger | 4:e505054279ed | 3622 | dCert.pubKeySize; |
| Vanger | 4:e505054279ed | 3623 | } |
| Vanger | 4:e505054279ed | 3624 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 3625 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 3626 | } |
| Vanger | 4:e505054279ed | 3627 | } |
| Vanger | 4:e505054279ed | 3628 | break; |
| Vanger | 4:e505054279ed | 3629 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 3630 | default: |
| Vanger | 4:e505054279ed | 3631 | break; |
| Vanger | 4:e505054279ed | 3632 | } |
| Vanger | 4:e505054279ed | 3633 | |
| Vanger | 4:e505054279ed | 3634 | FreeDecodedCert(&dCert); |
| Vanger | 4:e505054279ed | 3635 | } |
| Vanger | 4:e505054279ed | 3636 | |
| Vanger | 4:e505054279ed | 3637 | if (anyError != 0 && ret == 0) |
| Vanger | 4:e505054279ed | 3638 | ret = anyError; |
| Vanger | 4:e505054279ed | 3639 | |
| Vanger | 4:e505054279ed | 3640 | if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END) |
| Vanger | 4:e505054279ed | 3641 | ssl->options.serverState = SERVER_CERT_COMPLETE; |
| Vanger | 4:e505054279ed | 3642 | |
| Vanger | 4:e505054279ed | 3643 | if (ret != 0) { |
| Vanger | 4:e505054279ed | 3644 | if (!ssl->options.verifyNone) { |
| Vanger | 4:e505054279ed | 3645 | int why = bad_certificate; |
| Vanger | 4:e505054279ed | 3646 | if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) |
| Vanger | 4:e505054279ed | 3647 | why = certificate_expired; |
| Vanger | 4:e505054279ed | 3648 | if (ssl->verifyCallback) { |
| Vanger | 4:e505054279ed | 3649 | int ok; |
| Vanger | 4:e505054279ed | 3650 | CYASSL_X509_STORE_CTX store; |
| Vanger | 4:e505054279ed | 3651 | |
| Vanger | 4:e505054279ed | 3652 | store.error = ret; |
| Vanger | 4:e505054279ed | 3653 | store.error_depth = totalCerts; |
| Vanger | 4:e505054279ed | 3654 | store.discardSessionCerts = 0; |
| Vanger | 4:e505054279ed | 3655 | store.domain = domain; |
| Vanger | 4:e505054279ed | 3656 | store.userCtx = ssl->verifyCbCtx; |
| Vanger | 4:e505054279ed | 3657 | #ifdef KEEP_PEER_CERT |
| Vanger | 4:e505054279ed | 3658 | store.current_cert = &ssl->peerCert; |
| Vanger | 4:e505054279ed | 3659 | #else |
| Vanger | 4:e505054279ed | 3660 | store.current_cert = NULL; |
| Vanger | 4:e505054279ed | 3661 | #endif |
| Vanger | 4:e505054279ed | 3662 | #ifdef FORTRESS |
| Vanger | 4:e505054279ed | 3663 | store.ex_data = ssl; |
| Vanger | 4:e505054279ed | 3664 | #endif |
| Vanger | 4:e505054279ed | 3665 | ok = ssl->verifyCallback(0, &store); |
| Vanger | 4:e505054279ed | 3666 | if (ok) { |
| Vanger | 4:e505054279ed | 3667 | CYASSL_MSG("Verify callback overriding error!"); |
| Vanger | 4:e505054279ed | 3668 | ret = 0; |
| Vanger | 4:e505054279ed | 3669 | } |
| Vanger | 4:e505054279ed | 3670 | #ifdef SESSION_CERTS |
| Vanger | 4:e505054279ed | 3671 | if (store.discardSessionCerts) { |
| Vanger | 4:e505054279ed | 3672 | CYASSL_MSG("Verify callback requested discard sess certs"); |
| Vanger | 4:e505054279ed | 3673 | ssl->session.chain.count = 0; |
| Vanger | 4:e505054279ed | 3674 | } |
| Vanger | 4:e505054279ed | 3675 | #endif |
| Vanger | 4:e505054279ed | 3676 | } |
| Vanger | 4:e505054279ed | 3677 | if (ret != 0) { |
| Vanger | 4:e505054279ed | 3678 | SendAlert(ssl, alert_fatal, why); /* try to send */ |
| Vanger | 4:e505054279ed | 3679 | ssl->options.isClosed = 1; |
| Vanger | 4:e505054279ed | 3680 | } |
| Vanger | 4:e505054279ed | 3681 | } |
| Vanger | 4:e505054279ed | 3682 | ssl->error = ret; |
| Vanger | 4:e505054279ed | 3683 | } |
| Vanger | 4:e505054279ed | 3684 | #ifdef CYASSL_ALWAYS_VERIFY_CB |
| Vanger | 4:e505054279ed | 3685 | else { |
| Vanger | 4:e505054279ed | 3686 | if (ssl->verifyCallback) { |
| Vanger | 4:e505054279ed | 3687 | int ok; |
| Vanger | 4:e505054279ed | 3688 | CYASSL_X509_STORE_CTX store; |
| Vanger | 4:e505054279ed | 3689 | |
| Vanger | 4:e505054279ed | 3690 | store.error = ret; |
| Vanger | 4:e505054279ed | 3691 | store.error_depth = totalCerts; |
| Vanger | 4:e505054279ed | 3692 | store.discardSessionCerts = 0; |
| Vanger | 4:e505054279ed | 3693 | store.domain = domain; |
| Vanger | 4:e505054279ed | 3694 | store.userCtx = ssl->verifyCbCtx; |
| Vanger | 4:e505054279ed | 3695 | #ifdef KEEP_PEER_CERT |
| Vanger | 4:e505054279ed | 3696 | store.current_cert = &ssl->peerCert; |
| Vanger | 4:e505054279ed | 3697 | #endif |
| Vanger | 4:e505054279ed | 3698 | store.ex_data = ssl; |
| Vanger | 4:e505054279ed | 3699 | |
| Vanger | 4:e505054279ed | 3700 | ok = ssl->verifyCallback(1, &store); |
| Vanger | 4:e505054279ed | 3701 | if (!ok) { |
| Vanger | 4:e505054279ed | 3702 | CYASSL_MSG("Verify callback overriding valid certificate!"); |
| Vanger | 4:e505054279ed | 3703 | ret = -1; |
| Vanger | 4:e505054279ed | 3704 | SendAlert(ssl, alert_fatal, bad_certificate); |
| Vanger | 4:e505054279ed | 3705 | ssl->options.isClosed = 1; |
| Vanger | 4:e505054279ed | 3706 | } |
| Vanger | 4:e505054279ed | 3707 | #ifdef SESSION_CERTS |
| Vanger | 4:e505054279ed | 3708 | if (store.discardSessionCerts) { |
| Vanger | 4:e505054279ed | 3709 | CYASSL_MSG("Verify callback requested discard sess certs"); |
| Vanger | 4:e505054279ed | 3710 | ssl->session.chain.count = 0; |
| Vanger | 4:e505054279ed | 3711 | } |
| Vanger | 4:e505054279ed | 3712 | #endif |
| Vanger | 4:e505054279ed | 3713 | } |
| Vanger | 4:e505054279ed | 3714 | } |
| Vanger | 4:e505054279ed | 3715 | #endif |
| Vanger | 4:e505054279ed | 3716 | |
| Vanger | 4:e505054279ed | 3717 | return ret; |
| Vanger | 4:e505054279ed | 3718 | } |
| Vanger | 4:e505054279ed | 3719 | |
| Vanger | 4:e505054279ed | 3720 | #endif /* !NO_CERTS */ |
| Vanger | 4:e505054279ed | 3721 | |
| Vanger | 4:e505054279ed | 3722 | |
| Vanger | 4:e505054279ed | 3723 | static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 3724 | word32 size, word32 totalSz) |
| Vanger | 4:e505054279ed | 3725 | { |
| Vanger | 4:e505054279ed | 3726 | int ret = 0; |
| Vanger | 4:e505054279ed | 3727 | |
| Vanger | 4:e505054279ed | 3728 | if (size) /* must be 0 */ |
| Vanger | 4:e505054279ed | 3729 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 3730 | |
| Vanger | 4:e505054279ed | 3731 | if (ssl->keys.encryptionOn) { |
| Vanger | 4:e505054279ed | 3732 | byte verify[MAX_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 3733 | int padSz = ssl->keys.encryptSz - HANDSHAKE_HEADER_SZ - |
| Vanger | 4:e505054279ed | 3734 | ssl->specs.hash_size; |
| Vanger | 4:e505054279ed | 3735 | |
| Vanger | 4:e505054279ed | 3736 | ret = ssl->hmac(ssl, verify, input + *inOutIdx - HANDSHAKE_HEADER_SZ, |
| Vanger | 4:e505054279ed | 3737 | HANDSHAKE_HEADER_SZ, handshake, 1); |
| Vanger | 4:e505054279ed | 3738 | if (ret != 0) |
| Vanger | 4:e505054279ed | 3739 | return ret; |
| Vanger | 4:e505054279ed | 3740 | |
| Vanger | 4:e505054279ed | 3741 | if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) |
| Vanger | 4:e505054279ed | 3742 | padSz -= ssl->specs.block_size; |
| Vanger | 4:e505054279ed | 3743 | |
| Vanger | 4:e505054279ed | 3744 | /* access beyond input + size should be checked against totalSz */ |
| Vanger | 4:e505054279ed | 3745 | if ((word32) (*inOutIdx + ssl->specs.hash_size + padSz) > totalSz) |
| Vanger | 4:e505054279ed | 3746 | return INCOMPLETE_DATA; |
| Vanger | 4:e505054279ed | 3747 | |
| Vanger | 4:e505054279ed | 3748 | /* verify */ |
| Vanger | 4:e505054279ed | 3749 | if (XMEMCMP(input + *inOutIdx, verify, ssl->specs.hash_size) != 0) { |
| Vanger | 4:e505054279ed | 3750 | CYASSL_MSG(" hello_request verify mac error"); |
| Vanger | 4:e505054279ed | 3751 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 3752 | } |
| Vanger | 4:e505054279ed | 3753 | |
| Vanger | 4:e505054279ed | 3754 | *inOutIdx += ssl->specs.hash_size + padSz; |
| Vanger | 4:e505054279ed | 3755 | } |
| Vanger | 4:e505054279ed | 3756 | |
| Vanger | 4:e505054279ed | 3757 | if (ssl->options.side == CYASSL_SERVER_END) { |
| Vanger | 4:e505054279ed | 3758 | SendAlert(ssl, alert_fatal, unexpected_message); /* try */ |
| Vanger | 4:e505054279ed | 3759 | return FATAL_ERROR; |
| Vanger | 4:e505054279ed | 3760 | } |
| Vanger | 4:e505054279ed | 3761 | else |
| Vanger | 4:e505054279ed | 3762 | return SendAlert(ssl, alert_warning, no_renegotiation); |
| Vanger | 4:e505054279ed | 3763 | } |
| Vanger | 4:e505054279ed | 3764 | |
| Vanger | 4:e505054279ed | 3765 | |
| Vanger | 4:e505054279ed | 3766 | int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size, |
| Vanger | 4:e505054279ed | 3767 | word32 totalSz, int sniff) |
| Vanger | 4:e505054279ed | 3768 | { |
| Vanger | 4:e505054279ed | 3769 | word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ); |
| Vanger | 4:e505054279ed | 3770 | |
| Vanger | 4:e505054279ed | 3771 | if (finishedSz != size) |
| Vanger | 4:e505054279ed | 3772 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 3773 | |
| Vanger | 4:e505054279ed | 3774 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 3775 | if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 3776 | if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 3777 | #endif |
| Vanger | 4:e505054279ed | 3778 | |
| Vanger | 4:e505054279ed | 3779 | if (sniff == NO_SNIFF) { |
| Vanger | 4:e505054279ed | 3780 | if (XMEMCMP(input + *inOutIdx, &ssl->verifyHashes, size) != 0) { |
| Vanger | 4:e505054279ed | 3781 | CYASSL_MSG("Verify finished error on hashes"); |
| Vanger | 4:e505054279ed | 3782 | return VERIFY_FINISHED_ERROR; |
| Vanger | 4:e505054279ed | 3783 | } |
| Vanger | 4:e505054279ed | 3784 | } |
| Vanger | 4:e505054279ed | 3785 | |
| Vanger | 4:e505054279ed | 3786 | /* increment beyond input + size should be checked against totalSz */ |
| Vanger | 4:e505054279ed | 3787 | if (*inOutIdx + size + ssl->keys.padSz > totalSz) |
| Vanger | 4:e505054279ed | 3788 | return INCOMPLETE_DATA; |
| Vanger | 4:e505054279ed | 3789 | |
| Vanger | 4:e505054279ed | 3790 | /* force input exhaustion at ProcessReply consuming padSz */ |
| Vanger | 4:e505054279ed | 3791 | *inOutIdx += size + ssl->keys.padSz; |
| Vanger | 4:e505054279ed | 3792 | |
| Vanger | 4:e505054279ed | 3793 | if (ssl->options.side == CYASSL_CLIENT_END) { |
| Vanger | 4:e505054279ed | 3794 | ssl->options.serverState = SERVER_FINISHED_COMPLETE; |
| Vanger | 4:e505054279ed | 3795 | if (!ssl->options.resuming) { |
| Vanger | 4:e505054279ed | 3796 | ssl->options.handShakeState = HANDSHAKE_DONE; |
| Vanger | 4:e505054279ed | 3797 | |
| Vanger | 4:e505054279ed | 3798 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 3799 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 3800 | /* Other side has received our Finished, go to next epoch */ |
| Vanger | 4:e505054279ed | 3801 | ssl->keys.dtls_epoch++; |
| Vanger | 4:e505054279ed | 3802 | ssl->keys.dtls_sequence_number = 1; |
| Vanger | 4:e505054279ed | 3803 | } |
| Vanger | 4:e505054279ed | 3804 | #endif |
| Vanger | 4:e505054279ed | 3805 | } |
| Vanger | 4:e505054279ed | 3806 | } |
| Vanger | 4:e505054279ed | 3807 | else { |
| Vanger | 4:e505054279ed | 3808 | ssl->options.clientState = CLIENT_FINISHED_COMPLETE; |
| Vanger | 4:e505054279ed | 3809 | if (ssl->options.resuming) { |
| Vanger | 4:e505054279ed | 3810 | ssl->options.handShakeState = HANDSHAKE_DONE; |
| Vanger | 4:e505054279ed | 3811 | |
| Vanger | 4:e505054279ed | 3812 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 3813 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 3814 | /* Other side has received our Finished, go to next epoch */ |
| Vanger | 4:e505054279ed | 3815 | ssl->keys.dtls_epoch++; |
| Vanger | 4:e505054279ed | 3816 | ssl->keys.dtls_sequence_number = 1; |
| Vanger | 4:e505054279ed | 3817 | } |
| Vanger | 4:e505054279ed | 3818 | #endif |
| Vanger | 4:e505054279ed | 3819 | } |
| Vanger | 4:e505054279ed | 3820 | } |
| Vanger | 4:e505054279ed | 3821 | |
| Vanger | 4:e505054279ed | 3822 | return 0; |
| Vanger | 4:e505054279ed | 3823 | } |
| Vanger | 4:e505054279ed | 3824 | |
| Vanger | 4:e505054279ed | 3825 | |
| Vanger | 4:e505054279ed | 3826 | static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 3827 | byte type, word32 size, word32 totalSz) |
| Vanger | 4:e505054279ed | 3828 | { |
| Vanger | 4:e505054279ed | 3829 | int ret = 0; |
| Vanger | 4:e505054279ed | 3830 | (void)totalSz; |
| Vanger | 4:e505054279ed | 3831 | |
| Vanger | 4:e505054279ed | 3832 | CYASSL_ENTER("DoHandShakeMsgType"); |
| Vanger | 4:e505054279ed | 3833 | |
| Vanger | 4:e505054279ed | 3834 | /* make sure can read the message */ |
| Vanger | 4:e505054279ed | 3835 | if (*inOutIdx + size > totalSz) |
| Vanger | 4:e505054279ed | 3836 | return INCOMPLETE_DATA; |
| Vanger | 4:e505054279ed | 3837 | |
| Vanger | 4:e505054279ed | 3838 | ret = HashInput(ssl, input + *inOutIdx, size); |
| Vanger | 4:e505054279ed | 3839 | if (ret != 0) |
| Vanger | 4:e505054279ed | 3840 | return ret; |
| Vanger | 4:e505054279ed | 3841 | |
| Vanger | 4:e505054279ed | 3842 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 3843 | /* add name later, add on record and handshake header part back on */ |
| Vanger | 4:e505054279ed | 3844 | if (ssl->toInfoOn) { |
| Vanger | 4:e505054279ed | 3845 | int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 3846 | AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add, |
| Vanger | 4:e505054279ed | 3847 | size + add, ssl->heap); |
| Vanger | 4:e505054279ed | 3848 | AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 3849 | } |
| Vanger | 4:e505054279ed | 3850 | #endif |
| Vanger | 4:e505054279ed | 3851 | |
| Vanger | 4:e505054279ed | 3852 | if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){ |
| Vanger | 4:e505054279ed | 3853 | CYASSL_MSG("HandShake message after handshake complete"); |
| Vanger | 4:e505054279ed | 3854 | SendAlert(ssl, alert_fatal, unexpected_message); |
| Vanger | 4:e505054279ed | 3855 | return OUT_OF_ORDER_E; |
| Vanger | 4:e505054279ed | 3856 | } |
| Vanger | 4:e505054279ed | 3857 | |
| Vanger | 4:e505054279ed | 3858 | if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls == 0 && |
| Vanger | 4:e505054279ed | 3859 | ssl->options.serverState == NULL_STATE && type != server_hello) { |
| Vanger | 4:e505054279ed | 3860 | CYASSL_MSG("First server message not server hello"); |
| Vanger | 4:e505054279ed | 3861 | SendAlert(ssl, alert_fatal, unexpected_message); |
| Vanger | 4:e505054279ed | 3862 | return OUT_OF_ORDER_E; |
| Vanger | 4:e505054279ed | 3863 | } |
| Vanger | 4:e505054279ed | 3864 | |
| Vanger | 4:e505054279ed | 3865 | if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls && |
| Vanger | 4:e505054279ed | 3866 | type == server_hello_done && |
| Vanger | 4:e505054279ed | 3867 | ssl->options.serverState < SERVER_HELLO_COMPLETE) { |
| Vanger | 4:e505054279ed | 3868 | CYASSL_MSG("Server hello done received before server hello in DTLS"); |
| Vanger | 4:e505054279ed | 3869 | SendAlert(ssl, alert_fatal, unexpected_message); |
| Vanger | 4:e505054279ed | 3870 | return OUT_OF_ORDER_E; |
| Vanger | 4:e505054279ed | 3871 | } |
| Vanger | 4:e505054279ed | 3872 | |
| Vanger | 4:e505054279ed | 3873 | if (ssl->options.side == CYASSL_SERVER_END && |
| Vanger | 4:e505054279ed | 3874 | ssl->options.clientState == NULL_STATE && type != client_hello) { |
| Vanger | 4:e505054279ed | 3875 | CYASSL_MSG("First client message not client hello"); |
| Vanger | 4:e505054279ed | 3876 | SendAlert(ssl, alert_fatal, unexpected_message); |
| Vanger | 4:e505054279ed | 3877 | return OUT_OF_ORDER_E; |
| Vanger | 4:e505054279ed | 3878 | } |
| Vanger | 4:e505054279ed | 3879 | |
| Vanger | 4:e505054279ed | 3880 | |
| Vanger | 4:e505054279ed | 3881 | switch (type) { |
| Vanger | 4:e505054279ed | 3882 | |
| Vanger | 4:e505054279ed | 3883 | case hello_request: |
| Vanger | 4:e505054279ed | 3884 | CYASSL_MSG("processing hello request"); |
| Vanger | 4:e505054279ed | 3885 | ret = DoHelloRequest(ssl, input, inOutIdx, size, totalSz); |
| Vanger | 4:e505054279ed | 3886 | break; |
| Vanger | 4:e505054279ed | 3887 | |
| Vanger | 4:e505054279ed | 3888 | #ifndef NO_CYASSL_CLIENT |
| Vanger | 4:e505054279ed | 3889 | case hello_verify_request: |
| Vanger | 4:e505054279ed | 3890 | CYASSL_MSG("processing hello verify request"); |
| Vanger | 4:e505054279ed | 3891 | ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size); |
| Vanger | 4:e505054279ed | 3892 | break; |
| Vanger | 4:e505054279ed | 3893 | |
| Vanger | 4:e505054279ed | 3894 | case server_hello: |
| Vanger | 4:e505054279ed | 3895 | CYASSL_MSG("processing server hello"); |
| Vanger | 4:e505054279ed | 3896 | ret = DoServerHello(ssl, input, inOutIdx, size); |
| Vanger | 4:e505054279ed | 3897 | break; |
| Vanger | 4:e505054279ed | 3898 | |
| Vanger | 4:e505054279ed | 3899 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 3900 | case certificate_request: |
| Vanger | 4:e505054279ed | 3901 | CYASSL_MSG("processing certificate request"); |
| Vanger | 4:e505054279ed | 3902 | ret = DoCertificateRequest(ssl, input, inOutIdx, size); |
| Vanger | 4:e505054279ed | 3903 | break; |
| Vanger | 4:e505054279ed | 3904 | #endif |
| Vanger | 4:e505054279ed | 3905 | |
| Vanger | 4:e505054279ed | 3906 | case server_key_exchange: |
| Vanger | 4:e505054279ed | 3907 | CYASSL_MSG("processing server key exchange"); |
| Vanger | 4:e505054279ed | 3908 | ret = DoServerKeyExchange(ssl, input, inOutIdx, size); |
| Vanger | 4:e505054279ed | 3909 | break; |
| Vanger | 4:e505054279ed | 3910 | #endif |
| Vanger | 4:e505054279ed | 3911 | |
| Vanger | 4:e505054279ed | 3912 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 3913 | case certificate: |
| Vanger | 4:e505054279ed | 3914 | CYASSL_MSG("processing certificate"); |
| Vanger | 4:e505054279ed | 3915 | ret = DoCertificate(ssl, input, inOutIdx, size); |
| Vanger | 4:e505054279ed | 3916 | break; |
| Vanger | 4:e505054279ed | 3917 | #endif |
| Vanger | 4:e505054279ed | 3918 | |
| Vanger | 4:e505054279ed | 3919 | case server_hello_done: |
| Vanger | 4:e505054279ed | 3920 | CYASSL_MSG("processing server hello done"); |
| Vanger | 4:e505054279ed | 3921 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 3922 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 3923 | AddPacketName("ServerHelloDone", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 3924 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 3925 | AddLateName("ServerHelloDone", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 3926 | #endif |
| Vanger | 4:e505054279ed | 3927 | ssl->options.serverState = SERVER_HELLODONE_COMPLETE; |
| Vanger | 4:e505054279ed | 3928 | break; |
| Vanger | 4:e505054279ed | 3929 | |
| Vanger | 4:e505054279ed | 3930 | case finished: |
| Vanger | 4:e505054279ed | 3931 | CYASSL_MSG("processing finished"); |
| Vanger | 4:e505054279ed | 3932 | ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF); |
| Vanger | 4:e505054279ed | 3933 | break; |
| Vanger | 4:e505054279ed | 3934 | |
| Vanger | 4:e505054279ed | 3935 | #ifndef NO_CYASSL_SERVER |
| Vanger | 4:e505054279ed | 3936 | case client_hello: |
| Vanger | 4:e505054279ed | 3937 | CYASSL_MSG("processing client hello"); |
| Vanger | 4:e505054279ed | 3938 | ret = DoClientHello(ssl, input, inOutIdx, size); |
| Vanger | 4:e505054279ed | 3939 | break; |
| Vanger | 4:e505054279ed | 3940 | |
| Vanger | 4:e505054279ed | 3941 | case client_key_exchange: |
| Vanger | 4:e505054279ed | 3942 | CYASSL_MSG("processing client key exchange"); |
| Vanger | 4:e505054279ed | 3943 | ret = DoClientKeyExchange(ssl, input, inOutIdx, size); |
| Vanger | 4:e505054279ed | 3944 | break; |
| Vanger | 4:e505054279ed | 3945 | |
| Vanger | 4:e505054279ed | 3946 | #if !defined(NO_RSA) || defined(HAVE_ECC) |
| Vanger | 4:e505054279ed | 3947 | case certificate_verify: |
| Vanger | 4:e505054279ed | 3948 | CYASSL_MSG("processing certificate verify"); |
| Vanger | 4:e505054279ed | 3949 | ret = DoCertificateVerify(ssl, input, inOutIdx, size); |
| Vanger | 4:e505054279ed | 3950 | break; |
| Vanger | 4:e505054279ed | 3951 | #endif /* !NO_RSA || HAVE_ECC */ |
| Vanger | 4:e505054279ed | 3952 | |
| Vanger | 4:e505054279ed | 3953 | #endif /* !NO_CYASSL_SERVER */ |
| Vanger | 4:e505054279ed | 3954 | |
| Vanger | 4:e505054279ed | 3955 | default: |
| Vanger | 4:e505054279ed | 3956 | CYASSL_MSG("Unknown handshake message type"); |
| Vanger | 4:e505054279ed | 3957 | ret = UNKNOWN_HANDSHAKE_TYPE; |
| Vanger | 4:e505054279ed | 3958 | break; |
| Vanger | 4:e505054279ed | 3959 | } |
| Vanger | 4:e505054279ed | 3960 | |
| Vanger | 4:e505054279ed | 3961 | CYASSL_LEAVE("DoHandShakeMsgType()", ret); |
| Vanger | 4:e505054279ed | 3962 | return ret; |
| Vanger | 4:e505054279ed | 3963 | } |
| Vanger | 4:e505054279ed | 3964 | |
| Vanger | 4:e505054279ed | 3965 | |
| Vanger | 4:e505054279ed | 3966 | static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 3967 | word32 totalSz) |
| Vanger | 4:e505054279ed | 3968 | { |
| Vanger | 4:e505054279ed | 3969 | byte type; |
| Vanger | 4:e505054279ed | 3970 | word32 size; |
| Vanger | 4:e505054279ed | 3971 | int ret = 0; |
| Vanger | 4:e505054279ed | 3972 | |
| Vanger | 4:e505054279ed | 3973 | CYASSL_ENTER("DoHandShakeMsg()"); |
| Vanger | 4:e505054279ed | 3974 | |
| Vanger | 4:e505054279ed | 3975 | if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0) |
| Vanger | 4:e505054279ed | 3976 | return PARSE_ERROR; |
| Vanger | 4:e505054279ed | 3977 | |
| Vanger | 4:e505054279ed | 3978 | ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); |
| Vanger | 4:e505054279ed | 3979 | |
| Vanger | 4:e505054279ed | 3980 | CYASSL_LEAVE("DoHandShakeMsg()", ret); |
| Vanger | 4:e505054279ed | 3981 | return ret; |
| Vanger | 4:e505054279ed | 3982 | } |
| Vanger | 4:e505054279ed | 3983 | |
| Vanger | 4:e505054279ed | 3984 | |
| Vanger | 4:e505054279ed | 3985 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 3986 | |
| Vanger | 4:e505054279ed | 3987 | static INLINE int DtlsCheckWindow(DtlsState* state) |
| Vanger | 4:e505054279ed | 3988 | { |
| Vanger | 4:e505054279ed | 3989 | word32 cur; |
| Vanger | 4:e505054279ed | 3990 | word32 next; |
| Vanger | 4:e505054279ed | 3991 | DtlsSeq window; |
| Vanger | 4:e505054279ed | 3992 | |
| Vanger | 4:e505054279ed | 3993 | if (state->curEpoch == state->nextEpoch) { |
| Vanger | 4:e505054279ed | 3994 | next = state->nextSeq; |
| Vanger | 4:e505054279ed | 3995 | window = state->window; |
| Vanger | 4:e505054279ed | 3996 | } |
| Vanger | 4:e505054279ed | 3997 | else if (state->curEpoch < state->nextEpoch) { |
| Vanger | 4:e505054279ed | 3998 | next = state->prevSeq; |
| Vanger | 4:e505054279ed | 3999 | window = state->prevWindow; |
| Vanger | 4:e505054279ed | 4000 | } |
| Vanger | 4:e505054279ed | 4001 | else { |
| Vanger | 4:e505054279ed | 4002 | return 0; |
| Vanger | 4:e505054279ed | 4003 | } |
| Vanger | 4:e505054279ed | 4004 | |
| Vanger | 4:e505054279ed | 4005 | cur = state->curSeq; |
| Vanger | 4:e505054279ed | 4006 | |
| Vanger | 4:e505054279ed | 4007 | if ((next > DTLS_SEQ_BITS) && (cur < next - DTLS_SEQ_BITS)) { |
| Vanger | 4:e505054279ed | 4008 | return 0; |
| Vanger | 4:e505054279ed | 4009 | } |
| Vanger | 4:e505054279ed | 4010 | else if ((cur < next) && (window & (1 << (next - cur - 1)))) { |
| Vanger | 4:e505054279ed | 4011 | return 0; |
| Vanger | 4:e505054279ed | 4012 | } |
| Vanger | 4:e505054279ed | 4013 | |
| Vanger | 4:e505054279ed | 4014 | return 1; |
| Vanger | 4:e505054279ed | 4015 | } |
| Vanger | 4:e505054279ed | 4016 | |
| Vanger | 4:e505054279ed | 4017 | |
| Vanger | 4:e505054279ed | 4018 | static INLINE int DtlsUpdateWindow(DtlsState* state) |
| Vanger | 4:e505054279ed | 4019 | { |
| Vanger | 4:e505054279ed | 4020 | word32 cur; |
| Vanger | 4:e505054279ed | 4021 | word32* next; |
| Vanger | 4:e505054279ed | 4022 | DtlsSeq* window; |
| Vanger | 4:e505054279ed | 4023 | |
| Vanger | 4:e505054279ed | 4024 | if (state->curEpoch == state->nextEpoch) { |
| Vanger | 4:e505054279ed | 4025 | next = &state->nextSeq; |
| Vanger | 4:e505054279ed | 4026 | window = &state->window; |
| Vanger | 4:e505054279ed | 4027 | } |
| Vanger | 4:e505054279ed | 4028 | else { |
| Vanger | 4:e505054279ed | 4029 | next = &state->prevSeq; |
| Vanger | 4:e505054279ed | 4030 | window = &state->prevWindow; |
| Vanger | 4:e505054279ed | 4031 | } |
| Vanger | 4:e505054279ed | 4032 | |
| Vanger | 4:e505054279ed | 4033 | cur = state->curSeq; |
| Vanger | 4:e505054279ed | 4034 | |
| Vanger | 4:e505054279ed | 4035 | if (cur < *next) { |
| Vanger | 4:e505054279ed | 4036 | *window |= (1 << (*next - cur - 1)); |
| Vanger | 4:e505054279ed | 4037 | } |
| Vanger | 4:e505054279ed | 4038 | else { |
| Vanger | 4:e505054279ed | 4039 | *window <<= (1 + cur - *next); |
| Vanger | 4:e505054279ed | 4040 | *window |= 1; |
| Vanger | 4:e505054279ed | 4041 | *next = cur + 1; |
| Vanger | 4:e505054279ed | 4042 | } |
| Vanger | 4:e505054279ed | 4043 | |
| Vanger | 4:e505054279ed | 4044 | return 1; |
| Vanger | 4:e505054279ed | 4045 | } |
| Vanger | 4:e505054279ed | 4046 | |
| Vanger | 4:e505054279ed | 4047 | |
| Vanger | 4:e505054279ed | 4048 | static int DtlsMsgDrain(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 4049 | { |
| Vanger | 4:e505054279ed | 4050 | DtlsMsg* item = ssl->dtls_msg_list; |
| Vanger | 4:e505054279ed | 4051 | int ret = 0; |
| Vanger | 4:e505054279ed | 4052 | |
| Vanger | 4:e505054279ed | 4053 | /* While there is an item in the store list, and it is the expected |
| Vanger | 4:e505054279ed | 4054 | * message, and it is complete, and there hasn't been an error in the |
| Vanger | 4:e505054279ed | 4055 | * last messge... */ |
| Vanger | 4:e505054279ed | 4056 | while (item != NULL && |
| Vanger | 4:e505054279ed | 4057 | ssl->keys.dtls_expected_peer_handshake_number == item->seq && |
| Vanger | 4:e505054279ed | 4058 | item->fragSz == item->sz && |
| Vanger | 4:e505054279ed | 4059 | ret == 0) { |
| Vanger | 4:e505054279ed | 4060 | word32 idx = 0; |
| Vanger | 4:e505054279ed | 4061 | ssl->keys.dtls_expected_peer_handshake_number++; |
| Vanger | 4:e505054279ed | 4062 | ret = DoHandShakeMsgType(ssl, item->msg, |
| Vanger | 4:e505054279ed | 4063 | &idx, item->type, item->sz, item->sz); |
| Vanger | 4:e505054279ed | 4064 | ssl->dtls_msg_list = item->next; |
| Vanger | 4:e505054279ed | 4065 | DtlsMsgDelete(item, ssl->heap); |
| Vanger | 4:e505054279ed | 4066 | item = ssl->dtls_msg_list; |
| Vanger | 4:e505054279ed | 4067 | } |
| Vanger | 4:e505054279ed | 4068 | |
| Vanger | 4:e505054279ed | 4069 | return ret; |
| Vanger | 4:e505054279ed | 4070 | } |
| Vanger | 4:e505054279ed | 4071 | |
| Vanger | 4:e505054279ed | 4072 | |
| Vanger | 4:e505054279ed | 4073 | static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 4074 | word32 totalSz) |
| Vanger | 4:e505054279ed | 4075 | { |
| Vanger | 4:e505054279ed | 4076 | byte type; |
| Vanger | 4:e505054279ed | 4077 | word32 size; |
| Vanger | 4:e505054279ed | 4078 | word32 fragOffset, fragSz; |
| Vanger | 4:e505054279ed | 4079 | int ret = 0; |
| Vanger | 4:e505054279ed | 4080 | |
| Vanger | 4:e505054279ed | 4081 | CYASSL_ENTER("DoDtlsHandShakeMsg()"); |
| Vanger | 4:e505054279ed | 4082 | if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type, |
| Vanger | 4:e505054279ed | 4083 | &size, &fragOffset, &fragSz) != 0) |
| Vanger | 4:e505054279ed | 4084 | return PARSE_ERROR; |
| Vanger | 4:e505054279ed | 4085 | |
| Vanger | 4:e505054279ed | 4086 | if (*inOutIdx + fragSz > totalSz) |
| Vanger | 4:e505054279ed | 4087 | return INCOMPLETE_DATA; |
| Vanger | 4:e505054279ed | 4088 | |
| Vanger | 4:e505054279ed | 4089 | /* Check the handshake sequence number first. If out of order, |
| Vanger | 4:e505054279ed | 4090 | * add the current message to the list. If the message is in order, |
| Vanger | 4:e505054279ed | 4091 | * but it is a fragment, add the current message to the list, then |
| Vanger | 4:e505054279ed | 4092 | * check the head of the list to see if it is complete, if so, pop |
| Vanger | 4:e505054279ed | 4093 | * it out as the current message. If the message is complete and in |
| Vanger | 4:e505054279ed | 4094 | * order, process it. Check the head of the list to see if it is in |
| Vanger | 4:e505054279ed | 4095 | * order, if so, process it. (Repeat until list exhausted.) If the |
| Vanger | 4:e505054279ed | 4096 | * head is out of order, return for more processing. |
| Vanger | 4:e505054279ed | 4097 | */ |
| Vanger | 4:e505054279ed | 4098 | if (ssl->keys.dtls_peer_handshake_number > |
| Vanger | 4:e505054279ed | 4099 | ssl->keys.dtls_expected_peer_handshake_number) { |
| Vanger | 4:e505054279ed | 4100 | /* Current message is out of order. It will get stored in the list. |
| Vanger | 4:e505054279ed | 4101 | * Storing also takes care of defragmentation. */ |
| Vanger | 4:e505054279ed | 4102 | ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, |
| Vanger | 4:e505054279ed | 4103 | ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, |
| Vanger | 4:e505054279ed | 4104 | size, type, fragOffset, fragSz, ssl->heap); |
| Vanger | 4:e505054279ed | 4105 | *inOutIdx += fragSz; |
| Vanger | 4:e505054279ed | 4106 | ret = 0; |
| Vanger | 4:e505054279ed | 4107 | } |
| Vanger | 4:e505054279ed | 4108 | else if (ssl->keys.dtls_peer_handshake_number < |
| Vanger | 4:e505054279ed | 4109 | ssl->keys.dtls_expected_peer_handshake_number) { |
| Vanger | 4:e505054279ed | 4110 | /* Already saw this message and processed it. It can be ignored. */ |
| Vanger | 4:e505054279ed | 4111 | *inOutIdx += fragSz; |
| Vanger | 4:e505054279ed | 4112 | ret = 0; |
| Vanger | 4:e505054279ed | 4113 | } |
| Vanger | 4:e505054279ed | 4114 | else if (fragSz < size) { |
| Vanger | 4:e505054279ed | 4115 | /* Since this branch is in order, but fragmented, dtls_msg_list will be |
| Vanger | 4:e505054279ed | 4116 | * pointing to the message with this fragment in it. Check it to see |
| Vanger | 4:e505054279ed | 4117 | * if it is completed. */ |
| Vanger | 4:e505054279ed | 4118 | ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list, |
| Vanger | 4:e505054279ed | 4119 | ssl->keys.dtls_peer_handshake_number, input + *inOutIdx, |
| Vanger | 4:e505054279ed | 4120 | size, type, fragOffset, fragSz, ssl->heap); |
| Vanger | 4:e505054279ed | 4121 | *inOutIdx += fragSz; |
| Vanger | 4:e505054279ed | 4122 | ret = 0; |
| Vanger | 4:e505054279ed | 4123 | if (ssl->dtls_msg_list != NULL && |
| Vanger | 4:e505054279ed | 4124 | ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz) |
| Vanger | 4:e505054279ed | 4125 | ret = DtlsMsgDrain(ssl); |
| Vanger | 4:e505054279ed | 4126 | } |
| Vanger | 4:e505054279ed | 4127 | else { |
| Vanger | 4:e505054279ed | 4128 | /* This branch is in order next, and a complete message. */ |
| Vanger | 4:e505054279ed | 4129 | ssl->keys.dtls_expected_peer_handshake_number++; |
| Vanger | 4:e505054279ed | 4130 | ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); |
| Vanger | 4:e505054279ed | 4131 | if (ret == 0 && ssl->dtls_msg_list != NULL) |
| Vanger | 4:e505054279ed | 4132 | ret = DtlsMsgDrain(ssl); |
| Vanger | 4:e505054279ed | 4133 | } |
| Vanger | 4:e505054279ed | 4134 | |
| Vanger | 4:e505054279ed | 4135 | CYASSL_LEAVE("DoDtlsHandShakeMsg()", ret); |
| Vanger | 4:e505054279ed | 4136 | return ret; |
| Vanger | 4:e505054279ed | 4137 | } |
| Vanger | 4:e505054279ed | 4138 | #endif |
| Vanger | 4:e505054279ed | 4139 | |
| Vanger | 4:e505054279ed | 4140 | |
| Vanger | 4:e505054279ed | 4141 | static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify) |
| Vanger | 4:e505054279ed | 4142 | { |
| Vanger | 4:e505054279ed | 4143 | if (verify) |
| Vanger | 4:e505054279ed | 4144 | return ssl->keys.peer_sequence_number++; |
| Vanger | 4:e505054279ed | 4145 | else |
| Vanger | 4:e505054279ed | 4146 | return ssl->keys.sequence_number++; |
| Vanger | 4:e505054279ed | 4147 | } |
| Vanger | 4:e505054279ed | 4148 | |
| Vanger | 4:e505054279ed | 4149 | |
| Vanger | 4:e505054279ed | 4150 | #ifdef HAVE_AEAD |
| Vanger | 4:e505054279ed | 4151 | static INLINE void AeadIncrementExpIV(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 4152 | { |
| Vanger | 4:e505054279ed | 4153 | int i; |
| Vanger | 4:e505054279ed | 4154 | for (i = AEAD_EXP_IV_SZ-1; i >= 0; i--) { |
| Vanger | 4:e505054279ed | 4155 | if (++ssl->keys.aead_exp_IV[i]) return; |
| Vanger | 4:e505054279ed | 4156 | } |
| Vanger | 4:e505054279ed | 4157 | } |
| Vanger | 4:e505054279ed | 4158 | #endif |
| Vanger | 4:e505054279ed | 4159 | |
| Vanger | 4:e505054279ed | 4160 | |
| Vanger | 4:e505054279ed | 4161 | static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) |
| Vanger | 4:e505054279ed | 4162 | { |
| Vanger | 4:e505054279ed | 4163 | (void)out; |
| Vanger | 4:e505054279ed | 4164 | (void)input; |
| Vanger | 4:e505054279ed | 4165 | (void)sz; |
| Vanger | 4:e505054279ed | 4166 | |
| Vanger | 4:e505054279ed | 4167 | if (ssl->encrypt.setup == 0) { |
| Vanger | 4:e505054279ed | 4168 | CYASSL_MSG("Encrypt ciphers not setup"); |
| Vanger | 4:e505054279ed | 4169 | return ENCRYPT_ERROR; |
| Vanger | 4:e505054279ed | 4170 | } |
| Vanger | 4:e505054279ed | 4171 | |
| Vanger | 4:e505054279ed | 4172 | switch (ssl->specs.bulk_cipher_algorithm) { |
| Vanger | 4:e505054279ed | 4173 | #ifdef BUILD_ARC4 |
| Vanger | 4:e505054279ed | 4174 | case cyassl_rc4: |
| Vanger | 4:e505054279ed | 4175 | Arc4Process(ssl->encrypt.arc4, out, input, sz); |
| Vanger | 4:e505054279ed | 4176 | break; |
| Vanger | 4:e505054279ed | 4177 | #endif |
| Vanger | 4:e505054279ed | 4178 | |
| Vanger | 4:e505054279ed | 4179 | #ifdef BUILD_DES3 |
| Vanger | 4:e505054279ed | 4180 | case cyassl_triple_des: |
| Vanger | 4:e505054279ed | 4181 | return Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz); |
| Vanger | 4:e505054279ed | 4182 | #endif |
| Vanger | 4:e505054279ed | 4183 | |
| Vanger | 4:e505054279ed | 4184 | #ifdef BUILD_AES |
| Vanger | 4:e505054279ed | 4185 | case cyassl_aes: |
| Vanger | 4:e505054279ed | 4186 | return AesCbcEncrypt(ssl->encrypt.aes, out, input, sz); |
| Vanger | 4:e505054279ed | 4187 | #endif |
| Vanger | 4:e505054279ed | 4188 | |
| Vanger | 4:e505054279ed | 4189 | #ifdef BUILD_AESGCM |
| Vanger | 4:e505054279ed | 4190 | case cyassl_aes_gcm: |
| Vanger | 4:e505054279ed | 4191 | { |
| Vanger | 4:e505054279ed | 4192 | byte additional[AES_BLOCK_SIZE]; |
| Vanger | 4:e505054279ed | 4193 | byte nonce[AEAD_NONCE_SZ]; |
| Vanger | 4:e505054279ed | 4194 | const byte* additionalSrc = input - 5; |
| Vanger | 4:e505054279ed | 4195 | |
| Vanger | 4:e505054279ed | 4196 | XMEMSET(additional, 0, AES_BLOCK_SIZE); |
| Vanger | 4:e505054279ed | 4197 | |
| Vanger | 4:e505054279ed | 4198 | /* sequence number field is 64-bits, we only use 32-bits */ |
| Vanger | 4:e505054279ed | 4199 | c32toa(GetSEQIncrement(ssl, 0), |
| Vanger | 4:e505054279ed | 4200 | additional + AEAD_SEQ_OFFSET); |
| Vanger | 4:e505054279ed | 4201 | |
| Vanger | 4:e505054279ed | 4202 | /* Store the type, version. Unfortunately, they are in |
| Vanger | 4:e505054279ed | 4203 | * the input buffer ahead of the plaintext. */ |
| Vanger | 4:e505054279ed | 4204 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 4205 | if (ssl->options.dtls) |
| Vanger | 4:e505054279ed | 4206 | additionalSrc -= DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 4207 | #endif |
| Vanger | 4:e505054279ed | 4208 | XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); |
| Vanger | 4:e505054279ed | 4209 | |
| Vanger | 4:e505054279ed | 4210 | /* Store the length of the plain text minus the explicit |
| Vanger | 4:e505054279ed | 4211 | * IV length minus the authentication tag size. */ |
| Vanger | 4:e505054279ed | 4212 | c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4213 | additional + AEAD_LEN_OFFSET); |
| Vanger | 4:e505054279ed | 4214 | XMEMCPY(nonce, |
| Vanger | 4:e505054279ed | 4215 | ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ); |
| Vanger | 4:e505054279ed | 4216 | XMEMCPY(nonce + AEAD_IMP_IV_SZ, |
| Vanger | 4:e505054279ed | 4217 | ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); |
| Vanger | 4:e505054279ed | 4218 | AesGcmEncrypt(ssl->encrypt.aes, |
| Vanger | 4:e505054279ed | 4219 | out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ, |
| Vanger | 4:e505054279ed | 4220 | sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4221 | nonce, AEAD_NONCE_SZ, |
| Vanger | 4:e505054279ed | 4222 | out + sz - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4223 | ssl->specs.aead_mac_size, additional, |
| Vanger | 4:e505054279ed | 4224 | AEAD_AUTH_DATA_SZ); |
| Vanger | 4:e505054279ed | 4225 | AeadIncrementExpIV(ssl); |
| Vanger | 4:e505054279ed | 4226 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
| Vanger | 4:e505054279ed | 4227 | } |
| Vanger | 4:e505054279ed | 4228 | break; |
| Vanger | 4:e505054279ed | 4229 | #endif |
| Vanger | 4:e505054279ed | 4230 | |
| Vanger | 4:e505054279ed | 4231 | #ifdef HAVE_AESCCM |
| Vanger | 4:e505054279ed | 4232 | case cyassl_aes_ccm: |
| Vanger | 4:e505054279ed | 4233 | { |
| Vanger | 4:e505054279ed | 4234 | byte additional[AES_BLOCK_SIZE]; |
| Vanger | 4:e505054279ed | 4235 | byte nonce[AEAD_NONCE_SZ]; |
| Vanger | 4:e505054279ed | 4236 | const byte* additionalSrc = input - 5; |
| Vanger | 4:e505054279ed | 4237 | |
| Vanger | 4:e505054279ed | 4238 | XMEMSET(additional, 0, AES_BLOCK_SIZE); |
| Vanger | 4:e505054279ed | 4239 | |
| Vanger | 4:e505054279ed | 4240 | /* sequence number field is 64-bits, we only use 32-bits */ |
| Vanger | 4:e505054279ed | 4241 | c32toa(GetSEQIncrement(ssl, 0), |
| Vanger | 4:e505054279ed | 4242 | additional + AEAD_SEQ_OFFSET); |
| Vanger | 4:e505054279ed | 4243 | |
| Vanger | 4:e505054279ed | 4244 | /* Store the type, version. Unfortunately, they are in |
| Vanger | 4:e505054279ed | 4245 | * the input buffer ahead of the plaintext. */ |
| Vanger | 4:e505054279ed | 4246 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 4247 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 4248 | c16toa(ssl->keys.dtls_epoch, additional); |
| Vanger | 4:e505054279ed | 4249 | additionalSrc -= DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 4250 | } |
| Vanger | 4:e505054279ed | 4251 | #endif |
| Vanger | 4:e505054279ed | 4252 | XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); |
| Vanger | 4:e505054279ed | 4253 | |
| Vanger | 4:e505054279ed | 4254 | /* Store the length of the plain text minus the explicit |
| Vanger | 4:e505054279ed | 4255 | * IV length minus the authentication tag size. */ |
| Vanger | 4:e505054279ed | 4256 | c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4257 | additional + AEAD_LEN_OFFSET); |
| Vanger | 4:e505054279ed | 4258 | XMEMCPY(nonce, |
| Vanger | 4:e505054279ed | 4259 | ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ); |
| Vanger | 4:e505054279ed | 4260 | XMEMCPY(nonce + AEAD_IMP_IV_SZ, |
| Vanger | 4:e505054279ed | 4261 | ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); |
| Vanger | 4:e505054279ed | 4262 | AesCcmEncrypt(ssl->encrypt.aes, |
| Vanger | 4:e505054279ed | 4263 | out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ, |
| Vanger | 4:e505054279ed | 4264 | sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4265 | nonce, AEAD_NONCE_SZ, |
| Vanger | 4:e505054279ed | 4266 | out + sz - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4267 | ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4268 | additional, AEAD_AUTH_DATA_SZ); |
| Vanger | 4:e505054279ed | 4269 | AeadIncrementExpIV(ssl); |
| Vanger | 4:e505054279ed | 4270 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
| Vanger | 4:e505054279ed | 4271 | |
| Vanger | 4:e505054279ed | 4272 | break; |
| Vanger | 4:e505054279ed | 4273 | } |
| Vanger | 4:e505054279ed | 4274 | #endif |
| Vanger | 4:e505054279ed | 4275 | |
| Vanger | 4:e505054279ed | 4276 | #ifdef HAVE_CAMELLIA |
| Vanger | 4:e505054279ed | 4277 | case cyassl_camellia: |
| Vanger | 4:e505054279ed | 4278 | CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz); |
| Vanger | 4:e505054279ed | 4279 | break; |
| Vanger | 4:e505054279ed | 4280 | #endif |
| Vanger | 4:e505054279ed | 4281 | |
| Vanger | 4:e505054279ed | 4282 | #ifdef HAVE_HC128 |
| Vanger | 4:e505054279ed | 4283 | case cyassl_hc128: |
| Vanger | 4:e505054279ed | 4284 | return Hc128_Process(ssl->encrypt.hc128, out, input, sz); |
| Vanger | 4:e505054279ed | 4285 | #endif |
| Vanger | 4:e505054279ed | 4286 | |
| Vanger | 4:e505054279ed | 4287 | #ifdef BUILD_RABBIT |
| Vanger | 4:e505054279ed | 4288 | case cyassl_rabbit: |
| Vanger | 4:e505054279ed | 4289 | return RabbitProcess(ssl->encrypt.rabbit, out, input, sz); |
| Vanger | 4:e505054279ed | 4290 | #endif |
| Vanger | 4:e505054279ed | 4291 | |
| Vanger | 4:e505054279ed | 4292 | #ifdef HAVE_NULL_CIPHER |
| Vanger | 4:e505054279ed | 4293 | case cyassl_cipher_null: |
| Vanger | 4:e505054279ed | 4294 | if (input != out) { |
| Vanger | 4:e505054279ed | 4295 | XMEMMOVE(out, input, sz); |
| Vanger | 4:e505054279ed | 4296 | } |
| Vanger | 4:e505054279ed | 4297 | break; |
| Vanger | 4:e505054279ed | 4298 | #endif |
| Vanger | 4:e505054279ed | 4299 | |
| Vanger | 4:e505054279ed | 4300 | default: |
| Vanger | 4:e505054279ed | 4301 | CYASSL_MSG("CyaSSL Encrypt programming error"); |
| Vanger | 4:e505054279ed | 4302 | return ENCRYPT_ERROR; |
| Vanger | 4:e505054279ed | 4303 | } |
| Vanger | 4:e505054279ed | 4304 | |
| Vanger | 4:e505054279ed | 4305 | return 0; |
| Vanger | 4:e505054279ed | 4306 | } |
| Vanger | 4:e505054279ed | 4307 | |
| Vanger | 4:e505054279ed | 4308 | |
| Vanger | 4:e505054279ed | 4309 | |
| Vanger | 4:e505054279ed | 4310 | static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, |
| Vanger | 4:e505054279ed | 4311 | word16 sz) |
| Vanger | 4:e505054279ed | 4312 | { |
| Vanger | 4:e505054279ed | 4313 | (void)plain; |
| Vanger | 4:e505054279ed | 4314 | (void)input; |
| Vanger | 4:e505054279ed | 4315 | (void)sz; |
| Vanger | 4:e505054279ed | 4316 | |
| Vanger | 4:e505054279ed | 4317 | if (ssl->decrypt.setup == 0) { |
| Vanger | 4:e505054279ed | 4318 | CYASSL_MSG("Decrypt ciphers not setup"); |
| Vanger | 4:e505054279ed | 4319 | return DECRYPT_ERROR; |
| Vanger | 4:e505054279ed | 4320 | } |
| Vanger | 4:e505054279ed | 4321 | |
| Vanger | 4:e505054279ed | 4322 | switch (ssl->specs.bulk_cipher_algorithm) { |
| Vanger | 4:e505054279ed | 4323 | #ifdef BUILD_ARC4 |
| Vanger | 4:e505054279ed | 4324 | case cyassl_rc4: |
| Vanger | 4:e505054279ed | 4325 | Arc4Process(ssl->decrypt.arc4, plain, input, sz); |
| Vanger | 4:e505054279ed | 4326 | break; |
| Vanger | 4:e505054279ed | 4327 | #endif |
| Vanger | 4:e505054279ed | 4328 | |
| Vanger | 4:e505054279ed | 4329 | #ifdef BUILD_DES3 |
| Vanger | 4:e505054279ed | 4330 | case cyassl_triple_des: |
| Vanger | 4:e505054279ed | 4331 | return Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz); |
| Vanger | 4:e505054279ed | 4332 | #endif |
| Vanger | 4:e505054279ed | 4333 | |
| Vanger | 4:e505054279ed | 4334 | #ifdef BUILD_AES |
| Vanger | 4:e505054279ed | 4335 | case cyassl_aes: |
| Vanger | 4:e505054279ed | 4336 | return AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz); |
| Vanger | 4:e505054279ed | 4337 | #endif |
| Vanger | 4:e505054279ed | 4338 | |
| Vanger | 4:e505054279ed | 4339 | #ifdef BUILD_AESGCM |
| Vanger | 4:e505054279ed | 4340 | case cyassl_aes_gcm: |
| Vanger | 4:e505054279ed | 4341 | { |
| Vanger | 4:e505054279ed | 4342 | byte additional[AES_BLOCK_SIZE]; |
| Vanger | 4:e505054279ed | 4343 | byte nonce[AEAD_NONCE_SZ]; |
| Vanger | 4:e505054279ed | 4344 | |
| Vanger | 4:e505054279ed | 4345 | XMEMSET(additional, 0, AES_BLOCK_SIZE); |
| Vanger | 4:e505054279ed | 4346 | |
| Vanger | 4:e505054279ed | 4347 | /* sequence number field is 64-bits, we only use 32-bits */ |
| Vanger | 4:e505054279ed | 4348 | c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); |
| Vanger | 4:e505054279ed | 4349 | |
| Vanger | 4:e505054279ed | 4350 | additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; |
| Vanger | 4:e505054279ed | 4351 | additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; |
| Vanger | 4:e505054279ed | 4352 | additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; |
| Vanger | 4:e505054279ed | 4353 | |
| Vanger | 4:e505054279ed | 4354 | c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4355 | additional + AEAD_LEN_OFFSET); |
| Vanger | 4:e505054279ed | 4356 | XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); |
| Vanger | 4:e505054279ed | 4357 | XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ); |
| Vanger | 4:e505054279ed | 4358 | if (AesGcmDecrypt(ssl->decrypt.aes, |
| Vanger | 4:e505054279ed | 4359 | plain + AEAD_EXP_IV_SZ, |
| Vanger | 4:e505054279ed | 4360 | input + AEAD_EXP_IV_SZ, |
| Vanger | 4:e505054279ed | 4361 | sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4362 | nonce, AEAD_NONCE_SZ, |
| Vanger | 4:e505054279ed | 4363 | input + sz - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4364 | ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4365 | additional, AEAD_AUTH_DATA_SZ) < 0) { |
| Vanger | 4:e505054279ed | 4366 | SendAlert(ssl, alert_fatal, bad_record_mac); |
| Vanger | 4:e505054279ed | 4367 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
| Vanger | 4:e505054279ed | 4368 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4369 | } |
| Vanger | 4:e505054279ed | 4370 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
| Vanger | 4:e505054279ed | 4371 | break; |
| Vanger | 4:e505054279ed | 4372 | } |
| Vanger | 4:e505054279ed | 4373 | #endif |
| Vanger | 4:e505054279ed | 4374 | |
| Vanger | 4:e505054279ed | 4375 | #ifdef HAVE_AESCCM |
| Vanger | 4:e505054279ed | 4376 | case cyassl_aes_ccm: |
| Vanger | 4:e505054279ed | 4377 | { |
| Vanger | 4:e505054279ed | 4378 | byte additional[AES_BLOCK_SIZE]; |
| Vanger | 4:e505054279ed | 4379 | byte nonce[AEAD_NONCE_SZ]; |
| Vanger | 4:e505054279ed | 4380 | |
| Vanger | 4:e505054279ed | 4381 | XMEMSET(additional, 0, AES_BLOCK_SIZE); |
| Vanger | 4:e505054279ed | 4382 | |
| Vanger | 4:e505054279ed | 4383 | /* sequence number field is 64-bits, we only use 32-bits */ |
| Vanger | 4:e505054279ed | 4384 | c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET); |
| Vanger | 4:e505054279ed | 4385 | |
| Vanger | 4:e505054279ed | 4386 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 4387 | if (ssl->options.dtls) |
| Vanger | 4:e505054279ed | 4388 | c16toa(ssl->keys.dtls_state.curEpoch, additional); |
| Vanger | 4:e505054279ed | 4389 | #endif |
| Vanger | 4:e505054279ed | 4390 | |
| Vanger | 4:e505054279ed | 4391 | additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; |
| Vanger | 4:e505054279ed | 4392 | additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; |
| Vanger | 4:e505054279ed | 4393 | additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; |
| Vanger | 4:e505054279ed | 4394 | |
| Vanger | 4:e505054279ed | 4395 | c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4396 | additional + AEAD_LEN_OFFSET); |
| Vanger | 4:e505054279ed | 4397 | XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); |
| Vanger | 4:e505054279ed | 4398 | XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ); |
| Vanger | 4:e505054279ed | 4399 | if (AesCcmDecrypt(ssl->decrypt.aes, |
| Vanger | 4:e505054279ed | 4400 | plain + AEAD_EXP_IV_SZ, |
| Vanger | 4:e505054279ed | 4401 | input + AEAD_EXP_IV_SZ, |
| Vanger | 4:e505054279ed | 4402 | sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4403 | nonce, AEAD_NONCE_SZ, |
| Vanger | 4:e505054279ed | 4404 | input + sz - ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4405 | ssl->specs.aead_mac_size, |
| Vanger | 4:e505054279ed | 4406 | additional, AEAD_AUTH_DATA_SZ) < 0) { |
| Vanger | 4:e505054279ed | 4407 | SendAlert(ssl, alert_fatal, bad_record_mac); |
| Vanger | 4:e505054279ed | 4408 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
| Vanger | 4:e505054279ed | 4409 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4410 | } |
| Vanger | 4:e505054279ed | 4411 | XMEMSET(nonce, 0, AEAD_NONCE_SZ); |
| Vanger | 4:e505054279ed | 4412 | break; |
| Vanger | 4:e505054279ed | 4413 | } |
| Vanger | 4:e505054279ed | 4414 | #endif |
| Vanger | 4:e505054279ed | 4415 | |
| Vanger | 4:e505054279ed | 4416 | #ifdef HAVE_CAMELLIA |
| Vanger | 4:e505054279ed | 4417 | case cyassl_camellia: |
| Vanger | 4:e505054279ed | 4418 | CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz); |
| Vanger | 4:e505054279ed | 4419 | break; |
| Vanger | 4:e505054279ed | 4420 | #endif |
| Vanger | 4:e505054279ed | 4421 | |
| Vanger | 4:e505054279ed | 4422 | #ifdef HAVE_HC128 |
| Vanger | 4:e505054279ed | 4423 | case cyassl_hc128: |
| Vanger | 4:e505054279ed | 4424 | return Hc128_Process(ssl->decrypt.hc128, plain, input, sz); |
| Vanger | 4:e505054279ed | 4425 | #endif |
| Vanger | 4:e505054279ed | 4426 | |
| Vanger | 4:e505054279ed | 4427 | #ifdef BUILD_RABBIT |
| Vanger | 4:e505054279ed | 4428 | case cyassl_rabbit: |
| Vanger | 4:e505054279ed | 4429 | return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz); |
| Vanger | 4:e505054279ed | 4430 | #endif |
| Vanger | 4:e505054279ed | 4431 | |
| Vanger | 4:e505054279ed | 4432 | #ifdef HAVE_NULL_CIPHER |
| Vanger | 4:e505054279ed | 4433 | case cyassl_cipher_null: |
| Vanger | 4:e505054279ed | 4434 | if (input != plain) { |
| Vanger | 4:e505054279ed | 4435 | XMEMMOVE(plain, input, sz); |
| Vanger | 4:e505054279ed | 4436 | } |
| Vanger | 4:e505054279ed | 4437 | break; |
| Vanger | 4:e505054279ed | 4438 | #endif |
| Vanger | 4:e505054279ed | 4439 | |
| Vanger | 4:e505054279ed | 4440 | default: |
| Vanger | 4:e505054279ed | 4441 | CYASSL_MSG("CyaSSL Decrypt programming error"); |
| Vanger | 4:e505054279ed | 4442 | return DECRYPT_ERROR; |
| Vanger | 4:e505054279ed | 4443 | } |
| Vanger | 4:e505054279ed | 4444 | return 0; |
| Vanger | 4:e505054279ed | 4445 | } |
| Vanger | 4:e505054279ed | 4446 | |
| Vanger | 4:e505054279ed | 4447 | |
| Vanger | 4:e505054279ed | 4448 | /* check cipher text size for sanity */ |
| Vanger | 4:e505054279ed | 4449 | static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz) |
| Vanger | 4:e505054279ed | 4450 | { |
| Vanger | 4:e505054279ed | 4451 | #ifdef HAVE_TRUNCATED_HMAC |
| Vanger | 4:e505054279ed | 4452 | word32 minLength = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ |
| Vanger | 4:e505054279ed | 4453 | : ssl->specs.hash_size; |
| Vanger | 4:e505054279ed | 4454 | #else |
| Vanger | 4:e505054279ed | 4455 | word32 minLength = ssl->specs.hash_size; /* covers stream */ |
| Vanger | 4:e505054279ed | 4456 | #endif |
| Vanger | 4:e505054279ed | 4457 | |
| Vanger | 4:e505054279ed | 4458 | if (ssl->specs.cipher_type == block) { |
| Vanger | 4:e505054279ed | 4459 | if (encryptSz % ssl->specs.block_size) { |
| Vanger | 4:e505054279ed | 4460 | CYASSL_MSG("Block ciphertext not block size"); |
| Vanger | 4:e505054279ed | 4461 | return SANITY_CIPHER_E; |
| Vanger | 4:e505054279ed | 4462 | } |
| Vanger | 4:e505054279ed | 4463 | |
| Vanger | 4:e505054279ed | 4464 | minLength++; /* pad byte */ |
| Vanger | 4:e505054279ed | 4465 | |
| Vanger | 4:e505054279ed | 4466 | if (ssl->specs.block_size > minLength) |
| Vanger | 4:e505054279ed | 4467 | minLength = ssl->specs.block_size; |
| Vanger | 4:e505054279ed | 4468 | |
| Vanger | 4:e505054279ed | 4469 | if (ssl->options.tls1_1) |
| Vanger | 4:e505054279ed | 4470 | minLength += ssl->specs.block_size; /* explicit IV */ |
| Vanger | 4:e505054279ed | 4471 | } |
| Vanger | 4:e505054279ed | 4472 | else if (ssl->specs.cipher_type == aead) { |
| Vanger | 4:e505054279ed | 4473 | minLength = ssl->specs.aead_mac_size + AEAD_EXP_IV_SZ; |
| Vanger | 4:e505054279ed | 4474 | /* explicit IV + authTag size */ |
| Vanger | 4:e505054279ed | 4475 | } |
| Vanger | 4:e505054279ed | 4476 | |
| Vanger | 4:e505054279ed | 4477 | if (encryptSz < minLength) { |
| Vanger | 4:e505054279ed | 4478 | CYASSL_MSG("Ciphertext not minimum size"); |
| Vanger | 4:e505054279ed | 4479 | return SANITY_CIPHER_E; |
| Vanger | 4:e505054279ed | 4480 | } |
| Vanger | 4:e505054279ed | 4481 | |
| Vanger | 4:e505054279ed | 4482 | return 0; |
| Vanger | 4:e505054279ed | 4483 | } |
| Vanger | 4:e505054279ed | 4484 | |
| Vanger | 4:e505054279ed | 4485 | |
| Vanger | 4:e505054279ed | 4486 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 4487 | |
| Vanger | 4:e505054279ed | 4488 | static INLINE void Md5Rounds(int rounds, const byte* data, int sz) |
| Vanger | 4:e505054279ed | 4489 | { |
| Vanger | 4:e505054279ed | 4490 | Md5 md5; |
| Vanger | 4:e505054279ed | 4491 | int i; |
| Vanger | 4:e505054279ed | 4492 | |
| Vanger | 4:e505054279ed | 4493 | InitMd5(&md5); |
| Vanger | 4:e505054279ed | 4494 | |
| Vanger | 4:e505054279ed | 4495 | for (i = 0; i < rounds; i++) |
| Vanger | 4:e505054279ed | 4496 | Md5Update(&md5, data, sz); |
| Vanger | 4:e505054279ed | 4497 | } |
| Vanger | 4:e505054279ed | 4498 | |
| Vanger | 4:e505054279ed | 4499 | |
| Vanger | 4:e505054279ed | 4500 | |
| Vanger | 4:e505054279ed | 4501 | /* do a dummy sha round */ |
| Vanger | 4:e505054279ed | 4502 | static INLINE void ShaRounds(int rounds, const byte* data, int sz) |
| Vanger | 4:e505054279ed | 4503 | { |
| Vanger | 4:e505054279ed | 4504 | Sha sha; |
| Vanger | 4:e505054279ed | 4505 | int i; |
| Vanger | 4:e505054279ed | 4506 | |
| Vanger | 4:e505054279ed | 4507 | InitSha(&sha); /* no error check on purpose, dummy round */ |
| Vanger | 4:e505054279ed | 4508 | |
| Vanger | 4:e505054279ed | 4509 | for (i = 0; i < rounds; i++) |
| Vanger | 4:e505054279ed | 4510 | ShaUpdate(&sha, data, sz); |
| Vanger | 4:e505054279ed | 4511 | } |
| Vanger | 4:e505054279ed | 4512 | #endif |
| Vanger | 4:e505054279ed | 4513 | |
| Vanger | 4:e505054279ed | 4514 | |
| Vanger | 4:e505054279ed | 4515 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 4516 | |
| Vanger | 4:e505054279ed | 4517 | static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) |
| Vanger | 4:e505054279ed | 4518 | { |
| Vanger | 4:e505054279ed | 4519 | Sha256 sha256; |
| Vanger | 4:e505054279ed | 4520 | int i; |
| Vanger | 4:e505054279ed | 4521 | |
| Vanger | 4:e505054279ed | 4522 | InitSha256(&sha256); /* no error check on purpose, dummy round */ |
| Vanger | 4:e505054279ed | 4523 | |
| Vanger | 4:e505054279ed | 4524 | for (i = 0; i < rounds; i++) { |
| Vanger | 4:e505054279ed | 4525 | Sha256Update(&sha256, data, sz); |
| Vanger | 4:e505054279ed | 4526 | /* no error check on purpose, dummy round */ |
| Vanger | 4:e505054279ed | 4527 | } |
| Vanger | 4:e505054279ed | 4528 | |
| Vanger | 4:e505054279ed | 4529 | } |
| Vanger | 4:e505054279ed | 4530 | |
| Vanger | 4:e505054279ed | 4531 | #endif |
| Vanger | 4:e505054279ed | 4532 | |
| Vanger | 4:e505054279ed | 4533 | |
| Vanger | 4:e505054279ed | 4534 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 4535 | |
| Vanger | 4:e505054279ed | 4536 | static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) |
| Vanger | 4:e505054279ed | 4537 | { |
| Vanger | 4:e505054279ed | 4538 | Sha384 sha384; |
| Vanger | 4:e505054279ed | 4539 | int i; |
| Vanger | 4:e505054279ed | 4540 | |
| Vanger | 4:e505054279ed | 4541 | InitSha384(&sha384); /* no error check on purpose, dummy round */ |
| Vanger | 4:e505054279ed | 4542 | |
| Vanger | 4:e505054279ed | 4543 | for (i = 0; i < rounds; i++) { |
| Vanger | 4:e505054279ed | 4544 | Sha384Update(&sha384, data, sz); |
| Vanger | 4:e505054279ed | 4545 | /* no error check on purpose, dummy round */ |
| Vanger | 4:e505054279ed | 4546 | } |
| Vanger | 4:e505054279ed | 4547 | } |
| Vanger | 4:e505054279ed | 4548 | |
| Vanger | 4:e505054279ed | 4549 | #endif |
| Vanger | 4:e505054279ed | 4550 | |
| Vanger | 4:e505054279ed | 4551 | |
| Vanger | 4:e505054279ed | 4552 | #ifdef CYASSL_SHA512 |
| Vanger | 4:e505054279ed | 4553 | |
| Vanger | 4:e505054279ed | 4554 | static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) |
| Vanger | 4:e505054279ed | 4555 | { |
| Vanger | 4:e505054279ed | 4556 | Sha512 sha512; |
| Vanger | 4:e505054279ed | 4557 | int i; |
| Vanger | 4:e505054279ed | 4558 | |
| Vanger | 4:e505054279ed | 4559 | InitSha512(&sha512); /* no error check on purpose, dummy round */ |
| Vanger | 4:e505054279ed | 4560 | |
| Vanger | 4:e505054279ed | 4561 | for (i = 0; i < rounds; i++) { |
| Vanger | 4:e505054279ed | 4562 | Sha512Update(&sha512, data, sz); |
| Vanger | 4:e505054279ed | 4563 | /* no error check on purpose, dummy round */ |
| Vanger | 4:e505054279ed | 4564 | } |
| Vanger | 4:e505054279ed | 4565 | } |
| Vanger | 4:e505054279ed | 4566 | |
| Vanger | 4:e505054279ed | 4567 | #endif |
| Vanger | 4:e505054279ed | 4568 | |
| Vanger | 4:e505054279ed | 4569 | |
| Vanger | 4:e505054279ed | 4570 | #ifdef CYASSL_RIPEMD |
| Vanger | 4:e505054279ed | 4571 | |
| Vanger | 4:e505054279ed | 4572 | static INLINE void RmdRounds(int rounds, const byte* data, int sz) |
| Vanger | 4:e505054279ed | 4573 | { |
| Vanger | 4:e505054279ed | 4574 | RipeMd ripemd; |
| Vanger | 4:e505054279ed | 4575 | int i; |
| Vanger | 4:e505054279ed | 4576 | |
| Vanger | 4:e505054279ed | 4577 | InitRipeMd(&ripemd); |
| Vanger | 4:e505054279ed | 4578 | |
| Vanger | 4:e505054279ed | 4579 | for (i = 0; i < rounds; i++) |
| Vanger | 4:e505054279ed | 4580 | RipeMdUpdate(&ripemd, data, sz); |
| Vanger | 4:e505054279ed | 4581 | } |
| Vanger | 4:e505054279ed | 4582 | |
| Vanger | 4:e505054279ed | 4583 | #endif |
| Vanger | 4:e505054279ed | 4584 | |
| Vanger | 4:e505054279ed | 4585 | |
| Vanger | 4:e505054279ed | 4586 | /* Do dummy rounds */ |
| Vanger | 4:e505054279ed | 4587 | static INLINE void DoRounds(int type, int rounds, const byte* data, int sz) |
| Vanger | 4:e505054279ed | 4588 | { |
| Vanger | 4:e505054279ed | 4589 | switch (type) { |
| Vanger | 4:e505054279ed | 4590 | |
| Vanger | 4:e505054279ed | 4591 | case no_mac : |
| Vanger | 4:e505054279ed | 4592 | break; |
| Vanger | 4:e505054279ed | 4593 | |
| Vanger | 4:e505054279ed | 4594 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 4595 | #ifndef NO_MD5 |
| Vanger | 4:e505054279ed | 4596 | case md5_mac : |
| Vanger | 4:e505054279ed | 4597 | Md5Rounds(rounds, data, sz); |
| Vanger | 4:e505054279ed | 4598 | break; |
| Vanger | 4:e505054279ed | 4599 | #endif |
| Vanger | 4:e505054279ed | 4600 | |
| Vanger | 4:e505054279ed | 4601 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 4602 | case sha_mac : |
| Vanger | 4:e505054279ed | 4603 | ShaRounds(rounds, data, sz); |
| Vanger | 4:e505054279ed | 4604 | break; |
| Vanger | 4:e505054279ed | 4605 | #endif |
| Vanger | 4:e505054279ed | 4606 | #endif |
| Vanger | 4:e505054279ed | 4607 | |
| Vanger | 4:e505054279ed | 4608 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 4609 | case sha256_mac : |
| Vanger | 4:e505054279ed | 4610 | Sha256Rounds(rounds, data, sz); |
| Vanger | 4:e505054279ed | 4611 | break; |
| Vanger | 4:e505054279ed | 4612 | #endif |
| Vanger | 4:e505054279ed | 4613 | |
| Vanger | 4:e505054279ed | 4614 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 4615 | case sha384_mac : |
| Vanger | 4:e505054279ed | 4616 | Sha384Rounds(rounds, data, sz); |
| Vanger | 4:e505054279ed | 4617 | break; |
| Vanger | 4:e505054279ed | 4618 | #endif |
| Vanger | 4:e505054279ed | 4619 | |
| Vanger | 4:e505054279ed | 4620 | #ifdef CYASSL_SHA512 |
| Vanger | 4:e505054279ed | 4621 | case sha512_mac : |
| Vanger | 4:e505054279ed | 4622 | Sha512Rounds(rounds, data, sz); |
| Vanger | 4:e505054279ed | 4623 | break; |
| Vanger | 4:e505054279ed | 4624 | #endif |
| Vanger | 4:e505054279ed | 4625 | |
| Vanger | 4:e505054279ed | 4626 | #ifdef CYASSL_RIPEMD |
| Vanger | 4:e505054279ed | 4627 | case rmd_mac : |
| Vanger | 4:e505054279ed | 4628 | RmdRounds(rounds, data, sz); |
| Vanger | 4:e505054279ed | 4629 | break; |
| Vanger | 4:e505054279ed | 4630 | #endif |
| Vanger | 4:e505054279ed | 4631 | |
| Vanger | 4:e505054279ed | 4632 | default: |
| Vanger | 4:e505054279ed | 4633 | CYASSL_MSG("Bad round type"); |
| Vanger | 4:e505054279ed | 4634 | break; |
| Vanger | 4:e505054279ed | 4635 | } |
| Vanger | 4:e505054279ed | 4636 | } |
| Vanger | 4:e505054279ed | 4637 | |
| Vanger | 4:e505054279ed | 4638 | |
| Vanger | 4:e505054279ed | 4639 | /* do number of compression rounds on dummy data */ |
| Vanger | 4:e505054279ed | 4640 | static INLINE void CompressRounds(CYASSL* ssl, int rounds, const byte* dummy) |
| Vanger | 4:e505054279ed | 4641 | { |
| Vanger | 4:e505054279ed | 4642 | if (rounds) |
| Vanger | 4:e505054279ed | 4643 | DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER); |
| Vanger | 4:e505054279ed | 4644 | } |
| Vanger | 4:e505054279ed | 4645 | |
| Vanger | 4:e505054279ed | 4646 | |
| Vanger | 4:e505054279ed | 4647 | /* check all length bytes for equality, return 0 on success */ |
| Vanger | 4:e505054279ed | 4648 | static int ConstantCompare(const byte* a, const byte* b, int length) |
| Vanger | 4:e505054279ed | 4649 | { |
| Vanger | 4:e505054279ed | 4650 | int i; |
| Vanger | 4:e505054279ed | 4651 | int good = 0; |
| Vanger | 4:e505054279ed | 4652 | int bad = 0; |
| Vanger | 4:e505054279ed | 4653 | |
| Vanger | 4:e505054279ed | 4654 | for (i = 0; i < length; i++) { |
| Vanger | 4:e505054279ed | 4655 | if (a[i] == b[i]) |
| Vanger | 4:e505054279ed | 4656 | good++; |
| Vanger | 4:e505054279ed | 4657 | else |
| Vanger | 4:e505054279ed | 4658 | bad++; |
| Vanger | 4:e505054279ed | 4659 | } |
| Vanger | 4:e505054279ed | 4660 | |
| Vanger | 4:e505054279ed | 4661 | if (good == length) |
| Vanger | 4:e505054279ed | 4662 | return 0; |
| Vanger | 4:e505054279ed | 4663 | else |
| Vanger | 4:e505054279ed | 4664 | return 0 - bad; /* compare failed */ |
| Vanger | 4:e505054279ed | 4665 | } |
| Vanger | 4:e505054279ed | 4666 | |
| Vanger | 4:e505054279ed | 4667 | |
| Vanger | 4:e505054279ed | 4668 | /* check all length bytes for the pad value, return 0 on success */ |
| Vanger | 4:e505054279ed | 4669 | static int PadCheck(const byte* input, byte pad, int length) |
| Vanger | 4:e505054279ed | 4670 | { |
| Vanger | 4:e505054279ed | 4671 | int i; |
| Vanger | 4:e505054279ed | 4672 | int good = 0; |
| Vanger | 4:e505054279ed | 4673 | int bad = 0; |
| Vanger | 4:e505054279ed | 4674 | |
| Vanger | 4:e505054279ed | 4675 | for (i = 0; i < length; i++) { |
| Vanger | 4:e505054279ed | 4676 | if (input[i] == pad) |
| Vanger | 4:e505054279ed | 4677 | good++; |
| Vanger | 4:e505054279ed | 4678 | else |
| Vanger | 4:e505054279ed | 4679 | bad++; |
| Vanger | 4:e505054279ed | 4680 | } |
| Vanger | 4:e505054279ed | 4681 | |
| Vanger | 4:e505054279ed | 4682 | if (good == length) |
| Vanger | 4:e505054279ed | 4683 | return 0; |
| Vanger | 4:e505054279ed | 4684 | else |
| Vanger | 4:e505054279ed | 4685 | return 0 - bad; /* pad check failed */ |
| Vanger | 4:e505054279ed | 4686 | } |
| Vanger | 4:e505054279ed | 4687 | |
| Vanger | 4:e505054279ed | 4688 | |
| Vanger | 4:e505054279ed | 4689 | /* get compression extra rounds */ |
| Vanger | 4:e505054279ed | 4690 | static INLINE int GetRounds(int pLen, int padLen, int t) |
| Vanger | 4:e505054279ed | 4691 | { |
| Vanger | 4:e505054279ed | 4692 | int roundL1 = 1; /* round up flags */ |
| Vanger | 4:e505054279ed | 4693 | int roundL2 = 1; |
| Vanger | 4:e505054279ed | 4694 | |
| Vanger | 4:e505054279ed | 4695 | int L1 = COMPRESS_CONSTANT + pLen - t; |
| Vanger | 4:e505054279ed | 4696 | int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t; |
| Vanger | 4:e505054279ed | 4697 | |
| Vanger | 4:e505054279ed | 4698 | L1 -= COMPRESS_UPPER; |
| Vanger | 4:e505054279ed | 4699 | L2 -= COMPRESS_UPPER; |
| Vanger | 4:e505054279ed | 4700 | |
| Vanger | 4:e505054279ed | 4701 | if ( (L1 % COMPRESS_LOWER) == 0) |
| Vanger | 4:e505054279ed | 4702 | roundL1 = 0; |
| Vanger | 4:e505054279ed | 4703 | if ( (L2 % COMPRESS_LOWER) == 0) |
| Vanger | 4:e505054279ed | 4704 | roundL2 = 0; |
| Vanger | 4:e505054279ed | 4705 | |
| Vanger | 4:e505054279ed | 4706 | L1 /= COMPRESS_LOWER; |
| Vanger | 4:e505054279ed | 4707 | L2 /= COMPRESS_LOWER; |
| Vanger | 4:e505054279ed | 4708 | |
| Vanger | 4:e505054279ed | 4709 | L1 += roundL1; |
| Vanger | 4:e505054279ed | 4710 | L2 += roundL2; |
| Vanger | 4:e505054279ed | 4711 | |
| Vanger | 4:e505054279ed | 4712 | return L1 - L2; |
| Vanger | 4:e505054279ed | 4713 | } |
| Vanger | 4:e505054279ed | 4714 | |
| Vanger | 4:e505054279ed | 4715 | |
| Vanger | 4:e505054279ed | 4716 | /* timing resistant pad/verify check, return 0 on success */ |
| Vanger | 4:e505054279ed | 4717 | static int TimingPadVerify(CYASSL* ssl, const byte* input, int padLen, int t, |
| Vanger | 4:e505054279ed | 4718 | int pLen, int content) |
| Vanger | 4:e505054279ed | 4719 | { |
| Vanger | 4:e505054279ed | 4720 | byte verify[MAX_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 4721 | byte dummy[MAX_PAD_SIZE]; |
| Vanger | 4:e505054279ed | 4722 | int ret = 0; |
| Vanger | 4:e505054279ed | 4723 | |
| Vanger | 4:e505054279ed | 4724 | XMEMSET(dummy, 1, sizeof(dummy)); |
| Vanger | 4:e505054279ed | 4725 | |
| Vanger | 4:e505054279ed | 4726 | if ( (t + padLen + 1) > pLen) { |
| Vanger | 4:e505054279ed | 4727 | CYASSL_MSG("Plain Len not long enough for pad/mac"); |
| Vanger | 4:e505054279ed | 4728 | PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE); |
| Vanger | 4:e505054279ed | 4729 | ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ |
| Vanger | 4:e505054279ed | 4730 | ConstantCompare(verify, input + pLen - t, t); |
| Vanger | 4:e505054279ed | 4731 | |
| Vanger | 4:e505054279ed | 4732 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4733 | } |
| Vanger | 4:e505054279ed | 4734 | |
| Vanger | 4:e505054279ed | 4735 | if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) { |
| Vanger | 4:e505054279ed | 4736 | CYASSL_MSG("PadCheck failed"); |
| Vanger | 4:e505054279ed | 4737 | PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); |
| Vanger | 4:e505054279ed | 4738 | ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ |
| Vanger | 4:e505054279ed | 4739 | ConstantCompare(verify, input + pLen - t, t); |
| Vanger | 4:e505054279ed | 4740 | |
| Vanger | 4:e505054279ed | 4741 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4742 | } |
| Vanger | 4:e505054279ed | 4743 | |
| Vanger | 4:e505054279ed | 4744 | PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); |
| Vanger | 4:e505054279ed | 4745 | ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1); |
| Vanger | 4:e505054279ed | 4746 | |
| Vanger | 4:e505054279ed | 4747 | CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy); |
| Vanger | 4:e505054279ed | 4748 | |
| Vanger | 4:e505054279ed | 4749 | if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) { |
| Vanger | 4:e505054279ed | 4750 | CYASSL_MSG("Verify MAC compare failed"); |
| Vanger | 4:e505054279ed | 4751 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4752 | } |
| Vanger | 4:e505054279ed | 4753 | |
| Vanger | 4:e505054279ed | 4754 | if (ret != 0) |
| Vanger | 4:e505054279ed | 4755 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4756 | return 0; |
| Vanger | 4:e505054279ed | 4757 | } |
| Vanger | 4:e505054279ed | 4758 | |
| Vanger | 4:e505054279ed | 4759 | |
| Vanger | 4:e505054279ed | 4760 | int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx) |
| Vanger | 4:e505054279ed | 4761 | { |
| Vanger | 4:e505054279ed | 4762 | word32 msgSz = ssl->keys.encryptSz; |
| Vanger | 4:e505054279ed | 4763 | word32 idx = *inOutIdx; |
| Vanger | 4:e505054279ed | 4764 | int dataSz; |
| Vanger | 4:e505054279ed | 4765 | int ivExtra = 0; |
| Vanger | 4:e505054279ed | 4766 | byte* rawData = input + idx; /* keep current for hmac */ |
| Vanger | 4:e505054279ed | 4767 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 4768 | byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; |
| Vanger | 4:e505054279ed | 4769 | #endif |
| Vanger | 4:e505054279ed | 4770 | |
| Vanger | 4:e505054279ed | 4771 | if (ssl->options.handShakeState != HANDSHAKE_DONE) { |
| Vanger | 4:e505054279ed | 4772 | CYASSL_MSG("Received App data before handshake complete"); |
| Vanger | 4:e505054279ed | 4773 | SendAlert(ssl, alert_fatal, unexpected_message); |
| Vanger | 4:e505054279ed | 4774 | return OUT_OF_ORDER_E; |
| Vanger | 4:e505054279ed | 4775 | } |
| Vanger | 4:e505054279ed | 4776 | |
| Vanger | 4:e505054279ed | 4777 | if (ssl->specs.cipher_type == block) { |
| Vanger | 4:e505054279ed | 4778 | if (ssl->options.tls1_1) |
| Vanger | 4:e505054279ed | 4779 | ivExtra = ssl->specs.block_size; |
| Vanger | 4:e505054279ed | 4780 | } |
| Vanger | 4:e505054279ed | 4781 | else if (ssl->specs.cipher_type == aead) { |
| Vanger | 4:e505054279ed | 4782 | ivExtra = AEAD_EXP_IV_SZ; |
| Vanger | 4:e505054279ed | 4783 | } |
| Vanger | 4:e505054279ed | 4784 | |
| Vanger | 4:e505054279ed | 4785 | dataSz = msgSz - ivExtra - ssl->keys.padSz; |
| Vanger | 4:e505054279ed | 4786 | if (dataSz < 0) { |
| Vanger | 4:e505054279ed | 4787 | CYASSL_MSG("App data buffer error, malicious input?"); |
| Vanger | 4:e505054279ed | 4788 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 4789 | } |
| Vanger | 4:e505054279ed | 4790 | |
| Vanger | 4:e505054279ed | 4791 | /* read data */ |
| Vanger | 4:e505054279ed | 4792 | if (dataSz) { |
| Vanger | 4:e505054279ed | 4793 | int rawSz = dataSz; /* keep raw size for idx adjustment */ |
| Vanger | 4:e505054279ed | 4794 | |
| Vanger | 4:e505054279ed | 4795 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 4796 | if (ssl->options.usingCompression) { |
| Vanger | 4:e505054279ed | 4797 | dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp)); |
| Vanger | 4:e505054279ed | 4798 | if (dataSz < 0) return dataSz; |
| Vanger | 4:e505054279ed | 4799 | } |
| Vanger | 4:e505054279ed | 4800 | #endif |
| Vanger | 4:e505054279ed | 4801 | idx += rawSz; |
| Vanger | 4:e505054279ed | 4802 | |
| Vanger | 4:e505054279ed | 4803 | ssl->buffers.clearOutputBuffer.buffer = rawData; |
| Vanger | 4:e505054279ed | 4804 | ssl->buffers.clearOutputBuffer.length = dataSz; |
| Vanger | 4:e505054279ed | 4805 | } |
| Vanger | 4:e505054279ed | 4806 | |
| Vanger | 4:e505054279ed | 4807 | idx += ssl->keys.padSz; |
| Vanger | 4:e505054279ed | 4808 | |
| Vanger | 4:e505054279ed | 4809 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 4810 | /* decompress could be bigger, overwrite after verify */ |
| Vanger | 4:e505054279ed | 4811 | if (ssl->options.usingCompression) |
| Vanger | 4:e505054279ed | 4812 | XMEMMOVE(rawData, decomp, dataSz); |
| Vanger | 4:e505054279ed | 4813 | #endif |
| Vanger | 4:e505054279ed | 4814 | |
| Vanger | 4:e505054279ed | 4815 | *inOutIdx = idx; |
| Vanger | 4:e505054279ed | 4816 | return 0; |
| Vanger | 4:e505054279ed | 4817 | } |
| Vanger | 4:e505054279ed | 4818 | |
| Vanger | 4:e505054279ed | 4819 | |
| Vanger | 4:e505054279ed | 4820 | /* process alert, return level */ |
| Vanger | 4:e505054279ed | 4821 | static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type, |
| Vanger | 4:e505054279ed | 4822 | word32 totalSz) |
| Vanger | 4:e505054279ed | 4823 | { |
| Vanger | 4:e505054279ed | 4824 | byte level; |
| Vanger | 4:e505054279ed | 4825 | byte code; |
| Vanger | 4:e505054279ed | 4826 | |
| Vanger | 4:e505054279ed | 4827 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 4828 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 4829 | AddPacketName("Alert", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 4830 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 4831 | /* add record header back on to info + 2 byte level, data */ |
| Vanger | 4:e505054279ed | 4832 | AddPacketInfo("Alert", &ssl->timeoutInfo, input + *inOutIdx - |
| Vanger | 4:e505054279ed | 4833 | RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap); |
| Vanger | 4:e505054279ed | 4834 | #endif |
| Vanger | 4:e505054279ed | 4835 | |
| Vanger | 4:e505054279ed | 4836 | /* make sure can read the message */ |
| Vanger | 4:e505054279ed | 4837 | if (*inOutIdx + ALERT_SIZE > totalSz) |
| Vanger | 4:e505054279ed | 4838 | return BUFFER_E; |
| Vanger | 4:e505054279ed | 4839 | |
| Vanger | 4:e505054279ed | 4840 | level = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 4841 | code = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 4842 | ssl->alert_history.last_rx.code = code; |
| Vanger | 4:e505054279ed | 4843 | ssl->alert_history.last_rx.level = level; |
| Vanger | 4:e505054279ed | 4844 | *type = code; |
| Vanger | 4:e505054279ed | 4845 | if (level == alert_fatal) { |
| Vanger | 4:e505054279ed | 4846 | ssl->options.isClosed = 1; /* Don't send close_notify */ |
| Vanger | 4:e505054279ed | 4847 | } |
| Vanger | 4:e505054279ed | 4848 | |
| Vanger | 4:e505054279ed | 4849 | CYASSL_MSG("Got alert"); |
| Vanger | 4:e505054279ed | 4850 | if (*type == close_notify) { |
| Vanger | 4:e505054279ed | 4851 | CYASSL_MSG(" close notify"); |
| Vanger | 4:e505054279ed | 4852 | ssl->options.closeNotify = 1; |
| Vanger | 4:e505054279ed | 4853 | } |
| Vanger | 4:e505054279ed | 4854 | CYASSL_ERROR(*type); |
| Vanger | 4:e505054279ed | 4855 | |
| Vanger | 4:e505054279ed | 4856 | if (ssl->keys.encryptionOn) { |
| Vanger | 4:e505054279ed | 4857 | if (*inOutIdx + ssl->keys.padSz > totalSz) |
| Vanger | 4:e505054279ed | 4858 | return BUFFER_E; |
| Vanger | 4:e505054279ed | 4859 | *inOutIdx += ssl->keys.padSz; |
| Vanger | 4:e505054279ed | 4860 | } |
| Vanger | 4:e505054279ed | 4861 | |
| Vanger | 4:e505054279ed | 4862 | return level; |
| Vanger | 4:e505054279ed | 4863 | } |
| Vanger | 4:e505054279ed | 4864 | |
| Vanger | 4:e505054279ed | 4865 | static int GetInputData(CYASSL *ssl, word32 size) |
| Vanger | 4:e505054279ed | 4866 | { |
| Vanger | 4:e505054279ed | 4867 | int in; |
| Vanger | 4:e505054279ed | 4868 | int inSz; |
| Vanger | 4:e505054279ed | 4869 | int maxLength; |
| Vanger | 4:e505054279ed | 4870 | int usedLength; |
| Vanger | 4:e505054279ed | 4871 | int dtlsExtra = 0; |
| Vanger | 4:e505054279ed | 4872 | |
| Vanger | 4:e505054279ed | 4873 | |
| Vanger | 4:e505054279ed | 4874 | /* check max input length */ |
| Vanger | 4:e505054279ed | 4875 | usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx; |
| Vanger | 4:e505054279ed | 4876 | maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength; |
| Vanger | 4:e505054279ed | 4877 | inSz = (int)(size - usedLength); /* from last partial read */ |
| Vanger | 4:e505054279ed | 4878 | |
| Vanger | 4:e505054279ed | 4879 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 4880 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 4881 | if (size < ssl->dtls_expected_rx) |
| Vanger | 4:e505054279ed | 4882 | dtlsExtra = (int)(ssl->dtls_expected_rx - size); |
| Vanger | 4:e505054279ed | 4883 | inSz = ssl->dtls_expected_rx; |
| Vanger | 4:e505054279ed | 4884 | } |
| Vanger | 4:e505054279ed | 4885 | #endif |
| Vanger | 4:e505054279ed | 4886 | |
| Vanger | 4:e505054279ed | 4887 | if (inSz > maxLength) { |
| Vanger | 4:e505054279ed | 4888 | if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0) |
| Vanger | 4:e505054279ed | 4889 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 4890 | } |
| Vanger | 4:e505054279ed | 4891 | |
| Vanger | 4:e505054279ed | 4892 | if (inSz <= 0) |
| Vanger | 4:e505054279ed | 4893 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 4894 | |
| Vanger | 4:e505054279ed | 4895 | /* Put buffer data at start if not there */ |
| Vanger | 4:e505054279ed | 4896 | if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0) |
| Vanger | 4:e505054279ed | 4897 | XMEMMOVE(ssl->buffers.inputBuffer.buffer, |
| Vanger | 4:e505054279ed | 4898 | ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 4899 | usedLength); |
| Vanger | 4:e505054279ed | 4900 | |
| Vanger | 4:e505054279ed | 4901 | /* remove processed data */ |
| Vanger | 4:e505054279ed | 4902 | ssl->buffers.inputBuffer.idx = 0; |
| Vanger | 4:e505054279ed | 4903 | ssl->buffers.inputBuffer.length = usedLength; |
| Vanger | 4:e505054279ed | 4904 | |
| Vanger | 4:e505054279ed | 4905 | /* read data from network */ |
| Vanger | 4:e505054279ed | 4906 | do { |
| Vanger | 4:e505054279ed | 4907 | in = Receive(ssl, |
| Vanger | 4:e505054279ed | 4908 | ssl->buffers.inputBuffer.buffer + |
| Vanger | 4:e505054279ed | 4909 | ssl->buffers.inputBuffer.length, |
| Vanger | 4:e505054279ed | 4910 | inSz); |
| Vanger | 4:e505054279ed | 4911 | if (in == -1) |
| Vanger | 4:e505054279ed | 4912 | return SOCKET_ERROR_E; |
| Vanger | 4:e505054279ed | 4913 | |
| Vanger | 4:e505054279ed | 4914 | if (in == WANT_READ) |
| Vanger | 4:e505054279ed | 4915 | return WANT_READ; |
| Vanger | 4:e505054279ed | 4916 | |
| Vanger | 4:e505054279ed | 4917 | if (in > inSz) |
| Vanger | 4:e505054279ed | 4918 | return RECV_OVERFLOW_E; |
| Vanger | 4:e505054279ed | 4919 | |
| Vanger | 4:e505054279ed | 4920 | ssl->buffers.inputBuffer.length += in; |
| Vanger | 4:e505054279ed | 4921 | inSz -= in; |
| Vanger | 4:e505054279ed | 4922 | |
| Vanger | 4:e505054279ed | 4923 | } while (ssl->buffers.inputBuffer.length < size); |
| Vanger | 4:e505054279ed | 4924 | |
| Vanger | 4:e505054279ed | 4925 | return 0; |
| Vanger | 4:e505054279ed | 4926 | } |
| Vanger | 4:e505054279ed | 4927 | |
| Vanger | 4:e505054279ed | 4928 | |
| Vanger | 4:e505054279ed | 4929 | static INLINE int VerifyMac(CYASSL* ssl, const byte* input, word32 msgSz, |
| Vanger | 4:e505054279ed | 4930 | int content, word32* padSz) |
| Vanger | 4:e505054279ed | 4931 | { |
| Vanger | 4:e505054279ed | 4932 | int ivExtra = 0; |
| Vanger | 4:e505054279ed | 4933 | int ret; |
| Vanger | 4:e505054279ed | 4934 | word32 pad = 0; |
| Vanger | 4:e505054279ed | 4935 | word32 padByte = 0; |
| Vanger | 4:e505054279ed | 4936 | #ifdef HAVE_TRUNCATED_HMAC |
| Vanger | 4:e505054279ed | 4937 | word32 digestSz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ |
| Vanger | 4:e505054279ed | 4938 | : ssl->specs.hash_size; |
| Vanger | 4:e505054279ed | 4939 | #else |
| Vanger | 4:e505054279ed | 4940 | word32 digestSz = ssl->specs.hash_size; |
| Vanger | 4:e505054279ed | 4941 | #endif |
| Vanger | 4:e505054279ed | 4942 | byte verify[MAX_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 4943 | |
| Vanger | 4:e505054279ed | 4944 | if (ssl->specs.cipher_type == block) { |
| Vanger | 4:e505054279ed | 4945 | if (ssl->options.tls1_1) |
| Vanger | 4:e505054279ed | 4946 | ivExtra = ssl->specs.block_size; |
| Vanger | 4:e505054279ed | 4947 | pad = *(input + msgSz - ivExtra - 1); |
| Vanger | 4:e505054279ed | 4948 | padByte = 1; |
| Vanger | 4:e505054279ed | 4949 | |
| Vanger | 4:e505054279ed | 4950 | if (ssl->options.tls) { |
| Vanger | 4:e505054279ed | 4951 | ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra, |
| Vanger | 4:e505054279ed | 4952 | content); |
| Vanger | 4:e505054279ed | 4953 | if (ret != 0) |
| Vanger | 4:e505054279ed | 4954 | return ret; |
| Vanger | 4:e505054279ed | 4955 | } |
| Vanger | 4:e505054279ed | 4956 | else { /* sslv3, some implementations have bad padding, but don't |
| Vanger | 4:e505054279ed | 4957 | * allow bad read */ |
| Vanger | 4:e505054279ed | 4958 | int badPadLen = 0; |
| Vanger | 4:e505054279ed | 4959 | byte dummy[MAX_PAD_SIZE]; |
| Vanger | 4:e505054279ed | 4960 | |
| Vanger | 4:e505054279ed | 4961 | XMEMSET(dummy, 1, sizeof(dummy)); |
| Vanger | 4:e505054279ed | 4962 | |
| Vanger | 4:e505054279ed | 4963 | if (pad > (msgSz - digestSz - 1)) { |
| Vanger | 4:e505054279ed | 4964 | CYASSL_MSG("Plain Len not long enough for pad/mac"); |
| Vanger | 4:e505054279ed | 4965 | pad = 0; /* no bad read */ |
| Vanger | 4:e505054279ed | 4966 | badPadLen = 1; |
| Vanger | 4:e505054279ed | 4967 | } |
| Vanger | 4:e505054279ed | 4968 | PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */ |
| Vanger | 4:e505054279ed | 4969 | ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, |
| Vanger | 4:e505054279ed | 4970 | content, 1); |
| Vanger | 4:e505054279ed | 4971 | if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1, |
| Vanger | 4:e505054279ed | 4972 | digestSz) != 0) |
| Vanger | 4:e505054279ed | 4973 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4974 | if (ret != 0 || badPadLen) |
| Vanger | 4:e505054279ed | 4975 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4976 | } |
| Vanger | 4:e505054279ed | 4977 | } |
| Vanger | 4:e505054279ed | 4978 | else if (ssl->specs.cipher_type == stream) { |
| Vanger | 4:e505054279ed | 4979 | ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1); |
| Vanger | 4:e505054279ed | 4980 | if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){ |
| Vanger | 4:e505054279ed | 4981 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4982 | } |
| Vanger | 4:e505054279ed | 4983 | if (ret != 0) |
| Vanger | 4:e505054279ed | 4984 | return VERIFY_MAC_ERROR; |
| Vanger | 4:e505054279ed | 4985 | } |
| Vanger | 4:e505054279ed | 4986 | |
| Vanger | 4:e505054279ed | 4987 | if (ssl->specs.cipher_type == aead) { |
| Vanger | 4:e505054279ed | 4988 | *padSz = ssl->specs.aead_mac_size; |
| Vanger | 4:e505054279ed | 4989 | } |
| Vanger | 4:e505054279ed | 4990 | else { |
| Vanger | 4:e505054279ed | 4991 | *padSz = digestSz + pad + padByte; |
| Vanger | 4:e505054279ed | 4992 | } |
| Vanger | 4:e505054279ed | 4993 | |
| Vanger | 4:e505054279ed | 4994 | return 0; |
| Vanger | 4:e505054279ed | 4995 | } |
| Vanger | 4:e505054279ed | 4996 | |
| Vanger | 4:e505054279ed | 4997 | |
| Vanger | 4:e505054279ed | 4998 | /* process input requests, return 0 is done, 1 is call again to complete, and |
| Vanger | 4:e505054279ed | 4999 | negative number is error */ |
| Vanger | 4:e505054279ed | 5000 | int ProcessReply(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 5001 | { |
| Vanger | 4:e505054279ed | 5002 | int ret = 0, type, readSz; |
| Vanger | 4:e505054279ed | 5003 | int atomicUser = 0; |
| Vanger | 4:e505054279ed | 5004 | word32 startIdx = 0; |
| Vanger | 4:e505054279ed | 5005 | #ifndef NO_CYASSL_SERVER |
| Vanger | 4:e505054279ed | 5006 | byte b0, b1; |
| Vanger | 4:e505054279ed | 5007 | #endif |
| Vanger | 4:e505054279ed | 5008 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5009 | int used; |
| Vanger | 4:e505054279ed | 5010 | #endif |
| Vanger | 4:e505054279ed | 5011 | |
| Vanger | 4:e505054279ed | 5012 | #ifdef ATOMIC_USER |
| Vanger | 4:e505054279ed | 5013 | if (ssl->ctx->DecryptVerifyCb) |
| Vanger | 4:e505054279ed | 5014 | atomicUser = 1; |
| Vanger | 4:e505054279ed | 5015 | #endif |
| Vanger | 4:e505054279ed | 5016 | |
| Vanger | 4:e505054279ed | 5017 | if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE){ |
| Vanger | 4:e505054279ed | 5018 | CYASSL_MSG("ProcessReply retry in error state, not allowed"); |
| Vanger | 4:e505054279ed | 5019 | return ssl->error; |
| Vanger | 4:e505054279ed | 5020 | } |
| Vanger | 4:e505054279ed | 5021 | |
| Vanger | 4:e505054279ed | 5022 | for (;;) { |
| Vanger | 4:e505054279ed | 5023 | switch (ssl->options.processReply) { |
| Vanger | 4:e505054279ed | 5024 | |
| Vanger | 4:e505054279ed | 5025 | /* in the CYASSL_SERVER case, get the first byte for detecting |
| Vanger | 4:e505054279ed | 5026 | * old client hello */ |
| Vanger | 4:e505054279ed | 5027 | case doProcessInit: |
| Vanger | 4:e505054279ed | 5028 | |
| Vanger | 4:e505054279ed | 5029 | readSz = RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5030 | |
| Vanger | 4:e505054279ed | 5031 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5032 | if (ssl->options.dtls) |
| Vanger | 4:e505054279ed | 5033 | readSz = DTLS_RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5034 | #endif |
| Vanger | 4:e505054279ed | 5035 | |
| Vanger | 4:e505054279ed | 5036 | /* get header or return error */ |
| Vanger | 4:e505054279ed | 5037 | if (!ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5038 | if ((ret = GetInputData(ssl, readSz)) < 0) |
| Vanger | 4:e505054279ed | 5039 | return ret; |
| Vanger | 4:e505054279ed | 5040 | } else { |
| Vanger | 4:e505054279ed | 5041 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5042 | /* read ahead may already have header */ |
| Vanger | 4:e505054279ed | 5043 | used = ssl->buffers.inputBuffer.length - |
| Vanger | 4:e505054279ed | 5044 | ssl->buffers.inputBuffer.idx; |
| Vanger | 4:e505054279ed | 5045 | if (used < readSz) |
| Vanger | 4:e505054279ed | 5046 | if ((ret = GetInputData(ssl, readSz)) < 0) |
| Vanger | 4:e505054279ed | 5047 | return ret; |
| Vanger | 4:e505054279ed | 5048 | #endif |
| Vanger | 4:e505054279ed | 5049 | } |
| Vanger | 4:e505054279ed | 5050 | |
| Vanger | 4:e505054279ed | 5051 | #ifndef NO_CYASSL_SERVER |
| Vanger | 4:e505054279ed | 5052 | |
| Vanger | 4:e505054279ed | 5053 | /* see if sending SSLv2 client hello */ |
| Vanger | 4:e505054279ed | 5054 | if ( ssl->options.side == CYASSL_SERVER_END && |
| Vanger | 4:e505054279ed | 5055 | ssl->options.clientState == NULL_STATE && |
| Vanger | 4:e505054279ed | 5056 | ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] |
| Vanger | 4:e505054279ed | 5057 | != handshake) { |
| Vanger | 4:e505054279ed | 5058 | ssl->options.processReply = runProcessOldClientHello; |
| Vanger | 4:e505054279ed | 5059 | |
| Vanger | 4:e505054279ed | 5060 | /* how many bytes need ProcessOldClientHello */ |
| Vanger | 4:e505054279ed | 5061 | b0 = |
| Vanger | 4:e505054279ed | 5062 | ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++]; |
| Vanger | 4:e505054279ed | 5063 | b1 = |
| Vanger | 4:e505054279ed | 5064 | ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++]; |
| Vanger | 4:e505054279ed | 5065 | ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1); |
| Vanger | 4:e505054279ed | 5066 | } |
| Vanger | 4:e505054279ed | 5067 | else { |
| Vanger | 4:e505054279ed | 5068 | ssl->options.processReply = getRecordLayerHeader; |
| Vanger | 4:e505054279ed | 5069 | continue; |
| Vanger | 4:e505054279ed | 5070 | } |
| Vanger | 4:e505054279ed | 5071 | |
| Vanger | 4:e505054279ed | 5072 | /* in the CYASSL_SERVER case, run the old client hello */ |
| Vanger | 4:e505054279ed | 5073 | case runProcessOldClientHello: |
| Vanger | 4:e505054279ed | 5074 | |
| Vanger | 4:e505054279ed | 5075 | /* get sz bytes or return error */ |
| Vanger | 4:e505054279ed | 5076 | if (!ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5077 | if ((ret = GetInputData(ssl, ssl->curSize)) < 0) |
| Vanger | 4:e505054279ed | 5078 | return ret; |
| Vanger | 4:e505054279ed | 5079 | } else { |
| Vanger | 4:e505054279ed | 5080 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5081 | /* read ahead may already have */ |
| Vanger | 4:e505054279ed | 5082 | used = ssl->buffers.inputBuffer.length - |
| Vanger | 4:e505054279ed | 5083 | ssl->buffers.inputBuffer.idx; |
| Vanger | 4:e505054279ed | 5084 | if (used < ssl->curSize) |
| Vanger | 4:e505054279ed | 5085 | if ((ret = GetInputData(ssl, ssl->curSize)) < 0) |
| Vanger | 4:e505054279ed | 5086 | return ret; |
| Vanger | 4:e505054279ed | 5087 | #endif /* CYASSL_DTLS */ |
| Vanger | 4:e505054279ed | 5088 | } |
| Vanger | 4:e505054279ed | 5089 | |
| Vanger | 4:e505054279ed | 5090 | ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer, |
| Vanger | 4:e505054279ed | 5091 | &ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5092 | ssl->buffers.inputBuffer.length - |
| Vanger | 4:e505054279ed | 5093 | ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5094 | ssl->curSize); |
| Vanger | 4:e505054279ed | 5095 | if (ret < 0) |
| Vanger | 4:e505054279ed | 5096 | return ret; |
| Vanger | 4:e505054279ed | 5097 | |
| Vanger | 4:e505054279ed | 5098 | else if (ssl->buffers.inputBuffer.idx == |
| Vanger | 4:e505054279ed | 5099 | ssl->buffers.inputBuffer.length) { |
| Vanger | 4:e505054279ed | 5100 | ssl->options.processReply = doProcessInit; |
| Vanger | 4:e505054279ed | 5101 | return 0; |
| Vanger | 4:e505054279ed | 5102 | } |
| Vanger | 4:e505054279ed | 5103 | |
| Vanger | 4:e505054279ed | 5104 | #endif /* NO_CYASSL_SERVER */ |
| Vanger | 4:e505054279ed | 5105 | |
| Vanger | 4:e505054279ed | 5106 | /* get the record layer header */ |
| Vanger | 4:e505054279ed | 5107 | case getRecordLayerHeader: |
| Vanger | 4:e505054279ed | 5108 | |
| Vanger | 4:e505054279ed | 5109 | ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer, |
| Vanger | 4:e505054279ed | 5110 | &ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5111 | &ssl->curRL, &ssl->curSize); |
| Vanger | 4:e505054279ed | 5112 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5113 | if (ssl->options.dtls && ret == SEQUENCE_ERROR) { |
| Vanger | 4:e505054279ed | 5114 | ssl->options.processReply = doProcessInit; |
| Vanger | 4:e505054279ed | 5115 | ssl->buffers.inputBuffer.length = 0; |
| Vanger | 4:e505054279ed | 5116 | ssl->buffers.inputBuffer.idx = 0; |
| Vanger | 4:e505054279ed | 5117 | continue; |
| Vanger | 4:e505054279ed | 5118 | } |
| Vanger | 4:e505054279ed | 5119 | #endif |
| Vanger | 4:e505054279ed | 5120 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5121 | return ret; |
| Vanger | 4:e505054279ed | 5122 | |
| Vanger | 4:e505054279ed | 5123 | ssl->options.processReply = getData; |
| Vanger | 4:e505054279ed | 5124 | |
| Vanger | 4:e505054279ed | 5125 | /* retrieve record layer data */ |
| Vanger | 4:e505054279ed | 5126 | case getData: |
| Vanger | 4:e505054279ed | 5127 | |
| Vanger | 4:e505054279ed | 5128 | /* get sz bytes or return error */ |
| Vanger | 4:e505054279ed | 5129 | if (!ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5130 | if ((ret = GetInputData(ssl, ssl->curSize)) < 0) |
| Vanger | 4:e505054279ed | 5131 | return ret; |
| Vanger | 4:e505054279ed | 5132 | } else { |
| Vanger | 4:e505054279ed | 5133 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5134 | /* read ahead may already have */ |
| Vanger | 4:e505054279ed | 5135 | used = ssl->buffers.inputBuffer.length - |
| Vanger | 4:e505054279ed | 5136 | ssl->buffers.inputBuffer.idx; |
| Vanger | 4:e505054279ed | 5137 | if (used < ssl->curSize) |
| Vanger | 4:e505054279ed | 5138 | if ((ret = GetInputData(ssl, ssl->curSize)) < 0) |
| Vanger | 4:e505054279ed | 5139 | return ret; |
| Vanger | 4:e505054279ed | 5140 | #endif |
| Vanger | 4:e505054279ed | 5141 | } |
| Vanger | 4:e505054279ed | 5142 | |
| Vanger | 4:e505054279ed | 5143 | ssl->options.processReply = runProcessingOneMessage; |
| Vanger | 4:e505054279ed | 5144 | startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */ |
| Vanger | 4:e505054279ed | 5145 | |
| Vanger | 4:e505054279ed | 5146 | /* the record layer is here */ |
| Vanger | 4:e505054279ed | 5147 | case runProcessingOneMessage: |
| Vanger | 4:e505054279ed | 5148 | |
| Vanger | 4:e505054279ed | 5149 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5150 | if (ssl->options.dtls && |
| Vanger | 4:e505054279ed | 5151 | ssl->keys.dtls_state.curEpoch < ssl->keys.dtls_state.nextEpoch) |
| Vanger | 4:e505054279ed | 5152 | ssl->keys.decryptedCur = 1; |
| Vanger | 4:e505054279ed | 5153 | #endif |
| Vanger | 4:e505054279ed | 5154 | |
| Vanger | 4:e505054279ed | 5155 | if (ssl->keys.encryptionOn && ssl->keys.decryptedCur == 0) |
| Vanger | 4:e505054279ed | 5156 | { |
| Vanger | 4:e505054279ed | 5157 | ret = SanityCheckCipherText(ssl, ssl->curSize); |
| Vanger | 4:e505054279ed | 5158 | if (ret < 0) |
| Vanger | 4:e505054279ed | 5159 | return ret; |
| Vanger | 4:e505054279ed | 5160 | |
| Vanger | 4:e505054279ed | 5161 | if (atomicUser) { |
| Vanger | 4:e505054279ed | 5162 | #ifdef ATOMIC_USER |
| Vanger | 4:e505054279ed | 5163 | ret = ssl->ctx->DecryptVerifyCb(ssl, |
| Vanger | 4:e505054279ed | 5164 | ssl->buffers.inputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5165 | ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5166 | ssl->buffers.inputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5167 | ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5168 | ssl->curSize, ssl->curRL.type, 1, |
| Vanger | 4:e505054279ed | 5169 | &ssl->keys.padSz, ssl->DecryptVerifyCtx); |
| Vanger | 4:e505054279ed | 5170 | if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) |
| Vanger | 4:e505054279ed | 5171 | ssl->buffers.inputBuffer.idx += ssl->specs.block_size; |
| Vanger | 4:e505054279ed | 5172 | /* go past TLSv1.1 IV */ |
| Vanger | 4:e505054279ed | 5173 | if (ssl->specs.cipher_type == aead) |
| Vanger | 4:e505054279ed | 5174 | ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ; |
| Vanger | 4:e505054279ed | 5175 | #endif /* ATOMIC_USER */ |
| Vanger | 4:e505054279ed | 5176 | } |
| Vanger | 4:e505054279ed | 5177 | else { |
| Vanger | 4:e505054279ed | 5178 | ret = Decrypt(ssl, ssl->buffers.inputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5179 | ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5180 | ssl->buffers.inputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5181 | ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5182 | ssl->curSize); |
| Vanger | 4:e505054279ed | 5183 | if (ret < 0) { |
| Vanger | 4:e505054279ed | 5184 | CYASSL_ERROR(ret); |
| Vanger | 4:e505054279ed | 5185 | return DECRYPT_ERROR; |
| Vanger | 4:e505054279ed | 5186 | } |
| Vanger | 4:e505054279ed | 5187 | if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) |
| Vanger | 4:e505054279ed | 5188 | ssl->buffers.inputBuffer.idx += ssl->specs.block_size; |
| Vanger | 4:e505054279ed | 5189 | /* go past TLSv1.1 IV */ |
| Vanger | 4:e505054279ed | 5190 | if (ssl->specs.cipher_type == aead) |
| Vanger | 4:e505054279ed | 5191 | ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ; |
| Vanger | 4:e505054279ed | 5192 | |
| Vanger | 4:e505054279ed | 5193 | ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5194 | ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5195 | ssl->curSize, ssl->curRL.type, |
| Vanger | 4:e505054279ed | 5196 | &ssl->keys.padSz); |
| Vanger | 4:e505054279ed | 5197 | } |
| Vanger | 4:e505054279ed | 5198 | if (ret < 0) { |
| Vanger | 4:e505054279ed | 5199 | CYASSL_ERROR(ret); |
| Vanger | 4:e505054279ed | 5200 | return DECRYPT_ERROR; |
| Vanger | 4:e505054279ed | 5201 | } |
| Vanger | 4:e505054279ed | 5202 | ssl->keys.encryptSz = ssl->curSize; |
| Vanger | 4:e505054279ed | 5203 | ssl->keys.decryptedCur = 1; |
| Vanger | 4:e505054279ed | 5204 | } |
| Vanger | 4:e505054279ed | 5205 | |
| Vanger | 4:e505054279ed | 5206 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5207 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5208 | DtlsUpdateWindow(&ssl->keys.dtls_state); |
| Vanger | 4:e505054279ed | 5209 | #endif /* CYASSL_DTLS */ |
| Vanger | 4:e505054279ed | 5210 | } |
| Vanger | 4:e505054279ed | 5211 | |
| Vanger | 4:e505054279ed | 5212 | CYASSL_MSG("received record layer msg"); |
| Vanger | 4:e505054279ed | 5213 | |
| Vanger | 4:e505054279ed | 5214 | switch (ssl->curRL.type) { |
| Vanger | 4:e505054279ed | 5215 | case handshake : |
| Vanger | 4:e505054279ed | 5216 | /* debugging in DoHandShakeMsg */ |
| Vanger | 4:e505054279ed | 5217 | if (!ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5218 | ret = DoHandShakeMsg(ssl, |
| Vanger | 4:e505054279ed | 5219 | ssl->buffers.inputBuffer.buffer, |
| Vanger | 4:e505054279ed | 5220 | &ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5221 | ssl->buffers.inputBuffer.length); |
| Vanger | 4:e505054279ed | 5222 | } |
| Vanger | 4:e505054279ed | 5223 | else { |
| Vanger | 4:e505054279ed | 5224 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5225 | ret = DoDtlsHandShakeMsg(ssl, |
| Vanger | 4:e505054279ed | 5226 | ssl->buffers.inputBuffer.buffer, |
| Vanger | 4:e505054279ed | 5227 | &ssl->buffers.inputBuffer.idx, |
| Vanger | 4:e505054279ed | 5228 | ssl->buffers.inputBuffer.length); |
| Vanger | 4:e505054279ed | 5229 | #endif |
| Vanger | 4:e505054279ed | 5230 | } |
| Vanger | 4:e505054279ed | 5231 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5232 | return ret; |
| Vanger | 4:e505054279ed | 5233 | break; |
| Vanger | 4:e505054279ed | 5234 | |
| Vanger | 4:e505054279ed | 5235 | case change_cipher_spec: |
| Vanger | 4:e505054279ed | 5236 | CYASSL_MSG("got CHANGE CIPHER SPEC"); |
| Vanger | 4:e505054279ed | 5237 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 5238 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 5239 | AddPacketName("ChangeCipher", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 5240 | /* add record header back on info */ |
| Vanger | 4:e505054279ed | 5241 | if (ssl->toInfoOn) { |
| Vanger | 4:e505054279ed | 5242 | AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, |
| Vanger | 4:e505054279ed | 5243 | ssl->buffers.inputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5244 | ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ, |
| Vanger | 4:e505054279ed | 5245 | 1 + RECORD_HEADER_SZ, ssl->heap); |
| Vanger | 4:e505054279ed | 5246 | AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 5247 | } |
| Vanger | 4:e505054279ed | 5248 | #endif |
| Vanger | 4:e505054279ed | 5249 | |
| Vanger | 4:e505054279ed | 5250 | if (ssl->curSize != 1) { |
| Vanger | 4:e505054279ed | 5251 | CYASSL_MSG("Malicious or corrupted ChangeCipher msg"); |
| Vanger | 4:e505054279ed | 5252 | return LENGTH_ERROR; |
| Vanger | 4:e505054279ed | 5253 | } |
| Vanger | 4:e505054279ed | 5254 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 5255 | if (ssl->options.side == CYASSL_SERVER_END && |
| Vanger | 4:e505054279ed | 5256 | ssl->options.verifyPeer && |
| Vanger | 4:e505054279ed | 5257 | ssl->options.havePeerCert) |
| Vanger | 4:e505054279ed | 5258 | if (!ssl->options.havePeerVerify) { |
| Vanger | 4:e505054279ed | 5259 | CYASSL_MSG("client didn't send cert verify"); |
| Vanger | 4:e505054279ed | 5260 | return NO_PEER_VERIFY; |
| Vanger | 4:e505054279ed | 5261 | } |
| Vanger | 4:e505054279ed | 5262 | #endif |
| Vanger | 4:e505054279ed | 5263 | |
| Vanger | 4:e505054279ed | 5264 | |
| Vanger | 4:e505054279ed | 5265 | ssl->buffers.inputBuffer.idx++; |
| Vanger | 4:e505054279ed | 5266 | ssl->keys.encryptionOn = 1; |
| Vanger | 4:e505054279ed | 5267 | |
| Vanger | 4:e505054279ed | 5268 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5269 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5270 | DtlsPoolReset(ssl); |
| Vanger | 4:e505054279ed | 5271 | ssl->keys.dtls_state.nextEpoch++; |
| Vanger | 4:e505054279ed | 5272 | ssl->keys.dtls_state.nextSeq = 0; |
| Vanger | 4:e505054279ed | 5273 | } |
| Vanger | 4:e505054279ed | 5274 | #endif |
| Vanger | 4:e505054279ed | 5275 | |
| Vanger | 4:e505054279ed | 5276 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 5277 | if (ssl->options.usingCompression) |
| Vanger | 4:e505054279ed | 5278 | if ( (ret = InitStreams(ssl)) != 0) |
| Vanger | 4:e505054279ed | 5279 | return ret; |
| Vanger | 4:e505054279ed | 5280 | #endif |
| Vanger | 4:e505054279ed | 5281 | if (ssl->options.resuming && ssl->options.side == |
| Vanger | 4:e505054279ed | 5282 | CYASSL_CLIENT_END) |
| Vanger | 4:e505054279ed | 5283 | ret = BuildFinished(ssl, &ssl->verifyHashes, server); |
| Vanger | 4:e505054279ed | 5284 | else if (!ssl->options.resuming && ssl->options.side == |
| Vanger | 4:e505054279ed | 5285 | CYASSL_SERVER_END) |
| Vanger | 4:e505054279ed | 5286 | ret = BuildFinished(ssl, &ssl->verifyHashes, client); |
| Vanger | 4:e505054279ed | 5287 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5288 | return ret; |
| Vanger | 4:e505054279ed | 5289 | break; |
| Vanger | 4:e505054279ed | 5290 | |
| Vanger | 4:e505054279ed | 5291 | case application_data: |
| Vanger | 4:e505054279ed | 5292 | CYASSL_MSG("got app DATA"); |
| Vanger | 4:e505054279ed | 5293 | if ((ret = DoApplicationData(ssl, |
| Vanger | 4:e505054279ed | 5294 | ssl->buffers.inputBuffer.buffer, |
| Vanger | 4:e505054279ed | 5295 | &ssl->buffers.inputBuffer.idx)) |
| Vanger | 4:e505054279ed | 5296 | != 0) { |
| Vanger | 4:e505054279ed | 5297 | CYASSL_ERROR(ret); |
| Vanger | 4:e505054279ed | 5298 | return ret; |
| Vanger | 4:e505054279ed | 5299 | } |
| Vanger | 4:e505054279ed | 5300 | break; |
| Vanger | 4:e505054279ed | 5301 | |
| Vanger | 4:e505054279ed | 5302 | case alert: |
| Vanger | 4:e505054279ed | 5303 | CYASSL_MSG("got ALERT!"); |
| Vanger | 4:e505054279ed | 5304 | ret = DoAlert(ssl, ssl->buffers.inputBuffer.buffer, |
| Vanger | 4:e505054279ed | 5305 | &ssl->buffers.inputBuffer.idx, &type, |
| Vanger | 4:e505054279ed | 5306 | ssl->buffers.inputBuffer.length); |
| Vanger | 4:e505054279ed | 5307 | if (ret == alert_fatal) |
| Vanger | 4:e505054279ed | 5308 | return FATAL_ERROR; |
| Vanger | 4:e505054279ed | 5309 | else if (ret < 0) |
| Vanger | 4:e505054279ed | 5310 | return ret; |
| Vanger | 4:e505054279ed | 5311 | |
| Vanger | 4:e505054279ed | 5312 | /* catch warnings that are handled as errors */ |
| Vanger | 4:e505054279ed | 5313 | if (type == close_notify) |
| Vanger | 4:e505054279ed | 5314 | return ssl->error = ZERO_RETURN; |
| Vanger | 4:e505054279ed | 5315 | |
| Vanger | 4:e505054279ed | 5316 | if (type == decrypt_error) |
| Vanger | 4:e505054279ed | 5317 | return FATAL_ERROR; |
| Vanger | 4:e505054279ed | 5318 | break; |
| Vanger | 4:e505054279ed | 5319 | |
| Vanger | 4:e505054279ed | 5320 | default: |
| Vanger | 4:e505054279ed | 5321 | CYASSL_ERROR(UNKNOWN_RECORD_TYPE); |
| Vanger | 4:e505054279ed | 5322 | return UNKNOWN_RECORD_TYPE; |
| Vanger | 4:e505054279ed | 5323 | } |
| Vanger | 4:e505054279ed | 5324 | |
| Vanger | 4:e505054279ed | 5325 | ssl->options.processReply = doProcessInit; |
| Vanger | 4:e505054279ed | 5326 | |
| Vanger | 4:e505054279ed | 5327 | /* input exhausted? */ |
| Vanger | 4:e505054279ed | 5328 | if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length) |
| Vanger | 4:e505054279ed | 5329 | return 0; |
| Vanger | 4:e505054279ed | 5330 | /* more messages per record */ |
| Vanger | 4:e505054279ed | 5331 | else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) { |
| Vanger | 4:e505054279ed | 5332 | CYASSL_MSG("More messages in record"); |
| Vanger | 4:e505054279ed | 5333 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5334 | /* read-ahead but dtls doesn't bundle messages per record */ |
| Vanger | 4:e505054279ed | 5335 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5336 | ssl->options.processReply = doProcessInit; |
| Vanger | 4:e505054279ed | 5337 | continue; |
| Vanger | 4:e505054279ed | 5338 | } |
| Vanger | 4:e505054279ed | 5339 | #endif |
| Vanger | 4:e505054279ed | 5340 | ssl->options.processReply = runProcessingOneMessage; |
| Vanger | 4:e505054279ed | 5341 | continue; |
| Vanger | 4:e505054279ed | 5342 | } |
| Vanger | 4:e505054279ed | 5343 | /* more records */ |
| Vanger | 4:e505054279ed | 5344 | else { |
| Vanger | 4:e505054279ed | 5345 | CYASSL_MSG("More records in input"); |
| Vanger | 4:e505054279ed | 5346 | ssl->options.processReply = doProcessInit; |
| Vanger | 4:e505054279ed | 5347 | continue; |
| Vanger | 4:e505054279ed | 5348 | } |
| Vanger | 4:e505054279ed | 5349 | |
| Vanger | 4:e505054279ed | 5350 | default: |
| Vanger | 4:e505054279ed | 5351 | CYASSL_MSG("Bad process input state, programming error"); |
| Vanger | 4:e505054279ed | 5352 | return INPUT_CASE_ERROR; |
| Vanger | 4:e505054279ed | 5353 | } |
| Vanger | 4:e505054279ed | 5354 | } |
| Vanger | 4:e505054279ed | 5355 | } |
| Vanger | 4:e505054279ed | 5356 | |
| Vanger | 4:e505054279ed | 5357 | |
| Vanger | 4:e505054279ed | 5358 | int SendChangeCipher(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 5359 | { |
| Vanger | 4:e505054279ed | 5360 | byte *output; |
| Vanger | 4:e505054279ed | 5361 | int sendSz = RECORD_HEADER_SZ + ENUM_LEN; |
| Vanger | 4:e505054279ed | 5362 | int idx = RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5363 | int ret; |
| Vanger | 4:e505054279ed | 5364 | |
| Vanger | 4:e505054279ed | 5365 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5366 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5367 | sendSz += DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 5368 | idx += DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 5369 | } |
| Vanger | 4:e505054279ed | 5370 | #endif |
| Vanger | 4:e505054279ed | 5371 | |
| Vanger | 4:e505054279ed | 5372 | /* check for avalaible size */ |
| Vanger | 4:e505054279ed | 5373 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 5374 | return ret; |
| Vanger | 4:e505054279ed | 5375 | |
| Vanger | 4:e505054279ed | 5376 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 5377 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5378 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 5379 | |
| Vanger | 4:e505054279ed | 5380 | AddRecordHeader(output, 1, change_cipher_spec, ssl); |
| Vanger | 4:e505054279ed | 5381 | |
| Vanger | 4:e505054279ed | 5382 | output[idx] = 1; /* turn it on */ |
| Vanger | 4:e505054279ed | 5383 | |
| Vanger | 4:e505054279ed | 5384 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5385 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5386 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 5387 | return ret; |
| Vanger | 4:e505054279ed | 5388 | } |
| Vanger | 4:e505054279ed | 5389 | #endif |
| Vanger | 4:e505054279ed | 5390 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 5391 | if (ssl->hsInfoOn) AddPacketName("ChangeCipher", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 5392 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 5393 | AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, output, sendSz, |
| Vanger | 4:e505054279ed | 5394 | ssl->heap); |
| Vanger | 4:e505054279ed | 5395 | #endif |
| Vanger | 4:e505054279ed | 5396 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 5397 | |
| Vanger | 4:e505054279ed | 5398 | if (ssl->options.groupMessages) |
| Vanger | 4:e505054279ed | 5399 | return 0; |
| Vanger | 4:e505054279ed | 5400 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5401 | else if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5402 | /* If using DTLS, force the ChangeCipherSpec message to be in the |
| Vanger | 4:e505054279ed | 5403 | * same datagram as the finished message. */ |
| Vanger | 4:e505054279ed | 5404 | return 0; |
| Vanger | 4:e505054279ed | 5405 | } |
| Vanger | 4:e505054279ed | 5406 | #endif |
| Vanger | 4:e505054279ed | 5407 | else |
| Vanger | 4:e505054279ed | 5408 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 5409 | } |
| Vanger | 4:e505054279ed | 5410 | |
| Vanger | 4:e505054279ed | 5411 | |
| Vanger | 4:e505054279ed | 5412 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 5413 | static int SSL_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, |
| Vanger | 4:e505054279ed | 5414 | int content, int verify) |
| Vanger | 4:e505054279ed | 5415 | { |
| Vanger | 4:e505054279ed | 5416 | byte result[MAX_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 5417 | word32 digestSz = ssl->specs.hash_size; /* actual sizes */ |
| Vanger | 4:e505054279ed | 5418 | word32 padSz = ssl->specs.pad_size; |
| Vanger | 4:e505054279ed | 5419 | int ret = 0; |
| Vanger | 4:e505054279ed | 5420 | |
| Vanger | 4:e505054279ed | 5421 | Md5 md5; |
| Vanger | 4:e505054279ed | 5422 | Sha sha; |
| Vanger | 4:e505054279ed | 5423 | |
| Vanger | 4:e505054279ed | 5424 | /* data */ |
| Vanger | 4:e505054279ed | 5425 | byte seq[SEQ_SZ]; |
| Vanger | 4:e505054279ed | 5426 | byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */ |
| Vanger | 4:e505054279ed | 5427 | const byte* macSecret = CyaSSL_GetMacSecret(ssl, verify); |
| Vanger | 4:e505054279ed | 5428 | |
| Vanger | 4:e505054279ed | 5429 | XMEMSET(seq, 0, SEQ_SZ); |
| Vanger | 4:e505054279ed | 5430 | conLen[0] = (byte)content; |
| Vanger | 4:e505054279ed | 5431 | c16toa((word16)sz, &conLen[ENUM_LEN]); |
| Vanger | 4:e505054279ed | 5432 | c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]); |
| Vanger | 4:e505054279ed | 5433 | |
| Vanger | 4:e505054279ed | 5434 | if (ssl->specs.mac_algorithm == md5_mac) { |
| Vanger | 4:e505054279ed | 5435 | InitMd5(&md5); |
| Vanger | 4:e505054279ed | 5436 | /* inner */ |
| Vanger | 4:e505054279ed | 5437 | Md5Update(&md5, macSecret, digestSz); |
| Vanger | 4:e505054279ed | 5438 | Md5Update(&md5, PAD1, padSz); |
| Vanger | 4:e505054279ed | 5439 | Md5Update(&md5, seq, SEQ_SZ); |
| Vanger | 4:e505054279ed | 5440 | Md5Update(&md5, conLen, sizeof(conLen)); |
| Vanger | 4:e505054279ed | 5441 | /* in buffer */ |
| Vanger | 4:e505054279ed | 5442 | Md5Update(&md5, in, sz); |
| Vanger | 4:e505054279ed | 5443 | Md5Final(&md5, result); |
| Vanger | 4:e505054279ed | 5444 | /* outer */ |
| Vanger | 4:e505054279ed | 5445 | Md5Update(&md5, macSecret, digestSz); |
| Vanger | 4:e505054279ed | 5446 | Md5Update(&md5, PAD2, padSz); |
| Vanger | 4:e505054279ed | 5447 | Md5Update(&md5, result, digestSz); |
| Vanger | 4:e505054279ed | 5448 | Md5Final(&md5, digest); |
| Vanger | 4:e505054279ed | 5449 | } |
| Vanger | 4:e505054279ed | 5450 | else { |
| Vanger | 4:e505054279ed | 5451 | ret = InitSha(&sha); |
| Vanger | 4:e505054279ed | 5452 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5453 | return ret; |
| Vanger | 4:e505054279ed | 5454 | /* inner */ |
| Vanger | 4:e505054279ed | 5455 | ShaUpdate(&sha, macSecret, digestSz); |
| Vanger | 4:e505054279ed | 5456 | ShaUpdate(&sha, PAD1, padSz); |
| Vanger | 4:e505054279ed | 5457 | ShaUpdate(&sha, seq, SEQ_SZ); |
| Vanger | 4:e505054279ed | 5458 | ShaUpdate(&sha, conLen, sizeof(conLen)); |
| Vanger | 4:e505054279ed | 5459 | /* in buffer */ |
| Vanger | 4:e505054279ed | 5460 | ShaUpdate(&sha, in, sz); |
| Vanger | 4:e505054279ed | 5461 | ShaFinal(&sha, result); |
| Vanger | 4:e505054279ed | 5462 | /* outer */ |
| Vanger | 4:e505054279ed | 5463 | ShaUpdate(&sha, macSecret, digestSz); |
| Vanger | 4:e505054279ed | 5464 | ShaUpdate(&sha, PAD2, padSz); |
| Vanger | 4:e505054279ed | 5465 | ShaUpdate(&sha, result, digestSz); |
| Vanger | 4:e505054279ed | 5466 | ShaFinal(&sha, digest); |
| Vanger | 4:e505054279ed | 5467 | } |
| Vanger | 4:e505054279ed | 5468 | return 0; |
| Vanger | 4:e505054279ed | 5469 | } |
| Vanger | 4:e505054279ed | 5470 | |
| Vanger | 4:e505054279ed | 5471 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 5472 | static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest) |
| Vanger | 4:e505054279ed | 5473 | { |
| Vanger | 4:e505054279ed | 5474 | byte md5_result[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 5475 | |
| Vanger | 4:e505054279ed | 5476 | /* make md5 inner */ |
| Vanger | 4:e505054279ed | 5477 | Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 5478 | Md5Update(&ssl->hashMd5, PAD1, PAD_MD5); |
| Vanger | 4:e505054279ed | 5479 | Md5Final(&ssl->hashMd5, md5_result); |
| Vanger | 4:e505054279ed | 5480 | |
| Vanger | 4:e505054279ed | 5481 | /* make md5 outer */ |
| Vanger | 4:e505054279ed | 5482 | Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 5483 | Md5Update(&ssl->hashMd5, PAD2, PAD_MD5); |
| Vanger | 4:e505054279ed | 5484 | Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE); |
| Vanger | 4:e505054279ed | 5485 | |
| Vanger | 4:e505054279ed | 5486 | Md5Final(&ssl->hashMd5, digest); |
| Vanger | 4:e505054279ed | 5487 | } |
| Vanger | 4:e505054279ed | 5488 | |
| Vanger | 4:e505054279ed | 5489 | |
| Vanger | 4:e505054279ed | 5490 | static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest) |
| Vanger | 4:e505054279ed | 5491 | { |
| Vanger | 4:e505054279ed | 5492 | byte sha_result[SHA_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 5493 | |
| Vanger | 4:e505054279ed | 5494 | /* make sha inner */ |
| Vanger | 4:e505054279ed | 5495 | ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 5496 | ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA); |
| Vanger | 4:e505054279ed | 5497 | ShaFinal(&ssl->hashSha, sha_result); |
| Vanger | 4:e505054279ed | 5498 | |
| Vanger | 4:e505054279ed | 5499 | /* make sha outer */ |
| Vanger | 4:e505054279ed | 5500 | ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 5501 | ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA); |
| Vanger | 4:e505054279ed | 5502 | ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE); |
| Vanger | 4:e505054279ed | 5503 | |
| Vanger | 4:e505054279ed | 5504 | ShaFinal(&ssl->hashSha, digest); |
| Vanger | 4:e505054279ed | 5505 | } |
| Vanger | 4:e505054279ed | 5506 | #endif /* NO_CERTS */ |
| Vanger | 4:e505054279ed | 5507 | #endif /* NO_OLD_TLS */ |
| Vanger | 4:e505054279ed | 5508 | |
| Vanger | 4:e505054279ed | 5509 | |
| Vanger | 4:e505054279ed | 5510 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 5511 | |
| Vanger | 4:e505054279ed | 5512 | static int BuildCertHashes(CYASSL* ssl, Hashes* hashes) |
| Vanger | 4:e505054279ed | 5513 | { |
| Vanger | 4:e505054279ed | 5514 | /* store current states, building requires get_digest which resets state */ |
| Vanger | 4:e505054279ed | 5515 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 5516 | Md5 md5 = ssl->hashMd5; |
| Vanger | 4:e505054279ed | 5517 | Sha sha = ssl->hashSha; |
| Vanger | 4:e505054279ed | 5518 | #endif |
| Vanger | 4:e505054279ed | 5519 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 5520 | Sha256 sha256 = ssl->hashSha256; |
| Vanger | 4:e505054279ed | 5521 | #endif |
| Vanger | 4:e505054279ed | 5522 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 5523 | Sha384 sha384 = ssl->hashSha384; |
| Vanger | 4:e505054279ed | 5524 | #endif |
| Vanger | 4:e505054279ed | 5525 | |
| Vanger | 4:e505054279ed | 5526 | if (ssl->options.tls) { |
| Vanger | 4:e505054279ed | 5527 | #if ! defined( NO_OLD_TLS ) |
| Vanger | 4:e505054279ed | 5528 | Md5Final(&ssl->hashMd5, hashes->md5); |
| Vanger | 4:e505054279ed | 5529 | ShaFinal(&ssl->hashSha, hashes->sha); |
| Vanger | 4:e505054279ed | 5530 | #endif |
| Vanger | 4:e505054279ed | 5531 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 5532 | int ret; |
| Vanger | 4:e505054279ed | 5533 | |
| Vanger | 4:e505054279ed | 5534 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 5535 | ret = Sha256Final(&ssl->hashSha256, hashes->sha256); |
| Vanger | 4:e505054279ed | 5536 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5537 | return ret; |
| Vanger | 4:e505054279ed | 5538 | #endif |
| Vanger | 4:e505054279ed | 5539 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 5540 | ret = Sha384Final(&ssl->hashSha384, hashes->sha384); |
| Vanger | 4:e505054279ed | 5541 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5542 | return ret; |
| Vanger | 4:e505054279ed | 5543 | #endif |
| Vanger | 4:e505054279ed | 5544 | } |
| Vanger | 4:e505054279ed | 5545 | } |
| Vanger | 4:e505054279ed | 5546 | #if ! defined( NO_OLD_TLS ) |
| Vanger | 4:e505054279ed | 5547 | else { |
| Vanger | 4:e505054279ed | 5548 | BuildMD5_CertVerify(ssl, hashes->md5); |
| Vanger | 4:e505054279ed | 5549 | BuildSHA_CertVerify(ssl, hashes->sha); |
| Vanger | 4:e505054279ed | 5550 | } |
| Vanger | 4:e505054279ed | 5551 | |
| Vanger | 4:e505054279ed | 5552 | /* restore */ |
| Vanger | 4:e505054279ed | 5553 | ssl->hashMd5 = md5; |
| Vanger | 4:e505054279ed | 5554 | ssl->hashSha = sha; |
| Vanger | 4:e505054279ed | 5555 | #endif |
| Vanger | 4:e505054279ed | 5556 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 5557 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 5558 | ssl->hashSha256 = sha256; |
| Vanger | 4:e505054279ed | 5559 | #endif |
| Vanger | 4:e505054279ed | 5560 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 5561 | ssl->hashSha384 = sha384; |
| Vanger | 4:e505054279ed | 5562 | #endif |
| Vanger | 4:e505054279ed | 5563 | } |
| Vanger | 4:e505054279ed | 5564 | |
| Vanger | 4:e505054279ed | 5565 | return 0; |
| Vanger | 4:e505054279ed | 5566 | } |
| Vanger | 4:e505054279ed | 5567 | |
| Vanger | 4:e505054279ed | 5568 | #endif /* CYASSL_LEANPSK */ |
| Vanger | 4:e505054279ed | 5569 | |
| Vanger | 4:e505054279ed | 5570 | /* Build SSL Message, encrypted */ |
| Vanger | 4:e505054279ed | 5571 | static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz, |
| Vanger | 4:e505054279ed | 5572 | int type) |
| Vanger | 4:e505054279ed | 5573 | { |
| Vanger | 4:e505054279ed | 5574 | #ifdef HAVE_TRUNCATED_HMAC |
| Vanger | 4:e505054279ed | 5575 | word32 digestSz = min(ssl->specs.hash_size, |
| Vanger | 4:e505054279ed | 5576 | ssl->truncated_hmac ? TRUNCATED_HMAC_SZ : ssl->specs.hash_size); |
| Vanger | 4:e505054279ed | 5577 | #else |
| Vanger | 4:e505054279ed | 5578 | word32 digestSz = ssl->specs.hash_size; |
| Vanger | 4:e505054279ed | 5579 | #endif |
| Vanger | 4:e505054279ed | 5580 | word32 sz = RECORD_HEADER_SZ + inSz + digestSz; |
| Vanger | 4:e505054279ed | 5581 | word32 pad = 0, i; |
| Vanger | 4:e505054279ed | 5582 | word32 idx = RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5583 | word32 ivSz = 0; /* TLSv1.1 IV */ |
| Vanger | 4:e505054279ed | 5584 | word32 headerSz = RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5585 | word16 size; |
| Vanger | 4:e505054279ed | 5586 | byte iv[AES_BLOCK_SIZE]; /* max size */ |
| Vanger | 4:e505054279ed | 5587 | int ret = 0; |
| Vanger | 4:e505054279ed | 5588 | int atomicUser = 0; |
| Vanger | 4:e505054279ed | 5589 | |
| Vanger | 4:e505054279ed | 5590 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5591 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5592 | sz += DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 5593 | idx += DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 5594 | headerSz += DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 5595 | } |
| Vanger | 4:e505054279ed | 5596 | #endif |
| Vanger | 4:e505054279ed | 5597 | |
| Vanger | 4:e505054279ed | 5598 | #ifdef ATOMIC_USER |
| Vanger | 4:e505054279ed | 5599 | if (ssl->ctx->MacEncryptCb) |
| Vanger | 4:e505054279ed | 5600 | atomicUser = 1; |
| Vanger | 4:e505054279ed | 5601 | #endif |
| Vanger | 4:e505054279ed | 5602 | |
| Vanger | 4:e505054279ed | 5603 | if (ssl->specs.cipher_type == block) { |
| Vanger | 4:e505054279ed | 5604 | word32 blockSz = ssl->specs.block_size; |
| Vanger | 4:e505054279ed | 5605 | if (ssl->options.tls1_1) { |
| Vanger | 4:e505054279ed | 5606 | ivSz = blockSz; |
| Vanger | 4:e505054279ed | 5607 | sz += ivSz; |
| Vanger | 4:e505054279ed | 5608 | |
| Vanger | 4:e505054279ed | 5609 | ret = RNG_GenerateBlock(ssl->rng, iv, ivSz); |
| Vanger | 4:e505054279ed | 5610 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5611 | return ret; |
| Vanger | 4:e505054279ed | 5612 | |
| Vanger | 4:e505054279ed | 5613 | } |
| Vanger | 4:e505054279ed | 5614 | sz += 1; /* pad byte */ |
| Vanger | 4:e505054279ed | 5615 | pad = (sz - headerSz) % blockSz; |
| Vanger | 4:e505054279ed | 5616 | pad = blockSz - pad; |
| Vanger | 4:e505054279ed | 5617 | sz += pad; |
| Vanger | 4:e505054279ed | 5618 | } |
| Vanger | 4:e505054279ed | 5619 | |
| Vanger | 4:e505054279ed | 5620 | #ifdef HAVE_AEAD |
| Vanger | 4:e505054279ed | 5621 | if (ssl->specs.cipher_type == aead) { |
| Vanger | 4:e505054279ed | 5622 | ivSz = AEAD_EXP_IV_SZ; |
| Vanger | 4:e505054279ed | 5623 | sz += (ivSz + ssl->specs.aead_mac_size - digestSz); |
| Vanger | 4:e505054279ed | 5624 | XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ); |
| Vanger | 4:e505054279ed | 5625 | } |
| Vanger | 4:e505054279ed | 5626 | #endif |
| Vanger | 4:e505054279ed | 5627 | size = (word16)(sz - headerSz); /* include mac and digest */ |
| Vanger | 4:e505054279ed | 5628 | AddRecordHeader(output, size, (byte)type, ssl); |
| Vanger | 4:e505054279ed | 5629 | |
| Vanger | 4:e505054279ed | 5630 | /* write to output */ |
| Vanger | 4:e505054279ed | 5631 | if (ivSz) { |
| Vanger | 4:e505054279ed | 5632 | XMEMCPY(output + idx, iv, min(ivSz, sizeof(iv))); |
| Vanger | 4:e505054279ed | 5633 | idx += ivSz; |
| Vanger | 4:e505054279ed | 5634 | } |
| Vanger | 4:e505054279ed | 5635 | XMEMCPY(output + idx, input, inSz); |
| Vanger | 4:e505054279ed | 5636 | idx += inSz; |
| Vanger | 4:e505054279ed | 5637 | |
| Vanger | 4:e505054279ed | 5638 | if (type == handshake) { |
| Vanger | 4:e505054279ed | 5639 | ret = HashOutput(ssl, output, headerSz + inSz, ivSz); |
| Vanger | 4:e505054279ed | 5640 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5641 | return ret; |
| Vanger | 4:e505054279ed | 5642 | } |
| Vanger | 4:e505054279ed | 5643 | |
| Vanger | 4:e505054279ed | 5644 | if (ssl->specs.cipher_type == block) { |
| Vanger | 4:e505054279ed | 5645 | word32 tmpIdx = idx + digestSz; |
| Vanger | 4:e505054279ed | 5646 | |
| Vanger | 4:e505054279ed | 5647 | for (i = 0; i <= pad; i++) |
| Vanger | 4:e505054279ed | 5648 | output[tmpIdx++] = (byte)pad; /* pad byte gets pad value too */ |
| Vanger | 4:e505054279ed | 5649 | } |
| Vanger | 4:e505054279ed | 5650 | |
| Vanger | 4:e505054279ed | 5651 | if (atomicUser) { /* User Record Layer Callback handling */ |
| Vanger | 4:e505054279ed | 5652 | #ifdef ATOMIC_USER |
| Vanger | 4:e505054279ed | 5653 | if ( (ret = ssl->ctx->MacEncryptCb(ssl, output + idx, |
| Vanger | 4:e505054279ed | 5654 | output + headerSz + ivSz, inSz, type, 0, |
| Vanger | 4:e505054279ed | 5655 | output + headerSz, output + headerSz, size, |
| Vanger | 4:e505054279ed | 5656 | ssl->MacEncryptCtx)) != 0) |
| Vanger | 4:e505054279ed | 5657 | return ret; |
| Vanger | 4:e505054279ed | 5658 | #endif |
| Vanger | 4:e505054279ed | 5659 | } |
| Vanger | 4:e505054279ed | 5660 | else { |
| Vanger | 4:e505054279ed | 5661 | if (ssl->specs.cipher_type != aead) { |
| Vanger | 4:e505054279ed | 5662 | #ifdef HAVE_TRUNCATED_HMAC |
| Vanger | 4:e505054279ed | 5663 | if (ssl->truncated_hmac && ssl->specs.hash_size > digestSz) { |
| Vanger | 4:e505054279ed | 5664 | byte hmac[MAX_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 5665 | |
| Vanger | 4:e505054279ed | 5666 | ret = ssl->hmac(ssl, hmac, output + headerSz + ivSz, inSz, |
| Vanger | 4:e505054279ed | 5667 | type, 0); |
| Vanger | 4:e505054279ed | 5668 | XMEMCPY(output + idx, hmac, digestSz); |
| Vanger | 4:e505054279ed | 5669 | } else |
| Vanger | 4:e505054279ed | 5670 | #endif |
| Vanger | 4:e505054279ed | 5671 | ret = ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz, |
| Vanger | 4:e505054279ed | 5672 | type, 0); |
| Vanger | 4:e505054279ed | 5673 | } |
| Vanger | 4:e505054279ed | 5674 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5675 | return ret; |
| Vanger | 4:e505054279ed | 5676 | |
| Vanger | 4:e505054279ed | 5677 | if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0) |
| Vanger | 4:e505054279ed | 5678 | return ret; |
| Vanger | 4:e505054279ed | 5679 | } |
| Vanger | 4:e505054279ed | 5680 | |
| Vanger | 4:e505054279ed | 5681 | return sz; |
| Vanger | 4:e505054279ed | 5682 | } |
| Vanger | 4:e505054279ed | 5683 | |
| Vanger | 4:e505054279ed | 5684 | |
| Vanger | 4:e505054279ed | 5685 | int SendFinished(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 5686 | { |
| Vanger | 4:e505054279ed | 5687 | int sendSz, |
| Vanger | 4:e505054279ed | 5688 | finishedSz = ssl->options.tls ? TLS_FINISHED_SZ : |
| Vanger | 4:e505054279ed | 5689 | FINISHED_SZ; |
| Vanger | 4:e505054279ed | 5690 | byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */ |
| Vanger | 4:e505054279ed | 5691 | byte *output; |
| Vanger | 4:e505054279ed | 5692 | Hashes* hashes; |
| Vanger | 4:e505054279ed | 5693 | int ret; |
| Vanger | 4:e505054279ed | 5694 | int headerSz = HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5695 | |
| Vanger | 4:e505054279ed | 5696 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5697 | word32 sequence_number = ssl->keys.dtls_sequence_number; |
| Vanger | 4:e505054279ed | 5698 | word16 epoch = ssl->keys.dtls_epoch; |
| Vanger | 4:e505054279ed | 5699 | #endif |
| Vanger | 4:e505054279ed | 5700 | |
| Vanger | 4:e505054279ed | 5701 | |
| Vanger | 4:e505054279ed | 5702 | /* check for available size */ |
| Vanger | 4:e505054279ed | 5703 | if ((ret = CheckAvailableSize(ssl, sizeof(input) + MAX_MSG_EXTRA)) != 0) |
| Vanger | 4:e505054279ed | 5704 | return ret; |
| Vanger | 4:e505054279ed | 5705 | |
| Vanger | 4:e505054279ed | 5706 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5707 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5708 | /* Send Finished message with the next epoch, but don't commit that |
| Vanger | 4:e505054279ed | 5709 | * change until the other end confirms its reception. */ |
| Vanger | 4:e505054279ed | 5710 | headerSz += DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 5711 | ssl->keys.dtls_epoch++; |
| Vanger | 4:e505054279ed | 5712 | ssl->keys.dtls_sequence_number = 0; /* reset after epoch change */ |
| Vanger | 4:e505054279ed | 5713 | } |
| Vanger | 4:e505054279ed | 5714 | #endif |
| Vanger | 4:e505054279ed | 5715 | |
| Vanger | 4:e505054279ed | 5716 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 5717 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5718 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 5719 | |
| Vanger | 4:e505054279ed | 5720 | AddHandShakeHeader(input, finishedSz, finished, ssl); |
| Vanger | 4:e505054279ed | 5721 | |
| Vanger | 4:e505054279ed | 5722 | /* make finished hashes */ |
| Vanger | 4:e505054279ed | 5723 | hashes = (Hashes*)&input[headerSz]; |
| Vanger | 4:e505054279ed | 5724 | ret = BuildFinished(ssl, hashes, |
| Vanger | 4:e505054279ed | 5725 | ssl->options.side == CYASSL_CLIENT_END ? client : server); |
| Vanger | 4:e505054279ed | 5726 | if (ret != 0) return ret; |
| Vanger | 4:e505054279ed | 5727 | |
| Vanger | 4:e505054279ed | 5728 | sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake); |
| Vanger | 4:e505054279ed | 5729 | |
| Vanger | 4:e505054279ed | 5730 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5731 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5732 | ssl->keys.dtls_epoch = epoch; |
| Vanger | 4:e505054279ed | 5733 | ssl->keys.dtls_sequence_number = sequence_number; |
| Vanger | 4:e505054279ed | 5734 | } |
| Vanger | 4:e505054279ed | 5735 | #endif |
| Vanger | 4:e505054279ed | 5736 | |
| Vanger | 4:e505054279ed | 5737 | if (sendSz < 0) |
| Vanger | 4:e505054279ed | 5738 | return BUILD_MSG_ERROR; |
| Vanger | 4:e505054279ed | 5739 | |
| Vanger | 4:e505054279ed | 5740 | if (!ssl->options.resuming) { |
| Vanger | 4:e505054279ed | 5741 | #ifndef NO_SESSION_CACHE |
| Vanger | 4:e505054279ed | 5742 | AddSession(ssl); /* just try */ |
| Vanger | 4:e505054279ed | 5743 | #endif |
| Vanger | 4:e505054279ed | 5744 | if (ssl->options.side == CYASSL_CLIENT_END) { |
| Vanger | 4:e505054279ed | 5745 | ret = BuildFinished(ssl, &ssl->verifyHashes, server); |
| Vanger | 4:e505054279ed | 5746 | if (ret != 0) return ret; |
| Vanger | 4:e505054279ed | 5747 | } |
| Vanger | 4:e505054279ed | 5748 | else { |
| Vanger | 4:e505054279ed | 5749 | ssl->options.handShakeState = HANDSHAKE_DONE; |
| Vanger | 4:e505054279ed | 5750 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5751 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5752 | /* Other side will soon receive our Finished, go to next |
| Vanger | 4:e505054279ed | 5753 | * epoch. */ |
| Vanger | 4:e505054279ed | 5754 | ssl->keys.dtls_epoch++; |
| Vanger | 4:e505054279ed | 5755 | ssl->keys.dtls_sequence_number = 1; |
| Vanger | 4:e505054279ed | 5756 | } |
| Vanger | 4:e505054279ed | 5757 | #endif |
| Vanger | 4:e505054279ed | 5758 | } |
| Vanger | 4:e505054279ed | 5759 | } |
| Vanger | 4:e505054279ed | 5760 | else { |
| Vanger | 4:e505054279ed | 5761 | if (ssl->options.side == CYASSL_CLIENT_END) { |
| Vanger | 4:e505054279ed | 5762 | ssl->options.handShakeState = HANDSHAKE_DONE; |
| Vanger | 4:e505054279ed | 5763 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5764 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5765 | /* Other side will soon receive our Finished, go to next |
| Vanger | 4:e505054279ed | 5766 | * epoch. */ |
| Vanger | 4:e505054279ed | 5767 | ssl->keys.dtls_epoch++; |
| Vanger | 4:e505054279ed | 5768 | ssl->keys.dtls_sequence_number = 1; |
| Vanger | 4:e505054279ed | 5769 | } |
| Vanger | 4:e505054279ed | 5770 | #endif |
| Vanger | 4:e505054279ed | 5771 | } |
| Vanger | 4:e505054279ed | 5772 | else { |
| Vanger | 4:e505054279ed | 5773 | ret = BuildFinished(ssl, &ssl->verifyHashes, client); |
| Vanger | 4:e505054279ed | 5774 | if (ret != 0) return ret; |
| Vanger | 4:e505054279ed | 5775 | } |
| Vanger | 4:e505054279ed | 5776 | } |
| Vanger | 4:e505054279ed | 5777 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5778 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5779 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 5780 | return ret; |
| Vanger | 4:e505054279ed | 5781 | } |
| Vanger | 4:e505054279ed | 5782 | #endif |
| Vanger | 4:e505054279ed | 5783 | |
| Vanger | 4:e505054279ed | 5784 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 5785 | if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 5786 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 5787 | AddPacketInfo("Finished", &ssl->timeoutInfo, output, sendSz, |
| Vanger | 4:e505054279ed | 5788 | ssl->heap); |
| Vanger | 4:e505054279ed | 5789 | #endif |
| Vanger | 4:e505054279ed | 5790 | |
| Vanger | 4:e505054279ed | 5791 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 5792 | |
| Vanger | 4:e505054279ed | 5793 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 5794 | } |
| Vanger | 4:e505054279ed | 5795 | |
| Vanger | 4:e505054279ed | 5796 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 5797 | int SendCertificate(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 5798 | { |
| Vanger | 4:e505054279ed | 5799 | int sendSz, length, ret = 0; |
| Vanger | 4:e505054279ed | 5800 | word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5801 | word32 certSz, listSz; |
| Vanger | 4:e505054279ed | 5802 | byte* output = 0; |
| Vanger | 4:e505054279ed | 5803 | |
| Vanger | 4:e505054279ed | 5804 | if (ssl->options.usingPSK_cipher) return 0; /* not needed */ |
| Vanger | 4:e505054279ed | 5805 | |
| Vanger | 4:e505054279ed | 5806 | if (ssl->options.sendVerify == SEND_BLANK_CERT) { |
| Vanger | 4:e505054279ed | 5807 | certSz = 0; |
| Vanger | 4:e505054279ed | 5808 | length = CERT_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5809 | listSz = 0; |
| Vanger | 4:e505054279ed | 5810 | } |
| Vanger | 4:e505054279ed | 5811 | else { |
| Vanger | 4:e505054279ed | 5812 | certSz = ssl->buffers.certificate.length; |
| Vanger | 4:e505054279ed | 5813 | /* list + cert size */ |
| Vanger | 4:e505054279ed | 5814 | length = certSz + 2 * CERT_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5815 | listSz = certSz + CERT_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5816 | |
| Vanger | 4:e505054279ed | 5817 | /* may need to send rest of chain, already has leading size(s) */ |
| Vanger | 4:e505054279ed | 5818 | if (ssl->buffers.certChain.buffer) { |
| Vanger | 4:e505054279ed | 5819 | length += ssl->buffers.certChain.length; |
| Vanger | 4:e505054279ed | 5820 | listSz += ssl->buffers.certChain.length; |
| Vanger | 4:e505054279ed | 5821 | } |
| Vanger | 4:e505054279ed | 5822 | } |
| Vanger | 4:e505054279ed | 5823 | sendSz = length + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5824 | |
| Vanger | 4:e505054279ed | 5825 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5826 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5827 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 5828 | i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 5829 | } |
| Vanger | 4:e505054279ed | 5830 | #endif |
| Vanger | 4:e505054279ed | 5831 | |
| Vanger | 4:e505054279ed | 5832 | /* check for available size */ |
| Vanger | 4:e505054279ed | 5833 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 5834 | return ret; |
| Vanger | 4:e505054279ed | 5835 | |
| Vanger | 4:e505054279ed | 5836 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 5837 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5838 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 5839 | |
| Vanger | 4:e505054279ed | 5840 | AddHeaders(output, length, certificate, ssl); |
| Vanger | 4:e505054279ed | 5841 | |
| Vanger | 4:e505054279ed | 5842 | /* list total */ |
| Vanger | 4:e505054279ed | 5843 | c32to24(listSz, output + i); |
| Vanger | 4:e505054279ed | 5844 | i += CERT_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5845 | |
| Vanger | 4:e505054279ed | 5846 | /* member */ |
| Vanger | 4:e505054279ed | 5847 | if (certSz) { |
| Vanger | 4:e505054279ed | 5848 | c32to24(certSz, output + i); |
| Vanger | 4:e505054279ed | 5849 | i += CERT_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5850 | XMEMCPY(output + i, ssl->buffers.certificate.buffer, certSz); |
| Vanger | 4:e505054279ed | 5851 | i += certSz; |
| Vanger | 4:e505054279ed | 5852 | |
| Vanger | 4:e505054279ed | 5853 | /* send rest of chain? */ |
| Vanger | 4:e505054279ed | 5854 | if (ssl->buffers.certChain.buffer) { |
| Vanger | 4:e505054279ed | 5855 | XMEMCPY(output + i, ssl->buffers.certChain.buffer, |
| Vanger | 4:e505054279ed | 5856 | ssl->buffers.certChain.length); |
| Vanger | 4:e505054279ed | 5857 | /* if add more to output adjust i |
| Vanger | 4:e505054279ed | 5858 | i += ssl->buffers.certChain.length; */ |
| Vanger | 4:e505054279ed | 5859 | } |
| Vanger | 4:e505054279ed | 5860 | } |
| Vanger | 4:e505054279ed | 5861 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5862 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5863 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 5864 | return ret; |
| Vanger | 4:e505054279ed | 5865 | } |
| Vanger | 4:e505054279ed | 5866 | #endif |
| Vanger | 4:e505054279ed | 5867 | |
| Vanger | 4:e505054279ed | 5868 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 5869 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5870 | return ret; |
| Vanger | 4:e505054279ed | 5871 | |
| Vanger | 4:e505054279ed | 5872 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 5873 | if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 5874 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 5875 | AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz, |
| Vanger | 4:e505054279ed | 5876 | ssl->heap); |
| Vanger | 4:e505054279ed | 5877 | #endif |
| Vanger | 4:e505054279ed | 5878 | |
| Vanger | 4:e505054279ed | 5879 | if (ssl->options.side == CYASSL_SERVER_END) |
| Vanger | 4:e505054279ed | 5880 | ssl->options.serverState = SERVER_CERT_COMPLETE; |
| Vanger | 4:e505054279ed | 5881 | |
| Vanger | 4:e505054279ed | 5882 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 5883 | if (ssl->options.groupMessages) |
| Vanger | 4:e505054279ed | 5884 | return 0; |
| Vanger | 4:e505054279ed | 5885 | else |
| Vanger | 4:e505054279ed | 5886 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 5887 | } |
| Vanger | 4:e505054279ed | 5888 | |
| Vanger | 4:e505054279ed | 5889 | |
| Vanger | 4:e505054279ed | 5890 | int SendCertificateRequest(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 5891 | { |
| Vanger | 4:e505054279ed | 5892 | byte *output; |
| Vanger | 4:e505054279ed | 5893 | int ret; |
| Vanger | 4:e505054279ed | 5894 | int sendSz; |
| Vanger | 4:e505054279ed | 5895 | word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 5896 | |
| Vanger | 4:e505054279ed | 5897 | int typeTotal = 1; /* only rsa for now */ |
| Vanger | 4:e505054279ed | 5898 | int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */ |
| Vanger | 4:e505054279ed | 5899 | |
| Vanger | 4:e505054279ed | 5900 | if (IsAtLeastTLSv1_2(ssl)) |
| Vanger | 4:e505054279ed | 5901 | reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz; |
| Vanger | 4:e505054279ed | 5902 | |
| Vanger | 4:e505054279ed | 5903 | if (ssl->options.usingPSK_cipher) return 0; /* not needed */ |
| Vanger | 4:e505054279ed | 5904 | |
| Vanger | 4:e505054279ed | 5905 | sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz; |
| Vanger | 4:e505054279ed | 5906 | |
| Vanger | 4:e505054279ed | 5907 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5908 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5909 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 5910 | i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 5911 | } |
| Vanger | 4:e505054279ed | 5912 | #endif |
| Vanger | 4:e505054279ed | 5913 | /* check for available size */ |
| Vanger | 4:e505054279ed | 5914 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 5915 | return ret; |
| Vanger | 4:e505054279ed | 5916 | |
| Vanger | 4:e505054279ed | 5917 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 5918 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 5919 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 5920 | |
| Vanger | 4:e505054279ed | 5921 | AddHeaders(output, reqSz, certificate_request, ssl); |
| Vanger | 4:e505054279ed | 5922 | |
| Vanger | 4:e505054279ed | 5923 | /* write to output */ |
| Vanger | 4:e505054279ed | 5924 | output[i++] = (byte)typeTotal; /* # of types */ |
| Vanger | 4:e505054279ed | 5925 | output[i++] = rsa_sign; |
| Vanger | 4:e505054279ed | 5926 | |
| Vanger | 4:e505054279ed | 5927 | /* supported hash/sig */ |
| Vanger | 4:e505054279ed | 5928 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 5929 | c16toa(ssl->suites->hashSigAlgoSz, &output[i]); |
| Vanger | 4:e505054279ed | 5930 | i += LENGTH_SZ; |
| Vanger | 4:e505054279ed | 5931 | |
| Vanger | 4:e505054279ed | 5932 | XMEMCPY(&output[i], |
| Vanger | 4:e505054279ed | 5933 | ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz); |
| Vanger | 4:e505054279ed | 5934 | i += ssl->suites->hashSigAlgoSz; |
| Vanger | 4:e505054279ed | 5935 | } |
| Vanger | 4:e505054279ed | 5936 | |
| Vanger | 4:e505054279ed | 5937 | c16toa(0, &output[i]); /* auth's */ |
| Vanger | 4:e505054279ed | 5938 | /* if add more to output, adjust i |
| Vanger | 4:e505054279ed | 5939 | i += REQ_HEADER_SZ; */ |
| Vanger | 4:e505054279ed | 5940 | |
| Vanger | 4:e505054279ed | 5941 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 5942 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 5943 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 5944 | return ret; |
| Vanger | 4:e505054279ed | 5945 | } |
| Vanger | 4:e505054279ed | 5946 | #endif |
| Vanger | 4:e505054279ed | 5947 | |
| Vanger | 4:e505054279ed | 5948 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 5949 | if (ret != 0) |
| Vanger | 4:e505054279ed | 5950 | return ret; |
| Vanger | 4:e505054279ed | 5951 | |
| Vanger | 4:e505054279ed | 5952 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 5953 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 5954 | AddPacketName("CertificateRequest", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 5955 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 5956 | AddPacketInfo("CertificateRequest", &ssl->timeoutInfo, output, |
| Vanger | 4:e505054279ed | 5957 | sendSz, ssl->heap); |
| Vanger | 4:e505054279ed | 5958 | #endif |
| Vanger | 4:e505054279ed | 5959 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 5960 | if (ssl->options.groupMessages) |
| Vanger | 4:e505054279ed | 5961 | return 0; |
| Vanger | 4:e505054279ed | 5962 | else |
| Vanger | 4:e505054279ed | 5963 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 5964 | } |
| Vanger | 4:e505054279ed | 5965 | #endif /* !NO_CERTS */ |
| Vanger | 4:e505054279ed | 5966 | |
| Vanger | 4:e505054279ed | 5967 | |
| Vanger | 4:e505054279ed | 5968 | int SendData(CYASSL* ssl, const void* data, int sz) |
| Vanger | 4:e505054279ed | 5969 | { |
| Vanger | 4:e505054279ed | 5970 | int sent = 0, /* plainText size */ |
| Vanger | 4:e505054279ed | 5971 | sendSz, |
| Vanger | 4:e505054279ed | 5972 | ret; |
| Vanger | 4:e505054279ed | 5973 | |
| Vanger | 4:e505054279ed | 5974 | if (ssl->error == WANT_WRITE) |
| Vanger | 4:e505054279ed | 5975 | ssl->error = 0; |
| Vanger | 4:e505054279ed | 5976 | |
| Vanger | 4:e505054279ed | 5977 | if (ssl->options.handShakeState != HANDSHAKE_DONE) { |
| Vanger | 4:e505054279ed | 5978 | int err; |
| Vanger | 4:e505054279ed | 5979 | CYASSL_MSG("handshake not complete, trying to finish"); |
| Vanger | 4:e505054279ed | 5980 | if ( (err = CyaSSL_negotiate(ssl)) != SSL_SUCCESS) |
| Vanger | 4:e505054279ed | 5981 | return err; |
| Vanger | 4:e505054279ed | 5982 | } |
| Vanger | 4:e505054279ed | 5983 | |
| Vanger | 4:e505054279ed | 5984 | /* last time system socket output buffer was full, try again to send */ |
| Vanger | 4:e505054279ed | 5985 | if (ssl->buffers.outputBuffer.length > 0) { |
| Vanger | 4:e505054279ed | 5986 | CYASSL_MSG("output buffer was full, trying to send again"); |
| Vanger | 4:e505054279ed | 5987 | if ( (ssl->error = SendBuffered(ssl)) < 0) { |
| Vanger | 4:e505054279ed | 5988 | CYASSL_ERROR(ssl->error); |
| Vanger | 4:e505054279ed | 5989 | if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset) |
| Vanger | 4:e505054279ed | 5990 | return 0; /* peer reset */ |
| Vanger | 4:e505054279ed | 5991 | return ssl->error; |
| Vanger | 4:e505054279ed | 5992 | } |
| Vanger | 4:e505054279ed | 5993 | else { |
| Vanger | 4:e505054279ed | 5994 | /* advance sent to previous sent + plain size just sent */ |
| Vanger | 4:e505054279ed | 5995 | sent = ssl->buffers.prevSent + ssl->buffers.plainSz; |
| Vanger | 4:e505054279ed | 5996 | CYASSL_MSG("sent write buffered data"); |
| Vanger | 4:e505054279ed | 5997 | } |
| Vanger | 4:e505054279ed | 5998 | } |
| Vanger | 4:e505054279ed | 5999 | |
| Vanger | 4:e505054279ed | 6000 | for (;;) { |
| Vanger | 4:e505054279ed | 6001 | #ifdef HAVE_MAX_FRAGMENT |
| Vanger | 4:e505054279ed | 6002 | int len = min(sz - sent, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)); |
| Vanger | 4:e505054279ed | 6003 | #else |
| Vanger | 4:e505054279ed | 6004 | int len = min(sz - sent, OUTPUT_RECORD_SIZE); |
| Vanger | 4:e505054279ed | 6005 | #endif |
| Vanger | 4:e505054279ed | 6006 | byte* out; |
| Vanger | 4:e505054279ed | 6007 | byte* sendBuffer = (byte*)data + sent; /* may switch on comp */ |
| Vanger | 4:e505054279ed | 6008 | int buffSz = len; /* may switch on comp */ |
| Vanger | 4:e505054279ed | 6009 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 6010 | byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; |
| Vanger | 4:e505054279ed | 6011 | #endif |
| Vanger | 4:e505054279ed | 6012 | |
| Vanger | 4:e505054279ed | 6013 | if (sent == sz) break; |
| Vanger | 4:e505054279ed | 6014 | |
| Vanger | 4:e505054279ed | 6015 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 6016 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 6017 | len = min(len, MAX_UDP_SIZE); |
| Vanger | 4:e505054279ed | 6018 | buffSz = len; |
| Vanger | 4:e505054279ed | 6019 | } |
| Vanger | 4:e505054279ed | 6020 | #endif |
| Vanger | 4:e505054279ed | 6021 | |
| Vanger | 4:e505054279ed | 6022 | /* check for available size */ |
| Vanger | 4:e505054279ed | 6023 | if ((ret = CheckAvailableSize(ssl, len + COMP_EXTRA + |
| Vanger | 4:e505054279ed | 6024 | MAX_MSG_EXTRA)) != 0) |
| Vanger | 4:e505054279ed | 6025 | return ssl->error = ret; |
| Vanger | 4:e505054279ed | 6026 | |
| Vanger | 4:e505054279ed | 6027 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 6028 | out = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 6029 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 6030 | |
| Vanger | 4:e505054279ed | 6031 | #ifdef HAVE_LIBZ |
| Vanger | 4:e505054279ed | 6032 | if (ssl->options.usingCompression) { |
| Vanger | 4:e505054279ed | 6033 | buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp)); |
| Vanger | 4:e505054279ed | 6034 | if (buffSz < 0) { |
| Vanger | 4:e505054279ed | 6035 | return buffSz; |
| Vanger | 4:e505054279ed | 6036 | } |
| Vanger | 4:e505054279ed | 6037 | sendBuffer = comp; |
| Vanger | 4:e505054279ed | 6038 | } |
| Vanger | 4:e505054279ed | 6039 | #endif |
| Vanger | 4:e505054279ed | 6040 | sendSz = BuildMessage(ssl, out, sendBuffer, buffSz, |
| Vanger | 4:e505054279ed | 6041 | application_data); |
| Vanger | 4:e505054279ed | 6042 | |
| Vanger | 4:e505054279ed | 6043 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 6044 | |
| Vanger | 4:e505054279ed | 6045 | if ( (ret = SendBuffered(ssl)) < 0) { |
| Vanger | 4:e505054279ed | 6046 | CYASSL_ERROR(ret); |
| Vanger | 4:e505054279ed | 6047 | /* store for next call if WANT_WRITE or user embedSend() that |
| Vanger | 4:e505054279ed | 6048 | doesn't present like WANT_WRITE */ |
| Vanger | 4:e505054279ed | 6049 | ssl->buffers.plainSz = len; |
| Vanger | 4:e505054279ed | 6050 | ssl->buffers.prevSent = sent; |
| Vanger | 4:e505054279ed | 6051 | if (ret == SOCKET_ERROR_E && ssl->options.connReset) |
| Vanger | 4:e505054279ed | 6052 | return 0; /* peer reset */ |
| Vanger | 4:e505054279ed | 6053 | return ssl->error = ret; |
| Vanger | 4:e505054279ed | 6054 | } |
| Vanger | 4:e505054279ed | 6055 | |
| Vanger | 4:e505054279ed | 6056 | sent += len; |
| Vanger | 4:e505054279ed | 6057 | |
| Vanger | 4:e505054279ed | 6058 | /* only one message per attempt */ |
| Vanger | 4:e505054279ed | 6059 | if (ssl->options.partialWrite == 1) { |
| Vanger | 4:e505054279ed | 6060 | CYASSL_MSG("Paritial Write on, only sending one record"); |
| Vanger | 4:e505054279ed | 6061 | break; |
| Vanger | 4:e505054279ed | 6062 | } |
| Vanger | 4:e505054279ed | 6063 | } |
| Vanger | 4:e505054279ed | 6064 | |
| Vanger | 4:e505054279ed | 6065 | return sent; |
| Vanger | 4:e505054279ed | 6066 | } |
| Vanger | 4:e505054279ed | 6067 | |
| Vanger | 4:e505054279ed | 6068 | /* process input data */ |
| Vanger | 4:e505054279ed | 6069 | int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek) |
| Vanger | 4:e505054279ed | 6070 | { |
| Vanger | 4:e505054279ed | 6071 | int size; |
| Vanger | 4:e505054279ed | 6072 | |
| Vanger | 4:e505054279ed | 6073 | CYASSL_ENTER("ReceiveData()"); |
| Vanger | 4:e505054279ed | 6074 | |
| Vanger | 4:e505054279ed | 6075 | if (ssl->error == WANT_READ) |
| Vanger | 4:e505054279ed | 6076 | ssl->error = 0; |
| Vanger | 4:e505054279ed | 6077 | |
| Vanger | 4:e505054279ed | 6078 | if (ssl->error != 0 && ssl->error != WANT_WRITE) { |
| Vanger | 4:e505054279ed | 6079 | CYASSL_MSG("User calling CyaSSL_read in error state, not allowed"); |
| Vanger | 4:e505054279ed | 6080 | return ssl->error; |
| Vanger | 4:e505054279ed | 6081 | } |
| Vanger | 4:e505054279ed | 6082 | |
| Vanger | 4:e505054279ed | 6083 | if (ssl->options.handShakeState != HANDSHAKE_DONE) { |
| Vanger | 4:e505054279ed | 6084 | int err; |
| Vanger | 4:e505054279ed | 6085 | CYASSL_MSG("Handshake not complete, trying to finish"); |
| Vanger | 4:e505054279ed | 6086 | if ( (err = CyaSSL_negotiate(ssl)) != SSL_SUCCESS) |
| Vanger | 4:e505054279ed | 6087 | return err; |
| Vanger | 4:e505054279ed | 6088 | } |
| Vanger | 4:e505054279ed | 6089 | |
| Vanger | 4:e505054279ed | 6090 | while (ssl->buffers.clearOutputBuffer.length == 0) |
| Vanger | 4:e505054279ed | 6091 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
| Vanger | 4:e505054279ed | 6092 | CYASSL_ERROR(ssl->error); |
| Vanger | 4:e505054279ed | 6093 | if (ssl->error == ZERO_RETURN) { |
| Vanger | 4:e505054279ed | 6094 | CYASSL_MSG("Zero return, no more data coming"); |
| Vanger | 4:e505054279ed | 6095 | return 0; /* no more data coming */ |
| Vanger | 4:e505054279ed | 6096 | } |
| Vanger | 4:e505054279ed | 6097 | if (ssl->error == SOCKET_ERROR_E) { |
| Vanger | 4:e505054279ed | 6098 | if (ssl->options.connReset || ssl->options.isClosed) { |
| Vanger | 4:e505054279ed | 6099 | CYASSL_MSG("Peer reset or closed, connection done"); |
| Vanger | 4:e505054279ed | 6100 | return 0; /* peer reset or closed */ |
| Vanger | 4:e505054279ed | 6101 | } |
| Vanger | 4:e505054279ed | 6102 | } |
| Vanger | 4:e505054279ed | 6103 | return ssl->error; |
| Vanger | 4:e505054279ed | 6104 | } |
| Vanger | 4:e505054279ed | 6105 | |
| Vanger | 4:e505054279ed | 6106 | if (sz < (int)ssl->buffers.clearOutputBuffer.length) |
| Vanger | 4:e505054279ed | 6107 | size = sz; |
| Vanger | 4:e505054279ed | 6108 | else |
| Vanger | 4:e505054279ed | 6109 | size = ssl->buffers.clearOutputBuffer.length; |
| Vanger | 4:e505054279ed | 6110 | |
| Vanger | 4:e505054279ed | 6111 | XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size); |
| Vanger | 4:e505054279ed | 6112 | |
| Vanger | 4:e505054279ed | 6113 | if (peek == 0) { |
| Vanger | 4:e505054279ed | 6114 | ssl->buffers.clearOutputBuffer.length -= size; |
| Vanger | 4:e505054279ed | 6115 | ssl->buffers.clearOutputBuffer.buffer += size; |
| Vanger | 4:e505054279ed | 6116 | } |
| Vanger | 4:e505054279ed | 6117 | |
| Vanger | 4:e505054279ed | 6118 | if (ssl->buffers.clearOutputBuffer.length == 0 && |
| Vanger | 4:e505054279ed | 6119 | ssl->buffers.inputBuffer.dynamicFlag) |
| Vanger | 4:e505054279ed | 6120 | ShrinkInputBuffer(ssl, NO_FORCED_FREE); |
| Vanger | 4:e505054279ed | 6121 | |
| Vanger | 4:e505054279ed | 6122 | CYASSL_LEAVE("ReceiveData()", size); |
| Vanger | 4:e505054279ed | 6123 | return size; |
| Vanger | 4:e505054279ed | 6124 | } |
| Vanger | 4:e505054279ed | 6125 | |
| Vanger | 4:e505054279ed | 6126 | |
| Vanger | 4:e505054279ed | 6127 | /* send alert message */ |
| Vanger | 4:e505054279ed | 6128 | int SendAlert(CYASSL* ssl, int severity, int type) |
| Vanger | 4:e505054279ed | 6129 | { |
| Vanger | 4:e505054279ed | 6130 | byte input[ALERT_SIZE]; |
| Vanger | 4:e505054279ed | 6131 | byte *output; |
| Vanger | 4:e505054279ed | 6132 | int sendSz; |
| Vanger | 4:e505054279ed | 6133 | int ret; |
| Vanger | 4:e505054279ed | 6134 | int dtlsExtra = 0; |
| Vanger | 4:e505054279ed | 6135 | |
| Vanger | 4:e505054279ed | 6136 | /* if sendalert is called again for nonbloking */ |
| Vanger | 4:e505054279ed | 6137 | if (ssl->options.sendAlertState != 0) { |
| Vanger | 4:e505054279ed | 6138 | ret = SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 6139 | if (ret == 0) |
| Vanger | 4:e505054279ed | 6140 | ssl->options.sendAlertState = 0; |
| Vanger | 4:e505054279ed | 6141 | return ret; |
| Vanger | 4:e505054279ed | 6142 | } |
| Vanger | 4:e505054279ed | 6143 | |
| Vanger | 4:e505054279ed | 6144 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 6145 | if (ssl->options.dtls) |
| Vanger | 4:e505054279ed | 6146 | dtlsExtra = DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 6147 | #endif |
| Vanger | 4:e505054279ed | 6148 | |
| Vanger | 4:e505054279ed | 6149 | /* check for available size */ |
| Vanger | 4:e505054279ed | 6150 | if ((ret = CheckAvailableSize(ssl, |
| Vanger | 4:e505054279ed | 6151 | ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0) |
| Vanger | 4:e505054279ed | 6152 | return ret; |
| Vanger | 4:e505054279ed | 6153 | |
| Vanger | 4:e505054279ed | 6154 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 6155 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 6156 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 6157 | |
| Vanger | 4:e505054279ed | 6158 | input[0] = (byte)severity; |
| Vanger | 4:e505054279ed | 6159 | input[1] = (byte)type; |
| Vanger | 4:e505054279ed | 6160 | ssl->alert_history.last_tx.code = type; |
| Vanger | 4:e505054279ed | 6161 | ssl->alert_history.last_tx.level = severity; |
| Vanger | 4:e505054279ed | 6162 | if (severity == alert_fatal) { |
| Vanger | 4:e505054279ed | 6163 | ssl->options.isClosed = 1; /* Don't send close_notify */ |
| Vanger | 4:e505054279ed | 6164 | } |
| Vanger | 4:e505054279ed | 6165 | |
| Vanger | 4:e505054279ed | 6166 | /* only send encrypted alert if handshake actually complete, otherwise |
| Vanger | 4:e505054279ed | 6167 | other side may not be able to handle it */ |
| Vanger | 4:e505054279ed | 6168 | if (ssl->keys.encryptionOn && ssl->options.handShakeState == HANDSHAKE_DONE) |
| Vanger | 4:e505054279ed | 6169 | sendSz = BuildMessage(ssl, output, input, ALERT_SIZE, alert); |
| Vanger | 4:e505054279ed | 6170 | else { |
| Vanger | 4:e505054279ed | 6171 | |
| Vanger | 4:e505054279ed | 6172 | AddRecordHeader(output, ALERT_SIZE, alert, ssl); |
| Vanger | 4:e505054279ed | 6173 | output += RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 6174 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 6175 | if (ssl->options.dtls) |
| Vanger | 4:e505054279ed | 6176 | output += DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 6177 | #endif |
| Vanger | 4:e505054279ed | 6178 | XMEMCPY(output, input, ALERT_SIZE); |
| Vanger | 4:e505054279ed | 6179 | |
| Vanger | 4:e505054279ed | 6180 | sendSz = RECORD_HEADER_SZ + ALERT_SIZE; |
| Vanger | 4:e505054279ed | 6181 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 6182 | if (ssl->options.dtls) |
| Vanger | 4:e505054279ed | 6183 | sendSz += DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 6184 | #endif |
| Vanger | 4:e505054279ed | 6185 | } |
| Vanger | 4:e505054279ed | 6186 | |
| Vanger | 4:e505054279ed | 6187 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 6188 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 6189 | AddPacketName("Alert", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 6190 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 6191 | AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap); |
| Vanger | 4:e505054279ed | 6192 | #endif |
| Vanger | 4:e505054279ed | 6193 | |
| Vanger | 4:e505054279ed | 6194 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 6195 | ssl->options.sendAlertState = 1; |
| Vanger | 4:e505054279ed | 6196 | |
| Vanger | 4:e505054279ed | 6197 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 6198 | } |
| Vanger | 4:e505054279ed | 6199 | |
| Vanger | 4:e505054279ed | 6200 | |
| Vanger | 4:e505054279ed | 6201 | |
| Vanger | 4:e505054279ed | 6202 | void SetErrorString(int error, char* str) |
| Vanger | 4:e505054279ed | 6203 | { |
| Vanger | 4:e505054279ed | 6204 | const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */ |
| Vanger | 4:e505054279ed | 6205 | |
| Vanger | 4:e505054279ed | 6206 | #ifdef NO_ERROR_STRINGS |
| Vanger | 4:e505054279ed | 6207 | |
| Vanger | 4:e505054279ed | 6208 | (void)error; |
| Vanger | 4:e505054279ed | 6209 | XSTRNCPY(str, "no support for error strings built in", max); |
| Vanger | 4:e505054279ed | 6210 | |
| Vanger | 4:e505054279ed | 6211 | #else |
| Vanger | 4:e505054279ed | 6212 | |
| Vanger | 4:e505054279ed | 6213 | /* pass to CTaoCrypt */ |
| Vanger | 4:e505054279ed | 6214 | if (error < MAX_CODE_E && error > MIN_CODE_E) { |
| Vanger | 4:e505054279ed | 6215 | CTaoCryptErrorString(error, str); |
| Vanger | 4:e505054279ed | 6216 | return; |
| Vanger | 4:e505054279ed | 6217 | } |
| Vanger | 4:e505054279ed | 6218 | |
| Vanger | 4:e505054279ed | 6219 | switch (error) { |
| Vanger | 4:e505054279ed | 6220 | |
| Vanger | 4:e505054279ed | 6221 | case UNSUPPORTED_SUITE : |
| Vanger | 4:e505054279ed | 6222 | XSTRNCPY(str, "unsupported cipher suite", max); |
| Vanger | 4:e505054279ed | 6223 | break; |
| Vanger | 4:e505054279ed | 6224 | |
| Vanger | 4:e505054279ed | 6225 | case INPUT_CASE_ERROR : |
| Vanger | 4:e505054279ed | 6226 | XSTRNCPY(str, "input state error", max); |
| Vanger | 4:e505054279ed | 6227 | break; |
| Vanger | 4:e505054279ed | 6228 | |
| Vanger | 4:e505054279ed | 6229 | case PREFIX_ERROR : |
| Vanger | 4:e505054279ed | 6230 | XSTRNCPY(str, "bad index to key rounds", max); |
| Vanger | 4:e505054279ed | 6231 | break; |
| Vanger | 4:e505054279ed | 6232 | |
| Vanger | 4:e505054279ed | 6233 | case MEMORY_ERROR : |
| Vanger | 4:e505054279ed | 6234 | XSTRNCPY(str, "out of memory", max); |
| Vanger | 4:e505054279ed | 6235 | break; |
| Vanger | 4:e505054279ed | 6236 | |
| Vanger | 4:e505054279ed | 6237 | case VERIFY_FINISHED_ERROR : |
| Vanger | 4:e505054279ed | 6238 | XSTRNCPY(str, "verify problem on finished", max); |
| Vanger | 4:e505054279ed | 6239 | break; |
| Vanger | 4:e505054279ed | 6240 | |
| Vanger | 4:e505054279ed | 6241 | case VERIFY_MAC_ERROR : |
| Vanger | 4:e505054279ed | 6242 | XSTRNCPY(str, "verify mac problem", max); |
| Vanger | 4:e505054279ed | 6243 | break; |
| Vanger | 4:e505054279ed | 6244 | |
| Vanger | 4:e505054279ed | 6245 | case PARSE_ERROR : |
| Vanger | 4:e505054279ed | 6246 | XSTRNCPY(str, "parse error on header", max); |
| Vanger | 4:e505054279ed | 6247 | break; |
| Vanger | 4:e505054279ed | 6248 | |
| Vanger | 4:e505054279ed | 6249 | case SIDE_ERROR : |
| Vanger | 4:e505054279ed | 6250 | XSTRNCPY(str, "wrong client/server type", max); |
| Vanger | 4:e505054279ed | 6251 | break; |
| Vanger | 4:e505054279ed | 6252 | |
| Vanger | 4:e505054279ed | 6253 | case NO_PEER_CERT : |
| Vanger | 4:e505054279ed | 6254 | XSTRNCPY(str, "peer didn't send cert", max); |
| Vanger | 4:e505054279ed | 6255 | break; |
| Vanger | 4:e505054279ed | 6256 | |
| Vanger | 4:e505054279ed | 6257 | case UNKNOWN_HANDSHAKE_TYPE : |
| Vanger | 4:e505054279ed | 6258 | XSTRNCPY(str, "weird handshake type", max); |
| Vanger | 4:e505054279ed | 6259 | break; |
| Vanger | 4:e505054279ed | 6260 | |
| Vanger | 4:e505054279ed | 6261 | case SOCKET_ERROR_E : |
| Vanger | 4:e505054279ed | 6262 | XSTRNCPY(str, "error state on socket", max); |
| Vanger | 4:e505054279ed | 6263 | break; |
| Vanger | 4:e505054279ed | 6264 | |
| Vanger | 4:e505054279ed | 6265 | case SOCKET_NODATA : |
| Vanger | 4:e505054279ed | 6266 | XSTRNCPY(str, "expected data, not there", max); |
| Vanger | 4:e505054279ed | 6267 | break; |
| Vanger | 4:e505054279ed | 6268 | |
| Vanger | 4:e505054279ed | 6269 | case INCOMPLETE_DATA : |
| Vanger | 4:e505054279ed | 6270 | XSTRNCPY(str, "don't have enough data to complete task", max); |
| Vanger | 4:e505054279ed | 6271 | break; |
| Vanger | 4:e505054279ed | 6272 | |
| Vanger | 4:e505054279ed | 6273 | case UNKNOWN_RECORD_TYPE : |
| Vanger | 4:e505054279ed | 6274 | XSTRNCPY(str, "unknown type in record hdr", max); |
| Vanger | 4:e505054279ed | 6275 | break; |
| Vanger | 4:e505054279ed | 6276 | |
| Vanger | 4:e505054279ed | 6277 | case DECRYPT_ERROR : |
| Vanger | 4:e505054279ed | 6278 | XSTRNCPY(str, "error during decryption", max); |
| Vanger | 4:e505054279ed | 6279 | break; |
| Vanger | 4:e505054279ed | 6280 | |
| Vanger | 4:e505054279ed | 6281 | case FATAL_ERROR : |
| Vanger | 4:e505054279ed | 6282 | XSTRNCPY(str, "revcd alert fatal error", max); |
| Vanger | 4:e505054279ed | 6283 | break; |
| Vanger | 4:e505054279ed | 6284 | |
| Vanger | 4:e505054279ed | 6285 | case ENCRYPT_ERROR : |
| Vanger | 4:e505054279ed | 6286 | XSTRNCPY(str, "error during encryption", max); |
| Vanger | 4:e505054279ed | 6287 | break; |
| Vanger | 4:e505054279ed | 6288 | |
| Vanger | 4:e505054279ed | 6289 | case FREAD_ERROR : |
| Vanger | 4:e505054279ed | 6290 | XSTRNCPY(str, "fread problem", max); |
| Vanger | 4:e505054279ed | 6291 | break; |
| Vanger | 4:e505054279ed | 6292 | |
| Vanger | 4:e505054279ed | 6293 | case NO_PEER_KEY : |
| Vanger | 4:e505054279ed | 6294 | XSTRNCPY(str, "need peer's key", max); |
| Vanger | 4:e505054279ed | 6295 | break; |
| Vanger | 4:e505054279ed | 6296 | |
| Vanger | 4:e505054279ed | 6297 | case NO_PRIVATE_KEY : |
| Vanger | 4:e505054279ed | 6298 | XSTRNCPY(str, "need the private key", max); |
| Vanger | 4:e505054279ed | 6299 | break; |
| Vanger | 4:e505054279ed | 6300 | |
| Vanger | 4:e505054279ed | 6301 | case NO_DH_PARAMS : |
| Vanger | 4:e505054279ed | 6302 | XSTRNCPY(str, "server missing DH params", max); |
| Vanger | 4:e505054279ed | 6303 | break; |
| Vanger | 4:e505054279ed | 6304 | |
| Vanger | 4:e505054279ed | 6305 | case RSA_PRIVATE_ERROR : |
| Vanger | 4:e505054279ed | 6306 | XSTRNCPY(str, "error during rsa priv op", max); |
| Vanger | 4:e505054279ed | 6307 | break; |
| Vanger | 4:e505054279ed | 6308 | |
| Vanger | 4:e505054279ed | 6309 | case MATCH_SUITE_ERROR : |
| Vanger | 4:e505054279ed | 6310 | XSTRNCPY(str, "can't match cipher suite", max); |
| Vanger | 4:e505054279ed | 6311 | break; |
| Vanger | 4:e505054279ed | 6312 | |
| Vanger | 4:e505054279ed | 6313 | case BUILD_MSG_ERROR : |
| Vanger | 4:e505054279ed | 6314 | XSTRNCPY(str, "build message failure", max); |
| Vanger | 4:e505054279ed | 6315 | break; |
| Vanger | 4:e505054279ed | 6316 | |
| Vanger | 4:e505054279ed | 6317 | case BAD_HELLO : |
| Vanger | 4:e505054279ed | 6318 | XSTRNCPY(str, "client hello malformed", max); |
| Vanger | 4:e505054279ed | 6319 | break; |
| Vanger | 4:e505054279ed | 6320 | |
| Vanger | 4:e505054279ed | 6321 | case DOMAIN_NAME_MISMATCH : |
| Vanger | 4:e505054279ed | 6322 | XSTRNCPY(str, "peer subject name mismatch", max); |
| Vanger | 4:e505054279ed | 6323 | break; |
| Vanger | 4:e505054279ed | 6324 | |
| Vanger | 4:e505054279ed | 6325 | case WANT_READ : |
| Vanger | 4:e505054279ed | 6326 | case SSL_ERROR_WANT_READ : |
| Vanger | 4:e505054279ed | 6327 | XSTRNCPY(str, "non-blocking socket wants data to be read", max); |
| Vanger | 4:e505054279ed | 6328 | break; |
| Vanger | 4:e505054279ed | 6329 | |
| Vanger | 4:e505054279ed | 6330 | case NOT_READY_ERROR : |
| Vanger | 4:e505054279ed | 6331 | XSTRNCPY(str, "handshake layer not ready yet, complete first", max); |
| Vanger | 4:e505054279ed | 6332 | break; |
| Vanger | 4:e505054279ed | 6333 | |
| Vanger | 4:e505054279ed | 6334 | case PMS_VERSION_ERROR : |
| Vanger | 4:e505054279ed | 6335 | XSTRNCPY(str, "premaster secret version mismatch error", max); |
| Vanger | 4:e505054279ed | 6336 | break; |
| Vanger | 4:e505054279ed | 6337 | |
| Vanger | 4:e505054279ed | 6338 | case VERSION_ERROR : |
| Vanger | 4:e505054279ed | 6339 | XSTRNCPY(str, "record layer version error", max); |
| Vanger | 4:e505054279ed | 6340 | break; |
| Vanger | 4:e505054279ed | 6341 | |
| Vanger | 4:e505054279ed | 6342 | case WANT_WRITE : |
| Vanger | 4:e505054279ed | 6343 | case SSL_ERROR_WANT_WRITE : |
| Vanger | 4:e505054279ed | 6344 | XSTRNCPY(str, "non-blocking socket write buffer full", max); |
| Vanger | 4:e505054279ed | 6345 | break; |
| Vanger | 4:e505054279ed | 6346 | |
| Vanger | 4:e505054279ed | 6347 | case BUFFER_ERROR : |
| Vanger | 4:e505054279ed | 6348 | XSTRNCPY(str, "malformed buffer input error", max); |
| Vanger | 4:e505054279ed | 6349 | break; |
| Vanger | 4:e505054279ed | 6350 | |
| Vanger | 4:e505054279ed | 6351 | case VERIFY_CERT_ERROR : |
| Vanger | 4:e505054279ed | 6352 | XSTRNCPY(str, "verify problem on certificate", max); |
| Vanger | 4:e505054279ed | 6353 | break; |
| Vanger | 4:e505054279ed | 6354 | |
| Vanger | 4:e505054279ed | 6355 | case VERIFY_SIGN_ERROR : |
| Vanger | 4:e505054279ed | 6356 | XSTRNCPY(str, "verify problem based on signature", max); |
| Vanger | 4:e505054279ed | 6357 | break; |
| Vanger | 4:e505054279ed | 6358 | |
| Vanger | 4:e505054279ed | 6359 | case CLIENT_ID_ERROR : |
| Vanger | 4:e505054279ed | 6360 | XSTRNCPY(str, "psk client identity error", max); |
| Vanger | 4:e505054279ed | 6361 | break; |
| Vanger | 4:e505054279ed | 6362 | |
| Vanger | 4:e505054279ed | 6363 | case SERVER_HINT_ERROR: |
| Vanger | 4:e505054279ed | 6364 | XSTRNCPY(str, "psk server hint error", max); |
| Vanger | 4:e505054279ed | 6365 | break; |
| Vanger | 4:e505054279ed | 6366 | |
| Vanger | 4:e505054279ed | 6367 | case PSK_KEY_ERROR: |
| Vanger | 4:e505054279ed | 6368 | XSTRNCPY(str, "psk key callback error", max); |
| Vanger | 4:e505054279ed | 6369 | break; |
| Vanger | 4:e505054279ed | 6370 | |
| Vanger | 4:e505054279ed | 6371 | case NTRU_KEY_ERROR: |
| Vanger | 4:e505054279ed | 6372 | XSTRNCPY(str, "NTRU key error", max); |
| Vanger | 4:e505054279ed | 6373 | break; |
| Vanger | 4:e505054279ed | 6374 | |
| Vanger | 4:e505054279ed | 6375 | case NTRU_DRBG_ERROR: |
| Vanger | 4:e505054279ed | 6376 | XSTRNCPY(str, "NTRU drbg error", max); |
| Vanger | 4:e505054279ed | 6377 | break; |
| Vanger | 4:e505054279ed | 6378 | |
| Vanger | 4:e505054279ed | 6379 | case NTRU_ENCRYPT_ERROR: |
| Vanger | 4:e505054279ed | 6380 | XSTRNCPY(str, "NTRU encrypt error", max); |
| Vanger | 4:e505054279ed | 6381 | break; |
| Vanger | 4:e505054279ed | 6382 | |
| Vanger | 4:e505054279ed | 6383 | case NTRU_DECRYPT_ERROR: |
| Vanger | 4:e505054279ed | 6384 | XSTRNCPY(str, "NTRU decrypt error", max); |
| Vanger | 4:e505054279ed | 6385 | break; |
| Vanger | 4:e505054279ed | 6386 | |
| Vanger | 4:e505054279ed | 6387 | case ZLIB_INIT_ERROR: |
| Vanger | 4:e505054279ed | 6388 | XSTRNCPY(str, "zlib init error", max); |
| Vanger | 4:e505054279ed | 6389 | break; |
| Vanger | 4:e505054279ed | 6390 | |
| Vanger | 4:e505054279ed | 6391 | case ZLIB_COMPRESS_ERROR: |
| Vanger | 4:e505054279ed | 6392 | XSTRNCPY(str, "zlib compress error", max); |
| Vanger | 4:e505054279ed | 6393 | break; |
| Vanger | 4:e505054279ed | 6394 | |
| Vanger | 4:e505054279ed | 6395 | case ZLIB_DECOMPRESS_ERROR: |
| Vanger | 4:e505054279ed | 6396 | XSTRNCPY(str, "zlib decompress error", max); |
| Vanger | 4:e505054279ed | 6397 | break; |
| Vanger | 4:e505054279ed | 6398 | |
| Vanger | 4:e505054279ed | 6399 | case GETTIME_ERROR: |
| Vanger | 4:e505054279ed | 6400 | XSTRNCPY(str, "gettimeofday() error", max); |
| Vanger | 4:e505054279ed | 6401 | break; |
| Vanger | 4:e505054279ed | 6402 | |
| Vanger | 4:e505054279ed | 6403 | case GETITIMER_ERROR: |
| Vanger | 4:e505054279ed | 6404 | XSTRNCPY(str, "getitimer() error", max); |
| Vanger | 4:e505054279ed | 6405 | break; |
| Vanger | 4:e505054279ed | 6406 | |
| Vanger | 4:e505054279ed | 6407 | case SIGACT_ERROR: |
| Vanger | 4:e505054279ed | 6408 | XSTRNCPY(str, "sigaction() error", max); |
| Vanger | 4:e505054279ed | 6409 | break; |
| Vanger | 4:e505054279ed | 6410 | |
| Vanger | 4:e505054279ed | 6411 | case SETITIMER_ERROR: |
| Vanger | 4:e505054279ed | 6412 | XSTRNCPY(str, "setitimer() error", max); |
| Vanger | 4:e505054279ed | 6413 | break; |
| Vanger | 4:e505054279ed | 6414 | |
| Vanger | 4:e505054279ed | 6415 | case LENGTH_ERROR: |
| Vanger | 4:e505054279ed | 6416 | XSTRNCPY(str, "record layer length error", max); |
| Vanger | 4:e505054279ed | 6417 | break; |
| Vanger | 4:e505054279ed | 6418 | |
| Vanger | 4:e505054279ed | 6419 | case PEER_KEY_ERROR: |
| Vanger | 4:e505054279ed | 6420 | XSTRNCPY(str, "cant decode peer key", max); |
| Vanger | 4:e505054279ed | 6421 | break; |
| Vanger | 4:e505054279ed | 6422 | |
| Vanger | 4:e505054279ed | 6423 | case ZERO_RETURN: |
| Vanger | 4:e505054279ed | 6424 | case SSL_ERROR_ZERO_RETURN: |
| Vanger | 4:e505054279ed | 6425 | XSTRNCPY(str, "peer sent close notify alert", max); |
| Vanger | 4:e505054279ed | 6426 | break; |
| Vanger | 4:e505054279ed | 6427 | |
| Vanger | 4:e505054279ed | 6428 | case ECC_CURVETYPE_ERROR: |
| Vanger | 4:e505054279ed | 6429 | XSTRNCPY(str, "Bad ECC Curve Type or unsupported", max); |
| Vanger | 4:e505054279ed | 6430 | break; |
| Vanger | 4:e505054279ed | 6431 | |
| Vanger | 4:e505054279ed | 6432 | case ECC_CURVE_ERROR: |
| Vanger | 4:e505054279ed | 6433 | XSTRNCPY(str, "Bad ECC Curve or unsupported", max); |
| Vanger | 4:e505054279ed | 6434 | break; |
| Vanger | 4:e505054279ed | 6435 | |
| Vanger | 4:e505054279ed | 6436 | case ECC_PEERKEY_ERROR: |
| Vanger | 4:e505054279ed | 6437 | XSTRNCPY(str, "Bad ECC Peer Key", max); |
| Vanger | 4:e505054279ed | 6438 | break; |
| Vanger | 4:e505054279ed | 6439 | |
| Vanger | 4:e505054279ed | 6440 | case ECC_MAKEKEY_ERROR: |
| Vanger | 4:e505054279ed | 6441 | XSTRNCPY(str, "ECC Make Key failure", max); |
| Vanger | 4:e505054279ed | 6442 | break; |
| Vanger | 4:e505054279ed | 6443 | |
| Vanger | 4:e505054279ed | 6444 | case ECC_EXPORT_ERROR: |
| Vanger | 4:e505054279ed | 6445 | XSTRNCPY(str, "ECC Export Key failure", max); |
| Vanger | 4:e505054279ed | 6446 | break; |
| Vanger | 4:e505054279ed | 6447 | |
| Vanger | 4:e505054279ed | 6448 | case ECC_SHARED_ERROR: |
| Vanger | 4:e505054279ed | 6449 | XSTRNCPY(str, "ECC DHE shared failure", max); |
| Vanger | 4:e505054279ed | 6450 | break; |
| Vanger | 4:e505054279ed | 6451 | |
| Vanger | 4:e505054279ed | 6452 | case NOT_CA_ERROR: |
| Vanger | 4:e505054279ed | 6453 | XSTRNCPY(str, "Not a CA by basic constraint error", max); |
| Vanger | 4:e505054279ed | 6454 | break; |
| Vanger | 4:e505054279ed | 6455 | |
| Vanger | 4:e505054279ed | 6456 | case BAD_PATH_ERROR: |
| Vanger | 4:e505054279ed | 6457 | XSTRNCPY(str, "Bad path for opendir error", max); |
| Vanger | 4:e505054279ed | 6458 | break; |
| Vanger | 4:e505054279ed | 6459 | |
| Vanger | 4:e505054279ed | 6460 | case BAD_CERT_MANAGER_ERROR: |
| Vanger | 4:e505054279ed | 6461 | XSTRNCPY(str, "Bad Cert Manager error", max); |
| Vanger | 4:e505054279ed | 6462 | break; |
| Vanger | 4:e505054279ed | 6463 | |
| Vanger | 4:e505054279ed | 6464 | case OCSP_CERT_REVOKED: |
| Vanger | 4:e505054279ed | 6465 | XSTRNCPY(str, "OCSP Cert revoked", max); |
| Vanger | 4:e505054279ed | 6466 | break; |
| Vanger | 4:e505054279ed | 6467 | |
| Vanger | 4:e505054279ed | 6468 | case CRL_CERT_REVOKED: |
| Vanger | 4:e505054279ed | 6469 | XSTRNCPY(str, "CRL Cert revoked", max); |
| Vanger | 4:e505054279ed | 6470 | break; |
| Vanger | 4:e505054279ed | 6471 | |
| Vanger | 4:e505054279ed | 6472 | case CRL_MISSING: |
| Vanger | 4:e505054279ed | 6473 | XSTRNCPY(str, "CRL missing, not loaded", max); |
| Vanger | 4:e505054279ed | 6474 | break; |
| Vanger | 4:e505054279ed | 6475 | |
| Vanger | 4:e505054279ed | 6476 | case MONITOR_RUNNING_E: |
| Vanger | 4:e505054279ed | 6477 | XSTRNCPY(str, "CRL monitor already running", max); |
| Vanger | 4:e505054279ed | 6478 | break; |
| Vanger | 4:e505054279ed | 6479 | |
| Vanger | 4:e505054279ed | 6480 | case THREAD_CREATE_E: |
| Vanger | 4:e505054279ed | 6481 | XSTRNCPY(str, "Thread creation problem", max); |
| Vanger | 4:e505054279ed | 6482 | break; |
| Vanger | 4:e505054279ed | 6483 | |
| Vanger | 4:e505054279ed | 6484 | case OCSP_NEED_URL: |
| Vanger | 4:e505054279ed | 6485 | XSTRNCPY(str, "OCSP need URL", max); |
| Vanger | 4:e505054279ed | 6486 | break; |
| Vanger | 4:e505054279ed | 6487 | |
| Vanger | 4:e505054279ed | 6488 | case OCSP_CERT_UNKNOWN: |
| Vanger | 4:e505054279ed | 6489 | XSTRNCPY(str, "OCSP Cert unknown", max); |
| Vanger | 4:e505054279ed | 6490 | break; |
| Vanger | 4:e505054279ed | 6491 | |
| Vanger | 4:e505054279ed | 6492 | case OCSP_LOOKUP_FAIL: |
| Vanger | 4:e505054279ed | 6493 | XSTRNCPY(str, "OCSP Responder lookup fail", max); |
| Vanger | 4:e505054279ed | 6494 | break; |
| Vanger | 4:e505054279ed | 6495 | |
| Vanger | 4:e505054279ed | 6496 | case MAX_CHAIN_ERROR: |
| Vanger | 4:e505054279ed | 6497 | XSTRNCPY(str, "Maximum Chain Depth Exceeded", max); |
| Vanger | 4:e505054279ed | 6498 | break; |
| Vanger | 4:e505054279ed | 6499 | |
| Vanger | 4:e505054279ed | 6500 | case COOKIE_ERROR: |
| Vanger | 4:e505054279ed | 6501 | XSTRNCPY(str, "DTLS Cookie Error", max); |
| Vanger | 4:e505054279ed | 6502 | break; |
| Vanger | 4:e505054279ed | 6503 | |
| Vanger | 4:e505054279ed | 6504 | case SEQUENCE_ERROR: |
| Vanger | 4:e505054279ed | 6505 | XSTRNCPY(str, "DTLS Sequence Error", max); |
| Vanger | 4:e505054279ed | 6506 | break; |
| Vanger | 4:e505054279ed | 6507 | |
| Vanger | 4:e505054279ed | 6508 | case SUITES_ERROR: |
| Vanger | 4:e505054279ed | 6509 | XSTRNCPY(str, "Suites Pointer Error", max); |
| Vanger | 4:e505054279ed | 6510 | break; |
| Vanger | 4:e505054279ed | 6511 | |
| Vanger | 4:e505054279ed | 6512 | case SSL_NO_PEM_HEADER: |
| Vanger | 4:e505054279ed | 6513 | XSTRNCPY(str, "No PEM Header Error", max); |
| Vanger | 4:e505054279ed | 6514 | break; |
| Vanger | 4:e505054279ed | 6515 | |
| Vanger | 4:e505054279ed | 6516 | case OUT_OF_ORDER_E: |
| Vanger | 4:e505054279ed | 6517 | XSTRNCPY(str, "Out of order message, fatal", max); |
| Vanger | 4:e505054279ed | 6518 | break; |
| Vanger | 4:e505054279ed | 6519 | |
| Vanger | 4:e505054279ed | 6520 | case BAD_KEA_TYPE_E: |
| Vanger | 4:e505054279ed | 6521 | XSTRNCPY(str, "Bad KEA type found", max); |
| Vanger | 4:e505054279ed | 6522 | break; |
| Vanger | 4:e505054279ed | 6523 | |
| Vanger | 4:e505054279ed | 6524 | case SANITY_CIPHER_E: |
| Vanger | 4:e505054279ed | 6525 | XSTRNCPY(str, "Sanity check on ciphertext failed", max); |
| Vanger | 4:e505054279ed | 6526 | break; |
| Vanger | 4:e505054279ed | 6527 | |
| Vanger | 4:e505054279ed | 6528 | case RECV_OVERFLOW_E: |
| Vanger | 4:e505054279ed | 6529 | XSTRNCPY(str, "Receive callback returned more than requested", max); |
| Vanger | 4:e505054279ed | 6530 | break; |
| Vanger | 4:e505054279ed | 6531 | |
| Vanger | 4:e505054279ed | 6532 | case GEN_COOKIE_E: |
| Vanger | 4:e505054279ed | 6533 | XSTRNCPY(str, "Generate Cookie Error", max); |
| Vanger | 4:e505054279ed | 6534 | break; |
| Vanger | 4:e505054279ed | 6535 | |
| Vanger | 4:e505054279ed | 6536 | case NO_PEER_VERIFY: |
| Vanger | 4:e505054279ed | 6537 | XSTRNCPY(str, "Need peer certificate verify Error", max); |
| Vanger | 4:e505054279ed | 6538 | break; |
| Vanger | 4:e505054279ed | 6539 | |
| Vanger | 4:e505054279ed | 6540 | case FWRITE_ERROR: |
| Vanger | 4:e505054279ed | 6541 | XSTRNCPY(str, "fwrite Error", max); |
| Vanger | 4:e505054279ed | 6542 | break; |
| Vanger | 4:e505054279ed | 6543 | |
| Vanger | 4:e505054279ed | 6544 | case CACHE_MATCH_ERROR: |
| Vanger | 4:e505054279ed | 6545 | XSTRNCPY(str, "Cache restore header match Error", max); |
| Vanger | 4:e505054279ed | 6546 | break; |
| Vanger | 4:e505054279ed | 6547 | |
| Vanger | 4:e505054279ed | 6548 | case UNKNOWN_SNI_HOST_NAME_E: |
| Vanger | 4:e505054279ed | 6549 | XSTRNCPY(str, "Unrecognized host name Error", max); |
| Vanger | 4:e505054279ed | 6550 | break; |
| Vanger | 4:e505054279ed | 6551 | |
| Vanger | 4:e505054279ed | 6552 | case KEYUSE_SIGNATURE_E: |
| Vanger | 4:e505054279ed | 6553 | XSTRNCPY(str, "Key Use digitalSignature not set Error", max); |
| Vanger | 4:e505054279ed | 6554 | break; |
| Vanger | 4:e505054279ed | 6555 | |
| Vanger | 4:e505054279ed | 6556 | case KEYUSE_ENCIPHER_E: |
| Vanger | 4:e505054279ed | 6557 | XSTRNCPY(str, "Key Use keyEncipherment not set Error", max); |
| Vanger | 4:e505054279ed | 6558 | break; |
| Vanger | 4:e505054279ed | 6559 | |
| Vanger | 4:e505054279ed | 6560 | case EXTKEYUSE_AUTH_E: |
| Vanger | 4:e505054279ed | 6561 | XSTRNCPY(str, "Ext Key Use server/client auth not set Error", max); |
| Vanger | 4:e505054279ed | 6562 | break; |
| Vanger | 4:e505054279ed | 6563 | |
| Vanger | 4:e505054279ed | 6564 | default : |
| Vanger | 4:e505054279ed | 6565 | XSTRNCPY(str, "unknown error number", max); |
| Vanger | 4:e505054279ed | 6566 | } |
| Vanger | 4:e505054279ed | 6567 | |
| Vanger | 4:e505054279ed | 6568 | #endif /* NO_ERROR_STRINGS */ |
| Vanger | 4:e505054279ed | 6569 | } |
| Vanger | 4:e505054279ed | 6570 | |
| Vanger | 4:e505054279ed | 6571 | |
| Vanger | 4:e505054279ed | 6572 | |
| Vanger | 4:e505054279ed | 6573 | /* be sure to add to cipher_name_idx too !!!! */ |
| Vanger | 4:e505054279ed | 6574 | static const char* const cipher_names[] = |
| Vanger | 4:e505054279ed | 6575 | { |
| Vanger | 4:e505054279ed | 6576 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 6577 | "RC4-SHA", |
| Vanger | 4:e505054279ed | 6578 | #endif |
| Vanger | 4:e505054279ed | 6579 | |
| Vanger | 4:e505054279ed | 6580 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 |
| Vanger | 4:e505054279ed | 6581 | "RC4-MD5", |
| Vanger | 4:e505054279ed | 6582 | #endif |
| Vanger | 4:e505054279ed | 6583 | |
| Vanger | 4:e505054279ed | 6584 | #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 6585 | "DES-CBC3-SHA", |
| Vanger | 4:e505054279ed | 6586 | #endif |
| Vanger | 4:e505054279ed | 6587 | |
| Vanger | 4:e505054279ed | 6588 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6589 | "AES128-SHA", |
| Vanger | 4:e505054279ed | 6590 | #endif |
| Vanger | 4:e505054279ed | 6591 | |
| Vanger | 4:e505054279ed | 6592 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6593 | "AES256-SHA", |
| Vanger | 4:e505054279ed | 6594 | #endif |
| Vanger | 4:e505054279ed | 6595 | |
| Vanger | 4:e505054279ed | 6596 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA |
| Vanger | 4:e505054279ed | 6597 | "NULL-SHA", |
| Vanger | 4:e505054279ed | 6598 | #endif |
| Vanger | 4:e505054279ed | 6599 | |
| Vanger | 4:e505054279ed | 6600 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 |
| Vanger | 4:e505054279ed | 6601 | "NULL-SHA256", |
| Vanger | 4:e505054279ed | 6602 | #endif |
| Vanger | 4:e505054279ed | 6603 | |
| Vanger | 4:e505054279ed | 6604 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6605 | "DHE-RSA-AES128-SHA", |
| Vanger | 4:e505054279ed | 6606 | #endif |
| Vanger | 4:e505054279ed | 6607 | |
| Vanger | 4:e505054279ed | 6608 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6609 | "DHE-RSA-AES256-SHA", |
| Vanger | 4:e505054279ed | 6610 | #endif |
| Vanger | 4:e505054279ed | 6611 | |
| Vanger | 4:e505054279ed | 6612 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6613 | "PSK-AES128-CBC-SHA256", |
| Vanger | 4:e505054279ed | 6614 | #endif |
| Vanger | 4:e505054279ed | 6615 | |
| Vanger | 4:e505054279ed | 6616 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6617 | "PSK-AES128-CBC-SHA", |
| Vanger | 4:e505054279ed | 6618 | #endif |
| Vanger | 4:e505054279ed | 6619 | |
| Vanger | 4:e505054279ed | 6620 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6621 | "PSK-AES256-CBC-SHA", |
| Vanger | 4:e505054279ed | 6622 | #endif |
| Vanger | 4:e505054279ed | 6623 | |
| Vanger | 4:e505054279ed | 6624 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 |
| Vanger | 4:e505054279ed | 6625 | "PSK-AES128-CCM-8", |
| Vanger | 4:e505054279ed | 6626 | #endif |
| Vanger | 4:e505054279ed | 6627 | |
| Vanger | 4:e505054279ed | 6628 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 |
| Vanger | 4:e505054279ed | 6629 | "PSK-AES256-CCM-8", |
| Vanger | 4:e505054279ed | 6630 | #endif |
| Vanger | 4:e505054279ed | 6631 | |
| Vanger | 4:e505054279ed | 6632 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 |
| Vanger | 4:e505054279ed | 6633 | "PSK-NULL-SHA256", |
| Vanger | 4:e505054279ed | 6634 | #endif |
| Vanger | 4:e505054279ed | 6635 | |
| Vanger | 4:e505054279ed | 6636 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA |
| Vanger | 4:e505054279ed | 6637 | "PSK-NULL-SHA", |
| Vanger | 4:e505054279ed | 6638 | #endif |
| Vanger | 4:e505054279ed | 6639 | |
| Vanger | 4:e505054279ed | 6640 | #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 |
| Vanger | 4:e505054279ed | 6641 | "HC128-MD5", |
| Vanger | 4:e505054279ed | 6642 | #endif |
| Vanger | 4:e505054279ed | 6643 | |
| Vanger | 4:e505054279ed | 6644 | #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA |
| Vanger | 4:e505054279ed | 6645 | "HC128-SHA", |
| Vanger | 4:e505054279ed | 6646 | #endif |
| Vanger | 4:e505054279ed | 6647 | |
| Vanger | 4:e505054279ed | 6648 | #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 |
| Vanger | 4:e505054279ed | 6649 | "HC128-B2B256", |
| Vanger | 4:e505054279ed | 6650 | #endif |
| Vanger | 4:e505054279ed | 6651 | |
| Vanger | 4:e505054279ed | 6652 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 |
| Vanger | 4:e505054279ed | 6653 | "AES128-B2B256", |
| Vanger | 4:e505054279ed | 6654 | #endif |
| Vanger | 4:e505054279ed | 6655 | |
| Vanger | 4:e505054279ed | 6656 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 |
| Vanger | 4:e505054279ed | 6657 | "AES256-B2B256", |
| Vanger | 4:e505054279ed | 6658 | #endif |
| Vanger | 4:e505054279ed | 6659 | |
| Vanger | 4:e505054279ed | 6660 | #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA |
| Vanger | 4:e505054279ed | 6661 | "RABBIT-SHA", |
| Vanger | 4:e505054279ed | 6662 | #endif |
| Vanger | 4:e505054279ed | 6663 | |
| Vanger | 4:e505054279ed | 6664 | #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 6665 | "NTRU-RC4-SHA", |
| Vanger | 4:e505054279ed | 6666 | #endif |
| Vanger | 4:e505054279ed | 6667 | |
| Vanger | 4:e505054279ed | 6668 | #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 6669 | "NTRU-DES-CBC3-SHA", |
| Vanger | 4:e505054279ed | 6670 | #endif |
| Vanger | 4:e505054279ed | 6671 | |
| Vanger | 4:e505054279ed | 6672 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6673 | "NTRU-AES128-SHA", |
| Vanger | 4:e505054279ed | 6674 | #endif |
| Vanger | 4:e505054279ed | 6675 | |
| Vanger | 4:e505054279ed | 6676 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6677 | "NTRU-AES256-SHA", |
| Vanger | 4:e505054279ed | 6678 | #endif |
| Vanger | 4:e505054279ed | 6679 | |
| Vanger | 4:e505054279ed | 6680 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 |
| Vanger | 4:e505054279ed | 6681 | "AES128-CCM-8", |
| Vanger | 4:e505054279ed | 6682 | #endif |
| Vanger | 4:e505054279ed | 6683 | |
| Vanger | 4:e505054279ed | 6684 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 |
| Vanger | 4:e505054279ed | 6685 | "AES256-CCM-8", |
| Vanger | 4:e505054279ed | 6686 | #endif |
| Vanger | 4:e505054279ed | 6687 | |
| Vanger | 4:e505054279ed | 6688 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 |
| Vanger | 4:e505054279ed | 6689 | "ECDHE-ECDSA-AES128-CCM-8", |
| Vanger | 4:e505054279ed | 6690 | #endif |
| Vanger | 4:e505054279ed | 6691 | |
| Vanger | 4:e505054279ed | 6692 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 |
| Vanger | 4:e505054279ed | 6693 | "ECDHE-ECDSA-AES256-CCM-8", |
| Vanger | 4:e505054279ed | 6694 | #endif |
| Vanger | 4:e505054279ed | 6695 | |
| Vanger | 4:e505054279ed | 6696 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6697 | "ECDHE-RSA-AES128-SHA", |
| Vanger | 4:e505054279ed | 6698 | #endif |
| Vanger | 4:e505054279ed | 6699 | |
| Vanger | 4:e505054279ed | 6700 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6701 | "ECDHE-RSA-AES256-SHA", |
| Vanger | 4:e505054279ed | 6702 | #endif |
| Vanger | 4:e505054279ed | 6703 | |
| Vanger | 4:e505054279ed | 6704 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6705 | "ECDHE-ECDSA-AES128-SHA", |
| Vanger | 4:e505054279ed | 6706 | #endif |
| Vanger | 4:e505054279ed | 6707 | |
| Vanger | 4:e505054279ed | 6708 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6709 | "ECDHE-ECDSA-AES256-SHA", |
| Vanger | 4:e505054279ed | 6710 | #endif |
| Vanger | 4:e505054279ed | 6711 | |
| Vanger | 4:e505054279ed | 6712 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 6713 | "ECDHE-RSA-RC4-SHA", |
| Vanger | 4:e505054279ed | 6714 | #endif |
| Vanger | 4:e505054279ed | 6715 | |
| Vanger | 4:e505054279ed | 6716 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 6717 | "ECDHE-RSA-DES-CBC3-SHA", |
| Vanger | 4:e505054279ed | 6718 | #endif |
| Vanger | 4:e505054279ed | 6719 | |
| Vanger | 4:e505054279ed | 6720 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 6721 | "ECDHE-ECDSA-RC4-SHA", |
| Vanger | 4:e505054279ed | 6722 | #endif |
| Vanger | 4:e505054279ed | 6723 | |
| Vanger | 4:e505054279ed | 6724 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 6725 | "ECDHE-ECDSA-DES-CBC3-SHA", |
| Vanger | 4:e505054279ed | 6726 | #endif |
| Vanger | 4:e505054279ed | 6727 | |
| Vanger | 4:e505054279ed | 6728 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6729 | "AES128-SHA256", |
| Vanger | 4:e505054279ed | 6730 | #endif |
| Vanger | 4:e505054279ed | 6731 | |
| Vanger | 4:e505054279ed | 6732 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6733 | "AES256-SHA256", |
| Vanger | 4:e505054279ed | 6734 | #endif |
| Vanger | 4:e505054279ed | 6735 | |
| Vanger | 4:e505054279ed | 6736 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6737 | "DHE-RSA-AES128-SHA256", |
| Vanger | 4:e505054279ed | 6738 | #endif |
| Vanger | 4:e505054279ed | 6739 | |
| Vanger | 4:e505054279ed | 6740 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6741 | "DHE-RSA-AES256-SHA256", |
| Vanger | 4:e505054279ed | 6742 | #endif |
| Vanger | 4:e505054279ed | 6743 | |
| Vanger | 4:e505054279ed | 6744 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6745 | "ECDH-RSA-AES128-SHA", |
| Vanger | 4:e505054279ed | 6746 | #endif |
| Vanger | 4:e505054279ed | 6747 | |
| Vanger | 4:e505054279ed | 6748 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6749 | "ECDH-RSA-AES256-SHA", |
| Vanger | 4:e505054279ed | 6750 | #endif |
| Vanger | 4:e505054279ed | 6751 | |
| Vanger | 4:e505054279ed | 6752 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6753 | "ECDH-ECDSA-AES128-SHA", |
| Vanger | 4:e505054279ed | 6754 | #endif |
| Vanger | 4:e505054279ed | 6755 | |
| Vanger | 4:e505054279ed | 6756 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6757 | "ECDH-ECDSA-AES256-SHA", |
| Vanger | 4:e505054279ed | 6758 | #endif |
| Vanger | 4:e505054279ed | 6759 | |
| Vanger | 4:e505054279ed | 6760 | #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 6761 | "ECDH-RSA-RC4-SHA", |
| Vanger | 4:e505054279ed | 6762 | #endif |
| Vanger | 4:e505054279ed | 6763 | |
| Vanger | 4:e505054279ed | 6764 | #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 6765 | "ECDH-RSA-DES-CBC3-SHA", |
| Vanger | 4:e505054279ed | 6766 | #endif |
| Vanger | 4:e505054279ed | 6767 | |
| Vanger | 4:e505054279ed | 6768 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 6769 | "ECDH-ECDSA-RC4-SHA", |
| Vanger | 4:e505054279ed | 6770 | #endif |
| Vanger | 4:e505054279ed | 6771 | |
| Vanger | 4:e505054279ed | 6772 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 6773 | "ECDH-ECDSA-DES-CBC3-SHA", |
| Vanger | 4:e505054279ed | 6774 | #endif |
| Vanger | 4:e505054279ed | 6775 | |
| Vanger | 4:e505054279ed | 6776 | #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 6777 | "AES128-GCM-SHA256", |
| Vanger | 4:e505054279ed | 6778 | #endif |
| Vanger | 4:e505054279ed | 6779 | |
| Vanger | 4:e505054279ed | 6780 | #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 6781 | "AES256-GCM-SHA384", |
| Vanger | 4:e505054279ed | 6782 | #endif |
| Vanger | 4:e505054279ed | 6783 | |
| Vanger | 4:e505054279ed | 6784 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 6785 | "DHE-RSA-AES128-GCM-SHA256", |
| Vanger | 4:e505054279ed | 6786 | #endif |
| Vanger | 4:e505054279ed | 6787 | |
| Vanger | 4:e505054279ed | 6788 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 6789 | "DHE-RSA-AES256-GCM-SHA384", |
| Vanger | 4:e505054279ed | 6790 | #endif |
| Vanger | 4:e505054279ed | 6791 | |
| Vanger | 4:e505054279ed | 6792 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 6793 | "ECDHE-RSA-AES128-GCM-SHA256", |
| Vanger | 4:e505054279ed | 6794 | #endif |
| Vanger | 4:e505054279ed | 6795 | |
| Vanger | 4:e505054279ed | 6796 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 6797 | "ECDHE-RSA-AES256-GCM-SHA384", |
| Vanger | 4:e505054279ed | 6798 | #endif |
| Vanger | 4:e505054279ed | 6799 | |
| Vanger | 4:e505054279ed | 6800 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 6801 | "ECDHE-ECDSA-AES128-GCM-SHA256", |
| Vanger | 4:e505054279ed | 6802 | #endif |
| Vanger | 4:e505054279ed | 6803 | |
| Vanger | 4:e505054279ed | 6804 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 6805 | "ECDHE-ECDSA-AES256-GCM-SHA384", |
| Vanger | 4:e505054279ed | 6806 | #endif |
| Vanger | 4:e505054279ed | 6807 | |
| Vanger | 4:e505054279ed | 6808 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 6809 | "ECDH-RSA-AES128-GCM-SHA256", |
| Vanger | 4:e505054279ed | 6810 | #endif |
| Vanger | 4:e505054279ed | 6811 | |
| Vanger | 4:e505054279ed | 6812 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 6813 | "ECDH-RSA-AES256-GCM-SHA384", |
| Vanger | 4:e505054279ed | 6814 | #endif |
| Vanger | 4:e505054279ed | 6815 | |
| Vanger | 4:e505054279ed | 6816 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 6817 | "ECDH-ECDSA-AES128-GCM-SHA256", |
| Vanger | 4:e505054279ed | 6818 | #endif |
| Vanger | 4:e505054279ed | 6819 | |
| Vanger | 4:e505054279ed | 6820 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 6821 | "ECDH-ECDSA-AES256-GCM-SHA384", |
| Vanger | 4:e505054279ed | 6822 | #endif |
| Vanger | 4:e505054279ed | 6823 | |
| Vanger | 4:e505054279ed | 6824 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6825 | "CAMELLIA128-SHA", |
| Vanger | 4:e505054279ed | 6826 | #endif |
| Vanger | 4:e505054279ed | 6827 | |
| Vanger | 4:e505054279ed | 6828 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6829 | "DHE-RSA-CAMELLIA128-SHA", |
| Vanger | 4:e505054279ed | 6830 | #endif |
| Vanger | 4:e505054279ed | 6831 | |
| Vanger | 4:e505054279ed | 6832 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6833 | "CAMELLIA256-SHA", |
| Vanger | 4:e505054279ed | 6834 | #endif |
| Vanger | 4:e505054279ed | 6835 | |
| Vanger | 4:e505054279ed | 6836 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6837 | "DHE-RSA-CAMELLIA256-SHA", |
| Vanger | 4:e505054279ed | 6838 | #endif |
| Vanger | 4:e505054279ed | 6839 | |
| Vanger | 4:e505054279ed | 6840 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6841 | "CAMELLIA128-SHA256", |
| Vanger | 4:e505054279ed | 6842 | #endif |
| Vanger | 4:e505054279ed | 6843 | |
| Vanger | 4:e505054279ed | 6844 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6845 | "DHE-RSA-CAMELLIA128-SHA256", |
| Vanger | 4:e505054279ed | 6846 | #endif |
| Vanger | 4:e505054279ed | 6847 | |
| Vanger | 4:e505054279ed | 6848 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6849 | "CAMELLIA256-SHA256", |
| Vanger | 4:e505054279ed | 6850 | #endif |
| Vanger | 4:e505054279ed | 6851 | |
| Vanger | 4:e505054279ed | 6852 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6853 | "DHE-RSA-CAMELLIA256-SHA256", |
| Vanger | 4:e505054279ed | 6854 | #endif |
| Vanger | 4:e505054279ed | 6855 | |
| Vanger | 4:e505054279ed | 6856 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6857 | "ECDHE-RSA-AES128-SHA256", |
| Vanger | 4:e505054279ed | 6858 | #endif |
| Vanger | 4:e505054279ed | 6859 | |
| Vanger | 4:e505054279ed | 6860 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6861 | "ECDHE-ECDSA-AES128-SHA256", |
| Vanger | 4:e505054279ed | 6862 | #endif |
| Vanger | 4:e505054279ed | 6863 | |
| Vanger | 4:e505054279ed | 6864 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6865 | "ECDH-RSA-AES128-SHA256", |
| Vanger | 4:e505054279ed | 6866 | #endif |
| Vanger | 4:e505054279ed | 6867 | |
| Vanger | 4:e505054279ed | 6868 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6869 | "ECDH-ECDSA-AES128-SHA256", |
| Vanger | 4:e505054279ed | 6870 | #endif |
| Vanger | 4:e505054279ed | 6871 | |
| Vanger | 4:e505054279ed | 6872 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 6873 | "ECDHE-RSA-AES256-SHA384", |
| Vanger | 4:e505054279ed | 6874 | #endif |
| Vanger | 4:e505054279ed | 6875 | |
| Vanger | 4:e505054279ed | 6876 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 6877 | "ECDHE-ECDSA-AES256-SHA384", |
| Vanger | 4:e505054279ed | 6878 | #endif |
| Vanger | 4:e505054279ed | 6879 | |
| Vanger | 4:e505054279ed | 6880 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 6881 | "ECDH-RSA-AES256-SHA384", |
| Vanger | 4:e505054279ed | 6882 | #endif |
| Vanger | 4:e505054279ed | 6883 | |
| Vanger | 4:e505054279ed | 6884 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 6885 | "ECDH-ECDSA-AES256-SHA384", |
| Vanger | 4:e505054279ed | 6886 | #endif |
| Vanger | 4:e505054279ed | 6887 | |
| Vanger | 4:e505054279ed | 6888 | }; |
| Vanger | 4:e505054279ed | 6889 | |
| Vanger | 4:e505054279ed | 6890 | |
| Vanger | 4:e505054279ed | 6891 | |
| Vanger | 4:e505054279ed | 6892 | /* cipher suite number that matches above name table */ |
| Vanger | 4:e505054279ed | 6893 | static int cipher_name_idx[] = |
| Vanger | 4:e505054279ed | 6894 | { |
| Vanger | 4:e505054279ed | 6895 | |
| Vanger | 4:e505054279ed | 6896 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 6897 | SSL_RSA_WITH_RC4_128_SHA, |
| Vanger | 4:e505054279ed | 6898 | #endif |
| Vanger | 4:e505054279ed | 6899 | |
| Vanger | 4:e505054279ed | 6900 | #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 |
| Vanger | 4:e505054279ed | 6901 | SSL_RSA_WITH_RC4_128_MD5, |
| Vanger | 4:e505054279ed | 6902 | #endif |
| Vanger | 4:e505054279ed | 6903 | |
| Vanger | 4:e505054279ed | 6904 | #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 6905 | SSL_RSA_WITH_3DES_EDE_CBC_SHA, |
| Vanger | 4:e505054279ed | 6906 | #endif |
| Vanger | 4:e505054279ed | 6907 | |
| Vanger | 4:e505054279ed | 6908 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6909 | TLS_RSA_WITH_AES_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 6910 | #endif |
| Vanger | 4:e505054279ed | 6911 | |
| Vanger | 4:e505054279ed | 6912 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6913 | TLS_RSA_WITH_AES_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 6914 | #endif |
| Vanger | 4:e505054279ed | 6915 | |
| Vanger | 4:e505054279ed | 6916 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA |
| Vanger | 4:e505054279ed | 6917 | TLS_RSA_WITH_NULL_SHA, |
| Vanger | 4:e505054279ed | 6918 | #endif |
| Vanger | 4:e505054279ed | 6919 | |
| Vanger | 4:e505054279ed | 6920 | #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 |
| Vanger | 4:e505054279ed | 6921 | TLS_RSA_WITH_NULL_SHA256, |
| Vanger | 4:e505054279ed | 6922 | #endif |
| Vanger | 4:e505054279ed | 6923 | |
| Vanger | 4:e505054279ed | 6924 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6925 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 6926 | #endif |
| Vanger | 4:e505054279ed | 6927 | |
| Vanger | 4:e505054279ed | 6928 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6929 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 6930 | #endif |
| Vanger | 4:e505054279ed | 6931 | |
| Vanger | 4:e505054279ed | 6932 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 6933 | TLS_PSK_WITH_AES_128_CBC_SHA256, |
| Vanger | 4:e505054279ed | 6934 | #endif |
| Vanger | 4:e505054279ed | 6935 | |
| Vanger | 4:e505054279ed | 6936 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6937 | TLS_PSK_WITH_AES_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 6938 | #endif |
| Vanger | 4:e505054279ed | 6939 | |
| Vanger | 4:e505054279ed | 6940 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6941 | TLS_PSK_WITH_AES_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 6942 | #endif |
| Vanger | 4:e505054279ed | 6943 | |
| Vanger | 4:e505054279ed | 6944 | #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 |
| Vanger | 4:e505054279ed | 6945 | TLS_PSK_WITH_AES_128_CCM_8, |
| Vanger | 4:e505054279ed | 6946 | #endif |
| Vanger | 4:e505054279ed | 6947 | |
| Vanger | 4:e505054279ed | 6948 | #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 |
| Vanger | 4:e505054279ed | 6949 | TLS_PSK_WITH_AES_256_CCM_8, |
| Vanger | 4:e505054279ed | 6950 | #endif |
| Vanger | 4:e505054279ed | 6951 | |
| Vanger | 4:e505054279ed | 6952 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 |
| Vanger | 4:e505054279ed | 6953 | TLS_PSK_WITH_NULL_SHA256, |
| Vanger | 4:e505054279ed | 6954 | #endif |
| Vanger | 4:e505054279ed | 6955 | |
| Vanger | 4:e505054279ed | 6956 | #ifdef BUILD_TLS_PSK_WITH_NULL_SHA |
| Vanger | 4:e505054279ed | 6957 | TLS_PSK_WITH_NULL_SHA, |
| Vanger | 4:e505054279ed | 6958 | #endif |
| Vanger | 4:e505054279ed | 6959 | |
| Vanger | 4:e505054279ed | 6960 | #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 |
| Vanger | 4:e505054279ed | 6961 | TLS_RSA_WITH_HC_128_MD5, |
| Vanger | 4:e505054279ed | 6962 | #endif |
| Vanger | 4:e505054279ed | 6963 | |
| Vanger | 4:e505054279ed | 6964 | #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA |
| Vanger | 4:e505054279ed | 6965 | TLS_RSA_WITH_HC_128_SHA, |
| Vanger | 4:e505054279ed | 6966 | #endif |
| Vanger | 4:e505054279ed | 6967 | |
| Vanger | 4:e505054279ed | 6968 | #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 |
| Vanger | 4:e505054279ed | 6969 | TLS_RSA_WITH_HC_128_B2B256, |
| Vanger | 4:e505054279ed | 6970 | #endif |
| Vanger | 4:e505054279ed | 6971 | |
| Vanger | 4:e505054279ed | 6972 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 |
| Vanger | 4:e505054279ed | 6973 | TLS_RSA_WITH_AES_128_CBC_B2B256, |
| Vanger | 4:e505054279ed | 6974 | #endif |
| Vanger | 4:e505054279ed | 6975 | |
| Vanger | 4:e505054279ed | 6976 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 |
| Vanger | 4:e505054279ed | 6977 | TLS_RSA_WITH_AES_256_CBC_B2B256, |
| Vanger | 4:e505054279ed | 6978 | #endif |
| Vanger | 4:e505054279ed | 6979 | |
| Vanger | 4:e505054279ed | 6980 | #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA |
| Vanger | 4:e505054279ed | 6981 | TLS_RSA_WITH_RABBIT_SHA, |
| Vanger | 4:e505054279ed | 6982 | #endif |
| Vanger | 4:e505054279ed | 6983 | |
| Vanger | 4:e505054279ed | 6984 | #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 6985 | TLS_NTRU_RSA_WITH_RC4_128_SHA, |
| Vanger | 4:e505054279ed | 6986 | #endif |
| Vanger | 4:e505054279ed | 6987 | |
| Vanger | 4:e505054279ed | 6988 | #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 6989 | TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA, |
| Vanger | 4:e505054279ed | 6990 | #endif |
| Vanger | 4:e505054279ed | 6991 | |
| Vanger | 4:e505054279ed | 6992 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 6993 | TLS_NTRU_RSA_WITH_AES_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 6994 | #endif |
| Vanger | 4:e505054279ed | 6995 | |
| Vanger | 4:e505054279ed | 6996 | #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 6997 | TLS_NTRU_RSA_WITH_AES_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 6998 | #endif |
| Vanger | 4:e505054279ed | 6999 | |
| Vanger | 4:e505054279ed | 7000 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 |
| Vanger | 4:e505054279ed | 7001 | TLS_RSA_WITH_AES_128_CCM_8, |
| Vanger | 4:e505054279ed | 7002 | #endif |
| Vanger | 4:e505054279ed | 7003 | |
| Vanger | 4:e505054279ed | 7004 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 |
| Vanger | 4:e505054279ed | 7005 | TLS_RSA_WITH_AES_256_CCM_8, |
| Vanger | 4:e505054279ed | 7006 | #endif |
| Vanger | 4:e505054279ed | 7007 | |
| Vanger | 4:e505054279ed | 7008 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 |
| Vanger | 4:e505054279ed | 7009 | TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, |
| Vanger | 4:e505054279ed | 7010 | #endif |
| Vanger | 4:e505054279ed | 7011 | |
| Vanger | 4:e505054279ed | 7012 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 |
| Vanger | 4:e505054279ed | 7013 | TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, |
| Vanger | 4:e505054279ed | 7014 | #endif |
| Vanger | 4:e505054279ed | 7015 | |
| Vanger | 4:e505054279ed | 7016 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 7017 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 7018 | #endif |
| Vanger | 4:e505054279ed | 7019 | |
| Vanger | 4:e505054279ed | 7020 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 7021 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 7022 | #endif |
| Vanger | 4:e505054279ed | 7023 | |
| Vanger | 4:e505054279ed | 7024 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 7025 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 7026 | #endif |
| Vanger | 4:e505054279ed | 7027 | |
| Vanger | 4:e505054279ed | 7028 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 7029 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 7030 | #endif |
| Vanger | 4:e505054279ed | 7031 | |
| Vanger | 4:e505054279ed | 7032 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 7033 | TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
| Vanger | 4:e505054279ed | 7034 | #endif |
| Vanger | 4:e505054279ed | 7035 | |
| Vanger | 4:e505054279ed | 7036 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 7037 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
| Vanger | 4:e505054279ed | 7038 | #endif |
| Vanger | 4:e505054279ed | 7039 | |
| Vanger | 4:e505054279ed | 7040 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 7041 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| Vanger | 4:e505054279ed | 7042 | #endif |
| Vanger | 4:e505054279ed | 7043 | |
| Vanger | 4:e505054279ed | 7044 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 7045 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, |
| Vanger | 4:e505054279ed | 7046 | #endif |
| Vanger | 4:e505054279ed | 7047 | |
| Vanger | 4:e505054279ed | 7048 | #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7049 | TLS_RSA_WITH_AES_128_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7050 | #endif |
| Vanger | 4:e505054279ed | 7051 | |
| Vanger | 4:e505054279ed | 7052 | #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7053 | TLS_RSA_WITH_AES_256_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7054 | #endif |
| Vanger | 4:e505054279ed | 7055 | |
| Vanger | 4:e505054279ed | 7056 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7057 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7058 | #endif |
| Vanger | 4:e505054279ed | 7059 | |
| Vanger | 4:e505054279ed | 7060 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7061 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7062 | #endif |
| Vanger | 4:e505054279ed | 7063 | |
| Vanger | 4:e505054279ed | 7064 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 7065 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 7066 | #endif |
| Vanger | 4:e505054279ed | 7067 | |
| Vanger | 4:e505054279ed | 7068 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 7069 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 7070 | #endif |
| Vanger | 4:e505054279ed | 7071 | |
| Vanger | 4:e505054279ed | 7072 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
| Vanger | 4:e505054279ed | 7073 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 7074 | #endif |
| Vanger | 4:e505054279ed | 7075 | |
| Vanger | 4:e505054279ed | 7076 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
| Vanger | 4:e505054279ed | 7077 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 7078 | #endif |
| Vanger | 4:e505054279ed | 7079 | |
| Vanger | 4:e505054279ed | 7080 | #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 7081 | TLS_ECDH_RSA_WITH_RC4_128_SHA, |
| Vanger | 4:e505054279ed | 7082 | #endif |
| Vanger | 4:e505054279ed | 7083 | |
| Vanger | 4:e505054279ed | 7084 | #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 7085 | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, |
| Vanger | 4:e505054279ed | 7086 | #endif |
| Vanger | 4:e505054279ed | 7087 | |
| Vanger | 4:e505054279ed | 7088 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA |
| Vanger | 4:e505054279ed | 7089 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA, |
| Vanger | 4:e505054279ed | 7090 | #endif |
| Vanger | 4:e505054279ed | 7091 | |
| Vanger | 4:e505054279ed | 7092 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA |
| Vanger | 4:e505054279ed | 7093 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, |
| Vanger | 4:e505054279ed | 7094 | #endif |
| Vanger | 4:e505054279ed | 7095 | |
| Vanger | 4:e505054279ed | 7096 | #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 7097 | TLS_RSA_WITH_AES_128_GCM_SHA256, |
| Vanger | 4:e505054279ed | 7098 | #endif |
| Vanger | 4:e505054279ed | 7099 | |
| Vanger | 4:e505054279ed | 7100 | #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 7101 | TLS_RSA_WITH_AES_256_GCM_SHA384, |
| Vanger | 4:e505054279ed | 7102 | #endif |
| Vanger | 4:e505054279ed | 7103 | |
| Vanger | 4:e505054279ed | 7104 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 7105 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| Vanger | 4:e505054279ed | 7106 | #endif |
| Vanger | 4:e505054279ed | 7107 | |
| Vanger | 4:e505054279ed | 7108 | #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 7109 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| Vanger | 4:e505054279ed | 7110 | #endif |
| Vanger | 4:e505054279ed | 7111 | |
| Vanger | 4:e505054279ed | 7112 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 7113 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| Vanger | 4:e505054279ed | 7114 | #endif |
| Vanger | 4:e505054279ed | 7115 | |
| Vanger | 4:e505054279ed | 7116 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 7117 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| Vanger | 4:e505054279ed | 7118 | #endif |
| Vanger | 4:e505054279ed | 7119 | |
| Vanger | 4:e505054279ed | 7120 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 7121 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| Vanger | 4:e505054279ed | 7122 | #endif |
| Vanger | 4:e505054279ed | 7123 | |
| Vanger | 4:e505054279ed | 7124 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 7125 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| Vanger | 4:e505054279ed | 7126 | #endif |
| Vanger | 4:e505054279ed | 7127 | |
| Vanger | 4:e505054279ed | 7128 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 7129 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, |
| Vanger | 4:e505054279ed | 7130 | #endif |
| Vanger | 4:e505054279ed | 7131 | |
| Vanger | 4:e505054279ed | 7132 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 7133 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, |
| Vanger | 4:e505054279ed | 7134 | #endif |
| Vanger | 4:e505054279ed | 7135 | |
| Vanger | 4:e505054279ed | 7136 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
| Vanger | 4:e505054279ed | 7137 | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, |
| Vanger | 4:e505054279ed | 7138 | #endif |
| Vanger | 4:e505054279ed | 7139 | |
| Vanger | 4:e505054279ed | 7140 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
| Vanger | 4:e505054279ed | 7141 | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, |
| Vanger | 4:e505054279ed | 7142 | #endif |
| Vanger | 4:e505054279ed | 7143 | |
| Vanger | 4:e505054279ed | 7144 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
| Vanger | 4:e505054279ed | 7145 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 7146 | #endif |
| Vanger | 4:e505054279ed | 7147 | |
| Vanger | 4:e505054279ed | 7148 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
| Vanger | 4:e505054279ed | 7149 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, |
| Vanger | 4:e505054279ed | 7150 | #endif |
| Vanger | 4:e505054279ed | 7151 | |
| Vanger | 4:e505054279ed | 7152 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
| Vanger | 4:e505054279ed | 7153 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 7154 | #endif |
| Vanger | 4:e505054279ed | 7155 | |
| Vanger | 4:e505054279ed | 7156 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
| Vanger | 4:e505054279ed | 7157 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, |
| Vanger | 4:e505054279ed | 7158 | #endif |
| Vanger | 4:e505054279ed | 7159 | |
| Vanger | 4:e505054279ed | 7160 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7161 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7162 | #endif |
| Vanger | 4:e505054279ed | 7163 | |
| Vanger | 4:e505054279ed | 7164 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7165 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7166 | #endif |
| Vanger | 4:e505054279ed | 7167 | |
| Vanger | 4:e505054279ed | 7168 | #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7169 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7170 | #endif |
| Vanger | 4:e505054279ed | 7171 | |
| Vanger | 4:e505054279ed | 7172 | #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7173 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7174 | #endif |
| Vanger | 4:e505054279ed | 7175 | |
| Vanger | 4:e505054279ed | 7176 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7177 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7178 | #endif |
| Vanger | 4:e505054279ed | 7179 | |
| Vanger | 4:e505054279ed | 7180 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7181 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7182 | #endif |
| Vanger | 4:e505054279ed | 7183 | |
| Vanger | 4:e505054279ed | 7184 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7185 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7186 | #endif |
| Vanger | 4:e505054279ed | 7187 | |
| Vanger | 4:e505054279ed | 7188 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
| Vanger | 4:e505054279ed | 7189 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, |
| Vanger | 4:e505054279ed | 7190 | #endif |
| Vanger | 4:e505054279ed | 7191 | |
| Vanger | 4:e505054279ed | 7192 | #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 7193 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, |
| Vanger | 4:e505054279ed | 7194 | #endif |
| Vanger | 4:e505054279ed | 7195 | |
| Vanger | 4:e505054279ed | 7196 | #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 7197 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, |
| Vanger | 4:e505054279ed | 7198 | #endif |
| Vanger | 4:e505054279ed | 7199 | |
| Vanger | 4:e505054279ed | 7200 | #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 7201 | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, |
| Vanger | 4:e505054279ed | 7202 | #endif |
| Vanger | 4:e505054279ed | 7203 | |
| Vanger | 4:e505054279ed | 7204 | #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 7205 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
| Vanger | 4:e505054279ed | 7206 | #endif |
| Vanger | 4:e505054279ed | 7207 | }; |
| Vanger | 4:e505054279ed | 7208 | |
| Vanger | 4:e505054279ed | 7209 | |
| Vanger | 4:e505054279ed | 7210 | /* return true if set, else false */ |
| Vanger | 4:e505054279ed | 7211 | /* only supports full name from cipher_name[] delimited by : */ |
| Vanger | 4:e505054279ed | 7212 | int SetCipherList(Suites* s, const char* list) |
| Vanger | 4:e505054279ed | 7213 | { |
| Vanger | 4:e505054279ed | 7214 | int ret = 0, i; |
| Vanger | 4:e505054279ed | 7215 | char name[MAX_SUITE_NAME]; |
| Vanger | 4:e505054279ed | 7216 | |
| Vanger | 4:e505054279ed | 7217 | char needle[] = ":"; |
| Vanger | 4:e505054279ed | 7218 | char* haystack = (char*)list; |
| Vanger | 4:e505054279ed | 7219 | char* prev; |
| Vanger | 4:e505054279ed | 7220 | |
| Vanger | 4:e505054279ed | 7221 | const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]); |
| Vanger | 4:e505054279ed | 7222 | int idx = 0; |
| Vanger | 4:e505054279ed | 7223 | int haveRSA = 0, haveECDSA = 0; |
| Vanger | 4:e505054279ed | 7224 | |
| Vanger | 4:e505054279ed | 7225 | if (s == NULL) { |
| Vanger | 4:e505054279ed | 7226 | CYASSL_MSG("SetCipherList suite pointer error"); |
| Vanger | 4:e505054279ed | 7227 | return 0; |
| Vanger | 4:e505054279ed | 7228 | } |
| Vanger | 4:e505054279ed | 7229 | |
| Vanger | 4:e505054279ed | 7230 | if (!list) |
| Vanger | 4:e505054279ed | 7231 | return 0; |
| Vanger | 4:e505054279ed | 7232 | |
| Vanger | 4:e505054279ed | 7233 | if (*list == 0) return 1; /* CyaSSL default */ |
| Vanger | 4:e505054279ed | 7234 | |
| Vanger | 4:e505054279ed | 7235 | if (XSTRNCMP(haystack, "ALL", 3) == 0) return 1; /* CyaSSL defualt */ |
| Vanger | 4:e505054279ed | 7236 | |
| Vanger | 4:e505054279ed | 7237 | for(;;) { |
| Vanger | 4:e505054279ed | 7238 | word32 len; |
| Vanger | 4:e505054279ed | 7239 | prev = haystack; |
| Vanger | 4:e505054279ed | 7240 | haystack = XSTRSTR(haystack, needle); |
| Vanger | 4:e505054279ed | 7241 | |
| Vanger | 4:e505054279ed | 7242 | if (!haystack) /* last cipher */ |
| Vanger | 4:e505054279ed | 7243 | len = min(sizeof(name), (word32)XSTRLEN(prev)); |
| Vanger | 4:e505054279ed | 7244 | else |
| Vanger | 4:e505054279ed | 7245 | len = min(sizeof(name), (word32)(haystack - prev)); |
| Vanger | 4:e505054279ed | 7246 | |
| Vanger | 4:e505054279ed | 7247 | XSTRNCPY(name, prev, len); |
| Vanger | 4:e505054279ed | 7248 | name[(len == sizeof(name)) ? len - 1 : len] = 0; |
| Vanger | 4:e505054279ed | 7249 | |
| Vanger | 4:e505054279ed | 7250 | for (i = 0; i < suiteSz; i++) |
| Vanger | 4:e505054279ed | 7251 | if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) { |
| Vanger | 4:e505054279ed | 7252 | if (XSTRSTR(name, "EC") || XSTRSTR(name, "CCM")) |
| Vanger | 4:e505054279ed | 7253 | s->suites[idx++] = ECC_BYTE; /* ECC suite */ |
| Vanger | 4:e505054279ed | 7254 | else |
| Vanger | 4:e505054279ed | 7255 | s->suites[idx++] = 0x00; /* normal */ |
| Vanger | 4:e505054279ed | 7256 | s->suites[idx++] = (byte)cipher_name_idx[i]; |
| Vanger | 4:e505054279ed | 7257 | |
| Vanger | 4:e505054279ed | 7258 | /* The suites are either ECDSA, RSA, or PSK. The RSA suites |
| Vanger | 4:e505054279ed | 7259 | * don't necessarily have RSA in the name. */ |
| Vanger | 4:e505054279ed | 7260 | if ((haveECDSA == 0) && XSTRSTR(name, "ECDSA")) { |
| Vanger | 4:e505054279ed | 7261 | haveECDSA = 1; |
| Vanger | 4:e505054279ed | 7262 | } |
| Vanger | 4:e505054279ed | 7263 | else if ((haveRSA == 0) && (XSTRSTR(name, "PSK") == NULL)) { |
| Vanger | 4:e505054279ed | 7264 | haveRSA = 1; |
| Vanger | 4:e505054279ed | 7265 | } |
| Vanger | 4:e505054279ed | 7266 | |
| Vanger | 4:e505054279ed | 7267 | if (!ret) ret = 1; /* found at least one */ |
| Vanger | 4:e505054279ed | 7268 | break; |
| Vanger | 4:e505054279ed | 7269 | } |
| Vanger | 4:e505054279ed | 7270 | if (!haystack) break; |
| Vanger | 4:e505054279ed | 7271 | haystack++; |
| Vanger | 4:e505054279ed | 7272 | } |
| Vanger | 4:e505054279ed | 7273 | |
| Vanger | 4:e505054279ed | 7274 | if (ret) { |
| Vanger | 4:e505054279ed | 7275 | s->setSuites = 1; |
| Vanger | 4:e505054279ed | 7276 | s->suiteSz = (word16)idx; |
| Vanger | 4:e505054279ed | 7277 | |
| Vanger | 4:e505054279ed | 7278 | idx = 0; |
| Vanger | 4:e505054279ed | 7279 | |
| Vanger | 4:e505054279ed | 7280 | if (haveECDSA) { |
| Vanger | 4:e505054279ed | 7281 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 7282 | s->hashSigAlgo[idx++] = sha384_mac; |
| Vanger | 4:e505054279ed | 7283 | s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; |
| Vanger | 4:e505054279ed | 7284 | #endif |
| Vanger | 4:e505054279ed | 7285 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 7286 | s->hashSigAlgo[idx++] = sha256_mac; |
| Vanger | 4:e505054279ed | 7287 | s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; |
| Vanger | 4:e505054279ed | 7288 | #endif |
| Vanger | 4:e505054279ed | 7289 | s->hashSigAlgo[idx++] = sha_mac; |
| Vanger | 4:e505054279ed | 7290 | s->hashSigAlgo[idx++] = ecc_dsa_sa_algo; |
| Vanger | 4:e505054279ed | 7291 | } |
| Vanger | 4:e505054279ed | 7292 | |
| Vanger | 4:e505054279ed | 7293 | if (haveRSA) { |
| Vanger | 4:e505054279ed | 7294 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 7295 | s->hashSigAlgo[idx++] = sha384_mac; |
| Vanger | 4:e505054279ed | 7296 | s->hashSigAlgo[idx++] = rsa_sa_algo; |
| Vanger | 4:e505054279ed | 7297 | #endif |
| Vanger | 4:e505054279ed | 7298 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 7299 | s->hashSigAlgo[idx++] = sha256_mac; |
| Vanger | 4:e505054279ed | 7300 | s->hashSigAlgo[idx++] = rsa_sa_algo; |
| Vanger | 4:e505054279ed | 7301 | #endif |
| Vanger | 4:e505054279ed | 7302 | s->hashSigAlgo[idx++] = sha_mac; |
| Vanger | 4:e505054279ed | 7303 | s->hashSigAlgo[idx++] = rsa_sa_algo; |
| Vanger | 4:e505054279ed | 7304 | } |
| Vanger | 4:e505054279ed | 7305 | |
| Vanger | 4:e505054279ed | 7306 | s->hashSigAlgoSz = (word16)idx; |
| Vanger | 4:e505054279ed | 7307 | } |
| Vanger | 4:e505054279ed | 7308 | |
| Vanger | 4:e505054279ed | 7309 | return ret; |
| Vanger | 4:e505054279ed | 7310 | } |
| Vanger | 4:e505054279ed | 7311 | |
| Vanger | 4:e505054279ed | 7312 | |
| Vanger | 4:e505054279ed | 7313 | static void PickHashSigAlgo(CYASSL* ssl, |
| Vanger | 4:e505054279ed | 7314 | const byte* hashSigAlgo, word32 hashSigAlgoSz) |
| Vanger | 4:e505054279ed | 7315 | { |
| Vanger | 4:e505054279ed | 7316 | word32 i; |
| Vanger | 4:e505054279ed | 7317 | |
| Vanger | 4:e505054279ed | 7318 | ssl->suites->sigAlgo = ssl->specs.sig_algo; |
| Vanger | 4:e505054279ed | 7319 | ssl->suites->hashAlgo = sha_mac; |
| Vanger | 4:e505054279ed | 7320 | |
| Vanger | 4:e505054279ed | 7321 | for (i = 0; i < hashSigAlgoSz; i += 2) { |
| Vanger | 4:e505054279ed | 7322 | if (hashSigAlgo[i+1] == ssl->specs.sig_algo) { |
| Vanger | 4:e505054279ed | 7323 | if (hashSigAlgo[i] == sha_mac) { |
| Vanger | 4:e505054279ed | 7324 | break; |
| Vanger | 4:e505054279ed | 7325 | } |
| Vanger | 4:e505054279ed | 7326 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 7327 | else if (hashSigAlgo[i] == sha256_mac) { |
| Vanger | 4:e505054279ed | 7328 | ssl->suites->hashAlgo = sha256_mac; |
| Vanger | 4:e505054279ed | 7329 | break; |
| Vanger | 4:e505054279ed | 7330 | } |
| Vanger | 4:e505054279ed | 7331 | #endif |
| Vanger | 4:e505054279ed | 7332 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 7333 | else if (hashSigAlgo[i] == sha384_mac) { |
| Vanger | 4:e505054279ed | 7334 | ssl->suites->hashAlgo = sha384_mac; |
| Vanger | 4:e505054279ed | 7335 | break; |
| Vanger | 4:e505054279ed | 7336 | } |
| Vanger | 4:e505054279ed | 7337 | #endif |
| Vanger | 4:e505054279ed | 7338 | } |
| Vanger | 4:e505054279ed | 7339 | } |
| Vanger | 4:e505054279ed | 7340 | } |
| Vanger | 4:e505054279ed | 7341 | |
| Vanger | 4:e505054279ed | 7342 | |
| Vanger | 4:e505054279ed | 7343 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 7344 | |
| Vanger | 4:e505054279ed | 7345 | /* Initialisze HandShakeInfo */ |
| Vanger | 4:e505054279ed | 7346 | void InitHandShakeInfo(HandShakeInfo* info) |
| Vanger | 4:e505054279ed | 7347 | { |
| Vanger | 4:e505054279ed | 7348 | int i; |
| Vanger | 4:e505054279ed | 7349 | |
| Vanger | 4:e505054279ed | 7350 | info->cipherName[0] = 0; |
| Vanger | 4:e505054279ed | 7351 | for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) |
| Vanger | 4:e505054279ed | 7352 | info->packetNames[i][0] = 0; |
| Vanger | 4:e505054279ed | 7353 | info->numberPackets = 0; |
| Vanger | 4:e505054279ed | 7354 | info->negotiationError = 0; |
| Vanger | 4:e505054279ed | 7355 | } |
| Vanger | 4:e505054279ed | 7356 | |
| Vanger | 4:e505054279ed | 7357 | /* Set Final HandShakeInfo parameters */ |
| Vanger | 4:e505054279ed | 7358 | void FinishHandShakeInfo(HandShakeInfo* info, const CYASSL* ssl) |
| Vanger | 4:e505054279ed | 7359 | { |
| Vanger | 4:e505054279ed | 7360 | int i; |
| Vanger | 4:e505054279ed | 7361 | int sz = sizeof(cipher_name_idx)/sizeof(int); |
| Vanger | 4:e505054279ed | 7362 | |
| Vanger | 4:e505054279ed | 7363 | for (i = 0; i < sz; i++) |
| Vanger | 4:e505054279ed | 7364 | if (ssl->options.cipherSuite == (byte)cipher_name_idx[i]) { |
| Vanger | 4:e505054279ed | 7365 | if (ssl->options.cipherSuite0 == ECC_BYTE) |
| Vanger | 4:e505054279ed | 7366 | continue; /* ECC suites at end */ |
| Vanger | 4:e505054279ed | 7367 | XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ); |
| Vanger | 4:e505054279ed | 7368 | break; |
| Vanger | 4:e505054279ed | 7369 | } |
| Vanger | 4:e505054279ed | 7370 | |
| Vanger | 4:e505054279ed | 7371 | /* error max and min are negative numbers */ |
| Vanger | 4:e505054279ed | 7372 | if (ssl->error <= MIN_PARAM_ERR && ssl->error >= MAX_PARAM_ERR) |
| Vanger | 4:e505054279ed | 7373 | info->negotiationError = ssl->error; |
| Vanger | 4:e505054279ed | 7374 | } |
| Vanger | 4:e505054279ed | 7375 | |
| Vanger | 4:e505054279ed | 7376 | |
| Vanger | 4:e505054279ed | 7377 | /* Add name to info packet names, increase packet name count */ |
| Vanger | 4:e505054279ed | 7378 | void AddPacketName(const char* name, HandShakeInfo* info) |
| Vanger | 4:e505054279ed | 7379 | { |
| Vanger | 4:e505054279ed | 7380 | if (info->numberPackets < MAX_PACKETS_HANDSHAKE) { |
| Vanger | 4:e505054279ed | 7381 | XSTRNCPY(info->packetNames[info->numberPackets++], name, |
| Vanger | 4:e505054279ed | 7382 | MAX_PACKETNAME_SZ); |
| Vanger | 4:e505054279ed | 7383 | } |
| Vanger | 4:e505054279ed | 7384 | } |
| Vanger | 4:e505054279ed | 7385 | |
| Vanger | 4:e505054279ed | 7386 | |
| Vanger | 4:e505054279ed | 7387 | /* Initialisze TimeoutInfo */ |
| Vanger | 4:e505054279ed | 7388 | void InitTimeoutInfo(TimeoutInfo* info) |
| Vanger | 4:e505054279ed | 7389 | { |
| Vanger | 4:e505054279ed | 7390 | int i; |
| Vanger | 4:e505054279ed | 7391 | |
| Vanger | 4:e505054279ed | 7392 | info->timeoutName[0] = 0; |
| Vanger | 4:e505054279ed | 7393 | info->flags = 0; |
| Vanger | 4:e505054279ed | 7394 | |
| Vanger | 4:e505054279ed | 7395 | for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) { |
| Vanger | 4:e505054279ed | 7396 | info->packets[i].packetName[0] = 0; |
| Vanger | 4:e505054279ed | 7397 | info->packets[i].timestamp.tv_sec = 0; |
| Vanger | 4:e505054279ed | 7398 | info->packets[i].timestamp.tv_usec = 0; |
| Vanger | 4:e505054279ed | 7399 | info->packets[i].bufferValue = 0; |
| Vanger | 4:e505054279ed | 7400 | info->packets[i].valueSz = 0; |
| Vanger | 4:e505054279ed | 7401 | } |
| Vanger | 4:e505054279ed | 7402 | info->numberPackets = 0; |
| Vanger | 4:e505054279ed | 7403 | info->timeoutValue.tv_sec = 0; |
| Vanger | 4:e505054279ed | 7404 | info->timeoutValue.tv_usec = 0; |
| Vanger | 4:e505054279ed | 7405 | } |
| Vanger | 4:e505054279ed | 7406 | |
| Vanger | 4:e505054279ed | 7407 | |
| Vanger | 4:e505054279ed | 7408 | /* Free TimeoutInfo */ |
| Vanger | 4:e505054279ed | 7409 | void FreeTimeoutInfo(TimeoutInfo* info, void* heap) |
| Vanger | 4:e505054279ed | 7410 | { |
| Vanger | 4:e505054279ed | 7411 | int i; |
| Vanger | 4:e505054279ed | 7412 | (void)heap; |
| Vanger | 4:e505054279ed | 7413 | for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) |
| Vanger | 4:e505054279ed | 7414 | if (info->packets[i].bufferValue) { |
| Vanger | 4:e505054279ed | 7415 | XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO); |
| Vanger | 4:e505054279ed | 7416 | info->packets[i].bufferValue = 0; |
| Vanger | 4:e505054279ed | 7417 | } |
| Vanger | 4:e505054279ed | 7418 | |
| Vanger | 4:e505054279ed | 7419 | } |
| Vanger | 4:e505054279ed | 7420 | |
| Vanger | 4:e505054279ed | 7421 | |
| Vanger | 4:e505054279ed | 7422 | /* Add PacketInfo to TimeoutInfo */ |
| Vanger | 4:e505054279ed | 7423 | void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data, |
| Vanger | 4:e505054279ed | 7424 | int sz, void* heap) |
| Vanger | 4:e505054279ed | 7425 | { |
| Vanger | 4:e505054279ed | 7426 | if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) { |
| Vanger | 4:e505054279ed | 7427 | Timeval currTime; |
| Vanger | 4:e505054279ed | 7428 | |
| Vanger | 4:e505054279ed | 7429 | /* may add name after */ |
| Vanger | 4:e505054279ed | 7430 | if (name) |
| Vanger | 4:e505054279ed | 7431 | XSTRNCPY(info->packets[info->numberPackets].packetName, name, |
| Vanger | 4:e505054279ed | 7432 | MAX_PACKETNAME_SZ); |
| Vanger | 4:e505054279ed | 7433 | |
| Vanger | 4:e505054279ed | 7434 | /* add data, put in buffer if bigger than static buffer */ |
| Vanger | 4:e505054279ed | 7435 | info->packets[info->numberPackets].valueSz = sz; |
| Vanger | 4:e505054279ed | 7436 | if (sz < MAX_VALUE_SZ) |
| Vanger | 4:e505054279ed | 7437 | XMEMCPY(info->packets[info->numberPackets].value, data, sz); |
| Vanger | 4:e505054279ed | 7438 | else { |
| Vanger | 4:e505054279ed | 7439 | info->packets[info->numberPackets].bufferValue = |
| Vanger | 4:e505054279ed | 7440 | XMALLOC(sz, heap, DYNAMIC_TYPE_INFO); |
| Vanger | 4:e505054279ed | 7441 | if (!info->packets[info->numberPackets].bufferValue) |
| Vanger | 4:e505054279ed | 7442 | /* let next alloc catch, just don't fill, not fatal here */ |
| Vanger | 4:e505054279ed | 7443 | info->packets[info->numberPackets].valueSz = 0; |
| Vanger | 4:e505054279ed | 7444 | else |
| Vanger | 4:e505054279ed | 7445 | XMEMCPY(info->packets[info->numberPackets].bufferValue, |
| Vanger | 4:e505054279ed | 7446 | data, sz); |
| Vanger | 4:e505054279ed | 7447 | } |
| Vanger | 4:e505054279ed | 7448 | gettimeofday(&currTime, 0); |
| Vanger | 4:e505054279ed | 7449 | info->packets[info->numberPackets].timestamp.tv_sec = |
| Vanger | 4:e505054279ed | 7450 | currTime.tv_sec; |
| Vanger | 4:e505054279ed | 7451 | info->packets[info->numberPackets].timestamp.tv_usec = |
| Vanger | 4:e505054279ed | 7452 | currTime.tv_usec; |
| Vanger | 4:e505054279ed | 7453 | info->numberPackets++; |
| Vanger | 4:e505054279ed | 7454 | } |
| Vanger | 4:e505054279ed | 7455 | } |
| Vanger | 4:e505054279ed | 7456 | |
| Vanger | 4:e505054279ed | 7457 | |
| Vanger | 4:e505054279ed | 7458 | /* Add packet name to previsouly added packet info */ |
| Vanger | 4:e505054279ed | 7459 | void AddLateName(const char* name, TimeoutInfo* info) |
| Vanger | 4:e505054279ed | 7460 | { |
| Vanger | 4:e505054279ed | 7461 | /* make sure we have a valid previous one */ |
| Vanger | 4:e505054279ed | 7462 | if (info->numberPackets > 0 && info->numberPackets < |
| Vanger | 4:e505054279ed | 7463 | MAX_PACKETS_HANDSHAKE) { |
| Vanger | 4:e505054279ed | 7464 | XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name, |
| Vanger | 4:e505054279ed | 7465 | MAX_PACKETNAME_SZ); |
| Vanger | 4:e505054279ed | 7466 | } |
| Vanger | 4:e505054279ed | 7467 | } |
| Vanger | 4:e505054279ed | 7468 | |
| Vanger | 4:e505054279ed | 7469 | /* Add record header to previsouly added packet info */ |
| Vanger | 4:e505054279ed | 7470 | void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info) |
| Vanger | 4:e505054279ed | 7471 | { |
| Vanger | 4:e505054279ed | 7472 | /* make sure we have a valid previous one */ |
| Vanger | 4:e505054279ed | 7473 | if (info->numberPackets > 0 && info->numberPackets < |
| Vanger | 4:e505054279ed | 7474 | MAX_PACKETS_HANDSHAKE) { |
| Vanger | 4:e505054279ed | 7475 | if (info->packets[info->numberPackets - 1].bufferValue) |
| Vanger | 4:e505054279ed | 7476 | XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl, |
| Vanger | 4:e505054279ed | 7477 | RECORD_HEADER_SZ); |
| Vanger | 4:e505054279ed | 7478 | else |
| Vanger | 4:e505054279ed | 7479 | XMEMCPY(info->packets[info->numberPackets - 1].value, rl, |
| Vanger | 4:e505054279ed | 7480 | RECORD_HEADER_SZ); |
| Vanger | 4:e505054279ed | 7481 | } |
| Vanger | 4:e505054279ed | 7482 | } |
| Vanger | 4:e505054279ed | 7483 | |
| Vanger | 4:e505054279ed | 7484 | #endif /* CYASSL_CALLBACKS */ |
| Vanger | 4:e505054279ed | 7485 | |
| Vanger | 4:e505054279ed | 7486 | |
| Vanger | 4:e505054279ed | 7487 | |
| Vanger | 4:e505054279ed | 7488 | /* client only parts */ |
| Vanger | 4:e505054279ed | 7489 | #ifndef NO_CYASSL_CLIENT |
| Vanger | 4:e505054279ed | 7490 | |
| Vanger | 4:e505054279ed | 7491 | int SendClientHello(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 7492 | { |
| Vanger | 4:e505054279ed | 7493 | byte *output; |
| Vanger | 4:e505054279ed | 7494 | word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 7495 | int sendSz; |
| Vanger | 4:e505054279ed | 7496 | int idSz = ssl->options.resuming ? ID_LEN : 0; |
| Vanger | 4:e505054279ed | 7497 | int ret; |
| Vanger | 4:e505054279ed | 7498 | |
| Vanger | 4:e505054279ed | 7499 | if (ssl->suites == NULL) { |
| Vanger | 4:e505054279ed | 7500 | CYASSL_MSG("Bad suites pointer in SendClientHello"); |
| Vanger | 4:e505054279ed | 7501 | return SUITES_ERROR; |
| Vanger | 4:e505054279ed | 7502 | } |
| Vanger | 4:e505054279ed | 7503 | |
| Vanger | 4:e505054279ed | 7504 | length = VERSION_SZ + RAN_LEN |
| Vanger | 4:e505054279ed | 7505 | + idSz + ENUM_LEN |
| Vanger | 4:e505054279ed | 7506 | + ssl->suites->suiteSz + SUITE_LEN |
| Vanger | 4:e505054279ed | 7507 | + COMP_LEN + ENUM_LEN; |
| Vanger | 4:e505054279ed | 7508 | |
| Vanger | 4:e505054279ed | 7509 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 7510 | length += TLSX_GetRequestSize(ssl); |
| Vanger | 4:e505054279ed | 7511 | #else |
| Vanger | 4:e505054279ed | 7512 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) { |
| Vanger | 4:e505054279ed | 7513 | length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ; |
| Vanger | 4:e505054279ed | 7514 | } |
| Vanger | 4:e505054279ed | 7515 | #endif |
| Vanger | 4:e505054279ed | 7516 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 7517 | |
| Vanger | 4:e505054279ed | 7518 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 7519 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 7520 | length += ENUM_LEN; /* cookie */ |
| Vanger | 4:e505054279ed | 7521 | if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz; |
| Vanger | 4:e505054279ed | 7522 | sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 7523 | idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 7524 | } |
| Vanger | 4:e505054279ed | 7525 | #endif |
| Vanger | 4:e505054279ed | 7526 | |
| Vanger | 4:e505054279ed | 7527 | /* check for available size */ |
| Vanger | 4:e505054279ed | 7528 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 7529 | return ret; |
| Vanger | 4:e505054279ed | 7530 | |
| Vanger | 4:e505054279ed | 7531 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 7532 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 7533 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 7534 | |
| Vanger | 4:e505054279ed | 7535 | AddHeaders(output, length, client_hello, ssl); |
| Vanger | 4:e505054279ed | 7536 | |
| Vanger | 4:e505054279ed | 7537 | /* client hello, first version */ |
| Vanger | 4:e505054279ed | 7538 | output[idx++] = ssl->version.major; |
| Vanger | 4:e505054279ed | 7539 | output[idx++] = ssl->version.minor; |
| Vanger | 4:e505054279ed | 7540 | ssl->chVersion = ssl->version; /* store in case changed */ |
| Vanger | 4:e505054279ed | 7541 | |
| Vanger | 4:e505054279ed | 7542 | /* then random */ |
| Vanger | 4:e505054279ed | 7543 | if (ssl->options.connectState == CONNECT_BEGIN) { |
| Vanger | 4:e505054279ed | 7544 | ret = RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN); |
| Vanger | 4:e505054279ed | 7545 | if (ret != 0) |
| Vanger | 4:e505054279ed | 7546 | return ret; |
| Vanger | 4:e505054279ed | 7547 | |
| Vanger | 4:e505054279ed | 7548 | /* store random */ |
| Vanger | 4:e505054279ed | 7549 | XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN); |
| Vanger | 4:e505054279ed | 7550 | } else { |
| Vanger | 4:e505054279ed | 7551 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 7552 | /* send same random on hello again */ |
| Vanger | 4:e505054279ed | 7553 | XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 7554 | #endif |
| Vanger | 4:e505054279ed | 7555 | } |
| Vanger | 4:e505054279ed | 7556 | idx += RAN_LEN; |
| Vanger | 4:e505054279ed | 7557 | |
| Vanger | 4:e505054279ed | 7558 | /* then session id */ |
| Vanger | 4:e505054279ed | 7559 | output[idx++] = (byte)idSz; |
| Vanger | 4:e505054279ed | 7560 | if (idSz) { |
| Vanger | 4:e505054279ed | 7561 | XMEMCPY(output + idx, ssl->session.sessionID, ID_LEN); |
| Vanger | 4:e505054279ed | 7562 | idx += ID_LEN; |
| Vanger | 4:e505054279ed | 7563 | } |
| Vanger | 4:e505054279ed | 7564 | |
| Vanger | 4:e505054279ed | 7565 | /* then DTLS cookie */ |
| Vanger | 4:e505054279ed | 7566 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 7567 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 7568 | byte cookieSz = ssl->arrays->cookieSz; |
| Vanger | 4:e505054279ed | 7569 | |
| Vanger | 4:e505054279ed | 7570 | output[idx++] = cookieSz; |
| Vanger | 4:e505054279ed | 7571 | if (cookieSz) { |
| Vanger | 4:e505054279ed | 7572 | XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz); |
| Vanger | 4:e505054279ed | 7573 | idx += cookieSz; |
| Vanger | 4:e505054279ed | 7574 | } |
| Vanger | 4:e505054279ed | 7575 | } |
| Vanger | 4:e505054279ed | 7576 | #endif |
| Vanger | 4:e505054279ed | 7577 | /* then cipher suites */ |
| Vanger | 4:e505054279ed | 7578 | c16toa(ssl->suites->suiteSz, output + idx); |
| Vanger | 4:e505054279ed | 7579 | idx += 2; |
| Vanger | 4:e505054279ed | 7580 | XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz); |
| Vanger | 4:e505054279ed | 7581 | idx += ssl->suites->suiteSz; |
| Vanger | 4:e505054279ed | 7582 | |
| Vanger | 4:e505054279ed | 7583 | /* last, compression */ |
| Vanger | 4:e505054279ed | 7584 | output[idx++] = COMP_LEN; |
| Vanger | 4:e505054279ed | 7585 | if (ssl->options.usingCompression) |
| Vanger | 4:e505054279ed | 7586 | output[idx++] = ZLIB_COMPRESSION; |
| Vanger | 4:e505054279ed | 7587 | else |
| Vanger | 4:e505054279ed | 7588 | output[idx++] = NO_COMPRESSION; |
| Vanger | 4:e505054279ed | 7589 | |
| Vanger | 4:e505054279ed | 7590 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 7591 | idx += TLSX_WriteRequest(ssl, output + idx); |
| Vanger | 4:e505054279ed | 7592 | |
| Vanger | 4:e505054279ed | 7593 | (void)idx; /* suppress analyzer warning, keep idx current */ |
| Vanger | 4:e505054279ed | 7594 | #else |
| Vanger | 4:e505054279ed | 7595 | if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) |
| Vanger | 4:e505054279ed | 7596 | { |
| Vanger | 4:e505054279ed | 7597 | int i; |
| Vanger | 4:e505054279ed | 7598 | /* add in the extensions length */ |
| Vanger | 4:e505054279ed | 7599 | c16toa(HELLO_EXT_LEN + ssl->suites->hashSigAlgoSz, output + idx); |
| Vanger | 4:e505054279ed | 7600 | idx += 2; |
| Vanger | 4:e505054279ed | 7601 | |
| Vanger | 4:e505054279ed | 7602 | c16toa(HELLO_EXT_SIG_ALGO, output + idx); |
| Vanger | 4:e505054279ed | 7603 | idx += 2; |
| Vanger | 4:e505054279ed | 7604 | c16toa(HELLO_EXT_SIGALGO_SZ+ssl->suites->hashSigAlgoSz, output+idx); |
| Vanger | 4:e505054279ed | 7605 | idx += 2; |
| Vanger | 4:e505054279ed | 7606 | c16toa(ssl->suites->hashSigAlgoSz, output + idx); |
| Vanger | 4:e505054279ed | 7607 | idx += 2; |
| Vanger | 4:e505054279ed | 7608 | for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) { |
| Vanger | 4:e505054279ed | 7609 | output[idx] = ssl->suites->hashSigAlgo[i]; |
| Vanger | 4:e505054279ed | 7610 | } |
| Vanger | 4:e505054279ed | 7611 | } |
| Vanger | 4:e505054279ed | 7612 | #endif |
| Vanger | 4:e505054279ed | 7613 | |
| Vanger | 4:e505054279ed | 7614 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 7615 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 7616 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 7617 | return ret; |
| Vanger | 4:e505054279ed | 7618 | } |
| Vanger | 4:e505054279ed | 7619 | #endif |
| Vanger | 4:e505054279ed | 7620 | |
| Vanger | 4:e505054279ed | 7621 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 7622 | if (ret != 0) |
| Vanger | 4:e505054279ed | 7623 | return ret; |
| Vanger | 4:e505054279ed | 7624 | |
| Vanger | 4:e505054279ed | 7625 | ssl->options.clientState = CLIENT_HELLO_COMPLETE; |
| Vanger | 4:e505054279ed | 7626 | |
| Vanger | 4:e505054279ed | 7627 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 7628 | if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 7629 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 7630 | AddPacketInfo("ClientHello", &ssl->timeoutInfo, output, sendSz, |
| Vanger | 4:e505054279ed | 7631 | ssl->heap); |
| Vanger | 4:e505054279ed | 7632 | #endif |
| Vanger | 4:e505054279ed | 7633 | |
| Vanger | 4:e505054279ed | 7634 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 7635 | |
| Vanger | 4:e505054279ed | 7636 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 7637 | } |
| Vanger | 4:e505054279ed | 7638 | |
| Vanger | 4:e505054279ed | 7639 | |
| Vanger | 4:e505054279ed | 7640 | static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, |
| Vanger | 4:e505054279ed | 7641 | word32* inOutIdx, word32 size) |
| Vanger | 4:e505054279ed | 7642 | { |
| Vanger | 4:e505054279ed | 7643 | ProtocolVersion pv; |
| Vanger | 4:e505054279ed | 7644 | byte cookieSz; |
| Vanger | 4:e505054279ed | 7645 | word32 begin = *inOutIdx; |
| Vanger | 4:e505054279ed | 7646 | |
| Vanger | 4:e505054279ed | 7647 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 7648 | if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest", |
| Vanger | 4:e505054279ed | 7649 | &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 7650 | if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 7651 | #endif |
| Vanger | 4:e505054279ed | 7652 | |
| Vanger | 4:e505054279ed | 7653 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 7654 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 7655 | DtlsPoolReset(ssl); |
| Vanger | 4:e505054279ed | 7656 | } |
| Vanger | 4:e505054279ed | 7657 | #endif |
| Vanger | 4:e505054279ed | 7658 | |
| Vanger | 4:e505054279ed | 7659 | if ((*inOutIdx - begin) + OPAQUE16_LEN + OPAQUE8_LEN > size) |
| Vanger | 4:e505054279ed | 7660 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7661 | |
| Vanger | 4:e505054279ed | 7662 | XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN); |
| Vanger | 4:e505054279ed | 7663 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 7664 | |
| Vanger | 4:e505054279ed | 7665 | cookieSz = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 7666 | |
| Vanger | 4:e505054279ed | 7667 | if (cookieSz) { |
| Vanger | 4:e505054279ed | 7668 | if ((*inOutIdx - begin) + cookieSz > size) |
| Vanger | 4:e505054279ed | 7669 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7670 | |
| Vanger | 4:e505054279ed | 7671 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 7672 | if (cookieSz <= MAX_COOKIE_LEN) { |
| Vanger | 4:e505054279ed | 7673 | XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz); |
| Vanger | 4:e505054279ed | 7674 | ssl->arrays->cookieSz = cookieSz; |
| Vanger | 4:e505054279ed | 7675 | } |
| Vanger | 4:e505054279ed | 7676 | #endif |
| Vanger | 4:e505054279ed | 7677 | *inOutIdx += cookieSz; |
| Vanger | 4:e505054279ed | 7678 | } |
| Vanger | 4:e505054279ed | 7679 | |
| Vanger | 4:e505054279ed | 7680 | ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE; |
| Vanger | 4:e505054279ed | 7681 | return 0; |
| Vanger | 4:e505054279ed | 7682 | } |
| Vanger | 4:e505054279ed | 7683 | |
| Vanger | 4:e505054279ed | 7684 | |
| Vanger | 4:e505054279ed | 7685 | static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 7686 | word32 helloSz) |
| Vanger | 4:e505054279ed | 7687 | { |
| Vanger | 4:e505054279ed | 7688 | byte b; |
| Vanger | 4:e505054279ed | 7689 | ProtocolVersion pv; |
| Vanger | 4:e505054279ed | 7690 | byte compression; |
| Vanger | 4:e505054279ed | 7691 | word32 i = *inOutIdx; |
| Vanger | 4:e505054279ed | 7692 | word32 begin = i; |
| Vanger | 4:e505054279ed | 7693 | |
| Vanger | 4:e505054279ed | 7694 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 7695 | if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 7696 | if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 7697 | #endif |
| Vanger | 4:e505054279ed | 7698 | |
| Vanger | 4:e505054279ed | 7699 | /* protocol version, random and session id length check */ |
| Vanger | 4:e505054279ed | 7700 | if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz) |
| Vanger | 4:e505054279ed | 7701 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7702 | |
| Vanger | 4:e505054279ed | 7703 | /* protocol version */ |
| Vanger | 4:e505054279ed | 7704 | XMEMCPY(&pv, input + i, OPAQUE16_LEN); |
| Vanger | 4:e505054279ed | 7705 | i += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 7706 | |
| Vanger | 4:e505054279ed | 7707 | if (pv.minor > ssl->version.minor) { |
| Vanger | 4:e505054279ed | 7708 | CYASSL_MSG("Server using higher version, fatal error"); |
| Vanger | 4:e505054279ed | 7709 | return VERSION_ERROR; |
| Vanger | 4:e505054279ed | 7710 | } |
| Vanger | 4:e505054279ed | 7711 | else if (pv.minor < ssl->version.minor) { |
| Vanger | 4:e505054279ed | 7712 | CYASSL_MSG("server using lower version"); |
| Vanger | 4:e505054279ed | 7713 | |
| Vanger | 4:e505054279ed | 7714 | if (!ssl->options.downgrade) { |
| Vanger | 4:e505054279ed | 7715 | CYASSL_MSG(" no downgrade allowed, fatal error"); |
| Vanger | 4:e505054279ed | 7716 | return VERSION_ERROR; |
| Vanger | 4:e505054279ed | 7717 | } |
| Vanger | 4:e505054279ed | 7718 | |
| Vanger | 4:e505054279ed | 7719 | if (pv.minor == SSLv3_MINOR) { |
| Vanger | 4:e505054279ed | 7720 | /* turn off tls */ |
| Vanger | 4:e505054279ed | 7721 | CYASSL_MSG(" downgrading to SSLv3"); |
| Vanger | 4:e505054279ed | 7722 | ssl->options.tls = 0; |
| Vanger | 4:e505054279ed | 7723 | ssl->options.tls1_1 = 0; |
| Vanger | 4:e505054279ed | 7724 | ssl->version.minor = SSLv3_MINOR; |
| Vanger | 4:e505054279ed | 7725 | } |
| Vanger | 4:e505054279ed | 7726 | else if (pv.minor == TLSv1_MINOR) { |
| Vanger | 4:e505054279ed | 7727 | /* turn off tls 1.1+ */ |
| Vanger | 4:e505054279ed | 7728 | CYASSL_MSG(" downgrading to TLSv1"); |
| Vanger | 4:e505054279ed | 7729 | ssl->options.tls1_1 = 0; |
| Vanger | 4:e505054279ed | 7730 | ssl->version.minor = TLSv1_MINOR; |
| Vanger | 4:e505054279ed | 7731 | } |
| Vanger | 4:e505054279ed | 7732 | else if (pv.minor == TLSv1_1_MINOR) { |
| Vanger | 4:e505054279ed | 7733 | CYASSL_MSG(" downgrading to TLSv1.1"); |
| Vanger | 4:e505054279ed | 7734 | ssl->version.minor = TLSv1_1_MINOR; |
| Vanger | 4:e505054279ed | 7735 | } |
| Vanger | 4:e505054279ed | 7736 | } |
| Vanger | 4:e505054279ed | 7737 | |
| Vanger | 4:e505054279ed | 7738 | /* random */ |
| Vanger | 4:e505054279ed | 7739 | XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); |
| Vanger | 4:e505054279ed | 7740 | i += RAN_LEN; |
| Vanger | 4:e505054279ed | 7741 | |
| Vanger | 4:e505054279ed | 7742 | /* session id */ |
| Vanger | 4:e505054279ed | 7743 | b = input[i++]; |
| Vanger | 4:e505054279ed | 7744 | |
| Vanger | 4:e505054279ed | 7745 | if (b == ID_LEN) { |
| Vanger | 4:e505054279ed | 7746 | if ((i - begin) + ID_LEN > helloSz) |
| Vanger | 4:e505054279ed | 7747 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7748 | |
| Vanger | 4:e505054279ed | 7749 | XMEMCPY(ssl->arrays->sessionID, input + i, min(b, ID_LEN)); |
| Vanger | 4:e505054279ed | 7750 | i += ID_LEN; |
| Vanger | 4:e505054279ed | 7751 | ssl->options.haveSessionId = 1; |
| Vanger | 4:e505054279ed | 7752 | } |
| Vanger | 4:e505054279ed | 7753 | else if (b) { |
| Vanger | 4:e505054279ed | 7754 | CYASSL_MSG("Invalid session ID size"); |
| Vanger | 4:e505054279ed | 7755 | return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */ |
| Vanger | 4:e505054279ed | 7756 | } |
| Vanger | 4:e505054279ed | 7757 | |
| Vanger | 4:e505054279ed | 7758 | /* suite and compression */ |
| Vanger | 4:e505054279ed | 7759 | if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz) |
| Vanger | 4:e505054279ed | 7760 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7761 | |
| Vanger | 4:e505054279ed | 7762 | ssl->options.cipherSuite0 = input[i++]; |
| Vanger | 4:e505054279ed | 7763 | ssl->options.cipherSuite = input[i++]; |
| Vanger | 4:e505054279ed | 7764 | compression = input[i++]; |
| Vanger | 4:e505054279ed | 7765 | |
| Vanger | 4:e505054279ed | 7766 | if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) { |
| Vanger | 4:e505054279ed | 7767 | CYASSL_MSG("Server refused compression, turning off"); |
| Vanger | 4:e505054279ed | 7768 | ssl->options.usingCompression = 0; /* turn off if server refused */ |
| Vanger | 4:e505054279ed | 7769 | } |
| Vanger | 4:e505054279ed | 7770 | |
| Vanger | 4:e505054279ed | 7771 | *inOutIdx = i; |
| Vanger | 4:e505054279ed | 7772 | |
| Vanger | 4:e505054279ed | 7773 | /* tls extensions */ |
| Vanger | 4:e505054279ed | 7774 | if ( (i - begin) < helloSz) { |
| Vanger | 4:e505054279ed | 7775 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 7776 | if (IsTLS(ssl)) { |
| Vanger | 4:e505054279ed | 7777 | int ret = 0; |
| Vanger | 4:e505054279ed | 7778 | word16 totalExtSz; |
| Vanger | 4:e505054279ed | 7779 | Suites clSuites; /* just for compatibility right now */ |
| Vanger | 4:e505054279ed | 7780 | |
| Vanger | 4:e505054279ed | 7781 | if ((i - begin) + OPAQUE16_LEN > helloSz) |
| Vanger | 4:e505054279ed | 7782 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7783 | |
| Vanger | 4:e505054279ed | 7784 | ato16(&input[i], &totalExtSz); |
| Vanger | 4:e505054279ed | 7785 | i += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 7786 | |
| Vanger | 4:e505054279ed | 7787 | if ((i - begin) + totalExtSz > helloSz) |
| Vanger | 4:e505054279ed | 7788 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7789 | |
| Vanger | 4:e505054279ed | 7790 | if ((ret = TLSX_Parse(ssl, (byte *) input + i, |
| Vanger | 4:e505054279ed | 7791 | totalExtSz, 0, &clSuites))) |
| Vanger | 4:e505054279ed | 7792 | return ret; |
| Vanger | 4:e505054279ed | 7793 | |
| Vanger | 4:e505054279ed | 7794 | i += totalExtSz; |
| Vanger | 4:e505054279ed | 7795 | *inOutIdx = i; |
| Vanger | 4:e505054279ed | 7796 | } |
| Vanger | 4:e505054279ed | 7797 | else |
| Vanger | 4:e505054279ed | 7798 | #endif |
| Vanger | 4:e505054279ed | 7799 | *inOutIdx = begin + helloSz; /* skip extensions */ |
| Vanger | 4:e505054279ed | 7800 | } |
| Vanger | 4:e505054279ed | 7801 | |
| Vanger | 4:e505054279ed | 7802 | ssl->options.serverState = SERVER_HELLO_COMPLETE; |
| Vanger | 4:e505054279ed | 7803 | |
| Vanger | 4:e505054279ed | 7804 | if (ssl->options.resuming) { |
| Vanger | 4:e505054279ed | 7805 | if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID, |
| Vanger | 4:e505054279ed | 7806 | ssl->session.sessionID, ID_LEN) == 0) { |
| Vanger | 4:e505054279ed | 7807 | if (SetCipherSpecs(ssl) == 0) { |
| Vanger | 4:e505054279ed | 7808 | int ret = -1; |
| Vanger | 4:e505054279ed | 7809 | |
| Vanger | 4:e505054279ed | 7810 | XMEMCPY(ssl->arrays->masterSecret, |
| Vanger | 4:e505054279ed | 7811 | ssl->session.masterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 7812 | #ifdef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 7813 | ret = DeriveTlsKeys(ssl); |
| Vanger | 4:e505054279ed | 7814 | #else |
| Vanger | 4:e505054279ed | 7815 | #ifndef NO_TLS |
| Vanger | 4:e505054279ed | 7816 | if (ssl->options.tls) |
| Vanger | 4:e505054279ed | 7817 | ret = DeriveTlsKeys(ssl); |
| Vanger | 4:e505054279ed | 7818 | #endif |
| Vanger | 4:e505054279ed | 7819 | if (!ssl->options.tls) |
| Vanger | 4:e505054279ed | 7820 | ret = DeriveKeys(ssl); |
| Vanger | 4:e505054279ed | 7821 | #endif |
| Vanger | 4:e505054279ed | 7822 | ssl->options.serverState = SERVER_HELLODONE_COMPLETE; |
| Vanger | 4:e505054279ed | 7823 | |
| Vanger | 4:e505054279ed | 7824 | return ret; |
| Vanger | 4:e505054279ed | 7825 | } |
| Vanger | 4:e505054279ed | 7826 | else { |
| Vanger | 4:e505054279ed | 7827 | CYASSL_MSG("Unsupported cipher suite, DoServerHello"); |
| Vanger | 4:e505054279ed | 7828 | return UNSUPPORTED_SUITE; |
| Vanger | 4:e505054279ed | 7829 | } |
| Vanger | 4:e505054279ed | 7830 | } |
| Vanger | 4:e505054279ed | 7831 | else { |
| Vanger | 4:e505054279ed | 7832 | CYASSL_MSG("Server denied resumption attempt"); |
| Vanger | 4:e505054279ed | 7833 | ssl->options.resuming = 0; /* server denied resumption try */ |
| Vanger | 4:e505054279ed | 7834 | } |
| Vanger | 4:e505054279ed | 7835 | } |
| Vanger | 4:e505054279ed | 7836 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 7837 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 7838 | DtlsPoolReset(ssl); |
| Vanger | 4:e505054279ed | 7839 | } |
| Vanger | 4:e505054279ed | 7840 | #endif |
| Vanger | 4:e505054279ed | 7841 | |
| Vanger | 4:e505054279ed | 7842 | return SetCipherSpecs(ssl); |
| Vanger | 4:e505054279ed | 7843 | } |
| Vanger | 4:e505054279ed | 7844 | |
| Vanger | 4:e505054279ed | 7845 | |
| Vanger | 4:e505054279ed | 7846 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 7847 | /* just read in and ignore for now TODO: */ |
| Vanger | 4:e505054279ed | 7848 | static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32* |
| Vanger | 4:e505054279ed | 7849 | inOutIdx, word32 size) |
| Vanger | 4:e505054279ed | 7850 | { |
| Vanger | 4:e505054279ed | 7851 | word16 len; |
| Vanger | 4:e505054279ed | 7852 | word32 begin = *inOutIdx; |
| Vanger | 4:e505054279ed | 7853 | |
| Vanger | 4:e505054279ed | 7854 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 7855 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 7856 | AddPacketName("CertificateRequest", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 7857 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 7858 | AddLateName("CertificateRequest", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 7859 | #endif |
| Vanger | 4:e505054279ed | 7860 | |
| Vanger | 4:e505054279ed | 7861 | if ((*inOutIdx - begin) + OPAQUE8_LEN > size) |
| Vanger | 4:e505054279ed | 7862 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7863 | |
| Vanger | 4:e505054279ed | 7864 | len = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 7865 | |
| Vanger | 4:e505054279ed | 7866 | if ((*inOutIdx - begin) + len > size) |
| Vanger | 4:e505054279ed | 7867 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7868 | |
| Vanger | 4:e505054279ed | 7869 | /* types, read in here */ |
| Vanger | 4:e505054279ed | 7870 | *inOutIdx += len; |
| Vanger | 4:e505054279ed | 7871 | |
| Vanger | 4:e505054279ed | 7872 | /* signature and hash signature algorithm */ |
| Vanger | 4:e505054279ed | 7873 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 7874 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 7875 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7876 | |
| Vanger | 4:e505054279ed | 7877 | ato16(input + *inOutIdx, &len); |
| Vanger | 4:e505054279ed | 7878 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 7879 | |
| Vanger | 4:e505054279ed | 7880 | if ((*inOutIdx - begin) + len > size) |
| Vanger | 4:e505054279ed | 7881 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7882 | |
| Vanger | 4:e505054279ed | 7883 | PickHashSigAlgo(ssl, input + *inOutIdx, len); |
| Vanger | 4:e505054279ed | 7884 | *inOutIdx += len; |
| Vanger | 4:e505054279ed | 7885 | } |
| Vanger | 4:e505054279ed | 7886 | |
| Vanger | 4:e505054279ed | 7887 | /* authorities */ |
| Vanger | 4:e505054279ed | 7888 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 7889 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7890 | |
| Vanger | 4:e505054279ed | 7891 | ato16(input + *inOutIdx, &len); |
| Vanger | 4:e505054279ed | 7892 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 7893 | |
| Vanger | 4:e505054279ed | 7894 | if ((*inOutIdx - begin) + len > size) |
| Vanger | 4:e505054279ed | 7895 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7896 | |
| Vanger | 4:e505054279ed | 7897 | while (len) { |
| Vanger | 4:e505054279ed | 7898 | word16 dnSz; |
| Vanger | 4:e505054279ed | 7899 | |
| Vanger | 4:e505054279ed | 7900 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 7901 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7902 | |
| Vanger | 4:e505054279ed | 7903 | ato16(input + *inOutIdx, &dnSz); |
| Vanger | 4:e505054279ed | 7904 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 7905 | |
| Vanger | 4:e505054279ed | 7906 | if ((*inOutIdx - begin) + dnSz > size) |
| Vanger | 4:e505054279ed | 7907 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7908 | |
| Vanger | 4:e505054279ed | 7909 | *inOutIdx += dnSz; |
| Vanger | 4:e505054279ed | 7910 | len -= OPAQUE16_LEN + dnSz; |
| Vanger | 4:e505054279ed | 7911 | } |
| Vanger | 4:e505054279ed | 7912 | |
| Vanger | 4:e505054279ed | 7913 | /* don't send client cert or cert verify if user hasn't provided |
| Vanger | 4:e505054279ed | 7914 | cert and private key */ |
| Vanger | 4:e505054279ed | 7915 | if (ssl->buffers.certificate.buffer && ssl->buffers.key.buffer) |
| Vanger | 4:e505054279ed | 7916 | ssl->options.sendVerify = SEND_CERT; |
| Vanger | 4:e505054279ed | 7917 | else if (IsTLS(ssl)) |
| Vanger | 4:e505054279ed | 7918 | ssl->options.sendVerify = SEND_BLANK_CERT; |
| Vanger | 4:e505054279ed | 7919 | |
| Vanger | 4:e505054279ed | 7920 | return 0; |
| Vanger | 4:e505054279ed | 7921 | } |
| Vanger | 4:e505054279ed | 7922 | #endif /* !NO_CERTS */ |
| Vanger | 4:e505054279ed | 7923 | |
| Vanger | 4:e505054279ed | 7924 | |
| Vanger | 4:e505054279ed | 7925 | static int DoServerKeyExchange(CYASSL* ssl, const byte* input, |
| Vanger | 4:e505054279ed | 7926 | word32* inOutIdx, word32 size) |
| Vanger | 4:e505054279ed | 7927 | { |
| Vanger | 4:e505054279ed | 7928 | word16 length = 0; |
| Vanger | 4:e505054279ed | 7929 | word32 begin = *inOutIdx; |
| Vanger | 4:e505054279ed | 7930 | int ret = 0; |
| Vanger | 4:e505054279ed | 7931 | |
| Vanger | 4:e505054279ed | 7932 | (void)length; /* shut up compiler warnings */ |
| Vanger | 4:e505054279ed | 7933 | (void)begin; |
| Vanger | 4:e505054279ed | 7934 | (void)ssl; |
| Vanger | 4:e505054279ed | 7935 | (void)input; |
| Vanger | 4:e505054279ed | 7936 | (void)size; |
| Vanger | 4:e505054279ed | 7937 | (void)ret; |
| Vanger | 4:e505054279ed | 7938 | |
| Vanger | 4:e505054279ed | 7939 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 7940 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 7941 | AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 7942 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 7943 | AddLateName("ServerKeyExchange", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 7944 | #endif |
| Vanger | 4:e505054279ed | 7945 | |
| Vanger | 4:e505054279ed | 7946 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 7947 | if (ssl->specs.kea == psk_kea) { |
| Vanger | 4:e505054279ed | 7948 | |
| Vanger | 4:e505054279ed | 7949 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 7950 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7951 | |
| Vanger | 4:e505054279ed | 7952 | ato16(input + *inOutIdx, &length); |
| Vanger | 4:e505054279ed | 7953 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 7954 | |
| Vanger | 4:e505054279ed | 7955 | if ((*inOutIdx - begin) + length > size) |
| Vanger | 4:e505054279ed | 7956 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7957 | |
| Vanger | 4:e505054279ed | 7958 | XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx, |
| Vanger | 4:e505054279ed | 7959 | min(length, MAX_PSK_ID_LEN)); |
| Vanger | 4:e505054279ed | 7960 | |
| Vanger | 4:e505054279ed | 7961 | ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0; |
| Vanger | 4:e505054279ed | 7962 | *inOutIdx += length; |
| Vanger | 4:e505054279ed | 7963 | |
| Vanger | 4:e505054279ed | 7964 | return 0; |
| Vanger | 4:e505054279ed | 7965 | } |
| Vanger | 4:e505054279ed | 7966 | #endif |
| Vanger | 4:e505054279ed | 7967 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 7968 | if (ssl->specs.kea == diffie_hellman_kea) |
| Vanger | 4:e505054279ed | 7969 | { |
| Vanger | 4:e505054279ed | 7970 | /* p */ |
| Vanger | 4:e505054279ed | 7971 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 7972 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7973 | |
| Vanger | 4:e505054279ed | 7974 | ato16(input + *inOutIdx, &length); |
| Vanger | 4:e505054279ed | 7975 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 7976 | |
| Vanger | 4:e505054279ed | 7977 | if ((*inOutIdx - begin) + length > size) |
| Vanger | 4:e505054279ed | 7978 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7979 | |
| Vanger | 4:e505054279ed | 7980 | ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap, |
| Vanger | 4:e505054279ed | 7981 | DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 7982 | |
| Vanger | 4:e505054279ed | 7983 | if (ssl->buffers.serverDH_P.buffer) |
| Vanger | 4:e505054279ed | 7984 | ssl->buffers.serverDH_P.length = length; |
| Vanger | 4:e505054279ed | 7985 | else |
| Vanger | 4:e505054279ed | 7986 | return MEMORY_ERROR; |
| Vanger | 4:e505054279ed | 7987 | |
| Vanger | 4:e505054279ed | 7988 | XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length); |
| Vanger | 4:e505054279ed | 7989 | *inOutIdx += length; |
| Vanger | 4:e505054279ed | 7990 | |
| Vanger | 4:e505054279ed | 7991 | /* g */ |
| Vanger | 4:e505054279ed | 7992 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 7993 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 7994 | |
| Vanger | 4:e505054279ed | 7995 | ato16(input + *inOutIdx, &length); |
| Vanger | 4:e505054279ed | 7996 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 7997 | |
| Vanger | 4:e505054279ed | 7998 | if ((*inOutIdx - begin) + length > size) |
| Vanger | 4:e505054279ed | 7999 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 8000 | |
| Vanger | 4:e505054279ed | 8001 | ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap, |
| Vanger | 4:e505054279ed | 8002 | DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 8003 | |
| Vanger | 4:e505054279ed | 8004 | if (ssl->buffers.serverDH_G.buffer) |
| Vanger | 4:e505054279ed | 8005 | ssl->buffers.serverDH_G.length = length; |
| Vanger | 4:e505054279ed | 8006 | else |
| Vanger | 4:e505054279ed | 8007 | return MEMORY_ERROR; |
| Vanger | 4:e505054279ed | 8008 | |
| Vanger | 4:e505054279ed | 8009 | XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length); |
| Vanger | 4:e505054279ed | 8010 | *inOutIdx += length; |
| Vanger | 4:e505054279ed | 8011 | |
| Vanger | 4:e505054279ed | 8012 | /* pub */ |
| Vanger | 4:e505054279ed | 8013 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 8014 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 8015 | |
| Vanger | 4:e505054279ed | 8016 | ato16(input + *inOutIdx, &length); |
| Vanger | 4:e505054279ed | 8017 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 8018 | |
| Vanger | 4:e505054279ed | 8019 | if ((*inOutIdx - begin) + length > size) |
| Vanger | 4:e505054279ed | 8020 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 8021 | |
| Vanger | 4:e505054279ed | 8022 | ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap, |
| Vanger | 4:e505054279ed | 8023 | DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 8024 | |
| Vanger | 4:e505054279ed | 8025 | if (ssl->buffers.serverDH_Pub.buffer) |
| Vanger | 4:e505054279ed | 8026 | ssl->buffers.serverDH_Pub.length = length; |
| Vanger | 4:e505054279ed | 8027 | else |
| Vanger | 4:e505054279ed | 8028 | return MEMORY_ERROR; |
| Vanger | 4:e505054279ed | 8029 | |
| Vanger | 4:e505054279ed | 8030 | XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length); |
| Vanger | 4:e505054279ed | 8031 | *inOutIdx += length; |
| Vanger | 4:e505054279ed | 8032 | } /* dh_kea */ |
| Vanger | 4:e505054279ed | 8033 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 8034 | |
| Vanger | 4:e505054279ed | 8035 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8036 | if (ssl->specs.kea == ecc_diffie_hellman_kea) |
| Vanger | 4:e505054279ed | 8037 | { |
| Vanger | 4:e505054279ed | 8038 | byte b; |
| Vanger | 4:e505054279ed | 8039 | |
| Vanger | 4:e505054279ed | 8040 | if ((*inOutIdx - begin) + ENUM_LEN + OPAQUE16_LEN + OPAQUE8_LEN > size) |
| Vanger | 4:e505054279ed | 8041 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 8042 | |
| Vanger | 4:e505054279ed | 8043 | b = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 8044 | |
| Vanger | 4:e505054279ed | 8045 | if (b != named_curve) |
| Vanger | 4:e505054279ed | 8046 | return ECC_CURVETYPE_ERROR; |
| Vanger | 4:e505054279ed | 8047 | |
| Vanger | 4:e505054279ed | 8048 | *inOutIdx += 1; /* curve type, eat leading 0 */ |
| Vanger | 4:e505054279ed | 8049 | b = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 8050 | |
| Vanger | 4:e505054279ed | 8051 | if (b != secp256r1 && b != secp384r1 && b != secp521r1 && b != |
| Vanger | 4:e505054279ed | 8052 | secp160r1 && b != secp192r1 && b != secp224r1) |
| Vanger | 4:e505054279ed | 8053 | return ECC_CURVE_ERROR; |
| Vanger | 4:e505054279ed | 8054 | |
| Vanger | 4:e505054279ed | 8055 | length = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 8056 | |
| Vanger | 4:e505054279ed | 8057 | if ((*inOutIdx - begin) + length > size) |
| Vanger | 4:e505054279ed | 8058 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 8059 | |
| Vanger | 4:e505054279ed | 8060 | if (ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey) != 0) |
| Vanger | 4:e505054279ed | 8061 | return ECC_PEERKEY_ERROR; |
| Vanger | 4:e505054279ed | 8062 | |
| Vanger | 4:e505054279ed | 8063 | *inOutIdx += length; |
| Vanger | 4:e505054279ed | 8064 | ssl->peerEccKeyPresent = 1; |
| Vanger | 4:e505054279ed | 8065 | } |
| Vanger | 4:e505054279ed | 8066 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 8067 | |
| Vanger | 4:e505054279ed | 8068 | #if defined(OPENSSL_EXTRA) || defined(HAVE_ECC) |
| Vanger | 4:e505054279ed | 8069 | { |
| Vanger | 4:e505054279ed | 8070 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 8071 | Md5 md5; |
| Vanger | 4:e505054279ed | 8072 | Sha sha; |
| Vanger | 4:e505054279ed | 8073 | #endif |
| Vanger | 4:e505054279ed | 8074 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 8075 | Sha256 sha256; |
| Vanger | 4:e505054279ed | 8076 | byte hash256[SHA256_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 8077 | #endif |
| Vanger | 4:e505054279ed | 8078 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 8079 | Sha384 sha384; |
| Vanger | 4:e505054279ed | 8080 | byte hash384[SHA384_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 8081 | #endif |
| Vanger | 4:e505054279ed | 8082 | byte hash[FINISHED_SZ]; |
| Vanger | 4:e505054279ed | 8083 | byte messageVerify[MAX_DH_SZ]; |
| Vanger | 4:e505054279ed | 8084 | byte hashAlgo = sha_mac; |
| Vanger | 4:e505054279ed | 8085 | byte sigAlgo = ssl->specs.sig_algo; |
| Vanger | 4:e505054279ed | 8086 | word16 verifySz = (word16) (*inOutIdx - begin); |
| Vanger | 4:e505054279ed | 8087 | |
| Vanger | 4:e505054279ed | 8088 | /* save message for hash verify */ |
| Vanger | 4:e505054279ed | 8089 | if (verifySz > sizeof(messageVerify)) |
| Vanger | 4:e505054279ed | 8090 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 8091 | |
| Vanger | 4:e505054279ed | 8092 | XMEMCPY(messageVerify, input + begin, verifySz); |
| Vanger | 4:e505054279ed | 8093 | |
| Vanger | 4:e505054279ed | 8094 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 8095 | if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size) |
| Vanger | 4:e505054279ed | 8096 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 8097 | |
| Vanger | 4:e505054279ed | 8098 | hashAlgo = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 8099 | sigAlgo = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 8100 | } |
| Vanger | 4:e505054279ed | 8101 | |
| Vanger | 4:e505054279ed | 8102 | /* signature */ |
| Vanger | 4:e505054279ed | 8103 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 8104 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 8105 | |
| Vanger | 4:e505054279ed | 8106 | ato16(input + *inOutIdx, &length); |
| Vanger | 4:e505054279ed | 8107 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 8108 | |
| Vanger | 4:e505054279ed | 8109 | if ((*inOutIdx - begin) + length > size) |
| Vanger | 4:e505054279ed | 8110 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 8111 | |
| Vanger | 4:e505054279ed | 8112 | /* inOutIdx updated at the end of the function */ |
| Vanger | 4:e505054279ed | 8113 | |
| Vanger | 4:e505054279ed | 8114 | /* verify signature */ |
| Vanger | 4:e505054279ed | 8115 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 8116 | /* md5 */ |
| Vanger | 4:e505054279ed | 8117 | InitMd5(&md5); |
| Vanger | 4:e505054279ed | 8118 | Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 8119 | Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 8120 | Md5Update(&md5, messageVerify, verifySz); |
| Vanger | 4:e505054279ed | 8121 | Md5Final(&md5, hash); |
| Vanger | 4:e505054279ed | 8122 | |
| Vanger | 4:e505054279ed | 8123 | /* sha */ |
| Vanger | 4:e505054279ed | 8124 | ret = InitSha(&sha); |
| Vanger | 4:e505054279ed | 8125 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8126 | return ret; |
| Vanger | 4:e505054279ed | 8127 | ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 8128 | ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 8129 | ShaUpdate(&sha, messageVerify, verifySz); |
| Vanger | 4:e505054279ed | 8130 | ShaFinal(&sha, hash + MD5_DIGEST_SIZE); |
| Vanger | 4:e505054279ed | 8131 | #endif |
| Vanger | 4:e505054279ed | 8132 | |
| Vanger | 4:e505054279ed | 8133 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 8134 | ret = InitSha256(&sha256); |
| Vanger | 4:e505054279ed | 8135 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8136 | return ret; |
| Vanger | 4:e505054279ed | 8137 | ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 8138 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8139 | return ret; |
| Vanger | 4:e505054279ed | 8140 | ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 8141 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8142 | return ret; |
| Vanger | 4:e505054279ed | 8143 | ret = Sha256Update(&sha256, messageVerify, verifySz); |
| Vanger | 4:e505054279ed | 8144 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8145 | return ret; |
| Vanger | 4:e505054279ed | 8146 | ret = Sha256Final(&sha256, hash256); |
| Vanger | 4:e505054279ed | 8147 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8148 | return ret; |
| Vanger | 4:e505054279ed | 8149 | #endif |
| Vanger | 4:e505054279ed | 8150 | |
| Vanger | 4:e505054279ed | 8151 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 8152 | ret = InitSha384(&sha384); |
| Vanger | 4:e505054279ed | 8153 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8154 | return ret; |
| Vanger | 4:e505054279ed | 8155 | ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 8156 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8157 | return ret; |
| Vanger | 4:e505054279ed | 8158 | ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 8159 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8160 | return ret; |
| Vanger | 4:e505054279ed | 8161 | ret = Sha384Update(&sha384, messageVerify, verifySz); |
| Vanger | 4:e505054279ed | 8162 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8163 | return ret; |
| Vanger | 4:e505054279ed | 8164 | ret = Sha384Final(&sha384, hash384); |
| Vanger | 4:e505054279ed | 8165 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8166 | return ret; |
| Vanger | 4:e505054279ed | 8167 | #endif |
| Vanger | 4:e505054279ed | 8168 | |
| Vanger | 4:e505054279ed | 8169 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 8170 | /* rsa */ |
| Vanger | 4:e505054279ed | 8171 | if (sigAlgo == rsa_sa_algo) |
| Vanger | 4:e505054279ed | 8172 | { |
| Vanger | 4:e505054279ed | 8173 | byte* out = NULL; |
| Vanger | 4:e505054279ed | 8174 | byte doUserRsa = 0; |
| Vanger | 4:e505054279ed | 8175 | |
| Vanger | 4:e505054279ed | 8176 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8177 | if (ssl->ctx->RsaVerifyCb) |
| Vanger | 4:e505054279ed | 8178 | doUserRsa = 1; |
| Vanger | 4:e505054279ed | 8179 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 8180 | |
| Vanger | 4:e505054279ed | 8181 | if (!ssl->peerRsaKeyPresent) |
| Vanger | 4:e505054279ed | 8182 | return NO_PEER_KEY; |
| Vanger | 4:e505054279ed | 8183 | |
| Vanger | 4:e505054279ed | 8184 | if (doUserRsa) { |
| Vanger | 4:e505054279ed | 8185 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8186 | ret = ssl->ctx->RsaVerifyCb(ssl, (byte *) input + *inOutIdx, |
| Vanger | 4:e505054279ed | 8187 | length, &out, |
| Vanger | 4:e505054279ed | 8188 | ssl->buffers.peerRsaKey.buffer, |
| Vanger | 4:e505054279ed | 8189 | ssl->buffers.peerRsaKey.length, |
| Vanger | 4:e505054279ed | 8190 | ssl->RsaVerifyCtx); |
| Vanger | 4:e505054279ed | 8191 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 8192 | } |
| Vanger | 4:e505054279ed | 8193 | else { |
| Vanger | 4:e505054279ed | 8194 | ret = RsaSSL_VerifyInline((byte *) input + *inOutIdx, length, |
| Vanger | 4:e505054279ed | 8195 | &out, ssl->peerRsaKey); |
| Vanger | 4:e505054279ed | 8196 | } |
| Vanger | 4:e505054279ed | 8197 | |
| Vanger | 4:e505054279ed | 8198 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 8199 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
| Vanger | 4:e505054279ed | 8200 | word32 encSigSz; |
| Vanger | 4:e505054279ed | 8201 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 8202 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 8203 | int typeH = SHAh; |
| Vanger | 4:e505054279ed | 8204 | int digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8205 | #else |
| Vanger | 4:e505054279ed | 8206 | byte* digest = hash256; |
| Vanger | 4:e505054279ed | 8207 | int typeH = SHA256h; |
| Vanger | 4:e505054279ed | 8208 | int digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8209 | #endif |
| Vanger | 4:e505054279ed | 8210 | |
| Vanger | 4:e505054279ed | 8211 | if (hashAlgo == sha_mac) { |
| Vanger | 4:e505054279ed | 8212 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 8213 | digest = &hash[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 8214 | typeH = SHAh; |
| Vanger | 4:e505054279ed | 8215 | digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8216 | #endif |
| Vanger | 4:e505054279ed | 8217 | } |
| Vanger | 4:e505054279ed | 8218 | else if (hashAlgo == sha256_mac) { |
| Vanger | 4:e505054279ed | 8219 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 8220 | digest = hash256; |
| Vanger | 4:e505054279ed | 8221 | typeH = SHA256h; |
| Vanger | 4:e505054279ed | 8222 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8223 | #endif |
| Vanger | 4:e505054279ed | 8224 | } |
| Vanger | 4:e505054279ed | 8225 | else if (hashAlgo == sha384_mac) { |
| Vanger | 4:e505054279ed | 8226 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 8227 | digest = hash384; |
| Vanger | 4:e505054279ed | 8228 | typeH = SHA384h; |
| Vanger | 4:e505054279ed | 8229 | digestSz = SHA384_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8230 | #endif |
| Vanger | 4:e505054279ed | 8231 | } |
| Vanger | 4:e505054279ed | 8232 | |
| Vanger | 4:e505054279ed | 8233 | encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); |
| Vanger | 4:e505054279ed | 8234 | |
| Vanger | 4:e505054279ed | 8235 | if (encSigSz != (word32)ret || !out || XMEMCMP(out, encodedSig, |
| Vanger | 4:e505054279ed | 8236 | min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) |
| Vanger | 4:e505054279ed | 8237 | return VERIFY_SIGN_ERROR; |
| Vanger | 4:e505054279ed | 8238 | } |
| Vanger | 4:e505054279ed | 8239 | else { |
| Vanger | 4:e505054279ed | 8240 | if (ret != sizeof(hash) || !out || XMEMCMP(out, |
| Vanger | 4:e505054279ed | 8241 | hash, sizeof(hash)) != 0) |
| Vanger | 4:e505054279ed | 8242 | return VERIFY_SIGN_ERROR; |
| Vanger | 4:e505054279ed | 8243 | } |
| Vanger | 4:e505054279ed | 8244 | } else |
| Vanger | 4:e505054279ed | 8245 | #endif |
| Vanger | 4:e505054279ed | 8246 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8247 | /* ecdsa */ |
| Vanger | 4:e505054279ed | 8248 | if (sigAlgo == ecc_dsa_sa_algo) { |
| Vanger | 4:e505054279ed | 8249 | int verify = 0; |
| Vanger | 4:e505054279ed | 8250 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 8251 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 8252 | word32 digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8253 | #else |
| Vanger | 4:e505054279ed | 8254 | byte* digest = hash256; |
| Vanger | 4:e505054279ed | 8255 | word32 digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8256 | #endif |
| Vanger | 4:e505054279ed | 8257 | byte doUserEcc = 0; |
| Vanger | 4:e505054279ed | 8258 | |
| Vanger | 4:e505054279ed | 8259 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8260 | if (ssl->ctx->EccVerifyCb) |
| Vanger | 4:e505054279ed | 8261 | doUserEcc = 1; |
| Vanger | 4:e505054279ed | 8262 | #endif |
| Vanger | 4:e505054279ed | 8263 | |
| Vanger | 4:e505054279ed | 8264 | if (!ssl->peerEccDsaKeyPresent) |
| Vanger | 4:e505054279ed | 8265 | return NO_PEER_KEY; |
| Vanger | 4:e505054279ed | 8266 | |
| Vanger | 4:e505054279ed | 8267 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 8268 | if (hashAlgo == sha_mac) { |
| Vanger | 4:e505054279ed | 8269 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 8270 | digest = &hash[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 8271 | digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8272 | #endif |
| Vanger | 4:e505054279ed | 8273 | } |
| Vanger | 4:e505054279ed | 8274 | else if (hashAlgo == sha256_mac) { |
| Vanger | 4:e505054279ed | 8275 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 8276 | digest = hash256; |
| Vanger | 4:e505054279ed | 8277 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8278 | #endif |
| Vanger | 4:e505054279ed | 8279 | } |
| Vanger | 4:e505054279ed | 8280 | else if (hashAlgo == sha384_mac) { |
| Vanger | 4:e505054279ed | 8281 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 8282 | digest = hash384; |
| Vanger | 4:e505054279ed | 8283 | digestSz = SHA384_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8284 | #endif |
| Vanger | 4:e505054279ed | 8285 | } |
| Vanger | 4:e505054279ed | 8286 | } |
| Vanger | 4:e505054279ed | 8287 | if (doUserEcc) { |
| Vanger | 4:e505054279ed | 8288 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8289 | ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, length, |
| Vanger | 4:e505054279ed | 8290 | digest, digestSz, |
| Vanger | 4:e505054279ed | 8291 | ssl->buffers.peerEccDsaKey.buffer, |
| Vanger | 4:e505054279ed | 8292 | ssl->buffers.peerEccDsaKey.length, |
| Vanger | 4:e505054279ed | 8293 | &verify, ssl->EccVerifyCtx); |
| Vanger | 4:e505054279ed | 8294 | #endif |
| Vanger | 4:e505054279ed | 8295 | } |
| Vanger | 4:e505054279ed | 8296 | else { |
| Vanger | 4:e505054279ed | 8297 | ret = ecc_verify_hash(input + *inOutIdx, length, |
| Vanger | 4:e505054279ed | 8298 | digest, digestSz, &verify, ssl->peerEccDsaKey); |
| Vanger | 4:e505054279ed | 8299 | } |
| Vanger | 4:e505054279ed | 8300 | if (ret != 0 || verify == 0) |
| Vanger | 4:e505054279ed | 8301 | return VERIFY_SIGN_ERROR; |
| Vanger | 4:e505054279ed | 8302 | } |
| Vanger | 4:e505054279ed | 8303 | else |
| Vanger | 4:e505054279ed | 8304 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 8305 | return ALGO_ID_E; |
| Vanger | 4:e505054279ed | 8306 | |
| Vanger | 4:e505054279ed | 8307 | /* signature length */ |
| Vanger | 4:e505054279ed | 8308 | *inOutIdx += length; |
| Vanger | 4:e505054279ed | 8309 | |
| Vanger | 4:e505054279ed | 8310 | ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; |
| Vanger | 4:e505054279ed | 8311 | |
| Vanger | 4:e505054279ed | 8312 | return 0; |
| Vanger | 4:e505054279ed | 8313 | } |
| Vanger | 4:e505054279ed | 8314 | #else /* HAVE_OPENSSL or HAVE_ECC */ |
| Vanger | 4:e505054279ed | 8315 | return NOT_COMPILED_IN; /* not supported by build */ |
| Vanger | 4:e505054279ed | 8316 | #endif /* HAVE_OPENSSL or HAVE_ECC */ |
| Vanger | 4:e505054279ed | 8317 | } |
| Vanger | 4:e505054279ed | 8318 | |
| Vanger | 4:e505054279ed | 8319 | |
| Vanger | 4:e505054279ed | 8320 | int SendClientKeyExchange(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 8321 | { |
| Vanger | 4:e505054279ed | 8322 | byte encSecret[MAX_ENCRYPT_SZ]; |
| Vanger | 4:e505054279ed | 8323 | word32 encSz = 0; |
| Vanger | 4:e505054279ed | 8324 | word32 idx = 0; |
| Vanger | 4:e505054279ed | 8325 | int ret = 0; |
| Vanger | 4:e505054279ed | 8326 | byte doUserRsa = 0; |
| Vanger | 4:e505054279ed | 8327 | |
| Vanger | 4:e505054279ed | 8328 | (void)doUserRsa; |
| Vanger | 4:e505054279ed | 8329 | |
| Vanger | 4:e505054279ed | 8330 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8331 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 8332 | if (ssl->ctx->RsaEncCb) |
| Vanger | 4:e505054279ed | 8333 | doUserRsa = 1; |
| Vanger | 4:e505054279ed | 8334 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 8335 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 8336 | |
| Vanger | 4:e505054279ed | 8337 | switch (ssl->specs.kea) { |
| Vanger | 4:e505054279ed | 8338 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 8339 | case rsa_kea: |
| Vanger | 4:e505054279ed | 8340 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, |
| Vanger | 4:e505054279ed | 8341 | SECRET_LEN); |
| Vanger | 4:e505054279ed | 8342 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8343 | return ret; |
| Vanger | 4:e505054279ed | 8344 | |
| Vanger | 4:e505054279ed | 8345 | ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; |
| Vanger | 4:e505054279ed | 8346 | ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor; |
| Vanger | 4:e505054279ed | 8347 | ssl->arrays->preMasterSz = SECRET_LEN; |
| Vanger | 4:e505054279ed | 8348 | |
| Vanger | 4:e505054279ed | 8349 | if (ssl->peerRsaKeyPresent == 0) |
| Vanger | 4:e505054279ed | 8350 | return NO_PEER_KEY; |
| Vanger | 4:e505054279ed | 8351 | |
| Vanger | 4:e505054279ed | 8352 | if (doUserRsa) { |
| Vanger | 4:e505054279ed | 8353 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8354 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 8355 | encSz = sizeof(encSecret); |
| Vanger | 4:e505054279ed | 8356 | ret = ssl->ctx->RsaEncCb(ssl, |
| Vanger | 4:e505054279ed | 8357 | ssl->arrays->preMasterSecret, |
| Vanger | 4:e505054279ed | 8358 | SECRET_LEN, |
| Vanger | 4:e505054279ed | 8359 | encSecret, &encSz, |
| Vanger | 4:e505054279ed | 8360 | ssl->buffers.peerRsaKey.buffer, |
| Vanger | 4:e505054279ed | 8361 | ssl->buffers.peerRsaKey.length, |
| Vanger | 4:e505054279ed | 8362 | ssl->RsaEncCtx); |
| Vanger | 4:e505054279ed | 8363 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 8364 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 8365 | } |
| Vanger | 4:e505054279ed | 8366 | else { |
| Vanger | 4:e505054279ed | 8367 | ret = RsaPublicEncrypt(ssl->arrays->preMasterSecret, |
| Vanger | 4:e505054279ed | 8368 | SECRET_LEN, encSecret, sizeof(encSecret), |
| Vanger | 4:e505054279ed | 8369 | ssl->peerRsaKey, ssl->rng); |
| Vanger | 4:e505054279ed | 8370 | if (ret > 0) { |
| Vanger | 4:e505054279ed | 8371 | encSz = ret; |
| Vanger | 4:e505054279ed | 8372 | ret = 0; /* set success to 0 */ |
| Vanger | 4:e505054279ed | 8373 | } |
| Vanger | 4:e505054279ed | 8374 | } |
| Vanger | 4:e505054279ed | 8375 | break; |
| Vanger | 4:e505054279ed | 8376 | #endif |
| Vanger | 4:e505054279ed | 8377 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 8378 | case diffie_hellman_kea: |
| Vanger | 4:e505054279ed | 8379 | { |
| Vanger | 4:e505054279ed | 8380 | buffer serverP = ssl->buffers.serverDH_P; |
| Vanger | 4:e505054279ed | 8381 | buffer serverG = ssl->buffers.serverDH_G; |
| Vanger | 4:e505054279ed | 8382 | buffer serverPub = ssl->buffers.serverDH_Pub; |
| Vanger | 4:e505054279ed | 8383 | byte priv[ENCRYPT_LEN]; |
| Vanger | 4:e505054279ed | 8384 | word32 privSz = 0; |
| Vanger | 4:e505054279ed | 8385 | DhKey key; |
| Vanger | 4:e505054279ed | 8386 | |
| Vanger | 4:e505054279ed | 8387 | if (serverP.buffer == 0 || serverG.buffer == 0 || |
| Vanger | 4:e505054279ed | 8388 | serverPub.buffer == 0) |
| Vanger | 4:e505054279ed | 8389 | return NO_PEER_KEY; |
| Vanger | 4:e505054279ed | 8390 | |
| Vanger | 4:e505054279ed | 8391 | InitDhKey(&key); |
| Vanger | 4:e505054279ed | 8392 | ret = DhSetKey(&key, serverP.buffer, serverP.length, |
| Vanger | 4:e505054279ed | 8393 | serverG.buffer, serverG.length); |
| Vanger | 4:e505054279ed | 8394 | if (ret == 0) |
| Vanger | 4:e505054279ed | 8395 | /* for DH, encSecret is Yc, agree is pre-master */ |
| Vanger | 4:e505054279ed | 8396 | ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz, |
| Vanger | 4:e505054279ed | 8397 | encSecret, &encSz); |
| Vanger | 4:e505054279ed | 8398 | if (ret == 0) |
| Vanger | 4:e505054279ed | 8399 | ret = DhAgree(&key, ssl->arrays->preMasterSecret, |
| Vanger | 4:e505054279ed | 8400 | &ssl->arrays->preMasterSz, priv, privSz, |
| Vanger | 4:e505054279ed | 8401 | serverPub.buffer, serverPub.length); |
| Vanger | 4:e505054279ed | 8402 | FreeDhKey(&key); |
| Vanger | 4:e505054279ed | 8403 | } |
| Vanger | 4:e505054279ed | 8404 | break; |
| Vanger | 4:e505054279ed | 8405 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 8406 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 8407 | case psk_kea: |
| Vanger | 4:e505054279ed | 8408 | { |
| Vanger | 4:e505054279ed | 8409 | byte* pms = ssl->arrays->preMasterSecret; |
| Vanger | 4:e505054279ed | 8410 | |
| Vanger | 4:e505054279ed | 8411 | ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl, |
| Vanger | 4:e505054279ed | 8412 | ssl->arrays->server_hint, ssl->arrays->client_identity, |
| Vanger | 4:e505054279ed | 8413 | MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN); |
| Vanger | 4:e505054279ed | 8414 | if (ssl->arrays->psk_keySz == 0 || |
| Vanger | 4:e505054279ed | 8415 | ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) |
| Vanger | 4:e505054279ed | 8416 | return PSK_KEY_ERROR; |
| Vanger | 4:e505054279ed | 8417 | encSz = (word32)XSTRLEN(ssl->arrays->client_identity); |
| Vanger | 4:e505054279ed | 8418 | if (encSz > MAX_PSK_ID_LEN) return CLIENT_ID_ERROR; |
| Vanger | 4:e505054279ed | 8419 | XMEMCPY(encSecret, ssl->arrays->client_identity, encSz); |
| Vanger | 4:e505054279ed | 8420 | |
| Vanger | 4:e505054279ed | 8421 | /* make psk pre master secret */ |
| Vanger | 4:e505054279ed | 8422 | /* length of key + length 0s + length of key + key */ |
| Vanger | 4:e505054279ed | 8423 | c16toa((word16)ssl->arrays->psk_keySz, pms); |
| Vanger | 4:e505054279ed | 8424 | pms += 2; |
| Vanger | 4:e505054279ed | 8425 | XMEMSET(pms, 0, ssl->arrays->psk_keySz); |
| Vanger | 4:e505054279ed | 8426 | pms += ssl->arrays->psk_keySz; |
| Vanger | 4:e505054279ed | 8427 | c16toa((word16)ssl->arrays->psk_keySz, pms); |
| Vanger | 4:e505054279ed | 8428 | pms += 2; |
| Vanger | 4:e505054279ed | 8429 | XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); |
| Vanger | 4:e505054279ed | 8430 | ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; |
| Vanger | 4:e505054279ed | 8431 | XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); |
| Vanger | 4:e505054279ed | 8432 | ssl->arrays->psk_keySz = 0; /* No further need */ |
| Vanger | 4:e505054279ed | 8433 | } |
| Vanger | 4:e505054279ed | 8434 | break; |
| Vanger | 4:e505054279ed | 8435 | #endif /* NO_PSK */ |
| Vanger | 4:e505054279ed | 8436 | #ifdef HAVE_NTRU |
| Vanger | 4:e505054279ed | 8437 | case ntru_kea: |
| Vanger | 4:e505054279ed | 8438 | { |
| Vanger | 4:e505054279ed | 8439 | word32 rc; |
| Vanger | 4:e505054279ed | 8440 | word16 cipherLen = sizeof(encSecret); |
| Vanger | 4:e505054279ed | 8441 | DRBG_HANDLE drbg; |
| Vanger | 4:e505054279ed | 8442 | static uint8_t const cyasslStr[] = { |
| Vanger | 4:e505054279ed | 8443 | 'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U' |
| Vanger | 4:e505054279ed | 8444 | }; |
| Vanger | 4:e505054279ed | 8445 | |
| Vanger | 4:e505054279ed | 8446 | ret = RNG_GenerateBlock(ssl->rng, |
| Vanger | 4:e505054279ed | 8447 | ssl->arrays->preMasterSecret, SECRET_LEN); |
| Vanger | 4:e505054279ed | 8448 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8449 | return ret; |
| Vanger | 4:e505054279ed | 8450 | |
| Vanger | 4:e505054279ed | 8451 | ssl->arrays->preMasterSz = SECRET_LEN; |
| Vanger | 4:e505054279ed | 8452 | |
| Vanger | 4:e505054279ed | 8453 | if (ssl->peerNtruKeyPresent == 0) |
| Vanger | 4:e505054279ed | 8454 | return NO_PEER_KEY; |
| Vanger | 4:e505054279ed | 8455 | |
| Vanger | 4:e505054279ed | 8456 | rc = crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr, |
| Vanger | 4:e505054279ed | 8457 | sizeof(cyasslStr), GetEntropy, |
| Vanger | 4:e505054279ed | 8458 | &drbg); |
| Vanger | 4:e505054279ed | 8459 | if (rc != DRBG_OK) |
| Vanger | 4:e505054279ed | 8460 | return NTRU_DRBG_ERROR; |
| Vanger | 4:e505054279ed | 8461 | |
| Vanger | 4:e505054279ed | 8462 | rc = crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen, |
| Vanger | 4:e505054279ed | 8463 | ssl->peerNtruKey, |
| Vanger | 4:e505054279ed | 8464 | ssl->arrays->preMasterSz, |
| Vanger | 4:e505054279ed | 8465 | ssl->arrays->preMasterSecret, |
| Vanger | 4:e505054279ed | 8466 | &cipherLen, encSecret); |
| Vanger | 4:e505054279ed | 8467 | crypto_drbg_uninstantiate(drbg); |
| Vanger | 4:e505054279ed | 8468 | if (rc != NTRU_OK) |
| Vanger | 4:e505054279ed | 8469 | return NTRU_ENCRYPT_ERROR; |
| Vanger | 4:e505054279ed | 8470 | |
| Vanger | 4:e505054279ed | 8471 | encSz = cipherLen; |
| Vanger | 4:e505054279ed | 8472 | ret = 0; |
| Vanger | 4:e505054279ed | 8473 | } |
| Vanger | 4:e505054279ed | 8474 | break; |
| Vanger | 4:e505054279ed | 8475 | #endif /* HAVE_NTRU */ |
| Vanger | 4:e505054279ed | 8476 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8477 | case ecc_diffie_hellman_kea: |
| Vanger | 4:e505054279ed | 8478 | { |
| Vanger | 4:e505054279ed | 8479 | ecc_key myKey; |
| Vanger | 4:e505054279ed | 8480 | ecc_key* peerKey = NULL; |
| Vanger | 4:e505054279ed | 8481 | word32 size = sizeof(encSecret); |
| Vanger | 4:e505054279ed | 8482 | |
| Vanger | 4:e505054279ed | 8483 | if (ssl->specs.static_ecdh) { |
| Vanger | 4:e505054279ed | 8484 | /* TODO: EccDsa is really fixed Ecc change naming */ |
| Vanger | 4:e505054279ed | 8485 | if (!ssl->peerEccDsaKeyPresent || !ssl->peerEccDsaKey->dp) |
| Vanger | 4:e505054279ed | 8486 | return NO_PEER_KEY; |
| Vanger | 4:e505054279ed | 8487 | peerKey = ssl->peerEccDsaKey; |
| Vanger | 4:e505054279ed | 8488 | } |
| Vanger | 4:e505054279ed | 8489 | else { |
| Vanger | 4:e505054279ed | 8490 | if (!ssl->peerEccKeyPresent || !ssl->peerEccKey->dp) |
| Vanger | 4:e505054279ed | 8491 | return NO_PEER_KEY; |
| Vanger | 4:e505054279ed | 8492 | peerKey = ssl->peerEccKey; |
| Vanger | 4:e505054279ed | 8493 | } |
| Vanger | 4:e505054279ed | 8494 | |
| Vanger | 4:e505054279ed | 8495 | if (peerKey == NULL) |
| Vanger | 4:e505054279ed | 8496 | return NO_PEER_KEY; |
| Vanger | 4:e505054279ed | 8497 | |
| Vanger | 4:e505054279ed | 8498 | ecc_init(&myKey); |
| Vanger | 4:e505054279ed | 8499 | ret = ecc_make_key(ssl->rng, peerKey->dp->size, &myKey); |
| Vanger | 4:e505054279ed | 8500 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8501 | return ECC_MAKEKEY_ERROR; |
| Vanger | 4:e505054279ed | 8502 | |
| Vanger | 4:e505054279ed | 8503 | /* precede export with 1 byte length */ |
| Vanger | 4:e505054279ed | 8504 | ret = ecc_export_x963(&myKey, encSecret + 1, &size); |
| Vanger | 4:e505054279ed | 8505 | encSecret[0] = (byte)size; |
| Vanger | 4:e505054279ed | 8506 | encSz = size + 1; |
| Vanger | 4:e505054279ed | 8507 | |
| Vanger | 4:e505054279ed | 8508 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8509 | ret = ECC_EXPORT_ERROR; |
| Vanger | 4:e505054279ed | 8510 | else { |
| Vanger | 4:e505054279ed | 8511 | size = sizeof(ssl->arrays->preMasterSecret); |
| Vanger | 4:e505054279ed | 8512 | ret = ecc_shared_secret(&myKey, peerKey, |
| Vanger | 4:e505054279ed | 8513 | ssl->arrays->preMasterSecret, &size); |
| Vanger | 4:e505054279ed | 8514 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8515 | ret = ECC_SHARED_ERROR; |
| Vanger | 4:e505054279ed | 8516 | } |
| Vanger | 4:e505054279ed | 8517 | |
| Vanger | 4:e505054279ed | 8518 | ssl->arrays->preMasterSz = size; |
| Vanger | 4:e505054279ed | 8519 | ecc_free(&myKey); |
| Vanger | 4:e505054279ed | 8520 | } |
| Vanger | 4:e505054279ed | 8521 | break; |
| Vanger | 4:e505054279ed | 8522 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 8523 | default: |
| Vanger | 4:e505054279ed | 8524 | return ALGO_ID_E; /* unsupported kea */ |
| Vanger | 4:e505054279ed | 8525 | } |
| Vanger | 4:e505054279ed | 8526 | |
| Vanger | 4:e505054279ed | 8527 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 8528 | byte *output; |
| Vanger | 4:e505054279ed | 8529 | int sendSz; |
| Vanger | 4:e505054279ed | 8530 | word32 tlsSz = 0; |
| Vanger | 4:e505054279ed | 8531 | |
| Vanger | 4:e505054279ed | 8532 | if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea) |
| Vanger | 4:e505054279ed | 8533 | tlsSz = 2; |
| Vanger | 4:e505054279ed | 8534 | |
| Vanger | 4:e505054279ed | 8535 | if (ssl->specs.kea == ecc_diffie_hellman_kea) /* always off */ |
| Vanger | 4:e505054279ed | 8536 | tlsSz = 0; |
| Vanger | 4:e505054279ed | 8537 | |
| Vanger | 4:e505054279ed | 8538 | sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 8539 | idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 8540 | |
| Vanger | 4:e505054279ed | 8541 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 8542 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 8543 | sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 8544 | idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA; |
| Vanger | 4:e505054279ed | 8545 | } |
| Vanger | 4:e505054279ed | 8546 | #endif |
| Vanger | 4:e505054279ed | 8547 | |
| Vanger | 4:e505054279ed | 8548 | /* check for available size */ |
| Vanger | 4:e505054279ed | 8549 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 8550 | return ret; |
| Vanger | 4:e505054279ed | 8551 | |
| Vanger | 4:e505054279ed | 8552 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 8553 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 8554 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 8555 | |
| Vanger | 4:e505054279ed | 8556 | AddHeaders(output, encSz + tlsSz, client_key_exchange, ssl); |
| Vanger | 4:e505054279ed | 8557 | |
| Vanger | 4:e505054279ed | 8558 | if (tlsSz) { |
| Vanger | 4:e505054279ed | 8559 | c16toa((word16)encSz, &output[idx]); |
| Vanger | 4:e505054279ed | 8560 | idx += 2; |
| Vanger | 4:e505054279ed | 8561 | } |
| Vanger | 4:e505054279ed | 8562 | XMEMCPY(output + idx, encSecret, encSz); |
| Vanger | 4:e505054279ed | 8563 | /* if add more to output, adjust idx |
| Vanger | 4:e505054279ed | 8564 | idx += encSz; */ |
| Vanger | 4:e505054279ed | 8565 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 8566 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 8567 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 8568 | return ret; |
| Vanger | 4:e505054279ed | 8569 | } |
| Vanger | 4:e505054279ed | 8570 | #endif |
| Vanger | 4:e505054279ed | 8571 | |
| Vanger | 4:e505054279ed | 8572 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 8573 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8574 | return ret; |
| Vanger | 4:e505054279ed | 8575 | |
| Vanger | 4:e505054279ed | 8576 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 8577 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 8578 | AddPacketName("ClientKeyExchange", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 8579 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 8580 | AddPacketInfo("ClientKeyExchange", &ssl->timeoutInfo, |
| Vanger | 4:e505054279ed | 8581 | output, sendSz, ssl->heap); |
| Vanger | 4:e505054279ed | 8582 | #endif |
| Vanger | 4:e505054279ed | 8583 | |
| Vanger | 4:e505054279ed | 8584 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 8585 | |
| Vanger | 4:e505054279ed | 8586 | if (ssl->options.groupMessages) |
| Vanger | 4:e505054279ed | 8587 | ret = 0; |
| Vanger | 4:e505054279ed | 8588 | else |
| Vanger | 4:e505054279ed | 8589 | ret = SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 8590 | } |
| Vanger | 4:e505054279ed | 8591 | |
| Vanger | 4:e505054279ed | 8592 | if (ret == 0 || ret == WANT_WRITE) { |
| Vanger | 4:e505054279ed | 8593 | int tmpRet = MakeMasterSecret(ssl); |
| Vanger | 4:e505054279ed | 8594 | if (tmpRet != 0) |
| Vanger | 4:e505054279ed | 8595 | ret = tmpRet; /* save WANT_WRITE unless more serious */ |
| Vanger | 4:e505054279ed | 8596 | ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; |
| Vanger | 4:e505054279ed | 8597 | } |
| Vanger | 4:e505054279ed | 8598 | /* No further need for PMS */ |
| Vanger | 4:e505054279ed | 8599 | XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz); |
| Vanger | 4:e505054279ed | 8600 | ssl->arrays->preMasterSz = 0; |
| Vanger | 4:e505054279ed | 8601 | |
| Vanger | 4:e505054279ed | 8602 | return ret; |
| Vanger | 4:e505054279ed | 8603 | } |
| Vanger | 4:e505054279ed | 8604 | |
| Vanger | 4:e505054279ed | 8605 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 8606 | int SendCertificateVerify(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 8607 | { |
| Vanger | 4:e505054279ed | 8608 | byte *output; |
| Vanger | 4:e505054279ed | 8609 | int sendSz = 0, length, ret; |
| Vanger | 4:e505054279ed | 8610 | word32 idx = 0; |
| Vanger | 4:e505054279ed | 8611 | word32 sigOutSz = 0; |
| Vanger | 4:e505054279ed | 8612 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 8613 | RsaKey key; |
| Vanger | 4:e505054279ed | 8614 | int initRsaKey = 0; |
| Vanger | 4:e505054279ed | 8615 | #endif |
| Vanger | 4:e505054279ed | 8616 | int usingEcc = 0; |
| Vanger | 4:e505054279ed | 8617 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8618 | ecc_key eccKey; |
| Vanger | 4:e505054279ed | 8619 | #endif |
| Vanger | 4:e505054279ed | 8620 | |
| Vanger | 4:e505054279ed | 8621 | (void)idx; |
| Vanger | 4:e505054279ed | 8622 | |
| Vanger | 4:e505054279ed | 8623 | if (ssl->options.sendVerify == SEND_BLANK_CERT) |
| Vanger | 4:e505054279ed | 8624 | return 0; /* sent blank cert, can't verify */ |
| Vanger | 4:e505054279ed | 8625 | |
| Vanger | 4:e505054279ed | 8626 | /* check for available size */ |
| Vanger | 4:e505054279ed | 8627 | if ((ret = CheckAvailableSize(ssl, MAX_CERT_VERIFY_SZ)) != 0) |
| Vanger | 4:e505054279ed | 8628 | return ret; |
| Vanger | 4:e505054279ed | 8629 | |
| Vanger | 4:e505054279ed | 8630 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 8631 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 8632 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 8633 | |
| Vanger | 4:e505054279ed | 8634 | ret = BuildCertHashes(ssl, &ssl->certHashes); |
| Vanger | 4:e505054279ed | 8635 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8636 | return ret; |
| Vanger | 4:e505054279ed | 8637 | |
| Vanger | 4:e505054279ed | 8638 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8639 | ecc_init(&eccKey); |
| Vanger | 4:e505054279ed | 8640 | #endif |
| Vanger | 4:e505054279ed | 8641 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 8642 | ret = InitRsaKey(&key, ssl->heap); |
| Vanger | 4:e505054279ed | 8643 | if (ret == 0) initRsaKey = 1; |
| Vanger | 4:e505054279ed | 8644 | if (ret == 0) |
| Vanger | 4:e505054279ed | 8645 | ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &key, |
| Vanger | 4:e505054279ed | 8646 | ssl->buffers.key.length); |
| Vanger | 4:e505054279ed | 8647 | if (ret == 0) |
| Vanger | 4:e505054279ed | 8648 | sigOutSz = RsaEncryptSize(&key); |
| Vanger | 4:e505054279ed | 8649 | else |
| Vanger | 4:e505054279ed | 8650 | #endif |
| Vanger | 4:e505054279ed | 8651 | { |
| Vanger | 4:e505054279ed | 8652 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8653 | CYASSL_MSG("Trying ECC client cert, RSA didn't work"); |
| Vanger | 4:e505054279ed | 8654 | |
| Vanger | 4:e505054279ed | 8655 | idx = 0; |
| Vanger | 4:e505054279ed | 8656 | ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &eccKey, |
| Vanger | 4:e505054279ed | 8657 | ssl->buffers.key.length); |
| Vanger | 4:e505054279ed | 8658 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 8659 | CYASSL_MSG("Using ECC client cert"); |
| Vanger | 4:e505054279ed | 8660 | usingEcc = 1; |
| Vanger | 4:e505054279ed | 8661 | sigOutSz = MAX_ENCODED_SIG_SZ; |
| Vanger | 4:e505054279ed | 8662 | } |
| Vanger | 4:e505054279ed | 8663 | else { |
| Vanger | 4:e505054279ed | 8664 | CYASSL_MSG("Bad client cert type"); |
| Vanger | 4:e505054279ed | 8665 | } |
| Vanger | 4:e505054279ed | 8666 | #endif |
| Vanger | 4:e505054279ed | 8667 | } |
| Vanger | 4:e505054279ed | 8668 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 8669 | byte* verify = (byte*)&output[RECORD_HEADER_SZ + |
| Vanger | 4:e505054279ed | 8670 | HANDSHAKE_HEADER_SZ]; |
| Vanger | 4:e505054279ed | 8671 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 8672 | byte* signBuffer = ssl->certHashes.md5; |
| Vanger | 4:e505054279ed | 8673 | #else |
| Vanger | 4:e505054279ed | 8674 | byte* signBuffer = NULL; |
| Vanger | 4:e505054279ed | 8675 | #endif |
| Vanger | 4:e505054279ed | 8676 | word32 signSz = FINISHED_SZ; |
| Vanger | 4:e505054279ed | 8677 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
| Vanger | 4:e505054279ed | 8678 | word32 extraSz = 0; /* tls 1.2 hash/sig */ |
| Vanger | 4:e505054279ed | 8679 | |
| Vanger | 4:e505054279ed | 8680 | (void)encodedSig; |
| Vanger | 4:e505054279ed | 8681 | (void)signSz; |
| Vanger | 4:e505054279ed | 8682 | (void)signBuffer; |
| Vanger | 4:e505054279ed | 8683 | |
| Vanger | 4:e505054279ed | 8684 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 8685 | if (ssl->options.dtls) |
| Vanger | 4:e505054279ed | 8686 | verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 8687 | #endif |
| Vanger | 4:e505054279ed | 8688 | length = sigOutSz; |
| Vanger | 4:e505054279ed | 8689 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 8690 | verify[0] = ssl->suites->hashAlgo; |
| Vanger | 4:e505054279ed | 8691 | verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo; |
| Vanger | 4:e505054279ed | 8692 | extraSz = HASH_SIG_SIZE; |
| Vanger | 4:e505054279ed | 8693 | } |
| Vanger | 4:e505054279ed | 8694 | |
| Vanger | 4:e505054279ed | 8695 | if (usingEcc) { |
| Vanger | 4:e505054279ed | 8696 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8697 | word32 localSz = MAX_ENCODED_SIG_SZ; |
| Vanger | 4:e505054279ed | 8698 | word32 digestSz; |
| Vanger | 4:e505054279ed | 8699 | byte* digest; |
| Vanger | 4:e505054279ed | 8700 | byte doUserEcc = 0; |
| Vanger | 4:e505054279ed | 8701 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 8702 | /* old tls default */ |
| Vanger | 4:e505054279ed | 8703 | digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8704 | digest = ssl->certHashes.sha; |
| Vanger | 4:e505054279ed | 8705 | #else |
| Vanger | 4:e505054279ed | 8706 | /* new tls default */ |
| Vanger | 4:e505054279ed | 8707 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8708 | digest = ssl->certHashes.sha256; |
| Vanger | 4:e505054279ed | 8709 | #endif |
| Vanger | 4:e505054279ed | 8710 | |
| Vanger | 4:e505054279ed | 8711 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8712 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8713 | if (ssl->ctx->EccSignCb) |
| Vanger | 4:e505054279ed | 8714 | doUserEcc = 1; |
| Vanger | 4:e505054279ed | 8715 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 8716 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 8717 | |
| Vanger | 4:e505054279ed | 8718 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 8719 | if (ssl->suites->hashAlgo == sha_mac) { |
| Vanger | 4:e505054279ed | 8720 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 8721 | digest = ssl->certHashes.sha; |
| Vanger | 4:e505054279ed | 8722 | digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8723 | #endif |
| Vanger | 4:e505054279ed | 8724 | } |
| Vanger | 4:e505054279ed | 8725 | else if (ssl->suites->hashAlgo == sha256_mac) { |
| Vanger | 4:e505054279ed | 8726 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 8727 | digest = ssl->certHashes.sha256; |
| Vanger | 4:e505054279ed | 8728 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8729 | #endif |
| Vanger | 4:e505054279ed | 8730 | } |
| Vanger | 4:e505054279ed | 8731 | else if (ssl->suites->hashAlgo == sha384_mac) { |
| Vanger | 4:e505054279ed | 8732 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 8733 | digest = ssl->certHashes.sha384; |
| Vanger | 4:e505054279ed | 8734 | digestSz = SHA384_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8735 | #endif |
| Vanger | 4:e505054279ed | 8736 | } |
| Vanger | 4:e505054279ed | 8737 | } |
| Vanger | 4:e505054279ed | 8738 | |
| Vanger | 4:e505054279ed | 8739 | if (doUserEcc) { |
| Vanger | 4:e505054279ed | 8740 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8741 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8742 | ret = ssl->ctx->EccSignCb(ssl, digest, digestSz, |
| Vanger | 4:e505054279ed | 8743 | encodedSig, &localSz, |
| Vanger | 4:e505054279ed | 8744 | ssl->buffers.key.buffer, |
| Vanger | 4:e505054279ed | 8745 | ssl->buffers.key.length, |
| Vanger | 4:e505054279ed | 8746 | ssl->EccSignCtx); |
| Vanger | 4:e505054279ed | 8747 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 8748 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 8749 | } |
| Vanger | 4:e505054279ed | 8750 | else { |
| Vanger | 4:e505054279ed | 8751 | ret = ecc_sign_hash(digest, digestSz, encodedSig, |
| Vanger | 4:e505054279ed | 8752 | &localSz, ssl->rng, &eccKey); |
| Vanger | 4:e505054279ed | 8753 | } |
| Vanger | 4:e505054279ed | 8754 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 8755 | length = localSz; |
| Vanger | 4:e505054279ed | 8756 | c16toa((word16)length, verify + extraSz); /* prepend hdr */ |
| Vanger | 4:e505054279ed | 8757 | XMEMCPY(verify + extraSz + VERIFY_HEADER,encodedSig,length); |
| Vanger | 4:e505054279ed | 8758 | } |
| Vanger | 4:e505054279ed | 8759 | #endif |
| Vanger | 4:e505054279ed | 8760 | } |
| Vanger | 4:e505054279ed | 8761 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 8762 | else { |
| Vanger | 4:e505054279ed | 8763 | byte doUserRsa = 0; |
| Vanger | 4:e505054279ed | 8764 | |
| Vanger | 4:e505054279ed | 8765 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8766 | if (ssl->ctx->RsaSignCb) |
| Vanger | 4:e505054279ed | 8767 | doUserRsa = 1; |
| Vanger | 4:e505054279ed | 8768 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 8769 | |
| Vanger | 4:e505054279ed | 8770 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 8771 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 8772 | byte* digest = ssl->certHashes.sha; |
| Vanger | 4:e505054279ed | 8773 | int digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8774 | int typeH = SHAh; |
| Vanger | 4:e505054279ed | 8775 | #else |
| Vanger | 4:e505054279ed | 8776 | byte* digest = ssl->certHashes.sha256; |
| Vanger | 4:e505054279ed | 8777 | int digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8778 | int typeH = SHA256h; |
| Vanger | 4:e505054279ed | 8779 | #endif |
| Vanger | 4:e505054279ed | 8780 | |
| Vanger | 4:e505054279ed | 8781 | if (ssl->suites->hashAlgo == sha_mac) { |
| Vanger | 4:e505054279ed | 8782 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 8783 | digest = ssl->certHashes.sha; |
| Vanger | 4:e505054279ed | 8784 | typeH = SHAh; |
| Vanger | 4:e505054279ed | 8785 | digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8786 | #endif |
| Vanger | 4:e505054279ed | 8787 | } |
| Vanger | 4:e505054279ed | 8788 | else if (ssl->suites->hashAlgo == sha256_mac) { |
| Vanger | 4:e505054279ed | 8789 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 8790 | digest = ssl->certHashes.sha256; |
| Vanger | 4:e505054279ed | 8791 | typeH = SHA256h; |
| Vanger | 4:e505054279ed | 8792 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8793 | #endif |
| Vanger | 4:e505054279ed | 8794 | } |
| Vanger | 4:e505054279ed | 8795 | else if (ssl->suites->hashAlgo == sha384_mac) { |
| Vanger | 4:e505054279ed | 8796 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 8797 | digest = ssl->certHashes.sha384; |
| Vanger | 4:e505054279ed | 8798 | typeH = SHA384h; |
| Vanger | 4:e505054279ed | 8799 | digestSz = SHA384_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 8800 | #endif |
| Vanger | 4:e505054279ed | 8801 | } |
| Vanger | 4:e505054279ed | 8802 | |
| Vanger | 4:e505054279ed | 8803 | signSz = EncodeSignature(encodedSig, digest,digestSz,typeH); |
| Vanger | 4:e505054279ed | 8804 | signBuffer = encodedSig; |
| Vanger | 4:e505054279ed | 8805 | } |
| Vanger | 4:e505054279ed | 8806 | |
| Vanger | 4:e505054279ed | 8807 | c16toa((word16)length, verify + extraSz); /* prepend hdr */ |
| Vanger | 4:e505054279ed | 8808 | if (doUserRsa) { |
| Vanger | 4:e505054279ed | 8809 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 8810 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 8811 | word32 ioLen = ENCRYPT_LEN; |
| Vanger | 4:e505054279ed | 8812 | ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz, |
| Vanger | 4:e505054279ed | 8813 | verify + extraSz + VERIFY_HEADER, |
| Vanger | 4:e505054279ed | 8814 | &ioLen, |
| Vanger | 4:e505054279ed | 8815 | ssl->buffers.key.buffer, |
| Vanger | 4:e505054279ed | 8816 | ssl->buffers.key.length, |
| Vanger | 4:e505054279ed | 8817 | ssl->RsaSignCtx); |
| Vanger | 4:e505054279ed | 8818 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 8819 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 8820 | } |
| Vanger | 4:e505054279ed | 8821 | else { |
| Vanger | 4:e505054279ed | 8822 | ret = RsaSSL_Sign(signBuffer, signSz, verify + extraSz + |
| Vanger | 4:e505054279ed | 8823 | VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng); |
| Vanger | 4:e505054279ed | 8824 | } |
| Vanger | 4:e505054279ed | 8825 | |
| Vanger | 4:e505054279ed | 8826 | if (ret > 0) |
| Vanger | 4:e505054279ed | 8827 | ret = 0; /* RSA reset */ |
| Vanger | 4:e505054279ed | 8828 | } |
| Vanger | 4:e505054279ed | 8829 | #endif |
| Vanger | 4:e505054279ed | 8830 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 8831 | AddHeaders(output, length + extraSz + VERIFY_HEADER, |
| Vanger | 4:e505054279ed | 8832 | certificate_verify, ssl); |
| Vanger | 4:e505054279ed | 8833 | |
| Vanger | 4:e505054279ed | 8834 | sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length + |
| Vanger | 4:e505054279ed | 8835 | extraSz + VERIFY_HEADER; |
| Vanger | 4:e505054279ed | 8836 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 8837 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 8838 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 8839 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 8840 | return ret; |
| Vanger | 4:e505054279ed | 8841 | } |
| Vanger | 4:e505054279ed | 8842 | #endif |
| Vanger | 4:e505054279ed | 8843 | |
| Vanger | 4:e505054279ed | 8844 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 8845 | } |
| Vanger | 4:e505054279ed | 8846 | } |
| Vanger | 4:e505054279ed | 8847 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 8848 | if (initRsaKey) |
| Vanger | 4:e505054279ed | 8849 | FreeRsaKey(&key); |
| Vanger | 4:e505054279ed | 8850 | #endif |
| Vanger | 4:e505054279ed | 8851 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8852 | ecc_free(&eccKey); |
| Vanger | 4:e505054279ed | 8853 | #endif |
| Vanger | 4:e505054279ed | 8854 | |
| Vanger | 4:e505054279ed | 8855 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 8856 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 8857 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 8858 | AddPacketName("CertificateVerify", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 8859 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 8860 | AddPacketInfo("CertificateVerify", &ssl->timeoutInfo, |
| Vanger | 4:e505054279ed | 8861 | output, sendSz, ssl->heap); |
| Vanger | 4:e505054279ed | 8862 | #endif |
| Vanger | 4:e505054279ed | 8863 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 8864 | if (ssl->options.groupMessages) |
| Vanger | 4:e505054279ed | 8865 | return 0; |
| Vanger | 4:e505054279ed | 8866 | else |
| Vanger | 4:e505054279ed | 8867 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 8868 | } |
| Vanger | 4:e505054279ed | 8869 | else |
| Vanger | 4:e505054279ed | 8870 | return ret; |
| Vanger | 4:e505054279ed | 8871 | } |
| Vanger | 4:e505054279ed | 8872 | #endif /* NO_CERTS */ |
| Vanger | 4:e505054279ed | 8873 | |
| Vanger | 4:e505054279ed | 8874 | |
| Vanger | 4:e505054279ed | 8875 | #endif /* NO_CYASSL_CLIENT */ |
| Vanger | 4:e505054279ed | 8876 | |
| Vanger | 4:e505054279ed | 8877 | |
| Vanger | 4:e505054279ed | 8878 | #ifndef NO_CYASSL_SERVER |
| Vanger | 4:e505054279ed | 8879 | |
| Vanger | 4:e505054279ed | 8880 | int SendServerHello(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 8881 | { |
| Vanger | 4:e505054279ed | 8882 | byte *output; |
| Vanger | 4:e505054279ed | 8883 | word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 8884 | int sendSz; |
| Vanger | 4:e505054279ed | 8885 | int ret; |
| Vanger | 4:e505054279ed | 8886 | |
| Vanger | 4:e505054279ed | 8887 | length = VERSION_SZ + RAN_LEN |
| Vanger | 4:e505054279ed | 8888 | + ID_LEN + ENUM_LEN |
| Vanger | 4:e505054279ed | 8889 | + SUITE_LEN |
| Vanger | 4:e505054279ed | 8890 | + ENUM_LEN; |
| Vanger | 4:e505054279ed | 8891 | |
| Vanger | 4:e505054279ed | 8892 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 8893 | length += TLSX_GetResponseSize(ssl); |
| Vanger | 4:e505054279ed | 8894 | #endif |
| Vanger | 4:e505054279ed | 8895 | |
| Vanger | 4:e505054279ed | 8896 | /* check for avalaible size */ |
| Vanger | 4:e505054279ed | 8897 | if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0) |
| Vanger | 4:e505054279ed | 8898 | return ret; |
| Vanger | 4:e505054279ed | 8899 | |
| Vanger | 4:e505054279ed | 8900 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 8901 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 8902 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 8903 | |
| Vanger | 4:e505054279ed | 8904 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 8905 | AddHeaders(output, length, server_hello, ssl); |
| Vanger | 4:e505054279ed | 8906 | |
| Vanger | 4:e505054279ed | 8907 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 8908 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 8909 | idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 8910 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 8911 | } |
| Vanger | 4:e505054279ed | 8912 | #endif |
| Vanger | 4:e505054279ed | 8913 | /* now write to output */ |
| Vanger | 4:e505054279ed | 8914 | /* first version */ |
| Vanger | 4:e505054279ed | 8915 | output[idx++] = ssl->version.major; |
| Vanger | 4:e505054279ed | 8916 | output[idx++] = ssl->version.minor; |
| Vanger | 4:e505054279ed | 8917 | |
| Vanger | 4:e505054279ed | 8918 | /* then random */ |
| Vanger | 4:e505054279ed | 8919 | if (!ssl->options.resuming) { |
| Vanger | 4:e505054279ed | 8920 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, |
| Vanger | 4:e505054279ed | 8921 | RAN_LEN); |
| Vanger | 4:e505054279ed | 8922 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8923 | return ret; |
| Vanger | 4:e505054279ed | 8924 | } |
| Vanger | 4:e505054279ed | 8925 | |
| Vanger | 4:e505054279ed | 8926 | XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 8927 | idx += RAN_LEN; |
| Vanger | 4:e505054279ed | 8928 | |
| Vanger | 4:e505054279ed | 8929 | #ifdef SHOW_SECRETS |
| Vanger | 4:e505054279ed | 8930 | { |
| Vanger | 4:e505054279ed | 8931 | int j; |
| Vanger | 4:e505054279ed | 8932 | printf("server random: "); |
| Vanger | 4:e505054279ed | 8933 | for (j = 0; j < RAN_LEN; j++) |
| Vanger | 4:e505054279ed | 8934 | printf("%02x", ssl->arrays->serverRandom[j]); |
| Vanger | 4:e505054279ed | 8935 | printf("\n"); |
| Vanger | 4:e505054279ed | 8936 | } |
| Vanger | 4:e505054279ed | 8937 | #endif |
| Vanger | 4:e505054279ed | 8938 | /* then session id */ |
| Vanger | 4:e505054279ed | 8939 | output[idx++] = ID_LEN; |
| Vanger | 4:e505054279ed | 8940 | |
| Vanger | 4:e505054279ed | 8941 | if (!ssl->options.resuming) { |
| Vanger | 4:e505054279ed | 8942 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN); |
| Vanger | 4:e505054279ed | 8943 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8944 | return ret; |
| Vanger | 4:e505054279ed | 8945 | } |
| Vanger | 4:e505054279ed | 8946 | |
| Vanger | 4:e505054279ed | 8947 | XMEMCPY(output + idx, ssl->arrays->sessionID, ID_LEN); |
| Vanger | 4:e505054279ed | 8948 | idx += ID_LEN; |
| Vanger | 4:e505054279ed | 8949 | |
| Vanger | 4:e505054279ed | 8950 | /* then cipher suite */ |
| Vanger | 4:e505054279ed | 8951 | output[idx++] = ssl->options.cipherSuite0; |
| Vanger | 4:e505054279ed | 8952 | output[idx++] = ssl->options.cipherSuite; |
| Vanger | 4:e505054279ed | 8953 | |
| Vanger | 4:e505054279ed | 8954 | /* then compression */ |
| Vanger | 4:e505054279ed | 8955 | if (ssl->options.usingCompression) |
| Vanger | 4:e505054279ed | 8956 | output[idx++] = ZLIB_COMPRESSION; |
| Vanger | 4:e505054279ed | 8957 | else |
| Vanger | 4:e505054279ed | 8958 | output[idx++] = NO_COMPRESSION; |
| Vanger | 4:e505054279ed | 8959 | |
| Vanger | 4:e505054279ed | 8960 | /* last, extensions */ |
| Vanger | 4:e505054279ed | 8961 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 8962 | if (IsTLS(ssl)) |
| Vanger | 4:e505054279ed | 8963 | TLSX_WriteResponse(ssl, output + idx); |
| Vanger | 4:e505054279ed | 8964 | #endif |
| Vanger | 4:e505054279ed | 8965 | |
| Vanger | 4:e505054279ed | 8966 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 8967 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 8968 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 8969 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 8970 | return ret; |
| Vanger | 4:e505054279ed | 8971 | } |
| Vanger | 4:e505054279ed | 8972 | #endif |
| Vanger | 4:e505054279ed | 8973 | |
| Vanger | 4:e505054279ed | 8974 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 8975 | if (ret != 0) |
| Vanger | 4:e505054279ed | 8976 | return ret; |
| Vanger | 4:e505054279ed | 8977 | |
| Vanger | 4:e505054279ed | 8978 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 8979 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 8980 | AddPacketName("ServerHello", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 8981 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 8982 | AddPacketInfo("ServerHello", &ssl->timeoutInfo, output, sendSz, |
| Vanger | 4:e505054279ed | 8983 | ssl->heap); |
| Vanger | 4:e505054279ed | 8984 | #endif |
| Vanger | 4:e505054279ed | 8985 | |
| Vanger | 4:e505054279ed | 8986 | ssl->options.serverState = SERVER_HELLO_COMPLETE; |
| Vanger | 4:e505054279ed | 8987 | |
| Vanger | 4:e505054279ed | 8988 | if (ssl->options.groupMessages) |
| Vanger | 4:e505054279ed | 8989 | return 0; |
| Vanger | 4:e505054279ed | 8990 | else |
| Vanger | 4:e505054279ed | 8991 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 8992 | } |
| Vanger | 4:e505054279ed | 8993 | |
| Vanger | 4:e505054279ed | 8994 | |
| Vanger | 4:e505054279ed | 8995 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 8996 | |
| Vanger | 4:e505054279ed | 8997 | static byte SetCurveId(int size) |
| Vanger | 4:e505054279ed | 8998 | { |
| Vanger | 4:e505054279ed | 8999 | switch(size) { |
| Vanger | 4:e505054279ed | 9000 | case 20: |
| Vanger | 4:e505054279ed | 9001 | return secp160r1; |
| Vanger | 4:e505054279ed | 9002 | case 24: |
| Vanger | 4:e505054279ed | 9003 | return secp192r1; |
| Vanger | 4:e505054279ed | 9004 | case 28: |
| Vanger | 4:e505054279ed | 9005 | return secp224r1; |
| Vanger | 4:e505054279ed | 9006 | case 32: |
| Vanger | 4:e505054279ed | 9007 | return secp256r1; |
| Vanger | 4:e505054279ed | 9008 | case 48: |
| Vanger | 4:e505054279ed | 9009 | return secp384r1; |
| Vanger | 4:e505054279ed | 9010 | case 66: |
| Vanger | 4:e505054279ed | 9011 | return secp521r1; |
| Vanger | 4:e505054279ed | 9012 | default: |
| Vanger | 4:e505054279ed | 9013 | return 0; |
| Vanger | 4:e505054279ed | 9014 | } |
| Vanger | 4:e505054279ed | 9015 | } |
| Vanger | 4:e505054279ed | 9016 | |
| Vanger | 4:e505054279ed | 9017 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 9018 | |
| Vanger | 4:e505054279ed | 9019 | |
| Vanger | 4:e505054279ed | 9020 | int SendServerKeyExchange(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 9021 | { |
| Vanger | 4:e505054279ed | 9022 | int ret = 0; |
| Vanger | 4:e505054279ed | 9023 | (void)ssl; |
| Vanger | 4:e505054279ed | 9024 | |
| Vanger | 4:e505054279ed | 9025 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 9026 | if (ssl->specs.kea == psk_kea) |
| Vanger | 4:e505054279ed | 9027 | { |
| Vanger | 4:e505054279ed | 9028 | byte *output; |
| Vanger | 4:e505054279ed | 9029 | word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 9030 | int sendSz; |
| Vanger | 4:e505054279ed | 9031 | if (ssl->arrays->server_hint[0] == 0) return 0; /* don't send */ |
| Vanger | 4:e505054279ed | 9032 | |
| Vanger | 4:e505054279ed | 9033 | /* include size part */ |
| Vanger | 4:e505054279ed | 9034 | length = (word32)XSTRLEN(ssl->arrays->server_hint); |
| Vanger | 4:e505054279ed | 9035 | if (length > MAX_PSK_ID_LEN) return SERVER_HINT_ERROR; |
| Vanger | 4:e505054279ed | 9036 | length += HINT_LEN_SZ; |
| Vanger | 4:e505054279ed | 9037 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 9038 | |
| Vanger | 4:e505054279ed | 9039 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 9040 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 9041 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 9042 | idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 9043 | } |
| Vanger | 4:e505054279ed | 9044 | #endif |
| Vanger | 4:e505054279ed | 9045 | /* check for available size */ |
| Vanger | 4:e505054279ed | 9046 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 9047 | return ret; |
| Vanger | 4:e505054279ed | 9048 | |
| Vanger | 4:e505054279ed | 9049 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 9050 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 9051 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 9052 | |
| Vanger | 4:e505054279ed | 9053 | AddHeaders(output, length, server_key_exchange, ssl); |
| Vanger | 4:e505054279ed | 9054 | |
| Vanger | 4:e505054279ed | 9055 | /* key data */ |
| Vanger | 4:e505054279ed | 9056 | c16toa((word16)(length - HINT_LEN_SZ), output + idx); |
| Vanger | 4:e505054279ed | 9057 | idx += HINT_LEN_SZ; |
| Vanger | 4:e505054279ed | 9058 | XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ); |
| Vanger | 4:e505054279ed | 9059 | |
| Vanger | 4:e505054279ed | 9060 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 9061 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9062 | return ret; |
| Vanger | 4:e505054279ed | 9063 | |
| Vanger | 4:e505054279ed | 9064 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 9065 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 9066 | AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 9067 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 9068 | AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, |
| Vanger | 4:e505054279ed | 9069 | output, sendSz, ssl->heap); |
| Vanger | 4:e505054279ed | 9070 | #endif |
| Vanger | 4:e505054279ed | 9071 | |
| Vanger | 4:e505054279ed | 9072 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 9073 | if (ssl->options.groupMessages) |
| Vanger | 4:e505054279ed | 9074 | ret = 0; |
| Vanger | 4:e505054279ed | 9075 | else |
| Vanger | 4:e505054279ed | 9076 | ret = SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 9077 | ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; |
| Vanger | 4:e505054279ed | 9078 | } |
| Vanger | 4:e505054279ed | 9079 | #endif /*NO_PSK */ |
| Vanger | 4:e505054279ed | 9080 | |
| Vanger | 4:e505054279ed | 9081 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 9082 | if (ssl->specs.kea == ecc_diffie_hellman_kea) |
| Vanger | 4:e505054279ed | 9083 | { |
| Vanger | 4:e505054279ed | 9084 | byte *output; |
| Vanger | 4:e505054279ed | 9085 | word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 9086 | int sendSz; |
| Vanger | 4:e505054279ed | 9087 | byte exportBuf[MAX_EXPORT_ECC_SZ]; |
| Vanger | 4:e505054279ed | 9088 | word32 expSz = sizeof(exportBuf); |
| Vanger | 4:e505054279ed | 9089 | word32 sigSz; |
| Vanger | 4:e505054279ed | 9090 | word32 preSigSz, preSigIdx; |
| Vanger | 4:e505054279ed | 9091 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9092 | RsaKey rsaKey; |
| Vanger | 4:e505054279ed | 9093 | #endif |
| Vanger | 4:e505054279ed | 9094 | ecc_key dsaKey; |
| Vanger | 4:e505054279ed | 9095 | |
| Vanger | 4:e505054279ed | 9096 | if (ssl->specs.static_ecdh) { |
| Vanger | 4:e505054279ed | 9097 | CYASSL_MSG("Using Static ECDH, not sending ServerKeyExchagne"); |
| Vanger | 4:e505054279ed | 9098 | return 0; |
| Vanger | 4:e505054279ed | 9099 | } |
| Vanger | 4:e505054279ed | 9100 | |
| Vanger | 4:e505054279ed | 9101 | /* curve type, named curve, length(1) */ |
| Vanger | 4:e505054279ed | 9102 | length = ENUM_LEN + CURVE_LEN + ENUM_LEN; |
| Vanger | 4:e505054279ed | 9103 | /* pub key size */ |
| Vanger | 4:e505054279ed | 9104 | CYASSL_MSG("Using ephemeral ECDH"); |
| Vanger | 4:e505054279ed | 9105 | if (ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0) |
| Vanger | 4:e505054279ed | 9106 | return ECC_EXPORT_ERROR; |
| Vanger | 4:e505054279ed | 9107 | length += expSz; |
| Vanger | 4:e505054279ed | 9108 | |
| Vanger | 4:e505054279ed | 9109 | preSigSz = length; |
| Vanger | 4:e505054279ed | 9110 | preSigIdx = idx; |
| Vanger | 4:e505054279ed | 9111 | |
| Vanger | 4:e505054279ed | 9112 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9113 | ret = InitRsaKey(&rsaKey, ssl->heap); |
| Vanger | 4:e505054279ed | 9114 | if (ret != 0) return ret; |
| Vanger | 4:e505054279ed | 9115 | #endif |
| Vanger | 4:e505054279ed | 9116 | ecc_init(&dsaKey); |
| Vanger | 4:e505054279ed | 9117 | |
| Vanger | 4:e505054279ed | 9118 | /* sig length */ |
| Vanger | 4:e505054279ed | 9119 | length += LENGTH_SZ; |
| Vanger | 4:e505054279ed | 9120 | |
| Vanger | 4:e505054279ed | 9121 | if (!ssl->buffers.key.buffer) { |
| Vanger | 4:e505054279ed | 9122 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9123 | FreeRsaKey(&rsaKey); |
| Vanger | 4:e505054279ed | 9124 | #endif |
| Vanger | 4:e505054279ed | 9125 | ecc_free(&dsaKey); |
| Vanger | 4:e505054279ed | 9126 | return NO_PRIVATE_KEY; |
| Vanger | 4:e505054279ed | 9127 | } |
| Vanger | 4:e505054279ed | 9128 | |
| Vanger | 4:e505054279ed | 9129 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9130 | if (ssl->specs.sig_algo == rsa_sa_algo) { |
| Vanger | 4:e505054279ed | 9131 | /* rsa sig size */ |
| Vanger | 4:e505054279ed | 9132 | word32 i = 0; |
| Vanger | 4:e505054279ed | 9133 | ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, |
| Vanger | 4:e505054279ed | 9134 | &rsaKey, ssl->buffers.key.length); |
| Vanger | 4:e505054279ed | 9135 | if (ret != 0) return ret; |
| Vanger | 4:e505054279ed | 9136 | sigSz = RsaEncryptSize(&rsaKey); |
| Vanger | 4:e505054279ed | 9137 | } else |
| Vanger | 4:e505054279ed | 9138 | #endif |
| Vanger | 4:e505054279ed | 9139 | if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { |
| Vanger | 4:e505054279ed | 9140 | /* ecdsa sig size */ |
| Vanger | 4:e505054279ed | 9141 | word32 i = 0; |
| Vanger | 4:e505054279ed | 9142 | ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, |
| Vanger | 4:e505054279ed | 9143 | &dsaKey, ssl->buffers.key.length); |
| Vanger | 4:e505054279ed | 9144 | if (ret != 0) return ret; |
| Vanger | 4:e505054279ed | 9145 | sigSz = ecc_sig_size(&dsaKey); /* worst case estimate */ |
| Vanger | 4:e505054279ed | 9146 | } |
| Vanger | 4:e505054279ed | 9147 | else { |
| Vanger | 4:e505054279ed | 9148 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9149 | FreeRsaKey(&rsaKey); |
| Vanger | 4:e505054279ed | 9150 | #endif |
| Vanger | 4:e505054279ed | 9151 | ecc_free(&dsaKey); |
| Vanger | 4:e505054279ed | 9152 | return ALGO_ID_E; /* unsupported type */ |
| Vanger | 4:e505054279ed | 9153 | } |
| Vanger | 4:e505054279ed | 9154 | length += sigSz; |
| Vanger | 4:e505054279ed | 9155 | |
| Vanger | 4:e505054279ed | 9156 | if (IsAtLeastTLSv1_2(ssl)) |
| Vanger | 4:e505054279ed | 9157 | length += HASH_SIG_SIZE; |
| Vanger | 4:e505054279ed | 9158 | |
| Vanger | 4:e505054279ed | 9159 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 9160 | |
| Vanger | 4:e505054279ed | 9161 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 9162 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 9163 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 9164 | idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 9165 | preSigIdx = idx; |
| Vanger | 4:e505054279ed | 9166 | } |
| Vanger | 4:e505054279ed | 9167 | #endif |
| Vanger | 4:e505054279ed | 9168 | /* check for available size */ |
| Vanger | 4:e505054279ed | 9169 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { |
| Vanger | 4:e505054279ed | 9170 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9171 | FreeRsaKey(&rsaKey); |
| Vanger | 4:e505054279ed | 9172 | #endif |
| Vanger | 4:e505054279ed | 9173 | ecc_free(&dsaKey); |
| Vanger | 4:e505054279ed | 9174 | return ret; |
| Vanger | 4:e505054279ed | 9175 | } |
| Vanger | 4:e505054279ed | 9176 | |
| Vanger | 4:e505054279ed | 9177 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 9178 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 9179 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 9180 | |
| Vanger | 4:e505054279ed | 9181 | /* record and message headers will be added below, when we're sure |
| Vanger | 4:e505054279ed | 9182 | of the sig length */ |
| Vanger | 4:e505054279ed | 9183 | |
| Vanger | 4:e505054279ed | 9184 | /* key exchange data */ |
| Vanger | 4:e505054279ed | 9185 | output[idx++] = named_curve; |
| Vanger | 4:e505054279ed | 9186 | output[idx++] = 0x00; /* leading zero */ |
| Vanger | 4:e505054279ed | 9187 | output[idx++] = SetCurveId(ecc_size(ssl->eccTempKey)); |
| Vanger | 4:e505054279ed | 9188 | output[idx++] = (byte)expSz; |
| Vanger | 4:e505054279ed | 9189 | XMEMCPY(output + idx, exportBuf, expSz); |
| Vanger | 4:e505054279ed | 9190 | idx += expSz; |
| Vanger | 4:e505054279ed | 9191 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 9192 | output[idx++] = ssl->suites->hashAlgo; |
| Vanger | 4:e505054279ed | 9193 | output[idx++] = ssl->suites->sigAlgo; |
| Vanger | 4:e505054279ed | 9194 | } |
| Vanger | 4:e505054279ed | 9195 | |
| Vanger | 4:e505054279ed | 9196 | /* Signtaure length will be written later, when we're sure what it |
| Vanger | 4:e505054279ed | 9197 | is */ |
| Vanger | 4:e505054279ed | 9198 | |
| Vanger | 4:e505054279ed | 9199 | /* do signature */ |
| Vanger | 4:e505054279ed | 9200 | { |
| Vanger | 4:e505054279ed | 9201 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 9202 | Md5 md5; |
| Vanger | 4:e505054279ed | 9203 | Sha sha; |
| Vanger | 4:e505054279ed | 9204 | #endif |
| Vanger | 4:e505054279ed | 9205 | byte hash[FINISHED_SZ]; |
| Vanger | 4:e505054279ed | 9206 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 9207 | Sha256 sha256; |
| Vanger | 4:e505054279ed | 9208 | byte hash256[SHA256_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 9209 | #endif |
| Vanger | 4:e505054279ed | 9210 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 9211 | Sha384 sha384; |
| Vanger | 4:e505054279ed | 9212 | byte hash384[SHA384_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 9213 | #endif |
| Vanger | 4:e505054279ed | 9214 | |
| Vanger | 4:e505054279ed | 9215 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 9216 | /* md5 */ |
| Vanger | 4:e505054279ed | 9217 | InitMd5(&md5); |
| Vanger | 4:e505054279ed | 9218 | Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9219 | Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9220 | Md5Update(&md5, output + preSigIdx, preSigSz); |
| Vanger | 4:e505054279ed | 9221 | Md5Final(&md5, hash); |
| Vanger | 4:e505054279ed | 9222 | |
| Vanger | 4:e505054279ed | 9223 | /* sha */ |
| Vanger | 4:e505054279ed | 9224 | ret = InitSha(&sha); |
| Vanger | 4:e505054279ed | 9225 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9226 | return ret; |
| Vanger | 4:e505054279ed | 9227 | ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9228 | ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9229 | ShaUpdate(&sha, output + preSigIdx, preSigSz); |
| Vanger | 4:e505054279ed | 9230 | ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); |
| Vanger | 4:e505054279ed | 9231 | #endif |
| Vanger | 4:e505054279ed | 9232 | |
| Vanger | 4:e505054279ed | 9233 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 9234 | ret = InitSha256(&sha256); |
| Vanger | 4:e505054279ed | 9235 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9236 | return ret; |
| Vanger | 4:e505054279ed | 9237 | ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9238 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9239 | return ret; |
| Vanger | 4:e505054279ed | 9240 | ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9241 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9242 | return ret; |
| Vanger | 4:e505054279ed | 9243 | ret = Sha256Update(&sha256, output + preSigIdx, preSigSz); |
| Vanger | 4:e505054279ed | 9244 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9245 | return ret; |
| Vanger | 4:e505054279ed | 9246 | ret = Sha256Final(&sha256, hash256); |
| Vanger | 4:e505054279ed | 9247 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9248 | return ret; |
| Vanger | 4:e505054279ed | 9249 | #endif |
| Vanger | 4:e505054279ed | 9250 | |
| Vanger | 4:e505054279ed | 9251 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 9252 | ret = InitSha384(&sha384); |
| Vanger | 4:e505054279ed | 9253 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9254 | return ret; |
| Vanger | 4:e505054279ed | 9255 | ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9256 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9257 | return ret; |
| Vanger | 4:e505054279ed | 9258 | ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9259 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9260 | return ret; |
| Vanger | 4:e505054279ed | 9261 | ret = Sha384Update(&sha384, output + preSigIdx, preSigSz); |
| Vanger | 4:e505054279ed | 9262 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9263 | return ret; |
| Vanger | 4:e505054279ed | 9264 | ret = Sha384Final(&sha384, hash384); |
| Vanger | 4:e505054279ed | 9265 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9266 | return ret; |
| Vanger | 4:e505054279ed | 9267 | #endif |
| Vanger | 4:e505054279ed | 9268 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9269 | if (ssl->suites->sigAlgo == rsa_sa_algo) { |
| Vanger | 4:e505054279ed | 9270 | byte* signBuffer = hash; |
| Vanger | 4:e505054279ed | 9271 | word32 signSz = sizeof(hash); |
| Vanger | 4:e505054279ed | 9272 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
| Vanger | 4:e505054279ed | 9273 | byte doUserRsa = 0; |
| Vanger | 4:e505054279ed | 9274 | |
| Vanger | 4:e505054279ed | 9275 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 9276 | if (ssl->ctx->RsaSignCb) |
| Vanger | 4:e505054279ed | 9277 | doUserRsa = 1; |
| Vanger | 4:e505054279ed | 9278 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 9279 | |
| Vanger | 4:e505054279ed | 9280 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 9281 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 9282 | int typeH = SHAh; |
| Vanger | 4:e505054279ed | 9283 | int digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9284 | |
| Vanger | 4:e505054279ed | 9285 | if (ssl->suites->hashAlgo == sha256_mac) { |
| Vanger | 4:e505054279ed | 9286 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 9287 | digest = hash256; |
| Vanger | 4:e505054279ed | 9288 | typeH = SHA256h; |
| Vanger | 4:e505054279ed | 9289 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9290 | #endif |
| Vanger | 4:e505054279ed | 9291 | } |
| Vanger | 4:e505054279ed | 9292 | else if (ssl->suites->hashAlgo == sha384_mac) { |
| Vanger | 4:e505054279ed | 9293 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 9294 | digest = hash384; |
| Vanger | 4:e505054279ed | 9295 | typeH = SHA384h; |
| Vanger | 4:e505054279ed | 9296 | digestSz = SHA384_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9297 | #endif |
| Vanger | 4:e505054279ed | 9298 | } |
| Vanger | 4:e505054279ed | 9299 | |
| Vanger | 4:e505054279ed | 9300 | signSz = EncodeSignature(encodedSig, digest, digestSz, |
| Vanger | 4:e505054279ed | 9301 | typeH); |
| Vanger | 4:e505054279ed | 9302 | signBuffer = encodedSig; |
| Vanger | 4:e505054279ed | 9303 | } |
| Vanger | 4:e505054279ed | 9304 | /* write sig size here */ |
| Vanger | 4:e505054279ed | 9305 | c16toa((word16)sigSz, output + idx); |
| Vanger | 4:e505054279ed | 9306 | idx += LENGTH_SZ; |
| Vanger | 4:e505054279ed | 9307 | |
| Vanger | 4:e505054279ed | 9308 | if (doUserRsa) { |
| Vanger | 4:e505054279ed | 9309 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 9310 | word32 ioLen = sigSz; |
| Vanger | 4:e505054279ed | 9311 | ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz, |
| Vanger | 4:e505054279ed | 9312 | output + idx, |
| Vanger | 4:e505054279ed | 9313 | &ioLen, |
| Vanger | 4:e505054279ed | 9314 | ssl->buffers.key.buffer, |
| Vanger | 4:e505054279ed | 9315 | ssl->buffers.key.length, |
| Vanger | 4:e505054279ed | 9316 | ssl->RsaSignCtx); |
| Vanger | 4:e505054279ed | 9317 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 9318 | } |
| Vanger | 4:e505054279ed | 9319 | else { |
| Vanger | 4:e505054279ed | 9320 | ret = RsaSSL_Sign(signBuffer, signSz, output + idx, |
| Vanger | 4:e505054279ed | 9321 | sigSz, &rsaKey, ssl->rng); |
| Vanger | 4:e505054279ed | 9322 | if (ret > 0) |
| Vanger | 4:e505054279ed | 9323 | ret = 0; /* reset on success */ |
| Vanger | 4:e505054279ed | 9324 | } |
| Vanger | 4:e505054279ed | 9325 | FreeRsaKey(&rsaKey); |
| Vanger | 4:e505054279ed | 9326 | ecc_free(&dsaKey); |
| Vanger | 4:e505054279ed | 9327 | if (ret < 0) |
| Vanger | 4:e505054279ed | 9328 | return ret; |
| Vanger | 4:e505054279ed | 9329 | } else |
| Vanger | 4:e505054279ed | 9330 | #endif |
| Vanger | 4:e505054279ed | 9331 | if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) { |
| Vanger | 4:e505054279ed | 9332 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 9333 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 9334 | word32 digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9335 | #else |
| Vanger | 4:e505054279ed | 9336 | byte* digest = hash256; |
| Vanger | 4:e505054279ed | 9337 | word32 digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9338 | #endif |
| Vanger | 4:e505054279ed | 9339 | word32 sz = sigSz; |
| Vanger | 4:e505054279ed | 9340 | byte doUserEcc = 0; |
| Vanger | 4:e505054279ed | 9341 | |
| Vanger | 4:e505054279ed | 9342 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 9343 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 9344 | if (ssl->ctx->EccSignCb) |
| Vanger | 4:e505054279ed | 9345 | doUserEcc = 1; |
| Vanger | 4:e505054279ed | 9346 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 9347 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 9348 | |
| Vanger | 4:e505054279ed | 9349 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 9350 | if (ssl->suites->hashAlgo == sha_mac) { |
| Vanger | 4:e505054279ed | 9351 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 9352 | digest = &hash[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 9353 | digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9354 | #endif |
| Vanger | 4:e505054279ed | 9355 | } |
| Vanger | 4:e505054279ed | 9356 | else if (ssl->suites->hashAlgo == sha256_mac) { |
| Vanger | 4:e505054279ed | 9357 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 9358 | digest = hash256; |
| Vanger | 4:e505054279ed | 9359 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9360 | #endif |
| Vanger | 4:e505054279ed | 9361 | } |
| Vanger | 4:e505054279ed | 9362 | else if (ssl->suites->hashAlgo == sha384_mac) { |
| Vanger | 4:e505054279ed | 9363 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 9364 | digest = hash384; |
| Vanger | 4:e505054279ed | 9365 | digestSz = SHA384_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9366 | #endif |
| Vanger | 4:e505054279ed | 9367 | } |
| Vanger | 4:e505054279ed | 9368 | } |
| Vanger | 4:e505054279ed | 9369 | |
| Vanger | 4:e505054279ed | 9370 | if (doUserEcc) { |
| Vanger | 4:e505054279ed | 9371 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 9372 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 9373 | ret = ssl->ctx->EccSignCb(ssl, digest, digestSz, |
| Vanger | 4:e505054279ed | 9374 | output + LENGTH_SZ + idx, &sz, |
| Vanger | 4:e505054279ed | 9375 | ssl->buffers.key.buffer, |
| Vanger | 4:e505054279ed | 9376 | ssl->buffers.key.length, |
| Vanger | 4:e505054279ed | 9377 | ssl->EccSignCtx); |
| Vanger | 4:e505054279ed | 9378 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 9379 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 9380 | } |
| Vanger | 4:e505054279ed | 9381 | else { |
| Vanger | 4:e505054279ed | 9382 | ret = ecc_sign_hash(digest, digestSz, |
| Vanger | 4:e505054279ed | 9383 | output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey); |
| Vanger | 4:e505054279ed | 9384 | } |
| Vanger | 4:e505054279ed | 9385 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9386 | FreeRsaKey(&rsaKey); |
| Vanger | 4:e505054279ed | 9387 | #endif |
| Vanger | 4:e505054279ed | 9388 | ecc_free(&dsaKey); |
| Vanger | 4:e505054279ed | 9389 | if (ret < 0) return ret; |
| Vanger | 4:e505054279ed | 9390 | |
| Vanger | 4:e505054279ed | 9391 | /* Now that we know the real sig size, write it. */ |
| Vanger | 4:e505054279ed | 9392 | c16toa((word16)sz, output + idx); |
| Vanger | 4:e505054279ed | 9393 | |
| Vanger | 4:e505054279ed | 9394 | /* And adjust length and sendSz from estimates */ |
| Vanger | 4:e505054279ed | 9395 | length += sz - sigSz; |
| Vanger | 4:e505054279ed | 9396 | sendSz += sz - sigSz; |
| Vanger | 4:e505054279ed | 9397 | } |
| Vanger | 4:e505054279ed | 9398 | } |
| Vanger | 4:e505054279ed | 9399 | |
| Vanger | 4:e505054279ed | 9400 | AddHeaders(output, length, server_key_exchange, ssl); |
| Vanger | 4:e505054279ed | 9401 | |
| Vanger | 4:e505054279ed | 9402 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 9403 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9404 | return ret; |
| Vanger | 4:e505054279ed | 9405 | |
| Vanger | 4:e505054279ed | 9406 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 9407 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 9408 | AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 9409 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 9410 | AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, |
| Vanger | 4:e505054279ed | 9411 | output, sendSz, ssl->heap); |
| Vanger | 4:e505054279ed | 9412 | #endif |
| Vanger | 4:e505054279ed | 9413 | |
| Vanger | 4:e505054279ed | 9414 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 9415 | if (ssl->options.groupMessages) |
| Vanger | 4:e505054279ed | 9416 | ret = 0; |
| Vanger | 4:e505054279ed | 9417 | else |
| Vanger | 4:e505054279ed | 9418 | ret = SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 9419 | ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; |
| Vanger | 4:e505054279ed | 9420 | } |
| Vanger | 4:e505054279ed | 9421 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 9422 | |
| Vanger | 4:e505054279ed | 9423 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 9424 | if (ssl->specs.kea == diffie_hellman_kea) { |
| Vanger | 4:e505054279ed | 9425 | byte *output; |
| Vanger | 4:e505054279ed | 9426 | word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 9427 | int sendSz; |
| Vanger | 4:e505054279ed | 9428 | word32 sigSz = 0, i = 0; |
| Vanger | 4:e505054279ed | 9429 | word32 preSigSz = 0, preSigIdx = 0; |
| Vanger | 4:e505054279ed | 9430 | RsaKey rsaKey; |
| Vanger | 4:e505054279ed | 9431 | DhKey dhKey; |
| Vanger | 4:e505054279ed | 9432 | |
| Vanger | 4:e505054279ed | 9433 | if (ssl->buffers.serverDH_P.buffer == NULL || |
| Vanger | 4:e505054279ed | 9434 | ssl->buffers.serverDH_G.buffer == NULL) |
| Vanger | 4:e505054279ed | 9435 | return NO_DH_PARAMS; |
| Vanger | 4:e505054279ed | 9436 | |
| Vanger | 4:e505054279ed | 9437 | if (ssl->buffers.serverDH_Pub.buffer == NULL) { |
| Vanger | 4:e505054279ed | 9438 | ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( |
| Vanger | 4:e505054279ed | 9439 | ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, |
| Vanger | 4:e505054279ed | 9440 | DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 9441 | if (ssl->buffers.serverDH_Pub.buffer == NULL) |
| Vanger | 4:e505054279ed | 9442 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 9443 | } |
| Vanger | 4:e505054279ed | 9444 | |
| Vanger | 4:e505054279ed | 9445 | if (ssl->buffers.serverDH_Priv.buffer == NULL) { |
| Vanger | 4:e505054279ed | 9446 | ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( |
| Vanger | 4:e505054279ed | 9447 | ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap, |
| Vanger | 4:e505054279ed | 9448 | DYNAMIC_TYPE_DH); |
| Vanger | 4:e505054279ed | 9449 | if (ssl->buffers.serverDH_Priv.buffer == NULL) |
| Vanger | 4:e505054279ed | 9450 | return MEMORY_E; |
| Vanger | 4:e505054279ed | 9451 | } |
| Vanger | 4:e505054279ed | 9452 | |
| Vanger | 4:e505054279ed | 9453 | InitDhKey(&dhKey); |
| Vanger | 4:e505054279ed | 9454 | ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, |
| Vanger | 4:e505054279ed | 9455 | ssl->buffers.serverDH_P.length, |
| Vanger | 4:e505054279ed | 9456 | ssl->buffers.serverDH_G.buffer, |
| Vanger | 4:e505054279ed | 9457 | ssl->buffers.serverDH_G.length); |
| Vanger | 4:e505054279ed | 9458 | if (ret == 0) |
| Vanger | 4:e505054279ed | 9459 | ret = DhGenerateKeyPair(&dhKey, ssl->rng, |
| Vanger | 4:e505054279ed | 9460 | ssl->buffers.serverDH_Priv.buffer, |
| Vanger | 4:e505054279ed | 9461 | &ssl->buffers.serverDH_Priv.length, |
| Vanger | 4:e505054279ed | 9462 | ssl->buffers.serverDH_Pub.buffer, |
| Vanger | 4:e505054279ed | 9463 | &ssl->buffers.serverDH_Pub.length); |
| Vanger | 4:e505054279ed | 9464 | FreeDhKey(&dhKey); |
| Vanger | 4:e505054279ed | 9465 | |
| Vanger | 4:e505054279ed | 9466 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 9467 | ret = InitRsaKey(&rsaKey, ssl->heap); |
| Vanger | 4:e505054279ed | 9468 | if (ret != 0) return ret; |
| Vanger | 4:e505054279ed | 9469 | } |
| Vanger | 4:e505054279ed | 9470 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 9471 | length = LENGTH_SZ * 3; /* p, g, pub */ |
| Vanger | 4:e505054279ed | 9472 | length += ssl->buffers.serverDH_P.length + |
| Vanger | 4:e505054279ed | 9473 | ssl->buffers.serverDH_G.length + |
| Vanger | 4:e505054279ed | 9474 | ssl->buffers.serverDH_Pub.length; |
| Vanger | 4:e505054279ed | 9475 | |
| Vanger | 4:e505054279ed | 9476 | preSigIdx = idx; |
| Vanger | 4:e505054279ed | 9477 | preSigSz = length; |
| Vanger | 4:e505054279ed | 9478 | |
| Vanger | 4:e505054279ed | 9479 | /* sig length */ |
| Vanger | 4:e505054279ed | 9480 | length += LENGTH_SZ; |
| Vanger | 4:e505054279ed | 9481 | |
| Vanger | 4:e505054279ed | 9482 | if (!ssl->buffers.key.buffer) |
| Vanger | 4:e505054279ed | 9483 | return NO_PRIVATE_KEY; |
| Vanger | 4:e505054279ed | 9484 | |
| Vanger | 4:e505054279ed | 9485 | ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, &rsaKey, |
| Vanger | 4:e505054279ed | 9486 | ssl->buffers.key.length); |
| Vanger | 4:e505054279ed | 9487 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 9488 | sigSz = RsaEncryptSize(&rsaKey); |
| Vanger | 4:e505054279ed | 9489 | length += sigSz; |
| Vanger | 4:e505054279ed | 9490 | } |
| Vanger | 4:e505054279ed | 9491 | } |
| Vanger | 4:e505054279ed | 9492 | if (ret != 0) { |
| Vanger | 4:e505054279ed | 9493 | FreeRsaKey(&rsaKey); |
| Vanger | 4:e505054279ed | 9494 | return ret; |
| Vanger | 4:e505054279ed | 9495 | } |
| Vanger | 4:e505054279ed | 9496 | |
| Vanger | 4:e505054279ed | 9497 | if (IsAtLeastTLSv1_2(ssl)) |
| Vanger | 4:e505054279ed | 9498 | length += HASH_SIG_SIZE; |
| Vanger | 4:e505054279ed | 9499 | |
| Vanger | 4:e505054279ed | 9500 | sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; |
| Vanger | 4:e505054279ed | 9501 | |
| Vanger | 4:e505054279ed | 9502 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 9503 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 9504 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 9505 | idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 9506 | preSigIdx = idx; |
| Vanger | 4:e505054279ed | 9507 | } |
| Vanger | 4:e505054279ed | 9508 | #endif |
| Vanger | 4:e505054279ed | 9509 | /* check for available size */ |
| Vanger | 4:e505054279ed | 9510 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) { |
| Vanger | 4:e505054279ed | 9511 | FreeRsaKey(&rsaKey); |
| Vanger | 4:e505054279ed | 9512 | return ret; |
| Vanger | 4:e505054279ed | 9513 | } |
| Vanger | 4:e505054279ed | 9514 | |
| Vanger | 4:e505054279ed | 9515 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 9516 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 9517 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 9518 | |
| Vanger | 4:e505054279ed | 9519 | AddHeaders(output, length, server_key_exchange, ssl); |
| Vanger | 4:e505054279ed | 9520 | |
| Vanger | 4:e505054279ed | 9521 | /* add p, g, pub */ |
| Vanger | 4:e505054279ed | 9522 | c16toa((word16)ssl->buffers.serverDH_P.length, output + idx); |
| Vanger | 4:e505054279ed | 9523 | idx += LENGTH_SZ; |
| Vanger | 4:e505054279ed | 9524 | XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer, |
| Vanger | 4:e505054279ed | 9525 | ssl->buffers.serverDH_P.length); |
| Vanger | 4:e505054279ed | 9526 | idx += ssl->buffers.serverDH_P.length; |
| Vanger | 4:e505054279ed | 9527 | |
| Vanger | 4:e505054279ed | 9528 | /* g */ |
| Vanger | 4:e505054279ed | 9529 | c16toa((word16)ssl->buffers.serverDH_G.length, output + idx); |
| Vanger | 4:e505054279ed | 9530 | idx += LENGTH_SZ; |
| Vanger | 4:e505054279ed | 9531 | XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer, |
| Vanger | 4:e505054279ed | 9532 | ssl->buffers.serverDH_G.length); |
| Vanger | 4:e505054279ed | 9533 | idx += ssl->buffers.serverDH_G.length; |
| Vanger | 4:e505054279ed | 9534 | |
| Vanger | 4:e505054279ed | 9535 | /* pub */ |
| Vanger | 4:e505054279ed | 9536 | c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx); |
| Vanger | 4:e505054279ed | 9537 | idx += LENGTH_SZ; |
| Vanger | 4:e505054279ed | 9538 | XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer, |
| Vanger | 4:e505054279ed | 9539 | ssl->buffers.serverDH_Pub.length); |
| Vanger | 4:e505054279ed | 9540 | idx += ssl->buffers.serverDH_Pub.length; |
| Vanger | 4:e505054279ed | 9541 | |
| Vanger | 4:e505054279ed | 9542 | /* Add signature */ |
| Vanger | 4:e505054279ed | 9543 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 9544 | output[idx++] = ssl->suites->hashAlgo; |
| Vanger | 4:e505054279ed | 9545 | output[idx++] = ssl->suites->sigAlgo; |
| Vanger | 4:e505054279ed | 9546 | } |
| Vanger | 4:e505054279ed | 9547 | /* size */ |
| Vanger | 4:e505054279ed | 9548 | c16toa((word16)sigSz, output + idx); |
| Vanger | 4:e505054279ed | 9549 | idx += LENGTH_SZ; |
| Vanger | 4:e505054279ed | 9550 | |
| Vanger | 4:e505054279ed | 9551 | /* do signature */ |
| Vanger | 4:e505054279ed | 9552 | { |
| Vanger | 4:e505054279ed | 9553 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 9554 | Md5 md5; |
| Vanger | 4:e505054279ed | 9555 | Sha sha; |
| Vanger | 4:e505054279ed | 9556 | #endif |
| Vanger | 4:e505054279ed | 9557 | byte hash[FINISHED_SZ]; |
| Vanger | 4:e505054279ed | 9558 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 9559 | Sha256 sha256; |
| Vanger | 4:e505054279ed | 9560 | byte hash256[SHA256_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 9561 | #endif |
| Vanger | 4:e505054279ed | 9562 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 9563 | Sha384 sha384; |
| Vanger | 4:e505054279ed | 9564 | byte hash384[SHA384_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 9565 | #endif |
| Vanger | 4:e505054279ed | 9566 | |
| Vanger | 4:e505054279ed | 9567 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 9568 | /* md5 */ |
| Vanger | 4:e505054279ed | 9569 | InitMd5(&md5); |
| Vanger | 4:e505054279ed | 9570 | Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9571 | Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9572 | Md5Update(&md5, output + preSigIdx, preSigSz); |
| Vanger | 4:e505054279ed | 9573 | Md5Final(&md5, hash); |
| Vanger | 4:e505054279ed | 9574 | |
| Vanger | 4:e505054279ed | 9575 | /* sha */ |
| Vanger | 4:e505054279ed | 9576 | ret = InitSha(&sha); |
| Vanger | 4:e505054279ed | 9577 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9578 | return ret; |
| Vanger | 4:e505054279ed | 9579 | ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9580 | ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9581 | ShaUpdate(&sha, output + preSigIdx, preSigSz); |
| Vanger | 4:e505054279ed | 9582 | ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); |
| Vanger | 4:e505054279ed | 9583 | #endif |
| Vanger | 4:e505054279ed | 9584 | |
| Vanger | 4:e505054279ed | 9585 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 9586 | ret = InitSha256(&sha256); |
| Vanger | 4:e505054279ed | 9587 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9588 | return ret; |
| Vanger | 4:e505054279ed | 9589 | ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9590 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9591 | return ret; |
| Vanger | 4:e505054279ed | 9592 | ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9593 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9594 | return ret; |
| Vanger | 4:e505054279ed | 9595 | ret = Sha256Update(&sha256, output + preSigIdx, preSigSz); |
| Vanger | 4:e505054279ed | 9596 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9597 | return ret; |
| Vanger | 4:e505054279ed | 9598 | ret = Sha256Final(&sha256, hash256); |
| Vanger | 4:e505054279ed | 9599 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9600 | return ret; |
| Vanger | 4:e505054279ed | 9601 | #endif |
| Vanger | 4:e505054279ed | 9602 | |
| Vanger | 4:e505054279ed | 9603 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 9604 | ret = InitSha384(&sha384); |
| Vanger | 4:e505054279ed | 9605 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9606 | return ret; |
| Vanger | 4:e505054279ed | 9607 | ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9608 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9609 | return ret; |
| Vanger | 4:e505054279ed | 9610 | ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN); |
| Vanger | 4:e505054279ed | 9611 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9612 | return ret; |
| Vanger | 4:e505054279ed | 9613 | ret = Sha384Update(&sha384, output + preSigIdx, preSigSz); |
| Vanger | 4:e505054279ed | 9614 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9615 | return ret; |
| Vanger | 4:e505054279ed | 9616 | ret = Sha384Final(&sha384, hash384); |
| Vanger | 4:e505054279ed | 9617 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9618 | return ret; |
| Vanger | 4:e505054279ed | 9619 | #endif |
| Vanger | 4:e505054279ed | 9620 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9621 | if (ssl->suites->sigAlgo == rsa_sa_algo) { |
| Vanger | 4:e505054279ed | 9622 | byte* signBuffer = hash; |
| Vanger | 4:e505054279ed | 9623 | word32 signSz = sizeof(hash); |
| Vanger | 4:e505054279ed | 9624 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
| Vanger | 4:e505054279ed | 9625 | byte doUserRsa = 0; |
| Vanger | 4:e505054279ed | 9626 | |
| Vanger | 4:e505054279ed | 9627 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 9628 | if (ssl->ctx->RsaSignCb) |
| Vanger | 4:e505054279ed | 9629 | doUserRsa = 1; |
| Vanger | 4:e505054279ed | 9630 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 9631 | |
| Vanger | 4:e505054279ed | 9632 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 9633 | byte* digest = &hash[MD5_DIGEST_SIZE]; |
| Vanger | 4:e505054279ed | 9634 | int typeH = SHAh; |
| Vanger | 4:e505054279ed | 9635 | int digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9636 | |
| Vanger | 4:e505054279ed | 9637 | if (ssl->suites->hashAlgo == sha256_mac) { |
| Vanger | 4:e505054279ed | 9638 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 9639 | digest = hash256; |
| Vanger | 4:e505054279ed | 9640 | typeH = SHA256h; |
| Vanger | 4:e505054279ed | 9641 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9642 | #endif |
| Vanger | 4:e505054279ed | 9643 | } |
| Vanger | 4:e505054279ed | 9644 | else if (ssl->suites->hashAlgo == sha384_mac) { |
| Vanger | 4:e505054279ed | 9645 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 9646 | digest = hash384; |
| Vanger | 4:e505054279ed | 9647 | typeH = SHA384h; |
| Vanger | 4:e505054279ed | 9648 | digestSz = SHA384_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 9649 | #endif |
| Vanger | 4:e505054279ed | 9650 | } |
| Vanger | 4:e505054279ed | 9651 | |
| Vanger | 4:e505054279ed | 9652 | signSz = EncodeSignature(encodedSig, digest, digestSz, |
| Vanger | 4:e505054279ed | 9653 | typeH); |
| Vanger | 4:e505054279ed | 9654 | signBuffer = encodedSig; |
| Vanger | 4:e505054279ed | 9655 | } |
| Vanger | 4:e505054279ed | 9656 | if (doUserRsa) { |
| Vanger | 4:e505054279ed | 9657 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 9658 | word32 ioLen = sigSz; |
| Vanger | 4:e505054279ed | 9659 | ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz, |
| Vanger | 4:e505054279ed | 9660 | output + idx, |
| Vanger | 4:e505054279ed | 9661 | &ioLen, |
| Vanger | 4:e505054279ed | 9662 | ssl->buffers.key.buffer, |
| Vanger | 4:e505054279ed | 9663 | ssl->buffers.key.length, |
| Vanger | 4:e505054279ed | 9664 | ssl->RsaSignCtx); |
| Vanger | 4:e505054279ed | 9665 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 9666 | } |
| Vanger | 4:e505054279ed | 9667 | else { |
| Vanger | 4:e505054279ed | 9668 | ret = RsaSSL_Sign(signBuffer, signSz, output + idx, |
| Vanger | 4:e505054279ed | 9669 | sigSz, &rsaKey, ssl->rng); |
| Vanger | 4:e505054279ed | 9670 | } |
| Vanger | 4:e505054279ed | 9671 | FreeRsaKey(&rsaKey); |
| Vanger | 4:e505054279ed | 9672 | if (ret < 0) |
| Vanger | 4:e505054279ed | 9673 | return ret; |
| Vanger | 4:e505054279ed | 9674 | } |
| Vanger | 4:e505054279ed | 9675 | #endif |
| Vanger | 4:e505054279ed | 9676 | } |
| Vanger | 4:e505054279ed | 9677 | |
| Vanger | 4:e505054279ed | 9678 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 9679 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 9680 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 9681 | return ret; |
| Vanger | 4:e505054279ed | 9682 | } |
| Vanger | 4:e505054279ed | 9683 | #endif |
| Vanger | 4:e505054279ed | 9684 | |
| Vanger | 4:e505054279ed | 9685 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 9686 | if (ret != 0) |
| Vanger | 4:e505054279ed | 9687 | return ret; |
| Vanger | 4:e505054279ed | 9688 | |
| Vanger | 4:e505054279ed | 9689 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 9690 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 9691 | AddPacketName("ServerKeyExchange", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 9692 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 9693 | AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo, |
| Vanger | 4:e505054279ed | 9694 | output, sendSz, ssl->heap); |
| Vanger | 4:e505054279ed | 9695 | #endif |
| Vanger | 4:e505054279ed | 9696 | |
| Vanger | 4:e505054279ed | 9697 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 9698 | if (ssl->options.groupMessages) |
| Vanger | 4:e505054279ed | 9699 | ret = 0; |
| Vanger | 4:e505054279ed | 9700 | else |
| Vanger | 4:e505054279ed | 9701 | ret = SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 9702 | ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; |
| Vanger | 4:e505054279ed | 9703 | } |
| Vanger | 4:e505054279ed | 9704 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 9705 | |
| Vanger | 4:e505054279ed | 9706 | return ret; |
| Vanger | 4:e505054279ed | 9707 | } |
| Vanger | 4:e505054279ed | 9708 | |
| Vanger | 4:e505054279ed | 9709 | |
| Vanger | 4:e505054279ed | 9710 | /* cipher requirements */ |
| Vanger | 4:e505054279ed | 9711 | enum { |
| Vanger | 4:e505054279ed | 9712 | REQUIRES_RSA, |
| Vanger | 4:e505054279ed | 9713 | REQUIRES_DHE, |
| Vanger | 4:e505054279ed | 9714 | REQUIRES_ECC_DSA, |
| Vanger | 4:e505054279ed | 9715 | REQUIRES_ECC_STATIC, |
| Vanger | 4:e505054279ed | 9716 | REQUIRES_PSK, |
| Vanger | 4:e505054279ed | 9717 | REQUIRES_NTRU, |
| Vanger | 4:e505054279ed | 9718 | REQUIRES_RSA_SIG |
| Vanger | 4:e505054279ed | 9719 | }; |
| Vanger | 4:e505054279ed | 9720 | |
| Vanger | 4:e505054279ed | 9721 | |
| Vanger | 4:e505054279ed | 9722 | |
| Vanger | 4:e505054279ed | 9723 | /* Does this cipher suite (first, second) have the requirement |
| Vanger | 4:e505054279ed | 9724 | an ephemeral key exchange will still require the key for signing |
| Vanger | 4:e505054279ed | 9725 | the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */ |
| Vanger | 4:e505054279ed | 9726 | static int CipherRequires(byte first, byte second, int requirement) |
| Vanger | 4:e505054279ed | 9727 | { |
| Vanger | 4:e505054279ed | 9728 | /* ECC extensions */ |
| Vanger | 4:e505054279ed | 9729 | if (first == ECC_BYTE) { |
| Vanger | 4:e505054279ed | 9730 | |
| Vanger | 4:e505054279ed | 9731 | switch (second) { |
| Vanger | 4:e505054279ed | 9732 | |
| Vanger | 4:e505054279ed | 9733 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9734 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 9735 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9736 | return 1; |
| Vanger | 4:e505054279ed | 9737 | break; |
| Vanger | 4:e505054279ed | 9738 | |
| Vanger | 4:e505054279ed | 9739 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 9740 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9741 | return 1; |
| Vanger | 4:e505054279ed | 9742 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 9743 | return 1; |
| Vanger | 4:e505054279ed | 9744 | break; |
| Vanger | 4:e505054279ed | 9745 | |
| Vanger | 4:e505054279ed | 9746 | #ifndef NO_DES3 |
| Vanger | 4:e505054279ed | 9747 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : |
| Vanger | 4:e505054279ed | 9748 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9749 | return 1; |
| Vanger | 4:e505054279ed | 9750 | break; |
| Vanger | 4:e505054279ed | 9751 | |
| Vanger | 4:e505054279ed | 9752 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : |
| Vanger | 4:e505054279ed | 9753 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9754 | return 1; |
| Vanger | 4:e505054279ed | 9755 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 9756 | return 1; |
| Vanger | 4:e505054279ed | 9757 | break; |
| Vanger | 4:e505054279ed | 9758 | #endif |
| Vanger | 4:e505054279ed | 9759 | |
| Vanger | 4:e505054279ed | 9760 | #ifndef NO_RC4 |
| Vanger | 4:e505054279ed | 9761 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA : |
| Vanger | 4:e505054279ed | 9762 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9763 | return 1; |
| Vanger | 4:e505054279ed | 9764 | break; |
| Vanger | 4:e505054279ed | 9765 | |
| Vanger | 4:e505054279ed | 9766 | case TLS_ECDH_RSA_WITH_RC4_128_SHA : |
| Vanger | 4:e505054279ed | 9767 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9768 | return 1; |
| Vanger | 4:e505054279ed | 9769 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 9770 | return 1; |
| Vanger | 4:e505054279ed | 9771 | break; |
| Vanger | 4:e505054279ed | 9772 | #endif |
| Vanger | 4:e505054279ed | 9773 | #endif /* NO_RSA */ |
| Vanger | 4:e505054279ed | 9774 | |
| Vanger | 4:e505054279ed | 9775 | #ifndef NO_DES3 |
| Vanger | 4:e505054279ed | 9776 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : |
| Vanger | 4:e505054279ed | 9777 | if (requirement == REQUIRES_ECC_DSA) |
| Vanger | 4:e505054279ed | 9778 | return 1; |
| Vanger | 4:e505054279ed | 9779 | break; |
| Vanger | 4:e505054279ed | 9780 | |
| Vanger | 4:e505054279ed | 9781 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : |
| Vanger | 4:e505054279ed | 9782 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9783 | return 1; |
| Vanger | 4:e505054279ed | 9784 | break; |
| Vanger | 4:e505054279ed | 9785 | #endif |
| Vanger | 4:e505054279ed | 9786 | #ifndef NO_RC4 |
| Vanger | 4:e505054279ed | 9787 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : |
| Vanger | 4:e505054279ed | 9788 | if (requirement == REQUIRES_ECC_DSA) |
| Vanger | 4:e505054279ed | 9789 | return 1; |
| Vanger | 4:e505054279ed | 9790 | break; |
| Vanger | 4:e505054279ed | 9791 | |
| Vanger | 4:e505054279ed | 9792 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : |
| Vanger | 4:e505054279ed | 9793 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9794 | return 1; |
| Vanger | 4:e505054279ed | 9795 | break; |
| Vanger | 4:e505054279ed | 9796 | #endif |
| Vanger | 4:e505054279ed | 9797 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9798 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 9799 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9800 | return 1; |
| Vanger | 4:e505054279ed | 9801 | break; |
| Vanger | 4:e505054279ed | 9802 | |
| Vanger | 4:e505054279ed | 9803 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 9804 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9805 | return 1; |
| Vanger | 4:e505054279ed | 9806 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 9807 | return 1; |
| Vanger | 4:e505054279ed | 9808 | break; |
| Vanger | 4:e505054279ed | 9809 | #endif |
| Vanger | 4:e505054279ed | 9810 | |
| Vanger | 4:e505054279ed | 9811 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 9812 | if (requirement == REQUIRES_ECC_DSA) |
| Vanger | 4:e505054279ed | 9813 | return 1; |
| Vanger | 4:e505054279ed | 9814 | break; |
| Vanger | 4:e505054279ed | 9815 | |
| Vanger | 4:e505054279ed | 9816 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 9817 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9818 | return 1; |
| Vanger | 4:e505054279ed | 9819 | break; |
| Vanger | 4:e505054279ed | 9820 | |
| Vanger | 4:e505054279ed | 9821 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 9822 | if (requirement == REQUIRES_ECC_DSA) |
| Vanger | 4:e505054279ed | 9823 | return 1; |
| Vanger | 4:e505054279ed | 9824 | break; |
| Vanger | 4:e505054279ed | 9825 | |
| Vanger | 4:e505054279ed | 9826 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 9827 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9828 | return 1; |
| Vanger | 4:e505054279ed | 9829 | break; |
| Vanger | 4:e505054279ed | 9830 | |
| Vanger | 4:e505054279ed | 9831 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : |
| Vanger | 4:e505054279ed | 9832 | if (requirement == REQUIRES_ECC_DSA) |
| Vanger | 4:e505054279ed | 9833 | return 1; |
| Vanger | 4:e505054279ed | 9834 | break; |
| Vanger | 4:e505054279ed | 9835 | |
| Vanger | 4:e505054279ed | 9836 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : |
| Vanger | 4:e505054279ed | 9837 | if (requirement == REQUIRES_ECC_DSA) |
| Vanger | 4:e505054279ed | 9838 | return 1; |
| Vanger | 4:e505054279ed | 9839 | break; |
| Vanger | 4:e505054279ed | 9840 | |
| Vanger | 4:e505054279ed | 9841 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : |
| Vanger | 4:e505054279ed | 9842 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9843 | return 1; |
| Vanger | 4:e505054279ed | 9844 | break; |
| Vanger | 4:e505054279ed | 9845 | |
| Vanger | 4:e505054279ed | 9846 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : |
| Vanger | 4:e505054279ed | 9847 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9848 | return 1; |
| Vanger | 4:e505054279ed | 9849 | break; |
| Vanger | 4:e505054279ed | 9850 | |
| Vanger | 4:e505054279ed | 9851 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9852 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : |
| Vanger | 4:e505054279ed | 9853 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9854 | return 1; |
| Vanger | 4:e505054279ed | 9855 | break; |
| Vanger | 4:e505054279ed | 9856 | |
| Vanger | 4:e505054279ed | 9857 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : |
| Vanger | 4:e505054279ed | 9858 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9859 | return 1; |
| Vanger | 4:e505054279ed | 9860 | break; |
| Vanger | 4:e505054279ed | 9861 | |
| Vanger | 4:e505054279ed | 9862 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : |
| Vanger | 4:e505054279ed | 9863 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9864 | return 1; |
| Vanger | 4:e505054279ed | 9865 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 9866 | return 1; |
| Vanger | 4:e505054279ed | 9867 | break; |
| Vanger | 4:e505054279ed | 9868 | |
| Vanger | 4:e505054279ed | 9869 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : |
| Vanger | 4:e505054279ed | 9870 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9871 | return 1; |
| Vanger | 4:e505054279ed | 9872 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 9873 | return 1; |
| Vanger | 4:e505054279ed | 9874 | break; |
| Vanger | 4:e505054279ed | 9875 | |
| Vanger | 4:e505054279ed | 9876 | case TLS_RSA_WITH_AES_128_CCM_8 : |
| Vanger | 4:e505054279ed | 9877 | case TLS_RSA_WITH_AES_256_CCM_8 : |
| Vanger | 4:e505054279ed | 9878 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9879 | return 1; |
| Vanger | 4:e505054279ed | 9880 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 9881 | return 1; |
| Vanger | 4:e505054279ed | 9882 | break; |
| Vanger | 4:e505054279ed | 9883 | |
| Vanger | 4:e505054279ed | 9884 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 9885 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : |
| Vanger | 4:e505054279ed | 9886 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9887 | return 1; |
| Vanger | 4:e505054279ed | 9888 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 9889 | return 1; |
| Vanger | 4:e505054279ed | 9890 | break; |
| Vanger | 4:e505054279ed | 9891 | |
| Vanger | 4:e505054279ed | 9892 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 9893 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : |
| Vanger | 4:e505054279ed | 9894 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 9895 | return 1; |
| Vanger | 4:e505054279ed | 9896 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9897 | return 1; |
| Vanger | 4:e505054279ed | 9898 | break; |
| Vanger | 4:e505054279ed | 9899 | #endif |
| Vanger | 4:e505054279ed | 9900 | |
| Vanger | 4:e505054279ed | 9901 | case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : |
| Vanger | 4:e505054279ed | 9902 | case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : |
| Vanger | 4:e505054279ed | 9903 | if (requirement == REQUIRES_ECC_DSA) |
| Vanger | 4:e505054279ed | 9904 | return 1; |
| Vanger | 4:e505054279ed | 9905 | break; |
| Vanger | 4:e505054279ed | 9906 | |
| Vanger | 4:e505054279ed | 9907 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : |
| Vanger | 4:e505054279ed | 9908 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 9909 | if (requirement == REQUIRES_ECC_DSA) |
| Vanger | 4:e505054279ed | 9910 | return 1; |
| Vanger | 4:e505054279ed | 9911 | break; |
| Vanger | 4:e505054279ed | 9912 | |
| Vanger | 4:e505054279ed | 9913 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 9914 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : |
| Vanger | 4:e505054279ed | 9915 | if (requirement == REQUIRES_ECC_DSA) |
| Vanger | 4:e505054279ed | 9916 | return 1; |
| Vanger | 4:e505054279ed | 9917 | if (requirement == REQUIRES_ECC_STATIC) |
| Vanger | 4:e505054279ed | 9918 | return 1; |
| Vanger | 4:e505054279ed | 9919 | break; |
| Vanger | 4:e505054279ed | 9920 | |
| Vanger | 4:e505054279ed | 9921 | case TLS_PSK_WITH_AES_128_CCM: |
| Vanger | 4:e505054279ed | 9922 | case TLS_PSK_WITH_AES_256_CCM: |
| Vanger | 4:e505054279ed | 9923 | case TLS_PSK_WITH_AES_128_CCM_8: |
| Vanger | 4:e505054279ed | 9924 | case TLS_PSK_WITH_AES_256_CCM_8: |
| Vanger | 4:e505054279ed | 9925 | if (requirement == REQUIRES_PSK) |
| Vanger | 4:e505054279ed | 9926 | return 1; |
| Vanger | 4:e505054279ed | 9927 | break; |
| Vanger | 4:e505054279ed | 9928 | |
| Vanger | 4:e505054279ed | 9929 | default: |
| Vanger | 4:e505054279ed | 9930 | CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC"); |
| Vanger | 4:e505054279ed | 9931 | return 0; |
| Vanger | 4:e505054279ed | 9932 | } /* switch */ |
| Vanger | 4:e505054279ed | 9933 | } /* if */ |
| Vanger | 4:e505054279ed | 9934 | if (first != ECC_BYTE) { /* normal suites */ |
| Vanger | 4:e505054279ed | 9935 | switch (second) { |
| Vanger | 4:e505054279ed | 9936 | |
| Vanger | 4:e505054279ed | 9937 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 9938 | case SSL_RSA_WITH_RC4_128_SHA : |
| Vanger | 4:e505054279ed | 9939 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9940 | return 1; |
| Vanger | 4:e505054279ed | 9941 | break; |
| Vanger | 4:e505054279ed | 9942 | |
| Vanger | 4:e505054279ed | 9943 | case TLS_NTRU_RSA_WITH_RC4_128_SHA : |
| Vanger | 4:e505054279ed | 9944 | if (requirement == REQUIRES_NTRU) |
| Vanger | 4:e505054279ed | 9945 | return 1; |
| Vanger | 4:e505054279ed | 9946 | break; |
| Vanger | 4:e505054279ed | 9947 | |
| Vanger | 4:e505054279ed | 9948 | case SSL_RSA_WITH_RC4_128_MD5 : |
| Vanger | 4:e505054279ed | 9949 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9950 | return 1; |
| Vanger | 4:e505054279ed | 9951 | break; |
| Vanger | 4:e505054279ed | 9952 | |
| Vanger | 4:e505054279ed | 9953 | case SSL_RSA_WITH_3DES_EDE_CBC_SHA : |
| Vanger | 4:e505054279ed | 9954 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9955 | return 1; |
| Vanger | 4:e505054279ed | 9956 | break; |
| Vanger | 4:e505054279ed | 9957 | |
| Vanger | 4:e505054279ed | 9958 | case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : |
| Vanger | 4:e505054279ed | 9959 | if (requirement == REQUIRES_NTRU) |
| Vanger | 4:e505054279ed | 9960 | return 1; |
| Vanger | 4:e505054279ed | 9961 | break; |
| Vanger | 4:e505054279ed | 9962 | |
| Vanger | 4:e505054279ed | 9963 | case TLS_RSA_WITH_AES_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 9964 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9965 | return 1; |
| Vanger | 4:e505054279ed | 9966 | break; |
| Vanger | 4:e505054279ed | 9967 | |
| Vanger | 4:e505054279ed | 9968 | case TLS_RSA_WITH_AES_128_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 9969 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9970 | return 1; |
| Vanger | 4:e505054279ed | 9971 | break; |
| Vanger | 4:e505054279ed | 9972 | |
| Vanger | 4:e505054279ed | 9973 | case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 9974 | if (requirement == REQUIRES_NTRU) |
| Vanger | 4:e505054279ed | 9975 | return 1; |
| Vanger | 4:e505054279ed | 9976 | break; |
| Vanger | 4:e505054279ed | 9977 | |
| Vanger | 4:e505054279ed | 9978 | case TLS_RSA_WITH_AES_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 9979 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9980 | return 1; |
| Vanger | 4:e505054279ed | 9981 | break; |
| Vanger | 4:e505054279ed | 9982 | |
| Vanger | 4:e505054279ed | 9983 | case TLS_RSA_WITH_AES_256_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 9984 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9985 | return 1; |
| Vanger | 4:e505054279ed | 9986 | break; |
| Vanger | 4:e505054279ed | 9987 | |
| Vanger | 4:e505054279ed | 9988 | case TLS_RSA_WITH_NULL_SHA : |
| Vanger | 4:e505054279ed | 9989 | case TLS_RSA_WITH_NULL_SHA256 : |
| Vanger | 4:e505054279ed | 9990 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 9991 | return 1; |
| Vanger | 4:e505054279ed | 9992 | break; |
| Vanger | 4:e505054279ed | 9993 | |
| Vanger | 4:e505054279ed | 9994 | case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 9995 | if (requirement == REQUIRES_NTRU) |
| Vanger | 4:e505054279ed | 9996 | return 1; |
| Vanger | 4:e505054279ed | 9997 | break; |
| Vanger | 4:e505054279ed | 9998 | #endif |
| Vanger | 4:e505054279ed | 9999 | |
| Vanger | 4:e505054279ed | 10000 | case TLS_PSK_WITH_AES_128_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 10001 | case TLS_PSK_WITH_AES_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 10002 | case TLS_PSK_WITH_AES_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 10003 | case TLS_PSK_WITH_NULL_SHA256 : |
| Vanger | 4:e505054279ed | 10004 | case TLS_PSK_WITH_NULL_SHA : |
| Vanger | 4:e505054279ed | 10005 | if (requirement == REQUIRES_PSK) |
| Vanger | 4:e505054279ed | 10006 | return 1; |
| Vanger | 4:e505054279ed | 10007 | break; |
| Vanger | 4:e505054279ed | 10008 | |
| Vanger | 4:e505054279ed | 10009 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 10010 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 10011 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10012 | return 1; |
| Vanger | 4:e505054279ed | 10013 | if (requirement == REQUIRES_DHE) |
| Vanger | 4:e505054279ed | 10014 | return 1; |
| Vanger | 4:e505054279ed | 10015 | break; |
| Vanger | 4:e505054279ed | 10016 | |
| Vanger | 4:e505054279ed | 10017 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 10018 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10019 | return 1; |
| Vanger | 4:e505054279ed | 10020 | if (requirement == REQUIRES_DHE) |
| Vanger | 4:e505054279ed | 10021 | return 1; |
| Vanger | 4:e505054279ed | 10022 | break; |
| Vanger | 4:e505054279ed | 10023 | |
| Vanger | 4:e505054279ed | 10024 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 10025 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10026 | return 1; |
| Vanger | 4:e505054279ed | 10027 | if (requirement == REQUIRES_DHE) |
| Vanger | 4:e505054279ed | 10028 | return 1; |
| Vanger | 4:e505054279ed | 10029 | break; |
| Vanger | 4:e505054279ed | 10030 | |
| Vanger | 4:e505054279ed | 10031 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 10032 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10033 | return 1; |
| Vanger | 4:e505054279ed | 10034 | if (requirement == REQUIRES_DHE) |
| Vanger | 4:e505054279ed | 10035 | return 1; |
| Vanger | 4:e505054279ed | 10036 | break; |
| Vanger | 4:e505054279ed | 10037 | |
| Vanger | 4:e505054279ed | 10038 | case TLS_RSA_WITH_HC_128_MD5 : |
| Vanger | 4:e505054279ed | 10039 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10040 | return 1; |
| Vanger | 4:e505054279ed | 10041 | break; |
| Vanger | 4:e505054279ed | 10042 | |
| Vanger | 4:e505054279ed | 10043 | case TLS_RSA_WITH_HC_128_SHA : |
| Vanger | 4:e505054279ed | 10044 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10045 | return 1; |
| Vanger | 4:e505054279ed | 10046 | break; |
| Vanger | 4:e505054279ed | 10047 | |
| Vanger | 4:e505054279ed | 10048 | case TLS_RSA_WITH_HC_128_B2B256: |
| Vanger | 4:e505054279ed | 10049 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10050 | return 1; |
| Vanger | 4:e505054279ed | 10051 | break; |
| Vanger | 4:e505054279ed | 10052 | |
| Vanger | 4:e505054279ed | 10053 | case TLS_RSA_WITH_AES_128_CBC_B2B256: |
| Vanger | 4:e505054279ed | 10054 | case TLS_RSA_WITH_AES_256_CBC_B2B256: |
| Vanger | 4:e505054279ed | 10055 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10056 | return 1; |
| Vanger | 4:e505054279ed | 10057 | break; |
| Vanger | 4:e505054279ed | 10058 | |
| Vanger | 4:e505054279ed | 10059 | case TLS_RSA_WITH_RABBIT_SHA : |
| Vanger | 4:e505054279ed | 10060 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10061 | return 1; |
| Vanger | 4:e505054279ed | 10062 | break; |
| Vanger | 4:e505054279ed | 10063 | |
| Vanger | 4:e505054279ed | 10064 | case TLS_RSA_WITH_AES_128_GCM_SHA256 : |
| Vanger | 4:e505054279ed | 10065 | case TLS_RSA_WITH_AES_256_GCM_SHA384 : |
| Vanger | 4:e505054279ed | 10066 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10067 | return 1; |
| Vanger | 4:e505054279ed | 10068 | break; |
| Vanger | 4:e505054279ed | 10069 | |
| Vanger | 4:e505054279ed | 10070 | case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : |
| Vanger | 4:e505054279ed | 10071 | case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : |
| Vanger | 4:e505054279ed | 10072 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10073 | return 1; |
| Vanger | 4:e505054279ed | 10074 | if (requirement == REQUIRES_DHE) |
| Vanger | 4:e505054279ed | 10075 | return 1; |
| Vanger | 4:e505054279ed | 10076 | break; |
| Vanger | 4:e505054279ed | 10077 | |
| Vanger | 4:e505054279ed | 10078 | case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 10079 | case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 10080 | case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 10081 | case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 10082 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10083 | return 1; |
| Vanger | 4:e505054279ed | 10084 | break; |
| Vanger | 4:e505054279ed | 10085 | |
| Vanger | 4:e505054279ed | 10086 | case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : |
| Vanger | 4:e505054279ed | 10087 | case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : |
| Vanger | 4:e505054279ed | 10088 | case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 10089 | case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : |
| Vanger | 4:e505054279ed | 10090 | if (requirement == REQUIRES_RSA) |
| Vanger | 4:e505054279ed | 10091 | return 1; |
| Vanger | 4:e505054279ed | 10092 | if (requirement == REQUIRES_RSA_SIG) |
| Vanger | 4:e505054279ed | 10093 | return 1; |
| Vanger | 4:e505054279ed | 10094 | if (requirement == REQUIRES_DHE) |
| Vanger | 4:e505054279ed | 10095 | return 1; |
| Vanger | 4:e505054279ed | 10096 | break; |
| Vanger | 4:e505054279ed | 10097 | #endif |
| Vanger | 4:e505054279ed | 10098 | |
| Vanger | 4:e505054279ed | 10099 | default: |
| Vanger | 4:e505054279ed | 10100 | CYASSL_MSG("Unsupported cipher suite, CipherRequires"); |
| Vanger | 4:e505054279ed | 10101 | return 0; |
| Vanger | 4:e505054279ed | 10102 | } /* switch */ |
| Vanger | 4:e505054279ed | 10103 | } /* if ECC / Normal suites else */ |
| Vanger | 4:e505054279ed | 10104 | |
| Vanger | 4:e505054279ed | 10105 | return 0; |
| Vanger | 4:e505054279ed | 10106 | } |
| Vanger | 4:e505054279ed | 10107 | |
| Vanger | 4:e505054279ed | 10108 | |
| Vanger | 4:e505054279ed | 10109 | /* Make sure client setup is valid for this suite, true on success */ |
| Vanger | 4:e505054279ed | 10110 | int VerifyClientSuite(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 10111 | { |
| Vanger | 4:e505054279ed | 10112 | int havePSK = 0; |
| Vanger | 4:e505054279ed | 10113 | byte first = ssl->options.cipherSuite0; |
| Vanger | 4:e505054279ed | 10114 | byte second = ssl->options.cipherSuite; |
| Vanger | 4:e505054279ed | 10115 | |
| Vanger | 4:e505054279ed | 10116 | CYASSL_ENTER("VerifyClientSuite"); |
| Vanger | 4:e505054279ed | 10117 | |
| Vanger | 4:e505054279ed | 10118 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 10119 | havePSK = ssl->options.havePSK; |
| Vanger | 4:e505054279ed | 10120 | #endif |
| Vanger | 4:e505054279ed | 10121 | |
| Vanger | 4:e505054279ed | 10122 | if (CipherRequires(first, second, REQUIRES_PSK)) { |
| Vanger | 4:e505054279ed | 10123 | CYASSL_MSG("Requires PSK"); |
| Vanger | 4:e505054279ed | 10124 | if (havePSK == 0) { |
| Vanger | 4:e505054279ed | 10125 | CYASSL_MSG("Don't have PSK"); |
| Vanger | 4:e505054279ed | 10126 | return 0; |
| Vanger | 4:e505054279ed | 10127 | } |
| Vanger | 4:e505054279ed | 10128 | } |
| Vanger | 4:e505054279ed | 10129 | |
| Vanger | 4:e505054279ed | 10130 | return 1; /* success */ |
| Vanger | 4:e505054279ed | 10131 | } |
| Vanger | 4:e505054279ed | 10132 | |
| Vanger | 4:e505054279ed | 10133 | |
| Vanger | 4:e505054279ed | 10134 | /* Make sure server cert/key are valid for this suite, true on success */ |
| Vanger | 4:e505054279ed | 10135 | static int VerifyServerSuite(CYASSL* ssl, word16 idx) |
| Vanger | 4:e505054279ed | 10136 | { |
| Vanger | 4:e505054279ed | 10137 | int haveRSA = !ssl->options.haveStaticECC; |
| Vanger | 4:e505054279ed | 10138 | int havePSK = 0; |
| Vanger | 4:e505054279ed | 10139 | byte first; |
| Vanger | 4:e505054279ed | 10140 | byte second; |
| Vanger | 4:e505054279ed | 10141 | |
| Vanger | 4:e505054279ed | 10142 | CYASSL_ENTER("VerifyServerSuite"); |
| Vanger | 4:e505054279ed | 10143 | |
| Vanger | 4:e505054279ed | 10144 | if (ssl->suites == NULL) { |
| Vanger | 4:e505054279ed | 10145 | CYASSL_MSG("Suites pointer error"); |
| Vanger | 4:e505054279ed | 10146 | return 0; |
| Vanger | 4:e505054279ed | 10147 | } |
| Vanger | 4:e505054279ed | 10148 | |
| Vanger | 4:e505054279ed | 10149 | first = ssl->suites->suites[idx]; |
| Vanger | 4:e505054279ed | 10150 | second = ssl->suites->suites[idx+1]; |
| Vanger | 4:e505054279ed | 10151 | |
| Vanger | 4:e505054279ed | 10152 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 10153 | havePSK = ssl->options.havePSK; |
| Vanger | 4:e505054279ed | 10154 | #endif |
| Vanger | 4:e505054279ed | 10155 | |
| Vanger | 4:e505054279ed | 10156 | if (ssl->options.haveNTRU) |
| Vanger | 4:e505054279ed | 10157 | haveRSA = 0; |
| Vanger | 4:e505054279ed | 10158 | |
| Vanger | 4:e505054279ed | 10159 | if (CipherRequires(first, second, REQUIRES_RSA)) { |
| Vanger | 4:e505054279ed | 10160 | CYASSL_MSG("Requires RSA"); |
| Vanger | 4:e505054279ed | 10161 | if (haveRSA == 0) { |
| Vanger | 4:e505054279ed | 10162 | CYASSL_MSG("Don't have RSA"); |
| Vanger | 4:e505054279ed | 10163 | return 0; |
| Vanger | 4:e505054279ed | 10164 | } |
| Vanger | 4:e505054279ed | 10165 | } |
| Vanger | 4:e505054279ed | 10166 | |
| Vanger | 4:e505054279ed | 10167 | if (CipherRequires(first, second, REQUIRES_DHE)) { |
| Vanger | 4:e505054279ed | 10168 | CYASSL_MSG("Requires DHE"); |
| Vanger | 4:e505054279ed | 10169 | if (ssl->options.haveDH == 0) { |
| Vanger | 4:e505054279ed | 10170 | CYASSL_MSG("Don't have DHE"); |
| Vanger | 4:e505054279ed | 10171 | return 0; |
| Vanger | 4:e505054279ed | 10172 | } |
| Vanger | 4:e505054279ed | 10173 | } |
| Vanger | 4:e505054279ed | 10174 | |
| Vanger | 4:e505054279ed | 10175 | if (CipherRequires(first, second, REQUIRES_ECC_DSA)) { |
| Vanger | 4:e505054279ed | 10176 | CYASSL_MSG("Requires ECCDSA"); |
| Vanger | 4:e505054279ed | 10177 | if (ssl->options.haveECDSAsig == 0) { |
| Vanger | 4:e505054279ed | 10178 | CYASSL_MSG("Don't have ECCDSA"); |
| Vanger | 4:e505054279ed | 10179 | return 0; |
| Vanger | 4:e505054279ed | 10180 | } |
| Vanger | 4:e505054279ed | 10181 | } |
| Vanger | 4:e505054279ed | 10182 | |
| Vanger | 4:e505054279ed | 10183 | if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) { |
| Vanger | 4:e505054279ed | 10184 | CYASSL_MSG("Requires static ECC"); |
| Vanger | 4:e505054279ed | 10185 | if (ssl->options.haveStaticECC == 0) { |
| Vanger | 4:e505054279ed | 10186 | CYASSL_MSG("Don't have static ECC"); |
| Vanger | 4:e505054279ed | 10187 | return 0; |
| Vanger | 4:e505054279ed | 10188 | } |
| Vanger | 4:e505054279ed | 10189 | } |
| Vanger | 4:e505054279ed | 10190 | |
| Vanger | 4:e505054279ed | 10191 | if (CipherRequires(first, second, REQUIRES_PSK)) { |
| Vanger | 4:e505054279ed | 10192 | CYASSL_MSG("Requires PSK"); |
| Vanger | 4:e505054279ed | 10193 | if (havePSK == 0) { |
| Vanger | 4:e505054279ed | 10194 | CYASSL_MSG("Don't have PSK"); |
| Vanger | 4:e505054279ed | 10195 | return 0; |
| Vanger | 4:e505054279ed | 10196 | } |
| Vanger | 4:e505054279ed | 10197 | } |
| Vanger | 4:e505054279ed | 10198 | |
| Vanger | 4:e505054279ed | 10199 | if (CipherRequires(first, second, REQUIRES_NTRU)) { |
| Vanger | 4:e505054279ed | 10200 | CYASSL_MSG("Requires NTRU"); |
| Vanger | 4:e505054279ed | 10201 | if (ssl->options.haveNTRU == 0) { |
| Vanger | 4:e505054279ed | 10202 | CYASSL_MSG("Don't have NTRU"); |
| Vanger | 4:e505054279ed | 10203 | return 0; |
| Vanger | 4:e505054279ed | 10204 | } |
| Vanger | 4:e505054279ed | 10205 | } |
| Vanger | 4:e505054279ed | 10206 | |
| Vanger | 4:e505054279ed | 10207 | if (CipherRequires(first, second, REQUIRES_RSA_SIG)) { |
| Vanger | 4:e505054279ed | 10208 | CYASSL_MSG("Requires RSA Signature"); |
| Vanger | 4:e505054279ed | 10209 | if (ssl->options.side == CYASSL_SERVER_END && |
| Vanger | 4:e505054279ed | 10210 | ssl->options.haveECDSAsig == 1) { |
| Vanger | 4:e505054279ed | 10211 | CYASSL_MSG("Don't have RSA Signature"); |
| Vanger | 4:e505054279ed | 10212 | return 0; |
| Vanger | 4:e505054279ed | 10213 | } |
| Vanger | 4:e505054279ed | 10214 | } |
| Vanger | 4:e505054279ed | 10215 | |
| Vanger | 4:e505054279ed | 10216 | #ifdef HAVE_SUPPORTED_CURVES |
| Vanger | 4:e505054279ed | 10217 | if (!TLSX_ValidateEllipticCurves(ssl, first, second)) { |
| Vanger | 4:e505054279ed | 10218 | CYASSL_MSG("Don't have matching curves"); |
| Vanger | 4:e505054279ed | 10219 | return 0; |
| Vanger | 4:e505054279ed | 10220 | } |
| Vanger | 4:e505054279ed | 10221 | #endif |
| Vanger | 4:e505054279ed | 10222 | |
| Vanger | 4:e505054279ed | 10223 | /* ECCDHE is always supported if ECC on */ |
| Vanger | 4:e505054279ed | 10224 | |
| Vanger | 4:e505054279ed | 10225 | return 1; |
| Vanger | 4:e505054279ed | 10226 | } |
| Vanger | 4:e505054279ed | 10227 | |
| Vanger | 4:e505054279ed | 10228 | |
| Vanger | 4:e505054279ed | 10229 | static int MatchSuite(CYASSL* ssl, Suites* peerSuites) |
| Vanger | 4:e505054279ed | 10230 | { |
| Vanger | 4:e505054279ed | 10231 | word16 i, j; |
| Vanger | 4:e505054279ed | 10232 | |
| Vanger | 4:e505054279ed | 10233 | CYASSL_ENTER("MatchSuite"); |
| Vanger | 4:e505054279ed | 10234 | |
| Vanger | 4:e505054279ed | 10235 | /* & 0x1 equivalent % 2 */ |
| Vanger | 4:e505054279ed | 10236 | if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1) |
| Vanger | 4:e505054279ed | 10237 | return MATCH_SUITE_ERROR; |
| Vanger | 4:e505054279ed | 10238 | |
| Vanger | 4:e505054279ed | 10239 | if (ssl->suites == NULL) |
| Vanger | 4:e505054279ed | 10240 | return SUITES_ERROR; |
| Vanger | 4:e505054279ed | 10241 | /* start with best, if a match we are good */ |
| Vanger | 4:e505054279ed | 10242 | for (i = 0; i < ssl->suites->suiteSz; i += 2) |
| Vanger | 4:e505054279ed | 10243 | for (j = 0; j < peerSuites->suiteSz; j += 2) |
| Vanger | 4:e505054279ed | 10244 | if (ssl->suites->suites[i] == peerSuites->suites[j] && |
| Vanger | 4:e505054279ed | 10245 | ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) { |
| Vanger | 4:e505054279ed | 10246 | |
| Vanger | 4:e505054279ed | 10247 | if (VerifyServerSuite(ssl, i)) { |
| Vanger | 4:e505054279ed | 10248 | int result; |
| Vanger | 4:e505054279ed | 10249 | CYASSL_MSG("Verified suite validity"); |
| Vanger | 4:e505054279ed | 10250 | ssl->options.cipherSuite0 = ssl->suites->suites[i]; |
| Vanger | 4:e505054279ed | 10251 | ssl->options.cipherSuite = ssl->suites->suites[i+1]; |
| Vanger | 4:e505054279ed | 10252 | result = SetCipherSpecs(ssl); |
| Vanger | 4:e505054279ed | 10253 | if (result == 0) |
| Vanger | 4:e505054279ed | 10254 | PickHashSigAlgo(ssl, peerSuites->hashSigAlgo, |
| Vanger | 4:e505054279ed | 10255 | peerSuites->hashSigAlgoSz); |
| Vanger | 4:e505054279ed | 10256 | return result; |
| Vanger | 4:e505054279ed | 10257 | } |
| Vanger | 4:e505054279ed | 10258 | else { |
| Vanger | 4:e505054279ed | 10259 | CYASSL_MSG("Could not verify suite validity, continue"); |
| Vanger | 4:e505054279ed | 10260 | } |
| Vanger | 4:e505054279ed | 10261 | } |
| Vanger | 4:e505054279ed | 10262 | |
| Vanger | 4:e505054279ed | 10263 | return MATCH_SUITE_ERROR; |
| Vanger | 4:e505054279ed | 10264 | } |
| Vanger | 4:e505054279ed | 10265 | |
| Vanger | 4:e505054279ed | 10266 | |
| Vanger | 4:e505054279ed | 10267 | /* process old style client hello, deprecate? */ |
| Vanger | 4:e505054279ed | 10268 | int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 10269 | word32 inSz, word16 sz) |
| Vanger | 4:e505054279ed | 10270 | { |
| Vanger | 4:e505054279ed | 10271 | word32 idx = *inOutIdx; |
| Vanger | 4:e505054279ed | 10272 | word16 sessionSz; |
| Vanger | 4:e505054279ed | 10273 | word16 randomSz; |
| Vanger | 4:e505054279ed | 10274 | word16 i, j; |
| Vanger | 4:e505054279ed | 10275 | ProtocolVersion pv; |
| Vanger | 4:e505054279ed | 10276 | Suites clSuites; |
| Vanger | 4:e505054279ed | 10277 | |
| Vanger | 4:e505054279ed | 10278 | (void)inSz; |
| Vanger | 4:e505054279ed | 10279 | CYASSL_MSG("Got old format client hello"); |
| Vanger | 4:e505054279ed | 10280 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 10281 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 10282 | AddPacketName("ClientHello", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 10283 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 10284 | AddLateName("ClientHello", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 10285 | #endif |
| Vanger | 4:e505054279ed | 10286 | |
| Vanger | 4:e505054279ed | 10287 | /* manually hash input since different format */ |
| Vanger | 4:e505054279ed | 10288 | #ifndef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 10289 | #ifndef NO_MD5 |
| Vanger | 4:e505054279ed | 10290 | Md5Update(&ssl->hashMd5, input + idx, sz); |
| Vanger | 4:e505054279ed | 10291 | #endif |
| Vanger | 4:e505054279ed | 10292 | #ifndef NO_SHA |
| Vanger | 4:e505054279ed | 10293 | ShaUpdate(&ssl->hashSha, input + idx, sz); |
| Vanger | 4:e505054279ed | 10294 | #endif |
| Vanger | 4:e505054279ed | 10295 | #endif |
| Vanger | 4:e505054279ed | 10296 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 10297 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 10298 | int shaRet = Sha256Update(&ssl->hashSha256, input + idx, sz); |
| Vanger | 4:e505054279ed | 10299 | |
| Vanger | 4:e505054279ed | 10300 | if (shaRet != 0) |
| Vanger | 4:e505054279ed | 10301 | return shaRet; |
| Vanger | 4:e505054279ed | 10302 | } |
| Vanger | 4:e505054279ed | 10303 | #endif |
| Vanger | 4:e505054279ed | 10304 | |
| Vanger | 4:e505054279ed | 10305 | /* does this value mean client_hello? */ |
| Vanger | 4:e505054279ed | 10306 | idx++; |
| Vanger | 4:e505054279ed | 10307 | |
| Vanger | 4:e505054279ed | 10308 | /* version */ |
| Vanger | 4:e505054279ed | 10309 | pv.major = input[idx++]; |
| Vanger | 4:e505054279ed | 10310 | pv.minor = input[idx++]; |
| Vanger | 4:e505054279ed | 10311 | ssl->chVersion = pv; /* store */ |
| Vanger | 4:e505054279ed | 10312 | |
| Vanger | 4:e505054279ed | 10313 | if (ssl->version.minor > pv.minor) { |
| Vanger | 4:e505054279ed | 10314 | byte haveRSA = 0; |
| Vanger | 4:e505054279ed | 10315 | byte havePSK = 0; |
| Vanger | 4:e505054279ed | 10316 | if (!ssl->options.downgrade) { |
| Vanger | 4:e505054279ed | 10317 | CYASSL_MSG("Client trying to connect with lesser version"); |
| Vanger | 4:e505054279ed | 10318 | return VERSION_ERROR; |
| Vanger | 4:e505054279ed | 10319 | } |
| Vanger | 4:e505054279ed | 10320 | if (pv.minor == SSLv3_MINOR) { |
| Vanger | 4:e505054279ed | 10321 | /* turn off tls */ |
| Vanger | 4:e505054279ed | 10322 | CYASSL_MSG(" downgrading to SSLv3"); |
| Vanger | 4:e505054279ed | 10323 | ssl->options.tls = 0; |
| Vanger | 4:e505054279ed | 10324 | ssl->options.tls1_1 = 0; |
| Vanger | 4:e505054279ed | 10325 | ssl->version.minor = SSLv3_MINOR; |
| Vanger | 4:e505054279ed | 10326 | } |
| Vanger | 4:e505054279ed | 10327 | else if (pv.minor == TLSv1_MINOR) { |
| Vanger | 4:e505054279ed | 10328 | CYASSL_MSG(" downgrading to TLSv1"); |
| Vanger | 4:e505054279ed | 10329 | /* turn off tls 1.1+ */ |
| Vanger | 4:e505054279ed | 10330 | ssl->options.tls1_1 = 0; |
| Vanger | 4:e505054279ed | 10331 | ssl->version.minor = TLSv1_MINOR; |
| Vanger | 4:e505054279ed | 10332 | } |
| Vanger | 4:e505054279ed | 10333 | else if (pv.minor == TLSv1_1_MINOR) { |
| Vanger | 4:e505054279ed | 10334 | CYASSL_MSG(" downgrading to TLSv1.1"); |
| Vanger | 4:e505054279ed | 10335 | ssl->version.minor = TLSv1_1_MINOR; |
| Vanger | 4:e505054279ed | 10336 | } |
| Vanger | 4:e505054279ed | 10337 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 10338 | haveRSA = 1; |
| Vanger | 4:e505054279ed | 10339 | #endif |
| Vanger | 4:e505054279ed | 10340 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 10341 | havePSK = ssl->options.havePSK; |
| Vanger | 4:e505054279ed | 10342 | #endif |
| Vanger | 4:e505054279ed | 10343 | |
| Vanger | 4:e505054279ed | 10344 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
| Vanger | 4:e505054279ed | 10345 | ssl->options.haveDH, ssl->options.haveNTRU, |
| Vanger | 4:e505054279ed | 10346 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
| Vanger | 4:e505054279ed | 10347 | ssl->options.side); |
| Vanger | 4:e505054279ed | 10348 | } |
| Vanger | 4:e505054279ed | 10349 | |
| Vanger | 4:e505054279ed | 10350 | /* suite size */ |
| Vanger | 4:e505054279ed | 10351 | ato16(&input[idx], &clSuites.suiteSz); |
| Vanger | 4:e505054279ed | 10352 | idx += 2; |
| Vanger | 4:e505054279ed | 10353 | |
| Vanger | 4:e505054279ed | 10354 | if (clSuites.suiteSz > MAX_SUITE_SZ) |
| Vanger | 4:e505054279ed | 10355 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10356 | clSuites.hashSigAlgoSz = 0; |
| Vanger | 4:e505054279ed | 10357 | |
| Vanger | 4:e505054279ed | 10358 | /* session size */ |
| Vanger | 4:e505054279ed | 10359 | ato16(&input[idx], &sessionSz); |
| Vanger | 4:e505054279ed | 10360 | idx += 2; |
| Vanger | 4:e505054279ed | 10361 | |
| Vanger | 4:e505054279ed | 10362 | if (sessionSz > ID_LEN) |
| Vanger | 4:e505054279ed | 10363 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10364 | |
| Vanger | 4:e505054279ed | 10365 | /* random size */ |
| Vanger | 4:e505054279ed | 10366 | ato16(&input[idx], &randomSz); |
| Vanger | 4:e505054279ed | 10367 | idx += 2; |
| Vanger | 4:e505054279ed | 10368 | |
| Vanger | 4:e505054279ed | 10369 | if (randomSz > RAN_LEN) |
| Vanger | 4:e505054279ed | 10370 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10371 | |
| Vanger | 4:e505054279ed | 10372 | /* suites */ |
| Vanger | 4:e505054279ed | 10373 | for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) { |
| Vanger | 4:e505054279ed | 10374 | byte first = input[idx++]; |
| Vanger | 4:e505054279ed | 10375 | if (!first) { /* implicit: skip sslv2 type */ |
| Vanger | 4:e505054279ed | 10376 | XMEMCPY(&clSuites.suites[j], &input[idx], 2); |
| Vanger | 4:e505054279ed | 10377 | j += 2; |
| Vanger | 4:e505054279ed | 10378 | } |
| Vanger | 4:e505054279ed | 10379 | idx += 2; |
| Vanger | 4:e505054279ed | 10380 | } |
| Vanger | 4:e505054279ed | 10381 | clSuites.suiteSz = j; |
| Vanger | 4:e505054279ed | 10382 | |
| Vanger | 4:e505054279ed | 10383 | /* session id */ |
| Vanger | 4:e505054279ed | 10384 | if (sessionSz) { |
| Vanger | 4:e505054279ed | 10385 | XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz); |
| Vanger | 4:e505054279ed | 10386 | idx += sessionSz; |
| Vanger | 4:e505054279ed | 10387 | ssl->options.resuming = 1; |
| Vanger | 4:e505054279ed | 10388 | } |
| Vanger | 4:e505054279ed | 10389 | |
| Vanger | 4:e505054279ed | 10390 | /* random */ |
| Vanger | 4:e505054279ed | 10391 | if (randomSz < RAN_LEN) |
| Vanger | 4:e505054279ed | 10392 | XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz); |
| Vanger | 4:e505054279ed | 10393 | XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx, |
| Vanger | 4:e505054279ed | 10394 | randomSz); |
| Vanger | 4:e505054279ed | 10395 | idx += randomSz; |
| Vanger | 4:e505054279ed | 10396 | |
| Vanger | 4:e505054279ed | 10397 | if (ssl->options.usingCompression) |
| Vanger | 4:e505054279ed | 10398 | ssl->options.usingCompression = 0; /* turn off */ |
| Vanger | 4:e505054279ed | 10399 | |
| Vanger | 4:e505054279ed | 10400 | ssl->options.clientState = CLIENT_HELLO_COMPLETE; |
| Vanger | 4:e505054279ed | 10401 | *inOutIdx = idx; |
| Vanger | 4:e505054279ed | 10402 | |
| Vanger | 4:e505054279ed | 10403 | ssl->options.haveSessionId = 1; |
| Vanger | 4:e505054279ed | 10404 | /* DoClientHello uses same resume code */ |
| Vanger | 4:e505054279ed | 10405 | if (ssl->options.resuming) { /* let's try */ |
| Vanger | 4:e505054279ed | 10406 | int ret = -1; |
| Vanger | 4:e505054279ed | 10407 | CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret); |
| Vanger | 4:e505054279ed | 10408 | if (!session) { |
| Vanger | 4:e505054279ed | 10409 | CYASSL_MSG("Session lookup for resume failed"); |
| Vanger | 4:e505054279ed | 10410 | ssl->options.resuming = 0; |
| Vanger | 4:e505054279ed | 10411 | } else { |
| Vanger | 4:e505054279ed | 10412 | if (MatchSuite(ssl, &clSuites) < 0) { |
| Vanger | 4:e505054279ed | 10413 | CYASSL_MSG("Unsupported cipher suite, OldClientHello"); |
| Vanger | 4:e505054279ed | 10414 | return UNSUPPORTED_SUITE; |
| Vanger | 4:e505054279ed | 10415 | } |
| Vanger | 4:e505054279ed | 10416 | #ifdef SESSION_CERTS |
| Vanger | 4:e505054279ed | 10417 | ssl->session = *session; /* restore session certs. */ |
| Vanger | 4:e505054279ed | 10418 | #endif |
| Vanger | 4:e505054279ed | 10419 | |
| Vanger | 4:e505054279ed | 10420 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, |
| Vanger | 4:e505054279ed | 10421 | RAN_LEN); |
| Vanger | 4:e505054279ed | 10422 | if (ret != 0) |
| Vanger | 4:e505054279ed | 10423 | return ret; |
| Vanger | 4:e505054279ed | 10424 | |
| Vanger | 4:e505054279ed | 10425 | #ifdef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 10426 | ret = DeriveTlsKeys(ssl); |
| Vanger | 4:e505054279ed | 10427 | #else |
| Vanger | 4:e505054279ed | 10428 | #ifndef NO_TLS |
| Vanger | 4:e505054279ed | 10429 | if (ssl->options.tls) |
| Vanger | 4:e505054279ed | 10430 | ret = DeriveTlsKeys(ssl); |
| Vanger | 4:e505054279ed | 10431 | #endif |
| Vanger | 4:e505054279ed | 10432 | if (!ssl->options.tls) |
| Vanger | 4:e505054279ed | 10433 | ret = DeriveKeys(ssl); |
| Vanger | 4:e505054279ed | 10434 | #endif |
| Vanger | 4:e505054279ed | 10435 | ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; |
| Vanger | 4:e505054279ed | 10436 | |
| Vanger | 4:e505054279ed | 10437 | return ret; |
| Vanger | 4:e505054279ed | 10438 | } |
| Vanger | 4:e505054279ed | 10439 | } |
| Vanger | 4:e505054279ed | 10440 | |
| Vanger | 4:e505054279ed | 10441 | return MatchSuite(ssl, &clSuites); |
| Vanger | 4:e505054279ed | 10442 | } |
| Vanger | 4:e505054279ed | 10443 | |
| Vanger | 4:e505054279ed | 10444 | |
| Vanger | 4:e505054279ed | 10445 | static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 10446 | word32 helloSz) |
| Vanger | 4:e505054279ed | 10447 | { |
| Vanger | 4:e505054279ed | 10448 | byte b; |
| Vanger | 4:e505054279ed | 10449 | ProtocolVersion pv; |
| Vanger | 4:e505054279ed | 10450 | Suites clSuites; |
| Vanger | 4:e505054279ed | 10451 | word32 i = *inOutIdx; |
| Vanger | 4:e505054279ed | 10452 | word32 begin = i; |
| Vanger | 4:e505054279ed | 10453 | |
| Vanger | 4:e505054279ed | 10454 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 10455 | if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 10456 | if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 10457 | #endif |
| Vanger | 4:e505054279ed | 10458 | |
| Vanger | 4:e505054279ed | 10459 | /* protocol version, random and session id length check */ |
| Vanger | 4:e505054279ed | 10460 | if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz) |
| Vanger | 4:e505054279ed | 10461 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10462 | |
| Vanger | 4:e505054279ed | 10463 | /* protocol version */ |
| Vanger | 4:e505054279ed | 10464 | XMEMCPY(&pv, input + i, OPAQUE16_LEN); |
| Vanger | 4:e505054279ed | 10465 | ssl->chVersion = pv; /* store */ |
| Vanger | 4:e505054279ed | 10466 | i += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 10467 | |
| Vanger | 4:e505054279ed | 10468 | if (ssl->version.minor > pv.minor) { |
| Vanger | 4:e505054279ed | 10469 | byte haveRSA = 0; |
| Vanger | 4:e505054279ed | 10470 | byte havePSK = 0; |
| Vanger | 4:e505054279ed | 10471 | |
| Vanger | 4:e505054279ed | 10472 | if (!ssl->options.downgrade) { |
| Vanger | 4:e505054279ed | 10473 | CYASSL_MSG("Client trying to connect with lesser version"); |
| Vanger | 4:e505054279ed | 10474 | return VERSION_ERROR; |
| Vanger | 4:e505054279ed | 10475 | } |
| Vanger | 4:e505054279ed | 10476 | |
| Vanger | 4:e505054279ed | 10477 | if (pv.minor == SSLv3_MINOR) { |
| Vanger | 4:e505054279ed | 10478 | /* turn off tls */ |
| Vanger | 4:e505054279ed | 10479 | CYASSL_MSG(" downgrading to SSLv3"); |
| Vanger | 4:e505054279ed | 10480 | ssl->options.tls = 0; |
| Vanger | 4:e505054279ed | 10481 | ssl->options.tls1_1 = 0; |
| Vanger | 4:e505054279ed | 10482 | ssl->version.minor = SSLv3_MINOR; |
| Vanger | 4:e505054279ed | 10483 | } |
| Vanger | 4:e505054279ed | 10484 | else if (pv.minor == TLSv1_MINOR) { |
| Vanger | 4:e505054279ed | 10485 | /* turn off tls 1.1+ */ |
| Vanger | 4:e505054279ed | 10486 | CYASSL_MSG(" downgrading to TLSv1"); |
| Vanger | 4:e505054279ed | 10487 | ssl->options.tls1_1 = 0; |
| Vanger | 4:e505054279ed | 10488 | ssl->version.minor = TLSv1_MINOR; |
| Vanger | 4:e505054279ed | 10489 | } |
| Vanger | 4:e505054279ed | 10490 | else if (pv.minor == TLSv1_1_MINOR) { |
| Vanger | 4:e505054279ed | 10491 | CYASSL_MSG(" downgrading to TLSv1.1"); |
| Vanger | 4:e505054279ed | 10492 | ssl->version.minor = TLSv1_1_MINOR; |
| Vanger | 4:e505054279ed | 10493 | } |
| Vanger | 4:e505054279ed | 10494 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 10495 | haveRSA = 1; |
| Vanger | 4:e505054279ed | 10496 | #endif |
| Vanger | 4:e505054279ed | 10497 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 10498 | havePSK = ssl->options.havePSK; |
| Vanger | 4:e505054279ed | 10499 | #endif |
| Vanger | 4:e505054279ed | 10500 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
| Vanger | 4:e505054279ed | 10501 | ssl->options.haveDH, ssl->options.haveNTRU, |
| Vanger | 4:e505054279ed | 10502 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
| Vanger | 4:e505054279ed | 10503 | ssl->options.side); |
| Vanger | 4:e505054279ed | 10504 | } |
| Vanger | 4:e505054279ed | 10505 | |
| Vanger | 4:e505054279ed | 10506 | /* random */ |
| Vanger | 4:e505054279ed | 10507 | XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN); |
| Vanger | 4:e505054279ed | 10508 | i += RAN_LEN; |
| Vanger | 4:e505054279ed | 10509 | |
| Vanger | 4:e505054279ed | 10510 | #ifdef SHOW_SECRETS |
| Vanger | 4:e505054279ed | 10511 | { |
| Vanger | 4:e505054279ed | 10512 | int j; |
| Vanger | 4:e505054279ed | 10513 | printf("client random: "); |
| Vanger | 4:e505054279ed | 10514 | for (j = 0; j < RAN_LEN; j++) |
| Vanger | 4:e505054279ed | 10515 | printf("%02x", ssl->arrays->clientRandom[j]); |
| Vanger | 4:e505054279ed | 10516 | printf("\n"); |
| Vanger | 4:e505054279ed | 10517 | } |
| Vanger | 4:e505054279ed | 10518 | #endif |
| Vanger | 4:e505054279ed | 10519 | |
| Vanger | 4:e505054279ed | 10520 | /* session id */ |
| Vanger | 4:e505054279ed | 10521 | b = input[i++]; |
| Vanger | 4:e505054279ed | 10522 | |
| Vanger | 4:e505054279ed | 10523 | if (b == ID_LEN) { |
| Vanger | 4:e505054279ed | 10524 | if ((i - begin) + ID_LEN > helloSz) |
| Vanger | 4:e505054279ed | 10525 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10526 | |
| Vanger | 4:e505054279ed | 10527 | XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN); |
| Vanger | 4:e505054279ed | 10528 | i += ID_LEN; |
| Vanger | 4:e505054279ed | 10529 | ssl->options.resuming = 1; /* client wants to resume */ |
| Vanger | 4:e505054279ed | 10530 | CYASSL_MSG("Client wants to resume session"); |
| Vanger | 4:e505054279ed | 10531 | } |
| Vanger | 4:e505054279ed | 10532 | else if (b) { |
| Vanger | 4:e505054279ed | 10533 | CYASSL_MSG("Invalid session ID size"); |
| Vanger | 4:e505054279ed | 10534 | return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */ |
| Vanger | 4:e505054279ed | 10535 | } |
| Vanger | 4:e505054279ed | 10536 | |
| Vanger | 4:e505054279ed | 10537 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 10538 | /* cookie */ |
| Vanger | 4:e505054279ed | 10539 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 10540 | |
| Vanger | 4:e505054279ed | 10541 | if ((i - begin) + OPAQUE8_LEN > helloSz) |
| Vanger | 4:e505054279ed | 10542 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10543 | |
| Vanger | 4:e505054279ed | 10544 | b = input[i++]; |
| Vanger | 4:e505054279ed | 10545 | |
| Vanger | 4:e505054279ed | 10546 | if (b) { |
| Vanger | 4:e505054279ed | 10547 | byte cookie[MAX_COOKIE_LEN]; |
| Vanger | 4:e505054279ed | 10548 | |
| Vanger | 4:e505054279ed | 10549 | if (b > MAX_COOKIE_LEN) |
| Vanger | 4:e505054279ed | 10550 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10551 | |
| Vanger | 4:e505054279ed | 10552 | if ((i - begin) + b > helloSz) |
| Vanger | 4:e505054279ed | 10553 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10554 | |
| Vanger | 4:e505054279ed | 10555 | if (ssl->ctx->CBIOCookie == NULL) { |
| Vanger | 4:e505054279ed | 10556 | CYASSL_MSG("Your Cookie callback is null, please set"); |
| Vanger | 4:e505054279ed | 10557 | return COOKIE_ERROR; |
| Vanger | 4:e505054279ed | 10558 | } |
| Vanger | 4:e505054279ed | 10559 | |
| Vanger | 4:e505054279ed | 10560 | if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ, |
| Vanger | 4:e505054279ed | 10561 | ssl->IOCB_CookieCtx) != COOKIE_SZ) |
| Vanger | 4:e505054279ed | 10562 | || (b != COOKIE_SZ) |
| Vanger | 4:e505054279ed | 10563 | || (XMEMCMP(cookie, input + i, b) != 0)) { |
| Vanger | 4:e505054279ed | 10564 | return COOKIE_ERROR; |
| Vanger | 4:e505054279ed | 10565 | } |
| Vanger | 4:e505054279ed | 10566 | |
| Vanger | 4:e505054279ed | 10567 | i += b; |
| Vanger | 4:e505054279ed | 10568 | } |
| Vanger | 4:e505054279ed | 10569 | } |
| Vanger | 4:e505054279ed | 10570 | #endif |
| Vanger | 4:e505054279ed | 10571 | |
| Vanger | 4:e505054279ed | 10572 | /* suites */ |
| Vanger | 4:e505054279ed | 10573 | if ((i - begin) + OPAQUE16_LEN > helloSz) |
| Vanger | 4:e505054279ed | 10574 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10575 | |
| Vanger | 4:e505054279ed | 10576 | ato16(&input[i], &clSuites.suiteSz); |
| Vanger | 4:e505054279ed | 10577 | i += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 10578 | |
| Vanger | 4:e505054279ed | 10579 | /* suites and compression length check */ |
| Vanger | 4:e505054279ed | 10580 | if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz) |
| Vanger | 4:e505054279ed | 10581 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10582 | |
| Vanger | 4:e505054279ed | 10583 | if (clSuites.suiteSz > MAX_SUITE_SZ) |
| Vanger | 4:e505054279ed | 10584 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10585 | |
| Vanger | 4:e505054279ed | 10586 | XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz); |
| Vanger | 4:e505054279ed | 10587 | i += clSuites.suiteSz; |
| Vanger | 4:e505054279ed | 10588 | clSuites.hashSigAlgoSz = 0; |
| Vanger | 4:e505054279ed | 10589 | |
| Vanger | 4:e505054279ed | 10590 | /* compression length */ |
| Vanger | 4:e505054279ed | 10591 | b = input[i++]; |
| Vanger | 4:e505054279ed | 10592 | |
| Vanger | 4:e505054279ed | 10593 | if ((i - begin) + b > helloSz) |
| Vanger | 4:e505054279ed | 10594 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10595 | |
| Vanger | 4:e505054279ed | 10596 | if (ssl->options.usingCompression) { |
| Vanger | 4:e505054279ed | 10597 | int match = 0; |
| Vanger | 4:e505054279ed | 10598 | |
| Vanger | 4:e505054279ed | 10599 | while (b--) { |
| Vanger | 4:e505054279ed | 10600 | byte comp = input[i++]; |
| Vanger | 4:e505054279ed | 10601 | |
| Vanger | 4:e505054279ed | 10602 | if (comp == ZLIB_COMPRESSION) |
| Vanger | 4:e505054279ed | 10603 | match = 1; |
| Vanger | 4:e505054279ed | 10604 | } |
| Vanger | 4:e505054279ed | 10605 | |
| Vanger | 4:e505054279ed | 10606 | if (!match) { |
| Vanger | 4:e505054279ed | 10607 | CYASSL_MSG("Not matching compression, turning off"); |
| Vanger | 4:e505054279ed | 10608 | ssl->options.usingCompression = 0; /* turn off */ |
| Vanger | 4:e505054279ed | 10609 | } |
| Vanger | 4:e505054279ed | 10610 | } |
| Vanger | 4:e505054279ed | 10611 | else |
| Vanger | 4:e505054279ed | 10612 | i += b; /* ignore, since we're not on */ |
| Vanger | 4:e505054279ed | 10613 | |
| Vanger | 4:e505054279ed | 10614 | *inOutIdx = i; |
| Vanger | 4:e505054279ed | 10615 | |
| Vanger | 4:e505054279ed | 10616 | /* tls extensions */ |
| Vanger | 4:e505054279ed | 10617 | if ((i - begin) < helloSz) { |
| Vanger | 4:e505054279ed | 10618 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 10619 | if (IsTLS(ssl)) { |
| Vanger | 4:e505054279ed | 10620 | int ret = 0; |
| Vanger | 4:e505054279ed | 10621 | #else |
| Vanger | 4:e505054279ed | 10622 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 10623 | #endif |
| Vanger | 4:e505054279ed | 10624 | /* Process the hello extension. Skip unsupported. */ |
| Vanger | 4:e505054279ed | 10625 | word16 totalExtSz; |
| Vanger | 4:e505054279ed | 10626 | |
| Vanger | 4:e505054279ed | 10627 | if ((i - begin) + OPAQUE16_LEN > helloSz) |
| Vanger | 4:e505054279ed | 10628 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10629 | |
| Vanger | 4:e505054279ed | 10630 | ato16(&input[i], &totalExtSz); |
| Vanger | 4:e505054279ed | 10631 | i += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 10632 | |
| Vanger | 4:e505054279ed | 10633 | if ((i - begin) + totalExtSz > helloSz) |
| Vanger | 4:e505054279ed | 10634 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10635 | |
| Vanger | 4:e505054279ed | 10636 | #ifdef HAVE_TLS_EXTENSIONS |
| Vanger | 4:e505054279ed | 10637 | if ((ret = TLSX_Parse(ssl, (byte *) input + i, |
| Vanger | 4:e505054279ed | 10638 | totalExtSz, 1, &clSuites))) |
| Vanger | 4:e505054279ed | 10639 | return ret; |
| Vanger | 4:e505054279ed | 10640 | |
| Vanger | 4:e505054279ed | 10641 | i += totalExtSz; |
| Vanger | 4:e505054279ed | 10642 | #else |
| Vanger | 4:e505054279ed | 10643 | while (totalExtSz) { |
| Vanger | 4:e505054279ed | 10644 | word16 extId, extSz; |
| Vanger | 4:e505054279ed | 10645 | |
| Vanger | 4:e505054279ed | 10646 | if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz) |
| Vanger | 4:e505054279ed | 10647 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10648 | |
| Vanger | 4:e505054279ed | 10649 | ato16(&input[i], &extId); |
| Vanger | 4:e505054279ed | 10650 | i += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 10651 | ato16(&input[i], &extSz); |
| Vanger | 4:e505054279ed | 10652 | i += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 10653 | |
| Vanger | 4:e505054279ed | 10654 | if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz) |
| Vanger | 4:e505054279ed | 10655 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10656 | |
| Vanger | 4:e505054279ed | 10657 | if (extId == HELLO_EXT_SIG_ALGO) { |
| Vanger | 4:e505054279ed | 10658 | ato16(&input[i], &clSuites.hashSigAlgoSz); |
| Vanger | 4:e505054279ed | 10659 | i += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 10660 | |
| Vanger | 4:e505054279ed | 10661 | if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz) |
| Vanger | 4:e505054279ed | 10662 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10663 | |
| Vanger | 4:e505054279ed | 10664 | XMEMCPY(clSuites.hashSigAlgo, &input[i], |
| Vanger | 4:e505054279ed | 10665 | min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX)); |
| Vanger | 4:e505054279ed | 10666 | i += clSuites.hashSigAlgoSz; |
| Vanger | 4:e505054279ed | 10667 | } |
| Vanger | 4:e505054279ed | 10668 | else |
| Vanger | 4:e505054279ed | 10669 | i += extSz; |
| Vanger | 4:e505054279ed | 10670 | |
| Vanger | 4:e505054279ed | 10671 | totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz; |
| Vanger | 4:e505054279ed | 10672 | } |
| Vanger | 4:e505054279ed | 10673 | #endif |
| Vanger | 4:e505054279ed | 10674 | *inOutIdx = i; |
| Vanger | 4:e505054279ed | 10675 | } |
| Vanger | 4:e505054279ed | 10676 | else |
| Vanger | 4:e505054279ed | 10677 | *inOutIdx = begin + helloSz; /* skip extensions */ |
| Vanger | 4:e505054279ed | 10678 | } |
| Vanger | 4:e505054279ed | 10679 | |
| Vanger | 4:e505054279ed | 10680 | ssl->options.clientState = CLIENT_HELLO_COMPLETE; |
| Vanger | 4:e505054279ed | 10681 | ssl->options.haveSessionId = 1; |
| Vanger | 4:e505054279ed | 10682 | |
| Vanger | 4:e505054279ed | 10683 | /* ProcessOld uses same resume code */ |
| Vanger | 4:e505054279ed | 10684 | if (ssl->options.resuming && (!ssl->options.dtls || |
| Vanger | 4:e505054279ed | 10685 | ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */ |
| Vanger | 4:e505054279ed | 10686 | int ret = -1; |
| Vanger | 4:e505054279ed | 10687 | CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret); |
| Vanger | 4:e505054279ed | 10688 | |
| Vanger | 4:e505054279ed | 10689 | if (!session) { |
| Vanger | 4:e505054279ed | 10690 | CYASSL_MSG("Session lookup for resume failed"); |
| Vanger | 4:e505054279ed | 10691 | ssl->options.resuming = 0; |
| Vanger | 4:e505054279ed | 10692 | } |
| Vanger | 4:e505054279ed | 10693 | else { |
| Vanger | 4:e505054279ed | 10694 | if (MatchSuite(ssl, &clSuites) < 0) { |
| Vanger | 4:e505054279ed | 10695 | CYASSL_MSG("Unsupported cipher suite, ClientHello"); |
| Vanger | 4:e505054279ed | 10696 | return UNSUPPORTED_SUITE; |
| Vanger | 4:e505054279ed | 10697 | } |
| Vanger | 4:e505054279ed | 10698 | #ifdef SESSION_CERTS |
| Vanger | 4:e505054279ed | 10699 | ssl->session = *session; /* restore session certs. */ |
| Vanger | 4:e505054279ed | 10700 | #endif |
| Vanger | 4:e505054279ed | 10701 | |
| Vanger | 4:e505054279ed | 10702 | ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, |
| Vanger | 4:e505054279ed | 10703 | RAN_LEN); |
| Vanger | 4:e505054279ed | 10704 | if (ret != 0) |
| Vanger | 4:e505054279ed | 10705 | return ret; |
| Vanger | 4:e505054279ed | 10706 | |
| Vanger | 4:e505054279ed | 10707 | #ifdef NO_OLD_TLS |
| Vanger | 4:e505054279ed | 10708 | ret = DeriveTlsKeys(ssl); |
| Vanger | 4:e505054279ed | 10709 | #else |
| Vanger | 4:e505054279ed | 10710 | #ifndef NO_TLS |
| Vanger | 4:e505054279ed | 10711 | if (ssl->options.tls) |
| Vanger | 4:e505054279ed | 10712 | ret = DeriveTlsKeys(ssl); |
| Vanger | 4:e505054279ed | 10713 | #endif |
| Vanger | 4:e505054279ed | 10714 | if (!ssl->options.tls) |
| Vanger | 4:e505054279ed | 10715 | ret = DeriveKeys(ssl); |
| Vanger | 4:e505054279ed | 10716 | #endif |
| Vanger | 4:e505054279ed | 10717 | ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; |
| Vanger | 4:e505054279ed | 10718 | |
| Vanger | 4:e505054279ed | 10719 | return ret; |
| Vanger | 4:e505054279ed | 10720 | } |
| Vanger | 4:e505054279ed | 10721 | } |
| Vanger | 4:e505054279ed | 10722 | return MatchSuite(ssl, &clSuites); |
| Vanger | 4:e505054279ed | 10723 | } |
| Vanger | 4:e505054279ed | 10724 | |
| Vanger | 4:e505054279ed | 10725 | #if !defined(NO_RSA) || defined(HAVE_ECC) |
| Vanger | 4:e505054279ed | 10726 | static int DoCertificateVerify(CYASSL* ssl, byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 10727 | word32 size) |
| Vanger | 4:e505054279ed | 10728 | { |
| Vanger | 4:e505054279ed | 10729 | word16 sz = 0; |
| Vanger | 4:e505054279ed | 10730 | int ret = VERIFY_CERT_ERROR; /* start in error state */ |
| Vanger | 4:e505054279ed | 10731 | byte hashAlgo = sha_mac; |
| Vanger | 4:e505054279ed | 10732 | byte sigAlgo = anonymous_sa_algo; |
| Vanger | 4:e505054279ed | 10733 | word32 begin = *inOutIdx; |
| Vanger | 4:e505054279ed | 10734 | |
| Vanger | 4:e505054279ed | 10735 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 10736 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 10737 | AddPacketName("CertificateVerify", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 10738 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 10739 | AddLateName("CertificateVerify", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 10740 | #endif |
| Vanger | 4:e505054279ed | 10741 | |
| Vanger | 4:e505054279ed | 10742 | |
| Vanger | 4:e505054279ed | 10743 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 10744 | if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size) |
| Vanger | 4:e505054279ed | 10745 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10746 | |
| Vanger | 4:e505054279ed | 10747 | hashAlgo = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 10748 | sigAlgo = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 10749 | } |
| Vanger | 4:e505054279ed | 10750 | |
| Vanger | 4:e505054279ed | 10751 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 10752 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10753 | |
| Vanger | 4:e505054279ed | 10754 | ato16(input + *inOutIdx, &sz); |
| Vanger | 4:e505054279ed | 10755 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 10756 | |
| Vanger | 4:e505054279ed | 10757 | if ((*inOutIdx - begin) + sz > size || sz > ENCRYPT_LEN) |
| Vanger | 4:e505054279ed | 10758 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 10759 | |
| Vanger | 4:e505054279ed | 10760 | /* RSA */ |
| Vanger | 4:e505054279ed | 10761 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 10762 | if (ssl->peerRsaKeyPresent != 0) { |
| Vanger | 4:e505054279ed | 10763 | byte* out = NULL; |
| Vanger | 4:e505054279ed | 10764 | int outLen = 0; |
| Vanger | 4:e505054279ed | 10765 | byte doUserRsa = 0; |
| Vanger | 4:e505054279ed | 10766 | |
| Vanger | 4:e505054279ed | 10767 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 10768 | if (ssl->ctx->RsaVerifyCb) |
| Vanger | 4:e505054279ed | 10769 | doUserRsa = 1; |
| Vanger | 4:e505054279ed | 10770 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 10771 | |
| Vanger | 4:e505054279ed | 10772 | CYASSL_MSG("Doing RSA peer cert verify"); |
| Vanger | 4:e505054279ed | 10773 | |
| Vanger | 4:e505054279ed | 10774 | if (doUserRsa) { |
| Vanger | 4:e505054279ed | 10775 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 10776 | outLen = ssl->ctx->RsaVerifyCb(ssl, input + *inOutIdx, sz, |
| Vanger | 4:e505054279ed | 10777 | &out, |
| Vanger | 4:e505054279ed | 10778 | ssl->buffers.peerRsaKey.buffer, |
| Vanger | 4:e505054279ed | 10779 | ssl->buffers.peerRsaKey.length, |
| Vanger | 4:e505054279ed | 10780 | ssl->RsaVerifyCtx); |
| Vanger | 4:e505054279ed | 10781 | #endif /*HAVE_PK_CALLBACKS */ |
| Vanger | 4:e505054279ed | 10782 | } |
| Vanger | 4:e505054279ed | 10783 | else { |
| Vanger | 4:e505054279ed | 10784 | outLen = RsaSSL_VerifyInline(input + *inOutIdx, sz, &out, |
| Vanger | 4:e505054279ed | 10785 | ssl->peerRsaKey); |
| Vanger | 4:e505054279ed | 10786 | } |
| Vanger | 4:e505054279ed | 10787 | |
| Vanger | 4:e505054279ed | 10788 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 10789 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
| Vanger | 4:e505054279ed | 10790 | word32 sigSz; |
| Vanger | 4:e505054279ed | 10791 | byte* digest = ssl->certHashes.sha; |
| Vanger | 4:e505054279ed | 10792 | int typeH = SHAh; |
| Vanger | 4:e505054279ed | 10793 | int digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 10794 | |
| Vanger | 4:e505054279ed | 10795 | if (sigAlgo != rsa_sa_algo) { |
| Vanger | 4:e505054279ed | 10796 | CYASSL_MSG("Oops, peer sent RSA key but not in verify"); |
| Vanger | 4:e505054279ed | 10797 | } |
| Vanger | 4:e505054279ed | 10798 | |
| Vanger | 4:e505054279ed | 10799 | if (hashAlgo == sha256_mac) { |
| Vanger | 4:e505054279ed | 10800 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 10801 | digest = ssl->certHashes.sha256; |
| Vanger | 4:e505054279ed | 10802 | typeH = SHA256h; |
| Vanger | 4:e505054279ed | 10803 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 10804 | #endif |
| Vanger | 4:e505054279ed | 10805 | } |
| Vanger | 4:e505054279ed | 10806 | else if (hashAlgo == sha384_mac) { |
| Vanger | 4:e505054279ed | 10807 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 10808 | digest = ssl->certHashes.sha384; |
| Vanger | 4:e505054279ed | 10809 | typeH = SHA384h; |
| Vanger | 4:e505054279ed | 10810 | digestSz = SHA384_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 10811 | #endif |
| Vanger | 4:e505054279ed | 10812 | } |
| Vanger | 4:e505054279ed | 10813 | |
| Vanger | 4:e505054279ed | 10814 | sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); |
| Vanger | 4:e505054279ed | 10815 | |
| Vanger | 4:e505054279ed | 10816 | if (outLen == (int)sigSz && out && XMEMCMP(out, encodedSig, |
| Vanger | 4:e505054279ed | 10817 | min(sigSz, MAX_ENCODED_SIG_SZ)) == 0) |
| Vanger | 4:e505054279ed | 10818 | ret = 0; /* verified */ |
| Vanger | 4:e505054279ed | 10819 | } |
| Vanger | 4:e505054279ed | 10820 | else { |
| Vanger | 4:e505054279ed | 10821 | if (outLen == FINISHED_SZ && out && XMEMCMP(out, |
| Vanger | 4:e505054279ed | 10822 | &ssl->certHashes, FINISHED_SZ) == 0) |
| Vanger | 4:e505054279ed | 10823 | ret = 0; /* verified */ |
| Vanger | 4:e505054279ed | 10824 | } |
| Vanger | 4:e505054279ed | 10825 | } |
| Vanger | 4:e505054279ed | 10826 | #endif |
| Vanger | 4:e505054279ed | 10827 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 10828 | if (ssl->peerEccDsaKeyPresent) { |
| Vanger | 4:e505054279ed | 10829 | int verify = 0; |
| Vanger | 4:e505054279ed | 10830 | int err = -1; |
| Vanger | 4:e505054279ed | 10831 | byte* digest = ssl->certHashes.sha; |
| Vanger | 4:e505054279ed | 10832 | word32 digestSz = SHA_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 10833 | byte doUserEcc = 0; |
| Vanger | 4:e505054279ed | 10834 | |
| Vanger | 4:e505054279ed | 10835 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 10836 | if (ssl->ctx->EccVerifyCb) |
| Vanger | 4:e505054279ed | 10837 | doUserEcc = 1; |
| Vanger | 4:e505054279ed | 10838 | #endif |
| Vanger | 4:e505054279ed | 10839 | |
| Vanger | 4:e505054279ed | 10840 | CYASSL_MSG("Doing ECC peer cert verify"); |
| Vanger | 4:e505054279ed | 10841 | |
| Vanger | 4:e505054279ed | 10842 | if (IsAtLeastTLSv1_2(ssl)) { |
| Vanger | 4:e505054279ed | 10843 | if (sigAlgo != ecc_dsa_sa_algo) { |
| Vanger | 4:e505054279ed | 10844 | CYASSL_MSG("Oops, peer sent ECC key but not in verify"); |
| Vanger | 4:e505054279ed | 10845 | } |
| Vanger | 4:e505054279ed | 10846 | |
| Vanger | 4:e505054279ed | 10847 | if (hashAlgo == sha256_mac) { |
| Vanger | 4:e505054279ed | 10848 | #ifndef NO_SHA256 |
| Vanger | 4:e505054279ed | 10849 | digest = ssl->certHashes.sha256; |
| Vanger | 4:e505054279ed | 10850 | digestSz = SHA256_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 10851 | #endif |
| Vanger | 4:e505054279ed | 10852 | } |
| Vanger | 4:e505054279ed | 10853 | else if (hashAlgo == sha384_mac) { |
| Vanger | 4:e505054279ed | 10854 | #ifdef CYASSL_SHA384 |
| Vanger | 4:e505054279ed | 10855 | digest = ssl->certHashes.sha384; |
| Vanger | 4:e505054279ed | 10856 | digestSz = SHA384_DIGEST_SIZE; |
| Vanger | 4:e505054279ed | 10857 | #endif |
| Vanger | 4:e505054279ed | 10858 | } |
| Vanger | 4:e505054279ed | 10859 | } |
| Vanger | 4:e505054279ed | 10860 | |
| Vanger | 4:e505054279ed | 10861 | if (doUserEcc) { |
| Vanger | 4:e505054279ed | 10862 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 10863 | ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, sz, digest, |
| Vanger | 4:e505054279ed | 10864 | digestSz, |
| Vanger | 4:e505054279ed | 10865 | ssl->buffers.peerEccDsaKey.buffer, |
| Vanger | 4:e505054279ed | 10866 | ssl->buffers.peerEccDsaKey.length, |
| Vanger | 4:e505054279ed | 10867 | &verify, ssl->EccVerifyCtx); |
| Vanger | 4:e505054279ed | 10868 | #endif |
| Vanger | 4:e505054279ed | 10869 | } |
| Vanger | 4:e505054279ed | 10870 | else { |
| Vanger | 4:e505054279ed | 10871 | err = ecc_verify_hash(input + *inOutIdx, sz, digest, digestSz, |
| Vanger | 4:e505054279ed | 10872 | &verify, ssl->peerEccDsaKey); |
| Vanger | 4:e505054279ed | 10873 | } |
| Vanger | 4:e505054279ed | 10874 | |
| Vanger | 4:e505054279ed | 10875 | if (err == 0 && verify == 1) |
| Vanger | 4:e505054279ed | 10876 | ret = 0; /* verified */ |
| Vanger | 4:e505054279ed | 10877 | } |
| Vanger | 4:e505054279ed | 10878 | #endif |
| Vanger | 4:e505054279ed | 10879 | *inOutIdx += sz; |
| Vanger | 4:e505054279ed | 10880 | |
| Vanger | 4:e505054279ed | 10881 | if (ret == 0) |
| Vanger | 4:e505054279ed | 10882 | ssl->options.havePeerVerify = 1; |
| Vanger | 4:e505054279ed | 10883 | |
| Vanger | 4:e505054279ed | 10884 | return ret; |
| Vanger | 4:e505054279ed | 10885 | } |
| Vanger | 4:e505054279ed | 10886 | #endif /* !NO_RSA || HAVE_ECC */ |
| Vanger | 4:e505054279ed | 10887 | |
| Vanger | 4:e505054279ed | 10888 | int SendServerHelloDone(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 10889 | { |
| Vanger | 4:e505054279ed | 10890 | byte *output; |
| Vanger | 4:e505054279ed | 10891 | int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 10892 | int ret; |
| Vanger | 4:e505054279ed | 10893 | |
| Vanger | 4:e505054279ed | 10894 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 10895 | if (ssl->options.dtls) |
| Vanger | 4:e505054279ed | 10896 | sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; |
| Vanger | 4:e505054279ed | 10897 | #endif |
| Vanger | 4:e505054279ed | 10898 | /* check for available size */ |
| Vanger | 4:e505054279ed | 10899 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 10900 | return ret; |
| Vanger | 4:e505054279ed | 10901 | |
| Vanger | 4:e505054279ed | 10902 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 10903 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 10904 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 10905 | |
| Vanger | 4:e505054279ed | 10906 | AddHeaders(output, 0, server_hello_done, ssl); |
| Vanger | 4:e505054279ed | 10907 | |
| Vanger | 4:e505054279ed | 10908 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 10909 | if (ssl->options.dtls) { |
| Vanger | 4:e505054279ed | 10910 | if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 10911 | return 0; |
| Vanger | 4:e505054279ed | 10912 | } |
| Vanger | 4:e505054279ed | 10913 | #endif |
| Vanger | 4:e505054279ed | 10914 | |
| Vanger | 4:e505054279ed | 10915 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 10916 | if (ret != 0) |
| Vanger | 4:e505054279ed | 10917 | return ret; |
| Vanger | 4:e505054279ed | 10918 | |
| Vanger | 4:e505054279ed | 10919 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 10920 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 10921 | AddPacketName("ServerHelloDone", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 10922 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 10923 | AddPacketInfo("ServerHelloDone", &ssl->timeoutInfo, output, sendSz, |
| Vanger | 4:e505054279ed | 10924 | ssl->heap); |
| Vanger | 4:e505054279ed | 10925 | #endif |
| Vanger | 4:e505054279ed | 10926 | ssl->options.serverState = SERVER_HELLODONE_COMPLETE; |
| Vanger | 4:e505054279ed | 10927 | |
| Vanger | 4:e505054279ed | 10928 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 10929 | |
| Vanger | 4:e505054279ed | 10930 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 10931 | } |
| Vanger | 4:e505054279ed | 10932 | |
| Vanger | 4:e505054279ed | 10933 | #ifdef CYASSL_DTLS |
| Vanger | 4:e505054279ed | 10934 | int SendHelloVerifyRequest(CYASSL* ssl) |
| Vanger | 4:e505054279ed | 10935 | { |
| Vanger | 4:e505054279ed | 10936 | byte* output; |
| Vanger | 4:e505054279ed | 10937 | byte cookieSz = COOKIE_SZ; |
| Vanger | 4:e505054279ed | 10938 | int length = VERSION_SZ + ENUM_LEN + cookieSz; |
| Vanger | 4:e505054279ed | 10939 | int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ; |
| Vanger | 4:e505054279ed | 10940 | int sendSz = length + idx; |
| Vanger | 4:e505054279ed | 10941 | int ret; |
| Vanger | 4:e505054279ed | 10942 | |
| Vanger | 4:e505054279ed | 10943 | /* check for available size */ |
| Vanger | 4:e505054279ed | 10944 | if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) |
| Vanger | 4:e505054279ed | 10945 | return ret; |
| Vanger | 4:e505054279ed | 10946 | |
| Vanger | 4:e505054279ed | 10947 | /* get ouput buffer */ |
| Vanger | 4:e505054279ed | 10948 | output = ssl->buffers.outputBuffer.buffer + |
| Vanger | 4:e505054279ed | 10949 | ssl->buffers.outputBuffer.length; |
| Vanger | 4:e505054279ed | 10950 | |
| Vanger | 4:e505054279ed | 10951 | AddHeaders(output, length, hello_verify_request, ssl); |
| Vanger | 4:e505054279ed | 10952 | |
| Vanger | 4:e505054279ed | 10953 | output[idx++] = ssl->chVersion.major; |
| Vanger | 4:e505054279ed | 10954 | output[idx++] = ssl->chVersion.minor; |
| Vanger | 4:e505054279ed | 10955 | |
| Vanger | 4:e505054279ed | 10956 | output[idx++] = cookieSz; |
| Vanger | 4:e505054279ed | 10957 | if (ssl->ctx->CBIOCookie == NULL) { |
| Vanger | 4:e505054279ed | 10958 | CYASSL_MSG("Your Cookie callback is null, please set"); |
| Vanger | 4:e505054279ed | 10959 | return COOKIE_ERROR; |
| Vanger | 4:e505054279ed | 10960 | } |
| Vanger | 4:e505054279ed | 10961 | if ((ret = ssl->ctx->CBIOCookie(ssl, output + idx, cookieSz, |
| Vanger | 4:e505054279ed | 10962 | ssl->IOCB_CookieCtx)) < 0) |
| Vanger | 4:e505054279ed | 10963 | return ret; |
| Vanger | 4:e505054279ed | 10964 | |
| Vanger | 4:e505054279ed | 10965 | ret = HashOutput(ssl, output, sendSz, 0); |
| Vanger | 4:e505054279ed | 10966 | if (ret != 0) |
| Vanger | 4:e505054279ed | 10967 | return ret; |
| Vanger | 4:e505054279ed | 10968 | |
| Vanger | 4:e505054279ed | 10969 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 10970 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 10971 | AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 10972 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 10973 | AddPacketInfo("HelloVerifyRequest", &ssl->timeoutInfo, output, |
| Vanger | 4:e505054279ed | 10974 | sendSz, ssl->heap); |
| Vanger | 4:e505054279ed | 10975 | #endif |
| Vanger | 4:e505054279ed | 10976 | ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE; |
| Vanger | 4:e505054279ed | 10977 | |
| Vanger | 4:e505054279ed | 10978 | ssl->buffers.outputBuffer.length += sendSz; |
| Vanger | 4:e505054279ed | 10979 | |
| Vanger | 4:e505054279ed | 10980 | return SendBuffered(ssl); |
| Vanger | 4:e505054279ed | 10981 | } |
| Vanger | 4:e505054279ed | 10982 | #endif |
| Vanger | 4:e505054279ed | 10983 | |
| Vanger | 4:e505054279ed | 10984 | static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32* inOutIdx, |
| Vanger | 4:e505054279ed | 10985 | word32 size) |
| Vanger | 4:e505054279ed | 10986 | { |
| Vanger | 4:e505054279ed | 10987 | int ret = 0; |
| Vanger | 4:e505054279ed | 10988 | word32 length = 0; |
| Vanger | 4:e505054279ed | 10989 | byte* out = NULL; |
| Vanger | 4:e505054279ed | 10990 | word32 begin = *inOutIdx; |
| Vanger | 4:e505054279ed | 10991 | |
| Vanger | 4:e505054279ed | 10992 | (void)length; /* shut up compiler warnings */ |
| Vanger | 4:e505054279ed | 10993 | (void)out; |
| Vanger | 4:e505054279ed | 10994 | (void)input; |
| Vanger | 4:e505054279ed | 10995 | (void)size; |
| Vanger | 4:e505054279ed | 10996 | |
| Vanger | 4:e505054279ed | 10997 | if (ssl->options.side != CYASSL_SERVER_END) { |
| Vanger | 4:e505054279ed | 10998 | CYASSL_MSG("Client received client keyexchange, attack?"); |
| Vanger | 4:e505054279ed | 10999 | CYASSL_ERROR(ssl->error = SIDE_ERROR); |
| Vanger | 4:e505054279ed | 11000 | return SSL_FATAL_ERROR; |
| Vanger | 4:e505054279ed | 11001 | } |
| Vanger | 4:e505054279ed | 11002 | |
| Vanger | 4:e505054279ed | 11003 | if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { |
| Vanger | 4:e505054279ed | 11004 | CYASSL_MSG("Client sending keyexchange at wrong time"); |
| Vanger | 4:e505054279ed | 11005 | SendAlert(ssl, alert_fatal, unexpected_message); |
| Vanger | 4:e505054279ed | 11006 | return OUT_OF_ORDER_E; |
| Vanger | 4:e505054279ed | 11007 | } |
| Vanger | 4:e505054279ed | 11008 | |
| Vanger | 4:e505054279ed | 11009 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 11010 | if (ssl->options.verifyPeer && ssl->options.failNoCert) |
| Vanger | 4:e505054279ed | 11011 | if (!ssl->options.havePeerCert) { |
| Vanger | 4:e505054279ed | 11012 | CYASSL_MSG("client didn't present peer cert"); |
| Vanger | 4:e505054279ed | 11013 | return NO_PEER_CERT; |
| Vanger | 4:e505054279ed | 11014 | } |
| Vanger | 4:e505054279ed | 11015 | #endif |
| Vanger | 4:e505054279ed | 11016 | |
| Vanger | 4:e505054279ed | 11017 | #ifdef CYASSL_CALLBACKS |
| Vanger | 4:e505054279ed | 11018 | if (ssl->hsInfoOn) |
| Vanger | 4:e505054279ed | 11019 | AddPacketName("ClientKeyExchange", &ssl->handShakeInfo); |
| Vanger | 4:e505054279ed | 11020 | if (ssl->toInfoOn) |
| Vanger | 4:e505054279ed | 11021 | AddLateName("ClientKeyExchange", &ssl->timeoutInfo); |
| Vanger | 4:e505054279ed | 11022 | #endif |
| Vanger | 4:e505054279ed | 11023 | |
| Vanger | 4:e505054279ed | 11024 | switch (ssl->specs.kea) { |
| Vanger | 4:e505054279ed | 11025 | #ifndef NO_RSA |
| Vanger | 4:e505054279ed | 11026 | case rsa_kea: |
| Vanger | 4:e505054279ed | 11027 | { |
| Vanger | 4:e505054279ed | 11028 | word32 idx = 0; |
| Vanger | 4:e505054279ed | 11029 | RsaKey key; |
| Vanger | 4:e505054279ed | 11030 | byte doUserRsa = 0; |
| Vanger | 4:e505054279ed | 11031 | |
| Vanger | 4:e505054279ed | 11032 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 11033 | if (ssl->ctx->RsaDecCb) |
| Vanger | 4:e505054279ed | 11034 | doUserRsa = 1; |
| Vanger | 4:e505054279ed | 11035 | #endif |
| Vanger | 4:e505054279ed | 11036 | |
| Vanger | 4:e505054279ed | 11037 | ret = InitRsaKey(&key, ssl->heap); |
| Vanger | 4:e505054279ed | 11038 | if (ret != 0) return ret; |
| Vanger | 4:e505054279ed | 11039 | |
| Vanger | 4:e505054279ed | 11040 | if (ssl->buffers.key.buffer) |
| Vanger | 4:e505054279ed | 11041 | ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, |
| Vanger | 4:e505054279ed | 11042 | &key, ssl->buffers.key.length); |
| Vanger | 4:e505054279ed | 11043 | else |
| Vanger | 4:e505054279ed | 11044 | return NO_PRIVATE_KEY; |
| Vanger | 4:e505054279ed | 11045 | |
| Vanger | 4:e505054279ed | 11046 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 11047 | length = RsaEncryptSize(&key); |
| Vanger | 4:e505054279ed | 11048 | ssl->arrays->preMasterSz = SECRET_LEN; |
| Vanger | 4:e505054279ed | 11049 | |
| Vanger | 4:e505054279ed | 11050 | if (ssl->options.tls) { |
| Vanger | 4:e505054279ed | 11051 | word16 check; |
| Vanger | 4:e505054279ed | 11052 | |
| Vanger | 4:e505054279ed | 11053 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 11054 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11055 | |
| Vanger | 4:e505054279ed | 11056 | ato16(input + *inOutIdx, &check); |
| Vanger | 4:e505054279ed | 11057 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 11058 | |
| Vanger | 4:e505054279ed | 11059 | if ((word32) check != length) { |
| Vanger | 4:e505054279ed | 11060 | CYASSL_MSG("RSA explicit size doesn't match"); |
| Vanger | 4:e505054279ed | 11061 | FreeRsaKey(&key); |
| Vanger | 4:e505054279ed | 11062 | return RSA_PRIVATE_ERROR; |
| Vanger | 4:e505054279ed | 11063 | } |
| Vanger | 4:e505054279ed | 11064 | } |
| Vanger | 4:e505054279ed | 11065 | |
| Vanger | 4:e505054279ed | 11066 | if ((*inOutIdx - begin) + length > size) { |
| Vanger | 4:e505054279ed | 11067 | CYASSL_MSG("RSA message too big"); |
| Vanger | 4:e505054279ed | 11068 | FreeRsaKey(&key); |
| Vanger | 4:e505054279ed | 11069 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11070 | } |
| Vanger | 4:e505054279ed | 11071 | |
| Vanger | 4:e505054279ed | 11072 | if (doUserRsa) { |
| Vanger | 4:e505054279ed | 11073 | #ifdef HAVE_PK_CALLBACKS |
| Vanger | 4:e505054279ed | 11074 | ret = ssl->ctx->RsaDecCb(ssl, |
| Vanger | 4:e505054279ed | 11075 | input + *inOutIdx, length, &out, |
| Vanger | 4:e505054279ed | 11076 | ssl->buffers.key.buffer, |
| Vanger | 4:e505054279ed | 11077 | ssl->buffers.key.length, |
| Vanger | 4:e505054279ed | 11078 | ssl->RsaDecCtx); |
| Vanger | 4:e505054279ed | 11079 | #endif |
| Vanger | 4:e505054279ed | 11080 | } |
| Vanger | 4:e505054279ed | 11081 | else { |
| Vanger | 4:e505054279ed | 11082 | ret = RsaPrivateDecryptInline(input + *inOutIdx, length, |
| Vanger | 4:e505054279ed | 11083 | &out, &key); |
| Vanger | 4:e505054279ed | 11084 | } |
| Vanger | 4:e505054279ed | 11085 | |
| Vanger | 4:e505054279ed | 11086 | *inOutIdx += length; |
| Vanger | 4:e505054279ed | 11087 | |
| Vanger | 4:e505054279ed | 11088 | if (ret == SECRET_LEN) { |
| Vanger | 4:e505054279ed | 11089 | XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN); |
| Vanger | 4:e505054279ed | 11090 | if (ssl->arrays->preMasterSecret[0] != |
| Vanger | 4:e505054279ed | 11091 | ssl->chVersion.major |
| Vanger | 4:e505054279ed | 11092 | || ssl->arrays->preMasterSecret[1] != |
| Vanger | 4:e505054279ed | 11093 | ssl->chVersion.minor) |
| Vanger | 4:e505054279ed | 11094 | ret = PMS_VERSION_ERROR; |
| Vanger | 4:e505054279ed | 11095 | else |
| Vanger | 4:e505054279ed | 11096 | ret = MakeMasterSecret(ssl); |
| Vanger | 4:e505054279ed | 11097 | } |
| Vanger | 4:e505054279ed | 11098 | else { |
| Vanger | 4:e505054279ed | 11099 | ret = RSA_PRIVATE_ERROR; |
| Vanger | 4:e505054279ed | 11100 | } |
| Vanger | 4:e505054279ed | 11101 | } |
| Vanger | 4:e505054279ed | 11102 | |
| Vanger | 4:e505054279ed | 11103 | FreeRsaKey(&key); |
| Vanger | 4:e505054279ed | 11104 | } |
| Vanger | 4:e505054279ed | 11105 | break; |
| Vanger | 4:e505054279ed | 11106 | #endif |
| Vanger | 4:e505054279ed | 11107 | #ifndef NO_PSK |
| Vanger | 4:e505054279ed | 11108 | case psk_kea: |
| Vanger | 4:e505054279ed | 11109 | { |
| Vanger | 4:e505054279ed | 11110 | byte* pms = ssl->arrays->preMasterSecret; |
| Vanger | 4:e505054279ed | 11111 | word16 ci_sz; |
| Vanger | 4:e505054279ed | 11112 | |
| Vanger | 4:e505054279ed | 11113 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 11114 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11115 | |
| Vanger | 4:e505054279ed | 11116 | ato16(input + *inOutIdx, &ci_sz); |
| Vanger | 4:e505054279ed | 11117 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 11118 | |
| Vanger | 4:e505054279ed | 11119 | if (ci_sz > MAX_PSK_ID_LEN) |
| Vanger | 4:e505054279ed | 11120 | return CLIENT_ID_ERROR; |
| Vanger | 4:e505054279ed | 11121 | |
| Vanger | 4:e505054279ed | 11122 | if ((*inOutIdx - begin) + ci_sz > size) |
| Vanger | 4:e505054279ed | 11123 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11124 | |
| Vanger | 4:e505054279ed | 11125 | XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz); |
| Vanger | 4:e505054279ed | 11126 | *inOutIdx += ci_sz; |
| Vanger | 4:e505054279ed | 11127 | |
| Vanger | 4:e505054279ed | 11128 | ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0; |
| Vanger | 4:e505054279ed | 11129 | ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, |
| Vanger | 4:e505054279ed | 11130 | ssl->arrays->client_identity, ssl->arrays->psk_key, |
| Vanger | 4:e505054279ed | 11131 | MAX_PSK_KEY_LEN); |
| Vanger | 4:e505054279ed | 11132 | |
| Vanger | 4:e505054279ed | 11133 | if (ssl->arrays->psk_keySz == 0 || |
| Vanger | 4:e505054279ed | 11134 | ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) |
| Vanger | 4:e505054279ed | 11135 | return PSK_KEY_ERROR; |
| Vanger | 4:e505054279ed | 11136 | |
| Vanger | 4:e505054279ed | 11137 | /* make psk pre master secret */ |
| Vanger | 4:e505054279ed | 11138 | /* length of key + length 0s + length of key + key */ |
| Vanger | 4:e505054279ed | 11139 | c16toa((word16) ssl->arrays->psk_keySz, pms); |
| Vanger | 4:e505054279ed | 11140 | pms += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 11141 | |
| Vanger | 4:e505054279ed | 11142 | XMEMSET(pms, 0, ssl->arrays->psk_keySz); |
| Vanger | 4:e505054279ed | 11143 | pms += ssl->arrays->psk_keySz; |
| Vanger | 4:e505054279ed | 11144 | |
| Vanger | 4:e505054279ed | 11145 | c16toa((word16) ssl->arrays->psk_keySz, pms); |
| Vanger | 4:e505054279ed | 11146 | pms += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 11147 | |
| Vanger | 4:e505054279ed | 11148 | XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); |
| Vanger | 4:e505054279ed | 11149 | ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; |
| Vanger | 4:e505054279ed | 11150 | |
| Vanger | 4:e505054279ed | 11151 | ret = MakeMasterSecret(ssl); |
| Vanger | 4:e505054279ed | 11152 | |
| Vanger | 4:e505054279ed | 11153 | /* No further need for PSK */ |
| Vanger | 4:e505054279ed | 11154 | XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); |
| Vanger | 4:e505054279ed | 11155 | ssl->arrays->psk_keySz = 0; |
| Vanger | 4:e505054279ed | 11156 | } |
| Vanger | 4:e505054279ed | 11157 | break; |
| Vanger | 4:e505054279ed | 11158 | #endif /* NO_PSK */ |
| Vanger | 4:e505054279ed | 11159 | #ifdef HAVE_NTRU |
| Vanger | 4:e505054279ed | 11160 | case ntru_kea: |
| Vanger | 4:e505054279ed | 11161 | { |
| Vanger | 4:e505054279ed | 11162 | word16 cipherLen; |
| Vanger | 4:e505054279ed | 11163 | word16 plainLen = sizeof(ssl->arrays->preMasterSecret); |
| Vanger | 4:e505054279ed | 11164 | |
| Vanger | 4:e505054279ed | 11165 | if (!ssl->buffers.key.buffer) |
| Vanger | 4:e505054279ed | 11166 | return NO_PRIVATE_KEY; |
| Vanger | 4:e505054279ed | 11167 | |
| Vanger | 4:e505054279ed | 11168 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 11169 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11170 | |
| Vanger | 4:e505054279ed | 11171 | ato16(input + *inOutIdx, &cipherLen); |
| Vanger | 4:e505054279ed | 11172 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 11173 | |
| Vanger | 4:e505054279ed | 11174 | if (cipherLen > MAX_NTRU_ENCRYPT_SZ) |
| Vanger | 4:e505054279ed | 11175 | return NTRU_KEY_ERROR; |
| Vanger | 4:e505054279ed | 11176 | |
| Vanger | 4:e505054279ed | 11177 | if ((*inOutIdx - begin) + cipherLen > size) |
| Vanger | 4:e505054279ed | 11178 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11179 | |
| Vanger | 4:e505054279ed | 11180 | if (NTRU_OK != crypto_ntru_decrypt( |
| Vanger | 4:e505054279ed | 11181 | (word16) ssl->buffers.key.length, |
| Vanger | 4:e505054279ed | 11182 | ssl->buffers.key.buffer, cipherLen, |
| Vanger | 4:e505054279ed | 11183 | input + *inOutIdx, &plainLen, |
| Vanger | 4:e505054279ed | 11184 | ssl->arrays->preMasterSecret)) |
| Vanger | 4:e505054279ed | 11185 | return NTRU_DECRYPT_ERROR; |
| Vanger | 4:e505054279ed | 11186 | |
| Vanger | 4:e505054279ed | 11187 | if (plainLen != SECRET_LEN) |
| Vanger | 4:e505054279ed | 11188 | return NTRU_DECRYPT_ERROR; |
| Vanger | 4:e505054279ed | 11189 | |
| Vanger | 4:e505054279ed | 11190 | *inOutIdx += cipherLen; |
| Vanger | 4:e505054279ed | 11191 | |
| Vanger | 4:e505054279ed | 11192 | ssl->arrays->preMasterSz = plainLen; |
| Vanger | 4:e505054279ed | 11193 | ret = MakeMasterSecret(ssl); |
| Vanger | 4:e505054279ed | 11194 | } |
| Vanger | 4:e505054279ed | 11195 | break; |
| Vanger | 4:e505054279ed | 11196 | #endif /* HAVE_NTRU */ |
| Vanger | 4:e505054279ed | 11197 | #ifdef HAVE_ECC |
| Vanger | 4:e505054279ed | 11198 | case ecc_diffie_hellman_kea: |
| Vanger | 4:e505054279ed | 11199 | { |
| Vanger | 4:e505054279ed | 11200 | if ((*inOutIdx - begin) + OPAQUE8_LEN > size) |
| Vanger | 4:e505054279ed | 11201 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11202 | |
| Vanger | 4:e505054279ed | 11203 | length = input[(*inOutIdx)++]; |
| Vanger | 4:e505054279ed | 11204 | |
| Vanger | 4:e505054279ed | 11205 | if ((*inOutIdx - begin) + length > size) |
| Vanger | 4:e505054279ed | 11206 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11207 | |
| Vanger | 4:e505054279ed | 11208 | if (ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey)) |
| Vanger | 4:e505054279ed | 11209 | return ECC_PEERKEY_ERROR; |
| Vanger | 4:e505054279ed | 11210 | |
| Vanger | 4:e505054279ed | 11211 | *inOutIdx += length; |
| Vanger | 4:e505054279ed | 11212 | ssl->peerEccKeyPresent = 1; |
| Vanger | 4:e505054279ed | 11213 | |
| Vanger | 4:e505054279ed | 11214 | length = sizeof(ssl->arrays->preMasterSecret); |
| Vanger | 4:e505054279ed | 11215 | |
| Vanger | 4:e505054279ed | 11216 | if (ssl->specs.static_ecdh) { |
| Vanger | 4:e505054279ed | 11217 | ecc_key staticKey; |
| Vanger | 4:e505054279ed | 11218 | word32 i = 0; |
| Vanger | 4:e505054279ed | 11219 | |
| Vanger | 4:e505054279ed | 11220 | ecc_init(&staticKey); |
| Vanger | 4:e505054279ed | 11221 | ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i, |
| Vanger | 4:e505054279ed | 11222 | &staticKey, ssl->buffers.key.length); |
| Vanger | 4:e505054279ed | 11223 | |
| Vanger | 4:e505054279ed | 11224 | if (ret == 0) |
| Vanger | 4:e505054279ed | 11225 | ret = ecc_shared_secret(&staticKey, ssl->peerEccKey, |
| Vanger | 4:e505054279ed | 11226 | ssl->arrays->preMasterSecret, &length); |
| Vanger | 4:e505054279ed | 11227 | |
| Vanger | 4:e505054279ed | 11228 | ecc_free(&staticKey); |
| Vanger | 4:e505054279ed | 11229 | } |
| Vanger | 4:e505054279ed | 11230 | else |
| Vanger | 4:e505054279ed | 11231 | ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey, |
| Vanger | 4:e505054279ed | 11232 | ssl->arrays->preMasterSecret, &length); |
| Vanger | 4:e505054279ed | 11233 | |
| Vanger | 4:e505054279ed | 11234 | if (ret != 0) |
| Vanger | 4:e505054279ed | 11235 | return ECC_SHARED_ERROR; |
| Vanger | 4:e505054279ed | 11236 | |
| Vanger | 4:e505054279ed | 11237 | ssl->arrays->preMasterSz = length; |
| Vanger | 4:e505054279ed | 11238 | ret = MakeMasterSecret(ssl); |
| Vanger | 4:e505054279ed | 11239 | } |
| Vanger | 4:e505054279ed | 11240 | break; |
| Vanger | 4:e505054279ed | 11241 | #endif /* HAVE_ECC */ |
| Vanger | 4:e505054279ed | 11242 | #ifdef OPENSSL_EXTRA |
| Vanger | 4:e505054279ed | 11243 | case diffie_hellman_kea: |
| Vanger | 4:e505054279ed | 11244 | { |
| Vanger | 4:e505054279ed | 11245 | word16 clientPubSz; |
| Vanger | 4:e505054279ed | 11246 | DhKey dhKey; |
| Vanger | 4:e505054279ed | 11247 | |
| Vanger | 4:e505054279ed | 11248 | if ((*inOutIdx - begin) + OPAQUE16_LEN > size) |
| Vanger | 4:e505054279ed | 11249 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11250 | |
| Vanger | 4:e505054279ed | 11251 | ato16(input + *inOutIdx, &clientPubSz); |
| Vanger | 4:e505054279ed | 11252 | *inOutIdx += OPAQUE16_LEN; |
| Vanger | 4:e505054279ed | 11253 | |
| Vanger | 4:e505054279ed | 11254 | if ((*inOutIdx - begin) + clientPubSz > size) |
| Vanger | 4:e505054279ed | 11255 | return BUFFER_ERROR; |
| Vanger | 4:e505054279ed | 11256 | |
| Vanger | 4:e505054279ed | 11257 | InitDhKey(&dhKey); |
| Vanger | 4:e505054279ed | 11258 | ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer, |
| Vanger | 4:e505054279ed | 11259 | ssl->buffers.serverDH_P.length, |
| Vanger | 4:e505054279ed | 11260 | ssl->buffers.serverDH_G.buffer, |
| Vanger | 4:e505054279ed | 11261 | ssl->buffers.serverDH_G.length); |
| Vanger | 4:e505054279ed | 11262 | if (ret == 0) |
| Vanger | 4:e505054279ed | 11263 | ret = DhAgree(&dhKey, ssl->arrays->preMasterSecret, |
| Vanger | 4:e505054279ed | 11264 | &ssl->arrays->preMasterSz, |
| Vanger | 4:e505054279ed | 11265 | ssl->buffers.serverDH_Priv.buffer, |
| Vanger | 4:e505054279ed | 11266 | ssl->buffers.serverDH_Priv.length, |
| Vanger | 4:e505054279ed | 11267 | input + *inOutIdx, clientPubSz); |
| Vanger | 4:e505054279ed | 11268 | FreeDhKey(&dhKey); |
| Vanger | 4:e505054279ed | 11269 | |
| Vanger | 4:e505054279ed | 11270 | *inOutIdx += clientPubSz; |
| Vanger | 4:e505054279ed | 11271 | |
| Vanger | 4:e505054279ed | 11272 | if (ret == 0) |
| Vanger | 4:e505054279ed | 11273 | ret = MakeMasterSecret(ssl); |
| Vanger | 4:e505054279ed | 11274 | } |
| Vanger | 4:e505054279ed | 11275 | break; |
| Vanger | 4:e505054279ed | 11276 | #endif /* OPENSSL_EXTRA */ |
| Vanger | 4:e505054279ed | 11277 | default: |
| Vanger | 4:e505054279ed | 11278 | { |
| Vanger | 4:e505054279ed | 11279 | CYASSL_MSG("Bad kea type"); |
| Vanger | 4:e505054279ed | 11280 | ret = BAD_KEA_TYPE_E; |
| Vanger | 4:e505054279ed | 11281 | } |
| Vanger | 4:e505054279ed | 11282 | break; |
| Vanger | 4:e505054279ed | 11283 | } |
| Vanger | 4:e505054279ed | 11284 | |
| Vanger | 4:e505054279ed | 11285 | /* No further need for PMS */ |
| Vanger | 4:e505054279ed | 11286 | XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz); |
| Vanger | 4:e505054279ed | 11287 | ssl->arrays->preMasterSz = 0; |
| Vanger | 4:e505054279ed | 11288 | |
| Vanger | 4:e505054279ed | 11289 | if (ret == 0) { |
| Vanger | 4:e505054279ed | 11290 | ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; |
| Vanger | 4:e505054279ed | 11291 | #ifndef NO_CERTS |
| Vanger | 4:e505054279ed | 11292 | if (ssl->options.verifyPeer) |
| Vanger | 4:e505054279ed | 11293 | ret = BuildCertHashes(ssl, &ssl->certHashes); |
| Vanger | 4:e505054279ed | 11294 | #endif |
| Vanger | 4:e505054279ed | 11295 | } |
| Vanger | 4:e505054279ed | 11296 | |
| Vanger | 4:e505054279ed | 11297 | return ret; |
| Vanger | 4:e505054279ed | 11298 | } |
| Vanger | 4:e505054279ed | 11299 | |
| Vanger | 4:e505054279ed | 11300 | #endif /* NO_CYASSL_SERVER */ |
| Vanger | 4:e505054279ed | 11301 |