cyassl re-port with cellular comms, PSK test
Dependencies: VodafoneUSBModem_bleedingedge2 mbed-rtos mbed-src
cyassllib/ssl.c@0:e979170e02e7, 2013-04-26 (annotated)
- Committer:
- ashleymills
- Date:
- Fri Apr 26 16:54:58 2013 +0000
- Revision:
- 0:e979170e02e7
Basic operation of SSL with PSK working for cellular.
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
ashleymills | 0:e979170e02e7 | 1 | /* ssl.c |
ashleymills | 0:e979170e02e7 | 2 | * |
ashleymills | 0:e979170e02e7 | 3 | * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. |
ashleymills | 0:e979170e02e7 | 4 | * |
ashleymills | 0:e979170e02e7 | 5 | * This file is part of CyaSSL. |
ashleymills | 0:e979170e02e7 | 6 | * |
ashleymills | 0:e979170e02e7 | 7 | * CyaSSL is free software; you can redistribute it and/or modify |
ashleymills | 0:e979170e02e7 | 8 | * it under the terms of the GNU General Public License as published by |
ashleymills | 0:e979170e02e7 | 9 | * the Free Software Foundation; either version 2 of the License, or |
ashleymills | 0:e979170e02e7 | 10 | * (at your option) any later version. |
ashleymills | 0:e979170e02e7 | 11 | * |
ashleymills | 0:e979170e02e7 | 12 | * CyaSSL is distributed in the hope that it will be useful, |
ashleymills | 0:e979170e02e7 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
ashleymills | 0:e979170e02e7 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
ashleymills | 0:e979170e02e7 | 15 | * GNU General Public License for more details. |
ashleymills | 0:e979170e02e7 | 16 | * |
ashleymills | 0:e979170e02e7 | 17 | * You should have received a copy of the GNU General Public License |
ashleymills | 0:e979170e02e7 | 18 | * along with this program; if not, write to the Free Software |
ashleymills | 0:e979170e02e7 | 19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA |
ashleymills | 0:e979170e02e7 | 20 | */ |
ashleymills | 0:e979170e02e7 | 21 | |
ashleymills | 0:e979170e02e7 | 22 | #ifdef HAVE_CONFIG_H |
ashleymills | 0:e979170e02e7 | 23 | #include <config.h> |
ashleymills | 0:e979170e02e7 | 24 | #endif |
ashleymills | 0:e979170e02e7 | 25 | |
ashleymills | 0:e979170e02e7 | 26 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:e979170e02e7 | 27 | #include <errno.h> |
ashleymills | 0:e979170e02e7 | 28 | #endif |
ashleymills | 0:e979170e02e7 | 29 | |
ashleymills | 0:e979170e02e7 | 30 | #define TRUE 1 |
ashleymills | 0:e979170e02e7 | 31 | #define FALSE 0 |
ashleymills | 0:e979170e02e7 | 32 | |
ashleymills | 0:e979170e02e7 | 33 | #include <cyassl/ssl.h> |
ashleymills | 0:e979170e02e7 | 34 | #include <cyassl/internal.h> |
ashleymills | 0:e979170e02e7 | 35 | #include <cyassl/error.h> |
ashleymills | 0:e979170e02e7 | 36 | #include <cyassl/ctaocrypt/coding.h> |
ashleymills | 0:e979170e02e7 | 37 | |
ashleymills | 0:e979170e02e7 | 38 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
ashleymills | 0:e979170e02e7 | 39 | #include <cyassl/openssl/evp.h> |
ashleymills | 0:e979170e02e7 | 40 | #endif |
ashleymills | 0:e979170e02e7 | 41 | |
ashleymills | 0:e979170e02e7 | 42 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:e979170e02e7 | 43 | /* openssl headers begin */ |
ashleymills | 0:e979170e02e7 | 44 | #include <cyassl/openssl/hmac.h> |
ashleymills | 0:e979170e02e7 | 45 | #include <cyassl/openssl/crypto.h> |
ashleymills | 0:e979170e02e7 | 46 | #include <cyassl/openssl/des.h> |
ashleymills | 0:e979170e02e7 | 47 | #include <cyassl/openssl/bn.h> |
ashleymills | 0:e979170e02e7 | 48 | #include <cyassl/openssl/dh.h> |
ashleymills | 0:e979170e02e7 | 49 | #include <cyassl/openssl/rsa.h> |
ashleymills | 0:e979170e02e7 | 50 | #include <cyassl/openssl/pem.h> |
ashleymills | 0:e979170e02e7 | 51 | /* openssl headers end, cyassl internal headers next */ |
ashleymills | 0:e979170e02e7 | 52 | #include <cyassl/ctaocrypt/hmac.h> |
ashleymills | 0:e979170e02e7 | 53 | #include <cyassl/ctaocrypt/random.h> |
ashleymills | 0:e979170e02e7 | 54 | #include <cyassl/ctaocrypt/des3.h> |
ashleymills | 0:e979170e02e7 | 55 | #include <cyassl/ctaocrypt/md4.h> |
ashleymills | 0:e979170e02e7 | 56 | #include <cyassl/ctaocrypt/md5.h> |
ashleymills | 0:e979170e02e7 | 57 | #include <cyassl/ctaocrypt/arc4.h> |
ashleymills | 0:e979170e02e7 | 58 | #ifdef CYASSL_SHA512 |
ashleymills | 0:e979170e02e7 | 59 | #include <cyassl/ctaocrypt/sha512.h> |
ashleymills | 0:e979170e02e7 | 60 | #endif |
ashleymills | 0:e979170e02e7 | 61 | #endif |
ashleymills | 0:e979170e02e7 | 62 | |
ashleymills | 0:e979170e02e7 | 63 | #ifndef NO_FILESYSTEM |
ashleymills | 0:e979170e02e7 | 64 | #if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \ |
ashleymills | 0:e979170e02e7 | 65 | && !defined(EBSNET) |
ashleymills | 0:e979170e02e7 | 66 | #include <dirent.h> |
ashleymills | 0:e979170e02e7 | 67 | #endif |
ashleymills | 0:e979170e02e7 | 68 | #ifdef EBSNET |
ashleymills | 0:e979170e02e7 | 69 | #include "vfapi.h" |
ashleymills | 0:e979170e02e7 | 70 | #include "vfile.h" |
ashleymills | 0:e979170e02e7 | 71 | #endif |
ashleymills | 0:e979170e02e7 | 72 | #endif /* NO_FILESYSTEM */ |
ashleymills | 0:e979170e02e7 | 73 | |
ashleymills | 0:e979170e02e7 | 74 | |
ashleymills | 0:e979170e02e7 | 75 | #ifndef min |
ashleymills | 0:e979170e02e7 | 76 | |
ashleymills | 0:e979170e02e7 | 77 | static INLINE word32 min(word32 a, word32 b) |
ashleymills | 0:e979170e02e7 | 78 | { |
ashleymills | 0:e979170e02e7 | 79 | return a > b ? b : a; |
ashleymills | 0:e979170e02e7 | 80 | } |
ashleymills | 0:e979170e02e7 | 81 | |
ashleymills | 0:e979170e02e7 | 82 | #endif /* min */ |
ashleymills | 0:e979170e02e7 | 83 | |
ashleymills | 0:e979170e02e7 | 84 | |
ashleymills | 0:e979170e02e7 | 85 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:e979170e02e7 | 86 | char* mystrnstr(const char* s1, const char* s2, unsigned int n) |
ashleymills | 0:e979170e02e7 | 87 | { |
ashleymills | 0:e979170e02e7 | 88 | unsigned int s2_len = (unsigned int)XSTRLEN(s2); |
ashleymills | 0:e979170e02e7 | 89 | |
ashleymills | 0:e979170e02e7 | 90 | if (s2_len == 0) |
ashleymills | 0:e979170e02e7 | 91 | return (char*)s1; |
ashleymills | 0:e979170e02e7 | 92 | |
ashleymills | 0:e979170e02e7 | 93 | while (n >= s2_len && s1[0]) { |
ashleymills | 0:e979170e02e7 | 94 | if (s1[0] == s2[0]) |
ashleymills | 0:e979170e02e7 | 95 | if (XMEMCMP(s1, s2, s2_len) == 0) |
ashleymills | 0:e979170e02e7 | 96 | return (char*)s1; |
ashleymills | 0:e979170e02e7 | 97 | s1++; |
ashleymills | 0:e979170e02e7 | 98 | n--; |
ashleymills | 0:e979170e02e7 | 99 | } |
ashleymills | 0:e979170e02e7 | 100 | |
ashleymills | 0:e979170e02e7 | 101 | return NULL; |
ashleymills | 0:e979170e02e7 | 102 | } |
ashleymills | 0:e979170e02e7 | 103 | #endif |
ashleymills | 0:e979170e02e7 | 104 | |
ashleymills | 0:e979170e02e7 | 105 | |
ashleymills | 0:e979170e02e7 | 106 | /* prevent multiple mutex initializations */ |
ashleymills | 0:e979170e02e7 | 107 | static volatile int initRefCount = 0; |
ashleymills | 0:e979170e02e7 | 108 | static CyaSSL_Mutex count_mutex; /* init ref count mutex */ |
ashleymills | 0:e979170e02e7 | 109 | |
ashleymills | 0:e979170e02e7 | 110 | |
ashleymills | 0:e979170e02e7 | 111 | |
ashleymills | 0:e979170e02e7 | 112 | CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD* method) |
ashleymills | 0:e979170e02e7 | 113 | { |
ashleymills | 0:e979170e02e7 | 114 | CYASSL_CTX* ctx = NULL; |
ashleymills | 0:e979170e02e7 | 115 | |
ashleymills | 0:e979170e02e7 | 116 | CYASSL_ENTER("CYASSL_CTX_new"); |
ashleymills | 0:e979170e02e7 | 117 | |
ashleymills | 0:e979170e02e7 | 118 | if (initRefCount == 0) |
ashleymills | 0:e979170e02e7 | 119 | CyaSSL_Init(); /* user no longer forced to call Init themselves */ |
ashleymills | 0:e979170e02e7 | 120 | |
ashleymills | 0:e979170e02e7 | 121 | if (method == NULL) |
ashleymills | 0:e979170e02e7 | 122 | return ctx; |
ashleymills | 0:e979170e02e7 | 123 | |
ashleymills | 0:e979170e02e7 | 124 | ctx = (CYASSL_CTX*) XMALLOC(sizeof(CYASSL_CTX), 0, DYNAMIC_TYPE_CTX); |
ashleymills | 0:e979170e02e7 | 125 | if (ctx) { |
ashleymills | 0:e979170e02e7 | 126 | if (InitSSL_Ctx(ctx, method) < 0) { |
ashleymills | 0:e979170e02e7 | 127 | CYASSL_MSG("Init CTX failed"); |
ashleymills | 0:e979170e02e7 | 128 | CyaSSL_CTX_free(ctx); |
ashleymills | 0:e979170e02e7 | 129 | ctx = NULL; |
ashleymills | 0:e979170e02e7 | 130 | } |
ashleymills | 0:e979170e02e7 | 131 | } |
ashleymills | 0:e979170e02e7 | 132 | |
ashleymills | 0:e979170e02e7 | 133 | CYASSL_LEAVE("CYASSL_CTX_new", 0); |
ashleymills | 0:e979170e02e7 | 134 | return ctx; |
ashleymills | 0:e979170e02e7 | 135 | } |
ashleymills | 0:e979170e02e7 | 136 | |
ashleymills | 0:e979170e02e7 | 137 | |
ashleymills | 0:e979170e02e7 | 138 | void CyaSSL_CTX_free(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 139 | { |
ashleymills | 0:e979170e02e7 | 140 | CYASSL_ENTER("SSL_CTX_free"); |
ashleymills | 0:e979170e02e7 | 141 | if (ctx) |
ashleymills | 0:e979170e02e7 | 142 | FreeSSL_Ctx(ctx); |
ashleymills | 0:e979170e02e7 | 143 | CYASSL_LEAVE("SSL_CTX_free", 0); |
ashleymills | 0:e979170e02e7 | 144 | } |
ashleymills | 0:e979170e02e7 | 145 | |
ashleymills | 0:e979170e02e7 | 146 | |
ashleymills | 0:e979170e02e7 | 147 | CYASSL* CyaSSL_new(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 148 | { |
ashleymills | 0:e979170e02e7 | 149 | CYASSL* ssl = NULL; |
ashleymills | 0:e979170e02e7 | 150 | |
ashleymills | 0:e979170e02e7 | 151 | CYASSL_ENTER("SSL_new"); |
ashleymills | 0:e979170e02e7 | 152 | |
ashleymills | 0:e979170e02e7 | 153 | if (ctx == NULL) |
ashleymills | 0:e979170e02e7 | 154 | return ssl; |
ashleymills | 0:e979170e02e7 | 155 | |
ashleymills | 0:e979170e02e7 | 156 | ssl = (CYASSL*) XMALLOC(sizeof(CYASSL), ctx->heap,DYNAMIC_TYPE_SSL); |
ashleymills | 0:e979170e02e7 | 157 | if (ssl) |
ashleymills | 0:e979170e02e7 | 158 | if (InitSSL(ssl, ctx) < 0) { |
ashleymills | 0:e979170e02e7 | 159 | FreeSSL(ssl); |
ashleymills | 0:e979170e02e7 | 160 | ssl = 0; |
ashleymills | 0:e979170e02e7 | 161 | } |
ashleymills | 0:e979170e02e7 | 162 | |
ashleymills | 0:e979170e02e7 | 163 | CYASSL_LEAVE("SSL_new", 0); |
ashleymills | 0:e979170e02e7 | 164 | return ssl; |
ashleymills | 0:e979170e02e7 | 165 | } |
ashleymills | 0:e979170e02e7 | 166 | |
ashleymills | 0:e979170e02e7 | 167 | |
ashleymills | 0:e979170e02e7 | 168 | void CyaSSL_free(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 169 | { |
ashleymills | 0:e979170e02e7 | 170 | CYASSL_ENTER("SSL_free"); |
ashleymills | 0:e979170e02e7 | 171 | if (ssl) |
ashleymills | 0:e979170e02e7 | 172 | FreeSSL(ssl); |
ashleymills | 0:e979170e02e7 | 173 | CYASSL_LEAVE("SSL_free", 0); |
ashleymills | 0:e979170e02e7 | 174 | } |
ashleymills | 0:e979170e02e7 | 175 | |
ashleymills | 0:e979170e02e7 | 176 | |
ashleymills | 0:e979170e02e7 | 177 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:e979170e02e7 | 178 | int CyaSSL_set_fd(CYASSL* ssl, int fd) |
ashleymills | 0:e979170e02e7 | 179 | { |
ashleymills | 0:e979170e02e7 | 180 | CYASSL_ENTER("SSL_set_fd"); |
ashleymills | 0:e979170e02e7 | 181 | ssl->rfd = fd; /* not used directly to allow IO callbacks */ |
ashleymills | 0:e979170e02e7 | 182 | ssl->wfd = fd; |
ashleymills | 0:e979170e02e7 | 183 | |
ashleymills | 0:e979170e02e7 | 184 | ssl->IOCB_ReadCtx = &ssl->rfd; |
ashleymills | 0:e979170e02e7 | 185 | ssl->IOCB_WriteCtx = &ssl->wfd; |
ashleymills | 0:e979170e02e7 | 186 | |
ashleymills | 0:e979170e02e7 | 187 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 188 | if (ssl->options.dtls) { |
ashleymills | 0:e979170e02e7 | 189 | ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; |
ashleymills | 0:e979170e02e7 | 190 | ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx; |
ashleymills | 0:e979170e02e7 | 191 | ssl->buffers.dtlsCtx.fd = fd; |
ashleymills | 0:e979170e02e7 | 192 | } |
ashleymills | 0:e979170e02e7 | 193 | #endif |
ashleymills | 0:e979170e02e7 | 194 | |
ashleymills | 0:e979170e02e7 | 195 | CYASSL_LEAVE("SSL_set_fd", SSL_SUCCESS); |
ashleymills | 0:e979170e02e7 | 196 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 197 | } |
ashleymills | 0:e979170e02e7 | 198 | |
ashleymills | 0:e979170e02e7 | 199 | |
ashleymills | 0:e979170e02e7 | 200 | int CyaSSL_get_fd(const CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 201 | { |
ashleymills | 0:e979170e02e7 | 202 | CYASSL_ENTER("SSL_get_fd"); |
ashleymills | 0:e979170e02e7 | 203 | CYASSL_LEAVE("SSL_get_fd", ssl->rfd); |
ashleymills | 0:e979170e02e7 | 204 | return ssl->rfd; |
ashleymills | 0:e979170e02e7 | 205 | } |
ashleymills | 0:e979170e02e7 | 206 | #endif |
ashleymills | 0:e979170e02e7 | 207 | |
ashleymills | 0:e979170e02e7 | 208 | |
ashleymills | 0:e979170e02e7 | 209 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:e979170e02e7 | 210 | void CyaSSL_set_using_nonblock(CYASSL* ssl, int nonblock) |
ashleymills | 0:e979170e02e7 | 211 | { |
ashleymills | 0:e979170e02e7 | 212 | CYASSL_ENTER("CyaSSL_set_using_nonblock"); |
ashleymills | 0:e979170e02e7 | 213 | ssl->options.usingNonblock = (nonblock != 0); |
ashleymills | 0:e979170e02e7 | 214 | } |
ashleymills | 0:e979170e02e7 | 215 | |
ashleymills | 0:e979170e02e7 | 216 | |
ashleymills | 0:e979170e02e7 | 217 | int CyaSSL_get_using_nonblock(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 218 | { |
ashleymills | 0:e979170e02e7 | 219 | CYASSL_ENTER("CyaSSL_get_using_nonblock"); |
ashleymills | 0:e979170e02e7 | 220 | CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock); |
ashleymills | 0:e979170e02e7 | 221 | return ssl->options.usingNonblock; |
ashleymills | 0:e979170e02e7 | 222 | } |
ashleymills | 0:e979170e02e7 | 223 | |
ashleymills | 0:e979170e02e7 | 224 | |
ashleymills | 0:e979170e02e7 | 225 | int CyaSSL_dtls(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 226 | { |
ashleymills | 0:e979170e02e7 | 227 | return ssl->options.dtls; |
ashleymills | 0:e979170e02e7 | 228 | } |
ashleymills | 0:e979170e02e7 | 229 | |
ashleymills | 0:e979170e02e7 | 230 | |
ashleymills | 0:e979170e02e7 | 231 | int CyaSSL_dtls_set_peer(CYASSL* ssl, void* peer, unsigned int peerSz) |
ashleymills | 0:e979170e02e7 | 232 | { |
ashleymills | 0:e979170e02e7 | 233 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 234 | void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR); |
ashleymills | 0:e979170e02e7 | 235 | if (sa != NULL) { |
ashleymills | 0:e979170e02e7 | 236 | XMEMCPY(sa, peer, peerSz); |
ashleymills | 0:e979170e02e7 | 237 | ssl->buffers.dtlsCtx.peer.sa = sa; |
ashleymills | 0:e979170e02e7 | 238 | ssl->buffers.dtlsCtx.peer.sz = peerSz; |
ashleymills | 0:e979170e02e7 | 239 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 240 | } |
ashleymills | 0:e979170e02e7 | 241 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 242 | #else |
ashleymills | 0:e979170e02e7 | 243 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 244 | (void)peer; |
ashleymills | 0:e979170e02e7 | 245 | (void)peerSz; |
ashleymills | 0:e979170e02e7 | 246 | return SSL_NOT_IMPLEMENTED; |
ashleymills | 0:e979170e02e7 | 247 | #endif |
ashleymills | 0:e979170e02e7 | 248 | } |
ashleymills | 0:e979170e02e7 | 249 | |
ashleymills | 0:e979170e02e7 | 250 | int CyaSSL_dtls_get_peer(CYASSL* ssl, void* peer, unsigned int* peerSz) |
ashleymills | 0:e979170e02e7 | 251 | { |
ashleymills | 0:e979170e02e7 | 252 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 253 | if (peer != NULL && peerSz != NULL |
ashleymills | 0:e979170e02e7 | 254 | && *peerSz >= ssl->buffers.dtlsCtx.peer.sz) { |
ashleymills | 0:e979170e02e7 | 255 | *peerSz = ssl->buffers.dtlsCtx.peer.sz; |
ashleymills | 0:e979170e02e7 | 256 | XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz); |
ashleymills | 0:e979170e02e7 | 257 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 258 | } |
ashleymills | 0:e979170e02e7 | 259 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 260 | #else |
ashleymills | 0:e979170e02e7 | 261 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 262 | (void)peer; |
ashleymills | 0:e979170e02e7 | 263 | (void)peerSz; |
ashleymills | 0:e979170e02e7 | 264 | return SSL_NOT_IMPLEMENTED; |
ashleymills | 0:e979170e02e7 | 265 | #endif |
ashleymills | 0:e979170e02e7 | 266 | } |
ashleymills | 0:e979170e02e7 | 267 | #endif /* CYASSL_LEANPSK */ |
ashleymills | 0:e979170e02e7 | 268 | |
ashleymills | 0:e979170e02e7 | 269 | |
ashleymills | 0:e979170e02e7 | 270 | int CyaSSL_negotiate(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 271 | { |
ashleymills | 0:e979170e02e7 | 272 | int err = SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 273 | |
ashleymills | 0:e979170e02e7 | 274 | CYASSL_ENTER("CyaSSL_negotiate"); |
ashleymills | 0:e979170e02e7 | 275 | #ifndef NO_CYASSL_SERVER |
ashleymills | 0:e979170e02e7 | 276 | if (ssl->options.side == SERVER_END) |
ashleymills | 0:e979170e02e7 | 277 | err = CyaSSL_accept(ssl); |
ashleymills | 0:e979170e02e7 | 278 | #endif |
ashleymills | 0:e979170e02e7 | 279 | |
ashleymills | 0:e979170e02e7 | 280 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:e979170e02e7 | 281 | if (ssl->options.side == CLIENT_END) |
ashleymills | 0:e979170e02e7 | 282 | err = CyaSSL_connect(ssl); |
ashleymills | 0:e979170e02e7 | 283 | #endif |
ashleymills | 0:e979170e02e7 | 284 | |
ashleymills | 0:e979170e02e7 | 285 | CYASSL_LEAVE("CyaSSL_negotiate", err); |
ashleymills | 0:e979170e02e7 | 286 | |
ashleymills | 0:e979170e02e7 | 287 | if (err == SSL_SUCCESS) |
ashleymills | 0:e979170e02e7 | 288 | return 0; |
ashleymills | 0:e979170e02e7 | 289 | else |
ashleymills | 0:e979170e02e7 | 290 | return err; |
ashleymills | 0:e979170e02e7 | 291 | } |
ashleymills | 0:e979170e02e7 | 292 | |
ashleymills | 0:e979170e02e7 | 293 | |
ashleymills | 0:e979170e02e7 | 294 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:e979170e02e7 | 295 | /* object size based on build */ |
ashleymills | 0:e979170e02e7 | 296 | int CyaSSL_GetObjectSize(void) |
ashleymills | 0:e979170e02e7 | 297 | { |
ashleymills | 0:e979170e02e7 | 298 | #ifdef SHOW_SIZES |
ashleymills | 0:e979170e02e7 | 299 | printf("sizeof suites = %lu\n", sizeof(Suites)); |
ashleymills | 0:e979170e02e7 | 300 | printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers)); |
ashleymills | 0:e979170e02e7 | 301 | printf("\tsizeof arc4 = %lu\n", sizeof(Arc4)); |
ashleymills | 0:e979170e02e7 | 302 | printf("\tsizeof aes = %lu\n", sizeof(Aes)); |
ashleymills | 0:e979170e02e7 | 303 | printf("\tsizeof des3 = %lu\n", sizeof(Des3)); |
ashleymills | 0:e979170e02e7 | 304 | printf("\tsizeof rabbit = %lu\n", sizeof(Rabbit)); |
ashleymills | 0:e979170e02e7 | 305 | printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs)); |
ashleymills | 0:e979170e02e7 | 306 | printf("sizeof keys = %lu\n", sizeof(Keys)); |
ashleymills | 0:e979170e02e7 | 307 | printf("sizeof MD5 = %lu\n", sizeof(Md5)); |
ashleymills | 0:e979170e02e7 | 308 | printf("sizeof SHA = %lu\n", sizeof(Sha)); |
ashleymills | 0:e979170e02e7 | 309 | printf("sizeof SHA256 = %lu\n", sizeof(Sha256)); |
ashleymills | 0:e979170e02e7 | 310 | printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes)); |
ashleymills | 0:e979170e02e7 | 311 | printf("sizeof Buffers = %lu\n", sizeof(Buffers)); |
ashleymills | 0:e979170e02e7 | 312 | printf("sizeof Options = %lu\n", sizeof(Options)); |
ashleymills | 0:e979170e02e7 | 313 | printf("sizeof Arrays = %lu\n", sizeof(Arrays)); |
ashleymills | 0:e979170e02e7 | 314 | printf("sizeof Session = %lu\n", sizeof(CYASSL_SESSION)); |
ashleymills | 0:e979170e02e7 | 315 | printf("sizeof peerKey = %lu\n", sizeof(RsaKey)); |
ashleymills | 0:e979170e02e7 | 316 | printf("sizeof CYASSL_CIPHER = %lu\n", sizeof(CYASSL_CIPHER)); |
ashleymills | 0:e979170e02e7 | 317 | #endif |
ashleymills | 0:e979170e02e7 | 318 | |
ashleymills | 0:e979170e02e7 | 319 | return sizeof(CYASSL); |
ashleymills | 0:e979170e02e7 | 320 | } |
ashleymills | 0:e979170e02e7 | 321 | #endif |
ashleymills | 0:e979170e02e7 | 322 | |
ashleymills | 0:e979170e02e7 | 323 | /* XXX should be NO_DH */ |
ashleymills | 0:e979170e02e7 | 324 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 325 | /* server Diffie-Hellman parameters */ |
ashleymills | 0:e979170e02e7 | 326 | int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, |
ashleymills | 0:e979170e02e7 | 327 | const unsigned char* g, int gSz) |
ashleymills | 0:e979170e02e7 | 328 | { |
ashleymills | 0:e979170e02e7 | 329 | byte havePSK = 0; |
ashleymills | 0:e979170e02e7 | 330 | byte haveRSA = 1; |
ashleymills | 0:e979170e02e7 | 331 | |
ashleymills | 0:e979170e02e7 | 332 | CYASSL_ENTER("CyaSSL_SetTmpDH"); |
ashleymills | 0:e979170e02e7 | 333 | if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 334 | |
ashleymills | 0:e979170e02e7 | 335 | if (ssl->options.side != SERVER_END) |
ashleymills | 0:e979170e02e7 | 336 | return SIDE_ERROR; |
ashleymills | 0:e979170e02e7 | 337 | |
ashleymills | 0:e979170e02e7 | 338 | if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) |
ashleymills | 0:e979170e02e7 | 339 | XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 340 | if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) |
ashleymills | 0:e979170e02e7 | 341 | XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 342 | |
ashleymills | 0:e979170e02e7 | 343 | ssl->buffers.weOwnDH = 1; /* SSL owns now */ |
ashleymills | 0:e979170e02e7 | 344 | ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap, |
ashleymills | 0:e979170e02e7 | 345 | DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 346 | if (ssl->buffers.serverDH_P.buffer == NULL) |
ashleymills | 0:e979170e02e7 | 347 | return MEMORY_E; |
ashleymills | 0:e979170e02e7 | 348 | |
ashleymills | 0:e979170e02e7 | 349 | ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap, |
ashleymills | 0:e979170e02e7 | 350 | DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 351 | if (ssl->buffers.serverDH_G.buffer == NULL) { |
ashleymills | 0:e979170e02e7 | 352 | XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 353 | return MEMORY_E; |
ashleymills | 0:e979170e02e7 | 354 | } |
ashleymills | 0:e979170e02e7 | 355 | |
ashleymills | 0:e979170e02e7 | 356 | ssl->buffers.serverDH_P.length = pSz; |
ashleymills | 0:e979170e02e7 | 357 | ssl->buffers.serverDH_G.length = gSz; |
ashleymills | 0:e979170e02e7 | 358 | |
ashleymills | 0:e979170e02e7 | 359 | XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz); |
ashleymills | 0:e979170e02e7 | 360 | XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz); |
ashleymills | 0:e979170e02e7 | 361 | |
ashleymills | 0:e979170e02e7 | 362 | ssl->options.haveDH = 1; |
ashleymills | 0:e979170e02e7 | 363 | #ifndef NO_PSK |
ashleymills | 0:e979170e02e7 | 364 | havePSK = ssl->options.havePSK; |
ashleymills | 0:e979170e02e7 | 365 | #endif |
ashleymills | 0:e979170e02e7 | 366 | #ifdef NO_RSA |
ashleymills | 0:e979170e02e7 | 367 | haveRSA = 0; |
ashleymills | 0:e979170e02e7 | 368 | #endif |
ashleymills | 0:e979170e02e7 | 369 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, |
ashleymills | 0:e979170e02e7 | 370 | ssl->options.haveNTRU, ssl->options.haveECDSAsig, |
ashleymills | 0:e979170e02e7 | 371 | ssl->options.haveStaticECC, ssl->options.side); |
ashleymills | 0:e979170e02e7 | 372 | |
ashleymills | 0:e979170e02e7 | 373 | CYASSL_LEAVE("CyaSSL_SetTmpDH", 0); |
ashleymills | 0:e979170e02e7 | 374 | return 0; |
ashleymills | 0:e979170e02e7 | 375 | } |
ashleymills | 0:e979170e02e7 | 376 | #endif /* !NO_CERTS */ |
ashleymills | 0:e979170e02e7 | 377 | |
ashleymills | 0:e979170e02e7 | 378 | |
ashleymills | 0:e979170e02e7 | 379 | int CyaSSL_write(CYASSL* ssl, const void* data, int sz) |
ashleymills | 0:e979170e02e7 | 380 | { |
ashleymills | 0:e979170e02e7 | 381 | int ret; |
ashleymills | 0:e979170e02e7 | 382 | |
ashleymills | 0:e979170e02e7 | 383 | CYASSL_ENTER("SSL_write()"); |
ashleymills | 0:e979170e02e7 | 384 | |
ashleymills | 0:e979170e02e7 | 385 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:e979170e02e7 | 386 | errno = 0; |
ashleymills | 0:e979170e02e7 | 387 | #endif |
ashleymills | 0:e979170e02e7 | 388 | |
ashleymills | 0:e979170e02e7 | 389 | ret = SendData(ssl, data, sz); |
ashleymills | 0:e979170e02e7 | 390 | |
ashleymills | 0:e979170e02e7 | 391 | CYASSL_LEAVE("SSL_write()", ret); |
ashleymills | 0:e979170e02e7 | 392 | |
ashleymills | 0:e979170e02e7 | 393 | if (ret < 0) |
ashleymills | 0:e979170e02e7 | 394 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 395 | else |
ashleymills | 0:e979170e02e7 | 396 | return ret; |
ashleymills | 0:e979170e02e7 | 397 | } |
ashleymills | 0:e979170e02e7 | 398 | |
ashleymills | 0:e979170e02e7 | 399 | |
ashleymills | 0:e979170e02e7 | 400 | static int CyaSSL_read_internal(CYASSL* ssl, void* data, int sz, int peek) |
ashleymills | 0:e979170e02e7 | 401 | { |
ashleymills | 0:e979170e02e7 | 402 | int ret; |
ashleymills | 0:e979170e02e7 | 403 | |
ashleymills | 0:e979170e02e7 | 404 | CYASSL_ENTER("CyaSSL_read_internal()"); |
ashleymills | 0:e979170e02e7 | 405 | |
ashleymills | 0:e979170e02e7 | 406 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:e979170e02e7 | 407 | errno = 0; |
ashleymills | 0:e979170e02e7 | 408 | #endif |
ashleymills | 0:e979170e02e7 | 409 | |
ashleymills | 0:e979170e02e7 | 410 | ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek); |
ashleymills | 0:e979170e02e7 | 411 | |
ashleymills | 0:e979170e02e7 | 412 | CYASSL_LEAVE("CyaSSL_read_internal()", ret); |
ashleymills | 0:e979170e02e7 | 413 | |
ashleymills | 0:e979170e02e7 | 414 | if (ret < 0) |
ashleymills | 0:e979170e02e7 | 415 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 416 | else |
ashleymills | 0:e979170e02e7 | 417 | return ret; |
ashleymills | 0:e979170e02e7 | 418 | } |
ashleymills | 0:e979170e02e7 | 419 | |
ashleymills | 0:e979170e02e7 | 420 | |
ashleymills | 0:e979170e02e7 | 421 | int CyaSSL_peek(CYASSL* ssl, void* data, int sz) |
ashleymills | 0:e979170e02e7 | 422 | { |
ashleymills | 0:e979170e02e7 | 423 | CYASSL_ENTER("CyaSSL_peek()"); |
ashleymills | 0:e979170e02e7 | 424 | |
ashleymills | 0:e979170e02e7 | 425 | return CyaSSL_read_internal(ssl, data, sz, TRUE); |
ashleymills | 0:e979170e02e7 | 426 | } |
ashleymills | 0:e979170e02e7 | 427 | |
ashleymills | 0:e979170e02e7 | 428 | |
ashleymills | 0:e979170e02e7 | 429 | int CyaSSL_read(CYASSL* ssl, void* data, int sz) |
ashleymills | 0:e979170e02e7 | 430 | { |
ashleymills | 0:e979170e02e7 | 431 | CYASSL_ENTER("CyaSSL_read()"); |
ashleymills | 0:e979170e02e7 | 432 | |
ashleymills | 0:e979170e02e7 | 433 | return CyaSSL_read_internal(ssl, data, sz, FALSE); |
ashleymills | 0:e979170e02e7 | 434 | } |
ashleymills | 0:e979170e02e7 | 435 | |
ashleymills | 0:e979170e02e7 | 436 | |
ashleymills | 0:e979170e02e7 | 437 | #ifdef HAVE_CAVIUM |
ashleymills | 0:e979170e02e7 | 438 | |
ashleymills | 0:e979170e02e7 | 439 | int CyaSSL_UseCavium(CYASSL* ssl, int devId) |
ashleymills | 0:e979170e02e7 | 440 | { |
ashleymills | 0:e979170e02e7 | 441 | if (ssl == NULL) |
ashleymills | 0:e979170e02e7 | 442 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 443 | |
ashleymills | 0:e979170e02e7 | 444 | ssl->devId = devId; |
ashleymills | 0:e979170e02e7 | 445 | |
ashleymills | 0:e979170e02e7 | 446 | return 0; |
ashleymills | 0:e979170e02e7 | 447 | } |
ashleymills | 0:e979170e02e7 | 448 | |
ashleymills | 0:e979170e02e7 | 449 | |
ashleymills | 0:e979170e02e7 | 450 | int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId) |
ashleymills | 0:e979170e02e7 | 451 | { |
ashleymills | 0:e979170e02e7 | 452 | if (ctx == NULL) |
ashleymills | 0:e979170e02e7 | 453 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 454 | |
ashleymills | 0:e979170e02e7 | 455 | ctx->devId = devId; |
ashleymills | 0:e979170e02e7 | 456 | |
ashleymills | 0:e979170e02e7 | 457 | return 0; |
ashleymills | 0:e979170e02e7 | 458 | } |
ashleymills | 0:e979170e02e7 | 459 | |
ashleymills | 0:e979170e02e7 | 460 | |
ashleymills | 0:e979170e02e7 | 461 | #endif /* HAVE_CAVIUM */ |
ashleymills | 0:e979170e02e7 | 462 | |
ashleymills | 0:e979170e02e7 | 463 | |
ashleymills | 0:e979170e02e7 | 464 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:e979170e02e7 | 465 | int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags) |
ashleymills | 0:e979170e02e7 | 466 | { |
ashleymills | 0:e979170e02e7 | 467 | int ret; |
ashleymills | 0:e979170e02e7 | 468 | int oldFlags = ssl->wflags; |
ashleymills | 0:e979170e02e7 | 469 | |
ashleymills | 0:e979170e02e7 | 470 | CYASSL_ENTER("CyaSSL_send()"); |
ashleymills | 0:e979170e02e7 | 471 | |
ashleymills | 0:e979170e02e7 | 472 | ssl->wflags = flags; |
ashleymills | 0:e979170e02e7 | 473 | ret = CyaSSL_write(ssl, data, sz); |
ashleymills | 0:e979170e02e7 | 474 | ssl->wflags = oldFlags; |
ashleymills | 0:e979170e02e7 | 475 | |
ashleymills | 0:e979170e02e7 | 476 | CYASSL_LEAVE("CyaSSL_send()", ret); |
ashleymills | 0:e979170e02e7 | 477 | |
ashleymills | 0:e979170e02e7 | 478 | return ret; |
ashleymills | 0:e979170e02e7 | 479 | } |
ashleymills | 0:e979170e02e7 | 480 | |
ashleymills | 0:e979170e02e7 | 481 | |
ashleymills | 0:e979170e02e7 | 482 | int CyaSSL_recv(CYASSL* ssl, void* data, int sz, int flags) |
ashleymills | 0:e979170e02e7 | 483 | { |
ashleymills | 0:e979170e02e7 | 484 | int ret; |
ashleymills | 0:e979170e02e7 | 485 | int oldFlags = ssl->rflags; |
ashleymills | 0:e979170e02e7 | 486 | |
ashleymills | 0:e979170e02e7 | 487 | CYASSL_ENTER("CyaSSL_recv()"); |
ashleymills | 0:e979170e02e7 | 488 | |
ashleymills | 0:e979170e02e7 | 489 | ssl->rflags = flags; |
ashleymills | 0:e979170e02e7 | 490 | ret = CyaSSL_read(ssl, data, sz); |
ashleymills | 0:e979170e02e7 | 491 | ssl->rflags = oldFlags; |
ashleymills | 0:e979170e02e7 | 492 | |
ashleymills | 0:e979170e02e7 | 493 | CYASSL_LEAVE("CyaSSL_recv()", ret); |
ashleymills | 0:e979170e02e7 | 494 | |
ashleymills | 0:e979170e02e7 | 495 | return ret; |
ashleymills | 0:e979170e02e7 | 496 | } |
ashleymills | 0:e979170e02e7 | 497 | #endif |
ashleymills | 0:e979170e02e7 | 498 | |
ashleymills | 0:e979170e02e7 | 499 | int CyaSSL_shutdown(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 500 | { |
ashleymills | 0:e979170e02e7 | 501 | CYASSL_ENTER("SSL_shutdown()"); |
ashleymills | 0:e979170e02e7 | 502 | |
ashleymills | 0:e979170e02e7 | 503 | if (ssl->options.quietShutdown) { |
ashleymills | 0:e979170e02e7 | 504 | CYASSL_MSG("quiet shutdown, no close notify sent"); |
ashleymills | 0:e979170e02e7 | 505 | return 0; |
ashleymills | 0:e979170e02e7 | 506 | } |
ashleymills | 0:e979170e02e7 | 507 | |
ashleymills | 0:e979170e02e7 | 508 | /* try to send close notify, not an error if can't */ |
ashleymills | 0:e979170e02e7 | 509 | if (!ssl->options.isClosed && !ssl->options.connReset && |
ashleymills | 0:e979170e02e7 | 510 | !ssl->options.sentNotify) { |
ashleymills | 0:e979170e02e7 | 511 | ssl->error = SendAlert(ssl, alert_warning, close_notify); |
ashleymills | 0:e979170e02e7 | 512 | if (ssl->error < 0) { |
ashleymills | 0:e979170e02e7 | 513 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 514 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 515 | } |
ashleymills | 0:e979170e02e7 | 516 | ssl->options.sentNotify = 1; /* don't send close_notify twice */ |
ashleymills | 0:e979170e02e7 | 517 | } |
ashleymills | 0:e979170e02e7 | 518 | |
ashleymills | 0:e979170e02e7 | 519 | CYASSL_LEAVE("SSL_shutdown()", ssl->error); |
ashleymills | 0:e979170e02e7 | 520 | |
ashleymills | 0:e979170e02e7 | 521 | ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */ |
ashleymills | 0:e979170e02e7 | 522 | |
ashleymills | 0:e979170e02e7 | 523 | return 0; |
ashleymills | 0:e979170e02e7 | 524 | } |
ashleymills | 0:e979170e02e7 | 525 | |
ashleymills | 0:e979170e02e7 | 526 | |
ashleymills | 0:e979170e02e7 | 527 | int CyaSSL_get_error(CYASSL* ssl, int ret) |
ashleymills | 0:e979170e02e7 | 528 | { |
ashleymills | 0:e979170e02e7 | 529 | CYASSL_ENTER("SSL_get_error"); |
ashleymills | 0:e979170e02e7 | 530 | CYASSL_LEAVE("SSL_get_error", ssl->error); |
ashleymills | 0:e979170e02e7 | 531 | if (ret > 0) |
ashleymills | 0:e979170e02e7 | 532 | return SSL_ERROR_NONE; |
ashleymills | 0:e979170e02e7 | 533 | |
ashleymills | 0:e979170e02e7 | 534 | /* make sure converted types are handled in SetErrorString() too */ |
ashleymills | 0:e979170e02e7 | 535 | if (ssl->error == WANT_READ) |
ashleymills | 0:e979170e02e7 | 536 | return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */ |
ashleymills | 0:e979170e02e7 | 537 | else if (ssl->error == WANT_WRITE) |
ashleymills | 0:e979170e02e7 | 538 | return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */ |
ashleymills | 0:e979170e02e7 | 539 | else if (ssl->error == ZERO_RETURN) |
ashleymills | 0:e979170e02e7 | 540 | return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */ |
ashleymills | 0:e979170e02e7 | 541 | return ssl->error; |
ashleymills | 0:e979170e02e7 | 542 | } |
ashleymills | 0:e979170e02e7 | 543 | |
ashleymills | 0:e979170e02e7 | 544 | |
ashleymills | 0:e979170e02e7 | 545 | int CyaSSL_want_read(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 546 | { |
ashleymills | 0:e979170e02e7 | 547 | CYASSL_ENTER("SSL_want_read"); |
ashleymills | 0:e979170e02e7 | 548 | if (ssl->error == WANT_READ) |
ashleymills | 0:e979170e02e7 | 549 | return 1; |
ashleymills | 0:e979170e02e7 | 550 | |
ashleymills | 0:e979170e02e7 | 551 | return 0; |
ashleymills | 0:e979170e02e7 | 552 | } |
ashleymills | 0:e979170e02e7 | 553 | |
ashleymills | 0:e979170e02e7 | 554 | |
ashleymills | 0:e979170e02e7 | 555 | int CyaSSL_want_write(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 556 | { |
ashleymills | 0:e979170e02e7 | 557 | CYASSL_ENTER("SSL_want_write"); |
ashleymills | 0:e979170e02e7 | 558 | if (ssl->error == WANT_WRITE) |
ashleymills | 0:e979170e02e7 | 559 | return 1; |
ashleymills | 0:e979170e02e7 | 560 | |
ashleymills | 0:e979170e02e7 | 561 | return 0; |
ashleymills | 0:e979170e02e7 | 562 | } |
ashleymills | 0:e979170e02e7 | 563 | |
ashleymills | 0:e979170e02e7 | 564 | |
ashleymills | 0:e979170e02e7 | 565 | char* CyaSSL_ERR_error_string(unsigned long errNumber, char* data) |
ashleymills | 0:e979170e02e7 | 566 | { |
ashleymills | 0:e979170e02e7 | 567 | static const char* msg = "Please supply a buffer for error string"; |
ashleymills | 0:e979170e02e7 | 568 | |
ashleymills | 0:e979170e02e7 | 569 | CYASSL_ENTER("ERR_error_string"); |
ashleymills | 0:e979170e02e7 | 570 | if (data) { |
ashleymills | 0:e979170e02e7 | 571 | SetErrorString((int)errNumber, data); |
ashleymills | 0:e979170e02e7 | 572 | return data; |
ashleymills | 0:e979170e02e7 | 573 | } |
ashleymills | 0:e979170e02e7 | 574 | |
ashleymills | 0:e979170e02e7 | 575 | return (char*)msg; |
ashleymills | 0:e979170e02e7 | 576 | } |
ashleymills | 0:e979170e02e7 | 577 | |
ashleymills | 0:e979170e02e7 | 578 | |
ashleymills | 0:e979170e02e7 | 579 | void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len) |
ashleymills | 0:e979170e02e7 | 580 | { |
ashleymills | 0:e979170e02e7 | 581 | CYASSL_ENTER("CyaSSL_ERR_error_string_n"); |
ashleymills | 0:e979170e02e7 | 582 | if (len) CyaSSL_ERR_error_string(e, buf); |
ashleymills | 0:e979170e02e7 | 583 | } |
ashleymills | 0:e979170e02e7 | 584 | |
ashleymills | 0:e979170e02e7 | 585 | |
ashleymills | 0:e979170e02e7 | 586 | /* don't free temporary arrays at end of handshake */ |
ashleymills | 0:e979170e02e7 | 587 | void CyaSSL_KeepArrays(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 588 | { |
ashleymills | 0:e979170e02e7 | 589 | if (ssl) |
ashleymills | 0:e979170e02e7 | 590 | ssl->options.saveArrays = 1; |
ashleymills | 0:e979170e02e7 | 591 | } |
ashleymills | 0:e979170e02e7 | 592 | |
ashleymills | 0:e979170e02e7 | 593 | |
ashleymills | 0:e979170e02e7 | 594 | /* user doesn't need temporary arrays anymore, Free */ |
ashleymills | 0:e979170e02e7 | 595 | void CyaSSL_FreeArrays(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 596 | { |
ashleymills | 0:e979170e02e7 | 597 | if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) { |
ashleymills | 0:e979170e02e7 | 598 | ssl->options.saveArrays = 0; |
ashleymills | 0:e979170e02e7 | 599 | FreeArrays(ssl, 1); |
ashleymills | 0:e979170e02e7 | 600 | } |
ashleymills | 0:e979170e02e7 | 601 | } |
ashleymills | 0:e979170e02e7 | 602 | |
ashleymills | 0:e979170e02e7 | 603 | |
ashleymills | 0:e979170e02e7 | 604 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 605 | |
ashleymills | 0:e979170e02e7 | 606 | CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void) |
ashleymills | 0:e979170e02e7 | 607 | { |
ashleymills | 0:e979170e02e7 | 608 | CYASSL_CERT_MANAGER* cm = NULL; |
ashleymills | 0:e979170e02e7 | 609 | |
ashleymills | 0:e979170e02e7 | 610 | CYASSL_ENTER("CyaSSL_CertManagerNew"); |
ashleymills | 0:e979170e02e7 | 611 | |
ashleymills | 0:e979170e02e7 | 612 | cm = (CYASSL_CERT_MANAGER*) XMALLOC(sizeof(CYASSL_CERT_MANAGER), 0, |
ashleymills | 0:e979170e02e7 | 613 | DYNAMIC_TYPE_CERT_MANAGER); |
ashleymills | 0:e979170e02e7 | 614 | if (cm) { |
ashleymills | 0:e979170e02e7 | 615 | cm->caList = NULL; |
ashleymills | 0:e979170e02e7 | 616 | cm->heap = NULL; |
ashleymills | 0:e979170e02e7 | 617 | cm->caCacheCallback = NULL; |
ashleymills | 0:e979170e02e7 | 618 | cm->crl = NULL; |
ashleymills | 0:e979170e02e7 | 619 | cm->crlEnabled = 0; |
ashleymills | 0:e979170e02e7 | 620 | cm->crlCheckAll = 0; |
ashleymills | 0:e979170e02e7 | 621 | cm->cbMissingCRL = NULL; |
ashleymills | 0:e979170e02e7 | 622 | |
ashleymills | 0:e979170e02e7 | 623 | if (InitMutex(&cm->caLock) != 0) { |
ashleymills | 0:e979170e02e7 | 624 | CYASSL_MSG("Bad mutex init"); |
ashleymills | 0:e979170e02e7 | 625 | CyaSSL_CertManagerFree(cm); |
ashleymills | 0:e979170e02e7 | 626 | return NULL; |
ashleymills | 0:e979170e02e7 | 627 | } |
ashleymills | 0:e979170e02e7 | 628 | } |
ashleymills | 0:e979170e02e7 | 629 | |
ashleymills | 0:e979170e02e7 | 630 | return cm; |
ashleymills | 0:e979170e02e7 | 631 | } |
ashleymills | 0:e979170e02e7 | 632 | |
ashleymills | 0:e979170e02e7 | 633 | |
ashleymills | 0:e979170e02e7 | 634 | void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm) |
ashleymills | 0:e979170e02e7 | 635 | { |
ashleymills | 0:e979170e02e7 | 636 | CYASSL_ENTER("CyaSSL_CertManagerFree"); |
ashleymills | 0:e979170e02e7 | 637 | |
ashleymills | 0:e979170e02e7 | 638 | if (cm) { |
ashleymills | 0:e979170e02e7 | 639 | #ifdef HAVE_CRL |
ashleymills | 0:e979170e02e7 | 640 | if (cm->crl) |
ashleymills | 0:e979170e02e7 | 641 | FreeCRL(cm->crl, 1); |
ashleymills | 0:e979170e02e7 | 642 | #endif |
ashleymills | 0:e979170e02e7 | 643 | FreeSigners(cm->caList, NULL); |
ashleymills | 0:e979170e02e7 | 644 | FreeMutex(&cm->caLock); |
ashleymills | 0:e979170e02e7 | 645 | XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER); |
ashleymills | 0:e979170e02e7 | 646 | } |
ashleymills | 0:e979170e02e7 | 647 | |
ashleymills | 0:e979170e02e7 | 648 | } |
ashleymills | 0:e979170e02e7 | 649 | |
ashleymills | 0:e979170e02e7 | 650 | #endif /* !NO_CERTS */ |
ashleymills | 0:e979170e02e7 | 651 | |
ashleymills | 0:e979170e02e7 | 652 | |
ashleymills | 0:e979170e02e7 | 653 | |
ashleymills | 0:e979170e02e7 | 654 | #ifndef NO_FILESYSTEM |
ashleymills | 0:e979170e02e7 | 655 | |
ashleymills | 0:e979170e02e7 | 656 | void CyaSSL_ERR_print_errors_fp(FILE* fp, int err) |
ashleymills | 0:e979170e02e7 | 657 | { |
ashleymills | 0:e979170e02e7 | 658 | char data[MAX_ERROR_SZ + 1]; |
ashleymills | 0:e979170e02e7 | 659 | |
ashleymills | 0:e979170e02e7 | 660 | CYASSL_ENTER("CyaSSL_ERR_print_errors_fp"); |
ashleymills | 0:e979170e02e7 | 661 | SetErrorString(err, data); |
ashleymills | 0:e979170e02e7 | 662 | fprintf(fp, "%s", data); |
ashleymills | 0:e979170e02e7 | 663 | } |
ashleymills | 0:e979170e02e7 | 664 | |
ashleymills | 0:e979170e02e7 | 665 | #endif |
ashleymills | 0:e979170e02e7 | 666 | |
ashleymills | 0:e979170e02e7 | 667 | |
ashleymills | 0:e979170e02e7 | 668 | int CyaSSL_pending(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 669 | { |
ashleymills | 0:e979170e02e7 | 670 | CYASSL_ENTER("SSL_pending"); |
ashleymills | 0:e979170e02e7 | 671 | return ssl->buffers.clearOutputBuffer.length; |
ashleymills | 0:e979170e02e7 | 672 | } |
ashleymills | 0:e979170e02e7 | 673 | |
ashleymills | 0:e979170e02e7 | 674 | |
ashleymills | 0:e979170e02e7 | 675 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:e979170e02e7 | 676 | /* trun on handshake group messages for context */ |
ashleymills | 0:e979170e02e7 | 677 | int CyaSSL_CTX_set_group_messages(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 678 | { |
ashleymills | 0:e979170e02e7 | 679 | if (ctx == NULL) |
ashleymills | 0:e979170e02e7 | 680 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 681 | |
ashleymills | 0:e979170e02e7 | 682 | ctx->groupMessages = 1; |
ashleymills | 0:e979170e02e7 | 683 | |
ashleymills | 0:e979170e02e7 | 684 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 685 | } |
ashleymills | 0:e979170e02e7 | 686 | #endif |
ashleymills | 0:e979170e02e7 | 687 | |
ashleymills | 0:e979170e02e7 | 688 | |
ashleymills | 0:e979170e02e7 | 689 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:e979170e02e7 | 690 | /* connect enough to get peer cert chain */ |
ashleymills | 0:e979170e02e7 | 691 | int CyaSSL_connect_cert(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 692 | { |
ashleymills | 0:e979170e02e7 | 693 | int ret; |
ashleymills | 0:e979170e02e7 | 694 | |
ashleymills | 0:e979170e02e7 | 695 | if (ssl == NULL) |
ashleymills | 0:e979170e02e7 | 696 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 697 | |
ashleymills | 0:e979170e02e7 | 698 | ssl->options.certOnly = 1; |
ashleymills | 0:e979170e02e7 | 699 | ret = CyaSSL_connect(ssl); |
ashleymills | 0:e979170e02e7 | 700 | ssl->options.certOnly = 0; |
ashleymills | 0:e979170e02e7 | 701 | |
ashleymills | 0:e979170e02e7 | 702 | return ret; |
ashleymills | 0:e979170e02e7 | 703 | } |
ashleymills | 0:e979170e02e7 | 704 | #endif |
ashleymills | 0:e979170e02e7 | 705 | |
ashleymills | 0:e979170e02e7 | 706 | |
ashleymills | 0:e979170e02e7 | 707 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:e979170e02e7 | 708 | /* trun on handshake group messages for ssl object */ |
ashleymills | 0:e979170e02e7 | 709 | int CyaSSL_set_group_messages(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 710 | { |
ashleymills | 0:e979170e02e7 | 711 | if (ssl == NULL) |
ashleymills | 0:e979170e02e7 | 712 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 713 | |
ashleymills | 0:e979170e02e7 | 714 | ssl->options.groupMessages = 1; |
ashleymills | 0:e979170e02e7 | 715 | |
ashleymills | 0:e979170e02e7 | 716 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 717 | } |
ashleymills | 0:e979170e02e7 | 718 | |
ashleymills | 0:e979170e02e7 | 719 | |
ashleymills | 0:e979170e02e7 | 720 | int CyaSSL_SetVersion(CYASSL* ssl, int version) |
ashleymills | 0:e979170e02e7 | 721 | { |
ashleymills | 0:e979170e02e7 | 722 | byte haveRSA = 1; |
ashleymills | 0:e979170e02e7 | 723 | byte havePSK = 0; |
ashleymills | 0:e979170e02e7 | 724 | |
ashleymills | 0:e979170e02e7 | 725 | CYASSL_ENTER("CyaSSL_SetVersion"); |
ashleymills | 0:e979170e02e7 | 726 | |
ashleymills | 0:e979170e02e7 | 727 | if (ssl == NULL) { |
ashleymills | 0:e979170e02e7 | 728 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:e979170e02e7 | 729 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 730 | } |
ashleymills | 0:e979170e02e7 | 731 | |
ashleymills | 0:e979170e02e7 | 732 | switch (version) { |
ashleymills | 0:e979170e02e7 | 733 | #ifndef NO_OLD_TLS |
ashleymills | 0:e979170e02e7 | 734 | case CYASSL_SSLV3: |
ashleymills | 0:e979170e02e7 | 735 | ssl->version = MakeSSLv3(); |
ashleymills | 0:e979170e02e7 | 736 | break; |
ashleymills | 0:e979170e02e7 | 737 | #endif |
ashleymills | 0:e979170e02e7 | 738 | |
ashleymills | 0:e979170e02e7 | 739 | #ifndef NO_TLS |
ashleymills | 0:e979170e02e7 | 740 | #ifndef NO_OLD_TLS |
ashleymills | 0:e979170e02e7 | 741 | case CYASSL_TLSV1: |
ashleymills | 0:e979170e02e7 | 742 | ssl->version = MakeTLSv1(); |
ashleymills | 0:e979170e02e7 | 743 | break; |
ashleymills | 0:e979170e02e7 | 744 | |
ashleymills | 0:e979170e02e7 | 745 | case CYASSL_TLSV1_1: |
ashleymills | 0:e979170e02e7 | 746 | ssl->version = MakeTLSv1_1(); |
ashleymills | 0:e979170e02e7 | 747 | break; |
ashleymills | 0:e979170e02e7 | 748 | #endif |
ashleymills | 0:e979170e02e7 | 749 | case CYASSL_TLSV1_2: |
ashleymills | 0:e979170e02e7 | 750 | ssl->version = MakeTLSv1_2(); |
ashleymills | 0:e979170e02e7 | 751 | break; |
ashleymills | 0:e979170e02e7 | 752 | #endif |
ashleymills | 0:e979170e02e7 | 753 | |
ashleymills | 0:e979170e02e7 | 754 | default: |
ashleymills | 0:e979170e02e7 | 755 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:e979170e02e7 | 756 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 757 | } |
ashleymills | 0:e979170e02e7 | 758 | |
ashleymills | 0:e979170e02e7 | 759 | #ifdef NO_RSA |
ashleymills | 0:e979170e02e7 | 760 | haveRSA = 0; |
ashleymills | 0:e979170e02e7 | 761 | #endif |
ashleymills | 0:e979170e02e7 | 762 | #ifndef NO_PSK |
ashleymills | 0:e979170e02e7 | 763 | havePSK = ssl->options.havePSK; |
ashleymills | 0:e979170e02e7 | 764 | #endif |
ashleymills | 0:e979170e02e7 | 765 | |
ashleymills | 0:e979170e02e7 | 766 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, |
ashleymills | 0:e979170e02e7 | 767 | ssl->options.haveNTRU, ssl->options.haveECDSAsig, |
ashleymills | 0:e979170e02e7 | 768 | ssl->options.haveStaticECC, ssl->options.side); |
ashleymills | 0:e979170e02e7 | 769 | |
ashleymills | 0:e979170e02e7 | 770 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 771 | } |
ashleymills | 0:e979170e02e7 | 772 | #endif |
ashleymills | 0:e979170e02e7 | 773 | |
ashleymills | 0:e979170e02e7 | 774 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 775 | |
ashleymills | 0:e979170e02e7 | 776 | /* does CA already exist on signer list */ |
ashleymills | 0:e979170e02e7 | 777 | int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash) |
ashleymills | 0:e979170e02e7 | 778 | { |
ashleymills | 0:e979170e02e7 | 779 | Signer* signers; |
ashleymills | 0:e979170e02e7 | 780 | int ret = 0; |
ashleymills | 0:e979170e02e7 | 781 | |
ashleymills | 0:e979170e02e7 | 782 | if (LockMutex(&cm->caLock) != 0) |
ashleymills | 0:e979170e02e7 | 783 | return ret; |
ashleymills | 0:e979170e02e7 | 784 | signers = cm->caList; |
ashleymills | 0:e979170e02e7 | 785 | while (signers) { |
ashleymills | 0:e979170e02e7 | 786 | if (XMEMCMP(hash, signers->hash, SHA_DIGEST_SIZE) == 0) { |
ashleymills | 0:e979170e02e7 | 787 | ret = 1; |
ashleymills | 0:e979170e02e7 | 788 | break; |
ashleymills | 0:e979170e02e7 | 789 | } |
ashleymills | 0:e979170e02e7 | 790 | signers = signers->next; |
ashleymills | 0:e979170e02e7 | 791 | } |
ashleymills | 0:e979170e02e7 | 792 | UnLockMutex(&cm->caLock); |
ashleymills | 0:e979170e02e7 | 793 | |
ashleymills | 0:e979170e02e7 | 794 | return ret; |
ashleymills | 0:e979170e02e7 | 795 | } |
ashleymills | 0:e979170e02e7 | 796 | |
ashleymills | 0:e979170e02e7 | 797 | |
ashleymills | 0:e979170e02e7 | 798 | /* return CA if found, otherwise NULL */ |
ashleymills | 0:e979170e02e7 | 799 | Signer* GetCA(void* vp, byte* hash) |
ashleymills | 0:e979170e02e7 | 800 | { |
ashleymills | 0:e979170e02e7 | 801 | CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp; |
ashleymills | 0:e979170e02e7 | 802 | Signer* ret = NULL; |
ashleymills | 0:e979170e02e7 | 803 | Signer* signers; |
ashleymills | 0:e979170e02e7 | 804 | |
ashleymills | 0:e979170e02e7 | 805 | if (cm == NULL) |
ashleymills | 0:e979170e02e7 | 806 | return NULL; |
ashleymills | 0:e979170e02e7 | 807 | |
ashleymills | 0:e979170e02e7 | 808 | signers = cm->caList; |
ashleymills | 0:e979170e02e7 | 809 | |
ashleymills | 0:e979170e02e7 | 810 | if (LockMutex(&cm->caLock) != 0) |
ashleymills | 0:e979170e02e7 | 811 | return ret; |
ashleymills | 0:e979170e02e7 | 812 | while (signers) { |
ashleymills | 0:e979170e02e7 | 813 | if (XMEMCMP(hash, signers->hash, SHA_DIGEST_SIZE) == 0) { |
ashleymills | 0:e979170e02e7 | 814 | ret = signers; |
ashleymills | 0:e979170e02e7 | 815 | break; |
ashleymills | 0:e979170e02e7 | 816 | } |
ashleymills | 0:e979170e02e7 | 817 | signers = signers->next; |
ashleymills | 0:e979170e02e7 | 818 | } |
ashleymills | 0:e979170e02e7 | 819 | UnLockMutex(&cm->caLock); |
ashleymills | 0:e979170e02e7 | 820 | |
ashleymills | 0:e979170e02e7 | 821 | return ret; |
ashleymills | 0:e979170e02e7 | 822 | } |
ashleymills | 0:e979170e02e7 | 823 | |
ashleymills | 0:e979170e02e7 | 824 | |
ashleymills | 0:e979170e02e7 | 825 | /* owns der, internal now uses too */ |
ashleymills | 0:e979170e02e7 | 826 | /* type flag ids from user or from chain received during verify |
ashleymills | 0:e979170e02e7 | 827 | don't allow chain ones to be added w/o isCA extension */ |
ashleymills | 0:e979170e02e7 | 828 | int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) |
ashleymills | 0:e979170e02e7 | 829 | { |
ashleymills | 0:e979170e02e7 | 830 | int ret; |
ashleymills | 0:e979170e02e7 | 831 | DecodedCert cert; |
ashleymills | 0:e979170e02e7 | 832 | Signer* signer = 0; |
ashleymills | 0:e979170e02e7 | 833 | |
ashleymills | 0:e979170e02e7 | 834 | CYASSL_MSG("Adding a CA"); |
ashleymills | 0:e979170e02e7 | 835 | InitDecodedCert(&cert, der.buffer, der.length, cm->heap); |
ashleymills | 0:e979170e02e7 | 836 | ret = ParseCert(&cert, CA_TYPE, verify, cm); |
ashleymills | 0:e979170e02e7 | 837 | CYASSL_MSG(" Parsed new CA"); |
ashleymills | 0:e979170e02e7 | 838 | |
ashleymills | 0:e979170e02e7 | 839 | if (ret == 0 && cert.isCA == 0 && type != CYASSL_USER_CA) { |
ashleymills | 0:e979170e02e7 | 840 | CYASSL_MSG(" Can't add as CA if not actually one"); |
ashleymills | 0:e979170e02e7 | 841 | ret = NOT_CA_ERROR; |
ashleymills | 0:e979170e02e7 | 842 | } |
ashleymills | 0:e979170e02e7 | 843 | else if (ret == 0 && AlreadySigner(cm, cert.subjectHash)) { |
ashleymills | 0:e979170e02e7 | 844 | CYASSL_MSG(" Already have this CA, not adding again"); |
ashleymills | 0:e979170e02e7 | 845 | (void)ret; |
ashleymills | 0:e979170e02e7 | 846 | } |
ashleymills | 0:e979170e02e7 | 847 | else if (ret == 0) { |
ashleymills | 0:e979170e02e7 | 848 | /* take over signer parts */ |
ashleymills | 0:e979170e02e7 | 849 | signer = MakeSigner(cm->heap); |
ashleymills | 0:e979170e02e7 | 850 | if (!signer) |
ashleymills | 0:e979170e02e7 | 851 | ret = MEMORY_ERROR; |
ashleymills | 0:e979170e02e7 | 852 | else { |
ashleymills | 0:e979170e02e7 | 853 | signer->keyOID = cert.keyOID; |
ashleymills | 0:e979170e02e7 | 854 | signer->publicKey = cert.publicKey; |
ashleymills | 0:e979170e02e7 | 855 | signer->pubKeySize = cert.pubKeySize; |
ashleymills | 0:e979170e02e7 | 856 | signer->name = cert.subjectCN; |
ashleymills | 0:e979170e02e7 | 857 | XMEMCPY(signer->hash, cert.subjectHash, SHA_DIGEST_SIZE); |
ashleymills | 0:e979170e02e7 | 858 | signer->next = NULL; /* in case lock fails */ |
ashleymills | 0:e979170e02e7 | 859 | |
ashleymills | 0:e979170e02e7 | 860 | cert.publicKey = 0; /* don't free here */ |
ashleymills | 0:e979170e02e7 | 861 | cert.subjectCN = 0; |
ashleymills | 0:e979170e02e7 | 862 | |
ashleymills | 0:e979170e02e7 | 863 | if (LockMutex(&cm->caLock) == 0) { |
ashleymills | 0:e979170e02e7 | 864 | signer->next = cm->caList; |
ashleymills | 0:e979170e02e7 | 865 | cm->caList = signer; /* takes ownership */ |
ashleymills | 0:e979170e02e7 | 866 | UnLockMutex(&cm->caLock); |
ashleymills | 0:e979170e02e7 | 867 | if (cm->caCacheCallback) |
ashleymills | 0:e979170e02e7 | 868 | cm->caCacheCallback(der.buffer, (int)der.length, type); |
ashleymills | 0:e979170e02e7 | 869 | } |
ashleymills | 0:e979170e02e7 | 870 | else { |
ashleymills | 0:e979170e02e7 | 871 | CYASSL_MSG(" CA Mutex Lock failed"); |
ashleymills | 0:e979170e02e7 | 872 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:e979170e02e7 | 873 | FreeSigners(signer, cm->heap); |
ashleymills | 0:e979170e02e7 | 874 | } |
ashleymills | 0:e979170e02e7 | 875 | } |
ashleymills | 0:e979170e02e7 | 876 | } |
ashleymills | 0:e979170e02e7 | 877 | |
ashleymills | 0:e979170e02e7 | 878 | CYASSL_MSG(" Freeing Parsed CA"); |
ashleymills | 0:e979170e02e7 | 879 | FreeDecodedCert(&cert); |
ashleymills | 0:e979170e02e7 | 880 | CYASSL_MSG(" Freeing der CA"); |
ashleymills | 0:e979170e02e7 | 881 | XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA); |
ashleymills | 0:e979170e02e7 | 882 | CYASSL_MSG(" OK Freeing der CA"); |
ashleymills | 0:e979170e02e7 | 883 | |
ashleymills | 0:e979170e02e7 | 884 | CYASSL_LEAVE("AddCA", ret); |
ashleymills | 0:e979170e02e7 | 885 | if (ret == 0) return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 886 | return ret; |
ashleymills | 0:e979170e02e7 | 887 | } |
ashleymills | 0:e979170e02e7 | 888 | |
ashleymills | 0:e979170e02e7 | 889 | #endif /* !NO_CERTS */ |
ashleymills | 0:e979170e02e7 | 890 | |
ashleymills | 0:e979170e02e7 | 891 | |
ashleymills | 0:e979170e02e7 | 892 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:e979170e02e7 | 893 | |
ashleymills | 0:e979170e02e7 | 894 | /* basic config gives a cache with 33 sessions, adequate for clients and |
ashleymills | 0:e979170e02e7 | 895 | embedded servers |
ashleymills | 0:e979170e02e7 | 896 | |
ashleymills | 0:e979170e02e7 | 897 | MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that |
ashleymills | 0:e979170e02e7 | 898 | aren't under heavy load, basically allows 200 new sessions per minute |
ashleymills | 0:e979170e02e7 | 899 | |
ashleymills | 0:e979170e02e7 | 900 | BIG_SESSION_CACHE yields 20,0027 sessions |
ashleymills | 0:e979170e02e7 | 901 | |
ashleymills | 0:e979170e02e7 | 902 | HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load, |
ashleymills | 0:e979170e02e7 | 903 | allows over 13,000 new sessions per minute or over 200 new sessions per |
ashleymills | 0:e979170e02e7 | 904 | second |
ashleymills | 0:e979170e02e7 | 905 | |
ashleymills | 0:e979170e02e7 | 906 | SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients |
ashleymills | 0:e979170e02e7 | 907 | or systems where the default of nearly 3kB is too much RAM, this define |
ashleymills | 0:e979170e02e7 | 908 | uses less than 500 bytes RAM |
ashleymills | 0:e979170e02e7 | 909 | */ |
ashleymills | 0:e979170e02e7 | 910 | #ifdef HUGE_SESSION_CACHE |
ashleymills | 0:e979170e02e7 | 911 | #define SESSIONS_PER_ROW 11 |
ashleymills | 0:e979170e02e7 | 912 | #define SESSION_ROWS 5981 |
ashleymills | 0:e979170e02e7 | 913 | #elif defined(BIG_SESSION_CACHE) |
ashleymills | 0:e979170e02e7 | 914 | #define SESSIONS_PER_ROW 7 |
ashleymills | 0:e979170e02e7 | 915 | #define SESSION_ROWS 2861 |
ashleymills | 0:e979170e02e7 | 916 | #elif defined(MEDIUM_SESSION_CACHE) |
ashleymills | 0:e979170e02e7 | 917 | #define SESSIONS_PER_ROW 5 |
ashleymills | 0:e979170e02e7 | 918 | #define SESSION_ROWS 211 |
ashleymills | 0:e979170e02e7 | 919 | #elif defined(SMALL_SESSION_CACHE) |
ashleymills | 0:e979170e02e7 | 920 | #define SESSIONS_PER_ROW 2 |
ashleymills | 0:e979170e02e7 | 921 | #define SESSION_ROWS 3 |
ashleymills | 0:e979170e02e7 | 922 | #else |
ashleymills | 0:e979170e02e7 | 923 | #define SESSIONS_PER_ROW 3 |
ashleymills | 0:e979170e02e7 | 924 | #define SESSION_ROWS 11 |
ashleymills | 0:e979170e02e7 | 925 | #endif |
ashleymills | 0:e979170e02e7 | 926 | |
ashleymills | 0:e979170e02e7 | 927 | typedef struct SessionRow { |
ashleymills | 0:e979170e02e7 | 928 | int nextIdx; /* where to place next one */ |
ashleymills | 0:e979170e02e7 | 929 | int totalCount; /* sessions ever on this row */ |
ashleymills | 0:e979170e02e7 | 930 | CYASSL_SESSION Sessions[SESSIONS_PER_ROW]; |
ashleymills | 0:e979170e02e7 | 931 | } SessionRow; |
ashleymills | 0:e979170e02e7 | 932 | |
ashleymills | 0:e979170e02e7 | 933 | static SessionRow SessionCache[SESSION_ROWS]; |
ashleymills | 0:e979170e02e7 | 934 | |
ashleymills | 0:e979170e02e7 | 935 | static CyaSSL_Mutex session_mutex; /* SessionCache mutex */ |
ashleymills | 0:e979170e02e7 | 936 | |
ashleymills | 0:e979170e02e7 | 937 | #endif /* NO_SESSION_CACHE */ |
ashleymills | 0:e979170e02e7 | 938 | |
ashleymills | 0:e979170e02e7 | 939 | |
ashleymills | 0:e979170e02e7 | 940 | int CyaSSL_Init(void) |
ashleymills | 0:e979170e02e7 | 941 | { |
ashleymills | 0:e979170e02e7 | 942 | int ret = 0; |
ashleymills | 0:e979170e02e7 | 943 | |
ashleymills | 0:e979170e02e7 | 944 | CYASSL_ENTER("CyaSSL_Init"); |
ashleymills | 0:e979170e02e7 | 945 | |
ashleymills | 0:e979170e02e7 | 946 | if (initRefCount == 0) { |
ashleymills | 0:e979170e02e7 | 947 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:e979170e02e7 | 948 | if (InitMutex(&session_mutex) != 0) |
ashleymills | 0:e979170e02e7 | 949 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:e979170e02e7 | 950 | #endif |
ashleymills | 0:e979170e02e7 | 951 | if (InitMutex(&count_mutex) != 0) |
ashleymills | 0:e979170e02e7 | 952 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:e979170e02e7 | 953 | } |
ashleymills | 0:e979170e02e7 | 954 | if (ret == 0) { |
ashleymills | 0:e979170e02e7 | 955 | LockMutex(&count_mutex); |
ashleymills | 0:e979170e02e7 | 956 | initRefCount++; |
ashleymills | 0:e979170e02e7 | 957 | UnLockMutex(&count_mutex); |
ashleymills | 0:e979170e02e7 | 958 | } |
ashleymills | 0:e979170e02e7 | 959 | |
ashleymills | 0:e979170e02e7 | 960 | return ret; |
ashleymills | 0:e979170e02e7 | 961 | } |
ashleymills | 0:e979170e02e7 | 962 | |
ashleymills | 0:e979170e02e7 | 963 | |
ashleymills | 0:e979170e02e7 | 964 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 965 | |
ashleymills | 0:e979170e02e7 | 966 | /* Remove PEM header/footer, convert to ASN1, store any encrypted data |
ashleymills | 0:e979170e02e7 | 967 | info->consumed tracks of PEM bytes consumed in case multiple parts */ |
ashleymills | 0:e979170e02e7 | 968 | int PemToDer(const unsigned char* buff, long longSz, int type, |
ashleymills | 0:e979170e02e7 | 969 | buffer* der, void* heap, EncryptedInfo* info, int* eccKey) |
ashleymills | 0:e979170e02e7 | 970 | { |
ashleymills | 0:e979170e02e7 | 971 | char header[PEM_LINE_LEN]; |
ashleymills | 0:e979170e02e7 | 972 | char footer[PEM_LINE_LEN]; |
ashleymills | 0:e979170e02e7 | 973 | char* headerEnd; |
ashleymills | 0:e979170e02e7 | 974 | char* footerEnd; |
ashleymills | 0:e979170e02e7 | 975 | char* consumedEnd; |
ashleymills | 0:e979170e02e7 | 976 | char* bufferEnd = (char*)(buff + longSz); |
ashleymills | 0:e979170e02e7 | 977 | long neededSz; |
ashleymills | 0:e979170e02e7 | 978 | int pkcs8 = 0; |
ashleymills | 0:e979170e02e7 | 979 | int pkcs8Enc = 0; |
ashleymills | 0:e979170e02e7 | 980 | int dynamicType = 0; |
ashleymills | 0:e979170e02e7 | 981 | int sz = (int)longSz; |
ashleymills | 0:e979170e02e7 | 982 | |
ashleymills | 0:e979170e02e7 | 983 | (void)heap; |
ashleymills | 0:e979170e02e7 | 984 | (void)dynamicType; |
ashleymills | 0:e979170e02e7 | 985 | |
ashleymills | 0:e979170e02e7 | 986 | if (type == CERT_TYPE || type == CA_TYPE) { |
ashleymills | 0:e979170e02e7 | 987 | XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header)); |
ashleymills | 0:e979170e02e7 | 988 | XSTRNCPY(footer, "-----END CERTIFICATE-----", sizeof(footer)); |
ashleymills | 0:e979170e02e7 | 989 | dynamicType = (type == CA_TYPE) ? DYNAMIC_TYPE_CA : |
ashleymills | 0:e979170e02e7 | 990 | DYNAMIC_TYPE_CERT; |
ashleymills | 0:e979170e02e7 | 991 | } else if (type == DH_PARAM_TYPE) { |
ashleymills | 0:e979170e02e7 | 992 | XSTRNCPY(header, "-----BEGIN DH PARAMETERS-----", sizeof(header)); |
ashleymills | 0:e979170e02e7 | 993 | XSTRNCPY(footer, "-----END DH PARAMETERS-----", sizeof(footer)); |
ashleymills | 0:e979170e02e7 | 994 | dynamicType = DYNAMIC_TYPE_KEY; |
ashleymills | 0:e979170e02e7 | 995 | } else if (type == CRL_TYPE) { |
ashleymills | 0:e979170e02e7 | 996 | XSTRNCPY(header, "-----BEGIN X509 CRL-----", sizeof(header)); |
ashleymills | 0:e979170e02e7 | 997 | XSTRNCPY(footer, "-----END X509 CRL-----", sizeof(footer)); |
ashleymills | 0:e979170e02e7 | 998 | dynamicType = DYNAMIC_TYPE_CRL; |
ashleymills | 0:e979170e02e7 | 999 | } else { |
ashleymills | 0:e979170e02e7 | 1000 | XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header)); |
ashleymills | 0:e979170e02e7 | 1001 | XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----", sizeof(footer)); |
ashleymills | 0:e979170e02e7 | 1002 | dynamicType = DYNAMIC_TYPE_KEY; |
ashleymills | 0:e979170e02e7 | 1003 | } |
ashleymills | 0:e979170e02e7 | 1004 | |
ashleymills | 0:e979170e02e7 | 1005 | /* find header */ |
ashleymills | 0:e979170e02e7 | 1006 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:e979170e02e7 | 1007 | if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be pkcs8 */ |
ashleymills | 0:e979170e02e7 | 1008 | XSTRNCPY(header, "-----BEGIN PRIVATE KEY-----", sizeof(header)); |
ashleymills | 0:e979170e02e7 | 1009 | XSTRNCPY(footer, "-----END PRIVATE KEY-----", sizeof(footer)); |
ashleymills | 0:e979170e02e7 | 1010 | |
ashleymills | 0:e979170e02e7 | 1011 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:e979170e02e7 | 1012 | if (headerEnd) |
ashleymills | 0:e979170e02e7 | 1013 | pkcs8 = 1; |
ashleymills | 0:e979170e02e7 | 1014 | else { |
ashleymills | 0:e979170e02e7 | 1015 | XSTRNCPY(header, "-----BEGIN ENCRYPTED PRIVATE KEY-----", |
ashleymills | 0:e979170e02e7 | 1016 | sizeof(header)); |
ashleymills | 0:e979170e02e7 | 1017 | XSTRNCPY(footer, "-----END ENCRYPTED PRIVATE KEY-----", |
ashleymills | 0:e979170e02e7 | 1018 | sizeof(footer)); |
ashleymills | 0:e979170e02e7 | 1019 | |
ashleymills | 0:e979170e02e7 | 1020 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:e979170e02e7 | 1021 | if (headerEnd) { |
ashleymills | 0:e979170e02e7 | 1022 | pkcs8Enc = 1; |
ashleymills | 0:e979170e02e7 | 1023 | (void)pkcs8Enc; /* only opensslextra will read */ |
ashleymills | 0:e979170e02e7 | 1024 | } |
ashleymills | 0:e979170e02e7 | 1025 | } |
ashleymills | 0:e979170e02e7 | 1026 | } |
ashleymills | 0:e979170e02e7 | 1027 | if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */ |
ashleymills | 0:e979170e02e7 | 1028 | XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----", sizeof(header)); |
ashleymills | 0:e979170e02e7 | 1029 | XSTRNCPY(footer, "-----END EC PRIVATE KEY-----", sizeof(footer)); |
ashleymills | 0:e979170e02e7 | 1030 | |
ashleymills | 0:e979170e02e7 | 1031 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:e979170e02e7 | 1032 | if (headerEnd) |
ashleymills | 0:e979170e02e7 | 1033 | *eccKey = 1; |
ashleymills | 0:e979170e02e7 | 1034 | } |
ashleymills | 0:e979170e02e7 | 1035 | if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be dsa */ |
ashleymills | 0:e979170e02e7 | 1036 | XSTRNCPY(header, "-----BEGIN DSA PRIVATE KEY-----", sizeof(header)); |
ashleymills | 0:e979170e02e7 | 1037 | XSTRNCPY(footer, "-----END DSA PRIVATE KEY-----", sizeof(footer)); |
ashleymills | 0:e979170e02e7 | 1038 | |
ashleymills | 0:e979170e02e7 | 1039 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:e979170e02e7 | 1040 | } |
ashleymills | 0:e979170e02e7 | 1041 | if (!headerEnd) { |
ashleymills | 0:e979170e02e7 | 1042 | CYASSL_MSG("Couldn't find PEM header"); |
ashleymills | 0:e979170e02e7 | 1043 | return SSL_NO_PEM_HEADER; |
ashleymills | 0:e979170e02e7 | 1044 | } |
ashleymills | 0:e979170e02e7 | 1045 | headerEnd += XSTRLEN(header); |
ashleymills | 0:e979170e02e7 | 1046 | |
ashleymills | 0:e979170e02e7 | 1047 | /* eat end of line */ |
ashleymills | 0:e979170e02e7 | 1048 | if (headerEnd[0] == '\n') |
ashleymills | 0:e979170e02e7 | 1049 | headerEnd++; |
ashleymills | 0:e979170e02e7 | 1050 | else if (headerEnd[1] == '\n') |
ashleymills | 0:e979170e02e7 | 1051 | headerEnd += 2; |
ashleymills | 0:e979170e02e7 | 1052 | else |
ashleymills | 0:e979170e02e7 | 1053 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1054 | |
ashleymills | 0:e979170e02e7 | 1055 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
ashleymills | 0:e979170e02e7 | 1056 | { |
ashleymills | 0:e979170e02e7 | 1057 | /* remove encrypted header if there */ |
ashleymills | 0:e979170e02e7 | 1058 | char encHeader[] = "Proc-Type"; |
ashleymills | 0:e979170e02e7 | 1059 | char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN); |
ashleymills | 0:e979170e02e7 | 1060 | if (line) { |
ashleymills | 0:e979170e02e7 | 1061 | char* newline; |
ashleymills | 0:e979170e02e7 | 1062 | char* finish; |
ashleymills | 0:e979170e02e7 | 1063 | char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN); |
ashleymills | 0:e979170e02e7 | 1064 | |
ashleymills | 0:e979170e02e7 | 1065 | if (!start) |
ashleymills | 0:e979170e02e7 | 1066 | start = XSTRNSTR(line, "AES", PEM_LINE_LEN); |
ashleymills | 0:e979170e02e7 | 1067 | |
ashleymills | 0:e979170e02e7 | 1068 | if (!start) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1069 | if (!info) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1070 | |
ashleymills | 0:e979170e02e7 | 1071 | finish = XSTRNSTR(start, ",", PEM_LINE_LEN); |
ashleymills | 0:e979170e02e7 | 1072 | |
ashleymills | 0:e979170e02e7 | 1073 | if (start && finish && (start < finish)) { |
ashleymills | 0:e979170e02e7 | 1074 | newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN); |
ashleymills | 0:e979170e02e7 | 1075 | |
ashleymills | 0:e979170e02e7 | 1076 | XMEMCPY(info->name, start, finish - start); |
ashleymills | 0:e979170e02e7 | 1077 | info->name[finish - start] = 0; |
ashleymills | 0:e979170e02e7 | 1078 | XMEMCPY(info->iv, finish + 1, sizeof(info->iv)); |
ashleymills | 0:e979170e02e7 | 1079 | |
ashleymills | 0:e979170e02e7 | 1080 | if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN); |
ashleymills | 0:e979170e02e7 | 1081 | if (newline && (newline > finish)) { |
ashleymills | 0:e979170e02e7 | 1082 | info->ivSz = (word32)(newline - (finish + 1)); |
ashleymills | 0:e979170e02e7 | 1083 | info->set = 1; |
ashleymills | 0:e979170e02e7 | 1084 | } |
ashleymills | 0:e979170e02e7 | 1085 | else |
ashleymills | 0:e979170e02e7 | 1086 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1087 | } |
ashleymills | 0:e979170e02e7 | 1088 | else |
ashleymills | 0:e979170e02e7 | 1089 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1090 | |
ashleymills | 0:e979170e02e7 | 1091 | /* eat blank line */ |
ashleymills | 0:e979170e02e7 | 1092 | while (*newline == '\r' || *newline == '\n') |
ashleymills | 0:e979170e02e7 | 1093 | newline++; |
ashleymills | 0:e979170e02e7 | 1094 | headerEnd = newline; |
ashleymills | 0:e979170e02e7 | 1095 | } |
ashleymills | 0:e979170e02e7 | 1096 | } |
ashleymills | 0:e979170e02e7 | 1097 | #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ |
ashleymills | 0:e979170e02e7 | 1098 | |
ashleymills | 0:e979170e02e7 | 1099 | /* find footer */ |
ashleymills | 0:e979170e02e7 | 1100 | footerEnd = XSTRNSTR((char*)buff, footer, sz); |
ashleymills | 0:e979170e02e7 | 1101 | if (!footerEnd) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1102 | |
ashleymills | 0:e979170e02e7 | 1103 | consumedEnd = footerEnd + XSTRLEN(footer); |
ashleymills | 0:e979170e02e7 | 1104 | |
ashleymills | 0:e979170e02e7 | 1105 | if (consumedEnd < bufferEnd) { /* handle no end of line on last line */ |
ashleymills | 0:e979170e02e7 | 1106 | /* eat end of line */ |
ashleymills | 0:e979170e02e7 | 1107 | if (consumedEnd[0] == '\n') |
ashleymills | 0:e979170e02e7 | 1108 | consumedEnd++; |
ashleymills | 0:e979170e02e7 | 1109 | else if (consumedEnd[1] == '\n') |
ashleymills | 0:e979170e02e7 | 1110 | consumedEnd += 2; |
ashleymills | 0:e979170e02e7 | 1111 | else |
ashleymills | 0:e979170e02e7 | 1112 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1113 | } |
ashleymills | 0:e979170e02e7 | 1114 | |
ashleymills | 0:e979170e02e7 | 1115 | if (info) |
ashleymills | 0:e979170e02e7 | 1116 | info->consumed = (long)(consumedEnd - (char*)buff); |
ashleymills | 0:e979170e02e7 | 1117 | |
ashleymills | 0:e979170e02e7 | 1118 | /* set up der buffer */ |
ashleymills | 0:e979170e02e7 | 1119 | neededSz = (long)(footerEnd - headerEnd); |
ashleymills | 0:e979170e02e7 | 1120 | if (neededSz > sz || neededSz < 0) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1121 | der->buffer = (byte*) XMALLOC(neededSz, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1122 | if (!der->buffer) return MEMORY_ERROR; |
ashleymills | 0:e979170e02e7 | 1123 | der->length = (word32)neededSz; |
ashleymills | 0:e979170e02e7 | 1124 | |
ashleymills | 0:e979170e02e7 | 1125 | if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer, |
ashleymills | 0:e979170e02e7 | 1126 | &der->length) < 0) |
ashleymills | 0:e979170e02e7 | 1127 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1128 | |
ashleymills | 0:e979170e02e7 | 1129 | if (pkcs8) |
ashleymills | 0:e979170e02e7 | 1130 | return ToTraditional(der->buffer, der->length); |
ashleymills | 0:e979170e02e7 | 1131 | |
ashleymills | 0:e979170e02e7 | 1132 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:e979170e02e7 | 1133 | if (pkcs8Enc) { |
ashleymills | 0:e979170e02e7 | 1134 | int passwordSz; |
ashleymills | 0:e979170e02e7 | 1135 | char password[80]; |
ashleymills | 0:e979170e02e7 | 1136 | |
ashleymills | 0:e979170e02e7 | 1137 | if (!info || !info->ctx || !info->ctx->passwd_cb) |
ashleymills | 0:e979170e02e7 | 1138 | return SSL_BAD_FILE; /* no callback error */ |
ashleymills | 0:e979170e02e7 | 1139 | passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0, |
ashleymills | 0:e979170e02e7 | 1140 | info->ctx->userdata); |
ashleymills | 0:e979170e02e7 | 1141 | return ToTraditionalEnc(der->buffer, der->length, password, |
ashleymills | 0:e979170e02e7 | 1142 | passwordSz); |
ashleymills | 0:e979170e02e7 | 1143 | } |
ashleymills | 0:e979170e02e7 | 1144 | #endif |
ashleymills | 0:e979170e02e7 | 1145 | |
ashleymills | 0:e979170e02e7 | 1146 | return 0; |
ashleymills | 0:e979170e02e7 | 1147 | } |
ashleymills | 0:e979170e02e7 | 1148 | |
ashleymills | 0:e979170e02e7 | 1149 | |
ashleymills | 0:e979170e02e7 | 1150 | /* process the buffer buff, legnth sz, into ctx of format and type |
ashleymills | 0:e979170e02e7 | 1151 | used tracks bytes consumed, userChain specifies a user cert chain |
ashleymills | 0:e979170e02e7 | 1152 | to pass during the handshake */ |
ashleymills | 0:e979170e02e7 | 1153 | static int ProcessBuffer(CYASSL_CTX* ctx, const unsigned char* buff, |
ashleymills | 0:e979170e02e7 | 1154 | long sz, int format, int type, CYASSL* ssl, |
ashleymills | 0:e979170e02e7 | 1155 | long* used, int userChain) |
ashleymills | 0:e979170e02e7 | 1156 | { |
ashleymills | 0:e979170e02e7 | 1157 | EncryptedInfo info; |
ashleymills | 0:e979170e02e7 | 1158 | buffer der; /* holds DER or RAW (for NTRU) */ |
ashleymills | 0:e979170e02e7 | 1159 | int ret; |
ashleymills | 0:e979170e02e7 | 1160 | int dynamicType = 0; |
ashleymills | 0:e979170e02e7 | 1161 | int eccKey = 0; |
ashleymills | 0:e979170e02e7 | 1162 | void* heap = ctx ? ctx->heap : NULL; |
ashleymills | 0:e979170e02e7 | 1163 | |
ashleymills | 0:e979170e02e7 | 1164 | info.set = 0; |
ashleymills | 0:e979170e02e7 | 1165 | info.ctx = ctx; |
ashleymills | 0:e979170e02e7 | 1166 | info.consumed = 0; |
ashleymills | 0:e979170e02e7 | 1167 | der.buffer = 0; |
ashleymills | 0:e979170e02e7 | 1168 | |
ashleymills | 0:e979170e02e7 | 1169 | (void)dynamicType; |
ashleymills | 0:e979170e02e7 | 1170 | |
ashleymills | 0:e979170e02e7 | 1171 | if (used) |
ashleymills | 0:e979170e02e7 | 1172 | *used = sz; /* used bytes default to sz, PEM chain may shorten*/ |
ashleymills | 0:e979170e02e7 | 1173 | |
ashleymills | 0:e979170e02e7 | 1174 | if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM |
ashleymills | 0:e979170e02e7 | 1175 | && format != SSL_FILETYPE_RAW) |
ashleymills | 0:e979170e02e7 | 1176 | return SSL_BAD_FILETYPE; |
ashleymills | 0:e979170e02e7 | 1177 | |
ashleymills | 0:e979170e02e7 | 1178 | if (type == CA_TYPE) |
ashleymills | 0:e979170e02e7 | 1179 | dynamicType = DYNAMIC_TYPE_CA; |
ashleymills | 0:e979170e02e7 | 1180 | else if (type == CERT_TYPE) |
ashleymills | 0:e979170e02e7 | 1181 | dynamicType = DYNAMIC_TYPE_CERT; |
ashleymills | 0:e979170e02e7 | 1182 | else |
ashleymills | 0:e979170e02e7 | 1183 | dynamicType = DYNAMIC_TYPE_KEY; |
ashleymills | 0:e979170e02e7 | 1184 | |
ashleymills | 0:e979170e02e7 | 1185 | if (format == SSL_FILETYPE_PEM) { |
ashleymills | 0:e979170e02e7 | 1186 | ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey); |
ashleymills | 0:e979170e02e7 | 1187 | if (ret < 0) { |
ashleymills | 0:e979170e02e7 | 1188 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1189 | return ret; |
ashleymills | 0:e979170e02e7 | 1190 | } |
ashleymills | 0:e979170e02e7 | 1191 | if (used) |
ashleymills | 0:e979170e02e7 | 1192 | *used = info.consumed; |
ashleymills | 0:e979170e02e7 | 1193 | /* we may have a user cert chain, try to consume */ |
ashleymills | 0:e979170e02e7 | 1194 | if (userChain && type == CERT_TYPE && info.consumed < sz) { |
ashleymills | 0:e979170e02e7 | 1195 | byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */ |
ashleymills | 0:e979170e02e7 | 1196 | byte* chainBuffer = staticBuffer; |
ashleymills | 0:e979170e02e7 | 1197 | int dynamicBuffer = 0; |
ashleymills | 0:e979170e02e7 | 1198 | word32 bufferSz = sizeof(staticBuffer); |
ashleymills | 0:e979170e02e7 | 1199 | long consumed = info.consumed; |
ashleymills | 0:e979170e02e7 | 1200 | word32 idx = 0; |
ashleymills | 0:e979170e02e7 | 1201 | int gotOne = 0; |
ashleymills | 0:e979170e02e7 | 1202 | |
ashleymills | 0:e979170e02e7 | 1203 | if ( (sz - consumed) > (int)bufferSz) { |
ashleymills | 0:e979170e02e7 | 1204 | CYASSL_MSG("Growing Tmp Chain Buffer"); |
ashleymills | 0:e979170e02e7 | 1205 | bufferSz = (word32)(sz - consumed); |
ashleymills | 0:e979170e02e7 | 1206 | /* will shrink to actual size */ |
ashleymills | 0:e979170e02e7 | 1207 | chainBuffer = (byte*)XMALLOC(bufferSz, heap, |
ashleymills | 0:e979170e02e7 | 1208 | DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 1209 | if (chainBuffer == NULL) { |
ashleymills | 0:e979170e02e7 | 1210 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1211 | return MEMORY_E; |
ashleymills | 0:e979170e02e7 | 1212 | } |
ashleymills | 0:e979170e02e7 | 1213 | dynamicBuffer = 1; |
ashleymills | 0:e979170e02e7 | 1214 | } |
ashleymills | 0:e979170e02e7 | 1215 | |
ashleymills | 0:e979170e02e7 | 1216 | CYASSL_MSG("Processing Cert Chain"); |
ashleymills | 0:e979170e02e7 | 1217 | while (consumed < sz) { |
ashleymills | 0:e979170e02e7 | 1218 | buffer part; |
ashleymills | 0:e979170e02e7 | 1219 | info.consumed = 0; |
ashleymills | 0:e979170e02e7 | 1220 | part.buffer = 0; |
ashleymills | 0:e979170e02e7 | 1221 | |
ashleymills | 0:e979170e02e7 | 1222 | ret = PemToDer(buff + consumed, sz - consumed, type, &part, |
ashleymills | 0:e979170e02e7 | 1223 | heap, &info, &eccKey); |
ashleymills | 0:e979170e02e7 | 1224 | if (ret == 0) { |
ashleymills | 0:e979170e02e7 | 1225 | gotOne = 1; |
ashleymills | 0:e979170e02e7 | 1226 | if ( (idx + part.length) > bufferSz) { |
ashleymills | 0:e979170e02e7 | 1227 | CYASSL_MSG(" Cert Chain bigger than buffer"); |
ashleymills | 0:e979170e02e7 | 1228 | ret = BUFFER_E; |
ashleymills | 0:e979170e02e7 | 1229 | } |
ashleymills | 0:e979170e02e7 | 1230 | else { |
ashleymills | 0:e979170e02e7 | 1231 | c32to24(part.length, &chainBuffer[idx]); |
ashleymills | 0:e979170e02e7 | 1232 | idx += CERT_HEADER_SZ; |
ashleymills | 0:e979170e02e7 | 1233 | XMEMCPY(&chainBuffer[idx], part.buffer,part.length); |
ashleymills | 0:e979170e02e7 | 1234 | idx += part.length; |
ashleymills | 0:e979170e02e7 | 1235 | consumed += info.consumed; |
ashleymills | 0:e979170e02e7 | 1236 | if (used) |
ashleymills | 0:e979170e02e7 | 1237 | *used += info.consumed; |
ashleymills | 0:e979170e02e7 | 1238 | } |
ashleymills | 0:e979170e02e7 | 1239 | } |
ashleymills | 0:e979170e02e7 | 1240 | |
ashleymills | 0:e979170e02e7 | 1241 | XFREE(part.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1242 | |
ashleymills | 0:e979170e02e7 | 1243 | if (ret == SSL_NO_PEM_HEADER && gotOne) { |
ashleymills | 0:e979170e02e7 | 1244 | CYASSL_MSG("We got one good PEM so stuff at end ok"); |
ashleymills | 0:e979170e02e7 | 1245 | break; |
ashleymills | 0:e979170e02e7 | 1246 | } |
ashleymills | 0:e979170e02e7 | 1247 | |
ashleymills | 0:e979170e02e7 | 1248 | if (ret < 0) { |
ashleymills | 0:e979170e02e7 | 1249 | CYASSL_MSG(" Error in Cert in Chain"); |
ashleymills | 0:e979170e02e7 | 1250 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1251 | return ret; |
ashleymills | 0:e979170e02e7 | 1252 | } |
ashleymills | 0:e979170e02e7 | 1253 | CYASSL_MSG(" Consumed another Cert in Chain"); |
ashleymills | 0:e979170e02e7 | 1254 | } |
ashleymills | 0:e979170e02e7 | 1255 | CYASSL_MSG("Finished Processing Cert Chain"); |
ashleymills | 0:e979170e02e7 | 1256 | |
ashleymills | 0:e979170e02e7 | 1257 | if (ctx == NULL) { |
ashleymills | 0:e979170e02e7 | 1258 | CYASSL_MSG("certChain needs context"); |
ashleymills | 0:e979170e02e7 | 1259 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1260 | } |
ashleymills | 0:e979170e02e7 | 1261 | ctx->certChain.buffer = (byte*)XMALLOC(idx, heap, |
ashleymills | 0:e979170e02e7 | 1262 | dynamicType); |
ashleymills | 0:e979170e02e7 | 1263 | if (ctx->certChain.buffer) { |
ashleymills | 0:e979170e02e7 | 1264 | ctx->certChain.length = idx; |
ashleymills | 0:e979170e02e7 | 1265 | XMEMCPY(ctx->certChain.buffer, chainBuffer, idx); |
ashleymills | 0:e979170e02e7 | 1266 | } |
ashleymills | 0:e979170e02e7 | 1267 | if (dynamicBuffer) |
ashleymills | 0:e979170e02e7 | 1268 | XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 1269 | if (ctx->certChain.buffer == NULL) { |
ashleymills | 0:e979170e02e7 | 1270 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1271 | return MEMORY_E; |
ashleymills | 0:e979170e02e7 | 1272 | } |
ashleymills | 0:e979170e02e7 | 1273 | } |
ashleymills | 0:e979170e02e7 | 1274 | } |
ashleymills | 0:e979170e02e7 | 1275 | else { /* ASN1 (DER) or RAW (NTRU) */ |
ashleymills | 0:e979170e02e7 | 1276 | der.buffer = (byte*) XMALLOC(sz, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1277 | if (!der.buffer) return MEMORY_ERROR; |
ashleymills | 0:e979170e02e7 | 1278 | XMEMCPY(der.buffer, buff, sz); |
ashleymills | 0:e979170e02e7 | 1279 | der.length = (word32)sz; |
ashleymills | 0:e979170e02e7 | 1280 | } |
ashleymills | 0:e979170e02e7 | 1281 | |
ashleymills | 0:e979170e02e7 | 1282 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
ashleymills | 0:e979170e02e7 | 1283 | if (info.set) { |
ashleymills | 0:e979170e02e7 | 1284 | /* decrypt */ |
ashleymills | 0:e979170e02e7 | 1285 | char password[80]; |
ashleymills | 0:e979170e02e7 | 1286 | int passwordSz; |
ashleymills | 0:e979170e02e7 | 1287 | |
ashleymills | 0:e979170e02e7 | 1288 | byte key[AES_256_KEY_SIZE]; |
ashleymills | 0:e979170e02e7 | 1289 | byte iv[AES_IV_SIZE]; |
ashleymills | 0:e979170e02e7 | 1290 | |
ashleymills | 0:e979170e02e7 | 1291 | if (!ctx || !ctx->passwd_cb) { |
ashleymills | 0:e979170e02e7 | 1292 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1293 | return NO_PASSWORD; |
ashleymills | 0:e979170e02e7 | 1294 | } |
ashleymills | 0:e979170e02e7 | 1295 | |
ashleymills | 0:e979170e02e7 | 1296 | /* use file's salt for key derivation, hex decode first */ |
ashleymills | 0:e979170e02e7 | 1297 | if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) { |
ashleymills | 0:e979170e02e7 | 1298 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1299 | return ASN_INPUT_E; |
ashleymills | 0:e979170e02e7 | 1300 | } |
ashleymills | 0:e979170e02e7 | 1301 | |
ashleymills | 0:e979170e02e7 | 1302 | passwordSz = ctx->passwd_cb(password, sizeof(password), 0, |
ashleymills | 0:e979170e02e7 | 1303 | ctx->userdata); |
ashleymills | 0:e979170e02e7 | 1304 | if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv, |
ashleymills | 0:e979170e02e7 | 1305 | (byte*)password, passwordSz, 1, key, iv)) <= 0) { |
ashleymills | 0:e979170e02e7 | 1306 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1307 | return ret; |
ashleymills | 0:e979170e02e7 | 1308 | } |
ashleymills | 0:e979170e02e7 | 1309 | |
ashleymills | 0:e979170e02e7 | 1310 | if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) { |
ashleymills | 0:e979170e02e7 | 1311 | Des enc; |
ashleymills | 0:e979170e02e7 | 1312 | Des_SetKey(&enc, key, info.iv, DES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 1313 | Des_CbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:e979170e02e7 | 1314 | } |
ashleymills | 0:e979170e02e7 | 1315 | else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) { |
ashleymills | 0:e979170e02e7 | 1316 | Des3 enc; |
ashleymills | 0:e979170e02e7 | 1317 | Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 1318 | Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:e979170e02e7 | 1319 | } |
ashleymills | 0:e979170e02e7 | 1320 | else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) { |
ashleymills | 0:e979170e02e7 | 1321 | Aes enc; |
ashleymills | 0:e979170e02e7 | 1322 | AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv, AES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 1323 | AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:e979170e02e7 | 1324 | } |
ashleymills | 0:e979170e02e7 | 1325 | else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) { |
ashleymills | 0:e979170e02e7 | 1326 | Aes enc; |
ashleymills | 0:e979170e02e7 | 1327 | AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv, AES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 1328 | AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:e979170e02e7 | 1329 | } |
ashleymills | 0:e979170e02e7 | 1330 | else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) { |
ashleymills | 0:e979170e02e7 | 1331 | Aes enc; |
ashleymills | 0:e979170e02e7 | 1332 | AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv, AES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 1333 | AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:e979170e02e7 | 1334 | } |
ashleymills | 0:e979170e02e7 | 1335 | else { |
ashleymills | 0:e979170e02e7 | 1336 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1337 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1338 | } |
ashleymills | 0:e979170e02e7 | 1339 | } |
ashleymills | 0:e979170e02e7 | 1340 | #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ |
ashleymills | 0:e979170e02e7 | 1341 | |
ashleymills | 0:e979170e02e7 | 1342 | if (type == CA_TYPE) { |
ashleymills | 0:e979170e02e7 | 1343 | if (ctx == NULL) { |
ashleymills | 0:e979170e02e7 | 1344 | CYASSL_MSG("Need context for CA load"); |
ashleymills | 0:e979170e02e7 | 1345 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1346 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1347 | } |
ashleymills | 0:e979170e02e7 | 1348 | return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer); |
ashleymills | 0:e979170e02e7 | 1349 | /* takes der over */ |
ashleymills | 0:e979170e02e7 | 1350 | } |
ashleymills | 0:e979170e02e7 | 1351 | else if (type == CERT_TYPE) { |
ashleymills | 0:e979170e02e7 | 1352 | if (ssl) { |
ashleymills | 0:e979170e02e7 | 1353 | if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer) |
ashleymills | 0:e979170e02e7 | 1354 | XFREE(ssl->buffers.certificate.buffer, heap, |
ashleymills | 0:e979170e02e7 | 1355 | dynamicType); |
ashleymills | 0:e979170e02e7 | 1356 | ssl->buffers.certificate = der; |
ashleymills | 0:e979170e02e7 | 1357 | ssl->buffers.weOwnCert = 1; |
ashleymills | 0:e979170e02e7 | 1358 | } |
ashleymills | 0:e979170e02e7 | 1359 | else if (ctx) { |
ashleymills | 0:e979170e02e7 | 1360 | if (ctx->certificate.buffer) |
ashleymills | 0:e979170e02e7 | 1361 | XFREE(ctx->certificate.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1362 | ctx->certificate = der; /* takes der over */ |
ashleymills | 0:e979170e02e7 | 1363 | } |
ashleymills | 0:e979170e02e7 | 1364 | } |
ashleymills | 0:e979170e02e7 | 1365 | else if (type == PRIVATEKEY_TYPE) { |
ashleymills | 0:e979170e02e7 | 1366 | if (ssl) { |
ashleymills | 0:e979170e02e7 | 1367 | if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer) |
ashleymills | 0:e979170e02e7 | 1368 | XFREE(ssl->buffers.key.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1369 | ssl->buffers.key = der; |
ashleymills | 0:e979170e02e7 | 1370 | ssl->buffers.weOwnKey = 1; |
ashleymills | 0:e979170e02e7 | 1371 | } |
ashleymills | 0:e979170e02e7 | 1372 | else if (ctx) { |
ashleymills | 0:e979170e02e7 | 1373 | if (ctx->privateKey.buffer) |
ashleymills | 0:e979170e02e7 | 1374 | XFREE(ctx->privateKey.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1375 | ctx->privateKey = der; /* takes der over */ |
ashleymills | 0:e979170e02e7 | 1376 | } |
ashleymills | 0:e979170e02e7 | 1377 | } |
ashleymills | 0:e979170e02e7 | 1378 | else { |
ashleymills | 0:e979170e02e7 | 1379 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:e979170e02e7 | 1380 | return SSL_BAD_CERTTYPE; |
ashleymills | 0:e979170e02e7 | 1381 | } |
ashleymills | 0:e979170e02e7 | 1382 | |
ashleymills | 0:e979170e02e7 | 1383 | if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) { |
ashleymills | 0:e979170e02e7 | 1384 | #ifndef NO_RSA |
ashleymills | 0:e979170e02e7 | 1385 | if (!eccKey) { |
ashleymills | 0:e979170e02e7 | 1386 | /* make sure RSA key can be used */ |
ashleymills | 0:e979170e02e7 | 1387 | RsaKey key; |
ashleymills | 0:e979170e02e7 | 1388 | word32 idx = 0; |
ashleymills | 0:e979170e02e7 | 1389 | |
ashleymills | 0:e979170e02e7 | 1390 | InitRsaKey(&key, 0); |
ashleymills | 0:e979170e02e7 | 1391 | if (RsaPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) { |
ashleymills | 0:e979170e02e7 | 1392 | #ifdef HAVE_ECC |
ashleymills | 0:e979170e02e7 | 1393 | /* could have DER ECC (or pkcs8 ecc), no easy way to tell */ |
ashleymills | 0:e979170e02e7 | 1394 | eccKey = 1; /* so try it out */ |
ashleymills | 0:e979170e02e7 | 1395 | #endif |
ashleymills | 0:e979170e02e7 | 1396 | if (!eccKey) { |
ashleymills | 0:e979170e02e7 | 1397 | FreeRsaKey(&key); |
ashleymills | 0:e979170e02e7 | 1398 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1399 | } |
ashleymills | 0:e979170e02e7 | 1400 | } |
ashleymills | 0:e979170e02e7 | 1401 | FreeRsaKey(&key); |
ashleymills | 0:e979170e02e7 | 1402 | } |
ashleymills | 0:e979170e02e7 | 1403 | #endif |
ashleymills | 0:e979170e02e7 | 1404 | #ifdef HAVE_ECC |
ashleymills | 0:e979170e02e7 | 1405 | if (eccKey ) { |
ashleymills | 0:e979170e02e7 | 1406 | /* make sure ECC key can be used */ |
ashleymills | 0:e979170e02e7 | 1407 | word32 idx = 0; |
ashleymills | 0:e979170e02e7 | 1408 | ecc_key key; |
ashleymills | 0:e979170e02e7 | 1409 | |
ashleymills | 0:e979170e02e7 | 1410 | ecc_init(&key); |
ashleymills | 0:e979170e02e7 | 1411 | if (EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) { |
ashleymills | 0:e979170e02e7 | 1412 | ecc_free(&key); |
ashleymills | 0:e979170e02e7 | 1413 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1414 | } |
ashleymills | 0:e979170e02e7 | 1415 | ecc_free(&key); |
ashleymills | 0:e979170e02e7 | 1416 | ctx->haveStaticECC = 1; |
ashleymills | 0:e979170e02e7 | 1417 | if (ssl) |
ashleymills | 0:e979170e02e7 | 1418 | ssl->options.haveStaticECC = 1; |
ashleymills | 0:e979170e02e7 | 1419 | } |
ashleymills | 0:e979170e02e7 | 1420 | #endif /* HAVE_ECC */ |
ashleymills | 0:e979170e02e7 | 1421 | } |
ashleymills | 0:e979170e02e7 | 1422 | else if (type == CERT_TYPE) { |
ashleymills | 0:e979170e02e7 | 1423 | DecodedCert cert; |
ashleymills | 0:e979170e02e7 | 1424 | |
ashleymills | 0:e979170e02e7 | 1425 | CYASSL_MSG("Checking cert signature type"); |
ashleymills | 0:e979170e02e7 | 1426 | InitDecodedCert(&cert, der.buffer, der.length, heap); |
ashleymills | 0:e979170e02e7 | 1427 | |
ashleymills | 0:e979170e02e7 | 1428 | if (DecodeToKey(&cert, 0) < 0) { |
ashleymills | 0:e979170e02e7 | 1429 | CYASSL_MSG("Decode to key failed"); |
ashleymills | 0:e979170e02e7 | 1430 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1431 | } |
ashleymills | 0:e979170e02e7 | 1432 | switch (cert.signatureOID) { |
ashleymills | 0:e979170e02e7 | 1433 | case CTC_SHAwECDSA: |
ashleymills | 0:e979170e02e7 | 1434 | case CTC_SHA256wECDSA: |
ashleymills | 0:e979170e02e7 | 1435 | case CTC_SHA384wECDSA: |
ashleymills | 0:e979170e02e7 | 1436 | case CTC_SHA512wECDSA: |
ashleymills | 0:e979170e02e7 | 1437 | CYASSL_MSG("ECDSA cert signature"); |
ashleymills | 0:e979170e02e7 | 1438 | if (ctx) |
ashleymills | 0:e979170e02e7 | 1439 | ctx->haveECDSAsig = 1; |
ashleymills | 0:e979170e02e7 | 1440 | if (ssl) |
ashleymills | 0:e979170e02e7 | 1441 | ssl->options.haveECDSAsig = 1; |
ashleymills | 0:e979170e02e7 | 1442 | break; |
ashleymills | 0:e979170e02e7 | 1443 | default: |
ashleymills | 0:e979170e02e7 | 1444 | CYASSL_MSG("Not ECDSA cert signature"); |
ashleymills | 0:e979170e02e7 | 1445 | break; |
ashleymills | 0:e979170e02e7 | 1446 | } |
ashleymills | 0:e979170e02e7 | 1447 | |
ashleymills | 0:e979170e02e7 | 1448 | FreeDecodedCert(&cert); |
ashleymills | 0:e979170e02e7 | 1449 | } |
ashleymills | 0:e979170e02e7 | 1450 | |
ashleymills | 0:e979170e02e7 | 1451 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 1452 | } |
ashleymills | 0:e979170e02e7 | 1453 | |
ashleymills | 0:e979170e02e7 | 1454 | |
ashleymills | 0:e979170e02e7 | 1455 | |
ashleymills | 0:e979170e02e7 | 1456 | |
ashleymills | 0:e979170e02e7 | 1457 | /* CA PEM file for verification, may have multiple/chain certs to process */ |
ashleymills | 0:e979170e02e7 | 1458 | static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff, |
ashleymills | 0:e979170e02e7 | 1459 | long sz, int format, int type, CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 1460 | { |
ashleymills | 0:e979170e02e7 | 1461 | long used = 0; |
ashleymills | 0:e979170e02e7 | 1462 | int ret = 0; |
ashleymills | 0:e979170e02e7 | 1463 | int gotOne = 0; |
ashleymills | 0:e979170e02e7 | 1464 | |
ashleymills | 0:e979170e02e7 | 1465 | CYASSL_MSG("Processing CA PEM file"); |
ashleymills | 0:e979170e02e7 | 1466 | while (used < sz) { |
ashleymills | 0:e979170e02e7 | 1467 | long consumed = 0; |
ashleymills | 0:e979170e02e7 | 1468 | |
ashleymills | 0:e979170e02e7 | 1469 | ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl, |
ashleymills | 0:e979170e02e7 | 1470 | &consumed, 0); |
ashleymills | 0:e979170e02e7 | 1471 | |
ashleymills | 0:e979170e02e7 | 1472 | if (ret == SSL_NO_PEM_HEADER && gotOne) { |
ashleymills | 0:e979170e02e7 | 1473 | CYASSL_MSG("We got one good PEM file so stuff at end ok"); |
ashleymills | 0:e979170e02e7 | 1474 | ret = SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 1475 | break; |
ashleymills | 0:e979170e02e7 | 1476 | } |
ashleymills | 0:e979170e02e7 | 1477 | |
ashleymills | 0:e979170e02e7 | 1478 | if (ret < 0) |
ashleymills | 0:e979170e02e7 | 1479 | break; |
ashleymills | 0:e979170e02e7 | 1480 | |
ashleymills | 0:e979170e02e7 | 1481 | CYASSL_MSG(" Processed a CA"); |
ashleymills | 0:e979170e02e7 | 1482 | gotOne = 1; |
ashleymills | 0:e979170e02e7 | 1483 | used += consumed; |
ashleymills | 0:e979170e02e7 | 1484 | } |
ashleymills | 0:e979170e02e7 | 1485 | |
ashleymills | 0:e979170e02e7 | 1486 | return ret; |
ashleymills | 0:e979170e02e7 | 1487 | } |
ashleymills | 0:e979170e02e7 | 1488 | |
ashleymills | 0:e979170e02e7 | 1489 | |
ashleymills | 0:e979170e02e7 | 1490 | #ifndef NO_FILESYSTEM |
ashleymills | 0:e979170e02e7 | 1491 | |
ashleymills | 0:e979170e02e7 | 1492 | #if defined(EBSNET) |
ashleymills | 0:e979170e02e7 | 1493 | #define XFILE int |
ashleymills | 0:e979170e02e7 | 1494 | #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0); |
ashleymills | 0:e979170e02e7 | 1495 | #define XFSEEK vf_lseek |
ashleymills | 0:e979170e02e7 | 1496 | #define XFTELL vf_tell |
ashleymills | 0:e979170e02e7 | 1497 | #define XREWIND vf_rewind |
ashleymills | 0:e979170e02e7 | 1498 | #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT) |
ashleymills | 0:e979170e02e7 | 1499 | #define XFCLOSE vf_close |
ashleymills | 0:e979170e02e7 | 1500 | #define XSEEK_END VSEEK_END |
ashleymills | 0:e979170e02e7 | 1501 | #define XBADFILE -1 |
ashleymills | 0:e979170e02e7 | 1502 | #elif defined(LSR_FS) |
ashleymills | 0:e979170e02e7 | 1503 | #include <fs.h> |
ashleymills | 0:e979170e02e7 | 1504 | #define XFILE struct fs_file* |
ashleymills | 0:e979170e02e7 | 1505 | #define XFOPEN(NAME, MODE) fs_open((char*)NAME); |
ashleymills | 0:e979170e02e7 | 1506 | #define XFSEEK(F, O, W) (void)F |
ashleymills | 0:e979170e02e7 | 1507 | #define XFTELL(F) (F)->len |
ashleymills | 0:e979170e02e7 | 1508 | #define XREWIND(F) (void)F |
ashleymills | 0:e979170e02e7 | 1509 | #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT) |
ashleymills | 0:e979170e02e7 | 1510 | #define XFCLOSE fs_close |
ashleymills | 0:e979170e02e7 | 1511 | #define XSEEK_END 0 |
ashleymills | 0:e979170e02e7 | 1512 | #define XBADFILE NULL |
ashleymills | 0:e979170e02e7 | 1513 | #elif defined(FREESCALE_MQX) |
ashleymills | 0:e979170e02e7 | 1514 | #define XFILE MQX_FILE_PTR |
ashleymills | 0:e979170e02e7 | 1515 | #define XFOPEN fopen |
ashleymills | 0:e979170e02e7 | 1516 | #define XFSEEK fseek |
ashleymills | 0:e979170e02e7 | 1517 | #define XFTELL ftell |
ashleymills | 0:e979170e02e7 | 1518 | #define XREWIND(F) fseek(F, 0, IO_SEEK_SET) |
ashleymills | 0:e979170e02e7 | 1519 | #define XFREAD fread |
ashleymills | 0:e979170e02e7 | 1520 | #define XFCLOSE fclose |
ashleymills | 0:e979170e02e7 | 1521 | #define XSEEK_END IO_SEEK_END |
ashleymills | 0:e979170e02e7 | 1522 | #define XBADFILE NULL |
ashleymills | 0:e979170e02e7 | 1523 | #elif defined(MICRIUM) |
ashleymills | 0:e979170e02e7 | 1524 | #include <fs.h> |
ashleymills | 0:e979170e02e7 | 1525 | #define XFILE FS_FILE* |
ashleymills | 0:e979170e02e7 | 1526 | #define XFOPEN fs_fopen |
ashleymills | 0:e979170e02e7 | 1527 | #define XFSEEK fs_fseek |
ashleymills | 0:e979170e02e7 | 1528 | #define XFTELL fs_ftell |
ashleymills | 0:e979170e02e7 | 1529 | #define XREWIND fs_rewind |
ashleymills | 0:e979170e02e7 | 1530 | #define XFREAD fs_fread |
ashleymills | 0:e979170e02e7 | 1531 | #define XFCLOSE fs_fclose |
ashleymills | 0:e979170e02e7 | 1532 | #define XSEEK_END FS_SEEK_END |
ashleymills | 0:e979170e02e7 | 1533 | #define XBADFILE NULL |
ashleymills | 0:e979170e02e7 | 1534 | #else |
ashleymills | 0:e979170e02e7 | 1535 | /* stdio, default case */ |
ashleymills | 0:e979170e02e7 | 1536 | #define XFILE FILE* |
ashleymills | 0:e979170e02e7 | 1537 | #define XFOPEN fopen |
ashleymills | 0:e979170e02e7 | 1538 | #define XFSEEK fseek |
ashleymills | 0:e979170e02e7 | 1539 | #define XFTELL ftell |
ashleymills | 0:e979170e02e7 | 1540 | #define XREWIND rewind |
ashleymills | 0:e979170e02e7 | 1541 | #define XFREAD fread |
ashleymills | 0:e979170e02e7 | 1542 | #define XFCLOSE fclose |
ashleymills | 0:e979170e02e7 | 1543 | #define XSEEK_END SEEK_END |
ashleymills | 0:e979170e02e7 | 1544 | #define XBADFILE NULL |
ashleymills | 0:e979170e02e7 | 1545 | #endif |
ashleymills | 0:e979170e02e7 | 1546 | |
ashleymills | 0:e979170e02e7 | 1547 | |
ashleymills | 0:e979170e02e7 | 1548 | /* process a file with name fname into ctx of format and type |
ashleymills | 0:e979170e02e7 | 1549 | userChain specifies a user certificate chain to pass during handshake */ |
ashleymills | 0:e979170e02e7 | 1550 | int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type, |
ashleymills | 0:e979170e02e7 | 1551 | CYASSL* ssl, int userChain, CYASSL_CRL* crl) |
ashleymills | 0:e979170e02e7 | 1552 | { |
ashleymills | 0:e979170e02e7 | 1553 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:e979170e02e7 | 1554 | byte* myBuffer = staticBuffer; |
ashleymills | 0:e979170e02e7 | 1555 | int dynamic = 0; |
ashleymills | 0:e979170e02e7 | 1556 | int ret; |
ashleymills | 0:e979170e02e7 | 1557 | long sz = 0; |
ashleymills | 0:e979170e02e7 | 1558 | XFILE file; |
ashleymills | 0:e979170e02e7 | 1559 | void* heapHint = ctx ? ctx->heap : NULL; |
ashleymills | 0:e979170e02e7 | 1560 | |
ashleymills | 0:e979170e02e7 | 1561 | (void)crl; |
ashleymills | 0:e979170e02e7 | 1562 | (void)heapHint; |
ashleymills | 0:e979170e02e7 | 1563 | |
ashleymills | 0:e979170e02e7 | 1564 | if (fname == NULL) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1565 | |
ashleymills | 0:e979170e02e7 | 1566 | file = XFOPEN(fname, "rb"); |
ashleymills | 0:e979170e02e7 | 1567 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1568 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:e979170e02e7 | 1569 | sz = XFTELL(file); |
ashleymills | 0:e979170e02e7 | 1570 | XREWIND(file); |
ashleymills | 0:e979170e02e7 | 1571 | |
ashleymills | 0:e979170e02e7 | 1572 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:e979170e02e7 | 1573 | CYASSL_MSG("Getting dynamic buffer"); |
ashleymills | 0:e979170e02e7 | 1574 | myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 1575 | if (myBuffer == NULL) { |
ashleymills | 0:e979170e02e7 | 1576 | XFCLOSE(file); |
ashleymills | 0:e979170e02e7 | 1577 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1578 | } |
ashleymills | 0:e979170e02e7 | 1579 | dynamic = 1; |
ashleymills | 0:e979170e02e7 | 1580 | } |
ashleymills | 0:e979170e02e7 | 1581 | |
ashleymills | 0:e979170e02e7 | 1582 | if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) |
ashleymills | 0:e979170e02e7 | 1583 | ret = SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1584 | else { |
ashleymills | 0:e979170e02e7 | 1585 | if (type == CA_TYPE && format == SSL_FILETYPE_PEM) |
ashleymills | 0:e979170e02e7 | 1586 | ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl); |
ashleymills | 0:e979170e02e7 | 1587 | #ifdef HAVE_CRL |
ashleymills | 0:e979170e02e7 | 1588 | else if (type == CRL_TYPE) |
ashleymills | 0:e979170e02e7 | 1589 | ret = BufferLoadCRL(crl, myBuffer, sz, format); |
ashleymills | 0:e979170e02e7 | 1590 | #endif |
ashleymills | 0:e979170e02e7 | 1591 | else |
ashleymills | 0:e979170e02e7 | 1592 | ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL, |
ashleymills | 0:e979170e02e7 | 1593 | userChain); |
ashleymills | 0:e979170e02e7 | 1594 | } |
ashleymills | 0:e979170e02e7 | 1595 | |
ashleymills | 0:e979170e02e7 | 1596 | XFCLOSE(file); |
ashleymills | 0:e979170e02e7 | 1597 | if (dynamic) XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 1598 | |
ashleymills | 0:e979170e02e7 | 1599 | return ret; |
ashleymills | 0:e979170e02e7 | 1600 | } |
ashleymills | 0:e979170e02e7 | 1601 | |
ashleymills | 0:e979170e02e7 | 1602 | |
ashleymills | 0:e979170e02e7 | 1603 | /* loads file then loads each file in path, no c_rehash */ |
ashleymills | 0:e979170e02e7 | 1604 | int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file, |
ashleymills | 0:e979170e02e7 | 1605 | const char* path) |
ashleymills | 0:e979170e02e7 | 1606 | { |
ashleymills | 0:e979170e02e7 | 1607 | int ret = SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 1608 | |
ashleymills | 0:e979170e02e7 | 1609 | CYASSL_ENTER("CyaSSL_CTX_load_verify_locations"); |
ashleymills | 0:e979170e02e7 | 1610 | (void)path; |
ashleymills | 0:e979170e02e7 | 1611 | |
ashleymills | 0:e979170e02e7 | 1612 | if (ctx == NULL || (file == NULL && path == NULL) ) |
ashleymills | 0:e979170e02e7 | 1613 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 1614 | |
ashleymills | 0:e979170e02e7 | 1615 | if (file) |
ashleymills | 0:e979170e02e7 | 1616 | ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL); |
ashleymills | 0:e979170e02e7 | 1617 | |
ashleymills | 0:e979170e02e7 | 1618 | if (ret == SSL_SUCCESS && path) { |
ashleymills | 0:e979170e02e7 | 1619 | /* try to load each regular file in path */ |
ashleymills | 0:e979170e02e7 | 1620 | #ifdef USE_WINDOWS_API |
ashleymills | 0:e979170e02e7 | 1621 | WIN32_FIND_DATAA FindFileData; |
ashleymills | 0:e979170e02e7 | 1622 | HANDLE hFind; |
ashleymills | 0:e979170e02e7 | 1623 | char name[MAX_FILENAME_SZ]; |
ashleymills | 0:e979170e02e7 | 1624 | |
ashleymills | 0:e979170e02e7 | 1625 | XMEMSET(name, 0, sizeof(name)); |
ashleymills | 0:e979170e02e7 | 1626 | XSTRNCPY(name, path, MAX_FILENAME_SZ - 4); |
ashleymills | 0:e979170e02e7 | 1627 | XSTRNCAT(name, "\\*", 3); |
ashleymills | 0:e979170e02e7 | 1628 | |
ashleymills | 0:e979170e02e7 | 1629 | hFind = FindFirstFileA(name, &FindFileData); |
ashleymills | 0:e979170e02e7 | 1630 | if (hFind == INVALID_HANDLE_VALUE) { |
ashleymills | 0:e979170e02e7 | 1631 | CYASSL_MSG("FindFirstFile for path verify locations failed"); |
ashleymills | 0:e979170e02e7 | 1632 | return BAD_PATH_ERROR; |
ashleymills | 0:e979170e02e7 | 1633 | } |
ashleymills | 0:e979170e02e7 | 1634 | |
ashleymills | 0:e979170e02e7 | 1635 | do { |
ashleymills | 0:e979170e02e7 | 1636 | if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) { |
ashleymills | 0:e979170e02e7 | 1637 | XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3); |
ashleymills | 0:e979170e02e7 | 1638 | XSTRNCAT(name, "\\", 2); |
ashleymills | 0:e979170e02e7 | 1639 | XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2); |
ashleymills | 0:e979170e02e7 | 1640 | |
ashleymills | 0:e979170e02e7 | 1641 | ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0, |
ashleymills | 0:e979170e02e7 | 1642 | NULL); |
ashleymills | 0:e979170e02e7 | 1643 | } |
ashleymills | 0:e979170e02e7 | 1644 | } while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData)); |
ashleymills | 0:e979170e02e7 | 1645 | |
ashleymills | 0:e979170e02e7 | 1646 | FindClose(hFind); |
ashleymills | 0:e979170e02e7 | 1647 | #elif !defined(NO_CYASSL_DIR) |
ashleymills | 0:e979170e02e7 | 1648 | struct dirent* entry; |
ashleymills | 0:e979170e02e7 | 1649 | DIR* dir = opendir(path); |
ashleymills | 0:e979170e02e7 | 1650 | |
ashleymills | 0:e979170e02e7 | 1651 | if (dir == NULL) { |
ashleymills | 0:e979170e02e7 | 1652 | CYASSL_MSG("opendir path verify locations failed"); |
ashleymills | 0:e979170e02e7 | 1653 | return BAD_PATH_ERROR; |
ashleymills | 0:e979170e02e7 | 1654 | } |
ashleymills | 0:e979170e02e7 | 1655 | while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) { |
ashleymills | 0:e979170e02e7 | 1656 | if (entry->d_type & DT_REG) { |
ashleymills | 0:e979170e02e7 | 1657 | char name[MAX_FILENAME_SZ]; |
ashleymills | 0:e979170e02e7 | 1658 | |
ashleymills | 0:e979170e02e7 | 1659 | XMEMSET(name, 0, sizeof(name)); |
ashleymills | 0:e979170e02e7 | 1660 | XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2); |
ashleymills | 0:e979170e02e7 | 1661 | XSTRNCAT(name, "/", 1); |
ashleymills | 0:e979170e02e7 | 1662 | XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2); |
ashleymills | 0:e979170e02e7 | 1663 | |
ashleymills | 0:e979170e02e7 | 1664 | ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0, |
ashleymills | 0:e979170e02e7 | 1665 | NULL); |
ashleymills | 0:e979170e02e7 | 1666 | } |
ashleymills | 0:e979170e02e7 | 1667 | } |
ashleymills | 0:e979170e02e7 | 1668 | closedir(dir); |
ashleymills | 0:e979170e02e7 | 1669 | #endif |
ashleymills | 0:e979170e02e7 | 1670 | } |
ashleymills | 0:e979170e02e7 | 1671 | |
ashleymills | 0:e979170e02e7 | 1672 | return ret; |
ashleymills | 0:e979170e02e7 | 1673 | } |
ashleymills | 0:e979170e02e7 | 1674 | |
ashleymills | 0:e979170e02e7 | 1675 | |
ashleymills | 0:e979170e02e7 | 1676 | /* Verify the ceritficate, 1 for success, < 0 for error */ |
ashleymills | 0:e979170e02e7 | 1677 | int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff, |
ashleymills | 0:e979170e02e7 | 1678 | int sz, int format) |
ashleymills | 0:e979170e02e7 | 1679 | { |
ashleymills | 0:e979170e02e7 | 1680 | int ret = 0; |
ashleymills | 0:e979170e02e7 | 1681 | int eccKey = 0; /* not used */ |
ashleymills | 0:e979170e02e7 | 1682 | |
ashleymills | 0:e979170e02e7 | 1683 | DecodedCert cert; |
ashleymills | 0:e979170e02e7 | 1684 | buffer der; |
ashleymills | 0:e979170e02e7 | 1685 | |
ashleymills | 0:e979170e02e7 | 1686 | CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer"); |
ashleymills | 0:e979170e02e7 | 1687 | |
ashleymills | 0:e979170e02e7 | 1688 | der.buffer = NULL; |
ashleymills | 0:e979170e02e7 | 1689 | der.length = 0; |
ashleymills | 0:e979170e02e7 | 1690 | |
ashleymills | 0:e979170e02e7 | 1691 | if (format == SSL_FILETYPE_PEM) { |
ashleymills | 0:e979170e02e7 | 1692 | EncryptedInfo info; |
ashleymills | 0:e979170e02e7 | 1693 | |
ashleymills | 0:e979170e02e7 | 1694 | info.set = 0; |
ashleymills | 0:e979170e02e7 | 1695 | info.ctx = NULL; |
ashleymills | 0:e979170e02e7 | 1696 | info.consumed = 0; |
ashleymills | 0:e979170e02e7 | 1697 | ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey); |
ashleymills | 0:e979170e02e7 | 1698 | InitDecodedCert(&cert, der.buffer, der.length, cm->heap); |
ashleymills | 0:e979170e02e7 | 1699 | } |
ashleymills | 0:e979170e02e7 | 1700 | else |
ashleymills | 0:e979170e02e7 | 1701 | InitDecodedCert(&cert, (byte*)buff, sz, cm->heap); |
ashleymills | 0:e979170e02e7 | 1702 | |
ashleymills | 0:e979170e02e7 | 1703 | if (ret == 0) |
ashleymills | 0:e979170e02e7 | 1704 | ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm); |
ashleymills | 0:e979170e02e7 | 1705 | #ifdef HAVE_CRL |
ashleymills | 0:e979170e02e7 | 1706 | if (ret == 0 && cm->crlEnabled) |
ashleymills | 0:e979170e02e7 | 1707 | ret = CheckCertCRL(cm->crl, &cert); |
ashleymills | 0:e979170e02e7 | 1708 | #endif |
ashleymills | 0:e979170e02e7 | 1709 | |
ashleymills | 0:e979170e02e7 | 1710 | FreeDecodedCert(&cert); |
ashleymills | 0:e979170e02e7 | 1711 | XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT); |
ashleymills | 0:e979170e02e7 | 1712 | |
ashleymills | 0:e979170e02e7 | 1713 | return ret; |
ashleymills | 0:e979170e02e7 | 1714 | } |
ashleymills | 0:e979170e02e7 | 1715 | |
ashleymills | 0:e979170e02e7 | 1716 | |
ashleymills | 0:e979170e02e7 | 1717 | /* Verify the ceritficate, 1 for success, < 0 for error */ |
ashleymills | 0:e979170e02e7 | 1718 | int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname, |
ashleymills | 0:e979170e02e7 | 1719 | int format) |
ashleymills | 0:e979170e02e7 | 1720 | { |
ashleymills | 0:e979170e02e7 | 1721 | int ret = SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 1722 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:e979170e02e7 | 1723 | byte* myBuffer = staticBuffer; |
ashleymills | 0:e979170e02e7 | 1724 | int dynamic = 0; |
ashleymills | 0:e979170e02e7 | 1725 | long sz = 0; |
ashleymills | 0:e979170e02e7 | 1726 | XFILE file = XFOPEN(fname, "rb"); |
ashleymills | 0:e979170e02e7 | 1727 | |
ashleymills | 0:e979170e02e7 | 1728 | CYASSL_ENTER("CyaSSL_CertManagerVerify"); |
ashleymills | 0:e979170e02e7 | 1729 | |
ashleymills | 0:e979170e02e7 | 1730 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1731 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:e979170e02e7 | 1732 | sz = XFTELL(file); |
ashleymills | 0:e979170e02e7 | 1733 | XREWIND(file); |
ashleymills | 0:e979170e02e7 | 1734 | |
ashleymills | 0:e979170e02e7 | 1735 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:e979170e02e7 | 1736 | CYASSL_MSG("Getting dynamic buffer"); |
ashleymills | 0:e979170e02e7 | 1737 | myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 1738 | if (myBuffer == NULL) { |
ashleymills | 0:e979170e02e7 | 1739 | XFCLOSE(file); |
ashleymills | 0:e979170e02e7 | 1740 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1741 | } |
ashleymills | 0:e979170e02e7 | 1742 | dynamic = 1; |
ashleymills | 0:e979170e02e7 | 1743 | } |
ashleymills | 0:e979170e02e7 | 1744 | |
ashleymills | 0:e979170e02e7 | 1745 | if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) |
ashleymills | 0:e979170e02e7 | 1746 | ret = SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 1747 | else |
ashleymills | 0:e979170e02e7 | 1748 | ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, (int)sz, format); |
ashleymills | 0:e979170e02e7 | 1749 | |
ashleymills | 0:e979170e02e7 | 1750 | XFCLOSE(file); |
ashleymills | 0:e979170e02e7 | 1751 | if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 1752 | |
ashleymills | 0:e979170e02e7 | 1753 | if (ret == 0) |
ashleymills | 0:e979170e02e7 | 1754 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 1755 | return ret; |
ashleymills | 0:e979170e02e7 | 1756 | } |
ashleymills | 0:e979170e02e7 | 1757 | |
ashleymills | 0:e979170e02e7 | 1758 | |
ashleymills | 0:e979170e02e7 | 1759 | /* like load verify locations, 1 for success, < 0 for error */ |
ashleymills | 0:e979170e02e7 | 1760 | int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file, |
ashleymills | 0:e979170e02e7 | 1761 | const char* path) |
ashleymills | 0:e979170e02e7 | 1762 | { |
ashleymills | 0:e979170e02e7 | 1763 | int ret = SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 1764 | CYASSL_CTX* tmp; |
ashleymills | 0:e979170e02e7 | 1765 | |
ashleymills | 0:e979170e02e7 | 1766 | CYASSL_ENTER("CyaSSL_CertManagerLoadCA"); |
ashleymills | 0:e979170e02e7 | 1767 | |
ashleymills | 0:e979170e02e7 | 1768 | if (cm == NULL) { |
ashleymills | 0:e979170e02e7 | 1769 | CYASSL_MSG("No CertManager error"); |
ashleymills | 0:e979170e02e7 | 1770 | return ret; |
ashleymills | 0:e979170e02e7 | 1771 | } |
ashleymills | 0:e979170e02e7 | 1772 | tmp = CyaSSL_CTX_new(CyaSSLv3_client_method()); |
ashleymills | 0:e979170e02e7 | 1773 | |
ashleymills | 0:e979170e02e7 | 1774 | if (tmp == NULL) { |
ashleymills | 0:e979170e02e7 | 1775 | CYASSL_MSG("CTX new failed"); |
ashleymills | 0:e979170e02e7 | 1776 | return ret; |
ashleymills | 0:e979170e02e7 | 1777 | } |
ashleymills | 0:e979170e02e7 | 1778 | |
ashleymills | 0:e979170e02e7 | 1779 | /* for tmp use */ |
ashleymills | 0:e979170e02e7 | 1780 | CyaSSL_CertManagerFree(tmp->cm); |
ashleymills | 0:e979170e02e7 | 1781 | tmp->cm = cm; |
ashleymills | 0:e979170e02e7 | 1782 | |
ashleymills | 0:e979170e02e7 | 1783 | ret = CyaSSL_CTX_load_verify_locations(tmp, file, path); |
ashleymills | 0:e979170e02e7 | 1784 | |
ashleymills | 0:e979170e02e7 | 1785 | /* don't loose our good one */ |
ashleymills | 0:e979170e02e7 | 1786 | tmp->cm = NULL; |
ashleymills | 0:e979170e02e7 | 1787 | CyaSSL_CTX_free(tmp); |
ashleymills | 0:e979170e02e7 | 1788 | |
ashleymills | 0:e979170e02e7 | 1789 | return ret; |
ashleymills | 0:e979170e02e7 | 1790 | } |
ashleymills | 0:e979170e02e7 | 1791 | |
ashleymills | 0:e979170e02e7 | 1792 | |
ashleymills | 0:e979170e02e7 | 1793 | |
ashleymills | 0:e979170e02e7 | 1794 | /* turn on CRL if off and compiled in, set options */ |
ashleymills | 0:e979170e02e7 | 1795 | int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options) |
ashleymills | 0:e979170e02e7 | 1796 | { |
ashleymills | 0:e979170e02e7 | 1797 | int ret = SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 1798 | |
ashleymills | 0:e979170e02e7 | 1799 | (void)options; |
ashleymills | 0:e979170e02e7 | 1800 | |
ashleymills | 0:e979170e02e7 | 1801 | CYASSL_ENTER("CyaSSL_CertManagerEnableCRL"); |
ashleymills | 0:e979170e02e7 | 1802 | if (cm == NULL) |
ashleymills | 0:e979170e02e7 | 1803 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1804 | |
ashleymills | 0:e979170e02e7 | 1805 | #ifdef HAVE_CRL |
ashleymills | 0:e979170e02e7 | 1806 | if (cm->crl == NULL) { |
ashleymills | 0:e979170e02e7 | 1807 | cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap, |
ashleymills | 0:e979170e02e7 | 1808 | DYNAMIC_TYPE_CRL); |
ashleymills | 0:e979170e02e7 | 1809 | if (cm->crl == NULL) |
ashleymills | 0:e979170e02e7 | 1810 | return MEMORY_E; |
ashleymills | 0:e979170e02e7 | 1811 | |
ashleymills | 0:e979170e02e7 | 1812 | if (InitCRL(cm->crl, cm) != 0) { |
ashleymills | 0:e979170e02e7 | 1813 | CYASSL_MSG("Init CRL failed"); |
ashleymills | 0:e979170e02e7 | 1814 | FreeCRL(cm->crl, 1); |
ashleymills | 0:e979170e02e7 | 1815 | cm->crl = NULL; |
ashleymills | 0:e979170e02e7 | 1816 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 1817 | } |
ashleymills | 0:e979170e02e7 | 1818 | } |
ashleymills | 0:e979170e02e7 | 1819 | cm->crlEnabled = 1; |
ashleymills | 0:e979170e02e7 | 1820 | if (options & CYASSL_CRL_CHECKALL) |
ashleymills | 0:e979170e02e7 | 1821 | cm->crlCheckAll = 1; |
ashleymills | 0:e979170e02e7 | 1822 | #else |
ashleymills | 0:e979170e02e7 | 1823 | ret = NOT_COMPILED_IN; |
ashleymills | 0:e979170e02e7 | 1824 | #endif |
ashleymills | 0:e979170e02e7 | 1825 | |
ashleymills | 0:e979170e02e7 | 1826 | return ret; |
ashleymills | 0:e979170e02e7 | 1827 | } |
ashleymills | 0:e979170e02e7 | 1828 | |
ashleymills | 0:e979170e02e7 | 1829 | |
ashleymills | 0:e979170e02e7 | 1830 | int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm) |
ashleymills | 0:e979170e02e7 | 1831 | { |
ashleymills | 0:e979170e02e7 | 1832 | CYASSL_ENTER("CyaSSL_CertManagerDisableCRL"); |
ashleymills | 0:e979170e02e7 | 1833 | if (cm == NULL) |
ashleymills | 0:e979170e02e7 | 1834 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1835 | |
ashleymills | 0:e979170e02e7 | 1836 | cm->crlEnabled = 0; |
ashleymills | 0:e979170e02e7 | 1837 | |
ashleymills | 0:e979170e02e7 | 1838 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 1839 | } |
ashleymills | 0:e979170e02e7 | 1840 | |
ashleymills | 0:e979170e02e7 | 1841 | |
ashleymills | 0:e979170e02e7 | 1842 | int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 1843 | { |
ashleymills | 0:e979170e02e7 | 1844 | /* TODO: check private against public for RSA match */ |
ashleymills | 0:e979170e02e7 | 1845 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 1846 | CYASSL_ENTER("SSL_CTX_check_private_key"); |
ashleymills | 0:e979170e02e7 | 1847 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 1848 | } |
ashleymills | 0:e979170e02e7 | 1849 | |
ashleymills | 0:e979170e02e7 | 1850 | |
ashleymills | 0:e979170e02e7 | 1851 | #ifdef HAVE_CRL |
ashleymills | 0:e979170e02e7 | 1852 | |
ashleymills | 0:e979170e02e7 | 1853 | |
ashleymills | 0:e979170e02e7 | 1854 | /* check CRL if enabled, SSL_SUCCESS */ |
ashleymills | 0:e979170e02e7 | 1855 | int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz) |
ashleymills | 0:e979170e02e7 | 1856 | { |
ashleymills | 0:e979170e02e7 | 1857 | int ret; |
ashleymills | 0:e979170e02e7 | 1858 | DecodedCert cert; |
ashleymills | 0:e979170e02e7 | 1859 | |
ashleymills | 0:e979170e02e7 | 1860 | CYASSL_ENTER("CyaSSL_CertManagerCheckCRL"); |
ashleymills | 0:e979170e02e7 | 1861 | |
ashleymills | 0:e979170e02e7 | 1862 | if (cm == NULL) |
ashleymills | 0:e979170e02e7 | 1863 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1864 | |
ashleymills | 0:e979170e02e7 | 1865 | if (cm->crlEnabled == 0) |
ashleymills | 0:e979170e02e7 | 1866 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 1867 | |
ashleymills | 0:e979170e02e7 | 1868 | InitDecodedCert(&cert, der, sz, NULL); |
ashleymills | 0:e979170e02e7 | 1869 | |
ashleymills | 0:e979170e02e7 | 1870 | ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm); |
ashleymills | 0:e979170e02e7 | 1871 | if (ret != 0) { |
ashleymills | 0:e979170e02e7 | 1872 | CYASSL_MSG("ParseCert failed"); |
ashleymills | 0:e979170e02e7 | 1873 | return ret; |
ashleymills | 0:e979170e02e7 | 1874 | } |
ashleymills | 0:e979170e02e7 | 1875 | else { |
ashleymills | 0:e979170e02e7 | 1876 | ret = CheckCertCRL(cm->crl, &cert); |
ashleymills | 0:e979170e02e7 | 1877 | if (ret != 0) { |
ashleymills | 0:e979170e02e7 | 1878 | CYASSL_MSG("CheckCertCRL failed"); |
ashleymills | 0:e979170e02e7 | 1879 | } |
ashleymills | 0:e979170e02e7 | 1880 | } |
ashleymills | 0:e979170e02e7 | 1881 | |
ashleymills | 0:e979170e02e7 | 1882 | FreeDecodedCert(&cert); |
ashleymills | 0:e979170e02e7 | 1883 | |
ashleymills | 0:e979170e02e7 | 1884 | if (ret == 0) |
ashleymills | 0:e979170e02e7 | 1885 | return SSL_SUCCESS; /* convert */ |
ashleymills | 0:e979170e02e7 | 1886 | |
ashleymills | 0:e979170e02e7 | 1887 | return ret; |
ashleymills | 0:e979170e02e7 | 1888 | } |
ashleymills | 0:e979170e02e7 | 1889 | |
ashleymills | 0:e979170e02e7 | 1890 | |
ashleymills | 0:e979170e02e7 | 1891 | int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb) |
ashleymills | 0:e979170e02e7 | 1892 | { |
ashleymills | 0:e979170e02e7 | 1893 | CYASSL_ENTER("CyaSSL_CertManagerSetCRL_Cb"); |
ashleymills | 0:e979170e02e7 | 1894 | if (cm == NULL) |
ashleymills | 0:e979170e02e7 | 1895 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1896 | |
ashleymills | 0:e979170e02e7 | 1897 | cm->cbMissingCRL = cb; |
ashleymills | 0:e979170e02e7 | 1898 | |
ashleymills | 0:e979170e02e7 | 1899 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 1900 | } |
ashleymills | 0:e979170e02e7 | 1901 | |
ashleymills | 0:e979170e02e7 | 1902 | |
ashleymills | 0:e979170e02e7 | 1903 | int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path, |
ashleymills | 0:e979170e02e7 | 1904 | int type, int monitor) |
ashleymills | 0:e979170e02e7 | 1905 | { |
ashleymills | 0:e979170e02e7 | 1906 | CYASSL_ENTER("CyaSSL_CertManagerLoadCRL"); |
ashleymills | 0:e979170e02e7 | 1907 | if (cm == NULL) |
ashleymills | 0:e979170e02e7 | 1908 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1909 | |
ashleymills | 0:e979170e02e7 | 1910 | if (cm->crl == NULL) { |
ashleymills | 0:e979170e02e7 | 1911 | if (CyaSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) { |
ashleymills | 0:e979170e02e7 | 1912 | CYASSL_MSG("Enable CRL failed"); |
ashleymills | 0:e979170e02e7 | 1913 | return -1; |
ashleymills | 0:e979170e02e7 | 1914 | } |
ashleymills | 0:e979170e02e7 | 1915 | } |
ashleymills | 0:e979170e02e7 | 1916 | |
ashleymills | 0:e979170e02e7 | 1917 | return LoadCRL(cm->crl, path, type, monitor); |
ashleymills | 0:e979170e02e7 | 1918 | } |
ashleymills | 0:e979170e02e7 | 1919 | |
ashleymills | 0:e979170e02e7 | 1920 | |
ashleymills | 0:e979170e02e7 | 1921 | int CyaSSL_EnableCRL(CYASSL* ssl, int options) |
ashleymills | 0:e979170e02e7 | 1922 | { |
ashleymills | 0:e979170e02e7 | 1923 | CYASSL_ENTER("CyaSSL_EnableCRL"); |
ashleymills | 0:e979170e02e7 | 1924 | if (ssl) |
ashleymills | 0:e979170e02e7 | 1925 | return CyaSSL_CertManagerEnableCRL(ssl->ctx->cm, options); |
ashleymills | 0:e979170e02e7 | 1926 | else |
ashleymills | 0:e979170e02e7 | 1927 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1928 | } |
ashleymills | 0:e979170e02e7 | 1929 | |
ashleymills | 0:e979170e02e7 | 1930 | |
ashleymills | 0:e979170e02e7 | 1931 | int CyaSSL_DisableCRL(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 1932 | { |
ashleymills | 0:e979170e02e7 | 1933 | CYASSL_ENTER("CyaSSL_DisableCRL"); |
ashleymills | 0:e979170e02e7 | 1934 | if (ssl) |
ashleymills | 0:e979170e02e7 | 1935 | return CyaSSL_CertManagerDisableCRL(ssl->ctx->cm); |
ashleymills | 0:e979170e02e7 | 1936 | else |
ashleymills | 0:e979170e02e7 | 1937 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1938 | } |
ashleymills | 0:e979170e02e7 | 1939 | |
ashleymills | 0:e979170e02e7 | 1940 | |
ashleymills | 0:e979170e02e7 | 1941 | int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor) |
ashleymills | 0:e979170e02e7 | 1942 | { |
ashleymills | 0:e979170e02e7 | 1943 | CYASSL_ENTER("CyaSSL_LoadCRL"); |
ashleymills | 0:e979170e02e7 | 1944 | if (ssl) |
ashleymills | 0:e979170e02e7 | 1945 | return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor); |
ashleymills | 0:e979170e02e7 | 1946 | else |
ashleymills | 0:e979170e02e7 | 1947 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1948 | } |
ashleymills | 0:e979170e02e7 | 1949 | |
ashleymills | 0:e979170e02e7 | 1950 | |
ashleymills | 0:e979170e02e7 | 1951 | int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb) |
ashleymills | 0:e979170e02e7 | 1952 | { |
ashleymills | 0:e979170e02e7 | 1953 | CYASSL_ENTER("CyaSSL_SetCRL_Cb"); |
ashleymills | 0:e979170e02e7 | 1954 | if (ssl) |
ashleymills | 0:e979170e02e7 | 1955 | return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb); |
ashleymills | 0:e979170e02e7 | 1956 | else |
ashleymills | 0:e979170e02e7 | 1957 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1958 | } |
ashleymills | 0:e979170e02e7 | 1959 | |
ashleymills | 0:e979170e02e7 | 1960 | |
ashleymills | 0:e979170e02e7 | 1961 | int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options) |
ashleymills | 0:e979170e02e7 | 1962 | { |
ashleymills | 0:e979170e02e7 | 1963 | CYASSL_ENTER("CyaSSL_CTX_EnableCRL"); |
ashleymills | 0:e979170e02e7 | 1964 | if (ctx) |
ashleymills | 0:e979170e02e7 | 1965 | return CyaSSL_CertManagerEnableCRL(ctx->cm, options); |
ashleymills | 0:e979170e02e7 | 1966 | else |
ashleymills | 0:e979170e02e7 | 1967 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1968 | } |
ashleymills | 0:e979170e02e7 | 1969 | |
ashleymills | 0:e979170e02e7 | 1970 | |
ashleymills | 0:e979170e02e7 | 1971 | int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 1972 | { |
ashleymills | 0:e979170e02e7 | 1973 | CYASSL_ENTER("CyaSSL_CTX_DisableCRL"); |
ashleymills | 0:e979170e02e7 | 1974 | if (ctx) |
ashleymills | 0:e979170e02e7 | 1975 | return CyaSSL_CertManagerDisableCRL(ctx->cm); |
ashleymills | 0:e979170e02e7 | 1976 | else |
ashleymills | 0:e979170e02e7 | 1977 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1978 | } |
ashleymills | 0:e979170e02e7 | 1979 | |
ashleymills | 0:e979170e02e7 | 1980 | |
ashleymills | 0:e979170e02e7 | 1981 | int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor) |
ashleymills | 0:e979170e02e7 | 1982 | { |
ashleymills | 0:e979170e02e7 | 1983 | CYASSL_ENTER("CyaSSL_CTX_LoadCRL"); |
ashleymills | 0:e979170e02e7 | 1984 | if (ctx) |
ashleymills | 0:e979170e02e7 | 1985 | return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor); |
ashleymills | 0:e979170e02e7 | 1986 | else |
ashleymills | 0:e979170e02e7 | 1987 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1988 | } |
ashleymills | 0:e979170e02e7 | 1989 | |
ashleymills | 0:e979170e02e7 | 1990 | |
ashleymills | 0:e979170e02e7 | 1991 | int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb) |
ashleymills | 0:e979170e02e7 | 1992 | { |
ashleymills | 0:e979170e02e7 | 1993 | CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb"); |
ashleymills | 0:e979170e02e7 | 1994 | if (ctx) |
ashleymills | 0:e979170e02e7 | 1995 | return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb); |
ashleymills | 0:e979170e02e7 | 1996 | else |
ashleymills | 0:e979170e02e7 | 1997 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 1998 | } |
ashleymills | 0:e979170e02e7 | 1999 | |
ashleymills | 0:e979170e02e7 | 2000 | |
ashleymills | 0:e979170e02e7 | 2001 | #endif /* HAVE_CRL */ |
ashleymills | 0:e979170e02e7 | 2002 | |
ashleymills | 0:e979170e02e7 | 2003 | |
ashleymills | 0:e979170e02e7 | 2004 | #ifdef CYASSL_DER_LOAD |
ashleymills | 0:e979170e02e7 | 2005 | |
ashleymills | 0:e979170e02e7 | 2006 | /* Add format parameter to allow DER load of CA files */ |
ashleymills | 0:e979170e02e7 | 2007 | int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file, |
ashleymills | 0:e979170e02e7 | 2008 | int format) |
ashleymills | 0:e979170e02e7 | 2009 | { |
ashleymills | 0:e979170e02e7 | 2010 | CYASSL_ENTER("CyaSSL_CTX_der_load_verify_locations"); |
ashleymills | 0:e979170e02e7 | 2011 | if (ctx == NULL || file == NULL) |
ashleymills | 0:e979170e02e7 | 2012 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2013 | |
ashleymills | 0:e979170e02e7 | 2014 | if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS) |
ashleymills | 0:e979170e02e7 | 2015 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2016 | |
ashleymills | 0:e979170e02e7 | 2017 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2018 | } |
ashleymills | 0:e979170e02e7 | 2019 | |
ashleymills | 0:e979170e02e7 | 2020 | #endif /* CYASSL_DER_LOAD */ |
ashleymills | 0:e979170e02e7 | 2021 | |
ashleymills | 0:e979170e02e7 | 2022 | |
ashleymills | 0:e979170e02e7 | 2023 | #ifdef CYASSL_CERT_GEN |
ashleymills | 0:e979170e02e7 | 2024 | |
ashleymills | 0:e979170e02e7 | 2025 | /* load pem cert from file into der buffer, return der size or error */ |
ashleymills | 0:e979170e02e7 | 2026 | int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) |
ashleymills | 0:e979170e02e7 | 2027 | { |
ashleymills | 0:e979170e02e7 | 2028 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:e979170e02e7 | 2029 | byte* fileBuf = staticBuffer; |
ashleymills | 0:e979170e02e7 | 2030 | int dynamic = 0; |
ashleymills | 0:e979170e02e7 | 2031 | int ret; |
ashleymills | 0:e979170e02e7 | 2032 | int ecc = 0; |
ashleymills | 0:e979170e02e7 | 2033 | long sz = 0; |
ashleymills | 0:e979170e02e7 | 2034 | XFILE file = XFOPEN(fileName, "rb"); |
ashleymills | 0:e979170e02e7 | 2035 | EncryptedInfo info; |
ashleymills | 0:e979170e02e7 | 2036 | buffer converted; |
ashleymills | 0:e979170e02e7 | 2037 | |
ashleymills | 0:e979170e02e7 | 2038 | CYASSL_ENTER("CyaSSL_PemCertToDer"); |
ashleymills | 0:e979170e02e7 | 2039 | converted.buffer = 0; |
ashleymills | 0:e979170e02e7 | 2040 | |
ashleymills | 0:e979170e02e7 | 2041 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 2042 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:e979170e02e7 | 2043 | sz = XFTELL(file); |
ashleymills | 0:e979170e02e7 | 2044 | XREWIND(file); |
ashleymills | 0:e979170e02e7 | 2045 | |
ashleymills | 0:e979170e02e7 | 2046 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:e979170e02e7 | 2047 | fileBuf = (byte*) XMALLOC(sz, 0, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 2048 | if (fileBuf == NULL) { |
ashleymills | 0:e979170e02e7 | 2049 | XFCLOSE(file); |
ashleymills | 0:e979170e02e7 | 2050 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 2051 | } |
ashleymills | 0:e979170e02e7 | 2052 | dynamic = 1; |
ashleymills | 0:e979170e02e7 | 2053 | } |
ashleymills | 0:e979170e02e7 | 2054 | |
ashleymills | 0:e979170e02e7 | 2055 | if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) |
ashleymills | 0:e979170e02e7 | 2056 | ret = SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 2057 | else |
ashleymills | 0:e979170e02e7 | 2058 | ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, &info, &ecc); |
ashleymills | 0:e979170e02e7 | 2059 | |
ashleymills | 0:e979170e02e7 | 2060 | if (ret == 0) { |
ashleymills | 0:e979170e02e7 | 2061 | if (converted.length < (word32)derSz) { |
ashleymills | 0:e979170e02e7 | 2062 | XMEMCPY(derBuf, converted.buffer, converted.length); |
ashleymills | 0:e979170e02e7 | 2063 | ret = converted.length; |
ashleymills | 0:e979170e02e7 | 2064 | } |
ashleymills | 0:e979170e02e7 | 2065 | else |
ashleymills | 0:e979170e02e7 | 2066 | ret = BUFFER_E; |
ashleymills | 0:e979170e02e7 | 2067 | } |
ashleymills | 0:e979170e02e7 | 2068 | |
ashleymills | 0:e979170e02e7 | 2069 | XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA); |
ashleymills | 0:e979170e02e7 | 2070 | if (dynamic) |
ashleymills | 0:e979170e02e7 | 2071 | XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 2072 | XFCLOSE(file); |
ashleymills | 0:e979170e02e7 | 2073 | |
ashleymills | 0:e979170e02e7 | 2074 | return ret; |
ashleymills | 0:e979170e02e7 | 2075 | } |
ashleymills | 0:e979170e02e7 | 2076 | |
ashleymills | 0:e979170e02e7 | 2077 | #endif /* CYASSL_CERT_GEN */ |
ashleymills | 0:e979170e02e7 | 2078 | |
ashleymills | 0:e979170e02e7 | 2079 | |
ashleymills | 0:e979170e02e7 | 2080 | int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file, |
ashleymills | 0:e979170e02e7 | 2081 | int format) |
ashleymills | 0:e979170e02e7 | 2082 | { |
ashleymills | 0:e979170e02e7 | 2083 | CYASSL_ENTER("CyaSSL_CTX_use_certificate_file"); |
ashleymills | 0:e979170e02e7 | 2084 | if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS) |
ashleymills | 0:e979170e02e7 | 2085 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2086 | |
ashleymills | 0:e979170e02e7 | 2087 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2088 | } |
ashleymills | 0:e979170e02e7 | 2089 | |
ashleymills | 0:e979170e02e7 | 2090 | |
ashleymills | 0:e979170e02e7 | 2091 | int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX* ctx, const char* file,int format) |
ashleymills | 0:e979170e02e7 | 2092 | { |
ashleymills | 0:e979170e02e7 | 2093 | CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_file"); |
ashleymills | 0:e979170e02e7 | 2094 | if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL) |
ashleymills | 0:e979170e02e7 | 2095 | == SSL_SUCCESS) |
ashleymills | 0:e979170e02e7 | 2096 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2097 | |
ashleymills | 0:e979170e02e7 | 2098 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2099 | } |
ashleymills | 0:e979170e02e7 | 2100 | |
ashleymills | 0:e979170e02e7 | 2101 | |
ashleymills | 0:e979170e02e7 | 2102 | int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file) |
ashleymills | 0:e979170e02e7 | 2103 | { |
ashleymills | 0:e979170e02e7 | 2104 | /* procces up to MAX_CHAIN_DEPTH plus subject cert */ |
ashleymills | 0:e979170e02e7 | 2105 | CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_file"); |
ashleymills | 0:e979170e02e7 | 2106 | if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL) |
ashleymills | 0:e979170e02e7 | 2107 | == SSL_SUCCESS) |
ashleymills | 0:e979170e02e7 | 2108 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2109 | |
ashleymills | 0:e979170e02e7 | 2110 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2111 | } |
ashleymills | 0:e979170e02e7 | 2112 | |
ashleymills | 0:e979170e02e7 | 2113 | |
ashleymills | 0:e979170e02e7 | 2114 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:e979170e02e7 | 2115 | /* put SSL type in extra for now, not very common */ |
ashleymills | 0:e979170e02e7 | 2116 | |
ashleymills | 0:e979170e02e7 | 2117 | int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format) |
ashleymills | 0:e979170e02e7 | 2118 | { |
ashleymills | 0:e979170e02e7 | 2119 | CYASSL_ENTER("CyaSSL_use_certificate_file"); |
ashleymills | 0:e979170e02e7 | 2120 | if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL) |
ashleymills | 0:e979170e02e7 | 2121 | == SSL_SUCCESS) |
ashleymills | 0:e979170e02e7 | 2122 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2123 | |
ashleymills | 0:e979170e02e7 | 2124 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2125 | } |
ashleymills | 0:e979170e02e7 | 2126 | |
ashleymills | 0:e979170e02e7 | 2127 | |
ashleymills | 0:e979170e02e7 | 2128 | int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format) |
ashleymills | 0:e979170e02e7 | 2129 | { |
ashleymills | 0:e979170e02e7 | 2130 | CYASSL_ENTER("CyaSSL_use_PrivateKey_file"); |
ashleymills | 0:e979170e02e7 | 2131 | if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL) |
ashleymills | 0:e979170e02e7 | 2132 | == SSL_SUCCESS) |
ashleymills | 0:e979170e02e7 | 2133 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2134 | |
ashleymills | 0:e979170e02e7 | 2135 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2136 | } |
ashleymills | 0:e979170e02e7 | 2137 | |
ashleymills | 0:e979170e02e7 | 2138 | |
ashleymills | 0:e979170e02e7 | 2139 | int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file) |
ashleymills | 0:e979170e02e7 | 2140 | { |
ashleymills | 0:e979170e02e7 | 2141 | /* procces up to MAX_CHAIN_DEPTH plus subject cert */ |
ashleymills | 0:e979170e02e7 | 2142 | CYASSL_ENTER("CyaSSL_use_certificate_chain_file"); |
ashleymills | 0:e979170e02e7 | 2143 | if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL) |
ashleymills | 0:e979170e02e7 | 2144 | == SSL_SUCCESS) |
ashleymills | 0:e979170e02e7 | 2145 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2146 | |
ashleymills | 0:e979170e02e7 | 2147 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2148 | } |
ashleymills | 0:e979170e02e7 | 2149 | |
ashleymills | 0:e979170e02e7 | 2150 | |
ashleymills | 0:e979170e02e7 | 2151 | /* server wrapper for ctx or ssl Diffie-Hellman parameters */ |
ashleymills | 0:e979170e02e7 | 2152 | static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, |
ashleymills | 0:e979170e02e7 | 2153 | const unsigned char* buf, long sz, int format) |
ashleymills | 0:e979170e02e7 | 2154 | { |
ashleymills | 0:e979170e02e7 | 2155 | buffer der; |
ashleymills | 0:e979170e02e7 | 2156 | int ret; |
ashleymills | 0:e979170e02e7 | 2157 | int weOwnDer = 0; |
ashleymills | 0:e979170e02e7 | 2158 | byte p[MAX_DH_SIZE]; |
ashleymills | 0:e979170e02e7 | 2159 | byte g[MAX_DH_SIZE]; |
ashleymills | 0:e979170e02e7 | 2160 | word32 pSz = sizeof(p); |
ashleymills | 0:e979170e02e7 | 2161 | word32 gSz = sizeof(g); |
ashleymills | 0:e979170e02e7 | 2162 | |
ashleymills | 0:e979170e02e7 | 2163 | der.buffer = (byte*)buf; |
ashleymills | 0:e979170e02e7 | 2164 | der.length = (word32)sz; |
ashleymills | 0:e979170e02e7 | 2165 | |
ashleymills | 0:e979170e02e7 | 2166 | if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM) |
ashleymills | 0:e979170e02e7 | 2167 | return SSL_BAD_FILETYPE; |
ashleymills | 0:e979170e02e7 | 2168 | |
ashleymills | 0:e979170e02e7 | 2169 | if (format == SSL_FILETYPE_PEM) { |
ashleymills | 0:e979170e02e7 | 2170 | der.buffer = NULL; |
ashleymills | 0:e979170e02e7 | 2171 | ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL); |
ashleymills | 0:e979170e02e7 | 2172 | if (ret < 0) { |
ashleymills | 0:e979170e02e7 | 2173 | XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY); |
ashleymills | 0:e979170e02e7 | 2174 | return ret; |
ashleymills | 0:e979170e02e7 | 2175 | } |
ashleymills | 0:e979170e02e7 | 2176 | weOwnDer = 1; |
ashleymills | 0:e979170e02e7 | 2177 | } |
ashleymills | 0:e979170e02e7 | 2178 | |
ashleymills | 0:e979170e02e7 | 2179 | if (DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0) |
ashleymills | 0:e979170e02e7 | 2180 | ret = SSL_BAD_FILETYPE; |
ashleymills | 0:e979170e02e7 | 2181 | else { |
ashleymills | 0:e979170e02e7 | 2182 | if (ssl) |
ashleymills | 0:e979170e02e7 | 2183 | ret = CyaSSL_SetTmpDH(ssl, p, pSz, g, gSz); |
ashleymills | 0:e979170e02e7 | 2184 | else |
ashleymills | 0:e979170e02e7 | 2185 | ret = CyaSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); |
ashleymills | 0:e979170e02e7 | 2186 | } |
ashleymills | 0:e979170e02e7 | 2187 | |
ashleymills | 0:e979170e02e7 | 2188 | if (weOwnDer) |
ashleymills | 0:e979170e02e7 | 2189 | XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY); |
ashleymills | 0:e979170e02e7 | 2190 | |
ashleymills | 0:e979170e02e7 | 2191 | return ret; |
ashleymills | 0:e979170e02e7 | 2192 | } |
ashleymills | 0:e979170e02e7 | 2193 | |
ashleymills | 0:e979170e02e7 | 2194 | /* server Diffie-Hellman parameters */ |
ashleymills | 0:e979170e02e7 | 2195 | int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz, |
ashleymills | 0:e979170e02e7 | 2196 | int format) |
ashleymills | 0:e979170e02e7 | 2197 | { |
ashleymills | 0:e979170e02e7 | 2198 | return CyaSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format); |
ashleymills | 0:e979170e02e7 | 2199 | } |
ashleymills | 0:e979170e02e7 | 2200 | |
ashleymills | 0:e979170e02e7 | 2201 | |
ashleymills | 0:e979170e02e7 | 2202 | /* server ctx Diffie-Hellman parameters */ |
ashleymills | 0:e979170e02e7 | 2203 | int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf, |
ashleymills | 0:e979170e02e7 | 2204 | long sz, int format) |
ashleymills | 0:e979170e02e7 | 2205 | { |
ashleymills | 0:e979170e02e7 | 2206 | return CyaSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format); |
ashleymills | 0:e979170e02e7 | 2207 | } |
ashleymills | 0:e979170e02e7 | 2208 | |
ashleymills | 0:e979170e02e7 | 2209 | |
ashleymills | 0:e979170e02e7 | 2210 | #ifdef HAVE_ECC |
ashleymills | 0:e979170e02e7 | 2211 | |
ashleymills | 0:e979170e02e7 | 2212 | /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ |
ashleymills | 0:e979170e02e7 | 2213 | int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz) |
ashleymills | 0:e979170e02e7 | 2214 | { |
ashleymills | 0:e979170e02e7 | 2215 | if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE) |
ashleymills | 0:e979170e02e7 | 2216 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 2217 | |
ashleymills | 0:e979170e02e7 | 2218 | ctx->eccTempKeySz = sz; |
ashleymills | 0:e979170e02e7 | 2219 | |
ashleymills | 0:e979170e02e7 | 2220 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2221 | } |
ashleymills | 0:e979170e02e7 | 2222 | |
ashleymills | 0:e979170e02e7 | 2223 | |
ashleymills | 0:e979170e02e7 | 2224 | /* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ |
ashleymills | 0:e979170e02e7 | 2225 | int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz) |
ashleymills | 0:e979170e02e7 | 2226 | { |
ashleymills | 0:e979170e02e7 | 2227 | if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE) |
ashleymills | 0:e979170e02e7 | 2228 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 2229 | |
ashleymills | 0:e979170e02e7 | 2230 | ssl->eccTempKeySz = sz; |
ashleymills | 0:e979170e02e7 | 2231 | |
ashleymills | 0:e979170e02e7 | 2232 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2233 | } |
ashleymills | 0:e979170e02e7 | 2234 | |
ashleymills | 0:e979170e02e7 | 2235 | #endif /* HAVE_ECC */ |
ashleymills | 0:e979170e02e7 | 2236 | |
ashleymills | 0:e979170e02e7 | 2237 | |
ashleymills | 0:e979170e02e7 | 2238 | #if !defined(NO_FILESYSTEM) |
ashleymills | 0:e979170e02e7 | 2239 | |
ashleymills | 0:e979170e02e7 | 2240 | /* server Diffie-Hellman parameters */ |
ashleymills | 0:e979170e02e7 | 2241 | static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, |
ashleymills | 0:e979170e02e7 | 2242 | const char* fname, int format) |
ashleymills | 0:e979170e02e7 | 2243 | { |
ashleymills | 0:e979170e02e7 | 2244 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:e979170e02e7 | 2245 | byte* myBuffer = staticBuffer; |
ashleymills | 0:e979170e02e7 | 2246 | int dynamic = 0; |
ashleymills | 0:e979170e02e7 | 2247 | int ret; |
ashleymills | 0:e979170e02e7 | 2248 | long sz = 0; |
ashleymills | 0:e979170e02e7 | 2249 | XFILE file = XFOPEN(fname, "rb"); |
ashleymills | 0:e979170e02e7 | 2250 | |
ashleymills | 0:e979170e02e7 | 2251 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 2252 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:e979170e02e7 | 2253 | sz = XFTELL(file); |
ashleymills | 0:e979170e02e7 | 2254 | XREWIND(file); |
ashleymills | 0:e979170e02e7 | 2255 | |
ashleymills | 0:e979170e02e7 | 2256 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:e979170e02e7 | 2257 | CYASSL_MSG("Getting dynamic buffer"); |
ashleymills | 0:e979170e02e7 | 2258 | myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 2259 | if (myBuffer == NULL) { |
ashleymills | 0:e979170e02e7 | 2260 | XFCLOSE(file); |
ashleymills | 0:e979170e02e7 | 2261 | return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 2262 | } |
ashleymills | 0:e979170e02e7 | 2263 | dynamic = 1; |
ashleymills | 0:e979170e02e7 | 2264 | } |
ashleymills | 0:e979170e02e7 | 2265 | |
ashleymills | 0:e979170e02e7 | 2266 | if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) |
ashleymills | 0:e979170e02e7 | 2267 | ret = SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 2268 | else { |
ashleymills | 0:e979170e02e7 | 2269 | if (ssl) |
ashleymills | 0:e979170e02e7 | 2270 | ret = CyaSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format); |
ashleymills | 0:e979170e02e7 | 2271 | else |
ashleymills | 0:e979170e02e7 | 2272 | ret = CyaSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format); |
ashleymills | 0:e979170e02e7 | 2273 | } |
ashleymills | 0:e979170e02e7 | 2274 | |
ashleymills | 0:e979170e02e7 | 2275 | XFCLOSE(file); |
ashleymills | 0:e979170e02e7 | 2276 | if (dynamic) XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 2277 | |
ashleymills | 0:e979170e02e7 | 2278 | return ret; |
ashleymills | 0:e979170e02e7 | 2279 | } |
ashleymills | 0:e979170e02e7 | 2280 | |
ashleymills | 0:e979170e02e7 | 2281 | /* server Diffie-Hellman parameters */ |
ashleymills | 0:e979170e02e7 | 2282 | int CyaSSL_SetTmpDH_file(CYASSL* ssl, const char* fname, int format) |
ashleymills | 0:e979170e02e7 | 2283 | { |
ashleymills | 0:e979170e02e7 | 2284 | return CyaSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format); |
ashleymills | 0:e979170e02e7 | 2285 | } |
ashleymills | 0:e979170e02e7 | 2286 | |
ashleymills | 0:e979170e02e7 | 2287 | |
ashleymills | 0:e979170e02e7 | 2288 | /* server Diffie-Hellman parameters */ |
ashleymills | 0:e979170e02e7 | 2289 | int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format) |
ashleymills | 0:e979170e02e7 | 2290 | { |
ashleymills | 0:e979170e02e7 | 2291 | return CyaSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format); |
ashleymills | 0:e979170e02e7 | 2292 | } |
ashleymills | 0:e979170e02e7 | 2293 | |
ashleymills | 0:e979170e02e7 | 2294 | |
ashleymills | 0:e979170e02e7 | 2295 | #endif /* !NO_FILESYSTEM */ |
ashleymills | 0:e979170e02e7 | 2296 | #endif /* OPENSSL_EXTRA */ |
ashleymills | 0:e979170e02e7 | 2297 | |
ashleymills | 0:e979170e02e7 | 2298 | #ifdef HAVE_NTRU |
ashleymills | 0:e979170e02e7 | 2299 | |
ashleymills | 0:e979170e02e7 | 2300 | int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file) |
ashleymills | 0:e979170e02e7 | 2301 | { |
ashleymills | 0:e979170e02e7 | 2302 | CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file"); |
ashleymills | 0:e979170e02e7 | 2303 | if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL) |
ashleymills | 0:e979170e02e7 | 2304 | == SSL_SUCCESS) { |
ashleymills | 0:e979170e02e7 | 2305 | ctx->haveNTRU = 1; |
ashleymills | 0:e979170e02e7 | 2306 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2307 | } |
ashleymills | 0:e979170e02e7 | 2308 | |
ashleymills | 0:e979170e02e7 | 2309 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2310 | } |
ashleymills | 0:e979170e02e7 | 2311 | |
ashleymills | 0:e979170e02e7 | 2312 | #endif /* HAVE_NTRU */ |
ashleymills | 0:e979170e02e7 | 2313 | |
ashleymills | 0:e979170e02e7 | 2314 | |
ashleymills | 0:e979170e02e7 | 2315 | |
ashleymills | 0:e979170e02e7 | 2316 | #if defined(OPENSSL_EXTRA) |
ashleymills | 0:e979170e02e7 | 2317 | |
ashleymills | 0:e979170e02e7 | 2318 | int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file, |
ashleymills | 0:e979170e02e7 | 2319 | int format) |
ashleymills | 0:e979170e02e7 | 2320 | { |
ashleymills | 0:e979170e02e7 | 2321 | CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file"); |
ashleymills | 0:e979170e02e7 | 2322 | |
ashleymills | 0:e979170e02e7 | 2323 | return CyaSSL_CTX_use_PrivateKey_file(ctx, file, format); |
ashleymills | 0:e979170e02e7 | 2324 | } |
ashleymills | 0:e979170e02e7 | 2325 | |
ashleymills | 0:e979170e02e7 | 2326 | int CyaSSL_use_RSAPrivateKey_file(CYASSL* ssl, const char* file, int format) |
ashleymills | 0:e979170e02e7 | 2327 | { |
ashleymills | 0:e979170e02e7 | 2328 | CYASSL_ENTER("CyaSSL_use_RSAPrivateKey_file"); |
ashleymills | 0:e979170e02e7 | 2329 | |
ashleymills | 0:e979170e02e7 | 2330 | return CyaSSL_use_PrivateKey_file(ssl, file, format); |
ashleymills | 0:e979170e02e7 | 2331 | } |
ashleymills | 0:e979170e02e7 | 2332 | |
ashleymills | 0:e979170e02e7 | 2333 | #endif /* OPENSSL_EXTRA */ |
ashleymills | 0:e979170e02e7 | 2334 | |
ashleymills | 0:e979170e02e7 | 2335 | #endif /* NO_FILESYSTEM */ |
ashleymills | 0:e979170e02e7 | 2336 | |
ashleymills | 0:e979170e02e7 | 2337 | |
ashleymills | 0:e979170e02e7 | 2338 | void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc) |
ashleymills | 0:e979170e02e7 | 2339 | { |
ashleymills | 0:e979170e02e7 | 2340 | CYASSL_ENTER("CyaSSL_CTX_set_verify"); |
ashleymills | 0:e979170e02e7 | 2341 | if (mode & SSL_VERIFY_PEER) { |
ashleymills | 0:e979170e02e7 | 2342 | ctx->verifyPeer = 1; |
ashleymills | 0:e979170e02e7 | 2343 | ctx->verifyNone = 0; /* in case perviously set */ |
ashleymills | 0:e979170e02e7 | 2344 | } |
ashleymills | 0:e979170e02e7 | 2345 | |
ashleymills | 0:e979170e02e7 | 2346 | if (mode == SSL_VERIFY_NONE) { |
ashleymills | 0:e979170e02e7 | 2347 | ctx->verifyNone = 1; |
ashleymills | 0:e979170e02e7 | 2348 | ctx->verifyPeer = 0; /* in case previously set */ |
ashleymills | 0:e979170e02e7 | 2349 | } |
ashleymills | 0:e979170e02e7 | 2350 | |
ashleymills | 0:e979170e02e7 | 2351 | if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) |
ashleymills | 0:e979170e02e7 | 2352 | ctx->failNoCert = 1; |
ashleymills | 0:e979170e02e7 | 2353 | |
ashleymills | 0:e979170e02e7 | 2354 | ctx->verifyCallback = vc; |
ashleymills | 0:e979170e02e7 | 2355 | } |
ashleymills | 0:e979170e02e7 | 2356 | |
ashleymills | 0:e979170e02e7 | 2357 | |
ashleymills | 0:e979170e02e7 | 2358 | void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc) |
ashleymills | 0:e979170e02e7 | 2359 | { |
ashleymills | 0:e979170e02e7 | 2360 | CYASSL_ENTER("CyaSSL_set_verify"); |
ashleymills | 0:e979170e02e7 | 2361 | if (mode & SSL_VERIFY_PEER) { |
ashleymills | 0:e979170e02e7 | 2362 | ssl->options.verifyPeer = 1; |
ashleymills | 0:e979170e02e7 | 2363 | ssl->options.verifyNone = 0; /* in case perviously set */ |
ashleymills | 0:e979170e02e7 | 2364 | } |
ashleymills | 0:e979170e02e7 | 2365 | |
ashleymills | 0:e979170e02e7 | 2366 | if (mode == SSL_VERIFY_NONE) { |
ashleymills | 0:e979170e02e7 | 2367 | ssl->options.verifyNone = 1; |
ashleymills | 0:e979170e02e7 | 2368 | ssl->options.verifyPeer = 0; /* in case previously set */ |
ashleymills | 0:e979170e02e7 | 2369 | } |
ashleymills | 0:e979170e02e7 | 2370 | |
ashleymills | 0:e979170e02e7 | 2371 | if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) |
ashleymills | 0:e979170e02e7 | 2372 | ssl->options.failNoCert = 1; |
ashleymills | 0:e979170e02e7 | 2373 | |
ashleymills | 0:e979170e02e7 | 2374 | ssl->verifyCallback = vc; |
ashleymills | 0:e979170e02e7 | 2375 | } |
ashleymills | 0:e979170e02e7 | 2376 | |
ashleymills | 0:e979170e02e7 | 2377 | |
ashleymills | 0:e979170e02e7 | 2378 | /* store context CA Cache addition callback */ |
ashleymills | 0:e979170e02e7 | 2379 | void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb) |
ashleymills | 0:e979170e02e7 | 2380 | { |
ashleymills | 0:e979170e02e7 | 2381 | if (ctx && ctx->cm) |
ashleymills | 0:e979170e02e7 | 2382 | ctx->cm->caCacheCallback = cb; |
ashleymills | 0:e979170e02e7 | 2383 | } |
ashleymills | 0:e979170e02e7 | 2384 | |
ashleymills | 0:e979170e02e7 | 2385 | #endif /* !NO_CERTS */ |
ashleymills | 0:e979170e02e7 | 2386 | |
ashleymills | 0:e979170e02e7 | 2387 | |
ashleymills | 0:e979170e02e7 | 2388 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:e979170e02e7 | 2389 | |
ashleymills | 0:e979170e02e7 | 2390 | CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 2391 | { |
ashleymills | 0:e979170e02e7 | 2392 | CYASSL_ENTER("SSL_get_session"); |
ashleymills | 0:e979170e02e7 | 2393 | if (ssl) |
ashleymills | 0:e979170e02e7 | 2394 | return GetSession(ssl, 0); |
ashleymills | 0:e979170e02e7 | 2395 | |
ashleymills | 0:e979170e02e7 | 2396 | return NULL; |
ashleymills | 0:e979170e02e7 | 2397 | } |
ashleymills | 0:e979170e02e7 | 2398 | |
ashleymills | 0:e979170e02e7 | 2399 | |
ashleymills | 0:e979170e02e7 | 2400 | int CyaSSL_set_session(CYASSL* ssl, CYASSL_SESSION* session) |
ashleymills | 0:e979170e02e7 | 2401 | { |
ashleymills | 0:e979170e02e7 | 2402 | CYASSL_ENTER("SSL_set_session"); |
ashleymills | 0:e979170e02e7 | 2403 | if (session) |
ashleymills | 0:e979170e02e7 | 2404 | return SetSession(ssl, session); |
ashleymills | 0:e979170e02e7 | 2405 | |
ashleymills | 0:e979170e02e7 | 2406 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2407 | } |
ashleymills | 0:e979170e02e7 | 2408 | |
ashleymills | 0:e979170e02e7 | 2409 | #endif /* NO_SESSION_CACHE */ |
ashleymills | 0:e979170e02e7 | 2410 | |
ashleymills | 0:e979170e02e7 | 2411 | |
ashleymills | 0:e979170e02e7 | 2412 | void CyaSSL_load_error_strings(void) /* compatibility only */ |
ashleymills | 0:e979170e02e7 | 2413 | {} |
ashleymills | 0:e979170e02e7 | 2414 | |
ashleymills | 0:e979170e02e7 | 2415 | |
ashleymills | 0:e979170e02e7 | 2416 | int CyaSSL_library_init(void) |
ashleymills | 0:e979170e02e7 | 2417 | { |
ashleymills | 0:e979170e02e7 | 2418 | CYASSL_ENTER("SSL_library_init"); |
ashleymills | 0:e979170e02e7 | 2419 | if (CyaSSL_Init() == 0) |
ashleymills | 0:e979170e02e7 | 2420 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2421 | else |
ashleymills | 0:e979170e02e7 | 2422 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2423 | } |
ashleymills | 0:e979170e02e7 | 2424 | |
ashleymills | 0:e979170e02e7 | 2425 | |
ashleymills | 0:e979170e02e7 | 2426 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:e979170e02e7 | 2427 | |
ashleymills | 0:e979170e02e7 | 2428 | /* on by default if built in but allow user to turn off */ |
ashleymills | 0:e979170e02e7 | 2429 | long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode) |
ashleymills | 0:e979170e02e7 | 2430 | { |
ashleymills | 0:e979170e02e7 | 2431 | CYASSL_ENTER("SSL_CTX_set_session_cache_mode"); |
ashleymills | 0:e979170e02e7 | 2432 | if (mode == SSL_SESS_CACHE_OFF) |
ashleymills | 0:e979170e02e7 | 2433 | ctx->sessionCacheOff = 1; |
ashleymills | 0:e979170e02e7 | 2434 | |
ashleymills | 0:e979170e02e7 | 2435 | if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR) |
ashleymills | 0:e979170e02e7 | 2436 | ctx->sessionCacheFlushOff = 1; |
ashleymills | 0:e979170e02e7 | 2437 | |
ashleymills | 0:e979170e02e7 | 2438 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2439 | } |
ashleymills | 0:e979170e02e7 | 2440 | |
ashleymills | 0:e979170e02e7 | 2441 | #endif /* NO_SESSION_CACHE */ |
ashleymills | 0:e979170e02e7 | 2442 | |
ashleymills | 0:e979170e02e7 | 2443 | |
ashleymills | 0:e979170e02e7 | 2444 | int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list) |
ashleymills | 0:e979170e02e7 | 2445 | { |
ashleymills | 0:e979170e02e7 | 2446 | CYASSL_ENTER("CyaSSL_CTX_set_cipher_list"); |
ashleymills | 0:e979170e02e7 | 2447 | if (SetCipherList(&ctx->suites, list)) |
ashleymills | 0:e979170e02e7 | 2448 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2449 | else |
ashleymills | 0:e979170e02e7 | 2450 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2451 | } |
ashleymills | 0:e979170e02e7 | 2452 | |
ashleymills | 0:e979170e02e7 | 2453 | |
ashleymills | 0:e979170e02e7 | 2454 | int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) |
ashleymills | 0:e979170e02e7 | 2455 | { |
ashleymills | 0:e979170e02e7 | 2456 | CYASSL_ENTER("CyaSSL_set_cipher_list"); |
ashleymills | 0:e979170e02e7 | 2457 | if (SetCipherList(ssl->suites, list)) { |
ashleymills | 0:e979170e02e7 | 2458 | byte haveRSA = 1; |
ashleymills | 0:e979170e02e7 | 2459 | byte havePSK = 0; |
ashleymills | 0:e979170e02e7 | 2460 | |
ashleymills | 0:e979170e02e7 | 2461 | #ifdef NO_RSA |
ashleymills | 0:e979170e02e7 | 2462 | haveRSA = 0; |
ashleymills | 0:e979170e02e7 | 2463 | #endif |
ashleymills | 0:e979170e02e7 | 2464 | #ifndef NO_PSK |
ashleymills | 0:e979170e02e7 | 2465 | havePSK = ssl->options.havePSK; |
ashleymills | 0:e979170e02e7 | 2466 | #endif |
ashleymills | 0:e979170e02e7 | 2467 | |
ashleymills | 0:e979170e02e7 | 2468 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
ashleymills | 0:e979170e02e7 | 2469 | ssl->options.haveDH, ssl->options.haveNTRU, |
ashleymills | 0:e979170e02e7 | 2470 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
ashleymills | 0:e979170e02e7 | 2471 | ssl->options.side); |
ashleymills | 0:e979170e02e7 | 2472 | |
ashleymills | 0:e979170e02e7 | 2473 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2474 | } |
ashleymills | 0:e979170e02e7 | 2475 | else |
ashleymills | 0:e979170e02e7 | 2476 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 2477 | } |
ashleymills | 0:e979170e02e7 | 2478 | |
ashleymills | 0:e979170e02e7 | 2479 | |
ashleymills | 0:e979170e02e7 | 2480 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:e979170e02e7 | 2481 | |
ashleymills | 0:e979170e02e7 | 2482 | int CyaSSL_dtls_get_current_timeout(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 2483 | { |
ashleymills | 0:e979170e02e7 | 2484 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 2485 | |
ashleymills | 0:e979170e02e7 | 2486 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2487 | return ssl->dtls_timeout; |
ashleymills | 0:e979170e02e7 | 2488 | #else |
ashleymills | 0:e979170e02e7 | 2489 | return NOT_COMPILED_IN; |
ashleymills | 0:e979170e02e7 | 2490 | #endif |
ashleymills | 0:e979170e02e7 | 2491 | } |
ashleymills | 0:e979170e02e7 | 2492 | |
ashleymills | 0:e979170e02e7 | 2493 | |
ashleymills | 0:e979170e02e7 | 2494 | int CyaSSL_dtls_got_timeout(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 2495 | { |
ashleymills | 0:e979170e02e7 | 2496 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2497 | int result = SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2498 | if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) { |
ashleymills | 0:e979170e02e7 | 2499 | result = SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2500 | } |
ashleymills | 0:e979170e02e7 | 2501 | return result; |
ashleymills | 0:e979170e02e7 | 2502 | #else |
ashleymills | 0:e979170e02e7 | 2503 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 2504 | return NOT_COMPILED_IN; |
ashleymills | 0:e979170e02e7 | 2505 | #endif |
ashleymills | 0:e979170e02e7 | 2506 | } |
ashleymills | 0:e979170e02e7 | 2507 | |
ashleymills | 0:e979170e02e7 | 2508 | #endif |
ashleymills | 0:e979170e02e7 | 2509 | |
ashleymills | 0:e979170e02e7 | 2510 | |
ashleymills | 0:e979170e02e7 | 2511 | /* client only parts */ |
ashleymills | 0:e979170e02e7 | 2512 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:e979170e02e7 | 2513 | |
ashleymills | 0:e979170e02e7 | 2514 | #ifndef NO_OLD_TLS |
ashleymills | 0:e979170e02e7 | 2515 | CYASSL_METHOD* CyaSSLv3_client_method(void) |
ashleymills | 0:e979170e02e7 | 2516 | { |
ashleymills | 0:e979170e02e7 | 2517 | CYASSL_METHOD* method = |
ashleymills | 0:e979170e02e7 | 2518 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:e979170e02e7 | 2519 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:e979170e02e7 | 2520 | CYASSL_ENTER("SSLv3_client_method"); |
ashleymills | 0:e979170e02e7 | 2521 | if (method) |
ashleymills | 0:e979170e02e7 | 2522 | InitSSL_Method(method, MakeSSLv3()); |
ashleymills | 0:e979170e02e7 | 2523 | return method; |
ashleymills | 0:e979170e02e7 | 2524 | } |
ashleymills | 0:e979170e02e7 | 2525 | #endif |
ashleymills | 0:e979170e02e7 | 2526 | |
ashleymills | 0:e979170e02e7 | 2527 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2528 | CYASSL_METHOD* CyaDTLSv1_client_method(void) |
ashleymills | 0:e979170e02e7 | 2529 | { |
ashleymills | 0:e979170e02e7 | 2530 | CYASSL_METHOD* method = |
ashleymills | 0:e979170e02e7 | 2531 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:e979170e02e7 | 2532 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:e979170e02e7 | 2533 | CYASSL_ENTER("DTLSv1_client_method"); |
ashleymills | 0:e979170e02e7 | 2534 | if (method) |
ashleymills | 0:e979170e02e7 | 2535 | InitSSL_Method(method, MakeDTLSv1()); |
ashleymills | 0:e979170e02e7 | 2536 | return method; |
ashleymills | 0:e979170e02e7 | 2537 | } |
ashleymills | 0:e979170e02e7 | 2538 | #endif |
ashleymills | 0:e979170e02e7 | 2539 | |
ashleymills | 0:e979170e02e7 | 2540 | |
ashleymills | 0:e979170e02e7 | 2541 | /* please see note at top of README if you get an error from connect */ |
ashleymills | 0:e979170e02e7 | 2542 | int CyaSSL_connect(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 2543 | { |
ashleymills | 0:e979170e02e7 | 2544 | int neededState; |
ashleymills | 0:e979170e02e7 | 2545 | |
ashleymills | 0:e979170e02e7 | 2546 | CYASSL_ENTER("SSL_connect()"); |
ashleymills | 0:e979170e02e7 | 2547 | |
ashleymills | 0:e979170e02e7 | 2548 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:e979170e02e7 | 2549 | errno = 0; |
ashleymills | 0:e979170e02e7 | 2550 | #endif |
ashleymills | 0:e979170e02e7 | 2551 | |
ashleymills | 0:e979170e02e7 | 2552 | if (ssl->options.side != CLIENT_END) { |
ashleymills | 0:e979170e02e7 | 2553 | CYASSL_ERROR(ssl->error = SIDE_ERROR); |
ashleymills | 0:e979170e02e7 | 2554 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2555 | } |
ashleymills | 0:e979170e02e7 | 2556 | |
ashleymills | 0:e979170e02e7 | 2557 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2558 | if (ssl->version.major == DTLS_MAJOR && |
ashleymills | 0:e979170e02e7 | 2559 | ssl->version.minor == DTLS_MINOR) { |
ashleymills | 0:e979170e02e7 | 2560 | ssl->options.dtls = 1; |
ashleymills | 0:e979170e02e7 | 2561 | ssl->options.tls = 1; |
ashleymills | 0:e979170e02e7 | 2562 | ssl->options.tls1_1 = 1; |
ashleymills | 0:e979170e02e7 | 2563 | |
ashleymills | 0:e979170e02e7 | 2564 | if (DtlsPoolInit(ssl) != 0) { |
ashleymills | 0:e979170e02e7 | 2565 | ssl->error = MEMORY_ERROR; |
ashleymills | 0:e979170e02e7 | 2566 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2567 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2568 | } |
ashleymills | 0:e979170e02e7 | 2569 | } |
ashleymills | 0:e979170e02e7 | 2570 | #endif |
ashleymills | 0:e979170e02e7 | 2571 | |
ashleymills | 0:e979170e02e7 | 2572 | |
ashleymills | 0:e979170e02e7 | 2573 | |
ashleymills | 0:e979170e02e7 | 2574 | if (ssl->buffers.outputBuffer.length > 0) { |
ashleymills | 0:e979170e02e7 | 2575 | if ( (ssl->error = SendBuffered(ssl)) == 0) { |
ashleymills | 0:e979170e02e7 | 2576 | ssl->options.connectState++; |
ashleymills | 0:e979170e02e7 | 2577 | CYASSL_MSG("connect state: Advanced from buffered send"); |
ashleymills | 0:e979170e02e7 | 2578 | } |
ashleymills | 0:e979170e02e7 | 2579 | else { |
ashleymills | 0:e979170e02e7 | 2580 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2581 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2582 | } |
ashleymills | 0:e979170e02e7 | 2583 | } |
ashleymills | 0:e979170e02e7 | 2584 | |
ashleymills | 0:e979170e02e7 | 2585 | switch (ssl->options.connectState) { |
ashleymills | 0:e979170e02e7 | 2586 | |
ashleymills | 0:e979170e02e7 | 2587 | case CONNECT_BEGIN : |
ashleymills | 0:e979170e02e7 | 2588 | CYASSL_MSG("connect state: CLIENT_HELLO_SENT"); |
ashleymills | 0:e979170e02e7 | 2589 | /* always send client hello first */ |
ashleymills | 0:e979170e02e7 | 2590 | if ( (ssl->error = SendClientHello(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2591 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2592 | CYASSL_MSG("connect state: returning fatal error"); |
ashleymills | 0:e979170e02e7 | 2593 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2594 | } |
ashleymills | 0:e979170e02e7 | 2595 | ssl->options.connectState = CLIENT_HELLO_SENT; |
ashleymills | 0:e979170e02e7 | 2596 | CYASSL_MSG("connect state: CLIENT_HELLO_SENT"); |
ashleymills | 0:e979170e02e7 | 2597 | |
ashleymills | 0:e979170e02e7 | 2598 | case CLIENT_HELLO_SENT : |
ashleymills | 0:e979170e02e7 | 2599 | neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE : |
ashleymills | 0:e979170e02e7 | 2600 | SERVER_HELLODONE_COMPLETE; |
ashleymills | 0:e979170e02e7 | 2601 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2602 | /* In DTLS, when resuming, we can go straight to FINISHED, |
ashleymills | 0:e979170e02e7 | 2603 | * or do a cookie exchange and then skip to FINISHED, assume |
ashleymills | 0:e979170e02e7 | 2604 | * we need the cookie exchange first. */ |
ashleymills | 0:e979170e02e7 | 2605 | if (ssl->options.dtls) |
ashleymills | 0:e979170e02e7 | 2606 | neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; |
ashleymills | 0:e979170e02e7 | 2607 | #endif |
ashleymills | 0:e979170e02e7 | 2608 | /* get response */ |
ashleymills | 0:e979170e02e7 | 2609 | |
ashleymills | 0:e979170e02e7 | 2610 | while (ssl->options.serverState < neededState) { |
ashleymills | 0:e979170e02e7 | 2611 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:e979170e02e7 | 2612 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2613 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2614 | } |
ashleymills | 0:e979170e02e7 | 2615 | /* if resumption failed, reset needed state */ |
ashleymills | 0:e979170e02e7 | 2616 | else if (neededState == SERVER_FINISHED_COMPLETE) |
ashleymills | 0:e979170e02e7 | 2617 | if (!ssl->options.resuming) { |
ashleymills | 0:e979170e02e7 | 2618 | if (!ssl->options.dtls) |
ashleymills | 0:e979170e02e7 | 2619 | neededState = SERVER_HELLODONE_COMPLETE; |
ashleymills | 0:e979170e02e7 | 2620 | else |
ashleymills | 0:e979170e02e7 | 2621 | neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; |
ashleymills | 0:e979170e02e7 | 2622 | } |
ashleymills | 0:e979170e02e7 | 2623 | } |
ashleymills | 0:e979170e02e7 | 2624 | |
ashleymills | 0:e979170e02e7 | 2625 | ssl->options.connectState = HELLO_AGAIN; |
ashleymills | 0:e979170e02e7 | 2626 | CYASSL_MSG("connect state: HELLO_AGAIN"); |
ashleymills | 0:e979170e02e7 | 2627 | |
ashleymills | 0:e979170e02e7 | 2628 | case HELLO_AGAIN : |
ashleymills | 0:e979170e02e7 | 2629 | if (ssl->options.certOnly) |
ashleymills | 0:e979170e02e7 | 2630 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2631 | |
ashleymills | 0:e979170e02e7 | 2632 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2633 | if (ssl->options.dtls) { |
ashleymills | 0:e979170e02e7 | 2634 | /* re-init hashes, exclude first hello and verify request */ |
ashleymills | 0:e979170e02e7 | 2635 | InitMd5(&ssl->hashMd5); |
ashleymills | 0:e979170e02e7 | 2636 | InitSha(&ssl->hashSha); |
ashleymills | 0:e979170e02e7 | 2637 | #ifndef NO_SHA256 |
ashleymills | 0:e979170e02e7 | 2638 | if (IsAtLeastTLSv1_2(ssl)) |
ashleymills | 0:e979170e02e7 | 2639 | InitSha256(&ssl->hashSha256); |
ashleymills | 0:e979170e02e7 | 2640 | #endif |
ashleymills | 0:e979170e02e7 | 2641 | if ( (ssl->error = SendClientHello(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2642 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2643 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2644 | } |
ashleymills | 0:e979170e02e7 | 2645 | } |
ashleymills | 0:e979170e02e7 | 2646 | #endif |
ashleymills | 0:e979170e02e7 | 2647 | |
ashleymills | 0:e979170e02e7 | 2648 | ssl->options.connectState = HELLO_AGAIN_REPLY; |
ashleymills | 0:e979170e02e7 | 2649 | CYASSL_MSG("connect state: HELLO_AGAIN_REPLY"); |
ashleymills | 0:e979170e02e7 | 2650 | |
ashleymills | 0:e979170e02e7 | 2651 | case HELLO_AGAIN_REPLY : |
ashleymills | 0:e979170e02e7 | 2652 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2653 | if (ssl->options.dtls) { |
ashleymills | 0:e979170e02e7 | 2654 | neededState = ssl->options.resuming ? |
ashleymills | 0:e979170e02e7 | 2655 | SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE; |
ashleymills | 0:e979170e02e7 | 2656 | |
ashleymills | 0:e979170e02e7 | 2657 | /* get response */ |
ashleymills | 0:e979170e02e7 | 2658 | while (ssl->options.serverState < neededState) { |
ashleymills | 0:e979170e02e7 | 2659 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:e979170e02e7 | 2660 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2661 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2662 | } |
ashleymills | 0:e979170e02e7 | 2663 | /* if resumption failed, reset needed state */ |
ashleymills | 0:e979170e02e7 | 2664 | else if (neededState == SERVER_FINISHED_COMPLETE) |
ashleymills | 0:e979170e02e7 | 2665 | if (!ssl->options.resuming) |
ashleymills | 0:e979170e02e7 | 2666 | neededState = SERVER_HELLODONE_COMPLETE; |
ashleymills | 0:e979170e02e7 | 2667 | } |
ashleymills | 0:e979170e02e7 | 2668 | } |
ashleymills | 0:e979170e02e7 | 2669 | #endif |
ashleymills | 0:e979170e02e7 | 2670 | |
ashleymills | 0:e979170e02e7 | 2671 | ssl->options.connectState = FIRST_REPLY_DONE; |
ashleymills | 0:e979170e02e7 | 2672 | CYASSL_MSG("connect state: FIRST_REPLY_DONE"); |
ashleymills | 0:e979170e02e7 | 2673 | |
ashleymills | 0:e979170e02e7 | 2674 | case FIRST_REPLY_DONE : |
ashleymills | 0:e979170e02e7 | 2675 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 2676 | if (ssl->options.sendVerify) |
ashleymills | 0:e979170e02e7 | 2677 | if ( (ssl->error = SendCertificate(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2678 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2679 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2680 | } |
ashleymills | 0:e979170e02e7 | 2681 | #endif |
ashleymills | 0:e979170e02e7 | 2682 | ssl->options.connectState = FIRST_REPLY_FIRST; |
ashleymills | 0:e979170e02e7 | 2683 | CYASSL_MSG("connect state: FIRST_REPLY_FIRST"); |
ashleymills | 0:e979170e02e7 | 2684 | |
ashleymills | 0:e979170e02e7 | 2685 | case FIRST_REPLY_FIRST : |
ashleymills | 0:e979170e02e7 | 2686 | if (!ssl->options.resuming) |
ashleymills | 0:e979170e02e7 | 2687 | if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2688 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2689 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2690 | } |
ashleymills | 0:e979170e02e7 | 2691 | |
ashleymills | 0:e979170e02e7 | 2692 | ssl->options.connectState = FIRST_REPLY_SECOND; |
ashleymills | 0:e979170e02e7 | 2693 | CYASSL_MSG("connect state: FIRST_REPLY_SECOND"); |
ashleymills | 0:e979170e02e7 | 2694 | |
ashleymills | 0:e979170e02e7 | 2695 | case FIRST_REPLY_SECOND : |
ashleymills | 0:e979170e02e7 | 2696 | #ifndef NO_RSA |
ashleymills | 0:e979170e02e7 | 2697 | if (ssl->options.sendVerify) |
ashleymills | 0:e979170e02e7 | 2698 | if ( (ssl->error = SendCertificateVerify(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2699 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2700 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2701 | } |
ashleymills | 0:e979170e02e7 | 2702 | #endif |
ashleymills | 0:e979170e02e7 | 2703 | ssl->options.connectState = FIRST_REPLY_THIRD; |
ashleymills | 0:e979170e02e7 | 2704 | CYASSL_MSG("connect state: FIRST_REPLY_THIRD"); |
ashleymills | 0:e979170e02e7 | 2705 | |
ashleymills | 0:e979170e02e7 | 2706 | case FIRST_REPLY_THIRD : |
ashleymills | 0:e979170e02e7 | 2707 | if ( (ssl->error = SendChangeCipher(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2708 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2709 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2710 | } |
ashleymills | 0:e979170e02e7 | 2711 | ssl->options.connectState = FIRST_REPLY_FOURTH; |
ashleymills | 0:e979170e02e7 | 2712 | CYASSL_MSG("connect state: FIRST_REPLY_FOURTH"); |
ashleymills | 0:e979170e02e7 | 2713 | |
ashleymills | 0:e979170e02e7 | 2714 | case FIRST_REPLY_FOURTH : |
ashleymills | 0:e979170e02e7 | 2715 | if ( (ssl->error = SendFinished(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2716 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2717 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2718 | } |
ashleymills | 0:e979170e02e7 | 2719 | |
ashleymills | 0:e979170e02e7 | 2720 | ssl->options.connectState = FINISHED_DONE; |
ashleymills | 0:e979170e02e7 | 2721 | CYASSL_MSG("connect state: FINISHED_DONE"); |
ashleymills | 0:e979170e02e7 | 2722 | |
ashleymills | 0:e979170e02e7 | 2723 | case FINISHED_DONE : |
ashleymills | 0:e979170e02e7 | 2724 | /* get response */ |
ashleymills | 0:e979170e02e7 | 2725 | while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) |
ashleymills | 0:e979170e02e7 | 2726 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:e979170e02e7 | 2727 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2728 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2729 | } |
ashleymills | 0:e979170e02e7 | 2730 | |
ashleymills | 0:e979170e02e7 | 2731 | ssl->options.connectState = SECOND_REPLY_DONE; |
ashleymills | 0:e979170e02e7 | 2732 | CYASSL_MSG("connect state: SECOND_REPLY_DONE"); |
ashleymills | 0:e979170e02e7 | 2733 | |
ashleymills | 0:e979170e02e7 | 2734 | case SECOND_REPLY_DONE: |
ashleymills | 0:e979170e02e7 | 2735 | FreeHandshakeResources(ssl); |
ashleymills | 0:e979170e02e7 | 2736 | CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS); |
ashleymills | 0:e979170e02e7 | 2737 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2738 | |
ashleymills | 0:e979170e02e7 | 2739 | default: |
ashleymills | 0:e979170e02e7 | 2740 | CYASSL_MSG("Unknown connect state ERROR"); |
ashleymills | 0:e979170e02e7 | 2741 | return SSL_FATAL_ERROR; /* unknown connect state */ |
ashleymills | 0:e979170e02e7 | 2742 | } |
ashleymills | 0:e979170e02e7 | 2743 | } |
ashleymills | 0:e979170e02e7 | 2744 | |
ashleymills | 0:e979170e02e7 | 2745 | #endif /* NO_CYASSL_CLIENT */ |
ashleymills | 0:e979170e02e7 | 2746 | |
ashleymills | 0:e979170e02e7 | 2747 | |
ashleymills | 0:e979170e02e7 | 2748 | /* server only parts */ |
ashleymills | 0:e979170e02e7 | 2749 | #ifndef NO_CYASSL_SERVER |
ashleymills | 0:e979170e02e7 | 2750 | |
ashleymills | 0:e979170e02e7 | 2751 | #ifndef NO_OLD_TLS |
ashleymills | 0:e979170e02e7 | 2752 | CYASSL_METHOD* CyaSSLv3_server_method(void) |
ashleymills | 0:e979170e02e7 | 2753 | { |
ashleymills | 0:e979170e02e7 | 2754 | CYASSL_METHOD* method = |
ashleymills | 0:e979170e02e7 | 2755 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:e979170e02e7 | 2756 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:e979170e02e7 | 2757 | CYASSL_ENTER("SSLv3_server_method"); |
ashleymills | 0:e979170e02e7 | 2758 | if (method) { |
ashleymills | 0:e979170e02e7 | 2759 | InitSSL_Method(method, MakeSSLv3()); |
ashleymills | 0:e979170e02e7 | 2760 | method->side = SERVER_END; |
ashleymills | 0:e979170e02e7 | 2761 | } |
ashleymills | 0:e979170e02e7 | 2762 | return method; |
ashleymills | 0:e979170e02e7 | 2763 | } |
ashleymills | 0:e979170e02e7 | 2764 | #endif |
ashleymills | 0:e979170e02e7 | 2765 | |
ashleymills | 0:e979170e02e7 | 2766 | |
ashleymills | 0:e979170e02e7 | 2767 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2768 | CYASSL_METHOD* CyaDTLSv1_server_method(void) |
ashleymills | 0:e979170e02e7 | 2769 | { |
ashleymills | 0:e979170e02e7 | 2770 | CYASSL_METHOD* method = |
ashleymills | 0:e979170e02e7 | 2771 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:e979170e02e7 | 2772 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:e979170e02e7 | 2773 | CYASSL_ENTER("DTLSv1_server_method"); |
ashleymills | 0:e979170e02e7 | 2774 | if (method) { |
ashleymills | 0:e979170e02e7 | 2775 | InitSSL_Method(method, MakeDTLSv1()); |
ashleymills | 0:e979170e02e7 | 2776 | method->side = SERVER_END; |
ashleymills | 0:e979170e02e7 | 2777 | } |
ashleymills | 0:e979170e02e7 | 2778 | return method; |
ashleymills | 0:e979170e02e7 | 2779 | } |
ashleymills | 0:e979170e02e7 | 2780 | #endif |
ashleymills | 0:e979170e02e7 | 2781 | |
ashleymills | 0:e979170e02e7 | 2782 | |
ashleymills | 0:e979170e02e7 | 2783 | int CyaSSL_accept(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 2784 | { |
ashleymills | 0:e979170e02e7 | 2785 | byte havePSK = 0; |
ashleymills | 0:e979170e02e7 | 2786 | CYASSL_ENTER("SSL_accept()"); |
ashleymills | 0:e979170e02e7 | 2787 | |
ashleymills | 0:e979170e02e7 | 2788 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:e979170e02e7 | 2789 | errno = 0; |
ashleymills | 0:e979170e02e7 | 2790 | #endif |
ashleymills | 0:e979170e02e7 | 2791 | |
ashleymills | 0:e979170e02e7 | 2792 | #ifndef NO_PSK |
ashleymills | 0:e979170e02e7 | 2793 | havePSK = ssl->options.havePSK; |
ashleymills | 0:e979170e02e7 | 2794 | #endif |
ashleymills | 0:e979170e02e7 | 2795 | |
ashleymills | 0:e979170e02e7 | 2796 | if (ssl->options.side != SERVER_END) { |
ashleymills | 0:e979170e02e7 | 2797 | CYASSL_ERROR(ssl->error = SIDE_ERROR); |
ashleymills | 0:e979170e02e7 | 2798 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2799 | } |
ashleymills | 0:e979170e02e7 | 2800 | |
ashleymills | 0:e979170e02e7 | 2801 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 2802 | /* in case used set_accept_state after init */ |
ashleymills | 0:e979170e02e7 | 2803 | if (!havePSK && (ssl->buffers.certificate.buffer == NULL || |
ashleymills | 0:e979170e02e7 | 2804 | ssl->buffers.key.buffer == NULL)) { |
ashleymills | 0:e979170e02e7 | 2805 | CYASSL_MSG("accept error: don't have server cert and key"); |
ashleymills | 0:e979170e02e7 | 2806 | ssl->error = NO_PRIVATE_KEY; |
ashleymills | 0:e979170e02e7 | 2807 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2808 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2809 | } |
ashleymills | 0:e979170e02e7 | 2810 | #endif |
ashleymills | 0:e979170e02e7 | 2811 | |
ashleymills | 0:e979170e02e7 | 2812 | #ifdef HAVE_ECC |
ashleymills | 0:e979170e02e7 | 2813 | /* in case used set_accept_state after init */ |
ashleymills | 0:e979170e02e7 | 2814 | if (ssl->eccTempKeyPresent == 0) { |
ashleymills | 0:e979170e02e7 | 2815 | if (ecc_make_key(ssl->rng, ssl->eccTempKeySz, |
ashleymills | 0:e979170e02e7 | 2816 | ssl->eccTempKey) != 0) { |
ashleymills | 0:e979170e02e7 | 2817 | ssl->error = ECC_MAKEKEY_ERROR; |
ashleymills | 0:e979170e02e7 | 2818 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2819 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2820 | } |
ashleymills | 0:e979170e02e7 | 2821 | ssl->eccTempKeyPresent = 1; |
ashleymills | 0:e979170e02e7 | 2822 | } |
ashleymills | 0:e979170e02e7 | 2823 | #endif |
ashleymills | 0:e979170e02e7 | 2824 | |
ashleymills | 0:e979170e02e7 | 2825 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2826 | if (ssl->version.major == DTLS_MAJOR && |
ashleymills | 0:e979170e02e7 | 2827 | ssl->version.minor == DTLS_MINOR) { |
ashleymills | 0:e979170e02e7 | 2828 | ssl->options.dtls = 1; |
ashleymills | 0:e979170e02e7 | 2829 | ssl->options.tls = 1; |
ashleymills | 0:e979170e02e7 | 2830 | ssl->options.tls1_1 = 1; |
ashleymills | 0:e979170e02e7 | 2831 | |
ashleymills | 0:e979170e02e7 | 2832 | if (DtlsPoolInit(ssl) != 0) { |
ashleymills | 0:e979170e02e7 | 2833 | ssl->error = MEMORY_ERROR; |
ashleymills | 0:e979170e02e7 | 2834 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2835 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2836 | } |
ashleymills | 0:e979170e02e7 | 2837 | } |
ashleymills | 0:e979170e02e7 | 2838 | #endif |
ashleymills | 0:e979170e02e7 | 2839 | |
ashleymills | 0:e979170e02e7 | 2840 | if (ssl->buffers.outputBuffer.length > 0) { |
ashleymills | 0:e979170e02e7 | 2841 | if ( (ssl->error = SendBuffered(ssl)) == 0) { |
ashleymills | 0:e979170e02e7 | 2842 | ssl->options.acceptState++; |
ashleymills | 0:e979170e02e7 | 2843 | CYASSL_MSG("accept state: Advanced from buffered send"); |
ashleymills | 0:e979170e02e7 | 2844 | } |
ashleymills | 0:e979170e02e7 | 2845 | else { |
ashleymills | 0:e979170e02e7 | 2846 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2847 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2848 | } |
ashleymills | 0:e979170e02e7 | 2849 | } |
ashleymills | 0:e979170e02e7 | 2850 | |
ashleymills | 0:e979170e02e7 | 2851 | switch (ssl->options.acceptState) { |
ashleymills | 0:e979170e02e7 | 2852 | |
ashleymills | 0:e979170e02e7 | 2853 | case ACCEPT_BEGIN : |
ashleymills | 0:e979170e02e7 | 2854 | /* get response */ |
ashleymills | 0:e979170e02e7 | 2855 | while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) |
ashleymills | 0:e979170e02e7 | 2856 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:e979170e02e7 | 2857 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2858 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2859 | } |
ashleymills | 0:e979170e02e7 | 2860 | ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE; |
ashleymills | 0:e979170e02e7 | 2861 | CYASSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE"); |
ashleymills | 0:e979170e02e7 | 2862 | |
ashleymills | 0:e979170e02e7 | 2863 | case ACCEPT_CLIENT_HELLO_DONE : |
ashleymills | 0:e979170e02e7 | 2864 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2865 | if (ssl->options.dtls) |
ashleymills | 0:e979170e02e7 | 2866 | if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2867 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2868 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2869 | } |
ashleymills | 0:e979170e02e7 | 2870 | #endif |
ashleymills | 0:e979170e02e7 | 2871 | ssl->options.acceptState = HELLO_VERIFY_SENT; |
ashleymills | 0:e979170e02e7 | 2872 | CYASSL_MSG("accept state HELLO_VERIFY_SENT"); |
ashleymills | 0:e979170e02e7 | 2873 | |
ashleymills | 0:e979170e02e7 | 2874 | case HELLO_VERIFY_SENT: |
ashleymills | 0:e979170e02e7 | 2875 | #ifdef CYASSL_DTLS |
ashleymills | 0:e979170e02e7 | 2876 | if (ssl->options.dtls) { |
ashleymills | 0:e979170e02e7 | 2877 | ssl->options.clientState = NULL_STATE; /* get again */ |
ashleymills | 0:e979170e02e7 | 2878 | /* re-init hashes, exclude first hello and verify request */ |
ashleymills | 0:e979170e02e7 | 2879 | InitMd5(&ssl->hashMd5); |
ashleymills | 0:e979170e02e7 | 2880 | InitSha(&ssl->hashSha); |
ashleymills | 0:e979170e02e7 | 2881 | #ifndef NO_SHA256 |
ashleymills | 0:e979170e02e7 | 2882 | if (IsAtLeastTLSv1_2(ssl)) |
ashleymills | 0:e979170e02e7 | 2883 | InitSha256(&ssl->hashSha256); |
ashleymills | 0:e979170e02e7 | 2884 | #endif |
ashleymills | 0:e979170e02e7 | 2885 | |
ashleymills | 0:e979170e02e7 | 2886 | while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) |
ashleymills | 0:e979170e02e7 | 2887 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:e979170e02e7 | 2888 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2889 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2890 | } |
ashleymills | 0:e979170e02e7 | 2891 | } |
ashleymills | 0:e979170e02e7 | 2892 | #endif |
ashleymills | 0:e979170e02e7 | 2893 | ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE; |
ashleymills | 0:e979170e02e7 | 2894 | CYASSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE"); |
ashleymills | 0:e979170e02e7 | 2895 | |
ashleymills | 0:e979170e02e7 | 2896 | case ACCEPT_FIRST_REPLY_DONE : |
ashleymills | 0:e979170e02e7 | 2897 | if ( (ssl->error = SendServerHello(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2898 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2899 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2900 | } |
ashleymills | 0:e979170e02e7 | 2901 | ssl->options.acceptState = SERVER_HELLO_SENT; |
ashleymills | 0:e979170e02e7 | 2902 | CYASSL_MSG("accept state SERVER_HELLO_SENT"); |
ashleymills | 0:e979170e02e7 | 2903 | |
ashleymills | 0:e979170e02e7 | 2904 | case SERVER_HELLO_SENT : |
ashleymills | 0:e979170e02e7 | 2905 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 2906 | if (!ssl->options.resuming) |
ashleymills | 0:e979170e02e7 | 2907 | if ( (ssl->error = SendCertificate(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2908 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2909 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2910 | } |
ashleymills | 0:e979170e02e7 | 2911 | #endif |
ashleymills | 0:e979170e02e7 | 2912 | ssl->options.acceptState = CERT_SENT; |
ashleymills | 0:e979170e02e7 | 2913 | CYASSL_MSG("accept state CERT_SENT"); |
ashleymills | 0:e979170e02e7 | 2914 | |
ashleymills | 0:e979170e02e7 | 2915 | case CERT_SENT : |
ashleymills | 0:e979170e02e7 | 2916 | if (!ssl->options.resuming) |
ashleymills | 0:e979170e02e7 | 2917 | if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2918 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2919 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2920 | } |
ashleymills | 0:e979170e02e7 | 2921 | ssl->options.acceptState = KEY_EXCHANGE_SENT; |
ashleymills | 0:e979170e02e7 | 2922 | CYASSL_MSG("accept state KEY_EXCHANGE_SENT"); |
ashleymills | 0:e979170e02e7 | 2923 | |
ashleymills | 0:e979170e02e7 | 2924 | case KEY_EXCHANGE_SENT : |
ashleymills | 0:e979170e02e7 | 2925 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 2926 | if (!ssl->options.resuming) |
ashleymills | 0:e979170e02e7 | 2927 | if (ssl->options.verifyPeer) |
ashleymills | 0:e979170e02e7 | 2928 | if ( (ssl->error = SendCertificateRequest(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2929 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2930 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2931 | } |
ashleymills | 0:e979170e02e7 | 2932 | #endif |
ashleymills | 0:e979170e02e7 | 2933 | ssl->options.acceptState = CERT_REQ_SENT; |
ashleymills | 0:e979170e02e7 | 2934 | CYASSL_MSG("accept state CERT_REQ_SENT"); |
ashleymills | 0:e979170e02e7 | 2935 | |
ashleymills | 0:e979170e02e7 | 2936 | case CERT_REQ_SENT : |
ashleymills | 0:e979170e02e7 | 2937 | if (!ssl->options.resuming) |
ashleymills | 0:e979170e02e7 | 2938 | if ( (ssl->error = SendServerHelloDone(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2939 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2940 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2941 | } |
ashleymills | 0:e979170e02e7 | 2942 | ssl->options.acceptState = SERVER_HELLO_DONE; |
ashleymills | 0:e979170e02e7 | 2943 | CYASSL_MSG("accept state SERVER_HELLO_DONE"); |
ashleymills | 0:e979170e02e7 | 2944 | |
ashleymills | 0:e979170e02e7 | 2945 | case SERVER_HELLO_DONE : |
ashleymills | 0:e979170e02e7 | 2946 | if (!ssl->options.resuming) { |
ashleymills | 0:e979170e02e7 | 2947 | while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) |
ashleymills | 0:e979170e02e7 | 2948 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:e979170e02e7 | 2949 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2950 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2951 | } |
ashleymills | 0:e979170e02e7 | 2952 | } |
ashleymills | 0:e979170e02e7 | 2953 | ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE; |
ashleymills | 0:e979170e02e7 | 2954 | CYASSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE"); |
ashleymills | 0:e979170e02e7 | 2955 | |
ashleymills | 0:e979170e02e7 | 2956 | case ACCEPT_SECOND_REPLY_DONE : |
ashleymills | 0:e979170e02e7 | 2957 | if ( (ssl->error = SendChangeCipher(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2958 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2959 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2960 | } |
ashleymills | 0:e979170e02e7 | 2961 | ssl->options.acceptState = CHANGE_CIPHER_SENT; |
ashleymills | 0:e979170e02e7 | 2962 | CYASSL_MSG("accept state CHANGE_CIPHER_SENT"); |
ashleymills | 0:e979170e02e7 | 2963 | |
ashleymills | 0:e979170e02e7 | 2964 | case CHANGE_CIPHER_SENT : |
ashleymills | 0:e979170e02e7 | 2965 | if ( (ssl->error = SendFinished(ssl)) != 0) { |
ashleymills | 0:e979170e02e7 | 2966 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2967 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2968 | } |
ashleymills | 0:e979170e02e7 | 2969 | |
ashleymills | 0:e979170e02e7 | 2970 | ssl->options.acceptState = ACCEPT_FINISHED_DONE; |
ashleymills | 0:e979170e02e7 | 2971 | CYASSL_MSG("accept state ACCEPT_FINISHED_DONE"); |
ashleymills | 0:e979170e02e7 | 2972 | |
ashleymills | 0:e979170e02e7 | 2973 | case ACCEPT_FINISHED_DONE : |
ashleymills | 0:e979170e02e7 | 2974 | if (ssl->options.resuming) |
ashleymills | 0:e979170e02e7 | 2975 | while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) |
ashleymills | 0:e979170e02e7 | 2976 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:e979170e02e7 | 2977 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:e979170e02e7 | 2978 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2979 | } |
ashleymills | 0:e979170e02e7 | 2980 | |
ashleymills | 0:e979170e02e7 | 2981 | ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE; |
ashleymills | 0:e979170e02e7 | 2982 | CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE"); |
ashleymills | 0:e979170e02e7 | 2983 | |
ashleymills | 0:e979170e02e7 | 2984 | case ACCEPT_THIRD_REPLY_DONE : |
ashleymills | 0:e979170e02e7 | 2985 | FreeHandshakeResources(ssl); |
ashleymills | 0:e979170e02e7 | 2986 | CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS); |
ashleymills | 0:e979170e02e7 | 2987 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 2988 | |
ashleymills | 0:e979170e02e7 | 2989 | default : |
ashleymills | 0:e979170e02e7 | 2990 | CYASSL_MSG("Unknown accept state ERROR"); |
ashleymills | 0:e979170e02e7 | 2991 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 2992 | } |
ashleymills | 0:e979170e02e7 | 2993 | } |
ashleymills | 0:e979170e02e7 | 2994 | |
ashleymills | 0:e979170e02e7 | 2995 | #endif /* NO_CYASSL_SERVER */ |
ashleymills | 0:e979170e02e7 | 2996 | |
ashleymills | 0:e979170e02e7 | 2997 | |
ashleymills | 0:e979170e02e7 | 2998 | int CyaSSL_Cleanup(void) |
ashleymills | 0:e979170e02e7 | 2999 | { |
ashleymills | 0:e979170e02e7 | 3000 | int ret = 0; |
ashleymills | 0:e979170e02e7 | 3001 | int release = 0; |
ashleymills | 0:e979170e02e7 | 3002 | |
ashleymills | 0:e979170e02e7 | 3003 | CYASSL_ENTER("CyaSSL_Cleanup"); |
ashleymills | 0:e979170e02e7 | 3004 | |
ashleymills | 0:e979170e02e7 | 3005 | LockMutex(&count_mutex); |
ashleymills | 0:e979170e02e7 | 3006 | |
ashleymills | 0:e979170e02e7 | 3007 | release = initRefCount-- == 1; |
ashleymills | 0:e979170e02e7 | 3008 | if (initRefCount < 0) |
ashleymills | 0:e979170e02e7 | 3009 | initRefCount = 0; |
ashleymills | 0:e979170e02e7 | 3010 | |
ashleymills | 0:e979170e02e7 | 3011 | UnLockMutex(&count_mutex); |
ashleymills | 0:e979170e02e7 | 3012 | |
ashleymills | 0:e979170e02e7 | 3013 | if (!release) |
ashleymills | 0:e979170e02e7 | 3014 | return ret; |
ashleymills | 0:e979170e02e7 | 3015 | |
ashleymills | 0:e979170e02e7 | 3016 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:e979170e02e7 | 3017 | if (FreeMutex(&session_mutex) != 0) |
ashleymills | 0:e979170e02e7 | 3018 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:e979170e02e7 | 3019 | #endif |
ashleymills | 0:e979170e02e7 | 3020 | if (FreeMutex(&count_mutex) != 0) |
ashleymills | 0:e979170e02e7 | 3021 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:e979170e02e7 | 3022 | |
ashleymills | 0:e979170e02e7 | 3023 | return ret; |
ashleymills | 0:e979170e02e7 | 3024 | } |
ashleymills | 0:e979170e02e7 | 3025 | |
ashleymills | 0:e979170e02e7 | 3026 | |
ashleymills | 0:e979170e02e7 | 3027 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:e979170e02e7 | 3028 | |
ashleymills | 0:e979170e02e7 | 3029 | |
ashleymills | 0:e979170e02e7 | 3030 | static INLINE word32 HashSession(const byte* sessionID) |
ashleymills | 0:e979170e02e7 | 3031 | { |
ashleymills | 0:e979170e02e7 | 3032 | /* id is random, just make 32 bit number from first 4 bytes for now */ |
ashleymills | 0:e979170e02e7 | 3033 | return (sessionID[0] << 24) | (sessionID[1] << 16) | (sessionID[2] << 8) | |
ashleymills | 0:e979170e02e7 | 3034 | sessionID[3]; |
ashleymills | 0:e979170e02e7 | 3035 | } |
ashleymills | 0:e979170e02e7 | 3036 | |
ashleymills | 0:e979170e02e7 | 3037 | |
ashleymills | 0:e979170e02e7 | 3038 | void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm) |
ashleymills | 0:e979170e02e7 | 3039 | { |
ashleymills | 0:e979170e02e7 | 3040 | /* static table now, no flusing needed */ |
ashleymills | 0:e979170e02e7 | 3041 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 3042 | (void)tm; |
ashleymills | 0:e979170e02e7 | 3043 | } |
ashleymills | 0:e979170e02e7 | 3044 | |
ashleymills | 0:e979170e02e7 | 3045 | |
ashleymills | 0:e979170e02e7 | 3046 | /* set ssl session timeout in seconds */ |
ashleymills | 0:e979170e02e7 | 3047 | int CyaSSL_set_timeout(CYASSL* ssl, unsigned int to) |
ashleymills | 0:e979170e02e7 | 3048 | { |
ashleymills | 0:e979170e02e7 | 3049 | if (ssl == NULL) |
ashleymills | 0:e979170e02e7 | 3050 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 3051 | |
ashleymills | 0:e979170e02e7 | 3052 | ssl->timeout = to; |
ashleymills | 0:e979170e02e7 | 3053 | |
ashleymills | 0:e979170e02e7 | 3054 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 3055 | } |
ashleymills | 0:e979170e02e7 | 3056 | |
ashleymills | 0:e979170e02e7 | 3057 | |
ashleymills | 0:e979170e02e7 | 3058 | /* set ctx session timeout in seconds */ |
ashleymills | 0:e979170e02e7 | 3059 | int CyaSSL_CTX_set_timeout(CYASSL_CTX* ctx, unsigned int to) |
ashleymills | 0:e979170e02e7 | 3060 | { |
ashleymills | 0:e979170e02e7 | 3061 | if (ctx == NULL) |
ashleymills | 0:e979170e02e7 | 3062 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 3063 | |
ashleymills | 0:e979170e02e7 | 3064 | ctx->timeout = to; |
ashleymills | 0:e979170e02e7 | 3065 | |
ashleymills | 0:e979170e02e7 | 3066 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 3067 | } |
ashleymills | 0:e979170e02e7 | 3068 | |
ashleymills | 0:e979170e02e7 | 3069 | |
ashleymills | 0:e979170e02e7 | 3070 | CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret) |
ashleymills | 0:e979170e02e7 | 3071 | { |
ashleymills | 0:e979170e02e7 | 3072 | CYASSL_SESSION* ret = 0; |
ashleymills | 0:e979170e02e7 | 3073 | const byte* id = NULL; |
ashleymills | 0:e979170e02e7 | 3074 | word32 row; |
ashleymills | 0:e979170e02e7 | 3075 | int idx; |
ashleymills | 0:e979170e02e7 | 3076 | |
ashleymills | 0:e979170e02e7 | 3077 | if (ssl->options.sessionCacheOff) |
ashleymills | 0:e979170e02e7 | 3078 | return NULL; |
ashleymills | 0:e979170e02e7 | 3079 | |
ashleymills | 0:e979170e02e7 | 3080 | if (ssl->options.haveSessionId == 0) |
ashleymills | 0:e979170e02e7 | 3081 | return NULL; |
ashleymills | 0:e979170e02e7 | 3082 | |
ashleymills | 0:e979170e02e7 | 3083 | if (ssl->arrays) |
ashleymills | 0:e979170e02e7 | 3084 | id = ssl->arrays->sessionID; |
ashleymills | 0:e979170e02e7 | 3085 | else |
ashleymills | 0:e979170e02e7 | 3086 | id = ssl->session.sessionID; |
ashleymills | 0:e979170e02e7 | 3087 | |
ashleymills | 0:e979170e02e7 | 3088 | row = HashSession(id) % SESSION_ROWS; |
ashleymills | 0:e979170e02e7 | 3089 | |
ashleymills | 0:e979170e02e7 | 3090 | if (LockMutex(&session_mutex) != 0) |
ashleymills | 0:e979170e02e7 | 3091 | return 0; |
ashleymills | 0:e979170e02e7 | 3092 | |
ashleymills | 0:e979170e02e7 | 3093 | if (SessionCache[row].totalCount >= SESSIONS_PER_ROW) |
ashleymills | 0:e979170e02e7 | 3094 | idx = SESSIONS_PER_ROW - 1; |
ashleymills | 0:e979170e02e7 | 3095 | else |
ashleymills | 0:e979170e02e7 | 3096 | idx = SessionCache[row].nextIdx - 1; |
ashleymills | 0:e979170e02e7 | 3097 | |
ashleymills | 0:e979170e02e7 | 3098 | for (; idx >= 0; idx--) { |
ashleymills | 0:e979170e02e7 | 3099 | CYASSL_SESSION* current; |
ashleymills | 0:e979170e02e7 | 3100 | |
ashleymills | 0:e979170e02e7 | 3101 | if (idx >= SESSIONS_PER_ROW) /* server could have restarted, idx */ |
ashleymills | 0:e979170e02e7 | 3102 | break; /* would be word32(-1) and seg fault */ |
ashleymills | 0:e979170e02e7 | 3103 | |
ashleymills | 0:e979170e02e7 | 3104 | current = &SessionCache[row].Sessions[idx]; |
ashleymills | 0:e979170e02e7 | 3105 | if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) { |
ashleymills | 0:e979170e02e7 | 3106 | if (LowResTimer() < (current->bornOn + current->timeout)) { |
ashleymills | 0:e979170e02e7 | 3107 | ret = current; |
ashleymills | 0:e979170e02e7 | 3108 | if (masterSecret) |
ashleymills | 0:e979170e02e7 | 3109 | XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN); |
ashleymills | 0:e979170e02e7 | 3110 | } |
ashleymills | 0:e979170e02e7 | 3111 | break; |
ashleymills | 0:e979170e02e7 | 3112 | } |
ashleymills | 0:e979170e02e7 | 3113 | } |
ashleymills | 0:e979170e02e7 | 3114 | |
ashleymills | 0:e979170e02e7 | 3115 | UnLockMutex(&session_mutex); |
ashleymills | 0:e979170e02e7 | 3116 | |
ashleymills | 0:e979170e02e7 | 3117 | return ret; |
ashleymills | 0:e979170e02e7 | 3118 | } |
ashleymills | 0:e979170e02e7 | 3119 | |
ashleymills | 0:e979170e02e7 | 3120 | |
ashleymills | 0:e979170e02e7 | 3121 | int SetSession(CYASSL* ssl, CYASSL_SESSION* session) |
ashleymills | 0:e979170e02e7 | 3122 | { |
ashleymills | 0:e979170e02e7 | 3123 | if (ssl->options.sessionCacheOff) |
ashleymills | 0:e979170e02e7 | 3124 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 3125 | |
ashleymills | 0:e979170e02e7 | 3126 | if (LowResTimer() < (session->bornOn + session->timeout)) { |
ashleymills | 0:e979170e02e7 | 3127 | ssl->session = *session; |
ashleymills | 0:e979170e02e7 | 3128 | ssl->options.resuming = 1; |
ashleymills | 0:e979170e02e7 | 3129 | |
ashleymills | 0:e979170e02e7 | 3130 | #ifdef SESSION_CERTS |
ashleymills | 0:e979170e02e7 | 3131 | ssl->version = session->version; |
ashleymills | 0:e979170e02e7 | 3132 | ssl->options.cipherSuite0 = session->cipherSuite0; |
ashleymills | 0:e979170e02e7 | 3133 | ssl->options.cipherSuite = session->cipherSuite; |
ashleymills | 0:e979170e02e7 | 3134 | #endif |
ashleymills | 0:e979170e02e7 | 3135 | |
ashleymills | 0:e979170e02e7 | 3136 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 3137 | } |
ashleymills | 0:e979170e02e7 | 3138 | return SSL_FAILURE; /* session timed out */ |
ashleymills | 0:e979170e02e7 | 3139 | } |
ashleymills | 0:e979170e02e7 | 3140 | |
ashleymills | 0:e979170e02e7 | 3141 | |
ashleymills | 0:e979170e02e7 | 3142 | int AddSession(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 3143 | { |
ashleymills | 0:e979170e02e7 | 3144 | word32 row, idx; |
ashleymills | 0:e979170e02e7 | 3145 | |
ashleymills | 0:e979170e02e7 | 3146 | if (ssl->options.sessionCacheOff) |
ashleymills | 0:e979170e02e7 | 3147 | return 0; |
ashleymills | 0:e979170e02e7 | 3148 | |
ashleymills | 0:e979170e02e7 | 3149 | if (ssl->options.haveSessionId == 0) |
ashleymills | 0:e979170e02e7 | 3150 | return 0; |
ashleymills | 0:e979170e02e7 | 3151 | |
ashleymills | 0:e979170e02e7 | 3152 | row = HashSession(ssl->arrays->sessionID) % SESSION_ROWS; |
ashleymills | 0:e979170e02e7 | 3153 | |
ashleymills | 0:e979170e02e7 | 3154 | if (LockMutex(&session_mutex) != 0) |
ashleymills | 0:e979170e02e7 | 3155 | return BAD_MUTEX_ERROR; |
ashleymills | 0:e979170e02e7 | 3156 | |
ashleymills | 0:e979170e02e7 | 3157 | idx = SessionCache[row].nextIdx++; |
ashleymills | 0:e979170e02e7 | 3158 | |
ashleymills | 0:e979170e02e7 | 3159 | XMEMCPY(SessionCache[row].Sessions[idx].masterSecret, |
ashleymills | 0:e979170e02e7 | 3160 | ssl->arrays->masterSecret, SECRET_LEN); |
ashleymills | 0:e979170e02e7 | 3161 | XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID, |
ashleymills | 0:e979170e02e7 | 3162 | ID_LEN); |
ashleymills | 0:e979170e02e7 | 3163 | |
ashleymills | 0:e979170e02e7 | 3164 | SessionCache[row].Sessions[idx].timeout = ssl->timeout; |
ashleymills | 0:e979170e02e7 | 3165 | SessionCache[row].Sessions[idx].bornOn = LowResTimer(); |
ashleymills | 0:e979170e02e7 | 3166 | |
ashleymills | 0:e979170e02e7 | 3167 | #ifdef SESSION_CERTS |
ashleymills | 0:e979170e02e7 | 3168 | SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count; |
ashleymills | 0:e979170e02e7 | 3169 | XMEMCPY(SessionCache[row].Sessions[idx].chain.certs, |
ashleymills | 0:e979170e02e7 | 3170 | ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH); |
ashleymills | 0:e979170e02e7 | 3171 | |
ashleymills | 0:e979170e02e7 | 3172 | SessionCache[row].Sessions[idx].version = ssl->version; |
ashleymills | 0:e979170e02e7 | 3173 | SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0; |
ashleymills | 0:e979170e02e7 | 3174 | SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite; |
ashleymills | 0:e979170e02e7 | 3175 | #endif |
ashleymills | 0:e979170e02e7 | 3176 | |
ashleymills | 0:e979170e02e7 | 3177 | SessionCache[row].totalCount++; |
ashleymills | 0:e979170e02e7 | 3178 | if (SessionCache[row].nextIdx == SESSIONS_PER_ROW) |
ashleymills | 0:e979170e02e7 | 3179 | SessionCache[row].nextIdx = 0; |
ashleymills | 0:e979170e02e7 | 3180 | |
ashleymills | 0:e979170e02e7 | 3181 | if (UnLockMutex(&session_mutex) != 0) |
ashleymills | 0:e979170e02e7 | 3182 | return BAD_MUTEX_ERROR; |
ashleymills | 0:e979170e02e7 | 3183 | |
ashleymills | 0:e979170e02e7 | 3184 | return 0; |
ashleymills | 0:e979170e02e7 | 3185 | } |
ashleymills | 0:e979170e02e7 | 3186 | |
ashleymills | 0:e979170e02e7 | 3187 | |
ashleymills | 0:e979170e02e7 | 3188 | #ifdef SESSION_STATS |
ashleymills | 0:e979170e02e7 | 3189 | |
ashleymills | 0:e979170e02e7 | 3190 | CYASSL_API |
ashleymills | 0:e979170e02e7 | 3191 | void PrintSessionStats(void) |
ashleymills | 0:e979170e02e7 | 3192 | { |
ashleymills | 0:e979170e02e7 | 3193 | word32 totalSessionsSeen = 0; |
ashleymills | 0:e979170e02e7 | 3194 | word32 totalSessionsNow = 0; |
ashleymills | 0:e979170e02e7 | 3195 | word32 rowNow; |
ashleymills | 0:e979170e02e7 | 3196 | int i; |
ashleymills | 0:e979170e02e7 | 3197 | double E; /* expected freq */ |
ashleymills | 0:e979170e02e7 | 3198 | double chiSquare = 0; |
ashleymills | 0:e979170e02e7 | 3199 | |
ashleymills | 0:e979170e02e7 | 3200 | for (i = 0; i < SESSION_ROWS; i++) { |
ashleymills | 0:e979170e02e7 | 3201 | totalSessionsSeen += SessionCache[i].totalCount; |
ashleymills | 0:e979170e02e7 | 3202 | |
ashleymills | 0:e979170e02e7 | 3203 | if (SessionCache[i].totalCount >= SESSIONS_PER_ROW) |
ashleymills | 0:e979170e02e7 | 3204 | rowNow = SESSIONS_PER_ROW; |
ashleymills | 0:e979170e02e7 | 3205 | else if (SessionCache[i].nextIdx == 0) |
ashleymills | 0:e979170e02e7 | 3206 | rowNow = 0; |
ashleymills | 0:e979170e02e7 | 3207 | else |
ashleymills | 0:e979170e02e7 | 3208 | rowNow = SessionCache[i].nextIdx; |
ashleymills | 0:e979170e02e7 | 3209 | |
ashleymills | 0:e979170e02e7 | 3210 | totalSessionsNow += rowNow; |
ashleymills | 0:e979170e02e7 | 3211 | } |
ashleymills | 0:e979170e02e7 | 3212 | |
ashleymills | 0:e979170e02e7 | 3213 | printf("Total Sessions Seen = %d\n", totalSessionsSeen); |
ashleymills | 0:e979170e02e7 | 3214 | printf("Total Sessions Now = %d\n", totalSessionsNow); |
ashleymills | 0:e979170e02e7 | 3215 | |
ashleymills | 0:e979170e02e7 | 3216 | E = (double)totalSessionsSeen / SESSION_ROWS; |
ashleymills | 0:e979170e02e7 | 3217 | |
ashleymills | 0:e979170e02e7 | 3218 | for (i = 0; i < SESSION_ROWS; i++) { |
ashleymills | 0:e979170e02e7 | 3219 | double diff = SessionCache[i].totalCount - E; |
ashleymills | 0:e979170e02e7 | 3220 | diff *= diff; /* square */ |
ashleymills | 0:e979170e02e7 | 3221 | diff /= E; /* normalize */ |
ashleymills | 0:e979170e02e7 | 3222 | |
ashleymills | 0:e979170e02e7 | 3223 | chiSquare += diff; |
ashleymills | 0:e979170e02e7 | 3224 | } |
ashleymills | 0:e979170e02e7 | 3225 | printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare, |
ashleymills | 0:e979170e02e7 | 3226 | SESSION_ROWS - 1); |
ashleymills | 0:e979170e02e7 | 3227 | if (SESSION_ROWS == 11) |
ashleymills | 0:e979170e02e7 | 3228 | printf(" .05 p value = 18.3, chi-square should be less\n"); |
ashleymills | 0:e979170e02e7 | 3229 | else if (SESSION_ROWS == 211) |
ashleymills | 0:e979170e02e7 | 3230 | printf(".05 p value = 244.8, chi-square should be less\n"); |
ashleymills | 0:e979170e02e7 | 3231 | else if (SESSION_ROWS == 5981) |
ashleymills | 0:e979170e02e7 | 3232 | printf(".05 p value = 6161.0, chi-square should be less\n"); |
ashleymills | 0:e979170e02e7 | 3233 | else if (SESSION_ROWS == 3) |
ashleymills | 0:e979170e02e7 | 3234 | printf(".05 p value = 6.0, chi-square should be less\n"); |
ashleymills | 0:e979170e02e7 | 3235 | else if (SESSION_ROWS == 2861) |
ashleymills | 0:e979170e02e7 | 3236 | printf(".05 p value = 2985.5, chi-square should be less\n"); |
ashleymills | 0:e979170e02e7 | 3237 | printf("\n"); |
ashleymills | 0:e979170e02e7 | 3238 | } |
ashleymills | 0:e979170e02e7 | 3239 | |
ashleymills | 0:e979170e02e7 | 3240 | #endif /* SESSION_STATS */ |
ashleymills | 0:e979170e02e7 | 3241 | |
ashleymills | 0:e979170e02e7 | 3242 | #else /* NO_SESSION_CACHE */ |
ashleymills | 0:e979170e02e7 | 3243 | |
ashleymills | 0:e979170e02e7 | 3244 | /* No session cache version */ |
ashleymills | 0:e979170e02e7 | 3245 | CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret) |
ashleymills | 0:e979170e02e7 | 3246 | { |
ashleymills | 0:e979170e02e7 | 3247 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 3248 | (void)masterSecret; |
ashleymills | 0:e979170e02e7 | 3249 | |
ashleymills | 0:e979170e02e7 | 3250 | return NULL; |
ashleymills | 0:e979170e02e7 | 3251 | } |
ashleymills | 0:e979170e02e7 | 3252 | |
ashleymills | 0:e979170e02e7 | 3253 | #endif /* NO_SESSION_CACHE */ |
ashleymills | 0:e979170e02e7 | 3254 | |
ashleymills | 0:e979170e02e7 | 3255 | |
ashleymills | 0:e979170e02e7 | 3256 | /* call before SSL_connect, if verifying will add name check to |
ashleymills | 0:e979170e02e7 | 3257 | date check and signature check */ |
ashleymills | 0:e979170e02e7 | 3258 | int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn) |
ashleymills | 0:e979170e02e7 | 3259 | { |
ashleymills | 0:e979170e02e7 | 3260 | CYASSL_ENTER("CyaSSL_check_domain_name"); |
ashleymills | 0:e979170e02e7 | 3261 | if (ssl->buffers.domainName.buffer) |
ashleymills | 0:e979170e02e7 | 3262 | XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); |
ashleymills | 0:e979170e02e7 | 3263 | |
ashleymills | 0:e979170e02e7 | 3264 | ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1; |
ashleymills | 0:e979170e02e7 | 3265 | ssl->buffers.domainName.buffer = (byte*) XMALLOC( |
ashleymills | 0:e979170e02e7 | 3266 | ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN); |
ashleymills | 0:e979170e02e7 | 3267 | |
ashleymills | 0:e979170e02e7 | 3268 | if (ssl->buffers.domainName.buffer) { |
ashleymills | 0:e979170e02e7 | 3269 | XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn, |
ashleymills | 0:e979170e02e7 | 3270 | ssl->buffers.domainName.length); |
ashleymills | 0:e979170e02e7 | 3271 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 3272 | } |
ashleymills | 0:e979170e02e7 | 3273 | else { |
ashleymills | 0:e979170e02e7 | 3274 | ssl->error = MEMORY_ERROR; |
ashleymills | 0:e979170e02e7 | 3275 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 3276 | } |
ashleymills | 0:e979170e02e7 | 3277 | } |
ashleymills | 0:e979170e02e7 | 3278 | |
ashleymills | 0:e979170e02e7 | 3279 | |
ashleymills | 0:e979170e02e7 | 3280 | /* turn on CyaSSL zlib compression |
ashleymills | 0:e979170e02e7 | 3281 | returns 0 for success, else error (not built in) |
ashleymills | 0:e979170e02e7 | 3282 | */ |
ashleymills | 0:e979170e02e7 | 3283 | int CyaSSL_set_compression(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 3284 | { |
ashleymills | 0:e979170e02e7 | 3285 | CYASSL_ENTER("CyaSSL_set_compression"); |
ashleymills | 0:e979170e02e7 | 3286 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 3287 | #ifdef HAVE_LIBZ |
ashleymills | 0:e979170e02e7 | 3288 | ssl->options.usingCompression = 1; |
ashleymills | 0:e979170e02e7 | 3289 | return 0; |
ashleymills | 0:e979170e02e7 | 3290 | #else |
ashleymills | 0:e979170e02e7 | 3291 | return NOT_COMPILED_IN; |
ashleymills | 0:e979170e02e7 | 3292 | #endif |
ashleymills | 0:e979170e02e7 | 3293 | } |
ashleymills | 0:e979170e02e7 | 3294 | |
ashleymills | 0:e979170e02e7 | 3295 | |
ashleymills | 0:e979170e02e7 | 3296 | #ifndef USE_WINDOWS_API |
ashleymills | 0:e979170e02e7 | 3297 | #ifndef NO_WRITEV |
ashleymills | 0:e979170e02e7 | 3298 | |
ashleymills | 0:e979170e02e7 | 3299 | /* simulate writev semantics, doesn't actually do block at a time though |
ashleymills | 0:e979170e02e7 | 3300 | because of SSL_write behavior and because front adds may be small */ |
ashleymills | 0:e979170e02e7 | 3301 | int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, int iovcnt) |
ashleymills | 0:e979170e02e7 | 3302 | { |
ashleymills | 0:e979170e02e7 | 3303 | byte tmp[FILE_BUFFER_SIZE]; |
ashleymills | 0:e979170e02e7 | 3304 | byte* myBuffer = tmp; |
ashleymills | 0:e979170e02e7 | 3305 | int sending = 0; |
ashleymills | 0:e979170e02e7 | 3306 | int newBuffer = 0; |
ashleymills | 0:e979170e02e7 | 3307 | int idx = 0; |
ashleymills | 0:e979170e02e7 | 3308 | int i; |
ashleymills | 0:e979170e02e7 | 3309 | int ret; |
ashleymills | 0:e979170e02e7 | 3310 | |
ashleymills | 0:e979170e02e7 | 3311 | CYASSL_ENTER("CyaSSL_writev"); |
ashleymills | 0:e979170e02e7 | 3312 | |
ashleymills | 0:e979170e02e7 | 3313 | for (i = 0; i < iovcnt; i++) |
ashleymills | 0:e979170e02e7 | 3314 | sending += (int)iov[i].iov_len; |
ashleymills | 0:e979170e02e7 | 3315 | |
ashleymills | 0:e979170e02e7 | 3316 | if (sending > (int)sizeof(tmp)) { |
ashleymills | 0:e979170e02e7 | 3317 | byte* tmp2 = (byte*) XMALLOC(sending, ssl->heap, |
ashleymills | 0:e979170e02e7 | 3318 | DYNAMIC_TYPE_WRITEV); |
ashleymills | 0:e979170e02e7 | 3319 | if (!tmp2) |
ashleymills | 0:e979170e02e7 | 3320 | return MEMORY_ERROR; |
ashleymills | 0:e979170e02e7 | 3321 | myBuffer = tmp2; |
ashleymills | 0:e979170e02e7 | 3322 | newBuffer = 1; |
ashleymills | 0:e979170e02e7 | 3323 | } |
ashleymills | 0:e979170e02e7 | 3324 | |
ashleymills | 0:e979170e02e7 | 3325 | for (i = 0; i < iovcnt; i++) { |
ashleymills | 0:e979170e02e7 | 3326 | XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len); |
ashleymills | 0:e979170e02e7 | 3327 | idx += (int)iov[i].iov_len; |
ashleymills | 0:e979170e02e7 | 3328 | } |
ashleymills | 0:e979170e02e7 | 3329 | |
ashleymills | 0:e979170e02e7 | 3330 | ret = CyaSSL_write(ssl, myBuffer, sending); |
ashleymills | 0:e979170e02e7 | 3331 | |
ashleymills | 0:e979170e02e7 | 3332 | if (newBuffer) XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV); |
ashleymills | 0:e979170e02e7 | 3333 | |
ashleymills | 0:e979170e02e7 | 3334 | return ret; |
ashleymills | 0:e979170e02e7 | 3335 | } |
ashleymills | 0:e979170e02e7 | 3336 | #endif |
ashleymills | 0:e979170e02e7 | 3337 | #endif |
ashleymills | 0:e979170e02e7 | 3338 | |
ashleymills | 0:e979170e02e7 | 3339 | |
ashleymills | 0:e979170e02e7 | 3340 | #ifdef CYASSL_CALLBACKS |
ashleymills | 0:e979170e02e7 | 3341 | |
ashleymills | 0:e979170e02e7 | 3342 | typedef struct itimerval Itimerval; |
ashleymills | 0:e979170e02e7 | 3343 | |
ashleymills | 0:e979170e02e7 | 3344 | /* don't keep calling simple functions while setting up timer and singals |
ashleymills | 0:e979170e02e7 | 3345 | if no inlining these are the next best */ |
ashleymills | 0:e979170e02e7 | 3346 | |
ashleymills | 0:e979170e02e7 | 3347 | #define AddTimes(a, b, c) \ |
ashleymills | 0:e979170e02e7 | 3348 | do { \ |
ashleymills | 0:e979170e02e7 | 3349 | c.tv_sec = a.tv_sec + b.tv_sec; \ |
ashleymills | 0:e979170e02e7 | 3350 | c.tv_usec = a.tv_usec + b.tv_usec; \ |
ashleymills | 0:e979170e02e7 | 3351 | if (c.tv_sec >= 1000000) { \ |
ashleymills | 0:e979170e02e7 | 3352 | c.tv_sec++; \ |
ashleymills | 0:e979170e02e7 | 3353 | c.tv_usec -= 1000000; \ |
ashleymills | 0:e979170e02e7 | 3354 | } \ |
ashleymills | 0:e979170e02e7 | 3355 | } while (0) |
ashleymills | 0:e979170e02e7 | 3356 | |
ashleymills | 0:e979170e02e7 | 3357 | |
ashleymills | 0:e979170e02e7 | 3358 | #define SubtractTimes(a, b, c) \ |
ashleymills | 0:e979170e02e7 | 3359 | do { \ |
ashleymills | 0:e979170e02e7 | 3360 | c.tv_sec = a.tv_sec - b.tv_sec; \ |
ashleymills | 0:e979170e02e7 | 3361 | c.tv_usec = a.tv_usec - b.tv_usec; \ |
ashleymills | 0:e979170e02e7 | 3362 | if (c.tv_sec < 0) { \ |
ashleymills | 0:e979170e02e7 | 3363 | c.tv_sec--; \ |
ashleymills | 0:e979170e02e7 | 3364 | c.tv_usec += 1000000; \ |
ashleymills | 0:e979170e02e7 | 3365 | } \ |
ashleymills | 0:e979170e02e7 | 3366 | } while (0) |
ashleymills | 0:e979170e02e7 | 3367 | |
ashleymills | 0:e979170e02e7 | 3368 | #define CmpTimes(a, b, cmp) \ |
ashleymills | 0:e979170e02e7 | 3369 | ((a.tv_sec == b.tv_sec) ? \ |
ashleymills | 0:e979170e02e7 | 3370 | (a.tv_usec cmp b.tv_usec) : \ |
ashleymills | 0:e979170e02e7 | 3371 | (a.tv_sec cmp b.tv_sec)) \ |
ashleymills | 0:e979170e02e7 | 3372 | |
ashleymills | 0:e979170e02e7 | 3373 | |
ashleymills | 0:e979170e02e7 | 3374 | /* do nothing handler */ |
ashleymills | 0:e979170e02e7 | 3375 | static void myHandler(int signo) |
ashleymills | 0:e979170e02e7 | 3376 | { |
ashleymills | 0:e979170e02e7 | 3377 | return; |
ashleymills | 0:e979170e02e7 | 3378 | } |
ashleymills | 0:e979170e02e7 | 3379 | |
ashleymills | 0:e979170e02e7 | 3380 | |
ashleymills | 0:e979170e02e7 | 3381 | static int CyaSSL_ex_wrapper(CYASSL* ssl, HandShakeCallBack hsCb, |
ashleymills | 0:e979170e02e7 | 3382 | TimeoutCallBack toCb, Timeval timeout) |
ashleymills | 0:e979170e02e7 | 3383 | { |
ashleymills | 0:e979170e02e7 | 3384 | int ret = SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 3385 | int oldTimerOn = 0; /* was timer already on */ |
ashleymills | 0:e979170e02e7 | 3386 | Timeval startTime; |
ashleymills | 0:e979170e02e7 | 3387 | Timeval endTime; |
ashleymills | 0:e979170e02e7 | 3388 | Timeval totalTime; |
ashleymills | 0:e979170e02e7 | 3389 | Itimerval myTimeout; |
ashleymills | 0:e979170e02e7 | 3390 | Itimerval oldTimeout; /* if old timer adjust from total time to reset */ |
ashleymills | 0:e979170e02e7 | 3391 | struct sigaction act, oact; |
ashleymills | 0:e979170e02e7 | 3392 | |
ashleymills | 0:e979170e02e7 | 3393 | #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; } |
ashleymills | 0:e979170e02e7 | 3394 | |
ashleymills | 0:e979170e02e7 | 3395 | if (hsCb) { |
ashleymills | 0:e979170e02e7 | 3396 | ssl->hsInfoOn = 1; |
ashleymills | 0:e979170e02e7 | 3397 | InitHandShakeInfo(&ssl->handShakeInfo); |
ashleymills | 0:e979170e02e7 | 3398 | } |
ashleymills | 0:e979170e02e7 | 3399 | if (toCb) { |
ashleymills | 0:e979170e02e7 | 3400 | ssl->toInfoOn = 1; |
ashleymills | 0:e979170e02e7 | 3401 | InitTimeoutInfo(&ssl->timeoutInfo); |
ashleymills | 0:e979170e02e7 | 3402 | |
ashleymills | 0:e979170e02e7 | 3403 | if (gettimeofday(&startTime, 0) < 0) |
ashleymills | 0:e979170e02e7 | 3404 | ERR_OUT(GETTIME_ERROR); |
ashleymills | 0:e979170e02e7 | 3405 | |
ashleymills | 0:e979170e02e7 | 3406 | /* use setitimer to simulate getitimer, init 0 myTimeout */ |
ashleymills | 0:e979170e02e7 | 3407 | myTimeout.it_interval.tv_sec = 0; |
ashleymills | 0:e979170e02e7 | 3408 | myTimeout.it_interval.tv_usec = 0; |
ashleymills | 0:e979170e02e7 | 3409 | myTimeout.it_value.tv_sec = 0; |
ashleymills | 0:e979170e02e7 | 3410 | myTimeout.it_value.tv_usec = 0; |
ashleymills | 0:e979170e02e7 | 3411 | if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0) |
ashleymills | 0:e979170e02e7 | 3412 | ERR_OUT(SETITIMER_ERROR); |
ashleymills | 0:e979170e02e7 | 3413 | |
ashleymills | 0:e979170e02e7 | 3414 | if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) { |
ashleymills | 0:e979170e02e7 | 3415 | oldTimerOn = 1; |
ashleymills | 0:e979170e02e7 | 3416 | |
ashleymills | 0:e979170e02e7 | 3417 | /* is old timer going to expire before ours */ |
ashleymills | 0:e979170e02e7 | 3418 | if (CmpTimes(oldTimeout.it_value, timeout, <)) { |
ashleymills | 0:e979170e02e7 | 3419 | timeout.tv_sec = oldTimeout.it_value.tv_sec; |
ashleymills | 0:e979170e02e7 | 3420 | timeout.tv_usec = oldTimeout.it_value.tv_usec; |
ashleymills | 0:e979170e02e7 | 3421 | } |
ashleymills | 0:e979170e02e7 | 3422 | } |
ashleymills | 0:e979170e02e7 | 3423 | myTimeout.it_value.tv_sec = timeout.tv_sec; |
ashleymills | 0:e979170e02e7 | 3424 | myTimeout.it_value.tv_usec = timeout.tv_usec; |
ashleymills | 0:e979170e02e7 | 3425 | |
ashleymills | 0:e979170e02e7 | 3426 | /* set up signal handler, don't restart socket send/recv */ |
ashleymills | 0:e979170e02e7 | 3427 | act.sa_handler = myHandler; |
ashleymills | 0:e979170e02e7 | 3428 | sigemptyset(&act.sa_mask); |
ashleymills | 0:e979170e02e7 | 3429 | act.sa_flags = 0; |
ashleymills | 0:e979170e02e7 | 3430 | #ifdef SA_INTERRUPT |
ashleymills | 0:e979170e02e7 | 3431 | act.sa_flags |= SA_INTERRUPT; |
ashleymills | 0:e979170e02e7 | 3432 | #endif |
ashleymills | 0:e979170e02e7 | 3433 | if (sigaction(SIGALRM, &act, &oact) < 0) |
ashleymills | 0:e979170e02e7 | 3434 | ERR_OUT(SIGACT_ERROR); |
ashleymills | 0:e979170e02e7 | 3435 | |
ashleymills | 0:e979170e02e7 | 3436 | if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0) |
ashleymills | 0:e979170e02e7 | 3437 | ERR_OUT(SETITIMER_ERROR); |
ashleymills | 0:e979170e02e7 | 3438 | } |
ashleymills | 0:e979170e02e7 | 3439 | |
ashleymills | 0:e979170e02e7 | 3440 | /* do main work */ |
ashleymills | 0:e979170e02e7 | 3441 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:e979170e02e7 | 3442 | if (ssl->options.side == CLIENT_END) |
ashleymills | 0:e979170e02e7 | 3443 | ret = CyaSSL_connect(ssl); |
ashleymills | 0:e979170e02e7 | 3444 | #endif |
ashleymills | 0:e979170e02e7 | 3445 | #ifndef NO_CYASSL_SERVER |
ashleymills | 0:e979170e02e7 | 3446 | if (ssl->options.side == SERVER_END) |
ashleymills | 0:e979170e02e7 | 3447 | ret = CyaSSL_accept(ssl); |
ashleymills | 0:e979170e02e7 | 3448 | #endif |
ashleymills | 0:e979170e02e7 | 3449 | |
ashleymills | 0:e979170e02e7 | 3450 | /* do callbacks */ |
ashleymills | 0:e979170e02e7 | 3451 | if (toCb) { |
ashleymills | 0:e979170e02e7 | 3452 | if (oldTimerOn) { |
ashleymills | 0:e979170e02e7 | 3453 | gettimeofday(&endTime, 0); |
ashleymills | 0:e979170e02e7 | 3454 | SubtractTimes(endTime, startTime, totalTime); |
ashleymills | 0:e979170e02e7 | 3455 | /* adjust old timer for elapsed time */ |
ashleymills | 0:e979170e02e7 | 3456 | if (CmpTimes(totalTime, oldTimeout.it_value, <)) |
ashleymills | 0:e979170e02e7 | 3457 | SubtractTimes(oldTimeout.it_value, totalTime, |
ashleymills | 0:e979170e02e7 | 3458 | oldTimeout.it_value); |
ashleymills | 0:e979170e02e7 | 3459 | else { |
ashleymills | 0:e979170e02e7 | 3460 | /* reset value to interval, may be off */ |
ashleymills | 0:e979170e02e7 | 3461 | oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec; |
ashleymills | 0:e979170e02e7 | 3462 | oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec; |
ashleymills | 0:e979170e02e7 | 3463 | } |
ashleymills | 0:e979170e02e7 | 3464 | /* keep iter the same whether there or not */ |
ashleymills | 0:e979170e02e7 | 3465 | } |
ashleymills | 0:e979170e02e7 | 3466 | /* restore old handler */ |
ashleymills | 0:e979170e02e7 | 3467 | if (sigaction(SIGALRM, &oact, 0) < 0) |
ashleymills | 0:e979170e02e7 | 3468 | ret = SIGACT_ERROR; /* more pressing error, stomp */ |
ashleymills | 0:e979170e02e7 | 3469 | else |
ashleymills | 0:e979170e02e7 | 3470 | /* use old settings which may turn off (expired or not there) */ |
ashleymills | 0:e979170e02e7 | 3471 | if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0) |
ashleymills | 0:e979170e02e7 | 3472 | ret = SETITIMER_ERROR; |
ashleymills | 0:e979170e02e7 | 3473 | |
ashleymills | 0:e979170e02e7 | 3474 | /* if we had a timeout call callback */ |
ashleymills | 0:e979170e02e7 | 3475 | if (ssl->timeoutInfo.timeoutName[0]) { |
ashleymills | 0:e979170e02e7 | 3476 | ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec; |
ashleymills | 0:e979170e02e7 | 3477 | ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec; |
ashleymills | 0:e979170e02e7 | 3478 | (toCb)(&ssl->timeoutInfo); |
ashleymills | 0:e979170e02e7 | 3479 | } |
ashleymills | 0:e979170e02e7 | 3480 | /* clean up */ |
ashleymills | 0:e979170e02e7 | 3481 | FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap); |
ashleymills | 0:e979170e02e7 | 3482 | ssl->toInfoOn = 0; |
ashleymills | 0:e979170e02e7 | 3483 | } |
ashleymills | 0:e979170e02e7 | 3484 | if (hsCb) { |
ashleymills | 0:e979170e02e7 | 3485 | FinishHandShakeInfo(&ssl->handShakeInfo, ssl); |
ashleymills | 0:e979170e02e7 | 3486 | (hsCb)(&ssl->handShakeInfo); |
ashleymills | 0:e979170e02e7 | 3487 | ssl->hsInfoOn = 0; |
ashleymills | 0:e979170e02e7 | 3488 | } |
ashleymills | 0:e979170e02e7 | 3489 | return ret; |
ashleymills | 0:e979170e02e7 | 3490 | } |
ashleymills | 0:e979170e02e7 | 3491 | |
ashleymills | 0:e979170e02e7 | 3492 | |
ashleymills | 0:e979170e02e7 | 3493 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:e979170e02e7 | 3494 | |
ashleymills | 0:e979170e02e7 | 3495 | int CyaSSL_connect_ex(CYASSL* ssl, HandShakeCallBack hsCb, |
ashleymills | 0:e979170e02e7 | 3496 | TimeoutCallBack toCb, Timeval timeout) |
ashleymills | 0:e979170e02e7 | 3497 | { |
ashleymills | 0:e979170e02e7 | 3498 | CYASSL_ENTER("CyaSSL_connect_ex"); |
ashleymills | 0:e979170e02e7 | 3499 | return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout); |
ashleymills | 0:e979170e02e7 | 3500 | } |
ashleymills | 0:e979170e02e7 | 3501 | |
ashleymills | 0:e979170e02e7 | 3502 | #endif |
ashleymills | 0:e979170e02e7 | 3503 | |
ashleymills | 0:e979170e02e7 | 3504 | |
ashleymills | 0:e979170e02e7 | 3505 | #ifndef NO_CYASSL_SERVER |
ashleymills | 0:e979170e02e7 | 3506 | |
ashleymills | 0:e979170e02e7 | 3507 | int CyaSSL_accept_ex(CYASSL* ssl, HandShakeCallBack hsCb, |
ashleymills | 0:e979170e02e7 | 3508 | TimeoutCallBack toCb,Timeval timeout) |
ashleymills | 0:e979170e02e7 | 3509 | { |
ashleymills | 0:e979170e02e7 | 3510 | CYASSL_ENTER("CyaSSL_accept_ex"); |
ashleymills | 0:e979170e02e7 | 3511 | return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout); |
ashleymills | 0:e979170e02e7 | 3512 | } |
ashleymills | 0:e979170e02e7 | 3513 | |
ashleymills | 0:e979170e02e7 | 3514 | #endif |
ashleymills | 0:e979170e02e7 | 3515 | |
ashleymills | 0:e979170e02e7 | 3516 | #endif /* CYASSL_CALLBACKS */ |
ashleymills | 0:e979170e02e7 | 3517 | |
ashleymills | 0:e979170e02e7 | 3518 | |
ashleymills | 0:e979170e02e7 | 3519 | #ifndef NO_PSK |
ashleymills | 0:e979170e02e7 | 3520 | |
ashleymills | 0:e979170e02e7 | 3521 | void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 3522 | psk_client_callback cb) |
ashleymills | 0:e979170e02e7 | 3523 | { |
ashleymills | 0:e979170e02e7 | 3524 | CYASSL_ENTER("SSL_CTX_set_psk_client_callback"); |
ashleymills | 0:e979170e02e7 | 3525 | ctx->havePSK = 1; |
ashleymills | 0:e979170e02e7 | 3526 | ctx->client_psk_cb = cb; |
ashleymills | 0:e979170e02e7 | 3527 | } |
ashleymills | 0:e979170e02e7 | 3528 | |
ashleymills | 0:e979170e02e7 | 3529 | |
ashleymills | 0:e979170e02e7 | 3530 | void CyaSSL_set_psk_client_callback(CYASSL* ssl, psk_client_callback cb) |
ashleymills | 0:e979170e02e7 | 3531 | { |
ashleymills | 0:e979170e02e7 | 3532 | byte haveRSA = 1; |
ashleymills | 0:e979170e02e7 | 3533 | |
ashleymills | 0:e979170e02e7 | 3534 | CYASSL_ENTER("SSL_set_psk_client_callback"); |
ashleymills | 0:e979170e02e7 | 3535 | ssl->options.havePSK = 1; |
ashleymills | 0:e979170e02e7 | 3536 | ssl->options.client_psk_cb = cb; |
ashleymills | 0:e979170e02e7 | 3537 | |
ashleymills | 0:e979170e02e7 | 3538 | #ifdef NO_RSA |
ashleymills | 0:e979170e02e7 | 3539 | haveRSA = 0; |
ashleymills | 0:e979170e02e7 | 3540 | #endif |
ashleymills | 0:e979170e02e7 | 3541 | InitSuites(ssl->suites, ssl->version, haveRSA, TRUE, |
ashleymills | 0:e979170e02e7 | 3542 | ssl->options.haveDH, ssl->options.haveNTRU, |
ashleymills | 0:e979170e02e7 | 3543 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
ashleymills | 0:e979170e02e7 | 3544 | ssl->options.side); |
ashleymills | 0:e979170e02e7 | 3545 | } |
ashleymills | 0:e979170e02e7 | 3546 | |
ashleymills | 0:e979170e02e7 | 3547 | |
ashleymills | 0:e979170e02e7 | 3548 | void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 3549 | psk_server_callback cb) |
ashleymills | 0:e979170e02e7 | 3550 | { |
ashleymills | 0:e979170e02e7 | 3551 | CYASSL_ENTER("SSL_CTX_set_psk_server_callback"); |
ashleymills | 0:e979170e02e7 | 3552 | ctx->havePSK = 1; |
ashleymills | 0:e979170e02e7 | 3553 | ctx->server_psk_cb = cb; |
ashleymills | 0:e979170e02e7 | 3554 | } |
ashleymills | 0:e979170e02e7 | 3555 | |
ashleymills | 0:e979170e02e7 | 3556 | |
ashleymills | 0:e979170e02e7 | 3557 | void CyaSSL_set_psk_server_callback(CYASSL* ssl, psk_server_callback cb) |
ashleymills | 0:e979170e02e7 | 3558 | { |
ashleymills | 0:e979170e02e7 | 3559 | byte haveRSA = 1; |
ashleymills | 0:e979170e02e7 | 3560 | |
ashleymills | 0:e979170e02e7 | 3561 | CYASSL_ENTER("SSL_set_psk_server_callback"); |
ashleymills | 0:e979170e02e7 | 3562 | ssl->options.havePSK = 1; |
ashleymills | 0:e979170e02e7 | 3563 | ssl->options.server_psk_cb = cb; |
ashleymills | 0:e979170e02e7 | 3564 | |
ashleymills | 0:e979170e02e7 | 3565 | #ifdef NO_RSA |
ashleymills | 0:e979170e02e7 | 3566 | haveRSA = 0; |
ashleymills | 0:e979170e02e7 | 3567 | #endif |
ashleymills | 0:e979170e02e7 | 3568 | InitSuites(ssl->suites, ssl->version, haveRSA, TRUE, |
ashleymills | 0:e979170e02e7 | 3569 | ssl->options.haveDH, ssl->options.haveNTRU, |
ashleymills | 0:e979170e02e7 | 3570 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
ashleymills | 0:e979170e02e7 | 3571 | ssl->options.side); |
ashleymills | 0:e979170e02e7 | 3572 | } |
ashleymills | 0:e979170e02e7 | 3573 | |
ashleymills | 0:e979170e02e7 | 3574 | |
ashleymills | 0:e979170e02e7 | 3575 | const char* CyaSSL_get_psk_identity_hint(const CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 3576 | { |
ashleymills | 0:e979170e02e7 | 3577 | CYASSL_ENTER("SSL_get_psk_identity_hint"); |
ashleymills | 0:e979170e02e7 | 3578 | |
ashleymills | 0:e979170e02e7 | 3579 | if (ssl == NULL || ssl->arrays == NULL) |
ashleymills | 0:e979170e02e7 | 3580 | return NULL; |
ashleymills | 0:e979170e02e7 | 3581 | |
ashleymills | 0:e979170e02e7 | 3582 | return ssl->arrays->server_hint; |
ashleymills | 0:e979170e02e7 | 3583 | } |
ashleymills | 0:e979170e02e7 | 3584 | |
ashleymills | 0:e979170e02e7 | 3585 | |
ashleymills | 0:e979170e02e7 | 3586 | const char* CyaSSL_get_psk_identity(const CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 3587 | { |
ashleymills | 0:e979170e02e7 | 3588 | CYASSL_ENTER("SSL_get_psk_identity"); |
ashleymills | 0:e979170e02e7 | 3589 | |
ashleymills | 0:e979170e02e7 | 3590 | if (ssl == NULL || ssl->arrays == NULL) |
ashleymills | 0:e979170e02e7 | 3591 | return NULL; |
ashleymills | 0:e979170e02e7 | 3592 | |
ashleymills | 0:e979170e02e7 | 3593 | return ssl->arrays->client_identity; |
ashleymills | 0:e979170e02e7 | 3594 | } |
ashleymills | 0:e979170e02e7 | 3595 | |
ashleymills | 0:e979170e02e7 | 3596 | |
ashleymills | 0:e979170e02e7 | 3597 | int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX* ctx, const char* hint) |
ashleymills | 0:e979170e02e7 | 3598 | { |
ashleymills | 0:e979170e02e7 | 3599 | CYASSL_ENTER("SSL_CTX_use_psk_identity_hint"); |
ashleymills | 0:e979170e02e7 | 3600 | if (hint == 0) |
ashleymills | 0:e979170e02e7 | 3601 | ctx->server_hint[0] = 0; |
ashleymills | 0:e979170e02e7 | 3602 | else { |
ashleymills | 0:e979170e02e7 | 3603 | XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN); |
ashleymills | 0:e979170e02e7 | 3604 | ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0'; |
ashleymills | 0:e979170e02e7 | 3605 | } |
ashleymills | 0:e979170e02e7 | 3606 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 3607 | } |
ashleymills | 0:e979170e02e7 | 3608 | |
ashleymills | 0:e979170e02e7 | 3609 | |
ashleymills | 0:e979170e02e7 | 3610 | int CyaSSL_use_psk_identity_hint(CYASSL* ssl, const char* hint) |
ashleymills | 0:e979170e02e7 | 3611 | { |
ashleymills | 0:e979170e02e7 | 3612 | CYASSL_ENTER("SSL_use_psk_identity_hint"); |
ashleymills | 0:e979170e02e7 | 3613 | |
ashleymills | 0:e979170e02e7 | 3614 | if (ssl == NULL || ssl->arrays == NULL) |
ashleymills | 0:e979170e02e7 | 3615 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 3616 | |
ashleymills | 0:e979170e02e7 | 3617 | if (hint == 0) |
ashleymills | 0:e979170e02e7 | 3618 | ssl->arrays->server_hint[0] = 0; |
ashleymills | 0:e979170e02e7 | 3619 | else { |
ashleymills | 0:e979170e02e7 | 3620 | XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN); |
ashleymills | 0:e979170e02e7 | 3621 | ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0'; |
ashleymills | 0:e979170e02e7 | 3622 | } |
ashleymills | 0:e979170e02e7 | 3623 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 3624 | } |
ashleymills | 0:e979170e02e7 | 3625 | |
ashleymills | 0:e979170e02e7 | 3626 | #endif /* NO_PSK */ |
ashleymills | 0:e979170e02e7 | 3627 | |
ashleymills | 0:e979170e02e7 | 3628 | |
ashleymills | 0:e979170e02e7 | 3629 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 3630 | /* used to be defined on NO_FILESYSTEM only, but are generally useful */ |
ashleymills | 0:e979170e02e7 | 3631 | |
ashleymills | 0:e979170e02e7 | 3632 | /* CyaSSL extension allows DER files to be loaded from buffers as well */ |
ashleymills | 0:e979170e02e7 | 3633 | int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX* ctx, const unsigned char* in, |
ashleymills | 0:e979170e02e7 | 3634 | long sz, int format) |
ashleymills | 0:e979170e02e7 | 3635 | { |
ashleymills | 0:e979170e02e7 | 3636 | CYASSL_ENTER("CyaSSL_CTX_load_verify_buffer"); |
ashleymills | 0:e979170e02e7 | 3637 | if (format == SSL_FILETYPE_PEM) |
ashleymills | 0:e979170e02e7 | 3638 | return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL); |
ashleymills | 0:e979170e02e7 | 3639 | else |
ashleymills | 0:e979170e02e7 | 3640 | return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0); |
ashleymills | 0:e979170e02e7 | 3641 | } |
ashleymills | 0:e979170e02e7 | 3642 | |
ashleymills | 0:e979170e02e7 | 3643 | |
ashleymills | 0:e979170e02e7 | 3644 | int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 3645 | const unsigned char* in, long sz, int format) |
ashleymills | 0:e979170e02e7 | 3646 | { |
ashleymills | 0:e979170e02e7 | 3647 | CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer"); |
ashleymills | 0:e979170e02e7 | 3648 | return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0); |
ashleymills | 0:e979170e02e7 | 3649 | } |
ashleymills | 0:e979170e02e7 | 3650 | |
ashleymills | 0:e979170e02e7 | 3651 | |
ashleymills | 0:e979170e02e7 | 3652 | int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 3653 | const unsigned char* in, long sz, int format) |
ashleymills | 0:e979170e02e7 | 3654 | { |
ashleymills | 0:e979170e02e7 | 3655 | CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer"); |
ashleymills | 0:e979170e02e7 | 3656 | return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0); |
ashleymills | 0:e979170e02e7 | 3657 | } |
ashleymills | 0:e979170e02e7 | 3658 | |
ashleymills | 0:e979170e02e7 | 3659 | |
ashleymills | 0:e979170e02e7 | 3660 | int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 3661 | const unsigned char* in, long sz) |
ashleymills | 0:e979170e02e7 | 3662 | { |
ashleymills | 0:e979170e02e7 | 3663 | CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer"); |
ashleymills | 0:e979170e02e7 | 3664 | return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL, |
ashleymills | 0:e979170e02e7 | 3665 | NULL, 1); |
ashleymills | 0:e979170e02e7 | 3666 | } |
ashleymills | 0:e979170e02e7 | 3667 | |
ashleymills | 0:e979170e02e7 | 3668 | int CyaSSL_use_certificate_buffer(CYASSL* ssl, |
ashleymills | 0:e979170e02e7 | 3669 | const unsigned char* in, long sz, int format) |
ashleymills | 0:e979170e02e7 | 3670 | { |
ashleymills | 0:e979170e02e7 | 3671 | CYASSL_ENTER("CyaSSL_use_certificate_buffer"); |
ashleymills | 0:e979170e02e7 | 3672 | return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0); |
ashleymills | 0:e979170e02e7 | 3673 | } |
ashleymills | 0:e979170e02e7 | 3674 | |
ashleymills | 0:e979170e02e7 | 3675 | |
ashleymills | 0:e979170e02e7 | 3676 | int CyaSSL_use_PrivateKey_buffer(CYASSL* ssl, |
ashleymills | 0:e979170e02e7 | 3677 | const unsigned char* in, long sz, int format) |
ashleymills | 0:e979170e02e7 | 3678 | { |
ashleymills | 0:e979170e02e7 | 3679 | CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer"); |
ashleymills | 0:e979170e02e7 | 3680 | return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, |
ashleymills | 0:e979170e02e7 | 3681 | ssl, NULL, 0); |
ashleymills | 0:e979170e02e7 | 3682 | } |
ashleymills | 0:e979170e02e7 | 3683 | |
ashleymills | 0:e979170e02e7 | 3684 | |
ashleymills | 0:e979170e02e7 | 3685 | int CyaSSL_use_certificate_chain_buffer(CYASSL* ssl, |
ashleymills | 0:e979170e02e7 | 3686 | const unsigned char* in, long sz) |
ashleymills | 0:e979170e02e7 | 3687 | { |
ashleymills | 0:e979170e02e7 | 3688 | CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer"); |
ashleymills | 0:e979170e02e7 | 3689 | return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, |
ashleymills | 0:e979170e02e7 | 3690 | ssl, NULL, 1); |
ashleymills | 0:e979170e02e7 | 3691 | } |
ashleymills | 0:e979170e02e7 | 3692 | |
ashleymills | 0:e979170e02e7 | 3693 | /* old NO_FILESYSTEM end */ |
ashleymills | 0:e979170e02e7 | 3694 | #endif /* !NO_CERTS */ |
ashleymills | 0:e979170e02e7 | 3695 | |
ashleymills | 0:e979170e02e7 | 3696 | |
ashleymills | 0:e979170e02e7 | 3697 | #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) |
ashleymills | 0:e979170e02e7 | 3698 | |
ashleymills | 0:e979170e02e7 | 3699 | |
ashleymills | 0:e979170e02e7 | 3700 | int CyaSSL_add_all_algorithms(void) |
ashleymills | 0:e979170e02e7 | 3701 | { |
ashleymills | 0:e979170e02e7 | 3702 | CYASSL_ENTER("CyaSSL_add_all_algorithms"); |
ashleymills | 0:e979170e02e7 | 3703 | CyaSSL_Init(); |
ashleymills | 0:e979170e02e7 | 3704 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 3705 | } |
ashleymills | 0:e979170e02e7 | 3706 | |
ashleymills | 0:e979170e02e7 | 3707 | |
ashleymills | 0:e979170e02e7 | 3708 | long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX* ctx, long sz) |
ashleymills | 0:e979170e02e7 | 3709 | { |
ashleymills | 0:e979170e02e7 | 3710 | /* cache size fixed at compile time in CyaSSL */ |
ashleymills | 0:e979170e02e7 | 3711 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 3712 | (void)sz; |
ashleymills | 0:e979170e02e7 | 3713 | return 0; |
ashleymills | 0:e979170e02e7 | 3714 | } |
ashleymills | 0:e979170e02e7 | 3715 | |
ashleymills | 0:e979170e02e7 | 3716 | |
ashleymills | 0:e979170e02e7 | 3717 | void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode) |
ashleymills | 0:e979170e02e7 | 3718 | { |
ashleymills | 0:e979170e02e7 | 3719 | CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown"); |
ashleymills | 0:e979170e02e7 | 3720 | if (mode) |
ashleymills | 0:e979170e02e7 | 3721 | ctx->quietShutdown = 1; |
ashleymills | 0:e979170e02e7 | 3722 | } |
ashleymills | 0:e979170e02e7 | 3723 | |
ashleymills | 0:e979170e02e7 | 3724 | |
ashleymills | 0:e979170e02e7 | 3725 | void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode) |
ashleymills | 0:e979170e02e7 | 3726 | { |
ashleymills | 0:e979170e02e7 | 3727 | CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown"); |
ashleymills | 0:e979170e02e7 | 3728 | if (mode) |
ashleymills | 0:e979170e02e7 | 3729 | ssl->options.quietShutdown = 1; |
ashleymills | 0:e979170e02e7 | 3730 | } |
ashleymills | 0:e979170e02e7 | 3731 | |
ashleymills | 0:e979170e02e7 | 3732 | |
ashleymills | 0:e979170e02e7 | 3733 | void CyaSSL_set_bio(CYASSL* ssl, CYASSL_BIO* rd, CYASSL_BIO* wr) |
ashleymills | 0:e979170e02e7 | 3734 | { |
ashleymills | 0:e979170e02e7 | 3735 | CYASSL_ENTER("SSL_set_bio"); |
ashleymills | 0:e979170e02e7 | 3736 | CyaSSL_set_rfd(ssl, rd->fd); |
ashleymills | 0:e979170e02e7 | 3737 | CyaSSL_set_wfd(ssl, wr->fd); |
ashleymills | 0:e979170e02e7 | 3738 | |
ashleymills | 0:e979170e02e7 | 3739 | ssl->biord = rd; |
ashleymills | 0:e979170e02e7 | 3740 | ssl->biowr = wr; |
ashleymills | 0:e979170e02e7 | 3741 | } |
ashleymills | 0:e979170e02e7 | 3742 | |
ashleymills | 0:e979170e02e7 | 3743 | |
ashleymills | 0:e979170e02e7 | 3744 | void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 3745 | STACK_OF(CYASSL_X509_NAME)* names) |
ashleymills | 0:e979170e02e7 | 3746 | { |
ashleymills | 0:e979170e02e7 | 3747 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 3748 | (void)names; |
ashleymills | 0:e979170e02e7 | 3749 | } |
ashleymills | 0:e979170e02e7 | 3750 | |
ashleymills | 0:e979170e02e7 | 3751 | |
ashleymills | 0:e979170e02e7 | 3752 | STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char* fname) |
ashleymills | 0:e979170e02e7 | 3753 | { |
ashleymills | 0:e979170e02e7 | 3754 | (void)fname; |
ashleymills | 0:e979170e02e7 | 3755 | return 0; |
ashleymills | 0:e979170e02e7 | 3756 | } |
ashleymills | 0:e979170e02e7 | 3757 | |
ashleymills | 0:e979170e02e7 | 3758 | |
ashleymills | 0:e979170e02e7 | 3759 | int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 3760 | { |
ashleymills | 0:e979170e02e7 | 3761 | /* TODO:, not needed in goahead */ |
ashleymills | 0:e979170e02e7 | 3762 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 3763 | return SSL_NOT_IMPLEMENTED; |
ashleymills | 0:e979170e02e7 | 3764 | } |
ashleymills | 0:e979170e02e7 | 3765 | |
ashleymills | 0:e979170e02e7 | 3766 | |
ashleymills | 0:e979170e02e7 | 3767 | /* keyblock size in bytes or -1 */ |
ashleymills | 0:e979170e02e7 | 3768 | int CyaSSL_get_keyblock_size(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 3769 | { |
ashleymills | 0:e979170e02e7 | 3770 | if (ssl == NULL) |
ashleymills | 0:e979170e02e7 | 3771 | return -1; |
ashleymills | 0:e979170e02e7 | 3772 | |
ashleymills | 0:e979170e02e7 | 3773 | return 2 * (ssl->specs.key_size + ssl->specs.iv_size + |
ashleymills | 0:e979170e02e7 | 3774 | ssl->specs.hash_size); |
ashleymills | 0:e979170e02e7 | 3775 | } |
ashleymills | 0:e979170e02e7 | 3776 | |
ashleymills | 0:e979170e02e7 | 3777 | |
ashleymills | 0:e979170e02e7 | 3778 | /* store keys returns 0 or -1 on error */ |
ashleymills | 0:e979170e02e7 | 3779 | int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen, |
ashleymills | 0:e979170e02e7 | 3780 | unsigned char** sr, unsigned int* srLen, |
ashleymills | 0:e979170e02e7 | 3781 | unsigned char** cr, unsigned int* crLen) |
ashleymills | 0:e979170e02e7 | 3782 | { |
ashleymills | 0:e979170e02e7 | 3783 | if (ssl == NULL || ssl->arrays == NULL) |
ashleymills | 0:e979170e02e7 | 3784 | return -1; |
ashleymills | 0:e979170e02e7 | 3785 | |
ashleymills | 0:e979170e02e7 | 3786 | *ms = ssl->arrays->masterSecret; |
ashleymills | 0:e979170e02e7 | 3787 | *sr = ssl->arrays->serverRandom; |
ashleymills | 0:e979170e02e7 | 3788 | *cr = ssl->arrays->clientRandom; |
ashleymills | 0:e979170e02e7 | 3789 | |
ashleymills | 0:e979170e02e7 | 3790 | *msLen = SECRET_LEN; |
ashleymills | 0:e979170e02e7 | 3791 | *srLen = RAN_LEN; |
ashleymills | 0:e979170e02e7 | 3792 | *crLen = RAN_LEN; |
ashleymills | 0:e979170e02e7 | 3793 | |
ashleymills | 0:e979170e02e7 | 3794 | return 0; |
ashleymills | 0:e979170e02e7 | 3795 | } |
ashleymills | 0:e979170e02e7 | 3796 | |
ashleymills | 0:e979170e02e7 | 3797 | |
ashleymills | 0:e979170e02e7 | 3798 | void CyaSSL_set_accept_state(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 3799 | { |
ashleymills | 0:e979170e02e7 | 3800 | byte haveRSA = 1; |
ashleymills | 0:e979170e02e7 | 3801 | byte havePSK = 0; |
ashleymills | 0:e979170e02e7 | 3802 | |
ashleymills | 0:e979170e02e7 | 3803 | CYASSL_ENTER("SSL_set_accept_state"); |
ashleymills | 0:e979170e02e7 | 3804 | ssl->options.side = SERVER_END; |
ashleymills | 0:e979170e02e7 | 3805 | /* reset suites in case user switched */ |
ashleymills | 0:e979170e02e7 | 3806 | |
ashleymills | 0:e979170e02e7 | 3807 | #ifdef NO_RSA |
ashleymills | 0:e979170e02e7 | 3808 | haveRSA = 0; |
ashleymills | 0:e979170e02e7 | 3809 | #endif |
ashleymills | 0:e979170e02e7 | 3810 | #ifndef NO_PSK |
ashleymills | 0:e979170e02e7 | 3811 | havePSK = ssl->options.havePSK; |
ashleymills | 0:e979170e02e7 | 3812 | #endif |
ashleymills | 0:e979170e02e7 | 3813 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
ashleymills | 0:e979170e02e7 | 3814 | ssl->options.haveDH, ssl->options.haveNTRU, |
ashleymills | 0:e979170e02e7 | 3815 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
ashleymills | 0:e979170e02e7 | 3816 | ssl->options.side); |
ashleymills | 0:e979170e02e7 | 3817 | } |
ashleymills | 0:e979170e02e7 | 3818 | |
ashleymills | 0:e979170e02e7 | 3819 | |
ashleymills | 0:e979170e02e7 | 3820 | /* return true if connection established */ |
ashleymills | 0:e979170e02e7 | 3821 | int CyaSSL_is_init_finished(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 3822 | { |
ashleymills | 0:e979170e02e7 | 3823 | if (ssl == NULL) |
ashleymills | 0:e979170e02e7 | 3824 | return 0; |
ashleymills | 0:e979170e02e7 | 3825 | |
ashleymills | 0:e979170e02e7 | 3826 | if (ssl->options.handShakeState == HANDSHAKE_DONE) |
ashleymills | 0:e979170e02e7 | 3827 | return 1; |
ashleymills | 0:e979170e02e7 | 3828 | |
ashleymills | 0:e979170e02e7 | 3829 | return 0; |
ashleymills | 0:e979170e02e7 | 3830 | } |
ashleymills | 0:e979170e02e7 | 3831 | |
ashleymills | 0:e979170e02e7 | 3832 | |
ashleymills | 0:e979170e02e7 | 3833 | void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 3834 | CYASSL_RSA*(*f)(CYASSL*, int, int)) |
ashleymills | 0:e979170e02e7 | 3835 | { |
ashleymills | 0:e979170e02e7 | 3836 | /* CyaSSL verifies all these internally */ |
ashleymills | 0:e979170e02e7 | 3837 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 3838 | (void)f; |
ashleymills | 0:e979170e02e7 | 3839 | } |
ashleymills | 0:e979170e02e7 | 3840 | |
ashleymills | 0:e979170e02e7 | 3841 | |
ashleymills | 0:e979170e02e7 | 3842 | void CyaSSL_set_shutdown(CYASSL* ssl, int opt) |
ashleymills | 0:e979170e02e7 | 3843 | { |
ashleymills | 0:e979170e02e7 | 3844 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 3845 | (void)opt; |
ashleymills | 0:e979170e02e7 | 3846 | } |
ashleymills | 0:e979170e02e7 | 3847 | |
ashleymills | 0:e979170e02e7 | 3848 | |
ashleymills | 0:e979170e02e7 | 3849 | long CyaSSL_CTX_set_options(CYASSL_CTX* ctx, long opt) |
ashleymills | 0:e979170e02e7 | 3850 | { |
ashleymills | 0:e979170e02e7 | 3851 | /* goahead calls with 0, do nothing */ |
ashleymills | 0:e979170e02e7 | 3852 | CYASSL_ENTER("SSL_CTX_set_options"); |
ashleymills | 0:e979170e02e7 | 3853 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 3854 | return opt; |
ashleymills | 0:e979170e02e7 | 3855 | } |
ashleymills | 0:e979170e02e7 | 3856 | |
ashleymills | 0:e979170e02e7 | 3857 | |
ashleymills | 0:e979170e02e7 | 3858 | int CyaSSL_set_rfd(CYASSL* ssl, int rfd) |
ashleymills | 0:e979170e02e7 | 3859 | { |
ashleymills | 0:e979170e02e7 | 3860 | CYASSL_ENTER("SSL_set_rfd"); |
ashleymills | 0:e979170e02e7 | 3861 | ssl->rfd = rfd; /* not used directly to allow IO callbacks */ |
ashleymills | 0:e979170e02e7 | 3862 | |
ashleymills | 0:e979170e02e7 | 3863 | ssl->IOCB_ReadCtx = &ssl->rfd; |
ashleymills | 0:e979170e02e7 | 3864 | |
ashleymills | 0:e979170e02e7 | 3865 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 3866 | } |
ashleymills | 0:e979170e02e7 | 3867 | |
ashleymills | 0:e979170e02e7 | 3868 | |
ashleymills | 0:e979170e02e7 | 3869 | int CyaSSL_set_wfd(CYASSL* ssl, int wfd) |
ashleymills | 0:e979170e02e7 | 3870 | { |
ashleymills | 0:e979170e02e7 | 3871 | CYASSL_ENTER("SSL_set_wfd"); |
ashleymills | 0:e979170e02e7 | 3872 | ssl->wfd = wfd; /* not used directly to allow IO callbacks */ |
ashleymills | 0:e979170e02e7 | 3873 | |
ashleymills | 0:e979170e02e7 | 3874 | ssl->IOCB_WriteCtx = &ssl->wfd; |
ashleymills | 0:e979170e02e7 | 3875 | |
ashleymills | 0:e979170e02e7 | 3876 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 3877 | } |
ashleymills | 0:e979170e02e7 | 3878 | |
ashleymills | 0:e979170e02e7 | 3879 | |
ashleymills | 0:e979170e02e7 | 3880 | CYASSL_RSA* CyaSSL_RSA_generate_key(int len, unsigned long bits, |
ashleymills | 0:e979170e02e7 | 3881 | void(*f)(int, int, void*), void* data) |
ashleymills | 0:e979170e02e7 | 3882 | { |
ashleymills | 0:e979170e02e7 | 3883 | /* no tmp key needed, actual generation not supported */ |
ashleymills | 0:e979170e02e7 | 3884 | CYASSL_ENTER("RSA_generate_key"); |
ashleymills | 0:e979170e02e7 | 3885 | (void)len; |
ashleymills | 0:e979170e02e7 | 3886 | (void)bits; |
ashleymills | 0:e979170e02e7 | 3887 | (void)f; |
ashleymills | 0:e979170e02e7 | 3888 | (void)data; |
ashleymills | 0:e979170e02e7 | 3889 | return NULL; |
ashleymills | 0:e979170e02e7 | 3890 | } |
ashleymills | 0:e979170e02e7 | 3891 | |
ashleymills | 0:e979170e02e7 | 3892 | |
ashleymills | 0:e979170e02e7 | 3893 | /* return the next, if any, altname from the peer cert */ |
ashleymills | 0:e979170e02e7 | 3894 | char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert) |
ashleymills | 0:e979170e02e7 | 3895 | { |
ashleymills | 0:e979170e02e7 | 3896 | char* ret = NULL; |
ashleymills | 0:e979170e02e7 | 3897 | CYASSL_ENTER("CyaSSL_X509_get_next_altname"); |
ashleymills | 0:e979170e02e7 | 3898 | |
ashleymills | 0:e979170e02e7 | 3899 | /* don't have any to work with */ |
ashleymills | 0:e979170e02e7 | 3900 | if (cert == NULL || cert->altNames == NULL) |
ashleymills | 0:e979170e02e7 | 3901 | return NULL; |
ashleymills | 0:e979170e02e7 | 3902 | |
ashleymills | 0:e979170e02e7 | 3903 | /* already went through them */ |
ashleymills | 0:e979170e02e7 | 3904 | if (cert->altNamesNext == NULL) |
ashleymills | 0:e979170e02e7 | 3905 | return NULL; |
ashleymills | 0:e979170e02e7 | 3906 | |
ashleymills | 0:e979170e02e7 | 3907 | ret = cert->altNamesNext->name; |
ashleymills | 0:e979170e02e7 | 3908 | cert->altNamesNext = cert->altNamesNext->next; |
ashleymills | 0:e979170e02e7 | 3909 | |
ashleymills | 0:e979170e02e7 | 3910 | return ret; |
ashleymills | 0:e979170e02e7 | 3911 | } |
ashleymills | 0:e979170e02e7 | 3912 | |
ashleymills | 0:e979170e02e7 | 3913 | |
ashleymills | 0:e979170e02e7 | 3914 | CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert) |
ashleymills | 0:e979170e02e7 | 3915 | { |
ashleymills | 0:e979170e02e7 | 3916 | CYASSL_ENTER("X509_get_issuer_name"); |
ashleymills | 0:e979170e02e7 | 3917 | return &cert->issuer; |
ashleymills | 0:e979170e02e7 | 3918 | } |
ashleymills | 0:e979170e02e7 | 3919 | |
ashleymills | 0:e979170e02e7 | 3920 | |
ashleymills | 0:e979170e02e7 | 3921 | CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert) |
ashleymills | 0:e979170e02e7 | 3922 | { |
ashleymills | 0:e979170e02e7 | 3923 | CYASSL_ENTER("X509_get_subject_name"); |
ashleymills | 0:e979170e02e7 | 3924 | return &cert->subject; |
ashleymills | 0:e979170e02e7 | 3925 | } |
ashleymills | 0:e979170e02e7 | 3926 | |
ashleymills | 0:e979170e02e7 | 3927 | |
ashleymills | 0:e979170e02e7 | 3928 | /* copy name into in buffer, at most sz bytes, if buffer is null will |
ashleymills | 0:e979170e02e7 | 3929 | malloc buffer, call responsible for freeing */ |
ashleymills | 0:e979170e02e7 | 3930 | char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz) |
ashleymills | 0:e979170e02e7 | 3931 | { |
ashleymills | 0:e979170e02e7 | 3932 | int copySz = min(sz, name->sz); |
ashleymills | 0:e979170e02e7 | 3933 | |
ashleymills | 0:e979170e02e7 | 3934 | CYASSL_ENTER("CyaSSL_X509_NAME_oneline"); |
ashleymills | 0:e979170e02e7 | 3935 | if (!name->sz) return in; |
ashleymills | 0:e979170e02e7 | 3936 | |
ashleymills | 0:e979170e02e7 | 3937 | if (!in) { |
ashleymills | 0:e979170e02e7 | 3938 | in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:e979170e02e7 | 3939 | if (!in ) return in; |
ashleymills | 0:e979170e02e7 | 3940 | copySz = name->sz; |
ashleymills | 0:e979170e02e7 | 3941 | } |
ashleymills | 0:e979170e02e7 | 3942 | |
ashleymills | 0:e979170e02e7 | 3943 | if (copySz == 0) |
ashleymills | 0:e979170e02e7 | 3944 | return in; |
ashleymills | 0:e979170e02e7 | 3945 | |
ashleymills | 0:e979170e02e7 | 3946 | XMEMCPY(in, name->name, copySz - 1); |
ashleymills | 0:e979170e02e7 | 3947 | in[copySz - 1] = 0; |
ashleymills | 0:e979170e02e7 | 3948 | |
ashleymills | 0:e979170e02e7 | 3949 | return in; |
ashleymills | 0:e979170e02e7 | 3950 | } |
ashleymills | 0:e979170e02e7 | 3951 | |
ashleymills | 0:e979170e02e7 | 3952 | |
ashleymills | 0:e979170e02e7 | 3953 | CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert( |
ashleymills | 0:e979170e02e7 | 3954 | CYASSL_X509_STORE_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 3955 | { |
ashleymills | 0:e979170e02e7 | 3956 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 3957 | return 0; |
ashleymills | 0:e979170e02e7 | 3958 | } |
ashleymills | 0:e979170e02e7 | 3959 | |
ashleymills | 0:e979170e02e7 | 3960 | |
ashleymills | 0:e979170e02e7 | 3961 | int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 3962 | { |
ashleymills | 0:e979170e02e7 | 3963 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 3964 | return 0; |
ashleymills | 0:e979170e02e7 | 3965 | } |
ashleymills | 0:e979170e02e7 | 3966 | |
ashleymills | 0:e979170e02e7 | 3967 | |
ashleymills | 0:e979170e02e7 | 3968 | int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 3969 | { |
ashleymills | 0:e979170e02e7 | 3970 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 3971 | return 0; |
ashleymills | 0:e979170e02e7 | 3972 | } |
ashleymills | 0:e979170e02e7 | 3973 | |
ashleymills | 0:e979170e02e7 | 3974 | |
ashleymills | 0:e979170e02e7 | 3975 | CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void) |
ashleymills | 0:e979170e02e7 | 3976 | { |
ashleymills | 0:e979170e02e7 | 3977 | static CYASSL_BIO_METHOD meth; |
ashleymills | 0:e979170e02e7 | 3978 | |
ashleymills | 0:e979170e02e7 | 3979 | CYASSL_ENTER("BIO_f_buffer"); |
ashleymills | 0:e979170e02e7 | 3980 | meth.type = BIO_BUFFER; |
ashleymills | 0:e979170e02e7 | 3981 | |
ashleymills | 0:e979170e02e7 | 3982 | return &meth; |
ashleymills | 0:e979170e02e7 | 3983 | } |
ashleymills | 0:e979170e02e7 | 3984 | |
ashleymills | 0:e979170e02e7 | 3985 | |
ashleymills | 0:e979170e02e7 | 3986 | long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO* bio, long size) |
ashleymills | 0:e979170e02e7 | 3987 | { |
ashleymills | 0:e979170e02e7 | 3988 | /* CyaSSL has internal buffer, compatibility only */ |
ashleymills | 0:e979170e02e7 | 3989 | CYASSL_ENTER("BIO_set_write_buffer_size"); |
ashleymills | 0:e979170e02e7 | 3990 | (void)bio; |
ashleymills | 0:e979170e02e7 | 3991 | return size; |
ashleymills | 0:e979170e02e7 | 3992 | } |
ashleymills | 0:e979170e02e7 | 3993 | |
ashleymills | 0:e979170e02e7 | 3994 | |
ashleymills | 0:e979170e02e7 | 3995 | CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void) |
ashleymills | 0:e979170e02e7 | 3996 | { |
ashleymills | 0:e979170e02e7 | 3997 | static CYASSL_BIO_METHOD meth; |
ashleymills | 0:e979170e02e7 | 3998 | |
ashleymills | 0:e979170e02e7 | 3999 | CYASSL_ENTER("BIO_f_ssl"); |
ashleymills | 0:e979170e02e7 | 4000 | meth.type = BIO_SSL; |
ashleymills | 0:e979170e02e7 | 4001 | |
ashleymills | 0:e979170e02e7 | 4002 | return &meth; |
ashleymills | 0:e979170e02e7 | 4003 | } |
ashleymills | 0:e979170e02e7 | 4004 | |
ashleymills | 0:e979170e02e7 | 4005 | |
ashleymills | 0:e979170e02e7 | 4006 | CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int closeF) |
ashleymills | 0:e979170e02e7 | 4007 | { |
ashleymills | 0:e979170e02e7 | 4008 | CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0, |
ashleymills | 0:e979170e02e7 | 4009 | DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:e979170e02e7 | 4010 | |
ashleymills | 0:e979170e02e7 | 4011 | CYASSL_ENTER("BIO_new_socket"); |
ashleymills | 0:e979170e02e7 | 4012 | if (bio) { |
ashleymills | 0:e979170e02e7 | 4013 | bio->type = BIO_SOCKET; |
ashleymills | 0:e979170e02e7 | 4014 | bio->close = (byte)closeF; |
ashleymills | 0:e979170e02e7 | 4015 | bio->eof = 0; |
ashleymills | 0:e979170e02e7 | 4016 | bio->ssl = 0; |
ashleymills | 0:e979170e02e7 | 4017 | bio->fd = sfd; |
ashleymills | 0:e979170e02e7 | 4018 | bio->prev = 0; |
ashleymills | 0:e979170e02e7 | 4019 | bio->next = 0; |
ashleymills | 0:e979170e02e7 | 4020 | } |
ashleymills | 0:e979170e02e7 | 4021 | return bio; |
ashleymills | 0:e979170e02e7 | 4022 | } |
ashleymills | 0:e979170e02e7 | 4023 | |
ashleymills | 0:e979170e02e7 | 4024 | |
ashleymills | 0:e979170e02e7 | 4025 | int CyaSSL_BIO_eof(CYASSL_BIO* b) |
ashleymills | 0:e979170e02e7 | 4026 | { |
ashleymills | 0:e979170e02e7 | 4027 | CYASSL_ENTER("BIO_eof"); |
ashleymills | 0:e979170e02e7 | 4028 | if (b->eof) |
ashleymills | 0:e979170e02e7 | 4029 | return 1; |
ashleymills | 0:e979170e02e7 | 4030 | |
ashleymills | 0:e979170e02e7 | 4031 | return 0; |
ashleymills | 0:e979170e02e7 | 4032 | } |
ashleymills | 0:e979170e02e7 | 4033 | |
ashleymills | 0:e979170e02e7 | 4034 | |
ashleymills | 0:e979170e02e7 | 4035 | long CyaSSL_BIO_set_ssl(CYASSL_BIO* b, CYASSL* ssl, int closeF) |
ashleymills | 0:e979170e02e7 | 4036 | { |
ashleymills | 0:e979170e02e7 | 4037 | CYASSL_ENTER("BIO_set_ssl"); |
ashleymills | 0:e979170e02e7 | 4038 | b->ssl = ssl; |
ashleymills | 0:e979170e02e7 | 4039 | b->close = (byte)closeF; |
ashleymills | 0:e979170e02e7 | 4040 | /* add to ssl for bio free if SSL_free called before/instead of free_all? */ |
ashleymills | 0:e979170e02e7 | 4041 | |
ashleymills | 0:e979170e02e7 | 4042 | return 0; |
ashleymills | 0:e979170e02e7 | 4043 | } |
ashleymills | 0:e979170e02e7 | 4044 | |
ashleymills | 0:e979170e02e7 | 4045 | |
ashleymills | 0:e979170e02e7 | 4046 | CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD* method) |
ashleymills | 0:e979170e02e7 | 4047 | { |
ashleymills | 0:e979170e02e7 | 4048 | CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0, |
ashleymills | 0:e979170e02e7 | 4049 | DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:e979170e02e7 | 4050 | CYASSL_ENTER("BIO_new"); |
ashleymills | 0:e979170e02e7 | 4051 | if (bio) { |
ashleymills | 0:e979170e02e7 | 4052 | bio->type = method->type; |
ashleymills | 0:e979170e02e7 | 4053 | bio->close = 0; |
ashleymills | 0:e979170e02e7 | 4054 | bio->eof = 0; |
ashleymills | 0:e979170e02e7 | 4055 | bio->ssl = NULL; |
ashleymills | 0:e979170e02e7 | 4056 | bio->mem = NULL; |
ashleymills | 0:e979170e02e7 | 4057 | bio->memLen = 0; |
ashleymills | 0:e979170e02e7 | 4058 | bio->fd = 0; |
ashleymills | 0:e979170e02e7 | 4059 | bio->prev = NULL; |
ashleymills | 0:e979170e02e7 | 4060 | bio->next = NULL; |
ashleymills | 0:e979170e02e7 | 4061 | } |
ashleymills | 0:e979170e02e7 | 4062 | return bio; |
ashleymills | 0:e979170e02e7 | 4063 | } |
ashleymills | 0:e979170e02e7 | 4064 | |
ashleymills | 0:e979170e02e7 | 4065 | |
ashleymills | 0:e979170e02e7 | 4066 | int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio, const byte** p) |
ashleymills | 0:e979170e02e7 | 4067 | { |
ashleymills | 0:e979170e02e7 | 4068 | if (bio == NULL || p == NULL) |
ashleymills | 0:e979170e02e7 | 4069 | return -1; |
ashleymills | 0:e979170e02e7 | 4070 | |
ashleymills | 0:e979170e02e7 | 4071 | *p = bio->mem; |
ashleymills | 0:e979170e02e7 | 4072 | |
ashleymills | 0:e979170e02e7 | 4073 | return bio->memLen; |
ashleymills | 0:e979170e02e7 | 4074 | } |
ashleymills | 0:e979170e02e7 | 4075 | |
ashleymills | 0:e979170e02e7 | 4076 | |
ashleymills | 0:e979170e02e7 | 4077 | CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len) |
ashleymills | 0:e979170e02e7 | 4078 | { |
ashleymills | 0:e979170e02e7 | 4079 | CYASSL_BIO* bio = NULL; |
ashleymills | 0:e979170e02e7 | 4080 | if (buf == NULL) |
ashleymills | 0:e979170e02e7 | 4081 | return bio; |
ashleymills | 0:e979170e02e7 | 4082 | |
ashleymills | 0:e979170e02e7 | 4083 | bio = CyaSSL_BIO_new(CyaSSL_BIO_s_mem()); |
ashleymills | 0:e979170e02e7 | 4084 | if (bio == NULL) |
ashleymills | 0:e979170e02e7 | 4085 | return bio; |
ashleymills | 0:e979170e02e7 | 4086 | |
ashleymills | 0:e979170e02e7 | 4087 | bio->memLen = len; |
ashleymills | 0:e979170e02e7 | 4088 | bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:e979170e02e7 | 4089 | if (bio->mem == NULL) { |
ashleymills | 0:e979170e02e7 | 4090 | XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:e979170e02e7 | 4091 | return NULL; |
ashleymills | 0:e979170e02e7 | 4092 | } |
ashleymills | 0:e979170e02e7 | 4093 | |
ashleymills | 0:e979170e02e7 | 4094 | XMEMCPY(bio->mem, buf, len); |
ashleymills | 0:e979170e02e7 | 4095 | |
ashleymills | 0:e979170e02e7 | 4096 | return bio; |
ashleymills | 0:e979170e02e7 | 4097 | } |
ashleymills | 0:e979170e02e7 | 4098 | |
ashleymills | 0:e979170e02e7 | 4099 | |
ashleymills | 0:e979170e02e7 | 4100 | #ifdef USE_WINDOWS_API |
ashleymills | 0:e979170e02e7 | 4101 | #define CloseSocket(s) closesocket(s) |
ashleymills | 0:e979170e02e7 | 4102 | #else |
ashleymills | 0:e979170e02e7 | 4103 | #define CloseSocket(s) close(s) |
ashleymills | 0:e979170e02e7 | 4104 | #endif |
ashleymills | 0:e979170e02e7 | 4105 | |
ashleymills | 0:e979170e02e7 | 4106 | int CyaSSL_BIO_free(CYASSL_BIO* bio) |
ashleymills | 0:e979170e02e7 | 4107 | { |
ashleymills | 0:e979170e02e7 | 4108 | /* unchain?, doesn't matter in goahead since from free all */ |
ashleymills | 0:e979170e02e7 | 4109 | CYASSL_ENTER("BIO_free"); |
ashleymills | 0:e979170e02e7 | 4110 | if (bio) { |
ashleymills | 0:e979170e02e7 | 4111 | if (bio->close) { |
ashleymills | 0:e979170e02e7 | 4112 | if (bio->ssl) |
ashleymills | 0:e979170e02e7 | 4113 | CyaSSL_free(bio->ssl); |
ashleymills | 0:e979170e02e7 | 4114 | if (bio->fd) |
ashleymills | 0:e979170e02e7 | 4115 | CloseSocket(bio->fd); |
ashleymills | 0:e979170e02e7 | 4116 | } |
ashleymills | 0:e979170e02e7 | 4117 | if (bio->mem) |
ashleymills | 0:e979170e02e7 | 4118 | XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:e979170e02e7 | 4119 | XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:e979170e02e7 | 4120 | } |
ashleymills | 0:e979170e02e7 | 4121 | return 0; |
ashleymills | 0:e979170e02e7 | 4122 | } |
ashleymills | 0:e979170e02e7 | 4123 | |
ashleymills | 0:e979170e02e7 | 4124 | |
ashleymills | 0:e979170e02e7 | 4125 | int CyaSSL_BIO_free_all(CYASSL_BIO* bio) |
ashleymills | 0:e979170e02e7 | 4126 | { |
ashleymills | 0:e979170e02e7 | 4127 | CYASSL_ENTER("BIO_free_all"); |
ashleymills | 0:e979170e02e7 | 4128 | while (bio) { |
ashleymills | 0:e979170e02e7 | 4129 | CYASSL_BIO* next = bio->next; |
ashleymills | 0:e979170e02e7 | 4130 | CyaSSL_BIO_free(bio); |
ashleymills | 0:e979170e02e7 | 4131 | bio = next; |
ashleymills | 0:e979170e02e7 | 4132 | } |
ashleymills | 0:e979170e02e7 | 4133 | return 0; |
ashleymills | 0:e979170e02e7 | 4134 | } |
ashleymills | 0:e979170e02e7 | 4135 | |
ashleymills | 0:e979170e02e7 | 4136 | |
ashleymills | 0:e979170e02e7 | 4137 | int CyaSSL_BIO_read(CYASSL_BIO* bio, void* buf, int len) |
ashleymills | 0:e979170e02e7 | 4138 | { |
ashleymills | 0:e979170e02e7 | 4139 | int ret; |
ashleymills | 0:e979170e02e7 | 4140 | CYASSL* ssl = 0; |
ashleymills | 0:e979170e02e7 | 4141 | CYASSL_BIO* front = bio; |
ashleymills | 0:e979170e02e7 | 4142 | |
ashleymills | 0:e979170e02e7 | 4143 | CYASSL_ENTER("BIO_read"); |
ashleymills | 0:e979170e02e7 | 4144 | /* already got eof, again is error */ |
ashleymills | 0:e979170e02e7 | 4145 | if (front->eof) |
ashleymills | 0:e979170e02e7 | 4146 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 4147 | |
ashleymills | 0:e979170e02e7 | 4148 | while(bio && ((ssl = bio->ssl) == 0) ) |
ashleymills | 0:e979170e02e7 | 4149 | bio = bio->next; |
ashleymills | 0:e979170e02e7 | 4150 | |
ashleymills | 0:e979170e02e7 | 4151 | if (ssl == 0) return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 4152 | |
ashleymills | 0:e979170e02e7 | 4153 | ret = CyaSSL_read(ssl, buf, len); |
ashleymills | 0:e979170e02e7 | 4154 | if (ret == 0) |
ashleymills | 0:e979170e02e7 | 4155 | front->eof = 1; |
ashleymills | 0:e979170e02e7 | 4156 | else if (ret < 0) { |
ashleymills | 0:e979170e02e7 | 4157 | int err = CyaSSL_get_error(ssl, 0); |
ashleymills | 0:e979170e02e7 | 4158 | if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) ) |
ashleymills | 0:e979170e02e7 | 4159 | front->eof = 1; |
ashleymills | 0:e979170e02e7 | 4160 | } |
ashleymills | 0:e979170e02e7 | 4161 | return ret; |
ashleymills | 0:e979170e02e7 | 4162 | } |
ashleymills | 0:e979170e02e7 | 4163 | |
ashleymills | 0:e979170e02e7 | 4164 | |
ashleymills | 0:e979170e02e7 | 4165 | int CyaSSL_BIO_write(CYASSL_BIO* bio, const void* data, int len) |
ashleymills | 0:e979170e02e7 | 4166 | { |
ashleymills | 0:e979170e02e7 | 4167 | int ret; |
ashleymills | 0:e979170e02e7 | 4168 | CYASSL* ssl = 0; |
ashleymills | 0:e979170e02e7 | 4169 | CYASSL_BIO* front = bio; |
ashleymills | 0:e979170e02e7 | 4170 | |
ashleymills | 0:e979170e02e7 | 4171 | CYASSL_ENTER("BIO_write"); |
ashleymills | 0:e979170e02e7 | 4172 | /* already got eof, again is error */ |
ashleymills | 0:e979170e02e7 | 4173 | if (front->eof) |
ashleymills | 0:e979170e02e7 | 4174 | return SSL_FATAL_ERROR; |
ashleymills | 0:e979170e02e7 | 4175 | |
ashleymills | 0:e979170e02e7 | 4176 | while(bio && ((ssl = bio->ssl) == 0) ) |
ashleymills | 0:e979170e02e7 | 4177 | bio = bio->next; |
ashleymills | 0:e979170e02e7 | 4178 | |
ashleymills | 0:e979170e02e7 | 4179 | if (ssl == 0) return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 4180 | |
ashleymills | 0:e979170e02e7 | 4181 | ret = CyaSSL_write(ssl, data, len); |
ashleymills | 0:e979170e02e7 | 4182 | if (ret == 0) |
ashleymills | 0:e979170e02e7 | 4183 | front->eof = 1; |
ashleymills | 0:e979170e02e7 | 4184 | else if (ret < 0) { |
ashleymills | 0:e979170e02e7 | 4185 | int err = CyaSSL_get_error(ssl, 0); |
ashleymills | 0:e979170e02e7 | 4186 | if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) ) |
ashleymills | 0:e979170e02e7 | 4187 | front->eof = 1; |
ashleymills | 0:e979170e02e7 | 4188 | } |
ashleymills | 0:e979170e02e7 | 4189 | |
ashleymills | 0:e979170e02e7 | 4190 | return ret; |
ashleymills | 0:e979170e02e7 | 4191 | } |
ashleymills | 0:e979170e02e7 | 4192 | |
ashleymills | 0:e979170e02e7 | 4193 | |
ashleymills | 0:e979170e02e7 | 4194 | CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO* top, CYASSL_BIO* append) |
ashleymills | 0:e979170e02e7 | 4195 | { |
ashleymills | 0:e979170e02e7 | 4196 | CYASSL_ENTER("BIO_push"); |
ashleymills | 0:e979170e02e7 | 4197 | top->next = append; |
ashleymills | 0:e979170e02e7 | 4198 | append->prev = top; |
ashleymills | 0:e979170e02e7 | 4199 | |
ashleymills | 0:e979170e02e7 | 4200 | return top; |
ashleymills | 0:e979170e02e7 | 4201 | } |
ashleymills | 0:e979170e02e7 | 4202 | |
ashleymills | 0:e979170e02e7 | 4203 | |
ashleymills | 0:e979170e02e7 | 4204 | int CyaSSL_BIO_flush(CYASSL_BIO* bio) |
ashleymills | 0:e979170e02e7 | 4205 | { |
ashleymills | 0:e979170e02e7 | 4206 | /* for CyaSSL no flushing needed */ |
ashleymills | 0:e979170e02e7 | 4207 | CYASSL_ENTER("BIO_flush"); |
ashleymills | 0:e979170e02e7 | 4208 | (void)bio; |
ashleymills | 0:e979170e02e7 | 4209 | return 1; |
ashleymills | 0:e979170e02e7 | 4210 | } |
ashleymills | 0:e979170e02e7 | 4211 | |
ashleymills | 0:e979170e02e7 | 4212 | |
ashleymills | 0:e979170e02e7 | 4213 | #endif /* OPENSSL_EXTRA || GOAHEAD_WS */ |
ashleymills | 0:e979170e02e7 | 4214 | |
ashleymills | 0:e979170e02e7 | 4215 | |
ashleymills | 0:e979170e02e7 | 4216 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
ashleymills | 0:e979170e02e7 | 4217 | |
ashleymills | 0:e979170e02e7 | 4218 | void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 4219 | void* userdata) |
ashleymills | 0:e979170e02e7 | 4220 | { |
ashleymills | 0:e979170e02e7 | 4221 | CYASSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata"); |
ashleymills | 0:e979170e02e7 | 4222 | ctx->userdata = userdata; |
ashleymills | 0:e979170e02e7 | 4223 | } |
ashleymills | 0:e979170e02e7 | 4224 | |
ashleymills | 0:e979170e02e7 | 4225 | |
ashleymills | 0:e979170e02e7 | 4226 | void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX* ctx, pem_password_cb cb) |
ashleymills | 0:e979170e02e7 | 4227 | { |
ashleymills | 0:e979170e02e7 | 4228 | CYASSL_ENTER("SSL_CTX_set_default_passwd_cb"); |
ashleymills | 0:e979170e02e7 | 4229 | ctx->passwd_cb = cb; |
ashleymills | 0:e979170e02e7 | 4230 | } |
ashleymills | 0:e979170e02e7 | 4231 | |
ashleymills | 0:e979170e02e7 | 4232 | int CyaSSL_num_locks(void) |
ashleymills | 0:e979170e02e7 | 4233 | { |
ashleymills | 0:e979170e02e7 | 4234 | return 0; |
ashleymills | 0:e979170e02e7 | 4235 | } |
ashleymills | 0:e979170e02e7 | 4236 | |
ashleymills | 0:e979170e02e7 | 4237 | void CyaSSL_set_locking_callback(void (*f)(int, int, const char*, int)) |
ashleymills | 0:e979170e02e7 | 4238 | { |
ashleymills | 0:e979170e02e7 | 4239 | (void)f; |
ashleymills | 0:e979170e02e7 | 4240 | } |
ashleymills | 0:e979170e02e7 | 4241 | |
ashleymills | 0:e979170e02e7 | 4242 | void CyaSSL_set_id_callback(unsigned long (*f)(void)) |
ashleymills | 0:e979170e02e7 | 4243 | { |
ashleymills | 0:e979170e02e7 | 4244 | (void)f; |
ashleymills | 0:e979170e02e7 | 4245 | } |
ashleymills | 0:e979170e02e7 | 4246 | |
ashleymills | 0:e979170e02e7 | 4247 | unsigned long CyaSSL_ERR_get_error(void) |
ashleymills | 0:e979170e02e7 | 4248 | { |
ashleymills | 0:e979170e02e7 | 4249 | /* TODO: */ |
ashleymills | 0:e979170e02e7 | 4250 | return 0; |
ashleymills | 0:e979170e02e7 | 4251 | } |
ashleymills | 0:e979170e02e7 | 4252 | |
ashleymills | 0:e979170e02e7 | 4253 | int CyaSSL_EVP_BytesToKey(const CYASSL_EVP_CIPHER* type, |
ashleymills | 0:e979170e02e7 | 4254 | const CYASSL_EVP_MD* md, const byte* salt, |
ashleymills | 0:e979170e02e7 | 4255 | const byte* data, int sz, int count, byte* key, byte* iv) |
ashleymills | 0:e979170e02e7 | 4256 | { |
ashleymills | 0:e979170e02e7 | 4257 | int keyLen = 0; |
ashleymills | 0:e979170e02e7 | 4258 | int ivLen = 0; |
ashleymills | 0:e979170e02e7 | 4259 | |
ashleymills | 0:e979170e02e7 | 4260 | Md5 myMD; |
ashleymills | 0:e979170e02e7 | 4261 | byte digest[MD5_DIGEST_SIZE]; |
ashleymills | 0:e979170e02e7 | 4262 | |
ashleymills | 0:e979170e02e7 | 4263 | int j; |
ashleymills | 0:e979170e02e7 | 4264 | int keyLeft; |
ashleymills | 0:e979170e02e7 | 4265 | int ivLeft; |
ashleymills | 0:e979170e02e7 | 4266 | int keyOutput = 0; |
ashleymills | 0:e979170e02e7 | 4267 | |
ashleymills | 0:e979170e02e7 | 4268 | CYASSL_ENTER("EVP_BytesToKey"); |
ashleymills | 0:e979170e02e7 | 4269 | InitMd5(&myMD); |
ashleymills | 0:e979170e02e7 | 4270 | |
ashleymills | 0:e979170e02e7 | 4271 | /* only support MD5 for now */ |
ashleymills | 0:e979170e02e7 | 4272 | if (XSTRNCMP(md, "MD5", 3) != 0) return 0; |
ashleymills | 0:e979170e02e7 | 4273 | |
ashleymills | 0:e979170e02e7 | 4274 | /* only support CBC DES and AES for now */ |
ashleymills | 0:e979170e02e7 | 4275 | if (XSTRNCMP(type, "DES-CBC", 7) == 0) { |
ashleymills | 0:e979170e02e7 | 4276 | keyLen = DES_KEY_SIZE; |
ashleymills | 0:e979170e02e7 | 4277 | ivLen = DES_IV_SIZE; |
ashleymills | 0:e979170e02e7 | 4278 | } |
ashleymills | 0:e979170e02e7 | 4279 | else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) { |
ashleymills | 0:e979170e02e7 | 4280 | keyLen = DES3_KEY_SIZE; |
ashleymills | 0:e979170e02e7 | 4281 | ivLen = DES_IV_SIZE; |
ashleymills | 0:e979170e02e7 | 4282 | } |
ashleymills | 0:e979170e02e7 | 4283 | else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) { |
ashleymills | 0:e979170e02e7 | 4284 | keyLen = AES_128_KEY_SIZE; |
ashleymills | 0:e979170e02e7 | 4285 | ivLen = AES_IV_SIZE; |
ashleymills | 0:e979170e02e7 | 4286 | } |
ashleymills | 0:e979170e02e7 | 4287 | else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) { |
ashleymills | 0:e979170e02e7 | 4288 | keyLen = AES_192_KEY_SIZE; |
ashleymills | 0:e979170e02e7 | 4289 | ivLen = AES_IV_SIZE; |
ashleymills | 0:e979170e02e7 | 4290 | } |
ashleymills | 0:e979170e02e7 | 4291 | else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) { |
ashleymills | 0:e979170e02e7 | 4292 | keyLen = AES_256_KEY_SIZE; |
ashleymills | 0:e979170e02e7 | 4293 | ivLen = AES_IV_SIZE; |
ashleymills | 0:e979170e02e7 | 4294 | } |
ashleymills | 0:e979170e02e7 | 4295 | else |
ashleymills | 0:e979170e02e7 | 4296 | return 0; |
ashleymills | 0:e979170e02e7 | 4297 | |
ashleymills | 0:e979170e02e7 | 4298 | keyLeft = keyLen; |
ashleymills | 0:e979170e02e7 | 4299 | ivLeft = ivLen; |
ashleymills | 0:e979170e02e7 | 4300 | |
ashleymills | 0:e979170e02e7 | 4301 | while (keyOutput < (keyLen + ivLen)) { |
ashleymills | 0:e979170e02e7 | 4302 | int digestLeft = MD5_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 4303 | /* D_(i - 1) */ |
ashleymills | 0:e979170e02e7 | 4304 | if (keyOutput) /* first time D_0 is empty */ |
ashleymills | 0:e979170e02e7 | 4305 | Md5Update(&myMD, digest, MD5_DIGEST_SIZE); |
ashleymills | 0:e979170e02e7 | 4306 | /* data */ |
ashleymills | 0:e979170e02e7 | 4307 | Md5Update(&myMD, data, sz); |
ashleymills | 0:e979170e02e7 | 4308 | /* salt */ |
ashleymills | 0:e979170e02e7 | 4309 | if (salt) |
ashleymills | 0:e979170e02e7 | 4310 | Md5Update(&myMD, salt, EVP_SALT_SIZE); |
ashleymills | 0:e979170e02e7 | 4311 | Md5Final(&myMD, digest); |
ashleymills | 0:e979170e02e7 | 4312 | /* count */ |
ashleymills | 0:e979170e02e7 | 4313 | for (j = 1; j < count; j++) { |
ashleymills | 0:e979170e02e7 | 4314 | Md5Update(&myMD, digest, MD5_DIGEST_SIZE); |
ashleymills | 0:e979170e02e7 | 4315 | Md5Final(&myMD, digest); |
ashleymills | 0:e979170e02e7 | 4316 | } |
ashleymills | 0:e979170e02e7 | 4317 | |
ashleymills | 0:e979170e02e7 | 4318 | if (keyLeft) { |
ashleymills | 0:e979170e02e7 | 4319 | int store = min(keyLeft, MD5_DIGEST_SIZE); |
ashleymills | 0:e979170e02e7 | 4320 | XMEMCPY(&key[keyLen - keyLeft], digest, store); |
ashleymills | 0:e979170e02e7 | 4321 | |
ashleymills | 0:e979170e02e7 | 4322 | keyOutput += store; |
ashleymills | 0:e979170e02e7 | 4323 | keyLeft -= store; |
ashleymills | 0:e979170e02e7 | 4324 | digestLeft -= store; |
ashleymills | 0:e979170e02e7 | 4325 | } |
ashleymills | 0:e979170e02e7 | 4326 | |
ashleymills | 0:e979170e02e7 | 4327 | if (ivLeft && digestLeft) { |
ashleymills | 0:e979170e02e7 | 4328 | int store = min(ivLeft, digestLeft); |
ashleymills | 0:e979170e02e7 | 4329 | XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE - |
ashleymills | 0:e979170e02e7 | 4330 | digestLeft], store); |
ashleymills | 0:e979170e02e7 | 4331 | keyOutput += store; |
ashleymills | 0:e979170e02e7 | 4332 | ivLeft -= store; |
ashleymills | 0:e979170e02e7 | 4333 | } |
ashleymills | 0:e979170e02e7 | 4334 | } |
ashleymills | 0:e979170e02e7 | 4335 | if (keyOutput != (keyLen + ivLen)) |
ashleymills | 0:e979170e02e7 | 4336 | return 0; |
ashleymills | 0:e979170e02e7 | 4337 | return keyOutput; |
ashleymills | 0:e979170e02e7 | 4338 | } |
ashleymills | 0:e979170e02e7 | 4339 | |
ashleymills | 0:e979170e02e7 | 4340 | #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ |
ashleymills | 0:e979170e02e7 | 4341 | |
ashleymills | 0:e979170e02e7 | 4342 | |
ashleymills | 0:e979170e02e7 | 4343 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:e979170e02e7 | 4344 | |
ashleymills | 0:e979170e02e7 | 4345 | unsigned long CyaSSLeay(void) |
ashleymills | 0:e979170e02e7 | 4346 | { |
ashleymills | 0:e979170e02e7 | 4347 | return SSLEAY_VERSION_NUMBER; |
ashleymills | 0:e979170e02e7 | 4348 | } |
ashleymills | 0:e979170e02e7 | 4349 | |
ashleymills | 0:e979170e02e7 | 4350 | |
ashleymills | 0:e979170e02e7 | 4351 | const char* CyaSSLeay_version(int type) |
ashleymills | 0:e979170e02e7 | 4352 | { |
ashleymills | 0:e979170e02e7 | 4353 | static const char* version = "SSLeay CyaSSL compatibility"; |
ashleymills | 0:e979170e02e7 | 4354 | (void)type; |
ashleymills | 0:e979170e02e7 | 4355 | return version; |
ashleymills | 0:e979170e02e7 | 4356 | } |
ashleymills | 0:e979170e02e7 | 4357 | |
ashleymills | 0:e979170e02e7 | 4358 | |
ashleymills | 0:e979170e02e7 | 4359 | void CyaSSL_MD5_Init(CYASSL_MD5_CTX* md5) |
ashleymills | 0:e979170e02e7 | 4360 | { |
ashleymills | 0:e979170e02e7 | 4361 | typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1]; |
ashleymills | 0:e979170e02e7 | 4362 | (void)sizeof(md5_test); |
ashleymills | 0:e979170e02e7 | 4363 | |
ashleymills | 0:e979170e02e7 | 4364 | CYASSL_ENTER("MD5_Init"); |
ashleymills | 0:e979170e02e7 | 4365 | InitMd5((Md5*)md5); |
ashleymills | 0:e979170e02e7 | 4366 | } |
ashleymills | 0:e979170e02e7 | 4367 | |
ashleymills | 0:e979170e02e7 | 4368 | |
ashleymills | 0:e979170e02e7 | 4369 | void CyaSSL_MD5_Update(CYASSL_MD5_CTX* md5, const void* input, |
ashleymills | 0:e979170e02e7 | 4370 | unsigned long sz) |
ashleymills | 0:e979170e02e7 | 4371 | { |
ashleymills | 0:e979170e02e7 | 4372 | CYASSL_ENTER("CyaSSL_MD5_Update"); |
ashleymills | 0:e979170e02e7 | 4373 | Md5Update((Md5*)md5, (const byte*)input, (word32)sz); |
ashleymills | 0:e979170e02e7 | 4374 | } |
ashleymills | 0:e979170e02e7 | 4375 | |
ashleymills | 0:e979170e02e7 | 4376 | |
ashleymills | 0:e979170e02e7 | 4377 | void CyaSSL_MD5_Final(byte* input, CYASSL_MD5_CTX* md5) |
ashleymills | 0:e979170e02e7 | 4378 | { |
ashleymills | 0:e979170e02e7 | 4379 | CYASSL_ENTER("MD5_Final"); |
ashleymills | 0:e979170e02e7 | 4380 | Md5Final((Md5*)md5, input); |
ashleymills | 0:e979170e02e7 | 4381 | } |
ashleymills | 0:e979170e02e7 | 4382 | |
ashleymills | 0:e979170e02e7 | 4383 | |
ashleymills | 0:e979170e02e7 | 4384 | void CyaSSL_SHA_Init(CYASSL_SHA_CTX* sha) |
ashleymills | 0:e979170e02e7 | 4385 | { |
ashleymills | 0:e979170e02e7 | 4386 | typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1]; |
ashleymills | 0:e979170e02e7 | 4387 | (void)sizeof(sha_test); |
ashleymills | 0:e979170e02e7 | 4388 | |
ashleymills | 0:e979170e02e7 | 4389 | CYASSL_ENTER("SHA_Init"); |
ashleymills | 0:e979170e02e7 | 4390 | InitSha((Sha*)sha); |
ashleymills | 0:e979170e02e7 | 4391 | } |
ashleymills | 0:e979170e02e7 | 4392 | |
ashleymills | 0:e979170e02e7 | 4393 | |
ashleymills | 0:e979170e02e7 | 4394 | void CyaSSL_SHA_Update(CYASSL_SHA_CTX* sha, const void* input, |
ashleymills | 0:e979170e02e7 | 4395 | unsigned long sz) |
ashleymills | 0:e979170e02e7 | 4396 | { |
ashleymills | 0:e979170e02e7 | 4397 | CYASSL_ENTER("SHA_Update"); |
ashleymills | 0:e979170e02e7 | 4398 | ShaUpdate((Sha*)sha, (const byte*)input, (word32)sz); |
ashleymills | 0:e979170e02e7 | 4399 | } |
ashleymills | 0:e979170e02e7 | 4400 | |
ashleymills | 0:e979170e02e7 | 4401 | |
ashleymills | 0:e979170e02e7 | 4402 | void CyaSSL_SHA_Final(byte* input, CYASSL_SHA_CTX* sha) |
ashleymills | 0:e979170e02e7 | 4403 | { |
ashleymills | 0:e979170e02e7 | 4404 | CYASSL_ENTER("SHA_Final"); |
ashleymills | 0:e979170e02e7 | 4405 | ShaFinal((Sha*)sha, input); |
ashleymills | 0:e979170e02e7 | 4406 | } |
ashleymills | 0:e979170e02e7 | 4407 | |
ashleymills | 0:e979170e02e7 | 4408 | |
ashleymills | 0:e979170e02e7 | 4409 | void CyaSSL_SHA1_Init(CYASSL_SHA_CTX* sha) |
ashleymills | 0:e979170e02e7 | 4410 | { |
ashleymills | 0:e979170e02e7 | 4411 | CYASSL_ENTER("SHA1_Init"); |
ashleymills | 0:e979170e02e7 | 4412 | SHA_Init(sha); |
ashleymills | 0:e979170e02e7 | 4413 | } |
ashleymills | 0:e979170e02e7 | 4414 | |
ashleymills | 0:e979170e02e7 | 4415 | |
ashleymills | 0:e979170e02e7 | 4416 | void CyaSSL_SHA1_Update(CYASSL_SHA_CTX* sha, const void* input, |
ashleymills | 0:e979170e02e7 | 4417 | unsigned long sz) |
ashleymills | 0:e979170e02e7 | 4418 | { |
ashleymills | 0:e979170e02e7 | 4419 | CYASSL_ENTER("SHA1_Update"); |
ashleymills | 0:e979170e02e7 | 4420 | SHA_Update(sha, input, sz); |
ashleymills | 0:e979170e02e7 | 4421 | } |
ashleymills | 0:e979170e02e7 | 4422 | |
ashleymills | 0:e979170e02e7 | 4423 | |
ashleymills | 0:e979170e02e7 | 4424 | void CyaSSL_SHA1_Final(byte* input, CYASSL_SHA_CTX* sha) |
ashleymills | 0:e979170e02e7 | 4425 | { |
ashleymills | 0:e979170e02e7 | 4426 | CYASSL_ENTER("SHA1_Final"); |
ashleymills | 0:e979170e02e7 | 4427 | SHA_Final(input, sha); |
ashleymills | 0:e979170e02e7 | 4428 | } |
ashleymills | 0:e979170e02e7 | 4429 | |
ashleymills | 0:e979170e02e7 | 4430 | |
ashleymills | 0:e979170e02e7 | 4431 | void CyaSSL_SHA256_Init(CYASSL_SHA256_CTX* sha256) |
ashleymills | 0:e979170e02e7 | 4432 | { |
ashleymills | 0:e979170e02e7 | 4433 | typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1]; |
ashleymills | 0:e979170e02e7 | 4434 | (void)sizeof(sha_test); |
ashleymills | 0:e979170e02e7 | 4435 | |
ashleymills | 0:e979170e02e7 | 4436 | CYASSL_ENTER("SHA256_Init"); |
ashleymills | 0:e979170e02e7 | 4437 | InitSha256((Sha256*)sha256); |
ashleymills | 0:e979170e02e7 | 4438 | } |
ashleymills | 0:e979170e02e7 | 4439 | |
ashleymills | 0:e979170e02e7 | 4440 | |
ashleymills | 0:e979170e02e7 | 4441 | void CyaSSL_SHA256_Update(CYASSL_SHA256_CTX* sha, const void* input, |
ashleymills | 0:e979170e02e7 | 4442 | unsigned long sz) |
ashleymills | 0:e979170e02e7 | 4443 | { |
ashleymills | 0:e979170e02e7 | 4444 | CYASSL_ENTER("SHA256_Update"); |
ashleymills | 0:e979170e02e7 | 4445 | Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz); |
ashleymills | 0:e979170e02e7 | 4446 | } |
ashleymills | 0:e979170e02e7 | 4447 | |
ashleymills | 0:e979170e02e7 | 4448 | |
ashleymills | 0:e979170e02e7 | 4449 | void CyaSSL_SHA256_Final(byte* input, CYASSL_SHA256_CTX* sha) |
ashleymills | 0:e979170e02e7 | 4450 | { |
ashleymills | 0:e979170e02e7 | 4451 | CYASSL_ENTER("SHA256_Final"); |
ashleymills | 0:e979170e02e7 | 4452 | Sha256Final((Sha256*)sha, input); |
ashleymills | 0:e979170e02e7 | 4453 | } |
ashleymills | 0:e979170e02e7 | 4454 | |
ashleymills | 0:e979170e02e7 | 4455 | |
ashleymills | 0:e979170e02e7 | 4456 | #ifdef CYASSL_SHA384 |
ashleymills | 0:e979170e02e7 | 4457 | |
ashleymills | 0:e979170e02e7 | 4458 | void CyaSSL_SHA384_Init(CYASSL_SHA384_CTX* sha) |
ashleymills | 0:e979170e02e7 | 4459 | { |
ashleymills | 0:e979170e02e7 | 4460 | typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1]; |
ashleymills | 0:e979170e02e7 | 4461 | (void)sizeof(sha_test); |
ashleymills | 0:e979170e02e7 | 4462 | |
ashleymills | 0:e979170e02e7 | 4463 | CYASSL_ENTER("SHA384_Init"); |
ashleymills | 0:e979170e02e7 | 4464 | InitSha384((Sha384*)sha); |
ashleymills | 0:e979170e02e7 | 4465 | } |
ashleymills | 0:e979170e02e7 | 4466 | |
ashleymills | 0:e979170e02e7 | 4467 | |
ashleymills | 0:e979170e02e7 | 4468 | void CyaSSL_SHA384_Update(CYASSL_SHA384_CTX* sha, const void* input, |
ashleymills | 0:e979170e02e7 | 4469 | unsigned long sz) |
ashleymills | 0:e979170e02e7 | 4470 | { |
ashleymills | 0:e979170e02e7 | 4471 | CYASSL_ENTER("SHA384_Update"); |
ashleymills | 0:e979170e02e7 | 4472 | Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz); |
ashleymills | 0:e979170e02e7 | 4473 | } |
ashleymills | 0:e979170e02e7 | 4474 | |
ashleymills | 0:e979170e02e7 | 4475 | |
ashleymills | 0:e979170e02e7 | 4476 | void CyaSSL_SHA384_Final(byte* input, CYASSL_SHA384_CTX* sha) |
ashleymills | 0:e979170e02e7 | 4477 | { |
ashleymills | 0:e979170e02e7 | 4478 | CYASSL_ENTER("SHA384_Final"); |
ashleymills | 0:e979170e02e7 | 4479 | Sha384Final((Sha384*)sha, input); |
ashleymills | 0:e979170e02e7 | 4480 | } |
ashleymills | 0:e979170e02e7 | 4481 | |
ashleymills | 0:e979170e02e7 | 4482 | #endif /* CYASSL_SHA384 */ |
ashleymills | 0:e979170e02e7 | 4483 | |
ashleymills | 0:e979170e02e7 | 4484 | |
ashleymills | 0:e979170e02e7 | 4485 | #ifdef CYASSL_SHA512 |
ashleymills | 0:e979170e02e7 | 4486 | |
ashleymills | 0:e979170e02e7 | 4487 | void CyaSSL_SHA512_Init(CYASSL_SHA512_CTX* sha) |
ashleymills | 0:e979170e02e7 | 4488 | { |
ashleymills | 0:e979170e02e7 | 4489 | typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1]; |
ashleymills | 0:e979170e02e7 | 4490 | (void)sizeof(sha_test); |
ashleymills | 0:e979170e02e7 | 4491 | |
ashleymills | 0:e979170e02e7 | 4492 | CYASSL_ENTER("SHA512_Init"); |
ashleymills | 0:e979170e02e7 | 4493 | InitSha512((Sha512*)sha); |
ashleymills | 0:e979170e02e7 | 4494 | } |
ashleymills | 0:e979170e02e7 | 4495 | |
ashleymills | 0:e979170e02e7 | 4496 | |
ashleymills | 0:e979170e02e7 | 4497 | void CyaSSL_SHA512_Update(CYASSL_SHA512_CTX* sha, const void* input, |
ashleymills | 0:e979170e02e7 | 4498 | unsigned long sz) |
ashleymills | 0:e979170e02e7 | 4499 | { |
ashleymills | 0:e979170e02e7 | 4500 | CYASSL_ENTER("SHA512_Update"); |
ashleymills | 0:e979170e02e7 | 4501 | Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz); |
ashleymills | 0:e979170e02e7 | 4502 | } |
ashleymills | 0:e979170e02e7 | 4503 | |
ashleymills | 0:e979170e02e7 | 4504 | |
ashleymills | 0:e979170e02e7 | 4505 | void CyaSSL_SHA512_Final(byte* input, CYASSL_SHA512_CTX* sha) |
ashleymills | 0:e979170e02e7 | 4506 | { |
ashleymills | 0:e979170e02e7 | 4507 | CYASSL_ENTER("SHA512_Final"); |
ashleymills | 0:e979170e02e7 | 4508 | Sha512Final((Sha512*)sha, input); |
ashleymills | 0:e979170e02e7 | 4509 | } |
ashleymills | 0:e979170e02e7 | 4510 | |
ashleymills | 0:e979170e02e7 | 4511 | #endif /* CYASSL_SHA512 */ |
ashleymills | 0:e979170e02e7 | 4512 | |
ashleymills | 0:e979170e02e7 | 4513 | |
ashleymills | 0:e979170e02e7 | 4514 | const CYASSL_EVP_MD* CyaSSL_EVP_md5(void) |
ashleymills | 0:e979170e02e7 | 4515 | { |
ashleymills | 0:e979170e02e7 | 4516 | static const char* type = "MD5"; |
ashleymills | 0:e979170e02e7 | 4517 | CYASSL_ENTER("EVP_md5"); |
ashleymills | 0:e979170e02e7 | 4518 | return type; |
ashleymills | 0:e979170e02e7 | 4519 | } |
ashleymills | 0:e979170e02e7 | 4520 | |
ashleymills | 0:e979170e02e7 | 4521 | |
ashleymills | 0:e979170e02e7 | 4522 | const CYASSL_EVP_MD* CyaSSL_EVP_sha1(void) |
ashleymills | 0:e979170e02e7 | 4523 | { |
ashleymills | 0:e979170e02e7 | 4524 | static const char* type = "SHA"; |
ashleymills | 0:e979170e02e7 | 4525 | CYASSL_ENTER("EVP_sha1"); |
ashleymills | 0:e979170e02e7 | 4526 | return type; |
ashleymills | 0:e979170e02e7 | 4527 | } |
ashleymills | 0:e979170e02e7 | 4528 | |
ashleymills | 0:e979170e02e7 | 4529 | |
ashleymills | 0:e979170e02e7 | 4530 | const CYASSL_EVP_MD* CyaSSL_EVP_sha256(void) |
ashleymills | 0:e979170e02e7 | 4531 | { |
ashleymills | 0:e979170e02e7 | 4532 | static const char* type = "SHA256"; |
ashleymills | 0:e979170e02e7 | 4533 | CYASSL_ENTER("EVP_sha256"); |
ashleymills | 0:e979170e02e7 | 4534 | return type; |
ashleymills | 0:e979170e02e7 | 4535 | } |
ashleymills | 0:e979170e02e7 | 4536 | |
ashleymills | 0:e979170e02e7 | 4537 | #ifdef CYASSL_SHA384 |
ashleymills | 0:e979170e02e7 | 4538 | |
ashleymills | 0:e979170e02e7 | 4539 | const CYASSL_EVP_MD* CyaSSL_EVP_sha384(void) |
ashleymills | 0:e979170e02e7 | 4540 | { |
ashleymills | 0:e979170e02e7 | 4541 | static const char* type = "SHA384"; |
ashleymills | 0:e979170e02e7 | 4542 | CYASSL_ENTER("EVP_sha384"); |
ashleymills | 0:e979170e02e7 | 4543 | return type; |
ashleymills | 0:e979170e02e7 | 4544 | } |
ashleymills | 0:e979170e02e7 | 4545 | |
ashleymills | 0:e979170e02e7 | 4546 | #endif /* CYASSL_SHA384 */ |
ashleymills | 0:e979170e02e7 | 4547 | |
ashleymills | 0:e979170e02e7 | 4548 | #ifdef CYASSL_SHA512 |
ashleymills | 0:e979170e02e7 | 4549 | |
ashleymills | 0:e979170e02e7 | 4550 | const CYASSL_EVP_MD* CyaSSL_EVP_sha512(void) |
ashleymills | 0:e979170e02e7 | 4551 | { |
ashleymills | 0:e979170e02e7 | 4552 | static const char* type = "SHA512"; |
ashleymills | 0:e979170e02e7 | 4553 | CYASSL_ENTER("EVP_sha512"); |
ashleymills | 0:e979170e02e7 | 4554 | return type; |
ashleymills | 0:e979170e02e7 | 4555 | } |
ashleymills | 0:e979170e02e7 | 4556 | |
ashleymills | 0:e979170e02e7 | 4557 | #endif /* CYASSL_SHA512 */ |
ashleymills | 0:e979170e02e7 | 4558 | |
ashleymills | 0:e979170e02e7 | 4559 | |
ashleymills | 0:e979170e02e7 | 4560 | void CyaSSL_EVP_MD_CTX_init(CYASSL_EVP_MD_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 4561 | { |
ashleymills | 0:e979170e02e7 | 4562 | CYASSL_ENTER("EVP_CIPHER_MD_CTX_init"); |
ashleymills | 0:e979170e02e7 | 4563 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 4564 | /* do nothing */ |
ashleymills | 0:e979170e02e7 | 4565 | } |
ashleymills | 0:e979170e02e7 | 4566 | |
ashleymills | 0:e979170e02e7 | 4567 | |
ashleymills | 0:e979170e02e7 | 4568 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_cbc(void) |
ashleymills | 0:e979170e02e7 | 4569 | { |
ashleymills | 0:e979170e02e7 | 4570 | static const char* type = "AES128-CBC"; |
ashleymills | 0:e979170e02e7 | 4571 | CYASSL_ENTER("CyaSSL_EVP_aes_128_cbc"); |
ashleymills | 0:e979170e02e7 | 4572 | return type; |
ashleymills | 0:e979170e02e7 | 4573 | } |
ashleymills | 0:e979170e02e7 | 4574 | |
ashleymills | 0:e979170e02e7 | 4575 | |
ashleymills | 0:e979170e02e7 | 4576 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_cbc(void) |
ashleymills | 0:e979170e02e7 | 4577 | { |
ashleymills | 0:e979170e02e7 | 4578 | static const char* type = "AES192-CBC"; |
ashleymills | 0:e979170e02e7 | 4579 | CYASSL_ENTER("CyaSSL_EVP_aes_192_cbc"); |
ashleymills | 0:e979170e02e7 | 4580 | return type; |
ashleymills | 0:e979170e02e7 | 4581 | } |
ashleymills | 0:e979170e02e7 | 4582 | |
ashleymills | 0:e979170e02e7 | 4583 | |
ashleymills | 0:e979170e02e7 | 4584 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_cbc(void) |
ashleymills | 0:e979170e02e7 | 4585 | { |
ashleymills | 0:e979170e02e7 | 4586 | static const char* type = "AES256-CBC"; |
ashleymills | 0:e979170e02e7 | 4587 | CYASSL_ENTER("CyaSSL_EVP_aes_256_cbc"); |
ashleymills | 0:e979170e02e7 | 4588 | return type; |
ashleymills | 0:e979170e02e7 | 4589 | } |
ashleymills | 0:e979170e02e7 | 4590 | |
ashleymills | 0:e979170e02e7 | 4591 | |
ashleymills | 0:e979170e02e7 | 4592 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_ctr(void) |
ashleymills | 0:e979170e02e7 | 4593 | { |
ashleymills | 0:e979170e02e7 | 4594 | static const char* type = "AES128-CTR"; |
ashleymills | 0:e979170e02e7 | 4595 | CYASSL_ENTER("CyaSSL_EVP_aes_128_ctr"); |
ashleymills | 0:e979170e02e7 | 4596 | return type; |
ashleymills | 0:e979170e02e7 | 4597 | } |
ashleymills | 0:e979170e02e7 | 4598 | |
ashleymills | 0:e979170e02e7 | 4599 | |
ashleymills | 0:e979170e02e7 | 4600 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_ctr(void) |
ashleymills | 0:e979170e02e7 | 4601 | { |
ashleymills | 0:e979170e02e7 | 4602 | static const char* type = "AES192-CTR"; |
ashleymills | 0:e979170e02e7 | 4603 | CYASSL_ENTER("CyaSSL_EVP_aes_192_ctr"); |
ashleymills | 0:e979170e02e7 | 4604 | return type; |
ashleymills | 0:e979170e02e7 | 4605 | } |
ashleymills | 0:e979170e02e7 | 4606 | |
ashleymills | 0:e979170e02e7 | 4607 | |
ashleymills | 0:e979170e02e7 | 4608 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_ctr(void) |
ashleymills | 0:e979170e02e7 | 4609 | { |
ashleymills | 0:e979170e02e7 | 4610 | static const char* type = "AES256-CTR"; |
ashleymills | 0:e979170e02e7 | 4611 | CYASSL_ENTER("CyaSSL_EVP_aes_256_ctr"); |
ashleymills | 0:e979170e02e7 | 4612 | return type; |
ashleymills | 0:e979170e02e7 | 4613 | } |
ashleymills | 0:e979170e02e7 | 4614 | |
ashleymills | 0:e979170e02e7 | 4615 | |
ashleymills | 0:e979170e02e7 | 4616 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_cbc(void) |
ashleymills | 0:e979170e02e7 | 4617 | { |
ashleymills | 0:e979170e02e7 | 4618 | static const char* type = "DES-CBC"; |
ashleymills | 0:e979170e02e7 | 4619 | CYASSL_ENTER("CyaSSL_EVP_des_cbc"); |
ashleymills | 0:e979170e02e7 | 4620 | return type; |
ashleymills | 0:e979170e02e7 | 4621 | } |
ashleymills | 0:e979170e02e7 | 4622 | |
ashleymills | 0:e979170e02e7 | 4623 | |
ashleymills | 0:e979170e02e7 | 4624 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_ede3_cbc(void) |
ashleymills | 0:e979170e02e7 | 4625 | { |
ashleymills | 0:e979170e02e7 | 4626 | static const char* type = "DES-EDE3-CBC"; |
ashleymills | 0:e979170e02e7 | 4627 | CYASSL_ENTER("CyaSSL_EVP_des_ede3_cbc"); |
ashleymills | 0:e979170e02e7 | 4628 | return type; |
ashleymills | 0:e979170e02e7 | 4629 | } |
ashleymills | 0:e979170e02e7 | 4630 | |
ashleymills | 0:e979170e02e7 | 4631 | |
ashleymills | 0:e979170e02e7 | 4632 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_rc4(void) |
ashleymills | 0:e979170e02e7 | 4633 | { |
ashleymills | 0:e979170e02e7 | 4634 | static const char* type = "ARC4"; |
ashleymills | 0:e979170e02e7 | 4635 | CYASSL_ENTER("CyaSSL_EVP_rc4"); |
ashleymills | 0:e979170e02e7 | 4636 | return type; |
ashleymills | 0:e979170e02e7 | 4637 | } |
ashleymills | 0:e979170e02e7 | 4638 | |
ashleymills | 0:e979170e02e7 | 4639 | |
ashleymills | 0:e979170e02e7 | 4640 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_enc_null(void) |
ashleymills | 0:e979170e02e7 | 4641 | { |
ashleymills | 0:e979170e02e7 | 4642 | static const char* type = "NULL"; |
ashleymills | 0:e979170e02e7 | 4643 | CYASSL_ENTER("CyaSSL_EVP_enc_null"); |
ashleymills | 0:e979170e02e7 | 4644 | return type; |
ashleymills | 0:e979170e02e7 | 4645 | } |
ashleymills | 0:e979170e02e7 | 4646 | |
ashleymills | 0:e979170e02e7 | 4647 | |
ashleymills | 0:e979170e02e7 | 4648 | int CyaSSL_EVP_MD_CTX_cleanup(CYASSL_EVP_MD_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 4649 | { |
ashleymills | 0:e979170e02e7 | 4650 | CYASSL_ENTER("EVP_MD_CTX_cleanup"); |
ashleymills | 0:e979170e02e7 | 4651 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 4652 | return 0; |
ashleymills | 0:e979170e02e7 | 4653 | } |
ashleymills | 0:e979170e02e7 | 4654 | |
ashleymills | 0:e979170e02e7 | 4655 | |
ashleymills | 0:e979170e02e7 | 4656 | |
ashleymills | 0:e979170e02e7 | 4657 | void CyaSSL_EVP_CIPHER_CTX_init(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 4658 | { |
ashleymills | 0:e979170e02e7 | 4659 | CYASSL_ENTER("EVP_CIPHER_CTX_init"); |
ashleymills | 0:e979170e02e7 | 4660 | if (ctx) { |
ashleymills | 0:e979170e02e7 | 4661 | ctx->cipherType = 0xff; /* no init */ |
ashleymills | 0:e979170e02e7 | 4662 | ctx->keyLen = 0; |
ashleymills | 0:e979170e02e7 | 4663 | ctx->enc = 1; /* start in encrypt mode */ |
ashleymills | 0:e979170e02e7 | 4664 | } |
ashleymills | 0:e979170e02e7 | 4665 | } |
ashleymills | 0:e979170e02e7 | 4666 | |
ashleymills | 0:e979170e02e7 | 4667 | |
ashleymills | 0:e979170e02e7 | 4668 | int CyaSSL_EVP_CIPHER_CTX_cleanup(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 4669 | { |
ashleymills | 0:e979170e02e7 | 4670 | CYASSL_ENTER("EVP_CIPHER_CTX_cleanup"); |
ashleymills | 0:e979170e02e7 | 4671 | if (ctx) { |
ashleymills | 0:e979170e02e7 | 4672 | ctx->cipherType = 0xff; /* no more init */ |
ashleymills | 0:e979170e02e7 | 4673 | ctx->keyLen = 0; |
ashleymills | 0:e979170e02e7 | 4674 | } |
ashleymills | 0:e979170e02e7 | 4675 | |
ashleymills | 0:e979170e02e7 | 4676 | return 1; /* success */ |
ashleymills | 0:e979170e02e7 | 4677 | } |
ashleymills | 0:e979170e02e7 | 4678 | |
ashleymills | 0:e979170e02e7 | 4679 | int CyaSSL_EVP_CipherInit(CYASSL_EVP_CIPHER_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 4680 | const CYASSL_EVP_CIPHER* type, byte* key, |
ashleymills | 0:e979170e02e7 | 4681 | byte* iv, int enc) |
ashleymills | 0:e979170e02e7 | 4682 | { |
ashleymills | 0:e979170e02e7 | 4683 | CYASSL_ENTER("CyaSSL_EVP_CipherInit"); |
ashleymills | 0:e979170e02e7 | 4684 | if (ctx == NULL) { |
ashleymills | 0:e979170e02e7 | 4685 | CYASSL_MSG("no ctx"); |
ashleymills | 0:e979170e02e7 | 4686 | return 0; /* failure */ |
ashleymills | 0:e979170e02e7 | 4687 | } |
ashleymills | 0:e979170e02e7 | 4688 | |
ashleymills | 0:e979170e02e7 | 4689 | if (type == NULL && ctx->cipherType == 0xff) { |
ashleymills | 0:e979170e02e7 | 4690 | CYASSL_MSG("no type set"); |
ashleymills | 0:e979170e02e7 | 4691 | return 0; /* failure */ |
ashleymills | 0:e979170e02e7 | 4692 | } |
ashleymills | 0:e979170e02e7 | 4693 | |
ashleymills | 0:e979170e02e7 | 4694 | if (ctx->cipherType == AES_128_CBC_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4695 | XSTRNCMP(type, "AES128-CBC", 10) == 0)) { |
ashleymills | 0:e979170e02e7 | 4696 | CYASSL_MSG("AES-128-CBC"); |
ashleymills | 0:e979170e02e7 | 4697 | ctx->cipherType = AES_128_CBC_TYPE; |
ashleymills | 0:e979170e02e7 | 4698 | ctx->keyLen = 16; |
ashleymills | 0:e979170e02e7 | 4699 | if (enc == 0 || enc == 1) |
ashleymills | 0:e979170e02e7 | 4700 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:e979170e02e7 | 4701 | if (key) |
ashleymills | 0:e979170e02e7 | 4702 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:e979170e02e7 | 4703 | ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 4704 | if (iv && key == NULL) |
ashleymills | 0:e979170e02e7 | 4705 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:e979170e02e7 | 4706 | } |
ashleymills | 0:e979170e02e7 | 4707 | else if (ctx->cipherType == AES_192_CBC_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4708 | XSTRNCMP(type, "AES192-CBC", 10) == 0)) { |
ashleymills | 0:e979170e02e7 | 4709 | CYASSL_MSG("AES-192-CBC"); |
ashleymills | 0:e979170e02e7 | 4710 | ctx->cipherType = AES_192_CBC_TYPE; |
ashleymills | 0:e979170e02e7 | 4711 | ctx->keyLen = 24; |
ashleymills | 0:e979170e02e7 | 4712 | if (enc == 0 || enc == 1) |
ashleymills | 0:e979170e02e7 | 4713 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:e979170e02e7 | 4714 | if (key) |
ashleymills | 0:e979170e02e7 | 4715 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:e979170e02e7 | 4716 | ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 4717 | if (iv && key == NULL) |
ashleymills | 0:e979170e02e7 | 4718 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:e979170e02e7 | 4719 | } |
ashleymills | 0:e979170e02e7 | 4720 | else if (ctx->cipherType == AES_256_CBC_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4721 | XSTRNCMP(type, "AES256-CBC", 10) == 0)) { |
ashleymills | 0:e979170e02e7 | 4722 | CYASSL_MSG("AES-256-CBC"); |
ashleymills | 0:e979170e02e7 | 4723 | ctx->cipherType = AES_256_CBC_TYPE; |
ashleymills | 0:e979170e02e7 | 4724 | ctx->keyLen = 32; |
ashleymills | 0:e979170e02e7 | 4725 | if (enc == 0 || enc == 1) |
ashleymills | 0:e979170e02e7 | 4726 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:e979170e02e7 | 4727 | if (key) |
ashleymills | 0:e979170e02e7 | 4728 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:e979170e02e7 | 4729 | ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 4730 | if (iv && key == NULL) |
ashleymills | 0:e979170e02e7 | 4731 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:e979170e02e7 | 4732 | } |
ashleymills | 0:e979170e02e7 | 4733 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:e979170e02e7 | 4734 | else if (ctx->cipherType == AES_128_CTR_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4735 | XSTRNCMP(type, "AES128-CTR", 10) == 0)) { |
ashleymills | 0:e979170e02e7 | 4736 | CYASSL_MSG("AES-128-CTR"); |
ashleymills | 0:e979170e02e7 | 4737 | ctx->cipherType = AES_128_CTR_TYPE; |
ashleymills | 0:e979170e02e7 | 4738 | ctx->keyLen = 16; |
ashleymills | 0:e979170e02e7 | 4739 | if (enc == 0 || enc == 1) |
ashleymills | 0:e979170e02e7 | 4740 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:e979170e02e7 | 4741 | if (key) |
ashleymills | 0:e979170e02e7 | 4742 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:e979170e02e7 | 4743 | AES_ENCRYPTION); |
ashleymills | 0:e979170e02e7 | 4744 | if (iv && key == NULL) |
ashleymills | 0:e979170e02e7 | 4745 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:e979170e02e7 | 4746 | } |
ashleymills | 0:e979170e02e7 | 4747 | else if (ctx->cipherType == AES_192_CTR_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4748 | XSTRNCMP(type, "AES192-CTR", 10) == 0)) { |
ashleymills | 0:e979170e02e7 | 4749 | CYASSL_MSG("AES-192-CTR"); |
ashleymills | 0:e979170e02e7 | 4750 | ctx->cipherType = AES_192_CTR_TYPE; |
ashleymills | 0:e979170e02e7 | 4751 | ctx->keyLen = 24; |
ashleymills | 0:e979170e02e7 | 4752 | if (enc == 0 || enc == 1) |
ashleymills | 0:e979170e02e7 | 4753 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:e979170e02e7 | 4754 | if (key) |
ashleymills | 0:e979170e02e7 | 4755 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:e979170e02e7 | 4756 | AES_ENCRYPTION); |
ashleymills | 0:e979170e02e7 | 4757 | if (iv && key == NULL) |
ashleymills | 0:e979170e02e7 | 4758 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:e979170e02e7 | 4759 | } |
ashleymills | 0:e979170e02e7 | 4760 | else if (ctx->cipherType == AES_256_CTR_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4761 | XSTRNCMP(type, "AES256-CTR", 10) == 0)) { |
ashleymills | 0:e979170e02e7 | 4762 | CYASSL_MSG("AES-256-CTR"); |
ashleymills | 0:e979170e02e7 | 4763 | ctx->cipherType = AES_256_CTR_TYPE; |
ashleymills | 0:e979170e02e7 | 4764 | ctx->keyLen = 32; |
ashleymills | 0:e979170e02e7 | 4765 | if (enc == 0 || enc == 1) |
ashleymills | 0:e979170e02e7 | 4766 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:e979170e02e7 | 4767 | if (key) |
ashleymills | 0:e979170e02e7 | 4768 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:e979170e02e7 | 4769 | AES_ENCRYPTION); |
ashleymills | 0:e979170e02e7 | 4770 | if (iv && key == NULL) |
ashleymills | 0:e979170e02e7 | 4771 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:e979170e02e7 | 4772 | } |
ashleymills | 0:e979170e02e7 | 4773 | #endif /* CYASSL_AES_CTR */ |
ashleymills | 0:e979170e02e7 | 4774 | else if (ctx->cipherType == DES_CBC_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4775 | XSTRNCMP(type, "DES-CBC", 7) == 0)) { |
ashleymills | 0:e979170e02e7 | 4776 | CYASSL_MSG("DES-CBC"); |
ashleymills | 0:e979170e02e7 | 4777 | ctx->cipherType = DES_CBC_TYPE; |
ashleymills | 0:e979170e02e7 | 4778 | ctx->keyLen = 8; |
ashleymills | 0:e979170e02e7 | 4779 | if (enc == 0 || enc == 1) |
ashleymills | 0:e979170e02e7 | 4780 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:e979170e02e7 | 4781 | if (key) |
ashleymills | 0:e979170e02e7 | 4782 | Des_SetKey(&ctx->cipher.des, key, iv, |
ashleymills | 0:e979170e02e7 | 4783 | ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 4784 | if (iv && key == NULL) |
ashleymills | 0:e979170e02e7 | 4785 | Des_SetIV(&ctx->cipher.des, iv); |
ashleymills | 0:e979170e02e7 | 4786 | } |
ashleymills | 0:e979170e02e7 | 4787 | else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4788 | XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) { |
ashleymills | 0:e979170e02e7 | 4789 | CYASSL_MSG("DES-EDE3-CBC"); |
ashleymills | 0:e979170e02e7 | 4790 | ctx->cipherType = DES_EDE3_CBC_TYPE; |
ashleymills | 0:e979170e02e7 | 4791 | ctx->keyLen = 24; |
ashleymills | 0:e979170e02e7 | 4792 | if (enc == 0 || enc == 1) |
ashleymills | 0:e979170e02e7 | 4793 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:e979170e02e7 | 4794 | if (key) |
ashleymills | 0:e979170e02e7 | 4795 | Des3_SetKey(&ctx->cipher.des3, key, iv, |
ashleymills | 0:e979170e02e7 | 4796 | ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); |
ashleymills | 0:e979170e02e7 | 4797 | if (iv && key == NULL) |
ashleymills | 0:e979170e02e7 | 4798 | Des3_SetIV(&ctx->cipher.des3, iv); |
ashleymills | 0:e979170e02e7 | 4799 | } |
ashleymills | 0:e979170e02e7 | 4800 | else if (ctx->cipherType == ARC4_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4801 | XSTRNCMP(type, "ARC4", 4) == 0)) { |
ashleymills | 0:e979170e02e7 | 4802 | CYASSL_MSG("ARC4"); |
ashleymills | 0:e979170e02e7 | 4803 | ctx->cipherType = ARC4_TYPE; |
ashleymills | 0:e979170e02e7 | 4804 | if (ctx->keyLen == 0) /* user may have already set */ |
ashleymills | 0:e979170e02e7 | 4805 | ctx->keyLen = 16; /* default to 128 */ |
ashleymills | 0:e979170e02e7 | 4806 | if (key) |
ashleymills | 0:e979170e02e7 | 4807 | Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); |
ashleymills | 0:e979170e02e7 | 4808 | } |
ashleymills | 0:e979170e02e7 | 4809 | else if (ctx->cipherType == NULL_CIPHER_TYPE || (type && |
ashleymills | 0:e979170e02e7 | 4810 | XSTRNCMP(type, "NULL", 4) == 0)) { |
ashleymills | 0:e979170e02e7 | 4811 | CYASSL_MSG("NULL cipher"); |
ashleymills | 0:e979170e02e7 | 4812 | ctx->cipherType = NULL_CIPHER_TYPE; |
ashleymills | 0:e979170e02e7 | 4813 | ctx->keyLen = 0; |
ashleymills | 0:e979170e02e7 | 4814 | } |
ashleymills | 0:e979170e02e7 | 4815 | else |
ashleymills | 0:e979170e02e7 | 4816 | return 0; /* failure */ |
ashleymills | 0:e979170e02e7 | 4817 | |
ashleymills | 0:e979170e02e7 | 4818 | |
ashleymills | 0:e979170e02e7 | 4819 | return 1; /* success */ |
ashleymills | 0:e979170e02e7 | 4820 | } |
ashleymills | 0:e979170e02e7 | 4821 | |
ashleymills | 0:e979170e02e7 | 4822 | |
ashleymills | 0:e979170e02e7 | 4823 | int CyaSSL_EVP_CIPHER_CTX_key_length(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 4824 | { |
ashleymills | 0:e979170e02e7 | 4825 | CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_key_length"); |
ashleymills | 0:e979170e02e7 | 4826 | if (ctx) |
ashleymills | 0:e979170e02e7 | 4827 | return ctx->keyLen; |
ashleymills | 0:e979170e02e7 | 4828 | |
ashleymills | 0:e979170e02e7 | 4829 | return 0; /* failure */ |
ashleymills | 0:e979170e02e7 | 4830 | } |
ashleymills | 0:e979170e02e7 | 4831 | |
ashleymills | 0:e979170e02e7 | 4832 | |
ashleymills | 0:e979170e02e7 | 4833 | int CyaSSL_EVP_CIPHER_CTX_set_key_length(CYASSL_EVP_CIPHER_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 4834 | int keylen) |
ashleymills | 0:e979170e02e7 | 4835 | { |
ashleymills | 0:e979170e02e7 | 4836 | CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_set_key_length"); |
ashleymills | 0:e979170e02e7 | 4837 | if (ctx) |
ashleymills | 0:e979170e02e7 | 4838 | ctx->keyLen = keylen; |
ashleymills | 0:e979170e02e7 | 4839 | else |
ashleymills | 0:e979170e02e7 | 4840 | return 0; /* failure */ |
ashleymills | 0:e979170e02e7 | 4841 | |
ashleymills | 0:e979170e02e7 | 4842 | return 1; /* success */ |
ashleymills | 0:e979170e02e7 | 4843 | } |
ashleymills | 0:e979170e02e7 | 4844 | |
ashleymills | 0:e979170e02e7 | 4845 | |
ashleymills | 0:e979170e02e7 | 4846 | int CyaSSL_EVP_Cipher(CYASSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, |
ashleymills | 0:e979170e02e7 | 4847 | word32 len) |
ashleymills | 0:e979170e02e7 | 4848 | { |
ashleymills | 0:e979170e02e7 | 4849 | CYASSL_ENTER("CyaSSL_EVP_Cipher"); |
ashleymills | 0:e979170e02e7 | 4850 | |
ashleymills | 0:e979170e02e7 | 4851 | if (ctx == NULL || dst == NULL || src == NULL) { |
ashleymills | 0:e979170e02e7 | 4852 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:e979170e02e7 | 4853 | return 0; /* failure */ |
ashleymills | 0:e979170e02e7 | 4854 | } |
ashleymills | 0:e979170e02e7 | 4855 | |
ashleymills | 0:e979170e02e7 | 4856 | if (ctx->cipherType == 0xff) { |
ashleymills | 0:e979170e02e7 | 4857 | CYASSL_MSG("no init"); |
ashleymills | 0:e979170e02e7 | 4858 | return 0; /* failure */ |
ashleymills | 0:e979170e02e7 | 4859 | } |
ashleymills | 0:e979170e02e7 | 4860 | |
ashleymills | 0:e979170e02e7 | 4861 | switch (ctx->cipherType) { |
ashleymills | 0:e979170e02e7 | 4862 | |
ashleymills | 0:e979170e02e7 | 4863 | case AES_128_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4864 | case AES_192_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4865 | case AES_256_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4866 | CYASSL_MSG("AES CBC"); |
ashleymills | 0:e979170e02e7 | 4867 | if (ctx->enc) |
ashleymills | 0:e979170e02e7 | 4868 | AesCbcEncrypt(&ctx->cipher.aes, dst, src, len); |
ashleymills | 0:e979170e02e7 | 4869 | else |
ashleymills | 0:e979170e02e7 | 4870 | AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); |
ashleymills | 0:e979170e02e7 | 4871 | break; |
ashleymills | 0:e979170e02e7 | 4872 | |
ashleymills | 0:e979170e02e7 | 4873 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:e979170e02e7 | 4874 | case AES_128_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 4875 | case AES_192_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 4876 | case AES_256_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 4877 | CYASSL_MSG("AES CTR"); |
ashleymills | 0:e979170e02e7 | 4878 | AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); |
ashleymills | 0:e979170e02e7 | 4879 | break; |
ashleymills | 0:e979170e02e7 | 4880 | #endif |
ashleymills | 0:e979170e02e7 | 4881 | |
ashleymills | 0:e979170e02e7 | 4882 | case DES_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4883 | if (ctx->enc) |
ashleymills | 0:e979170e02e7 | 4884 | Des_CbcEncrypt(&ctx->cipher.des, dst, src, len); |
ashleymills | 0:e979170e02e7 | 4885 | else |
ashleymills | 0:e979170e02e7 | 4886 | Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); |
ashleymills | 0:e979170e02e7 | 4887 | break; |
ashleymills | 0:e979170e02e7 | 4888 | |
ashleymills | 0:e979170e02e7 | 4889 | case DES_EDE3_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4890 | if (ctx->enc) |
ashleymills | 0:e979170e02e7 | 4891 | Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); |
ashleymills | 0:e979170e02e7 | 4892 | else |
ashleymills | 0:e979170e02e7 | 4893 | Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); |
ashleymills | 0:e979170e02e7 | 4894 | break; |
ashleymills | 0:e979170e02e7 | 4895 | |
ashleymills | 0:e979170e02e7 | 4896 | case ARC4_TYPE : |
ashleymills | 0:e979170e02e7 | 4897 | Arc4Process(&ctx->cipher.arc4, dst, src, len); |
ashleymills | 0:e979170e02e7 | 4898 | break; |
ashleymills | 0:e979170e02e7 | 4899 | |
ashleymills | 0:e979170e02e7 | 4900 | case NULL_CIPHER_TYPE : |
ashleymills | 0:e979170e02e7 | 4901 | XMEMCPY(dst, src, len); |
ashleymills | 0:e979170e02e7 | 4902 | break; |
ashleymills | 0:e979170e02e7 | 4903 | |
ashleymills | 0:e979170e02e7 | 4904 | default: { |
ashleymills | 0:e979170e02e7 | 4905 | CYASSL_MSG("bad type"); |
ashleymills | 0:e979170e02e7 | 4906 | return 0; /* failure */ |
ashleymills | 0:e979170e02e7 | 4907 | } |
ashleymills | 0:e979170e02e7 | 4908 | } |
ashleymills | 0:e979170e02e7 | 4909 | |
ashleymills | 0:e979170e02e7 | 4910 | CYASSL_MSG("CyaSSL_EVP_Cipher success"); |
ashleymills | 0:e979170e02e7 | 4911 | return 1; /* success */ |
ashleymills | 0:e979170e02e7 | 4912 | } |
ashleymills | 0:e979170e02e7 | 4913 | |
ashleymills | 0:e979170e02e7 | 4914 | |
ashleymills | 0:e979170e02e7 | 4915 | /* store for external read of iv, 0 on success */ |
ashleymills | 0:e979170e02e7 | 4916 | int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 4917 | { |
ashleymills | 0:e979170e02e7 | 4918 | CYASSL_ENTER("CyaSSL_StoreExternalIV"); |
ashleymills | 0:e979170e02e7 | 4919 | |
ashleymills | 0:e979170e02e7 | 4920 | if (ctx == NULL) { |
ashleymills | 0:e979170e02e7 | 4921 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:e979170e02e7 | 4922 | return -1; |
ashleymills | 0:e979170e02e7 | 4923 | } |
ashleymills | 0:e979170e02e7 | 4924 | |
ashleymills | 0:e979170e02e7 | 4925 | switch (ctx->cipherType) { |
ashleymills | 0:e979170e02e7 | 4926 | |
ashleymills | 0:e979170e02e7 | 4927 | case AES_128_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4928 | case AES_192_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4929 | case AES_256_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4930 | CYASSL_MSG("AES CBC"); |
ashleymills | 0:e979170e02e7 | 4931 | memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 4932 | break; |
ashleymills | 0:e979170e02e7 | 4933 | |
ashleymills | 0:e979170e02e7 | 4934 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:e979170e02e7 | 4935 | case AES_128_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 4936 | case AES_192_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 4937 | case AES_256_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 4938 | CYASSL_MSG("AES CTR"); |
ashleymills | 0:e979170e02e7 | 4939 | memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 4940 | break; |
ashleymills | 0:e979170e02e7 | 4941 | #endif |
ashleymills | 0:e979170e02e7 | 4942 | |
ashleymills | 0:e979170e02e7 | 4943 | case DES_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4944 | CYASSL_MSG("DES CBC"); |
ashleymills | 0:e979170e02e7 | 4945 | memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 4946 | break; |
ashleymills | 0:e979170e02e7 | 4947 | |
ashleymills | 0:e979170e02e7 | 4948 | case DES_EDE3_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4949 | CYASSL_MSG("DES EDE3 CBC"); |
ashleymills | 0:e979170e02e7 | 4950 | memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 4951 | break; |
ashleymills | 0:e979170e02e7 | 4952 | |
ashleymills | 0:e979170e02e7 | 4953 | case ARC4_TYPE : |
ashleymills | 0:e979170e02e7 | 4954 | CYASSL_MSG("ARC4"); |
ashleymills | 0:e979170e02e7 | 4955 | break; |
ashleymills | 0:e979170e02e7 | 4956 | |
ashleymills | 0:e979170e02e7 | 4957 | case NULL_CIPHER_TYPE : |
ashleymills | 0:e979170e02e7 | 4958 | CYASSL_MSG("NULL"); |
ashleymills | 0:e979170e02e7 | 4959 | break; |
ashleymills | 0:e979170e02e7 | 4960 | |
ashleymills | 0:e979170e02e7 | 4961 | default: { |
ashleymills | 0:e979170e02e7 | 4962 | CYASSL_MSG("bad type"); |
ashleymills | 0:e979170e02e7 | 4963 | return -1; /* failure */ |
ashleymills | 0:e979170e02e7 | 4964 | } |
ashleymills | 0:e979170e02e7 | 4965 | } |
ashleymills | 0:e979170e02e7 | 4966 | return 0; /* success */ |
ashleymills | 0:e979170e02e7 | 4967 | } |
ashleymills | 0:e979170e02e7 | 4968 | |
ashleymills | 0:e979170e02e7 | 4969 | |
ashleymills | 0:e979170e02e7 | 4970 | /* set internal IV from external, 0 on success */ |
ashleymills | 0:e979170e02e7 | 4971 | int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 4972 | { |
ashleymills | 0:e979170e02e7 | 4973 | |
ashleymills | 0:e979170e02e7 | 4974 | CYASSL_ENTER("CyaSSL_SetInternalIV"); |
ashleymills | 0:e979170e02e7 | 4975 | |
ashleymills | 0:e979170e02e7 | 4976 | if (ctx == NULL) { |
ashleymills | 0:e979170e02e7 | 4977 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:e979170e02e7 | 4978 | return -1; |
ashleymills | 0:e979170e02e7 | 4979 | } |
ashleymills | 0:e979170e02e7 | 4980 | |
ashleymills | 0:e979170e02e7 | 4981 | switch (ctx->cipherType) { |
ashleymills | 0:e979170e02e7 | 4982 | |
ashleymills | 0:e979170e02e7 | 4983 | case AES_128_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4984 | case AES_192_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4985 | case AES_256_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 4986 | CYASSL_MSG("AES CBC"); |
ashleymills | 0:e979170e02e7 | 4987 | memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 4988 | break; |
ashleymills | 0:e979170e02e7 | 4989 | |
ashleymills | 0:e979170e02e7 | 4990 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:e979170e02e7 | 4991 | case AES_128_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 4992 | case AES_192_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 4993 | case AES_256_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 4994 | CYASSL_MSG("AES CTR"); |
ashleymills | 0:e979170e02e7 | 4995 | memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 4996 | break; |
ashleymills | 0:e979170e02e7 | 4997 | #endif |
ashleymills | 0:e979170e02e7 | 4998 | |
ashleymills | 0:e979170e02e7 | 4999 | case DES_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 5000 | CYASSL_MSG("DES CBC"); |
ashleymills | 0:e979170e02e7 | 5001 | memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 5002 | break; |
ashleymills | 0:e979170e02e7 | 5003 | |
ashleymills | 0:e979170e02e7 | 5004 | case DES_EDE3_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 5005 | CYASSL_MSG("DES EDE3 CBC"); |
ashleymills | 0:e979170e02e7 | 5006 | memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 5007 | break; |
ashleymills | 0:e979170e02e7 | 5008 | |
ashleymills | 0:e979170e02e7 | 5009 | case ARC4_TYPE : |
ashleymills | 0:e979170e02e7 | 5010 | CYASSL_MSG("ARC4"); |
ashleymills | 0:e979170e02e7 | 5011 | break; |
ashleymills | 0:e979170e02e7 | 5012 | |
ashleymills | 0:e979170e02e7 | 5013 | case NULL_CIPHER_TYPE : |
ashleymills | 0:e979170e02e7 | 5014 | CYASSL_MSG("NULL"); |
ashleymills | 0:e979170e02e7 | 5015 | break; |
ashleymills | 0:e979170e02e7 | 5016 | |
ashleymills | 0:e979170e02e7 | 5017 | default: { |
ashleymills | 0:e979170e02e7 | 5018 | CYASSL_MSG("bad type"); |
ashleymills | 0:e979170e02e7 | 5019 | return -1; /* failure */ |
ashleymills | 0:e979170e02e7 | 5020 | } |
ashleymills | 0:e979170e02e7 | 5021 | } |
ashleymills | 0:e979170e02e7 | 5022 | return 0; /* success */ |
ashleymills | 0:e979170e02e7 | 5023 | } |
ashleymills | 0:e979170e02e7 | 5024 | |
ashleymills | 0:e979170e02e7 | 5025 | |
ashleymills | 0:e979170e02e7 | 5026 | int CyaSSL_EVP_DigestInit(CYASSL_EVP_MD_CTX* ctx, const CYASSL_EVP_MD* type) |
ashleymills | 0:e979170e02e7 | 5027 | { |
ashleymills | 0:e979170e02e7 | 5028 | CYASSL_ENTER("EVP_DigestInit"); |
ashleymills | 0:e979170e02e7 | 5029 | if (XSTRNCMP(type, "MD5", 3) == 0) { |
ashleymills | 0:e979170e02e7 | 5030 | ctx->macType = MD5; |
ashleymills | 0:e979170e02e7 | 5031 | CyaSSL_MD5_Init((MD5_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5032 | } |
ashleymills | 0:e979170e02e7 | 5033 | else if (XSTRNCMP(type, "SHA256", 6) == 0) { |
ashleymills | 0:e979170e02e7 | 5034 | ctx->macType = SHA256; |
ashleymills | 0:e979170e02e7 | 5035 | CyaSSL_SHA256_Init((SHA256_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5036 | } |
ashleymills | 0:e979170e02e7 | 5037 | #ifdef CYASSL_SHA384 |
ashleymills | 0:e979170e02e7 | 5038 | else if (XSTRNCMP(type, "SHA384", 6) == 0) { |
ashleymills | 0:e979170e02e7 | 5039 | ctx->macType = SHA384; |
ashleymills | 0:e979170e02e7 | 5040 | CyaSSL_SHA384_Init((SHA384_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5041 | } |
ashleymills | 0:e979170e02e7 | 5042 | #endif |
ashleymills | 0:e979170e02e7 | 5043 | #ifdef CYASSL_SHA512 |
ashleymills | 0:e979170e02e7 | 5044 | else if (XSTRNCMP(type, "SHA512", 6) == 0) { |
ashleymills | 0:e979170e02e7 | 5045 | ctx->macType = SHA512; |
ashleymills | 0:e979170e02e7 | 5046 | CyaSSL_SHA512_Init((SHA512_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5047 | } |
ashleymills | 0:e979170e02e7 | 5048 | #endif |
ashleymills | 0:e979170e02e7 | 5049 | /* has to be last since would pick or 256, 384, or 512 too */ |
ashleymills | 0:e979170e02e7 | 5050 | else if (XSTRNCMP(type, "SHA", 3) == 0) { |
ashleymills | 0:e979170e02e7 | 5051 | ctx->macType = SHA; |
ashleymills | 0:e979170e02e7 | 5052 | CyaSSL_SHA_Init((SHA_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5053 | } |
ashleymills | 0:e979170e02e7 | 5054 | else |
ashleymills | 0:e979170e02e7 | 5055 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 5056 | |
ashleymills | 0:e979170e02e7 | 5057 | return 0; |
ashleymills | 0:e979170e02e7 | 5058 | } |
ashleymills | 0:e979170e02e7 | 5059 | |
ashleymills | 0:e979170e02e7 | 5060 | |
ashleymills | 0:e979170e02e7 | 5061 | int CyaSSL_EVP_DigestUpdate(CYASSL_EVP_MD_CTX* ctx, const void* data, |
ashleymills | 0:e979170e02e7 | 5062 | unsigned long sz) |
ashleymills | 0:e979170e02e7 | 5063 | { |
ashleymills | 0:e979170e02e7 | 5064 | CYASSL_ENTER("EVP_DigestUpdate"); |
ashleymills | 0:e979170e02e7 | 5065 | if (ctx->macType == MD5) |
ashleymills | 0:e979170e02e7 | 5066 | CyaSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz); |
ashleymills | 0:e979170e02e7 | 5067 | else if (ctx->macType == SHA) |
ashleymills | 0:e979170e02e7 | 5068 | CyaSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz); |
ashleymills | 0:e979170e02e7 | 5069 | else if (ctx->macType == SHA256) |
ashleymills | 0:e979170e02e7 | 5070 | CyaSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, |
ashleymills | 0:e979170e02e7 | 5071 | (unsigned long)sz); |
ashleymills | 0:e979170e02e7 | 5072 | #ifdef CYASSL_SHA384 |
ashleymills | 0:e979170e02e7 | 5073 | else if (ctx->macType == SHA384) |
ashleymills | 0:e979170e02e7 | 5074 | CyaSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, |
ashleymills | 0:e979170e02e7 | 5075 | (unsigned long)sz); |
ashleymills | 0:e979170e02e7 | 5076 | #endif |
ashleymills | 0:e979170e02e7 | 5077 | #ifdef CYASSL_SHA512 |
ashleymills | 0:e979170e02e7 | 5078 | else if (ctx->macType == SHA512) |
ashleymills | 0:e979170e02e7 | 5079 | CyaSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, |
ashleymills | 0:e979170e02e7 | 5080 | (unsigned long)sz); |
ashleymills | 0:e979170e02e7 | 5081 | #endif |
ashleymills | 0:e979170e02e7 | 5082 | else |
ashleymills | 0:e979170e02e7 | 5083 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 5084 | |
ashleymills | 0:e979170e02e7 | 5085 | return 0; |
ashleymills | 0:e979170e02e7 | 5086 | } |
ashleymills | 0:e979170e02e7 | 5087 | |
ashleymills | 0:e979170e02e7 | 5088 | |
ashleymills | 0:e979170e02e7 | 5089 | int CyaSSL_EVP_DigestFinal(CYASSL_EVP_MD_CTX* ctx, unsigned char* md, |
ashleymills | 0:e979170e02e7 | 5090 | unsigned int* s) |
ashleymills | 0:e979170e02e7 | 5091 | { |
ashleymills | 0:e979170e02e7 | 5092 | CYASSL_ENTER("EVP_DigestFinal"); |
ashleymills | 0:e979170e02e7 | 5093 | if (ctx->macType == MD5) { |
ashleymills | 0:e979170e02e7 | 5094 | CyaSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5095 | if (s) *s = MD5_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 5096 | } |
ashleymills | 0:e979170e02e7 | 5097 | else if (ctx->macType == SHA) { |
ashleymills | 0:e979170e02e7 | 5098 | CyaSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5099 | if (s) *s = SHA_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 5100 | } |
ashleymills | 0:e979170e02e7 | 5101 | else if (ctx->macType == SHA256) { |
ashleymills | 0:e979170e02e7 | 5102 | CyaSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5103 | if (s) *s = SHA256_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 5104 | } |
ashleymills | 0:e979170e02e7 | 5105 | #ifdef CYASSL_SHA384 |
ashleymills | 0:e979170e02e7 | 5106 | else if (ctx->macType == SHA384) { |
ashleymills | 0:e979170e02e7 | 5107 | CyaSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5108 | if (s) *s = SHA384_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 5109 | } |
ashleymills | 0:e979170e02e7 | 5110 | #endif |
ashleymills | 0:e979170e02e7 | 5111 | #ifdef CYASSL_SHA512 |
ashleymills | 0:e979170e02e7 | 5112 | else if (ctx->macType == SHA512) { |
ashleymills | 0:e979170e02e7 | 5113 | CyaSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); |
ashleymills | 0:e979170e02e7 | 5114 | if (s) *s = SHA512_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 5115 | } |
ashleymills | 0:e979170e02e7 | 5116 | #endif |
ashleymills | 0:e979170e02e7 | 5117 | else |
ashleymills | 0:e979170e02e7 | 5118 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 5119 | |
ashleymills | 0:e979170e02e7 | 5120 | return 0; |
ashleymills | 0:e979170e02e7 | 5121 | } |
ashleymills | 0:e979170e02e7 | 5122 | |
ashleymills | 0:e979170e02e7 | 5123 | |
ashleymills | 0:e979170e02e7 | 5124 | int CyaSSL_EVP_DigestFinal_ex(CYASSL_EVP_MD_CTX* ctx, unsigned char* md, |
ashleymills | 0:e979170e02e7 | 5125 | unsigned int* s) |
ashleymills | 0:e979170e02e7 | 5126 | { |
ashleymills | 0:e979170e02e7 | 5127 | CYASSL_ENTER("EVP_DigestFinal_ex"); |
ashleymills | 0:e979170e02e7 | 5128 | return EVP_DigestFinal(ctx, md, s); |
ashleymills | 0:e979170e02e7 | 5129 | } |
ashleymills | 0:e979170e02e7 | 5130 | |
ashleymills | 0:e979170e02e7 | 5131 | |
ashleymills | 0:e979170e02e7 | 5132 | unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md, const void* key, |
ashleymills | 0:e979170e02e7 | 5133 | int key_len, const unsigned char* d, int n, |
ashleymills | 0:e979170e02e7 | 5134 | unsigned char* md, unsigned int* md_len) |
ashleymills | 0:e979170e02e7 | 5135 | { |
ashleymills | 0:e979170e02e7 | 5136 | Hmac hmac; |
ashleymills | 0:e979170e02e7 | 5137 | |
ashleymills | 0:e979170e02e7 | 5138 | CYASSL_ENTER("HMAC"); |
ashleymills | 0:e979170e02e7 | 5139 | if (!md) return 0; /* no static buffer support */ |
ashleymills | 0:e979170e02e7 | 5140 | |
ashleymills | 0:e979170e02e7 | 5141 | if (XSTRNCMP(evp_md, "MD5", 3) == 0) { |
ashleymills | 0:e979170e02e7 | 5142 | HmacSetKey(&hmac, MD5, (const byte*)key, key_len); |
ashleymills | 0:e979170e02e7 | 5143 | if (md_len) *md_len = MD5_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 5144 | } |
ashleymills | 0:e979170e02e7 | 5145 | else if (XSTRNCMP(evp_md, "SHA", 3) == 0) { |
ashleymills | 0:e979170e02e7 | 5146 | HmacSetKey(&hmac, SHA, (const byte*)key, key_len); |
ashleymills | 0:e979170e02e7 | 5147 | if (md_len) *md_len = SHA_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 5148 | } |
ashleymills | 0:e979170e02e7 | 5149 | else |
ashleymills | 0:e979170e02e7 | 5150 | return 0; |
ashleymills | 0:e979170e02e7 | 5151 | |
ashleymills | 0:e979170e02e7 | 5152 | HmacUpdate(&hmac, d, n); |
ashleymills | 0:e979170e02e7 | 5153 | HmacFinal(&hmac, md); |
ashleymills | 0:e979170e02e7 | 5154 | |
ashleymills | 0:e979170e02e7 | 5155 | return md; |
ashleymills | 0:e979170e02e7 | 5156 | } |
ashleymills | 0:e979170e02e7 | 5157 | |
ashleymills | 0:e979170e02e7 | 5158 | void CyaSSL_ERR_clear_error(void) |
ashleymills | 0:e979170e02e7 | 5159 | { |
ashleymills | 0:e979170e02e7 | 5160 | /* TODO: */ |
ashleymills | 0:e979170e02e7 | 5161 | } |
ashleymills | 0:e979170e02e7 | 5162 | |
ashleymills | 0:e979170e02e7 | 5163 | |
ashleymills | 0:e979170e02e7 | 5164 | int CyaSSL_RAND_status(void) |
ashleymills | 0:e979170e02e7 | 5165 | { |
ashleymills | 0:e979170e02e7 | 5166 | return 1; /* CTaoCrypt provides enough seed internally */ |
ashleymills | 0:e979170e02e7 | 5167 | } |
ashleymills | 0:e979170e02e7 | 5168 | |
ashleymills | 0:e979170e02e7 | 5169 | |
ashleymills | 0:e979170e02e7 | 5170 | |
ashleymills | 0:e979170e02e7 | 5171 | void CyaSSL_RAND_add(const void* add, int len, double entropy) |
ashleymills | 0:e979170e02e7 | 5172 | { |
ashleymills | 0:e979170e02e7 | 5173 | (void)add; |
ashleymills | 0:e979170e02e7 | 5174 | (void)len; |
ashleymills | 0:e979170e02e7 | 5175 | (void)entropy; |
ashleymills | 0:e979170e02e7 | 5176 | |
ashleymills | 0:e979170e02e7 | 5177 | /* CyaSSL seeds/adds internally, use explicit RNG if you want |
ashleymills | 0:e979170e02e7 | 5178 | to take control */ |
ashleymills | 0:e979170e02e7 | 5179 | } |
ashleymills | 0:e979170e02e7 | 5180 | |
ashleymills | 0:e979170e02e7 | 5181 | |
ashleymills | 0:e979170e02e7 | 5182 | int CyaSSL_DES_key_sched(CYASSL_const_DES_cblock* key, |
ashleymills | 0:e979170e02e7 | 5183 | CYASSL_DES_key_schedule* schedule) |
ashleymills | 0:e979170e02e7 | 5184 | { |
ashleymills | 0:e979170e02e7 | 5185 | CYASSL_ENTER("DES_key_sched"); |
ashleymills | 0:e979170e02e7 | 5186 | XMEMCPY(schedule, key, sizeof(const_DES_cblock)); |
ashleymills | 0:e979170e02e7 | 5187 | return 0; |
ashleymills | 0:e979170e02e7 | 5188 | } |
ashleymills | 0:e979170e02e7 | 5189 | |
ashleymills | 0:e979170e02e7 | 5190 | |
ashleymills | 0:e979170e02e7 | 5191 | void CyaSSL_DES_cbc_encrypt(const unsigned char* input, |
ashleymills | 0:e979170e02e7 | 5192 | unsigned char* output, long length, |
ashleymills | 0:e979170e02e7 | 5193 | CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec, |
ashleymills | 0:e979170e02e7 | 5194 | int enc) |
ashleymills | 0:e979170e02e7 | 5195 | { |
ashleymills | 0:e979170e02e7 | 5196 | Des myDes; |
ashleymills | 0:e979170e02e7 | 5197 | CYASSL_ENTER("DES_cbc_encrypt"); |
ashleymills | 0:e979170e02e7 | 5198 | Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc); |
ashleymills | 0:e979170e02e7 | 5199 | |
ashleymills | 0:e979170e02e7 | 5200 | if (enc) |
ashleymills | 0:e979170e02e7 | 5201 | Des_CbcEncrypt(&myDes, output, input, (word32)length); |
ashleymills | 0:e979170e02e7 | 5202 | else |
ashleymills | 0:e979170e02e7 | 5203 | Des_CbcDecrypt(&myDes, output, input, (word32)length); |
ashleymills | 0:e979170e02e7 | 5204 | } |
ashleymills | 0:e979170e02e7 | 5205 | |
ashleymills | 0:e979170e02e7 | 5206 | |
ashleymills | 0:e979170e02e7 | 5207 | /* correctly sets ivec for next call */ |
ashleymills | 0:e979170e02e7 | 5208 | void CyaSSL_DES_ncbc_encrypt(const unsigned char* input, |
ashleymills | 0:e979170e02e7 | 5209 | unsigned char* output, long length, |
ashleymills | 0:e979170e02e7 | 5210 | CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec, |
ashleymills | 0:e979170e02e7 | 5211 | int enc) |
ashleymills | 0:e979170e02e7 | 5212 | { |
ashleymills | 0:e979170e02e7 | 5213 | Des myDes; |
ashleymills | 0:e979170e02e7 | 5214 | CYASSL_ENTER("DES_ncbc_encrypt"); |
ashleymills | 0:e979170e02e7 | 5215 | Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc); |
ashleymills | 0:e979170e02e7 | 5216 | |
ashleymills | 0:e979170e02e7 | 5217 | if (enc) |
ashleymills | 0:e979170e02e7 | 5218 | Des_CbcEncrypt(&myDes, output, input, (word32)length); |
ashleymills | 0:e979170e02e7 | 5219 | else |
ashleymills | 0:e979170e02e7 | 5220 | Des_CbcDecrypt(&myDes, output, input, (word32)length); |
ashleymills | 0:e979170e02e7 | 5221 | |
ashleymills | 0:e979170e02e7 | 5222 | XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock)); |
ashleymills | 0:e979170e02e7 | 5223 | } |
ashleymills | 0:e979170e02e7 | 5224 | |
ashleymills | 0:e979170e02e7 | 5225 | |
ashleymills | 0:e979170e02e7 | 5226 | void CyaSSL_ERR_free_strings(void) |
ashleymills | 0:e979170e02e7 | 5227 | { |
ashleymills | 0:e979170e02e7 | 5228 | /* handled internally */ |
ashleymills | 0:e979170e02e7 | 5229 | } |
ashleymills | 0:e979170e02e7 | 5230 | |
ashleymills | 0:e979170e02e7 | 5231 | |
ashleymills | 0:e979170e02e7 | 5232 | void CyaSSL_ERR_remove_state(unsigned long state) |
ashleymills | 0:e979170e02e7 | 5233 | { |
ashleymills | 0:e979170e02e7 | 5234 | /* TODO: GetErrors().Remove(); */ |
ashleymills | 0:e979170e02e7 | 5235 | (void)state; |
ashleymills | 0:e979170e02e7 | 5236 | } |
ashleymills | 0:e979170e02e7 | 5237 | |
ashleymills | 0:e979170e02e7 | 5238 | |
ashleymills | 0:e979170e02e7 | 5239 | void CyaSSL_EVP_cleanup(void) |
ashleymills | 0:e979170e02e7 | 5240 | { |
ashleymills | 0:e979170e02e7 | 5241 | /* nothing to do here */ |
ashleymills | 0:e979170e02e7 | 5242 | } |
ashleymills | 0:e979170e02e7 | 5243 | |
ashleymills | 0:e979170e02e7 | 5244 | |
ashleymills | 0:e979170e02e7 | 5245 | void CyaSSL_cleanup_all_ex_data(void) |
ashleymills | 0:e979170e02e7 | 5246 | { |
ashleymills | 0:e979170e02e7 | 5247 | /* nothing to do here */ |
ashleymills | 0:e979170e02e7 | 5248 | } |
ashleymills | 0:e979170e02e7 | 5249 | |
ashleymills | 0:e979170e02e7 | 5250 | |
ashleymills | 0:e979170e02e7 | 5251 | long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode) |
ashleymills | 0:e979170e02e7 | 5252 | { |
ashleymills | 0:e979170e02e7 | 5253 | /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is CyaSSL default mode */ |
ashleymills | 0:e979170e02e7 | 5254 | |
ashleymills | 0:e979170e02e7 | 5255 | CYASSL_ENTER("SSL_CTX_set_mode"); |
ashleymills | 0:e979170e02e7 | 5256 | if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE) |
ashleymills | 0:e979170e02e7 | 5257 | ctx->partialWrite = 1; |
ashleymills | 0:e979170e02e7 | 5258 | |
ashleymills | 0:e979170e02e7 | 5259 | return mode; |
ashleymills | 0:e979170e02e7 | 5260 | } |
ashleymills | 0:e979170e02e7 | 5261 | |
ashleymills | 0:e979170e02e7 | 5262 | |
ashleymills | 0:e979170e02e7 | 5263 | long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 5264 | { |
ashleymills | 0:e979170e02e7 | 5265 | /* TODO: */ |
ashleymills | 0:e979170e02e7 | 5266 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 5267 | return 0; |
ashleymills | 0:e979170e02e7 | 5268 | } |
ashleymills | 0:e979170e02e7 | 5269 | |
ashleymills | 0:e979170e02e7 | 5270 | |
ashleymills | 0:e979170e02e7 | 5271 | void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m) |
ashleymills | 0:e979170e02e7 | 5272 | { |
ashleymills | 0:e979170e02e7 | 5273 | /* TODO: maybe? */ |
ashleymills | 0:e979170e02e7 | 5274 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 5275 | (void)m; |
ashleymills | 0:e979170e02e7 | 5276 | } |
ashleymills | 0:e979170e02e7 | 5277 | |
ashleymills | 0:e979170e02e7 | 5278 | |
ashleymills | 0:e979170e02e7 | 5279 | int CyaSSL_CTX_set_session_id_context(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 5280 | const unsigned char* sid_ctx, |
ashleymills | 0:e979170e02e7 | 5281 | unsigned int sid_ctx_len) |
ashleymills | 0:e979170e02e7 | 5282 | { |
ashleymills | 0:e979170e02e7 | 5283 | /* No application specific context needed for cyaSSL */ |
ashleymills | 0:e979170e02e7 | 5284 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 5285 | (void)sid_ctx; |
ashleymills | 0:e979170e02e7 | 5286 | (void)sid_ctx_len; |
ashleymills | 0:e979170e02e7 | 5287 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 5288 | } |
ashleymills | 0:e979170e02e7 | 5289 | |
ashleymills | 0:e979170e02e7 | 5290 | |
ashleymills | 0:e979170e02e7 | 5291 | long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 5292 | { |
ashleymills | 0:e979170e02e7 | 5293 | /* TODO: maybe? */ |
ashleymills | 0:e979170e02e7 | 5294 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 5295 | return (~0); |
ashleymills | 0:e979170e02e7 | 5296 | } |
ashleymills | 0:e979170e02e7 | 5297 | |
ashleymills | 0:e979170e02e7 | 5298 | unsigned long CyaSSL_ERR_get_error_line_data(const char** file, int* line, |
ashleymills | 0:e979170e02e7 | 5299 | const char** data, int *flags) |
ashleymills | 0:e979170e02e7 | 5300 | { |
ashleymills | 0:e979170e02e7 | 5301 | /* Not implemented */ |
ashleymills | 0:e979170e02e7 | 5302 | (void)file; |
ashleymills | 0:e979170e02e7 | 5303 | (void)line; |
ashleymills | 0:e979170e02e7 | 5304 | (void)data; |
ashleymills | 0:e979170e02e7 | 5305 | (void)flags; |
ashleymills | 0:e979170e02e7 | 5306 | return 0; |
ashleymills | 0:e979170e02e7 | 5307 | } |
ashleymills | 0:e979170e02e7 | 5308 | |
ashleymills | 0:e979170e02e7 | 5309 | |
ashleymills | 0:e979170e02e7 | 5310 | CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 5311 | { |
ashleymills | 0:e979170e02e7 | 5312 | CYASSL_ENTER("SSL_get_peer_certificate"); |
ashleymills | 0:e979170e02e7 | 5313 | if (ssl->peerCert.issuer.sz) |
ashleymills | 0:e979170e02e7 | 5314 | return &ssl->peerCert; |
ashleymills | 0:e979170e02e7 | 5315 | else |
ashleymills | 0:e979170e02e7 | 5316 | return 0; |
ashleymills | 0:e979170e02e7 | 5317 | } |
ashleymills | 0:e979170e02e7 | 5318 | |
ashleymills | 0:e979170e02e7 | 5319 | |
ashleymills | 0:e979170e02e7 | 5320 | |
ashleymills | 0:e979170e02e7 | 5321 | int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data) |
ashleymills | 0:e979170e02e7 | 5322 | { |
ashleymills | 0:e979170e02e7 | 5323 | #ifdef FORTRESS |
ashleymills | 0:e979170e02e7 | 5324 | if (ssl != NULL && idx < MAX_EX_DATA) |
ashleymills | 0:e979170e02e7 | 5325 | { |
ashleymills | 0:e979170e02e7 | 5326 | ssl->ex_data[idx] = data; |
ashleymills | 0:e979170e02e7 | 5327 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 5328 | } |
ashleymills | 0:e979170e02e7 | 5329 | #else |
ashleymills | 0:e979170e02e7 | 5330 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 5331 | (void)idx; |
ashleymills | 0:e979170e02e7 | 5332 | (void)data; |
ashleymills | 0:e979170e02e7 | 5333 | #endif |
ashleymills | 0:e979170e02e7 | 5334 | return SSL_FAILURE; |
ashleymills | 0:e979170e02e7 | 5335 | } |
ashleymills | 0:e979170e02e7 | 5336 | |
ashleymills | 0:e979170e02e7 | 5337 | |
ashleymills | 0:e979170e02e7 | 5338 | int CyaSSL_get_shutdown(const CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 5339 | { |
ashleymills | 0:e979170e02e7 | 5340 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 5341 | return 0; |
ashleymills | 0:e979170e02e7 | 5342 | } |
ashleymills | 0:e979170e02e7 | 5343 | |
ashleymills | 0:e979170e02e7 | 5344 | |
ashleymills | 0:e979170e02e7 | 5345 | int CyaSSL_set_session_id_context(CYASSL* ssl, const unsigned char* id, |
ashleymills | 0:e979170e02e7 | 5346 | unsigned int len) |
ashleymills | 0:e979170e02e7 | 5347 | { |
ashleymills | 0:e979170e02e7 | 5348 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 5349 | (void)id; |
ashleymills | 0:e979170e02e7 | 5350 | (void)len; |
ashleymills | 0:e979170e02e7 | 5351 | return 0; |
ashleymills | 0:e979170e02e7 | 5352 | } |
ashleymills | 0:e979170e02e7 | 5353 | |
ashleymills | 0:e979170e02e7 | 5354 | |
ashleymills | 0:e979170e02e7 | 5355 | void CyaSSL_set_connect_state(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 5356 | { |
ashleymills | 0:e979170e02e7 | 5357 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 5358 | /* client by default */ |
ashleymills | 0:e979170e02e7 | 5359 | } |
ashleymills | 0:e979170e02e7 | 5360 | |
ashleymills | 0:e979170e02e7 | 5361 | |
ashleymills | 0:e979170e02e7 | 5362 | int CyaSSL_session_reused(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 5363 | { |
ashleymills | 0:e979170e02e7 | 5364 | return ssl->options.resuming; |
ashleymills | 0:e979170e02e7 | 5365 | } |
ashleymills | 0:e979170e02e7 | 5366 | |
ashleymills | 0:e979170e02e7 | 5367 | |
ashleymills | 0:e979170e02e7 | 5368 | void CyaSSL_SESSION_free(CYASSL_SESSION* session) |
ashleymills | 0:e979170e02e7 | 5369 | { |
ashleymills | 0:e979170e02e7 | 5370 | (void)session; |
ashleymills | 0:e979170e02e7 | 5371 | } |
ashleymills | 0:e979170e02e7 | 5372 | |
ashleymills | 0:e979170e02e7 | 5373 | |
ashleymills | 0:e979170e02e7 | 5374 | const char* CyaSSL_get_version(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 5375 | { |
ashleymills | 0:e979170e02e7 | 5376 | CYASSL_ENTER("SSL_get_version"); |
ashleymills | 0:e979170e02e7 | 5377 | if (ssl->version.major == SSLv3_MAJOR) { |
ashleymills | 0:e979170e02e7 | 5378 | switch (ssl->version.minor) { |
ashleymills | 0:e979170e02e7 | 5379 | case SSLv3_MINOR : |
ashleymills | 0:e979170e02e7 | 5380 | return "SSLv3"; |
ashleymills | 0:e979170e02e7 | 5381 | case TLSv1_MINOR : |
ashleymills | 0:e979170e02e7 | 5382 | return "TLSv1"; |
ashleymills | 0:e979170e02e7 | 5383 | case TLSv1_1_MINOR : |
ashleymills | 0:e979170e02e7 | 5384 | return "TLSv1.1"; |
ashleymills | 0:e979170e02e7 | 5385 | case TLSv1_2_MINOR : |
ashleymills | 0:e979170e02e7 | 5386 | return "TLSv1.2"; |
ashleymills | 0:e979170e02e7 | 5387 | default: |
ashleymills | 0:e979170e02e7 | 5388 | return "unknown"; |
ashleymills | 0:e979170e02e7 | 5389 | } |
ashleymills | 0:e979170e02e7 | 5390 | } |
ashleymills | 0:e979170e02e7 | 5391 | else if (ssl->version.major == DTLS_MAJOR) |
ashleymills | 0:e979170e02e7 | 5392 | return "DTLS"; |
ashleymills | 0:e979170e02e7 | 5393 | return "unknown"; |
ashleymills | 0:e979170e02e7 | 5394 | } |
ashleymills | 0:e979170e02e7 | 5395 | |
ashleymills | 0:e979170e02e7 | 5396 | |
ashleymills | 0:e979170e02e7 | 5397 | CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 5398 | { |
ashleymills | 0:e979170e02e7 | 5399 | CYASSL_ENTER("SSL_get_current_cipher"); |
ashleymills | 0:e979170e02e7 | 5400 | if (ssl) |
ashleymills | 0:e979170e02e7 | 5401 | return &ssl->cipher; |
ashleymills | 0:e979170e02e7 | 5402 | else |
ashleymills | 0:e979170e02e7 | 5403 | return NULL; |
ashleymills | 0:e979170e02e7 | 5404 | } |
ashleymills | 0:e979170e02e7 | 5405 | |
ashleymills | 0:e979170e02e7 | 5406 | |
ashleymills | 0:e979170e02e7 | 5407 | const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher) |
ashleymills | 0:e979170e02e7 | 5408 | { |
ashleymills | 0:e979170e02e7 | 5409 | CYASSL_ENTER("SSL_CIPHER_get_name"); |
ashleymills | 0:e979170e02e7 | 5410 | if (cipher) { |
ashleymills | 0:e979170e02e7 | 5411 | #ifdef HAVE_ECC |
ashleymills | 0:e979170e02e7 | 5412 | if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) { |
ashleymills | 0:e979170e02e7 | 5413 | /* ECC suites */ |
ashleymills | 0:e979170e02e7 | 5414 | switch (cipher->ssl->options.cipherSuite) { |
ashleymills | 0:e979170e02e7 | 5415 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5416 | return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5417 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5418 | return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5419 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5420 | return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5421 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5422 | return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5423 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA : |
ashleymills | 0:e979170e02e7 | 5424 | return "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; |
ashleymills | 0:e979170e02e7 | 5425 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : |
ashleymills | 0:e979170e02e7 | 5426 | return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; |
ashleymills | 0:e979170e02e7 | 5427 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5428 | return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5429 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5430 | return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5431 | |
ashleymills | 0:e979170e02e7 | 5432 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5433 | return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5434 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5435 | return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5436 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5437 | return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5438 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5439 | return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5440 | case TLS_ECDH_RSA_WITH_RC4_128_SHA : |
ashleymills | 0:e979170e02e7 | 5441 | return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; |
ashleymills | 0:e979170e02e7 | 5442 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : |
ashleymills | 0:e979170e02e7 | 5443 | return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; |
ashleymills | 0:e979170e02e7 | 5444 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5445 | return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5446 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5447 | return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5448 | |
ashleymills | 0:e979170e02e7 | 5449 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:e979170e02e7 | 5450 | return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:e979170e02e7 | 5451 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:e979170e02e7 | 5452 | return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:e979170e02e7 | 5453 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:e979170e02e7 | 5454 | return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:e979170e02e7 | 5455 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:e979170e02e7 | 5456 | return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:e979170e02e7 | 5457 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:e979170e02e7 | 5458 | return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:e979170e02e7 | 5459 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:e979170e02e7 | 5460 | return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:e979170e02e7 | 5461 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:e979170e02e7 | 5462 | return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:e979170e02e7 | 5463 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:e979170e02e7 | 5464 | return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:e979170e02e7 | 5465 | |
ashleymills | 0:e979170e02e7 | 5466 | case TLS_RSA_WITH_AES_128_CCM_8_SHA256 : |
ashleymills | 0:e979170e02e7 | 5467 | return "TLS_RSA_WITH_AES_128_CCM_8_SHA256"; |
ashleymills | 0:e979170e02e7 | 5468 | case TLS_RSA_WITH_AES_256_CCM_8_SHA384 : |
ashleymills | 0:e979170e02e7 | 5469 | return "TLS_RSA_WITH_AES_256_CCM_8_SHA384"; |
ashleymills | 0:e979170e02e7 | 5470 | case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256 : |
ashleymills | 0:e979170e02e7 | 5471 | return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8_SHA256"; |
ashleymills | 0:e979170e02e7 | 5472 | case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384 : |
ashleymills | 0:e979170e02e7 | 5473 | return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8_SHA384"; |
ashleymills | 0:e979170e02e7 | 5474 | |
ashleymills | 0:e979170e02e7 | 5475 | default: |
ashleymills | 0:e979170e02e7 | 5476 | return "NONE"; |
ashleymills | 0:e979170e02e7 | 5477 | } |
ashleymills | 0:e979170e02e7 | 5478 | } |
ashleymills | 0:e979170e02e7 | 5479 | #endif |
ashleymills | 0:e979170e02e7 | 5480 | if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) { |
ashleymills | 0:e979170e02e7 | 5481 | /* normal suites */ |
ashleymills | 0:e979170e02e7 | 5482 | switch (cipher->ssl->options.cipherSuite) { |
ashleymills | 0:e979170e02e7 | 5483 | case SSL_RSA_WITH_RC4_128_SHA : |
ashleymills | 0:e979170e02e7 | 5484 | return "SSL_RSA_WITH_RC4_128_SHA"; |
ashleymills | 0:e979170e02e7 | 5485 | case SSL_RSA_WITH_RC4_128_MD5 : |
ashleymills | 0:e979170e02e7 | 5486 | return "SSL_RSA_WITH_RC4_128_MD5"; |
ashleymills | 0:e979170e02e7 | 5487 | case SSL_RSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5488 | return "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5489 | case TLS_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5490 | return "TLS_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5491 | case TLS_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5492 | return "TLS_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5493 | case TLS_RSA_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:e979170e02e7 | 5494 | return "TLS_RSA_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:e979170e02e7 | 5495 | case TLS_RSA_WITH_AES_256_CBC_SHA256 : |
ashleymills | 0:e979170e02e7 | 5496 | return "TLS_RSA_WITH_AES_256_CBC_SHA256"; |
ashleymills | 0:e979170e02e7 | 5497 | case TLS_RSA_WITH_NULL_SHA : |
ashleymills | 0:e979170e02e7 | 5498 | return "TLS_RSA_WITH_NULL_SHA"; |
ashleymills | 0:e979170e02e7 | 5499 | case TLS_RSA_WITH_NULL_SHA256 : |
ashleymills | 0:e979170e02e7 | 5500 | return "TLS_RSA_WITH_NULL_SHA256"; |
ashleymills | 0:e979170e02e7 | 5501 | case TLS_PSK_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:e979170e02e7 | 5502 | return "TLS_PSK_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:e979170e02e7 | 5503 | case TLS_PSK_WITH_AES_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5504 | return "TLS_PSK_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5505 | case TLS_PSK_WITH_AES_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5506 | return "TLS_PSK_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5507 | case TLS_PSK_WITH_NULL_SHA256 : |
ashleymills | 0:e979170e02e7 | 5508 | return "TLS_PSK_WITH_NULL_SHA256"; |
ashleymills | 0:e979170e02e7 | 5509 | case TLS_PSK_WITH_NULL_SHA : |
ashleymills | 0:e979170e02e7 | 5510 | return "TLS_PSK_WITH_NULL_SHA"; |
ashleymills | 0:e979170e02e7 | 5511 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:e979170e02e7 | 5512 | return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:e979170e02e7 | 5513 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : |
ashleymills | 0:e979170e02e7 | 5514 | return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; |
ashleymills | 0:e979170e02e7 | 5515 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5516 | return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5517 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5518 | return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5519 | case TLS_RSA_WITH_HC_128_CBC_MD5 : |
ashleymills | 0:e979170e02e7 | 5520 | return "TLS_RSA_WITH_HC_128_CBC_MD5"; |
ashleymills | 0:e979170e02e7 | 5521 | case TLS_RSA_WITH_HC_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5522 | return "TLS_RSA_WITH_HC_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5523 | case TLS_RSA_WITH_RABBIT_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5524 | return "TLS_RSA_WITH_RABBIT_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5525 | case TLS_NTRU_RSA_WITH_RC4_128_SHA : |
ashleymills | 0:e979170e02e7 | 5526 | return "TLS_NTRU_RSA_WITH_RC4_128_SHA"; |
ashleymills | 0:e979170e02e7 | 5527 | case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5528 | return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5529 | case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5530 | return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5531 | case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5532 | return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5533 | case TLS_RSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:e979170e02e7 | 5534 | return "TLS_RSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:e979170e02e7 | 5535 | case TLS_RSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:e979170e02e7 | 5536 | return "TLS_RSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:e979170e02e7 | 5537 | case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:e979170e02e7 | 5538 | return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:e979170e02e7 | 5539 | case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:e979170e02e7 | 5540 | return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:e979170e02e7 | 5541 | case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5542 | return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5543 | case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5544 | return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5545 | case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : |
ashleymills | 0:e979170e02e7 | 5546 | return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"; |
ashleymills | 0:e979170e02e7 | 5547 | case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : |
ashleymills | 0:e979170e02e7 | 5548 | return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"; |
ashleymills | 0:e979170e02e7 | 5549 | case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5550 | return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5551 | case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : |
ashleymills | 0:e979170e02e7 | 5552 | return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"; |
ashleymills | 0:e979170e02e7 | 5553 | case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : |
ashleymills | 0:e979170e02e7 | 5554 | return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"; |
ashleymills | 0:e979170e02e7 | 5555 | case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : |
ashleymills | 0:e979170e02e7 | 5556 | return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"; |
ashleymills | 0:e979170e02e7 | 5557 | default: |
ashleymills | 0:e979170e02e7 | 5558 | return "NONE"; |
ashleymills | 0:e979170e02e7 | 5559 | } /* switch */ |
ashleymills | 0:e979170e02e7 | 5560 | } /* normal / ECC */ |
ashleymills | 0:e979170e02e7 | 5561 | } |
ashleymills | 0:e979170e02e7 | 5562 | |
ashleymills | 0:e979170e02e7 | 5563 | return "NONE"; |
ashleymills | 0:e979170e02e7 | 5564 | } |
ashleymills | 0:e979170e02e7 | 5565 | |
ashleymills | 0:e979170e02e7 | 5566 | |
ashleymills | 0:e979170e02e7 | 5567 | const char* CyaSSL_get_cipher(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 5568 | { |
ashleymills | 0:e979170e02e7 | 5569 | CYASSL_ENTER("CyaSSL_get_cipher"); |
ashleymills | 0:e979170e02e7 | 5570 | return CyaSSL_CIPHER_get_name(CyaSSL_get_current_cipher(ssl)); |
ashleymills | 0:e979170e02e7 | 5571 | } |
ashleymills | 0:e979170e02e7 | 5572 | |
ashleymills | 0:e979170e02e7 | 5573 | |
ashleymills | 0:e979170e02e7 | 5574 | /* XXX shuld be NO_DH */ |
ashleymills | 0:e979170e02e7 | 5575 | #ifndef NO_CERTS |
ashleymills | 0:e979170e02e7 | 5576 | /* server ctx Diffie-Hellman parameters */ |
ashleymills | 0:e979170e02e7 | 5577 | int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz, |
ashleymills | 0:e979170e02e7 | 5578 | const unsigned char* g, int gSz) |
ashleymills | 0:e979170e02e7 | 5579 | { |
ashleymills | 0:e979170e02e7 | 5580 | CYASSL_ENTER("CyaSSL_CTX_SetTmpDH"); |
ashleymills | 0:e979170e02e7 | 5581 | if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 5582 | |
ashleymills | 0:e979170e02e7 | 5583 | XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 5584 | XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 5585 | |
ashleymills | 0:e979170e02e7 | 5586 | ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 5587 | if (ctx->serverDH_P.buffer == NULL) |
ashleymills | 0:e979170e02e7 | 5588 | return MEMORY_E; |
ashleymills | 0:e979170e02e7 | 5589 | |
ashleymills | 0:e979170e02e7 | 5590 | ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 5591 | if (ctx->serverDH_G.buffer == NULL) { |
ashleymills | 0:e979170e02e7 | 5592 | XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 5593 | return MEMORY_E; |
ashleymills | 0:e979170e02e7 | 5594 | } |
ashleymills | 0:e979170e02e7 | 5595 | |
ashleymills | 0:e979170e02e7 | 5596 | ctx->serverDH_P.length = pSz; |
ashleymills | 0:e979170e02e7 | 5597 | ctx->serverDH_G.length = gSz; |
ashleymills | 0:e979170e02e7 | 5598 | |
ashleymills | 0:e979170e02e7 | 5599 | XMEMCPY(ctx->serverDH_P.buffer, p, pSz); |
ashleymills | 0:e979170e02e7 | 5600 | XMEMCPY(ctx->serverDH_G.buffer, g, gSz); |
ashleymills | 0:e979170e02e7 | 5601 | |
ashleymills | 0:e979170e02e7 | 5602 | ctx->haveDH = 1; |
ashleymills | 0:e979170e02e7 | 5603 | |
ashleymills | 0:e979170e02e7 | 5604 | CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0); |
ashleymills | 0:e979170e02e7 | 5605 | return 0; |
ashleymills | 0:e979170e02e7 | 5606 | } |
ashleymills | 0:e979170e02e7 | 5607 | #endif /* !NO_CERTS */ |
ashleymills | 0:e979170e02e7 | 5608 | |
ashleymills | 0:e979170e02e7 | 5609 | |
ashleymills | 0:e979170e02e7 | 5610 | char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len) |
ashleymills | 0:e979170e02e7 | 5611 | { |
ashleymills | 0:e979170e02e7 | 5612 | (void)cipher; |
ashleymills | 0:e979170e02e7 | 5613 | (void)in; |
ashleymills | 0:e979170e02e7 | 5614 | (void)len; |
ashleymills | 0:e979170e02e7 | 5615 | return 0; |
ashleymills | 0:e979170e02e7 | 5616 | } |
ashleymills | 0:e979170e02e7 | 5617 | |
ashleymills | 0:e979170e02e7 | 5618 | |
ashleymills | 0:e979170e02e7 | 5619 | CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl) /* what's ref count */ |
ashleymills | 0:e979170e02e7 | 5620 | { |
ashleymills | 0:e979170e02e7 | 5621 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 5622 | return 0; |
ashleymills | 0:e979170e02e7 | 5623 | } |
ashleymills | 0:e979170e02e7 | 5624 | |
ashleymills | 0:e979170e02e7 | 5625 | |
ashleymills | 0:e979170e02e7 | 5626 | void CyaSSL_X509_free(CYASSL_X509* buf) |
ashleymills | 0:e979170e02e7 | 5627 | { |
ashleymills | 0:e979170e02e7 | 5628 | (void)buf; |
ashleymills | 0:e979170e02e7 | 5629 | } |
ashleymills | 0:e979170e02e7 | 5630 | |
ashleymills | 0:e979170e02e7 | 5631 | |
ashleymills | 0:e979170e02e7 | 5632 | /* was do nothing */ |
ashleymills | 0:e979170e02e7 | 5633 | /* |
ashleymills | 0:e979170e02e7 | 5634 | void OPENSSL_free(void* buf) |
ashleymills | 0:e979170e02e7 | 5635 | { |
ashleymills | 0:e979170e02e7 | 5636 | (void)buf; |
ashleymills | 0:e979170e02e7 | 5637 | } |
ashleymills | 0:e979170e02e7 | 5638 | */ |
ashleymills | 0:e979170e02e7 | 5639 | |
ashleymills | 0:e979170e02e7 | 5640 | |
ashleymills | 0:e979170e02e7 | 5641 | int CyaSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, |
ashleymills | 0:e979170e02e7 | 5642 | int* ssl) |
ashleymills | 0:e979170e02e7 | 5643 | { |
ashleymills | 0:e979170e02e7 | 5644 | (void)url; |
ashleymills | 0:e979170e02e7 | 5645 | (void)host; |
ashleymills | 0:e979170e02e7 | 5646 | (void)port; |
ashleymills | 0:e979170e02e7 | 5647 | (void)path; |
ashleymills | 0:e979170e02e7 | 5648 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 5649 | return 0; |
ashleymills | 0:e979170e02e7 | 5650 | } |
ashleymills | 0:e979170e02e7 | 5651 | |
ashleymills | 0:e979170e02e7 | 5652 | |
ashleymills | 0:e979170e02e7 | 5653 | CYASSL_METHOD* CyaSSLv2_client_method(void) |
ashleymills | 0:e979170e02e7 | 5654 | { |
ashleymills | 0:e979170e02e7 | 5655 | return 0; |
ashleymills | 0:e979170e02e7 | 5656 | } |
ashleymills | 0:e979170e02e7 | 5657 | |
ashleymills | 0:e979170e02e7 | 5658 | |
ashleymills | 0:e979170e02e7 | 5659 | CYASSL_METHOD* CyaSSLv2_server_method(void) |
ashleymills | 0:e979170e02e7 | 5660 | { |
ashleymills | 0:e979170e02e7 | 5661 | return 0; |
ashleymills | 0:e979170e02e7 | 5662 | } |
ashleymills | 0:e979170e02e7 | 5663 | |
ashleymills | 0:e979170e02e7 | 5664 | |
ashleymills | 0:e979170e02e7 | 5665 | #ifndef NO_MD4 |
ashleymills | 0:e979170e02e7 | 5666 | |
ashleymills | 0:e979170e02e7 | 5667 | void CyaSSL_MD4_Init(CYASSL_MD4_CTX* md4) |
ashleymills | 0:e979170e02e7 | 5668 | { |
ashleymills | 0:e979170e02e7 | 5669 | /* make sure we have a big enough buffer */ |
ashleymills | 0:e979170e02e7 | 5670 | typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1]; |
ashleymills | 0:e979170e02e7 | 5671 | (void) sizeof(ok); |
ashleymills | 0:e979170e02e7 | 5672 | |
ashleymills | 0:e979170e02e7 | 5673 | CYASSL_ENTER("MD4_Init"); |
ashleymills | 0:e979170e02e7 | 5674 | InitMd4((Md4*)md4); |
ashleymills | 0:e979170e02e7 | 5675 | } |
ashleymills | 0:e979170e02e7 | 5676 | |
ashleymills | 0:e979170e02e7 | 5677 | |
ashleymills | 0:e979170e02e7 | 5678 | void CyaSSL_MD4_Update(CYASSL_MD4_CTX* md4, const void* data, |
ashleymills | 0:e979170e02e7 | 5679 | unsigned long len) |
ashleymills | 0:e979170e02e7 | 5680 | { |
ashleymills | 0:e979170e02e7 | 5681 | CYASSL_ENTER("MD4_Update"); |
ashleymills | 0:e979170e02e7 | 5682 | Md4Update((Md4*)md4, (const byte*)data, (word32)len); |
ashleymills | 0:e979170e02e7 | 5683 | } |
ashleymills | 0:e979170e02e7 | 5684 | |
ashleymills | 0:e979170e02e7 | 5685 | |
ashleymills | 0:e979170e02e7 | 5686 | void CyaSSL_MD4_Final(unsigned char* digest, CYASSL_MD4_CTX* md4) |
ashleymills | 0:e979170e02e7 | 5687 | { |
ashleymills | 0:e979170e02e7 | 5688 | CYASSL_ENTER("MD4_Final"); |
ashleymills | 0:e979170e02e7 | 5689 | Md4Final((Md4*)md4, digest); |
ashleymills | 0:e979170e02e7 | 5690 | } |
ashleymills | 0:e979170e02e7 | 5691 | |
ashleymills | 0:e979170e02e7 | 5692 | #endif /* NO_MD4 */ |
ashleymills | 0:e979170e02e7 | 5693 | |
ashleymills | 0:e979170e02e7 | 5694 | |
ashleymills | 0:e979170e02e7 | 5695 | CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO* top) |
ashleymills | 0:e979170e02e7 | 5696 | { |
ashleymills | 0:e979170e02e7 | 5697 | (void)top; |
ashleymills | 0:e979170e02e7 | 5698 | return 0; |
ashleymills | 0:e979170e02e7 | 5699 | } |
ashleymills | 0:e979170e02e7 | 5700 | |
ashleymills | 0:e979170e02e7 | 5701 | |
ashleymills | 0:e979170e02e7 | 5702 | int CyaSSL_BIO_pending(CYASSL_BIO* bio) |
ashleymills | 0:e979170e02e7 | 5703 | { |
ashleymills | 0:e979170e02e7 | 5704 | (void)bio; |
ashleymills | 0:e979170e02e7 | 5705 | return 0; |
ashleymills | 0:e979170e02e7 | 5706 | } |
ashleymills | 0:e979170e02e7 | 5707 | |
ashleymills | 0:e979170e02e7 | 5708 | |
ashleymills | 0:e979170e02e7 | 5709 | |
ashleymills | 0:e979170e02e7 | 5710 | CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void) |
ashleymills | 0:e979170e02e7 | 5711 | { |
ashleymills | 0:e979170e02e7 | 5712 | static CYASSL_BIO_METHOD meth; |
ashleymills | 0:e979170e02e7 | 5713 | |
ashleymills | 0:e979170e02e7 | 5714 | CYASSL_ENTER("BIO_s_mem"); |
ashleymills | 0:e979170e02e7 | 5715 | meth.type = BIO_MEMORY; |
ashleymills | 0:e979170e02e7 | 5716 | |
ashleymills | 0:e979170e02e7 | 5717 | return &meth; |
ashleymills | 0:e979170e02e7 | 5718 | } |
ashleymills | 0:e979170e02e7 | 5719 | |
ashleymills | 0:e979170e02e7 | 5720 | |
ashleymills | 0:e979170e02e7 | 5721 | CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void) |
ashleymills | 0:e979170e02e7 | 5722 | { |
ashleymills | 0:e979170e02e7 | 5723 | return 0; |
ashleymills | 0:e979170e02e7 | 5724 | } |
ashleymills | 0:e979170e02e7 | 5725 | |
ashleymills | 0:e979170e02e7 | 5726 | |
ashleymills | 0:e979170e02e7 | 5727 | void CyaSSL_BIO_set_flags(CYASSL_BIO* bio, int flags) |
ashleymills | 0:e979170e02e7 | 5728 | { |
ashleymills | 0:e979170e02e7 | 5729 | (void)bio; |
ashleymills | 0:e979170e02e7 | 5730 | (void)flags; |
ashleymills | 0:e979170e02e7 | 5731 | } |
ashleymills | 0:e979170e02e7 | 5732 | |
ashleymills | 0:e979170e02e7 | 5733 | |
ashleymills | 0:e979170e02e7 | 5734 | |
ashleymills | 0:e979170e02e7 | 5735 | void CyaSSL_RAND_screen(void) |
ashleymills | 0:e979170e02e7 | 5736 | { |
ashleymills | 0:e979170e02e7 | 5737 | |
ashleymills | 0:e979170e02e7 | 5738 | } |
ashleymills | 0:e979170e02e7 | 5739 | |
ashleymills | 0:e979170e02e7 | 5740 | |
ashleymills | 0:e979170e02e7 | 5741 | const char* CyaSSL_RAND_file_name(char* fname, unsigned long len) |
ashleymills | 0:e979170e02e7 | 5742 | { |
ashleymills | 0:e979170e02e7 | 5743 | (void)fname; |
ashleymills | 0:e979170e02e7 | 5744 | (void)len; |
ashleymills | 0:e979170e02e7 | 5745 | return 0; |
ashleymills | 0:e979170e02e7 | 5746 | } |
ashleymills | 0:e979170e02e7 | 5747 | |
ashleymills | 0:e979170e02e7 | 5748 | |
ashleymills | 0:e979170e02e7 | 5749 | int CyaSSL_RAND_write_file(const char* fname) |
ashleymills | 0:e979170e02e7 | 5750 | { |
ashleymills | 0:e979170e02e7 | 5751 | (void)fname; |
ashleymills | 0:e979170e02e7 | 5752 | return 0; |
ashleymills | 0:e979170e02e7 | 5753 | } |
ashleymills | 0:e979170e02e7 | 5754 | |
ashleymills | 0:e979170e02e7 | 5755 | |
ashleymills | 0:e979170e02e7 | 5756 | int CyaSSL_RAND_load_file(const char* fname, long len) |
ashleymills | 0:e979170e02e7 | 5757 | { |
ashleymills | 0:e979170e02e7 | 5758 | (void)fname; |
ashleymills | 0:e979170e02e7 | 5759 | /* CTaoCrypt provides enough entropy internally or will report error */ |
ashleymills | 0:e979170e02e7 | 5760 | if (len == -1) |
ashleymills | 0:e979170e02e7 | 5761 | return 1024; |
ashleymills | 0:e979170e02e7 | 5762 | else |
ashleymills | 0:e979170e02e7 | 5763 | return (int)len; |
ashleymills | 0:e979170e02e7 | 5764 | } |
ashleymills | 0:e979170e02e7 | 5765 | |
ashleymills | 0:e979170e02e7 | 5766 | |
ashleymills | 0:e979170e02e7 | 5767 | int CyaSSL_RAND_egd(const char* path) |
ashleymills | 0:e979170e02e7 | 5768 | { |
ashleymills | 0:e979170e02e7 | 5769 | (void)path; |
ashleymills | 0:e979170e02e7 | 5770 | return 0; |
ashleymills | 0:e979170e02e7 | 5771 | } |
ashleymills | 0:e979170e02e7 | 5772 | |
ashleymills | 0:e979170e02e7 | 5773 | |
ashleymills | 0:e979170e02e7 | 5774 | |
ashleymills | 0:e979170e02e7 | 5775 | CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void) |
ashleymills | 0:e979170e02e7 | 5776 | { |
ashleymills | 0:e979170e02e7 | 5777 | return 0; |
ashleymills | 0:e979170e02e7 | 5778 | } |
ashleymills | 0:e979170e02e7 | 5779 | |
ashleymills | 0:e979170e02e7 | 5780 | |
ashleymills | 0:e979170e02e7 | 5781 | CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void) |
ashleymills | 0:e979170e02e7 | 5782 | { |
ashleymills | 0:e979170e02e7 | 5783 | return 0; |
ashleymills | 0:e979170e02e7 | 5784 | } |
ashleymills | 0:e979170e02e7 | 5785 | |
ashleymills | 0:e979170e02e7 | 5786 | |
ashleymills | 0:e979170e02e7 | 5787 | int CyaSSL_COMP_add_compression_method(int method, void* data) |
ashleymills | 0:e979170e02e7 | 5788 | { |
ashleymills | 0:e979170e02e7 | 5789 | (void)method; |
ashleymills | 0:e979170e02e7 | 5790 | (void)data; |
ashleymills | 0:e979170e02e7 | 5791 | return 0; |
ashleymills | 0:e979170e02e7 | 5792 | } |
ashleymills | 0:e979170e02e7 | 5793 | |
ashleymills | 0:e979170e02e7 | 5794 | |
ashleymills | 0:e979170e02e7 | 5795 | |
ashleymills | 0:e979170e02e7 | 5796 | int CyaSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, |
ashleymills | 0:e979170e02e7 | 5797 | void* cb3) |
ashleymills | 0:e979170e02e7 | 5798 | { |
ashleymills | 0:e979170e02e7 | 5799 | (void)idx; |
ashleymills | 0:e979170e02e7 | 5800 | (void)data; |
ashleymills | 0:e979170e02e7 | 5801 | (void)cb1; |
ashleymills | 0:e979170e02e7 | 5802 | (void)cb2; |
ashleymills | 0:e979170e02e7 | 5803 | (void)cb3; |
ashleymills | 0:e979170e02e7 | 5804 | return 0; |
ashleymills | 0:e979170e02e7 | 5805 | } |
ashleymills | 0:e979170e02e7 | 5806 | |
ashleymills | 0:e979170e02e7 | 5807 | |
ashleymills | 0:e979170e02e7 | 5808 | void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f)( |
ashleymills | 0:e979170e02e7 | 5809 | const char*, int)) |
ashleymills | 0:e979170e02e7 | 5810 | { |
ashleymills | 0:e979170e02e7 | 5811 | (void)f; |
ashleymills | 0:e979170e02e7 | 5812 | } |
ashleymills | 0:e979170e02e7 | 5813 | |
ashleymills | 0:e979170e02e7 | 5814 | |
ashleymills | 0:e979170e02e7 | 5815 | void CyaSSL_set_dynlock_lock_callback( |
ashleymills | 0:e979170e02e7 | 5816 | void (*f)(int, CYASSL_dynlock_value*, const char*, int)) |
ashleymills | 0:e979170e02e7 | 5817 | { |
ashleymills | 0:e979170e02e7 | 5818 | (void)f; |
ashleymills | 0:e979170e02e7 | 5819 | } |
ashleymills | 0:e979170e02e7 | 5820 | |
ashleymills | 0:e979170e02e7 | 5821 | |
ashleymills | 0:e979170e02e7 | 5822 | void CyaSSL_set_dynlock_destroy_callback( |
ashleymills | 0:e979170e02e7 | 5823 | void (*f)(CYASSL_dynlock_value*, const char*, int)) |
ashleymills | 0:e979170e02e7 | 5824 | { |
ashleymills | 0:e979170e02e7 | 5825 | (void)f; |
ashleymills | 0:e979170e02e7 | 5826 | } |
ashleymills | 0:e979170e02e7 | 5827 | |
ashleymills | 0:e979170e02e7 | 5828 | |
ashleymills | 0:e979170e02e7 | 5829 | |
ashleymills | 0:e979170e02e7 | 5830 | const char* CyaSSL_X509_verify_cert_error_string(long err) |
ashleymills | 0:e979170e02e7 | 5831 | { |
ashleymills | 0:e979170e02e7 | 5832 | (void)err; |
ashleymills | 0:e979170e02e7 | 5833 | return 0; |
ashleymills | 0:e979170e02e7 | 5834 | } |
ashleymills | 0:e979170e02e7 | 5835 | |
ashleymills | 0:e979170e02e7 | 5836 | |
ashleymills | 0:e979170e02e7 | 5837 | |
ashleymills | 0:e979170e02e7 | 5838 | int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP* lookup, const char* dir, |
ashleymills | 0:e979170e02e7 | 5839 | long len) |
ashleymills | 0:e979170e02e7 | 5840 | { |
ashleymills | 0:e979170e02e7 | 5841 | (void)lookup; |
ashleymills | 0:e979170e02e7 | 5842 | (void)dir; |
ashleymills | 0:e979170e02e7 | 5843 | (void)len; |
ashleymills | 0:e979170e02e7 | 5844 | return 0; |
ashleymills | 0:e979170e02e7 | 5845 | } |
ashleymills | 0:e979170e02e7 | 5846 | |
ashleymills | 0:e979170e02e7 | 5847 | |
ashleymills | 0:e979170e02e7 | 5848 | int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP* lookup, |
ashleymills | 0:e979170e02e7 | 5849 | const char* file, long len) |
ashleymills | 0:e979170e02e7 | 5850 | { |
ashleymills | 0:e979170e02e7 | 5851 | (void)lookup; |
ashleymills | 0:e979170e02e7 | 5852 | (void)file; |
ashleymills | 0:e979170e02e7 | 5853 | (void)len; |
ashleymills | 0:e979170e02e7 | 5854 | return 0; |
ashleymills | 0:e979170e02e7 | 5855 | } |
ashleymills | 0:e979170e02e7 | 5856 | |
ashleymills | 0:e979170e02e7 | 5857 | |
ashleymills | 0:e979170e02e7 | 5858 | CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void) |
ashleymills | 0:e979170e02e7 | 5859 | { |
ashleymills | 0:e979170e02e7 | 5860 | return 0; |
ashleymills | 0:e979170e02e7 | 5861 | } |
ashleymills | 0:e979170e02e7 | 5862 | |
ashleymills | 0:e979170e02e7 | 5863 | |
ashleymills | 0:e979170e02e7 | 5864 | CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void) |
ashleymills | 0:e979170e02e7 | 5865 | { |
ashleymills | 0:e979170e02e7 | 5866 | return 0; |
ashleymills | 0:e979170e02e7 | 5867 | } |
ashleymills | 0:e979170e02e7 | 5868 | |
ashleymills | 0:e979170e02e7 | 5869 | |
ashleymills | 0:e979170e02e7 | 5870 | |
ashleymills | 0:e979170e02e7 | 5871 | CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE* store, |
ashleymills | 0:e979170e02e7 | 5872 | CYASSL_X509_LOOKUP_METHOD* m) |
ashleymills | 0:e979170e02e7 | 5873 | { |
ashleymills | 0:e979170e02e7 | 5874 | (void)store; |
ashleymills | 0:e979170e02e7 | 5875 | (void)m; |
ashleymills | 0:e979170e02e7 | 5876 | return 0; |
ashleymills | 0:e979170e02e7 | 5877 | } |
ashleymills | 0:e979170e02e7 | 5878 | |
ashleymills | 0:e979170e02e7 | 5879 | |
ashleymills | 0:e979170e02e7 | 5880 | CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void) |
ashleymills | 0:e979170e02e7 | 5881 | { |
ashleymills | 0:e979170e02e7 | 5882 | return 0; |
ashleymills | 0:e979170e02e7 | 5883 | } |
ashleymills | 0:e979170e02e7 | 5884 | |
ashleymills | 0:e979170e02e7 | 5885 | |
ashleymills | 0:e979170e02e7 | 5886 | int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX* ctx, int idx, |
ashleymills | 0:e979170e02e7 | 5887 | CYASSL_X509_NAME* name, CYASSL_X509_OBJECT* obj) |
ashleymills | 0:e979170e02e7 | 5888 | { |
ashleymills | 0:e979170e02e7 | 5889 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 5890 | (void)idx; |
ashleymills | 0:e979170e02e7 | 5891 | (void)name; |
ashleymills | 0:e979170e02e7 | 5892 | (void)obj; |
ashleymills | 0:e979170e02e7 | 5893 | return 0; |
ashleymills | 0:e979170e02e7 | 5894 | } |
ashleymills | 0:e979170e02e7 | 5895 | |
ashleymills | 0:e979170e02e7 | 5896 | |
ashleymills | 0:e979170e02e7 | 5897 | int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 5898 | CYASSL_X509_STORE* store, CYASSL_X509* x509, STACK_OF(CYASSL_X509)* sk) |
ashleymills | 0:e979170e02e7 | 5899 | { |
ashleymills | 0:e979170e02e7 | 5900 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 5901 | (void)store; |
ashleymills | 0:e979170e02e7 | 5902 | (void)x509; |
ashleymills | 0:e979170e02e7 | 5903 | (void)sk; |
ashleymills | 0:e979170e02e7 | 5904 | return 0; |
ashleymills | 0:e979170e02e7 | 5905 | } |
ashleymills | 0:e979170e02e7 | 5906 | |
ashleymills | 0:e979170e02e7 | 5907 | |
ashleymills | 0:e979170e02e7 | 5908 | void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 5909 | { |
ashleymills | 0:e979170e02e7 | 5910 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 5911 | } |
ashleymills | 0:e979170e02e7 | 5912 | |
ashleymills | 0:e979170e02e7 | 5913 | |
ashleymills | 0:e979170e02e7 | 5914 | |
ashleymills | 0:e979170e02e7 | 5915 | CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL* crl) |
ashleymills | 0:e979170e02e7 | 5916 | { |
ashleymills | 0:e979170e02e7 | 5917 | (void)crl; |
ashleymills | 0:e979170e02e7 | 5918 | return 0; |
ashleymills | 0:e979170e02e7 | 5919 | } |
ashleymills | 0:e979170e02e7 | 5920 | |
ashleymills | 0:e979170e02e7 | 5921 | |
ashleymills | 0:e979170e02e7 | 5922 | CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL* crl) |
ashleymills | 0:e979170e02e7 | 5923 | { |
ashleymills | 0:e979170e02e7 | 5924 | (void)crl; |
ashleymills | 0:e979170e02e7 | 5925 | return 0; |
ashleymills | 0:e979170e02e7 | 5926 | } |
ashleymills | 0:e979170e02e7 | 5927 | |
ashleymills | 0:e979170e02e7 | 5928 | |
ashleymills | 0:e979170e02e7 | 5929 | |
ashleymills | 0:e979170e02e7 | 5930 | CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509* x509) |
ashleymills | 0:e979170e02e7 | 5931 | { |
ashleymills | 0:e979170e02e7 | 5932 | (void)x509; |
ashleymills | 0:e979170e02e7 | 5933 | return 0; |
ashleymills | 0:e979170e02e7 | 5934 | } |
ashleymills | 0:e979170e02e7 | 5935 | |
ashleymills | 0:e979170e02e7 | 5936 | |
ashleymills | 0:e979170e02e7 | 5937 | int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL* crl, CYASSL_EVP_PKEY* key) |
ashleymills | 0:e979170e02e7 | 5938 | { |
ashleymills | 0:e979170e02e7 | 5939 | (void)crl; |
ashleymills | 0:e979170e02e7 | 5940 | (void)key; |
ashleymills | 0:e979170e02e7 | 5941 | return 0; |
ashleymills | 0:e979170e02e7 | 5942 | } |
ashleymills | 0:e979170e02e7 | 5943 | |
ashleymills | 0:e979170e02e7 | 5944 | |
ashleymills | 0:e979170e02e7 | 5945 | void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX* ctx, int err) |
ashleymills | 0:e979170e02e7 | 5946 | { |
ashleymills | 0:e979170e02e7 | 5947 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 5948 | (void)err; |
ashleymills | 0:e979170e02e7 | 5949 | } |
ashleymills | 0:e979170e02e7 | 5950 | |
ashleymills | 0:e979170e02e7 | 5951 | |
ashleymills | 0:e979170e02e7 | 5952 | void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT* obj) |
ashleymills | 0:e979170e02e7 | 5953 | { |
ashleymills | 0:e979170e02e7 | 5954 | (void)obj; |
ashleymills | 0:e979170e02e7 | 5955 | } |
ashleymills | 0:e979170e02e7 | 5956 | |
ashleymills | 0:e979170e02e7 | 5957 | |
ashleymills | 0:e979170e02e7 | 5958 | void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY* key) |
ashleymills | 0:e979170e02e7 | 5959 | { |
ashleymills | 0:e979170e02e7 | 5960 | (void)key; |
ashleymills | 0:e979170e02e7 | 5961 | } |
ashleymills | 0:e979170e02e7 | 5962 | |
ashleymills | 0:e979170e02e7 | 5963 | |
ashleymills | 0:e979170e02e7 | 5964 | int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME* asnTime) |
ashleymills | 0:e979170e02e7 | 5965 | { |
ashleymills | 0:e979170e02e7 | 5966 | (void)asnTime; |
ashleymills | 0:e979170e02e7 | 5967 | return 0; |
ashleymills | 0:e979170e02e7 | 5968 | } |
ashleymills | 0:e979170e02e7 | 5969 | |
ashleymills | 0:e979170e02e7 | 5970 | |
ashleymills | 0:e979170e02e7 | 5971 | int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED* revoked) |
ashleymills | 0:e979170e02e7 | 5972 | { |
ashleymills | 0:e979170e02e7 | 5973 | (void)revoked; |
ashleymills | 0:e979170e02e7 | 5974 | return 0; |
ashleymills | 0:e979170e02e7 | 5975 | } |
ashleymills | 0:e979170e02e7 | 5976 | |
ashleymills | 0:e979170e02e7 | 5977 | |
ashleymills | 0:e979170e02e7 | 5978 | |
ashleymills | 0:e979170e02e7 | 5979 | CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL* crl) |
ashleymills | 0:e979170e02e7 | 5980 | { |
ashleymills | 0:e979170e02e7 | 5981 | (void)crl; |
ashleymills | 0:e979170e02e7 | 5982 | return 0; |
ashleymills | 0:e979170e02e7 | 5983 | } |
ashleymills | 0:e979170e02e7 | 5984 | |
ashleymills | 0:e979170e02e7 | 5985 | |
ashleymills | 0:e979170e02e7 | 5986 | CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value( |
ashleymills | 0:e979170e02e7 | 5987 | CYASSL_X509_REVOKED* revoked, int value) |
ashleymills | 0:e979170e02e7 | 5988 | { |
ashleymills | 0:e979170e02e7 | 5989 | (void)revoked; |
ashleymills | 0:e979170e02e7 | 5990 | (void)value; |
ashleymills | 0:e979170e02e7 | 5991 | return 0; |
ashleymills | 0:e979170e02e7 | 5992 | } |
ashleymills | 0:e979170e02e7 | 5993 | |
ashleymills | 0:e979170e02e7 | 5994 | |
ashleymills | 0:e979170e02e7 | 5995 | |
ashleymills | 0:e979170e02e7 | 5996 | CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509* x509) |
ashleymills | 0:e979170e02e7 | 5997 | { |
ashleymills | 0:e979170e02e7 | 5998 | (void)x509; |
ashleymills | 0:e979170e02e7 | 5999 | return 0; |
ashleymills | 0:e979170e02e7 | 6000 | } |
ashleymills | 0:e979170e02e7 | 6001 | |
ashleymills | 0:e979170e02e7 | 6002 | |
ashleymills | 0:e979170e02e7 | 6003 | int CyaSSL_ASN1_TIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_TIME* asnTime) |
ashleymills | 0:e979170e02e7 | 6004 | { |
ashleymills | 0:e979170e02e7 | 6005 | (void)bio; |
ashleymills | 0:e979170e02e7 | 6006 | (void)asnTime; |
ashleymills | 0:e979170e02e7 | 6007 | return 0; |
ashleymills | 0:e979170e02e7 | 6008 | } |
ashleymills | 0:e979170e02e7 | 6009 | |
ashleymills | 0:e979170e02e7 | 6010 | |
ashleymills | 0:e979170e02e7 | 6011 | |
ashleymills | 0:e979170e02e7 | 6012 | int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER* a, |
ashleymills | 0:e979170e02e7 | 6013 | const CYASSL_ASN1_INTEGER* b) |
ashleymills | 0:e979170e02e7 | 6014 | { |
ashleymills | 0:e979170e02e7 | 6015 | (void)a; |
ashleymills | 0:e979170e02e7 | 6016 | (void)b; |
ashleymills | 0:e979170e02e7 | 6017 | return 0; |
ashleymills | 0:e979170e02e7 | 6018 | } |
ashleymills | 0:e979170e02e7 | 6019 | |
ashleymills | 0:e979170e02e7 | 6020 | |
ashleymills | 0:e979170e02e7 | 6021 | long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER* i) |
ashleymills | 0:e979170e02e7 | 6022 | { |
ashleymills | 0:e979170e02e7 | 6023 | (void)i; |
ashleymills | 0:e979170e02e7 | 6024 | return 0; |
ashleymills | 0:e979170e02e7 | 6025 | } |
ashleymills | 0:e979170e02e7 | 6026 | |
ashleymills | 0:e979170e02e7 | 6027 | |
ashleymills | 0:e979170e02e7 | 6028 | |
ashleymills | 0:e979170e02e7 | 6029 | void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX* ctx, int idx) |
ashleymills | 0:e979170e02e7 | 6030 | { |
ashleymills | 0:e979170e02e7 | 6031 | #ifdef FORTRESS |
ashleymills | 0:e979170e02e7 | 6032 | if (ctx != NULL && idx == 0) |
ashleymills | 0:e979170e02e7 | 6033 | return ctx->ex_data; |
ashleymills | 0:e979170e02e7 | 6034 | #else |
ashleymills | 0:e979170e02e7 | 6035 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6036 | (void)idx; |
ashleymills | 0:e979170e02e7 | 6037 | #endif |
ashleymills | 0:e979170e02e7 | 6038 | return 0; |
ashleymills | 0:e979170e02e7 | 6039 | } |
ashleymills | 0:e979170e02e7 | 6040 | |
ashleymills | 0:e979170e02e7 | 6041 | |
ashleymills | 0:e979170e02e7 | 6042 | int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void) |
ashleymills | 0:e979170e02e7 | 6043 | { |
ashleymills | 0:e979170e02e7 | 6044 | return 0; |
ashleymills | 0:e979170e02e7 | 6045 | } |
ashleymills | 0:e979170e02e7 | 6046 | |
ashleymills | 0:e979170e02e7 | 6047 | |
ashleymills | 0:e979170e02e7 | 6048 | void* CyaSSL_get_ex_data(const CYASSL* ssl, int idx) |
ashleymills | 0:e979170e02e7 | 6049 | { |
ashleymills | 0:e979170e02e7 | 6050 | #ifdef FORTRESS |
ashleymills | 0:e979170e02e7 | 6051 | if (ssl != NULL && idx < MAX_EX_DATA) |
ashleymills | 0:e979170e02e7 | 6052 | return ssl->ex_data[idx]; |
ashleymills | 0:e979170e02e7 | 6053 | #else |
ashleymills | 0:e979170e02e7 | 6054 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 6055 | (void)idx; |
ashleymills | 0:e979170e02e7 | 6056 | #endif |
ashleymills | 0:e979170e02e7 | 6057 | return 0; |
ashleymills | 0:e979170e02e7 | 6058 | } |
ashleymills | 0:e979170e02e7 | 6059 | |
ashleymills | 0:e979170e02e7 | 6060 | |
ashleymills | 0:e979170e02e7 | 6061 | void CyaSSL_CTX_set_info_callback(CYASSL_CTX* ctx, void (*f)(void)) |
ashleymills | 0:e979170e02e7 | 6062 | { |
ashleymills | 0:e979170e02e7 | 6063 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6064 | (void)f; |
ashleymills | 0:e979170e02e7 | 6065 | } |
ashleymills | 0:e979170e02e7 | 6066 | |
ashleymills | 0:e979170e02e7 | 6067 | |
ashleymills | 0:e979170e02e7 | 6068 | unsigned long CyaSSL_ERR_peek_error(void) |
ashleymills | 0:e979170e02e7 | 6069 | { |
ashleymills | 0:e979170e02e7 | 6070 | return 0; |
ashleymills | 0:e979170e02e7 | 6071 | } |
ashleymills | 0:e979170e02e7 | 6072 | |
ashleymills | 0:e979170e02e7 | 6073 | |
ashleymills | 0:e979170e02e7 | 6074 | int CyaSSL_ERR_GET_REASON(int err) |
ashleymills | 0:e979170e02e7 | 6075 | { |
ashleymills | 0:e979170e02e7 | 6076 | (void)err; |
ashleymills | 0:e979170e02e7 | 6077 | return 0; |
ashleymills | 0:e979170e02e7 | 6078 | } |
ashleymills | 0:e979170e02e7 | 6079 | |
ashleymills | 0:e979170e02e7 | 6080 | |
ashleymills | 0:e979170e02e7 | 6081 | char* CyaSSL_alert_type_string_long(int alertID) |
ashleymills | 0:e979170e02e7 | 6082 | { |
ashleymills | 0:e979170e02e7 | 6083 | (void)alertID; |
ashleymills | 0:e979170e02e7 | 6084 | return 0; |
ashleymills | 0:e979170e02e7 | 6085 | } |
ashleymills | 0:e979170e02e7 | 6086 | |
ashleymills | 0:e979170e02e7 | 6087 | |
ashleymills | 0:e979170e02e7 | 6088 | char* CyaSSL_alert_desc_string_long(int alertID) |
ashleymills | 0:e979170e02e7 | 6089 | { |
ashleymills | 0:e979170e02e7 | 6090 | (void)alertID; |
ashleymills | 0:e979170e02e7 | 6091 | return 0; |
ashleymills | 0:e979170e02e7 | 6092 | } |
ashleymills | 0:e979170e02e7 | 6093 | |
ashleymills | 0:e979170e02e7 | 6094 | |
ashleymills | 0:e979170e02e7 | 6095 | char* CyaSSL_state_string_long(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 6096 | { |
ashleymills | 0:e979170e02e7 | 6097 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 6098 | return 0; |
ashleymills | 0:e979170e02e7 | 6099 | } |
ashleymills | 0:e979170e02e7 | 6100 | |
ashleymills | 0:e979170e02e7 | 6101 | |
ashleymills | 0:e979170e02e7 | 6102 | int CyaSSL_PEM_def_callback(char* name, int num, int w, void* key) |
ashleymills | 0:e979170e02e7 | 6103 | { |
ashleymills | 0:e979170e02e7 | 6104 | (void)name; |
ashleymills | 0:e979170e02e7 | 6105 | (void)num; |
ashleymills | 0:e979170e02e7 | 6106 | (void)w; |
ashleymills | 0:e979170e02e7 | 6107 | (void)key; |
ashleymills | 0:e979170e02e7 | 6108 | return 0; |
ashleymills | 0:e979170e02e7 | 6109 | } |
ashleymills | 0:e979170e02e7 | 6110 | |
ashleymills | 0:e979170e02e7 | 6111 | |
ashleymills | 0:e979170e02e7 | 6112 | long CyaSSL_CTX_sess_accept(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6113 | { |
ashleymills | 0:e979170e02e7 | 6114 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6115 | return 0; |
ashleymills | 0:e979170e02e7 | 6116 | } |
ashleymills | 0:e979170e02e7 | 6117 | |
ashleymills | 0:e979170e02e7 | 6118 | |
ashleymills | 0:e979170e02e7 | 6119 | long CyaSSL_CTX_sess_connect(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6120 | { |
ashleymills | 0:e979170e02e7 | 6121 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6122 | return 0; |
ashleymills | 0:e979170e02e7 | 6123 | } |
ashleymills | 0:e979170e02e7 | 6124 | |
ashleymills | 0:e979170e02e7 | 6125 | |
ashleymills | 0:e979170e02e7 | 6126 | long CyaSSL_CTX_sess_accept_good(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6127 | { |
ashleymills | 0:e979170e02e7 | 6128 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6129 | return 0; |
ashleymills | 0:e979170e02e7 | 6130 | } |
ashleymills | 0:e979170e02e7 | 6131 | |
ashleymills | 0:e979170e02e7 | 6132 | |
ashleymills | 0:e979170e02e7 | 6133 | long CyaSSL_CTX_sess_connect_good(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6134 | { |
ashleymills | 0:e979170e02e7 | 6135 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6136 | return 0; |
ashleymills | 0:e979170e02e7 | 6137 | } |
ashleymills | 0:e979170e02e7 | 6138 | |
ashleymills | 0:e979170e02e7 | 6139 | |
ashleymills | 0:e979170e02e7 | 6140 | long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6141 | { |
ashleymills | 0:e979170e02e7 | 6142 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6143 | return 0; |
ashleymills | 0:e979170e02e7 | 6144 | } |
ashleymills | 0:e979170e02e7 | 6145 | |
ashleymills | 0:e979170e02e7 | 6146 | |
ashleymills | 0:e979170e02e7 | 6147 | long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6148 | { |
ashleymills | 0:e979170e02e7 | 6149 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6150 | return 0; |
ashleymills | 0:e979170e02e7 | 6151 | } |
ashleymills | 0:e979170e02e7 | 6152 | |
ashleymills | 0:e979170e02e7 | 6153 | |
ashleymills | 0:e979170e02e7 | 6154 | long CyaSSL_CTX_sess_hits(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6155 | { |
ashleymills | 0:e979170e02e7 | 6156 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6157 | return 0; |
ashleymills | 0:e979170e02e7 | 6158 | } |
ashleymills | 0:e979170e02e7 | 6159 | |
ashleymills | 0:e979170e02e7 | 6160 | |
ashleymills | 0:e979170e02e7 | 6161 | long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6162 | { |
ashleymills | 0:e979170e02e7 | 6163 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6164 | return 0; |
ashleymills | 0:e979170e02e7 | 6165 | } |
ashleymills | 0:e979170e02e7 | 6166 | |
ashleymills | 0:e979170e02e7 | 6167 | |
ashleymills | 0:e979170e02e7 | 6168 | long CyaSSL_CTX_sess_cache_full(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6169 | { |
ashleymills | 0:e979170e02e7 | 6170 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6171 | return 0; |
ashleymills | 0:e979170e02e7 | 6172 | } |
ashleymills | 0:e979170e02e7 | 6173 | |
ashleymills | 0:e979170e02e7 | 6174 | |
ashleymills | 0:e979170e02e7 | 6175 | long CyaSSL_CTX_sess_misses(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6176 | { |
ashleymills | 0:e979170e02e7 | 6177 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6178 | return 0; |
ashleymills | 0:e979170e02e7 | 6179 | } |
ashleymills | 0:e979170e02e7 | 6180 | |
ashleymills | 0:e979170e02e7 | 6181 | |
ashleymills | 0:e979170e02e7 | 6182 | long CyaSSL_CTX_sess_timeouts(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6183 | { |
ashleymills | 0:e979170e02e7 | 6184 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6185 | return 0; |
ashleymills | 0:e979170e02e7 | 6186 | } |
ashleymills | 0:e979170e02e7 | 6187 | |
ashleymills | 0:e979170e02e7 | 6188 | |
ashleymills | 0:e979170e02e7 | 6189 | long CyaSSL_CTX_sess_number(CYASSL_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6190 | { |
ashleymills | 0:e979170e02e7 | 6191 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6192 | return 0; |
ashleymills | 0:e979170e02e7 | 6193 | } |
ashleymills | 0:e979170e02e7 | 6194 | |
ashleymills | 0:e979170e02e7 | 6195 | |
ashleymills | 0:e979170e02e7 | 6196 | void CyaSSL_DES_set_key_unchecked(CYASSL_const_DES_cblock* myDes, |
ashleymills | 0:e979170e02e7 | 6197 | CYASSL_DES_key_schedule* key) |
ashleymills | 0:e979170e02e7 | 6198 | { |
ashleymills | 0:e979170e02e7 | 6199 | (void)myDes; |
ashleymills | 0:e979170e02e7 | 6200 | (void)key; |
ashleymills | 0:e979170e02e7 | 6201 | } |
ashleymills | 0:e979170e02e7 | 6202 | |
ashleymills | 0:e979170e02e7 | 6203 | |
ashleymills | 0:e979170e02e7 | 6204 | void CyaSSL_DES_set_odd_parity(CYASSL_DES_cblock* myDes) |
ashleymills | 0:e979170e02e7 | 6205 | { |
ashleymills | 0:e979170e02e7 | 6206 | (void)myDes; |
ashleymills | 0:e979170e02e7 | 6207 | } |
ashleymills | 0:e979170e02e7 | 6208 | |
ashleymills | 0:e979170e02e7 | 6209 | |
ashleymills | 0:e979170e02e7 | 6210 | void CyaSSL_DES_ecb_encrypt(CYASSL_DES_cblock* desa, |
ashleymills | 0:e979170e02e7 | 6211 | CYASSL_DES_cblock* desb, CYASSL_DES_key_schedule* key, int len) |
ashleymills | 0:e979170e02e7 | 6212 | { |
ashleymills | 0:e979170e02e7 | 6213 | (void)desa; |
ashleymills | 0:e979170e02e7 | 6214 | (void)desb; |
ashleymills | 0:e979170e02e7 | 6215 | (void)key; |
ashleymills | 0:e979170e02e7 | 6216 | (void)len; |
ashleymills | 0:e979170e02e7 | 6217 | } |
ashleymills | 0:e979170e02e7 | 6218 | |
ashleymills | 0:e979170e02e7 | 6219 | int CyaSSL_BIO_printf(CYASSL_BIO* bio, const char* format, ...) |
ashleymills | 0:e979170e02e7 | 6220 | { |
ashleymills | 0:e979170e02e7 | 6221 | (void)bio; |
ashleymills | 0:e979170e02e7 | 6222 | (void)format; |
ashleymills | 0:e979170e02e7 | 6223 | return 0; |
ashleymills | 0:e979170e02e7 | 6224 | } |
ashleymills | 0:e979170e02e7 | 6225 | |
ashleymills | 0:e979170e02e7 | 6226 | |
ashleymills | 0:e979170e02e7 | 6227 | int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_UTCTIME* a) |
ashleymills | 0:e979170e02e7 | 6228 | { |
ashleymills | 0:e979170e02e7 | 6229 | (void)bio; |
ashleymills | 0:e979170e02e7 | 6230 | (void)a; |
ashleymills | 0:e979170e02e7 | 6231 | return 0; |
ashleymills | 0:e979170e02e7 | 6232 | } |
ashleymills | 0:e979170e02e7 | 6233 | |
ashleymills | 0:e979170e02e7 | 6234 | |
ashleymills | 0:e979170e02e7 | 6235 | int CyaSSL_sk_num(CYASSL_X509_REVOKED* rev) |
ashleymills | 0:e979170e02e7 | 6236 | { |
ashleymills | 0:e979170e02e7 | 6237 | (void)rev; |
ashleymills | 0:e979170e02e7 | 6238 | return 0; |
ashleymills | 0:e979170e02e7 | 6239 | } |
ashleymills | 0:e979170e02e7 | 6240 | |
ashleymills | 0:e979170e02e7 | 6241 | |
ashleymills | 0:e979170e02e7 | 6242 | void* CyaSSL_sk_value(CYASSL_X509_REVOKED* rev, int i) |
ashleymills | 0:e979170e02e7 | 6243 | { |
ashleymills | 0:e979170e02e7 | 6244 | (void)rev; |
ashleymills | 0:e979170e02e7 | 6245 | (void)i; |
ashleymills | 0:e979170e02e7 | 6246 | return 0; |
ashleymills | 0:e979170e02e7 | 6247 | } |
ashleymills | 0:e979170e02e7 | 6248 | |
ashleymills | 0:e979170e02e7 | 6249 | |
ashleymills | 0:e979170e02e7 | 6250 | /* stunnel 4.28 needs */ |
ashleymills | 0:e979170e02e7 | 6251 | void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX* ctx, int d) |
ashleymills | 0:e979170e02e7 | 6252 | { |
ashleymills | 0:e979170e02e7 | 6253 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6254 | (void)d; |
ashleymills | 0:e979170e02e7 | 6255 | return 0; |
ashleymills | 0:e979170e02e7 | 6256 | } |
ashleymills | 0:e979170e02e7 | 6257 | |
ashleymills | 0:e979170e02e7 | 6258 | |
ashleymills | 0:e979170e02e7 | 6259 | int CyaSSL_CTX_set_ex_data(CYASSL_CTX* ctx, int d, void* p) |
ashleymills | 0:e979170e02e7 | 6260 | { |
ashleymills | 0:e979170e02e7 | 6261 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6262 | (void)d; |
ashleymills | 0:e979170e02e7 | 6263 | (void)p; |
ashleymills | 0:e979170e02e7 | 6264 | return SSL_SUCCESS; |
ashleymills | 0:e979170e02e7 | 6265 | } |
ashleymills | 0:e979170e02e7 | 6266 | |
ashleymills | 0:e979170e02e7 | 6267 | |
ashleymills | 0:e979170e02e7 | 6268 | void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 6269 | CYASSL_SESSION*(*f)(CYASSL*, unsigned char*, int, int*)) |
ashleymills | 0:e979170e02e7 | 6270 | { |
ashleymills | 0:e979170e02e7 | 6271 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6272 | (void)f; |
ashleymills | 0:e979170e02e7 | 6273 | } |
ashleymills | 0:e979170e02e7 | 6274 | |
ashleymills | 0:e979170e02e7 | 6275 | |
ashleymills | 0:e979170e02e7 | 6276 | void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX* ctx, |
ashleymills | 0:e979170e02e7 | 6277 | int (*f)(CYASSL*, CYASSL_SESSION*)) |
ashleymills | 0:e979170e02e7 | 6278 | { |
ashleymills | 0:e979170e02e7 | 6279 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6280 | (void)f; |
ashleymills | 0:e979170e02e7 | 6281 | } |
ashleymills | 0:e979170e02e7 | 6282 | |
ashleymills | 0:e979170e02e7 | 6283 | |
ashleymills | 0:e979170e02e7 | 6284 | void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX* ctx, void (*f)(CYASSL_CTX*, |
ashleymills | 0:e979170e02e7 | 6285 | CYASSL_SESSION*)) |
ashleymills | 0:e979170e02e7 | 6286 | { |
ashleymills | 0:e979170e02e7 | 6287 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6288 | (void)f; |
ashleymills | 0:e979170e02e7 | 6289 | } |
ashleymills | 0:e979170e02e7 | 6290 | |
ashleymills | 0:e979170e02e7 | 6291 | |
ashleymills | 0:e979170e02e7 | 6292 | int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION* sess, unsigned char** p) |
ashleymills | 0:e979170e02e7 | 6293 | { |
ashleymills | 0:e979170e02e7 | 6294 | (void)sess; |
ashleymills | 0:e979170e02e7 | 6295 | (void)p; |
ashleymills | 0:e979170e02e7 | 6296 | return sizeof(CYASSL_SESSION); |
ashleymills | 0:e979170e02e7 | 6297 | } |
ashleymills | 0:e979170e02e7 | 6298 | |
ashleymills | 0:e979170e02e7 | 6299 | |
ashleymills | 0:e979170e02e7 | 6300 | CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION** sess, |
ashleymills | 0:e979170e02e7 | 6301 | const unsigned char** p, long i) |
ashleymills | 0:e979170e02e7 | 6302 | { |
ashleymills | 0:e979170e02e7 | 6303 | (void)p; |
ashleymills | 0:e979170e02e7 | 6304 | (void)i; |
ashleymills | 0:e979170e02e7 | 6305 | if (sess) |
ashleymills | 0:e979170e02e7 | 6306 | return *sess; |
ashleymills | 0:e979170e02e7 | 6307 | return NULL; |
ashleymills | 0:e979170e02e7 | 6308 | } |
ashleymills | 0:e979170e02e7 | 6309 | |
ashleymills | 0:e979170e02e7 | 6310 | |
ashleymills | 0:e979170e02e7 | 6311 | long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION* sess) |
ashleymills | 0:e979170e02e7 | 6312 | { |
ashleymills | 0:e979170e02e7 | 6313 | CYASSL_ENTER("CyaSSL_SESSION_get_timeout"); |
ashleymills | 0:e979170e02e7 | 6314 | return sess->timeout; |
ashleymills | 0:e979170e02e7 | 6315 | } |
ashleymills | 0:e979170e02e7 | 6316 | |
ashleymills | 0:e979170e02e7 | 6317 | |
ashleymills | 0:e979170e02e7 | 6318 | long CyaSSL_SESSION_get_time(const CYASSL_SESSION* sess) |
ashleymills | 0:e979170e02e7 | 6319 | { |
ashleymills | 0:e979170e02e7 | 6320 | CYASSL_ENTER("CyaSSL_SESSION_get_time"); |
ashleymills | 0:e979170e02e7 | 6321 | return sess->bornOn; |
ashleymills | 0:e979170e02e7 | 6322 | } |
ashleymills | 0:e979170e02e7 | 6323 | |
ashleymills | 0:e979170e02e7 | 6324 | |
ashleymills | 0:e979170e02e7 | 6325 | int CyaSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, |
ashleymills | 0:e979170e02e7 | 6326 | void* c) |
ashleymills | 0:e979170e02e7 | 6327 | { |
ashleymills | 0:e979170e02e7 | 6328 | (void)idx; |
ashleymills | 0:e979170e02e7 | 6329 | (void)arg; |
ashleymills | 0:e979170e02e7 | 6330 | (void)a; |
ashleymills | 0:e979170e02e7 | 6331 | (void)b; |
ashleymills | 0:e979170e02e7 | 6332 | (void)c; |
ashleymills | 0:e979170e02e7 | 6333 | return 0; |
ashleymills | 0:e979170e02e7 | 6334 | } |
ashleymills | 0:e979170e02e7 | 6335 | |
ashleymills | 0:e979170e02e7 | 6336 | /* write X509 serial number in unsigned binary to buffer |
ashleymills | 0:e979170e02e7 | 6337 | buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases |
ashleymills | 0:e979170e02e7 | 6338 | return 0 on success */ |
ashleymills | 0:e979170e02e7 | 6339 | int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz) |
ashleymills | 0:e979170e02e7 | 6340 | { |
ashleymills | 0:e979170e02e7 | 6341 | CYASSL_ENTER("CyaSSL_X509_get_serial_number"); |
ashleymills | 0:e979170e02e7 | 6342 | if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz) |
ashleymills | 0:e979170e02e7 | 6343 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 6344 | |
ashleymills | 0:e979170e02e7 | 6345 | XMEMCPY(in, x509->serial, x509->serialSz); |
ashleymills | 0:e979170e02e7 | 6346 | *inOutSz = x509->serialSz; |
ashleymills | 0:e979170e02e7 | 6347 | |
ashleymills | 0:e979170e02e7 | 6348 | return 0; |
ashleymills | 0:e979170e02e7 | 6349 | } |
ashleymills | 0:e979170e02e7 | 6350 | |
ashleymills | 0:e979170e02e7 | 6351 | |
ashleymills | 0:e979170e02e7 | 6352 | const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz) |
ashleymills | 0:e979170e02e7 | 6353 | { |
ashleymills | 0:e979170e02e7 | 6354 | CYASSL_ENTER("CyaSSL_X509_get_der"); |
ashleymills | 0:e979170e02e7 | 6355 | |
ashleymills | 0:e979170e02e7 | 6356 | if (x509 == NULL || outSz == NULL) |
ashleymills | 0:e979170e02e7 | 6357 | return NULL; |
ashleymills | 0:e979170e02e7 | 6358 | |
ashleymills | 0:e979170e02e7 | 6359 | *outSz = (int)x509->derCert.length; |
ashleymills | 0:e979170e02e7 | 6360 | return x509->derCert.buffer; |
ashleymills | 0:e979170e02e7 | 6361 | } |
ashleymills | 0:e979170e02e7 | 6362 | |
ashleymills | 0:e979170e02e7 | 6363 | |
ashleymills | 0:e979170e02e7 | 6364 | char* CyaSSL_X509_get_subjectCN(CYASSL_X509* x509) |
ashleymills | 0:e979170e02e7 | 6365 | { |
ashleymills | 0:e979170e02e7 | 6366 | if (x509 == NULL) |
ashleymills | 0:e979170e02e7 | 6367 | return NULL; |
ashleymills | 0:e979170e02e7 | 6368 | |
ashleymills | 0:e979170e02e7 | 6369 | return x509->subjectCN; |
ashleymills | 0:e979170e02e7 | 6370 | } |
ashleymills | 0:e979170e02e7 | 6371 | |
ashleymills | 0:e979170e02e7 | 6372 | |
ashleymills | 0:e979170e02e7 | 6373 | #ifdef FORTRESS |
ashleymills | 0:e979170e02e7 | 6374 | int CyaSSL_cmp_peer_cert_to_file(CYASSL* ssl, const char *fname) |
ashleymills | 0:e979170e02e7 | 6375 | { |
ashleymills | 0:e979170e02e7 | 6376 | int ret = -1; |
ashleymills | 0:e979170e02e7 | 6377 | |
ashleymills | 0:e979170e02e7 | 6378 | CYASSL_ENTER("CyaSSL_cmp_peer_cert_to_file"); |
ashleymills | 0:e979170e02e7 | 6379 | if (ssl != NULL && fname != NULL) |
ashleymills | 0:e979170e02e7 | 6380 | { |
ashleymills | 0:e979170e02e7 | 6381 | XFILE file = XBADFILE; |
ashleymills | 0:e979170e02e7 | 6382 | long sz = 0; |
ashleymills | 0:e979170e02e7 | 6383 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:e979170e02e7 | 6384 | byte* myBuffer = staticBuffer; |
ashleymills | 0:e979170e02e7 | 6385 | CYASSL_CTX* ctx = ssl->ctx; |
ashleymills | 0:e979170e02e7 | 6386 | EncryptedInfo info; |
ashleymills | 0:e979170e02e7 | 6387 | buffer fileDer; |
ashleymills | 0:e979170e02e7 | 6388 | int eccKey = 0; |
ashleymills | 0:e979170e02e7 | 6389 | CYASSL_X509* peer_cert = &ssl->peerCert; |
ashleymills | 0:e979170e02e7 | 6390 | |
ashleymills | 0:e979170e02e7 | 6391 | info.set = 0; |
ashleymills | 0:e979170e02e7 | 6392 | info.ctx = ctx; |
ashleymills | 0:e979170e02e7 | 6393 | info.consumed = 0; |
ashleymills | 0:e979170e02e7 | 6394 | fileDer.buffer = 0; |
ashleymills | 0:e979170e02e7 | 6395 | |
ashleymills | 0:e979170e02e7 | 6396 | file = XFOPEN(fname, "rb"); |
ashleymills | 0:e979170e02e7 | 6397 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:e979170e02e7 | 6398 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:e979170e02e7 | 6399 | sz = XFTELL(file); |
ashleymills | 0:e979170e02e7 | 6400 | XREWIND(file); |
ashleymills | 0:e979170e02e7 | 6401 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:e979170e02e7 | 6402 | CYASSL_MSG("Getting dynamic buffer"); |
ashleymills | 0:e979170e02e7 | 6403 | myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 6404 | } |
ashleymills | 0:e979170e02e7 | 6405 | |
ashleymills | 0:e979170e02e7 | 6406 | if ((myBuffer != NULL) && |
ashleymills | 0:e979170e02e7 | 6407 | (XFREAD(myBuffer, sz, 1, file) > 0) && |
ashleymills | 0:e979170e02e7 | 6408 | (PemToDer(myBuffer, sz, CERT_TYPE, |
ashleymills | 0:e979170e02e7 | 6409 | &fileDer, ctx->heap, &info, &eccKey) == 0) && |
ashleymills | 0:e979170e02e7 | 6410 | (fileDer.length != 0) && |
ashleymills | 0:e979170e02e7 | 6411 | (fileDer.length == peer_cert->derCert.length) && |
ashleymills | 0:e979170e02e7 | 6412 | (XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer, |
ashleymills | 0:e979170e02e7 | 6413 | fileDer.length) == 0)) |
ashleymills | 0:e979170e02e7 | 6414 | { |
ashleymills | 0:e979170e02e7 | 6415 | ret = 0; |
ashleymills | 0:e979170e02e7 | 6416 | } |
ashleymills | 0:e979170e02e7 | 6417 | |
ashleymills | 0:e979170e02e7 | 6418 | XFCLOSE(file); |
ashleymills | 0:e979170e02e7 | 6419 | if (fileDer.buffer) |
ashleymills | 0:e979170e02e7 | 6420 | XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT); |
ashleymills | 0:e979170e02e7 | 6421 | if (myBuffer && (myBuffer != staticBuffer)) |
ashleymills | 0:e979170e02e7 | 6422 | XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:e979170e02e7 | 6423 | } |
ashleymills | 0:e979170e02e7 | 6424 | |
ashleymills | 0:e979170e02e7 | 6425 | return ret; |
ashleymills | 0:e979170e02e7 | 6426 | } |
ashleymills | 0:e979170e02e7 | 6427 | #else |
ashleymills | 0:e979170e02e7 | 6428 | int CyaSSL_cmp_peer_cert_to_file(CYASSL* ssl, const char *fname) |
ashleymills | 0:e979170e02e7 | 6429 | { |
ashleymills | 0:e979170e02e7 | 6430 | (void)ssl; |
ashleymills | 0:e979170e02e7 | 6431 | (void)fname; |
ashleymills | 0:e979170e02e7 | 6432 | return -1; |
ashleymills | 0:e979170e02e7 | 6433 | } |
ashleymills | 0:e979170e02e7 | 6434 | #endif |
ashleymills | 0:e979170e02e7 | 6435 | |
ashleymills | 0:e979170e02e7 | 6436 | |
ashleymills | 0:e979170e02e7 | 6437 | static RNG globalRNG; |
ashleymills | 0:e979170e02e7 | 6438 | static int initGlobalRNG = 0; |
ashleymills | 0:e979170e02e7 | 6439 | |
ashleymills | 0:e979170e02e7 | 6440 | int CyaSSL_RAND_seed(const void* seed, int len) |
ashleymills | 0:e979170e02e7 | 6441 | { |
ashleymills | 0:e979170e02e7 | 6442 | |
ashleymills | 0:e979170e02e7 | 6443 | CYASSL_MSG("CyaSSL_RAND_seed"); |
ashleymills | 0:e979170e02e7 | 6444 | |
ashleymills | 0:e979170e02e7 | 6445 | (void)seed; |
ashleymills | 0:e979170e02e7 | 6446 | (void)len; |
ashleymills | 0:e979170e02e7 | 6447 | |
ashleymills | 0:e979170e02e7 | 6448 | if (initGlobalRNG == 0) { |
ashleymills | 0:e979170e02e7 | 6449 | if (InitRng(&globalRNG) < 0) { |
ashleymills | 0:e979170e02e7 | 6450 | CYASSL_MSG("CyaSSL Init Global RNG failed"); |
ashleymills | 0:e979170e02e7 | 6451 | } |
ashleymills | 0:e979170e02e7 | 6452 | initGlobalRNG = 1; |
ashleymills | 0:e979170e02e7 | 6453 | } |
ashleymills | 0:e979170e02e7 | 6454 | |
ashleymills | 0:e979170e02e7 | 6455 | return 0; |
ashleymills | 0:e979170e02e7 | 6456 | } |
ashleymills | 0:e979170e02e7 | 6457 | |
ashleymills | 0:e979170e02e7 | 6458 | |
ashleymills | 0:e979170e02e7 | 6459 | int CyaSSL_RAND_bytes(unsigned char* buf, int num) |
ashleymills | 0:e979170e02e7 | 6460 | { |
ashleymills | 0:e979170e02e7 | 6461 | RNG tmpRNG; |
ashleymills | 0:e979170e02e7 | 6462 | RNG* rng = &tmpRNG; |
ashleymills | 0:e979170e02e7 | 6463 | |
ashleymills | 0:e979170e02e7 | 6464 | CYASSL_ENTER("RAND_bytes"); |
ashleymills | 0:e979170e02e7 | 6465 | if (InitRng(&tmpRNG) != 0) { |
ashleymills | 0:e979170e02e7 | 6466 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:e979170e02e7 | 6467 | if (initGlobalRNG == 0) { |
ashleymills | 0:e979170e02e7 | 6468 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:e979170e02e7 | 6469 | return 0; |
ashleymills | 0:e979170e02e7 | 6470 | } |
ashleymills | 0:e979170e02e7 | 6471 | rng = &globalRNG; |
ashleymills | 0:e979170e02e7 | 6472 | } |
ashleymills | 0:e979170e02e7 | 6473 | |
ashleymills | 0:e979170e02e7 | 6474 | RNG_GenerateBlock(rng, buf, num); |
ashleymills | 0:e979170e02e7 | 6475 | |
ashleymills | 0:e979170e02e7 | 6476 | return 1; |
ashleymills | 0:e979170e02e7 | 6477 | } |
ashleymills | 0:e979170e02e7 | 6478 | |
ashleymills | 0:e979170e02e7 | 6479 | CYASSL_BN_CTX* CyaSSL_BN_CTX_new(void) |
ashleymills | 0:e979170e02e7 | 6480 | { |
ashleymills | 0:e979170e02e7 | 6481 | static int ctx; /* ctaocrypt doesn't now need ctx */ |
ashleymills | 0:e979170e02e7 | 6482 | |
ashleymills | 0:e979170e02e7 | 6483 | CYASSL_MSG("CyaSSL_BN_CTX_new"); |
ashleymills | 0:e979170e02e7 | 6484 | |
ashleymills | 0:e979170e02e7 | 6485 | return (CYASSL_BN_CTX*)&ctx; |
ashleymills | 0:e979170e02e7 | 6486 | } |
ashleymills | 0:e979170e02e7 | 6487 | |
ashleymills | 0:e979170e02e7 | 6488 | void CyaSSL_BN_CTX_init(CYASSL_BN_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6489 | { |
ashleymills | 0:e979170e02e7 | 6490 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6491 | CYASSL_MSG("CyaSSL_BN_CTX_init"); |
ashleymills | 0:e979170e02e7 | 6492 | } |
ashleymills | 0:e979170e02e7 | 6493 | |
ashleymills | 0:e979170e02e7 | 6494 | |
ashleymills | 0:e979170e02e7 | 6495 | void CyaSSL_BN_CTX_free(CYASSL_BN_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 6496 | { |
ashleymills | 0:e979170e02e7 | 6497 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 6498 | CYASSL_MSG("CyaSSL_BN_CTX_free"); |
ashleymills | 0:e979170e02e7 | 6499 | |
ashleymills | 0:e979170e02e7 | 6500 | /* do free since static ctx that does nothing */ |
ashleymills | 0:e979170e02e7 | 6501 | } |
ashleymills | 0:e979170e02e7 | 6502 | |
ashleymills | 0:e979170e02e7 | 6503 | |
ashleymills | 0:e979170e02e7 | 6504 | static void InitCyaSSL_BigNum(CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6505 | { |
ashleymills | 0:e979170e02e7 | 6506 | CYASSL_MSG("InitCyaSSL_BigNum"); |
ashleymills | 0:e979170e02e7 | 6507 | if (bn) { |
ashleymills | 0:e979170e02e7 | 6508 | bn->neg = 0; |
ashleymills | 0:e979170e02e7 | 6509 | bn->internal = NULL; |
ashleymills | 0:e979170e02e7 | 6510 | } |
ashleymills | 0:e979170e02e7 | 6511 | } |
ashleymills | 0:e979170e02e7 | 6512 | |
ashleymills | 0:e979170e02e7 | 6513 | |
ashleymills | 0:e979170e02e7 | 6514 | CYASSL_BIGNUM* CyaSSL_BN_new(void) |
ashleymills | 0:e979170e02e7 | 6515 | { |
ashleymills | 0:e979170e02e7 | 6516 | CYASSL_BIGNUM* external; |
ashleymills | 0:e979170e02e7 | 6517 | mp_int* mpi; |
ashleymills | 0:e979170e02e7 | 6518 | |
ashleymills | 0:e979170e02e7 | 6519 | CYASSL_MSG("CyaSSL_BN_new"); |
ashleymills | 0:e979170e02e7 | 6520 | |
ashleymills | 0:e979170e02e7 | 6521 | mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:e979170e02e7 | 6522 | if (mpi == NULL) { |
ashleymills | 0:e979170e02e7 | 6523 | CYASSL_MSG("CyaSSL_BN_new malloc mpi failure"); |
ashleymills | 0:e979170e02e7 | 6524 | return NULL; |
ashleymills | 0:e979170e02e7 | 6525 | } |
ashleymills | 0:e979170e02e7 | 6526 | |
ashleymills | 0:e979170e02e7 | 6527 | external = (CYASSL_BIGNUM*) XMALLOC(sizeof(CYASSL_BIGNUM), NULL, |
ashleymills | 0:e979170e02e7 | 6528 | DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:e979170e02e7 | 6529 | if (external == NULL) { |
ashleymills | 0:e979170e02e7 | 6530 | CYASSL_MSG("CyaSSL_BN_new malloc CYASSL_BIGNUM failure"); |
ashleymills | 0:e979170e02e7 | 6531 | XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:e979170e02e7 | 6532 | return NULL; |
ashleymills | 0:e979170e02e7 | 6533 | } |
ashleymills | 0:e979170e02e7 | 6534 | |
ashleymills | 0:e979170e02e7 | 6535 | InitCyaSSL_BigNum(external); |
ashleymills | 0:e979170e02e7 | 6536 | external->internal = mpi; |
ashleymills | 0:e979170e02e7 | 6537 | if (mp_init(mpi) != MP_OKAY) { |
ashleymills | 0:e979170e02e7 | 6538 | CyaSSL_BN_free(external); |
ashleymills | 0:e979170e02e7 | 6539 | return NULL; |
ashleymills | 0:e979170e02e7 | 6540 | } |
ashleymills | 0:e979170e02e7 | 6541 | |
ashleymills | 0:e979170e02e7 | 6542 | return external; |
ashleymills | 0:e979170e02e7 | 6543 | } |
ashleymills | 0:e979170e02e7 | 6544 | |
ashleymills | 0:e979170e02e7 | 6545 | |
ashleymills | 0:e979170e02e7 | 6546 | void CyaSSL_BN_free(CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6547 | { |
ashleymills | 0:e979170e02e7 | 6548 | CYASSL_MSG("CyaSSL_BN_free"); |
ashleymills | 0:e979170e02e7 | 6549 | if (bn) { |
ashleymills | 0:e979170e02e7 | 6550 | if (bn->internal) { |
ashleymills | 0:e979170e02e7 | 6551 | mp_clear((mp_int*)bn->internal); |
ashleymills | 0:e979170e02e7 | 6552 | XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:e979170e02e7 | 6553 | bn->internal = NULL; |
ashleymills | 0:e979170e02e7 | 6554 | } |
ashleymills | 0:e979170e02e7 | 6555 | XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:e979170e02e7 | 6556 | } |
ashleymills | 0:e979170e02e7 | 6557 | } |
ashleymills | 0:e979170e02e7 | 6558 | |
ashleymills | 0:e979170e02e7 | 6559 | |
ashleymills | 0:e979170e02e7 | 6560 | void CyaSSL_BN_clear_free(CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6561 | { |
ashleymills | 0:e979170e02e7 | 6562 | CYASSL_MSG("CyaSSL_BN_clear_free"); |
ashleymills | 0:e979170e02e7 | 6563 | |
ashleymills | 0:e979170e02e7 | 6564 | CyaSSL_BN_free(bn); |
ashleymills | 0:e979170e02e7 | 6565 | } |
ashleymills | 0:e979170e02e7 | 6566 | |
ashleymills | 0:e979170e02e7 | 6567 | |
ashleymills | 0:e979170e02e7 | 6568 | int CyaSSL_BN_sub(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a, |
ashleymills | 0:e979170e02e7 | 6569 | const CYASSL_BIGNUM* b) |
ashleymills | 0:e979170e02e7 | 6570 | { |
ashleymills | 0:e979170e02e7 | 6571 | CYASSL_MSG("CyaSSL_BN_sub"); |
ashleymills | 0:e979170e02e7 | 6572 | |
ashleymills | 0:e979170e02e7 | 6573 | if (r == NULL || a == NULL || b == NULL) |
ashleymills | 0:e979170e02e7 | 6574 | return 0; |
ashleymills | 0:e979170e02e7 | 6575 | |
ashleymills | 0:e979170e02e7 | 6576 | if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal, |
ashleymills | 0:e979170e02e7 | 6577 | (mp_int*)r->internal) == MP_OKAY) |
ashleymills | 0:e979170e02e7 | 6578 | return 1; |
ashleymills | 0:e979170e02e7 | 6579 | |
ashleymills | 0:e979170e02e7 | 6580 | CYASSL_MSG("CyaSSL_BN_sub mp_sub failed"); |
ashleymills | 0:e979170e02e7 | 6581 | return 0; |
ashleymills | 0:e979170e02e7 | 6582 | } |
ashleymills | 0:e979170e02e7 | 6583 | |
ashleymills | 0:e979170e02e7 | 6584 | |
ashleymills | 0:e979170e02e7 | 6585 | int CyaSSL_BN_mod(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a, |
ashleymills | 0:e979170e02e7 | 6586 | const CYASSL_BIGNUM* b, const CYASSL_BN_CTX* c) |
ashleymills | 0:e979170e02e7 | 6587 | { |
ashleymills | 0:e979170e02e7 | 6588 | (void)c; |
ashleymills | 0:e979170e02e7 | 6589 | CYASSL_MSG("CyaSSL_BN_mod"); |
ashleymills | 0:e979170e02e7 | 6590 | |
ashleymills | 0:e979170e02e7 | 6591 | if (r == NULL || a == NULL || b == NULL) |
ashleymills | 0:e979170e02e7 | 6592 | return 0; |
ashleymills | 0:e979170e02e7 | 6593 | |
ashleymills | 0:e979170e02e7 | 6594 | if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal, |
ashleymills | 0:e979170e02e7 | 6595 | (mp_int*)r->internal) == MP_OKAY) |
ashleymills | 0:e979170e02e7 | 6596 | return 1; |
ashleymills | 0:e979170e02e7 | 6597 | |
ashleymills | 0:e979170e02e7 | 6598 | CYASSL_MSG("CyaSSL_BN_mod mp_mod failed"); |
ashleymills | 0:e979170e02e7 | 6599 | return 0; |
ashleymills | 0:e979170e02e7 | 6600 | } |
ashleymills | 0:e979170e02e7 | 6601 | |
ashleymills | 0:e979170e02e7 | 6602 | |
ashleymills | 0:e979170e02e7 | 6603 | const CYASSL_BIGNUM* CyaSSL_BN_value_one(void) |
ashleymills | 0:e979170e02e7 | 6604 | { |
ashleymills | 0:e979170e02e7 | 6605 | static CYASSL_BIGNUM* bn_one = NULL; |
ashleymills | 0:e979170e02e7 | 6606 | |
ashleymills | 0:e979170e02e7 | 6607 | CYASSL_MSG("CyaSSL_BN_value_one"); |
ashleymills | 0:e979170e02e7 | 6608 | |
ashleymills | 0:e979170e02e7 | 6609 | if (bn_one == NULL) { |
ashleymills | 0:e979170e02e7 | 6610 | bn_one = CyaSSL_BN_new(); |
ashleymills | 0:e979170e02e7 | 6611 | if (bn_one) |
ashleymills | 0:e979170e02e7 | 6612 | mp_set_int((mp_int*)bn_one->internal, 1); |
ashleymills | 0:e979170e02e7 | 6613 | } |
ashleymills | 0:e979170e02e7 | 6614 | |
ashleymills | 0:e979170e02e7 | 6615 | return bn_one; |
ashleymills | 0:e979170e02e7 | 6616 | } |
ashleymills | 0:e979170e02e7 | 6617 | |
ashleymills | 0:e979170e02e7 | 6618 | |
ashleymills | 0:e979170e02e7 | 6619 | int CyaSSL_BN_num_bytes(const CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6620 | { |
ashleymills | 0:e979170e02e7 | 6621 | CYASSL_MSG("CyaSSL_BN_num_bytes"); |
ashleymills | 0:e979170e02e7 | 6622 | |
ashleymills | 0:e979170e02e7 | 6623 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:e979170e02e7 | 6624 | return 0; |
ashleymills | 0:e979170e02e7 | 6625 | |
ashleymills | 0:e979170e02e7 | 6626 | return mp_unsigned_bin_size((mp_int*)bn->internal); |
ashleymills | 0:e979170e02e7 | 6627 | } |
ashleymills | 0:e979170e02e7 | 6628 | |
ashleymills | 0:e979170e02e7 | 6629 | |
ashleymills | 0:e979170e02e7 | 6630 | int CyaSSL_BN_num_bits(const CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6631 | { |
ashleymills | 0:e979170e02e7 | 6632 | CYASSL_MSG("CyaSSL_BN_num_bits"); |
ashleymills | 0:e979170e02e7 | 6633 | |
ashleymills | 0:e979170e02e7 | 6634 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:e979170e02e7 | 6635 | return 0; |
ashleymills | 0:e979170e02e7 | 6636 | |
ashleymills | 0:e979170e02e7 | 6637 | return mp_count_bits((mp_int*)bn->internal); |
ashleymills | 0:e979170e02e7 | 6638 | } |
ashleymills | 0:e979170e02e7 | 6639 | |
ashleymills | 0:e979170e02e7 | 6640 | |
ashleymills | 0:e979170e02e7 | 6641 | int CyaSSL_BN_is_zero(const CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6642 | { |
ashleymills | 0:e979170e02e7 | 6643 | CYASSL_MSG("CyaSSL_BN_is_zero"); |
ashleymills | 0:e979170e02e7 | 6644 | |
ashleymills | 0:e979170e02e7 | 6645 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:e979170e02e7 | 6646 | return 0; |
ashleymills | 0:e979170e02e7 | 6647 | |
ashleymills | 0:e979170e02e7 | 6648 | return mp_iszero((mp_int*)bn->internal); |
ashleymills | 0:e979170e02e7 | 6649 | } |
ashleymills | 0:e979170e02e7 | 6650 | |
ashleymills | 0:e979170e02e7 | 6651 | |
ashleymills | 0:e979170e02e7 | 6652 | int CyaSSL_BN_is_one(const CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6653 | { |
ashleymills | 0:e979170e02e7 | 6654 | CYASSL_MSG("CyaSSL_BN_is_one"); |
ashleymills | 0:e979170e02e7 | 6655 | |
ashleymills | 0:e979170e02e7 | 6656 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:e979170e02e7 | 6657 | return 0; |
ashleymills | 0:e979170e02e7 | 6658 | |
ashleymills | 0:e979170e02e7 | 6659 | if (mp_cmp_d((mp_int*)bn->internal, 1) == 0) |
ashleymills | 0:e979170e02e7 | 6660 | return 1; |
ashleymills | 0:e979170e02e7 | 6661 | |
ashleymills | 0:e979170e02e7 | 6662 | return 0; |
ashleymills | 0:e979170e02e7 | 6663 | } |
ashleymills | 0:e979170e02e7 | 6664 | |
ashleymills | 0:e979170e02e7 | 6665 | |
ashleymills | 0:e979170e02e7 | 6666 | int CyaSSL_BN_is_odd(const CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6667 | { |
ashleymills | 0:e979170e02e7 | 6668 | CYASSL_MSG("CyaSSL_BN_is_odd"); |
ashleymills | 0:e979170e02e7 | 6669 | |
ashleymills | 0:e979170e02e7 | 6670 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:e979170e02e7 | 6671 | return 0; |
ashleymills | 0:e979170e02e7 | 6672 | |
ashleymills | 0:e979170e02e7 | 6673 | return mp_isodd((mp_int*)bn->internal); |
ashleymills | 0:e979170e02e7 | 6674 | } |
ashleymills | 0:e979170e02e7 | 6675 | |
ashleymills | 0:e979170e02e7 | 6676 | |
ashleymills | 0:e979170e02e7 | 6677 | int CyaSSL_BN_cmp(const CYASSL_BIGNUM* a, const CYASSL_BIGNUM* b) |
ashleymills | 0:e979170e02e7 | 6678 | { |
ashleymills | 0:e979170e02e7 | 6679 | CYASSL_MSG("CyaSSL_BN_cmp"); |
ashleymills | 0:e979170e02e7 | 6680 | |
ashleymills | 0:e979170e02e7 | 6681 | if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL) |
ashleymills | 0:e979170e02e7 | 6682 | return 0; |
ashleymills | 0:e979170e02e7 | 6683 | |
ashleymills | 0:e979170e02e7 | 6684 | return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal); |
ashleymills | 0:e979170e02e7 | 6685 | } |
ashleymills | 0:e979170e02e7 | 6686 | |
ashleymills | 0:e979170e02e7 | 6687 | |
ashleymills | 0:e979170e02e7 | 6688 | int CyaSSL_BN_bn2bin(const CYASSL_BIGNUM* bn, unsigned char* r) |
ashleymills | 0:e979170e02e7 | 6689 | { |
ashleymills | 0:e979170e02e7 | 6690 | CYASSL_MSG("CyaSSL_BN_bn2bin"); |
ashleymills | 0:e979170e02e7 | 6691 | |
ashleymills | 0:e979170e02e7 | 6692 | if (bn == NULL || bn->internal == NULL) { |
ashleymills | 0:e979170e02e7 | 6693 | CYASSL_MSG("NULL bn error"); |
ashleymills | 0:e979170e02e7 | 6694 | return -1; |
ashleymills | 0:e979170e02e7 | 6695 | } |
ashleymills | 0:e979170e02e7 | 6696 | |
ashleymills | 0:e979170e02e7 | 6697 | if (r == NULL) |
ashleymills | 0:e979170e02e7 | 6698 | return mp_unsigned_bin_size((mp_int*)bn->internal); |
ashleymills | 0:e979170e02e7 | 6699 | |
ashleymills | 0:e979170e02e7 | 6700 | if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) { |
ashleymills | 0:e979170e02e7 | 6701 | CYASSL_MSG("mp_to_unsigned_bin error"); |
ashleymills | 0:e979170e02e7 | 6702 | return -1; |
ashleymills | 0:e979170e02e7 | 6703 | } |
ashleymills | 0:e979170e02e7 | 6704 | |
ashleymills | 0:e979170e02e7 | 6705 | return mp_unsigned_bin_size((mp_int*)bn->internal); |
ashleymills | 0:e979170e02e7 | 6706 | } |
ashleymills | 0:e979170e02e7 | 6707 | |
ashleymills | 0:e979170e02e7 | 6708 | |
ashleymills | 0:e979170e02e7 | 6709 | CYASSL_BIGNUM* CyaSSL_BN_bin2bn(const unsigned char* str, int len, |
ashleymills | 0:e979170e02e7 | 6710 | CYASSL_BIGNUM* ret) |
ashleymills | 0:e979170e02e7 | 6711 | { |
ashleymills | 0:e979170e02e7 | 6712 | CYASSL_MSG("CyaSSL_BN_bin2bn"); |
ashleymills | 0:e979170e02e7 | 6713 | |
ashleymills | 0:e979170e02e7 | 6714 | if (ret && ret->internal) { |
ashleymills | 0:e979170e02e7 | 6715 | if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) { |
ashleymills | 0:e979170e02e7 | 6716 | CYASSL_MSG("mp_read_unsigned_bin failure"); |
ashleymills | 0:e979170e02e7 | 6717 | return NULL; |
ashleymills | 0:e979170e02e7 | 6718 | } |
ashleymills | 0:e979170e02e7 | 6719 | } |
ashleymills | 0:e979170e02e7 | 6720 | else { |
ashleymills | 0:e979170e02e7 | 6721 | CYASSL_MSG("CyaSSL_BN_bin2bn wants return bignum"); |
ashleymills | 0:e979170e02e7 | 6722 | } |
ashleymills | 0:e979170e02e7 | 6723 | |
ashleymills | 0:e979170e02e7 | 6724 | return ret; |
ashleymills | 0:e979170e02e7 | 6725 | } |
ashleymills | 0:e979170e02e7 | 6726 | |
ashleymills | 0:e979170e02e7 | 6727 | |
ashleymills | 0:e979170e02e7 | 6728 | int CyaSSL_mask_bits(CYASSL_BIGNUM* bn, int n) |
ashleymills | 0:e979170e02e7 | 6729 | { |
ashleymills | 0:e979170e02e7 | 6730 | (void)bn; |
ashleymills | 0:e979170e02e7 | 6731 | (void)n; |
ashleymills | 0:e979170e02e7 | 6732 | CYASSL_MSG("CyaSSL_BN_mask_bits"); |
ashleymills | 0:e979170e02e7 | 6733 | |
ashleymills | 0:e979170e02e7 | 6734 | return -1; |
ashleymills | 0:e979170e02e7 | 6735 | } |
ashleymills | 0:e979170e02e7 | 6736 | |
ashleymills | 0:e979170e02e7 | 6737 | |
ashleymills | 0:e979170e02e7 | 6738 | int CyaSSL_BN_rand(CYASSL_BIGNUM* bn, int bits, int top, int bottom) |
ashleymills | 0:e979170e02e7 | 6739 | { |
ashleymills | 0:e979170e02e7 | 6740 | byte buff[1024]; |
ashleymills | 0:e979170e02e7 | 6741 | RNG tmpRNG; |
ashleymills | 0:e979170e02e7 | 6742 | RNG* rng = &tmpRNG; |
ashleymills | 0:e979170e02e7 | 6743 | int ret; |
ashleymills | 0:e979170e02e7 | 6744 | int len = bits/8; |
ashleymills | 0:e979170e02e7 | 6745 | |
ashleymills | 0:e979170e02e7 | 6746 | (void)top; |
ashleymills | 0:e979170e02e7 | 6747 | (void)bottom; |
ashleymills | 0:e979170e02e7 | 6748 | CYASSL_MSG("CyaSSL_BN_rand"); |
ashleymills | 0:e979170e02e7 | 6749 | |
ashleymills | 0:e979170e02e7 | 6750 | if (bn == NULL || bn->internal == NULL) { |
ashleymills | 0:e979170e02e7 | 6751 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:e979170e02e7 | 6752 | return 0; |
ashleymills | 0:e979170e02e7 | 6753 | } |
ashleymills | 0:e979170e02e7 | 6754 | |
ashleymills | 0:e979170e02e7 | 6755 | if (bits % 8) |
ashleymills | 0:e979170e02e7 | 6756 | len++; |
ashleymills | 0:e979170e02e7 | 6757 | |
ashleymills | 0:e979170e02e7 | 6758 | if ( (ret = InitRng(&tmpRNG)) != 0) { |
ashleymills | 0:e979170e02e7 | 6759 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:e979170e02e7 | 6760 | if (initGlobalRNG == 0) { |
ashleymills | 0:e979170e02e7 | 6761 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:e979170e02e7 | 6762 | return 0; |
ashleymills | 0:e979170e02e7 | 6763 | } |
ashleymills | 0:e979170e02e7 | 6764 | rng = &globalRNG; |
ashleymills | 0:e979170e02e7 | 6765 | } |
ashleymills | 0:e979170e02e7 | 6766 | |
ashleymills | 0:e979170e02e7 | 6767 | RNG_GenerateBlock(rng, buff, len); |
ashleymills | 0:e979170e02e7 | 6768 | buff[0] |= 0x80 | 0x40; |
ashleymills | 0:e979170e02e7 | 6769 | buff[len-1] |= 0x01; |
ashleymills | 0:e979170e02e7 | 6770 | |
ashleymills | 0:e979170e02e7 | 6771 | if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY) { |
ashleymills | 0:e979170e02e7 | 6772 | CYASSL_MSG("mp read bin failed"); |
ashleymills | 0:e979170e02e7 | 6773 | return 0; |
ashleymills | 0:e979170e02e7 | 6774 | } |
ashleymills | 0:e979170e02e7 | 6775 | |
ashleymills | 0:e979170e02e7 | 6776 | return 1; |
ashleymills | 0:e979170e02e7 | 6777 | } |
ashleymills | 0:e979170e02e7 | 6778 | |
ashleymills | 0:e979170e02e7 | 6779 | |
ashleymills | 0:e979170e02e7 | 6780 | int CyaSSL_BN_is_bit_set(const CYASSL_BIGNUM* bn, int n) |
ashleymills | 0:e979170e02e7 | 6781 | { |
ashleymills | 0:e979170e02e7 | 6782 | (void)bn; |
ashleymills | 0:e979170e02e7 | 6783 | (void)n; |
ashleymills | 0:e979170e02e7 | 6784 | |
ashleymills | 0:e979170e02e7 | 6785 | CYASSL_MSG("CyaSSL_BN_is_bit_set"); |
ashleymills | 0:e979170e02e7 | 6786 | |
ashleymills | 0:e979170e02e7 | 6787 | return 0; |
ashleymills | 0:e979170e02e7 | 6788 | } |
ashleymills | 0:e979170e02e7 | 6789 | |
ashleymills | 0:e979170e02e7 | 6790 | |
ashleymills | 0:e979170e02e7 | 6791 | int CyaSSL_BN_hex2bn(CYASSL_BIGNUM** bn, const char* str) |
ashleymills | 0:e979170e02e7 | 6792 | { |
ashleymills | 0:e979170e02e7 | 6793 | byte decoded[1024]; |
ashleymills | 0:e979170e02e7 | 6794 | word32 decSz = sizeof(decoded); |
ashleymills | 0:e979170e02e7 | 6795 | |
ashleymills | 0:e979170e02e7 | 6796 | CYASSL_MSG("CyaSSL_BN_hex2bn"); |
ashleymills | 0:e979170e02e7 | 6797 | |
ashleymills | 0:e979170e02e7 | 6798 | if (str == NULL) { |
ashleymills | 0:e979170e02e7 | 6799 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:e979170e02e7 | 6800 | return 0; |
ashleymills | 0:e979170e02e7 | 6801 | } |
ashleymills | 0:e979170e02e7 | 6802 | |
ashleymills | 0:e979170e02e7 | 6803 | if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0) { |
ashleymills | 0:e979170e02e7 | 6804 | CYASSL_MSG("Bad Base16_Decode error"); |
ashleymills | 0:e979170e02e7 | 6805 | return 0; |
ashleymills | 0:e979170e02e7 | 6806 | } |
ashleymills | 0:e979170e02e7 | 6807 | |
ashleymills | 0:e979170e02e7 | 6808 | if (bn == NULL) |
ashleymills | 0:e979170e02e7 | 6809 | return decSz; |
ashleymills | 0:e979170e02e7 | 6810 | |
ashleymills | 0:e979170e02e7 | 6811 | if (*bn == NULL) { |
ashleymills | 0:e979170e02e7 | 6812 | *bn = CyaSSL_BN_new(); |
ashleymills | 0:e979170e02e7 | 6813 | if (*bn == NULL) { |
ashleymills | 0:e979170e02e7 | 6814 | CYASSL_MSG("BN new failed"); |
ashleymills | 0:e979170e02e7 | 6815 | return 0; |
ashleymills | 0:e979170e02e7 | 6816 | } |
ashleymills | 0:e979170e02e7 | 6817 | } |
ashleymills | 0:e979170e02e7 | 6818 | |
ashleymills | 0:e979170e02e7 | 6819 | if (CyaSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) { |
ashleymills | 0:e979170e02e7 | 6820 | CYASSL_MSG("Bad bin2bn error"); |
ashleymills | 0:e979170e02e7 | 6821 | return 0; |
ashleymills | 0:e979170e02e7 | 6822 | } |
ashleymills | 0:e979170e02e7 | 6823 | |
ashleymills | 0:e979170e02e7 | 6824 | return 1; /* success */ |
ashleymills | 0:e979170e02e7 | 6825 | } |
ashleymills | 0:e979170e02e7 | 6826 | |
ashleymills | 0:e979170e02e7 | 6827 | |
ashleymills | 0:e979170e02e7 | 6828 | CYASSL_BIGNUM* CyaSSL_BN_dup(const CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6829 | { |
ashleymills | 0:e979170e02e7 | 6830 | CYASSL_BIGNUM* ret; |
ashleymills | 0:e979170e02e7 | 6831 | |
ashleymills | 0:e979170e02e7 | 6832 | CYASSL_MSG("CyaSSL_BN_dup"); |
ashleymills | 0:e979170e02e7 | 6833 | |
ashleymills | 0:e979170e02e7 | 6834 | if (bn == NULL || bn->internal == NULL) { |
ashleymills | 0:e979170e02e7 | 6835 | CYASSL_MSG("bn NULL error"); |
ashleymills | 0:e979170e02e7 | 6836 | return NULL; |
ashleymills | 0:e979170e02e7 | 6837 | } |
ashleymills | 0:e979170e02e7 | 6838 | |
ashleymills | 0:e979170e02e7 | 6839 | ret = CyaSSL_BN_new(); |
ashleymills | 0:e979170e02e7 | 6840 | if (ret == NULL) { |
ashleymills | 0:e979170e02e7 | 6841 | CYASSL_MSG("bn new error"); |
ashleymills | 0:e979170e02e7 | 6842 | return NULL; |
ashleymills | 0:e979170e02e7 | 6843 | } |
ashleymills | 0:e979170e02e7 | 6844 | |
ashleymills | 0:e979170e02e7 | 6845 | if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) { |
ashleymills | 0:e979170e02e7 | 6846 | CYASSL_MSG("mp_copy error"); |
ashleymills | 0:e979170e02e7 | 6847 | CyaSSL_BN_free(ret); |
ashleymills | 0:e979170e02e7 | 6848 | return NULL; |
ashleymills | 0:e979170e02e7 | 6849 | } |
ashleymills | 0:e979170e02e7 | 6850 | |
ashleymills | 0:e979170e02e7 | 6851 | return ret; |
ashleymills | 0:e979170e02e7 | 6852 | } |
ashleymills | 0:e979170e02e7 | 6853 | |
ashleymills | 0:e979170e02e7 | 6854 | |
ashleymills | 0:e979170e02e7 | 6855 | CYASSL_BIGNUM* CyaSSL_BN_copy(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6856 | { |
ashleymills | 0:e979170e02e7 | 6857 | (void)r; |
ashleymills | 0:e979170e02e7 | 6858 | (void)bn; |
ashleymills | 0:e979170e02e7 | 6859 | |
ashleymills | 0:e979170e02e7 | 6860 | CYASSL_MSG("CyaSSL_BN_copy"); |
ashleymills | 0:e979170e02e7 | 6861 | |
ashleymills | 0:e979170e02e7 | 6862 | return NULL; |
ashleymills | 0:e979170e02e7 | 6863 | } |
ashleymills | 0:e979170e02e7 | 6864 | |
ashleymills | 0:e979170e02e7 | 6865 | |
ashleymills | 0:e979170e02e7 | 6866 | int CyaSSL_BN_set_word(CYASSL_BIGNUM* bn, unsigned long w) |
ashleymills | 0:e979170e02e7 | 6867 | { |
ashleymills | 0:e979170e02e7 | 6868 | (void)bn; |
ashleymills | 0:e979170e02e7 | 6869 | (void)w; |
ashleymills | 0:e979170e02e7 | 6870 | |
ashleymills | 0:e979170e02e7 | 6871 | CYASSL_MSG("CyaSSL_BN_set_word"); |
ashleymills | 0:e979170e02e7 | 6872 | |
ashleymills | 0:e979170e02e7 | 6873 | return -1; |
ashleymills | 0:e979170e02e7 | 6874 | } |
ashleymills | 0:e979170e02e7 | 6875 | |
ashleymills | 0:e979170e02e7 | 6876 | |
ashleymills | 0:e979170e02e7 | 6877 | int CyaSSL_BN_dec2bn(CYASSL_BIGNUM** bn, const char* str) |
ashleymills | 0:e979170e02e7 | 6878 | { |
ashleymills | 0:e979170e02e7 | 6879 | (void)bn; |
ashleymills | 0:e979170e02e7 | 6880 | (void)str; |
ashleymills | 0:e979170e02e7 | 6881 | |
ashleymills | 0:e979170e02e7 | 6882 | CYASSL_MSG("CyaSSL_BN_dec2bn"); |
ashleymills | 0:e979170e02e7 | 6883 | |
ashleymills | 0:e979170e02e7 | 6884 | return -1; |
ashleymills | 0:e979170e02e7 | 6885 | } |
ashleymills | 0:e979170e02e7 | 6886 | |
ashleymills | 0:e979170e02e7 | 6887 | |
ashleymills | 0:e979170e02e7 | 6888 | char* CyaSSL_BN_bn2dec(const CYASSL_BIGNUM* bn) |
ashleymills | 0:e979170e02e7 | 6889 | { |
ashleymills | 0:e979170e02e7 | 6890 | (void)bn; |
ashleymills | 0:e979170e02e7 | 6891 | |
ashleymills | 0:e979170e02e7 | 6892 | CYASSL_MSG("CyaSSL_BN_bn2dec"); |
ashleymills | 0:e979170e02e7 | 6893 | |
ashleymills | 0:e979170e02e7 | 6894 | return NULL; |
ashleymills | 0:e979170e02e7 | 6895 | } |
ashleymills | 0:e979170e02e7 | 6896 | |
ashleymills | 0:e979170e02e7 | 6897 | |
ashleymills | 0:e979170e02e7 | 6898 | static void InitCyaSSL_DH(CYASSL_DH* dh) |
ashleymills | 0:e979170e02e7 | 6899 | { |
ashleymills | 0:e979170e02e7 | 6900 | if (dh) { |
ashleymills | 0:e979170e02e7 | 6901 | dh->p = NULL; |
ashleymills | 0:e979170e02e7 | 6902 | dh->g = NULL; |
ashleymills | 0:e979170e02e7 | 6903 | dh->pub_key = NULL; |
ashleymills | 0:e979170e02e7 | 6904 | dh->priv_key = NULL; |
ashleymills | 0:e979170e02e7 | 6905 | dh->internal = NULL; |
ashleymills | 0:e979170e02e7 | 6906 | dh->inSet = 0; |
ashleymills | 0:e979170e02e7 | 6907 | dh->exSet = 0; |
ashleymills | 0:e979170e02e7 | 6908 | } |
ashleymills | 0:e979170e02e7 | 6909 | } |
ashleymills | 0:e979170e02e7 | 6910 | |
ashleymills | 0:e979170e02e7 | 6911 | |
ashleymills | 0:e979170e02e7 | 6912 | CYASSL_DH* CyaSSL_DH_new(void) |
ashleymills | 0:e979170e02e7 | 6913 | { |
ashleymills | 0:e979170e02e7 | 6914 | CYASSL_DH* external; |
ashleymills | 0:e979170e02e7 | 6915 | DhKey* key; |
ashleymills | 0:e979170e02e7 | 6916 | |
ashleymills | 0:e979170e02e7 | 6917 | CYASSL_MSG("CyaSSL_DH_new"); |
ashleymills | 0:e979170e02e7 | 6918 | |
ashleymills | 0:e979170e02e7 | 6919 | key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 6920 | if (key == NULL) { |
ashleymills | 0:e979170e02e7 | 6921 | CYASSL_MSG("CyaSSL_DH_new malloc DhKey failure"); |
ashleymills | 0:e979170e02e7 | 6922 | return NULL; |
ashleymills | 0:e979170e02e7 | 6923 | } |
ashleymills | 0:e979170e02e7 | 6924 | |
ashleymills | 0:e979170e02e7 | 6925 | external = (CYASSL_DH*) XMALLOC(sizeof(CYASSL_DH), NULL, |
ashleymills | 0:e979170e02e7 | 6926 | DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 6927 | if (external == NULL) { |
ashleymills | 0:e979170e02e7 | 6928 | CYASSL_MSG("CyaSSL_DH_new malloc CYASSL_DH failure"); |
ashleymills | 0:e979170e02e7 | 6929 | XFREE(key, NULL, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 6930 | return NULL; |
ashleymills | 0:e979170e02e7 | 6931 | } |
ashleymills | 0:e979170e02e7 | 6932 | |
ashleymills | 0:e979170e02e7 | 6933 | InitCyaSSL_DH(external); |
ashleymills | 0:e979170e02e7 | 6934 | InitDhKey(key); |
ashleymills | 0:e979170e02e7 | 6935 | external->internal = key; |
ashleymills | 0:e979170e02e7 | 6936 | |
ashleymills | 0:e979170e02e7 | 6937 | return external; |
ashleymills | 0:e979170e02e7 | 6938 | } |
ashleymills | 0:e979170e02e7 | 6939 | |
ashleymills | 0:e979170e02e7 | 6940 | |
ashleymills | 0:e979170e02e7 | 6941 | void CyaSSL_DH_free(CYASSL_DH* dh) |
ashleymills | 0:e979170e02e7 | 6942 | { |
ashleymills | 0:e979170e02e7 | 6943 | CYASSL_MSG("CyaSSL_DH_free"); |
ashleymills | 0:e979170e02e7 | 6944 | |
ashleymills | 0:e979170e02e7 | 6945 | if (dh) { |
ashleymills | 0:e979170e02e7 | 6946 | if (dh->internal) { |
ashleymills | 0:e979170e02e7 | 6947 | FreeDhKey((DhKey*)dh->internal); |
ashleymills | 0:e979170e02e7 | 6948 | XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 6949 | dh->internal = NULL; |
ashleymills | 0:e979170e02e7 | 6950 | } |
ashleymills | 0:e979170e02e7 | 6951 | CyaSSL_BN_free(dh->priv_key); |
ashleymills | 0:e979170e02e7 | 6952 | CyaSSL_BN_free(dh->pub_key); |
ashleymills | 0:e979170e02e7 | 6953 | CyaSSL_BN_free(dh->g); |
ashleymills | 0:e979170e02e7 | 6954 | CyaSSL_BN_free(dh->p); |
ashleymills | 0:e979170e02e7 | 6955 | InitCyaSSL_DH(dh); /* set back to NULLs for safety */ |
ashleymills | 0:e979170e02e7 | 6956 | |
ashleymills | 0:e979170e02e7 | 6957 | XFREE(dh, NULL, DYNAMIC_TYPE_DH); |
ashleymills | 0:e979170e02e7 | 6958 | } |
ashleymills | 0:e979170e02e7 | 6959 | } |
ashleymills | 0:e979170e02e7 | 6960 | |
ashleymills | 0:e979170e02e7 | 6961 | |
ashleymills | 0:e979170e02e7 | 6962 | static int SetDhInternal(CYASSL_DH* dh) |
ashleymills | 0:e979170e02e7 | 6963 | { |
ashleymills | 0:e979170e02e7 | 6964 | unsigned char p[1024]; |
ashleymills | 0:e979170e02e7 | 6965 | unsigned char g[1024]; |
ashleymills | 0:e979170e02e7 | 6966 | int pSz = sizeof(p); |
ashleymills | 0:e979170e02e7 | 6967 | int gSz = sizeof(g); |
ashleymills | 0:e979170e02e7 | 6968 | |
ashleymills | 0:e979170e02e7 | 6969 | CYASSL_ENTER("SetDhInternal"); |
ashleymills | 0:e979170e02e7 | 6970 | |
ashleymills | 0:e979170e02e7 | 6971 | if (dh == NULL || dh->p == NULL || dh->g == NULL) { |
ashleymills | 0:e979170e02e7 | 6972 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:e979170e02e7 | 6973 | return -1; |
ashleymills | 0:e979170e02e7 | 6974 | } |
ashleymills | 0:e979170e02e7 | 6975 | |
ashleymills | 0:e979170e02e7 | 6976 | if (CyaSSL_BN_bn2bin(dh->p, NULL) > pSz) { |
ashleymills | 0:e979170e02e7 | 6977 | CYASSL_MSG("Bad p internal size"); |
ashleymills | 0:e979170e02e7 | 6978 | return -1; |
ashleymills | 0:e979170e02e7 | 6979 | } |
ashleymills | 0:e979170e02e7 | 6980 | |
ashleymills | 0:e979170e02e7 | 6981 | if (CyaSSL_BN_bn2bin(dh->g, NULL) > gSz) { |
ashleymills | 0:e979170e02e7 | 6982 | CYASSL_MSG("Bad g internal size"); |
ashleymills | 0:e979170e02e7 | 6983 | return -1; |
ashleymills | 0:e979170e02e7 | 6984 | } |
ashleymills | 0:e979170e02e7 | 6985 | |
ashleymills | 0:e979170e02e7 | 6986 | pSz = CyaSSL_BN_bn2bin(dh->p, p); |
ashleymills | 0:e979170e02e7 | 6987 | gSz = CyaSSL_BN_bn2bin(dh->g, g); |
ashleymills | 0:e979170e02e7 | 6988 | |
ashleymills | 0:e979170e02e7 | 6989 | if (pSz <= 0 || gSz <= 0) { |
ashleymills | 0:e979170e02e7 | 6990 | CYASSL_MSG("Bad BN2bin set"); |
ashleymills | 0:e979170e02e7 | 6991 | return -1; |
ashleymills | 0:e979170e02e7 | 6992 | } |
ashleymills | 0:e979170e02e7 | 6993 | |
ashleymills | 0:e979170e02e7 | 6994 | if (DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0) { |
ashleymills | 0:e979170e02e7 | 6995 | CYASSL_MSG("Bad DH SetKey"); |
ashleymills | 0:e979170e02e7 | 6996 | return -1; |
ashleymills | 0:e979170e02e7 | 6997 | } |
ashleymills | 0:e979170e02e7 | 6998 | |
ashleymills | 0:e979170e02e7 | 6999 | dh->inSet = 1; |
ashleymills | 0:e979170e02e7 | 7000 | |
ashleymills | 0:e979170e02e7 | 7001 | return 0; |
ashleymills | 0:e979170e02e7 | 7002 | } |
ashleymills | 0:e979170e02e7 | 7003 | |
ashleymills | 0:e979170e02e7 | 7004 | |
ashleymills | 0:e979170e02e7 | 7005 | int CyaSSL_DH_size(CYASSL_DH* dh) |
ashleymills | 0:e979170e02e7 | 7006 | { |
ashleymills | 0:e979170e02e7 | 7007 | CYASSL_MSG("CyaSSL_DH_size"); |
ashleymills | 0:e979170e02e7 | 7008 | |
ashleymills | 0:e979170e02e7 | 7009 | if (dh == NULL) |
ashleymills | 0:e979170e02e7 | 7010 | return 0; |
ashleymills | 0:e979170e02e7 | 7011 | |
ashleymills | 0:e979170e02e7 | 7012 | return CyaSSL_BN_num_bytes(dh->p); |
ashleymills | 0:e979170e02e7 | 7013 | } |
ashleymills | 0:e979170e02e7 | 7014 | |
ashleymills | 0:e979170e02e7 | 7015 | |
ashleymills | 0:e979170e02e7 | 7016 | /* return 1 on success else 0 */ |
ashleymills | 0:e979170e02e7 | 7017 | int CyaSSL_DH_generate_key(CYASSL_DH* dh) |
ashleymills | 0:e979170e02e7 | 7018 | { |
ashleymills | 0:e979170e02e7 | 7019 | unsigned char pub [768]; |
ashleymills | 0:e979170e02e7 | 7020 | unsigned char priv[768]; |
ashleymills | 0:e979170e02e7 | 7021 | word32 pubSz = sizeof(pub); |
ashleymills | 0:e979170e02e7 | 7022 | word32 privSz = sizeof(priv); |
ashleymills | 0:e979170e02e7 | 7023 | RNG tmpRNG; |
ashleymills | 0:e979170e02e7 | 7024 | RNG* rng = &tmpRNG; |
ashleymills | 0:e979170e02e7 | 7025 | int ret; |
ashleymills | 0:e979170e02e7 | 7026 | |
ashleymills | 0:e979170e02e7 | 7027 | CYASSL_MSG("CyaSSL_DH_generate_key"); |
ashleymills | 0:e979170e02e7 | 7028 | |
ashleymills | 0:e979170e02e7 | 7029 | if (dh == NULL || dh->p == NULL || dh->g == NULL) { |
ashleymills | 0:e979170e02e7 | 7030 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:e979170e02e7 | 7031 | return 0; |
ashleymills | 0:e979170e02e7 | 7032 | } |
ashleymills | 0:e979170e02e7 | 7033 | |
ashleymills | 0:e979170e02e7 | 7034 | if (dh->inSet == 0) { |
ashleymills | 0:e979170e02e7 | 7035 | if (SetDhInternal(dh) < 0) { |
ashleymills | 0:e979170e02e7 | 7036 | CYASSL_MSG("Bad DH set internal"); |
ashleymills | 0:e979170e02e7 | 7037 | return 0; |
ashleymills | 0:e979170e02e7 | 7038 | } |
ashleymills | 0:e979170e02e7 | 7039 | } |
ashleymills | 0:e979170e02e7 | 7040 | |
ashleymills | 0:e979170e02e7 | 7041 | if ( (ret = InitRng(&tmpRNG)) != 0) { |
ashleymills | 0:e979170e02e7 | 7042 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:e979170e02e7 | 7043 | if (initGlobalRNG == 0) { |
ashleymills | 0:e979170e02e7 | 7044 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:e979170e02e7 | 7045 | return 0; |
ashleymills | 0:e979170e02e7 | 7046 | } |
ashleymills | 0:e979170e02e7 | 7047 | rng = &globalRNG; |
ashleymills | 0:e979170e02e7 | 7048 | } |
ashleymills | 0:e979170e02e7 | 7049 | |
ashleymills | 0:e979170e02e7 | 7050 | if (DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz, |
ashleymills | 0:e979170e02e7 | 7051 | pub, &pubSz) < 0) { |
ashleymills | 0:e979170e02e7 | 7052 | CYASSL_MSG("Bad DhGenerateKeyPair"); |
ashleymills | 0:e979170e02e7 | 7053 | return 0; |
ashleymills | 0:e979170e02e7 | 7054 | } |
ashleymills | 0:e979170e02e7 | 7055 | |
ashleymills | 0:e979170e02e7 | 7056 | if (dh->pub_key) |
ashleymills | 0:e979170e02e7 | 7057 | CyaSSL_BN_free(dh->pub_key); |
ashleymills | 0:e979170e02e7 | 7058 | dh->pub_key = CyaSSL_BN_new(); |
ashleymills | 0:e979170e02e7 | 7059 | if (dh->pub_key == NULL) { |
ashleymills | 0:e979170e02e7 | 7060 | CYASSL_MSG("Bad DH new pub"); |
ashleymills | 0:e979170e02e7 | 7061 | return 0; |
ashleymills | 0:e979170e02e7 | 7062 | } |
ashleymills | 0:e979170e02e7 | 7063 | |
ashleymills | 0:e979170e02e7 | 7064 | if (dh->priv_key) |
ashleymills | 0:e979170e02e7 | 7065 | CyaSSL_BN_free(dh->priv_key); |
ashleymills | 0:e979170e02e7 | 7066 | dh->priv_key = CyaSSL_BN_new(); |
ashleymills | 0:e979170e02e7 | 7067 | if (dh->priv_key == NULL) { |
ashleymills | 0:e979170e02e7 | 7068 | CYASSL_MSG("Bad DH new priv"); |
ashleymills | 0:e979170e02e7 | 7069 | return 0; |
ashleymills | 0:e979170e02e7 | 7070 | } |
ashleymills | 0:e979170e02e7 | 7071 | |
ashleymills | 0:e979170e02e7 | 7072 | if (CyaSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL) { |
ashleymills | 0:e979170e02e7 | 7073 | CYASSL_MSG("Bad DH bn2bin error pub"); |
ashleymills | 0:e979170e02e7 | 7074 | return 0; |
ashleymills | 0:e979170e02e7 | 7075 | } |
ashleymills | 0:e979170e02e7 | 7076 | |
ashleymills | 0:e979170e02e7 | 7077 | if (CyaSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL) { |
ashleymills | 0:e979170e02e7 | 7078 | CYASSL_MSG("Bad DH bn2bin error priv"); |
ashleymills | 0:e979170e02e7 | 7079 | return 0; |
ashleymills | 0:e979170e02e7 | 7080 | } |
ashleymills | 0:e979170e02e7 | 7081 | |
ashleymills | 0:e979170e02e7 | 7082 | CYASSL_MSG("CyaSSL_generate_key success"); |
ashleymills | 0:e979170e02e7 | 7083 | return 1; |
ashleymills | 0:e979170e02e7 | 7084 | } |
ashleymills | 0:e979170e02e7 | 7085 | |
ashleymills | 0:e979170e02e7 | 7086 | |
ashleymills | 0:e979170e02e7 | 7087 | /* return 1 on success, 0 otherwise */ |
ashleymills | 0:e979170e02e7 | 7088 | int CyaSSL_DH_compute_key(unsigned char* key, CYASSL_BIGNUM* otherPub, |
ashleymills | 0:e979170e02e7 | 7089 | CYASSL_DH* dh) |
ashleymills | 0:e979170e02e7 | 7090 | { |
ashleymills | 0:e979170e02e7 | 7091 | unsigned char pub [1024]; |
ashleymills | 0:e979170e02e7 | 7092 | unsigned char priv[1024]; |
ashleymills | 0:e979170e02e7 | 7093 | word32 pubSz = sizeof(pub); |
ashleymills | 0:e979170e02e7 | 7094 | word32 privSz = sizeof(priv); |
ashleymills | 0:e979170e02e7 | 7095 | word32 keySz; |
ashleymills | 0:e979170e02e7 | 7096 | |
ashleymills | 0:e979170e02e7 | 7097 | CYASSL_MSG("CyaSSL_DH_compute_key"); |
ashleymills | 0:e979170e02e7 | 7098 | |
ashleymills | 0:e979170e02e7 | 7099 | if (dh == NULL || dh->priv_key == NULL || otherPub == NULL) { |
ashleymills | 0:e979170e02e7 | 7100 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:e979170e02e7 | 7101 | return 0; |
ashleymills | 0:e979170e02e7 | 7102 | } |
ashleymills | 0:e979170e02e7 | 7103 | |
ashleymills | 0:e979170e02e7 | 7104 | keySz = (word32)DH_size(dh); |
ashleymills | 0:e979170e02e7 | 7105 | if (keySz == 0) { |
ashleymills | 0:e979170e02e7 | 7106 | CYASSL_MSG("Bad DH_size"); |
ashleymills | 0:e979170e02e7 | 7107 | return 0; |
ashleymills | 0:e979170e02e7 | 7108 | } |
ashleymills | 0:e979170e02e7 | 7109 | |
ashleymills | 0:e979170e02e7 | 7110 | if (CyaSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz) { |
ashleymills | 0:e979170e02e7 | 7111 | CYASSL_MSG("Bad priv internal size"); |
ashleymills | 0:e979170e02e7 | 7112 | return 0; |
ashleymills | 0:e979170e02e7 | 7113 | } |
ashleymills | 0:e979170e02e7 | 7114 | |
ashleymills | 0:e979170e02e7 | 7115 | if (CyaSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz) { |
ashleymills | 0:e979170e02e7 | 7116 | CYASSL_MSG("Bad otherPub size"); |
ashleymills | 0:e979170e02e7 | 7117 | return 0; |
ashleymills | 0:e979170e02e7 | 7118 | } |
ashleymills | 0:e979170e02e7 | 7119 | |
ashleymills | 0:e979170e02e7 | 7120 | privSz = CyaSSL_BN_bn2bin(dh->priv_key, priv); |
ashleymills | 0:e979170e02e7 | 7121 | pubSz = CyaSSL_BN_bn2bin(otherPub, pub); |
ashleymills | 0:e979170e02e7 | 7122 | |
ashleymills | 0:e979170e02e7 | 7123 | if (privSz <= 0 || pubSz <= 0) { |
ashleymills | 0:e979170e02e7 | 7124 | CYASSL_MSG("Bad BN2bin set"); |
ashleymills | 0:e979170e02e7 | 7125 | return 0; |
ashleymills | 0:e979170e02e7 | 7126 | } |
ashleymills | 0:e979170e02e7 | 7127 | |
ashleymills | 0:e979170e02e7 | 7128 | if (DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub, |
ashleymills | 0:e979170e02e7 | 7129 | pubSz) < 0) { |
ashleymills | 0:e979170e02e7 | 7130 | CYASSL_MSG("DhAgree failed"); |
ashleymills | 0:e979170e02e7 | 7131 | return 0; |
ashleymills | 0:e979170e02e7 | 7132 | } |
ashleymills | 0:e979170e02e7 | 7133 | |
ashleymills | 0:e979170e02e7 | 7134 | CYASSL_MSG("CyaSSL_compute_key success"); |
ashleymills | 0:e979170e02e7 | 7135 | return (int)keySz; |
ashleymills | 0:e979170e02e7 | 7136 | } |
ashleymills | 0:e979170e02e7 | 7137 | |
ashleymills | 0:e979170e02e7 | 7138 | |
ashleymills | 0:e979170e02e7 | 7139 | static void InitCyaSSL_DSA(CYASSL_DSA* dsa) |
ashleymills | 0:e979170e02e7 | 7140 | { |
ashleymills | 0:e979170e02e7 | 7141 | if (dsa) { |
ashleymills | 0:e979170e02e7 | 7142 | dsa->p = NULL; |
ashleymills | 0:e979170e02e7 | 7143 | dsa->q = NULL; |
ashleymills | 0:e979170e02e7 | 7144 | dsa->g = NULL; |
ashleymills | 0:e979170e02e7 | 7145 | dsa->pub_key = NULL; |
ashleymills | 0:e979170e02e7 | 7146 | dsa->priv_key = NULL; |
ashleymills | 0:e979170e02e7 | 7147 | dsa->internal = NULL; |
ashleymills | 0:e979170e02e7 | 7148 | dsa->inSet = 0; |
ashleymills | 0:e979170e02e7 | 7149 | dsa->exSet = 0; |
ashleymills | 0:e979170e02e7 | 7150 | } |
ashleymills | 0:e979170e02e7 | 7151 | } |
ashleymills | 0:e979170e02e7 | 7152 | |
ashleymills | 0:e979170e02e7 | 7153 | |
ashleymills | 0:e979170e02e7 | 7154 | CYASSL_DSA* CyaSSL_DSA_new(void) |
ashleymills | 0:e979170e02e7 | 7155 | { |
ashleymills | 0:e979170e02e7 | 7156 | CYASSL_DSA* external; |
ashleymills | 0:e979170e02e7 | 7157 | DsaKey* key; |
ashleymills | 0:e979170e02e7 | 7158 | |
ashleymills | 0:e979170e02e7 | 7159 | CYASSL_MSG("CyaSSL_DSA_new"); |
ashleymills | 0:e979170e02e7 | 7160 | |
ashleymills | 0:e979170e02e7 | 7161 | key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA); |
ashleymills | 0:e979170e02e7 | 7162 | if (key == NULL) { |
ashleymills | 0:e979170e02e7 | 7163 | CYASSL_MSG("CyaSSL_DSA_new malloc DsaKey failure"); |
ashleymills | 0:e979170e02e7 | 7164 | return NULL; |
ashleymills | 0:e979170e02e7 | 7165 | } |
ashleymills | 0:e979170e02e7 | 7166 | |
ashleymills | 0:e979170e02e7 | 7167 | external = (CYASSL_DSA*) XMALLOC(sizeof(CYASSL_DSA), NULL, |
ashleymills | 0:e979170e02e7 | 7168 | DYNAMIC_TYPE_DSA); |
ashleymills | 0:e979170e02e7 | 7169 | if (external == NULL) { |
ashleymills | 0:e979170e02e7 | 7170 | CYASSL_MSG("CyaSSL_DSA_new malloc CYASSL_DSA failure"); |
ashleymills | 0:e979170e02e7 | 7171 | XFREE(key, NULL, DYNAMIC_TYPE_DSA); |
ashleymills | 0:e979170e02e7 | 7172 | return NULL; |
ashleymills | 0:e979170e02e7 | 7173 | } |
ashleymills | 0:e979170e02e7 | 7174 | |
ashleymills | 0:e979170e02e7 | 7175 | InitCyaSSL_DSA(external); |
ashleymills | 0:e979170e02e7 | 7176 | InitDsaKey(key); |
ashleymills | 0:e979170e02e7 | 7177 | external->internal = key; |
ashleymills | 0:e979170e02e7 | 7178 | |
ashleymills | 0:e979170e02e7 | 7179 | return external; |
ashleymills | 0:e979170e02e7 | 7180 | } |
ashleymills | 0:e979170e02e7 | 7181 | |
ashleymills | 0:e979170e02e7 | 7182 | |
ashleymills | 0:e979170e02e7 | 7183 | void CyaSSL_DSA_free(CYASSL_DSA* dsa) |
ashleymills | 0:e979170e02e7 | 7184 | { |
ashleymills | 0:e979170e02e7 | 7185 | CYASSL_MSG("CyaSSL_DSA_free"); |
ashleymills | 0:e979170e02e7 | 7186 | |
ashleymills | 0:e979170e02e7 | 7187 | if (dsa) { |
ashleymills | 0:e979170e02e7 | 7188 | if (dsa->internal) { |
ashleymills | 0:e979170e02e7 | 7189 | FreeDsaKey((DsaKey*)dsa->internal); |
ashleymills | 0:e979170e02e7 | 7190 | XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA); |
ashleymills | 0:e979170e02e7 | 7191 | dsa->internal = NULL; |
ashleymills | 0:e979170e02e7 | 7192 | } |
ashleymills | 0:e979170e02e7 | 7193 | CyaSSL_BN_free(dsa->priv_key); |
ashleymills | 0:e979170e02e7 | 7194 | CyaSSL_BN_free(dsa->pub_key); |
ashleymills | 0:e979170e02e7 | 7195 | CyaSSL_BN_free(dsa->g); |
ashleymills | 0:e979170e02e7 | 7196 | CyaSSL_BN_free(dsa->q); |
ashleymills | 0:e979170e02e7 | 7197 | CyaSSL_BN_free(dsa->p); |
ashleymills | 0:e979170e02e7 | 7198 | InitCyaSSL_DSA(dsa); /* set back to NULLs for safety */ |
ashleymills | 0:e979170e02e7 | 7199 | |
ashleymills | 0:e979170e02e7 | 7200 | XFREE(dsa, NULL, DYNAMIC_TYPE_DSA); |
ashleymills | 0:e979170e02e7 | 7201 | } |
ashleymills | 0:e979170e02e7 | 7202 | } |
ashleymills | 0:e979170e02e7 | 7203 | |
ashleymills | 0:e979170e02e7 | 7204 | |
ashleymills | 0:e979170e02e7 | 7205 | int CyaSSL_DSA_generate_key(CYASSL_DSA* dsa) |
ashleymills | 0:e979170e02e7 | 7206 | { |
ashleymills | 0:e979170e02e7 | 7207 | (void)dsa; |
ashleymills | 0:e979170e02e7 | 7208 | |
ashleymills | 0:e979170e02e7 | 7209 | CYASSL_MSG("CyaSSL_DSA_generate_key"); |
ashleymills | 0:e979170e02e7 | 7210 | |
ashleymills | 0:e979170e02e7 | 7211 | return 0; /* key gen not needed by server */ |
ashleymills | 0:e979170e02e7 | 7212 | } |
ashleymills | 0:e979170e02e7 | 7213 | |
ashleymills | 0:e979170e02e7 | 7214 | |
ashleymills | 0:e979170e02e7 | 7215 | int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA* dsa, int bits, |
ashleymills | 0:e979170e02e7 | 7216 | unsigned char* seed, int seedLen, int* counterRet, |
ashleymills | 0:e979170e02e7 | 7217 | unsigned long* hRet, void* cb) |
ashleymills | 0:e979170e02e7 | 7218 | { |
ashleymills | 0:e979170e02e7 | 7219 | (void)dsa; |
ashleymills | 0:e979170e02e7 | 7220 | (void)bits; |
ashleymills | 0:e979170e02e7 | 7221 | (void)seed; |
ashleymills | 0:e979170e02e7 | 7222 | (void)seedLen; |
ashleymills | 0:e979170e02e7 | 7223 | (void)counterRet; |
ashleymills | 0:e979170e02e7 | 7224 | (void)hRet; |
ashleymills | 0:e979170e02e7 | 7225 | (void)cb; |
ashleymills | 0:e979170e02e7 | 7226 | |
ashleymills | 0:e979170e02e7 | 7227 | CYASSL_MSG("CyaSSL_DSA_generate_parameters_ex"); |
ashleymills | 0:e979170e02e7 | 7228 | |
ashleymills | 0:e979170e02e7 | 7229 | return 0; /* key gen not needed by server */ |
ashleymills | 0:e979170e02e7 | 7230 | } |
ashleymills | 0:e979170e02e7 | 7231 | |
ashleymills | 0:e979170e02e7 | 7232 | |
ashleymills | 0:e979170e02e7 | 7233 | static void InitCyaSSL_Rsa(CYASSL_RSA* rsa) |
ashleymills | 0:e979170e02e7 | 7234 | { |
ashleymills | 0:e979170e02e7 | 7235 | if (rsa) { |
ashleymills | 0:e979170e02e7 | 7236 | rsa->n = NULL; |
ashleymills | 0:e979170e02e7 | 7237 | rsa->e = NULL; |
ashleymills | 0:e979170e02e7 | 7238 | rsa->d = NULL; |
ashleymills | 0:e979170e02e7 | 7239 | rsa->p = NULL; |
ashleymills | 0:e979170e02e7 | 7240 | rsa->q = NULL; |
ashleymills | 0:e979170e02e7 | 7241 | rsa->dmp1 = NULL; |
ashleymills | 0:e979170e02e7 | 7242 | rsa->dmq1 = NULL; |
ashleymills | 0:e979170e02e7 | 7243 | rsa->iqmp = NULL; |
ashleymills | 0:e979170e02e7 | 7244 | rsa->internal = NULL; |
ashleymills | 0:e979170e02e7 | 7245 | rsa->inSet = 0; |
ashleymills | 0:e979170e02e7 | 7246 | rsa->exSet = 0; |
ashleymills | 0:e979170e02e7 | 7247 | } |
ashleymills | 0:e979170e02e7 | 7248 | } |
ashleymills | 0:e979170e02e7 | 7249 | |
ashleymills | 0:e979170e02e7 | 7250 | |
ashleymills | 0:e979170e02e7 | 7251 | CYASSL_RSA* CyaSSL_RSA_new(void) |
ashleymills | 0:e979170e02e7 | 7252 | { |
ashleymills | 0:e979170e02e7 | 7253 | CYASSL_RSA* external; |
ashleymills | 0:e979170e02e7 | 7254 | RsaKey* key; |
ashleymills | 0:e979170e02e7 | 7255 | |
ashleymills | 0:e979170e02e7 | 7256 | CYASSL_MSG("CyaSSL_RSA_new"); |
ashleymills | 0:e979170e02e7 | 7257 | |
ashleymills | 0:e979170e02e7 | 7258 | key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); |
ashleymills | 0:e979170e02e7 | 7259 | if (key == NULL) { |
ashleymills | 0:e979170e02e7 | 7260 | CYASSL_MSG("CyaSSL_RSA_new malloc RsaKey failure"); |
ashleymills | 0:e979170e02e7 | 7261 | return NULL; |
ashleymills | 0:e979170e02e7 | 7262 | } |
ashleymills | 0:e979170e02e7 | 7263 | |
ashleymills | 0:e979170e02e7 | 7264 | external = (CYASSL_RSA*) XMALLOC(sizeof(CYASSL_RSA), NULL, |
ashleymills | 0:e979170e02e7 | 7265 | DYNAMIC_TYPE_RSA); |
ashleymills | 0:e979170e02e7 | 7266 | if (external == NULL) { |
ashleymills | 0:e979170e02e7 | 7267 | CYASSL_MSG("CyaSSL_RSA_new malloc CYASSL_RSA failure"); |
ashleymills | 0:e979170e02e7 | 7268 | XFREE(key, NULL, DYNAMIC_TYPE_RSA); |
ashleymills | 0:e979170e02e7 | 7269 | return NULL; |
ashleymills | 0:e979170e02e7 | 7270 | } |
ashleymills | 0:e979170e02e7 | 7271 | |
ashleymills | 0:e979170e02e7 | 7272 | InitCyaSSL_Rsa(external); |
ashleymills | 0:e979170e02e7 | 7273 | InitRsaKey(key, NULL); |
ashleymills | 0:e979170e02e7 | 7274 | external->internal = key; |
ashleymills | 0:e979170e02e7 | 7275 | |
ashleymills | 0:e979170e02e7 | 7276 | return external; |
ashleymills | 0:e979170e02e7 | 7277 | } |
ashleymills | 0:e979170e02e7 | 7278 | |
ashleymills | 0:e979170e02e7 | 7279 | |
ashleymills | 0:e979170e02e7 | 7280 | void CyaSSL_RSA_free(CYASSL_RSA* rsa) |
ashleymills | 0:e979170e02e7 | 7281 | { |
ashleymills | 0:e979170e02e7 | 7282 | CYASSL_MSG("CyaSSL_RSA_free"); |
ashleymills | 0:e979170e02e7 | 7283 | |
ashleymills | 0:e979170e02e7 | 7284 | if (rsa) { |
ashleymills | 0:e979170e02e7 | 7285 | if (rsa->internal) { |
ashleymills | 0:e979170e02e7 | 7286 | FreeRsaKey((RsaKey*)rsa->internal); |
ashleymills | 0:e979170e02e7 | 7287 | XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA); |
ashleymills | 0:e979170e02e7 | 7288 | rsa->internal = NULL; |
ashleymills | 0:e979170e02e7 | 7289 | } |
ashleymills | 0:e979170e02e7 | 7290 | CyaSSL_BN_free(rsa->iqmp); |
ashleymills | 0:e979170e02e7 | 7291 | CyaSSL_BN_free(rsa->dmq1); |
ashleymills | 0:e979170e02e7 | 7292 | CyaSSL_BN_free(rsa->dmp1); |
ashleymills | 0:e979170e02e7 | 7293 | CyaSSL_BN_free(rsa->q); |
ashleymills | 0:e979170e02e7 | 7294 | CyaSSL_BN_free(rsa->p); |
ashleymills | 0:e979170e02e7 | 7295 | CyaSSL_BN_free(rsa->d); |
ashleymills | 0:e979170e02e7 | 7296 | CyaSSL_BN_free(rsa->e); |
ashleymills | 0:e979170e02e7 | 7297 | CyaSSL_BN_free(rsa->n); |
ashleymills | 0:e979170e02e7 | 7298 | InitCyaSSL_Rsa(rsa); /* set back to NULLs for safety */ |
ashleymills | 0:e979170e02e7 | 7299 | |
ashleymills | 0:e979170e02e7 | 7300 | XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); |
ashleymills | 0:e979170e02e7 | 7301 | } |
ashleymills | 0:e979170e02e7 | 7302 | } |
ashleymills | 0:e979170e02e7 | 7303 | |
ashleymills | 0:e979170e02e7 | 7304 | |
ashleymills | 0:e979170e02e7 | 7305 | static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi) |
ashleymills | 0:e979170e02e7 | 7306 | { |
ashleymills | 0:e979170e02e7 | 7307 | CYASSL_MSG("Entering SetIndividualExternal"); |
ashleymills | 0:e979170e02e7 | 7308 | |
ashleymills | 0:e979170e02e7 | 7309 | if (mpi == NULL) { |
ashleymills | 0:e979170e02e7 | 7310 | CYASSL_MSG("mpi NULL error"); |
ashleymills | 0:e979170e02e7 | 7311 | return -1; |
ashleymills | 0:e979170e02e7 | 7312 | } |
ashleymills | 0:e979170e02e7 | 7313 | |
ashleymills | 0:e979170e02e7 | 7314 | if (*bn == NULL) { |
ashleymills | 0:e979170e02e7 | 7315 | *bn = CyaSSL_BN_new(); |
ashleymills | 0:e979170e02e7 | 7316 | if (*bn == NULL) { |
ashleymills | 0:e979170e02e7 | 7317 | CYASSL_MSG("SetIndividualExternal alloc failed"); |
ashleymills | 0:e979170e02e7 | 7318 | return -1; |
ashleymills | 0:e979170e02e7 | 7319 | } |
ashleymills | 0:e979170e02e7 | 7320 | } |
ashleymills | 0:e979170e02e7 | 7321 | |
ashleymills | 0:e979170e02e7 | 7322 | if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) { |
ashleymills | 0:e979170e02e7 | 7323 | CYASSL_MSG("mp_copy error"); |
ashleymills | 0:e979170e02e7 | 7324 | return -1; |
ashleymills | 0:e979170e02e7 | 7325 | } |
ashleymills | 0:e979170e02e7 | 7326 | |
ashleymills | 0:e979170e02e7 | 7327 | return 0; |
ashleymills | 0:e979170e02e7 | 7328 | } |
ashleymills | 0:e979170e02e7 | 7329 | |
ashleymills | 0:e979170e02e7 | 7330 | |
ashleymills | 0:e979170e02e7 | 7331 | static int SetDsaExternal(CYASSL_DSA* dsa) |
ashleymills | 0:e979170e02e7 | 7332 | { |
ashleymills | 0:e979170e02e7 | 7333 | DsaKey* key; |
ashleymills | 0:e979170e02e7 | 7334 | CYASSL_MSG("Entering SetDsaExternal"); |
ashleymills | 0:e979170e02e7 | 7335 | |
ashleymills | 0:e979170e02e7 | 7336 | if (dsa == NULL || dsa->internal == NULL) { |
ashleymills | 0:e979170e02e7 | 7337 | CYASSL_MSG("dsa key NULL error"); |
ashleymills | 0:e979170e02e7 | 7338 | return -1; |
ashleymills | 0:e979170e02e7 | 7339 | } |
ashleymills | 0:e979170e02e7 | 7340 | |
ashleymills | 0:e979170e02e7 | 7341 | key = (DsaKey*)dsa->internal; |
ashleymills | 0:e979170e02e7 | 7342 | |
ashleymills | 0:e979170e02e7 | 7343 | if (SetIndividualExternal(&dsa->p, &key->p) < 0) { |
ashleymills | 0:e979170e02e7 | 7344 | CYASSL_MSG("dsa p key error"); |
ashleymills | 0:e979170e02e7 | 7345 | return -1; |
ashleymills | 0:e979170e02e7 | 7346 | } |
ashleymills | 0:e979170e02e7 | 7347 | |
ashleymills | 0:e979170e02e7 | 7348 | if (SetIndividualExternal(&dsa->q, &key->q) < 0) { |
ashleymills | 0:e979170e02e7 | 7349 | CYASSL_MSG("dsa q key error"); |
ashleymills | 0:e979170e02e7 | 7350 | return -1; |
ashleymills | 0:e979170e02e7 | 7351 | } |
ashleymills | 0:e979170e02e7 | 7352 | |
ashleymills | 0:e979170e02e7 | 7353 | if (SetIndividualExternal(&dsa->g, &key->g) < 0) { |
ashleymills | 0:e979170e02e7 | 7354 | CYASSL_MSG("dsa g key error"); |
ashleymills | 0:e979170e02e7 | 7355 | return -1; |
ashleymills | 0:e979170e02e7 | 7356 | } |
ashleymills | 0:e979170e02e7 | 7357 | |
ashleymills | 0:e979170e02e7 | 7358 | if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) { |
ashleymills | 0:e979170e02e7 | 7359 | CYASSL_MSG("dsa y key error"); |
ashleymills | 0:e979170e02e7 | 7360 | return -1; |
ashleymills | 0:e979170e02e7 | 7361 | } |
ashleymills | 0:e979170e02e7 | 7362 | |
ashleymills | 0:e979170e02e7 | 7363 | if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) { |
ashleymills | 0:e979170e02e7 | 7364 | CYASSL_MSG("dsa x key error"); |
ashleymills | 0:e979170e02e7 | 7365 | return -1; |
ashleymills | 0:e979170e02e7 | 7366 | } |
ashleymills | 0:e979170e02e7 | 7367 | |
ashleymills | 0:e979170e02e7 | 7368 | dsa->exSet = 1; |
ashleymills | 0:e979170e02e7 | 7369 | |
ashleymills | 0:e979170e02e7 | 7370 | return 0; |
ashleymills | 0:e979170e02e7 | 7371 | } |
ashleymills | 0:e979170e02e7 | 7372 | |
ashleymills | 0:e979170e02e7 | 7373 | |
ashleymills | 0:e979170e02e7 | 7374 | static int SetRsaExternal(CYASSL_RSA* rsa) |
ashleymills | 0:e979170e02e7 | 7375 | { |
ashleymills | 0:e979170e02e7 | 7376 | RsaKey* key; |
ashleymills | 0:e979170e02e7 | 7377 | CYASSL_MSG("Entering SetRsaExternal"); |
ashleymills | 0:e979170e02e7 | 7378 | |
ashleymills | 0:e979170e02e7 | 7379 | if (rsa == NULL || rsa->internal == NULL) { |
ashleymills | 0:e979170e02e7 | 7380 | CYASSL_MSG("rsa key NULL error"); |
ashleymills | 0:e979170e02e7 | 7381 | return -1; |
ashleymills | 0:e979170e02e7 | 7382 | } |
ashleymills | 0:e979170e02e7 | 7383 | |
ashleymills | 0:e979170e02e7 | 7384 | key = (RsaKey*)rsa->internal; |
ashleymills | 0:e979170e02e7 | 7385 | |
ashleymills | 0:e979170e02e7 | 7386 | if (SetIndividualExternal(&rsa->n, &key->n) < 0) { |
ashleymills | 0:e979170e02e7 | 7387 | CYASSL_MSG("rsa n key error"); |
ashleymills | 0:e979170e02e7 | 7388 | return -1; |
ashleymills | 0:e979170e02e7 | 7389 | } |
ashleymills | 0:e979170e02e7 | 7390 | |
ashleymills | 0:e979170e02e7 | 7391 | if (SetIndividualExternal(&rsa->e, &key->e) < 0) { |
ashleymills | 0:e979170e02e7 | 7392 | CYASSL_MSG("rsa e key error"); |
ashleymills | 0:e979170e02e7 | 7393 | return -1; |
ashleymills | 0:e979170e02e7 | 7394 | } |
ashleymills | 0:e979170e02e7 | 7395 | |
ashleymills | 0:e979170e02e7 | 7396 | if (SetIndividualExternal(&rsa->d, &key->d) < 0) { |
ashleymills | 0:e979170e02e7 | 7397 | CYASSL_MSG("rsa d key error"); |
ashleymills | 0:e979170e02e7 | 7398 | return -1; |
ashleymills | 0:e979170e02e7 | 7399 | } |
ashleymills | 0:e979170e02e7 | 7400 | |
ashleymills | 0:e979170e02e7 | 7401 | if (SetIndividualExternal(&rsa->p, &key->p) < 0) { |
ashleymills | 0:e979170e02e7 | 7402 | CYASSL_MSG("rsa p key error"); |
ashleymills | 0:e979170e02e7 | 7403 | return -1; |
ashleymills | 0:e979170e02e7 | 7404 | } |
ashleymills | 0:e979170e02e7 | 7405 | |
ashleymills | 0:e979170e02e7 | 7406 | if (SetIndividualExternal(&rsa->q, &key->q) < 0) { |
ashleymills | 0:e979170e02e7 | 7407 | CYASSL_MSG("rsa q key error"); |
ashleymills | 0:e979170e02e7 | 7408 | return -1; |
ashleymills | 0:e979170e02e7 | 7409 | } |
ashleymills | 0:e979170e02e7 | 7410 | |
ashleymills | 0:e979170e02e7 | 7411 | if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) { |
ashleymills | 0:e979170e02e7 | 7412 | CYASSL_MSG("rsa dP key error"); |
ashleymills | 0:e979170e02e7 | 7413 | return -1; |
ashleymills | 0:e979170e02e7 | 7414 | } |
ashleymills | 0:e979170e02e7 | 7415 | |
ashleymills | 0:e979170e02e7 | 7416 | if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) { |
ashleymills | 0:e979170e02e7 | 7417 | CYASSL_MSG("rsa dQ key error"); |
ashleymills | 0:e979170e02e7 | 7418 | return -1; |
ashleymills | 0:e979170e02e7 | 7419 | } |
ashleymills | 0:e979170e02e7 | 7420 | |
ashleymills | 0:e979170e02e7 | 7421 | if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) { |
ashleymills | 0:e979170e02e7 | 7422 | CYASSL_MSG("rsa u key error"); |
ashleymills | 0:e979170e02e7 | 7423 | return -1; |
ashleymills | 0:e979170e02e7 | 7424 | } |
ashleymills | 0:e979170e02e7 | 7425 | |
ashleymills | 0:e979170e02e7 | 7426 | rsa->exSet = 1; |
ashleymills | 0:e979170e02e7 | 7427 | |
ashleymills | 0:e979170e02e7 | 7428 | return 0; |
ashleymills | 0:e979170e02e7 | 7429 | } |
ashleymills | 0:e979170e02e7 | 7430 | |
ashleymills | 0:e979170e02e7 | 7431 | |
ashleymills | 0:e979170e02e7 | 7432 | int CyaSSL_RSA_generate_key_ex(CYASSL_RSA* rsa, int bits, CYASSL_BIGNUM* bn, |
ashleymills | 0:e979170e02e7 | 7433 | void* cb) |
ashleymills | 0:e979170e02e7 | 7434 | { |
ashleymills | 0:e979170e02e7 | 7435 | RNG rng; |
ashleymills | 0:e979170e02e7 | 7436 | |
ashleymills | 0:e979170e02e7 | 7437 | CYASSL_MSG("CyaSSL_RSA_generate_key_ex"); |
ashleymills | 0:e979170e02e7 | 7438 | |
ashleymills | 0:e979170e02e7 | 7439 | (void)rsa; |
ashleymills | 0:e979170e02e7 | 7440 | (void)bits; |
ashleymills | 0:e979170e02e7 | 7441 | (void)cb; |
ashleymills | 0:e979170e02e7 | 7442 | (void)bn; |
ashleymills | 0:e979170e02e7 | 7443 | |
ashleymills | 0:e979170e02e7 | 7444 | if (InitRng(&rng) < 0) { |
ashleymills | 0:e979170e02e7 | 7445 | CYASSL_MSG("RNG init failed"); |
ashleymills | 0:e979170e02e7 | 7446 | return -1; |
ashleymills | 0:e979170e02e7 | 7447 | } |
ashleymills | 0:e979170e02e7 | 7448 | |
ashleymills | 0:e979170e02e7 | 7449 | #ifdef CYASSL_KEY_GEN |
ashleymills | 0:e979170e02e7 | 7450 | if (MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, &rng) < 0) { |
ashleymills | 0:e979170e02e7 | 7451 | CYASSL_MSG("MakeRsaKey failed"); |
ashleymills | 0:e979170e02e7 | 7452 | return -1; |
ashleymills | 0:e979170e02e7 | 7453 | } |
ashleymills | 0:e979170e02e7 | 7454 | |
ashleymills | 0:e979170e02e7 | 7455 | if (SetRsaExternal(rsa) < 0) { |
ashleymills | 0:e979170e02e7 | 7456 | CYASSL_MSG("SetRsaExternal failed"); |
ashleymills | 0:e979170e02e7 | 7457 | return -1; |
ashleymills | 0:e979170e02e7 | 7458 | } |
ashleymills | 0:e979170e02e7 | 7459 | |
ashleymills | 0:e979170e02e7 | 7460 | rsa->inSet = 1; |
ashleymills | 0:e979170e02e7 | 7461 | |
ashleymills | 0:e979170e02e7 | 7462 | return 1; /* success */ |
ashleymills | 0:e979170e02e7 | 7463 | #else |
ashleymills | 0:e979170e02e7 | 7464 | CYASSL_MSG("No Key Gen built in"); |
ashleymills | 0:e979170e02e7 | 7465 | return -1; |
ashleymills | 0:e979170e02e7 | 7466 | #endif |
ashleymills | 0:e979170e02e7 | 7467 | |
ashleymills | 0:e979170e02e7 | 7468 | } |
ashleymills | 0:e979170e02e7 | 7469 | |
ashleymills | 0:e979170e02e7 | 7470 | |
ashleymills | 0:e979170e02e7 | 7471 | int CyaSSL_RSA_blinding_on(CYASSL_RSA* rsa, CYASSL_BN_CTX* bn) |
ashleymills | 0:e979170e02e7 | 7472 | { |
ashleymills | 0:e979170e02e7 | 7473 | (void)rsa; |
ashleymills | 0:e979170e02e7 | 7474 | (void)bn; |
ashleymills | 0:e979170e02e7 | 7475 | |
ashleymills | 0:e979170e02e7 | 7476 | CYASSL_MSG("CyaSSL_RSA_blinding_on"); |
ashleymills | 0:e979170e02e7 | 7477 | |
ashleymills | 0:e979170e02e7 | 7478 | return 1; /* on by default */ |
ashleymills | 0:e979170e02e7 | 7479 | } |
ashleymills | 0:e979170e02e7 | 7480 | |
ashleymills | 0:e979170e02e7 | 7481 | |
ashleymills | 0:e979170e02e7 | 7482 | int CyaSSL_RSA_public_encrypt(int len, unsigned char* fr, |
ashleymills | 0:e979170e02e7 | 7483 | unsigned char* to, CYASSL_RSA* rsa, int padding) |
ashleymills | 0:e979170e02e7 | 7484 | { |
ashleymills | 0:e979170e02e7 | 7485 | (void)len; |
ashleymills | 0:e979170e02e7 | 7486 | (void)fr; |
ashleymills | 0:e979170e02e7 | 7487 | (void)to; |
ashleymills | 0:e979170e02e7 | 7488 | (void)rsa; |
ashleymills | 0:e979170e02e7 | 7489 | (void)padding; |
ashleymills | 0:e979170e02e7 | 7490 | |
ashleymills | 0:e979170e02e7 | 7491 | CYASSL_MSG("CyaSSL_RSA_public_encrypt"); |
ashleymills | 0:e979170e02e7 | 7492 | |
ashleymills | 0:e979170e02e7 | 7493 | return -1; |
ashleymills | 0:e979170e02e7 | 7494 | } |
ashleymills | 0:e979170e02e7 | 7495 | |
ashleymills | 0:e979170e02e7 | 7496 | |
ashleymills | 0:e979170e02e7 | 7497 | int CyaSSL_RSA_private_decrypt(int len, unsigned char* fr, |
ashleymills | 0:e979170e02e7 | 7498 | unsigned char* to, CYASSL_RSA* rsa, int padding) |
ashleymills | 0:e979170e02e7 | 7499 | { |
ashleymills | 0:e979170e02e7 | 7500 | (void)len; |
ashleymills | 0:e979170e02e7 | 7501 | (void)fr; |
ashleymills | 0:e979170e02e7 | 7502 | (void)to; |
ashleymills | 0:e979170e02e7 | 7503 | (void)rsa; |
ashleymills | 0:e979170e02e7 | 7504 | (void)padding; |
ashleymills | 0:e979170e02e7 | 7505 | |
ashleymills | 0:e979170e02e7 | 7506 | CYASSL_MSG("CyaSSL_RSA_private_decrypt"); |
ashleymills | 0:e979170e02e7 | 7507 | |
ashleymills | 0:e979170e02e7 | 7508 | return -1; |
ashleymills | 0:e979170e02e7 | 7509 | } |
ashleymills | 0:e979170e02e7 | 7510 | |
ashleymills | 0:e979170e02e7 | 7511 | |
ashleymills | 0:e979170e02e7 | 7512 | int CyaSSL_RSA_size(const CYASSL_RSA* rsa) |
ashleymills | 0:e979170e02e7 | 7513 | { |
ashleymills | 0:e979170e02e7 | 7514 | CYASSL_MSG("CyaSSL_RSA_size"); |
ashleymills | 0:e979170e02e7 | 7515 | |
ashleymills | 0:e979170e02e7 | 7516 | if (rsa == NULL) |
ashleymills | 0:e979170e02e7 | 7517 | return 0; |
ashleymills | 0:e979170e02e7 | 7518 | |
ashleymills | 0:e979170e02e7 | 7519 | return CyaSSL_BN_num_bytes(rsa->n); |
ashleymills | 0:e979170e02e7 | 7520 | } |
ashleymills | 0:e979170e02e7 | 7521 | |
ashleymills | 0:e979170e02e7 | 7522 | |
ashleymills | 0:e979170e02e7 | 7523 | /* return 0 on success, < 0 otherwise */ |
ashleymills | 0:e979170e02e7 | 7524 | int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, |
ashleymills | 0:e979170e02e7 | 7525 | CYASSL_DSA* dsa) |
ashleymills | 0:e979170e02e7 | 7526 | { |
ashleymills | 0:e979170e02e7 | 7527 | RNG tmpRNG; |
ashleymills | 0:e979170e02e7 | 7528 | RNG* rng = &tmpRNG; |
ashleymills | 0:e979170e02e7 | 7529 | |
ashleymills | 0:e979170e02e7 | 7530 | CYASSL_MSG("CyaSSL_DSA_do_sign"); |
ashleymills | 0:e979170e02e7 | 7531 | |
ashleymills | 0:e979170e02e7 | 7532 | if (d == NULL || sigRet == NULL || dsa == NULL) { |
ashleymills | 0:e979170e02e7 | 7533 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:e979170e02e7 | 7534 | return -1; |
ashleymills | 0:e979170e02e7 | 7535 | } |
ashleymills | 0:e979170e02e7 | 7536 | |
ashleymills | 0:e979170e02e7 | 7537 | if (dsa->inSet == 0) { |
ashleymills | 0:e979170e02e7 | 7538 | CYASSL_MSG("No DSA internal set"); |
ashleymills | 0:e979170e02e7 | 7539 | return -1; |
ashleymills | 0:e979170e02e7 | 7540 | } |
ashleymills | 0:e979170e02e7 | 7541 | |
ashleymills | 0:e979170e02e7 | 7542 | if (InitRng(&tmpRNG) != 0) { |
ashleymills | 0:e979170e02e7 | 7543 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:e979170e02e7 | 7544 | if (initGlobalRNG == 0) { |
ashleymills | 0:e979170e02e7 | 7545 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:e979170e02e7 | 7546 | return -1; |
ashleymills | 0:e979170e02e7 | 7547 | } |
ashleymills | 0:e979170e02e7 | 7548 | rng = &globalRNG; |
ashleymills | 0:e979170e02e7 | 7549 | } |
ashleymills | 0:e979170e02e7 | 7550 | |
ashleymills | 0:e979170e02e7 | 7551 | if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { |
ashleymills | 0:e979170e02e7 | 7552 | CYASSL_MSG("DsaSign failed"); |
ashleymills | 0:e979170e02e7 | 7553 | return -1; |
ashleymills | 0:e979170e02e7 | 7554 | } |
ashleymills | 0:e979170e02e7 | 7555 | |
ashleymills | 0:e979170e02e7 | 7556 | return 0; |
ashleymills | 0:e979170e02e7 | 7557 | } |
ashleymills | 0:e979170e02e7 | 7558 | |
ashleymills | 0:e979170e02e7 | 7559 | |
ashleymills | 0:e979170e02e7 | 7560 | /* return 1 on success, 0 otherwise */ |
ashleymills | 0:e979170e02e7 | 7561 | int CyaSSL_RSA_sign(int type, const unsigned char* m, |
ashleymills | 0:e979170e02e7 | 7562 | unsigned int mLen, unsigned char* sigRet, |
ashleymills | 0:e979170e02e7 | 7563 | unsigned int* sigLen, CYASSL_RSA* rsa) |
ashleymills | 0:e979170e02e7 | 7564 | { |
ashleymills | 0:e979170e02e7 | 7565 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
ashleymills | 0:e979170e02e7 | 7566 | word32 outLen; |
ashleymills | 0:e979170e02e7 | 7567 | word32 signSz; |
ashleymills | 0:e979170e02e7 | 7568 | RNG tmpRNG; |
ashleymills | 0:e979170e02e7 | 7569 | RNG* rng = &tmpRNG; |
ashleymills | 0:e979170e02e7 | 7570 | |
ashleymills | 0:e979170e02e7 | 7571 | CYASSL_MSG("CyaSSL_RSA_sign"); |
ashleymills | 0:e979170e02e7 | 7572 | |
ashleymills | 0:e979170e02e7 | 7573 | if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { |
ashleymills | 0:e979170e02e7 | 7574 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:e979170e02e7 | 7575 | return 0; |
ashleymills | 0:e979170e02e7 | 7576 | } |
ashleymills | 0:e979170e02e7 | 7577 | |
ashleymills | 0:e979170e02e7 | 7578 | if (rsa->inSet == 0) { |
ashleymills | 0:e979170e02e7 | 7579 | CYASSL_MSG("No RSA internal set"); |
ashleymills | 0:e979170e02e7 | 7580 | return 0; |
ashleymills | 0:e979170e02e7 | 7581 | } |
ashleymills | 0:e979170e02e7 | 7582 | |
ashleymills | 0:e979170e02e7 | 7583 | outLen = (word32)CyaSSL_BN_num_bytes(rsa->n); |
ashleymills | 0:e979170e02e7 | 7584 | if (outLen == 0) { |
ashleymills | 0:e979170e02e7 | 7585 | CYASSL_MSG("Bad RSA size"); |
ashleymills | 0:e979170e02e7 | 7586 | return 0; |
ashleymills | 0:e979170e02e7 | 7587 | } |
ashleymills | 0:e979170e02e7 | 7588 | |
ashleymills | 0:e979170e02e7 | 7589 | if (InitRng(&tmpRNG) != 0) { |
ashleymills | 0:e979170e02e7 | 7590 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:e979170e02e7 | 7591 | if (initGlobalRNG == 0) { |
ashleymills | 0:e979170e02e7 | 7592 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:e979170e02e7 | 7593 | return 0; |
ashleymills | 0:e979170e02e7 | 7594 | } |
ashleymills | 0:e979170e02e7 | 7595 | rng = &globalRNG; |
ashleymills | 0:e979170e02e7 | 7596 | } |
ashleymills | 0:e979170e02e7 | 7597 | |
ashleymills | 0:e979170e02e7 | 7598 | switch (type) { |
ashleymills | 0:e979170e02e7 | 7599 | case NID_md5: |
ashleymills | 0:e979170e02e7 | 7600 | type = MD5h; |
ashleymills | 0:e979170e02e7 | 7601 | break; |
ashleymills | 0:e979170e02e7 | 7602 | |
ashleymills | 0:e979170e02e7 | 7603 | case NID_sha1: |
ashleymills | 0:e979170e02e7 | 7604 | type = SHAh; |
ashleymills | 0:e979170e02e7 | 7605 | break; |
ashleymills | 0:e979170e02e7 | 7606 | |
ashleymills | 0:e979170e02e7 | 7607 | default: |
ashleymills | 0:e979170e02e7 | 7608 | CYASSL_MSG("Bad md type"); |
ashleymills | 0:e979170e02e7 | 7609 | return 0; |
ashleymills | 0:e979170e02e7 | 7610 | } |
ashleymills | 0:e979170e02e7 | 7611 | |
ashleymills | 0:e979170e02e7 | 7612 | signSz = EncodeSignature(encodedSig, m, mLen, type); |
ashleymills | 0:e979170e02e7 | 7613 | if (signSz == 0) { |
ashleymills | 0:e979170e02e7 | 7614 | CYASSL_MSG("Bad Encode Signature"); |
ashleymills | 0:e979170e02e7 | 7615 | return 0; |
ashleymills | 0:e979170e02e7 | 7616 | } |
ashleymills | 0:e979170e02e7 | 7617 | |
ashleymills | 0:e979170e02e7 | 7618 | *sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen, |
ashleymills | 0:e979170e02e7 | 7619 | (RsaKey*)rsa->internal, rng); |
ashleymills | 0:e979170e02e7 | 7620 | if (*sigLen <= 0) { |
ashleymills | 0:e979170e02e7 | 7621 | CYASSL_MSG("Bad Rsa Sign"); |
ashleymills | 0:e979170e02e7 | 7622 | return 0; |
ashleymills | 0:e979170e02e7 | 7623 | } |
ashleymills | 0:e979170e02e7 | 7624 | |
ashleymills | 0:e979170e02e7 | 7625 | CYASSL_MSG("CyaSSL_RSA_sign success"); |
ashleymills | 0:e979170e02e7 | 7626 | return 1; /* success */ |
ashleymills | 0:e979170e02e7 | 7627 | } |
ashleymills | 0:e979170e02e7 | 7628 | |
ashleymills | 0:e979170e02e7 | 7629 | |
ashleymills | 0:e979170e02e7 | 7630 | int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from, |
ashleymills | 0:e979170e02e7 | 7631 | unsigned char* to, CYASSL_RSA* rsa, int padding) |
ashleymills | 0:e979170e02e7 | 7632 | { |
ashleymills | 0:e979170e02e7 | 7633 | (void)flen; |
ashleymills | 0:e979170e02e7 | 7634 | (void)from; |
ashleymills | 0:e979170e02e7 | 7635 | (void)to; |
ashleymills | 0:e979170e02e7 | 7636 | (void)rsa; |
ashleymills | 0:e979170e02e7 | 7637 | (void)padding; |
ashleymills | 0:e979170e02e7 | 7638 | |
ashleymills | 0:e979170e02e7 | 7639 | CYASSL_MSG("CyaSSL_RSA_public_decrypt"); |
ashleymills | 0:e979170e02e7 | 7640 | |
ashleymills | 0:e979170e02e7 | 7641 | return -1; |
ashleymills | 0:e979170e02e7 | 7642 | } |
ashleymills | 0:e979170e02e7 | 7643 | |
ashleymills | 0:e979170e02e7 | 7644 | |
ashleymills | 0:e979170e02e7 | 7645 | /* generate p-1 and q-1 */ |
ashleymills | 0:e979170e02e7 | 7646 | int CyaSSL_RSA_GenAdd(CYASSL_RSA* rsa) |
ashleymills | 0:e979170e02e7 | 7647 | { |
ashleymills | 0:e979170e02e7 | 7648 | int err; |
ashleymills | 0:e979170e02e7 | 7649 | mp_int tmp; |
ashleymills | 0:e979170e02e7 | 7650 | |
ashleymills | 0:e979170e02e7 | 7651 | CYASSL_MSG("CyaSSL_RsaGenAdd"); |
ashleymills | 0:e979170e02e7 | 7652 | |
ashleymills | 0:e979170e02e7 | 7653 | if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL || |
ashleymills | 0:e979170e02e7 | 7654 | rsa->dmp1 == NULL || rsa->dmq1 == NULL) { |
ashleymills | 0:e979170e02e7 | 7655 | CYASSL_MSG("rsa no init error"); |
ashleymills | 0:e979170e02e7 | 7656 | return -1; |
ashleymills | 0:e979170e02e7 | 7657 | } |
ashleymills | 0:e979170e02e7 | 7658 | |
ashleymills | 0:e979170e02e7 | 7659 | if (mp_init(&tmp) != MP_OKAY) { |
ashleymills | 0:e979170e02e7 | 7660 | CYASSL_MSG("mp_init error"); |
ashleymills | 0:e979170e02e7 | 7661 | return -1; |
ashleymills | 0:e979170e02e7 | 7662 | } |
ashleymills | 0:e979170e02e7 | 7663 | |
ashleymills | 0:e979170e02e7 | 7664 | err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp); |
ashleymills | 0:e979170e02e7 | 7665 | if (err != MP_OKAY) |
ashleymills | 0:e979170e02e7 | 7666 | CYASSL_MSG("mp_sub_d error"); |
ashleymills | 0:e979170e02e7 | 7667 | else |
ashleymills | 0:e979170e02e7 | 7668 | err = mp_mod((mp_int*)rsa->d->internal, &tmp, |
ashleymills | 0:e979170e02e7 | 7669 | (mp_int*)rsa->dmp1->internal); |
ashleymills | 0:e979170e02e7 | 7670 | |
ashleymills | 0:e979170e02e7 | 7671 | if (err != MP_OKAY) |
ashleymills | 0:e979170e02e7 | 7672 | CYASSL_MSG("mp_mod error"); |
ashleymills | 0:e979170e02e7 | 7673 | else |
ashleymills | 0:e979170e02e7 | 7674 | err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp); |
ashleymills | 0:e979170e02e7 | 7675 | if (err != MP_OKAY) |
ashleymills | 0:e979170e02e7 | 7676 | CYASSL_MSG("mp_sub_d error"); |
ashleymills | 0:e979170e02e7 | 7677 | else |
ashleymills | 0:e979170e02e7 | 7678 | err = mp_mod((mp_int*)rsa->d->internal, &tmp, |
ashleymills | 0:e979170e02e7 | 7679 | (mp_int*)rsa->dmq1->internal); |
ashleymills | 0:e979170e02e7 | 7680 | |
ashleymills | 0:e979170e02e7 | 7681 | mp_clear(&tmp); |
ashleymills | 0:e979170e02e7 | 7682 | |
ashleymills | 0:e979170e02e7 | 7683 | if (err == MP_OKAY) |
ashleymills | 0:e979170e02e7 | 7684 | return 0; |
ashleymills | 0:e979170e02e7 | 7685 | else |
ashleymills | 0:e979170e02e7 | 7686 | return -1; |
ashleymills | 0:e979170e02e7 | 7687 | } |
ashleymills | 0:e979170e02e7 | 7688 | |
ashleymills | 0:e979170e02e7 | 7689 | |
ashleymills | 0:e979170e02e7 | 7690 | void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen, |
ashleymills | 0:e979170e02e7 | 7691 | const EVP_MD* type) |
ashleymills | 0:e979170e02e7 | 7692 | { |
ashleymills | 0:e979170e02e7 | 7693 | CYASSL_MSG("CyaSSL_HMAC_Init"); |
ashleymills | 0:e979170e02e7 | 7694 | |
ashleymills | 0:e979170e02e7 | 7695 | if (ctx == NULL) { |
ashleymills | 0:e979170e02e7 | 7696 | CYASSL_MSG("no ctx on init"); |
ashleymills | 0:e979170e02e7 | 7697 | return; |
ashleymills | 0:e979170e02e7 | 7698 | } |
ashleymills | 0:e979170e02e7 | 7699 | |
ashleymills | 0:e979170e02e7 | 7700 | if (type) { |
ashleymills | 0:e979170e02e7 | 7701 | CYASSL_MSG("init has type"); |
ashleymills | 0:e979170e02e7 | 7702 | |
ashleymills | 0:e979170e02e7 | 7703 | if (XSTRNCMP(type, "MD5", 3) == 0) { |
ashleymills | 0:e979170e02e7 | 7704 | CYASSL_MSG("md5 hmac"); |
ashleymills | 0:e979170e02e7 | 7705 | ctx->type = MD5; |
ashleymills | 0:e979170e02e7 | 7706 | } |
ashleymills | 0:e979170e02e7 | 7707 | else if (XSTRNCMP(type, "SHA256", 6) == 0) { |
ashleymills | 0:e979170e02e7 | 7708 | CYASSL_MSG("sha256 hmac"); |
ashleymills | 0:e979170e02e7 | 7709 | ctx->type = SHA256; |
ashleymills | 0:e979170e02e7 | 7710 | } |
ashleymills | 0:e979170e02e7 | 7711 | |
ashleymills | 0:e979170e02e7 | 7712 | /* has to be last since would pick or 256, 384, or 512 too */ |
ashleymills | 0:e979170e02e7 | 7713 | else if (XSTRNCMP(type, "SHA", 3) == 0) { |
ashleymills | 0:e979170e02e7 | 7714 | CYASSL_MSG("sha hmac"); |
ashleymills | 0:e979170e02e7 | 7715 | ctx->type = SHA; |
ashleymills | 0:e979170e02e7 | 7716 | } |
ashleymills | 0:e979170e02e7 | 7717 | else { |
ashleymills | 0:e979170e02e7 | 7718 | CYASSL_MSG("bad init type"); |
ashleymills | 0:e979170e02e7 | 7719 | } |
ashleymills | 0:e979170e02e7 | 7720 | } |
ashleymills | 0:e979170e02e7 | 7721 | |
ashleymills | 0:e979170e02e7 | 7722 | if (key && keylen) { |
ashleymills | 0:e979170e02e7 | 7723 | CYASSL_MSG("keying hmac"); |
ashleymills | 0:e979170e02e7 | 7724 | HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen); |
ashleymills | 0:e979170e02e7 | 7725 | } |
ashleymills | 0:e979170e02e7 | 7726 | } |
ashleymills | 0:e979170e02e7 | 7727 | |
ashleymills | 0:e979170e02e7 | 7728 | |
ashleymills | 0:e979170e02e7 | 7729 | void CyaSSL_HMAC_Update(CYASSL_HMAC_CTX* ctx, const unsigned char* data, |
ashleymills | 0:e979170e02e7 | 7730 | int len) |
ashleymills | 0:e979170e02e7 | 7731 | { |
ashleymills | 0:e979170e02e7 | 7732 | CYASSL_MSG("CyaSSL_HMAC_Update"); |
ashleymills | 0:e979170e02e7 | 7733 | |
ashleymills | 0:e979170e02e7 | 7734 | if (ctx && data) { |
ashleymills | 0:e979170e02e7 | 7735 | CYASSL_MSG("updating hmac"); |
ashleymills | 0:e979170e02e7 | 7736 | HmacUpdate(&ctx->hmac, data, (word32)len); |
ashleymills | 0:e979170e02e7 | 7737 | } |
ashleymills | 0:e979170e02e7 | 7738 | } |
ashleymills | 0:e979170e02e7 | 7739 | |
ashleymills | 0:e979170e02e7 | 7740 | |
ashleymills | 0:e979170e02e7 | 7741 | void CyaSSL_HMAC_Final(CYASSL_HMAC_CTX* ctx, unsigned char* hash, |
ashleymills | 0:e979170e02e7 | 7742 | unsigned int* len) |
ashleymills | 0:e979170e02e7 | 7743 | { |
ashleymills | 0:e979170e02e7 | 7744 | CYASSL_MSG("CyaSSL_HMAC_Final"); |
ashleymills | 0:e979170e02e7 | 7745 | |
ashleymills | 0:e979170e02e7 | 7746 | if (ctx && hash) { |
ashleymills | 0:e979170e02e7 | 7747 | CYASSL_MSG("final hmac"); |
ashleymills | 0:e979170e02e7 | 7748 | HmacFinal(&ctx->hmac, hash); |
ashleymills | 0:e979170e02e7 | 7749 | |
ashleymills | 0:e979170e02e7 | 7750 | if (len) { |
ashleymills | 0:e979170e02e7 | 7751 | CYASSL_MSG("setting output len"); |
ashleymills | 0:e979170e02e7 | 7752 | switch (ctx->type) { |
ashleymills | 0:e979170e02e7 | 7753 | case MD5: |
ashleymills | 0:e979170e02e7 | 7754 | *len = MD5_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 7755 | break; |
ashleymills | 0:e979170e02e7 | 7756 | |
ashleymills | 0:e979170e02e7 | 7757 | case SHA: |
ashleymills | 0:e979170e02e7 | 7758 | *len = SHA_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 7759 | break; |
ashleymills | 0:e979170e02e7 | 7760 | |
ashleymills | 0:e979170e02e7 | 7761 | case SHA256: |
ashleymills | 0:e979170e02e7 | 7762 | *len = SHA256_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 7763 | break; |
ashleymills | 0:e979170e02e7 | 7764 | |
ashleymills | 0:e979170e02e7 | 7765 | default: |
ashleymills | 0:e979170e02e7 | 7766 | CYASSL_MSG("bad hmac type"); |
ashleymills | 0:e979170e02e7 | 7767 | } |
ashleymills | 0:e979170e02e7 | 7768 | } |
ashleymills | 0:e979170e02e7 | 7769 | } |
ashleymills | 0:e979170e02e7 | 7770 | } |
ashleymills | 0:e979170e02e7 | 7771 | |
ashleymills | 0:e979170e02e7 | 7772 | |
ashleymills | 0:e979170e02e7 | 7773 | void CyaSSL_HMAC_cleanup(CYASSL_HMAC_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 7774 | { |
ashleymills | 0:e979170e02e7 | 7775 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 7776 | |
ashleymills | 0:e979170e02e7 | 7777 | CYASSL_MSG("CyaSSL_HMAC_cleanup"); |
ashleymills | 0:e979170e02e7 | 7778 | } |
ashleymills | 0:e979170e02e7 | 7779 | |
ashleymills | 0:e979170e02e7 | 7780 | |
ashleymills | 0:e979170e02e7 | 7781 | const CYASSL_EVP_MD* CyaSSL_EVP_get_digestbynid(int id) |
ashleymills | 0:e979170e02e7 | 7782 | { |
ashleymills | 0:e979170e02e7 | 7783 | CYASSL_MSG("CyaSSL_get_digestbynid"); |
ashleymills | 0:e979170e02e7 | 7784 | |
ashleymills | 0:e979170e02e7 | 7785 | switch(id) { |
ashleymills | 0:e979170e02e7 | 7786 | case NID_md5: |
ashleymills | 0:e979170e02e7 | 7787 | return CyaSSL_EVP_md5(); |
ashleymills | 0:e979170e02e7 | 7788 | break; |
ashleymills | 0:e979170e02e7 | 7789 | |
ashleymills | 0:e979170e02e7 | 7790 | case NID_sha1: |
ashleymills | 0:e979170e02e7 | 7791 | return CyaSSL_EVP_sha1(); |
ashleymills | 0:e979170e02e7 | 7792 | break; |
ashleymills | 0:e979170e02e7 | 7793 | |
ashleymills | 0:e979170e02e7 | 7794 | default: |
ashleymills | 0:e979170e02e7 | 7795 | CYASSL_MSG("Bad digest id value"); |
ashleymills | 0:e979170e02e7 | 7796 | } |
ashleymills | 0:e979170e02e7 | 7797 | |
ashleymills | 0:e979170e02e7 | 7798 | return NULL; |
ashleymills | 0:e979170e02e7 | 7799 | } |
ashleymills | 0:e979170e02e7 | 7800 | |
ashleymills | 0:e979170e02e7 | 7801 | |
ashleymills | 0:e979170e02e7 | 7802 | CYASSL_RSA* CyaSSL_EVP_PKEY_get1_RSA(CYASSL_EVP_PKEY* key) |
ashleymills | 0:e979170e02e7 | 7803 | { |
ashleymills | 0:e979170e02e7 | 7804 | (void)key; |
ashleymills | 0:e979170e02e7 | 7805 | CYASSL_MSG("CyaSSL_EVP_PKEY_get1_RSA"); |
ashleymills | 0:e979170e02e7 | 7806 | |
ashleymills | 0:e979170e02e7 | 7807 | return NULL; |
ashleymills | 0:e979170e02e7 | 7808 | } |
ashleymills | 0:e979170e02e7 | 7809 | |
ashleymills | 0:e979170e02e7 | 7810 | |
ashleymills | 0:e979170e02e7 | 7811 | CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY* key) |
ashleymills | 0:e979170e02e7 | 7812 | { |
ashleymills | 0:e979170e02e7 | 7813 | (void)key; |
ashleymills | 0:e979170e02e7 | 7814 | CYASSL_MSG("CyaSSL_EVP_PKEY_get1_DSA"); |
ashleymills | 0:e979170e02e7 | 7815 | |
ashleymills | 0:e979170e02e7 | 7816 | return NULL; |
ashleymills | 0:e979170e02e7 | 7817 | } |
ashleymills | 0:e979170e02e7 | 7818 | |
ashleymills | 0:e979170e02e7 | 7819 | |
ashleymills | 0:e979170e02e7 | 7820 | void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 7821 | { |
ashleymills | 0:e979170e02e7 | 7822 | CYASSL_MSG("CyaSSL_EVP_X_STATE"); |
ashleymills | 0:e979170e02e7 | 7823 | |
ashleymills | 0:e979170e02e7 | 7824 | if (ctx) { |
ashleymills | 0:e979170e02e7 | 7825 | switch (ctx->cipherType) { |
ashleymills | 0:e979170e02e7 | 7826 | case ARC4_TYPE: |
ashleymills | 0:e979170e02e7 | 7827 | CYASSL_MSG("returning arc4 state"); |
ashleymills | 0:e979170e02e7 | 7828 | return (void*)&ctx->cipher.arc4.x; |
ashleymills | 0:e979170e02e7 | 7829 | break; |
ashleymills | 0:e979170e02e7 | 7830 | |
ashleymills | 0:e979170e02e7 | 7831 | default: |
ashleymills | 0:e979170e02e7 | 7832 | CYASSL_MSG("bad x state type"); |
ashleymills | 0:e979170e02e7 | 7833 | return 0; |
ashleymills | 0:e979170e02e7 | 7834 | } |
ashleymills | 0:e979170e02e7 | 7835 | } |
ashleymills | 0:e979170e02e7 | 7836 | |
ashleymills | 0:e979170e02e7 | 7837 | return NULL; |
ashleymills | 0:e979170e02e7 | 7838 | } |
ashleymills | 0:e979170e02e7 | 7839 | |
ashleymills | 0:e979170e02e7 | 7840 | |
ashleymills | 0:e979170e02e7 | 7841 | int CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 7842 | { |
ashleymills | 0:e979170e02e7 | 7843 | CYASSL_MSG("CyaSSL_EVP_X_STATE_LEN"); |
ashleymills | 0:e979170e02e7 | 7844 | |
ashleymills | 0:e979170e02e7 | 7845 | if (ctx) { |
ashleymills | 0:e979170e02e7 | 7846 | switch (ctx->cipherType) { |
ashleymills | 0:e979170e02e7 | 7847 | case ARC4_TYPE: |
ashleymills | 0:e979170e02e7 | 7848 | CYASSL_MSG("returning arc4 state size"); |
ashleymills | 0:e979170e02e7 | 7849 | return sizeof(Arc4); |
ashleymills | 0:e979170e02e7 | 7850 | break; |
ashleymills | 0:e979170e02e7 | 7851 | |
ashleymills | 0:e979170e02e7 | 7852 | default: |
ashleymills | 0:e979170e02e7 | 7853 | CYASSL_MSG("bad x state type"); |
ashleymills | 0:e979170e02e7 | 7854 | return 0; |
ashleymills | 0:e979170e02e7 | 7855 | } |
ashleymills | 0:e979170e02e7 | 7856 | } |
ashleymills | 0:e979170e02e7 | 7857 | |
ashleymills | 0:e979170e02e7 | 7858 | return 0; |
ashleymills | 0:e979170e02e7 | 7859 | } |
ashleymills | 0:e979170e02e7 | 7860 | |
ashleymills | 0:e979170e02e7 | 7861 | |
ashleymills | 0:e979170e02e7 | 7862 | void CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset, |
ashleymills | 0:e979170e02e7 | 7863 | unsigned char* iv, int len) |
ashleymills | 0:e979170e02e7 | 7864 | { |
ashleymills | 0:e979170e02e7 | 7865 | (void)len; |
ashleymills | 0:e979170e02e7 | 7866 | |
ashleymills | 0:e979170e02e7 | 7867 | CYASSL_MSG("CyaSSL_3des_iv"); |
ashleymills | 0:e979170e02e7 | 7868 | |
ashleymills | 0:e979170e02e7 | 7869 | if (ctx == NULL || iv == NULL) { |
ashleymills | 0:e979170e02e7 | 7870 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:e979170e02e7 | 7871 | return; |
ashleymills | 0:e979170e02e7 | 7872 | } |
ashleymills | 0:e979170e02e7 | 7873 | |
ashleymills | 0:e979170e02e7 | 7874 | if (doset) |
ashleymills | 0:e979170e02e7 | 7875 | Des3_SetIV(&ctx->cipher.des3, iv); |
ashleymills | 0:e979170e02e7 | 7876 | else |
ashleymills | 0:e979170e02e7 | 7877 | memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 7878 | } |
ashleymills | 0:e979170e02e7 | 7879 | |
ashleymills | 0:e979170e02e7 | 7880 | |
ashleymills | 0:e979170e02e7 | 7881 | void CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset, |
ashleymills | 0:e979170e02e7 | 7882 | unsigned char* iv, int len) |
ashleymills | 0:e979170e02e7 | 7883 | { |
ashleymills | 0:e979170e02e7 | 7884 | (void)len; |
ashleymills | 0:e979170e02e7 | 7885 | |
ashleymills | 0:e979170e02e7 | 7886 | CYASSL_MSG("CyaSSL_aes_ctr_iv"); |
ashleymills | 0:e979170e02e7 | 7887 | |
ashleymills | 0:e979170e02e7 | 7888 | if (ctx == NULL || iv == NULL) { |
ashleymills | 0:e979170e02e7 | 7889 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:e979170e02e7 | 7890 | return; |
ashleymills | 0:e979170e02e7 | 7891 | } |
ashleymills | 0:e979170e02e7 | 7892 | |
ashleymills | 0:e979170e02e7 | 7893 | if (doset) |
ashleymills | 0:e979170e02e7 | 7894 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:e979170e02e7 | 7895 | else |
ashleymills | 0:e979170e02e7 | 7896 | memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); |
ashleymills | 0:e979170e02e7 | 7897 | } |
ashleymills | 0:e979170e02e7 | 7898 | |
ashleymills | 0:e979170e02e7 | 7899 | |
ashleymills | 0:e979170e02e7 | 7900 | const CYASSL_EVP_MD* CyaSSL_EVP_ripemd160(void) |
ashleymills | 0:e979170e02e7 | 7901 | { |
ashleymills | 0:e979170e02e7 | 7902 | CYASSL_MSG("CyaSSL_ripemd160"); |
ashleymills | 0:e979170e02e7 | 7903 | |
ashleymills | 0:e979170e02e7 | 7904 | return NULL; |
ashleymills | 0:e979170e02e7 | 7905 | } |
ashleymills | 0:e979170e02e7 | 7906 | |
ashleymills | 0:e979170e02e7 | 7907 | |
ashleymills | 0:e979170e02e7 | 7908 | int CyaSSL_EVP_MD_size(const CYASSL_EVP_MD* type) |
ashleymills | 0:e979170e02e7 | 7909 | { |
ashleymills | 0:e979170e02e7 | 7910 | CYASSL_MSG("CyaSSL_EVP_MD_size"); |
ashleymills | 0:e979170e02e7 | 7911 | |
ashleymills | 0:e979170e02e7 | 7912 | if (type == NULL) { |
ashleymills | 0:e979170e02e7 | 7913 | CYASSL_MSG("No md type arg"); |
ashleymills | 0:e979170e02e7 | 7914 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 7915 | } |
ashleymills | 0:e979170e02e7 | 7916 | |
ashleymills | 0:e979170e02e7 | 7917 | if (XSTRNCMP(type, "MD5", 3) == 0) { |
ashleymills | 0:e979170e02e7 | 7918 | return MD5_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 7919 | } |
ashleymills | 0:e979170e02e7 | 7920 | else if (XSTRNCMP(type, "SHA256", 6) == 0) { |
ashleymills | 0:e979170e02e7 | 7921 | return SHA256_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 7922 | } |
ashleymills | 0:e979170e02e7 | 7923 | #ifdef CYASSL_SHA384 |
ashleymills | 0:e979170e02e7 | 7924 | else if (XSTRNCMP(type, "SHA384", 6) == 0) { |
ashleymills | 0:e979170e02e7 | 7925 | return SHA384_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 7926 | } |
ashleymills | 0:e979170e02e7 | 7927 | #endif |
ashleymills | 0:e979170e02e7 | 7928 | #ifdef CYASSL_SHA512 |
ashleymills | 0:e979170e02e7 | 7929 | else if (XSTRNCMP(type, "SHA512", 6) == 0) { |
ashleymills | 0:e979170e02e7 | 7930 | return SHA512_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 7931 | } |
ashleymills | 0:e979170e02e7 | 7932 | #endif |
ashleymills | 0:e979170e02e7 | 7933 | /* has to be last since would pick or 256, 384, or 512 too */ |
ashleymills | 0:e979170e02e7 | 7934 | else if (XSTRNCMP(type, "SHA", 3) == 0) { |
ashleymills | 0:e979170e02e7 | 7935 | return SHA_DIGEST_SIZE; |
ashleymills | 0:e979170e02e7 | 7936 | } |
ashleymills | 0:e979170e02e7 | 7937 | |
ashleymills | 0:e979170e02e7 | 7938 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 7939 | } |
ashleymills | 0:e979170e02e7 | 7940 | |
ashleymills | 0:e979170e02e7 | 7941 | |
ashleymills | 0:e979170e02e7 | 7942 | int CyaSSL_EVP_CIPHER_CTX_iv_length(const CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:e979170e02e7 | 7943 | { |
ashleymills | 0:e979170e02e7 | 7944 | CYASSL_MSG("CyaSSL_EVP_CIPHER_CTX_iv_length"); |
ashleymills | 0:e979170e02e7 | 7945 | |
ashleymills | 0:e979170e02e7 | 7946 | switch (ctx->cipherType) { |
ashleymills | 0:e979170e02e7 | 7947 | |
ashleymills | 0:e979170e02e7 | 7948 | case AES_128_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 7949 | case AES_192_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 7950 | case AES_256_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 7951 | CYASSL_MSG("AES CBC"); |
ashleymills | 0:e979170e02e7 | 7952 | return AES_BLOCK_SIZE; |
ashleymills | 0:e979170e02e7 | 7953 | break; |
ashleymills | 0:e979170e02e7 | 7954 | |
ashleymills | 0:e979170e02e7 | 7955 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:e979170e02e7 | 7956 | case AES_128_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 7957 | case AES_192_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 7958 | case AES_256_CTR_TYPE : |
ashleymills | 0:e979170e02e7 | 7959 | CYASSL_MSG("AES CTR"); |
ashleymills | 0:e979170e02e7 | 7960 | return AES_BLOCK_SIZE; |
ashleymills | 0:e979170e02e7 | 7961 | break; |
ashleymills | 0:e979170e02e7 | 7962 | #endif |
ashleymills | 0:e979170e02e7 | 7963 | |
ashleymills | 0:e979170e02e7 | 7964 | case DES_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 7965 | CYASSL_MSG("DES CBC"); |
ashleymills | 0:e979170e02e7 | 7966 | return DES_BLOCK_SIZE; |
ashleymills | 0:e979170e02e7 | 7967 | break; |
ashleymills | 0:e979170e02e7 | 7968 | |
ashleymills | 0:e979170e02e7 | 7969 | case DES_EDE3_CBC_TYPE : |
ashleymills | 0:e979170e02e7 | 7970 | CYASSL_MSG("DES EDE3 CBC"); |
ashleymills | 0:e979170e02e7 | 7971 | return DES_BLOCK_SIZE; |
ashleymills | 0:e979170e02e7 | 7972 | break; |
ashleymills | 0:e979170e02e7 | 7973 | |
ashleymills | 0:e979170e02e7 | 7974 | case ARC4_TYPE : |
ashleymills | 0:e979170e02e7 | 7975 | CYASSL_MSG("ARC4"); |
ashleymills | 0:e979170e02e7 | 7976 | return 0; |
ashleymills | 0:e979170e02e7 | 7977 | break; |
ashleymills | 0:e979170e02e7 | 7978 | |
ashleymills | 0:e979170e02e7 | 7979 | case NULL_CIPHER_TYPE : |
ashleymills | 0:e979170e02e7 | 7980 | CYASSL_MSG("NULL"); |
ashleymills | 0:e979170e02e7 | 7981 | return 0; |
ashleymills | 0:e979170e02e7 | 7982 | break; |
ashleymills | 0:e979170e02e7 | 7983 | |
ashleymills | 0:e979170e02e7 | 7984 | default: { |
ashleymills | 0:e979170e02e7 | 7985 | CYASSL_MSG("bad type"); |
ashleymills | 0:e979170e02e7 | 7986 | } |
ashleymills | 0:e979170e02e7 | 7987 | } |
ashleymills | 0:e979170e02e7 | 7988 | return 0; |
ashleymills | 0:e979170e02e7 | 7989 | } |
ashleymills | 0:e979170e02e7 | 7990 | |
ashleymills | 0:e979170e02e7 | 7991 | |
ashleymills | 0:e979170e02e7 | 7992 | void CyaSSL_OPENSSL_free(void* p) |
ashleymills | 0:e979170e02e7 | 7993 | { |
ashleymills | 0:e979170e02e7 | 7994 | CYASSL_MSG("CyaSSL_OPENSSL_free"); |
ashleymills | 0:e979170e02e7 | 7995 | |
ashleymills | 0:e979170e02e7 | 7996 | XFREE(p, NULL, 0); |
ashleymills | 0:e979170e02e7 | 7997 | } |
ashleymills | 0:e979170e02e7 | 7998 | |
ashleymills | 0:e979170e02e7 | 7999 | |
ashleymills | 0:e979170e02e7 | 8000 | int CyaSSL_PEM_write_bio_RSAPrivateKey(CYASSL_BIO* bio, RSA* rsa, |
ashleymills | 0:e979170e02e7 | 8001 | const EVP_CIPHER* cipher, |
ashleymills | 0:e979170e02e7 | 8002 | unsigned char* passwd, int len, |
ashleymills | 0:e979170e02e7 | 8003 | pem_password_cb cb, void* arg) |
ashleymills | 0:e979170e02e7 | 8004 | { |
ashleymills | 0:e979170e02e7 | 8005 | (void)bio; |
ashleymills | 0:e979170e02e7 | 8006 | (void)rsa; |
ashleymills | 0:e979170e02e7 | 8007 | (void)cipher; |
ashleymills | 0:e979170e02e7 | 8008 | (void)passwd; |
ashleymills | 0:e979170e02e7 | 8009 | (void)len; |
ashleymills | 0:e979170e02e7 | 8010 | (void)cb; |
ashleymills | 0:e979170e02e7 | 8011 | (void)arg; |
ashleymills | 0:e979170e02e7 | 8012 | |
ashleymills | 0:e979170e02e7 | 8013 | CYASSL_MSG("CyaSSL_PEM_write_bio_RSAPrivateKey"); |
ashleymills | 0:e979170e02e7 | 8014 | |
ashleymills | 0:e979170e02e7 | 8015 | return -1; |
ashleymills | 0:e979170e02e7 | 8016 | } |
ashleymills | 0:e979170e02e7 | 8017 | |
ashleymills | 0:e979170e02e7 | 8018 | |
ashleymills | 0:e979170e02e7 | 8019 | |
ashleymills | 0:e979170e02e7 | 8020 | int CyaSSL_PEM_write_bio_DSAPrivateKey(CYASSL_BIO* bio, DSA* rsa, |
ashleymills | 0:e979170e02e7 | 8021 | const EVP_CIPHER* cipher, |
ashleymills | 0:e979170e02e7 | 8022 | unsigned char* passwd, int len, |
ashleymills | 0:e979170e02e7 | 8023 | pem_password_cb cb, void* arg) |
ashleymills | 0:e979170e02e7 | 8024 | { |
ashleymills | 0:e979170e02e7 | 8025 | (void)bio; |
ashleymills | 0:e979170e02e7 | 8026 | (void)rsa; |
ashleymills | 0:e979170e02e7 | 8027 | (void)cipher; |
ashleymills | 0:e979170e02e7 | 8028 | (void)passwd; |
ashleymills | 0:e979170e02e7 | 8029 | (void)len; |
ashleymills | 0:e979170e02e7 | 8030 | (void)cb; |
ashleymills | 0:e979170e02e7 | 8031 | (void)arg; |
ashleymills | 0:e979170e02e7 | 8032 | |
ashleymills | 0:e979170e02e7 | 8033 | CYASSL_MSG("CyaSSL_PEM_write_bio_DSAPrivateKey"); |
ashleymills | 0:e979170e02e7 | 8034 | |
ashleymills | 0:e979170e02e7 | 8035 | return -1; |
ashleymills | 0:e979170e02e7 | 8036 | } |
ashleymills | 0:e979170e02e7 | 8037 | |
ashleymills | 0:e979170e02e7 | 8038 | |
ashleymills | 0:e979170e02e7 | 8039 | |
ashleymills | 0:e979170e02e7 | 8040 | CYASSL_EVP_PKEY* CyaSSL_PEM_read_bio_PrivateKey(CYASSL_BIO* bio, |
ashleymills | 0:e979170e02e7 | 8041 | CYASSL_EVP_PKEY** key, pem_password_cb cb, void* arg) |
ashleymills | 0:e979170e02e7 | 8042 | { |
ashleymills | 0:e979170e02e7 | 8043 | (void)bio; |
ashleymills | 0:e979170e02e7 | 8044 | (void)key; |
ashleymills | 0:e979170e02e7 | 8045 | (void)cb; |
ashleymills | 0:e979170e02e7 | 8046 | (void)arg; |
ashleymills | 0:e979170e02e7 | 8047 | |
ashleymills | 0:e979170e02e7 | 8048 | CYASSL_MSG("CyaSSL_PEM_read_bio_PrivateKey"); |
ashleymills | 0:e979170e02e7 | 8049 | |
ashleymills | 0:e979170e02e7 | 8050 | return NULL; |
ashleymills | 0:e979170e02e7 | 8051 | } |
ashleymills | 0:e979170e02e7 | 8052 | |
ashleymills | 0:e979170e02e7 | 8053 | |
ashleymills | 0:e979170e02e7 | 8054 | |
ashleymills | 0:e979170e02e7 | 8055 | /* Return bytes written to buff or < 0 for error */ |
ashleymills | 0:e979170e02e7 | 8056 | int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff, |
ashleymills | 0:e979170e02e7 | 8057 | int buffSz, const char* pass) |
ashleymills | 0:e979170e02e7 | 8058 | { |
ashleymills | 0:e979170e02e7 | 8059 | EncryptedInfo info; |
ashleymills | 0:e979170e02e7 | 8060 | int eccKey = 0; |
ashleymills | 0:e979170e02e7 | 8061 | int ret; |
ashleymills | 0:e979170e02e7 | 8062 | buffer der; |
ashleymills | 0:e979170e02e7 | 8063 | |
ashleymills | 0:e979170e02e7 | 8064 | (void)pass; |
ashleymills | 0:e979170e02e7 | 8065 | |
ashleymills | 0:e979170e02e7 | 8066 | CYASSL_ENTER("CyaSSL_KeyPemToDer"); |
ashleymills | 0:e979170e02e7 | 8067 | |
ashleymills | 0:e979170e02e7 | 8068 | if (pem == NULL || buff == NULL || buffSz <= 0) { |
ashleymills | 0:e979170e02e7 | 8069 | CYASSL_MSG("Bad pem der args"); |
ashleymills | 0:e979170e02e7 | 8070 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 8071 | } |
ashleymills | 0:e979170e02e7 | 8072 | |
ashleymills | 0:e979170e02e7 | 8073 | info.set = 0; |
ashleymills | 0:e979170e02e7 | 8074 | info.ctx = NULL; |
ashleymills | 0:e979170e02e7 | 8075 | info.consumed = 0; |
ashleymills | 0:e979170e02e7 | 8076 | der.buffer = NULL; |
ashleymills | 0:e979170e02e7 | 8077 | |
ashleymills | 0:e979170e02e7 | 8078 | ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, &info, &eccKey); |
ashleymills | 0:e979170e02e7 | 8079 | if (ret < 0) { |
ashleymills | 0:e979170e02e7 | 8080 | CYASSL_MSG("Bad Pem To Der"); |
ashleymills | 0:e979170e02e7 | 8081 | } |
ashleymills | 0:e979170e02e7 | 8082 | else { |
ashleymills | 0:e979170e02e7 | 8083 | if (der.length <= (word32)buffSz) { |
ashleymills | 0:e979170e02e7 | 8084 | XMEMCPY(buff, der.buffer, der.length); |
ashleymills | 0:e979170e02e7 | 8085 | ret = der.length; |
ashleymills | 0:e979170e02e7 | 8086 | } |
ashleymills | 0:e979170e02e7 | 8087 | else { |
ashleymills | 0:e979170e02e7 | 8088 | CYASSL_MSG("Bad der length"); |
ashleymills | 0:e979170e02e7 | 8089 | ret = BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 8090 | } |
ashleymills | 0:e979170e02e7 | 8091 | } |
ashleymills | 0:e979170e02e7 | 8092 | |
ashleymills | 0:e979170e02e7 | 8093 | XFREE(der.buffer, NULL, DYANMIC_KEY_TYPE); |
ashleymills | 0:e979170e02e7 | 8094 | |
ashleymills | 0:e979170e02e7 | 8095 | return ret; |
ashleymills | 0:e979170e02e7 | 8096 | } |
ashleymills | 0:e979170e02e7 | 8097 | |
ashleymills | 0:e979170e02e7 | 8098 | |
ashleymills | 0:e979170e02e7 | 8099 | /* Load RSA from Der, 0 on success < 0 on error */ |
ashleymills | 0:e979170e02e7 | 8100 | int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz) |
ashleymills | 0:e979170e02e7 | 8101 | { |
ashleymills | 0:e979170e02e7 | 8102 | word32 idx = 0; |
ashleymills | 0:e979170e02e7 | 8103 | int ret; |
ashleymills | 0:e979170e02e7 | 8104 | |
ashleymills | 0:e979170e02e7 | 8105 | CYASSL_ENTER("CyaSSL_RSA_LoadDer"); |
ashleymills | 0:e979170e02e7 | 8106 | |
ashleymills | 0:e979170e02e7 | 8107 | if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) { |
ashleymills | 0:e979170e02e7 | 8108 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:e979170e02e7 | 8109 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 8110 | } |
ashleymills | 0:e979170e02e7 | 8111 | |
ashleymills | 0:e979170e02e7 | 8112 | ret = RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz); |
ashleymills | 0:e979170e02e7 | 8113 | if (ret < 0) { |
ashleymills | 0:e979170e02e7 | 8114 | CYASSL_MSG("RsaPrivateKeyDecode failed"); |
ashleymills | 0:e979170e02e7 | 8115 | return ret; |
ashleymills | 0:e979170e02e7 | 8116 | } |
ashleymills | 0:e979170e02e7 | 8117 | |
ashleymills | 0:e979170e02e7 | 8118 | if (SetRsaExternal(rsa) < 0) { |
ashleymills | 0:e979170e02e7 | 8119 | CYASSL_MSG("SetRsaExternal failed"); |
ashleymills | 0:e979170e02e7 | 8120 | return -1; |
ashleymills | 0:e979170e02e7 | 8121 | } |
ashleymills | 0:e979170e02e7 | 8122 | |
ashleymills | 0:e979170e02e7 | 8123 | rsa->inSet = 1; |
ashleymills | 0:e979170e02e7 | 8124 | |
ashleymills | 0:e979170e02e7 | 8125 | return 0; |
ashleymills | 0:e979170e02e7 | 8126 | } |
ashleymills | 0:e979170e02e7 | 8127 | |
ashleymills | 0:e979170e02e7 | 8128 | |
ashleymills | 0:e979170e02e7 | 8129 | /* Load DSA from Der, 0 on success < 0 on error */ |
ashleymills | 0:e979170e02e7 | 8130 | int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz) |
ashleymills | 0:e979170e02e7 | 8131 | { |
ashleymills | 0:e979170e02e7 | 8132 | word32 idx = 0; |
ashleymills | 0:e979170e02e7 | 8133 | int ret; |
ashleymills | 0:e979170e02e7 | 8134 | |
ashleymills | 0:e979170e02e7 | 8135 | CYASSL_ENTER("CyaSSL_DSA_LoadDer"); |
ashleymills | 0:e979170e02e7 | 8136 | |
ashleymills | 0:e979170e02e7 | 8137 | if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) { |
ashleymills | 0:e979170e02e7 | 8138 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:e979170e02e7 | 8139 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 8140 | } |
ashleymills | 0:e979170e02e7 | 8141 | |
ashleymills | 0:e979170e02e7 | 8142 | ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz); |
ashleymills | 0:e979170e02e7 | 8143 | if (ret < 0) { |
ashleymills | 0:e979170e02e7 | 8144 | CYASSL_MSG("DsaPrivateKeyDecode failed"); |
ashleymills | 0:e979170e02e7 | 8145 | return ret; |
ashleymills | 0:e979170e02e7 | 8146 | } |
ashleymills | 0:e979170e02e7 | 8147 | |
ashleymills | 0:e979170e02e7 | 8148 | if (SetDsaExternal(dsa) < 0) { |
ashleymills | 0:e979170e02e7 | 8149 | CYASSL_MSG("SetDsaExternal failed"); |
ashleymills | 0:e979170e02e7 | 8150 | return -1; |
ashleymills | 0:e979170e02e7 | 8151 | } |
ashleymills | 0:e979170e02e7 | 8152 | |
ashleymills | 0:e979170e02e7 | 8153 | dsa->inSet = 1; |
ashleymills | 0:e979170e02e7 | 8154 | |
ashleymills | 0:e979170e02e7 | 8155 | return 0; |
ashleymills | 0:e979170e02e7 | 8156 | } |
ashleymills | 0:e979170e02e7 | 8157 | |
ashleymills | 0:e979170e02e7 | 8158 | |
ashleymills | 0:e979170e02e7 | 8159 | |
ashleymills | 0:e979170e02e7 | 8160 | |
ashleymills | 0:e979170e02e7 | 8161 | |
ashleymills | 0:e979170e02e7 | 8162 | #endif /* OPENSSL_EXTRA */ |
ashleymills | 0:e979170e02e7 | 8163 | |
ashleymills | 0:e979170e02e7 | 8164 | |
ashleymills | 0:e979170e02e7 | 8165 | #ifdef SESSION_CERTS |
ashleymills | 0:e979170e02e7 | 8166 | |
ashleymills | 0:e979170e02e7 | 8167 | |
ashleymills | 0:e979170e02e7 | 8168 | /* Get peer's certificate chain */ |
ashleymills | 0:e979170e02e7 | 8169 | CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl) |
ashleymills | 0:e979170e02e7 | 8170 | { |
ashleymills | 0:e979170e02e7 | 8171 | CYASSL_ENTER("CyaSSL_get_peer_chain"); |
ashleymills | 0:e979170e02e7 | 8172 | if (ssl) |
ashleymills | 0:e979170e02e7 | 8173 | return &ssl->session.chain; |
ashleymills | 0:e979170e02e7 | 8174 | |
ashleymills | 0:e979170e02e7 | 8175 | return 0; |
ashleymills | 0:e979170e02e7 | 8176 | } |
ashleymills | 0:e979170e02e7 | 8177 | |
ashleymills | 0:e979170e02e7 | 8178 | |
ashleymills | 0:e979170e02e7 | 8179 | /* Get peer's certificate chain total count */ |
ashleymills | 0:e979170e02e7 | 8180 | int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain) |
ashleymills | 0:e979170e02e7 | 8181 | { |
ashleymills | 0:e979170e02e7 | 8182 | CYASSL_ENTER("CyaSSL_get_chain_count"); |
ashleymills | 0:e979170e02e7 | 8183 | if (chain) |
ashleymills | 0:e979170e02e7 | 8184 | return chain->count; |
ashleymills | 0:e979170e02e7 | 8185 | |
ashleymills | 0:e979170e02e7 | 8186 | return 0; |
ashleymills | 0:e979170e02e7 | 8187 | } |
ashleymills | 0:e979170e02e7 | 8188 | |
ashleymills | 0:e979170e02e7 | 8189 | |
ashleymills | 0:e979170e02e7 | 8190 | /* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */ |
ashleymills | 0:e979170e02e7 | 8191 | int CyaSSL_get_chain_length(CYASSL_X509_CHAIN* chain, int idx) |
ashleymills | 0:e979170e02e7 | 8192 | { |
ashleymills | 0:e979170e02e7 | 8193 | CYASSL_ENTER("CyaSSL_get_chain_length"); |
ashleymills | 0:e979170e02e7 | 8194 | if (chain) |
ashleymills | 0:e979170e02e7 | 8195 | return chain->certs[idx].length; |
ashleymills | 0:e979170e02e7 | 8196 | |
ashleymills | 0:e979170e02e7 | 8197 | return 0; |
ashleymills | 0:e979170e02e7 | 8198 | } |
ashleymills | 0:e979170e02e7 | 8199 | |
ashleymills | 0:e979170e02e7 | 8200 | |
ashleymills | 0:e979170e02e7 | 8201 | /* Get peer's ASN.1 DER ceritifcate at index (idx) */ |
ashleymills | 0:e979170e02e7 | 8202 | byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx) |
ashleymills | 0:e979170e02e7 | 8203 | { |
ashleymills | 0:e979170e02e7 | 8204 | CYASSL_ENTER("CyaSSL_get_chain_cert"); |
ashleymills | 0:e979170e02e7 | 8205 | if (chain) |
ashleymills | 0:e979170e02e7 | 8206 | return chain->certs[idx].buffer; |
ashleymills | 0:e979170e02e7 | 8207 | |
ashleymills | 0:e979170e02e7 | 8208 | return 0; |
ashleymills | 0:e979170e02e7 | 8209 | } |
ashleymills | 0:e979170e02e7 | 8210 | |
ashleymills | 0:e979170e02e7 | 8211 | |
ashleymills | 0:e979170e02e7 | 8212 | /* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big |
ashleymills | 0:e979170e02e7 | 8213 | enough else return error (-1), output length is in *outLen */ |
ashleymills | 0:e979170e02e7 | 8214 | int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx, |
ashleymills | 0:e979170e02e7 | 8215 | unsigned char* buf, int inLen, int* outLen) |
ashleymills | 0:e979170e02e7 | 8216 | { |
ashleymills | 0:e979170e02e7 | 8217 | const char header[] = "-----BEGIN CERTIFICATE-----\n"; |
ashleymills | 0:e979170e02e7 | 8218 | const char footer[] = "-----END CERTIFICATE-----\n"; |
ashleymills | 0:e979170e02e7 | 8219 | |
ashleymills | 0:e979170e02e7 | 8220 | int headerLen = sizeof(header) - 1; |
ashleymills | 0:e979170e02e7 | 8221 | int footerLen = sizeof(footer) - 1; |
ashleymills | 0:e979170e02e7 | 8222 | int i; |
ashleymills | 0:e979170e02e7 | 8223 | int err; |
ashleymills | 0:e979170e02e7 | 8224 | |
ashleymills | 0:e979170e02e7 | 8225 | CYASSL_ENTER("CyaSSL_get_chain_cert_pem"); |
ashleymills | 0:e979170e02e7 | 8226 | if (!chain || !outLen || !buf) |
ashleymills | 0:e979170e02e7 | 8227 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 8228 | |
ashleymills | 0:e979170e02e7 | 8229 | /* don't even try if inLen too short */ |
ashleymills | 0:e979170e02e7 | 8230 | if (inLen < headerLen + footerLen + chain->certs[idx].length) |
ashleymills | 0:e979170e02e7 | 8231 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 8232 | |
ashleymills | 0:e979170e02e7 | 8233 | /* header */ |
ashleymills | 0:e979170e02e7 | 8234 | XMEMCPY(buf, header, headerLen); |
ashleymills | 0:e979170e02e7 | 8235 | i = headerLen; |
ashleymills | 0:e979170e02e7 | 8236 | |
ashleymills | 0:e979170e02e7 | 8237 | /* body */ |
ashleymills | 0:e979170e02e7 | 8238 | *outLen = inLen; /* input to Base64_Encode */ |
ashleymills | 0:e979170e02e7 | 8239 | if ( (err = Base64_Encode(chain->certs[idx].buffer, |
ashleymills | 0:e979170e02e7 | 8240 | chain->certs[idx].length, buf + i, (word32*)outLen)) < 0) |
ashleymills | 0:e979170e02e7 | 8241 | return err; |
ashleymills | 0:e979170e02e7 | 8242 | i += *outLen; |
ashleymills | 0:e979170e02e7 | 8243 | |
ashleymills | 0:e979170e02e7 | 8244 | /* footer */ |
ashleymills | 0:e979170e02e7 | 8245 | if ( (i + footerLen) > inLen) |
ashleymills | 0:e979170e02e7 | 8246 | return BAD_FUNC_ARG; |
ashleymills | 0:e979170e02e7 | 8247 | XMEMCPY(buf + i, footer, footerLen); |
ashleymills | 0:e979170e02e7 | 8248 | *outLen += headerLen + footerLen; |
ashleymills | 0:e979170e02e7 | 8249 | |
ashleymills | 0:e979170e02e7 | 8250 | return 0; |
ashleymills | 0:e979170e02e7 | 8251 | } |
ashleymills | 0:e979170e02e7 | 8252 | |
ashleymills | 0:e979170e02e7 | 8253 | |
ashleymills | 0:e979170e02e7 | 8254 | /* get session ID */ |
ashleymills | 0:e979170e02e7 | 8255 | const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session) |
ashleymills | 0:e979170e02e7 | 8256 | { |
ashleymills | 0:e979170e02e7 | 8257 | CYASSL_ENTER("CyaSSL_get_sessionID"); |
ashleymills | 0:e979170e02e7 | 8258 | if (session) |
ashleymills | 0:e979170e02e7 | 8259 | return session->sessionID; |
ashleymills | 0:e979170e02e7 | 8260 | |
ashleymills | 0:e979170e02e7 | 8261 | return NULL; |
ashleymills | 0:e979170e02e7 | 8262 | } |
ashleymills | 0:e979170e02e7 | 8263 | |
ashleymills | 0:e979170e02e7 | 8264 | |
ashleymills | 0:e979170e02e7 | 8265 | #endif /* SESSION_CERTS */ |
ashleymills | 0:e979170e02e7 | 8266 | |
ashleymills | 0:e979170e02e7 | 8267 | |
ashleymills | 0:e979170e02e7 | 8268 | long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options) |
ashleymills | 0:e979170e02e7 | 8269 | { |
ashleymills | 0:e979170e02e7 | 8270 | CYASSL_ENTER("CyaSSL_CTX_OCSP_set_options"); |
ashleymills | 0:e979170e02e7 | 8271 | #ifdef HAVE_OCSP |
ashleymills | 0:e979170e02e7 | 8272 | if (ctx != NULL) { |
ashleymills | 0:e979170e02e7 | 8273 | ctx->ocsp.enabled = (options & CYASSL_OCSP_ENABLE) != 0; |
ashleymills | 0:e979170e02e7 | 8274 | ctx->ocsp.useOverrideUrl = (options & CYASSL_OCSP_URL_OVERRIDE) != 0; |
ashleymills | 0:e979170e02e7 | 8275 | ctx->ocsp.useNonce = (options & CYASSL_OCSP_NO_NONCE) == 0; |
ashleymills | 0:e979170e02e7 | 8276 | return 1; |
ashleymills | 0:e979170e02e7 | 8277 | } |
ashleymills | 0:e979170e02e7 | 8278 | return 0; |
ashleymills | 0:e979170e02e7 | 8279 | #else |
ashleymills | 0:e979170e02e7 | 8280 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 8281 | (void)options; |
ashleymills | 0:e979170e02e7 | 8282 | return NOT_COMPILED_IN; |
ashleymills | 0:e979170e02e7 | 8283 | #endif |
ashleymills | 0:e979170e02e7 | 8284 | } |
ashleymills | 0:e979170e02e7 | 8285 | |
ashleymills | 0:e979170e02e7 | 8286 | |
ashleymills | 0:e979170e02e7 | 8287 | int CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX* ctx, const char* url) |
ashleymills | 0:e979170e02e7 | 8288 | { |
ashleymills | 0:e979170e02e7 | 8289 | CYASSL_ENTER("CyaSSL_CTX_OCSP_set_override_url"); |
ashleymills | 0:e979170e02e7 | 8290 | #ifdef HAVE_OCSP |
ashleymills | 0:e979170e02e7 | 8291 | return CyaSSL_OCSP_set_override_url(&ctx->ocsp, url); |
ashleymills | 0:e979170e02e7 | 8292 | #else |
ashleymills | 0:e979170e02e7 | 8293 | (void)ctx; |
ashleymills | 0:e979170e02e7 | 8294 | (void)url; |
ashleymills | 0:e979170e02e7 | 8295 | return NOT_COMPILED_IN; |
ashleymills | 0:e979170e02e7 | 8296 | #endif |
ashleymills | 0:e979170e02e7 | 8297 | } |
ashleymills | 0:e979170e02e7 | 8298 | |
ashleymills | 0:e979170e02e7 | 8299 |