Fork of CyaSSL for my specific settings

Dependents:   CyaSSL_Example

Fork of CyaSSL by wolf SSL

Committer:
wolfSSL
Date:
Sat Jul 12 07:18:23 2014 +0000
Revision:
0:1239e9b70ca2
CyaSSL 3.0.0;

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:1239e9b70ca2 1 /* ssl.c
wolfSSL 0:1239e9b70ca2 2 *
wolfSSL 0:1239e9b70ca2 3 * Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL 0:1239e9b70ca2 4 *
wolfSSL 0:1239e9b70ca2 5 * This file is part of CyaSSL.
wolfSSL 0:1239e9b70ca2 6 *
wolfSSL 0:1239e9b70ca2 7 * CyaSSL is free software; you can redistribute it and/or modify
wolfSSL 0:1239e9b70ca2 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:1239e9b70ca2 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:1239e9b70ca2 10 * (at your option) any later version.
wolfSSL 0:1239e9b70ca2 11 *
wolfSSL 0:1239e9b70ca2 12 * CyaSSL is distributed in the hope that it will be useful,
wolfSSL 0:1239e9b70ca2 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:1239e9b70ca2 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:1239e9b70ca2 15 * GNU General Public License for more details.
wolfSSL 0:1239e9b70ca2 16 *
wolfSSL 0:1239e9b70ca2 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:1239e9b70ca2 18 * along with this program; if not, write to the Free Software
wolfSSL 0:1239e9b70ca2 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:1239e9b70ca2 20 */
wolfSSL 0:1239e9b70ca2 21
wolfSSL 0:1239e9b70ca2 22 #ifdef HAVE_CONFIG_H
wolfSSL 0:1239e9b70ca2 23 #include <config.h>
wolfSSL 0:1239e9b70ca2 24 #endif
wolfSSL 0:1239e9b70ca2 25
wolfSSL 0:1239e9b70ca2 26 #include <cyassl/ctaocrypt/settings.h>
wolfSSL 0:1239e9b70ca2 27
wolfSSL 0:1239e9b70ca2 28 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 29 #include <errno.h>
wolfSSL 0:1239e9b70ca2 30 #endif
wolfSSL 0:1239e9b70ca2 31
wolfSSL 0:1239e9b70ca2 32
wolfSSL 0:1239e9b70ca2 33 #include <cyassl/ssl.h>
wolfSSL 0:1239e9b70ca2 34 #include <cyassl/internal.h>
wolfSSL 0:1239e9b70ca2 35 #include <cyassl/error-ssl.h>
wolfSSL 0:1239e9b70ca2 36 #include <cyassl/ctaocrypt/coding.h>
wolfSSL 0:1239e9b70ca2 37
wolfSSL 0:1239e9b70ca2 38 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 39 #include <cyassl/openssl/evp.h>
wolfSSL 0:1239e9b70ca2 40 #endif
wolfSSL 0:1239e9b70ca2 41
wolfSSL 0:1239e9b70ca2 42 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 43 /* openssl headers begin */
wolfSSL 0:1239e9b70ca2 44 #include <cyassl/openssl/hmac.h>
wolfSSL 0:1239e9b70ca2 45 #include <cyassl/openssl/crypto.h>
wolfSSL 0:1239e9b70ca2 46 #include <cyassl/openssl/des.h>
wolfSSL 0:1239e9b70ca2 47 #include <cyassl/openssl/bn.h>
wolfSSL 0:1239e9b70ca2 48 #include <cyassl/openssl/dh.h>
wolfSSL 0:1239e9b70ca2 49 #include <cyassl/openssl/rsa.h>
wolfSSL 0:1239e9b70ca2 50 #include <cyassl/openssl/pem.h>
wolfSSL 0:1239e9b70ca2 51 /* openssl headers end, cyassl internal headers next */
wolfSSL 0:1239e9b70ca2 52 #include <cyassl/ctaocrypt/hmac.h>
wolfSSL 0:1239e9b70ca2 53 #include <cyassl/ctaocrypt/random.h>
wolfSSL 0:1239e9b70ca2 54 #include <cyassl/ctaocrypt/des3.h>
wolfSSL 0:1239e9b70ca2 55 #include <cyassl/ctaocrypt/md4.h>
wolfSSL 0:1239e9b70ca2 56 #include <cyassl/ctaocrypt/md5.h>
wolfSSL 0:1239e9b70ca2 57 #include <cyassl/ctaocrypt/arc4.h>
wolfSSL 0:1239e9b70ca2 58 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 59 #include <cyassl/ctaocrypt/sha512.h>
wolfSSL 0:1239e9b70ca2 60 #endif
wolfSSL 0:1239e9b70ca2 61 #endif
wolfSSL 0:1239e9b70ca2 62
wolfSSL 0:1239e9b70ca2 63 #ifndef NO_FILESYSTEM
wolfSSL 0:1239e9b70ca2 64 #if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \
wolfSSL 0:1239e9b70ca2 65 && !defined(EBSNET)
wolfSSL 0:1239e9b70ca2 66 #include <dirent.h>
wolfSSL 0:1239e9b70ca2 67 #include <sys/stat.h>
wolfSSL 0:1239e9b70ca2 68 #endif
wolfSSL 0:1239e9b70ca2 69 #ifdef EBSNET
wolfSSL 0:1239e9b70ca2 70 #include "vfapi.h"
wolfSSL 0:1239e9b70ca2 71 #include "vfile.h"
wolfSSL 0:1239e9b70ca2 72 #endif
wolfSSL 0:1239e9b70ca2 73 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 74
wolfSSL 0:1239e9b70ca2 75 #ifndef TRUE
wolfSSL 0:1239e9b70ca2 76 #define TRUE 1
wolfSSL 0:1239e9b70ca2 77 #endif
wolfSSL 0:1239e9b70ca2 78 #ifndef FALSE
wolfSSL 0:1239e9b70ca2 79 #define FALSE 0
wolfSSL 0:1239e9b70ca2 80 #endif
wolfSSL 0:1239e9b70ca2 81
wolfSSL 0:1239e9b70ca2 82 #ifndef min
wolfSSL 0:1239e9b70ca2 83
wolfSSL 0:1239e9b70ca2 84 static INLINE word32 min(word32 a, word32 b)
wolfSSL 0:1239e9b70ca2 85 {
wolfSSL 0:1239e9b70ca2 86 return a > b ? b : a;
wolfSSL 0:1239e9b70ca2 87 }
wolfSSL 0:1239e9b70ca2 88
wolfSSL 0:1239e9b70ca2 89 #endif /* min */
wolfSSL 0:1239e9b70ca2 90
wolfSSL 0:1239e9b70ca2 91 #ifndef max
wolfSSL 0:1239e9b70ca2 92 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 93 static INLINE word32 max(word32 a, word32 b)
wolfSSL 0:1239e9b70ca2 94 {
wolfSSL 0:1239e9b70ca2 95 return a > b ? a : b;
wolfSSL 0:1239e9b70ca2 96 }
wolfSSL 0:1239e9b70ca2 97 #endif
wolfSSL 0:1239e9b70ca2 98 #endif /* min */
wolfSSL 0:1239e9b70ca2 99
wolfSSL 0:1239e9b70ca2 100
wolfSSL 0:1239e9b70ca2 101 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 102 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
wolfSSL 0:1239e9b70ca2 103 {
wolfSSL 0:1239e9b70ca2 104 unsigned int s2_len = (unsigned int)XSTRLEN(s2);
wolfSSL 0:1239e9b70ca2 105
wolfSSL 0:1239e9b70ca2 106 if (s2_len == 0)
wolfSSL 0:1239e9b70ca2 107 return (char*)s1;
wolfSSL 0:1239e9b70ca2 108
wolfSSL 0:1239e9b70ca2 109 while (n >= s2_len && s1[0]) {
wolfSSL 0:1239e9b70ca2 110 if (s1[0] == s2[0])
wolfSSL 0:1239e9b70ca2 111 if (XMEMCMP(s1, s2, s2_len) == 0)
wolfSSL 0:1239e9b70ca2 112 return (char*)s1;
wolfSSL 0:1239e9b70ca2 113 s1++;
wolfSSL 0:1239e9b70ca2 114 n--;
wolfSSL 0:1239e9b70ca2 115 }
wolfSSL 0:1239e9b70ca2 116
wolfSSL 0:1239e9b70ca2 117 return NULL;
wolfSSL 0:1239e9b70ca2 118 }
wolfSSL 0:1239e9b70ca2 119 #endif
wolfSSL 0:1239e9b70ca2 120
wolfSSL 0:1239e9b70ca2 121
wolfSSL 0:1239e9b70ca2 122 /* prevent multiple mutex initializations */
wolfSSL 0:1239e9b70ca2 123 static volatile int initRefCount = 0;
wolfSSL 0:1239e9b70ca2 124 static CyaSSL_Mutex count_mutex; /* init ref count mutex */
wolfSSL 0:1239e9b70ca2 125
wolfSSL 0:1239e9b70ca2 126
wolfSSL 0:1239e9b70ca2 127 CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD* method)
wolfSSL 0:1239e9b70ca2 128 {
wolfSSL 0:1239e9b70ca2 129 CYASSL_CTX* ctx = NULL;
wolfSSL 0:1239e9b70ca2 130
wolfSSL 0:1239e9b70ca2 131 CYASSL_ENTER("CYASSL_CTX_new");
wolfSSL 0:1239e9b70ca2 132
wolfSSL 0:1239e9b70ca2 133 if (initRefCount == 0)
wolfSSL 0:1239e9b70ca2 134 CyaSSL_Init(); /* user no longer forced to call Init themselves */
wolfSSL 0:1239e9b70ca2 135
wolfSSL 0:1239e9b70ca2 136 if (method == NULL)
wolfSSL 0:1239e9b70ca2 137 return ctx;
wolfSSL 0:1239e9b70ca2 138
wolfSSL 0:1239e9b70ca2 139 ctx = (CYASSL_CTX*) XMALLOC(sizeof(CYASSL_CTX), 0, DYNAMIC_TYPE_CTX);
wolfSSL 0:1239e9b70ca2 140 if (ctx) {
wolfSSL 0:1239e9b70ca2 141 if (InitSSL_Ctx(ctx, method) < 0) {
wolfSSL 0:1239e9b70ca2 142 CYASSL_MSG("Init CTX failed");
wolfSSL 0:1239e9b70ca2 143 CyaSSL_CTX_free(ctx);
wolfSSL 0:1239e9b70ca2 144 ctx = NULL;
wolfSSL 0:1239e9b70ca2 145 }
wolfSSL 0:1239e9b70ca2 146 }
wolfSSL 0:1239e9b70ca2 147 else {
wolfSSL 0:1239e9b70ca2 148 CYASSL_MSG("Alloc CTX failed, method freed");
wolfSSL 0:1239e9b70ca2 149 XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 150 }
wolfSSL 0:1239e9b70ca2 151
wolfSSL 0:1239e9b70ca2 152 CYASSL_LEAVE("CYASSL_CTX_new", 0);
wolfSSL 0:1239e9b70ca2 153 return ctx;
wolfSSL 0:1239e9b70ca2 154 }
wolfSSL 0:1239e9b70ca2 155
wolfSSL 0:1239e9b70ca2 156
wolfSSL 0:1239e9b70ca2 157 void CyaSSL_CTX_free(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 158 {
wolfSSL 0:1239e9b70ca2 159 CYASSL_ENTER("SSL_CTX_free");
wolfSSL 0:1239e9b70ca2 160 if (ctx)
wolfSSL 0:1239e9b70ca2 161 FreeSSL_Ctx(ctx);
wolfSSL 0:1239e9b70ca2 162 CYASSL_LEAVE("SSL_CTX_free", 0);
wolfSSL 0:1239e9b70ca2 163 }
wolfSSL 0:1239e9b70ca2 164
wolfSSL 0:1239e9b70ca2 165
wolfSSL 0:1239e9b70ca2 166 CYASSL* CyaSSL_new(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 167 {
wolfSSL 0:1239e9b70ca2 168 CYASSL* ssl = NULL;
wolfSSL 0:1239e9b70ca2 169 int ret = 0;
wolfSSL 0:1239e9b70ca2 170
wolfSSL 0:1239e9b70ca2 171 (void)ret;
wolfSSL 0:1239e9b70ca2 172 CYASSL_ENTER("SSL_new");
wolfSSL 0:1239e9b70ca2 173
wolfSSL 0:1239e9b70ca2 174 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 175 return ssl;
wolfSSL 0:1239e9b70ca2 176
wolfSSL 0:1239e9b70ca2 177 ssl = (CYASSL*) XMALLOC(sizeof(CYASSL), ctx->heap,DYNAMIC_TYPE_SSL);
wolfSSL 0:1239e9b70ca2 178 if (ssl)
wolfSSL 0:1239e9b70ca2 179 if ( (ret = InitSSL(ssl, ctx)) < 0) {
wolfSSL 0:1239e9b70ca2 180 FreeSSL(ssl);
wolfSSL 0:1239e9b70ca2 181 ssl = 0;
wolfSSL 0:1239e9b70ca2 182 }
wolfSSL 0:1239e9b70ca2 183
wolfSSL 0:1239e9b70ca2 184 CYASSL_LEAVE("SSL_new", ret);
wolfSSL 0:1239e9b70ca2 185 return ssl;
wolfSSL 0:1239e9b70ca2 186 }
wolfSSL 0:1239e9b70ca2 187
wolfSSL 0:1239e9b70ca2 188
wolfSSL 0:1239e9b70ca2 189 void CyaSSL_free(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 190 {
wolfSSL 0:1239e9b70ca2 191 CYASSL_ENTER("SSL_free");
wolfSSL 0:1239e9b70ca2 192 if (ssl)
wolfSSL 0:1239e9b70ca2 193 FreeSSL(ssl);
wolfSSL 0:1239e9b70ca2 194 CYASSL_LEAVE("SSL_free", 0);
wolfSSL 0:1239e9b70ca2 195 }
wolfSSL 0:1239e9b70ca2 196
wolfSSL 0:1239e9b70ca2 197
wolfSSL 0:1239e9b70ca2 198 int CyaSSL_set_fd(CYASSL* ssl, int fd)
wolfSSL 0:1239e9b70ca2 199 {
wolfSSL 0:1239e9b70ca2 200 CYASSL_ENTER("SSL_set_fd");
wolfSSL 0:1239e9b70ca2 201 ssl->rfd = fd; /* not used directly to allow IO callbacks */
wolfSSL 0:1239e9b70ca2 202 ssl->wfd = fd;
wolfSSL 0:1239e9b70ca2 203
wolfSSL 0:1239e9b70ca2 204 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 0:1239e9b70ca2 205 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 0:1239e9b70ca2 206
wolfSSL 0:1239e9b70ca2 207 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 208 if (ssl->options.dtls) {
wolfSSL 0:1239e9b70ca2 209 ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
wolfSSL 0:1239e9b70ca2 210 ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
wolfSSL 0:1239e9b70ca2 211 ssl->buffers.dtlsCtx.fd = fd;
wolfSSL 0:1239e9b70ca2 212 }
wolfSSL 0:1239e9b70ca2 213 #endif
wolfSSL 0:1239e9b70ca2 214
wolfSSL 0:1239e9b70ca2 215 CYASSL_LEAVE("SSL_set_fd", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 216 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 217 }
wolfSSL 0:1239e9b70ca2 218
wolfSSL 0:1239e9b70ca2 219
wolfSSL 0:1239e9b70ca2 220 int CyaSSL_get_fd(const CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 221 {
wolfSSL 0:1239e9b70ca2 222 CYASSL_ENTER("SSL_get_fd");
wolfSSL 0:1239e9b70ca2 223 CYASSL_LEAVE("SSL_get_fd", ssl->rfd);
wolfSSL 0:1239e9b70ca2 224 return ssl->rfd;
wolfSSL 0:1239e9b70ca2 225 }
wolfSSL 0:1239e9b70ca2 226
wolfSSL 0:1239e9b70ca2 227
wolfSSL 0:1239e9b70ca2 228 int CyaSSL_get_using_nonblock(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 229 {
wolfSSL 0:1239e9b70ca2 230 CYASSL_ENTER("CyaSSL_get_using_nonblock");
wolfSSL 0:1239e9b70ca2 231 CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock);
wolfSSL 0:1239e9b70ca2 232 return ssl->options.usingNonblock;
wolfSSL 0:1239e9b70ca2 233 }
wolfSSL 0:1239e9b70ca2 234
wolfSSL 0:1239e9b70ca2 235
wolfSSL 0:1239e9b70ca2 236 int CyaSSL_dtls(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 237 {
wolfSSL 0:1239e9b70ca2 238 return ssl->options.dtls;
wolfSSL 0:1239e9b70ca2 239 }
wolfSSL 0:1239e9b70ca2 240
wolfSSL 0:1239e9b70ca2 241
wolfSSL 0:1239e9b70ca2 242 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 243 void CyaSSL_set_using_nonblock(CYASSL* ssl, int nonblock)
wolfSSL 0:1239e9b70ca2 244 {
wolfSSL 0:1239e9b70ca2 245 CYASSL_ENTER("CyaSSL_set_using_nonblock");
wolfSSL 0:1239e9b70ca2 246 ssl->options.usingNonblock = (nonblock != 0);
wolfSSL 0:1239e9b70ca2 247 }
wolfSSL 0:1239e9b70ca2 248
wolfSSL 0:1239e9b70ca2 249
wolfSSL 0:1239e9b70ca2 250 int CyaSSL_dtls_set_peer(CYASSL* ssl, void* peer, unsigned int peerSz)
wolfSSL 0:1239e9b70ca2 251 {
wolfSSL 0:1239e9b70ca2 252 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 253 void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL 0:1239e9b70ca2 254 if (sa != NULL) {
wolfSSL 0:1239e9b70ca2 255 XMEMCPY(sa, peer, peerSz);
wolfSSL 0:1239e9b70ca2 256 ssl->buffers.dtlsCtx.peer.sa = sa;
wolfSSL 0:1239e9b70ca2 257 ssl->buffers.dtlsCtx.peer.sz = peerSz;
wolfSSL 0:1239e9b70ca2 258 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 259 }
wolfSSL 0:1239e9b70ca2 260 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 261 #else
wolfSSL 0:1239e9b70ca2 262 (void)ssl;
wolfSSL 0:1239e9b70ca2 263 (void)peer;
wolfSSL 0:1239e9b70ca2 264 (void)peerSz;
wolfSSL 0:1239e9b70ca2 265 return SSL_NOT_IMPLEMENTED;
wolfSSL 0:1239e9b70ca2 266 #endif
wolfSSL 0:1239e9b70ca2 267 }
wolfSSL 0:1239e9b70ca2 268
wolfSSL 0:1239e9b70ca2 269 int CyaSSL_dtls_get_peer(CYASSL* ssl, void* peer, unsigned int* peerSz)
wolfSSL 0:1239e9b70ca2 270 {
wolfSSL 0:1239e9b70ca2 271 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 272 if (peer != NULL && peerSz != NULL
wolfSSL 0:1239e9b70ca2 273 && *peerSz >= ssl->buffers.dtlsCtx.peer.sz) {
wolfSSL 0:1239e9b70ca2 274 *peerSz = ssl->buffers.dtlsCtx.peer.sz;
wolfSSL 0:1239e9b70ca2 275 XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
wolfSSL 0:1239e9b70ca2 276 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 277 }
wolfSSL 0:1239e9b70ca2 278 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 279 #else
wolfSSL 0:1239e9b70ca2 280 (void)ssl;
wolfSSL 0:1239e9b70ca2 281 (void)peer;
wolfSSL 0:1239e9b70ca2 282 (void)peerSz;
wolfSSL 0:1239e9b70ca2 283 return SSL_NOT_IMPLEMENTED;
wolfSSL 0:1239e9b70ca2 284 #endif
wolfSSL 0:1239e9b70ca2 285 }
wolfSSL 0:1239e9b70ca2 286 #endif /* CYASSL_LEANPSK */
wolfSSL 0:1239e9b70ca2 287
wolfSSL 0:1239e9b70ca2 288
wolfSSL 0:1239e9b70ca2 289 /* return underlyig connect or accept, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 290 int CyaSSL_negotiate(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 291 {
wolfSSL 0:1239e9b70ca2 292 int err = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 293
wolfSSL 0:1239e9b70ca2 294 CYASSL_ENTER("CyaSSL_negotiate");
wolfSSL 0:1239e9b70ca2 295 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 296 if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 297 err = CyaSSL_accept(ssl);
wolfSSL 0:1239e9b70ca2 298 #endif
wolfSSL 0:1239e9b70ca2 299
wolfSSL 0:1239e9b70ca2 300 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 301 if (ssl->options.side == CYASSL_CLIENT_END)
wolfSSL 0:1239e9b70ca2 302 err = CyaSSL_connect(ssl);
wolfSSL 0:1239e9b70ca2 303 #endif
wolfSSL 0:1239e9b70ca2 304
wolfSSL 0:1239e9b70ca2 305 CYASSL_LEAVE("CyaSSL_negotiate", err);
wolfSSL 0:1239e9b70ca2 306
wolfSSL 0:1239e9b70ca2 307 return err;
wolfSSL 0:1239e9b70ca2 308 }
wolfSSL 0:1239e9b70ca2 309
wolfSSL 0:1239e9b70ca2 310
wolfSSL 0:1239e9b70ca2 311 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 312 /* object size based on build */
wolfSSL 0:1239e9b70ca2 313 int CyaSSL_GetObjectSize(void)
wolfSSL 0:1239e9b70ca2 314 {
wolfSSL 0:1239e9b70ca2 315 #ifdef SHOW_SIZES
wolfSSL 0:1239e9b70ca2 316 printf("sizeof suites = %lu\n", sizeof(Suites));
wolfSSL 0:1239e9b70ca2 317 printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
wolfSSL 0:1239e9b70ca2 318 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 319 printf(" sizeof arc4 = %lu\n", sizeof(Arc4));
wolfSSL 0:1239e9b70ca2 320 #endif
wolfSSL 0:1239e9b70ca2 321 printf(" sizeof aes = %lu\n", sizeof(Aes));
wolfSSL 0:1239e9b70ca2 322 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 323 printf(" sizeof des3 = %lu\n", sizeof(Des3));
wolfSSL 0:1239e9b70ca2 324 #endif
wolfSSL 0:1239e9b70ca2 325 #ifndef NO_RABBIT
wolfSSL 0:1239e9b70ca2 326 printf(" sizeof rabbit = %lu\n", sizeof(Rabbit));
wolfSSL 0:1239e9b70ca2 327 #endif
wolfSSL 0:1239e9b70ca2 328 printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
wolfSSL 0:1239e9b70ca2 329 printf("sizeof keys = %lu\n", sizeof(Keys));
wolfSSL 0:1239e9b70ca2 330 printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
wolfSSL 0:1239e9b70ca2 331 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 332 printf(" sizeof MD5 = %lu\n", sizeof(Md5));
wolfSSL 0:1239e9b70ca2 333 #endif
wolfSSL 0:1239e9b70ca2 334 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 335 printf(" sizeof SHA = %lu\n", sizeof(Sha));
wolfSSL 0:1239e9b70ca2 336 #endif
wolfSSL 0:1239e9b70ca2 337 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 338 printf(" sizeof SHA256 = %lu\n", sizeof(Sha256));
wolfSSL 0:1239e9b70ca2 339 #endif
wolfSSL 0:1239e9b70ca2 340 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 341 printf(" sizeof SHA384 = %lu\n", sizeof(Sha384));
wolfSSL 0:1239e9b70ca2 342 #endif
wolfSSL 0:1239e9b70ca2 343 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 344 printf(" sizeof SHA512 = %lu\n", sizeof(Sha512));
wolfSSL 0:1239e9b70ca2 345 #endif
wolfSSL 0:1239e9b70ca2 346 printf("sizeof Buffers = %lu\n", sizeof(Buffers));
wolfSSL 0:1239e9b70ca2 347 printf("sizeof Options = %lu\n", sizeof(Options));
wolfSSL 0:1239e9b70ca2 348 printf("sizeof Arrays = %lu\n", sizeof(Arrays));
wolfSSL 0:1239e9b70ca2 349 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 350 printf("sizeof RsaKey = %lu\n", sizeof(RsaKey));
wolfSSL 0:1239e9b70ca2 351 #endif
wolfSSL 0:1239e9b70ca2 352 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 353 printf("sizeof ecc_key = %lu\n", sizeof(ecc_key));
wolfSSL 0:1239e9b70ca2 354 #endif
wolfSSL 0:1239e9b70ca2 355 printf("sizeof CYASSL_CIPHER = %lu\n", sizeof(CYASSL_CIPHER));
wolfSSL 0:1239e9b70ca2 356 printf("sizeof CYASSL_SESSION = %lu\n", sizeof(CYASSL_SESSION));
wolfSSL 0:1239e9b70ca2 357 printf("sizeof CYASSL = %lu\n", sizeof(CYASSL));
wolfSSL 0:1239e9b70ca2 358 printf("sizeof CYASSL_CTX = %lu\n", sizeof(CYASSL_CTX));
wolfSSL 0:1239e9b70ca2 359 #endif
wolfSSL 0:1239e9b70ca2 360
wolfSSL 0:1239e9b70ca2 361 return sizeof(CYASSL);
wolfSSL 0:1239e9b70ca2 362 }
wolfSSL 0:1239e9b70ca2 363 #endif
wolfSSL 0:1239e9b70ca2 364
wolfSSL 0:1239e9b70ca2 365 /* XXX should be NO_DH */
wolfSSL 0:1239e9b70ca2 366 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 367 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 368 int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
wolfSSL 0:1239e9b70ca2 369 const unsigned char* g, int gSz)
wolfSSL 0:1239e9b70ca2 370 {
wolfSSL 0:1239e9b70ca2 371 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 372 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 373
wolfSSL 0:1239e9b70ca2 374 CYASSL_ENTER("CyaSSL_SetTmpDH");
wolfSSL 0:1239e9b70ca2 375 if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 376
wolfSSL 0:1239e9b70ca2 377 if (ssl->options.side != CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 378 return SIDE_ERROR;
wolfSSL 0:1239e9b70ca2 379
wolfSSL 0:1239e9b70ca2 380 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH)
wolfSSL 0:1239e9b70ca2 381 XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 382 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH)
wolfSSL 0:1239e9b70ca2 383 XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 384
wolfSSL 0:1239e9b70ca2 385 ssl->buffers.weOwnDH = 1; /* SSL owns now */
wolfSSL 0:1239e9b70ca2 386 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap,
wolfSSL 0:1239e9b70ca2 387 DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 388 if (ssl->buffers.serverDH_P.buffer == NULL)
wolfSSL 0:1239e9b70ca2 389 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 390
wolfSSL 0:1239e9b70ca2 391 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap,
wolfSSL 0:1239e9b70ca2 392 DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 393 if (ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL 0:1239e9b70ca2 394 XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 395 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 396 }
wolfSSL 0:1239e9b70ca2 397
wolfSSL 0:1239e9b70ca2 398 ssl->buffers.serverDH_P.length = pSz;
wolfSSL 0:1239e9b70ca2 399 ssl->buffers.serverDH_G.length = gSz;
wolfSSL 0:1239e9b70ca2 400
wolfSSL 0:1239e9b70ca2 401 XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
wolfSSL 0:1239e9b70ca2 402 XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
wolfSSL 0:1239e9b70ca2 403
wolfSSL 0:1239e9b70ca2 404 ssl->options.haveDH = 1;
wolfSSL 0:1239e9b70ca2 405 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 406 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 407 #endif
wolfSSL 0:1239e9b70ca2 408 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 409 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 410 #endif
wolfSSL 0:1239e9b70ca2 411 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 0:1239e9b70ca2 412 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 0:1239e9b70ca2 413 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 0:1239e9b70ca2 414
wolfSSL 0:1239e9b70ca2 415 CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
wolfSSL 0:1239e9b70ca2 416 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 417 }
wolfSSL 0:1239e9b70ca2 418 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 419
wolfSSL 0:1239e9b70ca2 420
wolfSSL 0:1239e9b70ca2 421 int CyaSSL_write(CYASSL* ssl, const void* data, int sz)
wolfSSL 0:1239e9b70ca2 422 {
wolfSSL 0:1239e9b70ca2 423 int ret;
wolfSSL 0:1239e9b70ca2 424
wolfSSL 0:1239e9b70ca2 425 CYASSL_ENTER("SSL_write()");
wolfSSL 0:1239e9b70ca2 426
wolfSSL 0:1239e9b70ca2 427 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:1239e9b70ca2 428 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 429
wolfSSL 0:1239e9b70ca2 430 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 431 errno = 0;
wolfSSL 0:1239e9b70ca2 432 #endif
wolfSSL 0:1239e9b70ca2 433
wolfSSL 0:1239e9b70ca2 434 ret = SendData(ssl, data, sz);
wolfSSL 0:1239e9b70ca2 435
wolfSSL 0:1239e9b70ca2 436 CYASSL_LEAVE("SSL_write()", ret);
wolfSSL 0:1239e9b70ca2 437
wolfSSL 0:1239e9b70ca2 438 if (ret < 0)
wolfSSL 0:1239e9b70ca2 439 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 440 else
wolfSSL 0:1239e9b70ca2 441 return ret;
wolfSSL 0:1239e9b70ca2 442 }
wolfSSL 0:1239e9b70ca2 443
wolfSSL 0:1239e9b70ca2 444
wolfSSL 0:1239e9b70ca2 445 static int CyaSSL_read_internal(CYASSL* ssl, void* data, int sz, int peek)
wolfSSL 0:1239e9b70ca2 446 {
wolfSSL 0:1239e9b70ca2 447 int ret;
wolfSSL 0:1239e9b70ca2 448
wolfSSL 0:1239e9b70ca2 449 CYASSL_ENTER("CyaSSL_read_internal()");
wolfSSL 0:1239e9b70ca2 450
wolfSSL 0:1239e9b70ca2 451 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:1239e9b70ca2 452 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 453
wolfSSL 0:1239e9b70ca2 454 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 455 errno = 0;
wolfSSL 0:1239e9b70ca2 456 #endif
wolfSSL 0:1239e9b70ca2 457 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 458 if (ssl->options.dtls)
wolfSSL 0:1239e9b70ca2 459 ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
wolfSSL 0:1239e9b70ca2 460 #endif
wolfSSL 0:1239e9b70ca2 461
wolfSSL 0:1239e9b70ca2 462 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 0:1239e9b70ca2 463 ret = ReceiveData(ssl, (byte*)data,
wolfSSL 0:1239e9b70ca2 464 min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)), peek);
wolfSSL 0:1239e9b70ca2 465 #else
wolfSSL 0:1239e9b70ca2 466 ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
wolfSSL 0:1239e9b70ca2 467 #endif
wolfSSL 0:1239e9b70ca2 468
wolfSSL 0:1239e9b70ca2 469 CYASSL_LEAVE("CyaSSL_read_internal()", ret);
wolfSSL 0:1239e9b70ca2 470
wolfSSL 0:1239e9b70ca2 471 if (ret < 0)
wolfSSL 0:1239e9b70ca2 472 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 473 else
wolfSSL 0:1239e9b70ca2 474 return ret;
wolfSSL 0:1239e9b70ca2 475 }
wolfSSL 0:1239e9b70ca2 476
wolfSSL 0:1239e9b70ca2 477
wolfSSL 0:1239e9b70ca2 478 int CyaSSL_peek(CYASSL* ssl, void* data, int sz)
wolfSSL 0:1239e9b70ca2 479 {
wolfSSL 0:1239e9b70ca2 480 CYASSL_ENTER("CyaSSL_peek()");
wolfSSL 0:1239e9b70ca2 481
wolfSSL 0:1239e9b70ca2 482 return CyaSSL_read_internal(ssl, data, sz, TRUE);
wolfSSL 0:1239e9b70ca2 483 }
wolfSSL 0:1239e9b70ca2 484
wolfSSL 0:1239e9b70ca2 485
wolfSSL 0:1239e9b70ca2 486 int CyaSSL_read(CYASSL* ssl, void* data, int sz)
wolfSSL 0:1239e9b70ca2 487 {
wolfSSL 0:1239e9b70ca2 488 CYASSL_ENTER("CyaSSL_read()");
wolfSSL 0:1239e9b70ca2 489
wolfSSL 0:1239e9b70ca2 490 return CyaSSL_read_internal(ssl, data, sz, FALSE);
wolfSSL 0:1239e9b70ca2 491 }
wolfSSL 0:1239e9b70ca2 492
wolfSSL 0:1239e9b70ca2 493
wolfSSL 0:1239e9b70ca2 494 #ifdef HAVE_CAVIUM
wolfSSL 0:1239e9b70ca2 495
wolfSSL 0:1239e9b70ca2 496 /* let's use cavium, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 497 int CyaSSL_UseCavium(CYASSL* ssl, int devId)
wolfSSL 0:1239e9b70ca2 498 {
wolfSSL 0:1239e9b70ca2 499 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 500 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 501
wolfSSL 0:1239e9b70ca2 502 ssl->devId = devId;
wolfSSL 0:1239e9b70ca2 503
wolfSSL 0:1239e9b70ca2 504 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 505 }
wolfSSL 0:1239e9b70ca2 506
wolfSSL 0:1239e9b70ca2 507
wolfSSL 0:1239e9b70ca2 508 /* let's use cavium, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 509 int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId)
wolfSSL 0:1239e9b70ca2 510 {
wolfSSL 0:1239e9b70ca2 511 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 512 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 513
wolfSSL 0:1239e9b70ca2 514 ctx->devId = devId;
wolfSSL 0:1239e9b70ca2 515
wolfSSL 0:1239e9b70ca2 516 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 517 }
wolfSSL 0:1239e9b70ca2 518
wolfSSL 0:1239e9b70ca2 519
wolfSSL 0:1239e9b70ca2 520 #endif /* HAVE_CAVIUM */
wolfSSL 0:1239e9b70ca2 521
wolfSSL 0:1239e9b70ca2 522 #ifdef HAVE_SNI
wolfSSL 0:1239e9b70ca2 523
wolfSSL 0:1239e9b70ca2 524 int CyaSSL_UseSNI(CYASSL* ssl, byte type, const void* data, word16 size)
wolfSSL 0:1239e9b70ca2 525 {
wolfSSL 0:1239e9b70ca2 526 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 527 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 528
wolfSSL 0:1239e9b70ca2 529 return TLSX_UseSNI(&ssl->extensions, type, data, size);
wolfSSL 0:1239e9b70ca2 530 }
wolfSSL 0:1239e9b70ca2 531
wolfSSL 0:1239e9b70ca2 532 int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, byte type, const void* data, word16 size)
wolfSSL 0:1239e9b70ca2 533 {
wolfSSL 0:1239e9b70ca2 534 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 535 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 536
wolfSSL 0:1239e9b70ca2 537 return TLSX_UseSNI(&ctx->extensions, type, data, size);
wolfSSL 0:1239e9b70ca2 538 }
wolfSSL 0:1239e9b70ca2 539
wolfSSL 0:1239e9b70ca2 540 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 541
wolfSSL 0:1239e9b70ca2 542 void CyaSSL_SNI_SetOptions(CYASSL* ssl, byte type, byte options)
wolfSSL 0:1239e9b70ca2 543 {
wolfSSL 0:1239e9b70ca2 544 if (ssl && ssl->extensions)
wolfSSL 0:1239e9b70ca2 545 TLSX_SNI_SetOptions(ssl->extensions, type, options);
wolfSSL 0:1239e9b70ca2 546 }
wolfSSL 0:1239e9b70ca2 547
wolfSSL 0:1239e9b70ca2 548 void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, byte type, byte options)
wolfSSL 0:1239e9b70ca2 549 {
wolfSSL 0:1239e9b70ca2 550 if (ctx && ctx->extensions)
wolfSSL 0:1239e9b70ca2 551 TLSX_SNI_SetOptions(ctx->extensions, type, options);
wolfSSL 0:1239e9b70ca2 552 }
wolfSSL 0:1239e9b70ca2 553
wolfSSL 0:1239e9b70ca2 554 byte CyaSSL_SNI_Status(CYASSL* ssl, byte type)
wolfSSL 0:1239e9b70ca2 555 {
wolfSSL 0:1239e9b70ca2 556 return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
wolfSSL 0:1239e9b70ca2 557 }
wolfSSL 0:1239e9b70ca2 558
wolfSSL 0:1239e9b70ca2 559 word16 CyaSSL_SNI_GetRequest(CYASSL* ssl, byte type, void** data)
wolfSSL 0:1239e9b70ca2 560 {
wolfSSL 0:1239e9b70ca2 561 if (data)
wolfSSL 0:1239e9b70ca2 562 *data = NULL;
wolfSSL 0:1239e9b70ca2 563
wolfSSL 0:1239e9b70ca2 564 if (ssl && ssl->extensions)
wolfSSL 0:1239e9b70ca2 565 return TLSX_SNI_GetRequest(ssl->extensions, type, data);
wolfSSL 0:1239e9b70ca2 566
wolfSSL 0:1239e9b70ca2 567 return 0;
wolfSSL 0:1239e9b70ca2 568 }
wolfSSL 0:1239e9b70ca2 569
wolfSSL 0:1239e9b70ca2 570 int CyaSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type,
wolfSSL 0:1239e9b70ca2 571 byte* sni, word32* inOutSz)
wolfSSL 0:1239e9b70ca2 572 {
wolfSSL 0:1239e9b70ca2 573 if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
wolfSSL 0:1239e9b70ca2 574 return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
wolfSSL 0:1239e9b70ca2 575
wolfSSL 0:1239e9b70ca2 576 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 577 }
wolfSSL 0:1239e9b70ca2 578
wolfSSL 0:1239e9b70ca2 579 #endif /* NO_CYASSL_SERVER */
wolfSSL 0:1239e9b70ca2 580
wolfSSL 0:1239e9b70ca2 581 #endif /* HAVE_SNI */
wolfSSL 0:1239e9b70ca2 582
wolfSSL 0:1239e9b70ca2 583
wolfSSL 0:1239e9b70ca2 584 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 0:1239e9b70ca2 585 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 586 int CyaSSL_UseMaxFragment(CYASSL* ssl, byte mfl)
wolfSSL 0:1239e9b70ca2 587 {
wolfSSL 0:1239e9b70ca2 588 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 589 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 590
wolfSSL 0:1239e9b70ca2 591 return TLSX_UseMaxFragment(&ssl->extensions, mfl);
wolfSSL 0:1239e9b70ca2 592 }
wolfSSL 0:1239e9b70ca2 593
wolfSSL 0:1239e9b70ca2 594 int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, byte mfl)
wolfSSL 0:1239e9b70ca2 595 {
wolfSSL 0:1239e9b70ca2 596 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 597 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 598
wolfSSL 0:1239e9b70ca2 599 return TLSX_UseMaxFragment(&ctx->extensions, mfl);
wolfSSL 0:1239e9b70ca2 600 }
wolfSSL 0:1239e9b70ca2 601 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 602 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 0:1239e9b70ca2 603
wolfSSL 0:1239e9b70ca2 604 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 0:1239e9b70ca2 605 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 606 int CyaSSL_UseTruncatedHMAC(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 607 {
wolfSSL 0:1239e9b70ca2 608 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 609 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 610
wolfSSL 0:1239e9b70ca2 611 return TLSX_UseTruncatedHMAC(&ssl->extensions);
wolfSSL 0:1239e9b70ca2 612 }
wolfSSL 0:1239e9b70ca2 613
wolfSSL 0:1239e9b70ca2 614 int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 615 {
wolfSSL 0:1239e9b70ca2 616 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 617 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 618
wolfSSL 0:1239e9b70ca2 619 return TLSX_UseTruncatedHMAC(&ctx->extensions);
wolfSSL 0:1239e9b70ca2 620 }
wolfSSL 0:1239e9b70ca2 621 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 622 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 0:1239e9b70ca2 623
wolfSSL 0:1239e9b70ca2 624 /* Elliptic Curves */
wolfSSL 0:1239e9b70ca2 625 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 0:1239e9b70ca2 626 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 627
wolfSSL 0:1239e9b70ca2 628 int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name)
wolfSSL 0:1239e9b70ca2 629 {
wolfSSL 0:1239e9b70ca2 630 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 631 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 632
wolfSSL 0:1239e9b70ca2 633 switch (name) {
wolfSSL 0:1239e9b70ca2 634 case CYASSL_ECC_SECP160R1:
wolfSSL 0:1239e9b70ca2 635 case CYASSL_ECC_SECP192R1:
wolfSSL 0:1239e9b70ca2 636 case CYASSL_ECC_SECP224R1:
wolfSSL 0:1239e9b70ca2 637 case CYASSL_ECC_SECP256R1:
wolfSSL 0:1239e9b70ca2 638 case CYASSL_ECC_SECP384R1:
wolfSSL 0:1239e9b70ca2 639 case CYASSL_ECC_SECP521R1:
wolfSSL 0:1239e9b70ca2 640 break;
wolfSSL 0:1239e9b70ca2 641
wolfSSL 0:1239e9b70ca2 642 default:
wolfSSL 0:1239e9b70ca2 643 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 644 }
wolfSSL 0:1239e9b70ca2 645
wolfSSL 0:1239e9b70ca2 646 return TLSX_UseSupportedCurve(&ssl->extensions, name);
wolfSSL 0:1239e9b70ca2 647 }
wolfSSL 0:1239e9b70ca2 648
wolfSSL 0:1239e9b70ca2 649 int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name)
wolfSSL 0:1239e9b70ca2 650 {
wolfSSL 0:1239e9b70ca2 651 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 652 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 653
wolfSSL 0:1239e9b70ca2 654 switch (name) {
wolfSSL 0:1239e9b70ca2 655 case CYASSL_ECC_SECP160R1:
wolfSSL 0:1239e9b70ca2 656 case CYASSL_ECC_SECP192R1:
wolfSSL 0:1239e9b70ca2 657 case CYASSL_ECC_SECP224R1:
wolfSSL 0:1239e9b70ca2 658 case CYASSL_ECC_SECP256R1:
wolfSSL 0:1239e9b70ca2 659 case CYASSL_ECC_SECP384R1:
wolfSSL 0:1239e9b70ca2 660 case CYASSL_ECC_SECP521R1:
wolfSSL 0:1239e9b70ca2 661 break;
wolfSSL 0:1239e9b70ca2 662
wolfSSL 0:1239e9b70ca2 663 default:
wolfSSL 0:1239e9b70ca2 664 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 665 }
wolfSSL 0:1239e9b70ca2 666
wolfSSL 0:1239e9b70ca2 667 return TLSX_UseSupportedCurve(&ctx->extensions, name);
wolfSSL 0:1239e9b70ca2 668 }
wolfSSL 0:1239e9b70ca2 669
wolfSSL 0:1239e9b70ca2 670 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 671 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 0:1239e9b70ca2 672
wolfSSL 0:1239e9b70ca2 673
wolfSSL 0:1239e9b70ca2 674 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 675 int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags)
wolfSSL 0:1239e9b70ca2 676 {
wolfSSL 0:1239e9b70ca2 677 int ret;
wolfSSL 0:1239e9b70ca2 678 int oldFlags;
wolfSSL 0:1239e9b70ca2 679
wolfSSL 0:1239e9b70ca2 680 CYASSL_ENTER("CyaSSL_send()");
wolfSSL 0:1239e9b70ca2 681
wolfSSL 0:1239e9b70ca2 682 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:1239e9b70ca2 683 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 684
wolfSSL 0:1239e9b70ca2 685 oldFlags = ssl->wflags;
wolfSSL 0:1239e9b70ca2 686
wolfSSL 0:1239e9b70ca2 687 ssl->wflags = flags;
wolfSSL 0:1239e9b70ca2 688 ret = CyaSSL_write(ssl, data, sz);
wolfSSL 0:1239e9b70ca2 689 ssl->wflags = oldFlags;
wolfSSL 0:1239e9b70ca2 690
wolfSSL 0:1239e9b70ca2 691 CYASSL_LEAVE("CyaSSL_send()", ret);
wolfSSL 0:1239e9b70ca2 692
wolfSSL 0:1239e9b70ca2 693 return ret;
wolfSSL 0:1239e9b70ca2 694 }
wolfSSL 0:1239e9b70ca2 695
wolfSSL 0:1239e9b70ca2 696
wolfSSL 0:1239e9b70ca2 697 int CyaSSL_recv(CYASSL* ssl, void* data, int sz, int flags)
wolfSSL 0:1239e9b70ca2 698 {
wolfSSL 0:1239e9b70ca2 699 int ret;
wolfSSL 0:1239e9b70ca2 700 int oldFlags;
wolfSSL 0:1239e9b70ca2 701
wolfSSL 0:1239e9b70ca2 702 CYASSL_ENTER("CyaSSL_recv()");
wolfSSL 0:1239e9b70ca2 703
wolfSSL 0:1239e9b70ca2 704 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 0:1239e9b70ca2 705 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 706
wolfSSL 0:1239e9b70ca2 707 oldFlags = ssl->rflags;
wolfSSL 0:1239e9b70ca2 708
wolfSSL 0:1239e9b70ca2 709 ssl->rflags = flags;
wolfSSL 0:1239e9b70ca2 710 ret = CyaSSL_read(ssl, data, sz);
wolfSSL 0:1239e9b70ca2 711 ssl->rflags = oldFlags;
wolfSSL 0:1239e9b70ca2 712
wolfSSL 0:1239e9b70ca2 713 CYASSL_LEAVE("CyaSSL_recv()", ret);
wolfSSL 0:1239e9b70ca2 714
wolfSSL 0:1239e9b70ca2 715 return ret;
wolfSSL 0:1239e9b70ca2 716 }
wolfSSL 0:1239e9b70ca2 717 #endif
wolfSSL 0:1239e9b70ca2 718
wolfSSL 0:1239e9b70ca2 719
wolfSSL 0:1239e9b70ca2 720 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 721 int CyaSSL_shutdown(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 722 {
wolfSSL 0:1239e9b70ca2 723 CYASSL_ENTER("SSL_shutdown()");
wolfSSL 0:1239e9b70ca2 724
wolfSSL 0:1239e9b70ca2 725 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 726 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 727
wolfSSL 0:1239e9b70ca2 728 if (ssl->options.quietShutdown) {
wolfSSL 0:1239e9b70ca2 729 CYASSL_MSG("quiet shutdown, no close notify sent");
wolfSSL 0:1239e9b70ca2 730 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 731 }
wolfSSL 0:1239e9b70ca2 732
wolfSSL 0:1239e9b70ca2 733 /* try to send close notify, not an error if can't */
wolfSSL 0:1239e9b70ca2 734 if (!ssl->options.isClosed && !ssl->options.connReset &&
wolfSSL 0:1239e9b70ca2 735 !ssl->options.sentNotify) {
wolfSSL 0:1239e9b70ca2 736 ssl->error = SendAlert(ssl, alert_warning, close_notify);
wolfSSL 0:1239e9b70ca2 737 if (ssl->error < 0) {
wolfSSL 0:1239e9b70ca2 738 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 739 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 740 }
wolfSSL 0:1239e9b70ca2 741 ssl->options.sentNotify = 1; /* don't send close_notify twice */
wolfSSL 0:1239e9b70ca2 742 }
wolfSSL 0:1239e9b70ca2 743
wolfSSL 0:1239e9b70ca2 744 CYASSL_LEAVE("SSL_shutdown()", ssl->error);
wolfSSL 0:1239e9b70ca2 745
wolfSSL 0:1239e9b70ca2 746 ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
wolfSSL 0:1239e9b70ca2 747
wolfSSL 0:1239e9b70ca2 748 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 749 }
wolfSSL 0:1239e9b70ca2 750
wolfSSL 0:1239e9b70ca2 751
wolfSSL 0:1239e9b70ca2 752 int CyaSSL_get_error(CYASSL* ssl, int ret)
wolfSSL 0:1239e9b70ca2 753 {
wolfSSL 0:1239e9b70ca2 754 CYASSL_ENTER("SSL_get_error");
wolfSSL 0:1239e9b70ca2 755
wolfSSL 0:1239e9b70ca2 756 if (ret > 0)
wolfSSL 0:1239e9b70ca2 757 return SSL_ERROR_NONE;
wolfSSL 0:1239e9b70ca2 758 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 759 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 760
wolfSSL 0:1239e9b70ca2 761 CYASSL_LEAVE("SSL_get_error", ssl->error);
wolfSSL 0:1239e9b70ca2 762
wolfSSL 0:1239e9b70ca2 763 /* make sure converted types are handled in SetErrorString() too */
wolfSSL 0:1239e9b70ca2 764 if (ssl->error == WANT_READ)
wolfSSL 0:1239e9b70ca2 765 return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */
wolfSSL 0:1239e9b70ca2 766 else if (ssl->error == WANT_WRITE)
wolfSSL 0:1239e9b70ca2 767 return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
wolfSSL 0:1239e9b70ca2 768 else if (ssl->error == ZERO_RETURN)
wolfSSL 0:1239e9b70ca2 769 return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
wolfSSL 0:1239e9b70ca2 770 return ssl->error;
wolfSSL 0:1239e9b70ca2 771 }
wolfSSL 0:1239e9b70ca2 772
wolfSSL 0:1239e9b70ca2 773
wolfSSL 0:1239e9b70ca2 774 /* retrive alert history, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 775 int CyaSSL_get_alert_history(CYASSL* ssl, CYASSL_ALERT_HISTORY *h)
wolfSSL 0:1239e9b70ca2 776 {
wolfSSL 0:1239e9b70ca2 777 if (ssl && h) {
wolfSSL 0:1239e9b70ca2 778 *h = ssl->alert_history;
wolfSSL 0:1239e9b70ca2 779 }
wolfSSL 0:1239e9b70ca2 780 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 781 }
wolfSSL 0:1239e9b70ca2 782
wolfSSL 0:1239e9b70ca2 783
wolfSSL 0:1239e9b70ca2 784 /* return TRUE if current error is want read */
wolfSSL 0:1239e9b70ca2 785 int CyaSSL_want_read(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 786 {
wolfSSL 0:1239e9b70ca2 787 CYASSL_ENTER("SSL_want_read");
wolfSSL 0:1239e9b70ca2 788 if (ssl->error == WANT_READ)
wolfSSL 0:1239e9b70ca2 789 return 1;
wolfSSL 0:1239e9b70ca2 790
wolfSSL 0:1239e9b70ca2 791 return 0;
wolfSSL 0:1239e9b70ca2 792 }
wolfSSL 0:1239e9b70ca2 793
wolfSSL 0:1239e9b70ca2 794
wolfSSL 0:1239e9b70ca2 795 /* return TRUE if current error is want write */
wolfSSL 0:1239e9b70ca2 796 int CyaSSL_want_write(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 797 {
wolfSSL 0:1239e9b70ca2 798 CYASSL_ENTER("SSL_want_write");
wolfSSL 0:1239e9b70ca2 799 if (ssl->error == WANT_WRITE)
wolfSSL 0:1239e9b70ca2 800 return 1;
wolfSSL 0:1239e9b70ca2 801
wolfSSL 0:1239e9b70ca2 802 return 0;
wolfSSL 0:1239e9b70ca2 803 }
wolfSSL 0:1239e9b70ca2 804
wolfSSL 0:1239e9b70ca2 805
wolfSSL 0:1239e9b70ca2 806 char* CyaSSL_ERR_error_string(unsigned long errNumber, char* data)
wolfSSL 0:1239e9b70ca2 807 {
wolfSSL 0:1239e9b70ca2 808 static const char* msg = "Please supply a buffer for error string";
wolfSSL 0:1239e9b70ca2 809
wolfSSL 0:1239e9b70ca2 810 CYASSL_ENTER("ERR_error_string");
wolfSSL 0:1239e9b70ca2 811 if (data) {
wolfSSL 0:1239e9b70ca2 812 SetErrorString((int)errNumber, data);
wolfSSL 0:1239e9b70ca2 813 return data;
wolfSSL 0:1239e9b70ca2 814 }
wolfSSL 0:1239e9b70ca2 815
wolfSSL 0:1239e9b70ca2 816 return (char*)msg;
wolfSSL 0:1239e9b70ca2 817 }
wolfSSL 0:1239e9b70ca2 818
wolfSSL 0:1239e9b70ca2 819
wolfSSL 0:1239e9b70ca2 820 void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
wolfSSL 0:1239e9b70ca2 821 {
wolfSSL 0:1239e9b70ca2 822 CYASSL_ENTER("CyaSSL_ERR_error_string_n");
wolfSSL 0:1239e9b70ca2 823 if (len >= CYASSL_MAX_ERROR_SZ)
wolfSSL 0:1239e9b70ca2 824 CyaSSL_ERR_error_string(e, buf);
wolfSSL 0:1239e9b70ca2 825 else {
wolfSSL 0:1239e9b70ca2 826 char tmp[CYASSL_MAX_ERROR_SZ];
wolfSSL 0:1239e9b70ca2 827
wolfSSL 0:1239e9b70ca2 828 CYASSL_MSG("Error buffer too short, truncating");
wolfSSL 0:1239e9b70ca2 829 if (len) {
wolfSSL 0:1239e9b70ca2 830 CyaSSL_ERR_error_string(e, tmp);
wolfSSL 0:1239e9b70ca2 831 XMEMCPY(buf, tmp, len-1);
wolfSSL 0:1239e9b70ca2 832 buf[len-1] = '\0';
wolfSSL 0:1239e9b70ca2 833 }
wolfSSL 0:1239e9b70ca2 834 }
wolfSSL 0:1239e9b70ca2 835 }
wolfSSL 0:1239e9b70ca2 836
wolfSSL 0:1239e9b70ca2 837
wolfSSL 0:1239e9b70ca2 838 /* don't free temporary arrays at end of handshake */
wolfSSL 0:1239e9b70ca2 839 void CyaSSL_KeepArrays(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 840 {
wolfSSL 0:1239e9b70ca2 841 if (ssl)
wolfSSL 0:1239e9b70ca2 842 ssl->options.saveArrays = 1;
wolfSSL 0:1239e9b70ca2 843 }
wolfSSL 0:1239e9b70ca2 844
wolfSSL 0:1239e9b70ca2 845
wolfSSL 0:1239e9b70ca2 846 /* user doesn't need temporary arrays anymore, Free */
wolfSSL 0:1239e9b70ca2 847 void CyaSSL_FreeArrays(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 848 {
wolfSSL 0:1239e9b70ca2 849 if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 0:1239e9b70ca2 850 ssl->options.saveArrays = 0;
wolfSSL 0:1239e9b70ca2 851 FreeArrays(ssl, 1);
wolfSSL 0:1239e9b70ca2 852 }
wolfSSL 0:1239e9b70ca2 853 }
wolfSSL 0:1239e9b70ca2 854
wolfSSL 0:1239e9b70ca2 855
wolfSSL 0:1239e9b70ca2 856 const byte* CyaSSL_GetMacSecret(CYASSL* ssl, int verify)
wolfSSL 0:1239e9b70ca2 857 {
wolfSSL 0:1239e9b70ca2 858 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 859 return NULL;
wolfSSL 0:1239e9b70ca2 860
wolfSSL 0:1239e9b70ca2 861 if ( (ssl->options.side == CYASSL_CLIENT_END && !verify) ||
wolfSSL 0:1239e9b70ca2 862 (ssl->options.side == CYASSL_SERVER_END && verify) )
wolfSSL 0:1239e9b70ca2 863 return ssl->keys.client_write_MAC_secret;
wolfSSL 0:1239e9b70ca2 864 else
wolfSSL 0:1239e9b70ca2 865 return ssl->keys.server_write_MAC_secret;
wolfSSL 0:1239e9b70ca2 866 }
wolfSSL 0:1239e9b70ca2 867
wolfSSL 0:1239e9b70ca2 868
wolfSSL 0:1239e9b70ca2 869 #ifdef ATOMIC_USER
wolfSSL 0:1239e9b70ca2 870
wolfSSL 0:1239e9b70ca2 871 void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX* ctx, CallbackMacEncrypt cb)
wolfSSL 0:1239e9b70ca2 872 {
wolfSSL 0:1239e9b70ca2 873 if (ctx)
wolfSSL 0:1239e9b70ca2 874 ctx->MacEncryptCb = cb;
wolfSSL 0:1239e9b70ca2 875 }
wolfSSL 0:1239e9b70ca2 876
wolfSSL 0:1239e9b70ca2 877
wolfSSL 0:1239e9b70ca2 878 void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 879 {
wolfSSL 0:1239e9b70ca2 880 if (ssl)
wolfSSL 0:1239e9b70ca2 881 ssl->MacEncryptCtx = ctx;
wolfSSL 0:1239e9b70ca2 882 }
wolfSSL 0:1239e9b70ca2 883
wolfSSL 0:1239e9b70ca2 884
wolfSSL 0:1239e9b70ca2 885 void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 886 {
wolfSSL 0:1239e9b70ca2 887 if (ssl)
wolfSSL 0:1239e9b70ca2 888 return ssl->MacEncryptCtx;
wolfSSL 0:1239e9b70ca2 889
wolfSSL 0:1239e9b70ca2 890 return NULL;
wolfSSL 0:1239e9b70ca2 891 }
wolfSSL 0:1239e9b70ca2 892
wolfSSL 0:1239e9b70ca2 893
wolfSSL 0:1239e9b70ca2 894 void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX* ctx, CallbackDecryptVerify cb)
wolfSSL 0:1239e9b70ca2 895 {
wolfSSL 0:1239e9b70ca2 896 if (ctx)
wolfSSL 0:1239e9b70ca2 897 ctx->DecryptVerifyCb = cb;
wolfSSL 0:1239e9b70ca2 898 }
wolfSSL 0:1239e9b70ca2 899
wolfSSL 0:1239e9b70ca2 900
wolfSSL 0:1239e9b70ca2 901 void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 902 {
wolfSSL 0:1239e9b70ca2 903 if (ssl)
wolfSSL 0:1239e9b70ca2 904 ssl->DecryptVerifyCtx = ctx;
wolfSSL 0:1239e9b70ca2 905 }
wolfSSL 0:1239e9b70ca2 906
wolfSSL 0:1239e9b70ca2 907
wolfSSL 0:1239e9b70ca2 908 void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 909 {
wolfSSL 0:1239e9b70ca2 910 if (ssl)
wolfSSL 0:1239e9b70ca2 911 return ssl->DecryptVerifyCtx;
wolfSSL 0:1239e9b70ca2 912
wolfSSL 0:1239e9b70ca2 913 return NULL;
wolfSSL 0:1239e9b70ca2 914 }
wolfSSL 0:1239e9b70ca2 915
wolfSSL 0:1239e9b70ca2 916
wolfSSL 0:1239e9b70ca2 917 const byte* CyaSSL_GetClientWriteKey(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 918 {
wolfSSL 0:1239e9b70ca2 919 if (ssl)
wolfSSL 0:1239e9b70ca2 920 return ssl->keys.client_write_key;
wolfSSL 0:1239e9b70ca2 921
wolfSSL 0:1239e9b70ca2 922 return NULL;
wolfSSL 0:1239e9b70ca2 923 }
wolfSSL 0:1239e9b70ca2 924
wolfSSL 0:1239e9b70ca2 925
wolfSSL 0:1239e9b70ca2 926 const byte* CyaSSL_GetClientWriteIV(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 927 {
wolfSSL 0:1239e9b70ca2 928 if (ssl)
wolfSSL 0:1239e9b70ca2 929 return ssl->keys.client_write_IV;
wolfSSL 0:1239e9b70ca2 930
wolfSSL 0:1239e9b70ca2 931 return NULL;
wolfSSL 0:1239e9b70ca2 932 }
wolfSSL 0:1239e9b70ca2 933
wolfSSL 0:1239e9b70ca2 934
wolfSSL 0:1239e9b70ca2 935 const byte* CyaSSL_GetServerWriteKey(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 936 {
wolfSSL 0:1239e9b70ca2 937 if (ssl)
wolfSSL 0:1239e9b70ca2 938 return ssl->keys.server_write_key;
wolfSSL 0:1239e9b70ca2 939
wolfSSL 0:1239e9b70ca2 940 return NULL;
wolfSSL 0:1239e9b70ca2 941 }
wolfSSL 0:1239e9b70ca2 942
wolfSSL 0:1239e9b70ca2 943
wolfSSL 0:1239e9b70ca2 944 const byte* CyaSSL_GetServerWriteIV(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 945 {
wolfSSL 0:1239e9b70ca2 946 if (ssl)
wolfSSL 0:1239e9b70ca2 947 return ssl->keys.server_write_IV;
wolfSSL 0:1239e9b70ca2 948
wolfSSL 0:1239e9b70ca2 949 return NULL;
wolfSSL 0:1239e9b70ca2 950 }
wolfSSL 0:1239e9b70ca2 951
wolfSSL 0:1239e9b70ca2 952
wolfSSL 0:1239e9b70ca2 953 int CyaSSL_GetKeySize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 954 {
wolfSSL 0:1239e9b70ca2 955 if (ssl)
wolfSSL 0:1239e9b70ca2 956 return ssl->specs.key_size;
wolfSSL 0:1239e9b70ca2 957
wolfSSL 0:1239e9b70ca2 958 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 959 }
wolfSSL 0:1239e9b70ca2 960
wolfSSL 0:1239e9b70ca2 961
wolfSSL 0:1239e9b70ca2 962 int CyaSSL_GetIVSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 963 {
wolfSSL 0:1239e9b70ca2 964 if (ssl)
wolfSSL 0:1239e9b70ca2 965 return ssl->specs.iv_size;
wolfSSL 0:1239e9b70ca2 966
wolfSSL 0:1239e9b70ca2 967 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 968 }
wolfSSL 0:1239e9b70ca2 969
wolfSSL 0:1239e9b70ca2 970
wolfSSL 0:1239e9b70ca2 971 int CyaSSL_GetBulkCipher(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 972 {
wolfSSL 0:1239e9b70ca2 973 if (ssl)
wolfSSL 0:1239e9b70ca2 974 return ssl->specs.bulk_cipher_algorithm;
wolfSSL 0:1239e9b70ca2 975
wolfSSL 0:1239e9b70ca2 976 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 977 }
wolfSSL 0:1239e9b70ca2 978
wolfSSL 0:1239e9b70ca2 979
wolfSSL 0:1239e9b70ca2 980 int CyaSSL_GetCipherType(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 981 {
wolfSSL 0:1239e9b70ca2 982 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 983 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 984
wolfSSL 0:1239e9b70ca2 985 if (ssl->specs.cipher_type == block)
wolfSSL 0:1239e9b70ca2 986 return CYASSL_BLOCK_TYPE;
wolfSSL 0:1239e9b70ca2 987 if (ssl->specs.cipher_type == stream)
wolfSSL 0:1239e9b70ca2 988 return CYASSL_STREAM_TYPE;
wolfSSL 0:1239e9b70ca2 989 if (ssl->specs.cipher_type == aead)
wolfSSL 0:1239e9b70ca2 990 return CYASSL_AEAD_TYPE;
wolfSSL 0:1239e9b70ca2 991
wolfSSL 0:1239e9b70ca2 992 return -1;
wolfSSL 0:1239e9b70ca2 993 }
wolfSSL 0:1239e9b70ca2 994
wolfSSL 0:1239e9b70ca2 995
wolfSSL 0:1239e9b70ca2 996 int CyaSSL_GetCipherBlockSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 997 {
wolfSSL 0:1239e9b70ca2 998 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 999 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1000
wolfSSL 0:1239e9b70ca2 1001 return ssl->specs.block_size;
wolfSSL 0:1239e9b70ca2 1002 }
wolfSSL 0:1239e9b70ca2 1003
wolfSSL 0:1239e9b70ca2 1004
wolfSSL 0:1239e9b70ca2 1005 int CyaSSL_GetAeadMacSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1006 {
wolfSSL 0:1239e9b70ca2 1007 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 1008 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1009
wolfSSL 0:1239e9b70ca2 1010 return ssl->specs.aead_mac_size;
wolfSSL 0:1239e9b70ca2 1011 }
wolfSSL 0:1239e9b70ca2 1012
wolfSSL 0:1239e9b70ca2 1013
wolfSSL 0:1239e9b70ca2 1014 int CyaSSL_IsTLSv1_1(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1015 {
wolfSSL 0:1239e9b70ca2 1016 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 1017 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1018
wolfSSL 0:1239e9b70ca2 1019 if (ssl->options.tls1_1)
wolfSSL 0:1239e9b70ca2 1020 return 1;
wolfSSL 0:1239e9b70ca2 1021
wolfSSL 0:1239e9b70ca2 1022 return 0;
wolfSSL 0:1239e9b70ca2 1023 }
wolfSSL 0:1239e9b70ca2 1024
wolfSSL 0:1239e9b70ca2 1025
wolfSSL 0:1239e9b70ca2 1026 int CyaSSL_GetSide(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1027 {
wolfSSL 0:1239e9b70ca2 1028 if (ssl)
wolfSSL 0:1239e9b70ca2 1029 return ssl->options.side;
wolfSSL 0:1239e9b70ca2 1030
wolfSSL 0:1239e9b70ca2 1031 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1032 }
wolfSSL 0:1239e9b70ca2 1033
wolfSSL 0:1239e9b70ca2 1034
wolfSSL 0:1239e9b70ca2 1035 int CyaSSL_GetHmacSize(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1036 {
wolfSSL 0:1239e9b70ca2 1037 /* AEAD ciphers don't have HMAC keys */
wolfSSL 0:1239e9b70ca2 1038 if (ssl)
wolfSSL 0:1239e9b70ca2 1039 return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
wolfSSL 0:1239e9b70ca2 1040
wolfSSL 0:1239e9b70ca2 1041 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1042 }
wolfSSL 0:1239e9b70ca2 1043
wolfSSL 0:1239e9b70ca2 1044 #endif /* ATOMIC_USER */
wolfSSL 0:1239e9b70ca2 1045
wolfSSL 0:1239e9b70ca2 1046 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 1047
wolfSSL 0:1239e9b70ca2 1048 CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
wolfSSL 0:1239e9b70ca2 1049 {
wolfSSL 0:1239e9b70ca2 1050 CYASSL_CERT_MANAGER* cm = NULL;
wolfSSL 0:1239e9b70ca2 1051
wolfSSL 0:1239e9b70ca2 1052 CYASSL_ENTER("CyaSSL_CertManagerNew");
wolfSSL 0:1239e9b70ca2 1053
wolfSSL 0:1239e9b70ca2 1054 cm = (CYASSL_CERT_MANAGER*) XMALLOC(sizeof(CYASSL_CERT_MANAGER), 0,
wolfSSL 0:1239e9b70ca2 1055 DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 0:1239e9b70ca2 1056 if (cm) {
wolfSSL 0:1239e9b70ca2 1057 XMEMSET(cm, 0, sizeof(CYASSL_CERT_MANAGER));
wolfSSL 0:1239e9b70ca2 1058
wolfSSL 0:1239e9b70ca2 1059 if (InitMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 1060 CYASSL_MSG("Bad mutex init");
wolfSSL 0:1239e9b70ca2 1061 CyaSSL_CertManagerFree(cm);
wolfSSL 0:1239e9b70ca2 1062 return NULL;
wolfSSL 0:1239e9b70ca2 1063 }
wolfSSL 0:1239e9b70ca2 1064 }
wolfSSL 0:1239e9b70ca2 1065
wolfSSL 0:1239e9b70ca2 1066 return cm;
wolfSSL 0:1239e9b70ca2 1067 }
wolfSSL 0:1239e9b70ca2 1068
wolfSSL 0:1239e9b70ca2 1069
wolfSSL 0:1239e9b70ca2 1070 void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 1071 {
wolfSSL 0:1239e9b70ca2 1072 CYASSL_ENTER("CyaSSL_CertManagerFree");
wolfSSL 0:1239e9b70ca2 1073
wolfSSL 0:1239e9b70ca2 1074 if (cm) {
wolfSSL 0:1239e9b70ca2 1075 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 1076 if (cm->crl)
wolfSSL 0:1239e9b70ca2 1077 FreeCRL(cm->crl, 1);
wolfSSL 0:1239e9b70ca2 1078 #endif
wolfSSL 0:1239e9b70ca2 1079 #ifdef HAVE_OCSP
wolfSSL 0:1239e9b70ca2 1080 if (cm->ocsp)
wolfSSL 0:1239e9b70ca2 1081 FreeOCSP(cm->ocsp, 1);
wolfSSL 0:1239e9b70ca2 1082 #endif
wolfSSL 0:1239e9b70ca2 1083 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL 0:1239e9b70ca2 1084 FreeMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1085 XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 0:1239e9b70ca2 1086 }
wolfSSL 0:1239e9b70ca2 1087
wolfSSL 0:1239e9b70ca2 1088 }
wolfSSL 0:1239e9b70ca2 1089
wolfSSL 0:1239e9b70ca2 1090
wolfSSL 0:1239e9b70ca2 1091 /* Unload the CA signer list */
wolfSSL 0:1239e9b70ca2 1092 int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 1093 {
wolfSSL 0:1239e9b70ca2 1094 CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs");
wolfSSL 0:1239e9b70ca2 1095
wolfSSL 0:1239e9b70ca2 1096 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 1097 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1098
wolfSSL 0:1239e9b70ca2 1099 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:1239e9b70ca2 1100 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1101
wolfSSL 0:1239e9b70ca2 1102 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL 0:1239e9b70ca2 1103
wolfSSL 0:1239e9b70ca2 1104 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1105
wolfSSL 0:1239e9b70ca2 1106
wolfSSL 0:1239e9b70ca2 1107 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1108 }
wolfSSL 0:1239e9b70ca2 1109
wolfSSL 0:1239e9b70ca2 1110
wolfSSL 0:1239e9b70ca2 1111 /* Return bytes written to buff or < 0 for error */
wolfSSL 0:1239e9b70ca2 1112 int CyaSSL_CertPemToDer(const unsigned char* pem, int pemSz,
wolfSSL 0:1239e9b70ca2 1113 unsigned char* buff, int buffSz,
wolfSSL 0:1239e9b70ca2 1114 int type)
wolfSSL 0:1239e9b70ca2 1115 {
wolfSSL 0:1239e9b70ca2 1116 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 1117 int eccKey = 0;
wolfSSL 0:1239e9b70ca2 1118 int ret;
wolfSSL 0:1239e9b70ca2 1119 buffer der;
wolfSSL 0:1239e9b70ca2 1120
wolfSSL 0:1239e9b70ca2 1121 CYASSL_ENTER("CyaSSL_CertPemToDer");
wolfSSL 0:1239e9b70ca2 1122
wolfSSL 0:1239e9b70ca2 1123 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 0:1239e9b70ca2 1124 CYASSL_MSG("Bad pem der args");
wolfSSL 0:1239e9b70ca2 1125 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1126 }
wolfSSL 0:1239e9b70ca2 1127
wolfSSL 0:1239e9b70ca2 1128 if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
wolfSSL 0:1239e9b70ca2 1129 CYASSL_MSG("Bad cert type");
wolfSSL 0:1239e9b70ca2 1130 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1131 }
wolfSSL 0:1239e9b70ca2 1132
wolfSSL 0:1239e9b70ca2 1133 info.set = 0;
wolfSSL 0:1239e9b70ca2 1134 info.ctx = NULL;
wolfSSL 0:1239e9b70ca2 1135 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 1136 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 1137
wolfSSL 0:1239e9b70ca2 1138 ret = PemToDer(pem, pemSz, type, &der, NULL, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 1139 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 1140 CYASSL_MSG("Bad Pem To Der");
wolfSSL 0:1239e9b70ca2 1141 }
wolfSSL 0:1239e9b70ca2 1142 else {
wolfSSL 0:1239e9b70ca2 1143 if (der.length <= (word32)buffSz) {
wolfSSL 0:1239e9b70ca2 1144 XMEMCPY(buff, der.buffer, der.length);
wolfSSL 0:1239e9b70ca2 1145 ret = der.length;
wolfSSL 0:1239e9b70ca2 1146 }
wolfSSL 0:1239e9b70ca2 1147 else {
wolfSSL 0:1239e9b70ca2 1148 CYASSL_MSG("Bad der length");
wolfSSL 0:1239e9b70ca2 1149 ret = BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1150 }
wolfSSL 0:1239e9b70ca2 1151 }
wolfSSL 0:1239e9b70ca2 1152
wolfSSL 0:1239e9b70ca2 1153 XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 1154
wolfSSL 0:1239e9b70ca2 1155 return ret;
wolfSSL 0:1239e9b70ca2 1156 }
wolfSSL 0:1239e9b70ca2 1157
wolfSSL 0:1239e9b70ca2 1158
wolfSSL 0:1239e9b70ca2 1159 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 1160
wolfSSL 0:1239e9b70ca2 1161 /* our KeyPemToDer password callback, password in userData */
wolfSSL 0:1239e9b70ca2 1162 static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
wolfSSL 0:1239e9b70ca2 1163 {
wolfSSL 0:1239e9b70ca2 1164 (void)rw;
wolfSSL 0:1239e9b70ca2 1165
wolfSSL 0:1239e9b70ca2 1166 if (userdata == NULL)
wolfSSL 0:1239e9b70ca2 1167 return 0;
wolfSSL 0:1239e9b70ca2 1168
wolfSSL 0:1239e9b70ca2 1169 XSTRNCPY(passwd, (char*)userdata, sz);
wolfSSL 0:1239e9b70ca2 1170 return min((word32)sz, (word32)XSTRLEN((char*)userdata));
wolfSSL 0:1239e9b70ca2 1171 }
wolfSSL 0:1239e9b70ca2 1172
wolfSSL 0:1239e9b70ca2 1173 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:1239e9b70ca2 1174
wolfSSL 0:1239e9b70ca2 1175
wolfSSL 0:1239e9b70ca2 1176 /* Return bytes written to buff or < 0 for error */
wolfSSL 0:1239e9b70ca2 1177 int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
wolfSSL 0:1239e9b70ca2 1178 int buffSz, const char* pass)
wolfSSL 0:1239e9b70ca2 1179 {
wolfSSL 0:1239e9b70ca2 1180 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 1181 int eccKey = 0;
wolfSSL 0:1239e9b70ca2 1182 int ret;
wolfSSL 0:1239e9b70ca2 1183 buffer der;
wolfSSL 0:1239e9b70ca2 1184
wolfSSL 0:1239e9b70ca2 1185 (void)pass;
wolfSSL 0:1239e9b70ca2 1186
wolfSSL 0:1239e9b70ca2 1187 CYASSL_ENTER("CyaSSL_KeyPemToDer");
wolfSSL 0:1239e9b70ca2 1188
wolfSSL 0:1239e9b70ca2 1189 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 0:1239e9b70ca2 1190 CYASSL_MSG("Bad pem der args");
wolfSSL 0:1239e9b70ca2 1191 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1192 }
wolfSSL 0:1239e9b70ca2 1193
wolfSSL 0:1239e9b70ca2 1194 info.set = 0;
wolfSSL 0:1239e9b70ca2 1195 info.ctx = NULL;
wolfSSL 0:1239e9b70ca2 1196 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 1197 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 1198
wolfSSL 0:1239e9b70ca2 1199 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 1200 if (pass) {
wolfSSL 0:1239e9b70ca2 1201 info.ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
wolfSSL 0:1239e9b70ca2 1202 if (info.ctx == NULL)
wolfSSL 0:1239e9b70ca2 1203 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 1204 CyaSSL_CTX_set_default_passwd_cb(info.ctx, OurPasswordCb);
wolfSSL 0:1239e9b70ca2 1205 CyaSSL_CTX_set_default_passwd_cb_userdata(info.ctx, (void*)pass);
wolfSSL 0:1239e9b70ca2 1206 }
wolfSSL 0:1239e9b70ca2 1207 #endif
wolfSSL 0:1239e9b70ca2 1208
wolfSSL 0:1239e9b70ca2 1209 ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 1210 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 1211 CYASSL_MSG("Bad Pem To Der");
wolfSSL 0:1239e9b70ca2 1212 }
wolfSSL 0:1239e9b70ca2 1213 else {
wolfSSL 0:1239e9b70ca2 1214 if (der.length <= (word32)buffSz) {
wolfSSL 0:1239e9b70ca2 1215 XMEMCPY(buff, der.buffer, der.length);
wolfSSL 0:1239e9b70ca2 1216 ret = der.length;
wolfSSL 0:1239e9b70ca2 1217 }
wolfSSL 0:1239e9b70ca2 1218 else {
wolfSSL 0:1239e9b70ca2 1219 CYASSL_MSG("Bad der length");
wolfSSL 0:1239e9b70ca2 1220 ret = BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1221 }
wolfSSL 0:1239e9b70ca2 1222 }
wolfSSL 0:1239e9b70ca2 1223
wolfSSL 0:1239e9b70ca2 1224 XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 1225
wolfSSL 0:1239e9b70ca2 1226 if (info.ctx)
wolfSSL 0:1239e9b70ca2 1227 CyaSSL_CTX_free(info.ctx);
wolfSSL 0:1239e9b70ca2 1228
wolfSSL 0:1239e9b70ca2 1229 return ret;
wolfSSL 0:1239e9b70ca2 1230 }
wolfSSL 0:1239e9b70ca2 1231
wolfSSL 0:1239e9b70ca2 1232
wolfSSL 0:1239e9b70ca2 1233 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 1234
wolfSSL 0:1239e9b70ca2 1235
wolfSSL 0:1239e9b70ca2 1236
wolfSSL 0:1239e9b70ca2 1237 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 1238
wolfSSL 0:1239e9b70ca2 1239 void CyaSSL_ERR_print_errors_fp(FILE* fp, int err)
wolfSSL 0:1239e9b70ca2 1240 {
wolfSSL 0:1239e9b70ca2 1241 char data[CYASSL_MAX_ERROR_SZ + 1];
wolfSSL 0:1239e9b70ca2 1242
wolfSSL 0:1239e9b70ca2 1243 CYASSL_ENTER("CyaSSL_ERR_print_errors_fp");
wolfSSL 0:1239e9b70ca2 1244 SetErrorString(err, data);
wolfSSL 0:1239e9b70ca2 1245 fprintf(fp, "%s", data);
wolfSSL 0:1239e9b70ca2 1246 }
wolfSSL 0:1239e9b70ca2 1247
wolfSSL 0:1239e9b70ca2 1248 #endif
wolfSSL 0:1239e9b70ca2 1249
wolfSSL 0:1239e9b70ca2 1250
wolfSSL 0:1239e9b70ca2 1251 int CyaSSL_pending(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1252 {
wolfSSL 0:1239e9b70ca2 1253 CYASSL_ENTER("SSL_pending");
wolfSSL 0:1239e9b70ca2 1254 return ssl->buffers.clearOutputBuffer.length;
wolfSSL 0:1239e9b70ca2 1255 }
wolfSSL 0:1239e9b70ca2 1256
wolfSSL 0:1239e9b70ca2 1257
wolfSSL 0:1239e9b70ca2 1258 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 1259 /* trun on handshake group messages for context */
wolfSSL 0:1239e9b70ca2 1260 int CyaSSL_CTX_set_group_messages(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 1261 {
wolfSSL 0:1239e9b70ca2 1262 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 1263 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1264
wolfSSL 0:1239e9b70ca2 1265 ctx->groupMessages = 1;
wolfSSL 0:1239e9b70ca2 1266
wolfSSL 0:1239e9b70ca2 1267 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1268 }
wolfSSL 0:1239e9b70ca2 1269 #endif
wolfSSL 0:1239e9b70ca2 1270
wolfSSL 0:1239e9b70ca2 1271
wolfSSL 0:1239e9b70ca2 1272 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 1273 /* connect enough to get peer cert chain */
wolfSSL 0:1239e9b70ca2 1274 int CyaSSL_connect_cert(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1275 {
wolfSSL 0:1239e9b70ca2 1276 int ret;
wolfSSL 0:1239e9b70ca2 1277
wolfSSL 0:1239e9b70ca2 1278 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 1279 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 1280
wolfSSL 0:1239e9b70ca2 1281 ssl->options.certOnly = 1;
wolfSSL 0:1239e9b70ca2 1282 ret = CyaSSL_connect(ssl);
wolfSSL 0:1239e9b70ca2 1283 ssl->options.certOnly = 0;
wolfSSL 0:1239e9b70ca2 1284
wolfSSL 0:1239e9b70ca2 1285 return ret;
wolfSSL 0:1239e9b70ca2 1286 }
wolfSSL 0:1239e9b70ca2 1287 #endif
wolfSSL 0:1239e9b70ca2 1288
wolfSSL 0:1239e9b70ca2 1289
wolfSSL 0:1239e9b70ca2 1290 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 1291 /* trun on handshake group messages for ssl object */
wolfSSL 0:1239e9b70ca2 1292 int CyaSSL_set_group_messages(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 1293 {
wolfSSL 0:1239e9b70ca2 1294 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 1295 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1296
wolfSSL 0:1239e9b70ca2 1297 ssl->options.groupMessages = 1;
wolfSSL 0:1239e9b70ca2 1298
wolfSSL 0:1239e9b70ca2 1299 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1300 }
wolfSSL 0:1239e9b70ca2 1301
wolfSSL 0:1239e9b70ca2 1302
wolfSSL 0:1239e9b70ca2 1303 int CyaSSL_SetVersion(CYASSL* ssl, int version)
wolfSSL 0:1239e9b70ca2 1304 {
wolfSSL 0:1239e9b70ca2 1305 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 1306 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 1307
wolfSSL 0:1239e9b70ca2 1308 CYASSL_ENTER("CyaSSL_SetVersion");
wolfSSL 0:1239e9b70ca2 1309
wolfSSL 0:1239e9b70ca2 1310 if (ssl == NULL) {
wolfSSL 0:1239e9b70ca2 1311 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 1312 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1313 }
wolfSSL 0:1239e9b70ca2 1314
wolfSSL 0:1239e9b70ca2 1315 switch (version) {
wolfSSL 0:1239e9b70ca2 1316 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 1317 case CYASSL_SSLV3:
wolfSSL 0:1239e9b70ca2 1318 ssl->version = MakeSSLv3();
wolfSSL 0:1239e9b70ca2 1319 break;
wolfSSL 0:1239e9b70ca2 1320 #endif
wolfSSL 0:1239e9b70ca2 1321
wolfSSL 0:1239e9b70ca2 1322 #ifndef NO_TLS
wolfSSL 0:1239e9b70ca2 1323 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 1324 case CYASSL_TLSV1:
wolfSSL 0:1239e9b70ca2 1325 ssl->version = MakeTLSv1();
wolfSSL 0:1239e9b70ca2 1326 break;
wolfSSL 0:1239e9b70ca2 1327
wolfSSL 0:1239e9b70ca2 1328 case CYASSL_TLSV1_1:
wolfSSL 0:1239e9b70ca2 1329 ssl->version = MakeTLSv1_1();
wolfSSL 0:1239e9b70ca2 1330 break;
wolfSSL 0:1239e9b70ca2 1331 #endif
wolfSSL 0:1239e9b70ca2 1332 case CYASSL_TLSV1_2:
wolfSSL 0:1239e9b70ca2 1333 ssl->version = MakeTLSv1_2();
wolfSSL 0:1239e9b70ca2 1334 break;
wolfSSL 0:1239e9b70ca2 1335 #endif
wolfSSL 0:1239e9b70ca2 1336
wolfSSL 0:1239e9b70ca2 1337 default:
wolfSSL 0:1239e9b70ca2 1338 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 1339 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1340 }
wolfSSL 0:1239e9b70ca2 1341
wolfSSL 0:1239e9b70ca2 1342 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 1343 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 1344 #endif
wolfSSL 0:1239e9b70ca2 1345 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 1346 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 1347 #endif
wolfSSL 0:1239e9b70ca2 1348
wolfSSL 0:1239e9b70ca2 1349 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 0:1239e9b70ca2 1350 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 0:1239e9b70ca2 1351 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 0:1239e9b70ca2 1352
wolfSSL 0:1239e9b70ca2 1353 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1354 }
wolfSSL 0:1239e9b70ca2 1355 #endif /* !leanpsk */
wolfSSL 0:1239e9b70ca2 1356
wolfSSL 0:1239e9b70ca2 1357
wolfSSL 0:1239e9b70ca2 1358 #if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 1359
wolfSSL 0:1239e9b70ca2 1360 /* Make a work from the front of random hash */
wolfSSL 0:1239e9b70ca2 1361 static INLINE word32 MakeWordFromHash(const byte* hashID)
wolfSSL 0:1239e9b70ca2 1362 {
wolfSSL 0:1239e9b70ca2 1363 return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
wolfSSL 0:1239e9b70ca2 1364 hashID[3];
wolfSSL 0:1239e9b70ca2 1365 }
wolfSSL 0:1239e9b70ca2 1366
wolfSSL 0:1239e9b70ca2 1367 #endif /* !NO_CERTS || !NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 1368
wolfSSL 0:1239e9b70ca2 1369
wolfSSL 0:1239e9b70ca2 1370 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 1371
wolfSSL 0:1239e9b70ca2 1372 /* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL 0:1239e9b70ca2 1373 static INLINE word32 HashSigner(const byte* hash)
wolfSSL 0:1239e9b70ca2 1374 {
wolfSSL 0:1239e9b70ca2 1375 return MakeWordFromHash(hash) % CA_TABLE_SIZE;
wolfSSL 0:1239e9b70ca2 1376 }
wolfSSL 0:1239e9b70ca2 1377
wolfSSL 0:1239e9b70ca2 1378
wolfSSL 0:1239e9b70ca2 1379 /* does CA already exist on signer list */
wolfSSL 0:1239e9b70ca2 1380 int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
wolfSSL 0:1239e9b70ca2 1381 {
wolfSSL 0:1239e9b70ca2 1382 Signer* signers;
wolfSSL 0:1239e9b70ca2 1383 int ret = 0;
wolfSSL 0:1239e9b70ca2 1384 word32 row = HashSigner(hash);
wolfSSL 0:1239e9b70ca2 1385
wolfSSL 0:1239e9b70ca2 1386 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:1239e9b70ca2 1387 return ret;
wolfSSL 0:1239e9b70ca2 1388 signers = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 1389 while (signers) {
wolfSSL 0:1239e9b70ca2 1390 byte* subjectHash;
wolfSSL 0:1239e9b70ca2 1391 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1392 subjectHash = signers->subjectKeyIdHash;
wolfSSL 0:1239e9b70ca2 1393 #else
wolfSSL 0:1239e9b70ca2 1394 subjectHash = signers->subjectNameHash;
wolfSSL 0:1239e9b70ca2 1395 #endif
wolfSSL 0:1239e9b70ca2 1396 if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL 0:1239e9b70ca2 1397 ret = 1;
wolfSSL 0:1239e9b70ca2 1398 break;
wolfSSL 0:1239e9b70ca2 1399 }
wolfSSL 0:1239e9b70ca2 1400 signers = signers->next;
wolfSSL 0:1239e9b70ca2 1401 }
wolfSSL 0:1239e9b70ca2 1402 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1403
wolfSSL 0:1239e9b70ca2 1404 return ret;
wolfSSL 0:1239e9b70ca2 1405 }
wolfSSL 0:1239e9b70ca2 1406
wolfSSL 0:1239e9b70ca2 1407
wolfSSL 0:1239e9b70ca2 1408 /* return CA if found, otherwise NULL */
wolfSSL 0:1239e9b70ca2 1409 Signer* GetCA(void* vp, byte* hash)
wolfSSL 0:1239e9b70ca2 1410 {
wolfSSL 0:1239e9b70ca2 1411 CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
wolfSSL 0:1239e9b70ca2 1412 Signer* ret = NULL;
wolfSSL 0:1239e9b70ca2 1413 Signer* signers;
wolfSSL 0:1239e9b70ca2 1414 word32 row = HashSigner(hash);
wolfSSL 0:1239e9b70ca2 1415
wolfSSL 0:1239e9b70ca2 1416 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 1417 return NULL;
wolfSSL 0:1239e9b70ca2 1418
wolfSSL 0:1239e9b70ca2 1419 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:1239e9b70ca2 1420 return ret;
wolfSSL 0:1239e9b70ca2 1421
wolfSSL 0:1239e9b70ca2 1422 signers = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 1423 while (signers) {
wolfSSL 0:1239e9b70ca2 1424 byte* subjectHash;
wolfSSL 0:1239e9b70ca2 1425 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1426 subjectHash = signers->subjectKeyIdHash;
wolfSSL 0:1239e9b70ca2 1427 #else
wolfSSL 0:1239e9b70ca2 1428 subjectHash = signers->subjectNameHash;
wolfSSL 0:1239e9b70ca2 1429 #endif
wolfSSL 0:1239e9b70ca2 1430 if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL 0:1239e9b70ca2 1431 ret = signers;
wolfSSL 0:1239e9b70ca2 1432 break;
wolfSSL 0:1239e9b70ca2 1433 }
wolfSSL 0:1239e9b70ca2 1434 signers = signers->next;
wolfSSL 0:1239e9b70ca2 1435 }
wolfSSL 0:1239e9b70ca2 1436 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1437
wolfSSL 0:1239e9b70ca2 1438 return ret;
wolfSSL 0:1239e9b70ca2 1439 }
wolfSSL 0:1239e9b70ca2 1440
wolfSSL 0:1239e9b70ca2 1441
wolfSSL 0:1239e9b70ca2 1442 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1443 /* return CA if found, otherwise NULL. Walk through hash table. */
wolfSSL 0:1239e9b70ca2 1444 Signer* GetCAByName(void* vp, byte* hash)
wolfSSL 0:1239e9b70ca2 1445 {
wolfSSL 0:1239e9b70ca2 1446 CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
wolfSSL 0:1239e9b70ca2 1447 Signer* ret = NULL;
wolfSSL 0:1239e9b70ca2 1448 Signer* signers;
wolfSSL 0:1239e9b70ca2 1449 word32 row;
wolfSSL 0:1239e9b70ca2 1450
wolfSSL 0:1239e9b70ca2 1451 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 1452 return NULL;
wolfSSL 0:1239e9b70ca2 1453
wolfSSL 0:1239e9b70ca2 1454 if (LockMutex(&cm->caLock) != 0)
wolfSSL 0:1239e9b70ca2 1455 return ret;
wolfSSL 0:1239e9b70ca2 1456
wolfSSL 0:1239e9b70ca2 1457 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
wolfSSL 0:1239e9b70ca2 1458 signers = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 1459 while (signers && ret == NULL) {
wolfSSL 0:1239e9b70ca2 1460 if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL 0:1239e9b70ca2 1461 ret = signers;
wolfSSL 0:1239e9b70ca2 1462 }
wolfSSL 0:1239e9b70ca2 1463 signers = signers->next;
wolfSSL 0:1239e9b70ca2 1464 }
wolfSSL 0:1239e9b70ca2 1465 }
wolfSSL 0:1239e9b70ca2 1466 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1467
wolfSSL 0:1239e9b70ca2 1468 return ret;
wolfSSL 0:1239e9b70ca2 1469 }
wolfSSL 0:1239e9b70ca2 1470 #endif
wolfSSL 0:1239e9b70ca2 1471
wolfSSL 0:1239e9b70ca2 1472
wolfSSL 0:1239e9b70ca2 1473 /* owns der, internal now uses too */
wolfSSL 0:1239e9b70ca2 1474 /* type flag ids from user or from chain received during verify
wolfSSL 0:1239e9b70ca2 1475 don't allow chain ones to be added w/o isCA extension */
wolfSSL 0:1239e9b70ca2 1476 int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
wolfSSL 0:1239e9b70ca2 1477 {
wolfSSL 0:1239e9b70ca2 1478 int ret;
wolfSSL 0:1239e9b70ca2 1479 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 1480 Signer* signer = 0;
wolfSSL 0:1239e9b70ca2 1481 word32 row;
wolfSSL 0:1239e9b70ca2 1482 byte* subjectHash;
wolfSSL 0:1239e9b70ca2 1483
wolfSSL 0:1239e9b70ca2 1484 CYASSL_MSG("Adding a CA");
wolfSSL 0:1239e9b70ca2 1485 InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
wolfSSL 0:1239e9b70ca2 1486 ret = ParseCert(&cert, CA_TYPE, verify, cm);
wolfSSL 0:1239e9b70ca2 1487 CYASSL_MSG(" Parsed new CA");
wolfSSL 0:1239e9b70ca2 1488
wolfSSL 0:1239e9b70ca2 1489 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1490 subjectHash = cert.extSubjKeyId;
wolfSSL 0:1239e9b70ca2 1491 #else
wolfSSL 0:1239e9b70ca2 1492 subjectHash = cert.subjectHash;
wolfSSL 0:1239e9b70ca2 1493 #endif
wolfSSL 0:1239e9b70ca2 1494
wolfSSL 0:1239e9b70ca2 1495 if (ret == 0 && cert.isCA == 0 && type != CYASSL_USER_CA) {
wolfSSL 0:1239e9b70ca2 1496 CYASSL_MSG(" Can't add as CA if not actually one");
wolfSSL 0:1239e9b70ca2 1497 ret = NOT_CA_ERROR;
wolfSSL 0:1239e9b70ca2 1498 }
wolfSSL 0:1239e9b70ca2 1499 #ifndef ALLOW_INVALID_CERTSIGN
wolfSSL 0:1239e9b70ca2 1500 else if (ret == 0 && cert.isCA == 1 && type != CYASSL_USER_CA &&
wolfSSL 0:1239e9b70ca2 1501 (cert.extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
wolfSSL 0:1239e9b70ca2 1502 /* Intermediate CA certs are required to have the keyCertSign
wolfSSL 0:1239e9b70ca2 1503 * extension set. User loaded root certs are not. */
wolfSSL 0:1239e9b70ca2 1504 CYASSL_MSG(" Doesn't have key usage certificate signing");
wolfSSL 0:1239e9b70ca2 1505 ret = NOT_CA_ERROR;
wolfSSL 0:1239e9b70ca2 1506 }
wolfSSL 0:1239e9b70ca2 1507 #endif
wolfSSL 0:1239e9b70ca2 1508 else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
wolfSSL 0:1239e9b70ca2 1509 CYASSL_MSG(" Already have this CA, not adding again");
wolfSSL 0:1239e9b70ca2 1510 (void)ret;
wolfSSL 0:1239e9b70ca2 1511 }
wolfSSL 0:1239e9b70ca2 1512 else if (ret == 0) {
wolfSSL 0:1239e9b70ca2 1513 /* take over signer parts */
wolfSSL 0:1239e9b70ca2 1514 signer = MakeSigner(cm->heap);
wolfSSL 0:1239e9b70ca2 1515 if (!signer)
wolfSSL 0:1239e9b70ca2 1516 ret = MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 1517 else {
wolfSSL 0:1239e9b70ca2 1518 signer->keyOID = cert.keyOID;
wolfSSL 0:1239e9b70ca2 1519 signer->publicKey = cert.publicKey;
wolfSSL 0:1239e9b70ca2 1520 signer->pubKeySize = cert.pubKeySize;
wolfSSL 0:1239e9b70ca2 1521 signer->nameLen = cert.subjectCNLen;
wolfSSL 0:1239e9b70ca2 1522 signer->name = cert.subjectCN;
wolfSSL 0:1239e9b70ca2 1523 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:1239e9b70ca2 1524 signer->permittedNames = cert.permittedNames;
wolfSSL 0:1239e9b70ca2 1525 signer->excludedNames = cert.excludedNames;
wolfSSL 0:1239e9b70ca2 1526 #endif
wolfSSL 0:1239e9b70ca2 1527 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1528 XMEMCPY(signer->subjectKeyIdHash,
wolfSSL 0:1239e9b70ca2 1529 cert.extSubjKeyId, SHA_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 1530 #endif
wolfSSL 0:1239e9b70ca2 1531 XMEMCPY(signer->subjectNameHash, cert.subjectHash, SHA_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 1532 signer->keyUsage = cert.extKeyUsageSet ? cert.extKeyUsage : 0xFFFF;
wolfSSL 0:1239e9b70ca2 1533 /* If Key Usage not set, all uses valid. */
wolfSSL 0:1239e9b70ca2 1534 signer->next = NULL; /* in case lock fails */
wolfSSL 0:1239e9b70ca2 1535
wolfSSL 0:1239e9b70ca2 1536 cert.publicKey = 0; /* don't free here */
wolfSSL 0:1239e9b70ca2 1537 cert.subjectCN = 0;
wolfSSL 0:1239e9b70ca2 1538 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:1239e9b70ca2 1539 cert.permittedNames = NULL;
wolfSSL 0:1239e9b70ca2 1540 cert.excludedNames = NULL;
wolfSSL 0:1239e9b70ca2 1541 #endif
wolfSSL 0:1239e9b70ca2 1542
wolfSSL 0:1239e9b70ca2 1543 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 1544 row = HashSigner(signer->subjectKeyIdHash);
wolfSSL 0:1239e9b70ca2 1545 #else
wolfSSL 0:1239e9b70ca2 1546 row = HashSigner(signer->subjectNameHash);
wolfSSL 0:1239e9b70ca2 1547 #endif
wolfSSL 0:1239e9b70ca2 1548
wolfSSL 0:1239e9b70ca2 1549 if (LockMutex(&cm->caLock) == 0) {
wolfSSL 0:1239e9b70ca2 1550 signer->next = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 1551 cm->caTable[row] = signer; /* takes ownership */
wolfSSL 0:1239e9b70ca2 1552 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 1553 if (cm->caCacheCallback)
wolfSSL 0:1239e9b70ca2 1554 cm->caCacheCallback(der.buffer, (int)der.length, type);
wolfSSL 0:1239e9b70ca2 1555 }
wolfSSL 0:1239e9b70ca2 1556 else {
wolfSSL 0:1239e9b70ca2 1557 CYASSL_MSG(" CA Mutex Lock failed");
wolfSSL 0:1239e9b70ca2 1558 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1559 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 1560 }
wolfSSL 0:1239e9b70ca2 1561 }
wolfSSL 0:1239e9b70ca2 1562 }
wolfSSL 0:1239e9b70ca2 1563
wolfSSL 0:1239e9b70ca2 1564 CYASSL_MSG(" Freeing Parsed CA");
wolfSSL 0:1239e9b70ca2 1565 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 1566 CYASSL_MSG(" Freeing der CA");
wolfSSL 0:1239e9b70ca2 1567 XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA);
wolfSSL 0:1239e9b70ca2 1568 CYASSL_MSG(" OK Freeing der CA");
wolfSSL 0:1239e9b70ca2 1569
wolfSSL 0:1239e9b70ca2 1570 CYASSL_LEAVE("AddCA", ret);
wolfSSL 0:1239e9b70ca2 1571 if (ret == 0) return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1572 return ret;
wolfSSL 0:1239e9b70ca2 1573 }
wolfSSL 0:1239e9b70ca2 1574
wolfSSL 0:1239e9b70ca2 1575 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 1576
wolfSSL 0:1239e9b70ca2 1577
wolfSSL 0:1239e9b70ca2 1578 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 1579
wolfSSL 0:1239e9b70ca2 1580 /* basic config gives a cache with 33 sessions, adequate for clients and
wolfSSL 0:1239e9b70ca2 1581 embedded servers
wolfSSL 0:1239e9b70ca2 1582
wolfSSL 0:1239e9b70ca2 1583 MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
wolfSSL 0:1239e9b70ca2 1584 aren't under heavy load, basically allows 200 new sessions per minute
wolfSSL 0:1239e9b70ca2 1585
wolfSSL 0:1239e9b70ca2 1586 BIG_SESSION_CACHE yields 20,027 sessions
wolfSSL 0:1239e9b70ca2 1587
wolfSSL 0:1239e9b70ca2 1588 HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
wolfSSL 0:1239e9b70ca2 1589 allows over 13,000 new sessions per minute or over 200 new sessions per
wolfSSL 0:1239e9b70ca2 1590 second
wolfSSL 0:1239e9b70ca2 1591
wolfSSL 0:1239e9b70ca2 1592 SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
wolfSSL 0:1239e9b70ca2 1593 or systems where the default of nearly 3kB is too much RAM, this define
wolfSSL 0:1239e9b70ca2 1594 uses less than 500 bytes RAM
wolfSSL 0:1239e9b70ca2 1595
wolfSSL 0:1239e9b70ca2 1596 default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
wolfSSL 0:1239e9b70ca2 1597 */
wolfSSL 0:1239e9b70ca2 1598 #ifdef HUGE_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 1599 #define SESSIONS_PER_ROW 11
wolfSSL 0:1239e9b70ca2 1600 #define SESSION_ROWS 5981
wolfSSL 0:1239e9b70ca2 1601 #elif defined(BIG_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 1602 #define SESSIONS_PER_ROW 7
wolfSSL 0:1239e9b70ca2 1603 #define SESSION_ROWS 2861
wolfSSL 0:1239e9b70ca2 1604 #elif defined(MEDIUM_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 1605 #define SESSIONS_PER_ROW 5
wolfSSL 0:1239e9b70ca2 1606 #define SESSION_ROWS 211
wolfSSL 0:1239e9b70ca2 1607 #elif defined(SMALL_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 1608 #define SESSIONS_PER_ROW 2
wolfSSL 0:1239e9b70ca2 1609 #define SESSION_ROWS 3
wolfSSL 0:1239e9b70ca2 1610 #else
wolfSSL 0:1239e9b70ca2 1611 #define SESSIONS_PER_ROW 3
wolfSSL 0:1239e9b70ca2 1612 #define SESSION_ROWS 11
wolfSSL 0:1239e9b70ca2 1613 #endif
wolfSSL 0:1239e9b70ca2 1614
wolfSSL 0:1239e9b70ca2 1615 typedef struct SessionRow {
wolfSSL 0:1239e9b70ca2 1616 int nextIdx; /* where to place next one */
wolfSSL 0:1239e9b70ca2 1617 int totalCount; /* sessions ever on this row */
wolfSSL 0:1239e9b70ca2 1618 CYASSL_SESSION Sessions[SESSIONS_PER_ROW];
wolfSSL 0:1239e9b70ca2 1619 } SessionRow;
wolfSSL 0:1239e9b70ca2 1620
wolfSSL 0:1239e9b70ca2 1621 static SessionRow SessionCache[SESSION_ROWS];
wolfSSL 0:1239e9b70ca2 1622
wolfSSL 0:1239e9b70ca2 1623 static CyaSSL_Mutex session_mutex; /* SessionCache mutex */
wolfSSL 0:1239e9b70ca2 1624
wolfSSL 0:1239e9b70ca2 1625 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 1626
wolfSSL 0:1239e9b70ca2 1627 typedef struct ClientSession {
wolfSSL 0:1239e9b70ca2 1628 word16 serverRow; /* SessionCache Row id */
wolfSSL 0:1239e9b70ca2 1629 word16 serverIdx; /* SessionCache Idx (column) */
wolfSSL 0:1239e9b70ca2 1630 } ClientSession;
wolfSSL 0:1239e9b70ca2 1631
wolfSSL 0:1239e9b70ca2 1632 typedef struct ClientRow {
wolfSSL 0:1239e9b70ca2 1633 int nextIdx; /* where to place next one */
wolfSSL 0:1239e9b70ca2 1634 int totalCount; /* sessions ever on this row */
wolfSSL 0:1239e9b70ca2 1635 ClientSession Clients[SESSIONS_PER_ROW];
wolfSSL 0:1239e9b70ca2 1636 } ClientRow;
wolfSSL 0:1239e9b70ca2 1637
wolfSSL 0:1239e9b70ca2 1638 static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
wolfSSL 0:1239e9b70ca2 1639 /* uses session mutex */
wolfSSL 0:1239e9b70ca2 1640 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 1641
wolfSSL 0:1239e9b70ca2 1642 #endif /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 1643
wolfSSL 0:1239e9b70ca2 1644
wolfSSL 0:1239e9b70ca2 1645 int CyaSSL_Init(void)
wolfSSL 0:1239e9b70ca2 1646 {
wolfSSL 0:1239e9b70ca2 1647 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 1648
wolfSSL 0:1239e9b70ca2 1649 CYASSL_ENTER("CyaSSL_Init");
wolfSSL 0:1239e9b70ca2 1650
wolfSSL 0:1239e9b70ca2 1651 if (initRefCount == 0) {
wolfSSL 0:1239e9b70ca2 1652 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 1653 if (InitMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 1654 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1655 #endif
wolfSSL 0:1239e9b70ca2 1656 if (InitMutex(&count_mutex) != 0)
wolfSSL 0:1239e9b70ca2 1657 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1658 }
wolfSSL 0:1239e9b70ca2 1659 if (ret == SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 1660 if (LockMutex(&count_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 1661 CYASSL_MSG("Bad Lock Mutex count");
wolfSSL 0:1239e9b70ca2 1662 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 1663 }
wolfSSL 0:1239e9b70ca2 1664 initRefCount++;
wolfSSL 0:1239e9b70ca2 1665 UnLockMutex(&count_mutex);
wolfSSL 0:1239e9b70ca2 1666 }
wolfSSL 0:1239e9b70ca2 1667
wolfSSL 0:1239e9b70ca2 1668 return ret;
wolfSSL 0:1239e9b70ca2 1669 }
wolfSSL 0:1239e9b70ca2 1670
wolfSSL 0:1239e9b70ca2 1671
wolfSSL 0:1239e9b70ca2 1672 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 1673
wolfSSL 0:1239e9b70ca2 1674 /* Remove PEM header/footer, convert to ASN1, store any encrypted data
wolfSSL 0:1239e9b70ca2 1675 info->consumed tracks of PEM bytes consumed in case multiple parts */
wolfSSL 0:1239e9b70ca2 1676 int PemToDer(const unsigned char* buff, long longSz, int type,
wolfSSL 0:1239e9b70ca2 1677 buffer* der, void* heap, EncryptedInfo* info, int* eccKey)
wolfSSL 0:1239e9b70ca2 1678 {
wolfSSL 0:1239e9b70ca2 1679 char header[PEM_LINE_LEN];
wolfSSL 0:1239e9b70ca2 1680 char footer[PEM_LINE_LEN];
wolfSSL 0:1239e9b70ca2 1681 char* headerEnd;
wolfSSL 0:1239e9b70ca2 1682 char* footerEnd;
wolfSSL 0:1239e9b70ca2 1683 char* consumedEnd;
wolfSSL 0:1239e9b70ca2 1684 char* bufferEnd = (char*)(buff + longSz);
wolfSSL 0:1239e9b70ca2 1685 long neededSz;
wolfSSL 0:1239e9b70ca2 1686 int ret = 0;
wolfSSL 0:1239e9b70ca2 1687 int pkcs8 = 0;
wolfSSL 0:1239e9b70ca2 1688 int pkcs8Enc = 0;
wolfSSL 0:1239e9b70ca2 1689 int dynamicType = 0;
wolfSSL 0:1239e9b70ca2 1690 int sz = (int)longSz;
wolfSSL 0:1239e9b70ca2 1691
wolfSSL 0:1239e9b70ca2 1692 (void)heap;
wolfSSL 0:1239e9b70ca2 1693 (void)dynamicType;
wolfSSL 0:1239e9b70ca2 1694
wolfSSL 0:1239e9b70ca2 1695 if (type == CERT_TYPE || type == CA_TYPE) {
wolfSSL 0:1239e9b70ca2 1696 XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1697 XSTRNCPY(footer, "-----END CERTIFICATE-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1698 dynamicType = (type == CA_TYPE) ? DYNAMIC_TYPE_CA :
wolfSSL 0:1239e9b70ca2 1699 DYNAMIC_TYPE_CERT;
wolfSSL 0:1239e9b70ca2 1700 } else if (type == CERTREQ_TYPE) {
wolfSSL 0:1239e9b70ca2 1701 XSTRNCPY(header, "-----BEGIN CERTIFICATE REQUEST-----",
wolfSSL 0:1239e9b70ca2 1702 sizeof(header));
wolfSSL 0:1239e9b70ca2 1703 XSTRNCPY(footer, "-----END CERTIFICATE REQUEST-----",
wolfSSL 0:1239e9b70ca2 1704 sizeof(footer));
wolfSSL 0:1239e9b70ca2 1705 dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL 0:1239e9b70ca2 1706 } else if (type == DH_PARAM_TYPE) {
wolfSSL 0:1239e9b70ca2 1707 XSTRNCPY(header, "-----BEGIN DH PARAMETERS-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1708 XSTRNCPY(footer, "-----END DH PARAMETERS-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1709 dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL 0:1239e9b70ca2 1710 } else if (type == CRL_TYPE) {
wolfSSL 0:1239e9b70ca2 1711 XSTRNCPY(header, "-----BEGIN X509 CRL-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1712 XSTRNCPY(footer, "-----END X509 CRL-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1713 dynamicType = DYNAMIC_TYPE_CRL;
wolfSSL 0:1239e9b70ca2 1714 } else {
wolfSSL 0:1239e9b70ca2 1715 XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1716 XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1717 dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL 0:1239e9b70ca2 1718 }
wolfSSL 0:1239e9b70ca2 1719
wolfSSL 0:1239e9b70ca2 1720 /* find header */
wolfSSL 0:1239e9b70ca2 1721 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1722 if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be pkcs8 */
wolfSSL 0:1239e9b70ca2 1723 XSTRNCPY(header, "-----BEGIN PRIVATE KEY-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1724 XSTRNCPY(footer, "-----END PRIVATE KEY-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1725
wolfSSL 0:1239e9b70ca2 1726 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1727 if (headerEnd)
wolfSSL 0:1239e9b70ca2 1728 pkcs8 = 1;
wolfSSL 0:1239e9b70ca2 1729 else {
wolfSSL 0:1239e9b70ca2 1730 XSTRNCPY(header, "-----BEGIN ENCRYPTED PRIVATE KEY-----",
wolfSSL 0:1239e9b70ca2 1731 sizeof(header));
wolfSSL 0:1239e9b70ca2 1732 XSTRNCPY(footer, "-----END ENCRYPTED PRIVATE KEY-----",
wolfSSL 0:1239e9b70ca2 1733 sizeof(footer));
wolfSSL 0:1239e9b70ca2 1734
wolfSSL 0:1239e9b70ca2 1735 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1736 if (headerEnd) {
wolfSSL 0:1239e9b70ca2 1737 pkcs8Enc = 1;
wolfSSL 0:1239e9b70ca2 1738 (void)pkcs8Enc; /* only opensslextra will read */
wolfSSL 0:1239e9b70ca2 1739 }
wolfSSL 0:1239e9b70ca2 1740 }
wolfSSL 0:1239e9b70ca2 1741 }
wolfSSL 0:1239e9b70ca2 1742 if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */
wolfSSL 0:1239e9b70ca2 1743 XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1744 XSTRNCPY(footer, "-----END EC PRIVATE KEY-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1745
wolfSSL 0:1239e9b70ca2 1746 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1747 if (headerEnd)
wolfSSL 0:1239e9b70ca2 1748 *eccKey = 1;
wolfSSL 0:1239e9b70ca2 1749 }
wolfSSL 0:1239e9b70ca2 1750 if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be dsa */
wolfSSL 0:1239e9b70ca2 1751 XSTRNCPY(header, "-----BEGIN DSA PRIVATE KEY-----", sizeof(header));
wolfSSL 0:1239e9b70ca2 1752 XSTRNCPY(footer, "-----END DSA PRIVATE KEY-----", sizeof(footer));
wolfSSL 0:1239e9b70ca2 1753
wolfSSL 0:1239e9b70ca2 1754 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 0:1239e9b70ca2 1755 }
wolfSSL 0:1239e9b70ca2 1756 if (!headerEnd) {
wolfSSL 0:1239e9b70ca2 1757 CYASSL_MSG("Couldn't find PEM header");
wolfSSL 0:1239e9b70ca2 1758 return SSL_NO_PEM_HEADER;
wolfSSL 0:1239e9b70ca2 1759 }
wolfSSL 0:1239e9b70ca2 1760 headerEnd += XSTRLEN(header);
wolfSSL 0:1239e9b70ca2 1761
wolfSSL 0:1239e9b70ca2 1762 /* eat end of line */
wolfSSL 0:1239e9b70ca2 1763 if (headerEnd[0] == '\n')
wolfSSL 0:1239e9b70ca2 1764 headerEnd++;
wolfSSL 0:1239e9b70ca2 1765 else if (headerEnd[1] == '\n')
wolfSSL 0:1239e9b70ca2 1766 headerEnd += 2;
wolfSSL 0:1239e9b70ca2 1767 else
wolfSSL 0:1239e9b70ca2 1768 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1769
wolfSSL 0:1239e9b70ca2 1770 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 1771 {
wolfSSL 0:1239e9b70ca2 1772 /* remove encrypted header if there */
wolfSSL 0:1239e9b70ca2 1773 char encHeader[] = "Proc-Type";
wolfSSL 0:1239e9b70ca2 1774 char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1775 if (line) {
wolfSSL 0:1239e9b70ca2 1776 char* newline;
wolfSSL 0:1239e9b70ca2 1777 char* finish;
wolfSSL 0:1239e9b70ca2 1778 char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1779
wolfSSL 0:1239e9b70ca2 1780 if (!start)
wolfSSL 0:1239e9b70ca2 1781 start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1782
wolfSSL 0:1239e9b70ca2 1783 if (!start) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1784 if (!info) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1785
wolfSSL 0:1239e9b70ca2 1786 finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1787
wolfSSL 0:1239e9b70ca2 1788 if (start && finish && (start < finish)) {
wolfSSL 0:1239e9b70ca2 1789 newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1790
wolfSSL 0:1239e9b70ca2 1791 XMEMCPY(info->name, start, finish - start);
wolfSSL 0:1239e9b70ca2 1792 info->name[finish - start] = 0;
wolfSSL 0:1239e9b70ca2 1793 XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
wolfSSL 0:1239e9b70ca2 1794
wolfSSL 0:1239e9b70ca2 1795 if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
wolfSSL 0:1239e9b70ca2 1796 if (newline && (newline > finish)) {
wolfSSL 0:1239e9b70ca2 1797 info->ivSz = (word32)(newline - (finish + 1));
wolfSSL 0:1239e9b70ca2 1798 info->set = 1;
wolfSSL 0:1239e9b70ca2 1799 }
wolfSSL 0:1239e9b70ca2 1800 else
wolfSSL 0:1239e9b70ca2 1801 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1802 }
wolfSSL 0:1239e9b70ca2 1803 else
wolfSSL 0:1239e9b70ca2 1804 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1805
wolfSSL 0:1239e9b70ca2 1806 /* eat blank line */
wolfSSL 0:1239e9b70ca2 1807 while (*newline == '\r' || *newline == '\n')
wolfSSL 0:1239e9b70ca2 1808 newline++;
wolfSSL 0:1239e9b70ca2 1809 headerEnd = newline;
wolfSSL 0:1239e9b70ca2 1810 }
wolfSSL 0:1239e9b70ca2 1811 }
wolfSSL 0:1239e9b70ca2 1812 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:1239e9b70ca2 1813
wolfSSL 0:1239e9b70ca2 1814 /* find footer */
wolfSSL 0:1239e9b70ca2 1815 footerEnd = XSTRNSTR((char*)buff, footer, sz);
wolfSSL 0:1239e9b70ca2 1816 if (!footerEnd) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1817
wolfSSL 0:1239e9b70ca2 1818 consumedEnd = footerEnd + XSTRLEN(footer);
wolfSSL 0:1239e9b70ca2 1819
wolfSSL 0:1239e9b70ca2 1820 if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
wolfSSL 0:1239e9b70ca2 1821 /* eat end of line */
wolfSSL 0:1239e9b70ca2 1822 if (consumedEnd[0] == '\n')
wolfSSL 0:1239e9b70ca2 1823 consumedEnd++;
wolfSSL 0:1239e9b70ca2 1824 else if (consumedEnd[1] == '\n')
wolfSSL 0:1239e9b70ca2 1825 consumedEnd += 2;
wolfSSL 0:1239e9b70ca2 1826 else
wolfSSL 0:1239e9b70ca2 1827 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1828 }
wolfSSL 0:1239e9b70ca2 1829
wolfSSL 0:1239e9b70ca2 1830 if (info)
wolfSSL 0:1239e9b70ca2 1831 info->consumed = (long)(consumedEnd - (char*)buff);
wolfSSL 0:1239e9b70ca2 1832
wolfSSL 0:1239e9b70ca2 1833 /* set up der buffer */
wolfSSL 0:1239e9b70ca2 1834 neededSz = (long)(footerEnd - headerEnd);
wolfSSL 0:1239e9b70ca2 1835 if (neededSz > sz || neededSz < 0) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1836 der->buffer = (byte*) XMALLOC(neededSz, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1837 if (!der->buffer) return MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 1838 der->length = (word32)neededSz;
wolfSSL 0:1239e9b70ca2 1839
wolfSSL 0:1239e9b70ca2 1840 if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer,
wolfSSL 0:1239e9b70ca2 1841 &der->length) < 0)
wolfSSL 0:1239e9b70ca2 1842 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 1843
wolfSSL 0:1239e9b70ca2 1844 if (pkcs8) {
wolfSSL 0:1239e9b70ca2 1845 /* convert and adjust length */
wolfSSL 0:1239e9b70ca2 1846 if ( (ret = ToTraditional(der->buffer, der->length)) < 0 ) {
wolfSSL 0:1239e9b70ca2 1847 return ret;
wolfSSL 0:1239e9b70ca2 1848 } else {
wolfSSL 0:1239e9b70ca2 1849 der->length = ret;
wolfSSL 0:1239e9b70ca2 1850 return 0;
wolfSSL 0:1239e9b70ca2 1851 }
wolfSSL 0:1239e9b70ca2 1852 }
wolfSSL 0:1239e9b70ca2 1853
wolfSSL 0:1239e9b70ca2 1854 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
wolfSSL 0:1239e9b70ca2 1855 if (pkcs8Enc) {
wolfSSL 0:1239e9b70ca2 1856 int passwordSz;
wolfSSL 0:1239e9b70ca2 1857 char password[80];
wolfSSL 0:1239e9b70ca2 1858
wolfSSL 0:1239e9b70ca2 1859 if (!info || !info->ctx || !info->ctx->passwd_cb)
wolfSSL 0:1239e9b70ca2 1860 return SSL_BAD_FILE; /* no callback error */
wolfSSL 0:1239e9b70ca2 1861 passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL 0:1239e9b70ca2 1862 info->ctx->userdata);
wolfSSL 0:1239e9b70ca2 1863 /* convert and adjust length */
wolfSSL 0:1239e9b70ca2 1864 if ( (ret = ToTraditionalEnc(der->buffer, der->length, password,
wolfSSL 0:1239e9b70ca2 1865 passwordSz)) < 0 ) {
wolfSSL 0:1239e9b70ca2 1866 return ret;
wolfSSL 0:1239e9b70ca2 1867 } else {
wolfSSL 0:1239e9b70ca2 1868 der->length = ret;
wolfSSL 0:1239e9b70ca2 1869 return 0;
wolfSSL 0:1239e9b70ca2 1870 }
wolfSSL 0:1239e9b70ca2 1871 }
wolfSSL 0:1239e9b70ca2 1872 #endif
wolfSSL 0:1239e9b70ca2 1873
wolfSSL 0:1239e9b70ca2 1874 return 0;
wolfSSL 0:1239e9b70ca2 1875 }
wolfSSL 0:1239e9b70ca2 1876
wolfSSL 0:1239e9b70ca2 1877
wolfSSL 0:1239e9b70ca2 1878 /* process the buffer buff, legnth sz, into ctx of format and type
wolfSSL 0:1239e9b70ca2 1879 used tracks bytes consumed, userChain specifies a user cert chain
wolfSSL 0:1239e9b70ca2 1880 to pass during the handshake */
wolfSSL 0:1239e9b70ca2 1881 static int ProcessBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
wolfSSL 0:1239e9b70ca2 1882 long sz, int format, int type, CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 1883 long* used, int userChain)
wolfSSL 0:1239e9b70ca2 1884 {
wolfSSL 0:1239e9b70ca2 1885 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 1886 buffer der; /* holds DER or RAW (for NTRU) */
wolfSSL 0:1239e9b70ca2 1887 int ret;
wolfSSL 0:1239e9b70ca2 1888 int dynamicType = 0;
wolfSSL 0:1239e9b70ca2 1889 int eccKey = 0;
wolfSSL 0:1239e9b70ca2 1890 int rsaKey = 0;
wolfSSL 0:1239e9b70ca2 1891 void* heap = ctx ? ctx->heap : NULL;
wolfSSL 0:1239e9b70ca2 1892
wolfSSL 0:1239e9b70ca2 1893 info.set = 0;
wolfSSL 0:1239e9b70ca2 1894 info.ctx = ctx;
wolfSSL 0:1239e9b70ca2 1895 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 1896 der.buffer = 0;
wolfSSL 0:1239e9b70ca2 1897
wolfSSL 0:1239e9b70ca2 1898 (void)dynamicType;
wolfSSL 0:1239e9b70ca2 1899 (void)rsaKey;
wolfSSL 0:1239e9b70ca2 1900
wolfSSL 0:1239e9b70ca2 1901 if (used)
wolfSSL 0:1239e9b70ca2 1902 *used = sz; /* used bytes default to sz, PEM chain may shorten*/
wolfSSL 0:1239e9b70ca2 1903
wolfSSL 0:1239e9b70ca2 1904 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
wolfSSL 0:1239e9b70ca2 1905 && format != SSL_FILETYPE_RAW)
wolfSSL 0:1239e9b70ca2 1906 return SSL_BAD_FILETYPE;
wolfSSL 0:1239e9b70ca2 1907
wolfSSL 0:1239e9b70ca2 1908 if (type == CA_TYPE)
wolfSSL 0:1239e9b70ca2 1909 dynamicType = DYNAMIC_TYPE_CA;
wolfSSL 0:1239e9b70ca2 1910 else if (type == CERT_TYPE)
wolfSSL 0:1239e9b70ca2 1911 dynamicType = DYNAMIC_TYPE_CERT;
wolfSSL 0:1239e9b70ca2 1912 else
wolfSSL 0:1239e9b70ca2 1913 dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL 0:1239e9b70ca2 1914
wolfSSL 0:1239e9b70ca2 1915 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:1239e9b70ca2 1916 ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 1917 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 1918 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1919 return ret;
wolfSSL 0:1239e9b70ca2 1920 }
wolfSSL 0:1239e9b70ca2 1921 if (used)
wolfSSL 0:1239e9b70ca2 1922 *used = info.consumed;
wolfSSL 0:1239e9b70ca2 1923 /* we may have a user cert chain, try to consume */
wolfSSL 0:1239e9b70ca2 1924 if (userChain && type == CERT_TYPE && info.consumed < sz) {
wolfSSL 0:1239e9b70ca2 1925 byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
wolfSSL 0:1239e9b70ca2 1926 byte* chainBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 1927 int dynamicBuffer = 0;
wolfSSL 0:1239e9b70ca2 1928 word32 bufferSz = sizeof(staticBuffer);
wolfSSL 0:1239e9b70ca2 1929 long consumed = info.consumed;
wolfSSL 0:1239e9b70ca2 1930 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 1931 int gotOne = 0;
wolfSSL 0:1239e9b70ca2 1932
wolfSSL 0:1239e9b70ca2 1933 if ( (sz - consumed) > (int)bufferSz) {
wolfSSL 0:1239e9b70ca2 1934 CYASSL_MSG("Growing Tmp Chain Buffer");
wolfSSL 0:1239e9b70ca2 1935 bufferSz = (word32)(sz - consumed);
wolfSSL 0:1239e9b70ca2 1936 /* will shrink to actual size */
wolfSSL 0:1239e9b70ca2 1937 chainBuffer = (byte*)XMALLOC(bufferSz, heap,
wolfSSL 0:1239e9b70ca2 1938 DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 1939 if (chainBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 1940 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1941 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 1942 }
wolfSSL 0:1239e9b70ca2 1943 dynamicBuffer = 1;
wolfSSL 0:1239e9b70ca2 1944 }
wolfSSL 0:1239e9b70ca2 1945
wolfSSL 0:1239e9b70ca2 1946 CYASSL_MSG("Processing Cert Chain");
wolfSSL 0:1239e9b70ca2 1947 while (consumed < sz) {
wolfSSL 0:1239e9b70ca2 1948 buffer part;
wolfSSL 0:1239e9b70ca2 1949 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 1950 part.buffer = 0;
wolfSSL 0:1239e9b70ca2 1951
wolfSSL 0:1239e9b70ca2 1952 ret = PemToDer(buff + consumed, sz - consumed, type, &part,
wolfSSL 0:1239e9b70ca2 1953 heap, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 1954 if (ret == 0) {
wolfSSL 0:1239e9b70ca2 1955 gotOne = 1;
wolfSSL 0:1239e9b70ca2 1956 if ( (idx + part.length) > bufferSz) {
wolfSSL 0:1239e9b70ca2 1957 CYASSL_MSG(" Cert Chain bigger than buffer");
wolfSSL 0:1239e9b70ca2 1958 ret = BUFFER_E;
wolfSSL 0:1239e9b70ca2 1959 }
wolfSSL 0:1239e9b70ca2 1960 else {
wolfSSL 0:1239e9b70ca2 1961 c32to24(part.length, &chainBuffer[idx]);
wolfSSL 0:1239e9b70ca2 1962 idx += CERT_HEADER_SZ;
wolfSSL 0:1239e9b70ca2 1963 XMEMCPY(&chainBuffer[idx], part.buffer,part.length);
wolfSSL 0:1239e9b70ca2 1964 idx += part.length;
wolfSSL 0:1239e9b70ca2 1965 consumed += info.consumed;
wolfSSL 0:1239e9b70ca2 1966 if (used)
wolfSSL 0:1239e9b70ca2 1967 *used += info.consumed;
wolfSSL 0:1239e9b70ca2 1968 }
wolfSSL 0:1239e9b70ca2 1969 }
wolfSSL 0:1239e9b70ca2 1970
wolfSSL 0:1239e9b70ca2 1971 XFREE(part.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1972
wolfSSL 0:1239e9b70ca2 1973 if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL 0:1239e9b70ca2 1974 CYASSL_MSG("We got one good PEM so stuff at end ok");
wolfSSL 0:1239e9b70ca2 1975 break;
wolfSSL 0:1239e9b70ca2 1976 }
wolfSSL 0:1239e9b70ca2 1977
wolfSSL 0:1239e9b70ca2 1978 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 1979 CYASSL_MSG(" Error in Cert in Chain");
wolfSSL 0:1239e9b70ca2 1980 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 1981 return ret;
wolfSSL 0:1239e9b70ca2 1982 }
wolfSSL 0:1239e9b70ca2 1983 CYASSL_MSG(" Consumed another Cert in Chain");
wolfSSL 0:1239e9b70ca2 1984 }
wolfSSL 0:1239e9b70ca2 1985 CYASSL_MSG("Finished Processing Cert Chain");
wolfSSL 0:1239e9b70ca2 1986
wolfSSL 0:1239e9b70ca2 1987 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 1988 CYASSL_MSG("certChain needs context");
wolfSSL 0:1239e9b70ca2 1989 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 1990 }
wolfSSL 0:1239e9b70ca2 1991 ctx->certChain.buffer = (byte*)XMALLOC(idx, heap,
wolfSSL 0:1239e9b70ca2 1992 dynamicType);
wolfSSL 0:1239e9b70ca2 1993 if (ctx->certChain.buffer) {
wolfSSL 0:1239e9b70ca2 1994 ctx->certChain.length = idx;
wolfSSL 0:1239e9b70ca2 1995 XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
wolfSSL 0:1239e9b70ca2 1996 }
wolfSSL 0:1239e9b70ca2 1997 if (dynamicBuffer)
wolfSSL 0:1239e9b70ca2 1998 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 1999 if (ctx->certChain.buffer == NULL) {
wolfSSL 0:1239e9b70ca2 2000 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2001 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 2002 }
wolfSSL 0:1239e9b70ca2 2003 }
wolfSSL 0:1239e9b70ca2 2004 }
wolfSSL 0:1239e9b70ca2 2005 else { /* ASN1 (DER) or RAW (NTRU) */
wolfSSL 0:1239e9b70ca2 2006 der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2007 if (!der.buffer) return MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 2008 XMEMCPY(der.buffer, buff, sz);
wolfSSL 0:1239e9b70ca2 2009 der.length = (word32)sz;
wolfSSL 0:1239e9b70ca2 2010 }
wolfSSL 0:1239e9b70ca2 2011
wolfSSL 0:1239e9b70ca2 2012 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 2013 if (info.set) {
wolfSSL 0:1239e9b70ca2 2014 /* decrypt */
wolfSSL 0:1239e9b70ca2 2015 char password[80];
wolfSSL 0:1239e9b70ca2 2016 int passwordSz;
wolfSSL 0:1239e9b70ca2 2017
wolfSSL 0:1239e9b70ca2 2018 byte key[AES_256_KEY_SIZE];
wolfSSL 0:1239e9b70ca2 2019 byte iv[AES_IV_SIZE];
wolfSSL 0:1239e9b70ca2 2020
wolfSSL 0:1239e9b70ca2 2021 if (!ctx || !ctx->passwd_cb) {
wolfSSL 0:1239e9b70ca2 2022 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2023 return NO_PASSWORD;
wolfSSL 0:1239e9b70ca2 2024 }
wolfSSL 0:1239e9b70ca2 2025
wolfSSL 0:1239e9b70ca2 2026 /* use file's salt for key derivation, hex decode first */
wolfSSL 0:1239e9b70ca2 2027 if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
wolfSSL 0:1239e9b70ca2 2028 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2029 return ASN_INPUT_E;
wolfSSL 0:1239e9b70ca2 2030 }
wolfSSL 0:1239e9b70ca2 2031
wolfSSL 0:1239e9b70ca2 2032 passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL 0:1239e9b70ca2 2033 ctx->userdata);
wolfSSL 0:1239e9b70ca2 2034 if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
wolfSSL 0:1239e9b70ca2 2035 (byte*)password, passwordSz, 1, key, iv)) <= 0) {
wolfSSL 0:1239e9b70ca2 2036 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2037 return ret;
wolfSSL 0:1239e9b70ca2 2038 }
wolfSSL 0:1239e9b70ca2 2039
wolfSSL 0:1239e9b70ca2 2040 if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) {
wolfSSL 0:1239e9b70ca2 2041 Des enc;
wolfSSL 0:1239e9b70ca2 2042
wolfSSL 0:1239e9b70ca2 2043 ret = Des_SetKey(&enc, key, info.iv, DES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2044 if (ret != 0)
wolfSSL 0:1239e9b70ca2 2045 return ret;
wolfSSL 0:1239e9b70ca2 2046
wolfSSL 0:1239e9b70ca2 2047 Des_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
wolfSSL 0:1239e9b70ca2 2048 }
wolfSSL 0:1239e9b70ca2 2049 else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) {
wolfSSL 0:1239e9b70ca2 2050 Des3 enc;
wolfSSL 0:1239e9b70ca2 2051
wolfSSL 0:1239e9b70ca2 2052 ret = Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2053 if (ret != 0)
wolfSSL 0:1239e9b70ca2 2054 return ret;
wolfSSL 0:1239e9b70ca2 2055
wolfSSL 0:1239e9b70ca2 2056 ret = Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
wolfSSL 0:1239e9b70ca2 2057 if (ret != 0)
wolfSSL 0:1239e9b70ca2 2058 return ret;
wolfSSL 0:1239e9b70ca2 2059 }
wolfSSL 0:1239e9b70ca2 2060 else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) {
wolfSSL 0:1239e9b70ca2 2061 Aes enc;
wolfSSL 0:1239e9b70ca2 2062 ret = AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv,
wolfSSL 0:1239e9b70ca2 2063 AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2064 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2065 ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
wolfSSL 0:1239e9b70ca2 2066 }
wolfSSL 0:1239e9b70ca2 2067 else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) {
wolfSSL 0:1239e9b70ca2 2068 Aes enc;
wolfSSL 0:1239e9b70ca2 2069 ret = AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv,
wolfSSL 0:1239e9b70ca2 2070 AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2071 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2072 ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
wolfSSL 0:1239e9b70ca2 2073 }
wolfSSL 0:1239e9b70ca2 2074 else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) {
wolfSSL 0:1239e9b70ca2 2075 Aes enc;
wolfSSL 0:1239e9b70ca2 2076 ret = AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv,
wolfSSL 0:1239e9b70ca2 2077 AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 2078 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2079 ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
wolfSSL 0:1239e9b70ca2 2080 }
wolfSSL 0:1239e9b70ca2 2081 else {
wolfSSL 0:1239e9b70ca2 2082 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2083 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2084 }
wolfSSL 0:1239e9b70ca2 2085
wolfSSL 0:1239e9b70ca2 2086 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2087 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2088 return ret;
wolfSSL 0:1239e9b70ca2 2089 }
wolfSSL 0:1239e9b70ca2 2090 }
wolfSSL 0:1239e9b70ca2 2091 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:1239e9b70ca2 2092
wolfSSL 0:1239e9b70ca2 2093 if (type == CA_TYPE) {
wolfSSL 0:1239e9b70ca2 2094 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 2095 CYASSL_MSG("Need context for CA load");
wolfSSL 0:1239e9b70ca2 2096 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2097 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2098 }
wolfSSL 0:1239e9b70ca2 2099 return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer);
wolfSSL 0:1239e9b70ca2 2100 /* takes der over */
wolfSSL 0:1239e9b70ca2 2101 }
wolfSSL 0:1239e9b70ca2 2102 else if (type == CERT_TYPE) {
wolfSSL 0:1239e9b70ca2 2103 if (ssl) {
wolfSSL 0:1239e9b70ca2 2104 if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
wolfSSL 0:1239e9b70ca2 2105 XFREE(ssl->buffers.certificate.buffer, heap,
wolfSSL 0:1239e9b70ca2 2106 dynamicType);
wolfSSL 0:1239e9b70ca2 2107 ssl->buffers.certificate = der;
wolfSSL 0:1239e9b70ca2 2108 ssl->buffers.weOwnCert = 1;
wolfSSL 0:1239e9b70ca2 2109 }
wolfSSL 0:1239e9b70ca2 2110 else if (ctx) {
wolfSSL 0:1239e9b70ca2 2111 if (ctx->certificate.buffer)
wolfSSL 0:1239e9b70ca2 2112 XFREE(ctx->certificate.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2113 ctx->certificate = der; /* takes der over */
wolfSSL 0:1239e9b70ca2 2114 }
wolfSSL 0:1239e9b70ca2 2115 }
wolfSSL 0:1239e9b70ca2 2116 else if (type == PRIVATEKEY_TYPE) {
wolfSSL 0:1239e9b70ca2 2117 if (ssl) {
wolfSSL 0:1239e9b70ca2 2118 if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
wolfSSL 0:1239e9b70ca2 2119 XFREE(ssl->buffers.key.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2120 ssl->buffers.key = der;
wolfSSL 0:1239e9b70ca2 2121 ssl->buffers.weOwnKey = 1;
wolfSSL 0:1239e9b70ca2 2122 }
wolfSSL 0:1239e9b70ca2 2123 else if (ctx) {
wolfSSL 0:1239e9b70ca2 2124 if (ctx->privateKey.buffer)
wolfSSL 0:1239e9b70ca2 2125 XFREE(ctx->privateKey.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2126 ctx->privateKey = der; /* takes der over */
wolfSSL 0:1239e9b70ca2 2127 }
wolfSSL 0:1239e9b70ca2 2128 }
wolfSSL 0:1239e9b70ca2 2129 else {
wolfSSL 0:1239e9b70ca2 2130 XFREE(der.buffer, heap, dynamicType);
wolfSSL 0:1239e9b70ca2 2131 return SSL_BAD_CERTTYPE;
wolfSSL 0:1239e9b70ca2 2132 }
wolfSSL 0:1239e9b70ca2 2133
wolfSSL 0:1239e9b70ca2 2134 if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) {
wolfSSL 0:1239e9b70ca2 2135 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 2136 if (!eccKey) {
wolfSSL 0:1239e9b70ca2 2137 /* make sure RSA key can be used */
wolfSSL 0:1239e9b70ca2 2138 RsaKey key;
wolfSSL 0:1239e9b70ca2 2139 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 2140
wolfSSL 0:1239e9b70ca2 2141 ret = InitRsaKey(&key, 0);
wolfSSL 0:1239e9b70ca2 2142 if (ret != 0) return ret;
wolfSSL 0:1239e9b70ca2 2143 if (RsaPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
wolfSSL 0:1239e9b70ca2 2144 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 2145 /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
wolfSSL 0:1239e9b70ca2 2146 eccKey = 1; /* so try it out */
wolfSSL 0:1239e9b70ca2 2147 #endif
wolfSSL 0:1239e9b70ca2 2148 if (!eccKey) {
wolfSSL 0:1239e9b70ca2 2149 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 2150 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2151 }
wolfSSL 0:1239e9b70ca2 2152 } else {
wolfSSL 0:1239e9b70ca2 2153 rsaKey = 1;
wolfSSL 0:1239e9b70ca2 2154 (void)rsaKey; /* for no ecc builds */
wolfSSL 0:1239e9b70ca2 2155 }
wolfSSL 0:1239e9b70ca2 2156 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 2157 }
wolfSSL 0:1239e9b70ca2 2158 #endif
wolfSSL 0:1239e9b70ca2 2159 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 2160 if (!rsaKey) {
wolfSSL 0:1239e9b70ca2 2161 /* make sure ECC key can be used */
wolfSSL 0:1239e9b70ca2 2162 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 2163 ecc_key key;
wolfSSL 0:1239e9b70ca2 2164
wolfSSL 0:1239e9b70ca2 2165 ecc_init(&key);
wolfSSL 0:1239e9b70ca2 2166 if (EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
wolfSSL 0:1239e9b70ca2 2167 ecc_free(&key);
wolfSSL 0:1239e9b70ca2 2168 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2169 }
wolfSSL 0:1239e9b70ca2 2170 ecc_free(&key);
wolfSSL 0:1239e9b70ca2 2171 eccKey = 1;
wolfSSL 0:1239e9b70ca2 2172 if (ctx)
wolfSSL 0:1239e9b70ca2 2173 ctx->haveStaticECC = 1;
wolfSSL 0:1239e9b70ca2 2174 if (ssl)
wolfSSL 0:1239e9b70ca2 2175 ssl->options.haveStaticECC = 1;
wolfSSL 0:1239e9b70ca2 2176 }
wolfSSL 0:1239e9b70ca2 2177 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 2178 }
wolfSSL 0:1239e9b70ca2 2179 else if (type == CERT_TYPE) {
wolfSSL 0:1239e9b70ca2 2180 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 2181
wolfSSL 0:1239e9b70ca2 2182 CYASSL_MSG("Checking cert signature type");
wolfSSL 0:1239e9b70ca2 2183 InitDecodedCert(&cert, der.buffer, der.length, heap);
wolfSSL 0:1239e9b70ca2 2184
wolfSSL 0:1239e9b70ca2 2185 if (DecodeToKey(&cert, 0) < 0) {
wolfSSL 0:1239e9b70ca2 2186 CYASSL_MSG("Decode to key failed");
wolfSSL 0:1239e9b70ca2 2187 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2188 }
wolfSSL 0:1239e9b70ca2 2189 switch (cert.signatureOID) {
wolfSSL 0:1239e9b70ca2 2190 case CTC_SHAwECDSA:
wolfSSL 0:1239e9b70ca2 2191 case CTC_SHA256wECDSA:
wolfSSL 0:1239e9b70ca2 2192 case CTC_SHA384wECDSA:
wolfSSL 0:1239e9b70ca2 2193 case CTC_SHA512wECDSA:
wolfSSL 0:1239e9b70ca2 2194 CYASSL_MSG("ECDSA cert signature");
wolfSSL 0:1239e9b70ca2 2195 if (ctx)
wolfSSL 0:1239e9b70ca2 2196 ctx->haveECDSAsig = 1;
wolfSSL 0:1239e9b70ca2 2197 if (ssl)
wolfSSL 0:1239e9b70ca2 2198 ssl->options.haveECDSAsig = 1;
wolfSSL 0:1239e9b70ca2 2199 break;
wolfSSL 0:1239e9b70ca2 2200 default:
wolfSSL 0:1239e9b70ca2 2201 CYASSL_MSG("Not ECDSA cert signature");
wolfSSL 0:1239e9b70ca2 2202 break;
wolfSSL 0:1239e9b70ca2 2203 }
wolfSSL 0:1239e9b70ca2 2204
wolfSSL 0:1239e9b70ca2 2205 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 2206 if (ctx)
wolfSSL 0:1239e9b70ca2 2207 ctx->pkCurveOID = cert.pkCurveOID;
wolfSSL 0:1239e9b70ca2 2208 if (ssl)
wolfSSL 0:1239e9b70ca2 2209 ssl->pkCurveOID = cert.pkCurveOID;
wolfSSL 0:1239e9b70ca2 2210 #endif
wolfSSL 0:1239e9b70ca2 2211
wolfSSL 0:1239e9b70ca2 2212 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 2213 }
wolfSSL 0:1239e9b70ca2 2214
wolfSSL 0:1239e9b70ca2 2215 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2216 }
wolfSSL 0:1239e9b70ca2 2217
wolfSSL 0:1239e9b70ca2 2218
wolfSSL 0:1239e9b70ca2 2219
wolfSSL 0:1239e9b70ca2 2220
wolfSSL 0:1239e9b70ca2 2221 /* CA PEM file for verification, may have multiple/chain certs to process */
wolfSSL 0:1239e9b70ca2 2222 static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
wolfSSL 0:1239e9b70ca2 2223 long sz, int format, int type, CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 2224 {
wolfSSL 0:1239e9b70ca2 2225 long used = 0;
wolfSSL 0:1239e9b70ca2 2226 int ret = 0;
wolfSSL 0:1239e9b70ca2 2227 int gotOne = 0;
wolfSSL 0:1239e9b70ca2 2228
wolfSSL 0:1239e9b70ca2 2229 CYASSL_MSG("Processing CA PEM file");
wolfSSL 0:1239e9b70ca2 2230 while (used < sz) {
wolfSSL 0:1239e9b70ca2 2231 long consumed = 0;
wolfSSL 0:1239e9b70ca2 2232
wolfSSL 0:1239e9b70ca2 2233 ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
wolfSSL 0:1239e9b70ca2 2234 &consumed, 0);
wolfSSL 0:1239e9b70ca2 2235
wolfSSL 0:1239e9b70ca2 2236 if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL 0:1239e9b70ca2 2237 CYASSL_MSG("We got one good PEM file so stuff at end ok");
wolfSSL 0:1239e9b70ca2 2238 ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2239 break;
wolfSSL 0:1239e9b70ca2 2240 }
wolfSSL 0:1239e9b70ca2 2241
wolfSSL 0:1239e9b70ca2 2242 if (ret < 0)
wolfSSL 0:1239e9b70ca2 2243 break;
wolfSSL 0:1239e9b70ca2 2244
wolfSSL 0:1239e9b70ca2 2245 CYASSL_MSG(" Processed a CA");
wolfSSL 0:1239e9b70ca2 2246 gotOne = 1;
wolfSSL 0:1239e9b70ca2 2247 used += consumed;
wolfSSL 0:1239e9b70ca2 2248 }
wolfSSL 0:1239e9b70ca2 2249
wolfSSL 0:1239e9b70ca2 2250 return ret;
wolfSSL 0:1239e9b70ca2 2251 }
wolfSSL 0:1239e9b70ca2 2252
wolfSSL 0:1239e9b70ca2 2253
wolfSSL 0:1239e9b70ca2 2254 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 0:1239e9b70ca2 2255 int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
wolfSSL 0:1239e9b70ca2 2256 long sz, int format)
wolfSSL 0:1239e9b70ca2 2257 {
wolfSSL 0:1239e9b70ca2 2258 int ret = 0;
wolfSSL 0:1239e9b70ca2 2259 int eccKey = 0; /* not used */
wolfSSL 0:1239e9b70ca2 2260
wolfSSL 0:1239e9b70ca2 2261 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 2262 buffer der;
wolfSSL 0:1239e9b70ca2 2263
wolfSSL 0:1239e9b70ca2 2264 CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
wolfSSL 0:1239e9b70ca2 2265
wolfSSL 0:1239e9b70ca2 2266 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 2267 der.length = 0;
wolfSSL 0:1239e9b70ca2 2268
wolfSSL 0:1239e9b70ca2 2269 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:1239e9b70ca2 2270 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 2271
wolfSSL 0:1239e9b70ca2 2272 info.set = 0;
wolfSSL 0:1239e9b70ca2 2273 info.ctx = NULL;
wolfSSL 0:1239e9b70ca2 2274 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 2275 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey);
wolfSSL 0:1239e9b70ca2 2276 InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
wolfSSL 0:1239e9b70ca2 2277 }
wolfSSL 0:1239e9b70ca2 2278 else
wolfSSL 0:1239e9b70ca2 2279 InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap);
wolfSSL 0:1239e9b70ca2 2280
wolfSSL 0:1239e9b70ca2 2281 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2282 ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
wolfSSL 0:1239e9b70ca2 2283 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 2284 if (ret == 0 && cm->crlEnabled)
wolfSSL 0:1239e9b70ca2 2285 ret = CheckCertCRL(cm->crl, &cert);
wolfSSL 0:1239e9b70ca2 2286 #endif
wolfSSL 0:1239e9b70ca2 2287
wolfSSL 0:1239e9b70ca2 2288 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 2289 XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 2290
wolfSSL 0:1239e9b70ca2 2291 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2292 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2293 return ret;
wolfSSL 0:1239e9b70ca2 2294 }
wolfSSL 0:1239e9b70ca2 2295
wolfSSL 0:1239e9b70ca2 2296
wolfSSL 0:1239e9b70ca2 2297 #ifndef NO_FILESYSTEM
wolfSSL 0:1239e9b70ca2 2298
wolfSSL 0:1239e9b70ca2 2299 #if defined(CYASSL_MDK_ARM)
wolfSSL 0:1239e9b70ca2 2300 extern FILE * CyaSSL_fopen(const char *name, const char *mode) ;
wolfSSL 0:1239e9b70ca2 2301 #define XFOPEN CyaSSL_fopen
wolfSSL 0:1239e9b70ca2 2302 #else
wolfSSL 0:1239e9b70ca2 2303 #define XFOPEN fopen
wolfSSL 0:1239e9b70ca2 2304 #endif
wolfSSL 0:1239e9b70ca2 2305
wolfSSL 0:1239e9b70ca2 2306 /* process a file with name fname into ctx of format and type
wolfSSL 0:1239e9b70ca2 2307 userChain specifies a user certificate chain to pass during handshake */
wolfSSL 0:1239e9b70ca2 2308 int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
wolfSSL 0:1239e9b70ca2 2309 CYASSL* ssl, int userChain, CYASSL_CRL* crl)
wolfSSL 0:1239e9b70ca2 2310 {
wolfSSL 0:1239e9b70ca2 2311 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 2312 byte* myBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 2313 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 2314 int ret;
wolfSSL 0:1239e9b70ca2 2315 long sz = 0;
wolfSSL 0:1239e9b70ca2 2316 XFILE file;
wolfSSL 0:1239e9b70ca2 2317 void* heapHint = ctx ? ctx->heap : NULL;
wolfSSL 0:1239e9b70ca2 2318
wolfSSL 0:1239e9b70ca2 2319 (void)crl;
wolfSSL 0:1239e9b70ca2 2320 (void)heapHint;
wolfSSL 0:1239e9b70ca2 2321
wolfSSL 0:1239e9b70ca2 2322 if (fname == NULL) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2323
wolfSSL 0:1239e9b70ca2 2324 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 2325 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2326 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 2327 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 2328 XREWIND(file);
wolfSSL 0:1239e9b70ca2 2329
wolfSSL 0:1239e9b70ca2 2330 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 2331 CYASSL_MSG("Getting dynamic buffer");
wolfSSL 0:1239e9b70ca2 2332 myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 2333 if (myBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 2334 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2335 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2336 }
wolfSSL 0:1239e9b70ca2 2337 dynamic = 1;
wolfSSL 0:1239e9b70ca2 2338 }
wolfSSL 0:1239e9b70ca2 2339 else if (sz < 0) {
wolfSSL 0:1239e9b70ca2 2340 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2341 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2342 }
wolfSSL 0:1239e9b70ca2 2343
wolfSSL 0:1239e9b70ca2 2344 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 0:1239e9b70ca2 2345 ret = SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2346 else {
wolfSSL 0:1239e9b70ca2 2347 if (type == CA_TYPE && format == SSL_FILETYPE_PEM)
wolfSSL 0:1239e9b70ca2 2348 ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
wolfSSL 0:1239e9b70ca2 2349 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 2350 else if (type == CRL_TYPE)
wolfSSL 0:1239e9b70ca2 2351 ret = BufferLoadCRL(crl, myBuffer, sz, format);
wolfSSL 0:1239e9b70ca2 2352 #endif
wolfSSL 0:1239e9b70ca2 2353 else
wolfSSL 0:1239e9b70ca2 2354 ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
wolfSSL 0:1239e9b70ca2 2355 userChain);
wolfSSL 0:1239e9b70ca2 2356 }
wolfSSL 0:1239e9b70ca2 2357
wolfSSL 0:1239e9b70ca2 2358 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2359 if (dynamic) XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 2360
wolfSSL 0:1239e9b70ca2 2361 return ret;
wolfSSL 0:1239e9b70ca2 2362 }
wolfSSL 0:1239e9b70ca2 2363
wolfSSL 0:1239e9b70ca2 2364
wolfSSL 0:1239e9b70ca2 2365 /* loads file then loads each file in path, no c_rehash */
wolfSSL 0:1239e9b70ca2 2366 int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
wolfSSL 0:1239e9b70ca2 2367 const char* path)
wolfSSL 0:1239e9b70ca2 2368 {
wolfSSL 0:1239e9b70ca2 2369 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2370
wolfSSL 0:1239e9b70ca2 2371 CYASSL_ENTER("CyaSSL_CTX_load_verify_locations");
wolfSSL 0:1239e9b70ca2 2372 (void)path;
wolfSSL 0:1239e9b70ca2 2373
wolfSSL 0:1239e9b70ca2 2374 if (ctx == NULL || (file == NULL && path == NULL) )
wolfSSL 0:1239e9b70ca2 2375 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2376
wolfSSL 0:1239e9b70ca2 2377 if (file)
wolfSSL 0:1239e9b70ca2 2378 ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
wolfSSL 0:1239e9b70ca2 2379
wolfSSL 0:1239e9b70ca2 2380 if (ret == SSL_SUCCESS && path) {
wolfSSL 0:1239e9b70ca2 2381 /* try to load each regular file in path */
wolfSSL 0:1239e9b70ca2 2382 #ifdef USE_WINDOWS_API
wolfSSL 0:1239e9b70ca2 2383 WIN32_FIND_DATAA FindFileData;
wolfSSL 0:1239e9b70ca2 2384 HANDLE hFind;
wolfSSL 0:1239e9b70ca2 2385 char name[MAX_FILENAME_SZ];
wolfSSL 0:1239e9b70ca2 2386
wolfSSL 0:1239e9b70ca2 2387 XMEMSET(name, 0, sizeof(name));
wolfSSL 0:1239e9b70ca2 2388 XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
wolfSSL 0:1239e9b70ca2 2389 XSTRNCAT(name, "\\*", 3);
wolfSSL 0:1239e9b70ca2 2390
wolfSSL 0:1239e9b70ca2 2391 hFind = FindFirstFileA(name, &FindFileData);
wolfSSL 0:1239e9b70ca2 2392 if (hFind == INVALID_HANDLE_VALUE) {
wolfSSL 0:1239e9b70ca2 2393 CYASSL_MSG("FindFirstFile for path verify locations failed");
wolfSSL 0:1239e9b70ca2 2394 return BAD_PATH_ERROR;
wolfSSL 0:1239e9b70ca2 2395 }
wolfSSL 0:1239e9b70ca2 2396
wolfSSL 0:1239e9b70ca2 2397 do {
wolfSSL 0:1239e9b70ca2 2398 if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
wolfSSL 0:1239e9b70ca2 2399 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3);
wolfSSL 0:1239e9b70ca2 2400 XSTRNCAT(name, "\\", 2);
wolfSSL 0:1239e9b70ca2 2401 XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
wolfSSL 0:1239e9b70ca2 2402
wolfSSL 0:1239e9b70ca2 2403 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
wolfSSL 0:1239e9b70ca2 2404 NULL);
wolfSSL 0:1239e9b70ca2 2405 }
wolfSSL 0:1239e9b70ca2 2406 } while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
wolfSSL 0:1239e9b70ca2 2407
wolfSSL 0:1239e9b70ca2 2408 FindClose(hFind);
wolfSSL 0:1239e9b70ca2 2409 #elif !defined(NO_CYASSL_DIR)
wolfSSL 0:1239e9b70ca2 2410 struct dirent* entry;
wolfSSL 0:1239e9b70ca2 2411 DIR* dir = opendir(path);
wolfSSL 0:1239e9b70ca2 2412
wolfSSL 0:1239e9b70ca2 2413 if (dir == NULL) {
wolfSSL 0:1239e9b70ca2 2414 CYASSL_MSG("opendir path verify locations failed");
wolfSSL 0:1239e9b70ca2 2415 return BAD_PATH_ERROR;
wolfSSL 0:1239e9b70ca2 2416 }
wolfSSL 0:1239e9b70ca2 2417 while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
wolfSSL 0:1239e9b70ca2 2418 char name[MAX_FILENAME_SZ];
wolfSSL 0:1239e9b70ca2 2419 struct stat s;
wolfSSL 0:1239e9b70ca2 2420
wolfSSL 0:1239e9b70ca2 2421 XMEMSET(name, 0, sizeof(name));
wolfSSL 0:1239e9b70ca2 2422 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
wolfSSL 0:1239e9b70ca2 2423 XSTRNCAT(name, "/", 1);
wolfSSL 0:1239e9b70ca2 2424 XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
wolfSSL 0:1239e9b70ca2 2425
wolfSSL 0:1239e9b70ca2 2426 if (stat(name, &s) != 0) {
wolfSSL 0:1239e9b70ca2 2427 CYASSL_MSG("stat on name failed");
wolfSSL 0:1239e9b70ca2 2428 closedir(dir);
wolfSSL 0:1239e9b70ca2 2429 return BAD_PATH_ERROR;
wolfSSL 0:1239e9b70ca2 2430 }
wolfSSL 0:1239e9b70ca2 2431 if (s.st_mode & S_IFREG) {
wolfSSL 0:1239e9b70ca2 2432 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
wolfSSL 0:1239e9b70ca2 2433 NULL);
wolfSSL 0:1239e9b70ca2 2434 }
wolfSSL 0:1239e9b70ca2 2435 }
wolfSSL 0:1239e9b70ca2 2436 closedir(dir);
wolfSSL 0:1239e9b70ca2 2437 #endif
wolfSSL 0:1239e9b70ca2 2438 }
wolfSSL 0:1239e9b70ca2 2439
wolfSSL 0:1239e9b70ca2 2440 return ret;
wolfSSL 0:1239e9b70ca2 2441 }
wolfSSL 0:1239e9b70ca2 2442
wolfSSL 0:1239e9b70ca2 2443
wolfSSL 0:1239e9b70ca2 2444 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 0:1239e9b70ca2 2445 int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
wolfSSL 0:1239e9b70ca2 2446 int format)
wolfSSL 0:1239e9b70ca2 2447 {
wolfSSL 0:1239e9b70ca2 2448 int ret = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 2449 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 2450 byte* myBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 2451 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 2452 long sz = 0;
wolfSSL 0:1239e9b70ca2 2453 XFILE file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 2454
wolfSSL 0:1239e9b70ca2 2455 CYASSL_ENTER("CyaSSL_CertManagerVerify");
wolfSSL 0:1239e9b70ca2 2456
wolfSSL 0:1239e9b70ca2 2457 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2458 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 2459 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 2460 XREWIND(file);
wolfSSL 0:1239e9b70ca2 2461
wolfSSL 0:1239e9b70ca2 2462 if (sz > MAX_CYASSL_FILE_SIZE || sz < 0) {
wolfSSL 0:1239e9b70ca2 2463 CYASSL_MSG("CertManagerVerify file bad size");
wolfSSL 0:1239e9b70ca2 2464 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2465 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2466 }
wolfSSL 0:1239e9b70ca2 2467
wolfSSL 0:1239e9b70ca2 2468 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 2469 CYASSL_MSG("Getting dynamic buffer");
wolfSSL 0:1239e9b70ca2 2470 myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 2471 if (myBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 2472 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2473 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2474 }
wolfSSL 0:1239e9b70ca2 2475 dynamic = 1;
wolfSSL 0:1239e9b70ca2 2476 }
wolfSSL 0:1239e9b70ca2 2477
wolfSSL 0:1239e9b70ca2 2478 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 0:1239e9b70ca2 2479 ret = SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 2480 else
wolfSSL 0:1239e9b70ca2 2481 ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
wolfSSL 0:1239e9b70ca2 2482
wolfSSL 0:1239e9b70ca2 2483 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 2484 if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 2485
wolfSSL 0:1239e9b70ca2 2486 return ret;
wolfSSL 0:1239e9b70ca2 2487 }
wolfSSL 0:1239e9b70ca2 2488
wolfSSL 0:1239e9b70ca2 2489
wolfSSL 0:1239e9b70ca2 2490 static INLINE CYASSL_METHOD* cm_pick_method(void)
wolfSSL 0:1239e9b70ca2 2491 {
wolfSSL 0:1239e9b70ca2 2492 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 2493 #ifdef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 2494 return CyaTLSv1_2_client_method();
wolfSSL 0:1239e9b70ca2 2495 #else
wolfSSL 0:1239e9b70ca2 2496 return CyaSSLv3_client_method();
wolfSSL 0:1239e9b70ca2 2497 #endif
wolfSSL 0:1239e9b70ca2 2498 #elif !defined(NO_CYASSL_SERVER)
wolfSSL 0:1239e9b70ca2 2499 #ifdef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 2500 return CyaTLSv1_2_server_method();
wolfSSL 0:1239e9b70ca2 2501 #else
wolfSSL 0:1239e9b70ca2 2502 return CyaSSLv3_server_method();
wolfSSL 0:1239e9b70ca2 2503 #endif
wolfSSL 0:1239e9b70ca2 2504 #else
wolfSSL 0:1239e9b70ca2 2505 return NULL;
wolfSSL 0:1239e9b70ca2 2506 #endif
wolfSSL 0:1239e9b70ca2 2507 }
wolfSSL 0:1239e9b70ca2 2508
wolfSSL 0:1239e9b70ca2 2509
wolfSSL 0:1239e9b70ca2 2510 /* like load verify locations, 1 for success, < 0 for error */
wolfSSL 0:1239e9b70ca2 2511 int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
wolfSSL 0:1239e9b70ca2 2512 const char* path)
wolfSSL 0:1239e9b70ca2 2513 {
wolfSSL 0:1239e9b70ca2 2514 int ret = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 2515 CYASSL_CTX* tmp;
wolfSSL 0:1239e9b70ca2 2516
wolfSSL 0:1239e9b70ca2 2517 CYASSL_ENTER("CyaSSL_CertManagerLoadCA");
wolfSSL 0:1239e9b70ca2 2518
wolfSSL 0:1239e9b70ca2 2519 if (cm == NULL) {
wolfSSL 0:1239e9b70ca2 2520 CYASSL_MSG("No CertManager error");
wolfSSL 0:1239e9b70ca2 2521 return ret;
wolfSSL 0:1239e9b70ca2 2522 }
wolfSSL 0:1239e9b70ca2 2523 tmp = CyaSSL_CTX_new(cm_pick_method());
wolfSSL 0:1239e9b70ca2 2524
wolfSSL 0:1239e9b70ca2 2525 if (tmp == NULL) {
wolfSSL 0:1239e9b70ca2 2526 CYASSL_MSG("CTX new failed");
wolfSSL 0:1239e9b70ca2 2527 return ret;
wolfSSL 0:1239e9b70ca2 2528 }
wolfSSL 0:1239e9b70ca2 2529
wolfSSL 0:1239e9b70ca2 2530 /* for tmp use */
wolfSSL 0:1239e9b70ca2 2531 CyaSSL_CertManagerFree(tmp->cm);
wolfSSL 0:1239e9b70ca2 2532 tmp->cm = cm;
wolfSSL 0:1239e9b70ca2 2533
wolfSSL 0:1239e9b70ca2 2534 ret = CyaSSL_CTX_load_verify_locations(tmp, file, path);
wolfSSL 0:1239e9b70ca2 2535
wolfSSL 0:1239e9b70ca2 2536 /* don't loose our good one */
wolfSSL 0:1239e9b70ca2 2537 tmp->cm = NULL;
wolfSSL 0:1239e9b70ca2 2538 CyaSSL_CTX_free(tmp);
wolfSSL 0:1239e9b70ca2 2539
wolfSSL 0:1239e9b70ca2 2540 return ret;
wolfSSL 0:1239e9b70ca2 2541 }
wolfSSL 0:1239e9b70ca2 2542
wolfSSL 0:1239e9b70ca2 2543
wolfSSL 0:1239e9b70ca2 2544
wolfSSL 0:1239e9b70ca2 2545 /* turn on CRL if off and compiled in, set options */
wolfSSL 0:1239e9b70ca2 2546 int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
wolfSSL 0:1239e9b70ca2 2547 {
wolfSSL 0:1239e9b70ca2 2548 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2549
wolfSSL 0:1239e9b70ca2 2550 (void)options;
wolfSSL 0:1239e9b70ca2 2551
wolfSSL 0:1239e9b70ca2 2552 CYASSL_ENTER("CyaSSL_CertManagerEnableCRL");
wolfSSL 0:1239e9b70ca2 2553 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2554 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2555
wolfSSL 0:1239e9b70ca2 2556 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 2557 if (cm->crl == NULL) {
wolfSSL 0:1239e9b70ca2 2558 cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap,
wolfSSL 0:1239e9b70ca2 2559 DYNAMIC_TYPE_CRL);
wolfSSL 0:1239e9b70ca2 2560 if (cm->crl == NULL)
wolfSSL 0:1239e9b70ca2 2561 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 2562
wolfSSL 0:1239e9b70ca2 2563 if (InitCRL(cm->crl, cm) != 0) {
wolfSSL 0:1239e9b70ca2 2564 CYASSL_MSG("Init CRL failed");
wolfSSL 0:1239e9b70ca2 2565 FreeCRL(cm->crl, 1);
wolfSSL 0:1239e9b70ca2 2566 cm->crl = NULL;
wolfSSL 0:1239e9b70ca2 2567 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2568 }
wolfSSL 0:1239e9b70ca2 2569 }
wolfSSL 0:1239e9b70ca2 2570 cm->crlEnabled = 1;
wolfSSL 0:1239e9b70ca2 2571 if (options & CYASSL_CRL_CHECKALL)
wolfSSL 0:1239e9b70ca2 2572 cm->crlCheckAll = 1;
wolfSSL 0:1239e9b70ca2 2573 #else
wolfSSL 0:1239e9b70ca2 2574 ret = NOT_COMPILED_IN;
wolfSSL 0:1239e9b70ca2 2575 #endif
wolfSSL 0:1239e9b70ca2 2576
wolfSSL 0:1239e9b70ca2 2577 return ret;
wolfSSL 0:1239e9b70ca2 2578 }
wolfSSL 0:1239e9b70ca2 2579
wolfSSL 0:1239e9b70ca2 2580
wolfSSL 0:1239e9b70ca2 2581 int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 2582 {
wolfSSL 0:1239e9b70ca2 2583 CYASSL_ENTER("CyaSSL_CertManagerDisableCRL");
wolfSSL 0:1239e9b70ca2 2584 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2585 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2586
wolfSSL 0:1239e9b70ca2 2587 cm->crlEnabled = 0;
wolfSSL 0:1239e9b70ca2 2588
wolfSSL 0:1239e9b70ca2 2589 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2590 }
wolfSSL 0:1239e9b70ca2 2591
wolfSSL 0:1239e9b70ca2 2592
wolfSSL 0:1239e9b70ca2 2593 /* turn on OCSP if off and compiled in, set options */
wolfSSL 0:1239e9b70ca2 2594 int CyaSSL_CertManagerEnableOCSP(CYASSL_CERT_MANAGER* cm, int options)
wolfSSL 0:1239e9b70ca2 2595 {
wolfSSL 0:1239e9b70ca2 2596 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2597
wolfSSL 0:1239e9b70ca2 2598 (void)options;
wolfSSL 0:1239e9b70ca2 2599
wolfSSL 0:1239e9b70ca2 2600 CYASSL_ENTER("CyaSSL_CertManagerEnableOCSP");
wolfSSL 0:1239e9b70ca2 2601 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2602 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2603
wolfSSL 0:1239e9b70ca2 2604 #ifdef HAVE_OCSP
wolfSSL 0:1239e9b70ca2 2605 if (cm->ocsp == NULL) {
wolfSSL 0:1239e9b70ca2 2606 cm->ocsp = (CYASSL_OCSP*)XMALLOC(sizeof(CYASSL_OCSP), cm->heap,
wolfSSL 0:1239e9b70ca2 2607 DYNAMIC_TYPE_OCSP);
wolfSSL 0:1239e9b70ca2 2608 if (cm->ocsp == NULL)
wolfSSL 0:1239e9b70ca2 2609 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 2610
wolfSSL 0:1239e9b70ca2 2611 if (InitOCSP(cm->ocsp, cm) != 0) {
wolfSSL 0:1239e9b70ca2 2612 CYASSL_MSG("Init OCSP failed");
wolfSSL 0:1239e9b70ca2 2613 FreeOCSP(cm->ocsp, 1);
wolfSSL 0:1239e9b70ca2 2614 cm->ocsp = NULL;
wolfSSL 0:1239e9b70ca2 2615 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2616 }
wolfSSL 0:1239e9b70ca2 2617 }
wolfSSL 0:1239e9b70ca2 2618 cm->ocspEnabled = 1;
wolfSSL 0:1239e9b70ca2 2619 if (options & CYASSL_OCSP_URL_OVERRIDE)
wolfSSL 0:1239e9b70ca2 2620 cm->ocspUseOverrideURL = 1;
wolfSSL 0:1239e9b70ca2 2621 if (options & CYASSL_OCSP_NO_NONCE)
wolfSSL 0:1239e9b70ca2 2622 cm->ocspSendNonce = 0;
wolfSSL 0:1239e9b70ca2 2623 else
wolfSSL 0:1239e9b70ca2 2624 cm->ocspSendNonce = 1;
wolfSSL 0:1239e9b70ca2 2625 #ifndef CYASSL_USER_IO
wolfSSL 0:1239e9b70ca2 2626 cm->ocspIOCb = EmbedOcspLookup;
wolfSSL 0:1239e9b70ca2 2627 cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL 0:1239e9b70ca2 2628 #endif /* CYASSL_USER_IO */
wolfSSL 0:1239e9b70ca2 2629 #else
wolfSSL 0:1239e9b70ca2 2630 ret = NOT_COMPILED_IN;
wolfSSL 0:1239e9b70ca2 2631 #endif
wolfSSL 0:1239e9b70ca2 2632
wolfSSL 0:1239e9b70ca2 2633 return ret;
wolfSSL 0:1239e9b70ca2 2634 }
wolfSSL 0:1239e9b70ca2 2635
wolfSSL 0:1239e9b70ca2 2636
wolfSSL 0:1239e9b70ca2 2637 int CyaSSL_CertManagerDisableOCSP(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 2638 {
wolfSSL 0:1239e9b70ca2 2639 CYASSL_ENTER("CyaSSL_CertManagerDisableOCSP");
wolfSSL 0:1239e9b70ca2 2640 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2641 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2642
wolfSSL 0:1239e9b70ca2 2643 cm->ocspEnabled = 0;
wolfSSL 0:1239e9b70ca2 2644
wolfSSL 0:1239e9b70ca2 2645 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2646 }
wolfSSL 0:1239e9b70ca2 2647
wolfSSL 0:1239e9b70ca2 2648
wolfSSL 0:1239e9b70ca2 2649 int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 2650 {
wolfSSL 0:1239e9b70ca2 2651 /* TODO: check private against public for RSA match */
wolfSSL 0:1239e9b70ca2 2652 (void)ctx;
wolfSSL 0:1239e9b70ca2 2653 CYASSL_ENTER("SSL_CTX_check_private_key");
wolfSSL 0:1239e9b70ca2 2654 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2655 }
wolfSSL 0:1239e9b70ca2 2656
wolfSSL 0:1239e9b70ca2 2657
wolfSSL 0:1239e9b70ca2 2658 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 2659
wolfSSL 0:1239e9b70ca2 2660
wolfSSL 0:1239e9b70ca2 2661 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 0:1239e9b70ca2 2662 int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 0:1239e9b70ca2 2663 {
wolfSSL 0:1239e9b70ca2 2664 int ret;
wolfSSL 0:1239e9b70ca2 2665 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 2666
wolfSSL 0:1239e9b70ca2 2667 CYASSL_ENTER("CyaSSL_CertManagerCheckCRL");
wolfSSL 0:1239e9b70ca2 2668
wolfSSL 0:1239e9b70ca2 2669 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2670 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2671
wolfSSL 0:1239e9b70ca2 2672 if (cm->crlEnabled == 0)
wolfSSL 0:1239e9b70ca2 2673 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2674
wolfSSL 0:1239e9b70ca2 2675 InitDecodedCert(&cert, der, sz, NULL);
wolfSSL 0:1239e9b70ca2 2676
wolfSSL 0:1239e9b70ca2 2677 ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
wolfSSL 0:1239e9b70ca2 2678 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2679 CYASSL_MSG("ParseCert failed");
wolfSSL 0:1239e9b70ca2 2680 return ret;
wolfSSL 0:1239e9b70ca2 2681 }
wolfSSL 0:1239e9b70ca2 2682 else {
wolfSSL 0:1239e9b70ca2 2683 ret = CheckCertCRL(cm->crl, &cert);
wolfSSL 0:1239e9b70ca2 2684 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2685 CYASSL_MSG("CheckCertCRL failed");
wolfSSL 0:1239e9b70ca2 2686 }
wolfSSL 0:1239e9b70ca2 2687 }
wolfSSL 0:1239e9b70ca2 2688
wolfSSL 0:1239e9b70ca2 2689 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 2690
wolfSSL 0:1239e9b70ca2 2691 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2692 return SSL_SUCCESS; /* convert */
wolfSSL 0:1239e9b70ca2 2693
wolfSSL 0:1239e9b70ca2 2694 return ret;
wolfSSL 0:1239e9b70ca2 2695 }
wolfSSL 0:1239e9b70ca2 2696
wolfSSL 0:1239e9b70ca2 2697
wolfSSL 0:1239e9b70ca2 2698 int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
wolfSSL 0:1239e9b70ca2 2699 {
wolfSSL 0:1239e9b70ca2 2700 CYASSL_ENTER("CyaSSL_CertManagerSetCRL_Cb");
wolfSSL 0:1239e9b70ca2 2701 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2702 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2703
wolfSSL 0:1239e9b70ca2 2704 cm->cbMissingCRL = cb;
wolfSSL 0:1239e9b70ca2 2705
wolfSSL 0:1239e9b70ca2 2706 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2707 }
wolfSSL 0:1239e9b70ca2 2708
wolfSSL 0:1239e9b70ca2 2709
wolfSSL 0:1239e9b70ca2 2710 int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
wolfSSL 0:1239e9b70ca2 2711 int type, int monitor)
wolfSSL 0:1239e9b70ca2 2712 {
wolfSSL 0:1239e9b70ca2 2713 CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
wolfSSL 0:1239e9b70ca2 2714 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2715 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2716
wolfSSL 0:1239e9b70ca2 2717 if (cm->crl == NULL) {
wolfSSL 0:1239e9b70ca2 2718 if (CyaSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 2719 CYASSL_MSG("Enable CRL failed");
wolfSSL 0:1239e9b70ca2 2720 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 2721 }
wolfSSL 0:1239e9b70ca2 2722 }
wolfSSL 0:1239e9b70ca2 2723
wolfSSL 0:1239e9b70ca2 2724 return LoadCRL(cm->crl, path, type, monitor);
wolfSSL 0:1239e9b70ca2 2725 }
wolfSSL 0:1239e9b70ca2 2726
wolfSSL 0:1239e9b70ca2 2727
wolfSSL 0:1239e9b70ca2 2728 int CyaSSL_EnableCRL(CYASSL* ssl, int options)
wolfSSL 0:1239e9b70ca2 2729 {
wolfSSL 0:1239e9b70ca2 2730 CYASSL_ENTER("CyaSSL_EnableCRL");
wolfSSL 0:1239e9b70ca2 2731 if (ssl)
wolfSSL 0:1239e9b70ca2 2732 return CyaSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
wolfSSL 0:1239e9b70ca2 2733 else
wolfSSL 0:1239e9b70ca2 2734 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2735 }
wolfSSL 0:1239e9b70ca2 2736
wolfSSL 0:1239e9b70ca2 2737
wolfSSL 0:1239e9b70ca2 2738 int CyaSSL_DisableCRL(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 2739 {
wolfSSL 0:1239e9b70ca2 2740 CYASSL_ENTER("CyaSSL_DisableCRL");
wolfSSL 0:1239e9b70ca2 2741 if (ssl)
wolfSSL 0:1239e9b70ca2 2742 return CyaSSL_CertManagerDisableCRL(ssl->ctx->cm);
wolfSSL 0:1239e9b70ca2 2743 else
wolfSSL 0:1239e9b70ca2 2744 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2745 }
wolfSSL 0:1239e9b70ca2 2746
wolfSSL 0:1239e9b70ca2 2747
wolfSSL 0:1239e9b70ca2 2748 int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor)
wolfSSL 0:1239e9b70ca2 2749 {
wolfSSL 0:1239e9b70ca2 2750 CYASSL_ENTER("CyaSSL_LoadCRL");
wolfSSL 0:1239e9b70ca2 2751 if (ssl)
wolfSSL 0:1239e9b70ca2 2752 return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
wolfSSL 0:1239e9b70ca2 2753 else
wolfSSL 0:1239e9b70ca2 2754 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2755 }
wolfSSL 0:1239e9b70ca2 2756
wolfSSL 0:1239e9b70ca2 2757
wolfSSL 0:1239e9b70ca2 2758 int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb)
wolfSSL 0:1239e9b70ca2 2759 {
wolfSSL 0:1239e9b70ca2 2760 CYASSL_ENTER("CyaSSL_SetCRL_Cb");
wolfSSL 0:1239e9b70ca2 2761 if (ssl)
wolfSSL 0:1239e9b70ca2 2762 return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
wolfSSL 0:1239e9b70ca2 2763 else
wolfSSL 0:1239e9b70ca2 2764 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2765 }
wolfSSL 0:1239e9b70ca2 2766
wolfSSL 0:1239e9b70ca2 2767
wolfSSL 0:1239e9b70ca2 2768 int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options)
wolfSSL 0:1239e9b70ca2 2769 {
wolfSSL 0:1239e9b70ca2 2770 CYASSL_ENTER("CyaSSL_CTX_EnableCRL");
wolfSSL 0:1239e9b70ca2 2771 if (ctx)
wolfSSL 0:1239e9b70ca2 2772 return CyaSSL_CertManagerEnableCRL(ctx->cm, options);
wolfSSL 0:1239e9b70ca2 2773 else
wolfSSL 0:1239e9b70ca2 2774 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2775 }
wolfSSL 0:1239e9b70ca2 2776
wolfSSL 0:1239e9b70ca2 2777
wolfSSL 0:1239e9b70ca2 2778 int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 2779 {
wolfSSL 0:1239e9b70ca2 2780 CYASSL_ENTER("CyaSSL_CTX_DisableCRL");
wolfSSL 0:1239e9b70ca2 2781 if (ctx)
wolfSSL 0:1239e9b70ca2 2782 return CyaSSL_CertManagerDisableCRL(ctx->cm);
wolfSSL 0:1239e9b70ca2 2783 else
wolfSSL 0:1239e9b70ca2 2784 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2785 }
wolfSSL 0:1239e9b70ca2 2786
wolfSSL 0:1239e9b70ca2 2787
wolfSSL 0:1239e9b70ca2 2788 int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor)
wolfSSL 0:1239e9b70ca2 2789 {
wolfSSL 0:1239e9b70ca2 2790 CYASSL_ENTER("CyaSSL_CTX_LoadCRL");
wolfSSL 0:1239e9b70ca2 2791 if (ctx)
wolfSSL 0:1239e9b70ca2 2792 return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
wolfSSL 0:1239e9b70ca2 2793 else
wolfSSL 0:1239e9b70ca2 2794 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2795 }
wolfSSL 0:1239e9b70ca2 2796
wolfSSL 0:1239e9b70ca2 2797
wolfSSL 0:1239e9b70ca2 2798 int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb)
wolfSSL 0:1239e9b70ca2 2799 {
wolfSSL 0:1239e9b70ca2 2800 CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb");
wolfSSL 0:1239e9b70ca2 2801 if (ctx)
wolfSSL 0:1239e9b70ca2 2802 return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
wolfSSL 0:1239e9b70ca2 2803 else
wolfSSL 0:1239e9b70ca2 2804 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2805 }
wolfSSL 0:1239e9b70ca2 2806
wolfSSL 0:1239e9b70ca2 2807
wolfSSL 0:1239e9b70ca2 2808 #endif /* HAVE_CRL */
wolfSSL 0:1239e9b70ca2 2809
wolfSSL 0:1239e9b70ca2 2810
wolfSSL 0:1239e9b70ca2 2811 #ifdef HAVE_OCSP
wolfSSL 0:1239e9b70ca2 2812
wolfSSL 0:1239e9b70ca2 2813
wolfSSL 0:1239e9b70ca2 2814 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 0:1239e9b70ca2 2815 int CyaSSL_CertManagerCheckOCSP(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 0:1239e9b70ca2 2816 {
wolfSSL 0:1239e9b70ca2 2817 int ret;
wolfSSL 0:1239e9b70ca2 2818 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 2819
wolfSSL 0:1239e9b70ca2 2820 CYASSL_ENTER("CyaSSL_CertManagerCheckOCSP");
wolfSSL 0:1239e9b70ca2 2821
wolfSSL 0:1239e9b70ca2 2822 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2823 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2824
wolfSSL 0:1239e9b70ca2 2825 if (cm->ocspEnabled == 0)
wolfSSL 0:1239e9b70ca2 2826 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2827
wolfSSL 0:1239e9b70ca2 2828 InitDecodedCert(&cert, der, sz, NULL);
wolfSSL 0:1239e9b70ca2 2829
wolfSSL 0:1239e9b70ca2 2830 ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
wolfSSL 0:1239e9b70ca2 2831 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2832 CYASSL_MSG("ParseCert failed");
wolfSSL 0:1239e9b70ca2 2833 return ret;
wolfSSL 0:1239e9b70ca2 2834 }
wolfSSL 0:1239e9b70ca2 2835 else {
wolfSSL 0:1239e9b70ca2 2836 ret = CheckCertOCSP(cm->ocsp, &cert);
wolfSSL 0:1239e9b70ca2 2837 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2838 CYASSL_MSG("CheckCertOCSP failed");
wolfSSL 0:1239e9b70ca2 2839 }
wolfSSL 0:1239e9b70ca2 2840 }
wolfSSL 0:1239e9b70ca2 2841
wolfSSL 0:1239e9b70ca2 2842 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 2843
wolfSSL 0:1239e9b70ca2 2844 if (ret == 0)
wolfSSL 0:1239e9b70ca2 2845 return SSL_SUCCESS; /* convert */
wolfSSL 0:1239e9b70ca2 2846
wolfSSL 0:1239e9b70ca2 2847 return ret;
wolfSSL 0:1239e9b70ca2 2848 }
wolfSSL 0:1239e9b70ca2 2849
wolfSSL 0:1239e9b70ca2 2850
wolfSSL 0:1239e9b70ca2 2851 int CyaSSL_CertManagerSetOCSPOverrideURL(CYASSL_CERT_MANAGER* cm,
wolfSSL 0:1239e9b70ca2 2852 const char* url)
wolfSSL 0:1239e9b70ca2 2853 {
wolfSSL 0:1239e9b70ca2 2854 CYASSL_ENTER("CyaSSL_CertManagerSetOCSPOverrideURL");
wolfSSL 0:1239e9b70ca2 2855 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2856 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2857
wolfSSL 0:1239e9b70ca2 2858 XFREE(cm->ocspOverrideURL, cm->heap, 0);
wolfSSL 0:1239e9b70ca2 2859 if (url != NULL) {
wolfSSL 0:1239e9b70ca2 2860 int urlSz = (int)XSTRLEN(url) + 1;
wolfSSL 0:1239e9b70ca2 2861 cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, 0);
wolfSSL 0:1239e9b70ca2 2862 if (cm->ocspOverrideURL != NULL) {
wolfSSL 0:1239e9b70ca2 2863 XMEMCPY(cm->ocspOverrideURL, url, urlSz);
wolfSSL 0:1239e9b70ca2 2864 }
wolfSSL 0:1239e9b70ca2 2865 else
wolfSSL 0:1239e9b70ca2 2866 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 2867 }
wolfSSL 0:1239e9b70ca2 2868 else
wolfSSL 0:1239e9b70ca2 2869 cm->ocspOverrideURL = NULL;
wolfSSL 0:1239e9b70ca2 2870
wolfSSL 0:1239e9b70ca2 2871 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2872 }
wolfSSL 0:1239e9b70ca2 2873
wolfSSL 0:1239e9b70ca2 2874
wolfSSL 0:1239e9b70ca2 2875 int CyaSSL_CertManagerSetOCSP_Cb(CYASSL_CERT_MANAGER* cm,
wolfSSL 0:1239e9b70ca2 2876 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 0:1239e9b70ca2 2877 {
wolfSSL 0:1239e9b70ca2 2878 CYASSL_ENTER("CyaSSL_CertManagerSetOCSP_Cb");
wolfSSL 0:1239e9b70ca2 2879 if (cm == NULL)
wolfSSL 0:1239e9b70ca2 2880 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2881
wolfSSL 0:1239e9b70ca2 2882 cm->ocspIOCb = ioCb;
wolfSSL 0:1239e9b70ca2 2883 cm->ocspRespFreeCb = respFreeCb;
wolfSSL 0:1239e9b70ca2 2884 cm->ocspIOCtx = ioCbCtx;
wolfSSL 0:1239e9b70ca2 2885
wolfSSL 0:1239e9b70ca2 2886 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2887 }
wolfSSL 0:1239e9b70ca2 2888
wolfSSL 0:1239e9b70ca2 2889
wolfSSL 0:1239e9b70ca2 2890 int CyaSSL_EnableOCSP(CYASSL* ssl, int options)
wolfSSL 0:1239e9b70ca2 2891 {
wolfSSL 0:1239e9b70ca2 2892 CYASSL_ENTER("CyaSSL_EnableOCSP");
wolfSSL 0:1239e9b70ca2 2893 if (ssl)
wolfSSL 0:1239e9b70ca2 2894 return CyaSSL_CertManagerEnableOCSP(ssl->ctx->cm, options);
wolfSSL 0:1239e9b70ca2 2895 else
wolfSSL 0:1239e9b70ca2 2896 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2897 }
wolfSSL 0:1239e9b70ca2 2898
wolfSSL 0:1239e9b70ca2 2899
wolfSSL 0:1239e9b70ca2 2900 int CyaSSL_DisableOCSP(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 2901 {
wolfSSL 0:1239e9b70ca2 2902 CYASSL_ENTER("CyaSSL_DisableOCSP");
wolfSSL 0:1239e9b70ca2 2903 if (ssl)
wolfSSL 0:1239e9b70ca2 2904 return CyaSSL_CertManagerDisableOCSP(ssl->ctx->cm);
wolfSSL 0:1239e9b70ca2 2905 else
wolfSSL 0:1239e9b70ca2 2906 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2907 }
wolfSSL 0:1239e9b70ca2 2908
wolfSSL 0:1239e9b70ca2 2909
wolfSSL 0:1239e9b70ca2 2910 int CyaSSL_SetOCSP_OverrideURL(CYASSL* ssl, const char* url)
wolfSSL 0:1239e9b70ca2 2911 {
wolfSSL 0:1239e9b70ca2 2912 CYASSL_ENTER("CyaSSL_SetOCSP_OverrideURL");
wolfSSL 0:1239e9b70ca2 2913 if (ssl)
wolfSSL 0:1239e9b70ca2 2914 return CyaSSL_CertManagerSetOCSPOverrideURL(ssl->ctx->cm, url);
wolfSSL 0:1239e9b70ca2 2915 else
wolfSSL 0:1239e9b70ca2 2916 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2917 }
wolfSSL 0:1239e9b70ca2 2918
wolfSSL 0:1239e9b70ca2 2919
wolfSSL 0:1239e9b70ca2 2920 int CyaSSL_SetOCSP_Cb(CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 2921 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 0:1239e9b70ca2 2922 {
wolfSSL 0:1239e9b70ca2 2923 CYASSL_ENTER("CyaSSL_SetOCSP_Cb");
wolfSSL 0:1239e9b70ca2 2924 if (ssl)
wolfSSL 0:1239e9b70ca2 2925 return CyaSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
wolfSSL 0:1239e9b70ca2 2926 ioCb, respFreeCb, ioCbCtx);
wolfSSL 0:1239e9b70ca2 2927 else
wolfSSL 0:1239e9b70ca2 2928 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2929 }
wolfSSL 0:1239e9b70ca2 2930
wolfSSL 0:1239e9b70ca2 2931
wolfSSL 0:1239e9b70ca2 2932 int CyaSSL_CTX_EnableOCSP(CYASSL_CTX* ctx, int options)
wolfSSL 0:1239e9b70ca2 2933 {
wolfSSL 0:1239e9b70ca2 2934 CYASSL_ENTER("CyaSSL_CTX_EnableOCSP");
wolfSSL 0:1239e9b70ca2 2935 if (ctx)
wolfSSL 0:1239e9b70ca2 2936 return CyaSSL_CertManagerEnableOCSP(ctx->cm, options);
wolfSSL 0:1239e9b70ca2 2937 else
wolfSSL 0:1239e9b70ca2 2938 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2939 }
wolfSSL 0:1239e9b70ca2 2940
wolfSSL 0:1239e9b70ca2 2941
wolfSSL 0:1239e9b70ca2 2942 int CyaSSL_CTX_DisableOCSP(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 2943 {
wolfSSL 0:1239e9b70ca2 2944 CYASSL_ENTER("CyaSSL_CTX_DisableOCSP");
wolfSSL 0:1239e9b70ca2 2945 if (ctx)
wolfSSL 0:1239e9b70ca2 2946 return CyaSSL_CertManagerDisableOCSP(ctx->cm);
wolfSSL 0:1239e9b70ca2 2947 else
wolfSSL 0:1239e9b70ca2 2948 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2949 }
wolfSSL 0:1239e9b70ca2 2950
wolfSSL 0:1239e9b70ca2 2951
wolfSSL 0:1239e9b70ca2 2952 int CyaSSL_CTX_SetOCSP_OverrideURL(CYASSL_CTX* ctx, const char* url)
wolfSSL 0:1239e9b70ca2 2953 {
wolfSSL 0:1239e9b70ca2 2954 CYASSL_ENTER("CyaSSL_SetOCSP_OverrideURL");
wolfSSL 0:1239e9b70ca2 2955 if (ctx)
wolfSSL 0:1239e9b70ca2 2956 return CyaSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
wolfSSL 0:1239e9b70ca2 2957 else
wolfSSL 0:1239e9b70ca2 2958 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2959 }
wolfSSL 0:1239e9b70ca2 2960
wolfSSL 0:1239e9b70ca2 2961
wolfSSL 0:1239e9b70ca2 2962 int CyaSSL_CTX_SetOCSP_Cb(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 2963 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 0:1239e9b70ca2 2964 {
wolfSSL 0:1239e9b70ca2 2965 CYASSL_ENTER("CyaSSL_CTX_SetOCSP_Cb");
wolfSSL 0:1239e9b70ca2 2966 if (ctx)
wolfSSL 0:1239e9b70ca2 2967 return CyaSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, respFreeCb, ioCbCtx);
wolfSSL 0:1239e9b70ca2 2968 else
wolfSSL 0:1239e9b70ca2 2969 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 2970 }
wolfSSL 0:1239e9b70ca2 2971
wolfSSL 0:1239e9b70ca2 2972
wolfSSL 0:1239e9b70ca2 2973 #endif /* HAVE_OCSP */
wolfSSL 0:1239e9b70ca2 2974
wolfSSL 0:1239e9b70ca2 2975
wolfSSL 0:1239e9b70ca2 2976 #ifdef CYASSL_DER_LOAD
wolfSSL 0:1239e9b70ca2 2977
wolfSSL 0:1239e9b70ca2 2978 /* Add format parameter to allow DER load of CA files */
wolfSSL 0:1239e9b70ca2 2979 int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file,
wolfSSL 0:1239e9b70ca2 2980 int format)
wolfSSL 0:1239e9b70ca2 2981 {
wolfSSL 0:1239e9b70ca2 2982 CYASSL_ENTER("CyaSSL_CTX_der_load_verify_locations");
wolfSSL 0:1239e9b70ca2 2983 if (ctx == NULL || file == NULL)
wolfSSL 0:1239e9b70ca2 2984 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2985
wolfSSL 0:1239e9b70ca2 2986 if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 2987 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 2988
wolfSSL 0:1239e9b70ca2 2989 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 2990 }
wolfSSL 0:1239e9b70ca2 2991
wolfSSL 0:1239e9b70ca2 2992 #endif /* CYASSL_DER_LOAD */
wolfSSL 0:1239e9b70ca2 2993
wolfSSL 0:1239e9b70ca2 2994
wolfSSL 0:1239e9b70ca2 2995 #ifdef CYASSL_CERT_GEN
wolfSSL 0:1239e9b70ca2 2996
wolfSSL 0:1239e9b70ca2 2997 /* load pem cert from file into der buffer, return der size or error */
wolfSSL 0:1239e9b70ca2 2998 int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
wolfSSL 0:1239e9b70ca2 2999 {
wolfSSL 0:1239e9b70ca2 3000 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 3001 byte* fileBuf = staticBuffer;
wolfSSL 0:1239e9b70ca2 3002 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 3003 int ret;
wolfSSL 0:1239e9b70ca2 3004 int ecc = 0;
wolfSSL 0:1239e9b70ca2 3005 long sz = 0;
wolfSSL 0:1239e9b70ca2 3006 XFILE file = XFOPEN(fileName, "rb");
wolfSSL 0:1239e9b70ca2 3007 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 3008 buffer converted;
wolfSSL 0:1239e9b70ca2 3009
wolfSSL 0:1239e9b70ca2 3010 CYASSL_ENTER("CyaSSL_PemCertToDer");
wolfSSL 0:1239e9b70ca2 3011 converted.buffer = 0;
wolfSSL 0:1239e9b70ca2 3012
wolfSSL 0:1239e9b70ca2 3013 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3014 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 3015 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 3016 XREWIND(file);
wolfSSL 0:1239e9b70ca2 3017
wolfSSL 0:1239e9b70ca2 3018 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 3019 fileBuf = (byte*) XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 3020 if (fileBuf == NULL) {
wolfSSL 0:1239e9b70ca2 3021 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3022 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3023 }
wolfSSL 0:1239e9b70ca2 3024 dynamic = 1;
wolfSSL 0:1239e9b70ca2 3025 }
wolfSSL 0:1239e9b70ca2 3026 else if (sz < 0) {
wolfSSL 0:1239e9b70ca2 3027 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3028 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3029 }
wolfSSL 0:1239e9b70ca2 3030
wolfSSL 0:1239e9b70ca2 3031 if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
wolfSSL 0:1239e9b70ca2 3032 ret = SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3033 else
wolfSSL 0:1239e9b70ca2 3034 ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, &info, &ecc);
wolfSSL 0:1239e9b70ca2 3035
wolfSSL 0:1239e9b70ca2 3036 if (ret == 0) {
wolfSSL 0:1239e9b70ca2 3037 if (converted.length < (word32)derSz) {
wolfSSL 0:1239e9b70ca2 3038 XMEMCPY(derBuf, converted.buffer, converted.length);
wolfSSL 0:1239e9b70ca2 3039 ret = converted.length;
wolfSSL 0:1239e9b70ca2 3040 }
wolfSSL 0:1239e9b70ca2 3041 else
wolfSSL 0:1239e9b70ca2 3042 ret = BUFFER_E;
wolfSSL 0:1239e9b70ca2 3043 }
wolfSSL 0:1239e9b70ca2 3044
wolfSSL 0:1239e9b70ca2 3045 XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA);
wolfSSL 0:1239e9b70ca2 3046 if (dynamic)
wolfSSL 0:1239e9b70ca2 3047 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 3048 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3049
wolfSSL 0:1239e9b70ca2 3050 return ret;
wolfSSL 0:1239e9b70ca2 3051 }
wolfSSL 0:1239e9b70ca2 3052
wolfSSL 0:1239e9b70ca2 3053 #endif /* CYASSL_CERT_GEN */
wolfSSL 0:1239e9b70ca2 3054
wolfSSL 0:1239e9b70ca2 3055
wolfSSL 0:1239e9b70ca2 3056 int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file,
wolfSSL 0:1239e9b70ca2 3057 int format)
wolfSSL 0:1239e9b70ca2 3058 {
wolfSSL 0:1239e9b70ca2 3059 CYASSL_ENTER("CyaSSL_CTX_use_certificate_file");
wolfSSL 0:1239e9b70ca2 3060 if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3061 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3062
wolfSSL 0:1239e9b70ca2 3063 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3064 }
wolfSSL 0:1239e9b70ca2 3065
wolfSSL 0:1239e9b70ca2 3066
wolfSSL 0:1239e9b70ca2 3067 int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX* ctx, const char* file,int format)
wolfSSL 0:1239e9b70ca2 3068 {
wolfSSL 0:1239e9b70ca2 3069 CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_file");
wolfSSL 0:1239e9b70ca2 3070 if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 0:1239e9b70ca2 3071 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3072 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3073
wolfSSL 0:1239e9b70ca2 3074 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3075 }
wolfSSL 0:1239e9b70ca2 3076
wolfSSL 0:1239e9b70ca2 3077
wolfSSL 0:1239e9b70ca2 3078 int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file)
wolfSSL 0:1239e9b70ca2 3079 {
wolfSSL 0:1239e9b70ca2 3080 /* procces up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 0:1239e9b70ca2 3081 CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_file");
wolfSSL 0:1239e9b70ca2 3082 if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
wolfSSL 0:1239e9b70ca2 3083 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3084 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3085
wolfSSL 0:1239e9b70ca2 3086 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3087 }
wolfSSL 0:1239e9b70ca2 3088
wolfSSL 0:1239e9b70ca2 3089
wolfSSL 0:1239e9b70ca2 3090 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 3091 /* put SSL type in extra for now, not very common */
wolfSSL 0:1239e9b70ca2 3092
wolfSSL 0:1239e9b70ca2 3093 int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
wolfSSL 0:1239e9b70ca2 3094 {
wolfSSL 0:1239e9b70ca2 3095 CYASSL_ENTER("CyaSSL_use_certificate_file");
wolfSSL 0:1239e9b70ca2 3096 if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
wolfSSL 0:1239e9b70ca2 3097 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3098 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3099
wolfSSL 0:1239e9b70ca2 3100 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3101 }
wolfSSL 0:1239e9b70ca2 3102
wolfSSL 0:1239e9b70ca2 3103
wolfSSL 0:1239e9b70ca2 3104 int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
wolfSSL 0:1239e9b70ca2 3105 {
wolfSSL 0:1239e9b70ca2 3106 CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
wolfSSL 0:1239e9b70ca2 3107 if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
wolfSSL 0:1239e9b70ca2 3108 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3109 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3110
wolfSSL 0:1239e9b70ca2 3111 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3112 }
wolfSSL 0:1239e9b70ca2 3113
wolfSSL 0:1239e9b70ca2 3114
wolfSSL 0:1239e9b70ca2 3115 int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
wolfSSL 0:1239e9b70ca2 3116 {
wolfSSL 0:1239e9b70ca2 3117 /* procces up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 0:1239e9b70ca2 3118 CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
wolfSSL 0:1239e9b70ca2 3119 if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
wolfSSL 0:1239e9b70ca2 3120 == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3121 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3122
wolfSSL 0:1239e9b70ca2 3123 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3124 }
wolfSSL 0:1239e9b70ca2 3125
wolfSSL 0:1239e9b70ca2 3126
wolfSSL 0:1239e9b70ca2 3127 /* server wrapper for ctx or ssl Diffie-Hellman parameters */
wolfSSL 0:1239e9b70ca2 3128 static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 3129 const unsigned char* buf, long sz, int format)
wolfSSL 0:1239e9b70ca2 3130 {
wolfSSL 0:1239e9b70ca2 3131 buffer der;
wolfSSL 0:1239e9b70ca2 3132 int ret;
wolfSSL 0:1239e9b70ca2 3133 int weOwnDer = 0;
wolfSSL 0:1239e9b70ca2 3134 byte p[MAX_DH_SIZE];
wolfSSL 0:1239e9b70ca2 3135 byte g[MAX_DH_SIZE];
wolfSSL 0:1239e9b70ca2 3136 word32 pSz = sizeof(p);
wolfSSL 0:1239e9b70ca2 3137 word32 gSz = sizeof(g);
wolfSSL 0:1239e9b70ca2 3138
wolfSSL 0:1239e9b70ca2 3139 der.buffer = (byte*)buf;
wolfSSL 0:1239e9b70ca2 3140 der.length = (word32)sz;
wolfSSL 0:1239e9b70ca2 3141
wolfSSL 0:1239e9b70ca2 3142 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
wolfSSL 0:1239e9b70ca2 3143 return SSL_BAD_FILETYPE;
wolfSSL 0:1239e9b70ca2 3144
wolfSSL 0:1239e9b70ca2 3145 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:1239e9b70ca2 3146 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 3147 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL);
wolfSSL 0:1239e9b70ca2 3148 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 3149 XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 3150 return ret;
wolfSSL 0:1239e9b70ca2 3151 }
wolfSSL 0:1239e9b70ca2 3152 weOwnDer = 1;
wolfSSL 0:1239e9b70ca2 3153 }
wolfSSL 0:1239e9b70ca2 3154
wolfSSL 0:1239e9b70ca2 3155 if (DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0)
wolfSSL 0:1239e9b70ca2 3156 ret = SSL_BAD_FILETYPE;
wolfSSL 0:1239e9b70ca2 3157 else {
wolfSSL 0:1239e9b70ca2 3158 if (ssl)
wolfSSL 0:1239e9b70ca2 3159 ret = CyaSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL 0:1239e9b70ca2 3160 else
wolfSSL 0:1239e9b70ca2 3161 ret = CyaSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL 0:1239e9b70ca2 3162 }
wolfSSL 0:1239e9b70ca2 3163
wolfSSL 0:1239e9b70ca2 3164 if (weOwnDer)
wolfSSL 0:1239e9b70ca2 3165 XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 3166
wolfSSL 0:1239e9b70ca2 3167 return ret;
wolfSSL 0:1239e9b70ca2 3168 }
wolfSSL 0:1239e9b70ca2 3169
wolfSSL 0:1239e9b70ca2 3170 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 3171 int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz,
wolfSSL 0:1239e9b70ca2 3172 int format)
wolfSSL 0:1239e9b70ca2 3173 {
wolfSSL 0:1239e9b70ca2 3174 return CyaSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
wolfSSL 0:1239e9b70ca2 3175 }
wolfSSL 0:1239e9b70ca2 3176
wolfSSL 0:1239e9b70ca2 3177
wolfSSL 0:1239e9b70ca2 3178 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 3179 int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf,
wolfSSL 0:1239e9b70ca2 3180 long sz, int format)
wolfSSL 0:1239e9b70ca2 3181 {
wolfSSL 0:1239e9b70ca2 3182 return CyaSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
wolfSSL 0:1239e9b70ca2 3183 }
wolfSSL 0:1239e9b70ca2 3184
wolfSSL 0:1239e9b70ca2 3185
wolfSSL 0:1239e9b70ca2 3186 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 3187
wolfSSL 0:1239e9b70ca2 3188 /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 0:1239e9b70ca2 3189 int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz)
wolfSSL 0:1239e9b70ca2 3190 {
wolfSSL 0:1239e9b70ca2 3191 if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 0:1239e9b70ca2 3192 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3193
wolfSSL 0:1239e9b70ca2 3194 ctx->eccTempKeySz = sz;
wolfSSL 0:1239e9b70ca2 3195
wolfSSL 0:1239e9b70ca2 3196 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3197 }
wolfSSL 0:1239e9b70ca2 3198
wolfSSL 0:1239e9b70ca2 3199
wolfSSL 0:1239e9b70ca2 3200 /* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 0:1239e9b70ca2 3201 int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz)
wolfSSL 0:1239e9b70ca2 3202 {
wolfSSL 0:1239e9b70ca2 3203 if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 0:1239e9b70ca2 3204 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3205
wolfSSL 0:1239e9b70ca2 3206 ssl->eccTempKeySz = sz;
wolfSSL 0:1239e9b70ca2 3207
wolfSSL 0:1239e9b70ca2 3208 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3209 }
wolfSSL 0:1239e9b70ca2 3210
wolfSSL 0:1239e9b70ca2 3211 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 3212
wolfSSL 0:1239e9b70ca2 3213
wolfSSL 0:1239e9b70ca2 3214 #if !defined(NO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 3215
wolfSSL 0:1239e9b70ca2 3216 /* server Diffie-Hellman parameters */
wolfSSL 0:1239e9b70ca2 3217 static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 3218 const char* fname, int format)
wolfSSL 0:1239e9b70ca2 3219 {
wolfSSL 0:1239e9b70ca2 3220 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 3221 byte* myBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 3222 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 3223 int ret;
wolfSSL 0:1239e9b70ca2 3224 long sz = 0;
wolfSSL 0:1239e9b70ca2 3225 XFILE file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 3226
wolfSSL 0:1239e9b70ca2 3227 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3228 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 3229 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 3230 XREWIND(file);
wolfSSL 0:1239e9b70ca2 3231
wolfSSL 0:1239e9b70ca2 3232 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 3233 CYASSL_MSG("Getting dynamic buffer");
wolfSSL 0:1239e9b70ca2 3234 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 3235 if (myBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 3236 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3237 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3238 }
wolfSSL 0:1239e9b70ca2 3239 dynamic = 1;
wolfSSL 0:1239e9b70ca2 3240 }
wolfSSL 0:1239e9b70ca2 3241 else if (sz < 0) {
wolfSSL 0:1239e9b70ca2 3242 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3243 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3244 }
wolfSSL 0:1239e9b70ca2 3245
wolfSSL 0:1239e9b70ca2 3246 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL 0:1239e9b70ca2 3247 ret = SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3248 else {
wolfSSL 0:1239e9b70ca2 3249 if (ssl)
wolfSSL 0:1239e9b70ca2 3250 ret = CyaSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
wolfSSL 0:1239e9b70ca2 3251 else
wolfSSL 0:1239e9b70ca2 3252 ret = CyaSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
wolfSSL 0:1239e9b70ca2 3253 }
wolfSSL 0:1239e9b70ca2 3254
wolfSSL 0:1239e9b70ca2 3255 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3256 if (dynamic) XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 3257
wolfSSL 0:1239e9b70ca2 3258 return ret;
wolfSSL 0:1239e9b70ca2 3259 }
wolfSSL 0:1239e9b70ca2 3260
wolfSSL 0:1239e9b70ca2 3261 /* server Diffie-Hellman parameters */
wolfSSL 0:1239e9b70ca2 3262 int CyaSSL_SetTmpDH_file(CYASSL* ssl, const char* fname, int format)
wolfSSL 0:1239e9b70ca2 3263 {
wolfSSL 0:1239e9b70ca2 3264 return CyaSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
wolfSSL 0:1239e9b70ca2 3265 }
wolfSSL 0:1239e9b70ca2 3266
wolfSSL 0:1239e9b70ca2 3267
wolfSSL 0:1239e9b70ca2 3268 /* server Diffie-Hellman parameters */
wolfSSL 0:1239e9b70ca2 3269 int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format)
wolfSSL 0:1239e9b70ca2 3270 {
wolfSSL 0:1239e9b70ca2 3271 return CyaSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
wolfSSL 0:1239e9b70ca2 3272 }
wolfSSL 0:1239e9b70ca2 3273
wolfSSL 0:1239e9b70ca2 3274
wolfSSL 0:1239e9b70ca2 3275 #endif /* !NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 3276 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 3277
wolfSSL 0:1239e9b70ca2 3278 #ifdef HAVE_NTRU
wolfSSL 0:1239e9b70ca2 3279
wolfSSL 0:1239e9b70ca2 3280 int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
wolfSSL 0:1239e9b70ca2 3281 {
wolfSSL 0:1239e9b70ca2 3282 CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file");
wolfSSL 0:1239e9b70ca2 3283 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 3284 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3285
wolfSSL 0:1239e9b70ca2 3286 if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 0:1239e9b70ca2 3287 == SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 3288 ctx->haveNTRU = 1;
wolfSSL 0:1239e9b70ca2 3289 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3290 }
wolfSSL 0:1239e9b70ca2 3291
wolfSSL 0:1239e9b70ca2 3292 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3293 }
wolfSSL 0:1239e9b70ca2 3294
wolfSSL 0:1239e9b70ca2 3295 #endif /* HAVE_NTRU */
wolfSSL 0:1239e9b70ca2 3296
wolfSSL 0:1239e9b70ca2 3297
wolfSSL 0:1239e9b70ca2 3298
wolfSSL 0:1239e9b70ca2 3299 #if defined(OPENSSL_EXTRA)
wolfSSL 0:1239e9b70ca2 3300
wolfSSL 0:1239e9b70ca2 3301 int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file,
wolfSSL 0:1239e9b70ca2 3302 int format)
wolfSSL 0:1239e9b70ca2 3303 {
wolfSSL 0:1239e9b70ca2 3304 CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
wolfSSL 0:1239e9b70ca2 3305
wolfSSL 0:1239e9b70ca2 3306 return CyaSSL_CTX_use_PrivateKey_file(ctx, file, format);
wolfSSL 0:1239e9b70ca2 3307 }
wolfSSL 0:1239e9b70ca2 3308
wolfSSL 0:1239e9b70ca2 3309 int CyaSSL_use_RSAPrivateKey_file(CYASSL* ssl, const char* file, int format)
wolfSSL 0:1239e9b70ca2 3310 {
wolfSSL 0:1239e9b70ca2 3311 CYASSL_ENTER("CyaSSL_use_RSAPrivateKey_file");
wolfSSL 0:1239e9b70ca2 3312
wolfSSL 0:1239e9b70ca2 3313 return CyaSSL_use_PrivateKey_file(ssl, file, format);
wolfSSL 0:1239e9b70ca2 3314 }
wolfSSL 0:1239e9b70ca2 3315
wolfSSL 0:1239e9b70ca2 3316 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 3317
wolfSSL 0:1239e9b70ca2 3318 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 3319
wolfSSL 0:1239e9b70ca2 3320
wolfSSL 0:1239e9b70ca2 3321 void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
wolfSSL 0:1239e9b70ca2 3322 {
wolfSSL 0:1239e9b70ca2 3323 CYASSL_ENTER("CyaSSL_CTX_set_verify");
wolfSSL 0:1239e9b70ca2 3324 if (mode & SSL_VERIFY_PEER) {
wolfSSL 0:1239e9b70ca2 3325 ctx->verifyPeer = 1;
wolfSSL 0:1239e9b70ca2 3326 ctx->verifyNone = 0; /* in case perviously set */
wolfSSL 0:1239e9b70ca2 3327 }
wolfSSL 0:1239e9b70ca2 3328
wolfSSL 0:1239e9b70ca2 3329 if (mode == SSL_VERIFY_NONE) {
wolfSSL 0:1239e9b70ca2 3330 ctx->verifyNone = 1;
wolfSSL 0:1239e9b70ca2 3331 ctx->verifyPeer = 0; /* in case previously set */
wolfSSL 0:1239e9b70ca2 3332 }
wolfSSL 0:1239e9b70ca2 3333
wolfSSL 0:1239e9b70ca2 3334 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 0:1239e9b70ca2 3335 ctx->failNoCert = 1;
wolfSSL 0:1239e9b70ca2 3336
wolfSSL 0:1239e9b70ca2 3337 ctx->verifyCallback = vc;
wolfSSL 0:1239e9b70ca2 3338 }
wolfSSL 0:1239e9b70ca2 3339
wolfSSL 0:1239e9b70ca2 3340
wolfSSL 0:1239e9b70ca2 3341 void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
wolfSSL 0:1239e9b70ca2 3342 {
wolfSSL 0:1239e9b70ca2 3343 CYASSL_ENTER("CyaSSL_set_verify");
wolfSSL 0:1239e9b70ca2 3344 if (mode & SSL_VERIFY_PEER) {
wolfSSL 0:1239e9b70ca2 3345 ssl->options.verifyPeer = 1;
wolfSSL 0:1239e9b70ca2 3346 ssl->options.verifyNone = 0; /* in case perviously set */
wolfSSL 0:1239e9b70ca2 3347 }
wolfSSL 0:1239e9b70ca2 3348
wolfSSL 0:1239e9b70ca2 3349 if (mode == SSL_VERIFY_NONE) {
wolfSSL 0:1239e9b70ca2 3350 ssl->options.verifyNone = 1;
wolfSSL 0:1239e9b70ca2 3351 ssl->options.verifyPeer = 0; /* in case previously set */
wolfSSL 0:1239e9b70ca2 3352 }
wolfSSL 0:1239e9b70ca2 3353
wolfSSL 0:1239e9b70ca2 3354 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 0:1239e9b70ca2 3355 ssl->options.failNoCert = 1;
wolfSSL 0:1239e9b70ca2 3356
wolfSSL 0:1239e9b70ca2 3357 ssl->verifyCallback = vc;
wolfSSL 0:1239e9b70ca2 3358 }
wolfSSL 0:1239e9b70ca2 3359
wolfSSL 0:1239e9b70ca2 3360
wolfSSL 0:1239e9b70ca2 3361 /* store user ctx for verify callback */
wolfSSL 0:1239e9b70ca2 3362 void CyaSSL_SetCertCbCtx(CYASSL* ssl, void* ctx)
wolfSSL 0:1239e9b70ca2 3363 {
wolfSSL 0:1239e9b70ca2 3364 CYASSL_ENTER("CyaSSL_SetCertCbCtx");
wolfSSL 0:1239e9b70ca2 3365 if (ssl)
wolfSSL 0:1239e9b70ca2 3366 ssl->verifyCbCtx = ctx;
wolfSSL 0:1239e9b70ca2 3367 }
wolfSSL 0:1239e9b70ca2 3368
wolfSSL 0:1239e9b70ca2 3369
wolfSSL 0:1239e9b70ca2 3370 /* store context CA Cache addition callback */
wolfSSL 0:1239e9b70ca2 3371 void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
wolfSSL 0:1239e9b70ca2 3372 {
wolfSSL 0:1239e9b70ca2 3373 if (ctx && ctx->cm)
wolfSSL 0:1239e9b70ca2 3374 ctx->cm->caCacheCallback = cb;
wolfSSL 0:1239e9b70ca2 3375 }
wolfSSL 0:1239e9b70ca2 3376
wolfSSL 0:1239e9b70ca2 3377
wolfSSL 0:1239e9b70ca2 3378 #if defined(PERSIST_CERT_CACHE)
wolfSSL 0:1239e9b70ca2 3379
wolfSSL 0:1239e9b70ca2 3380 #if !defined(NO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 3381
wolfSSL 0:1239e9b70ca2 3382 /* Persist cert cache to file */
wolfSSL 0:1239e9b70ca2 3383 int CyaSSL_CTX_save_cert_cache(CYASSL_CTX* ctx, const char* fname)
wolfSSL 0:1239e9b70ca2 3384 {
wolfSSL 0:1239e9b70ca2 3385 CYASSL_ENTER("CyaSSL_CTX_save_cert_cache");
wolfSSL 0:1239e9b70ca2 3386
wolfSSL 0:1239e9b70ca2 3387 if (ctx == NULL || fname == NULL)
wolfSSL 0:1239e9b70ca2 3388 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3389
wolfSSL 0:1239e9b70ca2 3390 return CM_SaveCertCache(ctx->cm, fname);
wolfSSL 0:1239e9b70ca2 3391 }
wolfSSL 0:1239e9b70ca2 3392
wolfSSL 0:1239e9b70ca2 3393
wolfSSL 0:1239e9b70ca2 3394 /* Persist cert cache from file */
wolfSSL 0:1239e9b70ca2 3395 int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX* ctx, const char* fname)
wolfSSL 0:1239e9b70ca2 3396 {
wolfSSL 0:1239e9b70ca2 3397 CYASSL_ENTER("CyaSSL_CTX_restore_cert_cache");
wolfSSL 0:1239e9b70ca2 3398
wolfSSL 0:1239e9b70ca2 3399 if (ctx == NULL || fname == NULL)
wolfSSL 0:1239e9b70ca2 3400 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3401
wolfSSL 0:1239e9b70ca2 3402 return CM_RestoreCertCache(ctx->cm, fname);
wolfSSL 0:1239e9b70ca2 3403 }
wolfSSL 0:1239e9b70ca2 3404
wolfSSL 0:1239e9b70ca2 3405 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 3406
wolfSSL 0:1239e9b70ca2 3407 /* Persist cert cache to memory */
wolfSSL 0:1239e9b70ca2 3408 int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX* ctx, void* mem, int sz, int* used)
wolfSSL 0:1239e9b70ca2 3409 {
wolfSSL 0:1239e9b70ca2 3410 CYASSL_ENTER("CyaSSL_CTX_memsave_cert_cache");
wolfSSL 0:1239e9b70ca2 3411
wolfSSL 0:1239e9b70ca2 3412 if (ctx == NULL || mem == NULL || used == NULL || sz <= 0)
wolfSSL 0:1239e9b70ca2 3413 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3414
wolfSSL 0:1239e9b70ca2 3415 return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
wolfSSL 0:1239e9b70ca2 3416 }
wolfSSL 0:1239e9b70ca2 3417
wolfSSL 0:1239e9b70ca2 3418
wolfSSL 0:1239e9b70ca2 3419 /* Restore cert cache from memory */
wolfSSL 0:1239e9b70ca2 3420 int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX* ctx, const void* mem, int sz)
wolfSSL 0:1239e9b70ca2 3421 {
wolfSSL 0:1239e9b70ca2 3422 CYASSL_ENTER("CyaSSL_CTX_memrestore_cert_cache");
wolfSSL 0:1239e9b70ca2 3423
wolfSSL 0:1239e9b70ca2 3424 if (ctx == NULL || mem == NULL || sz <= 0)
wolfSSL 0:1239e9b70ca2 3425 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3426
wolfSSL 0:1239e9b70ca2 3427 return CM_MemRestoreCertCache(ctx->cm, mem, sz);
wolfSSL 0:1239e9b70ca2 3428 }
wolfSSL 0:1239e9b70ca2 3429
wolfSSL 0:1239e9b70ca2 3430
wolfSSL 0:1239e9b70ca2 3431 /* get how big the the cert cache save buffer needs to be */
wolfSSL 0:1239e9b70ca2 3432 int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 3433 {
wolfSSL 0:1239e9b70ca2 3434 CYASSL_ENTER("CyaSSL_CTX_get_cert_cache_memsize");
wolfSSL 0:1239e9b70ca2 3435
wolfSSL 0:1239e9b70ca2 3436 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 3437 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3438
wolfSSL 0:1239e9b70ca2 3439 return CM_GetCertCacheMemSize(ctx->cm);
wolfSSL 0:1239e9b70ca2 3440 }
wolfSSL 0:1239e9b70ca2 3441
wolfSSL 0:1239e9b70ca2 3442 #endif /* PERSISTE_CERT_CACHE */
wolfSSL 0:1239e9b70ca2 3443 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 3444
wolfSSL 0:1239e9b70ca2 3445
wolfSSL 0:1239e9b70ca2 3446 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 3447
wolfSSL 0:1239e9b70ca2 3448 CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 3449 {
wolfSSL 0:1239e9b70ca2 3450 CYASSL_ENTER("SSL_get_session");
wolfSSL 0:1239e9b70ca2 3451 if (ssl)
wolfSSL 0:1239e9b70ca2 3452 return GetSession(ssl, 0);
wolfSSL 0:1239e9b70ca2 3453
wolfSSL 0:1239e9b70ca2 3454 return NULL;
wolfSSL 0:1239e9b70ca2 3455 }
wolfSSL 0:1239e9b70ca2 3456
wolfSSL 0:1239e9b70ca2 3457
wolfSSL 0:1239e9b70ca2 3458 int CyaSSL_set_session(CYASSL* ssl, CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 3459 {
wolfSSL 0:1239e9b70ca2 3460 CYASSL_ENTER("SSL_set_session");
wolfSSL 0:1239e9b70ca2 3461 if (session)
wolfSSL 0:1239e9b70ca2 3462 return SetSession(ssl, session);
wolfSSL 0:1239e9b70ca2 3463
wolfSSL 0:1239e9b70ca2 3464 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 3465 }
wolfSSL 0:1239e9b70ca2 3466
wolfSSL 0:1239e9b70ca2 3467
wolfSSL 0:1239e9b70ca2 3468 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3469
wolfSSL 0:1239e9b70ca2 3470 /* Associate client session with serverID, find existing or store for saving
wolfSSL 0:1239e9b70ca2 3471 if newSession flag on, don't reuse existing session
wolfSSL 0:1239e9b70ca2 3472 SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 3473 int CyaSSL_SetServerID(CYASSL* ssl, const byte* id, int len, int newSession)
wolfSSL 0:1239e9b70ca2 3474 {
wolfSSL 0:1239e9b70ca2 3475 CYASSL_SESSION* session = NULL;
wolfSSL 0:1239e9b70ca2 3476
wolfSSL 0:1239e9b70ca2 3477 CYASSL_ENTER("CyaSSL_SetServerID");
wolfSSL 0:1239e9b70ca2 3478
wolfSSL 0:1239e9b70ca2 3479 if (ssl == NULL || id == NULL || len <= 0)
wolfSSL 0:1239e9b70ca2 3480 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 3481
wolfSSL 0:1239e9b70ca2 3482 if (newSession == 0) {
wolfSSL 0:1239e9b70ca2 3483 session = GetSessionClient(ssl, id, len);
wolfSSL 0:1239e9b70ca2 3484 if (session) {
wolfSSL 0:1239e9b70ca2 3485 if (SetSession(ssl, session) != SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 3486 CYASSL_MSG("SetSession failed");
wolfSSL 0:1239e9b70ca2 3487 session = NULL;
wolfSSL 0:1239e9b70ca2 3488 }
wolfSSL 0:1239e9b70ca2 3489 }
wolfSSL 0:1239e9b70ca2 3490 }
wolfSSL 0:1239e9b70ca2 3491
wolfSSL 0:1239e9b70ca2 3492 if (session == NULL) {
wolfSSL 0:1239e9b70ca2 3493 CYASSL_MSG("Valid ServerID not cached already");
wolfSSL 0:1239e9b70ca2 3494
wolfSSL 0:1239e9b70ca2 3495 ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
wolfSSL 0:1239e9b70ca2 3496 XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
wolfSSL 0:1239e9b70ca2 3497 }
wolfSSL 0:1239e9b70ca2 3498
wolfSSL 0:1239e9b70ca2 3499 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3500 }
wolfSSL 0:1239e9b70ca2 3501
wolfSSL 0:1239e9b70ca2 3502 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 3503
wolfSSL 0:1239e9b70ca2 3504 #if defined(PERSIST_SESSION_CACHE)
wolfSSL 0:1239e9b70ca2 3505
wolfSSL 0:1239e9b70ca2 3506 /* for persistance, if changes to layout need to increment and modify
wolfSSL 0:1239e9b70ca2 3507 save_session_cache() and restore_session_cache and memory versions too */
wolfSSL 0:1239e9b70ca2 3508 #define CYASSL_CACHE_VERSION 2
wolfSSL 0:1239e9b70ca2 3509
wolfSSL 0:1239e9b70ca2 3510 /* Session Cache Header information */
wolfSSL 0:1239e9b70ca2 3511 typedef struct {
wolfSSL 0:1239e9b70ca2 3512 int version; /* cache layout version id */
wolfSSL 0:1239e9b70ca2 3513 int rows; /* session rows */
wolfSSL 0:1239e9b70ca2 3514 int columns; /* session columns */
wolfSSL 0:1239e9b70ca2 3515 int sessionSz; /* sizeof CYASSL_SESSION */
wolfSSL 0:1239e9b70ca2 3516 } cache_header_t;
wolfSSL 0:1239e9b70ca2 3517
wolfSSL 0:1239e9b70ca2 3518 /* current persistence layout is:
wolfSSL 0:1239e9b70ca2 3519
wolfSSL 0:1239e9b70ca2 3520 1) cache_header_t
wolfSSL 0:1239e9b70ca2 3521 2) SessionCache
wolfSSL 0:1239e9b70ca2 3522 3) ClientCache
wolfSSL 0:1239e9b70ca2 3523
wolfSSL 0:1239e9b70ca2 3524 update CYASSL_CACHE_VERSION if change layout for the following
wolfSSL 0:1239e9b70ca2 3525 PERSISTENT_SESSION_CACHE functions
wolfSSL 0:1239e9b70ca2 3526 */
wolfSSL 0:1239e9b70ca2 3527
wolfSSL 0:1239e9b70ca2 3528
wolfSSL 0:1239e9b70ca2 3529 /* get how big the the session cache save buffer needs to be */
wolfSSL 0:1239e9b70ca2 3530 int CyaSSL_get_session_cache_memsize(void)
wolfSSL 0:1239e9b70ca2 3531 {
wolfSSL 0:1239e9b70ca2 3532 int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
wolfSSL 0:1239e9b70ca2 3533
wolfSSL 0:1239e9b70ca2 3534 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3535 sz += (int)(sizeof(ClientCache));
wolfSSL 0:1239e9b70ca2 3536 #endif
wolfSSL 0:1239e9b70ca2 3537
wolfSSL 0:1239e9b70ca2 3538 return sz;
wolfSSL 0:1239e9b70ca2 3539 }
wolfSSL 0:1239e9b70ca2 3540
wolfSSL 0:1239e9b70ca2 3541
wolfSSL 0:1239e9b70ca2 3542 /* Persist session cache to memory */
wolfSSL 0:1239e9b70ca2 3543 int CyaSSL_memsave_session_cache(void* mem, int sz)
wolfSSL 0:1239e9b70ca2 3544 {
wolfSSL 0:1239e9b70ca2 3545 int i;
wolfSSL 0:1239e9b70ca2 3546 cache_header_t cache_header;
wolfSSL 0:1239e9b70ca2 3547 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 0:1239e9b70ca2 3548 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3549 ClientRow* clRow;
wolfSSL 0:1239e9b70ca2 3550 #endif
wolfSSL 0:1239e9b70ca2 3551
wolfSSL 0:1239e9b70ca2 3552 CYASSL_ENTER("CyaSSL_memsave_session_cache");
wolfSSL 0:1239e9b70ca2 3553
wolfSSL 0:1239e9b70ca2 3554 if (sz < CyaSSL_get_session_cache_memsize()) {
wolfSSL 0:1239e9b70ca2 3555 CYASSL_MSG("Memory buffer too small");
wolfSSL 0:1239e9b70ca2 3556 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3557 }
wolfSSL 0:1239e9b70ca2 3558
wolfSSL 0:1239e9b70ca2 3559 cache_header.version = CYASSL_CACHE_VERSION;
wolfSSL 0:1239e9b70ca2 3560 cache_header.rows = SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 3561 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 0:1239e9b70ca2 3562 cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
wolfSSL 0:1239e9b70ca2 3563 XMEMCPY(mem, &cache_header, sizeof(cache_header));
wolfSSL 0:1239e9b70ca2 3564
wolfSSL 0:1239e9b70ca2 3565 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 3566 CYASSL_MSG("Session cache mutex lock failed");
wolfSSL 0:1239e9b70ca2 3567 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 3568 }
wolfSSL 0:1239e9b70ca2 3569
wolfSSL 0:1239e9b70ca2 3570 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:1239e9b70ca2 3571 XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
wolfSSL 0:1239e9b70ca2 3572
wolfSSL 0:1239e9b70ca2 3573 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3574 clRow = (ClientRow*)row;
wolfSSL 0:1239e9b70ca2 3575 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:1239e9b70ca2 3576 XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
wolfSSL 0:1239e9b70ca2 3577 #endif
wolfSSL 0:1239e9b70ca2 3578
wolfSSL 0:1239e9b70ca2 3579 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 3580
wolfSSL 0:1239e9b70ca2 3581 CYASSL_LEAVE("CyaSSL_memsave_session_cache", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 3582
wolfSSL 0:1239e9b70ca2 3583 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3584 }
wolfSSL 0:1239e9b70ca2 3585
wolfSSL 0:1239e9b70ca2 3586
wolfSSL 0:1239e9b70ca2 3587 /* Restore the persistant session cache from memory */
wolfSSL 0:1239e9b70ca2 3588 int CyaSSL_memrestore_session_cache(const void* mem, int sz)
wolfSSL 0:1239e9b70ca2 3589 {
wolfSSL 0:1239e9b70ca2 3590 int i;
wolfSSL 0:1239e9b70ca2 3591 cache_header_t cache_header;
wolfSSL 0:1239e9b70ca2 3592 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 0:1239e9b70ca2 3593 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3594 ClientRow* clRow;
wolfSSL 0:1239e9b70ca2 3595 #endif
wolfSSL 0:1239e9b70ca2 3596
wolfSSL 0:1239e9b70ca2 3597 CYASSL_ENTER("CyaSSL_memrestore_session_cache");
wolfSSL 0:1239e9b70ca2 3598
wolfSSL 0:1239e9b70ca2 3599 if (sz < CyaSSL_get_session_cache_memsize()) {
wolfSSL 0:1239e9b70ca2 3600 CYASSL_MSG("Memory buffer too small");
wolfSSL 0:1239e9b70ca2 3601 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3602 }
wolfSSL 0:1239e9b70ca2 3603
wolfSSL 0:1239e9b70ca2 3604 XMEMCPY(&cache_header, mem, sizeof(cache_header));
wolfSSL 0:1239e9b70ca2 3605 if (cache_header.version != CYASSL_CACHE_VERSION ||
wolfSSL 0:1239e9b70ca2 3606 cache_header.rows != SESSION_ROWS ||
wolfSSL 0:1239e9b70ca2 3607 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 0:1239e9b70ca2 3608 cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
wolfSSL 0:1239e9b70ca2 3609
wolfSSL 0:1239e9b70ca2 3610 CYASSL_MSG("Session cache header match failed");
wolfSSL 0:1239e9b70ca2 3611 return CACHE_MATCH_ERROR;
wolfSSL 0:1239e9b70ca2 3612 }
wolfSSL 0:1239e9b70ca2 3613
wolfSSL 0:1239e9b70ca2 3614 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 3615 CYASSL_MSG("Session cache mutex lock failed");
wolfSSL 0:1239e9b70ca2 3616 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 3617 }
wolfSSL 0:1239e9b70ca2 3618
wolfSSL 0:1239e9b70ca2 3619 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:1239e9b70ca2 3620 XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
wolfSSL 0:1239e9b70ca2 3621
wolfSSL 0:1239e9b70ca2 3622 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3623 clRow = (ClientRow*)row;
wolfSSL 0:1239e9b70ca2 3624 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 0:1239e9b70ca2 3625 XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
wolfSSL 0:1239e9b70ca2 3626 #endif
wolfSSL 0:1239e9b70ca2 3627
wolfSSL 0:1239e9b70ca2 3628 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 3629
wolfSSL 0:1239e9b70ca2 3630 CYASSL_LEAVE("CyaSSL_memrestore_session_cache", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 3631
wolfSSL 0:1239e9b70ca2 3632 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3633 }
wolfSSL 0:1239e9b70ca2 3634
wolfSSL 0:1239e9b70ca2 3635 #if !defined(NO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 3636
wolfSSL 0:1239e9b70ca2 3637 /* Persist session cache to file */
wolfSSL 0:1239e9b70ca2 3638 /* doesn't use memsave because of additional memory use */
wolfSSL 0:1239e9b70ca2 3639 int CyaSSL_save_session_cache(const char *fname)
wolfSSL 0:1239e9b70ca2 3640 {
wolfSSL 0:1239e9b70ca2 3641 XFILE file;
wolfSSL 0:1239e9b70ca2 3642 int ret;
wolfSSL 0:1239e9b70ca2 3643 int rc = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3644 int i;
wolfSSL 0:1239e9b70ca2 3645 cache_header_t cache_header;
wolfSSL 0:1239e9b70ca2 3646
wolfSSL 0:1239e9b70ca2 3647 CYASSL_ENTER("CyaSSL_save_session_cache");
wolfSSL 0:1239e9b70ca2 3648
wolfSSL 0:1239e9b70ca2 3649 file = XFOPEN(fname, "w+b");
wolfSSL 0:1239e9b70ca2 3650 if (file == XBADFILE) {
wolfSSL 0:1239e9b70ca2 3651 CYASSL_MSG("Couldn't open session cache save file");
wolfSSL 0:1239e9b70ca2 3652 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3653 }
wolfSSL 0:1239e9b70ca2 3654 cache_header.version = CYASSL_CACHE_VERSION;
wolfSSL 0:1239e9b70ca2 3655 cache_header.rows = SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 3656 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 0:1239e9b70ca2 3657 cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
wolfSSL 0:1239e9b70ca2 3658
wolfSSL 0:1239e9b70ca2 3659 /* cache header */
wolfSSL 0:1239e9b70ca2 3660 ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
wolfSSL 0:1239e9b70ca2 3661 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3662 CYASSL_MSG("Session cache header file write failed");
wolfSSL 0:1239e9b70ca2 3663 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3664 return FWRITE_ERROR;
wolfSSL 0:1239e9b70ca2 3665 }
wolfSSL 0:1239e9b70ca2 3666
wolfSSL 0:1239e9b70ca2 3667 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 3668 CYASSL_MSG("Session cache mutex lock failed");
wolfSSL 0:1239e9b70ca2 3669 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3670 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 3671 }
wolfSSL 0:1239e9b70ca2 3672
wolfSSL 0:1239e9b70ca2 3673 /* session cache */
wolfSSL 0:1239e9b70ca2 3674 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:1239e9b70ca2 3675 ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 0:1239e9b70ca2 3676 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3677 CYASSL_MSG("Session cache member file write failed");
wolfSSL 0:1239e9b70ca2 3678 rc = FWRITE_ERROR;
wolfSSL 0:1239e9b70ca2 3679 break;
wolfSSL 0:1239e9b70ca2 3680 }
wolfSSL 0:1239e9b70ca2 3681 }
wolfSSL 0:1239e9b70ca2 3682
wolfSSL 0:1239e9b70ca2 3683 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3684 /* client cache */
wolfSSL 0:1239e9b70ca2 3685 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:1239e9b70ca2 3686 ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 0:1239e9b70ca2 3687 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3688 CYASSL_MSG("Client cache member file write failed");
wolfSSL 0:1239e9b70ca2 3689 rc = FWRITE_ERROR;
wolfSSL 0:1239e9b70ca2 3690 break;
wolfSSL 0:1239e9b70ca2 3691 }
wolfSSL 0:1239e9b70ca2 3692 }
wolfSSL 0:1239e9b70ca2 3693 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 3694
wolfSSL 0:1239e9b70ca2 3695 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 3696
wolfSSL 0:1239e9b70ca2 3697 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3698 CYASSL_LEAVE("CyaSSL_save_session_cache", rc);
wolfSSL 0:1239e9b70ca2 3699
wolfSSL 0:1239e9b70ca2 3700 return rc;
wolfSSL 0:1239e9b70ca2 3701 }
wolfSSL 0:1239e9b70ca2 3702
wolfSSL 0:1239e9b70ca2 3703
wolfSSL 0:1239e9b70ca2 3704 /* Restore the persistant session cache from file */
wolfSSL 0:1239e9b70ca2 3705 /* doesn't use memstore because of additional memory use */
wolfSSL 0:1239e9b70ca2 3706 int CyaSSL_restore_session_cache(const char *fname)
wolfSSL 0:1239e9b70ca2 3707 {
wolfSSL 0:1239e9b70ca2 3708 XFILE file;
wolfSSL 0:1239e9b70ca2 3709 int rc = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3710 int ret;
wolfSSL 0:1239e9b70ca2 3711 int i;
wolfSSL 0:1239e9b70ca2 3712 cache_header_t cache_header;
wolfSSL 0:1239e9b70ca2 3713
wolfSSL 0:1239e9b70ca2 3714 CYASSL_ENTER("CyaSSL_restore_session_cache");
wolfSSL 0:1239e9b70ca2 3715
wolfSSL 0:1239e9b70ca2 3716 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 3717 if (file == XBADFILE) {
wolfSSL 0:1239e9b70ca2 3718 CYASSL_MSG("Couldn't open session cache save file");
wolfSSL 0:1239e9b70ca2 3719 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 3720 }
wolfSSL 0:1239e9b70ca2 3721 /* cache header */
wolfSSL 0:1239e9b70ca2 3722 ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
wolfSSL 0:1239e9b70ca2 3723 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3724 CYASSL_MSG("Session cache header file read failed");
wolfSSL 0:1239e9b70ca2 3725 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3726 return FREAD_ERROR;
wolfSSL 0:1239e9b70ca2 3727 }
wolfSSL 0:1239e9b70ca2 3728 if (cache_header.version != CYASSL_CACHE_VERSION ||
wolfSSL 0:1239e9b70ca2 3729 cache_header.rows != SESSION_ROWS ||
wolfSSL 0:1239e9b70ca2 3730 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 0:1239e9b70ca2 3731 cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
wolfSSL 0:1239e9b70ca2 3732
wolfSSL 0:1239e9b70ca2 3733 CYASSL_MSG("Session cache header match failed");
wolfSSL 0:1239e9b70ca2 3734 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3735 return CACHE_MATCH_ERROR;
wolfSSL 0:1239e9b70ca2 3736 }
wolfSSL 0:1239e9b70ca2 3737
wolfSSL 0:1239e9b70ca2 3738 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 3739 CYASSL_MSG("Session cache mutex lock failed");
wolfSSL 0:1239e9b70ca2 3740 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3741 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 3742 }
wolfSSL 0:1239e9b70ca2 3743
wolfSSL 0:1239e9b70ca2 3744 /* session cache */
wolfSSL 0:1239e9b70ca2 3745 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:1239e9b70ca2 3746 ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 0:1239e9b70ca2 3747 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3748 CYASSL_MSG("Session cache member file read failed");
wolfSSL 0:1239e9b70ca2 3749 XMEMSET(SessionCache, 0, sizeof SessionCache);
wolfSSL 0:1239e9b70ca2 3750 rc = FREAD_ERROR;
wolfSSL 0:1239e9b70ca2 3751 break;
wolfSSL 0:1239e9b70ca2 3752 }
wolfSSL 0:1239e9b70ca2 3753 }
wolfSSL 0:1239e9b70ca2 3754
wolfSSL 0:1239e9b70ca2 3755 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 3756 /* client cache */
wolfSSL 0:1239e9b70ca2 3757 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 0:1239e9b70ca2 3758 ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 0:1239e9b70ca2 3759 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 3760 CYASSL_MSG("Client cache member file read failed");
wolfSSL 0:1239e9b70ca2 3761 XMEMSET(ClientCache, 0, sizeof ClientCache);
wolfSSL 0:1239e9b70ca2 3762 rc = FREAD_ERROR;
wolfSSL 0:1239e9b70ca2 3763 break;
wolfSSL 0:1239e9b70ca2 3764 }
wolfSSL 0:1239e9b70ca2 3765 }
wolfSSL 0:1239e9b70ca2 3766
wolfSSL 0:1239e9b70ca2 3767 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 3768
wolfSSL 0:1239e9b70ca2 3769 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 3770
wolfSSL 0:1239e9b70ca2 3771 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 3772 CYASSL_LEAVE("CyaSSL_restore_session_cache", rc);
wolfSSL 0:1239e9b70ca2 3773
wolfSSL 0:1239e9b70ca2 3774 return rc;
wolfSSL 0:1239e9b70ca2 3775 }
wolfSSL 0:1239e9b70ca2 3776
wolfSSL 0:1239e9b70ca2 3777 #endif /* !NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 3778 #endif /* PERSIST_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 3779 #endif /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 3780
wolfSSL 0:1239e9b70ca2 3781
wolfSSL 0:1239e9b70ca2 3782 void CyaSSL_load_error_strings(void) /* compatibility only */
wolfSSL 0:1239e9b70ca2 3783 {}
wolfSSL 0:1239e9b70ca2 3784
wolfSSL 0:1239e9b70ca2 3785
wolfSSL 0:1239e9b70ca2 3786 int CyaSSL_library_init(void)
wolfSSL 0:1239e9b70ca2 3787 {
wolfSSL 0:1239e9b70ca2 3788 CYASSL_ENTER("SSL_library_init");
wolfSSL 0:1239e9b70ca2 3789 if (CyaSSL_Init() == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 3790 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3791 else
wolfSSL 0:1239e9b70ca2 3792 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 3793 }
wolfSSL 0:1239e9b70ca2 3794
wolfSSL 0:1239e9b70ca2 3795
wolfSSL 0:1239e9b70ca2 3796 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 3797
wolfSSL 0:1239e9b70ca2 3798 /* on by default if built in but allow user to turn off */
wolfSSL 0:1239e9b70ca2 3799 long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode)
wolfSSL 0:1239e9b70ca2 3800 {
wolfSSL 0:1239e9b70ca2 3801 CYASSL_ENTER("SSL_CTX_set_session_cache_mode");
wolfSSL 0:1239e9b70ca2 3802 if (mode == SSL_SESS_CACHE_OFF)
wolfSSL 0:1239e9b70ca2 3803 ctx->sessionCacheOff = 1;
wolfSSL 0:1239e9b70ca2 3804
wolfSSL 0:1239e9b70ca2 3805 if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
wolfSSL 0:1239e9b70ca2 3806 ctx->sessionCacheFlushOff = 1;
wolfSSL 0:1239e9b70ca2 3807
wolfSSL 0:1239e9b70ca2 3808 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 3809 }
wolfSSL 0:1239e9b70ca2 3810
wolfSSL 0:1239e9b70ca2 3811 #endif /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 3812
wolfSSL 0:1239e9b70ca2 3813
wolfSSL 0:1239e9b70ca2 3814 #if !defined(NO_CERTS)
wolfSSL 0:1239e9b70ca2 3815 #if defined(PERSIST_CERT_CACHE)
wolfSSL 0:1239e9b70ca2 3816
wolfSSL 0:1239e9b70ca2 3817
wolfSSL 0:1239e9b70ca2 3818 #define CYASSL_CACHE_CERT_VERSION 1
wolfSSL 0:1239e9b70ca2 3819
wolfSSL 0:1239e9b70ca2 3820 typedef struct {
wolfSSL 0:1239e9b70ca2 3821 int version; /* cache cert layout version id */
wolfSSL 0:1239e9b70ca2 3822 int rows; /* hash table rows, CA_TABLE_SIZE */
wolfSSL 0:1239e9b70ca2 3823 int columns[CA_TABLE_SIZE]; /* columns per row on list */
wolfSSL 0:1239e9b70ca2 3824 int signerSz; /* sizeof Signer object */
wolfSSL 0:1239e9b70ca2 3825 } CertCacheHeader;
wolfSSL 0:1239e9b70ca2 3826
wolfSSL 0:1239e9b70ca2 3827 /* current cert persistance layout is:
wolfSSL 0:1239e9b70ca2 3828
wolfSSL 0:1239e9b70ca2 3829 1) CertCacheHeader
wolfSSL 0:1239e9b70ca2 3830 2) caTable
wolfSSL 0:1239e9b70ca2 3831
wolfSSL 0:1239e9b70ca2 3832 update CYASSL_CERT_CACHE_VERSION if change layout for the following
wolfSSL 0:1239e9b70ca2 3833 PERSIST_CERT_CACHE functions
wolfSSL 0:1239e9b70ca2 3834 */
wolfSSL 0:1239e9b70ca2 3835
wolfSSL 0:1239e9b70ca2 3836
wolfSSL 0:1239e9b70ca2 3837 /* Return memory needed to persist this signer, have lock */
wolfSSL 0:1239e9b70ca2 3838 static INLINE int GetSignerMemory(Signer* signer)
wolfSSL 0:1239e9b70ca2 3839 {
wolfSSL 0:1239e9b70ca2 3840 int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
wolfSSL 0:1239e9b70ca2 3841 + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 0:1239e9b70ca2 3842
wolfSSL 0:1239e9b70ca2 3843 #if !defined(NO_SKID)
wolfSSL 0:1239e9b70ca2 3844 sz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 0:1239e9b70ca2 3845 #endif
wolfSSL 0:1239e9b70ca2 3846
wolfSSL 0:1239e9b70ca2 3847 /* add dynamic bytes needed */
wolfSSL 0:1239e9b70ca2 3848 sz += signer->pubKeySize;
wolfSSL 0:1239e9b70ca2 3849 sz += signer->nameLen;
wolfSSL 0:1239e9b70ca2 3850
wolfSSL 0:1239e9b70ca2 3851 return sz;
wolfSSL 0:1239e9b70ca2 3852 }
wolfSSL 0:1239e9b70ca2 3853
wolfSSL 0:1239e9b70ca2 3854
wolfSSL 0:1239e9b70ca2 3855 /* Return memory needed to persist this row, have lock */
wolfSSL 0:1239e9b70ca2 3856 static INLINE int GetCertCacheRowMemory(Signer* row)
wolfSSL 0:1239e9b70ca2 3857 {
wolfSSL 0:1239e9b70ca2 3858 int sz = 0;
wolfSSL 0:1239e9b70ca2 3859
wolfSSL 0:1239e9b70ca2 3860 while (row) {
wolfSSL 0:1239e9b70ca2 3861 sz += GetSignerMemory(row);
wolfSSL 0:1239e9b70ca2 3862 row = row->next;
wolfSSL 0:1239e9b70ca2 3863 }
wolfSSL 0:1239e9b70ca2 3864
wolfSSL 0:1239e9b70ca2 3865 return sz;
wolfSSL 0:1239e9b70ca2 3866 }
wolfSSL 0:1239e9b70ca2 3867
wolfSSL 0:1239e9b70ca2 3868
wolfSSL 0:1239e9b70ca2 3869 /* get the size of persist cert cache, have lock */
wolfSSL 0:1239e9b70ca2 3870 static INLINE int GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 3871 {
wolfSSL 0:1239e9b70ca2 3872 int sz;
wolfSSL 0:1239e9b70ca2 3873 int i;
wolfSSL 0:1239e9b70ca2 3874
wolfSSL 0:1239e9b70ca2 3875 sz = sizeof(CertCacheHeader);
wolfSSL 0:1239e9b70ca2 3876
wolfSSL 0:1239e9b70ca2 3877 for (i = 0; i < CA_TABLE_SIZE; i++)
wolfSSL 0:1239e9b70ca2 3878 sz += GetCertCacheRowMemory(cm->caTable[i]);
wolfSSL 0:1239e9b70ca2 3879
wolfSSL 0:1239e9b70ca2 3880 return sz;
wolfSSL 0:1239e9b70ca2 3881 }
wolfSSL 0:1239e9b70ca2 3882
wolfSSL 0:1239e9b70ca2 3883
wolfSSL 0:1239e9b70ca2 3884 /* Store cert cache header columns with number of items per list, have lock */
wolfSSL 0:1239e9b70ca2 3885 static INLINE void SetCertHeaderColumns(CYASSL_CERT_MANAGER* cm, int* columns)
wolfSSL 0:1239e9b70ca2 3886 {
wolfSSL 0:1239e9b70ca2 3887 int i;
wolfSSL 0:1239e9b70ca2 3888 Signer* row;
wolfSSL 0:1239e9b70ca2 3889
wolfSSL 0:1239e9b70ca2 3890 for (i = 0; i < CA_TABLE_SIZE; i++) {
wolfSSL 0:1239e9b70ca2 3891 int count = 0;
wolfSSL 0:1239e9b70ca2 3892 row = cm->caTable[i];
wolfSSL 0:1239e9b70ca2 3893
wolfSSL 0:1239e9b70ca2 3894 while (row) {
wolfSSL 0:1239e9b70ca2 3895 ++count;
wolfSSL 0:1239e9b70ca2 3896 row = row->next;
wolfSSL 0:1239e9b70ca2 3897 }
wolfSSL 0:1239e9b70ca2 3898 columns[i] = count;
wolfSSL 0:1239e9b70ca2 3899 }
wolfSSL 0:1239e9b70ca2 3900 }
wolfSSL 0:1239e9b70ca2 3901
wolfSSL 0:1239e9b70ca2 3902
wolfSSL 0:1239e9b70ca2 3903 /* Restore whole cert row from memory, have lock, return bytes consumed,
wolfSSL 0:1239e9b70ca2 3904 < 0 on error, have lock */
wolfSSL 0:1239e9b70ca2 3905 static INLINE int RestoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current,
wolfSSL 0:1239e9b70ca2 3906 int row, int listSz, const byte* end)
wolfSSL 0:1239e9b70ca2 3907 {
wolfSSL 0:1239e9b70ca2 3908 int idx = 0;
wolfSSL 0:1239e9b70ca2 3909
wolfSSL 0:1239e9b70ca2 3910 if (listSz < 0) {
wolfSSL 0:1239e9b70ca2 3911 CYASSL_MSG("Row header corrupted, negative value");
wolfSSL 0:1239e9b70ca2 3912 return PARSE_ERROR;
wolfSSL 0:1239e9b70ca2 3913 }
wolfSSL 0:1239e9b70ca2 3914
wolfSSL 0:1239e9b70ca2 3915 while (listSz) {
wolfSSL 0:1239e9b70ca2 3916 Signer* signer;
wolfSSL 0:1239e9b70ca2 3917 byte* start = current + idx; /* for end checks on this signer */
wolfSSL 0:1239e9b70ca2 3918 int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
wolfSSL 0:1239e9b70ca2 3919 sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 0:1239e9b70ca2 3920 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 3921 minSz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 0:1239e9b70ca2 3922 #endif
wolfSSL 0:1239e9b70ca2 3923
wolfSSL 0:1239e9b70ca2 3924 if (start + minSz > end) {
wolfSSL 0:1239e9b70ca2 3925 CYASSL_MSG("Would overread restore buffer");
wolfSSL 0:1239e9b70ca2 3926 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3927 }
wolfSSL 0:1239e9b70ca2 3928 signer = MakeSigner(cm->heap);
wolfSSL 0:1239e9b70ca2 3929 if (signer == NULL)
wolfSSL 0:1239e9b70ca2 3930 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 3931
wolfSSL 0:1239e9b70ca2 3932 /* pubKeySize */
wolfSSL 0:1239e9b70ca2 3933 XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
wolfSSL 0:1239e9b70ca2 3934 idx += (int)sizeof(signer->pubKeySize);
wolfSSL 0:1239e9b70ca2 3935
wolfSSL 0:1239e9b70ca2 3936 /* keyOID */
wolfSSL 0:1239e9b70ca2 3937 XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
wolfSSL 0:1239e9b70ca2 3938 idx += (int)sizeof(signer->keyOID);
wolfSSL 0:1239e9b70ca2 3939
wolfSSL 0:1239e9b70ca2 3940 /* pulicKey */
wolfSSL 0:1239e9b70ca2 3941 if (start + minSz + signer->pubKeySize > end) {
wolfSSL 0:1239e9b70ca2 3942 CYASSL_MSG("Would overread restore buffer");
wolfSSL 0:1239e9b70ca2 3943 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 3944 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3945 }
wolfSSL 0:1239e9b70ca2 3946 signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
wolfSSL 0:1239e9b70ca2 3947 DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 3948 if (signer->publicKey == NULL) {
wolfSSL 0:1239e9b70ca2 3949 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 3950 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 3951 }
wolfSSL 0:1239e9b70ca2 3952
wolfSSL 0:1239e9b70ca2 3953 XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize);
wolfSSL 0:1239e9b70ca2 3954 idx += signer->pubKeySize;
wolfSSL 0:1239e9b70ca2 3955
wolfSSL 0:1239e9b70ca2 3956 /* nameLen */
wolfSSL 0:1239e9b70ca2 3957 XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
wolfSSL 0:1239e9b70ca2 3958 idx += (int)sizeof(signer->nameLen);
wolfSSL 0:1239e9b70ca2 3959
wolfSSL 0:1239e9b70ca2 3960 /* name */
wolfSSL 0:1239e9b70ca2 3961 if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
wolfSSL 0:1239e9b70ca2 3962 CYASSL_MSG("Would overread restore buffer");
wolfSSL 0:1239e9b70ca2 3963 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 3964 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 3965 }
wolfSSL 0:1239e9b70ca2 3966 signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
wolfSSL 0:1239e9b70ca2 3967 DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 0:1239e9b70ca2 3968 if (signer->name == NULL) {
wolfSSL 0:1239e9b70ca2 3969 FreeSigner(signer, cm->heap);
wolfSSL 0:1239e9b70ca2 3970 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 3971 }
wolfSSL 0:1239e9b70ca2 3972
wolfSSL 0:1239e9b70ca2 3973 XMEMCPY(signer->name, current + idx, signer->nameLen);
wolfSSL 0:1239e9b70ca2 3974 idx += signer->nameLen;
wolfSSL 0:1239e9b70ca2 3975
wolfSSL 0:1239e9b70ca2 3976 /* subjectNameHash */
wolfSSL 0:1239e9b70ca2 3977 XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 3978 idx += SIGNER_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 3979
wolfSSL 0:1239e9b70ca2 3980 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 3981 /* subjectKeyIdHash */
wolfSSL 0:1239e9b70ca2 3982 XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 3983 idx += SIGNER_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 3984 #endif
wolfSSL 0:1239e9b70ca2 3985
wolfSSL 0:1239e9b70ca2 3986 signer->next = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 3987 cm->caTable[row] = signer;
wolfSSL 0:1239e9b70ca2 3988
wolfSSL 0:1239e9b70ca2 3989 --listSz;
wolfSSL 0:1239e9b70ca2 3990 }
wolfSSL 0:1239e9b70ca2 3991
wolfSSL 0:1239e9b70ca2 3992 return idx;
wolfSSL 0:1239e9b70ca2 3993 }
wolfSSL 0:1239e9b70ca2 3994
wolfSSL 0:1239e9b70ca2 3995
wolfSSL 0:1239e9b70ca2 3996 /* Store whole cert row into memory, have lock, return bytes added */
wolfSSL 0:1239e9b70ca2 3997 static INLINE int StoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current, int row)
wolfSSL 0:1239e9b70ca2 3998 {
wolfSSL 0:1239e9b70ca2 3999 int added = 0;
wolfSSL 0:1239e9b70ca2 4000 Signer* list = cm->caTable[row];
wolfSSL 0:1239e9b70ca2 4001
wolfSSL 0:1239e9b70ca2 4002 while (list) {
wolfSSL 0:1239e9b70ca2 4003 XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
wolfSSL 0:1239e9b70ca2 4004 added += (int)sizeof(list->pubKeySize);
wolfSSL 0:1239e9b70ca2 4005
wolfSSL 0:1239e9b70ca2 4006 XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
wolfSSL 0:1239e9b70ca2 4007 added += (int)sizeof(list->keyOID);
wolfSSL 0:1239e9b70ca2 4008
wolfSSL 0:1239e9b70ca2 4009 XMEMCPY(current + added, list->publicKey, list->pubKeySize);
wolfSSL 0:1239e9b70ca2 4010 added += list->pubKeySize;
wolfSSL 0:1239e9b70ca2 4011
wolfSSL 0:1239e9b70ca2 4012 XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
wolfSSL 0:1239e9b70ca2 4013 added += (int)sizeof(list->nameLen);
wolfSSL 0:1239e9b70ca2 4014
wolfSSL 0:1239e9b70ca2 4015 XMEMCPY(current + added, list->name, list->nameLen);
wolfSSL 0:1239e9b70ca2 4016 added += list->nameLen;
wolfSSL 0:1239e9b70ca2 4017
wolfSSL 0:1239e9b70ca2 4018 XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 4019 added += SIGNER_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 4020
wolfSSL 0:1239e9b70ca2 4021 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 4022 XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 4023 added += SIGNER_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 4024 #endif
wolfSSL 0:1239e9b70ca2 4025
wolfSSL 0:1239e9b70ca2 4026 list = list->next;
wolfSSL 0:1239e9b70ca2 4027 }
wolfSSL 0:1239e9b70ca2 4028
wolfSSL 0:1239e9b70ca2 4029 return added;
wolfSSL 0:1239e9b70ca2 4030 }
wolfSSL 0:1239e9b70ca2 4031
wolfSSL 0:1239e9b70ca2 4032
wolfSSL 0:1239e9b70ca2 4033 /* Persist cert cache to memory, have lock */
wolfSSL 0:1239e9b70ca2 4034 static INLINE int DoMemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz)
wolfSSL 0:1239e9b70ca2 4035 {
wolfSSL 0:1239e9b70ca2 4036 int realSz;
wolfSSL 0:1239e9b70ca2 4037 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4038 int i;
wolfSSL 0:1239e9b70ca2 4039
wolfSSL 0:1239e9b70ca2 4040 CYASSL_ENTER("DoMemSaveCertCache");
wolfSSL 0:1239e9b70ca2 4041
wolfSSL 0:1239e9b70ca2 4042 realSz = GetCertCacheMemSize(cm);
wolfSSL 0:1239e9b70ca2 4043 if (realSz > sz) {
wolfSSL 0:1239e9b70ca2 4044 CYASSL_MSG("Mem output buffer too small");
wolfSSL 0:1239e9b70ca2 4045 ret = BUFFER_E;
wolfSSL 0:1239e9b70ca2 4046 }
wolfSSL 0:1239e9b70ca2 4047 else {
wolfSSL 0:1239e9b70ca2 4048 byte* current;
wolfSSL 0:1239e9b70ca2 4049 CertCacheHeader hdr;
wolfSSL 0:1239e9b70ca2 4050
wolfSSL 0:1239e9b70ca2 4051 hdr.version = CYASSL_CACHE_CERT_VERSION;
wolfSSL 0:1239e9b70ca2 4052 hdr.rows = CA_TABLE_SIZE;
wolfSSL 0:1239e9b70ca2 4053 SetCertHeaderColumns(cm, hdr.columns);
wolfSSL 0:1239e9b70ca2 4054 hdr.signerSz = (int)sizeof(Signer);
wolfSSL 0:1239e9b70ca2 4055
wolfSSL 0:1239e9b70ca2 4056 XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
wolfSSL 0:1239e9b70ca2 4057 current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 0:1239e9b70ca2 4058
wolfSSL 0:1239e9b70ca2 4059 for (i = 0; i < CA_TABLE_SIZE; ++i)
wolfSSL 0:1239e9b70ca2 4060 current += StoreCertRow(cm, current, i);
wolfSSL 0:1239e9b70ca2 4061 }
wolfSSL 0:1239e9b70ca2 4062
wolfSSL 0:1239e9b70ca2 4063 return ret;
wolfSSL 0:1239e9b70ca2 4064 }
wolfSSL 0:1239e9b70ca2 4065
wolfSSL 0:1239e9b70ca2 4066
wolfSSL 0:1239e9b70ca2 4067 #if !defined(NO_FILESYSTEM)
wolfSSL 0:1239e9b70ca2 4068
wolfSSL 0:1239e9b70ca2 4069 /* Persist cert cache to file */
wolfSSL 0:1239e9b70ca2 4070 int CM_SaveCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 0:1239e9b70ca2 4071 {
wolfSSL 0:1239e9b70ca2 4072 XFILE file;
wolfSSL 0:1239e9b70ca2 4073 int rc = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4074 int memSz;
wolfSSL 0:1239e9b70ca2 4075 byte* mem;
wolfSSL 0:1239e9b70ca2 4076
wolfSSL 0:1239e9b70ca2 4077 CYASSL_ENTER("CM_SaveCertCache");
wolfSSL 0:1239e9b70ca2 4078
wolfSSL 0:1239e9b70ca2 4079 file = XFOPEN(fname, "w+b");
wolfSSL 0:1239e9b70ca2 4080 if (file == XBADFILE) {
wolfSSL 0:1239e9b70ca2 4081 CYASSL_MSG("Couldn't open cert cache save file");
wolfSSL 0:1239e9b70ca2 4082 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 4083 }
wolfSSL 0:1239e9b70ca2 4084
wolfSSL 0:1239e9b70ca2 4085 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 4086 CYASSL_MSG("LockMutex on caLock failed");
wolfSSL 0:1239e9b70ca2 4087 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4088 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4089 }
wolfSSL 0:1239e9b70ca2 4090
wolfSSL 0:1239e9b70ca2 4091 memSz = GetCertCacheMemSize(cm);
wolfSSL 0:1239e9b70ca2 4092 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 4093 if (mem == NULL) {
wolfSSL 0:1239e9b70ca2 4094 CYASSL_MSG("Alloc for tmp buffer failed");
wolfSSL 0:1239e9b70ca2 4095 rc = MEMORY_E;
wolfSSL 0:1239e9b70ca2 4096 } else {
wolfSSL 0:1239e9b70ca2 4097 rc = DoMemSaveCertCache(cm, mem, memSz);
wolfSSL 0:1239e9b70ca2 4098 if (rc == SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 4099 int ret = (int)XFWRITE(mem, memSz, 1, file);
wolfSSL 0:1239e9b70ca2 4100 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 4101 CYASSL_MSG("Cert cache file write failed");
wolfSSL 0:1239e9b70ca2 4102 rc = FWRITE_ERROR;
wolfSSL 0:1239e9b70ca2 4103 }
wolfSSL 0:1239e9b70ca2 4104 }
wolfSSL 0:1239e9b70ca2 4105 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 4106 }
wolfSSL 0:1239e9b70ca2 4107
wolfSSL 0:1239e9b70ca2 4108 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 4109 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4110
wolfSSL 0:1239e9b70ca2 4111 return rc;
wolfSSL 0:1239e9b70ca2 4112 }
wolfSSL 0:1239e9b70ca2 4113
wolfSSL 0:1239e9b70ca2 4114
wolfSSL 0:1239e9b70ca2 4115 /* Restore cert cache from file */
wolfSSL 0:1239e9b70ca2 4116 int CM_RestoreCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 0:1239e9b70ca2 4117 {
wolfSSL 0:1239e9b70ca2 4118 XFILE file;
wolfSSL 0:1239e9b70ca2 4119 int rc = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4120 int ret;
wolfSSL 0:1239e9b70ca2 4121 int memSz;
wolfSSL 0:1239e9b70ca2 4122 byte* mem;
wolfSSL 0:1239e9b70ca2 4123
wolfSSL 0:1239e9b70ca2 4124 CYASSL_ENTER("CM_RestoreCertCache");
wolfSSL 0:1239e9b70ca2 4125
wolfSSL 0:1239e9b70ca2 4126 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 4127 if (file == XBADFILE) {
wolfSSL 0:1239e9b70ca2 4128 CYASSL_MSG("Couldn't open cert cache save file");
wolfSSL 0:1239e9b70ca2 4129 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 4130 }
wolfSSL 0:1239e9b70ca2 4131
wolfSSL 0:1239e9b70ca2 4132 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 4133 memSz = (int)XFTELL(file);
wolfSSL 0:1239e9b70ca2 4134 XREWIND(file);
wolfSSL 0:1239e9b70ca2 4135
wolfSSL 0:1239e9b70ca2 4136 if (memSz <= 0) {
wolfSSL 0:1239e9b70ca2 4137 CYASSL_MSG("Bad file size");
wolfSSL 0:1239e9b70ca2 4138 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4139 return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 4140 }
wolfSSL 0:1239e9b70ca2 4141
wolfSSL 0:1239e9b70ca2 4142 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 4143 if (mem == NULL) {
wolfSSL 0:1239e9b70ca2 4144 CYASSL_MSG("Alloc for tmp buffer failed");
wolfSSL 0:1239e9b70ca2 4145 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4146 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 4147 }
wolfSSL 0:1239e9b70ca2 4148
wolfSSL 0:1239e9b70ca2 4149 ret = (int)XFREAD(mem, memSz, 1, file);
wolfSSL 0:1239e9b70ca2 4150 if (ret != 1) {
wolfSSL 0:1239e9b70ca2 4151 CYASSL_MSG("Cert file read error");
wolfSSL 0:1239e9b70ca2 4152 rc = FREAD_ERROR;
wolfSSL 0:1239e9b70ca2 4153 } else {
wolfSSL 0:1239e9b70ca2 4154 rc = CM_MemRestoreCertCache(cm, mem, memSz);
wolfSSL 0:1239e9b70ca2 4155 if (rc != SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 4156 CYASSL_MSG("Mem restore cert cache failed");
wolfSSL 0:1239e9b70ca2 4157 }
wolfSSL 0:1239e9b70ca2 4158 }
wolfSSL 0:1239e9b70ca2 4159
wolfSSL 0:1239e9b70ca2 4160 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 0:1239e9b70ca2 4161 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 4162
wolfSSL 0:1239e9b70ca2 4163 return rc;
wolfSSL 0:1239e9b70ca2 4164 }
wolfSSL 0:1239e9b70ca2 4165
wolfSSL 0:1239e9b70ca2 4166 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 4167
wolfSSL 0:1239e9b70ca2 4168
wolfSSL 0:1239e9b70ca2 4169 /* Persist cert cache to memory */
wolfSSL 0:1239e9b70ca2 4170 int CM_MemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
wolfSSL 0:1239e9b70ca2 4171 {
wolfSSL 0:1239e9b70ca2 4172 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4173
wolfSSL 0:1239e9b70ca2 4174 CYASSL_ENTER("CM_MemSaveCertCache");
wolfSSL 0:1239e9b70ca2 4175
wolfSSL 0:1239e9b70ca2 4176 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 4177 CYASSL_MSG("LockMutex on caLock failed");
wolfSSL 0:1239e9b70ca2 4178 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4179 }
wolfSSL 0:1239e9b70ca2 4180
wolfSSL 0:1239e9b70ca2 4181 ret = DoMemSaveCertCache(cm, mem, sz);
wolfSSL 0:1239e9b70ca2 4182 if (ret == SSL_SUCCESS)
wolfSSL 0:1239e9b70ca2 4183 *used = GetCertCacheMemSize(cm);
wolfSSL 0:1239e9b70ca2 4184
wolfSSL 0:1239e9b70ca2 4185 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 4186
wolfSSL 0:1239e9b70ca2 4187 return ret;
wolfSSL 0:1239e9b70ca2 4188 }
wolfSSL 0:1239e9b70ca2 4189
wolfSSL 0:1239e9b70ca2 4190
wolfSSL 0:1239e9b70ca2 4191 /* Restore cert cache from memory */
wolfSSL 0:1239e9b70ca2 4192 int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER* cm, const void* mem, int sz)
wolfSSL 0:1239e9b70ca2 4193 {
wolfSSL 0:1239e9b70ca2 4194 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4195 int i;
wolfSSL 0:1239e9b70ca2 4196 CertCacheHeader* hdr = (CertCacheHeader*)mem;
wolfSSL 0:1239e9b70ca2 4197 byte* current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 0:1239e9b70ca2 4198 byte* end = (byte*)mem + sz; /* don't go over */
wolfSSL 0:1239e9b70ca2 4199
wolfSSL 0:1239e9b70ca2 4200 CYASSL_ENTER("CM_MemRestoreCertCache");
wolfSSL 0:1239e9b70ca2 4201
wolfSSL 0:1239e9b70ca2 4202 if (current > end) {
wolfSSL 0:1239e9b70ca2 4203 CYASSL_MSG("Cert Cache Memory buffer too small");
wolfSSL 0:1239e9b70ca2 4204 return BUFFER_E;
wolfSSL 0:1239e9b70ca2 4205 }
wolfSSL 0:1239e9b70ca2 4206
wolfSSL 0:1239e9b70ca2 4207 if (hdr->version != CYASSL_CACHE_CERT_VERSION ||
wolfSSL 0:1239e9b70ca2 4208 hdr->rows != CA_TABLE_SIZE ||
wolfSSL 0:1239e9b70ca2 4209 hdr->signerSz != (int)sizeof(Signer)) {
wolfSSL 0:1239e9b70ca2 4210
wolfSSL 0:1239e9b70ca2 4211 CYASSL_MSG("Cert Cache Memory header mismatch");
wolfSSL 0:1239e9b70ca2 4212 return CACHE_MATCH_ERROR;
wolfSSL 0:1239e9b70ca2 4213 }
wolfSSL 0:1239e9b70ca2 4214
wolfSSL 0:1239e9b70ca2 4215 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 4216 CYASSL_MSG("LockMutex on caLock failed");
wolfSSL 0:1239e9b70ca2 4217 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4218 }
wolfSSL 0:1239e9b70ca2 4219
wolfSSL 0:1239e9b70ca2 4220 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 0:1239e9b70ca2 4221
wolfSSL 0:1239e9b70ca2 4222 for (i = 0; i < CA_TABLE_SIZE; ++i) {
wolfSSL 0:1239e9b70ca2 4223 int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
wolfSSL 0:1239e9b70ca2 4224 if (added < 0) {
wolfSSL 0:1239e9b70ca2 4225 CYASSL_MSG("RestoreCertRow error");
wolfSSL 0:1239e9b70ca2 4226 ret = added;
wolfSSL 0:1239e9b70ca2 4227 break;
wolfSSL 0:1239e9b70ca2 4228 }
wolfSSL 0:1239e9b70ca2 4229 current += added;
wolfSSL 0:1239e9b70ca2 4230 }
wolfSSL 0:1239e9b70ca2 4231
wolfSSL 0:1239e9b70ca2 4232 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 4233
wolfSSL 0:1239e9b70ca2 4234 return ret;
wolfSSL 0:1239e9b70ca2 4235 }
wolfSSL 0:1239e9b70ca2 4236
wolfSSL 0:1239e9b70ca2 4237
wolfSSL 0:1239e9b70ca2 4238 /* get how big the the cert cache save buffer needs to be */
wolfSSL 0:1239e9b70ca2 4239 int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
wolfSSL 0:1239e9b70ca2 4240 {
wolfSSL 0:1239e9b70ca2 4241 int sz;
wolfSSL 0:1239e9b70ca2 4242
wolfSSL 0:1239e9b70ca2 4243 CYASSL_ENTER("CM_GetCertCacheMemSize");
wolfSSL 0:1239e9b70ca2 4244
wolfSSL 0:1239e9b70ca2 4245 if (LockMutex(&cm->caLock) != 0) {
wolfSSL 0:1239e9b70ca2 4246 CYASSL_MSG("LockMutex on caLock failed");
wolfSSL 0:1239e9b70ca2 4247 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4248 }
wolfSSL 0:1239e9b70ca2 4249
wolfSSL 0:1239e9b70ca2 4250 sz = GetCertCacheMemSize(cm);
wolfSSL 0:1239e9b70ca2 4251
wolfSSL 0:1239e9b70ca2 4252 UnLockMutex(&cm->caLock);
wolfSSL 0:1239e9b70ca2 4253
wolfSSL 0:1239e9b70ca2 4254 return sz;
wolfSSL 0:1239e9b70ca2 4255 }
wolfSSL 0:1239e9b70ca2 4256
wolfSSL 0:1239e9b70ca2 4257 #endif /* PERSIST_CERT_CACHE */
wolfSSL 0:1239e9b70ca2 4258 #endif /* NO_CERTS */
wolfSSL 0:1239e9b70ca2 4259
wolfSSL 0:1239e9b70ca2 4260
wolfSSL 0:1239e9b70ca2 4261 int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
wolfSSL 0:1239e9b70ca2 4262 {
wolfSSL 0:1239e9b70ca2 4263 CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
wolfSSL 0:1239e9b70ca2 4264 if (SetCipherList(&ctx->suites, list))
wolfSSL 0:1239e9b70ca2 4265 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4266 else
wolfSSL 0:1239e9b70ca2 4267 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 4268 }
wolfSSL 0:1239e9b70ca2 4269
wolfSSL 0:1239e9b70ca2 4270
wolfSSL 0:1239e9b70ca2 4271 int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
wolfSSL 0:1239e9b70ca2 4272 {
wolfSSL 0:1239e9b70ca2 4273 CYASSL_ENTER("CyaSSL_set_cipher_list");
wolfSSL 0:1239e9b70ca2 4274 if (SetCipherList(ssl->suites, list)) {
wolfSSL 0:1239e9b70ca2 4275 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 4276 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 4277
wolfSSL 0:1239e9b70ca2 4278 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 4279 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 4280 #endif
wolfSSL 0:1239e9b70ca2 4281 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 4282 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 4283 #endif
wolfSSL 0:1239e9b70ca2 4284
wolfSSL 0:1239e9b70ca2 4285 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 0:1239e9b70ca2 4286 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:1239e9b70ca2 4287 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:1239e9b70ca2 4288 ssl->options.side);
wolfSSL 0:1239e9b70ca2 4289
wolfSSL 0:1239e9b70ca2 4290 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4291 }
wolfSSL 0:1239e9b70ca2 4292 else
wolfSSL 0:1239e9b70ca2 4293 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 4294 }
wolfSSL 0:1239e9b70ca2 4295
wolfSSL 0:1239e9b70ca2 4296
wolfSSL 0:1239e9b70ca2 4297 #ifndef CYASSL_LEANPSK
wolfSSL 0:1239e9b70ca2 4298 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4299
wolfSSL 0:1239e9b70ca2 4300 int CyaSSL_dtls_get_current_timeout(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 4301 {
wolfSSL 0:1239e9b70ca2 4302 (void)ssl;
wolfSSL 0:1239e9b70ca2 4303
wolfSSL 0:1239e9b70ca2 4304 return ssl->dtls_timeout;
wolfSSL 0:1239e9b70ca2 4305 }
wolfSSL 0:1239e9b70ca2 4306
wolfSSL 0:1239e9b70ca2 4307
wolfSSL 0:1239e9b70ca2 4308 /* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 4309 int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int timeout)
wolfSSL 0:1239e9b70ca2 4310 {
wolfSSL 0:1239e9b70ca2 4311 if (ssl == NULL || timeout < 0)
wolfSSL 0:1239e9b70ca2 4312 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 4313
wolfSSL 0:1239e9b70ca2 4314 if (timeout > ssl->dtls_timeout_max) {
wolfSSL 0:1239e9b70ca2 4315 CYASSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
wolfSSL 0:1239e9b70ca2 4316 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 4317 }
wolfSSL 0:1239e9b70ca2 4318
wolfSSL 0:1239e9b70ca2 4319 ssl->dtls_timeout_init = timeout;
wolfSSL 0:1239e9b70ca2 4320 ssl->dtls_timeout = timeout;
wolfSSL 0:1239e9b70ca2 4321
wolfSSL 0:1239e9b70ca2 4322 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4323 }
wolfSSL 0:1239e9b70ca2 4324
wolfSSL 0:1239e9b70ca2 4325
wolfSSL 0:1239e9b70ca2 4326 /* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 4327 int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int timeout)
wolfSSL 0:1239e9b70ca2 4328 {
wolfSSL 0:1239e9b70ca2 4329 if (ssl == NULL || timeout < 0)
wolfSSL 0:1239e9b70ca2 4330 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 4331
wolfSSL 0:1239e9b70ca2 4332 if (timeout < ssl->dtls_timeout_init) {
wolfSSL 0:1239e9b70ca2 4333 CYASSL_MSG("Can't set dtls timeout max less than dtls timeout init");
wolfSSL 0:1239e9b70ca2 4334 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 4335 }
wolfSSL 0:1239e9b70ca2 4336
wolfSSL 0:1239e9b70ca2 4337 ssl->dtls_timeout_max = timeout;
wolfSSL 0:1239e9b70ca2 4338
wolfSSL 0:1239e9b70ca2 4339 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4340 }
wolfSSL 0:1239e9b70ca2 4341
wolfSSL 0:1239e9b70ca2 4342
wolfSSL 0:1239e9b70ca2 4343 int CyaSSL_dtls_got_timeout(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 4344 {
wolfSSL 0:1239e9b70ca2 4345 int result = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4346
wolfSSL 0:1239e9b70ca2 4347 DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
wolfSSL 0:1239e9b70ca2 4348 ssl->dtls_msg_list = NULL;
wolfSSL 0:1239e9b70ca2 4349 if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) {
wolfSSL 0:1239e9b70ca2 4350 result = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4351 }
wolfSSL 0:1239e9b70ca2 4352 return result;
wolfSSL 0:1239e9b70ca2 4353 }
wolfSSL 0:1239e9b70ca2 4354
wolfSSL 0:1239e9b70ca2 4355 #endif /* DTLS */
wolfSSL 0:1239e9b70ca2 4356 #endif /* LEANPSK */
wolfSSL 0:1239e9b70ca2 4357
wolfSSL 0:1239e9b70ca2 4358
wolfSSL 0:1239e9b70ca2 4359 /* client only parts */
wolfSSL 0:1239e9b70ca2 4360 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 4361
wolfSSL 0:1239e9b70ca2 4362 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 4363 CYASSL_METHOD* CyaSSLv3_client_method(void)
wolfSSL 0:1239e9b70ca2 4364 {
wolfSSL 0:1239e9b70ca2 4365 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4366 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4367 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4368 CYASSL_ENTER("SSLv3_client_method");
wolfSSL 0:1239e9b70ca2 4369 if (method)
wolfSSL 0:1239e9b70ca2 4370 InitSSL_Method(method, MakeSSLv3());
wolfSSL 0:1239e9b70ca2 4371 return method;
wolfSSL 0:1239e9b70ca2 4372 }
wolfSSL 0:1239e9b70ca2 4373 #endif
wolfSSL 0:1239e9b70ca2 4374
wolfSSL 0:1239e9b70ca2 4375 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4376 CYASSL_METHOD* CyaDTLSv1_client_method(void)
wolfSSL 0:1239e9b70ca2 4377 {
wolfSSL 0:1239e9b70ca2 4378 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4379 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4380 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4381 CYASSL_ENTER("DTLSv1_client_method");
wolfSSL 0:1239e9b70ca2 4382 if (method)
wolfSSL 0:1239e9b70ca2 4383 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 0:1239e9b70ca2 4384 return method;
wolfSSL 0:1239e9b70ca2 4385 }
wolfSSL 0:1239e9b70ca2 4386
wolfSSL 0:1239e9b70ca2 4387 CYASSL_METHOD* CyaDTLSv1_2_client_method(void)
wolfSSL 0:1239e9b70ca2 4388 {
wolfSSL 0:1239e9b70ca2 4389 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4390 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4391 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4392 CYASSL_ENTER("DTLSv1_2_client_method");
wolfSSL 0:1239e9b70ca2 4393 if (method)
wolfSSL 0:1239e9b70ca2 4394 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 0:1239e9b70ca2 4395 return method;
wolfSSL 0:1239e9b70ca2 4396 }
wolfSSL 0:1239e9b70ca2 4397 #endif
wolfSSL 0:1239e9b70ca2 4398
wolfSSL 0:1239e9b70ca2 4399
wolfSSL 0:1239e9b70ca2 4400 /* please see note at top of README if you get an error from connect */
wolfSSL 0:1239e9b70ca2 4401 int CyaSSL_connect(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 4402 {
wolfSSL 0:1239e9b70ca2 4403 int neededState;
wolfSSL 0:1239e9b70ca2 4404
wolfSSL 0:1239e9b70ca2 4405 CYASSL_ENTER("SSL_connect()");
wolfSSL 0:1239e9b70ca2 4406
wolfSSL 0:1239e9b70ca2 4407 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 4408 errno = 0;
wolfSSL 0:1239e9b70ca2 4409 #endif
wolfSSL 0:1239e9b70ca2 4410
wolfSSL 0:1239e9b70ca2 4411 if (ssl->options.side != CYASSL_CLIENT_END) {
wolfSSL 0:1239e9b70ca2 4412 CYASSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 0:1239e9b70ca2 4413 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4414 }
wolfSSL 0:1239e9b70ca2 4415
wolfSSL 0:1239e9b70ca2 4416 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4417 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 0:1239e9b70ca2 4418 ssl->options.dtls = 1;
wolfSSL 0:1239e9b70ca2 4419 ssl->options.tls = 1;
wolfSSL 0:1239e9b70ca2 4420 ssl->options.tls1_1 = 1;
wolfSSL 0:1239e9b70ca2 4421
wolfSSL 0:1239e9b70ca2 4422 if (DtlsPoolInit(ssl) != 0) {
wolfSSL 0:1239e9b70ca2 4423 ssl->error = MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 4424 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4425 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4426 }
wolfSSL 0:1239e9b70ca2 4427 }
wolfSSL 0:1239e9b70ca2 4428 #endif
wolfSSL 0:1239e9b70ca2 4429
wolfSSL 0:1239e9b70ca2 4430 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 0:1239e9b70ca2 4431 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 0:1239e9b70ca2 4432 ssl->options.connectState++;
wolfSSL 0:1239e9b70ca2 4433 CYASSL_MSG("connect state: Advanced from buffered send");
wolfSSL 0:1239e9b70ca2 4434 }
wolfSSL 0:1239e9b70ca2 4435 else {
wolfSSL 0:1239e9b70ca2 4436 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4437 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4438 }
wolfSSL 0:1239e9b70ca2 4439 }
wolfSSL 0:1239e9b70ca2 4440
wolfSSL 0:1239e9b70ca2 4441 switch (ssl->options.connectState) {
wolfSSL 0:1239e9b70ca2 4442
wolfSSL 0:1239e9b70ca2 4443 case CONNECT_BEGIN :
wolfSSL 0:1239e9b70ca2 4444 /* always send client hello first */
wolfSSL 0:1239e9b70ca2 4445 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4446 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4447 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4448 }
wolfSSL 0:1239e9b70ca2 4449 ssl->options.connectState = CLIENT_HELLO_SENT;
wolfSSL 0:1239e9b70ca2 4450 CYASSL_MSG("connect state: CLIENT_HELLO_SENT");
wolfSSL 0:1239e9b70ca2 4451
wolfSSL 0:1239e9b70ca2 4452 case CLIENT_HELLO_SENT :
wolfSSL 0:1239e9b70ca2 4453 neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
wolfSSL 0:1239e9b70ca2 4454 SERVER_HELLODONE_COMPLETE;
wolfSSL 0:1239e9b70ca2 4455 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4456 /* In DTLS, when resuming, we can go straight to FINISHED,
wolfSSL 0:1239e9b70ca2 4457 * or do a cookie exchange and then skip to FINISHED, assume
wolfSSL 0:1239e9b70ca2 4458 * we need the cookie exchange first. */
wolfSSL 0:1239e9b70ca2 4459 if (ssl->options.dtls)
wolfSSL 0:1239e9b70ca2 4460 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 0:1239e9b70ca2 4461 #endif
wolfSSL 0:1239e9b70ca2 4462 /* get response */
wolfSSL 0:1239e9b70ca2 4463 while (ssl->options.serverState < neededState) {
wolfSSL 0:1239e9b70ca2 4464 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4465 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4466 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4467 }
wolfSSL 0:1239e9b70ca2 4468 /* if resumption failed, reset needed state */
wolfSSL 0:1239e9b70ca2 4469 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4470 if (!ssl->options.resuming) {
wolfSSL 0:1239e9b70ca2 4471 if (!ssl->options.dtls)
wolfSSL 0:1239e9b70ca2 4472 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 0:1239e9b70ca2 4473 else
wolfSSL 0:1239e9b70ca2 4474 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 0:1239e9b70ca2 4475 }
wolfSSL 0:1239e9b70ca2 4476 }
wolfSSL 0:1239e9b70ca2 4477
wolfSSL 0:1239e9b70ca2 4478 ssl->options.connectState = HELLO_AGAIN;
wolfSSL 0:1239e9b70ca2 4479 CYASSL_MSG("connect state: HELLO_AGAIN");
wolfSSL 0:1239e9b70ca2 4480
wolfSSL 0:1239e9b70ca2 4481 case HELLO_AGAIN :
wolfSSL 0:1239e9b70ca2 4482 if (ssl->options.certOnly)
wolfSSL 0:1239e9b70ca2 4483 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4484
wolfSSL 0:1239e9b70ca2 4485 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4486 if (ssl->options.dtls) {
wolfSSL 0:1239e9b70ca2 4487 /* re-init hashes, exclude first hello and verify request */
wolfSSL 0:1239e9b70ca2 4488 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 4489 InitMd5(&ssl->hashMd5);
wolfSSL 0:1239e9b70ca2 4490 if ( (ssl->error = InitSha(&ssl->hashSha)) != 0) {
wolfSSL 0:1239e9b70ca2 4491 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4492 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4493 }
wolfSSL 0:1239e9b70ca2 4494 #endif
wolfSSL 0:1239e9b70ca2 4495 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:1239e9b70ca2 4496 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 4497 if ( (ssl->error =
wolfSSL 0:1239e9b70ca2 4498 InitSha256(&ssl->hashSha256)) != 0) {
wolfSSL 0:1239e9b70ca2 4499 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4500 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4501 }
wolfSSL 0:1239e9b70ca2 4502 #endif
wolfSSL 0:1239e9b70ca2 4503 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 4504 if ( (ssl->error =
wolfSSL 0:1239e9b70ca2 4505 InitSha384(&ssl->hashSha384)) != 0) {
wolfSSL 0:1239e9b70ca2 4506 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4507 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4508 }
wolfSSL 0:1239e9b70ca2 4509 #endif
wolfSSL 0:1239e9b70ca2 4510 }
wolfSSL 0:1239e9b70ca2 4511 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4512 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4513 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4514 }
wolfSSL 0:1239e9b70ca2 4515 }
wolfSSL 0:1239e9b70ca2 4516 #endif
wolfSSL 0:1239e9b70ca2 4517
wolfSSL 0:1239e9b70ca2 4518 ssl->options.connectState = HELLO_AGAIN_REPLY;
wolfSSL 0:1239e9b70ca2 4519 CYASSL_MSG("connect state: HELLO_AGAIN_REPLY");
wolfSSL 0:1239e9b70ca2 4520
wolfSSL 0:1239e9b70ca2 4521 case HELLO_AGAIN_REPLY :
wolfSSL 0:1239e9b70ca2 4522 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4523 if (ssl->options.dtls) {
wolfSSL 0:1239e9b70ca2 4524 neededState = ssl->options.resuming ?
wolfSSL 0:1239e9b70ca2 4525 SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
wolfSSL 0:1239e9b70ca2 4526
wolfSSL 0:1239e9b70ca2 4527 /* get response */
wolfSSL 0:1239e9b70ca2 4528 while (ssl->options.serverState < neededState) {
wolfSSL 0:1239e9b70ca2 4529 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4530 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4531 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4532 }
wolfSSL 0:1239e9b70ca2 4533 /* if resumption failed, reset needed state */
wolfSSL 0:1239e9b70ca2 4534 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4535 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4536 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 0:1239e9b70ca2 4537 }
wolfSSL 0:1239e9b70ca2 4538 }
wolfSSL 0:1239e9b70ca2 4539 #endif
wolfSSL 0:1239e9b70ca2 4540
wolfSSL 0:1239e9b70ca2 4541 ssl->options.connectState = FIRST_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4542 CYASSL_MSG("connect state: FIRST_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4543
wolfSSL 0:1239e9b70ca2 4544 case FIRST_REPLY_DONE :
wolfSSL 0:1239e9b70ca2 4545 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4546 if (ssl->options.sendVerify) {
wolfSSL 0:1239e9b70ca2 4547 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4548 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4549 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4550 }
wolfSSL 0:1239e9b70ca2 4551 CYASSL_MSG("sent: certificate");
wolfSSL 0:1239e9b70ca2 4552 }
wolfSSL 0:1239e9b70ca2 4553
wolfSSL 0:1239e9b70ca2 4554 #endif
wolfSSL 0:1239e9b70ca2 4555 ssl->options.connectState = FIRST_REPLY_FIRST;
wolfSSL 0:1239e9b70ca2 4556 CYASSL_MSG("connect state: FIRST_REPLY_FIRST");
wolfSSL 0:1239e9b70ca2 4557
wolfSSL 0:1239e9b70ca2 4558 case FIRST_REPLY_FIRST :
wolfSSL 0:1239e9b70ca2 4559 if (!ssl->options.resuming) {
wolfSSL 0:1239e9b70ca2 4560 if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4561 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4562 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4563 }
wolfSSL 0:1239e9b70ca2 4564 CYASSL_MSG("sent: client key exchange");
wolfSSL 0:1239e9b70ca2 4565 }
wolfSSL 0:1239e9b70ca2 4566
wolfSSL 0:1239e9b70ca2 4567 ssl->options.connectState = FIRST_REPLY_SECOND;
wolfSSL 0:1239e9b70ca2 4568 CYASSL_MSG("connect state: FIRST_REPLY_SECOND");
wolfSSL 0:1239e9b70ca2 4569
wolfSSL 0:1239e9b70ca2 4570 case FIRST_REPLY_SECOND :
wolfSSL 0:1239e9b70ca2 4571 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4572 if (ssl->options.sendVerify) {
wolfSSL 0:1239e9b70ca2 4573 if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4574 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4575 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4576 }
wolfSSL 0:1239e9b70ca2 4577 CYASSL_MSG("sent: certificate verify");
wolfSSL 0:1239e9b70ca2 4578 }
wolfSSL 0:1239e9b70ca2 4579 #endif
wolfSSL 0:1239e9b70ca2 4580 ssl->options.connectState = FIRST_REPLY_THIRD;
wolfSSL 0:1239e9b70ca2 4581 CYASSL_MSG("connect state: FIRST_REPLY_THIRD");
wolfSSL 0:1239e9b70ca2 4582
wolfSSL 0:1239e9b70ca2 4583 case FIRST_REPLY_THIRD :
wolfSSL 0:1239e9b70ca2 4584 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4585 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4586 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4587 }
wolfSSL 0:1239e9b70ca2 4588 CYASSL_MSG("sent: change cipher spec");
wolfSSL 0:1239e9b70ca2 4589 ssl->options.connectState = FIRST_REPLY_FOURTH;
wolfSSL 0:1239e9b70ca2 4590 CYASSL_MSG("connect state: FIRST_REPLY_FOURTH");
wolfSSL 0:1239e9b70ca2 4591
wolfSSL 0:1239e9b70ca2 4592 case FIRST_REPLY_FOURTH :
wolfSSL 0:1239e9b70ca2 4593 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4594 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4595 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4596 }
wolfSSL 0:1239e9b70ca2 4597 CYASSL_MSG("sent: finished");
wolfSSL 0:1239e9b70ca2 4598 ssl->options.connectState = FINISHED_DONE;
wolfSSL 0:1239e9b70ca2 4599 CYASSL_MSG("connect state: FINISHED_DONE");
wolfSSL 0:1239e9b70ca2 4600
wolfSSL 0:1239e9b70ca2 4601 case FINISHED_DONE :
wolfSSL 0:1239e9b70ca2 4602 /* get response */
wolfSSL 0:1239e9b70ca2 4603 while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4604 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4605 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4606 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4607 }
wolfSSL 0:1239e9b70ca2 4608
wolfSSL 0:1239e9b70ca2 4609 ssl->options.connectState = SECOND_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4610 CYASSL_MSG("connect state: SECOND_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4611
wolfSSL 0:1239e9b70ca2 4612 case SECOND_REPLY_DONE:
wolfSSL 0:1239e9b70ca2 4613 FreeHandshakeResources(ssl);
wolfSSL 0:1239e9b70ca2 4614 CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 4615 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4616
wolfSSL 0:1239e9b70ca2 4617 default:
wolfSSL 0:1239e9b70ca2 4618 CYASSL_MSG("Unknown connect state ERROR");
wolfSSL 0:1239e9b70ca2 4619 return SSL_FATAL_ERROR; /* unknown connect state */
wolfSSL 0:1239e9b70ca2 4620 }
wolfSSL 0:1239e9b70ca2 4621 }
wolfSSL 0:1239e9b70ca2 4622
wolfSSL 0:1239e9b70ca2 4623 #endif /* NO_CYASSL_CLIENT */
wolfSSL 0:1239e9b70ca2 4624
wolfSSL 0:1239e9b70ca2 4625
wolfSSL 0:1239e9b70ca2 4626 /* server only parts */
wolfSSL 0:1239e9b70ca2 4627 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 4628
wolfSSL 0:1239e9b70ca2 4629 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 4630 CYASSL_METHOD* CyaSSLv3_server_method(void)
wolfSSL 0:1239e9b70ca2 4631 {
wolfSSL 0:1239e9b70ca2 4632 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4633 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4634 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4635 CYASSL_ENTER("SSLv3_server_method");
wolfSSL 0:1239e9b70ca2 4636 if (method) {
wolfSSL 0:1239e9b70ca2 4637 InitSSL_Method(method, MakeSSLv3());
wolfSSL 0:1239e9b70ca2 4638 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 4639 }
wolfSSL 0:1239e9b70ca2 4640 return method;
wolfSSL 0:1239e9b70ca2 4641 }
wolfSSL 0:1239e9b70ca2 4642 #endif
wolfSSL 0:1239e9b70ca2 4643
wolfSSL 0:1239e9b70ca2 4644
wolfSSL 0:1239e9b70ca2 4645 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4646 CYASSL_METHOD* CyaDTLSv1_server_method(void)
wolfSSL 0:1239e9b70ca2 4647 {
wolfSSL 0:1239e9b70ca2 4648 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4649 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4650 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4651 CYASSL_ENTER("DTLSv1_server_method");
wolfSSL 0:1239e9b70ca2 4652 if (method) {
wolfSSL 0:1239e9b70ca2 4653 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 0:1239e9b70ca2 4654 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 4655 }
wolfSSL 0:1239e9b70ca2 4656 return method;
wolfSSL 0:1239e9b70ca2 4657 }
wolfSSL 0:1239e9b70ca2 4658
wolfSSL 0:1239e9b70ca2 4659 CYASSL_METHOD* CyaDTLSv1_2_server_method(void)
wolfSSL 0:1239e9b70ca2 4660 {
wolfSSL 0:1239e9b70ca2 4661 CYASSL_METHOD* method =
wolfSSL 0:1239e9b70ca2 4662 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL 0:1239e9b70ca2 4663 DYNAMIC_TYPE_METHOD);
wolfSSL 0:1239e9b70ca2 4664 CYASSL_ENTER("DTLSv1_2_server_method");
wolfSSL 0:1239e9b70ca2 4665 if (method) {
wolfSSL 0:1239e9b70ca2 4666 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 0:1239e9b70ca2 4667 method->side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 4668 }
wolfSSL 0:1239e9b70ca2 4669 return method;
wolfSSL 0:1239e9b70ca2 4670 }
wolfSSL 0:1239e9b70ca2 4671 #endif
wolfSSL 0:1239e9b70ca2 4672
wolfSSL 0:1239e9b70ca2 4673
wolfSSL 0:1239e9b70ca2 4674 int CyaSSL_accept(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 4675 {
wolfSSL 0:1239e9b70ca2 4676 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 4677 CYASSL_ENTER("SSL_accept()");
wolfSSL 0:1239e9b70ca2 4678
wolfSSL 0:1239e9b70ca2 4679 #ifdef HAVE_ERRNO_H
wolfSSL 0:1239e9b70ca2 4680 errno = 0;
wolfSSL 0:1239e9b70ca2 4681 #endif
wolfSSL 0:1239e9b70ca2 4682
wolfSSL 0:1239e9b70ca2 4683 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 4684 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 4685 #endif
wolfSSL 0:1239e9b70ca2 4686 (void)havePSK;
wolfSSL 0:1239e9b70ca2 4687
wolfSSL 0:1239e9b70ca2 4688 if (ssl->options.side != CYASSL_SERVER_END) {
wolfSSL 0:1239e9b70ca2 4689 CYASSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 0:1239e9b70ca2 4690 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4691 }
wolfSSL 0:1239e9b70ca2 4692
wolfSSL 0:1239e9b70ca2 4693 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4694 /* in case used set_accept_state after init */
wolfSSL 0:1239e9b70ca2 4695 if (!havePSK && (ssl->buffers.certificate.buffer == NULL ||
wolfSSL 0:1239e9b70ca2 4696 ssl->buffers.key.buffer == NULL)) {
wolfSSL 0:1239e9b70ca2 4697 CYASSL_MSG("accept error: don't have server cert and key");
wolfSSL 0:1239e9b70ca2 4698 ssl->error = NO_PRIVATE_KEY;
wolfSSL 0:1239e9b70ca2 4699 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4700 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4701 }
wolfSSL 0:1239e9b70ca2 4702 #endif
wolfSSL 0:1239e9b70ca2 4703
wolfSSL 0:1239e9b70ca2 4704 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 4705 /* in case used set_accept_state after init */
wolfSSL 0:1239e9b70ca2 4706 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 0:1239e9b70ca2 4707 if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
wolfSSL 0:1239e9b70ca2 4708 ssl->eccTempKey) != 0) {
wolfSSL 0:1239e9b70ca2 4709 ssl->error = ECC_MAKEKEY_ERROR;
wolfSSL 0:1239e9b70ca2 4710 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4711 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4712 }
wolfSSL 0:1239e9b70ca2 4713 ssl->eccTempKeyPresent = 1;
wolfSSL 0:1239e9b70ca2 4714 }
wolfSSL 0:1239e9b70ca2 4715 #endif
wolfSSL 0:1239e9b70ca2 4716
wolfSSL 0:1239e9b70ca2 4717 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4718 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 0:1239e9b70ca2 4719 ssl->options.dtls = 1;
wolfSSL 0:1239e9b70ca2 4720 ssl->options.tls = 1;
wolfSSL 0:1239e9b70ca2 4721 ssl->options.tls1_1 = 1;
wolfSSL 0:1239e9b70ca2 4722
wolfSSL 0:1239e9b70ca2 4723 if (DtlsPoolInit(ssl) != 0) {
wolfSSL 0:1239e9b70ca2 4724 ssl->error = MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 4725 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4726 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4727 }
wolfSSL 0:1239e9b70ca2 4728 }
wolfSSL 0:1239e9b70ca2 4729 #endif
wolfSSL 0:1239e9b70ca2 4730
wolfSSL 0:1239e9b70ca2 4731 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 0:1239e9b70ca2 4732 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 0:1239e9b70ca2 4733 ssl->options.acceptState++;
wolfSSL 0:1239e9b70ca2 4734 CYASSL_MSG("accept state: Advanced from buffered send");
wolfSSL 0:1239e9b70ca2 4735 }
wolfSSL 0:1239e9b70ca2 4736 else {
wolfSSL 0:1239e9b70ca2 4737 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4738 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4739 }
wolfSSL 0:1239e9b70ca2 4740 }
wolfSSL 0:1239e9b70ca2 4741
wolfSSL 0:1239e9b70ca2 4742 switch (ssl->options.acceptState) {
wolfSSL 0:1239e9b70ca2 4743
wolfSSL 0:1239e9b70ca2 4744 case ACCEPT_BEGIN :
wolfSSL 0:1239e9b70ca2 4745 /* get response */
wolfSSL 0:1239e9b70ca2 4746 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL 0:1239e9b70ca2 4747 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4748 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4749 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4750 }
wolfSSL 0:1239e9b70ca2 4751 ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
wolfSSL 0:1239e9b70ca2 4752 CYASSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
wolfSSL 0:1239e9b70ca2 4753
wolfSSL 0:1239e9b70ca2 4754 case ACCEPT_CLIENT_HELLO_DONE :
wolfSSL 0:1239e9b70ca2 4755 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4756 if (ssl->options.dtls)
wolfSSL 0:1239e9b70ca2 4757 if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4758 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4759 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4760 }
wolfSSL 0:1239e9b70ca2 4761 #endif
wolfSSL 0:1239e9b70ca2 4762 ssl->options.acceptState = HELLO_VERIFY_SENT;
wolfSSL 0:1239e9b70ca2 4763 CYASSL_MSG("accept state HELLO_VERIFY_SENT");
wolfSSL 0:1239e9b70ca2 4764
wolfSSL 0:1239e9b70ca2 4765 case HELLO_VERIFY_SENT:
wolfSSL 0:1239e9b70ca2 4766 #ifdef CYASSL_DTLS
wolfSSL 0:1239e9b70ca2 4767 if (ssl->options.dtls) {
wolfSSL 0:1239e9b70ca2 4768 ssl->options.clientState = NULL_STATE; /* get again */
wolfSSL 0:1239e9b70ca2 4769 /* re-init hashes, exclude first hello and verify request */
wolfSSL 0:1239e9b70ca2 4770 #ifndef NO_OLD_TLS
wolfSSL 0:1239e9b70ca2 4771 InitMd5(&ssl->hashMd5);
wolfSSL 0:1239e9b70ca2 4772 if ( (ssl->error = InitSha(&ssl->hashSha)) != 0) {
wolfSSL 0:1239e9b70ca2 4773 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4774 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4775 }
wolfSSL 0:1239e9b70ca2 4776 #endif
wolfSSL 0:1239e9b70ca2 4777 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 0:1239e9b70ca2 4778 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 4779 if ( (ssl->error =
wolfSSL 0:1239e9b70ca2 4780 InitSha256(&ssl->hashSha256)) != 0) {
wolfSSL 0:1239e9b70ca2 4781 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4782 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4783 }
wolfSSL 0:1239e9b70ca2 4784 #endif
wolfSSL 0:1239e9b70ca2 4785 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 4786 if ( (ssl->error =
wolfSSL 0:1239e9b70ca2 4787 InitSha384(&ssl->hashSha384)) != 0) {
wolfSSL 0:1239e9b70ca2 4788 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4789 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4790 }
wolfSSL 0:1239e9b70ca2 4791 #endif
wolfSSL 0:1239e9b70ca2 4792 }
wolfSSL 0:1239e9b70ca2 4793
wolfSSL 0:1239e9b70ca2 4794 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL 0:1239e9b70ca2 4795 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4796 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4797 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4798 }
wolfSSL 0:1239e9b70ca2 4799 }
wolfSSL 0:1239e9b70ca2 4800 #endif
wolfSSL 0:1239e9b70ca2 4801 ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4802 CYASSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4803
wolfSSL 0:1239e9b70ca2 4804 case ACCEPT_FIRST_REPLY_DONE :
wolfSSL 0:1239e9b70ca2 4805 if ( (ssl->error = SendServerHello(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4806 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4807 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4808 }
wolfSSL 0:1239e9b70ca2 4809 ssl->options.acceptState = SERVER_HELLO_SENT;
wolfSSL 0:1239e9b70ca2 4810 CYASSL_MSG("accept state SERVER_HELLO_SENT");
wolfSSL 0:1239e9b70ca2 4811
wolfSSL 0:1239e9b70ca2 4812 case SERVER_HELLO_SENT :
wolfSSL 0:1239e9b70ca2 4813 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4814 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4815 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4816 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4817 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4818 }
wolfSSL 0:1239e9b70ca2 4819 #endif
wolfSSL 0:1239e9b70ca2 4820 ssl->options.acceptState = CERT_SENT;
wolfSSL 0:1239e9b70ca2 4821 CYASSL_MSG("accept state CERT_SENT");
wolfSSL 0:1239e9b70ca2 4822
wolfSSL 0:1239e9b70ca2 4823 case CERT_SENT :
wolfSSL 0:1239e9b70ca2 4824 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4825 if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4826 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4827 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4828 }
wolfSSL 0:1239e9b70ca2 4829 ssl->options.acceptState = KEY_EXCHANGE_SENT;
wolfSSL 0:1239e9b70ca2 4830 CYASSL_MSG("accept state KEY_EXCHANGE_SENT");
wolfSSL 0:1239e9b70ca2 4831
wolfSSL 0:1239e9b70ca2 4832 case KEY_EXCHANGE_SENT :
wolfSSL 0:1239e9b70ca2 4833 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 4834 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4835 if (ssl->options.verifyPeer)
wolfSSL 0:1239e9b70ca2 4836 if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4837 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4838 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4839 }
wolfSSL 0:1239e9b70ca2 4840 #endif
wolfSSL 0:1239e9b70ca2 4841 ssl->options.acceptState = CERT_REQ_SENT;
wolfSSL 0:1239e9b70ca2 4842 CYASSL_MSG("accept state CERT_REQ_SENT");
wolfSSL 0:1239e9b70ca2 4843
wolfSSL 0:1239e9b70ca2 4844 case CERT_REQ_SENT :
wolfSSL 0:1239e9b70ca2 4845 if (!ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4846 if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4847 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4848 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4849 }
wolfSSL 0:1239e9b70ca2 4850 ssl->options.acceptState = SERVER_HELLO_DONE;
wolfSSL 0:1239e9b70ca2 4851 CYASSL_MSG("accept state SERVER_HELLO_DONE");
wolfSSL 0:1239e9b70ca2 4852
wolfSSL 0:1239e9b70ca2 4853 case SERVER_HELLO_DONE :
wolfSSL 0:1239e9b70ca2 4854 if (!ssl->options.resuming) {
wolfSSL 0:1239e9b70ca2 4855 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4856 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4857 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4858 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4859 }
wolfSSL 0:1239e9b70ca2 4860 }
wolfSSL 0:1239e9b70ca2 4861 ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4862 CYASSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4863
wolfSSL 0:1239e9b70ca2 4864 case ACCEPT_SECOND_REPLY_DONE :
wolfSSL 0:1239e9b70ca2 4865 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4866 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4867 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4868 }
wolfSSL 0:1239e9b70ca2 4869 ssl->options.acceptState = CHANGE_CIPHER_SENT;
wolfSSL 0:1239e9b70ca2 4870 CYASSL_MSG("accept state CHANGE_CIPHER_SENT");
wolfSSL 0:1239e9b70ca2 4871
wolfSSL 0:1239e9b70ca2 4872 case CHANGE_CIPHER_SENT :
wolfSSL 0:1239e9b70ca2 4873 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 0:1239e9b70ca2 4874 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4875 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4876 }
wolfSSL 0:1239e9b70ca2 4877
wolfSSL 0:1239e9b70ca2 4878 ssl->options.acceptState = ACCEPT_FINISHED_DONE;
wolfSSL 0:1239e9b70ca2 4879 CYASSL_MSG("accept state ACCEPT_FINISHED_DONE");
wolfSSL 0:1239e9b70ca2 4880
wolfSSL 0:1239e9b70ca2 4881 case ACCEPT_FINISHED_DONE :
wolfSSL 0:1239e9b70ca2 4882 if (ssl->options.resuming)
wolfSSL 0:1239e9b70ca2 4883 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 0:1239e9b70ca2 4884 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 0:1239e9b70ca2 4885 CYASSL_ERROR(ssl->error);
wolfSSL 0:1239e9b70ca2 4886 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4887 }
wolfSSL 0:1239e9b70ca2 4888
wolfSSL 0:1239e9b70ca2 4889 ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
wolfSSL 0:1239e9b70ca2 4890 CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
wolfSSL 0:1239e9b70ca2 4891
wolfSSL 0:1239e9b70ca2 4892 case ACCEPT_THIRD_REPLY_DONE :
wolfSSL 0:1239e9b70ca2 4893 FreeHandshakeResources(ssl);
wolfSSL 0:1239e9b70ca2 4894 CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS);
wolfSSL 0:1239e9b70ca2 4895 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4896
wolfSSL 0:1239e9b70ca2 4897 default :
wolfSSL 0:1239e9b70ca2 4898 CYASSL_MSG("Unknown accept state ERROR");
wolfSSL 0:1239e9b70ca2 4899 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 4900 }
wolfSSL 0:1239e9b70ca2 4901 }
wolfSSL 0:1239e9b70ca2 4902
wolfSSL 0:1239e9b70ca2 4903 #endif /* NO_CYASSL_SERVER */
wolfSSL 0:1239e9b70ca2 4904
wolfSSL 0:1239e9b70ca2 4905
wolfSSL 0:1239e9b70ca2 4906 int CyaSSL_Cleanup(void)
wolfSSL 0:1239e9b70ca2 4907 {
wolfSSL 0:1239e9b70ca2 4908 int ret = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 4909 int release = 0;
wolfSSL 0:1239e9b70ca2 4910
wolfSSL 0:1239e9b70ca2 4911 CYASSL_ENTER("CyaSSL_Cleanup");
wolfSSL 0:1239e9b70ca2 4912
wolfSSL 0:1239e9b70ca2 4913 if (initRefCount == 0)
wolfSSL 0:1239e9b70ca2 4914 return ret; /* possibly no init yet, but not failure either way */
wolfSSL 0:1239e9b70ca2 4915
wolfSSL 0:1239e9b70ca2 4916 if (LockMutex(&count_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 4917 CYASSL_MSG("Bad Lock Mutex count");
wolfSSL 0:1239e9b70ca2 4918 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4919 }
wolfSSL 0:1239e9b70ca2 4920
wolfSSL 0:1239e9b70ca2 4921 release = initRefCount-- == 1;
wolfSSL 0:1239e9b70ca2 4922 if (initRefCount < 0)
wolfSSL 0:1239e9b70ca2 4923 initRefCount = 0;
wolfSSL 0:1239e9b70ca2 4924
wolfSSL 0:1239e9b70ca2 4925 UnLockMutex(&count_mutex);
wolfSSL 0:1239e9b70ca2 4926
wolfSSL 0:1239e9b70ca2 4927 if (!release)
wolfSSL 0:1239e9b70ca2 4928 return ret;
wolfSSL 0:1239e9b70ca2 4929
wolfSSL 0:1239e9b70ca2 4930 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 4931 if (FreeMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 4932 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4933 #endif
wolfSSL 0:1239e9b70ca2 4934 if (FreeMutex(&count_mutex) != 0)
wolfSSL 0:1239e9b70ca2 4935 ret = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 4936
wolfSSL 0:1239e9b70ca2 4937 #if defined(HAVE_ECC) && defined(FP_ECC)
wolfSSL 0:1239e9b70ca2 4938 ecc_fp_free();
wolfSSL 0:1239e9b70ca2 4939 #endif
wolfSSL 0:1239e9b70ca2 4940
wolfSSL 0:1239e9b70ca2 4941 return ret;
wolfSSL 0:1239e9b70ca2 4942 }
wolfSSL 0:1239e9b70ca2 4943
wolfSSL 0:1239e9b70ca2 4944
wolfSSL 0:1239e9b70ca2 4945 #ifndef NO_SESSION_CACHE
wolfSSL 0:1239e9b70ca2 4946
wolfSSL 0:1239e9b70ca2 4947 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 4948
wolfSSL 0:1239e9b70ca2 4949 /* some session IDs aren't random afterall, let's make them random */
wolfSSL 0:1239e9b70ca2 4950
wolfSSL 0:1239e9b70ca2 4951 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 0:1239e9b70ca2 4952 {
wolfSSL 0:1239e9b70ca2 4953 byte digest[MD5_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 4954 Md5 md5;
wolfSSL 0:1239e9b70ca2 4955
wolfSSL 0:1239e9b70ca2 4956 (void)error;
wolfSSL 0:1239e9b70ca2 4957
wolfSSL 0:1239e9b70ca2 4958 InitMd5(&md5);
wolfSSL 0:1239e9b70ca2 4959 Md5Update(&md5, sessionID, len);
wolfSSL 0:1239e9b70ca2 4960 Md5Final(&md5, digest);
wolfSSL 0:1239e9b70ca2 4961
wolfSSL 0:1239e9b70ca2 4962 return MakeWordFromHash(digest);
wolfSSL 0:1239e9b70ca2 4963 }
wolfSSL 0:1239e9b70ca2 4964
wolfSSL 0:1239e9b70ca2 4965 #elif !defined(NO_SHA)
wolfSSL 0:1239e9b70ca2 4966
wolfSSL 0:1239e9b70ca2 4967 /* 0 on failure */
wolfSSL 0:1239e9b70ca2 4968 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 0:1239e9b70ca2 4969 {
wolfSSL 0:1239e9b70ca2 4970 byte digest[SHA_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 4971 Sha sha;
wolfSSL 0:1239e9b70ca2 4972 int ret = 0;
wolfSSL 0:1239e9b70ca2 4973
wolfSSL 0:1239e9b70ca2 4974 ret = InitSha(&sha);
wolfSSL 0:1239e9b70ca2 4975 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 4976 *error = ret;
wolfSSL 0:1239e9b70ca2 4977 return 0;
wolfSSL 0:1239e9b70ca2 4978 }
wolfSSL 0:1239e9b70ca2 4979 ShaUpdate(&sha, sessionID, len);
wolfSSL 0:1239e9b70ca2 4980 ShaFinal(&sha, digest);
wolfSSL 0:1239e9b70ca2 4981
wolfSSL 0:1239e9b70ca2 4982 return MakeWordFromHash(digest);
wolfSSL 0:1239e9b70ca2 4983 }
wolfSSL 0:1239e9b70ca2 4984
wolfSSL 0:1239e9b70ca2 4985 #elif !defined(NO_SHA256)
wolfSSL 0:1239e9b70ca2 4986
wolfSSL 0:1239e9b70ca2 4987 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 0:1239e9b70ca2 4988 {
wolfSSL 0:1239e9b70ca2 4989 byte digest[SHA256_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 4990 Sha256 sha256;
wolfSSL 0:1239e9b70ca2 4991 int ret;
wolfSSL 0:1239e9b70ca2 4992
wolfSSL 0:1239e9b70ca2 4993 ret = InitSha256(&sha256);
wolfSSL 0:1239e9b70ca2 4994 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 4995 *error = ret;
wolfSSL 0:1239e9b70ca2 4996 return 0;
wolfSSL 0:1239e9b70ca2 4997 }
wolfSSL 0:1239e9b70ca2 4998
wolfSSL 0:1239e9b70ca2 4999 ret = Sha256Update(&sha256, sessionID, len);
wolfSSL 0:1239e9b70ca2 5000 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 5001 *error = ret;
wolfSSL 0:1239e9b70ca2 5002 return 0;
wolfSSL 0:1239e9b70ca2 5003 }
wolfSSL 0:1239e9b70ca2 5004
wolfSSL 0:1239e9b70ca2 5005 ret = Sha256Final(&sha256, digest);
wolfSSL 0:1239e9b70ca2 5006 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 5007 *error = ret;
wolfSSL 0:1239e9b70ca2 5008 return 0;
wolfSSL 0:1239e9b70ca2 5009 }
wolfSSL 0:1239e9b70ca2 5010
wolfSSL 0:1239e9b70ca2 5011 return MakeWordFromHash(digest);
wolfSSL 0:1239e9b70ca2 5012 }
wolfSSL 0:1239e9b70ca2 5013
wolfSSL 0:1239e9b70ca2 5014 #else
wolfSSL 0:1239e9b70ca2 5015
wolfSSL 0:1239e9b70ca2 5016 #error "We need a digest to hash the session IDs"
wolfSSL 0:1239e9b70ca2 5017
wolfSSL 0:1239e9b70ca2 5018 #endif /* NO_MD5 */
wolfSSL 0:1239e9b70ca2 5019
wolfSSL 0:1239e9b70ca2 5020
wolfSSL 0:1239e9b70ca2 5021 void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm)
wolfSSL 0:1239e9b70ca2 5022 {
wolfSSL 0:1239e9b70ca2 5023 /* static table now, no flusing needed */
wolfSSL 0:1239e9b70ca2 5024 (void)ctx;
wolfSSL 0:1239e9b70ca2 5025 (void)tm;
wolfSSL 0:1239e9b70ca2 5026 }
wolfSSL 0:1239e9b70ca2 5027
wolfSSL 0:1239e9b70ca2 5028
wolfSSL 0:1239e9b70ca2 5029 /* set ssl session timeout in seconds */
wolfSSL 0:1239e9b70ca2 5030 int CyaSSL_set_timeout(CYASSL* ssl, unsigned int to)
wolfSSL 0:1239e9b70ca2 5031 {
wolfSSL 0:1239e9b70ca2 5032 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 5033 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 5034
wolfSSL 0:1239e9b70ca2 5035 ssl->timeout = to;
wolfSSL 0:1239e9b70ca2 5036
wolfSSL 0:1239e9b70ca2 5037 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5038 }
wolfSSL 0:1239e9b70ca2 5039
wolfSSL 0:1239e9b70ca2 5040
wolfSSL 0:1239e9b70ca2 5041 /* set ctx session timeout in seconds */
wolfSSL 0:1239e9b70ca2 5042 int CyaSSL_CTX_set_timeout(CYASSL_CTX* ctx, unsigned int to)
wolfSSL 0:1239e9b70ca2 5043 {
wolfSSL 0:1239e9b70ca2 5044 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 5045 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 5046
wolfSSL 0:1239e9b70ca2 5047 ctx->timeout = to;
wolfSSL 0:1239e9b70ca2 5048
wolfSSL 0:1239e9b70ca2 5049 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5050 }
wolfSSL 0:1239e9b70ca2 5051
wolfSSL 0:1239e9b70ca2 5052
wolfSSL 0:1239e9b70ca2 5053 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 5054
wolfSSL 0:1239e9b70ca2 5055 /* Get Session from Client cache based on id/len, return NULL on failure */
wolfSSL 0:1239e9b70ca2 5056 CYASSL_SESSION* GetSessionClient(CYASSL* ssl, const byte* id, int len)
wolfSSL 0:1239e9b70ca2 5057 {
wolfSSL 0:1239e9b70ca2 5058 CYASSL_SESSION* ret = NULL;
wolfSSL 0:1239e9b70ca2 5059 word32 row;
wolfSSL 0:1239e9b70ca2 5060 int idx;
wolfSSL 0:1239e9b70ca2 5061 int count;
wolfSSL 0:1239e9b70ca2 5062 int error = 0;
wolfSSL 0:1239e9b70ca2 5063
wolfSSL 0:1239e9b70ca2 5064 CYASSL_ENTER("GetSessionClient");
wolfSSL 0:1239e9b70ca2 5065
wolfSSL 0:1239e9b70ca2 5066 if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 5067 return NULL;
wolfSSL 0:1239e9b70ca2 5068
wolfSSL 0:1239e9b70ca2 5069 len = min(SERVER_ID_LEN, (word32)len);
wolfSSL 0:1239e9b70ca2 5070 row = HashSession(id, len, &error) % SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5071 if (error != 0) {
wolfSSL 0:1239e9b70ca2 5072 CYASSL_MSG("Hash session failed");
wolfSSL 0:1239e9b70ca2 5073 return NULL;
wolfSSL 0:1239e9b70ca2 5074 }
wolfSSL 0:1239e9b70ca2 5075
wolfSSL 0:1239e9b70ca2 5076 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 5077 CYASSL_MSG("Lock session mutex failed");
wolfSSL 0:1239e9b70ca2 5078 return NULL;
wolfSSL 0:1239e9b70ca2 5079 }
wolfSSL 0:1239e9b70ca2 5080
wolfSSL 0:1239e9b70ca2 5081 /* start from most recently used */
wolfSSL 0:1239e9b70ca2 5082 count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 0:1239e9b70ca2 5083 idx = ClientCache[row].nextIdx - 1;
wolfSSL 0:1239e9b70ca2 5084 if (idx < 0)
wolfSSL 0:1239e9b70ca2 5085 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 0:1239e9b70ca2 5086
wolfSSL 0:1239e9b70ca2 5087 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 0:1239e9b70ca2 5088 CYASSL_SESSION* current;
wolfSSL 0:1239e9b70ca2 5089 ClientSession clSess;
wolfSSL 0:1239e9b70ca2 5090
wolfSSL 0:1239e9b70ca2 5091 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 0:1239e9b70ca2 5092 CYASSL_MSG("Bad idx");
wolfSSL 0:1239e9b70ca2 5093 break;
wolfSSL 0:1239e9b70ca2 5094 }
wolfSSL 0:1239e9b70ca2 5095
wolfSSL 0:1239e9b70ca2 5096 clSess = ClientCache[row].Clients[idx];
wolfSSL 0:1239e9b70ca2 5097
wolfSSL 0:1239e9b70ca2 5098 current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
wolfSSL 0:1239e9b70ca2 5099 if (XMEMCMP(current->serverID, id, len) == 0) {
wolfSSL 0:1239e9b70ca2 5100 CYASSL_MSG("Found a serverid match for client");
wolfSSL 0:1239e9b70ca2 5101 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 0:1239e9b70ca2 5102 CYASSL_MSG("Session valid");
wolfSSL 0:1239e9b70ca2 5103 ret = current;
wolfSSL 0:1239e9b70ca2 5104 break;
wolfSSL 0:1239e9b70ca2 5105 } else {
wolfSSL 0:1239e9b70ca2 5106 CYASSL_MSG("Session timed out"); /* could have more for id */
wolfSSL 0:1239e9b70ca2 5107 }
wolfSSL 0:1239e9b70ca2 5108 } else {
wolfSSL 0:1239e9b70ca2 5109 CYASSL_MSG("ServerID not a match from client table");
wolfSSL 0:1239e9b70ca2 5110 }
wolfSSL 0:1239e9b70ca2 5111 }
wolfSSL 0:1239e9b70ca2 5112
wolfSSL 0:1239e9b70ca2 5113 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 5114
wolfSSL 0:1239e9b70ca2 5115 return ret;
wolfSSL 0:1239e9b70ca2 5116 }
wolfSSL 0:1239e9b70ca2 5117
wolfSSL 0:1239e9b70ca2 5118 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 5119
wolfSSL 0:1239e9b70ca2 5120
wolfSSL 0:1239e9b70ca2 5121 CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
wolfSSL 0:1239e9b70ca2 5122 {
wolfSSL 0:1239e9b70ca2 5123 CYASSL_SESSION* ret = 0;
wolfSSL 0:1239e9b70ca2 5124 const byte* id = NULL;
wolfSSL 0:1239e9b70ca2 5125 word32 row;
wolfSSL 0:1239e9b70ca2 5126 int idx;
wolfSSL 0:1239e9b70ca2 5127 int count;
wolfSSL 0:1239e9b70ca2 5128 int error = 0;
wolfSSL 0:1239e9b70ca2 5129
wolfSSL 0:1239e9b70ca2 5130 if (ssl->options.sessionCacheOff)
wolfSSL 0:1239e9b70ca2 5131 return NULL;
wolfSSL 0:1239e9b70ca2 5132
wolfSSL 0:1239e9b70ca2 5133 if (ssl->options.haveSessionId == 0)
wolfSSL 0:1239e9b70ca2 5134 return NULL;
wolfSSL 0:1239e9b70ca2 5135
wolfSSL 0:1239e9b70ca2 5136 if (ssl->arrays)
wolfSSL 0:1239e9b70ca2 5137 id = ssl->arrays->sessionID;
wolfSSL 0:1239e9b70ca2 5138 else
wolfSSL 0:1239e9b70ca2 5139 id = ssl->session.sessionID;
wolfSSL 0:1239e9b70ca2 5140
wolfSSL 0:1239e9b70ca2 5141 row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5142 if (error != 0) {
wolfSSL 0:1239e9b70ca2 5143 CYASSL_MSG("Hash session failed");
wolfSSL 0:1239e9b70ca2 5144 return NULL;
wolfSSL 0:1239e9b70ca2 5145 }
wolfSSL 0:1239e9b70ca2 5146
wolfSSL 0:1239e9b70ca2 5147 if (LockMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 5148 return 0;
wolfSSL 0:1239e9b70ca2 5149
wolfSSL 0:1239e9b70ca2 5150 /* start from most recently used */
wolfSSL 0:1239e9b70ca2 5151 count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 0:1239e9b70ca2 5152 idx = SessionCache[row].nextIdx - 1;
wolfSSL 0:1239e9b70ca2 5153 if (idx < 0)
wolfSSL 0:1239e9b70ca2 5154 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 0:1239e9b70ca2 5155
wolfSSL 0:1239e9b70ca2 5156 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 0:1239e9b70ca2 5157 CYASSL_SESSION* current;
wolfSSL 0:1239e9b70ca2 5158
wolfSSL 0:1239e9b70ca2 5159 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 0:1239e9b70ca2 5160 CYASSL_MSG("Bad idx");
wolfSSL 0:1239e9b70ca2 5161 break;
wolfSSL 0:1239e9b70ca2 5162 }
wolfSSL 0:1239e9b70ca2 5163
wolfSSL 0:1239e9b70ca2 5164 current = &SessionCache[row].Sessions[idx];
wolfSSL 0:1239e9b70ca2 5165 if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
wolfSSL 0:1239e9b70ca2 5166 CYASSL_MSG("Found a session match");
wolfSSL 0:1239e9b70ca2 5167 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 0:1239e9b70ca2 5168 CYASSL_MSG("Session valid");
wolfSSL 0:1239e9b70ca2 5169 ret = current;
wolfSSL 0:1239e9b70ca2 5170 if (masterSecret)
wolfSSL 0:1239e9b70ca2 5171 XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
wolfSSL 0:1239e9b70ca2 5172 } else {
wolfSSL 0:1239e9b70ca2 5173 CYASSL_MSG("Session timed out");
wolfSSL 0:1239e9b70ca2 5174 }
wolfSSL 0:1239e9b70ca2 5175 break; /* no more sessionIDs whether valid or not that match */
wolfSSL 0:1239e9b70ca2 5176 } else {
wolfSSL 0:1239e9b70ca2 5177 CYASSL_MSG("SessionID not a match at this idx");
wolfSSL 0:1239e9b70ca2 5178 }
wolfSSL 0:1239e9b70ca2 5179 }
wolfSSL 0:1239e9b70ca2 5180
wolfSSL 0:1239e9b70ca2 5181 UnLockMutex(&session_mutex);
wolfSSL 0:1239e9b70ca2 5182
wolfSSL 0:1239e9b70ca2 5183 return ret;
wolfSSL 0:1239e9b70ca2 5184 }
wolfSSL 0:1239e9b70ca2 5185
wolfSSL 0:1239e9b70ca2 5186
wolfSSL 0:1239e9b70ca2 5187 int SetSession(CYASSL* ssl, CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 5188 {
wolfSSL 0:1239e9b70ca2 5189 if (ssl->options.sessionCacheOff)
wolfSSL 0:1239e9b70ca2 5190 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 5191
wolfSSL 0:1239e9b70ca2 5192 if (LowResTimer() < (session->bornOn + session->timeout)) {
wolfSSL 0:1239e9b70ca2 5193 ssl->session = *session;
wolfSSL 0:1239e9b70ca2 5194 ssl->options.resuming = 1;
wolfSSL 0:1239e9b70ca2 5195
wolfSSL 0:1239e9b70ca2 5196 #ifdef SESSION_CERTS
wolfSSL 0:1239e9b70ca2 5197 ssl->version = session->version;
wolfSSL 0:1239e9b70ca2 5198 ssl->options.cipherSuite0 = session->cipherSuite0;
wolfSSL 0:1239e9b70ca2 5199 ssl->options.cipherSuite = session->cipherSuite;
wolfSSL 0:1239e9b70ca2 5200 #endif
wolfSSL 0:1239e9b70ca2 5201
wolfSSL 0:1239e9b70ca2 5202 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5203 }
wolfSSL 0:1239e9b70ca2 5204 return SSL_FAILURE; /* session timed out */
wolfSSL 0:1239e9b70ca2 5205 }
wolfSSL 0:1239e9b70ca2 5206
wolfSSL 0:1239e9b70ca2 5207
wolfSSL 0:1239e9b70ca2 5208 int AddSession(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5209 {
wolfSSL 0:1239e9b70ca2 5210 word32 row, idx;
wolfSSL 0:1239e9b70ca2 5211 int error = 0;
wolfSSL 0:1239e9b70ca2 5212
wolfSSL 0:1239e9b70ca2 5213 if (ssl->options.sessionCacheOff)
wolfSSL 0:1239e9b70ca2 5214 return 0;
wolfSSL 0:1239e9b70ca2 5215
wolfSSL 0:1239e9b70ca2 5216 if (ssl->options.haveSessionId == 0)
wolfSSL 0:1239e9b70ca2 5217 return 0;
wolfSSL 0:1239e9b70ca2 5218
wolfSSL 0:1239e9b70ca2 5219 row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5220 if (error != 0) {
wolfSSL 0:1239e9b70ca2 5221 CYASSL_MSG("Hash session failed");
wolfSSL 0:1239e9b70ca2 5222 return error;
wolfSSL 0:1239e9b70ca2 5223 }
wolfSSL 0:1239e9b70ca2 5224
wolfSSL 0:1239e9b70ca2 5225 if (LockMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 5226 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 5227
wolfSSL 0:1239e9b70ca2 5228 idx = SessionCache[row].nextIdx++;
wolfSSL 0:1239e9b70ca2 5229 #ifdef SESSION_INDEX
wolfSSL 0:1239e9b70ca2 5230 ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
wolfSSL 0:1239e9b70ca2 5231 #endif
wolfSSL 0:1239e9b70ca2 5232
wolfSSL 0:1239e9b70ca2 5233 XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
wolfSSL 0:1239e9b70ca2 5234 ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 0:1239e9b70ca2 5235 XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
wolfSSL 0:1239e9b70ca2 5236 ID_LEN);
wolfSSL 0:1239e9b70ca2 5237
wolfSSL 0:1239e9b70ca2 5238 SessionCache[row].Sessions[idx].timeout = ssl->timeout;
wolfSSL 0:1239e9b70ca2 5239 SessionCache[row].Sessions[idx].bornOn = LowResTimer();
wolfSSL 0:1239e9b70ca2 5240
wolfSSL 0:1239e9b70ca2 5241 #ifdef SESSION_CERTS
wolfSSL 0:1239e9b70ca2 5242 SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
wolfSSL 0:1239e9b70ca2 5243 XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
wolfSSL 0:1239e9b70ca2 5244 ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
wolfSSL 0:1239e9b70ca2 5245
wolfSSL 0:1239e9b70ca2 5246 SessionCache[row].Sessions[idx].version = ssl->version;
wolfSSL 0:1239e9b70ca2 5247 SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
wolfSSL 0:1239e9b70ca2 5248 SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
wolfSSL 0:1239e9b70ca2 5249 #endif /* SESSION_CERTS */
wolfSSL 0:1239e9b70ca2 5250
wolfSSL 0:1239e9b70ca2 5251 SessionCache[row].totalCount++;
wolfSSL 0:1239e9b70ca2 5252 if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
wolfSSL 0:1239e9b70ca2 5253 SessionCache[row].nextIdx = 0;
wolfSSL 0:1239e9b70ca2 5254
wolfSSL 0:1239e9b70ca2 5255 #ifndef NO_CLIENT_CACHE
wolfSSL 0:1239e9b70ca2 5256 if (ssl->options.side == CYASSL_CLIENT_END && ssl->session.idLen) {
wolfSSL 0:1239e9b70ca2 5257 word32 clientRow, clientIdx;
wolfSSL 0:1239e9b70ca2 5258
wolfSSL 0:1239e9b70ca2 5259 CYASSL_MSG("Adding client cache entry");
wolfSSL 0:1239e9b70ca2 5260
wolfSSL 0:1239e9b70ca2 5261 SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
wolfSSL 0:1239e9b70ca2 5262 XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID,
wolfSSL 0:1239e9b70ca2 5263 ssl->session.idLen);
wolfSSL 0:1239e9b70ca2 5264
wolfSSL 0:1239e9b70ca2 5265 clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
wolfSSL 0:1239e9b70ca2 5266 &error) % SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5267 if (error != 0) {
wolfSSL 0:1239e9b70ca2 5268 CYASSL_MSG("Hash session failed");
wolfSSL 0:1239e9b70ca2 5269 return error;
wolfSSL 0:1239e9b70ca2 5270 }
wolfSSL 0:1239e9b70ca2 5271 clientIdx = ClientCache[clientRow].nextIdx++;
wolfSSL 0:1239e9b70ca2 5272
wolfSSL 0:1239e9b70ca2 5273 ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row;
wolfSSL 0:1239e9b70ca2 5274 ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx;
wolfSSL 0:1239e9b70ca2 5275
wolfSSL 0:1239e9b70ca2 5276 ClientCache[clientRow].totalCount++;
wolfSSL 0:1239e9b70ca2 5277 if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
wolfSSL 0:1239e9b70ca2 5278 ClientCache[clientRow].nextIdx = 0;
wolfSSL 0:1239e9b70ca2 5279 }
wolfSSL 0:1239e9b70ca2 5280 else
wolfSSL 0:1239e9b70ca2 5281 SessionCache[row].Sessions[idx].idLen = 0;
wolfSSL 0:1239e9b70ca2 5282 #endif /* NO_CLIENT_CACHE */
wolfSSL 0:1239e9b70ca2 5283
wolfSSL 0:1239e9b70ca2 5284 if (UnLockMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 5285 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 5286
wolfSSL 0:1239e9b70ca2 5287 return 0;
wolfSSL 0:1239e9b70ca2 5288 }
wolfSSL 0:1239e9b70ca2 5289
wolfSSL 0:1239e9b70ca2 5290
wolfSSL 0:1239e9b70ca2 5291 #ifdef SESSION_INDEX
wolfSSL 0:1239e9b70ca2 5292
wolfSSL 0:1239e9b70ca2 5293 int CyaSSL_GetSessionIndex(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5294 {
wolfSSL 0:1239e9b70ca2 5295 CYASSL_ENTER("CyaSSL_GetSessionIndex");
wolfSSL 0:1239e9b70ca2 5296 CYASSL_LEAVE("CyaSSL_GetSessionIndex", ssl->sessionIndex);
wolfSSL 0:1239e9b70ca2 5297 return ssl->sessionIndex;
wolfSSL 0:1239e9b70ca2 5298 }
wolfSSL 0:1239e9b70ca2 5299
wolfSSL 0:1239e9b70ca2 5300
wolfSSL 0:1239e9b70ca2 5301 int CyaSSL_GetSessionAtIndex(int idx, CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 5302 {
wolfSSL 0:1239e9b70ca2 5303 int row, col, result = SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 5304
wolfSSL 0:1239e9b70ca2 5305 CYASSL_ENTER("CyaSSL_GetSessionAtIndex");
wolfSSL 0:1239e9b70ca2 5306
wolfSSL 0:1239e9b70ca2 5307 row = idx >> SESSIDX_ROW_SHIFT;
wolfSSL 0:1239e9b70ca2 5308 col = idx & SESSIDX_IDX_MASK;
wolfSSL 0:1239e9b70ca2 5309
wolfSSL 0:1239e9b70ca2 5310 if (LockMutex(&session_mutex) != 0) {
wolfSSL 0:1239e9b70ca2 5311 return BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 5312 }
wolfSSL 0:1239e9b70ca2 5313
wolfSSL 0:1239e9b70ca2 5314 if (row < SESSION_ROWS &&
wolfSSL 0:1239e9b70ca2 5315 col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
wolfSSL 0:1239e9b70ca2 5316 XMEMCPY(session,
wolfSSL 0:1239e9b70ca2 5317 &SessionCache[row].Sessions[col], sizeof(CYASSL_SESSION));
wolfSSL 0:1239e9b70ca2 5318 result = SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5319 }
wolfSSL 0:1239e9b70ca2 5320
wolfSSL 0:1239e9b70ca2 5321 if (UnLockMutex(&session_mutex) != 0)
wolfSSL 0:1239e9b70ca2 5322 result = BAD_MUTEX_E;
wolfSSL 0:1239e9b70ca2 5323
wolfSSL 0:1239e9b70ca2 5324 CYASSL_LEAVE("CyaSSL_GetSessionAtIndex", result);
wolfSSL 0:1239e9b70ca2 5325 return result;
wolfSSL 0:1239e9b70ca2 5326 }
wolfSSL 0:1239e9b70ca2 5327
wolfSSL 0:1239e9b70ca2 5328 #endif /* SESSION_INDEX */
wolfSSL 0:1239e9b70ca2 5329
wolfSSL 0:1239e9b70ca2 5330 #if defined(SESSION_INDEX) && defined(SESSION_CERTS)
wolfSSL 0:1239e9b70ca2 5331
wolfSSL 0:1239e9b70ca2 5332 CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 5333 {
wolfSSL 0:1239e9b70ca2 5334 CYASSL_X509_CHAIN* chain = NULL;
wolfSSL 0:1239e9b70ca2 5335
wolfSSL 0:1239e9b70ca2 5336 CYASSL_ENTER("CyaSSL_SESSION_get_peer_chain");
wolfSSL 0:1239e9b70ca2 5337 if (session)
wolfSSL 0:1239e9b70ca2 5338 chain = &session->chain;
wolfSSL 0:1239e9b70ca2 5339
wolfSSL 0:1239e9b70ca2 5340 CYASSL_LEAVE("CyaSSL_SESSION_get_peer_chain", chain ? 1 : 0);
wolfSSL 0:1239e9b70ca2 5341 return chain;
wolfSSL 0:1239e9b70ca2 5342 }
wolfSSL 0:1239e9b70ca2 5343
wolfSSL 0:1239e9b70ca2 5344 #endif /* SESSION_INDEX && SESSION_CERTS */
wolfSSL 0:1239e9b70ca2 5345
wolfSSL 0:1239e9b70ca2 5346
wolfSSL 0:1239e9b70ca2 5347 #ifdef SESSION_STATS
wolfSSL 0:1239e9b70ca2 5348
wolfSSL 0:1239e9b70ca2 5349 CYASSL_API
wolfSSL 0:1239e9b70ca2 5350 void PrintSessionStats(void)
wolfSSL 0:1239e9b70ca2 5351 {
wolfSSL 0:1239e9b70ca2 5352 word32 totalSessionsSeen = 0;
wolfSSL 0:1239e9b70ca2 5353 word32 totalSessionsNow = 0;
wolfSSL 0:1239e9b70ca2 5354 word32 rowNow;
wolfSSL 0:1239e9b70ca2 5355 int i;
wolfSSL 0:1239e9b70ca2 5356 double E; /* expected freq */
wolfSSL 0:1239e9b70ca2 5357 double chiSquare = 0;
wolfSSL 0:1239e9b70ca2 5358
wolfSSL 0:1239e9b70ca2 5359 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 0:1239e9b70ca2 5360 totalSessionsSeen += SessionCache[i].totalCount;
wolfSSL 0:1239e9b70ca2 5361
wolfSSL 0:1239e9b70ca2 5362 if (SessionCache[i].totalCount >= SESSIONS_PER_ROW)
wolfSSL 0:1239e9b70ca2 5363 rowNow = SESSIONS_PER_ROW;
wolfSSL 0:1239e9b70ca2 5364 else if (SessionCache[i].nextIdx == 0)
wolfSSL 0:1239e9b70ca2 5365 rowNow = 0;
wolfSSL 0:1239e9b70ca2 5366 else
wolfSSL 0:1239e9b70ca2 5367 rowNow = SessionCache[i].nextIdx;
wolfSSL 0:1239e9b70ca2 5368
wolfSSL 0:1239e9b70ca2 5369 totalSessionsNow += rowNow;
wolfSSL 0:1239e9b70ca2 5370 }
wolfSSL 0:1239e9b70ca2 5371
wolfSSL 0:1239e9b70ca2 5372 printf("Total Sessions Seen = %d\n", totalSessionsSeen);
wolfSSL 0:1239e9b70ca2 5373 printf("Total Sessions Now = %d\n", totalSessionsNow);
wolfSSL 0:1239e9b70ca2 5374
wolfSSL 0:1239e9b70ca2 5375 E = (double)totalSessionsSeen / SESSION_ROWS;
wolfSSL 0:1239e9b70ca2 5376
wolfSSL 0:1239e9b70ca2 5377 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 0:1239e9b70ca2 5378 double diff = SessionCache[i].totalCount - E;
wolfSSL 0:1239e9b70ca2 5379 diff *= diff; /* square */
wolfSSL 0:1239e9b70ca2 5380 diff /= E; /* normalize */
wolfSSL 0:1239e9b70ca2 5381
wolfSSL 0:1239e9b70ca2 5382 chiSquare += diff;
wolfSSL 0:1239e9b70ca2 5383 }
wolfSSL 0:1239e9b70ca2 5384 printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
wolfSSL 0:1239e9b70ca2 5385 SESSION_ROWS - 1);
wolfSSL 0:1239e9b70ca2 5386 if (SESSION_ROWS == 11)
wolfSSL 0:1239e9b70ca2 5387 printf(" .05 p value = 18.3, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5388 else if (SESSION_ROWS == 211)
wolfSSL 0:1239e9b70ca2 5389 printf(".05 p value = 244.8, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5390 else if (SESSION_ROWS == 5981)
wolfSSL 0:1239e9b70ca2 5391 printf(".05 p value = 6161.0, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5392 else if (SESSION_ROWS == 3)
wolfSSL 0:1239e9b70ca2 5393 printf(".05 p value = 6.0, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5394 else if (SESSION_ROWS == 2861)
wolfSSL 0:1239e9b70ca2 5395 printf(".05 p value = 2985.5, chi-square should be less\n");
wolfSSL 0:1239e9b70ca2 5396 printf("\n");
wolfSSL 0:1239e9b70ca2 5397 }
wolfSSL 0:1239e9b70ca2 5398
wolfSSL 0:1239e9b70ca2 5399 #endif /* SESSION_STATS */
wolfSSL 0:1239e9b70ca2 5400
wolfSSL 0:1239e9b70ca2 5401 #else /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 5402
wolfSSL 0:1239e9b70ca2 5403 /* No session cache version */
wolfSSL 0:1239e9b70ca2 5404 CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
wolfSSL 0:1239e9b70ca2 5405 {
wolfSSL 0:1239e9b70ca2 5406 (void)ssl;
wolfSSL 0:1239e9b70ca2 5407 (void)masterSecret;
wolfSSL 0:1239e9b70ca2 5408
wolfSSL 0:1239e9b70ca2 5409 return NULL;
wolfSSL 0:1239e9b70ca2 5410 }
wolfSSL 0:1239e9b70ca2 5411
wolfSSL 0:1239e9b70ca2 5412 #endif /* NO_SESSION_CACHE */
wolfSSL 0:1239e9b70ca2 5413
wolfSSL 0:1239e9b70ca2 5414
wolfSSL 0:1239e9b70ca2 5415 /* call before SSL_connect, if verifying will add name check to
wolfSSL 0:1239e9b70ca2 5416 date check and signature check */
wolfSSL 0:1239e9b70ca2 5417 int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn)
wolfSSL 0:1239e9b70ca2 5418 {
wolfSSL 0:1239e9b70ca2 5419 CYASSL_ENTER("CyaSSL_check_domain_name");
wolfSSL 0:1239e9b70ca2 5420 if (ssl->buffers.domainName.buffer)
wolfSSL 0:1239e9b70ca2 5421 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 0:1239e9b70ca2 5422
wolfSSL 0:1239e9b70ca2 5423 ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;
wolfSSL 0:1239e9b70ca2 5424 ssl->buffers.domainName.buffer = (byte*) XMALLOC(
wolfSSL 0:1239e9b70ca2 5425 ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 0:1239e9b70ca2 5426
wolfSSL 0:1239e9b70ca2 5427 if (ssl->buffers.domainName.buffer) {
wolfSSL 0:1239e9b70ca2 5428 XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn,
wolfSSL 0:1239e9b70ca2 5429 ssl->buffers.domainName.length);
wolfSSL 0:1239e9b70ca2 5430 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5431 }
wolfSSL 0:1239e9b70ca2 5432 else {
wolfSSL 0:1239e9b70ca2 5433 ssl->error = MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 5434 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 5435 }
wolfSSL 0:1239e9b70ca2 5436 }
wolfSSL 0:1239e9b70ca2 5437
wolfSSL 0:1239e9b70ca2 5438
wolfSSL 0:1239e9b70ca2 5439 /* turn on CyaSSL zlib compression
wolfSSL 0:1239e9b70ca2 5440 returns SSL_SUCCESS for success, else error (not built in)
wolfSSL 0:1239e9b70ca2 5441 */
wolfSSL 0:1239e9b70ca2 5442 int CyaSSL_set_compression(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5443 {
wolfSSL 0:1239e9b70ca2 5444 CYASSL_ENTER("CyaSSL_set_compression");
wolfSSL 0:1239e9b70ca2 5445 (void)ssl;
wolfSSL 0:1239e9b70ca2 5446 #ifdef HAVE_LIBZ
wolfSSL 0:1239e9b70ca2 5447 ssl->options.usingCompression = 1;
wolfSSL 0:1239e9b70ca2 5448 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5449 #else
wolfSSL 0:1239e9b70ca2 5450 return NOT_COMPILED_IN;
wolfSSL 0:1239e9b70ca2 5451 #endif
wolfSSL 0:1239e9b70ca2 5452 }
wolfSSL 0:1239e9b70ca2 5453
wolfSSL 0:1239e9b70ca2 5454
wolfSSL 0:1239e9b70ca2 5455 #ifndef USE_WINDOWS_API
wolfSSL 0:1239e9b70ca2 5456 #ifndef NO_WRITEV
wolfSSL 0:1239e9b70ca2 5457
wolfSSL 0:1239e9b70ca2 5458 /* simulate writev semantics, doesn't actually do block at a time though
wolfSSL 0:1239e9b70ca2 5459 because of SSL_write behavior and because front adds may be small */
wolfSSL 0:1239e9b70ca2 5460 int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, int iovcnt)
wolfSSL 0:1239e9b70ca2 5461 {
wolfSSL 0:1239e9b70ca2 5462 byte tmp[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 5463 byte* myBuffer = tmp;
wolfSSL 0:1239e9b70ca2 5464 int sending = 0;
wolfSSL 0:1239e9b70ca2 5465 int newBuffer = 0;
wolfSSL 0:1239e9b70ca2 5466 int idx = 0;
wolfSSL 0:1239e9b70ca2 5467 int i;
wolfSSL 0:1239e9b70ca2 5468 int ret;
wolfSSL 0:1239e9b70ca2 5469
wolfSSL 0:1239e9b70ca2 5470 CYASSL_ENTER("CyaSSL_writev");
wolfSSL 0:1239e9b70ca2 5471
wolfSSL 0:1239e9b70ca2 5472 for (i = 0; i < iovcnt; i++)
wolfSSL 0:1239e9b70ca2 5473 sending += (int)iov[i].iov_len;
wolfSSL 0:1239e9b70ca2 5474
wolfSSL 0:1239e9b70ca2 5475 if (sending > (int)sizeof(tmp)) {
wolfSSL 0:1239e9b70ca2 5476 byte* tmp2 = (byte*) XMALLOC(sending, ssl->heap,
wolfSSL 0:1239e9b70ca2 5477 DYNAMIC_TYPE_WRITEV);
wolfSSL 0:1239e9b70ca2 5478 if (!tmp2)
wolfSSL 0:1239e9b70ca2 5479 return MEMORY_ERROR;
wolfSSL 0:1239e9b70ca2 5480 myBuffer = tmp2;
wolfSSL 0:1239e9b70ca2 5481 newBuffer = 1;
wolfSSL 0:1239e9b70ca2 5482 }
wolfSSL 0:1239e9b70ca2 5483
wolfSSL 0:1239e9b70ca2 5484 for (i = 0; i < iovcnt; i++) {
wolfSSL 0:1239e9b70ca2 5485 XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
wolfSSL 0:1239e9b70ca2 5486 idx += (int)iov[i].iov_len;
wolfSSL 0:1239e9b70ca2 5487 }
wolfSSL 0:1239e9b70ca2 5488
wolfSSL 0:1239e9b70ca2 5489 ret = CyaSSL_write(ssl, myBuffer, sending);
wolfSSL 0:1239e9b70ca2 5490
wolfSSL 0:1239e9b70ca2 5491 if (newBuffer) XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
wolfSSL 0:1239e9b70ca2 5492
wolfSSL 0:1239e9b70ca2 5493 return ret;
wolfSSL 0:1239e9b70ca2 5494 }
wolfSSL 0:1239e9b70ca2 5495 #endif
wolfSSL 0:1239e9b70ca2 5496 #endif
wolfSSL 0:1239e9b70ca2 5497
wolfSSL 0:1239e9b70ca2 5498
wolfSSL 0:1239e9b70ca2 5499 #ifdef CYASSL_CALLBACKS
wolfSSL 0:1239e9b70ca2 5500
wolfSSL 0:1239e9b70ca2 5501 typedef struct itimerval Itimerval;
wolfSSL 0:1239e9b70ca2 5502
wolfSSL 0:1239e9b70ca2 5503 /* don't keep calling simple functions while setting up timer and singals
wolfSSL 0:1239e9b70ca2 5504 if no inlining these are the next best */
wolfSSL 0:1239e9b70ca2 5505
wolfSSL 0:1239e9b70ca2 5506 #define AddTimes(a, b, c) \
wolfSSL 0:1239e9b70ca2 5507 do { \
wolfSSL 0:1239e9b70ca2 5508 c.tv_sec = a.tv_sec + b.tv_sec; \
wolfSSL 0:1239e9b70ca2 5509 c.tv_usec = a.tv_usec + b.tv_usec; \
wolfSSL 0:1239e9b70ca2 5510 if (c.tv_usec >= 1000000) { \
wolfSSL 0:1239e9b70ca2 5511 c.tv_sec++; \
wolfSSL 0:1239e9b70ca2 5512 c.tv_usec -= 1000000; \
wolfSSL 0:1239e9b70ca2 5513 } \
wolfSSL 0:1239e9b70ca2 5514 } while (0)
wolfSSL 0:1239e9b70ca2 5515
wolfSSL 0:1239e9b70ca2 5516
wolfSSL 0:1239e9b70ca2 5517 #define SubtractTimes(a, b, c) \
wolfSSL 0:1239e9b70ca2 5518 do { \
wolfSSL 0:1239e9b70ca2 5519 c.tv_sec = a.tv_sec - b.tv_sec; \
wolfSSL 0:1239e9b70ca2 5520 c.tv_usec = a.tv_usec - b.tv_usec; \
wolfSSL 0:1239e9b70ca2 5521 if (c.tv_usec < 0) { \
wolfSSL 0:1239e9b70ca2 5522 c.tv_sec--; \
wolfSSL 0:1239e9b70ca2 5523 c.tv_usec += 1000000; \
wolfSSL 0:1239e9b70ca2 5524 } \
wolfSSL 0:1239e9b70ca2 5525 } while (0)
wolfSSL 0:1239e9b70ca2 5526
wolfSSL 0:1239e9b70ca2 5527 #define CmpTimes(a, b, cmp) \
wolfSSL 0:1239e9b70ca2 5528 ((a.tv_sec == b.tv_sec) ? \
wolfSSL 0:1239e9b70ca2 5529 (a.tv_usec cmp b.tv_usec) : \
wolfSSL 0:1239e9b70ca2 5530 (a.tv_sec cmp b.tv_sec)) \
wolfSSL 0:1239e9b70ca2 5531
wolfSSL 0:1239e9b70ca2 5532
wolfSSL 0:1239e9b70ca2 5533 /* do nothing handler */
wolfSSL 0:1239e9b70ca2 5534 static void myHandler(int signo)
wolfSSL 0:1239e9b70ca2 5535 {
wolfSSL 0:1239e9b70ca2 5536 (void)signo;
wolfSSL 0:1239e9b70ca2 5537 return;
wolfSSL 0:1239e9b70ca2 5538 }
wolfSSL 0:1239e9b70ca2 5539
wolfSSL 0:1239e9b70ca2 5540
wolfSSL 0:1239e9b70ca2 5541 static int CyaSSL_ex_wrapper(CYASSL* ssl, HandShakeCallBack hsCb,
wolfSSL 0:1239e9b70ca2 5542 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 0:1239e9b70ca2 5543 {
wolfSSL 0:1239e9b70ca2 5544 int ret = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 5545 int oldTimerOn = 0; /* was timer already on */
wolfSSL 0:1239e9b70ca2 5546 Timeval startTime;
wolfSSL 0:1239e9b70ca2 5547 Timeval endTime;
wolfSSL 0:1239e9b70ca2 5548 Timeval totalTime;
wolfSSL 0:1239e9b70ca2 5549 Itimerval myTimeout;
wolfSSL 0:1239e9b70ca2 5550 Itimerval oldTimeout; /* if old timer adjust from total time to reset */
wolfSSL 0:1239e9b70ca2 5551 struct sigaction act, oact;
wolfSSL 0:1239e9b70ca2 5552
wolfSSL 0:1239e9b70ca2 5553 #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
wolfSSL 0:1239e9b70ca2 5554
wolfSSL 0:1239e9b70ca2 5555 if (hsCb) {
wolfSSL 0:1239e9b70ca2 5556 ssl->hsInfoOn = 1;
wolfSSL 0:1239e9b70ca2 5557 InitHandShakeInfo(&ssl->handShakeInfo);
wolfSSL 0:1239e9b70ca2 5558 }
wolfSSL 0:1239e9b70ca2 5559 if (toCb) {
wolfSSL 0:1239e9b70ca2 5560 ssl->toInfoOn = 1;
wolfSSL 0:1239e9b70ca2 5561 InitTimeoutInfo(&ssl->timeoutInfo);
wolfSSL 0:1239e9b70ca2 5562
wolfSSL 0:1239e9b70ca2 5563 if (gettimeofday(&startTime, 0) < 0)
wolfSSL 0:1239e9b70ca2 5564 ERR_OUT(GETTIME_ERROR);
wolfSSL 0:1239e9b70ca2 5565
wolfSSL 0:1239e9b70ca2 5566 /* use setitimer to simulate getitimer, init 0 myTimeout */
wolfSSL 0:1239e9b70ca2 5567 myTimeout.it_interval.tv_sec = 0;
wolfSSL 0:1239e9b70ca2 5568 myTimeout.it_interval.tv_usec = 0;
wolfSSL 0:1239e9b70ca2 5569 myTimeout.it_value.tv_sec = 0;
wolfSSL 0:1239e9b70ca2 5570 myTimeout.it_value.tv_usec = 0;
wolfSSL 0:1239e9b70ca2 5571 if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
wolfSSL 0:1239e9b70ca2 5572 ERR_OUT(SETITIMER_ERROR);
wolfSSL 0:1239e9b70ca2 5573
wolfSSL 0:1239e9b70ca2 5574 if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) {
wolfSSL 0:1239e9b70ca2 5575 oldTimerOn = 1;
wolfSSL 0:1239e9b70ca2 5576
wolfSSL 0:1239e9b70ca2 5577 /* is old timer going to expire before ours */
wolfSSL 0:1239e9b70ca2 5578 if (CmpTimes(oldTimeout.it_value, timeout, <)) {
wolfSSL 0:1239e9b70ca2 5579 timeout.tv_sec = oldTimeout.it_value.tv_sec;
wolfSSL 0:1239e9b70ca2 5580 timeout.tv_usec = oldTimeout.it_value.tv_usec;
wolfSSL 0:1239e9b70ca2 5581 }
wolfSSL 0:1239e9b70ca2 5582 }
wolfSSL 0:1239e9b70ca2 5583 myTimeout.it_value.tv_sec = timeout.tv_sec;
wolfSSL 0:1239e9b70ca2 5584 myTimeout.it_value.tv_usec = timeout.tv_usec;
wolfSSL 0:1239e9b70ca2 5585
wolfSSL 0:1239e9b70ca2 5586 /* set up signal handler, don't restart socket send/recv */
wolfSSL 0:1239e9b70ca2 5587 act.sa_handler = myHandler;
wolfSSL 0:1239e9b70ca2 5588 sigemptyset(&act.sa_mask);
wolfSSL 0:1239e9b70ca2 5589 act.sa_flags = 0;
wolfSSL 0:1239e9b70ca2 5590 #ifdef SA_INTERRUPT
wolfSSL 0:1239e9b70ca2 5591 act.sa_flags |= SA_INTERRUPT;
wolfSSL 0:1239e9b70ca2 5592 #endif
wolfSSL 0:1239e9b70ca2 5593 if (sigaction(SIGALRM, &act, &oact) < 0)
wolfSSL 0:1239e9b70ca2 5594 ERR_OUT(SIGACT_ERROR);
wolfSSL 0:1239e9b70ca2 5595
wolfSSL 0:1239e9b70ca2 5596 if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
wolfSSL 0:1239e9b70ca2 5597 ERR_OUT(SETITIMER_ERROR);
wolfSSL 0:1239e9b70ca2 5598 }
wolfSSL 0:1239e9b70ca2 5599
wolfSSL 0:1239e9b70ca2 5600 /* do main work */
wolfSSL 0:1239e9b70ca2 5601 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 5602 if (ssl->options.side == CYASSL_CLIENT_END)
wolfSSL 0:1239e9b70ca2 5603 ret = CyaSSL_connect(ssl);
wolfSSL 0:1239e9b70ca2 5604 #endif
wolfSSL 0:1239e9b70ca2 5605 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 5606 if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 5607 ret = CyaSSL_accept(ssl);
wolfSSL 0:1239e9b70ca2 5608 #endif
wolfSSL 0:1239e9b70ca2 5609
wolfSSL 0:1239e9b70ca2 5610 /* do callbacks */
wolfSSL 0:1239e9b70ca2 5611 if (toCb) {
wolfSSL 0:1239e9b70ca2 5612 if (oldTimerOn) {
wolfSSL 0:1239e9b70ca2 5613 gettimeofday(&endTime, 0);
wolfSSL 0:1239e9b70ca2 5614 SubtractTimes(endTime, startTime, totalTime);
wolfSSL 0:1239e9b70ca2 5615 /* adjust old timer for elapsed time */
wolfSSL 0:1239e9b70ca2 5616 if (CmpTimes(totalTime, oldTimeout.it_value, <))
wolfSSL 0:1239e9b70ca2 5617 SubtractTimes(oldTimeout.it_value, totalTime,
wolfSSL 0:1239e9b70ca2 5618 oldTimeout.it_value);
wolfSSL 0:1239e9b70ca2 5619 else {
wolfSSL 0:1239e9b70ca2 5620 /* reset value to interval, may be off */
wolfSSL 0:1239e9b70ca2 5621 oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
wolfSSL 0:1239e9b70ca2 5622 oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
wolfSSL 0:1239e9b70ca2 5623 }
wolfSSL 0:1239e9b70ca2 5624 /* keep iter the same whether there or not */
wolfSSL 0:1239e9b70ca2 5625 }
wolfSSL 0:1239e9b70ca2 5626 /* restore old handler */
wolfSSL 0:1239e9b70ca2 5627 if (sigaction(SIGALRM, &oact, 0) < 0)
wolfSSL 0:1239e9b70ca2 5628 ret = SIGACT_ERROR; /* more pressing error, stomp */
wolfSSL 0:1239e9b70ca2 5629 else
wolfSSL 0:1239e9b70ca2 5630 /* use old settings which may turn off (expired or not there) */
wolfSSL 0:1239e9b70ca2 5631 if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
wolfSSL 0:1239e9b70ca2 5632 ret = SETITIMER_ERROR;
wolfSSL 0:1239e9b70ca2 5633
wolfSSL 0:1239e9b70ca2 5634 /* if we had a timeout call callback */
wolfSSL 0:1239e9b70ca2 5635 if (ssl->timeoutInfo.timeoutName[0]) {
wolfSSL 0:1239e9b70ca2 5636 ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
wolfSSL 0:1239e9b70ca2 5637 ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
wolfSSL 0:1239e9b70ca2 5638 (toCb)(&ssl->timeoutInfo);
wolfSSL 0:1239e9b70ca2 5639 }
wolfSSL 0:1239e9b70ca2 5640 /* clean up */
wolfSSL 0:1239e9b70ca2 5641 FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
wolfSSL 0:1239e9b70ca2 5642 ssl->toInfoOn = 0;
wolfSSL 0:1239e9b70ca2 5643 }
wolfSSL 0:1239e9b70ca2 5644 if (hsCb) {
wolfSSL 0:1239e9b70ca2 5645 FinishHandShakeInfo(&ssl->handShakeInfo, ssl);
wolfSSL 0:1239e9b70ca2 5646 (hsCb)(&ssl->handShakeInfo);
wolfSSL 0:1239e9b70ca2 5647 ssl->hsInfoOn = 0;
wolfSSL 0:1239e9b70ca2 5648 }
wolfSSL 0:1239e9b70ca2 5649 return ret;
wolfSSL 0:1239e9b70ca2 5650 }
wolfSSL 0:1239e9b70ca2 5651
wolfSSL 0:1239e9b70ca2 5652
wolfSSL 0:1239e9b70ca2 5653 #ifndef NO_CYASSL_CLIENT
wolfSSL 0:1239e9b70ca2 5654
wolfSSL 0:1239e9b70ca2 5655 int CyaSSL_connect_ex(CYASSL* ssl, HandShakeCallBack hsCb,
wolfSSL 0:1239e9b70ca2 5656 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 0:1239e9b70ca2 5657 {
wolfSSL 0:1239e9b70ca2 5658 CYASSL_ENTER("CyaSSL_connect_ex");
wolfSSL 0:1239e9b70ca2 5659 return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 0:1239e9b70ca2 5660 }
wolfSSL 0:1239e9b70ca2 5661
wolfSSL 0:1239e9b70ca2 5662 #endif
wolfSSL 0:1239e9b70ca2 5663
wolfSSL 0:1239e9b70ca2 5664
wolfSSL 0:1239e9b70ca2 5665 #ifndef NO_CYASSL_SERVER
wolfSSL 0:1239e9b70ca2 5666
wolfSSL 0:1239e9b70ca2 5667 int CyaSSL_accept_ex(CYASSL* ssl, HandShakeCallBack hsCb,
wolfSSL 0:1239e9b70ca2 5668 TimeoutCallBack toCb,Timeval timeout)
wolfSSL 0:1239e9b70ca2 5669 {
wolfSSL 0:1239e9b70ca2 5670 CYASSL_ENTER("CyaSSL_accept_ex");
wolfSSL 0:1239e9b70ca2 5671 return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 0:1239e9b70ca2 5672 }
wolfSSL 0:1239e9b70ca2 5673
wolfSSL 0:1239e9b70ca2 5674 #endif
wolfSSL 0:1239e9b70ca2 5675
wolfSSL 0:1239e9b70ca2 5676 #endif /* CYASSL_CALLBACKS */
wolfSSL 0:1239e9b70ca2 5677
wolfSSL 0:1239e9b70ca2 5678
wolfSSL 0:1239e9b70ca2 5679 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 5680
wolfSSL 0:1239e9b70ca2 5681 void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5682 psk_client_callback cb)
wolfSSL 0:1239e9b70ca2 5683 {
wolfSSL 0:1239e9b70ca2 5684 CYASSL_ENTER("SSL_CTX_set_psk_client_callback");
wolfSSL 0:1239e9b70ca2 5685 ctx->havePSK = 1;
wolfSSL 0:1239e9b70ca2 5686 ctx->client_psk_cb = cb;
wolfSSL 0:1239e9b70ca2 5687 }
wolfSSL 0:1239e9b70ca2 5688
wolfSSL 0:1239e9b70ca2 5689
wolfSSL 0:1239e9b70ca2 5690 void CyaSSL_set_psk_client_callback(CYASSL* ssl, psk_client_callback cb)
wolfSSL 0:1239e9b70ca2 5691 {
wolfSSL 0:1239e9b70ca2 5692 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 5693
wolfSSL 0:1239e9b70ca2 5694 CYASSL_ENTER("SSL_set_psk_client_callback");
wolfSSL 0:1239e9b70ca2 5695 ssl->options.havePSK = 1;
wolfSSL 0:1239e9b70ca2 5696 ssl->options.client_psk_cb = cb;
wolfSSL 0:1239e9b70ca2 5697
wolfSSL 0:1239e9b70ca2 5698 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 5699 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 5700 #endif
wolfSSL 0:1239e9b70ca2 5701 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 0:1239e9b70ca2 5702 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:1239e9b70ca2 5703 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:1239e9b70ca2 5704 ssl->options.side);
wolfSSL 0:1239e9b70ca2 5705 }
wolfSSL 0:1239e9b70ca2 5706
wolfSSL 0:1239e9b70ca2 5707
wolfSSL 0:1239e9b70ca2 5708 void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5709 psk_server_callback cb)
wolfSSL 0:1239e9b70ca2 5710 {
wolfSSL 0:1239e9b70ca2 5711 CYASSL_ENTER("SSL_CTX_set_psk_server_callback");
wolfSSL 0:1239e9b70ca2 5712 ctx->havePSK = 1;
wolfSSL 0:1239e9b70ca2 5713 ctx->server_psk_cb = cb;
wolfSSL 0:1239e9b70ca2 5714 }
wolfSSL 0:1239e9b70ca2 5715
wolfSSL 0:1239e9b70ca2 5716
wolfSSL 0:1239e9b70ca2 5717 void CyaSSL_set_psk_server_callback(CYASSL* ssl, psk_server_callback cb)
wolfSSL 0:1239e9b70ca2 5718 {
wolfSSL 0:1239e9b70ca2 5719 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 5720
wolfSSL 0:1239e9b70ca2 5721 CYASSL_ENTER("SSL_set_psk_server_callback");
wolfSSL 0:1239e9b70ca2 5722 ssl->options.havePSK = 1;
wolfSSL 0:1239e9b70ca2 5723 ssl->options.server_psk_cb = cb;
wolfSSL 0:1239e9b70ca2 5724
wolfSSL 0:1239e9b70ca2 5725 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 5726 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 5727 #endif
wolfSSL 0:1239e9b70ca2 5728 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 0:1239e9b70ca2 5729 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:1239e9b70ca2 5730 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:1239e9b70ca2 5731 ssl->options.side);
wolfSSL 0:1239e9b70ca2 5732 }
wolfSSL 0:1239e9b70ca2 5733
wolfSSL 0:1239e9b70ca2 5734
wolfSSL 0:1239e9b70ca2 5735 const char* CyaSSL_get_psk_identity_hint(const CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5736 {
wolfSSL 0:1239e9b70ca2 5737 CYASSL_ENTER("SSL_get_psk_identity_hint");
wolfSSL 0:1239e9b70ca2 5738
wolfSSL 0:1239e9b70ca2 5739 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:1239e9b70ca2 5740 return NULL;
wolfSSL 0:1239e9b70ca2 5741
wolfSSL 0:1239e9b70ca2 5742 return ssl->arrays->server_hint;
wolfSSL 0:1239e9b70ca2 5743 }
wolfSSL 0:1239e9b70ca2 5744
wolfSSL 0:1239e9b70ca2 5745
wolfSSL 0:1239e9b70ca2 5746 const char* CyaSSL_get_psk_identity(const CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5747 {
wolfSSL 0:1239e9b70ca2 5748 CYASSL_ENTER("SSL_get_psk_identity");
wolfSSL 0:1239e9b70ca2 5749
wolfSSL 0:1239e9b70ca2 5750 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:1239e9b70ca2 5751 return NULL;
wolfSSL 0:1239e9b70ca2 5752
wolfSSL 0:1239e9b70ca2 5753 return ssl->arrays->client_identity;
wolfSSL 0:1239e9b70ca2 5754 }
wolfSSL 0:1239e9b70ca2 5755
wolfSSL 0:1239e9b70ca2 5756
wolfSSL 0:1239e9b70ca2 5757 int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX* ctx, const char* hint)
wolfSSL 0:1239e9b70ca2 5758 {
wolfSSL 0:1239e9b70ca2 5759 CYASSL_ENTER("SSL_CTX_use_psk_identity_hint");
wolfSSL 0:1239e9b70ca2 5760 if (hint == 0)
wolfSSL 0:1239e9b70ca2 5761 ctx->server_hint[0] = 0;
wolfSSL 0:1239e9b70ca2 5762 else {
wolfSSL 0:1239e9b70ca2 5763 XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL 0:1239e9b70ca2 5764 ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL 0:1239e9b70ca2 5765 }
wolfSSL 0:1239e9b70ca2 5766 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5767 }
wolfSSL 0:1239e9b70ca2 5768
wolfSSL 0:1239e9b70ca2 5769
wolfSSL 0:1239e9b70ca2 5770 int CyaSSL_use_psk_identity_hint(CYASSL* ssl, const char* hint)
wolfSSL 0:1239e9b70ca2 5771 {
wolfSSL 0:1239e9b70ca2 5772 CYASSL_ENTER("SSL_use_psk_identity_hint");
wolfSSL 0:1239e9b70ca2 5773
wolfSSL 0:1239e9b70ca2 5774 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:1239e9b70ca2 5775 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 5776
wolfSSL 0:1239e9b70ca2 5777 if (hint == 0)
wolfSSL 0:1239e9b70ca2 5778 ssl->arrays->server_hint[0] = 0;
wolfSSL 0:1239e9b70ca2 5779 else {
wolfSSL 0:1239e9b70ca2 5780 XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL 0:1239e9b70ca2 5781 ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL 0:1239e9b70ca2 5782 }
wolfSSL 0:1239e9b70ca2 5783 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5784 }
wolfSSL 0:1239e9b70ca2 5785
wolfSSL 0:1239e9b70ca2 5786 #endif /* NO_PSK */
wolfSSL 0:1239e9b70ca2 5787
wolfSSL 0:1239e9b70ca2 5788
wolfSSL 0:1239e9b70ca2 5789 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 5790 /* used to be defined on NO_FILESYSTEM only, but are generally useful */
wolfSSL 0:1239e9b70ca2 5791
wolfSSL 0:1239e9b70ca2 5792 /* CyaSSL extension allows DER files to be loaded from buffers as well */
wolfSSL 0:1239e9b70ca2 5793 int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX* ctx, const unsigned char* in,
wolfSSL 0:1239e9b70ca2 5794 long sz, int format)
wolfSSL 0:1239e9b70ca2 5795 {
wolfSSL 0:1239e9b70ca2 5796 CYASSL_ENTER("CyaSSL_CTX_load_verify_buffer");
wolfSSL 0:1239e9b70ca2 5797 if (format == SSL_FILETYPE_PEM)
wolfSSL 0:1239e9b70ca2 5798 return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
wolfSSL 0:1239e9b70ca2 5799 else
wolfSSL 0:1239e9b70ca2 5800 return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0);
wolfSSL 0:1239e9b70ca2 5801 }
wolfSSL 0:1239e9b70ca2 5802
wolfSSL 0:1239e9b70ca2 5803
wolfSSL 0:1239e9b70ca2 5804 int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5805 const unsigned char* in, long sz, int format)
wolfSSL 0:1239e9b70ca2 5806 {
wolfSSL 0:1239e9b70ca2 5807 CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer");
wolfSSL 0:1239e9b70ca2 5808 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0);
wolfSSL 0:1239e9b70ca2 5809 }
wolfSSL 0:1239e9b70ca2 5810
wolfSSL 0:1239e9b70ca2 5811
wolfSSL 0:1239e9b70ca2 5812 int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5813 const unsigned char* in, long sz, int format)
wolfSSL 0:1239e9b70ca2 5814 {
wolfSSL 0:1239e9b70ca2 5815 CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer");
wolfSSL 0:1239e9b70ca2 5816 return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0);
wolfSSL 0:1239e9b70ca2 5817 }
wolfSSL 0:1239e9b70ca2 5818
wolfSSL 0:1239e9b70ca2 5819
wolfSSL 0:1239e9b70ca2 5820 int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5821 const unsigned char* in, long sz)
wolfSSL 0:1239e9b70ca2 5822 {
wolfSSL 0:1239e9b70ca2 5823 CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer");
wolfSSL 0:1239e9b70ca2 5824 return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL,
wolfSSL 0:1239e9b70ca2 5825 NULL, 1);
wolfSSL 0:1239e9b70ca2 5826 }
wolfSSL 0:1239e9b70ca2 5827
wolfSSL 0:1239e9b70ca2 5828 int CyaSSL_use_certificate_buffer(CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 5829 const unsigned char* in, long sz, int format)
wolfSSL 0:1239e9b70ca2 5830 {
wolfSSL 0:1239e9b70ca2 5831 CYASSL_ENTER("CyaSSL_use_certificate_buffer");
wolfSSL 0:1239e9b70ca2 5832 return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0);
wolfSSL 0:1239e9b70ca2 5833 }
wolfSSL 0:1239e9b70ca2 5834
wolfSSL 0:1239e9b70ca2 5835
wolfSSL 0:1239e9b70ca2 5836 int CyaSSL_use_PrivateKey_buffer(CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 5837 const unsigned char* in, long sz, int format)
wolfSSL 0:1239e9b70ca2 5838 {
wolfSSL 0:1239e9b70ca2 5839 CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer");
wolfSSL 0:1239e9b70ca2 5840 return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
wolfSSL 0:1239e9b70ca2 5841 ssl, NULL, 0);
wolfSSL 0:1239e9b70ca2 5842 }
wolfSSL 0:1239e9b70ca2 5843
wolfSSL 0:1239e9b70ca2 5844
wolfSSL 0:1239e9b70ca2 5845 int CyaSSL_use_certificate_chain_buffer(CYASSL* ssl,
wolfSSL 0:1239e9b70ca2 5846 const unsigned char* in, long sz)
wolfSSL 0:1239e9b70ca2 5847 {
wolfSSL 0:1239e9b70ca2 5848 CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer");
wolfSSL 0:1239e9b70ca2 5849 return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE,
wolfSSL 0:1239e9b70ca2 5850 ssl, NULL, 1);
wolfSSL 0:1239e9b70ca2 5851 }
wolfSSL 0:1239e9b70ca2 5852
wolfSSL 0:1239e9b70ca2 5853
wolfSSL 0:1239e9b70ca2 5854 /* unload any certs or keys that SSL owns, leave CTX as is
wolfSSL 0:1239e9b70ca2 5855 SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 5856 int CyaSSL_UnloadCertsKeys(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5857 {
wolfSSL 0:1239e9b70ca2 5858 if (ssl == NULL) {
wolfSSL 0:1239e9b70ca2 5859 CYASSL_MSG("Null function arg");
wolfSSL 0:1239e9b70ca2 5860 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 5861 }
wolfSSL 0:1239e9b70ca2 5862
wolfSSL 0:1239e9b70ca2 5863 if (ssl->buffers.weOwnCert) {
wolfSSL 0:1239e9b70ca2 5864 CYASSL_MSG("Unloading cert");
wolfSSL 0:1239e9b70ca2 5865 XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 5866 ssl->buffers.weOwnCert = 0;
wolfSSL 0:1239e9b70ca2 5867 ssl->buffers.certificate.length = 0;
wolfSSL 0:1239e9b70ca2 5868 ssl->buffers.certificate.buffer = NULL;
wolfSSL 0:1239e9b70ca2 5869 }
wolfSSL 0:1239e9b70ca2 5870
wolfSSL 0:1239e9b70ca2 5871 if (ssl->buffers.weOwnKey) {
wolfSSL 0:1239e9b70ca2 5872 CYASSL_MSG("Unloading key");
wolfSSL 0:1239e9b70ca2 5873 XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
wolfSSL 0:1239e9b70ca2 5874 ssl->buffers.weOwnKey = 0;
wolfSSL 0:1239e9b70ca2 5875 ssl->buffers.key.length = 0;
wolfSSL 0:1239e9b70ca2 5876 ssl->buffers.key.buffer = NULL;
wolfSSL 0:1239e9b70ca2 5877 }
wolfSSL 0:1239e9b70ca2 5878
wolfSSL 0:1239e9b70ca2 5879 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5880 }
wolfSSL 0:1239e9b70ca2 5881
wolfSSL 0:1239e9b70ca2 5882
wolfSSL 0:1239e9b70ca2 5883 int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 5884 {
wolfSSL 0:1239e9b70ca2 5885 CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");
wolfSSL 0:1239e9b70ca2 5886
wolfSSL 0:1239e9b70ca2 5887 if (ctx == NULL)
wolfSSL 0:1239e9b70ca2 5888 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 5889
wolfSSL 0:1239e9b70ca2 5890 return CyaSSL_CertManagerUnloadCAs(ctx->cm);
wolfSSL 0:1239e9b70ca2 5891 }
wolfSSL 0:1239e9b70ca2 5892
wolfSSL 0:1239e9b70ca2 5893 /* old NO_FILESYSTEM end */
wolfSSL 0:1239e9b70ca2 5894 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 5895
wolfSSL 0:1239e9b70ca2 5896
wolfSSL 0:1239e9b70ca2 5897 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 0:1239e9b70ca2 5898
wolfSSL 0:1239e9b70ca2 5899
wolfSSL 0:1239e9b70ca2 5900 int CyaSSL_add_all_algorithms(void)
wolfSSL 0:1239e9b70ca2 5901 {
wolfSSL 0:1239e9b70ca2 5902 CYASSL_ENTER("CyaSSL_add_all_algorithms");
wolfSSL 0:1239e9b70ca2 5903 CyaSSL_Init();
wolfSSL 0:1239e9b70ca2 5904 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5905 }
wolfSSL 0:1239e9b70ca2 5906
wolfSSL 0:1239e9b70ca2 5907
wolfSSL 0:1239e9b70ca2 5908 long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX* ctx, long sz)
wolfSSL 0:1239e9b70ca2 5909 {
wolfSSL 0:1239e9b70ca2 5910 /* cache size fixed at compile time in CyaSSL */
wolfSSL 0:1239e9b70ca2 5911 (void)ctx;
wolfSSL 0:1239e9b70ca2 5912 (void)sz;
wolfSSL 0:1239e9b70ca2 5913 return 0;
wolfSSL 0:1239e9b70ca2 5914 }
wolfSSL 0:1239e9b70ca2 5915
wolfSSL 0:1239e9b70ca2 5916
wolfSSL 0:1239e9b70ca2 5917 void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode)
wolfSSL 0:1239e9b70ca2 5918 {
wolfSSL 0:1239e9b70ca2 5919 CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
wolfSSL 0:1239e9b70ca2 5920 if (mode)
wolfSSL 0:1239e9b70ca2 5921 ctx->quietShutdown = 1;
wolfSSL 0:1239e9b70ca2 5922 }
wolfSSL 0:1239e9b70ca2 5923
wolfSSL 0:1239e9b70ca2 5924
wolfSSL 0:1239e9b70ca2 5925 void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode)
wolfSSL 0:1239e9b70ca2 5926 {
wolfSSL 0:1239e9b70ca2 5927 CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
wolfSSL 0:1239e9b70ca2 5928 if (mode)
wolfSSL 0:1239e9b70ca2 5929 ssl->options.quietShutdown = 1;
wolfSSL 0:1239e9b70ca2 5930 }
wolfSSL 0:1239e9b70ca2 5931
wolfSSL 0:1239e9b70ca2 5932
wolfSSL 0:1239e9b70ca2 5933 void CyaSSL_set_bio(CYASSL* ssl, CYASSL_BIO* rd, CYASSL_BIO* wr)
wolfSSL 0:1239e9b70ca2 5934 {
wolfSSL 0:1239e9b70ca2 5935 CYASSL_ENTER("SSL_set_bio");
wolfSSL 0:1239e9b70ca2 5936 CyaSSL_set_rfd(ssl, rd->fd);
wolfSSL 0:1239e9b70ca2 5937 CyaSSL_set_wfd(ssl, wr->fd);
wolfSSL 0:1239e9b70ca2 5938
wolfSSL 0:1239e9b70ca2 5939 ssl->biord = rd;
wolfSSL 0:1239e9b70ca2 5940 ssl->biowr = wr;
wolfSSL 0:1239e9b70ca2 5941 }
wolfSSL 0:1239e9b70ca2 5942
wolfSSL 0:1239e9b70ca2 5943
wolfSSL 0:1239e9b70ca2 5944 void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 5945 STACK_OF(CYASSL_X509_NAME)* names)
wolfSSL 0:1239e9b70ca2 5946 {
wolfSSL 0:1239e9b70ca2 5947 (void)ctx;
wolfSSL 0:1239e9b70ca2 5948 (void)names;
wolfSSL 0:1239e9b70ca2 5949 }
wolfSSL 0:1239e9b70ca2 5950
wolfSSL 0:1239e9b70ca2 5951
wolfSSL 0:1239e9b70ca2 5952 STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char* fname)
wolfSSL 0:1239e9b70ca2 5953 {
wolfSSL 0:1239e9b70ca2 5954 (void)fname;
wolfSSL 0:1239e9b70ca2 5955 return 0;
wolfSSL 0:1239e9b70ca2 5956 }
wolfSSL 0:1239e9b70ca2 5957
wolfSSL 0:1239e9b70ca2 5958
wolfSSL 0:1239e9b70ca2 5959 int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 5960 {
wolfSSL 0:1239e9b70ca2 5961 /* TODO:, not needed in goahead */
wolfSSL 0:1239e9b70ca2 5962 (void)ctx;
wolfSSL 0:1239e9b70ca2 5963 return SSL_NOT_IMPLEMENTED;
wolfSSL 0:1239e9b70ca2 5964 }
wolfSSL 0:1239e9b70ca2 5965
wolfSSL 0:1239e9b70ca2 5966
wolfSSL 0:1239e9b70ca2 5967 /* keyblock size in bytes or -1 */
wolfSSL 0:1239e9b70ca2 5968 int CyaSSL_get_keyblock_size(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5969 {
wolfSSL 0:1239e9b70ca2 5970 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 5971 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 5972
wolfSSL 0:1239e9b70ca2 5973 return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
wolfSSL 0:1239e9b70ca2 5974 ssl->specs.hash_size);
wolfSSL 0:1239e9b70ca2 5975 }
wolfSSL 0:1239e9b70ca2 5976
wolfSSL 0:1239e9b70ca2 5977
wolfSSL 0:1239e9b70ca2 5978 /* store keys returns SSL_SUCCESS or -1 on error */
wolfSSL 0:1239e9b70ca2 5979 int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen,
wolfSSL 0:1239e9b70ca2 5980 unsigned char** sr, unsigned int* srLen,
wolfSSL 0:1239e9b70ca2 5981 unsigned char** cr, unsigned int* crLen)
wolfSSL 0:1239e9b70ca2 5982 {
wolfSSL 0:1239e9b70ca2 5983 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 0:1239e9b70ca2 5984 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 5985
wolfSSL 0:1239e9b70ca2 5986 *ms = ssl->arrays->masterSecret;
wolfSSL 0:1239e9b70ca2 5987 *sr = ssl->arrays->serverRandom;
wolfSSL 0:1239e9b70ca2 5988 *cr = ssl->arrays->clientRandom;
wolfSSL 0:1239e9b70ca2 5989
wolfSSL 0:1239e9b70ca2 5990 *msLen = SECRET_LEN;
wolfSSL 0:1239e9b70ca2 5991 *srLen = RAN_LEN;
wolfSSL 0:1239e9b70ca2 5992 *crLen = RAN_LEN;
wolfSSL 0:1239e9b70ca2 5993
wolfSSL 0:1239e9b70ca2 5994 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 5995 }
wolfSSL 0:1239e9b70ca2 5996
wolfSSL 0:1239e9b70ca2 5997
wolfSSL 0:1239e9b70ca2 5998 void CyaSSL_set_accept_state(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 5999 {
wolfSSL 0:1239e9b70ca2 6000 byte haveRSA = 1;
wolfSSL 0:1239e9b70ca2 6001 byte havePSK = 0;
wolfSSL 0:1239e9b70ca2 6002
wolfSSL 0:1239e9b70ca2 6003 CYASSL_ENTER("SSL_set_accept_state");
wolfSSL 0:1239e9b70ca2 6004 ssl->options.side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 6005 /* reset suites in case user switched */
wolfSSL 0:1239e9b70ca2 6006
wolfSSL 0:1239e9b70ca2 6007 #ifdef NO_RSA
wolfSSL 0:1239e9b70ca2 6008 haveRSA = 0;
wolfSSL 0:1239e9b70ca2 6009 #endif
wolfSSL 0:1239e9b70ca2 6010 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 6011 havePSK = ssl->options.havePSK;
wolfSSL 0:1239e9b70ca2 6012 #endif
wolfSSL 0:1239e9b70ca2 6013 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 0:1239e9b70ca2 6014 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 0:1239e9b70ca2 6015 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL 0:1239e9b70ca2 6016 ssl->options.side);
wolfSSL 0:1239e9b70ca2 6017 }
wolfSSL 0:1239e9b70ca2 6018 #endif
wolfSSL 0:1239e9b70ca2 6019
wolfSSL 0:1239e9b70ca2 6020 /* return true if connection established */
wolfSSL 0:1239e9b70ca2 6021 int CyaSSL_is_init_finished(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 6022 {
wolfSSL 0:1239e9b70ca2 6023 if (ssl == NULL)
wolfSSL 0:1239e9b70ca2 6024 return 0;
wolfSSL 0:1239e9b70ca2 6025
wolfSSL 0:1239e9b70ca2 6026 if (ssl->options.handShakeState == HANDSHAKE_DONE)
wolfSSL 0:1239e9b70ca2 6027 return 1;
wolfSSL 0:1239e9b70ca2 6028
wolfSSL 0:1239e9b70ca2 6029 return 0;
wolfSSL 0:1239e9b70ca2 6030 }
wolfSSL 0:1239e9b70ca2 6031
wolfSSL 0:1239e9b70ca2 6032 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 0:1239e9b70ca2 6033 void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 6034 CYASSL_RSA*(*f)(CYASSL*, int, int))
wolfSSL 0:1239e9b70ca2 6035 {
wolfSSL 0:1239e9b70ca2 6036 /* CyaSSL verifies all these internally */
wolfSSL 0:1239e9b70ca2 6037 (void)ctx;
wolfSSL 0:1239e9b70ca2 6038 (void)f;
wolfSSL 0:1239e9b70ca2 6039 }
wolfSSL 0:1239e9b70ca2 6040
wolfSSL 0:1239e9b70ca2 6041
wolfSSL 0:1239e9b70ca2 6042 void CyaSSL_set_shutdown(CYASSL* ssl, int opt)
wolfSSL 0:1239e9b70ca2 6043 {
wolfSSL 0:1239e9b70ca2 6044 (void)ssl;
wolfSSL 0:1239e9b70ca2 6045 (void)opt;
wolfSSL 0:1239e9b70ca2 6046 }
wolfSSL 0:1239e9b70ca2 6047
wolfSSL 0:1239e9b70ca2 6048
wolfSSL 0:1239e9b70ca2 6049 long CyaSSL_CTX_set_options(CYASSL_CTX* ctx, long opt)
wolfSSL 0:1239e9b70ca2 6050 {
wolfSSL 0:1239e9b70ca2 6051 /* goahead calls with 0, do nothing */
wolfSSL 0:1239e9b70ca2 6052 CYASSL_ENTER("SSL_CTX_set_options");
wolfSSL 0:1239e9b70ca2 6053 (void)ctx;
wolfSSL 0:1239e9b70ca2 6054 return opt;
wolfSSL 0:1239e9b70ca2 6055 }
wolfSSL 0:1239e9b70ca2 6056
wolfSSL 0:1239e9b70ca2 6057
wolfSSL 0:1239e9b70ca2 6058 int CyaSSL_set_rfd(CYASSL* ssl, int rfd)
wolfSSL 0:1239e9b70ca2 6059 {
wolfSSL 0:1239e9b70ca2 6060 CYASSL_ENTER("SSL_set_rfd");
wolfSSL 0:1239e9b70ca2 6061 ssl->rfd = rfd; /* not used directly to allow IO callbacks */
wolfSSL 0:1239e9b70ca2 6062
wolfSSL 0:1239e9b70ca2 6063 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 0:1239e9b70ca2 6064
wolfSSL 0:1239e9b70ca2 6065 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 6066 }
wolfSSL 0:1239e9b70ca2 6067
wolfSSL 0:1239e9b70ca2 6068
wolfSSL 0:1239e9b70ca2 6069 int CyaSSL_set_wfd(CYASSL* ssl, int wfd)
wolfSSL 0:1239e9b70ca2 6070 {
wolfSSL 0:1239e9b70ca2 6071 CYASSL_ENTER("SSL_set_wfd");
wolfSSL 0:1239e9b70ca2 6072 ssl->wfd = wfd; /* not used directly to allow IO callbacks */
wolfSSL 0:1239e9b70ca2 6073
wolfSSL 0:1239e9b70ca2 6074 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 0:1239e9b70ca2 6075
wolfSSL 0:1239e9b70ca2 6076 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 6077 }
wolfSSL 0:1239e9b70ca2 6078
wolfSSL 0:1239e9b70ca2 6079
wolfSSL 0:1239e9b70ca2 6080 CYASSL_RSA* CyaSSL_RSA_generate_key(int len, unsigned long bits,
wolfSSL 0:1239e9b70ca2 6081 void(*f)(int, int, void*), void* data)
wolfSSL 0:1239e9b70ca2 6082 {
wolfSSL 0:1239e9b70ca2 6083 /* no tmp key needed, actual generation not supported */
wolfSSL 0:1239e9b70ca2 6084 CYASSL_ENTER("RSA_generate_key");
wolfSSL 0:1239e9b70ca2 6085 (void)len;
wolfSSL 0:1239e9b70ca2 6086 (void)bits;
wolfSSL 0:1239e9b70ca2 6087 (void)f;
wolfSSL 0:1239e9b70ca2 6088 (void)data;
wolfSSL 0:1239e9b70ca2 6089 return NULL;
wolfSSL 0:1239e9b70ca2 6090 }
wolfSSL 0:1239e9b70ca2 6091
wolfSSL 0:1239e9b70ca2 6092
wolfSSL 0:1239e9b70ca2 6093
wolfSSL 0:1239e9b70ca2 6094 CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
wolfSSL 0:1239e9b70ca2 6095 CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6096 {
wolfSSL 0:1239e9b70ca2 6097 (void)ctx;
wolfSSL 0:1239e9b70ca2 6098 return 0;
wolfSSL 0:1239e9b70ca2 6099 }
wolfSSL 0:1239e9b70ca2 6100
wolfSSL 0:1239e9b70ca2 6101
wolfSSL 0:1239e9b70ca2 6102 int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6103 {
wolfSSL 0:1239e9b70ca2 6104 if (ctx != NULL)
wolfSSL 0:1239e9b70ca2 6105 return ctx->error;
wolfSSL 0:1239e9b70ca2 6106 return 0;
wolfSSL 0:1239e9b70ca2 6107 }
wolfSSL 0:1239e9b70ca2 6108
wolfSSL 0:1239e9b70ca2 6109
wolfSSL 0:1239e9b70ca2 6110 int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6111 {
wolfSSL 0:1239e9b70ca2 6112 (void)ctx;
wolfSSL 0:1239e9b70ca2 6113 return 0;
wolfSSL 0:1239e9b70ca2 6114 }
wolfSSL 0:1239e9b70ca2 6115
wolfSSL 0:1239e9b70ca2 6116
wolfSSL 0:1239e9b70ca2 6117 CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void)
wolfSSL 0:1239e9b70ca2 6118 {
wolfSSL 0:1239e9b70ca2 6119 static CYASSL_BIO_METHOD meth;
wolfSSL 0:1239e9b70ca2 6120
wolfSSL 0:1239e9b70ca2 6121 CYASSL_ENTER("BIO_f_buffer");
wolfSSL 0:1239e9b70ca2 6122 meth.type = BIO_BUFFER;
wolfSSL 0:1239e9b70ca2 6123
wolfSSL 0:1239e9b70ca2 6124 return &meth;
wolfSSL 0:1239e9b70ca2 6125 }
wolfSSL 0:1239e9b70ca2 6126
wolfSSL 0:1239e9b70ca2 6127
wolfSSL 0:1239e9b70ca2 6128 long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO* bio, long size)
wolfSSL 0:1239e9b70ca2 6129 {
wolfSSL 0:1239e9b70ca2 6130 /* CyaSSL has internal buffer, compatibility only */
wolfSSL 0:1239e9b70ca2 6131 CYASSL_ENTER("BIO_set_write_buffer_size");
wolfSSL 0:1239e9b70ca2 6132 (void)bio;
wolfSSL 0:1239e9b70ca2 6133 return size;
wolfSSL 0:1239e9b70ca2 6134 }
wolfSSL 0:1239e9b70ca2 6135
wolfSSL 0:1239e9b70ca2 6136
wolfSSL 0:1239e9b70ca2 6137 CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void)
wolfSSL 0:1239e9b70ca2 6138 {
wolfSSL 0:1239e9b70ca2 6139 static CYASSL_BIO_METHOD meth;
wolfSSL 0:1239e9b70ca2 6140
wolfSSL 0:1239e9b70ca2 6141 CYASSL_ENTER("BIO_f_ssl");
wolfSSL 0:1239e9b70ca2 6142 meth.type = BIO_SSL;
wolfSSL 0:1239e9b70ca2 6143
wolfSSL 0:1239e9b70ca2 6144 return &meth;
wolfSSL 0:1239e9b70ca2 6145 }
wolfSSL 0:1239e9b70ca2 6146
wolfSSL 0:1239e9b70ca2 6147
wolfSSL 0:1239e9b70ca2 6148 CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int closeF)
wolfSSL 0:1239e9b70ca2 6149 {
wolfSSL 0:1239e9b70ca2 6150 CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
wolfSSL 0:1239e9b70ca2 6151 DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6152
wolfSSL 0:1239e9b70ca2 6153 CYASSL_ENTER("BIO_new_socket");
wolfSSL 0:1239e9b70ca2 6154 if (bio) {
wolfSSL 0:1239e9b70ca2 6155 bio->type = BIO_SOCKET;
wolfSSL 0:1239e9b70ca2 6156 bio->close = (byte)closeF;
wolfSSL 0:1239e9b70ca2 6157 bio->eof = 0;
wolfSSL 0:1239e9b70ca2 6158 bio->ssl = 0;
wolfSSL 0:1239e9b70ca2 6159 bio->fd = sfd;
wolfSSL 0:1239e9b70ca2 6160 bio->prev = 0;
wolfSSL 0:1239e9b70ca2 6161 bio->next = 0;
wolfSSL 0:1239e9b70ca2 6162 bio->mem = NULL;
wolfSSL 0:1239e9b70ca2 6163 bio->memLen = 0;
wolfSSL 0:1239e9b70ca2 6164 }
wolfSSL 0:1239e9b70ca2 6165 return bio;
wolfSSL 0:1239e9b70ca2 6166 }
wolfSSL 0:1239e9b70ca2 6167
wolfSSL 0:1239e9b70ca2 6168
wolfSSL 0:1239e9b70ca2 6169 int CyaSSL_BIO_eof(CYASSL_BIO* b)
wolfSSL 0:1239e9b70ca2 6170 {
wolfSSL 0:1239e9b70ca2 6171 CYASSL_ENTER("BIO_eof");
wolfSSL 0:1239e9b70ca2 6172 if (b->eof)
wolfSSL 0:1239e9b70ca2 6173 return 1;
wolfSSL 0:1239e9b70ca2 6174
wolfSSL 0:1239e9b70ca2 6175 return 0;
wolfSSL 0:1239e9b70ca2 6176 }
wolfSSL 0:1239e9b70ca2 6177
wolfSSL 0:1239e9b70ca2 6178
wolfSSL 0:1239e9b70ca2 6179 long CyaSSL_BIO_set_ssl(CYASSL_BIO* b, CYASSL* ssl, int closeF)
wolfSSL 0:1239e9b70ca2 6180 {
wolfSSL 0:1239e9b70ca2 6181 CYASSL_ENTER("BIO_set_ssl");
wolfSSL 0:1239e9b70ca2 6182 b->ssl = ssl;
wolfSSL 0:1239e9b70ca2 6183 b->close = (byte)closeF;
wolfSSL 0:1239e9b70ca2 6184 /* add to ssl for bio free if SSL_free called before/instead of free_all? */
wolfSSL 0:1239e9b70ca2 6185
wolfSSL 0:1239e9b70ca2 6186 return 0;
wolfSSL 0:1239e9b70ca2 6187 }
wolfSSL 0:1239e9b70ca2 6188
wolfSSL 0:1239e9b70ca2 6189
wolfSSL 0:1239e9b70ca2 6190 CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD* method)
wolfSSL 0:1239e9b70ca2 6191 {
wolfSSL 0:1239e9b70ca2 6192 CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
wolfSSL 0:1239e9b70ca2 6193 DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6194 CYASSL_ENTER("BIO_new");
wolfSSL 0:1239e9b70ca2 6195 if (bio) {
wolfSSL 0:1239e9b70ca2 6196 bio->type = method->type;
wolfSSL 0:1239e9b70ca2 6197 bio->close = 0;
wolfSSL 0:1239e9b70ca2 6198 bio->eof = 0;
wolfSSL 0:1239e9b70ca2 6199 bio->ssl = NULL;
wolfSSL 0:1239e9b70ca2 6200 bio->mem = NULL;
wolfSSL 0:1239e9b70ca2 6201 bio->memLen = 0;
wolfSSL 0:1239e9b70ca2 6202 bio->fd = 0;
wolfSSL 0:1239e9b70ca2 6203 bio->prev = NULL;
wolfSSL 0:1239e9b70ca2 6204 bio->next = NULL;
wolfSSL 0:1239e9b70ca2 6205 }
wolfSSL 0:1239e9b70ca2 6206 return bio;
wolfSSL 0:1239e9b70ca2 6207 }
wolfSSL 0:1239e9b70ca2 6208
wolfSSL 0:1239e9b70ca2 6209
wolfSSL 0:1239e9b70ca2 6210 int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio, const byte** p)
wolfSSL 0:1239e9b70ca2 6211 {
wolfSSL 0:1239e9b70ca2 6212 if (bio == NULL || p == NULL)
wolfSSL 0:1239e9b70ca2 6213 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 6214
wolfSSL 0:1239e9b70ca2 6215 *p = bio->mem;
wolfSSL 0:1239e9b70ca2 6216
wolfSSL 0:1239e9b70ca2 6217 return bio->memLen;
wolfSSL 0:1239e9b70ca2 6218 }
wolfSSL 0:1239e9b70ca2 6219
wolfSSL 0:1239e9b70ca2 6220
wolfSSL 0:1239e9b70ca2 6221 CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len)
wolfSSL 0:1239e9b70ca2 6222 {
wolfSSL 0:1239e9b70ca2 6223 CYASSL_BIO* bio = NULL;
wolfSSL 0:1239e9b70ca2 6224 if (buf == NULL)
wolfSSL 0:1239e9b70ca2 6225 return bio;
wolfSSL 0:1239e9b70ca2 6226
wolfSSL 0:1239e9b70ca2 6227 bio = CyaSSL_BIO_new(CyaSSL_BIO_s_mem());
wolfSSL 0:1239e9b70ca2 6228 if (bio == NULL)
wolfSSL 0:1239e9b70ca2 6229 return bio;
wolfSSL 0:1239e9b70ca2 6230
wolfSSL 0:1239e9b70ca2 6231 bio->memLen = len;
wolfSSL 0:1239e9b70ca2 6232 bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6233 if (bio->mem == NULL) {
wolfSSL 0:1239e9b70ca2 6234 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6235 return NULL;
wolfSSL 0:1239e9b70ca2 6236 }
wolfSSL 0:1239e9b70ca2 6237
wolfSSL 0:1239e9b70ca2 6238 XMEMCPY(bio->mem, buf, len);
wolfSSL 0:1239e9b70ca2 6239
wolfSSL 0:1239e9b70ca2 6240 return bio;
wolfSSL 0:1239e9b70ca2 6241 }
wolfSSL 0:1239e9b70ca2 6242
wolfSSL 0:1239e9b70ca2 6243
wolfSSL 0:1239e9b70ca2 6244 #ifdef USE_WINDOWS_API
wolfSSL 0:1239e9b70ca2 6245 #define CloseSocket(s) closesocket(s)
wolfSSL 0:1239e9b70ca2 6246 #elif defined(CYASSL_MDK_ARM)
wolfSSL 0:1239e9b70ca2 6247 #define CloseSocket(s) closesocket(s)
wolfSSL 0:1239e9b70ca2 6248 extern int closesocket(int) ;
wolfSSL 0:1239e9b70ca2 6249 #else
wolfSSL 0:1239e9b70ca2 6250 #define CloseSocket(s) close(s)
wolfSSL 0:1239e9b70ca2 6251 #endif
wolfSSL 0:1239e9b70ca2 6252
wolfSSL 0:1239e9b70ca2 6253 int CyaSSL_BIO_free(CYASSL_BIO* bio)
wolfSSL 0:1239e9b70ca2 6254 {
wolfSSL 0:1239e9b70ca2 6255 /* unchain?, doesn't matter in goahead since from free all */
wolfSSL 0:1239e9b70ca2 6256 CYASSL_ENTER("BIO_free");
wolfSSL 0:1239e9b70ca2 6257 if (bio) {
wolfSSL 0:1239e9b70ca2 6258 if (bio->close) {
wolfSSL 0:1239e9b70ca2 6259 if (bio->ssl)
wolfSSL 0:1239e9b70ca2 6260 CyaSSL_free(bio->ssl);
wolfSSL 0:1239e9b70ca2 6261 if (bio->fd)
wolfSSL 0:1239e9b70ca2 6262 CloseSocket(bio->fd);
wolfSSL 0:1239e9b70ca2 6263 }
wolfSSL 0:1239e9b70ca2 6264 if (bio->mem)
wolfSSL 0:1239e9b70ca2 6265 XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6266 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 6267 }
wolfSSL 0:1239e9b70ca2 6268 return 0;
wolfSSL 0:1239e9b70ca2 6269 }
wolfSSL 0:1239e9b70ca2 6270
wolfSSL 0:1239e9b70ca2 6271
wolfSSL 0:1239e9b70ca2 6272 int CyaSSL_BIO_free_all(CYASSL_BIO* bio)
wolfSSL 0:1239e9b70ca2 6273 {
wolfSSL 0:1239e9b70ca2 6274 CYASSL_ENTER("BIO_free_all");
wolfSSL 0:1239e9b70ca2 6275 while (bio) {
wolfSSL 0:1239e9b70ca2 6276 CYASSL_BIO* next = bio->next;
wolfSSL 0:1239e9b70ca2 6277 CyaSSL_BIO_free(bio);
wolfSSL 0:1239e9b70ca2 6278 bio = next;
wolfSSL 0:1239e9b70ca2 6279 }
wolfSSL 0:1239e9b70ca2 6280 return 0;
wolfSSL 0:1239e9b70ca2 6281 }
wolfSSL 0:1239e9b70ca2 6282
wolfSSL 0:1239e9b70ca2 6283
wolfSSL 0:1239e9b70ca2 6284 int CyaSSL_BIO_read(CYASSL_BIO* bio, void* buf, int len)
wolfSSL 0:1239e9b70ca2 6285 {
wolfSSL 0:1239e9b70ca2 6286 int ret;
wolfSSL 0:1239e9b70ca2 6287 CYASSL* ssl = 0;
wolfSSL 0:1239e9b70ca2 6288 CYASSL_BIO* front = bio;
wolfSSL 0:1239e9b70ca2 6289
wolfSSL 0:1239e9b70ca2 6290 CYASSL_ENTER("BIO_read");
wolfSSL 0:1239e9b70ca2 6291 /* already got eof, again is error */
wolfSSL 0:1239e9b70ca2 6292 if (front->eof)
wolfSSL 0:1239e9b70ca2 6293 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 6294
wolfSSL 0:1239e9b70ca2 6295 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 0:1239e9b70ca2 6296 bio = bio->next;
wolfSSL 0:1239e9b70ca2 6297
wolfSSL 0:1239e9b70ca2 6298 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 6299
wolfSSL 0:1239e9b70ca2 6300 ret = CyaSSL_read(ssl, buf, len);
wolfSSL 0:1239e9b70ca2 6301 if (ret == 0)
wolfSSL 0:1239e9b70ca2 6302 front->eof = 1;
wolfSSL 0:1239e9b70ca2 6303 else if (ret < 0) {
wolfSSL 0:1239e9b70ca2 6304 int err = CyaSSL_get_error(ssl, 0);
wolfSSL 0:1239e9b70ca2 6305 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 0:1239e9b70ca2 6306 front->eof = 1;
wolfSSL 0:1239e9b70ca2 6307 }
wolfSSL 0:1239e9b70ca2 6308 return ret;
wolfSSL 0:1239e9b70ca2 6309 }
wolfSSL 0:1239e9b70ca2 6310
wolfSSL 0:1239e9b70ca2 6311
wolfSSL 0:1239e9b70ca2 6312 int CyaSSL_BIO_write(CYASSL_BIO* bio, const void* data, int len)
wolfSSL 0:1239e9b70ca2 6313 {
wolfSSL 0:1239e9b70ca2 6314 int ret;
wolfSSL 0:1239e9b70ca2 6315 CYASSL* ssl = 0;
wolfSSL 0:1239e9b70ca2 6316 CYASSL_BIO* front = bio;
wolfSSL 0:1239e9b70ca2 6317
wolfSSL 0:1239e9b70ca2 6318 CYASSL_ENTER("BIO_write");
wolfSSL 0:1239e9b70ca2 6319 /* already got eof, again is error */
wolfSSL 0:1239e9b70ca2 6320 if (front->eof)
wolfSSL 0:1239e9b70ca2 6321 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 6322
wolfSSL 0:1239e9b70ca2 6323 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 0:1239e9b70ca2 6324 bio = bio->next;
wolfSSL 0:1239e9b70ca2 6325
wolfSSL 0:1239e9b70ca2 6326 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 6327
wolfSSL 0:1239e9b70ca2 6328 ret = CyaSSL_write(ssl, data, len);
wolfSSL 0:1239e9b70ca2 6329 if (ret == 0)
wolfSSL 0:1239e9b70ca2 6330 front->eof = 1;
wolfSSL 0:1239e9b70ca2 6331 else if (ret < 0) {
wolfSSL 0:1239e9b70ca2 6332 int err = CyaSSL_get_error(ssl, 0);
wolfSSL 0:1239e9b70ca2 6333 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 0:1239e9b70ca2 6334 front->eof = 1;
wolfSSL 0:1239e9b70ca2 6335 }
wolfSSL 0:1239e9b70ca2 6336
wolfSSL 0:1239e9b70ca2 6337 return ret;
wolfSSL 0:1239e9b70ca2 6338 }
wolfSSL 0:1239e9b70ca2 6339
wolfSSL 0:1239e9b70ca2 6340
wolfSSL 0:1239e9b70ca2 6341 CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO* top, CYASSL_BIO* append)
wolfSSL 0:1239e9b70ca2 6342 {
wolfSSL 0:1239e9b70ca2 6343 CYASSL_ENTER("BIO_push");
wolfSSL 0:1239e9b70ca2 6344 top->next = append;
wolfSSL 0:1239e9b70ca2 6345 append->prev = top;
wolfSSL 0:1239e9b70ca2 6346
wolfSSL 0:1239e9b70ca2 6347 return top;
wolfSSL 0:1239e9b70ca2 6348 }
wolfSSL 0:1239e9b70ca2 6349
wolfSSL 0:1239e9b70ca2 6350
wolfSSL 0:1239e9b70ca2 6351 int CyaSSL_BIO_flush(CYASSL_BIO* bio)
wolfSSL 0:1239e9b70ca2 6352 {
wolfSSL 0:1239e9b70ca2 6353 /* for CyaSSL no flushing needed */
wolfSSL 0:1239e9b70ca2 6354 CYASSL_ENTER("BIO_flush");
wolfSSL 0:1239e9b70ca2 6355 (void)bio;
wolfSSL 0:1239e9b70ca2 6356 return 1;
wolfSSL 0:1239e9b70ca2 6357 }
wolfSSL 0:1239e9b70ca2 6358
wolfSSL 0:1239e9b70ca2 6359
wolfSSL 0:1239e9b70ca2 6360 #endif /* OPENSSL_EXTRA || GOAHEAD_WS */
wolfSSL 0:1239e9b70ca2 6361
wolfSSL 0:1239e9b70ca2 6362
wolfSSL 0:1239e9b70ca2 6363 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 0:1239e9b70ca2 6364
wolfSSL 0:1239e9b70ca2 6365 void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 6366 void* userdata)
wolfSSL 0:1239e9b70ca2 6367 {
wolfSSL 0:1239e9b70ca2 6368 CYASSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
wolfSSL 0:1239e9b70ca2 6369 ctx->userdata = userdata;
wolfSSL 0:1239e9b70ca2 6370 }
wolfSSL 0:1239e9b70ca2 6371
wolfSSL 0:1239e9b70ca2 6372
wolfSSL 0:1239e9b70ca2 6373 void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX* ctx, pem_password_cb cb)
wolfSSL 0:1239e9b70ca2 6374 {
wolfSSL 0:1239e9b70ca2 6375 CYASSL_ENTER("SSL_CTX_set_default_passwd_cb");
wolfSSL 0:1239e9b70ca2 6376 ctx->passwd_cb = cb;
wolfSSL 0:1239e9b70ca2 6377 }
wolfSSL 0:1239e9b70ca2 6378
wolfSSL 0:1239e9b70ca2 6379 int CyaSSL_num_locks(void)
wolfSSL 0:1239e9b70ca2 6380 {
wolfSSL 0:1239e9b70ca2 6381 return 0;
wolfSSL 0:1239e9b70ca2 6382 }
wolfSSL 0:1239e9b70ca2 6383
wolfSSL 0:1239e9b70ca2 6384 void CyaSSL_set_locking_callback(void (*f)(int, int, const char*, int))
wolfSSL 0:1239e9b70ca2 6385 {
wolfSSL 0:1239e9b70ca2 6386 (void)f;
wolfSSL 0:1239e9b70ca2 6387 }
wolfSSL 0:1239e9b70ca2 6388
wolfSSL 0:1239e9b70ca2 6389 void CyaSSL_set_id_callback(unsigned long (*f)(void))
wolfSSL 0:1239e9b70ca2 6390 {
wolfSSL 0:1239e9b70ca2 6391 (void)f;
wolfSSL 0:1239e9b70ca2 6392 }
wolfSSL 0:1239e9b70ca2 6393
wolfSSL 0:1239e9b70ca2 6394 unsigned long CyaSSL_ERR_get_error(void)
wolfSSL 0:1239e9b70ca2 6395 {
wolfSSL 0:1239e9b70ca2 6396 /* TODO: */
wolfSSL 0:1239e9b70ca2 6397 return 0;
wolfSSL 0:1239e9b70ca2 6398 }
wolfSSL 0:1239e9b70ca2 6399
wolfSSL 0:1239e9b70ca2 6400 int CyaSSL_EVP_BytesToKey(const CYASSL_EVP_CIPHER* type,
wolfSSL 0:1239e9b70ca2 6401 const CYASSL_EVP_MD* md, const byte* salt,
wolfSSL 0:1239e9b70ca2 6402 const byte* data, int sz, int count, byte* key, byte* iv)
wolfSSL 0:1239e9b70ca2 6403 {
wolfSSL 0:1239e9b70ca2 6404 int keyLen = 0;
wolfSSL 0:1239e9b70ca2 6405 int ivLen = 0;
wolfSSL 0:1239e9b70ca2 6406
wolfSSL 0:1239e9b70ca2 6407 Md5 myMD;
wolfSSL 0:1239e9b70ca2 6408 byte digest[MD5_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 6409
wolfSSL 0:1239e9b70ca2 6410 int j;
wolfSSL 0:1239e9b70ca2 6411 int keyLeft;
wolfSSL 0:1239e9b70ca2 6412 int ivLeft;
wolfSSL 0:1239e9b70ca2 6413 int keyOutput = 0;
wolfSSL 0:1239e9b70ca2 6414
wolfSSL 0:1239e9b70ca2 6415 CYASSL_ENTER("EVP_BytesToKey");
wolfSSL 0:1239e9b70ca2 6416 InitMd5(&myMD);
wolfSSL 0:1239e9b70ca2 6417
wolfSSL 0:1239e9b70ca2 6418 /* only support MD5 for now */
wolfSSL 0:1239e9b70ca2 6419 if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
wolfSSL 0:1239e9b70ca2 6420
wolfSSL 0:1239e9b70ca2 6421 /* only support CBC DES and AES for now */
wolfSSL 0:1239e9b70ca2 6422 if (XSTRNCMP(type, "DES-CBC", 7) == 0) {
wolfSSL 0:1239e9b70ca2 6423 keyLen = DES_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6424 ivLen = DES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6425 }
wolfSSL 0:1239e9b70ca2 6426 else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) {
wolfSSL 0:1239e9b70ca2 6427 keyLen = DES3_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6428 ivLen = DES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6429 }
wolfSSL 0:1239e9b70ca2 6430 else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) {
wolfSSL 0:1239e9b70ca2 6431 keyLen = AES_128_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6432 ivLen = AES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6433 }
wolfSSL 0:1239e9b70ca2 6434 else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) {
wolfSSL 0:1239e9b70ca2 6435 keyLen = AES_192_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6436 ivLen = AES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6437 }
wolfSSL 0:1239e9b70ca2 6438 else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) {
wolfSSL 0:1239e9b70ca2 6439 keyLen = AES_256_KEY_SIZE;
wolfSSL 0:1239e9b70ca2 6440 ivLen = AES_IV_SIZE;
wolfSSL 0:1239e9b70ca2 6441 }
wolfSSL 0:1239e9b70ca2 6442 else
wolfSSL 0:1239e9b70ca2 6443 return 0;
wolfSSL 0:1239e9b70ca2 6444
wolfSSL 0:1239e9b70ca2 6445 keyLeft = keyLen;
wolfSSL 0:1239e9b70ca2 6446 ivLeft = ivLen;
wolfSSL 0:1239e9b70ca2 6447
wolfSSL 0:1239e9b70ca2 6448 while (keyOutput < (keyLen + ivLen)) {
wolfSSL 0:1239e9b70ca2 6449 int digestLeft = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 6450 /* D_(i - 1) */
wolfSSL 0:1239e9b70ca2 6451 if (keyOutput) /* first time D_0 is empty */
wolfSSL 0:1239e9b70ca2 6452 Md5Update(&myMD, digest, MD5_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 6453 /* data */
wolfSSL 0:1239e9b70ca2 6454 Md5Update(&myMD, data, sz);
wolfSSL 0:1239e9b70ca2 6455 /* salt */
wolfSSL 0:1239e9b70ca2 6456 if (salt)
wolfSSL 0:1239e9b70ca2 6457 Md5Update(&myMD, salt, EVP_SALT_SIZE);
wolfSSL 0:1239e9b70ca2 6458 Md5Final(&myMD, digest);
wolfSSL 0:1239e9b70ca2 6459 /* count */
wolfSSL 0:1239e9b70ca2 6460 for (j = 1; j < count; j++) {
wolfSSL 0:1239e9b70ca2 6461 Md5Update(&myMD, digest, MD5_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 6462 Md5Final(&myMD, digest);
wolfSSL 0:1239e9b70ca2 6463 }
wolfSSL 0:1239e9b70ca2 6464
wolfSSL 0:1239e9b70ca2 6465 if (keyLeft) {
wolfSSL 0:1239e9b70ca2 6466 int store = min(keyLeft, MD5_DIGEST_SIZE);
wolfSSL 0:1239e9b70ca2 6467 XMEMCPY(&key[keyLen - keyLeft], digest, store);
wolfSSL 0:1239e9b70ca2 6468
wolfSSL 0:1239e9b70ca2 6469 keyOutput += store;
wolfSSL 0:1239e9b70ca2 6470 keyLeft -= store;
wolfSSL 0:1239e9b70ca2 6471 digestLeft -= store;
wolfSSL 0:1239e9b70ca2 6472 }
wolfSSL 0:1239e9b70ca2 6473
wolfSSL 0:1239e9b70ca2 6474 if (ivLeft && digestLeft) {
wolfSSL 0:1239e9b70ca2 6475 int store = min(ivLeft, digestLeft);
wolfSSL 0:1239e9b70ca2 6476 XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE -
wolfSSL 0:1239e9b70ca2 6477 digestLeft], store);
wolfSSL 0:1239e9b70ca2 6478 keyOutput += store;
wolfSSL 0:1239e9b70ca2 6479 ivLeft -= store;
wolfSSL 0:1239e9b70ca2 6480 }
wolfSSL 0:1239e9b70ca2 6481 }
wolfSSL 0:1239e9b70ca2 6482 if (keyOutput != (keyLen + ivLen))
wolfSSL 0:1239e9b70ca2 6483 return 0;
wolfSSL 0:1239e9b70ca2 6484 return keyOutput;
wolfSSL 0:1239e9b70ca2 6485 }
wolfSSL 0:1239e9b70ca2 6486
wolfSSL 0:1239e9b70ca2 6487 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 0:1239e9b70ca2 6488
wolfSSL 0:1239e9b70ca2 6489
wolfSSL 0:1239e9b70ca2 6490 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 6491
wolfSSL 0:1239e9b70ca2 6492 unsigned long CyaSSLeay(void)
wolfSSL 0:1239e9b70ca2 6493 {
wolfSSL 0:1239e9b70ca2 6494 return SSLEAY_VERSION_NUMBER;
wolfSSL 0:1239e9b70ca2 6495 }
wolfSSL 0:1239e9b70ca2 6496
wolfSSL 0:1239e9b70ca2 6497
wolfSSL 0:1239e9b70ca2 6498 const char* CyaSSLeay_version(int type)
wolfSSL 0:1239e9b70ca2 6499 {
wolfSSL 0:1239e9b70ca2 6500 static const char* version = "SSLeay CyaSSL compatibility";
wolfSSL 0:1239e9b70ca2 6501 (void)type;
wolfSSL 0:1239e9b70ca2 6502 return version;
wolfSSL 0:1239e9b70ca2 6503 }
wolfSSL 0:1239e9b70ca2 6504
wolfSSL 0:1239e9b70ca2 6505
wolfSSL 0:1239e9b70ca2 6506 void CyaSSL_MD5_Init(CYASSL_MD5_CTX* md5)
wolfSSL 0:1239e9b70ca2 6507 {
wolfSSL 0:1239e9b70ca2 6508 typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6509 (void)sizeof(md5_test);
wolfSSL 0:1239e9b70ca2 6510
wolfSSL 0:1239e9b70ca2 6511 CYASSL_ENTER("MD5_Init");
wolfSSL 0:1239e9b70ca2 6512 InitMd5((Md5*)md5);
wolfSSL 0:1239e9b70ca2 6513 }
wolfSSL 0:1239e9b70ca2 6514
wolfSSL 0:1239e9b70ca2 6515
wolfSSL 0:1239e9b70ca2 6516 void CyaSSL_MD5_Update(CYASSL_MD5_CTX* md5, const void* input,
wolfSSL 0:1239e9b70ca2 6517 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6518 {
wolfSSL 0:1239e9b70ca2 6519 CYASSL_ENTER("CyaSSL_MD5_Update");
wolfSSL 0:1239e9b70ca2 6520 Md5Update((Md5*)md5, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6521 }
wolfSSL 0:1239e9b70ca2 6522
wolfSSL 0:1239e9b70ca2 6523
wolfSSL 0:1239e9b70ca2 6524 void CyaSSL_MD5_Final(byte* input, CYASSL_MD5_CTX* md5)
wolfSSL 0:1239e9b70ca2 6525 {
wolfSSL 0:1239e9b70ca2 6526 CYASSL_ENTER("MD5_Final");
wolfSSL 0:1239e9b70ca2 6527 Md5Final((Md5*)md5, input);
wolfSSL 0:1239e9b70ca2 6528 }
wolfSSL 0:1239e9b70ca2 6529
wolfSSL 0:1239e9b70ca2 6530
wolfSSL 0:1239e9b70ca2 6531 void CyaSSL_SHA_Init(CYASSL_SHA_CTX* sha)
wolfSSL 0:1239e9b70ca2 6532 {
wolfSSL 0:1239e9b70ca2 6533 typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6534 (void)sizeof(sha_test);
wolfSSL 0:1239e9b70ca2 6535
wolfSSL 0:1239e9b70ca2 6536 CYASSL_ENTER("SHA_Init");
wolfSSL 0:1239e9b70ca2 6537 InitSha((Sha*)sha); /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 6538 }
wolfSSL 0:1239e9b70ca2 6539
wolfSSL 0:1239e9b70ca2 6540
wolfSSL 0:1239e9b70ca2 6541 void CyaSSL_SHA_Update(CYASSL_SHA_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6542 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6543 {
wolfSSL 0:1239e9b70ca2 6544 CYASSL_ENTER("SHA_Update");
wolfSSL 0:1239e9b70ca2 6545 ShaUpdate((Sha*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6546 }
wolfSSL 0:1239e9b70ca2 6547
wolfSSL 0:1239e9b70ca2 6548
wolfSSL 0:1239e9b70ca2 6549 void CyaSSL_SHA_Final(byte* input, CYASSL_SHA_CTX* sha)
wolfSSL 0:1239e9b70ca2 6550 {
wolfSSL 0:1239e9b70ca2 6551 CYASSL_ENTER("SHA_Final");
wolfSSL 0:1239e9b70ca2 6552 ShaFinal((Sha*)sha, input);
wolfSSL 0:1239e9b70ca2 6553 }
wolfSSL 0:1239e9b70ca2 6554
wolfSSL 0:1239e9b70ca2 6555
wolfSSL 0:1239e9b70ca2 6556 void CyaSSL_SHA1_Init(CYASSL_SHA_CTX* sha)
wolfSSL 0:1239e9b70ca2 6557 {
wolfSSL 0:1239e9b70ca2 6558 CYASSL_ENTER("SHA1_Init");
wolfSSL 0:1239e9b70ca2 6559 SHA_Init(sha);
wolfSSL 0:1239e9b70ca2 6560 }
wolfSSL 0:1239e9b70ca2 6561
wolfSSL 0:1239e9b70ca2 6562
wolfSSL 0:1239e9b70ca2 6563 void CyaSSL_SHA1_Update(CYASSL_SHA_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6564 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6565 {
wolfSSL 0:1239e9b70ca2 6566 CYASSL_ENTER("SHA1_Update");
wolfSSL 0:1239e9b70ca2 6567 SHA_Update(sha, input, sz);
wolfSSL 0:1239e9b70ca2 6568 }
wolfSSL 0:1239e9b70ca2 6569
wolfSSL 0:1239e9b70ca2 6570
wolfSSL 0:1239e9b70ca2 6571 void CyaSSL_SHA1_Final(byte* input, CYASSL_SHA_CTX* sha)
wolfSSL 0:1239e9b70ca2 6572 {
wolfSSL 0:1239e9b70ca2 6573 CYASSL_ENTER("SHA1_Final");
wolfSSL 0:1239e9b70ca2 6574 SHA_Final(input, sha);
wolfSSL 0:1239e9b70ca2 6575 }
wolfSSL 0:1239e9b70ca2 6576
wolfSSL 0:1239e9b70ca2 6577
wolfSSL 0:1239e9b70ca2 6578 void CyaSSL_SHA256_Init(CYASSL_SHA256_CTX* sha256)
wolfSSL 0:1239e9b70ca2 6579 {
wolfSSL 0:1239e9b70ca2 6580 typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6581 (void)sizeof(sha_test);
wolfSSL 0:1239e9b70ca2 6582
wolfSSL 0:1239e9b70ca2 6583 CYASSL_ENTER("SHA256_Init");
wolfSSL 0:1239e9b70ca2 6584 InitSha256((Sha256*)sha256); /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6585 }
wolfSSL 0:1239e9b70ca2 6586
wolfSSL 0:1239e9b70ca2 6587
wolfSSL 0:1239e9b70ca2 6588 void CyaSSL_SHA256_Update(CYASSL_SHA256_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6589 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6590 {
wolfSSL 0:1239e9b70ca2 6591 CYASSL_ENTER("SHA256_Update");
wolfSSL 0:1239e9b70ca2 6592 Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6593 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6594 }
wolfSSL 0:1239e9b70ca2 6595
wolfSSL 0:1239e9b70ca2 6596
wolfSSL 0:1239e9b70ca2 6597 void CyaSSL_SHA256_Final(byte* input, CYASSL_SHA256_CTX* sha)
wolfSSL 0:1239e9b70ca2 6598 {
wolfSSL 0:1239e9b70ca2 6599 CYASSL_ENTER("SHA256_Final");
wolfSSL 0:1239e9b70ca2 6600 Sha256Final((Sha256*)sha, input);
wolfSSL 0:1239e9b70ca2 6601 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6602 }
wolfSSL 0:1239e9b70ca2 6603
wolfSSL 0:1239e9b70ca2 6604
wolfSSL 0:1239e9b70ca2 6605 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 6606
wolfSSL 0:1239e9b70ca2 6607 void CyaSSL_SHA384_Init(CYASSL_SHA384_CTX* sha)
wolfSSL 0:1239e9b70ca2 6608 {
wolfSSL 0:1239e9b70ca2 6609 typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6610 (void)sizeof(sha_test);
wolfSSL 0:1239e9b70ca2 6611
wolfSSL 0:1239e9b70ca2 6612 CYASSL_ENTER("SHA384_Init");
wolfSSL 0:1239e9b70ca2 6613 InitSha384((Sha384*)sha); /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6614 }
wolfSSL 0:1239e9b70ca2 6615
wolfSSL 0:1239e9b70ca2 6616
wolfSSL 0:1239e9b70ca2 6617 void CyaSSL_SHA384_Update(CYASSL_SHA384_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6618 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6619 {
wolfSSL 0:1239e9b70ca2 6620 CYASSL_ENTER("SHA384_Update");
wolfSSL 0:1239e9b70ca2 6621 Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6622 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6623 }
wolfSSL 0:1239e9b70ca2 6624
wolfSSL 0:1239e9b70ca2 6625
wolfSSL 0:1239e9b70ca2 6626 void CyaSSL_SHA384_Final(byte* input, CYASSL_SHA384_CTX* sha)
wolfSSL 0:1239e9b70ca2 6627 {
wolfSSL 0:1239e9b70ca2 6628 CYASSL_ENTER("SHA384_Final");
wolfSSL 0:1239e9b70ca2 6629 Sha384Final((Sha384*)sha, input);
wolfSSL 0:1239e9b70ca2 6630 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6631 }
wolfSSL 0:1239e9b70ca2 6632
wolfSSL 0:1239e9b70ca2 6633 #endif /* CYASSL_SHA384 */
wolfSSL 0:1239e9b70ca2 6634
wolfSSL 0:1239e9b70ca2 6635
wolfSSL 0:1239e9b70ca2 6636 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 6637
wolfSSL 0:1239e9b70ca2 6638 void CyaSSL_SHA512_Init(CYASSL_SHA512_CTX* sha)
wolfSSL 0:1239e9b70ca2 6639 {
wolfSSL 0:1239e9b70ca2 6640 typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 6641 (void)sizeof(sha_test);
wolfSSL 0:1239e9b70ca2 6642
wolfSSL 0:1239e9b70ca2 6643 CYASSL_ENTER("SHA512_Init");
wolfSSL 0:1239e9b70ca2 6644 InitSha512((Sha512*)sha); /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6645 }
wolfSSL 0:1239e9b70ca2 6646
wolfSSL 0:1239e9b70ca2 6647
wolfSSL 0:1239e9b70ca2 6648 void CyaSSL_SHA512_Update(CYASSL_SHA512_CTX* sha, const void* input,
wolfSSL 0:1239e9b70ca2 6649 unsigned long sz)
wolfSSL 0:1239e9b70ca2 6650 {
wolfSSL 0:1239e9b70ca2 6651 CYASSL_ENTER("SHA512_Update");
wolfSSL 0:1239e9b70ca2 6652 Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz);
wolfSSL 0:1239e9b70ca2 6653 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6654 }
wolfSSL 0:1239e9b70ca2 6655
wolfSSL 0:1239e9b70ca2 6656
wolfSSL 0:1239e9b70ca2 6657 void CyaSSL_SHA512_Final(byte* input, CYASSL_SHA512_CTX* sha)
wolfSSL 0:1239e9b70ca2 6658 {
wolfSSL 0:1239e9b70ca2 6659 CYASSL_ENTER("SHA512_Final");
wolfSSL 0:1239e9b70ca2 6660 Sha512Final((Sha512*)sha, input);
wolfSSL 0:1239e9b70ca2 6661 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 6662 }
wolfSSL 0:1239e9b70ca2 6663
wolfSSL 0:1239e9b70ca2 6664 #endif /* CYASSL_SHA512 */
wolfSSL 0:1239e9b70ca2 6665
wolfSSL 0:1239e9b70ca2 6666
wolfSSL 0:1239e9b70ca2 6667 const CYASSL_EVP_MD* CyaSSL_EVP_md5(void)
wolfSSL 0:1239e9b70ca2 6668 {
wolfSSL 0:1239e9b70ca2 6669 static const char* type = "MD5";
wolfSSL 0:1239e9b70ca2 6670 CYASSL_ENTER("EVP_md5");
wolfSSL 0:1239e9b70ca2 6671 return type;
wolfSSL 0:1239e9b70ca2 6672 }
wolfSSL 0:1239e9b70ca2 6673
wolfSSL 0:1239e9b70ca2 6674
wolfSSL 0:1239e9b70ca2 6675 const CYASSL_EVP_MD* CyaSSL_EVP_sha1(void)
wolfSSL 0:1239e9b70ca2 6676 {
wolfSSL 0:1239e9b70ca2 6677 static const char* type = "SHA";
wolfSSL 0:1239e9b70ca2 6678 CYASSL_ENTER("EVP_sha1");
wolfSSL 0:1239e9b70ca2 6679 return type;
wolfSSL 0:1239e9b70ca2 6680 }
wolfSSL 0:1239e9b70ca2 6681
wolfSSL 0:1239e9b70ca2 6682
wolfSSL 0:1239e9b70ca2 6683 const CYASSL_EVP_MD* CyaSSL_EVP_sha256(void)
wolfSSL 0:1239e9b70ca2 6684 {
wolfSSL 0:1239e9b70ca2 6685 static const char* type = "SHA256";
wolfSSL 0:1239e9b70ca2 6686 CYASSL_ENTER("EVP_sha256");
wolfSSL 0:1239e9b70ca2 6687 return type;
wolfSSL 0:1239e9b70ca2 6688 }
wolfSSL 0:1239e9b70ca2 6689
wolfSSL 0:1239e9b70ca2 6690 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 6691
wolfSSL 0:1239e9b70ca2 6692 const CYASSL_EVP_MD* CyaSSL_EVP_sha384(void)
wolfSSL 0:1239e9b70ca2 6693 {
wolfSSL 0:1239e9b70ca2 6694 static const char* type = "SHA384";
wolfSSL 0:1239e9b70ca2 6695 CYASSL_ENTER("EVP_sha384");
wolfSSL 0:1239e9b70ca2 6696 return type;
wolfSSL 0:1239e9b70ca2 6697 }
wolfSSL 0:1239e9b70ca2 6698
wolfSSL 0:1239e9b70ca2 6699 #endif /* CYASSL_SHA384 */
wolfSSL 0:1239e9b70ca2 6700
wolfSSL 0:1239e9b70ca2 6701 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 6702
wolfSSL 0:1239e9b70ca2 6703 const CYASSL_EVP_MD* CyaSSL_EVP_sha512(void)
wolfSSL 0:1239e9b70ca2 6704 {
wolfSSL 0:1239e9b70ca2 6705 static const char* type = "SHA512";
wolfSSL 0:1239e9b70ca2 6706 CYASSL_ENTER("EVP_sha512");
wolfSSL 0:1239e9b70ca2 6707 return type;
wolfSSL 0:1239e9b70ca2 6708 }
wolfSSL 0:1239e9b70ca2 6709
wolfSSL 0:1239e9b70ca2 6710 #endif /* CYASSL_SHA512 */
wolfSSL 0:1239e9b70ca2 6711
wolfSSL 0:1239e9b70ca2 6712
wolfSSL 0:1239e9b70ca2 6713 void CyaSSL_EVP_MD_CTX_init(CYASSL_EVP_MD_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6714 {
wolfSSL 0:1239e9b70ca2 6715 CYASSL_ENTER("EVP_CIPHER_MD_CTX_init");
wolfSSL 0:1239e9b70ca2 6716 (void)ctx;
wolfSSL 0:1239e9b70ca2 6717 /* do nothing */
wolfSSL 0:1239e9b70ca2 6718 }
wolfSSL 0:1239e9b70ca2 6719
wolfSSL 0:1239e9b70ca2 6720
wolfSSL 0:1239e9b70ca2 6721 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_cbc(void)
wolfSSL 0:1239e9b70ca2 6722 {
wolfSSL 0:1239e9b70ca2 6723 static const char* type = "AES128-CBC";
wolfSSL 0:1239e9b70ca2 6724 CYASSL_ENTER("CyaSSL_EVP_aes_128_cbc");
wolfSSL 0:1239e9b70ca2 6725 return type;
wolfSSL 0:1239e9b70ca2 6726 }
wolfSSL 0:1239e9b70ca2 6727
wolfSSL 0:1239e9b70ca2 6728
wolfSSL 0:1239e9b70ca2 6729 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_cbc(void)
wolfSSL 0:1239e9b70ca2 6730 {
wolfSSL 0:1239e9b70ca2 6731 static const char* type = "AES192-CBC";
wolfSSL 0:1239e9b70ca2 6732 CYASSL_ENTER("CyaSSL_EVP_aes_192_cbc");
wolfSSL 0:1239e9b70ca2 6733 return type;
wolfSSL 0:1239e9b70ca2 6734 }
wolfSSL 0:1239e9b70ca2 6735
wolfSSL 0:1239e9b70ca2 6736
wolfSSL 0:1239e9b70ca2 6737 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_cbc(void)
wolfSSL 0:1239e9b70ca2 6738 {
wolfSSL 0:1239e9b70ca2 6739 static const char* type = "AES256-CBC";
wolfSSL 0:1239e9b70ca2 6740 CYASSL_ENTER("CyaSSL_EVP_aes_256_cbc");
wolfSSL 0:1239e9b70ca2 6741 return type;
wolfSSL 0:1239e9b70ca2 6742 }
wolfSSL 0:1239e9b70ca2 6743
wolfSSL 0:1239e9b70ca2 6744
wolfSSL 0:1239e9b70ca2 6745 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_ctr(void)
wolfSSL 0:1239e9b70ca2 6746 {
wolfSSL 0:1239e9b70ca2 6747 static const char* type = "AES128-CTR";
wolfSSL 0:1239e9b70ca2 6748 CYASSL_ENTER("CyaSSL_EVP_aes_128_ctr");
wolfSSL 0:1239e9b70ca2 6749 return type;
wolfSSL 0:1239e9b70ca2 6750 }
wolfSSL 0:1239e9b70ca2 6751
wolfSSL 0:1239e9b70ca2 6752
wolfSSL 0:1239e9b70ca2 6753 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_ctr(void)
wolfSSL 0:1239e9b70ca2 6754 {
wolfSSL 0:1239e9b70ca2 6755 static const char* type = "AES192-CTR";
wolfSSL 0:1239e9b70ca2 6756 CYASSL_ENTER("CyaSSL_EVP_aes_192_ctr");
wolfSSL 0:1239e9b70ca2 6757 return type;
wolfSSL 0:1239e9b70ca2 6758 }
wolfSSL 0:1239e9b70ca2 6759
wolfSSL 0:1239e9b70ca2 6760
wolfSSL 0:1239e9b70ca2 6761 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_ctr(void)
wolfSSL 0:1239e9b70ca2 6762 {
wolfSSL 0:1239e9b70ca2 6763 static const char* type = "AES256-CTR";
wolfSSL 0:1239e9b70ca2 6764 CYASSL_ENTER("CyaSSL_EVP_aes_256_ctr");
wolfSSL 0:1239e9b70ca2 6765 return type;
wolfSSL 0:1239e9b70ca2 6766 }
wolfSSL 0:1239e9b70ca2 6767
wolfSSL 0:1239e9b70ca2 6768
wolfSSL 0:1239e9b70ca2 6769 const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_cbc(void)
wolfSSL 0:1239e9b70ca2 6770 {
wolfSSL 0:1239e9b70ca2 6771 static const char* type = "DES-CBC";
wolfSSL 0:1239e9b70ca2 6772 CYASSL_ENTER("CyaSSL_EVP_des_cbc");
wolfSSL 0:1239e9b70ca2 6773 return type;
wolfSSL 0:1239e9b70ca2 6774 }
wolfSSL 0:1239e9b70ca2 6775
wolfSSL 0:1239e9b70ca2 6776
wolfSSL 0:1239e9b70ca2 6777 const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_ede3_cbc(void)
wolfSSL 0:1239e9b70ca2 6778 {
wolfSSL 0:1239e9b70ca2 6779 static const char* type = "DES-EDE3-CBC";
wolfSSL 0:1239e9b70ca2 6780 CYASSL_ENTER("CyaSSL_EVP_des_ede3_cbc");
wolfSSL 0:1239e9b70ca2 6781 return type;
wolfSSL 0:1239e9b70ca2 6782 }
wolfSSL 0:1239e9b70ca2 6783
wolfSSL 0:1239e9b70ca2 6784
wolfSSL 0:1239e9b70ca2 6785 const CYASSL_EVP_CIPHER* CyaSSL_EVP_rc4(void)
wolfSSL 0:1239e9b70ca2 6786 {
wolfSSL 0:1239e9b70ca2 6787 static const char* type = "ARC4";
wolfSSL 0:1239e9b70ca2 6788 CYASSL_ENTER("CyaSSL_EVP_rc4");
wolfSSL 0:1239e9b70ca2 6789 return type;
wolfSSL 0:1239e9b70ca2 6790 }
wolfSSL 0:1239e9b70ca2 6791
wolfSSL 0:1239e9b70ca2 6792
wolfSSL 0:1239e9b70ca2 6793 const CYASSL_EVP_CIPHER* CyaSSL_EVP_enc_null(void)
wolfSSL 0:1239e9b70ca2 6794 {
wolfSSL 0:1239e9b70ca2 6795 static const char* type = "NULL";
wolfSSL 0:1239e9b70ca2 6796 CYASSL_ENTER("CyaSSL_EVP_enc_null");
wolfSSL 0:1239e9b70ca2 6797 return type;
wolfSSL 0:1239e9b70ca2 6798 }
wolfSSL 0:1239e9b70ca2 6799
wolfSSL 0:1239e9b70ca2 6800
wolfSSL 0:1239e9b70ca2 6801 int CyaSSL_EVP_MD_CTX_cleanup(CYASSL_EVP_MD_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6802 {
wolfSSL 0:1239e9b70ca2 6803 CYASSL_ENTER("EVP_MD_CTX_cleanup");
wolfSSL 0:1239e9b70ca2 6804 (void)ctx;
wolfSSL 0:1239e9b70ca2 6805 return 0;
wolfSSL 0:1239e9b70ca2 6806 }
wolfSSL 0:1239e9b70ca2 6807
wolfSSL 0:1239e9b70ca2 6808
wolfSSL 0:1239e9b70ca2 6809
wolfSSL 0:1239e9b70ca2 6810 void CyaSSL_EVP_CIPHER_CTX_init(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6811 {
wolfSSL 0:1239e9b70ca2 6812 CYASSL_ENTER("EVP_CIPHER_CTX_init");
wolfSSL 0:1239e9b70ca2 6813 if (ctx) {
wolfSSL 0:1239e9b70ca2 6814 ctx->cipherType = 0xff; /* no init */
wolfSSL 0:1239e9b70ca2 6815 ctx->keyLen = 0;
wolfSSL 0:1239e9b70ca2 6816 ctx->enc = 1; /* start in encrypt mode */
wolfSSL 0:1239e9b70ca2 6817 }
wolfSSL 0:1239e9b70ca2 6818 }
wolfSSL 0:1239e9b70ca2 6819
wolfSSL 0:1239e9b70ca2 6820
wolfSSL 0:1239e9b70ca2 6821 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 6822 int CyaSSL_EVP_CIPHER_CTX_cleanup(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 6823 {
wolfSSL 0:1239e9b70ca2 6824 CYASSL_ENTER("EVP_CIPHER_CTX_cleanup");
wolfSSL 0:1239e9b70ca2 6825 if (ctx) {
wolfSSL 0:1239e9b70ca2 6826 ctx->cipherType = 0xff; /* no more init */
wolfSSL 0:1239e9b70ca2 6827 ctx->keyLen = 0;
wolfSSL 0:1239e9b70ca2 6828 }
wolfSSL 0:1239e9b70ca2 6829
wolfSSL 0:1239e9b70ca2 6830 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 6831 }
wolfSSL 0:1239e9b70ca2 6832
wolfSSL 0:1239e9b70ca2 6833
wolfSSL 0:1239e9b70ca2 6834 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 6835 int CyaSSL_EVP_CipherInit(CYASSL_EVP_CIPHER_CTX* ctx,
wolfSSL 0:1239e9b70ca2 6836 const CYASSL_EVP_CIPHER* type, byte* key,
wolfSSL 0:1239e9b70ca2 6837 byte* iv, int enc)
wolfSSL 0:1239e9b70ca2 6838 {
wolfSSL 0:1239e9b70ca2 6839 int ret = 0;
wolfSSL 0:1239e9b70ca2 6840
wolfSSL 0:1239e9b70ca2 6841 CYASSL_ENTER("CyaSSL_EVP_CipherInit");
wolfSSL 0:1239e9b70ca2 6842 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 6843 CYASSL_MSG("no ctx");
wolfSSL 0:1239e9b70ca2 6844 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 6845 }
wolfSSL 0:1239e9b70ca2 6846
wolfSSL 0:1239e9b70ca2 6847 if (type == NULL && ctx->cipherType == 0xff) {
wolfSSL 0:1239e9b70ca2 6848 CYASSL_MSG("no type set");
wolfSSL 0:1239e9b70ca2 6849 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 6850 }
wolfSSL 0:1239e9b70ca2 6851
wolfSSL 0:1239e9b70ca2 6852 if (ctx->cipherType == AES_128_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6853 XSTRNCMP(type, "AES128-CBC", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6854 CYASSL_MSG("AES-128-CBC");
wolfSSL 0:1239e9b70ca2 6855 ctx->cipherType = AES_128_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6856 ctx->keyLen = 16;
wolfSSL 0:1239e9b70ca2 6857 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6858 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6859 if (key) {
wolfSSL 0:1239e9b70ca2 6860 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6861 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6862 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6863 return ret;
wolfSSL 0:1239e9b70ca2 6864 }
wolfSSL 0:1239e9b70ca2 6865 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6866 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6867 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6868 return ret;
wolfSSL 0:1239e9b70ca2 6869 }
wolfSSL 0:1239e9b70ca2 6870 }
wolfSSL 0:1239e9b70ca2 6871 else if (ctx->cipherType == AES_192_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6872 XSTRNCMP(type, "AES192-CBC", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6873 CYASSL_MSG("AES-192-CBC");
wolfSSL 0:1239e9b70ca2 6874 ctx->cipherType = AES_192_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6875 ctx->keyLen = 24;
wolfSSL 0:1239e9b70ca2 6876 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6877 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6878 if (key) {
wolfSSL 0:1239e9b70ca2 6879 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6880 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6881 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6882 return ret;
wolfSSL 0:1239e9b70ca2 6883 }
wolfSSL 0:1239e9b70ca2 6884 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6885 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6886 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6887 return ret;
wolfSSL 0:1239e9b70ca2 6888 }
wolfSSL 0:1239e9b70ca2 6889 }
wolfSSL 0:1239e9b70ca2 6890 else if (ctx->cipherType == AES_256_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6891 XSTRNCMP(type, "AES256-CBC", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6892 CYASSL_MSG("AES-256-CBC");
wolfSSL 0:1239e9b70ca2 6893 ctx->cipherType = AES_256_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6894 ctx->keyLen = 32;
wolfSSL 0:1239e9b70ca2 6895 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6896 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6897 if (key) {
wolfSSL 0:1239e9b70ca2 6898 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6899 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6900 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6901 return ret;
wolfSSL 0:1239e9b70ca2 6902 }
wolfSSL 0:1239e9b70ca2 6903 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6904 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6905 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6906 return ret;
wolfSSL 0:1239e9b70ca2 6907 }
wolfSSL 0:1239e9b70ca2 6908 }
wolfSSL 0:1239e9b70ca2 6909 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 6910 else if (ctx->cipherType == AES_128_CTR_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6911 XSTRNCMP(type, "AES128-CTR", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6912 CYASSL_MSG("AES-128-CTR");
wolfSSL 0:1239e9b70ca2 6913 ctx->cipherType = AES_128_CTR_TYPE;
wolfSSL 0:1239e9b70ca2 6914 ctx->keyLen = 16;
wolfSSL 0:1239e9b70ca2 6915 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6916 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6917 if (key) {
wolfSSL 0:1239e9b70ca2 6918 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6919 AES_ENCRYPTION);
wolfSSL 0:1239e9b70ca2 6920 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6921 return ret;
wolfSSL 0:1239e9b70ca2 6922 }
wolfSSL 0:1239e9b70ca2 6923 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6924 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6925 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6926 return ret;
wolfSSL 0:1239e9b70ca2 6927 }
wolfSSL 0:1239e9b70ca2 6928 }
wolfSSL 0:1239e9b70ca2 6929 else if (ctx->cipherType == AES_192_CTR_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6930 XSTRNCMP(type, "AES192-CTR", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6931 CYASSL_MSG("AES-192-CTR");
wolfSSL 0:1239e9b70ca2 6932 ctx->cipherType = AES_192_CTR_TYPE;
wolfSSL 0:1239e9b70ca2 6933 ctx->keyLen = 24;
wolfSSL 0:1239e9b70ca2 6934 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6935 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6936 if (key) {
wolfSSL 0:1239e9b70ca2 6937 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6938 AES_ENCRYPTION);
wolfSSL 0:1239e9b70ca2 6939 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6940 return ret;
wolfSSL 0:1239e9b70ca2 6941 }
wolfSSL 0:1239e9b70ca2 6942 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6943 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6944 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6945 return ret;
wolfSSL 0:1239e9b70ca2 6946 }
wolfSSL 0:1239e9b70ca2 6947 }
wolfSSL 0:1239e9b70ca2 6948 else if (ctx->cipherType == AES_256_CTR_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6949 XSTRNCMP(type, "AES256-CTR", 10) == 0)) {
wolfSSL 0:1239e9b70ca2 6950 CYASSL_MSG("AES-256-CTR");
wolfSSL 0:1239e9b70ca2 6951 ctx->cipherType = AES_256_CTR_TYPE;
wolfSSL 0:1239e9b70ca2 6952 ctx->keyLen = 32;
wolfSSL 0:1239e9b70ca2 6953 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6954 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6955 if (key) {
wolfSSL 0:1239e9b70ca2 6956 ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 0:1239e9b70ca2 6957 AES_ENCRYPTION);
wolfSSL 0:1239e9b70ca2 6958 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6959 return ret;
wolfSSL 0:1239e9b70ca2 6960 }
wolfSSL 0:1239e9b70ca2 6961 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 6962 ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 0:1239e9b70ca2 6963 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6964 return ret;
wolfSSL 0:1239e9b70ca2 6965 }
wolfSSL 0:1239e9b70ca2 6966 }
wolfSSL 0:1239e9b70ca2 6967 #endif /* CYASSL_AES_CTR */
wolfSSL 0:1239e9b70ca2 6968 else if (ctx->cipherType == DES_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6969 XSTRNCMP(type, "DES-CBC", 7) == 0)) {
wolfSSL 0:1239e9b70ca2 6970 CYASSL_MSG("DES-CBC");
wolfSSL 0:1239e9b70ca2 6971 ctx->cipherType = DES_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6972 ctx->keyLen = 8;
wolfSSL 0:1239e9b70ca2 6973 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6974 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6975 if (key) {
wolfSSL 0:1239e9b70ca2 6976 ret = Des_SetKey(&ctx->cipher.des, key, iv,
wolfSSL 0:1239e9b70ca2 6977 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6978 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6979 return ret;
wolfSSL 0:1239e9b70ca2 6980 }
wolfSSL 0:1239e9b70ca2 6981
wolfSSL 0:1239e9b70ca2 6982 if (iv && key == NULL)
wolfSSL 0:1239e9b70ca2 6983 Des_SetIV(&ctx->cipher.des, iv);
wolfSSL 0:1239e9b70ca2 6984 }
wolfSSL 0:1239e9b70ca2 6985 else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 6986 XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) {
wolfSSL 0:1239e9b70ca2 6987 CYASSL_MSG("DES-EDE3-CBC");
wolfSSL 0:1239e9b70ca2 6988 ctx->cipherType = DES_EDE3_CBC_TYPE;
wolfSSL 0:1239e9b70ca2 6989 ctx->keyLen = 24;
wolfSSL 0:1239e9b70ca2 6990 if (enc == 0 || enc == 1)
wolfSSL 0:1239e9b70ca2 6991 ctx->enc = enc ? 1 : 0;
wolfSSL 0:1239e9b70ca2 6992 if (key) {
wolfSSL 0:1239e9b70ca2 6993 ret = Des3_SetKey(&ctx->cipher.des3, key, iv,
wolfSSL 0:1239e9b70ca2 6994 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 0:1239e9b70ca2 6995 if (ret != 0)
wolfSSL 0:1239e9b70ca2 6996 return ret;
wolfSSL 0:1239e9b70ca2 6997 }
wolfSSL 0:1239e9b70ca2 6998
wolfSSL 0:1239e9b70ca2 6999 if (iv && key == NULL) {
wolfSSL 0:1239e9b70ca2 7000 ret = Des3_SetIV(&ctx->cipher.des3, iv);
wolfSSL 0:1239e9b70ca2 7001 if (ret != 0)
wolfSSL 0:1239e9b70ca2 7002 return ret;
wolfSSL 0:1239e9b70ca2 7003 }
wolfSSL 0:1239e9b70ca2 7004 }
wolfSSL 0:1239e9b70ca2 7005 else if (ctx->cipherType == ARC4_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 7006 XSTRNCMP(type, "ARC4", 4) == 0)) {
wolfSSL 0:1239e9b70ca2 7007 CYASSL_MSG("ARC4");
wolfSSL 0:1239e9b70ca2 7008 ctx->cipherType = ARC4_TYPE;
wolfSSL 0:1239e9b70ca2 7009 if (ctx->keyLen == 0) /* user may have already set */
wolfSSL 0:1239e9b70ca2 7010 ctx->keyLen = 16; /* default to 128 */
wolfSSL 0:1239e9b70ca2 7011 if (key)
wolfSSL 0:1239e9b70ca2 7012 Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
wolfSSL 0:1239e9b70ca2 7013 }
wolfSSL 0:1239e9b70ca2 7014 else if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
wolfSSL 0:1239e9b70ca2 7015 XSTRNCMP(type, "NULL", 4) == 0)) {
wolfSSL 0:1239e9b70ca2 7016 CYASSL_MSG("NULL cipher");
wolfSSL 0:1239e9b70ca2 7017 ctx->cipherType = NULL_CIPHER_TYPE;
wolfSSL 0:1239e9b70ca2 7018 ctx->keyLen = 0;
wolfSSL 0:1239e9b70ca2 7019 }
wolfSSL 0:1239e9b70ca2 7020 else
wolfSSL 0:1239e9b70ca2 7021 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7022
wolfSSL 0:1239e9b70ca2 7023
wolfSSL 0:1239e9b70ca2 7024 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7025 }
wolfSSL 0:1239e9b70ca2 7026
wolfSSL 0:1239e9b70ca2 7027
wolfSSL 0:1239e9b70ca2 7028 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7029 int CyaSSL_EVP_CIPHER_CTX_key_length(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7030 {
wolfSSL 0:1239e9b70ca2 7031 CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_key_length");
wolfSSL 0:1239e9b70ca2 7032 if (ctx)
wolfSSL 0:1239e9b70ca2 7033 return ctx->keyLen;
wolfSSL 0:1239e9b70ca2 7034
wolfSSL 0:1239e9b70ca2 7035 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7036 }
wolfSSL 0:1239e9b70ca2 7037
wolfSSL 0:1239e9b70ca2 7038
wolfSSL 0:1239e9b70ca2 7039 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7040 int CyaSSL_EVP_CIPHER_CTX_set_key_length(CYASSL_EVP_CIPHER_CTX* ctx,
wolfSSL 0:1239e9b70ca2 7041 int keylen)
wolfSSL 0:1239e9b70ca2 7042 {
wolfSSL 0:1239e9b70ca2 7043 CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_set_key_length");
wolfSSL 0:1239e9b70ca2 7044 if (ctx)
wolfSSL 0:1239e9b70ca2 7045 ctx->keyLen = keylen;
wolfSSL 0:1239e9b70ca2 7046 else
wolfSSL 0:1239e9b70ca2 7047 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7048
wolfSSL 0:1239e9b70ca2 7049 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7050 }
wolfSSL 0:1239e9b70ca2 7051
wolfSSL 0:1239e9b70ca2 7052
wolfSSL 0:1239e9b70ca2 7053 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7054 int CyaSSL_EVP_Cipher(CYASSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
wolfSSL 0:1239e9b70ca2 7055 word32 len)
wolfSSL 0:1239e9b70ca2 7056 {
wolfSSL 0:1239e9b70ca2 7057 int ret = 0;
wolfSSL 0:1239e9b70ca2 7058 CYASSL_ENTER("CyaSSL_EVP_Cipher");
wolfSSL 0:1239e9b70ca2 7059
wolfSSL 0:1239e9b70ca2 7060 if (ctx == NULL || dst == NULL || src == NULL) {
wolfSSL 0:1239e9b70ca2 7061 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 7062 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7063 }
wolfSSL 0:1239e9b70ca2 7064
wolfSSL 0:1239e9b70ca2 7065 if (ctx->cipherType == 0xff) {
wolfSSL 0:1239e9b70ca2 7066 CYASSL_MSG("no init");
wolfSSL 0:1239e9b70ca2 7067 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7068 }
wolfSSL 0:1239e9b70ca2 7069
wolfSSL 0:1239e9b70ca2 7070 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 7071
wolfSSL 0:1239e9b70ca2 7072 case AES_128_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7073 case AES_192_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7074 case AES_256_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7075 CYASSL_MSG("AES CBC");
wolfSSL 0:1239e9b70ca2 7076 if (ctx->enc)
wolfSSL 0:1239e9b70ca2 7077 ret = AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 0:1239e9b70ca2 7078 else
wolfSSL 0:1239e9b70ca2 7079 ret = AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 0:1239e9b70ca2 7080 break;
wolfSSL 0:1239e9b70ca2 7081
wolfSSL 0:1239e9b70ca2 7082 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 7083 case AES_128_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7084 case AES_192_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7085 case AES_256_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7086 CYASSL_MSG("AES CTR");
wolfSSL 0:1239e9b70ca2 7087 AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 0:1239e9b70ca2 7088 break;
wolfSSL 0:1239e9b70ca2 7089 #endif
wolfSSL 0:1239e9b70ca2 7090
wolfSSL 0:1239e9b70ca2 7091 case DES_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7092 if (ctx->enc)
wolfSSL 0:1239e9b70ca2 7093 Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 0:1239e9b70ca2 7094 else
wolfSSL 0:1239e9b70ca2 7095 Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 0:1239e9b70ca2 7096 break;
wolfSSL 0:1239e9b70ca2 7097
wolfSSL 0:1239e9b70ca2 7098 case DES_EDE3_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7099 if (ctx->enc)
wolfSSL 0:1239e9b70ca2 7100 ret = Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 0:1239e9b70ca2 7101 else
wolfSSL 0:1239e9b70ca2 7102 ret = Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 0:1239e9b70ca2 7103 break;
wolfSSL 0:1239e9b70ca2 7104
wolfSSL 0:1239e9b70ca2 7105 case ARC4_TYPE :
wolfSSL 0:1239e9b70ca2 7106 Arc4Process(&ctx->cipher.arc4, dst, src, len);
wolfSSL 0:1239e9b70ca2 7107 break;
wolfSSL 0:1239e9b70ca2 7108
wolfSSL 0:1239e9b70ca2 7109 case NULL_CIPHER_TYPE :
wolfSSL 0:1239e9b70ca2 7110 XMEMCPY(dst, src, len);
wolfSSL 0:1239e9b70ca2 7111 break;
wolfSSL 0:1239e9b70ca2 7112
wolfSSL 0:1239e9b70ca2 7113 default: {
wolfSSL 0:1239e9b70ca2 7114 CYASSL_MSG("bad type");
wolfSSL 0:1239e9b70ca2 7115 return 0; /* failure */
wolfSSL 0:1239e9b70ca2 7116 }
wolfSSL 0:1239e9b70ca2 7117 }
wolfSSL 0:1239e9b70ca2 7118
wolfSSL 0:1239e9b70ca2 7119 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 7120 CYASSL_MSG("CyaSSL_EVP_Cipher failure");
wolfSSL 0:1239e9b70ca2 7121 return 0; /* failuer */
wolfSSL 0:1239e9b70ca2 7122 }
wolfSSL 0:1239e9b70ca2 7123
wolfSSL 0:1239e9b70ca2 7124 CYASSL_MSG("CyaSSL_EVP_Cipher success");
wolfSSL 0:1239e9b70ca2 7125 return SSL_SUCCESS; /* success */
wolfSSL 0:1239e9b70ca2 7126 }
wolfSSL 0:1239e9b70ca2 7127
wolfSSL 0:1239e9b70ca2 7128
wolfSSL 0:1239e9b70ca2 7129 /* store for external read of iv, SSL_SUCCESS on success */
wolfSSL 0:1239e9b70ca2 7130 int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7131 {
wolfSSL 0:1239e9b70ca2 7132 CYASSL_ENTER("CyaSSL_StoreExternalIV");
wolfSSL 0:1239e9b70ca2 7133
wolfSSL 0:1239e9b70ca2 7134 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 7135 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 7136 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7137 }
wolfSSL 0:1239e9b70ca2 7138
wolfSSL 0:1239e9b70ca2 7139 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 7140
wolfSSL 0:1239e9b70ca2 7141 case AES_128_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7142 case AES_192_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7143 case AES_256_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7144 CYASSL_MSG("AES CBC");
wolfSSL 0:1239e9b70ca2 7145 memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7146 break;
wolfSSL 0:1239e9b70ca2 7147
wolfSSL 0:1239e9b70ca2 7148 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 7149 case AES_128_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7150 case AES_192_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7151 case AES_256_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7152 CYASSL_MSG("AES CTR");
wolfSSL 0:1239e9b70ca2 7153 memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7154 break;
wolfSSL 0:1239e9b70ca2 7155 #endif
wolfSSL 0:1239e9b70ca2 7156
wolfSSL 0:1239e9b70ca2 7157 case DES_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7158 CYASSL_MSG("DES CBC");
wolfSSL 0:1239e9b70ca2 7159 memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7160 break;
wolfSSL 0:1239e9b70ca2 7161
wolfSSL 0:1239e9b70ca2 7162 case DES_EDE3_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7163 CYASSL_MSG("DES EDE3 CBC");
wolfSSL 0:1239e9b70ca2 7164 memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7165 break;
wolfSSL 0:1239e9b70ca2 7166
wolfSSL 0:1239e9b70ca2 7167 case ARC4_TYPE :
wolfSSL 0:1239e9b70ca2 7168 CYASSL_MSG("ARC4");
wolfSSL 0:1239e9b70ca2 7169 break;
wolfSSL 0:1239e9b70ca2 7170
wolfSSL 0:1239e9b70ca2 7171 case NULL_CIPHER_TYPE :
wolfSSL 0:1239e9b70ca2 7172 CYASSL_MSG("NULL");
wolfSSL 0:1239e9b70ca2 7173 break;
wolfSSL 0:1239e9b70ca2 7174
wolfSSL 0:1239e9b70ca2 7175 default: {
wolfSSL 0:1239e9b70ca2 7176 CYASSL_MSG("bad type");
wolfSSL 0:1239e9b70ca2 7177 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7178 }
wolfSSL 0:1239e9b70ca2 7179 }
wolfSSL 0:1239e9b70ca2 7180 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7181 }
wolfSSL 0:1239e9b70ca2 7182
wolfSSL 0:1239e9b70ca2 7183
wolfSSL 0:1239e9b70ca2 7184 /* set internal IV from external, SSL_SUCCESS on success */
wolfSSL 0:1239e9b70ca2 7185 int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7186 {
wolfSSL 0:1239e9b70ca2 7187
wolfSSL 0:1239e9b70ca2 7188 CYASSL_ENTER("CyaSSL_SetInternalIV");
wolfSSL 0:1239e9b70ca2 7189
wolfSSL 0:1239e9b70ca2 7190 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 7191 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 7192 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7193 }
wolfSSL 0:1239e9b70ca2 7194
wolfSSL 0:1239e9b70ca2 7195 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 7196
wolfSSL 0:1239e9b70ca2 7197 case AES_128_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7198 case AES_192_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7199 case AES_256_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7200 CYASSL_MSG("AES CBC");
wolfSSL 0:1239e9b70ca2 7201 memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7202 break;
wolfSSL 0:1239e9b70ca2 7203
wolfSSL 0:1239e9b70ca2 7204 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 7205 case AES_128_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7206 case AES_192_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7207 case AES_256_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 7208 CYASSL_MSG("AES CTR");
wolfSSL 0:1239e9b70ca2 7209 memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7210 break;
wolfSSL 0:1239e9b70ca2 7211 #endif
wolfSSL 0:1239e9b70ca2 7212
wolfSSL 0:1239e9b70ca2 7213 case DES_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7214 CYASSL_MSG("DES CBC");
wolfSSL 0:1239e9b70ca2 7215 memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7216 break;
wolfSSL 0:1239e9b70ca2 7217
wolfSSL 0:1239e9b70ca2 7218 case DES_EDE3_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 7219 CYASSL_MSG("DES EDE3 CBC");
wolfSSL 0:1239e9b70ca2 7220 memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 7221 break;
wolfSSL 0:1239e9b70ca2 7222
wolfSSL 0:1239e9b70ca2 7223 case ARC4_TYPE :
wolfSSL 0:1239e9b70ca2 7224 CYASSL_MSG("ARC4");
wolfSSL 0:1239e9b70ca2 7225 break;
wolfSSL 0:1239e9b70ca2 7226
wolfSSL 0:1239e9b70ca2 7227 case NULL_CIPHER_TYPE :
wolfSSL 0:1239e9b70ca2 7228 CYASSL_MSG("NULL");
wolfSSL 0:1239e9b70ca2 7229 break;
wolfSSL 0:1239e9b70ca2 7230
wolfSSL 0:1239e9b70ca2 7231 default: {
wolfSSL 0:1239e9b70ca2 7232 CYASSL_MSG("bad type");
wolfSSL 0:1239e9b70ca2 7233 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7234 }
wolfSSL 0:1239e9b70ca2 7235 }
wolfSSL 0:1239e9b70ca2 7236 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7237 }
wolfSSL 0:1239e9b70ca2 7238
wolfSSL 0:1239e9b70ca2 7239
wolfSSL 0:1239e9b70ca2 7240 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7241 int CyaSSL_EVP_DigestInit(CYASSL_EVP_MD_CTX* ctx, const CYASSL_EVP_MD* type)
wolfSSL 0:1239e9b70ca2 7242 {
wolfSSL 0:1239e9b70ca2 7243 CYASSL_ENTER("EVP_DigestInit");
wolfSSL 0:1239e9b70ca2 7244 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 0:1239e9b70ca2 7245 ctx->macType = MD5;
wolfSSL 0:1239e9b70ca2 7246 CyaSSL_MD5_Init((MD5_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7247 }
wolfSSL 0:1239e9b70ca2 7248 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 0:1239e9b70ca2 7249 ctx->macType = SHA256;
wolfSSL 0:1239e9b70ca2 7250 CyaSSL_SHA256_Init((SHA256_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7251 }
wolfSSL 0:1239e9b70ca2 7252 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 7253 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 0:1239e9b70ca2 7254 ctx->macType = SHA384;
wolfSSL 0:1239e9b70ca2 7255 CyaSSL_SHA384_Init((SHA384_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7256 }
wolfSSL 0:1239e9b70ca2 7257 #endif
wolfSSL 0:1239e9b70ca2 7258 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 7259 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 0:1239e9b70ca2 7260 ctx->macType = SHA512;
wolfSSL 0:1239e9b70ca2 7261 CyaSSL_SHA512_Init((SHA512_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7262 }
wolfSSL 0:1239e9b70ca2 7263 #endif
wolfSSL 0:1239e9b70ca2 7264 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 0:1239e9b70ca2 7265 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 0:1239e9b70ca2 7266 ctx->macType = SHA;
wolfSSL 0:1239e9b70ca2 7267 CyaSSL_SHA_Init((SHA_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7268 }
wolfSSL 0:1239e9b70ca2 7269 else
wolfSSL 0:1239e9b70ca2 7270 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 7271
wolfSSL 0:1239e9b70ca2 7272 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7273 }
wolfSSL 0:1239e9b70ca2 7274
wolfSSL 0:1239e9b70ca2 7275
wolfSSL 0:1239e9b70ca2 7276 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7277 int CyaSSL_EVP_DigestUpdate(CYASSL_EVP_MD_CTX* ctx, const void* data,
wolfSSL 0:1239e9b70ca2 7278 unsigned long sz)
wolfSSL 0:1239e9b70ca2 7279 {
wolfSSL 0:1239e9b70ca2 7280 CYASSL_ENTER("EVP_DigestUpdate");
wolfSSL 0:1239e9b70ca2 7281 if (ctx->macType == MD5)
wolfSSL 0:1239e9b70ca2 7282 CyaSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7283 else if (ctx->macType == SHA)
wolfSSL 0:1239e9b70ca2 7284 CyaSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7285 else if (ctx->macType == SHA256)
wolfSSL 0:1239e9b70ca2 7286 CyaSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
wolfSSL 0:1239e9b70ca2 7287 (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7288 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 7289 else if (ctx->macType == SHA384)
wolfSSL 0:1239e9b70ca2 7290 CyaSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
wolfSSL 0:1239e9b70ca2 7291 (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7292 #endif
wolfSSL 0:1239e9b70ca2 7293 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 7294 else if (ctx->macType == SHA512)
wolfSSL 0:1239e9b70ca2 7295 CyaSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
wolfSSL 0:1239e9b70ca2 7296 (unsigned long)sz);
wolfSSL 0:1239e9b70ca2 7297 #endif
wolfSSL 0:1239e9b70ca2 7298 else
wolfSSL 0:1239e9b70ca2 7299 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 7300
wolfSSL 0:1239e9b70ca2 7301 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7302 }
wolfSSL 0:1239e9b70ca2 7303
wolfSSL 0:1239e9b70ca2 7304
wolfSSL 0:1239e9b70ca2 7305 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7306 int CyaSSL_EVP_DigestFinal(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 0:1239e9b70ca2 7307 unsigned int* s)
wolfSSL 0:1239e9b70ca2 7308 {
wolfSSL 0:1239e9b70ca2 7309 CYASSL_ENTER("EVP_DigestFinal");
wolfSSL 0:1239e9b70ca2 7310 if (ctx->macType == MD5) {
wolfSSL 0:1239e9b70ca2 7311 CyaSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7312 if (s) *s = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7313 }
wolfSSL 0:1239e9b70ca2 7314 else if (ctx->macType == SHA) {
wolfSSL 0:1239e9b70ca2 7315 CyaSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7316 if (s) *s = SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7317 }
wolfSSL 0:1239e9b70ca2 7318 else if (ctx->macType == SHA256) {
wolfSSL 0:1239e9b70ca2 7319 CyaSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7320 if (s) *s = SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7321 }
wolfSSL 0:1239e9b70ca2 7322 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 7323 else if (ctx->macType == SHA384) {
wolfSSL 0:1239e9b70ca2 7324 CyaSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7325 if (s) *s = SHA384_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7326 }
wolfSSL 0:1239e9b70ca2 7327 #endif
wolfSSL 0:1239e9b70ca2 7328 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 7329 else if (ctx->macType == SHA512) {
wolfSSL 0:1239e9b70ca2 7330 CyaSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
wolfSSL 0:1239e9b70ca2 7331 if (s) *s = SHA512_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7332 }
wolfSSL 0:1239e9b70ca2 7333 #endif
wolfSSL 0:1239e9b70ca2 7334 else
wolfSSL 0:1239e9b70ca2 7335 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 7336
wolfSSL 0:1239e9b70ca2 7337 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7338 }
wolfSSL 0:1239e9b70ca2 7339
wolfSSL 0:1239e9b70ca2 7340
wolfSSL 0:1239e9b70ca2 7341 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7342 int CyaSSL_EVP_DigestFinal_ex(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 0:1239e9b70ca2 7343 unsigned int* s)
wolfSSL 0:1239e9b70ca2 7344 {
wolfSSL 0:1239e9b70ca2 7345 CYASSL_ENTER("EVP_DigestFinal_ex");
wolfSSL 0:1239e9b70ca2 7346 return EVP_DigestFinal(ctx, md, s);
wolfSSL 0:1239e9b70ca2 7347 }
wolfSSL 0:1239e9b70ca2 7348
wolfSSL 0:1239e9b70ca2 7349
wolfSSL 0:1239e9b70ca2 7350 unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md, const void* key,
wolfSSL 0:1239e9b70ca2 7351 int key_len, const unsigned char* d, int n,
wolfSSL 0:1239e9b70ca2 7352 unsigned char* md, unsigned int* md_len)
wolfSSL 0:1239e9b70ca2 7353 {
wolfSSL 0:1239e9b70ca2 7354 Hmac hmac;
wolfSSL 0:1239e9b70ca2 7355
wolfSSL 0:1239e9b70ca2 7356 CYASSL_ENTER("HMAC");
wolfSSL 0:1239e9b70ca2 7357 if (!md) return NULL; /* no static buffer support */
wolfSSL 0:1239e9b70ca2 7358
wolfSSL 0:1239e9b70ca2 7359 if (XSTRNCMP(evp_md, "MD5", 3) == 0) {
wolfSSL 0:1239e9b70ca2 7360 if (HmacSetKey(&hmac, MD5, (const byte*)key, key_len) != 0)
wolfSSL 0:1239e9b70ca2 7361 return NULL;
wolfSSL 0:1239e9b70ca2 7362
wolfSSL 0:1239e9b70ca2 7363 if (md_len) *md_len = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7364 }
wolfSSL 0:1239e9b70ca2 7365 else if (XSTRNCMP(evp_md, "SHA", 3) == 0) {
wolfSSL 0:1239e9b70ca2 7366 if (HmacSetKey(&hmac, SHA, (const byte*)key, key_len) != 0)
wolfSSL 0:1239e9b70ca2 7367 return NULL;
wolfSSL 0:1239e9b70ca2 7368
wolfSSL 0:1239e9b70ca2 7369 if (md_len) *md_len = SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 7370 }
wolfSSL 0:1239e9b70ca2 7371 else
wolfSSL 0:1239e9b70ca2 7372 return NULL;
wolfSSL 0:1239e9b70ca2 7373
wolfSSL 0:1239e9b70ca2 7374 if (HmacUpdate(&hmac, d, n) != 0)
wolfSSL 0:1239e9b70ca2 7375 return NULL;
wolfSSL 0:1239e9b70ca2 7376
wolfSSL 0:1239e9b70ca2 7377 if (HmacFinal(&hmac, md) != 0)
wolfSSL 0:1239e9b70ca2 7378 return NULL;
wolfSSL 0:1239e9b70ca2 7379
wolfSSL 0:1239e9b70ca2 7380 return md;
wolfSSL 0:1239e9b70ca2 7381 }
wolfSSL 0:1239e9b70ca2 7382
wolfSSL 0:1239e9b70ca2 7383 void CyaSSL_ERR_clear_error(void)
wolfSSL 0:1239e9b70ca2 7384 {
wolfSSL 0:1239e9b70ca2 7385 /* TODO: */
wolfSSL 0:1239e9b70ca2 7386 }
wolfSSL 0:1239e9b70ca2 7387
wolfSSL 0:1239e9b70ca2 7388
wolfSSL 0:1239e9b70ca2 7389 int CyaSSL_RAND_status(void)
wolfSSL 0:1239e9b70ca2 7390 {
wolfSSL 0:1239e9b70ca2 7391 return SSL_SUCCESS; /* CTaoCrypt provides enough seed internally */
wolfSSL 0:1239e9b70ca2 7392 }
wolfSSL 0:1239e9b70ca2 7393
wolfSSL 0:1239e9b70ca2 7394
wolfSSL 0:1239e9b70ca2 7395
wolfSSL 0:1239e9b70ca2 7396 void CyaSSL_RAND_add(const void* add, int len, double entropy)
wolfSSL 0:1239e9b70ca2 7397 {
wolfSSL 0:1239e9b70ca2 7398 (void)add;
wolfSSL 0:1239e9b70ca2 7399 (void)len;
wolfSSL 0:1239e9b70ca2 7400 (void)entropy;
wolfSSL 0:1239e9b70ca2 7401
wolfSSL 0:1239e9b70ca2 7402 /* CyaSSL seeds/adds internally, use explicit RNG if you want
wolfSSL 0:1239e9b70ca2 7403 to take control */
wolfSSL 0:1239e9b70ca2 7404 }
wolfSSL 0:1239e9b70ca2 7405
wolfSSL 0:1239e9b70ca2 7406
wolfSSL 0:1239e9b70ca2 7407 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 7408 int CyaSSL_DES_key_sched(CYASSL_const_DES_cblock* key,
wolfSSL 0:1239e9b70ca2 7409 CYASSL_DES_key_schedule* schedule)
wolfSSL 0:1239e9b70ca2 7410 {
wolfSSL 0:1239e9b70ca2 7411 CYASSL_ENTER("DES_key_sched");
wolfSSL 0:1239e9b70ca2 7412 XMEMCPY(schedule, key, sizeof(const_DES_cblock));
wolfSSL 0:1239e9b70ca2 7413 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7414 }
wolfSSL 0:1239e9b70ca2 7415
wolfSSL 0:1239e9b70ca2 7416
wolfSSL 0:1239e9b70ca2 7417 void CyaSSL_DES_cbc_encrypt(const unsigned char* input,
wolfSSL 0:1239e9b70ca2 7418 unsigned char* output, long length,
wolfSSL 0:1239e9b70ca2 7419 CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
wolfSSL 0:1239e9b70ca2 7420 int enc)
wolfSSL 0:1239e9b70ca2 7421 {
wolfSSL 0:1239e9b70ca2 7422 Des myDes;
wolfSSL 0:1239e9b70ca2 7423
wolfSSL 0:1239e9b70ca2 7424 CYASSL_ENTER("DES_cbc_encrypt");
wolfSSL 0:1239e9b70ca2 7425
wolfSSL 0:1239e9b70ca2 7426 /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 7427 Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 0:1239e9b70ca2 7428
wolfSSL 0:1239e9b70ca2 7429 if (enc)
wolfSSL 0:1239e9b70ca2 7430 Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 0:1239e9b70ca2 7431 else
wolfSSL 0:1239e9b70ca2 7432 Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 0:1239e9b70ca2 7433 }
wolfSSL 0:1239e9b70ca2 7434
wolfSSL 0:1239e9b70ca2 7435
wolfSSL 0:1239e9b70ca2 7436 /* correctly sets ivec for next call */
wolfSSL 0:1239e9b70ca2 7437 void CyaSSL_DES_ncbc_encrypt(const unsigned char* input,
wolfSSL 0:1239e9b70ca2 7438 unsigned char* output, long length,
wolfSSL 0:1239e9b70ca2 7439 CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
wolfSSL 0:1239e9b70ca2 7440 int enc)
wolfSSL 0:1239e9b70ca2 7441 {
wolfSSL 0:1239e9b70ca2 7442 Des myDes;
wolfSSL 0:1239e9b70ca2 7443
wolfSSL 0:1239e9b70ca2 7444 CYASSL_ENTER("DES_ncbc_encrypt");
wolfSSL 0:1239e9b70ca2 7445
wolfSSL 0:1239e9b70ca2 7446 /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 7447 Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 0:1239e9b70ca2 7448
wolfSSL 0:1239e9b70ca2 7449 if (enc)
wolfSSL 0:1239e9b70ca2 7450 Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 0:1239e9b70ca2 7451 else
wolfSSL 0:1239e9b70ca2 7452 Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 0:1239e9b70ca2 7453
wolfSSL 0:1239e9b70ca2 7454 XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock));
wolfSSL 0:1239e9b70ca2 7455 }
wolfSSL 0:1239e9b70ca2 7456
wolfSSL 0:1239e9b70ca2 7457
wolfSSL 0:1239e9b70ca2 7458 void CyaSSL_ERR_free_strings(void)
wolfSSL 0:1239e9b70ca2 7459 {
wolfSSL 0:1239e9b70ca2 7460 /* handled internally */
wolfSSL 0:1239e9b70ca2 7461 }
wolfSSL 0:1239e9b70ca2 7462
wolfSSL 0:1239e9b70ca2 7463
wolfSSL 0:1239e9b70ca2 7464 void CyaSSL_ERR_remove_state(unsigned long state)
wolfSSL 0:1239e9b70ca2 7465 {
wolfSSL 0:1239e9b70ca2 7466 /* TODO: GetErrors().Remove(); */
wolfSSL 0:1239e9b70ca2 7467 (void)state;
wolfSSL 0:1239e9b70ca2 7468 }
wolfSSL 0:1239e9b70ca2 7469
wolfSSL 0:1239e9b70ca2 7470
wolfSSL 0:1239e9b70ca2 7471 void CyaSSL_EVP_cleanup(void)
wolfSSL 0:1239e9b70ca2 7472 {
wolfSSL 0:1239e9b70ca2 7473 /* nothing to do here */
wolfSSL 0:1239e9b70ca2 7474 }
wolfSSL 0:1239e9b70ca2 7475
wolfSSL 0:1239e9b70ca2 7476
wolfSSL 0:1239e9b70ca2 7477 void CyaSSL_cleanup_all_ex_data(void)
wolfSSL 0:1239e9b70ca2 7478 {
wolfSSL 0:1239e9b70ca2 7479 /* nothing to do here */
wolfSSL 0:1239e9b70ca2 7480 }
wolfSSL 0:1239e9b70ca2 7481
wolfSSL 0:1239e9b70ca2 7482
wolfSSL 0:1239e9b70ca2 7483 long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode)
wolfSSL 0:1239e9b70ca2 7484 {
wolfSSL 0:1239e9b70ca2 7485 /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is CyaSSL default mode */
wolfSSL 0:1239e9b70ca2 7486
wolfSSL 0:1239e9b70ca2 7487 CYASSL_ENTER("SSL_CTX_set_mode");
wolfSSL 0:1239e9b70ca2 7488 if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE)
wolfSSL 0:1239e9b70ca2 7489 ctx->partialWrite = 1;
wolfSSL 0:1239e9b70ca2 7490
wolfSSL 0:1239e9b70ca2 7491 return mode;
wolfSSL 0:1239e9b70ca2 7492 }
wolfSSL 0:1239e9b70ca2 7493
wolfSSL 0:1239e9b70ca2 7494
wolfSSL 0:1239e9b70ca2 7495 long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7496 {
wolfSSL 0:1239e9b70ca2 7497 /* TODO: */
wolfSSL 0:1239e9b70ca2 7498 (void)ctx;
wolfSSL 0:1239e9b70ca2 7499 return 0;
wolfSSL 0:1239e9b70ca2 7500 }
wolfSSL 0:1239e9b70ca2 7501
wolfSSL 0:1239e9b70ca2 7502
wolfSSL 0:1239e9b70ca2 7503 void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m)
wolfSSL 0:1239e9b70ca2 7504 {
wolfSSL 0:1239e9b70ca2 7505 /* TODO: maybe? */
wolfSSL 0:1239e9b70ca2 7506 (void)ctx;
wolfSSL 0:1239e9b70ca2 7507 (void)m;
wolfSSL 0:1239e9b70ca2 7508 }
wolfSSL 0:1239e9b70ca2 7509
wolfSSL 0:1239e9b70ca2 7510
wolfSSL 0:1239e9b70ca2 7511 int CyaSSL_CTX_set_session_id_context(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 7512 const unsigned char* sid_ctx,
wolfSSL 0:1239e9b70ca2 7513 unsigned int sid_ctx_len)
wolfSSL 0:1239e9b70ca2 7514 {
wolfSSL 0:1239e9b70ca2 7515 /* No application specific context needed for cyaSSL */
wolfSSL 0:1239e9b70ca2 7516 (void)ctx;
wolfSSL 0:1239e9b70ca2 7517 (void)sid_ctx;
wolfSSL 0:1239e9b70ca2 7518 (void)sid_ctx_len;
wolfSSL 0:1239e9b70ca2 7519 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7520 }
wolfSSL 0:1239e9b70ca2 7521
wolfSSL 0:1239e9b70ca2 7522
wolfSSL 0:1239e9b70ca2 7523 long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 7524 {
wolfSSL 0:1239e9b70ca2 7525 /* TODO: maybe? */
wolfSSL 0:1239e9b70ca2 7526 (void)ctx;
wolfSSL 0:1239e9b70ca2 7527 return (~0);
wolfSSL 0:1239e9b70ca2 7528 }
wolfSSL 0:1239e9b70ca2 7529
wolfSSL 0:1239e9b70ca2 7530 unsigned long CyaSSL_ERR_get_error_line_data(const char** file, int* line,
wolfSSL 0:1239e9b70ca2 7531 const char** data, int *flags)
wolfSSL 0:1239e9b70ca2 7532 {
wolfSSL 0:1239e9b70ca2 7533 /* Not implemented */
wolfSSL 0:1239e9b70ca2 7534 (void)file;
wolfSSL 0:1239e9b70ca2 7535 (void)line;
wolfSSL 0:1239e9b70ca2 7536 (void)data;
wolfSSL 0:1239e9b70ca2 7537 (void)flags;
wolfSSL 0:1239e9b70ca2 7538 return 0;
wolfSSL 0:1239e9b70ca2 7539 }
wolfSSL 0:1239e9b70ca2 7540
wolfSSL 0:1239e9b70ca2 7541 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 7542
wolfSSL 0:1239e9b70ca2 7543
wolfSSL 0:1239e9b70ca2 7544 #if defined(KEEP_PEER_CERT)
wolfSSL 0:1239e9b70ca2 7545
wolfSSL 0:1239e9b70ca2 7546 CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 7547 {
wolfSSL 0:1239e9b70ca2 7548 CYASSL_ENTER("SSL_get_peer_certificate");
wolfSSL 0:1239e9b70ca2 7549 if (ssl->peerCert.issuer.sz)
wolfSSL 0:1239e9b70ca2 7550 return &ssl->peerCert;
wolfSSL 0:1239e9b70ca2 7551 else
wolfSSL 0:1239e9b70ca2 7552 return 0;
wolfSSL 0:1239e9b70ca2 7553 }
wolfSSL 0:1239e9b70ca2 7554
wolfSSL 0:1239e9b70ca2 7555 #endif /* KEEP_PEER_CERT */
wolfSSL 0:1239e9b70ca2 7556
wolfSSL 0:1239e9b70ca2 7557
wolfSSL 0:1239e9b70ca2 7558 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
wolfSSL 0:1239e9b70ca2 7559
wolfSSL 0:1239e9b70ca2 7560 void CyaSSL_FreeX509(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7561 {
wolfSSL 0:1239e9b70ca2 7562 CYASSL_ENTER("CyaSSL_FreeX509");
wolfSSL 0:1239e9b70ca2 7563 FreeX509(x509);
wolfSSL 0:1239e9b70ca2 7564 }
wolfSSL 0:1239e9b70ca2 7565
wolfSSL 0:1239e9b70ca2 7566
wolfSSL 0:1239e9b70ca2 7567 /* return the next, if any, altname from the peer cert */
wolfSSL 0:1239e9b70ca2 7568 char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
wolfSSL 0:1239e9b70ca2 7569 {
wolfSSL 0:1239e9b70ca2 7570 char* ret = NULL;
wolfSSL 0:1239e9b70ca2 7571 CYASSL_ENTER("CyaSSL_X509_get_next_altname");
wolfSSL 0:1239e9b70ca2 7572
wolfSSL 0:1239e9b70ca2 7573 /* don't have any to work with */
wolfSSL 0:1239e9b70ca2 7574 if (cert == NULL || cert->altNames == NULL)
wolfSSL 0:1239e9b70ca2 7575 return NULL;
wolfSSL 0:1239e9b70ca2 7576
wolfSSL 0:1239e9b70ca2 7577 /* already went through them */
wolfSSL 0:1239e9b70ca2 7578 if (cert->altNamesNext == NULL)
wolfSSL 0:1239e9b70ca2 7579 return NULL;
wolfSSL 0:1239e9b70ca2 7580
wolfSSL 0:1239e9b70ca2 7581 ret = cert->altNamesNext->name;
wolfSSL 0:1239e9b70ca2 7582 cert->altNamesNext = cert->altNamesNext->next;
wolfSSL 0:1239e9b70ca2 7583
wolfSSL 0:1239e9b70ca2 7584 return ret;
wolfSSL 0:1239e9b70ca2 7585 }
wolfSSL 0:1239e9b70ca2 7586
wolfSSL 0:1239e9b70ca2 7587
wolfSSL 0:1239e9b70ca2 7588 CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
wolfSSL 0:1239e9b70ca2 7589 {
wolfSSL 0:1239e9b70ca2 7590 CYASSL_ENTER("X509_get_issuer_name");
wolfSSL 0:1239e9b70ca2 7591 return &cert->issuer;
wolfSSL 0:1239e9b70ca2 7592 }
wolfSSL 0:1239e9b70ca2 7593
wolfSSL 0:1239e9b70ca2 7594
wolfSSL 0:1239e9b70ca2 7595 CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
wolfSSL 0:1239e9b70ca2 7596 {
wolfSSL 0:1239e9b70ca2 7597 CYASSL_ENTER("X509_get_subject_name");
wolfSSL 0:1239e9b70ca2 7598 return &cert->subject;
wolfSSL 0:1239e9b70ca2 7599 }
wolfSSL 0:1239e9b70ca2 7600
wolfSSL 0:1239e9b70ca2 7601
wolfSSL 0:1239e9b70ca2 7602 int CyaSSL_X509_get_isCA(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7603 {
wolfSSL 0:1239e9b70ca2 7604 int isCA = 0;
wolfSSL 0:1239e9b70ca2 7605
wolfSSL 0:1239e9b70ca2 7606 CYASSL_ENTER("CyaSSL_X509_get_isCA");
wolfSSL 0:1239e9b70ca2 7607
wolfSSL 0:1239e9b70ca2 7608 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7609 isCA = x509->isCa;
wolfSSL 0:1239e9b70ca2 7610
wolfSSL 0:1239e9b70ca2 7611 CYASSL_LEAVE("CyaSSL_X509_get_isCA", isCA);
wolfSSL 0:1239e9b70ca2 7612
wolfSSL 0:1239e9b70ca2 7613 return isCA;
wolfSSL 0:1239e9b70ca2 7614 }
wolfSSL 0:1239e9b70ca2 7615
wolfSSL 0:1239e9b70ca2 7616
wolfSSL 0:1239e9b70ca2 7617 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 7618 int CyaSSL_X509_ext_isSet_by_NID(CYASSL_X509* x509, int nid)
wolfSSL 0:1239e9b70ca2 7619 {
wolfSSL 0:1239e9b70ca2 7620 int isSet = 0;
wolfSSL 0:1239e9b70ca2 7621
wolfSSL 0:1239e9b70ca2 7622 CYASSL_ENTER("CyaSSL_X509_ext_isSet_by_NID");
wolfSSL 0:1239e9b70ca2 7623
wolfSSL 0:1239e9b70ca2 7624 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 7625 switch (nid) {
wolfSSL 0:1239e9b70ca2 7626 case BASIC_CA_OID: isSet = x509->basicConstSet; break;
wolfSSL 0:1239e9b70ca2 7627 case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;
wolfSSL 0:1239e9b70ca2 7628 case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;
wolfSSL 0:1239e9b70ca2 7629 case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;
wolfSSL 0:1239e9b70ca2 7630 case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;
wolfSSL 0:1239e9b70ca2 7631 #ifdef CYASSL_SEP
wolfSSL 0:1239e9b70ca2 7632 case CERT_POLICY_OID: isSet = x509->certPolicySet; break;
wolfSSL 0:1239e9b70ca2 7633 #endif /* CYASSL_SEP */
wolfSSL 0:1239e9b70ca2 7634 }
wolfSSL 0:1239e9b70ca2 7635 }
wolfSSL 0:1239e9b70ca2 7636
wolfSSL 0:1239e9b70ca2 7637 CYASSL_LEAVE("CyaSSL_X509_ext_isSet_by_NID", isSet);
wolfSSL 0:1239e9b70ca2 7638
wolfSSL 0:1239e9b70ca2 7639 return isSet;
wolfSSL 0:1239e9b70ca2 7640 }
wolfSSL 0:1239e9b70ca2 7641
wolfSSL 0:1239e9b70ca2 7642
wolfSSL 0:1239e9b70ca2 7643 int CyaSSL_X509_ext_get_critical_by_NID(CYASSL_X509* x509, int nid)
wolfSSL 0:1239e9b70ca2 7644 {
wolfSSL 0:1239e9b70ca2 7645 int crit = 0;
wolfSSL 0:1239e9b70ca2 7646
wolfSSL 0:1239e9b70ca2 7647 CYASSL_ENTER("CyaSSL_X509_ext_get_critical_by_NID");
wolfSSL 0:1239e9b70ca2 7648
wolfSSL 0:1239e9b70ca2 7649 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 7650 switch (nid) {
wolfSSL 0:1239e9b70ca2 7651 case BASIC_CA_OID: crit = x509->basicConstCrit; break;
wolfSSL 0:1239e9b70ca2 7652 case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;
wolfSSL 0:1239e9b70ca2 7653 case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;
wolfSSL 0:1239e9b70ca2 7654 case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;
wolfSSL 0:1239e9b70ca2 7655 case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;
wolfSSL 0:1239e9b70ca2 7656 #ifdef CYASSL_SEP
wolfSSL 0:1239e9b70ca2 7657 case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;
wolfSSL 0:1239e9b70ca2 7658 #endif /* CYASSL_SEP */
wolfSSL 0:1239e9b70ca2 7659 }
wolfSSL 0:1239e9b70ca2 7660 }
wolfSSL 0:1239e9b70ca2 7661
wolfSSL 0:1239e9b70ca2 7662 CYASSL_LEAVE("CyaSSL_X509_ext_get_critical_by_NID", crit);
wolfSSL 0:1239e9b70ca2 7663
wolfSSL 0:1239e9b70ca2 7664 return crit;
wolfSSL 0:1239e9b70ca2 7665 }
wolfSSL 0:1239e9b70ca2 7666
wolfSSL 0:1239e9b70ca2 7667
wolfSSL 0:1239e9b70ca2 7668 int CyaSSL_X509_get_isSet_pathLength(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7669 {
wolfSSL 0:1239e9b70ca2 7670 int isSet = 0;
wolfSSL 0:1239e9b70ca2 7671
wolfSSL 0:1239e9b70ca2 7672 CYASSL_ENTER("CyaSSL_X509_get_isSet_pathLength");
wolfSSL 0:1239e9b70ca2 7673
wolfSSL 0:1239e9b70ca2 7674 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7675 isSet = x509->basicConstPlSet;
wolfSSL 0:1239e9b70ca2 7676
wolfSSL 0:1239e9b70ca2 7677 CYASSL_LEAVE("CyaSSL_X509_get_isSet_pathLength", isSet);
wolfSSL 0:1239e9b70ca2 7678
wolfSSL 0:1239e9b70ca2 7679 return isSet;
wolfSSL 0:1239e9b70ca2 7680 }
wolfSSL 0:1239e9b70ca2 7681
wolfSSL 0:1239e9b70ca2 7682
wolfSSL 0:1239e9b70ca2 7683 word32 CyaSSL_X509_get_pathLength(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7684 {
wolfSSL 0:1239e9b70ca2 7685 word32 pathLength = 0;
wolfSSL 0:1239e9b70ca2 7686
wolfSSL 0:1239e9b70ca2 7687 CYASSL_ENTER("CyaSSL_X509_get_pathLength");
wolfSSL 0:1239e9b70ca2 7688
wolfSSL 0:1239e9b70ca2 7689 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7690 pathLength = x509->pathLength;
wolfSSL 0:1239e9b70ca2 7691
wolfSSL 0:1239e9b70ca2 7692 CYASSL_LEAVE("CyaSSL_X509_get_pathLength", pathLength);
wolfSSL 0:1239e9b70ca2 7693
wolfSSL 0:1239e9b70ca2 7694 return pathLength;
wolfSSL 0:1239e9b70ca2 7695 }
wolfSSL 0:1239e9b70ca2 7696
wolfSSL 0:1239e9b70ca2 7697
wolfSSL 0:1239e9b70ca2 7698 unsigned int CyaSSL_X509_get_keyUsage(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7699 {
wolfSSL 0:1239e9b70ca2 7700 word16 usage = 0;
wolfSSL 0:1239e9b70ca2 7701
wolfSSL 0:1239e9b70ca2 7702 CYASSL_ENTER("CyaSSL_X509_get_keyUsage");
wolfSSL 0:1239e9b70ca2 7703
wolfSSL 0:1239e9b70ca2 7704 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7705 usage = x509->keyUsage;
wolfSSL 0:1239e9b70ca2 7706
wolfSSL 0:1239e9b70ca2 7707 CYASSL_LEAVE("CyaSSL_X509_get_keyUsage", usage);
wolfSSL 0:1239e9b70ca2 7708
wolfSSL 0:1239e9b70ca2 7709 return usage;
wolfSSL 0:1239e9b70ca2 7710 }
wolfSSL 0:1239e9b70ca2 7711
wolfSSL 0:1239e9b70ca2 7712
wolfSSL 0:1239e9b70ca2 7713 byte* CyaSSL_X509_get_authorityKeyID(
wolfSSL 0:1239e9b70ca2 7714 CYASSL_X509* x509, byte* dst, int* dstLen)
wolfSSL 0:1239e9b70ca2 7715 {
wolfSSL 0:1239e9b70ca2 7716 byte *id = NULL;
wolfSSL 0:1239e9b70ca2 7717 int copySz = 0;
wolfSSL 0:1239e9b70ca2 7718
wolfSSL 0:1239e9b70ca2 7719 CYASSL_ENTER("CyaSSL_X509_get_authorityKeyID");
wolfSSL 0:1239e9b70ca2 7720
wolfSSL 0:1239e9b70ca2 7721 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 7722 if (x509->authKeyIdSet) {
wolfSSL 0:1239e9b70ca2 7723 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 0:1239e9b70ca2 7724 (int)x509->authKeyIdSz);
wolfSSL 0:1239e9b70ca2 7725 id = x509->authKeyId;
wolfSSL 0:1239e9b70ca2 7726 }
wolfSSL 0:1239e9b70ca2 7727
wolfSSL 0:1239e9b70ca2 7728 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 0:1239e9b70ca2 7729 XMEMCPY(dst, id, copySz);
wolfSSL 0:1239e9b70ca2 7730 id = dst;
wolfSSL 0:1239e9b70ca2 7731 *dstLen = copySz;
wolfSSL 0:1239e9b70ca2 7732 }
wolfSSL 0:1239e9b70ca2 7733 }
wolfSSL 0:1239e9b70ca2 7734
wolfSSL 0:1239e9b70ca2 7735 CYASSL_LEAVE("CyaSSL_X509_get_authorityKeyID", copySz);
wolfSSL 0:1239e9b70ca2 7736
wolfSSL 0:1239e9b70ca2 7737 return id;
wolfSSL 0:1239e9b70ca2 7738 }
wolfSSL 0:1239e9b70ca2 7739
wolfSSL 0:1239e9b70ca2 7740
wolfSSL 0:1239e9b70ca2 7741 byte* CyaSSL_X509_get_subjectKeyID(
wolfSSL 0:1239e9b70ca2 7742 CYASSL_X509* x509, byte* dst, int* dstLen)
wolfSSL 0:1239e9b70ca2 7743 {
wolfSSL 0:1239e9b70ca2 7744 byte *id = NULL;
wolfSSL 0:1239e9b70ca2 7745 int copySz = 0;
wolfSSL 0:1239e9b70ca2 7746
wolfSSL 0:1239e9b70ca2 7747 CYASSL_ENTER("CyaSSL_X509_get_subjectKeyID");
wolfSSL 0:1239e9b70ca2 7748
wolfSSL 0:1239e9b70ca2 7749 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 7750 if (x509->subjKeyIdSet) {
wolfSSL 0:1239e9b70ca2 7751 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 0:1239e9b70ca2 7752 (int)x509->subjKeyIdSz);
wolfSSL 0:1239e9b70ca2 7753 id = x509->subjKeyId;
wolfSSL 0:1239e9b70ca2 7754 }
wolfSSL 0:1239e9b70ca2 7755
wolfSSL 0:1239e9b70ca2 7756 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 0:1239e9b70ca2 7757 XMEMCPY(dst, id, copySz);
wolfSSL 0:1239e9b70ca2 7758 id = dst;
wolfSSL 0:1239e9b70ca2 7759 *dstLen = copySz;
wolfSSL 0:1239e9b70ca2 7760 }
wolfSSL 0:1239e9b70ca2 7761 }
wolfSSL 0:1239e9b70ca2 7762
wolfSSL 0:1239e9b70ca2 7763 CYASSL_LEAVE("CyaSSL_X509_get_subjectKeyID", copySz);
wolfSSL 0:1239e9b70ca2 7764
wolfSSL 0:1239e9b70ca2 7765 return id;
wolfSSL 0:1239e9b70ca2 7766 }
wolfSSL 0:1239e9b70ca2 7767
wolfSSL 0:1239e9b70ca2 7768
wolfSSL 0:1239e9b70ca2 7769 int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME* name)
wolfSSL 0:1239e9b70ca2 7770 {
wolfSSL 0:1239e9b70ca2 7771 int count = 0;
wolfSSL 0:1239e9b70ca2 7772
wolfSSL 0:1239e9b70ca2 7773 CYASSL_ENTER("CyaSSL_X509_NAME_entry_count");
wolfSSL 0:1239e9b70ca2 7774
wolfSSL 0:1239e9b70ca2 7775 if (name != NULL)
wolfSSL 0:1239e9b70ca2 7776 count = name->fullName.entryCount;
wolfSSL 0:1239e9b70ca2 7777
wolfSSL 0:1239e9b70ca2 7778 CYASSL_LEAVE("CyaSSL_X509_NAME_entry_count", count);
wolfSSL 0:1239e9b70ca2 7779 return count;
wolfSSL 0:1239e9b70ca2 7780 }
wolfSSL 0:1239e9b70ca2 7781
wolfSSL 0:1239e9b70ca2 7782
wolfSSL 0:1239e9b70ca2 7783 int CyaSSL_X509_NAME_get_text_by_NID(CYASSL_X509_NAME* name,
wolfSSL 0:1239e9b70ca2 7784 int nid, char* buf, int len)
wolfSSL 0:1239e9b70ca2 7785 {
wolfSSL 0:1239e9b70ca2 7786 char *text = NULL;
wolfSSL 0:1239e9b70ca2 7787 int textSz = 0;
wolfSSL 0:1239e9b70ca2 7788
wolfSSL 0:1239e9b70ca2 7789 CYASSL_ENTER("CyaSSL_X509_NAME_get_text_by_NID");
wolfSSL 0:1239e9b70ca2 7790
wolfSSL 0:1239e9b70ca2 7791 switch (nid) {
wolfSSL 0:1239e9b70ca2 7792 case ASN_COMMON_NAME:
wolfSSL 0:1239e9b70ca2 7793 text = name->fullName.fullName + name->fullName.cnIdx;
wolfSSL 0:1239e9b70ca2 7794 textSz = name->fullName.cnLen;
wolfSSL 0:1239e9b70ca2 7795 break;
wolfSSL 0:1239e9b70ca2 7796 case ASN_SUR_NAME:
wolfSSL 0:1239e9b70ca2 7797 text = name->fullName.fullName + name->fullName.snIdx;
wolfSSL 0:1239e9b70ca2 7798 textSz = name->fullName.snLen;
wolfSSL 0:1239e9b70ca2 7799 break;
wolfSSL 0:1239e9b70ca2 7800 case ASN_SERIAL_NUMBER:
wolfSSL 0:1239e9b70ca2 7801 text = name->fullName.fullName + name->fullName.serialIdx;
wolfSSL 0:1239e9b70ca2 7802 textSz = name->fullName.serialLen;
wolfSSL 0:1239e9b70ca2 7803 break;
wolfSSL 0:1239e9b70ca2 7804 case ASN_COUNTRY_NAME:
wolfSSL 0:1239e9b70ca2 7805 text = name->fullName.fullName + name->fullName.cIdx;
wolfSSL 0:1239e9b70ca2 7806 textSz = name->fullName.cLen;
wolfSSL 0:1239e9b70ca2 7807 break;
wolfSSL 0:1239e9b70ca2 7808 case ASN_LOCALITY_NAME:
wolfSSL 0:1239e9b70ca2 7809 text = name->fullName.fullName + name->fullName.lIdx;
wolfSSL 0:1239e9b70ca2 7810 textSz = name->fullName.lLen;
wolfSSL 0:1239e9b70ca2 7811 break;
wolfSSL 0:1239e9b70ca2 7812 case ASN_STATE_NAME:
wolfSSL 0:1239e9b70ca2 7813 text = name->fullName.fullName + name->fullName.stIdx;
wolfSSL 0:1239e9b70ca2 7814 textSz = name->fullName.stLen;
wolfSSL 0:1239e9b70ca2 7815 break;
wolfSSL 0:1239e9b70ca2 7816 case ASN_ORG_NAME:
wolfSSL 0:1239e9b70ca2 7817 text = name->fullName.fullName + name->fullName.oIdx;
wolfSSL 0:1239e9b70ca2 7818 textSz = name->fullName.oLen;
wolfSSL 0:1239e9b70ca2 7819 break;
wolfSSL 0:1239e9b70ca2 7820 case ASN_ORGUNIT_NAME:
wolfSSL 0:1239e9b70ca2 7821 text = name->fullName.fullName + name->fullName.ouIdx;
wolfSSL 0:1239e9b70ca2 7822 textSz = name->fullName.ouLen;
wolfSSL 0:1239e9b70ca2 7823 break;
wolfSSL 0:1239e9b70ca2 7824 default:
wolfSSL 0:1239e9b70ca2 7825 break;
wolfSSL 0:1239e9b70ca2 7826 }
wolfSSL 0:1239e9b70ca2 7827
wolfSSL 0:1239e9b70ca2 7828 if (buf != NULL && text != NULL) {
wolfSSL 0:1239e9b70ca2 7829 textSz = min(textSz, len);
wolfSSL 0:1239e9b70ca2 7830 XMEMCPY(buf, text, textSz);
wolfSSL 0:1239e9b70ca2 7831 buf[textSz] = '\0';
wolfSSL 0:1239e9b70ca2 7832 }
wolfSSL 0:1239e9b70ca2 7833
wolfSSL 0:1239e9b70ca2 7834 CYASSL_LEAVE("CyaSSL_X509_NAME_get_text_by_NID", textSz);
wolfSSL 0:1239e9b70ca2 7835 return textSz;
wolfSSL 0:1239e9b70ca2 7836 }
wolfSSL 0:1239e9b70ca2 7837 #endif
wolfSSL 0:1239e9b70ca2 7838
wolfSSL 0:1239e9b70ca2 7839
wolfSSL 0:1239e9b70ca2 7840 /* copy name into in buffer, at most sz bytes, if buffer is null will
wolfSSL 0:1239e9b70ca2 7841 malloc buffer, call responsible for freeing */
wolfSSL 0:1239e9b70ca2 7842 char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
wolfSSL 0:1239e9b70ca2 7843 {
wolfSSL 0:1239e9b70ca2 7844 int copySz = min(sz, name->sz);
wolfSSL 0:1239e9b70ca2 7845
wolfSSL 0:1239e9b70ca2 7846 CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
wolfSSL 0:1239e9b70ca2 7847 if (!name->sz) return in;
wolfSSL 0:1239e9b70ca2 7848
wolfSSL 0:1239e9b70ca2 7849 if (!in) {
wolfSSL 0:1239e9b70ca2 7850 in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 7851 if (!in ) return in;
wolfSSL 0:1239e9b70ca2 7852 copySz = name->sz;
wolfSSL 0:1239e9b70ca2 7853 }
wolfSSL 0:1239e9b70ca2 7854
wolfSSL 0:1239e9b70ca2 7855 if (copySz == 0)
wolfSSL 0:1239e9b70ca2 7856 return in;
wolfSSL 0:1239e9b70ca2 7857
wolfSSL 0:1239e9b70ca2 7858 XMEMCPY(in, name->name, copySz - 1);
wolfSSL 0:1239e9b70ca2 7859 in[copySz - 1] = 0;
wolfSSL 0:1239e9b70ca2 7860
wolfSSL 0:1239e9b70ca2 7861 return in;
wolfSSL 0:1239e9b70ca2 7862 }
wolfSSL 0:1239e9b70ca2 7863
wolfSSL 0:1239e9b70ca2 7864
wolfSSL 0:1239e9b70ca2 7865 int CyaSSL_X509_get_signature_type(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7866 {
wolfSSL 0:1239e9b70ca2 7867 int type = 0;
wolfSSL 0:1239e9b70ca2 7868
wolfSSL 0:1239e9b70ca2 7869 CYASSL_ENTER("CyaSSL_X509_get_signature_type");
wolfSSL 0:1239e9b70ca2 7870
wolfSSL 0:1239e9b70ca2 7871 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 7872 type = x509->sigOID;
wolfSSL 0:1239e9b70ca2 7873
wolfSSL 0:1239e9b70ca2 7874 return type;
wolfSSL 0:1239e9b70ca2 7875 }
wolfSSL 0:1239e9b70ca2 7876
wolfSSL 0:1239e9b70ca2 7877
wolfSSL 0:1239e9b70ca2 7878 int CyaSSL_X509_get_signature(CYASSL_X509* x509,
wolfSSL 0:1239e9b70ca2 7879 unsigned char* buf, int* bufSz)
wolfSSL 0:1239e9b70ca2 7880 {
wolfSSL 0:1239e9b70ca2 7881 CYASSL_ENTER("CyaSSL_X509_get_signature");
wolfSSL 0:1239e9b70ca2 7882 if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length)
wolfSSL 0:1239e9b70ca2 7883 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 7884
wolfSSL 0:1239e9b70ca2 7885 if (buf != NULL)
wolfSSL 0:1239e9b70ca2 7886 XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
wolfSSL 0:1239e9b70ca2 7887 *bufSz = x509->sig.length;
wolfSSL 0:1239e9b70ca2 7888
wolfSSL 0:1239e9b70ca2 7889 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7890 }
wolfSSL 0:1239e9b70ca2 7891
wolfSSL 0:1239e9b70ca2 7892
wolfSSL 0:1239e9b70ca2 7893 /* write X509 serial number in unsigned binary to buffer
wolfSSL 0:1239e9b70ca2 7894 buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
wolfSSL 0:1239e9b70ca2 7895 return SSL_SUCCESS on success */
wolfSSL 0:1239e9b70ca2 7896 int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
wolfSSL 0:1239e9b70ca2 7897 {
wolfSSL 0:1239e9b70ca2 7898 CYASSL_ENTER("CyaSSL_X509_get_serial_number");
wolfSSL 0:1239e9b70ca2 7899 if (x509 == NULL || in == NULL ||
wolfSSL 0:1239e9b70ca2 7900 inOutSz == NULL || *inOutSz < x509->serialSz)
wolfSSL 0:1239e9b70ca2 7901 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 7902
wolfSSL 0:1239e9b70ca2 7903 XMEMCPY(in, x509->serial, x509->serialSz);
wolfSSL 0:1239e9b70ca2 7904 *inOutSz = x509->serialSz;
wolfSSL 0:1239e9b70ca2 7905
wolfSSL 0:1239e9b70ca2 7906 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 7907 }
wolfSSL 0:1239e9b70ca2 7908
wolfSSL 0:1239e9b70ca2 7909
wolfSSL 0:1239e9b70ca2 7910 const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
wolfSSL 0:1239e9b70ca2 7911 {
wolfSSL 0:1239e9b70ca2 7912 CYASSL_ENTER("CyaSSL_X509_get_der");
wolfSSL 0:1239e9b70ca2 7913
wolfSSL 0:1239e9b70ca2 7914 if (x509 == NULL || outSz == NULL)
wolfSSL 0:1239e9b70ca2 7915 return NULL;
wolfSSL 0:1239e9b70ca2 7916
wolfSSL 0:1239e9b70ca2 7917 *outSz = (int)x509->derCert.length;
wolfSSL 0:1239e9b70ca2 7918 return x509->derCert.buffer;
wolfSSL 0:1239e9b70ca2 7919 }
wolfSSL 0:1239e9b70ca2 7920
wolfSSL 0:1239e9b70ca2 7921
wolfSSL 0:1239e9b70ca2 7922 int CyaSSL_X509_version(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7923 {
wolfSSL 0:1239e9b70ca2 7924 CYASSL_ENTER("CyaSSL_X509_version");
wolfSSL 0:1239e9b70ca2 7925
wolfSSL 0:1239e9b70ca2 7926 if (x509 == NULL)
wolfSSL 0:1239e9b70ca2 7927 return 0;
wolfSSL 0:1239e9b70ca2 7928
wolfSSL 0:1239e9b70ca2 7929 return x509->version;
wolfSSL 0:1239e9b70ca2 7930 }
wolfSSL 0:1239e9b70ca2 7931
wolfSSL 0:1239e9b70ca2 7932
wolfSSL 0:1239e9b70ca2 7933 const byte* CyaSSL_X509_notBefore(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7934 {
wolfSSL 0:1239e9b70ca2 7935 CYASSL_ENTER("CyaSSL_X509_notBefore");
wolfSSL 0:1239e9b70ca2 7936
wolfSSL 0:1239e9b70ca2 7937 if (x509 == NULL)
wolfSSL 0:1239e9b70ca2 7938 return NULL;
wolfSSL 0:1239e9b70ca2 7939
wolfSSL 0:1239e9b70ca2 7940 return x509->notBefore;
wolfSSL 0:1239e9b70ca2 7941 }
wolfSSL 0:1239e9b70ca2 7942
wolfSSL 0:1239e9b70ca2 7943
wolfSSL 0:1239e9b70ca2 7944 const byte* CyaSSL_X509_notAfter(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 7945 {
wolfSSL 0:1239e9b70ca2 7946 CYASSL_ENTER("CyaSSL_X509_notAfter");
wolfSSL 0:1239e9b70ca2 7947
wolfSSL 0:1239e9b70ca2 7948 if (x509 == NULL)
wolfSSL 0:1239e9b70ca2 7949 return NULL;
wolfSSL 0:1239e9b70ca2 7950
wolfSSL 0:1239e9b70ca2 7951 return x509->notAfter;
wolfSSL 0:1239e9b70ca2 7952 }
wolfSSL 0:1239e9b70ca2 7953
wolfSSL 0:1239e9b70ca2 7954
wolfSSL 0:1239e9b70ca2 7955 #ifdef CYASSL_SEP
wolfSSL 0:1239e9b70ca2 7956
wolfSSL 0:1239e9b70ca2 7957 /* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
wolfSSL 0:1239e9b70ca2 7958 malloc buffer, call responsible for freeing. Actual size returned in
wolfSSL 0:1239e9b70ca2 7959 *inOutSz. Requires inOutSz be non-null */
wolfSSL 0:1239e9b70ca2 7960 byte* CyaSSL_X509_get_device_type(CYASSL_X509* x509, byte* in, int *inOutSz)
wolfSSL 0:1239e9b70ca2 7961 {
wolfSSL 0:1239e9b70ca2 7962 int copySz;
wolfSSL 0:1239e9b70ca2 7963
wolfSSL 0:1239e9b70ca2 7964 CYASSL_ENTER("CyaSSL_X509_get_dev_type");
wolfSSL 0:1239e9b70ca2 7965 if (inOutSz == NULL) return NULL;
wolfSSL 0:1239e9b70ca2 7966 if (!x509->deviceTypeSz) return in;
wolfSSL 0:1239e9b70ca2 7967
wolfSSL 0:1239e9b70ca2 7968 copySz = min(*inOutSz, x509->deviceTypeSz);
wolfSSL 0:1239e9b70ca2 7969
wolfSSL 0:1239e9b70ca2 7970 if (!in) {
wolfSSL 0:1239e9b70ca2 7971 in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 7972 if (!in) return in;
wolfSSL 0:1239e9b70ca2 7973 copySz = x509->deviceTypeSz;
wolfSSL 0:1239e9b70ca2 7974 }
wolfSSL 0:1239e9b70ca2 7975
wolfSSL 0:1239e9b70ca2 7976 XMEMCPY(in, x509->deviceType, copySz);
wolfSSL 0:1239e9b70ca2 7977 *inOutSz = copySz;
wolfSSL 0:1239e9b70ca2 7978
wolfSSL 0:1239e9b70ca2 7979 return in;
wolfSSL 0:1239e9b70ca2 7980 }
wolfSSL 0:1239e9b70ca2 7981
wolfSSL 0:1239e9b70ca2 7982
wolfSSL 0:1239e9b70ca2 7983 byte* CyaSSL_X509_get_hw_type(CYASSL_X509* x509, byte* in, int* inOutSz)
wolfSSL 0:1239e9b70ca2 7984 {
wolfSSL 0:1239e9b70ca2 7985 int copySz;
wolfSSL 0:1239e9b70ca2 7986
wolfSSL 0:1239e9b70ca2 7987 CYASSL_ENTER("CyaSSL_X509_get_hw_type");
wolfSSL 0:1239e9b70ca2 7988 if (inOutSz == NULL) return NULL;
wolfSSL 0:1239e9b70ca2 7989 if (!x509->hwTypeSz) return in;
wolfSSL 0:1239e9b70ca2 7990
wolfSSL 0:1239e9b70ca2 7991 copySz = min(*inOutSz, x509->hwTypeSz);
wolfSSL 0:1239e9b70ca2 7992
wolfSSL 0:1239e9b70ca2 7993 if (!in) {
wolfSSL 0:1239e9b70ca2 7994 in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 7995 if (!in) return in;
wolfSSL 0:1239e9b70ca2 7996 copySz = x509->hwTypeSz;
wolfSSL 0:1239e9b70ca2 7997 }
wolfSSL 0:1239e9b70ca2 7998
wolfSSL 0:1239e9b70ca2 7999 XMEMCPY(in, x509->hwType, copySz);
wolfSSL 0:1239e9b70ca2 8000 *inOutSz = copySz;
wolfSSL 0:1239e9b70ca2 8001
wolfSSL 0:1239e9b70ca2 8002 return in;
wolfSSL 0:1239e9b70ca2 8003 }
wolfSSL 0:1239e9b70ca2 8004
wolfSSL 0:1239e9b70ca2 8005
wolfSSL 0:1239e9b70ca2 8006 byte* CyaSSL_X509_get_hw_serial_number(CYASSL_X509* x509,byte* in,int* inOutSz)
wolfSSL 0:1239e9b70ca2 8007 {
wolfSSL 0:1239e9b70ca2 8008 int copySz;
wolfSSL 0:1239e9b70ca2 8009
wolfSSL 0:1239e9b70ca2 8010 CYASSL_ENTER("CyaSSL_X509_get_hw_serial_number");
wolfSSL 0:1239e9b70ca2 8011 if (inOutSz == NULL) return NULL;
wolfSSL 0:1239e9b70ca2 8012 if (!x509->hwTypeSz) return in;
wolfSSL 0:1239e9b70ca2 8013
wolfSSL 0:1239e9b70ca2 8014 copySz = min(*inOutSz, x509->hwSerialNumSz);
wolfSSL 0:1239e9b70ca2 8015
wolfSSL 0:1239e9b70ca2 8016 if (!in) {
wolfSSL 0:1239e9b70ca2 8017 in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 0:1239e9b70ca2 8018 if (!in) return in;
wolfSSL 0:1239e9b70ca2 8019 copySz = x509->hwSerialNumSz;
wolfSSL 0:1239e9b70ca2 8020 }
wolfSSL 0:1239e9b70ca2 8021
wolfSSL 0:1239e9b70ca2 8022 XMEMCPY(in, x509->hwSerialNum, copySz);
wolfSSL 0:1239e9b70ca2 8023 *inOutSz = copySz;
wolfSSL 0:1239e9b70ca2 8024
wolfSSL 0:1239e9b70ca2 8025 return in;
wolfSSL 0:1239e9b70ca2 8026 }
wolfSSL 0:1239e9b70ca2 8027
wolfSSL 0:1239e9b70ca2 8028 #endif /* CYASSL_SEP */
wolfSSL 0:1239e9b70ca2 8029
wolfSSL 0:1239e9b70ca2 8030
wolfSSL 0:1239e9b70ca2 8031 CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
wolfSSL 0:1239e9b70ca2 8032 {
wolfSSL 0:1239e9b70ca2 8033 CYASSL_X509 *newX509 = NULL;
wolfSSL 0:1239e9b70ca2 8034
wolfSSL 0:1239e9b70ca2 8035 CYASSL_ENTER("CyaSSL_X509_d2i");
wolfSSL 0:1239e9b70ca2 8036
wolfSSL 0:1239e9b70ca2 8037 if (in != NULL && len != 0) {
wolfSSL 0:1239e9b70ca2 8038 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 8039
wolfSSL 0:1239e9b70ca2 8040 InitDecodedCert(&cert, (byte*)in, len, NULL);
wolfSSL 0:1239e9b70ca2 8041 if (ParseCertRelative(&cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 0:1239e9b70ca2 8042 newX509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509),
wolfSSL 0:1239e9b70ca2 8043 NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 8044 if (newX509 != NULL) {
wolfSSL 0:1239e9b70ca2 8045 InitX509(newX509, 1);
wolfSSL 0:1239e9b70ca2 8046 if (CopyDecodedToX509(newX509, &cert) != 0) {
wolfSSL 0:1239e9b70ca2 8047 XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 8048 newX509 = NULL;
wolfSSL 0:1239e9b70ca2 8049 }
wolfSSL 0:1239e9b70ca2 8050 }
wolfSSL 0:1239e9b70ca2 8051 }
wolfSSL 0:1239e9b70ca2 8052 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 8053 }
wolfSSL 0:1239e9b70ca2 8054
wolfSSL 0:1239e9b70ca2 8055 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 8056 *x509 = newX509;
wolfSSL 0:1239e9b70ca2 8057
wolfSSL 0:1239e9b70ca2 8058 return newX509;
wolfSSL 0:1239e9b70ca2 8059 }
wolfSSL 0:1239e9b70ca2 8060
wolfSSL 0:1239e9b70ca2 8061
wolfSSL 0:1239e9b70ca2 8062 #ifndef NO_FILESYSTEM
wolfSSL 0:1239e9b70ca2 8063
wolfSSL 0:1239e9b70ca2 8064 #ifndef NO_STDIO_FILESYSTEM
wolfSSL 0:1239e9b70ca2 8065
wolfSSL 0:1239e9b70ca2 8066 CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
wolfSSL 0:1239e9b70ca2 8067 {
wolfSSL 0:1239e9b70ca2 8068 CYASSL_X509* newX509 = NULL;
wolfSSL 0:1239e9b70ca2 8069
wolfSSL 0:1239e9b70ca2 8070 CYASSL_ENTER("CyaSSL_X509_d2i_fp");
wolfSSL 0:1239e9b70ca2 8071
wolfSSL 0:1239e9b70ca2 8072 if (file != XBADFILE) {
wolfSSL 0:1239e9b70ca2 8073 byte* fileBuffer = NULL;
wolfSSL 0:1239e9b70ca2 8074 long sz = 0;
wolfSSL 0:1239e9b70ca2 8075
wolfSSL 0:1239e9b70ca2 8076 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 8077 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 8078 XREWIND(file);
wolfSSL 0:1239e9b70ca2 8079
wolfSSL 0:1239e9b70ca2 8080 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8081 if (fileBuffer != NULL) {
wolfSSL 0:1239e9b70ca2 8082 if ((int)XFREAD(fileBuffer, sz, 1, file) > 0) {
wolfSSL 0:1239e9b70ca2 8083 newX509 = CyaSSL_X509_d2i(NULL, fileBuffer, (int)sz);
wolfSSL 0:1239e9b70ca2 8084 }
wolfSSL 0:1239e9b70ca2 8085 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8086 }
wolfSSL 0:1239e9b70ca2 8087 }
wolfSSL 0:1239e9b70ca2 8088
wolfSSL 0:1239e9b70ca2 8089 if (x509 != NULL)
wolfSSL 0:1239e9b70ca2 8090 *x509 = newX509;
wolfSSL 0:1239e9b70ca2 8091
wolfSSL 0:1239e9b70ca2 8092 return newX509;
wolfSSL 0:1239e9b70ca2 8093 }
wolfSSL 0:1239e9b70ca2 8094
wolfSSL 0:1239e9b70ca2 8095 #endif /* NO_STDIO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 8096
wolfSSL 0:1239e9b70ca2 8097 CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
wolfSSL 0:1239e9b70ca2 8098 {
wolfSSL 0:1239e9b70ca2 8099 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 8100 byte* fileBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 8101 int dynamic = 0;
wolfSSL 0:1239e9b70ca2 8102 long sz = 0;
wolfSSL 0:1239e9b70ca2 8103 XFILE file;
wolfSSL 0:1239e9b70ca2 8104 CYASSL_X509* x509 = NULL;
wolfSSL 0:1239e9b70ca2 8105 buffer der;
wolfSSL 0:1239e9b70ca2 8106
wolfSSL 0:1239e9b70ca2 8107 CYASSL_ENTER("CyaSSL_X509_load_certificate");
wolfSSL 0:1239e9b70ca2 8108
wolfSSL 0:1239e9b70ca2 8109 /* Check the inputs */
wolfSSL 0:1239e9b70ca2 8110 if ((fname == NULL) ||
wolfSSL 0:1239e9b70ca2 8111 (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM))
wolfSSL 0:1239e9b70ca2 8112 return NULL;
wolfSSL 0:1239e9b70ca2 8113
wolfSSL 0:1239e9b70ca2 8114 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 8115 if (file == XBADFILE) return NULL;
wolfSSL 0:1239e9b70ca2 8116 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 8117 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 8118 XREWIND(file);
wolfSSL 0:1239e9b70ca2 8119
wolfSSL 0:1239e9b70ca2 8120 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 8121 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8122 if (fileBuffer == NULL) {
wolfSSL 0:1239e9b70ca2 8123 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 8124 return NULL;
wolfSSL 0:1239e9b70ca2 8125 }
wolfSSL 0:1239e9b70ca2 8126 dynamic = 1;
wolfSSL 0:1239e9b70ca2 8127 }
wolfSSL 0:1239e9b70ca2 8128 if ((int)XFREAD(fileBuffer, sz, 1, file) < 0) {
wolfSSL 0:1239e9b70ca2 8129 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 8130 if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8131 return NULL;
wolfSSL 0:1239e9b70ca2 8132 }
wolfSSL 0:1239e9b70ca2 8133 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 8134
wolfSSL 0:1239e9b70ca2 8135 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 8136 der.length = 0;
wolfSSL 0:1239e9b70ca2 8137
wolfSSL 0:1239e9b70ca2 8138 if (format == SSL_FILETYPE_PEM) {
wolfSSL 0:1239e9b70ca2 8139 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 8140 int ecc = 0;
wolfSSL 0:1239e9b70ca2 8141
wolfSSL 0:1239e9b70ca2 8142 info.set = 0;
wolfSSL 0:1239e9b70ca2 8143 info.ctx = NULL;
wolfSSL 0:1239e9b70ca2 8144 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 8145
wolfSSL 0:1239e9b70ca2 8146 if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, &info, &ecc) != 0)
wolfSSL 0:1239e9b70ca2 8147 {
wolfSSL 0:1239e9b70ca2 8148 /* Only time this should fail, and leave `der` with a buffer
wolfSSL 0:1239e9b70ca2 8149 is when the Base64 Decode fails. Release `der.buffer` in
wolfSSL 0:1239e9b70ca2 8150 that case. */
wolfSSL 0:1239e9b70ca2 8151 if (der.buffer != NULL) {
wolfSSL 0:1239e9b70ca2 8152 XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 8153 der.buffer = NULL;
wolfSSL 0:1239e9b70ca2 8154 }
wolfSSL 0:1239e9b70ca2 8155 }
wolfSSL 0:1239e9b70ca2 8156 }
wolfSSL 0:1239e9b70ca2 8157 else {
wolfSSL 0:1239e9b70ca2 8158 der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 8159 if (der.buffer != NULL) {
wolfSSL 0:1239e9b70ca2 8160 XMEMCPY(der.buffer, fileBuffer, sz);
wolfSSL 0:1239e9b70ca2 8161 der.length = (word32)sz;
wolfSSL 0:1239e9b70ca2 8162 }
wolfSSL 0:1239e9b70ca2 8163 }
wolfSSL 0:1239e9b70ca2 8164 if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 8165
wolfSSL 0:1239e9b70ca2 8166 /* At this point we want `der` to have the certificate in DER format */
wolfSSL 0:1239e9b70ca2 8167 /* ready to be decoded. */
wolfSSL 0:1239e9b70ca2 8168 if (der.buffer != NULL) {
wolfSSL 0:1239e9b70ca2 8169 DecodedCert cert;
wolfSSL 0:1239e9b70ca2 8170
wolfSSL 0:1239e9b70ca2 8171 InitDecodedCert(&cert, der.buffer, der.length, NULL);
wolfSSL 0:1239e9b70ca2 8172 if (ParseCertRelative(&cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 0:1239e9b70ca2 8173 x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509),
wolfSSL 0:1239e9b70ca2 8174 NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 8175 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 8176 InitX509(x509, 1);
wolfSSL 0:1239e9b70ca2 8177 if (CopyDecodedToX509(x509, &cert) != 0) {
wolfSSL 0:1239e9b70ca2 8178 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 8179 x509 = NULL;
wolfSSL 0:1239e9b70ca2 8180 }
wolfSSL 0:1239e9b70ca2 8181 }
wolfSSL 0:1239e9b70ca2 8182 }
wolfSSL 0:1239e9b70ca2 8183 FreeDecodedCert(&cert);
wolfSSL 0:1239e9b70ca2 8184
wolfSSL 0:1239e9b70ca2 8185 XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 8186 }
wolfSSL 0:1239e9b70ca2 8187
wolfSSL 0:1239e9b70ca2 8188 return x509;
wolfSSL 0:1239e9b70ca2 8189 }
wolfSSL 0:1239e9b70ca2 8190
wolfSSL 0:1239e9b70ca2 8191 #endif /* NO_FILESYSTEM */
wolfSSL 0:1239e9b70ca2 8192
wolfSSL 0:1239e9b70ca2 8193 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
wolfSSL 0:1239e9b70ca2 8194
wolfSSL 0:1239e9b70ca2 8195
wolfSSL 0:1239e9b70ca2 8196 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 8197 int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
wolfSSL 0:1239e9b70ca2 8198 {
wolfSSL 0:1239e9b70ca2 8199 #ifdef FORTRESS
wolfSSL 0:1239e9b70ca2 8200 if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL 0:1239e9b70ca2 8201 {
wolfSSL 0:1239e9b70ca2 8202 ssl->ex_data[idx] = data;
wolfSSL 0:1239e9b70ca2 8203 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 8204 }
wolfSSL 0:1239e9b70ca2 8205 #else
wolfSSL 0:1239e9b70ca2 8206 (void)ssl;
wolfSSL 0:1239e9b70ca2 8207 (void)idx;
wolfSSL 0:1239e9b70ca2 8208 (void)data;
wolfSSL 0:1239e9b70ca2 8209 #endif
wolfSSL 0:1239e9b70ca2 8210 return SSL_FAILURE;
wolfSSL 0:1239e9b70ca2 8211 }
wolfSSL 0:1239e9b70ca2 8212
wolfSSL 0:1239e9b70ca2 8213
wolfSSL 0:1239e9b70ca2 8214 int CyaSSL_set_session_id_context(CYASSL* ssl, const unsigned char* id,
wolfSSL 0:1239e9b70ca2 8215 unsigned int len)
wolfSSL 0:1239e9b70ca2 8216 {
wolfSSL 0:1239e9b70ca2 8217 (void)ssl;
wolfSSL 0:1239e9b70ca2 8218 (void)id;
wolfSSL 0:1239e9b70ca2 8219 (void)len;
wolfSSL 0:1239e9b70ca2 8220 return 0;
wolfSSL 0:1239e9b70ca2 8221 }
wolfSSL 0:1239e9b70ca2 8222
wolfSSL 0:1239e9b70ca2 8223
wolfSSL 0:1239e9b70ca2 8224 void CyaSSL_set_connect_state(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8225 {
wolfSSL 0:1239e9b70ca2 8226 (void)ssl;
wolfSSL 0:1239e9b70ca2 8227 /* client by default */
wolfSSL 0:1239e9b70ca2 8228 }
wolfSSL 0:1239e9b70ca2 8229 #endif
wolfSSL 0:1239e9b70ca2 8230
wolfSSL 0:1239e9b70ca2 8231 int CyaSSL_get_shutdown(const CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8232 {
wolfSSL 0:1239e9b70ca2 8233 return (ssl->options.isClosed ||
wolfSSL 0:1239e9b70ca2 8234 ssl->options.connReset ||
wolfSSL 0:1239e9b70ca2 8235 ssl->options.sentNotify);
wolfSSL 0:1239e9b70ca2 8236 }
wolfSSL 0:1239e9b70ca2 8237
wolfSSL 0:1239e9b70ca2 8238
wolfSSL 0:1239e9b70ca2 8239 int CyaSSL_session_reused(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8240 {
wolfSSL 0:1239e9b70ca2 8241 return ssl->options.resuming;
wolfSSL 0:1239e9b70ca2 8242 }
wolfSSL 0:1239e9b70ca2 8243
wolfSSL 0:1239e9b70ca2 8244 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 8245 void CyaSSL_SESSION_free(CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 8246 {
wolfSSL 0:1239e9b70ca2 8247 (void)session;
wolfSSL 0:1239e9b70ca2 8248 }
wolfSSL 0:1239e9b70ca2 8249 #endif
wolfSSL 0:1239e9b70ca2 8250
wolfSSL 0:1239e9b70ca2 8251 const char* CyaSSL_get_version(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8252 {
wolfSSL 0:1239e9b70ca2 8253 CYASSL_ENTER("SSL_get_version");
wolfSSL 0:1239e9b70ca2 8254 if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL 0:1239e9b70ca2 8255 switch (ssl->version.minor) {
wolfSSL 0:1239e9b70ca2 8256 case SSLv3_MINOR :
wolfSSL 0:1239e9b70ca2 8257 return "SSLv3";
wolfSSL 0:1239e9b70ca2 8258 case TLSv1_MINOR :
wolfSSL 0:1239e9b70ca2 8259 return "TLSv1";
wolfSSL 0:1239e9b70ca2 8260 case TLSv1_1_MINOR :
wolfSSL 0:1239e9b70ca2 8261 return "TLSv1.1";
wolfSSL 0:1239e9b70ca2 8262 case TLSv1_2_MINOR :
wolfSSL 0:1239e9b70ca2 8263 return "TLSv1.2";
wolfSSL 0:1239e9b70ca2 8264 default:
wolfSSL 0:1239e9b70ca2 8265 return "unknown";
wolfSSL 0:1239e9b70ca2 8266 }
wolfSSL 0:1239e9b70ca2 8267 }
wolfSSL 0:1239e9b70ca2 8268 else if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 0:1239e9b70ca2 8269 switch (ssl->version.minor) {
wolfSSL 0:1239e9b70ca2 8270 case DTLS_MINOR :
wolfSSL 0:1239e9b70ca2 8271 return "DTLS";
wolfSSL 0:1239e9b70ca2 8272 case DTLSv1_2_MINOR :
wolfSSL 0:1239e9b70ca2 8273 return "DTLSv1.2";
wolfSSL 0:1239e9b70ca2 8274 default:
wolfSSL 0:1239e9b70ca2 8275 return "unknown";
wolfSSL 0:1239e9b70ca2 8276 }
wolfSSL 0:1239e9b70ca2 8277 }
wolfSSL 0:1239e9b70ca2 8278 return "unknown";
wolfSSL 0:1239e9b70ca2 8279 }
wolfSSL 0:1239e9b70ca2 8280
wolfSSL 0:1239e9b70ca2 8281 int CyaSSL_get_current_cipher_suite(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8282 {
wolfSSL 0:1239e9b70ca2 8283 CYASSL_ENTER("SSL_get_current_cipher_suite");
wolfSSL 0:1239e9b70ca2 8284 if (ssl)
wolfSSL 0:1239e9b70ca2 8285 return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
wolfSSL 0:1239e9b70ca2 8286 return 0;
wolfSSL 0:1239e9b70ca2 8287 }
wolfSSL 0:1239e9b70ca2 8288
wolfSSL 0:1239e9b70ca2 8289 CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8290 {
wolfSSL 0:1239e9b70ca2 8291 CYASSL_ENTER("SSL_get_current_cipher");
wolfSSL 0:1239e9b70ca2 8292 if (ssl)
wolfSSL 0:1239e9b70ca2 8293 return &ssl->cipher;
wolfSSL 0:1239e9b70ca2 8294 else
wolfSSL 0:1239e9b70ca2 8295 return NULL;
wolfSSL 0:1239e9b70ca2 8296 }
wolfSSL 0:1239e9b70ca2 8297
wolfSSL 0:1239e9b70ca2 8298
wolfSSL 0:1239e9b70ca2 8299 const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher)
wolfSSL 0:1239e9b70ca2 8300 {
wolfSSL 0:1239e9b70ca2 8301 (void)cipher;
wolfSSL 0:1239e9b70ca2 8302
wolfSSL 0:1239e9b70ca2 8303 CYASSL_ENTER("SSL_CIPHER_get_name");
wolfSSL 0:1239e9b70ca2 8304 #ifndef NO_ERROR_STRINGS
wolfSSL 0:1239e9b70ca2 8305 if (cipher) {
wolfSSL 0:1239e9b70ca2 8306 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 8307 if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
wolfSSL 0:1239e9b70ca2 8308 /* ECC suites */
wolfSSL 0:1239e9b70ca2 8309 switch (cipher->ssl->options.cipherSuite) {
wolfSSL 0:1239e9b70ca2 8310 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8311 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8312 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8313 #endif
wolfSSL 0:1239e9b70ca2 8314 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8315 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8316 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8317 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8318 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8319 #endif
wolfSSL 0:1239e9b70ca2 8320 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8321 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8322 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8323 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:1239e9b70ca2 8324 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:1239e9b70ca2 8325 #endif
wolfSSL 0:1239e9b70ca2 8326 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:1239e9b70ca2 8327 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:1239e9b70ca2 8328 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8329 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:1239e9b70ca2 8330 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:1239e9b70ca2 8331 #endif
wolfSSL 0:1239e9b70ca2 8332 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 0:1239e9b70ca2 8333 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 0:1239e9b70ca2 8334 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8335 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8336 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8337 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8338 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8339 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8340 #endif
wolfSSL 0:1239e9b70ca2 8341 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8342 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8343 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8344 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8345 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 8346 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8347 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8348 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8349 #endif
wolfSSL 0:1239e9b70ca2 8350 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8351 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8352 #endif
wolfSSL 0:1239e9b70ca2 8353 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 8354 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8355 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8356 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8357 #endif
wolfSSL 0:1239e9b70ca2 8358 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8359 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8360 #endif
wolfSSL 0:1239e9b70ca2 8361
wolfSSL 0:1239e9b70ca2 8362 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8363 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8364 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8365 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8366 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8367 #endif
wolfSSL 0:1239e9b70ca2 8368 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8369 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8370 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8371 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8372 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 8373 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8374 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8375 return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8376 #endif
wolfSSL 0:1239e9b70ca2 8377 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8378 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8379 #endif
wolfSSL 0:1239e9b70ca2 8380 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 8381 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8382 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8383 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8384 #endif
wolfSSL 0:1239e9b70ca2 8385 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8386 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8387 #endif
wolfSSL 0:1239e9b70ca2 8388 #endif /* NO_SHA */
wolfSSL 0:1239e9b70ca2 8389
wolfSSL 0:1239e9b70ca2 8390 #ifdef HAVE_AESGCM
wolfSSL 0:1239e9b70ca2 8391 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8392 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8393 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8394 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8395 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8396 #endif
wolfSSL 0:1239e9b70ca2 8397 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8398 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8399 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8400 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8401 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8402 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8403 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8404 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8405 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8406 #endif
wolfSSL 0:1239e9b70ca2 8407 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8408 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8409 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8410 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8411 #endif
wolfSSL 0:1239e9b70ca2 8412
wolfSSL 0:1239e9b70ca2 8413 #ifdef HAVE_AESCCM
wolfSSL 0:1239e9b70ca2 8414 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8415 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 0:1239e9b70ca2 8416 return "TLS_RSA_WITH_AES_128_CCM_8";
wolfSSL 0:1239e9b70ca2 8417 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 0:1239e9b70ca2 8418 return "TLS_RSA_WITH_AES_256_CCM_8";
wolfSSL 0:1239e9b70ca2 8419 #endif
wolfSSL 0:1239e9b70ca2 8420 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 0:1239e9b70ca2 8421 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
wolfSSL 0:1239e9b70ca2 8422 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 0:1239e9b70ca2 8423 return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
wolfSSL 0:1239e9b70ca2 8424 #endif
wolfSSL 0:1239e9b70ca2 8425
wolfSSL 0:1239e9b70ca2 8426 default:
wolfSSL 0:1239e9b70ca2 8427 return "NONE";
wolfSSL 0:1239e9b70ca2 8428 }
wolfSSL 0:1239e9b70ca2 8429 }
wolfSSL 0:1239e9b70ca2 8430 #endif /* ECC */
wolfSSL 0:1239e9b70ca2 8431 if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) {
wolfSSL 0:1239e9b70ca2 8432 /* normal suites */
wolfSSL 0:1239e9b70ca2 8433 switch (cipher->ssl->options.cipherSuite) {
wolfSSL 0:1239e9b70ca2 8434 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8435 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 8436 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8437 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8438 return "SSL_RSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8439 #endif
wolfSSL 0:1239e9b70ca2 8440 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 8441 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 0:1239e9b70ca2 8442 return "SSL_RSA_WITH_RC4_128_MD5";
wolfSSL 0:1239e9b70ca2 8443 #endif
wolfSSL 0:1239e9b70ca2 8444 #endif
wolfSSL 0:1239e9b70ca2 8445 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8446 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 8447 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8448 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8449 #endif
wolfSSL 0:1239e9b70ca2 8450 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8451 return "TLS_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8452 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8453 return "TLS_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8454 #endif
wolfSSL 0:1239e9b70ca2 8455 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8456 return "TLS_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8457 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8458 return "TLS_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8459 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 8460 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 0:1239e9b70ca2 8461 return "TLS_RSA_WITH_AES_128_CBC_B2B256";
wolfSSL 0:1239e9b70ca2 8462 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 0:1239e9b70ca2 8463 return "TLS_RSA_WITH_AES_256_CBC_B2B256";
wolfSSL 0:1239e9b70ca2 8464 #endif
wolfSSL 0:1239e9b70ca2 8465 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8466 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 0:1239e9b70ca2 8467 return "TLS_RSA_WITH_NULL_SHA";
wolfSSL 0:1239e9b70ca2 8468 #endif
wolfSSL 0:1239e9b70ca2 8469 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 0:1239e9b70ca2 8470 return "TLS_RSA_WITH_NULL_SHA256";
wolfSSL 0:1239e9b70ca2 8471 #endif /* NO_RSA */
wolfSSL 0:1239e9b70ca2 8472 #ifndef NO_PSK
wolfSSL 0:1239e9b70ca2 8473 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8474 return "TLS_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8475 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8476 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8477 return "TLS_PSK_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8478 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8479 return "TLS_PSK_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8480 #endif
wolfSSL 0:1239e9b70ca2 8481 #ifndef NO_SHA256
wolfSSL 0:1239e9b70ca2 8482 #ifdef HAVE_AESCCM
wolfSSL 0:1239e9b70ca2 8483 case TLS_PSK_WITH_AES_128_CCM_8 :
wolfSSL 0:1239e9b70ca2 8484 return "TLS_PSK_WITH_AES_128_CCM_8";
wolfSSL 0:1239e9b70ca2 8485 case TLS_PSK_WITH_AES_256_CCM_8 :
wolfSSL 0:1239e9b70ca2 8486 return "TLS_PSK_WITH_AES_256_CCM_8";
wolfSSL 0:1239e9b70ca2 8487 #endif
wolfSSL 0:1239e9b70ca2 8488 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 0:1239e9b70ca2 8489 return "TLS_PSK_WITH_NULL_SHA256";
wolfSSL 0:1239e9b70ca2 8490 #endif
wolfSSL 0:1239e9b70ca2 8491 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8492 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 0:1239e9b70ca2 8493 return "TLS_PSK_WITH_NULL_SHA";
wolfSSL 0:1239e9b70ca2 8494 #endif
wolfSSL 0:1239e9b70ca2 8495 #endif /* NO_PSK */
wolfSSL 0:1239e9b70ca2 8496 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 8497 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8498 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8499 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8500 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8501 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8502 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8503 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8504 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8505 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8506 #endif
wolfSSL 0:1239e9b70ca2 8507 #ifndef NO_HC128
wolfSSL 0:1239e9b70ca2 8508 #ifndef NO_MD5
wolfSSL 0:1239e9b70ca2 8509 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 0:1239e9b70ca2 8510 return "TLS_RSA_WITH_HC_128_MD5";
wolfSSL 0:1239e9b70ca2 8511 #endif
wolfSSL 0:1239e9b70ca2 8512 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8513 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 0:1239e9b70ca2 8514 return "TLS_RSA_WITH_HC_128_SHA";
wolfSSL 0:1239e9b70ca2 8515 #endif
wolfSSL 0:1239e9b70ca2 8516 #ifdef HAVE_BLAKE2
wolfSSL 0:1239e9b70ca2 8517 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 0:1239e9b70ca2 8518 return "TLS_RSA_WITH_HC_128_B2B256";
wolfSSL 0:1239e9b70ca2 8519 #endif
wolfSSL 0:1239e9b70ca2 8520 #endif /* NO_HC128 */
wolfSSL 0:1239e9b70ca2 8521 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8522 #ifndef NO_RABBIT
wolfSSL 0:1239e9b70ca2 8523 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 0:1239e9b70ca2 8524 return "TLS_RSA_WITH_RABBIT_SHA";
wolfSSL 0:1239e9b70ca2 8525 #endif
wolfSSL 0:1239e9b70ca2 8526 #ifdef HAVE_NTRU
wolfSSL 0:1239e9b70ca2 8527 #ifndef NO_RC4
wolfSSL 0:1239e9b70ca2 8528 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 0:1239e9b70ca2 8529 return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
wolfSSL 0:1239e9b70ca2 8530 #endif
wolfSSL 0:1239e9b70ca2 8531 #ifndef NO_DES3
wolfSSL 0:1239e9b70ca2 8532 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8533 return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8534 #endif
wolfSSL 0:1239e9b70ca2 8535 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8536 return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8537 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8538 return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8539 #endif /* HAVE_NTRU */
wolfSSL 0:1239e9b70ca2 8540 #endif /* NO_SHA */
wolfSSL 0:1239e9b70ca2 8541 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8542 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8543 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8544 return "TLS_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8545 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 0:1239e9b70ca2 8546 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 0:1239e9b70ca2 8547 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 0:1239e9b70ca2 8548 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 0:1239e9b70ca2 8549 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8550 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8551 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8552 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8553 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8554 #endif
wolfSSL 0:1239e9b70ca2 8555 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8556 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8557 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8558 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8559 #ifndef NO_SHA
wolfSSL 0:1239e9b70ca2 8560 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8561 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8562 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 0:1239e9b70ca2 8563 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 0:1239e9b70ca2 8564 #endif
wolfSSL 0:1239e9b70ca2 8565 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8566 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8567 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 0:1239e9b70ca2 8568 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 0:1239e9b70ca2 8569 #endif /* NO_RSA */
wolfSSL 0:1239e9b70ca2 8570 default:
wolfSSL 0:1239e9b70ca2 8571 return "NONE";
wolfSSL 0:1239e9b70ca2 8572 } /* switch */
wolfSSL 0:1239e9b70ca2 8573 } /* normal / ECC */
wolfSSL 0:1239e9b70ca2 8574 }
wolfSSL 0:1239e9b70ca2 8575 #endif /* NO_ERROR_STRINGS */
wolfSSL 0:1239e9b70ca2 8576 return "NONE";
wolfSSL 0:1239e9b70ca2 8577 }
wolfSSL 0:1239e9b70ca2 8578
wolfSSL 0:1239e9b70ca2 8579
wolfSSL 0:1239e9b70ca2 8580 const char* CyaSSL_get_cipher(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 8581 {
wolfSSL 0:1239e9b70ca2 8582 CYASSL_ENTER("CyaSSL_get_cipher");
wolfSSL 0:1239e9b70ca2 8583 return CyaSSL_CIPHER_get_name(CyaSSL_get_current_cipher(ssl));
wolfSSL 0:1239e9b70ca2 8584 }
wolfSSL 0:1239e9b70ca2 8585
wolfSSL 0:1239e9b70ca2 8586 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 8587
wolfSSL 0:1239e9b70ca2 8588 /* XXX shuld be NO_DH */
wolfSSL 0:1239e9b70ca2 8589 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 8590 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 8591 int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
wolfSSL 0:1239e9b70ca2 8592 const unsigned char* g, int gSz)
wolfSSL 0:1239e9b70ca2 8593 {
wolfSSL 0:1239e9b70ca2 8594 CYASSL_ENTER("CyaSSL_CTX_SetTmpDH");
wolfSSL 0:1239e9b70ca2 8595 if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 8596
wolfSSL 0:1239e9b70ca2 8597 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8598 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8599
wolfSSL 0:1239e9b70ca2 8600 ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8601 if (ctx->serverDH_P.buffer == NULL)
wolfSSL 0:1239e9b70ca2 8602 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 8603
wolfSSL 0:1239e9b70ca2 8604 ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8605 if (ctx->serverDH_G.buffer == NULL) {
wolfSSL 0:1239e9b70ca2 8606 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 8607 return MEMORY_E;
wolfSSL 0:1239e9b70ca2 8608 }
wolfSSL 0:1239e9b70ca2 8609
wolfSSL 0:1239e9b70ca2 8610 ctx->serverDH_P.length = pSz;
wolfSSL 0:1239e9b70ca2 8611 ctx->serverDH_G.length = gSz;
wolfSSL 0:1239e9b70ca2 8612
wolfSSL 0:1239e9b70ca2 8613 XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
wolfSSL 0:1239e9b70ca2 8614 XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
wolfSSL 0:1239e9b70ca2 8615
wolfSSL 0:1239e9b70ca2 8616 ctx->haveDH = 1;
wolfSSL 0:1239e9b70ca2 8617
wolfSSL 0:1239e9b70ca2 8618 CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
wolfSSL 0:1239e9b70ca2 8619 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 8620 }
wolfSSL 0:1239e9b70ca2 8621 #endif /* !NO_CERTS */
wolfSSL 0:1239e9b70ca2 8622
wolfSSL 0:1239e9b70ca2 8623
wolfSSL 0:1239e9b70ca2 8624 char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len)
wolfSSL 0:1239e9b70ca2 8625 {
wolfSSL 0:1239e9b70ca2 8626 (void)cipher;
wolfSSL 0:1239e9b70ca2 8627 (void)in;
wolfSSL 0:1239e9b70ca2 8628 (void)len;
wolfSSL 0:1239e9b70ca2 8629 return 0;
wolfSSL 0:1239e9b70ca2 8630 }
wolfSSL 0:1239e9b70ca2 8631
wolfSSL 0:1239e9b70ca2 8632
wolfSSL 0:1239e9b70ca2 8633 CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl) /* what's ref count */
wolfSSL 0:1239e9b70ca2 8634 {
wolfSSL 0:1239e9b70ca2 8635 (void)ssl;
wolfSSL 0:1239e9b70ca2 8636 return 0;
wolfSSL 0:1239e9b70ca2 8637 }
wolfSSL 0:1239e9b70ca2 8638
wolfSSL 0:1239e9b70ca2 8639
wolfSSL 0:1239e9b70ca2 8640 void CyaSSL_X509_free(CYASSL_X509* buf)
wolfSSL 0:1239e9b70ca2 8641 {
wolfSSL 0:1239e9b70ca2 8642 (void)buf;
wolfSSL 0:1239e9b70ca2 8643 }
wolfSSL 0:1239e9b70ca2 8644
wolfSSL 0:1239e9b70ca2 8645
wolfSSL 0:1239e9b70ca2 8646 /* was do nothing */
wolfSSL 0:1239e9b70ca2 8647 /*
wolfSSL 0:1239e9b70ca2 8648 void OPENSSL_free(void* buf)
wolfSSL 0:1239e9b70ca2 8649 {
wolfSSL 0:1239e9b70ca2 8650 (void)buf;
wolfSSL 0:1239e9b70ca2 8651 }
wolfSSL 0:1239e9b70ca2 8652 */
wolfSSL 0:1239e9b70ca2 8653
wolfSSL 0:1239e9b70ca2 8654
wolfSSL 0:1239e9b70ca2 8655 int CyaSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
wolfSSL 0:1239e9b70ca2 8656 int* ssl)
wolfSSL 0:1239e9b70ca2 8657 {
wolfSSL 0:1239e9b70ca2 8658 (void)url;
wolfSSL 0:1239e9b70ca2 8659 (void)host;
wolfSSL 0:1239e9b70ca2 8660 (void)port;
wolfSSL 0:1239e9b70ca2 8661 (void)path;
wolfSSL 0:1239e9b70ca2 8662 (void)ssl;
wolfSSL 0:1239e9b70ca2 8663 return 0;
wolfSSL 0:1239e9b70ca2 8664 }
wolfSSL 0:1239e9b70ca2 8665
wolfSSL 0:1239e9b70ca2 8666
wolfSSL 0:1239e9b70ca2 8667 CYASSL_METHOD* CyaSSLv2_client_method(void)
wolfSSL 0:1239e9b70ca2 8668 {
wolfSSL 0:1239e9b70ca2 8669 return 0;
wolfSSL 0:1239e9b70ca2 8670 }
wolfSSL 0:1239e9b70ca2 8671
wolfSSL 0:1239e9b70ca2 8672
wolfSSL 0:1239e9b70ca2 8673 CYASSL_METHOD* CyaSSLv2_server_method(void)
wolfSSL 0:1239e9b70ca2 8674 {
wolfSSL 0:1239e9b70ca2 8675 return 0;
wolfSSL 0:1239e9b70ca2 8676 }
wolfSSL 0:1239e9b70ca2 8677
wolfSSL 0:1239e9b70ca2 8678
wolfSSL 0:1239e9b70ca2 8679 #ifndef NO_MD4
wolfSSL 0:1239e9b70ca2 8680
wolfSSL 0:1239e9b70ca2 8681 void CyaSSL_MD4_Init(CYASSL_MD4_CTX* md4)
wolfSSL 0:1239e9b70ca2 8682 {
wolfSSL 0:1239e9b70ca2 8683 /* make sure we have a big enough buffer */
wolfSSL 0:1239e9b70ca2 8684 typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
wolfSSL 0:1239e9b70ca2 8685 (void) sizeof(ok);
wolfSSL 0:1239e9b70ca2 8686
wolfSSL 0:1239e9b70ca2 8687 CYASSL_ENTER("MD4_Init");
wolfSSL 0:1239e9b70ca2 8688 InitMd4((Md4*)md4);
wolfSSL 0:1239e9b70ca2 8689 }
wolfSSL 0:1239e9b70ca2 8690
wolfSSL 0:1239e9b70ca2 8691
wolfSSL 0:1239e9b70ca2 8692 void CyaSSL_MD4_Update(CYASSL_MD4_CTX* md4, const void* data,
wolfSSL 0:1239e9b70ca2 8693 unsigned long len)
wolfSSL 0:1239e9b70ca2 8694 {
wolfSSL 0:1239e9b70ca2 8695 CYASSL_ENTER("MD4_Update");
wolfSSL 0:1239e9b70ca2 8696 Md4Update((Md4*)md4, (const byte*)data, (word32)len);
wolfSSL 0:1239e9b70ca2 8697 }
wolfSSL 0:1239e9b70ca2 8698
wolfSSL 0:1239e9b70ca2 8699
wolfSSL 0:1239e9b70ca2 8700 void CyaSSL_MD4_Final(unsigned char* digest, CYASSL_MD4_CTX* md4)
wolfSSL 0:1239e9b70ca2 8701 {
wolfSSL 0:1239e9b70ca2 8702 CYASSL_ENTER("MD4_Final");
wolfSSL 0:1239e9b70ca2 8703 Md4Final((Md4*)md4, digest);
wolfSSL 0:1239e9b70ca2 8704 }
wolfSSL 0:1239e9b70ca2 8705
wolfSSL 0:1239e9b70ca2 8706 #endif /* NO_MD4 */
wolfSSL 0:1239e9b70ca2 8707
wolfSSL 0:1239e9b70ca2 8708
wolfSSL 0:1239e9b70ca2 8709 CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO* top)
wolfSSL 0:1239e9b70ca2 8710 {
wolfSSL 0:1239e9b70ca2 8711 (void)top;
wolfSSL 0:1239e9b70ca2 8712 return 0;
wolfSSL 0:1239e9b70ca2 8713 }
wolfSSL 0:1239e9b70ca2 8714
wolfSSL 0:1239e9b70ca2 8715
wolfSSL 0:1239e9b70ca2 8716 int CyaSSL_BIO_pending(CYASSL_BIO* bio)
wolfSSL 0:1239e9b70ca2 8717 {
wolfSSL 0:1239e9b70ca2 8718 (void)bio;
wolfSSL 0:1239e9b70ca2 8719 return 0;
wolfSSL 0:1239e9b70ca2 8720 }
wolfSSL 0:1239e9b70ca2 8721
wolfSSL 0:1239e9b70ca2 8722
wolfSSL 0:1239e9b70ca2 8723
wolfSSL 0:1239e9b70ca2 8724 CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void)
wolfSSL 0:1239e9b70ca2 8725 {
wolfSSL 0:1239e9b70ca2 8726 static CYASSL_BIO_METHOD meth;
wolfSSL 0:1239e9b70ca2 8727
wolfSSL 0:1239e9b70ca2 8728 CYASSL_ENTER("BIO_s_mem");
wolfSSL 0:1239e9b70ca2 8729 meth.type = BIO_MEMORY;
wolfSSL 0:1239e9b70ca2 8730
wolfSSL 0:1239e9b70ca2 8731 return &meth;
wolfSSL 0:1239e9b70ca2 8732 }
wolfSSL 0:1239e9b70ca2 8733
wolfSSL 0:1239e9b70ca2 8734
wolfSSL 0:1239e9b70ca2 8735 CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void)
wolfSSL 0:1239e9b70ca2 8736 {
wolfSSL 0:1239e9b70ca2 8737 return 0;
wolfSSL 0:1239e9b70ca2 8738 }
wolfSSL 0:1239e9b70ca2 8739
wolfSSL 0:1239e9b70ca2 8740
wolfSSL 0:1239e9b70ca2 8741 void CyaSSL_BIO_set_flags(CYASSL_BIO* bio, int flags)
wolfSSL 0:1239e9b70ca2 8742 {
wolfSSL 0:1239e9b70ca2 8743 (void)bio;
wolfSSL 0:1239e9b70ca2 8744 (void)flags;
wolfSSL 0:1239e9b70ca2 8745 }
wolfSSL 0:1239e9b70ca2 8746
wolfSSL 0:1239e9b70ca2 8747
wolfSSL 0:1239e9b70ca2 8748
wolfSSL 0:1239e9b70ca2 8749 void CyaSSL_RAND_screen(void)
wolfSSL 0:1239e9b70ca2 8750 {
wolfSSL 0:1239e9b70ca2 8751
wolfSSL 0:1239e9b70ca2 8752 }
wolfSSL 0:1239e9b70ca2 8753
wolfSSL 0:1239e9b70ca2 8754
wolfSSL 0:1239e9b70ca2 8755 const char* CyaSSL_RAND_file_name(char* fname, unsigned long len)
wolfSSL 0:1239e9b70ca2 8756 {
wolfSSL 0:1239e9b70ca2 8757 (void)fname;
wolfSSL 0:1239e9b70ca2 8758 (void)len;
wolfSSL 0:1239e9b70ca2 8759 return 0;
wolfSSL 0:1239e9b70ca2 8760 }
wolfSSL 0:1239e9b70ca2 8761
wolfSSL 0:1239e9b70ca2 8762
wolfSSL 0:1239e9b70ca2 8763 int CyaSSL_RAND_write_file(const char* fname)
wolfSSL 0:1239e9b70ca2 8764 {
wolfSSL 0:1239e9b70ca2 8765 (void)fname;
wolfSSL 0:1239e9b70ca2 8766 return 0;
wolfSSL 0:1239e9b70ca2 8767 }
wolfSSL 0:1239e9b70ca2 8768
wolfSSL 0:1239e9b70ca2 8769
wolfSSL 0:1239e9b70ca2 8770 int CyaSSL_RAND_load_file(const char* fname, long len)
wolfSSL 0:1239e9b70ca2 8771 {
wolfSSL 0:1239e9b70ca2 8772 (void)fname;
wolfSSL 0:1239e9b70ca2 8773 /* CTaoCrypt provides enough entropy internally or will report error */
wolfSSL 0:1239e9b70ca2 8774 if (len == -1)
wolfSSL 0:1239e9b70ca2 8775 return 1024;
wolfSSL 0:1239e9b70ca2 8776 else
wolfSSL 0:1239e9b70ca2 8777 return (int)len;
wolfSSL 0:1239e9b70ca2 8778 }
wolfSSL 0:1239e9b70ca2 8779
wolfSSL 0:1239e9b70ca2 8780
wolfSSL 0:1239e9b70ca2 8781 int CyaSSL_RAND_egd(const char* path)
wolfSSL 0:1239e9b70ca2 8782 {
wolfSSL 0:1239e9b70ca2 8783 (void)path;
wolfSSL 0:1239e9b70ca2 8784 return 0;
wolfSSL 0:1239e9b70ca2 8785 }
wolfSSL 0:1239e9b70ca2 8786
wolfSSL 0:1239e9b70ca2 8787
wolfSSL 0:1239e9b70ca2 8788
wolfSSL 0:1239e9b70ca2 8789 CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void)
wolfSSL 0:1239e9b70ca2 8790 {
wolfSSL 0:1239e9b70ca2 8791 return 0;
wolfSSL 0:1239e9b70ca2 8792 }
wolfSSL 0:1239e9b70ca2 8793
wolfSSL 0:1239e9b70ca2 8794
wolfSSL 0:1239e9b70ca2 8795 CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void)
wolfSSL 0:1239e9b70ca2 8796 {
wolfSSL 0:1239e9b70ca2 8797 return 0;
wolfSSL 0:1239e9b70ca2 8798 }
wolfSSL 0:1239e9b70ca2 8799
wolfSSL 0:1239e9b70ca2 8800
wolfSSL 0:1239e9b70ca2 8801 int CyaSSL_COMP_add_compression_method(int method, void* data)
wolfSSL 0:1239e9b70ca2 8802 {
wolfSSL 0:1239e9b70ca2 8803 (void)method;
wolfSSL 0:1239e9b70ca2 8804 (void)data;
wolfSSL 0:1239e9b70ca2 8805 return 0;
wolfSSL 0:1239e9b70ca2 8806 }
wolfSSL 0:1239e9b70ca2 8807
wolfSSL 0:1239e9b70ca2 8808
wolfSSL 0:1239e9b70ca2 8809
wolfSSL 0:1239e9b70ca2 8810 int CyaSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
wolfSSL 0:1239e9b70ca2 8811 void* cb3)
wolfSSL 0:1239e9b70ca2 8812 {
wolfSSL 0:1239e9b70ca2 8813 (void)idx;
wolfSSL 0:1239e9b70ca2 8814 (void)data;
wolfSSL 0:1239e9b70ca2 8815 (void)cb1;
wolfSSL 0:1239e9b70ca2 8816 (void)cb2;
wolfSSL 0:1239e9b70ca2 8817 (void)cb3;
wolfSSL 0:1239e9b70ca2 8818 return 0;
wolfSSL 0:1239e9b70ca2 8819 }
wolfSSL 0:1239e9b70ca2 8820
wolfSSL 0:1239e9b70ca2 8821
wolfSSL 0:1239e9b70ca2 8822 void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f)(
wolfSSL 0:1239e9b70ca2 8823 const char*, int))
wolfSSL 0:1239e9b70ca2 8824 {
wolfSSL 0:1239e9b70ca2 8825 (void)f;
wolfSSL 0:1239e9b70ca2 8826 }
wolfSSL 0:1239e9b70ca2 8827
wolfSSL 0:1239e9b70ca2 8828
wolfSSL 0:1239e9b70ca2 8829 void CyaSSL_set_dynlock_lock_callback(
wolfSSL 0:1239e9b70ca2 8830 void (*f)(int, CYASSL_dynlock_value*, const char*, int))
wolfSSL 0:1239e9b70ca2 8831 {
wolfSSL 0:1239e9b70ca2 8832 (void)f;
wolfSSL 0:1239e9b70ca2 8833 }
wolfSSL 0:1239e9b70ca2 8834
wolfSSL 0:1239e9b70ca2 8835
wolfSSL 0:1239e9b70ca2 8836 void CyaSSL_set_dynlock_destroy_callback(
wolfSSL 0:1239e9b70ca2 8837 void (*f)(CYASSL_dynlock_value*, const char*, int))
wolfSSL 0:1239e9b70ca2 8838 {
wolfSSL 0:1239e9b70ca2 8839 (void)f;
wolfSSL 0:1239e9b70ca2 8840 }
wolfSSL 0:1239e9b70ca2 8841
wolfSSL 0:1239e9b70ca2 8842
wolfSSL 0:1239e9b70ca2 8843
wolfSSL 0:1239e9b70ca2 8844 const char* CyaSSL_X509_verify_cert_error_string(long err)
wolfSSL 0:1239e9b70ca2 8845 {
wolfSSL 0:1239e9b70ca2 8846 (void)err;
wolfSSL 0:1239e9b70ca2 8847 return 0;
wolfSSL 0:1239e9b70ca2 8848 }
wolfSSL 0:1239e9b70ca2 8849
wolfSSL 0:1239e9b70ca2 8850
wolfSSL 0:1239e9b70ca2 8851
wolfSSL 0:1239e9b70ca2 8852 int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP* lookup, const char* dir,
wolfSSL 0:1239e9b70ca2 8853 long len)
wolfSSL 0:1239e9b70ca2 8854 {
wolfSSL 0:1239e9b70ca2 8855 (void)lookup;
wolfSSL 0:1239e9b70ca2 8856 (void)dir;
wolfSSL 0:1239e9b70ca2 8857 (void)len;
wolfSSL 0:1239e9b70ca2 8858 return 0;
wolfSSL 0:1239e9b70ca2 8859 }
wolfSSL 0:1239e9b70ca2 8860
wolfSSL 0:1239e9b70ca2 8861
wolfSSL 0:1239e9b70ca2 8862 int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP* lookup,
wolfSSL 0:1239e9b70ca2 8863 const char* file, long len)
wolfSSL 0:1239e9b70ca2 8864 {
wolfSSL 0:1239e9b70ca2 8865 (void)lookup;
wolfSSL 0:1239e9b70ca2 8866 (void)file;
wolfSSL 0:1239e9b70ca2 8867 (void)len;
wolfSSL 0:1239e9b70ca2 8868 return 0;
wolfSSL 0:1239e9b70ca2 8869 }
wolfSSL 0:1239e9b70ca2 8870
wolfSSL 0:1239e9b70ca2 8871
wolfSSL 0:1239e9b70ca2 8872 CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void)
wolfSSL 0:1239e9b70ca2 8873 {
wolfSSL 0:1239e9b70ca2 8874 return 0;
wolfSSL 0:1239e9b70ca2 8875 }
wolfSSL 0:1239e9b70ca2 8876
wolfSSL 0:1239e9b70ca2 8877
wolfSSL 0:1239e9b70ca2 8878 CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void)
wolfSSL 0:1239e9b70ca2 8879 {
wolfSSL 0:1239e9b70ca2 8880 return 0;
wolfSSL 0:1239e9b70ca2 8881 }
wolfSSL 0:1239e9b70ca2 8882
wolfSSL 0:1239e9b70ca2 8883
wolfSSL 0:1239e9b70ca2 8884
wolfSSL 0:1239e9b70ca2 8885 CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE* store,
wolfSSL 0:1239e9b70ca2 8886 CYASSL_X509_LOOKUP_METHOD* m)
wolfSSL 0:1239e9b70ca2 8887 {
wolfSSL 0:1239e9b70ca2 8888 (void)store;
wolfSSL 0:1239e9b70ca2 8889 (void)m;
wolfSSL 0:1239e9b70ca2 8890 return 0;
wolfSSL 0:1239e9b70ca2 8891 }
wolfSSL 0:1239e9b70ca2 8892
wolfSSL 0:1239e9b70ca2 8893
wolfSSL 0:1239e9b70ca2 8894 int CyaSSL_X509_STORE_add_cert(CYASSL_X509_STORE* store, CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 8895 {
wolfSSL 0:1239e9b70ca2 8896 int result = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 8897
wolfSSL 0:1239e9b70ca2 8898 CYASSL_ENTER("CyaSSL_X509_STORE_add_cert");
wolfSSL 0:1239e9b70ca2 8899 if (store != NULL && store->cm != NULL && x509 != NULL) {
wolfSSL 0:1239e9b70ca2 8900 buffer derCert;
wolfSSL 0:1239e9b70ca2 8901 derCert.buffer = (byte*)XMALLOC(x509->derCert.length,
wolfSSL 0:1239e9b70ca2 8902 NULL, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 8903 if (derCert.buffer != NULL) {
wolfSSL 0:1239e9b70ca2 8904 derCert.length = x509->derCert.length;
wolfSSL 0:1239e9b70ca2 8905 // AddCA() frees the buffer.
wolfSSL 0:1239e9b70ca2 8906 XMEMCPY(derCert.buffer,
wolfSSL 0:1239e9b70ca2 8907 x509->derCert.buffer, x509->derCert.length);
wolfSSL 0:1239e9b70ca2 8908 result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1);
wolfSSL 0:1239e9b70ca2 8909 if (result != SSL_SUCCESS) result = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 8910 }
wolfSSL 0:1239e9b70ca2 8911 }
wolfSSL 0:1239e9b70ca2 8912
wolfSSL 0:1239e9b70ca2 8913 CYASSL_LEAVE("CyaSSL_X509_STORE_add_cert", result);
wolfSSL 0:1239e9b70ca2 8914 return result;
wolfSSL 0:1239e9b70ca2 8915 }
wolfSSL 0:1239e9b70ca2 8916
wolfSSL 0:1239e9b70ca2 8917
wolfSSL 0:1239e9b70ca2 8918 CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void)
wolfSSL 0:1239e9b70ca2 8919 {
wolfSSL 0:1239e9b70ca2 8920 CYASSL_X509_STORE* store = NULL;
wolfSSL 0:1239e9b70ca2 8921
wolfSSL 0:1239e9b70ca2 8922 store = (CYASSL_X509_STORE*)XMALLOC(sizeof(CYASSL_X509_STORE), NULL, 0);
wolfSSL 0:1239e9b70ca2 8923 if (store != NULL) {
wolfSSL 0:1239e9b70ca2 8924 store->cm = CyaSSL_CertManagerNew();
wolfSSL 0:1239e9b70ca2 8925 if (store->cm == NULL) {
wolfSSL 0:1239e9b70ca2 8926 XFREE(store, NULL, 0);
wolfSSL 0:1239e9b70ca2 8927 store = NULL;
wolfSSL 0:1239e9b70ca2 8928 }
wolfSSL 0:1239e9b70ca2 8929 }
wolfSSL 0:1239e9b70ca2 8930
wolfSSL 0:1239e9b70ca2 8931 return store;
wolfSSL 0:1239e9b70ca2 8932 }
wolfSSL 0:1239e9b70ca2 8933
wolfSSL 0:1239e9b70ca2 8934
wolfSSL 0:1239e9b70ca2 8935 void CyaSSL_X509_STORE_free(CYASSL_X509_STORE* store)
wolfSSL 0:1239e9b70ca2 8936 {
wolfSSL 0:1239e9b70ca2 8937 if (store != NULL) {
wolfSSL 0:1239e9b70ca2 8938 if (store->cm != NULL)
wolfSSL 0:1239e9b70ca2 8939 CyaSSL_CertManagerFree(store->cm);
wolfSSL 0:1239e9b70ca2 8940 XFREE(store, NULL, 0);
wolfSSL 0:1239e9b70ca2 8941 }
wolfSSL 0:1239e9b70ca2 8942 }
wolfSSL 0:1239e9b70ca2 8943
wolfSSL 0:1239e9b70ca2 8944
wolfSSL 0:1239e9b70ca2 8945 int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE* store)
wolfSSL 0:1239e9b70ca2 8946 {
wolfSSL 0:1239e9b70ca2 8947 (void)store;
wolfSSL 0:1239e9b70ca2 8948 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 8949 }
wolfSSL 0:1239e9b70ca2 8950
wolfSSL 0:1239e9b70ca2 8951
wolfSSL 0:1239e9b70ca2 8952 int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX* ctx, int idx,
wolfSSL 0:1239e9b70ca2 8953 CYASSL_X509_NAME* name, CYASSL_X509_OBJECT* obj)
wolfSSL 0:1239e9b70ca2 8954 {
wolfSSL 0:1239e9b70ca2 8955 (void)ctx;
wolfSSL 0:1239e9b70ca2 8956 (void)idx;
wolfSSL 0:1239e9b70ca2 8957 (void)name;
wolfSSL 0:1239e9b70ca2 8958 (void)obj;
wolfSSL 0:1239e9b70ca2 8959 return 0;
wolfSSL 0:1239e9b70ca2 8960 }
wolfSSL 0:1239e9b70ca2 8961
wolfSSL 0:1239e9b70ca2 8962
wolfSSL 0:1239e9b70ca2 8963 CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void)
wolfSSL 0:1239e9b70ca2 8964 {
wolfSSL 0:1239e9b70ca2 8965 CYASSL_X509_STORE_CTX* ctx = (CYASSL_X509_STORE_CTX*)XMALLOC(
wolfSSL 0:1239e9b70ca2 8966 sizeof(CYASSL_X509_STORE_CTX), NULL, 0);
wolfSSL 0:1239e9b70ca2 8967
wolfSSL 0:1239e9b70ca2 8968 if (ctx != NULL)
wolfSSL 0:1239e9b70ca2 8969 CyaSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
wolfSSL 0:1239e9b70ca2 8970
wolfSSL 0:1239e9b70ca2 8971 return ctx;
wolfSSL 0:1239e9b70ca2 8972 }
wolfSSL 0:1239e9b70ca2 8973
wolfSSL 0:1239e9b70ca2 8974
wolfSSL 0:1239e9b70ca2 8975 int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX* ctx,
wolfSSL 0:1239e9b70ca2 8976 CYASSL_X509_STORE* store, CYASSL_X509* x509, STACK_OF(CYASSL_X509)* sk)
wolfSSL 0:1239e9b70ca2 8977 {
wolfSSL 0:1239e9b70ca2 8978 (void)sk;
wolfSSL 0:1239e9b70ca2 8979 if (ctx != NULL) {
wolfSSL 0:1239e9b70ca2 8980 ctx->store = store;
wolfSSL 0:1239e9b70ca2 8981 ctx->current_cert = x509;
wolfSSL 0:1239e9b70ca2 8982 ctx->domain = NULL;
wolfSSL 0:1239e9b70ca2 8983 ctx->ex_data = NULL;
wolfSSL 0:1239e9b70ca2 8984 ctx->userCtx = NULL;
wolfSSL 0:1239e9b70ca2 8985 ctx->error = 0;
wolfSSL 0:1239e9b70ca2 8986 ctx->error_depth = 0;
wolfSSL 0:1239e9b70ca2 8987 ctx->discardSessionCerts = 0;
wolfSSL 0:1239e9b70ca2 8988 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 8989 }
wolfSSL 0:1239e9b70ca2 8990 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 8991 }
wolfSSL 0:1239e9b70ca2 8992
wolfSSL 0:1239e9b70ca2 8993
wolfSSL 0:1239e9b70ca2 8994 void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 8995 {
wolfSSL 0:1239e9b70ca2 8996 if (ctx != NULL) {
wolfSSL 0:1239e9b70ca2 8997 if (ctx->store != NULL)
wolfSSL 0:1239e9b70ca2 8998 CyaSSL_X509_STORE_free(ctx->store);
wolfSSL 0:1239e9b70ca2 8999 if (ctx->current_cert != NULL)
wolfSSL 0:1239e9b70ca2 9000 CyaSSL_FreeX509(ctx->current_cert);
wolfSSL 0:1239e9b70ca2 9001 XFREE(ctx, NULL, 0);
wolfSSL 0:1239e9b70ca2 9002 }
wolfSSL 0:1239e9b70ca2 9003 }
wolfSSL 0:1239e9b70ca2 9004
wolfSSL 0:1239e9b70ca2 9005
wolfSSL 0:1239e9b70ca2 9006 void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9007 {
wolfSSL 0:1239e9b70ca2 9008 (void)ctx;
wolfSSL 0:1239e9b70ca2 9009 }
wolfSSL 0:1239e9b70ca2 9010
wolfSSL 0:1239e9b70ca2 9011
wolfSSL 0:1239e9b70ca2 9012 int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9013 {
wolfSSL 0:1239e9b70ca2 9014 if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
wolfSSL 0:1239e9b70ca2 9015 && ctx->current_cert != NULL) {
wolfSSL 0:1239e9b70ca2 9016 return CyaSSL_CertManagerVerifyBuffer(ctx->store->cm,
wolfSSL 0:1239e9b70ca2 9017 ctx->current_cert->derCert.buffer,
wolfSSL 0:1239e9b70ca2 9018 ctx->current_cert->derCert.length,
wolfSSL 0:1239e9b70ca2 9019 SSL_FILETYPE_ASN1);
wolfSSL 0:1239e9b70ca2 9020 }
wolfSSL 0:1239e9b70ca2 9021 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9022 }
wolfSSL 0:1239e9b70ca2 9023
wolfSSL 0:1239e9b70ca2 9024
wolfSSL 0:1239e9b70ca2 9025 CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL* crl)
wolfSSL 0:1239e9b70ca2 9026 {
wolfSSL 0:1239e9b70ca2 9027 (void)crl;
wolfSSL 0:1239e9b70ca2 9028 return 0;
wolfSSL 0:1239e9b70ca2 9029 }
wolfSSL 0:1239e9b70ca2 9030
wolfSSL 0:1239e9b70ca2 9031
wolfSSL 0:1239e9b70ca2 9032 CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL* crl)
wolfSSL 0:1239e9b70ca2 9033 {
wolfSSL 0:1239e9b70ca2 9034 (void)crl;
wolfSSL 0:1239e9b70ca2 9035 return 0;
wolfSSL 0:1239e9b70ca2 9036 }
wolfSSL 0:1239e9b70ca2 9037
wolfSSL 0:1239e9b70ca2 9038
wolfSSL 0:1239e9b70ca2 9039
wolfSSL 0:1239e9b70ca2 9040 CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 9041 {
wolfSSL 0:1239e9b70ca2 9042 CYASSL_EVP_PKEY* key = NULL;
wolfSSL 0:1239e9b70ca2 9043 if (x509 != NULL) {
wolfSSL 0:1239e9b70ca2 9044 key = (CYASSL_EVP_PKEY*)XMALLOC(
wolfSSL 0:1239e9b70ca2 9045 sizeof(CYASSL_EVP_PKEY), NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 0:1239e9b70ca2 9046 if (key != NULL) {
wolfSSL 0:1239e9b70ca2 9047 key->type = x509->pubKeyOID;
wolfSSL 0:1239e9b70ca2 9048 key->save_type = 0;
wolfSSL 0:1239e9b70ca2 9049 key->pkey.ptr = (char*)XMALLOC(
wolfSSL 0:1239e9b70ca2 9050 x509->pubKey.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 0:1239e9b70ca2 9051 if (key->pkey.ptr == NULL) {
wolfSSL 0:1239e9b70ca2 9052 XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 0:1239e9b70ca2 9053 return NULL;
wolfSSL 0:1239e9b70ca2 9054 }
wolfSSL 0:1239e9b70ca2 9055 XMEMCPY(key->pkey.ptr,
wolfSSL 0:1239e9b70ca2 9056 x509->pubKey.buffer, x509->pubKey.length);
wolfSSL 0:1239e9b70ca2 9057 key->pkey_sz = x509->pubKey.length;
wolfSSL 0:1239e9b70ca2 9058 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 9059 key->pkey_curve = (int)x509->pkCurveOID;
wolfSSL 0:1239e9b70ca2 9060 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 9061 }
wolfSSL 0:1239e9b70ca2 9062 }
wolfSSL 0:1239e9b70ca2 9063 return key;
wolfSSL 0:1239e9b70ca2 9064 }
wolfSSL 0:1239e9b70ca2 9065
wolfSSL 0:1239e9b70ca2 9066
wolfSSL 0:1239e9b70ca2 9067 int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL* crl, CYASSL_EVP_PKEY* key)
wolfSSL 0:1239e9b70ca2 9068 {
wolfSSL 0:1239e9b70ca2 9069 (void)crl;
wolfSSL 0:1239e9b70ca2 9070 (void)key;
wolfSSL 0:1239e9b70ca2 9071 return 0;
wolfSSL 0:1239e9b70ca2 9072 }
wolfSSL 0:1239e9b70ca2 9073
wolfSSL 0:1239e9b70ca2 9074
wolfSSL 0:1239e9b70ca2 9075 void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX* ctx, int err)
wolfSSL 0:1239e9b70ca2 9076 {
wolfSSL 0:1239e9b70ca2 9077 (void)ctx;
wolfSSL 0:1239e9b70ca2 9078 (void)err;
wolfSSL 0:1239e9b70ca2 9079 }
wolfSSL 0:1239e9b70ca2 9080
wolfSSL 0:1239e9b70ca2 9081
wolfSSL 0:1239e9b70ca2 9082 void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT* obj)
wolfSSL 0:1239e9b70ca2 9083 {
wolfSSL 0:1239e9b70ca2 9084 (void)obj;
wolfSSL 0:1239e9b70ca2 9085 }
wolfSSL 0:1239e9b70ca2 9086
wolfSSL 0:1239e9b70ca2 9087
wolfSSL 0:1239e9b70ca2 9088 void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY* key)
wolfSSL 0:1239e9b70ca2 9089 {
wolfSSL 0:1239e9b70ca2 9090 if (key != NULL) {
wolfSSL 0:1239e9b70ca2 9091 if (key->pkey.ptr != NULL)
wolfSSL 0:1239e9b70ca2 9092 XFREE(key->pkey.ptr, NULL, 0);
wolfSSL 0:1239e9b70ca2 9093 XFREE(key, NULL, 0);
wolfSSL 0:1239e9b70ca2 9094 }
wolfSSL 0:1239e9b70ca2 9095 }
wolfSSL 0:1239e9b70ca2 9096
wolfSSL 0:1239e9b70ca2 9097
wolfSSL 0:1239e9b70ca2 9098 int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME* asnTime)
wolfSSL 0:1239e9b70ca2 9099 {
wolfSSL 0:1239e9b70ca2 9100 (void)asnTime;
wolfSSL 0:1239e9b70ca2 9101 return 0;
wolfSSL 0:1239e9b70ca2 9102 }
wolfSSL 0:1239e9b70ca2 9103
wolfSSL 0:1239e9b70ca2 9104
wolfSSL 0:1239e9b70ca2 9105 int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED* revoked)
wolfSSL 0:1239e9b70ca2 9106 {
wolfSSL 0:1239e9b70ca2 9107 (void)revoked;
wolfSSL 0:1239e9b70ca2 9108 return 0;
wolfSSL 0:1239e9b70ca2 9109 }
wolfSSL 0:1239e9b70ca2 9110
wolfSSL 0:1239e9b70ca2 9111
wolfSSL 0:1239e9b70ca2 9112
wolfSSL 0:1239e9b70ca2 9113 CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL* crl)
wolfSSL 0:1239e9b70ca2 9114 {
wolfSSL 0:1239e9b70ca2 9115 (void)crl;
wolfSSL 0:1239e9b70ca2 9116 return 0;
wolfSSL 0:1239e9b70ca2 9117 }
wolfSSL 0:1239e9b70ca2 9118
wolfSSL 0:1239e9b70ca2 9119
wolfSSL 0:1239e9b70ca2 9120 CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value(
wolfSSL 0:1239e9b70ca2 9121 CYASSL_X509_REVOKED* revoked, int value)
wolfSSL 0:1239e9b70ca2 9122 {
wolfSSL 0:1239e9b70ca2 9123 (void)revoked;
wolfSSL 0:1239e9b70ca2 9124 (void)value;
wolfSSL 0:1239e9b70ca2 9125 return 0;
wolfSSL 0:1239e9b70ca2 9126 }
wolfSSL 0:1239e9b70ca2 9127
wolfSSL 0:1239e9b70ca2 9128
wolfSSL 0:1239e9b70ca2 9129
wolfSSL 0:1239e9b70ca2 9130 CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 9131 {
wolfSSL 0:1239e9b70ca2 9132 (void)x509;
wolfSSL 0:1239e9b70ca2 9133 return 0;
wolfSSL 0:1239e9b70ca2 9134 }
wolfSSL 0:1239e9b70ca2 9135
wolfSSL 0:1239e9b70ca2 9136
wolfSSL 0:1239e9b70ca2 9137 int CyaSSL_ASN1_TIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_TIME* asnTime)
wolfSSL 0:1239e9b70ca2 9138 {
wolfSSL 0:1239e9b70ca2 9139 (void)bio;
wolfSSL 0:1239e9b70ca2 9140 (void)asnTime;
wolfSSL 0:1239e9b70ca2 9141 return 0;
wolfSSL 0:1239e9b70ca2 9142 }
wolfSSL 0:1239e9b70ca2 9143
wolfSSL 0:1239e9b70ca2 9144
wolfSSL 0:1239e9b70ca2 9145
wolfSSL 0:1239e9b70ca2 9146 int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER* a,
wolfSSL 0:1239e9b70ca2 9147 const CYASSL_ASN1_INTEGER* b)
wolfSSL 0:1239e9b70ca2 9148 {
wolfSSL 0:1239e9b70ca2 9149 (void)a;
wolfSSL 0:1239e9b70ca2 9150 (void)b;
wolfSSL 0:1239e9b70ca2 9151 return 0;
wolfSSL 0:1239e9b70ca2 9152 }
wolfSSL 0:1239e9b70ca2 9153
wolfSSL 0:1239e9b70ca2 9154
wolfSSL 0:1239e9b70ca2 9155 long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER* i)
wolfSSL 0:1239e9b70ca2 9156 {
wolfSSL 0:1239e9b70ca2 9157 (void)i;
wolfSSL 0:1239e9b70ca2 9158 return 0;
wolfSSL 0:1239e9b70ca2 9159 }
wolfSSL 0:1239e9b70ca2 9160
wolfSSL 0:1239e9b70ca2 9161
wolfSSL 0:1239e9b70ca2 9162
wolfSSL 0:1239e9b70ca2 9163 void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX* ctx, int idx)
wolfSSL 0:1239e9b70ca2 9164 {
wolfSSL 0:1239e9b70ca2 9165 #ifdef FORTRESS
wolfSSL 0:1239e9b70ca2 9166 if (ctx != NULL && idx == 0)
wolfSSL 0:1239e9b70ca2 9167 return ctx->ex_data;
wolfSSL 0:1239e9b70ca2 9168 #else
wolfSSL 0:1239e9b70ca2 9169 (void)ctx;
wolfSSL 0:1239e9b70ca2 9170 (void)idx;
wolfSSL 0:1239e9b70ca2 9171 #endif
wolfSSL 0:1239e9b70ca2 9172 return 0;
wolfSSL 0:1239e9b70ca2 9173 }
wolfSSL 0:1239e9b70ca2 9174
wolfSSL 0:1239e9b70ca2 9175
wolfSSL 0:1239e9b70ca2 9176 int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void)
wolfSSL 0:1239e9b70ca2 9177 {
wolfSSL 0:1239e9b70ca2 9178 return 0;
wolfSSL 0:1239e9b70ca2 9179 }
wolfSSL 0:1239e9b70ca2 9180
wolfSSL 0:1239e9b70ca2 9181
wolfSSL 0:1239e9b70ca2 9182 void* CyaSSL_get_ex_data(const CYASSL* ssl, int idx)
wolfSSL 0:1239e9b70ca2 9183 {
wolfSSL 0:1239e9b70ca2 9184 #ifdef FORTRESS
wolfSSL 0:1239e9b70ca2 9185 if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL 0:1239e9b70ca2 9186 return ssl->ex_data[idx];
wolfSSL 0:1239e9b70ca2 9187 #else
wolfSSL 0:1239e9b70ca2 9188 (void)ssl;
wolfSSL 0:1239e9b70ca2 9189 (void)idx;
wolfSSL 0:1239e9b70ca2 9190 #endif
wolfSSL 0:1239e9b70ca2 9191 return 0;
wolfSSL 0:1239e9b70ca2 9192 }
wolfSSL 0:1239e9b70ca2 9193
wolfSSL 0:1239e9b70ca2 9194
wolfSSL 0:1239e9b70ca2 9195 void CyaSSL_CTX_set_info_callback(CYASSL_CTX* ctx, void (*f)(void))
wolfSSL 0:1239e9b70ca2 9196 {
wolfSSL 0:1239e9b70ca2 9197 (void)ctx;
wolfSSL 0:1239e9b70ca2 9198 (void)f;
wolfSSL 0:1239e9b70ca2 9199 }
wolfSSL 0:1239e9b70ca2 9200
wolfSSL 0:1239e9b70ca2 9201
wolfSSL 0:1239e9b70ca2 9202 unsigned long CyaSSL_ERR_peek_error(void)
wolfSSL 0:1239e9b70ca2 9203 {
wolfSSL 0:1239e9b70ca2 9204 return 0;
wolfSSL 0:1239e9b70ca2 9205 }
wolfSSL 0:1239e9b70ca2 9206
wolfSSL 0:1239e9b70ca2 9207
wolfSSL 0:1239e9b70ca2 9208 int CyaSSL_ERR_GET_REASON(int err)
wolfSSL 0:1239e9b70ca2 9209 {
wolfSSL 0:1239e9b70ca2 9210 (void)err;
wolfSSL 0:1239e9b70ca2 9211 return 0;
wolfSSL 0:1239e9b70ca2 9212 }
wolfSSL 0:1239e9b70ca2 9213
wolfSSL 0:1239e9b70ca2 9214
wolfSSL 0:1239e9b70ca2 9215 char* CyaSSL_alert_type_string_long(int alertID)
wolfSSL 0:1239e9b70ca2 9216 {
wolfSSL 0:1239e9b70ca2 9217 (void)alertID;
wolfSSL 0:1239e9b70ca2 9218 return 0;
wolfSSL 0:1239e9b70ca2 9219 }
wolfSSL 0:1239e9b70ca2 9220
wolfSSL 0:1239e9b70ca2 9221
wolfSSL 0:1239e9b70ca2 9222 char* CyaSSL_alert_desc_string_long(int alertID)
wolfSSL 0:1239e9b70ca2 9223 {
wolfSSL 0:1239e9b70ca2 9224 (void)alertID;
wolfSSL 0:1239e9b70ca2 9225 return 0;
wolfSSL 0:1239e9b70ca2 9226 }
wolfSSL 0:1239e9b70ca2 9227
wolfSSL 0:1239e9b70ca2 9228
wolfSSL 0:1239e9b70ca2 9229 char* CyaSSL_state_string_long(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 9230 {
wolfSSL 0:1239e9b70ca2 9231 (void)ssl;
wolfSSL 0:1239e9b70ca2 9232 return 0;
wolfSSL 0:1239e9b70ca2 9233 }
wolfSSL 0:1239e9b70ca2 9234
wolfSSL 0:1239e9b70ca2 9235
wolfSSL 0:1239e9b70ca2 9236 int CyaSSL_PEM_def_callback(char* name, int num, int w, void* key)
wolfSSL 0:1239e9b70ca2 9237 {
wolfSSL 0:1239e9b70ca2 9238 (void)name;
wolfSSL 0:1239e9b70ca2 9239 (void)num;
wolfSSL 0:1239e9b70ca2 9240 (void)w;
wolfSSL 0:1239e9b70ca2 9241 (void)key;
wolfSSL 0:1239e9b70ca2 9242 return 0;
wolfSSL 0:1239e9b70ca2 9243 }
wolfSSL 0:1239e9b70ca2 9244
wolfSSL 0:1239e9b70ca2 9245
wolfSSL 0:1239e9b70ca2 9246 long CyaSSL_CTX_sess_accept(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9247 {
wolfSSL 0:1239e9b70ca2 9248 (void)ctx;
wolfSSL 0:1239e9b70ca2 9249 return 0;
wolfSSL 0:1239e9b70ca2 9250 }
wolfSSL 0:1239e9b70ca2 9251
wolfSSL 0:1239e9b70ca2 9252
wolfSSL 0:1239e9b70ca2 9253 long CyaSSL_CTX_sess_connect(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9254 {
wolfSSL 0:1239e9b70ca2 9255 (void)ctx;
wolfSSL 0:1239e9b70ca2 9256 return 0;
wolfSSL 0:1239e9b70ca2 9257 }
wolfSSL 0:1239e9b70ca2 9258
wolfSSL 0:1239e9b70ca2 9259
wolfSSL 0:1239e9b70ca2 9260 long CyaSSL_CTX_sess_accept_good(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9261 {
wolfSSL 0:1239e9b70ca2 9262 (void)ctx;
wolfSSL 0:1239e9b70ca2 9263 return 0;
wolfSSL 0:1239e9b70ca2 9264 }
wolfSSL 0:1239e9b70ca2 9265
wolfSSL 0:1239e9b70ca2 9266
wolfSSL 0:1239e9b70ca2 9267 long CyaSSL_CTX_sess_connect_good(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9268 {
wolfSSL 0:1239e9b70ca2 9269 (void)ctx;
wolfSSL 0:1239e9b70ca2 9270 return 0;
wolfSSL 0:1239e9b70ca2 9271 }
wolfSSL 0:1239e9b70ca2 9272
wolfSSL 0:1239e9b70ca2 9273
wolfSSL 0:1239e9b70ca2 9274 long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9275 {
wolfSSL 0:1239e9b70ca2 9276 (void)ctx;
wolfSSL 0:1239e9b70ca2 9277 return 0;
wolfSSL 0:1239e9b70ca2 9278 }
wolfSSL 0:1239e9b70ca2 9279
wolfSSL 0:1239e9b70ca2 9280
wolfSSL 0:1239e9b70ca2 9281 long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9282 {
wolfSSL 0:1239e9b70ca2 9283 (void)ctx;
wolfSSL 0:1239e9b70ca2 9284 return 0;
wolfSSL 0:1239e9b70ca2 9285 }
wolfSSL 0:1239e9b70ca2 9286
wolfSSL 0:1239e9b70ca2 9287
wolfSSL 0:1239e9b70ca2 9288 long CyaSSL_CTX_sess_hits(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9289 {
wolfSSL 0:1239e9b70ca2 9290 (void)ctx;
wolfSSL 0:1239e9b70ca2 9291 return 0;
wolfSSL 0:1239e9b70ca2 9292 }
wolfSSL 0:1239e9b70ca2 9293
wolfSSL 0:1239e9b70ca2 9294
wolfSSL 0:1239e9b70ca2 9295 long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9296 {
wolfSSL 0:1239e9b70ca2 9297 (void)ctx;
wolfSSL 0:1239e9b70ca2 9298 return 0;
wolfSSL 0:1239e9b70ca2 9299 }
wolfSSL 0:1239e9b70ca2 9300
wolfSSL 0:1239e9b70ca2 9301
wolfSSL 0:1239e9b70ca2 9302 long CyaSSL_CTX_sess_cache_full(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9303 {
wolfSSL 0:1239e9b70ca2 9304 (void)ctx;
wolfSSL 0:1239e9b70ca2 9305 return 0;
wolfSSL 0:1239e9b70ca2 9306 }
wolfSSL 0:1239e9b70ca2 9307
wolfSSL 0:1239e9b70ca2 9308
wolfSSL 0:1239e9b70ca2 9309 long CyaSSL_CTX_sess_misses(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9310 {
wolfSSL 0:1239e9b70ca2 9311 (void)ctx;
wolfSSL 0:1239e9b70ca2 9312 return 0;
wolfSSL 0:1239e9b70ca2 9313 }
wolfSSL 0:1239e9b70ca2 9314
wolfSSL 0:1239e9b70ca2 9315
wolfSSL 0:1239e9b70ca2 9316 long CyaSSL_CTX_sess_timeouts(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9317 {
wolfSSL 0:1239e9b70ca2 9318 (void)ctx;
wolfSSL 0:1239e9b70ca2 9319 return 0;
wolfSSL 0:1239e9b70ca2 9320 }
wolfSSL 0:1239e9b70ca2 9321
wolfSSL 0:1239e9b70ca2 9322
wolfSSL 0:1239e9b70ca2 9323 long CyaSSL_CTX_sess_number(CYASSL_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9324 {
wolfSSL 0:1239e9b70ca2 9325 (void)ctx;
wolfSSL 0:1239e9b70ca2 9326 return 0;
wolfSSL 0:1239e9b70ca2 9327 }
wolfSSL 0:1239e9b70ca2 9328
wolfSSL 0:1239e9b70ca2 9329
wolfSSL 0:1239e9b70ca2 9330 void CyaSSL_DES_set_key_unchecked(CYASSL_const_DES_cblock* myDes,
wolfSSL 0:1239e9b70ca2 9331 CYASSL_DES_key_schedule* key)
wolfSSL 0:1239e9b70ca2 9332 {
wolfSSL 0:1239e9b70ca2 9333 (void)myDes;
wolfSSL 0:1239e9b70ca2 9334 (void)key;
wolfSSL 0:1239e9b70ca2 9335 }
wolfSSL 0:1239e9b70ca2 9336
wolfSSL 0:1239e9b70ca2 9337
wolfSSL 0:1239e9b70ca2 9338 void CyaSSL_DES_set_odd_parity(CYASSL_DES_cblock* myDes)
wolfSSL 0:1239e9b70ca2 9339 {
wolfSSL 0:1239e9b70ca2 9340 (void)myDes;
wolfSSL 0:1239e9b70ca2 9341 }
wolfSSL 0:1239e9b70ca2 9342
wolfSSL 0:1239e9b70ca2 9343
wolfSSL 0:1239e9b70ca2 9344 void CyaSSL_DES_ecb_encrypt(CYASSL_DES_cblock* desa,
wolfSSL 0:1239e9b70ca2 9345 CYASSL_DES_cblock* desb, CYASSL_DES_key_schedule* key, int len)
wolfSSL 0:1239e9b70ca2 9346 {
wolfSSL 0:1239e9b70ca2 9347 (void)desa;
wolfSSL 0:1239e9b70ca2 9348 (void)desb;
wolfSSL 0:1239e9b70ca2 9349 (void)key;
wolfSSL 0:1239e9b70ca2 9350 (void)len;
wolfSSL 0:1239e9b70ca2 9351 }
wolfSSL 0:1239e9b70ca2 9352
wolfSSL 0:1239e9b70ca2 9353 int CyaSSL_BIO_printf(CYASSL_BIO* bio, const char* format, ...)
wolfSSL 0:1239e9b70ca2 9354 {
wolfSSL 0:1239e9b70ca2 9355 (void)bio;
wolfSSL 0:1239e9b70ca2 9356 (void)format;
wolfSSL 0:1239e9b70ca2 9357 return 0;
wolfSSL 0:1239e9b70ca2 9358 }
wolfSSL 0:1239e9b70ca2 9359
wolfSSL 0:1239e9b70ca2 9360
wolfSSL 0:1239e9b70ca2 9361 int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_UTCTIME* a)
wolfSSL 0:1239e9b70ca2 9362 {
wolfSSL 0:1239e9b70ca2 9363 (void)bio;
wolfSSL 0:1239e9b70ca2 9364 (void)a;
wolfSSL 0:1239e9b70ca2 9365 return 0;
wolfSSL 0:1239e9b70ca2 9366 }
wolfSSL 0:1239e9b70ca2 9367
wolfSSL 0:1239e9b70ca2 9368
wolfSSL 0:1239e9b70ca2 9369 int CyaSSL_sk_num(CYASSL_X509_REVOKED* rev)
wolfSSL 0:1239e9b70ca2 9370 {
wolfSSL 0:1239e9b70ca2 9371 (void)rev;
wolfSSL 0:1239e9b70ca2 9372 return 0;
wolfSSL 0:1239e9b70ca2 9373 }
wolfSSL 0:1239e9b70ca2 9374
wolfSSL 0:1239e9b70ca2 9375
wolfSSL 0:1239e9b70ca2 9376 void* CyaSSL_sk_value(CYASSL_X509_REVOKED* rev, int i)
wolfSSL 0:1239e9b70ca2 9377 {
wolfSSL 0:1239e9b70ca2 9378 (void)rev;
wolfSSL 0:1239e9b70ca2 9379 (void)i;
wolfSSL 0:1239e9b70ca2 9380 return 0;
wolfSSL 0:1239e9b70ca2 9381 }
wolfSSL 0:1239e9b70ca2 9382
wolfSSL 0:1239e9b70ca2 9383
wolfSSL 0:1239e9b70ca2 9384 /* stunnel 4.28 needs */
wolfSSL 0:1239e9b70ca2 9385 void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX* ctx, int d)
wolfSSL 0:1239e9b70ca2 9386 {
wolfSSL 0:1239e9b70ca2 9387 (void)ctx;
wolfSSL 0:1239e9b70ca2 9388 (void)d;
wolfSSL 0:1239e9b70ca2 9389 return 0;
wolfSSL 0:1239e9b70ca2 9390 }
wolfSSL 0:1239e9b70ca2 9391
wolfSSL 0:1239e9b70ca2 9392
wolfSSL 0:1239e9b70ca2 9393 int CyaSSL_CTX_set_ex_data(CYASSL_CTX* ctx, int d, void* p)
wolfSSL 0:1239e9b70ca2 9394 {
wolfSSL 0:1239e9b70ca2 9395 (void)ctx;
wolfSSL 0:1239e9b70ca2 9396 (void)d;
wolfSSL 0:1239e9b70ca2 9397 (void)p;
wolfSSL 0:1239e9b70ca2 9398 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9399 }
wolfSSL 0:1239e9b70ca2 9400
wolfSSL 0:1239e9b70ca2 9401
wolfSSL 0:1239e9b70ca2 9402 void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 9403 CYASSL_SESSION*(*f)(CYASSL*, unsigned char*, int, int*))
wolfSSL 0:1239e9b70ca2 9404 {
wolfSSL 0:1239e9b70ca2 9405 (void)ctx;
wolfSSL 0:1239e9b70ca2 9406 (void)f;
wolfSSL 0:1239e9b70ca2 9407 }
wolfSSL 0:1239e9b70ca2 9408
wolfSSL 0:1239e9b70ca2 9409
wolfSSL 0:1239e9b70ca2 9410 void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX* ctx,
wolfSSL 0:1239e9b70ca2 9411 int (*f)(CYASSL*, CYASSL_SESSION*))
wolfSSL 0:1239e9b70ca2 9412 {
wolfSSL 0:1239e9b70ca2 9413 (void)ctx;
wolfSSL 0:1239e9b70ca2 9414 (void)f;
wolfSSL 0:1239e9b70ca2 9415 }
wolfSSL 0:1239e9b70ca2 9416
wolfSSL 0:1239e9b70ca2 9417
wolfSSL 0:1239e9b70ca2 9418 void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX* ctx, void (*f)(CYASSL_CTX*,
wolfSSL 0:1239e9b70ca2 9419 CYASSL_SESSION*))
wolfSSL 0:1239e9b70ca2 9420 {
wolfSSL 0:1239e9b70ca2 9421 (void)ctx;
wolfSSL 0:1239e9b70ca2 9422 (void)f;
wolfSSL 0:1239e9b70ca2 9423 }
wolfSSL 0:1239e9b70ca2 9424
wolfSSL 0:1239e9b70ca2 9425
wolfSSL 0:1239e9b70ca2 9426 int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION* sess, unsigned char** p)
wolfSSL 0:1239e9b70ca2 9427 {
wolfSSL 0:1239e9b70ca2 9428 (void)sess;
wolfSSL 0:1239e9b70ca2 9429 (void)p;
wolfSSL 0:1239e9b70ca2 9430 return sizeof(CYASSL_SESSION);
wolfSSL 0:1239e9b70ca2 9431 }
wolfSSL 0:1239e9b70ca2 9432
wolfSSL 0:1239e9b70ca2 9433
wolfSSL 0:1239e9b70ca2 9434 CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION** sess,
wolfSSL 0:1239e9b70ca2 9435 const unsigned char** p, long i)
wolfSSL 0:1239e9b70ca2 9436 {
wolfSSL 0:1239e9b70ca2 9437 (void)p;
wolfSSL 0:1239e9b70ca2 9438 (void)i;
wolfSSL 0:1239e9b70ca2 9439 if (sess)
wolfSSL 0:1239e9b70ca2 9440 return *sess;
wolfSSL 0:1239e9b70ca2 9441 return NULL;
wolfSSL 0:1239e9b70ca2 9442 }
wolfSSL 0:1239e9b70ca2 9443
wolfSSL 0:1239e9b70ca2 9444
wolfSSL 0:1239e9b70ca2 9445 long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION* sess)
wolfSSL 0:1239e9b70ca2 9446 {
wolfSSL 0:1239e9b70ca2 9447 CYASSL_ENTER("CyaSSL_SESSION_get_timeout");
wolfSSL 0:1239e9b70ca2 9448 return sess->timeout;
wolfSSL 0:1239e9b70ca2 9449 }
wolfSSL 0:1239e9b70ca2 9450
wolfSSL 0:1239e9b70ca2 9451
wolfSSL 0:1239e9b70ca2 9452 long CyaSSL_SESSION_get_time(const CYASSL_SESSION* sess)
wolfSSL 0:1239e9b70ca2 9453 {
wolfSSL 0:1239e9b70ca2 9454 CYASSL_ENTER("CyaSSL_SESSION_get_time");
wolfSSL 0:1239e9b70ca2 9455 return sess->bornOn;
wolfSSL 0:1239e9b70ca2 9456 }
wolfSSL 0:1239e9b70ca2 9457
wolfSSL 0:1239e9b70ca2 9458
wolfSSL 0:1239e9b70ca2 9459 int CyaSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
wolfSSL 0:1239e9b70ca2 9460 void* c)
wolfSSL 0:1239e9b70ca2 9461 {
wolfSSL 0:1239e9b70ca2 9462 (void)idx;
wolfSSL 0:1239e9b70ca2 9463 (void)arg;
wolfSSL 0:1239e9b70ca2 9464 (void)a;
wolfSSL 0:1239e9b70ca2 9465 (void)b;
wolfSSL 0:1239e9b70ca2 9466 (void)c;
wolfSSL 0:1239e9b70ca2 9467 return 0;
wolfSSL 0:1239e9b70ca2 9468 }
wolfSSL 0:1239e9b70ca2 9469
wolfSSL 0:1239e9b70ca2 9470 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 9471
wolfSSL 0:1239e9b70ca2 9472
wolfSSL 0:1239e9b70ca2 9473 #ifdef KEEP_PEER_CERT
wolfSSL 0:1239e9b70ca2 9474 char* CyaSSL_X509_get_subjectCN(CYASSL_X509* x509)
wolfSSL 0:1239e9b70ca2 9475 {
wolfSSL 0:1239e9b70ca2 9476 if (x509 == NULL)
wolfSSL 0:1239e9b70ca2 9477 return NULL;
wolfSSL 0:1239e9b70ca2 9478
wolfSSL 0:1239e9b70ca2 9479 return x509->subjectCN;
wolfSSL 0:1239e9b70ca2 9480 }
wolfSSL 0:1239e9b70ca2 9481 #endif /* KEEP_PEER_CERT */
wolfSSL 0:1239e9b70ca2 9482
wolfSSL 0:1239e9b70ca2 9483 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 9484
wolfSSL 0:1239e9b70ca2 9485 #ifdef FORTRESS
wolfSSL 0:1239e9b70ca2 9486 int CyaSSL_cmp_peer_cert_to_file(CYASSL* ssl, const char *fname)
wolfSSL 0:1239e9b70ca2 9487 {
wolfSSL 0:1239e9b70ca2 9488 int ret = SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9489
wolfSSL 0:1239e9b70ca2 9490 CYASSL_ENTER("CyaSSL_cmp_peer_cert_to_file");
wolfSSL 0:1239e9b70ca2 9491 if (ssl != NULL && fname != NULL)
wolfSSL 0:1239e9b70ca2 9492 {
wolfSSL 0:1239e9b70ca2 9493 XFILE file = XBADFILE;
wolfSSL 0:1239e9b70ca2 9494 long sz = 0;
wolfSSL 0:1239e9b70ca2 9495 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 0:1239e9b70ca2 9496 byte* myBuffer = staticBuffer;
wolfSSL 0:1239e9b70ca2 9497 CYASSL_CTX* ctx = ssl->ctx;
wolfSSL 0:1239e9b70ca2 9498 EncryptedInfo info;
wolfSSL 0:1239e9b70ca2 9499 buffer fileDer;
wolfSSL 0:1239e9b70ca2 9500 int eccKey = 0;
wolfSSL 0:1239e9b70ca2 9501 CYASSL_X509* peer_cert = &ssl->peerCert;
wolfSSL 0:1239e9b70ca2 9502
wolfSSL 0:1239e9b70ca2 9503 info.set = 0;
wolfSSL 0:1239e9b70ca2 9504 info.ctx = ctx;
wolfSSL 0:1239e9b70ca2 9505 info.consumed = 0;
wolfSSL 0:1239e9b70ca2 9506 fileDer.buffer = 0;
wolfSSL 0:1239e9b70ca2 9507
wolfSSL 0:1239e9b70ca2 9508 file = XFOPEN(fname, "rb");
wolfSSL 0:1239e9b70ca2 9509 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 0:1239e9b70ca2 9510 XFSEEK(file, 0, XSEEK_END);
wolfSSL 0:1239e9b70ca2 9511 sz = XFTELL(file);
wolfSSL 0:1239e9b70ca2 9512 XREWIND(file);
wolfSSL 0:1239e9b70ca2 9513 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 0:1239e9b70ca2 9514 CYASSL_MSG("Getting dynamic buffer");
wolfSSL 0:1239e9b70ca2 9515 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 9516 }
wolfSSL 0:1239e9b70ca2 9517
wolfSSL 0:1239e9b70ca2 9518 if ((myBuffer != NULL) &&
wolfSSL 0:1239e9b70ca2 9519 (sz > 0) &&
wolfSSL 0:1239e9b70ca2 9520 (XFREAD(myBuffer, sz, 1, file) > 0) &&
wolfSSL 0:1239e9b70ca2 9521 (PemToDer(myBuffer, sz, CERT_TYPE,
wolfSSL 0:1239e9b70ca2 9522 &fileDer, ctx->heap, &info, &eccKey) == 0) &&
wolfSSL 0:1239e9b70ca2 9523 (fileDer.length != 0) &&
wolfSSL 0:1239e9b70ca2 9524 (fileDer.length == peer_cert->derCert.length) &&
wolfSSL 0:1239e9b70ca2 9525 (XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer,
wolfSSL 0:1239e9b70ca2 9526 fileDer.length) == 0))
wolfSSL 0:1239e9b70ca2 9527 {
wolfSSL 0:1239e9b70ca2 9528 ret = 0;
wolfSSL 0:1239e9b70ca2 9529 }
wolfSSL 0:1239e9b70ca2 9530
wolfSSL 0:1239e9b70ca2 9531 XFCLOSE(file);
wolfSSL 0:1239e9b70ca2 9532 if (fileDer.buffer)
wolfSSL 0:1239e9b70ca2 9533 XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
wolfSSL 0:1239e9b70ca2 9534 if (myBuffer && (myBuffer != staticBuffer))
wolfSSL 0:1239e9b70ca2 9535 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 0:1239e9b70ca2 9536 }
wolfSSL 0:1239e9b70ca2 9537
wolfSSL 0:1239e9b70ca2 9538 return ret;
wolfSSL 0:1239e9b70ca2 9539 }
wolfSSL 0:1239e9b70ca2 9540 #endif
wolfSSL 0:1239e9b70ca2 9541
wolfSSL 0:1239e9b70ca2 9542
wolfSSL 0:1239e9b70ca2 9543 static RNG globalRNG;
wolfSSL 0:1239e9b70ca2 9544 static int initGlobalRNG = 0;
wolfSSL 0:1239e9b70ca2 9545
wolfSSL 0:1239e9b70ca2 9546 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9547 int CyaSSL_RAND_seed(const void* seed, int len)
wolfSSL 0:1239e9b70ca2 9548 {
wolfSSL 0:1239e9b70ca2 9549
wolfSSL 0:1239e9b70ca2 9550 CYASSL_MSG("CyaSSL_RAND_seed");
wolfSSL 0:1239e9b70ca2 9551
wolfSSL 0:1239e9b70ca2 9552 (void)seed;
wolfSSL 0:1239e9b70ca2 9553 (void)len;
wolfSSL 0:1239e9b70ca2 9554
wolfSSL 0:1239e9b70ca2 9555 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 9556 if (InitRng(&globalRNG) < 0) {
wolfSSL 0:1239e9b70ca2 9557 CYASSL_MSG("CyaSSL Init Global RNG failed");
wolfSSL 0:1239e9b70ca2 9558 return 0;
wolfSSL 0:1239e9b70ca2 9559 }
wolfSSL 0:1239e9b70ca2 9560 initGlobalRNG = 1;
wolfSSL 0:1239e9b70ca2 9561 }
wolfSSL 0:1239e9b70ca2 9562
wolfSSL 0:1239e9b70ca2 9563 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9564 }
wolfSSL 0:1239e9b70ca2 9565
wolfSSL 0:1239e9b70ca2 9566
wolfSSL 0:1239e9b70ca2 9567 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9568 int CyaSSL_RAND_bytes(unsigned char* buf, int num)
wolfSSL 0:1239e9b70ca2 9569 {
wolfSSL 0:1239e9b70ca2 9570 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 9571 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 9572
wolfSSL 0:1239e9b70ca2 9573 CYASSL_ENTER("RAND_bytes");
wolfSSL 0:1239e9b70ca2 9574 if (InitRng(&tmpRNG) != 0) {
wolfSSL 0:1239e9b70ca2 9575 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 9576 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 9577 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 9578 return 0;
wolfSSL 0:1239e9b70ca2 9579 }
wolfSSL 0:1239e9b70ca2 9580 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 9581 }
wolfSSL 0:1239e9b70ca2 9582
wolfSSL 0:1239e9b70ca2 9583 if (RNG_GenerateBlock(rng, buf, num) != 0) {
wolfSSL 0:1239e9b70ca2 9584 CYASSL_MSG("Bad RNG_GenerateBlock");
wolfSSL 0:1239e9b70ca2 9585 return 0;
wolfSSL 0:1239e9b70ca2 9586 }
wolfSSL 0:1239e9b70ca2 9587
wolfSSL 0:1239e9b70ca2 9588 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9589 }
wolfSSL 0:1239e9b70ca2 9590
wolfSSL 0:1239e9b70ca2 9591 CYASSL_BN_CTX* CyaSSL_BN_CTX_new(void)
wolfSSL 0:1239e9b70ca2 9592 {
wolfSSL 0:1239e9b70ca2 9593 static int ctx; /* ctaocrypt doesn't now need ctx */
wolfSSL 0:1239e9b70ca2 9594
wolfSSL 0:1239e9b70ca2 9595 CYASSL_MSG("CyaSSL_BN_CTX_new");
wolfSSL 0:1239e9b70ca2 9596
wolfSSL 0:1239e9b70ca2 9597 return (CYASSL_BN_CTX*)&ctx;
wolfSSL 0:1239e9b70ca2 9598 }
wolfSSL 0:1239e9b70ca2 9599
wolfSSL 0:1239e9b70ca2 9600 void CyaSSL_BN_CTX_init(CYASSL_BN_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9601 {
wolfSSL 0:1239e9b70ca2 9602 (void)ctx;
wolfSSL 0:1239e9b70ca2 9603 CYASSL_MSG("CyaSSL_BN_CTX_init");
wolfSSL 0:1239e9b70ca2 9604 }
wolfSSL 0:1239e9b70ca2 9605
wolfSSL 0:1239e9b70ca2 9606
wolfSSL 0:1239e9b70ca2 9607 void CyaSSL_BN_CTX_free(CYASSL_BN_CTX* ctx)
wolfSSL 0:1239e9b70ca2 9608 {
wolfSSL 0:1239e9b70ca2 9609 (void)ctx;
wolfSSL 0:1239e9b70ca2 9610 CYASSL_MSG("CyaSSL_BN_CTX_free");
wolfSSL 0:1239e9b70ca2 9611
wolfSSL 0:1239e9b70ca2 9612 /* do free since static ctx that does nothing */
wolfSSL 0:1239e9b70ca2 9613 }
wolfSSL 0:1239e9b70ca2 9614
wolfSSL 0:1239e9b70ca2 9615
wolfSSL 0:1239e9b70ca2 9616 static void InitCyaSSL_BigNum(CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9617 {
wolfSSL 0:1239e9b70ca2 9618 CYASSL_MSG("InitCyaSSL_BigNum");
wolfSSL 0:1239e9b70ca2 9619 if (bn) {
wolfSSL 0:1239e9b70ca2 9620 bn->neg = 0;
wolfSSL 0:1239e9b70ca2 9621 bn->internal = NULL;
wolfSSL 0:1239e9b70ca2 9622 }
wolfSSL 0:1239e9b70ca2 9623 }
wolfSSL 0:1239e9b70ca2 9624
wolfSSL 0:1239e9b70ca2 9625
wolfSSL 0:1239e9b70ca2 9626 CYASSL_BIGNUM* CyaSSL_BN_new(void)
wolfSSL 0:1239e9b70ca2 9627 {
wolfSSL 0:1239e9b70ca2 9628 CYASSL_BIGNUM* external;
wolfSSL 0:1239e9b70ca2 9629 mp_int* mpi;
wolfSSL 0:1239e9b70ca2 9630
wolfSSL 0:1239e9b70ca2 9631 CYASSL_MSG("CyaSSL_BN_new");
wolfSSL 0:1239e9b70ca2 9632
wolfSSL 0:1239e9b70ca2 9633 mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9634 if (mpi == NULL) {
wolfSSL 0:1239e9b70ca2 9635 CYASSL_MSG("CyaSSL_BN_new malloc mpi failure");
wolfSSL 0:1239e9b70ca2 9636 return NULL;
wolfSSL 0:1239e9b70ca2 9637 }
wolfSSL 0:1239e9b70ca2 9638
wolfSSL 0:1239e9b70ca2 9639 external = (CYASSL_BIGNUM*) XMALLOC(sizeof(CYASSL_BIGNUM), NULL,
wolfSSL 0:1239e9b70ca2 9640 DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9641 if (external == NULL) {
wolfSSL 0:1239e9b70ca2 9642 CYASSL_MSG("CyaSSL_BN_new malloc CYASSL_BIGNUM failure");
wolfSSL 0:1239e9b70ca2 9643 XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9644 return NULL;
wolfSSL 0:1239e9b70ca2 9645 }
wolfSSL 0:1239e9b70ca2 9646
wolfSSL 0:1239e9b70ca2 9647 InitCyaSSL_BigNum(external);
wolfSSL 0:1239e9b70ca2 9648 external->internal = mpi;
wolfSSL 0:1239e9b70ca2 9649 if (mp_init(mpi) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 9650 CyaSSL_BN_free(external);
wolfSSL 0:1239e9b70ca2 9651 return NULL;
wolfSSL 0:1239e9b70ca2 9652 }
wolfSSL 0:1239e9b70ca2 9653
wolfSSL 0:1239e9b70ca2 9654 return external;
wolfSSL 0:1239e9b70ca2 9655 }
wolfSSL 0:1239e9b70ca2 9656
wolfSSL 0:1239e9b70ca2 9657
wolfSSL 0:1239e9b70ca2 9658 void CyaSSL_BN_free(CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9659 {
wolfSSL 0:1239e9b70ca2 9660 CYASSL_MSG("CyaSSL_BN_free");
wolfSSL 0:1239e9b70ca2 9661 if (bn) {
wolfSSL 0:1239e9b70ca2 9662 if (bn->internal) {
wolfSSL 0:1239e9b70ca2 9663 mp_clear((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9664 XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9665 bn->internal = NULL;
wolfSSL 0:1239e9b70ca2 9666 }
wolfSSL 0:1239e9b70ca2 9667 XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 0:1239e9b70ca2 9668 }
wolfSSL 0:1239e9b70ca2 9669 }
wolfSSL 0:1239e9b70ca2 9670
wolfSSL 0:1239e9b70ca2 9671
wolfSSL 0:1239e9b70ca2 9672 void CyaSSL_BN_clear_free(CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9673 {
wolfSSL 0:1239e9b70ca2 9674 CYASSL_MSG("CyaSSL_BN_clear_free");
wolfSSL 0:1239e9b70ca2 9675
wolfSSL 0:1239e9b70ca2 9676 CyaSSL_BN_free(bn);
wolfSSL 0:1239e9b70ca2 9677 }
wolfSSL 0:1239e9b70ca2 9678
wolfSSL 0:1239e9b70ca2 9679
wolfSSL 0:1239e9b70ca2 9680 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9681 int CyaSSL_BN_sub(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
wolfSSL 0:1239e9b70ca2 9682 const CYASSL_BIGNUM* b)
wolfSSL 0:1239e9b70ca2 9683 {
wolfSSL 0:1239e9b70ca2 9684 CYASSL_MSG("CyaSSL_BN_sub");
wolfSSL 0:1239e9b70ca2 9685
wolfSSL 0:1239e9b70ca2 9686 if (r == NULL || a == NULL || b == NULL)
wolfSSL 0:1239e9b70ca2 9687 return 0;
wolfSSL 0:1239e9b70ca2 9688
wolfSSL 0:1239e9b70ca2 9689 if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 0:1239e9b70ca2 9690 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 0:1239e9b70ca2 9691 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9692
wolfSSL 0:1239e9b70ca2 9693 CYASSL_MSG("CyaSSL_BN_sub mp_sub failed");
wolfSSL 0:1239e9b70ca2 9694 return 0;
wolfSSL 0:1239e9b70ca2 9695 }
wolfSSL 0:1239e9b70ca2 9696
wolfSSL 0:1239e9b70ca2 9697
wolfSSL 0:1239e9b70ca2 9698 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9699 int CyaSSL_BN_mod(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
wolfSSL 0:1239e9b70ca2 9700 const CYASSL_BIGNUM* b, const CYASSL_BN_CTX* c)
wolfSSL 0:1239e9b70ca2 9701 {
wolfSSL 0:1239e9b70ca2 9702 (void)c;
wolfSSL 0:1239e9b70ca2 9703 CYASSL_MSG("CyaSSL_BN_mod");
wolfSSL 0:1239e9b70ca2 9704
wolfSSL 0:1239e9b70ca2 9705 if (r == NULL || a == NULL || b == NULL)
wolfSSL 0:1239e9b70ca2 9706 return 0;
wolfSSL 0:1239e9b70ca2 9707
wolfSSL 0:1239e9b70ca2 9708 if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 0:1239e9b70ca2 9709 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 0:1239e9b70ca2 9710 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9711
wolfSSL 0:1239e9b70ca2 9712 CYASSL_MSG("CyaSSL_BN_mod mp_mod failed");
wolfSSL 0:1239e9b70ca2 9713 return 0;
wolfSSL 0:1239e9b70ca2 9714 }
wolfSSL 0:1239e9b70ca2 9715
wolfSSL 0:1239e9b70ca2 9716
wolfSSL 0:1239e9b70ca2 9717 const CYASSL_BIGNUM* CyaSSL_BN_value_one(void)
wolfSSL 0:1239e9b70ca2 9718 {
wolfSSL 0:1239e9b70ca2 9719 static CYASSL_BIGNUM* bn_one = NULL;
wolfSSL 0:1239e9b70ca2 9720
wolfSSL 0:1239e9b70ca2 9721 CYASSL_MSG("CyaSSL_BN_value_one");
wolfSSL 0:1239e9b70ca2 9722
wolfSSL 0:1239e9b70ca2 9723 if (bn_one == NULL) {
wolfSSL 0:1239e9b70ca2 9724 bn_one = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 9725 if (bn_one)
wolfSSL 0:1239e9b70ca2 9726 mp_set_int((mp_int*)bn_one->internal, 1);
wolfSSL 0:1239e9b70ca2 9727 }
wolfSSL 0:1239e9b70ca2 9728
wolfSSL 0:1239e9b70ca2 9729 return bn_one;
wolfSSL 0:1239e9b70ca2 9730 }
wolfSSL 0:1239e9b70ca2 9731
wolfSSL 0:1239e9b70ca2 9732
wolfSSL 0:1239e9b70ca2 9733 int CyaSSL_BN_num_bytes(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9734 {
wolfSSL 0:1239e9b70ca2 9735 CYASSL_MSG("CyaSSL_BN_num_bytes");
wolfSSL 0:1239e9b70ca2 9736
wolfSSL 0:1239e9b70ca2 9737 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9738 return 0;
wolfSSL 0:1239e9b70ca2 9739
wolfSSL 0:1239e9b70ca2 9740 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9741 }
wolfSSL 0:1239e9b70ca2 9742
wolfSSL 0:1239e9b70ca2 9743
wolfSSL 0:1239e9b70ca2 9744 int CyaSSL_BN_num_bits(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9745 {
wolfSSL 0:1239e9b70ca2 9746 CYASSL_MSG("CyaSSL_BN_num_bits");
wolfSSL 0:1239e9b70ca2 9747
wolfSSL 0:1239e9b70ca2 9748 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9749 return 0;
wolfSSL 0:1239e9b70ca2 9750
wolfSSL 0:1239e9b70ca2 9751 return mp_count_bits((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9752 }
wolfSSL 0:1239e9b70ca2 9753
wolfSSL 0:1239e9b70ca2 9754
wolfSSL 0:1239e9b70ca2 9755 int CyaSSL_BN_is_zero(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9756 {
wolfSSL 0:1239e9b70ca2 9757 CYASSL_MSG("CyaSSL_BN_is_zero");
wolfSSL 0:1239e9b70ca2 9758
wolfSSL 0:1239e9b70ca2 9759 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9760 return 0;
wolfSSL 0:1239e9b70ca2 9761
wolfSSL 0:1239e9b70ca2 9762 return mp_iszero((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9763 }
wolfSSL 0:1239e9b70ca2 9764
wolfSSL 0:1239e9b70ca2 9765
wolfSSL 0:1239e9b70ca2 9766 int CyaSSL_BN_is_one(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9767 {
wolfSSL 0:1239e9b70ca2 9768 CYASSL_MSG("CyaSSL_BN_is_one");
wolfSSL 0:1239e9b70ca2 9769
wolfSSL 0:1239e9b70ca2 9770 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9771 return 0;
wolfSSL 0:1239e9b70ca2 9772
wolfSSL 0:1239e9b70ca2 9773 if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
wolfSSL 0:1239e9b70ca2 9774 return 1;
wolfSSL 0:1239e9b70ca2 9775
wolfSSL 0:1239e9b70ca2 9776 return 0;
wolfSSL 0:1239e9b70ca2 9777 }
wolfSSL 0:1239e9b70ca2 9778
wolfSSL 0:1239e9b70ca2 9779
wolfSSL 0:1239e9b70ca2 9780 int CyaSSL_BN_is_odd(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9781 {
wolfSSL 0:1239e9b70ca2 9782 CYASSL_MSG("CyaSSL_BN_is_odd");
wolfSSL 0:1239e9b70ca2 9783
wolfSSL 0:1239e9b70ca2 9784 if (bn == NULL || bn->internal == NULL)
wolfSSL 0:1239e9b70ca2 9785 return 0;
wolfSSL 0:1239e9b70ca2 9786
wolfSSL 0:1239e9b70ca2 9787 return mp_isodd((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9788 }
wolfSSL 0:1239e9b70ca2 9789
wolfSSL 0:1239e9b70ca2 9790
wolfSSL 0:1239e9b70ca2 9791 int CyaSSL_BN_cmp(const CYASSL_BIGNUM* a, const CYASSL_BIGNUM* b)
wolfSSL 0:1239e9b70ca2 9792 {
wolfSSL 0:1239e9b70ca2 9793 CYASSL_MSG("CyaSSL_BN_cmp");
wolfSSL 0:1239e9b70ca2 9794
wolfSSL 0:1239e9b70ca2 9795 if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL)
wolfSSL 0:1239e9b70ca2 9796 return 0;
wolfSSL 0:1239e9b70ca2 9797
wolfSSL 0:1239e9b70ca2 9798 return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
wolfSSL 0:1239e9b70ca2 9799 }
wolfSSL 0:1239e9b70ca2 9800
wolfSSL 0:1239e9b70ca2 9801
wolfSSL 0:1239e9b70ca2 9802 int CyaSSL_BN_bn2bin(const CYASSL_BIGNUM* bn, unsigned char* r)
wolfSSL 0:1239e9b70ca2 9803 {
wolfSSL 0:1239e9b70ca2 9804 CYASSL_MSG("CyaSSL_BN_bn2bin");
wolfSSL 0:1239e9b70ca2 9805
wolfSSL 0:1239e9b70ca2 9806 if (bn == NULL || bn->internal == NULL) {
wolfSSL 0:1239e9b70ca2 9807 CYASSL_MSG("NULL bn error");
wolfSSL 0:1239e9b70ca2 9808 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9809 }
wolfSSL 0:1239e9b70ca2 9810
wolfSSL 0:1239e9b70ca2 9811 if (r == NULL)
wolfSSL 0:1239e9b70ca2 9812 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9813
wolfSSL 0:1239e9b70ca2 9814 if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 9815 CYASSL_MSG("mp_to_unsigned_bin error");
wolfSSL 0:1239e9b70ca2 9816 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9817 }
wolfSSL 0:1239e9b70ca2 9818
wolfSSL 0:1239e9b70ca2 9819 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 0:1239e9b70ca2 9820 }
wolfSSL 0:1239e9b70ca2 9821
wolfSSL 0:1239e9b70ca2 9822
wolfSSL 0:1239e9b70ca2 9823 CYASSL_BIGNUM* CyaSSL_BN_bin2bn(const unsigned char* str, int len,
wolfSSL 0:1239e9b70ca2 9824 CYASSL_BIGNUM* ret)
wolfSSL 0:1239e9b70ca2 9825 {
wolfSSL 0:1239e9b70ca2 9826 CYASSL_MSG("CyaSSL_BN_bin2bn");
wolfSSL 0:1239e9b70ca2 9827
wolfSSL 0:1239e9b70ca2 9828 if (ret && ret->internal) {
wolfSSL 0:1239e9b70ca2 9829 if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
wolfSSL 0:1239e9b70ca2 9830 CYASSL_MSG("mp_read_unsigned_bin failure");
wolfSSL 0:1239e9b70ca2 9831 return NULL;
wolfSSL 0:1239e9b70ca2 9832 }
wolfSSL 0:1239e9b70ca2 9833 }
wolfSSL 0:1239e9b70ca2 9834 else {
wolfSSL 0:1239e9b70ca2 9835 CYASSL_MSG("CyaSSL_BN_bin2bn wants return bignum");
wolfSSL 0:1239e9b70ca2 9836 }
wolfSSL 0:1239e9b70ca2 9837
wolfSSL 0:1239e9b70ca2 9838 return ret;
wolfSSL 0:1239e9b70ca2 9839 }
wolfSSL 0:1239e9b70ca2 9840
wolfSSL 0:1239e9b70ca2 9841
wolfSSL 0:1239e9b70ca2 9842 int CyaSSL_mask_bits(CYASSL_BIGNUM* bn, int n)
wolfSSL 0:1239e9b70ca2 9843 {
wolfSSL 0:1239e9b70ca2 9844 (void)bn;
wolfSSL 0:1239e9b70ca2 9845 (void)n;
wolfSSL 0:1239e9b70ca2 9846 CYASSL_MSG("CyaSSL_BN_mask_bits");
wolfSSL 0:1239e9b70ca2 9847
wolfSSL 0:1239e9b70ca2 9848 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9849 }
wolfSSL 0:1239e9b70ca2 9850
wolfSSL 0:1239e9b70ca2 9851
wolfSSL 0:1239e9b70ca2 9852 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9853 int CyaSSL_BN_rand(CYASSL_BIGNUM* bn, int bits, int top, int bottom)
wolfSSL 0:1239e9b70ca2 9854 {
wolfSSL 0:1239e9b70ca2 9855 byte buff[1024];
wolfSSL 0:1239e9b70ca2 9856 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 9857 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 9858 int len = bits/8;
wolfSSL 0:1239e9b70ca2 9859
wolfSSL 0:1239e9b70ca2 9860 (void)top;
wolfSSL 0:1239e9b70ca2 9861 (void)bottom;
wolfSSL 0:1239e9b70ca2 9862 CYASSL_MSG("CyaSSL_BN_rand");
wolfSSL 0:1239e9b70ca2 9863
wolfSSL 0:1239e9b70ca2 9864 if (bn == NULL || bn->internal == NULL) {
wolfSSL 0:1239e9b70ca2 9865 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 9866 return 0;
wolfSSL 0:1239e9b70ca2 9867 }
wolfSSL 0:1239e9b70ca2 9868
wolfSSL 0:1239e9b70ca2 9869 if (bits % 8)
wolfSSL 0:1239e9b70ca2 9870 len++;
wolfSSL 0:1239e9b70ca2 9871
wolfSSL 0:1239e9b70ca2 9872 if ( (InitRng(&tmpRNG)) != 0) {
wolfSSL 0:1239e9b70ca2 9873 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 9874 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 9875 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 9876 return 0;
wolfSSL 0:1239e9b70ca2 9877 }
wolfSSL 0:1239e9b70ca2 9878 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 9879 }
wolfSSL 0:1239e9b70ca2 9880
wolfSSL 0:1239e9b70ca2 9881 if (RNG_GenerateBlock(rng, buff, len) != 0) {
wolfSSL 0:1239e9b70ca2 9882 CYASSL_MSG("Bad RNG_GenerateBlock");
wolfSSL 0:1239e9b70ca2 9883 return 0;
wolfSSL 0:1239e9b70ca2 9884 }
wolfSSL 0:1239e9b70ca2 9885
wolfSSL 0:1239e9b70ca2 9886 buff[0] |= 0x80 | 0x40;
wolfSSL 0:1239e9b70ca2 9887 buff[len-1] |= 0x01;
wolfSSL 0:1239e9b70ca2 9888
wolfSSL 0:1239e9b70ca2 9889 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 9890 CYASSL_MSG("mp read bin failed");
wolfSSL 0:1239e9b70ca2 9891 return 0;
wolfSSL 0:1239e9b70ca2 9892 }
wolfSSL 0:1239e9b70ca2 9893
wolfSSL 0:1239e9b70ca2 9894 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9895 }
wolfSSL 0:1239e9b70ca2 9896
wolfSSL 0:1239e9b70ca2 9897
wolfSSL 0:1239e9b70ca2 9898 int CyaSSL_BN_is_bit_set(const CYASSL_BIGNUM* bn, int n)
wolfSSL 0:1239e9b70ca2 9899 {
wolfSSL 0:1239e9b70ca2 9900 (void)bn;
wolfSSL 0:1239e9b70ca2 9901 (void)n;
wolfSSL 0:1239e9b70ca2 9902
wolfSSL 0:1239e9b70ca2 9903 CYASSL_MSG("CyaSSL_BN_is_bit_set");
wolfSSL 0:1239e9b70ca2 9904
wolfSSL 0:1239e9b70ca2 9905 return 0;
wolfSSL 0:1239e9b70ca2 9906 }
wolfSSL 0:1239e9b70ca2 9907
wolfSSL 0:1239e9b70ca2 9908
wolfSSL 0:1239e9b70ca2 9909 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 9910 int CyaSSL_BN_hex2bn(CYASSL_BIGNUM** bn, const char* str)
wolfSSL 0:1239e9b70ca2 9911 {
wolfSSL 0:1239e9b70ca2 9912 byte decoded[1024];
wolfSSL 0:1239e9b70ca2 9913 word32 decSz = sizeof(decoded);
wolfSSL 0:1239e9b70ca2 9914
wolfSSL 0:1239e9b70ca2 9915 CYASSL_MSG("CyaSSL_BN_hex2bn");
wolfSSL 0:1239e9b70ca2 9916
wolfSSL 0:1239e9b70ca2 9917 if (str == NULL) {
wolfSSL 0:1239e9b70ca2 9918 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 9919 return 0;
wolfSSL 0:1239e9b70ca2 9920 }
wolfSSL 0:1239e9b70ca2 9921
wolfSSL 0:1239e9b70ca2 9922 if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0) {
wolfSSL 0:1239e9b70ca2 9923 CYASSL_MSG("Bad Base16_Decode error");
wolfSSL 0:1239e9b70ca2 9924 return 0;
wolfSSL 0:1239e9b70ca2 9925 }
wolfSSL 0:1239e9b70ca2 9926
wolfSSL 0:1239e9b70ca2 9927 if (bn == NULL)
wolfSSL 0:1239e9b70ca2 9928 return decSz;
wolfSSL 0:1239e9b70ca2 9929
wolfSSL 0:1239e9b70ca2 9930 if (*bn == NULL) {
wolfSSL 0:1239e9b70ca2 9931 *bn = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 9932 if (*bn == NULL) {
wolfSSL 0:1239e9b70ca2 9933 CYASSL_MSG("BN new failed");
wolfSSL 0:1239e9b70ca2 9934 return 0;
wolfSSL 0:1239e9b70ca2 9935 }
wolfSSL 0:1239e9b70ca2 9936 }
wolfSSL 0:1239e9b70ca2 9937
wolfSSL 0:1239e9b70ca2 9938 if (CyaSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) {
wolfSSL 0:1239e9b70ca2 9939 CYASSL_MSG("Bad bin2bn error");
wolfSSL 0:1239e9b70ca2 9940 return 0;
wolfSSL 0:1239e9b70ca2 9941 }
wolfSSL 0:1239e9b70ca2 9942
wolfSSL 0:1239e9b70ca2 9943 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 9944 }
wolfSSL 0:1239e9b70ca2 9945
wolfSSL 0:1239e9b70ca2 9946
wolfSSL 0:1239e9b70ca2 9947 CYASSL_BIGNUM* CyaSSL_BN_dup(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9948 {
wolfSSL 0:1239e9b70ca2 9949 CYASSL_BIGNUM* ret;
wolfSSL 0:1239e9b70ca2 9950
wolfSSL 0:1239e9b70ca2 9951 CYASSL_MSG("CyaSSL_BN_dup");
wolfSSL 0:1239e9b70ca2 9952
wolfSSL 0:1239e9b70ca2 9953 if (bn == NULL || bn->internal == NULL) {
wolfSSL 0:1239e9b70ca2 9954 CYASSL_MSG("bn NULL error");
wolfSSL 0:1239e9b70ca2 9955 return NULL;
wolfSSL 0:1239e9b70ca2 9956 }
wolfSSL 0:1239e9b70ca2 9957
wolfSSL 0:1239e9b70ca2 9958 ret = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 9959 if (ret == NULL) {
wolfSSL 0:1239e9b70ca2 9960 CYASSL_MSG("bn new error");
wolfSSL 0:1239e9b70ca2 9961 return NULL;
wolfSSL 0:1239e9b70ca2 9962 }
wolfSSL 0:1239e9b70ca2 9963
wolfSSL 0:1239e9b70ca2 9964 if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 9965 CYASSL_MSG("mp_copy error");
wolfSSL 0:1239e9b70ca2 9966 CyaSSL_BN_free(ret);
wolfSSL 0:1239e9b70ca2 9967 return NULL;
wolfSSL 0:1239e9b70ca2 9968 }
wolfSSL 0:1239e9b70ca2 9969
wolfSSL 0:1239e9b70ca2 9970 return ret;
wolfSSL 0:1239e9b70ca2 9971 }
wolfSSL 0:1239e9b70ca2 9972
wolfSSL 0:1239e9b70ca2 9973
wolfSSL 0:1239e9b70ca2 9974 CYASSL_BIGNUM* CyaSSL_BN_copy(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 9975 {
wolfSSL 0:1239e9b70ca2 9976 (void)r;
wolfSSL 0:1239e9b70ca2 9977 (void)bn;
wolfSSL 0:1239e9b70ca2 9978
wolfSSL 0:1239e9b70ca2 9979 CYASSL_MSG("CyaSSL_BN_copy");
wolfSSL 0:1239e9b70ca2 9980
wolfSSL 0:1239e9b70ca2 9981 return NULL;
wolfSSL 0:1239e9b70ca2 9982 }
wolfSSL 0:1239e9b70ca2 9983
wolfSSL 0:1239e9b70ca2 9984
wolfSSL 0:1239e9b70ca2 9985 int CyaSSL_BN_set_word(CYASSL_BIGNUM* bn, unsigned long w)
wolfSSL 0:1239e9b70ca2 9986 {
wolfSSL 0:1239e9b70ca2 9987 (void)bn;
wolfSSL 0:1239e9b70ca2 9988 (void)w;
wolfSSL 0:1239e9b70ca2 9989
wolfSSL 0:1239e9b70ca2 9990 CYASSL_MSG("CyaSSL_BN_set_word");
wolfSSL 0:1239e9b70ca2 9991
wolfSSL 0:1239e9b70ca2 9992 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 9993 }
wolfSSL 0:1239e9b70ca2 9994
wolfSSL 0:1239e9b70ca2 9995
wolfSSL 0:1239e9b70ca2 9996 int CyaSSL_BN_dec2bn(CYASSL_BIGNUM** bn, const char* str)
wolfSSL 0:1239e9b70ca2 9997 {
wolfSSL 0:1239e9b70ca2 9998 (void)bn;
wolfSSL 0:1239e9b70ca2 9999 (void)str;
wolfSSL 0:1239e9b70ca2 10000
wolfSSL 0:1239e9b70ca2 10001 CYASSL_MSG("CyaSSL_BN_dec2bn");
wolfSSL 0:1239e9b70ca2 10002
wolfSSL 0:1239e9b70ca2 10003 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10004 }
wolfSSL 0:1239e9b70ca2 10005
wolfSSL 0:1239e9b70ca2 10006
wolfSSL 0:1239e9b70ca2 10007 char* CyaSSL_BN_bn2dec(const CYASSL_BIGNUM* bn)
wolfSSL 0:1239e9b70ca2 10008 {
wolfSSL 0:1239e9b70ca2 10009 (void)bn;
wolfSSL 0:1239e9b70ca2 10010
wolfSSL 0:1239e9b70ca2 10011 CYASSL_MSG("CyaSSL_BN_bn2dec");
wolfSSL 0:1239e9b70ca2 10012
wolfSSL 0:1239e9b70ca2 10013 return NULL;
wolfSSL 0:1239e9b70ca2 10014 }
wolfSSL 0:1239e9b70ca2 10015
wolfSSL 0:1239e9b70ca2 10016
wolfSSL 0:1239e9b70ca2 10017 static void InitCyaSSL_DH(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10018 {
wolfSSL 0:1239e9b70ca2 10019 if (dh) {
wolfSSL 0:1239e9b70ca2 10020 dh->p = NULL;
wolfSSL 0:1239e9b70ca2 10021 dh->g = NULL;
wolfSSL 0:1239e9b70ca2 10022 dh->pub_key = NULL;
wolfSSL 0:1239e9b70ca2 10023 dh->priv_key = NULL;
wolfSSL 0:1239e9b70ca2 10024 dh->internal = NULL;
wolfSSL 0:1239e9b70ca2 10025 dh->inSet = 0;
wolfSSL 0:1239e9b70ca2 10026 dh->exSet = 0;
wolfSSL 0:1239e9b70ca2 10027 }
wolfSSL 0:1239e9b70ca2 10028 }
wolfSSL 0:1239e9b70ca2 10029
wolfSSL 0:1239e9b70ca2 10030
wolfSSL 0:1239e9b70ca2 10031 CYASSL_DH* CyaSSL_DH_new(void)
wolfSSL 0:1239e9b70ca2 10032 {
wolfSSL 0:1239e9b70ca2 10033 CYASSL_DH* external;
wolfSSL 0:1239e9b70ca2 10034 DhKey* key;
wolfSSL 0:1239e9b70ca2 10035
wolfSSL 0:1239e9b70ca2 10036 CYASSL_MSG("CyaSSL_DH_new");
wolfSSL 0:1239e9b70ca2 10037
wolfSSL 0:1239e9b70ca2 10038 key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10039 if (key == NULL) {
wolfSSL 0:1239e9b70ca2 10040 CYASSL_MSG("CyaSSL_DH_new malloc DhKey failure");
wolfSSL 0:1239e9b70ca2 10041 return NULL;
wolfSSL 0:1239e9b70ca2 10042 }
wolfSSL 0:1239e9b70ca2 10043
wolfSSL 0:1239e9b70ca2 10044 external = (CYASSL_DH*) XMALLOC(sizeof(CYASSL_DH), NULL,
wolfSSL 0:1239e9b70ca2 10045 DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10046 if (external == NULL) {
wolfSSL 0:1239e9b70ca2 10047 CYASSL_MSG("CyaSSL_DH_new malloc CYASSL_DH failure");
wolfSSL 0:1239e9b70ca2 10048 XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10049 return NULL;
wolfSSL 0:1239e9b70ca2 10050 }
wolfSSL 0:1239e9b70ca2 10051
wolfSSL 0:1239e9b70ca2 10052 InitCyaSSL_DH(external);
wolfSSL 0:1239e9b70ca2 10053 InitDhKey(key);
wolfSSL 0:1239e9b70ca2 10054 external->internal = key;
wolfSSL 0:1239e9b70ca2 10055
wolfSSL 0:1239e9b70ca2 10056 return external;
wolfSSL 0:1239e9b70ca2 10057 }
wolfSSL 0:1239e9b70ca2 10058
wolfSSL 0:1239e9b70ca2 10059
wolfSSL 0:1239e9b70ca2 10060 void CyaSSL_DH_free(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10061 {
wolfSSL 0:1239e9b70ca2 10062 CYASSL_MSG("CyaSSL_DH_free");
wolfSSL 0:1239e9b70ca2 10063
wolfSSL 0:1239e9b70ca2 10064 if (dh) {
wolfSSL 0:1239e9b70ca2 10065 if (dh->internal) {
wolfSSL 0:1239e9b70ca2 10066 FreeDhKey((DhKey*)dh->internal);
wolfSSL 0:1239e9b70ca2 10067 XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10068 dh->internal = NULL;
wolfSSL 0:1239e9b70ca2 10069 }
wolfSSL 0:1239e9b70ca2 10070 CyaSSL_BN_free(dh->priv_key);
wolfSSL 0:1239e9b70ca2 10071 CyaSSL_BN_free(dh->pub_key);
wolfSSL 0:1239e9b70ca2 10072 CyaSSL_BN_free(dh->g);
wolfSSL 0:1239e9b70ca2 10073 CyaSSL_BN_free(dh->p);
wolfSSL 0:1239e9b70ca2 10074 InitCyaSSL_DH(dh); /* set back to NULLs for safety */
wolfSSL 0:1239e9b70ca2 10075
wolfSSL 0:1239e9b70ca2 10076 XFREE(dh, NULL, DYNAMIC_TYPE_DH);
wolfSSL 0:1239e9b70ca2 10077 }
wolfSSL 0:1239e9b70ca2 10078 }
wolfSSL 0:1239e9b70ca2 10079
wolfSSL 0:1239e9b70ca2 10080
wolfSSL 0:1239e9b70ca2 10081 static int SetDhInternal(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10082 {
wolfSSL 0:1239e9b70ca2 10083 unsigned char p[1024];
wolfSSL 0:1239e9b70ca2 10084 unsigned char g[1024];
wolfSSL 0:1239e9b70ca2 10085 int pSz = sizeof(p);
wolfSSL 0:1239e9b70ca2 10086 int gSz = sizeof(g);
wolfSSL 0:1239e9b70ca2 10087
wolfSSL 0:1239e9b70ca2 10088 CYASSL_ENTER("SetDhInternal");
wolfSSL 0:1239e9b70ca2 10089
wolfSSL 0:1239e9b70ca2 10090 if (dh == NULL || dh->p == NULL || dh->g == NULL) {
wolfSSL 0:1239e9b70ca2 10091 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10092 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10093 }
wolfSSL 0:1239e9b70ca2 10094
wolfSSL 0:1239e9b70ca2 10095 if (CyaSSL_BN_bn2bin(dh->p, NULL) > pSz) {
wolfSSL 0:1239e9b70ca2 10096 CYASSL_MSG("Bad p internal size");
wolfSSL 0:1239e9b70ca2 10097 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10098 }
wolfSSL 0:1239e9b70ca2 10099
wolfSSL 0:1239e9b70ca2 10100 if (CyaSSL_BN_bn2bin(dh->g, NULL) > gSz) {
wolfSSL 0:1239e9b70ca2 10101 CYASSL_MSG("Bad g internal size");
wolfSSL 0:1239e9b70ca2 10102 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10103 }
wolfSSL 0:1239e9b70ca2 10104
wolfSSL 0:1239e9b70ca2 10105 pSz = CyaSSL_BN_bn2bin(dh->p, p);
wolfSSL 0:1239e9b70ca2 10106 gSz = CyaSSL_BN_bn2bin(dh->g, g);
wolfSSL 0:1239e9b70ca2 10107
wolfSSL 0:1239e9b70ca2 10108 if (pSz <= 0 || gSz <= 0) {
wolfSSL 0:1239e9b70ca2 10109 CYASSL_MSG("Bad BN2bin set");
wolfSSL 0:1239e9b70ca2 10110 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10111 }
wolfSSL 0:1239e9b70ca2 10112
wolfSSL 0:1239e9b70ca2 10113 if (DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0) {
wolfSSL 0:1239e9b70ca2 10114 CYASSL_MSG("Bad DH SetKey");
wolfSSL 0:1239e9b70ca2 10115 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10116 }
wolfSSL 0:1239e9b70ca2 10117
wolfSSL 0:1239e9b70ca2 10118 dh->inSet = 1;
wolfSSL 0:1239e9b70ca2 10119
wolfSSL 0:1239e9b70ca2 10120 return 0;
wolfSSL 0:1239e9b70ca2 10121 }
wolfSSL 0:1239e9b70ca2 10122
wolfSSL 0:1239e9b70ca2 10123
wolfSSL 0:1239e9b70ca2 10124 int CyaSSL_DH_size(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10125 {
wolfSSL 0:1239e9b70ca2 10126 CYASSL_MSG("CyaSSL_DH_size");
wolfSSL 0:1239e9b70ca2 10127
wolfSSL 0:1239e9b70ca2 10128 if (dh == NULL)
wolfSSL 0:1239e9b70ca2 10129 return 0;
wolfSSL 0:1239e9b70ca2 10130
wolfSSL 0:1239e9b70ca2 10131 return CyaSSL_BN_num_bytes(dh->p);
wolfSSL 0:1239e9b70ca2 10132 }
wolfSSL 0:1239e9b70ca2 10133
wolfSSL 0:1239e9b70ca2 10134
wolfSSL 0:1239e9b70ca2 10135 /* return SSL_SUCCESS on ok, else 0 */
wolfSSL 0:1239e9b70ca2 10136 int CyaSSL_DH_generate_key(CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10137 {
wolfSSL 0:1239e9b70ca2 10138 unsigned char pub [768];
wolfSSL 0:1239e9b70ca2 10139 unsigned char priv[768];
wolfSSL 0:1239e9b70ca2 10140 word32 pubSz = sizeof(pub);
wolfSSL 0:1239e9b70ca2 10141 word32 privSz = sizeof(priv);
wolfSSL 0:1239e9b70ca2 10142 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 10143 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 10144
wolfSSL 0:1239e9b70ca2 10145 CYASSL_MSG("CyaSSL_DH_generate_key");
wolfSSL 0:1239e9b70ca2 10146
wolfSSL 0:1239e9b70ca2 10147 if (dh == NULL || dh->p == NULL || dh->g == NULL) {
wolfSSL 0:1239e9b70ca2 10148 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10149 return 0;
wolfSSL 0:1239e9b70ca2 10150 }
wolfSSL 0:1239e9b70ca2 10151
wolfSSL 0:1239e9b70ca2 10152 if (dh->inSet == 0) {
wolfSSL 0:1239e9b70ca2 10153 if (SetDhInternal(dh) < 0) {
wolfSSL 0:1239e9b70ca2 10154 CYASSL_MSG("Bad DH set internal");
wolfSSL 0:1239e9b70ca2 10155 return 0;
wolfSSL 0:1239e9b70ca2 10156 }
wolfSSL 0:1239e9b70ca2 10157 }
wolfSSL 0:1239e9b70ca2 10158
wolfSSL 0:1239e9b70ca2 10159 if ( (InitRng(&tmpRNG)) != 0) {
wolfSSL 0:1239e9b70ca2 10160 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 10161 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 10162 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 10163 return 0;
wolfSSL 0:1239e9b70ca2 10164 }
wolfSSL 0:1239e9b70ca2 10165 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 10166 }
wolfSSL 0:1239e9b70ca2 10167
wolfSSL 0:1239e9b70ca2 10168 if (DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
wolfSSL 0:1239e9b70ca2 10169 pub, &pubSz) < 0) {
wolfSSL 0:1239e9b70ca2 10170 CYASSL_MSG("Bad DhGenerateKeyPair");
wolfSSL 0:1239e9b70ca2 10171 return 0;
wolfSSL 0:1239e9b70ca2 10172 }
wolfSSL 0:1239e9b70ca2 10173
wolfSSL 0:1239e9b70ca2 10174 if (dh->pub_key)
wolfSSL 0:1239e9b70ca2 10175 CyaSSL_BN_free(dh->pub_key);
wolfSSL 0:1239e9b70ca2 10176 dh->pub_key = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 10177 if (dh->pub_key == NULL) {
wolfSSL 0:1239e9b70ca2 10178 CYASSL_MSG("Bad DH new pub");
wolfSSL 0:1239e9b70ca2 10179 return 0;
wolfSSL 0:1239e9b70ca2 10180 }
wolfSSL 0:1239e9b70ca2 10181
wolfSSL 0:1239e9b70ca2 10182 if (dh->priv_key)
wolfSSL 0:1239e9b70ca2 10183 CyaSSL_BN_free(dh->priv_key);
wolfSSL 0:1239e9b70ca2 10184 dh->priv_key = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 10185 if (dh->priv_key == NULL) {
wolfSSL 0:1239e9b70ca2 10186 CYASSL_MSG("Bad DH new priv");
wolfSSL 0:1239e9b70ca2 10187 return 0;
wolfSSL 0:1239e9b70ca2 10188 }
wolfSSL 0:1239e9b70ca2 10189
wolfSSL 0:1239e9b70ca2 10190 if (CyaSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL) {
wolfSSL 0:1239e9b70ca2 10191 CYASSL_MSG("Bad DH bn2bin error pub");
wolfSSL 0:1239e9b70ca2 10192 return 0;
wolfSSL 0:1239e9b70ca2 10193 }
wolfSSL 0:1239e9b70ca2 10194
wolfSSL 0:1239e9b70ca2 10195 if (CyaSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL) {
wolfSSL 0:1239e9b70ca2 10196 CYASSL_MSG("Bad DH bn2bin error priv");
wolfSSL 0:1239e9b70ca2 10197 return 0;
wolfSSL 0:1239e9b70ca2 10198 }
wolfSSL 0:1239e9b70ca2 10199
wolfSSL 0:1239e9b70ca2 10200 CYASSL_MSG("CyaSSL_generate_key success");
wolfSSL 0:1239e9b70ca2 10201 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10202 }
wolfSSL 0:1239e9b70ca2 10203
wolfSSL 0:1239e9b70ca2 10204
wolfSSL 0:1239e9b70ca2 10205 /* return key size on ok, 0 otherwise */
wolfSSL 0:1239e9b70ca2 10206 int CyaSSL_DH_compute_key(unsigned char* key, CYASSL_BIGNUM* otherPub,
wolfSSL 0:1239e9b70ca2 10207 CYASSL_DH* dh)
wolfSSL 0:1239e9b70ca2 10208 {
wolfSSL 0:1239e9b70ca2 10209 unsigned char pub [1024];
wolfSSL 0:1239e9b70ca2 10210 unsigned char priv[1024];
wolfSSL 0:1239e9b70ca2 10211 word32 pubSz = sizeof(pub);
wolfSSL 0:1239e9b70ca2 10212 word32 privSz = sizeof(priv);
wolfSSL 0:1239e9b70ca2 10213 word32 keySz;
wolfSSL 0:1239e9b70ca2 10214
wolfSSL 0:1239e9b70ca2 10215 CYASSL_MSG("CyaSSL_DH_compute_key");
wolfSSL 0:1239e9b70ca2 10216
wolfSSL 0:1239e9b70ca2 10217 if (dh == NULL || dh->priv_key == NULL || otherPub == NULL) {
wolfSSL 0:1239e9b70ca2 10218 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10219 return 0;
wolfSSL 0:1239e9b70ca2 10220 }
wolfSSL 0:1239e9b70ca2 10221
wolfSSL 0:1239e9b70ca2 10222 keySz = (word32)DH_size(dh);
wolfSSL 0:1239e9b70ca2 10223 if (keySz == 0) {
wolfSSL 0:1239e9b70ca2 10224 CYASSL_MSG("Bad DH_size");
wolfSSL 0:1239e9b70ca2 10225 return 0;
wolfSSL 0:1239e9b70ca2 10226 }
wolfSSL 0:1239e9b70ca2 10227
wolfSSL 0:1239e9b70ca2 10228 if (CyaSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz) {
wolfSSL 0:1239e9b70ca2 10229 CYASSL_MSG("Bad priv internal size");
wolfSSL 0:1239e9b70ca2 10230 return 0;
wolfSSL 0:1239e9b70ca2 10231 }
wolfSSL 0:1239e9b70ca2 10232
wolfSSL 0:1239e9b70ca2 10233 if (CyaSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz) {
wolfSSL 0:1239e9b70ca2 10234 CYASSL_MSG("Bad otherPub size");
wolfSSL 0:1239e9b70ca2 10235 return 0;
wolfSSL 0:1239e9b70ca2 10236 }
wolfSSL 0:1239e9b70ca2 10237
wolfSSL 0:1239e9b70ca2 10238 privSz = CyaSSL_BN_bn2bin(dh->priv_key, priv);
wolfSSL 0:1239e9b70ca2 10239 pubSz = CyaSSL_BN_bn2bin(otherPub, pub);
wolfSSL 0:1239e9b70ca2 10240
wolfSSL 0:1239e9b70ca2 10241 if (privSz <= 0 || pubSz <= 0) {
wolfSSL 0:1239e9b70ca2 10242 CYASSL_MSG("Bad BN2bin set");
wolfSSL 0:1239e9b70ca2 10243 return 0;
wolfSSL 0:1239e9b70ca2 10244 }
wolfSSL 0:1239e9b70ca2 10245
wolfSSL 0:1239e9b70ca2 10246 if (DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub,
wolfSSL 0:1239e9b70ca2 10247 pubSz) < 0) {
wolfSSL 0:1239e9b70ca2 10248 CYASSL_MSG("DhAgree failed");
wolfSSL 0:1239e9b70ca2 10249 return 0;
wolfSSL 0:1239e9b70ca2 10250 }
wolfSSL 0:1239e9b70ca2 10251
wolfSSL 0:1239e9b70ca2 10252 CYASSL_MSG("CyaSSL_compute_key success");
wolfSSL 0:1239e9b70ca2 10253 return (int)keySz;
wolfSSL 0:1239e9b70ca2 10254 }
wolfSSL 0:1239e9b70ca2 10255
wolfSSL 0:1239e9b70ca2 10256
wolfSSL 0:1239e9b70ca2 10257 #ifndef NO_DSA
wolfSSL 0:1239e9b70ca2 10258 static void InitCyaSSL_DSA(CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10259 {
wolfSSL 0:1239e9b70ca2 10260 if (dsa) {
wolfSSL 0:1239e9b70ca2 10261 dsa->p = NULL;
wolfSSL 0:1239e9b70ca2 10262 dsa->q = NULL;
wolfSSL 0:1239e9b70ca2 10263 dsa->g = NULL;
wolfSSL 0:1239e9b70ca2 10264 dsa->pub_key = NULL;
wolfSSL 0:1239e9b70ca2 10265 dsa->priv_key = NULL;
wolfSSL 0:1239e9b70ca2 10266 dsa->internal = NULL;
wolfSSL 0:1239e9b70ca2 10267 dsa->inSet = 0;
wolfSSL 0:1239e9b70ca2 10268 dsa->exSet = 0;
wolfSSL 0:1239e9b70ca2 10269 }
wolfSSL 0:1239e9b70ca2 10270 }
wolfSSL 0:1239e9b70ca2 10271
wolfSSL 0:1239e9b70ca2 10272
wolfSSL 0:1239e9b70ca2 10273 CYASSL_DSA* CyaSSL_DSA_new(void)
wolfSSL 0:1239e9b70ca2 10274 {
wolfSSL 0:1239e9b70ca2 10275 CYASSL_DSA* external;
wolfSSL 0:1239e9b70ca2 10276 DsaKey* key;
wolfSSL 0:1239e9b70ca2 10277
wolfSSL 0:1239e9b70ca2 10278 CYASSL_MSG("CyaSSL_DSA_new");
wolfSSL 0:1239e9b70ca2 10279
wolfSSL 0:1239e9b70ca2 10280 key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10281 if (key == NULL) {
wolfSSL 0:1239e9b70ca2 10282 CYASSL_MSG("CyaSSL_DSA_new malloc DsaKey failure");
wolfSSL 0:1239e9b70ca2 10283 return NULL;
wolfSSL 0:1239e9b70ca2 10284 }
wolfSSL 0:1239e9b70ca2 10285
wolfSSL 0:1239e9b70ca2 10286 external = (CYASSL_DSA*) XMALLOC(sizeof(CYASSL_DSA), NULL,
wolfSSL 0:1239e9b70ca2 10287 DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10288 if (external == NULL) {
wolfSSL 0:1239e9b70ca2 10289 CYASSL_MSG("CyaSSL_DSA_new malloc CYASSL_DSA failure");
wolfSSL 0:1239e9b70ca2 10290 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10291 return NULL;
wolfSSL 0:1239e9b70ca2 10292 }
wolfSSL 0:1239e9b70ca2 10293
wolfSSL 0:1239e9b70ca2 10294 InitCyaSSL_DSA(external);
wolfSSL 0:1239e9b70ca2 10295 InitDsaKey(key);
wolfSSL 0:1239e9b70ca2 10296 external->internal = key;
wolfSSL 0:1239e9b70ca2 10297
wolfSSL 0:1239e9b70ca2 10298 return external;
wolfSSL 0:1239e9b70ca2 10299 }
wolfSSL 0:1239e9b70ca2 10300
wolfSSL 0:1239e9b70ca2 10301
wolfSSL 0:1239e9b70ca2 10302 void CyaSSL_DSA_free(CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10303 {
wolfSSL 0:1239e9b70ca2 10304 CYASSL_MSG("CyaSSL_DSA_free");
wolfSSL 0:1239e9b70ca2 10305
wolfSSL 0:1239e9b70ca2 10306 if (dsa) {
wolfSSL 0:1239e9b70ca2 10307 if (dsa->internal) {
wolfSSL 0:1239e9b70ca2 10308 FreeDsaKey((DsaKey*)dsa->internal);
wolfSSL 0:1239e9b70ca2 10309 XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10310 dsa->internal = NULL;
wolfSSL 0:1239e9b70ca2 10311 }
wolfSSL 0:1239e9b70ca2 10312 CyaSSL_BN_free(dsa->priv_key);
wolfSSL 0:1239e9b70ca2 10313 CyaSSL_BN_free(dsa->pub_key);
wolfSSL 0:1239e9b70ca2 10314 CyaSSL_BN_free(dsa->g);
wolfSSL 0:1239e9b70ca2 10315 CyaSSL_BN_free(dsa->q);
wolfSSL 0:1239e9b70ca2 10316 CyaSSL_BN_free(dsa->p);
wolfSSL 0:1239e9b70ca2 10317 InitCyaSSL_DSA(dsa); /* set back to NULLs for safety */
wolfSSL 0:1239e9b70ca2 10318
wolfSSL 0:1239e9b70ca2 10319 XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 0:1239e9b70ca2 10320 }
wolfSSL 0:1239e9b70ca2 10321 }
wolfSSL 0:1239e9b70ca2 10322
wolfSSL 0:1239e9b70ca2 10323
wolfSSL 0:1239e9b70ca2 10324 int CyaSSL_DSA_generate_key(CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10325 {
wolfSSL 0:1239e9b70ca2 10326 (void)dsa;
wolfSSL 0:1239e9b70ca2 10327
wolfSSL 0:1239e9b70ca2 10328 CYASSL_MSG("CyaSSL_DSA_generate_key");
wolfSSL 0:1239e9b70ca2 10329
wolfSSL 0:1239e9b70ca2 10330 return 0; /* key gen not needed by server */
wolfSSL 0:1239e9b70ca2 10331 }
wolfSSL 0:1239e9b70ca2 10332
wolfSSL 0:1239e9b70ca2 10333
wolfSSL 0:1239e9b70ca2 10334 int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA* dsa, int bits,
wolfSSL 0:1239e9b70ca2 10335 unsigned char* seed, int seedLen, int* counterRet,
wolfSSL 0:1239e9b70ca2 10336 unsigned long* hRet, void* cb)
wolfSSL 0:1239e9b70ca2 10337 {
wolfSSL 0:1239e9b70ca2 10338 (void)dsa;
wolfSSL 0:1239e9b70ca2 10339 (void)bits;
wolfSSL 0:1239e9b70ca2 10340 (void)seed;
wolfSSL 0:1239e9b70ca2 10341 (void)seedLen;
wolfSSL 0:1239e9b70ca2 10342 (void)counterRet;
wolfSSL 0:1239e9b70ca2 10343 (void)hRet;
wolfSSL 0:1239e9b70ca2 10344 (void)cb;
wolfSSL 0:1239e9b70ca2 10345
wolfSSL 0:1239e9b70ca2 10346 CYASSL_MSG("CyaSSL_DSA_generate_parameters_ex");
wolfSSL 0:1239e9b70ca2 10347
wolfSSL 0:1239e9b70ca2 10348 return 0; /* key gen not needed by server */
wolfSSL 0:1239e9b70ca2 10349 }
wolfSSL 0:1239e9b70ca2 10350 #endif /* NO_DSA */
wolfSSL 0:1239e9b70ca2 10351
wolfSSL 0:1239e9b70ca2 10352 static void InitCyaSSL_Rsa(CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10353 {
wolfSSL 0:1239e9b70ca2 10354 if (rsa) {
wolfSSL 0:1239e9b70ca2 10355 rsa->n = NULL;
wolfSSL 0:1239e9b70ca2 10356 rsa->e = NULL;
wolfSSL 0:1239e9b70ca2 10357 rsa->d = NULL;
wolfSSL 0:1239e9b70ca2 10358 rsa->p = NULL;
wolfSSL 0:1239e9b70ca2 10359 rsa->q = NULL;
wolfSSL 0:1239e9b70ca2 10360 rsa->dmp1 = NULL;
wolfSSL 0:1239e9b70ca2 10361 rsa->dmq1 = NULL;
wolfSSL 0:1239e9b70ca2 10362 rsa->iqmp = NULL;
wolfSSL 0:1239e9b70ca2 10363 rsa->internal = NULL;
wolfSSL 0:1239e9b70ca2 10364 rsa->inSet = 0;
wolfSSL 0:1239e9b70ca2 10365 rsa->exSet = 0;
wolfSSL 0:1239e9b70ca2 10366 }
wolfSSL 0:1239e9b70ca2 10367 }
wolfSSL 0:1239e9b70ca2 10368
wolfSSL 0:1239e9b70ca2 10369
wolfSSL 0:1239e9b70ca2 10370 CYASSL_RSA* CyaSSL_RSA_new(void)
wolfSSL 0:1239e9b70ca2 10371 {
wolfSSL 0:1239e9b70ca2 10372 CYASSL_RSA* external;
wolfSSL 0:1239e9b70ca2 10373 RsaKey* key;
wolfSSL 0:1239e9b70ca2 10374
wolfSSL 0:1239e9b70ca2 10375 CYASSL_MSG("CyaSSL_RSA_new");
wolfSSL 0:1239e9b70ca2 10376
wolfSSL 0:1239e9b70ca2 10377 key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10378 if (key == NULL) {
wolfSSL 0:1239e9b70ca2 10379 CYASSL_MSG("CyaSSL_RSA_new malloc RsaKey failure");
wolfSSL 0:1239e9b70ca2 10380 return NULL;
wolfSSL 0:1239e9b70ca2 10381 }
wolfSSL 0:1239e9b70ca2 10382
wolfSSL 0:1239e9b70ca2 10383 external = (CYASSL_RSA*) XMALLOC(sizeof(CYASSL_RSA), NULL,
wolfSSL 0:1239e9b70ca2 10384 DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10385 if (external == NULL) {
wolfSSL 0:1239e9b70ca2 10386 CYASSL_MSG("CyaSSL_RSA_new malloc CYASSL_RSA failure");
wolfSSL 0:1239e9b70ca2 10387 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10388 return NULL;
wolfSSL 0:1239e9b70ca2 10389 }
wolfSSL 0:1239e9b70ca2 10390
wolfSSL 0:1239e9b70ca2 10391 InitCyaSSL_Rsa(external);
wolfSSL 0:1239e9b70ca2 10392 if (InitRsaKey(key, NULL) != 0) {
wolfSSL 0:1239e9b70ca2 10393 CYASSL_MSG("InitRsaKey CYASSL_RSA failure");
wolfSSL 0:1239e9b70ca2 10394 XFREE(external, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10395 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10396 return NULL;
wolfSSL 0:1239e9b70ca2 10397 }
wolfSSL 0:1239e9b70ca2 10398 external->internal = key;
wolfSSL 0:1239e9b70ca2 10399
wolfSSL 0:1239e9b70ca2 10400 return external;
wolfSSL 0:1239e9b70ca2 10401 }
wolfSSL 0:1239e9b70ca2 10402
wolfSSL 0:1239e9b70ca2 10403
wolfSSL 0:1239e9b70ca2 10404 void CyaSSL_RSA_free(CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10405 {
wolfSSL 0:1239e9b70ca2 10406 CYASSL_MSG("CyaSSL_RSA_free");
wolfSSL 0:1239e9b70ca2 10407
wolfSSL 0:1239e9b70ca2 10408 if (rsa) {
wolfSSL 0:1239e9b70ca2 10409 if (rsa->internal) {
wolfSSL 0:1239e9b70ca2 10410 FreeRsaKey((RsaKey*)rsa->internal);
wolfSSL 0:1239e9b70ca2 10411 XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10412 rsa->internal = NULL;
wolfSSL 0:1239e9b70ca2 10413 }
wolfSSL 0:1239e9b70ca2 10414 CyaSSL_BN_free(rsa->iqmp);
wolfSSL 0:1239e9b70ca2 10415 CyaSSL_BN_free(rsa->dmq1);
wolfSSL 0:1239e9b70ca2 10416 CyaSSL_BN_free(rsa->dmp1);
wolfSSL 0:1239e9b70ca2 10417 CyaSSL_BN_free(rsa->q);
wolfSSL 0:1239e9b70ca2 10418 CyaSSL_BN_free(rsa->p);
wolfSSL 0:1239e9b70ca2 10419 CyaSSL_BN_free(rsa->d);
wolfSSL 0:1239e9b70ca2 10420 CyaSSL_BN_free(rsa->e);
wolfSSL 0:1239e9b70ca2 10421 CyaSSL_BN_free(rsa->n);
wolfSSL 0:1239e9b70ca2 10422 InitCyaSSL_Rsa(rsa); /* set back to NULLs for safety */
wolfSSL 0:1239e9b70ca2 10423
wolfSSL 0:1239e9b70ca2 10424 XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 0:1239e9b70ca2 10425 }
wolfSSL 0:1239e9b70ca2 10426 }
wolfSSL 0:1239e9b70ca2 10427
wolfSSL 0:1239e9b70ca2 10428
wolfSSL 0:1239e9b70ca2 10429 static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi)
wolfSSL 0:1239e9b70ca2 10430 {
wolfSSL 0:1239e9b70ca2 10431 CYASSL_MSG("Entering SetIndividualExternal");
wolfSSL 0:1239e9b70ca2 10432
wolfSSL 0:1239e9b70ca2 10433 if (mpi == NULL) {
wolfSSL 0:1239e9b70ca2 10434 CYASSL_MSG("mpi NULL error");
wolfSSL 0:1239e9b70ca2 10435 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10436 }
wolfSSL 0:1239e9b70ca2 10437
wolfSSL 0:1239e9b70ca2 10438 if (*bn == NULL) {
wolfSSL 0:1239e9b70ca2 10439 *bn = CyaSSL_BN_new();
wolfSSL 0:1239e9b70ca2 10440 if (*bn == NULL) {
wolfSSL 0:1239e9b70ca2 10441 CYASSL_MSG("SetIndividualExternal alloc failed");
wolfSSL 0:1239e9b70ca2 10442 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10443 }
wolfSSL 0:1239e9b70ca2 10444 }
wolfSSL 0:1239e9b70ca2 10445
wolfSSL 0:1239e9b70ca2 10446 if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10447 CYASSL_MSG("mp_copy error");
wolfSSL 0:1239e9b70ca2 10448 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10449 }
wolfSSL 0:1239e9b70ca2 10450
wolfSSL 0:1239e9b70ca2 10451 return 0;
wolfSSL 0:1239e9b70ca2 10452 }
wolfSSL 0:1239e9b70ca2 10453
wolfSSL 0:1239e9b70ca2 10454
wolfSSL 0:1239e9b70ca2 10455 #ifndef NO_DSA
wolfSSL 0:1239e9b70ca2 10456 static int SetDsaExternal(CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10457 {
wolfSSL 0:1239e9b70ca2 10458 DsaKey* key;
wolfSSL 0:1239e9b70ca2 10459 CYASSL_MSG("Entering SetDsaExternal");
wolfSSL 0:1239e9b70ca2 10460
wolfSSL 0:1239e9b70ca2 10461 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 0:1239e9b70ca2 10462 CYASSL_MSG("dsa key NULL error");
wolfSSL 0:1239e9b70ca2 10463 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10464 }
wolfSSL 0:1239e9b70ca2 10465
wolfSSL 0:1239e9b70ca2 10466 key = (DsaKey*)dsa->internal;
wolfSSL 0:1239e9b70ca2 10467
wolfSSL 0:1239e9b70ca2 10468 if (SetIndividualExternal(&dsa->p, &key->p) < 0) {
wolfSSL 0:1239e9b70ca2 10469 CYASSL_MSG("dsa p key error");
wolfSSL 0:1239e9b70ca2 10470 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10471 }
wolfSSL 0:1239e9b70ca2 10472
wolfSSL 0:1239e9b70ca2 10473 if (SetIndividualExternal(&dsa->q, &key->q) < 0) {
wolfSSL 0:1239e9b70ca2 10474 CYASSL_MSG("dsa q key error");
wolfSSL 0:1239e9b70ca2 10475 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10476 }
wolfSSL 0:1239e9b70ca2 10477
wolfSSL 0:1239e9b70ca2 10478 if (SetIndividualExternal(&dsa->g, &key->g) < 0) {
wolfSSL 0:1239e9b70ca2 10479 CYASSL_MSG("dsa g key error");
wolfSSL 0:1239e9b70ca2 10480 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10481 }
wolfSSL 0:1239e9b70ca2 10482
wolfSSL 0:1239e9b70ca2 10483 if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) {
wolfSSL 0:1239e9b70ca2 10484 CYASSL_MSG("dsa y key error");
wolfSSL 0:1239e9b70ca2 10485 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10486 }
wolfSSL 0:1239e9b70ca2 10487
wolfSSL 0:1239e9b70ca2 10488 if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) {
wolfSSL 0:1239e9b70ca2 10489 CYASSL_MSG("dsa x key error");
wolfSSL 0:1239e9b70ca2 10490 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10491 }
wolfSSL 0:1239e9b70ca2 10492
wolfSSL 0:1239e9b70ca2 10493 dsa->exSet = 1;
wolfSSL 0:1239e9b70ca2 10494
wolfSSL 0:1239e9b70ca2 10495 return 0;
wolfSSL 0:1239e9b70ca2 10496 }
wolfSSL 0:1239e9b70ca2 10497 #endif /* NO_DSA */
wolfSSL 0:1239e9b70ca2 10498
wolfSSL 0:1239e9b70ca2 10499
wolfSSL 0:1239e9b70ca2 10500 static int SetRsaExternal(CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10501 {
wolfSSL 0:1239e9b70ca2 10502 RsaKey* key;
wolfSSL 0:1239e9b70ca2 10503 CYASSL_MSG("Entering SetRsaExternal");
wolfSSL 0:1239e9b70ca2 10504
wolfSSL 0:1239e9b70ca2 10505 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 0:1239e9b70ca2 10506 CYASSL_MSG("rsa key NULL error");
wolfSSL 0:1239e9b70ca2 10507 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10508 }
wolfSSL 0:1239e9b70ca2 10509
wolfSSL 0:1239e9b70ca2 10510 key = (RsaKey*)rsa->internal;
wolfSSL 0:1239e9b70ca2 10511
wolfSSL 0:1239e9b70ca2 10512 if (SetIndividualExternal(&rsa->n, &key->n) < 0) {
wolfSSL 0:1239e9b70ca2 10513 CYASSL_MSG("rsa n key error");
wolfSSL 0:1239e9b70ca2 10514 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10515 }
wolfSSL 0:1239e9b70ca2 10516
wolfSSL 0:1239e9b70ca2 10517 if (SetIndividualExternal(&rsa->e, &key->e) < 0) {
wolfSSL 0:1239e9b70ca2 10518 CYASSL_MSG("rsa e key error");
wolfSSL 0:1239e9b70ca2 10519 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10520 }
wolfSSL 0:1239e9b70ca2 10521
wolfSSL 0:1239e9b70ca2 10522 if (SetIndividualExternal(&rsa->d, &key->d) < 0) {
wolfSSL 0:1239e9b70ca2 10523 CYASSL_MSG("rsa d key error");
wolfSSL 0:1239e9b70ca2 10524 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10525 }
wolfSSL 0:1239e9b70ca2 10526
wolfSSL 0:1239e9b70ca2 10527 if (SetIndividualExternal(&rsa->p, &key->p) < 0) {
wolfSSL 0:1239e9b70ca2 10528 CYASSL_MSG("rsa p key error");
wolfSSL 0:1239e9b70ca2 10529 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10530 }
wolfSSL 0:1239e9b70ca2 10531
wolfSSL 0:1239e9b70ca2 10532 if (SetIndividualExternal(&rsa->q, &key->q) < 0) {
wolfSSL 0:1239e9b70ca2 10533 CYASSL_MSG("rsa q key error");
wolfSSL 0:1239e9b70ca2 10534 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10535 }
wolfSSL 0:1239e9b70ca2 10536
wolfSSL 0:1239e9b70ca2 10537 if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) {
wolfSSL 0:1239e9b70ca2 10538 CYASSL_MSG("rsa dP key error");
wolfSSL 0:1239e9b70ca2 10539 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10540 }
wolfSSL 0:1239e9b70ca2 10541
wolfSSL 0:1239e9b70ca2 10542 if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) {
wolfSSL 0:1239e9b70ca2 10543 CYASSL_MSG("rsa dQ key error");
wolfSSL 0:1239e9b70ca2 10544 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10545 }
wolfSSL 0:1239e9b70ca2 10546
wolfSSL 0:1239e9b70ca2 10547 if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) {
wolfSSL 0:1239e9b70ca2 10548 CYASSL_MSG("rsa u key error");
wolfSSL 0:1239e9b70ca2 10549 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10550 }
wolfSSL 0:1239e9b70ca2 10551
wolfSSL 0:1239e9b70ca2 10552 rsa->exSet = 1;
wolfSSL 0:1239e9b70ca2 10553
wolfSSL 0:1239e9b70ca2 10554 return 0;
wolfSSL 0:1239e9b70ca2 10555 }
wolfSSL 0:1239e9b70ca2 10556
wolfSSL 0:1239e9b70ca2 10557
wolfSSL 0:1239e9b70ca2 10558 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 10559 int CyaSSL_RSA_generate_key_ex(CYASSL_RSA* rsa, int bits, CYASSL_BIGNUM* bn,
wolfSSL 0:1239e9b70ca2 10560 void* cb)
wolfSSL 0:1239e9b70ca2 10561 {
wolfSSL 0:1239e9b70ca2 10562 RNG rng;
wolfSSL 0:1239e9b70ca2 10563
wolfSSL 0:1239e9b70ca2 10564 CYASSL_MSG("CyaSSL_RSA_generate_key_ex");
wolfSSL 0:1239e9b70ca2 10565
wolfSSL 0:1239e9b70ca2 10566 (void)rsa;
wolfSSL 0:1239e9b70ca2 10567 (void)bits;
wolfSSL 0:1239e9b70ca2 10568 (void)cb;
wolfSSL 0:1239e9b70ca2 10569 (void)bn;
wolfSSL 0:1239e9b70ca2 10570
wolfSSL 0:1239e9b70ca2 10571 if (InitRng(&rng) < 0) {
wolfSSL 0:1239e9b70ca2 10572 CYASSL_MSG("RNG init failed");
wolfSSL 0:1239e9b70ca2 10573 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10574 }
wolfSSL 0:1239e9b70ca2 10575
wolfSSL 0:1239e9b70ca2 10576 #ifdef CYASSL_KEY_GEN
wolfSSL 0:1239e9b70ca2 10577 if (MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, &rng) < 0) {
wolfSSL 0:1239e9b70ca2 10578 CYASSL_MSG("MakeRsaKey failed");
wolfSSL 0:1239e9b70ca2 10579 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10580 }
wolfSSL 0:1239e9b70ca2 10581
wolfSSL 0:1239e9b70ca2 10582 if (SetRsaExternal(rsa) < 0) {
wolfSSL 0:1239e9b70ca2 10583 CYASSL_MSG("SetRsaExternal failed");
wolfSSL 0:1239e9b70ca2 10584 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10585 }
wolfSSL 0:1239e9b70ca2 10586
wolfSSL 0:1239e9b70ca2 10587 rsa->inSet = 1;
wolfSSL 0:1239e9b70ca2 10588
wolfSSL 0:1239e9b70ca2 10589 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10590 #else
wolfSSL 0:1239e9b70ca2 10591 CYASSL_MSG("No Key Gen built in");
wolfSSL 0:1239e9b70ca2 10592 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10593 #endif
wolfSSL 0:1239e9b70ca2 10594
wolfSSL 0:1239e9b70ca2 10595 }
wolfSSL 0:1239e9b70ca2 10596
wolfSSL 0:1239e9b70ca2 10597
wolfSSL 0:1239e9b70ca2 10598 /* SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 10599 int CyaSSL_RSA_blinding_on(CYASSL_RSA* rsa, CYASSL_BN_CTX* bn)
wolfSSL 0:1239e9b70ca2 10600 {
wolfSSL 0:1239e9b70ca2 10601 (void)rsa;
wolfSSL 0:1239e9b70ca2 10602 (void)bn;
wolfSSL 0:1239e9b70ca2 10603
wolfSSL 0:1239e9b70ca2 10604 CYASSL_MSG("CyaSSL_RSA_blinding_on");
wolfSSL 0:1239e9b70ca2 10605
wolfSSL 0:1239e9b70ca2 10606 return SSL_SUCCESS; /* on by default */
wolfSSL 0:1239e9b70ca2 10607 }
wolfSSL 0:1239e9b70ca2 10608
wolfSSL 0:1239e9b70ca2 10609
wolfSSL 0:1239e9b70ca2 10610 int CyaSSL_RSA_public_encrypt(int len, unsigned char* fr,
wolfSSL 0:1239e9b70ca2 10611 unsigned char* to, CYASSL_RSA* rsa, int padding)
wolfSSL 0:1239e9b70ca2 10612 {
wolfSSL 0:1239e9b70ca2 10613 (void)len;
wolfSSL 0:1239e9b70ca2 10614 (void)fr;
wolfSSL 0:1239e9b70ca2 10615 (void)to;
wolfSSL 0:1239e9b70ca2 10616 (void)rsa;
wolfSSL 0:1239e9b70ca2 10617 (void)padding;
wolfSSL 0:1239e9b70ca2 10618
wolfSSL 0:1239e9b70ca2 10619 CYASSL_MSG("CyaSSL_RSA_public_encrypt");
wolfSSL 0:1239e9b70ca2 10620
wolfSSL 0:1239e9b70ca2 10621 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10622 }
wolfSSL 0:1239e9b70ca2 10623
wolfSSL 0:1239e9b70ca2 10624
wolfSSL 0:1239e9b70ca2 10625 int CyaSSL_RSA_private_decrypt(int len, unsigned char* fr,
wolfSSL 0:1239e9b70ca2 10626 unsigned char* to, CYASSL_RSA* rsa, int padding)
wolfSSL 0:1239e9b70ca2 10627 {
wolfSSL 0:1239e9b70ca2 10628 (void)len;
wolfSSL 0:1239e9b70ca2 10629 (void)fr;
wolfSSL 0:1239e9b70ca2 10630 (void)to;
wolfSSL 0:1239e9b70ca2 10631 (void)rsa;
wolfSSL 0:1239e9b70ca2 10632 (void)padding;
wolfSSL 0:1239e9b70ca2 10633
wolfSSL 0:1239e9b70ca2 10634 CYASSL_MSG("CyaSSL_RSA_private_decrypt");
wolfSSL 0:1239e9b70ca2 10635
wolfSSL 0:1239e9b70ca2 10636 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10637 }
wolfSSL 0:1239e9b70ca2 10638
wolfSSL 0:1239e9b70ca2 10639
wolfSSL 0:1239e9b70ca2 10640 int CyaSSL_RSA_size(const CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10641 {
wolfSSL 0:1239e9b70ca2 10642 CYASSL_MSG("CyaSSL_RSA_size");
wolfSSL 0:1239e9b70ca2 10643
wolfSSL 0:1239e9b70ca2 10644 if (rsa == NULL)
wolfSSL 0:1239e9b70ca2 10645 return 0;
wolfSSL 0:1239e9b70ca2 10646
wolfSSL 0:1239e9b70ca2 10647 return CyaSSL_BN_num_bytes(rsa->n);
wolfSSL 0:1239e9b70ca2 10648 }
wolfSSL 0:1239e9b70ca2 10649
wolfSSL 0:1239e9b70ca2 10650
wolfSSL 0:1239e9b70ca2 10651 #ifndef NO_DSA
wolfSSL 0:1239e9b70ca2 10652 /* return SSL_SUCCESS on success, < 0 otherwise */
wolfSSL 0:1239e9b70ca2 10653 int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
wolfSSL 0:1239e9b70ca2 10654 CYASSL_DSA* dsa)
wolfSSL 0:1239e9b70ca2 10655 {
wolfSSL 0:1239e9b70ca2 10656 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 10657 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 10658
wolfSSL 0:1239e9b70ca2 10659 CYASSL_MSG("CyaSSL_DSA_do_sign");
wolfSSL 0:1239e9b70ca2 10660
wolfSSL 0:1239e9b70ca2 10661 if (d == NULL || sigRet == NULL || dsa == NULL) {
wolfSSL 0:1239e9b70ca2 10662 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10663 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10664 }
wolfSSL 0:1239e9b70ca2 10665
wolfSSL 0:1239e9b70ca2 10666 if (dsa->inSet == 0) {
wolfSSL 0:1239e9b70ca2 10667 CYASSL_MSG("No DSA internal set");
wolfSSL 0:1239e9b70ca2 10668 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10669 }
wolfSSL 0:1239e9b70ca2 10670
wolfSSL 0:1239e9b70ca2 10671 if (InitRng(&tmpRNG) != 0) {
wolfSSL 0:1239e9b70ca2 10672 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 10673 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 10674 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 10675 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10676 }
wolfSSL 0:1239e9b70ca2 10677 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 10678 }
wolfSSL 0:1239e9b70ca2 10679
wolfSSL 0:1239e9b70ca2 10680 if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
wolfSSL 0:1239e9b70ca2 10681 CYASSL_MSG("DsaSign failed");
wolfSSL 0:1239e9b70ca2 10682 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10683 }
wolfSSL 0:1239e9b70ca2 10684
wolfSSL 0:1239e9b70ca2 10685 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10686 }
wolfSSL 0:1239e9b70ca2 10687 #endif /* NO_DSA */
wolfSSL 0:1239e9b70ca2 10688
wolfSSL 0:1239e9b70ca2 10689
wolfSSL 0:1239e9b70ca2 10690 /* return SSL_SUCCES on ok, 0 otherwise */
wolfSSL 0:1239e9b70ca2 10691 int CyaSSL_RSA_sign(int type, const unsigned char* m,
wolfSSL 0:1239e9b70ca2 10692 unsigned int mLen, unsigned char* sigRet,
wolfSSL 0:1239e9b70ca2 10693 unsigned int* sigLen, CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10694 {
wolfSSL 0:1239e9b70ca2 10695 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 0:1239e9b70ca2 10696 word32 outLen;
wolfSSL 0:1239e9b70ca2 10697 word32 signSz;
wolfSSL 0:1239e9b70ca2 10698 RNG tmpRNG;
wolfSSL 0:1239e9b70ca2 10699 RNG* rng = &tmpRNG;
wolfSSL 0:1239e9b70ca2 10700
wolfSSL 0:1239e9b70ca2 10701 CYASSL_MSG("CyaSSL_RSA_sign");
wolfSSL 0:1239e9b70ca2 10702
wolfSSL 0:1239e9b70ca2 10703 if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
wolfSSL 0:1239e9b70ca2 10704 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 10705 return 0;
wolfSSL 0:1239e9b70ca2 10706 }
wolfSSL 0:1239e9b70ca2 10707
wolfSSL 0:1239e9b70ca2 10708 if (rsa->inSet == 0) {
wolfSSL 0:1239e9b70ca2 10709 CYASSL_MSG("No RSA internal set");
wolfSSL 0:1239e9b70ca2 10710 return 0;
wolfSSL 0:1239e9b70ca2 10711 }
wolfSSL 0:1239e9b70ca2 10712
wolfSSL 0:1239e9b70ca2 10713 outLen = (word32)CyaSSL_BN_num_bytes(rsa->n);
wolfSSL 0:1239e9b70ca2 10714 if (outLen == 0) {
wolfSSL 0:1239e9b70ca2 10715 CYASSL_MSG("Bad RSA size");
wolfSSL 0:1239e9b70ca2 10716 return 0;
wolfSSL 0:1239e9b70ca2 10717 }
wolfSSL 0:1239e9b70ca2 10718
wolfSSL 0:1239e9b70ca2 10719 if (InitRng(&tmpRNG) != 0) {
wolfSSL 0:1239e9b70ca2 10720 CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL 0:1239e9b70ca2 10721 if (initGlobalRNG == 0) {
wolfSSL 0:1239e9b70ca2 10722 CYASSL_MSG("Global RNG no Init");
wolfSSL 0:1239e9b70ca2 10723 return 0;
wolfSSL 0:1239e9b70ca2 10724 }
wolfSSL 0:1239e9b70ca2 10725 rng = &globalRNG;
wolfSSL 0:1239e9b70ca2 10726 }
wolfSSL 0:1239e9b70ca2 10727
wolfSSL 0:1239e9b70ca2 10728 switch (type) {
wolfSSL 0:1239e9b70ca2 10729 case NID_md5:
wolfSSL 0:1239e9b70ca2 10730 type = MD5h;
wolfSSL 0:1239e9b70ca2 10731 break;
wolfSSL 0:1239e9b70ca2 10732
wolfSSL 0:1239e9b70ca2 10733 case NID_sha1:
wolfSSL 0:1239e9b70ca2 10734 type = SHAh;
wolfSSL 0:1239e9b70ca2 10735 break;
wolfSSL 0:1239e9b70ca2 10736
wolfSSL 0:1239e9b70ca2 10737 default:
wolfSSL 0:1239e9b70ca2 10738 CYASSL_MSG("Bad md type");
wolfSSL 0:1239e9b70ca2 10739 return 0;
wolfSSL 0:1239e9b70ca2 10740 }
wolfSSL 0:1239e9b70ca2 10741
wolfSSL 0:1239e9b70ca2 10742 signSz = EncodeSignature(encodedSig, m, mLen, type);
wolfSSL 0:1239e9b70ca2 10743 if (signSz == 0) {
wolfSSL 0:1239e9b70ca2 10744 CYASSL_MSG("Bad Encode Signature");
wolfSSL 0:1239e9b70ca2 10745 return 0;
wolfSSL 0:1239e9b70ca2 10746 }
wolfSSL 0:1239e9b70ca2 10747
wolfSSL 0:1239e9b70ca2 10748 *sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
wolfSSL 0:1239e9b70ca2 10749 (RsaKey*)rsa->internal, rng);
wolfSSL 0:1239e9b70ca2 10750 if (*sigLen <= 0) {
wolfSSL 0:1239e9b70ca2 10751 CYASSL_MSG("Bad Rsa Sign");
wolfSSL 0:1239e9b70ca2 10752 return 0;
wolfSSL 0:1239e9b70ca2 10753 }
wolfSSL 0:1239e9b70ca2 10754
wolfSSL 0:1239e9b70ca2 10755 CYASSL_MSG("CyaSSL_RSA_sign success");
wolfSSL 0:1239e9b70ca2 10756 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10757 }
wolfSSL 0:1239e9b70ca2 10758
wolfSSL 0:1239e9b70ca2 10759
wolfSSL 0:1239e9b70ca2 10760 int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from,
wolfSSL 0:1239e9b70ca2 10761 unsigned char* to, CYASSL_RSA* rsa, int padding)
wolfSSL 0:1239e9b70ca2 10762 {
wolfSSL 0:1239e9b70ca2 10763 (void)flen;
wolfSSL 0:1239e9b70ca2 10764 (void)from;
wolfSSL 0:1239e9b70ca2 10765 (void)to;
wolfSSL 0:1239e9b70ca2 10766 (void)rsa;
wolfSSL 0:1239e9b70ca2 10767 (void)padding;
wolfSSL 0:1239e9b70ca2 10768
wolfSSL 0:1239e9b70ca2 10769 CYASSL_MSG("CyaSSL_RSA_public_decrypt");
wolfSSL 0:1239e9b70ca2 10770
wolfSSL 0:1239e9b70ca2 10771 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10772 }
wolfSSL 0:1239e9b70ca2 10773
wolfSSL 0:1239e9b70ca2 10774
wolfSSL 0:1239e9b70ca2 10775 /* generate p-1 and q-1, SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 10776 int CyaSSL_RSA_GenAdd(CYASSL_RSA* rsa)
wolfSSL 0:1239e9b70ca2 10777 {
wolfSSL 0:1239e9b70ca2 10778 int err;
wolfSSL 0:1239e9b70ca2 10779 mp_int tmp;
wolfSSL 0:1239e9b70ca2 10780
wolfSSL 0:1239e9b70ca2 10781 CYASSL_MSG("CyaSSL_RsaGenAdd");
wolfSSL 0:1239e9b70ca2 10782
wolfSSL 0:1239e9b70ca2 10783 if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL ||
wolfSSL 0:1239e9b70ca2 10784 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
wolfSSL 0:1239e9b70ca2 10785 CYASSL_MSG("rsa no init error");
wolfSSL 0:1239e9b70ca2 10786 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10787 }
wolfSSL 0:1239e9b70ca2 10788
wolfSSL 0:1239e9b70ca2 10789 if (mp_init(&tmp) != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10790 CYASSL_MSG("mp_init error");
wolfSSL 0:1239e9b70ca2 10791 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10792 }
wolfSSL 0:1239e9b70ca2 10793
wolfSSL 0:1239e9b70ca2 10794 err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
wolfSSL 0:1239e9b70ca2 10795 if (err != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10796 CYASSL_MSG("mp_sub_d error");
wolfSSL 0:1239e9b70ca2 10797 }
wolfSSL 0:1239e9b70ca2 10798 else
wolfSSL 0:1239e9b70ca2 10799 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 0:1239e9b70ca2 10800 (mp_int*)rsa->dmp1->internal);
wolfSSL 0:1239e9b70ca2 10801
wolfSSL 0:1239e9b70ca2 10802 if (err != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10803 CYASSL_MSG("mp_mod error");
wolfSSL 0:1239e9b70ca2 10804 }
wolfSSL 0:1239e9b70ca2 10805 else
wolfSSL 0:1239e9b70ca2 10806 err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
wolfSSL 0:1239e9b70ca2 10807 if (err != MP_OKAY) {
wolfSSL 0:1239e9b70ca2 10808 CYASSL_MSG("mp_sub_d error");
wolfSSL 0:1239e9b70ca2 10809 }
wolfSSL 0:1239e9b70ca2 10810 else
wolfSSL 0:1239e9b70ca2 10811 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 0:1239e9b70ca2 10812 (mp_int*)rsa->dmq1->internal);
wolfSSL 0:1239e9b70ca2 10813
wolfSSL 0:1239e9b70ca2 10814 mp_clear(&tmp);
wolfSSL 0:1239e9b70ca2 10815
wolfSSL 0:1239e9b70ca2 10816 if (err == MP_OKAY)
wolfSSL 0:1239e9b70ca2 10817 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 10818 else
wolfSSL 0:1239e9b70ca2 10819 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 10820 }
wolfSSL 0:1239e9b70ca2 10821
wolfSSL 0:1239e9b70ca2 10822
wolfSSL 0:1239e9b70ca2 10823 void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen,
wolfSSL 0:1239e9b70ca2 10824 const EVP_MD* type)
wolfSSL 0:1239e9b70ca2 10825 {
wolfSSL 0:1239e9b70ca2 10826 CYASSL_MSG("CyaSSL_HMAC_Init");
wolfSSL 0:1239e9b70ca2 10827
wolfSSL 0:1239e9b70ca2 10828 if (ctx == NULL) {
wolfSSL 0:1239e9b70ca2 10829 CYASSL_MSG("no ctx on init");
wolfSSL 0:1239e9b70ca2 10830 return;
wolfSSL 0:1239e9b70ca2 10831 }
wolfSSL 0:1239e9b70ca2 10832
wolfSSL 0:1239e9b70ca2 10833 if (type) {
wolfSSL 0:1239e9b70ca2 10834 CYASSL_MSG("init has type");
wolfSSL 0:1239e9b70ca2 10835
wolfSSL 0:1239e9b70ca2 10836 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 0:1239e9b70ca2 10837 CYASSL_MSG("md5 hmac");
wolfSSL 0:1239e9b70ca2 10838 ctx->type = MD5;
wolfSSL 0:1239e9b70ca2 10839 }
wolfSSL 0:1239e9b70ca2 10840 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 0:1239e9b70ca2 10841 CYASSL_MSG("sha256 hmac");
wolfSSL 0:1239e9b70ca2 10842 ctx->type = SHA256;
wolfSSL 0:1239e9b70ca2 10843 }
wolfSSL 0:1239e9b70ca2 10844
wolfSSL 0:1239e9b70ca2 10845 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 0:1239e9b70ca2 10846 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 0:1239e9b70ca2 10847 CYASSL_MSG("sha hmac");
wolfSSL 0:1239e9b70ca2 10848 ctx->type = SHA;
wolfSSL 0:1239e9b70ca2 10849 }
wolfSSL 0:1239e9b70ca2 10850 else {
wolfSSL 0:1239e9b70ca2 10851 CYASSL_MSG("bad init type");
wolfSSL 0:1239e9b70ca2 10852 }
wolfSSL 0:1239e9b70ca2 10853 }
wolfSSL 0:1239e9b70ca2 10854
wolfSSL 0:1239e9b70ca2 10855 if (key && keylen) {
wolfSSL 0:1239e9b70ca2 10856 CYASSL_MSG("keying hmac");
wolfSSL 0:1239e9b70ca2 10857 HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
wolfSSL 0:1239e9b70ca2 10858 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 10859 }
wolfSSL 0:1239e9b70ca2 10860 }
wolfSSL 0:1239e9b70ca2 10861
wolfSSL 0:1239e9b70ca2 10862
wolfSSL 0:1239e9b70ca2 10863 void CyaSSL_HMAC_Update(CYASSL_HMAC_CTX* ctx, const unsigned char* data,
wolfSSL 0:1239e9b70ca2 10864 int len)
wolfSSL 0:1239e9b70ca2 10865 {
wolfSSL 0:1239e9b70ca2 10866 CYASSL_MSG("CyaSSL_HMAC_Update");
wolfSSL 0:1239e9b70ca2 10867
wolfSSL 0:1239e9b70ca2 10868 if (ctx && data) {
wolfSSL 0:1239e9b70ca2 10869 CYASSL_MSG("updating hmac");
wolfSSL 0:1239e9b70ca2 10870 HmacUpdate(&ctx->hmac, data, (word32)len);
wolfSSL 0:1239e9b70ca2 10871 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 10872 }
wolfSSL 0:1239e9b70ca2 10873 }
wolfSSL 0:1239e9b70ca2 10874
wolfSSL 0:1239e9b70ca2 10875
wolfSSL 0:1239e9b70ca2 10876 void CyaSSL_HMAC_Final(CYASSL_HMAC_CTX* ctx, unsigned char* hash,
wolfSSL 0:1239e9b70ca2 10877 unsigned int* len)
wolfSSL 0:1239e9b70ca2 10878 {
wolfSSL 0:1239e9b70ca2 10879 CYASSL_MSG("CyaSSL_HMAC_Final");
wolfSSL 0:1239e9b70ca2 10880
wolfSSL 0:1239e9b70ca2 10881 if (ctx && hash) {
wolfSSL 0:1239e9b70ca2 10882 CYASSL_MSG("final hmac");
wolfSSL 0:1239e9b70ca2 10883 HmacFinal(&ctx->hmac, hash);
wolfSSL 0:1239e9b70ca2 10884 /* OpenSSL compat, no error */
wolfSSL 0:1239e9b70ca2 10885
wolfSSL 0:1239e9b70ca2 10886 if (len) {
wolfSSL 0:1239e9b70ca2 10887 CYASSL_MSG("setting output len");
wolfSSL 0:1239e9b70ca2 10888 switch (ctx->type) {
wolfSSL 0:1239e9b70ca2 10889 case MD5:
wolfSSL 0:1239e9b70ca2 10890 *len = MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 10891 break;
wolfSSL 0:1239e9b70ca2 10892
wolfSSL 0:1239e9b70ca2 10893 case SHA:
wolfSSL 0:1239e9b70ca2 10894 *len = SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 10895 break;
wolfSSL 0:1239e9b70ca2 10896
wolfSSL 0:1239e9b70ca2 10897 case SHA256:
wolfSSL 0:1239e9b70ca2 10898 *len = SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 10899 break;
wolfSSL 0:1239e9b70ca2 10900
wolfSSL 0:1239e9b70ca2 10901 default:
wolfSSL 0:1239e9b70ca2 10902 CYASSL_MSG("bad hmac type");
wolfSSL 0:1239e9b70ca2 10903 }
wolfSSL 0:1239e9b70ca2 10904 }
wolfSSL 0:1239e9b70ca2 10905 }
wolfSSL 0:1239e9b70ca2 10906 }
wolfSSL 0:1239e9b70ca2 10907
wolfSSL 0:1239e9b70ca2 10908
wolfSSL 0:1239e9b70ca2 10909 void CyaSSL_HMAC_cleanup(CYASSL_HMAC_CTX* ctx)
wolfSSL 0:1239e9b70ca2 10910 {
wolfSSL 0:1239e9b70ca2 10911 (void)ctx;
wolfSSL 0:1239e9b70ca2 10912
wolfSSL 0:1239e9b70ca2 10913 CYASSL_MSG("CyaSSL_HMAC_cleanup");
wolfSSL 0:1239e9b70ca2 10914 }
wolfSSL 0:1239e9b70ca2 10915
wolfSSL 0:1239e9b70ca2 10916
wolfSSL 0:1239e9b70ca2 10917 const CYASSL_EVP_MD* CyaSSL_EVP_get_digestbynid(int id)
wolfSSL 0:1239e9b70ca2 10918 {
wolfSSL 0:1239e9b70ca2 10919 CYASSL_MSG("CyaSSL_get_digestbynid");
wolfSSL 0:1239e9b70ca2 10920
wolfSSL 0:1239e9b70ca2 10921 switch(id) {
wolfSSL 0:1239e9b70ca2 10922 case NID_md5:
wolfSSL 0:1239e9b70ca2 10923 return CyaSSL_EVP_md5();
wolfSSL 0:1239e9b70ca2 10924
wolfSSL 0:1239e9b70ca2 10925 case NID_sha1:
wolfSSL 0:1239e9b70ca2 10926 return CyaSSL_EVP_sha1();
wolfSSL 0:1239e9b70ca2 10927
wolfSSL 0:1239e9b70ca2 10928 default:
wolfSSL 0:1239e9b70ca2 10929 CYASSL_MSG("Bad digest id value");
wolfSSL 0:1239e9b70ca2 10930 }
wolfSSL 0:1239e9b70ca2 10931
wolfSSL 0:1239e9b70ca2 10932 return NULL;
wolfSSL 0:1239e9b70ca2 10933 }
wolfSSL 0:1239e9b70ca2 10934
wolfSSL 0:1239e9b70ca2 10935
wolfSSL 0:1239e9b70ca2 10936 CYASSL_RSA* CyaSSL_EVP_PKEY_get1_RSA(CYASSL_EVP_PKEY* key)
wolfSSL 0:1239e9b70ca2 10937 {
wolfSSL 0:1239e9b70ca2 10938 (void)key;
wolfSSL 0:1239e9b70ca2 10939 CYASSL_MSG("CyaSSL_EVP_PKEY_get1_RSA");
wolfSSL 0:1239e9b70ca2 10940
wolfSSL 0:1239e9b70ca2 10941 return NULL;
wolfSSL 0:1239e9b70ca2 10942 }
wolfSSL 0:1239e9b70ca2 10943
wolfSSL 0:1239e9b70ca2 10944
wolfSSL 0:1239e9b70ca2 10945 CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY* key)
wolfSSL 0:1239e9b70ca2 10946 {
wolfSSL 0:1239e9b70ca2 10947 (void)key;
wolfSSL 0:1239e9b70ca2 10948 CYASSL_MSG("CyaSSL_EVP_PKEY_get1_DSA");
wolfSSL 0:1239e9b70ca2 10949
wolfSSL 0:1239e9b70ca2 10950 return NULL;
wolfSSL 0:1239e9b70ca2 10951 }
wolfSSL 0:1239e9b70ca2 10952
wolfSSL 0:1239e9b70ca2 10953
wolfSSL 0:1239e9b70ca2 10954 void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 10955 {
wolfSSL 0:1239e9b70ca2 10956 CYASSL_MSG("CyaSSL_EVP_X_STATE");
wolfSSL 0:1239e9b70ca2 10957
wolfSSL 0:1239e9b70ca2 10958 if (ctx) {
wolfSSL 0:1239e9b70ca2 10959 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 10960 case ARC4_TYPE:
wolfSSL 0:1239e9b70ca2 10961 CYASSL_MSG("returning arc4 state");
wolfSSL 0:1239e9b70ca2 10962 return (void*)&ctx->cipher.arc4.x;
wolfSSL 0:1239e9b70ca2 10963
wolfSSL 0:1239e9b70ca2 10964 default:
wolfSSL 0:1239e9b70ca2 10965 CYASSL_MSG("bad x state type");
wolfSSL 0:1239e9b70ca2 10966 return 0;
wolfSSL 0:1239e9b70ca2 10967 }
wolfSSL 0:1239e9b70ca2 10968 }
wolfSSL 0:1239e9b70ca2 10969
wolfSSL 0:1239e9b70ca2 10970 return NULL;
wolfSSL 0:1239e9b70ca2 10971 }
wolfSSL 0:1239e9b70ca2 10972
wolfSSL 0:1239e9b70ca2 10973
wolfSSL 0:1239e9b70ca2 10974 int CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 10975 {
wolfSSL 0:1239e9b70ca2 10976 CYASSL_MSG("CyaSSL_EVP_X_STATE_LEN");
wolfSSL 0:1239e9b70ca2 10977
wolfSSL 0:1239e9b70ca2 10978 if (ctx) {
wolfSSL 0:1239e9b70ca2 10979 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 10980 case ARC4_TYPE:
wolfSSL 0:1239e9b70ca2 10981 CYASSL_MSG("returning arc4 state size");
wolfSSL 0:1239e9b70ca2 10982 return sizeof(Arc4);
wolfSSL 0:1239e9b70ca2 10983
wolfSSL 0:1239e9b70ca2 10984 default:
wolfSSL 0:1239e9b70ca2 10985 CYASSL_MSG("bad x state type");
wolfSSL 0:1239e9b70ca2 10986 return 0;
wolfSSL 0:1239e9b70ca2 10987 }
wolfSSL 0:1239e9b70ca2 10988 }
wolfSSL 0:1239e9b70ca2 10989
wolfSSL 0:1239e9b70ca2 10990 return 0;
wolfSSL 0:1239e9b70ca2 10991 }
wolfSSL 0:1239e9b70ca2 10992
wolfSSL 0:1239e9b70ca2 10993
wolfSSL 0:1239e9b70ca2 10994 void CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 0:1239e9b70ca2 10995 unsigned char* iv, int len)
wolfSSL 0:1239e9b70ca2 10996 {
wolfSSL 0:1239e9b70ca2 10997 (void)len;
wolfSSL 0:1239e9b70ca2 10998
wolfSSL 0:1239e9b70ca2 10999 CYASSL_MSG("CyaSSL_3des_iv");
wolfSSL 0:1239e9b70ca2 11000
wolfSSL 0:1239e9b70ca2 11001 if (ctx == NULL || iv == NULL) {
wolfSSL 0:1239e9b70ca2 11002 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 11003 return;
wolfSSL 0:1239e9b70ca2 11004 }
wolfSSL 0:1239e9b70ca2 11005
wolfSSL 0:1239e9b70ca2 11006 if (doset)
wolfSSL 0:1239e9b70ca2 11007 Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 11008 else
wolfSSL 0:1239e9b70ca2 11009 memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 11010 }
wolfSSL 0:1239e9b70ca2 11011
wolfSSL 0:1239e9b70ca2 11012
wolfSSL 0:1239e9b70ca2 11013 void CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 0:1239e9b70ca2 11014 unsigned char* iv, int len)
wolfSSL 0:1239e9b70ca2 11015 {
wolfSSL 0:1239e9b70ca2 11016 (void)len;
wolfSSL 0:1239e9b70ca2 11017
wolfSSL 0:1239e9b70ca2 11018 CYASSL_MSG("CyaSSL_aes_ctr_iv");
wolfSSL 0:1239e9b70ca2 11019
wolfSSL 0:1239e9b70ca2 11020 if (ctx == NULL || iv == NULL) {
wolfSSL 0:1239e9b70ca2 11021 CYASSL_MSG("Bad function argument");
wolfSSL 0:1239e9b70ca2 11022 return;
wolfSSL 0:1239e9b70ca2 11023 }
wolfSSL 0:1239e9b70ca2 11024
wolfSSL 0:1239e9b70ca2 11025 if (doset)
wolfSSL 0:1239e9b70ca2 11026 AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
wolfSSL 0:1239e9b70ca2 11027 else
wolfSSL 0:1239e9b70ca2 11028 memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 0:1239e9b70ca2 11029 }
wolfSSL 0:1239e9b70ca2 11030
wolfSSL 0:1239e9b70ca2 11031
wolfSSL 0:1239e9b70ca2 11032 const CYASSL_EVP_MD* CyaSSL_EVP_ripemd160(void)
wolfSSL 0:1239e9b70ca2 11033 {
wolfSSL 0:1239e9b70ca2 11034 CYASSL_MSG("CyaSSL_ripemd160");
wolfSSL 0:1239e9b70ca2 11035
wolfSSL 0:1239e9b70ca2 11036 return NULL;
wolfSSL 0:1239e9b70ca2 11037 }
wolfSSL 0:1239e9b70ca2 11038
wolfSSL 0:1239e9b70ca2 11039
wolfSSL 0:1239e9b70ca2 11040 int CyaSSL_EVP_MD_size(const CYASSL_EVP_MD* type)
wolfSSL 0:1239e9b70ca2 11041 {
wolfSSL 0:1239e9b70ca2 11042 CYASSL_MSG("CyaSSL_EVP_MD_size");
wolfSSL 0:1239e9b70ca2 11043
wolfSSL 0:1239e9b70ca2 11044 if (type == NULL) {
wolfSSL 0:1239e9b70ca2 11045 CYASSL_MSG("No md type arg");
wolfSSL 0:1239e9b70ca2 11046 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11047 }
wolfSSL 0:1239e9b70ca2 11048
wolfSSL 0:1239e9b70ca2 11049 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 0:1239e9b70ca2 11050 return MD5_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11051 }
wolfSSL 0:1239e9b70ca2 11052 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 0:1239e9b70ca2 11053 return SHA256_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11054 }
wolfSSL 0:1239e9b70ca2 11055 #ifdef CYASSL_SHA384
wolfSSL 0:1239e9b70ca2 11056 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 0:1239e9b70ca2 11057 return SHA384_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11058 }
wolfSSL 0:1239e9b70ca2 11059 #endif
wolfSSL 0:1239e9b70ca2 11060 #ifdef CYASSL_SHA512
wolfSSL 0:1239e9b70ca2 11061 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 0:1239e9b70ca2 11062 return SHA512_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11063 }
wolfSSL 0:1239e9b70ca2 11064 #endif
wolfSSL 0:1239e9b70ca2 11065 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 0:1239e9b70ca2 11066 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 0:1239e9b70ca2 11067 return SHA_DIGEST_SIZE;
wolfSSL 0:1239e9b70ca2 11068 }
wolfSSL 0:1239e9b70ca2 11069
wolfSSL 0:1239e9b70ca2 11070 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11071 }
wolfSSL 0:1239e9b70ca2 11072
wolfSSL 0:1239e9b70ca2 11073
wolfSSL 0:1239e9b70ca2 11074 int CyaSSL_EVP_CIPHER_CTX_iv_length(const CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL 0:1239e9b70ca2 11075 {
wolfSSL 0:1239e9b70ca2 11076 CYASSL_MSG("CyaSSL_EVP_CIPHER_CTX_iv_length");
wolfSSL 0:1239e9b70ca2 11077
wolfSSL 0:1239e9b70ca2 11078 switch (ctx->cipherType) {
wolfSSL 0:1239e9b70ca2 11079
wolfSSL 0:1239e9b70ca2 11080 case AES_128_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11081 case AES_192_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11082 case AES_256_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11083 CYASSL_MSG("AES CBC");
wolfSSL 0:1239e9b70ca2 11084 return AES_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 11085
wolfSSL 0:1239e9b70ca2 11086 #ifdef CYASSL_AES_COUNTER
wolfSSL 0:1239e9b70ca2 11087 case AES_128_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 11088 case AES_192_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 11089 case AES_256_CTR_TYPE :
wolfSSL 0:1239e9b70ca2 11090 CYASSL_MSG("AES CTR");
wolfSSL 0:1239e9b70ca2 11091 return AES_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 11092 #endif
wolfSSL 0:1239e9b70ca2 11093
wolfSSL 0:1239e9b70ca2 11094 case DES_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11095 CYASSL_MSG("DES CBC");
wolfSSL 0:1239e9b70ca2 11096 return DES_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 11097
wolfSSL 0:1239e9b70ca2 11098 case DES_EDE3_CBC_TYPE :
wolfSSL 0:1239e9b70ca2 11099 CYASSL_MSG("DES EDE3 CBC");
wolfSSL 0:1239e9b70ca2 11100 return DES_BLOCK_SIZE;
wolfSSL 0:1239e9b70ca2 11101
wolfSSL 0:1239e9b70ca2 11102 case ARC4_TYPE :
wolfSSL 0:1239e9b70ca2 11103 CYASSL_MSG("ARC4");
wolfSSL 0:1239e9b70ca2 11104 return 0;
wolfSSL 0:1239e9b70ca2 11105
wolfSSL 0:1239e9b70ca2 11106 case NULL_CIPHER_TYPE :
wolfSSL 0:1239e9b70ca2 11107 CYASSL_MSG("NULL");
wolfSSL 0:1239e9b70ca2 11108 return 0;
wolfSSL 0:1239e9b70ca2 11109
wolfSSL 0:1239e9b70ca2 11110 default: {
wolfSSL 0:1239e9b70ca2 11111 CYASSL_MSG("bad type");
wolfSSL 0:1239e9b70ca2 11112 }
wolfSSL 0:1239e9b70ca2 11113 }
wolfSSL 0:1239e9b70ca2 11114 return 0;
wolfSSL 0:1239e9b70ca2 11115 }
wolfSSL 0:1239e9b70ca2 11116
wolfSSL 0:1239e9b70ca2 11117
wolfSSL 0:1239e9b70ca2 11118 void CyaSSL_OPENSSL_free(void* p)
wolfSSL 0:1239e9b70ca2 11119 {
wolfSSL 0:1239e9b70ca2 11120 CYASSL_MSG("CyaSSL_OPENSSL_free");
wolfSSL 0:1239e9b70ca2 11121
wolfSSL 0:1239e9b70ca2 11122 XFREE(p, NULL, 0);
wolfSSL 0:1239e9b70ca2 11123 }
wolfSSL 0:1239e9b70ca2 11124
wolfSSL 0:1239e9b70ca2 11125
wolfSSL 0:1239e9b70ca2 11126 int CyaSSL_PEM_write_bio_RSAPrivateKey(CYASSL_BIO* bio, RSA* rsa,
wolfSSL 0:1239e9b70ca2 11127 const EVP_CIPHER* cipher,
wolfSSL 0:1239e9b70ca2 11128 unsigned char* passwd, int len,
wolfSSL 0:1239e9b70ca2 11129 pem_password_cb cb, void* arg)
wolfSSL 0:1239e9b70ca2 11130 {
wolfSSL 0:1239e9b70ca2 11131 (void)bio;
wolfSSL 0:1239e9b70ca2 11132 (void)rsa;
wolfSSL 0:1239e9b70ca2 11133 (void)cipher;
wolfSSL 0:1239e9b70ca2 11134 (void)passwd;
wolfSSL 0:1239e9b70ca2 11135 (void)len;
wolfSSL 0:1239e9b70ca2 11136 (void)cb;
wolfSSL 0:1239e9b70ca2 11137 (void)arg;
wolfSSL 0:1239e9b70ca2 11138
wolfSSL 0:1239e9b70ca2 11139 CYASSL_MSG("CyaSSL_PEM_write_bio_RSAPrivateKey");
wolfSSL 0:1239e9b70ca2 11140
wolfSSL 0:1239e9b70ca2 11141 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 11142 }
wolfSSL 0:1239e9b70ca2 11143
wolfSSL 0:1239e9b70ca2 11144
wolfSSL 0:1239e9b70ca2 11145
wolfSSL 0:1239e9b70ca2 11146 int CyaSSL_PEM_write_bio_DSAPrivateKey(CYASSL_BIO* bio, DSA* rsa,
wolfSSL 0:1239e9b70ca2 11147 const EVP_CIPHER* cipher,
wolfSSL 0:1239e9b70ca2 11148 unsigned char* passwd, int len,
wolfSSL 0:1239e9b70ca2 11149 pem_password_cb cb, void* arg)
wolfSSL 0:1239e9b70ca2 11150 {
wolfSSL 0:1239e9b70ca2 11151 (void)bio;
wolfSSL 0:1239e9b70ca2 11152 (void)rsa;
wolfSSL 0:1239e9b70ca2 11153 (void)cipher;
wolfSSL 0:1239e9b70ca2 11154 (void)passwd;
wolfSSL 0:1239e9b70ca2 11155 (void)len;
wolfSSL 0:1239e9b70ca2 11156 (void)cb;
wolfSSL 0:1239e9b70ca2 11157 (void)arg;
wolfSSL 0:1239e9b70ca2 11158
wolfSSL 0:1239e9b70ca2 11159 CYASSL_MSG("CyaSSL_PEM_write_bio_DSAPrivateKey");
wolfSSL 0:1239e9b70ca2 11160
wolfSSL 0:1239e9b70ca2 11161 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 11162 }
wolfSSL 0:1239e9b70ca2 11163
wolfSSL 0:1239e9b70ca2 11164
wolfSSL 0:1239e9b70ca2 11165
wolfSSL 0:1239e9b70ca2 11166 CYASSL_EVP_PKEY* CyaSSL_PEM_read_bio_PrivateKey(CYASSL_BIO* bio,
wolfSSL 0:1239e9b70ca2 11167 CYASSL_EVP_PKEY** key, pem_password_cb cb, void* arg)
wolfSSL 0:1239e9b70ca2 11168 {
wolfSSL 0:1239e9b70ca2 11169 (void)bio;
wolfSSL 0:1239e9b70ca2 11170 (void)key;
wolfSSL 0:1239e9b70ca2 11171 (void)cb;
wolfSSL 0:1239e9b70ca2 11172 (void)arg;
wolfSSL 0:1239e9b70ca2 11173
wolfSSL 0:1239e9b70ca2 11174 CYASSL_MSG("CyaSSL_PEM_read_bio_PrivateKey");
wolfSSL 0:1239e9b70ca2 11175
wolfSSL 0:1239e9b70ca2 11176 return NULL;
wolfSSL 0:1239e9b70ca2 11177 }
wolfSSL 0:1239e9b70ca2 11178
wolfSSL 0:1239e9b70ca2 11179
wolfSSL 0:1239e9b70ca2 11180
wolfSSL 0:1239e9b70ca2 11181
wolfSSL 0:1239e9b70ca2 11182 /* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
wolfSSL 0:1239e9b70ca2 11183 int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
wolfSSL 0:1239e9b70ca2 11184 {
wolfSSL 0:1239e9b70ca2 11185 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 11186 int ret;
wolfSSL 0:1239e9b70ca2 11187
wolfSSL 0:1239e9b70ca2 11188 CYASSL_ENTER("CyaSSL_RSA_LoadDer");
wolfSSL 0:1239e9b70ca2 11189
wolfSSL 0:1239e9b70ca2 11190 if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) {
wolfSSL 0:1239e9b70ca2 11191 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 11192 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11193 }
wolfSSL 0:1239e9b70ca2 11194
wolfSSL 0:1239e9b70ca2 11195 ret = RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz);
wolfSSL 0:1239e9b70ca2 11196 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 11197 CYASSL_MSG("RsaPrivateKeyDecode failed");
wolfSSL 0:1239e9b70ca2 11198 return ret;
wolfSSL 0:1239e9b70ca2 11199 }
wolfSSL 0:1239e9b70ca2 11200
wolfSSL 0:1239e9b70ca2 11201 if (SetRsaExternal(rsa) < 0) {
wolfSSL 0:1239e9b70ca2 11202 CYASSL_MSG("SetRsaExternal failed");
wolfSSL 0:1239e9b70ca2 11203 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 11204 }
wolfSSL 0:1239e9b70ca2 11205
wolfSSL 0:1239e9b70ca2 11206 rsa->inSet = 1;
wolfSSL 0:1239e9b70ca2 11207
wolfSSL 0:1239e9b70ca2 11208 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 11209 }
wolfSSL 0:1239e9b70ca2 11210
wolfSSL 0:1239e9b70ca2 11211
wolfSSL 0:1239e9b70ca2 11212 #ifndef NO_DSA
wolfSSL 0:1239e9b70ca2 11213 /* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
wolfSSL 0:1239e9b70ca2 11214 int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
wolfSSL 0:1239e9b70ca2 11215 {
wolfSSL 0:1239e9b70ca2 11216 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 11217 int ret;
wolfSSL 0:1239e9b70ca2 11218
wolfSSL 0:1239e9b70ca2 11219 CYASSL_ENTER("CyaSSL_DSA_LoadDer");
wolfSSL 0:1239e9b70ca2 11220
wolfSSL 0:1239e9b70ca2 11221 if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) {
wolfSSL 0:1239e9b70ca2 11222 CYASSL_MSG("Bad function arguments");
wolfSSL 0:1239e9b70ca2 11223 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11224 }
wolfSSL 0:1239e9b70ca2 11225
wolfSSL 0:1239e9b70ca2 11226 ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz);
wolfSSL 0:1239e9b70ca2 11227 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 11228 CYASSL_MSG("DsaPrivateKeyDecode failed");
wolfSSL 0:1239e9b70ca2 11229 return ret;
wolfSSL 0:1239e9b70ca2 11230 }
wolfSSL 0:1239e9b70ca2 11231
wolfSSL 0:1239e9b70ca2 11232 if (SetDsaExternal(dsa) < 0) {
wolfSSL 0:1239e9b70ca2 11233 CYASSL_MSG("SetDsaExternal failed");
wolfSSL 0:1239e9b70ca2 11234 return SSL_FATAL_ERROR;
wolfSSL 0:1239e9b70ca2 11235 }
wolfSSL 0:1239e9b70ca2 11236
wolfSSL 0:1239e9b70ca2 11237 dsa->inSet = 1;
wolfSSL 0:1239e9b70ca2 11238
wolfSSL 0:1239e9b70ca2 11239 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 11240 }
wolfSSL 0:1239e9b70ca2 11241 #endif /* NO_DSA */
wolfSSL 0:1239e9b70ca2 11242
wolfSSL 0:1239e9b70ca2 11243
wolfSSL 0:1239e9b70ca2 11244
wolfSSL 0:1239e9b70ca2 11245
wolfSSL 0:1239e9b70ca2 11246 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 11247
wolfSSL 0:1239e9b70ca2 11248
wolfSSL 0:1239e9b70ca2 11249 #ifdef SESSION_CERTS
wolfSSL 0:1239e9b70ca2 11250
wolfSSL 0:1239e9b70ca2 11251
wolfSSL 0:1239e9b70ca2 11252 /* Get peer's certificate chain */
wolfSSL 0:1239e9b70ca2 11253 CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11254 {
wolfSSL 0:1239e9b70ca2 11255 CYASSL_ENTER("CyaSSL_get_peer_chain");
wolfSSL 0:1239e9b70ca2 11256 if (ssl)
wolfSSL 0:1239e9b70ca2 11257 return &ssl->session.chain;
wolfSSL 0:1239e9b70ca2 11258
wolfSSL 0:1239e9b70ca2 11259 return 0;
wolfSSL 0:1239e9b70ca2 11260 }
wolfSSL 0:1239e9b70ca2 11261
wolfSSL 0:1239e9b70ca2 11262
wolfSSL 0:1239e9b70ca2 11263 /* Get peer's certificate chain total count */
wolfSSL 0:1239e9b70ca2 11264 int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain)
wolfSSL 0:1239e9b70ca2 11265 {
wolfSSL 0:1239e9b70ca2 11266 CYASSL_ENTER("CyaSSL_get_chain_count");
wolfSSL 0:1239e9b70ca2 11267 if (chain)
wolfSSL 0:1239e9b70ca2 11268 return chain->count;
wolfSSL 0:1239e9b70ca2 11269
wolfSSL 0:1239e9b70ca2 11270 return 0;
wolfSSL 0:1239e9b70ca2 11271 }
wolfSSL 0:1239e9b70ca2 11272
wolfSSL 0:1239e9b70ca2 11273
wolfSSL 0:1239e9b70ca2 11274 /* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */
wolfSSL 0:1239e9b70ca2 11275 int CyaSSL_get_chain_length(CYASSL_X509_CHAIN* chain, int idx)
wolfSSL 0:1239e9b70ca2 11276 {
wolfSSL 0:1239e9b70ca2 11277 CYASSL_ENTER("CyaSSL_get_chain_length");
wolfSSL 0:1239e9b70ca2 11278 if (chain)
wolfSSL 0:1239e9b70ca2 11279 return chain->certs[idx].length;
wolfSSL 0:1239e9b70ca2 11280
wolfSSL 0:1239e9b70ca2 11281 return 0;
wolfSSL 0:1239e9b70ca2 11282 }
wolfSSL 0:1239e9b70ca2 11283
wolfSSL 0:1239e9b70ca2 11284
wolfSSL 0:1239e9b70ca2 11285 /* Get peer's ASN.1 DER ceritifcate at index (idx) */
wolfSSL 0:1239e9b70ca2 11286 byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx)
wolfSSL 0:1239e9b70ca2 11287 {
wolfSSL 0:1239e9b70ca2 11288 CYASSL_ENTER("CyaSSL_get_chain_cert");
wolfSSL 0:1239e9b70ca2 11289 if (chain)
wolfSSL 0:1239e9b70ca2 11290 return chain->certs[idx].buffer;
wolfSSL 0:1239e9b70ca2 11291
wolfSSL 0:1239e9b70ca2 11292 return 0;
wolfSSL 0:1239e9b70ca2 11293 }
wolfSSL 0:1239e9b70ca2 11294
wolfSSL 0:1239e9b70ca2 11295
wolfSSL 0:1239e9b70ca2 11296 /* Get peer's CyaSSL X509 ceritifcate at index (idx) */
wolfSSL 0:1239e9b70ca2 11297 CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx)
wolfSSL 0:1239e9b70ca2 11298 {
wolfSSL 0:1239e9b70ca2 11299 int ret;
wolfSSL 0:1239e9b70ca2 11300 CYASSL_X509* x509;
wolfSSL 0:1239e9b70ca2 11301 DecodedCert dCert;
wolfSSL 0:1239e9b70ca2 11302
wolfSSL 0:1239e9b70ca2 11303 CYASSL_ENTER("CyaSSL_get_chain_X509");
wolfSSL 0:1239e9b70ca2 11304 if (chain == NULL)
wolfSSL 0:1239e9b70ca2 11305 return NULL;
wolfSSL 0:1239e9b70ca2 11306
wolfSSL 0:1239e9b70ca2 11307 InitDecodedCert(&dCert, chain->certs[idx].buffer, chain->certs[idx].length,
wolfSSL 0:1239e9b70ca2 11308 NULL);
wolfSSL 0:1239e9b70ca2 11309 ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
wolfSSL 0:1239e9b70ca2 11310 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 11311 CYASSL_MSG("Failed to parse cert");
wolfSSL 0:1239e9b70ca2 11312 FreeDecodedCert(&dCert);
wolfSSL 0:1239e9b70ca2 11313 return NULL;
wolfSSL 0:1239e9b70ca2 11314 }
wolfSSL 0:1239e9b70ca2 11315
wolfSSL 0:1239e9b70ca2 11316 x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 11317 if (x509 == NULL) {
wolfSSL 0:1239e9b70ca2 11318 CYASSL_MSG("Failed alloc X509");
wolfSSL 0:1239e9b70ca2 11319 FreeDecodedCert(&dCert);
wolfSSL 0:1239e9b70ca2 11320 return NULL;
wolfSSL 0:1239e9b70ca2 11321 }
wolfSSL 0:1239e9b70ca2 11322 InitX509(x509, 1);
wolfSSL 0:1239e9b70ca2 11323
wolfSSL 0:1239e9b70ca2 11324 ret = CopyDecodedToX509(x509, &dCert);
wolfSSL 0:1239e9b70ca2 11325 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 11326 CYASSL_MSG("Failed to copy decoded");
wolfSSL 0:1239e9b70ca2 11327 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 0:1239e9b70ca2 11328 x509 = NULL;
wolfSSL 0:1239e9b70ca2 11329 }
wolfSSL 0:1239e9b70ca2 11330 FreeDecodedCert(&dCert);
wolfSSL 0:1239e9b70ca2 11331
wolfSSL 0:1239e9b70ca2 11332 return x509;
wolfSSL 0:1239e9b70ca2 11333 }
wolfSSL 0:1239e9b70ca2 11334
wolfSSL 0:1239e9b70ca2 11335
wolfSSL 0:1239e9b70ca2 11336 /* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
wolfSSL 0:1239e9b70ca2 11337 enough else return error (-1), output length is in *outLen
wolfSSL 0:1239e9b70ca2 11338 SSL_SUCCESS on ok */
wolfSSL 0:1239e9b70ca2 11339 int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx,
wolfSSL 0:1239e9b70ca2 11340 unsigned char* buf, int inLen, int* outLen)
wolfSSL 0:1239e9b70ca2 11341 {
wolfSSL 0:1239e9b70ca2 11342 const char header[] = "-----BEGIN CERTIFICATE-----\n";
wolfSSL 0:1239e9b70ca2 11343 const char footer[] = "-----END CERTIFICATE-----\n";
wolfSSL 0:1239e9b70ca2 11344
wolfSSL 0:1239e9b70ca2 11345 int headerLen = sizeof(header) - 1;
wolfSSL 0:1239e9b70ca2 11346 int footerLen = sizeof(footer) - 1;
wolfSSL 0:1239e9b70ca2 11347 int i;
wolfSSL 0:1239e9b70ca2 11348 int err;
wolfSSL 0:1239e9b70ca2 11349
wolfSSL 0:1239e9b70ca2 11350 CYASSL_ENTER("CyaSSL_get_chain_cert_pem");
wolfSSL 0:1239e9b70ca2 11351 if (!chain || !outLen || !buf)
wolfSSL 0:1239e9b70ca2 11352 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11353
wolfSSL 0:1239e9b70ca2 11354 /* don't even try if inLen too short */
wolfSSL 0:1239e9b70ca2 11355 if (inLen < headerLen + footerLen + chain->certs[idx].length)
wolfSSL 0:1239e9b70ca2 11356 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11357
wolfSSL 0:1239e9b70ca2 11358 /* header */
wolfSSL 0:1239e9b70ca2 11359 XMEMCPY(buf, header, headerLen);
wolfSSL 0:1239e9b70ca2 11360 i = headerLen;
wolfSSL 0:1239e9b70ca2 11361
wolfSSL 0:1239e9b70ca2 11362 /* body */
wolfSSL 0:1239e9b70ca2 11363 *outLen = inLen; /* input to Base64_Encode */
wolfSSL 0:1239e9b70ca2 11364 if ( (err = Base64_Encode(chain->certs[idx].buffer,
wolfSSL 0:1239e9b70ca2 11365 chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
wolfSSL 0:1239e9b70ca2 11366 return err;
wolfSSL 0:1239e9b70ca2 11367 i += *outLen;
wolfSSL 0:1239e9b70ca2 11368
wolfSSL 0:1239e9b70ca2 11369 /* footer */
wolfSSL 0:1239e9b70ca2 11370 if ( (i + footerLen) > inLen)
wolfSSL 0:1239e9b70ca2 11371 return BAD_FUNC_ARG;
wolfSSL 0:1239e9b70ca2 11372 XMEMCPY(buf + i, footer, footerLen);
wolfSSL 0:1239e9b70ca2 11373 *outLen += headerLen + footerLen;
wolfSSL 0:1239e9b70ca2 11374
wolfSSL 0:1239e9b70ca2 11375 return SSL_SUCCESS;
wolfSSL 0:1239e9b70ca2 11376 }
wolfSSL 0:1239e9b70ca2 11377
wolfSSL 0:1239e9b70ca2 11378
wolfSSL 0:1239e9b70ca2 11379 /* get session ID */
wolfSSL 0:1239e9b70ca2 11380 const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
wolfSSL 0:1239e9b70ca2 11381 {
wolfSSL 0:1239e9b70ca2 11382 CYASSL_ENTER("CyaSSL_get_sessionID");
wolfSSL 0:1239e9b70ca2 11383 if (session)
wolfSSL 0:1239e9b70ca2 11384 return session->sessionID;
wolfSSL 0:1239e9b70ca2 11385
wolfSSL 0:1239e9b70ca2 11386 return NULL;
wolfSSL 0:1239e9b70ca2 11387 }
wolfSSL 0:1239e9b70ca2 11388
wolfSSL 0:1239e9b70ca2 11389
wolfSSL 0:1239e9b70ca2 11390 #endif /* SESSION_CERTS */
wolfSSL 0:1239e9b70ca2 11391
wolfSSL 0:1239e9b70ca2 11392
wolfSSL 0:1239e9b70ca2 11393 #ifndef NO_CERTS
wolfSSL 0:1239e9b70ca2 11394 #ifdef HAVE_PK_CALLBACKS
wolfSSL 0:1239e9b70ca2 11395
wolfSSL 0:1239e9b70ca2 11396 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 11397
wolfSSL 0:1239e9b70ca2 11398 void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX* ctx, CallbackEccSign cb)
wolfSSL 0:1239e9b70ca2 11399 {
wolfSSL 0:1239e9b70ca2 11400 if (ctx)
wolfSSL 0:1239e9b70ca2 11401 ctx->EccSignCb = cb;
wolfSSL 0:1239e9b70ca2 11402 }
wolfSSL 0:1239e9b70ca2 11403
wolfSSL 0:1239e9b70ca2 11404
wolfSSL 0:1239e9b70ca2 11405 void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11406 {
wolfSSL 0:1239e9b70ca2 11407 if (ssl)
wolfSSL 0:1239e9b70ca2 11408 ssl->EccSignCtx = ctx;
wolfSSL 0:1239e9b70ca2 11409 }
wolfSSL 0:1239e9b70ca2 11410
wolfSSL 0:1239e9b70ca2 11411
wolfSSL 0:1239e9b70ca2 11412 void* CyaSSL_GetEccSignCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11413 {
wolfSSL 0:1239e9b70ca2 11414 if (ssl)
wolfSSL 0:1239e9b70ca2 11415 return ssl->EccSignCtx;
wolfSSL 0:1239e9b70ca2 11416
wolfSSL 0:1239e9b70ca2 11417 return NULL;
wolfSSL 0:1239e9b70ca2 11418 }
wolfSSL 0:1239e9b70ca2 11419
wolfSSL 0:1239e9b70ca2 11420
wolfSSL 0:1239e9b70ca2 11421 void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX* ctx, CallbackEccVerify cb)
wolfSSL 0:1239e9b70ca2 11422 {
wolfSSL 0:1239e9b70ca2 11423 if (ctx)
wolfSSL 0:1239e9b70ca2 11424 ctx->EccVerifyCb = cb;
wolfSSL 0:1239e9b70ca2 11425 }
wolfSSL 0:1239e9b70ca2 11426
wolfSSL 0:1239e9b70ca2 11427
wolfSSL 0:1239e9b70ca2 11428 void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11429 {
wolfSSL 0:1239e9b70ca2 11430 if (ssl)
wolfSSL 0:1239e9b70ca2 11431 ssl->EccVerifyCtx = ctx;
wolfSSL 0:1239e9b70ca2 11432 }
wolfSSL 0:1239e9b70ca2 11433
wolfSSL 0:1239e9b70ca2 11434
wolfSSL 0:1239e9b70ca2 11435 void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11436 {
wolfSSL 0:1239e9b70ca2 11437 if (ssl)
wolfSSL 0:1239e9b70ca2 11438 return ssl->EccVerifyCtx;
wolfSSL 0:1239e9b70ca2 11439
wolfSSL 0:1239e9b70ca2 11440 return NULL;
wolfSSL 0:1239e9b70ca2 11441 }
wolfSSL 0:1239e9b70ca2 11442
wolfSSL 0:1239e9b70ca2 11443 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 11444
wolfSSL 0:1239e9b70ca2 11445 #ifndef NO_RSA
wolfSSL 0:1239e9b70ca2 11446
wolfSSL 0:1239e9b70ca2 11447 void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX* ctx, CallbackRsaSign cb)
wolfSSL 0:1239e9b70ca2 11448 {
wolfSSL 0:1239e9b70ca2 11449 if (ctx)
wolfSSL 0:1239e9b70ca2 11450 ctx->RsaSignCb = cb;
wolfSSL 0:1239e9b70ca2 11451 }
wolfSSL 0:1239e9b70ca2 11452
wolfSSL 0:1239e9b70ca2 11453
wolfSSL 0:1239e9b70ca2 11454 void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11455 {
wolfSSL 0:1239e9b70ca2 11456 if (ssl)
wolfSSL 0:1239e9b70ca2 11457 ssl->RsaSignCtx = ctx;
wolfSSL 0:1239e9b70ca2 11458 }
wolfSSL 0:1239e9b70ca2 11459
wolfSSL 0:1239e9b70ca2 11460
wolfSSL 0:1239e9b70ca2 11461 void* CyaSSL_GetRsaSignCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11462 {
wolfSSL 0:1239e9b70ca2 11463 if (ssl)
wolfSSL 0:1239e9b70ca2 11464 return ssl->RsaSignCtx;
wolfSSL 0:1239e9b70ca2 11465
wolfSSL 0:1239e9b70ca2 11466 return NULL;
wolfSSL 0:1239e9b70ca2 11467 }
wolfSSL 0:1239e9b70ca2 11468
wolfSSL 0:1239e9b70ca2 11469
wolfSSL 0:1239e9b70ca2 11470 void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX* ctx, CallbackRsaVerify cb)
wolfSSL 0:1239e9b70ca2 11471 {
wolfSSL 0:1239e9b70ca2 11472 if (ctx)
wolfSSL 0:1239e9b70ca2 11473 ctx->RsaVerifyCb = cb;
wolfSSL 0:1239e9b70ca2 11474 }
wolfSSL 0:1239e9b70ca2 11475
wolfSSL 0:1239e9b70ca2 11476
wolfSSL 0:1239e9b70ca2 11477 void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11478 {
wolfSSL 0:1239e9b70ca2 11479 if (ssl)
wolfSSL 0:1239e9b70ca2 11480 ssl->RsaVerifyCtx = ctx;
wolfSSL 0:1239e9b70ca2 11481 }
wolfSSL 0:1239e9b70ca2 11482
wolfSSL 0:1239e9b70ca2 11483
wolfSSL 0:1239e9b70ca2 11484 void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11485 {
wolfSSL 0:1239e9b70ca2 11486 if (ssl)
wolfSSL 0:1239e9b70ca2 11487 return ssl->RsaVerifyCtx;
wolfSSL 0:1239e9b70ca2 11488
wolfSSL 0:1239e9b70ca2 11489 return NULL;
wolfSSL 0:1239e9b70ca2 11490 }
wolfSSL 0:1239e9b70ca2 11491
wolfSSL 0:1239e9b70ca2 11492 void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX* ctx, CallbackRsaEnc cb)
wolfSSL 0:1239e9b70ca2 11493 {
wolfSSL 0:1239e9b70ca2 11494 if (ctx)
wolfSSL 0:1239e9b70ca2 11495 ctx->RsaEncCb = cb;
wolfSSL 0:1239e9b70ca2 11496 }
wolfSSL 0:1239e9b70ca2 11497
wolfSSL 0:1239e9b70ca2 11498
wolfSSL 0:1239e9b70ca2 11499 void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11500 {
wolfSSL 0:1239e9b70ca2 11501 if (ssl)
wolfSSL 0:1239e9b70ca2 11502 ssl->RsaEncCtx = ctx;
wolfSSL 0:1239e9b70ca2 11503 }
wolfSSL 0:1239e9b70ca2 11504
wolfSSL 0:1239e9b70ca2 11505
wolfSSL 0:1239e9b70ca2 11506 void* CyaSSL_GetRsaEncCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11507 {
wolfSSL 0:1239e9b70ca2 11508 if (ssl)
wolfSSL 0:1239e9b70ca2 11509 return ssl->RsaEncCtx;
wolfSSL 0:1239e9b70ca2 11510
wolfSSL 0:1239e9b70ca2 11511 return NULL;
wolfSSL 0:1239e9b70ca2 11512 }
wolfSSL 0:1239e9b70ca2 11513
wolfSSL 0:1239e9b70ca2 11514 void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX* ctx, CallbackRsaDec cb)
wolfSSL 0:1239e9b70ca2 11515 {
wolfSSL 0:1239e9b70ca2 11516 if (ctx)
wolfSSL 0:1239e9b70ca2 11517 ctx->RsaDecCb = cb;
wolfSSL 0:1239e9b70ca2 11518 }
wolfSSL 0:1239e9b70ca2 11519
wolfSSL 0:1239e9b70ca2 11520
wolfSSL 0:1239e9b70ca2 11521 void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx)
wolfSSL 0:1239e9b70ca2 11522 {
wolfSSL 0:1239e9b70ca2 11523 if (ssl)
wolfSSL 0:1239e9b70ca2 11524 ssl->RsaDecCtx = ctx;
wolfSSL 0:1239e9b70ca2 11525 }
wolfSSL 0:1239e9b70ca2 11526
wolfSSL 0:1239e9b70ca2 11527
wolfSSL 0:1239e9b70ca2 11528 void* CyaSSL_GetRsaDecCtx(CYASSL* ssl)
wolfSSL 0:1239e9b70ca2 11529 {
wolfSSL 0:1239e9b70ca2 11530 if (ssl)
wolfSSL 0:1239e9b70ca2 11531 return ssl->RsaDecCtx;
wolfSSL 0:1239e9b70ca2 11532
wolfSSL 0:1239e9b70ca2 11533 return NULL;
wolfSSL 0:1239e9b70ca2 11534 }
wolfSSL 0:1239e9b70ca2 11535
wolfSSL 0:1239e9b70ca2 11536
wolfSSL 0:1239e9b70ca2 11537 #endif /* NO_RSA */
wolfSSL 0:1239e9b70ca2 11538
wolfSSL 0:1239e9b70ca2 11539 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 0:1239e9b70ca2 11540 #endif /* NO_CERTS */
wolfSSL 0:1239e9b70ca2 11541
wolfSSL 0:1239e9b70ca2 11542
wolfSSL 0:1239e9b70ca2 11543 #ifdef CYASSL_HAVE_WOLFSCEP
wolfSSL 0:1239e9b70ca2 11544 /* Used by autoconf to see if wolfSCEP is available */
wolfSSL 0:1239e9b70ca2 11545 void CyaSSL_wolfSCEP(void) {}
wolfSSL 0:1239e9b70ca2 11546 #endif
wolfSSL 0:1239e9b70ca2 11547
wolfSSL 0:1239e9b70ca2 11548
wolfSSL 0:1239e9b70ca2 11549 #ifdef CYASSL_HAVE_CERT_SERVICE
wolfSSL 0:1239e9b70ca2 11550 /* Used by autoconf to see if cert service is available */
wolfSSL 0:1239e9b70ca2 11551 void CyaSSL_cert_service(void) {}
wolfSSL 0:1239e9b70ca2 11552 #endif
wolfSSL 0:1239e9b70ca2 11553
wolfSSL 0:1239e9b70ca2 11554