CyaSSL - Fork of CyaSSL for my specific settings

Users » d0773d » Code » CyaSSL

Fork of CyaSSL for my specific settings

src/internal.c@4:28ac50e1d49c, 2015-03-03 (annotated)

Committer:: d0773d
Date:: Tue Mar 03 22:52:52 2015 +0000
Revision:: 4:28ac50e1d49c
Parent:: 0:1239e9b70ca2

CyaSSL example

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	0:1239e9b70ca2	1	/* internal.c
wolfSSL	0:1239e9b70ca2	2	*
wolfSSL	0:1239e9b70ca2	3	* Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL	0:1239e9b70ca2	4	*
wolfSSL	0:1239e9b70ca2	5	* This file is part of CyaSSL.
wolfSSL	0:1239e9b70ca2	6	*
wolfSSL	0:1239e9b70ca2	7	* CyaSSL is free software; you can redistribute it and/or modify
wolfSSL	0:1239e9b70ca2	8	* it under the terms of the GNU General Public License as published by
wolfSSL	0:1239e9b70ca2	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	0:1239e9b70ca2	10	* (at your option) any later version.
wolfSSL	0:1239e9b70ca2	11	*
wolfSSL	0:1239e9b70ca2	12	* CyaSSL is distributed in the hope that it will be useful,
wolfSSL	0:1239e9b70ca2	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	0:1239e9b70ca2	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	0:1239e9b70ca2	15	* GNU General Public License for more details.
wolfSSL	0:1239e9b70ca2	16	*
wolfSSL	0:1239e9b70ca2	17	* You should have received a copy of the GNU General Public License
wolfSSL	0:1239e9b70ca2	18	* along with this program; if not, write to the Free Software
wolfSSL	0:1239e9b70ca2	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL	0:1239e9b70ca2	20	*/
wolfSSL	0:1239e9b70ca2	21
wolfSSL	0:1239e9b70ca2	22
wolfSSL	0:1239e9b70ca2	23	#ifdef HAVE_CONFIG_H
wolfSSL	0:1239e9b70ca2	24	#include <config.h>
wolfSSL	0:1239e9b70ca2	25	#endif
wolfSSL	0:1239e9b70ca2	26
wolfSSL	0:1239e9b70ca2	27	#include <cyassl/ctaocrypt/settings.h>
wolfSSL	0:1239e9b70ca2	28
wolfSSL	0:1239e9b70ca2	29	#include <cyassl/internal.h>
wolfSSL	0:1239e9b70ca2	30	#include <cyassl/error-ssl.h>
wolfSSL	0:1239e9b70ca2	31	#include <cyassl/ctaocrypt/asn.h>
wolfSSL	0:1239e9b70ca2	32
wolfSSL	0:1239e9b70ca2	33	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	34	#include "zlib.h"
wolfSSL	0:1239e9b70ca2	35	#endif
wolfSSL	0:1239e9b70ca2	36
wolfSSL	0:1239e9b70ca2	37	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	38	#include "crypto_ntru.h"
wolfSSL	0:1239e9b70ca2	39	#endif
wolfSSL	0:1239e9b70ca2	40
wolfSSL	0:1239e9b70ca2	41	#if defined(DEBUG_CYASSL) \|\| defined(SHOW_SECRETS)
wolfSSL	0:1239e9b70ca2	42	#ifdef FREESCALE_MQX
wolfSSL	0:1239e9b70ca2	43	#include <fio.h>
wolfSSL	0:1239e9b70ca2	44	#else
wolfSSL	0:1239e9b70ca2	45	#include <stdio.h>
wolfSSL	0:1239e9b70ca2	46	#endif
wolfSSL	0:1239e9b70ca2	47	#endif
wolfSSL	0:1239e9b70ca2	48
wolfSSL	0:1239e9b70ca2	49	#ifdef __sun
wolfSSL	0:1239e9b70ca2	50	#include <sys/filio.h>
wolfSSL	0:1239e9b70ca2	51	#endif
wolfSSL	0:1239e9b70ca2	52
wolfSSL	0:1239e9b70ca2	53	#ifndef TRUE
wolfSSL	0:1239e9b70ca2	54	#define TRUE 1
wolfSSL	0:1239e9b70ca2	55	#endif
wolfSSL	0:1239e9b70ca2	56	#ifndef FALSE
wolfSSL	0:1239e9b70ca2	57	#define FALSE 0
wolfSSL	0:1239e9b70ca2	58	#endif
wolfSSL	0:1239e9b70ca2	59
wolfSSL	0:1239e9b70ca2	60
wolfSSL	0:1239e9b70ca2	61	#if defined(OPENSSL_EXTRA) && defined(NO_DH)
wolfSSL	0:1239e9b70ca2	62	#error OPENSSL_EXTRA needs DH, please remove NO_DH
wolfSSL	0:1239e9b70ca2	63	#endif
wolfSSL	0:1239e9b70ca2	64
wolfSSL	0:1239e9b70ca2	65	#if defined(CYASSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS)
wolfSSL	0:1239e9b70ca2	66	#error \
wolfSSL	0:1239e9b70ca2	67	CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
wolfSSL	0:1239e9b70ca2	68	#endif
wolfSSL	0:1239e9b70ca2	69
wolfSSL	0:1239e9b70ca2	70
wolfSSL	0:1239e9b70ca2	71	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	72	static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*,
wolfSSL	0:1239e9b70ca2	73	word32);
wolfSSL	0:1239e9b70ca2	74	static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32);
wolfSSL	0:1239e9b70ca2	75	static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*,
wolfSSL	0:1239e9b70ca2	76	word32);
wolfSSL	0:1239e9b70ca2	77	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	78	static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*,
wolfSSL	0:1239e9b70ca2	79	word32);
wolfSSL	0:1239e9b70ca2	80	#endif
wolfSSL	0:1239e9b70ca2	81	#endif
wolfSSL	0:1239e9b70ca2	82
wolfSSL	0:1239e9b70ca2	83
wolfSSL	0:1239e9b70ca2	84	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	85	static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32);
wolfSSL	0:1239e9b70ca2	86	static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32);
wolfSSL	0:1239e9b70ca2	87	#if !defined(NO_RSA) \|\| defined(HAVE_ECC)
wolfSSL	0:1239e9b70ca2	88	static int DoCertificateVerify(CYASSL* ssl, byte, word32, word32);
wolfSSL	0:1239e9b70ca2	89	#endif
wolfSSL	0:1239e9b70ca2	90	#endif
wolfSSL	0:1239e9b70ca2	91
wolfSSL	0:1239e9b70ca2	92
wolfSSL	0:1239e9b70ca2	93	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	94	static INLINE int DtlsCheckWindow(DtlsState* state);
wolfSSL	0:1239e9b70ca2	95	static INLINE int DtlsUpdateWindow(DtlsState* state);
wolfSSL	0:1239e9b70ca2	96	#endif
wolfSSL	0:1239e9b70ca2	97
wolfSSL	0:1239e9b70ca2	98
wolfSSL	0:1239e9b70ca2	99	typedef enum {
wolfSSL	0:1239e9b70ca2	100	doProcessInit = 0,
wolfSSL	0:1239e9b70ca2	101	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	102	runProcessOldClientHello,
wolfSSL	0:1239e9b70ca2	103	#endif
wolfSSL	0:1239e9b70ca2	104	getRecordLayerHeader,
wolfSSL	0:1239e9b70ca2	105	getData,
wolfSSL	0:1239e9b70ca2	106	runProcessingOneMessage
wolfSSL	0:1239e9b70ca2	107	} processReply;
wolfSSL	0:1239e9b70ca2	108
wolfSSL	0:1239e9b70ca2	109	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	110	static int SSL_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL	0:1239e9b70ca2	111	int content, int verify);
wolfSSL	0:1239e9b70ca2	112
wolfSSL	0:1239e9b70ca2	113	#endif
wolfSSL	0:1239e9b70ca2	114
wolfSSL	0:1239e9b70ca2	115	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	116	static int BuildCertHashes(CYASSL* ssl, Hashes* hashes);
wolfSSL	0:1239e9b70ca2	117	#endif
wolfSSL	0:1239e9b70ca2	118
wolfSSL	0:1239e9b70ca2	119	static void PickHashSigAlgo(CYASSL* ssl,
wolfSSL	0:1239e9b70ca2	120	const byte* hashSigAlgo, word32 hashSigAlgoSz);
wolfSSL	0:1239e9b70ca2	121
wolfSSL	0:1239e9b70ca2	122	#ifndef min
wolfSSL	0:1239e9b70ca2	123
wolfSSL	0:1239e9b70ca2	124	static INLINE word32 min(word32 a, word32 b)
wolfSSL	0:1239e9b70ca2	125	{
wolfSSL	0:1239e9b70ca2	126	return a > b ? b : a;
wolfSSL	0:1239e9b70ca2	127	}
wolfSSL	0:1239e9b70ca2	128
wolfSSL	0:1239e9b70ca2	129	#endif /* min */
wolfSSL	0:1239e9b70ca2	130
wolfSSL	0:1239e9b70ca2	131
wolfSSL	0:1239e9b70ca2	132	int IsTLS(const CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	133	{
wolfSSL	0:1239e9b70ca2	134	if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
wolfSSL	0:1239e9b70ca2	135	return 1;
wolfSSL	0:1239e9b70ca2	136
wolfSSL	0:1239e9b70ca2	137	return 0;
wolfSSL	0:1239e9b70ca2	138	}
wolfSSL	0:1239e9b70ca2	139
wolfSSL	0:1239e9b70ca2	140
wolfSSL	0:1239e9b70ca2	141	int IsAtLeastTLSv1_2(const CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	142	{
wolfSSL	0:1239e9b70ca2	143	if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
wolfSSL	0:1239e9b70ca2	144	return 1;
wolfSSL	0:1239e9b70ca2	145	if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR)
wolfSSL	0:1239e9b70ca2	146	return 1;
wolfSSL	0:1239e9b70ca2	147
wolfSSL	0:1239e9b70ca2	148	return 0;
wolfSSL	0:1239e9b70ca2	149	}
wolfSSL	0:1239e9b70ca2	150
wolfSSL	0:1239e9b70ca2	151
wolfSSL	0:1239e9b70ca2	152	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	153
wolfSSL	0:1239e9b70ca2	154	static byte GetEntropy(ENTROPY_CMD cmd, byte* out)
wolfSSL	0:1239e9b70ca2	155	{
wolfSSL	0:1239e9b70ca2	156	/* TODO: add locking? */
wolfSSL	0:1239e9b70ca2	157	static RNG rng;
wolfSSL	0:1239e9b70ca2	158
wolfSSL	0:1239e9b70ca2	159	if (cmd == INIT)
wolfSSL	0:1239e9b70ca2	160	return (InitRng(&rng) == 0) ? 1 : 0;
wolfSSL	0:1239e9b70ca2	161
wolfSSL	0:1239e9b70ca2	162	if (out == NULL)
wolfSSL	0:1239e9b70ca2	163	return 0;
wolfSSL	0:1239e9b70ca2	164
wolfSSL	0:1239e9b70ca2	165	if (cmd == GET_BYTE_OF_ENTROPY)
wolfSSL	0:1239e9b70ca2	166	return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
wolfSSL	0:1239e9b70ca2	167
wolfSSL	0:1239e9b70ca2	168	if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
wolfSSL	0:1239e9b70ca2	169	*out = 1;
wolfSSL	0:1239e9b70ca2	170	return 1;
wolfSSL	0:1239e9b70ca2	171	}
wolfSSL	0:1239e9b70ca2	172
wolfSSL	0:1239e9b70ca2	173	return 0;
wolfSSL	0:1239e9b70ca2	174	}
wolfSSL	0:1239e9b70ca2	175
wolfSSL	0:1239e9b70ca2	176	#endif /* HAVE_NTRU */
wolfSSL	0:1239e9b70ca2	177
wolfSSL	0:1239e9b70ca2	178	/* used by ssl.c too */
wolfSSL	0:1239e9b70ca2	179	void c32to24(word32 in, word24 out)
wolfSSL	0:1239e9b70ca2	180	{
wolfSSL	0:1239e9b70ca2	181	out[0] = (in >> 16) & 0xff;
wolfSSL	0:1239e9b70ca2	182	out[1] = (in >> 8) & 0xff;
wolfSSL	0:1239e9b70ca2	183	out[2] = in & 0xff;
wolfSSL	0:1239e9b70ca2	184	}
wolfSSL	0:1239e9b70ca2	185
wolfSSL	0:1239e9b70ca2	186
wolfSSL	0:1239e9b70ca2	187	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	188
wolfSSL	0:1239e9b70ca2	189	static INLINE void c32to48(word32 in, byte out[6])
wolfSSL	0:1239e9b70ca2	190	{
wolfSSL	0:1239e9b70ca2	191	out[0] = 0;
wolfSSL	0:1239e9b70ca2	192	out[1] = 0;
wolfSSL	0:1239e9b70ca2	193	out[2] = (in >> 24) & 0xff;
wolfSSL	0:1239e9b70ca2	194	out[3] = (in >> 16) & 0xff;
wolfSSL	0:1239e9b70ca2	195	out[4] = (in >> 8) & 0xff;
wolfSSL	0:1239e9b70ca2	196	out[5] = in & 0xff;
wolfSSL	0:1239e9b70ca2	197	}
wolfSSL	0:1239e9b70ca2	198
wolfSSL	0:1239e9b70ca2	199	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	200
wolfSSL	0:1239e9b70ca2	201
wolfSSL	0:1239e9b70ca2	202	/* convert 16 bit integer to opaque */
wolfSSL	0:1239e9b70ca2	203	static INLINE void c16toa(word16 u16, byte* c)
wolfSSL	0:1239e9b70ca2	204	{
wolfSSL	0:1239e9b70ca2	205	c[0] = (u16 >> 8) & 0xff;
wolfSSL	0:1239e9b70ca2	206	c[1] = u16 & 0xff;
wolfSSL	0:1239e9b70ca2	207	}
wolfSSL	0:1239e9b70ca2	208
wolfSSL	0:1239e9b70ca2	209
wolfSSL	0:1239e9b70ca2	210	/* convert 32 bit integer to opaque */
wolfSSL	0:1239e9b70ca2	211	static INLINE void c32toa(word32 u32, byte* c)
wolfSSL	0:1239e9b70ca2	212	{
wolfSSL	0:1239e9b70ca2	213	c[0] = (u32 >> 24) & 0xff;
wolfSSL	0:1239e9b70ca2	214	c[1] = (u32 >> 16) & 0xff;
wolfSSL	0:1239e9b70ca2	215	c[2] = (u32 >> 8) & 0xff;
wolfSSL	0:1239e9b70ca2	216	c[3] = u32 & 0xff;
wolfSSL	0:1239e9b70ca2	217	}
wolfSSL	0:1239e9b70ca2	218
wolfSSL	0:1239e9b70ca2	219
wolfSSL	0:1239e9b70ca2	220	/* convert a 24 bit integer into a 32 bit one */
wolfSSL	0:1239e9b70ca2	221	static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL	0:1239e9b70ca2	222	{
wolfSSL	0:1239e9b70ca2	223	*u32 = (u24[0] << 16) \| (u24[1] << 8) \| u24[2];
wolfSSL	0:1239e9b70ca2	224	}
wolfSSL	0:1239e9b70ca2	225
wolfSSL	0:1239e9b70ca2	226
wolfSSL	0:1239e9b70ca2	227	/* convert opaque to 16 bit integer */
wolfSSL	0:1239e9b70ca2	228	static INLINE void ato16(const byte* c, word16* u16)
wolfSSL	0:1239e9b70ca2	229	{
wolfSSL	0:1239e9b70ca2	230	*u16 = (word16) ((c[0] << 8) \| (c[1]));
wolfSSL	0:1239e9b70ca2	231	}
wolfSSL	0:1239e9b70ca2	232
wolfSSL	0:1239e9b70ca2	233
wolfSSL	0:1239e9b70ca2	234	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	235
wolfSSL	0:1239e9b70ca2	236	/* convert opaque to 32 bit integer */
wolfSSL	0:1239e9b70ca2	237	static INLINE void ato32(const byte* c, word32* u32)
wolfSSL	0:1239e9b70ca2	238	{
wolfSSL	0:1239e9b70ca2	239	*u32 = (c[0] << 24) \| (c[1] << 16) \| (c[2] << 8) \| c[3];
wolfSSL	0:1239e9b70ca2	240	}
wolfSSL	0:1239e9b70ca2	241
wolfSSL	0:1239e9b70ca2	242	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	243
wolfSSL	0:1239e9b70ca2	244
wolfSSL	0:1239e9b70ca2	245	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	246
wolfSSL	0:1239e9b70ca2	247	/* alloc user allocs to work with zlib */
wolfSSL	0:1239e9b70ca2	248	static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
wolfSSL	0:1239e9b70ca2	249	{
wolfSSL	0:1239e9b70ca2	250	(void)opaque;
wolfSSL	0:1239e9b70ca2	251	return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL	0:1239e9b70ca2	252	}
wolfSSL	0:1239e9b70ca2	253
wolfSSL	0:1239e9b70ca2	254
wolfSSL	0:1239e9b70ca2	255	static void myFree(void* opaque, void* memory)
wolfSSL	0:1239e9b70ca2	256	{
wolfSSL	0:1239e9b70ca2	257	(void)opaque;
wolfSSL	0:1239e9b70ca2	258	XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL	0:1239e9b70ca2	259	}
wolfSSL	0:1239e9b70ca2	260
wolfSSL	0:1239e9b70ca2	261
wolfSSL	0:1239e9b70ca2	262	/* init zlib comp/decomp streams, 0 on success */
wolfSSL	0:1239e9b70ca2	263	static int InitStreams(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	264	{
wolfSSL	0:1239e9b70ca2	265	ssl->c_stream.zalloc = (alloc_func)myAlloc;
wolfSSL	0:1239e9b70ca2	266	ssl->c_stream.zfree = (free_func)myFree;
wolfSSL	0:1239e9b70ca2	267	ssl->c_stream.opaque = (voidpf)ssl->heap;
wolfSSL	0:1239e9b70ca2	268
wolfSSL	0:1239e9b70ca2	269	if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK)
wolfSSL	0:1239e9b70ca2	270	return ZLIB_INIT_ERROR;
wolfSSL	0:1239e9b70ca2	271
wolfSSL	0:1239e9b70ca2	272	ssl->didStreamInit = 1;
wolfSSL	0:1239e9b70ca2	273
wolfSSL	0:1239e9b70ca2	274	ssl->d_stream.zalloc = (alloc_func)myAlloc;
wolfSSL	0:1239e9b70ca2	275	ssl->d_stream.zfree = (free_func)myFree;
wolfSSL	0:1239e9b70ca2	276	ssl->d_stream.opaque = (voidpf)ssl->heap;
wolfSSL	0:1239e9b70ca2	277
wolfSSL	0:1239e9b70ca2	278	if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR;
wolfSSL	0:1239e9b70ca2	279
wolfSSL	0:1239e9b70ca2	280	return 0;
wolfSSL	0:1239e9b70ca2	281	}
wolfSSL	0:1239e9b70ca2	282
wolfSSL	0:1239e9b70ca2	283
wolfSSL	0:1239e9b70ca2	284	static void FreeStreams(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	285	{
wolfSSL	0:1239e9b70ca2	286	if (ssl->didStreamInit) {
wolfSSL	0:1239e9b70ca2	287	deflateEnd(&ssl->c_stream);
wolfSSL	0:1239e9b70ca2	288	inflateEnd(&ssl->d_stream);
wolfSSL	0:1239e9b70ca2	289	}
wolfSSL	0:1239e9b70ca2	290	}
wolfSSL	0:1239e9b70ca2	291
wolfSSL	0:1239e9b70ca2	292
wolfSSL	0:1239e9b70ca2	293	/* compress in to out, return out size or error */
wolfSSL	0:1239e9b70ca2	294	static int myCompress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz)
wolfSSL	0:1239e9b70ca2	295	{
wolfSSL	0:1239e9b70ca2	296	int err;
wolfSSL	0:1239e9b70ca2	297	int currTotal = (int)ssl->c_stream.total_out;
wolfSSL	0:1239e9b70ca2	298
wolfSSL	0:1239e9b70ca2	299	ssl->c_stream.next_in = in;
wolfSSL	0:1239e9b70ca2	300	ssl->c_stream.avail_in = inSz;
wolfSSL	0:1239e9b70ca2	301	ssl->c_stream.next_out = out;
wolfSSL	0:1239e9b70ca2	302	ssl->c_stream.avail_out = outSz;
wolfSSL	0:1239e9b70ca2	303
wolfSSL	0:1239e9b70ca2	304	err = deflate(&ssl->c_stream, Z_SYNC_FLUSH);
wolfSSL	0:1239e9b70ca2	305	if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR;
wolfSSL	0:1239e9b70ca2	306
wolfSSL	0:1239e9b70ca2	307	return (int)ssl->c_stream.total_out - currTotal;
wolfSSL	0:1239e9b70ca2	308	}
wolfSSL	0:1239e9b70ca2	309
wolfSSL	0:1239e9b70ca2	310
wolfSSL	0:1239e9b70ca2	311	/* decompress in to out, returnn out size or error */
wolfSSL	0:1239e9b70ca2	312	static int myDeCompress(CYASSL* ssl, byte* in,int inSz, byte* out,int outSz)
wolfSSL	0:1239e9b70ca2	313	{
wolfSSL	0:1239e9b70ca2	314	int err;
wolfSSL	0:1239e9b70ca2	315	int currTotal = (int)ssl->d_stream.total_out;
wolfSSL	0:1239e9b70ca2	316
wolfSSL	0:1239e9b70ca2	317	ssl->d_stream.next_in = in;
wolfSSL	0:1239e9b70ca2	318	ssl->d_stream.avail_in = inSz;
wolfSSL	0:1239e9b70ca2	319	ssl->d_stream.next_out = out;
wolfSSL	0:1239e9b70ca2	320	ssl->d_stream.avail_out = outSz;
wolfSSL	0:1239e9b70ca2	321
wolfSSL	0:1239e9b70ca2	322	err = inflate(&ssl->d_stream, Z_SYNC_FLUSH);
wolfSSL	0:1239e9b70ca2	323	if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR;
wolfSSL	0:1239e9b70ca2	324
wolfSSL	0:1239e9b70ca2	325	return (int)ssl->d_stream.total_out - currTotal;
wolfSSL	0:1239e9b70ca2	326	}
wolfSSL	0:1239e9b70ca2	327
wolfSSL	0:1239e9b70ca2	328	#endif /* HAVE_LIBZ */
wolfSSL	0:1239e9b70ca2	329
wolfSSL	0:1239e9b70ca2	330
wolfSSL	0:1239e9b70ca2	331	void InitSSL_Method(CYASSL_METHOD* method, ProtocolVersion pv)
wolfSSL	0:1239e9b70ca2	332	{
wolfSSL	0:1239e9b70ca2	333	method->version = pv;
wolfSSL	0:1239e9b70ca2	334	method->side = CYASSL_CLIENT_END;
wolfSSL	0:1239e9b70ca2	335	method->downgrade = 0;
wolfSSL	0:1239e9b70ca2	336	}
wolfSSL	0:1239e9b70ca2	337
wolfSSL	0:1239e9b70ca2	338
wolfSSL	0:1239e9b70ca2	339	/* Initialze SSL context, return 0 on success */
wolfSSL	0:1239e9b70ca2	340	int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
wolfSSL	0:1239e9b70ca2	341	{
wolfSSL	0:1239e9b70ca2	342	ctx->method = method;
wolfSSL	0:1239e9b70ca2	343	ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
wolfSSL	0:1239e9b70ca2	344	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	345	ctx->certificate.buffer = 0;
wolfSSL	0:1239e9b70ca2	346	ctx->certChain.buffer = 0;
wolfSSL	0:1239e9b70ca2	347	ctx->privateKey.buffer = 0;
wolfSSL	0:1239e9b70ca2	348	ctx->serverDH_P.buffer = 0;
wolfSSL	0:1239e9b70ca2	349	ctx->serverDH_G.buffer = 0;
wolfSSL	0:1239e9b70ca2	350	#endif
wolfSSL	0:1239e9b70ca2	351	ctx->haveDH = 0;
wolfSSL	0:1239e9b70ca2	352	ctx->haveNTRU = 0; /* start off */
wolfSSL	0:1239e9b70ca2	353	ctx->haveECDSAsig = 0; /* start off */
wolfSSL	0:1239e9b70ca2	354	ctx->haveStaticECC = 0; /* start off */
wolfSSL	0:1239e9b70ca2	355	ctx->heap = ctx; /* defaults to self */
wolfSSL	0:1239e9b70ca2	356	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	357	ctx->havePSK = 0;
wolfSSL	0:1239e9b70ca2	358	ctx->server_hint[0] = 0;
wolfSSL	0:1239e9b70ca2	359	ctx->client_psk_cb = 0;
wolfSSL	0:1239e9b70ca2	360	ctx->server_psk_cb = 0;
wolfSSL	0:1239e9b70ca2	361	#endif /* NO_PSK */
wolfSSL	0:1239e9b70ca2	362	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	363	ctx->eccTempKeySz = ECDHE_SIZE;
wolfSSL	0:1239e9b70ca2	364	#endif
wolfSSL	0:1239e9b70ca2	365
wolfSSL	0:1239e9b70ca2	366	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	0:1239e9b70ca2	367	ctx->passwd_cb = 0;
wolfSSL	0:1239e9b70ca2	368	ctx->userdata = 0;
wolfSSL	0:1239e9b70ca2	369	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	370
wolfSSL	0:1239e9b70ca2	371	ctx->timeout = DEFAULT_TIMEOUT;
wolfSSL	0:1239e9b70ca2	372
wolfSSL	0:1239e9b70ca2	373	#ifndef CYASSL_USER_IO
wolfSSL	0:1239e9b70ca2	374	ctx->CBIORecv = EmbedReceive;
wolfSSL	0:1239e9b70ca2	375	ctx->CBIOSend = EmbedSend;
wolfSSL	0:1239e9b70ca2	376	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	377	if (method->version.major == DTLS_MAJOR) {
wolfSSL	0:1239e9b70ca2	378	ctx->CBIORecv = EmbedReceiveFrom;
wolfSSL	0:1239e9b70ca2	379	ctx->CBIOSend = EmbedSendTo;
wolfSSL	0:1239e9b70ca2	380	ctx->CBIOCookie = EmbedGenerateCookie;
wolfSSL	0:1239e9b70ca2	381	}
wolfSSL	0:1239e9b70ca2	382	#endif
wolfSSL	0:1239e9b70ca2	383	#else
wolfSSL	0:1239e9b70ca2	384	/* user will set */
wolfSSL	0:1239e9b70ca2	385	ctx->CBIORecv = NULL;
wolfSSL	0:1239e9b70ca2	386	ctx->CBIOSend = NULL;
wolfSSL	0:1239e9b70ca2	387	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	388	ctx->CBIOCookie = NULL;
wolfSSL	0:1239e9b70ca2	389	#endif
wolfSSL	0:1239e9b70ca2	390	#endif /* CYASSL_USER_IO */
wolfSSL	0:1239e9b70ca2	391	#ifdef HAVE_NETX
wolfSSL	0:1239e9b70ca2	392	ctx->CBIORecv = NetX_Receive;
wolfSSL	0:1239e9b70ca2	393	ctx->CBIOSend = NetX_Send;
wolfSSL	0:1239e9b70ca2	394	#endif
wolfSSL	0:1239e9b70ca2	395	ctx->partialWrite = 0;
wolfSSL	0:1239e9b70ca2	396	ctx->verifyCallback = 0;
wolfSSL	0:1239e9b70ca2	397
wolfSSL	0:1239e9b70ca2	398	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	399	ctx->cm = CyaSSL_CertManagerNew();
wolfSSL	0:1239e9b70ca2	400	#endif
wolfSSL	0:1239e9b70ca2	401	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	402	if (method->side == CYASSL_CLIENT_END)
wolfSSL	0:1239e9b70ca2	403	ctx->haveNTRU = 1; /* always on cliet side */
wolfSSL	0:1239e9b70ca2	404	/* server can turn on by loading key */
wolfSSL	0:1239e9b70ca2	405	#endif
wolfSSL	0:1239e9b70ca2	406	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	407	if (method->side == CYASSL_CLIENT_END) {
wolfSSL	0:1239e9b70ca2	408	ctx->haveECDSAsig = 1; /* always on cliet side */
wolfSSL	0:1239e9b70ca2	409	ctx->haveStaticECC = 1; /* server can turn on by loading key */
wolfSSL	0:1239e9b70ca2	410	}
wolfSSL	0:1239e9b70ca2	411	#endif
wolfSSL	0:1239e9b70ca2	412	ctx->suites.setSuites = 0; /* user hasn't set yet */
wolfSSL	0:1239e9b70ca2	413	/* remove DH later if server didn't set, add psk later */
wolfSSL	0:1239e9b70ca2	414	InitSuites(&ctx->suites, method->version, TRUE, FALSE, TRUE, ctx->haveNTRU,
wolfSSL	0:1239e9b70ca2	415	ctx->haveECDSAsig, ctx->haveStaticECC, method->side);
wolfSSL	0:1239e9b70ca2	416	ctx->verifyPeer = 0;
wolfSSL	0:1239e9b70ca2	417	ctx->verifyNone = 0;
wolfSSL	0:1239e9b70ca2	418	ctx->failNoCert = 0;
wolfSSL	0:1239e9b70ca2	419	ctx->sessionCacheOff = 0; /* initially on */
wolfSSL	0:1239e9b70ca2	420	ctx->sessionCacheFlushOff = 0; /* initially on */
wolfSSL	0:1239e9b70ca2	421	ctx->sendVerify = 0;
wolfSSL	0:1239e9b70ca2	422	ctx->quietShutdown = 0;
wolfSSL	0:1239e9b70ca2	423	ctx->groupMessages = 0;
wolfSSL	0:1239e9b70ca2	424	#ifdef HAVE_CAVIUM
wolfSSL	0:1239e9b70ca2	425	ctx->devId = NO_CAVIUM_DEVICE;
wolfSSL	0:1239e9b70ca2	426	#endif
wolfSSL	0:1239e9b70ca2	427	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	428	ctx->extensions = NULL;
wolfSSL	0:1239e9b70ca2	429	#endif
wolfSSL	0:1239e9b70ca2	430	#ifdef ATOMIC_USER
wolfSSL	0:1239e9b70ca2	431	ctx->MacEncryptCb = NULL;
wolfSSL	0:1239e9b70ca2	432	ctx->DecryptVerifyCb = NULL;
wolfSSL	0:1239e9b70ca2	433	#endif
wolfSSL	0:1239e9b70ca2	434	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	435	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	436	ctx->EccSignCb = NULL;
wolfSSL	0:1239e9b70ca2	437	ctx->EccVerifyCb = NULL;
wolfSSL	0:1239e9b70ca2	438	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	439	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	440	ctx->RsaSignCb = NULL;
wolfSSL	0:1239e9b70ca2	441	ctx->RsaVerifyCb = NULL;
wolfSSL	0:1239e9b70ca2	442	ctx->RsaEncCb = NULL;
wolfSSL	0:1239e9b70ca2	443	ctx->RsaDecCb = NULL;
wolfSSL	0:1239e9b70ca2	444	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	445	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	0:1239e9b70ca2	446
wolfSSL	0:1239e9b70ca2	447	if (InitMutex(&ctx->countMutex) < 0) {
wolfSSL	0:1239e9b70ca2	448	CYASSL_MSG("Mutex error on CTX init");
wolfSSL	0:1239e9b70ca2	449	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	450	}
wolfSSL	0:1239e9b70ca2	451	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	452	if (ctx->cm == NULL) {
wolfSSL	0:1239e9b70ca2	453	CYASSL_MSG("Bad Cert Manager New");
wolfSSL	0:1239e9b70ca2	454	return BAD_CERT_MANAGER_ERROR;
wolfSSL	0:1239e9b70ca2	455	}
wolfSSL	0:1239e9b70ca2	456	#endif
wolfSSL	0:1239e9b70ca2	457	return 0;
wolfSSL	0:1239e9b70ca2	458	}
wolfSSL	0:1239e9b70ca2	459
wolfSSL	0:1239e9b70ca2	460
wolfSSL	0:1239e9b70ca2	461	/* In case contexts are held in array and don't want to free actual ctx */
wolfSSL	0:1239e9b70ca2	462	void SSL_CtxResourceFree(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	463	{
wolfSSL	0:1239e9b70ca2	464	XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	465
wolfSSL	0:1239e9b70ca2	466	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	467	XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	468	XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	469	XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
wolfSSL	0:1239e9b70ca2	470	XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	471	XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	472	CyaSSL_CertManagerFree(ctx->cm);
wolfSSL	0:1239e9b70ca2	473	#endif
wolfSSL	0:1239e9b70ca2	474	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	475	TLSX_FreeAll(ctx->extensions);
wolfSSL	0:1239e9b70ca2	476	#endif
wolfSSL	0:1239e9b70ca2	477	}
wolfSSL	0:1239e9b70ca2	478
wolfSSL	0:1239e9b70ca2	479
wolfSSL	0:1239e9b70ca2	480	void FreeSSL_Ctx(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	481	{
wolfSSL	0:1239e9b70ca2	482	int doFree = 0;
wolfSSL	0:1239e9b70ca2	483
wolfSSL	0:1239e9b70ca2	484	if (LockMutex(&ctx->countMutex) != 0) {
wolfSSL	0:1239e9b70ca2	485	CYASSL_MSG("Couldn't lock count mutex");
wolfSSL	0:1239e9b70ca2	486	return;
wolfSSL	0:1239e9b70ca2	487	}
wolfSSL	0:1239e9b70ca2	488	ctx->refCount--;
wolfSSL	0:1239e9b70ca2	489	if (ctx->refCount == 0)
wolfSSL	0:1239e9b70ca2	490	doFree = 1;
wolfSSL	0:1239e9b70ca2	491	UnLockMutex(&ctx->countMutex);
wolfSSL	0:1239e9b70ca2	492
wolfSSL	0:1239e9b70ca2	493	if (doFree) {
wolfSSL	0:1239e9b70ca2	494	CYASSL_MSG("CTX ref count down to 0, doing full free");
wolfSSL	0:1239e9b70ca2	495	SSL_CtxResourceFree(ctx);
wolfSSL	0:1239e9b70ca2	496	FreeMutex(&ctx->countMutex);
wolfSSL	0:1239e9b70ca2	497	XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
wolfSSL	0:1239e9b70ca2	498	}
wolfSSL	0:1239e9b70ca2	499	else {
wolfSSL	0:1239e9b70ca2	500	(void)ctx;
wolfSSL	0:1239e9b70ca2	501	CYASSL_MSG("CTX ref count not 0 yet, no free");
wolfSSL	0:1239e9b70ca2	502	}
wolfSSL	0:1239e9b70ca2	503	}
wolfSSL	0:1239e9b70ca2	504
wolfSSL	0:1239e9b70ca2	505
wolfSSL	0:1239e9b70ca2	506	/* Set cipher pointers to null */
wolfSSL	0:1239e9b70ca2	507	void InitCiphers(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	508	{
wolfSSL	0:1239e9b70ca2	509	#ifdef BUILD_ARC4
wolfSSL	0:1239e9b70ca2	510	ssl->encrypt.arc4 = NULL;
wolfSSL	0:1239e9b70ca2	511	ssl->decrypt.arc4 = NULL;
wolfSSL	0:1239e9b70ca2	512	#endif
wolfSSL	0:1239e9b70ca2	513	#ifdef BUILD_DES3
wolfSSL	0:1239e9b70ca2	514	ssl->encrypt.des3 = NULL;
wolfSSL	0:1239e9b70ca2	515	ssl->decrypt.des3 = NULL;
wolfSSL	0:1239e9b70ca2	516	#endif
wolfSSL	0:1239e9b70ca2	517	#ifdef BUILD_AES
wolfSSL	0:1239e9b70ca2	518	ssl->encrypt.aes = NULL;
wolfSSL	0:1239e9b70ca2	519	ssl->decrypt.aes = NULL;
wolfSSL	0:1239e9b70ca2	520	#endif
wolfSSL	0:1239e9b70ca2	521	#ifdef HAVE_CAMELLIA
wolfSSL	0:1239e9b70ca2	522	ssl->encrypt.cam = NULL;
wolfSSL	0:1239e9b70ca2	523	ssl->decrypt.cam = NULL;
wolfSSL	0:1239e9b70ca2	524	#endif
wolfSSL	0:1239e9b70ca2	525	#ifdef HAVE_HC128
wolfSSL	0:1239e9b70ca2	526	ssl->encrypt.hc128 = NULL;
wolfSSL	0:1239e9b70ca2	527	ssl->decrypt.hc128 = NULL;
wolfSSL	0:1239e9b70ca2	528	#endif
wolfSSL	0:1239e9b70ca2	529	#ifdef BUILD_RABBIT
wolfSSL	0:1239e9b70ca2	530	ssl->encrypt.rabbit = NULL;
wolfSSL	0:1239e9b70ca2	531	ssl->decrypt.rabbit = NULL;
wolfSSL	0:1239e9b70ca2	532	#endif
wolfSSL	0:1239e9b70ca2	533	ssl->encrypt.setup = 0;
wolfSSL	0:1239e9b70ca2	534	ssl->decrypt.setup = 0;
wolfSSL	0:1239e9b70ca2	535	}
wolfSSL	0:1239e9b70ca2	536
wolfSSL	0:1239e9b70ca2	537
wolfSSL	0:1239e9b70ca2	538	/* Free ciphers */
wolfSSL	0:1239e9b70ca2	539	void FreeCiphers(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	540	{
wolfSSL	0:1239e9b70ca2	541	(void)ssl;
wolfSSL	0:1239e9b70ca2	542	#ifdef BUILD_ARC4
wolfSSL	0:1239e9b70ca2	543	#ifdef HAVE_CAVIUM
wolfSSL	0:1239e9b70ca2	544	if (ssl->devId != NO_CAVIUM_DEVICE) {
wolfSSL	0:1239e9b70ca2	545	Arc4FreeCavium(ssl->encrypt.arc4);
wolfSSL	0:1239e9b70ca2	546	Arc4FreeCavium(ssl->decrypt.arc4);
wolfSSL	0:1239e9b70ca2	547	}
wolfSSL	0:1239e9b70ca2	548	#endif
wolfSSL	0:1239e9b70ca2	549	XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	550	XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	551	#endif
wolfSSL	0:1239e9b70ca2	552	#ifdef BUILD_DES3
wolfSSL	0:1239e9b70ca2	553	#ifdef HAVE_CAVIUM
wolfSSL	0:1239e9b70ca2	554	if (ssl->devId != NO_CAVIUM_DEVICE) {
wolfSSL	0:1239e9b70ca2	555	Des3_FreeCavium(ssl->encrypt.des3);
wolfSSL	0:1239e9b70ca2	556	Des3_FreeCavium(ssl->decrypt.des3);
wolfSSL	0:1239e9b70ca2	557	}
wolfSSL	0:1239e9b70ca2	558	#endif
wolfSSL	0:1239e9b70ca2	559	XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	560	XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	561	#endif
wolfSSL	0:1239e9b70ca2	562	#ifdef BUILD_AES
wolfSSL	0:1239e9b70ca2	563	#ifdef HAVE_CAVIUM
wolfSSL	0:1239e9b70ca2	564	if (ssl->devId != NO_CAVIUM_DEVICE) {
wolfSSL	0:1239e9b70ca2	565	AesFreeCavium(ssl->encrypt.aes);
wolfSSL	0:1239e9b70ca2	566	AesFreeCavium(ssl->decrypt.aes);
wolfSSL	0:1239e9b70ca2	567	}
wolfSSL	0:1239e9b70ca2	568	#endif
wolfSSL	0:1239e9b70ca2	569	XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	570	XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	571	#endif
wolfSSL	0:1239e9b70ca2	572	#ifdef HAVE_CAMELLIA
wolfSSL	0:1239e9b70ca2	573	XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	574	XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	575	#endif
wolfSSL	0:1239e9b70ca2	576	#ifdef HAVE_HC128
wolfSSL	0:1239e9b70ca2	577	XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	578	XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	579	#endif
wolfSSL	0:1239e9b70ca2	580	#ifdef BUILD_RABBIT
wolfSSL	0:1239e9b70ca2	581	XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	582	XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL	0:1239e9b70ca2	583	#endif
wolfSSL	0:1239e9b70ca2	584	}
wolfSSL	0:1239e9b70ca2	585
wolfSSL	0:1239e9b70ca2	586
wolfSSL	0:1239e9b70ca2	587	void InitCipherSpecs(CipherSpecs* cs)
wolfSSL	0:1239e9b70ca2	588	{
wolfSSL	0:1239e9b70ca2	589	cs->bulk_cipher_algorithm = INVALID_BYTE;
wolfSSL	0:1239e9b70ca2	590	cs->cipher_type = INVALID_BYTE;
wolfSSL	0:1239e9b70ca2	591	cs->mac_algorithm = INVALID_BYTE;
wolfSSL	0:1239e9b70ca2	592	cs->kea = INVALID_BYTE;
wolfSSL	0:1239e9b70ca2	593	cs->sig_algo = INVALID_BYTE;
wolfSSL	0:1239e9b70ca2	594
wolfSSL	0:1239e9b70ca2	595	cs->hash_size = 0;
wolfSSL	0:1239e9b70ca2	596	cs->static_ecdh = 0;
wolfSSL	0:1239e9b70ca2	597	cs->key_size = 0;
wolfSSL	0:1239e9b70ca2	598	cs->iv_size = 0;
wolfSSL	0:1239e9b70ca2	599	cs->block_size = 0;
wolfSSL	0:1239e9b70ca2	600	}
wolfSSL	0:1239e9b70ca2	601
wolfSSL	0:1239e9b70ca2	602
wolfSSL	0:1239e9b70ca2	603	void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
wolfSSL	0:1239e9b70ca2	604	byte haveDH, byte haveNTRU, byte haveECDSAsig,
wolfSSL	0:1239e9b70ca2	605	byte haveStaticECC, int side)
wolfSSL	0:1239e9b70ca2	606	{
wolfSSL	0:1239e9b70ca2	607	word16 idx = 0;
wolfSSL	0:1239e9b70ca2	608	int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
wolfSSL	0:1239e9b70ca2	609	int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
wolfSSL	0:1239e9b70ca2	610	int haveRSAsig = 1;
wolfSSL	0:1239e9b70ca2	611
wolfSSL	0:1239e9b70ca2	612	(void)tls; /* shut up compiler */
wolfSSL	0:1239e9b70ca2	613	(void)tls1_2;
wolfSSL	0:1239e9b70ca2	614	(void)haveDH;
wolfSSL	0:1239e9b70ca2	615	(void)havePSK;
wolfSSL	0:1239e9b70ca2	616	(void)haveNTRU;
wolfSSL	0:1239e9b70ca2	617	(void)haveStaticECC;
wolfSSL	0:1239e9b70ca2	618
wolfSSL	0:1239e9b70ca2	619	if (suites == NULL) {
wolfSSL	0:1239e9b70ca2	620	CYASSL_MSG("InitSuites pointer error");
wolfSSL	0:1239e9b70ca2	621	return;
wolfSSL	0:1239e9b70ca2	622	}
wolfSSL	0:1239e9b70ca2	623
wolfSSL	0:1239e9b70ca2	624	if (suites->setSuites)
wolfSSL	0:1239e9b70ca2	625	return; /* trust user settings, don't override */
wolfSSL	0:1239e9b70ca2	626
wolfSSL	0:1239e9b70ca2	627	if (side == CYASSL_SERVER_END && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	628	haveRSA = 0; /* can't do RSA with ECDSA key */
wolfSSL	0:1239e9b70ca2	629	(void)haveRSA; /* some builds won't read */
wolfSSL	0:1239e9b70ca2	630	}
wolfSSL	0:1239e9b70ca2	631
wolfSSL	0:1239e9b70ca2	632	if (side == CYASSL_SERVER_END && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	633	haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
wolfSSL	0:1239e9b70ca2	634	(void)haveRSAsig; /* non ecc builds won't read */
wolfSSL	0:1239e9b70ca2	635	}
wolfSSL	0:1239e9b70ca2	636
wolfSSL	0:1239e9b70ca2	637	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	638	if (pv.major == DTLS_MAJOR) {
wolfSSL	0:1239e9b70ca2	639	tls = 1;
wolfSSL	0:1239e9b70ca2	640	tls1_2 = pv.minor <= DTLSv1_2_MINOR;
wolfSSL	0:1239e9b70ca2	641	}
wolfSSL	0:1239e9b70ca2	642	#endif
wolfSSL	0:1239e9b70ca2	643
wolfSSL	0:1239e9b70ca2	644	#ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL	0:1239e9b70ca2	645	if (side == CYASSL_CLIENT_END) {
wolfSSL	0:1239e9b70ca2	646	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	647	suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
wolfSSL	0:1239e9b70ca2	648	}
wolfSSL	0:1239e9b70ca2	649	#endif
wolfSSL	0:1239e9b70ca2	650
wolfSSL	0:1239e9b70ca2	651	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	652	if (tls && haveNTRU && haveRSA) {
wolfSSL	0:1239e9b70ca2	653	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	654	suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	655	}
wolfSSL	0:1239e9b70ca2	656	#endif
wolfSSL	0:1239e9b70ca2	657
wolfSSL	0:1239e9b70ca2	658	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	659	if (tls && haveNTRU && haveRSA) {
wolfSSL	0:1239e9b70ca2	660	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	661	suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	662	}
wolfSSL	0:1239e9b70ca2	663	#endif
wolfSSL	0:1239e9b70ca2	664
wolfSSL	0:1239e9b70ca2	665	#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	666	if (tls && haveNTRU && haveRSA) {
wolfSSL	0:1239e9b70ca2	667	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	668	suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
wolfSSL	0:1239e9b70ca2	669	}
wolfSSL	0:1239e9b70ca2	670	#endif
wolfSSL	0:1239e9b70ca2	671
wolfSSL	0:1239e9b70ca2	672	#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	673	if (tls && haveNTRU && haveRSA) {
wolfSSL	0:1239e9b70ca2	674	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	675	suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	0:1239e9b70ca2	676	}
wolfSSL	0:1239e9b70ca2	677	#endif
wolfSSL	0:1239e9b70ca2	678
wolfSSL	0:1239e9b70ca2	679	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	680	if (tls1_2 && haveRSAsig) {
wolfSSL	0:1239e9b70ca2	681	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	682	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	683	}
wolfSSL	0:1239e9b70ca2	684	#endif
wolfSSL	0:1239e9b70ca2	685
wolfSSL	0:1239e9b70ca2	686	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	687	if (tls1_2 && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	688	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	689	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	690	}
wolfSSL	0:1239e9b70ca2	691	#endif
wolfSSL	0:1239e9b70ca2	692
wolfSSL	0:1239e9b70ca2	693	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	694	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	695	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	696	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	697	}
wolfSSL	0:1239e9b70ca2	698	#endif
wolfSSL	0:1239e9b70ca2	699
wolfSSL	0:1239e9b70ca2	700	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	701	if (tls1_2 && haveECDSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	702	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	703	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	704	}
wolfSSL	0:1239e9b70ca2	705	#endif
wolfSSL	0:1239e9b70ca2	706
wolfSSL	0:1239e9b70ca2	707	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	708	if (tls1_2 && haveRSAsig) {
wolfSSL	0:1239e9b70ca2	709	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	710	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL	0:1239e9b70ca2	711	}
wolfSSL	0:1239e9b70ca2	712	#endif
wolfSSL	0:1239e9b70ca2	713
wolfSSL	0:1239e9b70ca2	714	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	715	if (tls1_2 && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	716	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	717	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL	0:1239e9b70ca2	718	}
wolfSSL	0:1239e9b70ca2	719	#endif
wolfSSL	0:1239e9b70ca2	720
wolfSSL	0:1239e9b70ca2	721	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	722	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	723	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	724	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL	0:1239e9b70ca2	725	}
wolfSSL	0:1239e9b70ca2	726	#endif
wolfSSL	0:1239e9b70ca2	727
wolfSSL	0:1239e9b70ca2	728	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	729	if (tls1_2 && haveECDSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	730	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	731	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL	0:1239e9b70ca2	732	}
wolfSSL	0:1239e9b70ca2	733	#endif
wolfSSL	0:1239e9b70ca2	734
wolfSSL	0:1239e9b70ca2	735	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	736	if (tls1_2 && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	737	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	738	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL	0:1239e9b70ca2	739	}
wolfSSL	0:1239e9b70ca2	740	#endif
wolfSSL	0:1239e9b70ca2	741
wolfSSL	0:1239e9b70ca2	742	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	743	if (tls && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	744	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	745	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	746	}
wolfSSL	0:1239e9b70ca2	747	#endif
wolfSSL	0:1239e9b70ca2	748
wolfSSL	0:1239e9b70ca2	749	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	750	if (tls1_2 && haveECDSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	751	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	752	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL	0:1239e9b70ca2	753	}
wolfSSL	0:1239e9b70ca2	754	#endif
wolfSSL	0:1239e9b70ca2	755
wolfSSL	0:1239e9b70ca2	756	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	757	if (tls && haveECDSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	758	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	759	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	760	}
wolfSSL	0:1239e9b70ca2	761	#endif
wolfSSL	0:1239e9b70ca2	762
wolfSSL	0:1239e9b70ca2	763	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	764	if (tls1_2 && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	765	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	766	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL	0:1239e9b70ca2	767	}
wolfSSL	0:1239e9b70ca2	768	#endif
wolfSSL	0:1239e9b70ca2	769
wolfSSL	0:1239e9b70ca2	770	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	771	if (tls && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	772	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	773	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	774	}
wolfSSL	0:1239e9b70ca2	775	#endif
wolfSSL	0:1239e9b70ca2	776
wolfSSL	0:1239e9b70ca2	777	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	778	if (tls1_2 && haveECDSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	779	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	780	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL	0:1239e9b70ca2	781	}
wolfSSL	0:1239e9b70ca2	782	#endif
wolfSSL	0:1239e9b70ca2	783
wolfSSL	0:1239e9b70ca2	784	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	785	if (tls && haveECDSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	786	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	787	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	788	}
wolfSSL	0:1239e9b70ca2	789	#endif
wolfSSL	0:1239e9b70ca2	790
wolfSSL	0:1239e9b70ca2	791	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	792	if (tls && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	793	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	794	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
wolfSSL	0:1239e9b70ca2	795	}
wolfSSL	0:1239e9b70ca2	796	#endif
wolfSSL	0:1239e9b70ca2	797
wolfSSL	0:1239e9b70ca2	798	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	799	if (tls && haveECDSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	800	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	801	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
wolfSSL	0:1239e9b70ca2	802	}
wolfSSL	0:1239e9b70ca2	803	#endif
wolfSSL	0:1239e9b70ca2	804
wolfSSL	0:1239e9b70ca2	805	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	806	if (tls && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	807	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	808	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	0:1239e9b70ca2	809	}
wolfSSL	0:1239e9b70ca2	810	#endif
wolfSSL	0:1239e9b70ca2	811
wolfSSL	0:1239e9b70ca2	812	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	813	if (tls && haveECDSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	814	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	815	suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	0:1239e9b70ca2	816	}
wolfSSL	0:1239e9b70ca2	817	#endif
wolfSSL	0:1239e9b70ca2	818
wolfSSL	0:1239e9b70ca2	819	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	820	if (tls1_2 && haveRSA) {
wolfSSL	0:1239e9b70ca2	821	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	822	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	0:1239e9b70ca2	823	}
wolfSSL	0:1239e9b70ca2	824	#endif
wolfSSL	0:1239e9b70ca2	825
wolfSSL	0:1239e9b70ca2	826	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	827	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	828	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	829	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	830	}
wolfSSL	0:1239e9b70ca2	831	#endif
wolfSSL	0:1239e9b70ca2	832
wolfSSL	0:1239e9b70ca2	833	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	834	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	835	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	836	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	0:1239e9b70ca2	837	}
wolfSSL	0:1239e9b70ca2	838	#endif
wolfSSL	0:1239e9b70ca2	839
wolfSSL	0:1239e9b70ca2	840	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	841	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	842	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	843	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	844	}
wolfSSL	0:1239e9b70ca2	845	#endif
wolfSSL	0:1239e9b70ca2	846
wolfSSL	0:1239e9b70ca2	847	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	848	if (tls1_2 && haveRSA) {
wolfSSL	0:1239e9b70ca2	849	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	850	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	0:1239e9b70ca2	851	}
wolfSSL	0:1239e9b70ca2	852	#endif
wolfSSL	0:1239e9b70ca2	853
wolfSSL	0:1239e9b70ca2	854	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	855	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	856	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	857	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	858	}
wolfSSL	0:1239e9b70ca2	859	#endif
wolfSSL	0:1239e9b70ca2	860
wolfSSL	0:1239e9b70ca2	861	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	862	if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	863	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	864	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	0:1239e9b70ca2	865	}
wolfSSL	0:1239e9b70ca2	866	#endif
wolfSSL	0:1239e9b70ca2	867
wolfSSL	0:1239e9b70ca2	868	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	869	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	870	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	871	suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	872	}
wolfSSL	0:1239e9b70ca2	873	#endif
wolfSSL	0:1239e9b70ca2	874
wolfSSL	0:1239e9b70ca2	875	#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	876	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	877	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	878	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
wolfSSL	0:1239e9b70ca2	879	}
wolfSSL	0:1239e9b70ca2	880	#endif
wolfSSL	0:1239e9b70ca2	881
wolfSSL	0:1239e9b70ca2	882	#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	883	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	884	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	885	suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
wolfSSL	0:1239e9b70ca2	886	}
wolfSSL	0:1239e9b70ca2	887	#endif
wolfSSL	0:1239e9b70ca2	888
wolfSSL	0:1239e9b70ca2	889	#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	890	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	891	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	892	suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	0:1239e9b70ca2	893	}
wolfSSL	0:1239e9b70ca2	894	#endif
wolfSSL	0:1239e9b70ca2	895
wolfSSL	0:1239e9b70ca2	896	#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	897	if (tls && haveRSAsig && haveStaticECC) {
wolfSSL	0:1239e9b70ca2	898	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	899	suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	0:1239e9b70ca2	900	}
wolfSSL	0:1239e9b70ca2	901	#endif
wolfSSL	0:1239e9b70ca2	902
wolfSSL	0:1239e9b70ca2	903	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	904	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	905	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	906	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	0:1239e9b70ca2	907	}
wolfSSL	0:1239e9b70ca2	908	#endif
wolfSSL	0:1239e9b70ca2	909
wolfSSL	0:1239e9b70ca2	910	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	911	if (tls1_2 && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	912	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	913	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
wolfSSL	0:1239e9b70ca2	914	}
wolfSSL	0:1239e9b70ca2	915	#endif
wolfSSL	0:1239e9b70ca2	916
wolfSSL	0:1239e9b70ca2	917	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	918	if (tls1_2 && haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	919	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	920	suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
wolfSSL	0:1239e9b70ca2	921	}
wolfSSL	0:1239e9b70ca2	922	#endif
wolfSSL	0:1239e9b70ca2	923
wolfSSL	0:1239e9b70ca2	924	#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	925	if (tls1_2 && haveRSA) {
wolfSSL	0:1239e9b70ca2	926	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	927	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
wolfSSL	0:1239e9b70ca2	928	}
wolfSSL	0:1239e9b70ca2	929	#endif
wolfSSL	0:1239e9b70ca2	930
wolfSSL	0:1239e9b70ca2	931	#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	932	if (tls1_2 && haveRSA) {
wolfSSL	0:1239e9b70ca2	933	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	934	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
wolfSSL	0:1239e9b70ca2	935	}
wolfSSL	0:1239e9b70ca2	936	#endif
wolfSSL	0:1239e9b70ca2	937
wolfSSL	0:1239e9b70ca2	938	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	939	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	940	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	941	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	942	}
wolfSSL	0:1239e9b70ca2	943	#endif
wolfSSL	0:1239e9b70ca2	944
wolfSSL	0:1239e9b70ca2	945	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	946	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	947	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	948	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	0:1239e9b70ca2	949	}
wolfSSL	0:1239e9b70ca2	950	#endif
wolfSSL	0:1239e9b70ca2	951
wolfSSL	0:1239e9b70ca2	952	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	953	if (tls1_2 && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	954	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	955	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	956	}
wolfSSL	0:1239e9b70ca2	957	#endif
wolfSSL	0:1239e9b70ca2	958
wolfSSL	0:1239e9b70ca2	959	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	960	if (tls && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	961	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	962	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	963	}
wolfSSL	0:1239e9b70ca2	964	#endif
wolfSSL	0:1239e9b70ca2	965
wolfSSL	0:1239e9b70ca2	966	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	967	if (tls && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	968	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	969	suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	970	}
wolfSSL	0:1239e9b70ca2	971	#endif
wolfSSL	0:1239e9b70ca2	972
wolfSSL	0:1239e9b70ca2	973	#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	974	if (tls1_2 && haveRSA) {
wolfSSL	0:1239e9b70ca2	975	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	976	suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL	0:1239e9b70ca2	977	}
wolfSSL	0:1239e9b70ca2	978	#endif
wolfSSL	0:1239e9b70ca2	979
wolfSSL	0:1239e9b70ca2	980	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	981	if (tls1_2 && haveRSA) {
wolfSSL	0:1239e9b70ca2	982	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	983	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	984	}
wolfSSL	0:1239e9b70ca2	985	#endif
wolfSSL	0:1239e9b70ca2	986
wolfSSL	0:1239e9b70ca2	987	#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	988	if (tls1_2 && haveRSA) {
wolfSSL	0:1239e9b70ca2	989	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	990	suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL	0:1239e9b70ca2	991	}
wolfSSL	0:1239e9b70ca2	992	#endif
wolfSSL	0:1239e9b70ca2	993
wolfSSL	0:1239e9b70ca2	994	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	995	if (tls1_2 && haveRSA) {
wolfSSL	0:1239e9b70ca2	996	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	997	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	998	}
wolfSSL	0:1239e9b70ca2	999	#endif
wolfSSL	0:1239e9b70ca2	1000
wolfSSL	0:1239e9b70ca2	1001	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	1002	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1003	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1004	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	1005	}
wolfSSL	0:1239e9b70ca2	1006	#endif
wolfSSL	0:1239e9b70ca2	1007
wolfSSL	0:1239e9b70ca2	1008	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	1009	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1010	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1011	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	1012	}
wolfSSL	0:1239e9b70ca2	1013	#endif
wolfSSL	0:1239e9b70ca2	1014
wolfSSL	0:1239e9b70ca2	1015	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	0:1239e9b70ca2	1016	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1017	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1018	suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
wolfSSL	0:1239e9b70ca2	1019	}
wolfSSL	0:1239e9b70ca2	1020	#endif
wolfSSL	0:1239e9b70ca2	1021
wolfSSL	0:1239e9b70ca2	1022	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	0:1239e9b70ca2	1023	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1024	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1025	suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
wolfSSL	0:1239e9b70ca2	1026	}
wolfSSL	0:1239e9b70ca2	1027	#endif
wolfSSL	0:1239e9b70ca2	1028
wolfSSL	0:1239e9b70ca2	1029	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	1030	if (tls && havePSK) {
wolfSSL	0:1239e9b70ca2	1031	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1032	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	1033	}
wolfSSL	0:1239e9b70ca2	1034	#endif
wolfSSL	0:1239e9b70ca2	1035
wolfSSL	0:1239e9b70ca2	1036	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	1037	if (tls && havePSK) {
wolfSSL	0:1239e9b70ca2	1038	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1039	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	1040	}
wolfSSL	0:1239e9b70ca2	1041	#endif
wolfSSL	0:1239e9b70ca2	1042
wolfSSL	0:1239e9b70ca2	1043	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	1044	if (tls && havePSK) {
wolfSSL	0:1239e9b70ca2	1045	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1046	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	1047	}
wolfSSL	0:1239e9b70ca2	1048	#endif
wolfSSL	0:1239e9b70ca2	1049
wolfSSL	0:1239e9b70ca2	1050	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	1051	if (tls && havePSK) {
wolfSSL	0:1239e9b70ca2	1052	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	1053	suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
wolfSSL	0:1239e9b70ca2	1054	}
wolfSSL	0:1239e9b70ca2	1055	#endif
wolfSSL	0:1239e9b70ca2	1056
wolfSSL	0:1239e9b70ca2	1057	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	1058	if (tls && havePSK) {
wolfSSL	0:1239e9b70ca2	1059	suites->suites[idx++] = ECC_BYTE;
wolfSSL	0:1239e9b70ca2	1060	suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
wolfSSL	0:1239e9b70ca2	1061	}
wolfSSL	0:1239e9b70ca2	1062	#endif
wolfSSL	0:1239e9b70ca2	1063
wolfSSL	0:1239e9b70ca2	1064	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	0:1239e9b70ca2	1065	if (tls && havePSK) {
wolfSSL	0:1239e9b70ca2	1066	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1067	suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
wolfSSL	0:1239e9b70ca2	1068	}
wolfSSL	0:1239e9b70ca2	1069	#endif
wolfSSL	0:1239e9b70ca2	1070
wolfSSL	0:1239e9b70ca2	1071	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	0:1239e9b70ca2	1072	if (tls && havePSK) {
wolfSSL	0:1239e9b70ca2	1073	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1074	suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
wolfSSL	0:1239e9b70ca2	1075	}
wolfSSL	0:1239e9b70ca2	1076	#endif
wolfSSL	0:1239e9b70ca2	1077
wolfSSL	0:1239e9b70ca2	1078	#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	1079	if (haveRSA ) {
wolfSSL	0:1239e9b70ca2	1080	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1081	suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
wolfSSL	0:1239e9b70ca2	1082	}
wolfSSL	0:1239e9b70ca2	1083	#endif
wolfSSL	0:1239e9b70ca2	1084
wolfSSL	0:1239e9b70ca2	1085	#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	0:1239e9b70ca2	1086	if (haveRSA ) {
wolfSSL	0:1239e9b70ca2	1087	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1088	suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
wolfSSL	0:1239e9b70ca2	1089	}
wolfSSL	0:1239e9b70ca2	1090	#endif
wolfSSL	0:1239e9b70ca2	1091
wolfSSL	0:1239e9b70ca2	1092	#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	1093	if (haveRSA ) {
wolfSSL	0:1239e9b70ca2	1094	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1095	suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL	0:1239e9b70ca2	1096	}
wolfSSL	0:1239e9b70ca2	1097	#endif
wolfSSL	0:1239e9b70ca2	1098
wolfSSL	0:1239e9b70ca2	1099	#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	0:1239e9b70ca2	1100	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1101	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1102	suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5;
wolfSSL	0:1239e9b70ca2	1103	}
wolfSSL	0:1239e9b70ca2	1104	#endif
wolfSSL	0:1239e9b70ca2	1105
wolfSSL	0:1239e9b70ca2	1106	#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	0:1239e9b70ca2	1107	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1108	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1109	suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA;
wolfSSL	0:1239e9b70ca2	1110	}
wolfSSL	0:1239e9b70ca2	1111	#endif
wolfSSL	0:1239e9b70ca2	1112
wolfSSL	0:1239e9b70ca2	1113	#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	0:1239e9b70ca2	1114	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1115	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1116	suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
wolfSSL	0:1239e9b70ca2	1117	}
wolfSSL	0:1239e9b70ca2	1118	#endif
wolfSSL	0:1239e9b70ca2	1119
wolfSSL	0:1239e9b70ca2	1120	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	0:1239e9b70ca2	1121	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1122	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1123	suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256;
wolfSSL	0:1239e9b70ca2	1124	}
wolfSSL	0:1239e9b70ca2	1125	#endif
wolfSSL	0:1239e9b70ca2	1126
wolfSSL	0:1239e9b70ca2	1127	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	0:1239e9b70ca2	1128	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1129	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1130	suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256;
wolfSSL	0:1239e9b70ca2	1131	}
wolfSSL	0:1239e9b70ca2	1132	#endif
wolfSSL	0:1239e9b70ca2	1133
wolfSSL	0:1239e9b70ca2	1134	#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	0:1239e9b70ca2	1135	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1136	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1137	suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA;
wolfSSL	0:1239e9b70ca2	1138	}
wolfSSL	0:1239e9b70ca2	1139	#endif
wolfSSL	0:1239e9b70ca2	1140
wolfSSL	0:1239e9b70ca2	1141	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	1142	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1143	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1144	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	1145	}
wolfSSL	0:1239e9b70ca2	1146	#endif
wolfSSL	0:1239e9b70ca2	1147
wolfSSL	0:1239e9b70ca2	1148	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	1149	if (tls && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	1150	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1151	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL	0:1239e9b70ca2	1152	}
wolfSSL	0:1239e9b70ca2	1153	#endif
wolfSSL	0:1239e9b70ca2	1154
wolfSSL	0:1239e9b70ca2	1155	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	1156	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1157	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1158	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	1159	}
wolfSSL	0:1239e9b70ca2	1160	#endif
wolfSSL	0:1239e9b70ca2	1161
wolfSSL	0:1239e9b70ca2	1162	#ifdef BUILD_TLS_DHE_WITH_RSA_CAMELLIA_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	1163	if (tls && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	1164	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1165	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL	0:1239e9b70ca2	1166	}
wolfSSL	0:1239e9b70ca2	1167	#endif
wolfSSL	0:1239e9b70ca2	1168
wolfSSL	0:1239e9b70ca2	1169	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	1170	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1171	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1172	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	1173	}
wolfSSL	0:1239e9b70ca2	1174	#endif
wolfSSL	0:1239e9b70ca2	1175
wolfSSL	0:1239e9b70ca2	1176	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	1177	if (tls && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	1178	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1179	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	1180	}
wolfSSL	0:1239e9b70ca2	1181	#endif
wolfSSL	0:1239e9b70ca2	1182
wolfSSL	0:1239e9b70ca2	1183	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	1184	if (tls && haveRSA) {
wolfSSL	0:1239e9b70ca2	1185	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1186	suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	1187	}
wolfSSL	0:1239e9b70ca2	1188	#endif
wolfSSL	0:1239e9b70ca2	1189
wolfSSL	0:1239e9b70ca2	1190	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	1191	if (tls && haveDH && haveRSA) {
wolfSSL	0:1239e9b70ca2	1192	suites->suites[idx++] = 0;
wolfSSL	0:1239e9b70ca2	1193	suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL	0:1239e9b70ca2	1194	}
wolfSSL	0:1239e9b70ca2	1195	#endif
wolfSSL	0:1239e9b70ca2	1196
wolfSSL	0:1239e9b70ca2	1197	suites->suiteSz = idx;
wolfSSL	0:1239e9b70ca2	1198
wolfSSL	0:1239e9b70ca2	1199	{
wolfSSL	0:1239e9b70ca2	1200	idx = 0;
wolfSSL	0:1239e9b70ca2	1201
wolfSSL	0:1239e9b70ca2	1202	if (haveECDSAsig) {
wolfSSL	0:1239e9b70ca2	1203	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	1204	suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL	0:1239e9b70ca2	1205	suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	0:1239e9b70ca2	1206	#endif
wolfSSL	0:1239e9b70ca2	1207	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	1208	suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL	0:1239e9b70ca2	1209	suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	0:1239e9b70ca2	1210	#endif
wolfSSL	0:1239e9b70ca2	1211	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	1212	suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL	0:1239e9b70ca2	1213	suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	0:1239e9b70ca2	1214	#endif
wolfSSL	0:1239e9b70ca2	1215	}
wolfSSL	0:1239e9b70ca2	1216
wolfSSL	0:1239e9b70ca2	1217	if (haveRSAsig) {
wolfSSL	0:1239e9b70ca2	1218	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	1219	suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL	0:1239e9b70ca2	1220	suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	0:1239e9b70ca2	1221	#endif
wolfSSL	0:1239e9b70ca2	1222	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	1223	suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL	0:1239e9b70ca2	1224	suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	0:1239e9b70ca2	1225	#endif
wolfSSL	0:1239e9b70ca2	1226	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	1227	suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL	0:1239e9b70ca2	1228	suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	0:1239e9b70ca2	1229	#endif
wolfSSL	0:1239e9b70ca2	1230	}
wolfSSL	0:1239e9b70ca2	1231
wolfSSL	0:1239e9b70ca2	1232	suites->hashSigAlgoSz = idx;
wolfSSL	0:1239e9b70ca2	1233	}
wolfSSL	0:1239e9b70ca2	1234	}
wolfSSL	0:1239e9b70ca2	1235
wolfSSL	0:1239e9b70ca2	1236
wolfSSL	0:1239e9b70ca2	1237	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1238
wolfSSL	0:1239e9b70ca2	1239
wolfSSL	0:1239e9b70ca2	1240	void InitX509Name(CYASSL_X509_NAME* name, int dynamicFlag)
wolfSSL	0:1239e9b70ca2	1241	{
wolfSSL	0:1239e9b70ca2	1242	(void)dynamicFlag;
wolfSSL	0:1239e9b70ca2	1243
wolfSSL	0:1239e9b70ca2	1244	if (name != NULL) {
wolfSSL	0:1239e9b70ca2	1245	name->name = name->staticName;
wolfSSL	0:1239e9b70ca2	1246	name->dynamicName = 0;
wolfSSL	0:1239e9b70ca2	1247	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	1248	XMEMSET(&name->fullName, 0, sizeof(DecodedName));
wolfSSL	0:1239e9b70ca2	1249	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	1250	}
wolfSSL	0:1239e9b70ca2	1251	}
wolfSSL	0:1239e9b70ca2	1252
wolfSSL	0:1239e9b70ca2	1253
wolfSSL	0:1239e9b70ca2	1254	void FreeX509Name(CYASSL_X509_NAME* name)
wolfSSL	0:1239e9b70ca2	1255	{
wolfSSL	0:1239e9b70ca2	1256	if (name != NULL) {
wolfSSL	0:1239e9b70ca2	1257	if (name->dynamicName)
wolfSSL	0:1239e9b70ca2	1258	XFREE(name->name, NULL, DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL	0:1239e9b70ca2	1259	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	1260	if (name->fullName.fullName != NULL)
wolfSSL	0:1239e9b70ca2	1261	XFREE(name->fullName.fullName, NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	1262	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	1263	}
wolfSSL	0:1239e9b70ca2	1264	}
wolfSSL	0:1239e9b70ca2	1265
wolfSSL	0:1239e9b70ca2	1266
wolfSSL	0:1239e9b70ca2	1267	/* Initialize CyaSSL X509 type */
wolfSSL	0:1239e9b70ca2	1268	void InitX509(CYASSL_X509* x509, int dynamicFlag)
wolfSSL	0:1239e9b70ca2	1269	{
wolfSSL	0:1239e9b70ca2	1270	InitX509Name(&x509->issuer, 0);
wolfSSL	0:1239e9b70ca2	1271	InitX509Name(&x509->subject, 0);
wolfSSL	0:1239e9b70ca2	1272	x509->version = 0;
wolfSSL	0:1239e9b70ca2	1273	x509->pubKey.buffer = NULL;
wolfSSL	0:1239e9b70ca2	1274	x509->sig.buffer = NULL;
wolfSSL	0:1239e9b70ca2	1275	x509->derCert.buffer = NULL;
wolfSSL	0:1239e9b70ca2	1276	x509->altNames = NULL;
wolfSSL	0:1239e9b70ca2	1277	x509->altNamesNext = NULL;
wolfSSL	0:1239e9b70ca2	1278	x509->dynamicMemory = (byte)dynamicFlag;
wolfSSL	0:1239e9b70ca2	1279	x509->isCa = 0;
wolfSSL	0:1239e9b70ca2	1280	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1281	x509->pkCurveOID = 0;
wolfSSL	0:1239e9b70ca2	1282	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	1283	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	1284	x509->pathLength = 0;
wolfSSL	0:1239e9b70ca2	1285	x509->basicConstSet = 0;
wolfSSL	0:1239e9b70ca2	1286	x509->basicConstCrit = 0;
wolfSSL	0:1239e9b70ca2	1287	x509->basicConstPlSet = 0;
wolfSSL	0:1239e9b70ca2	1288	x509->subjAltNameSet = 0;
wolfSSL	0:1239e9b70ca2	1289	x509->subjAltNameCrit = 0;
wolfSSL	0:1239e9b70ca2	1290	x509->authKeyIdSet = 0;
wolfSSL	0:1239e9b70ca2	1291	x509->authKeyIdCrit = 0;
wolfSSL	0:1239e9b70ca2	1292	x509->authKeyId = NULL;
wolfSSL	0:1239e9b70ca2	1293	x509->authKeyIdSz = 0;
wolfSSL	0:1239e9b70ca2	1294	x509->subjKeyIdSet = 0;
wolfSSL	0:1239e9b70ca2	1295	x509->subjKeyIdCrit = 0;
wolfSSL	0:1239e9b70ca2	1296	x509->subjKeyId = NULL;
wolfSSL	0:1239e9b70ca2	1297	x509->subjKeyIdSz = 0;
wolfSSL	0:1239e9b70ca2	1298	x509->keyUsageSet = 0;
wolfSSL	0:1239e9b70ca2	1299	x509->keyUsageCrit = 0;
wolfSSL	0:1239e9b70ca2	1300	x509->keyUsage = 0;
wolfSSL	0:1239e9b70ca2	1301	#ifdef CYASSL_SEP
wolfSSL	0:1239e9b70ca2	1302	x509->certPolicySet = 0;
wolfSSL	0:1239e9b70ca2	1303	x509->certPolicyCrit = 0;
wolfSSL	0:1239e9b70ca2	1304	#endif /* CYASSL_SEP */
wolfSSL	0:1239e9b70ca2	1305	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	1306	}
wolfSSL	0:1239e9b70ca2	1307
wolfSSL	0:1239e9b70ca2	1308
wolfSSL	0:1239e9b70ca2	1309	/* Free CyaSSL X509 type */
wolfSSL	0:1239e9b70ca2	1310	void FreeX509(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	1311	{
wolfSSL	0:1239e9b70ca2	1312	if (x509 == NULL)
wolfSSL	0:1239e9b70ca2	1313	return;
wolfSSL	0:1239e9b70ca2	1314
wolfSSL	0:1239e9b70ca2	1315	FreeX509Name(&x509->issuer);
wolfSSL	0:1239e9b70ca2	1316	FreeX509Name(&x509->subject);
wolfSSL	0:1239e9b70ca2	1317	if (x509->pubKey.buffer)
wolfSSL	0:1239e9b70ca2	1318	XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	0:1239e9b70ca2	1319	XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL	0:1239e9b70ca2	1320	XFREE(x509->sig.buffer, NULL, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	0:1239e9b70ca2	1321	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	1322	XFREE(x509->authKeyId, NULL, 0);
wolfSSL	0:1239e9b70ca2	1323	XFREE(x509->subjKeyId, NULL, 0);
wolfSSL	0:1239e9b70ca2	1324	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	1325	if (x509->altNames)
wolfSSL	0:1239e9b70ca2	1326	FreeAltNames(x509->altNames, NULL);
wolfSSL	0:1239e9b70ca2	1327	if (x509->dynamicMemory)
wolfSSL	0:1239e9b70ca2	1328	XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	1329	}
wolfSSL	0:1239e9b70ca2	1330
wolfSSL	0:1239e9b70ca2	1331	#endif /* NO_CERTS */
wolfSSL	0:1239e9b70ca2	1332
wolfSSL	0:1239e9b70ca2	1333
wolfSSL	0:1239e9b70ca2	1334	/* init everything to 0, NULL, default values before calling anything that may
wolfSSL	0:1239e9b70ca2	1335	fail so that desctructor has a "good" state to cleanup */
wolfSSL	0:1239e9b70ca2	1336	int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	1337	{
wolfSSL	0:1239e9b70ca2	1338	int ret;
wolfSSL	0:1239e9b70ca2	1339	byte haveRSA = 0;
wolfSSL	0:1239e9b70ca2	1340	byte havePSK = 0;
wolfSSL	0:1239e9b70ca2	1341
wolfSSL	0:1239e9b70ca2	1342	ssl->ctx = ctx; /* only for passing to calls, options could change */
wolfSSL	0:1239e9b70ca2	1343	ssl->version = ctx->method->version;
wolfSSL	0:1239e9b70ca2	1344	ssl->suites = NULL;
wolfSSL	0:1239e9b70ca2	1345
wolfSSL	0:1239e9b70ca2	1346	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	1347	ssl->didStreamInit = 0;
wolfSSL	0:1239e9b70ca2	1348	#endif
wolfSSL	0:1239e9b70ca2	1349	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1350	haveRSA = 1;
wolfSSL	0:1239e9b70ca2	1351	#endif
wolfSSL	0:1239e9b70ca2	1352
wolfSSL	0:1239e9b70ca2	1353	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1354	ssl->buffers.certificate.buffer = 0;
wolfSSL	0:1239e9b70ca2	1355	ssl->buffers.key.buffer = 0;
wolfSSL	0:1239e9b70ca2	1356	ssl->buffers.certChain.buffer = 0;
wolfSSL	0:1239e9b70ca2	1357	#endif
wolfSSL	0:1239e9b70ca2	1358	ssl->buffers.inputBuffer.length = 0;
wolfSSL	0:1239e9b70ca2	1359	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	0:1239e9b70ca2	1360	ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL	0:1239e9b70ca2	1361	ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	0:1239e9b70ca2	1362	ssl->buffers.inputBuffer.dynamicFlag = 0;
wolfSSL	0:1239e9b70ca2	1363	ssl->buffers.inputBuffer.offset = 0;
wolfSSL	0:1239e9b70ca2	1364	ssl->buffers.outputBuffer.length = 0;
wolfSSL	0:1239e9b70ca2	1365	ssl->buffers.outputBuffer.idx = 0;
wolfSSL	0:1239e9b70ca2	1366	ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL	0:1239e9b70ca2	1367	ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	0:1239e9b70ca2	1368	ssl->buffers.outputBuffer.dynamicFlag = 0;
wolfSSL	0:1239e9b70ca2	1369	ssl->buffers.outputBuffer.offset = 0;
wolfSSL	0:1239e9b70ca2	1370	ssl->buffers.domainName.buffer = 0;
wolfSSL	0:1239e9b70ca2	1371	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1372	ssl->buffers.serverDH_P.buffer = 0;
wolfSSL	0:1239e9b70ca2	1373	ssl->buffers.serverDH_G.buffer = 0;
wolfSSL	0:1239e9b70ca2	1374	ssl->buffers.serverDH_Pub.buffer = 0;
wolfSSL	0:1239e9b70ca2	1375	ssl->buffers.serverDH_Priv.buffer = 0;
wolfSSL	0:1239e9b70ca2	1376	#endif
wolfSSL	0:1239e9b70ca2	1377	ssl->buffers.clearOutputBuffer.buffer = 0;
wolfSSL	0:1239e9b70ca2	1378	ssl->buffers.clearOutputBuffer.length = 0;
wolfSSL	0:1239e9b70ca2	1379	ssl->buffers.prevSent = 0;
wolfSSL	0:1239e9b70ca2	1380	ssl->buffers.plainSz = 0;
wolfSSL	0:1239e9b70ca2	1381	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	1382	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1383	ssl->buffers.peerEccDsaKey.buffer = 0;
wolfSSL	0:1239e9b70ca2	1384	ssl->buffers.peerEccDsaKey.length = 0;
wolfSSL	0:1239e9b70ca2	1385	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	1386	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1387	ssl->buffers.peerRsaKey.buffer = 0;
wolfSSL	0:1239e9b70ca2	1388	ssl->buffers.peerRsaKey.length = 0;
wolfSSL	0:1239e9b70ca2	1389	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	1390	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	0:1239e9b70ca2	1391
wolfSSL	0:1239e9b70ca2	1392	#ifdef KEEP_PEER_CERT
wolfSSL	0:1239e9b70ca2	1393	InitX509(&ssl->peerCert, 0);
wolfSSL	0:1239e9b70ca2	1394	#endif
wolfSSL	0:1239e9b70ca2	1395
wolfSSL	0:1239e9b70ca2	1396	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1397	ssl->eccTempKeySz = ctx->eccTempKeySz;
wolfSSL	0:1239e9b70ca2	1398	ssl->pkCurveOID = ctx->pkCurveOID;
wolfSSL	0:1239e9b70ca2	1399	ssl->peerEccKeyPresent = 0;
wolfSSL	0:1239e9b70ca2	1400	ssl->peerEccDsaKeyPresent = 0;
wolfSSL	0:1239e9b70ca2	1401	ssl->eccDsaKeyPresent = 0;
wolfSSL	0:1239e9b70ca2	1402	ssl->eccTempKeyPresent = 0;
wolfSSL	0:1239e9b70ca2	1403	ssl->peerEccKey = NULL;
wolfSSL	0:1239e9b70ca2	1404	ssl->peerEccDsaKey = NULL;
wolfSSL	0:1239e9b70ca2	1405	ssl->eccDsaKey = NULL;
wolfSSL	0:1239e9b70ca2	1406	ssl->eccTempKey = NULL;
wolfSSL	0:1239e9b70ca2	1407	#endif
wolfSSL	0:1239e9b70ca2	1408
wolfSSL	0:1239e9b70ca2	1409	ssl->timeout = ctx->timeout;
wolfSSL	0:1239e9b70ca2	1410	ssl->rfd = -1; /* set to invalid descriptor */
wolfSSL	0:1239e9b70ca2	1411	ssl->wfd = -1;
wolfSSL	0:1239e9b70ca2	1412	ssl->rflags = 0; /* no user flags yet */
wolfSSL	0:1239e9b70ca2	1413	ssl->wflags = 0; /* no user flags yet */
wolfSSL	0:1239e9b70ca2	1414	ssl->biord = 0;
wolfSSL	0:1239e9b70ca2	1415	ssl->biowr = 0;
wolfSSL	0:1239e9b70ca2	1416
wolfSSL	0:1239e9b70ca2	1417	ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
wolfSSL	0:1239e9b70ca2	1418	ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
wolfSSL	0:1239e9b70ca2	1419	#ifdef HAVE_NETX
wolfSSL	0:1239e9b70ca2	1420	ssl->nxCtx.nxSocket = NULL;
wolfSSL	0:1239e9b70ca2	1421	ssl->nxCtx.nxPacket = NULL;
wolfSSL	0:1239e9b70ca2	1422	ssl->nxCtx.nxOffset = 0;
wolfSSL	0:1239e9b70ca2	1423	ssl->nxCtx.nxWait = 0;
wolfSSL	0:1239e9b70ca2	1424	ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */
wolfSSL	0:1239e9b70ca2	1425	ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */
wolfSSL	0:1239e9b70ca2	1426	#endif
wolfSSL	0:1239e9b70ca2	1427	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1428	ssl->IOCB_CookieCtx = NULL; /* we don't use for default cb */
wolfSSL	0:1239e9b70ca2	1429	ssl->dtls_expected_rx = MAX_MTU;
wolfSSL	0:1239e9b70ca2	1430	ssl->keys.dtls_state.window = 0;
wolfSSL	0:1239e9b70ca2	1431	ssl->keys.dtls_state.nextEpoch = 0;
wolfSSL	0:1239e9b70ca2	1432	ssl->keys.dtls_state.nextSeq = 0;
wolfSSL	0:1239e9b70ca2	1433	#endif
wolfSSL	0:1239e9b70ca2	1434
wolfSSL	0:1239e9b70ca2	1435	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1436	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	1437	InitMd5(&ssl->hashMd5);
wolfSSL	0:1239e9b70ca2	1438	#endif
wolfSSL	0:1239e9b70ca2	1439	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	1440	ret = InitSha(&ssl->hashSha);
wolfSSL	0:1239e9b70ca2	1441	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	1442	return ret;
wolfSSL	0:1239e9b70ca2	1443	}
wolfSSL	0:1239e9b70ca2	1444	#endif
wolfSSL	0:1239e9b70ca2	1445	#endif
wolfSSL	0:1239e9b70ca2	1446	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	1447	ret = InitSha256(&ssl->hashSha256);
wolfSSL	0:1239e9b70ca2	1448	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	1449	return ret;
wolfSSL	0:1239e9b70ca2	1450	}
wolfSSL	0:1239e9b70ca2	1451	#endif
wolfSSL	0:1239e9b70ca2	1452	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	1453	ret = InitSha384(&ssl->hashSha384);
wolfSSL	0:1239e9b70ca2	1454	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	1455	return ret;
wolfSSL	0:1239e9b70ca2	1456	}
wolfSSL	0:1239e9b70ca2	1457	#endif
wolfSSL	0:1239e9b70ca2	1458	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1459	ssl->peerRsaKey = NULL;
wolfSSL	0:1239e9b70ca2	1460	ssl->peerRsaKeyPresent = 0;
wolfSSL	0:1239e9b70ca2	1461	#endif
wolfSSL	0:1239e9b70ca2	1462	ssl->verifyCallback = ctx->verifyCallback;
wolfSSL	0:1239e9b70ca2	1463	ssl->verifyCbCtx = NULL;
wolfSSL	0:1239e9b70ca2	1464	ssl->options.side = ctx->method->side;
wolfSSL	0:1239e9b70ca2	1465	ssl->options.downgrade = ctx->method->downgrade;
wolfSSL	0:1239e9b70ca2	1466	ssl->error = 0;
wolfSSL	0:1239e9b70ca2	1467	ssl->options.connReset = 0;
wolfSSL	0:1239e9b70ca2	1468	ssl->options.isClosed = 0;
wolfSSL	0:1239e9b70ca2	1469	ssl->options.closeNotify = 0;
wolfSSL	0:1239e9b70ca2	1470	ssl->options.sentNotify = 0;
wolfSSL	0:1239e9b70ca2	1471	ssl->options.usingCompression = 0;
wolfSSL	0:1239e9b70ca2	1472	if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL	0:1239e9b70ca2	1473	ssl->options.haveDH = ctx->haveDH;
wolfSSL	0:1239e9b70ca2	1474	else
wolfSSL	0:1239e9b70ca2	1475	ssl->options.haveDH = 0;
wolfSSL	0:1239e9b70ca2	1476	ssl->options.haveNTRU = ctx->haveNTRU;
wolfSSL	0:1239e9b70ca2	1477	ssl->options.haveECDSAsig = ctx->haveECDSAsig;
wolfSSL	0:1239e9b70ca2	1478	ssl->options.haveStaticECC = ctx->haveStaticECC;
wolfSSL	0:1239e9b70ca2	1479	ssl->options.havePeerCert = 0;
wolfSSL	0:1239e9b70ca2	1480	ssl->options.havePeerVerify = 0;
wolfSSL	0:1239e9b70ca2	1481	ssl->options.usingPSK_cipher = 0;
wolfSSL	0:1239e9b70ca2	1482	ssl->options.sendAlertState = 0;
wolfSSL	0:1239e9b70ca2	1483	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	1484	havePSK = ctx->havePSK;
wolfSSL	0:1239e9b70ca2	1485	ssl->options.havePSK = ctx->havePSK;
wolfSSL	0:1239e9b70ca2	1486	ssl->options.client_psk_cb = ctx->client_psk_cb;
wolfSSL	0:1239e9b70ca2	1487	ssl->options.server_psk_cb = ctx->server_psk_cb;
wolfSSL	0:1239e9b70ca2	1488	#endif /* NO_PSK */
wolfSSL	0:1239e9b70ca2	1489
wolfSSL	0:1239e9b70ca2	1490	ssl->options.serverState = NULL_STATE;
wolfSSL	0:1239e9b70ca2	1491	ssl->options.clientState = NULL_STATE;
wolfSSL	0:1239e9b70ca2	1492	ssl->options.connectState = CONNECT_BEGIN;
wolfSSL	0:1239e9b70ca2	1493	ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL	0:1239e9b70ca2	1494	ssl->options.handShakeState = NULL_STATE;
wolfSSL	0:1239e9b70ca2	1495	ssl->options.processReply = doProcessInit;
wolfSSL	0:1239e9b70ca2	1496
wolfSSL	0:1239e9b70ca2	1497	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1498	ssl->keys.dtls_sequence_number = 0;
wolfSSL	0:1239e9b70ca2	1499	ssl->keys.dtls_state.curSeq = 0;
wolfSSL	0:1239e9b70ca2	1500	ssl->keys.dtls_state.nextSeq = 0;
wolfSSL	0:1239e9b70ca2	1501	ssl->keys.dtls_handshake_number = 0;
wolfSSL	0:1239e9b70ca2	1502	ssl->keys.dtls_expected_peer_handshake_number = 0;
wolfSSL	0:1239e9b70ca2	1503	ssl->keys.dtls_epoch = 0;
wolfSSL	0:1239e9b70ca2	1504	ssl->keys.dtls_state.curEpoch = 0;
wolfSSL	0:1239e9b70ca2	1505	ssl->keys.dtls_state.nextEpoch = 0;
wolfSSL	0:1239e9b70ca2	1506	ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
wolfSSL	0:1239e9b70ca2	1507	ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
wolfSSL	0:1239e9b70ca2	1508	ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL	0:1239e9b70ca2	1509	ssl->dtls_pool = NULL;
wolfSSL	0:1239e9b70ca2	1510	ssl->dtls_msg_list = NULL;
wolfSSL	0:1239e9b70ca2	1511	#endif
wolfSSL	0:1239e9b70ca2	1512	ssl->keys.encryptSz = 0;
wolfSSL	0:1239e9b70ca2	1513	ssl->keys.padSz = 0;
wolfSSL	0:1239e9b70ca2	1514	ssl->keys.encryptionOn = 0; /* initially off */
wolfSSL	0:1239e9b70ca2	1515	ssl->keys.decryptedCur = 0; /* initially off */
wolfSSL	0:1239e9b70ca2	1516	ssl->options.sessionCacheOff = ctx->sessionCacheOff;
wolfSSL	0:1239e9b70ca2	1517	ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
wolfSSL	0:1239e9b70ca2	1518
wolfSSL	0:1239e9b70ca2	1519	ssl->options.verifyPeer = ctx->verifyPeer;
wolfSSL	0:1239e9b70ca2	1520	ssl->options.verifyNone = ctx->verifyNone;
wolfSSL	0:1239e9b70ca2	1521	ssl->options.failNoCert = ctx->failNoCert;
wolfSSL	0:1239e9b70ca2	1522	ssl->options.sendVerify = ctx->sendVerify;
wolfSSL	0:1239e9b70ca2	1523
wolfSSL	0:1239e9b70ca2	1524	ssl->options.resuming = 0;
wolfSSL	0:1239e9b70ca2	1525	ssl->options.haveSessionId = 0;
wolfSSL	0:1239e9b70ca2	1526	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1527	ssl->hmac = SSL_hmac; /* default to SSLv3 */
wolfSSL	0:1239e9b70ca2	1528	#else
wolfSSL	0:1239e9b70ca2	1529	ssl->hmac = TLS_hmac;
wolfSSL	0:1239e9b70ca2	1530	#endif
wolfSSL	0:1239e9b70ca2	1531	ssl->heap = ctx->heap; /* defaults to self */
wolfSSL	0:1239e9b70ca2	1532	ssl->options.tls = 0;
wolfSSL	0:1239e9b70ca2	1533	ssl->options.tls1_1 = 0;
wolfSSL	0:1239e9b70ca2	1534	ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
wolfSSL	0:1239e9b70ca2	1535	ssl->options.partialWrite = ctx->partialWrite;
wolfSSL	0:1239e9b70ca2	1536	ssl->options.quietShutdown = ctx->quietShutdown;
wolfSSL	0:1239e9b70ca2	1537	ssl->options.certOnly = 0;
wolfSSL	0:1239e9b70ca2	1538	ssl->options.groupMessages = ctx->groupMessages;
wolfSSL	0:1239e9b70ca2	1539	ssl->options.usingNonblock = 0;
wolfSSL	0:1239e9b70ca2	1540	ssl->options.saveArrays = 0;
wolfSSL	0:1239e9b70ca2	1541
wolfSSL	0:1239e9b70ca2	1542	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1543	/* ctx still owns certificate, certChain, key, dh, and cm */
wolfSSL	0:1239e9b70ca2	1544	ssl->buffers.certificate = ctx->certificate;
wolfSSL	0:1239e9b70ca2	1545	ssl->buffers.certChain = ctx->certChain;
wolfSSL	0:1239e9b70ca2	1546	ssl->buffers.key = ctx->privateKey;
wolfSSL	0:1239e9b70ca2	1547	if (ssl->options.side == CYASSL_SERVER_END) {
wolfSSL	0:1239e9b70ca2	1548	ssl->buffers.serverDH_P = ctx->serverDH_P;
wolfSSL	0:1239e9b70ca2	1549	ssl->buffers.serverDH_G = ctx->serverDH_G;
wolfSSL	0:1239e9b70ca2	1550	}
wolfSSL	0:1239e9b70ca2	1551	#endif
wolfSSL	0:1239e9b70ca2	1552	ssl->buffers.weOwnCert = 0;
wolfSSL	0:1239e9b70ca2	1553	ssl->buffers.weOwnKey = 0;
wolfSSL	0:1239e9b70ca2	1554	ssl->buffers.weOwnDH = 0;
wolfSSL	0:1239e9b70ca2	1555
wolfSSL	0:1239e9b70ca2	1556	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1557	ssl->buffers.dtlsCtx.fd = -1;
wolfSSL	0:1239e9b70ca2	1558	ssl->buffers.dtlsCtx.peer.sa = NULL;
wolfSSL	0:1239e9b70ca2	1559	ssl->buffers.dtlsCtx.peer.sz = 0;
wolfSSL	0:1239e9b70ca2	1560	#endif
wolfSSL	0:1239e9b70ca2	1561
wolfSSL	0:1239e9b70ca2	1562	#ifdef KEEP_PEER_CERT
wolfSSL	0:1239e9b70ca2	1563	ssl->peerCert.issuer.sz = 0;
wolfSSL	0:1239e9b70ca2	1564	ssl->peerCert.subject.sz = 0;
wolfSSL	0:1239e9b70ca2	1565	#endif
wolfSSL	0:1239e9b70ca2	1566
wolfSSL	0:1239e9b70ca2	1567	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	1568	ssl->session.chain.count = 0;
wolfSSL	0:1239e9b70ca2	1569	#endif
wolfSSL	0:1239e9b70ca2	1570
wolfSSL	0:1239e9b70ca2	1571	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	1572	ssl->session.idLen = 0;
wolfSSL	0:1239e9b70ca2	1573	#endif
wolfSSL	0:1239e9b70ca2	1574
wolfSSL	0:1239e9b70ca2	1575	ssl->cipher.ssl = ssl;
wolfSSL	0:1239e9b70ca2	1576
wolfSSL	0:1239e9b70ca2	1577	#ifdef FORTRESS
wolfSSL	0:1239e9b70ca2	1578	ssl->ex_data[0] = 0;
wolfSSL	0:1239e9b70ca2	1579	ssl->ex_data[1] = 0;
wolfSSL	0:1239e9b70ca2	1580	ssl->ex_data[2] = 0;
wolfSSL	0:1239e9b70ca2	1581	#endif
wolfSSL	0:1239e9b70ca2	1582
wolfSSL	0:1239e9b70ca2	1583	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	1584	ssl->hsInfoOn = 0;
wolfSSL	0:1239e9b70ca2	1585	ssl->toInfoOn = 0;
wolfSSL	0:1239e9b70ca2	1586	#endif
wolfSSL	0:1239e9b70ca2	1587
wolfSSL	0:1239e9b70ca2	1588	#ifdef HAVE_CAVIUM
wolfSSL	0:1239e9b70ca2	1589	ssl->devId = ctx->devId;
wolfSSL	0:1239e9b70ca2	1590	#endif
wolfSSL	0:1239e9b70ca2	1591
wolfSSL	0:1239e9b70ca2	1592	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	1593	ssl->extensions = NULL;
wolfSSL	0:1239e9b70ca2	1594	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	0:1239e9b70ca2	1595	ssl->max_fragment = MAX_RECORD_SIZE;
wolfSSL	0:1239e9b70ca2	1596	#endif
wolfSSL	0:1239e9b70ca2	1597	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	0:1239e9b70ca2	1598	ssl->truncated_hmac = 0;
wolfSSL	0:1239e9b70ca2	1599	#endif
wolfSSL	0:1239e9b70ca2	1600	#endif
wolfSSL	0:1239e9b70ca2	1601
wolfSSL	0:1239e9b70ca2	1602	ssl->rng = NULL;
wolfSSL	0:1239e9b70ca2	1603	ssl->arrays = NULL;
wolfSSL	0:1239e9b70ca2	1604
wolfSSL	0:1239e9b70ca2	1605	/* default alert state (none) */
wolfSSL	0:1239e9b70ca2	1606	ssl->alert_history.last_rx.code = -1;
wolfSSL	0:1239e9b70ca2	1607	ssl->alert_history.last_rx.level = -1;
wolfSSL	0:1239e9b70ca2	1608	ssl->alert_history.last_tx.code = -1;
wolfSSL	0:1239e9b70ca2	1609	ssl->alert_history.last_tx.level = -1;
wolfSSL	0:1239e9b70ca2	1610
wolfSSL	0:1239e9b70ca2	1611	InitCiphers(ssl);
wolfSSL	0:1239e9b70ca2	1612	InitCipherSpecs(&ssl->specs);
wolfSSL	0:1239e9b70ca2	1613	#ifdef ATOMIC_USER
wolfSSL	0:1239e9b70ca2	1614	ssl->MacEncryptCtx = NULL;
wolfSSL	0:1239e9b70ca2	1615	ssl->DecryptVerifyCtx = NULL;
wolfSSL	0:1239e9b70ca2	1616	#endif
wolfSSL	0:1239e9b70ca2	1617	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	1618	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1619	ssl->EccSignCtx = NULL;
wolfSSL	0:1239e9b70ca2	1620	ssl->EccVerifyCtx = NULL;
wolfSSL	0:1239e9b70ca2	1621	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	1622	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1623	ssl->RsaSignCtx = NULL;
wolfSSL	0:1239e9b70ca2	1624	ssl->RsaVerifyCtx = NULL;
wolfSSL	0:1239e9b70ca2	1625	ssl->RsaEncCtx = NULL;
wolfSSL	0:1239e9b70ca2	1626	ssl->RsaDecCtx = NULL;
wolfSSL	0:1239e9b70ca2	1627	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	1628	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	0:1239e9b70ca2	1629
wolfSSL	0:1239e9b70ca2	1630	/* all done with init, now can return errors, call other stuff */
wolfSSL	0:1239e9b70ca2	1631
wolfSSL	0:1239e9b70ca2	1632	/* increment CTX reference count */
wolfSSL	0:1239e9b70ca2	1633	if (LockMutex(&ctx->countMutex) != 0) {
wolfSSL	0:1239e9b70ca2	1634	CYASSL_MSG("Couldn't lock CTX count mutex");
wolfSSL	0:1239e9b70ca2	1635	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	1636	}
wolfSSL	0:1239e9b70ca2	1637	ctx->refCount++;
wolfSSL	0:1239e9b70ca2	1638	UnLockMutex(&ctx->countMutex);
wolfSSL	0:1239e9b70ca2	1639
wolfSSL	0:1239e9b70ca2	1640	/* arrays */
wolfSSL	0:1239e9b70ca2	1641	ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
wolfSSL	0:1239e9b70ca2	1642	DYNAMIC_TYPE_ARRAYS);
wolfSSL	0:1239e9b70ca2	1643	if (ssl->arrays == NULL) {
wolfSSL	0:1239e9b70ca2	1644	CYASSL_MSG("Arrays Memory error");
wolfSSL	0:1239e9b70ca2	1645	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1646	}
wolfSSL	0:1239e9b70ca2	1647	XMEMSET(ssl->arrays, 0, sizeof(Arrays));
wolfSSL	0:1239e9b70ca2	1648
wolfSSL	0:1239e9b70ca2	1649	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	1650	ssl->arrays->client_identity[0] = 0;
wolfSSL	0:1239e9b70ca2	1651	if (ctx->server_hint[0]) { /* set in CTX */
wolfSSL	0:1239e9b70ca2	1652	XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint, MAX_PSK_ID_LEN);
wolfSSL	0:1239e9b70ca2	1653	ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL	0:1239e9b70ca2	1654	}
wolfSSL	0:1239e9b70ca2	1655	else
wolfSSL	0:1239e9b70ca2	1656	ssl->arrays->server_hint[0] = 0;
wolfSSL	0:1239e9b70ca2	1657	#endif /* NO_PSK */
wolfSSL	0:1239e9b70ca2	1658
wolfSSL	0:1239e9b70ca2	1659	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1660	ssl->arrays->cookieSz = 0;
wolfSSL	0:1239e9b70ca2	1661	#endif
wolfSSL	0:1239e9b70ca2	1662
wolfSSL	0:1239e9b70ca2	1663	/* RNG */
wolfSSL	0:1239e9b70ca2	1664	ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL	0:1239e9b70ca2	1665	if (ssl->rng == NULL) {
wolfSSL	0:1239e9b70ca2	1666	CYASSL_MSG("RNG Memory error");
wolfSSL	0:1239e9b70ca2	1667	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1668	}
wolfSSL	0:1239e9b70ca2	1669
wolfSSL	0:1239e9b70ca2	1670	if ( (ret = InitRng(ssl->rng)) != 0) {
wolfSSL	0:1239e9b70ca2	1671	CYASSL_MSG("RNG Init error");
wolfSSL	0:1239e9b70ca2	1672	return ret;
wolfSSL	0:1239e9b70ca2	1673	}
wolfSSL	0:1239e9b70ca2	1674
wolfSSL	0:1239e9b70ca2	1675	/* suites */
wolfSSL	0:1239e9b70ca2	1676	ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
wolfSSL	0:1239e9b70ca2	1677	DYNAMIC_TYPE_SUITES);
wolfSSL	0:1239e9b70ca2	1678	if (ssl->suites == NULL) {
wolfSSL	0:1239e9b70ca2	1679	CYASSL_MSG("Suites Memory error");
wolfSSL	0:1239e9b70ca2	1680	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1681	}
wolfSSL	0:1239e9b70ca2	1682	*ssl->suites = ctx->suites;
wolfSSL	0:1239e9b70ca2	1683
wolfSSL	0:1239e9b70ca2	1684	/* peer key */
wolfSSL	0:1239e9b70ca2	1685	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1686	ssl->peerRsaKey = (RsaKey*)XMALLOC(sizeof(RsaKey), ssl->heap,
wolfSSL	0:1239e9b70ca2	1687	DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	1688	if (ssl->peerRsaKey == NULL) {
wolfSSL	0:1239e9b70ca2	1689	CYASSL_MSG("PeerRsaKey Memory error");
wolfSSL	0:1239e9b70ca2	1690	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1691	}
wolfSSL	0:1239e9b70ca2	1692	ret = InitRsaKey(ssl->peerRsaKey, ctx->heap);
wolfSSL	0:1239e9b70ca2	1693	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	1694	#endif
wolfSSL	0:1239e9b70ca2	1695	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1696	/* make sure server has cert and key unless using PSK */
wolfSSL	0:1239e9b70ca2	1697	if (ssl->options.side == CYASSL_SERVER_END && !havePSK)
wolfSSL	0:1239e9b70ca2	1698	if (!ssl->buffers.certificate.buffer \|\| !ssl->buffers.key.buffer) {
wolfSSL	0:1239e9b70ca2	1699	CYASSL_MSG("Server missing certificate and/or private key");
wolfSSL	0:1239e9b70ca2	1700	return NO_PRIVATE_KEY;
wolfSSL	0:1239e9b70ca2	1701	}
wolfSSL	0:1239e9b70ca2	1702	#endif
wolfSSL	0:1239e9b70ca2	1703	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1704	ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	0:1239e9b70ca2	1705	ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1706	if (ssl->peerEccKey == NULL) {
wolfSSL	0:1239e9b70ca2	1707	CYASSL_MSG("PeerEccKey Memory error");
wolfSSL	0:1239e9b70ca2	1708	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1709	}
wolfSSL	0:1239e9b70ca2	1710	ssl->peerEccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	0:1239e9b70ca2	1711	ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1712	if (ssl->peerEccDsaKey == NULL) {
wolfSSL	0:1239e9b70ca2	1713	CYASSL_MSG("PeerEccDsaKey Memory error");
wolfSSL	0:1239e9b70ca2	1714	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1715	}
wolfSSL	0:1239e9b70ca2	1716	ssl->eccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	0:1239e9b70ca2	1717	ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1718	if (ssl->eccDsaKey == NULL) {
wolfSSL	0:1239e9b70ca2	1719	CYASSL_MSG("EccDsaKey Memory error");
wolfSSL	0:1239e9b70ca2	1720	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1721	}
wolfSSL	0:1239e9b70ca2	1722	ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL	0:1239e9b70ca2	1723	ctx->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1724	if (ssl->eccTempKey == NULL) {
wolfSSL	0:1239e9b70ca2	1725	CYASSL_MSG("EccTempKey Memory error");
wolfSSL	0:1239e9b70ca2	1726	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1727	}
wolfSSL	0:1239e9b70ca2	1728	ecc_init(ssl->peerEccKey);
wolfSSL	0:1239e9b70ca2	1729	ecc_init(ssl->peerEccDsaKey);
wolfSSL	0:1239e9b70ca2	1730	ecc_init(ssl->eccDsaKey);
wolfSSL	0:1239e9b70ca2	1731	ecc_init(ssl->eccTempKey);
wolfSSL	0:1239e9b70ca2	1732	#endif
wolfSSL	0:1239e9b70ca2	1733
wolfSSL	0:1239e9b70ca2	1734	/* make sure server has DH parms, and add PSK if there, add NTRU too */
wolfSSL	0:1239e9b70ca2	1735	if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL	0:1239e9b70ca2	1736	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL	0:1239e9b70ca2	1737	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	0:1239e9b70ca2	1738	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL	0:1239e9b70ca2	1739	ssl->options.side);
wolfSSL	0:1239e9b70ca2	1740	else
wolfSSL	0:1239e9b70ca2	1741	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, TRUE,
wolfSSL	0:1239e9b70ca2	1742	ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL	0:1239e9b70ca2	1743	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	0:1239e9b70ca2	1744
wolfSSL	0:1239e9b70ca2	1745	return 0;
wolfSSL	0:1239e9b70ca2	1746	}
wolfSSL	0:1239e9b70ca2	1747
wolfSSL	0:1239e9b70ca2	1748
wolfSSL	0:1239e9b70ca2	1749	/* free use of temporary arrays */
wolfSSL	0:1239e9b70ca2	1750	void FreeArrays(CYASSL* ssl, int keep)
wolfSSL	0:1239e9b70ca2	1751	{
wolfSSL	0:1239e9b70ca2	1752	if (ssl->arrays && keep) {
wolfSSL	0:1239e9b70ca2	1753	/* keeps session id for user retrieval */
wolfSSL	0:1239e9b70ca2	1754	XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN);
wolfSSL	0:1239e9b70ca2	1755	}
wolfSSL	0:1239e9b70ca2	1756	XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL	0:1239e9b70ca2	1757	ssl->arrays = NULL;
wolfSSL	0:1239e9b70ca2	1758	}
wolfSSL	0:1239e9b70ca2	1759
wolfSSL	0:1239e9b70ca2	1760
wolfSSL	0:1239e9b70ca2	1761	/* In case holding SSL object in array and don't want to free actual ssl */
wolfSSL	0:1239e9b70ca2	1762	void SSL_ResourceFree(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1763	{
wolfSSL	0:1239e9b70ca2	1764	FreeCiphers(ssl);
wolfSSL	0:1239e9b70ca2	1765	FreeArrays(ssl, 0);
wolfSSL	0:1239e9b70ca2	1766	XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL	0:1239e9b70ca2	1767	XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL	0:1239e9b70ca2	1768	XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL	0:1239e9b70ca2	1769
wolfSSL	0:1239e9b70ca2	1770	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1771	XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	1772	XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	1773	/* parameters (p,g) may be owned by ctx */
wolfSSL	0:1239e9b70ca2	1774	if (ssl->buffers.weOwnDH \|\| ssl->options.side == CYASSL_CLIENT_END) {
wolfSSL	0:1239e9b70ca2	1775	XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	1776	XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	1777	}
wolfSSL	0:1239e9b70ca2	1778
wolfSSL	0:1239e9b70ca2	1779	/* CYASSL_CTX always owns certChain */
wolfSSL	0:1239e9b70ca2	1780	if (ssl->buffers.weOwnCert)
wolfSSL	0:1239e9b70ca2	1781	XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	1782	if (ssl->buffers.weOwnKey)
wolfSSL	0:1239e9b70ca2	1783	XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
wolfSSL	0:1239e9b70ca2	1784	#endif
wolfSSL	0:1239e9b70ca2	1785	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1786	if (ssl->peerRsaKey) {
wolfSSL	0:1239e9b70ca2	1787	FreeRsaKey(ssl->peerRsaKey);
wolfSSL	0:1239e9b70ca2	1788	XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	1789	}
wolfSSL	0:1239e9b70ca2	1790	#endif
wolfSSL	0:1239e9b70ca2	1791	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	0:1239e9b70ca2	1792	ShrinkInputBuffer(ssl, FORCED_FREE);
wolfSSL	0:1239e9b70ca2	1793	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	0:1239e9b70ca2	1794	ShrinkOutputBuffer(ssl);
wolfSSL	0:1239e9b70ca2	1795	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1796	if (ssl->dtls_pool != NULL) {
wolfSSL	0:1239e9b70ca2	1797	DtlsPoolReset(ssl);
wolfSSL	0:1239e9b70ca2	1798	XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_NONE);
wolfSSL	0:1239e9b70ca2	1799	}
wolfSSL	0:1239e9b70ca2	1800	if (ssl->dtls_msg_list != NULL) {
wolfSSL	0:1239e9b70ca2	1801	DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
wolfSSL	0:1239e9b70ca2	1802	ssl->dtls_msg_list = NULL;
wolfSSL	0:1239e9b70ca2	1803	}
wolfSSL	0:1239e9b70ca2	1804	XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL	0:1239e9b70ca2	1805	ssl->buffers.dtlsCtx.peer.sa = NULL;
wolfSSL	0:1239e9b70ca2	1806	#endif
wolfSSL	0:1239e9b70ca2	1807	#if defined(KEEP_PEER_CERT) \|\| defined(GOAHEAD_WS)
wolfSSL	0:1239e9b70ca2	1808	FreeX509(&ssl->peerCert);
wolfSSL	0:1239e9b70ca2	1809	#endif
wolfSSL	0:1239e9b70ca2	1810	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	0:1239e9b70ca2	1811	CyaSSL_BIO_free(ssl->biord);
wolfSSL	0:1239e9b70ca2	1812	if (ssl->biord != ssl->biowr) /* in case same as write */
wolfSSL	0:1239e9b70ca2	1813	CyaSSL_BIO_free(ssl->biowr);
wolfSSL	0:1239e9b70ca2	1814	#endif
wolfSSL	0:1239e9b70ca2	1815	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	1816	FreeStreams(ssl);
wolfSSL	0:1239e9b70ca2	1817	#endif
wolfSSL	0:1239e9b70ca2	1818	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1819	if (ssl->peerEccKey) {
wolfSSL	0:1239e9b70ca2	1820	if (ssl->peerEccKeyPresent)
wolfSSL	0:1239e9b70ca2	1821	ecc_free(ssl->peerEccKey);
wolfSSL	0:1239e9b70ca2	1822	XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1823	}
wolfSSL	0:1239e9b70ca2	1824	if (ssl->peerEccDsaKey) {
wolfSSL	0:1239e9b70ca2	1825	if (ssl->peerEccDsaKeyPresent)
wolfSSL	0:1239e9b70ca2	1826	ecc_free(ssl->peerEccDsaKey);
wolfSSL	0:1239e9b70ca2	1827	XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1828	}
wolfSSL	0:1239e9b70ca2	1829	if (ssl->eccTempKey) {
wolfSSL	0:1239e9b70ca2	1830	if (ssl->eccTempKeyPresent)
wolfSSL	0:1239e9b70ca2	1831	ecc_free(ssl->eccTempKey);
wolfSSL	0:1239e9b70ca2	1832	XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1833	}
wolfSSL	0:1239e9b70ca2	1834	if (ssl->eccDsaKey) {
wolfSSL	0:1239e9b70ca2	1835	if (ssl->eccDsaKeyPresent)
wolfSSL	0:1239e9b70ca2	1836	ecc_free(ssl->eccDsaKey);
wolfSSL	0:1239e9b70ca2	1837	XFREE(ssl->eccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1838	}
wolfSSL	0:1239e9b70ca2	1839	#endif
wolfSSL	0:1239e9b70ca2	1840	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	1841	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1842	XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1843	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	1844	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1845	XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	1846	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	1847	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	0:1239e9b70ca2	1848	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	1849	TLSX_FreeAll(ssl->extensions);
wolfSSL	0:1239e9b70ca2	1850	#endif
wolfSSL	0:1239e9b70ca2	1851	#ifdef HAVE_NETX
wolfSSL	0:1239e9b70ca2	1852	if (ssl->nxCtx.nxPacket)
wolfSSL	0:1239e9b70ca2	1853	nx_packet_release(ssl->nxCtx.nxPacket);
wolfSSL	0:1239e9b70ca2	1854	#endif
wolfSSL	0:1239e9b70ca2	1855	}
wolfSSL	0:1239e9b70ca2	1856
wolfSSL	0:1239e9b70ca2	1857
wolfSSL	0:1239e9b70ca2	1858	/* Free any handshake resources no longer needed */
wolfSSL	0:1239e9b70ca2	1859	void FreeHandshakeResources(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1860	{
wolfSSL	0:1239e9b70ca2	1861	/* input buffer */
wolfSSL	0:1239e9b70ca2	1862	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	0:1239e9b70ca2	1863	ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL	0:1239e9b70ca2	1864
wolfSSL	0:1239e9b70ca2	1865	/* suites */
wolfSSL	0:1239e9b70ca2	1866	XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL	0:1239e9b70ca2	1867	ssl->suites = NULL;
wolfSSL	0:1239e9b70ca2	1868
wolfSSL	0:1239e9b70ca2	1869	/* RNG */
wolfSSL	0:1239e9b70ca2	1870	if (ssl->specs.cipher_type == stream \|\| ssl->options.tls1_1 == 0) {
wolfSSL	0:1239e9b70ca2	1871	XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL	0:1239e9b70ca2	1872	ssl->rng = NULL;
wolfSSL	0:1239e9b70ca2	1873	}
wolfSSL	0:1239e9b70ca2	1874
wolfSSL	0:1239e9b70ca2	1875	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1876	/* DTLS_POOL */
wolfSSL	0:1239e9b70ca2	1877	if (ssl->options.dtls && ssl->dtls_pool != NULL) {
wolfSSL	0:1239e9b70ca2	1878	DtlsPoolReset(ssl);
wolfSSL	0:1239e9b70ca2	1879	XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
wolfSSL	0:1239e9b70ca2	1880	ssl->dtls_pool = NULL;
wolfSSL	0:1239e9b70ca2	1881	}
wolfSSL	0:1239e9b70ca2	1882	#endif
wolfSSL	0:1239e9b70ca2	1883
wolfSSL	0:1239e9b70ca2	1884	/* arrays */
wolfSSL	0:1239e9b70ca2	1885	if (ssl->options.saveArrays)
wolfSSL	0:1239e9b70ca2	1886	FreeArrays(ssl, 1);
wolfSSL	0:1239e9b70ca2	1887
wolfSSL	0:1239e9b70ca2	1888	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1889	/* peerRsaKey */
wolfSSL	0:1239e9b70ca2	1890	if (ssl->peerRsaKey) {
wolfSSL	0:1239e9b70ca2	1891	FreeRsaKey(ssl->peerRsaKey);
wolfSSL	0:1239e9b70ca2	1892	XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	1893	ssl->peerRsaKey = NULL;
wolfSSL	0:1239e9b70ca2	1894	}
wolfSSL	0:1239e9b70ca2	1895	#endif
wolfSSL	0:1239e9b70ca2	1896
wolfSSL	0:1239e9b70ca2	1897	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1898	if (ssl->peerEccKey)
wolfSSL	0:1239e9b70ca2	1899	{
wolfSSL	0:1239e9b70ca2	1900	if (ssl->peerEccKeyPresent) {
wolfSSL	0:1239e9b70ca2	1901	ecc_free(ssl->peerEccKey);
wolfSSL	0:1239e9b70ca2	1902	ssl->peerEccKeyPresent = 0;
wolfSSL	0:1239e9b70ca2	1903	}
wolfSSL	0:1239e9b70ca2	1904	XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1905	ssl->peerEccKey = NULL;
wolfSSL	0:1239e9b70ca2	1906	}
wolfSSL	0:1239e9b70ca2	1907	if (ssl->peerEccDsaKey)
wolfSSL	0:1239e9b70ca2	1908	{
wolfSSL	0:1239e9b70ca2	1909	if (ssl->peerEccDsaKeyPresent) {
wolfSSL	0:1239e9b70ca2	1910	ecc_free(ssl->peerEccDsaKey);
wolfSSL	0:1239e9b70ca2	1911	ssl->peerEccDsaKeyPresent = 0;
wolfSSL	0:1239e9b70ca2	1912	}
wolfSSL	0:1239e9b70ca2	1913	XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1914	ssl->peerEccDsaKey = NULL;
wolfSSL	0:1239e9b70ca2	1915	}
wolfSSL	0:1239e9b70ca2	1916	if (ssl->eccTempKey)
wolfSSL	0:1239e9b70ca2	1917	{
wolfSSL	0:1239e9b70ca2	1918	if (ssl->eccTempKeyPresent) {
wolfSSL	0:1239e9b70ca2	1919	ecc_free(ssl->eccTempKey);
wolfSSL	0:1239e9b70ca2	1920	ssl->eccTempKeyPresent = 0;
wolfSSL	0:1239e9b70ca2	1921	}
wolfSSL	0:1239e9b70ca2	1922	XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1923	ssl->eccTempKey = NULL;
wolfSSL	0:1239e9b70ca2	1924	}
wolfSSL	0:1239e9b70ca2	1925	if (ssl->eccDsaKey)
wolfSSL	0:1239e9b70ca2	1926	{
wolfSSL	0:1239e9b70ca2	1927	if (ssl->eccDsaKeyPresent) {
wolfSSL	0:1239e9b70ca2	1928	ecc_free(ssl->eccDsaKey);
wolfSSL	0:1239e9b70ca2	1929	ssl->eccDsaKeyPresent = 0;
wolfSSL	0:1239e9b70ca2	1930	}
wolfSSL	0:1239e9b70ca2	1931	XFREE(ssl->eccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1932	ssl->eccDsaKey = NULL;
wolfSSL	0:1239e9b70ca2	1933	}
wolfSSL	0:1239e9b70ca2	1934	#endif
wolfSSL	0:1239e9b70ca2	1935	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	1936	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	1937	XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	1938	ssl->buffers.peerEccDsaKey.buffer = NULL;
wolfSSL	0:1239e9b70ca2	1939	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	1940	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	1941	XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	1942	ssl->buffers.peerRsaKey.buffer = NULL;
wolfSSL	0:1239e9b70ca2	1943	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	1944	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	0:1239e9b70ca2	1945	}
wolfSSL	0:1239e9b70ca2	1946
wolfSSL	0:1239e9b70ca2	1947
wolfSSL	0:1239e9b70ca2	1948	void FreeSSL(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1949	{
wolfSSL	0:1239e9b70ca2	1950	FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
wolfSSL	0:1239e9b70ca2	1951	SSL_ResourceFree(ssl);
wolfSSL	0:1239e9b70ca2	1952	XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL);
wolfSSL	0:1239e9b70ca2	1953	}
wolfSSL	0:1239e9b70ca2	1954
wolfSSL	0:1239e9b70ca2	1955
wolfSSL	0:1239e9b70ca2	1956	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	1957
wolfSSL	0:1239e9b70ca2	1958	int DtlsPoolInit(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1959	{
wolfSSL	0:1239e9b70ca2	1960	if (ssl->dtls_pool == NULL) {
wolfSSL	0:1239e9b70ca2	1961	DtlsPool pool = (DtlsPool)XMALLOC(sizeof(DtlsPool),
wolfSSL	0:1239e9b70ca2	1962	ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
wolfSSL	0:1239e9b70ca2	1963	if (pool == NULL) {
wolfSSL	0:1239e9b70ca2	1964	CYASSL_MSG("DTLS Buffer Pool Memory error");
wolfSSL	0:1239e9b70ca2	1965	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1966	}
wolfSSL	0:1239e9b70ca2	1967	else {
wolfSSL	0:1239e9b70ca2	1968	int i;
wolfSSL	0:1239e9b70ca2	1969
wolfSSL	0:1239e9b70ca2	1970	for (i = 0; i < DTLS_POOL_SZ; i++) {
wolfSSL	0:1239e9b70ca2	1971	pool->buf[i].length = 0;
wolfSSL	0:1239e9b70ca2	1972	pool->buf[i].buffer = NULL;
wolfSSL	0:1239e9b70ca2	1973	}
wolfSSL	0:1239e9b70ca2	1974	pool->used = 0;
wolfSSL	0:1239e9b70ca2	1975	ssl->dtls_pool = pool;
wolfSSL	0:1239e9b70ca2	1976	}
wolfSSL	0:1239e9b70ca2	1977	}
wolfSSL	0:1239e9b70ca2	1978	return 0;
wolfSSL	0:1239e9b70ca2	1979	}
wolfSSL	0:1239e9b70ca2	1980
wolfSSL	0:1239e9b70ca2	1981
wolfSSL	0:1239e9b70ca2	1982	int DtlsPoolSave(CYASSL* ssl, const byte *src, int sz)
wolfSSL	0:1239e9b70ca2	1983	{
wolfSSL	0:1239e9b70ca2	1984	DtlsPool *pool = ssl->dtls_pool;
wolfSSL	0:1239e9b70ca2	1985	if (pool != NULL && pool->used < DTLS_POOL_SZ) {
wolfSSL	0:1239e9b70ca2	1986	buffer *pBuf = &pool->buf[pool->used];
wolfSSL	0:1239e9b70ca2	1987	pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	0:1239e9b70ca2	1988	if (pBuf->buffer == NULL) {
wolfSSL	0:1239e9b70ca2	1989	CYASSL_MSG("DTLS Buffer Memory error");
wolfSSL	0:1239e9b70ca2	1990	return MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	1991	}
wolfSSL	0:1239e9b70ca2	1992	XMEMCPY(pBuf->buffer, src, sz);
wolfSSL	0:1239e9b70ca2	1993	pBuf->length = (word32)sz;
wolfSSL	0:1239e9b70ca2	1994	pool->used++;
wolfSSL	0:1239e9b70ca2	1995	}
wolfSSL	0:1239e9b70ca2	1996	return 0;
wolfSSL	0:1239e9b70ca2	1997	}
wolfSSL	0:1239e9b70ca2	1998
wolfSSL	0:1239e9b70ca2	1999
wolfSSL	0:1239e9b70ca2	2000	void DtlsPoolReset(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2001	{
wolfSSL	0:1239e9b70ca2	2002	DtlsPool *pool = ssl->dtls_pool;
wolfSSL	0:1239e9b70ca2	2003	if (pool != NULL) {
wolfSSL	0:1239e9b70ca2	2004	buffer *pBuf;
wolfSSL	0:1239e9b70ca2	2005	int i, used;
wolfSSL	0:1239e9b70ca2	2006
wolfSSL	0:1239e9b70ca2	2007	used = pool->used;
wolfSSL	0:1239e9b70ca2	2008	for (i = 0, pBuf = &pool->buf[0]; i < used; i++, pBuf++) {
wolfSSL	0:1239e9b70ca2	2009	XFREE(pBuf->buffer, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	0:1239e9b70ca2	2010	pBuf->buffer = NULL;
wolfSSL	0:1239e9b70ca2	2011	pBuf->length = 0;
wolfSSL	0:1239e9b70ca2	2012	}
wolfSSL	0:1239e9b70ca2	2013	pool->used = 0;
wolfSSL	0:1239e9b70ca2	2014	}
wolfSSL	0:1239e9b70ca2	2015	ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL	0:1239e9b70ca2	2016	}
wolfSSL	0:1239e9b70ca2	2017
wolfSSL	0:1239e9b70ca2	2018
wolfSSL	0:1239e9b70ca2	2019	int DtlsPoolTimeout(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2020	{
wolfSSL	0:1239e9b70ca2	2021	int result = -1;
wolfSSL	0:1239e9b70ca2	2022	if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
wolfSSL	0:1239e9b70ca2	2023	ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
wolfSSL	0:1239e9b70ca2	2024	result = 0;
wolfSSL	0:1239e9b70ca2	2025	}
wolfSSL	0:1239e9b70ca2	2026	return result;
wolfSSL	0:1239e9b70ca2	2027	}
wolfSSL	0:1239e9b70ca2	2028
wolfSSL	0:1239e9b70ca2	2029
wolfSSL	0:1239e9b70ca2	2030	int DtlsPoolSend(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2031	{
wolfSSL	0:1239e9b70ca2	2032	int ret;
wolfSSL	0:1239e9b70ca2	2033	DtlsPool *pool = ssl->dtls_pool;
wolfSSL	0:1239e9b70ca2	2034
wolfSSL	0:1239e9b70ca2	2035	if (pool != NULL && pool->used > 0) {
wolfSSL	0:1239e9b70ca2	2036	int i;
wolfSSL	0:1239e9b70ca2	2037	for (i = 0; i < pool->used; i++) {
wolfSSL	0:1239e9b70ca2	2038	int sendResult;
wolfSSL	0:1239e9b70ca2	2039	buffer* buf = &pool->buf[i];
wolfSSL	0:1239e9b70ca2	2040
wolfSSL	0:1239e9b70ca2	2041	DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)buf->buffer;
wolfSSL	0:1239e9b70ca2	2042
wolfSSL	0:1239e9b70ca2	2043	word16 message_epoch;
wolfSSL	0:1239e9b70ca2	2044	ato16(dtls->epoch, &message_epoch);
wolfSSL	0:1239e9b70ca2	2045	if (message_epoch == ssl->keys.dtls_epoch) {
wolfSSL	0:1239e9b70ca2	2046	/* Increment record sequence number on retransmitted handshake
wolfSSL	0:1239e9b70ca2	2047	* messages */
wolfSSL	0:1239e9b70ca2	2048	c32to48(ssl->keys.dtls_sequence_number, dtls->sequence_number);
wolfSSL	0:1239e9b70ca2	2049	ssl->keys.dtls_sequence_number++;
wolfSSL	0:1239e9b70ca2	2050	}
wolfSSL	0:1239e9b70ca2	2051	else {
wolfSSL	0:1239e9b70ca2	2052	/* The Finished message is sent with the next epoch, keep its
wolfSSL	0:1239e9b70ca2	2053	* sequence number */
wolfSSL	0:1239e9b70ca2	2054	}
wolfSSL	0:1239e9b70ca2	2055
wolfSSL	0:1239e9b70ca2	2056	if ((ret = CheckAvailableSize(ssl, buf->length)) != 0)
wolfSSL	0:1239e9b70ca2	2057	return ret;
wolfSSL	0:1239e9b70ca2	2058
wolfSSL	0:1239e9b70ca2	2059	XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length);
wolfSSL	0:1239e9b70ca2	2060	ssl->buffers.outputBuffer.idx = 0;
wolfSSL	0:1239e9b70ca2	2061	ssl->buffers.outputBuffer.length = buf->length;
wolfSSL	0:1239e9b70ca2	2062
wolfSSL	0:1239e9b70ca2	2063	sendResult = SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	2064	if (sendResult < 0) {
wolfSSL	0:1239e9b70ca2	2065	return sendResult;
wolfSSL	0:1239e9b70ca2	2066	}
wolfSSL	0:1239e9b70ca2	2067	}
wolfSSL	0:1239e9b70ca2	2068	}
wolfSSL	0:1239e9b70ca2	2069	return 0;
wolfSSL	0:1239e9b70ca2	2070	}
wolfSSL	0:1239e9b70ca2	2071
wolfSSL	0:1239e9b70ca2	2072
wolfSSL	0:1239e9b70ca2	2073	/* functions for managing DTLS datagram reordering */
wolfSSL	0:1239e9b70ca2	2074
wolfSSL	0:1239e9b70ca2	2075	/* Need to allocate space for the handshake message header. The hashing
wolfSSL	0:1239e9b70ca2	2076	* routines assume the message pointer is still within the buffer that
wolfSSL	0:1239e9b70ca2	2077	* has the headers, and will include those headers in the hash. The store
wolfSSL	0:1239e9b70ca2	2078	* routines need to take that into account as well. New will allocate
wolfSSL	0:1239e9b70ca2	2079	* extra space for the headers. */
wolfSSL	0:1239e9b70ca2	2080	DtlsMsg* DtlsMsgNew(word32 sz, void* heap)
wolfSSL	0:1239e9b70ca2	2081	{
wolfSSL	0:1239e9b70ca2	2082	DtlsMsg* msg = NULL;
wolfSSL	0:1239e9b70ca2	2083
wolfSSL	0:1239e9b70ca2	2084	msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL	0:1239e9b70ca2	2085
wolfSSL	0:1239e9b70ca2	2086	if (msg != NULL) {
wolfSSL	0:1239e9b70ca2	2087	msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL	0:1239e9b70ca2	2088	heap, DYNAMIC_TYPE_NONE);
wolfSSL	0:1239e9b70ca2	2089	if (msg->buf != NULL) {
wolfSSL	0:1239e9b70ca2	2090	msg->next = NULL;
wolfSSL	0:1239e9b70ca2	2091	msg->seq = 0;
wolfSSL	0:1239e9b70ca2	2092	msg->sz = sz;
wolfSSL	0:1239e9b70ca2	2093	msg->fragSz = 0;
wolfSSL	0:1239e9b70ca2	2094	msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	2095	}
wolfSSL	0:1239e9b70ca2	2096	else {
wolfSSL	0:1239e9b70ca2	2097	XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL	0:1239e9b70ca2	2098	msg = NULL;
wolfSSL	0:1239e9b70ca2	2099	}
wolfSSL	0:1239e9b70ca2	2100	}
wolfSSL	0:1239e9b70ca2	2101
wolfSSL	0:1239e9b70ca2	2102	return msg;
wolfSSL	0:1239e9b70ca2	2103	}
wolfSSL	0:1239e9b70ca2	2104
wolfSSL	0:1239e9b70ca2	2105	void DtlsMsgDelete(DtlsMsg* item, void* heap)
wolfSSL	0:1239e9b70ca2	2106	{
wolfSSL	0:1239e9b70ca2	2107	(void)heap;
wolfSSL	0:1239e9b70ca2	2108
wolfSSL	0:1239e9b70ca2	2109	if (item != NULL) {
wolfSSL	0:1239e9b70ca2	2110	if (item->buf != NULL)
wolfSSL	0:1239e9b70ca2	2111	XFREE(item->buf, heap, DYNAMIC_TYPE_NONE);
wolfSSL	0:1239e9b70ca2	2112	XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL	0:1239e9b70ca2	2113	}
wolfSSL	0:1239e9b70ca2	2114	}
wolfSSL	0:1239e9b70ca2	2115
wolfSSL	0:1239e9b70ca2	2116
wolfSSL	0:1239e9b70ca2	2117	void DtlsMsgListDelete(DtlsMsg* head, void* heap)
wolfSSL	0:1239e9b70ca2	2118	{
wolfSSL	0:1239e9b70ca2	2119	DtlsMsg* next;
wolfSSL	0:1239e9b70ca2	2120	while (head) {
wolfSSL	0:1239e9b70ca2	2121	next = head->next;
wolfSSL	0:1239e9b70ca2	2122	DtlsMsgDelete(head, heap);
wolfSSL	0:1239e9b70ca2	2123	head = next;
wolfSSL	0:1239e9b70ca2	2124	}
wolfSSL	0:1239e9b70ca2	2125	}
wolfSSL	0:1239e9b70ca2	2126
wolfSSL	0:1239e9b70ca2	2127
wolfSSL	0:1239e9b70ca2	2128	void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
wolfSSL	0:1239e9b70ca2	2129	word32 fragOffset, word32 fragSz)
wolfSSL	0:1239e9b70ca2	2130	{
wolfSSL	0:1239e9b70ca2	2131	if (msg != NULL && data != NULL && msg->fragSz <= msg->sz) {
wolfSSL	0:1239e9b70ca2	2132	msg->seq = seq;
wolfSSL	0:1239e9b70ca2	2133	msg->type = type;
wolfSSL	0:1239e9b70ca2	2134	msg->fragSz += fragSz;
wolfSSL	0:1239e9b70ca2	2135	/* If fragOffset is zero, this is either a full message that is out
wolfSSL	0:1239e9b70ca2	2136	* of order, or the first fragment of a fragmented message. Copy the
wolfSSL	0:1239e9b70ca2	2137	* handshake message header as well as the message data. */
wolfSSL	0:1239e9b70ca2	2138	if (fragOffset == 0)
wolfSSL	0:1239e9b70ca2	2139	XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL	0:1239e9b70ca2	2140	fragSz + DTLS_HANDSHAKE_HEADER_SZ);
wolfSSL	0:1239e9b70ca2	2141	else {
wolfSSL	0:1239e9b70ca2	2142	/* If fragOffet is non-zero, this is an additional fragment that
wolfSSL	0:1239e9b70ca2	2143	* needs to be copied to its location in the message buffer. Also
wolfSSL	0:1239e9b70ca2	2144	* copy the total size of the message over the fragment size. The
wolfSSL	0:1239e9b70ca2	2145	* hash routines look at a defragmented message if it had actually
wolfSSL	0:1239e9b70ca2	2146	* come across as a single handshake message. */
wolfSSL	0:1239e9b70ca2	2147	XMEMCPY(msg->msg + fragOffset, data, fragSz);
wolfSSL	0:1239e9b70ca2	2148	c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
wolfSSL	0:1239e9b70ca2	2149	}
wolfSSL	0:1239e9b70ca2	2150	}
wolfSSL	0:1239e9b70ca2	2151	}
wolfSSL	0:1239e9b70ca2	2152
wolfSSL	0:1239e9b70ca2	2153
wolfSSL	0:1239e9b70ca2	2154	DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq)
wolfSSL	0:1239e9b70ca2	2155	{
wolfSSL	0:1239e9b70ca2	2156	while (head != NULL && head->seq != seq) {
wolfSSL	0:1239e9b70ca2	2157	head = head->next;
wolfSSL	0:1239e9b70ca2	2158	}
wolfSSL	0:1239e9b70ca2	2159	return head;
wolfSSL	0:1239e9b70ca2	2160	}
wolfSSL	0:1239e9b70ca2	2161
wolfSSL	0:1239e9b70ca2	2162
wolfSSL	0:1239e9b70ca2	2163	DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data,
wolfSSL	0:1239e9b70ca2	2164	word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
wolfSSL	0:1239e9b70ca2	2165	{
wolfSSL	0:1239e9b70ca2	2166
wolfSSL	0:1239e9b70ca2	2167	/* See if seq exists in the list. If it isn't in the list, make
wolfSSL	0:1239e9b70ca2	2168	* a new item of size dataSz, copy fragSz bytes from data to msg->msg
wolfSSL	0:1239e9b70ca2	2169	* starting at offset fragOffset, and add fragSz to msg->fragSz. If
wolfSSL	0:1239e9b70ca2	2170	* the seq is in the list and it isn't full, copy fragSz bytes from
wolfSSL	0:1239e9b70ca2	2171	* data to msg->msg starting at offset fragOffset, and add fragSz to
wolfSSL	0:1239e9b70ca2	2172	* msg->fragSz. The new item should be inserted into the list in its
wolfSSL	0:1239e9b70ca2	2173	* proper position.
wolfSSL	0:1239e9b70ca2	2174	*
wolfSSL	0:1239e9b70ca2	2175	* 1. Find seq in list, or where seq should go in list. If seq not in
wolfSSL	0:1239e9b70ca2	2176	* list, create new item and insert into list. Either case, keep
wolfSSL	0:1239e9b70ca2	2177	* pointer to item.
wolfSSL	0:1239e9b70ca2	2178	* 2. If msg->fragSz + fragSz < sz, copy data to msg->msg at offset
wolfSSL	0:1239e9b70ca2	2179	* fragOffset. Add fragSz to msg->fragSz.
wolfSSL	0:1239e9b70ca2	2180	*/
wolfSSL	0:1239e9b70ca2	2181
wolfSSL	0:1239e9b70ca2	2182	if (head != NULL) {
wolfSSL	0:1239e9b70ca2	2183	DtlsMsg* cur = DtlsMsgFind(head, seq);
wolfSSL	0:1239e9b70ca2	2184	if (cur == NULL) {
wolfSSL	0:1239e9b70ca2	2185	cur = DtlsMsgNew(dataSz, heap);
wolfSSL	0:1239e9b70ca2	2186	if (cur != NULL) {
wolfSSL	0:1239e9b70ca2	2187	DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz);
wolfSSL	0:1239e9b70ca2	2188	head = DtlsMsgInsert(head, cur);
wolfSSL	0:1239e9b70ca2	2189	}
wolfSSL	0:1239e9b70ca2	2190	}
wolfSSL	0:1239e9b70ca2	2191	else {
wolfSSL	0:1239e9b70ca2	2192	DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz);
wolfSSL	0:1239e9b70ca2	2193	}
wolfSSL	0:1239e9b70ca2	2194	}
wolfSSL	0:1239e9b70ca2	2195	else {
wolfSSL	0:1239e9b70ca2	2196	head = DtlsMsgNew(dataSz, heap);
wolfSSL	0:1239e9b70ca2	2197	DtlsMsgSet(head, seq, data, type, fragOffset, fragSz);
wolfSSL	0:1239e9b70ca2	2198	}
wolfSSL	0:1239e9b70ca2	2199
wolfSSL	0:1239e9b70ca2	2200	return head;
wolfSSL	0:1239e9b70ca2	2201	}
wolfSSL	0:1239e9b70ca2	2202
wolfSSL	0:1239e9b70ca2	2203
wolfSSL	0:1239e9b70ca2	2204	/* DtlsMsgInsert() is an in-order insert. */
wolfSSL	0:1239e9b70ca2	2205	DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
wolfSSL	0:1239e9b70ca2	2206	{
wolfSSL	0:1239e9b70ca2	2207	if (head == NULL \|\| item->seq < head->seq) {
wolfSSL	0:1239e9b70ca2	2208	item->next = head;
wolfSSL	0:1239e9b70ca2	2209	head = item;
wolfSSL	0:1239e9b70ca2	2210	}
wolfSSL	0:1239e9b70ca2	2211	else if (head->next == NULL) {
wolfSSL	0:1239e9b70ca2	2212	head->next = item;
wolfSSL	0:1239e9b70ca2	2213	}
wolfSSL	0:1239e9b70ca2	2214	else {
wolfSSL	0:1239e9b70ca2	2215	DtlsMsg* cur = head->next;
wolfSSL	0:1239e9b70ca2	2216	DtlsMsg* prev = head;
wolfSSL	0:1239e9b70ca2	2217	while (cur) {
wolfSSL	0:1239e9b70ca2	2218	if (item->seq < cur->seq) {
wolfSSL	0:1239e9b70ca2	2219	item->next = cur;
wolfSSL	0:1239e9b70ca2	2220	prev->next = item;
wolfSSL	0:1239e9b70ca2	2221	break;
wolfSSL	0:1239e9b70ca2	2222	}
wolfSSL	0:1239e9b70ca2	2223	prev = cur;
wolfSSL	0:1239e9b70ca2	2224	cur = cur->next;
wolfSSL	0:1239e9b70ca2	2225	}
wolfSSL	0:1239e9b70ca2	2226	if (cur == NULL) {
wolfSSL	0:1239e9b70ca2	2227	prev->next = item;
wolfSSL	0:1239e9b70ca2	2228	}
wolfSSL	0:1239e9b70ca2	2229	}
wolfSSL	0:1239e9b70ca2	2230
wolfSSL	0:1239e9b70ca2	2231	return head;
wolfSSL	0:1239e9b70ca2	2232	}
wolfSSL	0:1239e9b70ca2	2233
wolfSSL	0:1239e9b70ca2	2234	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	2235
wolfSSL	0:1239e9b70ca2	2236	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	2237
wolfSSL	0:1239e9b70ca2	2238	ProtocolVersion MakeSSLv3(void)
wolfSSL	0:1239e9b70ca2	2239	{
wolfSSL	0:1239e9b70ca2	2240	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	2241	pv.major = SSLv3_MAJOR;
wolfSSL	0:1239e9b70ca2	2242	pv.minor = SSLv3_MINOR;
wolfSSL	0:1239e9b70ca2	2243
wolfSSL	0:1239e9b70ca2	2244	return pv;
wolfSSL	0:1239e9b70ca2	2245	}
wolfSSL	0:1239e9b70ca2	2246
wolfSSL	0:1239e9b70ca2	2247	#endif /* NO_OLD_TLS */
wolfSSL	0:1239e9b70ca2	2248
wolfSSL	0:1239e9b70ca2	2249
wolfSSL	0:1239e9b70ca2	2250	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2251
wolfSSL	0:1239e9b70ca2	2252	ProtocolVersion MakeDTLSv1(void)
wolfSSL	0:1239e9b70ca2	2253	{
wolfSSL	0:1239e9b70ca2	2254	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	2255	pv.major = DTLS_MAJOR;
wolfSSL	0:1239e9b70ca2	2256	pv.minor = DTLS_MINOR;
wolfSSL	0:1239e9b70ca2	2257
wolfSSL	0:1239e9b70ca2	2258	return pv;
wolfSSL	0:1239e9b70ca2	2259	}
wolfSSL	0:1239e9b70ca2	2260
wolfSSL	0:1239e9b70ca2	2261	ProtocolVersion MakeDTLSv1_2(void)
wolfSSL	0:1239e9b70ca2	2262	{
wolfSSL	0:1239e9b70ca2	2263	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	2264	pv.major = DTLS_MAJOR;
wolfSSL	0:1239e9b70ca2	2265	pv.minor = DTLSv1_2_MINOR;
wolfSSL	0:1239e9b70ca2	2266
wolfSSL	0:1239e9b70ca2	2267	return pv;
wolfSSL	0:1239e9b70ca2	2268	}
wolfSSL	0:1239e9b70ca2	2269
wolfSSL	0:1239e9b70ca2	2270	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	2271
wolfSSL	0:1239e9b70ca2	2272
wolfSSL	0:1239e9b70ca2	2273
wolfSSL	0:1239e9b70ca2	2274
wolfSSL	0:1239e9b70ca2	2275	#ifdef USE_WINDOWS_API
wolfSSL	0:1239e9b70ca2	2276
wolfSSL	0:1239e9b70ca2	2277	word32 LowResTimer(void)
wolfSSL	0:1239e9b70ca2	2278	{
wolfSSL	0:1239e9b70ca2	2279	static int init = 0;
wolfSSL	0:1239e9b70ca2	2280	static LARGE_INTEGER freq;
wolfSSL	0:1239e9b70ca2	2281	LARGE_INTEGER count;
wolfSSL	0:1239e9b70ca2	2282
wolfSSL	0:1239e9b70ca2	2283	if (!init) {
wolfSSL	0:1239e9b70ca2	2284	QueryPerformanceFrequency(&freq);
wolfSSL	0:1239e9b70ca2	2285	init = 1;
wolfSSL	0:1239e9b70ca2	2286	}
wolfSSL	0:1239e9b70ca2	2287
wolfSSL	0:1239e9b70ca2	2288	QueryPerformanceCounter(&count);
wolfSSL	0:1239e9b70ca2	2289
wolfSSL	0:1239e9b70ca2	2290	return (word32)(count.QuadPart / freq.QuadPart);
wolfSSL	0:1239e9b70ca2	2291	}
wolfSSL	0:1239e9b70ca2	2292
wolfSSL	0:1239e9b70ca2	2293	#elif defined(HAVE_RTP_SYS)
wolfSSL	0:1239e9b70ca2	2294
wolfSSL	0:1239e9b70ca2	2295	#include "rtptime.h"
wolfSSL	0:1239e9b70ca2	2296
wolfSSL	0:1239e9b70ca2	2297	word32 LowResTimer(void)
wolfSSL	0:1239e9b70ca2	2298	{
wolfSSL	0:1239e9b70ca2	2299	return (word32)rtp_get_system_sec();
wolfSSL	0:1239e9b70ca2	2300	}
wolfSSL	0:1239e9b70ca2	2301
wolfSSL	0:1239e9b70ca2	2302
wolfSSL	0:1239e9b70ca2	2303	#elif defined(MICRIUM)
wolfSSL	0:1239e9b70ca2	2304
wolfSSL	0:1239e9b70ca2	2305	word32 LowResTimer(void)
wolfSSL	0:1239e9b70ca2	2306	{
wolfSSL	0:1239e9b70ca2	2307	NET_SECURE_OS_TICK clk;
wolfSSL	0:1239e9b70ca2	2308
wolfSSL	0:1239e9b70ca2	2309	#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
wolfSSL	0:1239e9b70ca2	2310	clk = NetSecure_OS_TimeGet();
wolfSSL	0:1239e9b70ca2	2311	#endif
wolfSSL	0:1239e9b70ca2	2312	return (word32)clk;
wolfSSL	0:1239e9b70ca2	2313	}
wolfSSL	0:1239e9b70ca2	2314
wolfSSL	0:1239e9b70ca2	2315
wolfSSL	0:1239e9b70ca2	2316	#elif defined(MICROCHIP_TCPIP_V5)
wolfSSL	0:1239e9b70ca2	2317
wolfSSL	0:1239e9b70ca2	2318	word32 LowResTimer(void)
wolfSSL	0:1239e9b70ca2	2319	{
wolfSSL	0:1239e9b70ca2	2320	return (word32) TickGet();
wolfSSL	0:1239e9b70ca2	2321	}
wolfSSL	0:1239e9b70ca2	2322
wolfSSL	0:1239e9b70ca2	2323
wolfSSL	0:1239e9b70ca2	2324	#elif defined(MICROCHIP_TCPIP)
wolfSSL	0:1239e9b70ca2	2325
wolfSSL	0:1239e9b70ca2	2326	#if defined(MICROCHIP_MPLAB_HARMONY)
wolfSSL	0:1239e9b70ca2	2327
wolfSSL	0:1239e9b70ca2	2328	#include <system/tmr/sys_tmr.h>
wolfSSL	0:1239e9b70ca2	2329
wolfSSL	0:1239e9b70ca2	2330	word32 LowResTimer(void)
wolfSSL	0:1239e9b70ca2	2331	{
wolfSSL	0:1239e9b70ca2	2332	return (word32) SYS_TMR_TickCountGet();
wolfSSL	0:1239e9b70ca2	2333	}
wolfSSL	0:1239e9b70ca2	2334
wolfSSL	0:1239e9b70ca2	2335	#else
wolfSSL	0:1239e9b70ca2	2336
wolfSSL	0:1239e9b70ca2	2337	word32 LowResTimer(void)
wolfSSL	0:1239e9b70ca2	2338	{
wolfSSL	0:1239e9b70ca2	2339	return (word32) SYS_TICK_Get();
wolfSSL	0:1239e9b70ca2	2340	}
wolfSSL	0:1239e9b70ca2	2341
wolfSSL	0:1239e9b70ca2	2342	#endif
wolfSSL	0:1239e9b70ca2	2343
wolfSSL	0:1239e9b70ca2	2344	#elif defined(FREESCALE_MQX)
wolfSSL	0:1239e9b70ca2	2345
wolfSSL	0:1239e9b70ca2	2346	word32 LowResTimer(void)
wolfSSL	0:1239e9b70ca2	2347	{
wolfSSL	0:1239e9b70ca2	2348	TIME_STRUCT mqxTime;
wolfSSL	0:1239e9b70ca2	2349
wolfSSL	0:1239e9b70ca2	2350	_time_get_elapsed(&mqxTime);
wolfSSL	0:1239e9b70ca2	2351
wolfSSL	0:1239e9b70ca2	2352	return (word32) mqxTime.SECONDS;
wolfSSL	0:1239e9b70ca2	2353	}
wolfSSL	0:1239e9b70ca2	2354
wolfSSL	0:1239e9b70ca2	2355
wolfSSL	0:1239e9b70ca2	2356	#elif defined(USER_TICKS)
wolfSSL	0:1239e9b70ca2	2357	#if 0
wolfSSL	0:1239e9b70ca2	2358	word32 LowResTimer(void)
wolfSSL	0:1239e9b70ca2	2359	{
wolfSSL	0:1239e9b70ca2	2360	/*
wolfSSL	0:1239e9b70ca2	2361	write your own clock tick function if don't want time(0)
wolfSSL	0:1239e9b70ca2	2362	needs second accuracy but doesn't have to correlated to EPOCH
wolfSSL	0:1239e9b70ca2	2363	*/
wolfSSL	0:1239e9b70ca2	2364	}
wolfSSL	0:1239e9b70ca2	2365	#endif
wolfSSL	0:1239e9b70ca2	2366	#else /* !USE_WINDOWS_API && !HAVE_RTP_SYS && !MICRIUM && !USER_TICKS */
wolfSSL	0:1239e9b70ca2	2367
wolfSSL	0:1239e9b70ca2	2368	#include <time.h>
wolfSSL	0:1239e9b70ca2	2369
wolfSSL	0:1239e9b70ca2	2370	word32 LowResTimer(void)
wolfSSL	0:1239e9b70ca2	2371	{
wolfSSL	0:1239e9b70ca2	2372	return (word32)time(0);
wolfSSL	0:1239e9b70ca2	2373	}
wolfSSL	0:1239e9b70ca2	2374
wolfSSL	0:1239e9b70ca2	2375
wolfSSL	0:1239e9b70ca2	2376	#endif /* USE_WINDOWS_API */
wolfSSL	0:1239e9b70ca2	2377
wolfSSL	0:1239e9b70ca2	2378
wolfSSL	0:1239e9b70ca2	2379	/* add output to md5 and sha handshake hashes, exclude record header */
wolfSSL	0:1239e9b70ca2	2380	static int HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz)
wolfSSL	0:1239e9b70ca2	2381	{
wolfSSL	0:1239e9b70ca2	2382	const byte* adj = output + RECORD_HEADER_SZ + ivSz;
wolfSSL	0:1239e9b70ca2	2383	sz -= RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	2384
wolfSSL	0:1239e9b70ca2	2385	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2386	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	2387	adj += DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	2388	sz -= DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	2389	}
wolfSSL	0:1239e9b70ca2	2390	#endif
wolfSSL	0:1239e9b70ca2	2391	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	2392	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	2393	ShaUpdate(&ssl->hashSha, adj, sz);
wolfSSL	0:1239e9b70ca2	2394	#endif
wolfSSL	0:1239e9b70ca2	2395	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	2396	Md5Update(&ssl->hashMd5, adj, sz);
wolfSSL	0:1239e9b70ca2	2397	#endif
wolfSSL	0:1239e9b70ca2	2398	#endif
wolfSSL	0:1239e9b70ca2	2399
wolfSSL	0:1239e9b70ca2	2400	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	2401	int ret;
wolfSSL	0:1239e9b70ca2	2402
wolfSSL	0:1239e9b70ca2	2403	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	2404	ret = Sha256Update(&ssl->hashSha256, adj, sz);
wolfSSL	0:1239e9b70ca2	2405	if (ret != 0)
wolfSSL	0:1239e9b70ca2	2406	return ret;
wolfSSL	0:1239e9b70ca2	2407	#endif
wolfSSL	0:1239e9b70ca2	2408	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	2409	ret = Sha384Update(&ssl->hashSha384, adj, sz);
wolfSSL	0:1239e9b70ca2	2410	if (ret != 0)
wolfSSL	0:1239e9b70ca2	2411	return ret;
wolfSSL	0:1239e9b70ca2	2412	#endif
wolfSSL	0:1239e9b70ca2	2413	}
wolfSSL	0:1239e9b70ca2	2414
wolfSSL	0:1239e9b70ca2	2415	return 0;
wolfSSL	0:1239e9b70ca2	2416	}
wolfSSL	0:1239e9b70ca2	2417
wolfSSL	0:1239e9b70ca2	2418
wolfSSL	0:1239e9b70ca2	2419	/* add input to md5 and sha handshake hashes, include handshake header */
wolfSSL	0:1239e9b70ca2	2420	static int HashInput(CYASSL* ssl, const byte* input, int sz)
wolfSSL	0:1239e9b70ca2	2421	{
wolfSSL	0:1239e9b70ca2	2422	const byte* adj = input - HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	2423	sz += HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	2424
wolfSSL	0:1239e9b70ca2	2425	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2426	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	2427	adj -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	2428	sz += DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	2429	}
wolfSSL	0:1239e9b70ca2	2430	#endif
wolfSSL	0:1239e9b70ca2	2431
wolfSSL	0:1239e9b70ca2	2432	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	2433	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	2434	ShaUpdate(&ssl->hashSha, adj, sz);
wolfSSL	0:1239e9b70ca2	2435	#endif
wolfSSL	0:1239e9b70ca2	2436	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	2437	Md5Update(&ssl->hashMd5, adj, sz);
wolfSSL	0:1239e9b70ca2	2438	#endif
wolfSSL	0:1239e9b70ca2	2439	#endif
wolfSSL	0:1239e9b70ca2	2440
wolfSSL	0:1239e9b70ca2	2441	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	2442	int ret;
wolfSSL	0:1239e9b70ca2	2443
wolfSSL	0:1239e9b70ca2	2444	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	2445	ret = Sha256Update(&ssl->hashSha256, adj, sz);
wolfSSL	0:1239e9b70ca2	2446	if (ret != 0)
wolfSSL	0:1239e9b70ca2	2447	return ret;
wolfSSL	0:1239e9b70ca2	2448	#endif
wolfSSL	0:1239e9b70ca2	2449	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	2450	ret = Sha384Update(&ssl->hashSha384, adj, sz);
wolfSSL	0:1239e9b70ca2	2451	if (ret != 0)
wolfSSL	0:1239e9b70ca2	2452	return ret;
wolfSSL	0:1239e9b70ca2	2453	#endif
wolfSSL	0:1239e9b70ca2	2454	}
wolfSSL	0:1239e9b70ca2	2455
wolfSSL	0:1239e9b70ca2	2456	return 0;
wolfSSL	0:1239e9b70ca2	2457	}
wolfSSL	0:1239e9b70ca2	2458
wolfSSL	0:1239e9b70ca2	2459
wolfSSL	0:1239e9b70ca2	2460	/* add record layer header for message */
wolfSSL	0:1239e9b70ca2	2461	static void AddRecordHeader(byte* output, word32 length, byte type, CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2462	{
wolfSSL	0:1239e9b70ca2	2463	RecordLayerHeader* rl;
wolfSSL	0:1239e9b70ca2	2464
wolfSSL	0:1239e9b70ca2	2465	/* record layer header */
wolfSSL	0:1239e9b70ca2	2466	rl = (RecordLayerHeader*)output;
wolfSSL	0:1239e9b70ca2	2467	rl->type = type;
wolfSSL	0:1239e9b70ca2	2468	rl->pvMajor = ssl->version.major; /* type and version same in each */
wolfSSL	0:1239e9b70ca2	2469	rl->pvMinor = ssl->version.minor;
wolfSSL	0:1239e9b70ca2	2470
wolfSSL	0:1239e9b70ca2	2471	if (!ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	2472	c16toa((word16)length, rl->length);
wolfSSL	0:1239e9b70ca2	2473	else {
wolfSSL	0:1239e9b70ca2	2474	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2475	DtlsRecordLayerHeader* dtls;
wolfSSL	0:1239e9b70ca2	2476
wolfSSL	0:1239e9b70ca2	2477	/* dtls record layer header extensions */
wolfSSL	0:1239e9b70ca2	2478	dtls = (DtlsRecordLayerHeader*)output;
wolfSSL	0:1239e9b70ca2	2479	c16toa(ssl->keys.dtls_epoch, dtls->epoch);
wolfSSL	0:1239e9b70ca2	2480	c32to48(ssl->keys.dtls_sequence_number++, dtls->sequence_number);
wolfSSL	0:1239e9b70ca2	2481	c16toa((word16)length, dtls->length);
wolfSSL	0:1239e9b70ca2	2482	#endif
wolfSSL	0:1239e9b70ca2	2483	}
wolfSSL	0:1239e9b70ca2	2484	}
wolfSSL	0:1239e9b70ca2	2485
wolfSSL	0:1239e9b70ca2	2486
wolfSSL	0:1239e9b70ca2	2487	/* add handshake header for message */
wolfSSL	0:1239e9b70ca2	2488	static void AddHandShakeHeader(byte* output, word32 length, byte type,
wolfSSL	0:1239e9b70ca2	2489	CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2490	{
wolfSSL	0:1239e9b70ca2	2491	HandShakeHeader* hs;
wolfSSL	0:1239e9b70ca2	2492	(void)ssl;
wolfSSL	0:1239e9b70ca2	2493
wolfSSL	0:1239e9b70ca2	2494	/* handshake header */
wolfSSL	0:1239e9b70ca2	2495	hs = (HandShakeHeader*)output;
wolfSSL	0:1239e9b70ca2	2496	hs->type = type;
wolfSSL	0:1239e9b70ca2	2497	c32to24(length, hs->length); /* type and length same for each */
wolfSSL	0:1239e9b70ca2	2498	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2499	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	2500	DtlsHandShakeHeader* dtls;
wolfSSL	0:1239e9b70ca2	2501
wolfSSL	0:1239e9b70ca2	2502	/* dtls handshake header extensions */
wolfSSL	0:1239e9b70ca2	2503	dtls = (DtlsHandShakeHeader*)output;
wolfSSL	0:1239e9b70ca2	2504	c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
wolfSSL	0:1239e9b70ca2	2505	c32to24(0, dtls->fragment_offset);
wolfSSL	0:1239e9b70ca2	2506	c32to24(length, dtls->fragment_length);
wolfSSL	0:1239e9b70ca2	2507	}
wolfSSL	0:1239e9b70ca2	2508	#endif
wolfSSL	0:1239e9b70ca2	2509	}
wolfSSL	0:1239e9b70ca2	2510
wolfSSL	0:1239e9b70ca2	2511
wolfSSL	0:1239e9b70ca2	2512	/* add both headers for handshake message */
wolfSSL	0:1239e9b70ca2	2513	static void AddHeaders(byte* output, word32 length, byte type, CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2514	{
wolfSSL	0:1239e9b70ca2	2515	if (!ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	2516	AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl);
wolfSSL	0:1239e9b70ca2	2517	AddHandShakeHeader(output + RECORD_HEADER_SZ, length, type, ssl);
wolfSSL	0:1239e9b70ca2	2518	}
wolfSSL	0:1239e9b70ca2	2519	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2520	else {
wolfSSL	0:1239e9b70ca2	2521	AddRecordHeader(output, length+DTLS_HANDSHAKE_HEADER_SZ, handshake,ssl);
wolfSSL	0:1239e9b70ca2	2522	AddHandShakeHeader(output + DTLS_RECORD_HEADER_SZ, length, type, ssl);
wolfSSL	0:1239e9b70ca2	2523	}
wolfSSL	0:1239e9b70ca2	2524	#endif
wolfSSL	0:1239e9b70ca2	2525	}
wolfSSL	0:1239e9b70ca2	2526
wolfSSL	0:1239e9b70ca2	2527
wolfSSL	0:1239e9b70ca2	2528	/* return bytes received, -1 on error */
wolfSSL	0:1239e9b70ca2	2529	static int Receive(CYASSL* ssl, byte* buf, word32 sz)
wolfSSL	0:1239e9b70ca2	2530	{
wolfSSL	0:1239e9b70ca2	2531	int recvd;
wolfSSL	0:1239e9b70ca2	2532
wolfSSL	0:1239e9b70ca2	2533	if (ssl->ctx->CBIORecv == NULL) {
wolfSSL	0:1239e9b70ca2	2534	CYASSL_MSG("Your IO Recv callback is null, please set");
wolfSSL	0:1239e9b70ca2	2535	return -1;
wolfSSL	0:1239e9b70ca2	2536	}
wolfSSL	0:1239e9b70ca2	2537
wolfSSL	0:1239e9b70ca2	2538	retry:
wolfSSL	0:1239e9b70ca2	2539	recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
wolfSSL	0:1239e9b70ca2	2540	if (recvd < 0)
wolfSSL	0:1239e9b70ca2	2541	switch (recvd) {
wolfSSL	0:1239e9b70ca2	2542	case CYASSL_CBIO_ERR_GENERAL: /* general/unknown error */
wolfSSL	0:1239e9b70ca2	2543	return -1;
wolfSSL	0:1239e9b70ca2	2544
wolfSSL	0:1239e9b70ca2	2545	case CYASSL_CBIO_ERR_WANT_READ: /* want read, would block */
wolfSSL	0:1239e9b70ca2	2546	return WANT_READ;
wolfSSL	0:1239e9b70ca2	2547
wolfSSL	0:1239e9b70ca2	2548	case CYASSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL	0:1239e9b70ca2	2549	#ifdef USE_WINDOWS_API
wolfSSL	0:1239e9b70ca2	2550	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	2551	goto retry;
wolfSSL	0:1239e9b70ca2	2552	}
wolfSSL	0:1239e9b70ca2	2553	#endif
wolfSSL	0:1239e9b70ca2	2554	ssl->options.connReset = 1;
wolfSSL	0:1239e9b70ca2	2555	return -1;
wolfSSL	0:1239e9b70ca2	2556
wolfSSL	0:1239e9b70ca2	2557	case CYASSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL	0:1239e9b70ca2	2558	/* see if we got our timeout */
wolfSSL	0:1239e9b70ca2	2559	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	2560	if (ssl->toInfoOn) {
wolfSSL	0:1239e9b70ca2	2561	struct itimerval timeout;
wolfSSL	0:1239e9b70ca2	2562	getitimer(ITIMER_REAL, &timeout);
wolfSSL	0:1239e9b70ca2	2563	if (timeout.it_value.tv_sec == 0 &&
wolfSSL	0:1239e9b70ca2	2564	timeout.it_value.tv_usec == 0) {
wolfSSL	0:1239e9b70ca2	2565	XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL	0:1239e9b70ca2	2566	"recv() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL	0:1239e9b70ca2	2567	CYASSL_MSG("Got our timeout");
wolfSSL	0:1239e9b70ca2	2568	return WANT_READ;
wolfSSL	0:1239e9b70ca2	2569	}
wolfSSL	0:1239e9b70ca2	2570	}
wolfSSL	0:1239e9b70ca2	2571	#endif
wolfSSL	0:1239e9b70ca2	2572	goto retry;
wolfSSL	0:1239e9b70ca2	2573
wolfSSL	0:1239e9b70ca2	2574	case CYASSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */
wolfSSL	0:1239e9b70ca2	2575	ssl->options.isClosed = 1;
wolfSSL	0:1239e9b70ca2	2576	return -1;
wolfSSL	0:1239e9b70ca2	2577
wolfSSL	0:1239e9b70ca2	2578	case CYASSL_CBIO_ERR_TIMEOUT:
wolfSSL	0:1239e9b70ca2	2579	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2580	if (DtlsPoolTimeout(ssl) == 0 && DtlsPoolSend(ssl) == 0)
wolfSSL	0:1239e9b70ca2	2581	goto retry;
wolfSSL	0:1239e9b70ca2	2582	else
wolfSSL	0:1239e9b70ca2	2583	#endif
wolfSSL	0:1239e9b70ca2	2584	return -1;
wolfSSL	0:1239e9b70ca2	2585
wolfSSL	0:1239e9b70ca2	2586	default:
wolfSSL	0:1239e9b70ca2	2587	return recvd;
wolfSSL	0:1239e9b70ca2	2588	}
wolfSSL	0:1239e9b70ca2	2589
wolfSSL	0:1239e9b70ca2	2590	return recvd;
wolfSSL	0:1239e9b70ca2	2591	}
wolfSSL	0:1239e9b70ca2	2592
wolfSSL	0:1239e9b70ca2	2593
wolfSSL	0:1239e9b70ca2	2594	/* Switch dynamic output buffer back to static, buffer is assumed clear */
wolfSSL	0:1239e9b70ca2	2595	void ShrinkOutputBuffer(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2596	{
wolfSSL	0:1239e9b70ca2	2597	CYASSL_MSG("Shrinking output buffer\n");
wolfSSL	0:1239e9b70ca2	2598	XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
wolfSSL	0:1239e9b70ca2	2599	ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	0:1239e9b70ca2	2600	ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL	0:1239e9b70ca2	2601	ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	0:1239e9b70ca2	2602	ssl->buffers.outputBuffer.dynamicFlag = 0;
wolfSSL	0:1239e9b70ca2	2603	ssl->buffers.outputBuffer.offset = 0;
wolfSSL	0:1239e9b70ca2	2604	}
wolfSSL	0:1239e9b70ca2	2605
wolfSSL	0:1239e9b70ca2	2606
wolfSSL	0:1239e9b70ca2	2607	/* Switch dynamic input buffer back to static, keep any remaining input */
wolfSSL	0:1239e9b70ca2	2608	/* forced free means cleaning up */
wolfSSL	0:1239e9b70ca2	2609	void ShrinkInputBuffer(CYASSL* ssl, int forcedFree)
wolfSSL	0:1239e9b70ca2	2610	{
wolfSSL	0:1239e9b70ca2	2611	int usedLength = ssl->buffers.inputBuffer.length -
wolfSSL	0:1239e9b70ca2	2612	ssl->buffers.inputBuffer.idx;
wolfSSL	0:1239e9b70ca2	2613	if (!forcedFree && usedLength > STATIC_BUFFER_LEN)
wolfSSL	0:1239e9b70ca2	2614	return;
wolfSSL	0:1239e9b70ca2	2615
wolfSSL	0:1239e9b70ca2	2616	CYASSL_MSG("Shrinking input buffer\n");
wolfSSL	0:1239e9b70ca2	2617
wolfSSL	0:1239e9b70ca2	2618	if (!forcedFree && usedLength)
wolfSSL	0:1239e9b70ca2	2619	XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
wolfSSL	0:1239e9b70ca2	2620	ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	2621	usedLength);
wolfSSL	0:1239e9b70ca2	2622
wolfSSL	0:1239e9b70ca2	2623	XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL	0:1239e9b70ca2	2624	ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	0:1239e9b70ca2	2625	ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL	0:1239e9b70ca2	2626	ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL	0:1239e9b70ca2	2627	ssl->buffers.inputBuffer.dynamicFlag = 0;
wolfSSL	0:1239e9b70ca2	2628	ssl->buffers.inputBuffer.offset = 0;
wolfSSL	0:1239e9b70ca2	2629	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	0:1239e9b70ca2	2630	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	0:1239e9b70ca2	2631	}
wolfSSL	0:1239e9b70ca2	2632
wolfSSL	0:1239e9b70ca2	2633
wolfSSL	0:1239e9b70ca2	2634	int SendBuffered(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2635	{
wolfSSL	0:1239e9b70ca2	2636	if (ssl->ctx->CBIOSend == NULL) {
wolfSSL	0:1239e9b70ca2	2637	CYASSL_MSG("Your IO Send callback is null, please set");
wolfSSL	0:1239e9b70ca2	2638	return SOCKET_ERROR_E;
wolfSSL	0:1239e9b70ca2	2639	}
wolfSSL	0:1239e9b70ca2	2640
wolfSSL	0:1239e9b70ca2	2641	while (ssl->buffers.outputBuffer.length > 0) {
wolfSSL	0:1239e9b70ca2	2642	int sent = ssl->ctx->CBIOSend(ssl,
wolfSSL	0:1239e9b70ca2	2643	(char*)ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	2644	ssl->buffers.outputBuffer.idx,
wolfSSL	0:1239e9b70ca2	2645	(int)ssl->buffers.outputBuffer.length,
wolfSSL	0:1239e9b70ca2	2646	ssl->IOCB_WriteCtx);
wolfSSL	0:1239e9b70ca2	2647	if (sent < 0) {
wolfSSL	0:1239e9b70ca2	2648	switch (sent) {
wolfSSL	0:1239e9b70ca2	2649
wolfSSL	0:1239e9b70ca2	2650	case CYASSL_CBIO_ERR_WANT_WRITE: /* would block */
wolfSSL	0:1239e9b70ca2	2651	return WANT_WRITE;
wolfSSL	0:1239e9b70ca2	2652
wolfSSL	0:1239e9b70ca2	2653	case CYASSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL	0:1239e9b70ca2	2654	ssl->options.connReset = 1;
wolfSSL	0:1239e9b70ca2	2655	break;
wolfSSL	0:1239e9b70ca2	2656
wolfSSL	0:1239e9b70ca2	2657	case CYASSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL	0:1239e9b70ca2	2658	/* see if we got our timeout */
wolfSSL	0:1239e9b70ca2	2659	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	2660	if (ssl->toInfoOn) {
wolfSSL	0:1239e9b70ca2	2661	struct itimerval timeout;
wolfSSL	0:1239e9b70ca2	2662	getitimer(ITIMER_REAL, &timeout);
wolfSSL	0:1239e9b70ca2	2663	if (timeout.it_value.tv_sec == 0 &&
wolfSSL	0:1239e9b70ca2	2664	timeout.it_value.tv_usec == 0) {
wolfSSL	0:1239e9b70ca2	2665	XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL	0:1239e9b70ca2	2666	"send() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL	0:1239e9b70ca2	2667	CYASSL_MSG("Got our timeout");
wolfSSL	0:1239e9b70ca2	2668	return WANT_WRITE;
wolfSSL	0:1239e9b70ca2	2669	}
wolfSSL	0:1239e9b70ca2	2670	}
wolfSSL	0:1239e9b70ca2	2671	#endif
wolfSSL	0:1239e9b70ca2	2672	continue;
wolfSSL	0:1239e9b70ca2	2673
wolfSSL	0:1239e9b70ca2	2674	case CYASSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
wolfSSL	0:1239e9b70ca2	2675	ssl->options.connReset = 1; /* treat same as reset */
wolfSSL	0:1239e9b70ca2	2676	break;
wolfSSL	0:1239e9b70ca2	2677
wolfSSL	0:1239e9b70ca2	2678	default:
wolfSSL	0:1239e9b70ca2	2679	return SOCKET_ERROR_E;
wolfSSL	0:1239e9b70ca2	2680	}
wolfSSL	0:1239e9b70ca2	2681
wolfSSL	0:1239e9b70ca2	2682	return SOCKET_ERROR_E;
wolfSSL	0:1239e9b70ca2	2683	}
wolfSSL	0:1239e9b70ca2	2684
wolfSSL	0:1239e9b70ca2	2685	ssl->buffers.outputBuffer.idx += sent;
wolfSSL	0:1239e9b70ca2	2686	ssl->buffers.outputBuffer.length -= sent;
wolfSSL	0:1239e9b70ca2	2687	}
wolfSSL	0:1239e9b70ca2	2688
wolfSSL	0:1239e9b70ca2	2689	ssl->buffers.outputBuffer.idx = 0;
wolfSSL	0:1239e9b70ca2	2690
wolfSSL	0:1239e9b70ca2	2691	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	0:1239e9b70ca2	2692	ShrinkOutputBuffer(ssl);
wolfSSL	0:1239e9b70ca2	2693
wolfSSL	0:1239e9b70ca2	2694	return 0;
wolfSSL	0:1239e9b70ca2	2695	}
wolfSSL	0:1239e9b70ca2	2696
wolfSSL	0:1239e9b70ca2	2697
wolfSSL	0:1239e9b70ca2	2698	/* Grow the output buffer */
wolfSSL	0:1239e9b70ca2	2699	static INLINE int GrowOutputBuffer(CYASSL* ssl, int size)
wolfSSL	0:1239e9b70ca2	2700	{
wolfSSL	0:1239e9b70ca2	2701	byte* tmp;
wolfSSL	0:1239e9b70ca2	2702	byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
wolfSSL	0:1239e9b70ca2	2703	RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	2704	byte align = CYASSL_GENERAL_ALIGNMENT;
wolfSSL	0:1239e9b70ca2	2705	/* the encrypted data will be offset from the front of the buffer by
wolfSSL	0:1239e9b70ca2	2706	the header, if the user wants encrypted alignment they need
wolfSSL	0:1239e9b70ca2	2707	to define their alignment requirement */
wolfSSL	0:1239e9b70ca2	2708
wolfSSL	0:1239e9b70ca2	2709	if (align) {
wolfSSL	0:1239e9b70ca2	2710	while (align < hdrSz)
wolfSSL	0:1239e9b70ca2	2711	align *= 2;
wolfSSL	0:1239e9b70ca2	2712	}
wolfSSL	0:1239e9b70ca2	2713
wolfSSL	0:1239e9b70ca2	2714	tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align,
wolfSSL	0:1239e9b70ca2	2715	ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	0:1239e9b70ca2	2716	CYASSL_MSG("growing output buffer\n");
wolfSSL	0:1239e9b70ca2	2717
wolfSSL	0:1239e9b70ca2	2718	if (!tmp) return MEMORY_E;
wolfSSL	0:1239e9b70ca2	2719	if (align)
wolfSSL	0:1239e9b70ca2	2720	tmp += align - hdrSz;
wolfSSL	0:1239e9b70ca2	2721
wolfSSL	0:1239e9b70ca2	2722	if (ssl->buffers.outputBuffer.length)
wolfSSL	0:1239e9b70ca2	2723	XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
wolfSSL	0:1239e9b70ca2	2724	ssl->buffers.outputBuffer.length);
wolfSSL	0:1239e9b70ca2	2725
wolfSSL	0:1239e9b70ca2	2726	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	0:1239e9b70ca2	2727	XFREE(ssl->buffers.outputBuffer.buffer -
wolfSSL	0:1239e9b70ca2	2728	ssl->buffers.outputBuffer.offset, ssl->heap,
wolfSSL	0:1239e9b70ca2	2729	DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL	0:1239e9b70ca2	2730	ssl->buffers.outputBuffer.dynamicFlag = 1;
wolfSSL	0:1239e9b70ca2	2731	if (align)
wolfSSL	0:1239e9b70ca2	2732	ssl->buffers.outputBuffer.offset = align - hdrSz;
wolfSSL	0:1239e9b70ca2	2733	else
wolfSSL	0:1239e9b70ca2	2734	ssl->buffers.outputBuffer.offset = 0;
wolfSSL	0:1239e9b70ca2	2735	ssl->buffers.outputBuffer.buffer = tmp;
wolfSSL	0:1239e9b70ca2	2736	ssl->buffers.outputBuffer.bufferSize = size +
wolfSSL	0:1239e9b70ca2	2737	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	2738	return 0;
wolfSSL	0:1239e9b70ca2	2739	}
wolfSSL	0:1239e9b70ca2	2740
wolfSSL	0:1239e9b70ca2	2741
wolfSSL	0:1239e9b70ca2	2742	/* Grow the input buffer, should only be to read cert or big app data */
wolfSSL	0:1239e9b70ca2	2743	int GrowInputBuffer(CYASSL* ssl, int size, int usedLength)
wolfSSL	0:1239e9b70ca2	2744	{
wolfSSL	0:1239e9b70ca2	2745	byte* tmp;
wolfSSL	0:1239e9b70ca2	2746	byte hdrSz = DTLS_RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	2747	byte align = ssl->options.dtls ? CYASSL_GENERAL_ALIGNMENT : 0;
wolfSSL	0:1239e9b70ca2	2748	/* the encrypted data will be offset from the front of the buffer by
wolfSSL	0:1239e9b70ca2	2749	the dtls record header, if the user wants encrypted alignment they need
wolfSSL	0:1239e9b70ca2	2750	to define their alignment requirement. in tls we read record header
wolfSSL	0:1239e9b70ca2	2751	to get size of record and put actual data back at front, so don't need */
wolfSSL	0:1239e9b70ca2	2752
wolfSSL	0:1239e9b70ca2	2753	if (align) {
wolfSSL	0:1239e9b70ca2	2754	while (align < hdrSz)
wolfSSL	0:1239e9b70ca2	2755	align *= 2;
wolfSSL	0:1239e9b70ca2	2756	}
wolfSSL	0:1239e9b70ca2	2757	tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap,
wolfSSL	0:1239e9b70ca2	2758	DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	0:1239e9b70ca2	2759	CYASSL_MSG("growing input buffer\n");
wolfSSL	0:1239e9b70ca2	2760
wolfSSL	0:1239e9b70ca2	2761	if (!tmp) return MEMORY_E;
wolfSSL	0:1239e9b70ca2	2762	if (align)
wolfSSL	0:1239e9b70ca2	2763	tmp += align - hdrSz;
wolfSSL	0:1239e9b70ca2	2764
wolfSSL	0:1239e9b70ca2	2765	if (usedLength)
wolfSSL	0:1239e9b70ca2	2766	XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	2767	ssl->buffers.inputBuffer.idx, usedLength);
wolfSSL	0:1239e9b70ca2	2768
wolfSSL	0:1239e9b70ca2	2769	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	0:1239e9b70ca2	2770	XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL	0:1239e9b70ca2	2771	ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
wolfSSL	0:1239e9b70ca2	2772
wolfSSL	0:1239e9b70ca2	2773	ssl->buffers.inputBuffer.dynamicFlag = 1;
wolfSSL	0:1239e9b70ca2	2774	if (align)
wolfSSL	0:1239e9b70ca2	2775	ssl->buffers.inputBuffer.offset = align - hdrSz;
wolfSSL	0:1239e9b70ca2	2776	else
wolfSSL	0:1239e9b70ca2	2777	ssl->buffers.inputBuffer.offset = 0;
wolfSSL	0:1239e9b70ca2	2778	ssl->buffers.inputBuffer.buffer = tmp;
wolfSSL	0:1239e9b70ca2	2779	ssl->buffers.inputBuffer.bufferSize = size + usedLength;
wolfSSL	0:1239e9b70ca2	2780	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	0:1239e9b70ca2	2781	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	0:1239e9b70ca2	2782
wolfSSL	0:1239e9b70ca2	2783	return 0;
wolfSSL	0:1239e9b70ca2	2784	}
wolfSSL	0:1239e9b70ca2	2785
wolfSSL	0:1239e9b70ca2	2786
wolfSSL	0:1239e9b70ca2	2787	/* check available size into output buffer, make room if needed */
wolfSSL	0:1239e9b70ca2	2788	int CheckAvailableSize(CYASSL *ssl, int size)
wolfSSL	0:1239e9b70ca2	2789	{
wolfSSL	0:1239e9b70ca2	2790	if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length
wolfSSL	0:1239e9b70ca2	2791	< (word32)size) {
wolfSSL	0:1239e9b70ca2	2792	if (GrowOutputBuffer(ssl, size) < 0)
wolfSSL	0:1239e9b70ca2	2793	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	2794	}
wolfSSL	0:1239e9b70ca2	2795
wolfSSL	0:1239e9b70ca2	2796	return 0;
wolfSSL	0:1239e9b70ca2	2797	}
wolfSSL	0:1239e9b70ca2	2798
wolfSSL	0:1239e9b70ca2	2799
wolfSSL	0:1239e9b70ca2	2800	/* do all verify and sanity checks on record header */
wolfSSL	0:1239e9b70ca2	2801	static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	2802	RecordLayerHeader* rh, word16 *size)
wolfSSL	0:1239e9b70ca2	2803	{
wolfSSL	0:1239e9b70ca2	2804	if (!ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	2805	XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ);
wolfSSL	0:1239e9b70ca2	2806	*inOutIdx += RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	2807	ato16(rh->length, size);
wolfSSL	0:1239e9b70ca2	2808	}
wolfSSL	0:1239e9b70ca2	2809	else {
wolfSSL	0:1239e9b70ca2	2810	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2811	/* type and version in same sport */
wolfSSL	0:1239e9b70ca2	2812	XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
wolfSSL	0:1239e9b70ca2	2813	*inOutIdx += ENUM_LEN + VERSION_SZ;
wolfSSL	0:1239e9b70ca2	2814	ato16(input + *inOutIdx, &ssl->keys.dtls_state.curEpoch);
wolfSSL	0:1239e9b70ca2	2815	inOutIdx += 4; / advance past epoch, skip first 2 seq bytes for now */
wolfSSL	0:1239e9b70ca2	2816	ato32(input + *inOutIdx, &ssl->keys.dtls_state.curSeq);
wolfSSL	0:1239e9b70ca2	2817	inOutIdx += 4; / advance past rest of seq */
wolfSSL	0:1239e9b70ca2	2818	ato16(input + *inOutIdx, size);
wolfSSL	0:1239e9b70ca2	2819	*inOutIdx += LENGTH_SZ;
wolfSSL	0:1239e9b70ca2	2820	#endif
wolfSSL	0:1239e9b70ca2	2821	}
wolfSSL	0:1239e9b70ca2	2822
wolfSSL	0:1239e9b70ca2	2823	/* catch version mismatch */
wolfSSL	0:1239e9b70ca2	2824	if (rh->pvMajor != ssl->version.major \|\| rh->pvMinor != ssl->version.minor){
wolfSSL	0:1239e9b70ca2	2825	if (ssl->options.side == CYASSL_SERVER_END &&
wolfSSL	0:1239e9b70ca2	2826	ssl->options.acceptState == ACCEPT_BEGIN)
wolfSSL	0:1239e9b70ca2	2827	CYASSL_MSG("Client attempting to connect with different version");
wolfSSL	0:1239e9b70ca2	2828	else if (ssl->options.side == CYASSL_CLIENT_END &&
wolfSSL	0:1239e9b70ca2	2829	ssl->options.downgrade &&
wolfSSL	0:1239e9b70ca2	2830	ssl->options.connectState < FIRST_REPLY_DONE)
wolfSSL	0:1239e9b70ca2	2831	CYASSL_MSG("Server attempting to accept with different version");
wolfSSL	0:1239e9b70ca2	2832	else {
wolfSSL	0:1239e9b70ca2	2833	CYASSL_MSG("SSL version error");
wolfSSL	0:1239e9b70ca2	2834	return VERSION_ERROR; /* only use requested version */
wolfSSL	0:1239e9b70ca2	2835	}
wolfSSL	0:1239e9b70ca2	2836	}
wolfSSL	0:1239e9b70ca2	2837
wolfSSL	0:1239e9b70ca2	2838	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2839	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	2840	if (DtlsCheckWindow(&ssl->keys.dtls_state) != 1)
wolfSSL	0:1239e9b70ca2	2841	return SEQUENCE_ERROR;
wolfSSL	0:1239e9b70ca2	2842	}
wolfSSL	0:1239e9b70ca2	2843	#endif
wolfSSL	0:1239e9b70ca2	2844
wolfSSL	0:1239e9b70ca2	2845	/* record layer length check */
wolfSSL	0:1239e9b70ca2	2846	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	0:1239e9b70ca2	2847	if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL	0:1239e9b70ca2	2848	return LENGTH_ERROR;
wolfSSL	0:1239e9b70ca2	2849	#else
wolfSSL	0:1239e9b70ca2	2850	if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL	0:1239e9b70ca2	2851	return LENGTH_ERROR;
wolfSSL	0:1239e9b70ca2	2852	#endif
wolfSSL	0:1239e9b70ca2	2853
wolfSSL	0:1239e9b70ca2	2854	/* verify record type here as well */
wolfSSL	0:1239e9b70ca2	2855	switch (rh->type) {
wolfSSL	0:1239e9b70ca2	2856	case handshake:
wolfSSL	0:1239e9b70ca2	2857	case change_cipher_spec:
wolfSSL	0:1239e9b70ca2	2858	case application_data:
wolfSSL	0:1239e9b70ca2	2859	case alert:
wolfSSL	0:1239e9b70ca2	2860	break;
wolfSSL	0:1239e9b70ca2	2861	case no_type:
wolfSSL	0:1239e9b70ca2	2862	default:
wolfSSL	0:1239e9b70ca2	2863	CYASSL_MSG("Unknown Record Type");
wolfSSL	0:1239e9b70ca2	2864	return UNKNOWN_RECORD_TYPE;
wolfSSL	0:1239e9b70ca2	2865	}
wolfSSL	0:1239e9b70ca2	2866
wolfSSL	0:1239e9b70ca2	2867	/* haven't decrypted this record yet */
wolfSSL	0:1239e9b70ca2	2868	ssl->keys.decryptedCur = 0;
wolfSSL	0:1239e9b70ca2	2869
wolfSSL	0:1239e9b70ca2	2870	return 0;
wolfSSL	0:1239e9b70ca2	2871	}
wolfSSL	0:1239e9b70ca2	2872
wolfSSL	0:1239e9b70ca2	2873
wolfSSL	0:1239e9b70ca2	2874	static int GetHandShakeHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	2875	byte type, word32 size)
wolfSSL	0:1239e9b70ca2	2876	{
wolfSSL	0:1239e9b70ca2	2877	const byte ptr = input + inOutIdx;
wolfSSL	0:1239e9b70ca2	2878	(void)ssl;
wolfSSL	0:1239e9b70ca2	2879	*inOutIdx += HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	2880
wolfSSL	0:1239e9b70ca2	2881	*type = ptr[0];
wolfSSL	0:1239e9b70ca2	2882	c24to32(&ptr[1], size);
wolfSSL	0:1239e9b70ca2	2883
wolfSSL	0:1239e9b70ca2	2884	return 0;
wolfSSL	0:1239e9b70ca2	2885	}
wolfSSL	0:1239e9b70ca2	2886
wolfSSL	0:1239e9b70ca2	2887
wolfSSL	0:1239e9b70ca2	2888	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	2889	static int GetDtlsHandShakeHeader(CYASSL* ssl, const byte* input,
wolfSSL	0:1239e9b70ca2	2890	word32* inOutIdx, byte type, word32 size,
wolfSSL	0:1239e9b70ca2	2891	word32 fragOffset, word32 fragSz)
wolfSSL	0:1239e9b70ca2	2892	{
wolfSSL	0:1239e9b70ca2	2893	word32 idx = *inOutIdx;
wolfSSL	0:1239e9b70ca2	2894
wolfSSL	0:1239e9b70ca2	2895	*inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	2896
wolfSSL	0:1239e9b70ca2	2897	*type = input[idx++];
wolfSSL	0:1239e9b70ca2	2898	c24to32(input + idx, size);
wolfSSL	0:1239e9b70ca2	2899	idx += BYTE3_LEN;
wolfSSL	0:1239e9b70ca2	2900
wolfSSL	0:1239e9b70ca2	2901	ato16(input + idx, &ssl->keys.dtls_peer_handshake_number);
wolfSSL	0:1239e9b70ca2	2902	idx += DTLS_HANDSHAKE_SEQ_SZ;
wolfSSL	0:1239e9b70ca2	2903
wolfSSL	0:1239e9b70ca2	2904	c24to32(input + idx, fragOffset);
wolfSSL	0:1239e9b70ca2	2905	idx += DTLS_HANDSHAKE_FRAG_SZ;
wolfSSL	0:1239e9b70ca2	2906	c24to32(input + idx, fragSz);
wolfSSL	0:1239e9b70ca2	2907
wolfSSL	0:1239e9b70ca2	2908	return 0;
wolfSSL	0:1239e9b70ca2	2909	}
wolfSSL	0:1239e9b70ca2	2910	#endif
wolfSSL	0:1239e9b70ca2	2911
wolfSSL	0:1239e9b70ca2	2912
wolfSSL	0:1239e9b70ca2	2913	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	2914	/* fill with MD5 pad size since biggest required */
wolfSSL	0:1239e9b70ca2	2915	static const byte PAD1[PAD_MD5] =
wolfSSL	0:1239e9b70ca2	2916	{ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	0:1239e9b70ca2	2917	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	0:1239e9b70ca2	2918	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	0:1239e9b70ca2	2919	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	0:1239e9b70ca2	2920	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL	0:1239e9b70ca2	2921	0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
wolfSSL	0:1239e9b70ca2	2922	};
wolfSSL	0:1239e9b70ca2	2923	static const byte PAD2[PAD_MD5] =
wolfSSL	0:1239e9b70ca2	2924	{ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	0:1239e9b70ca2	2925	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	0:1239e9b70ca2	2926	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	0:1239e9b70ca2	2927	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	0:1239e9b70ca2	2928	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL	0:1239e9b70ca2	2929	0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
wolfSSL	0:1239e9b70ca2	2930	};
wolfSSL	0:1239e9b70ca2	2931
wolfSSL	0:1239e9b70ca2	2932	/* calculate MD5 hash for finished */
wolfSSL	0:1239e9b70ca2	2933	static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	0:1239e9b70ca2	2934	{
wolfSSL	0:1239e9b70ca2	2935	byte md5_result[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	2936
wolfSSL	0:1239e9b70ca2	2937	/* make md5 inner */
wolfSSL	0:1239e9b70ca2	2938	Md5Update(&ssl->hashMd5, sender, SIZEOF_SENDER);
wolfSSL	0:1239e9b70ca2	2939	Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	2940	Md5Update(&ssl->hashMd5, PAD1, PAD_MD5);
wolfSSL	0:1239e9b70ca2	2941	Md5Final(&ssl->hashMd5, md5_result);
wolfSSL	0:1239e9b70ca2	2942
wolfSSL	0:1239e9b70ca2	2943	/* make md5 outer */
wolfSSL	0:1239e9b70ca2	2944	Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	2945	Md5Update(&ssl->hashMd5, PAD2, PAD_MD5);
wolfSSL	0:1239e9b70ca2	2946	Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	2947
wolfSSL	0:1239e9b70ca2	2948	Md5Final(&ssl->hashMd5, hashes->md5);
wolfSSL	0:1239e9b70ca2	2949	}
wolfSSL	0:1239e9b70ca2	2950
wolfSSL	0:1239e9b70ca2	2951
wolfSSL	0:1239e9b70ca2	2952	/* calculate SHA hash for finished */
wolfSSL	0:1239e9b70ca2	2953	static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	0:1239e9b70ca2	2954	{
wolfSSL	0:1239e9b70ca2	2955	byte sha_result[SHA_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	2956
wolfSSL	0:1239e9b70ca2	2957	/* make sha inner */
wolfSSL	0:1239e9b70ca2	2958	ShaUpdate(&ssl->hashSha, sender, SIZEOF_SENDER);
wolfSSL	0:1239e9b70ca2	2959	ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	2960	ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA);
wolfSSL	0:1239e9b70ca2	2961	ShaFinal(&ssl->hashSha, sha_result);
wolfSSL	0:1239e9b70ca2	2962
wolfSSL	0:1239e9b70ca2	2963	/* make sha outer */
wolfSSL	0:1239e9b70ca2	2964	ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	2965	ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA);
wolfSSL	0:1239e9b70ca2	2966	ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	2967
wolfSSL	0:1239e9b70ca2	2968	ShaFinal(&ssl->hashSha, hashes->sha);
wolfSSL	0:1239e9b70ca2	2969	}
wolfSSL	0:1239e9b70ca2	2970	#endif
wolfSSL	0:1239e9b70ca2	2971
wolfSSL	0:1239e9b70ca2	2972
wolfSSL	0:1239e9b70ca2	2973	static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL	0:1239e9b70ca2	2974	{
wolfSSL	0:1239e9b70ca2	2975	/* store current states, building requires get_digest which resets state */
wolfSSL	0:1239e9b70ca2	2976	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	2977	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	2978	Md5 md5 = ssl->hashMd5;
wolfSSL	0:1239e9b70ca2	2979	#endif
wolfSSL	0:1239e9b70ca2	2980	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	2981	Sha sha = ssl->hashSha;
wolfSSL	0:1239e9b70ca2	2982	#endif
wolfSSL	0:1239e9b70ca2	2983	#endif
wolfSSL	0:1239e9b70ca2	2984	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	2985	Sha256 sha256 = ssl->hashSha256;
wolfSSL	0:1239e9b70ca2	2986	#endif
wolfSSL	0:1239e9b70ca2	2987	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	2988	Sha384 sha384 = ssl->hashSha384;
wolfSSL	0:1239e9b70ca2	2989	#endif
wolfSSL	0:1239e9b70ca2	2990
wolfSSL	0:1239e9b70ca2	2991	int ret = 0;
wolfSSL	0:1239e9b70ca2	2992
wolfSSL	0:1239e9b70ca2	2993	#ifndef NO_TLS
wolfSSL	0:1239e9b70ca2	2994	if (ssl->options.tls) {
wolfSSL	0:1239e9b70ca2	2995	ret = BuildTlsFinished(ssl, hashes, sender);
wolfSSL	0:1239e9b70ca2	2996	}
wolfSSL	0:1239e9b70ca2	2997	#endif
wolfSSL	0:1239e9b70ca2	2998	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	2999	if (!ssl->options.tls) {
wolfSSL	0:1239e9b70ca2	3000	BuildMD5(ssl, hashes, sender);
wolfSSL	0:1239e9b70ca2	3001	BuildSHA(ssl, hashes, sender);
wolfSSL	0:1239e9b70ca2	3002	}
wolfSSL	0:1239e9b70ca2	3003	#endif
wolfSSL	0:1239e9b70ca2	3004
wolfSSL	0:1239e9b70ca2	3005	/* restore */
wolfSSL	0:1239e9b70ca2	3006	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	3007	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	3008	ssl->hashMd5 = md5;
wolfSSL	0:1239e9b70ca2	3009	#endif
wolfSSL	0:1239e9b70ca2	3010	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	3011	ssl->hashSha = sha;
wolfSSL	0:1239e9b70ca2	3012	#endif
wolfSSL	0:1239e9b70ca2	3013	#endif
wolfSSL	0:1239e9b70ca2	3014	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	3015	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	3016	ssl->hashSha256 = sha256;
wolfSSL	0:1239e9b70ca2	3017	#endif
wolfSSL	0:1239e9b70ca2	3018	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	3019	ssl->hashSha384 = sha384;
wolfSSL	0:1239e9b70ca2	3020	#endif
wolfSSL	0:1239e9b70ca2	3021	}
wolfSSL	0:1239e9b70ca2	3022
wolfSSL	0:1239e9b70ca2	3023	return ret;
wolfSSL	0:1239e9b70ca2	3024	}
wolfSSL	0:1239e9b70ca2	3025
wolfSSL	0:1239e9b70ca2	3026
wolfSSL	0:1239e9b70ca2	3027	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	3028
wolfSSL	0:1239e9b70ca2	3029
wolfSSL	0:1239e9b70ca2	3030	/* Match names with wildcards, each wildcard can represent a single name
wolfSSL	0:1239e9b70ca2	3031	component or fragment but not mulitple names, i.e.,
wolfSSL	0:1239e9b70ca2	3032	*.z.com matches y.z.com but not x.y.z.com
wolfSSL	0:1239e9b70ca2	3033
wolfSSL	0:1239e9b70ca2	3034	return 1 on success */
wolfSSL	0:1239e9b70ca2	3035	static int MatchDomainName(const char* pattern, int len, const char* str)
wolfSSL	0:1239e9b70ca2	3036	{
wolfSSL	0:1239e9b70ca2	3037	char p, s;
wolfSSL	0:1239e9b70ca2	3038
wolfSSL	0:1239e9b70ca2	3039	if (pattern == NULL \|\| str == NULL \|\| len <= 0)
wolfSSL	0:1239e9b70ca2	3040	return 0;
wolfSSL	0:1239e9b70ca2	3041
wolfSSL	0:1239e9b70ca2	3042	while (len > 0) {
wolfSSL	0:1239e9b70ca2	3043
wolfSSL	0:1239e9b70ca2	3044	p = (char)XTOLOWER(*pattern++);
wolfSSL	0:1239e9b70ca2	3045	if (p == 0)
wolfSSL	0:1239e9b70ca2	3046	break;
wolfSSL	0:1239e9b70ca2	3047
wolfSSL	0:1239e9b70ca2	3048	if (p == '*') {
wolfSSL	0:1239e9b70ca2	3049	while (--len > 0 && (p = (char)XTOLOWER(pattern++)) == '')
wolfSSL	0:1239e9b70ca2	3050	;
wolfSSL	0:1239e9b70ca2	3051
wolfSSL	0:1239e9b70ca2	3052	if (len == 0)
wolfSSL	0:1239e9b70ca2	3053	p = '\0';
wolfSSL	0:1239e9b70ca2	3054
wolfSSL	0:1239e9b70ca2	3055	while ( (s = (char)XTOLOWER(*str)) != '\0') {
wolfSSL	0:1239e9b70ca2	3056	if (s == p)
wolfSSL	0:1239e9b70ca2	3057	break;
wolfSSL	0:1239e9b70ca2	3058	if (s == '.')
wolfSSL	0:1239e9b70ca2	3059	return 0;
wolfSSL	0:1239e9b70ca2	3060	str++;
wolfSSL	0:1239e9b70ca2	3061	}
wolfSSL	0:1239e9b70ca2	3062	}
wolfSSL	0:1239e9b70ca2	3063	else {
wolfSSL	0:1239e9b70ca2	3064	if (p != (char)XTOLOWER(*str))
wolfSSL	0:1239e9b70ca2	3065	return 0;
wolfSSL	0:1239e9b70ca2	3066	}
wolfSSL	0:1239e9b70ca2	3067
wolfSSL	0:1239e9b70ca2	3068	if (*str != '\0')
wolfSSL	0:1239e9b70ca2	3069	str++;
wolfSSL	0:1239e9b70ca2	3070
wolfSSL	0:1239e9b70ca2	3071	if (len > 0)
wolfSSL	0:1239e9b70ca2	3072	len--;
wolfSSL	0:1239e9b70ca2	3073	}
wolfSSL	0:1239e9b70ca2	3074
wolfSSL	0:1239e9b70ca2	3075	return *str == '\0';
wolfSSL	0:1239e9b70ca2	3076	}
wolfSSL	0:1239e9b70ca2	3077
wolfSSL	0:1239e9b70ca2	3078
wolfSSL	0:1239e9b70ca2	3079	/* try to find an altName match to domain, return 1 on success */
wolfSSL	0:1239e9b70ca2	3080	static int CheckAltNames(DecodedCert* dCert, char* domain)
wolfSSL	0:1239e9b70ca2	3081	{
wolfSSL	0:1239e9b70ca2	3082	int match = 0;
wolfSSL	0:1239e9b70ca2	3083	DNS_entry* altName = NULL;
wolfSSL	0:1239e9b70ca2	3084
wolfSSL	0:1239e9b70ca2	3085	CYASSL_MSG("Checking AltNames");
wolfSSL	0:1239e9b70ca2	3086
wolfSSL	0:1239e9b70ca2	3087	if (dCert)
wolfSSL	0:1239e9b70ca2	3088	altName = dCert->altNames;
wolfSSL	0:1239e9b70ca2	3089
wolfSSL	0:1239e9b70ca2	3090	while (altName) {
wolfSSL	0:1239e9b70ca2	3091	CYASSL_MSG(" individual AltName check");
wolfSSL	0:1239e9b70ca2	3092
wolfSSL	0:1239e9b70ca2	3093	if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){
wolfSSL	0:1239e9b70ca2	3094	match = 1;
wolfSSL	0:1239e9b70ca2	3095	break;
wolfSSL	0:1239e9b70ca2	3096	}
wolfSSL	0:1239e9b70ca2	3097
wolfSSL	0:1239e9b70ca2	3098	altName = altName->next;
wolfSSL	0:1239e9b70ca2	3099	}
wolfSSL	0:1239e9b70ca2	3100
wolfSSL	0:1239e9b70ca2	3101	return match;
wolfSSL	0:1239e9b70ca2	3102	}
wolfSSL	0:1239e9b70ca2	3103
wolfSSL	0:1239e9b70ca2	3104
wolfSSL	0:1239e9b70ca2	3105	#if defined(KEEP_PEER_CERT) \|\| defined(SESSION_CERTS)
wolfSSL	0:1239e9b70ca2	3106
wolfSSL	0:1239e9b70ca2	3107	/* Copy parts X509 needs from Decoded cert, 0 on success */
wolfSSL	0:1239e9b70ca2	3108	int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
wolfSSL	0:1239e9b70ca2	3109	{
wolfSSL	0:1239e9b70ca2	3110	int ret = 0;
wolfSSL	0:1239e9b70ca2	3111
wolfSSL	0:1239e9b70ca2	3112	if (x509 == NULL \|\| dCert == NULL)
wolfSSL	0:1239e9b70ca2	3113	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	3114
wolfSSL	0:1239e9b70ca2	3115	x509->version = dCert->version + 1;
wolfSSL	0:1239e9b70ca2	3116
wolfSSL	0:1239e9b70ca2	3117	XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
wolfSSL	0:1239e9b70ca2	3118	x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL	0:1239e9b70ca2	3119	x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
wolfSSL	0:1239e9b70ca2	3120	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	3121	if (dCert->issuerName.fullName != NULL) {
wolfSSL	0:1239e9b70ca2	3122	XMEMCPY(&x509->issuer.fullName,
wolfSSL	0:1239e9b70ca2	3123	&dCert->issuerName, sizeof(DecodedName));
wolfSSL	0:1239e9b70ca2	3124	x509->issuer.fullName.fullName = (char*)XMALLOC(
wolfSSL	0:1239e9b70ca2	3125	dCert->issuerName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	3126	if (x509->issuer.fullName.fullName != NULL)
wolfSSL	0:1239e9b70ca2	3127	XMEMCPY(x509->issuer.fullName.fullName,
wolfSSL	0:1239e9b70ca2	3128	dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
wolfSSL	0:1239e9b70ca2	3129	}
wolfSSL	0:1239e9b70ca2	3130	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	3131
wolfSSL	0:1239e9b70ca2	3132	XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
wolfSSL	0:1239e9b70ca2	3133	x509->subject.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL	0:1239e9b70ca2	3134	x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
wolfSSL	0:1239e9b70ca2	3135	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	3136	if (dCert->subjectName.fullName != NULL) {
wolfSSL	0:1239e9b70ca2	3137	XMEMCPY(&x509->subject.fullName,
wolfSSL	0:1239e9b70ca2	3138	&dCert->subjectName, sizeof(DecodedName));
wolfSSL	0:1239e9b70ca2	3139	x509->subject.fullName.fullName = (char*)XMALLOC(
wolfSSL	0:1239e9b70ca2	3140	dCert->subjectName.fullNameLen, NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	3141	if (x509->subject.fullName.fullName != NULL)
wolfSSL	0:1239e9b70ca2	3142	XMEMCPY(x509->subject.fullName.fullName,
wolfSSL	0:1239e9b70ca2	3143	dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
wolfSSL	0:1239e9b70ca2	3144	}
wolfSSL	0:1239e9b70ca2	3145	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	3146
wolfSSL	0:1239e9b70ca2	3147	XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
wolfSSL	0:1239e9b70ca2	3148	x509->serialSz = dCert->serialSz;
wolfSSL	0:1239e9b70ca2	3149	if (dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL	0:1239e9b70ca2	3150	XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
wolfSSL	0:1239e9b70ca2	3151	x509->subjectCN[dCert->subjectCNLen] = '\0';
wolfSSL	0:1239e9b70ca2	3152	}
wolfSSL	0:1239e9b70ca2	3153	else
wolfSSL	0:1239e9b70ca2	3154	x509->subjectCN[0] = '\0';
wolfSSL	0:1239e9b70ca2	3155
wolfSSL	0:1239e9b70ca2	3156	#ifdef CYASSL_SEP
wolfSSL	0:1239e9b70ca2	3157	{
wolfSSL	0:1239e9b70ca2	3158	int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL	0:1239e9b70ca2	3159	if (minSz > 0) {
wolfSSL	0:1239e9b70ca2	3160	x509->deviceTypeSz = minSz;
wolfSSL	0:1239e9b70ca2	3161	XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
wolfSSL	0:1239e9b70ca2	3162	}
wolfSSL	0:1239e9b70ca2	3163	else
wolfSSL	0:1239e9b70ca2	3164	x509->deviceTypeSz = 0;
wolfSSL	0:1239e9b70ca2	3165	minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL	0:1239e9b70ca2	3166	if (minSz != 0) {
wolfSSL	0:1239e9b70ca2	3167	x509->hwTypeSz = minSz;
wolfSSL	0:1239e9b70ca2	3168	XMEMCPY(x509->hwType, dCert->hwType, minSz);
wolfSSL	0:1239e9b70ca2	3169	}
wolfSSL	0:1239e9b70ca2	3170	else
wolfSSL	0:1239e9b70ca2	3171	x509->hwTypeSz = 0;
wolfSSL	0:1239e9b70ca2	3172	minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
wolfSSL	0:1239e9b70ca2	3173	if (minSz != 0) {
wolfSSL	0:1239e9b70ca2	3174	x509->hwSerialNumSz = minSz;
wolfSSL	0:1239e9b70ca2	3175	XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
wolfSSL	0:1239e9b70ca2	3176	}
wolfSSL	0:1239e9b70ca2	3177	else
wolfSSL	0:1239e9b70ca2	3178	x509->hwSerialNumSz = 0;
wolfSSL	0:1239e9b70ca2	3179	}
wolfSSL	0:1239e9b70ca2	3180	#endif /* CYASSL_SEP */
wolfSSL	0:1239e9b70ca2	3181	{
wolfSSL	0:1239e9b70ca2	3182	int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ);
wolfSSL	0:1239e9b70ca2	3183	if (minSz != 0) {
wolfSSL	0:1239e9b70ca2	3184	x509->notBeforeSz = minSz;
wolfSSL	0:1239e9b70ca2	3185	XMEMCPY(x509->notBefore, dCert->beforeDate, minSz);
wolfSSL	0:1239e9b70ca2	3186	}
wolfSSL	0:1239e9b70ca2	3187	else
wolfSSL	0:1239e9b70ca2	3188	x509->notBeforeSz = 0;
wolfSSL	0:1239e9b70ca2	3189	minSz = min(dCert->afterDateLen, MAX_DATE_SZ);
wolfSSL	0:1239e9b70ca2	3190	if (minSz != 0) {
wolfSSL	0:1239e9b70ca2	3191	x509->notAfterSz = minSz;
wolfSSL	0:1239e9b70ca2	3192	XMEMCPY(x509->notAfter, dCert->afterDate, minSz);
wolfSSL	0:1239e9b70ca2	3193	}
wolfSSL	0:1239e9b70ca2	3194	else
wolfSSL	0:1239e9b70ca2	3195	x509->notAfterSz = 0;
wolfSSL	0:1239e9b70ca2	3196	}
wolfSSL	0:1239e9b70ca2	3197
wolfSSL	0:1239e9b70ca2	3198	if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
wolfSSL	0:1239e9b70ca2	3199	x509->pubKey.buffer = (byte*)XMALLOC(
wolfSSL	0:1239e9b70ca2	3200	dCert->pubKeySize, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	0:1239e9b70ca2	3201	if (x509->pubKey.buffer != NULL) {
wolfSSL	0:1239e9b70ca2	3202	x509->pubKeyOID = dCert->keyOID;
wolfSSL	0:1239e9b70ca2	3203	x509->pubKey.length = dCert->pubKeySize;
wolfSSL	0:1239e9b70ca2	3204	XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize);
wolfSSL	0:1239e9b70ca2	3205	}
wolfSSL	0:1239e9b70ca2	3206	else
wolfSSL	0:1239e9b70ca2	3207	ret = MEMORY_E;
wolfSSL	0:1239e9b70ca2	3208	}
wolfSSL	0:1239e9b70ca2	3209
wolfSSL	0:1239e9b70ca2	3210	if (dCert->signature != NULL && dCert->sigLength != 0) {
wolfSSL	0:1239e9b70ca2	3211	x509->sig.buffer = (byte*)XMALLOC(
wolfSSL	0:1239e9b70ca2	3212	dCert->sigLength, NULL, DYNAMIC_TYPE_SIGNATURE);
wolfSSL	0:1239e9b70ca2	3213	if (x509->sig.buffer == NULL) {
wolfSSL	0:1239e9b70ca2	3214	ret = MEMORY_E;
wolfSSL	0:1239e9b70ca2	3215	}
wolfSSL	0:1239e9b70ca2	3216	else {
wolfSSL	0:1239e9b70ca2	3217	XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
wolfSSL	0:1239e9b70ca2	3218	x509->sig.length = dCert->sigLength;
wolfSSL	0:1239e9b70ca2	3219	x509->sigOID = dCert->signatureOID;
wolfSSL	0:1239e9b70ca2	3220	}
wolfSSL	0:1239e9b70ca2	3221	}
wolfSSL	0:1239e9b70ca2	3222
wolfSSL	0:1239e9b70ca2	3223	/* store cert for potential retrieval */
wolfSSL	0:1239e9b70ca2	3224	x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL,
wolfSSL	0:1239e9b70ca2	3225	DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	3226	if (x509->derCert.buffer == NULL) {
wolfSSL	0:1239e9b70ca2	3227	ret = MEMORY_E;
wolfSSL	0:1239e9b70ca2	3228	}
wolfSSL	0:1239e9b70ca2	3229	else {
wolfSSL	0:1239e9b70ca2	3230	XMEMCPY(x509->derCert.buffer, dCert->source, dCert->maxIdx);
wolfSSL	0:1239e9b70ca2	3231	x509->derCert.length = dCert->maxIdx;
wolfSSL	0:1239e9b70ca2	3232	}
wolfSSL	0:1239e9b70ca2	3233
wolfSSL	0:1239e9b70ca2	3234	x509->altNames = dCert->altNames;
wolfSSL	0:1239e9b70ca2	3235	dCert->altNames = NULL; /* takes ownership */
wolfSSL	0:1239e9b70ca2	3236	x509->altNamesNext = x509->altNames; /* index hint */
wolfSSL	0:1239e9b70ca2	3237
wolfSSL	0:1239e9b70ca2	3238	x509->isCa = dCert->isCA;
wolfSSL	0:1239e9b70ca2	3239	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	3240	x509->pathLength = dCert->pathLength;
wolfSSL	0:1239e9b70ca2	3241	x509->keyUsage = dCert->extKeyUsage;
wolfSSL	0:1239e9b70ca2	3242
wolfSSL	0:1239e9b70ca2	3243	x509->basicConstSet = dCert->extBasicConstSet;
wolfSSL	0:1239e9b70ca2	3244	x509->basicConstCrit = dCert->extBasicConstCrit;
wolfSSL	0:1239e9b70ca2	3245	x509->basicConstPlSet = dCert->extBasicConstPlSet;
wolfSSL	0:1239e9b70ca2	3246	x509->subjAltNameSet = dCert->extSubjAltNameSet;
wolfSSL	0:1239e9b70ca2	3247	x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
wolfSSL	0:1239e9b70ca2	3248	x509->authKeyIdSet = dCert->extAuthKeyIdSet;
wolfSSL	0:1239e9b70ca2	3249	x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
wolfSSL	0:1239e9b70ca2	3250	if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
wolfSSL	0:1239e9b70ca2	3251	x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL, 0);
wolfSSL	0:1239e9b70ca2	3252	if (x509->authKeyId != NULL) {
wolfSSL	0:1239e9b70ca2	3253	XMEMCPY(x509->authKeyId,
wolfSSL	0:1239e9b70ca2	3254	dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
wolfSSL	0:1239e9b70ca2	3255	x509->authKeyIdSz = dCert->extAuthKeyIdSz;
wolfSSL	0:1239e9b70ca2	3256	}
wolfSSL	0:1239e9b70ca2	3257	else
wolfSSL	0:1239e9b70ca2	3258	ret = MEMORY_E;
wolfSSL	0:1239e9b70ca2	3259	}
wolfSSL	0:1239e9b70ca2	3260	x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
wolfSSL	0:1239e9b70ca2	3261	x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
wolfSSL	0:1239e9b70ca2	3262	if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
wolfSSL	0:1239e9b70ca2	3263	x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL, 0);
wolfSSL	0:1239e9b70ca2	3264	if (x509->subjKeyId != NULL) {
wolfSSL	0:1239e9b70ca2	3265	XMEMCPY(x509->subjKeyId,
wolfSSL	0:1239e9b70ca2	3266	dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
wolfSSL	0:1239e9b70ca2	3267	x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
wolfSSL	0:1239e9b70ca2	3268	}
wolfSSL	0:1239e9b70ca2	3269	else
wolfSSL	0:1239e9b70ca2	3270	ret = MEMORY_E;
wolfSSL	0:1239e9b70ca2	3271	}
wolfSSL	0:1239e9b70ca2	3272	x509->keyUsageSet = dCert->extKeyUsageSet;
wolfSSL	0:1239e9b70ca2	3273	x509->keyUsageCrit = dCert->extKeyUsageCrit;
wolfSSL	0:1239e9b70ca2	3274	#ifdef CYASSL_SEP
wolfSSL	0:1239e9b70ca2	3275	x509->certPolicySet = dCert->extCertPolicySet;
wolfSSL	0:1239e9b70ca2	3276	x509->certPolicyCrit = dCert->extCertPolicyCrit;
wolfSSL	0:1239e9b70ca2	3277	#endif /* CYASSL_SEP */
wolfSSL	0:1239e9b70ca2	3278	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	3279	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	3280	x509->pkCurveOID = dCert->pkCurveOID;
wolfSSL	0:1239e9b70ca2	3281	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	3282
wolfSSL	0:1239e9b70ca2	3283	return ret;
wolfSSL	0:1239e9b70ca2	3284	}
wolfSSL	0:1239e9b70ca2	3285
wolfSSL	0:1239e9b70ca2	3286	#endif /* KEEP_PEER_CERT \|\| SESSION_CERTS */
wolfSSL	0:1239e9b70ca2	3287
wolfSSL	0:1239e9b70ca2	3288
wolfSSL	0:1239e9b70ca2	3289	static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	3290	word32 size)
wolfSSL	0:1239e9b70ca2	3291	{
wolfSSL	0:1239e9b70ca2	3292	word32 listSz, begin = *inOutIdx;
wolfSSL	0:1239e9b70ca2	3293	int ret = 0;
wolfSSL	0:1239e9b70ca2	3294	int anyError = 0;
wolfSSL	0:1239e9b70ca2	3295	int totalCerts = 0; /* number of certs in certs buffer */
wolfSSL	0:1239e9b70ca2	3296	int count;
wolfSSL	0:1239e9b70ca2	3297	char domain[ASN_NAME_MAX];
wolfSSL	0:1239e9b70ca2	3298	buffer certs[MAX_CHAIN_DEPTH];
wolfSSL	0:1239e9b70ca2	3299
wolfSSL	0:1239e9b70ca2	3300	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	3301	if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	3302	if (ssl->toInfoOn) AddLateName("Certificate", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	3303	#endif
wolfSSL	0:1239e9b70ca2	3304
wolfSSL	0:1239e9b70ca2	3305	if ((*inOutIdx - begin) + OPAQUE24_LEN > size)
wolfSSL	0:1239e9b70ca2	3306	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	3307
wolfSSL	0:1239e9b70ca2	3308	c24to32(input + *inOutIdx, &listSz);
wolfSSL	0:1239e9b70ca2	3309	*inOutIdx += OPAQUE24_LEN;
wolfSSL	0:1239e9b70ca2	3310
wolfSSL	0:1239e9b70ca2	3311	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	0:1239e9b70ca2	3312	if (listSz > ssl->max_fragment)
wolfSSL	0:1239e9b70ca2	3313	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	3314	#else
wolfSSL	0:1239e9b70ca2	3315	if (listSz > MAX_RECORD_SIZE)
wolfSSL	0:1239e9b70ca2	3316	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	3317	#endif
wolfSSL	0:1239e9b70ca2	3318
wolfSSL	0:1239e9b70ca2	3319	if ((*inOutIdx - begin) + listSz != size)
wolfSSL	0:1239e9b70ca2	3320	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	3321
wolfSSL	0:1239e9b70ca2	3322	CYASSL_MSG("Loading peer's cert chain");
wolfSSL	0:1239e9b70ca2	3323	/* first put cert chain into buffer so can verify top down
wolfSSL	0:1239e9b70ca2	3324	we're sent bottom up */
wolfSSL	0:1239e9b70ca2	3325	while (listSz) {
wolfSSL	0:1239e9b70ca2	3326	word32 certSz;
wolfSSL	0:1239e9b70ca2	3327
wolfSSL	0:1239e9b70ca2	3328	if (totalCerts >= MAX_CHAIN_DEPTH)
wolfSSL	0:1239e9b70ca2	3329	return MAX_CHAIN_ERROR;
wolfSSL	0:1239e9b70ca2	3330
wolfSSL	0:1239e9b70ca2	3331	if ((*inOutIdx - begin) + OPAQUE24_LEN > size)
wolfSSL	0:1239e9b70ca2	3332	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	3333
wolfSSL	0:1239e9b70ca2	3334	c24to32(input + *inOutIdx, &certSz);
wolfSSL	0:1239e9b70ca2	3335	*inOutIdx += OPAQUE24_LEN;
wolfSSL	0:1239e9b70ca2	3336
wolfSSL	0:1239e9b70ca2	3337	if ((*inOutIdx - begin) + certSz > size)
wolfSSL	0:1239e9b70ca2	3338	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	3339
wolfSSL	0:1239e9b70ca2	3340	certs[totalCerts].length = certSz;
wolfSSL	0:1239e9b70ca2	3341	certs[totalCerts].buffer = input + *inOutIdx;
wolfSSL	0:1239e9b70ca2	3342
wolfSSL	0:1239e9b70ca2	3343	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	3344	if (ssl->session.chain.count < MAX_CHAIN_DEPTH &&
wolfSSL	0:1239e9b70ca2	3345	certSz < MAX_X509_SIZE) {
wolfSSL	0:1239e9b70ca2	3346	ssl->session.chain.certs[ssl->session.chain.count].length = certSz;
wolfSSL	0:1239e9b70ca2	3347	XMEMCPY(ssl->session.chain.certs[ssl->session.chain.count].buffer,
wolfSSL	0:1239e9b70ca2	3348	input + *inOutIdx, certSz);
wolfSSL	0:1239e9b70ca2	3349	ssl->session.chain.count++;
wolfSSL	0:1239e9b70ca2	3350	} else {
wolfSSL	0:1239e9b70ca2	3351	CYASSL_MSG("Couldn't store chain cert for session");
wolfSSL	0:1239e9b70ca2	3352	}
wolfSSL	0:1239e9b70ca2	3353	#endif
wolfSSL	0:1239e9b70ca2	3354
wolfSSL	0:1239e9b70ca2	3355	*inOutIdx += certSz;
wolfSSL	0:1239e9b70ca2	3356	listSz -= certSz + CERT_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	3357
wolfSSL	0:1239e9b70ca2	3358	totalCerts++;
wolfSSL	0:1239e9b70ca2	3359	CYASSL_MSG(" Put another cert into chain");
wolfSSL	0:1239e9b70ca2	3360	}
wolfSSL	0:1239e9b70ca2	3361
wolfSSL	0:1239e9b70ca2	3362	count = totalCerts;
wolfSSL	0:1239e9b70ca2	3363
wolfSSL	0:1239e9b70ca2	3364	/* verify up to peer's first */
wolfSSL	0:1239e9b70ca2	3365	while (count > 1) {
wolfSSL	0:1239e9b70ca2	3366	buffer myCert = certs[count - 1];
wolfSSL	0:1239e9b70ca2	3367	DecodedCert dCert;
wolfSSL	0:1239e9b70ca2	3368	byte* subjectHash;
wolfSSL	0:1239e9b70ca2	3369
wolfSSL	0:1239e9b70ca2	3370	InitDecodedCert(&dCert, myCert.buffer, myCert.length, ssl->heap);
wolfSSL	0:1239e9b70ca2	3371	ret = ParseCertRelative(&dCert, CERT_TYPE, !ssl->options.verifyNone,
wolfSSL	0:1239e9b70ca2	3372	ssl->ctx->cm);
wolfSSL	0:1239e9b70ca2	3373	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	3374	subjectHash = dCert.extSubjKeyId;
wolfSSL	0:1239e9b70ca2	3375	#else
wolfSSL	0:1239e9b70ca2	3376	subjectHash = dCert.subjectHash;
wolfSSL	0:1239e9b70ca2	3377	#endif
wolfSSL	0:1239e9b70ca2	3378
wolfSSL	0:1239e9b70ca2	3379	if (ret == 0 && dCert.isCA == 0) {
wolfSSL	0:1239e9b70ca2	3380	CYASSL_MSG("Chain cert is not a CA, not adding as one");
wolfSSL	0:1239e9b70ca2	3381	}
wolfSSL	0:1239e9b70ca2	3382	else if (ret == 0 && ssl->options.verifyNone) {
wolfSSL	0:1239e9b70ca2	3383	CYASSL_MSG("Chain cert not verified by option, not adding as CA");
wolfSSL	0:1239e9b70ca2	3384	}
wolfSSL	0:1239e9b70ca2	3385	else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) {
wolfSSL	0:1239e9b70ca2	3386	buffer add;
wolfSSL	0:1239e9b70ca2	3387	add.length = myCert.length;
wolfSSL	0:1239e9b70ca2	3388	add.buffer = (byte*)XMALLOC(myCert.length, ssl->heap,
wolfSSL	0:1239e9b70ca2	3389	DYNAMIC_TYPE_CA);
wolfSSL	0:1239e9b70ca2	3390	CYASSL_MSG("Adding CA from chain");
wolfSSL	0:1239e9b70ca2	3391
wolfSSL	0:1239e9b70ca2	3392	if (add.buffer == NULL)
wolfSSL	0:1239e9b70ca2	3393	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	3394	XMEMCPY(add.buffer, myCert.buffer, myCert.length);
wolfSSL	0:1239e9b70ca2	3395
wolfSSL	0:1239e9b70ca2	3396	ret = AddCA(ssl->ctx->cm, add, CYASSL_CHAIN_CA,
wolfSSL	0:1239e9b70ca2	3397	ssl->ctx->verifyPeer);
wolfSSL	0:1239e9b70ca2	3398	if (ret == 1) ret = 0; /* SSL_SUCCESS for external */
wolfSSL	0:1239e9b70ca2	3399	}
wolfSSL	0:1239e9b70ca2	3400	else if (ret != 0) {
wolfSSL	0:1239e9b70ca2	3401	CYASSL_MSG("Failed to verify CA from chain");
wolfSSL	0:1239e9b70ca2	3402	}
wolfSSL	0:1239e9b70ca2	3403	else {
wolfSSL	0:1239e9b70ca2	3404	CYASSL_MSG("Verified CA from chain and already had it");
wolfSSL	0:1239e9b70ca2	3405	}
wolfSSL	0:1239e9b70ca2	3406
wolfSSL	0:1239e9b70ca2	3407	#ifdef HAVE_CRL
wolfSSL	0:1239e9b70ca2	3408	if (ret == 0 && ssl->ctx->cm->crlEnabled && ssl->ctx->cm->crlCheckAll) {
wolfSSL	0:1239e9b70ca2	3409	CYASSL_MSG("Doing Non Leaf CRL check");
wolfSSL	0:1239e9b70ca2	3410	ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert);
wolfSSL	0:1239e9b70ca2	3411
wolfSSL	0:1239e9b70ca2	3412	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	3413	CYASSL_MSG("\tCRL check not ok");
wolfSSL	0:1239e9b70ca2	3414	}
wolfSSL	0:1239e9b70ca2	3415	}
wolfSSL	0:1239e9b70ca2	3416	#endif /* HAVE_CRL */
wolfSSL	0:1239e9b70ca2	3417
wolfSSL	0:1239e9b70ca2	3418	if (ret != 0 && anyError == 0)
wolfSSL	0:1239e9b70ca2	3419	anyError = ret; /* save error from last time */
wolfSSL	0:1239e9b70ca2	3420
wolfSSL	0:1239e9b70ca2	3421	FreeDecodedCert(&dCert);
wolfSSL	0:1239e9b70ca2	3422	count--;
wolfSSL	0:1239e9b70ca2	3423	}
wolfSSL	0:1239e9b70ca2	3424
wolfSSL	0:1239e9b70ca2	3425	/* peer's, may not have one if blank client cert sent by TLSv1.2 */
wolfSSL	0:1239e9b70ca2	3426	if (count) {
wolfSSL	0:1239e9b70ca2	3427	buffer myCert = certs[0];
wolfSSL	0:1239e9b70ca2	3428	DecodedCert dCert;
wolfSSL	0:1239e9b70ca2	3429	int fatal = 0;
wolfSSL	0:1239e9b70ca2	3430
wolfSSL	0:1239e9b70ca2	3431	CYASSL_MSG("Verifying Peer's cert");
wolfSSL	0:1239e9b70ca2	3432
wolfSSL	0:1239e9b70ca2	3433	InitDecodedCert(&dCert, myCert.buffer, myCert.length, ssl->heap);
wolfSSL	0:1239e9b70ca2	3434	ret = ParseCertRelative(&dCert, CERT_TYPE, !ssl->options.verifyNone,
wolfSSL	0:1239e9b70ca2	3435	ssl->ctx->cm);
wolfSSL	0:1239e9b70ca2	3436	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	3437	CYASSL_MSG("Verified Peer's cert");
wolfSSL	0:1239e9b70ca2	3438	fatal = 0;
wolfSSL	0:1239e9b70ca2	3439	}
wolfSSL	0:1239e9b70ca2	3440	else if (ret == ASN_PARSE_E) {
wolfSSL	0:1239e9b70ca2	3441	CYASSL_MSG("Got Peer cert ASN PARSE ERROR, fatal");
wolfSSL	0:1239e9b70ca2	3442	fatal = 1;
wolfSSL	0:1239e9b70ca2	3443	}
wolfSSL	0:1239e9b70ca2	3444	else {
wolfSSL	0:1239e9b70ca2	3445	CYASSL_MSG("Failed to verify Peer's cert");
wolfSSL	0:1239e9b70ca2	3446	if (ssl->verifyCallback) {
wolfSSL	0:1239e9b70ca2	3447	CYASSL_MSG("\tCallback override available, will continue");
wolfSSL	0:1239e9b70ca2	3448	fatal = 0;
wolfSSL	0:1239e9b70ca2	3449	}
wolfSSL	0:1239e9b70ca2	3450	else {
wolfSSL	0:1239e9b70ca2	3451	CYASSL_MSG("\tNo callback override available, fatal");
wolfSSL	0:1239e9b70ca2	3452	fatal = 1;
wolfSSL	0:1239e9b70ca2	3453	}
wolfSSL	0:1239e9b70ca2	3454	}
wolfSSL	0:1239e9b70ca2	3455
wolfSSL	0:1239e9b70ca2	3456	#ifdef HAVE_OCSP
wolfSSL	0:1239e9b70ca2	3457	if (fatal == 0 && ssl->ctx->cm->ocspEnabled) {
wolfSSL	0:1239e9b70ca2	3458	ret = CheckCertOCSP(ssl->ctx->cm->ocsp, &dCert);
wolfSSL	0:1239e9b70ca2	3459	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	3460	CYASSL_MSG("\tOCSP Lookup not ok");
wolfSSL	0:1239e9b70ca2	3461	fatal = 0;
wolfSSL	0:1239e9b70ca2	3462	}
wolfSSL	0:1239e9b70ca2	3463	}
wolfSSL	0:1239e9b70ca2	3464	#endif
wolfSSL	0:1239e9b70ca2	3465
wolfSSL	0:1239e9b70ca2	3466	#ifdef HAVE_CRL
wolfSSL	0:1239e9b70ca2	3467	if (fatal == 0 && ssl->ctx->cm->crlEnabled) {
wolfSSL	0:1239e9b70ca2	3468	int doCrlLookup = 1;
wolfSSL	0:1239e9b70ca2	3469
wolfSSL	0:1239e9b70ca2	3470	#ifdef HAVE_OCSP
wolfSSL	0:1239e9b70ca2	3471	if (ssl->ctx->cm->ocspEnabled) {
wolfSSL	0:1239e9b70ca2	3472	doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL	0:1239e9b70ca2	3473	}
wolfSSL	0:1239e9b70ca2	3474	#endif /* HAVE_OCSP */
wolfSSL	0:1239e9b70ca2	3475
wolfSSL	0:1239e9b70ca2	3476	if (doCrlLookup) {
wolfSSL	0:1239e9b70ca2	3477	CYASSL_MSG("Doing Leaf CRL check");
wolfSSL	0:1239e9b70ca2	3478	ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert);
wolfSSL	0:1239e9b70ca2	3479
wolfSSL	0:1239e9b70ca2	3480	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	3481	CYASSL_MSG("\tCRL check not ok");
wolfSSL	0:1239e9b70ca2	3482	fatal = 0;
wolfSSL	0:1239e9b70ca2	3483	}
wolfSSL	0:1239e9b70ca2	3484	}
wolfSSL	0:1239e9b70ca2	3485	}
wolfSSL	0:1239e9b70ca2	3486
wolfSSL	0:1239e9b70ca2	3487	#endif /* HAVE_CRL */
wolfSSL	0:1239e9b70ca2	3488
wolfSSL	0:1239e9b70ca2	3489	#ifdef KEEP_PEER_CERT
wolfSSL	0:1239e9b70ca2	3490	{
wolfSSL	0:1239e9b70ca2	3491	/* set X509 format for peer cert even if fatal */
wolfSSL	0:1239e9b70ca2	3492	int copyRet = CopyDecodedToX509(&ssl->peerCert, &dCert);
wolfSSL	0:1239e9b70ca2	3493	if (copyRet == MEMORY_E)
wolfSSL	0:1239e9b70ca2	3494	fatal = 1;
wolfSSL	0:1239e9b70ca2	3495	}
wolfSSL	0:1239e9b70ca2	3496	#endif
wolfSSL	0:1239e9b70ca2	3497
wolfSSL	0:1239e9b70ca2	3498	#ifndef IGNORE_KEY_EXTENSIONS
wolfSSL	0:1239e9b70ca2	3499	if (dCert.extKeyUsageSet) {
wolfSSL	0:1239e9b70ca2	3500	if ((ssl->specs.kea == rsa_kea) &&
wolfSSL	0:1239e9b70ca2	3501	(dCert.extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
wolfSSL	0:1239e9b70ca2	3502	ret = KEYUSE_ENCIPHER_E;
wolfSSL	0:1239e9b70ca2	3503	}
wolfSSL	0:1239e9b70ca2	3504	if ((ssl->specs.sig_algo == rsa_sa_algo \|\|
wolfSSL	0:1239e9b70ca2	3505	ssl->specs.sig_algo == ecc_dsa_sa_algo) &&
wolfSSL	0:1239e9b70ca2	3506	(dCert.extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
wolfSSL	0:1239e9b70ca2	3507	CYASSL_MSG("KeyUse Digital Sig not set");
wolfSSL	0:1239e9b70ca2	3508	ret = KEYUSE_SIGNATURE_E;
wolfSSL	0:1239e9b70ca2	3509	}
wolfSSL	0:1239e9b70ca2	3510	}
wolfSSL	0:1239e9b70ca2	3511
wolfSSL	0:1239e9b70ca2	3512	if (dCert.extExtKeyUsageSet) {
wolfSSL	0:1239e9b70ca2	3513	if (ssl->options.side == CYASSL_CLIENT_END) {
wolfSSL	0:1239e9b70ca2	3514	if ((dCert.extExtKeyUsage &
wolfSSL	0:1239e9b70ca2	3515	(EXTKEYUSE_ANY \| EXTKEYUSE_SERVER_AUTH)) == 0) {
wolfSSL	0:1239e9b70ca2	3516	CYASSL_MSG("ExtKeyUse Server Auth not set");
wolfSSL	0:1239e9b70ca2	3517	ret = EXTKEYUSE_AUTH_E;
wolfSSL	0:1239e9b70ca2	3518	}
wolfSSL	0:1239e9b70ca2	3519	}
wolfSSL	0:1239e9b70ca2	3520	else {
wolfSSL	0:1239e9b70ca2	3521	if ((dCert.extExtKeyUsage &
wolfSSL	0:1239e9b70ca2	3522	(EXTKEYUSE_ANY \| EXTKEYUSE_CLIENT_AUTH)) == 0) {
wolfSSL	0:1239e9b70ca2	3523	CYASSL_MSG("ExtKeyUse Client Auth not set");
wolfSSL	0:1239e9b70ca2	3524	ret = EXTKEYUSE_AUTH_E;
wolfSSL	0:1239e9b70ca2	3525	}
wolfSSL	0:1239e9b70ca2	3526	}
wolfSSL	0:1239e9b70ca2	3527	}
wolfSSL	0:1239e9b70ca2	3528	#endif /* IGNORE_KEY_EXTENSIONS */
wolfSSL	0:1239e9b70ca2	3529
wolfSSL	0:1239e9b70ca2	3530	if (fatal) {
wolfSSL	0:1239e9b70ca2	3531	FreeDecodedCert(&dCert);
wolfSSL	0:1239e9b70ca2	3532	ssl->error = ret;
wolfSSL	0:1239e9b70ca2	3533	return ret;
wolfSSL	0:1239e9b70ca2	3534	}
wolfSSL	0:1239e9b70ca2	3535	ssl->options.havePeerCert = 1;
wolfSSL	0:1239e9b70ca2	3536
wolfSSL	0:1239e9b70ca2	3537	/* store for callback use */
wolfSSL	0:1239e9b70ca2	3538	if (dCert.subjectCNLen < ASN_NAME_MAX) {
wolfSSL	0:1239e9b70ca2	3539	XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);
wolfSSL	0:1239e9b70ca2	3540	domain[dCert.subjectCNLen] = '\0';
wolfSSL	0:1239e9b70ca2	3541	}
wolfSSL	0:1239e9b70ca2	3542	else
wolfSSL	0:1239e9b70ca2	3543	domain[0] = '\0';
wolfSSL	0:1239e9b70ca2	3544
wolfSSL	0:1239e9b70ca2	3545	if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) {
wolfSSL	0:1239e9b70ca2	3546	if (MatchDomainName(dCert.subjectCN, dCert.subjectCNLen,
wolfSSL	0:1239e9b70ca2	3547	(char*)ssl->buffers.domainName.buffer) == 0) {
wolfSSL	0:1239e9b70ca2	3548	CYASSL_MSG("DomainName match on common name failed");
wolfSSL	0:1239e9b70ca2	3549	if (CheckAltNames(&dCert,
wolfSSL	0:1239e9b70ca2	3550	(char*)ssl->buffers.domainName.buffer) == 0 ) {
wolfSSL	0:1239e9b70ca2	3551	CYASSL_MSG("DomainName match on alt names failed too");
wolfSSL	0:1239e9b70ca2	3552	ret = DOMAIN_NAME_MISMATCH; /* try to get peer key still */
wolfSSL	0:1239e9b70ca2	3553	}
wolfSSL	0:1239e9b70ca2	3554	}
wolfSSL	0:1239e9b70ca2	3555	}
wolfSSL	0:1239e9b70ca2	3556
wolfSSL	0:1239e9b70ca2	3557	/* decode peer key */
wolfSSL	0:1239e9b70ca2	3558	switch (dCert.keyOID) {
wolfSSL	0:1239e9b70ca2	3559	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	3560	case RSAk:
wolfSSL	0:1239e9b70ca2	3561	{
wolfSSL	0:1239e9b70ca2	3562	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	3563	if (RsaPublicKeyDecode(dCert.publicKey, &idx,
wolfSSL	0:1239e9b70ca2	3564	ssl->peerRsaKey, dCert.pubKeySize) != 0) {
wolfSSL	0:1239e9b70ca2	3565	ret = PEER_KEY_ERROR;
wolfSSL	0:1239e9b70ca2	3566	}
wolfSSL	0:1239e9b70ca2	3567	else {
wolfSSL	0:1239e9b70ca2	3568	ssl->peerRsaKeyPresent = 1;
wolfSSL	0:1239e9b70ca2	3569	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	3570	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	3571	ssl->buffers.peerRsaKey.buffer =
wolfSSL	0:1239e9b70ca2	3572	XMALLOC(dCert.pubKeySize,
wolfSSL	0:1239e9b70ca2	3573	ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	3574	if (ssl->buffers.peerRsaKey.buffer == NULL)
wolfSSL	0:1239e9b70ca2	3575	ret = MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	3576	else {
wolfSSL	0:1239e9b70ca2	3577	XMEMCPY(ssl->buffers.peerRsaKey.buffer,
wolfSSL	0:1239e9b70ca2	3578	dCert.publicKey, dCert.pubKeySize);
wolfSSL	0:1239e9b70ca2	3579	ssl->buffers.peerRsaKey.length =
wolfSSL	0:1239e9b70ca2	3580	dCert.pubKeySize;
wolfSSL	0:1239e9b70ca2	3581	}
wolfSSL	0:1239e9b70ca2	3582	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	3583	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	3584	}
wolfSSL	0:1239e9b70ca2	3585	}
wolfSSL	0:1239e9b70ca2	3586	break;
wolfSSL	0:1239e9b70ca2	3587	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	3588	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	3589	case NTRUk:
wolfSSL	0:1239e9b70ca2	3590	{
wolfSSL	0:1239e9b70ca2	3591	if (dCert.pubKeySize > sizeof(ssl->peerNtruKey)) {
wolfSSL	0:1239e9b70ca2	3592	ret = PEER_KEY_ERROR;
wolfSSL	0:1239e9b70ca2	3593	}
wolfSSL	0:1239e9b70ca2	3594	else {
wolfSSL	0:1239e9b70ca2	3595	XMEMCPY(ssl->peerNtruKey, dCert.publicKey, dCert.pubKeySize);
wolfSSL	0:1239e9b70ca2	3596	ssl->peerNtruKeyLen = (word16)dCert.pubKeySize;
wolfSSL	0:1239e9b70ca2	3597	ssl->peerNtruKeyPresent = 1;
wolfSSL	0:1239e9b70ca2	3598	}
wolfSSL	0:1239e9b70ca2	3599	}
wolfSSL	0:1239e9b70ca2	3600	break;
wolfSSL	0:1239e9b70ca2	3601	#endif /* HAVE_NTRU */
wolfSSL	0:1239e9b70ca2	3602	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	3603	case ECDSAk:
wolfSSL	0:1239e9b70ca2	3604	{
wolfSSL	0:1239e9b70ca2	3605	if (ecc_import_x963(dCert.publicKey, dCert.pubKeySize,
wolfSSL	0:1239e9b70ca2	3606	ssl->peerEccDsaKey) != 0) {
wolfSSL	0:1239e9b70ca2	3607	ret = PEER_KEY_ERROR;
wolfSSL	0:1239e9b70ca2	3608	}
wolfSSL	0:1239e9b70ca2	3609	else {
wolfSSL	0:1239e9b70ca2	3610	ssl->peerEccDsaKeyPresent = 1;
wolfSSL	0:1239e9b70ca2	3611	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	3612	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	3613	ssl->buffers.peerEccDsaKey.buffer =
wolfSSL	0:1239e9b70ca2	3614	XMALLOC(dCert.pubKeySize,
wolfSSL	0:1239e9b70ca2	3615	ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL	0:1239e9b70ca2	3616	if (ssl->buffers.peerEccDsaKey.buffer == NULL)
wolfSSL	0:1239e9b70ca2	3617	ret = MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	3618	else {
wolfSSL	0:1239e9b70ca2	3619	XMEMCPY(ssl->buffers.peerEccDsaKey.buffer,
wolfSSL	0:1239e9b70ca2	3620	dCert.publicKey, dCert.pubKeySize);
wolfSSL	0:1239e9b70ca2	3621	ssl->buffers.peerEccDsaKey.length =
wolfSSL	0:1239e9b70ca2	3622	dCert.pubKeySize;
wolfSSL	0:1239e9b70ca2	3623	}
wolfSSL	0:1239e9b70ca2	3624	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	3625	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	3626	}
wolfSSL	0:1239e9b70ca2	3627	}
wolfSSL	0:1239e9b70ca2	3628	break;
wolfSSL	0:1239e9b70ca2	3629	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	3630	default:
wolfSSL	0:1239e9b70ca2	3631	break;
wolfSSL	0:1239e9b70ca2	3632	}
wolfSSL	0:1239e9b70ca2	3633
wolfSSL	0:1239e9b70ca2	3634	FreeDecodedCert(&dCert);
wolfSSL	0:1239e9b70ca2	3635	}
wolfSSL	0:1239e9b70ca2	3636
wolfSSL	0:1239e9b70ca2	3637	if (anyError != 0 && ret == 0)
wolfSSL	0:1239e9b70ca2	3638	ret = anyError;
wolfSSL	0:1239e9b70ca2	3639
wolfSSL	0:1239e9b70ca2	3640	if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END)
wolfSSL	0:1239e9b70ca2	3641	ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL	0:1239e9b70ca2	3642
wolfSSL	0:1239e9b70ca2	3643	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	3644	if (!ssl->options.verifyNone) {
wolfSSL	0:1239e9b70ca2	3645	int why = bad_certificate;
wolfSSL	0:1239e9b70ca2	3646	if (ret == ASN_AFTER_DATE_E \|\| ret == ASN_BEFORE_DATE_E)
wolfSSL	0:1239e9b70ca2	3647	why = certificate_expired;
wolfSSL	0:1239e9b70ca2	3648	if (ssl->verifyCallback) {
wolfSSL	0:1239e9b70ca2	3649	int ok;
wolfSSL	0:1239e9b70ca2	3650	CYASSL_X509_STORE_CTX store;
wolfSSL	0:1239e9b70ca2	3651
wolfSSL	0:1239e9b70ca2	3652	store.error = ret;
wolfSSL	0:1239e9b70ca2	3653	store.error_depth = totalCerts;
wolfSSL	0:1239e9b70ca2	3654	store.discardSessionCerts = 0;
wolfSSL	0:1239e9b70ca2	3655	store.domain = domain;
wolfSSL	0:1239e9b70ca2	3656	store.userCtx = ssl->verifyCbCtx;
wolfSSL	0:1239e9b70ca2	3657	#ifdef KEEP_PEER_CERT
wolfSSL	0:1239e9b70ca2	3658	store.current_cert = &ssl->peerCert;
wolfSSL	0:1239e9b70ca2	3659	#else
wolfSSL	0:1239e9b70ca2	3660	store.current_cert = NULL;
wolfSSL	0:1239e9b70ca2	3661	#endif
wolfSSL	0:1239e9b70ca2	3662	#ifdef FORTRESS
wolfSSL	0:1239e9b70ca2	3663	store.ex_data = ssl;
wolfSSL	0:1239e9b70ca2	3664	#endif
wolfSSL	0:1239e9b70ca2	3665	ok = ssl->verifyCallback(0, &store);
wolfSSL	0:1239e9b70ca2	3666	if (ok) {
wolfSSL	0:1239e9b70ca2	3667	CYASSL_MSG("Verify callback overriding error!");
wolfSSL	0:1239e9b70ca2	3668	ret = 0;
wolfSSL	0:1239e9b70ca2	3669	}
wolfSSL	0:1239e9b70ca2	3670	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	3671	if (store.discardSessionCerts) {
wolfSSL	0:1239e9b70ca2	3672	CYASSL_MSG("Verify callback requested discard sess certs");
wolfSSL	0:1239e9b70ca2	3673	ssl->session.chain.count = 0;
wolfSSL	0:1239e9b70ca2	3674	}
wolfSSL	0:1239e9b70ca2	3675	#endif
wolfSSL	0:1239e9b70ca2	3676	}
wolfSSL	0:1239e9b70ca2	3677	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	3678	SendAlert(ssl, alert_fatal, why); /* try to send */
wolfSSL	0:1239e9b70ca2	3679	ssl->options.isClosed = 1;
wolfSSL	0:1239e9b70ca2	3680	}
wolfSSL	0:1239e9b70ca2	3681	}
wolfSSL	0:1239e9b70ca2	3682	ssl->error = ret;
wolfSSL	0:1239e9b70ca2	3683	}
wolfSSL	0:1239e9b70ca2	3684	#ifdef CYASSL_ALWAYS_VERIFY_CB
wolfSSL	0:1239e9b70ca2	3685	else {
wolfSSL	0:1239e9b70ca2	3686	if (ssl->verifyCallback) {
wolfSSL	0:1239e9b70ca2	3687	int ok;
wolfSSL	0:1239e9b70ca2	3688	CYASSL_X509_STORE_CTX store;
wolfSSL	0:1239e9b70ca2	3689
wolfSSL	0:1239e9b70ca2	3690	store.error = ret;
wolfSSL	0:1239e9b70ca2	3691	store.error_depth = totalCerts;
wolfSSL	0:1239e9b70ca2	3692	store.discardSessionCerts = 0;
wolfSSL	0:1239e9b70ca2	3693	store.domain = domain;
wolfSSL	0:1239e9b70ca2	3694	store.userCtx = ssl->verifyCbCtx;
wolfSSL	0:1239e9b70ca2	3695	#ifdef KEEP_PEER_CERT
wolfSSL	0:1239e9b70ca2	3696	store.current_cert = &ssl->peerCert;
wolfSSL	0:1239e9b70ca2	3697	#endif
wolfSSL	0:1239e9b70ca2	3698	store.ex_data = ssl;
wolfSSL	0:1239e9b70ca2	3699
wolfSSL	0:1239e9b70ca2	3700	ok = ssl->verifyCallback(1, &store);
wolfSSL	0:1239e9b70ca2	3701	if (!ok) {
wolfSSL	0:1239e9b70ca2	3702	CYASSL_MSG("Verify callback overriding valid certificate!");
wolfSSL	0:1239e9b70ca2	3703	ret = -1;
wolfSSL	0:1239e9b70ca2	3704	SendAlert(ssl, alert_fatal, bad_certificate);
wolfSSL	0:1239e9b70ca2	3705	ssl->options.isClosed = 1;
wolfSSL	0:1239e9b70ca2	3706	}
wolfSSL	0:1239e9b70ca2	3707	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	3708	if (store.discardSessionCerts) {
wolfSSL	0:1239e9b70ca2	3709	CYASSL_MSG("Verify callback requested discard sess certs");
wolfSSL	0:1239e9b70ca2	3710	ssl->session.chain.count = 0;
wolfSSL	0:1239e9b70ca2	3711	}
wolfSSL	0:1239e9b70ca2	3712	#endif
wolfSSL	0:1239e9b70ca2	3713	}
wolfSSL	0:1239e9b70ca2	3714	}
wolfSSL	0:1239e9b70ca2	3715	#endif
wolfSSL	0:1239e9b70ca2	3716
wolfSSL	0:1239e9b70ca2	3717	return ret;
wolfSSL	0:1239e9b70ca2	3718	}
wolfSSL	0:1239e9b70ca2	3719
wolfSSL	0:1239e9b70ca2	3720	#endif /* !NO_CERTS */
wolfSSL	0:1239e9b70ca2	3721
wolfSSL	0:1239e9b70ca2	3722
wolfSSL	0:1239e9b70ca2	3723	static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	3724	word32 size, word32 totalSz)
wolfSSL	0:1239e9b70ca2	3725	{
wolfSSL	0:1239e9b70ca2	3726	int ret = 0;
wolfSSL	0:1239e9b70ca2	3727
wolfSSL	0:1239e9b70ca2	3728	if (size) /* must be 0 */
wolfSSL	0:1239e9b70ca2	3729	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	3730
wolfSSL	0:1239e9b70ca2	3731	if (ssl->keys.encryptionOn) {
wolfSSL	0:1239e9b70ca2	3732	byte verify[MAX_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	3733	int padSz = ssl->keys.encryptSz - HANDSHAKE_HEADER_SZ -
wolfSSL	0:1239e9b70ca2	3734	ssl->specs.hash_size;
wolfSSL	0:1239e9b70ca2	3735
wolfSSL	0:1239e9b70ca2	3736	ret = ssl->hmac(ssl, verify, input + *inOutIdx - HANDSHAKE_HEADER_SZ,
wolfSSL	0:1239e9b70ca2	3737	HANDSHAKE_HEADER_SZ, handshake, 1);
wolfSSL	0:1239e9b70ca2	3738	if (ret != 0)
wolfSSL	0:1239e9b70ca2	3739	return ret;
wolfSSL	0:1239e9b70ca2	3740
wolfSSL	0:1239e9b70ca2	3741	if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL	0:1239e9b70ca2	3742	padSz -= ssl->specs.block_size;
wolfSSL	0:1239e9b70ca2	3743
wolfSSL	0:1239e9b70ca2	3744	/* access beyond input + size should be checked against totalSz */
wolfSSL	0:1239e9b70ca2	3745	if ((word32) (*inOutIdx + ssl->specs.hash_size + padSz) > totalSz)
wolfSSL	0:1239e9b70ca2	3746	return INCOMPLETE_DATA;
wolfSSL	0:1239e9b70ca2	3747
wolfSSL	0:1239e9b70ca2	3748	/* verify */
wolfSSL	0:1239e9b70ca2	3749	if (XMEMCMP(input + *inOutIdx, verify, ssl->specs.hash_size) != 0) {
wolfSSL	0:1239e9b70ca2	3750	CYASSL_MSG(" hello_request verify mac error");
wolfSSL	0:1239e9b70ca2	3751	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	3752	}
wolfSSL	0:1239e9b70ca2	3753
wolfSSL	0:1239e9b70ca2	3754	*inOutIdx += ssl->specs.hash_size + padSz;
wolfSSL	0:1239e9b70ca2	3755	}
wolfSSL	0:1239e9b70ca2	3756
wolfSSL	0:1239e9b70ca2	3757	if (ssl->options.side == CYASSL_SERVER_END) {
wolfSSL	0:1239e9b70ca2	3758	SendAlert(ssl, alert_fatal, unexpected_message); /* try */
wolfSSL	0:1239e9b70ca2	3759	return FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	3760	}
wolfSSL	0:1239e9b70ca2	3761	else
wolfSSL	0:1239e9b70ca2	3762	return SendAlert(ssl, alert_warning, no_renegotiation);
wolfSSL	0:1239e9b70ca2	3763	}
wolfSSL	0:1239e9b70ca2	3764
wolfSSL	0:1239e9b70ca2	3765
wolfSSL	0:1239e9b70ca2	3766	int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
wolfSSL	0:1239e9b70ca2	3767	word32 totalSz, int sniff)
wolfSSL	0:1239e9b70ca2	3768	{
wolfSSL	0:1239e9b70ca2	3769	word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ);
wolfSSL	0:1239e9b70ca2	3770
wolfSSL	0:1239e9b70ca2	3771	if (finishedSz != size)
wolfSSL	0:1239e9b70ca2	3772	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	3773
wolfSSL	0:1239e9b70ca2	3774	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	3775	if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	3776	if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	3777	#endif
wolfSSL	0:1239e9b70ca2	3778
wolfSSL	0:1239e9b70ca2	3779	if (sniff == NO_SNIFF) {
wolfSSL	0:1239e9b70ca2	3780	if (XMEMCMP(input + *inOutIdx, &ssl->verifyHashes, size) != 0) {
wolfSSL	0:1239e9b70ca2	3781	CYASSL_MSG("Verify finished error on hashes");
wolfSSL	0:1239e9b70ca2	3782	return VERIFY_FINISHED_ERROR;
wolfSSL	0:1239e9b70ca2	3783	}
wolfSSL	0:1239e9b70ca2	3784	}
wolfSSL	0:1239e9b70ca2	3785
wolfSSL	0:1239e9b70ca2	3786	/* increment beyond input + size should be checked against totalSz */
wolfSSL	0:1239e9b70ca2	3787	if (*inOutIdx + size + ssl->keys.padSz > totalSz)
wolfSSL	0:1239e9b70ca2	3788	return INCOMPLETE_DATA;
wolfSSL	0:1239e9b70ca2	3789
wolfSSL	0:1239e9b70ca2	3790	/* force input exhaustion at ProcessReply consuming padSz */
wolfSSL	0:1239e9b70ca2	3791	*inOutIdx += size + ssl->keys.padSz;
wolfSSL	0:1239e9b70ca2	3792
wolfSSL	0:1239e9b70ca2	3793	if (ssl->options.side == CYASSL_CLIENT_END) {
wolfSSL	0:1239e9b70ca2	3794	ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL	0:1239e9b70ca2	3795	if (!ssl->options.resuming) {
wolfSSL	0:1239e9b70ca2	3796	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	0:1239e9b70ca2	3797
wolfSSL	0:1239e9b70ca2	3798	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	3799	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	3800	/* Other side has received our Finished, go to next epoch */
wolfSSL	0:1239e9b70ca2	3801	ssl->keys.dtls_epoch++;
wolfSSL	0:1239e9b70ca2	3802	ssl->keys.dtls_sequence_number = 1;
wolfSSL	0:1239e9b70ca2	3803	}
wolfSSL	0:1239e9b70ca2	3804	#endif
wolfSSL	0:1239e9b70ca2	3805	}
wolfSSL	0:1239e9b70ca2	3806	}
wolfSSL	0:1239e9b70ca2	3807	else {
wolfSSL	0:1239e9b70ca2	3808	ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL	0:1239e9b70ca2	3809	if (ssl->options.resuming) {
wolfSSL	0:1239e9b70ca2	3810	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	0:1239e9b70ca2	3811
wolfSSL	0:1239e9b70ca2	3812	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	3813	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	3814	/* Other side has received our Finished, go to next epoch */
wolfSSL	0:1239e9b70ca2	3815	ssl->keys.dtls_epoch++;
wolfSSL	0:1239e9b70ca2	3816	ssl->keys.dtls_sequence_number = 1;
wolfSSL	0:1239e9b70ca2	3817	}
wolfSSL	0:1239e9b70ca2	3818	#endif
wolfSSL	0:1239e9b70ca2	3819	}
wolfSSL	0:1239e9b70ca2	3820	}
wolfSSL	0:1239e9b70ca2	3821
wolfSSL	0:1239e9b70ca2	3822	return 0;
wolfSSL	0:1239e9b70ca2	3823	}
wolfSSL	0:1239e9b70ca2	3824
wolfSSL	0:1239e9b70ca2	3825
wolfSSL	0:1239e9b70ca2	3826	static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	3827	byte type, word32 size, word32 totalSz)
wolfSSL	0:1239e9b70ca2	3828	{
wolfSSL	0:1239e9b70ca2	3829	int ret = 0;
wolfSSL	0:1239e9b70ca2	3830	(void)totalSz;
wolfSSL	0:1239e9b70ca2	3831
wolfSSL	0:1239e9b70ca2	3832	CYASSL_ENTER("DoHandShakeMsgType");
wolfSSL	0:1239e9b70ca2	3833
wolfSSL	0:1239e9b70ca2	3834	/* make sure can read the message */
wolfSSL	0:1239e9b70ca2	3835	if (*inOutIdx + size > totalSz)
wolfSSL	0:1239e9b70ca2	3836	return INCOMPLETE_DATA;
wolfSSL	0:1239e9b70ca2	3837
wolfSSL	0:1239e9b70ca2	3838	ret = HashInput(ssl, input + *inOutIdx, size);
wolfSSL	0:1239e9b70ca2	3839	if (ret != 0)
wolfSSL	0:1239e9b70ca2	3840	return ret;
wolfSSL	0:1239e9b70ca2	3841
wolfSSL	0:1239e9b70ca2	3842	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	3843	/* add name later, add on record and handshake header part back on */
wolfSSL	0:1239e9b70ca2	3844	if (ssl->toInfoOn) {
wolfSSL	0:1239e9b70ca2	3845	int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	3846	AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add,
wolfSSL	0:1239e9b70ca2	3847	size + add, ssl->heap);
wolfSSL	0:1239e9b70ca2	3848	AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	3849	}
wolfSSL	0:1239e9b70ca2	3850	#endif
wolfSSL	0:1239e9b70ca2	3851
wolfSSL	0:1239e9b70ca2	3852	if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){
wolfSSL	0:1239e9b70ca2	3853	CYASSL_MSG("HandShake message after handshake complete");
wolfSSL	0:1239e9b70ca2	3854	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	0:1239e9b70ca2	3855	return OUT_OF_ORDER_E;
wolfSSL	0:1239e9b70ca2	3856	}
wolfSSL	0:1239e9b70ca2	3857
wolfSSL	0:1239e9b70ca2	3858	if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls == 0 &&
wolfSSL	0:1239e9b70ca2	3859	ssl->options.serverState == NULL_STATE && type != server_hello) {
wolfSSL	0:1239e9b70ca2	3860	CYASSL_MSG("First server message not server hello");
wolfSSL	0:1239e9b70ca2	3861	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	0:1239e9b70ca2	3862	return OUT_OF_ORDER_E;
wolfSSL	0:1239e9b70ca2	3863	}
wolfSSL	0:1239e9b70ca2	3864
wolfSSL	0:1239e9b70ca2	3865	if (ssl->options.side == CYASSL_CLIENT_END && ssl->options.dtls &&
wolfSSL	0:1239e9b70ca2	3866	type == server_hello_done &&
wolfSSL	0:1239e9b70ca2	3867	ssl->options.serverState < SERVER_HELLO_COMPLETE) {
wolfSSL	0:1239e9b70ca2	3868	CYASSL_MSG("Server hello done received before server hello in DTLS");
wolfSSL	0:1239e9b70ca2	3869	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	0:1239e9b70ca2	3870	return OUT_OF_ORDER_E;
wolfSSL	0:1239e9b70ca2	3871	}
wolfSSL	0:1239e9b70ca2	3872
wolfSSL	0:1239e9b70ca2	3873	if (ssl->options.side == CYASSL_SERVER_END &&
wolfSSL	0:1239e9b70ca2	3874	ssl->options.clientState == NULL_STATE && type != client_hello) {
wolfSSL	0:1239e9b70ca2	3875	CYASSL_MSG("First client message not client hello");
wolfSSL	0:1239e9b70ca2	3876	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	0:1239e9b70ca2	3877	return OUT_OF_ORDER_E;
wolfSSL	0:1239e9b70ca2	3878	}
wolfSSL	0:1239e9b70ca2	3879
wolfSSL	0:1239e9b70ca2	3880
wolfSSL	0:1239e9b70ca2	3881	switch (type) {
wolfSSL	0:1239e9b70ca2	3882
wolfSSL	0:1239e9b70ca2	3883	case hello_request:
wolfSSL	0:1239e9b70ca2	3884	CYASSL_MSG("processing hello request");
wolfSSL	0:1239e9b70ca2	3885	ret = DoHelloRequest(ssl, input, inOutIdx, size, totalSz);
wolfSSL	0:1239e9b70ca2	3886	break;
wolfSSL	0:1239e9b70ca2	3887
wolfSSL	0:1239e9b70ca2	3888	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	3889	case hello_verify_request:
wolfSSL	0:1239e9b70ca2	3890	CYASSL_MSG("processing hello verify request");
wolfSSL	0:1239e9b70ca2	3891	ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
wolfSSL	0:1239e9b70ca2	3892	break;
wolfSSL	0:1239e9b70ca2	3893
wolfSSL	0:1239e9b70ca2	3894	case server_hello:
wolfSSL	0:1239e9b70ca2	3895	CYASSL_MSG("processing server hello");
wolfSSL	0:1239e9b70ca2	3896	ret = DoServerHello(ssl, input, inOutIdx, size);
wolfSSL	0:1239e9b70ca2	3897	break;
wolfSSL	0:1239e9b70ca2	3898
wolfSSL	0:1239e9b70ca2	3899	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	3900	case certificate_request:
wolfSSL	0:1239e9b70ca2	3901	CYASSL_MSG("processing certificate request");
wolfSSL	0:1239e9b70ca2	3902	ret = DoCertificateRequest(ssl, input, inOutIdx, size);
wolfSSL	0:1239e9b70ca2	3903	break;
wolfSSL	0:1239e9b70ca2	3904	#endif
wolfSSL	0:1239e9b70ca2	3905
wolfSSL	0:1239e9b70ca2	3906	case server_key_exchange:
wolfSSL	0:1239e9b70ca2	3907	CYASSL_MSG("processing server key exchange");
wolfSSL	0:1239e9b70ca2	3908	ret = DoServerKeyExchange(ssl, input, inOutIdx, size);
wolfSSL	0:1239e9b70ca2	3909	break;
wolfSSL	0:1239e9b70ca2	3910	#endif
wolfSSL	0:1239e9b70ca2	3911
wolfSSL	0:1239e9b70ca2	3912	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	3913	case certificate:
wolfSSL	0:1239e9b70ca2	3914	CYASSL_MSG("processing certificate");
wolfSSL	0:1239e9b70ca2	3915	ret = DoCertificate(ssl, input, inOutIdx, size);
wolfSSL	0:1239e9b70ca2	3916	break;
wolfSSL	0:1239e9b70ca2	3917	#endif
wolfSSL	0:1239e9b70ca2	3918
wolfSSL	0:1239e9b70ca2	3919	case server_hello_done:
wolfSSL	0:1239e9b70ca2	3920	CYASSL_MSG("processing server hello done");
wolfSSL	0:1239e9b70ca2	3921	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	3922	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	3923	AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	3924	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	3925	AddLateName("ServerHelloDone", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	3926	#endif
wolfSSL	0:1239e9b70ca2	3927	ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL	0:1239e9b70ca2	3928	break;
wolfSSL	0:1239e9b70ca2	3929
wolfSSL	0:1239e9b70ca2	3930	case finished:
wolfSSL	0:1239e9b70ca2	3931	CYASSL_MSG("processing finished");
wolfSSL	0:1239e9b70ca2	3932	ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF);
wolfSSL	0:1239e9b70ca2	3933	break;
wolfSSL	0:1239e9b70ca2	3934
wolfSSL	0:1239e9b70ca2	3935	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	3936	case client_hello:
wolfSSL	0:1239e9b70ca2	3937	CYASSL_MSG("processing client hello");
wolfSSL	0:1239e9b70ca2	3938	ret = DoClientHello(ssl, input, inOutIdx, size);
wolfSSL	0:1239e9b70ca2	3939	break;
wolfSSL	0:1239e9b70ca2	3940
wolfSSL	0:1239e9b70ca2	3941	case client_key_exchange:
wolfSSL	0:1239e9b70ca2	3942	CYASSL_MSG("processing client key exchange");
wolfSSL	0:1239e9b70ca2	3943	ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
wolfSSL	0:1239e9b70ca2	3944	break;
wolfSSL	0:1239e9b70ca2	3945
wolfSSL	0:1239e9b70ca2	3946	#if !defined(NO_RSA) \|\| defined(HAVE_ECC)
wolfSSL	0:1239e9b70ca2	3947	case certificate_verify:
wolfSSL	0:1239e9b70ca2	3948	CYASSL_MSG("processing certificate verify");
wolfSSL	0:1239e9b70ca2	3949	ret = DoCertificateVerify(ssl, input, inOutIdx, size);
wolfSSL	0:1239e9b70ca2	3950	break;
wolfSSL	0:1239e9b70ca2	3951	#endif /* !NO_RSA \|\| HAVE_ECC */
wolfSSL	0:1239e9b70ca2	3952
wolfSSL	0:1239e9b70ca2	3953	#endif /* !NO_CYASSL_SERVER */
wolfSSL	0:1239e9b70ca2	3954
wolfSSL	0:1239e9b70ca2	3955	default:
wolfSSL	0:1239e9b70ca2	3956	CYASSL_MSG("Unknown handshake message type");
wolfSSL	0:1239e9b70ca2	3957	ret = UNKNOWN_HANDSHAKE_TYPE;
wolfSSL	0:1239e9b70ca2	3958	break;
wolfSSL	0:1239e9b70ca2	3959	}
wolfSSL	0:1239e9b70ca2	3960
wolfSSL	0:1239e9b70ca2	3961	CYASSL_LEAVE("DoHandShakeMsgType()", ret);
wolfSSL	0:1239e9b70ca2	3962	return ret;
wolfSSL	0:1239e9b70ca2	3963	}
wolfSSL	0:1239e9b70ca2	3964
wolfSSL	0:1239e9b70ca2	3965
wolfSSL	0:1239e9b70ca2	3966	static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	3967	word32 totalSz)
wolfSSL	0:1239e9b70ca2	3968	{
wolfSSL	0:1239e9b70ca2	3969	byte type;
wolfSSL	0:1239e9b70ca2	3970	word32 size;
wolfSSL	0:1239e9b70ca2	3971	int ret = 0;
wolfSSL	0:1239e9b70ca2	3972
wolfSSL	0:1239e9b70ca2	3973	CYASSL_ENTER("DoHandShakeMsg()");
wolfSSL	0:1239e9b70ca2	3974
wolfSSL	0:1239e9b70ca2	3975	if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0)
wolfSSL	0:1239e9b70ca2	3976	return PARSE_ERROR;
wolfSSL	0:1239e9b70ca2	3977
wolfSSL	0:1239e9b70ca2	3978	ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	0:1239e9b70ca2	3979
wolfSSL	0:1239e9b70ca2	3980	CYASSL_LEAVE("DoHandShakeMsg()", ret);
wolfSSL	0:1239e9b70ca2	3981	return ret;
wolfSSL	0:1239e9b70ca2	3982	}
wolfSSL	0:1239e9b70ca2	3983
wolfSSL	0:1239e9b70ca2	3984
wolfSSL	0:1239e9b70ca2	3985	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	3986
wolfSSL	0:1239e9b70ca2	3987	static INLINE int DtlsCheckWindow(DtlsState* state)
wolfSSL	0:1239e9b70ca2	3988	{
wolfSSL	0:1239e9b70ca2	3989	word32 cur;
wolfSSL	0:1239e9b70ca2	3990	word32 next;
wolfSSL	0:1239e9b70ca2	3991	DtlsSeq window;
wolfSSL	0:1239e9b70ca2	3992
wolfSSL	0:1239e9b70ca2	3993	if (state->curEpoch == state->nextEpoch) {
wolfSSL	0:1239e9b70ca2	3994	next = state->nextSeq;
wolfSSL	0:1239e9b70ca2	3995	window = state->window;
wolfSSL	0:1239e9b70ca2	3996	}
wolfSSL	0:1239e9b70ca2	3997	else if (state->curEpoch < state->nextEpoch) {
wolfSSL	0:1239e9b70ca2	3998	next = state->prevSeq;
wolfSSL	0:1239e9b70ca2	3999	window = state->prevWindow;
wolfSSL	0:1239e9b70ca2	4000	}
wolfSSL	0:1239e9b70ca2	4001	else {
wolfSSL	0:1239e9b70ca2	4002	return 0;
wolfSSL	0:1239e9b70ca2	4003	}
wolfSSL	0:1239e9b70ca2	4004
wolfSSL	0:1239e9b70ca2	4005	cur = state->curSeq;
wolfSSL	0:1239e9b70ca2	4006
wolfSSL	0:1239e9b70ca2	4007	if ((next > DTLS_SEQ_BITS) && (cur < next - DTLS_SEQ_BITS)) {
wolfSSL	0:1239e9b70ca2	4008	return 0;
wolfSSL	0:1239e9b70ca2	4009	}
wolfSSL	0:1239e9b70ca2	4010	else if ((cur < next) && (window & (1 << (next - cur - 1)))) {
wolfSSL	0:1239e9b70ca2	4011	return 0;
wolfSSL	0:1239e9b70ca2	4012	}
wolfSSL	0:1239e9b70ca2	4013
wolfSSL	0:1239e9b70ca2	4014	return 1;
wolfSSL	0:1239e9b70ca2	4015	}
wolfSSL	0:1239e9b70ca2	4016
wolfSSL	0:1239e9b70ca2	4017
wolfSSL	0:1239e9b70ca2	4018	static INLINE int DtlsUpdateWindow(DtlsState* state)
wolfSSL	0:1239e9b70ca2	4019	{
wolfSSL	0:1239e9b70ca2	4020	word32 cur;
wolfSSL	0:1239e9b70ca2	4021	word32* next;
wolfSSL	0:1239e9b70ca2	4022	DtlsSeq* window;
wolfSSL	0:1239e9b70ca2	4023
wolfSSL	0:1239e9b70ca2	4024	if (state->curEpoch == state->nextEpoch) {
wolfSSL	0:1239e9b70ca2	4025	next = &state->nextSeq;
wolfSSL	0:1239e9b70ca2	4026	window = &state->window;
wolfSSL	0:1239e9b70ca2	4027	}
wolfSSL	0:1239e9b70ca2	4028	else {
wolfSSL	0:1239e9b70ca2	4029	next = &state->prevSeq;
wolfSSL	0:1239e9b70ca2	4030	window = &state->prevWindow;
wolfSSL	0:1239e9b70ca2	4031	}
wolfSSL	0:1239e9b70ca2	4032
wolfSSL	0:1239e9b70ca2	4033	cur = state->curSeq;
wolfSSL	0:1239e9b70ca2	4034
wolfSSL	0:1239e9b70ca2	4035	if (cur < *next) {
wolfSSL	0:1239e9b70ca2	4036	window \|= (1 << (next - cur - 1));
wolfSSL	0:1239e9b70ca2	4037	}
wolfSSL	0:1239e9b70ca2	4038	else {
wolfSSL	0:1239e9b70ca2	4039	window <<= (1 + cur - next);
wolfSSL	0:1239e9b70ca2	4040	*window \|= 1;
wolfSSL	0:1239e9b70ca2	4041	*next = cur + 1;
wolfSSL	0:1239e9b70ca2	4042	}
wolfSSL	0:1239e9b70ca2	4043
wolfSSL	0:1239e9b70ca2	4044	return 1;
wolfSSL	0:1239e9b70ca2	4045	}
wolfSSL	0:1239e9b70ca2	4046
wolfSSL	0:1239e9b70ca2	4047
wolfSSL	0:1239e9b70ca2	4048	static int DtlsMsgDrain(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	4049	{
wolfSSL	0:1239e9b70ca2	4050	DtlsMsg* item = ssl->dtls_msg_list;
wolfSSL	0:1239e9b70ca2	4051	int ret = 0;
wolfSSL	0:1239e9b70ca2	4052
wolfSSL	0:1239e9b70ca2	4053	/* While there is an item in the store list, and it is the expected
wolfSSL	0:1239e9b70ca2	4054	* message, and it is complete, and there hasn't been an error in the
wolfSSL	0:1239e9b70ca2	4055	* last messge... */
wolfSSL	0:1239e9b70ca2	4056	while (item != NULL &&
wolfSSL	0:1239e9b70ca2	4057	ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
wolfSSL	0:1239e9b70ca2	4058	item->fragSz == item->sz &&
wolfSSL	0:1239e9b70ca2	4059	ret == 0) {
wolfSSL	0:1239e9b70ca2	4060	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	4061	ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL	0:1239e9b70ca2	4062	ret = DoHandShakeMsgType(ssl, item->msg,
wolfSSL	0:1239e9b70ca2	4063	&idx, item->type, item->sz, item->sz);
wolfSSL	0:1239e9b70ca2	4064	ssl->dtls_msg_list = item->next;
wolfSSL	0:1239e9b70ca2	4065	DtlsMsgDelete(item, ssl->heap);
wolfSSL	0:1239e9b70ca2	4066	item = ssl->dtls_msg_list;
wolfSSL	0:1239e9b70ca2	4067	}
wolfSSL	0:1239e9b70ca2	4068
wolfSSL	0:1239e9b70ca2	4069	return ret;
wolfSSL	0:1239e9b70ca2	4070	}
wolfSSL	0:1239e9b70ca2	4071
wolfSSL	0:1239e9b70ca2	4072
wolfSSL	0:1239e9b70ca2	4073	static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	4074	word32 totalSz)
wolfSSL	0:1239e9b70ca2	4075	{
wolfSSL	0:1239e9b70ca2	4076	byte type;
wolfSSL	0:1239e9b70ca2	4077	word32 size;
wolfSSL	0:1239e9b70ca2	4078	word32 fragOffset, fragSz;
wolfSSL	0:1239e9b70ca2	4079	int ret = 0;
wolfSSL	0:1239e9b70ca2	4080
wolfSSL	0:1239e9b70ca2	4081	CYASSL_ENTER("DoDtlsHandShakeMsg()");
wolfSSL	0:1239e9b70ca2	4082	if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type,
wolfSSL	0:1239e9b70ca2	4083	&size, &fragOffset, &fragSz) != 0)
wolfSSL	0:1239e9b70ca2	4084	return PARSE_ERROR;
wolfSSL	0:1239e9b70ca2	4085
wolfSSL	0:1239e9b70ca2	4086	if (*inOutIdx + fragSz > totalSz)
wolfSSL	0:1239e9b70ca2	4087	return INCOMPLETE_DATA;
wolfSSL	0:1239e9b70ca2	4088
wolfSSL	0:1239e9b70ca2	4089	/* Check the handshake sequence number first. If out of order,
wolfSSL	0:1239e9b70ca2	4090	* add the current message to the list. If the message is in order,
wolfSSL	0:1239e9b70ca2	4091	* but it is a fragment, add the current message to the list, then
wolfSSL	0:1239e9b70ca2	4092	* check the head of the list to see if it is complete, if so, pop
wolfSSL	0:1239e9b70ca2	4093	* it out as the current message. If the message is complete and in
wolfSSL	0:1239e9b70ca2	4094	* order, process it. Check the head of the list to see if it is in
wolfSSL	0:1239e9b70ca2	4095	* order, if so, process it. (Repeat until list exhausted.) If the
wolfSSL	0:1239e9b70ca2	4096	* head is out of order, return for more processing.
wolfSSL	0:1239e9b70ca2	4097	*/
wolfSSL	0:1239e9b70ca2	4098	if (ssl->keys.dtls_peer_handshake_number >
wolfSSL	0:1239e9b70ca2	4099	ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL	0:1239e9b70ca2	4100	/* Current message is out of order. It will get stored in the list.
wolfSSL	0:1239e9b70ca2	4101	* Storing also takes care of defragmentation. */
wolfSSL	0:1239e9b70ca2	4102	ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list,
wolfSSL	0:1239e9b70ca2	4103	ssl->keys.dtls_peer_handshake_number, input + *inOutIdx,
wolfSSL	0:1239e9b70ca2	4104	size, type, fragOffset, fragSz, ssl->heap);
wolfSSL	0:1239e9b70ca2	4105	*inOutIdx += fragSz;
wolfSSL	0:1239e9b70ca2	4106	ret = 0;
wolfSSL	0:1239e9b70ca2	4107	}
wolfSSL	0:1239e9b70ca2	4108	else if (ssl->keys.dtls_peer_handshake_number <
wolfSSL	0:1239e9b70ca2	4109	ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL	0:1239e9b70ca2	4110	/* Already saw this message and processed it. It can be ignored. */
wolfSSL	0:1239e9b70ca2	4111	*inOutIdx += fragSz;
wolfSSL	0:1239e9b70ca2	4112	ret = 0;
wolfSSL	0:1239e9b70ca2	4113	}
wolfSSL	0:1239e9b70ca2	4114	else if (fragSz < size) {
wolfSSL	0:1239e9b70ca2	4115	/* Since this branch is in order, but fragmented, dtls_msg_list will be
wolfSSL	0:1239e9b70ca2	4116	* pointing to the message with this fragment in it. Check it to see
wolfSSL	0:1239e9b70ca2	4117	* if it is completed. */
wolfSSL	0:1239e9b70ca2	4118	ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list,
wolfSSL	0:1239e9b70ca2	4119	ssl->keys.dtls_peer_handshake_number, input + *inOutIdx,
wolfSSL	0:1239e9b70ca2	4120	size, type, fragOffset, fragSz, ssl->heap);
wolfSSL	0:1239e9b70ca2	4121	*inOutIdx += fragSz;
wolfSSL	0:1239e9b70ca2	4122	ret = 0;
wolfSSL	0:1239e9b70ca2	4123	if (ssl->dtls_msg_list != NULL &&
wolfSSL	0:1239e9b70ca2	4124	ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz)
wolfSSL	0:1239e9b70ca2	4125	ret = DtlsMsgDrain(ssl);
wolfSSL	0:1239e9b70ca2	4126	}
wolfSSL	0:1239e9b70ca2	4127	else {
wolfSSL	0:1239e9b70ca2	4128	/* This branch is in order next, and a complete message. */
wolfSSL	0:1239e9b70ca2	4129	ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL	0:1239e9b70ca2	4130	ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL	0:1239e9b70ca2	4131	if (ret == 0 && ssl->dtls_msg_list != NULL)
wolfSSL	0:1239e9b70ca2	4132	ret = DtlsMsgDrain(ssl);
wolfSSL	0:1239e9b70ca2	4133	}
wolfSSL	0:1239e9b70ca2	4134
wolfSSL	0:1239e9b70ca2	4135	CYASSL_LEAVE("DoDtlsHandShakeMsg()", ret);
wolfSSL	0:1239e9b70ca2	4136	return ret;
wolfSSL	0:1239e9b70ca2	4137	}
wolfSSL	0:1239e9b70ca2	4138	#endif
wolfSSL	0:1239e9b70ca2	4139
wolfSSL	0:1239e9b70ca2	4140
wolfSSL	0:1239e9b70ca2	4141	static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
wolfSSL	0:1239e9b70ca2	4142	{
wolfSSL	0:1239e9b70ca2	4143	if (verify)
wolfSSL	0:1239e9b70ca2	4144	return ssl->keys.peer_sequence_number++;
wolfSSL	0:1239e9b70ca2	4145	else
wolfSSL	0:1239e9b70ca2	4146	return ssl->keys.sequence_number++;
wolfSSL	0:1239e9b70ca2	4147	}
wolfSSL	0:1239e9b70ca2	4148
wolfSSL	0:1239e9b70ca2	4149
wolfSSL	0:1239e9b70ca2	4150	#ifdef HAVE_AEAD
wolfSSL	0:1239e9b70ca2	4151	static INLINE void AeadIncrementExpIV(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	4152	{
wolfSSL	0:1239e9b70ca2	4153	int i;
wolfSSL	0:1239e9b70ca2	4154	for (i = AEAD_EXP_IV_SZ-1; i >= 0; i--) {
wolfSSL	0:1239e9b70ca2	4155	if (++ssl->keys.aead_exp_IV[i]) return;
wolfSSL	0:1239e9b70ca2	4156	}
wolfSSL	0:1239e9b70ca2	4157	}
wolfSSL	0:1239e9b70ca2	4158	#endif
wolfSSL	0:1239e9b70ca2	4159
wolfSSL	0:1239e9b70ca2	4160
wolfSSL	0:1239e9b70ca2	4161	static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
wolfSSL	0:1239e9b70ca2	4162	{
wolfSSL	0:1239e9b70ca2	4163	(void)out;
wolfSSL	0:1239e9b70ca2	4164	(void)input;
wolfSSL	0:1239e9b70ca2	4165	(void)sz;
wolfSSL	0:1239e9b70ca2	4166
wolfSSL	0:1239e9b70ca2	4167	if (ssl->encrypt.setup == 0) {
wolfSSL	0:1239e9b70ca2	4168	CYASSL_MSG("Encrypt ciphers not setup");
wolfSSL	0:1239e9b70ca2	4169	return ENCRYPT_ERROR;
wolfSSL	0:1239e9b70ca2	4170	}
wolfSSL	0:1239e9b70ca2	4171
wolfSSL	0:1239e9b70ca2	4172	switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL	0:1239e9b70ca2	4173	#ifdef BUILD_ARC4
wolfSSL	0:1239e9b70ca2	4174	case cyassl_rc4:
wolfSSL	0:1239e9b70ca2	4175	Arc4Process(ssl->encrypt.arc4, out, input, sz);
wolfSSL	0:1239e9b70ca2	4176	break;
wolfSSL	0:1239e9b70ca2	4177	#endif
wolfSSL	0:1239e9b70ca2	4178
wolfSSL	0:1239e9b70ca2	4179	#ifdef BUILD_DES3
wolfSSL	0:1239e9b70ca2	4180	case cyassl_triple_des:
wolfSSL	0:1239e9b70ca2	4181	return Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
wolfSSL	0:1239e9b70ca2	4182	#endif
wolfSSL	0:1239e9b70ca2	4183
wolfSSL	0:1239e9b70ca2	4184	#ifdef BUILD_AES
wolfSSL	0:1239e9b70ca2	4185	case cyassl_aes:
wolfSSL	0:1239e9b70ca2	4186	return AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
wolfSSL	0:1239e9b70ca2	4187	#endif
wolfSSL	0:1239e9b70ca2	4188
wolfSSL	0:1239e9b70ca2	4189	#ifdef BUILD_AESGCM
wolfSSL	0:1239e9b70ca2	4190	case cyassl_aes_gcm:
wolfSSL	0:1239e9b70ca2	4191	{
wolfSSL	0:1239e9b70ca2	4192	byte additional[AES_BLOCK_SIZE];
wolfSSL	0:1239e9b70ca2	4193	byte nonce[AEAD_NONCE_SZ];
wolfSSL	0:1239e9b70ca2	4194	const byte* additionalSrc = input - 5;
wolfSSL	0:1239e9b70ca2	4195
wolfSSL	0:1239e9b70ca2	4196	XMEMSET(additional, 0, AES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	4197
wolfSSL	0:1239e9b70ca2	4198	/* sequence number field is 64-bits, we only use 32-bits */
wolfSSL	0:1239e9b70ca2	4199	c32toa(GetSEQIncrement(ssl, 0),
wolfSSL	0:1239e9b70ca2	4200	additional + AEAD_SEQ_OFFSET);
wolfSSL	0:1239e9b70ca2	4201
wolfSSL	0:1239e9b70ca2	4202	/* Store the type, version. Unfortunately, they are in
wolfSSL	0:1239e9b70ca2	4203	* the input buffer ahead of the plaintext. */
wolfSSL	0:1239e9b70ca2	4204	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4205	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	4206	additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	4207	#endif
wolfSSL	0:1239e9b70ca2	4208	XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL	0:1239e9b70ca2	4209
wolfSSL	0:1239e9b70ca2	4210	/* Store the length of the plain text minus the explicit
wolfSSL	0:1239e9b70ca2	4211	* IV length minus the authentication tag size. */
wolfSSL	0:1239e9b70ca2	4212	c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4213	additional + AEAD_LEN_OFFSET);
wolfSSL	0:1239e9b70ca2	4214	XMEMCPY(nonce,
wolfSSL	0:1239e9b70ca2	4215	ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
wolfSSL	0:1239e9b70ca2	4216	XMEMCPY(nonce + AEAD_IMP_IV_SZ,
wolfSSL	0:1239e9b70ca2	4217	ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
wolfSSL	0:1239e9b70ca2	4218	AesGcmEncrypt(ssl->encrypt.aes,
wolfSSL	0:1239e9b70ca2	4219	out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
wolfSSL	0:1239e9b70ca2	4220	sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4221	nonce, AEAD_NONCE_SZ,
wolfSSL	0:1239e9b70ca2	4222	out + sz - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4223	ssl->specs.aead_mac_size, additional,
wolfSSL	0:1239e9b70ca2	4224	AEAD_AUTH_DATA_SZ);
wolfSSL	0:1239e9b70ca2	4225	AeadIncrementExpIV(ssl);
wolfSSL	0:1239e9b70ca2	4226	XMEMSET(nonce, 0, AEAD_NONCE_SZ);
wolfSSL	0:1239e9b70ca2	4227	}
wolfSSL	0:1239e9b70ca2	4228	break;
wolfSSL	0:1239e9b70ca2	4229	#endif
wolfSSL	0:1239e9b70ca2	4230
wolfSSL	0:1239e9b70ca2	4231	#ifdef HAVE_AESCCM
wolfSSL	0:1239e9b70ca2	4232	case cyassl_aes_ccm:
wolfSSL	0:1239e9b70ca2	4233	{
wolfSSL	0:1239e9b70ca2	4234	byte additional[AES_BLOCK_SIZE];
wolfSSL	0:1239e9b70ca2	4235	byte nonce[AEAD_NONCE_SZ];
wolfSSL	0:1239e9b70ca2	4236	const byte* additionalSrc = input - 5;
wolfSSL	0:1239e9b70ca2	4237
wolfSSL	0:1239e9b70ca2	4238	XMEMSET(additional, 0, AES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	4239
wolfSSL	0:1239e9b70ca2	4240	/* sequence number field is 64-bits, we only use 32-bits */
wolfSSL	0:1239e9b70ca2	4241	c32toa(GetSEQIncrement(ssl, 0),
wolfSSL	0:1239e9b70ca2	4242	additional + AEAD_SEQ_OFFSET);
wolfSSL	0:1239e9b70ca2	4243
wolfSSL	0:1239e9b70ca2	4244	/* Store the type, version. Unfortunately, they are in
wolfSSL	0:1239e9b70ca2	4245	* the input buffer ahead of the plaintext. */
wolfSSL	0:1239e9b70ca2	4246	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4247	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	4248	c16toa(ssl->keys.dtls_epoch, additional);
wolfSSL	0:1239e9b70ca2	4249	additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	4250	}
wolfSSL	0:1239e9b70ca2	4251	#endif
wolfSSL	0:1239e9b70ca2	4252	XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL	0:1239e9b70ca2	4253
wolfSSL	0:1239e9b70ca2	4254	/* Store the length of the plain text minus the explicit
wolfSSL	0:1239e9b70ca2	4255	* IV length minus the authentication tag size. */
wolfSSL	0:1239e9b70ca2	4256	c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4257	additional + AEAD_LEN_OFFSET);
wolfSSL	0:1239e9b70ca2	4258	XMEMCPY(nonce,
wolfSSL	0:1239e9b70ca2	4259	ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
wolfSSL	0:1239e9b70ca2	4260	XMEMCPY(nonce + AEAD_IMP_IV_SZ,
wolfSSL	0:1239e9b70ca2	4261	ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
wolfSSL	0:1239e9b70ca2	4262	AesCcmEncrypt(ssl->encrypt.aes,
wolfSSL	0:1239e9b70ca2	4263	out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
wolfSSL	0:1239e9b70ca2	4264	sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4265	nonce, AEAD_NONCE_SZ,
wolfSSL	0:1239e9b70ca2	4266	out + sz - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4267	ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4268	additional, AEAD_AUTH_DATA_SZ);
wolfSSL	0:1239e9b70ca2	4269	AeadIncrementExpIV(ssl);
wolfSSL	0:1239e9b70ca2	4270	XMEMSET(nonce, 0, AEAD_NONCE_SZ);
wolfSSL	0:1239e9b70ca2	4271
wolfSSL	0:1239e9b70ca2	4272	break;
wolfSSL	0:1239e9b70ca2	4273	}
wolfSSL	0:1239e9b70ca2	4274	#endif
wolfSSL	0:1239e9b70ca2	4275
wolfSSL	0:1239e9b70ca2	4276	#ifdef HAVE_CAMELLIA
wolfSSL	0:1239e9b70ca2	4277	case cyassl_camellia:
wolfSSL	0:1239e9b70ca2	4278	CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
wolfSSL	0:1239e9b70ca2	4279	break;
wolfSSL	0:1239e9b70ca2	4280	#endif
wolfSSL	0:1239e9b70ca2	4281
wolfSSL	0:1239e9b70ca2	4282	#ifdef HAVE_HC128
wolfSSL	0:1239e9b70ca2	4283	case cyassl_hc128:
wolfSSL	0:1239e9b70ca2	4284	return Hc128_Process(ssl->encrypt.hc128, out, input, sz);
wolfSSL	0:1239e9b70ca2	4285	#endif
wolfSSL	0:1239e9b70ca2	4286
wolfSSL	0:1239e9b70ca2	4287	#ifdef BUILD_RABBIT
wolfSSL	0:1239e9b70ca2	4288	case cyassl_rabbit:
wolfSSL	0:1239e9b70ca2	4289	return RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
wolfSSL	0:1239e9b70ca2	4290	#endif
wolfSSL	0:1239e9b70ca2	4291
wolfSSL	0:1239e9b70ca2	4292	#ifdef HAVE_NULL_CIPHER
wolfSSL	0:1239e9b70ca2	4293	case cyassl_cipher_null:
wolfSSL	0:1239e9b70ca2	4294	if (input != out) {
wolfSSL	0:1239e9b70ca2	4295	XMEMMOVE(out, input, sz);
wolfSSL	0:1239e9b70ca2	4296	}
wolfSSL	0:1239e9b70ca2	4297	break;
wolfSSL	0:1239e9b70ca2	4298	#endif
wolfSSL	0:1239e9b70ca2	4299
wolfSSL	0:1239e9b70ca2	4300	default:
wolfSSL	0:1239e9b70ca2	4301	CYASSL_MSG("CyaSSL Encrypt programming error");
wolfSSL	0:1239e9b70ca2	4302	return ENCRYPT_ERROR;
wolfSSL	0:1239e9b70ca2	4303	}
wolfSSL	0:1239e9b70ca2	4304
wolfSSL	0:1239e9b70ca2	4305	return 0;
wolfSSL	0:1239e9b70ca2	4306	}
wolfSSL	0:1239e9b70ca2	4307
wolfSSL	0:1239e9b70ca2	4308
wolfSSL	0:1239e9b70ca2	4309
wolfSSL	0:1239e9b70ca2	4310	static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
wolfSSL	0:1239e9b70ca2	4311	word16 sz)
wolfSSL	0:1239e9b70ca2	4312	{
wolfSSL	0:1239e9b70ca2	4313	(void)plain;
wolfSSL	0:1239e9b70ca2	4314	(void)input;
wolfSSL	0:1239e9b70ca2	4315	(void)sz;
wolfSSL	0:1239e9b70ca2	4316
wolfSSL	0:1239e9b70ca2	4317	if (ssl->decrypt.setup == 0) {
wolfSSL	0:1239e9b70ca2	4318	CYASSL_MSG("Decrypt ciphers not setup");
wolfSSL	0:1239e9b70ca2	4319	return DECRYPT_ERROR;
wolfSSL	0:1239e9b70ca2	4320	}
wolfSSL	0:1239e9b70ca2	4321
wolfSSL	0:1239e9b70ca2	4322	switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL	0:1239e9b70ca2	4323	#ifdef BUILD_ARC4
wolfSSL	0:1239e9b70ca2	4324	case cyassl_rc4:
wolfSSL	0:1239e9b70ca2	4325	Arc4Process(ssl->decrypt.arc4, plain, input, sz);
wolfSSL	0:1239e9b70ca2	4326	break;
wolfSSL	0:1239e9b70ca2	4327	#endif
wolfSSL	0:1239e9b70ca2	4328
wolfSSL	0:1239e9b70ca2	4329	#ifdef BUILD_DES3
wolfSSL	0:1239e9b70ca2	4330	case cyassl_triple_des:
wolfSSL	0:1239e9b70ca2	4331	return Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
wolfSSL	0:1239e9b70ca2	4332	#endif
wolfSSL	0:1239e9b70ca2	4333
wolfSSL	0:1239e9b70ca2	4334	#ifdef BUILD_AES
wolfSSL	0:1239e9b70ca2	4335	case cyassl_aes:
wolfSSL	0:1239e9b70ca2	4336	return AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
wolfSSL	0:1239e9b70ca2	4337	#endif
wolfSSL	0:1239e9b70ca2	4338
wolfSSL	0:1239e9b70ca2	4339	#ifdef BUILD_AESGCM
wolfSSL	0:1239e9b70ca2	4340	case cyassl_aes_gcm:
wolfSSL	0:1239e9b70ca2	4341	{
wolfSSL	0:1239e9b70ca2	4342	byte additional[AES_BLOCK_SIZE];
wolfSSL	0:1239e9b70ca2	4343	byte nonce[AEAD_NONCE_SZ];
wolfSSL	0:1239e9b70ca2	4344
wolfSSL	0:1239e9b70ca2	4345	XMEMSET(additional, 0, AES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	4346
wolfSSL	0:1239e9b70ca2	4347	/* sequence number field is 64-bits, we only use 32-bits */
wolfSSL	0:1239e9b70ca2	4348	c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
wolfSSL	0:1239e9b70ca2	4349
wolfSSL	0:1239e9b70ca2	4350	additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL	0:1239e9b70ca2	4351	additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL	0:1239e9b70ca2	4352	additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL	0:1239e9b70ca2	4353
wolfSSL	0:1239e9b70ca2	4354	c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4355	additional + AEAD_LEN_OFFSET);
wolfSSL	0:1239e9b70ca2	4356	XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
wolfSSL	0:1239e9b70ca2	4357	XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
wolfSSL	0:1239e9b70ca2	4358	if (AesGcmDecrypt(ssl->decrypt.aes,
wolfSSL	0:1239e9b70ca2	4359	plain + AEAD_EXP_IV_SZ,
wolfSSL	0:1239e9b70ca2	4360	input + AEAD_EXP_IV_SZ,
wolfSSL	0:1239e9b70ca2	4361	sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4362	nonce, AEAD_NONCE_SZ,
wolfSSL	0:1239e9b70ca2	4363	input + sz - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4364	ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4365	additional, AEAD_AUTH_DATA_SZ) < 0) {
wolfSSL	0:1239e9b70ca2	4366	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	0:1239e9b70ca2	4367	XMEMSET(nonce, 0, AEAD_NONCE_SZ);
wolfSSL	0:1239e9b70ca2	4368	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4369	}
wolfSSL	0:1239e9b70ca2	4370	XMEMSET(nonce, 0, AEAD_NONCE_SZ);
wolfSSL	0:1239e9b70ca2	4371	break;
wolfSSL	0:1239e9b70ca2	4372	}
wolfSSL	0:1239e9b70ca2	4373	#endif
wolfSSL	0:1239e9b70ca2	4374
wolfSSL	0:1239e9b70ca2	4375	#ifdef HAVE_AESCCM
wolfSSL	0:1239e9b70ca2	4376	case cyassl_aes_ccm:
wolfSSL	0:1239e9b70ca2	4377	{
wolfSSL	0:1239e9b70ca2	4378	byte additional[AES_BLOCK_SIZE];
wolfSSL	0:1239e9b70ca2	4379	byte nonce[AEAD_NONCE_SZ];
wolfSSL	0:1239e9b70ca2	4380
wolfSSL	0:1239e9b70ca2	4381	XMEMSET(additional, 0, AES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	4382
wolfSSL	0:1239e9b70ca2	4383	/* sequence number field is 64-bits, we only use 32-bits */
wolfSSL	0:1239e9b70ca2	4384	c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
wolfSSL	0:1239e9b70ca2	4385
wolfSSL	0:1239e9b70ca2	4386	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4387	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	4388	c16toa(ssl->keys.dtls_state.curEpoch, additional);
wolfSSL	0:1239e9b70ca2	4389	#endif
wolfSSL	0:1239e9b70ca2	4390
wolfSSL	0:1239e9b70ca2	4391	additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL	0:1239e9b70ca2	4392	additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL	0:1239e9b70ca2	4393	additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL	0:1239e9b70ca2	4394
wolfSSL	0:1239e9b70ca2	4395	c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4396	additional + AEAD_LEN_OFFSET);
wolfSSL	0:1239e9b70ca2	4397	XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
wolfSSL	0:1239e9b70ca2	4398	XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
wolfSSL	0:1239e9b70ca2	4399	if (AesCcmDecrypt(ssl->decrypt.aes,
wolfSSL	0:1239e9b70ca2	4400	plain + AEAD_EXP_IV_SZ,
wolfSSL	0:1239e9b70ca2	4401	input + AEAD_EXP_IV_SZ,
wolfSSL	0:1239e9b70ca2	4402	sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4403	nonce, AEAD_NONCE_SZ,
wolfSSL	0:1239e9b70ca2	4404	input + sz - ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4405	ssl->specs.aead_mac_size,
wolfSSL	0:1239e9b70ca2	4406	additional, AEAD_AUTH_DATA_SZ) < 0) {
wolfSSL	0:1239e9b70ca2	4407	SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL	0:1239e9b70ca2	4408	XMEMSET(nonce, 0, AEAD_NONCE_SZ);
wolfSSL	0:1239e9b70ca2	4409	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4410	}
wolfSSL	0:1239e9b70ca2	4411	XMEMSET(nonce, 0, AEAD_NONCE_SZ);
wolfSSL	0:1239e9b70ca2	4412	break;
wolfSSL	0:1239e9b70ca2	4413	}
wolfSSL	0:1239e9b70ca2	4414	#endif
wolfSSL	0:1239e9b70ca2	4415
wolfSSL	0:1239e9b70ca2	4416	#ifdef HAVE_CAMELLIA
wolfSSL	0:1239e9b70ca2	4417	case cyassl_camellia:
wolfSSL	0:1239e9b70ca2	4418	CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
wolfSSL	0:1239e9b70ca2	4419	break;
wolfSSL	0:1239e9b70ca2	4420	#endif
wolfSSL	0:1239e9b70ca2	4421
wolfSSL	0:1239e9b70ca2	4422	#ifdef HAVE_HC128
wolfSSL	0:1239e9b70ca2	4423	case cyassl_hc128:
wolfSSL	0:1239e9b70ca2	4424	return Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
wolfSSL	0:1239e9b70ca2	4425	#endif
wolfSSL	0:1239e9b70ca2	4426
wolfSSL	0:1239e9b70ca2	4427	#ifdef BUILD_RABBIT
wolfSSL	0:1239e9b70ca2	4428	case cyassl_rabbit:
wolfSSL	0:1239e9b70ca2	4429	return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
wolfSSL	0:1239e9b70ca2	4430	#endif
wolfSSL	0:1239e9b70ca2	4431
wolfSSL	0:1239e9b70ca2	4432	#ifdef HAVE_NULL_CIPHER
wolfSSL	0:1239e9b70ca2	4433	case cyassl_cipher_null:
wolfSSL	0:1239e9b70ca2	4434	if (input != plain) {
wolfSSL	0:1239e9b70ca2	4435	XMEMMOVE(plain, input, sz);
wolfSSL	0:1239e9b70ca2	4436	}
wolfSSL	0:1239e9b70ca2	4437	break;
wolfSSL	0:1239e9b70ca2	4438	#endif
wolfSSL	0:1239e9b70ca2	4439
wolfSSL	0:1239e9b70ca2	4440	default:
wolfSSL	0:1239e9b70ca2	4441	CYASSL_MSG("CyaSSL Decrypt programming error");
wolfSSL	0:1239e9b70ca2	4442	return DECRYPT_ERROR;
wolfSSL	0:1239e9b70ca2	4443	}
wolfSSL	0:1239e9b70ca2	4444	return 0;
wolfSSL	0:1239e9b70ca2	4445	}
wolfSSL	0:1239e9b70ca2	4446
wolfSSL	0:1239e9b70ca2	4447
wolfSSL	0:1239e9b70ca2	4448	/* check cipher text size for sanity */
wolfSSL	0:1239e9b70ca2	4449	static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
wolfSSL	0:1239e9b70ca2	4450	{
wolfSSL	0:1239e9b70ca2	4451	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	0:1239e9b70ca2	4452	word32 minLength = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ
wolfSSL	0:1239e9b70ca2	4453	: ssl->specs.hash_size;
wolfSSL	0:1239e9b70ca2	4454	#else
wolfSSL	0:1239e9b70ca2	4455	word32 minLength = ssl->specs.hash_size; /* covers stream */
wolfSSL	0:1239e9b70ca2	4456	#endif
wolfSSL	0:1239e9b70ca2	4457
wolfSSL	0:1239e9b70ca2	4458	if (ssl->specs.cipher_type == block) {
wolfSSL	0:1239e9b70ca2	4459	if (encryptSz % ssl->specs.block_size) {
wolfSSL	0:1239e9b70ca2	4460	CYASSL_MSG("Block ciphertext not block size");
wolfSSL	0:1239e9b70ca2	4461	return SANITY_CIPHER_E;
wolfSSL	0:1239e9b70ca2	4462	}
wolfSSL	0:1239e9b70ca2	4463
wolfSSL	0:1239e9b70ca2	4464	minLength++; /* pad byte */
wolfSSL	0:1239e9b70ca2	4465
wolfSSL	0:1239e9b70ca2	4466	if (ssl->specs.block_size > minLength)
wolfSSL	0:1239e9b70ca2	4467	minLength = ssl->specs.block_size;
wolfSSL	0:1239e9b70ca2	4468
wolfSSL	0:1239e9b70ca2	4469	if (ssl->options.tls1_1)
wolfSSL	0:1239e9b70ca2	4470	minLength += ssl->specs.block_size; /* explicit IV */
wolfSSL	0:1239e9b70ca2	4471	}
wolfSSL	0:1239e9b70ca2	4472	else if (ssl->specs.cipher_type == aead) {
wolfSSL	0:1239e9b70ca2	4473	minLength = ssl->specs.aead_mac_size + AEAD_EXP_IV_SZ;
wolfSSL	0:1239e9b70ca2	4474	/* explicit IV + authTag size */
wolfSSL	0:1239e9b70ca2	4475	}
wolfSSL	0:1239e9b70ca2	4476
wolfSSL	0:1239e9b70ca2	4477	if (encryptSz < minLength) {
wolfSSL	0:1239e9b70ca2	4478	CYASSL_MSG("Ciphertext not minimum size");
wolfSSL	0:1239e9b70ca2	4479	return SANITY_CIPHER_E;
wolfSSL	0:1239e9b70ca2	4480	}
wolfSSL	0:1239e9b70ca2	4481
wolfSSL	0:1239e9b70ca2	4482	return 0;
wolfSSL	0:1239e9b70ca2	4483	}
wolfSSL	0:1239e9b70ca2	4484
wolfSSL	0:1239e9b70ca2	4485
wolfSSL	0:1239e9b70ca2	4486	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	4487
wolfSSL	0:1239e9b70ca2	4488	static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
wolfSSL	0:1239e9b70ca2	4489	{
wolfSSL	0:1239e9b70ca2	4490	Md5 md5;
wolfSSL	0:1239e9b70ca2	4491	int i;
wolfSSL	0:1239e9b70ca2	4492
wolfSSL	0:1239e9b70ca2	4493	InitMd5(&md5);
wolfSSL	0:1239e9b70ca2	4494
wolfSSL	0:1239e9b70ca2	4495	for (i = 0; i < rounds; i++)
wolfSSL	0:1239e9b70ca2	4496	Md5Update(&md5, data, sz);
wolfSSL	0:1239e9b70ca2	4497	}
wolfSSL	0:1239e9b70ca2	4498
wolfSSL	0:1239e9b70ca2	4499
wolfSSL	0:1239e9b70ca2	4500
wolfSSL	0:1239e9b70ca2	4501	/* do a dummy sha round */
wolfSSL	0:1239e9b70ca2	4502	static INLINE void ShaRounds(int rounds, const byte* data, int sz)
wolfSSL	0:1239e9b70ca2	4503	{
wolfSSL	0:1239e9b70ca2	4504	Sha sha;
wolfSSL	0:1239e9b70ca2	4505	int i;
wolfSSL	0:1239e9b70ca2	4506
wolfSSL	0:1239e9b70ca2	4507	InitSha(&sha); /* no error check on purpose, dummy round */
wolfSSL	0:1239e9b70ca2	4508
wolfSSL	0:1239e9b70ca2	4509	for (i = 0; i < rounds; i++)
wolfSSL	0:1239e9b70ca2	4510	ShaUpdate(&sha, data, sz);
wolfSSL	0:1239e9b70ca2	4511	}
wolfSSL	0:1239e9b70ca2	4512	#endif
wolfSSL	0:1239e9b70ca2	4513
wolfSSL	0:1239e9b70ca2	4514
wolfSSL	0:1239e9b70ca2	4515	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	4516
wolfSSL	0:1239e9b70ca2	4517	static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
wolfSSL	0:1239e9b70ca2	4518	{
wolfSSL	0:1239e9b70ca2	4519	Sha256 sha256;
wolfSSL	0:1239e9b70ca2	4520	int i;
wolfSSL	0:1239e9b70ca2	4521
wolfSSL	0:1239e9b70ca2	4522	InitSha256(&sha256); /* no error check on purpose, dummy round */
wolfSSL	0:1239e9b70ca2	4523
wolfSSL	0:1239e9b70ca2	4524	for (i = 0; i < rounds; i++) {
wolfSSL	0:1239e9b70ca2	4525	Sha256Update(&sha256, data, sz);
wolfSSL	0:1239e9b70ca2	4526	/* no error check on purpose, dummy round */
wolfSSL	0:1239e9b70ca2	4527	}
wolfSSL	0:1239e9b70ca2	4528
wolfSSL	0:1239e9b70ca2	4529	}
wolfSSL	0:1239e9b70ca2	4530
wolfSSL	0:1239e9b70ca2	4531	#endif
wolfSSL	0:1239e9b70ca2	4532
wolfSSL	0:1239e9b70ca2	4533
wolfSSL	0:1239e9b70ca2	4534	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	4535
wolfSSL	0:1239e9b70ca2	4536	static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
wolfSSL	0:1239e9b70ca2	4537	{
wolfSSL	0:1239e9b70ca2	4538	Sha384 sha384;
wolfSSL	0:1239e9b70ca2	4539	int i;
wolfSSL	0:1239e9b70ca2	4540
wolfSSL	0:1239e9b70ca2	4541	InitSha384(&sha384); /* no error check on purpose, dummy round */
wolfSSL	0:1239e9b70ca2	4542
wolfSSL	0:1239e9b70ca2	4543	for (i = 0; i < rounds; i++) {
wolfSSL	0:1239e9b70ca2	4544	Sha384Update(&sha384, data, sz);
wolfSSL	0:1239e9b70ca2	4545	/* no error check on purpose, dummy round */
wolfSSL	0:1239e9b70ca2	4546	}
wolfSSL	0:1239e9b70ca2	4547	}
wolfSSL	0:1239e9b70ca2	4548
wolfSSL	0:1239e9b70ca2	4549	#endif
wolfSSL	0:1239e9b70ca2	4550
wolfSSL	0:1239e9b70ca2	4551
wolfSSL	0:1239e9b70ca2	4552	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	4553
wolfSSL	0:1239e9b70ca2	4554	static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
wolfSSL	0:1239e9b70ca2	4555	{
wolfSSL	0:1239e9b70ca2	4556	Sha512 sha512;
wolfSSL	0:1239e9b70ca2	4557	int i;
wolfSSL	0:1239e9b70ca2	4558
wolfSSL	0:1239e9b70ca2	4559	InitSha512(&sha512); /* no error check on purpose, dummy round */
wolfSSL	0:1239e9b70ca2	4560
wolfSSL	0:1239e9b70ca2	4561	for (i = 0; i < rounds; i++) {
wolfSSL	0:1239e9b70ca2	4562	Sha512Update(&sha512, data, sz);
wolfSSL	0:1239e9b70ca2	4563	/* no error check on purpose, dummy round */
wolfSSL	0:1239e9b70ca2	4564	}
wolfSSL	0:1239e9b70ca2	4565	}
wolfSSL	0:1239e9b70ca2	4566
wolfSSL	0:1239e9b70ca2	4567	#endif
wolfSSL	0:1239e9b70ca2	4568
wolfSSL	0:1239e9b70ca2	4569
wolfSSL	0:1239e9b70ca2	4570	#ifdef CYASSL_RIPEMD
wolfSSL	0:1239e9b70ca2	4571
wolfSSL	0:1239e9b70ca2	4572	static INLINE void RmdRounds(int rounds, const byte* data, int sz)
wolfSSL	0:1239e9b70ca2	4573	{
wolfSSL	0:1239e9b70ca2	4574	RipeMd ripemd;
wolfSSL	0:1239e9b70ca2	4575	int i;
wolfSSL	0:1239e9b70ca2	4576
wolfSSL	0:1239e9b70ca2	4577	InitRipeMd(&ripemd);
wolfSSL	0:1239e9b70ca2	4578
wolfSSL	0:1239e9b70ca2	4579	for (i = 0; i < rounds; i++)
wolfSSL	0:1239e9b70ca2	4580	RipeMdUpdate(&ripemd, data, sz);
wolfSSL	0:1239e9b70ca2	4581	}
wolfSSL	0:1239e9b70ca2	4582
wolfSSL	0:1239e9b70ca2	4583	#endif
wolfSSL	0:1239e9b70ca2	4584
wolfSSL	0:1239e9b70ca2	4585
wolfSSL	0:1239e9b70ca2	4586	/* Do dummy rounds */
wolfSSL	0:1239e9b70ca2	4587	static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
wolfSSL	0:1239e9b70ca2	4588	{
wolfSSL	0:1239e9b70ca2	4589	switch (type) {
wolfSSL	0:1239e9b70ca2	4590
wolfSSL	0:1239e9b70ca2	4591	case no_mac :
wolfSSL	0:1239e9b70ca2	4592	break;
wolfSSL	0:1239e9b70ca2	4593
wolfSSL	0:1239e9b70ca2	4594	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	4595	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	4596	case md5_mac :
wolfSSL	0:1239e9b70ca2	4597	Md5Rounds(rounds, data, sz);
wolfSSL	0:1239e9b70ca2	4598	break;
wolfSSL	0:1239e9b70ca2	4599	#endif
wolfSSL	0:1239e9b70ca2	4600
wolfSSL	0:1239e9b70ca2	4601	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	4602	case sha_mac :
wolfSSL	0:1239e9b70ca2	4603	ShaRounds(rounds, data, sz);
wolfSSL	0:1239e9b70ca2	4604	break;
wolfSSL	0:1239e9b70ca2	4605	#endif
wolfSSL	0:1239e9b70ca2	4606	#endif
wolfSSL	0:1239e9b70ca2	4607
wolfSSL	0:1239e9b70ca2	4608	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	4609	case sha256_mac :
wolfSSL	0:1239e9b70ca2	4610	Sha256Rounds(rounds, data, sz);
wolfSSL	0:1239e9b70ca2	4611	break;
wolfSSL	0:1239e9b70ca2	4612	#endif
wolfSSL	0:1239e9b70ca2	4613
wolfSSL	0:1239e9b70ca2	4614	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	4615	case sha384_mac :
wolfSSL	0:1239e9b70ca2	4616	Sha384Rounds(rounds, data, sz);
wolfSSL	0:1239e9b70ca2	4617	break;
wolfSSL	0:1239e9b70ca2	4618	#endif
wolfSSL	0:1239e9b70ca2	4619
wolfSSL	0:1239e9b70ca2	4620	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	4621	case sha512_mac :
wolfSSL	0:1239e9b70ca2	4622	Sha512Rounds(rounds, data, sz);
wolfSSL	0:1239e9b70ca2	4623	break;
wolfSSL	0:1239e9b70ca2	4624	#endif
wolfSSL	0:1239e9b70ca2	4625
wolfSSL	0:1239e9b70ca2	4626	#ifdef CYASSL_RIPEMD
wolfSSL	0:1239e9b70ca2	4627	case rmd_mac :
wolfSSL	0:1239e9b70ca2	4628	RmdRounds(rounds, data, sz);
wolfSSL	0:1239e9b70ca2	4629	break;
wolfSSL	0:1239e9b70ca2	4630	#endif
wolfSSL	0:1239e9b70ca2	4631
wolfSSL	0:1239e9b70ca2	4632	default:
wolfSSL	0:1239e9b70ca2	4633	CYASSL_MSG("Bad round type");
wolfSSL	0:1239e9b70ca2	4634	break;
wolfSSL	0:1239e9b70ca2	4635	}
wolfSSL	0:1239e9b70ca2	4636	}
wolfSSL	0:1239e9b70ca2	4637
wolfSSL	0:1239e9b70ca2	4638
wolfSSL	0:1239e9b70ca2	4639	/* do number of compression rounds on dummy data */
wolfSSL	0:1239e9b70ca2	4640	static INLINE void CompressRounds(CYASSL* ssl, int rounds, const byte* dummy)
wolfSSL	0:1239e9b70ca2	4641	{
wolfSSL	0:1239e9b70ca2	4642	if (rounds)
wolfSSL	0:1239e9b70ca2	4643	DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER);
wolfSSL	0:1239e9b70ca2	4644	}
wolfSSL	0:1239e9b70ca2	4645
wolfSSL	0:1239e9b70ca2	4646
wolfSSL	0:1239e9b70ca2	4647	/* check all length bytes for equality, return 0 on success */
wolfSSL	0:1239e9b70ca2	4648	static int ConstantCompare(const byte* a, const byte* b, int length)
wolfSSL	0:1239e9b70ca2	4649	{
wolfSSL	0:1239e9b70ca2	4650	int i;
wolfSSL	0:1239e9b70ca2	4651	int good = 0;
wolfSSL	0:1239e9b70ca2	4652	int bad = 0;
wolfSSL	0:1239e9b70ca2	4653
wolfSSL	0:1239e9b70ca2	4654	for (i = 0; i < length; i++) {
wolfSSL	0:1239e9b70ca2	4655	if (a[i] == b[i])
wolfSSL	0:1239e9b70ca2	4656	good++;
wolfSSL	0:1239e9b70ca2	4657	else
wolfSSL	0:1239e9b70ca2	4658	bad++;
wolfSSL	0:1239e9b70ca2	4659	}
wolfSSL	0:1239e9b70ca2	4660
wolfSSL	0:1239e9b70ca2	4661	if (good == length)
wolfSSL	0:1239e9b70ca2	4662	return 0;
wolfSSL	0:1239e9b70ca2	4663	else
wolfSSL	0:1239e9b70ca2	4664	return 0 - bad; /* compare failed */
wolfSSL	0:1239e9b70ca2	4665	}
wolfSSL	0:1239e9b70ca2	4666
wolfSSL	0:1239e9b70ca2	4667
wolfSSL	0:1239e9b70ca2	4668	/* check all length bytes for the pad value, return 0 on success */
wolfSSL	0:1239e9b70ca2	4669	static int PadCheck(const byte* input, byte pad, int length)
wolfSSL	0:1239e9b70ca2	4670	{
wolfSSL	0:1239e9b70ca2	4671	int i;
wolfSSL	0:1239e9b70ca2	4672	int good = 0;
wolfSSL	0:1239e9b70ca2	4673	int bad = 0;
wolfSSL	0:1239e9b70ca2	4674
wolfSSL	0:1239e9b70ca2	4675	for (i = 0; i < length; i++) {
wolfSSL	0:1239e9b70ca2	4676	if (input[i] == pad)
wolfSSL	0:1239e9b70ca2	4677	good++;
wolfSSL	0:1239e9b70ca2	4678	else
wolfSSL	0:1239e9b70ca2	4679	bad++;
wolfSSL	0:1239e9b70ca2	4680	}
wolfSSL	0:1239e9b70ca2	4681
wolfSSL	0:1239e9b70ca2	4682	if (good == length)
wolfSSL	0:1239e9b70ca2	4683	return 0;
wolfSSL	0:1239e9b70ca2	4684	else
wolfSSL	0:1239e9b70ca2	4685	return 0 - bad; /* pad check failed */
wolfSSL	0:1239e9b70ca2	4686	}
wolfSSL	0:1239e9b70ca2	4687
wolfSSL	0:1239e9b70ca2	4688
wolfSSL	0:1239e9b70ca2	4689	/* get compression extra rounds */
wolfSSL	0:1239e9b70ca2	4690	static INLINE int GetRounds(int pLen, int padLen, int t)
wolfSSL	0:1239e9b70ca2	4691	{
wolfSSL	0:1239e9b70ca2	4692	int roundL1 = 1; /* round up flags */
wolfSSL	0:1239e9b70ca2	4693	int roundL2 = 1;
wolfSSL	0:1239e9b70ca2	4694
wolfSSL	0:1239e9b70ca2	4695	int L1 = COMPRESS_CONSTANT + pLen - t;
wolfSSL	0:1239e9b70ca2	4696	int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t;
wolfSSL	0:1239e9b70ca2	4697
wolfSSL	0:1239e9b70ca2	4698	L1 -= COMPRESS_UPPER;
wolfSSL	0:1239e9b70ca2	4699	L2 -= COMPRESS_UPPER;
wolfSSL	0:1239e9b70ca2	4700
wolfSSL	0:1239e9b70ca2	4701	if ( (L1 % COMPRESS_LOWER) == 0)
wolfSSL	0:1239e9b70ca2	4702	roundL1 = 0;
wolfSSL	0:1239e9b70ca2	4703	if ( (L2 % COMPRESS_LOWER) == 0)
wolfSSL	0:1239e9b70ca2	4704	roundL2 = 0;
wolfSSL	0:1239e9b70ca2	4705
wolfSSL	0:1239e9b70ca2	4706	L1 /= COMPRESS_LOWER;
wolfSSL	0:1239e9b70ca2	4707	L2 /= COMPRESS_LOWER;
wolfSSL	0:1239e9b70ca2	4708
wolfSSL	0:1239e9b70ca2	4709	L1 += roundL1;
wolfSSL	0:1239e9b70ca2	4710	L2 += roundL2;
wolfSSL	0:1239e9b70ca2	4711
wolfSSL	0:1239e9b70ca2	4712	return L1 - L2;
wolfSSL	0:1239e9b70ca2	4713	}
wolfSSL	0:1239e9b70ca2	4714
wolfSSL	0:1239e9b70ca2	4715
wolfSSL	0:1239e9b70ca2	4716	/* timing resistant pad/verify check, return 0 on success */
wolfSSL	0:1239e9b70ca2	4717	static int TimingPadVerify(CYASSL* ssl, const byte* input, int padLen, int t,
wolfSSL	0:1239e9b70ca2	4718	int pLen, int content)
wolfSSL	0:1239e9b70ca2	4719	{
wolfSSL	0:1239e9b70ca2	4720	byte verify[MAX_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	4721	byte dummy[MAX_PAD_SIZE];
wolfSSL	0:1239e9b70ca2	4722	int ret = 0;
wolfSSL	0:1239e9b70ca2	4723
wolfSSL	0:1239e9b70ca2	4724	XMEMSET(dummy, 1, sizeof(dummy));
wolfSSL	0:1239e9b70ca2	4725
wolfSSL	0:1239e9b70ca2	4726	if ( (t + padLen + 1) > pLen) {
wolfSSL	0:1239e9b70ca2	4727	CYASSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL	0:1239e9b70ca2	4728	PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
wolfSSL	0:1239e9b70ca2	4729	ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL	0:1239e9b70ca2	4730	ConstantCompare(verify, input + pLen - t, t);
wolfSSL	0:1239e9b70ca2	4731
wolfSSL	0:1239e9b70ca2	4732	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4733	}
wolfSSL	0:1239e9b70ca2	4734
wolfSSL	0:1239e9b70ca2	4735	if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) {
wolfSSL	0:1239e9b70ca2	4736	CYASSL_MSG("PadCheck failed");
wolfSSL	0:1239e9b70ca2	4737	PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL	0:1239e9b70ca2	4738	ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL	0:1239e9b70ca2	4739	ConstantCompare(verify, input + pLen - t, t);
wolfSSL	0:1239e9b70ca2	4740
wolfSSL	0:1239e9b70ca2	4741	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4742	}
wolfSSL	0:1239e9b70ca2	4743
wolfSSL	0:1239e9b70ca2	4744	PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL	0:1239e9b70ca2	4745	ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1);
wolfSSL	0:1239e9b70ca2	4746
wolfSSL	0:1239e9b70ca2	4747	CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy);
wolfSSL	0:1239e9b70ca2	4748
wolfSSL	0:1239e9b70ca2	4749	if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) {
wolfSSL	0:1239e9b70ca2	4750	CYASSL_MSG("Verify MAC compare failed");
wolfSSL	0:1239e9b70ca2	4751	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4752	}
wolfSSL	0:1239e9b70ca2	4753
wolfSSL	0:1239e9b70ca2	4754	if (ret != 0)
wolfSSL	0:1239e9b70ca2	4755	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4756	return 0;
wolfSSL	0:1239e9b70ca2	4757	}
wolfSSL	0:1239e9b70ca2	4758
wolfSSL	0:1239e9b70ca2	4759
wolfSSL	0:1239e9b70ca2	4760	int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx)
wolfSSL	0:1239e9b70ca2	4761	{
wolfSSL	0:1239e9b70ca2	4762	word32 msgSz = ssl->keys.encryptSz;
wolfSSL	0:1239e9b70ca2	4763	word32 idx = *inOutIdx;
wolfSSL	0:1239e9b70ca2	4764	int dataSz;
wolfSSL	0:1239e9b70ca2	4765	int ivExtra = 0;
wolfSSL	0:1239e9b70ca2	4766	byte* rawData = input + idx; /* keep current for hmac */
wolfSSL	0:1239e9b70ca2	4767	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	4768	byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL	0:1239e9b70ca2	4769	#endif
wolfSSL	0:1239e9b70ca2	4770
wolfSSL	0:1239e9b70ca2	4771	if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL	0:1239e9b70ca2	4772	CYASSL_MSG("Received App data before handshake complete");
wolfSSL	0:1239e9b70ca2	4773	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	0:1239e9b70ca2	4774	return OUT_OF_ORDER_E;
wolfSSL	0:1239e9b70ca2	4775	}
wolfSSL	0:1239e9b70ca2	4776
wolfSSL	0:1239e9b70ca2	4777	if (ssl->specs.cipher_type == block) {
wolfSSL	0:1239e9b70ca2	4778	if (ssl->options.tls1_1)
wolfSSL	0:1239e9b70ca2	4779	ivExtra = ssl->specs.block_size;
wolfSSL	0:1239e9b70ca2	4780	}
wolfSSL	0:1239e9b70ca2	4781	else if (ssl->specs.cipher_type == aead) {
wolfSSL	0:1239e9b70ca2	4782	ivExtra = AEAD_EXP_IV_SZ;
wolfSSL	0:1239e9b70ca2	4783	}
wolfSSL	0:1239e9b70ca2	4784
wolfSSL	0:1239e9b70ca2	4785	dataSz = msgSz - ivExtra - ssl->keys.padSz;
wolfSSL	0:1239e9b70ca2	4786	if (dataSz < 0) {
wolfSSL	0:1239e9b70ca2	4787	CYASSL_MSG("App data buffer error, malicious input?");
wolfSSL	0:1239e9b70ca2	4788	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	4789	}
wolfSSL	0:1239e9b70ca2	4790
wolfSSL	0:1239e9b70ca2	4791	/* read data */
wolfSSL	0:1239e9b70ca2	4792	if (dataSz) {
wolfSSL	0:1239e9b70ca2	4793	int rawSz = dataSz; /* keep raw size for idx adjustment */
wolfSSL	0:1239e9b70ca2	4794
wolfSSL	0:1239e9b70ca2	4795	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	4796	if (ssl->options.usingCompression) {
wolfSSL	0:1239e9b70ca2	4797	dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp));
wolfSSL	0:1239e9b70ca2	4798	if (dataSz < 0) return dataSz;
wolfSSL	0:1239e9b70ca2	4799	}
wolfSSL	0:1239e9b70ca2	4800	#endif
wolfSSL	0:1239e9b70ca2	4801	idx += rawSz;
wolfSSL	0:1239e9b70ca2	4802
wolfSSL	0:1239e9b70ca2	4803	ssl->buffers.clearOutputBuffer.buffer = rawData;
wolfSSL	0:1239e9b70ca2	4804	ssl->buffers.clearOutputBuffer.length = dataSz;
wolfSSL	0:1239e9b70ca2	4805	}
wolfSSL	0:1239e9b70ca2	4806
wolfSSL	0:1239e9b70ca2	4807	idx += ssl->keys.padSz;
wolfSSL	0:1239e9b70ca2	4808
wolfSSL	0:1239e9b70ca2	4809	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	4810	/* decompress could be bigger, overwrite after verify */
wolfSSL	0:1239e9b70ca2	4811	if (ssl->options.usingCompression)
wolfSSL	0:1239e9b70ca2	4812	XMEMMOVE(rawData, decomp, dataSz);
wolfSSL	0:1239e9b70ca2	4813	#endif
wolfSSL	0:1239e9b70ca2	4814
wolfSSL	0:1239e9b70ca2	4815	*inOutIdx = idx;
wolfSSL	0:1239e9b70ca2	4816	return 0;
wolfSSL	0:1239e9b70ca2	4817	}
wolfSSL	0:1239e9b70ca2	4818
wolfSSL	0:1239e9b70ca2	4819
wolfSSL	0:1239e9b70ca2	4820	/* process alert, return level */
wolfSSL	0:1239e9b70ca2	4821	static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type,
wolfSSL	0:1239e9b70ca2	4822	word32 totalSz)
wolfSSL	0:1239e9b70ca2	4823	{
wolfSSL	0:1239e9b70ca2	4824	byte level;
wolfSSL	0:1239e9b70ca2	4825	byte code;
wolfSSL	0:1239e9b70ca2	4826
wolfSSL	0:1239e9b70ca2	4827	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	4828	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	4829	AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	4830	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	4831	/* add record header back on to info + 2 byte level, data */
wolfSSL	0:1239e9b70ca2	4832	AddPacketInfo("Alert", &ssl->timeoutInfo, input + *inOutIdx -
wolfSSL	0:1239e9b70ca2	4833	RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
wolfSSL	0:1239e9b70ca2	4834	#endif
wolfSSL	0:1239e9b70ca2	4835
wolfSSL	0:1239e9b70ca2	4836	/* make sure can read the message */
wolfSSL	0:1239e9b70ca2	4837	if (*inOutIdx + ALERT_SIZE > totalSz)
wolfSSL	0:1239e9b70ca2	4838	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	4839
wolfSSL	0:1239e9b70ca2	4840	level = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	4841	code = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	4842	ssl->alert_history.last_rx.code = code;
wolfSSL	0:1239e9b70ca2	4843	ssl->alert_history.last_rx.level = level;
wolfSSL	0:1239e9b70ca2	4844	*type = code;
wolfSSL	0:1239e9b70ca2	4845	if (level == alert_fatal) {
wolfSSL	0:1239e9b70ca2	4846	ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL	0:1239e9b70ca2	4847	}
wolfSSL	0:1239e9b70ca2	4848
wolfSSL	0:1239e9b70ca2	4849	CYASSL_MSG("Got alert");
wolfSSL	0:1239e9b70ca2	4850	if (*type == close_notify) {
wolfSSL	0:1239e9b70ca2	4851	CYASSL_MSG(" close notify");
wolfSSL	0:1239e9b70ca2	4852	ssl->options.closeNotify = 1;
wolfSSL	0:1239e9b70ca2	4853	}
wolfSSL	0:1239e9b70ca2	4854	CYASSL_ERROR(*type);
wolfSSL	0:1239e9b70ca2	4855
wolfSSL	0:1239e9b70ca2	4856	if (ssl->keys.encryptionOn) {
wolfSSL	0:1239e9b70ca2	4857	if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL	0:1239e9b70ca2	4858	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	4859	*inOutIdx += ssl->keys.padSz;
wolfSSL	0:1239e9b70ca2	4860	}
wolfSSL	0:1239e9b70ca2	4861
wolfSSL	0:1239e9b70ca2	4862	return level;
wolfSSL	0:1239e9b70ca2	4863	}
wolfSSL	0:1239e9b70ca2	4864
wolfSSL	0:1239e9b70ca2	4865	static int GetInputData(CYASSL *ssl, word32 size)
wolfSSL	0:1239e9b70ca2	4866	{
wolfSSL	0:1239e9b70ca2	4867	int in;
wolfSSL	0:1239e9b70ca2	4868	int inSz;
wolfSSL	0:1239e9b70ca2	4869	int maxLength;
wolfSSL	0:1239e9b70ca2	4870	int usedLength;
wolfSSL	0:1239e9b70ca2	4871	int dtlsExtra = 0;
wolfSSL	0:1239e9b70ca2	4872
wolfSSL	0:1239e9b70ca2	4873
wolfSSL	0:1239e9b70ca2	4874	/* check max input length */
wolfSSL	0:1239e9b70ca2	4875	usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
wolfSSL	0:1239e9b70ca2	4876	maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength;
wolfSSL	0:1239e9b70ca2	4877	inSz = (int)(size - usedLength); /* from last partial read */
wolfSSL	0:1239e9b70ca2	4878
wolfSSL	0:1239e9b70ca2	4879	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4880	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	4881	if (size < ssl->dtls_expected_rx)
wolfSSL	0:1239e9b70ca2	4882	dtlsExtra = (int)(ssl->dtls_expected_rx - size);
wolfSSL	0:1239e9b70ca2	4883	inSz = ssl->dtls_expected_rx;
wolfSSL	0:1239e9b70ca2	4884	}
wolfSSL	0:1239e9b70ca2	4885	#endif
wolfSSL	0:1239e9b70ca2	4886
wolfSSL	0:1239e9b70ca2	4887	if (inSz > maxLength) {
wolfSSL	0:1239e9b70ca2	4888	if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
wolfSSL	0:1239e9b70ca2	4889	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	4890	}
wolfSSL	0:1239e9b70ca2	4891
wolfSSL	0:1239e9b70ca2	4892	if (inSz <= 0)
wolfSSL	0:1239e9b70ca2	4893	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	4894
wolfSSL	0:1239e9b70ca2	4895	/* Put buffer data at start if not there */
wolfSSL	0:1239e9b70ca2	4896	if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
wolfSSL	0:1239e9b70ca2	4897	XMEMMOVE(ssl->buffers.inputBuffer.buffer,
wolfSSL	0:1239e9b70ca2	4898	ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	4899	usedLength);
wolfSSL	0:1239e9b70ca2	4900
wolfSSL	0:1239e9b70ca2	4901	/* remove processed data */
wolfSSL	0:1239e9b70ca2	4902	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	0:1239e9b70ca2	4903	ssl->buffers.inputBuffer.length = usedLength;
wolfSSL	0:1239e9b70ca2	4904
wolfSSL	0:1239e9b70ca2	4905	/* read data from network */
wolfSSL	0:1239e9b70ca2	4906	do {
wolfSSL	0:1239e9b70ca2	4907	in = Receive(ssl,
wolfSSL	0:1239e9b70ca2	4908	ssl->buffers.inputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	4909	ssl->buffers.inputBuffer.length,
wolfSSL	0:1239e9b70ca2	4910	inSz);
wolfSSL	0:1239e9b70ca2	4911	if (in == -1)
wolfSSL	0:1239e9b70ca2	4912	return SOCKET_ERROR_E;
wolfSSL	0:1239e9b70ca2	4913
wolfSSL	0:1239e9b70ca2	4914	if (in == WANT_READ)
wolfSSL	0:1239e9b70ca2	4915	return WANT_READ;
wolfSSL	0:1239e9b70ca2	4916
wolfSSL	0:1239e9b70ca2	4917	if (in > inSz)
wolfSSL	0:1239e9b70ca2	4918	return RECV_OVERFLOW_E;
wolfSSL	0:1239e9b70ca2	4919
wolfSSL	0:1239e9b70ca2	4920	ssl->buffers.inputBuffer.length += in;
wolfSSL	0:1239e9b70ca2	4921	inSz -= in;
wolfSSL	0:1239e9b70ca2	4922
wolfSSL	0:1239e9b70ca2	4923	} while (ssl->buffers.inputBuffer.length < size);
wolfSSL	0:1239e9b70ca2	4924
wolfSSL	0:1239e9b70ca2	4925	return 0;
wolfSSL	0:1239e9b70ca2	4926	}
wolfSSL	0:1239e9b70ca2	4927
wolfSSL	0:1239e9b70ca2	4928
wolfSSL	0:1239e9b70ca2	4929	static INLINE int VerifyMac(CYASSL* ssl, const byte* input, word32 msgSz,
wolfSSL	0:1239e9b70ca2	4930	int content, word32* padSz)
wolfSSL	0:1239e9b70ca2	4931	{
wolfSSL	0:1239e9b70ca2	4932	int ivExtra = 0;
wolfSSL	0:1239e9b70ca2	4933	int ret;
wolfSSL	0:1239e9b70ca2	4934	word32 pad = 0;
wolfSSL	0:1239e9b70ca2	4935	word32 padByte = 0;
wolfSSL	0:1239e9b70ca2	4936	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	0:1239e9b70ca2	4937	word32 digestSz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ
wolfSSL	0:1239e9b70ca2	4938	: ssl->specs.hash_size;
wolfSSL	0:1239e9b70ca2	4939	#else
wolfSSL	0:1239e9b70ca2	4940	word32 digestSz = ssl->specs.hash_size;
wolfSSL	0:1239e9b70ca2	4941	#endif
wolfSSL	0:1239e9b70ca2	4942	byte verify[MAX_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	4943
wolfSSL	0:1239e9b70ca2	4944	if (ssl->specs.cipher_type == block) {
wolfSSL	0:1239e9b70ca2	4945	if (ssl->options.tls1_1)
wolfSSL	0:1239e9b70ca2	4946	ivExtra = ssl->specs.block_size;
wolfSSL	0:1239e9b70ca2	4947	pad = *(input + msgSz - ivExtra - 1);
wolfSSL	0:1239e9b70ca2	4948	padByte = 1;
wolfSSL	0:1239e9b70ca2	4949
wolfSSL	0:1239e9b70ca2	4950	if (ssl->options.tls) {
wolfSSL	0:1239e9b70ca2	4951	ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
wolfSSL	0:1239e9b70ca2	4952	content);
wolfSSL	0:1239e9b70ca2	4953	if (ret != 0)
wolfSSL	0:1239e9b70ca2	4954	return ret;
wolfSSL	0:1239e9b70ca2	4955	}
wolfSSL	0:1239e9b70ca2	4956	else { /* sslv3, some implementations have bad padding, but don't
wolfSSL	0:1239e9b70ca2	4957	* allow bad read */
wolfSSL	0:1239e9b70ca2	4958	int badPadLen = 0;
wolfSSL	0:1239e9b70ca2	4959	byte dummy[MAX_PAD_SIZE];
wolfSSL	0:1239e9b70ca2	4960
wolfSSL	0:1239e9b70ca2	4961	XMEMSET(dummy, 1, sizeof(dummy));
wolfSSL	0:1239e9b70ca2	4962
wolfSSL	0:1239e9b70ca2	4963	if (pad > (msgSz - digestSz - 1)) {
wolfSSL	0:1239e9b70ca2	4964	CYASSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL	0:1239e9b70ca2	4965	pad = 0; /* no bad read */
wolfSSL	0:1239e9b70ca2	4966	badPadLen = 1;
wolfSSL	0:1239e9b70ca2	4967	}
wolfSSL	0:1239e9b70ca2	4968	PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */
wolfSSL	0:1239e9b70ca2	4969	ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1,
wolfSSL	0:1239e9b70ca2	4970	content, 1);
wolfSSL	0:1239e9b70ca2	4971	if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
wolfSSL	0:1239e9b70ca2	4972	digestSz) != 0)
wolfSSL	0:1239e9b70ca2	4973	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4974	if (ret != 0 \|\| badPadLen)
wolfSSL	0:1239e9b70ca2	4975	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4976	}
wolfSSL	0:1239e9b70ca2	4977	}
wolfSSL	0:1239e9b70ca2	4978	else if (ssl->specs.cipher_type == stream) {
wolfSSL	0:1239e9b70ca2	4979	ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1);
wolfSSL	0:1239e9b70ca2	4980	if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){
wolfSSL	0:1239e9b70ca2	4981	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4982	}
wolfSSL	0:1239e9b70ca2	4983	if (ret != 0)
wolfSSL	0:1239e9b70ca2	4984	return VERIFY_MAC_ERROR;
wolfSSL	0:1239e9b70ca2	4985	}
wolfSSL	0:1239e9b70ca2	4986
wolfSSL	0:1239e9b70ca2	4987	if (ssl->specs.cipher_type == aead) {
wolfSSL	0:1239e9b70ca2	4988	*padSz = ssl->specs.aead_mac_size;
wolfSSL	0:1239e9b70ca2	4989	}
wolfSSL	0:1239e9b70ca2	4990	else {
wolfSSL	0:1239e9b70ca2	4991	*padSz = digestSz + pad + padByte;
wolfSSL	0:1239e9b70ca2	4992	}
wolfSSL	0:1239e9b70ca2	4993
wolfSSL	0:1239e9b70ca2	4994	return 0;
wolfSSL	0:1239e9b70ca2	4995	}
wolfSSL	0:1239e9b70ca2	4996
wolfSSL	0:1239e9b70ca2	4997
wolfSSL	0:1239e9b70ca2	4998	/* process input requests, return 0 is done, 1 is call again to complete, and
wolfSSL	0:1239e9b70ca2	4999	negative number is error */
wolfSSL	0:1239e9b70ca2	5000	int ProcessReply(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5001	{
wolfSSL	0:1239e9b70ca2	5002	int ret = 0, type, readSz;
wolfSSL	0:1239e9b70ca2	5003	int atomicUser = 0;
wolfSSL	0:1239e9b70ca2	5004	word32 startIdx = 0;
wolfSSL	0:1239e9b70ca2	5005	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	5006	byte b0, b1;
wolfSSL	0:1239e9b70ca2	5007	#endif
wolfSSL	0:1239e9b70ca2	5008	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5009	int used;
wolfSSL	0:1239e9b70ca2	5010	#endif
wolfSSL	0:1239e9b70ca2	5011
wolfSSL	0:1239e9b70ca2	5012	#ifdef ATOMIC_USER
wolfSSL	0:1239e9b70ca2	5013	if (ssl->ctx->DecryptVerifyCb)
wolfSSL	0:1239e9b70ca2	5014	atomicUser = 1;
wolfSSL	0:1239e9b70ca2	5015	#endif
wolfSSL	0:1239e9b70ca2	5016
wolfSSL	0:1239e9b70ca2	5017	if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE){
wolfSSL	0:1239e9b70ca2	5018	CYASSL_MSG("ProcessReply retry in error state, not allowed");
wolfSSL	0:1239e9b70ca2	5019	return ssl->error;
wolfSSL	0:1239e9b70ca2	5020	}
wolfSSL	0:1239e9b70ca2	5021
wolfSSL	0:1239e9b70ca2	5022	for (;;) {
wolfSSL	0:1239e9b70ca2	5023	switch (ssl->options.processReply) {
wolfSSL	0:1239e9b70ca2	5024
wolfSSL	0:1239e9b70ca2	5025	/* in the CYASSL_SERVER case, get the first byte for detecting
wolfSSL	0:1239e9b70ca2	5026	* old client hello */
wolfSSL	0:1239e9b70ca2	5027	case doProcessInit:
wolfSSL	0:1239e9b70ca2	5028
wolfSSL	0:1239e9b70ca2	5029	readSz = RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5030
wolfSSL	0:1239e9b70ca2	5031	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5032	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	5033	readSz = DTLS_RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5034	#endif
wolfSSL	0:1239e9b70ca2	5035
wolfSSL	0:1239e9b70ca2	5036	/* get header or return error */
wolfSSL	0:1239e9b70ca2	5037	if (!ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5038	if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL	0:1239e9b70ca2	5039	return ret;
wolfSSL	0:1239e9b70ca2	5040	} else {
wolfSSL	0:1239e9b70ca2	5041	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5042	/* read ahead may already have header */
wolfSSL	0:1239e9b70ca2	5043	used = ssl->buffers.inputBuffer.length -
wolfSSL	0:1239e9b70ca2	5044	ssl->buffers.inputBuffer.idx;
wolfSSL	0:1239e9b70ca2	5045	if (used < readSz)
wolfSSL	0:1239e9b70ca2	5046	if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL	0:1239e9b70ca2	5047	return ret;
wolfSSL	0:1239e9b70ca2	5048	#endif
wolfSSL	0:1239e9b70ca2	5049	}
wolfSSL	0:1239e9b70ca2	5050
wolfSSL	0:1239e9b70ca2	5051	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	5052
wolfSSL	0:1239e9b70ca2	5053	/* see if sending SSLv2 client hello */
wolfSSL	0:1239e9b70ca2	5054	if ( ssl->options.side == CYASSL_SERVER_END &&
wolfSSL	0:1239e9b70ca2	5055	ssl->options.clientState == NULL_STATE &&
wolfSSL	0:1239e9b70ca2	5056	ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx]
wolfSSL	0:1239e9b70ca2	5057	!= handshake) {
wolfSSL	0:1239e9b70ca2	5058	ssl->options.processReply = runProcessOldClientHello;
wolfSSL	0:1239e9b70ca2	5059
wolfSSL	0:1239e9b70ca2	5060	/* how many bytes need ProcessOldClientHello */
wolfSSL	0:1239e9b70ca2	5061	b0 =
wolfSSL	0:1239e9b70ca2	5062	ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL	0:1239e9b70ca2	5063	b1 =
wolfSSL	0:1239e9b70ca2	5064	ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL	0:1239e9b70ca2	5065	ssl->curSize = (word16)(((b0 & 0x7f) << 8) \| b1);
wolfSSL	0:1239e9b70ca2	5066	}
wolfSSL	0:1239e9b70ca2	5067	else {
wolfSSL	0:1239e9b70ca2	5068	ssl->options.processReply = getRecordLayerHeader;
wolfSSL	0:1239e9b70ca2	5069	continue;
wolfSSL	0:1239e9b70ca2	5070	}
wolfSSL	0:1239e9b70ca2	5071
wolfSSL	0:1239e9b70ca2	5072	/* in the CYASSL_SERVER case, run the old client hello */
wolfSSL	0:1239e9b70ca2	5073	case runProcessOldClientHello:
wolfSSL	0:1239e9b70ca2	5074
wolfSSL	0:1239e9b70ca2	5075	/* get sz bytes or return error */
wolfSSL	0:1239e9b70ca2	5076	if (!ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5077	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	0:1239e9b70ca2	5078	return ret;
wolfSSL	0:1239e9b70ca2	5079	} else {
wolfSSL	0:1239e9b70ca2	5080	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5081	/* read ahead may already have */
wolfSSL	0:1239e9b70ca2	5082	used = ssl->buffers.inputBuffer.length -
wolfSSL	0:1239e9b70ca2	5083	ssl->buffers.inputBuffer.idx;
wolfSSL	0:1239e9b70ca2	5084	if (used < ssl->curSize)
wolfSSL	0:1239e9b70ca2	5085	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	0:1239e9b70ca2	5086	return ret;
wolfSSL	0:1239e9b70ca2	5087	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	5088	}
wolfSSL	0:1239e9b70ca2	5089
wolfSSL	0:1239e9b70ca2	5090	ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL	0:1239e9b70ca2	5091	&ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5092	ssl->buffers.inputBuffer.length -
wolfSSL	0:1239e9b70ca2	5093	ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5094	ssl->curSize);
wolfSSL	0:1239e9b70ca2	5095	if (ret < 0)
wolfSSL	0:1239e9b70ca2	5096	return ret;
wolfSSL	0:1239e9b70ca2	5097
wolfSSL	0:1239e9b70ca2	5098	else if (ssl->buffers.inputBuffer.idx ==
wolfSSL	0:1239e9b70ca2	5099	ssl->buffers.inputBuffer.length) {
wolfSSL	0:1239e9b70ca2	5100	ssl->options.processReply = doProcessInit;
wolfSSL	0:1239e9b70ca2	5101	return 0;
wolfSSL	0:1239e9b70ca2	5102	}
wolfSSL	0:1239e9b70ca2	5103
wolfSSL	0:1239e9b70ca2	5104	#endif /* NO_CYASSL_SERVER */
wolfSSL	0:1239e9b70ca2	5105
wolfSSL	0:1239e9b70ca2	5106	/* get the record layer header */
wolfSSL	0:1239e9b70ca2	5107	case getRecordLayerHeader:
wolfSSL	0:1239e9b70ca2	5108
wolfSSL	0:1239e9b70ca2	5109	ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL	0:1239e9b70ca2	5110	&ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5111	&ssl->curRL, &ssl->curSize);
wolfSSL	0:1239e9b70ca2	5112	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5113	if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
wolfSSL	0:1239e9b70ca2	5114	ssl->options.processReply = doProcessInit;
wolfSSL	0:1239e9b70ca2	5115	ssl->buffers.inputBuffer.length = 0;
wolfSSL	0:1239e9b70ca2	5116	ssl->buffers.inputBuffer.idx = 0;
wolfSSL	0:1239e9b70ca2	5117	continue;
wolfSSL	0:1239e9b70ca2	5118	}
wolfSSL	0:1239e9b70ca2	5119	#endif
wolfSSL	0:1239e9b70ca2	5120	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5121	return ret;
wolfSSL	0:1239e9b70ca2	5122
wolfSSL	0:1239e9b70ca2	5123	ssl->options.processReply = getData;
wolfSSL	0:1239e9b70ca2	5124
wolfSSL	0:1239e9b70ca2	5125	/* retrieve record layer data */
wolfSSL	0:1239e9b70ca2	5126	case getData:
wolfSSL	0:1239e9b70ca2	5127
wolfSSL	0:1239e9b70ca2	5128	/* get sz bytes or return error */
wolfSSL	0:1239e9b70ca2	5129	if (!ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5130	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	0:1239e9b70ca2	5131	return ret;
wolfSSL	0:1239e9b70ca2	5132	} else {
wolfSSL	0:1239e9b70ca2	5133	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5134	/* read ahead may already have */
wolfSSL	0:1239e9b70ca2	5135	used = ssl->buffers.inputBuffer.length -
wolfSSL	0:1239e9b70ca2	5136	ssl->buffers.inputBuffer.idx;
wolfSSL	0:1239e9b70ca2	5137	if (used < ssl->curSize)
wolfSSL	0:1239e9b70ca2	5138	if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL	0:1239e9b70ca2	5139	return ret;
wolfSSL	0:1239e9b70ca2	5140	#endif
wolfSSL	0:1239e9b70ca2	5141	}
wolfSSL	0:1239e9b70ca2	5142
wolfSSL	0:1239e9b70ca2	5143	ssl->options.processReply = runProcessingOneMessage;
wolfSSL	0:1239e9b70ca2	5144	startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */
wolfSSL	0:1239e9b70ca2	5145
wolfSSL	0:1239e9b70ca2	5146	/* the record layer is here */
wolfSSL	0:1239e9b70ca2	5147	case runProcessingOneMessage:
wolfSSL	0:1239e9b70ca2	5148
wolfSSL	0:1239e9b70ca2	5149	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5150	if (ssl->options.dtls &&
wolfSSL	0:1239e9b70ca2	5151	ssl->keys.dtls_state.curEpoch < ssl->keys.dtls_state.nextEpoch)
wolfSSL	0:1239e9b70ca2	5152	ssl->keys.decryptedCur = 1;
wolfSSL	0:1239e9b70ca2	5153	#endif
wolfSSL	0:1239e9b70ca2	5154
wolfSSL	0:1239e9b70ca2	5155	if (ssl->keys.encryptionOn && ssl->keys.decryptedCur == 0)
wolfSSL	0:1239e9b70ca2	5156	{
wolfSSL	0:1239e9b70ca2	5157	ret = SanityCheckCipherText(ssl, ssl->curSize);
wolfSSL	0:1239e9b70ca2	5158	if (ret < 0)
wolfSSL	0:1239e9b70ca2	5159	return ret;
wolfSSL	0:1239e9b70ca2	5160
wolfSSL	0:1239e9b70ca2	5161	if (atomicUser) {
wolfSSL	0:1239e9b70ca2	5162	#ifdef ATOMIC_USER
wolfSSL	0:1239e9b70ca2	5163	ret = ssl->ctx->DecryptVerifyCb(ssl,
wolfSSL	0:1239e9b70ca2	5164	ssl->buffers.inputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5165	ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5166	ssl->buffers.inputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5167	ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5168	ssl->curSize, ssl->curRL.type, 1,
wolfSSL	0:1239e9b70ca2	5169	&ssl->keys.padSz, ssl->DecryptVerifyCtx);
wolfSSL	0:1239e9b70ca2	5170	if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL	0:1239e9b70ca2	5171	ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
wolfSSL	0:1239e9b70ca2	5172	/* go past TLSv1.1 IV */
wolfSSL	0:1239e9b70ca2	5173	if (ssl->specs.cipher_type == aead)
wolfSSL	0:1239e9b70ca2	5174	ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ;
wolfSSL	0:1239e9b70ca2	5175	#endif /* ATOMIC_USER */
wolfSSL	0:1239e9b70ca2	5176	}
wolfSSL	0:1239e9b70ca2	5177	else {
wolfSSL	0:1239e9b70ca2	5178	ret = Decrypt(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5179	ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5180	ssl->buffers.inputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5181	ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5182	ssl->curSize);
wolfSSL	0:1239e9b70ca2	5183	if (ret < 0) {
wolfSSL	0:1239e9b70ca2	5184	CYASSL_ERROR(ret);
wolfSSL	0:1239e9b70ca2	5185	return DECRYPT_ERROR;
wolfSSL	0:1239e9b70ca2	5186	}
wolfSSL	0:1239e9b70ca2	5187	if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL	0:1239e9b70ca2	5188	ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
wolfSSL	0:1239e9b70ca2	5189	/* go past TLSv1.1 IV */
wolfSSL	0:1239e9b70ca2	5190	if (ssl->specs.cipher_type == aead)
wolfSSL	0:1239e9b70ca2	5191	ssl->buffers.inputBuffer.idx += AEAD_EXP_IV_SZ;
wolfSSL	0:1239e9b70ca2	5192
wolfSSL	0:1239e9b70ca2	5193	ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5194	ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5195	ssl->curSize, ssl->curRL.type,
wolfSSL	0:1239e9b70ca2	5196	&ssl->keys.padSz);
wolfSSL	0:1239e9b70ca2	5197	}
wolfSSL	0:1239e9b70ca2	5198	if (ret < 0) {
wolfSSL	0:1239e9b70ca2	5199	CYASSL_ERROR(ret);
wolfSSL	0:1239e9b70ca2	5200	return DECRYPT_ERROR;
wolfSSL	0:1239e9b70ca2	5201	}
wolfSSL	0:1239e9b70ca2	5202	ssl->keys.encryptSz = ssl->curSize;
wolfSSL	0:1239e9b70ca2	5203	ssl->keys.decryptedCur = 1;
wolfSSL	0:1239e9b70ca2	5204	}
wolfSSL	0:1239e9b70ca2	5205
wolfSSL	0:1239e9b70ca2	5206	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5207	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5208	DtlsUpdateWindow(&ssl->keys.dtls_state);
wolfSSL	0:1239e9b70ca2	5209	#endif /* CYASSL_DTLS */
wolfSSL	0:1239e9b70ca2	5210	}
wolfSSL	0:1239e9b70ca2	5211
wolfSSL	0:1239e9b70ca2	5212	CYASSL_MSG("received record layer msg");
wolfSSL	0:1239e9b70ca2	5213
wolfSSL	0:1239e9b70ca2	5214	switch (ssl->curRL.type) {
wolfSSL	0:1239e9b70ca2	5215	case handshake :
wolfSSL	0:1239e9b70ca2	5216	/* debugging in DoHandShakeMsg */
wolfSSL	0:1239e9b70ca2	5217	if (!ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5218	ret = DoHandShakeMsg(ssl,
wolfSSL	0:1239e9b70ca2	5219	ssl->buffers.inputBuffer.buffer,
wolfSSL	0:1239e9b70ca2	5220	&ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5221	ssl->buffers.inputBuffer.length);
wolfSSL	0:1239e9b70ca2	5222	}
wolfSSL	0:1239e9b70ca2	5223	else {
wolfSSL	0:1239e9b70ca2	5224	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5225	ret = DoDtlsHandShakeMsg(ssl,
wolfSSL	0:1239e9b70ca2	5226	ssl->buffers.inputBuffer.buffer,
wolfSSL	0:1239e9b70ca2	5227	&ssl->buffers.inputBuffer.idx,
wolfSSL	0:1239e9b70ca2	5228	ssl->buffers.inputBuffer.length);
wolfSSL	0:1239e9b70ca2	5229	#endif
wolfSSL	0:1239e9b70ca2	5230	}
wolfSSL	0:1239e9b70ca2	5231	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5232	return ret;
wolfSSL	0:1239e9b70ca2	5233	break;
wolfSSL	0:1239e9b70ca2	5234
wolfSSL	0:1239e9b70ca2	5235	case change_cipher_spec:
wolfSSL	0:1239e9b70ca2	5236	CYASSL_MSG("got CHANGE CIPHER SPEC");
wolfSSL	0:1239e9b70ca2	5237	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	5238	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	5239	AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	5240	/* add record header back on info */
wolfSSL	0:1239e9b70ca2	5241	if (ssl->toInfoOn) {
wolfSSL	0:1239e9b70ca2	5242	AddPacketInfo("ChangeCipher", &ssl->timeoutInfo,
wolfSSL	0:1239e9b70ca2	5243	ssl->buffers.inputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5244	ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ,
wolfSSL	0:1239e9b70ca2	5245	1 + RECORD_HEADER_SZ, ssl->heap);
wolfSSL	0:1239e9b70ca2	5246	AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	5247	}
wolfSSL	0:1239e9b70ca2	5248	#endif
wolfSSL	0:1239e9b70ca2	5249
wolfSSL	0:1239e9b70ca2	5250	if (ssl->curSize != 1) {
wolfSSL	0:1239e9b70ca2	5251	CYASSL_MSG("Malicious or corrupted ChangeCipher msg");
wolfSSL	0:1239e9b70ca2	5252	return LENGTH_ERROR;
wolfSSL	0:1239e9b70ca2	5253	}
wolfSSL	0:1239e9b70ca2	5254	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	5255	if (ssl->options.side == CYASSL_SERVER_END &&
wolfSSL	0:1239e9b70ca2	5256	ssl->options.verifyPeer &&
wolfSSL	0:1239e9b70ca2	5257	ssl->options.havePeerCert)
wolfSSL	0:1239e9b70ca2	5258	if (!ssl->options.havePeerVerify) {
wolfSSL	0:1239e9b70ca2	5259	CYASSL_MSG("client didn't send cert verify");
wolfSSL	0:1239e9b70ca2	5260	return NO_PEER_VERIFY;
wolfSSL	0:1239e9b70ca2	5261	}
wolfSSL	0:1239e9b70ca2	5262	#endif
wolfSSL	0:1239e9b70ca2	5263
wolfSSL	0:1239e9b70ca2	5264
wolfSSL	0:1239e9b70ca2	5265	ssl->buffers.inputBuffer.idx++;
wolfSSL	0:1239e9b70ca2	5266	ssl->keys.encryptionOn = 1;
wolfSSL	0:1239e9b70ca2	5267
wolfSSL	0:1239e9b70ca2	5268	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5269	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5270	DtlsPoolReset(ssl);
wolfSSL	0:1239e9b70ca2	5271	ssl->keys.dtls_state.nextEpoch++;
wolfSSL	0:1239e9b70ca2	5272	ssl->keys.dtls_state.nextSeq = 0;
wolfSSL	0:1239e9b70ca2	5273	}
wolfSSL	0:1239e9b70ca2	5274	#endif
wolfSSL	0:1239e9b70ca2	5275
wolfSSL	0:1239e9b70ca2	5276	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	5277	if (ssl->options.usingCompression)
wolfSSL	0:1239e9b70ca2	5278	if ( (ret = InitStreams(ssl)) != 0)
wolfSSL	0:1239e9b70ca2	5279	return ret;
wolfSSL	0:1239e9b70ca2	5280	#endif
wolfSSL	0:1239e9b70ca2	5281	if (ssl->options.resuming && ssl->options.side ==
wolfSSL	0:1239e9b70ca2	5282	CYASSL_CLIENT_END)
wolfSSL	0:1239e9b70ca2	5283	ret = BuildFinished(ssl, &ssl->verifyHashes, server);
wolfSSL	0:1239e9b70ca2	5284	else if (!ssl->options.resuming && ssl->options.side ==
wolfSSL	0:1239e9b70ca2	5285	CYASSL_SERVER_END)
wolfSSL	0:1239e9b70ca2	5286	ret = BuildFinished(ssl, &ssl->verifyHashes, client);
wolfSSL	0:1239e9b70ca2	5287	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5288	return ret;
wolfSSL	0:1239e9b70ca2	5289	break;
wolfSSL	0:1239e9b70ca2	5290
wolfSSL	0:1239e9b70ca2	5291	case application_data:
wolfSSL	0:1239e9b70ca2	5292	CYASSL_MSG("got app DATA");
wolfSSL	0:1239e9b70ca2	5293	if ((ret = DoApplicationData(ssl,
wolfSSL	0:1239e9b70ca2	5294	ssl->buffers.inputBuffer.buffer,
wolfSSL	0:1239e9b70ca2	5295	&ssl->buffers.inputBuffer.idx))
wolfSSL	0:1239e9b70ca2	5296	!= 0) {
wolfSSL	0:1239e9b70ca2	5297	CYASSL_ERROR(ret);
wolfSSL	0:1239e9b70ca2	5298	return ret;
wolfSSL	0:1239e9b70ca2	5299	}
wolfSSL	0:1239e9b70ca2	5300	break;
wolfSSL	0:1239e9b70ca2	5301
wolfSSL	0:1239e9b70ca2	5302	case alert:
wolfSSL	0:1239e9b70ca2	5303	CYASSL_MSG("got ALERT!");
wolfSSL	0:1239e9b70ca2	5304	ret = DoAlert(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL	0:1239e9b70ca2	5305	&ssl->buffers.inputBuffer.idx, &type,
wolfSSL	0:1239e9b70ca2	5306	ssl->buffers.inputBuffer.length);
wolfSSL	0:1239e9b70ca2	5307	if (ret == alert_fatal)
wolfSSL	0:1239e9b70ca2	5308	return FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	5309	else if (ret < 0)
wolfSSL	0:1239e9b70ca2	5310	return ret;
wolfSSL	0:1239e9b70ca2	5311
wolfSSL	0:1239e9b70ca2	5312	/* catch warnings that are handled as errors */
wolfSSL	0:1239e9b70ca2	5313	if (type == close_notify)
wolfSSL	0:1239e9b70ca2	5314	return ssl->error = ZERO_RETURN;
wolfSSL	0:1239e9b70ca2	5315
wolfSSL	0:1239e9b70ca2	5316	if (type == decrypt_error)
wolfSSL	0:1239e9b70ca2	5317	return FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	5318	break;
wolfSSL	0:1239e9b70ca2	5319
wolfSSL	0:1239e9b70ca2	5320	default:
wolfSSL	0:1239e9b70ca2	5321	CYASSL_ERROR(UNKNOWN_RECORD_TYPE);
wolfSSL	0:1239e9b70ca2	5322	return UNKNOWN_RECORD_TYPE;
wolfSSL	0:1239e9b70ca2	5323	}
wolfSSL	0:1239e9b70ca2	5324
wolfSSL	0:1239e9b70ca2	5325	ssl->options.processReply = doProcessInit;
wolfSSL	0:1239e9b70ca2	5326
wolfSSL	0:1239e9b70ca2	5327	/* input exhausted? */
wolfSSL	0:1239e9b70ca2	5328	if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length)
wolfSSL	0:1239e9b70ca2	5329	return 0;
wolfSSL	0:1239e9b70ca2	5330	/* more messages per record */
wolfSSL	0:1239e9b70ca2	5331	else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
wolfSSL	0:1239e9b70ca2	5332	CYASSL_MSG("More messages in record");
wolfSSL	0:1239e9b70ca2	5333	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5334	/* read-ahead but dtls doesn't bundle messages per record */
wolfSSL	0:1239e9b70ca2	5335	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5336	ssl->options.processReply = doProcessInit;
wolfSSL	0:1239e9b70ca2	5337	continue;
wolfSSL	0:1239e9b70ca2	5338	}
wolfSSL	0:1239e9b70ca2	5339	#endif
wolfSSL	0:1239e9b70ca2	5340	ssl->options.processReply = runProcessingOneMessage;
wolfSSL	0:1239e9b70ca2	5341	continue;
wolfSSL	0:1239e9b70ca2	5342	}
wolfSSL	0:1239e9b70ca2	5343	/* more records */
wolfSSL	0:1239e9b70ca2	5344	else {
wolfSSL	0:1239e9b70ca2	5345	CYASSL_MSG("More records in input");
wolfSSL	0:1239e9b70ca2	5346	ssl->options.processReply = doProcessInit;
wolfSSL	0:1239e9b70ca2	5347	continue;
wolfSSL	0:1239e9b70ca2	5348	}
wolfSSL	0:1239e9b70ca2	5349
wolfSSL	0:1239e9b70ca2	5350	default:
wolfSSL	0:1239e9b70ca2	5351	CYASSL_MSG("Bad process input state, programming error");
wolfSSL	0:1239e9b70ca2	5352	return INPUT_CASE_ERROR;
wolfSSL	0:1239e9b70ca2	5353	}
wolfSSL	0:1239e9b70ca2	5354	}
wolfSSL	0:1239e9b70ca2	5355	}
wolfSSL	0:1239e9b70ca2	5356
wolfSSL	0:1239e9b70ca2	5357
wolfSSL	0:1239e9b70ca2	5358	int SendChangeCipher(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5359	{
wolfSSL	0:1239e9b70ca2	5360	byte *output;
wolfSSL	0:1239e9b70ca2	5361	int sendSz = RECORD_HEADER_SZ + ENUM_LEN;
wolfSSL	0:1239e9b70ca2	5362	int idx = RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5363	int ret;
wolfSSL	0:1239e9b70ca2	5364
wolfSSL	0:1239e9b70ca2	5365	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5366	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5367	sendSz += DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	5368	idx += DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	5369	}
wolfSSL	0:1239e9b70ca2	5370	#endif
wolfSSL	0:1239e9b70ca2	5371
wolfSSL	0:1239e9b70ca2	5372	/* check for avalaible size */
wolfSSL	0:1239e9b70ca2	5373	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	5374	return ret;
wolfSSL	0:1239e9b70ca2	5375
wolfSSL	0:1239e9b70ca2	5376	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	5377	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5378	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	5379
wolfSSL	0:1239e9b70ca2	5380	AddRecordHeader(output, 1, change_cipher_spec, ssl);
wolfSSL	0:1239e9b70ca2	5381
wolfSSL	0:1239e9b70ca2	5382	output[idx] = 1; /* turn it on */
wolfSSL	0:1239e9b70ca2	5383
wolfSSL	0:1239e9b70ca2	5384	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5385	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5386	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	5387	return ret;
wolfSSL	0:1239e9b70ca2	5388	}
wolfSSL	0:1239e9b70ca2	5389	#endif
wolfSSL	0:1239e9b70ca2	5390	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	5391	if (ssl->hsInfoOn) AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	5392	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	5393	AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, output, sendSz,
wolfSSL	0:1239e9b70ca2	5394	ssl->heap);
wolfSSL	0:1239e9b70ca2	5395	#endif
wolfSSL	0:1239e9b70ca2	5396	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	5397
wolfSSL	0:1239e9b70ca2	5398	if (ssl->options.groupMessages)
wolfSSL	0:1239e9b70ca2	5399	return 0;
wolfSSL	0:1239e9b70ca2	5400	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5401	else if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5402	/* If using DTLS, force the ChangeCipherSpec message to be in the
wolfSSL	0:1239e9b70ca2	5403	* same datagram as the finished message. */
wolfSSL	0:1239e9b70ca2	5404	return 0;
wolfSSL	0:1239e9b70ca2	5405	}
wolfSSL	0:1239e9b70ca2	5406	#endif
wolfSSL	0:1239e9b70ca2	5407	else
wolfSSL	0:1239e9b70ca2	5408	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	5409	}
wolfSSL	0:1239e9b70ca2	5410
wolfSSL	0:1239e9b70ca2	5411
wolfSSL	0:1239e9b70ca2	5412	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	5413	static int SSL_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL	0:1239e9b70ca2	5414	int content, int verify)
wolfSSL	0:1239e9b70ca2	5415	{
wolfSSL	0:1239e9b70ca2	5416	byte result[MAX_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	5417	word32 digestSz = ssl->specs.hash_size; /* actual sizes */
wolfSSL	0:1239e9b70ca2	5418	word32 padSz = ssl->specs.pad_size;
wolfSSL	0:1239e9b70ca2	5419	int ret = 0;
wolfSSL	0:1239e9b70ca2	5420
wolfSSL	0:1239e9b70ca2	5421	Md5 md5;
wolfSSL	0:1239e9b70ca2	5422	Sha sha;
wolfSSL	0:1239e9b70ca2	5423
wolfSSL	0:1239e9b70ca2	5424	/* data */
wolfSSL	0:1239e9b70ca2	5425	byte seq[SEQ_SZ];
wolfSSL	0:1239e9b70ca2	5426	byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
wolfSSL	0:1239e9b70ca2	5427	const byte* macSecret = CyaSSL_GetMacSecret(ssl, verify);
wolfSSL	0:1239e9b70ca2	5428
wolfSSL	0:1239e9b70ca2	5429	XMEMSET(seq, 0, SEQ_SZ);
wolfSSL	0:1239e9b70ca2	5430	conLen[0] = (byte)content;
wolfSSL	0:1239e9b70ca2	5431	c16toa((word16)sz, &conLen[ENUM_LEN]);
wolfSSL	0:1239e9b70ca2	5432	c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]);
wolfSSL	0:1239e9b70ca2	5433
wolfSSL	0:1239e9b70ca2	5434	if (ssl->specs.mac_algorithm == md5_mac) {
wolfSSL	0:1239e9b70ca2	5435	InitMd5(&md5);
wolfSSL	0:1239e9b70ca2	5436	/* inner */
wolfSSL	0:1239e9b70ca2	5437	Md5Update(&md5, macSecret, digestSz);
wolfSSL	0:1239e9b70ca2	5438	Md5Update(&md5, PAD1, padSz);
wolfSSL	0:1239e9b70ca2	5439	Md5Update(&md5, seq, SEQ_SZ);
wolfSSL	0:1239e9b70ca2	5440	Md5Update(&md5, conLen, sizeof(conLen));
wolfSSL	0:1239e9b70ca2	5441	/* in buffer */
wolfSSL	0:1239e9b70ca2	5442	Md5Update(&md5, in, sz);
wolfSSL	0:1239e9b70ca2	5443	Md5Final(&md5, result);
wolfSSL	0:1239e9b70ca2	5444	/* outer */
wolfSSL	0:1239e9b70ca2	5445	Md5Update(&md5, macSecret, digestSz);
wolfSSL	0:1239e9b70ca2	5446	Md5Update(&md5, PAD2, padSz);
wolfSSL	0:1239e9b70ca2	5447	Md5Update(&md5, result, digestSz);
wolfSSL	0:1239e9b70ca2	5448	Md5Final(&md5, digest);
wolfSSL	0:1239e9b70ca2	5449	}
wolfSSL	0:1239e9b70ca2	5450	else {
wolfSSL	0:1239e9b70ca2	5451	ret = InitSha(&sha);
wolfSSL	0:1239e9b70ca2	5452	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5453	return ret;
wolfSSL	0:1239e9b70ca2	5454	/* inner */
wolfSSL	0:1239e9b70ca2	5455	ShaUpdate(&sha, macSecret, digestSz);
wolfSSL	0:1239e9b70ca2	5456	ShaUpdate(&sha, PAD1, padSz);
wolfSSL	0:1239e9b70ca2	5457	ShaUpdate(&sha, seq, SEQ_SZ);
wolfSSL	0:1239e9b70ca2	5458	ShaUpdate(&sha, conLen, sizeof(conLen));
wolfSSL	0:1239e9b70ca2	5459	/* in buffer */
wolfSSL	0:1239e9b70ca2	5460	ShaUpdate(&sha, in, sz);
wolfSSL	0:1239e9b70ca2	5461	ShaFinal(&sha, result);
wolfSSL	0:1239e9b70ca2	5462	/* outer */
wolfSSL	0:1239e9b70ca2	5463	ShaUpdate(&sha, macSecret, digestSz);
wolfSSL	0:1239e9b70ca2	5464	ShaUpdate(&sha, PAD2, padSz);
wolfSSL	0:1239e9b70ca2	5465	ShaUpdate(&sha, result, digestSz);
wolfSSL	0:1239e9b70ca2	5466	ShaFinal(&sha, digest);
wolfSSL	0:1239e9b70ca2	5467	}
wolfSSL	0:1239e9b70ca2	5468	return 0;
wolfSSL	0:1239e9b70ca2	5469	}
wolfSSL	0:1239e9b70ca2	5470
wolfSSL	0:1239e9b70ca2	5471	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	5472	static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest)
wolfSSL	0:1239e9b70ca2	5473	{
wolfSSL	0:1239e9b70ca2	5474	byte md5_result[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	5475
wolfSSL	0:1239e9b70ca2	5476	/* make md5 inner */
wolfSSL	0:1239e9b70ca2	5477	Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	5478	Md5Update(&ssl->hashMd5, PAD1, PAD_MD5);
wolfSSL	0:1239e9b70ca2	5479	Md5Final(&ssl->hashMd5, md5_result);
wolfSSL	0:1239e9b70ca2	5480
wolfSSL	0:1239e9b70ca2	5481	/* make md5 outer */
wolfSSL	0:1239e9b70ca2	5482	Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	5483	Md5Update(&ssl->hashMd5, PAD2, PAD_MD5);
wolfSSL	0:1239e9b70ca2	5484	Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	5485
wolfSSL	0:1239e9b70ca2	5486	Md5Final(&ssl->hashMd5, digest);
wolfSSL	0:1239e9b70ca2	5487	}
wolfSSL	0:1239e9b70ca2	5488
wolfSSL	0:1239e9b70ca2	5489
wolfSSL	0:1239e9b70ca2	5490	static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest)
wolfSSL	0:1239e9b70ca2	5491	{
wolfSSL	0:1239e9b70ca2	5492	byte sha_result[SHA_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	5493
wolfSSL	0:1239e9b70ca2	5494	/* make sha inner */
wolfSSL	0:1239e9b70ca2	5495	ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	5496	ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA);
wolfSSL	0:1239e9b70ca2	5497	ShaFinal(&ssl->hashSha, sha_result);
wolfSSL	0:1239e9b70ca2	5498
wolfSSL	0:1239e9b70ca2	5499	/* make sha outer */
wolfSSL	0:1239e9b70ca2	5500	ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	5501	ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA);
wolfSSL	0:1239e9b70ca2	5502	ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	5503
wolfSSL	0:1239e9b70ca2	5504	ShaFinal(&ssl->hashSha, digest);
wolfSSL	0:1239e9b70ca2	5505	}
wolfSSL	0:1239e9b70ca2	5506	#endif /* NO_CERTS */
wolfSSL	0:1239e9b70ca2	5507	#endif /* NO_OLD_TLS */
wolfSSL	0:1239e9b70ca2	5508
wolfSSL	0:1239e9b70ca2	5509
wolfSSL	0:1239e9b70ca2	5510	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	5511
wolfSSL	0:1239e9b70ca2	5512	static int BuildCertHashes(CYASSL* ssl, Hashes* hashes)
wolfSSL	0:1239e9b70ca2	5513	{
wolfSSL	0:1239e9b70ca2	5514	/* store current states, building requires get_digest which resets state */
wolfSSL	0:1239e9b70ca2	5515	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	5516	Md5 md5 = ssl->hashMd5;
wolfSSL	0:1239e9b70ca2	5517	Sha sha = ssl->hashSha;
wolfSSL	0:1239e9b70ca2	5518	#endif
wolfSSL	0:1239e9b70ca2	5519	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	5520	Sha256 sha256 = ssl->hashSha256;
wolfSSL	0:1239e9b70ca2	5521	#endif
wolfSSL	0:1239e9b70ca2	5522	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	5523	Sha384 sha384 = ssl->hashSha384;
wolfSSL	0:1239e9b70ca2	5524	#endif
wolfSSL	0:1239e9b70ca2	5525
wolfSSL	0:1239e9b70ca2	5526	if (ssl->options.tls) {
wolfSSL	0:1239e9b70ca2	5527	#if ! defined( NO_OLD_TLS )
wolfSSL	0:1239e9b70ca2	5528	Md5Final(&ssl->hashMd5, hashes->md5);
wolfSSL	0:1239e9b70ca2	5529	ShaFinal(&ssl->hashSha, hashes->sha);
wolfSSL	0:1239e9b70ca2	5530	#endif
wolfSSL	0:1239e9b70ca2	5531	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	5532	int ret;
wolfSSL	0:1239e9b70ca2	5533
wolfSSL	0:1239e9b70ca2	5534	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	5535	ret = Sha256Final(&ssl->hashSha256, hashes->sha256);
wolfSSL	0:1239e9b70ca2	5536	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5537	return ret;
wolfSSL	0:1239e9b70ca2	5538	#endif
wolfSSL	0:1239e9b70ca2	5539	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	5540	ret = Sha384Final(&ssl->hashSha384, hashes->sha384);
wolfSSL	0:1239e9b70ca2	5541	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5542	return ret;
wolfSSL	0:1239e9b70ca2	5543	#endif
wolfSSL	0:1239e9b70ca2	5544	}
wolfSSL	0:1239e9b70ca2	5545	}
wolfSSL	0:1239e9b70ca2	5546	#if ! defined( NO_OLD_TLS )
wolfSSL	0:1239e9b70ca2	5547	else {
wolfSSL	0:1239e9b70ca2	5548	BuildMD5_CertVerify(ssl, hashes->md5);
wolfSSL	0:1239e9b70ca2	5549	BuildSHA_CertVerify(ssl, hashes->sha);
wolfSSL	0:1239e9b70ca2	5550	}
wolfSSL	0:1239e9b70ca2	5551
wolfSSL	0:1239e9b70ca2	5552	/* restore */
wolfSSL	0:1239e9b70ca2	5553	ssl->hashMd5 = md5;
wolfSSL	0:1239e9b70ca2	5554	ssl->hashSha = sha;
wolfSSL	0:1239e9b70ca2	5555	#endif
wolfSSL	0:1239e9b70ca2	5556	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	5557	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	5558	ssl->hashSha256 = sha256;
wolfSSL	0:1239e9b70ca2	5559	#endif
wolfSSL	0:1239e9b70ca2	5560	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	5561	ssl->hashSha384 = sha384;
wolfSSL	0:1239e9b70ca2	5562	#endif
wolfSSL	0:1239e9b70ca2	5563	}
wolfSSL	0:1239e9b70ca2	5564
wolfSSL	0:1239e9b70ca2	5565	return 0;
wolfSSL	0:1239e9b70ca2	5566	}
wolfSSL	0:1239e9b70ca2	5567
wolfSSL	0:1239e9b70ca2	5568	#endif /* CYASSL_LEANPSK */
wolfSSL	0:1239e9b70ca2	5569
wolfSSL	0:1239e9b70ca2	5570	/* Build SSL Message, encrypted */
wolfSSL	0:1239e9b70ca2	5571	static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
wolfSSL	0:1239e9b70ca2	5572	int type)
wolfSSL	0:1239e9b70ca2	5573	{
wolfSSL	0:1239e9b70ca2	5574	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	0:1239e9b70ca2	5575	word32 digestSz = min(ssl->specs.hash_size,
wolfSSL	0:1239e9b70ca2	5576	ssl->truncated_hmac ? TRUNCATED_HMAC_SZ : ssl->specs.hash_size);
wolfSSL	0:1239e9b70ca2	5577	#else
wolfSSL	0:1239e9b70ca2	5578	word32 digestSz = ssl->specs.hash_size;
wolfSSL	0:1239e9b70ca2	5579	#endif
wolfSSL	0:1239e9b70ca2	5580	word32 sz = RECORD_HEADER_SZ + inSz + digestSz;
wolfSSL	0:1239e9b70ca2	5581	word32 pad = 0, i;
wolfSSL	0:1239e9b70ca2	5582	word32 idx = RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5583	word32 ivSz = 0; /* TLSv1.1 IV */
wolfSSL	0:1239e9b70ca2	5584	word32 headerSz = RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5585	word16 size;
wolfSSL	0:1239e9b70ca2	5586	byte iv[AES_BLOCK_SIZE]; /* max size */
wolfSSL	0:1239e9b70ca2	5587	int ret = 0;
wolfSSL	0:1239e9b70ca2	5588	int atomicUser = 0;
wolfSSL	0:1239e9b70ca2	5589
wolfSSL	0:1239e9b70ca2	5590	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5591	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5592	sz += DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	5593	idx += DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	5594	headerSz += DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	5595	}
wolfSSL	0:1239e9b70ca2	5596	#endif
wolfSSL	0:1239e9b70ca2	5597
wolfSSL	0:1239e9b70ca2	5598	#ifdef ATOMIC_USER
wolfSSL	0:1239e9b70ca2	5599	if (ssl->ctx->MacEncryptCb)
wolfSSL	0:1239e9b70ca2	5600	atomicUser = 1;
wolfSSL	0:1239e9b70ca2	5601	#endif
wolfSSL	0:1239e9b70ca2	5602
wolfSSL	0:1239e9b70ca2	5603	if (ssl->specs.cipher_type == block) {
wolfSSL	0:1239e9b70ca2	5604	word32 blockSz = ssl->specs.block_size;
wolfSSL	0:1239e9b70ca2	5605	if (ssl->options.tls1_1) {
wolfSSL	0:1239e9b70ca2	5606	ivSz = blockSz;
wolfSSL	0:1239e9b70ca2	5607	sz += ivSz;
wolfSSL	0:1239e9b70ca2	5608
wolfSSL	0:1239e9b70ca2	5609	ret = RNG_GenerateBlock(ssl->rng, iv, ivSz);
wolfSSL	0:1239e9b70ca2	5610	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5611	return ret;
wolfSSL	0:1239e9b70ca2	5612
wolfSSL	0:1239e9b70ca2	5613	}
wolfSSL	0:1239e9b70ca2	5614	sz += 1; /* pad byte */
wolfSSL	0:1239e9b70ca2	5615	pad = (sz - headerSz) % blockSz;
wolfSSL	0:1239e9b70ca2	5616	pad = blockSz - pad;
wolfSSL	0:1239e9b70ca2	5617	sz += pad;
wolfSSL	0:1239e9b70ca2	5618	}
wolfSSL	0:1239e9b70ca2	5619
wolfSSL	0:1239e9b70ca2	5620	#ifdef HAVE_AEAD
wolfSSL	0:1239e9b70ca2	5621	if (ssl->specs.cipher_type == aead) {
wolfSSL	0:1239e9b70ca2	5622	ivSz = AEAD_EXP_IV_SZ;
wolfSSL	0:1239e9b70ca2	5623	sz += (ivSz + ssl->specs.aead_mac_size - digestSz);
wolfSSL	0:1239e9b70ca2	5624	XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
wolfSSL	0:1239e9b70ca2	5625	}
wolfSSL	0:1239e9b70ca2	5626	#endif
wolfSSL	0:1239e9b70ca2	5627	size = (word16)(sz - headerSz); /* include mac and digest */
wolfSSL	0:1239e9b70ca2	5628	AddRecordHeader(output, size, (byte)type, ssl);
wolfSSL	0:1239e9b70ca2	5629
wolfSSL	0:1239e9b70ca2	5630	/* write to output */
wolfSSL	0:1239e9b70ca2	5631	if (ivSz) {
wolfSSL	0:1239e9b70ca2	5632	XMEMCPY(output + idx, iv, min(ivSz, sizeof(iv)));
wolfSSL	0:1239e9b70ca2	5633	idx += ivSz;
wolfSSL	0:1239e9b70ca2	5634	}
wolfSSL	0:1239e9b70ca2	5635	XMEMCPY(output + idx, input, inSz);
wolfSSL	0:1239e9b70ca2	5636	idx += inSz;
wolfSSL	0:1239e9b70ca2	5637
wolfSSL	0:1239e9b70ca2	5638	if (type == handshake) {
wolfSSL	0:1239e9b70ca2	5639	ret = HashOutput(ssl, output, headerSz + inSz, ivSz);
wolfSSL	0:1239e9b70ca2	5640	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5641	return ret;
wolfSSL	0:1239e9b70ca2	5642	}
wolfSSL	0:1239e9b70ca2	5643
wolfSSL	0:1239e9b70ca2	5644	if (ssl->specs.cipher_type == block) {
wolfSSL	0:1239e9b70ca2	5645	word32 tmpIdx = idx + digestSz;
wolfSSL	0:1239e9b70ca2	5646
wolfSSL	0:1239e9b70ca2	5647	for (i = 0; i <= pad; i++)
wolfSSL	0:1239e9b70ca2	5648	output[tmpIdx++] = (byte)pad; /* pad byte gets pad value too */
wolfSSL	0:1239e9b70ca2	5649	}
wolfSSL	0:1239e9b70ca2	5650
wolfSSL	0:1239e9b70ca2	5651	if (atomicUser) { /* User Record Layer Callback handling */
wolfSSL	0:1239e9b70ca2	5652	#ifdef ATOMIC_USER
wolfSSL	0:1239e9b70ca2	5653	if ( (ret = ssl->ctx->MacEncryptCb(ssl, output + idx,
wolfSSL	0:1239e9b70ca2	5654	output + headerSz + ivSz, inSz, type, 0,
wolfSSL	0:1239e9b70ca2	5655	output + headerSz, output + headerSz, size,
wolfSSL	0:1239e9b70ca2	5656	ssl->MacEncryptCtx)) != 0)
wolfSSL	0:1239e9b70ca2	5657	return ret;
wolfSSL	0:1239e9b70ca2	5658	#endif
wolfSSL	0:1239e9b70ca2	5659	}
wolfSSL	0:1239e9b70ca2	5660	else {
wolfSSL	0:1239e9b70ca2	5661	if (ssl->specs.cipher_type != aead) {
wolfSSL	0:1239e9b70ca2	5662	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	0:1239e9b70ca2	5663	if (ssl->truncated_hmac && ssl->specs.hash_size > digestSz) {
wolfSSL	0:1239e9b70ca2	5664	byte hmac[MAX_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	5665
wolfSSL	0:1239e9b70ca2	5666	ret = ssl->hmac(ssl, hmac, output + headerSz + ivSz, inSz,
wolfSSL	0:1239e9b70ca2	5667	type, 0);
wolfSSL	0:1239e9b70ca2	5668	XMEMCPY(output + idx, hmac, digestSz);
wolfSSL	0:1239e9b70ca2	5669	} else
wolfSSL	0:1239e9b70ca2	5670	#endif
wolfSSL	0:1239e9b70ca2	5671	ret = ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz,
wolfSSL	0:1239e9b70ca2	5672	type, 0);
wolfSSL	0:1239e9b70ca2	5673	}
wolfSSL	0:1239e9b70ca2	5674	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5675	return ret;
wolfSSL	0:1239e9b70ca2	5676
wolfSSL	0:1239e9b70ca2	5677	if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0)
wolfSSL	0:1239e9b70ca2	5678	return ret;
wolfSSL	0:1239e9b70ca2	5679	}
wolfSSL	0:1239e9b70ca2	5680
wolfSSL	0:1239e9b70ca2	5681	return sz;
wolfSSL	0:1239e9b70ca2	5682	}
wolfSSL	0:1239e9b70ca2	5683
wolfSSL	0:1239e9b70ca2	5684
wolfSSL	0:1239e9b70ca2	5685	int SendFinished(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5686	{
wolfSSL	0:1239e9b70ca2	5687	int sendSz,
wolfSSL	0:1239e9b70ca2	5688	finishedSz = ssl->options.tls ? TLS_FINISHED_SZ :
wolfSSL	0:1239e9b70ca2	5689	FINISHED_SZ;
wolfSSL	0:1239e9b70ca2	5690	byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */
wolfSSL	0:1239e9b70ca2	5691	byte *output;
wolfSSL	0:1239e9b70ca2	5692	Hashes* hashes;
wolfSSL	0:1239e9b70ca2	5693	int ret;
wolfSSL	0:1239e9b70ca2	5694	int headerSz = HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5695
wolfSSL	0:1239e9b70ca2	5696	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5697	word32 sequence_number = ssl->keys.dtls_sequence_number;
wolfSSL	0:1239e9b70ca2	5698	word16 epoch = ssl->keys.dtls_epoch;
wolfSSL	0:1239e9b70ca2	5699	#endif
wolfSSL	0:1239e9b70ca2	5700
wolfSSL	0:1239e9b70ca2	5701
wolfSSL	0:1239e9b70ca2	5702	/* check for available size */
wolfSSL	0:1239e9b70ca2	5703	if ((ret = CheckAvailableSize(ssl, sizeof(input) + MAX_MSG_EXTRA)) != 0)
wolfSSL	0:1239e9b70ca2	5704	return ret;
wolfSSL	0:1239e9b70ca2	5705
wolfSSL	0:1239e9b70ca2	5706	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5707	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5708	/* Send Finished message with the next epoch, but don't commit that
wolfSSL	0:1239e9b70ca2	5709	* change until the other end confirms its reception. */
wolfSSL	0:1239e9b70ca2	5710	headerSz += DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	5711	ssl->keys.dtls_epoch++;
wolfSSL	0:1239e9b70ca2	5712	ssl->keys.dtls_sequence_number = 0; /* reset after epoch change */
wolfSSL	0:1239e9b70ca2	5713	}
wolfSSL	0:1239e9b70ca2	5714	#endif
wolfSSL	0:1239e9b70ca2	5715
wolfSSL	0:1239e9b70ca2	5716	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	5717	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5718	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	5719
wolfSSL	0:1239e9b70ca2	5720	AddHandShakeHeader(input, finishedSz, finished, ssl);
wolfSSL	0:1239e9b70ca2	5721
wolfSSL	0:1239e9b70ca2	5722	/* make finished hashes */
wolfSSL	0:1239e9b70ca2	5723	hashes = (Hashes*)&input[headerSz];
wolfSSL	0:1239e9b70ca2	5724	ret = BuildFinished(ssl, hashes,
wolfSSL	0:1239e9b70ca2	5725	ssl->options.side == CYASSL_CLIENT_END ? client : server);
wolfSSL	0:1239e9b70ca2	5726	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	5727
wolfSSL	0:1239e9b70ca2	5728	sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake);
wolfSSL	0:1239e9b70ca2	5729
wolfSSL	0:1239e9b70ca2	5730	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5731	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5732	ssl->keys.dtls_epoch = epoch;
wolfSSL	0:1239e9b70ca2	5733	ssl->keys.dtls_sequence_number = sequence_number;
wolfSSL	0:1239e9b70ca2	5734	}
wolfSSL	0:1239e9b70ca2	5735	#endif
wolfSSL	0:1239e9b70ca2	5736
wolfSSL	0:1239e9b70ca2	5737	if (sendSz < 0)
wolfSSL	0:1239e9b70ca2	5738	return BUILD_MSG_ERROR;
wolfSSL	0:1239e9b70ca2	5739
wolfSSL	0:1239e9b70ca2	5740	if (!ssl->options.resuming) {
wolfSSL	0:1239e9b70ca2	5741	#ifndef NO_SESSION_CACHE
wolfSSL	0:1239e9b70ca2	5742	AddSession(ssl); /* just try */
wolfSSL	0:1239e9b70ca2	5743	#endif
wolfSSL	0:1239e9b70ca2	5744	if (ssl->options.side == CYASSL_CLIENT_END) {
wolfSSL	0:1239e9b70ca2	5745	ret = BuildFinished(ssl, &ssl->verifyHashes, server);
wolfSSL	0:1239e9b70ca2	5746	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	5747	}
wolfSSL	0:1239e9b70ca2	5748	else {
wolfSSL	0:1239e9b70ca2	5749	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	0:1239e9b70ca2	5750	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5751	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5752	/* Other side will soon receive our Finished, go to next
wolfSSL	0:1239e9b70ca2	5753	* epoch. */
wolfSSL	0:1239e9b70ca2	5754	ssl->keys.dtls_epoch++;
wolfSSL	0:1239e9b70ca2	5755	ssl->keys.dtls_sequence_number = 1;
wolfSSL	0:1239e9b70ca2	5756	}
wolfSSL	0:1239e9b70ca2	5757	#endif
wolfSSL	0:1239e9b70ca2	5758	}
wolfSSL	0:1239e9b70ca2	5759	}
wolfSSL	0:1239e9b70ca2	5760	else {
wolfSSL	0:1239e9b70ca2	5761	if (ssl->options.side == CYASSL_CLIENT_END) {
wolfSSL	0:1239e9b70ca2	5762	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	0:1239e9b70ca2	5763	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5764	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5765	/* Other side will soon receive our Finished, go to next
wolfSSL	0:1239e9b70ca2	5766	* epoch. */
wolfSSL	0:1239e9b70ca2	5767	ssl->keys.dtls_epoch++;
wolfSSL	0:1239e9b70ca2	5768	ssl->keys.dtls_sequence_number = 1;
wolfSSL	0:1239e9b70ca2	5769	}
wolfSSL	0:1239e9b70ca2	5770	#endif
wolfSSL	0:1239e9b70ca2	5771	}
wolfSSL	0:1239e9b70ca2	5772	else {
wolfSSL	0:1239e9b70ca2	5773	ret = BuildFinished(ssl, &ssl->verifyHashes, client);
wolfSSL	0:1239e9b70ca2	5774	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	5775	}
wolfSSL	0:1239e9b70ca2	5776	}
wolfSSL	0:1239e9b70ca2	5777	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5778	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5779	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	5780	return ret;
wolfSSL	0:1239e9b70ca2	5781	}
wolfSSL	0:1239e9b70ca2	5782	#endif
wolfSSL	0:1239e9b70ca2	5783
wolfSSL	0:1239e9b70ca2	5784	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	5785	if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	5786	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	5787	AddPacketInfo("Finished", &ssl->timeoutInfo, output, sendSz,
wolfSSL	0:1239e9b70ca2	5788	ssl->heap);
wolfSSL	0:1239e9b70ca2	5789	#endif
wolfSSL	0:1239e9b70ca2	5790
wolfSSL	0:1239e9b70ca2	5791	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	5792
wolfSSL	0:1239e9b70ca2	5793	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	5794	}
wolfSSL	0:1239e9b70ca2	5795
wolfSSL	0:1239e9b70ca2	5796	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	5797	int SendCertificate(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5798	{
wolfSSL	0:1239e9b70ca2	5799	int sendSz, length, ret = 0;
wolfSSL	0:1239e9b70ca2	5800	word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5801	word32 certSz, listSz;
wolfSSL	0:1239e9b70ca2	5802	byte* output = 0;
wolfSSL	0:1239e9b70ca2	5803
wolfSSL	0:1239e9b70ca2	5804	if (ssl->options.usingPSK_cipher) return 0; /* not needed */
wolfSSL	0:1239e9b70ca2	5805
wolfSSL	0:1239e9b70ca2	5806	if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL	0:1239e9b70ca2	5807	certSz = 0;
wolfSSL	0:1239e9b70ca2	5808	length = CERT_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5809	listSz = 0;
wolfSSL	0:1239e9b70ca2	5810	}
wolfSSL	0:1239e9b70ca2	5811	else {
wolfSSL	0:1239e9b70ca2	5812	certSz = ssl->buffers.certificate.length;
wolfSSL	0:1239e9b70ca2	5813	/* list + cert size */
wolfSSL	0:1239e9b70ca2	5814	length = certSz + 2 * CERT_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5815	listSz = certSz + CERT_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5816
wolfSSL	0:1239e9b70ca2	5817	/* may need to send rest of chain, already has leading size(s) */
wolfSSL	0:1239e9b70ca2	5818	if (ssl->buffers.certChain.buffer) {
wolfSSL	0:1239e9b70ca2	5819	length += ssl->buffers.certChain.length;
wolfSSL	0:1239e9b70ca2	5820	listSz += ssl->buffers.certChain.length;
wolfSSL	0:1239e9b70ca2	5821	}
wolfSSL	0:1239e9b70ca2	5822	}
wolfSSL	0:1239e9b70ca2	5823	sendSz = length + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5824
wolfSSL	0:1239e9b70ca2	5825	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5826	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5827	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	5828	i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	5829	}
wolfSSL	0:1239e9b70ca2	5830	#endif
wolfSSL	0:1239e9b70ca2	5831
wolfSSL	0:1239e9b70ca2	5832	/* check for available size */
wolfSSL	0:1239e9b70ca2	5833	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	5834	return ret;
wolfSSL	0:1239e9b70ca2	5835
wolfSSL	0:1239e9b70ca2	5836	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	5837	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5838	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	5839
wolfSSL	0:1239e9b70ca2	5840	AddHeaders(output, length, certificate, ssl);
wolfSSL	0:1239e9b70ca2	5841
wolfSSL	0:1239e9b70ca2	5842	/* list total */
wolfSSL	0:1239e9b70ca2	5843	c32to24(listSz, output + i);
wolfSSL	0:1239e9b70ca2	5844	i += CERT_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5845
wolfSSL	0:1239e9b70ca2	5846	/* member */
wolfSSL	0:1239e9b70ca2	5847	if (certSz) {
wolfSSL	0:1239e9b70ca2	5848	c32to24(certSz, output + i);
wolfSSL	0:1239e9b70ca2	5849	i += CERT_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5850	XMEMCPY(output + i, ssl->buffers.certificate.buffer, certSz);
wolfSSL	0:1239e9b70ca2	5851	i += certSz;
wolfSSL	0:1239e9b70ca2	5852
wolfSSL	0:1239e9b70ca2	5853	/* send rest of chain? */
wolfSSL	0:1239e9b70ca2	5854	if (ssl->buffers.certChain.buffer) {
wolfSSL	0:1239e9b70ca2	5855	XMEMCPY(output + i, ssl->buffers.certChain.buffer,
wolfSSL	0:1239e9b70ca2	5856	ssl->buffers.certChain.length);
wolfSSL	0:1239e9b70ca2	5857	/* if add more to output adjust i
wolfSSL	0:1239e9b70ca2	5858	i += ssl->buffers.certChain.length; */
wolfSSL	0:1239e9b70ca2	5859	}
wolfSSL	0:1239e9b70ca2	5860	}
wolfSSL	0:1239e9b70ca2	5861	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5862	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5863	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	5864	return ret;
wolfSSL	0:1239e9b70ca2	5865	}
wolfSSL	0:1239e9b70ca2	5866	#endif
wolfSSL	0:1239e9b70ca2	5867
wolfSSL	0:1239e9b70ca2	5868	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	5869	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5870	return ret;
wolfSSL	0:1239e9b70ca2	5871
wolfSSL	0:1239e9b70ca2	5872	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	5873	if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	5874	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	5875	AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
wolfSSL	0:1239e9b70ca2	5876	ssl->heap);
wolfSSL	0:1239e9b70ca2	5877	#endif
wolfSSL	0:1239e9b70ca2	5878
wolfSSL	0:1239e9b70ca2	5879	if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL	0:1239e9b70ca2	5880	ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL	0:1239e9b70ca2	5881
wolfSSL	0:1239e9b70ca2	5882	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	5883	if (ssl->options.groupMessages)
wolfSSL	0:1239e9b70ca2	5884	return 0;
wolfSSL	0:1239e9b70ca2	5885	else
wolfSSL	0:1239e9b70ca2	5886	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	5887	}
wolfSSL	0:1239e9b70ca2	5888
wolfSSL	0:1239e9b70ca2	5889
wolfSSL	0:1239e9b70ca2	5890	int SendCertificateRequest(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5891	{
wolfSSL	0:1239e9b70ca2	5892	byte *output;
wolfSSL	0:1239e9b70ca2	5893	int ret;
wolfSSL	0:1239e9b70ca2	5894	int sendSz;
wolfSSL	0:1239e9b70ca2	5895	word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	5896
wolfSSL	0:1239e9b70ca2	5897	int typeTotal = 1; /* only rsa for now */
wolfSSL	0:1239e9b70ca2	5898	int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
wolfSSL	0:1239e9b70ca2	5899
wolfSSL	0:1239e9b70ca2	5900	if (IsAtLeastTLSv1_2(ssl))
wolfSSL	0:1239e9b70ca2	5901	reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz;
wolfSSL	0:1239e9b70ca2	5902
wolfSSL	0:1239e9b70ca2	5903	if (ssl->options.usingPSK_cipher) return 0; /* not needed */
wolfSSL	0:1239e9b70ca2	5904
wolfSSL	0:1239e9b70ca2	5905	sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz;
wolfSSL	0:1239e9b70ca2	5906
wolfSSL	0:1239e9b70ca2	5907	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5908	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5909	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	5910	i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	5911	}
wolfSSL	0:1239e9b70ca2	5912	#endif
wolfSSL	0:1239e9b70ca2	5913	/* check for available size */
wolfSSL	0:1239e9b70ca2	5914	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	5915	return ret;
wolfSSL	0:1239e9b70ca2	5916
wolfSSL	0:1239e9b70ca2	5917	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	5918	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	5919	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	5920
wolfSSL	0:1239e9b70ca2	5921	AddHeaders(output, reqSz, certificate_request, ssl);
wolfSSL	0:1239e9b70ca2	5922
wolfSSL	0:1239e9b70ca2	5923	/* write to output */
wolfSSL	0:1239e9b70ca2	5924	output[i++] = (byte)typeTotal; /* # of types */
wolfSSL	0:1239e9b70ca2	5925	output[i++] = rsa_sign;
wolfSSL	0:1239e9b70ca2	5926
wolfSSL	0:1239e9b70ca2	5927	/* supported hash/sig */
wolfSSL	0:1239e9b70ca2	5928	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	5929	c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
wolfSSL	0:1239e9b70ca2	5930	i += LENGTH_SZ;
wolfSSL	0:1239e9b70ca2	5931
wolfSSL	0:1239e9b70ca2	5932	XMEMCPY(&output[i],
wolfSSL	0:1239e9b70ca2	5933	ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
wolfSSL	0:1239e9b70ca2	5934	i += ssl->suites->hashSigAlgoSz;
wolfSSL	0:1239e9b70ca2	5935	}
wolfSSL	0:1239e9b70ca2	5936
wolfSSL	0:1239e9b70ca2	5937	c16toa(0, &output[i]); /* auth's */
wolfSSL	0:1239e9b70ca2	5938	/* if add more to output, adjust i
wolfSSL	0:1239e9b70ca2	5939	i += REQ_HEADER_SZ; */
wolfSSL	0:1239e9b70ca2	5940
wolfSSL	0:1239e9b70ca2	5941	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	5942	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	5943	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	5944	return ret;
wolfSSL	0:1239e9b70ca2	5945	}
wolfSSL	0:1239e9b70ca2	5946	#endif
wolfSSL	0:1239e9b70ca2	5947
wolfSSL	0:1239e9b70ca2	5948	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	5949	if (ret != 0)
wolfSSL	0:1239e9b70ca2	5950	return ret;
wolfSSL	0:1239e9b70ca2	5951
wolfSSL	0:1239e9b70ca2	5952	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	5953	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	5954	AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	5955	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	5956	AddPacketInfo("CertificateRequest", &ssl->timeoutInfo, output,
wolfSSL	0:1239e9b70ca2	5957	sendSz, ssl->heap);
wolfSSL	0:1239e9b70ca2	5958	#endif
wolfSSL	0:1239e9b70ca2	5959	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	5960	if (ssl->options.groupMessages)
wolfSSL	0:1239e9b70ca2	5961	return 0;
wolfSSL	0:1239e9b70ca2	5962	else
wolfSSL	0:1239e9b70ca2	5963	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	5964	}
wolfSSL	0:1239e9b70ca2	5965	#endif /* !NO_CERTS */
wolfSSL	0:1239e9b70ca2	5966
wolfSSL	0:1239e9b70ca2	5967
wolfSSL	0:1239e9b70ca2	5968	int SendData(CYASSL* ssl, const void* data, int sz)
wolfSSL	0:1239e9b70ca2	5969	{
wolfSSL	0:1239e9b70ca2	5970	int sent = 0, /* plainText size */
wolfSSL	0:1239e9b70ca2	5971	sendSz,
wolfSSL	0:1239e9b70ca2	5972	ret;
wolfSSL	0:1239e9b70ca2	5973
wolfSSL	0:1239e9b70ca2	5974	if (ssl->error == WANT_WRITE)
wolfSSL	0:1239e9b70ca2	5975	ssl->error = 0;
wolfSSL	0:1239e9b70ca2	5976
wolfSSL	0:1239e9b70ca2	5977	if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL	0:1239e9b70ca2	5978	int err;
wolfSSL	0:1239e9b70ca2	5979	CYASSL_MSG("handshake not complete, trying to finish");
wolfSSL	0:1239e9b70ca2	5980	if ( (err = CyaSSL_negotiate(ssl)) != SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	5981	return err;
wolfSSL	0:1239e9b70ca2	5982	}
wolfSSL	0:1239e9b70ca2	5983
wolfSSL	0:1239e9b70ca2	5984	/* last time system socket output buffer was full, try again to send */
wolfSSL	0:1239e9b70ca2	5985	if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL	0:1239e9b70ca2	5986	CYASSL_MSG("output buffer was full, trying to send again");
wolfSSL	0:1239e9b70ca2	5987	if ( (ssl->error = SendBuffered(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	5988	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	5989	if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL	0:1239e9b70ca2	5990	return 0; /* peer reset */
wolfSSL	0:1239e9b70ca2	5991	return ssl->error;
wolfSSL	0:1239e9b70ca2	5992	}
wolfSSL	0:1239e9b70ca2	5993	else {
wolfSSL	0:1239e9b70ca2	5994	/* advance sent to previous sent + plain size just sent */
wolfSSL	0:1239e9b70ca2	5995	sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
wolfSSL	0:1239e9b70ca2	5996	CYASSL_MSG("sent write buffered data");
wolfSSL	0:1239e9b70ca2	5997	}
wolfSSL	0:1239e9b70ca2	5998	}
wolfSSL	0:1239e9b70ca2	5999
wolfSSL	0:1239e9b70ca2	6000	for (;;) {
wolfSSL	0:1239e9b70ca2	6001	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	0:1239e9b70ca2	6002	int len = min(sz - sent, min(ssl->max_fragment, OUTPUT_RECORD_SIZE));
wolfSSL	0:1239e9b70ca2	6003	#else
wolfSSL	0:1239e9b70ca2	6004	int len = min(sz - sent, OUTPUT_RECORD_SIZE);
wolfSSL	0:1239e9b70ca2	6005	#endif
wolfSSL	0:1239e9b70ca2	6006	byte* out;
wolfSSL	0:1239e9b70ca2	6007	byte* sendBuffer = (byte)data + sent; / may switch on comp */
wolfSSL	0:1239e9b70ca2	6008	int buffSz = len; /* may switch on comp */
wolfSSL	0:1239e9b70ca2	6009	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	6010	byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL	0:1239e9b70ca2	6011	#endif
wolfSSL	0:1239e9b70ca2	6012
wolfSSL	0:1239e9b70ca2	6013	if (sent == sz) break;
wolfSSL	0:1239e9b70ca2	6014
wolfSSL	0:1239e9b70ca2	6015	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	6016	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	6017	len = min(len, MAX_UDP_SIZE);
wolfSSL	0:1239e9b70ca2	6018	buffSz = len;
wolfSSL	0:1239e9b70ca2	6019	}
wolfSSL	0:1239e9b70ca2	6020	#endif
wolfSSL	0:1239e9b70ca2	6021
wolfSSL	0:1239e9b70ca2	6022	/* check for available size */
wolfSSL	0:1239e9b70ca2	6023	if ((ret = CheckAvailableSize(ssl, len + COMP_EXTRA +
wolfSSL	0:1239e9b70ca2	6024	MAX_MSG_EXTRA)) != 0)
wolfSSL	0:1239e9b70ca2	6025	return ssl->error = ret;
wolfSSL	0:1239e9b70ca2	6026
wolfSSL	0:1239e9b70ca2	6027	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	6028	out = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	6029	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	6030
wolfSSL	0:1239e9b70ca2	6031	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	6032	if (ssl->options.usingCompression) {
wolfSSL	0:1239e9b70ca2	6033	buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp));
wolfSSL	0:1239e9b70ca2	6034	if (buffSz < 0) {
wolfSSL	0:1239e9b70ca2	6035	return buffSz;
wolfSSL	0:1239e9b70ca2	6036	}
wolfSSL	0:1239e9b70ca2	6037	sendBuffer = comp;
wolfSSL	0:1239e9b70ca2	6038	}
wolfSSL	0:1239e9b70ca2	6039	#endif
wolfSSL	0:1239e9b70ca2	6040	sendSz = BuildMessage(ssl, out, sendBuffer, buffSz,
wolfSSL	0:1239e9b70ca2	6041	application_data);
wolfSSL	0:1239e9b70ca2	6042
wolfSSL	0:1239e9b70ca2	6043	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	6044
wolfSSL	0:1239e9b70ca2	6045	if ( (ret = SendBuffered(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	6046	CYASSL_ERROR(ret);
wolfSSL	0:1239e9b70ca2	6047	/* store for next call if WANT_WRITE or user embedSend() that
wolfSSL	0:1239e9b70ca2	6048	doesn't present like WANT_WRITE */
wolfSSL	0:1239e9b70ca2	6049	ssl->buffers.plainSz = len;
wolfSSL	0:1239e9b70ca2	6050	ssl->buffers.prevSent = sent;
wolfSSL	0:1239e9b70ca2	6051	if (ret == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL	0:1239e9b70ca2	6052	return 0; /* peer reset */
wolfSSL	0:1239e9b70ca2	6053	return ssl->error = ret;
wolfSSL	0:1239e9b70ca2	6054	}
wolfSSL	0:1239e9b70ca2	6055
wolfSSL	0:1239e9b70ca2	6056	sent += len;
wolfSSL	0:1239e9b70ca2	6057
wolfSSL	0:1239e9b70ca2	6058	/* only one message per attempt */
wolfSSL	0:1239e9b70ca2	6059	if (ssl->options.partialWrite == 1) {
wolfSSL	0:1239e9b70ca2	6060	CYASSL_MSG("Paritial Write on, only sending one record");
wolfSSL	0:1239e9b70ca2	6061	break;
wolfSSL	0:1239e9b70ca2	6062	}
wolfSSL	0:1239e9b70ca2	6063	}
wolfSSL	0:1239e9b70ca2	6064
wolfSSL	0:1239e9b70ca2	6065	return sent;
wolfSSL	0:1239e9b70ca2	6066	}
wolfSSL	0:1239e9b70ca2	6067
wolfSSL	0:1239e9b70ca2	6068	/* process input data */
wolfSSL	0:1239e9b70ca2	6069	int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
wolfSSL	0:1239e9b70ca2	6070	{
wolfSSL	0:1239e9b70ca2	6071	int size;
wolfSSL	0:1239e9b70ca2	6072
wolfSSL	0:1239e9b70ca2	6073	CYASSL_ENTER("ReceiveData()");
wolfSSL	0:1239e9b70ca2	6074
wolfSSL	0:1239e9b70ca2	6075	if (ssl->error == WANT_READ)
wolfSSL	0:1239e9b70ca2	6076	ssl->error = 0;
wolfSSL	0:1239e9b70ca2	6077
wolfSSL	0:1239e9b70ca2	6078	if (ssl->error != 0 && ssl->error != WANT_WRITE) {
wolfSSL	0:1239e9b70ca2	6079	CYASSL_MSG("User calling CyaSSL_read in error state, not allowed");
wolfSSL	0:1239e9b70ca2	6080	return ssl->error;
wolfSSL	0:1239e9b70ca2	6081	}
wolfSSL	0:1239e9b70ca2	6082
wolfSSL	0:1239e9b70ca2	6083	if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL	0:1239e9b70ca2	6084	int err;
wolfSSL	0:1239e9b70ca2	6085	CYASSL_MSG("Handshake not complete, trying to finish");
wolfSSL	0:1239e9b70ca2	6086	if ( (err = CyaSSL_negotiate(ssl)) != SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	6087	return err;
wolfSSL	0:1239e9b70ca2	6088	}
wolfSSL	0:1239e9b70ca2	6089
wolfSSL	0:1239e9b70ca2	6090	while (ssl->buffers.clearOutputBuffer.length == 0)
wolfSSL	0:1239e9b70ca2	6091	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	6092	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	6093	if (ssl->error == ZERO_RETURN) {
wolfSSL	0:1239e9b70ca2	6094	CYASSL_MSG("Zero return, no more data coming");
wolfSSL	0:1239e9b70ca2	6095	return 0; /* no more data coming */
wolfSSL	0:1239e9b70ca2	6096	}
wolfSSL	0:1239e9b70ca2	6097	if (ssl->error == SOCKET_ERROR_E) {
wolfSSL	0:1239e9b70ca2	6098	if (ssl->options.connReset \|\| ssl->options.isClosed) {
wolfSSL	0:1239e9b70ca2	6099	CYASSL_MSG("Peer reset or closed, connection done");
wolfSSL	0:1239e9b70ca2	6100	return 0; /* peer reset or closed */
wolfSSL	0:1239e9b70ca2	6101	}
wolfSSL	0:1239e9b70ca2	6102	}
wolfSSL	0:1239e9b70ca2	6103	return ssl->error;
wolfSSL	0:1239e9b70ca2	6104	}
wolfSSL	0:1239e9b70ca2	6105
wolfSSL	0:1239e9b70ca2	6106	if (sz < (int)ssl->buffers.clearOutputBuffer.length)
wolfSSL	0:1239e9b70ca2	6107	size = sz;
wolfSSL	0:1239e9b70ca2	6108	else
wolfSSL	0:1239e9b70ca2	6109	size = ssl->buffers.clearOutputBuffer.length;
wolfSSL	0:1239e9b70ca2	6110
wolfSSL	0:1239e9b70ca2	6111	XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
wolfSSL	0:1239e9b70ca2	6112
wolfSSL	0:1239e9b70ca2	6113	if (peek == 0) {
wolfSSL	0:1239e9b70ca2	6114	ssl->buffers.clearOutputBuffer.length -= size;
wolfSSL	0:1239e9b70ca2	6115	ssl->buffers.clearOutputBuffer.buffer += size;
wolfSSL	0:1239e9b70ca2	6116	}
wolfSSL	0:1239e9b70ca2	6117
wolfSSL	0:1239e9b70ca2	6118	if (ssl->buffers.clearOutputBuffer.length == 0 &&
wolfSSL	0:1239e9b70ca2	6119	ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	0:1239e9b70ca2	6120	ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL	0:1239e9b70ca2	6121
wolfSSL	0:1239e9b70ca2	6122	CYASSL_LEAVE("ReceiveData()", size);
wolfSSL	0:1239e9b70ca2	6123	return size;
wolfSSL	0:1239e9b70ca2	6124	}
wolfSSL	0:1239e9b70ca2	6125
wolfSSL	0:1239e9b70ca2	6126
wolfSSL	0:1239e9b70ca2	6127	/* send alert message */
wolfSSL	0:1239e9b70ca2	6128	int SendAlert(CYASSL* ssl, int severity, int type)
wolfSSL	0:1239e9b70ca2	6129	{
wolfSSL	0:1239e9b70ca2	6130	byte input[ALERT_SIZE];
wolfSSL	0:1239e9b70ca2	6131	byte *output;
wolfSSL	0:1239e9b70ca2	6132	int sendSz;
wolfSSL	0:1239e9b70ca2	6133	int ret;
wolfSSL	0:1239e9b70ca2	6134	int dtlsExtra = 0;
wolfSSL	0:1239e9b70ca2	6135
wolfSSL	0:1239e9b70ca2	6136	/* if sendalert is called again for nonbloking */
wolfSSL	0:1239e9b70ca2	6137	if (ssl->options.sendAlertState != 0) {
wolfSSL	0:1239e9b70ca2	6138	ret = SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	6139	if (ret == 0)
wolfSSL	0:1239e9b70ca2	6140	ssl->options.sendAlertState = 0;
wolfSSL	0:1239e9b70ca2	6141	return ret;
wolfSSL	0:1239e9b70ca2	6142	}
wolfSSL	0:1239e9b70ca2	6143
wolfSSL	0:1239e9b70ca2	6144	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	6145	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	6146	dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	6147	#endif
wolfSSL	0:1239e9b70ca2	6148
wolfSSL	0:1239e9b70ca2	6149	/* check for available size */
wolfSSL	0:1239e9b70ca2	6150	if ((ret = CheckAvailableSize(ssl,
wolfSSL	0:1239e9b70ca2	6151	ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0)
wolfSSL	0:1239e9b70ca2	6152	return ret;
wolfSSL	0:1239e9b70ca2	6153
wolfSSL	0:1239e9b70ca2	6154	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	6155	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	6156	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	6157
wolfSSL	0:1239e9b70ca2	6158	input[0] = (byte)severity;
wolfSSL	0:1239e9b70ca2	6159	input[1] = (byte)type;
wolfSSL	0:1239e9b70ca2	6160	ssl->alert_history.last_tx.code = type;
wolfSSL	0:1239e9b70ca2	6161	ssl->alert_history.last_tx.level = severity;
wolfSSL	0:1239e9b70ca2	6162	if (severity == alert_fatal) {
wolfSSL	0:1239e9b70ca2	6163	ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL	0:1239e9b70ca2	6164	}
wolfSSL	0:1239e9b70ca2	6165
wolfSSL	0:1239e9b70ca2	6166	/* only send encrypted alert if handshake actually complete, otherwise
wolfSSL	0:1239e9b70ca2	6167	other side may not be able to handle it */
wolfSSL	0:1239e9b70ca2	6168	if (ssl->keys.encryptionOn && ssl->options.handShakeState == HANDSHAKE_DONE)
wolfSSL	0:1239e9b70ca2	6169	sendSz = BuildMessage(ssl, output, input, ALERT_SIZE, alert);
wolfSSL	0:1239e9b70ca2	6170	else {
wolfSSL	0:1239e9b70ca2	6171
wolfSSL	0:1239e9b70ca2	6172	AddRecordHeader(output, ALERT_SIZE, alert, ssl);
wolfSSL	0:1239e9b70ca2	6173	output += RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	6174	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	6175	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	6176	output += DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	6177	#endif
wolfSSL	0:1239e9b70ca2	6178	XMEMCPY(output, input, ALERT_SIZE);
wolfSSL	0:1239e9b70ca2	6179
wolfSSL	0:1239e9b70ca2	6180	sendSz = RECORD_HEADER_SZ + ALERT_SIZE;
wolfSSL	0:1239e9b70ca2	6181	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	6182	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	6183	sendSz += DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	6184	#endif
wolfSSL	0:1239e9b70ca2	6185	}
wolfSSL	0:1239e9b70ca2	6186
wolfSSL	0:1239e9b70ca2	6187	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	6188	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	6189	AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	6190	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	6191	AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap);
wolfSSL	0:1239e9b70ca2	6192	#endif
wolfSSL	0:1239e9b70ca2	6193
wolfSSL	0:1239e9b70ca2	6194	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	6195	ssl->options.sendAlertState = 1;
wolfSSL	0:1239e9b70ca2	6196
wolfSSL	0:1239e9b70ca2	6197	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	6198	}
wolfSSL	0:1239e9b70ca2	6199
wolfSSL	0:1239e9b70ca2	6200
wolfSSL	0:1239e9b70ca2	6201
wolfSSL	0:1239e9b70ca2	6202	void SetErrorString(int error, char* str)
wolfSSL	0:1239e9b70ca2	6203	{
wolfSSL	0:1239e9b70ca2	6204	const int max = CYASSL_MAX_ERROR_SZ; /* shorthand */
wolfSSL	0:1239e9b70ca2	6205
wolfSSL	0:1239e9b70ca2	6206	#ifdef NO_ERROR_STRINGS
wolfSSL	0:1239e9b70ca2	6207
wolfSSL	0:1239e9b70ca2	6208	(void)error;
wolfSSL	0:1239e9b70ca2	6209	XSTRNCPY(str, "no support for error strings built in", max);
wolfSSL	0:1239e9b70ca2	6210
wolfSSL	0:1239e9b70ca2	6211	#else
wolfSSL	0:1239e9b70ca2	6212
wolfSSL	0:1239e9b70ca2	6213	/* pass to CTaoCrypt */
wolfSSL	0:1239e9b70ca2	6214	if (error < MAX_CODE_E && error > MIN_CODE_E) {
wolfSSL	0:1239e9b70ca2	6215	CTaoCryptErrorString(error, str);
wolfSSL	0:1239e9b70ca2	6216	return;
wolfSSL	0:1239e9b70ca2	6217	}
wolfSSL	0:1239e9b70ca2	6218
wolfSSL	0:1239e9b70ca2	6219	switch (error) {
wolfSSL	0:1239e9b70ca2	6220
wolfSSL	0:1239e9b70ca2	6221	case UNSUPPORTED_SUITE :
wolfSSL	0:1239e9b70ca2	6222	XSTRNCPY(str, "unsupported cipher suite", max);
wolfSSL	0:1239e9b70ca2	6223	break;
wolfSSL	0:1239e9b70ca2	6224
wolfSSL	0:1239e9b70ca2	6225	case INPUT_CASE_ERROR :
wolfSSL	0:1239e9b70ca2	6226	XSTRNCPY(str, "input state error", max);
wolfSSL	0:1239e9b70ca2	6227	break;
wolfSSL	0:1239e9b70ca2	6228
wolfSSL	0:1239e9b70ca2	6229	case PREFIX_ERROR :
wolfSSL	0:1239e9b70ca2	6230	XSTRNCPY(str, "bad index to key rounds", max);
wolfSSL	0:1239e9b70ca2	6231	break;
wolfSSL	0:1239e9b70ca2	6232
wolfSSL	0:1239e9b70ca2	6233	case MEMORY_ERROR :
wolfSSL	0:1239e9b70ca2	6234	XSTRNCPY(str, "out of memory", max);
wolfSSL	0:1239e9b70ca2	6235	break;
wolfSSL	0:1239e9b70ca2	6236
wolfSSL	0:1239e9b70ca2	6237	case VERIFY_FINISHED_ERROR :
wolfSSL	0:1239e9b70ca2	6238	XSTRNCPY(str, "verify problem on finished", max);
wolfSSL	0:1239e9b70ca2	6239	break;
wolfSSL	0:1239e9b70ca2	6240
wolfSSL	0:1239e9b70ca2	6241	case VERIFY_MAC_ERROR :
wolfSSL	0:1239e9b70ca2	6242	XSTRNCPY(str, "verify mac problem", max);
wolfSSL	0:1239e9b70ca2	6243	break;
wolfSSL	0:1239e9b70ca2	6244
wolfSSL	0:1239e9b70ca2	6245	case PARSE_ERROR :
wolfSSL	0:1239e9b70ca2	6246	XSTRNCPY(str, "parse error on header", max);
wolfSSL	0:1239e9b70ca2	6247	break;
wolfSSL	0:1239e9b70ca2	6248
wolfSSL	0:1239e9b70ca2	6249	case SIDE_ERROR :
wolfSSL	0:1239e9b70ca2	6250	XSTRNCPY(str, "wrong client/server type", max);
wolfSSL	0:1239e9b70ca2	6251	break;
wolfSSL	0:1239e9b70ca2	6252
wolfSSL	0:1239e9b70ca2	6253	case NO_PEER_CERT :
wolfSSL	0:1239e9b70ca2	6254	XSTRNCPY(str, "peer didn't send cert", max);
wolfSSL	0:1239e9b70ca2	6255	break;
wolfSSL	0:1239e9b70ca2	6256
wolfSSL	0:1239e9b70ca2	6257	case UNKNOWN_HANDSHAKE_TYPE :
wolfSSL	0:1239e9b70ca2	6258	XSTRNCPY(str, "weird handshake type", max);
wolfSSL	0:1239e9b70ca2	6259	break;
wolfSSL	0:1239e9b70ca2	6260
wolfSSL	0:1239e9b70ca2	6261	case SOCKET_ERROR_E :
wolfSSL	0:1239e9b70ca2	6262	XSTRNCPY(str, "error state on socket", max);
wolfSSL	0:1239e9b70ca2	6263	break;
wolfSSL	0:1239e9b70ca2	6264
wolfSSL	0:1239e9b70ca2	6265	case SOCKET_NODATA :
wolfSSL	0:1239e9b70ca2	6266	XSTRNCPY(str, "expected data, not there", max);
wolfSSL	0:1239e9b70ca2	6267	break;
wolfSSL	0:1239e9b70ca2	6268
wolfSSL	0:1239e9b70ca2	6269	case INCOMPLETE_DATA :
wolfSSL	0:1239e9b70ca2	6270	XSTRNCPY(str, "don't have enough data to complete task", max);
wolfSSL	0:1239e9b70ca2	6271	break;
wolfSSL	0:1239e9b70ca2	6272
wolfSSL	0:1239e9b70ca2	6273	case UNKNOWN_RECORD_TYPE :
wolfSSL	0:1239e9b70ca2	6274	XSTRNCPY(str, "unknown type in record hdr", max);
wolfSSL	0:1239e9b70ca2	6275	break;
wolfSSL	0:1239e9b70ca2	6276
wolfSSL	0:1239e9b70ca2	6277	case DECRYPT_ERROR :
wolfSSL	0:1239e9b70ca2	6278	XSTRNCPY(str, "error during decryption", max);
wolfSSL	0:1239e9b70ca2	6279	break;
wolfSSL	0:1239e9b70ca2	6280
wolfSSL	0:1239e9b70ca2	6281	case FATAL_ERROR :
wolfSSL	0:1239e9b70ca2	6282	XSTRNCPY(str, "revcd alert fatal error", max);
wolfSSL	0:1239e9b70ca2	6283	break;
wolfSSL	0:1239e9b70ca2	6284
wolfSSL	0:1239e9b70ca2	6285	case ENCRYPT_ERROR :
wolfSSL	0:1239e9b70ca2	6286	XSTRNCPY(str, "error during encryption", max);
wolfSSL	0:1239e9b70ca2	6287	break;
wolfSSL	0:1239e9b70ca2	6288
wolfSSL	0:1239e9b70ca2	6289	case FREAD_ERROR :
wolfSSL	0:1239e9b70ca2	6290	XSTRNCPY(str, "fread problem", max);
wolfSSL	0:1239e9b70ca2	6291	break;
wolfSSL	0:1239e9b70ca2	6292
wolfSSL	0:1239e9b70ca2	6293	case NO_PEER_KEY :
wolfSSL	0:1239e9b70ca2	6294	XSTRNCPY(str, "need peer's key", max);
wolfSSL	0:1239e9b70ca2	6295	break;
wolfSSL	0:1239e9b70ca2	6296
wolfSSL	0:1239e9b70ca2	6297	case NO_PRIVATE_KEY :
wolfSSL	0:1239e9b70ca2	6298	XSTRNCPY(str, "need the private key", max);
wolfSSL	0:1239e9b70ca2	6299	break;
wolfSSL	0:1239e9b70ca2	6300
wolfSSL	0:1239e9b70ca2	6301	case NO_DH_PARAMS :
wolfSSL	0:1239e9b70ca2	6302	XSTRNCPY(str, "server missing DH params", max);
wolfSSL	0:1239e9b70ca2	6303	break;
wolfSSL	0:1239e9b70ca2	6304
wolfSSL	0:1239e9b70ca2	6305	case RSA_PRIVATE_ERROR :
wolfSSL	0:1239e9b70ca2	6306	XSTRNCPY(str, "error during rsa priv op", max);
wolfSSL	0:1239e9b70ca2	6307	break;
wolfSSL	0:1239e9b70ca2	6308
wolfSSL	0:1239e9b70ca2	6309	case MATCH_SUITE_ERROR :
wolfSSL	0:1239e9b70ca2	6310	XSTRNCPY(str, "can't match cipher suite", max);
wolfSSL	0:1239e9b70ca2	6311	break;
wolfSSL	0:1239e9b70ca2	6312
wolfSSL	0:1239e9b70ca2	6313	case BUILD_MSG_ERROR :
wolfSSL	0:1239e9b70ca2	6314	XSTRNCPY(str, "build message failure", max);
wolfSSL	0:1239e9b70ca2	6315	break;
wolfSSL	0:1239e9b70ca2	6316
wolfSSL	0:1239e9b70ca2	6317	case BAD_HELLO :
wolfSSL	0:1239e9b70ca2	6318	XSTRNCPY(str, "client hello malformed", max);
wolfSSL	0:1239e9b70ca2	6319	break;
wolfSSL	0:1239e9b70ca2	6320
wolfSSL	0:1239e9b70ca2	6321	case DOMAIN_NAME_MISMATCH :
wolfSSL	0:1239e9b70ca2	6322	XSTRNCPY(str, "peer subject name mismatch", max);
wolfSSL	0:1239e9b70ca2	6323	break;
wolfSSL	0:1239e9b70ca2	6324
wolfSSL	0:1239e9b70ca2	6325	case WANT_READ :
wolfSSL	0:1239e9b70ca2	6326	case SSL_ERROR_WANT_READ :
wolfSSL	0:1239e9b70ca2	6327	XSTRNCPY(str, "non-blocking socket wants data to be read", max);
wolfSSL	0:1239e9b70ca2	6328	break;
wolfSSL	0:1239e9b70ca2	6329
wolfSSL	0:1239e9b70ca2	6330	case NOT_READY_ERROR :
wolfSSL	0:1239e9b70ca2	6331	XSTRNCPY(str, "handshake layer not ready yet, complete first", max);
wolfSSL	0:1239e9b70ca2	6332	break;
wolfSSL	0:1239e9b70ca2	6333
wolfSSL	0:1239e9b70ca2	6334	case PMS_VERSION_ERROR :
wolfSSL	0:1239e9b70ca2	6335	XSTRNCPY(str, "premaster secret version mismatch error", max);
wolfSSL	0:1239e9b70ca2	6336	break;
wolfSSL	0:1239e9b70ca2	6337
wolfSSL	0:1239e9b70ca2	6338	case VERSION_ERROR :
wolfSSL	0:1239e9b70ca2	6339	XSTRNCPY(str, "record layer version error", max);
wolfSSL	0:1239e9b70ca2	6340	break;
wolfSSL	0:1239e9b70ca2	6341
wolfSSL	0:1239e9b70ca2	6342	case WANT_WRITE :
wolfSSL	0:1239e9b70ca2	6343	case SSL_ERROR_WANT_WRITE :
wolfSSL	0:1239e9b70ca2	6344	XSTRNCPY(str, "non-blocking socket write buffer full", max);
wolfSSL	0:1239e9b70ca2	6345	break;
wolfSSL	0:1239e9b70ca2	6346
wolfSSL	0:1239e9b70ca2	6347	case BUFFER_ERROR :
wolfSSL	0:1239e9b70ca2	6348	XSTRNCPY(str, "malformed buffer input error", max);
wolfSSL	0:1239e9b70ca2	6349	break;
wolfSSL	0:1239e9b70ca2	6350
wolfSSL	0:1239e9b70ca2	6351	case VERIFY_CERT_ERROR :
wolfSSL	0:1239e9b70ca2	6352	XSTRNCPY(str, "verify problem on certificate", max);
wolfSSL	0:1239e9b70ca2	6353	break;
wolfSSL	0:1239e9b70ca2	6354
wolfSSL	0:1239e9b70ca2	6355	case VERIFY_SIGN_ERROR :
wolfSSL	0:1239e9b70ca2	6356	XSTRNCPY(str, "verify problem based on signature", max);
wolfSSL	0:1239e9b70ca2	6357	break;
wolfSSL	0:1239e9b70ca2	6358
wolfSSL	0:1239e9b70ca2	6359	case CLIENT_ID_ERROR :
wolfSSL	0:1239e9b70ca2	6360	XSTRNCPY(str, "psk client identity error", max);
wolfSSL	0:1239e9b70ca2	6361	break;
wolfSSL	0:1239e9b70ca2	6362
wolfSSL	0:1239e9b70ca2	6363	case SERVER_HINT_ERROR:
wolfSSL	0:1239e9b70ca2	6364	XSTRNCPY(str, "psk server hint error", max);
wolfSSL	0:1239e9b70ca2	6365	break;
wolfSSL	0:1239e9b70ca2	6366
wolfSSL	0:1239e9b70ca2	6367	case PSK_KEY_ERROR:
wolfSSL	0:1239e9b70ca2	6368	XSTRNCPY(str, "psk key callback error", max);
wolfSSL	0:1239e9b70ca2	6369	break;
wolfSSL	0:1239e9b70ca2	6370
wolfSSL	0:1239e9b70ca2	6371	case NTRU_KEY_ERROR:
wolfSSL	0:1239e9b70ca2	6372	XSTRNCPY(str, "NTRU key error", max);
wolfSSL	0:1239e9b70ca2	6373	break;
wolfSSL	0:1239e9b70ca2	6374
wolfSSL	0:1239e9b70ca2	6375	case NTRU_DRBG_ERROR:
wolfSSL	0:1239e9b70ca2	6376	XSTRNCPY(str, "NTRU drbg error", max);
wolfSSL	0:1239e9b70ca2	6377	break;
wolfSSL	0:1239e9b70ca2	6378
wolfSSL	0:1239e9b70ca2	6379	case NTRU_ENCRYPT_ERROR:
wolfSSL	0:1239e9b70ca2	6380	XSTRNCPY(str, "NTRU encrypt error", max);
wolfSSL	0:1239e9b70ca2	6381	break;
wolfSSL	0:1239e9b70ca2	6382
wolfSSL	0:1239e9b70ca2	6383	case NTRU_DECRYPT_ERROR:
wolfSSL	0:1239e9b70ca2	6384	XSTRNCPY(str, "NTRU decrypt error", max);
wolfSSL	0:1239e9b70ca2	6385	break;
wolfSSL	0:1239e9b70ca2	6386
wolfSSL	0:1239e9b70ca2	6387	case ZLIB_INIT_ERROR:
wolfSSL	0:1239e9b70ca2	6388	XSTRNCPY(str, "zlib init error", max);
wolfSSL	0:1239e9b70ca2	6389	break;
wolfSSL	0:1239e9b70ca2	6390
wolfSSL	0:1239e9b70ca2	6391	case ZLIB_COMPRESS_ERROR:
wolfSSL	0:1239e9b70ca2	6392	XSTRNCPY(str, "zlib compress error", max);
wolfSSL	0:1239e9b70ca2	6393	break;
wolfSSL	0:1239e9b70ca2	6394
wolfSSL	0:1239e9b70ca2	6395	case ZLIB_DECOMPRESS_ERROR:
wolfSSL	0:1239e9b70ca2	6396	XSTRNCPY(str, "zlib decompress error", max);
wolfSSL	0:1239e9b70ca2	6397	break;
wolfSSL	0:1239e9b70ca2	6398
wolfSSL	0:1239e9b70ca2	6399	case GETTIME_ERROR:
wolfSSL	0:1239e9b70ca2	6400	XSTRNCPY(str, "gettimeofday() error", max);
wolfSSL	0:1239e9b70ca2	6401	break;
wolfSSL	0:1239e9b70ca2	6402
wolfSSL	0:1239e9b70ca2	6403	case GETITIMER_ERROR:
wolfSSL	0:1239e9b70ca2	6404	XSTRNCPY(str, "getitimer() error", max);
wolfSSL	0:1239e9b70ca2	6405	break;
wolfSSL	0:1239e9b70ca2	6406
wolfSSL	0:1239e9b70ca2	6407	case SIGACT_ERROR:
wolfSSL	0:1239e9b70ca2	6408	XSTRNCPY(str, "sigaction() error", max);
wolfSSL	0:1239e9b70ca2	6409	break;
wolfSSL	0:1239e9b70ca2	6410
wolfSSL	0:1239e9b70ca2	6411	case SETITIMER_ERROR:
wolfSSL	0:1239e9b70ca2	6412	XSTRNCPY(str, "setitimer() error", max);
wolfSSL	0:1239e9b70ca2	6413	break;
wolfSSL	0:1239e9b70ca2	6414
wolfSSL	0:1239e9b70ca2	6415	case LENGTH_ERROR:
wolfSSL	0:1239e9b70ca2	6416	XSTRNCPY(str, "record layer length error", max);
wolfSSL	0:1239e9b70ca2	6417	break;
wolfSSL	0:1239e9b70ca2	6418
wolfSSL	0:1239e9b70ca2	6419	case PEER_KEY_ERROR:
wolfSSL	0:1239e9b70ca2	6420	XSTRNCPY(str, "cant decode peer key", max);
wolfSSL	0:1239e9b70ca2	6421	break;
wolfSSL	0:1239e9b70ca2	6422
wolfSSL	0:1239e9b70ca2	6423	case ZERO_RETURN:
wolfSSL	0:1239e9b70ca2	6424	case SSL_ERROR_ZERO_RETURN:
wolfSSL	0:1239e9b70ca2	6425	XSTRNCPY(str, "peer sent close notify alert", max);
wolfSSL	0:1239e9b70ca2	6426	break;
wolfSSL	0:1239e9b70ca2	6427
wolfSSL	0:1239e9b70ca2	6428	case ECC_CURVETYPE_ERROR:
wolfSSL	0:1239e9b70ca2	6429	XSTRNCPY(str, "Bad ECC Curve Type or unsupported", max);
wolfSSL	0:1239e9b70ca2	6430	break;
wolfSSL	0:1239e9b70ca2	6431
wolfSSL	0:1239e9b70ca2	6432	case ECC_CURVE_ERROR:
wolfSSL	0:1239e9b70ca2	6433	XSTRNCPY(str, "Bad ECC Curve or unsupported", max);
wolfSSL	0:1239e9b70ca2	6434	break;
wolfSSL	0:1239e9b70ca2	6435
wolfSSL	0:1239e9b70ca2	6436	case ECC_PEERKEY_ERROR:
wolfSSL	0:1239e9b70ca2	6437	XSTRNCPY(str, "Bad ECC Peer Key", max);
wolfSSL	0:1239e9b70ca2	6438	break;
wolfSSL	0:1239e9b70ca2	6439
wolfSSL	0:1239e9b70ca2	6440	case ECC_MAKEKEY_ERROR:
wolfSSL	0:1239e9b70ca2	6441	XSTRNCPY(str, "ECC Make Key failure", max);
wolfSSL	0:1239e9b70ca2	6442	break;
wolfSSL	0:1239e9b70ca2	6443
wolfSSL	0:1239e9b70ca2	6444	case ECC_EXPORT_ERROR:
wolfSSL	0:1239e9b70ca2	6445	XSTRNCPY(str, "ECC Export Key failure", max);
wolfSSL	0:1239e9b70ca2	6446	break;
wolfSSL	0:1239e9b70ca2	6447
wolfSSL	0:1239e9b70ca2	6448	case ECC_SHARED_ERROR:
wolfSSL	0:1239e9b70ca2	6449	XSTRNCPY(str, "ECC DHE shared failure", max);
wolfSSL	0:1239e9b70ca2	6450	break;
wolfSSL	0:1239e9b70ca2	6451
wolfSSL	0:1239e9b70ca2	6452	case NOT_CA_ERROR:
wolfSSL	0:1239e9b70ca2	6453	XSTRNCPY(str, "Not a CA by basic constraint error", max);
wolfSSL	0:1239e9b70ca2	6454	break;
wolfSSL	0:1239e9b70ca2	6455
wolfSSL	0:1239e9b70ca2	6456	case BAD_PATH_ERROR:
wolfSSL	0:1239e9b70ca2	6457	XSTRNCPY(str, "Bad path for opendir error", max);
wolfSSL	0:1239e9b70ca2	6458	break;
wolfSSL	0:1239e9b70ca2	6459
wolfSSL	0:1239e9b70ca2	6460	case BAD_CERT_MANAGER_ERROR:
wolfSSL	0:1239e9b70ca2	6461	XSTRNCPY(str, "Bad Cert Manager error", max);
wolfSSL	0:1239e9b70ca2	6462	break;
wolfSSL	0:1239e9b70ca2	6463
wolfSSL	0:1239e9b70ca2	6464	case OCSP_CERT_REVOKED:
wolfSSL	0:1239e9b70ca2	6465	XSTRNCPY(str, "OCSP Cert revoked", max);
wolfSSL	0:1239e9b70ca2	6466	break;
wolfSSL	0:1239e9b70ca2	6467
wolfSSL	0:1239e9b70ca2	6468	case CRL_CERT_REVOKED:
wolfSSL	0:1239e9b70ca2	6469	XSTRNCPY(str, "CRL Cert revoked", max);
wolfSSL	0:1239e9b70ca2	6470	break;
wolfSSL	0:1239e9b70ca2	6471
wolfSSL	0:1239e9b70ca2	6472	case CRL_MISSING:
wolfSSL	0:1239e9b70ca2	6473	XSTRNCPY(str, "CRL missing, not loaded", max);
wolfSSL	0:1239e9b70ca2	6474	break;
wolfSSL	0:1239e9b70ca2	6475
wolfSSL	0:1239e9b70ca2	6476	case MONITOR_RUNNING_E:
wolfSSL	0:1239e9b70ca2	6477	XSTRNCPY(str, "CRL monitor already running", max);
wolfSSL	0:1239e9b70ca2	6478	break;
wolfSSL	0:1239e9b70ca2	6479
wolfSSL	0:1239e9b70ca2	6480	case THREAD_CREATE_E:
wolfSSL	0:1239e9b70ca2	6481	XSTRNCPY(str, "Thread creation problem", max);
wolfSSL	0:1239e9b70ca2	6482	break;
wolfSSL	0:1239e9b70ca2	6483
wolfSSL	0:1239e9b70ca2	6484	case OCSP_NEED_URL:
wolfSSL	0:1239e9b70ca2	6485	XSTRNCPY(str, "OCSP need URL", max);
wolfSSL	0:1239e9b70ca2	6486	break;
wolfSSL	0:1239e9b70ca2	6487
wolfSSL	0:1239e9b70ca2	6488	case OCSP_CERT_UNKNOWN:
wolfSSL	0:1239e9b70ca2	6489	XSTRNCPY(str, "OCSP Cert unknown", max);
wolfSSL	0:1239e9b70ca2	6490	break;
wolfSSL	0:1239e9b70ca2	6491
wolfSSL	0:1239e9b70ca2	6492	case OCSP_LOOKUP_FAIL:
wolfSSL	0:1239e9b70ca2	6493	XSTRNCPY(str, "OCSP Responder lookup fail", max);
wolfSSL	0:1239e9b70ca2	6494	break;
wolfSSL	0:1239e9b70ca2	6495
wolfSSL	0:1239e9b70ca2	6496	case MAX_CHAIN_ERROR:
wolfSSL	0:1239e9b70ca2	6497	XSTRNCPY(str, "Maximum Chain Depth Exceeded", max);
wolfSSL	0:1239e9b70ca2	6498	break;
wolfSSL	0:1239e9b70ca2	6499
wolfSSL	0:1239e9b70ca2	6500	case COOKIE_ERROR:
wolfSSL	0:1239e9b70ca2	6501	XSTRNCPY(str, "DTLS Cookie Error", max);
wolfSSL	0:1239e9b70ca2	6502	break;
wolfSSL	0:1239e9b70ca2	6503
wolfSSL	0:1239e9b70ca2	6504	case SEQUENCE_ERROR:
wolfSSL	0:1239e9b70ca2	6505	XSTRNCPY(str, "DTLS Sequence Error", max);
wolfSSL	0:1239e9b70ca2	6506	break;
wolfSSL	0:1239e9b70ca2	6507
wolfSSL	0:1239e9b70ca2	6508	case SUITES_ERROR:
wolfSSL	0:1239e9b70ca2	6509	XSTRNCPY(str, "Suites Pointer Error", max);
wolfSSL	0:1239e9b70ca2	6510	break;
wolfSSL	0:1239e9b70ca2	6511
wolfSSL	0:1239e9b70ca2	6512	case SSL_NO_PEM_HEADER:
wolfSSL	0:1239e9b70ca2	6513	XSTRNCPY(str, "No PEM Header Error", max);
wolfSSL	0:1239e9b70ca2	6514	break;
wolfSSL	0:1239e9b70ca2	6515
wolfSSL	0:1239e9b70ca2	6516	case OUT_OF_ORDER_E:
wolfSSL	0:1239e9b70ca2	6517	XSTRNCPY(str, "Out of order message, fatal", max);
wolfSSL	0:1239e9b70ca2	6518	break;
wolfSSL	0:1239e9b70ca2	6519
wolfSSL	0:1239e9b70ca2	6520	case BAD_KEA_TYPE_E:
wolfSSL	0:1239e9b70ca2	6521	XSTRNCPY(str, "Bad KEA type found", max);
wolfSSL	0:1239e9b70ca2	6522	break;
wolfSSL	0:1239e9b70ca2	6523
wolfSSL	0:1239e9b70ca2	6524	case SANITY_CIPHER_E:
wolfSSL	0:1239e9b70ca2	6525	XSTRNCPY(str, "Sanity check on ciphertext failed", max);
wolfSSL	0:1239e9b70ca2	6526	break;
wolfSSL	0:1239e9b70ca2	6527
wolfSSL	0:1239e9b70ca2	6528	case RECV_OVERFLOW_E:
wolfSSL	0:1239e9b70ca2	6529	XSTRNCPY(str, "Receive callback returned more than requested", max);
wolfSSL	0:1239e9b70ca2	6530	break;
wolfSSL	0:1239e9b70ca2	6531
wolfSSL	0:1239e9b70ca2	6532	case GEN_COOKIE_E:
wolfSSL	0:1239e9b70ca2	6533	XSTRNCPY(str, "Generate Cookie Error", max);
wolfSSL	0:1239e9b70ca2	6534	break;
wolfSSL	0:1239e9b70ca2	6535
wolfSSL	0:1239e9b70ca2	6536	case NO_PEER_VERIFY:
wolfSSL	0:1239e9b70ca2	6537	XSTRNCPY(str, "Need peer certificate verify Error", max);
wolfSSL	0:1239e9b70ca2	6538	break;
wolfSSL	0:1239e9b70ca2	6539
wolfSSL	0:1239e9b70ca2	6540	case FWRITE_ERROR:
wolfSSL	0:1239e9b70ca2	6541	XSTRNCPY(str, "fwrite Error", max);
wolfSSL	0:1239e9b70ca2	6542	break;
wolfSSL	0:1239e9b70ca2	6543
wolfSSL	0:1239e9b70ca2	6544	case CACHE_MATCH_ERROR:
wolfSSL	0:1239e9b70ca2	6545	XSTRNCPY(str, "Cache restore header match Error", max);
wolfSSL	0:1239e9b70ca2	6546	break;
wolfSSL	0:1239e9b70ca2	6547
wolfSSL	0:1239e9b70ca2	6548	case UNKNOWN_SNI_HOST_NAME_E:
wolfSSL	0:1239e9b70ca2	6549	XSTRNCPY(str, "Unrecognized host name Error", max);
wolfSSL	0:1239e9b70ca2	6550	break;
wolfSSL	0:1239e9b70ca2	6551
wolfSSL	0:1239e9b70ca2	6552	case KEYUSE_SIGNATURE_E:
wolfSSL	0:1239e9b70ca2	6553	XSTRNCPY(str, "Key Use digitalSignature not set Error", max);
wolfSSL	0:1239e9b70ca2	6554	break;
wolfSSL	0:1239e9b70ca2	6555
wolfSSL	0:1239e9b70ca2	6556	case KEYUSE_ENCIPHER_E:
wolfSSL	0:1239e9b70ca2	6557	XSTRNCPY(str, "Key Use keyEncipherment not set Error", max);
wolfSSL	0:1239e9b70ca2	6558	break;
wolfSSL	0:1239e9b70ca2	6559
wolfSSL	0:1239e9b70ca2	6560	case EXTKEYUSE_AUTH_E:
wolfSSL	0:1239e9b70ca2	6561	XSTRNCPY(str, "Ext Key Use server/client auth not set Error", max);
wolfSSL	0:1239e9b70ca2	6562	break;
wolfSSL	0:1239e9b70ca2	6563
wolfSSL	0:1239e9b70ca2	6564	default :
wolfSSL	0:1239e9b70ca2	6565	XSTRNCPY(str, "unknown error number", max);
wolfSSL	0:1239e9b70ca2	6566	}
wolfSSL	0:1239e9b70ca2	6567
wolfSSL	0:1239e9b70ca2	6568	#endif /* NO_ERROR_STRINGS */
wolfSSL	0:1239e9b70ca2	6569	}
wolfSSL	0:1239e9b70ca2	6570
wolfSSL	0:1239e9b70ca2	6571
wolfSSL	0:1239e9b70ca2	6572
wolfSSL	0:1239e9b70ca2	6573	/* be sure to add to cipher_name_idx too !!!! */
wolfSSL	0:1239e9b70ca2	6574	static const char* const cipher_names[] =
wolfSSL	0:1239e9b70ca2	6575	{
wolfSSL	0:1239e9b70ca2	6576	#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	6577	"RC4-SHA",
wolfSSL	0:1239e9b70ca2	6578	#endif
wolfSSL	0:1239e9b70ca2	6579
wolfSSL	0:1239e9b70ca2	6580	#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	0:1239e9b70ca2	6581	"RC4-MD5",
wolfSSL	0:1239e9b70ca2	6582	#endif
wolfSSL	0:1239e9b70ca2	6583
wolfSSL	0:1239e9b70ca2	6584	#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	6585	"DES-CBC3-SHA",
wolfSSL	0:1239e9b70ca2	6586	#endif
wolfSSL	0:1239e9b70ca2	6587
wolfSSL	0:1239e9b70ca2	6588	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6589	"AES128-SHA",
wolfSSL	0:1239e9b70ca2	6590	#endif
wolfSSL	0:1239e9b70ca2	6591
wolfSSL	0:1239e9b70ca2	6592	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6593	"AES256-SHA",
wolfSSL	0:1239e9b70ca2	6594	#endif
wolfSSL	0:1239e9b70ca2	6595
wolfSSL	0:1239e9b70ca2	6596	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	0:1239e9b70ca2	6597	"NULL-SHA",
wolfSSL	0:1239e9b70ca2	6598	#endif
wolfSSL	0:1239e9b70ca2	6599
wolfSSL	0:1239e9b70ca2	6600	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	0:1239e9b70ca2	6601	"NULL-SHA256",
wolfSSL	0:1239e9b70ca2	6602	#endif
wolfSSL	0:1239e9b70ca2	6603
wolfSSL	0:1239e9b70ca2	6604	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6605	"DHE-RSA-AES128-SHA",
wolfSSL	0:1239e9b70ca2	6606	#endif
wolfSSL	0:1239e9b70ca2	6607
wolfSSL	0:1239e9b70ca2	6608	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6609	"DHE-RSA-AES256-SHA",
wolfSSL	0:1239e9b70ca2	6610	#endif
wolfSSL	0:1239e9b70ca2	6611
wolfSSL	0:1239e9b70ca2	6612	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6613	"PSK-AES128-CBC-SHA256",
wolfSSL	0:1239e9b70ca2	6614	#endif
wolfSSL	0:1239e9b70ca2	6615
wolfSSL	0:1239e9b70ca2	6616	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6617	"PSK-AES128-CBC-SHA",
wolfSSL	0:1239e9b70ca2	6618	#endif
wolfSSL	0:1239e9b70ca2	6619
wolfSSL	0:1239e9b70ca2	6620	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6621	"PSK-AES256-CBC-SHA",
wolfSSL	0:1239e9b70ca2	6622	#endif
wolfSSL	0:1239e9b70ca2	6623
wolfSSL	0:1239e9b70ca2	6624	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	6625	"PSK-AES128-CCM-8",
wolfSSL	0:1239e9b70ca2	6626	#endif
wolfSSL	0:1239e9b70ca2	6627
wolfSSL	0:1239e9b70ca2	6628	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	6629	"PSK-AES256-CCM-8",
wolfSSL	0:1239e9b70ca2	6630	#endif
wolfSSL	0:1239e9b70ca2	6631
wolfSSL	0:1239e9b70ca2	6632	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	0:1239e9b70ca2	6633	"PSK-NULL-SHA256",
wolfSSL	0:1239e9b70ca2	6634	#endif
wolfSSL	0:1239e9b70ca2	6635
wolfSSL	0:1239e9b70ca2	6636	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	0:1239e9b70ca2	6637	"PSK-NULL-SHA",
wolfSSL	0:1239e9b70ca2	6638	#endif
wolfSSL	0:1239e9b70ca2	6639
wolfSSL	0:1239e9b70ca2	6640	#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	0:1239e9b70ca2	6641	"HC128-MD5",
wolfSSL	0:1239e9b70ca2	6642	#endif
wolfSSL	0:1239e9b70ca2	6643
wolfSSL	0:1239e9b70ca2	6644	#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	0:1239e9b70ca2	6645	"HC128-SHA",
wolfSSL	0:1239e9b70ca2	6646	#endif
wolfSSL	0:1239e9b70ca2	6647
wolfSSL	0:1239e9b70ca2	6648	#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	0:1239e9b70ca2	6649	"HC128-B2B256",
wolfSSL	0:1239e9b70ca2	6650	#endif
wolfSSL	0:1239e9b70ca2	6651
wolfSSL	0:1239e9b70ca2	6652	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	0:1239e9b70ca2	6653	"AES128-B2B256",
wolfSSL	0:1239e9b70ca2	6654	#endif
wolfSSL	0:1239e9b70ca2	6655
wolfSSL	0:1239e9b70ca2	6656	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	0:1239e9b70ca2	6657	"AES256-B2B256",
wolfSSL	0:1239e9b70ca2	6658	#endif
wolfSSL	0:1239e9b70ca2	6659
wolfSSL	0:1239e9b70ca2	6660	#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	0:1239e9b70ca2	6661	"RABBIT-SHA",
wolfSSL	0:1239e9b70ca2	6662	#endif
wolfSSL	0:1239e9b70ca2	6663
wolfSSL	0:1239e9b70ca2	6664	#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	6665	"NTRU-RC4-SHA",
wolfSSL	0:1239e9b70ca2	6666	#endif
wolfSSL	0:1239e9b70ca2	6667
wolfSSL	0:1239e9b70ca2	6668	#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	6669	"NTRU-DES-CBC3-SHA",
wolfSSL	0:1239e9b70ca2	6670	#endif
wolfSSL	0:1239e9b70ca2	6671
wolfSSL	0:1239e9b70ca2	6672	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6673	"NTRU-AES128-SHA",
wolfSSL	0:1239e9b70ca2	6674	#endif
wolfSSL	0:1239e9b70ca2	6675
wolfSSL	0:1239e9b70ca2	6676	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6677	"NTRU-AES256-SHA",
wolfSSL	0:1239e9b70ca2	6678	#endif
wolfSSL	0:1239e9b70ca2	6679
wolfSSL	0:1239e9b70ca2	6680	#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	6681	"AES128-CCM-8",
wolfSSL	0:1239e9b70ca2	6682	#endif
wolfSSL	0:1239e9b70ca2	6683
wolfSSL	0:1239e9b70ca2	6684	#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	6685	"AES256-CCM-8",
wolfSSL	0:1239e9b70ca2	6686	#endif
wolfSSL	0:1239e9b70ca2	6687
wolfSSL	0:1239e9b70ca2	6688	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	6689	"ECDHE-ECDSA-AES128-CCM-8",
wolfSSL	0:1239e9b70ca2	6690	#endif
wolfSSL	0:1239e9b70ca2	6691
wolfSSL	0:1239e9b70ca2	6692	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	6693	"ECDHE-ECDSA-AES256-CCM-8",
wolfSSL	0:1239e9b70ca2	6694	#endif
wolfSSL	0:1239e9b70ca2	6695
wolfSSL	0:1239e9b70ca2	6696	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6697	"ECDHE-RSA-AES128-SHA",
wolfSSL	0:1239e9b70ca2	6698	#endif
wolfSSL	0:1239e9b70ca2	6699
wolfSSL	0:1239e9b70ca2	6700	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6701	"ECDHE-RSA-AES256-SHA",
wolfSSL	0:1239e9b70ca2	6702	#endif
wolfSSL	0:1239e9b70ca2	6703
wolfSSL	0:1239e9b70ca2	6704	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6705	"ECDHE-ECDSA-AES128-SHA",
wolfSSL	0:1239e9b70ca2	6706	#endif
wolfSSL	0:1239e9b70ca2	6707
wolfSSL	0:1239e9b70ca2	6708	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6709	"ECDHE-ECDSA-AES256-SHA",
wolfSSL	0:1239e9b70ca2	6710	#endif
wolfSSL	0:1239e9b70ca2	6711
wolfSSL	0:1239e9b70ca2	6712	#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	6713	"ECDHE-RSA-RC4-SHA",
wolfSSL	0:1239e9b70ca2	6714	#endif
wolfSSL	0:1239e9b70ca2	6715
wolfSSL	0:1239e9b70ca2	6716	#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	6717	"ECDHE-RSA-DES-CBC3-SHA",
wolfSSL	0:1239e9b70ca2	6718	#endif
wolfSSL	0:1239e9b70ca2	6719
wolfSSL	0:1239e9b70ca2	6720	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	6721	"ECDHE-ECDSA-RC4-SHA",
wolfSSL	0:1239e9b70ca2	6722	#endif
wolfSSL	0:1239e9b70ca2	6723
wolfSSL	0:1239e9b70ca2	6724	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	6725	"ECDHE-ECDSA-DES-CBC3-SHA",
wolfSSL	0:1239e9b70ca2	6726	#endif
wolfSSL	0:1239e9b70ca2	6727
wolfSSL	0:1239e9b70ca2	6728	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6729	"AES128-SHA256",
wolfSSL	0:1239e9b70ca2	6730	#endif
wolfSSL	0:1239e9b70ca2	6731
wolfSSL	0:1239e9b70ca2	6732	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6733	"AES256-SHA256",
wolfSSL	0:1239e9b70ca2	6734	#endif
wolfSSL	0:1239e9b70ca2	6735
wolfSSL	0:1239e9b70ca2	6736	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6737	"DHE-RSA-AES128-SHA256",
wolfSSL	0:1239e9b70ca2	6738	#endif
wolfSSL	0:1239e9b70ca2	6739
wolfSSL	0:1239e9b70ca2	6740	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6741	"DHE-RSA-AES256-SHA256",
wolfSSL	0:1239e9b70ca2	6742	#endif
wolfSSL	0:1239e9b70ca2	6743
wolfSSL	0:1239e9b70ca2	6744	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6745	"ECDH-RSA-AES128-SHA",
wolfSSL	0:1239e9b70ca2	6746	#endif
wolfSSL	0:1239e9b70ca2	6747
wolfSSL	0:1239e9b70ca2	6748	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6749	"ECDH-RSA-AES256-SHA",
wolfSSL	0:1239e9b70ca2	6750	#endif
wolfSSL	0:1239e9b70ca2	6751
wolfSSL	0:1239e9b70ca2	6752	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6753	"ECDH-ECDSA-AES128-SHA",
wolfSSL	0:1239e9b70ca2	6754	#endif
wolfSSL	0:1239e9b70ca2	6755
wolfSSL	0:1239e9b70ca2	6756	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6757	"ECDH-ECDSA-AES256-SHA",
wolfSSL	0:1239e9b70ca2	6758	#endif
wolfSSL	0:1239e9b70ca2	6759
wolfSSL	0:1239e9b70ca2	6760	#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	6761	"ECDH-RSA-RC4-SHA",
wolfSSL	0:1239e9b70ca2	6762	#endif
wolfSSL	0:1239e9b70ca2	6763
wolfSSL	0:1239e9b70ca2	6764	#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	6765	"ECDH-RSA-DES-CBC3-SHA",
wolfSSL	0:1239e9b70ca2	6766	#endif
wolfSSL	0:1239e9b70ca2	6767
wolfSSL	0:1239e9b70ca2	6768	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	6769	"ECDH-ECDSA-RC4-SHA",
wolfSSL	0:1239e9b70ca2	6770	#endif
wolfSSL	0:1239e9b70ca2	6771
wolfSSL	0:1239e9b70ca2	6772	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	6773	"ECDH-ECDSA-DES-CBC3-SHA",
wolfSSL	0:1239e9b70ca2	6774	#endif
wolfSSL	0:1239e9b70ca2	6775
wolfSSL	0:1239e9b70ca2	6776	#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	6777	"AES128-GCM-SHA256",
wolfSSL	0:1239e9b70ca2	6778	#endif
wolfSSL	0:1239e9b70ca2	6779
wolfSSL	0:1239e9b70ca2	6780	#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	6781	"AES256-GCM-SHA384",
wolfSSL	0:1239e9b70ca2	6782	#endif
wolfSSL	0:1239e9b70ca2	6783
wolfSSL	0:1239e9b70ca2	6784	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	6785	"DHE-RSA-AES128-GCM-SHA256",
wolfSSL	0:1239e9b70ca2	6786	#endif
wolfSSL	0:1239e9b70ca2	6787
wolfSSL	0:1239e9b70ca2	6788	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	6789	"DHE-RSA-AES256-GCM-SHA384",
wolfSSL	0:1239e9b70ca2	6790	#endif
wolfSSL	0:1239e9b70ca2	6791
wolfSSL	0:1239e9b70ca2	6792	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	6793	"ECDHE-RSA-AES128-GCM-SHA256",
wolfSSL	0:1239e9b70ca2	6794	#endif
wolfSSL	0:1239e9b70ca2	6795
wolfSSL	0:1239e9b70ca2	6796	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	6797	"ECDHE-RSA-AES256-GCM-SHA384",
wolfSSL	0:1239e9b70ca2	6798	#endif
wolfSSL	0:1239e9b70ca2	6799
wolfSSL	0:1239e9b70ca2	6800	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	6801	"ECDHE-ECDSA-AES128-GCM-SHA256",
wolfSSL	0:1239e9b70ca2	6802	#endif
wolfSSL	0:1239e9b70ca2	6803
wolfSSL	0:1239e9b70ca2	6804	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	6805	"ECDHE-ECDSA-AES256-GCM-SHA384",
wolfSSL	0:1239e9b70ca2	6806	#endif
wolfSSL	0:1239e9b70ca2	6807
wolfSSL	0:1239e9b70ca2	6808	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	6809	"ECDH-RSA-AES128-GCM-SHA256",
wolfSSL	0:1239e9b70ca2	6810	#endif
wolfSSL	0:1239e9b70ca2	6811
wolfSSL	0:1239e9b70ca2	6812	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	6813	"ECDH-RSA-AES256-GCM-SHA384",
wolfSSL	0:1239e9b70ca2	6814	#endif
wolfSSL	0:1239e9b70ca2	6815
wolfSSL	0:1239e9b70ca2	6816	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	6817	"ECDH-ECDSA-AES128-GCM-SHA256",
wolfSSL	0:1239e9b70ca2	6818	#endif
wolfSSL	0:1239e9b70ca2	6819
wolfSSL	0:1239e9b70ca2	6820	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	6821	"ECDH-ECDSA-AES256-GCM-SHA384",
wolfSSL	0:1239e9b70ca2	6822	#endif
wolfSSL	0:1239e9b70ca2	6823
wolfSSL	0:1239e9b70ca2	6824	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6825	"CAMELLIA128-SHA",
wolfSSL	0:1239e9b70ca2	6826	#endif
wolfSSL	0:1239e9b70ca2	6827
wolfSSL	0:1239e9b70ca2	6828	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6829	"DHE-RSA-CAMELLIA128-SHA",
wolfSSL	0:1239e9b70ca2	6830	#endif
wolfSSL	0:1239e9b70ca2	6831
wolfSSL	0:1239e9b70ca2	6832	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6833	"CAMELLIA256-SHA",
wolfSSL	0:1239e9b70ca2	6834	#endif
wolfSSL	0:1239e9b70ca2	6835
wolfSSL	0:1239e9b70ca2	6836	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6837	"DHE-RSA-CAMELLIA256-SHA",
wolfSSL	0:1239e9b70ca2	6838	#endif
wolfSSL	0:1239e9b70ca2	6839
wolfSSL	0:1239e9b70ca2	6840	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6841	"CAMELLIA128-SHA256",
wolfSSL	0:1239e9b70ca2	6842	#endif
wolfSSL	0:1239e9b70ca2	6843
wolfSSL	0:1239e9b70ca2	6844	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6845	"DHE-RSA-CAMELLIA128-SHA256",
wolfSSL	0:1239e9b70ca2	6846	#endif
wolfSSL	0:1239e9b70ca2	6847
wolfSSL	0:1239e9b70ca2	6848	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6849	"CAMELLIA256-SHA256",
wolfSSL	0:1239e9b70ca2	6850	#endif
wolfSSL	0:1239e9b70ca2	6851
wolfSSL	0:1239e9b70ca2	6852	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6853	"DHE-RSA-CAMELLIA256-SHA256",
wolfSSL	0:1239e9b70ca2	6854	#endif
wolfSSL	0:1239e9b70ca2	6855
wolfSSL	0:1239e9b70ca2	6856	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6857	"ECDHE-RSA-AES128-SHA256",
wolfSSL	0:1239e9b70ca2	6858	#endif
wolfSSL	0:1239e9b70ca2	6859
wolfSSL	0:1239e9b70ca2	6860	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6861	"ECDHE-ECDSA-AES128-SHA256",
wolfSSL	0:1239e9b70ca2	6862	#endif
wolfSSL	0:1239e9b70ca2	6863
wolfSSL	0:1239e9b70ca2	6864	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6865	"ECDH-RSA-AES128-SHA256",
wolfSSL	0:1239e9b70ca2	6866	#endif
wolfSSL	0:1239e9b70ca2	6867
wolfSSL	0:1239e9b70ca2	6868	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6869	"ECDH-ECDSA-AES128-SHA256",
wolfSSL	0:1239e9b70ca2	6870	#endif
wolfSSL	0:1239e9b70ca2	6871
wolfSSL	0:1239e9b70ca2	6872	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	6873	"ECDHE-RSA-AES256-SHA384",
wolfSSL	0:1239e9b70ca2	6874	#endif
wolfSSL	0:1239e9b70ca2	6875
wolfSSL	0:1239e9b70ca2	6876	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	6877	"ECDHE-ECDSA-AES256-SHA384",
wolfSSL	0:1239e9b70ca2	6878	#endif
wolfSSL	0:1239e9b70ca2	6879
wolfSSL	0:1239e9b70ca2	6880	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	6881	"ECDH-RSA-AES256-SHA384",
wolfSSL	0:1239e9b70ca2	6882	#endif
wolfSSL	0:1239e9b70ca2	6883
wolfSSL	0:1239e9b70ca2	6884	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	6885	"ECDH-ECDSA-AES256-SHA384",
wolfSSL	0:1239e9b70ca2	6886	#endif
wolfSSL	0:1239e9b70ca2	6887
wolfSSL	0:1239e9b70ca2	6888	};
wolfSSL	0:1239e9b70ca2	6889
wolfSSL	0:1239e9b70ca2	6890
wolfSSL	0:1239e9b70ca2	6891
wolfSSL	0:1239e9b70ca2	6892	/* cipher suite number that matches above name table */
wolfSSL	0:1239e9b70ca2	6893	static int cipher_name_idx[] =
wolfSSL	0:1239e9b70ca2	6894	{
wolfSSL	0:1239e9b70ca2	6895
wolfSSL	0:1239e9b70ca2	6896	#ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	6897	SSL_RSA_WITH_RC4_128_SHA,
wolfSSL	0:1239e9b70ca2	6898	#endif
wolfSSL	0:1239e9b70ca2	6899
wolfSSL	0:1239e9b70ca2	6900	#ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL	0:1239e9b70ca2	6901	SSL_RSA_WITH_RC4_128_MD5,
wolfSSL	0:1239e9b70ca2	6902	#endif
wolfSSL	0:1239e9b70ca2	6903
wolfSSL	0:1239e9b70ca2	6904	#ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	6905	SSL_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6906	#endif
wolfSSL	0:1239e9b70ca2	6907
wolfSSL	0:1239e9b70ca2	6908	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6909	TLS_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6910	#endif
wolfSSL	0:1239e9b70ca2	6911
wolfSSL	0:1239e9b70ca2	6912	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6913	TLS_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6914	#endif
wolfSSL	0:1239e9b70ca2	6915
wolfSSL	0:1239e9b70ca2	6916	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL	0:1239e9b70ca2	6917	TLS_RSA_WITH_NULL_SHA,
wolfSSL	0:1239e9b70ca2	6918	#endif
wolfSSL	0:1239e9b70ca2	6919
wolfSSL	0:1239e9b70ca2	6920	#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL	0:1239e9b70ca2	6921	TLS_RSA_WITH_NULL_SHA256,
wolfSSL	0:1239e9b70ca2	6922	#endif
wolfSSL	0:1239e9b70ca2	6923
wolfSSL	0:1239e9b70ca2	6924	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6925	TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6926	#endif
wolfSSL	0:1239e9b70ca2	6927
wolfSSL	0:1239e9b70ca2	6928	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6929	TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6930	#endif
wolfSSL	0:1239e9b70ca2	6931
wolfSSL	0:1239e9b70ca2	6932	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	6933	TLS_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	6934	#endif
wolfSSL	0:1239e9b70ca2	6935
wolfSSL	0:1239e9b70ca2	6936	#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6937	TLS_PSK_WITH_AES_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6938	#endif
wolfSSL	0:1239e9b70ca2	6939
wolfSSL	0:1239e9b70ca2	6940	#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6941	TLS_PSK_WITH_AES_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6942	#endif
wolfSSL	0:1239e9b70ca2	6943
wolfSSL	0:1239e9b70ca2	6944	#ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	6945	TLS_PSK_WITH_AES_128_CCM_8,
wolfSSL	0:1239e9b70ca2	6946	#endif
wolfSSL	0:1239e9b70ca2	6947
wolfSSL	0:1239e9b70ca2	6948	#ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	6949	TLS_PSK_WITH_AES_256_CCM_8,
wolfSSL	0:1239e9b70ca2	6950	#endif
wolfSSL	0:1239e9b70ca2	6951
wolfSSL	0:1239e9b70ca2	6952	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL	0:1239e9b70ca2	6953	TLS_PSK_WITH_NULL_SHA256,
wolfSSL	0:1239e9b70ca2	6954	#endif
wolfSSL	0:1239e9b70ca2	6955
wolfSSL	0:1239e9b70ca2	6956	#ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL	0:1239e9b70ca2	6957	TLS_PSK_WITH_NULL_SHA,
wolfSSL	0:1239e9b70ca2	6958	#endif
wolfSSL	0:1239e9b70ca2	6959
wolfSSL	0:1239e9b70ca2	6960	#ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL	0:1239e9b70ca2	6961	TLS_RSA_WITH_HC_128_MD5,
wolfSSL	0:1239e9b70ca2	6962	#endif
wolfSSL	0:1239e9b70ca2	6963
wolfSSL	0:1239e9b70ca2	6964	#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL	0:1239e9b70ca2	6965	TLS_RSA_WITH_HC_128_SHA,
wolfSSL	0:1239e9b70ca2	6966	#endif
wolfSSL	0:1239e9b70ca2	6967
wolfSSL	0:1239e9b70ca2	6968	#ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL	0:1239e9b70ca2	6969	TLS_RSA_WITH_HC_128_B2B256,
wolfSSL	0:1239e9b70ca2	6970	#endif
wolfSSL	0:1239e9b70ca2	6971
wolfSSL	0:1239e9b70ca2	6972	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL	0:1239e9b70ca2	6973	TLS_RSA_WITH_AES_128_CBC_B2B256,
wolfSSL	0:1239e9b70ca2	6974	#endif
wolfSSL	0:1239e9b70ca2	6975
wolfSSL	0:1239e9b70ca2	6976	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL	0:1239e9b70ca2	6977	TLS_RSA_WITH_AES_256_CBC_B2B256,
wolfSSL	0:1239e9b70ca2	6978	#endif
wolfSSL	0:1239e9b70ca2	6979
wolfSSL	0:1239e9b70ca2	6980	#ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL	0:1239e9b70ca2	6981	TLS_RSA_WITH_RABBIT_SHA,
wolfSSL	0:1239e9b70ca2	6982	#endif
wolfSSL	0:1239e9b70ca2	6983
wolfSSL	0:1239e9b70ca2	6984	#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	6985	TLS_NTRU_RSA_WITH_RC4_128_SHA,
wolfSSL	0:1239e9b70ca2	6986	#endif
wolfSSL	0:1239e9b70ca2	6987
wolfSSL	0:1239e9b70ca2	6988	#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	6989	TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6990	#endif
wolfSSL	0:1239e9b70ca2	6991
wolfSSL	0:1239e9b70ca2	6992	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	6993	TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6994	#endif
wolfSSL	0:1239e9b70ca2	6995
wolfSSL	0:1239e9b70ca2	6996	#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	6997	TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	6998	#endif
wolfSSL	0:1239e9b70ca2	6999
wolfSSL	0:1239e9b70ca2	7000	#ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	7001	TLS_RSA_WITH_AES_128_CCM_8,
wolfSSL	0:1239e9b70ca2	7002	#endif
wolfSSL	0:1239e9b70ca2	7003
wolfSSL	0:1239e9b70ca2	7004	#ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	7005	TLS_RSA_WITH_AES_256_CCM_8,
wolfSSL	0:1239e9b70ca2	7006	#endif
wolfSSL	0:1239e9b70ca2	7007
wolfSSL	0:1239e9b70ca2	7008	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL	0:1239e9b70ca2	7009	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
wolfSSL	0:1239e9b70ca2	7010	#endif
wolfSSL	0:1239e9b70ca2	7011
wolfSSL	0:1239e9b70ca2	7012	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL	0:1239e9b70ca2	7013	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
wolfSSL	0:1239e9b70ca2	7014	#endif
wolfSSL	0:1239e9b70ca2	7015
wolfSSL	0:1239e9b70ca2	7016	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	7017	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7018	#endif
wolfSSL	0:1239e9b70ca2	7019
wolfSSL	0:1239e9b70ca2	7020	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	7021	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7022	#endif
wolfSSL	0:1239e9b70ca2	7023
wolfSSL	0:1239e9b70ca2	7024	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	7025	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7026	#endif
wolfSSL	0:1239e9b70ca2	7027
wolfSSL	0:1239e9b70ca2	7028	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	7029	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7030	#endif
wolfSSL	0:1239e9b70ca2	7031
wolfSSL	0:1239e9b70ca2	7032	#ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	7033	TLS_ECDHE_RSA_WITH_RC4_128_SHA,
wolfSSL	0:1239e9b70ca2	7034	#endif
wolfSSL	0:1239e9b70ca2	7035
wolfSSL	0:1239e9b70ca2	7036	#ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	7037	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7038	#endif
wolfSSL	0:1239e9b70ca2	7039
wolfSSL	0:1239e9b70ca2	7040	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	7041	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
wolfSSL	0:1239e9b70ca2	7042	#endif
wolfSSL	0:1239e9b70ca2	7043
wolfSSL	0:1239e9b70ca2	7044	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	7045	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7046	#endif
wolfSSL	0:1239e9b70ca2	7047
wolfSSL	0:1239e9b70ca2	7048	#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7049	TLS_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7050	#endif
wolfSSL	0:1239e9b70ca2	7051
wolfSSL	0:1239e9b70ca2	7052	#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7053	TLS_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7054	#endif
wolfSSL	0:1239e9b70ca2	7055
wolfSSL	0:1239e9b70ca2	7056	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7057	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7058	#endif
wolfSSL	0:1239e9b70ca2	7059
wolfSSL	0:1239e9b70ca2	7060	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7061	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7062	#endif
wolfSSL	0:1239e9b70ca2	7063
wolfSSL	0:1239e9b70ca2	7064	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	7065	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7066	#endif
wolfSSL	0:1239e9b70ca2	7067
wolfSSL	0:1239e9b70ca2	7068	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	7069	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7070	#endif
wolfSSL	0:1239e9b70ca2	7071
wolfSSL	0:1239e9b70ca2	7072	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	7073	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7074	#endif
wolfSSL	0:1239e9b70ca2	7075
wolfSSL	0:1239e9b70ca2	7076	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	7077	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7078	#endif
wolfSSL	0:1239e9b70ca2	7079
wolfSSL	0:1239e9b70ca2	7080	#ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	7081	TLS_ECDH_RSA_WITH_RC4_128_SHA,
wolfSSL	0:1239e9b70ca2	7082	#endif
wolfSSL	0:1239e9b70ca2	7083
wolfSSL	0:1239e9b70ca2	7084	#ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	7085	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7086	#endif
wolfSSL	0:1239e9b70ca2	7087
wolfSSL	0:1239e9b70ca2	7088	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL	0:1239e9b70ca2	7089	TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
wolfSSL	0:1239e9b70ca2	7090	#endif
wolfSSL	0:1239e9b70ca2	7091
wolfSSL	0:1239e9b70ca2	7092	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL	0:1239e9b70ca2	7093	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7094	#endif
wolfSSL	0:1239e9b70ca2	7095
wolfSSL	0:1239e9b70ca2	7096	#ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	7097	TLS_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL	0:1239e9b70ca2	7098	#endif
wolfSSL	0:1239e9b70ca2	7099
wolfSSL	0:1239e9b70ca2	7100	#ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	7101	TLS_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL	0:1239e9b70ca2	7102	#endif
wolfSSL	0:1239e9b70ca2	7103
wolfSSL	0:1239e9b70ca2	7104	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	7105	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL	0:1239e9b70ca2	7106	#endif
wolfSSL	0:1239e9b70ca2	7107
wolfSSL	0:1239e9b70ca2	7108	#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	7109	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL	0:1239e9b70ca2	7110	#endif
wolfSSL	0:1239e9b70ca2	7111
wolfSSL	0:1239e9b70ca2	7112	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	7113	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL	0:1239e9b70ca2	7114	#endif
wolfSSL	0:1239e9b70ca2	7115
wolfSSL	0:1239e9b70ca2	7116	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	7117	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL	0:1239e9b70ca2	7118	#endif
wolfSSL	0:1239e9b70ca2	7119
wolfSSL	0:1239e9b70ca2	7120	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	7121	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL	0:1239e9b70ca2	7122	#endif
wolfSSL	0:1239e9b70ca2	7123
wolfSSL	0:1239e9b70ca2	7124	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	7125	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL	0:1239e9b70ca2	7126	#endif
wolfSSL	0:1239e9b70ca2	7127
wolfSSL	0:1239e9b70ca2	7128	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	7129	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL	0:1239e9b70ca2	7130	#endif
wolfSSL	0:1239e9b70ca2	7131
wolfSSL	0:1239e9b70ca2	7132	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	7133	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL	0:1239e9b70ca2	7134	#endif
wolfSSL	0:1239e9b70ca2	7135
wolfSSL	0:1239e9b70ca2	7136	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL	0:1239e9b70ca2	7137	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL	0:1239e9b70ca2	7138	#endif
wolfSSL	0:1239e9b70ca2	7139
wolfSSL	0:1239e9b70ca2	7140	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL	0:1239e9b70ca2	7141	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL	0:1239e9b70ca2	7142	#endif
wolfSSL	0:1239e9b70ca2	7143
wolfSSL	0:1239e9b70ca2	7144	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	7145	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7146	#endif
wolfSSL	0:1239e9b70ca2	7147
wolfSSL	0:1239e9b70ca2	7148	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL	0:1239e9b70ca2	7149	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7150	#endif
wolfSSL	0:1239e9b70ca2	7151
wolfSSL	0:1239e9b70ca2	7152	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	7153	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7154	#endif
wolfSSL	0:1239e9b70ca2	7155
wolfSSL	0:1239e9b70ca2	7156	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL	0:1239e9b70ca2	7157	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL	0:1239e9b70ca2	7158	#endif
wolfSSL	0:1239e9b70ca2	7159
wolfSSL	0:1239e9b70ca2	7160	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7161	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7162	#endif
wolfSSL	0:1239e9b70ca2	7163
wolfSSL	0:1239e9b70ca2	7164	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7165	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7166	#endif
wolfSSL	0:1239e9b70ca2	7167
wolfSSL	0:1239e9b70ca2	7168	#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7169	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7170	#endif
wolfSSL	0:1239e9b70ca2	7171
wolfSSL	0:1239e9b70ca2	7172	#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7173	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7174	#endif
wolfSSL	0:1239e9b70ca2	7175
wolfSSL	0:1239e9b70ca2	7176	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7177	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7178	#endif
wolfSSL	0:1239e9b70ca2	7179
wolfSSL	0:1239e9b70ca2	7180	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7181	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7182	#endif
wolfSSL	0:1239e9b70ca2	7183
wolfSSL	0:1239e9b70ca2	7184	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7185	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7186	#endif
wolfSSL	0:1239e9b70ca2	7187
wolfSSL	0:1239e9b70ca2	7188	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL	0:1239e9b70ca2	7189	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL	0:1239e9b70ca2	7190	#endif
wolfSSL	0:1239e9b70ca2	7191
wolfSSL	0:1239e9b70ca2	7192	#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	7193	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL	0:1239e9b70ca2	7194	#endif
wolfSSL	0:1239e9b70ca2	7195
wolfSSL	0:1239e9b70ca2	7196	#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	7197	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
wolfSSL	0:1239e9b70ca2	7198	#endif
wolfSSL	0:1239e9b70ca2	7199
wolfSSL	0:1239e9b70ca2	7200	#ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	7201	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL	0:1239e9b70ca2	7202	#endif
wolfSSL	0:1239e9b70ca2	7203
wolfSSL	0:1239e9b70ca2	7204	#ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	7205	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL	0:1239e9b70ca2	7206	#endif
wolfSSL	0:1239e9b70ca2	7207	};
wolfSSL	0:1239e9b70ca2	7208
wolfSSL	0:1239e9b70ca2	7209
wolfSSL	0:1239e9b70ca2	7210	/* return true if set, else false */
wolfSSL	0:1239e9b70ca2	7211	/* only supports full name from cipher_name[] delimited by : */
wolfSSL	0:1239e9b70ca2	7212	int SetCipherList(Suites* s, const char* list)
wolfSSL	0:1239e9b70ca2	7213	{
wolfSSL	0:1239e9b70ca2	7214	int ret = 0, i;
wolfSSL	0:1239e9b70ca2	7215	char name[MAX_SUITE_NAME];
wolfSSL	0:1239e9b70ca2	7216
wolfSSL	0:1239e9b70ca2	7217	char needle[] = ":";
wolfSSL	0:1239e9b70ca2	7218	char* haystack = (char*)list;
wolfSSL	0:1239e9b70ca2	7219	char* prev;
wolfSSL	0:1239e9b70ca2	7220
wolfSSL	0:1239e9b70ca2	7221	const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]);
wolfSSL	0:1239e9b70ca2	7222	int idx = 0;
wolfSSL	0:1239e9b70ca2	7223	int haveRSA = 0, haveECDSA = 0;
wolfSSL	0:1239e9b70ca2	7224
wolfSSL	0:1239e9b70ca2	7225	if (s == NULL) {
wolfSSL	0:1239e9b70ca2	7226	CYASSL_MSG("SetCipherList suite pointer error");
wolfSSL	0:1239e9b70ca2	7227	return 0;
wolfSSL	0:1239e9b70ca2	7228	}
wolfSSL	0:1239e9b70ca2	7229
wolfSSL	0:1239e9b70ca2	7230	if (!list)
wolfSSL	0:1239e9b70ca2	7231	return 0;
wolfSSL	0:1239e9b70ca2	7232
wolfSSL	0:1239e9b70ca2	7233	if (list == 0) return 1; / CyaSSL default */
wolfSSL	0:1239e9b70ca2	7234
wolfSSL	0:1239e9b70ca2	7235	if (XSTRNCMP(haystack, "ALL", 3) == 0) return 1; /* CyaSSL defualt */
wolfSSL	0:1239e9b70ca2	7236
wolfSSL	0:1239e9b70ca2	7237	for(;;) {
wolfSSL	0:1239e9b70ca2	7238	word32 len;
wolfSSL	0:1239e9b70ca2	7239	prev = haystack;
wolfSSL	0:1239e9b70ca2	7240	haystack = XSTRSTR(haystack, needle);
wolfSSL	0:1239e9b70ca2	7241
wolfSSL	0:1239e9b70ca2	7242	if (!haystack) /* last cipher */
wolfSSL	0:1239e9b70ca2	7243	len = min(sizeof(name), (word32)XSTRLEN(prev));
wolfSSL	0:1239e9b70ca2	7244	else
wolfSSL	0:1239e9b70ca2	7245	len = min(sizeof(name), (word32)(haystack - prev));
wolfSSL	0:1239e9b70ca2	7246
wolfSSL	0:1239e9b70ca2	7247	XSTRNCPY(name, prev, len);
wolfSSL	0:1239e9b70ca2	7248	name[(len == sizeof(name)) ? len - 1 : len] = 0;
wolfSSL	0:1239e9b70ca2	7249
wolfSSL	0:1239e9b70ca2	7250	for (i = 0; i < suiteSz; i++)
wolfSSL	0:1239e9b70ca2	7251	if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
wolfSSL	0:1239e9b70ca2	7252	if (XSTRSTR(name, "EC") \|\| XSTRSTR(name, "CCM"))
wolfSSL	0:1239e9b70ca2	7253	s->suites[idx++] = ECC_BYTE; /* ECC suite */
wolfSSL	0:1239e9b70ca2	7254	else
wolfSSL	0:1239e9b70ca2	7255	s->suites[idx++] = 0x00; /* normal */
wolfSSL	0:1239e9b70ca2	7256	s->suites[idx++] = (byte)cipher_name_idx[i];
wolfSSL	0:1239e9b70ca2	7257
wolfSSL	0:1239e9b70ca2	7258	/* The suites are either ECDSA, RSA, or PSK. The RSA suites
wolfSSL	0:1239e9b70ca2	7259	* don't necessarily have RSA in the name. */
wolfSSL	0:1239e9b70ca2	7260	if ((haveECDSA == 0) && XSTRSTR(name, "ECDSA")) {
wolfSSL	0:1239e9b70ca2	7261	haveECDSA = 1;
wolfSSL	0:1239e9b70ca2	7262	}
wolfSSL	0:1239e9b70ca2	7263	else if ((haveRSA == 0) && (XSTRSTR(name, "PSK") == NULL)) {
wolfSSL	0:1239e9b70ca2	7264	haveRSA = 1;
wolfSSL	0:1239e9b70ca2	7265	}
wolfSSL	0:1239e9b70ca2	7266
wolfSSL	0:1239e9b70ca2	7267	if (!ret) ret = 1; /* found at least one */
wolfSSL	0:1239e9b70ca2	7268	break;
wolfSSL	0:1239e9b70ca2	7269	}
wolfSSL	0:1239e9b70ca2	7270	if (!haystack) break;
wolfSSL	0:1239e9b70ca2	7271	haystack++;
wolfSSL	0:1239e9b70ca2	7272	}
wolfSSL	0:1239e9b70ca2	7273
wolfSSL	0:1239e9b70ca2	7274	if (ret) {
wolfSSL	0:1239e9b70ca2	7275	s->setSuites = 1;
wolfSSL	0:1239e9b70ca2	7276	s->suiteSz = (word16)idx;
wolfSSL	0:1239e9b70ca2	7277
wolfSSL	0:1239e9b70ca2	7278	idx = 0;
wolfSSL	0:1239e9b70ca2	7279
wolfSSL	0:1239e9b70ca2	7280	if (haveECDSA) {
wolfSSL	0:1239e9b70ca2	7281	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	7282	s->hashSigAlgo[idx++] = sha384_mac;
wolfSSL	0:1239e9b70ca2	7283	s->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	0:1239e9b70ca2	7284	#endif
wolfSSL	0:1239e9b70ca2	7285	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	7286	s->hashSigAlgo[idx++] = sha256_mac;
wolfSSL	0:1239e9b70ca2	7287	s->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	0:1239e9b70ca2	7288	#endif
wolfSSL	0:1239e9b70ca2	7289	s->hashSigAlgo[idx++] = sha_mac;
wolfSSL	0:1239e9b70ca2	7290	s->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL	0:1239e9b70ca2	7291	}
wolfSSL	0:1239e9b70ca2	7292
wolfSSL	0:1239e9b70ca2	7293	if (haveRSA) {
wolfSSL	0:1239e9b70ca2	7294	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	7295	s->hashSigAlgo[idx++] = sha384_mac;
wolfSSL	0:1239e9b70ca2	7296	s->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	0:1239e9b70ca2	7297	#endif
wolfSSL	0:1239e9b70ca2	7298	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	7299	s->hashSigAlgo[idx++] = sha256_mac;
wolfSSL	0:1239e9b70ca2	7300	s->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	0:1239e9b70ca2	7301	#endif
wolfSSL	0:1239e9b70ca2	7302	s->hashSigAlgo[idx++] = sha_mac;
wolfSSL	0:1239e9b70ca2	7303	s->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL	0:1239e9b70ca2	7304	}
wolfSSL	0:1239e9b70ca2	7305
wolfSSL	0:1239e9b70ca2	7306	s->hashSigAlgoSz = (word16)idx;
wolfSSL	0:1239e9b70ca2	7307	}
wolfSSL	0:1239e9b70ca2	7308
wolfSSL	0:1239e9b70ca2	7309	return ret;
wolfSSL	0:1239e9b70ca2	7310	}
wolfSSL	0:1239e9b70ca2	7311
wolfSSL	0:1239e9b70ca2	7312
wolfSSL	0:1239e9b70ca2	7313	static void PickHashSigAlgo(CYASSL* ssl,
wolfSSL	0:1239e9b70ca2	7314	const byte* hashSigAlgo, word32 hashSigAlgoSz)
wolfSSL	0:1239e9b70ca2	7315	{
wolfSSL	0:1239e9b70ca2	7316	word32 i;
wolfSSL	0:1239e9b70ca2	7317
wolfSSL	0:1239e9b70ca2	7318	ssl->suites->sigAlgo = ssl->specs.sig_algo;
wolfSSL	0:1239e9b70ca2	7319	ssl->suites->hashAlgo = sha_mac;
wolfSSL	0:1239e9b70ca2	7320
wolfSSL	0:1239e9b70ca2	7321	for (i = 0; i < hashSigAlgoSz; i += 2) {
wolfSSL	0:1239e9b70ca2	7322	if (hashSigAlgo[i+1] == ssl->specs.sig_algo) {
wolfSSL	0:1239e9b70ca2	7323	if (hashSigAlgo[i] == sha_mac) {
wolfSSL	0:1239e9b70ca2	7324	break;
wolfSSL	0:1239e9b70ca2	7325	}
wolfSSL	0:1239e9b70ca2	7326	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	7327	else if (hashSigAlgo[i] == sha256_mac) {
wolfSSL	0:1239e9b70ca2	7328	ssl->suites->hashAlgo = sha256_mac;
wolfSSL	0:1239e9b70ca2	7329	break;
wolfSSL	0:1239e9b70ca2	7330	}
wolfSSL	0:1239e9b70ca2	7331	#endif
wolfSSL	0:1239e9b70ca2	7332	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	7333	else if (hashSigAlgo[i] == sha384_mac) {
wolfSSL	0:1239e9b70ca2	7334	ssl->suites->hashAlgo = sha384_mac;
wolfSSL	0:1239e9b70ca2	7335	break;
wolfSSL	0:1239e9b70ca2	7336	}
wolfSSL	0:1239e9b70ca2	7337	#endif
wolfSSL	0:1239e9b70ca2	7338	}
wolfSSL	0:1239e9b70ca2	7339	}
wolfSSL	0:1239e9b70ca2	7340	}
wolfSSL	0:1239e9b70ca2	7341
wolfSSL	0:1239e9b70ca2	7342
wolfSSL	0:1239e9b70ca2	7343	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	7344
wolfSSL	0:1239e9b70ca2	7345	/* Initialisze HandShakeInfo */
wolfSSL	0:1239e9b70ca2	7346	void InitHandShakeInfo(HandShakeInfo* info)
wolfSSL	0:1239e9b70ca2	7347	{
wolfSSL	0:1239e9b70ca2	7348	int i;
wolfSSL	0:1239e9b70ca2	7349
wolfSSL	0:1239e9b70ca2	7350	info->cipherName[0] = 0;
wolfSSL	0:1239e9b70ca2	7351	for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL	0:1239e9b70ca2	7352	info->packetNames[i][0] = 0;
wolfSSL	0:1239e9b70ca2	7353	info->numberPackets = 0;
wolfSSL	0:1239e9b70ca2	7354	info->negotiationError = 0;
wolfSSL	0:1239e9b70ca2	7355	}
wolfSSL	0:1239e9b70ca2	7356
wolfSSL	0:1239e9b70ca2	7357	/* Set Final HandShakeInfo parameters */
wolfSSL	0:1239e9b70ca2	7358	void FinishHandShakeInfo(HandShakeInfo* info, const CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	7359	{
wolfSSL	0:1239e9b70ca2	7360	int i;
wolfSSL	0:1239e9b70ca2	7361	int sz = sizeof(cipher_name_idx)/sizeof(int);
wolfSSL	0:1239e9b70ca2	7362
wolfSSL	0:1239e9b70ca2	7363	for (i = 0; i < sz; i++)
wolfSSL	0:1239e9b70ca2	7364	if (ssl->options.cipherSuite == (byte)cipher_name_idx[i]) {
wolfSSL	0:1239e9b70ca2	7365	if (ssl->options.cipherSuite0 == ECC_BYTE)
wolfSSL	0:1239e9b70ca2	7366	continue; /* ECC suites at end */
wolfSSL	0:1239e9b70ca2	7367	XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ);
wolfSSL	0:1239e9b70ca2	7368	break;
wolfSSL	0:1239e9b70ca2	7369	}
wolfSSL	0:1239e9b70ca2	7370
wolfSSL	0:1239e9b70ca2	7371	/* error max and min are negative numbers */
wolfSSL	0:1239e9b70ca2	7372	if (ssl->error <= MIN_PARAM_ERR && ssl->error >= MAX_PARAM_ERR)
wolfSSL	0:1239e9b70ca2	7373	info->negotiationError = ssl->error;
wolfSSL	0:1239e9b70ca2	7374	}
wolfSSL	0:1239e9b70ca2	7375
wolfSSL	0:1239e9b70ca2	7376
wolfSSL	0:1239e9b70ca2	7377	/* Add name to info packet names, increase packet name count */
wolfSSL	0:1239e9b70ca2	7378	void AddPacketName(const char* name, HandShakeInfo* info)
wolfSSL	0:1239e9b70ca2	7379	{
wolfSSL	0:1239e9b70ca2	7380	if (info->numberPackets < MAX_PACKETS_HANDSHAKE) {
wolfSSL	0:1239e9b70ca2	7381	XSTRNCPY(info->packetNames[info->numberPackets++], name,
wolfSSL	0:1239e9b70ca2	7382	MAX_PACKETNAME_SZ);
wolfSSL	0:1239e9b70ca2	7383	}
wolfSSL	0:1239e9b70ca2	7384	}
wolfSSL	0:1239e9b70ca2	7385
wolfSSL	0:1239e9b70ca2	7386
wolfSSL	0:1239e9b70ca2	7387	/* Initialisze TimeoutInfo */
wolfSSL	0:1239e9b70ca2	7388	void InitTimeoutInfo(TimeoutInfo* info)
wolfSSL	0:1239e9b70ca2	7389	{
wolfSSL	0:1239e9b70ca2	7390	int i;
wolfSSL	0:1239e9b70ca2	7391
wolfSSL	0:1239e9b70ca2	7392	info->timeoutName[0] = 0;
wolfSSL	0:1239e9b70ca2	7393	info->flags = 0;
wolfSSL	0:1239e9b70ca2	7394
wolfSSL	0:1239e9b70ca2	7395	for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) {
wolfSSL	0:1239e9b70ca2	7396	info->packets[i].packetName[0] = 0;
wolfSSL	0:1239e9b70ca2	7397	info->packets[i].timestamp.tv_sec = 0;
wolfSSL	0:1239e9b70ca2	7398	info->packets[i].timestamp.tv_usec = 0;
wolfSSL	0:1239e9b70ca2	7399	info->packets[i].bufferValue = 0;
wolfSSL	0:1239e9b70ca2	7400	info->packets[i].valueSz = 0;
wolfSSL	0:1239e9b70ca2	7401	}
wolfSSL	0:1239e9b70ca2	7402	info->numberPackets = 0;
wolfSSL	0:1239e9b70ca2	7403	info->timeoutValue.tv_sec = 0;
wolfSSL	0:1239e9b70ca2	7404	info->timeoutValue.tv_usec = 0;
wolfSSL	0:1239e9b70ca2	7405	}
wolfSSL	0:1239e9b70ca2	7406
wolfSSL	0:1239e9b70ca2	7407
wolfSSL	0:1239e9b70ca2	7408	/* Free TimeoutInfo */
wolfSSL	0:1239e9b70ca2	7409	void FreeTimeoutInfo(TimeoutInfo* info, void* heap)
wolfSSL	0:1239e9b70ca2	7410	{
wolfSSL	0:1239e9b70ca2	7411	int i;
wolfSSL	0:1239e9b70ca2	7412	(void)heap;
wolfSSL	0:1239e9b70ca2	7413	for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL	0:1239e9b70ca2	7414	if (info->packets[i].bufferValue) {
wolfSSL	0:1239e9b70ca2	7415	XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO);
wolfSSL	0:1239e9b70ca2	7416	info->packets[i].bufferValue = 0;
wolfSSL	0:1239e9b70ca2	7417	}
wolfSSL	0:1239e9b70ca2	7418
wolfSSL	0:1239e9b70ca2	7419	}
wolfSSL	0:1239e9b70ca2	7420
wolfSSL	0:1239e9b70ca2	7421
wolfSSL	0:1239e9b70ca2	7422	/* Add PacketInfo to TimeoutInfo */
wolfSSL	0:1239e9b70ca2	7423	void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data,
wolfSSL	0:1239e9b70ca2	7424	int sz, void* heap)
wolfSSL	0:1239e9b70ca2	7425	{
wolfSSL	0:1239e9b70ca2	7426	if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) {
wolfSSL	0:1239e9b70ca2	7427	Timeval currTime;
wolfSSL	0:1239e9b70ca2	7428
wolfSSL	0:1239e9b70ca2	7429	/* may add name after */
wolfSSL	0:1239e9b70ca2	7430	if (name)
wolfSSL	0:1239e9b70ca2	7431	XSTRNCPY(info->packets[info->numberPackets].packetName, name,
wolfSSL	0:1239e9b70ca2	7432	MAX_PACKETNAME_SZ);
wolfSSL	0:1239e9b70ca2	7433
wolfSSL	0:1239e9b70ca2	7434	/* add data, put in buffer if bigger than static buffer */
wolfSSL	0:1239e9b70ca2	7435	info->packets[info->numberPackets].valueSz = sz;
wolfSSL	0:1239e9b70ca2	7436	if (sz < MAX_VALUE_SZ)
wolfSSL	0:1239e9b70ca2	7437	XMEMCPY(info->packets[info->numberPackets].value, data, sz);
wolfSSL	0:1239e9b70ca2	7438	else {
wolfSSL	0:1239e9b70ca2	7439	info->packets[info->numberPackets].bufferValue =
wolfSSL	0:1239e9b70ca2	7440	XMALLOC(sz, heap, DYNAMIC_TYPE_INFO);
wolfSSL	0:1239e9b70ca2	7441	if (!info->packets[info->numberPackets].bufferValue)
wolfSSL	0:1239e9b70ca2	7442	/* let next alloc catch, just don't fill, not fatal here */
wolfSSL	0:1239e9b70ca2	7443	info->packets[info->numberPackets].valueSz = 0;
wolfSSL	0:1239e9b70ca2	7444	else
wolfSSL	0:1239e9b70ca2	7445	XMEMCPY(info->packets[info->numberPackets].bufferValue,
wolfSSL	0:1239e9b70ca2	7446	data, sz);
wolfSSL	0:1239e9b70ca2	7447	}
wolfSSL	0:1239e9b70ca2	7448	gettimeofday(&currTime, 0);
wolfSSL	0:1239e9b70ca2	7449	info->packets[info->numberPackets].timestamp.tv_sec =
wolfSSL	0:1239e9b70ca2	7450	currTime.tv_sec;
wolfSSL	0:1239e9b70ca2	7451	info->packets[info->numberPackets].timestamp.tv_usec =
wolfSSL	0:1239e9b70ca2	7452	currTime.tv_usec;
wolfSSL	0:1239e9b70ca2	7453	info->numberPackets++;
wolfSSL	0:1239e9b70ca2	7454	}
wolfSSL	0:1239e9b70ca2	7455	}
wolfSSL	0:1239e9b70ca2	7456
wolfSSL	0:1239e9b70ca2	7457
wolfSSL	0:1239e9b70ca2	7458	/* Add packet name to previsouly added packet info */
wolfSSL	0:1239e9b70ca2	7459	void AddLateName(const char* name, TimeoutInfo* info)
wolfSSL	0:1239e9b70ca2	7460	{
wolfSSL	0:1239e9b70ca2	7461	/* make sure we have a valid previous one */
wolfSSL	0:1239e9b70ca2	7462	if (info->numberPackets > 0 && info->numberPackets <
wolfSSL	0:1239e9b70ca2	7463	MAX_PACKETS_HANDSHAKE) {
wolfSSL	0:1239e9b70ca2	7464	XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name,
wolfSSL	0:1239e9b70ca2	7465	MAX_PACKETNAME_SZ);
wolfSSL	0:1239e9b70ca2	7466	}
wolfSSL	0:1239e9b70ca2	7467	}
wolfSSL	0:1239e9b70ca2	7468
wolfSSL	0:1239e9b70ca2	7469	/* Add record header to previsouly added packet info */
wolfSSL	0:1239e9b70ca2	7470	void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info)
wolfSSL	0:1239e9b70ca2	7471	{
wolfSSL	0:1239e9b70ca2	7472	/* make sure we have a valid previous one */
wolfSSL	0:1239e9b70ca2	7473	if (info->numberPackets > 0 && info->numberPackets <
wolfSSL	0:1239e9b70ca2	7474	MAX_PACKETS_HANDSHAKE) {
wolfSSL	0:1239e9b70ca2	7475	if (info->packets[info->numberPackets - 1].bufferValue)
wolfSSL	0:1239e9b70ca2	7476	XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl,
wolfSSL	0:1239e9b70ca2	7477	RECORD_HEADER_SZ);
wolfSSL	0:1239e9b70ca2	7478	else
wolfSSL	0:1239e9b70ca2	7479	XMEMCPY(info->packets[info->numberPackets - 1].value, rl,
wolfSSL	0:1239e9b70ca2	7480	RECORD_HEADER_SZ);
wolfSSL	0:1239e9b70ca2	7481	}
wolfSSL	0:1239e9b70ca2	7482	}
wolfSSL	0:1239e9b70ca2	7483
wolfSSL	0:1239e9b70ca2	7484	#endif /* CYASSL_CALLBACKS */
wolfSSL	0:1239e9b70ca2	7485
wolfSSL	0:1239e9b70ca2	7486
wolfSSL	0:1239e9b70ca2	7487
wolfSSL	0:1239e9b70ca2	7488	/* client only parts */
wolfSSL	0:1239e9b70ca2	7489	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	7490
wolfSSL	0:1239e9b70ca2	7491	int SendClientHello(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	7492	{
wolfSSL	0:1239e9b70ca2	7493	byte *output;
wolfSSL	0:1239e9b70ca2	7494	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	7495	int sendSz;
wolfSSL	0:1239e9b70ca2	7496	int idSz = ssl->options.resuming ? ID_LEN : 0;
wolfSSL	0:1239e9b70ca2	7497	int ret;
wolfSSL	0:1239e9b70ca2	7498
wolfSSL	0:1239e9b70ca2	7499	if (ssl->suites == NULL) {
wolfSSL	0:1239e9b70ca2	7500	CYASSL_MSG("Bad suites pointer in SendClientHello");
wolfSSL	0:1239e9b70ca2	7501	return SUITES_ERROR;
wolfSSL	0:1239e9b70ca2	7502	}
wolfSSL	0:1239e9b70ca2	7503
wolfSSL	0:1239e9b70ca2	7504	length = VERSION_SZ + RAN_LEN
wolfSSL	0:1239e9b70ca2	7505	+ idSz + ENUM_LEN
wolfSSL	0:1239e9b70ca2	7506	+ ssl->suites->suiteSz + SUITE_LEN
wolfSSL	0:1239e9b70ca2	7507	+ COMP_LEN + ENUM_LEN;
wolfSSL	0:1239e9b70ca2	7508
wolfSSL	0:1239e9b70ca2	7509	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	7510	length += TLSX_GetRequestSize(ssl);
wolfSSL	0:1239e9b70ca2	7511	#else
wolfSSL	0:1239e9b70ca2	7512	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
wolfSSL	0:1239e9b70ca2	7513	length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ;
wolfSSL	0:1239e9b70ca2	7514	}
wolfSSL	0:1239e9b70ca2	7515	#endif
wolfSSL	0:1239e9b70ca2	7516	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	7517
wolfSSL	0:1239e9b70ca2	7518	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	7519	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	7520	length += ENUM_LEN; /* cookie */
wolfSSL	0:1239e9b70ca2	7521	if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz;
wolfSSL	0:1239e9b70ca2	7522	sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	7523	idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	7524	}
wolfSSL	0:1239e9b70ca2	7525	#endif
wolfSSL	0:1239e9b70ca2	7526
wolfSSL	0:1239e9b70ca2	7527	/* check for available size */
wolfSSL	0:1239e9b70ca2	7528	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	7529	return ret;
wolfSSL	0:1239e9b70ca2	7530
wolfSSL	0:1239e9b70ca2	7531	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	7532	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	7533	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	7534
wolfSSL	0:1239e9b70ca2	7535	AddHeaders(output, length, client_hello, ssl);
wolfSSL	0:1239e9b70ca2	7536
wolfSSL	0:1239e9b70ca2	7537	/* client hello, first version */
wolfSSL	0:1239e9b70ca2	7538	output[idx++] = ssl->version.major;
wolfSSL	0:1239e9b70ca2	7539	output[idx++] = ssl->version.minor;
wolfSSL	0:1239e9b70ca2	7540	ssl->chVersion = ssl->version; /* store in case changed */
wolfSSL	0:1239e9b70ca2	7541
wolfSSL	0:1239e9b70ca2	7542	/* then random */
wolfSSL	0:1239e9b70ca2	7543	if (ssl->options.connectState == CONNECT_BEGIN) {
wolfSSL	0:1239e9b70ca2	7544	ret = RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
wolfSSL	0:1239e9b70ca2	7545	if (ret != 0)
wolfSSL	0:1239e9b70ca2	7546	return ret;
wolfSSL	0:1239e9b70ca2	7547
wolfSSL	0:1239e9b70ca2	7548	/* store random */
wolfSSL	0:1239e9b70ca2	7549	XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN);
wolfSSL	0:1239e9b70ca2	7550	} else {
wolfSSL	0:1239e9b70ca2	7551	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	7552	/* send same random on hello again */
wolfSSL	0:1239e9b70ca2	7553	XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	7554	#endif
wolfSSL	0:1239e9b70ca2	7555	}
wolfSSL	0:1239e9b70ca2	7556	idx += RAN_LEN;
wolfSSL	0:1239e9b70ca2	7557
wolfSSL	0:1239e9b70ca2	7558	/* then session id */
wolfSSL	0:1239e9b70ca2	7559	output[idx++] = (byte)idSz;
wolfSSL	0:1239e9b70ca2	7560	if (idSz) {
wolfSSL	0:1239e9b70ca2	7561	XMEMCPY(output + idx, ssl->session.sessionID, ID_LEN);
wolfSSL	0:1239e9b70ca2	7562	idx += ID_LEN;
wolfSSL	0:1239e9b70ca2	7563	}
wolfSSL	0:1239e9b70ca2	7564
wolfSSL	0:1239e9b70ca2	7565	/* then DTLS cookie */
wolfSSL	0:1239e9b70ca2	7566	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	7567	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	7568	byte cookieSz = ssl->arrays->cookieSz;
wolfSSL	0:1239e9b70ca2	7569
wolfSSL	0:1239e9b70ca2	7570	output[idx++] = cookieSz;
wolfSSL	0:1239e9b70ca2	7571	if (cookieSz) {
wolfSSL	0:1239e9b70ca2	7572	XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz);
wolfSSL	0:1239e9b70ca2	7573	idx += cookieSz;
wolfSSL	0:1239e9b70ca2	7574	}
wolfSSL	0:1239e9b70ca2	7575	}
wolfSSL	0:1239e9b70ca2	7576	#endif
wolfSSL	0:1239e9b70ca2	7577	/* then cipher suites */
wolfSSL	0:1239e9b70ca2	7578	c16toa(ssl->suites->suiteSz, output + idx);
wolfSSL	0:1239e9b70ca2	7579	idx += 2;
wolfSSL	0:1239e9b70ca2	7580	XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz);
wolfSSL	0:1239e9b70ca2	7581	idx += ssl->suites->suiteSz;
wolfSSL	0:1239e9b70ca2	7582
wolfSSL	0:1239e9b70ca2	7583	/* last, compression */
wolfSSL	0:1239e9b70ca2	7584	output[idx++] = COMP_LEN;
wolfSSL	0:1239e9b70ca2	7585	if (ssl->options.usingCompression)
wolfSSL	0:1239e9b70ca2	7586	output[idx++] = ZLIB_COMPRESSION;
wolfSSL	0:1239e9b70ca2	7587	else
wolfSSL	0:1239e9b70ca2	7588	output[idx++] = NO_COMPRESSION;
wolfSSL	0:1239e9b70ca2	7589
wolfSSL	0:1239e9b70ca2	7590	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	7591	idx += TLSX_WriteRequest(ssl, output + idx);
wolfSSL	0:1239e9b70ca2	7592
wolfSSL	0:1239e9b70ca2	7593	(void)idx; /* suppress analyzer warning, keep idx current */
wolfSSL	0:1239e9b70ca2	7594	#else
wolfSSL	0:1239e9b70ca2	7595	if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL	0:1239e9b70ca2	7596	{
wolfSSL	0:1239e9b70ca2	7597	int i;
wolfSSL	0:1239e9b70ca2	7598	/* add in the extensions length */
wolfSSL	0:1239e9b70ca2	7599	c16toa(HELLO_EXT_LEN + ssl->suites->hashSigAlgoSz, output + idx);
wolfSSL	0:1239e9b70ca2	7600	idx += 2;
wolfSSL	0:1239e9b70ca2	7601
wolfSSL	0:1239e9b70ca2	7602	c16toa(HELLO_EXT_SIG_ALGO, output + idx);
wolfSSL	0:1239e9b70ca2	7603	idx += 2;
wolfSSL	0:1239e9b70ca2	7604	c16toa(HELLO_EXT_SIGALGO_SZ+ssl->suites->hashSigAlgoSz, output+idx);
wolfSSL	0:1239e9b70ca2	7605	idx += 2;
wolfSSL	0:1239e9b70ca2	7606	c16toa(ssl->suites->hashSigAlgoSz, output + idx);
wolfSSL	0:1239e9b70ca2	7607	idx += 2;
wolfSSL	0:1239e9b70ca2	7608	for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) {
wolfSSL	0:1239e9b70ca2	7609	output[idx] = ssl->suites->hashSigAlgo[i];
wolfSSL	0:1239e9b70ca2	7610	}
wolfSSL	0:1239e9b70ca2	7611	}
wolfSSL	0:1239e9b70ca2	7612	#endif
wolfSSL	0:1239e9b70ca2	7613
wolfSSL	0:1239e9b70ca2	7614	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	7615	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	7616	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	7617	return ret;
wolfSSL	0:1239e9b70ca2	7618	}
wolfSSL	0:1239e9b70ca2	7619	#endif
wolfSSL	0:1239e9b70ca2	7620
wolfSSL	0:1239e9b70ca2	7621	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	7622	if (ret != 0)
wolfSSL	0:1239e9b70ca2	7623	return ret;
wolfSSL	0:1239e9b70ca2	7624
wolfSSL	0:1239e9b70ca2	7625	ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL	0:1239e9b70ca2	7626
wolfSSL	0:1239e9b70ca2	7627	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	7628	if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	7629	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	7630	AddPacketInfo("ClientHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL	0:1239e9b70ca2	7631	ssl->heap);
wolfSSL	0:1239e9b70ca2	7632	#endif
wolfSSL	0:1239e9b70ca2	7633
wolfSSL	0:1239e9b70ca2	7634	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	7635
wolfSSL	0:1239e9b70ca2	7636	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	7637	}
wolfSSL	0:1239e9b70ca2	7638
wolfSSL	0:1239e9b70ca2	7639
wolfSSL	0:1239e9b70ca2	7640	static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input,
wolfSSL	0:1239e9b70ca2	7641	word32* inOutIdx, word32 size)
wolfSSL	0:1239e9b70ca2	7642	{
wolfSSL	0:1239e9b70ca2	7643	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	7644	byte cookieSz;
wolfSSL	0:1239e9b70ca2	7645	word32 begin = *inOutIdx;
wolfSSL	0:1239e9b70ca2	7646
wolfSSL	0:1239e9b70ca2	7647	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	7648	if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest",
wolfSSL	0:1239e9b70ca2	7649	&ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	7650	if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	7651	#endif
wolfSSL	0:1239e9b70ca2	7652
wolfSSL	0:1239e9b70ca2	7653	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	7654	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	7655	DtlsPoolReset(ssl);
wolfSSL	0:1239e9b70ca2	7656	}
wolfSSL	0:1239e9b70ca2	7657	#endif
wolfSSL	0:1239e9b70ca2	7658
wolfSSL	0:1239e9b70ca2	7659	if ((*inOutIdx - begin) + OPAQUE16_LEN + OPAQUE8_LEN > size)
wolfSSL	0:1239e9b70ca2	7660	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7661
wolfSSL	0:1239e9b70ca2	7662	XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN);
wolfSSL	0:1239e9b70ca2	7663	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	7664
wolfSSL	0:1239e9b70ca2	7665	cookieSz = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	7666
wolfSSL	0:1239e9b70ca2	7667	if (cookieSz) {
wolfSSL	0:1239e9b70ca2	7668	if ((*inOutIdx - begin) + cookieSz > size)
wolfSSL	0:1239e9b70ca2	7669	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7670
wolfSSL	0:1239e9b70ca2	7671	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	7672	if (cookieSz <= MAX_COOKIE_LEN) {
wolfSSL	0:1239e9b70ca2	7673	XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz);
wolfSSL	0:1239e9b70ca2	7674	ssl->arrays->cookieSz = cookieSz;
wolfSSL	0:1239e9b70ca2	7675	}
wolfSSL	0:1239e9b70ca2	7676	#endif
wolfSSL	0:1239e9b70ca2	7677	*inOutIdx += cookieSz;
wolfSSL	0:1239e9b70ca2	7678	}
wolfSSL	0:1239e9b70ca2	7679
wolfSSL	0:1239e9b70ca2	7680	ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL	0:1239e9b70ca2	7681	return 0;
wolfSSL	0:1239e9b70ca2	7682	}
wolfSSL	0:1239e9b70ca2	7683
wolfSSL	0:1239e9b70ca2	7684
wolfSSL	0:1239e9b70ca2	7685	static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	7686	word32 helloSz)
wolfSSL	0:1239e9b70ca2	7687	{
wolfSSL	0:1239e9b70ca2	7688	byte b;
wolfSSL	0:1239e9b70ca2	7689	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	7690	byte compression;
wolfSSL	0:1239e9b70ca2	7691	word32 i = *inOutIdx;
wolfSSL	0:1239e9b70ca2	7692	word32 begin = i;
wolfSSL	0:1239e9b70ca2	7693
wolfSSL	0:1239e9b70ca2	7694	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	7695	if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	7696	if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	7697	#endif
wolfSSL	0:1239e9b70ca2	7698
wolfSSL	0:1239e9b70ca2	7699	/* protocol version, random and session id length check */
wolfSSL	0:1239e9b70ca2	7700	if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	7701	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7702
wolfSSL	0:1239e9b70ca2	7703	/* protocol version */
wolfSSL	0:1239e9b70ca2	7704	XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL	0:1239e9b70ca2	7705	i += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	7706
wolfSSL	0:1239e9b70ca2	7707	if (pv.minor > ssl->version.minor) {
wolfSSL	0:1239e9b70ca2	7708	CYASSL_MSG("Server using higher version, fatal error");
wolfSSL	0:1239e9b70ca2	7709	return VERSION_ERROR;
wolfSSL	0:1239e9b70ca2	7710	}
wolfSSL	0:1239e9b70ca2	7711	else if (pv.minor < ssl->version.minor) {
wolfSSL	0:1239e9b70ca2	7712	CYASSL_MSG("server using lower version");
wolfSSL	0:1239e9b70ca2	7713
wolfSSL	0:1239e9b70ca2	7714	if (!ssl->options.downgrade) {
wolfSSL	0:1239e9b70ca2	7715	CYASSL_MSG(" no downgrade allowed, fatal error");
wolfSSL	0:1239e9b70ca2	7716	return VERSION_ERROR;
wolfSSL	0:1239e9b70ca2	7717	}
wolfSSL	0:1239e9b70ca2	7718
wolfSSL	0:1239e9b70ca2	7719	if (pv.minor == SSLv3_MINOR) {
wolfSSL	0:1239e9b70ca2	7720	/* turn off tls */
wolfSSL	0:1239e9b70ca2	7721	CYASSL_MSG(" downgrading to SSLv3");
wolfSSL	0:1239e9b70ca2	7722	ssl->options.tls = 0;
wolfSSL	0:1239e9b70ca2	7723	ssl->options.tls1_1 = 0;
wolfSSL	0:1239e9b70ca2	7724	ssl->version.minor = SSLv3_MINOR;
wolfSSL	0:1239e9b70ca2	7725	}
wolfSSL	0:1239e9b70ca2	7726	else if (pv.minor == TLSv1_MINOR) {
wolfSSL	0:1239e9b70ca2	7727	/* turn off tls 1.1+ */
wolfSSL	0:1239e9b70ca2	7728	CYASSL_MSG(" downgrading to TLSv1");
wolfSSL	0:1239e9b70ca2	7729	ssl->options.tls1_1 = 0;
wolfSSL	0:1239e9b70ca2	7730	ssl->version.minor = TLSv1_MINOR;
wolfSSL	0:1239e9b70ca2	7731	}
wolfSSL	0:1239e9b70ca2	7732	else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL	0:1239e9b70ca2	7733	CYASSL_MSG(" downgrading to TLSv1.1");
wolfSSL	0:1239e9b70ca2	7734	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	0:1239e9b70ca2	7735	}
wolfSSL	0:1239e9b70ca2	7736	}
wolfSSL	0:1239e9b70ca2	7737
wolfSSL	0:1239e9b70ca2	7738	/* random */
wolfSSL	0:1239e9b70ca2	7739	XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
wolfSSL	0:1239e9b70ca2	7740	i += RAN_LEN;
wolfSSL	0:1239e9b70ca2	7741
wolfSSL	0:1239e9b70ca2	7742	/* session id */
wolfSSL	0:1239e9b70ca2	7743	b = input[i++];
wolfSSL	0:1239e9b70ca2	7744
wolfSSL	0:1239e9b70ca2	7745	if (b == ID_LEN) {
wolfSSL	0:1239e9b70ca2	7746	if ((i - begin) + ID_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	7747	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7748
wolfSSL	0:1239e9b70ca2	7749	XMEMCPY(ssl->arrays->sessionID, input + i, min(b, ID_LEN));
wolfSSL	0:1239e9b70ca2	7750	i += ID_LEN;
wolfSSL	0:1239e9b70ca2	7751	ssl->options.haveSessionId = 1;
wolfSSL	0:1239e9b70ca2	7752	}
wolfSSL	0:1239e9b70ca2	7753	else if (b) {
wolfSSL	0:1239e9b70ca2	7754	CYASSL_MSG("Invalid session ID size");
wolfSSL	0:1239e9b70ca2	7755	return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
wolfSSL	0:1239e9b70ca2	7756	}
wolfSSL	0:1239e9b70ca2	7757
wolfSSL	0:1239e9b70ca2	7758	/* suite and compression */
wolfSSL	0:1239e9b70ca2	7759	if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	7760	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7761
wolfSSL	0:1239e9b70ca2	7762	ssl->options.cipherSuite0 = input[i++];
wolfSSL	0:1239e9b70ca2	7763	ssl->options.cipherSuite = input[i++];
wolfSSL	0:1239e9b70ca2	7764	compression = input[i++];
wolfSSL	0:1239e9b70ca2	7765
wolfSSL	0:1239e9b70ca2	7766	if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) {
wolfSSL	0:1239e9b70ca2	7767	CYASSL_MSG("Server refused compression, turning off");
wolfSSL	0:1239e9b70ca2	7768	ssl->options.usingCompression = 0; /* turn off if server refused */
wolfSSL	0:1239e9b70ca2	7769	}
wolfSSL	0:1239e9b70ca2	7770
wolfSSL	0:1239e9b70ca2	7771	*inOutIdx = i;
wolfSSL	0:1239e9b70ca2	7772
wolfSSL	0:1239e9b70ca2	7773	/* tls extensions */
wolfSSL	0:1239e9b70ca2	7774	if ( (i - begin) < helloSz) {
wolfSSL	0:1239e9b70ca2	7775	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	7776	if (IsTLS(ssl)) {
wolfSSL	0:1239e9b70ca2	7777	int ret = 0;
wolfSSL	0:1239e9b70ca2	7778	word16 totalExtSz;
wolfSSL	0:1239e9b70ca2	7779	Suites clSuites; /* just for compatibility right now */
wolfSSL	0:1239e9b70ca2	7780
wolfSSL	0:1239e9b70ca2	7781	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	7782	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7783
wolfSSL	0:1239e9b70ca2	7784	ato16(&input[i], &totalExtSz);
wolfSSL	0:1239e9b70ca2	7785	i += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	7786
wolfSSL	0:1239e9b70ca2	7787	if ((i - begin) + totalExtSz > helloSz)
wolfSSL	0:1239e9b70ca2	7788	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7789
wolfSSL	0:1239e9b70ca2	7790	if ((ret = TLSX_Parse(ssl, (byte *) input + i,
wolfSSL	0:1239e9b70ca2	7791	totalExtSz, 0, &clSuites)))
wolfSSL	0:1239e9b70ca2	7792	return ret;
wolfSSL	0:1239e9b70ca2	7793
wolfSSL	0:1239e9b70ca2	7794	i += totalExtSz;
wolfSSL	0:1239e9b70ca2	7795	*inOutIdx = i;
wolfSSL	0:1239e9b70ca2	7796	}
wolfSSL	0:1239e9b70ca2	7797	else
wolfSSL	0:1239e9b70ca2	7798	#endif
wolfSSL	0:1239e9b70ca2	7799	inOutIdx = begin + helloSz; / skip extensions */
wolfSSL	0:1239e9b70ca2	7800	}
wolfSSL	0:1239e9b70ca2	7801
wolfSSL	0:1239e9b70ca2	7802	ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL	0:1239e9b70ca2	7803
wolfSSL	0:1239e9b70ca2	7804	if (ssl->options.resuming) {
wolfSSL	0:1239e9b70ca2	7805	if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
wolfSSL	0:1239e9b70ca2	7806	ssl->session.sessionID, ID_LEN) == 0) {
wolfSSL	0:1239e9b70ca2	7807	if (SetCipherSpecs(ssl) == 0) {
wolfSSL	0:1239e9b70ca2	7808	int ret = -1;
wolfSSL	0:1239e9b70ca2	7809
wolfSSL	0:1239e9b70ca2	7810	XMEMCPY(ssl->arrays->masterSecret,
wolfSSL	0:1239e9b70ca2	7811	ssl->session.masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	7812	#ifdef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	7813	ret = DeriveTlsKeys(ssl);
wolfSSL	0:1239e9b70ca2	7814	#else
wolfSSL	0:1239e9b70ca2	7815	#ifndef NO_TLS
wolfSSL	0:1239e9b70ca2	7816	if (ssl->options.tls)
wolfSSL	0:1239e9b70ca2	7817	ret = DeriveTlsKeys(ssl);
wolfSSL	0:1239e9b70ca2	7818	#endif
wolfSSL	0:1239e9b70ca2	7819	if (!ssl->options.tls)
wolfSSL	0:1239e9b70ca2	7820	ret = DeriveKeys(ssl);
wolfSSL	0:1239e9b70ca2	7821	#endif
wolfSSL	0:1239e9b70ca2	7822	ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL	0:1239e9b70ca2	7823
wolfSSL	0:1239e9b70ca2	7824	return ret;
wolfSSL	0:1239e9b70ca2	7825	}
wolfSSL	0:1239e9b70ca2	7826	else {
wolfSSL	0:1239e9b70ca2	7827	CYASSL_MSG("Unsupported cipher suite, DoServerHello");
wolfSSL	0:1239e9b70ca2	7828	return UNSUPPORTED_SUITE;
wolfSSL	0:1239e9b70ca2	7829	}
wolfSSL	0:1239e9b70ca2	7830	}
wolfSSL	0:1239e9b70ca2	7831	else {
wolfSSL	0:1239e9b70ca2	7832	CYASSL_MSG("Server denied resumption attempt");
wolfSSL	0:1239e9b70ca2	7833	ssl->options.resuming = 0; /* server denied resumption try */
wolfSSL	0:1239e9b70ca2	7834	}
wolfSSL	0:1239e9b70ca2	7835	}
wolfSSL	0:1239e9b70ca2	7836	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	7837	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	7838	DtlsPoolReset(ssl);
wolfSSL	0:1239e9b70ca2	7839	}
wolfSSL	0:1239e9b70ca2	7840	#endif
wolfSSL	0:1239e9b70ca2	7841
wolfSSL	0:1239e9b70ca2	7842	return SetCipherSpecs(ssl);
wolfSSL	0:1239e9b70ca2	7843	}
wolfSSL	0:1239e9b70ca2	7844
wolfSSL	0:1239e9b70ca2	7845
wolfSSL	0:1239e9b70ca2	7846	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	7847	/* just read in and ignore for now TODO: */
wolfSSL	0:1239e9b70ca2	7848	static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*
wolfSSL	0:1239e9b70ca2	7849	inOutIdx, word32 size)
wolfSSL	0:1239e9b70ca2	7850	{
wolfSSL	0:1239e9b70ca2	7851	word16 len;
wolfSSL	0:1239e9b70ca2	7852	word32 begin = *inOutIdx;
wolfSSL	0:1239e9b70ca2	7853
wolfSSL	0:1239e9b70ca2	7854	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	7855	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	7856	AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	7857	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	7858	AddLateName("CertificateRequest", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	7859	#endif
wolfSSL	0:1239e9b70ca2	7860
wolfSSL	0:1239e9b70ca2	7861	if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
wolfSSL	0:1239e9b70ca2	7862	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7863
wolfSSL	0:1239e9b70ca2	7864	len = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	7865
wolfSSL	0:1239e9b70ca2	7866	if ((*inOutIdx - begin) + len > size)
wolfSSL	0:1239e9b70ca2	7867	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7868
wolfSSL	0:1239e9b70ca2	7869	/* types, read in here */
wolfSSL	0:1239e9b70ca2	7870	*inOutIdx += len;
wolfSSL	0:1239e9b70ca2	7871
wolfSSL	0:1239e9b70ca2	7872	/* signature and hash signature algorithm */
wolfSSL	0:1239e9b70ca2	7873	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	7874	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	7875	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7876
wolfSSL	0:1239e9b70ca2	7877	ato16(input + *inOutIdx, &len);
wolfSSL	0:1239e9b70ca2	7878	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	7879
wolfSSL	0:1239e9b70ca2	7880	if ((*inOutIdx - begin) + len > size)
wolfSSL	0:1239e9b70ca2	7881	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7882
wolfSSL	0:1239e9b70ca2	7883	PickHashSigAlgo(ssl, input + *inOutIdx, len);
wolfSSL	0:1239e9b70ca2	7884	*inOutIdx += len;
wolfSSL	0:1239e9b70ca2	7885	}
wolfSSL	0:1239e9b70ca2	7886
wolfSSL	0:1239e9b70ca2	7887	/* authorities */
wolfSSL	0:1239e9b70ca2	7888	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	7889	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7890
wolfSSL	0:1239e9b70ca2	7891	ato16(input + *inOutIdx, &len);
wolfSSL	0:1239e9b70ca2	7892	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	7893
wolfSSL	0:1239e9b70ca2	7894	if ((*inOutIdx - begin) + len > size)
wolfSSL	0:1239e9b70ca2	7895	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7896
wolfSSL	0:1239e9b70ca2	7897	while (len) {
wolfSSL	0:1239e9b70ca2	7898	word16 dnSz;
wolfSSL	0:1239e9b70ca2	7899
wolfSSL	0:1239e9b70ca2	7900	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	7901	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7902
wolfSSL	0:1239e9b70ca2	7903	ato16(input + *inOutIdx, &dnSz);
wolfSSL	0:1239e9b70ca2	7904	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	7905
wolfSSL	0:1239e9b70ca2	7906	if ((*inOutIdx - begin) + dnSz > size)
wolfSSL	0:1239e9b70ca2	7907	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7908
wolfSSL	0:1239e9b70ca2	7909	*inOutIdx += dnSz;
wolfSSL	0:1239e9b70ca2	7910	len -= OPAQUE16_LEN + dnSz;
wolfSSL	0:1239e9b70ca2	7911	}
wolfSSL	0:1239e9b70ca2	7912
wolfSSL	0:1239e9b70ca2	7913	/* don't send client cert or cert verify if user hasn't provided
wolfSSL	0:1239e9b70ca2	7914	cert and private key */
wolfSSL	0:1239e9b70ca2	7915	if (ssl->buffers.certificate.buffer && ssl->buffers.key.buffer)
wolfSSL	0:1239e9b70ca2	7916	ssl->options.sendVerify = SEND_CERT;
wolfSSL	0:1239e9b70ca2	7917	else if (IsTLS(ssl))
wolfSSL	0:1239e9b70ca2	7918	ssl->options.sendVerify = SEND_BLANK_CERT;
wolfSSL	0:1239e9b70ca2	7919
wolfSSL	0:1239e9b70ca2	7920	return 0;
wolfSSL	0:1239e9b70ca2	7921	}
wolfSSL	0:1239e9b70ca2	7922	#endif /* !NO_CERTS */
wolfSSL	0:1239e9b70ca2	7923
wolfSSL	0:1239e9b70ca2	7924
wolfSSL	0:1239e9b70ca2	7925	static int DoServerKeyExchange(CYASSL* ssl, const byte* input,
wolfSSL	0:1239e9b70ca2	7926	word32* inOutIdx, word32 size)
wolfSSL	0:1239e9b70ca2	7927	{
wolfSSL	0:1239e9b70ca2	7928	word16 length = 0;
wolfSSL	0:1239e9b70ca2	7929	word32 begin = *inOutIdx;
wolfSSL	0:1239e9b70ca2	7930	int ret = 0;
wolfSSL	0:1239e9b70ca2	7931
wolfSSL	0:1239e9b70ca2	7932	(void)length; /* shut up compiler warnings */
wolfSSL	0:1239e9b70ca2	7933	(void)begin;
wolfSSL	0:1239e9b70ca2	7934	(void)ssl;
wolfSSL	0:1239e9b70ca2	7935	(void)input;
wolfSSL	0:1239e9b70ca2	7936	(void)size;
wolfSSL	0:1239e9b70ca2	7937	(void)ret;
wolfSSL	0:1239e9b70ca2	7938
wolfSSL	0:1239e9b70ca2	7939	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	7940	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	7941	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	7942	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	7943	AddLateName("ServerKeyExchange", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	7944	#endif
wolfSSL	0:1239e9b70ca2	7945
wolfSSL	0:1239e9b70ca2	7946	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	7947	if (ssl->specs.kea == psk_kea) {
wolfSSL	0:1239e9b70ca2	7948
wolfSSL	0:1239e9b70ca2	7949	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	7950	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7951
wolfSSL	0:1239e9b70ca2	7952	ato16(input + *inOutIdx, &length);
wolfSSL	0:1239e9b70ca2	7953	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	7954
wolfSSL	0:1239e9b70ca2	7955	if ((*inOutIdx - begin) + length > size)
wolfSSL	0:1239e9b70ca2	7956	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7957
wolfSSL	0:1239e9b70ca2	7958	XMEMCPY(ssl->arrays->server_hint, input + *inOutIdx,
wolfSSL	0:1239e9b70ca2	7959	min(length, MAX_PSK_ID_LEN));
wolfSSL	0:1239e9b70ca2	7960
wolfSSL	0:1239e9b70ca2	7961	ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0;
wolfSSL	0:1239e9b70ca2	7962	*inOutIdx += length;
wolfSSL	0:1239e9b70ca2	7963
wolfSSL	0:1239e9b70ca2	7964	return 0;
wolfSSL	0:1239e9b70ca2	7965	}
wolfSSL	0:1239e9b70ca2	7966	#endif
wolfSSL	0:1239e9b70ca2	7967	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	7968	if (ssl->specs.kea == diffie_hellman_kea)
wolfSSL	0:1239e9b70ca2	7969	{
wolfSSL	0:1239e9b70ca2	7970	/* p */
wolfSSL	0:1239e9b70ca2	7971	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	7972	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7973
wolfSSL	0:1239e9b70ca2	7974	ato16(input + *inOutIdx, &length);
wolfSSL	0:1239e9b70ca2	7975	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	7976
wolfSSL	0:1239e9b70ca2	7977	if ((*inOutIdx - begin) + length > size)
wolfSSL	0:1239e9b70ca2	7978	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7979
wolfSSL	0:1239e9b70ca2	7980	ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
wolfSSL	0:1239e9b70ca2	7981	DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	7982
wolfSSL	0:1239e9b70ca2	7983	if (ssl->buffers.serverDH_P.buffer)
wolfSSL	0:1239e9b70ca2	7984	ssl->buffers.serverDH_P.length = length;
wolfSSL	0:1239e9b70ca2	7985	else
wolfSSL	0:1239e9b70ca2	7986	return MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	7987
wolfSSL	0:1239e9b70ca2	7988	XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length);
wolfSSL	0:1239e9b70ca2	7989	*inOutIdx += length;
wolfSSL	0:1239e9b70ca2	7990
wolfSSL	0:1239e9b70ca2	7991	/* g */
wolfSSL	0:1239e9b70ca2	7992	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	7993	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	7994
wolfSSL	0:1239e9b70ca2	7995	ato16(input + *inOutIdx, &length);
wolfSSL	0:1239e9b70ca2	7996	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	7997
wolfSSL	0:1239e9b70ca2	7998	if ((*inOutIdx - begin) + length > size)
wolfSSL	0:1239e9b70ca2	7999	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	8000
wolfSSL	0:1239e9b70ca2	8001	ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap,
wolfSSL	0:1239e9b70ca2	8002	DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	8003
wolfSSL	0:1239e9b70ca2	8004	if (ssl->buffers.serverDH_G.buffer)
wolfSSL	0:1239e9b70ca2	8005	ssl->buffers.serverDH_G.length = length;
wolfSSL	0:1239e9b70ca2	8006	else
wolfSSL	0:1239e9b70ca2	8007	return MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	8008
wolfSSL	0:1239e9b70ca2	8009	XMEMCPY(ssl->buffers.serverDH_G.buffer, input + *inOutIdx, length);
wolfSSL	0:1239e9b70ca2	8010	*inOutIdx += length;
wolfSSL	0:1239e9b70ca2	8011
wolfSSL	0:1239e9b70ca2	8012	/* pub */
wolfSSL	0:1239e9b70ca2	8013	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	8014	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	8015
wolfSSL	0:1239e9b70ca2	8016	ato16(input + *inOutIdx, &length);
wolfSSL	0:1239e9b70ca2	8017	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	8018
wolfSSL	0:1239e9b70ca2	8019	if ((*inOutIdx - begin) + length > size)
wolfSSL	0:1239e9b70ca2	8020	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	8021
wolfSSL	0:1239e9b70ca2	8022	ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap,
wolfSSL	0:1239e9b70ca2	8023	DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	8024
wolfSSL	0:1239e9b70ca2	8025	if (ssl->buffers.serverDH_Pub.buffer)
wolfSSL	0:1239e9b70ca2	8026	ssl->buffers.serverDH_Pub.length = length;
wolfSSL	0:1239e9b70ca2	8027	else
wolfSSL	0:1239e9b70ca2	8028	return MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	8029
wolfSSL	0:1239e9b70ca2	8030	XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + *inOutIdx, length);
wolfSSL	0:1239e9b70ca2	8031	*inOutIdx += length;
wolfSSL	0:1239e9b70ca2	8032	} /* dh_kea */
wolfSSL	0:1239e9b70ca2	8033	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	8034
wolfSSL	0:1239e9b70ca2	8035	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8036	if (ssl->specs.kea == ecc_diffie_hellman_kea)
wolfSSL	0:1239e9b70ca2	8037	{
wolfSSL	0:1239e9b70ca2	8038	byte b;
wolfSSL	0:1239e9b70ca2	8039
wolfSSL	0:1239e9b70ca2	8040	if ((*inOutIdx - begin) + ENUM_LEN + OPAQUE16_LEN + OPAQUE8_LEN > size)
wolfSSL	0:1239e9b70ca2	8041	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	8042
wolfSSL	0:1239e9b70ca2	8043	b = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	8044
wolfSSL	0:1239e9b70ca2	8045	if (b != named_curve)
wolfSSL	0:1239e9b70ca2	8046	return ECC_CURVETYPE_ERROR;
wolfSSL	0:1239e9b70ca2	8047
wolfSSL	0:1239e9b70ca2	8048	inOutIdx += 1; / curve type, eat leading 0 */
wolfSSL	0:1239e9b70ca2	8049	b = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	8050
wolfSSL	0:1239e9b70ca2	8051	if (b != secp256r1 && b != secp384r1 && b != secp521r1 && b !=
wolfSSL	0:1239e9b70ca2	8052	secp160r1 && b != secp192r1 && b != secp224r1)
wolfSSL	0:1239e9b70ca2	8053	return ECC_CURVE_ERROR;
wolfSSL	0:1239e9b70ca2	8054
wolfSSL	0:1239e9b70ca2	8055	length = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	8056
wolfSSL	0:1239e9b70ca2	8057	if ((*inOutIdx - begin) + length > size)
wolfSSL	0:1239e9b70ca2	8058	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	8059
wolfSSL	0:1239e9b70ca2	8060	if (ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey) != 0)
wolfSSL	0:1239e9b70ca2	8061	return ECC_PEERKEY_ERROR;
wolfSSL	0:1239e9b70ca2	8062
wolfSSL	0:1239e9b70ca2	8063	*inOutIdx += length;
wolfSSL	0:1239e9b70ca2	8064	ssl->peerEccKeyPresent = 1;
wolfSSL	0:1239e9b70ca2	8065	}
wolfSSL	0:1239e9b70ca2	8066	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	8067
wolfSSL	0:1239e9b70ca2	8068	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_ECC)
wolfSSL	0:1239e9b70ca2	8069	{
wolfSSL	0:1239e9b70ca2	8070	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	8071	Md5 md5;
wolfSSL	0:1239e9b70ca2	8072	Sha sha;
wolfSSL	0:1239e9b70ca2	8073	#endif
wolfSSL	0:1239e9b70ca2	8074	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	8075	Sha256 sha256;
wolfSSL	0:1239e9b70ca2	8076	byte hash256[SHA256_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	8077	#endif
wolfSSL	0:1239e9b70ca2	8078	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	8079	Sha384 sha384;
wolfSSL	0:1239e9b70ca2	8080	byte hash384[SHA384_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	8081	#endif
wolfSSL	0:1239e9b70ca2	8082	byte hash[FINISHED_SZ];
wolfSSL	0:1239e9b70ca2	8083	byte messageVerify[MAX_DH_SZ];
wolfSSL	0:1239e9b70ca2	8084	byte hashAlgo = sha_mac;
wolfSSL	0:1239e9b70ca2	8085	byte sigAlgo = ssl->specs.sig_algo;
wolfSSL	0:1239e9b70ca2	8086	word16 verifySz = (word16) (*inOutIdx - begin);
wolfSSL	0:1239e9b70ca2	8087
wolfSSL	0:1239e9b70ca2	8088	/* save message for hash verify */
wolfSSL	0:1239e9b70ca2	8089	if (verifySz > sizeof(messageVerify))
wolfSSL	0:1239e9b70ca2	8090	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	8091
wolfSSL	0:1239e9b70ca2	8092	XMEMCPY(messageVerify, input + begin, verifySz);
wolfSSL	0:1239e9b70ca2	8093
wolfSSL	0:1239e9b70ca2	8094	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	8095	if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size)
wolfSSL	0:1239e9b70ca2	8096	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	8097
wolfSSL	0:1239e9b70ca2	8098	hashAlgo = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	8099	sigAlgo = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	8100	}
wolfSSL	0:1239e9b70ca2	8101
wolfSSL	0:1239e9b70ca2	8102	/* signature */
wolfSSL	0:1239e9b70ca2	8103	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	8104	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	8105
wolfSSL	0:1239e9b70ca2	8106	ato16(input + *inOutIdx, &length);
wolfSSL	0:1239e9b70ca2	8107	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	8108
wolfSSL	0:1239e9b70ca2	8109	if ((*inOutIdx - begin) + length > size)
wolfSSL	0:1239e9b70ca2	8110	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	8111
wolfSSL	0:1239e9b70ca2	8112	/* inOutIdx updated at the end of the function */
wolfSSL	0:1239e9b70ca2	8113
wolfSSL	0:1239e9b70ca2	8114	/* verify signature */
wolfSSL	0:1239e9b70ca2	8115	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	8116	/* md5 */
wolfSSL	0:1239e9b70ca2	8117	InitMd5(&md5);
wolfSSL	0:1239e9b70ca2	8118	Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	8119	Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	8120	Md5Update(&md5, messageVerify, verifySz);
wolfSSL	0:1239e9b70ca2	8121	Md5Final(&md5, hash);
wolfSSL	0:1239e9b70ca2	8122
wolfSSL	0:1239e9b70ca2	8123	/* sha */
wolfSSL	0:1239e9b70ca2	8124	ret = InitSha(&sha);
wolfSSL	0:1239e9b70ca2	8125	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8126	return ret;
wolfSSL	0:1239e9b70ca2	8127	ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	8128	ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	8129	ShaUpdate(&sha, messageVerify, verifySz);
wolfSSL	0:1239e9b70ca2	8130	ShaFinal(&sha, hash + MD5_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	8131	#endif
wolfSSL	0:1239e9b70ca2	8132
wolfSSL	0:1239e9b70ca2	8133	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	8134	ret = InitSha256(&sha256);
wolfSSL	0:1239e9b70ca2	8135	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8136	return ret;
wolfSSL	0:1239e9b70ca2	8137	ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	8138	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8139	return ret;
wolfSSL	0:1239e9b70ca2	8140	ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	8141	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8142	return ret;
wolfSSL	0:1239e9b70ca2	8143	ret = Sha256Update(&sha256, messageVerify, verifySz);
wolfSSL	0:1239e9b70ca2	8144	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8145	return ret;
wolfSSL	0:1239e9b70ca2	8146	ret = Sha256Final(&sha256, hash256);
wolfSSL	0:1239e9b70ca2	8147	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8148	return ret;
wolfSSL	0:1239e9b70ca2	8149	#endif
wolfSSL	0:1239e9b70ca2	8150
wolfSSL	0:1239e9b70ca2	8151	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	8152	ret = InitSha384(&sha384);
wolfSSL	0:1239e9b70ca2	8153	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8154	return ret;
wolfSSL	0:1239e9b70ca2	8155	ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	8156	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8157	return ret;
wolfSSL	0:1239e9b70ca2	8158	ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	8159	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8160	return ret;
wolfSSL	0:1239e9b70ca2	8161	ret = Sha384Update(&sha384, messageVerify, verifySz);
wolfSSL	0:1239e9b70ca2	8162	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8163	return ret;
wolfSSL	0:1239e9b70ca2	8164	ret = Sha384Final(&sha384, hash384);
wolfSSL	0:1239e9b70ca2	8165	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8166	return ret;
wolfSSL	0:1239e9b70ca2	8167	#endif
wolfSSL	0:1239e9b70ca2	8168
wolfSSL	0:1239e9b70ca2	8169	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8170	/* rsa */
wolfSSL	0:1239e9b70ca2	8171	if (sigAlgo == rsa_sa_algo)
wolfSSL	0:1239e9b70ca2	8172	{
wolfSSL	0:1239e9b70ca2	8173	byte* out = NULL;
wolfSSL	0:1239e9b70ca2	8174	byte doUserRsa = 0;
wolfSSL	0:1239e9b70ca2	8175
wolfSSL	0:1239e9b70ca2	8176	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8177	if (ssl->ctx->RsaVerifyCb)
wolfSSL	0:1239e9b70ca2	8178	doUserRsa = 1;
wolfSSL	0:1239e9b70ca2	8179	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	8180
wolfSSL	0:1239e9b70ca2	8181	if (!ssl->peerRsaKeyPresent)
wolfSSL	0:1239e9b70ca2	8182	return NO_PEER_KEY;
wolfSSL	0:1239e9b70ca2	8183
wolfSSL	0:1239e9b70ca2	8184	if (doUserRsa) {
wolfSSL	0:1239e9b70ca2	8185	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8186	ret = ssl->ctx->RsaVerifyCb(ssl, (byte ) input + inOutIdx,
wolfSSL	0:1239e9b70ca2	8187	length, &out,
wolfSSL	0:1239e9b70ca2	8188	ssl->buffers.peerRsaKey.buffer,
wolfSSL	0:1239e9b70ca2	8189	ssl->buffers.peerRsaKey.length,
wolfSSL	0:1239e9b70ca2	8190	ssl->RsaVerifyCtx);
wolfSSL	0:1239e9b70ca2	8191	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	8192	}
wolfSSL	0:1239e9b70ca2	8193	else {
wolfSSL	0:1239e9b70ca2	8194	ret = RsaSSL_VerifyInline((byte ) input + inOutIdx, length,
wolfSSL	0:1239e9b70ca2	8195	&out, ssl->peerRsaKey);
wolfSSL	0:1239e9b70ca2	8196	}
wolfSSL	0:1239e9b70ca2	8197
wolfSSL	0:1239e9b70ca2	8198	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	8199	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	0:1239e9b70ca2	8200	word32 encSigSz;
wolfSSL	0:1239e9b70ca2	8201	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	8202	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	8203	int typeH = SHAh;
wolfSSL	0:1239e9b70ca2	8204	int digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8205	#else
wolfSSL	0:1239e9b70ca2	8206	byte* digest = hash256;
wolfSSL	0:1239e9b70ca2	8207	int typeH = SHA256h;
wolfSSL	0:1239e9b70ca2	8208	int digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8209	#endif
wolfSSL	0:1239e9b70ca2	8210
wolfSSL	0:1239e9b70ca2	8211	if (hashAlgo == sha_mac) {
wolfSSL	0:1239e9b70ca2	8212	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8213	digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	8214	typeH = SHAh;
wolfSSL	0:1239e9b70ca2	8215	digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8216	#endif
wolfSSL	0:1239e9b70ca2	8217	}
wolfSSL	0:1239e9b70ca2	8218	else if (hashAlgo == sha256_mac) {
wolfSSL	0:1239e9b70ca2	8219	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	8220	digest = hash256;
wolfSSL	0:1239e9b70ca2	8221	typeH = SHA256h;
wolfSSL	0:1239e9b70ca2	8222	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8223	#endif
wolfSSL	0:1239e9b70ca2	8224	}
wolfSSL	0:1239e9b70ca2	8225	else if (hashAlgo == sha384_mac) {
wolfSSL	0:1239e9b70ca2	8226	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	8227	digest = hash384;
wolfSSL	0:1239e9b70ca2	8228	typeH = SHA384h;
wolfSSL	0:1239e9b70ca2	8229	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8230	#endif
wolfSSL	0:1239e9b70ca2	8231	}
wolfSSL	0:1239e9b70ca2	8232
wolfSSL	0:1239e9b70ca2	8233	encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
wolfSSL	0:1239e9b70ca2	8234
wolfSSL	0:1239e9b70ca2	8235	if (encSigSz != (word32)ret \|\| !out \|\| XMEMCMP(out, encodedSig,
wolfSSL	0:1239e9b70ca2	8236	min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
wolfSSL	0:1239e9b70ca2	8237	return VERIFY_SIGN_ERROR;
wolfSSL	0:1239e9b70ca2	8238	}
wolfSSL	0:1239e9b70ca2	8239	else {
wolfSSL	0:1239e9b70ca2	8240	if (ret != sizeof(hash) \|\| !out \|\| XMEMCMP(out,
wolfSSL	0:1239e9b70ca2	8241	hash, sizeof(hash)) != 0)
wolfSSL	0:1239e9b70ca2	8242	return VERIFY_SIGN_ERROR;
wolfSSL	0:1239e9b70ca2	8243	}
wolfSSL	0:1239e9b70ca2	8244	} else
wolfSSL	0:1239e9b70ca2	8245	#endif
wolfSSL	0:1239e9b70ca2	8246	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8247	/* ecdsa */
wolfSSL	0:1239e9b70ca2	8248	if (sigAlgo == ecc_dsa_sa_algo) {
wolfSSL	0:1239e9b70ca2	8249	int verify = 0;
wolfSSL	0:1239e9b70ca2	8250	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	8251	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	8252	word32 digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8253	#else
wolfSSL	0:1239e9b70ca2	8254	byte* digest = hash256;
wolfSSL	0:1239e9b70ca2	8255	word32 digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8256	#endif
wolfSSL	0:1239e9b70ca2	8257	byte doUserEcc = 0;
wolfSSL	0:1239e9b70ca2	8258
wolfSSL	0:1239e9b70ca2	8259	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8260	if (ssl->ctx->EccVerifyCb)
wolfSSL	0:1239e9b70ca2	8261	doUserEcc = 1;
wolfSSL	0:1239e9b70ca2	8262	#endif
wolfSSL	0:1239e9b70ca2	8263
wolfSSL	0:1239e9b70ca2	8264	if (!ssl->peerEccDsaKeyPresent)
wolfSSL	0:1239e9b70ca2	8265	return NO_PEER_KEY;
wolfSSL	0:1239e9b70ca2	8266
wolfSSL	0:1239e9b70ca2	8267	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	8268	if (hashAlgo == sha_mac) {
wolfSSL	0:1239e9b70ca2	8269	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8270	digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	8271	digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8272	#endif
wolfSSL	0:1239e9b70ca2	8273	}
wolfSSL	0:1239e9b70ca2	8274	else if (hashAlgo == sha256_mac) {
wolfSSL	0:1239e9b70ca2	8275	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	8276	digest = hash256;
wolfSSL	0:1239e9b70ca2	8277	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8278	#endif
wolfSSL	0:1239e9b70ca2	8279	}
wolfSSL	0:1239e9b70ca2	8280	else if (hashAlgo == sha384_mac) {
wolfSSL	0:1239e9b70ca2	8281	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	8282	digest = hash384;
wolfSSL	0:1239e9b70ca2	8283	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8284	#endif
wolfSSL	0:1239e9b70ca2	8285	}
wolfSSL	0:1239e9b70ca2	8286	}
wolfSSL	0:1239e9b70ca2	8287	if (doUserEcc) {
wolfSSL	0:1239e9b70ca2	8288	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8289	ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, length,
wolfSSL	0:1239e9b70ca2	8290	digest, digestSz,
wolfSSL	0:1239e9b70ca2	8291	ssl->buffers.peerEccDsaKey.buffer,
wolfSSL	0:1239e9b70ca2	8292	ssl->buffers.peerEccDsaKey.length,
wolfSSL	0:1239e9b70ca2	8293	&verify, ssl->EccVerifyCtx);
wolfSSL	0:1239e9b70ca2	8294	#endif
wolfSSL	0:1239e9b70ca2	8295	}
wolfSSL	0:1239e9b70ca2	8296	else {
wolfSSL	0:1239e9b70ca2	8297	ret = ecc_verify_hash(input + *inOutIdx, length,
wolfSSL	0:1239e9b70ca2	8298	digest, digestSz, &verify, ssl->peerEccDsaKey);
wolfSSL	0:1239e9b70ca2	8299	}
wolfSSL	0:1239e9b70ca2	8300	if (ret != 0 \|\| verify == 0)
wolfSSL	0:1239e9b70ca2	8301	return VERIFY_SIGN_ERROR;
wolfSSL	0:1239e9b70ca2	8302	}
wolfSSL	0:1239e9b70ca2	8303	else
wolfSSL	0:1239e9b70ca2	8304	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	8305	return ALGO_ID_E;
wolfSSL	0:1239e9b70ca2	8306
wolfSSL	0:1239e9b70ca2	8307	/* signature length */
wolfSSL	0:1239e9b70ca2	8308	*inOutIdx += length;
wolfSSL	0:1239e9b70ca2	8309
wolfSSL	0:1239e9b70ca2	8310	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	0:1239e9b70ca2	8311
wolfSSL	0:1239e9b70ca2	8312	return 0;
wolfSSL	0:1239e9b70ca2	8313	}
wolfSSL	0:1239e9b70ca2	8314	#else /* HAVE_OPENSSL or HAVE_ECC */
wolfSSL	0:1239e9b70ca2	8315	return NOT_COMPILED_IN; /* not supported by build */
wolfSSL	0:1239e9b70ca2	8316	#endif /* HAVE_OPENSSL or HAVE_ECC */
wolfSSL	0:1239e9b70ca2	8317	}
wolfSSL	0:1239e9b70ca2	8318
wolfSSL	0:1239e9b70ca2	8319
wolfSSL	0:1239e9b70ca2	8320	int SendClientKeyExchange(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8321	{
wolfSSL	0:1239e9b70ca2	8322	byte encSecret[MAX_ENCRYPT_SZ];
wolfSSL	0:1239e9b70ca2	8323	word32 encSz = 0;
wolfSSL	0:1239e9b70ca2	8324	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	8325	int ret = 0;
wolfSSL	0:1239e9b70ca2	8326	byte doUserRsa = 0;
wolfSSL	0:1239e9b70ca2	8327
wolfSSL	0:1239e9b70ca2	8328	(void)doUserRsa;
wolfSSL	0:1239e9b70ca2	8329
wolfSSL	0:1239e9b70ca2	8330	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8331	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8332	if (ssl->ctx->RsaEncCb)
wolfSSL	0:1239e9b70ca2	8333	doUserRsa = 1;
wolfSSL	0:1239e9b70ca2	8334	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	8335	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	8336
wolfSSL	0:1239e9b70ca2	8337	switch (ssl->specs.kea) {
wolfSSL	0:1239e9b70ca2	8338	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8339	case rsa_kea:
wolfSSL	0:1239e9b70ca2	8340	ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
wolfSSL	0:1239e9b70ca2	8341	SECRET_LEN);
wolfSSL	0:1239e9b70ca2	8342	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8343	return ret;
wolfSSL	0:1239e9b70ca2	8344
wolfSSL	0:1239e9b70ca2	8345	ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
wolfSSL	0:1239e9b70ca2	8346	ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
wolfSSL	0:1239e9b70ca2	8347	ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL	0:1239e9b70ca2	8348
wolfSSL	0:1239e9b70ca2	8349	if (ssl->peerRsaKeyPresent == 0)
wolfSSL	0:1239e9b70ca2	8350	return NO_PEER_KEY;
wolfSSL	0:1239e9b70ca2	8351
wolfSSL	0:1239e9b70ca2	8352	if (doUserRsa) {
wolfSSL	0:1239e9b70ca2	8353	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8354	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8355	encSz = sizeof(encSecret);
wolfSSL	0:1239e9b70ca2	8356	ret = ssl->ctx->RsaEncCb(ssl,
wolfSSL	0:1239e9b70ca2	8357	ssl->arrays->preMasterSecret,
wolfSSL	0:1239e9b70ca2	8358	SECRET_LEN,
wolfSSL	0:1239e9b70ca2	8359	encSecret, &encSz,
wolfSSL	0:1239e9b70ca2	8360	ssl->buffers.peerRsaKey.buffer,
wolfSSL	0:1239e9b70ca2	8361	ssl->buffers.peerRsaKey.length,
wolfSSL	0:1239e9b70ca2	8362	ssl->RsaEncCtx);
wolfSSL	0:1239e9b70ca2	8363	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	8364	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	8365	}
wolfSSL	0:1239e9b70ca2	8366	else {
wolfSSL	0:1239e9b70ca2	8367	ret = RsaPublicEncrypt(ssl->arrays->preMasterSecret,
wolfSSL	0:1239e9b70ca2	8368	SECRET_LEN, encSecret, sizeof(encSecret),
wolfSSL	0:1239e9b70ca2	8369	ssl->peerRsaKey, ssl->rng);
wolfSSL	0:1239e9b70ca2	8370	if (ret > 0) {
wolfSSL	0:1239e9b70ca2	8371	encSz = ret;
wolfSSL	0:1239e9b70ca2	8372	ret = 0; /* set success to 0 */
wolfSSL	0:1239e9b70ca2	8373	}
wolfSSL	0:1239e9b70ca2	8374	}
wolfSSL	0:1239e9b70ca2	8375	break;
wolfSSL	0:1239e9b70ca2	8376	#endif
wolfSSL	0:1239e9b70ca2	8377	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	8378	case diffie_hellman_kea:
wolfSSL	0:1239e9b70ca2	8379	{
wolfSSL	0:1239e9b70ca2	8380	buffer serverP = ssl->buffers.serverDH_P;
wolfSSL	0:1239e9b70ca2	8381	buffer serverG = ssl->buffers.serverDH_G;
wolfSSL	0:1239e9b70ca2	8382	buffer serverPub = ssl->buffers.serverDH_Pub;
wolfSSL	0:1239e9b70ca2	8383	byte priv[ENCRYPT_LEN];
wolfSSL	0:1239e9b70ca2	8384	word32 privSz = 0;
wolfSSL	0:1239e9b70ca2	8385	DhKey key;
wolfSSL	0:1239e9b70ca2	8386
wolfSSL	0:1239e9b70ca2	8387	if (serverP.buffer == 0 \|\| serverG.buffer == 0 \|\|
wolfSSL	0:1239e9b70ca2	8388	serverPub.buffer == 0)
wolfSSL	0:1239e9b70ca2	8389	return NO_PEER_KEY;
wolfSSL	0:1239e9b70ca2	8390
wolfSSL	0:1239e9b70ca2	8391	InitDhKey(&key);
wolfSSL	0:1239e9b70ca2	8392	ret = DhSetKey(&key, serverP.buffer, serverP.length,
wolfSSL	0:1239e9b70ca2	8393	serverG.buffer, serverG.length);
wolfSSL	0:1239e9b70ca2	8394	if (ret == 0)
wolfSSL	0:1239e9b70ca2	8395	/* for DH, encSecret is Yc, agree is pre-master */
wolfSSL	0:1239e9b70ca2	8396	ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz,
wolfSSL	0:1239e9b70ca2	8397	encSecret, &encSz);
wolfSSL	0:1239e9b70ca2	8398	if (ret == 0)
wolfSSL	0:1239e9b70ca2	8399	ret = DhAgree(&key, ssl->arrays->preMasterSecret,
wolfSSL	0:1239e9b70ca2	8400	&ssl->arrays->preMasterSz, priv, privSz,
wolfSSL	0:1239e9b70ca2	8401	serverPub.buffer, serverPub.length);
wolfSSL	0:1239e9b70ca2	8402	FreeDhKey(&key);
wolfSSL	0:1239e9b70ca2	8403	}
wolfSSL	0:1239e9b70ca2	8404	break;
wolfSSL	0:1239e9b70ca2	8405	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	8406	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	8407	case psk_kea:
wolfSSL	0:1239e9b70ca2	8408	{
wolfSSL	0:1239e9b70ca2	8409	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	0:1239e9b70ca2	8410
wolfSSL	0:1239e9b70ca2	8411	ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL	0:1239e9b70ca2	8412	ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL	0:1239e9b70ca2	8413	MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL	0:1239e9b70ca2	8414	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	0:1239e9b70ca2	8415	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
wolfSSL	0:1239e9b70ca2	8416	return PSK_KEY_ERROR;
wolfSSL	0:1239e9b70ca2	8417	encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL	0:1239e9b70ca2	8418	if (encSz > MAX_PSK_ID_LEN) return CLIENT_ID_ERROR;
wolfSSL	0:1239e9b70ca2	8419	XMEMCPY(encSecret, ssl->arrays->client_identity, encSz);
wolfSSL	0:1239e9b70ca2	8420
wolfSSL	0:1239e9b70ca2	8421	/* make psk pre master secret */
wolfSSL	0:1239e9b70ca2	8422	/* length of key + length 0s + length of key + key */
wolfSSL	0:1239e9b70ca2	8423	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	0:1239e9b70ca2	8424	pms += 2;
wolfSSL	0:1239e9b70ca2	8425	XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL	0:1239e9b70ca2	8426	pms += ssl->arrays->psk_keySz;
wolfSSL	0:1239e9b70ca2	8427	c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL	0:1239e9b70ca2	8428	pms += 2;
wolfSSL	0:1239e9b70ca2	8429	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	0:1239e9b70ca2	8430	ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
wolfSSL	0:1239e9b70ca2	8431	XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
wolfSSL	0:1239e9b70ca2	8432	ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL	0:1239e9b70ca2	8433	}
wolfSSL	0:1239e9b70ca2	8434	break;
wolfSSL	0:1239e9b70ca2	8435	#endif /* NO_PSK */
wolfSSL	0:1239e9b70ca2	8436	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	8437	case ntru_kea:
wolfSSL	0:1239e9b70ca2	8438	{
wolfSSL	0:1239e9b70ca2	8439	word32 rc;
wolfSSL	0:1239e9b70ca2	8440	word16 cipherLen = sizeof(encSecret);
wolfSSL	0:1239e9b70ca2	8441	DRBG_HANDLE drbg;
wolfSSL	0:1239e9b70ca2	8442	static uint8_t const cyasslStr[] = {
wolfSSL	0:1239e9b70ca2	8443	'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
wolfSSL	0:1239e9b70ca2	8444	};
wolfSSL	0:1239e9b70ca2	8445
wolfSSL	0:1239e9b70ca2	8446	ret = RNG_GenerateBlock(ssl->rng,
wolfSSL	0:1239e9b70ca2	8447	ssl->arrays->preMasterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	8448	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8449	return ret;
wolfSSL	0:1239e9b70ca2	8450
wolfSSL	0:1239e9b70ca2	8451	ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL	0:1239e9b70ca2	8452
wolfSSL	0:1239e9b70ca2	8453	if (ssl->peerNtruKeyPresent == 0)
wolfSSL	0:1239e9b70ca2	8454	return NO_PEER_KEY;
wolfSSL	0:1239e9b70ca2	8455
wolfSSL	0:1239e9b70ca2	8456	rc = crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr,
wolfSSL	0:1239e9b70ca2	8457	sizeof(cyasslStr), GetEntropy,
wolfSSL	0:1239e9b70ca2	8458	&drbg);
wolfSSL	0:1239e9b70ca2	8459	if (rc != DRBG_OK)
wolfSSL	0:1239e9b70ca2	8460	return NTRU_DRBG_ERROR;
wolfSSL	0:1239e9b70ca2	8461
wolfSSL	0:1239e9b70ca2	8462	rc = crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
wolfSSL	0:1239e9b70ca2	8463	ssl->peerNtruKey,
wolfSSL	0:1239e9b70ca2	8464	ssl->arrays->preMasterSz,
wolfSSL	0:1239e9b70ca2	8465	ssl->arrays->preMasterSecret,
wolfSSL	0:1239e9b70ca2	8466	&cipherLen, encSecret);
wolfSSL	0:1239e9b70ca2	8467	crypto_drbg_uninstantiate(drbg);
wolfSSL	0:1239e9b70ca2	8468	if (rc != NTRU_OK)
wolfSSL	0:1239e9b70ca2	8469	return NTRU_ENCRYPT_ERROR;
wolfSSL	0:1239e9b70ca2	8470
wolfSSL	0:1239e9b70ca2	8471	encSz = cipherLen;
wolfSSL	0:1239e9b70ca2	8472	ret = 0;
wolfSSL	0:1239e9b70ca2	8473	}
wolfSSL	0:1239e9b70ca2	8474	break;
wolfSSL	0:1239e9b70ca2	8475	#endif /* HAVE_NTRU */
wolfSSL	0:1239e9b70ca2	8476	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8477	case ecc_diffie_hellman_kea:
wolfSSL	0:1239e9b70ca2	8478	{
wolfSSL	0:1239e9b70ca2	8479	ecc_key myKey;
wolfSSL	0:1239e9b70ca2	8480	ecc_key* peerKey = NULL;
wolfSSL	0:1239e9b70ca2	8481	word32 size = sizeof(encSecret);
wolfSSL	0:1239e9b70ca2	8482
wolfSSL	0:1239e9b70ca2	8483	if (ssl->specs.static_ecdh) {
wolfSSL	0:1239e9b70ca2	8484	/* TODO: EccDsa is really fixed Ecc change naming */
wolfSSL	0:1239e9b70ca2	8485	if (!ssl->peerEccDsaKeyPresent \|\| !ssl->peerEccDsaKey->dp)
wolfSSL	0:1239e9b70ca2	8486	return NO_PEER_KEY;
wolfSSL	0:1239e9b70ca2	8487	peerKey = ssl->peerEccDsaKey;
wolfSSL	0:1239e9b70ca2	8488	}
wolfSSL	0:1239e9b70ca2	8489	else {
wolfSSL	0:1239e9b70ca2	8490	if (!ssl->peerEccKeyPresent \|\| !ssl->peerEccKey->dp)
wolfSSL	0:1239e9b70ca2	8491	return NO_PEER_KEY;
wolfSSL	0:1239e9b70ca2	8492	peerKey = ssl->peerEccKey;
wolfSSL	0:1239e9b70ca2	8493	}
wolfSSL	0:1239e9b70ca2	8494
wolfSSL	0:1239e9b70ca2	8495	if (peerKey == NULL)
wolfSSL	0:1239e9b70ca2	8496	return NO_PEER_KEY;
wolfSSL	0:1239e9b70ca2	8497
wolfSSL	0:1239e9b70ca2	8498	ecc_init(&myKey);
wolfSSL	0:1239e9b70ca2	8499	ret = ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
wolfSSL	0:1239e9b70ca2	8500	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8501	return ECC_MAKEKEY_ERROR;
wolfSSL	0:1239e9b70ca2	8502
wolfSSL	0:1239e9b70ca2	8503	/* precede export with 1 byte length */
wolfSSL	0:1239e9b70ca2	8504	ret = ecc_export_x963(&myKey, encSecret + 1, &size);
wolfSSL	0:1239e9b70ca2	8505	encSecret[0] = (byte)size;
wolfSSL	0:1239e9b70ca2	8506	encSz = size + 1;
wolfSSL	0:1239e9b70ca2	8507
wolfSSL	0:1239e9b70ca2	8508	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8509	ret = ECC_EXPORT_ERROR;
wolfSSL	0:1239e9b70ca2	8510	else {
wolfSSL	0:1239e9b70ca2	8511	size = sizeof(ssl->arrays->preMasterSecret);
wolfSSL	0:1239e9b70ca2	8512	ret = ecc_shared_secret(&myKey, peerKey,
wolfSSL	0:1239e9b70ca2	8513	ssl->arrays->preMasterSecret, &size);
wolfSSL	0:1239e9b70ca2	8514	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8515	ret = ECC_SHARED_ERROR;
wolfSSL	0:1239e9b70ca2	8516	}
wolfSSL	0:1239e9b70ca2	8517
wolfSSL	0:1239e9b70ca2	8518	ssl->arrays->preMasterSz = size;
wolfSSL	0:1239e9b70ca2	8519	ecc_free(&myKey);
wolfSSL	0:1239e9b70ca2	8520	}
wolfSSL	0:1239e9b70ca2	8521	break;
wolfSSL	0:1239e9b70ca2	8522	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	8523	default:
wolfSSL	0:1239e9b70ca2	8524	return ALGO_ID_E; /* unsupported kea */
wolfSSL	0:1239e9b70ca2	8525	}
wolfSSL	0:1239e9b70ca2	8526
wolfSSL	0:1239e9b70ca2	8527	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	8528	byte *output;
wolfSSL	0:1239e9b70ca2	8529	int sendSz;
wolfSSL	0:1239e9b70ca2	8530	word32 tlsSz = 0;
wolfSSL	0:1239e9b70ca2	8531
wolfSSL	0:1239e9b70ca2	8532	if (ssl->options.tls \|\| ssl->specs.kea == diffie_hellman_kea)
wolfSSL	0:1239e9b70ca2	8533	tlsSz = 2;
wolfSSL	0:1239e9b70ca2	8534
wolfSSL	0:1239e9b70ca2	8535	if (ssl->specs.kea == ecc_diffie_hellman_kea) /* always off */
wolfSSL	0:1239e9b70ca2	8536	tlsSz = 0;
wolfSSL	0:1239e9b70ca2	8537
wolfSSL	0:1239e9b70ca2	8538	sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	8539	idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	8540
wolfSSL	0:1239e9b70ca2	8541	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	8542	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	8543	sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	8544	idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL	0:1239e9b70ca2	8545	}
wolfSSL	0:1239e9b70ca2	8546	#endif
wolfSSL	0:1239e9b70ca2	8547
wolfSSL	0:1239e9b70ca2	8548	/* check for available size */
wolfSSL	0:1239e9b70ca2	8549	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	8550	return ret;
wolfSSL	0:1239e9b70ca2	8551
wolfSSL	0:1239e9b70ca2	8552	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	8553	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	8554	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	8555
wolfSSL	0:1239e9b70ca2	8556	AddHeaders(output, encSz + tlsSz, client_key_exchange, ssl);
wolfSSL	0:1239e9b70ca2	8557
wolfSSL	0:1239e9b70ca2	8558	if (tlsSz) {
wolfSSL	0:1239e9b70ca2	8559	c16toa((word16)encSz, &output[idx]);
wolfSSL	0:1239e9b70ca2	8560	idx += 2;
wolfSSL	0:1239e9b70ca2	8561	}
wolfSSL	0:1239e9b70ca2	8562	XMEMCPY(output + idx, encSecret, encSz);
wolfSSL	0:1239e9b70ca2	8563	/* if add more to output, adjust idx
wolfSSL	0:1239e9b70ca2	8564	idx += encSz; */
wolfSSL	0:1239e9b70ca2	8565	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	8566	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	8567	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	8568	return ret;
wolfSSL	0:1239e9b70ca2	8569	}
wolfSSL	0:1239e9b70ca2	8570	#endif
wolfSSL	0:1239e9b70ca2	8571
wolfSSL	0:1239e9b70ca2	8572	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	8573	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8574	return ret;
wolfSSL	0:1239e9b70ca2	8575
wolfSSL	0:1239e9b70ca2	8576	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	8577	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	8578	AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	8579	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	8580	AddPacketInfo("ClientKeyExchange", &ssl->timeoutInfo,
wolfSSL	0:1239e9b70ca2	8581	output, sendSz, ssl->heap);
wolfSSL	0:1239e9b70ca2	8582	#endif
wolfSSL	0:1239e9b70ca2	8583
wolfSSL	0:1239e9b70ca2	8584	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	8585
wolfSSL	0:1239e9b70ca2	8586	if (ssl->options.groupMessages)
wolfSSL	0:1239e9b70ca2	8587	ret = 0;
wolfSSL	0:1239e9b70ca2	8588	else
wolfSSL	0:1239e9b70ca2	8589	ret = SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	8590	}
wolfSSL	0:1239e9b70ca2	8591
wolfSSL	0:1239e9b70ca2	8592	if (ret == 0 \|\| ret == WANT_WRITE) {
wolfSSL	0:1239e9b70ca2	8593	int tmpRet = MakeMasterSecret(ssl);
wolfSSL	0:1239e9b70ca2	8594	if (tmpRet != 0)
wolfSSL	0:1239e9b70ca2	8595	ret = tmpRet; /* save WANT_WRITE unless more serious */
wolfSSL	0:1239e9b70ca2	8596	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	0:1239e9b70ca2	8597	}
wolfSSL	0:1239e9b70ca2	8598	/* No further need for PMS */
wolfSSL	0:1239e9b70ca2	8599	XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
wolfSSL	0:1239e9b70ca2	8600	ssl->arrays->preMasterSz = 0;
wolfSSL	0:1239e9b70ca2	8601
wolfSSL	0:1239e9b70ca2	8602	return ret;
wolfSSL	0:1239e9b70ca2	8603	}
wolfSSL	0:1239e9b70ca2	8604
wolfSSL	0:1239e9b70ca2	8605	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	8606	int SendCertificateVerify(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8607	{
wolfSSL	0:1239e9b70ca2	8608	byte *output;
wolfSSL	0:1239e9b70ca2	8609	int sendSz = 0, length, ret;
wolfSSL	0:1239e9b70ca2	8610	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	8611	word32 sigOutSz = 0;
wolfSSL	0:1239e9b70ca2	8612	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8613	RsaKey key;
wolfSSL	0:1239e9b70ca2	8614	int initRsaKey = 0;
wolfSSL	0:1239e9b70ca2	8615	#endif
wolfSSL	0:1239e9b70ca2	8616	int usingEcc = 0;
wolfSSL	0:1239e9b70ca2	8617	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8618	ecc_key eccKey;
wolfSSL	0:1239e9b70ca2	8619	#endif
wolfSSL	0:1239e9b70ca2	8620
wolfSSL	0:1239e9b70ca2	8621	(void)idx;
wolfSSL	0:1239e9b70ca2	8622
wolfSSL	0:1239e9b70ca2	8623	if (ssl->options.sendVerify == SEND_BLANK_CERT)
wolfSSL	0:1239e9b70ca2	8624	return 0; /* sent blank cert, can't verify */
wolfSSL	0:1239e9b70ca2	8625
wolfSSL	0:1239e9b70ca2	8626	/* check for available size */
wolfSSL	0:1239e9b70ca2	8627	if ((ret = CheckAvailableSize(ssl, MAX_CERT_VERIFY_SZ)) != 0)
wolfSSL	0:1239e9b70ca2	8628	return ret;
wolfSSL	0:1239e9b70ca2	8629
wolfSSL	0:1239e9b70ca2	8630	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	8631	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	8632	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	8633
wolfSSL	0:1239e9b70ca2	8634	ret = BuildCertHashes(ssl, &ssl->certHashes);
wolfSSL	0:1239e9b70ca2	8635	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8636	return ret;
wolfSSL	0:1239e9b70ca2	8637
wolfSSL	0:1239e9b70ca2	8638	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8639	ecc_init(&eccKey);
wolfSSL	0:1239e9b70ca2	8640	#endif
wolfSSL	0:1239e9b70ca2	8641	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8642	ret = InitRsaKey(&key, ssl->heap);
wolfSSL	0:1239e9b70ca2	8643	if (ret == 0) initRsaKey = 1;
wolfSSL	0:1239e9b70ca2	8644	if (ret == 0)
wolfSSL	0:1239e9b70ca2	8645	ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &key,
wolfSSL	0:1239e9b70ca2	8646	ssl->buffers.key.length);
wolfSSL	0:1239e9b70ca2	8647	if (ret == 0)
wolfSSL	0:1239e9b70ca2	8648	sigOutSz = RsaEncryptSize(&key);
wolfSSL	0:1239e9b70ca2	8649	else
wolfSSL	0:1239e9b70ca2	8650	#endif
wolfSSL	0:1239e9b70ca2	8651	{
wolfSSL	0:1239e9b70ca2	8652	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8653	CYASSL_MSG("Trying ECC client cert, RSA didn't work");
wolfSSL	0:1239e9b70ca2	8654
wolfSSL	0:1239e9b70ca2	8655	idx = 0;
wolfSSL	0:1239e9b70ca2	8656	ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &eccKey,
wolfSSL	0:1239e9b70ca2	8657	ssl->buffers.key.length);
wolfSSL	0:1239e9b70ca2	8658	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	8659	CYASSL_MSG("Using ECC client cert");
wolfSSL	0:1239e9b70ca2	8660	usingEcc = 1;
wolfSSL	0:1239e9b70ca2	8661	sigOutSz = MAX_ENCODED_SIG_SZ;
wolfSSL	0:1239e9b70ca2	8662	}
wolfSSL	0:1239e9b70ca2	8663	else {
wolfSSL	0:1239e9b70ca2	8664	CYASSL_MSG("Bad client cert type");
wolfSSL	0:1239e9b70ca2	8665	}
wolfSSL	0:1239e9b70ca2	8666	#endif
wolfSSL	0:1239e9b70ca2	8667	}
wolfSSL	0:1239e9b70ca2	8668	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	8669	byte* verify = (byte*)&output[RECORD_HEADER_SZ +
wolfSSL	0:1239e9b70ca2	8670	HANDSHAKE_HEADER_SZ];
wolfSSL	0:1239e9b70ca2	8671	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	8672	byte* signBuffer = ssl->certHashes.md5;
wolfSSL	0:1239e9b70ca2	8673	#else
wolfSSL	0:1239e9b70ca2	8674	byte* signBuffer = NULL;
wolfSSL	0:1239e9b70ca2	8675	#endif
wolfSSL	0:1239e9b70ca2	8676	word32 signSz = FINISHED_SZ;
wolfSSL	0:1239e9b70ca2	8677	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	0:1239e9b70ca2	8678	word32 extraSz = 0; /* tls 1.2 hash/sig */
wolfSSL	0:1239e9b70ca2	8679
wolfSSL	0:1239e9b70ca2	8680	(void)encodedSig;
wolfSSL	0:1239e9b70ca2	8681	(void)signSz;
wolfSSL	0:1239e9b70ca2	8682	(void)signBuffer;
wolfSSL	0:1239e9b70ca2	8683
wolfSSL	0:1239e9b70ca2	8684	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	8685	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	8686	verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	8687	#endif
wolfSSL	0:1239e9b70ca2	8688	length = sigOutSz;
wolfSSL	0:1239e9b70ca2	8689	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	8690	verify[0] = ssl->suites->hashAlgo;
wolfSSL	0:1239e9b70ca2	8691	verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo;
wolfSSL	0:1239e9b70ca2	8692	extraSz = HASH_SIG_SIZE;
wolfSSL	0:1239e9b70ca2	8693	}
wolfSSL	0:1239e9b70ca2	8694
wolfSSL	0:1239e9b70ca2	8695	if (usingEcc) {
wolfSSL	0:1239e9b70ca2	8696	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8697	word32 localSz = MAX_ENCODED_SIG_SZ;
wolfSSL	0:1239e9b70ca2	8698	word32 digestSz;
wolfSSL	0:1239e9b70ca2	8699	byte* digest;
wolfSSL	0:1239e9b70ca2	8700	byte doUserEcc = 0;
wolfSSL	0:1239e9b70ca2	8701	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	8702	/* old tls default */
wolfSSL	0:1239e9b70ca2	8703	digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8704	digest = ssl->certHashes.sha;
wolfSSL	0:1239e9b70ca2	8705	#else
wolfSSL	0:1239e9b70ca2	8706	/* new tls default */
wolfSSL	0:1239e9b70ca2	8707	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8708	digest = ssl->certHashes.sha256;
wolfSSL	0:1239e9b70ca2	8709	#endif
wolfSSL	0:1239e9b70ca2	8710
wolfSSL	0:1239e9b70ca2	8711	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8712	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8713	if (ssl->ctx->EccSignCb)
wolfSSL	0:1239e9b70ca2	8714	doUserEcc = 1;
wolfSSL	0:1239e9b70ca2	8715	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	8716	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	8717
wolfSSL	0:1239e9b70ca2	8718	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	8719	if (ssl->suites->hashAlgo == sha_mac) {
wolfSSL	0:1239e9b70ca2	8720	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8721	digest = ssl->certHashes.sha;
wolfSSL	0:1239e9b70ca2	8722	digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8723	#endif
wolfSSL	0:1239e9b70ca2	8724	}
wolfSSL	0:1239e9b70ca2	8725	else if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	0:1239e9b70ca2	8726	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	8727	digest = ssl->certHashes.sha256;
wolfSSL	0:1239e9b70ca2	8728	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8729	#endif
wolfSSL	0:1239e9b70ca2	8730	}
wolfSSL	0:1239e9b70ca2	8731	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	0:1239e9b70ca2	8732	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	8733	digest = ssl->certHashes.sha384;
wolfSSL	0:1239e9b70ca2	8734	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8735	#endif
wolfSSL	0:1239e9b70ca2	8736	}
wolfSSL	0:1239e9b70ca2	8737	}
wolfSSL	0:1239e9b70ca2	8738
wolfSSL	0:1239e9b70ca2	8739	if (doUserEcc) {
wolfSSL	0:1239e9b70ca2	8740	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8741	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8742	ret = ssl->ctx->EccSignCb(ssl, digest, digestSz,
wolfSSL	0:1239e9b70ca2	8743	encodedSig, &localSz,
wolfSSL	0:1239e9b70ca2	8744	ssl->buffers.key.buffer,
wolfSSL	0:1239e9b70ca2	8745	ssl->buffers.key.length,
wolfSSL	0:1239e9b70ca2	8746	ssl->EccSignCtx);
wolfSSL	0:1239e9b70ca2	8747	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	8748	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	8749	}
wolfSSL	0:1239e9b70ca2	8750	else {
wolfSSL	0:1239e9b70ca2	8751	ret = ecc_sign_hash(digest, digestSz, encodedSig,
wolfSSL	0:1239e9b70ca2	8752	&localSz, ssl->rng, &eccKey);
wolfSSL	0:1239e9b70ca2	8753	}
wolfSSL	0:1239e9b70ca2	8754	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	8755	length = localSz;
wolfSSL	0:1239e9b70ca2	8756	c16toa((word16)length, verify + extraSz); /* prepend hdr */
wolfSSL	0:1239e9b70ca2	8757	XMEMCPY(verify + extraSz + VERIFY_HEADER,encodedSig,length);
wolfSSL	0:1239e9b70ca2	8758	}
wolfSSL	0:1239e9b70ca2	8759	#endif
wolfSSL	0:1239e9b70ca2	8760	}
wolfSSL	0:1239e9b70ca2	8761	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8762	else {
wolfSSL	0:1239e9b70ca2	8763	byte doUserRsa = 0;
wolfSSL	0:1239e9b70ca2	8764
wolfSSL	0:1239e9b70ca2	8765	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8766	if (ssl->ctx->RsaSignCb)
wolfSSL	0:1239e9b70ca2	8767	doUserRsa = 1;
wolfSSL	0:1239e9b70ca2	8768	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	8769
wolfSSL	0:1239e9b70ca2	8770	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	8771	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	8772	byte* digest = ssl->certHashes.sha;
wolfSSL	0:1239e9b70ca2	8773	int digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8774	int typeH = SHAh;
wolfSSL	0:1239e9b70ca2	8775	#else
wolfSSL	0:1239e9b70ca2	8776	byte* digest = ssl->certHashes.sha256;
wolfSSL	0:1239e9b70ca2	8777	int digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8778	int typeH = SHA256h;
wolfSSL	0:1239e9b70ca2	8779	#endif
wolfSSL	0:1239e9b70ca2	8780
wolfSSL	0:1239e9b70ca2	8781	if (ssl->suites->hashAlgo == sha_mac) {
wolfSSL	0:1239e9b70ca2	8782	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8783	digest = ssl->certHashes.sha;
wolfSSL	0:1239e9b70ca2	8784	typeH = SHAh;
wolfSSL	0:1239e9b70ca2	8785	digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8786	#endif
wolfSSL	0:1239e9b70ca2	8787	}
wolfSSL	0:1239e9b70ca2	8788	else if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	0:1239e9b70ca2	8789	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	8790	digest = ssl->certHashes.sha256;
wolfSSL	0:1239e9b70ca2	8791	typeH = SHA256h;
wolfSSL	0:1239e9b70ca2	8792	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8793	#endif
wolfSSL	0:1239e9b70ca2	8794	}
wolfSSL	0:1239e9b70ca2	8795	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	0:1239e9b70ca2	8796	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	8797	digest = ssl->certHashes.sha384;
wolfSSL	0:1239e9b70ca2	8798	typeH = SHA384h;
wolfSSL	0:1239e9b70ca2	8799	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	8800	#endif
wolfSSL	0:1239e9b70ca2	8801	}
wolfSSL	0:1239e9b70ca2	8802
wolfSSL	0:1239e9b70ca2	8803	signSz = EncodeSignature(encodedSig, digest,digestSz,typeH);
wolfSSL	0:1239e9b70ca2	8804	signBuffer = encodedSig;
wolfSSL	0:1239e9b70ca2	8805	}
wolfSSL	0:1239e9b70ca2	8806
wolfSSL	0:1239e9b70ca2	8807	c16toa((word16)length, verify + extraSz); /* prepend hdr */
wolfSSL	0:1239e9b70ca2	8808	if (doUserRsa) {
wolfSSL	0:1239e9b70ca2	8809	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	8810	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8811	word32 ioLen = ENCRYPT_LEN;
wolfSSL	0:1239e9b70ca2	8812	ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
wolfSSL	0:1239e9b70ca2	8813	verify + extraSz + VERIFY_HEADER,
wolfSSL	0:1239e9b70ca2	8814	&ioLen,
wolfSSL	0:1239e9b70ca2	8815	ssl->buffers.key.buffer,
wolfSSL	0:1239e9b70ca2	8816	ssl->buffers.key.length,
wolfSSL	0:1239e9b70ca2	8817	ssl->RsaSignCtx);
wolfSSL	0:1239e9b70ca2	8818	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	8819	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	8820	}
wolfSSL	0:1239e9b70ca2	8821	else {
wolfSSL	0:1239e9b70ca2	8822	ret = RsaSSL_Sign(signBuffer, signSz, verify + extraSz +
wolfSSL	0:1239e9b70ca2	8823	VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng);
wolfSSL	0:1239e9b70ca2	8824	}
wolfSSL	0:1239e9b70ca2	8825
wolfSSL	0:1239e9b70ca2	8826	if (ret > 0)
wolfSSL	0:1239e9b70ca2	8827	ret = 0; /* RSA reset */
wolfSSL	0:1239e9b70ca2	8828	}
wolfSSL	0:1239e9b70ca2	8829	#endif
wolfSSL	0:1239e9b70ca2	8830	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	8831	AddHeaders(output, length + extraSz + VERIFY_HEADER,
wolfSSL	0:1239e9b70ca2	8832	certificate_verify, ssl);
wolfSSL	0:1239e9b70ca2	8833
wolfSSL	0:1239e9b70ca2	8834	sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length +
wolfSSL	0:1239e9b70ca2	8835	extraSz + VERIFY_HEADER;
wolfSSL	0:1239e9b70ca2	8836	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	8837	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	8838	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	8839	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	8840	return ret;
wolfSSL	0:1239e9b70ca2	8841	}
wolfSSL	0:1239e9b70ca2	8842	#endif
wolfSSL	0:1239e9b70ca2	8843
wolfSSL	0:1239e9b70ca2	8844	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	8845	}
wolfSSL	0:1239e9b70ca2	8846	}
wolfSSL	0:1239e9b70ca2	8847	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8848	if (initRsaKey)
wolfSSL	0:1239e9b70ca2	8849	FreeRsaKey(&key);
wolfSSL	0:1239e9b70ca2	8850	#endif
wolfSSL	0:1239e9b70ca2	8851	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8852	ecc_free(&eccKey);
wolfSSL	0:1239e9b70ca2	8853	#endif
wolfSSL	0:1239e9b70ca2	8854
wolfSSL	0:1239e9b70ca2	8855	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	8856	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	8857	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	8858	AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	8859	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	8860	AddPacketInfo("CertificateVerify", &ssl->timeoutInfo,
wolfSSL	0:1239e9b70ca2	8861	output, sendSz, ssl->heap);
wolfSSL	0:1239e9b70ca2	8862	#endif
wolfSSL	0:1239e9b70ca2	8863	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	8864	if (ssl->options.groupMessages)
wolfSSL	0:1239e9b70ca2	8865	return 0;
wolfSSL	0:1239e9b70ca2	8866	else
wolfSSL	0:1239e9b70ca2	8867	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	8868	}
wolfSSL	0:1239e9b70ca2	8869	else
wolfSSL	0:1239e9b70ca2	8870	return ret;
wolfSSL	0:1239e9b70ca2	8871	}
wolfSSL	0:1239e9b70ca2	8872	#endif /* NO_CERTS */
wolfSSL	0:1239e9b70ca2	8873
wolfSSL	0:1239e9b70ca2	8874
wolfSSL	0:1239e9b70ca2	8875	#endif /* NO_CYASSL_CLIENT */
wolfSSL	0:1239e9b70ca2	8876
wolfSSL	0:1239e9b70ca2	8877
wolfSSL	0:1239e9b70ca2	8878	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	8879
wolfSSL	0:1239e9b70ca2	8880	int SendServerHello(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8881	{
wolfSSL	0:1239e9b70ca2	8882	byte *output;
wolfSSL	0:1239e9b70ca2	8883	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	8884	int sendSz;
wolfSSL	0:1239e9b70ca2	8885	int ret;
wolfSSL	0:1239e9b70ca2	8886
wolfSSL	0:1239e9b70ca2	8887	length = VERSION_SZ + RAN_LEN
wolfSSL	0:1239e9b70ca2	8888	+ ID_LEN + ENUM_LEN
wolfSSL	0:1239e9b70ca2	8889	+ SUITE_LEN
wolfSSL	0:1239e9b70ca2	8890	+ ENUM_LEN;
wolfSSL	0:1239e9b70ca2	8891
wolfSSL	0:1239e9b70ca2	8892	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	8893	length += TLSX_GetResponseSize(ssl);
wolfSSL	0:1239e9b70ca2	8894	#endif
wolfSSL	0:1239e9b70ca2	8895
wolfSSL	0:1239e9b70ca2	8896	/* check for avalaible size */
wolfSSL	0:1239e9b70ca2	8897	if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)
wolfSSL	0:1239e9b70ca2	8898	return ret;
wolfSSL	0:1239e9b70ca2	8899
wolfSSL	0:1239e9b70ca2	8900	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	8901	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	8902	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	8903
wolfSSL	0:1239e9b70ca2	8904	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	8905	AddHeaders(output, length, server_hello, ssl);
wolfSSL	0:1239e9b70ca2	8906
wolfSSL	0:1239e9b70ca2	8907	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	8908	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	8909	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	8910	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	8911	}
wolfSSL	0:1239e9b70ca2	8912	#endif
wolfSSL	0:1239e9b70ca2	8913	/* now write to output */
wolfSSL	0:1239e9b70ca2	8914	/* first version */
wolfSSL	0:1239e9b70ca2	8915	output[idx++] = ssl->version.major;
wolfSSL	0:1239e9b70ca2	8916	output[idx++] = ssl->version.minor;
wolfSSL	0:1239e9b70ca2	8917
wolfSSL	0:1239e9b70ca2	8918	/* then random */
wolfSSL	0:1239e9b70ca2	8919	if (!ssl->options.resuming) {
wolfSSL	0:1239e9b70ca2	8920	ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL	0:1239e9b70ca2	8921	RAN_LEN);
wolfSSL	0:1239e9b70ca2	8922	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8923	return ret;
wolfSSL	0:1239e9b70ca2	8924	}
wolfSSL	0:1239e9b70ca2	8925
wolfSSL	0:1239e9b70ca2	8926	XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	8927	idx += RAN_LEN;
wolfSSL	0:1239e9b70ca2	8928
wolfSSL	0:1239e9b70ca2	8929	#ifdef SHOW_SECRETS
wolfSSL	0:1239e9b70ca2	8930	{
wolfSSL	0:1239e9b70ca2	8931	int j;
wolfSSL	0:1239e9b70ca2	8932	printf("server random: ");
wolfSSL	0:1239e9b70ca2	8933	for (j = 0; j < RAN_LEN; j++)
wolfSSL	0:1239e9b70ca2	8934	printf("%02x", ssl->arrays->serverRandom[j]);
wolfSSL	0:1239e9b70ca2	8935	printf("\n");
wolfSSL	0:1239e9b70ca2	8936	}
wolfSSL	0:1239e9b70ca2	8937	#endif
wolfSSL	0:1239e9b70ca2	8938	/* then session id */
wolfSSL	0:1239e9b70ca2	8939	output[idx++] = ID_LEN;
wolfSSL	0:1239e9b70ca2	8940
wolfSSL	0:1239e9b70ca2	8941	if (!ssl->options.resuming) {
wolfSSL	0:1239e9b70ca2	8942	ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN);
wolfSSL	0:1239e9b70ca2	8943	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8944	return ret;
wolfSSL	0:1239e9b70ca2	8945	}
wolfSSL	0:1239e9b70ca2	8946
wolfSSL	0:1239e9b70ca2	8947	XMEMCPY(output + idx, ssl->arrays->sessionID, ID_LEN);
wolfSSL	0:1239e9b70ca2	8948	idx += ID_LEN;
wolfSSL	0:1239e9b70ca2	8949
wolfSSL	0:1239e9b70ca2	8950	/* then cipher suite */
wolfSSL	0:1239e9b70ca2	8951	output[idx++] = ssl->options.cipherSuite0;
wolfSSL	0:1239e9b70ca2	8952	output[idx++] = ssl->options.cipherSuite;
wolfSSL	0:1239e9b70ca2	8953
wolfSSL	0:1239e9b70ca2	8954	/* then compression */
wolfSSL	0:1239e9b70ca2	8955	if (ssl->options.usingCompression)
wolfSSL	0:1239e9b70ca2	8956	output[idx++] = ZLIB_COMPRESSION;
wolfSSL	0:1239e9b70ca2	8957	else
wolfSSL	0:1239e9b70ca2	8958	output[idx++] = NO_COMPRESSION;
wolfSSL	0:1239e9b70ca2	8959
wolfSSL	0:1239e9b70ca2	8960	/* last, extensions */
wolfSSL	0:1239e9b70ca2	8961	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	8962	if (IsTLS(ssl))
wolfSSL	0:1239e9b70ca2	8963	TLSX_WriteResponse(ssl, output + idx);
wolfSSL	0:1239e9b70ca2	8964	#endif
wolfSSL	0:1239e9b70ca2	8965
wolfSSL	0:1239e9b70ca2	8966	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	8967	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	8968	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	8969	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	8970	return ret;
wolfSSL	0:1239e9b70ca2	8971	}
wolfSSL	0:1239e9b70ca2	8972	#endif
wolfSSL	0:1239e9b70ca2	8973
wolfSSL	0:1239e9b70ca2	8974	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	8975	if (ret != 0)
wolfSSL	0:1239e9b70ca2	8976	return ret;
wolfSSL	0:1239e9b70ca2	8977
wolfSSL	0:1239e9b70ca2	8978	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	8979	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	8980	AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	8981	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	8982	AddPacketInfo("ServerHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL	0:1239e9b70ca2	8983	ssl->heap);
wolfSSL	0:1239e9b70ca2	8984	#endif
wolfSSL	0:1239e9b70ca2	8985
wolfSSL	0:1239e9b70ca2	8986	ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL	0:1239e9b70ca2	8987
wolfSSL	0:1239e9b70ca2	8988	if (ssl->options.groupMessages)
wolfSSL	0:1239e9b70ca2	8989	return 0;
wolfSSL	0:1239e9b70ca2	8990	else
wolfSSL	0:1239e9b70ca2	8991	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	8992	}
wolfSSL	0:1239e9b70ca2	8993
wolfSSL	0:1239e9b70ca2	8994
wolfSSL	0:1239e9b70ca2	8995	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8996
wolfSSL	0:1239e9b70ca2	8997	static byte SetCurveId(int size)
wolfSSL	0:1239e9b70ca2	8998	{
wolfSSL	0:1239e9b70ca2	8999	switch(size) {
wolfSSL	0:1239e9b70ca2	9000	case 20:
wolfSSL	0:1239e9b70ca2	9001	return secp160r1;
wolfSSL	0:1239e9b70ca2	9002	case 24:
wolfSSL	0:1239e9b70ca2	9003	return secp192r1;
wolfSSL	0:1239e9b70ca2	9004	case 28:
wolfSSL	0:1239e9b70ca2	9005	return secp224r1;
wolfSSL	0:1239e9b70ca2	9006	case 32:
wolfSSL	0:1239e9b70ca2	9007	return secp256r1;
wolfSSL	0:1239e9b70ca2	9008	case 48:
wolfSSL	0:1239e9b70ca2	9009	return secp384r1;
wolfSSL	0:1239e9b70ca2	9010	case 66:
wolfSSL	0:1239e9b70ca2	9011	return secp521r1;
wolfSSL	0:1239e9b70ca2	9012	default:
wolfSSL	0:1239e9b70ca2	9013	return 0;
wolfSSL	0:1239e9b70ca2	9014	}
wolfSSL	0:1239e9b70ca2	9015	}
wolfSSL	0:1239e9b70ca2	9016
wolfSSL	0:1239e9b70ca2	9017	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	9018
wolfSSL	0:1239e9b70ca2	9019
wolfSSL	0:1239e9b70ca2	9020	int SendServerKeyExchange(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	9021	{
wolfSSL	0:1239e9b70ca2	9022	int ret = 0;
wolfSSL	0:1239e9b70ca2	9023	(void)ssl;
wolfSSL	0:1239e9b70ca2	9024
wolfSSL	0:1239e9b70ca2	9025	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	9026	if (ssl->specs.kea == psk_kea)
wolfSSL	0:1239e9b70ca2	9027	{
wolfSSL	0:1239e9b70ca2	9028	byte *output;
wolfSSL	0:1239e9b70ca2	9029	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	9030	int sendSz;
wolfSSL	0:1239e9b70ca2	9031	if (ssl->arrays->server_hint[0] == 0) return 0; /* don't send */
wolfSSL	0:1239e9b70ca2	9032
wolfSSL	0:1239e9b70ca2	9033	/* include size part */
wolfSSL	0:1239e9b70ca2	9034	length = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL	0:1239e9b70ca2	9035	if (length > MAX_PSK_ID_LEN) return SERVER_HINT_ERROR;
wolfSSL	0:1239e9b70ca2	9036	length += HINT_LEN_SZ;
wolfSSL	0:1239e9b70ca2	9037	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	9038
wolfSSL	0:1239e9b70ca2	9039	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	9040	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	9041	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	9042	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	9043	}
wolfSSL	0:1239e9b70ca2	9044	#endif
wolfSSL	0:1239e9b70ca2	9045	/* check for available size */
wolfSSL	0:1239e9b70ca2	9046	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	9047	return ret;
wolfSSL	0:1239e9b70ca2	9048
wolfSSL	0:1239e9b70ca2	9049	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	9050	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	9051	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	9052
wolfSSL	0:1239e9b70ca2	9053	AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL	0:1239e9b70ca2	9054
wolfSSL	0:1239e9b70ca2	9055	/* key data */
wolfSSL	0:1239e9b70ca2	9056	c16toa((word16)(length - HINT_LEN_SZ), output + idx);
wolfSSL	0:1239e9b70ca2	9057	idx += HINT_LEN_SZ;
wolfSSL	0:1239e9b70ca2	9058	XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ);
wolfSSL	0:1239e9b70ca2	9059
wolfSSL	0:1239e9b70ca2	9060	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	9061	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9062	return ret;
wolfSSL	0:1239e9b70ca2	9063
wolfSSL	0:1239e9b70ca2	9064	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	9065	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	9066	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	9067	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	9068	AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
wolfSSL	0:1239e9b70ca2	9069	output, sendSz, ssl->heap);
wolfSSL	0:1239e9b70ca2	9070	#endif
wolfSSL	0:1239e9b70ca2	9071
wolfSSL	0:1239e9b70ca2	9072	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	9073	if (ssl->options.groupMessages)
wolfSSL	0:1239e9b70ca2	9074	ret = 0;
wolfSSL	0:1239e9b70ca2	9075	else
wolfSSL	0:1239e9b70ca2	9076	ret = SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	9077	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	0:1239e9b70ca2	9078	}
wolfSSL	0:1239e9b70ca2	9079	#endif /NO_PSK /
wolfSSL	0:1239e9b70ca2	9080
wolfSSL	0:1239e9b70ca2	9081	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	9082	if (ssl->specs.kea == ecc_diffie_hellman_kea)
wolfSSL	0:1239e9b70ca2	9083	{
wolfSSL	0:1239e9b70ca2	9084	byte *output;
wolfSSL	0:1239e9b70ca2	9085	word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	9086	int sendSz;
wolfSSL	0:1239e9b70ca2	9087	byte exportBuf[MAX_EXPORT_ECC_SZ];
wolfSSL	0:1239e9b70ca2	9088	word32 expSz = sizeof(exportBuf);
wolfSSL	0:1239e9b70ca2	9089	word32 sigSz;
wolfSSL	0:1239e9b70ca2	9090	word32 preSigSz, preSigIdx;
wolfSSL	0:1239e9b70ca2	9091	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9092	RsaKey rsaKey;
wolfSSL	0:1239e9b70ca2	9093	#endif
wolfSSL	0:1239e9b70ca2	9094	ecc_key dsaKey;
wolfSSL	0:1239e9b70ca2	9095
wolfSSL	0:1239e9b70ca2	9096	if (ssl->specs.static_ecdh) {
wolfSSL	0:1239e9b70ca2	9097	CYASSL_MSG("Using Static ECDH, not sending ServerKeyExchagne");
wolfSSL	0:1239e9b70ca2	9098	return 0;
wolfSSL	0:1239e9b70ca2	9099	}
wolfSSL	0:1239e9b70ca2	9100
wolfSSL	0:1239e9b70ca2	9101	/* curve type, named curve, length(1) */
wolfSSL	0:1239e9b70ca2	9102	length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL	0:1239e9b70ca2	9103	/* pub key size */
wolfSSL	0:1239e9b70ca2	9104	CYASSL_MSG("Using ephemeral ECDH");
wolfSSL	0:1239e9b70ca2	9105	if (ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0)
wolfSSL	0:1239e9b70ca2	9106	return ECC_EXPORT_ERROR;
wolfSSL	0:1239e9b70ca2	9107	length += expSz;
wolfSSL	0:1239e9b70ca2	9108
wolfSSL	0:1239e9b70ca2	9109	preSigSz = length;
wolfSSL	0:1239e9b70ca2	9110	preSigIdx = idx;
wolfSSL	0:1239e9b70ca2	9111
wolfSSL	0:1239e9b70ca2	9112	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9113	ret = InitRsaKey(&rsaKey, ssl->heap);
wolfSSL	0:1239e9b70ca2	9114	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	9115	#endif
wolfSSL	0:1239e9b70ca2	9116	ecc_init(&dsaKey);
wolfSSL	0:1239e9b70ca2	9117
wolfSSL	0:1239e9b70ca2	9118	/* sig length */
wolfSSL	0:1239e9b70ca2	9119	length += LENGTH_SZ;
wolfSSL	0:1239e9b70ca2	9120
wolfSSL	0:1239e9b70ca2	9121	if (!ssl->buffers.key.buffer) {
wolfSSL	0:1239e9b70ca2	9122	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9123	FreeRsaKey(&rsaKey);
wolfSSL	0:1239e9b70ca2	9124	#endif
wolfSSL	0:1239e9b70ca2	9125	ecc_free(&dsaKey);
wolfSSL	0:1239e9b70ca2	9126	return NO_PRIVATE_KEY;
wolfSSL	0:1239e9b70ca2	9127	}
wolfSSL	0:1239e9b70ca2	9128
wolfSSL	0:1239e9b70ca2	9129	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9130	if (ssl->specs.sig_algo == rsa_sa_algo) {
wolfSSL	0:1239e9b70ca2	9131	/* rsa sig size */
wolfSSL	0:1239e9b70ca2	9132	word32 i = 0;
wolfSSL	0:1239e9b70ca2	9133	ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i,
wolfSSL	0:1239e9b70ca2	9134	&rsaKey, ssl->buffers.key.length);
wolfSSL	0:1239e9b70ca2	9135	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	9136	sigSz = RsaEncryptSize(&rsaKey);
wolfSSL	0:1239e9b70ca2	9137	} else
wolfSSL	0:1239e9b70ca2	9138	#endif
wolfSSL	0:1239e9b70ca2	9139	if (ssl->specs.sig_algo == ecc_dsa_sa_algo) {
wolfSSL	0:1239e9b70ca2	9140	/* ecdsa sig size */
wolfSSL	0:1239e9b70ca2	9141	word32 i = 0;
wolfSSL	0:1239e9b70ca2	9142	ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
wolfSSL	0:1239e9b70ca2	9143	&dsaKey, ssl->buffers.key.length);
wolfSSL	0:1239e9b70ca2	9144	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	9145	sigSz = ecc_sig_size(&dsaKey); /* worst case estimate */
wolfSSL	0:1239e9b70ca2	9146	}
wolfSSL	0:1239e9b70ca2	9147	else {
wolfSSL	0:1239e9b70ca2	9148	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9149	FreeRsaKey(&rsaKey);
wolfSSL	0:1239e9b70ca2	9150	#endif
wolfSSL	0:1239e9b70ca2	9151	ecc_free(&dsaKey);
wolfSSL	0:1239e9b70ca2	9152	return ALGO_ID_E; /* unsupported type */
wolfSSL	0:1239e9b70ca2	9153	}
wolfSSL	0:1239e9b70ca2	9154	length += sigSz;
wolfSSL	0:1239e9b70ca2	9155
wolfSSL	0:1239e9b70ca2	9156	if (IsAtLeastTLSv1_2(ssl))
wolfSSL	0:1239e9b70ca2	9157	length += HASH_SIG_SIZE;
wolfSSL	0:1239e9b70ca2	9158
wolfSSL	0:1239e9b70ca2	9159	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	9160
wolfSSL	0:1239e9b70ca2	9161	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	9162	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	9163	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	9164	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	9165	preSigIdx = idx;
wolfSSL	0:1239e9b70ca2	9166	}
wolfSSL	0:1239e9b70ca2	9167	#endif
wolfSSL	0:1239e9b70ca2	9168	/* check for available size */
wolfSSL	0:1239e9b70ca2	9169	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL	0:1239e9b70ca2	9170	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9171	FreeRsaKey(&rsaKey);
wolfSSL	0:1239e9b70ca2	9172	#endif
wolfSSL	0:1239e9b70ca2	9173	ecc_free(&dsaKey);
wolfSSL	0:1239e9b70ca2	9174	return ret;
wolfSSL	0:1239e9b70ca2	9175	}
wolfSSL	0:1239e9b70ca2	9176
wolfSSL	0:1239e9b70ca2	9177	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	9178	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	9179	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	9180
wolfSSL	0:1239e9b70ca2	9181	/* record and message headers will be added below, when we're sure
wolfSSL	0:1239e9b70ca2	9182	of the sig length */
wolfSSL	0:1239e9b70ca2	9183
wolfSSL	0:1239e9b70ca2	9184	/* key exchange data */
wolfSSL	0:1239e9b70ca2	9185	output[idx++] = named_curve;
wolfSSL	0:1239e9b70ca2	9186	output[idx++] = 0x00; /* leading zero */
wolfSSL	0:1239e9b70ca2	9187	output[idx++] = SetCurveId(ecc_size(ssl->eccTempKey));
wolfSSL	0:1239e9b70ca2	9188	output[idx++] = (byte)expSz;
wolfSSL	0:1239e9b70ca2	9189	XMEMCPY(output + idx, exportBuf, expSz);
wolfSSL	0:1239e9b70ca2	9190	idx += expSz;
wolfSSL	0:1239e9b70ca2	9191	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	9192	output[idx++] = ssl->suites->hashAlgo;
wolfSSL	0:1239e9b70ca2	9193	output[idx++] = ssl->suites->sigAlgo;
wolfSSL	0:1239e9b70ca2	9194	}
wolfSSL	0:1239e9b70ca2	9195
wolfSSL	0:1239e9b70ca2	9196	/* Signtaure length will be written later, when we're sure what it
wolfSSL	0:1239e9b70ca2	9197	is */
wolfSSL	0:1239e9b70ca2	9198
wolfSSL	0:1239e9b70ca2	9199	/* do signature */
wolfSSL	0:1239e9b70ca2	9200	{
wolfSSL	0:1239e9b70ca2	9201	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	9202	Md5 md5;
wolfSSL	0:1239e9b70ca2	9203	Sha sha;
wolfSSL	0:1239e9b70ca2	9204	#endif
wolfSSL	0:1239e9b70ca2	9205	byte hash[FINISHED_SZ];
wolfSSL	0:1239e9b70ca2	9206	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	9207	Sha256 sha256;
wolfSSL	0:1239e9b70ca2	9208	byte hash256[SHA256_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	9209	#endif
wolfSSL	0:1239e9b70ca2	9210	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	9211	Sha384 sha384;
wolfSSL	0:1239e9b70ca2	9212	byte hash384[SHA384_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	9213	#endif
wolfSSL	0:1239e9b70ca2	9214
wolfSSL	0:1239e9b70ca2	9215	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	9216	/* md5 */
wolfSSL	0:1239e9b70ca2	9217	InitMd5(&md5);
wolfSSL	0:1239e9b70ca2	9218	Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9219	Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9220	Md5Update(&md5, output + preSigIdx, preSigSz);
wolfSSL	0:1239e9b70ca2	9221	Md5Final(&md5, hash);
wolfSSL	0:1239e9b70ca2	9222
wolfSSL	0:1239e9b70ca2	9223	/* sha */
wolfSSL	0:1239e9b70ca2	9224	ret = InitSha(&sha);
wolfSSL	0:1239e9b70ca2	9225	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9226	return ret;
wolfSSL	0:1239e9b70ca2	9227	ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9228	ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9229	ShaUpdate(&sha, output + preSigIdx, preSigSz);
wolfSSL	0:1239e9b70ca2	9230	ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
wolfSSL	0:1239e9b70ca2	9231	#endif
wolfSSL	0:1239e9b70ca2	9232
wolfSSL	0:1239e9b70ca2	9233	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	9234	ret = InitSha256(&sha256);
wolfSSL	0:1239e9b70ca2	9235	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9236	return ret;
wolfSSL	0:1239e9b70ca2	9237	ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9238	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9239	return ret;
wolfSSL	0:1239e9b70ca2	9240	ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9241	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9242	return ret;
wolfSSL	0:1239e9b70ca2	9243	ret = Sha256Update(&sha256, output + preSigIdx, preSigSz);
wolfSSL	0:1239e9b70ca2	9244	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9245	return ret;
wolfSSL	0:1239e9b70ca2	9246	ret = Sha256Final(&sha256, hash256);
wolfSSL	0:1239e9b70ca2	9247	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9248	return ret;
wolfSSL	0:1239e9b70ca2	9249	#endif
wolfSSL	0:1239e9b70ca2	9250
wolfSSL	0:1239e9b70ca2	9251	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	9252	ret = InitSha384(&sha384);
wolfSSL	0:1239e9b70ca2	9253	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9254	return ret;
wolfSSL	0:1239e9b70ca2	9255	ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9256	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9257	return ret;
wolfSSL	0:1239e9b70ca2	9258	ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9259	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9260	return ret;
wolfSSL	0:1239e9b70ca2	9261	ret = Sha384Update(&sha384, output + preSigIdx, preSigSz);
wolfSSL	0:1239e9b70ca2	9262	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9263	return ret;
wolfSSL	0:1239e9b70ca2	9264	ret = Sha384Final(&sha384, hash384);
wolfSSL	0:1239e9b70ca2	9265	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9266	return ret;
wolfSSL	0:1239e9b70ca2	9267	#endif
wolfSSL	0:1239e9b70ca2	9268	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9269	if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL	0:1239e9b70ca2	9270	byte* signBuffer = hash;
wolfSSL	0:1239e9b70ca2	9271	word32 signSz = sizeof(hash);
wolfSSL	0:1239e9b70ca2	9272	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	0:1239e9b70ca2	9273	byte doUserRsa = 0;
wolfSSL	0:1239e9b70ca2	9274
wolfSSL	0:1239e9b70ca2	9275	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	9276	if (ssl->ctx->RsaSignCb)
wolfSSL	0:1239e9b70ca2	9277	doUserRsa = 1;
wolfSSL	0:1239e9b70ca2	9278	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	9279
wolfSSL	0:1239e9b70ca2	9280	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	9281	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	9282	int typeH = SHAh;
wolfSSL	0:1239e9b70ca2	9283	int digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9284
wolfSSL	0:1239e9b70ca2	9285	if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	0:1239e9b70ca2	9286	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	9287	digest = hash256;
wolfSSL	0:1239e9b70ca2	9288	typeH = SHA256h;
wolfSSL	0:1239e9b70ca2	9289	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9290	#endif
wolfSSL	0:1239e9b70ca2	9291	}
wolfSSL	0:1239e9b70ca2	9292	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	0:1239e9b70ca2	9293	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	9294	digest = hash384;
wolfSSL	0:1239e9b70ca2	9295	typeH = SHA384h;
wolfSSL	0:1239e9b70ca2	9296	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9297	#endif
wolfSSL	0:1239e9b70ca2	9298	}
wolfSSL	0:1239e9b70ca2	9299
wolfSSL	0:1239e9b70ca2	9300	signSz = EncodeSignature(encodedSig, digest, digestSz,
wolfSSL	0:1239e9b70ca2	9301	typeH);
wolfSSL	0:1239e9b70ca2	9302	signBuffer = encodedSig;
wolfSSL	0:1239e9b70ca2	9303	}
wolfSSL	0:1239e9b70ca2	9304	/* write sig size here */
wolfSSL	0:1239e9b70ca2	9305	c16toa((word16)sigSz, output + idx);
wolfSSL	0:1239e9b70ca2	9306	idx += LENGTH_SZ;
wolfSSL	0:1239e9b70ca2	9307
wolfSSL	0:1239e9b70ca2	9308	if (doUserRsa) {
wolfSSL	0:1239e9b70ca2	9309	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	9310	word32 ioLen = sigSz;
wolfSSL	0:1239e9b70ca2	9311	ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
wolfSSL	0:1239e9b70ca2	9312	output + idx,
wolfSSL	0:1239e9b70ca2	9313	&ioLen,
wolfSSL	0:1239e9b70ca2	9314	ssl->buffers.key.buffer,
wolfSSL	0:1239e9b70ca2	9315	ssl->buffers.key.length,
wolfSSL	0:1239e9b70ca2	9316	ssl->RsaSignCtx);
wolfSSL	0:1239e9b70ca2	9317	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	9318	}
wolfSSL	0:1239e9b70ca2	9319	else {
wolfSSL	0:1239e9b70ca2	9320	ret = RsaSSL_Sign(signBuffer, signSz, output + idx,
wolfSSL	0:1239e9b70ca2	9321	sigSz, &rsaKey, ssl->rng);
wolfSSL	0:1239e9b70ca2	9322	if (ret > 0)
wolfSSL	0:1239e9b70ca2	9323	ret = 0; /* reset on success */
wolfSSL	0:1239e9b70ca2	9324	}
wolfSSL	0:1239e9b70ca2	9325	FreeRsaKey(&rsaKey);
wolfSSL	0:1239e9b70ca2	9326	ecc_free(&dsaKey);
wolfSSL	0:1239e9b70ca2	9327	if (ret < 0)
wolfSSL	0:1239e9b70ca2	9328	return ret;
wolfSSL	0:1239e9b70ca2	9329	} else
wolfSSL	0:1239e9b70ca2	9330	#endif
wolfSSL	0:1239e9b70ca2	9331	if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
wolfSSL	0:1239e9b70ca2	9332	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	9333	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	9334	word32 digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9335	#else
wolfSSL	0:1239e9b70ca2	9336	byte* digest = hash256;
wolfSSL	0:1239e9b70ca2	9337	word32 digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9338	#endif
wolfSSL	0:1239e9b70ca2	9339	word32 sz = sigSz;
wolfSSL	0:1239e9b70ca2	9340	byte doUserEcc = 0;
wolfSSL	0:1239e9b70ca2	9341
wolfSSL	0:1239e9b70ca2	9342	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	9343	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	9344	if (ssl->ctx->EccSignCb)
wolfSSL	0:1239e9b70ca2	9345	doUserEcc = 1;
wolfSSL	0:1239e9b70ca2	9346	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	9347	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	9348
wolfSSL	0:1239e9b70ca2	9349	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	9350	if (ssl->suites->hashAlgo == sha_mac) {
wolfSSL	0:1239e9b70ca2	9351	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	9352	digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	9353	digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9354	#endif
wolfSSL	0:1239e9b70ca2	9355	}
wolfSSL	0:1239e9b70ca2	9356	else if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	0:1239e9b70ca2	9357	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	9358	digest = hash256;
wolfSSL	0:1239e9b70ca2	9359	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9360	#endif
wolfSSL	0:1239e9b70ca2	9361	}
wolfSSL	0:1239e9b70ca2	9362	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	0:1239e9b70ca2	9363	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	9364	digest = hash384;
wolfSSL	0:1239e9b70ca2	9365	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9366	#endif
wolfSSL	0:1239e9b70ca2	9367	}
wolfSSL	0:1239e9b70ca2	9368	}
wolfSSL	0:1239e9b70ca2	9369
wolfSSL	0:1239e9b70ca2	9370	if (doUserEcc) {
wolfSSL	0:1239e9b70ca2	9371	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	9372	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	9373	ret = ssl->ctx->EccSignCb(ssl, digest, digestSz,
wolfSSL	0:1239e9b70ca2	9374	output + LENGTH_SZ + idx, &sz,
wolfSSL	0:1239e9b70ca2	9375	ssl->buffers.key.buffer,
wolfSSL	0:1239e9b70ca2	9376	ssl->buffers.key.length,
wolfSSL	0:1239e9b70ca2	9377	ssl->EccSignCtx);
wolfSSL	0:1239e9b70ca2	9378	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	9379	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	9380	}
wolfSSL	0:1239e9b70ca2	9381	else {
wolfSSL	0:1239e9b70ca2	9382	ret = ecc_sign_hash(digest, digestSz,
wolfSSL	0:1239e9b70ca2	9383	output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey);
wolfSSL	0:1239e9b70ca2	9384	}
wolfSSL	0:1239e9b70ca2	9385	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9386	FreeRsaKey(&rsaKey);
wolfSSL	0:1239e9b70ca2	9387	#endif
wolfSSL	0:1239e9b70ca2	9388	ecc_free(&dsaKey);
wolfSSL	0:1239e9b70ca2	9389	if (ret < 0) return ret;
wolfSSL	0:1239e9b70ca2	9390
wolfSSL	0:1239e9b70ca2	9391	/* Now that we know the real sig size, write it. */
wolfSSL	0:1239e9b70ca2	9392	c16toa((word16)sz, output + idx);
wolfSSL	0:1239e9b70ca2	9393
wolfSSL	0:1239e9b70ca2	9394	/* And adjust length and sendSz from estimates */
wolfSSL	0:1239e9b70ca2	9395	length += sz - sigSz;
wolfSSL	0:1239e9b70ca2	9396	sendSz += sz - sigSz;
wolfSSL	0:1239e9b70ca2	9397	}
wolfSSL	0:1239e9b70ca2	9398	}
wolfSSL	0:1239e9b70ca2	9399
wolfSSL	0:1239e9b70ca2	9400	AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL	0:1239e9b70ca2	9401
wolfSSL	0:1239e9b70ca2	9402	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	9403	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9404	return ret;
wolfSSL	0:1239e9b70ca2	9405
wolfSSL	0:1239e9b70ca2	9406	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	9407	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	9408	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	9409	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	9410	AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
wolfSSL	0:1239e9b70ca2	9411	output, sendSz, ssl->heap);
wolfSSL	0:1239e9b70ca2	9412	#endif
wolfSSL	0:1239e9b70ca2	9413
wolfSSL	0:1239e9b70ca2	9414	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	9415	if (ssl->options.groupMessages)
wolfSSL	0:1239e9b70ca2	9416	ret = 0;
wolfSSL	0:1239e9b70ca2	9417	else
wolfSSL	0:1239e9b70ca2	9418	ret = SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	9419	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	0:1239e9b70ca2	9420	}
wolfSSL	0:1239e9b70ca2	9421	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	9422
wolfSSL	0:1239e9b70ca2	9423	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	9424	if (ssl->specs.kea == diffie_hellman_kea) {
wolfSSL	0:1239e9b70ca2	9425	byte *output;
wolfSSL	0:1239e9b70ca2	9426	word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	9427	int sendSz;
wolfSSL	0:1239e9b70ca2	9428	word32 sigSz = 0, i = 0;
wolfSSL	0:1239e9b70ca2	9429	word32 preSigSz = 0, preSigIdx = 0;
wolfSSL	0:1239e9b70ca2	9430	RsaKey rsaKey;
wolfSSL	0:1239e9b70ca2	9431	DhKey dhKey;
wolfSSL	0:1239e9b70ca2	9432
wolfSSL	0:1239e9b70ca2	9433	if (ssl->buffers.serverDH_P.buffer == NULL \|\|
wolfSSL	0:1239e9b70ca2	9434	ssl->buffers.serverDH_G.buffer == NULL)
wolfSSL	0:1239e9b70ca2	9435	return NO_DH_PARAMS;
wolfSSL	0:1239e9b70ca2	9436
wolfSSL	0:1239e9b70ca2	9437	if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL	0:1239e9b70ca2	9438	ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
wolfSSL	0:1239e9b70ca2	9439	ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
wolfSSL	0:1239e9b70ca2	9440	DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	9441	if (ssl->buffers.serverDH_Pub.buffer == NULL)
wolfSSL	0:1239e9b70ca2	9442	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	9443	}
wolfSSL	0:1239e9b70ca2	9444
wolfSSL	0:1239e9b70ca2	9445	if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL	0:1239e9b70ca2	9446	ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
wolfSSL	0:1239e9b70ca2	9447	ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
wolfSSL	0:1239e9b70ca2	9448	DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	9449	if (ssl->buffers.serverDH_Priv.buffer == NULL)
wolfSSL	0:1239e9b70ca2	9450	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	9451	}
wolfSSL	0:1239e9b70ca2	9452
wolfSSL	0:1239e9b70ca2	9453	InitDhKey(&dhKey);
wolfSSL	0:1239e9b70ca2	9454	ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
wolfSSL	0:1239e9b70ca2	9455	ssl->buffers.serverDH_P.length,
wolfSSL	0:1239e9b70ca2	9456	ssl->buffers.serverDH_G.buffer,
wolfSSL	0:1239e9b70ca2	9457	ssl->buffers.serverDH_G.length);
wolfSSL	0:1239e9b70ca2	9458	if (ret == 0)
wolfSSL	0:1239e9b70ca2	9459	ret = DhGenerateKeyPair(&dhKey, ssl->rng,
wolfSSL	0:1239e9b70ca2	9460	ssl->buffers.serverDH_Priv.buffer,
wolfSSL	0:1239e9b70ca2	9461	&ssl->buffers.serverDH_Priv.length,
wolfSSL	0:1239e9b70ca2	9462	ssl->buffers.serverDH_Pub.buffer,
wolfSSL	0:1239e9b70ca2	9463	&ssl->buffers.serverDH_Pub.length);
wolfSSL	0:1239e9b70ca2	9464	FreeDhKey(&dhKey);
wolfSSL	0:1239e9b70ca2	9465
wolfSSL	0:1239e9b70ca2	9466	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	9467	ret = InitRsaKey(&rsaKey, ssl->heap);
wolfSSL	0:1239e9b70ca2	9468	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	9469	}
wolfSSL	0:1239e9b70ca2	9470	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	9471	length = LENGTH_SZ * 3; /* p, g, pub */
wolfSSL	0:1239e9b70ca2	9472	length += ssl->buffers.serverDH_P.length +
wolfSSL	0:1239e9b70ca2	9473	ssl->buffers.serverDH_G.length +
wolfSSL	0:1239e9b70ca2	9474	ssl->buffers.serverDH_Pub.length;
wolfSSL	0:1239e9b70ca2	9475
wolfSSL	0:1239e9b70ca2	9476	preSigIdx = idx;
wolfSSL	0:1239e9b70ca2	9477	preSigSz = length;
wolfSSL	0:1239e9b70ca2	9478
wolfSSL	0:1239e9b70ca2	9479	/* sig length */
wolfSSL	0:1239e9b70ca2	9480	length += LENGTH_SZ;
wolfSSL	0:1239e9b70ca2	9481
wolfSSL	0:1239e9b70ca2	9482	if (!ssl->buffers.key.buffer)
wolfSSL	0:1239e9b70ca2	9483	return NO_PRIVATE_KEY;
wolfSSL	0:1239e9b70ca2	9484
wolfSSL	0:1239e9b70ca2	9485	ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, &rsaKey,
wolfSSL	0:1239e9b70ca2	9486	ssl->buffers.key.length);
wolfSSL	0:1239e9b70ca2	9487	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	9488	sigSz = RsaEncryptSize(&rsaKey);
wolfSSL	0:1239e9b70ca2	9489	length += sigSz;
wolfSSL	0:1239e9b70ca2	9490	}
wolfSSL	0:1239e9b70ca2	9491	}
wolfSSL	0:1239e9b70ca2	9492	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	9493	FreeRsaKey(&rsaKey);
wolfSSL	0:1239e9b70ca2	9494	return ret;
wolfSSL	0:1239e9b70ca2	9495	}
wolfSSL	0:1239e9b70ca2	9496
wolfSSL	0:1239e9b70ca2	9497	if (IsAtLeastTLSv1_2(ssl))
wolfSSL	0:1239e9b70ca2	9498	length += HASH_SIG_SIZE;
wolfSSL	0:1239e9b70ca2	9499
wolfSSL	0:1239e9b70ca2	9500	sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	9501
wolfSSL	0:1239e9b70ca2	9502	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	9503	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	9504	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	9505	idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	9506	preSigIdx = idx;
wolfSSL	0:1239e9b70ca2	9507	}
wolfSSL	0:1239e9b70ca2	9508	#endif
wolfSSL	0:1239e9b70ca2	9509	/* check for available size */
wolfSSL	0:1239e9b70ca2	9510	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
wolfSSL	0:1239e9b70ca2	9511	FreeRsaKey(&rsaKey);
wolfSSL	0:1239e9b70ca2	9512	return ret;
wolfSSL	0:1239e9b70ca2	9513	}
wolfSSL	0:1239e9b70ca2	9514
wolfSSL	0:1239e9b70ca2	9515	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	9516	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	9517	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	9518
wolfSSL	0:1239e9b70ca2	9519	AddHeaders(output, length, server_key_exchange, ssl);
wolfSSL	0:1239e9b70ca2	9520
wolfSSL	0:1239e9b70ca2	9521	/* add p, g, pub */
wolfSSL	0:1239e9b70ca2	9522	c16toa((word16)ssl->buffers.serverDH_P.length, output + idx);
wolfSSL	0:1239e9b70ca2	9523	idx += LENGTH_SZ;
wolfSSL	0:1239e9b70ca2	9524	XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer,
wolfSSL	0:1239e9b70ca2	9525	ssl->buffers.serverDH_P.length);
wolfSSL	0:1239e9b70ca2	9526	idx += ssl->buffers.serverDH_P.length;
wolfSSL	0:1239e9b70ca2	9527
wolfSSL	0:1239e9b70ca2	9528	/* g */
wolfSSL	0:1239e9b70ca2	9529	c16toa((word16)ssl->buffers.serverDH_G.length, output + idx);
wolfSSL	0:1239e9b70ca2	9530	idx += LENGTH_SZ;
wolfSSL	0:1239e9b70ca2	9531	XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer,
wolfSSL	0:1239e9b70ca2	9532	ssl->buffers.serverDH_G.length);
wolfSSL	0:1239e9b70ca2	9533	idx += ssl->buffers.serverDH_G.length;
wolfSSL	0:1239e9b70ca2	9534
wolfSSL	0:1239e9b70ca2	9535	/* pub */
wolfSSL	0:1239e9b70ca2	9536	c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx);
wolfSSL	0:1239e9b70ca2	9537	idx += LENGTH_SZ;
wolfSSL	0:1239e9b70ca2	9538	XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer,
wolfSSL	0:1239e9b70ca2	9539	ssl->buffers.serverDH_Pub.length);
wolfSSL	0:1239e9b70ca2	9540	idx += ssl->buffers.serverDH_Pub.length;
wolfSSL	0:1239e9b70ca2	9541
wolfSSL	0:1239e9b70ca2	9542	/* Add signature */
wolfSSL	0:1239e9b70ca2	9543	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	9544	output[idx++] = ssl->suites->hashAlgo;
wolfSSL	0:1239e9b70ca2	9545	output[idx++] = ssl->suites->sigAlgo;
wolfSSL	0:1239e9b70ca2	9546	}
wolfSSL	0:1239e9b70ca2	9547	/* size */
wolfSSL	0:1239e9b70ca2	9548	c16toa((word16)sigSz, output + idx);
wolfSSL	0:1239e9b70ca2	9549	idx += LENGTH_SZ;
wolfSSL	0:1239e9b70ca2	9550
wolfSSL	0:1239e9b70ca2	9551	/* do signature */
wolfSSL	0:1239e9b70ca2	9552	{
wolfSSL	0:1239e9b70ca2	9553	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	9554	Md5 md5;
wolfSSL	0:1239e9b70ca2	9555	Sha sha;
wolfSSL	0:1239e9b70ca2	9556	#endif
wolfSSL	0:1239e9b70ca2	9557	byte hash[FINISHED_SZ];
wolfSSL	0:1239e9b70ca2	9558	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	9559	Sha256 sha256;
wolfSSL	0:1239e9b70ca2	9560	byte hash256[SHA256_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	9561	#endif
wolfSSL	0:1239e9b70ca2	9562	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	9563	Sha384 sha384;
wolfSSL	0:1239e9b70ca2	9564	byte hash384[SHA384_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	9565	#endif
wolfSSL	0:1239e9b70ca2	9566
wolfSSL	0:1239e9b70ca2	9567	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	9568	/* md5 */
wolfSSL	0:1239e9b70ca2	9569	InitMd5(&md5);
wolfSSL	0:1239e9b70ca2	9570	Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9571	Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9572	Md5Update(&md5, output + preSigIdx, preSigSz);
wolfSSL	0:1239e9b70ca2	9573	Md5Final(&md5, hash);
wolfSSL	0:1239e9b70ca2	9574
wolfSSL	0:1239e9b70ca2	9575	/* sha */
wolfSSL	0:1239e9b70ca2	9576	ret = InitSha(&sha);
wolfSSL	0:1239e9b70ca2	9577	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9578	return ret;
wolfSSL	0:1239e9b70ca2	9579	ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9580	ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9581	ShaUpdate(&sha, output + preSigIdx, preSigSz);
wolfSSL	0:1239e9b70ca2	9582	ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
wolfSSL	0:1239e9b70ca2	9583	#endif
wolfSSL	0:1239e9b70ca2	9584
wolfSSL	0:1239e9b70ca2	9585	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	9586	ret = InitSha256(&sha256);
wolfSSL	0:1239e9b70ca2	9587	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9588	return ret;
wolfSSL	0:1239e9b70ca2	9589	ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9590	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9591	return ret;
wolfSSL	0:1239e9b70ca2	9592	ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9593	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9594	return ret;
wolfSSL	0:1239e9b70ca2	9595	ret = Sha256Update(&sha256, output + preSigIdx, preSigSz);
wolfSSL	0:1239e9b70ca2	9596	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9597	return ret;
wolfSSL	0:1239e9b70ca2	9598	ret = Sha256Final(&sha256, hash256);
wolfSSL	0:1239e9b70ca2	9599	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9600	return ret;
wolfSSL	0:1239e9b70ca2	9601	#endif
wolfSSL	0:1239e9b70ca2	9602
wolfSSL	0:1239e9b70ca2	9603	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	9604	ret = InitSha384(&sha384);
wolfSSL	0:1239e9b70ca2	9605	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9606	return ret;
wolfSSL	0:1239e9b70ca2	9607	ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9608	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9609	return ret;
wolfSSL	0:1239e9b70ca2	9610	ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL	0:1239e9b70ca2	9611	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9612	return ret;
wolfSSL	0:1239e9b70ca2	9613	ret = Sha384Update(&sha384, output + preSigIdx, preSigSz);
wolfSSL	0:1239e9b70ca2	9614	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9615	return ret;
wolfSSL	0:1239e9b70ca2	9616	ret = Sha384Final(&sha384, hash384);
wolfSSL	0:1239e9b70ca2	9617	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9618	return ret;
wolfSSL	0:1239e9b70ca2	9619	#endif
wolfSSL	0:1239e9b70ca2	9620	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9621	if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL	0:1239e9b70ca2	9622	byte* signBuffer = hash;
wolfSSL	0:1239e9b70ca2	9623	word32 signSz = sizeof(hash);
wolfSSL	0:1239e9b70ca2	9624	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	0:1239e9b70ca2	9625	byte doUserRsa = 0;
wolfSSL	0:1239e9b70ca2	9626
wolfSSL	0:1239e9b70ca2	9627	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	9628	if (ssl->ctx->RsaSignCb)
wolfSSL	0:1239e9b70ca2	9629	doUserRsa = 1;
wolfSSL	0:1239e9b70ca2	9630	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	9631
wolfSSL	0:1239e9b70ca2	9632	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	9633	byte* digest = &hash[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	9634	int typeH = SHAh;
wolfSSL	0:1239e9b70ca2	9635	int digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9636
wolfSSL	0:1239e9b70ca2	9637	if (ssl->suites->hashAlgo == sha256_mac) {
wolfSSL	0:1239e9b70ca2	9638	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	9639	digest = hash256;
wolfSSL	0:1239e9b70ca2	9640	typeH = SHA256h;
wolfSSL	0:1239e9b70ca2	9641	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9642	#endif
wolfSSL	0:1239e9b70ca2	9643	}
wolfSSL	0:1239e9b70ca2	9644	else if (ssl->suites->hashAlgo == sha384_mac) {
wolfSSL	0:1239e9b70ca2	9645	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	9646	digest = hash384;
wolfSSL	0:1239e9b70ca2	9647	typeH = SHA384h;
wolfSSL	0:1239e9b70ca2	9648	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	9649	#endif
wolfSSL	0:1239e9b70ca2	9650	}
wolfSSL	0:1239e9b70ca2	9651
wolfSSL	0:1239e9b70ca2	9652	signSz = EncodeSignature(encodedSig, digest, digestSz,
wolfSSL	0:1239e9b70ca2	9653	typeH);
wolfSSL	0:1239e9b70ca2	9654	signBuffer = encodedSig;
wolfSSL	0:1239e9b70ca2	9655	}
wolfSSL	0:1239e9b70ca2	9656	if (doUserRsa) {
wolfSSL	0:1239e9b70ca2	9657	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	9658	word32 ioLen = sigSz;
wolfSSL	0:1239e9b70ca2	9659	ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
wolfSSL	0:1239e9b70ca2	9660	output + idx,
wolfSSL	0:1239e9b70ca2	9661	&ioLen,
wolfSSL	0:1239e9b70ca2	9662	ssl->buffers.key.buffer,
wolfSSL	0:1239e9b70ca2	9663	ssl->buffers.key.length,
wolfSSL	0:1239e9b70ca2	9664	ssl->RsaSignCtx);
wolfSSL	0:1239e9b70ca2	9665	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	9666	}
wolfSSL	0:1239e9b70ca2	9667	else {
wolfSSL	0:1239e9b70ca2	9668	ret = RsaSSL_Sign(signBuffer, signSz, output + idx,
wolfSSL	0:1239e9b70ca2	9669	sigSz, &rsaKey, ssl->rng);
wolfSSL	0:1239e9b70ca2	9670	}
wolfSSL	0:1239e9b70ca2	9671	FreeRsaKey(&rsaKey);
wolfSSL	0:1239e9b70ca2	9672	if (ret < 0)
wolfSSL	0:1239e9b70ca2	9673	return ret;
wolfSSL	0:1239e9b70ca2	9674	}
wolfSSL	0:1239e9b70ca2	9675	#endif
wolfSSL	0:1239e9b70ca2	9676	}
wolfSSL	0:1239e9b70ca2	9677
wolfSSL	0:1239e9b70ca2	9678	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	9679	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	9680	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	9681	return ret;
wolfSSL	0:1239e9b70ca2	9682	}
wolfSSL	0:1239e9b70ca2	9683	#endif
wolfSSL	0:1239e9b70ca2	9684
wolfSSL	0:1239e9b70ca2	9685	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	9686	if (ret != 0)
wolfSSL	0:1239e9b70ca2	9687	return ret;
wolfSSL	0:1239e9b70ca2	9688
wolfSSL	0:1239e9b70ca2	9689	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	9690	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	9691	AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	9692	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	9693	AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
wolfSSL	0:1239e9b70ca2	9694	output, sendSz, ssl->heap);
wolfSSL	0:1239e9b70ca2	9695	#endif
wolfSSL	0:1239e9b70ca2	9696
wolfSSL	0:1239e9b70ca2	9697	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	9698	if (ssl->options.groupMessages)
wolfSSL	0:1239e9b70ca2	9699	ret = 0;
wolfSSL	0:1239e9b70ca2	9700	else
wolfSSL	0:1239e9b70ca2	9701	ret = SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	9702	ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL	0:1239e9b70ca2	9703	}
wolfSSL	0:1239e9b70ca2	9704	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	9705
wolfSSL	0:1239e9b70ca2	9706	return ret;
wolfSSL	0:1239e9b70ca2	9707	}
wolfSSL	0:1239e9b70ca2	9708
wolfSSL	0:1239e9b70ca2	9709
wolfSSL	0:1239e9b70ca2	9710	/* cipher requirements */
wolfSSL	0:1239e9b70ca2	9711	enum {
wolfSSL	0:1239e9b70ca2	9712	REQUIRES_RSA,
wolfSSL	0:1239e9b70ca2	9713	REQUIRES_DHE,
wolfSSL	0:1239e9b70ca2	9714	REQUIRES_ECC_DSA,
wolfSSL	0:1239e9b70ca2	9715	REQUIRES_ECC_STATIC,
wolfSSL	0:1239e9b70ca2	9716	REQUIRES_PSK,
wolfSSL	0:1239e9b70ca2	9717	REQUIRES_NTRU,
wolfSSL	0:1239e9b70ca2	9718	REQUIRES_RSA_SIG
wolfSSL	0:1239e9b70ca2	9719	};
wolfSSL	0:1239e9b70ca2	9720
wolfSSL	0:1239e9b70ca2	9721
wolfSSL	0:1239e9b70ca2	9722
wolfSSL	0:1239e9b70ca2	9723	/* Does this cipher suite (first, second) have the requirement
wolfSSL	0:1239e9b70ca2	9724	an ephemeral key exchange will still require the key for signing
wolfSSL	0:1239e9b70ca2	9725	the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */
wolfSSL	0:1239e9b70ca2	9726	static int CipherRequires(byte first, byte second, int requirement)
wolfSSL	0:1239e9b70ca2	9727	{
wolfSSL	0:1239e9b70ca2	9728	/* ECC extensions */
wolfSSL	0:1239e9b70ca2	9729	if (first == ECC_BYTE) {
wolfSSL	0:1239e9b70ca2	9730
wolfSSL	0:1239e9b70ca2	9731	switch (second) {
wolfSSL	0:1239e9b70ca2	9732
wolfSSL	0:1239e9b70ca2	9733	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9734	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9735	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9736	return 1;
wolfSSL	0:1239e9b70ca2	9737	break;
wolfSSL	0:1239e9b70ca2	9738
wolfSSL	0:1239e9b70ca2	9739	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9740	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9741	return 1;
wolfSSL	0:1239e9b70ca2	9742	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	9743	return 1;
wolfSSL	0:1239e9b70ca2	9744	break;
wolfSSL	0:1239e9b70ca2	9745
wolfSSL	0:1239e9b70ca2	9746	#ifndef NO_DES3
wolfSSL	0:1239e9b70ca2	9747	case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9748	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9749	return 1;
wolfSSL	0:1239e9b70ca2	9750	break;
wolfSSL	0:1239e9b70ca2	9751
wolfSSL	0:1239e9b70ca2	9752	case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9753	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9754	return 1;
wolfSSL	0:1239e9b70ca2	9755	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	9756	return 1;
wolfSSL	0:1239e9b70ca2	9757	break;
wolfSSL	0:1239e9b70ca2	9758	#endif
wolfSSL	0:1239e9b70ca2	9759
wolfSSL	0:1239e9b70ca2	9760	#ifndef NO_RC4
wolfSSL	0:1239e9b70ca2	9761	case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	9762	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9763	return 1;
wolfSSL	0:1239e9b70ca2	9764	break;
wolfSSL	0:1239e9b70ca2	9765
wolfSSL	0:1239e9b70ca2	9766	case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	9767	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9768	return 1;
wolfSSL	0:1239e9b70ca2	9769	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	9770	return 1;
wolfSSL	0:1239e9b70ca2	9771	break;
wolfSSL	0:1239e9b70ca2	9772	#endif
wolfSSL	0:1239e9b70ca2	9773	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	9774
wolfSSL	0:1239e9b70ca2	9775	#ifndef NO_DES3
wolfSSL	0:1239e9b70ca2	9776	case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9777	if (requirement == REQUIRES_ECC_DSA)
wolfSSL	0:1239e9b70ca2	9778	return 1;
wolfSSL	0:1239e9b70ca2	9779	break;
wolfSSL	0:1239e9b70ca2	9780
wolfSSL	0:1239e9b70ca2	9781	case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9782	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9783	return 1;
wolfSSL	0:1239e9b70ca2	9784	break;
wolfSSL	0:1239e9b70ca2	9785	#endif
wolfSSL	0:1239e9b70ca2	9786	#ifndef NO_RC4
wolfSSL	0:1239e9b70ca2	9787	case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	9788	if (requirement == REQUIRES_ECC_DSA)
wolfSSL	0:1239e9b70ca2	9789	return 1;
wolfSSL	0:1239e9b70ca2	9790	break;
wolfSSL	0:1239e9b70ca2	9791
wolfSSL	0:1239e9b70ca2	9792	case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	9793	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9794	return 1;
wolfSSL	0:1239e9b70ca2	9795	break;
wolfSSL	0:1239e9b70ca2	9796	#endif
wolfSSL	0:1239e9b70ca2	9797	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9798	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9799	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9800	return 1;
wolfSSL	0:1239e9b70ca2	9801	break;
wolfSSL	0:1239e9b70ca2	9802
wolfSSL	0:1239e9b70ca2	9803	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9804	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9805	return 1;
wolfSSL	0:1239e9b70ca2	9806	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	9807	return 1;
wolfSSL	0:1239e9b70ca2	9808	break;
wolfSSL	0:1239e9b70ca2	9809	#endif
wolfSSL	0:1239e9b70ca2	9810
wolfSSL	0:1239e9b70ca2	9811	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9812	if (requirement == REQUIRES_ECC_DSA)
wolfSSL	0:1239e9b70ca2	9813	return 1;
wolfSSL	0:1239e9b70ca2	9814	break;
wolfSSL	0:1239e9b70ca2	9815
wolfSSL	0:1239e9b70ca2	9816	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9817	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9818	return 1;
wolfSSL	0:1239e9b70ca2	9819	break;
wolfSSL	0:1239e9b70ca2	9820
wolfSSL	0:1239e9b70ca2	9821	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9822	if (requirement == REQUIRES_ECC_DSA)
wolfSSL	0:1239e9b70ca2	9823	return 1;
wolfSSL	0:1239e9b70ca2	9824	break;
wolfSSL	0:1239e9b70ca2	9825
wolfSSL	0:1239e9b70ca2	9826	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9827	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9828	return 1;
wolfSSL	0:1239e9b70ca2	9829	break;
wolfSSL	0:1239e9b70ca2	9830
wolfSSL	0:1239e9b70ca2	9831	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	9832	if (requirement == REQUIRES_ECC_DSA)
wolfSSL	0:1239e9b70ca2	9833	return 1;
wolfSSL	0:1239e9b70ca2	9834	break;
wolfSSL	0:1239e9b70ca2	9835
wolfSSL	0:1239e9b70ca2	9836	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	9837	if (requirement == REQUIRES_ECC_DSA)
wolfSSL	0:1239e9b70ca2	9838	return 1;
wolfSSL	0:1239e9b70ca2	9839	break;
wolfSSL	0:1239e9b70ca2	9840
wolfSSL	0:1239e9b70ca2	9841	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	9842	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9843	return 1;
wolfSSL	0:1239e9b70ca2	9844	break;
wolfSSL	0:1239e9b70ca2	9845
wolfSSL	0:1239e9b70ca2	9846	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	9847	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9848	return 1;
wolfSSL	0:1239e9b70ca2	9849	break;
wolfSSL	0:1239e9b70ca2	9850
wolfSSL	0:1239e9b70ca2	9851	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9852	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	9853	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9854	return 1;
wolfSSL	0:1239e9b70ca2	9855	break;
wolfSSL	0:1239e9b70ca2	9856
wolfSSL	0:1239e9b70ca2	9857	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	9858	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9859	return 1;
wolfSSL	0:1239e9b70ca2	9860	break;
wolfSSL	0:1239e9b70ca2	9861
wolfSSL	0:1239e9b70ca2	9862	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	9863	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9864	return 1;
wolfSSL	0:1239e9b70ca2	9865	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	9866	return 1;
wolfSSL	0:1239e9b70ca2	9867	break;
wolfSSL	0:1239e9b70ca2	9868
wolfSSL	0:1239e9b70ca2	9869	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	9870	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9871	return 1;
wolfSSL	0:1239e9b70ca2	9872	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	9873	return 1;
wolfSSL	0:1239e9b70ca2	9874	break;
wolfSSL	0:1239e9b70ca2	9875
wolfSSL	0:1239e9b70ca2	9876	case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL	0:1239e9b70ca2	9877	case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL	0:1239e9b70ca2	9878	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9879	return 1;
wolfSSL	0:1239e9b70ca2	9880	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	9881	return 1;
wolfSSL	0:1239e9b70ca2	9882	break;
wolfSSL	0:1239e9b70ca2	9883
wolfSSL	0:1239e9b70ca2	9884	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	9885	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	0:1239e9b70ca2	9886	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9887	return 1;
wolfSSL	0:1239e9b70ca2	9888	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	9889	return 1;
wolfSSL	0:1239e9b70ca2	9890	break;
wolfSSL	0:1239e9b70ca2	9891
wolfSSL	0:1239e9b70ca2	9892	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	9893	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	0:1239e9b70ca2	9894	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	9895	return 1;
wolfSSL	0:1239e9b70ca2	9896	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9897	return 1;
wolfSSL	0:1239e9b70ca2	9898	break;
wolfSSL	0:1239e9b70ca2	9899	#endif
wolfSSL	0:1239e9b70ca2	9900
wolfSSL	0:1239e9b70ca2	9901	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
wolfSSL	0:1239e9b70ca2	9902	case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL	0:1239e9b70ca2	9903	if (requirement == REQUIRES_ECC_DSA)
wolfSSL	0:1239e9b70ca2	9904	return 1;
wolfSSL	0:1239e9b70ca2	9905	break;
wolfSSL	0:1239e9b70ca2	9906
wolfSSL	0:1239e9b70ca2	9907	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	0:1239e9b70ca2	9908	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	9909	if (requirement == REQUIRES_ECC_DSA)
wolfSSL	0:1239e9b70ca2	9910	return 1;
wolfSSL	0:1239e9b70ca2	9911	break;
wolfSSL	0:1239e9b70ca2	9912
wolfSSL	0:1239e9b70ca2	9913	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	9914	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	0:1239e9b70ca2	9915	if (requirement == REQUIRES_ECC_DSA)
wolfSSL	0:1239e9b70ca2	9916	return 1;
wolfSSL	0:1239e9b70ca2	9917	if (requirement == REQUIRES_ECC_STATIC)
wolfSSL	0:1239e9b70ca2	9918	return 1;
wolfSSL	0:1239e9b70ca2	9919	break;
wolfSSL	0:1239e9b70ca2	9920
wolfSSL	0:1239e9b70ca2	9921	case TLS_PSK_WITH_AES_128_CCM:
wolfSSL	0:1239e9b70ca2	9922	case TLS_PSK_WITH_AES_256_CCM:
wolfSSL	0:1239e9b70ca2	9923	case TLS_PSK_WITH_AES_128_CCM_8:
wolfSSL	0:1239e9b70ca2	9924	case TLS_PSK_WITH_AES_256_CCM_8:
wolfSSL	0:1239e9b70ca2	9925	if (requirement == REQUIRES_PSK)
wolfSSL	0:1239e9b70ca2	9926	return 1;
wolfSSL	0:1239e9b70ca2	9927	break;
wolfSSL	0:1239e9b70ca2	9928
wolfSSL	0:1239e9b70ca2	9929	default:
wolfSSL	0:1239e9b70ca2	9930	CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC");
wolfSSL	0:1239e9b70ca2	9931	return 0;
wolfSSL	0:1239e9b70ca2	9932	} /* switch */
wolfSSL	0:1239e9b70ca2	9933	} /* if */
wolfSSL	0:1239e9b70ca2	9934	if (first != ECC_BYTE) { /* normal suites */
wolfSSL	0:1239e9b70ca2	9935	switch (second) {
wolfSSL	0:1239e9b70ca2	9936
wolfSSL	0:1239e9b70ca2	9937	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	9938	case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	9939	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9940	return 1;
wolfSSL	0:1239e9b70ca2	9941	break;
wolfSSL	0:1239e9b70ca2	9942
wolfSSL	0:1239e9b70ca2	9943	case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	9944	if (requirement == REQUIRES_NTRU)
wolfSSL	0:1239e9b70ca2	9945	return 1;
wolfSSL	0:1239e9b70ca2	9946	break;
wolfSSL	0:1239e9b70ca2	9947
wolfSSL	0:1239e9b70ca2	9948	case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL	0:1239e9b70ca2	9949	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9950	return 1;
wolfSSL	0:1239e9b70ca2	9951	break;
wolfSSL	0:1239e9b70ca2	9952
wolfSSL	0:1239e9b70ca2	9953	case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9954	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9955	return 1;
wolfSSL	0:1239e9b70ca2	9956	break;
wolfSSL	0:1239e9b70ca2	9957
wolfSSL	0:1239e9b70ca2	9958	case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9959	if (requirement == REQUIRES_NTRU)
wolfSSL	0:1239e9b70ca2	9960	return 1;
wolfSSL	0:1239e9b70ca2	9961	break;
wolfSSL	0:1239e9b70ca2	9962
wolfSSL	0:1239e9b70ca2	9963	case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9964	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9965	return 1;
wolfSSL	0:1239e9b70ca2	9966	break;
wolfSSL	0:1239e9b70ca2	9967
wolfSSL	0:1239e9b70ca2	9968	case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	9969	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9970	return 1;
wolfSSL	0:1239e9b70ca2	9971	break;
wolfSSL	0:1239e9b70ca2	9972
wolfSSL	0:1239e9b70ca2	9973	case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9974	if (requirement == REQUIRES_NTRU)
wolfSSL	0:1239e9b70ca2	9975	return 1;
wolfSSL	0:1239e9b70ca2	9976	break;
wolfSSL	0:1239e9b70ca2	9977
wolfSSL	0:1239e9b70ca2	9978	case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9979	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9980	return 1;
wolfSSL	0:1239e9b70ca2	9981	break;
wolfSSL	0:1239e9b70ca2	9982
wolfSSL	0:1239e9b70ca2	9983	case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	9984	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9985	return 1;
wolfSSL	0:1239e9b70ca2	9986	break;
wolfSSL	0:1239e9b70ca2	9987
wolfSSL	0:1239e9b70ca2	9988	case TLS_RSA_WITH_NULL_SHA :
wolfSSL	0:1239e9b70ca2	9989	case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL	0:1239e9b70ca2	9990	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	9991	return 1;
wolfSSL	0:1239e9b70ca2	9992	break;
wolfSSL	0:1239e9b70ca2	9993
wolfSSL	0:1239e9b70ca2	9994	case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	9995	if (requirement == REQUIRES_NTRU)
wolfSSL	0:1239e9b70ca2	9996	return 1;
wolfSSL	0:1239e9b70ca2	9997	break;
wolfSSL	0:1239e9b70ca2	9998	#endif
wolfSSL	0:1239e9b70ca2	9999
wolfSSL	0:1239e9b70ca2	10000	case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	10001	case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	10002	case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	10003	case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL	0:1239e9b70ca2	10004	case TLS_PSK_WITH_NULL_SHA :
wolfSSL	0:1239e9b70ca2	10005	if (requirement == REQUIRES_PSK)
wolfSSL	0:1239e9b70ca2	10006	return 1;
wolfSSL	0:1239e9b70ca2	10007	break;
wolfSSL	0:1239e9b70ca2	10008
wolfSSL	0:1239e9b70ca2	10009	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	10010	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	10011	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10012	return 1;
wolfSSL	0:1239e9b70ca2	10013	if (requirement == REQUIRES_DHE)
wolfSSL	0:1239e9b70ca2	10014	return 1;
wolfSSL	0:1239e9b70ca2	10015	break;
wolfSSL	0:1239e9b70ca2	10016
wolfSSL	0:1239e9b70ca2	10017	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	10018	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10019	return 1;
wolfSSL	0:1239e9b70ca2	10020	if (requirement == REQUIRES_DHE)
wolfSSL	0:1239e9b70ca2	10021	return 1;
wolfSSL	0:1239e9b70ca2	10022	break;
wolfSSL	0:1239e9b70ca2	10023
wolfSSL	0:1239e9b70ca2	10024	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	10025	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10026	return 1;
wolfSSL	0:1239e9b70ca2	10027	if (requirement == REQUIRES_DHE)
wolfSSL	0:1239e9b70ca2	10028	return 1;
wolfSSL	0:1239e9b70ca2	10029	break;
wolfSSL	0:1239e9b70ca2	10030
wolfSSL	0:1239e9b70ca2	10031	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	10032	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10033	return 1;
wolfSSL	0:1239e9b70ca2	10034	if (requirement == REQUIRES_DHE)
wolfSSL	0:1239e9b70ca2	10035	return 1;
wolfSSL	0:1239e9b70ca2	10036	break;
wolfSSL	0:1239e9b70ca2	10037
wolfSSL	0:1239e9b70ca2	10038	case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL	0:1239e9b70ca2	10039	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10040	return 1;
wolfSSL	0:1239e9b70ca2	10041	break;
wolfSSL	0:1239e9b70ca2	10042
wolfSSL	0:1239e9b70ca2	10043	case TLS_RSA_WITH_HC_128_SHA :
wolfSSL	0:1239e9b70ca2	10044	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10045	return 1;
wolfSSL	0:1239e9b70ca2	10046	break;
wolfSSL	0:1239e9b70ca2	10047
wolfSSL	0:1239e9b70ca2	10048	case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL	0:1239e9b70ca2	10049	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10050	return 1;
wolfSSL	0:1239e9b70ca2	10051	break;
wolfSSL	0:1239e9b70ca2	10052
wolfSSL	0:1239e9b70ca2	10053	case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL	0:1239e9b70ca2	10054	case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL	0:1239e9b70ca2	10055	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10056	return 1;
wolfSSL	0:1239e9b70ca2	10057	break;
wolfSSL	0:1239e9b70ca2	10058
wolfSSL	0:1239e9b70ca2	10059	case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL	0:1239e9b70ca2	10060	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10061	return 1;
wolfSSL	0:1239e9b70ca2	10062	break;
wolfSSL	0:1239e9b70ca2	10063
wolfSSL	0:1239e9b70ca2	10064	case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	10065	case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	10066	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10067	return 1;
wolfSSL	0:1239e9b70ca2	10068	break;
wolfSSL	0:1239e9b70ca2	10069
wolfSSL	0:1239e9b70ca2	10070	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	10071	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	10072	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10073	return 1;
wolfSSL	0:1239e9b70ca2	10074	if (requirement == REQUIRES_DHE)
wolfSSL	0:1239e9b70ca2	10075	return 1;
wolfSSL	0:1239e9b70ca2	10076	break;
wolfSSL	0:1239e9b70ca2	10077
wolfSSL	0:1239e9b70ca2	10078	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	10079	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	10080	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	10081	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	10082	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10083	return 1;
wolfSSL	0:1239e9b70ca2	10084	break;
wolfSSL	0:1239e9b70ca2	10085
wolfSSL	0:1239e9b70ca2	10086	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	10087	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	10088	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	10089	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	10090	if (requirement == REQUIRES_RSA)
wolfSSL	0:1239e9b70ca2	10091	return 1;
wolfSSL	0:1239e9b70ca2	10092	if (requirement == REQUIRES_RSA_SIG)
wolfSSL	0:1239e9b70ca2	10093	return 1;
wolfSSL	0:1239e9b70ca2	10094	if (requirement == REQUIRES_DHE)
wolfSSL	0:1239e9b70ca2	10095	return 1;
wolfSSL	0:1239e9b70ca2	10096	break;
wolfSSL	0:1239e9b70ca2	10097	#endif
wolfSSL	0:1239e9b70ca2	10098
wolfSSL	0:1239e9b70ca2	10099	default:
wolfSSL	0:1239e9b70ca2	10100	CYASSL_MSG("Unsupported cipher suite, CipherRequires");
wolfSSL	0:1239e9b70ca2	10101	return 0;
wolfSSL	0:1239e9b70ca2	10102	} /* switch */
wolfSSL	0:1239e9b70ca2	10103	} /* if ECC / Normal suites else */
wolfSSL	0:1239e9b70ca2	10104
wolfSSL	0:1239e9b70ca2	10105	return 0;
wolfSSL	0:1239e9b70ca2	10106	}
wolfSSL	0:1239e9b70ca2	10107
wolfSSL	0:1239e9b70ca2	10108
wolfSSL	0:1239e9b70ca2	10109	/* Make sure client setup is valid for this suite, true on success */
wolfSSL	0:1239e9b70ca2	10110	int VerifyClientSuite(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	10111	{
wolfSSL	0:1239e9b70ca2	10112	int havePSK = 0;
wolfSSL	0:1239e9b70ca2	10113	byte first = ssl->options.cipherSuite0;
wolfSSL	0:1239e9b70ca2	10114	byte second = ssl->options.cipherSuite;
wolfSSL	0:1239e9b70ca2	10115
wolfSSL	0:1239e9b70ca2	10116	CYASSL_ENTER("VerifyClientSuite");
wolfSSL	0:1239e9b70ca2	10117
wolfSSL	0:1239e9b70ca2	10118	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	10119	havePSK = ssl->options.havePSK;
wolfSSL	0:1239e9b70ca2	10120	#endif
wolfSSL	0:1239e9b70ca2	10121
wolfSSL	0:1239e9b70ca2	10122	if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL	0:1239e9b70ca2	10123	CYASSL_MSG("Requires PSK");
wolfSSL	0:1239e9b70ca2	10124	if (havePSK == 0) {
wolfSSL	0:1239e9b70ca2	10125	CYASSL_MSG("Don't have PSK");
wolfSSL	0:1239e9b70ca2	10126	return 0;
wolfSSL	0:1239e9b70ca2	10127	}
wolfSSL	0:1239e9b70ca2	10128	}
wolfSSL	0:1239e9b70ca2	10129
wolfSSL	0:1239e9b70ca2	10130	return 1; /* success */
wolfSSL	0:1239e9b70ca2	10131	}
wolfSSL	0:1239e9b70ca2	10132
wolfSSL	0:1239e9b70ca2	10133
wolfSSL	0:1239e9b70ca2	10134	/* Make sure server cert/key are valid for this suite, true on success */
wolfSSL	0:1239e9b70ca2	10135	static int VerifyServerSuite(CYASSL* ssl, word16 idx)
wolfSSL	0:1239e9b70ca2	10136	{
wolfSSL	0:1239e9b70ca2	10137	int haveRSA = !ssl->options.haveStaticECC;
wolfSSL	0:1239e9b70ca2	10138	int havePSK = 0;
wolfSSL	0:1239e9b70ca2	10139	byte first;
wolfSSL	0:1239e9b70ca2	10140	byte second;
wolfSSL	0:1239e9b70ca2	10141
wolfSSL	0:1239e9b70ca2	10142	CYASSL_ENTER("VerifyServerSuite");
wolfSSL	0:1239e9b70ca2	10143
wolfSSL	0:1239e9b70ca2	10144	if (ssl->suites == NULL) {
wolfSSL	0:1239e9b70ca2	10145	CYASSL_MSG("Suites pointer error");
wolfSSL	0:1239e9b70ca2	10146	return 0;
wolfSSL	0:1239e9b70ca2	10147	}
wolfSSL	0:1239e9b70ca2	10148
wolfSSL	0:1239e9b70ca2	10149	first = ssl->suites->suites[idx];
wolfSSL	0:1239e9b70ca2	10150	second = ssl->suites->suites[idx+1];
wolfSSL	0:1239e9b70ca2	10151
wolfSSL	0:1239e9b70ca2	10152	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	10153	havePSK = ssl->options.havePSK;
wolfSSL	0:1239e9b70ca2	10154	#endif
wolfSSL	0:1239e9b70ca2	10155
wolfSSL	0:1239e9b70ca2	10156	if (ssl->options.haveNTRU)
wolfSSL	0:1239e9b70ca2	10157	haveRSA = 0;
wolfSSL	0:1239e9b70ca2	10158
wolfSSL	0:1239e9b70ca2	10159	if (CipherRequires(first, second, REQUIRES_RSA)) {
wolfSSL	0:1239e9b70ca2	10160	CYASSL_MSG("Requires RSA");
wolfSSL	0:1239e9b70ca2	10161	if (haveRSA == 0) {
wolfSSL	0:1239e9b70ca2	10162	CYASSL_MSG("Don't have RSA");
wolfSSL	0:1239e9b70ca2	10163	return 0;
wolfSSL	0:1239e9b70ca2	10164	}
wolfSSL	0:1239e9b70ca2	10165	}
wolfSSL	0:1239e9b70ca2	10166
wolfSSL	0:1239e9b70ca2	10167	if (CipherRequires(first, second, REQUIRES_DHE)) {
wolfSSL	0:1239e9b70ca2	10168	CYASSL_MSG("Requires DHE");
wolfSSL	0:1239e9b70ca2	10169	if (ssl->options.haveDH == 0) {
wolfSSL	0:1239e9b70ca2	10170	CYASSL_MSG("Don't have DHE");
wolfSSL	0:1239e9b70ca2	10171	return 0;
wolfSSL	0:1239e9b70ca2	10172	}
wolfSSL	0:1239e9b70ca2	10173	}
wolfSSL	0:1239e9b70ca2	10174
wolfSSL	0:1239e9b70ca2	10175	if (CipherRequires(first, second, REQUIRES_ECC_DSA)) {
wolfSSL	0:1239e9b70ca2	10176	CYASSL_MSG("Requires ECCDSA");
wolfSSL	0:1239e9b70ca2	10177	if (ssl->options.haveECDSAsig == 0) {
wolfSSL	0:1239e9b70ca2	10178	CYASSL_MSG("Don't have ECCDSA");
wolfSSL	0:1239e9b70ca2	10179	return 0;
wolfSSL	0:1239e9b70ca2	10180	}
wolfSSL	0:1239e9b70ca2	10181	}
wolfSSL	0:1239e9b70ca2	10182
wolfSSL	0:1239e9b70ca2	10183	if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
wolfSSL	0:1239e9b70ca2	10184	CYASSL_MSG("Requires static ECC");
wolfSSL	0:1239e9b70ca2	10185	if (ssl->options.haveStaticECC == 0) {
wolfSSL	0:1239e9b70ca2	10186	CYASSL_MSG("Don't have static ECC");
wolfSSL	0:1239e9b70ca2	10187	return 0;
wolfSSL	0:1239e9b70ca2	10188	}
wolfSSL	0:1239e9b70ca2	10189	}
wolfSSL	0:1239e9b70ca2	10190
wolfSSL	0:1239e9b70ca2	10191	if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL	0:1239e9b70ca2	10192	CYASSL_MSG("Requires PSK");
wolfSSL	0:1239e9b70ca2	10193	if (havePSK == 0) {
wolfSSL	0:1239e9b70ca2	10194	CYASSL_MSG("Don't have PSK");
wolfSSL	0:1239e9b70ca2	10195	return 0;
wolfSSL	0:1239e9b70ca2	10196	}
wolfSSL	0:1239e9b70ca2	10197	}
wolfSSL	0:1239e9b70ca2	10198
wolfSSL	0:1239e9b70ca2	10199	if (CipherRequires(first, second, REQUIRES_NTRU)) {
wolfSSL	0:1239e9b70ca2	10200	CYASSL_MSG("Requires NTRU");
wolfSSL	0:1239e9b70ca2	10201	if (ssl->options.haveNTRU == 0) {
wolfSSL	0:1239e9b70ca2	10202	CYASSL_MSG("Don't have NTRU");
wolfSSL	0:1239e9b70ca2	10203	return 0;
wolfSSL	0:1239e9b70ca2	10204	}
wolfSSL	0:1239e9b70ca2	10205	}
wolfSSL	0:1239e9b70ca2	10206
wolfSSL	0:1239e9b70ca2	10207	if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
wolfSSL	0:1239e9b70ca2	10208	CYASSL_MSG("Requires RSA Signature");
wolfSSL	0:1239e9b70ca2	10209	if (ssl->options.side == CYASSL_SERVER_END &&
wolfSSL	0:1239e9b70ca2	10210	ssl->options.haveECDSAsig == 1) {
wolfSSL	0:1239e9b70ca2	10211	CYASSL_MSG("Don't have RSA Signature");
wolfSSL	0:1239e9b70ca2	10212	return 0;
wolfSSL	0:1239e9b70ca2	10213	}
wolfSSL	0:1239e9b70ca2	10214	}
wolfSSL	0:1239e9b70ca2	10215
wolfSSL	0:1239e9b70ca2	10216	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	0:1239e9b70ca2	10217	if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
wolfSSL	0:1239e9b70ca2	10218	CYASSL_MSG("Don't have matching curves");
wolfSSL	0:1239e9b70ca2	10219	return 0;
wolfSSL	0:1239e9b70ca2	10220	}
wolfSSL	0:1239e9b70ca2	10221	#endif
wolfSSL	0:1239e9b70ca2	10222
wolfSSL	0:1239e9b70ca2	10223	/* ECCDHE is always supported if ECC on */
wolfSSL	0:1239e9b70ca2	10224
wolfSSL	0:1239e9b70ca2	10225	return 1;
wolfSSL	0:1239e9b70ca2	10226	}
wolfSSL	0:1239e9b70ca2	10227
wolfSSL	0:1239e9b70ca2	10228
wolfSSL	0:1239e9b70ca2	10229	static int MatchSuite(CYASSL* ssl, Suites* peerSuites)
wolfSSL	0:1239e9b70ca2	10230	{
wolfSSL	0:1239e9b70ca2	10231	word16 i, j;
wolfSSL	0:1239e9b70ca2	10232
wolfSSL	0:1239e9b70ca2	10233	CYASSL_ENTER("MatchSuite");
wolfSSL	0:1239e9b70ca2	10234
wolfSSL	0:1239e9b70ca2	10235	/* & 0x1 equivalent % 2 */
wolfSSL	0:1239e9b70ca2	10236	if (peerSuites->suiteSz == 0 \|\| peerSuites->suiteSz & 0x1)
wolfSSL	0:1239e9b70ca2	10237	return MATCH_SUITE_ERROR;
wolfSSL	0:1239e9b70ca2	10238
wolfSSL	0:1239e9b70ca2	10239	if (ssl->suites == NULL)
wolfSSL	0:1239e9b70ca2	10240	return SUITES_ERROR;
wolfSSL	0:1239e9b70ca2	10241	/* start with best, if a match we are good */
wolfSSL	0:1239e9b70ca2	10242	for (i = 0; i < ssl->suites->suiteSz; i += 2)
wolfSSL	0:1239e9b70ca2	10243	for (j = 0; j < peerSuites->suiteSz; j += 2)
wolfSSL	0:1239e9b70ca2	10244	if (ssl->suites->suites[i] == peerSuites->suites[j] &&
wolfSSL	0:1239e9b70ca2	10245	ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
wolfSSL	0:1239e9b70ca2	10246
wolfSSL	0:1239e9b70ca2	10247	if (VerifyServerSuite(ssl, i)) {
wolfSSL	0:1239e9b70ca2	10248	int result;
wolfSSL	0:1239e9b70ca2	10249	CYASSL_MSG("Verified suite validity");
wolfSSL	0:1239e9b70ca2	10250	ssl->options.cipherSuite0 = ssl->suites->suites[i];
wolfSSL	0:1239e9b70ca2	10251	ssl->options.cipherSuite = ssl->suites->suites[i+1];
wolfSSL	0:1239e9b70ca2	10252	result = SetCipherSpecs(ssl);
wolfSSL	0:1239e9b70ca2	10253	if (result == 0)
wolfSSL	0:1239e9b70ca2	10254	PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
wolfSSL	0:1239e9b70ca2	10255	peerSuites->hashSigAlgoSz);
wolfSSL	0:1239e9b70ca2	10256	return result;
wolfSSL	0:1239e9b70ca2	10257	}
wolfSSL	0:1239e9b70ca2	10258	else {
wolfSSL	0:1239e9b70ca2	10259	CYASSL_MSG("Could not verify suite validity, continue");
wolfSSL	0:1239e9b70ca2	10260	}
wolfSSL	0:1239e9b70ca2	10261	}
wolfSSL	0:1239e9b70ca2	10262
wolfSSL	0:1239e9b70ca2	10263	return MATCH_SUITE_ERROR;
wolfSSL	0:1239e9b70ca2	10264	}
wolfSSL	0:1239e9b70ca2	10265
wolfSSL	0:1239e9b70ca2	10266
wolfSSL	0:1239e9b70ca2	10267	/* process old style client hello, deprecate? */
wolfSSL	0:1239e9b70ca2	10268	int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	10269	word32 inSz, word16 sz)
wolfSSL	0:1239e9b70ca2	10270	{
wolfSSL	0:1239e9b70ca2	10271	word32 idx = *inOutIdx;
wolfSSL	0:1239e9b70ca2	10272	word16 sessionSz;
wolfSSL	0:1239e9b70ca2	10273	word16 randomSz;
wolfSSL	0:1239e9b70ca2	10274	word16 i, j;
wolfSSL	0:1239e9b70ca2	10275	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	10276	Suites clSuites;
wolfSSL	0:1239e9b70ca2	10277
wolfSSL	0:1239e9b70ca2	10278	(void)inSz;
wolfSSL	0:1239e9b70ca2	10279	CYASSL_MSG("Got old format client hello");
wolfSSL	0:1239e9b70ca2	10280	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	10281	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	10282	AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	10283	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	10284	AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	10285	#endif
wolfSSL	0:1239e9b70ca2	10286
wolfSSL	0:1239e9b70ca2	10287	/* manually hash input since different format */
wolfSSL	0:1239e9b70ca2	10288	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	10289	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	10290	Md5Update(&ssl->hashMd5, input + idx, sz);
wolfSSL	0:1239e9b70ca2	10291	#endif
wolfSSL	0:1239e9b70ca2	10292	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	10293	ShaUpdate(&ssl->hashSha, input + idx, sz);
wolfSSL	0:1239e9b70ca2	10294	#endif
wolfSSL	0:1239e9b70ca2	10295	#endif
wolfSSL	0:1239e9b70ca2	10296	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	10297	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	10298	int shaRet = Sha256Update(&ssl->hashSha256, input + idx, sz);
wolfSSL	0:1239e9b70ca2	10299
wolfSSL	0:1239e9b70ca2	10300	if (shaRet != 0)
wolfSSL	0:1239e9b70ca2	10301	return shaRet;
wolfSSL	0:1239e9b70ca2	10302	}
wolfSSL	0:1239e9b70ca2	10303	#endif
wolfSSL	0:1239e9b70ca2	10304
wolfSSL	0:1239e9b70ca2	10305	/* does this value mean client_hello? */
wolfSSL	0:1239e9b70ca2	10306	idx++;
wolfSSL	0:1239e9b70ca2	10307
wolfSSL	0:1239e9b70ca2	10308	/* version */
wolfSSL	0:1239e9b70ca2	10309	pv.major = input[idx++];
wolfSSL	0:1239e9b70ca2	10310	pv.minor = input[idx++];
wolfSSL	0:1239e9b70ca2	10311	ssl->chVersion = pv; /* store */
wolfSSL	0:1239e9b70ca2	10312
wolfSSL	0:1239e9b70ca2	10313	if (ssl->version.minor > pv.minor) {
wolfSSL	0:1239e9b70ca2	10314	byte haveRSA = 0;
wolfSSL	0:1239e9b70ca2	10315	byte havePSK = 0;
wolfSSL	0:1239e9b70ca2	10316	if (!ssl->options.downgrade) {
wolfSSL	0:1239e9b70ca2	10317	CYASSL_MSG("Client trying to connect with lesser version");
wolfSSL	0:1239e9b70ca2	10318	return VERSION_ERROR;
wolfSSL	0:1239e9b70ca2	10319	}
wolfSSL	0:1239e9b70ca2	10320	if (pv.minor == SSLv3_MINOR) {
wolfSSL	0:1239e9b70ca2	10321	/* turn off tls */
wolfSSL	0:1239e9b70ca2	10322	CYASSL_MSG(" downgrading to SSLv3");
wolfSSL	0:1239e9b70ca2	10323	ssl->options.tls = 0;
wolfSSL	0:1239e9b70ca2	10324	ssl->options.tls1_1 = 0;
wolfSSL	0:1239e9b70ca2	10325	ssl->version.minor = SSLv3_MINOR;
wolfSSL	0:1239e9b70ca2	10326	}
wolfSSL	0:1239e9b70ca2	10327	else if (pv.minor == TLSv1_MINOR) {
wolfSSL	0:1239e9b70ca2	10328	CYASSL_MSG(" downgrading to TLSv1");
wolfSSL	0:1239e9b70ca2	10329	/* turn off tls 1.1+ */
wolfSSL	0:1239e9b70ca2	10330	ssl->options.tls1_1 = 0;
wolfSSL	0:1239e9b70ca2	10331	ssl->version.minor = TLSv1_MINOR;
wolfSSL	0:1239e9b70ca2	10332	}
wolfSSL	0:1239e9b70ca2	10333	else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL	0:1239e9b70ca2	10334	CYASSL_MSG(" downgrading to TLSv1.1");
wolfSSL	0:1239e9b70ca2	10335	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	0:1239e9b70ca2	10336	}
wolfSSL	0:1239e9b70ca2	10337	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	10338	haveRSA = 1;
wolfSSL	0:1239e9b70ca2	10339	#endif
wolfSSL	0:1239e9b70ca2	10340	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	10341	havePSK = ssl->options.havePSK;
wolfSSL	0:1239e9b70ca2	10342	#endif
wolfSSL	0:1239e9b70ca2	10343
wolfSSL	0:1239e9b70ca2	10344	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL	0:1239e9b70ca2	10345	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	0:1239e9b70ca2	10346	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL	0:1239e9b70ca2	10347	ssl->options.side);
wolfSSL	0:1239e9b70ca2	10348	}
wolfSSL	0:1239e9b70ca2	10349
wolfSSL	0:1239e9b70ca2	10350	/* suite size */
wolfSSL	0:1239e9b70ca2	10351	ato16(&input[idx], &clSuites.suiteSz);
wolfSSL	0:1239e9b70ca2	10352	idx += 2;
wolfSSL	0:1239e9b70ca2	10353
wolfSSL	0:1239e9b70ca2	10354	if (clSuites.suiteSz > MAX_SUITE_SZ)
wolfSSL	0:1239e9b70ca2	10355	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10356	clSuites.hashSigAlgoSz = 0;
wolfSSL	0:1239e9b70ca2	10357
wolfSSL	0:1239e9b70ca2	10358	/* session size */
wolfSSL	0:1239e9b70ca2	10359	ato16(&input[idx], &sessionSz);
wolfSSL	0:1239e9b70ca2	10360	idx += 2;
wolfSSL	0:1239e9b70ca2	10361
wolfSSL	0:1239e9b70ca2	10362	if (sessionSz > ID_LEN)
wolfSSL	0:1239e9b70ca2	10363	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10364
wolfSSL	0:1239e9b70ca2	10365	/* random size */
wolfSSL	0:1239e9b70ca2	10366	ato16(&input[idx], &randomSz);
wolfSSL	0:1239e9b70ca2	10367	idx += 2;
wolfSSL	0:1239e9b70ca2	10368
wolfSSL	0:1239e9b70ca2	10369	if (randomSz > RAN_LEN)
wolfSSL	0:1239e9b70ca2	10370	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10371
wolfSSL	0:1239e9b70ca2	10372	/* suites */
wolfSSL	0:1239e9b70ca2	10373	for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) {
wolfSSL	0:1239e9b70ca2	10374	byte first = input[idx++];
wolfSSL	0:1239e9b70ca2	10375	if (!first) { /* implicit: skip sslv2 type */
wolfSSL	0:1239e9b70ca2	10376	XMEMCPY(&clSuites.suites[j], &input[idx], 2);
wolfSSL	0:1239e9b70ca2	10377	j += 2;
wolfSSL	0:1239e9b70ca2	10378	}
wolfSSL	0:1239e9b70ca2	10379	idx += 2;
wolfSSL	0:1239e9b70ca2	10380	}
wolfSSL	0:1239e9b70ca2	10381	clSuites.suiteSz = j;
wolfSSL	0:1239e9b70ca2	10382
wolfSSL	0:1239e9b70ca2	10383	/* session id */
wolfSSL	0:1239e9b70ca2	10384	if (sessionSz) {
wolfSSL	0:1239e9b70ca2	10385	XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
wolfSSL	0:1239e9b70ca2	10386	idx += sessionSz;
wolfSSL	0:1239e9b70ca2	10387	ssl->options.resuming = 1;
wolfSSL	0:1239e9b70ca2	10388	}
wolfSSL	0:1239e9b70ca2	10389
wolfSSL	0:1239e9b70ca2	10390	/* random */
wolfSSL	0:1239e9b70ca2	10391	if (randomSz < RAN_LEN)
wolfSSL	0:1239e9b70ca2	10392	XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz);
wolfSSL	0:1239e9b70ca2	10393	XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx,
wolfSSL	0:1239e9b70ca2	10394	randomSz);
wolfSSL	0:1239e9b70ca2	10395	idx += randomSz;
wolfSSL	0:1239e9b70ca2	10396
wolfSSL	0:1239e9b70ca2	10397	if (ssl->options.usingCompression)
wolfSSL	0:1239e9b70ca2	10398	ssl->options.usingCompression = 0; /* turn off */
wolfSSL	0:1239e9b70ca2	10399
wolfSSL	0:1239e9b70ca2	10400	ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL	0:1239e9b70ca2	10401	*inOutIdx = idx;
wolfSSL	0:1239e9b70ca2	10402
wolfSSL	0:1239e9b70ca2	10403	ssl->options.haveSessionId = 1;
wolfSSL	0:1239e9b70ca2	10404	/* DoClientHello uses same resume code */
wolfSSL	0:1239e9b70ca2	10405	if (ssl->options.resuming) { /* let's try */
wolfSSL	0:1239e9b70ca2	10406	int ret = -1;
wolfSSL	0:1239e9b70ca2	10407	CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
wolfSSL	0:1239e9b70ca2	10408	if (!session) {
wolfSSL	0:1239e9b70ca2	10409	CYASSL_MSG("Session lookup for resume failed");
wolfSSL	0:1239e9b70ca2	10410	ssl->options.resuming = 0;
wolfSSL	0:1239e9b70ca2	10411	} else {
wolfSSL	0:1239e9b70ca2	10412	if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL	0:1239e9b70ca2	10413	CYASSL_MSG("Unsupported cipher suite, OldClientHello");
wolfSSL	0:1239e9b70ca2	10414	return UNSUPPORTED_SUITE;
wolfSSL	0:1239e9b70ca2	10415	}
wolfSSL	0:1239e9b70ca2	10416	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	10417	ssl->session = session; / restore session certs. */
wolfSSL	0:1239e9b70ca2	10418	#endif
wolfSSL	0:1239e9b70ca2	10419
wolfSSL	0:1239e9b70ca2	10420	ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL	0:1239e9b70ca2	10421	RAN_LEN);
wolfSSL	0:1239e9b70ca2	10422	if (ret != 0)
wolfSSL	0:1239e9b70ca2	10423	return ret;
wolfSSL	0:1239e9b70ca2	10424
wolfSSL	0:1239e9b70ca2	10425	#ifdef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	10426	ret = DeriveTlsKeys(ssl);
wolfSSL	0:1239e9b70ca2	10427	#else
wolfSSL	0:1239e9b70ca2	10428	#ifndef NO_TLS
wolfSSL	0:1239e9b70ca2	10429	if (ssl->options.tls)
wolfSSL	0:1239e9b70ca2	10430	ret = DeriveTlsKeys(ssl);
wolfSSL	0:1239e9b70ca2	10431	#endif
wolfSSL	0:1239e9b70ca2	10432	if (!ssl->options.tls)
wolfSSL	0:1239e9b70ca2	10433	ret = DeriveKeys(ssl);
wolfSSL	0:1239e9b70ca2	10434	#endif
wolfSSL	0:1239e9b70ca2	10435	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	0:1239e9b70ca2	10436
wolfSSL	0:1239e9b70ca2	10437	return ret;
wolfSSL	0:1239e9b70ca2	10438	}
wolfSSL	0:1239e9b70ca2	10439	}
wolfSSL	0:1239e9b70ca2	10440
wolfSSL	0:1239e9b70ca2	10441	return MatchSuite(ssl, &clSuites);
wolfSSL	0:1239e9b70ca2	10442	}
wolfSSL	0:1239e9b70ca2	10443
wolfSSL	0:1239e9b70ca2	10444
wolfSSL	0:1239e9b70ca2	10445	static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	10446	word32 helloSz)
wolfSSL	0:1239e9b70ca2	10447	{
wolfSSL	0:1239e9b70ca2	10448	byte b;
wolfSSL	0:1239e9b70ca2	10449	ProtocolVersion pv;
wolfSSL	0:1239e9b70ca2	10450	Suites clSuites;
wolfSSL	0:1239e9b70ca2	10451	word32 i = *inOutIdx;
wolfSSL	0:1239e9b70ca2	10452	word32 begin = i;
wolfSSL	0:1239e9b70ca2	10453
wolfSSL	0:1239e9b70ca2	10454	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	10455	if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	10456	if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	10457	#endif
wolfSSL	0:1239e9b70ca2	10458
wolfSSL	0:1239e9b70ca2	10459	/* protocol version, random and session id length check */
wolfSSL	0:1239e9b70ca2	10460	if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	10461	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10462
wolfSSL	0:1239e9b70ca2	10463	/* protocol version */
wolfSSL	0:1239e9b70ca2	10464	XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL	0:1239e9b70ca2	10465	ssl->chVersion = pv; /* store */
wolfSSL	0:1239e9b70ca2	10466	i += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	10467
wolfSSL	0:1239e9b70ca2	10468	if (ssl->version.minor > pv.minor) {
wolfSSL	0:1239e9b70ca2	10469	byte haveRSA = 0;
wolfSSL	0:1239e9b70ca2	10470	byte havePSK = 0;
wolfSSL	0:1239e9b70ca2	10471
wolfSSL	0:1239e9b70ca2	10472	if (!ssl->options.downgrade) {
wolfSSL	0:1239e9b70ca2	10473	CYASSL_MSG("Client trying to connect with lesser version");
wolfSSL	0:1239e9b70ca2	10474	return VERSION_ERROR;
wolfSSL	0:1239e9b70ca2	10475	}
wolfSSL	0:1239e9b70ca2	10476
wolfSSL	0:1239e9b70ca2	10477	if (pv.minor == SSLv3_MINOR) {
wolfSSL	0:1239e9b70ca2	10478	/* turn off tls */
wolfSSL	0:1239e9b70ca2	10479	CYASSL_MSG(" downgrading to SSLv3");
wolfSSL	0:1239e9b70ca2	10480	ssl->options.tls = 0;
wolfSSL	0:1239e9b70ca2	10481	ssl->options.tls1_1 = 0;
wolfSSL	0:1239e9b70ca2	10482	ssl->version.minor = SSLv3_MINOR;
wolfSSL	0:1239e9b70ca2	10483	}
wolfSSL	0:1239e9b70ca2	10484	else if (pv.minor == TLSv1_MINOR) {
wolfSSL	0:1239e9b70ca2	10485	/* turn off tls 1.1+ */
wolfSSL	0:1239e9b70ca2	10486	CYASSL_MSG(" downgrading to TLSv1");
wolfSSL	0:1239e9b70ca2	10487	ssl->options.tls1_1 = 0;
wolfSSL	0:1239e9b70ca2	10488	ssl->version.minor = TLSv1_MINOR;
wolfSSL	0:1239e9b70ca2	10489	}
wolfSSL	0:1239e9b70ca2	10490	else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL	0:1239e9b70ca2	10491	CYASSL_MSG(" downgrading to TLSv1.1");
wolfSSL	0:1239e9b70ca2	10492	ssl->version.minor = TLSv1_1_MINOR;
wolfSSL	0:1239e9b70ca2	10493	}
wolfSSL	0:1239e9b70ca2	10494	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	10495	haveRSA = 1;
wolfSSL	0:1239e9b70ca2	10496	#endif
wolfSSL	0:1239e9b70ca2	10497	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	10498	havePSK = ssl->options.havePSK;
wolfSSL	0:1239e9b70ca2	10499	#endif
wolfSSL	0:1239e9b70ca2	10500	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL	0:1239e9b70ca2	10501	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	0:1239e9b70ca2	10502	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL	0:1239e9b70ca2	10503	ssl->options.side);
wolfSSL	0:1239e9b70ca2	10504	}
wolfSSL	0:1239e9b70ca2	10505
wolfSSL	0:1239e9b70ca2	10506	/* random */
wolfSSL	0:1239e9b70ca2	10507	XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
wolfSSL	0:1239e9b70ca2	10508	i += RAN_LEN;
wolfSSL	0:1239e9b70ca2	10509
wolfSSL	0:1239e9b70ca2	10510	#ifdef SHOW_SECRETS
wolfSSL	0:1239e9b70ca2	10511	{
wolfSSL	0:1239e9b70ca2	10512	int j;
wolfSSL	0:1239e9b70ca2	10513	printf("client random: ");
wolfSSL	0:1239e9b70ca2	10514	for (j = 0; j < RAN_LEN; j++)
wolfSSL	0:1239e9b70ca2	10515	printf("%02x", ssl->arrays->clientRandom[j]);
wolfSSL	0:1239e9b70ca2	10516	printf("\n");
wolfSSL	0:1239e9b70ca2	10517	}
wolfSSL	0:1239e9b70ca2	10518	#endif
wolfSSL	0:1239e9b70ca2	10519
wolfSSL	0:1239e9b70ca2	10520	/* session id */
wolfSSL	0:1239e9b70ca2	10521	b = input[i++];
wolfSSL	0:1239e9b70ca2	10522
wolfSSL	0:1239e9b70ca2	10523	if (b == ID_LEN) {
wolfSSL	0:1239e9b70ca2	10524	if ((i - begin) + ID_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	10525	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10526
wolfSSL	0:1239e9b70ca2	10527	XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
wolfSSL	0:1239e9b70ca2	10528	i += ID_LEN;
wolfSSL	0:1239e9b70ca2	10529	ssl->options.resuming = 1; /* client wants to resume */
wolfSSL	0:1239e9b70ca2	10530	CYASSL_MSG("Client wants to resume session");
wolfSSL	0:1239e9b70ca2	10531	}
wolfSSL	0:1239e9b70ca2	10532	else if (b) {
wolfSSL	0:1239e9b70ca2	10533	CYASSL_MSG("Invalid session ID size");
wolfSSL	0:1239e9b70ca2	10534	return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
wolfSSL	0:1239e9b70ca2	10535	}
wolfSSL	0:1239e9b70ca2	10536
wolfSSL	0:1239e9b70ca2	10537	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	10538	/* cookie */
wolfSSL	0:1239e9b70ca2	10539	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	10540
wolfSSL	0:1239e9b70ca2	10541	if ((i - begin) + OPAQUE8_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	10542	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10543
wolfSSL	0:1239e9b70ca2	10544	b = input[i++];
wolfSSL	0:1239e9b70ca2	10545
wolfSSL	0:1239e9b70ca2	10546	if (b) {
wolfSSL	0:1239e9b70ca2	10547	byte cookie[MAX_COOKIE_LEN];
wolfSSL	0:1239e9b70ca2	10548
wolfSSL	0:1239e9b70ca2	10549	if (b > MAX_COOKIE_LEN)
wolfSSL	0:1239e9b70ca2	10550	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10551
wolfSSL	0:1239e9b70ca2	10552	if ((i - begin) + b > helloSz)
wolfSSL	0:1239e9b70ca2	10553	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10554
wolfSSL	0:1239e9b70ca2	10555	if (ssl->ctx->CBIOCookie == NULL) {
wolfSSL	0:1239e9b70ca2	10556	CYASSL_MSG("Your Cookie callback is null, please set");
wolfSSL	0:1239e9b70ca2	10557	return COOKIE_ERROR;
wolfSSL	0:1239e9b70ca2	10558	}
wolfSSL	0:1239e9b70ca2	10559
wolfSSL	0:1239e9b70ca2	10560	if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ,
wolfSSL	0:1239e9b70ca2	10561	ssl->IOCB_CookieCtx) != COOKIE_SZ)
wolfSSL	0:1239e9b70ca2	10562	\|\| (b != COOKIE_SZ)
wolfSSL	0:1239e9b70ca2	10563	\|\| (XMEMCMP(cookie, input + i, b) != 0)) {
wolfSSL	0:1239e9b70ca2	10564	return COOKIE_ERROR;
wolfSSL	0:1239e9b70ca2	10565	}
wolfSSL	0:1239e9b70ca2	10566
wolfSSL	0:1239e9b70ca2	10567	i += b;
wolfSSL	0:1239e9b70ca2	10568	}
wolfSSL	0:1239e9b70ca2	10569	}
wolfSSL	0:1239e9b70ca2	10570	#endif
wolfSSL	0:1239e9b70ca2	10571
wolfSSL	0:1239e9b70ca2	10572	/* suites */
wolfSSL	0:1239e9b70ca2	10573	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	10574	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10575
wolfSSL	0:1239e9b70ca2	10576	ato16(&input[i], &clSuites.suiteSz);
wolfSSL	0:1239e9b70ca2	10577	i += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	10578
wolfSSL	0:1239e9b70ca2	10579	/* suites and compression length check */
wolfSSL	0:1239e9b70ca2	10580	if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	10581	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10582
wolfSSL	0:1239e9b70ca2	10583	if (clSuites.suiteSz > MAX_SUITE_SZ)
wolfSSL	0:1239e9b70ca2	10584	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10585
wolfSSL	0:1239e9b70ca2	10586	XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
wolfSSL	0:1239e9b70ca2	10587	i += clSuites.suiteSz;
wolfSSL	0:1239e9b70ca2	10588	clSuites.hashSigAlgoSz = 0;
wolfSSL	0:1239e9b70ca2	10589
wolfSSL	0:1239e9b70ca2	10590	/* compression length */
wolfSSL	0:1239e9b70ca2	10591	b = input[i++];
wolfSSL	0:1239e9b70ca2	10592
wolfSSL	0:1239e9b70ca2	10593	if ((i - begin) + b > helloSz)
wolfSSL	0:1239e9b70ca2	10594	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10595
wolfSSL	0:1239e9b70ca2	10596	if (ssl->options.usingCompression) {
wolfSSL	0:1239e9b70ca2	10597	int match = 0;
wolfSSL	0:1239e9b70ca2	10598
wolfSSL	0:1239e9b70ca2	10599	while (b--) {
wolfSSL	0:1239e9b70ca2	10600	byte comp = input[i++];
wolfSSL	0:1239e9b70ca2	10601
wolfSSL	0:1239e9b70ca2	10602	if (comp == ZLIB_COMPRESSION)
wolfSSL	0:1239e9b70ca2	10603	match = 1;
wolfSSL	0:1239e9b70ca2	10604	}
wolfSSL	0:1239e9b70ca2	10605
wolfSSL	0:1239e9b70ca2	10606	if (!match) {
wolfSSL	0:1239e9b70ca2	10607	CYASSL_MSG("Not matching compression, turning off");
wolfSSL	0:1239e9b70ca2	10608	ssl->options.usingCompression = 0; /* turn off */
wolfSSL	0:1239e9b70ca2	10609	}
wolfSSL	0:1239e9b70ca2	10610	}
wolfSSL	0:1239e9b70ca2	10611	else
wolfSSL	0:1239e9b70ca2	10612	i += b; /* ignore, since we're not on */
wolfSSL	0:1239e9b70ca2	10613
wolfSSL	0:1239e9b70ca2	10614	*inOutIdx = i;
wolfSSL	0:1239e9b70ca2	10615
wolfSSL	0:1239e9b70ca2	10616	/* tls extensions */
wolfSSL	0:1239e9b70ca2	10617	if ((i - begin) < helloSz) {
wolfSSL	0:1239e9b70ca2	10618	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	10619	if (IsTLS(ssl)) {
wolfSSL	0:1239e9b70ca2	10620	int ret = 0;
wolfSSL	0:1239e9b70ca2	10621	#else
wolfSSL	0:1239e9b70ca2	10622	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	10623	#endif
wolfSSL	0:1239e9b70ca2	10624	/* Process the hello extension. Skip unsupported. */
wolfSSL	0:1239e9b70ca2	10625	word16 totalExtSz;
wolfSSL	0:1239e9b70ca2	10626
wolfSSL	0:1239e9b70ca2	10627	if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL	0:1239e9b70ca2	10628	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10629
wolfSSL	0:1239e9b70ca2	10630	ato16(&input[i], &totalExtSz);
wolfSSL	0:1239e9b70ca2	10631	i += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	10632
wolfSSL	0:1239e9b70ca2	10633	if ((i - begin) + totalExtSz > helloSz)
wolfSSL	0:1239e9b70ca2	10634	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10635
wolfSSL	0:1239e9b70ca2	10636	#ifdef HAVE_TLS_EXTENSIONS
wolfSSL	0:1239e9b70ca2	10637	if ((ret = TLSX_Parse(ssl, (byte *) input + i,
wolfSSL	0:1239e9b70ca2	10638	totalExtSz, 1, &clSuites)))
wolfSSL	0:1239e9b70ca2	10639	return ret;
wolfSSL	0:1239e9b70ca2	10640
wolfSSL	0:1239e9b70ca2	10641	i += totalExtSz;
wolfSSL	0:1239e9b70ca2	10642	#else
wolfSSL	0:1239e9b70ca2	10643	while (totalExtSz) {
wolfSSL	0:1239e9b70ca2	10644	word16 extId, extSz;
wolfSSL	0:1239e9b70ca2	10645
wolfSSL	0:1239e9b70ca2	10646	if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL	0:1239e9b70ca2	10647	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10648
wolfSSL	0:1239e9b70ca2	10649	ato16(&input[i], &extId);
wolfSSL	0:1239e9b70ca2	10650	i += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	10651	ato16(&input[i], &extSz);
wolfSSL	0:1239e9b70ca2	10652	i += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	10653
wolfSSL	0:1239e9b70ca2	10654	if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL	0:1239e9b70ca2	10655	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10656
wolfSSL	0:1239e9b70ca2	10657	if (extId == HELLO_EXT_SIG_ALGO) {
wolfSSL	0:1239e9b70ca2	10658	ato16(&input[i], &clSuites.hashSigAlgoSz);
wolfSSL	0:1239e9b70ca2	10659	i += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	10660
wolfSSL	0:1239e9b70ca2	10661	if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
wolfSSL	0:1239e9b70ca2	10662	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10663
wolfSSL	0:1239e9b70ca2	10664	XMEMCPY(clSuites.hashSigAlgo, &input[i],
wolfSSL	0:1239e9b70ca2	10665	min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
wolfSSL	0:1239e9b70ca2	10666	i += clSuites.hashSigAlgoSz;
wolfSSL	0:1239e9b70ca2	10667	}
wolfSSL	0:1239e9b70ca2	10668	else
wolfSSL	0:1239e9b70ca2	10669	i += extSz;
wolfSSL	0:1239e9b70ca2	10670
wolfSSL	0:1239e9b70ca2	10671	totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL	0:1239e9b70ca2	10672	}
wolfSSL	0:1239e9b70ca2	10673	#endif
wolfSSL	0:1239e9b70ca2	10674	*inOutIdx = i;
wolfSSL	0:1239e9b70ca2	10675	}
wolfSSL	0:1239e9b70ca2	10676	else
wolfSSL	0:1239e9b70ca2	10677	inOutIdx = begin + helloSz; / skip extensions */
wolfSSL	0:1239e9b70ca2	10678	}
wolfSSL	0:1239e9b70ca2	10679
wolfSSL	0:1239e9b70ca2	10680	ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL	0:1239e9b70ca2	10681	ssl->options.haveSessionId = 1;
wolfSSL	0:1239e9b70ca2	10682
wolfSSL	0:1239e9b70ca2	10683	/* ProcessOld uses same resume code */
wolfSSL	0:1239e9b70ca2	10684	if (ssl->options.resuming && (!ssl->options.dtls \|\|
wolfSSL	0:1239e9b70ca2	10685	ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
wolfSSL	0:1239e9b70ca2	10686	int ret = -1;
wolfSSL	0:1239e9b70ca2	10687	CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
wolfSSL	0:1239e9b70ca2	10688
wolfSSL	0:1239e9b70ca2	10689	if (!session) {
wolfSSL	0:1239e9b70ca2	10690	CYASSL_MSG("Session lookup for resume failed");
wolfSSL	0:1239e9b70ca2	10691	ssl->options.resuming = 0;
wolfSSL	0:1239e9b70ca2	10692	}
wolfSSL	0:1239e9b70ca2	10693	else {
wolfSSL	0:1239e9b70ca2	10694	if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL	0:1239e9b70ca2	10695	CYASSL_MSG("Unsupported cipher suite, ClientHello");
wolfSSL	0:1239e9b70ca2	10696	return UNSUPPORTED_SUITE;
wolfSSL	0:1239e9b70ca2	10697	}
wolfSSL	0:1239e9b70ca2	10698	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	10699	ssl->session = session; / restore session certs. */
wolfSSL	0:1239e9b70ca2	10700	#endif
wolfSSL	0:1239e9b70ca2	10701
wolfSSL	0:1239e9b70ca2	10702	ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL	0:1239e9b70ca2	10703	RAN_LEN);
wolfSSL	0:1239e9b70ca2	10704	if (ret != 0)
wolfSSL	0:1239e9b70ca2	10705	return ret;
wolfSSL	0:1239e9b70ca2	10706
wolfSSL	0:1239e9b70ca2	10707	#ifdef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	10708	ret = DeriveTlsKeys(ssl);
wolfSSL	0:1239e9b70ca2	10709	#else
wolfSSL	0:1239e9b70ca2	10710	#ifndef NO_TLS
wolfSSL	0:1239e9b70ca2	10711	if (ssl->options.tls)
wolfSSL	0:1239e9b70ca2	10712	ret = DeriveTlsKeys(ssl);
wolfSSL	0:1239e9b70ca2	10713	#endif
wolfSSL	0:1239e9b70ca2	10714	if (!ssl->options.tls)
wolfSSL	0:1239e9b70ca2	10715	ret = DeriveKeys(ssl);
wolfSSL	0:1239e9b70ca2	10716	#endif
wolfSSL	0:1239e9b70ca2	10717	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	0:1239e9b70ca2	10718
wolfSSL	0:1239e9b70ca2	10719	return ret;
wolfSSL	0:1239e9b70ca2	10720	}
wolfSSL	0:1239e9b70ca2	10721	}
wolfSSL	0:1239e9b70ca2	10722	return MatchSuite(ssl, &clSuites);
wolfSSL	0:1239e9b70ca2	10723	}
wolfSSL	0:1239e9b70ca2	10724
wolfSSL	0:1239e9b70ca2	10725	#if !defined(NO_RSA) \|\| defined(HAVE_ECC)
wolfSSL	0:1239e9b70ca2	10726	static int DoCertificateVerify(CYASSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	10727	word32 size)
wolfSSL	0:1239e9b70ca2	10728	{
wolfSSL	0:1239e9b70ca2	10729	word16 sz = 0;
wolfSSL	0:1239e9b70ca2	10730	int ret = VERIFY_CERT_ERROR; /* start in error state */
wolfSSL	0:1239e9b70ca2	10731	byte hashAlgo = sha_mac;
wolfSSL	0:1239e9b70ca2	10732	byte sigAlgo = anonymous_sa_algo;
wolfSSL	0:1239e9b70ca2	10733	word32 begin = *inOutIdx;
wolfSSL	0:1239e9b70ca2	10734
wolfSSL	0:1239e9b70ca2	10735	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	10736	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	10737	AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	10738	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	10739	AddLateName("CertificateVerify", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	10740	#endif
wolfSSL	0:1239e9b70ca2	10741
wolfSSL	0:1239e9b70ca2	10742
wolfSSL	0:1239e9b70ca2	10743	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	10744	if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size)
wolfSSL	0:1239e9b70ca2	10745	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10746
wolfSSL	0:1239e9b70ca2	10747	hashAlgo = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	10748	sigAlgo = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	10749	}
wolfSSL	0:1239e9b70ca2	10750
wolfSSL	0:1239e9b70ca2	10751	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	10752	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10753
wolfSSL	0:1239e9b70ca2	10754	ato16(input + *inOutIdx, &sz);
wolfSSL	0:1239e9b70ca2	10755	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	10756
wolfSSL	0:1239e9b70ca2	10757	if ((*inOutIdx - begin) + sz > size \|\| sz > ENCRYPT_LEN)
wolfSSL	0:1239e9b70ca2	10758	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	10759
wolfSSL	0:1239e9b70ca2	10760	/* RSA */
wolfSSL	0:1239e9b70ca2	10761	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	10762	if (ssl->peerRsaKeyPresent != 0) {
wolfSSL	0:1239e9b70ca2	10763	byte* out = NULL;
wolfSSL	0:1239e9b70ca2	10764	int outLen = 0;
wolfSSL	0:1239e9b70ca2	10765	byte doUserRsa = 0;
wolfSSL	0:1239e9b70ca2	10766
wolfSSL	0:1239e9b70ca2	10767	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	10768	if (ssl->ctx->RsaVerifyCb)
wolfSSL	0:1239e9b70ca2	10769	doUserRsa = 1;
wolfSSL	0:1239e9b70ca2	10770	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	10771
wolfSSL	0:1239e9b70ca2	10772	CYASSL_MSG("Doing RSA peer cert verify");
wolfSSL	0:1239e9b70ca2	10773
wolfSSL	0:1239e9b70ca2	10774	if (doUserRsa) {
wolfSSL	0:1239e9b70ca2	10775	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	10776	outLen = ssl->ctx->RsaVerifyCb(ssl, input + *inOutIdx, sz,
wolfSSL	0:1239e9b70ca2	10777	&out,
wolfSSL	0:1239e9b70ca2	10778	ssl->buffers.peerRsaKey.buffer,
wolfSSL	0:1239e9b70ca2	10779	ssl->buffers.peerRsaKey.length,
wolfSSL	0:1239e9b70ca2	10780	ssl->RsaVerifyCtx);
wolfSSL	0:1239e9b70ca2	10781	#endif /HAVE_PK_CALLBACKS /
wolfSSL	0:1239e9b70ca2	10782	}
wolfSSL	0:1239e9b70ca2	10783	else {
wolfSSL	0:1239e9b70ca2	10784	outLen = RsaSSL_VerifyInline(input + *inOutIdx, sz, &out,
wolfSSL	0:1239e9b70ca2	10785	ssl->peerRsaKey);
wolfSSL	0:1239e9b70ca2	10786	}
wolfSSL	0:1239e9b70ca2	10787
wolfSSL	0:1239e9b70ca2	10788	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	10789	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	0:1239e9b70ca2	10790	word32 sigSz;
wolfSSL	0:1239e9b70ca2	10791	byte* digest = ssl->certHashes.sha;
wolfSSL	0:1239e9b70ca2	10792	int typeH = SHAh;
wolfSSL	0:1239e9b70ca2	10793	int digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	10794
wolfSSL	0:1239e9b70ca2	10795	if (sigAlgo != rsa_sa_algo) {
wolfSSL	0:1239e9b70ca2	10796	CYASSL_MSG("Oops, peer sent RSA key but not in verify");
wolfSSL	0:1239e9b70ca2	10797	}
wolfSSL	0:1239e9b70ca2	10798
wolfSSL	0:1239e9b70ca2	10799	if (hashAlgo == sha256_mac) {
wolfSSL	0:1239e9b70ca2	10800	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	10801	digest = ssl->certHashes.sha256;
wolfSSL	0:1239e9b70ca2	10802	typeH = SHA256h;
wolfSSL	0:1239e9b70ca2	10803	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	10804	#endif
wolfSSL	0:1239e9b70ca2	10805	}
wolfSSL	0:1239e9b70ca2	10806	else if (hashAlgo == sha384_mac) {
wolfSSL	0:1239e9b70ca2	10807	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	10808	digest = ssl->certHashes.sha384;
wolfSSL	0:1239e9b70ca2	10809	typeH = SHA384h;
wolfSSL	0:1239e9b70ca2	10810	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	10811	#endif
wolfSSL	0:1239e9b70ca2	10812	}
wolfSSL	0:1239e9b70ca2	10813
wolfSSL	0:1239e9b70ca2	10814	sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
wolfSSL	0:1239e9b70ca2	10815
wolfSSL	0:1239e9b70ca2	10816	if (outLen == (int)sigSz && out && XMEMCMP(out, encodedSig,
wolfSSL	0:1239e9b70ca2	10817	min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
wolfSSL	0:1239e9b70ca2	10818	ret = 0; /* verified */
wolfSSL	0:1239e9b70ca2	10819	}
wolfSSL	0:1239e9b70ca2	10820	else {
wolfSSL	0:1239e9b70ca2	10821	if (outLen == FINISHED_SZ && out && XMEMCMP(out,
wolfSSL	0:1239e9b70ca2	10822	&ssl->certHashes, FINISHED_SZ) == 0)
wolfSSL	0:1239e9b70ca2	10823	ret = 0; /* verified */
wolfSSL	0:1239e9b70ca2	10824	}
wolfSSL	0:1239e9b70ca2	10825	}
wolfSSL	0:1239e9b70ca2	10826	#endif
wolfSSL	0:1239e9b70ca2	10827	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	10828	if (ssl->peerEccDsaKeyPresent) {
wolfSSL	0:1239e9b70ca2	10829	int verify = 0;
wolfSSL	0:1239e9b70ca2	10830	int err = -1;
wolfSSL	0:1239e9b70ca2	10831	byte* digest = ssl->certHashes.sha;
wolfSSL	0:1239e9b70ca2	10832	word32 digestSz = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	10833	byte doUserEcc = 0;
wolfSSL	0:1239e9b70ca2	10834
wolfSSL	0:1239e9b70ca2	10835	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	10836	if (ssl->ctx->EccVerifyCb)
wolfSSL	0:1239e9b70ca2	10837	doUserEcc = 1;
wolfSSL	0:1239e9b70ca2	10838	#endif
wolfSSL	0:1239e9b70ca2	10839
wolfSSL	0:1239e9b70ca2	10840	CYASSL_MSG("Doing ECC peer cert verify");
wolfSSL	0:1239e9b70ca2	10841
wolfSSL	0:1239e9b70ca2	10842	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	10843	if (sigAlgo != ecc_dsa_sa_algo) {
wolfSSL	0:1239e9b70ca2	10844	CYASSL_MSG("Oops, peer sent ECC key but not in verify");
wolfSSL	0:1239e9b70ca2	10845	}
wolfSSL	0:1239e9b70ca2	10846
wolfSSL	0:1239e9b70ca2	10847	if (hashAlgo == sha256_mac) {
wolfSSL	0:1239e9b70ca2	10848	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	10849	digest = ssl->certHashes.sha256;
wolfSSL	0:1239e9b70ca2	10850	digestSz = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	10851	#endif
wolfSSL	0:1239e9b70ca2	10852	}
wolfSSL	0:1239e9b70ca2	10853	else if (hashAlgo == sha384_mac) {
wolfSSL	0:1239e9b70ca2	10854	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	10855	digest = ssl->certHashes.sha384;
wolfSSL	0:1239e9b70ca2	10856	digestSz = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	10857	#endif
wolfSSL	0:1239e9b70ca2	10858	}
wolfSSL	0:1239e9b70ca2	10859	}
wolfSSL	0:1239e9b70ca2	10860
wolfSSL	0:1239e9b70ca2	10861	if (doUserEcc) {
wolfSSL	0:1239e9b70ca2	10862	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	10863	ret = ssl->ctx->EccVerifyCb(ssl, input + *inOutIdx, sz, digest,
wolfSSL	0:1239e9b70ca2	10864	digestSz,
wolfSSL	0:1239e9b70ca2	10865	ssl->buffers.peerEccDsaKey.buffer,
wolfSSL	0:1239e9b70ca2	10866	ssl->buffers.peerEccDsaKey.length,
wolfSSL	0:1239e9b70ca2	10867	&verify, ssl->EccVerifyCtx);
wolfSSL	0:1239e9b70ca2	10868	#endif
wolfSSL	0:1239e9b70ca2	10869	}
wolfSSL	0:1239e9b70ca2	10870	else {
wolfSSL	0:1239e9b70ca2	10871	err = ecc_verify_hash(input + *inOutIdx, sz, digest, digestSz,
wolfSSL	0:1239e9b70ca2	10872	&verify, ssl->peerEccDsaKey);
wolfSSL	0:1239e9b70ca2	10873	}
wolfSSL	0:1239e9b70ca2	10874
wolfSSL	0:1239e9b70ca2	10875	if (err == 0 && verify == 1)
wolfSSL	0:1239e9b70ca2	10876	ret = 0; /* verified */
wolfSSL	0:1239e9b70ca2	10877	}
wolfSSL	0:1239e9b70ca2	10878	#endif
wolfSSL	0:1239e9b70ca2	10879	*inOutIdx += sz;
wolfSSL	0:1239e9b70ca2	10880
wolfSSL	0:1239e9b70ca2	10881	if (ret == 0)
wolfSSL	0:1239e9b70ca2	10882	ssl->options.havePeerVerify = 1;
wolfSSL	0:1239e9b70ca2	10883
wolfSSL	0:1239e9b70ca2	10884	return ret;
wolfSSL	0:1239e9b70ca2	10885	}
wolfSSL	0:1239e9b70ca2	10886	#endif /* !NO_RSA \|\| HAVE_ECC */
wolfSSL	0:1239e9b70ca2	10887
wolfSSL	0:1239e9b70ca2	10888	int SendServerHelloDone(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	10889	{
wolfSSL	0:1239e9b70ca2	10890	byte *output;
wolfSSL	0:1239e9b70ca2	10891	int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	10892	int ret;
wolfSSL	0:1239e9b70ca2	10893
wolfSSL	0:1239e9b70ca2	10894	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	10895	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	10896	sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL	0:1239e9b70ca2	10897	#endif
wolfSSL	0:1239e9b70ca2	10898	/* check for available size */
wolfSSL	0:1239e9b70ca2	10899	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	10900	return ret;
wolfSSL	0:1239e9b70ca2	10901
wolfSSL	0:1239e9b70ca2	10902	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	10903	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	10904	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	10905
wolfSSL	0:1239e9b70ca2	10906	AddHeaders(output, 0, server_hello_done, ssl);
wolfSSL	0:1239e9b70ca2	10907
wolfSSL	0:1239e9b70ca2	10908	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	10909	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	10910	if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	10911	return 0;
wolfSSL	0:1239e9b70ca2	10912	}
wolfSSL	0:1239e9b70ca2	10913	#endif
wolfSSL	0:1239e9b70ca2	10914
wolfSSL	0:1239e9b70ca2	10915	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	10916	if (ret != 0)
wolfSSL	0:1239e9b70ca2	10917	return ret;
wolfSSL	0:1239e9b70ca2	10918
wolfSSL	0:1239e9b70ca2	10919	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	10920	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	10921	AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	10922	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	10923	AddPacketInfo("ServerHelloDone", &ssl->timeoutInfo, output, sendSz,
wolfSSL	0:1239e9b70ca2	10924	ssl->heap);
wolfSSL	0:1239e9b70ca2	10925	#endif
wolfSSL	0:1239e9b70ca2	10926	ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL	0:1239e9b70ca2	10927
wolfSSL	0:1239e9b70ca2	10928	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	10929
wolfSSL	0:1239e9b70ca2	10930	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	10931	}
wolfSSL	0:1239e9b70ca2	10932
wolfSSL	0:1239e9b70ca2	10933	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	10934	int SendHelloVerifyRequest(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	10935	{
wolfSSL	0:1239e9b70ca2	10936	byte* output;
wolfSSL	0:1239e9b70ca2	10937	byte cookieSz = COOKIE_SZ;
wolfSSL	0:1239e9b70ca2	10938	int length = VERSION_SZ + ENUM_LEN + cookieSz;
wolfSSL	0:1239e9b70ca2	10939	int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	10940	int sendSz = length + idx;
wolfSSL	0:1239e9b70ca2	10941	int ret;
wolfSSL	0:1239e9b70ca2	10942
wolfSSL	0:1239e9b70ca2	10943	/* check for available size */
wolfSSL	0:1239e9b70ca2	10944	if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL	0:1239e9b70ca2	10945	return ret;
wolfSSL	0:1239e9b70ca2	10946
wolfSSL	0:1239e9b70ca2	10947	/* get ouput buffer */
wolfSSL	0:1239e9b70ca2	10948	output = ssl->buffers.outputBuffer.buffer +
wolfSSL	0:1239e9b70ca2	10949	ssl->buffers.outputBuffer.length;
wolfSSL	0:1239e9b70ca2	10950
wolfSSL	0:1239e9b70ca2	10951	AddHeaders(output, length, hello_verify_request, ssl);
wolfSSL	0:1239e9b70ca2	10952
wolfSSL	0:1239e9b70ca2	10953	output[idx++] = ssl->chVersion.major;
wolfSSL	0:1239e9b70ca2	10954	output[idx++] = ssl->chVersion.minor;
wolfSSL	0:1239e9b70ca2	10955
wolfSSL	0:1239e9b70ca2	10956	output[idx++] = cookieSz;
wolfSSL	0:1239e9b70ca2	10957	if (ssl->ctx->CBIOCookie == NULL) {
wolfSSL	0:1239e9b70ca2	10958	CYASSL_MSG("Your Cookie callback is null, please set");
wolfSSL	0:1239e9b70ca2	10959	return COOKIE_ERROR;
wolfSSL	0:1239e9b70ca2	10960	}
wolfSSL	0:1239e9b70ca2	10961	if ((ret = ssl->ctx->CBIOCookie(ssl, output + idx, cookieSz,
wolfSSL	0:1239e9b70ca2	10962	ssl->IOCB_CookieCtx)) < 0)
wolfSSL	0:1239e9b70ca2	10963	return ret;
wolfSSL	0:1239e9b70ca2	10964
wolfSSL	0:1239e9b70ca2	10965	ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL	0:1239e9b70ca2	10966	if (ret != 0)
wolfSSL	0:1239e9b70ca2	10967	return ret;
wolfSSL	0:1239e9b70ca2	10968
wolfSSL	0:1239e9b70ca2	10969	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	10970	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	10971	AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	10972	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	10973	AddPacketInfo("HelloVerifyRequest", &ssl->timeoutInfo, output,
wolfSSL	0:1239e9b70ca2	10974	sendSz, ssl->heap);
wolfSSL	0:1239e9b70ca2	10975	#endif
wolfSSL	0:1239e9b70ca2	10976	ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL	0:1239e9b70ca2	10977
wolfSSL	0:1239e9b70ca2	10978	ssl->buffers.outputBuffer.length += sendSz;
wolfSSL	0:1239e9b70ca2	10979
wolfSSL	0:1239e9b70ca2	10980	return SendBuffered(ssl);
wolfSSL	0:1239e9b70ca2	10981	}
wolfSSL	0:1239e9b70ca2	10982	#endif
wolfSSL	0:1239e9b70ca2	10983
wolfSSL	0:1239e9b70ca2	10984	static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32* inOutIdx,
wolfSSL	0:1239e9b70ca2	10985	word32 size)
wolfSSL	0:1239e9b70ca2	10986	{
wolfSSL	0:1239e9b70ca2	10987	int ret = 0;
wolfSSL	0:1239e9b70ca2	10988	word32 length = 0;
wolfSSL	0:1239e9b70ca2	10989	byte* out = NULL;
wolfSSL	0:1239e9b70ca2	10990	word32 begin = *inOutIdx;
wolfSSL	0:1239e9b70ca2	10991
wolfSSL	0:1239e9b70ca2	10992	(void)length; /* shut up compiler warnings */
wolfSSL	0:1239e9b70ca2	10993	(void)out;
wolfSSL	0:1239e9b70ca2	10994	(void)input;
wolfSSL	0:1239e9b70ca2	10995	(void)size;
wolfSSL	0:1239e9b70ca2	10996
wolfSSL	0:1239e9b70ca2	10997	if (ssl->options.side != CYASSL_SERVER_END) {
wolfSSL	0:1239e9b70ca2	10998	CYASSL_MSG("Client received client keyexchange, attack?");
wolfSSL	0:1239e9b70ca2	10999	CYASSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL	0:1239e9b70ca2	11000	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	11001	}
wolfSSL	0:1239e9b70ca2	11002
wolfSSL	0:1239e9b70ca2	11003	if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
wolfSSL	0:1239e9b70ca2	11004	CYASSL_MSG("Client sending keyexchange at wrong time");
wolfSSL	0:1239e9b70ca2	11005	SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL	0:1239e9b70ca2	11006	return OUT_OF_ORDER_E;
wolfSSL	0:1239e9b70ca2	11007	}
wolfSSL	0:1239e9b70ca2	11008
wolfSSL	0:1239e9b70ca2	11009	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	11010	if (ssl->options.verifyPeer && ssl->options.failNoCert)
wolfSSL	0:1239e9b70ca2	11011	if (!ssl->options.havePeerCert) {
wolfSSL	0:1239e9b70ca2	11012	CYASSL_MSG("client didn't present peer cert");
wolfSSL	0:1239e9b70ca2	11013	return NO_PEER_CERT;
wolfSSL	0:1239e9b70ca2	11014	}
wolfSSL	0:1239e9b70ca2	11015	#endif
wolfSSL	0:1239e9b70ca2	11016
wolfSSL	0:1239e9b70ca2	11017	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	11018	if (ssl->hsInfoOn)
wolfSSL	0:1239e9b70ca2	11019	AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	11020	if (ssl->toInfoOn)
wolfSSL	0:1239e9b70ca2	11021	AddLateName("ClientKeyExchange", &ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	11022	#endif
wolfSSL	0:1239e9b70ca2	11023
wolfSSL	0:1239e9b70ca2	11024	switch (ssl->specs.kea) {
wolfSSL	0:1239e9b70ca2	11025	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	11026	case rsa_kea:
wolfSSL	0:1239e9b70ca2	11027	{
wolfSSL	0:1239e9b70ca2	11028	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	11029	RsaKey key;
wolfSSL	0:1239e9b70ca2	11030	byte doUserRsa = 0;
wolfSSL	0:1239e9b70ca2	11031
wolfSSL	0:1239e9b70ca2	11032	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	11033	if (ssl->ctx->RsaDecCb)
wolfSSL	0:1239e9b70ca2	11034	doUserRsa = 1;
wolfSSL	0:1239e9b70ca2	11035	#endif
wolfSSL	0:1239e9b70ca2	11036
wolfSSL	0:1239e9b70ca2	11037	ret = InitRsaKey(&key, ssl->heap);
wolfSSL	0:1239e9b70ca2	11038	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	11039
wolfSSL	0:1239e9b70ca2	11040	if (ssl->buffers.key.buffer)
wolfSSL	0:1239e9b70ca2	11041	ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx,
wolfSSL	0:1239e9b70ca2	11042	&key, ssl->buffers.key.length);
wolfSSL	0:1239e9b70ca2	11043	else
wolfSSL	0:1239e9b70ca2	11044	return NO_PRIVATE_KEY;
wolfSSL	0:1239e9b70ca2	11045
wolfSSL	0:1239e9b70ca2	11046	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	11047	length = RsaEncryptSize(&key);
wolfSSL	0:1239e9b70ca2	11048	ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL	0:1239e9b70ca2	11049
wolfSSL	0:1239e9b70ca2	11050	if (ssl->options.tls) {
wolfSSL	0:1239e9b70ca2	11051	word16 check;
wolfSSL	0:1239e9b70ca2	11052
wolfSSL	0:1239e9b70ca2	11053	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	11054	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11055
wolfSSL	0:1239e9b70ca2	11056	ato16(input + *inOutIdx, &check);
wolfSSL	0:1239e9b70ca2	11057	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	11058
wolfSSL	0:1239e9b70ca2	11059	if ((word32) check != length) {
wolfSSL	0:1239e9b70ca2	11060	CYASSL_MSG("RSA explicit size doesn't match");
wolfSSL	0:1239e9b70ca2	11061	FreeRsaKey(&key);
wolfSSL	0:1239e9b70ca2	11062	return RSA_PRIVATE_ERROR;
wolfSSL	0:1239e9b70ca2	11063	}
wolfSSL	0:1239e9b70ca2	11064	}
wolfSSL	0:1239e9b70ca2	11065
wolfSSL	0:1239e9b70ca2	11066	if ((*inOutIdx - begin) + length > size) {
wolfSSL	0:1239e9b70ca2	11067	CYASSL_MSG("RSA message too big");
wolfSSL	0:1239e9b70ca2	11068	FreeRsaKey(&key);
wolfSSL	0:1239e9b70ca2	11069	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11070	}
wolfSSL	0:1239e9b70ca2	11071
wolfSSL	0:1239e9b70ca2	11072	if (doUserRsa) {
wolfSSL	0:1239e9b70ca2	11073	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	11074	ret = ssl->ctx->RsaDecCb(ssl,
wolfSSL	0:1239e9b70ca2	11075	input + *inOutIdx, length, &out,
wolfSSL	0:1239e9b70ca2	11076	ssl->buffers.key.buffer,
wolfSSL	0:1239e9b70ca2	11077	ssl->buffers.key.length,
wolfSSL	0:1239e9b70ca2	11078	ssl->RsaDecCtx);
wolfSSL	0:1239e9b70ca2	11079	#endif
wolfSSL	0:1239e9b70ca2	11080	}
wolfSSL	0:1239e9b70ca2	11081	else {
wolfSSL	0:1239e9b70ca2	11082	ret = RsaPrivateDecryptInline(input + *inOutIdx, length,
wolfSSL	0:1239e9b70ca2	11083	&out, &key);
wolfSSL	0:1239e9b70ca2	11084	}
wolfSSL	0:1239e9b70ca2	11085
wolfSSL	0:1239e9b70ca2	11086	*inOutIdx += length;
wolfSSL	0:1239e9b70ca2	11087
wolfSSL	0:1239e9b70ca2	11088	if (ret == SECRET_LEN) {
wolfSSL	0:1239e9b70ca2	11089	XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	11090	if (ssl->arrays->preMasterSecret[0] !=
wolfSSL	0:1239e9b70ca2	11091	ssl->chVersion.major
wolfSSL	0:1239e9b70ca2	11092	\|\| ssl->arrays->preMasterSecret[1] !=
wolfSSL	0:1239e9b70ca2	11093	ssl->chVersion.minor)
wolfSSL	0:1239e9b70ca2	11094	ret = PMS_VERSION_ERROR;
wolfSSL	0:1239e9b70ca2	11095	else
wolfSSL	0:1239e9b70ca2	11096	ret = MakeMasterSecret(ssl);
wolfSSL	0:1239e9b70ca2	11097	}
wolfSSL	0:1239e9b70ca2	11098	else {
wolfSSL	0:1239e9b70ca2	11099	ret = RSA_PRIVATE_ERROR;
wolfSSL	0:1239e9b70ca2	11100	}
wolfSSL	0:1239e9b70ca2	11101	}
wolfSSL	0:1239e9b70ca2	11102
wolfSSL	0:1239e9b70ca2	11103	FreeRsaKey(&key);
wolfSSL	0:1239e9b70ca2	11104	}
wolfSSL	0:1239e9b70ca2	11105	break;
wolfSSL	0:1239e9b70ca2	11106	#endif
wolfSSL	0:1239e9b70ca2	11107	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	11108	case psk_kea:
wolfSSL	0:1239e9b70ca2	11109	{
wolfSSL	0:1239e9b70ca2	11110	byte* pms = ssl->arrays->preMasterSecret;
wolfSSL	0:1239e9b70ca2	11111	word16 ci_sz;
wolfSSL	0:1239e9b70ca2	11112
wolfSSL	0:1239e9b70ca2	11113	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	11114	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11115
wolfSSL	0:1239e9b70ca2	11116	ato16(input + *inOutIdx, &ci_sz);
wolfSSL	0:1239e9b70ca2	11117	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	11118
wolfSSL	0:1239e9b70ca2	11119	if (ci_sz > MAX_PSK_ID_LEN)
wolfSSL	0:1239e9b70ca2	11120	return CLIENT_ID_ERROR;
wolfSSL	0:1239e9b70ca2	11121
wolfSSL	0:1239e9b70ca2	11122	if ((*inOutIdx - begin) + ci_sz > size)
wolfSSL	0:1239e9b70ca2	11123	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11124
wolfSSL	0:1239e9b70ca2	11125	XMEMCPY(ssl->arrays->client_identity, input + *inOutIdx, ci_sz);
wolfSSL	0:1239e9b70ca2	11126	*inOutIdx += ci_sz;
wolfSSL	0:1239e9b70ca2	11127
wolfSSL	0:1239e9b70ca2	11128	ssl->arrays->client_identity[min(ci_sz, MAX_PSK_ID_LEN-1)] = 0;
wolfSSL	0:1239e9b70ca2	11129	ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL	0:1239e9b70ca2	11130	ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL	0:1239e9b70ca2	11131	MAX_PSK_KEY_LEN);
wolfSSL	0:1239e9b70ca2	11132
wolfSSL	0:1239e9b70ca2	11133	if (ssl->arrays->psk_keySz == 0 \|\|
wolfSSL	0:1239e9b70ca2	11134	ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
wolfSSL	0:1239e9b70ca2	11135	return PSK_KEY_ERROR;
wolfSSL	0:1239e9b70ca2	11136
wolfSSL	0:1239e9b70ca2	11137	/* make psk pre master secret */
wolfSSL	0:1239e9b70ca2	11138	/* length of key + length 0s + length of key + key */
wolfSSL	0:1239e9b70ca2	11139	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	0:1239e9b70ca2	11140	pms += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	11141
wolfSSL	0:1239e9b70ca2	11142	XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL	0:1239e9b70ca2	11143	pms += ssl->arrays->psk_keySz;
wolfSSL	0:1239e9b70ca2	11144
wolfSSL	0:1239e9b70ca2	11145	c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL	0:1239e9b70ca2	11146	pms += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	11147
wolfSSL	0:1239e9b70ca2	11148	XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL	0:1239e9b70ca2	11149	ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
wolfSSL	0:1239e9b70ca2	11150
wolfSSL	0:1239e9b70ca2	11151	ret = MakeMasterSecret(ssl);
wolfSSL	0:1239e9b70ca2	11152
wolfSSL	0:1239e9b70ca2	11153	/* No further need for PSK */
wolfSSL	0:1239e9b70ca2	11154	XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
wolfSSL	0:1239e9b70ca2	11155	ssl->arrays->psk_keySz = 0;
wolfSSL	0:1239e9b70ca2	11156	}
wolfSSL	0:1239e9b70ca2	11157	break;
wolfSSL	0:1239e9b70ca2	11158	#endif /* NO_PSK */
wolfSSL	0:1239e9b70ca2	11159	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	11160	case ntru_kea:
wolfSSL	0:1239e9b70ca2	11161	{
wolfSSL	0:1239e9b70ca2	11162	word16 cipherLen;
wolfSSL	0:1239e9b70ca2	11163	word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
wolfSSL	0:1239e9b70ca2	11164
wolfSSL	0:1239e9b70ca2	11165	if (!ssl->buffers.key.buffer)
wolfSSL	0:1239e9b70ca2	11166	return NO_PRIVATE_KEY;
wolfSSL	0:1239e9b70ca2	11167
wolfSSL	0:1239e9b70ca2	11168	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	11169	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11170
wolfSSL	0:1239e9b70ca2	11171	ato16(input + *inOutIdx, &cipherLen);
wolfSSL	0:1239e9b70ca2	11172	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	11173
wolfSSL	0:1239e9b70ca2	11174	if (cipherLen > MAX_NTRU_ENCRYPT_SZ)
wolfSSL	0:1239e9b70ca2	11175	return NTRU_KEY_ERROR;
wolfSSL	0:1239e9b70ca2	11176
wolfSSL	0:1239e9b70ca2	11177	if ((*inOutIdx - begin) + cipherLen > size)
wolfSSL	0:1239e9b70ca2	11178	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11179
wolfSSL	0:1239e9b70ca2	11180	if (NTRU_OK != crypto_ntru_decrypt(
wolfSSL	0:1239e9b70ca2	11181	(word16) ssl->buffers.key.length,
wolfSSL	0:1239e9b70ca2	11182	ssl->buffers.key.buffer, cipherLen,
wolfSSL	0:1239e9b70ca2	11183	input + *inOutIdx, &plainLen,
wolfSSL	0:1239e9b70ca2	11184	ssl->arrays->preMasterSecret))
wolfSSL	0:1239e9b70ca2	11185	return NTRU_DECRYPT_ERROR;
wolfSSL	0:1239e9b70ca2	11186
wolfSSL	0:1239e9b70ca2	11187	if (plainLen != SECRET_LEN)
wolfSSL	0:1239e9b70ca2	11188	return NTRU_DECRYPT_ERROR;
wolfSSL	0:1239e9b70ca2	11189
wolfSSL	0:1239e9b70ca2	11190	*inOutIdx += cipherLen;
wolfSSL	0:1239e9b70ca2	11191
wolfSSL	0:1239e9b70ca2	11192	ssl->arrays->preMasterSz = plainLen;
wolfSSL	0:1239e9b70ca2	11193	ret = MakeMasterSecret(ssl);
wolfSSL	0:1239e9b70ca2	11194	}
wolfSSL	0:1239e9b70ca2	11195	break;
wolfSSL	0:1239e9b70ca2	11196	#endif /* HAVE_NTRU */
wolfSSL	0:1239e9b70ca2	11197	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	11198	case ecc_diffie_hellman_kea:
wolfSSL	0:1239e9b70ca2	11199	{
wolfSSL	0:1239e9b70ca2	11200	if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
wolfSSL	0:1239e9b70ca2	11201	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11202
wolfSSL	0:1239e9b70ca2	11203	length = input[(*inOutIdx)++];
wolfSSL	0:1239e9b70ca2	11204
wolfSSL	0:1239e9b70ca2	11205	if ((*inOutIdx - begin) + length > size)
wolfSSL	0:1239e9b70ca2	11206	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11207
wolfSSL	0:1239e9b70ca2	11208	if (ecc_import_x963(input + *inOutIdx, length, ssl->peerEccKey))
wolfSSL	0:1239e9b70ca2	11209	return ECC_PEERKEY_ERROR;
wolfSSL	0:1239e9b70ca2	11210
wolfSSL	0:1239e9b70ca2	11211	*inOutIdx += length;
wolfSSL	0:1239e9b70ca2	11212	ssl->peerEccKeyPresent = 1;
wolfSSL	0:1239e9b70ca2	11213
wolfSSL	0:1239e9b70ca2	11214	length = sizeof(ssl->arrays->preMasterSecret);
wolfSSL	0:1239e9b70ca2	11215
wolfSSL	0:1239e9b70ca2	11216	if (ssl->specs.static_ecdh) {
wolfSSL	0:1239e9b70ca2	11217	ecc_key staticKey;
wolfSSL	0:1239e9b70ca2	11218	word32 i = 0;
wolfSSL	0:1239e9b70ca2	11219
wolfSSL	0:1239e9b70ca2	11220	ecc_init(&staticKey);
wolfSSL	0:1239e9b70ca2	11221	ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
wolfSSL	0:1239e9b70ca2	11222	&staticKey, ssl->buffers.key.length);
wolfSSL	0:1239e9b70ca2	11223
wolfSSL	0:1239e9b70ca2	11224	if (ret == 0)
wolfSSL	0:1239e9b70ca2	11225	ret = ecc_shared_secret(&staticKey, ssl->peerEccKey,
wolfSSL	0:1239e9b70ca2	11226	ssl->arrays->preMasterSecret, &length);
wolfSSL	0:1239e9b70ca2	11227
wolfSSL	0:1239e9b70ca2	11228	ecc_free(&staticKey);
wolfSSL	0:1239e9b70ca2	11229	}
wolfSSL	0:1239e9b70ca2	11230	else
wolfSSL	0:1239e9b70ca2	11231	ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey,
wolfSSL	0:1239e9b70ca2	11232	ssl->arrays->preMasterSecret, &length);
wolfSSL	0:1239e9b70ca2	11233
wolfSSL	0:1239e9b70ca2	11234	if (ret != 0)
wolfSSL	0:1239e9b70ca2	11235	return ECC_SHARED_ERROR;
wolfSSL	0:1239e9b70ca2	11236
wolfSSL	0:1239e9b70ca2	11237	ssl->arrays->preMasterSz = length;
wolfSSL	0:1239e9b70ca2	11238	ret = MakeMasterSecret(ssl);
wolfSSL	0:1239e9b70ca2	11239	}
wolfSSL	0:1239e9b70ca2	11240	break;
wolfSSL	0:1239e9b70ca2	11241	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	11242	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	11243	case diffie_hellman_kea:
wolfSSL	0:1239e9b70ca2	11244	{
wolfSSL	0:1239e9b70ca2	11245	word16 clientPubSz;
wolfSSL	0:1239e9b70ca2	11246	DhKey dhKey;
wolfSSL	0:1239e9b70ca2	11247
wolfSSL	0:1239e9b70ca2	11248	if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL	0:1239e9b70ca2	11249	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11250
wolfSSL	0:1239e9b70ca2	11251	ato16(input + *inOutIdx, &clientPubSz);
wolfSSL	0:1239e9b70ca2	11252	*inOutIdx += OPAQUE16_LEN;
wolfSSL	0:1239e9b70ca2	11253
wolfSSL	0:1239e9b70ca2	11254	if ((*inOutIdx - begin) + clientPubSz > size)
wolfSSL	0:1239e9b70ca2	11255	return BUFFER_ERROR;
wolfSSL	0:1239e9b70ca2	11256
wolfSSL	0:1239e9b70ca2	11257	InitDhKey(&dhKey);
wolfSSL	0:1239e9b70ca2	11258	ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
wolfSSL	0:1239e9b70ca2	11259	ssl->buffers.serverDH_P.length,
wolfSSL	0:1239e9b70ca2	11260	ssl->buffers.serverDH_G.buffer,
wolfSSL	0:1239e9b70ca2	11261	ssl->buffers.serverDH_G.length);
wolfSSL	0:1239e9b70ca2	11262	if (ret == 0)
wolfSSL	0:1239e9b70ca2	11263	ret = DhAgree(&dhKey, ssl->arrays->preMasterSecret,
wolfSSL	0:1239e9b70ca2	11264	&ssl->arrays->preMasterSz,
wolfSSL	0:1239e9b70ca2	11265	ssl->buffers.serverDH_Priv.buffer,
wolfSSL	0:1239e9b70ca2	11266	ssl->buffers.serverDH_Priv.length,
wolfSSL	0:1239e9b70ca2	11267	input + *inOutIdx, clientPubSz);
wolfSSL	0:1239e9b70ca2	11268	FreeDhKey(&dhKey);
wolfSSL	0:1239e9b70ca2	11269
wolfSSL	0:1239e9b70ca2	11270	*inOutIdx += clientPubSz;
wolfSSL	0:1239e9b70ca2	11271
wolfSSL	0:1239e9b70ca2	11272	if (ret == 0)
wolfSSL	0:1239e9b70ca2	11273	ret = MakeMasterSecret(ssl);
wolfSSL	0:1239e9b70ca2	11274	}
wolfSSL	0:1239e9b70ca2	11275	break;
wolfSSL	0:1239e9b70ca2	11276	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	11277	default:
wolfSSL	0:1239e9b70ca2	11278	{
wolfSSL	0:1239e9b70ca2	11279	CYASSL_MSG("Bad kea type");
wolfSSL	0:1239e9b70ca2	11280	ret = BAD_KEA_TYPE_E;
wolfSSL	0:1239e9b70ca2	11281	}
wolfSSL	0:1239e9b70ca2	11282	break;
wolfSSL	0:1239e9b70ca2	11283	}
wolfSSL	0:1239e9b70ca2	11284
wolfSSL	0:1239e9b70ca2	11285	/* No further need for PMS */
wolfSSL	0:1239e9b70ca2	11286	XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
wolfSSL	0:1239e9b70ca2	11287	ssl->arrays->preMasterSz = 0;
wolfSSL	0:1239e9b70ca2	11288
wolfSSL	0:1239e9b70ca2	11289	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	11290	ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL	0:1239e9b70ca2	11291	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	11292	if (ssl->options.verifyPeer)
wolfSSL	0:1239e9b70ca2	11293	ret = BuildCertHashes(ssl, &ssl->certHashes);
wolfSSL	0:1239e9b70ca2	11294	#endif
wolfSSL	0:1239e9b70ca2	11295	}
wolfSSL	0:1239e9b70ca2	11296
wolfSSL	0:1239e9b70ca2	11297	return ret;
wolfSSL	0:1239e9b70ca2	11298	}
wolfSSL	0:1239e9b70ca2	11299
wolfSSL	0:1239e9b70ca2	11300	#endif /* NO_CYASSL_SERVER */
wolfSSL	0:1239e9b70ca2	11301

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	03 Mar 2015
Imports:	2
Forks:	0
Commits:	5
Dependents:	1
Dependencies:	0
Followers:	2

src/internal.c@4:28ac50e1d49c, 2015-03-03 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning