CyaSSL - Fork of CyaSSL for my specific settings

Users » d0773d » Code » CyaSSL

Fork of CyaSSL for my specific settings

src/ssl.c@4:28ac50e1d49c, 2015-03-03 (annotated)

Committer:: d0773d
Date:: Tue Mar 03 22:52:52 2015 +0000
Revision:: 4:28ac50e1d49c
Parent:: 0:1239e9b70ca2

CyaSSL example

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	0:1239e9b70ca2	1	/* ssl.c
wolfSSL	0:1239e9b70ca2	2	*
wolfSSL	0:1239e9b70ca2	3	* Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL	0:1239e9b70ca2	4	*
wolfSSL	0:1239e9b70ca2	5	* This file is part of CyaSSL.
wolfSSL	0:1239e9b70ca2	6	*
wolfSSL	0:1239e9b70ca2	7	* CyaSSL is free software; you can redistribute it and/or modify
wolfSSL	0:1239e9b70ca2	8	* it under the terms of the GNU General Public License as published by
wolfSSL	0:1239e9b70ca2	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	0:1239e9b70ca2	10	* (at your option) any later version.
wolfSSL	0:1239e9b70ca2	11	*
wolfSSL	0:1239e9b70ca2	12	* CyaSSL is distributed in the hope that it will be useful,
wolfSSL	0:1239e9b70ca2	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	0:1239e9b70ca2	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	0:1239e9b70ca2	15	* GNU General Public License for more details.
wolfSSL	0:1239e9b70ca2	16	*
wolfSSL	0:1239e9b70ca2	17	* You should have received a copy of the GNU General Public License
wolfSSL	0:1239e9b70ca2	18	* along with this program; if not, write to the Free Software
wolfSSL	0:1239e9b70ca2	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL	0:1239e9b70ca2	20	*/
wolfSSL	0:1239e9b70ca2	21
wolfSSL	0:1239e9b70ca2	22	#ifdef HAVE_CONFIG_H
wolfSSL	0:1239e9b70ca2	23	#include <config.h>
wolfSSL	0:1239e9b70ca2	24	#endif
wolfSSL	0:1239e9b70ca2	25
wolfSSL	0:1239e9b70ca2	26	#include <cyassl/ctaocrypt/settings.h>
wolfSSL	0:1239e9b70ca2	27
wolfSSL	0:1239e9b70ca2	28	#ifdef HAVE_ERRNO_H
wolfSSL	0:1239e9b70ca2	29	#include <errno.h>
wolfSSL	0:1239e9b70ca2	30	#endif
wolfSSL	0:1239e9b70ca2	31
wolfSSL	0:1239e9b70ca2	32
wolfSSL	0:1239e9b70ca2	33	#include <cyassl/ssl.h>
wolfSSL	0:1239e9b70ca2	34	#include <cyassl/internal.h>
wolfSSL	0:1239e9b70ca2	35	#include <cyassl/error-ssl.h>
wolfSSL	0:1239e9b70ca2	36	#include <cyassl/ctaocrypt/coding.h>
wolfSSL	0:1239e9b70ca2	37
wolfSSL	0:1239e9b70ca2	38	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	0:1239e9b70ca2	39	#include <cyassl/openssl/evp.h>
wolfSSL	0:1239e9b70ca2	40	#endif
wolfSSL	0:1239e9b70ca2	41
wolfSSL	0:1239e9b70ca2	42	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	43	/* openssl headers begin */
wolfSSL	0:1239e9b70ca2	44	#include <cyassl/openssl/hmac.h>
wolfSSL	0:1239e9b70ca2	45	#include <cyassl/openssl/crypto.h>
wolfSSL	0:1239e9b70ca2	46	#include <cyassl/openssl/des.h>
wolfSSL	0:1239e9b70ca2	47	#include <cyassl/openssl/bn.h>
wolfSSL	0:1239e9b70ca2	48	#include <cyassl/openssl/dh.h>
wolfSSL	0:1239e9b70ca2	49	#include <cyassl/openssl/rsa.h>
wolfSSL	0:1239e9b70ca2	50	#include <cyassl/openssl/pem.h>
wolfSSL	0:1239e9b70ca2	51	/* openssl headers end, cyassl internal headers next */
wolfSSL	0:1239e9b70ca2	52	#include <cyassl/ctaocrypt/hmac.h>
wolfSSL	0:1239e9b70ca2	53	#include <cyassl/ctaocrypt/random.h>
wolfSSL	0:1239e9b70ca2	54	#include <cyassl/ctaocrypt/des3.h>
wolfSSL	0:1239e9b70ca2	55	#include <cyassl/ctaocrypt/md4.h>
wolfSSL	0:1239e9b70ca2	56	#include <cyassl/ctaocrypt/md5.h>
wolfSSL	0:1239e9b70ca2	57	#include <cyassl/ctaocrypt/arc4.h>
wolfSSL	0:1239e9b70ca2	58	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	59	#include <cyassl/ctaocrypt/sha512.h>
wolfSSL	0:1239e9b70ca2	60	#endif
wolfSSL	0:1239e9b70ca2	61	#endif
wolfSSL	0:1239e9b70ca2	62
wolfSSL	0:1239e9b70ca2	63	#ifndef NO_FILESYSTEM
wolfSSL	0:1239e9b70ca2	64	#if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \
wolfSSL	0:1239e9b70ca2	65	&& !defined(EBSNET)
wolfSSL	0:1239e9b70ca2	66	#include <dirent.h>
wolfSSL	0:1239e9b70ca2	67	#include <sys/stat.h>
wolfSSL	0:1239e9b70ca2	68	#endif
wolfSSL	0:1239e9b70ca2	69	#ifdef EBSNET
wolfSSL	0:1239e9b70ca2	70	#include "vfapi.h"
wolfSSL	0:1239e9b70ca2	71	#include "vfile.h"
wolfSSL	0:1239e9b70ca2	72	#endif
wolfSSL	0:1239e9b70ca2	73	#endif /* NO_FILESYSTEM */
wolfSSL	0:1239e9b70ca2	74
wolfSSL	0:1239e9b70ca2	75	#ifndef TRUE
wolfSSL	0:1239e9b70ca2	76	#define TRUE 1
wolfSSL	0:1239e9b70ca2	77	#endif
wolfSSL	0:1239e9b70ca2	78	#ifndef FALSE
wolfSSL	0:1239e9b70ca2	79	#define FALSE 0
wolfSSL	0:1239e9b70ca2	80	#endif
wolfSSL	0:1239e9b70ca2	81
wolfSSL	0:1239e9b70ca2	82	#ifndef min
wolfSSL	0:1239e9b70ca2	83
wolfSSL	0:1239e9b70ca2	84	static INLINE word32 min(word32 a, word32 b)
wolfSSL	0:1239e9b70ca2	85	{
wolfSSL	0:1239e9b70ca2	86	return a > b ? b : a;
wolfSSL	0:1239e9b70ca2	87	}
wolfSSL	0:1239e9b70ca2	88
wolfSSL	0:1239e9b70ca2	89	#endif /* min */
wolfSSL	0:1239e9b70ca2	90
wolfSSL	0:1239e9b70ca2	91	#ifndef max
wolfSSL	0:1239e9b70ca2	92	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	93	static INLINE word32 max(word32 a, word32 b)
wolfSSL	0:1239e9b70ca2	94	{
wolfSSL	0:1239e9b70ca2	95	return a > b ? a : b;
wolfSSL	0:1239e9b70ca2	96	}
wolfSSL	0:1239e9b70ca2	97	#endif
wolfSSL	0:1239e9b70ca2	98	#endif /* min */
wolfSSL	0:1239e9b70ca2	99
wolfSSL	0:1239e9b70ca2	100
wolfSSL	0:1239e9b70ca2	101	#ifndef CYASSL_LEANPSK
wolfSSL	0:1239e9b70ca2	102	char* mystrnstr(const char* s1, const char* s2, unsigned int n)
wolfSSL	0:1239e9b70ca2	103	{
wolfSSL	0:1239e9b70ca2	104	unsigned int s2_len = (unsigned int)XSTRLEN(s2);
wolfSSL	0:1239e9b70ca2	105
wolfSSL	0:1239e9b70ca2	106	if (s2_len == 0)
wolfSSL	0:1239e9b70ca2	107	return (char*)s1;
wolfSSL	0:1239e9b70ca2	108
wolfSSL	0:1239e9b70ca2	109	while (n >= s2_len && s1[0]) {
wolfSSL	0:1239e9b70ca2	110	if (s1[0] == s2[0])
wolfSSL	0:1239e9b70ca2	111	if (XMEMCMP(s1, s2, s2_len) == 0)
wolfSSL	0:1239e9b70ca2	112	return (char*)s1;
wolfSSL	0:1239e9b70ca2	113	s1++;
wolfSSL	0:1239e9b70ca2	114	n--;
wolfSSL	0:1239e9b70ca2	115	}
wolfSSL	0:1239e9b70ca2	116
wolfSSL	0:1239e9b70ca2	117	return NULL;
wolfSSL	0:1239e9b70ca2	118	}
wolfSSL	0:1239e9b70ca2	119	#endif
wolfSSL	0:1239e9b70ca2	120
wolfSSL	0:1239e9b70ca2	121
wolfSSL	0:1239e9b70ca2	122	/* prevent multiple mutex initializations */
wolfSSL	0:1239e9b70ca2	123	static volatile int initRefCount = 0;
wolfSSL	0:1239e9b70ca2	124	static CyaSSL_Mutex count_mutex; /* init ref count mutex */
wolfSSL	0:1239e9b70ca2	125
wolfSSL	0:1239e9b70ca2	126
wolfSSL	0:1239e9b70ca2	127	CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD* method)
wolfSSL	0:1239e9b70ca2	128	{
wolfSSL	0:1239e9b70ca2	129	CYASSL_CTX* ctx = NULL;
wolfSSL	0:1239e9b70ca2	130
wolfSSL	0:1239e9b70ca2	131	CYASSL_ENTER("CYASSL_CTX_new");
wolfSSL	0:1239e9b70ca2	132
wolfSSL	0:1239e9b70ca2	133	if (initRefCount == 0)
wolfSSL	0:1239e9b70ca2	134	CyaSSL_Init(); /* user no longer forced to call Init themselves */
wolfSSL	0:1239e9b70ca2	135
wolfSSL	0:1239e9b70ca2	136	if (method == NULL)
wolfSSL	0:1239e9b70ca2	137	return ctx;
wolfSSL	0:1239e9b70ca2	138
wolfSSL	0:1239e9b70ca2	139	ctx = (CYASSL_CTX*) XMALLOC(sizeof(CYASSL_CTX), 0, DYNAMIC_TYPE_CTX);
wolfSSL	0:1239e9b70ca2	140	if (ctx) {
wolfSSL	0:1239e9b70ca2	141	if (InitSSL_Ctx(ctx, method) < 0) {
wolfSSL	0:1239e9b70ca2	142	CYASSL_MSG("Init CTX failed");
wolfSSL	0:1239e9b70ca2	143	CyaSSL_CTX_free(ctx);
wolfSSL	0:1239e9b70ca2	144	ctx = NULL;
wolfSSL	0:1239e9b70ca2	145	}
wolfSSL	0:1239e9b70ca2	146	}
wolfSSL	0:1239e9b70ca2	147	else {
wolfSSL	0:1239e9b70ca2	148	CYASSL_MSG("Alloc CTX failed, method freed");
wolfSSL	0:1239e9b70ca2	149	XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	150	}
wolfSSL	0:1239e9b70ca2	151
wolfSSL	0:1239e9b70ca2	152	CYASSL_LEAVE("CYASSL_CTX_new", 0);
wolfSSL	0:1239e9b70ca2	153	return ctx;
wolfSSL	0:1239e9b70ca2	154	}
wolfSSL	0:1239e9b70ca2	155
wolfSSL	0:1239e9b70ca2	156
wolfSSL	0:1239e9b70ca2	157	void CyaSSL_CTX_free(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	158	{
wolfSSL	0:1239e9b70ca2	159	CYASSL_ENTER("SSL_CTX_free");
wolfSSL	0:1239e9b70ca2	160	if (ctx)
wolfSSL	0:1239e9b70ca2	161	FreeSSL_Ctx(ctx);
wolfSSL	0:1239e9b70ca2	162	CYASSL_LEAVE("SSL_CTX_free", 0);
wolfSSL	0:1239e9b70ca2	163	}
wolfSSL	0:1239e9b70ca2	164
wolfSSL	0:1239e9b70ca2	165
wolfSSL	0:1239e9b70ca2	166	CYASSL* CyaSSL_new(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	167	{
wolfSSL	0:1239e9b70ca2	168	CYASSL* ssl = NULL;
wolfSSL	0:1239e9b70ca2	169	int ret = 0;
wolfSSL	0:1239e9b70ca2	170
wolfSSL	0:1239e9b70ca2	171	(void)ret;
wolfSSL	0:1239e9b70ca2	172	CYASSL_ENTER("SSL_new");
wolfSSL	0:1239e9b70ca2	173
wolfSSL	0:1239e9b70ca2	174	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	175	return ssl;
wolfSSL	0:1239e9b70ca2	176
wolfSSL	0:1239e9b70ca2	177	ssl = (CYASSL*) XMALLOC(sizeof(CYASSL), ctx->heap,DYNAMIC_TYPE_SSL);
wolfSSL	0:1239e9b70ca2	178	if (ssl)
wolfSSL	0:1239e9b70ca2	179	if ( (ret = InitSSL(ssl, ctx)) < 0) {
wolfSSL	0:1239e9b70ca2	180	FreeSSL(ssl);
wolfSSL	0:1239e9b70ca2	181	ssl = 0;
wolfSSL	0:1239e9b70ca2	182	}
wolfSSL	0:1239e9b70ca2	183
wolfSSL	0:1239e9b70ca2	184	CYASSL_LEAVE("SSL_new", ret);
wolfSSL	0:1239e9b70ca2	185	return ssl;
wolfSSL	0:1239e9b70ca2	186	}
wolfSSL	0:1239e9b70ca2	187
wolfSSL	0:1239e9b70ca2	188
wolfSSL	0:1239e9b70ca2	189	void CyaSSL_free(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	190	{
wolfSSL	0:1239e9b70ca2	191	CYASSL_ENTER("SSL_free");
wolfSSL	0:1239e9b70ca2	192	if (ssl)
wolfSSL	0:1239e9b70ca2	193	FreeSSL(ssl);
wolfSSL	0:1239e9b70ca2	194	CYASSL_LEAVE("SSL_free", 0);
wolfSSL	0:1239e9b70ca2	195	}
wolfSSL	0:1239e9b70ca2	196
wolfSSL	0:1239e9b70ca2	197
wolfSSL	0:1239e9b70ca2	198	int CyaSSL_set_fd(CYASSL* ssl, int fd)
wolfSSL	0:1239e9b70ca2	199	{
wolfSSL	0:1239e9b70ca2	200	CYASSL_ENTER("SSL_set_fd");
wolfSSL	0:1239e9b70ca2	201	ssl->rfd = fd; /* not used directly to allow IO callbacks */
wolfSSL	0:1239e9b70ca2	202	ssl->wfd = fd;
wolfSSL	0:1239e9b70ca2	203
wolfSSL	0:1239e9b70ca2	204	ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL	0:1239e9b70ca2	205	ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL	0:1239e9b70ca2	206
wolfSSL	0:1239e9b70ca2	207	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	208	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	209	ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
wolfSSL	0:1239e9b70ca2	210	ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
wolfSSL	0:1239e9b70ca2	211	ssl->buffers.dtlsCtx.fd = fd;
wolfSSL	0:1239e9b70ca2	212	}
wolfSSL	0:1239e9b70ca2	213	#endif
wolfSSL	0:1239e9b70ca2	214
wolfSSL	0:1239e9b70ca2	215	CYASSL_LEAVE("SSL_set_fd", SSL_SUCCESS);
wolfSSL	0:1239e9b70ca2	216	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	217	}
wolfSSL	0:1239e9b70ca2	218
wolfSSL	0:1239e9b70ca2	219
wolfSSL	0:1239e9b70ca2	220	int CyaSSL_get_fd(const CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	221	{
wolfSSL	0:1239e9b70ca2	222	CYASSL_ENTER("SSL_get_fd");
wolfSSL	0:1239e9b70ca2	223	CYASSL_LEAVE("SSL_get_fd", ssl->rfd);
wolfSSL	0:1239e9b70ca2	224	return ssl->rfd;
wolfSSL	0:1239e9b70ca2	225	}
wolfSSL	0:1239e9b70ca2	226
wolfSSL	0:1239e9b70ca2	227
wolfSSL	0:1239e9b70ca2	228	int CyaSSL_get_using_nonblock(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	229	{
wolfSSL	0:1239e9b70ca2	230	CYASSL_ENTER("CyaSSL_get_using_nonblock");
wolfSSL	0:1239e9b70ca2	231	CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock);
wolfSSL	0:1239e9b70ca2	232	return ssl->options.usingNonblock;
wolfSSL	0:1239e9b70ca2	233	}
wolfSSL	0:1239e9b70ca2	234
wolfSSL	0:1239e9b70ca2	235
wolfSSL	0:1239e9b70ca2	236	int CyaSSL_dtls(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	237	{
wolfSSL	0:1239e9b70ca2	238	return ssl->options.dtls;
wolfSSL	0:1239e9b70ca2	239	}
wolfSSL	0:1239e9b70ca2	240
wolfSSL	0:1239e9b70ca2	241
wolfSSL	0:1239e9b70ca2	242	#ifndef CYASSL_LEANPSK
wolfSSL	0:1239e9b70ca2	243	void CyaSSL_set_using_nonblock(CYASSL* ssl, int nonblock)
wolfSSL	0:1239e9b70ca2	244	{
wolfSSL	0:1239e9b70ca2	245	CYASSL_ENTER("CyaSSL_set_using_nonblock");
wolfSSL	0:1239e9b70ca2	246	ssl->options.usingNonblock = (nonblock != 0);
wolfSSL	0:1239e9b70ca2	247	}
wolfSSL	0:1239e9b70ca2	248
wolfSSL	0:1239e9b70ca2	249
wolfSSL	0:1239e9b70ca2	250	int CyaSSL_dtls_set_peer(CYASSL* ssl, void* peer, unsigned int peerSz)
wolfSSL	0:1239e9b70ca2	251	{
wolfSSL	0:1239e9b70ca2	252	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	253	void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL	0:1239e9b70ca2	254	if (sa != NULL) {
wolfSSL	0:1239e9b70ca2	255	XMEMCPY(sa, peer, peerSz);
wolfSSL	0:1239e9b70ca2	256	ssl->buffers.dtlsCtx.peer.sa = sa;
wolfSSL	0:1239e9b70ca2	257	ssl->buffers.dtlsCtx.peer.sz = peerSz;
wolfSSL	0:1239e9b70ca2	258	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	259	}
wolfSSL	0:1239e9b70ca2	260	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	261	#else
wolfSSL	0:1239e9b70ca2	262	(void)ssl;
wolfSSL	0:1239e9b70ca2	263	(void)peer;
wolfSSL	0:1239e9b70ca2	264	(void)peerSz;
wolfSSL	0:1239e9b70ca2	265	return SSL_NOT_IMPLEMENTED;
wolfSSL	0:1239e9b70ca2	266	#endif
wolfSSL	0:1239e9b70ca2	267	}
wolfSSL	0:1239e9b70ca2	268
wolfSSL	0:1239e9b70ca2	269	int CyaSSL_dtls_get_peer(CYASSL* ssl, void* peer, unsigned int* peerSz)
wolfSSL	0:1239e9b70ca2	270	{
wolfSSL	0:1239e9b70ca2	271	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	272	if (peer != NULL && peerSz != NULL
wolfSSL	0:1239e9b70ca2	273	&& *peerSz >= ssl->buffers.dtlsCtx.peer.sz) {
wolfSSL	0:1239e9b70ca2	274	*peerSz = ssl->buffers.dtlsCtx.peer.sz;
wolfSSL	0:1239e9b70ca2	275	XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
wolfSSL	0:1239e9b70ca2	276	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	277	}
wolfSSL	0:1239e9b70ca2	278	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	279	#else
wolfSSL	0:1239e9b70ca2	280	(void)ssl;
wolfSSL	0:1239e9b70ca2	281	(void)peer;
wolfSSL	0:1239e9b70ca2	282	(void)peerSz;
wolfSSL	0:1239e9b70ca2	283	return SSL_NOT_IMPLEMENTED;
wolfSSL	0:1239e9b70ca2	284	#endif
wolfSSL	0:1239e9b70ca2	285	}
wolfSSL	0:1239e9b70ca2	286	#endif /* CYASSL_LEANPSK */
wolfSSL	0:1239e9b70ca2	287
wolfSSL	0:1239e9b70ca2	288
wolfSSL	0:1239e9b70ca2	289	/* return underlyig connect or accept, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	290	int CyaSSL_negotiate(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	291	{
wolfSSL	0:1239e9b70ca2	292	int err = SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	293
wolfSSL	0:1239e9b70ca2	294	CYASSL_ENTER("CyaSSL_negotiate");
wolfSSL	0:1239e9b70ca2	295	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	296	if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL	0:1239e9b70ca2	297	err = CyaSSL_accept(ssl);
wolfSSL	0:1239e9b70ca2	298	#endif
wolfSSL	0:1239e9b70ca2	299
wolfSSL	0:1239e9b70ca2	300	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	301	if (ssl->options.side == CYASSL_CLIENT_END)
wolfSSL	0:1239e9b70ca2	302	err = CyaSSL_connect(ssl);
wolfSSL	0:1239e9b70ca2	303	#endif
wolfSSL	0:1239e9b70ca2	304
wolfSSL	0:1239e9b70ca2	305	CYASSL_LEAVE("CyaSSL_negotiate", err);
wolfSSL	0:1239e9b70ca2	306
wolfSSL	0:1239e9b70ca2	307	return err;
wolfSSL	0:1239e9b70ca2	308	}
wolfSSL	0:1239e9b70ca2	309
wolfSSL	0:1239e9b70ca2	310
wolfSSL	0:1239e9b70ca2	311	#ifndef CYASSL_LEANPSK
wolfSSL	0:1239e9b70ca2	312	/* object size based on build */
wolfSSL	0:1239e9b70ca2	313	int CyaSSL_GetObjectSize(void)
wolfSSL	0:1239e9b70ca2	314	{
wolfSSL	0:1239e9b70ca2	315	#ifdef SHOW_SIZES
wolfSSL	0:1239e9b70ca2	316	printf("sizeof suites = %lu\n", sizeof(Suites));
wolfSSL	0:1239e9b70ca2	317	printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
wolfSSL	0:1239e9b70ca2	318	#ifndef NO_RC4
wolfSSL	0:1239e9b70ca2	319	printf(" sizeof arc4 = %lu\n", sizeof(Arc4));
wolfSSL	0:1239e9b70ca2	320	#endif
wolfSSL	0:1239e9b70ca2	321	printf(" sizeof aes = %lu\n", sizeof(Aes));
wolfSSL	0:1239e9b70ca2	322	#ifndef NO_DES3
wolfSSL	0:1239e9b70ca2	323	printf(" sizeof des3 = %lu\n", sizeof(Des3));
wolfSSL	0:1239e9b70ca2	324	#endif
wolfSSL	0:1239e9b70ca2	325	#ifndef NO_RABBIT
wolfSSL	0:1239e9b70ca2	326	printf(" sizeof rabbit = %lu\n", sizeof(Rabbit));
wolfSSL	0:1239e9b70ca2	327	#endif
wolfSSL	0:1239e9b70ca2	328	printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
wolfSSL	0:1239e9b70ca2	329	printf("sizeof keys = %lu\n", sizeof(Keys));
wolfSSL	0:1239e9b70ca2	330	printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
wolfSSL	0:1239e9b70ca2	331	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	332	printf(" sizeof MD5 = %lu\n", sizeof(Md5));
wolfSSL	0:1239e9b70ca2	333	#endif
wolfSSL	0:1239e9b70ca2	334	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	335	printf(" sizeof SHA = %lu\n", sizeof(Sha));
wolfSSL	0:1239e9b70ca2	336	#endif
wolfSSL	0:1239e9b70ca2	337	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	338	printf(" sizeof SHA256 = %lu\n", sizeof(Sha256));
wolfSSL	0:1239e9b70ca2	339	#endif
wolfSSL	0:1239e9b70ca2	340	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	341	printf(" sizeof SHA384 = %lu\n", sizeof(Sha384));
wolfSSL	0:1239e9b70ca2	342	#endif
wolfSSL	0:1239e9b70ca2	343	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	344	printf(" sizeof SHA512 = %lu\n", sizeof(Sha512));
wolfSSL	0:1239e9b70ca2	345	#endif
wolfSSL	0:1239e9b70ca2	346	printf("sizeof Buffers = %lu\n", sizeof(Buffers));
wolfSSL	0:1239e9b70ca2	347	printf("sizeof Options = %lu\n", sizeof(Options));
wolfSSL	0:1239e9b70ca2	348	printf("sizeof Arrays = %lu\n", sizeof(Arrays));
wolfSSL	0:1239e9b70ca2	349	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	350	printf("sizeof RsaKey = %lu\n", sizeof(RsaKey));
wolfSSL	0:1239e9b70ca2	351	#endif
wolfSSL	0:1239e9b70ca2	352	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	353	printf("sizeof ecc_key = %lu\n", sizeof(ecc_key));
wolfSSL	0:1239e9b70ca2	354	#endif
wolfSSL	0:1239e9b70ca2	355	printf("sizeof CYASSL_CIPHER = %lu\n", sizeof(CYASSL_CIPHER));
wolfSSL	0:1239e9b70ca2	356	printf("sizeof CYASSL_SESSION = %lu\n", sizeof(CYASSL_SESSION));
wolfSSL	0:1239e9b70ca2	357	printf("sizeof CYASSL = %lu\n", sizeof(CYASSL));
wolfSSL	0:1239e9b70ca2	358	printf("sizeof CYASSL_CTX = %lu\n", sizeof(CYASSL_CTX));
wolfSSL	0:1239e9b70ca2	359	#endif
wolfSSL	0:1239e9b70ca2	360
wolfSSL	0:1239e9b70ca2	361	return sizeof(CYASSL);
wolfSSL	0:1239e9b70ca2	362	}
wolfSSL	0:1239e9b70ca2	363	#endif
wolfSSL	0:1239e9b70ca2	364
wolfSSL	0:1239e9b70ca2	365	/* XXX should be NO_DH */
wolfSSL	0:1239e9b70ca2	366	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	367	/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	368	int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
wolfSSL	0:1239e9b70ca2	369	const unsigned char* g, int gSz)
wolfSSL	0:1239e9b70ca2	370	{
wolfSSL	0:1239e9b70ca2	371	byte havePSK = 0;
wolfSSL	0:1239e9b70ca2	372	byte haveRSA = 1;
wolfSSL	0:1239e9b70ca2	373
wolfSSL	0:1239e9b70ca2	374	CYASSL_ENTER("CyaSSL_SetTmpDH");
wolfSSL	0:1239e9b70ca2	375	if (ssl == NULL \|\| p == NULL \|\| g == NULL) return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	376
wolfSSL	0:1239e9b70ca2	377	if (ssl->options.side != CYASSL_SERVER_END)
wolfSSL	0:1239e9b70ca2	378	return SIDE_ERROR;
wolfSSL	0:1239e9b70ca2	379
wolfSSL	0:1239e9b70ca2	380	if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH)
wolfSSL	0:1239e9b70ca2	381	XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	382	if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH)
wolfSSL	0:1239e9b70ca2	383	XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	384
wolfSSL	0:1239e9b70ca2	385	ssl->buffers.weOwnDH = 1; /* SSL owns now */
wolfSSL	0:1239e9b70ca2	386	ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap,
wolfSSL	0:1239e9b70ca2	387	DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	388	if (ssl->buffers.serverDH_P.buffer == NULL)
wolfSSL	0:1239e9b70ca2	389	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	390
wolfSSL	0:1239e9b70ca2	391	ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap,
wolfSSL	0:1239e9b70ca2	392	DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	393	if (ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL	0:1239e9b70ca2	394	XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	395	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	396	}
wolfSSL	0:1239e9b70ca2	397
wolfSSL	0:1239e9b70ca2	398	ssl->buffers.serverDH_P.length = pSz;
wolfSSL	0:1239e9b70ca2	399	ssl->buffers.serverDH_G.length = gSz;
wolfSSL	0:1239e9b70ca2	400
wolfSSL	0:1239e9b70ca2	401	XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
wolfSSL	0:1239e9b70ca2	402	XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
wolfSSL	0:1239e9b70ca2	403
wolfSSL	0:1239e9b70ca2	404	ssl->options.haveDH = 1;
wolfSSL	0:1239e9b70ca2	405	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	406	havePSK = ssl->options.havePSK;
wolfSSL	0:1239e9b70ca2	407	#endif
wolfSSL	0:1239e9b70ca2	408	#ifdef NO_RSA
wolfSSL	0:1239e9b70ca2	409	haveRSA = 0;
wolfSSL	0:1239e9b70ca2	410	#endif
wolfSSL	0:1239e9b70ca2	411	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL	0:1239e9b70ca2	412	ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL	0:1239e9b70ca2	413	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	0:1239e9b70ca2	414
wolfSSL	0:1239e9b70ca2	415	CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
wolfSSL	0:1239e9b70ca2	416	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	417	}
wolfSSL	0:1239e9b70ca2	418	#endif /* !NO_CERTS */
wolfSSL	0:1239e9b70ca2	419
wolfSSL	0:1239e9b70ca2	420
wolfSSL	0:1239e9b70ca2	421	int CyaSSL_write(CYASSL* ssl, const void* data, int sz)
wolfSSL	0:1239e9b70ca2	422	{
wolfSSL	0:1239e9b70ca2	423	int ret;
wolfSSL	0:1239e9b70ca2	424
wolfSSL	0:1239e9b70ca2	425	CYASSL_ENTER("SSL_write()");
wolfSSL	0:1239e9b70ca2	426
wolfSSL	0:1239e9b70ca2	427	if (ssl == NULL \|\| data == NULL \|\| sz < 0)
wolfSSL	0:1239e9b70ca2	428	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	429
wolfSSL	0:1239e9b70ca2	430	#ifdef HAVE_ERRNO_H
wolfSSL	0:1239e9b70ca2	431	errno = 0;
wolfSSL	0:1239e9b70ca2	432	#endif
wolfSSL	0:1239e9b70ca2	433
wolfSSL	0:1239e9b70ca2	434	ret = SendData(ssl, data, sz);
wolfSSL	0:1239e9b70ca2	435
wolfSSL	0:1239e9b70ca2	436	CYASSL_LEAVE("SSL_write()", ret);
wolfSSL	0:1239e9b70ca2	437
wolfSSL	0:1239e9b70ca2	438	if (ret < 0)
wolfSSL	0:1239e9b70ca2	439	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	440	else
wolfSSL	0:1239e9b70ca2	441	return ret;
wolfSSL	0:1239e9b70ca2	442	}
wolfSSL	0:1239e9b70ca2	443
wolfSSL	0:1239e9b70ca2	444
wolfSSL	0:1239e9b70ca2	445	static int CyaSSL_read_internal(CYASSL* ssl, void* data, int sz, int peek)
wolfSSL	0:1239e9b70ca2	446	{
wolfSSL	0:1239e9b70ca2	447	int ret;
wolfSSL	0:1239e9b70ca2	448
wolfSSL	0:1239e9b70ca2	449	CYASSL_ENTER("CyaSSL_read_internal()");
wolfSSL	0:1239e9b70ca2	450
wolfSSL	0:1239e9b70ca2	451	if (ssl == NULL \|\| data == NULL \|\| sz < 0)
wolfSSL	0:1239e9b70ca2	452	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	453
wolfSSL	0:1239e9b70ca2	454	#ifdef HAVE_ERRNO_H
wolfSSL	0:1239e9b70ca2	455	errno = 0;
wolfSSL	0:1239e9b70ca2	456	#endif
wolfSSL	0:1239e9b70ca2	457	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	458	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	459	ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
wolfSSL	0:1239e9b70ca2	460	#endif
wolfSSL	0:1239e9b70ca2	461
wolfSSL	0:1239e9b70ca2	462	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	0:1239e9b70ca2	463	ret = ReceiveData(ssl, (byte*)data,
wolfSSL	0:1239e9b70ca2	464	min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)), peek);
wolfSSL	0:1239e9b70ca2	465	#else
wolfSSL	0:1239e9b70ca2	466	ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
wolfSSL	0:1239e9b70ca2	467	#endif
wolfSSL	0:1239e9b70ca2	468
wolfSSL	0:1239e9b70ca2	469	CYASSL_LEAVE("CyaSSL_read_internal()", ret);
wolfSSL	0:1239e9b70ca2	470
wolfSSL	0:1239e9b70ca2	471	if (ret < 0)
wolfSSL	0:1239e9b70ca2	472	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	473	else
wolfSSL	0:1239e9b70ca2	474	return ret;
wolfSSL	0:1239e9b70ca2	475	}
wolfSSL	0:1239e9b70ca2	476
wolfSSL	0:1239e9b70ca2	477
wolfSSL	0:1239e9b70ca2	478	int CyaSSL_peek(CYASSL* ssl, void* data, int sz)
wolfSSL	0:1239e9b70ca2	479	{
wolfSSL	0:1239e9b70ca2	480	CYASSL_ENTER("CyaSSL_peek()");
wolfSSL	0:1239e9b70ca2	481
wolfSSL	0:1239e9b70ca2	482	return CyaSSL_read_internal(ssl, data, sz, TRUE);
wolfSSL	0:1239e9b70ca2	483	}
wolfSSL	0:1239e9b70ca2	484
wolfSSL	0:1239e9b70ca2	485
wolfSSL	0:1239e9b70ca2	486	int CyaSSL_read(CYASSL* ssl, void* data, int sz)
wolfSSL	0:1239e9b70ca2	487	{
wolfSSL	0:1239e9b70ca2	488	CYASSL_ENTER("CyaSSL_read()");
wolfSSL	0:1239e9b70ca2	489
wolfSSL	0:1239e9b70ca2	490	return CyaSSL_read_internal(ssl, data, sz, FALSE);
wolfSSL	0:1239e9b70ca2	491	}
wolfSSL	0:1239e9b70ca2	492
wolfSSL	0:1239e9b70ca2	493
wolfSSL	0:1239e9b70ca2	494	#ifdef HAVE_CAVIUM
wolfSSL	0:1239e9b70ca2	495
wolfSSL	0:1239e9b70ca2	496	/* let's use cavium, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	497	int CyaSSL_UseCavium(CYASSL* ssl, int devId)
wolfSSL	0:1239e9b70ca2	498	{
wolfSSL	0:1239e9b70ca2	499	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	500	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	501
wolfSSL	0:1239e9b70ca2	502	ssl->devId = devId;
wolfSSL	0:1239e9b70ca2	503
wolfSSL	0:1239e9b70ca2	504	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	505	}
wolfSSL	0:1239e9b70ca2	506
wolfSSL	0:1239e9b70ca2	507
wolfSSL	0:1239e9b70ca2	508	/* let's use cavium, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	509	int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId)
wolfSSL	0:1239e9b70ca2	510	{
wolfSSL	0:1239e9b70ca2	511	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	512	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	513
wolfSSL	0:1239e9b70ca2	514	ctx->devId = devId;
wolfSSL	0:1239e9b70ca2	515
wolfSSL	0:1239e9b70ca2	516	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	517	}
wolfSSL	0:1239e9b70ca2	518
wolfSSL	0:1239e9b70ca2	519
wolfSSL	0:1239e9b70ca2	520	#endif /* HAVE_CAVIUM */
wolfSSL	0:1239e9b70ca2	521
wolfSSL	0:1239e9b70ca2	522	#ifdef HAVE_SNI
wolfSSL	0:1239e9b70ca2	523
wolfSSL	0:1239e9b70ca2	524	int CyaSSL_UseSNI(CYASSL* ssl, byte type, const void* data, word16 size)
wolfSSL	0:1239e9b70ca2	525	{
wolfSSL	0:1239e9b70ca2	526	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	527	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	528
wolfSSL	0:1239e9b70ca2	529	return TLSX_UseSNI(&ssl->extensions, type, data, size);
wolfSSL	0:1239e9b70ca2	530	}
wolfSSL	0:1239e9b70ca2	531
wolfSSL	0:1239e9b70ca2	532	int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, byte type, const void* data, word16 size)
wolfSSL	0:1239e9b70ca2	533	{
wolfSSL	0:1239e9b70ca2	534	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	535	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	536
wolfSSL	0:1239e9b70ca2	537	return TLSX_UseSNI(&ctx->extensions, type, data, size);
wolfSSL	0:1239e9b70ca2	538	}
wolfSSL	0:1239e9b70ca2	539
wolfSSL	0:1239e9b70ca2	540	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	541
wolfSSL	0:1239e9b70ca2	542	void CyaSSL_SNI_SetOptions(CYASSL* ssl, byte type, byte options)
wolfSSL	0:1239e9b70ca2	543	{
wolfSSL	0:1239e9b70ca2	544	if (ssl && ssl->extensions)
wolfSSL	0:1239e9b70ca2	545	TLSX_SNI_SetOptions(ssl->extensions, type, options);
wolfSSL	0:1239e9b70ca2	546	}
wolfSSL	0:1239e9b70ca2	547
wolfSSL	0:1239e9b70ca2	548	void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, byte type, byte options)
wolfSSL	0:1239e9b70ca2	549	{
wolfSSL	0:1239e9b70ca2	550	if (ctx && ctx->extensions)
wolfSSL	0:1239e9b70ca2	551	TLSX_SNI_SetOptions(ctx->extensions, type, options);
wolfSSL	0:1239e9b70ca2	552	}
wolfSSL	0:1239e9b70ca2	553
wolfSSL	0:1239e9b70ca2	554	byte CyaSSL_SNI_Status(CYASSL* ssl, byte type)
wolfSSL	0:1239e9b70ca2	555	{
wolfSSL	0:1239e9b70ca2	556	return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
wolfSSL	0:1239e9b70ca2	557	}
wolfSSL	0:1239e9b70ca2	558
wolfSSL	0:1239e9b70ca2	559	word16 CyaSSL_SNI_GetRequest(CYASSL* ssl, byte type, void** data)
wolfSSL	0:1239e9b70ca2	560	{
wolfSSL	0:1239e9b70ca2	561	if (data)
wolfSSL	0:1239e9b70ca2	562	*data = NULL;
wolfSSL	0:1239e9b70ca2	563
wolfSSL	0:1239e9b70ca2	564	if (ssl && ssl->extensions)
wolfSSL	0:1239e9b70ca2	565	return TLSX_SNI_GetRequest(ssl->extensions, type, data);
wolfSSL	0:1239e9b70ca2	566
wolfSSL	0:1239e9b70ca2	567	return 0;
wolfSSL	0:1239e9b70ca2	568	}
wolfSSL	0:1239e9b70ca2	569
wolfSSL	0:1239e9b70ca2	570	int CyaSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type,
wolfSSL	0:1239e9b70ca2	571	byte* sni, word32* inOutSz)
wolfSSL	0:1239e9b70ca2	572	{
wolfSSL	0:1239e9b70ca2	573	if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
wolfSSL	0:1239e9b70ca2	574	return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
wolfSSL	0:1239e9b70ca2	575
wolfSSL	0:1239e9b70ca2	576	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	577	}
wolfSSL	0:1239e9b70ca2	578
wolfSSL	0:1239e9b70ca2	579	#endif /* NO_CYASSL_SERVER */
wolfSSL	0:1239e9b70ca2	580
wolfSSL	0:1239e9b70ca2	581	#endif /* HAVE_SNI */
wolfSSL	0:1239e9b70ca2	582
wolfSSL	0:1239e9b70ca2	583
wolfSSL	0:1239e9b70ca2	584	#ifdef HAVE_MAX_FRAGMENT
wolfSSL	0:1239e9b70ca2	585	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	586	int CyaSSL_UseMaxFragment(CYASSL* ssl, byte mfl)
wolfSSL	0:1239e9b70ca2	587	{
wolfSSL	0:1239e9b70ca2	588	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	589	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	590
wolfSSL	0:1239e9b70ca2	591	return TLSX_UseMaxFragment(&ssl->extensions, mfl);
wolfSSL	0:1239e9b70ca2	592	}
wolfSSL	0:1239e9b70ca2	593
wolfSSL	0:1239e9b70ca2	594	int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, byte mfl)
wolfSSL	0:1239e9b70ca2	595	{
wolfSSL	0:1239e9b70ca2	596	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	597	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	598
wolfSSL	0:1239e9b70ca2	599	return TLSX_UseMaxFragment(&ctx->extensions, mfl);
wolfSSL	0:1239e9b70ca2	600	}
wolfSSL	0:1239e9b70ca2	601	#endif /* NO_CYASSL_CLIENT */
wolfSSL	0:1239e9b70ca2	602	#endif /* HAVE_MAX_FRAGMENT */
wolfSSL	0:1239e9b70ca2	603
wolfSSL	0:1239e9b70ca2	604	#ifdef HAVE_TRUNCATED_HMAC
wolfSSL	0:1239e9b70ca2	605	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	606	int CyaSSL_UseTruncatedHMAC(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	607	{
wolfSSL	0:1239e9b70ca2	608	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	609	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	610
wolfSSL	0:1239e9b70ca2	611	return TLSX_UseTruncatedHMAC(&ssl->extensions);
wolfSSL	0:1239e9b70ca2	612	}
wolfSSL	0:1239e9b70ca2	613
wolfSSL	0:1239e9b70ca2	614	int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	615	{
wolfSSL	0:1239e9b70ca2	616	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	617	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	618
wolfSSL	0:1239e9b70ca2	619	return TLSX_UseTruncatedHMAC(&ctx->extensions);
wolfSSL	0:1239e9b70ca2	620	}
wolfSSL	0:1239e9b70ca2	621	#endif /* NO_CYASSL_CLIENT */
wolfSSL	0:1239e9b70ca2	622	#endif /* HAVE_TRUNCATED_HMAC */
wolfSSL	0:1239e9b70ca2	623
wolfSSL	0:1239e9b70ca2	624	/* Elliptic Curves */
wolfSSL	0:1239e9b70ca2	625	#ifdef HAVE_SUPPORTED_CURVES
wolfSSL	0:1239e9b70ca2	626	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	627
wolfSSL	0:1239e9b70ca2	628	int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name)
wolfSSL	0:1239e9b70ca2	629	{
wolfSSL	0:1239e9b70ca2	630	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	631	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	632
wolfSSL	0:1239e9b70ca2	633	switch (name) {
wolfSSL	0:1239e9b70ca2	634	case CYASSL_ECC_SECP160R1:
wolfSSL	0:1239e9b70ca2	635	case CYASSL_ECC_SECP192R1:
wolfSSL	0:1239e9b70ca2	636	case CYASSL_ECC_SECP224R1:
wolfSSL	0:1239e9b70ca2	637	case CYASSL_ECC_SECP256R1:
wolfSSL	0:1239e9b70ca2	638	case CYASSL_ECC_SECP384R1:
wolfSSL	0:1239e9b70ca2	639	case CYASSL_ECC_SECP521R1:
wolfSSL	0:1239e9b70ca2	640	break;
wolfSSL	0:1239e9b70ca2	641
wolfSSL	0:1239e9b70ca2	642	default:
wolfSSL	0:1239e9b70ca2	643	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	644	}
wolfSSL	0:1239e9b70ca2	645
wolfSSL	0:1239e9b70ca2	646	return TLSX_UseSupportedCurve(&ssl->extensions, name);
wolfSSL	0:1239e9b70ca2	647	}
wolfSSL	0:1239e9b70ca2	648
wolfSSL	0:1239e9b70ca2	649	int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name)
wolfSSL	0:1239e9b70ca2	650	{
wolfSSL	0:1239e9b70ca2	651	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	652	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	653
wolfSSL	0:1239e9b70ca2	654	switch (name) {
wolfSSL	0:1239e9b70ca2	655	case CYASSL_ECC_SECP160R1:
wolfSSL	0:1239e9b70ca2	656	case CYASSL_ECC_SECP192R1:
wolfSSL	0:1239e9b70ca2	657	case CYASSL_ECC_SECP224R1:
wolfSSL	0:1239e9b70ca2	658	case CYASSL_ECC_SECP256R1:
wolfSSL	0:1239e9b70ca2	659	case CYASSL_ECC_SECP384R1:
wolfSSL	0:1239e9b70ca2	660	case CYASSL_ECC_SECP521R1:
wolfSSL	0:1239e9b70ca2	661	break;
wolfSSL	0:1239e9b70ca2	662
wolfSSL	0:1239e9b70ca2	663	default:
wolfSSL	0:1239e9b70ca2	664	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	665	}
wolfSSL	0:1239e9b70ca2	666
wolfSSL	0:1239e9b70ca2	667	return TLSX_UseSupportedCurve(&ctx->extensions, name);
wolfSSL	0:1239e9b70ca2	668	}
wolfSSL	0:1239e9b70ca2	669
wolfSSL	0:1239e9b70ca2	670	#endif /* NO_CYASSL_CLIENT */
wolfSSL	0:1239e9b70ca2	671	#endif /* HAVE_SUPPORTED_CURVES */
wolfSSL	0:1239e9b70ca2	672
wolfSSL	0:1239e9b70ca2	673
wolfSSL	0:1239e9b70ca2	674	#ifndef CYASSL_LEANPSK
wolfSSL	0:1239e9b70ca2	675	int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags)
wolfSSL	0:1239e9b70ca2	676	{
wolfSSL	0:1239e9b70ca2	677	int ret;
wolfSSL	0:1239e9b70ca2	678	int oldFlags;
wolfSSL	0:1239e9b70ca2	679
wolfSSL	0:1239e9b70ca2	680	CYASSL_ENTER("CyaSSL_send()");
wolfSSL	0:1239e9b70ca2	681
wolfSSL	0:1239e9b70ca2	682	if (ssl == NULL \|\| data == NULL \|\| sz < 0)
wolfSSL	0:1239e9b70ca2	683	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	684
wolfSSL	0:1239e9b70ca2	685	oldFlags = ssl->wflags;
wolfSSL	0:1239e9b70ca2	686
wolfSSL	0:1239e9b70ca2	687	ssl->wflags = flags;
wolfSSL	0:1239e9b70ca2	688	ret = CyaSSL_write(ssl, data, sz);
wolfSSL	0:1239e9b70ca2	689	ssl->wflags = oldFlags;
wolfSSL	0:1239e9b70ca2	690
wolfSSL	0:1239e9b70ca2	691	CYASSL_LEAVE("CyaSSL_send()", ret);
wolfSSL	0:1239e9b70ca2	692
wolfSSL	0:1239e9b70ca2	693	return ret;
wolfSSL	0:1239e9b70ca2	694	}
wolfSSL	0:1239e9b70ca2	695
wolfSSL	0:1239e9b70ca2	696
wolfSSL	0:1239e9b70ca2	697	int CyaSSL_recv(CYASSL* ssl, void* data, int sz, int flags)
wolfSSL	0:1239e9b70ca2	698	{
wolfSSL	0:1239e9b70ca2	699	int ret;
wolfSSL	0:1239e9b70ca2	700	int oldFlags;
wolfSSL	0:1239e9b70ca2	701
wolfSSL	0:1239e9b70ca2	702	CYASSL_ENTER("CyaSSL_recv()");
wolfSSL	0:1239e9b70ca2	703
wolfSSL	0:1239e9b70ca2	704	if (ssl == NULL \|\| data == NULL \|\| sz < 0)
wolfSSL	0:1239e9b70ca2	705	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	706
wolfSSL	0:1239e9b70ca2	707	oldFlags = ssl->rflags;
wolfSSL	0:1239e9b70ca2	708
wolfSSL	0:1239e9b70ca2	709	ssl->rflags = flags;
wolfSSL	0:1239e9b70ca2	710	ret = CyaSSL_read(ssl, data, sz);
wolfSSL	0:1239e9b70ca2	711	ssl->rflags = oldFlags;
wolfSSL	0:1239e9b70ca2	712
wolfSSL	0:1239e9b70ca2	713	CYASSL_LEAVE("CyaSSL_recv()", ret);
wolfSSL	0:1239e9b70ca2	714
wolfSSL	0:1239e9b70ca2	715	return ret;
wolfSSL	0:1239e9b70ca2	716	}
wolfSSL	0:1239e9b70ca2	717	#endif
wolfSSL	0:1239e9b70ca2	718
wolfSSL	0:1239e9b70ca2	719
wolfSSL	0:1239e9b70ca2	720	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	721	int CyaSSL_shutdown(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	722	{
wolfSSL	0:1239e9b70ca2	723	CYASSL_ENTER("SSL_shutdown()");
wolfSSL	0:1239e9b70ca2	724
wolfSSL	0:1239e9b70ca2	725	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	726	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	727
wolfSSL	0:1239e9b70ca2	728	if (ssl->options.quietShutdown) {
wolfSSL	0:1239e9b70ca2	729	CYASSL_MSG("quiet shutdown, no close notify sent");
wolfSSL	0:1239e9b70ca2	730	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	731	}
wolfSSL	0:1239e9b70ca2	732
wolfSSL	0:1239e9b70ca2	733	/* try to send close notify, not an error if can't */
wolfSSL	0:1239e9b70ca2	734	if (!ssl->options.isClosed && !ssl->options.connReset &&
wolfSSL	0:1239e9b70ca2	735	!ssl->options.sentNotify) {
wolfSSL	0:1239e9b70ca2	736	ssl->error = SendAlert(ssl, alert_warning, close_notify);
wolfSSL	0:1239e9b70ca2	737	if (ssl->error < 0) {
wolfSSL	0:1239e9b70ca2	738	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	739	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	740	}
wolfSSL	0:1239e9b70ca2	741	ssl->options.sentNotify = 1; /* don't send close_notify twice */
wolfSSL	0:1239e9b70ca2	742	}
wolfSSL	0:1239e9b70ca2	743
wolfSSL	0:1239e9b70ca2	744	CYASSL_LEAVE("SSL_shutdown()", ssl->error);
wolfSSL	0:1239e9b70ca2	745
wolfSSL	0:1239e9b70ca2	746	ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
wolfSSL	0:1239e9b70ca2	747
wolfSSL	0:1239e9b70ca2	748	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	749	}
wolfSSL	0:1239e9b70ca2	750
wolfSSL	0:1239e9b70ca2	751
wolfSSL	0:1239e9b70ca2	752	int CyaSSL_get_error(CYASSL* ssl, int ret)
wolfSSL	0:1239e9b70ca2	753	{
wolfSSL	0:1239e9b70ca2	754	CYASSL_ENTER("SSL_get_error");
wolfSSL	0:1239e9b70ca2	755
wolfSSL	0:1239e9b70ca2	756	if (ret > 0)
wolfSSL	0:1239e9b70ca2	757	return SSL_ERROR_NONE;
wolfSSL	0:1239e9b70ca2	758	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	759	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	760
wolfSSL	0:1239e9b70ca2	761	CYASSL_LEAVE("SSL_get_error", ssl->error);
wolfSSL	0:1239e9b70ca2	762
wolfSSL	0:1239e9b70ca2	763	/* make sure converted types are handled in SetErrorString() too */
wolfSSL	0:1239e9b70ca2	764	if (ssl->error == WANT_READ)
wolfSSL	0:1239e9b70ca2	765	return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */
wolfSSL	0:1239e9b70ca2	766	else if (ssl->error == WANT_WRITE)
wolfSSL	0:1239e9b70ca2	767	return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
wolfSSL	0:1239e9b70ca2	768	else if (ssl->error == ZERO_RETURN)
wolfSSL	0:1239e9b70ca2	769	return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
wolfSSL	0:1239e9b70ca2	770	return ssl->error;
wolfSSL	0:1239e9b70ca2	771	}
wolfSSL	0:1239e9b70ca2	772
wolfSSL	0:1239e9b70ca2	773
wolfSSL	0:1239e9b70ca2	774	/* retrive alert history, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	775	int CyaSSL_get_alert_history(CYASSL* ssl, CYASSL_ALERT_HISTORY *h)
wolfSSL	0:1239e9b70ca2	776	{
wolfSSL	0:1239e9b70ca2	777	if (ssl && h) {
wolfSSL	0:1239e9b70ca2	778	*h = ssl->alert_history;
wolfSSL	0:1239e9b70ca2	779	}
wolfSSL	0:1239e9b70ca2	780	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	781	}
wolfSSL	0:1239e9b70ca2	782
wolfSSL	0:1239e9b70ca2	783
wolfSSL	0:1239e9b70ca2	784	/* return TRUE if current error is want read */
wolfSSL	0:1239e9b70ca2	785	int CyaSSL_want_read(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	786	{
wolfSSL	0:1239e9b70ca2	787	CYASSL_ENTER("SSL_want_read");
wolfSSL	0:1239e9b70ca2	788	if (ssl->error == WANT_READ)
wolfSSL	0:1239e9b70ca2	789	return 1;
wolfSSL	0:1239e9b70ca2	790
wolfSSL	0:1239e9b70ca2	791	return 0;
wolfSSL	0:1239e9b70ca2	792	}
wolfSSL	0:1239e9b70ca2	793
wolfSSL	0:1239e9b70ca2	794
wolfSSL	0:1239e9b70ca2	795	/* return TRUE if current error is want write */
wolfSSL	0:1239e9b70ca2	796	int CyaSSL_want_write(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	797	{
wolfSSL	0:1239e9b70ca2	798	CYASSL_ENTER("SSL_want_write");
wolfSSL	0:1239e9b70ca2	799	if (ssl->error == WANT_WRITE)
wolfSSL	0:1239e9b70ca2	800	return 1;
wolfSSL	0:1239e9b70ca2	801
wolfSSL	0:1239e9b70ca2	802	return 0;
wolfSSL	0:1239e9b70ca2	803	}
wolfSSL	0:1239e9b70ca2	804
wolfSSL	0:1239e9b70ca2	805
wolfSSL	0:1239e9b70ca2	806	char* CyaSSL_ERR_error_string(unsigned long errNumber, char* data)
wolfSSL	0:1239e9b70ca2	807	{
wolfSSL	0:1239e9b70ca2	808	static const char* msg = "Please supply a buffer for error string";
wolfSSL	0:1239e9b70ca2	809
wolfSSL	0:1239e9b70ca2	810	CYASSL_ENTER("ERR_error_string");
wolfSSL	0:1239e9b70ca2	811	if (data) {
wolfSSL	0:1239e9b70ca2	812	SetErrorString((int)errNumber, data);
wolfSSL	0:1239e9b70ca2	813	return data;
wolfSSL	0:1239e9b70ca2	814	}
wolfSSL	0:1239e9b70ca2	815
wolfSSL	0:1239e9b70ca2	816	return (char*)msg;
wolfSSL	0:1239e9b70ca2	817	}
wolfSSL	0:1239e9b70ca2	818
wolfSSL	0:1239e9b70ca2	819
wolfSSL	0:1239e9b70ca2	820	void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
wolfSSL	0:1239e9b70ca2	821	{
wolfSSL	0:1239e9b70ca2	822	CYASSL_ENTER("CyaSSL_ERR_error_string_n");
wolfSSL	0:1239e9b70ca2	823	if (len >= CYASSL_MAX_ERROR_SZ)
wolfSSL	0:1239e9b70ca2	824	CyaSSL_ERR_error_string(e, buf);
wolfSSL	0:1239e9b70ca2	825	else {
wolfSSL	0:1239e9b70ca2	826	char tmp[CYASSL_MAX_ERROR_SZ];
wolfSSL	0:1239e9b70ca2	827
wolfSSL	0:1239e9b70ca2	828	CYASSL_MSG("Error buffer too short, truncating");
wolfSSL	0:1239e9b70ca2	829	if (len) {
wolfSSL	0:1239e9b70ca2	830	CyaSSL_ERR_error_string(e, tmp);
wolfSSL	0:1239e9b70ca2	831	XMEMCPY(buf, tmp, len-1);
wolfSSL	0:1239e9b70ca2	832	buf[len-1] = '\0';
wolfSSL	0:1239e9b70ca2	833	}
wolfSSL	0:1239e9b70ca2	834	}
wolfSSL	0:1239e9b70ca2	835	}
wolfSSL	0:1239e9b70ca2	836
wolfSSL	0:1239e9b70ca2	837
wolfSSL	0:1239e9b70ca2	838	/* don't free temporary arrays at end of handshake */
wolfSSL	0:1239e9b70ca2	839	void CyaSSL_KeepArrays(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	840	{
wolfSSL	0:1239e9b70ca2	841	if (ssl)
wolfSSL	0:1239e9b70ca2	842	ssl->options.saveArrays = 1;
wolfSSL	0:1239e9b70ca2	843	}
wolfSSL	0:1239e9b70ca2	844
wolfSSL	0:1239e9b70ca2	845
wolfSSL	0:1239e9b70ca2	846	/* user doesn't need temporary arrays anymore, Free */
wolfSSL	0:1239e9b70ca2	847	void CyaSSL_FreeArrays(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	848	{
wolfSSL	0:1239e9b70ca2	849	if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL	0:1239e9b70ca2	850	ssl->options.saveArrays = 0;
wolfSSL	0:1239e9b70ca2	851	FreeArrays(ssl, 1);
wolfSSL	0:1239e9b70ca2	852	}
wolfSSL	0:1239e9b70ca2	853	}
wolfSSL	0:1239e9b70ca2	854
wolfSSL	0:1239e9b70ca2	855
wolfSSL	0:1239e9b70ca2	856	const byte* CyaSSL_GetMacSecret(CYASSL* ssl, int verify)
wolfSSL	0:1239e9b70ca2	857	{
wolfSSL	0:1239e9b70ca2	858	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	859	return NULL;
wolfSSL	0:1239e9b70ca2	860
wolfSSL	0:1239e9b70ca2	861	if ( (ssl->options.side == CYASSL_CLIENT_END && !verify) \|\|
wolfSSL	0:1239e9b70ca2	862	(ssl->options.side == CYASSL_SERVER_END && verify) )
wolfSSL	0:1239e9b70ca2	863	return ssl->keys.client_write_MAC_secret;
wolfSSL	0:1239e9b70ca2	864	else
wolfSSL	0:1239e9b70ca2	865	return ssl->keys.server_write_MAC_secret;
wolfSSL	0:1239e9b70ca2	866	}
wolfSSL	0:1239e9b70ca2	867
wolfSSL	0:1239e9b70ca2	868
wolfSSL	0:1239e9b70ca2	869	#ifdef ATOMIC_USER
wolfSSL	0:1239e9b70ca2	870
wolfSSL	0:1239e9b70ca2	871	void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX* ctx, CallbackMacEncrypt cb)
wolfSSL	0:1239e9b70ca2	872	{
wolfSSL	0:1239e9b70ca2	873	if (ctx)
wolfSSL	0:1239e9b70ca2	874	ctx->MacEncryptCb = cb;
wolfSSL	0:1239e9b70ca2	875	}
wolfSSL	0:1239e9b70ca2	876
wolfSSL	0:1239e9b70ca2	877
wolfSSL	0:1239e9b70ca2	878	void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx)
wolfSSL	0:1239e9b70ca2	879	{
wolfSSL	0:1239e9b70ca2	880	if (ssl)
wolfSSL	0:1239e9b70ca2	881	ssl->MacEncryptCtx = ctx;
wolfSSL	0:1239e9b70ca2	882	}
wolfSSL	0:1239e9b70ca2	883
wolfSSL	0:1239e9b70ca2	884
wolfSSL	0:1239e9b70ca2	885	void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	886	{
wolfSSL	0:1239e9b70ca2	887	if (ssl)
wolfSSL	0:1239e9b70ca2	888	return ssl->MacEncryptCtx;
wolfSSL	0:1239e9b70ca2	889
wolfSSL	0:1239e9b70ca2	890	return NULL;
wolfSSL	0:1239e9b70ca2	891	}
wolfSSL	0:1239e9b70ca2	892
wolfSSL	0:1239e9b70ca2	893
wolfSSL	0:1239e9b70ca2	894	void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX* ctx, CallbackDecryptVerify cb)
wolfSSL	0:1239e9b70ca2	895	{
wolfSSL	0:1239e9b70ca2	896	if (ctx)
wolfSSL	0:1239e9b70ca2	897	ctx->DecryptVerifyCb = cb;
wolfSSL	0:1239e9b70ca2	898	}
wolfSSL	0:1239e9b70ca2	899
wolfSSL	0:1239e9b70ca2	900
wolfSSL	0:1239e9b70ca2	901	void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx)
wolfSSL	0:1239e9b70ca2	902	{
wolfSSL	0:1239e9b70ca2	903	if (ssl)
wolfSSL	0:1239e9b70ca2	904	ssl->DecryptVerifyCtx = ctx;
wolfSSL	0:1239e9b70ca2	905	}
wolfSSL	0:1239e9b70ca2	906
wolfSSL	0:1239e9b70ca2	907
wolfSSL	0:1239e9b70ca2	908	void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	909	{
wolfSSL	0:1239e9b70ca2	910	if (ssl)
wolfSSL	0:1239e9b70ca2	911	return ssl->DecryptVerifyCtx;
wolfSSL	0:1239e9b70ca2	912
wolfSSL	0:1239e9b70ca2	913	return NULL;
wolfSSL	0:1239e9b70ca2	914	}
wolfSSL	0:1239e9b70ca2	915
wolfSSL	0:1239e9b70ca2	916
wolfSSL	0:1239e9b70ca2	917	const byte* CyaSSL_GetClientWriteKey(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	918	{
wolfSSL	0:1239e9b70ca2	919	if (ssl)
wolfSSL	0:1239e9b70ca2	920	return ssl->keys.client_write_key;
wolfSSL	0:1239e9b70ca2	921
wolfSSL	0:1239e9b70ca2	922	return NULL;
wolfSSL	0:1239e9b70ca2	923	}
wolfSSL	0:1239e9b70ca2	924
wolfSSL	0:1239e9b70ca2	925
wolfSSL	0:1239e9b70ca2	926	const byte* CyaSSL_GetClientWriteIV(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	927	{
wolfSSL	0:1239e9b70ca2	928	if (ssl)
wolfSSL	0:1239e9b70ca2	929	return ssl->keys.client_write_IV;
wolfSSL	0:1239e9b70ca2	930
wolfSSL	0:1239e9b70ca2	931	return NULL;
wolfSSL	0:1239e9b70ca2	932	}
wolfSSL	0:1239e9b70ca2	933
wolfSSL	0:1239e9b70ca2	934
wolfSSL	0:1239e9b70ca2	935	const byte* CyaSSL_GetServerWriteKey(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	936	{
wolfSSL	0:1239e9b70ca2	937	if (ssl)
wolfSSL	0:1239e9b70ca2	938	return ssl->keys.server_write_key;
wolfSSL	0:1239e9b70ca2	939
wolfSSL	0:1239e9b70ca2	940	return NULL;
wolfSSL	0:1239e9b70ca2	941	}
wolfSSL	0:1239e9b70ca2	942
wolfSSL	0:1239e9b70ca2	943
wolfSSL	0:1239e9b70ca2	944	const byte* CyaSSL_GetServerWriteIV(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	945	{
wolfSSL	0:1239e9b70ca2	946	if (ssl)
wolfSSL	0:1239e9b70ca2	947	return ssl->keys.server_write_IV;
wolfSSL	0:1239e9b70ca2	948
wolfSSL	0:1239e9b70ca2	949	return NULL;
wolfSSL	0:1239e9b70ca2	950	}
wolfSSL	0:1239e9b70ca2	951
wolfSSL	0:1239e9b70ca2	952
wolfSSL	0:1239e9b70ca2	953	int CyaSSL_GetKeySize(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	954	{
wolfSSL	0:1239e9b70ca2	955	if (ssl)
wolfSSL	0:1239e9b70ca2	956	return ssl->specs.key_size;
wolfSSL	0:1239e9b70ca2	957
wolfSSL	0:1239e9b70ca2	958	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	959	}
wolfSSL	0:1239e9b70ca2	960
wolfSSL	0:1239e9b70ca2	961
wolfSSL	0:1239e9b70ca2	962	int CyaSSL_GetIVSize(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	963	{
wolfSSL	0:1239e9b70ca2	964	if (ssl)
wolfSSL	0:1239e9b70ca2	965	return ssl->specs.iv_size;
wolfSSL	0:1239e9b70ca2	966
wolfSSL	0:1239e9b70ca2	967	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	968	}
wolfSSL	0:1239e9b70ca2	969
wolfSSL	0:1239e9b70ca2	970
wolfSSL	0:1239e9b70ca2	971	int CyaSSL_GetBulkCipher(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	972	{
wolfSSL	0:1239e9b70ca2	973	if (ssl)
wolfSSL	0:1239e9b70ca2	974	return ssl->specs.bulk_cipher_algorithm;
wolfSSL	0:1239e9b70ca2	975
wolfSSL	0:1239e9b70ca2	976	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	977	}
wolfSSL	0:1239e9b70ca2	978
wolfSSL	0:1239e9b70ca2	979
wolfSSL	0:1239e9b70ca2	980	int CyaSSL_GetCipherType(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	981	{
wolfSSL	0:1239e9b70ca2	982	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	983	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	984
wolfSSL	0:1239e9b70ca2	985	if (ssl->specs.cipher_type == block)
wolfSSL	0:1239e9b70ca2	986	return CYASSL_BLOCK_TYPE;
wolfSSL	0:1239e9b70ca2	987	if (ssl->specs.cipher_type == stream)
wolfSSL	0:1239e9b70ca2	988	return CYASSL_STREAM_TYPE;
wolfSSL	0:1239e9b70ca2	989	if (ssl->specs.cipher_type == aead)
wolfSSL	0:1239e9b70ca2	990	return CYASSL_AEAD_TYPE;
wolfSSL	0:1239e9b70ca2	991
wolfSSL	0:1239e9b70ca2	992	return -1;
wolfSSL	0:1239e9b70ca2	993	}
wolfSSL	0:1239e9b70ca2	994
wolfSSL	0:1239e9b70ca2	995
wolfSSL	0:1239e9b70ca2	996	int CyaSSL_GetCipherBlockSize(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	997	{
wolfSSL	0:1239e9b70ca2	998	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	999	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1000
wolfSSL	0:1239e9b70ca2	1001	return ssl->specs.block_size;
wolfSSL	0:1239e9b70ca2	1002	}
wolfSSL	0:1239e9b70ca2	1003
wolfSSL	0:1239e9b70ca2	1004
wolfSSL	0:1239e9b70ca2	1005	int CyaSSL_GetAeadMacSize(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1006	{
wolfSSL	0:1239e9b70ca2	1007	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	1008	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1009
wolfSSL	0:1239e9b70ca2	1010	return ssl->specs.aead_mac_size;
wolfSSL	0:1239e9b70ca2	1011	}
wolfSSL	0:1239e9b70ca2	1012
wolfSSL	0:1239e9b70ca2	1013
wolfSSL	0:1239e9b70ca2	1014	int CyaSSL_IsTLSv1_1(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1015	{
wolfSSL	0:1239e9b70ca2	1016	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	1017	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1018
wolfSSL	0:1239e9b70ca2	1019	if (ssl->options.tls1_1)
wolfSSL	0:1239e9b70ca2	1020	return 1;
wolfSSL	0:1239e9b70ca2	1021
wolfSSL	0:1239e9b70ca2	1022	return 0;
wolfSSL	0:1239e9b70ca2	1023	}
wolfSSL	0:1239e9b70ca2	1024
wolfSSL	0:1239e9b70ca2	1025
wolfSSL	0:1239e9b70ca2	1026	int CyaSSL_GetSide(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1027	{
wolfSSL	0:1239e9b70ca2	1028	if (ssl)
wolfSSL	0:1239e9b70ca2	1029	return ssl->options.side;
wolfSSL	0:1239e9b70ca2	1030
wolfSSL	0:1239e9b70ca2	1031	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1032	}
wolfSSL	0:1239e9b70ca2	1033
wolfSSL	0:1239e9b70ca2	1034
wolfSSL	0:1239e9b70ca2	1035	int CyaSSL_GetHmacSize(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1036	{
wolfSSL	0:1239e9b70ca2	1037	/* AEAD ciphers don't have HMAC keys */
wolfSSL	0:1239e9b70ca2	1038	if (ssl)
wolfSSL	0:1239e9b70ca2	1039	return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
wolfSSL	0:1239e9b70ca2	1040
wolfSSL	0:1239e9b70ca2	1041	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1042	}
wolfSSL	0:1239e9b70ca2	1043
wolfSSL	0:1239e9b70ca2	1044	#endif /* ATOMIC_USER */
wolfSSL	0:1239e9b70ca2	1045
wolfSSL	0:1239e9b70ca2	1046	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1047
wolfSSL	0:1239e9b70ca2	1048	CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
wolfSSL	0:1239e9b70ca2	1049	{
wolfSSL	0:1239e9b70ca2	1050	CYASSL_CERT_MANAGER* cm = NULL;
wolfSSL	0:1239e9b70ca2	1051
wolfSSL	0:1239e9b70ca2	1052	CYASSL_ENTER("CyaSSL_CertManagerNew");
wolfSSL	0:1239e9b70ca2	1053
wolfSSL	0:1239e9b70ca2	1054	cm = (CYASSL_CERT_MANAGER*) XMALLOC(sizeof(CYASSL_CERT_MANAGER), 0,
wolfSSL	0:1239e9b70ca2	1055	DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL	0:1239e9b70ca2	1056	if (cm) {
wolfSSL	0:1239e9b70ca2	1057	XMEMSET(cm, 0, sizeof(CYASSL_CERT_MANAGER));
wolfSSL	0:1239e9b70ca2	1058
wolfSSL	0:1239e9b70ca2	1059	if (InitMutex(&cm->caLock) != 0) {
wolfSSL	0:1239e9b70ca2	1060	CYASSL_MSG("Bad mutex init");
wolfSSL	0:1239e9b70ca2	1061	CyaSSL_CertManagerFree(cm);
wolfSSL	0:1239e9b70ca2	1062	return NULL;
wolfSSL	0:1239e9b70ca2	1063	}
wolfSSL	0:1239e9b70ca2	1064	}
wolfSSL	0:1239e9b70ca2	1065
wolfSSL	0:1239e9b70ca2	1066	return cm;
wolfSSL	0:1239e9b70ca2	1067	}
wolfSSL	0:1239e9b70ca2	1068
wolfSSL	0:1239e9b70ca2	1069
wolfSSL	0:1239e9b70ca2	1070	void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
wolfSSL	0:1239e9b70ca2	1071	{
wolfSSL	0:1239e9b70ca2	1072	CYASSL_ENTER("CyaSSL_CertManagerFree");
wolfSSL	0:1239e9b70ca2	1073
wolfSSL	0:1239e9b70ca2	1074	if (cm) {
wolfSSL	0:1239e9b70ca2	1075	#ifdef HAVE_CRL
wolfSSL	0:1239e9b70ca2	1076	if (cm->crl)
wolfSSL	0:1239e9b70ca2	1077	FreeCRL(cm->crl, 1);
wolfSSL	0:1239e9b70ca2	1078	#endif
wolfSSL	0:1239e9b70ca2	1079	#ifdef HAVE_OCSP
wolfSSL	0:1239e9b70ca2	1080	if (cm->ocsp)
wolfSSL	0:1239e9b70ca2	1081	FreeOCSP(cm->ocsp, 1);
wolfSSL	0:1239e9b70ca2	1082	#endif
wolfSSL	0:1239e9b70ca2	1083	FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL	0:1239e9b70ca2	1084	FreeMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	1085	XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL	0:1239e9b70ca2	1086	}
wolfSSL	0:1239e9b70ca2	1087
wolfSSL	0:1239e9b70ca2	1088	}
wolfSSL	0:1239e9b70ca2	1089
wolfSSL	0:1239e9b70ca2	1090
wolfSSL	0:1239e9b70ca2	1091	/* Unload the CA signer list */
wolfSSL	0:1239e9b70ca2	1092	int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
wolfSSL	0:1239e9b70ca2	1093	{
wolfSSL	0:1239e9b70ca2	1094	CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs");
wolfSSL	0:1239e9b70ca2	1095
wolfSSL	0:1239e9b70ca2	1096	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	1097	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1098
wolfSSL	0:1239e9b70ca2	1099	if (LockMutex(&cm->caLock) != 0)
wolfSSL	0:1239e9b70ca2	1100	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	1101
wolfSSL	0:1239e9b70ca2	1102	FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL	0:1239e9b70ca2	1103
wolfSSL	0:1239e9b70ca2	1104	UnLockMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	1105
wolfSSL	0:1239e9b70ca2	1106
wolfSSL	0:1239e9b70ca2	1107	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1108	}
wolfSSL	0:1239e9b70ca2	1109
wolfSSL	0:1239e9b70ca2	1110
wolfSSL	0:1239e9b70ca2	1111	/* Return bytes written to buff or < 0 for error */
wolfSSL	0:1239e9b70ca2	1112	int CyaSSL_CertPemToDer(const unsigned char* pem, int pemSz,
wolfSSL	0:1239e9b70ca2	1113	unsigned char* buff, int buffSz,
wolfSSL	0:1239e9b70ca2	1114	int type)
wolfSSL	0:1239e9b70ca2	1115	{
wolfSSL	0:1239e9b70ca2	1116	EncryptedInfo info;
wolfSSL	0:1239e9b70ca2	1117	int eccKey = 0;
wolfSSL	0:1239e9b70ca2	1118	int ret;
wolfSSL	0:1239e9b70ca2	1119	buffer der;
wolfSSL	0:1239e9b70ca2	1120
wolfSSL	0:1239e9b70ca2	1121	CYASSL_ENTER("CyaSSL_CertPemToDer");
wolfSSL	0:1239e9b70ca2	1122
wolfSSL	0:1239e9b70ca2	1123	if (pem == NULL \|\| buff == NULL \|\| buffSz <= 0) {
wolfSSL	0:1239e9b70ca2	1124	CYASSL_MSG("Bad pem der args");
wolfSSL	0:1239e9b70ca2	1125	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1126	}
wolfSSL	0:1239e9b70ca2	1127
wolfSSL	0:1239e9b70ca2	1128	if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
wolfSSL	0:1239e9b70ca2	1129	CYASSL_MSG("Bad cert type");
wolfSSL	0:1239e9b70ca2	1130	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1131	}
wolfSSL	0:1239e9b70ca2	1132
wolfSSL	0:1239e9b70ca2	1133	info.set = 0;
wolfSSL	0:1239e9b70ca2	1134	info.ctx = NULL;
wolfSSL	0:1239e9b70ca2	1135	info.consumed = 0;
wolfSSL	0:1239e9b70ca2	1136	der.buffer = NULL;
wolfSSL	0:1239e9b70ca2	1137
wolfSSL	0:1239e9b70ca2	1138	ret = PemToDer(pem, pemSz, type, &der, NULL, &info, &eccKey);
wolfSSL	0:1239e9b70ca2	1139	if (ret < 0) {
wolfSSL	0:1239e9b70ca2	1140	CYASSL_MSG("Bad Pem To Der");
wolfSSL	0:1239e9b70ca2	1141	}
wolfSSL	0:1239e9b70ca2	1142	else {
wolfSSL	0:1239e9b70ca2	1143	if (der.length <= (word32)buffSz) {
wolfSSL	0:1239e9b70ca2	1144	XMEMCPY(buff, der.buffer, der.length);
wolfSSL	0:1239e9b70ca2	1145	ret = der.length;
wolfSSL	0:1239e9b70ca2	1146	}
wolfSSL	0:1239e9b70ca2	1147	else {
wolfSSL	0:1239e9b70ca2	1148	CYASSL_MSG("Bad der length");
wolfSSL	0:1239e9b70ca2	1149	ret = BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1150	}
wolfSSL	0:1239e9b70ca2	1151	}
wolfSSL	0:1239e9b70ca2	1152
wolfSSL	0:1239e9b70ca2	1153	XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
wolfSSL	0:1239e9b70ca2	1154
wolfSSL	0:1239e9b70ca2	1155	return ret;
wolfSSL	0:1239e9b70ca2	1156	}
wolfSSL	0:1239e9b70ca2	1157
wolfSSL	0:1239e9b70ca2	1158
wolfSSL	0:1239e9b70ca2	1159	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	0:1239e9b70ca2	1160
wolfSSL	0:1239e9b70ca2	1161	/* our KeyPemToDer password callback, password in userData */
wolfSSL	0:1239e9b70ca2	1162	static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
wolfSSL	0:1239e9b70ca2	1163	{
wolfSSL	0:1239e9b70ca2	1164	(void)rw;
wolfSSL	0:1239e9b70ca2	1165
wolfSSL	0:1239e9b70ca2	1166	if (userdata == NULL)
wolfSSL	0:1239e9b70ca2	1167	return 0;
wolfSSL	0:1239e9b70ca2	1168
wolfSSL	0:1239e9b70ca2	1169	XSTRNCPY(passwd, (char*)userdata, sz);
wolfSSL	0:1239e9b70ca2	1170	return min((word32)sz, (word32)XSTRLEN((char*)userdata));
wolfSSL	0:1239e9b70ca2	1171	}
wolfSSL	0:1239e9b70ca2	1172
wolfSSL	0:1239e9b70ca2	1173	#endif /* OPENSSL_EXTRA \|\| HAVE_WEBSERVER */
wolfSSL	0:1239e9b70ca2	1174
wolfSSL	0:1239e9b70ca2	1175
wolfSSL	0:1239e9b70ca2	1176	/* Return bytes written to buff or < 0 for error */
wolfSSL	0:1239e9b70ca2	1177	int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
wolfSSL	0:1239e9b70ca2	1178	int buffSz, const char* pass)
wolfSSL	0:1239e9b70ca2	1179	{
wolfSSL	0:1239e9b70ca2	1180	EncryptedInfo info;
wolfSSL	0:1239e9b70ca2	1181	int eccKey = 0;
wolfSSL	0:1239e9b70ca2	1182	int ret;
wolfSSL	0:1239e9b70ca2	1183	buffer der;
wolfSSL	0:1239e9b70ca2	1184
wolfSSL	0:1239e9b70ca2	1185	(void)pass;
wolfSSL	0:1239e9b70ca2	1186
wolfSSL	0:1239e9b70ca2	1187	CYASSL_ENTER("CyaSSL_KeyPemToDer");
wolfSSL	0:1239e9b70ca2	1188
wolfSSL	0:1239e9b70ca2	1189	if (pem == NULL \|\| buff == NULL \|\| buffSz <= 0) {
wolfSSL	0:1239e9b70ca2	1190	CYASSL_MSG("Bad pem der args");
wolfSSL	0:1239e9b70ca2	1191	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1192	}
wolfSSL	0:1239e9b70ca2	1193
wolfSSL	0:1239e9b70ca2	1194	info.set = 0;
wolfSSL	0:1239e9b70ca2	1195	info.ctx = NULL;
wolfSSL	0:1239e9b70ca2	1196	info.consumed = 0;
wolfSSL	0:1239e9b70ca2	1197	der.buffer = NULL;
wolfSSL	0:1239e9b70ca2	1198
wolfSSL	0:1239e9b70ca2	1199	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	0:1239e9b70ca2	1200	if (pass) {
wolfSSL	0:1239e9b70ca2	1201	info.ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
wolfSSL	0:1239e9b70ca2	1202	if (info.ctx == NULL)
wolfSSL	0:1239e9b70ca2	1203	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1204	CyaSSL_CTX_set_default_passwd_cb(info.ctx, OurPasswordCb);
wolfSSL	0:1239e9b70ca2	1205	CyaSSL_CTX_set_default_passwd_cb_userdata(info.ctx, (void*)pass);
wolfSSL	0:1239e9b70ca2	1206	}
wolfSSL	0:1239e9b70ca2	1207	#endif
wolfSSL	0:1239e9b70ca2	1208
wolfSSL	0:1239e9b70ca2	1209	ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, &info, &eccKey);
wolfSSL	0:1239e9b70ca2	1210	if (ret < 0) {
wolfSSL	0:1239e9b70ca2	1211	CYASSL_MSG("Bad Pem To Der");
wolfSSL	0:1239e9b70ca2	1212	}
wolfSSL	0:1239e9b70ca2	1213	else {
wolfSSL	0:1239e9b70ca2	1214	if (der.length <= (word32)buffSz) {
wolfSSL	0:1239e9b70ca2	1215	XMEMCPY(buff, der.buffer, der.length);
wolfSSL	0:1239e9b70ca2	1216	ret = der.length;
wolfSSL	0:1239e9b70ca2	1217	}
wolfSSL	0:1239e9b70ca2	1218	else {
wolfSSL	0:1239e9b70ca2	1219	CYASSL_MSG("Bad der length");
wolfSSL	0:1239e9b70ca2	1220	ret = BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1221	}
wolfSSL	0:1239e9b70ca2	1222	}
wolfSSL	0:1239e9b70ca2	1223
wolfSSL	0:1239e9b70ca2	1224	XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
wolfSSL	0:1239e9b70ca2	1225
wolfSSL	0:1239e9b70ca2	1226	if (info.ctx)
wolfSSL	0:1239e9b70ca2	1227	CyaSSL_CTX_free(info.ctx);
wolfSSL	0:1239e9b70ca2	1228
wolfSSL	0:1239e9b70ca2	1229	return ret;
wolfSSL	0:1239e9b70ca2	1230	}
wolfSSL	0:1239e9b70ca2	1231
wolfSSL	0:1239e9b70ca2	1232
wolfSSL	0:1239e9b70ca2	1233	#endif /* !NO_CERTS */
wolfSSL	0:1239e9b70ca2	1234
wolfSSL	0:1239e9b70ca2	1235
wolfSSL	0:1239e9b70ca2	1236
wolfSSL	0:1239e9b70ca2	1237	#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
wolfSSL	0:1239e9b70ca2	1238
wolfSSL	0:1239e9b70ca2	1239	void CyaSSL_ERR_print_errors_fp(FILE* fp, int err)
wolfSSL	0:1239e9b70ca2	1240	{
wolfSSL	0:1239e9b70ca2	1241	char data[CYASSL_MAX_ERROR_SZ + 1];
wolfSSL	0:1239e9b70ca2	1242
wolfSSL	0:1239e9b70ca2	1243	CYASSL_ENTER("CyaSSL_ERR_print_errors_fp");
wolfSSL	0:1239e9b70ca2	1244	SetErrorString(err, data);
wolfSSL	0:1239e9b70ca2	1245	fprintf(fp, "%s", data);
wolfSSL	0:1239e9b70ca2	1246	}
wolfSSL	0:1239e9b70ca2	1247
wolfSSL	0:1239e9b70ca2	1248	#endif
wolfSSL	0:1239e9b70ca2	1249
wolfSSL	0:1239e9b70ca2	1250
wolfSSL	0:1239e9b70ca2	1251	int CyaSSL_pending(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1252	{
wolfSSL	0:1239e9b70ca2	1253	CYASSL_ENTER("SSL_pending");
wolfSSL	0:1239e9b70ca2	1254	return ssl->buffers.clearOutputBuffer.length;
wolfSSL	0:1239e9b70ca2	1255	}
wolfSSL	0:1239e9b70ca2	1256
wolfSSL	0:1239e9b70ca2	1257
wolfSSL	0:1239e9b70ca2	1258	#ifndef CYASSL_LEANPSK
wolfSSL	0:1239e9b70ca2	1259	/* trun on handshake group messages for context */
wolfSSL	0:1239e9b70ca2	1260	int CyaSSL_CTX_set_group_messages(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	1261	{
wolfSSL	0:1239e9b70ca2	1262	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	1263	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1264
wolfSSL	0:1239e9b70ca2	1265	ctx->groupMessages = 1;
wolfSSL	0:1239e9b70ca2	1266
wolfSSL	0:1239e9b70ca2	1267	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1268	}
wolfSSL	0:1239e9b70ca2	1269	#endif
wolfSSL	0:1239e9b70ca2	1270
wolfSSL	0:1239e9b70ca2	1271
wolfSSL	0:1239e9b70ca2	1272	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	1273	/* connect enough to get peer cert chain */
wolfSSL	0:1239e9b70ca2	1274	int CyaSSL_connect_cert(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1275	{
wolfSSL	0:1239e9b70ca2	1276	int ret;
wolfSSL	0:1239e9b70ca2	1277
wolfSSL	0:1239e9b70ca2	1278	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	1279	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	1280
wolfSSL	0:1239e9b70ca2	1281	ssl->options.certOnly = 1;
wolfSSL	0:1239e9b70ca2	1282	ret = CyaSSL_connect(ssl);
wolfSSL	0:1239e9b70ca2	1283	ssl->options.certOnly = 0;
wolfSSL	0:1239e9b70ca2	1284
wolfSSL	0:1239e9b70ca2	1285	return ret;
wolfSSL	0:1239e9b70ca2	1286	}
wolfSSL	0:1239e9b70ca2	1287	#endif
wolfSSL	0:1239e9b70ca2	1288
wolfSSL	0:1239e9b70ca2	1289
wolfSSL	0:1239e9b70ca2	1290	#ifndef CYASSL_LEANPSK
wolfSSL	0:1239e9b70ca2	1291	/* trun on handshake group messages for ssl object */
wolfSSL	0:1239e9b70ca2	1292	int CyaSSL_set_group_messages(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	1293	{
wolfSSL	0:1239e9b70ca2	1294	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	1295	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1296
wolfSSL	0:1239e9b70ca2	1297	ssl->options.groupMessages = 1;
wolfSSL	0:1239e9b70ca2	1298
wolfSSL	0:1239e9b70ca2	1299	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1300	}
wolfSSL	0:1239e9b70ca2	1301
wolfSSL	0:1239e9b70ca2	1302
wolfSSL	0:1239e9b70ca2	1303	int CyaSSL_SetVersion(CYASSL* ssl, int version)
wolfSSL	0:1239e9b70ca2	1304	{
wolfSSL	0:1239e9b70ca2	1305	byte haveRSA = 1;
wolfSSL	0:1239e9b70ca2	1306	byte havePSK = 0;
wolfSSL	0:1239e9b70ca2	1307
wolfSSL	0:1239e9b70ca2	1308	CYASSL_ENTER("CyaSSL_SetVersion");
wolfSSL	0:1239e9b70ca2	1309
wolfSSL	0:1239e9b70ca2	1310	if (ssl == NULL) {
wolfSSL	0:1239e9b70ca2	1311	CYASSL_MSG("Bad function argument");
wolfSSL	0:1239e9b70ca2	1312	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1313	}
wolfSSL	0:1239e9b70ca2	1314
wolfSSL	0:1239e9b70ca2	1315	switch (version) {
wolfSSL	0:1239e9b70ca2	1316	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1317	case CYASSL_SSLV3:
wolfSSL	0:1239e9b70ca2	1318	ssl->version = MakeSSLv3();
wolfSSL	0:1239e9b70ca2	1319	break;
wolfSSL	0:1239e9b70ca2	1320	#endif
wolfSSL	0:1239e9b70ca2	1321
wolfSSL	0:1239e9b70ca2	1322	#ifndef NO_TLS
wolfSSL	0:1239e9b70ca2	1323	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	1324	case CYASSL_TLSV1:
wolfSSL	0:1239e9b70ca2	1325	ssl->version = MakeTLSv1();
wolfSSL	0:1239e9b70ca2	1326	break;
wolfSSL	0:1239e9b70ca2	1327
wolfSSL	0:1239e9b70ca2	1328	case CYASSL_TLSV1_1:
wolfSSL	0:1239e9b70ca2	1329	ssl->version = MakeTLSv1_1();
wolfSSL	0:1239e9b70ca2	1330	break;
wolfSSL	0:1239e9b70ca2	1331	#endif
wolfSSL	0:1239e9b70ca2	1332	case CYASSL_TLSV1_2:
wolfSSL	0:1239e9b70ca2	1333	ssl->version = MakeTLSv1_2();
wolfSSL	0:1239e9b70ca2	1334	break;
wolfSSL	0:1239e9b70ca2	1335	#endif
wolfSSL	0:1239e9b70ca2	1336
wolfSSL	0:1239e9b70ca2	1337	default:
wolfSSL	0:1239e9b70ca2	1338	CYASSL_MSG("Bad function argument");
wolfSSL	0:1239e9b70ca2	1339	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1340	}
wolfSSL	0:1239e9b70ca2	1341
wolfSSL	0:1239e9b70ca2	1342	#ifdef NO_RSA
wolfSSL	0:1239e9b70ca2	1343	haveRSA = 0;
wolfSSL	0:1239e9b70ca2	1344	#endif
wolfSSL	0:1239e9b70ca2	1345	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	1346	havePSK = ssl->options.havePSK;
wolfSSL	0:1239e9b70ca2	1347	#endif
wolfSSL	0:1239e9b70ca2	1348
wolfSSL	0:1239e9b70ca2	1349	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL	0:1239e9b70ca2	1350	ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL	0:1239e9b70ca2	1351	ssl->options.haveStaticECC, ssl->options.side);
wolfSSL	0:1239e9b70ca2	1352
wolfSSL	0:1239e9b70ca2	1353	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1354	}
wolfSSL	0:1239e9b70ca2	1355	#endif /* !leanpsk */
wolfSSL	0:1239e9b70ca2	1356
wolfSSL	0:1239e9b70ca2	1357
wolfSSL	0:1239e9b70ca2	1358	#if !defined(NO_CERTS) \|\| !defined(NO_SESSION_CACHE)
wolfSSL	0:1239e9b70ca2	1359
wolfSSL	0:1239e9b70ca2	1360	/* Make a work from the front of random hash */
wolfSSL	0:1239e9b70ca2	1361	static INLINE word32 MakeWordFromHash(const byte* hashID)
wolfSSL	0:1239e9b70ca2	1362	{
wolfSSL	0:1239e9b70ca2	1363	return (hashID[0] << 24) \| (hashID[1] << 16) \| (hashID[2] << 8) \|
wolfSSL	0:1239e9b70ca2	1364	hashID[3];
wolfSSL	0:1239e9b70ca2	1365	}
wolfSSL	0:1239e9b70ca2	1366
wolfSSL	0:1239e9b70ca2	1367	#endif /* !NO_CERTS \|\| !NO_SESSION_CACHE */
wolfSSL	0:1239e9b70ca2	1368
wolfSSL	0:1239e9b70ca2	1369
wolfSSL	0:1239e9b70ca2	1370	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1371
wolfSSL	0:1239e9b70ca2	1372	/* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL	0:1239e9b70ca2	1373	static INLINE word32 HashSigner(const byte* hash)
wolfSSL	0:1239e9b70ca2	1374	{
wolfSSL	0:1239e9b70ca2	1375	return MakeWordFromHash(hash) % CA_TABLE_SIZE;
wolfSSL	0:1239e9b70ca2	1376	}
wolfSSL	0:1239e9b70ca2	1377
wolfSSL	0:1239e9b70ca2	1378
wolfSSL	0:1239e9b70ca2	1379	/* does CA already exist on signer list */
wolfSSL	0:1239e9b70ca2	1380	int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
wolfSSL	0:1239e9b70ca2	1381	{
wolfSSL	0:1239e9b70ca2	1382	Signer* signers;
wolfSSL	0:1239e9b70ca2	1383	int ret = 0;
wolfSSL	0:1239e9b70ca2	1384	word32 row = HashSigner(hash);
wolfSSL	0:1239e9b70ca2	1385
wolfSSL	0:1239e9b70ca2	1386	if (LockMutex(&cm->caLock) != 0)
wolfSSL	0:1239e9b70ca2	1387	return ret;
wolfSSL	0:1239e9b70ca2	1388	signers = cm->caTable[row];
wolfSSL	0:1239e9b70ca2	1389	while (signers) {
wolfSSL	0:1239e9b70ca2	1390	byte* subjectHash;
wolfSSL	0:1239e9b70ca2	1391	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	1392	subjectHash = signers->subjectKeyIdHash;
wolfSSL	0:1239e9b70ca2	1393	#else
wolfSSL	0:1239e9b70ca2	1394	subjectHash = signers->subjectNameHash;
wolfSSL	0:1239e9b70ca2	1395	#endif
wolfSSL	0:1239e9b70ca2	1396	if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL	0:1239e9b70ca2	1397	ret = 1;
wolfSSL	0:1239e9b70ca2	1398	break;
wolfSSL	0:1239e9b70ca2	1399	}
wolfSSL	0:1239e9b70ca2	1400	signers = signers->next;
wolfSSL	0:1239e9b70ca2	1401	}
wolfSSL	0:1239e9b70ca2	1402	UnLockMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	1403
wolfSSL	0:1239e9b70ca2	1404	return ret;
wolfSSL	0:1239e9b70ca2	1405	}
wolfSSL	0:1239e9b70ca2	1406
wolfSSL	0:1239e9b70ca2	1407
wolfSSL	0:1239e9b70ca2	1408	/* return CA if found, otherwise NULL */
wolfSSL	0:1239e9b70ca2	1409	Signer* GetCA(void* vp, byte* hash)
wolfSSL	0:1239e9b70ca2	1410	{
wolfSSL	0:1239e9b70ca2	1411	CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
wolfSSL	0:1239e9b70ca2	1412	Signer* ret = NULL;
wolfSSL	0:1239e9b70ca2	1413	Signer* signers;
wolfSSL	0:1239e9b70ca2	1414	word32 row = HashSigner(hash);
wolfSSL	0:1239e9b70ca2	1415
wolfSSL	0:1239e9b70ca2	1416	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	1417	return NULL;
wolfSSL	0:1239e9b70ca2	1418
wolfSSL	0:1239e9b70ca2	1419	if (LockMutex(&cm->caLock) != 0)
wolfSSL	0:1239e9b70ca2	1420	return ret;
wolfSSL	0:1239e9b70ca2	1421
wolfSSL	0:1239e9b70ca2	1422	signers = cm->caTable[row];
wolfSSL	0:1239e9b70ca2	1423	while (signers) {
wolfSSL	0:1239e9b70ca2	1424	byte* subjectHash;
wolfSSL	0:1239e9b70ca2	1425	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	1426	subjectHash = signers->subjectKeyIdHash;
wolfSSL	0:1239e9b70ca2	1427	#else
wolfSSL	0:1239e9b70ca2	1428	subjectHash = signers->subjectNameHash;
wolfSSL	0:1239e9b70ca2	1429	#endif
wolfSSL	0:1239e9b70ca2	1430	if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL	0:1239e9b70ca2	1431	ret = signers;
wolfSSL	0:1239e9b70ca2	1432	break;
wolfSSL	0:1239e9b70ca2	1433	}
wolfSSL	0:1239e9b70ca2	1434	signers = signers->next;
wolfSSL	0:1239e9b70ca2	1435	}
wolfSSL	0:1239e9b70ca2	1436	UnLockMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	1437
wolfSSL	0:1239e9b70ca2	1438	return ret;
wolfSSL	0:1239e9b70ca2	1439	}
wolfSSL	0:1239e9b70ca2	1440
wolfSSL	0:1239e9b70ca2	1441
wolfSSL	0:1239e9b70ca2	1442	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	1443	/* return CA if found, otherwise NULL. Walk through hash table. */
wolfSSL	0:1239e9b70ca2	1444	Signer* GetCAByName(void* vp, byte* hash)
wolfSSL	0:1239e9b70ca2	1445	{
wolfSSL	0:1239e9b70ca2	1446	CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
wolfSSL	0:1239e9b70ca2	1447	Signer* ret = NULL;
wolfSSL	0:1239e9b70ca2	1448	Signer* signers;
wolfSSL	0:1239e9b70ca2	1449	word32 row;
wolfSSL	0:1239e9b70ca2	1450
wolfSSL	0:1239e9b70ca2	1451	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	1452	return NULL;
wolfSSL	0:1239e9b70ca2	1453
wolfSSL	0:1239e9b70ca2	1454	if (LockMutex(&cm->caLock) != 0)
wolfSSL	0:1239e9b70ca2	1455	return ret;
wolfSSL	0:1239e9b70ca2	1456
wolfSSL	0:1239e9b70ca2	1457	for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
wolfSSL	0:1239e9b70ca2	1458	signers = cm->caTable[row];
wolfSSL	0:1239e9b70ca2	1459	while (signers && ret == NULL) {
wolfSSL	0:1239e9b70ca2	1460	if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) {
wolfSSL	0:1239e9b70ca2	1461	ret = signers;
wolfSSL	0:1239e9b70ca2	1462	}
wolfSSL	0:1239e9b70ca2	1463	signers = signers->next;
wolfSSL	0:1239e9b70ca2	1464	}
wolfSSL	0:1239e9b70ca2	1465	}
wolfSSL	0:1239e9b70ca2	1466	UnLockMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	1467
wolfSSL	0:1239e9b70ca2	1468	return ret;
wolfSSL	0:1239e9b70ca2	1469	}
wolfSSL	0:1239e9b70ca2	1470	#endif
wolfSSL	0:1239e9b70ca2	1471
wolfSSL	0:1239e9b70ca2	1472
wolfSSL	0:1239e9b70ca2	1473	/* owns der, internal now uses too */
wolfSSL	0:1239e9b70ca2	1474	/* type flag ids from user or from chain received during verify
wolfSSL	0:1239e9b70ca2	1475	don't allow chain ones to be added w/o isCA extension */
wolfSSL	0:1239e9b70ca2	1476	int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
wolfSSL	0:1239e9b70ca2	1477	{
wolfSSL	0:1239e9b70ca2	1478	int ret;
wolfSSL	0:1239e9b70ca2	1479	DecodedCert cert;
wolfSSL	0:1239e9b70ca2	1480	Signer* signer = 0;
wolfSSL	0:1239e9b70ca2	1481	word32 row;
wolfSSL	0:1239e9b70ca2	1482	byte* subjectHash;
wolfSSL	0:1239e9b70ca2	1483
wolfSSL	0:1239e9b70ca2	1484	CYASSL_MSG("Adding a CA");
wolfSSL	0:1239e9b70ca2	1485	InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
wolfSSL	0:1239e9b70ca2	1486	ret = ParseCert(&cert, CA_TYPE, verify, cm);
wolfSSL	0:1239e9b70ca2	1487	CYASSL_MSG(" Parsed new CA");
wolfSSL	0:1239e9b70ca2	1488
wolfSSL	0:1239e9b70ca2	1489	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	1490	subjectHash = cert.extSubjKeyId;
wolfSSL	0:1239e9b70ca2	1491	#else
wolfSSL	0:1239e9b70ca2	1492	subjectHash = cert.subjectHash;
wolfSSL	0:1239e9b70ca2	1493	#endif
wolfSSL	0:1239e9b70ca2	1494
wolfSSL	0:1239e9b70ca2	1495	if (ret == 0 && cert.isCA == 0 && type != CYASSL_USER_CA) {
wolfSSL	0:1239e9b70ca2	1496	CYASSL_MSG(" Can't add as CA if not actually one");
wolfSSL	0:1239e9b70ca2	1497	ret = NOT_CA_ERROR;
wolfSSL	0:1239e9b70ca2	1498	}
wolfSSL	0:1239e9b70ca2	1499	#ifndef ALLOW_INVALID_CERTSIGN
wolfSSL	0:1239e9b70ca2	1500	else if (ret == 0 && cert.isCA == 1 && type != CYASSL_USER_CA &&
wolfSSL	0:1239e9b70ca2	1501	(cert.extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
wolfSSL	0:1239e9b70ca2	1502	/* Intermediate CA certs are required to have the keyCertSign
wolfSSL	0:1239e9b70ca2	1503	* extension set. User loaded root certs are not. */
wolfSSL	0:1239e9b70ca2	1504	CYASSL_MSG(" Doesn't have key usage certificate signing");
wolfSSL	0:1239e9b70ca2	1505	ret = NOT_CA_ERROR;
wolfSSL	0:1239e9b70ca2	1506	}
wolfSSL	0:1239e9b70ca2	1507	#endif
wolfSSL	0:1239e9b70ca2	1508	else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
wolfSSL	0:1239e9b70ca2	1509	CYASSL_MSG(" Already have this CA, not adding again");
wolfSSL	0:1239e9b70ca2	1510	(void)ret;
wolfSSL	0:1239e9b70ca2	1511	}
wolfSSL	0:1239e9b70ca2	1512	else if (ret == 0) {
wolfSSL	0:1239e9b70ca2	1513	/* take over signer parts */
wolfSSL	0:1239e9b70ca2	1514	signer = MakeSigner(cm->heap);
wolfSSL	0:1239e9b70ca2	1515	if (!signer)
wolfSSL	0:1239e9b70ca2	1516	ret = MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	1517	else {
wolfSSL	0:1239e9b70ca2	1518	signer->keyOID = cert.keyOID;
wolfSSL	0:1239e9b70ca2	1519	signer->publicKey = cert.publicKey;
wolfSSL	0:1239e9b70ca2	1520	signer->pubKeySize = cert.pubKeySize;
wolfSSL	0:1239e9b70ca2	1521	signer->nameLen = cert.subjectCNLen;
wolfSSL	0:1239e9b70ca2	1522	signer->name = cert.subjectCN;
wolfSSL	0:1239e9b70ca2	1523	#ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL	0:1239e9b70ca2	1524	signer->permittedNames = cert.permittedNames;
wolfSSL	0:1239e9b70ca2	1525	signer->excludedNames = cert.excludedNames;
wolfSSL	0:1239e9b70ca2	1526	#endif
wolfSSL	0:1239e9b70ca2	1527	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	1528	XMEMCPY(signer->subjectKeyIdHash,
wolfSSL	0:1239e9b70ca2	1529	cert.extSubjKeyId, SHA_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	1530	#endif
wolfSSL	0:1239e9b70ca2	1531	XMEMCPY(signer->subjectNameHash, cert.subjectHash, SHA_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	1532	signer->keyUsage = cert.extKeyUsageSet ? cert.extKeyUsage : 0xFFFF;
wolfSSL	0:1239e9b70ca2	1533	/* If Key Usage not set, all uses valid. */
wolfSSL	0:1239e9b70ca2	1534	signer->next = NULL; /* in case lock fails */
wolfSSL	0:1239e9b70ca2	1535
wolfSSL	0:1239e9b70ca2	1536	cert.publicKey = 0; /* don't free here */
wolfSSL	0:1239e9b70ca2	1537	cert.subjectCN = 0;
wolfSSL	0:1239e9b70ca2	1538	#ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL	0:1239e9b70ca2	1539	cert.permittedNames = NULL;
wolfSSL	0:1239e9b70ca2	1540	cert.excludedNames = NULL;
wolfSSL	0:1239e9b70ca2	1541	#endif
wolfSSL	0:1239e9b70ca2	1542
wolfSSL	0:1239e9b70ca2	1543	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	1544	row = HashSigner(signer->subjectKeyIdHash);
wolfSSL	0:1239e9b70ca2	1545	#else
wolfSSL	0:1239e9b70ca2	1546	row = HashSigner(signer->subjectNameHash);
wolfSSL	0:1239e9b70ca2	1547	#endif
wolfSSL	0:1239e9b70ca2	1548
wolfSSL	0:1239e9b70ca2	1549	if (LockMutex(&cm->caLock) == 0) {
wolfSSL	0:1239e9b70ca2	1550	signer->next = cm->caTable[row];
wolfSSL	0:1239e9b70ca2	1551	cm->caTable[row] = signer; /* takes ownership */
wolfSSL	0:1239e9b70ca2	1552	UnLockMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	1553	if (cm->caCacheCallback)
wolfSSL	0:1239e9b70ca2	1554	cm->caCacheCallback(der.buffer, (int)der.length, type);
wolfSSL	0:1239e9b70ca2	1555	}
wolfSSL	0:1239e9b70ca2	1556	else {
wolfSSL	0:1239e9b70ca2	1557	CYASSL_MSG(" CA Mutex Lock failed");
wolfSSL	0:1239e9b70ca2	1558	ret = BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	1559	FreeSigner(signer, cm->heap);
wolfSSL	0:1239e9b70ca2	1560	}
wolfSSL	0:1239e9b70ca2	1561	}
wolfSSL	0:1239e9b70ca2	1562	}
wolfSSL	0:1239e9b70ca2	1563
wolfSSL	0:1239e9b70ca2	1564	CYASSL_MSG(" Freeing Parsed CA");
wolfSSL	0:1239e9b70ca2	1565	FreeDecodedCert(&cert);
wolfSSL	0:1239e9b70ca2	1566	CYASSL_MSG(" Freeing der CA");
wolfSSL	0:1239e9b70ca2	1567	XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA);
wolfSSL	0:1239e9b70ca2	1568	CYASSL_MSG(" OK Freeing der CA");
wolfSSL	0:1239e9b70ca2	1569
wolfSSL	0:1239e9b70ca2	1570	CYASSL_LEAVE("AddCA", ret);
wolfSSL	0:1239e9b70ca2	1571	if (ret == 0) return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1572	return ret;
wolfSSL	0:1239e9b70ca2	1573	}
wolfSSL	0:1239e9b70ca2	1574
wolfSSL	0:1239e9b70ca2	1575	#endif /* !NO_CERTS */
wolfSSL	0:1239e9b70ca2	1576
wolfSSL	0:1239e9b70ca2	1577
wolfSSL	0:1239e9b70ca2	1578	#ifndef NO_SESSION_CACHE
wolfSSL	0:1239e9b70ca2	1579
wolfSSL	0:1239e9b70ca2	1580	/* basic config gives a cache with 33 sessions, adequate for clients and
wolfSSL	0:1239e9b70ca2	1581	embedded servers
wolfSSL	0:1239e9b70ca2	1582
wolfSSL	0:1239e9b70ca2	1583	MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
wolfSSL	0:1239e9b70ca2	1584	aren't under heavy load, basically allows 200 new sessions per minute
wolfSSL	0:1239e9b70ca2	1585
wolfSSL	0:1239e9b70ca2	1586	BIG_SESSION_CACHE yields 20,027 sessions
wolfSSL	0:1239e9b70ca2	1587
wolfSSL	0:1239e9b70ca2	1588	HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
wolfSSL	0:1239e9b70ca2	1589	allows over 13,000 new sessions per minute or over 200 new sessions per
wolfSSL	0:1239e9b70ca2	1590	second
wolfSSL	0:1239e9b70ca2	1591
wolfSSL	0:1239e9b70ca2	1592	SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
wolfSSL	0:1239e9b70ca2	1593	or systems where the default of nearly 3kB is too much RAM, this define
wolfSSL	0:1239e9b70ca2	1594	uses less than 500 bytes RAM
wolfSSL	0:1239e9b70ca2	1595
wolfSSL	0:1239e9b70ca2	1596	default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
wolfSSL	0:1239e9b70ca2	1597	*/
wolfSSL	0:1239e9b70ca2	1598	#ifdef HUGE_SESSION_CACHE
wolfSSL	0:1239e9b70ca2	1599	#define SESSIONS_PER_ROW 11
wolfSSL	0:1239e9b70ca2	1600	#define SESSION_ROWS 5981
wolfSSL	0:1239e9b70ca2	1601	#elif defined(BIG_SESSION_CACHE)
wolfSSL	0:1239e9b70ca2	1602	#define SESSIONS_PER_ROW 7
wolfSSL	0:1239e9b70ca2	1603	#define SESSION_ROWS 2861
wolfSSL	0:1239e9b70ca2	1604	#elif defined(MEDIUM_SESSION_CACHE)
wolfSSL	0:1239e9b70ca2	1605	#define SESSIONS_PER_ROW 5
wolfSSL	0:1239e9b70ca2	1606	#define SESSION_ROWS 211
wolfSSL	0:1239e9b70ca2	1607	#elif defined(SMALL_SESSION_CACHE)
wolfSSL	0:1239e9b70ca2	1608	#define SESSIONS_PER_ROW 2
wolfSSL	0:1239e9b70ca2	1609	#define SESSION_ROWS 3
wolfSSL	0:1239e9b70ca2	1610	#else
wolfSSL	0:1239e9b70ca2	1611	#define SESSIONS_PER_ROW 3
wolfSSL	0:1239e9b70ca2	1612	#define SESSION_ROWS 11
wolfSSL	0:1239e9b70ca2	1613	#endif
wolfSSL	0:1239e9b70ca2	1614
wolfSSL	0:1239e9b70ca2	1615	typedef struct SessionRow {
wolfSSL	0:1239e9b70ca2	1616	int nextIdx; /* where to place next one */
wolfSSL	0:1239e9b70ca2	1617	int totalCount; /* sessions ever on this row */
wolfSSL	0:1239e9b70ca2	1618	CYASSL_SESSION Sessions[SESSIONS_PER_ROW];
wolfSSL	0:1239e9b70ca2	1619	} SessionRow;
wolfSSL	0:1239e9b70ca2	1620
wolfSSL	0:1239e9b70ca2	1621	static SessionRow SessionCache[SESSION_ROWS];
wolfSSL	0:1239e9b70ca2	1622
wolfSSL	0:1239e9b70ca2	1623	static CyaSSL_Mutex session_mutex; /* SessionCache mutex */
wolfSSL	0:1239e9b70ca2	1624
wolfSSL	0:1239e9b70ca2	1625	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	1626
wolfSSL	0:1239e9b70ca2	1627	typedef struct ClientSession {
wolfSSL	0:1239e9b70ca2	1628	word16 serverRow; /* SessionCache Row id */
wolfSSL	0:1239e9b70ca2	1629	word16 serverIdx; /* SessionCache Idx (column) */
wolfSSL	0:1239e9b70ca2	1630	} ClientSession;
wolfSSL	0:1239e9b70ca2	1631
wolfSSL	0:1239e9b70ca2	1632	typedef struct ClientRow {
wolfSSL	0:1239e9b70ca2	1633	int nextIdx; /* where to place next one */
wolfSSL	0:1239e9b70ca2	1634	int totalCount; /* sessions ever on this row */
wolfSSL	0:1239e9b70ca2	1635	ClientSession Clients[SESSIONS_PER_ROW];
wolfSSL	0:1239e9b70ca2	1636	} ClientRow;
wolfSSL	0:1239e9b70ca2	1637
wolfSSL	0:1239e9b70ca2	1638	static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
wolfSSL	0:1239e9b70ca2	1639	/* uses session mutex */
wolfSSL	0:1239e9b70ca2	1640	#endif /* NO_CLIENT_CACHE */
wolfSSL	0:1239e9b70ca2	1641
wolfSSL	0:1239e9b70ca2	1642	#endif /* NO_SESSION_CACHE */
wolfSSL	0:1239e9b70ca2	1643
wolfSSL	0:1239e9b70ca2	1644
wolfSSL	0:1239e9b70ca2	1645	int CyaSSL_Init(void)
wolfSSL	0:1239e9b70ca2	1646	{
wolfSSL	0:1239e9b70ca2	1647	int ret = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	1648
wolfSSL	0:1239e9b70ca2	1649	CYASSL_ENTER("CyaSSL_Init");
wolfSSL	0:1239e9b70ca2	1650
wolfSSL	0:1239e9b70ca2	1651	if (initRefCount == 0) {
wolfSSL	0:1239e9b70ca2	1652	#ifndef NO_SESSION_CACHE
wolfSSL	0:1239e9b70ca2	1653	if (InitMutex(&session_mutex) != 0)
wolfSSL	0:1239e9b70ca2	1654	ret = BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	1655	#endif
wolfSSL	0:1239e9b70ca2	1656	if (InitMutex(&count_mutex) != 0)
wolfSSL	0:1239e9b70ca2	1657	ret = BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	1658	}
wolfSSL	0:1239e9b70ca2	1659	if (ret == SSL_SUCCESS) {
wolfSSL	0:1239e9b70ca2	1660	if (LockMutex(&count_mutex) != 0) {
wolfSSL	0:1239e9b70ca2	1661	CYASSL_MSG("Bad Lock Mutex count");
wolfSSL	0:1239e9b70ca2	1662	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	1663	}
wolfSSL	0:1239e9b70ca2	1664	initRefCount++;
wolfSSL	0:1239e9b70ca2	1665	UnLockMutex(&count_mutex);
wolfSSL	0:1239e9b70ca2	1666	}
wolfSSL	0:1239e9b70ca2	1667
wolfSSL	0:1239e9b70ca2	1668	return ret;
wolfSSL	0:1239e9b70ca2	1669	}
wolfSSL	0:1239e9b70ca2	1670
wolfSSL	0:1239e9b70ca2	1671
wolfSSL	0:1239e9b70ca2	1672	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	1673
wolfSSL	0:1239e9b70ca2	1674	/* Remove PEM header/footer, convert to ASN1, store any encrypted data
wolfSSL	0:1239e9b70ca2	1675	info->consumed tracks of PEM bytes consumed in case multiple parts */
wolfSSL	0:1239e9b70ca2	1676	int PemToDer(const unsigned char* buff, long longSz, int type,
wolfSSL	0:1239e9b70ca2	1677	buffer* der, void* heap, EncryptedInfo* info, int* eccKey)
wolfSSL	0:1239e9b70ca2	1678	{
wolfSSL	0:1239e9b70ca2	1679	char header[PEM_LINE_LEN];
wolfSSL	0:1239e9b70ca2	1680	char footer[PEM_LINE_LEN];
wolfSSL	0:1239e9b70ca2	1681	char* headerEnd;
wolfSSL	0:1239e9b70ca2	1682	char* footerEnd;
wolfSSL	0:1239e9b70ca2	1683	char* consumedEnd;
wolfSSL	0:1239e9b70ca2	1684	char* bufferEnd = (char*)(buff + longSz);
wolfSSL	0:1239e9b70ca2	1685	long neededSz;
wolfSSL	0:1239e9b70ca2	1686	int ret = 0;
wolfSSL	0:1239e9b70ca2	1687	int pkcs8 = 0;
wolfSSL	0:1239e9b70ca2	1688	int pkcs8Enc = 0;
wolfSSL	0:1239e9b70ca2	1689	int dynamicType = 0;
wolfSSL	0:1239e9b70ca2	1690	int sz = (int)longSz;
wolfSSL	0:1239e9b70ca2	1691
wolfSSL	0:1239e9b70ca2	1692	(void)heap;
wolfSSL	0:1239e9b70ca2	1693	(void)dynamicType;
wolfSSL	0:1239e9b70ca2	1694
wolfSSL	0:1239e9b70ca2	1695	if (type == CERT_TYPE \|\| type == CA_TYPE) {
wolfSSL	0:1239e9b70ca2	1696	XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header));
wolfSSL	0:1239e9b70ca2	1697	XSTRNCPY(footer, "-----END CERTIFICATE-----", sizeof(footer));
wolfSSL	0:1239e9b70ca2	1698	dynamicType = (type == CA_TYPE) ? DYNAMIC_TYPE_CA :
wolfSSL	0:1239e9b70ca2	1699	DYNAMIC_TYPE_CERT;
wolfSSL	0:1239e9b70ca2	1700	} else if (type == CERTREQ_TYPE) {
wolfSSL	0:1239e9b70ca2	1701	XSTRNCPY(header, "-----BEGIN CERTIFICATE REQUEST-----",
wolfSSL	0:1239e9b70ca2	1702	sizeof(header));
wolfSSL	0:1239e9b70ca2	1703	XSTRNCPY(footer, "-----END CERTIFICATE REQUEST-----",
wolfSSL	0:1239e9b70ca2	1704	sizeof(footer));
wolfSSL	0:1239e9b70ca2	1705	dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL	0:1239e9b70ca2	1706	} else if (type == DH_PARAM_TYPE) {
wolfSSL	0:1239e9b70ca2	1707	XSTRNCPY(header, "-----BEGIN DH PARAMETERS-----", sizeof(header));
wolfSSL	0:1239e9b70ca2	1708	XSTRNCPY(footer, "-----END DH PARAMETERS-----", sizeof(footer));
wolfSSL	0:1239e9b70ca2	1709	dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL	0:1239e9b70ca2	1710	} else if (type == CRL_TYPE) {
wolfSSL	0:1239e9b70ca2	1711	XSTRNCPY(header, "-----BEGIN X509 CRL-----", sizeof(header));
wolfSSL	0:1239e9b70ca2	1712	XSTRNCPY(footer, "-----END X509 CRL-----", sizeof(footer));
wolfSSL	0:1239e9b70ca2	1713	dynamicType = DYNAMIC_TYPE_CRL;
wolfSSL	0:1239e9b70ca2	1714	} else {
wolfSSL	0:1239e9b70ca2	1715	XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header));
wolfSSL	0:1239e9b70ca2	1716	XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----", sizeof(footer));
wolfSSL	0:1239e9b70ca2	1717	dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL	0:1239e9b70ca2	1718	}
wolfSSL	0:1239e9b70ca2	1719
wolfSSL	0:1239e9b70ca2	1720	/* find header */
wolfSSL	0:1239e9b70ca2	1721	headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL	0:1239e9b70ca2	1722	if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be pkcs8 */
wolfSSL	0:1239e9b70ca2	1723	XSTRNCPY(header, "-----BEGIN PRIVATE KEY-----", sizeof(header));
wolfSSL	0:1239e9b70ca2	1724	XSTRNCPY(footer, "-----END PRIVATE KEY-----", sizeof(footer));
wolfSSL	0:1239e9b70ca2	1725
wolfSSL	0:1239e9b70ca2	1726	headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL	0:1239e9b70ca2	1727	if (headerEnd)
wolfSSL	0:1239e9b70ca2	1728	pkcs8 = 1;
wolfSSL	0:1239e9b70ca2	1729	else {
wolfSSL	0:1239e9b70ca2	1730	XSTRNCPY(header, "-----BEGIN ENCRYPTED PRIVATE KEY-----",
wolfSSL	0:1239e9b70ca2	1731	sizeof(header));
wolfSSL	0:1239e9b70ca2	1732	XSTRNCPY(footer, "-----END ENCRYPTED PRIVATE KEY-----",
wolfSSL	0:1239e9b70ca2	1733	sizeof(footer));
wolfSSL	0:1239e9b70ca2	1734
wolfSSL	0:1239e9b70ca2	1735	headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL	0:1239e9b70ca2	1736	if (headerEnd) {
wolfSSL	0:1239e9b70ca2	1737	pkcs8Enc = 1;
wolfSSL	0:1239e9b70ca2	1738	(void)pkcs8Enc; /* only opensslextra will read */
wolfSSL	0:1239e9b70ca2	1739	}
wolfSSL	0:1239e9b70ca2	1740	}
wolfSSL	0:1239e9b70ca2	1741	}
wolfSSL	0:1239e9b70ca2	1742	if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */
wolfSSL	0:1239e9b70ca2	1743	XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----", sizeof(header));
wolfSSL	0:1239e9b70ca2	1744	XSTRNCPY(footer, "-----END EC PRIVATE KEY-----", sizeof(footer));
wolfSSL	0:1239e9b70ca2	1745
wolfSSL	0:1239e9b70ca2	1746	headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL	0:1239e9b70ca2	1747	if (headerEnd)
wolfSSL	0:1239e9b70ca2	1748	*eccKey = 1;
wolfSSL	0:1239e9b70ca2	1749	}
wolfSSL	0:1239e9b70ca2	1750	if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be dsa */
wolfSSL	0:1239e9b70ca2	1751	XSTRNCPY(header, "-----BEGIN DSA PRIVATE KEY-----", sizeof(header));
wolfSSL	0:1239e9b70ca2	1752	XSTRNCPY(footer, "-----END DSA PRIVATE KEY-----", sizeof(footer));
wolfSSL	0:1239e9b70ca2	1753
wolfSSL	0:1239e9b70ca2	1754	headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL	0:1239e9b70ca2	1755	}
wolfSSL	0:1239e9b70ca2	1756	if (!headerEnd) {
wolfSSL	0:1239e9b70ca2	1757	CYASSL_MSG("Couldn't find PEM header");
wolfSSL	0:1239e9b70ca2	1758	return SSL_NO_PEM_HEADER;
wolfSSL	0:1239e9b70ca2	1759	}
wolfSSL	0:1239e9b70ca2	1760	headerEnd += XSTRLEN(header);
wolfSSL	0:1239e9b70ca2	1761
wolfSSL	0:1239e9b70ca2	1762	/* eat end of line */
wolfSSL	0:1239e9b70ca2	1763	if (headerEnd[0] == '\n')
wolfSSL	0:1239e9b70ca2	1764	headerEnd++;
wolfSSL	0:1239e9b70ca2	1765	else if (headerEnd[1] == '\n')
wolfSSL	0:1239e9b70ca2	1766	headerEnd += 2;
wolfSSL	0:1239e9b70ca2	1767	else
wolfSSL	0:1239e9b70ca2	1768	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	1769
wolfSSL	0:1239e9b70ca2	1770	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	0:1239e9b70ca2	1771	{
wolfSSL	0:1239e9b70ca2	1772	/* remove encrypted header if there */
wolfSSL	0:1239e9b70ca2	1773	char encHeader[] = "Proc-Type";
wolfSSL	0:1239e9b70ca2	1774	char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN);
wolfSSL	0:1239e9b70ca2	1775	if (line) {
wolfSSL	0:1239e9b70ca2	1776	char* newline;
wolfSSL	0:1239e9b70ca2	1777	char* finish;
wolfSSL	0:1239e9b70ca2	1778	char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
wolfSSL	0:1239e9b70ca2	1779
wolfSSL	0:1239e9b70ca2	1780	if (!start)
wolfSSL	0:1239e9b70ca2	1781	start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
wolfSSL	0:1239e9b70ca2	1782
wolfSSL	0:1239e9b70ca2	1783	if (!start) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	1784	if (!info) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	1785
wolfSSL	0:1239e9b70ca2	1786	finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
wolfSSL	0:1239e9b70ca2	1787
wolfSSL	0:1239e9b70ca2	1788	if (start && finish && (start < finish)) {
wolfSSL	0:1239e9b70ca2	1789	newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
wolfSSL	0:1239e9b70ca2	1790
wolfSSL	0:1239e9b70ca2	1791	XMEMCPY(info->name, start, finish - start);
wolfSSL	0:1239e9b70ca2	1792	info->name[finish - start] = 0;
wolfSSL	0:1239e9b70ca2	1793	XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
wolfSSL	0:1239e9b70ca2	1794
wolfSSL	0:1239e9b70ca2	1795	if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
wolfSSL	0:1239e9b70ca2	1796	if (newline && (newline > finish)) {
wolfSSL	0:1239e9b70ca2	1797	info->ivSz = (word32)(newline - (finish + 1));
wolfSSL	0:1239e9b70ca2	1798	info->set = 1;
wolfSSL	0:1239e9b70ca2	1799	}
wolfSSL	0:1239e9b70ca2	1800	else
wolfSSL	0:1239e9b70ca2	1801	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	1802	}
wolfSSL	0:1239e9b70ca2	1803	else
wolfSSL	0:1239e9b70ca2	1804	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	1805
wolfSSL	0:1239e9b70ca2	1806	/* eat blank line */
wolfSSL	0:1239e9b70ca2	1807	while (newline == '\r' \|\| newline == '\n')
wolfSSL	0:1239e9b70ca2	1808	newline++;
wolfSSL	0:1239e9b70ca2	1809	headerEnd = newline;
wolfSSL	0:1239e9b70ca2	1810	}
wolfSSL	0:1239e9b70ca2	1811	}
wolfSSL	0:1239e9b70ca2	1812	#endif /* OPENSSL_EXTRA \|\| HAVE_WEBSERVER */
wolfSSL	0:1239e9b70ca2	1813
wolfSSL	0:1239e9b70ca2	1814	/* find footer */
wolfSSL	0:1239e9b70ca2	1815	footerEnd = XSTRNSTR((char*)buff, footer, sz);
wolfSSL	0:1239e9b70ca2	1816	if (!footerEnd) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	1817
wolfSSL	0:1239e9b70ca2	1818	consumedEnd = footerEnd + XSTRLEN(footer);
wolfSSL	0:1239e9b70ca2	1819
wolfSSL	0:1239e9b70ca2	1820	if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
wolfSSL	0:1239e9b70ca2	1821	/* eat end of line */
wolfSSL	0:1239e9b70ca2	1822	if (consumedEnd[0] == '\n')
wolfSSL	0:1239e9b70ca2	1823	consumedEnd++;
wolfSSL	0:1239e9b70ca2	1824	else if (consumedEnd[1] == '\n')
wolfSSL	0:1239e9b70ca2	1825	consumedEnd += 2;
wolfSSL	0:1239e9b70ca2	1826	else
wolfSSL	0:1239e9b70ca2	1827	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	1828	}
wolfSSL	0:1239e9b70ca2	1829
wolfSSL	0:1239e9b70ca2	1830	if (info)
wolfSSL	0:1239e9b70ca2	1831	info->consumed = (long)(consumedEnd - (char*)buff);
wolfSSL	0:1239e9b70ca2	1832
wolfSSL	0:1239e9b70ca2	1833	/* set up der buffer */
wolfSSL	0:1239e9b70ca2	1834	neededSz = (long)(footerEnd - headerEnd);
wolfSSL	0:1239e9b70ca2	1835	if (neededSz > sz \|\| neededSz < 0) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	1836	der->buffer = (byte*) XMALLOC(neededSz, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	1837	if (!der->buffer) return MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	1838	der->length = (word32)neededSz;
wolfSSL	0:1239e9b70ca2	1839
wolfSSL	0:1239e9b70ca2	1840	if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer,
wolfSSL	0:1239e9b70ca2	1841	&der->length) < 0)
wolfSSL	0:1239e9b70ca2	1842	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	1843
wolfSSL	0:1239e9b70ca2	1844	if (pkcs8) {
wolfSSL	0:1239e9b70ca2	1845	/* convert and adjust length */
wolfSSL	0:1239e9b70ca2	1846	if ( (ret = ToTraditional(der->buffer, der->length)) < 0 ) {
wolfSSL	0:1239e9b70ca2	1847	return ret;
wolfSSL	0:1239e9b70ca2	1848	} else {
wolfSSL	0:1239e9b70ca2	1849	der->length = ret;
wolfSSL	0:1239e9b70ca2	1850	return 0;
wolfSSL	0:1239e9b70ca2	1851	}
wolfSSL	0:1239e9b70ca2	1852	}
wolfSSL	0:1239e9b70ca2	1853
wolfSSL	0:1239e9b70ca2	1854	#if (defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
wolfSSL	0:1239e9b70ca2	1855	if (pkcs8Enc) {
wolfSSL	0:1239e9b70ca2	1856	int passwordSz;
wolfSSL	0:1239e9b70ca2	1857	char password[80];
wolfSSL	0:1239e9b70ca2	1858
wolfSSL	0:1239e9b70ca2	1859	if (!info \|\| !info->ctx \|\| !info->ctx->passwd_cb)
wolfSSL	0:1239e9b70ca2	1860	return SSL_BAD_FILE; /* no callback error */
wolfSSL	0:1239e9b70ca2	1861	passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL	0:1239e9b70ca2	1862	info->ctx->userdata);
wolfSSL	0:1239e9b70ca2	1863	/* convert and adjust length */
wolfSSL	0:1239e9b70ca2	1864	if ( (ret = ToTraditionalEnc(der->buffer, der->length, password,
wolfSSL	0:1239e9b70ca2	1865	passwordSz)) < 0 ) {
wolfSSL	0:1239e9b70ca2	1866	return ret;
wolfSSL	0:1239e9b70ca2	1867	} else {
wolfSSL	0:1239e9b70ca2	1868	der->length = ret;
wolfSSL	0:1239e9b70ca2	1869	return 0;
wolfSSL	0:1239e9b70ca2	1870	}
wolfSSL	0:1239e9b70ca2	1871	}
wolfSSL	0:1239e9b70ca2	1872	#endif
wolfSSL	0:1239e9b70ca2	1873
wolfSSL	0:1239e9b70ca2	1874	return 0;
wolfSSL	0:1239e9b70ca2	1875	}
wolfSSL	0:1239e9b70ca2	1876
wolfSSL	0:1239e9b70ca2	1877
wolfSSL	0:1239e9b70ca2	1878	/* process the buffer buff, legnth sz, into ctx of format and type
wolfSSL	0:1239e9b70ca2	1879	used tracks bytes consumed, userChain specifies a user cert chain
wolfSSL	0:1239e9b70ca2	1880	to pass during the handshake */
wolfSSL	0:1239e9b70ca2	1881	static int ProcessBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
wolfSSL	0:1239e9b70ca2	1882	long sz, int format, int type, CYASSL* ssl,
wolfSSL	0:1239e9b70ca2	1883	long* used, int userChain)
wolfSSL	0:1239e9b70ca2	1884	{
wolfSSL	0:1239e9b70ca2	1885	EncryptedInfo info;
wolfSSL	0:1239e9b70ca2	1886	buffer der; /* holds DER or RAW (for NTRU) */
wolfSSL	0:1239e9b70ca2	1887	int ret;
wolfSSL	0:1239e9b70ca2	1888	int dynamicType = 0;
wolfSSL	0:1239e9b70ca2	1889	int eccKey = 0;
wolfSSL	0:1239e9b70ca2	1890	int rsaKey = 0;
wolfSSL	0:1239e9b70ca2	1891	void* heap = ctx ? ctx->heap : NULL;
wolfSSL	0:1239e9b70ca2	1892
wolfSSL	0:1239e9b70ca2	1893	info.set = 0;
wolfSSL	0:1239e9b70ca2	1894	info.ctx = ctx;
wolfSSL	0:1239e9b70ca2	1895	info.consumed = 0;
wolfSSL	0:1239e9b70ca2	1896	der.buffer = 0;
wolfSSL	0:1239e9b70ca2	1897
wolfSSL	0:1239e9b70ca2	1898	(void)dynamicType;
wolfSSL	0:1239e9b70ca2	1899	(void)rsaKey;
wolfSSL	0:1239e9b70ca2	1900
wolfSSL	0:1239e9b70ca2	1901	if (used)
wolfSSL	0:1239e9b70ca2	1902	used = sz; / used bytes default to sz, PEM chain may shorten*/
wolfSSL	0:1239e9b70ca2	1903
wolfSSL	0:1239e9b70ca2	1904	if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
wolfSSL	0:1239e9b70ca2	1905	&& format != SSL_FILETYPE_RAW)
wolfSSL	0:1239e9b70ca2	1906	return SSL_BAD_FILETYPE;
wolfSSL	0:1239e9b70ca2	1907
wolfSSL	0:1239e9b70ca2	1908	if (type == CA_TYPE)
wolfSSL	0:1239e9b70ca2	1909	dynamicType = DYNAMIC_TYPE_CA;
wolfSSL	0:1239e9b70ca2	1910	else if (type == CERT_TYPE)
wolfSSL	0:1239e9b70ca2	1911	dynamicType = DYNAMIC_TYPE_CERT;
wolfSSL	0:1239e9b70ca2	1912	else
wolfSSL	0:1239e9b70ca2	1913	dynamicType = DYNAMIC_TYPE_KEY;
wolfSSL	0:1239e9b70ca2	1914
wolfSSL	0:1239e9b70ca2	1915	if (format == SSL_FILETYPE_PEM) {
wolfSSL	0:1239e9b70ca2	1916	ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey);
wolfSSL	0:1239e9b70ca2	1917	if (ret < 0) {
wolfSSL	0:1239e9b70ca2	1918	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	1919	return ret;
wolfSSL	0:1239e9b70ca2	1920	}
wolfSSL	0:1239e9b70ca2	1921	if (used)
wolfSSL	0:1239e9b70ca2	1922	*used = info.consumed;
wolfSSL	0:1239e9b70ca2	1923	/* we may have a user cert chain, try to consume */
wolfSSL	0:1239e9b70ca2	1924	if (userChain && type == CERT_TYPE && info.consumed < sz) {
wolfSSL	0:1239e9b70ca2	1925	byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
wolfSSL	0:1239e9b70ca2	1926	byte* chainBuffer = staticBuffer;
wolfSSL	0:1239e9b70ca2	1927	int dynamicBuffer = 0;
wolfSSL	0:1239e9b70ca2	1928	word32 bufferSz = sizeof(staticBuffer);
wolfSSL	0:1239e9b70ca2	1929	long consumed = info.consumed;
wolfSSL	0:1239e9b70ca2	1930	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	1931	int gotOne = 0;
wolfSSL	0:1239e9b70ca2	1932
wolfSSL	0:1239e9b70ca2	1933	if ( (sz - consumed) > (int)bufferSz) {
wolfSSL	0:1239e9b70ca2	1934	CYASSL_MSG("Growing Tmp Chain Buffer");
wolfSSL	0:1239e9b70ca2	1935	bufferSz = (word32)(sz - consumed);
wolfSSL	0:1239e9b70ca2	1936	/* will shrink to actual size */
wolfSSL	0:1239e9b70ca2	1937	chainBuffer = (byte*)XMALLOC(bufferSz, heap,
wolfSSL	0:1239e9b70ca2	1938	DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	1939	if (chainBuffer == NULL) {
wolfSSL	0:1239e9b70ca2	1940	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	1941	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	1942	}
wolfSSL	0:1239e9b70ca2	1943	dynamicBuffer = 1;
wolfSSL	0:1239e9b70ca2	1944	}
wolfSSL	0:1239e9b70ca2	1945
wolfSSL	0:1239e9b70ca2	1946	CYASSL_MSG("Processing Cert Chain");
wolfSSL	0:1239e9b70ca2	1947	while (consumed < sz) {
wolfSSL	0:1239e9b70ca2	1948	buffer part;
wolfSSL	0:1239e9b70ca2	1949	info.consumed = 0;
wolfSSL	0:1239e9b70ca2	1950	part.buffer = 0;
wolfSSL	0:1239e9b70ca2	1951
wolfSSL	0:1239e9b70ca2	1952	ret = PemToDer(buff + consumed, sz - consumed, type, &part,
wolfSSL	0:1239e9b70ca2	1953	heap, &info, &eccKey);
wolfSSL	0:1239e9b70ca2	1954	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	1955	gotOne = 1;
wolfSSL	0:1239e9b70ca2	1956	if ( (idx + part.length) > bufferSz) {
wolfSSL	0:1239e9b70ca2	1957	CYASSL_MSG(" Cert Chain bigger than buffer");
wolfSSL	0:1239e9b70ca2	1958	ret = BUFFER_E;
wolfSSL	0:1239e9b70ca2	1959	}
wolfSSL	0:1239e9b70ca2	1960	else {
wolfSSL	0:1239e9b70ca2	1961	c32to24(part.length, &chainBuffer[idx]);
wolfSSL	0:1239e9b70ca2	1962	idx += CERT_HEADER_SZ;
wolfSSL	0:1239e9b70ca2	1963	XMEMCPY(&chainBuffer[idx], part.buffer,part.length);
wolfSSL	0:1239e9b70ca2	1964	idx += part.length;
wolfSSL	0:1239e9b70ca2	1965	consumed += info.consumed;
wolfSSL	0:1239e9b70ca2	1966	if (used)
wolfSSL	0:1239e9b70ca2	1967	*used += info.consumed;
wolfSSL	0:1239e9b70ca2	1968	}
wolfSSL	0:1239e9b70ca2	1969	}
wolfSSL	0:1239e9b70ca2	1970
wolfSSL	0:1239e9b70ca2	1971	XFREE(part.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	1972
wolfSSL	0:1239e9b70ca2	1973	if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL	0:1239e9b70ca2	1974	CYASSL_MSG("We got one good PEM so stuff at end ok");
wolfSSL	0:1239e9b70ca2	1975	break;
wolfSSL	0:1239e9b70ca2	1976	}
wolfSSL	0:1239e9b70ca2	1977
wolfSSL	0:1239e9b70ca2	1978	if (ret < 0) {
wolfSSL	0:1239e9b70ca2	1979	CYASSL_MSG(" Error in Cert in Chain");
wolfSSL	0:1239e9b70ca2	1980	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	1981	return ret;
wolfSSL	0:1239e9b70ca2	1982	}
wolfSSL	0:1239e9b70ca2	1983	CYASSL_MSG(" Consumed another Cert in Chain");
wolfSSL	0:1239e9b70ca2	1984	}
wolfSSL	0:1239e9b70ca2	1985	CYASSL_MSG("Finished Processing Cert Chain");
wolfSSL	0:1239e9b70ca2	1986
wolfSSL	0:1239e9b70ca2	1987	if (ctx == NULL) {
wolfSSL	0:1239e9b70ca2	1988	CYASSL_MSG("certChain needs context");
wolfSSL	0:1239e9b70ca2	1989	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	1990	}
wolfSSL	0:1239e9b70ca2	1991	ctx->certChain.buffer = (byte*)XMALLOC(idx, heap,
wolfSSL	0:1239e9b70ca2	1992	dynamicType);
wolfSSL	0:1239e9b70ca2	1993	if (ctx->certChain.buffer) {
wolfSSL	0:1239e9b70ca2	1994	ctx->certChain.length = idx;
wolfSSL	0:1239e9b70ca2	1995	XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
wolfSSL	0:1239e9b70ca2	1996	}
wolfSSL	0:1239e9b70ca2	1997	if (dynamicBuffer)
wolfSSL	0:1239e9b70ca2	1998	XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	1999	if (ctx->certChain.buffer == NULL) {
wolfSSL	0:1239e9b70ca2	2000	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2001	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	2002	}
wolfSSL	0:1239e9b70ca2	2003	}
wolfSSL	0:1239e9b70ca2	2004	}
wolfSSL	0:1239e9b70ca2	2005	else { /* ASN1 (DER) or RAW (NTRU) */
wolfSSL	0:1239e9b70ca2	2006	der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2007	if (!der.buffer) return MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	2008	XMEMCPY(der.buffer, buff, sz);
wolfSSL	0:1239e9b70ca2	2009	der.length = (word32)sz;
wolfSSL	0:1239e9b70ca2	2010	}
wolfSSL	0:1239e9b70ca2	2011
wolfSSL	0:1239e9b70ca2	2012	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	0:1239e9b70ca2	2013	if (info.set) {
wolfSSL	0:1239e9b70ca2	2014	/* decrypt */
wolfSSL	0:1239e9b70ca2	2015	char password[80];
wolfSSL	0:1239e9b70ca2	2016	int passwordSz;
wolfSSL	0:1239e9b70ca2	2017
wolfSSL	0:1239e9b70ca2	2018	byte key[AES_256_KEY_SIZE];
wolfSSL	0:1239e9b70ca2	2019	byte iv[AES_IV_SIZE];
wolfSSL	0:1239e9b70ca2	2020
wolfSSL	0:1239e9b70ca2	2021	if (!ctx \|\| !ctx->passwd_cb) {
wolfSSL	0:1239e9b70ca2	2022	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2023	return NO_PASSWORD;
wolfSSL	0:1239e9b70ca2	2024	}
wolfSSL	0:1239e9b70ca2	2025
wolfSSL	0:1239e9b70ca2	2026	/* use file's salt for key derivation, hex decode first */
wolfSSL	0:1239e9b70ca2	2027	if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
wolfSSL	0:1239e9b70ca2	2028	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2029	return ASN_INPUT_E;
wolfSSL	0:1239e9b70ca2	2030	}
wolfSSL	0:1239e9b70ca2	2031
wolfSSL	0:1239e9b70ca2	2032	passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL	0:1239e9b70ca2	2033	ctx->userdata);
wolfSSL	0:1239e9b70ca2	2034	if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
wolfSSL	0:1239e9b70ca2	2035	(byte*)password, passwordSz, 1, key, iv)) <= 0) {
wolfSSL	0:1239e9b70ca2	2036	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2037	return ret;
wolfSSL	0:1239e9b70ca2	2038	}
wolfSSL	0:1239e9b70ca2	2039
wolfSSL	0:1239e9b70ca2	2040	if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) {
wolfSSL	0:1239e9b70ca2	2041	Des enc;
wolfSSL	0:1239e9b70ca2	2042
wolfSSL	0:1239e9b70ca2	2043	ret = Des_SetKey(&enc, key, info.iv, DES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	2044	if (ret != 0)
wolfSSL	0:1239e9b70ca2	2045	return ret;
wolfSSL	0:1239e9b70ca2	2046
wolfSSL	0:1239e9b70ca2	2047	Des_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
wolfSSL	0:1239e9b70ca2	2048	}
wolfSSL	0:1239e9b70ca2	2049	else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) {
wolfSSL	0:1239e9b70ca2	2050	Des3 enc;
wolfSSL	0:1239e9b70ca2	2051
wolfSSL	0:1239e9b70ca2	2052	ret = Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	2053	if (ret != 0)
wolfSSL	0:1239e9b70ca2	2054	return ret;
wolfSSL	0:1239e9b70ca2	2055
wolfSSL	0:1239e9b70ca2	2056	ret = Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
wolfSSL	0:1239e9b70ca2	2057	if (ret != 0)
wolfSSL	0:1239e9b70ca2	2058	return ret;
wolfSSL	0:1239e9b70ca2	2059	}
wolfSSL	0:1239e9b70ca2	2060	else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) {
wolfSSL	0:1239e9b70ca2	2061	Aes enc;
wolfSSL	0:1239e9b70ca2	2062	ret = AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv,
wolfSSL	0:1239e9b70ca2	2063	AES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	2064	if (ret == 0)
wolfSSL	0:1239e9b70ca2	2065	ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
wolfSSL	0:1239e9b70ca2	2066	}
wolfSSL	0:1239e9b70ca2	2067	else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) {
wolfSSL	0:1239e9b70ca2	2068	Aes enc;
wolfSSL	0:1239e9b70ca2	2069	ret = AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv,
wolfSSL	0:1239e9b70ca2	2070	AES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	2071	if (ret == 0)
wolfSSL	0:1239e9b70ca2	2072	ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
wolfSSL	0:1239e9b70ca2	2073	}
wolfSSL	0:1239e9b70ca2	2074	else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) {
wolfSSL	0:1239e9b70ca2	2075	Aes enc;
wolfSSL	0:1239e9b70ca2	2076	ret = AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv,
wolfSSL	0:1239e9b70ca2	2077	AES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	2078	if (ret == 0)
wolfSSL	0:1239e9b70ca2	2079	ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
wolfSSL	0:1239e9b70ca2	2080	}
wolfSSL	0:1239e9b70ca2	2081	else {
wolfSSL	0:1239e9b70ca2	2082	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2083	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2084	}
wolfSSL	0:1239e9b70ca2	2085
wolfSSL	0:1239e9b70ca2	2086	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	2087	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2088	return ret;
wolfSSL	0:1239e9b70ca2	2089	}
wolfSSL	0:1239e9b70ca2	2090	}
wolfSSL	0:1239e9b70ca2	2091	#endif /* OPENSSL_EXTRA \|\| HAVE_WEBSERVER */
wolfSSL	0:1239e9b70ca2	2092
wolfSSL	0:1239e9b70ca2	2093	if (type == CA_TYPE) {
wolfSSL	0:1239e9b70ca2	2094	if (ctx == NULL) {
wolfSSL	0:1239e9b70ca2	2095	CYASSL_MSG("Need context for CA load");
wolfSSL	0:1239e9b70ca2	2096	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2097	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2098	}
wolfSSL	0:1239e9b70ca2	2099	return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer);
wolfSSL	0:1239e9b70ca2	2100	/* takes der over */
wolfSSL	0:1239e9b70ca2	2101	}
wolfSSL	0:1239e9b70ca2	2102	else if (type == CERT_TYPE) {
wolfSSL	0:1239e9b70ca2	2103	if (ssl) {
wolfSSL	0:1239e9b70ca2	2104	if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
wolfSSL	0:1239e9b70ca2	2105	XFREE(ssl->buffers.certificate.buffer, heap,
wolfSSL	0:1239e9b70ca2	2106	dynamicType);
wolfSSL	0:1239e9b70ca2	2107	ssl->buffers.certificate = der;
wolfSSL	0:1239e9b70ca2	2108	ssl->buffers.weOwnCert = 1;
wolfSSL	0:1239e9b70ca2	2109	}
wolfSSL	0:1239e9b70ca2	2110	else if (ctx) {
wolfSSL	0:1239e9b70ca2	2111	if (ctx->certificate.buffer)
wolfSSL	0:1239e9b70ca2	2112	XFREE(ctx->certificate.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2113	ctx->certificate = der; /* takes der over */
wolfSSL	0:1239e9b70ca2	2114	}
wolfSSL	0:1239e9b70ca2	2115	}
wolfSSL	0:1239e9b70ca2	2116	else if (type == PRIVATEKEY_TYPE) {
wolfSSL	0:1239e9b70ca2	2117	if (ssl) {
wolfSSL	0:1239e9b70ca2	2118	if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
wolfSSL	0:1239e9b70ca2	2119	XFREE(ssl->buffers.key.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2120	ssl->buffers.key = der;
wolfSSL	0:1239e9b70ca2	2121	ssl->buffers.weOwnKey = 1;
wolfSSL	0:1239e9b70ca2	2122	}
wolfSSL	0:1239e9b70ca2	2123	else if (ctx) {
wolfSSL	0:1239e9b70ca2	2124	if (ctx->privateKey.buffer)
wolfSSL	0:1239e9b70ca2	2125	XFREE(ctx->privateKey.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2126	ctx->privateKey = der; /* takes der over */
wolfSSL	0:1239e9b70ca2	2127	}
wolfSSL	0:1239e9b70ca2	2128	}
wolfSSL	0:1239e9b70ca2	2129	else {
wolfSSL	0:1239e9b70ca2	2130	XFREE(der.buffer, heap, dynamicType);
wolfSSL	0:1239e9b70ca2	2131	return SSL_BAD_CERTTYPE;
wolfSSL	0:1239e9b70ca2	2132	}
wolfSSL	0:1239e9b70ca2	2133
wolfSSL	0:1239e9b70ca2	2134	if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) {
wolfSSL	0:1239e9b70ca2	2135	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	2136	if (!eccKey) {
wolfSSL	0:1239e9b70ca2	2137	/* make sure RSA key can be used */
wolfSSL	0:1239e9b70ca2	2138	RsaKey key;
wolfSSL	0:1239e9b70ca2	2139	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	2140
wolfSSL	0:1239e9b70ca2	2141	ret = InitRsaKey(&key, 0);
wolfSSL	0:1239e9b70ca2	2142	if (ret != 0) return ret;
wolfSSL	0:1239e9b70ca2	2143	if (RsaPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
wolfSSL	0:1239e9b70ca2	2144	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	2145	/* could have DER ECC (or pkcs8 ecc), no easy way to tell */
wolfSSL	0:1239e9b70ca2	2146	eccKey = 1; /* so try it out */
wolfSSL	0:1239e9b70ca2	2147	#endif
wolfSSL	0:1239e9b70ca2	2148	if (!eccKey) {
wolfSSL	0:1239e9b70ca2	2149	FreeRsaKey(&key);
wolfSSL	0:1239e9b70ca2	2150	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2151	}
wolfSSL	0:1239e9b70ca2	2152	} else {
wolfSSL	0:1239e9b70ca2	2153	rsaKey = 1;
wolfSSL	0:1239e9b70ca2	2154	(void)rsaKey; /* for no ecc builds */
wolfSSL	0:1239e9b70ca2	2155	}
wolfSSL	0:1239e9b70ca2	2156	FreeRsaKey(&key);
wolfSSL	0:1239e9b70ca2	2157	}
wolfSSL	0:1239e9b70ca2	2158	#endif
wolfSSL	0:1239e9b70ca2	2159	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	2160	if (!rsaKey) {
wolfSSL	0:1239e9b70ca2	2161	/* make sure ECC key can be used */
wolfSSL	0:1239e9b70ca2	2162	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	2163	ecc_key key;
wolfSSL	0:1239e9b70ca2	2164
wolfSSL	0:1239e9b70ca2	2165	ecc_init(&key);
wolfSSL	0:1239e9b70ca2	2166	if (EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
wolfSSL	0:1239e9b70ca2	2167	ecc_free(&key);
wolfSSL	0:1239e9b70ca2	2168	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2169	}
wolfSSL	0:1239e9b70ca2	2170	ecc_free(&key);
wolfSSL	0:1239e9b70ca2	2171	eccKey = 1;
wolfSSL	0:1239e9b70ca2	2172	if (ctx)
wolfSSL	0:1239e9b70ca2	2173	ctx->haveStaticECC = 1;
wolfSSL	0:1239e9b70ca2	2174	if (ssl)
wolfSSL	0:1239e9b70ca2	2175	ssl->options.haveStaticECC = 1;
wolfSSL	0:1239e9b70ca2	2176	}
wolfSSL	0:1239e9b70ca2	2177	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	2178	}
wolfSSL	0:1239e9b70ca2	2179	else if (type == CERT_TYPE) {
wolfSSL	0:1239e9b70ca2	2180	DecodedCert cert;
wolfSSL	0:1239e9b70ca2	2181
wolfSSL	0:1239e9b70ca2	2182	CYASSL_MSG("Checking cert signature type");
wolfSSL	0:1239e9b70ca2	2183	InitDecodedCert(&cert, der.buffer, der.length, heap);
wolfSSL	0:1239e9b70ca2	2184
wolfSSL	0:1239e9b70ca2	2185	if (DecodeToKey(&cert, 0) < 0) {
wolfSSL	0:1239e9b70ca2	2186	CYASSL_MSG("Decode to key failed");
wolfSSL	0:1239e9b70ca2	2187	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2188	}
wolfSSL	0:1239e9b70ca2	2189	switch (cert.signatureOID) {
wolfSSL	0:1239e9b70ca2	2190	case CTC_SHAwECDSA:
wolfSSL	0:1239e9b70ca2	2191	case CTC_SHA256wECDSA:
wolfSSL	0:1239e9b70ca2	2192	case CTC_SHA384wECDSA:
wolfSSL	0:1239e9b70ca2	2193	case CTC_SHA512wECDSA:
wolfSSL	0:1239e9b70ca2	2194	CYASSL_MSG("ECDSA cert signature");
wolfSSL	0:1239e9b70ca2	2195	if (ctx)
wolfSSL	0:1239e9b70ca2	2196	ctx->haveECDSAsig = 1;
wolfSSL	0:1239e9b70ca2	2197	if (ssl)
wolfSSL	0:1239e9b70ca2	2198	ssl->options.haveECDSAsig = 1;
wolfSSL	0:1239e9b70ca2	2199	break;
wolfSSL	0:1239e9b70ca2	2200	default:
wolfSSL	0:1239e9b70ca2	2201	CYASSL_MSG("Not ECDSA cert signature");
wolfSSL	0:1239e9b70ca2	2202	break;
wolfSSL	0:1239e9b70ca2	2203	}
wolfSSL	0:1239e9b70ca2	2204
wolfSSL	0:1239e9b70ca2	2205	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	2206	if (ctx)
wolfSSL	0:1239e9b70ca2	2207	ctx->pkCurveOID = cert.pkCurveOID;
wolfSSL	0:1239e9b70ca2	2208	if (ssl)
wolfSSL	0:1239e9b70ca2	2209	ssl->pkCurveOID = cert.pkCurveOID;
wolfSSL	0:1239e9b70ca2	2210	#endif
wolfSSL	0:1239e9b70ca2	2211
wolfSSL	0:1239e9b70ca2	2212	FreeDecodedCert(&cert);
wolfSSL	0:1239e9b70ca2	2213	}
wolfSSL	0:1239e9b70ca2	2214
wolfSSL	0:1239e9b70ca2	2215	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2216	}
wolfSSL	0:1239e9b70ca2	2217
wolfSSL	0:1239e9b70ca2	2218
wolfSSL	0:1239e9b70ca2	2219
wolfSSL	0:1239e9b70ca2	2220
wolfSSL	0:1239e9b70ca2	2221	/* CA PEM file for verification, may have multiple/chain certs to process */
wolfSSL	0:1239e9b70ca2	2222	static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
wolfSSL	0:1239e9b70ca2	2223	long sz, int format, int type, CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2224	{
wolfSSL	0:1239e9b70ca2	2225	long used = 0;
wolfSSL	0:1239e9b70ca2	2226	int ret = 0;
wolfSSL	0:1239e9b70ca2	2227	int gotOne = 0;
wolfSSL	0:1239e9b70ca2	2228
wolfSSL	0:1239e9b70ca2	2229	CYASSL_MSG("Processing CA PEM file");
wolfSSL	0:1239e9b70ca2	2230	while (used < sz) {
wolfSSL	0:1239e9b70ca2	2231	long consumed = 0;
wolfSSL	0:1239e9b70ca2	2232
wolfSSL	0:1239e9b70ca2	2233	ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
wolfSSL	0:1239e9b70ca2	2234	&consumed, 0);
wolfSSL	0:1239e9b70ca2	2235
wolfSSL	0:1239e9b70ca2	2236	if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL	0:1239e9b70ca2	2237	CYASSL_MSG("We got one good PEM file so stuff at end ok");
wolfSSL	0:1239e9b70ca2	2238	ret = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2239	break;
wolfSSL	0:1239e9b70ca2	2240	}
wolfSSL	0:1239e9b70ca2	2241
wolfSSL	0:1239e9b70ca2	2242	if (ret < 0)
wolfSSL	0:1239e9b70ca2	2243	break;
wolfSSL	0:1239e9b70ca2	2244
wolfSSL	0:1239e9b70ca2	2245	CYASSL_MSG(" Processed a CA");
wolfSSL	0:1239e9b70ca2	2246	gotOne = 1;
wolfSSL	0:1239e9b70ca2	2247	used += consumed;
wolfSSL	0:1239e9b70ca2	2248	}
wolfSSL	0:1239e9b70ca2	2249
wolfSSL	0:1239e9b70ca2	2250	return ret;
wolfSSL	0:1239e9b70ca2	2251	}
wolfSSL	0:1239e9b70ca2	2252
wolfSSL	0:1239e9b70ca2	2253
wolfSSL	0:1239e9b70ca2	2254	/* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL	0:1239e9b70ca2	2255	int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
wolfSSL	0:1239e9b70ca2	2256	long sz, int format)
wolfSSL	0:1239e9b70ca2	2257	{
wolfSSL	0:1239e9b70ca2	2258	int ret = 0;
wolfSSL	0:1239e9b70ca2	2259	int eccKey = 0; /* not used */
wolfSSL	0:1239e9b70ca2	2260
wolfSSL	0:1239e9b70ca2	2261	DecodedCert cert;
wolfSSL	0:1239e9b70ca2	2262	buffer der;
wolfSSL	0:1239e9b70ca2	2263
wolfSSL	0:1239e9b70ca2	2264	CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
wolfSSL	0:1239e9b70ca2	2265
wolfSSL	0:1239e9b70ca2	2266	der.buffer = NULL;
wolfSSL	0:1239e9b70ca2	2267	der.length = 0;
wolfSSL	0:1239e9b70ca2	2268
wolfSSL	0:1239e9b70ca2	2269	if (format == SSL_FILETYPE_PEM) {
wolfSSL	0:1239e9b70ca2	2270	EncryptedInfo info;
wolfSSL	0:1239e9b70ca2	2271
wolfSSL	0:1239e9b70ca2	2272	info.set = 0;
wolfSSL	0:1239e9b70ca2	2273	info.ctx = NULL;
wolfSSL	0:1239e9b70ca2	2274	info.consumed = 0;
wolfSSL	0:1239e9b70ca2	2275	ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey);
wolfSSL	0:1239e9b70ca2	2276	InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
wolfSSL	0:1239e9b70ca2	2277	}
wolfSSL	0:1239e9b70ca2	2278	else
wolfSSL	0:1239e9b70ca2	2279	InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap);
wolfSSL	0:1239e9b70ca2	2280
wolfSSL	0:1239e9b70ca2	2281	if (ret == 0)
wolfSSL	0:1239e9b70ca2	2282	ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
wolfSSL	0:1239e9b70ca2	2283	#ifdef HAVE_CRL
wolfSSL	0:1239e9b70ca2	2284	if (ret == 0 && cm->crlEnabled)
wolfSSL	0:1239e9b70ca2	2285	ret = CheckCertCRL(cm->crl, &cert);
wolfSSL	0:1239e9b70ca2	2286	#endif
wolfSSL	0:1239e9b70ca2	2287
wolfSSL	0:1239e9b70ca2	2288	FreeDecodedCert(&cert);
wolfSSL	0:1239e9b70ca2	2289	XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	2290
wolfSSL	0:1239e9b70ca2	2291	if (ret == 0)
wolfSSL	0:1239e9b70ca2	2292	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2293	return ret;
wolfSSL	0:1239e9b70ca2	2294	}
wolfSSL	0:1239e9b70ca2	2295
wolfSSL	0:1239e9b70ca2	2296
wolfSSL	0:1239e9b70ca2	2297	#ifndef NO_FILESYSTEM
wolfSSL	0:1239e9b70ca2	2298
wolfSSL	0:1239e9b70ca2	2299	#if defined(CYASSL_MDK_ARM)
wolfSSL	0:1239e9b70ca2	2300	extern FILE * CyaSSL_fopen(const char name, const char mode) ;
wolfSSL	0:1239e9b70ca2	2301	#define XFOPEN CyaSSL_fopen
wolfSSL	0:1239e9b70ca2	2302	#else
wolfSSL	0:1239e9b70ca2	2303	#define XFOPEN fopen
wolfSSL	0:1239e9b70ca2	2304	#endif
wolfSSL	0:1239e9b70ca2	2305
wolfSSL	0:1239e9b70ca2	2306	/* process a file with name fname into ctx of format and type
wolfSSL	0:1239e9b70ca2	2307	userChain specifies a user certificate chain to pass during handshake */
wolfSSL	0:1239e9b70ca2	2308	int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
wolfSSL	0:1239e9b70ca2	2309	CYASSL* ssl, int userChain, CYASSL_CRL* crl)
wolfSSL	0:1239e9b70ca2	2310	{
wolfSSL	0:1239e9b70ca2	2311	byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL	0:1239e9b70ca2	2312	byte* myBuffer = staticBuffer;
wolfSSL	0:1239e9b70ca2	2313	int dynamic = 0;
wolfSSL	0:1239e9b70ca2	2314	int ret;
wolfSSL	0:1239e9b70ca2	2315	long sz = 0;
wolfSSL	0:1239e9b70ca2	2316	XFILE file;
wolfSSL	0:1239e9b70ca2	2317	void* heapHint = ctx ? ctx->heap : NULL;
wolfSSL	0:1239e9b70ca2	2318
wolfSSL	0:1239e9b70ca2	2319	(void)crl;
wolfSSL	0:1239e9b70ca2	2320	(void)heapHint;
wolfSSL	0:1239e9b70ca2	2321
wolfSSL	0:1239e9b70ca2	2322	if (fname == NULL) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2323
wolfSSL	0:1239e9b70ca2	2324	file = XFOPEN(fname, "rb");
wolfSSL	0:1239e9b70ca2	2325	if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2326	XFSEEK(file, 0, XSEEK_END);
wolfSSL	0:1239e9b70ca2	2327	sz = XFTELL(file);
wolfSSL	0:1239e9b70ca2	2328	XREWIND(file);
wolfSSL	0:1239e9b70ca2	2329
wolfSSL	0:1239e9b70ca2	2330	if (sz > (long)sizeof(staticBuffer)) {
wolfSSL	0:1239e9b70ca2	2331	CYASSL_MSG("Getting dynamic buffer");
wolfSSL	0:1239e9b70ca2	2332	myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	2333	if (myBuffer == NULL) {
wolfSSL	0:1239e9b70ca2	2334	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	2335	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2336	}
wolfSSL	0:1239e9b70ca2	2337	dynamic = 1;
wolfSSL	0:1239e9b70ca2	2338	}
wolfSSL	0:1239e9b70ca2	2339	else if (sz < 0) {
wolfSSL	0:1239e9b70ca2	2340	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	2341	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2342	}
wolfSSL	0:1239e9b70ca2	2343
wolfSSL	0:1239e9b70ca2	2344	if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL	0:1239e9b70ca2	2345	ret = SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2346	else {
wolfSSL	0:1239e9b70ca2	2347	if (type == CA_TYPE && format == SSL_FILETYPE_PEM)
wolfSSL	0:1239e9b70ca2	2348	ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
wolfSSL	0:1239e9b70ca2	2349	#ifdef HAVE_CRL
wolfSSL	0:1239e9b70ca2	2350	else if (type == CRL_TYPE)
wolfSSL	0:1239e9b70ca2	2351	ret = BufferLoadCRL(crl, myBuffer, sz, format);
wolfSSL	0:1239e9b70ca2	2352	#endif
wolfSSL	0:1239e9b70ca2	2353	else
wolfSSL	0:1239e9b70ca2	2354	ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
wolfSSL	0:1239e9b70ca2	2355	userChain);
wolfSSL	0:1239e9b70ca2	2356	}
wolfSSL	0:1239e9b70ca2	2357
wolfSSL	0:1239e9b70ca2	2358	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	2359	if (dynamic) XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	2360
wolfSSL	0:1239e9b70ca2	2361	return ret;
wolfSSL	0:1239e9b70ca2	2362	}
wolfSSL	0:1239e9b70ca2	2363
wolfSSL	0:1239e9b70ca2	2364
wolfSSL	0:1239e9b70ca2	2365	/* loads file then loads each file in path, no c_rehash */
wolfSSL	0:1239e9b70ca2	2366	int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
wolfSSL	0:1239e9b70ca2	2367	const char* path)
wolfSSL	0:1239e9b70ca2	2368	{
wolfSSL	0:1239e9b70ca2	2369	int ret = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2370
wolfSSL	0:1239e9b70ca2	2371	CYASSL_ENTER("CyaSSL_CTX_load_verify_locations");
wolfSSL	0:1239e9b70ca2	2372	(void)path;
wolfSSL	0:1239e9b70ca2	2373
wolfSSL	0:1239e9b70ca2	2374	if (ctx == NULL \|\| (file == NULL && path == NULL) )
wolfSSL	0:1239e9b70ca2	2375	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	2376
wolfSSL	0:1239e9b70ca2	2377	if (file)
wolfSSL	0:1239e9b70ca2	2378	ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
wolfSSL	0:1239e9b70ca2	2379
wolfSSL	0:1239e9b70ca2	2380	if (ret == SSL_SUCCESS && path) {
wolfSSL	0:1239e9b70ca2	2381	/* try to load each regular file in path */
wolfSSL	0:1239e9b70ca2	2382	#ifdef USE_WINDOWS_API
wolfSSL	0:1239e9b70ca2	2383	WIN32_FIND_DATAA FindFileData;
wolfSSL	0:1239e9b70ca2	2384	HANDLE hFind;
wolfSSL	0:1239e9b70ca2	2385	char name[MAX_FILENAME_SZ];
wolfSSL	0:1239e9b70ca2	2386
wolfSSL	0:1239e9b70ca2	2387	XMEMSET(name, 0, sizeof(name));
wolfSSL	0:1239e9b70ca2	2388	XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
wolfSSL	0:1239e9b70ca2	2389	XSTRNCAT(name, "\\*", 3);
wolfSSL	0:1239e9b70ca2	2390
wolfSSL	0:1239e9b70ca2	2391	hFind = FindFirstFileA(name, &FindFileData);
wolfSSL	0:1239e9b70ca2	2392	if (hFind == INVALID_HANDLE_VALUE) {
wolfSSL	0:1239e9b70ca2	2393	CYASSL_MSG("FindFirstFile for path verify locations failed");
wolfSSL	0:1239e9b70ca2	2394	return BAD_PATH_ERROR;
wolfSSL	0:1239e9b70ca2	2395	}
wolfSSL	0:1239e9b70ca2	2396
wolfSSL	0:1239e9b70ca2	2397	do {
wolfSSL	0:1239e9b70ca2	2398	if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
wolfSSL	0:1239e9b70ca2	2399	XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3);
wolfSSL	0:1239e9b70ca2	2400	XSTRNCAT(name, "\\", 2);
wolfSSL	0:1239e9b70ca2	2401	XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
wolfSSL	0:1239e9b70ca2	2402
wolfSSL	0:1239e9b70ca2	2403	ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
wolfSSL	0:1239e9b70ca2	2404	NULL);
wolfSSL	0:1239e9b70ca2	2405	}
wolfSSL	0:1239e9b70ca2	2406	} while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
wolfSSL	0:1239e9b70ca2	2407
wolfSSL	0:1239e9b70ca2	2408	FindClose(hFind);
wolfSSL	0:1239e9b70ca2	2409	#elif !defined(NO_CYASSL_DIR)
wolfSSL	0:1239e9b70ca2	2410	struct dirent* entry;
wolfSSL	0:1239e9b70ca2	2411	DIR* dir = opendir(path);
wolfSSL	0:1239e9b70ca2	2412
wolfSSL	0:1239e9b70ca2	2413	if (dir == NULL) {
wolfSSL	0:1239e9b70ca2	2414	CYASSL_MSG("opendir path verify locations failed");
wolfSSL	0:1239e9b70ca2	2415	return BAD_PATH_ERROR;
wolfSSL	0:1239e9b70ca2	2416	}
wolfSSL	0:1239e9b70ca2	2417	while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
wolfSSL	0:1239e9b70ca2	2418	char name[MAX_FILENAME_SZ];
wolfSSL	0:1239e9b70ca2	2419	struct stat s;
wolfSSL	0:1239e9b70ca2	2420
wolfSSL	0:1239e9b70ca2	2421	XMEMSET(name, 0, sizeof(name));
wolfSSL	0:1239e9b70ca2	2422	XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
wolfSSL	0:1239e9b70ca2	2423	XSTRNCAT(name, "/", 1);
wolfSSL	0:1239e9b70ca2	2424	XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
wolfSSL	0:1239e9b70ca2	2425
wolfSSL	0:1239e9b70ca2	2426	if (stat(name, &s) != 0) {
wolfSSL	0:1239e9b70ca2	2427	CYASSL_MSG("stat on name failed");
wolfSSL	0:1239e9b70ca2	2428	closedir(dir);
wolfSSL	0:1239e9b70ca2	2429	return BAD_PATH_ERROR;
wolfSSL	0:1239e9b70ca2	2430	}
wolfSSL	0:1239e9b70ca2	2431	if (s.st_mode & S_IFREG) {
wolfSSL	0:1239e9b70ca2	2432	ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
wolfSSL	0:1239e9b70ca2	2433	NULL);
wolfSSL	0:1239e9b70ca2	2434	}
wolfSSL	0:1239e9b70ca2	2435	}
wolfSSL	0:1239e9b70ca2	2436	closedir(dir);
wolfSSL	0:1239e9b70ca2	2437	#endif
wolfSSL	0:1239e9b70ca2	2438	}
wolfSSL	0:1239e9b70ca2	2439
wolfSSL	0:1239e9b70ca2	2440	return ret;
wolfSSL	0:1239e9b70ca2	2441	}
wolfSSL	0:1239e9b70ca2	2442
wolfSSL	0:1239e9b70ca2	2443
wolfSSL	0:1239e9b70ca2	2444	/* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL	0:1239e9b70ca2	2445	int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
wolfSSL	0:1239e9b70ca2	2446	int format)
wolfSSL	0:1239e9b70ca2	2447	{
wolfSSL	0:1239e9b70ca2	2448	int ret = SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	2449	byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL	0:1239e9b70ca2	2450	byte* myBuffer = staticBuffer;
wolfSSL	0:1239e9b70ca2	2451	int dynamic = 0;
wolfSSL	0:1239e9b70ca2	2452	long sz = 0;
wolfSSL	0:1239e9b70ca2	2453	XFILE file = XFOPEN(fname, "rb");
wolfSSL	0:1239e9b70ca2	2454
wolfSSL	0:1239e9b70ca2	2455	CYASSL_ENTER("CyaSSL_CertManagerVerify");
wolfSSL	0:1239e9b70ca2	2456
wolfSSL	0:1239e9b70ca2	2457	if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2458	XFSEEK(file, 0, XSEEK_END);
wolfSSL	0:1239e9b70ca2	2459	sz = XFTELL(file);
wolfSSL	0:1239e9b70ca2	2460	XREWIND(file);
wolfSSL	0:1239e9b70ca2	2461
wolfSSL	0:1239e9b70ca2	2462	if (sz > MAX_CYASSL_FILE_SIZE \|\| sz < 0) {
wolfSSL	0:1239e9b70ca2	2463	CYASSL_MSG("CertManagerVerify file bad size");
wolfSSL	0:1239e9b70ca2	2464	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	2465	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2466	}
wolfSSL	0:1239e9b70ca2	2467
wolfSSL	0:1239e9b70ca2	2468	if (sz > (long)sizeof(staticBuffer)) {
wolfSSL	0:1239e9b70ca2	2469	CYASSL_MSG("Getting dynamic buffer");
wolfSSL	0:1239e9b70ca2	2470	myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	2471	if (myBuffer == NULL) {
wolfSSL	0:1239e9b70ca2	2472	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	2473	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2474	}
wolfSSL	0:1239e9b70ca2	2475	dynamic = 1;
wolfSSL	0:1239e9b70ca2	2476	}
wolfSSL	0:1239e9b70ca2	2477
wolfSSL	0:1239e9b70ca2	2478	if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL	0:1239e9b70ca2	2479	ret = SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	2480	else
wolfSSL	0:1239e9b70ca2	2481	ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
wolfSSL	0:1239e9b70ca2	2482
wolfSSL	0:1239e9b70ca2	2483	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	2484	if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	2485
wolfSSL	0:1239e9b70ca2	2486	return ret;
wolfSSL	0:1239e9b70ca2	2487	}
wolfSSL	0:1239e9b70ca2	2488
wolfSSL	0:1239e9b70ca2	2489
wolfSSL	0:1239e9b70ca2	2490	static INLINE CYASSL_METHOD* cm_pick_method(void)
wolfSSL	0:1239e9b70ca2	2491	{
wolfSSL	0:1239e9b70ca2	2492	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	2493	#ifdef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	2494	return CyaTLSv1_2_client_method();
wolfSSL	0:1239e9b70ca2	2495	#else
wolfSSL	0:1239e9b70ca2	2496	return CyaSSLv3_client_method();
wolfSSL	0:1239e9b70ca2	2497	#endif
wolfSSL	0:1239e9b70ca2	2498	#elif !defined(NO_CYASSL_SERVER)
wolfSSL	0:1239e9b70ca2	2499	#ifdef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	2500	return CyaTLSv1_2_server_method();
wolfSSL	0:1239e9b70ca2	2501	#else
wolfSSL	0:1239e9b70ca2	2502	return CyaSSLv3_server_method();
wolfSSL	0:1239e9b70ca2	2503	#endif
wolfSSL	0:1239e9b70ca2	2504	#else
wolfSSL	0:1239e9b70ca2	2505	return NULL;
wolfSSL	0:1239e9b70ca2	2506	#endif
wolfSSL	0:1239e9b70ca2	2507	}
wolfSSL	0:1239e9b70ca2	2508
wolfSSL	0:1239e9b70ca2	2509
wolfSSL	0:1239e9b70ca2	2510	/* like load verify locations, 1 for success, < 0 for error */
wolfSSL	0:1239e9b70ca2	2511	int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
wolfSSL	0:1239e9b70ca2	2512	const char* path)
wolfSSL	0:1239e9b70ca2	2513	{
wolfSSL	0:1239e9b70ca2	2514	int ret = SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	2515	CYASSL_CTX* tmp;
wolfSSL	0:1239e9b70ca2	2516
wolfSSL	0:1239e9b70ca2	2517	CYASSL_ENTER("CyaSSL_CertManagerLoadCA");
wolfSSL	0:1239e9b70ca2	2518
wolfSSL	0:1239e9b70ca2	2519	if (cm == NULL) {
wolfSSL	0:1239e9b70ca2	2520	CYASSL_MSG("No CertManager error");
wolfSSL	0:1239e9b70ca2	2521	return ret;
wolfSSL	0:1239e9b70ca2	2522	}
wolfSSL	0:1239e9b70ca2	2523	tmp = CyaSSL_CTX_new(cm_pick_method());
wolfSSL	0:1239e9b70ca2	2524
wolfSSL	0:1239e9b70ca2	2525	if (tmp == NULL) {
wolfSSL	0:1239e9b70ca2	2526	CYASSL_MSG("CTX new failed");
wolfSSL	0:1239e9b70ca2	2527	return ret;
wolfSSL	0:1239e9b70ca2	2528	}
wolfSSL	0:1239e9b70ca2	2529
wolfSSL	0:1239e9b70ca2	2530	/* for tmp use */
wolfSSL	0:1239e9b70ca2	2531	CyaSSL_CertManagerFree(tmp->cm);
wolfSSL	0:1239e9b70ca2	2532	tmp->cm = cm;
wolfSSL	0:1239e9b70ca2	2533
wolfSSL	0:1239e9b70ca2	2534	ret = CyaSSL_CTX_load_verify_locations(tmp, file, path);
wolfSSL	0:1239e9b70ca2	2535
wolfSSL	0:1239e9b70ca2	2536	/* don't loose our good one */
wolfSSL	0:1239e9b70ca2	2537	tmp->cm = NULL;
wolfSSL	0:1239e9b70ca2	2538	CyaSSL_CTX_free(tmp);
wolfSSL	0:1239e9b70ca2	2539
wolfSSL	0:1239e9b70ca2	2540	return ret;
wolfSSL	0:1239e9b70ca2	2541	}
wolfSSL	0:1239e9b70ca2	2542
wolfSSL	0:1239e9b70ca2	2543
wolfSSL	0:1239e9b70ca2	2544
wolfSSL	0:1239e9b70ca2	2545	/* turn on CRL if off and compiled in, set options */
wolfSSL	0:1239e9b70ca2	2546	int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
wolfSSL	0:1239e9b70ca2	2547	{
wolfSSL	0:1239e9b70ca2	2548	int ret = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2549
wolfSSL	0:1239e9b70ca2	2550	(void)options;
wolfSSL	0:1239e9b70ca2	2551
wolfSSL	0:1239e9b70ca2	2552	CYASSL_ENTER("CyaSSL_CertManagerEnableCRL");
wolfSSL	0:1239e9b70ca2	2553	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2554	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2555
wolfSSL	0:1239e9b70ca2	2556	#ifdef HAVE_CRL
wolfSSL	0:1239e9b70ca2	2557	if (cm->crl == NULL) {
wolfSSL	0:1239e9b70ca2	2558	cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap,
wolfSSL	0:1239e9b70ca2	2559	DYNAMIC_TYPE_CRL);
wolfSSL	0:1239e9b70ca2	2560	if (cm->crl == NULL)
wolfSSL	0:1239e9b70ca2	2561	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	2562
wolfSSL	0:1239e9b70ca2	2563	if (InitCRL(cm->crl, cm) != 0) {
wolfSSL	0:1239e9b70ca2	2564	CYASSL_MSG("Init CRL failed");
wolfSSL	0:1239e9b70ca2	2565	FreeCRL(cm->crl, 1);
wolfSSL	0:1239e9b70ca2	2566	cm->crl = NULL;
wolfSSL	0:1239e9b70ca2	2567	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	2568	}
wolfSSL	0:1239e9b70ca2	2569	}
wolfSSL	0:1239e9b70ca2	2570	cm->crlEnabled = 1;
wolfSSL	0:1239e9b70ca2	2571	if (options & CYASSL_CRL_CHECKALL)
wolfSSL	0:1239e9b70ca2	2572	cm->crlCheckAll = 1;
wolfSSL	0:1239e9b70ca2	2573	#else
wolfSSL	0:1239e9b70ca2	2574	ret = NOT_COMPILED_IN;
wolfSSL	0:1239e9b70ca2	2575	#endif
wolfSSL	0:1239e9b70ca2	2576
wolfSSL	0:1239e9b70ca2	2577	return ret;
wolfSSL	0:1239e9b70ca2	2578	}
wolfSSL	0:1239e9b70ca2	2579
wolfSSL	0:1239e9b70ca2	2580
wolfSSL	0:1239e9b70ca2	2581	int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
wolfSSL	0:1239e9b70ca2	2582	{
wolfSSL	0:1239e9b70ca2	2583	CYASSL_ENTER("CyaSSL_CertManagerDisableCRL");
wolfSSL	0:1239e9b70ca2	2584	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2585	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2586
wolfSSL	0:1239e9b70ca2	2587	cm->crlEnabled = 0;
wolfSSL	0:1239e9b70ca2	2588
wolfSSL	0:1239e9b70ca2	2589	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2590	}
wolfSSL	0:1239e9b70ca2	2591
wolfSSL	0:1239e9b70ca2	2592
wolfSSL	0:1239e9b70ca2	2593	/* turn on OCSP if off and compiled in, set options */
wolfSSL	0:1239e9b70ca2	2594	int CyaSSL_CertManagerEnableOCSP(CYASSL_CERT_MANAGER* cm, int options)
wolfSSL	0:1239e9b70ca2	2595	{
wolfSSL	0:1239e9b70ca2	2596	int ret = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2597
wolfSSL	0:1239e9b70ca2	2598	(void)options;
wolfSSL	0:1239e9b70ca2	2599
wolfSSL	0:1239e9b70ca2	2600	CYASSL_ENTER("CyaSSL_CertManagerEnableOCSP");
wolfSSL	0:1239e9b70ca2	2601	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2602	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2603
wolfSSL	0:1239e9b70ca2	2604	#ifdef HAVE_OCSP
wolfSSL	0:1239e9b70ca2	2605	if (cm->ocsp == NULL) {
wolfSSL	0:1239e9b70ca2	2606	cm->ocsp = (CYASSL_OCSP*)XMALLOC(sizeof(CYASSL_OCSP), cm->heap,
wolfSSL	0:1239e9b70ca2	2607	DYNAMIC_TYPE_OCSP);
wolfSSL	0:1239e9b70ca2	2608	if (cm->ocsp == NULL)
wolfSSL	0:1239e9b70ca2	2609	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	2610
wolfSSL	0:1239e9b70ca2	2611	if (InitOCSP(cm->ocsp, cm) != 0) {
wolfSSL	0:1239e9b70ca2	2612	CYASSL_MSG("Init OCSP failed");
wolfSSL	0:1239e9b70ca2	2613	FreeOCSP(cm->ocsp, 1);
wolfSSL	0:1239e9b70ca2	2614	cm->ocsp = NULL;
wolfSSL	0:1239e9b70ca2	2615	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	2616	}
wolfSSL	0:1239e9b70ca2	2617	}
wolfSSL	0:1239e9b70ca2	2618	cm->ocspEnabled = 1;
wolfSSL	0:1239e9b70ca2	2619	if (options & CYASSL_OCSP_URL_OVERRIDE)
wolfSSL	0:1239e9b70ca2	2620	cm->ocspUseOverrideURL = 1;
wolfSSL	0:1239e9b70ca2	2621	if (options & CYASSL_OCSP_NO_NONCE)
wolfSSL	0:1239e9b70ca2	2622	cm->ocspSendNonce = 0;
wolfSSL	0:1239e9b70ca2	2623	else
wolfSSL	0:1239e9b70ca2	2624	cm->ocspSendNonce = 1;
wolfSSL	0:1239e9b70ca2	2625	#ifndef CYASSL_USER_IO
wolfSSL	0:1239e9b70ca2	2626	cm->ocspIOCb = EmbedOcspLookup;
wolfSSL	0:1239e9b70ca2	2627	cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL	0:1239e9b70ca2	2628	#endif /* CYASSL_USER_IO */
wolfSSL	0:1239e9b70ca2	2629	#else
wolfSSL	0:1239e9b70ca2	2630	ret = NOT_COMPILED_IN;
wolfSSL	0:1239e9b70ca2	2631	#endif
wolfSSL	0:1239e9b70ca2	2632
wolfSSL	0:1239e9b70ca2	2633	return ret;
wolfSSL	0:1239e9b70ca2	2634	}
wolfSSL	0:1239e9b70ca2	2635
wolfSSL	0:1239e9b70ca2	2636
wolfSSL	0:1239e9b70ca2	2637	int CyaSSL_CertManagerDisableOCSP(CYASSL_CERT_MANAGER* cm)
wolfSSL	0:1239e9b70ca2	2638	{
wolfSSL	0:1239e9b70ca2	2639	CYASSL_ENTER("CyaSSL_CertManagerDisableOCSP");
wolfSSL	0:1239e9b70ca2	2640	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2641	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2642
wolfSSL	0:1239e9b70ca2	2643	cm->ocspEnabled = 0;
wolfSSL	0:1239e9b70ca2	2644
wolfSSL	0:1239e9b70ca2	2645	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2646	}
wolfSSL	0:1239e9b70ca2	2647
wolfSSL	0:1239e9b70ca2	2648
wolfSSL	0:1239e9b70ca2	2649	int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	2650	{
wolfSSL	0:1239e9b70ca2	2651	/* TODO: check private against public for RSA match */
wolfSSL	0:1239e9b70ca2	2652	(void)ctx;
wolfSSL	0:1239e9b70ca2	2653	CYASSL_ENTER("SSL_CTX_check_private_key");
wolfSSL	0:1239e9b70ca2	2654	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2655	}
wolfSSL	0:1239e9b70ca2	2656
wolfSSL	0:1239e9b70ca2	2657
wolfSSL	0:1239e9b70ca2	2658	#ifdef HAVE_CRL
wolfSSL	0:1239e9b70ca2	2659
wolfSSL	0:1239e9b70ca2	2660
wolfSSL	0:1239e9b70ca2	2661	/* check CRL if enabled, SSL_SUCCESS */
wolfSSL	0:1239e9b70ca2	2662	int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL	0:1239e9b70ca2	2663	{
wolfSSL	0:1239e9b70ca2	2664	int ret;
wolfSSL	0:1239e9b70ca2	2665	DecodedCert cert;
wolfSSL	0:1239e9b70ca2	2666
wolfSSL	0:1239e9b70ca2	2667	CYASSL_ENTER("CyaSSL_CertManagerCheckCRL");
wolfSSL	0:1239e9b70ca2	2668
wolfSSL	0:1239e9b70ca2	2669	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2670	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2671
wolfSSL	0:1239e9b70ca2	2672	if (cm->crlEnabled == 0)
wolfSSL	0:1239e9b70ca2	2673	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2674
wolfSSL	0:1239e9b70ca2	2675	InitDecodedCert(&cert, der, sz, NULL);
wolfSSL	0:1239e9b70ca2	2676
wolfSSL	0:1239e9b70ca2	2677	ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
wolfSSL	0:1239e9b70ca2	2678	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	2679	CYASSL_MSG("ParseCert failed");
wolfSSL	0:1239e9b70ca2	2680	return ret;
wolfSSL	0:1239e9b70ca2	2681	}
wolfSSL	0:1239e9b70ca2	2682	else {
wolfSSL	0:1239e9b70ca2	2683	ret = CheckCertCRL(cm->crl, &cert);
wolfSSL	0:1239e9b70ca2	2684	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	2685	CYASSL_MSG("CheckCertCRL failed");
wolfSSL	0:1239e9b70ca2	2686	}
wolfSSL	0:1239e9b70ca2	2687	}
wolfSSL	0:1239e9b70ca2	2688
wolfSSL	0:1239e9b70ca2	2689	FreeDecodedCert(&cert);
wolfSSL	0:1239e9b70ca2	2690
wolfSSL	0:1239e9b70ca2	2691	if (ret == 0)
wolfSSL	0:1239e9b70ca2	2692	return SSL_SUCCESS; /* convert */
wolfSSL	0:1239e9b70ca2	2693
wolfSSL	0:1239e9b70ca2	2694	return ret;
wolfSSL	0:1239e9b70ca2	2695	}
wolfSSL	0:1239e9b70ca2	2696
wolfSSL	0:1239e9b70ca2	2697
wolfSSL	0:1239e9b70ca2	2698	int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
wolfSSL	0:1239e9b70ca2	2699	{
wolfSSL	0:1239e9b70ca2	2700	CYASSL_ENTER("CyaSSL_CertManagerSetCRL_Cb");
wolfSSL	0:1239e9b70ca2	2701	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2702	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2703
wolfSSL	0:1239e9b70ca2	2704	cm->cbMissingCRL = cb;
wolfSSL	0:1239e9b70ca2	2705
wolfSSL	0:1239e9b70ca2	2706	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2707	}
wolfSSL	0:1239e9b70ca2	2708
wolfSSL	0:1239e9b70ca2	2709
wolfSSL	0:1239e9b70ca2	2710	int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
wolfSSL	0:1239e9b70ca2	2711	int type, int monitor)
wolfSSL	0:1239e9b70ca2	2712	{
wolfSSL	0:1239e9b70ca2	2713	CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
wolfSSL	0:1239e9b70ca2	2714	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2715	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2716
wolfSSL	0:1239e9b70ca2	2717	if (cm->crl == NULL) {
wolfSSL	0:1239e9b70ca2	2718	if (CyaSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
wolfSSL	0:1239e9b70ca2	2719	CYASSL_MSG("Enable CRL failed");
wolfSSL	0:1239e9b70ca2	2720	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	2721	}
wolfSSL	0:1239e9b70ca2	2722	}
wolfSSL	0:1239e9b70ca2	2723
wolfSSL	0:1239e9b70ca2	2724	return LoadCRL(cm->crl, path, type, monitor);
wolfSSL	0:1239e9b70ca2	2725	}
wolfSSL	0:1239e9b70ca2	2726
wolfSSL	0:1239e9b70ca2	2727
wolfSSL	0:1239e9b70ca2	2728	int CyaSSL_EnableCRL(CYASSL* ssl, int options)
wolfSSL	0:1239e9b70ca2	2729	{
wolfSSL	0:1239e9b70ca2	2730	CYASSL_ENTER("CyaSSL_EnableCRL");
wolfSSL	0:1239e9b70ca2	2731	if (ssl)
wolfSSL	0:1239e9b70ca2	2732	return CyaSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
wolfSSL	0:1239e9b70ca2	2733	else
wolfSSL	0:1239e9b70ca2	2734	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2735	}
wolfSSL	0:1239e9b70ca2	2736
wolfSSL	0:1239e9b70ca2	2737
wolfSSL	0:1239e9b70ca2	2738	int CyaSSL_DisableCRL(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2739	{
wolfSSL	0:1239e9b70ca2	2740	CYASSL_ENTER("CyaSSL_DisableCRL");
wolfSSL	0:1239e9b70ca2	2741	if (ssl)
wolfSSL	0:1239e9b70ca2	2742	return CyaSSL_CertManagerDisableCRL(ssl->ctx->cm);
wolfSSL	0:1239e9b70ca2	2743	else
wolfSSL	0:1239e9b70ca2	2744	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2745	}
wolfSSL	0:1239e9b70ca2	2746
wolfSSL	0:1239e9b70ca2	2747
wolfSSL	0:1239e9b70ca2	2748	int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor)
wolfSSL	0:1239e9b70ca2	2749	{
wolfSSL	0:1239e9b70ca2	2750	CYASSL_ENTER("CyaSSL_LoadCRL");
wolfSSL	0:1239e9b70ca2	2751	if (ssl)
wolfSSL	0:1239e9b70ca2	2752	return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
wolfSSL	0:1239e9b70ca2	2753	else
wolfSSL	0:1239e9b70ca2	2754	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2755	}
wolfSSL	0:1239e9b70ca2	2756
wolfSSL	0:1239e9b70ca2	2757
wolfSSL	0:1239e9b70ca2	2758	int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb)
wolfSSL	0:1239e9b70ca2	2759	{
wolfSSL	0:1239e9b70ca2	2760	CYASSL_ENTER("CyaSSL_SetCRL_Cb");
wolfSSL	0:1239e9b70ca2	2761	if (ssl)
wolfSSL	0:1239e9b70ca2	2762	return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
wolfSSL	0:1239e9b70ca2	2763	else
wolfSSL	0:1239e9b70ca2	2764	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2765	}
wolfSSL	0:1239e9b70ca2	2766
wolfSSL	0:1239e9b70ca2	2767
wolfSSL	0:1239e9b70ca2	2768	int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options)
wolfSSL	0:1239e9b70ca2	2769	{
wolfSSL	0:1239e9b70ca2	2770	CYASSL_ENTER("CyaSSL_CTX_EnableCRL");
wolfSSL	0:1239e9b70ca2	2771	if (ctx)
wolfSSL	0:1239e9b70ca2	2772	return CyaSSL_CertManagerEnableCRL(ctx->cm, options);
wolfSSL	0:1239e9b70ca2	2773	else
wolfSSL	0:1239e9b70ca2	2774	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2775	}
wolfSSL	0:1239e9b70ca2	2776
wolfSSL	0:1239e9b70ca2	2777
wolfSSL	0:1239e9b70ca2	2778	int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	2779	{
wolfSSL	0:1239e9b70ca2	2780	CYASSL_ENTER("CyaSSL_CTX_DisableCRL");
wolfSSL	0:1239e9b70ca2	2781	if (ctx)
wolfSSL	0:1239e9b70ca2	2782	return CyaSSL_CertManagerDisableCRL(ctx->cm);
wolfSSL	0:1239e9b70ca2	2783	else
wolfSSL	0:1239e9b70ca2	2784	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2785	}
wolfSSL	0:1239e9b70ca2	2786
wolfSSL	0:1239e9b70ca2	2787
wolfSSL	0:1239e9b70ca2	2788	int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor)
wolfSSL	0:1239e9b70ca2	2789	{
wolfSSL	0:1239e9b70ca2	2790	CYASSL_ENTER("CyaSSL_CTX_LoadCRL");
wolfSSL	0:1239e9b70ca2	2791	if (ctx)
wolfSSL	0:1239e9b70ca2	2792	return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
wolfSSL	0:1239e9b70ca2	2793	else
wolfSSL	0:1239e9b70ca2	2794	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2795	}
wolfSSL	0:1239e9b70ca2	2796
wolfSSL	0:1239e9b70ca2	2797
wolfSSL	0:1239e9b70ca2	2798	int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb)
wolfSSL	0:1239e9b70ca2	2799	{
wolfSSL	0:1239e9b70ca2	2800	CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb");
wolfSSL	0:1239e9b70ca2	2801	if (ctx)
wolfSSL	0:1239e9b70ca2	2802	return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
wolfSSL	0:1239e9b70ca2	2803	else
wolfSSL	0:1239e9b70ca2	2804	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2805	}
wolfSSL	0:1239e9b70ca2	2806
wolfSSL	0:1239e9b70ca2	2807
wolfSSL	0:1239e9b70ca2	2808	#endif /* HAVE_CRL */
wolfSSL	0:1239e9b70ca2	2809
wolfSSL	0:1239e9b70ca2	2810
wolfSSL	0:1239e9b70ca2	2811	#ifdef HAVE_OCSP
wolfSSL	0:1239e9b70ca2	2812
wolfSSL	0:1239e9b70ca2	2813
wolfSSL	0:1239e9b70ca2	2814	/* check CRL if enabled, SSL_SUCCESS */
wolfSSL	0:1239e9b70ca2	2815	int CyaSSL_CertManagerCheckOCSP(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL	0:1239e9b70ca2	2816	{
wolfSSL	0:1239e9b70ca2	2817	int ret;
wolfSSL	0:1239e9b70ca2	2818	DecodedCert cert;
wolfSSL	0:1239e9b70ca2	2819
wolfSSL	0:1239e9b70ca2	2820	CYASSL_ENTER("CyaSSL_CertManagerCheckOCSP");
wolfSSL	0:1239e9b70ca2	2821
wolfSSL	0:1239e9b70ca2	2822	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2823	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2824
wolfSSL	0:1239e9b70ca2	2825	if (cm->ocspEnabled == 0)
wolfSSL	0:1239e9b70ca2	2826	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2827
wolfSSL	0:1239e9b70ca2	2828	InitDecodedCert(&cert, der, sz, NULL);
wolfSSL	0:1239e9b70ca2	2829
wolfSSL	0:1239e9b70ca2	2830	ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
wolfSSL	0:1239e9b70ca2	2831	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	2832	CYASSL_MSG("ParseCert failed");
wolfSSL	0:1239e9b70ca2	2833	return ret;
wolfSSL	0:1239e9b70ca2	2834	}
wolfSSL	0:1239e9b70ca2	2835	else {
wolfSSL	0:1239e9b70ca2	2836	ret = CheckCertOCSP(cm->ocsp, &cert);
wolfSSL	0:1239e9b70ca2	2837	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	2838	CYASSL_MSG("CheckCertOCSP failed");
wolfSSL	0:1239e9b70ca2	2839	}
wolfSSL	0:1239e9b70ca2	2840	}
wolfSSL	0:1239e9b70ca2	2841
wolfSSL	0:1239e9b70ca2	2842	FreeDecodedCert(&cert);
wolfSSL	0:1239e9b70ca2	2843
wolfSSL	0:1239e9b70ca2	2844	if (ret == 0)
wolfSSL	0:1239e9b70ca2	2845	return SSL_SUCCESS; /* convert */
wolfSSL	0:1239e9b70ca2	2846
wolfSSL	0:1239e9b70ca2	2847	return ret;
wolfSSL	0:1239e9b70ca2	2848	}
wolfSSL	0:1239e9b70ca2	2849
wolfSSL	0:1239e9b70ca2	2850
wolfSSL	0:1239e9b70ca2	2851	int CyaSSL_CertManagerSetOCSPOverrideURL(CYASSL_CERT_MANAGER* cm,
wolfSSL	0:1239e9b70ca2	2852	const char* url)
wolfSSL	0:1239e9b70ca2	2853	{
wolfSSL	0:1239e9b70ca2	2854	CYASSL_ENTER("CyaSSL_CertManagerSetOCSPOverrideURL");
wolfSSL	0:1239e9b70ca2	2855	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2856	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2857
wolfSSL	0:1239e9b70ca2	2858	XFREE(cm->ocspOverrideURL, cm->heap, 0);
wolfSSL	0:1239e9b70ca2	2859	if (url != NULL) {
wolfSSL	0:1239e9b70ca2	2860	int urlSz = (int)XSTRLEN(url) + 1;
wolfSSL	0:1239e9b70ca2	2861	cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, 0);
wolfSSL	0:1239e9b70ca2	2862	if (cm->ocspOverrideURL != NULL) {
wolfSSL	0:1239e9b70ca2	2863	XMEMCPY(cm->ocspOverrideURL, url, urlSz);
wolfSSL	0:1239e9b70ca2	2864	}
wolfSSL	0:1239e9b70ca2	2865	else
wolfSSL	0:1239e9b70ca2	2866	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	2867	}
wolfSSL	0:1239e9b70ca2	2868	else
wolfSSL	0:1239e9b70ca2	2869	cm->ocspOverrideURL = NULL;
wolfSSL	0:1239e9b70ca2	2870
wolfSSL	0:1239e9b70ca2	2871	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2872	}
wolfSSL	0:1239e9b70ca2	2873
wolfSSL	0:1239e9b70ca2	2874
wolfSSL	0:1239e9b70ca2	2875	int CyaSSL_CertManagerSetOCSP_Cb(CYASSL_CERT_MANAGER* cm,
wolfSSL	0:1239e9b70ca2	2876	CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL	0:1239e9b70ca2	2877	{
wolfSSL	0:1239e9b70ca2	2878	CYASSL_ENTER("CyaSSL_CertManagerSetOCSP_Cb");
wolfSSL	0:1239e9b70ca2	2879	if (cm == NULL)
wolfSSL	0:1239e9b70ca2	2880	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2881
wolfSSL	0:1239e9b70ca2	2882	cm->ocspIOCb = ioCb;
wolfSSL	0:1239e9b70ca2	2883	cm->ocspRespFreeCb = respFreeCb;
wolfSSL	0:1239e9b70ca2	2884	cm->ocspIOCtx = ioCbCtx;
wolfSSL	0:1239e9b70ca2	2885
wolfSSL	0:1239e9b70ca2	2886	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2887	}
wolfSSL	0:1239e9b70ca2	2888
wolfSSL	0:1239e9b70ca2	2889
wolfSSL	0:1239e9b70ca2	2890	int CyaSSL_EnableOCSP(CYASSL* ssl, int options)
wolfSSL	0:1239e9b70ca2	2891	{
wolfSSL	0:1239e9b70ca2	2892	CYASSL_ENTER("CyaSSL_EnableOCSP");
wolfSSL	0:1239e9b70ca2	2893	if (ssl)
wolfSSL	0:1239e9b70ca2	2894	return CyaSSL_CertManagerEnableOCSP(ssl->ctx->cm, options);
wolfSSL	0:1239e9b70ca2	2895	else
wolfSSL	0:1239e9b70ca2	2896	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2897	}
wolfSSL	0:1239e9b70ca2	2898
wolfSSL	0:1239e9b70ca2	2899
wolfSSL	0:1239e9b70ca2	2900	int CyaSSL_DisableOCSP(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	2901	{
wolfSSL	0:1239e9b70ca2	2902	CYASSL_ENTER("CyaSSL_DisableOCSP");
wolfSSL	0:1239e9b70ca2	2903	if (ssl)
wolfSSL	0:1239e9b70ca2	2904	return CyaSSL_CertManagerDisableOCSP(ssl->ctx->cm);
wolfSSL	0:1239e9b70ca2	2905	else
wolfSSL	0:1239e9b70ca2	2906	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2907	}
wolfSSL	0:1239e9b70ca2	2908
wolfSSL	0:1239e9b70ca2	2909
wolfSSL	0:1239e9b70ca2	2910	int CyaSSL_SetOCSP_OverrideURL(CYASSL* ssl, const char* url)
wolfSSL	0:1239e9b70ca2	2911	{
wolfSSL	0:1239e9b70ca2	2912	CYASSL_ENTER("CyaSSL_SetOCSP_OverrideURL");
wolfSSL	0:1239e9b70ca2	2913	if (ssl)
wolfSSL	0:1239e9b70ca2	2914	return CyaSSL_CertManagerSetOCSPOverrideURL(ssl->ctx->cm, url);
wolfSSL	0:1239e9b70ca2	2915	else
wolfSSL	0:1239e9b70ca2	2916	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2917	}
wolfSSL	0:1239e9b70ca2	2918
wolfSSL	0:1239e9b70ca2	2919
wolfSSL	0:1239e9b70ca2	2920	int CyaSSL_SetOCSP_Cb(CYASSL* ssl,
wolfSSL	0:1239e9b70ca2	2921	CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL	0:1239e9b70ca2	2922	{
wolfSSL	0:1239e9b70ca2	2923	CYASSL_ENTER("CyaSSL_SetOCSP_Cb");
wolfSSL	0:1239e9b70ca2	2924	if (ssl)
wolfSSL	0:1239e9b70ca2	2925	return CyaSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
wolfSSL	0:1239e9b70ca2	2926	ioCb, respFreeCb, ioCbCtx);
wolfSSL	0:1239e9b70ca2	2927	else
wolfSSL	0:1239e9b70ca2	2928	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2929	}
wolfSSL	0:1239e9b70ca2	2930
wolfSSL	0:1239e9b70ca2	2931
wolfSSL	0:1239e9b70ca2	2932	int CyaSSL_CTX_EnableOCSP(CYASSL_CTX* ctx, int options)
wolfSSL	0:1239e9b70ca2	2933	{
wolfSSL	0:1239e9b70ca2	2934	CYASSL_ENTER("CyaSSL_CTX_EnableOCSP");
wolfSSL	0:1239e9b70ca2	2935	if (ctx)
wolfSSL	0:1239e9b70ca2	2936	return CyaSSL_CertManagerEnableOCSP(ctx->cm, options);
wolfSSL	0:1239e9b70ca2	2937	else
wolfSSL	0:1239e9b70ca2	2938	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2939	}
wolfSSL	0:1239e9b70ca2	2940
wolfSSL	0:1239e9b70ca2	2941
wolfSSL	0:1239e9b70ca2	2942	int CyaSSL_CTX_DisableOCSP(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	2943	{
wolfSSL	0:1239e9b70ca2	2944	CYASSL_ENTER("CyaSSL_CTX_DisableOCSP");
wolfSSL	0:1239e9b70ca2	2945	if (ctx)
wolfSSL	0:1239e9b70ca2	2946	return CyaSSL_CertManagerDisableOCSP(ctx->cm);
wolfSSL	0:1239e9b70ca2	2947	else
wolfSSL	0:1239e9b70ca2	2948	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2949	}
wolfSSL	0:1239e9b70ca2	2950
wolfSSL	0:1239e9b70ca2	2951
wolfSSL	0:1239e9b70ca2	2952	int CyaSSL_CTX_SetOCSP_OverrideURL(CYASSL_CTX* ctx, const char* url)
wolfSSL	0:1239e9b70ca2	2953	{
wolfSSL	0:1239e9b70ca2	2954	CYASSL_ENTER("CyaSSL_SetOCSP_OverrideURL");
wolfSSL	0:1239e9b70ca2	2955	if (ctx)
wolfSSL	0:1239e9b70ca2	2956	return CyaSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
wolfSSL	0:1239e9b70ca2	2957	else
wolfSSL	0:1239e9b70ca2	2958	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2959	}
wolfSSL	0:1239e9b70ca2	2960
wolfSSL	0:1239e9b70ca2	2961
wolfSSL	0:1239e9b70ca2	2962	int CyaSSL_CTX_SetOCSP_Cb(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	2963	CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL	0:1239e9b70ca2	2964	{
wolfSSL	0:1239e9b70ca2	2965	CYASSL_ENTER("CyaSSL_CTX_SetOCSP_Cb");
wolfSSL	0:1239e9b70ca2	2966	if (ctx)
wolfSSL	0:1239e9b70ca2	2967	return CyaSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, respFreeCb, ioCbCtx);
wolfSSL	0:1239e9b70ca2	2968	else
wolfSSL	0:1239e9b70ca2	2969	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	2970	}
wolfSSL	0:1239e9b70ca2	2971
wolfSSL	0:1239e9b70ca2	2972
wolfSSL	0:1239e9b70ca2	2973	#endif /* HAVE_OCSP */
wolfSSL	0:1239e9b70ca2	2974
wolfSSL	0:1239e9b70ca2	2975
wolfSSL	0:1239e9b70ca2	2976	#ifdef CYASSL_DER_LOAD
wolfSSL	0:1239e9b70ca2	2977
wolfSSL	0:1239e9b70ca2	2978	/* Add format parameter to allow DER load of CA files */
wolfSSL	0:1239e9b70ca2	2979	int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file,
wolfSSL	0:1239e9b70ca2	2980	int format)
wolfSSL	0:1239e9b70ca2	2981	{
wolfSSL	0:1239e9b70ca2	2982	CYASSL_ENTER("CyaSSL_CTX_der_load_verify_locations");
wolfSSL	0:1239e9b70ca2	2983	if (ctx == NULL \|\| file == NULL)
wolfSSL	0:1239e9b70ca2	2984	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	2985
wolfSSL	0:1239e9b70ca2	2986	if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	2987	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	2988
wolfSSL	0:1239e9b70ca2	2989	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	2990	}
wolfSSL	0:1239e9b70ca2	2991
wolfSSL	0:1239e9b70ca2	2992	#endif /* CYASSL_DER_LOAD */
wolfSSL	0:1239e9b70ca2	2993
wolfSSL	0:1239e9b70ca2	2994
wolfSSL	0:1239e9b70ca2	2995	#ifdef CYASSL_CERT_GEN
wolfSSL	0:1239e9b70ca2	2996
wolfSSL	0:1239e9b70ca2	2997	/* load pem cert from file into der buffer, return der size or error */
wolfSSL	0:1239e9b70ca2	2998	int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
wolfSSL	0:1239e9b70ca2	2999	{
wolfSSL	0:1239e9b70ca2	3000	byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL	0:1239e9b70ca2	3001	byte* fileBuf = staticBuffer;
wolfSSL	0:1239e9b70ca2	3002	int dynamic = 0;
wolfSSL	0:1239e9b70ca2	3003	int ret;
wolfSSL	0:1239e9b70ca2	3004	int ecc = 0;
wolfSSL	0:1239e9b70ca2	3005	long sz = 0;
wolfSSL	0:1239e9b70ca2	3006	XFILE file = XFOPEN(fileName, "rb");
wolfSSL	0:1239e9b70ca2	3007	EncryptedInfo info;
wolfSSL	0:1239e9b70ca2	3008	buffer converted;
wolfSSL	0:1239e9b70ca2	3009
wolfSSL	0:1239e9b70ca2	3010	CYASSL_ENTER("CyaSSL_PemCertToDer");
wolfSSL	0:1239e9b70ca2	3011	converted.buffer = 0;
wolfSSL	0:1239e9b70ca2	3012
wolfSSL	0:1239e9b70ca2	3013	if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3014	XFSEEK(file, 0, XSEEK_END);
wolfSSL	0:1239e9b70ca2	3015	sz = XFTELL(file);
wolfSSL	0:1239e9b70ca2	3016	XREWIND(file);
wolfSSL	0:1239e9b70ca2	3017
wolfSSL	0:1239e9b70ca2	3018	if (sz > (long)sizeof(staticBuffer)) {
wolfSSL	0:1239e9b70ca2	3019	fileBuf = (byte*) XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	3020	if (fileBuf == NULL) {
wolfSSL	0:1239e9b70ca2	3021	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3022	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3023	}
wolfSSL	0:1239e9b70ca2	3024	dynamic = 1;
wolfSSL	0:1239e9b70ca2	3025	}
wolfSSL	0:1239e9b70ca2	3026	else if (sz < 0) {
wolfSSL	0:1239e9b70ca2	3027	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3028	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3029	}
wolfSSL	0:1239e9b70ca2	3030
wolfSSL	0:1239e9b70ca2	3031	if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
wolfSSL	0:1239e9b70ca2	3032	ret = SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3033	else
wolfSSL	0:1239e9b70ca2	3034	ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, &info, &ecc);
wolfSSL	0:1239e9b70ca2	3035
wolfSSL	0:1239e9b70ca2	3036	if (ret == 0) {
wolfSSL	0:1239e9b70ca2	3037	if (converted.length < (word32)derSz) {
wolfSSL	0:1239e9b70ca2	3038	XMEMCPY(derBuf, converted.buffer, converted.length);
wolfSSL	0:1239e9b70ca2	3039	ret = converted.length;
wolfSSL	0:1239e9b70ca2	3040	}
wolfSSL	0:1239e9b70ca2	3041	else
wolfSSL	0:1239e9b70ca2	3042	ret = BUFFER_E;
wolfSSL	0:1239e9b70ca2	3043	}
wolfSSL	0:1239e9b70ca2	3044
wolfSSL	0:1239e9b70ca2	3045	XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA);
wolfSSL	0:1239e9b70ca2	3046	if (dynamic)
wolfSSL	0:1239e9b70ca2	3047	XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	3048	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3049
wolfSSL	0:1239e9b70ca2	3050	return ret;
wolfSSL	0:1239e9b70ca2	3051	}
wolfSSL	0:1239e9b70ca2	3052
wolfSSL	0:1239e9b70ca2	3053	#endif /* CYASSL_CERT_GEN */
wolfSSL	0:1239e9b70ca2	3054
wolfSSL	0:1239e9b70ca2	3055
wolfSSL	0:1239e9b70ca2	3056	int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file,
wolfSSL	0:1239e9b70ca2	3057	int format)
wolfSSL	0:1239e9b70ca2	3058	{
wolfSSL	0:1239e9b70ca2	3059	CYASSL_ENTER("CyaSSL_CTX_use_certificate_file");
wolfSSL	0:1239e9b70ca2	3060	if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	3061	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3062
wolfSSL	0:1239e9b70ca2	3063	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	3064	}
wolfSSL	0:1239e9b70ca2	3065
wolfSSL	0:1239e9b70ca2	3066
wolfSSL	0:1239e9b70ca2	3067	int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX* ctx, const char* file,int format)
wolfSSL	0:1239e9b70ca2	3068	{
wolfSSL	0:1239e9b70ca2	3069	CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_file");
wolfSSL	0:1239e9b70ca2	3070	if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL	0:1239e9b70ca2	3071	== SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	3072	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3073
wolfSSL	0:1239e9b70ca2	3074	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	3075	}
wolfSSL	0:1239e9b70ca2	3076
wolfSSL	0:1239e9b70ca2	3077
wolfSSL	0:1239e9b70ca2	3078	int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file)
wolfSSL	0:1239e9b70ca2	3079	{
wolfSSL	0:1239e9b70ca2	3080	/* procces up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL	0:1239e9b70ca2	3081	CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_file");
wolfSSL	0:1239e9b70ca2	3082	if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
wolfSSL	0:1239e9b70ca2	3083	== SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	3084	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3085
wolfSSL	0:1239e9b70ca2	3086	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	3087	}
wolfSSL	0:1239e9b70ca2	3088
wolfSSL	0:1239e9b70ca2	3089
wolfSSL	0:1239e9b70ca2	3090	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	3091	/* put SSL type in extra for now, not very common */
wolfSSL	0:1239e9b70ca2	3092
wolfSSL	0:1239e9b70ca2	3093	int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
wolfSSL	0:1239e9b70ca2	3094	{
wolfSSL	0:1239e9b70ca2	3095	CYASSL_ENTER("CyaSSL_use_certificate_file");
wolfSSL	0:1239e9b70ca2	3096	if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
wolfSSL	0:1239e9b70ca2	3097	== SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	3098	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3099
wolfSSL	0:1239e9b70ca2	3100	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	3101	}
wolfSSL	0:1239e9b70ca2	3102
wolfSSL	0:1239e9b70ca2	3103
wolfSSL	0:1239e9b70ca2	3104	int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
wolfSSL	0:1239e9b70ca2	3105	{
wolfSSL	0:1239e9b70ca2	3106	CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
wolfSSL	0:1239e9b70ca2	3107	if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
wolfSSL	0:1239e9b70ca2	3108	== SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	3109	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3110
wolfSSL	0:1239e9b70ca2	3111	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	3112	}
wolfSSL	0:1239e9b70ca2	3113
wolfSSL	0:1239e9b70ca2	3114
wolfSSL	0:1239e9b70ca2	3115	int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
wolfSSL	0:1239e9b70ca2	3116	{
wolfSSL	0:1239e9b70ca2	3117	/* procces up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL	0:1239e9b70ca2	3118	CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
wolfSSL	0:1239e9b70ca2	3119	if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
wolfSSL	0:1239e9b70ca2	3120	== SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	3121	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3122
wolfSSL	0:1239e9b70ca2	3123	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	3124	}
wolfSSL	0:1239e9b70ca2	3125
wolfSSL	0:1239e9b70ca2	3126
wolfSSL	0:1239e9b70ca2	3127	/* server wrapper for ctx or ssl Diffie-Hellman parameters */
wolfSSL	0:1239e9b70ca2	3128	static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
wolfSSL	0:1239e9b70ca2	3129	const unsigned char* buf, long sz, int format)
wolfSSL	0:1239e9b70ca2	3130	{
wolfSSL	0:1239e9b70ca2	3131	buffer der;
wolfSSL	0:1239e9b70ca2	3132	int ret;
wolfSSL	0:1239e9b70ca2	3133	int weOwnDer = 0;
wolfSSL	0:1239e9b70ca2	3134	byte p[MAX_DH_SIZE];
wolfSSL	0:1239e9b70ca2	3135	byte g[MAX_DH_SIZE];
wolfSSL	0:1239e9b70ca2	3136	word32 pSz = sizeof(p);
wolfSSL	0:1239e9b70ca2	3137	word32 gSz = sizeof(g);
wolfSSL	0:1239e9b70ca2	3138
wolfSSL	0:1239e9b70ca2	3139	der.buffer = (byte*)buf;
wolfSSL	0:1239e9b70ca2	3140	der.length = (word32)sz;
wolfSSL	0:1239e9b70ca2	3141
wolfSSL	0:1239e9b70ca2	3142	if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
wolfSSL	0:1239e9b70ca2	3143	return SSL_BAD_FILETYPE;
wolfSSL	0:1239e9b70ca2	3144
wolfSSL	0:1239e9b70ca2	3145	if (format == SSL_FILETYPE_PEM) {
wolfSSL	0:1239e9b70ca2	3146	der.buffer = NULL;
wolfSSL	0:1239e9b70ca2	3147	ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL);
wolfSSL	0:1239e9b70ca2	3148	if (ret < 0) {
wolfSSL	0:1239e9b70ca2	3149	XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
wolfSSL	0:1239e9b70ca2	3150	return ret;
wolfSSL	0:1239e9b70ca2	3151	}
wolfSSL	0:1239e9b70ca2	3152	weOwnDer = 1;
wolfSSL	0:1239e9b70ca2	3153	}
wolfSSL	0:1239e9b70ca2	3154
wolfSSL	0:1239e9b70ca2	3155	if (DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0)
wolfSSL	0:1239e9b70ca2	3156	ret = SSL_BAD_FILETYPE;
wolfSSL	0:1239e9b70ca2	3157	else {
wolfSSL	0:1239e9b70ca2	3158	if (ssl)
wolfSSL	0:1239e9b70ca2	3159	ret = CyaSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL	0:1239e9b70ca2	3160	else
wolfSSL	0:1239e9b70ca2	3161	ret = CyaSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL	0:1239e9b70ca2	3162	}
wolfSSL	0:1239e9b70ca2	3163
wolfSSL	0:1239e9b70ca2	3164	if (weOwnDer)
wolfSSL	0:1239e9b70ca2	3165	XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
wolfSSL	0:1239e9b70ca2	3166
wolfSSL	0:1239e9b70ca2	3167	return ret;
wolfSSL	0:1239e9b70ca2	3168	}
wolfSSL	0:1239e9b70ca2	3169
wolfSSL	0:1239e9b70ca2	3170	/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	3171	int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz,
wolfSSL	0:1239e9b70ca2	3172	int format)
wolfSSL	0:1239e9b70ca2	3173	{
wolfSSL	0:1239e9b70ca2	3174	return CyaSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
wolfSSL	0:1239e9b70ca2	3175	}
wolfSSL	0:1239e9b70ca2	3176
wolfSSL	0:1239e9b70ca2	3177
wolfSSL	0:1239e9b70ca2	3178	/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	3179	int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf,
wolfSSL	0:1239e9b70ca2	3180	long sz, int format)
wolfSSL	0:1239e9b70ca2	3181	{
wolfSSL	0:1239e9b70ca2	3182	return CyaSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
wolfSSL	0:1239e9b70ca2	3183	}
wolfSSL	0:1239e9b70ca2	3184
wolfSSL	0:1239e9b70ca2	3185
wolfSSL	0:1239e9b70ca2	3186	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	3187
wolfSSL	0:1239e9b70ca2	3188	/* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL	0:1239e9b70ca2	3189	int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz)
wolfSSL	0:1239e9b70ca2	3190	{
wolfSSL	0:1239e9b70ca2	3191	if (ctx == NULL \|\| sz < ECC_MINSIZE \|\| sz > ECC_MAXSIZE)
wolfSSL	0:1239e9b70ca2	3192	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	3193
wolfSSL	0:1239e9b70ca2	3194	ctx->eccTempKeySz = sz;
wolfSSL	0:1239e9b70ca2	3195
wolfSSL	0:1239e9b70ca2	3196	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3197	}
wolfSSL	0:1239e9b70ca2	3198
wolfSSL	0:1239e9b70ca2	3199
wolfSSL	0:1239e9b70ca2	3200	/* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL	0:1239e9b70ca2	3201	int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz)
wolfSSL	0:1239e9b70ca2	3202	{
wolfSSL	0:1239e9b70ca2	3203	if (ssl == NULL \|\| sz < ECC_MINSIZE \|\| sz > ECC_MAXSIZE)
wolfSSL	0:1239e9b70ca2	3204	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	3205
wolfSSL	0:1239e9b70ca2	3206	ssl->eccTempKeySz = sz;
wolfSSL	0:1239e9b70ca2	3207
wolfSSL	0:1239e9b70ca2	3208	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3209	}
wolfSSL	0:1239e9b70ca2	3210
wolfSSL	0:1239e9b70ca2	3211	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	3212
wolfSSL	0:1239e9b70ca2	3213
wolfSSL	0:1239e9b70ca2	3214	#if !defined(NO_FILESYSTEM)
wolfSSL	0:1239e9b70ca2	3215
wolfSSL	0:1239e9b70ca2	3216	/* server Diffie-Hellman parameters */
wolfSSL	0:1239e9b70ca2	3217	static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
wolfSSL	0:1239e9b70ca2	3218	const char* fname, int format)
wolfSSL	0:1239e9b70ca2	3219	{
wolfSSL	0:1239e9b70ca2	3220	byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL	0:1239e9b70ca2	3221	byte* myBuffer = staticBuffer;
wolfSSL	0:1239e9b70ca2	3222	int dynamic = 0;
wolfSSL	0:1239e9b70ca2	3223	int ret;
wolfSSL	0:1239e9b70ca2	3224	long sz = 0;
wolfSSL	0:1239e9b70ca2	3225	XFILE file = XFOPEN(fname, "rb");
wolfSSL	0:1239e9b70ca2	3226
wolfSSL	0:1239e9b70ca2	3227	if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3228	XFSEEK(file, 0, XSEEK_END);
wolfSSL	0:1239e9b70ca2	3229	sz = XFTELL(file);
wolfSSL	0:1239e9b70ca2	3230	XREWIND(file);
wolfSSL	0:1239e9b70ca2	3231
wolfSSL	0:1239e9b70ca2	3232	if (sz > (long)sizeof(staticBuffer)) {
wolfSSL	0:1239e9b70ca2	3233	CYASSL_MSG("Getting dynamic buffer");
wolfSSL	0:1239e9b70ca2	3234	myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	3235	if (myBuffer == NULL) {
wolfSSL	0:1239e9b70ca2	3236	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3237	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3238	}
wolfSSL	0:1239e9b70ca2	3239	dynamic = 1;
wolfSSL	0:1239e9b70ca2	3240	}
wolfSSL	0:1239e9b70ca2	3241	else if (sz < 0) {
wolfSSL	0:1239e9b70ca2	3242	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3243	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3244	}
wolfSSL	0:1239e9b70ca2	3245
wolfSSL	0:1239e9b70ca2	3246	if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
wolfSSL	0:1239e9b70ca2	3247	ret = SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3248	else {
wolfSSL	0:1239e9b70ca2	3249	if (ssl)
wolfSSL	0:1239e9b70ca2	3250	ret = CyaSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
wolfSSL	0:1239e9b70ca2	3251	else
wolfSSL	0:1239e9b70ca2	3252	ret = CyaSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
wolfSSL	0:1239e9b70ca2	3253	}
wolfSSL	0:1239e9b70ca2	3254
wolfSSL	0:1239e9b70ca2	3255	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3256	if (dynamic) XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	3257
wolfSSL	0:1239e9b70ca2	3258	return ret;
wolfSSL	0:1239e9b70ca2	3259	}
wolfSSL	0:1239e9b70ca2	3260
wolfSSL	0:1239e9b70ca2	3261	/* server Diffie-Hellman parameters */
wolfSSL	0:1239e9b70ca2	3262	int CyaSSL_SetTmpDH_file(CYASSL* ssl, const char* fname, int format)
wolfSSL	0:1239e9b70ca2	3263	{
wolfSSL	0:1239e9b70ca2	3264	return CyaSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
wolfSSL	0:1239e9b70ca2	3265	}
wolfSSL	0:1239e9b70ca2	3266
wolfSSL	0:1239e9b70ca2	3267
wolfSSL	0:1239e9b70ca2	3268	/* server Diffie-Hellman parameters */
wolfSSL	0:1239e9b70ca2	3269	int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format)
wolfSSL	0:1239e9b70ca2	3270	{
wolfSSL	0:1239e9b70ca2	3271	return CyaSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
wolfSSL	0:1239e9b70ca2	3272	}
wolfSSL	0:1239e9b70ca2	3273
wolfSSL	0:1239e9b70ca2	3274
wolfSSL	0:1239e9b70ca2	3275	#endif /* !NO_FILESYSTEM */
wolfSSL	0:1239e9b70ca2	3276	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	3277
wolfSSL	0:1239e9b70ca2	3278	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	3279
wolfSSL	0:1239e9b70ca2	3280	int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
wolfSSL	0:1239e9b70ca2	3281	{
wolfSSL	0:1239e9b70ca2	3282	CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file");
wolfSSL	0:1239e9b70ca2	3283	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	3284	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	3285
wolfSSL	0:1239e9b70ca2	3286	if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL	0:1239e9b70ca2	3287	== SSL_SUCCESS) {
wolfSSL	0:1239e9b70ca2	3288	ctx->haveNTRU = 1;
wolfSSL	0:1239e9b70ca2	3289	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3290	}
wolfSSL	0:1239e9b70ca2	3291
wolfSSL	0:1239e9b70ca2	3292	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	3293	}
wolfSSL	0:1239e9b70ca2	3294
wolfSSL	0:1239e9b70ca2	3295	#endif /* HAVE_NTRU */
wolfSSL	0:1239e9b70ca2	3296
wolfSSL	0:1239e9b70ca2	3297
wolfSSL	0:1239e9b70ca2	3298
wolfSSL	0:1239e9b70ca2	3299	#if defined(OPENSSL_EXTRA)
wolfSSL	0:1239e9b70ca2	3300
wolfSSL	0:1239e9b70ca2	3301	int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file,
wolfSSL	0:1239e9b70ca2	3302	int format)
wolfSSL	0:1239e9b70ca2	3303	{
wolfSSL	0:1239e9b70ca2	3304	CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
wolfSSL	0:1239e9b70ca2	3305
wolfSSL	0:1239e9b70ca2	3306	return CyaSSL_CTX_use_PrivateKey_file(ctx, file, format);
wolfSSL	0:1239e9b70ca2	3307	}
wolfSSL	0:1239e9b70ca2	3308
wolfSSL	0:1239e9b70ca2	3309	int CyaSSL_use_RSAPrivateKey_file(CYASSL* ssl, const char* file, int format)
wolfSSL	0:1239e9b70ca2	3310	{
wolfSSL	0:1239e9b70ca2	3311	CYASSL_ENTER("CyaSSL_use_RSAPrivateKey_file");
wolfSSL	0:1239e9b70ca2	3312
wolfSSL	0:1239e9b70ca2	3313	return CyaSSL_use_PrivateKey_file(ssl, file, format);
wolfSSL	0:1239e9b70ca2	3314	}
wolfSSL	0:1239e9b70ca2	3315
wolfSSL	0:1239e9b70ca2	3316	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	3317
wolfSSL	0:1239e9b70ca2	3318	#endif /* NO_FILESYSTEM */
wolfSSL	0:1239e9b70ca2	3319
wolfSSL	0:1239e9b70ca2	3320
wolfSSL	0:1239e9b70ca2	3321	void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
wolfSSL	0:1239e9b70ca2	3322	{
wolfSSL	0:1239e9b70ca2	3323	CYASSL_ENTER("CyaSSL_CTX_set_verify");
wolfSSL	0:1239e9b70ca2	3324	if (mode & SSL_VERIFY_PEER) {
wolfSSL	0:1239e9b70ca2	3325	ctx->verifyPeer = 1;
wolfSSL	0:1239e9b70ca2	3326	ctx->verifyNone = 0; /* in case perviously set */
wolfSSL	0:1239e9b70ca2	3327	}
wolfSSL	0:1239e9b70ca2	3328
wolfSSL	0:1239e9b70ca2	3329	if (mode == SSL_VERIFY_NONE) {
wolfSSL	0:1239e9b70ca2	3330	ctx->verifyNone = 1;
wolfSSL	0:1239e9b70ca2	3331	ctx->verifyPeer = 0; /* in case previously set */
wolfSSL	0:1239e9b70ca2	3332	}
wolfSSL	0:1239e9b70ca2	3333
wolfSSL	0:1239e9b70ca2	3334	if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL	0:1239e9b70ca2	3335	ctx->failNoCert = 1;
wolfSSL	0:1239e9b70ca2	3336
wolfSSL	0:1239e9b70ca2	3337	ctx->verifyCallback = vc;
wolfSSL	0:1239e9b70ca2	3338	}
wolfSSL	0:1239e9b70ca2	3339
wolfSSL	0:1239e9b70ca2	3340
wolfSSL	0:1239e9b70ca2	3341	void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
wolfSSL	0:1239e9b70ca2	3342	{
wolfSSL	0:1239e9b70ca2	3343	CYASSL_ENTER("CyaSSL_set_verify");
wolfSSL	0:1239e9b70ca2	3344	if (mode & SSL_VERIFY_PEER) {
wolfSSL	0:1239e9b70ca2	3345	ssl->options.verifyPeer = 1;
wolfSSL	0:1239e9b70ca2	3346	ssl->options.verifyNone = 0; /* in case perviously set */
wolfSSL	0:1239e9b70ca2	3347	}
wolfSSL	0:1239e9b70ca2	3348
wolfSSL	0:1239e9b70ca2	3349	if (mode == SSL_VERIFY_NONE) {
wolfSSL	0:1239e9b70ca2	3350	ssl->options.verifyNone = 1;
wolfSSL	0:1239e9b70ca2	3351	ssl->options.verifyPeer = 0; /* in case previously set */
wolfSSL	0:1239e9b70ca2	3352	}
wolfSSL	0:1239e9b70ca2	3353
wolfSSL	0:1239e9b70ca2	3354	if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL	0:1239e9b70ca2	3355	ssl->options.failNoCert = 1;
wolfSSL	0:1239e9b70ca2	3356
wolfSSL	0:1239e9b70ca2	3357	ssl->verifyCallback = vc;
wolfSSL	0:1239e9b70ca2	3358	}
wolfSSL	0:1239e9b70ca2	3359
wolfSSL	0:1239e9b70ca2	3360
wolfSSL	0:1239e9b70ca2	3361	/* store user ctx for verify callback */
wolfSSL	0:1239e9b70ca2	3362	void CyaSSL_SetCertCbCtx(CYASSL* ssl, void* ctx)
wolfSSL	0:1239e9b70ca2	3363	{
wolfSSL	0:1239e9b70ca2	3364	CYASSL_ENTER("CyaSSL_SetCertCbCtx");
wolfSSL	0:1239e9b70ca2	3365	if (ssl)
wolfSSL	0:1239e9b70ca2	3366	ssl->verifyCbCtx = ctx;
wolfSSL	0:1239e9b70ca2	3367	}
wolfSSL	0:1239e9b70ca2	3368
wolfSSL	0:1239e9b70ca2	3369
wolfSSL	0:1239e9b70ca2	3370	/* store context CA Cache addition callback */
wolfSSL	0:1239e9b70ca2	3371	void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
wolfSSL	0:1239e9b70ca2	3372	{
wolfSSL	0:1239e9b70ca2	3373	if (ctx && ctx->cm)
wolfSSL	0:1239e9b70ca2	3374	ctx->cm->caCacheCallback = cb;
wolfSSL	0:1239e9b70ca2	3375	}
wolfSSL	0:1239e9b70ca2	3376
wolfSSL	0:1239e9b70ca2	3377
wolfSSL	0:1239e9b70ca2	3378	#if defined(PERSIST_CERT_CACHE)
wolfSSL	0:1239e9b70ca2	3379
wolfSSL	0:1239e9b70ca2	3380	#if !defined(NO_FILESYSTEM)
wolfSSL	0:1239e9b70ca2	3381
wolfSSL	0:1239e9b70ca2	3382	/* Persist cert cache to file */
wolfSSL	0:1239e9b70ca2	3383	int CyaSSL_CTX_save_cert_cache(CYASSL_CTX* ctx, const char* fname)
wolfSSL	0:1239e9b70ca2	3384	{
wolfSSL	0:1239e9b70ca2	3385	CYASSL_ENTER("CyaSSL_CTX_save_cert_cache");
wolfSSL	0:1239e9b70ca2	3386
wolfSSL	0:1239e9b70ca2	3387	if (ctx == NULL \|\| fname == NULL)
wolfSSL	0:1239e9b70ca2	3388	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	3389
wolfSSL	0:1239e9b70ca2	3390	return CM_SaveCertCache(ctx->cm, fname);
wolfSSL	0:1239e9b70ca2	3391	}
wolfSSL	0:1239e9b70ca2	3392
wolfSSL	0:1239e9b70ca2	3393
wolfSSL	0:1239e9b70ca2	3394	/* Persist cert cache from file */
wolfSSL	0:1239e9b70ca2	3395	int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX* ctx, const char* fname)
wolfSSL	0:1239e9b70ca2	3396	{
wolfSSL	0:1239e9b70ca2	3397	CYASSL_ENTER("CyaSSL_CTX_restore_cert_cache");
wolfSSL	0:1239e9b70ca2	3398
wolfSSL	0:1239e9b70ca2	3399	if (ctx == NULL \|\| fname == NULL)
wolfSSL	0:1239e9b70ca2	3400	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	3401
wolfSSL	0:1239e9b70ca2	3402	return CM_RestoreCertCache(ctx->cm, fname);
wolfSSL	0:1239e9b70ca2	3403	}
wolfSSL	0:1239e9b70ca2	3404
wolfSSL	0:1239e9b70ca2	3405	#endif /* NO_FILESYSTEM */
wolfSSL	0:1239e9b70ca2	3406
wolfSSL	0:1239e9b70ca2	3407	/* Persist cert cache to memory */
wolfSSL	0:1239e9b70ca2	3408	int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX* ctx, void* mem, int sz, int* used)
wolfSSL	0:1239e9b70ca2	3409	{
wolfSSL	0:1239e9b70ca2	3410	CYASSL_ENTER("CyaSSL_CTX_memsave_cert_cache");
wolfSSL	0:1239e9b70ca2	3411
wolfSSL	0:1239e9b70ca2	3412	if (ctx == NULL \|\| mem == NULL \|\| used == NULL \|\| sz <= 0)
wolfSSL	0:1239e9b70ca2	3413	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	3414
wolfSSL	0:1239e9b70ca2	3415	return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
wolfSSL	0:1239e9b70ca2	3416	}
wolfSSL	0:1239e9b70ca2	3417
wolfSSL	0:1239e9b70ca2	3418
wolfSSL	0:1239e9b70ca2	3419	/* Restore cert cache from memory */
wolfSSL	0:1239e9b70ca2	3420	int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX* ctx, const void* mem, int sz)
wolfSSL	0:1239e9b70ca2	3421	{
wolfSSL	0:1239e9b70ca2	3422	CYASSL_ENTER("CyaSSL_CTX_memrestore_cert_cache");
wolfSSL	0:1239e9b70ca2	3423
wolfSSL	0:1239e9b70ca2	3424	if (ctx == NULL \|\| mem == NULL \|\| sz <= 0)
wolfSSL	0:1239e9b70ca2	3425	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	3426
wolfSSL	0:1239e9b70ca2	3427	return CM_MemRestoreCertCache(ctx->cm, mem, sz);
wolfSSL	0:1239e9b70ca2	3428	}
wolfSSL	0:1239e9b70ca2	3429
wolfSSL	0:1239e9b70ca2	3430
wolfSSL	0:1239e9b70ca2	3431	/* get how big the the cert cache save buffer needs to be */
wolfSSL	0:1239e9b70ca2	3432	int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	3433	{
wolfSSL	0:1239e9b70ca2	3434	CYASSL_ENTER("CyaSSL_CTX_get_cert_cache_memsize");
wolfSSL	0:1239e9b70ca2	3435
wolfSSL	0:1239e9b70ca2	3436	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	3437	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	3438
wolfSSL	0:1239e9b70ca2	3439	return CM_GetCertCacheMemSize(ctx->cm);
wolfSSL	0:1239e9b70ca2	3440	}
wolfSSL	0:1239e9b70ca2	3441
wolfSSL	0:1239e9b70ca2	3442	#endif /* PERSISTE_CERT_CACHE */
wolfSSL	0:1239e9b70ca2	3443	#endif /* !NO_CERTS */
wolfSSL	0:1239e9b70ca2	3444
wolfSSL	0:1239e9b70ca2	3445
wolfSSL	0:1239e9b70ca2	3446	#ifndef NO_SESSION_CACHE
wolfSSL	0:1239e9b70ca2	3447
wolfSSL	0:1239e9b70ca2	3448	CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	3449	{
wolfSSL	0:1239e9b70ca2	3450	CYASSL_ENTER("SSL_get_session");
wolfSSL	0:1239e9b70ca2	3451	if (ssl)
wolfSSL	0:1239e9b70ca2	3452	return GetSession(ssl, 0);
wolfSSL	0:1239e9b70ca2	3453
wolfSSL	0:1239e9b70ca2	3454	return NULL;
wolfSSL	0:1239e9b70ca2	3455	}
wolfSSL	0:1239e9b70ca2	3456
wolfSSL	0:1239e9b70ca2	3457
wolfSSL	0:1239e9b70ca2	3458	int CyaSSL_set_session(CYASSL* ssl, CYASSL_SESSION* session)
wolfSSL	0:1239e9b70ca2	3459	{
wolfSSL	0:1239e9b70ca2	3460	CYASSL_ENTER("SSL_set_session");
wolfSSL	0:1239e9b70ca2	3461	if (session)
wolfSSL	0:1239e9b70ca2	3462	return SetSession(ssl, session);
wolfSSL	0:1239e9b70ca2	3463
wolfSSL	0:1239e9b70ca2	3464	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	3465	}
wolfSSL	0:1239e9b70ca2	3466
wolfSSL	0:1239e9b70ca2	3467
wolfSSL	0:1239e9b70ca2	3468	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	3469
wolfSSL	0:1239e9b70ca2	3470	/* Associate client session with serverID, find existing or store for saving
wolfSSL	0:1239e9b70ca2	3471	if newSession flag on, don't reuse existing session
wolfSSL	0:1239e9b70ca2	3472	SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	3473	int CyaSSL_SetServerID(CYASSL* ssl, const byte* id, int len, int newSession)
wolfSSL	0:1239e9b70ca2	3474	{
wolfSSL	0:1239e9b70ca2	3475	CYASSL_SESSION* session = NULL;
wolfSSL	0:1239e9b70ca2	3476
wolfSSL	0:1239e9b70ca2	3477	CYASSL_ENTER("CyaSSL_SetServerID");
wolfSSL	0:1239e9b70ca2	3478
wolfSSL	0:1239e9b70ca2	3479	if (ssl == NULL \|\| id == NULL \|\| len <= 0)
wolfSSL	0:1239e9b70ca2	3480	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	3481
wolfSSL	0:1239e9b70ca2	3482	if (newSession == 0) {
wolfSSL	0:1239e9b70ca2	3483	session = GetSessionClient(ssl, id, len);
wolfSSL	0:1239e9b70ca2	3484	if (session) {
wolfSSL	0:1239e9b70ca2	3485	if (SetSession(ssl, session) != SSL_SUCCESS) {
wolfSSL	0:1239e9b70ca2	3486	CYASSL_MSG("SetSession failed");
wolfSSL	0:1239e9b70ca2	3487	session = NULL;
wolfSSL	0:1239e9b70ca2	3488	}
wolfSSL	0:1239e9b70ca2	3489	}
wolfSSL	0:1239e9b70ca2	3490	}
wolfSSL	0:1239e9b70ca2	3491
wolfSSL	0:1239e9b70ca2	3492	if (session == NULL) {
wolfSSL	0:1239e9b70ca2	3493	CYASSL_MSG("Valid ServerID not cached already");
wolfSSL	0:1239e9b70ca2	3494
wolfSSL	0:1239e9b70ca2	3495	ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
wolfSSL	0:1239e9b70ca2	3496	XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
wolfSSL	0:1239e9b70ca2	3497	}
wolfSSL	0:1239e9b70ca2	3498
wolfSSL	0:1239e9b70ca2	3499	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3500	}
wolfSSL	0:1239e9b70ca2	3501
wolfSSL	0:1239e9b70ca2	3502	#endif /* NO_CLIENT_CACHE */
wolfSSL	0:1239e9b70ca2	3503
wolfSSL	0:1239e9b70ca2	3504	#if defined(PERSIST_SESSION_CACHE)
wolfSSL	0:1239e9b70ca2	3505
wolfSSL	0:1239e9b70ca2	3506	/* for persistance, if changes to layout need to increment and modify
wolfSSL	0:1239e9b70ca2	3507	save_session_cache() and restore_session_cache and memory versions too */
wolfSSL	0:1239e9b70ca2	3508	#define CYASSL_CACHE_VERSION 2
wolfSSL	0:1239e9b70ca2	3509
wolfSSL	0:1239e9b70ca2	3510	/* Session Cache Header information */
wolfSSL	0:1239e9b70ca2	3511	typedef struct {
wolfSSL	0:1239e9b70ca2	3512	int version; /* cache layout version id */
wolfSSL	0:1239e9b70ca2	3513	int rows; /* session rows */
wolfSSL	0:1239e9b70ca2	3514	int columns; /* session columns */
wolfSSL	0:1239e9b70ca2	3515	int sessionSz; /* sizeof CYASSL_SESSION */
wolfSSL	0:1239e9b70ca2	3516	} cache_header_t;
wolfSSL	0:1239e9b70ca2	3517
wolfSSL	0:1239e9b70ca2	3518	/* current persistence layout is:
wolfSSL	0:1239e9b70ca2	3519
wolfSSL	0:1239e9b70ca2	3520	1) cache_header_t
wolfSSL	0:1239e9b70ca2	3521	2) SessionCache
wolfSSL	0:1239e9b70ca2	3522	3) ClientCache
wolfSSL	0:1239e9b70ca2	3523
wolfSSL	0:1239e9b70ca2	3524	update CYASSL_CACHE_VERSION if change layout for the following
wolfSSL	0:1239e9b70ca2	3525	PERSISTENT_SESSION_CACHE functions
wolfSSL	0:1239e9b70ca2	3526	*/
wolfSSL	0:1239e9b70ca2	3527
wolfSSL	0:1239e9b70ca2	3528
wolfSSL	0:1239e9b70ca2	3529	/* get how big the the session cache save buffer needs to be */
wolfSSL	0:1239e9b70ca2	3530	int CyaSSL_get_session_cache_memsize(void)
wolfSSL	0:1239e9b70ca2	3531	{
wolfSSL	0:1239e9b70ca2	3532	int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
wolfSSL	0:1239e9b70ca2	3533
wolfSSL	0:1239e9b70ca2	3534	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	3535	sz += (int)(sizeof(ClientCache));
wolfSSL	0:1239e9b70ca2	3536	#endif
wolfSSL	0:1239e9b70ca2	3537
wolfSSL	0:1239e9b70ca2	3538	return sz;
wolfSSL	0:1239e9b70ca2	3539	}
wolfSSL	0:1239e9b70ca2	3540
wolfSSL	0:1239e9b70ca2	3541
wolfSSL	0:1239e9b70ca2	3542	/* Persist session cache to memory */
wolfSSL	0:1239e9b70ca2	3543	int CyaSSL_memsave_session_cache(void* mem, int sz)
wolfSSL	0:1239e9b70ca2	3544	{
wolfSSL	0:1239e9b70ca2	3545	int i;
wolfSSL	0:1239e9b70ca2	3546	cache_header_t cache_header;
wolfSSL	0:1239e9b70ca2	3547	SessionRow* row = (SessionRow)((byte)mem + sizeof(cache_header));
wolfSSL	0:1239e9b70ca2	3548	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	3549	ClientRow* clRow;
wolfSSL	0:1239e9b70ca2	3550	#endif
wolfSSL	0:1239e9b70ca2	3551
wolfSSL	0:1239e9b70ca2	3552	CYASSL_ENTER("CyaSSL_memsave_session_cache");
wolfSSL	0:1239e9b70ca2	3553
wolfSSL	0:1239e9b70ca2	3554	if (sz < CyaSSL_get_session_cache_memsize()) {
wolfSSL	0:1239e9b70ca2	3555	CYASSL_MSG("Memory buffer too small");
wolfSSL	0:1239e9b70ca2	3556	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	3557	}
wolfSSL	0:1239e9b70ca2	3558
wolfSSL	0:1239e9b70ca2	3559	cache_header.version = CYASSL_CACHE_VERSION;
wolfSSL	0:1239e9b70ca2	3560	cache_header.rows = SESSION_ROWS;
wolfSSL	0:1239e9b70ca2	3561	cache_header.columns = SESSIONS_PER_ROW;
wolfSSL	0:1239e9b70ca2	3562	cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
wolfSSL	0:1239e9b70ca2	3563	XMEMCPY(mem, &cache_header, sizeof(cache_header));
wolfSSL	0:1239e9b70ca2	3564
wolfSSL	0:1239e9b70ca2	3565	if (LockMutex(&session_mutex) != 0) {
wolfSSL	0:1239e9b70ca2	3566	CYASSL_MSG("Session cache mutex lock failed");
wolfSSL	0:1239e9b70ca2	3567	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	3568	}
wolfSSL	0:1239e9b70ca2	3569
wolfSSL	0:1239e9b70ca2	3570	for (i = 0; i < cache_header.rows; ++i)
wolfSSL	0:1239e9b70ca2	3571	XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
wolfSSL	0:1239e9b70ca2	3572
wolfSSL	0:1239e9b70ca2	3573	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	3574	clRow = (ClientRow*)row;
wolfSSL	0:1239e9b70ca2	3575	for (i = 0; i < cache_header.rows; ++i)
wolfSSL	0:1239e9b70ca2	3576	XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
wolfSSL	0:1239e9b70ca2	3577	#endif
wolfSSL	0:1239e9b70ca2	3578
wolfSSL	0:1239e9b70ca2	3579	UnLockMutex(&session_mutex);
wolfSSL	0:1239e9b70ca2	3580
wolfSSL	0:1239e9b70ca2	3581	CYASSL_LEAVE("CyaSSL_memsave_session_cache", SSL_SUCCESS);
wolfSSL	0:1239e9b70ca2	3582
wolfSSL	0:1239e9b70ca2	3583	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3584	}
wolfSSL	0:1239e9b70ca2	3585
wolfSSL	0:1239e9b70ca2	3586
wolfSSL	0:1239e9b70ca2	3587	/* Restore the persistant session cache from memory */
wolfSSL	0:1239e9b70ca2	3588	int CyaSSL_memrestore_session_cache(const void* mem, int sz)
wolfSSL	0:1239e9b70ca2	3589	{
wolfSSL	0:1239e9b70ca2	3590	int i;
wolfSSL	0:1239e9b70ca2	3591	cache_header_t cache_header;
wolfSSL	0:1239e9b70ca2	3592	SessionRow* row = (SessionRow)((byte)mem + sizeof(cache_header));
wolfSSL	0:1239e9b70ca2	3593	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	3594	ClientRow* clRow;
wolfSSL	0:1239e9b70ca2	3595	#endif
wolfSSL	0:1239e9b70ca2	3596
wolfSSL	0:1239e9b70ca2	3597	CYASSL_ENTER("CyaSSL_memrestore_session_cache");
wolfSSL	0:1239e9b70ca2	3598
wolfSSL	0:1239e9b70ca2	3599	if (sz < CyaSSL_get_session_cache_memsize()) {
wolfSSL	0:1239e9b70ca2	3600	CYASSL_MSG("Memory buffer too small");
wolfSSL	0:1239e9b70ca2	3601	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	3602	}
wolfSSL	0:1239e9b70ca2	3603
wolfSSL	0:1239e9b70ca2	3604	XMEMCPY(&cache_header, mem, sizeof(cache_header));
wolfSSL	0:1239e9b70ca2	3605	if (cache_header.version != CYASSL_CACHE_VERSION \|\|
wolfSSL	0:1239e9b70ca2	3606	cache_header.rows != SESSION_ROWS \|\|
wolfSSL	0:1239e9b70ca2	3607	cache_header.columns != SESSIONS_PER_ROW \|\|
wolfSSL	0:1239e9b70ca2	3608	cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
wolfSSL	0:1239e9b70ca2	3609
wolfSSL	0:1239e9b70ca2	3610	CYASSL_MSG("Session cache header match failed");
wolfSSL	0:1239e9b70ca2	3611	return CACHE_MATCH_ERROR;
wolfSSL	0:1239e9b70ca2	3612	}
wolfSSL	0:1239e9b70ca2	3613
wolfSSL	0:1239e9b70ca2	3614	if (LockMutex(&session_mutex) != 0) {
wolfSSL	0:1239e9b70ca2	3615	CYASSL_MSG("Session cache mutex lock failed");
wolfSSL	0:1239e9b70ca2	3616	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	3617	}
wolfSSL	0:1239e9b70ca2	3618
wolfSSL	0:1239e9b70ca2	3619	for (i = 0; i < cache_header.rows; ++i)
wolfSSL	0:1239e9b70ca2	3620	XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
wolfSSL	0:1239e9b70ca2	3621
wolfSSL	0:1239e9b70ca2	3622	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	3623	clRow = (ClientRow*)row;
wolfSSL	0:1239e9b70ca2	3624	for (i = 0; i < cache_header.rows; ++i)
wolfSSL	0:1239e9b70ca2	3625	XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
wolfSSL	0:1239e9b70ca2	3626	#endif
wolfSSL	0:1239e9b70ca2	3627
wolfSSL	0:1239e9b70ca2	3628	UnLockMutex(&session_mutex);
wolfSSL	0:1239e9b70ca2	3629
wolfSSL	0:1239e9b70ca2	3630	CYASSL_LEAVE("CyaSSL_memrestore_session_cache", SSL_SUCCESS);
wolfSSL	0:1239e9b70ca2	3631
wolfSSL	0:1239e9b70ca2	3632	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3633	}
wolfSSL	0:1239e9b70ca2	3634
wolfSSL	0:1239e9b70ca2	3635	#if !defined(NO_FILESYSTEM)
wolfSSL	0:1239e9b70ca2	3636
wolfSSL	0:1239e9b70ca2	3637	/* Persist session cache to file */
wolfSSL	0:1239e9b70ca2	3638	/* doesn't use memsave because of additional memory use */
wolfSSL	0:1239e9b70ca2	3639	int CyaSSL_save_session_cache(const char *fname)
wolfSSL	0:1239e9b70ca2	3640	{
wolfSSL	0:1239e9b70ca2	3641	XFILE file;
wolfSSL	0:1239e9b70ca2	3642	int ret;
wolfSSL	0:1239e9b70ca2	3643	int rc = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3644	int i;
wolfSSL	0:1239e9b70ca2	3645	cache_header_t cache_header;
wolfSSL	0:1239e9b70ca2	3646
wolfSSL	0:1239e9b70ca2	3647	CYASSL_ENTER("CyaSSL_save_session_cache");
wolfSSL	0:1239e9b70ca2	3648
wolfSSL	0:1239e9b70ca2	3649	file = XFOPEN(fname, "w+b");
wolfSSL	0:1239e9b70ca2	3650	if (file == XBADFILE) {
wolfSSL	0:1239e9b70ca2	3651	CYASSL_MSG("Couldn't open session cache save file");
wolfSSL	0:1239e9b70ca2	3652	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3653	}
wolfSSL	0:1239e9b70ca2	3654	cache_header.version = CYASSL_CACHE_VERSION;
wolfSSL	0:1239e9b70ca2	3655	cache_header.rows = SESSION_ROWS;
wolfSSL	0:1239e9b70ca2	3656	cache_header.columns = SESSIONS_PER_ROW;
wolfSSL	0:1239e9b70ca2	3657	cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
wolfSSL	0:1239e9b70ca2	3658
wolfSSL	0:1239e9b70ca2	3659	/* cache header */
wolfSSL	0:1239e9b70ca2	3660	ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
wolfSSL	0:1239e9b70ca2	3661	if (ret != 1) {
wolfSSL	0:1239e9b70ca2	3662	CYASSL_MSG("Session cache header file write failed");
wolfSSL	0:1239e9b70ca2	3663	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3664	return FWRITE_ERROR;
wolfSSL	0:1239e9b70ca2	3665	}
wolfSSL	0:1239e9b70ca2	3666
wolfSSL	0:1239e9b70ca2	3667	if (LockMutex(&session_mutex) != 0) {
wolfSSL	0:1239e9b70ca2	3668	CYASSL_MSG("Session cache mutex lock failed");
wolfSSL	0:1239e9b70ca2	3669	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3670	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	3671	}
wolfSSL	0:1239e9b70ca2	3672
wolfSSL	0:1239e9b70ca2	3673	/* session cache */
wolfSSL	0:1239e9b70ca2	3674	for (i = 0; i < cache_header.rows; ++i) {
wolfSSL	0:1239e9b70ca2	3675	ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL	0:1239e9b70ca2	3676	if (ret != 1) {
wolfSSL	0:1239e9b70ca2	3677	CYASSL_MSG("Session cache member file write failed");
wolfSSL	0:1239e9b70ca2	3678	rc = FWRITE_ERROR;
wolfSSL	0:1239e9b70ca2	3679	break;
wolfSSL	0:1239e9b70ca2	3680	}
wolfSSL	0:1239e9b70ca2	3681	}
wolfSSL	0:1239e9b70ca2	3682
wolfSSL	0:1239e9b70ca2	3683	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	3684	/* client cache */
wolfSSL	0:1239e9b70ca2	3685	for (i = 0; i < cache_header.rows; ++i) {
wolfSSL	0:1239e9b70ca2	3686	ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL	0:1239e9b70ca2	3687	if (ret != 1) {
wolfSSL	0:1239e9b70ca2	3688	CYASSL_MSG("Client cache member file write failed");
wolfSSL	0:1239e9b70ca2	3689	rc = FWRITE_ERROR;
wolfSSL	0:1239e9b70ca2	3690	break;
wolfSSL	0:1239e9b70ca2	3691	}
wolfSSL	0:1239e9b70ca2	3692	}
wolfSSL	0:1239e9b70ca2	3693	#endif /* NO_CLIENT_CACHE */
wolfSSL	0:1239e9b70ca2	3694
wolfSSL	0:1239e9b70ca2	3695	UnLockMutex(&session_mutex);
wolfSSL	0:1239e9b70ca2	3696
wolfSSL	0:1239e9b70ca2	3697	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3698	CYASSL_LEAVE("CyaSSL_save_session_cache", rc);
wolfSSL	0:1239e9b70ca2	3699
wolfSSL	0:1239e9b70ca2	3700	return rc;
wolfSSL	0:1239e9b70ca2	3701	}
wolfSSL	0:1239e9b70ca2	3702
wolfSSL	0:1239e9b70ca2	3703
wolfSSL	0:1239e9b70ca2	3704	/* Restore the persistant session cache from file */
wolfSSL	0:1239e9b70ca2	3705	/* doesn't use memstore because of additional memory use */
wolfSSL	0:1239e9b70ca2	3706	int CyaSSL_restore_session_cache(const char *fname)
wolfSSL	0:1239e9b70ca2	3707	{
wolfSSL	0:1239e9b70ca2	3708	XFILE file;
wolfSSL	0:1239e9b70ca2	3709	int rc = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3710	int ret;
wolfSSL	0:1239e9b70ca2	3711	int i;
wolfSSL	0:1239e9b70ca2	3712	cache_header_t cache_header;
wolfSSL	0:1239e9b70ca2	3713
wolfSSL	0:1239e9b70ca2	3714	CYASSL_ENTER("CyaSSL_restore_session_cache");
wolfSSL	0:1239e9b70ca2	3715
wolfSSL	0:1239e9b70ca2	3716	file = XFOPEN(fname, "rb");
wolfSSL	0:1239e9b70ca2	3717	if (file == XBADFILE) {
wolfSSL	0:1239e9b70ca2	3718	CYASSL_MSG("Couldn't open session cache save file");
wolfSSL	0:1239e9b70ca2	3719	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	3720	}
wolfSSL	0:1239e9b70ca2	3721	/* cache header */
wolfSSL	0:1239e9b70ca2	3722	ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
wolfSSL	0:1239e9b70ca2	3723	if (ret != 1) {
wolfSSL	0:1239e9b70ca2	3724	CYASSL_MSG("Session cache header file read failed");
wolfSSL	0:1239e9b70ca2	3725	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3726	return FREAD_ERROR;
wolfSSL	0:1239e9b70ca2	3727	}
wolfSSL	0:1239e9b70ca2	3728	if (cache_header.version != CYASSL_CACHE_VERSION \|\|
wolfSSL	0:1239e9b70ca2	3729	cache_header.rows != SESSION_ROWS \|\|
wolfSSL	0:1239e9b70ca2	3730	cache_header.columns != SESSIONS_PER_ROW \|\|
wolfSSL	0:1239e9b70ca2	3731	cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
wolfSSL	0:1239e9b70ca2	3732
wolfSSL	0:1239e9b70ca2	3733	CYASSL_MSG("Session cache header match failed");
wolfSSL	0:1239e9b70ca2	3734	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3735	return CACHE_MATCH_ERROR;
wolfSSL	0:1239e9b70ca2	3736	}
wolfSSL	0:1239e9b70ca2	3737
wolfSSL	0:1239e9b70ca2	3738	if (LockMutex(&session_mutex) != 0) {
wolfSSL	0:1239e9b70ca2	3739	CYASSL_MSG("Session cache mutex lock failed");
wolfSSL	0:1239e9b70ca2	3740	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3741	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	3742	}
wolfSSL	0:1239e9b70ca2	3743
wolfSSL	0:1239e9b70ca2	3744	/* session cache */
wolfSSL	0:1239e9b70ca2	3745	for (i = 0; i < cache_header.rows; ++i) {
wolfSSL	0:1239e9b70ca2	3746	ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL	0:1239e9b70ca2	3747	if (ret != 1) {
wolfSSL	0:1239e9b70ca2	3748	CYASSL_MSG("Session cache member file read failed");
wolfSSL	0:1239e9b70ca2	3749	XMEMSET(SessionCache, 0, sizeof SessionCache);
wolfSSL	0:1239e9b70ca2	3750	rc = FREAD_ERROR;
wolfSSL	0:1239e9b70ca2	3751	break;
wolfSSL	0:1239e9b70ca2	3752	}
wolfSSL	0:1239e9b70ca2	3753	}
wolfSSL	0:1239e9b70ca2	3754
wolfSSL	0:1239e9b70ca2	3755	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	3756	/* client cache */
wolfSSL	0:1239e9b70ca2	3757	for (i = 0; i < cache_header.rows; ++i) {
wolfSSL	0:1239e9b70ca2	3758	ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL	0:1239e9b70ca2	3759	if (ret != 1) {
wolfSSL	0:1239e9b70ca2	3760	CYASSL_MSG("Client cache member file read failed");
wolfSSL	0:1239e9b70ca2	3761	XMEMSET(ClientCache, 0, sizeof ClientCache);
wolfSSL	0:1239e9b70ca2	3762	rc = FREAD_ERROR;
wolfSSL	0:1239e9b70ca2	3763	break;
wolfSSL	0:1239e9b70ca2	3764	}
wolfSSL	0:1239e9b70ca2	3765	}
wolfSSL	0:1239e9b70ca2	3766
wolfSSL	0:1239e9b70ca2	3767	#endif /* NO_CLIENT_CACHE */
wolfSSL	0:1239e9b70ca2	3768
wolfSSL	0:1239e9b70ca2	3769	UnLockMutex(&session_mutex);
wolfSSL	0:1239e9b70ca2	3770
wolfSSL	0:1239e9b70ca2	3771	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	3772	CYASSL_LEAVE("CyaSSL_restore_session_cache", rc);
wolfSSL	0:1239e9b70ca2	3773
wolfSSL	0:1239e9b70ca2	3774	return rc;
wolfSSL	0:1239e9b70ca2	3775	}
wolfSSL	0:1239e9b70ca2	3776
wolfSSL	0:1239e9b70ca2	3777	#endif /* !NO_FILESYSTEM */
wolfSSL	0:1239e9b70ca2	3778	#endif /* PERSIST_SESSION_CACHE */
wolfSSL	0:1239e9b70ca2	3779	#endif /* NO_SESSION_CACHE */
wolfSSL	0:1239e9b70ca2	3780
wolfSSL	0:1239e9b70ca2	3781
wolfSSL	0:1239e9b70ca2	3782	void CyaSSL_load_error_strings(void) /* compatibility only */
wolfSSL	0:1239e9b70ca2	3783	{}
wolfSSL	0:1239e9b70ca2	3784
wolfSSL	0:1239e9b70ca2	3785
wolfSSL	0:1239e9b70ca2	3786	int CyaSSL_library_init(void)
wolfSSL	0:1239e9b70ca2	3787	{
wolfSSL	0:1239e9b70ca2	3788	CYASSL_ENTER("SSL_library_init");
wolfSSL	0:1239e9b70ca2	3789	if (CyaSSL_Init() == SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	3790	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3791	else
wolfSSL	0:1239e9b70ca2	3792	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	3793	}
wolfSSL	0:1239e9b70ca2	3794
wolfSSL	0:1239e9b70ca2	3795
wolfSSL	0:1239e9b70ca2	3796	#ifndef NO_SESSION_CACHE
wolfSSL	0:1239e9b70ca2	3797
wolfSSL	0:1239e9b70ca2	3798	/* on by default if built in but allow user to turn off */
wolfSSL	0:1239e9b70ca2	3799	long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode)
wolfSSL	0:1239e9b70ca2	3800	{
wolfSSL	0:1239e9b70ca2	3801	CYASSL_ENTER("SSL_CTX_set_session_cache_mode");
wolfSSL	0:1239e9b70ca2	3802	if (mode == SSL_SESS_CACHE_OFF)
wolfSSL	0:1239e9b70ca2	3803	ctx->sessionCacheOff = 1;
wolfSSL	0:1239e9b70ca2	3804
wolfSSL	0:1239e9b70ca2	3805	if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
wolfSSL	0:1239e9b70ca2	3806	ctx->sessionCacheFlushOff = 1;
wolfSSL	0:1239e9b70ca2	3807
wolfSSL	0:1239e9b70ca2	3808	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	3809	}
wolfSSL	0:1239e9b70ca2	3810
wolfSSL	0:1239e9b70ca2	3811	#endif /* NO_SESSION_CACHE */
wolfSSL	0:1239e9b70ca2	3812
wolfSSL	0:1239e9b70ca2	3813
wolfSSL	0:1239e9b70ca2	3814	#if !defined(NO_CERTS)
wolfSSL	0:1239e9b70ca2	3815	#if defined(PERSIST_CERT_CACHE)
wolfSSL	0:1239e9b70ca2	3816
wolfSSL	0:1239e9b70ca2	3817
wolfSSL	0:1239e9b70ca2	3818	#define CYASSL_CACHE_CERT_VERSION 1
wolfSSL	0:1239e9b70ca2	3819
wolfSSL	0:1239e9b70ca2	3820	typedef struct {
wolfSSL	0:1239e9b70ca2	3821	int version; /* cache cert layout version id */
wolfSSL	0:1239e9b70ca2	3822	int rows; /* hash table rows, CA_TABLE_SIZE */
wolfSSL	0:1239e9b70ca2	3823	int columns[CA_TABLE_SIZE]; /* columns per row on list */
wolfSSL	0:1239e9b70ca2	3824	int signerSz; /* sizeof Signer object */
wolfSSL	0:1239e9b70ca2	3825	} CertCacheHeader;
wolfSSL	0:1239e9b70ca2	3826
wolfSSL	0:1239e9b70ca2	3827	/* current cert persistance layout is:
wolfSSL	0:1239e9b70ca2	3828
wolfSSL	0:1239e9b70ca2	3829	1) CertCacheHeader
wolfSSL	0:1239e9b70ca2	3830	2) caTable
wolfSSL	0:1239e9b70ca2	3831
wolfSSL	0:1239e9b70ca2	3832	update CYASSL_CERT_CACHE_VERSION if change layout for the following
wolfSSL	0:1239e9b70ca2	3833	PERSIST_CERT_CACHE functions
wolfSSL	0:1239e9b70ca2	3834	*/
wolfSSL	0:1239e9b70ca2	3835
wolfSSL	0:1239e9b70ca2	3836
wolfSSL	0:1239e9b70ca2	3837	/* Return memory needed to persist this signer, have lock */
wolfSSL	0:1239e9b70ca2	3838	static INLINE int GetSignerMemory(Signer* signer)
wolfSSL	0:1239e9b70ca2	3839	{
wolfSSL	0:1239e9b70ca2	3840	int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
wolfSSL	0:1239e9b70ca2	3841	+ sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL	0:1239e9b70ca2	3842
wolfSSL	0:1239e9b70ca2	3843	#if !defined(NO_SKID)
wolfSSL	0:1239e9b70ca2	3844	sz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL	0:1239e9b70ca2	3845	#endif
wolfSSL	0:1239e9b70ca2	3846
wolfSSL	0:1239e9b70ca2	3847	/* add dynamic bytes needed */
wolfSSL	0:1239e9b70ca2	3848	sz += signer->pubKeySize;
wolfSSL	0:1239e9b70ca2	3849	sz += signer->nameLen;
wolfSSL	0:1239e9b70ca2	3850
wolfSSL	0:1239e9b70ca2	3851	return sz;
wolfSSL	0:1239e9b70ca2	3852	}
wolfSSL	0:1239e9b70ca2	3853
wolfSSL	0:1239e9b70ca2	3854
wolfSSL	0:1239e9b70ca2	3855	/* Return memory needed to persist this row, have lock */
wolfSSL	0:1239e9b70ca2	3856	static INLINE int GetCertCacheRowMemory(Signer* row)
wolfSSL	0:1239e9b70ca2	3857	{
wolfSSL	0:1239e9b70ca2	3858	int sz = 0;
wolfSSL	0:1239e9b70ca2	3859
wolfSSL	0:1239e9b70ca2	3860	while (row) {
wolfSSL	0:1239e9b70ca2	3861	sz += GetSignerMemory(row);
wolfSSL	0:1239e9b70ca2	3862	row = row->next;
wolfSSL	0:1239e9b70ca2	3863	}
wolfSSL	0:1239e9b70ca2	3864
wolfSSL	0:1239e9b70ca2	3865	return sz;
wolfSSL	0:1239e9b70ca2	3866	}
wolfSSL	0:1239e9b70ca2	3867
wolfSSL	0:1239e9b70ca2	3868
wolfSSL	0:1239e9b70ca2	3869	/* get the size of persist cert cache, have lock */
wolfSSL	0:1239e9b70ca2	3870	static INLINE int GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
wolfSSL	0:1239e9b70ca2	3871	{
wolfSSL	0:1239e9b70ca2	3872	int sz;
wolfSSL	0:1239e9b70ca2	3873	int i;
wolfSSL	0:1239e9b70ca2	3874
wolfSSL	0:1239e9b70ca2	3875	sz = sizeof(CertCacheHeader);
wolfSSL	0:1239e9b70ca2	3876
wolfSSL	0:1239e9b70ca2	3877	for (i = 0; i < CA_TABLE_SIZE; i++)
wolfSSL	0:1239e9b70ca2	3878	sz += GetCertCacheRowMemory(cm->caTable[i]);
wolfSSL	0:1239e9b70ca2	3879
wolfSSL	0:1239e9b70ca2	3880	return sz;
wolfSSL	0:1239e9b70ca2	3881	}
wolfSSL	0:1239e9b70ca2	3882
wolfSSL	0:1239e9b70ca2	3883
wolfSSL	0:1239e9b70ca2	3884	/* Store cert cache header columns with number of items per list, have lock */
wolfSSL	0:1239e9b70ca2	3885	static INLINE void SetCertHeaderColumns(CYASSL_CERT_MANAGER* cm, int* columns)
wolfSSL	0:1239e9b70ca2	3886	{
wolfSSL	0:1239e9b70ca2	3887	int i;
wolfSSL	0:1239e9b70ca2	3888	Signer* row;
wolfSSL	0:1239e9b70ca2	3889
wolfSSL	0:1239e9b70ca2	3890	for (i = 0; i < CA_TABLE_SIZE; i++) {
wolfSSL	0:1239e9b70ca2	3891	int count = 0;
wolfSSL	0:1239e9b70ca2	3892	row = cm->caTable[i];
wolfSSL	0:1239e9b70ca2	3893
wolfSSL	0:1239e9b70ca2	3894	while (row) {
wolfSSL	0:1239e9b70ca2	3895	++count;
wolfSSL	0:1239e9b70ca2	3896	row = row->next;
wolfSSL	0:1239e9b70ca2	3897	}
wolfSSL	0:1239e9b70ca2	3898	columns[i] = count;
wolfSSL	0:1239e9b70ca2	3899	}
wolfSSL	0:1239e9b70ca2	3900	}
wolfSSL	0:1239e9b70ca2	3901
wolfSSL	0:1239e9b70ca2	3902
wolfSSL	0:1239e9b70ca2	3903	/* Restore whole cert row from memory, have lock, return bytes consumed,
wolfSSL	0:1239e9b70ca2	3904	< 0 on error, have lock */
wolfSSL	0:1239e9b70ca2	3905	static INLINE int RestoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current,
wolfSSL	0:1239e9b70ca2	3906	int row, int listSz, const byte* end)
wolfSSL	0:1239e9b70ca2	3907	{
wolfSSL	0:1239e9b70ca2	3908	int idx = 0;
wolfSSL	0:1239e9b70ca2	3909
wolfSSL	0:1239e9b70ca2	3910	if (listSz < 0) {
wolfSSL	0:1239e9b70ca2	3911	CYASSL_MSG("Row header corrupted, negative value");
wolfSSL	0:1239e9b70ca2	3912	return PARSE_ERROR;
wolfSSL	0:1239e9b70ca2	3913	}
wolfSSL	0:1239e9b70ca2	3914
wolfSSL	0:1239e9b70ca2	3915	while (listSz) {
wolfSSL	0:1239e9b70ca2	3916	Signer* signer;
wolfSSL	0:1239e9b70ca2	3917	byte* start = current + idx; /* for end checks on this signer */
wolfSSL	0:1239e9b70ca2	3918	int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
wolfSSL	0:1239e9b70ca2	3919	sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL	0:1239e9b70ca2	3920	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	3921	minSz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL	0:1239e9b70ca2	3922	#endif
wolfSSL	0:1239e9b70ca2	3923
wolfSSL	0:1239e9b70ca2	3924	if (start + minSz > end) {
wolfSSL	0:1239e9b70ca2	3925	CYASSL_MSG("Would overread restore buffer");
wolfSSL	0:1239e9b70ca2	3926	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	3927	}
wolfSSL	0:1239e9b70ca2	3928	signer = MakeSigner(cm->heap);
wolfSSL	0:1239e9b70ca2	3929	if (signer == NULL)
wolfSSL	0:1239e9b70ca2	3930	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	3931
wolfSSL	0:1239e9b70ca2	3932	/* pubKeySize */
wolfSSL	0:1239e9b70ca2	3933	XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
wolfSSL	0:1239e9b70ca2	3934	idx += (int)sizeof(signer->pubKeySize);
wolfSSL	0:1239e9b70ca2	3935
wolfSSL	0:1239e9b70ca2	3936	/* keyOID */
wolfSSL	0:1239e9b70ca2	3937	XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
wolfSSL	0:1239e9b70ca2	3938	idx += (int)sizeof(signer->keyOID);
wolfSSL	0:1239e9b70ca2	3939
wolfSSL	0:1239e9b70ca2	3940	/* pulicKey */
wolfSSL	0:1239e9b70ca2	3941	if (start + minSz + signer->pubKeySize > end) {
wolfSSL	0:1239e9b70ca2	3942	CYASSL_MSG("Would overread restore buffer");
wolfSSL	0:1239e9b70ca2	3943	FreeSigner(signer, cm->heap);
wolfSSL	0:1239e9b70ca2	3944	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	3945	}
wolfSSL	0:1239e9b70ca2	3946	signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
wolfSSL	0:1239e9b70ca2	3947	DYNAMIC_TYPE_KEY);
wolfSSL	0:1239e9b70ca2	3948	if (signer->publicKey == NULL) {
wolfSSL	0:1239e9b70ca2	3949	FreeSigner(signer, cm->heap);
wolfSSL	0:1239e9b70ca2	3950	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	3951	}
wolfSSL	0:1239e9b70ca2	3952
wolfSSL	0:1239e9b70ca2	3953	XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize);
wolfSSL	0:1239e9b70ca2	3954	idx += signer->pubKeySize;
wolfSSL	0:1239e9b70ca2	3955
wolfSSL	0:1239e9b70ca2	3956	/* nameLen */
wolfSSL	0:1239e9b70ca2	3957	XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
wolfSSL	0:1239e9b70ca2	3958	idx += (int)sizeof(signer->nameLen);
wolfSSL	0:1239e9b70ca2	3959
wolfSSL	0:1239e9b70ca2	3960	/* name */
wolfSSL	0:1239e9b70ca2	3961	if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
wolfSSL	0:1239e9b70ca2	3962	CYASSL_MSG("Would overread restore buffer");
wolfSSL	0:1239e9b70ca2	3963	FreeSigner(signer, cm->heap);
wolfSSL	0:1239e9b70ca2	3964	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	3965	}
wolfSSL	0:1239e9b70ca2	3966	signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
wolfSSL	0:1239e9b70ca2	3967	DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL	0:1239e9b70ca2	3968	if (signer->name == NULL) {
wolfSSL	0:1239e9b70ca2	3969	FreeSigner(signer, cm->heap);
wolfSSL	0:1239e9b70ca2	3970	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	3971	}
wolfSSL	0:1239e9b70ca2	3972
wolfSSL	0:1239e9b70ca2	3973	XMEMCPY(signer->name, current + idx, signer->nameLen);
wolfSSL	0:1239e9b70ca2	3974	idx += signer->nameLen;
wolfSSL	0:1239e9b70ca2	3975
wolfSSL	0:1239e9b70ca2	3976	/* subjectNameHash */
wolfSSL	0:1239e9b70ca2	3977	XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	3978	idx += SIGNER_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	3979
wolfSSL	0:1239e9b70ca2	3980	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	3981	/* subjectKeyIdHash */
wolfSSL	0:1239e9b70ca2	3982	XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	3983	idx += SIGNER_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	3984	#endif
wolfSSL	0:1239e9b70ca2	3985
wolfSSL	0:1239e9b70ca2	3986	signer->next = cm->caTable[row];
wolfSSL	0:1239e9b70ca2	3987	cm->caTable[row] = signer;
wolfSSL	0:1239e9b70ca2	3988
wolfSSL	0:1239e9b70ca2	3989	--listSz;
wolfSSL	0:1239e9b70ca2	3990	}
wolfSSL	0:1239e9b70ca2	3991
wolfSSL	0:1239e9b70ca2	3992	return idx;
wolfSSL	0:1239e9b70ca2	3993	}
wolfSSL	0:1239e9b70ca2	3994
wolfSSL	0:1239e9b70ca2	3995
wolfSSL	0:1239e9b70ca2	3996	/* Store whole cert row into memory, have lock, return bytes added */
wolfSSL	0:1239e9b70ca2	3997	static INLINE int StoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current, int row)
wolfSSL	0:1239e9b70ca2	3998	{
wolfSSL	0:1239e9b70ca2	3999	int added = 0;
wolfSSL	0:1239e9b70ca2	4000	Signer* list = cm->caTable[row];
wolfSSL	0:1239e9b70ca2	4001
wolfSSL	0:1239e9b70ca2	4002	while (list) {
wolfSSL	0:1239e9b70ca2	4003	XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
wolfSSL	0:1239e9b70ca2	4004	added += (int)sizeof(list->pubKeySize);
wolfSSL	0:1239e9b70ca2	4005
wolfSSL	0:1239e9b70ca2	4006	XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
wolfSSL	0:1239e9b70ca2	4007	added += (int)sizeof(list->keyOID);
wolfSSL	0:1239e9b70ca2	4008
wolfSSL	0:1239e9b70ca2	4009	XMEMCPY(current + added, list->publicKey, list->pubKeySize);
wolfSSL	0:1239e9b70ca2	4010	added += list->pubKeySize;
wolfSSL	0:1239e9b70ca2	4011
wolfSSL	0:1239e9b70ca2	4012	XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
wolfSSL	0:1239e9b70ca2	4013	added += (int)sizeof(list->nameLen);
wolfSSL	0:1239e9b70ca2	4014
wolfSSL	0:1239e9b70ca2	4015	XMEMCPY(current + added, list->name, list->nameLen);
wolfSSL	0:1239e9b70ca2	4016	added += list->nameLen;
wolfSSL	0:1239e9b70ca2	4017
wolfSSL	0:1239e9b70ca2	4018	XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	4019	added += SIGNER_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	4020
wolfSSL	0:1239e9b70ca2	4021	#ifndef NO_SKID
wolfSSL	0:1239e9b70ca2	4022	XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	4023	added += SIGNER_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	4024	#endif
wolfSSL	0:1239e9b70ca2	4025
wolfSSL	0:1239e9b70ca2	4026	list = list->next;
wolfSSL	0:1239e9b70ca2	4027	}
wolfSSL	0:1239e9b70ca2	4028
wolfSSL	0:1239e9b70ca2	4029	return added;
wolfSSL	0:1239e9b70ca2	4030	}
wolfSSL	0:1239e9b70ca2	4031
wolfSSL	0:1239e9b70ca2	4032
wolfSSL	0:1239e9b70ca2	4033	/* Persist cert cache to memory, have lock */
wolfSSL	0:1239e9b70ca2	4034	static INLINE int DoMemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz)
wolfSSL	0:1239e9b70ca2	4035	{
wolfSSL	0:1239e9b70ca2	4036	int realSz;
wolfSSL	0:1239e9b70ca2	4037	int ret = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4038	int i;
wolfSSL	0:1239e9b70ca2	4039
wolfSSL	0:1239e9b70ca2	4040	CYASSL_ENTER("DoMemSaveCertCache");
wolfSSL	0:1239e9b70ca2	4041
wolfSSL	0:1239e9b70ca2	4042	realSz = GetCertCacheMemSize(cm);
wolfSSL	0:1239e9b70ca2	4043	if (realSz > sz) {
wolfSSL	0:1239e9b70ca2	4044	CYASSL_MSG("Mem output buffer too small");
wolfSSL	0:1239e9b70ca2	4045	ret = BUFFER_E;
wolfSSL	0:1239e9b70ca2	4046	}
wolfSSL	0:1239e9b70ca2	4047	else {
wolfSSL	0:1239e9b70ca2	4048	byte* current;
wolfSSL	0:1239e9b70ca2	4049	CertCacheHeader hdr;
wolfSSL	0:1239e9b70ca2	4050
wolfSSL	0:1239e9b70ca2	4051	hdr.version = CYASSL_CACHE_CERT_VERSION;
wolfSSL	0:1239e9b70ca2	4052	hdr.rows = CA_TABLE_SIZE;
wolfSSL	0:1239e9b70ca2	4053	SetCertHeaderColumns(cm, hdr.columns);
wolfSSL	0:1239e9b70ca2	4054	hdr.signerSz = (int)sizeof(Signer);
wolfSSL	0:1239e9b70ca2	4055
wolfSSL	0:1239e9b70ca2	4056	XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
wolfSSL	0:1239e9b70ca2	4057	current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL	0:1239e9b70ca2	4058
wolfSSL	0:1239e9b70ca2	4059	for (i = 0; i < CA_TABLE_SIZE; ++i)
wolfSSL	0:1239e9b70ca2	4060	current += StoreCertRow(cm, current, i);
wolfSSL	0:1239e9b70ca2	4061	}
wolfSSL	0:1239e9b70ca2	4062
wolfSSL	0:1239e9b70ca2	4063	return ret;
wolfSSL	0:1239e9b70ca2	4064	}
wolfSSL	0:1239e9b70ca2	4065
wolfSSL	0:1239e9b70ca2	4066
wolfSSL	0:1239e9b70ca2	4067	#if !defined(NO_FILESYSTEM)
wolfSSL	0:1239e9b70ca2	4068
wolfSSL	0:1239e9b70ca2	4069	/* Persist cert cache to file */
wolfSSL	0:1239e9b70ca2	4070	int CM_SaveCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
wolfSSL	0:1239e9b70ca2	4071	{
wolfSSL	0:1239e9b70ca2	4072	XFILE file;
wolfSSL	0:1239e9b70ca2	4073	int rc = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4074	int memSz;
wolfSSL	0:1239e9b70ca2	4075	byte* mem;
wolfSSL	0:1239e9b70ca2	4076
wolfSSL	0:1239e9b70ca2	4077	CYASSL_ENTER("CM_SaveCertCache");
wolfSSL	0:1239e9b70ca2	4078
wolfSSL	0:1239e9b70ca2	4079	file = XFOPEN(fname, "w+b");
wolfSSL	0:1239e9b70ca2	4080	if (file == XBADFILE) {
wolfSSL	0:1239e9b70ca2	4081	CYASSL_MSG("Couldn't open cert cache save file");
wolfSSL	0:1239e9b70ca2	4082	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	4083	}
wolfSSL	0:1239e9b70ca2	4084
wolfSSL	0:1239e9b70ca2	4085	if (LockMutex(&cm->caLock) != 0) {
wolfSSL	0:1239e9b70ca2	4086	CYASSL_MSG("LockMutex on caLock failed");
wolfSSL	0:1239e9b70ca2	4087	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	4088	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	4089	}
wolfSSL	0:1239e9b70ca2	4090
wolfSSL	0:1239e9b70ca2	4091	memSz = GetCertCacheMemSize(cm);
wolfSSL	0:1239e9b70ca2	4092	mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:1239e9b70ca2	4093	if (mem == NULL) {
wolfSSL	0:1239e9b70ca2	4094	CYASSL_MSG("Alloc for tmp buffer failed");
wolfSSL	0:1239e9b70ca2	4095	rc = MEMORY_E;
wolfSSL	0:1239e9b70ca2	4096	} else {
wolfSSL	0:1239e9b70ca2	4097	rc = DoMemSaveCertCache(cm, mem, memSz);
wolfSSL	0:1239e9b70ca2	4098	if (rc == SSL_SUCCESS) {
wolfSSL	0:1239e9b70ca2	4099	int ret = (int)XFWRITE(mem, memSz, 1, file);
wolfSSL	0:1239e9b70ca2	4100	if (ret != 1) {
wolfSSL	0:1239e9b70ca2	4101	CYASSL_MSG("Cert cache file write failed");
wolfSSL	0:1239e9b70ca2	4102	rc = FWRITE_ERROR;
wolfSSL	0:1239e9b70ca2	4103	}
wolfSSL	0:1239e9b70ca2	4104	}
wolfSSL	0:1239e9b70ca2	4105	XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:1239e9b70ca2	4106	}
wolfSSL	0:1239e9b70ca2	4107
wolfSSL	0:1239e9b70ca2	4108	UnLockMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	4109	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	4110
wolfSSL	0:1239e9b70ca2	4111	return rc;
wolfSSL	0:1239e9b70ca2	4112	}
wolfSSL	0:1239e9b70ca2	4113
wolfSSL	0:1239e9b70ca2	4114
wolfSSL	0:1239e9b70ca2	4115	/* Restore cert cache from file */
wolfSSL	0:1239e9b70ca2	4116	int CM_RestoreCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
wolfSSL	0:1239e9b70ca2	4117	{
wolfSSL	0:1239e9b70ca2	4118	XFILE file;
wolfSSL	0:1239e9b70ca2	4119	int rc = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4120	int ret;
wolfSSL	0:1239e9b70ca2	4121	int memSz;
wolfSSL	0:1239e9b70ca2	4122	byte* mem;
wolfSSL	0:1239e9b70ca2	4123
wolfSSL	0:1239e9b70ca2	4124	CYASSL_ENTER("CM_RestoreCertCache");
wolfSSL	0:1239e9b70ca2	4125
wolfSSL	0:1239e9b70ca2	4126	file = XFOPEN(fname, "rb");
wolfSSL	0:1239e9b70ca2	4127	if (file == XBADFILE) {
wolfSSL	0:1239e9b70ca2	4128	CYASSL_MSG("Couldn't open cert cache save file");
wolfSSL	0:1239e9b70ca2	4129	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	4130	}
wolfSSL	0:1239e9b70ca2	4131
wolfSSL	0:1239e9b70ca2	4132	XFSEEK(file, 0, XSEEK_END);
wolfSSL	0:1239e9b70ca2	4133	memSz = (int)XFTELL(file);
wolfSSL	0:1239e9b70ca2	4134	XREWIND(file);
wolfSSL	0:1239e9b70ca2	4135
wolfSSL	0:1239e9b70ca2	4136	if (memSz <= 0) {
wolfSSL	0:1239e9b70ca2	4137	CYASSL_MSG("Bad file size");
wolfSSL	0:1239e9b70ca2	4138	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	4139	return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	4140	}
wolfSSL	0:1239e9b70ca2	4141
wolfSSL	0:1239e9b70ca2	4142	mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:1239e9b70ca2	4143	if (mem == NULL) {
wolfSSL	0:1239e9b70ca2	4144	CYASSL_MSG("Alloc for tmp buffer failed");
wolfSSL	0:1239e9b70ca2	4145	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	4146	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	4147	}
wolfSSL	0:1239e9b70ca2	4148
wolfSSL	0:1239e9b70ca2	4149	ret = (int)XFREAD(mem, memSz, 1, file);
wolfSSL	0:1239e9b70ca2	4150	if (ret != 1) {
wolfSSL	0:1239e9b70ca2	4151	CYASSL_MSG("Cert file read error");
wolfSSL	0:1239e9b70ca2	4152	rc = FREAD_ERROR;
wolfSSL	0:1239e9b70ca2	4153	} else {
wolfSSL	0:1239e9b70ca2	4154	rc = CM_MemRestoreCertCache(cm, mem, memSz);
wolfSSL	0:1239e9b70ca2	4155	if (rc != SSL_SUCCESS) {
wolfSSL	0:1239e9b70ca2	4156	CYASSL_MSG("Mem restore cert cache failed");
wolfSSL	0:1239e9b70ca2	4157	}
wolfSSL	0:1239e9b70ca2	4158	}
wolfSSL	0:1239e9b70ca2	4159
wolfSSL	0:1239e9b70ca2	4160	XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	0:1239e9b70ca2	4161	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	4162
wolfSSL	0:1239e9b70ca2	4163	return rc;
wolfSSL	0:1239e9b70ca2	4164	}
wolfSSL	0:1239e9b70ca2	4165
wolfSSL	0:1239e9b70ca2	4166	#endif /* NO_FILESYSTEM */
wolfSSL	0:1239e9b70ca2	4167
wolfSSL	0:1239e9b70ca2	4168
wolfSSL	0:1239e9b70ca2	4169	/* Persist cert cache to memory */
wolfSSL	0:1239e9b70ca2	4170	int CM_MemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
wolfSSL	0:1239e9b70ca2	4171	{
wolfSSL	0:1239e9b70ca2	4172	int ret = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4173
wolfSSL	0:1239e9b70ca2	4174	CYASSL_ENTER("CM_MemSaveCertCache");
wolfSSL	0:1239e9b70ca2	4175
wolfSSL	0:1239e9b70ca2	4176	if (LockMutex(&cm->caLock) != 0) {
wolfSSL	0:1239e9b70ca2	4177	CYASSL_MSG("LockMutex on caLock failed");
wolfSSL	0:1239e9b70ca2	4178	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	4179	}
wolfSSL	0:1239e9b70ca2	4180
wolfSSL	0:1239e9b70ca2	4181	ret = DoMemSaveCertCache(cm, mem, sz);
wolfSSL	0:1239e9b70ca2	4182	if (ret == SSL_SUCCESS)
wolfSSL	0:1239e9b70ca2	4183	*used = GetCertCacheMemSize(cm);
wolfSSL	0:1239e9b70ca2	4184
wolfSSL	0:1239e9b70ca2	4185	UnLockMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	4186
wolfSSL	0:1239e9b70ca2	4187	return ret;
wolfSSL	0:1239e9b70ca2	4188	}
wolfSSL	0:1239e9b70ca2	4189
wolfSSL	0:1239e9b70ca2	4190
wolfSSL	0:1239e9b70ca2	4191	/* Restore cert cache from memory */
wolfSSL	0:1239e9b70ca2	4192	int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER* cm, const void* mem, int sz)
wolfSSL	0:1239e9b70ca2	4193	{
wolfSSL	0:1239e9b70ca2	4194	int ret = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4195	int i;
wolfSSL	0:1239e9b70ca2	4196	CertCacheHeader* hdr = (CertCacheHeader*)mem;
wolfSSL	0:1239e9b70ca2	4197	byte* current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL	0:1239e9b70ca2	4198	byte* end = (byte)mem + sz; / don't go over */
wolfSSL	0:1239e9b70ca2	4199
wolfSSL	0:1239e9b70ca2	4200	CYASSL_ENTER("CM_MemRestoreCertCache");
wolfSSL	0:1239e9b70ca2	4201
wolfSSL	0:1239e9b70ca2	4202	if (current > end) {
wolfSSL	0:1239e9b70ca2	4203	CYASSL_MSG("Cert Cache Memory buffer too small");
wolfSSL	0:1239e9b70ca2	4204	return BUFFER_E;
wolfSSL	0:1239e9b70ca2	4205	}
wolfSSL	0:1239e9b70ca2	4206
wolfSSL	0:1239e9b70ca2	4207	if (hdr->version != CYASSL_CACHE_CERT_VERSION \|\|
wolfSSL	0:1239e9b70ca2	4208	hdr->rows != CA_TABLE_SIZE \|\|
wolfSSL	0:1239e9b70ca2	4209	hdr->signerSz != (int)sizeof(Signer)) {
wolfSSL	0:1239e9b70ca2	4210
wolfSSL	0:1239e9b70ca2	4211	CYASSL_MSG("Cert Cache Memory header mismatch");
wolfSSL	0:1239e9b70ca2	4212	return CACHE_MATCH_ERROR;
wolfSSL	0:1239e9b70ca2	4213	}
wolfSSL	0:1239e9b70ca2	4214
wolfSSL	0:1239e9b70ca2	4215	if (LockMutex(&cm->caLock) != 0) {
wolfSSL	0:1239e9b70ca2	4216	CYASSL_MSG("LockMutex on caLock failed");
wolfSSL	0:1239e9b70ca2	4217	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	4218	}
wolfSSL	0:1239e9b70ca2	4219
wolfSSL	0:1239e9b70ca2	4220	FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL	0:1239e9b70ca2	4221
wolfSSL	0:1239e9b70ca2	4222	for (i = 0; i < CA_TABLE_SIZE; ++i) {
wolfSSL	0:1239e9b70ca2	4223	int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
wolfSSL	0:1239e9b70ca2	4224	if (added < 0) {
wolfSSL	0:1239e9b70ca2	4225	CYASSL_MSG("RestoreCertRow error");
wolfSSL	0:1239e9b70ca2	4226	ret = added;
wolfSSL	0:1239e9b70ca2	4227	break;
wolfSSL	0:1239e9b70ca2	4228	}
wolfSSL	0:1239e9b70ca2	4229	current += added;
wolfSSL	0:1239e9b70ca2	4230	}
wolfSSL	0:1239e9b70ca2	4231
wolfSSL	0:1239e9b70ca2	4232	UnLockMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	4233
wolfSSL	0:1239e9b70ca2	4234	return ret;
wolfSSL	0:1239e9b70ca2	4235	}
wolfSSL	0:1239e9b70ca2	4236
wolfSSL	0:1239e9b70ca2	4237
wolfSSL	0:1239e9b70ca2	4238	/* get how big the the cert cache save buffer needs to be */
wolfSSL	0:1239e9b70ca2	4239	int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
wolfSSL	0:1239e9b70ca2	4240	{
wolfSSL	0:1239e9b70ca2	4241	int sz;
wolfSSL	0:1239e9b70ca2	4242
wolfSSL	0:1239e9b70ca2	4243	CYASSL_ENTER("CM_GetCertCacheMemSize");
wolfSSL	0:1239e9b70ca2	4244
wolfSSL	0:1239e9b70ca2	4245	if (LockMutex(&cm->caLock) != 0) {
wolfSSL	0:1239e9b70ca2	4246	CYASSL_MSG("LockMutex on caLock failed");
wolfSSL	0:1239e9b70ca2	4247	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	4248	}
wolfSSL	0:1239e9b70ca2	4249
wolfSSL	0:1239e9b70ca2	4250	sz = GetCertCacheMemSize(cm);
wolfSSL	0:1239e9b70ca2	4251
wolfSSL	0:1239e9b70ca2	4252	UnLockMutex(&cm->caLock);
wolfSSL	0:1239e9b70ca2	4253
wolfSSL	0:1239e9b70ca2	4254	return sz;
wolfSSL	0:1239e9b70ca2	4255	}
wolfSSL	0:1239e9b70ca2	4256
wolfSSL	0:1239e9b70ca2	4257	#endif /* PERSIST_CERT_CACHE */
wolfSSL	0:1239e9b70ca2	4258	#endif /* NO_CERTS */
wolfSSL	0:1239e9b70ca2	4259
wolfSSL	0:1239e9b70ca2	4260
wolfSSL	0:1239e9b70ca2	4261	int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
wolfSSL	0:1239e9b70ca2	4262	{
wolfSSL	0:1239e9b70ca2	4263	CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
wolfSSL	0:1239e9b70ca2	4264	if (SetCipherList(&ctx->suites, list))
wolfSSL	0:1239e9b70ca2	4265	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4266	else
wolfSSL	0:1239e9b70ca2	4267	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	4268	}
wolfSSL	0:1239e9b70ca2	4269
wolfSSL	0:1239e9b70ca2	4270
wolfSSL	0:1239e9b70ca2	4271	int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
wolfSSL	0:1239e9b70ca2	4272	{
wolfSSL	0:1239e9b70ca2	4273	CYASSL_ENTER("CyaSSL_set_cipher_list");
wolfSSL	0:1239e9b70ca2	4274	if (SetCipherList(ssl->suites, list)) {
wolfSSL	0:1239e9b70ca2	4275	byte haveRSA = 1;
wolfSSL	0:1239e9b70ca2	4276	byte havePSK = 0;
wolfSSL	0:1239e9b70ca2	4277
wolfSSL	0:1239e9b70ca2	4278	#ifdef NO_RSA
wolfSSL	0:1239e9b70ca2	4279	haveRSA = 0;
wolfSSL	0:1239e9b70ca2	4280	#endif
wolfSSL	0:1239e9b70ca2	4281	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	4282	havePSK = ssl->options.havePSK;
wolfSSL	0:1239e9b70ca2	4283	#endif
wolfSSL	0:1239e9b70ca2	4284
wolfSSL	0:1239e9b70ca2	4285	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL	0:1239e9b70ca2	4286	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	0:1239e9b70ca2	4287	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL	0:1239e9b70ca2	4288	ssl->options.side);
wolfSSL	0:1239e9b70ca2	4289
wolfSSL	0:1239e9b70ca2	4290	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4291	}
wolfSSL	0:1239e9b70ca2	4292	else
wolfSSL	0:1239e9b70ca2	4293	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	4294	}
wolfSSL	0:1239e9b70ca2	4295
wolfSSL	0:1239e9b70ca2	4296
wolfSSL	0:1239e9b70ca2	4297	#ifndef CYASSL_LEANPSK
wolfSSL	0:1239e9b70ca2	4298	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4299
wolfSSL	0:1239e9b70ca2	4300	int CyaSSL_dtls_get_current_timeout(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	4301	{
wolfSSL	0:1239e9b70ca2	4302	(void)ssl;
wolfSSL	0:1239e9b70ca2	4303
wolfSSL	0:1239e9b70ca2	4304	return ssl->dtls_timeout;
wolfSSL	0:1239e9b70ca2	4305	}
wolfSSL	0:1239e9b70ca2	4306
wolfSSL	0:1239e9b70ca2	4307
wolfSSL	0:1239e9b70ca2	4308	/* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	4309	int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int timeout)
wolfSSL	0:1239e9b70ca2	4310	{
wolfSSL	0:1239e9b70ca2	4311	if (ssl == NULL \|\| timeout < 0)
wolfSSL	0:1239e9b70ca2	4312	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	4313
wolfSSL	0:1239e9b70ca2	4314	if (timeout > ssl->dtls_timeout_max) {
wolfSSL	0:1239e9b70ca2	4315	CYASSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
wolfSSL	0:1239e9b70ca2	4316	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	4317	}
wolfSSL	0:1239e9b70ca2	4318
wolfSSL	0:1239e9b70ca2	4319	ssl->dtls_timeout_init = timeout;
wolfSSL	0:1239e9b70ca2	4320	ssl->dtls_timeout = timeout;
wolfSSL	0:1239e9b70ca2	4321
wolfSSL	0:1239e9b70ca2	4322	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4323	}
wolfSSL	0:1239e9b70ca2	4324
wolfSSL	0:1239e9b70ca2	4325
wolfSSL	0:1239e9b70ca2	4326	/* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	4327	int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int timeout)
wolfSSL	0:1239e9b70ca2	4328	{
wolfSSL	0:1239e9b70ca2	4329	if (ssl == NULL \|\| timeout < 0)
wolfSSL	0:1239e9b70ca2	4330	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	4331
wolfSSL	0:1239e9b70ca2	4332	if (timeout < ssl->dtls_timeout_init) {
wolfSSL	0:1239e9b70ca2	4333	CYASSL_MSG("Can't set dtls timeout max less than dtls timeout init");
wolfSSL	0:1239e9b70ca2	4334	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	4335	}
wolfSSL	0:1239e9b70ca2	4336
wolfSSL	0:1239e9b70ca2	4337	ssl->dtls_timeout_max = timeout;
wolfSSL	0:1239e9b70ca2	4338
wolfSSL	0:1239e9b70ca2	4339	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4340	}
wolfSSL	0:1239e9b70ca2	4341
wolfSSL	0:1239e9b70ca2	4342
wolfSSL	0:1239e9b70ca2	4343	int CyaSSL_dtls_got_timeout(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	4344	{
wolfSSL	0:1239e9b70ca2	4345	int result = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4346
wolfSSL	0:1239e9b70ca2	4347	DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
wolfSSL	0:1239e9b70ca2	4348	ssl->dtls_msg_list = NULL;
wolfSSL	0:1239e9b70ca2	4349	if (DtlsPoolTimeout(ssl) < 0 \|\| DtlsPoolSend(ssl) < 0) {
wolfSSL	0:1239e9b70ca2	4350	result = SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4351	}
wolfSSL	0:1239e9b70ca2	4352	return result;
wolfSSL	0:1239e9b70ca2	4353	}
wolfSSL	0:1239e9b70ca2	4354
wolfSSL	0:1239e9b70ca2	4355	#endif /* DTLS */
wolfSSL	0:1239e9b70ca2	4356	#endif /* LEANPSK */
wolfSSL	0:1239e9b70ca2	4357
wolfSSL	0:1239e9b70ca2	4358
wolfSSL	0:1239e9b70ca2	4359	/* client only parts */
wolfSSL	0:1239e9b70ca2	4360	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	4361
wolfSSL	0:1239e9b70ca2	4362	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	4363	CYASSL_METHOD* CyaSSLv3_client_method(void)
wolfSSL	0:1239e9b70ca2	4364	{
wolfSSL	0:1239e9b70ca2	4365	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	4366	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	4367	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	4368	CYASSL_ENTER("SSLv3_client_method");
wolfSSL	0:1239e9b70ca2	4369	if (method)
wolfSSL	0:1239e9b70ca2	4370	InitSSL_Method(method, MakeSSLv3());
wolfSSL	0:1239e9b70ca2	4371	return method;
wolfSSL	0:1239e9b70ca2	4372	}
wolfSSL	0:1239e9b70ca2	4373	#endif
wolfSSL	0:1239e9b70ca2	4374
wolfSSL	0:1239e9b70ca2	4375	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4376	CYASSL_METHOD* CyaDTLSv1_client_method(void)
wolfSSL	0:1239e9b70ca2	4377	{
wolfSSL	0:1239e9b70ca2	4378	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	4379	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	4380	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	4381	CYASSL_ENTER("DTLSv1_client_method");
wolfSSL	0:1239e9b70ca2	4382	if (method)
wolfSSL	0:1239e9b70ca2	4383	InitSSL_Method(method, MakeDTLSv1());
wolfSSL	0:1239e9b70ca2	4384	return method;
wolfSSL	0:1239e9b70ca2	4385	}
wolfSSL	0:1239e9b70ca2	4386
wolfSSL	0:1239e9b70ca2	4387	CYASSL_METHOD* CyaDTLSv1_2_client_method(void)
wolfSSL	0:1239e9b70ca2	4388	{
wolfSSL	0:1239e9b70ca2	4389	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	4390	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	4391	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	4392	CYASSL_ENTER("DTLSv1_2_client_method");
wolfSSL	0:1239e9b70ca2	4393	if (method)
wolfSSL	0:1239e9b70ca2	4394	InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL	0:1239e9b70ca2	4395	return method;
wolfSSL	0:1239e9b70ca2	4396	}
wolfSSL	0:1239e9b70ca2	4397	#endif
wolfSSL	0:1239e9b70ca2	4398
wolfSSL	0:1239e9b70ca2	4399
wolfSSL	0:1239e9b70ca2	4400	/* please see note at top of README if you get an error from connect */
wolfSSL	0:1239e9b70ca2	4401	int CyaSSL_connect(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	4402	{
wolfSSL	0:1239e9b70ca2	4403	int neededState;
wolfSSL	0:1239e9b70ca2	4404
wolfSSL	0:1239e9b70ca2	4405	CYASSL_ENTER("SSL_connect()");
wolfSSL	0:1239e9b70ca2	4406
wolfSSL	0:1239e9b70ca2	4407	#ifdef HAVE_ERRNO_H
wolfSSL	0:1239e9b70ca2	4408	errno = 0;
wolfSSL	0:1239e9b70ca2	4409	#endif
wolfSSL	0:1239e9b70ca2	4410
wolfSSL	0:1239e9b70ca2	4411	if (ssl->options.side != CYASSL_CLIENT_END) {
wolfSSL	0:1239e9b70ca2	4412	CYASSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL	0:1239e9b70ca2	4413	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4414	}
wolfSSL	0:1239e9b70ca2	4415
wolfSSL	0:1239e9b70ca2	4416	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4417	if (ssl->version.major == DTLS_MAJOR) {
wolfSSL	0:1239e9b70ca2	4418	ssl->options.dtls = 1;
wolfSSL	0:1239e9b70ca2	4419	ssl->options.tls = 1;
wolfSSL	0:1239e9b70ca2	4420	ssl->options.tls1_1 = 1;
wolfSSL	0:1239e9b70ca2	4421
wolfSSL	0:1239e9b70ca2	4422	if (DtlsPoolInit(ssl) != 0) {
wolfSSL	0:1239e9b70ca2	4423	ssl->error = MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	4424	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4425	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4426	}
wolfSSL	0:1239e9b70ca2	4427	}
wolfSSL	0:1239e9b70ca2	4428	#endif
wolfSSL	0:1239e9b70ca2	4429
wolfSSL	0:1239e9b70ca2	4430	if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL	0:1239e9b70ca2	4431	if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL	0:1239e9b70ca2	4432	ssl->options.connectState++;
wolfSSL	0:1239e9b70ca2	4433	CYASSL_MSG("connect state: Advanced from buffered send");
wolfSSL	0:1239e9b70ca2	4434	}
wolfSSL	0:1239e9b70ca2	4435	else {
wolfSSL	0:1239e9b70ca2	4436	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4437	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4438	}
wolfSSL	0:1239e9b70ca2	4439	}
wolfSSL	0:1239e9b70ca2	4440
wolfSSL	0:1239e9b70ca2	4441	switch (ssl->options.connectState) {
wolfSSL	0:1239e9b70ca2	4442
wolfSSL	0:1239e9b70ca2	4443	case CONNECT_BEGIN :
wolfSSL	0:1239e9b70ca2	4444	/* always send client hello first */
wolfSSL	0:1239e9b70ca2	4445	if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4446	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4447	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4448	}
wolfSSL	0:1239e9b70ca2	4449	ssl->options.connectState = CLIENT_HELLO_SENT;
wolfSSL	0:1239e9b70ca2	4450	CYASSL_MSG("connect state: CLIENT_HELLO_SENT");
wolfSSL	0:1239e9b70ca2	4451
wolfSSL	0:1239e9b70ca2	4452	case CLIENT_HELLO_SENT :
wolfSSL	0:1239e9b70ca2	4453	neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
wolfSSL	0:1239e9b70ca2	4454	SERVER_HELLODONE_COMPLETE;
wolfSSL	0:1239e9b70ca2	4455	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4456	/* In DTLS, when resuming, we can go straight to FINISHED,
wolfSSL	0:1239e9b70ca2	4457	* or do a cookie exchange and then skip to FINISHED, assume
wolfSSL	0:1239e9b70ca2	4458	* we need the cookie exchange first. */
wolfSSL	0:1239e9b70ca2	4459	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	4460	neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL	0:1239e9b70ca2	4461	#endif
wolfSSL	0:1239e9b70ca2	4462	/* get response */
wolfSSL	0:1239e9b70ca2	4463	while (ssl->options.serverState < neededState) {
wolfSSL	0:1239e9b70ca2	4464	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	4465	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4466	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4467	}
wolfSSL	0:1239e9b70ca2	4468	/* if resumption failed, reset needed state */
wolfSSL	0:1239e9b70ca2	4469	else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL	0:1239e9b70ca2	4470	if (!ssl->options.resuming) {
wolfSSL	0:1239e9b70ca2	4471	if (!ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	4472	neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL	0:1239e9b70ca2	4473	else
wolfSSL	0:1239e9b70ca2	4474	neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL	0:1239e9b70ca2	4475	}
wolfSSL	0:1239e9b70ca2	4476	}
wolfSSL	0:1239e9b70ca2	4477
wolfSSL	0:1239e9b70ca2	4478	ssl->options.connectState = HELLO_AGAIN;
wolfSSL	0:1239e9b70ca2	4479	CYASSL_MSG("connect state: HELLO_AGAIN");
wolfSSL	0:1239e9b70ca2	4480
wolfSSL	0:1239e9b70ca2	4481	case HELLO_AGAIN :
wolfSSL	0:1239e9b70ca2	4482	if (ssl->options.certOnly)
wolfSSL	0:1239e9b70ca2	4483	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4484
wolfSSL	0:1239e9b70ca2	4485	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4486	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	4487	/* re-init hashes, exclude first hello and verify request */
wolfSSL	0:1239e9b70ca2	4488	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	4489	InitMd5(&ssl->hashMd5);
wolfSSL	0:1239e9b70ca2	4490	if ( (ssl->error = InitSha(&ssl->hashSha)) != 0) {
wolfSSL	0:1239e9b70ca2	4491	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4492	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4493	}
wolfSSL	0:1239e9b70ca2	4494	#endif
wolfSSL	0:1239e9b70ca2	4495	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	4496	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	4497	if ( (ssl->error =
wolfSSL	0:1239e9b70ca2	4498	InitSha256(&ssl->hashSha256)) != 0) {
wolfSSL	0:1239e9b70ca2	4499	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4500	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4501	}
wolfSSL	0:1239e9b70ca2	4502	#endif
wolfSSL	0:1239e9b70ca2	4503	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	4504	if ( (ssl->error =
wolfSSL	0:1239e9b70ca2	4505	InitSha384(&ssl->hashSha384)) != 0) {
wolfSSL	0:1239e9b70ca2	4506	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4507	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4508	}
wolfSSL	0:1239e9b70ca2	4509	#endif
wolfSSL	0:1239e9b70ca2	4510	}
wolfSSL	0:1239e9b70ca2	4511	if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4512	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4513	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4514	}
wolfSSL	0:1239e9b70ca2	4515	}
wolfSSL	0:1239e9b70ca2	4516	#endif
wolfSSL	0:1239e9b70ca2	4517
wolfSSL	0:1239e9b70ca2	4518	ssl->options.connectState = HELLO_AGAIN_REPLY;
wolfSSL	0:1239e9b70ca2	4519	CYASSL_MSG("connect state: HELLO_AGAIN_REPLY");
wolfSSL	0:1239e9b70ca2	4520
wolfSSL	0:1239e9b70ca2	4521	case HELLO_AGAIN_REPLY :
wolfSSL	0:1239e9b70ca2	4522	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4523	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	4524	neededState = ssl->options.resuming ?
wolfSSL	0:1239e9b70ca2	4525	SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
wolfSSL	0:1239e9b70ca2	4526
wolfSSL	0:1239e9b70ca2	4527	/* get response */
wolfSSL	0:1239e9b70ca2	4528	while (ssl->options.serverState < neededState) {
wolfSSL	0:1239e9b70ca2	4529	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	4530	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4531	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4532	}
wolfSSL	0:1239e9b70ca2	4533	/* if resumption failed, reset needed state */
wolfSSL	0:1239e9b70ca2	4534	else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL	0:1239e9b70ca2	4535	if (!ssl->options.resuming)
wolfSSL	0:1239e9b70ca2	4536	neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL	0:1239e9b70ca2	4537	}
wolfSSL	0:1239e9b70ca2	4538	}
wolfSSL	0:1239e9b70ca2	4539	#endif
wolfSSL	0:1239e9b70ca2	4540
wolfSSL	0:1239e9b70ca2	4541	ssl->options.connectState = FIRST_REPLY_DONE;
wolfSSL	0:1239e9b70ca2	4542	CYASSL_MSG("connect state: FIRST_REPLY_DONE");
wolfSSL	0:1239e9b70ca2	4543
wolfSSL	0:1239e9b70ca2	4544	case FIRST_REPLY_DONE :
wolfSSL	0:1239e9b70ca2	4545	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	4546	if (ssl->options.sendVerify) {
wolfSSL	0:1239e9b70ca2	4547	if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4548	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4549	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4550	}
wolfSSL	0:1239e9b70ca2	4551	CYASSL_MSG("sent: certificate");
wolfSSL	0:1239e9b70ca2	4552	}
wolfSSL	0:1239e9b70ca2	4553
wolfSSL	0:1239e9b70ca2	4554	#endif
wolfSSL	0:1239e9b70ca2	4555	ssl->options.connectState = FIRST_REPLY_FIRST;
wolfSSL	0:1239e9b70ca2	4556	CYASSL_MSG("connect state: FIRST_REPLY_FIRST");
wolfSSL	0:1239e9b70ca2	4557
wolfSSL	0:1239e9b70ca2	4558	case FIRST_REPLY_FIRST :
wolfSSL	0:1239e9b70ca2	4559	if (!ssl->options.resuming) {
wolfSSL	0:1239e9b70ca2	4560	if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4561	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4562	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4563	}
wolfSSL	0:1239e9b70ca2	4564	CYASSL_MSG("sent: client key exchange");
wolfSSL	0:1239e9b70ca2	4565	}
wolfSSL	0:1239e9b70ca2	4566
wolfSSL	0:1239e9b70ca2	4567	ssl->options.connectState = FIRST_REPLY_SECOND;
wolfSSL	0:1239e9b70ca2	4568	CYASSL_MSG("connect state: FIRST_REPLY_SECOND");
wolfSSL	0:1239e9b70ca2	4569
wolfSSL	0:1239e9b70ca2	4570	case FIRST_REPLY_SECOND :
wolfSSL	0:1239e9b70ca2	4571	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	4572	if (ssl->options.sendVerify) {
wolfSSL	0:1239e9b70ca2	4573	if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4574	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4575	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4576	}
wolfSSL	0:1239e9b70ca2	4577	CYASSL_MSG("sent: certificate verify");
wolfSSL	0:1239e9b70ca2	4578	}
wolfSSL	0:1239e9b70ca2	4579	#endif
wolfSSL	0:1239e9b70ca2	4580	ssl->options.connectState = FIRST_REPLY_THIRD;
wolfSSL	0:1239e9b70ca2	4581	CYASSL_MSG("connect state: FIRST_REPLY_THIRD");
wolfSSL	0:1239e9b70ca2	4582
wolfSSL	0:1239e9b70ca2	4583	case FIRST_REPLY_THIRD :
wolfSSL	0:1239e9b70ca2	4584	if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4585	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4586	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4587	}
wolfSSL	0:1239e9b70ca2	4588	CYASSL_MSG("sent: change cipher spec");
wolfSSL	0:1239e9b70ca2	4589	ssl->options.connectState = FIRST_REPLY_FOURTH;
wolfSSL	0:1239e9b70ca2	4590	CYASSL_MSG("connect state: FIRST_REPLY_FOURTH");
wolfSSL	0:1239e9b70ca2	4591
wolfSSL	0:1239e9b70ca2	4592	case FIRST_REPLY_FOURTH :
wolfSSL	0:1239e9b70ca2	4593	if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4594	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4595	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4596	}
wolfSSL	0:1239e9b70ca2	4597	CYASSL_MSG("sent: finished");
wolfSSL	0:1239e9b70ca2	4598	ssl->options.connectState = FINISHED_DONE;
wolfSSL	0:1239e9b70ca2	4599	CYASSL_MSG("connect state: FINISHED_DONE");
wolfSSL	0:1239e9b70ca2	4600
wolfSSL	0:1239e9b70ca2	4601	case FINISHED_DONE :
wolfSSL	0:1239e9b70ca2	4602	/* get response */
wolfSSL	0:1239e9b70ca2	4603	while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
wolfSSL	0:1239e9b70ca2	4604	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	4605	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4606	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4607	}
wolfSSL	0:1239e9b70ca2	4608
wolfSSL	0:1239e9b70ca2	4609	ssl->options.connectState = SECOND_REPLY_DONE;
wolfSSL	0:1239e9b70ca2	4610	CYASSL_MSG("connect state: SECOND_REPLY_DONE");
wolfSSL	0:1239e9b70ca2	4611
wolfSSL	0:1239e9b70ca2	4612	case SECOND_REPLY_DONE:
wolfSSL	0:1239e9b70ca2	4613	FreeHandshakeResources(ssl);
wolfSSL	0:1239e9b70ca2	4614	CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS);
wolfSSL	0:1239e9b70ca2	4615	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4616
wolfSSL	0:1239e9b70ca2	4617	default:
wolfSSL	0:1239e9b70ca2	4618	CYASSL_MSG("Unknown connect state ERROR");
wolfSSL	0:1239e9b70ca2	4619	return SSL_FATAL_ERROR; /* unknown connect state */
wolfSSL	0:1239e9b70ca2	4620	}
wolfSSL	0:1239e9b70ca2	4621	}
wolfSSL	0:1239e9b70ca2	4622
wolfSSL	0:1239e9b70ca2	4623	#endif /* NO_CYASSL_CLIENT */
wolfSSL	0:1239e9b70ca2	4624
wolfSSL	0:1239e9b70ca2	4625
wolfSSL	0:1239e9b70ca2	4626	/* server only parts */
wolfSSL	0:1239e9b70ca2	4627	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	4628
wolfSSL	0:1239e9b70ca2	4629	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	4630	CYASSL_METHOD* CyaSSLv3_server_method(void)
wolfSSL	0:1239e9b70ca2	4631	{
wolfSSL	0:1239e9b70ca2	4632	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	4633	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	4634	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	4635	CYASSL_ENTER("SSLv3_server_method");
wolfSSL	0:1239e9b70ca2	4636	if (method) {
wolfSSL	0:1239e9b70ca2	4637	InitSSL_Method(method, MakeSSLv3());
wolfSSL	0:1239e9b70ca2	4638	method->side = CYASSL_SERVER_END;
wolfSSL	0:1239e9b70ca2	4639	}
wolfSSL	0:1239e9b70ca2	4640	return method;
wolfSSL	0:1239e9b70ca2	4641	}
wolfSSL	0:1239e9b70ca2	4642	#endif
wolfSSL	0:1239e9b70ca2	4643
wolfSSL	0:1239e9b70ca2	4644
wolfSSL	0:1239e9b70ca2	4645	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4646	CYASSL_METHOD* CyaDTLSv1_server_method(void)
wolfSSL	0:1239e9b70ca2	4647	{
wolfSSL	0:1239e9b70ca2	4648	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	4649	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	4650	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	4651	CYASSL_ENTER("DTLSv1_server_method");
wolfSSL	0:1239e9b70ca2	4652	if (method) {
wolfSSL	0:1239e9b70ca2	4653	InitSSL_Method(method, MakeDTLSv1());
wolfSSL	0:1239e9b70ca2	4654	method->side = CYASSL_SERVER_END;
wolfSSL	0:1239e9b70ca2	4655	}
wolfSSL	0:1239e9b70ca2	4656	return method;
wolfSSL	0:1239e9b70ca2	4657	}
wolfSSL	0:1239e9b70ca2	4658
wolfSSL	0:1239e9b70ca2	4659	CYASSL_METHOD* CyaDTLSv1_2_server_method(void)
wolfSSL	0:1239e9b70ca2	4660	{
wolfSSL	0:1239e9b70ca2	4661	CYASSL_METHOD* method =
wolfSSL	0:1239e9b70ca2	4662	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
wolfSSL	0:1239e9b70ca2	4663	DYNAMIC_TYPE_METHOD);
wolfSSL	0:1239e9b70ca2	4664	CYASSL_ENTER("DTLSv1_2_server_method");
wolfSSL	0:1239e9b70ca2	4665	if (method) {
wolfSSL	0:1239e9b70ca2	4666	InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL	0:1239e9b70ca2	4667	method->side = CYASSL_SERVER_END;
wolfSSL	0:1239e9b70ca2	4668	}
wolfSSL	0:1239e9b70ca2	4669	return method;
wolfSSL	0:1239e9b70ca2	4670	}
wolfSSL	0:1239e9b70ca2	4671	#endif
wolfSSL	0:1239e9b70ca2	4672
wolfSSL	0:1239e9b70ca2	4673
wolfSSL	0:1239e9b70ca2	4674	int CyaSSL_accept(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	4675	{
wolfSSL	0:1239e9b70ca2	4676	byte havePSK = 0;
wolfSSL	0:1239e9b70ca2	4677	CYASSL_ENTER("SSL_accept()");
wolfSSL	0:1239e9b70ca2	4678
wolfSSL	0:1239e9b70ca2	4679	#ifdef HAVE_ERRNO_H
wolfSSL	0:1239e9b70ca2	4680	errno = 0;
wolfSSL	0:1239e9b70ca2	4681	#endif
wolfSSL	0:1239e9b70ca2	4682
wolfSSL	0:1239e9b70ca2	4683	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	4684	havePSK = ssl->options.havePSK;
wolfSSL	0:1239e9b70ca2	4685	#endif
wolfSSL	0:1239e9b70ca2	4686	(void)havePSK;
wolfSSL	0:1239e9b70ca2	4687
wolfSSL	0:1239e9b70ca2	4688	if (ssl->options.side != CYASSL_SERVER_END) {
wolfSSL	0:1239e9b70ca2	4689	CYASSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL	0:1239e9b70ca2	4690	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4691	}
wolfSSL	0:1239e9b70ca2	4692
wolfSSL	0:1239e9b70ca2	4693	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	4694	/* in case used set_accept_state after init */
wolfSSL	0:1239e9b70ca2	4695	if (!havePSK && (ssl->buffers.certificate.buffer == NULL \|\|
wolfSSL	0:1239e9b70ca2	4696	ssl->buffers.key.buffer == NULL)) {
wolfSSL	0:1239e9b70ca2	4697	CYASSL_MSG("accept error: don't have server cert and key");
wolfSSL	0:1239e9b70ca2	4698	ssl->error = NO_PRIVATE_KEY;
wolfSSL	0:1239e9b70ca2	4699	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4700	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4701	}
wolfSSL	0:1239e9b70ca2	4702	#endif
wolfSSL	0:1239e9b70ca2	4703
wolfSSL	0:1239e9b70ca2	4704	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	4705	/* in case used set_accept_state after init */
wolfSSL	0:1239e9b70ca2	4706	if (ssl->eccTempKeyPresent == 0) {
wolfSSL	0:1239e9b70ca2	4707	if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
wolfSSL	0:1239e9b70ca2	4708	ssl->eccTempKey) != 0) {
wolfSSL	0:1239e9b70ca2	4709	ssl->error = ECC_MAKEKEY_ERROR;
wolfSSL	0:1239e9b70ca2	4710	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4711	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4712	}
wolfSSL	0:1239e9b70ca2	4713	ssl->eccTempKeyPresent = 1;
wolfSSL	0:1239e9b70ca2	4714	}
wolfSSL	0:1239e9b70ca2	4715	#endif
wolfSSL	0:1239e9b70ca2	4716
wolfSSL	0:1239e9b70ca2	4717	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4718	if (ssl->version.major == DTLS_MAJOR) {
wolfSSL	0:1239e9b70ca2	4719	ssl->options.dtls = 1;
wolfSSL	0:1239e9b70ca2	4720	ssl->options.tls = 1;
wolfSSL	0:1239e9b70ca2	4721	ssl->options.tls1_1 = 1;
wolfSSL	0:1239e9b70ca2	4722
wolfSSL	0:1239e9b70ca2	4723	if (DtlsPoolInit(ssl) != 0) {
wolfSSL	0:1239e9b70ca2	4724	ssl->error = MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	4725	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4726	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4727	}
wolfSSL	0:1239e9b70ca2	4728	}
wolfSSL	0:1239e9b70ca2	4729	#endif
wolfSSL	0:1239e9b70ca2	4730
wolfSSL	0:1239e9b70ca2	4731	if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL	0:1239e9b70ca2	4732	if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL	0:1239e9b70ca2	4733	ssl->options.acceptState++;
wolfSSL	0:1239e9b70ca2	4734	CYASSL_MSG("accept state: Advanced from buffered send");
wolfSSL	0:1239e9b70ca2	4735	}
wolfSSL	0:1239e9b70ca2	4736	else {
wolfSSL	0:1239e9b70ca2	4737	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4738	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4739	}
wolfSSL	0:1239e9b70ca2	4740	}
wolfSSL	0:1239e9b70ca2	4741
wolfSSL	0:1239e9b70ca2	4742	switch (ssl->options.acceptState) {
wolfSSL	0:1239e9b70ca2	4743
wolfSSL	0:1239e9b70ca2	4744	case ACCEPT_BEGIN :
wolfSSL	0:1239e9b70ca2	4745	/* get response */
wolfSSL	0:1239e9b70ca2	4746	while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL	0:1239e9b70ca2	4747	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	4748	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4749	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4750	}
wolfSSL	0:1239e9b70ca2	4751	ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
wolfSSL	0:1239e9b70ca2	4752	CYASSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
wolfSSL	0:1239e9b70ca2	4753
wolfSSL	0:1239e9b70ca2	4754	case ACCEPT_CLIENT_HELLO_DONE :
wolfSSL	0:1239e9b70ca2	4755	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4756	if (ssl->options.dtls)
wolfSSL	0:1239e9b70ca2	4757	if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4758	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4759	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4760	}
wolfSSL	0:1239e9b70ca2	4761	#endif
wolfSSL	0:1239e9b70ca2	4762	ssl->options.acceptState = HELLO_VERIFY_SENT;
wolfSSL	0:1239e9b70ca2	4763	CYASSL_MSG("accept state HELLO_VERIFY_SENT");
wolfSSL	0:1239e9b70ca2	4764
wolfSSL	0:1239e9b70ca2	4765	case HELLO_VERIFY_SENT:
wolfSSL	0:1239e9b70ca2	4766	#ifdef CYASSL_DTLS
wolfSSL	0:1239e9b70ca2	4767	if (ssl->options.dtls) {
wolfSSL	0:1239e9b70ca2	4768	ssl->options.clientState = NULL_STATE; /* get again */
wolfSSL	0:1239e9b70ca2	4769	/* re-init hashes, exclude first hello and verify request */
wolfSSL	0:1239e9b70ca2	4770	#ifndef NO_OLD_TLS
wolfSSL	0:1239e9b70ca2	4771	InitMd5(&ssl->hashMd5);
wolfSSL	0:1239e9b70ca2	4772	if ( (ssl->error = InitSha(&ssl->hashSha)) != 0) {
wolfSSL	0:1239e9b70ca2	4773	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4774	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4775	}
wolfSSL	0:1239e9b70ca2	4776	#endif
wolfSSL	0:1239e9b70ca2	4777	if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL	0:1239e9b70ca2	4778	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	4779	if ( (ssl->error =
wolfSSL	0:1239e9b70ca2	4780	InitSha256(&ssl->hashSha256)) != 0) {
wolfSSL	0:1239e9b70ca2	4781	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4782	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4783	}
wolfSSL	0:1239e9b70ca2	4784	#endif
wolfSSL	0:1239e9b70ca2	4785	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	4786	if ( (ssl->error =
wolfSSL	0:1239e9b70ca2	4787	InitSha384(&ssl->hashSha384)) != 0) {
wolfSSL	0:1239e9b70ca2	4788	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4789	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4790	}
wolfSSL	0:1239e9b70ca2	4791	#endif
wolfSSL	0:1239e9b70ca2	4792	}
wolfSSL	0:1239e9b70ca2	4793
wolfSSL	0:1239e9b70ca2	4794	while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL	0:1239e9b70ca2	4795	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	4796	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4797	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4798	}
wolfSSL	0:1239e9b70ca2	4799	}
wolfSSL	0:1239e9b70ca2	4800	#endif
wolfSSL	0:1239e9b70ca2	4801	ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
wolfSSL	0:1239e9b70ca2	4802	CYASSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
wolfSSL	0:1239e9b70ca2	4803
wolfSSL	0:1239e9b70ca2	4804	case ACCEPT_FIRST_REPLY_DONE :
wolfSSL	0:1239e9b70ca2	4805	if ( (ssl->error = SendServerHello(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4806	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4807	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4808	}
wolfSSL	0:1239e9b70ca2	4809	ssl->options.acceptState = SERVER_HELLO_SENT;
wolfSSL	0:1239e9b70ca2	4810	CYASSL_MSG("accept state SERVER_HELLO_SENT");
wolfSSL	0:1239e9b70ca2	4811
wolfSSL	0:1239e9b70ca2	4812	case SERVER_HELLO_SENT :
wolfSSL	0:1239e9b70ca2	4813	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	4814	if (!ssl->options.resuming)
wolfSSL	0:1239e9b70ca2	4815	if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4816	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4817	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4818	}
wolfSSL	0:1239e9b70ca2	4819	#endif
wolfSSL	0:1239e9b70ca2	4820	ssl->options.acceptState = CERT_SENT;
wolfSSL	0:1239e9b70ca2	4821	CYASSL_MSG("accept state CERT_SENT");
wolfSSL	0:1239e9b70ca2	4822
wolfSSL	0:1239e9b70ca2	4823	case CERT_SENT :
wolfSSL	0:1239e9b70ca2	4824	if (!ssl->options.resuming)
wolfSSL	0:1239e9b70ca2	4825	if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4826	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4827	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4828	}
wolfSSL	0:1239e9b70ca2	4829	ssl->options.acceptState = KEY_EXCHANGE_SENT;
wolfSSL	0:1239e9b70ca2	4830	CYASSL_MSG("accept state KEY_EXCHANGE_SENT");
wolfSSL	0:1239e9b70ca2	4831
wolfSSL	0:1239e9b70ca2	4832	case KEY_EXCHANGE_SENT :
wolfSSL	0:1239e9b70ca2	4833	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	4834	if (!ssl->options.resuming)
wolfSSL	0:1239e9b70ca2	4835	if (ssl->options.verifyPeer)
wolfSSL	0:1239e9b70ca2	4836	if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4837	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4838	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4839	}
wolfSSL	0:1239e9b70ca2	4840	#endif
wolfSSL	0:1239e9b70ca2	4841	ssl->options.acceptState = CERT_REQ_SENT;
wolfSSL	0:1239e9b70ca2	4842	CYASSL_MSG("accept state CERT_REQ_SENT");
wolfSSL	0:1239e9b70ca2	4843
wolfSSL	0:1239e9b70ca2	4844	case CERT_REQ_SENT :
wolfSSL	0:1239e9b70ca2	4845	if (!ssl->options.resuming)
wolfSSL	0:1239e9b70ca2	4846	if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4847	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4848	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4849	}
wolfSSL	0:1239e9b70ca2	4850	ssl->options.acceptState = SERVER_HELLO_DONE;
wolfSSL	0:1239e9b70ca2	4851	CYASSL_MSG("accept state SERVER_HELLO_DONE");
wolfSSL	0:1239e9b70ca2	4852
wolfSSL	0:1239e9b70ca2	4853	case SERVER_HELLO_DONE :
wolfSSL	0:1239e9b70ca2	4854	if (!ssl->options.resuming) {
wolfSSL	0:1239e9b70ca2	4855	while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL	0:1239e9b70ca2	4856	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	4857	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4858	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4859	}
wolfSSL	0:1239e9b70ca2	4860	}
wolfSSL	0:1239e9b70ca2	4861	ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
wolfSSL	0:1239e9b70ca2	4862	CYASSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
wolfSSL	0:1239e9b70ca2	4863
wolfSSL	0:1239e9b70ca2	4864	case ACCEPT_SECOND_REPLY_DONE :
wolfSSL	0:1239e9b70ca2	4865	if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4866	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4867	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4868	}
wolfSSL	0:1239e9b70ca2	4869	ssl->options.acceptState = CHANGE_CIPHER_SENT;
wolfSSL	0:1239e9b70ca2	4870	CYASSL_MSG("accept state CHANGE_CIPHER_SENT");
wolfSSL	0:1239e9b70ca2	4871
wolfSSL	0:1239e9b70ca2	4872	case CHANGE_CIPHER_SENT :
wolfSSL	0:1239e9b70ca2	4873	if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL	0:1239e9b70ca2	4874	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4875	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4876	}
wolfSSL	0:1239e9b70ca2	4877
wolfSSL	0:1239e9b70ca2	4878	ssl->options.acceptState = ACCEPT_FINISHED_DONE;
wolfSSL	0:1239e9b70ca2	4879	CYASSL_MSG("accept state ACCEPT_FINISHED_DONE");
wolfSSL	0:1239e9b70ca2	4880
wolfSSL	0:1239e9b70ca2	4881	case ACCEPT_FINISHED_DONE :
wolfSSL	0:1239e9b70ca2	4882	if (ssl->options.resuming)
wolfSSL	0:1239e9b70ca2	4883	while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL	0:1239e9b70ca2	4884	if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL	0:1239e9b70ca2	4885	CYASSL_ERROR(ssl->error);
wolfSSL	0:1239e9b70ca2	4886	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4887	}
wolfSSL	0:1239e9b70ca2	4888
wolfSSL	0:1239e9b70ca2	4889	ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
wolfSSL	0:1239e9b70ca2	4890	CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
wolfSSL	0:1239e9b70ca2	4891
wolfSSL	0:1239e9b70ca2	4892	case ACCEPT_THIRD_REPLY_DONE :
wolfSSL	0:1239e9b70ca2	4893	FreeHandshakeResources(ssl);
wolfSSL	0:1239e9b70ca2	4894	CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS);
wolfSSL	0:1239e9b70ca2	4895	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4896
wolfSSL	0:1239e9b70ca2	4897	default :
wolfSSL	0:1239e9b70ca2	4898	CYASSL_MSG("Unknown accept state ERROR");
wolfSSL	0:1239e9b70ca2	4899	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	4900	}
wolfSSL	0:1239e9b70ca2	4901	}
wolfSSL	0:1239e9b70ca2	4902
wolfSSL	0:1239e9b70ca2	4903	#endif /* NO_CYASSL_SERVER */
wolfSSL	0:1239e9b70ca2	4904
wolfSSL	0:1239e9b70ca2	4905
wolfSSL	0:1239e9b70ca2	4906	int CyaSSL_Cleanup(void)
wolfSSL	0:1239e9b70ca2	4907	{
wolfSSL	0:1239e9b70ca2	4908	int ret = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	4909	int release = 0;
wolfSSL	0:1239e9b70ca2	4910
wolfSSL	0:1239e9b70ca2	4911	CYASSL_ENTER("CyaSSL_Cleanup");
wolfSSL	0:1239e9b70ca2	4912
wolfSSL	0:1239e9b70ca2	4913	if (initRefCount == 0)
wolfSSL	0:1239e9b70ca2	4914	return ret; /* possibly no init yet, but not failure either way */
wolfSSL	0:1239e9b70ca2	4915
wolfSSL	0:1239e9b70ca2	4916	if (LockMutex(&count_mutex) != 0) {
wolfSSL	0:1239e9b70ca2	4917	CYASSL_MSG("Bad Lock Mutex count");
wolfSSL	0:1239e9b70ca2	4918	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	4919	}
wolfSSL	0:1239e9b70ca2	4920
wolfSSL	0:1239e9b70ca2	4921	release = initRefCount-- == 1;
wolfSSL	0:1239e9b70ca2	4922	if (initRefCount < 0)
wolfSSL	0:1239e9b70ca2	4923	initRefCount = 0;
wolfSSL	0:1239e9b70ca2	4924
wolfSSL	0:1239e9b70ca2	4925	UnLockMutex(&count_mutex);
wolfSSL	0:1239e9b70ca2	4926
wolfSSL	0:1239e9b70ca2	4927	if (!release)
wolfSSL	0:1239e9b70ca2	4928	return ret;
wolfSSL	0:1239e9b70ca2	4929
wolfSSL	0:1239e9b70ca2	4930	#ifndef NO_SESSION_CACHE
wolfSSL	0:1239e9b70ca2	4931	if (FreeMutex(&session_mutex) != 0)
wolfSSL	0:1239e9b70ca2	4932	ret = BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	4933	#endif
wolfSSL	0:1239e9b70ca2	4934	if (FreeMutex(&count_mutex) != 0)
wolfSSL	0:1239e9b70ca2	4935	ret = BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	4936
wolfSSL	0:1239e9b70ca2	4937	#if defined(HAVE_ECC) && defined(FP_ECC)
wolfSSL	0:1239e9b70ca2	4938	ecc_fp_free();
wolfSSL	0:1239e9b70ca2	4939	#endif
wolfSSL	0:1239e9b70ca2	4940
wolfSSL	0:1239e9b70ca2	4941	return ret;
wolfSSL	0:1239e9b70ca2	4942	}
wolfSSL	0:1239e9b70ca2	4943
wolfSSL	0:1239e9b70ca2	4944
wolfSSL	0:1239e9b70ca2	4945	#ifndef NO_SESSION_CACHE
wolfSSL	0:1239e9b70ca2	4946
wolfSSL	0:1239e9b70ca2	4947	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	4948
wolfSSL	0:1239e9b70ca2	4949	/* some session IDs aren't random afterall, let's make them random */
wolfSSL	0:1239e9b70ca2	4950
wolfSSL	0:1239e9b70ca2	4951	static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL	0:1239e9b70ca2	4952	{
wolfSSL	0:1239e9b70ca2	4953	byte digest[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	4954	Md5 md5;
wolfSSL	0:1239e9b70ca2	4955
wolfSSL	0:1239e9b70ca2	4956	(void)error;
wolfSSL	0:1239e9b70ca2	4957
wolfSSL	0:1239e9b70ca2	4958	InitMd5(&md5);
wolfSSL	0:1239e9b70ca2	4959	Md5Update(&md5, sessionID, len);
wolfSSL	0:1239e9b70ca2	4960	Md5Final(&md5, digest);
wolfSSL	0:1239e9b70ca2	4961
wolfSSL	0:1239e9b70ca2	4962	return MakeWordFromHash(digest);
wolfSSL	0:1239e9b70ca2	4963	}
wolfSSL	0:1239e9b70ca2	4964
wolfSSL	0:1239e9b70ca2	4965	#elif !defined(NO_SHA)
wolfSSL	0:1239e9b70ca2	4966
wolfSSL	0:1239e9b70ca2	4967	/* 0 on failure */
wolfSSL	0:1239e9b70ca2	4968	static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL	0:1239e9b70ca2	4969	{
wolfSSL	0:1239e9b70ca2	4970	byte digest[SHA_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	4971	Sha sha;
wolfSSL	0:1239e9b70ca2	4972	int ret = 0;
wolfSSL	0:1239e9b70ca2	4973
wolfSSL	0:1239e9b70ca2	4974	ret = InitSha(&sha);
wolfSSL	0:1239e9b70ca2	4975	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	4976	*error = ret;
wolfSSL	0:1239e9b70ca2	4977	return 0;
wolfSSL	0:1239e9b70ca2	4978	}
wolfSSL	0:1239e9b70ca2	4979	ShaUpdate(&sha, sessionID, len);
wolfSSL	0:1239e9b70ca2	4980	ShaFinal(&sha, digest);
wolfSSL	0:1239e9b70ca2	4981
wolfSSL	0:1239e9b70ca2	4982	return MakeWordFromHash(digest);
wolfSSL	0:1239e9b70ca2	4983	}
wolfSSL	0:1239e9b70ca2	4984
wolfSSL	0:1239e9b70ca2	4985	#elif !defined(NO_SHA256)
wolfSSL	0:1239e9b70ca2	4986
wolfSSL	0:1239e9b70ca2	4987	static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL	0:1239e9b70ca2	4988	{
wolfSSL	0:1239e9b70ca2	4989	byte digest[SHA256_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	4990	Sha256 sha256;
wolfSSL	0:1239e9b70ca2	4991	int ret;
wolfSSL	0:1239e9b70ca2	4992
wolfSSL	0:1239e9b70ca2	4993	ret = InitSha256(&sha256);
wolfSSL	0:1239e9b70ca2	4994	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	4995	*error = ret;
wolfSSL	0:1239e9b70ca2	4996	return 0;
wolfSSL	0:1239e9b70ca2	4997	}
wolfSSL	0:1239e9b70ca2	4998
wolfSSL	0:1239e9b70ca2	4999	ret = Sha256Update(&sha256, sessionID, len);
wolfSSL	0:1239e9b70ca2	5000	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	5001	*error = ret;
wolfSSL	0:1239e9b70ca2	5002	return 0;
wolfSSL	0:1239e9b70ca2	5003	}
wolfSSL	0:1239e9b70ca2	5004
wolfSSL	0:1239e9b70ca2	5005	ret = Sha256Final(&sha256, digest);
wolfSSL	0:1239e9b70ca2	5006	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	5007	*error = ret;
wolfSSL	0:1239e9b70ca2	5008	return 0;
wolfSSL	0:1239e9b70ca2	5009	}
wolfSSL	0:1239e9b70ca2	5010
wolfSSL	0:1239e9b70ca2	5011	return MakeWordFromHash(digest);
wolfSSL	0:1239e9b70ca2	5012	}
wolfSSL	0:1239e9b70ca2	5013
wolfSSL	0:1239e9b70ca2	5014	#else
wolfSSL	0:1239e9b70ca2	5015
wolfSSL	0:1239e9b70ca2	5016	#error "We need a digest to hash the session IDs"
wolfSSL	0:1239e9b70ca2	5017
wolfSSL	0:1239e9b70ca2	5018	#endif /* NO_MD5 */
wolfSSL	0:1239e9b70ca2	5019
wolfSSL	0:1239e9b70ca2	5020
wolfSSL	0:1239e9b70ca2	5021	void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm)
wolfSSL	0:1239e9b70ca2	5022	{
wolfSSL	0:1239e9b70ca2	5023	/* static table now, no flusing needed */
wolfSSL	0:1239e9b70ca2	5024	(void)ctx;
wolfSSL	0:1239e9b70ca2	5025	(void)tm;
wolfSSL	0:1239e9b70ca2	5026	}
wolfSSL	0:1239e9b70ca2	5027
wolfSSL	0:1239e9b70ca2	5028
wolfSSL	0:1239e9b70ca2	5029	/* set ssl session timeout in seconds */
wolfSSL	0:1239e9b70ca2	5030	int CyaSSL_set_timeout(CYASSL* ssl, unsigned int to)
wolfSSL	0:1239e9b70ca2	5031	{
wolfSSL	0:1239e9b70ca2	5032	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	5033	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	5034
wolfSSL	0:1239e9b70ca2	5035	ssl->timeout = to;
wolfSSL	0:1239e9b70ca2	5036
wolfSSL	0:1239e9b70ca2	5037	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5038	}
wolfSSL	0:1239e9b70ca2	5039
wolfSSL	0:1239e9b70ca2	5040
wolfSSL	0:1239e9b70ca2	5041	/* set ctx session timeout in seconds */
wolfSSL	0:1239e9b70ca2	5042	int CyaSSL_CTX_set_timeout(CYASSL_CTX* ctx, unsigned int to)
wolfSSL	0:1239e9b70ca2	5043	{
wolfSSL	0:1239e9b70ca2	5044	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	5045	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	5046
wolfSSL	0:1239e9b70ca2	5047	ctx->timeout = to;
wolfSSL	0:1239e9b70ca2	5048
wolfSSL	0:1239e9b70ca2	5049	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5050	}
wolfSSL	0:1239e9b70ca2	5051
wolfSSL	0:1239e9b70ca2	5052
wolfSSL	0:1239e9b70ca2	5053	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	5054
wolfSSL	0:1239e9b70ca2	5055	/* Get Session from Client cache based on id/len, return NULL on failure */
wolfSSL	0:1239e9b70ca2	5056	CYASSL_SESSION* GetSessionClient(CYASSL* ssl, const byte* id, int len)
wolfSSL	0:1239e9b70ca2	5057	{
wolfSSL	0:1239e9b70ca2	5058	CYASSL_SESSION* ret = NULL;
wolfSSL	0:1239e9b70ca2	5059	word32 row;
wolfSSL	0:1239e9b70ca2	5060	int idx;
wolfSSL	0:1239e9b70ca2	5061	int count;
wolfSSL	0:1239e9b70ca2	5062	int error = 0;
wolfSSL	0:1239e9b70ca2	5063
wolfSSL	0:1239e9b70ca2	5064	CYASSL_ENTER("GetSessionClient");
wolfSSL	0:1239e9b70ca2	5065
wolfSSL	0:1239e9b70ca2	5066	if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL	0:1239e9b70ca2	5067	return NULL;
wolfSSL	0:1239e9b70ca2	5068
wolfSSL	0:1239e9b70ca2	5069	len = min(SERVER_ID_LEN, (word32)len);
wolfSSL	0:1239e9b70ca2	5070	row = HashSession(id, len, &error) % SESSION_ROWS;
wolfSSL	0:1239e9b70ca2	5071	if (error != 0) {
wolfSSL	0:1239e9b70ca2	5072	CYASSL_MSG("Hash session failed");
wolfSSL	0:1239e9b70ca2	5073	return NULL;
wolfSSL	0:1239e9b70ca2	5074	}
wolfSSL	0:1239e9b70ca2	5075
wolfSSL	0:1239e9b70ca2	5076	if (LockMutex(&session_mutex) != 0) {
wolfSSL	0:1239e9b70ca2	5077	CYASSL_MSG("Lock session mutex failed");
wolfSSL	0:1239e9b70ca2	5078	return NULL;
wolfSSL	0:1239e9b70ca2	5079	}
wolfSSL	0:1239e9b70ca2	5080
wolfSSL	0:1239e9b70ca2	5081	/* start from most recently used */
wolfSSL	0:1239e9b70ca2	5082	count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL	0:1239e9b70ca2	5083	idx = ClientCache[row].nextIdx - 1;
wolfSSL	0:1239e9b70ca2	5084	if (idx < 0)
wolfSSL	0:1239e9b70ca2	5085	idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL	0:1239e9b70ca2	5086
wolfSSL	0:1239e9b70ca2	5087	for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL	0:1239e9b70ca2	5088	CYASSL_SESSION* current;
wolfSSL	0:1239e9b70ca2	5089	ClientSession clSess;
wolfSSL	0:1239e9b70ca2	5090
wolfSSL	0:1239e9b70ca2	5091	if (idx >= SESSIONS_PER_ROW \|\| idx < 0) { /* sanity check */
wolfSSL	0:1239e9b70ca2	5092	CYASSL_MSG("Bad idx");
wolfSSL	0:1239e9b70ca2	5093	break;
wolfSSL	0:1239e9b70ca2	5094	}
wolfSSL	0:1239e9b70ca2	5095
wolfSSL	0:1239e9b70ca2	5096	clSess = ClientCache[row].Clients[idx];
wolfSSL	0:1239e9b70ca2	5097
wolfSSL	0:1239e9b70ca2	5098	current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
wolfSSL	0:1239e9b70ca2	5099	if (XMEMCMP(current->serverID, id, len) == 0) {
wolfSSL	0:1239e9b70ca2	5100	CYASSL_MSG("Found a serverid match for client");
wolfSSL	0:1239e9b70ca2	5101	if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL	0:1239e9b70ca2	5102	CYASSL_MSG("Session valid");
wolfSSL	0:1239e9b70ca2	5103	ret = current;
wolfSSL	0:1239e9b70ca2	5104	break;
wolfSSL	0:1239e9b70ca2	5105	} else {
wolfSSL	0:1239e9b70ca2	5106	CYASSL_MSG("Session timed out"); /* could have more for id */
wolfSSL	0:1239e9b70ca2	5107	}
wolfSSL	0:1239e9b70ca2	5108	} else {
wolfSSL	0:1239e9b70ca2	5109	CYASSL_MSG("ServerID not a match from client table");
wolfSSL	0:1239e9b70ca2	5110	}
wolfSSL	0:1239e9b70ca2	5111	}
wolfSSL	0:1239e9b70ca2	5112
wolfSSL	0:1239e9b70ca2	5113	UnLockMutex(&session_mutex);
wolfSSL	0:1239e9b70ca2	5114
wolfSSL	0:1239e9b70ca2	5115	return ret;
wolfSSL	0:1239e9b70ca2	5116	}
wolfSSL	0:1239e9b70ca2	5117
wolfSSL	0:1239e9b70ca2	5118	#endif /* NO_CLIENT_CACHE */
wolfSSL	0:1239e9b70ca2	5119
wolfSSL	0:1239e9b70ca2	5120
wolfSSL	0:1239e9b70ca2	5121	CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
wolfSSL	0:1239e9b70ca2	5122	{
wolfSSL	0:1239e9b70ca2	5123	CYASSL_SESSION* ret = 0;
wolfSSL	0:1239e9b70ca2	5124	const byte* id = NULL;
wolfSSL	0:1239e9b70ca2	5125	word32 row;
wolfSSL	0:1239e9b70ca2	5126	int idx;
wolfSSL	0:1239e9b70ca2	5127	int count;
wolfSSL	0:1239e9b70ca2	5128	int error = 0;
wolfSSL	0:1239e9b70ca2	5129
wolfSSL	0:1239e9b70ca2	5130	if (ssl->options.sessionCacheOff)
wolfSSL	0:1239e9b70ca2	5131	return NULL;
wolfSSL	0:1239e9b70ca2	5132
wolfSSL	0:1239e9b70ca2	5133	if (ssl->options.haveSessionId == 0)
wolfSSL	0:1239e9b70ca2	5134	return NULL;
wolfSSL	0:1239e9b70ca2	5135
wolfSSL	0:1239e9b70ca2	5136	if (ssl->arrays)
wolfSSL	0:1239e9b70ca2	5137	id = ssl->arrays->sessionID;
wolfSSL	0:1239e9b70ca2	5138	else
wolfSSL	0:1239e9b70ca2	5139	id = ssl->session.sessionID;
wolfSSL	0:1239e9b70ca2	5140
wolfSSL	0:1239e9b70ca2	5141	row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
wolfSSL	0:1239e9b70ca2	5142	if (error != 0) {
wolfSSL	0:1239e9b70ca2	5143	CYASSL_MSG("Hash session failed");
wolfSSL	0:1239e9b70ca2	5144	return NULL;
wolfSSL	0:1239e9b70ca2	5145	}
wolfSSL	0:1239e9b70ca2	5146
wolfSSL	0:1239e9b70ca2	5147	if (LockMutex(&session_mutex) != 0)
wolfSSL	0:1239e9b70ca2	5148	return 0;
wolfSSL	0:1239e9b70ca2	5149
wolfSSL	0:1239e9b70ca2	5150	/* start from most recently used */
wolfSSL	0:1239e9b70ca2	5151	count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL	0:1239e9b70ca2	5152	idx = SessionCache[row].nextIdx - 1;
wolfSSL	0:1239e9b70ca2	5153	if (idx < 0)
wolfSSL	0:1239e9b70ca2	5154	idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL	0:1239e9b70ca2	5155
wolfSSL	0:1239e9b70ca2	5156	for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL	0:1239e9b70ca2	5157	CYASSL_SESSION* current;
wolfSSL	0:1239e9b70ca2	5158
wolfSSL	0:1239e9b70ca2	5159	if (idx >= SESSIONS_PER_ROW \|\| idx < 0) { /* sanity check */
wolfSSL	0:1239e9b70ca2	5160	CYASSL_MSG("Bad idx");
wolfSSL	0:1239e9b70ca2	5161	break;
wolfSSL	0:1239e9b70ca2	5162	}
wolfSSL	0:1239e9b70ca2	5163
wolfSSL	0:1239e9b70ca2	5164	current = &SessionCache[row].Sessions[idx];
wolfSSL	0:1239e9b70ca2	5165	if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
wolfSSL	0:1239e9b70ca2	5166	CYASSL_MSG("Found a session match");
wolfSSL	0:1239e9b70ca2	5167	if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL	0:1239e9b70ca2	5168	CYASSL_MSG("Session valid");
wolfSSL	0:1239e9b70ca2	5169	ret = current;
wolfSSL	0:1239e9b70ca2	5170	if (masterSecret)
wolfSSL	0:1239e9b70ca2	5171	XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	5172	} else {
wolfSSL	0:1239e9b70ca2	5173	CYASSL_MSG("Session timed out");
wolfSSL	0:1239e9b70ca2	5174	}
wolfSSL	0:1239e9b70ca2	5175	break; /* no more sessionIDs whether valid or not that match */
wolfSSL	0:1239e9b70ca2	5176	} else {
wolfSSL	0:1239e9b70ca2	5177	CYASSL_MSG("SessionID not a match at this idx");
wolfSSL	0:1239e9b70ca2	5178	}
wolfSSL	0:1239e9b70ca2	5179	}
wolfSSL	0:1239e9b70ca2	5180
wolfSSL	0:1239e9b70ca2	5181	UnLockMutex(&session_mutex);
wolfSSL	0:1239e9b70ca2	5182
wolfSSL	0:1239e9b70ca2	5183	return ret;
wolfSSL	0:1239e9b70ca2	5184	}
wolfSSL	0:1239e9b70ca2	5185
wolfSSL	0:1239e9b70ca2	5186
wolfSSL	0:1239e9b70ca2	5187	int SetSession(CYASSL* ssl, CYASSL_SESSION* session)
wolfSSL	0:1239e9b70ca2	5188	{
wolfSSL	0:1239e9b70ca2	5189	if (ssl->options.sessionCacheOff)
wolfSSL	0:1239e9b70ca2	5190	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	5191
wolfSSL	0:1239e9b70ca2	5192	if (LowResTimer() < (session->bornOn + session->timeout)) {
wolfSSL	0:1239e9b70ca2	5193	ssl->session = *session;
wolfSSL	0:1239e9b70ca2	5194	ssl->options.resuming = 1;
wolfSSL	0:1239e9b70ca2	5195
wolfSSL	0:1239e9b70ca2	5196	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	5197	ssl->version = session->version;
wolfSSL	0:1239e9b70ca2	5198	ssl->options.cipherSuite0 = session->cipherSuite0;
wolfSSL	0:1239e9b70ca2	5199	ssl->options.cipherSuite = session->cipherSuite;
wolfSSL	0:1239e9b70ca2	5200	#endif
wolfSSL	0:1239e9b70ca2	5201
wolfSSL	0:1239e9b70ca2	5202	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5203	}
wolfSSL	0:1239e9b70ca2	5204	return SSL_FAILURE; /* session timed out */
wolfSSL	0:1239e9b70ca2	5205	}
wolfSSL	0:1239e9b70ca2	5206
wolfSSL	0:1239e9b70ca2	5207
wolfSSL	0:1239e9b70ca2	5208	int AddSession(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5209	{
wolfSSL	0:1239e9b70ca2	5210	word32 row, idx;
wolfSSL	0:1239e9b70ca2	5211	int error = 0;
wolfSSL	0:1239e9b70ca2	5212
wolfSSL	0:1239e9b70ca2	5213	if (ssl->options.sessionCacheOff)
wolfSSL	0:1239e9b70ca2	5214	return 0;
wolfSSL	0:1239e9b70ca2	5215
wolfSSL	0:1239e9b70ca2	5216	if (ssl->options.haveSessionId == 0)
wolfSSL	0:1239e9b70ca2	5217	return 0;
wolfSSL	0:1239e9b70ca2	5218
wolfSSL	0:1239e9b70ca2	5219	row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % SESSION_ROWS;
wolfSSL	0:1239e9b70ca2	5220	if (error != 0) {
wolfSSL	0:1239e9b70ca2	5221	CYASSL_MSG("Hash session failed");
wolfSSL	0:1239e9b70ca2	5222	return error;
wolfSSL	0:1239e9b70ca2	5223	}
wolfSSL	0:1239e9b70ca2	5224
wolfSSL	0:1239e9b70ca2	5225	if (LockMutex(&session_mutex) != 0)
wolfSSL	0:1239e9b70ca2	5226	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	5227
wolfSSL	0:1239e9b70ca2	5228	idx = SessionCache[row].nextIdx++;
wolfSSL	0:1239e9b70ca2	5229	#ifdef SESSION_INDEX
wolfSSL	0:1239e9b70ca2	5230	ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) \| idx;
wolfSSL	0:1239e9b70ca2	5231	#endif
wolfSSL	0:1239e9b70ca2	5232
wolfSSL	0:1239e9b70ca2	5233	XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
wolfSSL	0:1239e9b70ca2	5234	ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL	0:1239e9b70ca2	5235	XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
wolfSSL	0:1239e9b70ca2	5236	ID_LEN);
wolfSSL	0:1239e9b70ca2	5237
wolfSSL	0:1239e9b70ca2	5238	SessionCache[row].Sessions[idx].timeout = ssl->timeout;
wolfSSL	0:1239e9b70ca2	5239	SessionCache[row].Sessions[idx].bornOn = LowResTimer();
wolfSSL	0:1239e9b70ca2	5240
wolfSSL	0:1239e9b70ca2	5241	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	5242	SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
wolfSSL	0:1239e9b70ca2	5243	XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
wolfSSL	0:1239e9b70ca2	5244	ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
wolfSSL	0:1239e9b70ca2	5245
wolfSSL	0:1239e9b70ca2	5246	SessionCache[row].Sessions[idx].version = ssl->version;
wolfSSL	0:1239e9b70ca2	5247	SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
wolfSSL	0:1239e9b70ca2	5248	SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
wolfSSL	0:1239e9b70ca2	5249	#endif /* SESSION_CERTS */
wolfSSL	0:1239e9b70ca2	5250
wolfSSL	0:1239e9b70ca2	5251	SessionCache[row].totalCount++;
wolfSSL	0:1239e9b70ca2	5252	if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
wolfSSL	0:1239e9b70ca2	5253	SessionCache[row].nextIdx = 0;
wolfSSL	0:1239e9b70ca2	5254
wolfSSL	0:1239e9b70ca2	5255	#ifndef NO_CLIENT_CACHE
wolfSSL	0:1239e9b70ca2	5256	if (ssl->options.side == CYASSL_CLIENT_END && ssl->session.idLen) {
wolfSSL	0:1239e9b70ca2	5257	word32 clientRow, clientIdx;
wolfSSL	0:1239e9b70ca2	5258
wolfSSL	0:1239e9b70ca2	5259	CYASSL_MSG("Adding client cache entry");
wolfSSL	0:1239e9b70ca2	5260
wolfSSL	0:1239e9b70ca2	5261	SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
wolfSSL	0:1239e9b70ca2	5262	XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID,
wolfSSL	0:1239e9b70ca2	5263	ssl->session.idLen);
wolfSSL	0:1239e9b70ca2	5264
wolfSSL	0:1239e9b70ca2	5265	clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
wolfSSL	0:1239e9b70ca2	5266	&error) % SESSION_ROWS;
wolfSSL	0:1239e9b70ca2	5267	if (error != 0) {
wolfSSL	0:1239e9b70ca2	5268	CYASSL_MSG("Hash session failed");
wolfSSL	0:1239e9b70ca2	5269	return error;
wolfSSL	0:1239e9b70ca2	5270	}
wolfSSL	0:1239e9b70ca2	5271	clientIdx = ClientCache[clientRow].nextIdx++;
wolfSSL	0:1239e9b70ca2	5272
wolfSSL	0:1239e9b70ca2	5273	ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row;
wolfSSL	0:1239e9b70ca2	5274	ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx;
wolfSSL	0:1239e9b70ca2	5275
wolfSSL	0:1239e9b70ca2	5276	ClientCache[clientRow].totalCount++;
wolfSSL	0:1239e9b70ca2	5277	if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
wolfSSL	0:1239e9b70ca2	5278	ClientCache[clientRow].nextIdx = 0;
wolfSSL	0:1239e9b70ca2	5279	}
wolfSSL	0:1239e9b70ca2	5280	else
wolfSSL	0:1239e9b70ca2	5281	SessionCache[row].Sessions[idx].idLen = 0;
wolfSSL	0:1239e9b70ca2	5282	#endif /* NO_CLIENT_CACHE */
wolfSSL	0:1239e9b70ca2	5283
wolfSSL	0:1239e9b70ca2	5284	if (UnLockMutex(&session_mutex) != 0)
wolfSSL	0:1239e9b70ca2	5285	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	5286
wolfSSL	0:1239e9b70ca2	5287	return 0;
wolfSSL	0:1239e9b70ca2	5288	}
wolfSSL	0:1239e9b70ca2	5289
wolfSSL	0:1239e9b70ca2	5290
wolfSSL	0:1239e9b70ca2	5291	#ifdef SESSION_INDEX
wolfSSL	0:1239e9b70ca2	5292
wolfSSL	0:1239e9b70ca2	5293	int CyaSSL_GetSessionIndex(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5294	{
wolfSSL	0:1239e9b70ca2	5295	CYASSL_ENTER("CyaSSL_GetSessionIndex");
wolfSSL	0:1239e9b70ca2	5296	CYASSL_LEAVE("CyaSSL_GetSessionIndex", ssl->sessionIndex);
wolfSSL	0:1239e9b70ca2	5297	return ssl->sessionIndex;
wolfSSL	0:1239e9b70ca2	5298	}
wolfSSL	0:1239e9b70ca2	5299
wolfSSL	0:1239e9b70ca2	5300
wolfSSL	0:1239e9b70ca2	5301	int CyaSSL_GetSessionAtIndex(int idx, CYASSL_SESSION* session)
wolfSSL	0:1239e9b70ca2	5302	{
wolfSSL	0:1239e9b70ca2	5303	int row, col, result = SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	5304
wolfSSL	0:1239e9b70ca2	5305	CYASSL_ENTER("CyaSSL_GetSessionAtIndex");
wolfSSL	0:1239e9b70ca2	5306
wolfSSL	0:1239e9b70ca2	5307	row = idx >> SESSIDX_ROW_SHIFT;
wolfSSL	0:1239e9b70ca2	5308	col = idx & SESSIDX_IDX_MASK;
wolfSSL	0:1239e9b70ca2	5309
wolfSSL	0:1239e9b70ca2	5310	if (LockMutex(&session_mutex) != 0) {
wolfSSL	0:1239e9b70ca2	5311	return BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	5312	}
wolfSSL	0:1239e9b70ca2	5313
wolfSSL	0:1239e9b70ca2	5314	if (row < SESSION_ROWS &&
wolfSSL	0:1239e9b70ca2	5315	col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
wolfSSL	0:1239e9b70ca2	5316	XMEMCPY(session,
wolfSSL	0:1239e9b70ca2	5317	&SessionCache[row].Sessions[col], sizeof(CYASSL_SESSION));
wolfSSL	0:1239e9b70ca2	5318	result = SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5319	}
wolfSSL	0:1239e9b70ca2	5320
wolfSSL	0:1239e9b70ca2	5321	if (UnLockMutex(&session_mutex) != 0)
wolfSSL	0:1239e9b70ca2	5322	result = BAD_MUTEX_E;
wolfSSL	0:1239e9b70ca2	5323
wolfSSL	0:1239e9b70ca2	5324	CYASSL_LEAVE("CyaSSL_GetSessionAtIndex", result);
wolfSSL	0:1239e9b70ca2	5325	return result;
wolfSSL	0:1239e9b70ca2	5326	}
wolfSSL	0:1239e9b70ca2	5327
wolfSSL	0:1239e9b70ca2	5328	#endif /* SESSION_INDEX */
wolfSSL	0:1239e9b70ca2	5329
wolfSSL	0:1239e9b70ca2	5330	#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
wolfSSL	0:1239e9b70ca2	5331
wolfSSL	0:1239e9b70ca2	5332	CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session)
wolfSSL	0:1239e9b70ca2	5333	{
wolfSSL	0:1239e9b70ca2	5334	CYASSL_X509_CHAIN* chain = NULL;
wolfSSL	0:1239e9b70ca2	5335
wolfSSL	0:1239e9b70ca2	5336	CYASSL_ENTER("CyaSSL_SESSION_get_peer_chain");
wolfSSL	0:1239e9b70ca2	5337	if (session)
wolfSSL	0:1239e9b70ca2	5338	chain = &session->chain;
wolfSSL	0:1239e9b70ca2	5339
wolfSSL	0:1239e9b70ca2	5340	CYASSL_LEAVE("CyaSSL_SESSION_get_peer_chain", chain ? 1 : 0);
wolfSSL	0:1239e9b70ca2	5341	return chain;
wolfSSL	0:1239e9b70ca2	5342	}
wolfSSL	0:1239e9b70ca2	5343
wolfSSL	0:1239e9b70ca2	5344	#endif /* SESSION_INDEX && SESSION_CERTS */
wolfSSL	0:1239e9b70ca2	5345
wolfSSL	0:1239e9b70ca2	5346
wolfSSL	0:1239e9b70ca2	5347	#ifdef SESSION_STATS
wolfSSL	0:1239e9b70ca2	5348
wolfSSL	0:1239e9b70ca2	5349	CYASSL_API
wolfSSL	0:1239e9b70ca2	5350	void PrintSessionStats(void)
wolfSSL	0:1239e9b70ca2	5351	{
wolfSSL	0:1239e9b70ca2	5352	word32 totalSessionsSeen = 0;
wolfSSL	0:1239e9b70ca2	5353	word32 totalSessionsNow = 0;
wolfSSL	0:1239e9b70ca2	5354	word32 rowNow;
wolfSSL	0:1239e9b70ca2	5355	int i;
wolfSSL	0:1239e9b70ca2	5356	double E; /* expected freq */
wolfSSL	0:1239e9b70ca2	5357	double chiSquare = 0;
wolfSSL	0:1239e9b70ca2	5358
wolfSSL	0:1239e9b70ca2	5359	for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL	0:1239e9b70ca2	5360	totalSessionsSeen += SessionCache[i].totalCount;
wolfSSL	0:1239e9b70ca2	5361
wolfSSL	0:1239e9b70ca2	5362	if (SessionCache[i].totalCount >= SESSIONS_PER_ROW)
wolfSSL	0:1239e9b70ca2	5363	rowNow = SESSIONS_PER_ROW;
wolfSSL	0:1239e9b70ca2	5364	else if (SessionCache[i].nextIdx == 0)
wolfSSL	0:1239e9b70ca2	5365	rowNow = 0;
wolfSSL	0:1239e9b70ca2	5366	else
wolfSSL	0:1239e9b70ca2	5367	rowNow = SessionCache[i].nextIdx;
wolfSSL	0:1239e9b70ca2	5368
wolfSSL	0:1239e9b70ca2	5369	totalSessionsNow += rowNow;
wolfSSL	0:1239e9b70ca2	5370	}
wolfSSL	0:1239e9b70ca2	5371
wolfSSL	0:1239e9b70ca2	5372	printf("Total Sessions Seen = %d\n", totalSessionsSeen);
wolfSSL	0:1239e9b70ca2	5373	printf("Total Sessions Now = %d\n", totalSessionsNow);
wolfSSL	0:1239e9b70ca2	5374
wolfSSL	0:1239e9b70ca2	5375	E = (double)totalSessionsSeen / SESSION_ROWS;
wolfSSL	0:1239e9b70ca2	5376
wolfSSL	0:1239e9b70ca2	5377	for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL	0:1239e9b70ca2	5378	double diff = SessionCache[i].totalCount - E;
wolfSSL	0:1239e9b70ca2	5379	diff = diff; / square */
wolfSSL	0:1239e9b70ca2	5380	diff /= E; /* normalize */
wolfSSL	0:1239e9b70ca2	5381
wolfSSL	0:1239e9b70ca2	5382	chiSquare += diff;
wolfSSL	0:1239e9b70ca2	5383	}
wolfSSL	0:1239e9b70ca2	5384	printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
wolfSSL	0:1239e9b70ca2	5385	SESSION_ROWS - 1);
wolfSSL	0:1239e9b70ca2	5386	if (SESSION_ROWS == 11)
wolfSSL	0:1239e9b70ca2	5387	printf(" .05 p value = 18.3, chi-square should be less\n");
wolfSSL	0:1239e9b70ca2	5388	else if (SESSION_ROWS == 211)
wolfSSL	0:1239e9b70ca2	5389	printf(".05 p value = 244.8, chi-square should be less\n");
wolfSSL	0:1239e9b70ca2	5390	else if (SESSION_ROWS == 5981)
wolfSSL	0:1239e9b70ca2	5391	printf(".05 p value = 6161.0, chi-square should be less\n");
wolfSSL	0:1239e9b70ca2	5392	else if (SESSION_ROWS == 3)
wolfSSL	0:1239e9b70ca2	5393	printf(".05 p value = 6.0, chi-square should be less\n");
wolfSSL	0:1239e9b70ca2	5394	else if (SESSION_ROWS == 2861)
wolfSSL	0:1239e9b70ca2	5395	printf(".05 p value = 2985.5, chi-square should be less\n");
wolfSSL	0:1239e9b70ca2	5396	printf("\n");
wolfSSL	0:1239e9b70ca2	5397	}
wolfSSL	0:1239e9b70ca2	5398
wolfSSL	0:1239e9b70ca2	5399	#endif /* SESSION_STATS */
wolfSSL	0:1239e9b70ca2	5400
wolfSSL	0:1239e9b70ca2	5401	#else /* NO_SESSION_CACHE */
wolfSSL	0:1239e9b70ca2	5402
wolfSSL	0:1239e9b70ca2	5403	/* No session cache version */
wolfSSL	0:1239e9b70ca2	5404	CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
wolfSSL	0:1239e9b70ca2	5405	{
wolfSSL	0:1239e9b70ca2	5406	(void)ssl;
wolfSSL	0:1239e9b70ca2	5407	(void)masterSecret;
wolfSSL	0:1239e9b70ca2	5408
wolfSSL	0:1239e9b70ca2	5409	return NULL;
wolfSSL	0:1239e9b70ca2	5410	}
wolfSSL	0:1239e9b70ca2	5411
wolfSSL	0:1239e9b70ca2	5412	#endif /* NO_SESSION_CACHE */
wolfSSL	0:1239e9b70ca2	5413
wolfSSL	0:1239e9b70ca2	5414
wolfSSL	0:1239e9b70ca2	5415	/* call before SSL_connect, if verifying will add name check to
wolfSSL	0:1239e9b70ca2	5416	date check and signature check */
wolfSSL	0:1239e9b70ca2	5417	int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn)
wolfSSL	0:1239e9b70ca2	5418	{
wolfSSL	0:1239e9b70ca2	5419	CYASSL_ENTER("CyaSSL_check_domain_name");
wolfSSL	0:1239e9b70ca2	5420	if (ssl->buffers.domainName.buffer)
wolfSSL	0:1239e9b70ca2	5421	XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL	0:1239e9b70ca2	5422
wolfSSL	0:1239e9b70ca2	5423	ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;
wolfSSL	0:1239e9b70ca2	5424	ssl->buffers.domainName.buffer = (byte*) XMALLOC(
wolfSSL	0:1239e9b70ca2	5425	ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL	0:1239e9b70ca2	5426
wolfSSL	0:1239e9b70ca2	5427	if (ssl->buffers.domainName.buffer) {
wolfSSL	0:1239e9b70ca2	5428	XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn,
wolfSSL	0:1239e9b70ca2	5429	ssl->buffers.domainName.length);
wolfSSL	0:1239e9b70ca2	5430	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5431	}
wolfSSL	0:1239e9b70ca2	5432	else {
wolfSSL	0:1239e9b70ca2	5433	ssl->error = MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	5434	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	5435	}
wolfSSL	0:1239e9b70ca2	5436	}
wolfSSL	0:1239e9b70ca2	5437
wolfSSL	0:1239e9b70ca2	5438
wolfSSL	0:1239e9b70ca2	5439	/* turn on CyaSSL zlib compression
wolfSSL	0:1239e9b70ca2	5440	returns SSL_SUCCESS for success, else error (not built in)
wolfSSL	0:1239e9b70ca2	5441	*/
wolfSSL	0:1239e9b70ca2	5442	int CyaSSL_set_compression(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5443	{
wolfSSL	0:1239e9b70ca2	5444	CYASSL_ENTER("CyaSSL_set_compression");
wolfSSL	0:1239e9b70ca2	5445	(void)ssl;
wolfSSL	0:1239e9b70ca2	5446	#ifdef HAVE_LIBZ
wolfSSL	0:1239e9b70ca2	5447	ssl->options.usingCompression = 1;
wolfSSL	0:1239e9b70ca2	5448	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5449	#else
wolfSSL	0:1239e9b70ca2	5450	return NOT_COMPILED_IN;
wolfSSL	0:1239e9b70ca2	5451	#endif
wolfSSL	0:1239e9b70ca2	5452	}
wolfSSL	0:1239e9b70ca2	5453
wolfSSL	0:1239e9b70ca2	5454
wolfSSL	0:1239e9b70ca2	5455	#ifndef USE_WINDOWS_API
wolfSSL	0:1239e9b70ca2	5456	#ifndef NO_WRITEV
wolfSSL	0:1239e9b70ca2	5457
wolfSSL	0:1239e9b70ca2	5458	/* simulate writev semantics, doesn't actually do block at a time though
wolfSSL	0:1239e9b70ca2	5459	because of SSL_write behavior and because front adds may be small */
wolfSSL	0:1239e9b70ca2	5460	int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, int iovcnt)
wolfSSL	0:1239e9b70ca2	5461	{
wolfSSL	0:1239e9b70ca2	5462	byte tmp[FILE_BUFFER_SIZE];
wolfSSL	0:1239e9b70ca2	5463	byte* myBuffer = tmp;
wolfSSL	0:1239e9b70ca2	5464	int sending = 0;
wolfSSL	0:1239e9b70ca2	5465	int newBuffer = 0;
wolfSSL	0:1239e9b70ca2	5466	int idx = 0;
wolfSSL	0:1239e9b70ca2	5467	int i;
wolfSSL	0:1239e9b70ca2	5468	int ret;
wolfSSL	0:1239e9b70ca2	5469
wolfSSL	0:1239e9b70ca2	5470	CYASSL_ENTER("CyaSSL_writev");
wolfSSL	0:1239e9b70ca2	5471
wolfSSL	0:1239e9b70ca2	5472	for (i = 0; i < iovcnt; i++)
wolfSSL	0:1239e9b70ca2	5473	sending += (int)iov[i].iov_len;
wolfSSL	0:1239e9b70ca2	5474
wolfSSL	0:1239e9b70ca2	5475	if (sending > (int)sizeof(tmp)) {
wolfSSL	0:1239e9b70ca2	5476	byte* tmp2 = (byte*) XMALLOC(sending, ssl->heap,
wolfSSL	0:1239e9b70ca2	5477	DYNAMIC_TYPE_WRITEV);
wolfSSL	0:1239e9b70ca2	5478	if (!tmp2)
wolfSSL	0:1239e9b70ca2	5479	return MEMORY_ERROR;
wolfSSL	0:1239e9b70ca2	5480	myBuffer = tmp2;
wolfSSL	0:1239e9b70ca2	5481	newBuffer = 1;
wolfSSL	0:1239e9b70ca2	5482	}
wolfSSL	0:1239e9b70ca2	5483
wolfSSL	0:1239e9b70ca2	5484	for (i = 0; i < iovcnt; i++) {
wolfSSL	0:1239e9b70ca2	5485	XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
wolfSSL	0:1239e9b70ca2	5486	idx += (int)iov[i].iov_len;
wolfSSL	0:1239e9b70ca2	5487	}
wolfSSL	0:1239e9b70ca2	5488
wolfSSL	0:1239e9b70ca2	5489	ret = CyaSSL_write(ssl, myBuffer, sending);
wolfSSL	0:1239e9b70ca2	5490
wolfSSL	0:1239e9b70ca2	5491	if (newBuffer) XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
wolfSSL	0:1239e9b70ca2	5492
wolfSSL	0:1239e9b70ca2	5493	return ret;
wolfSSL	0:1239e9b70ca2	5494	}
wolfSSL	0:1239e9b70ca2	5495	#endif
wolfSSL	0:1239e9b70ca2	5496	#endif
wolfSSL	0:1239e9b70ca2	5497
wolfSSL	0:1239e9b70ca2	5498
wolfSSL	0:1239e9b70ca2	5499	#ifdef CYASSL_CALLBACKS
wolfSSL	0:1239e9b70ca2	5500
wolfSSL	0:1239e9b70ca2	5501	typedef struct itimerval Itimerval;
wolfSSL	0:1239e9b70ca2	5502
wolfSSL	0:1239e9b70ca2	5503	/* don't keep calling simple functions while setting up timer and singals
wolfSSL	0:1239e9b70ca2	5504	if no inlining these are the next best */
wolfSSL	0:1239e9b70ca2	5505
wolfSSL	0:1239e9b70ca2	5506	#define AddTimes(a, b, c) \
wolfSSL	0:1239e9b70ca2	5507	do { \
wolfSSL	0:1239e9b70ca2	5508	c.tv_sec = a.tv_sec + b.tv_sec; \
wolfSSL	0:1239e9b70ca2	5509	c.tv_usec = a.tv_usec + b.tv_usec; \
wolfSSL	0:1239e9b70ca2	5510	if (c.tv_usec >= 1000000) { \
wolfSSL	0:1239e9b70ca2	5511	c.tv_sec++; \
wolfSSL	0:1239e9b70ca2	5512	c.tv_usec -= 1000000; \
wolfSSL	0:1239e9b70ca2	5513	} \
wolfSSL	0:1239e9b70ca2	5514	} while (0)
wolfSSL	0:1239e9b70ca2	5515
wolfSSL	0:1239e9b70ca2	5516
wolfSSL	0:1239e9b70ca2	5517	#define SubtractTimes(a, b, c) \
wolfSSL	0:1239e9b70ca2	5518	do { \
wolfSSL	0:1239e9b70ca2	5519	c.tv_sec = a.tv_sec - b.tv_sec; \
wolfSSL	0:1239e9b70ca2	5520	c.tv_usec = a.tv_usec - b.tv_usec; \
wolfSSL	0:1239e9b70ca2	5521	if (c.tv_usec < 0) { \
wolfSSL	0:1239e9b70ca2	5522	c.tv_sec--; \
wolfSSL	0:1239e9b70ca2	5523	c.tv_usec += 1000000; \
wolfSSL	0:1239e9b70ca2	5524	} \
wolfSSL	0:1239e9b70ca2	5525	} while (0)
wolfSSL	0:1239e9b70ca2	5526
wolfSSL	0:1239e9b70ca2	5527	#define CmpTimes(a, b, cmp) \
wolfSSL	0:1239e9b70ca2	5528	((a.tv_sec == b.tv_sec) ? \
wolfSSL	0:1239e9b70ca2	5529	(a.tv_usec cmp b.tv_usec) : \
wolfSSL	0:1239e9b70ca2	5530	(a.tv_sec cmp b.tv_sec)) \
wolfSSL	0:1239e9b70ca2	5531
wolfSSL	0:1239e9b70ca2	5532
wolfSSL	0:1239e9b70ca2	5533	/* do nothing handler */
wolfSSL	0:1239e9b70ca2	5534	static void myHandler(int signo)
wolfSSL	0:1239e9b70ca2	5535	{
wolfSSL	0:1239e9b70ca2	5536	(void)signo;
wolfSSL	0:1239e9b70ca2	5537	return;
wolfSSL	0:1239e9b70ca2	5538	}
wolfSSL	0:1239e9b70ca2	5539
wolfSSL	0:1239e9b70ca2	5540
wolfSSL	0:1239e9b70ca2	5541	static int CyaSSL_ex_wrapper(CYASSL* ssl, HandShakeCallBack hsCb,
wolfSSL	0:1239e9b70ca2	5542	TimeoutCallBack toCb, Timeval timeout)
wolfSSL	0:1239e9b70ca2	5543	{
wolfSSL	0:1239e9b70ca2	5544	int ret = SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	5545	int oldTimerOn = 0; /* was timer already on */
wolfSSL	0:1239e9b70ca2	5546	Timeval startTime;
wolfSSL	0:1239e9b70ca2	5547	Timeval endTime;
wolfSSL	0:1239e9b70ca2	5548	Timeval totalTime;
wolfSSL	0:1239e9b70ca2	5549	Itimerval myTimeout;
wolfSSL	0:1239e9b70ca2	5550	Itimerval oldTimeout; /* if old timer adjust from total time to reset */
wolfSSL	0:1239e9b70ca2	5551	struct sigaction act, oact;
wolfSSL	0:1239e9b70ca2	5552
wolfSSL	0:1239e9b70ca2	5553	#define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
wolfSSL	0:1239e9b70ca2	5554
wolfSSL	0:1239e9b70ca2	5555	if (hsCb) {
wolfSSL	0:1239e9b70ca2	5556	ssl->hsInfoOn = 1;
wolfSSL	0:1239e9b70ca2	5557	InitHandShakeInfo(&ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	5558	}
wolfSSL	0:1239e9b70ca2	5559	if (toCb) {
wolfSSL	0:1239e9b70ca2	5560	ssl->toInfoOn = 1;
wolfSSL	0:1239e9b70ca2	5561	InitTimeoutInfo(&ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	5562
wolfSSL	0:1239e9b70ca2	5563	if (gettimeofday(&startTime, 0) < 0)
wolfSSL	0:1239e9b70ca2	5564	ERR_OUT(GETTIME_ERROR);
wolfSSL	0:1239e9b70ca2	5565
wolfSSL	0:1239e9b70ca2	5566	/* use setitimer to simulate getitimer, init 0 myTimeout */
wolfSSL	0:1239e9b70ca2	5567	myTimeout.it_interval.tv_sec = 0;
wolfSSL	0:1239e9b70ca2	5568	myTimeout.it_interval.tv_usec = 0;
wolfSSL	0:1239e9b70ca2	5569	myTimeout.it_value.tv_sec = 0;
wolfSSL	0:1239e9b70ca2	5570	myTimeout.it_value.tv_usec = 0;
wolfSSL	0:1239e9b70ca2	5571	if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
wolfSSL	0:1239e9b70ca2	5572	ERR_OUT(SETITIMER_ERROR);
wolfSSL	0:1239e9b70ca2	5573
wolfSSL	0:1239e9b70ca2	5574	if (oldTimeout.it_value.tv_sec \|\| oldTimeout.it_value.tv_usec) {
wolfSSL	0:1239e9b70ca2	5575	oldTimerOn = 1;
wolfSSL	0:1239e9b70ca2	5576
wolfSSL	0:1239e9b70ca2	5577	/* is old timer going to expire before ours */
wolfSSL	0:1239e9b70ca2	5578	if (CmpTimes(oldTimeout.it_value, timeout, <)) {
wolfSSL	0:1239e9b70ca2	5579	timeout.tv_sec = oldTimeout.it_value.tv_sec;
wolfSSL	0:1239e9b70ca2	5580	timeout.tv_usec = oldTimeout.it_value.tv_usec;
wolfSSL	0:1239e9b70ca2	5581	}
wolfSSL	0:1239e9b70ca2	5582	}
wolfSSL	0:1239e9b70ca2	5583	myTimeout.it_value.tv_sec = timeout.tv_sec;
wolfSSL	0:1239e9b70ca2	5584	myTimeout.it_value.tv_usec = timeout.tv_usec;
wolfSSL	0:1239e9b70ca2	5585
wolfSSL	0:1239e9b70ca2	5586	/* set up signal handler, don't restart socket send/recv */
wolfSSL	0:1239e9b70ca2	5587	act.sa_handler = myHandler;
wolfSSL	0:1239e9b70ca2	5588	sigemptyset(&act.sa_mask);
wolfSSL	0:1239e9b70ca2	5589	act.sa_flags = 0;
wolfSSL	0:1239e9b70ca2	5590	#ifdef SA_INTERRUPT
wolfSSL	0:1239e9b70ca2	5591	act.sa_flags \|= SA_INTERRUPT;
wolfSSL	0:1239e9b70ca2	5592	#endif
wolfSSL	0:1239e9b70ca2	5593	if (sigaction(SIGALRM, &act, &oact) < 0)
wolfSSL	0:1239e9b70ca2	5594	ERR_OUT(SIGACT_ERROR);
wolfSSL	0:1239e9b70ca2	5595
wolfSSL	0:1239e9b70ca2	5596	if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
wolfSSL	0:1239e9b70ca2	5597	ERR_OUT(SETITIMER_ERROR);
wolfSSL	0:1239e9b70ca2	5598	}
wolfSSL	0:1239e9b70ca2	5599
wolfSSL	0:1239e9b70ca2	5600	/* do main work */
wolfSSL	0:1239e9b70ca2	5601	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	5602	if (ssl->options.side == CYASSL_CLIENT_END)
wolfSSL	0:1239e9b70ca2	5603	ret = CyaSSL_connect(ssl);
wolfSSL	0:1239e9b70ca2	5604	#endif
wolfSSL	0:1239e9b70ca2	5605	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	5606	if (ssl->options.side == CYASSL_SERVER_END)
wolfSSL	0:1239e9b70ca2	5607	ret = CyaSSL_accept(ssl);
wolfSSL	0:1239e9b70ca2	5608	#endif
wolfSSL	0:1239e9b70ca2	5609
wolfSSL	0:1239e9b70ca2	5610	/* do callbacks */
wolfSSL	0:1239e9b70ca2	5611	if (toCb) {
wolfSSL	0:1239e9b70ca2	5612	if (oldTimerOn) {
wolfSSL	0:1239e9b70ca2	5613	gettimeofday(&endTime, 0);
wolfSSL	0:1239e9b70ca2	5614	SubtractTimes(endTime, startTime, totalTime);
wolfSSL	0:1239e9b70ca2	5615	/* adjust old timer for elapsed time */
wolfSSL	0:1239e9b70ca2	5616	if (CmpTimes(totalTime, oldTimeout.it_value, <))
wolfSSL	0:1239e9b70ca2	5617	SubtractTimes(oldTimeout.it_value, totalTime,
wolfSSL	0:1239e9b70ca2	5618	oldTimeout.it_value);
wolfSSL	0:1239e9b70ca2	5619	else {
wolfSSL	0:1239e9b70ca2	5620	/* reset value to interval, may be off */
wolfSSL	0:1239e9b70ca2	5621	oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
wolfSSL	0:1239e9b70ca2	5622	oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
wolfSSL	0:1239e9b70ca2	5623	}
wolfSSL	0:1239e9b70ca2	5624	/* keep iter the same whether there or not */
wolfSSL	0:1239e9b70ca2	5625	}
wolfSSL	0:1239e9b70ca2	5626	/* restore old handler */
wolfSSL	0:1239e9b70ca2	5627	if (sigaction(SIGALRM, &oact, 0) < 0)
wolfSSL	0:1239e9b70ca2	5628	ret = SIGACT_ERROR; /* more pressing error, stomp */
wolfSSL	0:1239e9b70ca2	5629	else
wolfSSL	0:1239e9b70ca2	5630	/* use old settings which may turn off (expired or not there) */
wolfSSL	0:1239e9b70ca2	5631	if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
wolfSSL	0:1239e9b70ca2	5632	ret = SETITIMER_ERROR;
wolfSSL	0:1239e9b70ca2	5633
wolfSSL	0:1239e9b70ca2	5634	/* if we had a timeout call callback */
wolfSSL	0:1239e9b70ca2	5635	if (ssl->timeoutInfo.timeoutName[0]) {
wolfSSL	0:1239e9b70ca2	5636	ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
wolfSSL	0:1239e9b70ca2	5637	ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
wolfSSL	0:1239e9b70ca2	5638	(toCb)(&ssl->timeoutInfo);
wolfSSL	0:1239e9b70ca2	5639	}
wolfSSL	0:1239e9b70ca2	5640	/* clean up */
wolfSSL	0:1239e9b70ca2	5641	FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
wolfSSL	0:1239e9b70ca2	5642	ssl->toInfoOn = 0;
wolfSSL	0:1239e9b70ca2	5643	}
wolfSSL	0:1239e9b70ca2	5644	if (hsCb) {
wolfSSL	0:1239e9b70ca2	5645	FinishHandShakeInfo(&ssl->handShakeInfo, ssl);
wolfSSL	0:1239e9b70ca2	5646	(hsCb)(&ssl->handShakeInfo);
wolfSSL	0:1239e9b70ca2	5647	ssl->hsInfoOn = 0;
wolfSSL	0:1239e9b70ca2	5648	}
wolfSSL	0:1239e9b70ca2	5649	return ret;
wolfSSL	0:1239e9b70ca2	5650	}
wolfSSL	0:1239e9b70ca2	5651
wolfSSL	0:1239e9b70ca2	5652
wolfSSL	0:1239e9b70ca2	5653	#ifndef NO_CYASSL_CLIENT
wolfSSL	0:1239e9b70ca2	5654
wolfSSL	0:1239e9b70ca2	5655	int CyaSSL_connect_ex(CYASSL* ssl, HandShakeCallBack hsCb,
wolfSSL	0:1239e9b70ca2	5656	TimeoutCallBack toCb, Timeval timeout)
wolfSSL	0:1239e9b70ca2	5657	{
wolfSSL	0:1239e9b70ca2	5658	CYASSL_ENTER("CyaSSL_connect_ex");
wolfSSL	0:1239e9b70ca2	5659	return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL	0:1239e9b70ca2	5660	}
wolfSSL	0:1239e9b70ca2	5661
wolfSSL	0:1239e9b70ca2	5662	#endif
wolfSSL	0:1239e9b70ca2	5663
wolfSSL	0:1239e9b70ca2	5664
wolfSSL	0:1239e9b70ca2	5665	#ifndef NO_CYASSL_SERVER
wolfSSL	0:1239e9b70ca2	5666
wolfSSL	0:1239e9b70ca2	5667	int CyaSSL_accept_ex(CYASSL* ssl, HandShakeCallBack hsCb,
wolfSSL	0:1239e9b70ca2	5668	TimeoutCallBack toCb,Timeval timeout)
wolfSSL	0:1239e9b70ca2	5669	{
wolfSSL	0:1239e9b70ca2	5670	CYASSL_ENTER("CyaSSL_accept_ex");
wolfSSL	0:1239e9b70ca2	5671	return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL	0:1239e9b70ca2	5672	}
wolfSSL	0:1239e9b70ca2	5673
wolfSSL	0:1239e9b70ca2	5674	#endif
wolfSSL	0:1239e9b70ca2	5675
wolfSSL	0:1239e9b70ca2	5676	#endif /* CYASSL_CALLBACKS */
wolfSSL	0:1239e9b70ca2	5677
wolfSSL	0:1239e9b70ca2	5678
wolfSSL	0:1239e9b70ca2	5679	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	5680
wolfSSL	0:1239e9b70ca2	5681	void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	5682	psk_client_callback cb)
wolfSSL	0:1239e9b70ca2	5683	{
wolfSSL	0:1239e9b70ca2	5684	CYASSL_ENTER("SSL_CTX_set_psk_client_callback");
wolfSSL	0:1239e9b70ca2	5685	ctx->havePSK = 1;
wolfSSL	0:1239e9b70ca2	5686	ctx->client_psk_cb = cb;
wolfSSL	0:1239e9b70ca2	5687	}
wolfSSL	0:1239e9b70ca2	5688
wolfSSL	0:1239e9b70ca2	5689
wolfSSL	0:1239e9b70ca2	5690	void CyaSSL_set_psk_client_callback(CYASSL* ssl, psk_client_callback cb)
wolfSSL	0:1239e9b70ca2	5691	{
wolfSSL	0:1239e9b70ca2	5692	byte haveRSA = 1;
wolfSSL	0:1239e9b70ca2	5693
wolfSSL	0:1239e9b70ca2	5694	CYASSL_ENTER("SSL_set_psk_client_callback");
wolfSSL	0:1239e9b70ca2	5695	ssl->options.havePSK = 1;
wolfSSL	0:1239e9b70ca2	5696	ssl->options.client_psk_cb = cb;
wolfSSL	0:1239e9b70ca2	5697
wolfSSL	0:1239e9b70ca2	5698	#ifdef NO_RSA
wolfSSL	0:1239e9b70ca2	5699	haveRSA = 0;
wolfSSL	0:1239e9b70ca2	5700	#endif
wolfSSL	0:1239e9b70ca2	5701	InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL	0:1239e9b70ca2	5702	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	0:1239e9b70ca2	5703	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL	0:1239e9b70ca2	5704	ssl->options.side);
wolfSSL	0:1239e9b70ca2	5705	}
wolfSSL	0:1239e9b70ca2	5706
wolfSSL	0:1239e9b70ca2	5707
wolfSSL	0:1239e9b70ca2	5708	void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	5709	psk_server_callback cb)
wolfSSL	0:1239e9b70ca2	5710	{
wolfSSL	0:1239e9b70ca2	5711	CYASSL_ENTER("SSL_CTX_set_psk_server_callback");
wolfSSL	0:1239e9b70ca2	5712	ctx->havePSK = 1;
wolfSSL	0:1239e9b70ca2	5713	ctx->server_psk_cb = cb;
wolfSSL	0:1239e9b70ca2	5714	}
wolfSSL	0:1239e9b70ca2	5715
wolfSSL	0:1239e9b70ca2	5716
wolfSSL	0:1239e9b70ca2	5717	void CyaSSL_set_psk_server_callback(CYASSL* ssl, psk_server_callback cb)
wolfSSL	0:1239e9b70ca2	5718	{
wolfSSL	0:1239e9b70ca2	5719	byte haveRSA = 1;
wolfSSL	0:1239e9b70ca2	5720
wolfSSL	0:1239e9b70ca2	5721	CYASSL_ENTER("SSL_set_psk_server_callback");
wolfSSL	0:1239e9b70ca2	5722	ssl->options.havePSK = 1;
wolfSSL	0:1239e9b70ca2	5723	ssl->options.server_psk_cb = cb;
wolfSSL	0:1239e9b70ca2	5724
wolfSSL	0:1239e9b70ca2	5725	#ifdef NO_RSA
wolfSSL	0:1239e9b70ca2	5726	haveRSA = 0;
wolfSSL	0:1239e9b70ca2	5727	#endif
wolfSSL	0:1239e9b70ca2	5728	InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL	0:1239e9b70ca2	5729	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	0:1239e9b70ca2	5730	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL	0:1239e9b70ca2	5731	ssl->options.side);
wolfSSL	0:1239e9b70ca2	5732	}
wolfSSL	0:1239e9b70ca2	5733
wolfSSL	0:1239e9b70ca2	5734
wolfSSL	0:1239e9b70ca2	5735	const char* CyaSSL_get_psk_identity_hint(const CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5736	{
wolfSSL	0:1239e9b70ca2	5737	CYASSL_ENTER("SSL_get_psk_identity_hint");
wolfSSL	0:1239e9b70ca2	5738
wolfSSL	0:1239e9b70ca2	5739	if (ssl == NULL \|\| ssl->arrays == NULL)
wolfSSL	0:1239e9b70ca2	5740	return NULL;
wolfSSL	0:1239e9b70ca2	5741
wolfSSL	0:1239e9b70ca2	5742	return ssl->arrays->server_hint;
wolfSSL	0:1239e9b70ca2	5743	}
wolfSSL	0:1239e9b70ca2	5744
wolfSSL	0:1239e9b70ca2	5745
wolfSSL	0:1239e9b70ca2	5746	const char* CyaSSL_get_psk_identity(const CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5747	{
wolfSSL	0:1239e9b70ca2	5748	CYASSL_ENTER("SSL_get_psk_identity");
wolfSSL	0:1239e9b70ca2	5749
wolfSSL	0:1239e9b70ca2	5750	if (ssl == NULL \|\| ssl->arrays == NULL)
wolfSSL	0:1239e9b70ca2	5751	return NULL;
wolfSSL	0:1239e9b70ca2	5752
wolfSSL	0:1239e9b70ca2	5753	return ssl->arrays->client_identity;
wolfSSL	0:1239e9b70ca2	5754	}
wolfSSL	0:1239e9b70ca2	5755
wolfSSL	0:1239e9b70ca2	5756
wolfSSL	0:1239e9b70ca2	5757	int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX* ctx, const char* hint)
wolfSSL	0:1239e9b70ca2	5758	{
wolfSSL	0:1239e9b70ca2	5759	CYASSL_ENTER("SSL_CTX_use_psk_identity_hint");
wolfSSL	0:1239e9b70ca2	5760	if (hint == 0)
wolfSSL	0:1239e9b70ca2	5761	ctx->server_hint[0] = 0;
wolfSSL	0:1239e9b70ca2	5762	else {
wolfSSL	0:1239e9b70ca2	5763	XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL	0:1239e9b70ca2	5764	ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL	0:1239e9b70ca2	5765	}
wolfSSL	0:1239e9b70ca2	5766	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5767	}
wolfSSL	0:1239e9b70ca2	5768
wolfSSL	0:1239e9b70ca2	5769
wolfSSL	0:1239e9b70ca2	5770	int CyaSSL_use_psk_identity_hint(CYASSL* ssl, const char* hint)
wolfSSL	0:1239e9b70ca2	5771	{
wolfSSL	0:1239e9b70ca2	5772	CYASSL_ENTER("SSL_use_psk_identity_hint");
wolfSSL	0:1239e9b70ca2	5773
wolfSSL	0:1239e9b70ca2	5774	if (ssl == NULL \|\| ssl->arrays == NULL)
wolfSSL	0:1239e9b70ca2	5775	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	5776
wolfSSL	0:1239e9b70ca2	5777	if (hint == 0)
wolfSSL	0:1239e9b70ca2	5778	ssl->arrays->server_hint[0] = 0;
wolfSSL	0:1239e9b70ca2	5779	else {
wolfSSL	0:1239e9b70ca2	5780	XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL	0:1239e9b70ca2	5781	ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
wolfSSL	0:1239e9b70ca2	5782	}
wolfSSL	0:1239e9b70ca2	5783	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5784	}
wolfSSL	0:1239e9b70ca2	5785
wolfSSL	0:1239e9b70ca2	5786	#endif /* NO_PSK */
wolfSSL	0:1239e9b70ca2	5787
wolfSSL	0:1239e9b70ca2	5788
wolfSSL	0:1239e9b70ca2	5789	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	5790	/* used to be defined on NO_FILESYSTEM only, but are generally useful */
wolfSSL	0:1239e9b70ca2	5791
wolfSSL	0:1239e9b70ca2	5792	/* CyaSSL extension allows DER files to be loaded from buffers as well */
wolfSSL	0:1239e9b70ca2	5793	int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX* ctx, const unsigned char* in,
wolfSSL	0:1239e9b70ca2	5794	long sz, int format)
wolfSSL	0:1239e9b70ca2	5795	{
wolfSSL	0:1239e9b70ca2	5796	CYASSL_ENTER("CyaSSL_CTX_load_verify_buffer");
wolfSSL	0:1239e9b70ca2	5797	if (format == SSL_FILETYPE_PEM)
wolfSSL	0:1239e9b70ca2	5798	return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
wolfSSL	0:1239e9b70ca2	5799	else
wolfSSL	0:1239e9b70ca2	5800	return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0);
wolfSSL	0:1239e9b70ca2	5801	}
wolfSSL	0:1239e9b70ca2	5802
wolfSSL	0:1239e9b70ca2	5803
wolfSSL	0:1239e9b70ca2	5804	int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	5805	const unsigned char* in, long sz, int format)
wolfSSL	0:1239e9b70ca2	5806	{
wolfSSL	0:1239e9b70ca2	5807	CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer");
wolfSSL	0:1239e9b70ca2	5808	return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0);
wolfSSL	0:1239e9b70ca2	5809	}
wolfSSL	0:1239e9b70ca2	5810
wolfSSL	0:1239e9b70ca2	5811
wolfSSL	0:1239e9b70ca2	5812	int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	5813	const unsigned char* in, long sz, int format)
wolfSSL	0:1239e9b70ca2	5814	{
wolfSSL	0:1239e9b70ca2	5815	CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer");
wolfSSL	0:1239e9b70ca2	5816	return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0);
wolfSSL	0:1239e9b70ca2	5817	}
wolfSSL	0:1239e9b70ca2	5818
wolfSSL	0:1239e9b70ca2	5819
wolfSSL	0:1239e9b70ca2	5820	int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	5821	const unsigned char* in, long sz)
wolfSSL	0:1239e9b70ca2	5822	{
wolfSSL	0:1239e9b70ca2	5823	CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer");
wolfSSL	0:1239e9b70ca2	5824	return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL,
wolfSSL	0:1239e9b70ca2	5825	NULL, 1);
wolfSSL	0:1239e9b70ca2	5826	}
wolfSSL	0:1239e9b70ca2	5827
wolfSSL	0:1239e9b70ca2	5828	int CyaSSL_use_certificate_buffer(CYASSL* ssl,
wolfSSL	0:1239e9b70ca2	5829	const unsigned char* in, long sz, int format)
wolfSSL	0:1239e9b70ca2	5830	{
wolfSSL	0:1239e9b70ca2	5831	CYASSL_ENTER("CyaSSL_use_certificate_buffer");
wolfSSL	0:1239e9b70ca2	5832	return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0);
wolfSSL	0:1239e9b70ca2	5833	}
wolfSSL	0:1239e9b70ca2	5834
wolfSSL	0:1239e9b70ca2	5835
wolfSSL	0:1239e9b70ca2	5836	int CyaSSL_use_PrivateKey_buffer(CYASSL* ssl,
wolfSSL	0:1239e9b70ca2	5837	const unsigned char* in, long sz, int format)
wolfSSL	0:1239e9b70ca2	5838	{
wolfSSL	0:1239e9b70ca2	5839	CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer");
wolfSSL	0:1239e9b70ca2	5840	return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
wolfSSL	0:1239e9b70ca2	5841	ssl, NULL, 0);
wolfSSL	0:1239e9b70ca2	5842	}
wolfSSL	0:1239e9b70ca2	5843
wolfSSL	0:1239e9b70ca2	5844
wolfSSL	0:1239e9b70ca2	5845	int CyaSSL_use_certificate_chain_buffer(CYASSL* ssl,
wolfSSL	0:1239e9b70ca2	5846	const unsigned char* in, long sz)
wolfSSL	0:1239e9b70ca2	5847	{
wolfSSL	0:1239e9b70ca2	5848	CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer");
wolfSSL	0:1239e9b70ca2	5849	return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE,
wolfSSL	0:1239e9b70ca2	5850	ssl, NULL, 1);
wolfSSL	0:1239e9b70ca2	5851	}
wolfSSL	0:1239e9b70ca2	5852
wolfSSL	0:1239e9b70ca2	5853
wolfSSL	0:1239e9b70ca2	5854	/* unload any certs or keys that SSL owns, leave CTX as is
wolfSSL	0:1239e9b70ca2	5855	SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	5856	int CyaSSL_UnloadCertsKeys(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5857	{
wolfSSL	0:1239e9b70ca2	5858	if (ssl == NULL) {
wolfSSL	0:1239e9b70ca2	5859	CYASSL_MSG("Null function arg");
wolfSSL	0:1239e9b70ca2	5860	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	5861	}
wolfSSL	0:1239e9b70ca2	5862
wolfSSL	0:1239e9b70ca2	5863	if (ssl->buffers.weOwnCert) {
wolfSSL	0:1239e9b70ca2	5864	CYASSL_MSG("Unloading cert");
wolfSSL	0:1239e9b70ca2	5865	XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	5866	ssl->buffers.weOwnCert = 0;
wolfSSL	0:1239e9b70ca2	5867	ssl->buffers.certificate.length = 0;
wolfSSL	0:1239e9b70ca2	5868	ssl->buffers.certificate.buffer = NULL;
wolfSSL	0:1239e9b70ca2	5869	}
wolfSSL	0:1239e9b70ca2	5870
wolfSSL	0:1239e9b70ca2	5871	if (ssl->buffers.weOwnKey) {
wolfSSL	0:1239e9b70ca2	5872	CYASSL_MSG("Unloading key");
wolfSSL	0:1239e9b70ca2	5873	XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
wolfSSL	0:1239e9b70ca2	5874	ssl->buffers.weOwnKey = 0;
wolfSSL	0:1239e9b70ca2	5875	ssl->buffers.key.length = 0;
wolfSSL	0:1239e9b70ca2	5876	ssl->buffers.key.buffer = NULL;
wolfSSL	0:1239e9b70ca2	5877	}
wolfSSL	0:1239e9b70ca2	5878
wolfSSL	0:1239e9b70ca2	5879	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5880	}
wolfSSL	0:1239e9b70ca2	5881
wolfSSL	0:1239e9b70ca2	5882
wolfSSL	0:1239e9b70ca2	5883	int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	5884	{
wolfSSL	0:1239e9b70ca2	5885	CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");
wolfSSL	0:1239e9b70ca2	5886
wolfSSL	0:1239e9b70ca2	5887	if (ctx == NULL)
wolfSSL	0:1239e9b70ca2	5888	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	5889
wolfSSL	0:1239e9b70ca2	5890	return CyaSSL_CertManagerUnloadCAs(ctx->cm);
wolfSSL	0:1239e9b70ca2	5891	}
wolfSSL	0:1239e9b70ca2	5892
wolfSSL	0:1239e9b70ca2	5893	/* old NO_FILESYSTEM end */
wolfSSL	0:1239e9b70ca2	5894	#endif /* !NO_CERTS */
wolfSSL	0:1239e9b70ca2	5895
wolfSSL	0:1239e9b70ca2	5896
wolfSSL	0:1239e9b70ca2	5897	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	0:1239e9b70ca2	5898
wolfSSL	0:1239e9b70ca2	5899
wolfSSL	0:1239e9b70ca2	5900	int CyaSSL_add_all_algorithms(void)
wolfSSL	0:1239e9b70ca2	5901	{
wolfSSL	0:1239e9b70ca2	5902	CYASSL_ENTER("CyaSSL_add_all_algorithms");
wolfSSL	0:1239e9b70ca2	5903	CyaSSL_Init();
wolfSSL	0:1239e9b70ca2	5904	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5905	}
wolfSSL	0:1239e9b70ca2	5906
wolfSSL	0:1239e9b70ca2	5907
wolfSSL	0:1239e9b70ca2	5908	long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX* ctx, long sz)
wolfSSL	0:1239e9b70ca2	5909	{
wolfSSL	0:1239e9b70ca2	5910	/* cache size fixed at compile time in CyaSSL */
wolfSSL	0:1239e9b70ca2	5911	(void)ctx;
wolfSSL	0:1239e9b70ca2	5912	(void)sz;
wolfSSL	0:1239e9b70ca2	5913	return 0;
wolfSSL	0:1239e9b70ca2	5914	}
wolfSSL	0:1239e9b70ca2	5915
wolfSSL	0:1239e9b70ca2	5916
wolfSSL	0:1239e9b70ca2	5917	void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode)
wolfSSL	0:1239e9b70ca2	5918	{
wolfSSL	0:1239e9b70ca2	5919	CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
wolfSSL	0:1239e9b70ca2	5920	if (mode)
wolfSSL	0:1239e9b70ca2	5921	ctx->quietShutdown = 1;
wolfSSL	0:1239e9b70ca2	5922	}
wolfSSL	0:1239e9b70ca2	5923
wolfSSL	0:1239e9b70ca2	5924
wolfSSL	0:1239e9b70ca2	5925	void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode)
wolfSSL	0:1239e9b70ca2	5926	{
wolfSSL	0:1239e9b70ca2	5927	CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
wolfSSL	0:1239e9b70ca2	5928	if (mode)
wolfSSL	0:1239e9b70ca2	5929	ssl->options.quietShutdown = 1;
wolfSSL	0:1239e9b70ca2	5930	}
wolfSSL	0:1239e9b70ca2	5931
wolfSSL	0:1239e9b70ca2	5932
wolfSSL	0:1239e9b70ca2	5933	void CyaSSL_set_bio(CYASSL* ssl, CYASSL_BIO* rd, CYASSL_BIO* wr)
wolfSSL	0:1239e9b70ca2	5934	{
wolfSSL	0:1239e9b70ca2	5935	CYASSL_ENTER("SSL_set_bio");
wolfSSL	0:1239e9b70ca2	5936	CyaSSL_set_rfd(ssl, rd->fd);
wolfSSL	0:1239e9b70ca2	5937	CyaSSL_set_wfd(ssl, wr->fd);
wolfSSL	0:1239e9b70ca2	5938
wolfSSL	0:1239e9b70ca2	5939	ssl->biord = rd;
wolfSSL	0:1239e9b70ca2	5940	ssl->biowr = wr;
wolfSSL	0:1239e9b70ca2	5941	}
wolfSSL	0:1239e9b70ca2	5942
wolfSSL	0:1239e9b70ca2	5943
wolfSSL	0:1239e9b70ca2	5944	void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	5945	STACK_OF(CYASSL_X509_NAME)* names)
wolfSSL	0:1239e9b70ca2	5946	{
wolfSSL	0:1239e9b70ca2	5947	(void)ctx;
wolfSSL	0:1239e9b70ca2	5948	(void)names;
wolfSSL	0:1239e9b70ca2	5949	}
wolfSSL	0:1239e9b70ca2	5950
wolfSSL	0:1239e9b70ca2	5951
wolfSSL	0:1239e9b70ca2	5952	STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char* fname)
wolfSSL	0:1239e9b70ca2	5953	{
wolfSSL	0:1239e9b70ca2	5954	(void)fname;
wolfSSL	0:1239e9b70ca2	5955	return 0;
wolfSSL	0:1239e9b70ca2	5956	}
wolfSSL	0:1239e9b70ca2	5957
wolfSSL	0:1239e9b70ca2	5958
wolfSSL	0:1239e9b70ca2	5959	int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	5960	{
wolfSSL	0:1239e9b70ca2	5961	/* TODO:, not needed in goahead */
wolfSSL	0:1239e9b70ca2	5962	(void)ctx;
wolfSSL	0:1239e9b70ca2	5963	return SSL_NOT_IMPLEMENTED;
wolfSSL	0:1239e9b70ca2	5964	}
wolfSSL	0:1239e9b70ca2	5965
wolfSSL	0:1239e9b70ca2	5966
wolfSSL	0:1239e9b70ca2	5967	/* keyblock size in bytes or -1 */
wolfSSL	0:1239e9b70ca2	5968	int CyaSSL_get_keyblock_size(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5969	{
wolfSSL	0:1239e9b70ca2	5970	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	5971	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	5972
wolfSSL	0:1239e9b70ca2	5973	return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
wolfSSL	0:1239e9b70ca2	5974	ssl->specs.hash_size);
wolfSSL	0:1239e9b70ca2	5975	}
wolfSSL	0:1239e9b70ca2	5976
wolfSSL	0:1239e9b70ca2	5977
wolfSSL	0:1239e9b70ca2	5978	/* store keys returns SSL_SUCCESS or -1 on error */
wolfSSL	0:1239e9b70ca2	5979	int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen,
wolfSSL	0:1239e9b70ca2	5980	unsigned char** sr, unsigned int* srLen,
wolfSSL	0:1239e9b70ca2	5981	unsigned char** cr, unsigned int* crLen)
wolfSSL	0:1239e9b70ca2	5982	{
wolfSSL	0:1239e9b70ca2	5983	if (ssl == NULL \|\| ssl->arrays == NULL)
wolfSSL	0:1239e9b70ca2	5984	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	5985
wolfSSL	0:1239e9b70ca2	5986	*ms = ssl->arrays->masterSecret;
wolfSSL	0:1239e9b70ca2	5987	*sr = ssl->arrays->serverRandom;
wolfSSL	0:1239e9b70ca2	5988	*cr = ssl->arrays->clientRandom;
wolfSSL	0:1239e9b70ca2	5989
wolfSSL	0:1239e9b70ca2	5990	*msLen = SECRET_LEN;
wolfSSL	0:1239e9b70ca2	5991	*srLen = RAN_LEN;
wolfSSL	0:1239e9b70ca2	5992	*crLen = RAN_LEN;
wolfSSL	0:1239e9b70ca2	5993
wolfSSL	0:1239e9b70ca2	5994	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	5995	}
wolfSSL	0:1239e9b70ca2	5996
wolfSSL	0:1239e9b70ca2	5997
wolfSSL	0:1239e9b70ca2	5998	void CyaSSL_set_accept_state(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	5999	{
wolfSSL	0:1239e9b70ca2	6000	byte haveRSA = 1;
wolfSSL	0:1239e9b70ca2	6001	byte havePSK = 0;
wolfSSL	0:1239e9b70ca2	6002
wolfSSL	0:1239e9b70ca2	6003	CYASSL_ENTER("SSL_set_accept_state");
wolfSSL	0:1239e9b70ca2	6004	ssl->options.side = CYASSL_SERVER_END;
wolfSSL	0:1239e9b70ca2	6005	/* reset suites in case user switched */
wolfSSL	0:1239e9b70ca2	6006
wolfSSL	0:1239e9b70ca2	6007	#ifdef NO_RSA
wolfSSL	0:1239e9b70ca2	6008	haveRSA = 0;
wolfSSL	0:1239e9b70ca2	6009	#endif
wolfSSL	0:1239e9b70ca2	6010	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	6011	havePSK = ssl->options.havePSK;
wolfSSL	0:1239e9b70ca2	6012	#endif
wolfSSL	0:1239e9b70ca2	6013	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL	0:1239e9b70ca2	6014	ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL	0:1239e9b70ca2	6015	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
wolfSSL	0:1239e9b70ca2	6016	ssl->options.side);
wolfSSL	0:1239e9b70ca2	6017	}
wolfSSL	0:1239e9b70ca2	6018	#endif
wolfSSL	0:1239e9b70ca2	6019
wolfSSL	0:1239e9b70ca2	6020	/* return true if connection established */
wolfSSL	0:1239e9b70ca2	6021	int CyaSSL_is_init_finished(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	6022	{
wolfSSL	0:1239e9b70ca2	6023	if (ssl == NULL)
wolfSSL	0:1239e9b70ca2	6024	return 0;
wolfSSL	0:1239e9b70ca2	6025
wolfSSL	0:1239e9b70ca2	6026	if (ssl->options.handShakeState == HANDSHAKE_DONE)
wolfSSL	0:1239e9b70ca2	6027	return 1;
wolfSSL	0:1239e9b70ca2	6028
wolfSSL	0:1239e9b70ca2	6029	return 0;
wolfSSL	0:1239e9b70ca2	6030	}
wolfSSL	0:1239e9b70ca2	6031
wolfSSL	0:1239e9b70ca2	6032	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
wolfSSL	0:1239e9b70ca2	6033	void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	6034	CYASSL_RSA(f)(CYASSL*, int, int))
wolfSSL	0:1239e9b70ca2	6035	{
wolfSSL	0:1239e9b70ca2	6036	/* CyaSSL verifies all these internally */
wolfSSL	0:1239e9b70ca2	6037	(void)ctx;
wolfSSL	0:1239e9b70ca2	6038	(void)f;
wolfSSL	0:1239e9b70ca2	6039	}
wolfSSL	0:1239e9b70ca2	6040
wolfSSL	0:1239e9b70ca2	6041
wolfSSL	0:1239e9b70ca2	6042	void CyaSSL_set_shutdown(CYASSL* ssl, int opt)
wolfSSL	0:1239e9b70ca2	6043	{
wolfSSL	0:1239e9b70ca2	6044	(void)ssl;
wolfSSL	0:1239e9b70ca2	6045	(void)opt;
wolfSSL	0:1239e9b70ca2	6046	}
wolfSSL	0:1239e9b70ca2	6047
wolfSSL	0:1239e9b70ca2	6048
wolfSSL	0:1239e9b70ca2	6049	long CyaSSL_CTX_set_options(CYASSL_CTX* ctx, long opt)
wolfSSL	0:1239e9b70ca2	6050	{
wolfSSL	0:1239e9b70ca2	6051	/* goahead calls with 0, do nothing */
wolfSSL	0:1239e9b70ca2	6052	CYASSL_ENTER("SSL_CTX_set_options");
wolfSSL	0:1239e9b70ca2	6053	(void)ctx;
wolfSSL	0:1239e9b70ca2	6054	return opt;
wolfSSL	0:1239e9b70ca2	6055	}
wolfSSL	0:1239e9b70ca2	6056
wolfSSL	0:1239e9b70ca2	6057
wolfSSL	0:1239e9b70ca2	6058	int CyaSSL_set_rfd(CYASSL* ssl, int rfd)
wolfSSL	0:1239e9b70ca2	6059	{
wolfSSL	0:1239e9b70ca2	6060	CYASSL_ENTER("SSL_set_rfd");
wolfSSL	0:1239e9b70ca2	6061	ssl->rfd = rfd; /* not used directly to allow IO callbacks */
wolfSSL	0:1239e9b70ca2	6062
wolfSSL	0:1239e9b70ca2	6063	ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL	0:1239e9b70ca2	6064
wolfSSL	0:1239e9b70ca2	6065	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	6066	}
wolfSSL	0:1239e9b70ca2	6067
wolfSSL	0:1239e9b70ca2	6068
wolfSSL	0:1239e9b70ca2	6069	int CyaSSL_set_wfd(CYASSL* ssl, int wfd)
wolfSSL	0:1239e9b70ca2	6070	{
wolfSSL	0:1239e9b70ca2	6071	CYASSL_ENTER("SSL_set_wfd");
wolfSSL	0:1239e9b70ca2	6072	ssl->wfd = wfd; /* not used directly to allow IO callbacks */
wolfSSL	0:1239e9b70ca2	6073
wolfSSL	0:1239e9b70ca2	6074	ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL	0:1239e9b70ca2	6075
wolfSSL	0:1239e9b70ca2	6076	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	6077	}
wolfSSL	0:1239e9b70ca2	6078
wolfSSL	0:1239e9b70ca2	6079
wolfSSL	0:1239e9b70ca2	6080	CYASSL_RSA* CyaSSL_RSA_generate_key(int len, unsigned long bits,
wolfSSL	0:1239e9b70ca2	6081	void(f)(int, int, void), void* data)
wolfSSL	0:1239e9b70ca2	6082	{
wolfSSL	0:1239e9b70ca2	6083	/* no tmp key needed, actual generation not supported */
wolfSSL	0:1239e9b70ca2	6084	CYASSL_ENTER("RSA_generate_key");
wolfSSL	0:1239e9b70ca2	6085	(void)len;
wolfSSL	0:1239e9b70ca2	6086	(void)bits;
wolfSSL	0:1239e9b70ca2	6087	(void)f;
wolfSSL	0:1239e9b70ca2	6088	(void)data;
wolfSSL	0:1239e9b70ca2	6089	return NULL;
wolfSSL	0:1239e9b70ca2	6090	}
wolfSSL	0:1239e9b70ca2	6091
wolfSSL	0:1239e9b70ca2	6092
wolfSSL	0:1239e9b70ca2	6093
wolfSSL	0:1239e9b70ca2	6094	CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
wolfSSL	0:1239e9b70ca2	6095	CYASSL_X509_STORE_CTX* ctx)
wolfSSL	0:1239e9b70ca2	6096	{
wolfSSL	0:1239e9b70ca2	6097	(void)ctx;
wolfSSL	0:1239e9b70ca2	6098	return 0;
wolfSSL	0:1239e9b70ca2	6099	}
wolfSSL	0:1239e9b70ca2	6100
wolfSSL	0:1239e9b70ca2	6101
wolfSSL	0:1239e9b70ca2	6102	int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX* ctx)
wolfSSL	0:1239e9b70ca2	6103	{
wolfSSL	0:1239e9b70ca2	6104	if (ctx != NULL)
wolfSSL	0:1239e9b70ca2	6105	return ctx->error;
wolfSSL	0:1239e9b70ca2	6106	return 0;
wolfSSL	0:1239e9b70ca2	6107	}
wolfSSL	0:1239e9b70ca2	6108
wolfSSL	0:1239e9b70ca2	6109
wolfSSL	0:1239e9b70ca2	6110	int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX* ctx)
wolfSSL	0:1239e9b70ca2	6111	{
wolfSSL	0:1239e9b70ca2	6112	(void)ctx;
wolfSSL	0:1239e9b70ca2	6113	return 0;
wolfSSL	0:1239e9b70ca2	6114	}
wolfSSL	0:1239e9b70ca2	6115
wolfSSL	0:1239e9b70ca2	6116
wolfSSL	0:1239e9b70ca2	6117	CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void)
wolfSSL	0:1239e9b70ca2	6118	{
wolfSSL	0:1239e9b70ca2	6119	static CYASSL_BIO_METHOD meth;
wolfSSL	0:1239e9b70ca2	6120
wolfSSL	0:1239e9b70ca2	6121	CYASSL_ENTER("BIO_f_buffer");
wolfSSL	0:1239e9b70ca2	6122	meth.type = BIO_BUFFER;
wolfSSL	0:1239e9b70ca2	6123
wolfSSL	0:1239e9b70ca2	6124	return &meth;
wolfSSL	0:1239e9b70ca2	6125	}
wolfSSL	0:1239e9b70ca2	6126
wolfSSL	0:1239e9b70ca2	6127
wolfSSL	0:1239e9b70ca2	6128	long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO* bio, long size)
wolfSSL	0:1239e9b70ca2	6129	{
wolfSSL	0:1239e9b70ca2	6130	/* CyaSSL has internal buffer, compatibility only */
wolfSSL	0:1239e9b70ca2	6131	CYASSL_ENTER("BIO_set_write_buffer_size");
wolfSSL	0:1239e9b70ca2	6132	(void)bio;
wolfSSL	0:1239e9b70ca2	6133	return size;
wolfSSL	0:1239e9b70ca2	6134	}
wolfSSL	0:1239e9b70ca2	6135
wolfSSL	0:1239e9b70ca2	6136
wolfSSL	0:1239e9b70ca2	6137	CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void)
wolfSSL	0:1239e9b70ca2	6138	{
wolfSSL	0:1239e9b70ca2	6139	static CYASSL_BIO_METHOD meth;
wolfSSL	0:1239e9b70ca2	6140
wolfSSL	0:1239e9b70ca2	6141	CYASSL_ENTER("BIO_f_ssl");
wolfSSL	0:1239e9b70ca2	6142	meth.type = BIO_SSL;
wolfSSL	0:1239e9b70ca2	6143
wolfSSL	0:1239e9b70ca2	6144	return &meth;
wolfSSL	0:1239e9b70ca2	6145	}
wolfSSL	0:1239e9b70ca2	6146
wolfSSL	0:1239e9b70ca2	6147
wolfSSL	0:1239e9b70ca2	6148	CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int closeF)
wolfSSL	0:1239e9b70ca2	6149	{
wolfSSL	0:1239e9b70ca2	6150	CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
wolfSSL	0:1239e9b70ca2	6151	DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	6152
wolfSSL	0:1239e9b70ca2	6153	CYASSL_ENTER("BIO_new_socket");
wolfSSL	0:1239e9b70ca2	6154	if (bio) {
wolfSSL	0:1239e9b70ca2	6155	bio->type = BIO_SOCKET;
wolfSSL	0:1239e9b70ca2	6156	bio->close = (byte)closeF;
wolfSSL	0:1239e9b70ca2	6157	bio->eof = 0;
wolfSSL	0:1239e9b70ca2	6158	bio->ssl = 0;
wolfSSL	0:1239e9b70ca2	6159	bio->fd = sfd;
wolfSSL	0:1239e9b70ca2	6160	bio->prev = 0;
wolfSSL	0:1239e9b70ca2	6161	bio->next = 0;
wolfSSL	0:1239e9b70ca2	6162	bio->mem = NULL;
wolfSSL	0:1239e9b70ca2	6163	bio->memLen = 0;
wolfSSL	0:1239e9b70ca2	6164	}
wolfSSL	0:1239e9b70ca2	6165	return bio;
wolfSSL	0:1239e9b70ca2	6166	}
wolfSSL	0:1239e9b70ca2	6167
wolfSSL	0:1239e9b70ca2	6168
wolfSSL	0:1239e9b70ca2	6169	int CyaSSL_BIO_eof(CYASSL_BIO* b)
wolfSSL	0:1239e9b70ca2	6170	{
wolfSSL	0:1239e9b70ca2	6171	CYASSL_ENTER("BIO_eof");
wolfSSL	0:1239e9b70ca2	6172	if (b->eof)
wolfSSL	0:1239e9b70ca2	6173	return 1;
wolfSSL	0:1239e9b70ca2	6174
wolfSSL	0:1239e9b70ca2	6175	return 0;
wolfSSL	0:1239e9b70ca2	6176	}
wolfSSL	0:1239e9b70ca2	6177
wolfSSL	0:1239e9b70ca2	6178
wolfSSL	0:1239e9b70ca2	6179	long CyaSSL_BIO_set_ssl(CYASSL_BIO* b, CYASSL* ssl, int closeF)
wolfSSL	0:1239e9b70ca2	6180	{
wolfSSL	0:1239e9b70ca2	6181	CYASSL_ENTER("BIO_set_ssl");
wolfSSL	0:1239e9b70ca2	6182	b->ssl = ssl;
wolfSSL	0:1239e9b70ca2	6183	b->close = (byte)closeF;
wolfSSL	0:1239e9b70ca2	6184	/* add to ssl for bio free if SSL_free called before/instead of free_all? */
wolfSSL	0:1239e9b70ca2	6185
wolfSSL	0:1239e9b70ca2	6186	return 0;
wolfSSL	0:1239e9b70ca2	6187	}
wolfSSL	0:1239e9b70ca2	6188
wolfSSL	0:1239e9b70ca2	6189
wolfSSL	0:1239e9b70ca2	6190	CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD* method)
wolfSSL	0:1239e9b70ca2	6191	{
wolfSSL	0:1239e9b70ca2	6192	CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
wolfSSL	0:1239e9b70ca2	6193	DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	6194	CYASSL_ENTER("BIO_new");
wolfSSL	0:1239e9b70ca2	6195	if (bio) {
wolfSSL	0:1239e9b70ca2	6196	bio->type = method->type;
wolfSSL	0:1239e9b70ca2	6197	bio->close = 0;
wolfSSL	0:1239e9b70ca2	6198	bio->eof = 0;
wolfSSL	0:1239e9b70ca2	6199	bio->ssl = NULL;
wolfSSL	0:1239e9b70ca2	6200	bio->mem = NULL;
wolfSSL	0:1239e9b70ca2	6201	bio->memLen = 0;
wolfSSL	0:1239e9b70ca2	6202	bio->fd = 0;
wolfSSL	0:1239e9b70ca2	6203	bio->prev = NULL;
wolfSSL	0:1239e9b70ca2	6204	bio->next = NULL;
wolfSSL	0:1239e9b70ca2	6205	}
wolfSSL	0:1239e9b70ca2	6206	return bio;
wolfSSL	0:1239e9b70ca2	6207	}
wolfSSL	0:1239e9b70ca2	6208
wolfSSL	0:1239e9b70ca2	6209
wolfSSL	0:1239e9b70ca2	6210	int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio, const byte** p)
wolfSSL	0:1239e9b70ca2	6211	{
wolfSSL	0:1239e9b70ca2	6212	if (bio == NULL \|\| p == NULL)
wolfSSL	0:1239e9b70ca2	6213	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	6214
wolfSSL	0:1239e9b70ca2	6215	*p = bio->mem;
wolfSSL	0:1239e9b70ca2	6216
wolfSSL	0:1239e9b70ca2	6217	return bio->memLen;
wolfSSL	0:1239e9b70ca2	6218	}
wolfSSL	0:1239e9b70ca2	6219
wolfSSL	0:1239e9b70ca2	6220
wolfSSL	0:1239e9b70ca2	6221	CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len)
wolfSSL	0:1239e9b70ca2	6222	{
wolfSSL	0:1239e9b70ca2	6223	CYASSL_BIO* bio = NULL;
wolfSSL	0:1239e9b70ca2	6224	if (buf == NULL)
wolfSSL	0:1239e9b70ca2	6225	return bio;
wolfSSL	0:1239e9b70ca2	6226
wolfSSL	0:1239e9b70ca2	6227	bio = CyaSSL_BIO_new(CyaSSL_BIO_s_mem());
wolfSSL	0:1239e9b70ca2	6228	if (bio == NULL)
wolfSSL	0:1239e9b70ca2	6229	return bio;
wolfSSL	0:1239e9b70ca2	6230
wolfSSL	0:1239e9b70ca2	6231	bio->memLen = len;
wolfSSL	0:1239e9b70ca2	6232	bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	6233	if (bio->mem == NULL) {
wolfSSL	0:1239e9b70ca2	6234	XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	6235	return NULL;
wolfSSL	0:1239e9b70ca2	6236	}
wolfSSL	0:1239e9b70ca2	6237
wolfSSL	0:1239e9b70ca2	6238	XMEMCPY(bio->mem, buf, len);
wolfSSL	0:1239e9b70ca2	6239
wolfSSL	0:1239e9b70ca2	6240	return bio;
wolfSSL	0:1239e9b70ca2	6241	}
wolfSSL	0:1239e9b70ca2	6242
wolfSSL	0:1239e9b70ca2	6243
wolfSSL	0:1239e9b70ca2	6244	#ifdef USE_WINDOWS_API
wolfSSL	0:1239e9b70ca2	6245	#define CloseSocket(s) closesocket(s)
wolfSSL	0:1239e9b70ca2	6246	#elif defined(CYASSL_MDK_ARM)
wolfSSL	0:1239e9b70ca2	6247	#define CloseSocket(s) closesocket(s)
wolfSSL	0:1239e9b70ca2	6248	extern int closesocket(int) ;
wolfSSL	0:1239e9b70ca2	6249	#else
wolfSSL	0:1239e9b70ca2	6250	#define CloseSocket(s) close(s)
wolfSSL	0:1239e9b70ca2	6251	#endif
wolfSSL	0:1239e9b70ca2	6252
wolfSSL	0:1239e9b70ca2	6253	int CyaSSL_BIO_free(CYASSL_BIO* bio)
wolfSSL	0:1239e9b70ca2	6254	{
wolfSSL	0:1239e9b70ca2	6255	/* unchain?, doesn't matter in goahead since from free all */
wolfSSL	0:1239e9b70ca2	6256	CYASSL_ENTER("BIO_free");
wolfSSL	0:1239e9b70ca2	6257	if (bio) {
wolfSSL	0:1239e9b70ca2	6258	if (bio->close) {
wolfSSL	0:1239e9b70ca2	6259	if (bio->ssl)
wolfSSL	0:1239e9b70ca2	6260	CyaSSL_free(bio->ssl);
wolfSSL	0:1239e9b70ca2	6261	if (bio->fd)
wolfSSL	0:1239e9b70ca2	6262	CloseSocket(bio->fd);
wolfSSL	0:1239e9b70ca2	6263	}
wolfSSL	0:1239e9b70ca2	6264	if (bio->mem)
wolfSSL	0:1239e9b70ca2	6265	XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	6266	XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	6267	}
wolfSSL	0:1239e9b70ca2	6268	return 0;
wolfSSL	0:1239e9b70ca2	6269	}
wolfSSL	0:1239e9b70ca2	6270
wolfSSL	0:1239e9b70ca2	6271
wolfSSL	0:1239e9b70ca2	6272	int CyaSSL_BIO_free_all(CYASSL_BIO* bio)
wolfSSL	0:1239e9b70ca2	6273	{
wolfSSL	0:1239e9b70ca2	6274	CYASSL_ENTER("BIO_free_all");
wolfSSL	0:1239e9b70ca2	6275	while (bio) {
wolfSSL	0:1239e9b70ca2	6276	CYASSL_BIO* next = bio->next;
wolfSSL	0:1239e9b70ca2	6277	CyaSSL_BIO_free(bio);
wolfSSL	0:1239e9b70ca2	6278	bio = next;
wolfSSL	0:1239e9b70ca2	6279	}
wolfSSL	0:1239e9b70ca2	6280	return 0;
wolfSSL	0:1239e9b70ca2	6281	}
wolfSSL	0:1239e9b70ca2	6282
wolfSSL	0:1239e9b70ca2	6283
wolfSSL	0:1239e9b70ca2	6284	int CyaSSL_BIO_read(CYASSL_BIO* bio, void* buf, int len)
wolfSSL	0:1239e9b70ca2	6285	{
wolfSSL	0:1239e9b70ca2	6286	int ret;
wolfSSL	0:1239e9b70ca2	6287	CYASSL* ssl = 0;
wolfSSL	0:1239e9b70ca2	6288	CYASSL_BIO* front = bio;
wolfSSL	0:1239e9b70ca2	6289
wolfSSL	0:1239e9b70ca2	6290	CYASSL_ENTER("BIO_read");
wolfSSL	0:1239e9b70ca2	6291	/* already got eof, again is error */
wolfSSL	0:1239e9b70ca2	6292	if (front->eof)
wolfSSL	0:1239e9b70ca2	6293	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	6294
wolfSSL	0:1239e9b70ca2	6295	while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL	0:1239e9b70ca2	6296	bio = bio->next;
wolfSSL	0:1239e9b70ca2	6297
wolfSSL	0:1239e9b70ca2	6298	if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	6299
wolfSSL	0:1239e9b70ca2	6300	ret = CyaSSL_read(ssl, buf, len);
wolfSSL	0:1239e9b70ca2	6301	if (ret == 0)
wolfSSL	0:1239e9b70ca2	6302	front->eof = 1;
wolfSSL	0:1239e9b70ca2	6303	else if (ret < 0) {
wolfSSL	0:1239e9b70ca2	6304	int err = CyaSSL_get_error(ssl, 0);
wolfSSL	0:1239e9b70ca2	6305	if ( !(err == SSL_ERROR_WANT_READ \|\| err == SSL_ERROR_WANT_WRITE) )
wolfSSL	0:1239e9b70ca2	6306	front->eof = 1;
wolfSSL	0:1239e9b70ca2	6307	}
wolfSSL	0:1239e9b70ca2	6308	return ret;
wolfSSL	0:1239e9b70ca2	6309	}
wolfSSL	0:1239e9b70ca2	6310
wolfSSL	0:1239e9b70ca2	6311
wolfSSL	0:1239e9b70ca2	6312	int CyaSSL_BIO_write(CYASSL_BIO* bio, const void* data, int len)
wolfSSL	0:1239e9b70ca2	6313	{
wolfSSL	0:1239e9b70ca2	6314	int ret;
wolfSSL	0:1239e9b70ca2	6315	CYASSL* ssl = 0;
wolfSSL	0:1239e9b70ca2	6316	CYASSL_BIO* front = bio;
wolfSSL	0:1239e9b70ca2	6317
wolfSSL	0:1239e9b70ca2	6318	CYASSL_ENTER("BIO_write");
wolfSSL	0:1239e9b70ca2	6319	/* already got eof, again is error */
wolfSSL	0:1239e9b70ca2	6320	if (front->eof)
wolfSSL	0:1239e9b70ca2	6321	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	6322
wolfSSL	0:1239e9b70ca2	6323	while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL	0:1239e9b70ca2	6324	bio = bio->next;
wolfSSL	0:1239e9b70ca2	6325
wolfSSL	0:1239e9b70ca2	6326	if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	6327
wolfSSL	0:1239e9b70ca2	6328	ret = CyaSSL_write(ssl, data, len);
wolfSSL	0:1239e9b70ca2	6329	if (ret == 0)
wolfSSL	0:1239e9b70ca2	6330	front->eof = 1;
wolfSSL	0:1239e9b70ca2	6331	else if (ret < 0) {
wolfSSL	0:1239e9b70ca2	6332	int err = CyaSSL_get_error(ssl, 0);
wolfSSL	0:1239e9b70ca2	6333	if ( !(err == SSL_ERROR_WANT_READ \|\| err == SSL_ERROR_WANT_WRITE) )
wolfSSL	0:1239e9b70ca2	6334	front->eof = 1;
wolfSSL	0:1239e9b70ca2	6335	}
wolfSSL	0:1239e9b70ca2	6336
wolfSSL	0:1239e9b70ca2	6337	return ret;
wolfSSL	0:1239e9b70ca2	6338	}
wolfSSL	0:1239e9b70ca2	6339
wolfSSL	0:1239e9b70ca2	6340
wolfSSL	0:1239e9b70ca2	6341	CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO* top, CYASSL_BIO* append)
wolfSSL	0:1239e9b70ca2	6342	{
wolfSSL	0:1239e9b70ca2	6343	CYASSL_ENTER("BIO_push");
wolfSSL	0:1239e9b70ca2	6344	top->next = append;
wolfSSL	0:1239e9b70ca2	6345	append->prev = top;
wolfSSL	0:1239e9b70ca2	6346
wolfSSL	0:1239e9b70ca2	6347	return top;
wolfSSL	0:1239e9b70ca2	6348	}
wolfSSL	0:1239e9b70ca2	6349
wolfSSL	0:1239e9b70ca2	6350
wolfSSL	0:1239e9b70ca2	6351	int CyaSSL_BIO_flush(CYASSL_BIO* bio)
wolfSSL	0:1239e9b70ca2	6352	{
wolfSSL	0:1239e9b70ca2	6353	/* for CyaSSL no flushing needed */
wolfSSL	0:1239e9b70ca2	6354	CYASSL_ENTER("BIO_flush");
wolfSSL	0:1239e9b70ca2	6355	(void)bio;
wolfSSL	0:1239e9b70ca2	6356	return 1;
wolfSSL	0:1239e9b70ca2	6357	}
wolfSSL	0:1239e9b70ca2	6358
wolfSSL	0:1239e9b70ca2	6359
wolfSSL	0:1239e9b70ca2	6360	#endif /* OPENSSL_EXTRA \|\| GOAHEAD_WS */
wolfSSL	0:1239e9b70ca2	6361
wolfSSL	0:1239e9b70ca2	6362
wolfSSL	0:1239e9b70ca2	6363	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
wolfSSL	0:1239e9b70ca2	6364
wolfSSL	0:1239e9b70ca2	6365	void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	6366	void* userdata)
wolfSSL	0:1239e9b70ca2	6367	{
wolfSSL	0:1239e9b70ca2	6368	CYASSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
wolfSSL	0:1239e9b70ca2	6369	ctx->userdata = userdata;
wolfSSL	0:1239e9b70ca2	6370	}
wolfSSL	0:1239e9b70ca2	6371
wolfSSL	0:1239e9b70ca2	6372
wolfSSL	0:1239e9b70ca2	6373	void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX* ctx, pem_password_cb cb)
wolfSSL	0:1239e9b70ca2	6374	{
wolfSSL	0:1239e9b70ca2	6375	CYASSL_ENTER("SSL_CTX_set_default_passwd_cb");
wolfSSL	0:1239e9b70ca2	6376	ctx->passwd_cb = cb;
wolfSSL	0:1239e9b70ca2	6377	}
wolfSSL	0:1239e9b70ca2	6378
wolfSSL	0:1239e9b70ca2	6379	int CyaSSL_num_locks(void)
wolfSSL	0:1239e9b70ca2	6380	{
wolfSSL	0:1239e9b70ca2	6381	return 0;
wolfSSL	0:1239e9b70ca2	6382	}
wolfSSL	0:1239e9b70ca2	6383
wolfSSL	0:1239e9b70ca2	6384	void CyaSSL_set_locking_callback(void (f)(int, int, const char, int))
wolfSSL	0:1239e9b70ca2	6385	{
wolfSSL	0:1239e9b70ca2	6386	(void)f;
wolfSSL	0:1239e9b70ca2	6387	}
wolfSSL	0:1239e9b70ca2	6388
wolfSSL	0:1239e9b70ca2	6389	void CyaSSL_set_id_callback(unsigned long (*f)(void))
wolfSSL	0:1239e9b70ca2	6390	{
wolfSSL	0:1239e9b70ca2	6391	(void)f;
wolfSSL	0:1239e9b70ca2	6392	}
wolfSSL	0:1239e9b70ca2	6393
wolfSSL	0:1239e9b70ca2	6394	unsigned long CyaSSL_ERR_get_error(void)
wolfSSL	0:1239e9b70ca2	6395	{
wolfSSL	0:1239e9b70ca2	6396	/* TODO: */
wolfSSL	0:1239e9b70ca2	6397	return 0;
wolfSSL	0:1239e9b70ca2	6398	}
wolfSSL	0:1239e9b70ca2	6399
wolfSSL	0:1239e9b70ca2	6400	int CyaSSL_EVP_BytesToKey(const CYASSL_EVP_CIPHER* type,
wolfSSL	0:1239e9b70ca2	6401	const CYASSL_EVP_MD* md, const byte* salt,
wolfSSL	0:1239e9b70ca2	6402	const byte* data, int sz, int count, byte* key, byte* iv)
wolfSSL	0:1239e9b70ca2	6403	{
wolfSSL	0:1239e9b70ca2	6404	int keyLen = 0;
wolfSSL	0:1239e9b70ca2	6405	int ivLen = 0;
wolfSSL	0:1239e9b70ca2	6406
wolfSSL	0:1239e9b70ca2	6407	Md5 myMD;
wolfSSL	0:1239e9b70ca2	6408	byte digest[MD5_DIGEST_SIZE];
wolfSSL	0:1239e9b70ca2	6409
wolfSSL	0:1239e9b70ca2	6410	int j;
wolfSSL	0:1239e9b70ca2	6411	int keyLeft;
wolfSSL	0:1239e9b70ca2	6412	int ivLeft;
wolfSSL	0:1239e9b70ca2	6413	int keyOutput = 0;
wolfSSL	0:1239e9b70ca2	6414
wolfSSL	0:1239e9b70ca2	6415	CYASSL_ENTER("EVP_BytesToKey");
wolfSSL	0:1239e9b70ca2	6416	InitMd5(&myMD);
wolfSSL	0:1239e9b70ca2	6417
wolfSSL	0:1239e9b70ca2	6418	/* only support MD5 for now */
wolfSSL	0:1239e9b70ca2	6419	if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
wolfSSL	0:1239e9b70ca2	6420
wolfSSL	0:1239e9b70ca2	6421	/* only support CBC DES and AES for now */
wolfSSL	0:1239e9b70ca2	6422	if (XSTRNCMP(type, "DES-CBC", 7) == 0) {
wolfSSL	0:1239e9b70ca2	6423	keyLen = DES_KEY_SIZE;
wolfSSL	0:1239e9b70ca2	6424	ivLen = DES_IV_SIZE;
wolfSSL	0:1239e9b70ca2	6425	}
wolfSSL	0:1239e9b70ca2	6426	else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) {
wolfSSL	0:1239e9b70ca2	6427	keyLen = DES3_KEY_SIZE;
wolfSSL	0:1239e9b70ca2	6428	ivLen = DES_IV_SIZE;
wolfSSL	0:1239e9b70ca2	6429	}
wolfSSL	0:1239e9b70ca2	6430	else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) {
wolfSSL	0:1239e9b70ca2	6431	keyLen = AES_128_KEY_SIZE;
wolfSSL	0:1239e9b70ca2	6432	ivLen = AES_IV_SIZE;
wolfSSL	0:1239e9b70ca2	6433	}
wolfSSL	0:1239e9b70ca2	6434	else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) {
wolfSSL	0:1239e9b70ca2	6435	keyLen = AES_192_KEY_SIZE;
wolfSSL	0:1239e9b70ca2	6436	ivLen = AES_IV_SIZE;
wolfSSL	0:1239e9b70ca2	6437	}
wolfSSL	0:1239e9b70ca2	6438	else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) {
wolfSSL	0:1239e9b70ca2	6439	keyLen = AES_256_KEY_SIZE;
wolfSSL	0:1239e9b70ca2	6440	ivLen = AES_IV_SIZE;
wolfSSL	0:1239e9b70ca2	6441	}
wolfSSL	0:1239e9b70ca2	6442	else
wolfSSL	0:1239e9b70ca2	6443	return 0;
wolfSSL	0:1239e9b70ca2	6444
wolfSSL	0:1239e9b70ca2	6445	keyLeft = keyLen;
wolfSSL	0:1239e9b70ca2	6446	ivLeft = ivLen;
wolfSSL	0:1239e9b70ca2	6447
wolfSSL	0:1239e9b70ca2	6448	while (keyOutput < (keyLen + ivLen)) {
wolfSSL	0:1239e9b70ca2	6449	int digestLeft = MD5_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	6450	/* D_(i - 1) */
wolfSSL	0:1239e9b70ca2	6451	if (keyOutput) /* first time D_0 is empty */
wolfSSL	0:1239e9b70ca2	6452	Md5Update(&myMD, digest, MD5_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	6453	/* data */
wolfSSL	0:1239e9b70ca2	6454	Md5Update(&myMD, data, sz);
wolfSSL	0:1239e9b70ca2	6455	/* salt */
wolfSSL	0:1239e9b70ca2	6456	if (salt)
wolfSSL	0:1239e9b70ca2	6457	Md5Update(&myMD, salt, EVP_SALT_SIZE);
wolfSSL	0:1239e9b70ca2	6458	Md5Final(&myMD, digest);
wolfSSL	0:1239e9b70ca2	6459	/* count */
wolfSSL	0:1239e9b70ca2	6460	for (j = 1; j < count; j++) {
wolfSSL	0:1239e9b70ca2	6461	Md5Update(&myMD, digest, MD5_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	6462	Md5Final(&myMD, digest);
wolfSSL	0:1239e9b70ca2	6463	}
wolfSSL	0:1239e9b70ca2	6464
wolfSSL	0:1239e9b70ca2	6465	if (keyLeft) {
wolfSSL	0:1239e9b70ca2	6466	int store = min(keyLeft, MD5_DIGEST_SIZE);
wolfSSL	0:1239e9b70ca2	6467	XMEMCPY(&key[keyLen - keyLeft], digest, store);
wolfSSL	0:1239e9b70ca2	6468
wolfSSL	0:1239e9b70ca2	6469	keyOutput += store;
wolfSSL	0:1239e9b70ca2	6470	keyLeft -= store;
wolfSSL	0:1239e9b70ca2	6471	digestLeft -= store;
wolfSSL	0:1239e9b70ca2	6472	}
wolfSSL	0:1239e9b70ca2	6473
wolfSSL	0:1239e9b70ca2	6474	if (ivLeft && digestLeft) {
wolfSSL	0:1239e9b70ca2	6475	int store = min(ivLeft, digestLeft);
wolfSSL	0:1239e9b70ca2	6476	XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE -
wolfSSL	0:1239e9b70ca2	6477	digestLeft], store);
wolfSSL	0:1239e9b70ca2	6478	keyOutput += store;
wolfSSL	0:1239e9b70ca2	6479	ivLeft -= store;
wolfSSL	0:1239e9b70ca2	6480	}
wolfSSL	0:1239e9b70ca2	6481	}
wolfSSL	0:1239e9b70ca2	6482	if (keyOutput != (keyLen + ivLen))
wolfSSL	0:1239e9b70ca2	6483	return 0;
wolfSSL	0:1239e9b70ca2	6484	return keyOutput;
wolfSSL	0:1239e9b70ca2	6485	}
wolfSSL	0:1239e9b70ca2	6486
wolfSSL	0:1239e9b70ca2	6487	#endif /* OPENSSL_EXTRA \|\| HAVE_WEBSERVER */
wolfSSL	0:1239e9b70ca2	6488
wolfSSL	0:1239e9b70ca2	6489
wolfSSL	0:1239e9b70ca2	6490	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	6491
wolfSSL	0:1239e9b70ca2	6492	unsigned long CyaSSLeay(void)
wolfSSL	0:1239e9b70ca2	6493	{
wolfSSL	0:1239e9b70ca2	6494	return SSLEAY_VERSION_NUMBER;
wolfSSL	0:1239e9b70ca2	6495	}
wolfSSL	0:1239e9b70ca2	6496
wolfSSL	0:1239e9b70ca2	6497
wolfSSL	0:1239e9b70ca2	6498	const char* CyaSSLeay_version(int type)
wolfSSL	0:1239e9b70ca2	6499	{
wolfSSL	0:1239e9b70ca2	6500	static const char* version = "SSLeay CyaSSL compatibility";
wolfSSL	0:1239e9b70ca2	6501	(void)type;
wolfSSL	0:1239e9b70ca2	6502	return version;
wolfSSL	0:1239e9b70ca2	6503	}
wolfSSL	0:1239e9b70ca2	6504
wolfSSL	0:1239e9b70ca2	6505
wolfSSL	0:1239e9b70ca2	6506	void CyaSSL_MD5_Init(CYASSL_MD5_CTX* md5)
wolfSSL	0:1239e9b70ca2	6507	{
wolfSSL	0:1239e9b70ca2	6508	typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
wolfSSL	0:1239e9b70ca2	6509	(void)sizeof(md5_test);
wolfSSL	0:1239e9b70ca2	6510
wolfSSL	0:1239e9b70ca2	6511	CYASSL_ENTER("MD5_Init");
wolfSSL	0:1239e9b70ca2	6512	InitMd5((Md5*)md5);
wolfSSL	0:1239e9b70ca2	6513	}
wolfSSL	0:1239e9b70ca2	6514
wolfSSL	0:1239e9b70ca2	6515
wolfSSL	0:1239e9b70ca2	6516	void CyaSSL_MD5_Update(CYASSL_MD5_CTX* md5, const void* input,
wolfSSL	0:1239e9b70ca2	6517	unsigned long sz)
wolfSSL	0:1239e9b70ca2	6518	{
wolfSSL	0:1239e9b70ca2	6519	CYASSL_ENTER("CyaSSL_MD5_Update");
wolfSSL	0:1239e9b70ca2	6520	Md5Update((Md5)md5, (const byte)input, (word32)sz);
wolfSSL	0:1239e9b70ca2	6521	}
wolfSSL	0:1239e9b70ca2	6522
wolfSSL	0:1239e9b70ca2	6523
wolfSSL	0:1239e9b70ca2	6524	void CyaSSL_MD5_Final(byte* input, CYASSL_MD5_CTX* md5)
wolfSSL	0:1239e9b70ca2	6525	{
wolfSSL	0:1239e9b70ca2	6526	CYASSL_ENTER("MD5_Final");
wolfSSL	0:1239e9b70ca2	6527	Md5Final((Md5*)md5, input);
wolfSSL	0:1239e9b70ca2	6528	}
wolfSSL	0:1239e9b70ca2	6529
wolfSSL	0:1239e9b70ca2	6530
wolfSSL	0:1239e9b70ca2	6531	void CyaSSL_SHA_Init(CYASSL_SHA_CTX* sha)
wolfSSL	0:1239e9b70ca2	6532	{
wolfSSL	0:1239e9b70ca2	6533	typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
wolfSSL	0:1239e9b70ca2	6534	(void)sizeof(sha_test);
wolfSSL	0:1239e9b70ca2	6535
wolfSSL	0:1239e9b70ca2	6536	CYASSL_ENTER("SHA_Init");
wolfSSL	0:1239e9b70ca2	6537	InitSha((Sha)sha); / OpenSSL compat, no ret */
wolfSSL	0:1239e9b70ca2	6538	}
wolfSSL	0:1239e9b70ca2	6539
wolfSSL	0:1239e9b70ca2	6540
wolfSSL	0:1239e9b70ca2	6541	void CyaSSL_SHA_Update(CYASSL_SHA_CTX* sha, const void* input,
wolfSSL	0:1239e9b70ca2	6542	unsigned long sz)
wolfSSL	0:1239e9b70ca2	6543	{
wolfSSL	0:1239e9b70ca2	6544	CYASSL_ENTER("SHA_Update");
wolfSSL	0:1239e9b70ca2	6545	ShaUpdate((Sha)sha, (const byte)input, (word32)sz);
wolfSSL	0:1239e9b70ca2	6546	}
wolfSSL	0:1239e9b70ca2	6547
wolfSSL	0:1239e9b70ca2	6548
wolfSSL	0:1239e9b70ca2	6549	void CyaSSL_SHA_Final(byte* input, CYASSL_SHA_CTX* sha)
wolfSSL	0:1239e9b70ca2	6550	{
wolfSSL	0:1239e9b70ca2	6551	CYASSL_ENTER("SHA_Final");
wolfSSL	0:1239e9b70ca2	6552	ShaFinal((Sha*)sha, input);
wolfSSL	0:1239e9b70ca2	6553	}
wolfSSL	0:1239e9b70ca2	6554
wolfSSL	0:1239e9b70ca2	6555
wolfSSL	0:1239e9b70ca2	6556	void CyaSSL_SHA1_Init(CYASSL_SHA_CTX* sha)
wolfSSL	0:1239e9b70ca2	6557	{
wolfSSL	0:1239e9b70ca2	6558	CYASSL_ENTER("SHA1_Init");
wolfSSL	0:1239e9b70ca2	6559	SHA_Init(sha);
wolfSSL	0:1239e9b70ca2	6560	}
wolfSSL	0:1239e9b70ca2	6561
wolfSSL	0:1239e9b70ca2	6562
wolfSSL	0:1239e9b70ca2	6563	void CyaSSL_SHA1_Update(CYASSL_SHA_CTX* sha, const void* input,
wolfSSL	0:1239e9b70ca2	6564	unsigned long sz)
wolfSSL	0:1239e9b70ca2	6565	{
wolfSSL	0:1239e9b70ca2	6566	CYASSL_ENTER("SHA1_Update");
wolfSSL	0:1239e9b70ca2	6567	SHA_Update(sha, input, sz);
wolfSSL	0:1239e9b70ca2	6568	}
wolfSSL	0:1239e9b70ca2	6569
wolfSSL	0:1239e9b70ca2	6570
wolfSSL	0:1239e9b70ca2	6571	void CyaSSL_SHA1_Final(byte* input, CYASSL_SHA_CTX* sha)
wolfSSL	0:1239e9b70ca2	6572	{
wolfSSL	0:1239e9b70ca2	6573	CYASSL_ENTER("SHA1_Final");
wolfSSL	0:1239e9b70ca2	6574	SHA_Final(input, sha);
wolfSSL	0:1239e9b70ca2	6575	}
wolfSSL	0:1239e9b70ca2	6576
wolfSSL	0:1239e9b70ca2	6577
wolfSSL	0:1239e9b70ca2	6578	void CyaSSL_SHA256_Init(CYASSL_SHA256_CTX* sha256)
wolfSSL	0:1239e9b70ca2	6579	{
wolfSSL	0:1239e9b70ca2	6580	typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
wolfSSL	0:1239e9b70ca2	6581	(void)sizeof(sha_test);
wolfSSL	0:1239e9b70ca2	6582
wolfSSL	0:1239e9b70ca2	6583	CYASSL_ENTER("SHA256_Init");
wolfSSL	0:1239e9b70ca2	6584	InitSha256((Sha256)sha256); / OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	6585	}
wolfSSL	0:1239e9b70ca2	6586
wolfSSL	0:1239e9b70ca2	6587
wolfSSL	0:1239e9b70ca2	6588	void CyaSSL_SHA256_Update(CYASSL_SHA256_CTX* sha, const void* input,
wolfSSL	0:1239e9b70ca2	6589	unsigned long sz)
wolfSSL	0:1239e9b70ca2	6590	{
wolfSSL	0:1239e9b70ca2	6591	CYASSL_ENTER("SHA256_Update");
wolfSSL	0:1239e9b70ca2	6592	Sha256Update((Sha256)sha, (const byte)input, (word32)sz);
wolfSSL	0:1239e9b70ca2	6593	/* OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	6594	}
wolfSSL	0:1239e9b70ca2	6595
wolfSSL	0:1239e9b70ca2	6596
wolfSSL	0:1239e9b70ca2	6597	void CyaSSL_SHA256_Final(byte* input, CYASSL_SHA256_CTX* sha)
wolfSSL	0:1239e9b70ca2	6598	{
wolfSSL	0:1239e9b70ca2	6599	CYASSL_ENTER("SHA256_Final");
wolfSSL	0:1239e9b70ca2	6600	Sha256Final((Sha256*)sha, input);
wolfSSL	0:1239e9b70ca2	6601	/* OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	6602	}
wolfSSL	0:1239e9b70ca2	6603
wolfSSL	0:1239e9b70ca2	6604
wolfSSL	0:1239e9b70ca2	6605	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	6606
wolfSSL	0:1239e9b70ca2	6607	void CyaSSL_SHA384_Init(CYASSL_SHA384_CTX* sha)
wolfSSL	0:1239e9b70ca2	6608	{
wolfSSL	0:1239e9b70ca2	6609	typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
wolfSSL	0:1239e9b70ca2	6610	(void)sizeof(sha_test);
wolfSSL	0:1239e9b70ca2	6611
wolfSSL	0:1239e9b70ca2	6612	CYASSL_ENTER("SHA384_Init");
wolfSSL	0:1239e9b70ca2	6613	InitSha384((Sha384)sha); / OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	6614	}
wolfSSL	0:1239e9b70ca2	6615
wolfSSL	0:1239e9b70ca2	6616
wolfSSL	0:1239e9b70ca2	6617	void CyaSSL_SHA384_Update(CYASSL_SHA384_CTX* sha, const void* input,
wolfSSL	0:1239e9b70ca2	6618	unsigned long sz)
wolfSSL	0:1239e9b70ca2	6619	{
wolfSSL	0:1239e9b70ca2	6620	CYASSL_ENTER("SHA384_Update");
wolfSSL	0:1239e9b70ca2	6621	Sha384Update((Sha384)sha, (const byte)input, (word32)sz);
wolfSSL	0:1239e9b70ca2	6622	/* OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	6623	}
wolfSSL	0:1239e9b70ca2	6624
wolfSSL	0:1239e9b70ca2	6625
wolfSSL	0:1239e9b70ca2	6626	void CyaSSL_SHA384_Final(byte* input, CYASSL_SHA384_CTX* sha)
wolfSSL	0:1239e9b70ca2	6627	{
wolfSSL	0:1239e9b70ca2	6628	CYASSL_ENTER("SHA384_Final");
wolfSSL	0:1239e9b70ca2	6629	Sha384Final((Sha384*)sha, input);
wolfSSL	0:1239e9b70ca2	6630	/* OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	6631	}
wolfSSL	0:1239e9b70ca2	6632
wolfSSL	0:1239e9b70ca2	6633	#endif /* CYASSL_SHA384 */
wolfSSL	0:1239e9b70ca2	6634
wolfSSL	0:1239e9b70ca2	6635
wolfSSL	0:1239e9b70ca2	6636	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	6637
wolfSSL	0:1239e9b70ca2	6638	void CyaSSL_SHA512_Init(CYASSL_SHA512_CTX* sha)
wolfSSL	0:1239e9b70ca2	6639	{
wolfSSL	0:1239e9b70ca2	6640	typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
wolfSSL	0:1239e9b70ca2	6641	(void)sizeof(sha_test);
wolfSSL	0:1239e9b70ca2	6642
wolfSSL	0:1239e9b70ca2	6643	CYASSL_ENTER("SHA512_Init");
wolfSSL	0:1239e9b70ca2	6644	InitSha512((Sha512)sha); / OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	6645	}
wolfSSL	0:1239e9b70ca2	6646
wolfSSL	0:1239e9b70ca2	6647
wolfSSL	0:1239e9b70ca2	6648	void CyaSSL_SHA512_Update(CYASSL_SHA512_CTX* sha, const void* input,
wolfSSL	0:1239e9b70ca2	6649	unsigned long sz)
wolfSSL	0:1239e9b70ca2	6650	{
wolfSSL	0:1239e9b70ca2	6651	CYASSL_ENTER("SHA512_Update");
wolfSSL	0:1239e9b70ca2	6652	Sha512Update((Sha512)sha, (const byte)input, (word32)sz);
wolfSSL	0:1239e9b70ca2	6653	/* OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	6654	}
wolfSSL	0:1239e9b70ca2	6655
wolfSSL	0:1239e9b70ca2	6656
wolfSSL	0:1239e9b70ca2	6657	void CyaSSL_SHA512_Final(byte* input, CYASSL_SHA512_CTX* sha)
wolfSSL	0:1239e9b70ca2	6658	{
wolfSSL	0:1239e9b70ca2	6659	CYASSL_ENTER("SHA512_Final");
wolfSSL	0:1239e9b70ca2	6660	Sha512Final((Sha512*)sha, input);
wolfSSL	0:1239e9b70ca2	6661	/* OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	6662	}
wolfSSL	0:1239e9b70ca2	6663
wolfSSL	0:1239e9b70ca2	6664	#endif /* CYASSL_SHA512 */
wolfSSL	0:1239e9b70ca2	6665
wolfSSL	0:1239e9b70ca2	6666
wolfSSL	0:1239e9b70ca2	6667	const CYASSL_EVP_MD* CyaSSL_EVP_md5(void)
wolfSSL	0:1239e9b70ca2	6668	{
wolfSSL	0:1239e9b70ca2	6669	static const char* type = "MD5";
wolfSSL	0:1239e9b70ca2	6670	CYASSL_ENTER("EVP_md5");
wolfSSL	0:1239e9b70ca2	6671	return type;
wolfSSL	0:1239e9b70ca2	6672	}
wolfSSL	0:1239e9b70ca2	6673
wolfSSL	0:1239e9b70ca2	6674
wolfSSL	0:1239e9b70ca2	6675	const CYASSL_EVP_MD* CyaSSL_EVP_sha1(void)
wolfSSL	0:1239e9b70ca2	6676	{
wolfSSL	0:1239e9b70ca2	6677	static const char* type = "SHA";
wolfSSL	0:1239e9b70ca2	6678	CYASSL_ENTER("EVP_sha1");
wolfSSL	0:1239e9b70ca2	6679	return type;
wolfSSL	0:1239e9b70ca2	6680	}
wolfSSL	0:1239e9b70ca2	6681
wolfSSL	0:1239e9b70ca2	6682
wolfSSL	0:1239e9b70ca2	6683	const CYASSL_EVP_MD* CyaSSL_EVP_sha256(void)
wolfSSL	0:1239e9b70ca2	6684	{
wolfSSL	0:1239e9b70ca2	6685	static const char* type = "SHA256";
wolfSSL	0:1239e9b70ca2	6686	CYASSL_ENTER("EVP_sha256");
wolfSSL	0:1239e9b70ca2	6687	return type;
wolfSSL	0:1239e9b70ca2	6688	}
wolfSSL	0:1239e9b70ca2	6689
wolfSSL	0:1239e9b70ca2	6690	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	6691
wolfSSL	0:1239e9b70ca2	6692	const CYASSL_EVP_MD* CyaSSL_EVP_sha384(void)
wolfSSL	0:1239e9b70ca2	6693	{
wolfSSL	0:1239e9b70ca2	6694	static const char* type = "SHA384";
wolfSSL	0:1239e9b70ca2	6695	CYASSL_ENTER("EVP_sha384");
wolfSSL	0:1239e9b70ca2	6696	return type;
wolfSSL	0:1239e9b70ca2	6697	}
wolfSSL	0:1239e9b70ca2	6698
wolfSSL	0:1239e9b70ca2	6699	#endif /* CYASSL_SHA384 */
wolfSSL	0:1239e9b70ca2	6700
wolfSSL	0:1239e9b70ca2	6701	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	6702
wolfSSL	0:1239e9b70ca2	6703	const CYASSL_EVP_MD* CyaSSL_EVP_sha512(void)
wolfSSL	0:1239e9b70ca2	6704	{
wolfSSL	0:1239e9b70ca2	6705	static const char* type = "SHA512";
wolfSSL	0:1239e9b70ca2	6706	CYASSL_ENTER("EVP_sha512");
wolfSSL	0:1239e9b70ca2	6707	return type;
wolfSSL	0:1239e9b70ca2	6708	}
wolfSSL	0:1239e9b70ca2	6709
wolfSSL	0:1239e9b70ca2	6710	#endif /* CYASSL_SHA512 */
wolfSSL	0:1239e9b70ca2	6711
wolfSSL	0:1239e9b70ca2	6712
wolfSSL	0:1239e9b70ca2	6713	void CyaSSL_EVP_MD_CTX_init(CYASSL_EVP_MD_CTX* ctx)
wolfSSL	0:1239e9b70ca2	6714	{
wolfSSL	0:1239e9b70ca2	6715	CYASSL_ENTER("EVP_CIPHER_MD_CTX_init");
wolfSSL	0:1239e9b70ca2	6716	(void)ctx;
wolfSSL	0:1239e9b70ca2	6717	/* do nothing */
wolfSSL	0:1239e9b70ca2	6718	}
wolfSSL	0:1239e9b70ca2	6719
wolfSSL	0:1239e9b70ca2	6720
wolfSSL	0:1239e9b70ca2	6721	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_cbc(void)
wolfSSL	0:1239e9b70ca2	6722	{
wolfSSL	0:1239e9b70ca2	6723	static const char* type = "AES128-CBC";
wolfSSL	0:1239e9b70ca2	6724	CYASSL_ENTER("CyaSSL_EVP_aes_128_cbc");
wolfSSL	0:1239e9b70ca2	6725	return type;
wolfSSL	0:1239e9b70ca2	6726	}
wolfSSL	0:1239e9b70ca2	6727
wolfSSL	0:1239e9b70ca2	6728
wolfSSL	0:1239e9b70ca2	6729	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_cbc(void)
wolfSSL	0:1239e9b70ca2	6730	{
wolfSSL	0:1239e9b70ca2	6731	static const char* type = "AES192-CBC";
wolfSSL	0:1239e9b70ca2	6732	CYASSL_ENTER("CyaSSL_EVP_aes_192_cbc");
wolfSSL	0:1239e9b70ca2	6733	return type;
wolfSSL	0:1239e9b70ca2	6734	}
wolfSSL	0:1239e9b70ca2	6735
wolfSSL	0:1239e9b70ca2	6736
wolfSSL	0:1239e9b70ca2	6737	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_cbc(void)
wolfSSL	0:1239e9b70ca2	6738	{
wolfSSL	0:1239e9b70ca2	6739	static const char* type = "AES256-CBC";
wolfSSL	0:1239e9b70ca2	6740	CYASSL_ENTER("CyaSSL_EVP_aes_256_cbc");
wolfSSL	0:1239e9b70ca2	6741	return type;
wolfSSL	0:1239e9b70ca2	6742	}
wolfSSL	0:1239e9b70ca2	6743
wolfSSL	0:1239e9b70ca2	6744
wolfSSL	0:1239e9b70ca2	6745	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_ctr(void)
wolfSSL	0:1239e9b70ca2	6746	{
wolfSSL	0:1239e9b70ca2	6747	static const char* type = "AES128-CTR";
wolfSSL	0:1239e9b70ca2	6748	CYASSL_ENTER("CyaSSL_EVP_aes_128_ctr");
wolfSSL	0:1239e9b70ca2	6749	return type;
wolfSSL	0:1239e9b70ca2	6750	}
wolfSSL	0:1239e9b70ca2	6751
wolfSSL	0:1239e9b70ca2	6752
wolfSSL	0:1239e9b70ca2	6753	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_ctr(void)
wolfSSL	0:1239e9b70ca2	6754	{
wolfSSL	0:1239e9b70ca2	6755	static const char* type = "AES192-CTR";
wolfSSL	0:1239e9b70ca2	6756	CYASSL_ENTER("CyaSSL_EVP_aes_192_ctr");
wolfSSL	0:1239e9b70ca2	6757	return type;
wolfSSL	0:1239e9b70ca2	6758	}
wolfSSL	0:1239e9b70ca2	6759
wolfSSL	0:1239e9b70ca2	6760
wolfSSL	0:1239e9b70ca2	6761	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_ctr(void)
wolfSSL	0:1239e9b70ca2	6762	{
wolfSSL	0:1239e9b70ca2	6763	static const char* type = "AES256-CTR";
wolfSSL	0:1239e9b70ca2	6764	CYASSL_ENTER("CyaSSL_EVP_aes_256_ctr");
wolfSSL	0:1239e9b70ca2	6765	return type;
wolfSSL	0:1239e9b70ca2	6766	}
wolfSSL	0:1239e9b70ca2	6767
wolfSSL	0:1239e9b70ca2	6768
wolfSSL	0:1239e9b70ca2	6769	const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_cbc(void)
wolfSSL	0:1239e9b70ca2	6770	{
wolfSSL	0:1239e9b70ca2	6771	static const char* type = "DES-CBC";
wolfSSL	0:1239e9b70ca2	6772	CYASSL_ENTER("CyaSSL_EVP_des_cbc");
wolfSSL	0:1239e9b70ca2	6773	return type;
wolfSSL	0:1239e9b70ca2	6774	}
wolfSSL	0:1239e9b70ca2	6775
wolfSSL	0:1239e9b70ca2	6776
wolfSSL	0:1239e9b70ca2	6777	const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_ede3_cbc(void)
wolfSSL	0:1239e9b70ca2	6778	{
wolfSSL	0:1239e9b70ca2	6779	static const char* type = "DES-EDE3-CBC";
wolfSSL	0:1239e9b70ca2	6780	CYASSL_ENTER("CyaSSL_EVP_des_ede3_cbc");
wolfSSL	0:1239e9b70ca2	6781	return type;
wolfSSL	0:1239e9b70ca2	6782	}
wolfSSL	0:1239e9b70ca2	6783
wolfSSL	0:1239e9b70ca2	6784
wolfSSL	0:1239e9b70ca2	6785	const CYASSL_EVP_CIPHER* CyaSSL_EVP_rc4(void)
wolfSSL	0:1239e9b70ca2	6786	{
wolfSSL	0:1239e9b70ca2	6787	static const char* type = "ARC4";
wolfSSL	0:1239e9b70ca2	6788	CYASSL_ENTER("CyaSSL_EVP_rc4");
wolfSSL	0:1239e9b70ca2	6789	return type;
wolfSSL	0:1239e9b70ca2	6790	}
wolfSSL	0:1239e9b70ca2	6791
wolfSSL	0:1239e9b70ca2	6792
wolfSSL	0:1239e9b70ca2	6793	const CYASSL_EVP_CIPHER* CyaSSL_EVP_enc_null(void)
wolfSSL	0:1239e9b70ca2	6794	{
wolfSSL	0:1239e9b70ca2	6795	static const char* type = "NULL";
wolfSSL	0:1239e9b70ca2	6796	CYASSL_ENTER("CyaSSL_EVP_enc_null");
wolfSSL	0:1239e9b70ca2	6797	return type;
wolfSSL	0:1239e9b70ca2	6798	}
wolfSSL	0:1239e9b70ca2	6799
wolfSSL	0:1239e9b70ca2	6800
wolfSSL	0:1239e9b70ca2	6801	int CyaSSL_EVP_MD_CTX_cleanup(CYASSL_EVP_MD_CTX* ctx)
wolfSSL	0:1239e9b70ca2	6802	{
wolfSSL	0:1239e9b70ca2	6803	CYASSL_ENTER("EVP_MD_CTX_cleanup");
wolfSSL	0:1239e9b70ca2	6804	(void)ctx;
wolfSSL	0:1239e9b70ca2	6805	return 0;
wolfSSL	0:1239e9b70ca2	6806	}
wolfSSL	0:1239e9b70ca2	6807
wolfSSL	0:1239e9b70ca2	6808
wolfSSL	0:1239e9b70ca2	6809
wolfSSL	0:1239e9b70ca2	6810	void CyaSSL_EVP_CIPHER_CTX_init(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL	0:1239e9b70ca2	6811	{
wolfSSL	0:1239e9b70ca2	6812	CYASSL_ENTER("EVP_CIPHER_CTX_init");
wolfSSL	0:1239e9b70ca2	6813	if (ctx) {
wolfSSL	0:1239e9b70ca2	6814	ctx->cipherType = 0xff; /* no init */
wolfSSL	0:1239e9b70ca2	6815	ctx->keyLen = 0;
wolfSSL	0:1239e9b70ca2	6816	ctx->enc = 1; /* start in encrypt mode */
wolfSSL	0:1239e9b70ca2	6817	}
wolfSSL	0:1239e9b70ca2	6818	}
wolfSSL	0:1239e9b70ca2	6819
wolfSSL	0:1239e9b70ca2	6820
wolfSSL	0:1239e9b70ca2	6821	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	6822	int CyaSSL_EVP_CIPHER_CTX_cleanup(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL	0:1239e9b70ca2	6823	{
wolfSSL	0:1239e9b70ca2	6824	CYASSL_ENTER("EVP_CIPHER_CTX_cleanup");
wolfSSL	0:1239e9b70ca2	6825	if (ctx) {
wolfSSL	0:1239e9b70ca2	6826	ctx->cipherType = 0xff; /* no more init */
wolfSSL	0:1239e9b70ca2	6827	ctx->keyLen = 0;
wolfSSL	0:1239e9b70ca2	6828	}
wolfSSL	0:1239e9b70ca2	6829
wolfSSL	0:1239e9b70ca2	6830	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	6831	}
wolfSSL	0:1239e9b70ca2	6832
wolfSSL	0:1239e9b70ca2	6833
wolfSSL	0:1239e9b70ca2	6834	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	6835	int CyaSSL_EVP_CipherInit(CYASSL_EVP_CIPHER_CTX* ctx,
wolfSSL	0:1239e9b70ca2	6836	const CYASSL_EVP_CIPHER* type, byte* key,
wolfSSL	0:1239e9b70ca2	6837	byte* iv, int enc)
wolfSSL	0:1239e9b70ca2	6838	{
wolfSSL	0:1239e9b70ca2	6839	int ret = 0;
wolfSSL	0:1239e9b70ca2	6840
wolfSSL	0:1239e9b70ca2	6841	CYASSL_ENTER("CyaSSL_EVP_CipherInit");
wolfSSL	0:1239e9b70ca2	6842	if (ctx == NULL) {
wolfSSL	0:1239e9b70ca2	6843	CYASSL_MSG("no ctx");
wolfSSL	0:1239e9b70ca2	6844	return 0; /* failure */
wolfSSL	0:1239e9b70ca2	6845	}
wolfSSL	0:1239e9b70ca2	6846
wolfSSL	0:1239e9b70ca2	6847	if (type == NULL && ctx->cipherType == 0xff) {
wolfSSL	0:1239e9b70ca2	6848	CYASSL_MSG("no type set");
wolfSSL	0:1239e9b70ca2	6849	return 0; /* failure */
wolfSSL	0:1239e9b70ca2	6850	}
wolfSSL	0:1239e9b70ca2	6851
wolfSSL	0:1239e9b70ca2	6852	if (ctx->cipherType == AES_128_CBC_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	6853	XSTRNCMP(type, "AES128-CBC", 10) == 0)) {
wolfSSL	0:1239e9b70ca2	6854	CYASSL_MSG("AES-128-CBC");
wolfSSL	0:1239e9b70ca2	6855	ctx->cipherType = AES_128_CBC_TYPE;
wolfSSL	0:1239e9b70ca2	6856	ctx->keyLen = 16;
wolfSSL	0:1239e9b70ca2	6857	if (enc == 0 \|\| enc == 1)
wolfSSL	0:1239e9b70ca2	6858	ctx->enc = enc ? 1 : 0;
wolfSSL	0:1239e9b70ca2	6859	if (key) {
wolfSSL	0:1239e9b70ca2	6860	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL	0:1239e9b70ca2	6861	ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	6862	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6863	return ret;
wolfSSL	0:1239e9b70ca2	6864	}
wolfSSL	0:1239e9b70ca2	6865	if (iv && key == NULL) {
wolfSSL	0:1239e9b70ca2	6866	ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL	0:1239e9b70ca2	6867	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6868	return ret;
wolfSSL	0:1239e9b70ca2	6869	}
wolfSSL	0:1239e9b70ca2	6870	}
wolfSSL	0:1239e9b70ca2	6871	else if (ctx->cipherType == AES_192_CBC_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	6872	XSTRNCMP(type, "AES192-CBC", 10) == 0)) {
wolfSSL	0:1239e9b70ca2	6873	CYASSL_MSG("AES-192-CBC");
wolfSSL	0:1239e9b70ca2	6874	ctx->cipherType = AES_192_CBC_TYPE;
wolfSSL	0:1239e9b70ca2	6875	ctx->keyLen = 24;
wolfSSL	0:1239e9b70ca2	6876	if (enc == 0 \|\| enc == 1)
wolfSSL	0:1239e9b70ca2	6877	ctx->enc = enc ? 1 : 0;
wolfSSL	0:1239e9b70ca2	6878	if (key) {
wolfSSL	0:1239e9b70ca2	6879	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL	0:1239e9b70ca2	6880	ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	6881	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6882	return ret;
wolfSSL	0:1239e9b70ca2	6883	}
wolfSSL	0:1239e9b70ca2	6884	if (iv && key == NULL) {
wolfSSL	0:1239e9b70ca2	6885	ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL	0:1239e9b70ca2	6886	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6887	return ret;
wolfSSL	0:1239e9b70ca2	6888	}
wolfSSL	0:1239e9b70ca2	6889	}
wolfSSL	0:1239e9b70ca2	6890	else if (ctx->cipherType == AES_256_CBC_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	6891	XSTRNCMP(type, "AES256-CBC", 10) == 0)) {
wolfSSL	0:1239e9b70ca2	6892	CYASSL_MSG("AES-256-CBC");
wolfSSL	0:1239e9b70ca2	6893	ctx->cipherType = AES_256_CBC_TYPE;
wolfSSL	0:1239e9b70ca2	6894	ctx->keyLen = 32;
wolfSSL	0:1239e9b70ca2	6895	if (enc == 0 \|\| enc == 1)
wolfSSL	0:1239e9b70ca2	6896	ctx->enc = enc ? 1 : 0;
wolfSSL	0:1239e9b70ca2	6897	if (key) {
wolfSSL	0:1239e9b70ca2	6898	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL	0:1239e9b70ca2	6899	ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	6900	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6901	return ret;
wolfSSL	0:1239e9b70ca2	6902	}
wolfSSL	0:1239e9b70ca2	6903	if (iv && key == NULL) {
wolfSSL	0:1239e9b70ca2	6904	ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL	0:1239e9b70ca2	6905	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6906	return ret;
wolfSSL	0:1239e9b70ca2	6907	}
wolfSSL	0:1239e9b70ca2	6908	}
wolfSSL	0:1239e9b70ca2	6909	#ifdef CYASSL_AES_COUNTER
wolfSSL	0:1239e9b70ca2	6910	else if (ctx->cipherType == AES_128_CTR_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	6911	XSTRNCMP(type, "AES128-CTR", 10) == 0)) {
wolfSSL	0:1239e9b70ca2	6912	CYASSL_MSG("AES-128-CTR");
wolfSSL	0:1239e9b70ca2	6913	ctx->cipherType = AES_128_CTR_TYPE;
wolfSSL	0:1239e9b70ca2	6914	ctx->keyLen = 16;
wolfSSL	0:1239e9b70ca2	6915	if (enc == 0 \|\| enc == 1)
wolfSSL	0:1239e9b70ca2	6916	ctx->enc = enc ? 1 : 0;
wolfSSL	0:1239e9b70ca2	6917	if (key) {
wolfSSL	0:1239e9b70ca2	6918	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL	0:1239e9b70ca2	6919	AES_ENCRYPTION);
wolfSSL	0:1239e9b70ca2	6920	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6921	return ret;
wolfSSL	0:1239e9b70ca2	6922	}
wolfSSL	0:1239e9b70ca2	6923	if (iv && key == NULL) {
wolfSSL	0:1239e9b70ca2	6924	ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL	0:1239e9b70ca2	6925	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6926	return ret;
wolfSSL	0:1239e9b70ca2	6927	}
wolfSSL	0:1239e9b70ca2	6928	}
wolfSSL	0:1239e9b70ca2	6929	else if (ctx->cipherType == AES_192_CTR_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	6930	XSTRNCMP(type, "AES192-CTR", 10) == 0)) {
wolfSSL	0:1239e9b70ca2	6931	CYASSL_MSG("AES-192-CTR");
wolfSSL	0:1239e9b70ca2	6932	ctx->cipherType = AES_192_CTR_TYPE;
wolfSSL	0:1239e9b70ca2	6933	ctx->keyLen = 24;
wolfSSL	0:1239e9b70ca2	6934	if (enc == 0 \|\| enc == 1)
wolfSSL	0:1239e9b70ca2	6935	ctx->enc = enc ? 1 : 0;
wolfSSL	0:1239e9b70ca2	6936	if (key) {
wolfSSL	0:1239e9b70ca2	6937	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL	0:1239e9b70ca2	6938	AES_ENCRYPTION);
wolfSSL	0:1239e9b70ca2	6939	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6940	return ret;
wolfSSL	0:1239e9b70ca2	6941	}
wolfSSL	0:1239e9b70ca2	6942	if (iv && key == NULL) {
wolfSSL	0:1239e9b70ca2	6943	ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL	0:1239e9b70ca2	6944	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6945	return ret;
wolfSSL	0:1239e9b70ca2	6946	}
wolfSSL	0:1239e9b70ca2	6947	}
wolfSSL	0:1239e9b70ca2	6948	else if (ctx->cipherType == AES_256_CTR_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	6949	XSTRNCMP(type, "AES256-CTR", 10) == 0)) {
wolfSSL	0:1239e9b70ca2	6950	CYASSL_MSG("AES-256-CTR");
wolfSSL	0:1239e9b70ca2	6951	ctx->cipherType = AES_256_CTR_TYPE;
wolfSSL	0:1239e9b70ca2	6952	ctx->keyLen = 32;
wolfSSL	0:1239e9b70ca2	6953	if (enc == 0 \|\| enc == 1)
wolfSSL	0:1239e9b70ca2	6954	ctx->enc = enc ? 1 : 0;
wolfSSL	0:1239e9b70ca2	6955	if (key) {
wolfSSL	0:1239e9b70ca2	6956	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL	0:1239e9b70ca2	6957	AES_ENCRYPTION);
wolfSSL	0:1239e9b70ca2	6958	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6959	return ret;
wolfSSL	0:1239e9b70ca2	6960	}
wolfSSL	0:1239e9b70ca2	6961	if (iv && key == NULL) {
wolfSSL	0:1239e9b70ca2	6962	ret = AesSetIV(&ctx->cipher.aes, iv);
wolfSSL	0:1239e9b70ca2	6963	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6964	return ret;
wolfSSL	0:1239e9b70ca2	6965	}
wolfSSL	0:1239e9b70ca2	6966	}
wolfSSL	0:1239e9b70ca2	6967	#endif /* CYASSL_AES_CTR */
wolfSSL	0:1239e9b70ca2	6968	else if (ctx->cipherType == DES_CBC_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	6969	XSTRNCMP(type, "DES-CBC", 7) == 0)) {
wolfSSL	0:1239e9b70ca2	6970	CYASSL_MSG("DES-CBC");
wolfSSL	0:1239e9b70ca2	6971	ctx->cipherType = DES_CBC_TYPE;
wolfSSL	0:1239e9b70ca2	6972	ctx->keyLen = 8;
wolfSSL	0:1239e9b70ca2	6973	if (enc == 0 \|\| enc == 1)
wolfSSL	0:1239e9b70ca2	6974	ctx->enc = enc ? 1 : 0;
wolfSSL	0:1239e9b70ca2	6975	if (key) {
wolfSSL	0:1239e9b70ca2	6976	ret = Des_SetKey(&ctx->cipher.des, key, iv,
wolfSSL	0:1239e9b70ca2	6977	ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	6978	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6979	return ret;
wolfSSL	0:1239e9b70ca2	6980	}
wolfSSL	0:1239e9b70ca2	6981
wolfSSL	0:1239e9b70ca2	6982	if (iv && key == NULL)
wolfSSL	0:1239e9b70ca2	6983	Des_SetIV(&ctx->cipher.des, iv);
wolfSSL	0:1239e9b70ca2	6984	}
wolfSSL	0:1239e9b70ca2	6985	else if (ctx->cipherType == DES_EDE3_CBC_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	6986	XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) {
wolfSSL	0:1239e9b70ca2	6987	CYASSL_MSG("DES-EDE3-CBC");
wolfSSL	0:1239e9b70ca2	6988	ctx->cipherType = DES_EDE3_CBC_TYPE;
wolfSSL	0:1239e9b70ca2	6989	ctx->keyLen = 24;
wolfSSL	0:1239e9b70ca2	6990	if (enc == 0 \|\| enc == 1)
wolfSSL	0:1239e9b70ca2	6991	ctx->enc = enc ? 1 : 0;
wolfSSL	0:1239e9b70ca2	6992	if (key) {
wolfSSL	0:1239e9b70ca2	6993	ret = Des3_SetKey(&ctx->cipher.des3, key, iv,
wolfSSL	0:1239e9b70ca2	6994	ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL	0:1239e9b70ca2	6995	if (ret != 0)
wolfSSL	0:1239e9b70ca2	6996	return ret;
wolfSSL	0:1239e9b70ca2	6997	}
wolfSSL	0:1239e9b70ca2	6998
wolfSSL	0:1239e9b70ca2	6999	if (iv && key == NULL) {
wolfSSL	0:1239e9b70ca2	7000	ret = Des3_SetIV(&ctx->cipher.des3, iv);
wolfSSL	0:1239e9b70ca2	7001	if (ret != 0)
wolfSSL	0:1239e9b70ca2	7002	return ret;
wolfSSL	0:1239e9b70ca2	7003	}
wolfSSL	0:1239e9b70ca2	7004	}
wolfSSL	0:1239e9b70ca2	7005	else if (ctx->cipherType == ARC4_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	7006	XSTRNCMP(type, "ARC4", 4) == 0)) {
wolfSSL	0:1239e9b70ca2	7007	CYASSL_MSG("ARC4");
wolfSSL	0:1239e9b70ca2	7008	ctx->cipherType = ARC4_TYPE;
wolfSSL	0:1239e9b70ca2	7009	if (ctx->keyLen == 0) /* user may have already set */
wolfSSL	0:1239e9b70ca2	7010	ctx->keyLen = 16; /* default to 128 */
wolfSSL	0:1239e9b70ca2	7011	if (key)
wolfSSL	0:1239e9b70ca2	7012	Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
wolfSSL	0:1239e9b70ca2	7013	}
wolfSSL	0:1239e9b70ca2	7014	else if (ctx->cipherType == NULL_CIPHER_TYPE \|\| (type &&
wolfSSL	0:1239e9b70ca2	7015	XSTRNCMP(type, "NULL", 4) == 0)) {
wolfSSL	0:1239e9b70ca2	7016	CYASSL_MSG("NULL cipher");
wolfSSL	0:1239e9b70ca2	7017	ctx->cipherType = NULL_CIPHER_TYPE;
wolfSSL	0:1239e9b70ca2	7018	ctx->keyLen = 0;
wolfSSL	0:1239e9b70ca2	7019	}
wolfSSL	0:1239e9b70ca2	7020	else
wolfSSL	0:1239e9b70ca2	7021	return 0; /* failure */
wolfSSL	0:1239e9b70ca2	7022
wolfSSL	0:1239e9b70ca2	7023
wolfSSL	0:1239e9b70ca2	7024	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7025	}
wolfSSL	0:1239e9b70ca2	7026
wolfSSL	0:1239e9b70ca2	7027
wolfSSL	0:1239e9b70ca2	7028	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	7029	int CyaSSL_EVP_CIPHER_CTX_key_length(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL	0:1239e9b70ca2	7030	{
wolfSSL	0:1239e9b70ca2	7031	CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_key_length");
wolfSSL	0:1239e9b70ca2	7032	if (ctx)
wolfSSL	0:1239e9b70ca2	7033	return ctx->keyLen;
wolfSSL	0:1239e9b70ca2	7034
wolfSSL	0:1239e9b70ca2	7035	return 0; /* failure */
wolfSSL	0:1239e9b70ca2	7036	}
wolfSSL	0:1239e9b70ca2	7037
wolfSSL	0:1239e9b70ca2	7038
wolfSSL	0:1239e9b70ca2	7039	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	7040	int CyaSSL_EVP_CIPHER_CTX_set_key_length(CYASSL_EVP_CIPHER_CTX* ctx,
wolfSSL	0:1239e9b70ca2	7041	int keylen)
wolfSSL	0:1239e9b70ca2	7042	{
wolfSSL	0:1239e9b70ca2	7043	CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_set_key_length");
wolfSSL	0:1239e9b70ca2	7044	if (ctx)
wolfSSL	0:1239e9b70ca2	7045	ctx->keyLen = keylen;
wolfSSL	0:1239e9b70ca2	7046	else
wolfSSL	0:1239e9b70ca2	7047	return 0; /* failure */
wolfSSL	0:1239e9b70ca2	7048
wolfSSL	0:1239e9b70ca2	7049	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7050	}
wolfSSL	0:1239e9b70ca2	7051
wolfSSL	0:1239e9b70ca2	7052
wolfSSL	0:1239e9b70ca2	7053	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	7054	int CyaSSL_EVP_Cipher(CYASSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
wolfSSL	0:1239e9b70ca2	7055	word32 len)
wolfSSL	0:1239e9b70ca2	7056	{
wolfSSL	0:1239e9b70ca2	7057	int ret = 0;
wolfSSL	0:1239e9b70ca2	7058	CYASSL_ENTER("CyaSSL_EVP_Cipher");
wolfSSL	0:1239e9b70ca2	7059
wolfSSL	0:1239e9b70ca2	7060	if (ctx == NULL \|\| dst == NULL \|\| src == NULL) {
wolfSSL	0:1239e9b70ca2	7061	CYASSL_MSG("Bad function argument");
wolfSSL	0:1239e9b70ca2	7062	return 0; /* failure */
wolfSSL	0:1239e9b70ca2	7063	}
wolfSSL	0:1239e9b70ca2	7064
wolfSSL	0:1239e9b70ca2	7065	if (ctx->cipherType == 0xff) {
wolfSSL	0:1239e9b70ca2	7066	CYASSL_MSG("no init");
wolfSSL	0:1239e9b70ca2	7067	return 0; /* failure */
wolfSSL	0:1239e9b70ca2	7068	}
wolfSSL	0:1239e9b70ca2	7069
wolfSSL	0:1239e9b70ca2	7070	switch (ctx->cipherType) {
wolfSSL	0:1239e9b70ca2	7071
wolfSSL	0:1239e9b70ca2	7072	case AES_128_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7073	case AES_192_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7074	case AES_256_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7075	CYASSL_MSG("AES CBC");
wolfSSL	0:1239e9b70ca2	7076	if (ctx->enc)
wolfSSL	0:1239e9b70ca2	7077	ret = AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL	0:1239e9b70ca2	7078	else
wolfSSL	0:1239e9b70ca2	7079	ret = AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL	0:1239e9b70ca2	7080	break;
wolfSSL	0:1239e9b70ca2	7081
wolfSSL	0:1239e9b70ca2	7082	#ifdef CYASSL_AES_COUNTER
wolfSSL	0:1239e9b70ca2	7083	case AES_128_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	7084	case AES_192_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	7085	case AES_256_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	7086	CYASSL_MSG("AES CTR");
wolfSSL	0:1239e9b70ca2	7087	AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL	0:1239e9b70ca2	7088	break;
wolfSSL	0:1239e9b70ca2	7089	#endif
wolfSSL	0:1239e9b70ca2	7090
wolfSSL	0:1239e9b70ca2	7091	case DES_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7092	if (ctx->enc)
wolfSSL	0:1239e9b70ca2	7093	Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
wolfSSL	0:1239e9b70ca2	7094	else
wolfSSL	0:1239e9b70ca2	7095	Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
wolfSSL	0:1239e9b70ca2	7096	break;
wolfSSL	0:1239e9b70ca2	7097
wolfSSL	0:1239e9b70ca2	7098	case DES_EDE3_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7099	if (ctx->enc)
wolfSSL	0:1239e9b70ca2	7100	ret = Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL	0:1239e9b70ca2	7101	else
wolfSSL	0:1239e9b70ca2	7102	ret = Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL	0:1239e9b70ca2	7103	break;
wolfSSL	0:1239e9b70ca2	7104
wolfSSL	0:1239e9b70ca2	7105	case ARC4_TYPE :
wolfSSL	0:1239e9b70ca2	7106	Arc4Process(&ctx->cipher.arc4, dst, src, len);
wolfSSL	0:1239e9b70ca2	7107	break;
wolfSSL	0:1239e9b70ca2	7108
wolfSSL	0:1239e9b70ca2	7109	case NULL_CIPHER_TYPE :
wolfSSL	0:1239e9b70ca2	7110	XMEMCPY(dst, src, len);
wolfSSL	0:1239e9b70ca2	7111	break;
wolfSSL	0:1239e9b70ca2	7112
wolfSSL	0:1239e9b70ca2	7113	default: {
wolfSSL	0:1239e9b70ca2	7114	CYASSL_MSG("bad type");
wolfSSL	0:1239e9b70ca2	7115	return 0; /* failure */
wolfSSL	0:1239e9b70ca2	7116	}
wolfSSL	0:1239e9b70ca2	7117	}
wolfSSL	0:1239e9b70ca2	7118
wolfSSL	0:1239e9b70ca2	7119	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	7120	CYASSL_MSG("CyaSSL_EVP_Cipher failure");
wolfSSL	0:1239e9b70ca2	7121	return 0; /* failuer */
wolfSSL	0:1239e9b70ca2	7122	}
wolfSSL	0:1239e9b70ca2	7123
wolfSSL	0:1239e9b70ca2	7124	CYASSL_MSG("CyaSSL_EVP_Cipher success");
wolfSSL	0:1239e9b70ca2	7125	return SSL_SUCCESS; /* success */
wolfSSL	0:1239e9b70ca2	7126	}
wolfSSL	0:1239e9b70ca2	7127
wolfSSL	0:1239e9b70ca2	7128
wolfSSL	0:1239e9b70ca2	7129	/* store for external read of iv, SSL_SUCCESS on success */
wolfSSL	0:1239e9b70ca2	7130	int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL	0:1239e9b70ca2	7131	{
wolfSSL	0:1239e9b70ca2	7132	CYASSL_ENTER("CyaSSL_StoreExternalIV");
wolfSSL	0:1239e9b70ca2	7133
wolfSSL	0:1239e9b70ca2	7134	if (ctx == NULL) {
wolfSSL	0:1239e9b70ca2	7135	CYASSL_MSG("Bad function argument");
wolfSSL	0:1239e9b70ca2	7136	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	7137	}
wolfSSL	0:1239e9b70ca2	7138
wolfSSL	0:1239e9b70ca2	7139	switch (ctx->cipherType) {
wolfSSL	0:1239e9b70ca2	7140
wolfSSL	0:1239e9b70ca2	7141	case AES_128_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7142	case AES_192_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7143	case AES_256_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7144	CYASSL_MSG("AES CBC");
wolfSSL	0:1239e9b70ca2	7145	memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	7146	break;
wolfSSL	0:1239e9b70ca2	7147
wolfSSL	0:1239e9b70ca2	7148	#ifdef CYASSL_AES_COUNTER
wolfSSL	0:1239e9b70ca2	7149	case AES_128_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	7150	case AES_192_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	7151	case AES_256_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	7152	CYASSL_MSG("AES CTR");
wolfSSL	0:1239e9b70ca2	7153	memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	7154	break;
wolfSSL	0:1239e9b70ca2	7155	#endif
wolfSSL	0:1239e9b70ca2	7156
wolfSSL	0:1239e9b70ca2	7157	case DES_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7158	CYASSL_MSG("DES CBC");
wolfSSL	0:1239e9b70ca2	7159	memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	7160	break;
wolfSSL	0:1239e9b70ca2	7161
wolfSSL	0:1239e9b70ca2	7162	case DES_EDE3_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7163	CYASSL_MSG("DES EDE3 CBC");
wolfSSL	0:1239e9b70ca2	7164	memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	7165	break;
wolfSSL	0:1239e9b70ca2	7166
wolfSSL	0:1239e9b70ca2	7167	case ARC4_TYPE :
wolfSSL	0:1239e9b70ca2	7168	CYASSL_MSG("ARC4");
wolfSSL	0:1239e9b70ca2	7169	break;
wolfSSL	0:1239e9b70ca2	7170
wolfSSL	0:1239e9b70ca2	7171	case NULL_CIPHER_TYPE :
wolfSSL	0:1239e9b70ca2	7172	CYASSL_MSG("NULL");
wolfSSL	0:1239e9b70ca2	7173	break;
wolfSSL	0:1239e9b70ca2	7174
wolfSSL	0:1239e9b70ca2	7175	default: {
wolfSSL	0:1239e9b70ca2	7176	CYASSL_MSG("bad type");
wolfSSL	0:1239e9b70ca2	7177	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	7178	}
wolfSSL	0:1239e9b70ca2	7179	}
wolfSSL	0:1239e9b70ca2	7180	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7181	}
wolfSSL	0:1239e9b70ca2	7182
wolfSSL	0:1239e9b70ca2	7183
wolfSSL	0:1239e9b70ca2	7184	/* set internal IV from external, SSL_SUCCESS on success */
wolfSSL	0:1239e9b70ca2	7185	int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL	0:1239e9b70ca2	7186	{
wolfSSL	0:1239e9b70ca2	7187
wolfSSL	0:1239e9b70ca2	7188	CYASSL_ENTER("CyaSSL_SetInternalIV");
wolfSSL	0:1239e9b70ca2	7189
wolfSSL	0:1239e9b70ca2	7190	if (ctx == NULL) {
wolfSSL	0:1239e9b70ca2	7191	CYASSL_MSG("Bad function argument");
wolfSSL	0:1239e9b70ca2	7192	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	7193	}
wolfSSL	0:1239e9b70ca2	7194
wolfSSL	0:1239e9b70ca2	7195	switch (ctx->cipherType) {
wolfSSL	0:1239e9b70ca2	7196
wolfSSL	0:1239e9b70ca2	7197	case AES_128_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7198	case AES_192_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7199	case AES_256_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7200	CYASSL_MSG("AES CBC");
wolfSSL	0:1239e9b70ca2	7201	memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	7202	break;
wolfSSL	0:1239e9b70ca2	7203
wolfSSL	0:1239e9b70ca2	7204	#ifdef CYASSL_AES_COUNTER
wolfSSL	0:1239e9b70ca2	7205	case AES_128_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	7206	case AES_192_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	7207	case AES_256_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	7208	CYASSL_MSG("AES CTR");
wolfSSL	0:1239e9b70ca2	7209	memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	7210	break;
wolfSSL	0:1239e9b70ca2	7211	#endif
wolfSSL	0:1239e9b70ca2	7212
wolfSSL	0:1239e9b70ca2	7213	case DES_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7214	CYASSL_MSG("DES CBC");
wolfSSL	0:1239e9b70ca2	7215	memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	7216	break;
wolfSSL	0:1239e9b70ca2	7217
wolfSSL	0:1239e9b70ca2	7218	case DES_EDE3_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	7219	CYASSL_MSG("DES EDE3 CBC");
wolfSSL	0:1239e9b70ca2	7220	memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	7221	break;
wolfSSL	0:1239e9b70ca2	7222
wolfSSL	0:1239e9b70ca2	7223	case ARC4_TYPE :
wolfSSL	0:1239e9b70ca2	7224	CYASSL_MSG("ARC4");
wolfSSL	0:1239e9b70ca2	7225	break;
wolfSSL	0:1239e9b70ca2	7226
wolfSSL	0:1239e9b70ca2	7227	case NULL_CIPHER_TYPE :
wolfSSL	0:1239e9b70ca2	7228	CYASSL_MSG("NULL");
wolfSSL	0:1239e9b70ca2	7229	break;
wolfSSL	0:1239e9b70ca2	7230
wolfSSL	0:1239e9b70ca2	7231	default: {
wolfSSL	0:1239e9b70ca2	7232	CYASSL_MSG("bad type");
wolfSSL	0:1239e9b70ca2	7233	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	7234	}
wolfSSL	0:1239e9b70ca2	7235	}
wolfSSL	0:1239e9b70ca2	7236	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7237	}
wolfSSL	0:1239e9b70ca2	7238
wolfSSL	0:1239e9b70ca2	7239
wolfSSL	0:1239e9b70ca2	7240	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	7241	int CyaSSL_EVP_DigestInit(CYASSL_EVP_MD_CTX* ctx, const CYASSL_EVP_MD* type)
wolfSSL	0:1239e9b70ca2	7242	{
wolfSSL	0:1239e9b70ca2	7243	CYASSL_ENTER("EVP_DigestInit");
wolfSSL	0:1239e9b70ca2	7244	if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL	0:1239e9b70ca2	7245	ctx->macType = MD5;
wolfSSL	0:1239e9b70ca2	7246	CyaSSL_MD5_Init((MD5_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7247	}
wolfSSL	0:1239e9b70ca2	7248	else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL	0:1239e9b70ca2	7249	ctx->macType = SHA256;
wolfSSL	0:1239e9b70ca2	7250	CyaSSL_SHA256_Init((SHA256_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7251	}
wolfSSL	0:1239e9b70ca2	7252	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	7253	else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL	0:1239e9b70ca2	7254	ctx->macType = SHA384;
wolfSSL	0:1239e9b70ca2	7255	CyaSSL_SHA384_Init((SHA384_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7256	}
wolfSSL	0:1239e9b70ca2	7257	#endif
wolfSSL	0:1239e9b70ca2	7258	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	7259	else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL	0:1239e9b70ca2	7260	ctx->macType = SHA512;
wolfSSL	0:1239e9b70ca2	7261	CyaSSL_SHA512_Init((SHA512_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7262	}
wolfSSL	0:1239e9b70ca2	7263	#endif
wolfSSL	0:1239e9b70ca2	7264	/* has to be last since would pick or 256, 384, or 512 too */
wolfSSL	0:1239e9b70ca2	7265	else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL	0:1239e9b70ca2	7266	ctx->macType = SHA;
wolfSSL	0:1239e9b70ca2	7267	CyaSSL_SHA_Init((SHA_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7268	}
wolfSSL	0:1239e9b70ca2	7269	else
wolfSSL	0:1239e9b70ca2	7270	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	7271
wolfSSL	0:1239e9b70ca2	7272	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7273	}
wolfSSL	0:1239e9b70ca2	7274
wolfSSL	0:1239e9b70ca2	7275
wolfSSL	0:1239e9b70ca2	7276	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	7277	int CyaSSL_EVP_DigestUpdate(CYASSL_EVP_MD_CTX* ctx, const void* data,
wolfSSL	0:1239e9b70ca2	7278	unsigned long sz)
wolfSSL	0:1239e9b70ca2	7279	{
wolfSSL	0:1239e9b70ca2	7280	CYASSL_ENTER("EVP_DigestUpdate");
wolfSSL	0:1239e9b70ca2	7281	if (ctx->macType == MD5)
wolfSSL	0:1239e9b70ca2	7282	CyaSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz);
wolfSSL	0:1239e9b70ca2	7283	else if (ctx->macType == SHA)
wolfSSL	0:1239e9b70ca2	7284	CyaSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz);
wolfSSL	0:1239e9b70ca2	7285	else if (ctx->macType == SHA256)
wolfSSL	0:1239e9b70ca2	7286	CyaSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
wolfSSL	0:1239e9b70ca2	7287	(unsigned long)sz);
wolfSSL	0:1239e9b70ca2	7288	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	7289	else if (ctx->macType == SHA384)
wolfSSL	0:1239e9b70ca2	7290	CyaSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
wolfSSL	0:1239e9b70ca2	7291	(unsigned long)sz);
wolfSSL	0:1239e9b70ca2	7292	#endif
wolfSSL	0:1239e9b70ca2	7293	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	7294	else if (ctx->macType == SHA512)
wolfSSL	0:1239e9b70ca2	7295	CyaSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
wolfSSL	0:1239e9b70ca2	7296	(unsigned long)sz);
wolfSSL	0:1239e9b70ca2	7297	#endif
wolfSSL	0:1239e9b70ca2	7298	else
wolfSSL	0:1239e9b70ca2	7299	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	7300
wolfSSL	0:1239e9b70ca2	7301	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7302	}
wolfSSL	0:1239e9b70ca2	7303
wolfSSL	0:1239e9b70ca2	7304
wolfSSL	0:1239e9b70ca2	7305	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	7306	int CyaSSL_EVP_DigestFinal(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL	0:1239e9b70ca2	7307	unsigned int* s)
wolfSSL	0:1239e9b70ca2	7308	{
wolfSSL	0:1239e9b70ca2	7309	CYASSL_ENTER("EVP_DigestFinal");
wolfSSL	0:1239e9b70ca2	7310	if (ctx->macType == MD5) {
wolfSSL	0:1239e9b70ca2	7311	CyaSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7312	if (s) *s = MD5_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	7313	}
wolfSSL	0:1239e9b70ca2	7314	else if (ctx->macType == SHA) {
wolfSSL	0:1239e9b70ca2	7315	CyaSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7316	if (s) *s = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	7317	}
wolfSSL	0:1239e9b70ca2	7318	else if (ctx->macType == SHA256) {
wolfSSL	0:1239e9b70ca2	7319	CyaSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7320	if (s) *s = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	7321	}
wolfSSL	0:1239e9b70ca2	7322	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	7323	else if (ctx->macType == SHA384) {
wolfSSL	0:1239e9b70ca2	7324	CyaSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7325	if (s) *s = SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	7326	}
wolfSSL	0:1239e9b70ca2	7327	#endif
wolfSSL	0:1239e9b70ca2	7328	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	7329	else if (ctx->macType == SHA512) {
wolfSSL	0:1239e9b70ca2	7330	CyaSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
wolfSSL	0:1239e9b70ca2	7331	if (s) *s = SHA512_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	7332	}
wolfSSL	0:1239e9b70ca2	7333	#endif
wolfSSL	0:1239e9b70ca2	7334	else
wolfSSL	0:1239e9b70ca2	7335	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	7336
wolfSSL	0:1239e9b70ca2	7337	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7338	}
wolfSSL	0:1239e9b70ca2	7339
wolfSSL	0:1239e9b70ca2	7340
wolfSSL	0:1239e9b70ca2	7341	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	7342	int CyaSSL_EVP_DigestFinal_ex(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL	0:1239e9b70ca2	7343	unsigned int* s)
wolfSSL	0:1239e9b70ca2	7344	{
wolfSSL	0:1239e9b70ca2	7345	CYASSL_ENTER("EVP_DigestFinal_ex");
wolfSSL	0:1239e9b70ca2	7346	return EVP_DigestFinal(ctx, md, s);
wolfSSL	0:1239e9b70ca2	7347	}
wolfSSL	0:1239e9b70ca2	7348
wolfSSL	0:1239e9b70ca2	7349
wolfSSL	0:1239e9b70ca2	7350	unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md, const void* key,
wolfSSL	0:1239e9b70ca2	7351	int key_len, const unsigned char* d, int n,
wolfSSL	0:1239e9b70ca2	7352	unsigned char* md, unsigned int* md_len)
wolfSSL	0:1239e9b70ca2	7353	{
wolfSSL	0:1239e9b70ca2	7354	Hmac hmac;
wolfSSL	0:1239e9b70ca2	7355
wolfSSL	0:1239e9b70ca2	7356	CYASSL_ENTER("HMAC");
wolfSSL	0:1239e9b70ca2	7357	if (!md) return NULL; /* no static buffer support */
wolfSSL	0:1239e9b70ca2	7358
wolfSSL	0:1239e9b70ca2	7359	if (XSTRNCMP(evp_md, "MD5", 3) == 0) {
wolfSSL	0:1239e9b70ca2	7360	if (HmacSetKey(&hmac, MD5, (const byte*)key, key_len) != 0)
wolfSSL	0:1239e9b70ca2	7361	return NULL;
wolfSSL	0:1239e9b70ca2	7362
wolfSSL	0:1239e9b70ca2	7363	if (md_len) *md_len = MD5_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	7364	}
wolfSSL	0:1239e9b70ca2	7365	else if (XSTRNCMP(evp_md, "SHA", 3) == 0) {
wolfSSL	0:1239e9b70ca2	7366	if (HmacSetKey(&hmac, SHA, (const byte*)key, key_len) != 0)
wolfSSL	0:1239e9b70ca2	7367	return NULL;
wolfSSL	0:1239e9b70ca2	7368
wolfSSL	0:1239e9b70ca2	7369	if (md_len) *md_len = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	7370	}
wolfSSL	0:1239e9b70ca2	7371	else
wolfSSL	0:1239e9b70ca2	7372	return NULL;
wolfSSL	0:1239e9b70ca2	7373
wolfSSL	0:1239e9b70ca2	7374	if (HmacUpdate(&hmac, d, n) != 0)
wolfSSL	0:1239e9b70ca2	7375	return NULL;
wolfSSL	0:1239e9b70ca2	7376
wolfSSL	0:1239e9b70ca2	7377	if (HmacFinal(&hmac, md) != 0)
wolfSSL	0:1239e9b70ca2	7378	return NULL;
wolfSSL	0:1239e9b70ca2	7379
wolfSSL	0:1239e9b70ca2	7380	return md;
wolfSSL	0:1239e9b70ca2	7381	}
wolfSSL	0:1239e9b70ca2	7382
wolfSSL	0:1239e9b70ca2	7383	void CyaSSL_ERR_clear_error(void)
wolfSSL	0:1239e9b70ca2	7384	{
wolfSSL	0:1239e9b70ca2	7385	/* TODO: */
wolfSSL	0:1239e9b70ca2	7386	}
wolfSSL	0:1239e9b70ca2	7387
wolfSSL	0:1239e9b70ca2	7388
wolfSSL	0:1239e9b70ca2	7389	int CyaSSL_RAND_status(void)
wolfSSL	0:1239e9b70ca2	7390	{
wolfSSL	0:1239e9b70ca2	7391	return SSL_SUCCESS; /* CTaoCrypt provides enough seed internally */
wolfSSL	0:1239e9b70ca2	7392	}
wolfSSL	0:1239e9b70ca2	7393
wolfSSL	0:1239e9b70ca2	7394
wolfSSL	0:1239e9b70ca2	7395
wolfSSL	0:1239e9b70ca2	7396	void CyaSSL_RAND_add(const void* add, int len, double entropy)
wolfSSL	0:1239e9b70ca2	7397	{
wolfSSL	0:1239e9b70ca2	7398	(void)add;
wolfSSL	0:1239e9b70ca2	7399	(void)len;
wolfSSL	0:1239e9b70ca2	7400	(void)entropy;
wolfSSL	0:1239e9b70ca2	7401
wolfSSL	0:1239e9b70ca2	7402	/* CyaSSL seeds/adds internally, use explicit RNG if you want
wolfSSL	0:1239e9b70ca2	7403	to take control */
wolfSSL	0:1239e9b70ca2	7404	}
wolfSSL	0:1239e9b70ca2	7405
wolfSSL	0:1239e9b70ca2	7406
wolfSSL	0:1239e9b70ca2	7407	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	7408	int CyaSSL_DES_key_sched(CYASSL_const_DES_cblock* key,
wolfSSL	0:1239e9b70ca2	7409	CYASSL_DES_key_schedule* schedule)
wolfSSL	0:1239e9b70ca2	7410	{
wolfSSL	0:1239e9b70ca2	7411	CYASSL_ENTER("DES_key_sched");
wolfSSL	0:1239e9b70ca2	7412	XMEMCPY(schedule, key, sizeof(const_DES_cblock));
wolfSSL	0:1239e9b70ca2	7413	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7414	}
wolfSSL	0:1239e9b70ca2	7415
wolfSSL	0:1239e9b70ca2	7416
wolfSSL	0:1239e9b70ca2	7417	void CyaSSL_DES_cbc_encrypt(const unsigned char* input,
wolfSSL	0:1239e9b70ca2	7418	unsigned char* output, long length,
wolfSSL	0:1239e9b70ca2	7419	CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
wolfSSL	0:1239e9b70ca2	7420	int enc)
wolfSSL	0:1239e9b70ca2	7421	{
wolfSSL	0:1239e9b70ca2	7422	Des myDes;
wolfSSL	0:1239e9b70ca2	7423
wolfSSL	0:1239e9b70ca2	7424	CYASSL_ENTER("DES_cbc_encrypt");
wolfSSL	0:1239e9b70ca2	7425
wolfSSL	0:1239e9b70ca2	7426	/* OpenSSL compat, no ret */
wolfSSL	0:1239e9b70ca2	7427	Des_SetKey(&myDes, (const byte)schedule, (const byte)ivec, !enc);
wolfSSL	0:1239e9b70ca2	7428
wolfSSL	0:1239e9b70ca2	7429	if (enc)
wolfSSL	0:1239e9b70ca2	7430	Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL	0:1239e9b70ca2	7431	else
wolfSSL	0:1239e9b70ca2	7432	Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL	0:1239e9b70ca2	7433	}
wolfSSL	0:1239e9b70ca2	7434
wolfSSL	0:1239e9b70ca2	7435
wolfSSL	0:1239e9b70ca2	7436	/* correctly sets ivec for next call */
wolfSSL	0:1239e9b70ca2	7437	void CyaSSL_DES_ncbc_encrypt(const unsigned char* input,
wolfSSL	0:1239e9b70ca2	7438	unsigned char* output, long length,
wolfSSL	0:1239e9b70ca2	7439	CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
wolfSSL	0:1239e9b70ca2	7440	int enc)
wolfSSL	0:1239e9b70ca2	7441	{
wolfSSL	0:1239e9b70ca2	7442	Des myDes;
wolfSSL	0:1239e9b70ca2	7443
wolfSSL	0:1239e9b70ca2	7444	CYASSL_ENTER("DES_ncbc_encrypt");
wolfSSL	0:1239e9b70ca2	7445
wolfSSL	0:1239e9b70ca2	7446	/* OpenSSL compat, no ret */
wolfSSL	0:1239e9b70ca2	7447	Des_SetKey(&myDes, (const byte)schedule, (const byte)ivec, !enc);
wolfSSL	0:1239e9b70ca2	7448
wolfSSL	0:1239e9b70ca2	7449	if (enc)
wolfSSL	0:1239e9b70ca2	7450	Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL	0:1239e9b70ca2	7451	else
wolfSSL	0:1239e9b70ca2	7452	Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL	0:1239e9b70ca2	7453
wolfSSL	0:1239e9b70ca2	7454	XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock));
wolfSSL	0:1239e9b70ca2	7455	}
wolfSSL	0:1239e9b70ca2	7456
wolfSSL	0:1239e9b70ca2	7457
wolfSSL	0:1239e9b70ca2	7458	void CyaSSL_ERR_free_strings(void)
wolfSSL	0:1239e9b70ca2	7459	{
wolfSSL	0:1239e9b70ca2	7460	/* handled internally */
wolfSSL	0:1239e9b70ca2	7461	}
wolfSSL	0:1239e9b70ca2	7462
wolfSSL	0:1239e9b70ca2	7463
wolfSSL	0:1239e9b70ca2	7464	void CyaSSL_ERR_remove_state(unsigned long state)
wolfSSL	0:1239e9b70ca2	7465	{
wolfSSL	0:1239e9b70ca2	7466	/* TODO: GetErrors().Remove(); */
wolfSSL	0:1239e9b70ca2	7467	(void)state;
wolfSSL	0:1239e9b70ca2	7468	}
wolfSSL	0:1239e9b70ca2	7469
wolfSSL	0:1239e9b70ca2	7470
wolfSSL	0:1239e9b70ca2	7471	void CyaSSL_EVP_cleanup(void)
wolfSSL	0:1239e9b70ca2	7472	{
wolfSSL	0:1239e9b70ca2	7473	/* nothing to do here */
wolfSSL	0:1239e9b70ca2	7474	}
wolfSSL	0:1239e9b70ca2	7475
wolfSSL	0:1239e9b70ca2	7476
wolfSSL	0:1239e9b70ca2	7477	void CyaSSL_cleanup_all_ex_data(void)
wolfSSL	0:1239e9b70ca2	7478	{
wolfSSL	0:1239e9b70ca2	7479	/* nothing to do here */
wolfSSL	0:1239e9b70ca2	7480	}
wolfSSL	0:1239e9b70ca2	7481
wolfSSL	0:1239e9b70ca2	7482
wolfSSL	0:1239e9b70ca2	7483	long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode)
wolfSSL	0:1239e9b70ca2	7484	{
wolfSSL	0:1239e9b70ca2	7485	/* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is CyaSSL default mode */
wolfSSL	0:1239e9b70ca2	7486
wolfSSL	0:1239e9b70ca2	7487	CYASSL_ENTER("SSL_CTX_set_mode");
wolfSSL	0:1239e9b70ca2	7488	if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE)
wolfSSL	0:1239e9b70ca2	7489	ctx->partialWrite = 1;
wolfSSL	0:1239e9b70ca2	7490
wolfSSL	0:1239e9b70ca2	7491	return mode;
wolfSSL	0:1239e9b70ca2	7492	}
wolfSSL	0:1239e9b70ca2	7493
wolfSSL	0:1239e9b70ca2	7494
wolfSSL	0:1239e9b70ca2	7495	long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	7496	{
wolfSSL	0:1239e9b70ca2	7497	/* TODO: */
wolfSSL	0:1239e9b70ca2	7498	(void)ctx;
wolfSSL	0:1239e9b70ca2	7499	return 0;
wolfSSL	0:1239e9b70ca2	7500	}
wolfSSL	0:1239e9b70ca2	7501
wolfSSL	0:1239e9b70ca2	7502
wolfSSL	0:1239e9b70ca2	7503	void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m)
wolfSSL	0:1239e9b70ca2	7504	{
wolfSSL	0:1239e9b70ca2	7505	/* TODO: maybe? */
wolfSSL	0:1239e9b70ca2	7506	(void)ctx;
wolfSSL	0:1239e9b70ca2	7507	(void)m;
wolfSSL	0:1239e9b70ca2	7508	}
wolfSSL	0:1239e9b70ca2	7509
wolfSSL	0:1239e9b70ca2	7510
wolfSSL	0:1239e9b70ca2	7511	int CyaSSL_CTX_set_session_id_context(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	7512	const unsigned char* sid_ctx,
wolfSSL	0:1239e9b70ca2	7513	unsigned int sid_ctx_len)
wolfSSL	0:1239e9b70ca2	7514	{
wolfSSL	0:1239e9b70ca2	7515	/* No application specific context needed for cyaSSL */
wolfSSL	0:1239e9b70ca2	7516	(void)ctx;
wolfSSL	0:1239e9b70ca2	7517	(void)sid_ctx;
wolfSSL	0:1239e9b70ca2	7518	(void)sid_ctx_len;
wolfSSL	0:1239e9b70ca2	7519	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7520	}
wolfSSL	0:1239e9b70ca2	7521
wolfSSL	0:1239e9b70ca2	7522
wolfSSL	0:1239e9b70ca2	7523	long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	7524	{
wolfSSL	0:1239e9b70ca2	7525	/* TODO: maybe? */
wolfSSL	0:1239e9b70ca2	7526	(void)ctx;
wolfSSL	0:1239e9b70ca2	7527	return (~0);
wolfSSL	0:1239e9b70ca2	7528	}
wolfSSL	0:1239e9b70ca2	7529
wolfSSL	0:1239e9b70ca2	7530	unsigned long CyaSSL_ERR_get_error_line_data(const char** file, int* line,
wolfSSL	0:1239e9b70ca2	7531	const char** data, int *flags)
wolfSSL	0:1239e9b70ca2	7532	{
wolfSSL	0:1239e9b70ca2	7533	/* Not implemented */
wolfSSL	0:1239e9b70ca2	7534	(void)file;
wolfSSL	0:1239e9b70ca2	7535	(void)line;
wolfSSL	0:1239e9b70ca2	7536	(void)data;
wolfSSL	0:1239e9b70ca2	7537	(void)flags;
wolfSSL	0:1239e9b70ca2	7538	return 0;
wolfSSL	0:1239e9b70ca2	7539	}
wolfSSL	0:1239e9b70ca2	7540
wolfSSL	0:1239e9b70ca2	7541	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	7542
wolfSSL	0:1239e9b70ca2	7543
wolfSSL	0:1239e9b70ca2	7544	#if defined(KEEP_PEER_CERT)
wolfSSL	0:1239e9b70ca2	7545
wolfSSL	0:1239e9b70ca2	7546	CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	7547	{
wolfSSL	0:1239e9b70ca2	7548	CYASSL_ENTER("SSL_get_peer_certificate");
wolfSSL	0:1239e9b70ca2	7549	if (ssl->peerCert.issuer.sz)
wolfSSL	0:1239e9b70ca2	7550	return &ssl->peerCert;
wolfSSL	0:1239e9b70ca2	7551	else
wolfSSL	0:1239e9b70ca2	7552	return 0;
wolfSSL	0:1239e9b70ca2	7553	}
wolfSSL	0:1239e9b70ca2	7554
wolfSSL	0:1239e9b70ca2	7555	#endif /* KEEP_PEER_CERT */
wolfSSL	0:1239e9b70ca2	7556
wolfSSL	0:1239e9b70ca2	7557
wolfSSL	0:1239e9b70ca2	7558	#if defined(KEEP_PEER_CERT) \|\| defined(SESSION_CERTS)
wolfSSL	0:1239e9b70ca2	7559
wolfSSL	0:1239e9b70ca2	7560	void CyaSSL_FreeX509(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	7561	{
wolfSSL	0:1239e9b70ca2	7562	CYASSL_ENTER("CyaSSL_FreeX509");
wolfSSL	0:1239e9b70ca2	7563	FreeX509(x509);
wolfSSL	0:1239e9b70ca2	7564	}
wolfSSL	0:1239e9b70ca2	7565
wolfSSL	0:1239e9b70ca2	7566
wolfSSL	0:1239e9b70ca2	7567	/* return the next, if any, altname from the peer cert */
wolfSSL	0:1239e9b70ca2	7568	char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
wolfSSL	0:1239e9b70ca2	7569	{
wolfSSL	0:1239e9b70ca2	7570	char* ret = NULL;
wolfSSL	0:1239e9b70ca2	7571	CYASSL_ENTER("CyaSSL_X509_get_next_altname");
wolfSSL	0:1239e9b70ca2	7572
wolfSSL	0:1239e9b70ca2	7573	/* don't have any to work with */
wolfSSL	0:1239e9b70ca2	7574	if (cert == NULL \|\| cert->altNames == NULL)
wolfSSL	0:1239e9b70ca2	7575	return NULL;
wolfSSL	0:1239e9b70ca2	7576
wolfSSL	0:1239e9b70ca2	7577	/* already went through them */
wolfSSL	0:1239e9b70ca2	7578	if (cert->altNamesNext == NULL)
wolfSSL	0:1239e9b70ca2	7579	return NULL;
wolfSSL	0:1239e9b70ca2	7580
wolfSSL	0:1239e9b70ca2	7581	ret = cert->altNamesNext->name;
wolfSSL	0:1239e9b70ca2	7582	cert->altNamesNext = cert->altNamesNext->next;
wolfSSL	0:1239e9b70ca2	7583
wolfSSL	0:1239e9b70ca2	7584	return ret;
wolfSSL	0:1239e9b70ca2	7585	}
wolfSSL	0:1239e9b70ca2	7586
wolfSSL	0:1239e9b70ca2	7587
wolfSSL	0:1239e9b70ca2	7588	CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
wolfSSL	0:1239e9b70ca2	7589	{
wolfSSL	0:1239e9b70ca2	7590	CYASSL_ENTER("X509_get_issuer_name");
wolfSSL	0:1239e9b70ca2	7591	return &cert->issuer;
wolfSSL	0:1239e9b70ca2	7592	}
wolfSSL	0:1239e9b70ca2	7593
wolfSSL	0:1239e9b70ca2	7594
wolfSSL	0:1239e9b70ca2	7595	CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
wolfSSL	0:1239e9b70ca2	7596	{
wolfSSL	0:1239e9b70ca2	7597	CYASSL_ENTER("X509_get_subject_name");
wolfSSL	0:1239e9b70ca2	7598	return &cert->subject;
wolfSSL	0:1239e9b70ca2	7599	}
wolfSSL	0:1239e9b70ca2	7600
wolfSSL	0:1239e9b70ca2	7601
wolfSSL	0:1239e9b70ca2	7602	int CyaSSL_X509_get_isCA(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	7603	{
wolfSSL	0:1239e9b70ca2	7604	int isCA = 0;
wolfSSL	0:1239e9b70ca2	7605
wolfSSL	0:1239e9b70ca2	7606	CYASSL_ENTER("CyaSSL_X509_get_isCA");
wolfSSL	0:1239e9b70ca2	7607
wolfSSL	0:1239e9b70ca2	7608	if (x509 != NULL)
wolfSSL	0:1239e9b70ca2	7609	isCA = x509->isCa;
wolfSSL	0:1239e9b70ca2	7610
wolfSSL	0:1239e9b70ca2	7611	CYASSL_LEAVE("CyaSSL_X509_get_isCA", isCA);
wolfSSL	0:1239e9b70ca2	7612
wolfSSL	0:1239e9b70ca2	7613	return isCA;
wolfSSL	0:1239e9b70ca2	7614	}
wolfSSL	0:1239e9b70ca2	7615
wolfSSL	0:1239e9b70ca2	7616
wolfSSL	0:1239e9b70ca2	7617	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	7618	int CyaSSL_X509_ext_isSet_by_NID(CYASSL_X509* x509, int nid)
wolfSSL	0:1239e9b70ca2	7619	{
wolfSSL	0:1239e9b70ca2	7620	int isSet = 0;
wolfSSL	0:1239e9b70ca2	7621
wolfSSL	0:1239e9b70ca2	7622	CYASSL_ENTER("CyaSSL_X509_ext_isSet_by_NID");
wolfSSL	0:1239e9b70ca2	7623
wolfSSL	0:1239e9b70ca2	7624	if (x509 != NULL) {
wolfSSL	0:1239e9b70ca2	7625	switch (nid) {
wolfSSL	0:1239e9b70ca2	7626	case BASIC_CA_OID: isSet = x509->basicConstSet; break;
wolfSSL	0:1239e9b70ca2	7627	case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;
wolfSSL	0:1239e9b70ca2	7628	case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;
wolfSSL	0:1239e9b70ca2	7629	case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;
wolfSSL	0:1239e9b70ca2	7630	case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;
wolfSSL	0:1239e9b70ca2	7631	#ifdef CYASSL_SEP
wolfSSL	0:1239e9b70ca2	7632	case CERT_POLICY_OID: isSet = x509->certPolicySet; break;
wolfSSL	0:1239e9b70ca2	7633	#endif /* CYASSL_SEP */
wolfSSL	0:1239e9b70ca2	7634	}
wolfSSL	0:1239e9b70ca2	7635	}
wolfSSL	0:1239e9b70ca2	7636
wolfSSL	0:1239e9b70ca2	7637	CYASSL_LEAVE("CyaSSL_X509_ext_isSet_by_NID", isSet);
wolfSSL	0:1239e9b70ca2	7638
wolfSSL	0:1239e9b70ca2	7639	return isSet;
wolfSSL	0:1239e9b70ca2	7640	}
wolfSSL	0:1239e9b70ca2	7641
wolfSSL	0:1239e9b70ca2	7642
wolfSSL	0:1239e9b70ca2	7643	int CyaSSL_X509_ext_get_critical_by_NID(CYASSL_X509* x509, int nid)
wolfSSL	0:1239e9b70ca2	7644	{
wolfSSL	0:1239e9b70ca2	7645	int crit = 0;
wolfSSL	0:1239e9b70ca2	7646
wolfSSL	0:1239e9b70ca2	7647	CYASSL_ENTER("CyaSSL_X509_ext_get_critical_by_NID");
wolfSSL	0:1239e9b70ca2	7648
wolfSSL	0:1239e9b70ca2	7649	if (x509 != NULL) {
wolfSSL	0:1239e9b70ca2	7650	switch (nid) {
wolfSSL	0:1239e9b70ca2	7651	case BASIC_CA_OID: crit = x509->basicConstCrit; break;
wolfSSL	0:1239e9b70ca2	7652	case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;
wolfSSL	0:1239e9b70ca2	7653	case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;
wolfSSL	0:1239e9b70ca2	7654	case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;
wolfSSL	0:1239e9b70ca2	7655	case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;
wolfSSL	0:1239e9b70ca2	7656	#ifdef CYASSL_SEP
wolfSSL	0:1239e9b70ca2	7657	case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;
wolfSSL	0:1239e9b70ca2	7658	#endif /* CYASSL_SEP */
wolfSSL	0:1239e9b70ca2	7659	}
wolfSSL	0:1239e9b70ca2	7660	}
wolfSSL	0:1239e9b70ca2	7661
wolfSSL	0:1239e9b70ca2	7662	CYASSL_LEAVE("CyaSSL_X509_ext_get_critical_by_NID", crit);
wolfSSL	0:1239e9b70ca2	7663
wolfSSL	0:1239e9b70ca2	7664	return crit;
wolfSSL	0:1239e9b70ca2	7665	}
wolfSSL	0:1239e9b70ca2	7666
wolfSSL	0:1239e9b70ca2	7667
wolfSSL	0:1239e9b70ca2	7668	int CyaSSL_X509_get_isSet_pathLength(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	7669	{
wolfSSL	0:1239e9b70ca2	7670	int isSet = 0;
wolfSSL	0:1239e9b70ca2	7671
wolfSSL	0:1239e9b70ca2	7672	CYASSL_ENTER("CyaSSL_X509_get_isSet_pathLength");
wolfSSL	0:1239e9b70ca2	7673
wolfSSL	0:1239e9b70ca2	7674	if (x509 != NULL)
wolfSSL	0:1239e9b70ca2	7675	isSet = x509->basicConstPlSet;
wolfSSL	0:1239e9b70ca2	7676
wolfSSL	0:1239e9b70ca2	7677	CYASSL_LEAVE("CyaSSL_X509_get_isSet_pathLength", isSet);
wolfSSL	0:1239e9b70ca2	7678
wolfSSL	0:1239e9b70ca2	7679	return isSet;
wolfSSL	0:1239e9b70ca2	7680	}
wolfSSL	0:1239e9b70ca2	7681
wolfSSL	0:1239e9b70ca2	7682
wolfSSL	0:1239e9b70ca2	7683	word32 CyaSSL_X509_get_pathLength(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	7684	{
wolfSSL	0:1239e9b70ca2	7685	word32 pathLength = 0;
wolfSSL	0:1239e9b70ca2	7686
wolfSSL	0:1239e9b70ca2	7687	CYASSL_ENTER("CyaSSL_X509_get_pathLength");
wolfSSL	0:1239e9b70ca2	7688
wolfSSL	0:1239e9b70ca2	7689	if (x509 != NULL)
wolfSSL	0:1239e9b70ca2	7690	pathLength = x509->pathLength;
wolfSSL	0:1239e9b70ca2	7691
wolfSSL	0:1239e9b70ca2	7692	CYASSL_LEAVE("CyaSSL_X509_get_pathLength", pathLength);
wolfSSL	0:1239e9b70ca2	7693
wolfSSL	0:1239e9b70ca2	7694	return pathLength;
wolfSSL	0:1239e9b70ca2	7695	}
wolfSSL	0:1239e9b70ca2	7696
wolfSSL	0:1239e9b70ca2	7697
wolfSSL	0:1239e9b70ca2	7698	unsigned int CyaSSL_X509_get_keyUsage(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	7699	{
wolfSSL	0:1239e9b70ca2	7700	word16 usage = 0;
wolfSSL	0:1239e9b70ca2	7701
wolfSSL	0:1239e9b70ca2	7702	CYASSL_ENTER("CyaSSL_X509_get_keyUsage");
wolfSSL	0:1239e9b70ca2	7703
wolfSSL	0:1239e9b70ca2	7704	if (x509 != NULL)
wolfSSL	0:1239e9b70ca2	7705	usage = x509->keyUsage;
wolfSSL	0:1239e9b70ca2	7706
wolfSSL	0:1239e9b70ca2	7707	CYASSL_LEAVE("CyaSSL_X509_get_keyUsage", usage);
wolfSSL	0:1239e9b70ca2	7708
wolfSSL	0:1239e9b70ca2	7709	return usage;
wolfSSL	0:1239e9b70ca2	7710	}
wolfSSL	0:1239e9b70ca2	7711
wolfSSL	0:1239e9b70ca2	7712
wolfSSL	0:1239e9b70ca2	7713	byte* CyaSSL_X509_get_authorityKeyID(
wolfSSL	0:1239e9b70ca2	7714	CYASSL_X509* x509, byte* dst, int* dstLen)
wolfSSL	0:1239e9b70ca2	7715	{
wolfSSL	0:1239e9b70ca2	7716	byte *id = NULL;
wolfSSL	0:1239e9b70ca2	7717	int copySz = 0;
wolfSSL	0:1239e9b70ca2	7718
wolfSSL	0:1239e9b70ca2	7719	CYASSL_ENTER("CyaSSL_X509_get_authorityKeyID");
wolfSSL	0:1239e9b70ca2	7720
wolfSSL	0:1239e9b70ca2	7721	if (x509 != NULL) {
wolfSSL	0:1239e9b70ca2	7722	if (x509->authKeyIdSet) {
wolfSSL	0:1239e9b70ca2	7723	copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL	0:1239e9b70ca2	7724	(int)x509->authKeyIdSz);
wolfSSL	0:1239e9b70ca2	7725	id = x509->authKeyId;
wolfSSL	0:1239e9b70ca2	7726	}
wolfSSL	0:1239e9b70ca2	7727
wolfSSL	0:1239e9b70ca2	7728	if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL	0:1239e9b70ca2	7729	XMEMCPY(dst, id, copySz);
wolfSSL	0:1239e9b70ca2	7730	id = dst;
wolfSSL	0:1239e9b70ca2	7731	*dstLen = copySz;
wolfSSL	0:1239e9b70ca2	7732	}
wolfSSL	0:1239e9b70ca2	7733	}
wolfSSL	0:1239e9b70ca2	7734
wolfSSL	0:1239e9b70ca2	7735	CYASSL_LEAVE("CyaSSL_X509_get_authorityKeyID", copySz);
wolfSSL	0:1239e9b70ca2	7736
wolfSSL	0:1239e9b70ca2	7737	return id;
wolfSSL	0:1239e9b70ca2	7738	}
wolfSSL	0:1239e9b70ca2	7739
wolfSSL	0:1239e9b70ca2	7740
wolfSSL	0:1239e9b70ca2	7741	byte* CyaSSL_X509_get_subjectKeyID(
wolfSSL	0:1239e9b70ca2	7742	CYASSL_X509* x509, byte* dst, int* dstLen)
wolfSSL	0:1239e9b70ca2	7743	{
wolfSSL	0:1239e9b70ca2	7744	byte *id = NULL;
wolfSSL	0:1239e9b70ca2	7745	int copySz = 0;
wolfSSL	0:1239e9b70ca2	7746
wolfSSL	0:1239e9b70ca2	7747	CYASSL_ENTER("CyaSSL_X509_get_subjectKeyID");
wolfSSL	0:1239e9b70ca2	7748
wolfSSL	0:1239e9b70ca2	7749	if (x509 != NULL) {
wolfSSL	0:1239e9b70ca2	7750	if (x509->subjKeyIdSet) {
wolfSSL	0:1239e9b70ca2	7751	copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL	0:1239e9b70ca2	7752	(int)x509->subjKeyIdSz);
wolfSSL	0:1239e9b70ca2	7753	id = x509->subjKeyId;
wolfSSL	0:1239e9b70ca2	7754	}
wolfSSL	0:1239e9b70ca2	7755
wolfSSL	0:1239e9b70ca2	7756	if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL	0:1239e9b70ca2	7757	XMEMCPY(dst, id, copySz);
wolfSSL	0:1239e9b70ca2	7758	id = dst;
wolfSSL	0:1239e9b70ca2	7759	*dstLen = copySz;
wolfSSL	0:1239e9b70ca2	7760	}
wolfSSL	0:1239e9b70ca2	7761	}
wolfSSL	0:1239e9b70ca2	7762
wolfSSL	0:1239e9b70ca2	7763	CYASSL_LEAVE("CyaSSL_X509_get_subjectKeyID", copySz);
wolfSSL	0:1239e9b70ca2	7764
wolfSSL	0:1239e9b70ca2	7765	return id;
wolfSSL	0:1239e9b70ca2	7766	}
wolfSSL	0:1239e9b70ca2	7767
wolfSSL	0:1239e9b70ca2	7768
wolfSSL	0:1239e9b70ca2	7769	int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME* name)
wolfSSL	0:1239e9b70ca2	7770	{
wolfSSL	0:1239e9b70ca2	7771	int count = 0;
wolfSSL	0:1239e9b70ca2	7772
wolfSSL	0:1239e9b70ca2	7773	CYASSL_ENTER("CyaSSL_X509_NAME_entry_count");
wolfSSL	0:1239e9b70ca2	7774
wolfSSL	0:1239e9b70ca2	7775	if (name != NULL)
wolfSSL	0:1239e9b70ca2	7776	count = name->fullName.entryCount;
wolfSSL	0:1239e9b70ca2	7777
wolfSSL	0:1239e9b70ca2	7778	CYASSL_LEAVE("CyaSSL_X509_NAME_entry_count", count);
wolfSSL	0:1239e9b70ca2	7779	return count;
wolfSSL	0:1239e9b70ca2	7780	}
wolfSSL	0:1239e9b70ca2	7781
wolfSSL	0:1239e9b70ca2	7782
wolfSSL	0:1239e9b70ca2	7783	int CyaSSL_X509_NAME_get_text_by_NID(CYASSL_X509_NAME* name,
wolfSSL	0:1239e9b70ca2	7784	int nid, char* buf, int len)
wolfSSL	0:1239e9b70ca2	7785	{
wolfSSL	0:1239e9b70ca2	7786	char *text = NULL;
wolfSSL	0:1239e9b70ca2	7787	int textSz = 0;
wolfSSL	0:1239e9b70ca2	7788
wolfSSL	0:1239e9b70ca2	7789	CYASSL_ENTER("CyaSSL_X509_NAME_get_text_by_NID");
wolfSSL	0:1239e9b70ca2	7790
wolfSSL	0:1239e9b70ca2	7791	switch (nid) {
wolfSSL	0:1239e9b70ca2	7792	case ASN_COMMON_NAME:
wolfSSL	0:1239e9b70ca2	7793	text = name->fullName.fullName + name->fullName.cnIdx;
wolfSSL	0:1239e9b70ca2	7794	textSz = name->fullName.cnLen;
wolfSSL	0:1239e9b70ca2	7795	break;
wolfSSL	0:1239e9b70ca2	7796	case ASN_SUR_NAME:
wolfSSL	0:1239e9b70ca2	7797	text = name->fullName.fullName + name->fullName.snIdx;
wolfSSL	0:1239e9b70ca2	7798	textSz = name->fullName.snLen;
wolfSSL	0:1239e9b70ca2	7799	break;
wolfSSL	0:1239e9b70ca2	7800	case ASN_SERIAL_NUMBER:
wolfSSL	0:1239e9b70ca2	7801	text = name->fullName.fullName + name->fullName.serialIdx;
wolfSSL	0:1239e9b70ca2	7802	textSz = name->fullName.serialLen;
wolfSSL	0:1239e9b70ca2	7803	break;
wolfSSL	0:1239e9b70ca2	7804	case ASN_COUNTRY_NAME:
wolfSSL	0:1239e9b70ca2	7805	text = name->fullName.fullName + name->fullName.cIdx;
wolfSSL	0:1239e9b70ca2	7806	textSz = name->fullName.cLen;
wolfSSL	0:1239e9b70ca2	7807	break;
wolfSSL	0:1239e9b70ca2	7808	case ASN_LOCALITY_NAME:
wolfSSL	0:1239e9b70ca2	7809	text = name->fullName.fullName + name->fullName.lIdx;
wolfSSL	0:1239e9b70ca2	7810	textSz = name->fullName.lLen;
wolfSSL	0:1239e9b70ca2	7811	break;
wolfSSL	0:1239e9b70ca2	7812	case ASN_STATE_NAME:
wolfSSL	0:1239e9b70ca2	7813	text = name->fullName.fullName + name->fullName.stIdx;
wolfSSL	0:1239e9b70ca2	7814	textSz = name->fullName.stLen;
wolfSSL	0:1239e9b70ca2	7815	break;
wolfSSL	0:1239e9b70ca2	7816	case ASN_ORG_NAME:
wolfSSL	0:1239e9b70ca2	7817	text = name->fullName.fullName + name->fullName.oIdx;
wolfSSL	0:1239e9b70ca2	7818	textSz = name->fullName.oLen;
wolfSSL	0:1239e9b70ca2	7819	break;
wolfSSL	0:1239e9b70ca2	7820	case ASN_ORGUNIT_NAME:
wolfSSL	0:1239e9b70ca2	7821	text = name->fullName.fullName + name->fullName.ouIdx;
wolfSSL	0:1239e9b70ca2	7822	textSz = name->fullName.ouLen;
wolfSSL	0:1239e9b70ca2	7823	break;
wolfSSL	0:1239e9b70ca2	7824	default:
wolfSSL	0:1239e9b70ca2	7825	break;
wolfSSL	0:1239e9b70ca2	7826	}
wolfSSL	0:1239e9b70ca2	7827
wolfSSL	0:1239e9b70ca2	7828	if (buf != NULL && text != NULL) {
wolfSSL	0:1239e9b70ca2	7829	textSz = min(textSz, len);
wolfSSL	0:1239e9b70ca2	7830	XMEMCPY(buf, text, textSz);
wolfSSL	0:1239e9b70ca2	7831	buf[textSz] = '\0';
wolfSSL	0:1239e9b70ca2	7832	}
wolfSSL	0:1239e9b70ca2	7833
wolfSSL	0:1239e9b70ca2	7834	CYASSL_LEAVE("CyaSSL_X509_NAME_get_text_by_NID", textSz);
wolfSSL	0:1239e9b70ca2	7835	return textSz;
wolfSSL	0:1239e9b70ca2	7836	}
wolfSSL	0:1239e9b70ca2	7837	#endif
wolfSSL	0:1239e9b70ca2	7838
wolfSSL	0:1239e9b70ca2	7839
wolfSSL	0:1239e9b70ca2	7840	/* copy name into in buffer, at most sz bytes, if buffer is null will
wolfSSL	0:1239e9b70ca2	7841	malloc buffer, call responsible for freeing */
wolfSSL	0:1239e9b70ca2	7842	char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
wolfSSL	0:1239e9b70ca2	7843	{
wolfSSL	0:1239e9b70ca2	7844	int copySz = min(sz, name->sz);
wolfSSL	0:1239e9b70ca2	7845
wolfSSL	0:1239e9b70ca2	7846	CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
wolfSSL	0:1239e9b70ca2	7847	if (!name->sz) return in;
wolfSSL	0:1239e9b70ca2	7848
wolfSSL	0:1239e9b70ca2	7849	if (!in) {
wolfSSL	0:1239e9b70ca2	7850	in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	7851	if (!in ) return in;
wolfSSL	0:1239e9b70ca2	7852	copySz = name->sz;
wolfSSL	0:1239e9b70ca2	7853	}
wolfSSL	0:1239e9b70ca2	7854
wolfSSL	0:1239e9b70ca2	7855	if (copySz == 0)
wolfSSL	0:1239e9b70ca2	7856	return in;
wolfSSL	0:1239e9b70ca2	7857
wolfSSL	0:1239e9b70ca2	7858	XMEMCPY(in, name->name, copySz - 1);
wolfSSL	0:1239e9b70ca2	7859	in[copySz - 1] = 0;
wolfSSL	0:1239e9b70ca2	7860
wolfSSL	0:1239e9b70ca2	7861	return in;
wolfSSL	0:1239e9b70ca2	7862	}
wolfSSL	0:1239e9b70ca2	7863
wolfSSL	0:1239e9b70ca2	7864
wolfSSL	0:1239e9b70ca2	7865	int CyaSSL_X509_get_signature_type(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	7866	{
wolfSSL	0:1239e9b70ca2	7867	int type = 0;
wolfSSL	0:1239e9b70ca2	7868
wolfSSL	0:1239e9b70ca2	7869	CYASSL_ENTER("CyaSSL_X509_get_signature_type");
wolfSSL	0:1239e9b70ca2	7870
wolfSSL	0:1239e9b70ca2	7871	if (x509 != NULL)
wolfSSL	0:1239e9b70ca2	7872	type = x509->sigOID;
wolfSSL	0:1239e9b70ca2	7873
wolfSSL	0:1239e9b70ca2	7874	return type;
wolfSSL	0:1239e9b70ca2	7875	}
wolfSSL	0:1239e9b70ca2	7876
wolfSSL	0:1239e9b70ca2	7877
wolfSSL	0:1239e9b70ca2	7878	int CyaSSL_X509_get_signature(CYASSL_X509* x509,
wolfSSL	0:1239e9b70ca2	7879	unsigned char* buf, int* bufSz)
wolfSSL	0:1239e9b70ca2	7880	{
wolfSSL	0:1239e9b70ca2	7881	CYASSL_ENTER("CyaSSL_X509_get_signature");
wolfSSL	0:1239e9b70ca2	7882	if (x509 == NULL \|\| bufSz == NULL \|\| *bufSz < (int)x509->sig.length)
wolfSSL	0:1239e9b70ca2	7883	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	7884
wolfSSL	0:1239e9b70ca2	7885	if (buf != NULL)
wolfSSL	0:1239e9b70ca2	7886	XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
wolfSSL	0:1239e9b70ca2	7887	*bufSz = x509->sig.length;
wolfSSL	0:1239e9b70ca2	7888
wolfSSL	0:1239e9b70ca2	7889	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7890	}
wolfSSL	0:1239e9b70ca2	7891
wolfSSL	0:1239e9b70ca2	7892
wolfSSL	0:1239e9b70ca2	7893	/* write X509 serial number in unsigned binary to buffer
wolfSSL	0:1239e9b70ca2	7894	buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
wolfSSL	0:1239e9b70ca2	7895	return SSL_SUCCESS on success */
wolfSSL	0:1239e9b70ca2	7896	int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
wolfSSL	0:1239e9b70ca2	7897	{
wolfSSL	0:1239e9b70ca2	7898	CYASSL_ENTER("CyaSSL_X509_get_serial_number");
wolfSSL	0:1239e9b70ca2	7899	if (x509 == NULL \|\| in == NULL \|\|
wolfSSL	0:1239e9b70ca2	7900	inOutSz == NULL \|\| *inOutSz < x509->serialSz)
wolfSSL	0:1239e9b70ca2	7901	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	7902
wolfSSL	0:1239e9b70ca2	7903	XMEMCPY(in, x509->serial, x509->serialSz);
wolfSSL	0:1239e9b70ca2	7904	*inOutSz = x509->serialSz;
wolfSSL	0:1239e9b70ca2	7905
wolfSSL	0:1239e9b70ca2	7906	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	7907	}
wolfSSL	0:1239e9b70ca2	7908
wolfSSL	0:1239e9b70ca2	7909
wolfSSL	0:1239e9b70ca2	7910	const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
wolfSSL	0:1239e9b70ca2	7911	{
wolfSSL	0:1239e9b70ca2	7912	CYASSL_ENTER("CyaSSL_X509_get_der");
wolfSSL	0:1239e9b70ca2	7913
wolfSSL	0:1239e9b70ca2	7914	if (x509 == NULL \|\| outSz == NULL)
wolfSSL	0:1239e9b70ca2	7915	return NULL;
wolfSSL	0:1239e9b70ca2	7916
wolfSSL	0:1239e9b70ca2	7917	*outSz = (int)x509->derCert.length;
wolfSSL	0:1239e9b70ca2	7918	return x509->derCert.buffer;
wolfSSL	0:1239e9b70ca2	7919	}
wolfSSL	0:1239e9b70ca2	7920
wolfSSL	0:1239e9b70ca2	7921
wolfSSL	0:1239e9b70ca2	7922	int CyaSSL_X509_version(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	7923	{
wolfSSL	0:1239e9b70ca2	7924	CYASSL_ENTER("CyaSSL_X509_version");
wolfSSL	0:1239e9b70ca2	7925
wolfSSL	0:1239e9b70ca2	7926	if (x509 == NULL)
wolfSSL	0:1239e9b70ca2	7927	return 0;
wolfSSL	0:1239e9b70ca2	7928
wolfSSL	0:1239e9b70ca2	7929	return x509->version;
wolfSSL	0:1239e9b70ca2	7930	}
wolfSSL	0:1239e9b70ca2	7931
wolfSSL	0:1239e9b70ca2	7932
wolfSSL	0:1239e9b70ca2	7933	const byte* CyaSSL_X509_notBefore(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	7934	{
wolfSSL	0:1239e9b70ca2	7935	CYASSL_ENTER("CyaSSL_X509_notBefore");
wolfSSL	0:1239e9b70ca2	7936
wolfSSL	0:1239e9b70ca2	7937	if (x509 == NULL)
wolfSSL	0:1239e9b70ca2	7938	return NULL;
wolfSSL	0:1239e9b70ca2	7939
wolfSSL	0:1239e9b70ca2	7940	return x509->notBefore;
wolfSSL	0:1239e9b70ca2	7941	}
wolfSSL	0:1239e9b70ca2	7942
wolfSSL	0:1239e9b70ca2	7943
wolfSSL	0:1239e9b70ca2	7944	const byte* CyaSSL_X509_notAfter(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	7945	{
wolfSSL	0:1239e9b70ca2	7946	CYASSL_ENTER("CyaSSL_X509_notAfter");
wolfSSL	0:1239e9b70ca2	7947
wolfSSL	0:1239e9b70ca2	7948	if (x509 == NULL)
wolfSSL	0:1239e9b70ca2	7949	return NULL;
wolfSSL	0:1239e9b70ca2	7950
wolfSSL	0:1239e9b70ca2	7951	return x509->notAfter;
wolfSSL	0:1239e9b70ca2	7952	}
wolfSSL	0:1239e9b70ca2	7953
wolfSSL	0:1239e9b70ca2	7954
wolfSSL	0:1239e9b70ca2	7955	#ifdef CYASSL_SEP
wolfSSL	0:1239e9b70ca2	7956
wolfSSL	0:1239e9b70ca2	7957	/* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
wolfSSL	0:1239e9b70ca2	7958	malloc buffer, call responsible for freeing. Actual size returned in
wolfSSL	0:1239e9b70ca2	7959	inOutSz. Requires inOutSz be non-null /
wolfSSL	0:1239e9b70ca2	7960	byte* CyaSSL_X509_get_device_type(CYASSL_X509* x509, byte* in, int *inOutSz)
wolfSSL	0:1239e9b70ca2	7961	{
wolfSSL	0:1239e9b70ca2	7962	int copySz;
wolfSSL	0:1239e9b70ca2	7963
wolfSSL	0:1239e9b70ca2	7964	CYASSL_ENTER("CyaSSL_X509_get_dev_type");
wolfSSL	0:1239e9b70ca2	7965	if (inOutSz == NULL) return NULL;
wolfSSL	0:1239e9b70ca2	7966	if (!x509->deviceTypeSz) return in;
wolfSSL	0:1239e9b70ca2	7967
wolfSSL	0:1239e9b70ca2	7968	copySz = min(*inOutSz, x509->deviceTypeSz);
wolfSSL	0:1239e9b70ca2	7969
wolfSSL	0:1239e9b70ca2	7970	if (!in) {
wolfSSL	0:1239e9b70ca2	7971	in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	7972	if (!in) return in;
wolfSSL	0:1239e9b70ca2	7973	copySz = x509->deviceTypeSz;
wolfSSL	0:1239e9b70ca2	7974	}
wolfSSL	0:1239e9b70ca2	7975
wolfSSL	0:1239e9b70ca2	7976	XMEMCPY(in, x509->deviceType, copySz);
wolfSSL	0:1239e9b70ca2	7977	*inOutSz = copySz;
wolfSSL	0:1239e9b70ca2	7978
wolfSSL	0:1239e9b70ca2	7979	return in;
wolfSSL	0:1239e9b70ca2	7980	}
wolfSSL	0:1239e9b70ca2	7981
wolfSSL	0:1239e9b70ca2	7982
wolfSSL	0:1239e9b70ca2	7983	byte* CyaSSL_X509_get_hw_type(CYASSL_X509* x509, byte* in, int* inOutSz)
wolfSSL	0:1239e9b70ca2	7984	{
wolfSSL	0:1239e9b70ca2	7985	int copySz;
wolfSSL	0:1239e9b70ca2	7986
wolfSSL	0:1239e9b70ca2	7987	CYASSL_ENTER("CyaSSL_X509_get_hw_type");
wolfSSL	0:1239e9b70ca2	7988	if (inOutSz == NULL) return NULL;
wolfSSL	0:1239e9b70ca2	7989	if (!x509->hwTypeSz) return in;
wolfSSL	0:1239e9b70ca2	7990
wolfSSL	0:1239e9b70ca2	7991	copySz = min(*inOutSz, x509->hwTypeSz);
wolfSSL	0:1239e9b70ca2	7992
wolfSSL	0:1239e9b70ca2	7993	if (!in) {
wolfSSL	0:1239e9b70ca2	7994	in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	7995	if (!in) return in;
wolfSSL	0:1239e9b70ca2	7996	copySz = x509->hwTypeSz;
wolfSSL	0:1239e9b70ca2	7997	}
wolfSSL	0:1239e9b70ca2	7998
wolfSSL	0:1239e9b70ca2	7999	XMEMCPY(in, x509->hwType, copySz);
wolfSSL	0:1239e9b70ca2	8000	*inOutSz = copySz;
wolfSSL	0:1239e9b70ca2	8001
wolfSSL	0:1239e9b70ca2	8002	return in;
wolfSSL	0:1239e9b70ca2	8003	}
wolfSSL	0:1239e9b70ca2	8004
wolfSSL	0:1239e9b70ca2	8005
wolfSSL	0:1239e9b70ca2	8006	byte* CyaSSL_X509_get_hw_serial_number(CYASSL_X509* x509,byte* in,int* inOutSz)
wolfSSL	0:1239e9b70ca2	8007	{
wolfSSL	0:1239e9b70ca2	8008	int copySz;
wolfSSL	0:1239e9b70ca2	8009
wolfSSL	0:1239e9b70ca2	8010	CYASSL_ENTER("CyaSSL_X509_get_hw_serial_number");
wolfSSL	0:1239e9b70ca2	8011	if (inOutSz == NULL) return NULL;
wolfSSL	0:1239e9b70ca2	8012	if (!x509->hwTypeSz) return in;
wolfSSL	0:1239e9b70ca2	8013
wolfSSL	0:1239e9b70ca2	8014	copySz = min(*inOutSz, x509->hwSerialNumSz);
wolfSSL	0:1239e9b70ca2	8015
wolfSSL	0:1239e9b70ca2	8016	if (!in) {
wolfSSL	0:1239e9b70ca2	8017	in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL	0:1239e9b70ca2	8018	if (!in) return in;
wolfSSL	0:1239e9b70ca2	8019	copySz = x509->hwSerialNumSz;
wolfSSL	0:1239e9b70ca2	8020	}
wolfSSL	0:1239e9b70ca2	8021
wolfSSL	0:1239e9b70ca2	8022	XMEMCPY(in, x509->hwSerialNum, copySz);
wolfSSL	0:1239e9b70ca2	8023	*inOutSz = copySz;
wolfSSL	0:1239e9b70ca2	8024
wolfSSL	0:1239e9b70ca2	8025	return in;
wolfSSL	0:1239e9b70ca2	8026	}
wolfSSL	0:1239e9b70ca2	8027
wolfSSL	0:1239e9b70ca2	8028	#endif /* CYASSL_SEP */
wolfSSL	0:1239e9b70ca2	8029
wolfSSL	0:1239e9b70ca2	8030
wolfSSL	0:1239e9b70ca2	8031	CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
wolfSSL	0:1239e9b70ca2	8032	{
wolfSSL	0:1239e9b70ca2	8033	CYASSL_X509 *newX509 = NULL;
wolfSSL	0:1239e9b70ca2	8034
wolfSSL	0:1239e9b70ca2	8035	CYASSL_ENTER("CyaSSL_X509_d2i");
wolfSSL	0:1239e9b70ca2	8036
wolfSSL	0:1239e9b70ca2	8037	if (in != NULL && len != 0) {
wolfSSL	0:1239e9b70ca2	8038	DecodedCert cert;
wolfSSL	0:1239e9b70ca2	8039
wolfSSL	0:1239e9b70ca2	8040	InitDecodedCert(&cert, (byte*)in, len, NULL);
wolfSSL	0:1239e9b70ca2	8041	if (ParseCertRelative(&cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL	0:1239e9b70ca2	8042	newX509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509),
wolfSSL	0:1239e9b70ca2	8043	NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	8044	if (newX509 != NULL) {
wolfSSL	0:1239e9b70ca2	8045	InitX509(newX509, 1);
wolfSSL	0:1239e9b70ca2	8046	if (CopyDecodedToX509(newX509, &cert) != 0) {
wolfSSL	0:1239e9b70ca2	8047	XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	8048	newX509 = NULL;
wolfSSL	0:1239e9b70ca2	8049	}
wolfSSL	0:1239e9b70ca2	8050	}
wolfSSL	0:1239e9b70ca2	8051	}
wolfSSL	0:1239e9b70ca2	8052	FreeDecodedCert(&cert);
wolfSSL	0:1239e9b70ca2	8053	}
wolfSSL	0:1239e9b70ca2	8054
wolfSSL	0:1239e9b70ca2	8055	if (x509 != NULL)
wolfSSL	0:1239e9b70ca2	8056	*x509 = newX509;
wolfSSL	0:1239e9b70ca2	8057
wolfSSL	0:1239e9b70ca2	8058	return newX509;
wolfSSL	0:1239e9b70ca2	8059	}
wolfSSL	0:1239e9b70ca2	8060
wolfSSL	0:1239e9b70ca2	8061
wolfSSL	0:1239e9b70ca2	8062	#ifndef NO_FILESYSTEM
wolfSSL	0:1239e9b70ca2	8063
wolfSSL	0:1239e9b70ca2	8064	#ifndef NO_STDIO_FILESYSTEM
wolfSSL	0:1239e9b70ca2	8065
wolfSSL	0:1239e9b70ca2	8066	CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
wolfSSL	0:1239e9b70ca2	8067	{
wolfSSL	0:1239e9b70ca2	8068	CYASSL_X509* newX509 = NULL;
wolfSSL	0:1239e9b70ca2	8069
wolfSSL	0:1239e9b70ca2	8070	CYASSL_ENTER("CyaSSL_X509_d2i_fp");
wolfSSL	0:1239e9b70ca2	8071
wolfSSL	0:1239e9b70ca2	8072	if (file != XBADFILE) {
wolfSSL	0:1239e9b70ca2	8073	byte* fileBuffer = NULL;
wolfSSL	0:1239e9b70ca2	8074	long sz = 0;
wolfSSL	0:1239e9b70ca2	8075
wolfSSL	0:1239e9b70ca2	8076	XFSEEK(file, 0, XSEEK_END);
wolfSSL	0:1239e9b70ca2	8077	sz = XFTELL(file);
wolfSSL	0:1239e9b70ca2	8078	XREWIND(file);
wolfSSL	0:1239e9b70ca2	8079
wolfSSL	0:1239e9b70ca2	8080	fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	8081	if (fileBuffer != NULL) {
wolfSSL	0:1239e9b70ca2	8082	if ((int)XFREAD(fileBuffer, sz, 1, file) > 0) {
wolfSSL	0:1239e9b70ca2	8083	newX509 = CyaSSL_X509_d2i(NULL, fileBuffer, (int)sz);
wolfSSL	0:1239e9b70ca2	8084	}
wolfSSL	0:1239e9b70ca2	8085	XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	8086	}
wolfSSL	0:1239e9b70ca2	8087	}
wolfSSL	0:1239e9b70ca2	8088
wolfSSL	0:1239e9b70ca2	8089	if (x509 != NULL)
wolfSSL	0:1239e9b70ca2	8090	*x509 = newX509;
wolfSSL	0:1239e9b70ca2	8091
wolfSSL	0:1239e9b70ca2	8092	return newX509;
wolfSSL	0:1239e9b70ca2	8093	}
wolfSSL	0:1239e9b70ca2	8094
wolfSSL	0:1239e9b70ca2	8095	#endif /* NO_STDIO_FILESYSTEM */
wolfSSL	0:1239e9b70ca2	8096
wolfSSL	0:1239e9b70ca2	8097	CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
wolfSSL	0:1239e9b70ca2	8098	{
wolfSSL	0:1239e9b70ca2	8099	byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL	0:1239e9b70ca2	8100	byte* fileBuffer = staticBuffer;
wolfSSL	0:1239e9b70ca2	8101	int dynamic = 0;
wolfSSL	0:1239e9b70ca2	8102	long sz = 0;
wolfSSL	0:1239e9b70ca2	8103	XFILE file;
wolfSSL	0:1239e9b70ca2	8104	CYASSL_X509* x509 = NULL;
wolfSSL	0:1239e9b70ca2	8105	buffer der;
wolfSSL	0:1239e9b70ca2	8106
wolfSSL	0:1239e9b70ca2	8107	CYASSL_ENTER("CyaSSL_X509_load_certificate");
wolfSSL	0:1239e9b70ca2	8108
wolfSSL	0:1239e9b70ca2	8109	/* Check the inputs */
wolfSSL	0:1239e9b70ca2	8110	if ((fname == NULL) \|\|
wolfSSL	0:1239e9b70ca2	8111	(format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM))
wolfSSL	0:1239e9b70ca2	8112	return NULL;
wolfSSL	0:1239e9b70ca2	8113
wolfSSL	0:1239e9b70ca2	8114	file = XFOPEN(fname, "rb");
wolfSSL	0:1239e9b70ca2	8115	if (file == XBADFILE) return NULL;
wolfSSL	0:1239e9b70ca2	8116	XFSEEK(file, 0, XSEEK_END);
wolfSSL	0:1239e9b70ca2	8117	sz = XFTELL(file);
wolfSSL	0:1239e9b70ca2	8118	XREWIND(file);
wolfSSL	0:1239e9b70ca2	8119
wolfSSL	0:1239e9b70ca2	8120	if (sz > (long)sizeof(staticBuffer)) {
wolfSSL	0:1239e9b70ca2	8121	fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	8122	if (fileBuffer == NULL) {
wolfSSL	0:1239e9b70ca2	8123	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	8124	return NULL;
wolfSSL	0:1239e9b70ca2	8125	}
wolfSSL	0:1239e9b70ca2	8126	dynamic = 1;
wolfSSL	0:1239e9b70ca2	8127	}
wolfSSL	0:1239e9b70ca2	8128	if ((int)XFREAD(fileBuffer, sz, 1, file) < 0) {
wolfSSL	0:1239e9b70ca2	8129	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	8130	if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	8131	return NULL;
wolfSSL	0:1239e9b70ca2	8132	}
wolfSSL	0:1239e9b70ca2	8133	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	8134
wolfSSL	0:1239e9b70ca2	8135	der.buffer = NULL;
wolfSSL	0:1239e9b70ca2	8136	der.length = 0;
wolfSSL	0:1239e9b70ca2	8137
wolfSSL	0:1239e9b70ca2	8138	if (format == SSL_FILETYPE_PEM) {
wolfSSL	0:1239e9b70ca2	8139	EncryptedInfo info;
wolfSSL	0:1239e9b70ca2	8140	int ecc = 0;
wolfSSL	0:1239e9b70ca2	8141
wolfSSL	0:1239e9b70ca2	8142	info.set = 0;
wolfSSL	0:1239e9b70ca2	8143	info.ctx = NULL;
wolfSSL	0:1239e9b70ca2	8144	info.consumed = 0;
wolfSSL	0:1239e9b70ca2	8145
wolfSSL	0:1239e9b70ca2	8146	if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, &info, &ecc) != 0)
wolfSSL	0:1239e9b70ca2	8147	{
wolfSSL	0:1239e9b70ca2	8148	/* Only time this should fail, and leave `der` with a buffer
wolfSSL	0:1239e9b70ca2	8149	is when the Base64 Decode fails. Release `der.buffer` in
wolfSSL	0:1239e9b70ca2	8150	that case. */
wolfSSL	0:1239e9b70ca2	8151	if (der.buffer != NULL) {
wolfSSL	0:1239e9b70ca2	8152	XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	8153	der.buffer = NULL;
wolfSSL	0:1239e9b70ca2	8154	}
wolfSSL	0:1239e9b70ca2	8155	}
wolfSSL	0:1239e9b70ca2	8156	}
wolfSSL	0:1239e9b70ca2	8157	else {
wolfSSL	0:1239e9b70ca2	8158	der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	8159	if (der.buffer != NULL) {
wolfSSL	0:1239e9b70ca2	8160	XMEMCPY(der.buffer, fileBuffer, sz);
wolfSSL	0:1239e9b70ca2	8161	der.length = (word32)sz;
wolfSSL	0:1239e9b70ca2	8162	}
wolfSSL	0:1239e9b70ca2	8163	}
wolfSSL	0:1239e9b70ca2	8164	if (dynamic) XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	8165
wolfSSL	0:1239e9b70ca2	8166	/* At this point we want `der` to have the certificate in DER format */
wolfSSL	0:1239e9b70ca2	8167	/* ready to be decoded. */
wolfSSL	0:1239e9b70ca2	8168	if (der.buffer != NULL) {
wolfSSL	0:1239e9b70ca2	8169	DecodedCert cert;
wolfSSL	0:1239e9b70ca2	8170
wolfSSL	0:1239e9b70ca2	8171	InitDecodedCert(&cert, der.buffer, der.length, NULL);
wolfSSL	0:1239e9b70ca2	8172	if (ParseCertRelative(&cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL	0:1239e9b70ca2	8173	x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509),
wolfSSL	0:1239e9b70ca2	8174	NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	8175	if (x509 != NULL) {
wolfSSL	0:1239e9b70ca2	8176	InitX509(x509, 1);
wolfSSL	0:1239e9b70ca2	8177	if (CopyDecodedToX509(x509, &cert) != 0) {
wolfSSL	0:1239e9b70ca2	8178	XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	8179	x509 = NULL;
wolfSSL	0:1239e9b70ca2	8180	}
wolfSSL	0:1239e9b70ca2	8181	}
wolfSSL	0:1239e9b70ca2	8182	}
wolfSSL	0:1239e9b70ca2	8183	FreeDecodedCert(&cert);
wolfSSL	0:1239e9b70ca2	8184
wolfSSL	0:1239e9b70ca2	8185	XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	8186	}
wolfSSL	0:1239e9b70ca2	8187
wolfSSL	0:1239e9b70ca2	8188	return x509;
wolfSSL	0:1239e9b70ca2	8189	}
wolfSSL	0:1239e9b70ca2	8190
wolfSSL	0:1239e9b70ca2	8191	#endif /* NO_FILESYSTEM */
wolfSSL	0:1239e9b70ca2	8192
wolfSSL	0:1239e9b70ca2	8193	#endif /* KEEP_PEER_CERT \|\| SESSION_CERTS */
wolfSSL	0:1239e9b70ca2	8194
wolfSSL	0:1239e9b70ca2	8195
wolfSSL	0:1239e9b70ca2	8196	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	8197	int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
wolfSSL	0:1239e9b70ca2	8198	{
wolfSSL	0:1239e9b70ca2	8199	#ifdef FORTRESS
wolfSSL	0:1239e9b70ca2	8200	if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL	0:1239e9b70ca2	8201	{
wolfSSL	0:1239e9b70ca2	8202	ssl->ex_data[idx] = data;
wolfSSL	0:1239e9b70ca2	8203	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	8204	}
wolfSSL	0:1239e9b70ca2	8205	#else
wolfSSL	0:1239e9b70ca2	8206	(void)ssl;
wolfSSL	0:1239e9b70ca2	8207	(void)idx;
wolfSSL	0:1239e9b70ca2	8208	(void)data;
wolfSSL	0:1239e9b70ca2	8209	#endif
wolfSSL	0:1239e9b70ca2	8210	return SSL_FAILURE;
wolfSSL	0:1239e9b70ca2	8211	}
wolfSSL	0:1239e9b70ca2	8212
wolfSSL	0:1239e9b70ca2	8213
wolfSSL	0:1239e9b70ca2	8214	int CyaSSL_set_session_id_context(CYASSL* ssl, const unsigned char* id,
wolfSSL	0:1239e9b70ca2	8215	unsigned int len)
wolfSSL	0:1239e9b70ca2	8216	{
wolfSSL	0:1239e9b70ca2	8217	(void)ssl;
wolfSSL	0:1239e9b70ca2	8218	(void)id;
wolfSSL	0:1239e9b70ca2	8219	(void)len;
wolfSSL	0:1239e9b70ca2	8220	return 0;
wolfSSL	0:1239e9b70ca2	8221	}
wolfSSL	0:1239e9b70ca2	8222
wolfSSL	0:1239e9b70ca2	8223
wolfSSL	0:1239e9b70ca2	8224	void CyaSSL_set_connect_state(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8225	{
wolfSSL	0:1239e9b70ca2	8226	(void)ssl;
wolfSSL	0:1239e9b70ca2	8227	/* client by default */
wolfSSL	0:1239e9b70ca2	8228	}
wolfSSL	0:1239e9b70ca2	8229	#endif
wolfSSL	0:1239e9b70ca2	8230
wolfSSL	0:1239e9b70ca2	8231	int CyaSSL_get_shutdown(const CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8232	{
wolfSSL	0:1239e9b70ca2	8233	return (ssl->options.isClosed \|\|
wolfSSL	0:1239e9b70ca2	8234	ssl->options.connReset \|\|
wolfSSL	0:1239e9b70ca2	8235	ssl->options.sentNotify);
wolfSSL	0:1239e9b70ca2	8236	}
wolfSSL	0:1239e9b70ca2	8237
wolfSSL	0:1239e9b70ca2	8238
wolfSSL	0:1239e9b70ca2	8239	int CyaSSL_session_reused(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8240	{
wolfSSL	0:1239e9b70ca2	8241	return ssl->options.resuming;
wolfSSL	0:1239e9b70ca2	8242	}
wolfSSL	0:1239e9b70ca2	8243
wolfSSL	0:1239e9b70ca2	8244	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	8245	void CyaSSL_SESSION_free(CYASSL_SESSION* session)
wolfSSL	0:1239e9b70ca2	8246	{
wolfSSL	0:1239e9b70ca2	8247	(void)session;
wolfSSL	0:1239e9b70ca2	8248	}
wolfSSL	0:1239e9b70ca2	8249	#endif
wolfSSL	0:1239e9b70ca2	8250
wolfSSL	0:1239e9b70ca2	8251	const char* CyaSSL_get_version(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8252	{
wolfSSL	0:1239e9b70ca2	8253	CYASSL_ENTER("SSL_get_version");
wolfSSL	0:1239e9b70ca2	8254	if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL	0:1239e9b70ca2	8255	switch (ssl->version.minor) {
wolfSSL	0:1239e9b70ca2	8256	case SSLv3_MINOR :
wolfSSL	0:1239e9b70ca2	8257	return "SSLv3";
wolfSSL	0:1239e9b70ca2	8258	case TLSv1_MINOR :
wolfSSL	0:1239e9b70ca2	8259	return "TLSv1";
wolfSSL	0:1239e9b70ca2	8260	case TLSv1_1_MINOR :
wolfSSL	0:1239e9b70ca2	8261	return "TLSv1.1";
wolfSSL	0:1239e9b70ca2	8262	case TLSv1_2_MINOR :
wolfSSL	0:1239e9b70ca2	8263	return "TLSv1.2";
wolfSSL	0:1239e9b70ca2	8264	default:
wolfSSL	0:1239e9b70ca2	8265	return "unknown";
wolfSSL	0:1239e9b70ca2	8266	}
wolfSSL	0:1239e9b70ca2	8267	}
wolfSSL	0:1239e9b70ca2	8268	else if (ssl->version.major == DTLS_MAJOR) {
wolfSSL	0:1239e9b70ca2	8269	switch (ssl->version.minor) {
wolfSSL	0:1239e9b70ca2	8270	case DTLS_MINOR :
wolfSSL	0:1239e9b70ca2	8271	return "DTLS";
wolfSSL	0:1239e9b70ca2	8272	case DTLSv1_2_MINOR :
wolfSSL	0:1239e9b70ca2	8273	return "DTLSv1.2";
wolfSSL	0:1239e9b70ca2	8274	default:
wolfSSL	0:1239e9b70ca2	8275	return "unknown";
wolfSSL	0:1239e9b70ca2	8276	}
wolfSSL	0:1239e9b70ca2	8277	}
wolfSSL	0:1239e9b70ca2	8278	return "unknown";
wolfSSL	0:1239e9b70ca2	8279	}
wolfSSL	0:1239e9b70ca2	8280
wolfSSL	0:1239e9b70ca2	8281	int CyaSSL_get_current_cipher_suite(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8282	{
wolfSSL	0:1239e9b70ca2	8283	CYASSL_ENTER("SSL_get_current_cipher_suite");
wolfSSL	0:1239e9b70ca2	8284	if (ssl)
wolfSSL	0:1239e9b70ca2	8285	return (ssl->options.cipherSuite0 << 8) \| ssl->options.cipherSuite;
wolfSSL	0:1239e9b70ca2	8286	return 0;
wolfSSL	0:1239e9b70ca2	8287	}
wolfSSL	0:1239e9b70ca2	8288
wolfSSL	0:1239e9b70ca2	8289	CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8290	{
wolfSSL	0:1239e9b70ca2	8291	CYASSL_ENTER("SSL_get_current_cipher");
wolfSSL	0:1239e9b70ca2	8292	if (ssl)
wolfSSL	0:1239e9b70ca2	8293	return &ssl->cipher;
wolfSSL	0:1239e9b70ca2	8294	else
wolfSSL	0:1239e9b70ca2	8295	return NULL;
wolfSSL	0:1239e9b70ca2	8296	}
wolfSSL	0:1239e9b70ca2	8297
wolfSSL	0:1239e9b70ca2	8298
wolfSSL	0:1239e9b70ca2	8299	const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher)
wolfSSL	0:1239e9b70ca2	8300	{
wolfSSL	0:1239e9b70ca2	8301	(void)cipher;
wolfSSL	0:1239e9b70ca2	8302
wolfSSL	0:1239e9b70ca2	8303	CYASSL_ENTER("SSL_CIPHER_get_name");
wolfSSL	0:1239e9b70ca2	8304	#ifndef NO_ERROR_STRINGS
wolfSSL	0:1239e9b70ca2	8305	if (cipher) {
wolfSSL	0:1239e9b70ca2	8306	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	8307	if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
wolfSSL	0:1239e9b70ca2	8308	/* ECC suites */
wolfSSL	0:1239e9b70ca2	8309	switch (cipher->ssl->options.cipherSuite) {
wolfSSL	0:1239e9b70ca2	8310	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8311	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8312	return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8313	#endif
wolfSSL	0:1239e9b70ca2	8314	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8315	return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8316	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8317	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8318	return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8319	#endif
wolfSSL	0:1239e9b70ca2	8320	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8321	return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8322	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8323	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	0:1239e9b70ca2	8324	return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL	0:1239e9b70ca2	8325	#endif
wolfSSL	0:1239e9b70ca2	8326	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	0:1239e9b70ca2	8327	return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL	0:1239e9b70ca2	8328	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8329	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	0:1239e9b70ca2	8330	return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL	0:1239e9b70ca2	8331	#endif
wolfSSL	0:1239e9b70ca2	8332	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL	0:1239e9b70ca2	8333	return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL	0:1239e9b70ca2	8334	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8335	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8336	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8337	return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8338	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8339	return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8340	#endif
wolfSSL	0:1239e9b70ca2	8341	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8342	return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8343	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8344	return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8345	#ifndef NO_RC4
wolfSSL	0:1239e9b70ca2	8346	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8347	case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	8348	return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
wolfSSL	0:1239e9b70ca2	8349	#endif
wolfSSL	0:1239e9b70ca2	8350	case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	8351	return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
wolfSSL	0:1239e9b70ca2	8352	#endif
wolfSSL	0:1239e9b70ca2	8353	#ifndef NO_DES3
wolfSSL	0:1239e9b70ca2	8354	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8355	case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8356	return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8357	#endif
wolfSSL	0:1239e9b70ca2	8358	case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8359	return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8360	#endif
wolfSSL	0:1239e9b70ca2	8361
wolfSSL	0:1239e9b70ca2	8362	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8363	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8364	return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8365	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8366	return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8367	#endif
wolfSSL	0:1239e9b70ca2	8368	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8369	return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8370	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8371	return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8372	#ifndef NO_RC4
wolfSSL	0:1239e9b70ca2	8373	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8374	case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	8375	return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
wolfSSL	0:1239e9b70ca2	8376	#endif
wolfSSL	0:1239e9b70ca2	8377	case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	8378	return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
wolfSSL	0:1239e9b70ca2	8379	#endif
wolfSSL	0:1239e9b70ca2	8380	#ifndef NO_DES3
wolfSSL	0:1239e9b70ca2	8381	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8382	case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8383	return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8384	#endif
wolfSSL	0:1239e9b70ca2	8385	case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8386	return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8387	#endif
wolfSSL	0:1239e9b70ca2	8388	#endif /* NO_SHA */
wolfSSL	0:1239e9b70ca2	8389
wolfSSL	0:1239e9b70ca2	8390	#ifdef HAVE_AESGCM
wolfSSL	0:1239e9b70ca2	8391	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8392	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	8393	return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL	0:1239e9b70ca2	8394	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	8395	return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL	0:1239e9b70ca2	8396	#endif
wolfSSL	0:1239e9b70ca2	8397	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	8398	return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL	0:1239e9b70ca2	8399	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	8400	return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL	0:1239e9b70ca2	8401	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8402	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	8403	return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL	0:1239e9b70ca2	8404	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	8405	return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL	0:1239e9b70ca2	8406	#endif
wolfSSL	0:1239e9b70ca2	8407	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	8408	return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL	0:1239e9b70ca2	8409	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	8410	return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL	0:1239e9b70ca2	8411	#endif
wolfSSL	0:1239e9b70ca2	8412
wolfSSL	0:1239e9b70ca2	8413	#ifdef HAVE_AESCCM
wolfSSL	0:1239e9b70ca2	8414	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8415	case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL	0:1239e9b70ca2	8416	return "TLS_RSA_WITH_AES_128_CCM_8";
wolfSSL	0:1239e9b70ca2	8417	case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL	0:1239e9b70ca2	8418	return "TLS_RSA_WITH_AES_256_CCM_8";
wolfSSL	0:1239e9b70ca2	8419	#endif
wolfSSL	0:1239e9b70ca2	8420	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL	0:1239e9b70ca2	8421	return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
wolfSSL	0:1239e9b70ca2	8422	case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL	0:1239e9b70ca2	8423	return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
wolfSSL	0:1239e9b70ca2	8424	#endif
wolfSSL	0:1239e9b70ca2	8425
wolfSSL	0:1239e9b70ca2	8426	default:
wolfSSL	0:1239e9b70ca2	8427	return "NONE";
wolfSSL	0:1239e9b70ca2	8428	}
wolfSSL	0:1239e9b70ca2	8429	}
wolfSSL	0:1239e9b70ca2	8430	#endif /* ECC */
wolfSSL	0:1239e9b70ca2	8431	if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) {
wolfSSL	0:1239e9b70ca2	8432	/* normal suites */
wolfSSL	0:1239e9b70ca2	8433	switch (cipher->ssl->options.cipherSuite) {
wolfSSL	0:1239e9b70ca2	8434	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8435	#ifndef NO_RC4
wolfSSL	0:1239e9b70ca2	8436	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8437	case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	8438	return "SSL_RSA_WITH_RC4_128_SHA";
wolfSSL	0:1239e9b70ca2	8439	#endif
wolfSSL	0:1239e9b70ca2	8440	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	8441	case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL	0:1239e9b70ca2	8442	return "SSL_RSA_WITH_RC4_128_MD5";
wolfSSL	0:1239e9b70ca2	8443	#endif
wolfSSL	0:1239e9b70ca2	8444	#endif
wolfSSL	0:1239e9b70ca2	8445	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8446	#ifndef NO_DES3
wolfSSL	0:1239e9b70ca2	8447	case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8448	return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8449	#endif
wolfSSL	0:1239e9b70ca2	8450	case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8451	return "TLS_RSA_WITH_AES_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8452	case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8453	return "TLS_RSA_WITH_AES_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8454	#endif
wolfSSL	0:1239e9b70ca2	8455	case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8456	return "TLS_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8457	case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8458	return "TLS_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8459	#ifdef HAVE_BLAKE2
wolfSSL	0:1239e9b70ca2	8460	case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL	0:1239e9b70ca2	8461	return "TLS_RSA_WITH_AES_128_CBC_B2B256";
wolfSSL	0:1239e9b70ca2	8462	case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL	0:1239e9b70ca2	8463	return "TLS_RSA_WITH_AES_256_CBC_B2B256";
wolfSSL	0:1239e9b70ca2	8464	#endif
wolfSSL	0:1239e9b70ca2	8465	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8466	case TLS_RSA_WITH_NULL_SHA :
wolfSSL	0:1239e9b70ca2	8467	return "TLS_RSA_WITH_NULL_SHA";
wolfSSL	0:1239e9b70ca2	8468	#endif
wolfSSL	0:1239e9b70ca2	8469	case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL	0:1239e9b70ca2	8470	return "TLS_RSA_WITH_NULL_SHA256";
wolfSSL	0:1239e9b70ca2	8471	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	8472	#ifndef NO_PSK
wolfSSL	0:1239e9b70ca2	8473	case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8474	return "TLS_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8475	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8476	case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8477	return "TLS_PSK_WITH_AES_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8478	case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8479	return "TLS_PSK_WITH_AES_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8480	#endif
wolfSSL	0:1239e9b70ca2	8481	#ifndef NO_SHA256
wolfSSL	0:1239e9b70ca2	8482	#ifdef HAVE_AESCCM
wolfSSL	0:1239e9b70ca2	8483	case TLS_PSK_WITH_AES_128_CCM_8 :
wolfSSL	0:1239e9b70ca2	8484	return "TLS_PSK_WITH_AES_128_CCM_8";
wolfSSL	0:1239e9b70ca2	8485	case TLS_PSK_WITH_AES_256_CCM_8 :
wolfSSL	0:1239e9b70ca2	8486	return "TLS_PSK_WITH_AES_256_CCM_8";
wolfSSL	0:1239e9b70ca2	8487	#endif
wolfSSL	0:1239e9b70ca2	8488	case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL	0:1239e9b70ca2	8489	return "TLS_PSK_WITH_NULL_SHA256";
wolfSSL	0:1239e9b70ca2	8490	#endif
wolfSSL	0:1239e9b70ca2	8491	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8492	case TLS_PSK_WITH_NULL_SHA :
wolfSSL	0:1239e9b70ca2	8493	return "TLS_PSK_WITH_NULL_SHA";
wolfSSL	0:1239e9b70ca2	8494	#endif
wolfSSL	0:1239e9b70ca2	8495	#endif /* NO_PSK */
wolfSSL	0:1239e9b70ca2	8496	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	8497	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8498	return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8499	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8500	return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8501	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8502	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8503	return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8504	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8505	return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8506	#endif
wolfSSL	0:1239e9b70ca2	8507	#ifndef NO_HC128
wolfSSL	0:1239e9b70ca2	8508	#ifndef NO_MD5
wolfSSL	0:1239e9b70ca2	8509	case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL	0:1239e9b70ca2	8510	return "TLS_RSA_WITH_HC_128_MD5";
wolfSSL	0:1239e9b70ca2	8511	#endif
wolfSSL	0:1239e9b70ca2	8512	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8513	case TLS_RSA_WITH_HC_128_SHA :
wolfSSL	0:1239e9b70ca2	8514	return "TLS_RSA_WITH_HC_128_SHA";
wolfSSL	0:1239e9b70ca2	8515	#endif
wolfSSL	0:1239e9b70ca2	8516	#ifdef HAVE_BLAKE2
wolfSSL	0:1239e9b70ca2	8517	case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL	0:1239e9b70ca2	8518	return "TLS_RSA_WITH_HC_128_B2B256";
wolfSSL	0:1239e9b70ca2	8519	#endif
wolfSSL	0:1239e9b70ca2	8520	#endif /* NO_HC128 */
wolfSSL	0:1239e9b70ca2	8521	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8522	#ifndef NO_RABBIT
wolfSSL	0:1239e9b70ca2	8523	case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL	0:1239e9b70ca2	8524	return "TLS_RSA_WITH_RABBIT_SHA";
wolfSSL	0:1239e9b70ca2	8525	#endif
wolfSSL	0:1239e9b70ca2	8526	#ifdef HAVE_NTRU
wolfSSL	0:1239e9b70ca2	8527	#ifndef NO_RC4
wolfSSL	0:1239e9b70ca2	8528	case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL	0:1239e9b70ca2	8529	return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
wolfSSL	0:1239e9b70ca2	8530	#endif
wolfSSL	0:1239e9b70ca2	8531	#ifndef NO_DES3
wolfSSL	0:1239e9b70ca2	8532	case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8533	return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8534	#endif
wolfSSL	0:1239e9b70ca2	8535	case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8536	return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8537	case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8538	return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8539	#endif /* HAVE_NTRU */
wolfSSL	0:1239e9b70ca2	8540	#endif /* NO_SHA */
wolfSSL	0:1239e9b70ca2	8541	case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	8542	return "TLS_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL	0:1239e9b70ca2	8543	case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	8544	return "TLS_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL	0:1239e9b70ca2	8545	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL	0:1239e9b70ca2	8546	return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL	0:1239e9b70ca2	8547	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL	0:1239e9b70ca2	8548	return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL	0:1239e9b70ca2	8549	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8550	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8551	return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8552	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8553	return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8554	#endif
wolfSSL	0:1239e9b70ca2	8555	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8556	return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8557	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8558	return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8559	#ifndef NO_SHA
wolfSSL	0:1239e9b70ca2	8560	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8561	return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8562	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL	0:1239e9b70ca2	8563	return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL	0:1239e9b70ca2	8564	#endif
wolfSSL	0:1239e9b70ca2	8565	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8566	return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8567	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL	0:1239e9b70ca2	8568	return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL	0:1239e9b70ca2	8569	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	8570	default:
wolfSSL	0:1239e9b70ca2	8571	return "NONE";
wolfSSL	0:1239e9b70ca2	8572	} /* switch */
wolfSSL	0:1239e9b70ca2	8573	} /* normal / ECC */
wolfSSL	0:1239e9b70ca2	8574	}
wolfSSL	0:1239e9b70ca2	8575	#endif /* NO_ERROR_STRINGS */
wolfSSL	0:1239e9b70ca2	8576	return "NONE";
wolfSSL	0:1239e9b70ca2	8577	}
wolfSSL	0:1239e9b70ca2	8578
wolfSSL	0:1239e9b70ca2	8579
wolfSSL	0:1239e9b70ca2	8580	const char* CyaSSL_get_cipher(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	8581	{
wolfSSL	0:1239e9b70ca2	8582	CYASSL_ENTER("CyaSSL_get_cipher");
wolfSSL	0:1239e9b70ca2	8583	return CyaSSL_CIPHER_get_name(CyaSSL_get_current_cipher(ssl));
wolfSSL	0:1239e9b70ca2	8584	}
wolfSSL	0:1239e9b70ca2	8585
wolfSSL	0:1239e9b70ca2	8586	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	8587
wolfSSL	0:1239e9b70ca2	8588	/* XXX shuld be NO_DH */
wolfSSL	0:1239e9b70ca2	8589	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	8590	/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	8591	int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
wolfSSL	0:1239e9b70ca2	8592	const unsigned char* g, int gSz)
wolfSSL	0:1239e9b70ca2	8593	{
wolfSSL	0:1239e9b70ca2	8594	CYASSL_ENTER("CyaSSL_CTX_SetTmpDH");
wolfSSL	0:1239e9b70ca2	8595	if (ctx == NULL \|\| p == NULL \|\| g == NULL) return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	8596
wolfSSL	0:1239e9b70ca2	8597	XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	8598	XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	8599
wolfSSL	0:1239e9b70ca2	8600	ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	8601	if (ctx->serverDH_P.buffer == NULL)
wolfSSL	0:1239e9b70ca2	8602	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	8603
wolfSSL	0:1239e9b70ca2	8604	ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	8605	if (ctx->serverDH_G.buffer == NULL) {
wolfSSL	0:1239e9b70ca2	8606	XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	8607	return MEMORY_E;
wolfSSL	0:1239e9b70ca2	8608	}
wolfSSL	0:1239e9b70ca2	8609
wolfSSL	0:1239e9b70ca2	8610	ctx->serverDH_P.length = pSz;
wolfSSL	0:1239e9b70ca2	8611	ctx->serverDH_G.length = gSz;
wolfSSL	0:1239e9b70ca2	8612
wolfSSL	0:1239e9b70ca2	8613	XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
wolfSSL	0:1239e9b70ca2	8614	XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
wolfSSL	0:1239e9b70ca2	8615
wolfSSL	0:1239e9b70ca2	8616	ctx->haveDH = 1;
wolfSSL	0:1239e9b70ca2	8617
wolfSSL	0:1239e9b70ca2	8618	CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
wolfSSL	0:1239e9b70ca2	8619	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	8620	}
wolfSSL	0:1239e9b70ca2	8621	#endif /* !NO_CERTS */
wolfSSL	0:1239e9b70ca2	8622
wolfSSL	0:1239e9b70ca2	8623
wolfSSL	0:1239e9b70ca2	8624	char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len)
wolfSSL	0:1239e9b70ca2	8625	{
wolfSSL	0:1239e9b70ca2	8626	(void)cipher;
wolfSSL	0:1239e9b70ca2	8627	(void)in;
wolfSSL	0:1239e9b70ca2	8628	(void)len;
wolfSSL	0:1239e9b70ca2	8629	return 0;
wolfSSL	0:1239e9b70ca2	8630	}
wolfSSL	0:1239e9b70ca2	8631
wolfSSL	0:1239e9b70ca2	8632
wolfSSL	0:1239e9b70ca2	8633	CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl) /* what's ref count */
wolfSSL	0:1239e9b70ca2	8634	{
wolfSSL	0:1239e9b70ca2	8635	(void)ssl;
wolfSSL	0:1239e9b70ca2	8636	return 0;
wolfSSL	0:1239e9b70ca2	8637	}
wolfSSL	0:1239e9b70ca2	8638
wolfSSL	0:1239e9b70ca2	8639
wolfSSL	0:1239e9b70ca2	8640	void CyaSSL_X509_free(CYASSL_X509* buf)
wolfSSL	0:1239e9b70ca2	8641	{
wolfSSL	0:1239e9b70ca2	8642	(void)buf;
wolfSSL	0:1239e9b70ca2	8643	}
wolfSSL	0:1239e9b70ca2	8644
wolfSSL	0:1239e9b70ca2	8645
wolfSSL	0:1239e9b70ca2	8646	/* was do nothing */
wolfSSL	0:1239e9b70ca2	8647	/*
wolfSSL	0:1239e9b70ca2	8648	void OPENSSL_free(void* buf)
wolfSSL	0:1239e9b70ca2	8649	{
wolfSSL	0:1239e9b70ca2	8650	(void)buf;
wolfSSL	0:1239e9b70ca2	8651	}
wolfSSL	0:1239e9b70ca2	8652	*/
wolfSSL	0:1239e9b70ca2	8653
wolfSSL	0:1239e9b70ca2	8654
wolfSSL	0:1239e9b70ca2	8655	int CyaSSL_OCSP_parse_url(char* url, char host, char port, char** path,
wolfSSL	0:1239e9b70ca2	8656	int* ssl)
wolfSSL	0:1239e9b70ca2	8657	{
wolfSSL	0:1239e9b70ca2	8658	(void)url;
wolfSSL	0:1239e9b70ca2	8659	(void)host;
wolfSSL	0:1239e9b70ca2	8660	(void)port;
wolfSSL	0:1239e9b70ca2	8661	(void)path;
wolfSSL	0:1239e9b70ca2	8662	(void)ssl;
wolfSSL	0:1239e9b70ca2	8663	return 0;
wolfSSL	0:1239e9b70ca2	8664	}
wolfSSL	0:1239e9b70ca2	8665
wolfSSL	0:1239e9b70ca2	8666
wolfSSL	0:1239e9b70ca2	8667	CYASSL_METHOD* CyaSSLv2_client_method(void)
wolfSSL	0:1239e9b70ca2	8668	{
wolfSSL	0:1239e9b70ca2	8669	return 0;
wolfSSL	0:1239e9b70ca2	8670	}
wolfSSL	0:1239e9b70ca2	8671
wolfSSL	0:1239e9b70ca2	8672
wolfSSL	0:1239e9b70ca2	8673	CYASSL_METHOD* CyaSSLv2_server_method(void)
wolfSSL	0:1239e9b70ca2	8674	{
wolfSSL	0:1239e9b70ca2	8675	return 0;
wolfSSL	0:1239e9b70ca2	8676	}
wolfSSL	0:1239e9b70ca2	8677
wolfSSL	0:1239e9b70ca2	8678
wolfSSL	0:1239e9b70ca2	8679	#ifndef NO_MD4
wolfSSL	0:1239e9b70ca2	8680
wolfSSL	0:1239e9b70ca2	8681	void CyaSSL_MD4_Init(CYASSL_MD4_CTX* md4)
wolfSSL	0:1239e9b70ca2	8682	{
wolfSSL	0:1239e9b70ca2	8683	/* make sure we have a big enough buffer */
wolfSSL	0:1239e9b70ca2	8684	typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
wolfSSL	0:1239e9b70ca2	8685	(void) sizeof(ok);
wolfSSL	0:1239e9b70ca2	8686
wolfSSL	0:1239e9b70ca2	8687	CYASSL_ENTER("MD4_Init");
wolfSSL	0:1239e9b70ca2	8688	InitMd4((Md4*)md4);
wolfSSL	0:1239e9b70ca2	8689	}
wolfSSL	0:1239e9b70ca2	8690
wolfSSL	0:1239e9b70ca2	8691
wolfSSL	0:1239e9b70ca2	8692	void CyaSSL_MD4_Update(CYASSL_MD4_CTX* md4, const void* data,
wolfSSL	0:1239e9b70ca2	8693	unsigned long len)
wolfSSL	0:1239e9b70ca2	8694	{
wolfSSL	0:1239e9b70ca2	8695	CYASSL_ENTER("MD4_Update");
wolfSSL	0:1239e9b70ca2	8696	Md4Update((Md4)md4, (const byte)data, (word32)len);
wolfSSL	0:1239e9b70ca2	8697	}
wolfSSL	0:1239e9b70ca2	8698
wolfSSL	0:1239e9b70ca2	8699
wolfSSL	0:1239e9b70ca2	8700	void CyaSSL_MD4_Final(unsigned char* digest, CYASSL_MD4_CTX* md4)
wolfSSL	0:1239e9b70ca2	8701	{
wolfSSL	0:1239e9b70ca2	8702	CYASSL_ENTER("MD4_Final");
wolfSSL	0:1239e9b70ca2	8703	Md4Final((Md4*)md4, digest);
wolfSSL	0:1239e9b70ca2	8704	}
wolfSSL	0:1239e9b70ca2	8705
wolfSSL	0:1239e9b70ca2	8706	#endif /* NO_MD4 */
wolfSSL	0:1239e9b70ca2	8707
wolfSSL	0:1239e9b70ca2	8708
wolfSSL	0:1239e9b70ca2	8709	CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO* top)
wolfSSL	0:1239e9b70ca2	8710	{
wolfSSL	0:1239e9b70ca2	8711	(void)top;
wolfSSL	0:1239e9b70ca2	8712	return 0;
wolfSSL	0:1239e9b70ca2	8713	}
wolfSSL	0:1239e9b70ca2	8714
wolfSSL	0:1239e9b70ca2	8715
wolfSSL	0:1239e9b70ca2	8716	int CyaSSL_BIO_pending(CYASSL_BIO* bio)
wolfSSL	0:1239e9b70ca2	8717	{
wolfSSL	0:1239e9b70ca2	8718	(void)bio;
wolfSSL	0:1239e9b70ca2	8719	return 0;
wolfSSL	0:1239e9b70ca2	8720	}
wolfSSL	0:1239e9b70ca2	8721
wolfSSL	0:1239e9b70ca2	8722
wolfSSL	0:1239e9b70ca2	8723
wolfSSL	0:1239e9b70ca2	8724	CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void)
wolfSSL	0:1239e9b70ca2	8725	{
wolfSSL	0:1239e9b70ca2	8726	static CYASSL_BIO_METHOD meth;
wolfSSL	0:1239e9b70ca2	8727
wolfSSL	0:1239e9b70ca2	8728	CYASSL_ENTER("BIO_s_mem");
wolfSSL	0:1239e9b70ca2	8729	meth.type = BIO_MEMORY;
wolfSSL	0:1239e9b70ca2	8730
wolfSSL	0:1239e9b70ca2	8731	return &meth;
wolfSSL	0:1239e9b70ca2	8732	}
wolfSSL	0:1239e9b70ca2	8733
wolfSSL	0:1239e9b70ca2	8734
wolfSSL	0:1239e9b70ca2	8735	CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void)
wolfSSL	0:1239e9b70ca2	8736	{
wolfSSL	0:1239e9b70ca2	8737	return 0;
wolfSSL	0:1239e9b70ca2	8738	}
wolfSSL	0:1239e9b70ca2	8739
wolfSSL	0:1239e9b70ca2	8740
wolfSSL	0:1239e9b70ca2	8741	void CyaSSL_BIO_set_flags(CYASSL_BIO* bio, int flags)
wolfSSL	0:1239e9b70ca2	8742	{
wolfSSL	0:1239e9b70ca2	8743	(void)bio;
wolfSSL	0:1239e9b70ca2	8744	(void)flags;
wolfSSL	0:1239e9b70ca2	8745	}
wolfSSL	0:1239e9b70ca2	8746
wolfSSL	0:1239e9b70ca2	8747
wolfSSL	0:1239e9b70ca2	8748
wolfSSL	0:1239e9b70ca2	8749	void CyaSSL_RAND_screen(void)
wolfSSL	0:1239e9b70ca2	8750	{
wolfSSL	0:1239e9b70ca2	8751
wolfSSL	0:1239e9b70ca2	8752	}
wolfSSL	0:1239e9b70ca2	8753
wolfSSL	0:1239e9b70ca2	8754
wolfSSL	0:1239e9b70ca2	8755	const char* CyaSSL_RAND_file_name(char* fname, unsigned long len)
wolfSSL	0:1239e9b70ca2	8756	{
wolfSSL	0:1239e9b70ca2	8757	(void)fname;
wolfSSL	0:1239e9b70ca2	8758	(void)len;
wolfSSL	0:1239e9b70ca2	8759	return 0;
wolfSSL	0:1239e9b70ca2	8760	}
wolfSSL	0:1239e9b70ca2	8761
wolfSSL	0:1239e9b70ca2	8762
wolfSSL	0:1239e9b70ca2	8763	int CyaSSL_RAND_write_file(const char* fname)
wolfSSL	0:1239e9b70ca2	8764	{
wolfSSL	0:1239e9b70ca2	8765	(void)fname;
wolfSSL	0:1239e9b70ca2	8766	return 0;
wolfSSL	0:1239e9b70ca2	8767	}
wolfSSL	0:1239e9b70ca2	8768
wolfSSL	0:1239e9b70ca2	8769
wolfSSL	0:1239e9b70ca2	8770	int CyaSSL_RAND_load_file(const char* fname, long len)
wolfSSL	0:1239e9b70ca2	8771	{
wolfSSL	0:1239e9b70ca2	8772	(void)fname;
wolfSSL	0:1239e9b70ca2	8773	/* CTaoCrypt provides enough entropy internally or will report error */
wolfSSL	0:1239e9b70ca2	8774	if (len == -1)
wolfSSL	0:1239e9b70ca2	8775	return 1024;
wolfSSL	0:1239e9b70ca2	8776	else
wolfSSL	0:1239e9b70ca2	8777	return (int)len;
wolfSSL	0:1239e9b70ca2	8778	}
wolfSSL	0:1239e9b70ca2	8779
wolfSSL	0:1239e9b70ca2	8780
wolfSSL	0:1239e9b70ca2	8781	int CyaSSL_RAND_egd(const char* path)
wolfSSL	0:1239e9b70ca2	8782	{
wolfSSL	0:1239e9b70ca2	8783	(void)path;
wolfSSL	0:1239e9b70ca2	8784	return 0;
wolfSSL	0:1239e9b70ca2	8785	}
wolfSSL	0:1239e9b70ca2	8786
wolfSSL	0:1239e9b70ca2	8787
wolfSSL	0:1239e9b70ca2	8788
wolfSSL	0:1239e9b70ca2	8789	CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void)
wolfSSL	0:1239e9b70ca2	8790	{
wolfSSL	0:1239e9b70ca2	8791	return 0;
wolfSSL	0:1239e9b70ca2	8792	}
wolfSSL	0:1239e9b70ca2	8793
wolfSSL	0:1239e9b70ca2	8794
wolfSSL	0:1239e9b70ca2	8795	CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void)
wolfSSL	0:1239e9b70ca2	8796	{
wolfSSL	0:1239e9b70ca2	8797	return 0;
wolfSSL	0:1239e9b70ca2	8798	}
wolfSSL	0:1239e9b70ca2	8799
wolfSSL	0:1239e9b70ca2	8800
wolfSSL	0:1239e9b70ca2	8801	int CyaSSL_COMP_add_compression_method(int method, void* data)
wolfSSL	0:1239e9b70ca2	8802	{
wolfSSL	0:1239e9b70ca2	8803	(void)method;
wolfSSL	0:1239e9b70ca2	8804	(void)data;
wolfSSL	0:1239e9b70ca2	8805	return 0;
wolfSSL	0:1239e9b70ca2	8806	}
wolfSSL	0:1239e9b70ca2	8807
wolfSSL	0:1239e9b70ca2	8808
wolfSSL	0:1239e9b70ca2	8809
wolfSSL	0:1239e9b70ca2	8810	int CyaSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
wolfSSL	0:1239e9b70ca2	8811	void* cb3)
wolfSSL	0:1239e9b70ca2	8812	{
wolfSSL	0:1239e9b70ca2	8813	(void)idx;
wolfSSL	0:1239e9b70ca2	8814	(void)data;
wolfSSL	0:1239e9b70ca2	8815	(void)cb1;
wolfSSL	0:1239e9b70ca2	8816	(void)cb2;
wolfSSL	0:1239e9b70ca2	8817	(void)cb3;
wolfSSL	0:1239e9b70ca2	8818	return 0;
wolfSSL	0:1239e9b70ca2	8819	}
wolfSSL	0:1239e9b70ca2	8820
wolfSSL	0:1239e9b70ca2	8821
wolfSSL	0:1239e9b70ca2	8822	void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f)(
wolfSSL	0:1239e9b70ca2	8823	const char*, int))
wolfSSL	0:1239e9b70ca2	8824	{
wolfSSL	0:1239e9b70ca2	8825	(void)f;
wolfSSL	0:1239e9b70ca2	8826	}
wolfSSL	0:1239e9b70ca2	8827
wolfSSL	0:1239e9b70ca2	8828
wolfSSL	0:1239e9b70ca2	8829	void CyaSSL_set_dynlock_lock_callback(
wolfSSL	0:1239e9b70ca2	8830	void (f)(int, CYASSL_dynlock_value, const char*, int))
wolfSSL	0:1239e9b70ca2	8831	{
wolfSSL	0:1239e9b70ca2	8832	(void)f;
wolfSSL	0:1239e9b70ca2	8833	}
wolfSSL	0:1239e9b70ca2	8834
wolfSSL	0:1239e9b70ca2	8835
wolfSSL	0:1239e9b70ca2	8836	void CyaSSL_set_dynlock_destroy_callback(
wolfSSL	0:1239e9b70ca2	8837	void (f)(CYASSL_dynlock_value, const char*, int))
wolfSSL	0:1239e9b70ca2	8838	{
wolfSSL	0:1239e9b70ca2	8839	(void)f;
wolfSSL	0:1239e9b70ca2	8840	}
wolfSSL	0:1239e9b70ca2	8841
wolfSSL	0:1239e9b70ca2	8842
wolfSSL	0:1239e9b70ca2	8843
wolfSSL	0:1239e9b70ca2	8844	const char* CyaSSL_X509_verify_cert_error_string(long err)
wolfSSL	0:1239e9b70ca2	8845	{
wolfSSL	0:1239e9b70ca2	8846	(void)err;
wolfSSL	0:1239e9b70ca2	8847	return 0;
wolfSSL	0:1239e9b70ca2	8848	}
wolfSSL	0:1239e9b70ca2	8849
wolfSSL	0:1239e9b70ca2	8850
wolfSSL	0:1239e9b70ca2	8851
wolfSSL	0:1239e9b70ca2	8852	int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP* lookup, const char* dir,
wolfSSL	0:1239e9b70ca2	8853	long len)
wolfSSL	0:1239e9b70ca2	8854	{
wolfSSL	0:1239e9b70ca2	8855	(void)lookup;
wolfSSL	0:1239e9b70ca2	8856	(void)dir;
wolfSSL	0:1239e9b70ca2	8857	(void)len;
wolfSSL	0:1239e9b70ca2	8858	return 0;
wolfSSL	0:1239e9b70ca2	8859	}
wolfSSL	0:1239e9b70ca2	8860
wolfSSL	0:1239e9b70ca2	8861
wolfSSL	0:1239e9b70ca2	8862	int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP* lookup,
wolfSSL	0:1239e9b70ca2	8863	const char* file, long len)
wolfSSL	0:1239e9b70ca2	8864	{
wolfSSL	0:1239e9b70ca2	8865	(void)lookup;
wolfSSL	0:1239e9b70ca2	8866	(void)file;
wolfSSL	0:1239e9b70ca2	8867	(void)len;
wolfSSL	0:1239e9b70ca2	8868	return 0;
wolfSSL	0:1239e9b70ca2	8869	}
wolfSSL	0:1239e9b70ca2	8870
wolfSSL	0:1239e9b70ca2	8871
wolfSSL	0:1239e9b70ca2	8872	CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void)
wolfSSL	0:1239e9b70ca2	8873	{
wolfSSL	0:1239e9b70ca2	8874	return 0;
wolfSSL	0:1239e9b70ca2	8875	}
wolfSSL	0:1239e9b70ca2	8876
wolfSSL	0:1239e9b70ca2	8877
wolfSSL	0:1239e9b70ca2	8878	CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void)
wolfSSL	0:1239e9b70ca2	8879	{
wolfSSL	0:1239e9b70ca2	8880	return 0;
wolfSSL	0:1239e9b70ca2	8881	}
wolfSSL	0:1239e9b70ca2	8882
wolfSSL	0:1239e9b70ca2	8883
wolfSSL	0:1239e9b70ca2	8884
wolfSSL	0:1239e9b70ca2	8885	CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE* store,
wolfSSL	0:1239e9b70ca2	8886	CYASSL_X509_LOOKUP_METHOD* m)
wolfSSL	0:1239e9b70ca2	8887	{
wolfSSL	0:1239e9b70ca2	8888	(void)store;
wolfSSL	0:1239e9b70ca2	8889	(void)m;
wolfSSL	0:1239e9b70ca2	8890	return 0;
wolfSSL	0:1239e9b70ca2	8891	}
wolfSSL	0:1239e9b70ca2	8892
wolfSSL	0:1239e9b70ca2	8893
wolfSSL	0:1239e9b70ca2	8894	int CyaSSL_X509_STORE_add_cert(CYASSL_X509_STORE* store, CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	8895	{
wolfSSL	0:1239e9b70ca2	8896	int result = SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	8897
wolfSSL	0:1239e9b70ca2	8898	CYASSL_ENTER("CyaSSL_X509_STORE_add_cert");
wolfSSL	0:1239e9b70ca2	8899	if (store != NULL && store->cm != NULL && x509 != NULL) {
wolfSSL	0:1239e9b70ca2	8900	buffer derCert;
wolfSSL	0:1239e9b70ca2	8901	derCert.buffer = (byte*)XMALLOC(x509->derCert.length,
wolfSSL	0:1239e9b70ca2	8902	NULL, DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	8903	if (derCert.buffer != NULL) {
wolfSSL	0:1239e9b70ca2	8904	derCert.length = x509->derCert.length;
wolfSSL	0:1239e9b70ca2	8905	// AddCA() frees the buffer.
wolfSSL	0:1239e9b70ca2	8906	XMEMCPY(derCert.buffer,
wolfSSL	0:1239e9b70ca2	8907	x509->derCert.buffer, x509->derCert.length);
wolfSSL	0:1239e9b70ca2	8908	result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1);
wolfSSL	0:1239e9b70ca2	8909	if (result != SSL_SUCCESS) result = SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	8910	}
wolfSSL	0:1239e9b70ca2	8911	}
wolfSSL	0:1239e9b70ca2	8912
wolfSSL	0:1239e9b70ca2	8913	CYASSL_LEAVE("CyaSSL_X509_STORE_add_cert", result);
wolfSSL	0:1239e9b70ca2	8914	return result;
wolfSSL	0:1239e9b70ca2	8915	}
wolfSSL	0:1239e9b70ca2	8916
wolfSSL	0:1239e9b70ca2	8917
wolfSSL	0:1239e9b70ca2	8918	CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void)
wolfSSL	0:1239e9b70ca2	8919	{
wolfSSL	0:1239e9b70ca2	8920	CYASSL_X509_STORE* store = NULL;
wolfSSL	0:1239e9b70ca2	8921
wolfSSL	0:1239e9b70ca2	8922	store = (CYASSL_X509_STORE*)XMALLOC(sizeof(CYASSL_X509_STORE), NULL, 0);
wolfSSL	0:1239e9b70ca2	8923	if (store != NULL) {
wolfSSL	0:1239e9b70ca2	8924	store->cm = CyaSSL_CertManagerNew();
wolfSSL	0:1239e9b70ca2	8925	if (store->cm == NULL) {
wolfSSL	0:1239e9b70ca2	8926	XFREE(store, NULL, 0);
wolfSSL	0:1239e9b70ca2	8927	store = NULL;
wolfSSL	0:1239e9b70ca2	8928	}
wolfSSL	0:1239e9b70ca2	8929	}
wolfSSL	0:1239e9b70ca2	8930
wolfSSL	0:1239e9b70ca2	8931	return store;
wolfSSL	0:1239e9b70ca2	8932	}
wolfSSL	0:1239e9b70ca2	8933
wolfSSL	0:1239e9b70ca2	8934
wolfSSL	0:1239e9b70ca2	8935	void CyaSSL_X509_STORE_free(CYASSL_X509_STORE* store)
wolfSSL	0:1239e9b70ca2	8936	{
wolfSSL	0:1239e9b70ca2	8937	if (store != NULL) {
wolfSSL	0:1239e9b70ca2	8938	if (store->cm != NULL)
wolfSSL	0:1239e9b70ca2	8939	CyaSSL_CertManagerFree(store->cm);
wolfSSL	0:1239e9b70ca2	8940	XFREE(store, NULL, 0);
wolfSSL	0:1239e9b70ca2	8941	}
wolfSSL	0:1239e9b70ca2	8942	}
wolfSSL	0:1239e9b70ca2	8943
wolfSSL	0:1239e9b70ca2	8944
wolfSSL	0:1239e9b70ca2	8945	int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE* store)
wolfSSL	0:1239e9b70ca2	8946	{
wolfSSL	0:1239e9b70ca2	8947	(void)store;
wolfSSL	0:1239e9b70ca2	8948	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	8949	}
wolfSSL	0:1239e9b70ca2	8950
wolfSSL	0:1239e9b70ca2	8951
wolfSSL	0:1239e9b70ca2	8952	int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX* ctx, int idx,
wolfSSL	0:1239e9b70ca2	8953	CYASSL_X509_NAME* name, CYASSL_X509_OBJECT* obj)
wolfSSL	0:1239e9b70ca2	8954	{
wolfSSL	0:1239e9b70ca2	8955	(void)ctx;
wolfSSL	0:1239e9b70ca2	8956	(void)idx;
wolfSSL	0:1239e9b70ca2	8957	(void)name;
wolfSSL	0:1239e9b70ca2	8958	(void)obj;
wolfSSL	0:1239e9b70ca2	8959	return 0;
wolfSSL	0:1239e9b70ca2	8960	}
wolfSSL	0:1239e9b70ca2	8961
wolfSSL	0:1239e9b70ca2	8962
wolfSSL	0:1239e9b70ca2	8963	CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void)
wolfSSL	0:1239e9b70ca2	8964	{
wolfSSL	0:1239e9b70ca2	8965	CYASSL_X509_STORE_CTX* ctx = (CYASSL_X509_STORE_CTX*)XMALLOC(
wolfSSL	0:1239e9b70ca2	8966	sizeof(CYASSL_X509_STORE_CTX), NULL, 0);
wolfSSL	0:1239e9b70ca2	8967
wolfSSL	0:1239e9b70ca2	8968	if (ctx != NULL)
wolfSSL	0:1239e9b70ca2	8969	CyaSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
wolfSSL	0:1239e9b70ca2	8970
wolfSSL	0:1239e9b70ca2	8971	return ctx;
wolfSSL	0:1239e9b70ca2	8972	}
wolfSSL	0:1239e9b70ca2	8973
wolfSSL	0:1239e9b70ca2	8974
wolfSSL	0:1239e9b70ca2	8975	int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX* ctx,
wolfSSL	0:1239e9b70ca2	8976	CYASSL_X509_STORE* store, CYASSL_X509* x509, STACK_OF(CYASSL_X509)* sk)
wolfSSL	0:1239e9b70ca2	8977	{
wolfSSL	0:1239e9b70ca2	8978	(void)sk;
wolfSSL	0:1239e9b70ca2	8979	if (ctx != NULL) {
wolfSSL	0:1239e9b70ca2	8980	ctx->store = store;
wolfSSL	0:1239e9b70ca2	8981	ctx->current_cert = x509;
wolfSSL	0:1239e9b70ca2	8982	ctx->domain = NULL;
wolfSSL	0:1239e9b70ca2	8983	ctx->ex_data = NULL;
wolfSSL	0:1239e9b70ca2	8984	ctx->userCtx = NULL;
wolfSSL	0:1239e9b70ca2	8985	ctx->error = 0;
wolfSSL	0:1239e9b70ca2	8986	ctx->error_depth = 0;
wolfSSL	0:1239e9b70ca2	8987	ctx->discardSessionCerts = 0;
wolfSSL	0:1239e9b70ca2	8988	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	8989	}
wolfSSL	0:1239e9b70ca2	8990	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	8991	}
wolfSSL	0:1239e9b70ca2	8992
wolfSSL	0:1239e9b70ca2	8993
wolfSSL	0:1239e9b70ca2	8994	void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX* ctx)
wolfSSL	0:1239e9b70ca2	8995	{
wolfSSL	0:1239e9b70ca2	8996	if (ctx != NULL) {
wolfSSL	0:1239e9b70ca2	8997	if (ctx->store != NULL)
wolfSSL	0:1239e9b70ca2	8998	CyaSSL_X509_STORE_free(ctx->store);
wolfSSL	0:1239e9b70ca2	8999	if (ctx->current_cert != NULL)
wolfSSL	0:1239e9b70ca2	9000	CyaSSL_FreeX509(ctx->current_cert);
wolfSSL	0:1239e9b70ca2	9001	XFREE(ctx, NULL, 0);
wolfSSL	0:1239e9b70ca2	9002	}
wolfSSL	0:1239e9b70ca2	9003	}
wolfSSL	0:1239e9b70ca2	9004
wolfSSL	0:1239e9b70ca2	9005
wolfSSL	0:1239e9b70ca2	9006	void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9007	{
wolfSSL	0:1239e9b70ca2	9008	(void)ctx;
wolfSSL	0:1239e9b70ca2	9009	}
wolfSSL	0:1239e9b70ca2	9010
wolfSSL	0:1239e9b70ca2	9011
wolfSSL	0:1239e9b70ca2	9012	int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9013	{
wolfSSL	0:1239e9b70ca2	9014	if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
wolfSSL	0:1239e9b70ca2	9015	&& ctx->current_cert != NULL) {
wolfSSL	0:1239e9b70ca2	9016	return CyaSSL_CertManagerVerifyBuffer(ctx->store->cm,
wolfSSL	0:1239e9b70ca2	9017	ctx->current_cert->derCert.buffer,
wolfSSL	0:1239e9b70ca2	9018	ctx->current_cert->derCert.length,
wolfSSL	0:1239e9b70ca2	9019	SSL_FILETYPE_ASN1);
wolfSSL	0:1239e9b70ca2	9020	}
wolfSSL	0:1239e9b70ca2	9021	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	9022	}
wolfSSL	0:1239e9b70ca2	9023
wolfSSL	0:1239e9b70ca2	9024
wolfSSL	0:1239e9b70ca2	9025	CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL* crl)
wolfSSL	0:1239e9b70ca2	9026	{
wolfSSL	0:1239e9b70ca2	9027	(void)crl;
wolfSSL	0:1239e9b70ca2	9028	return 0;
wolfSSL	0:1239e9b70ca2	9029	}
wolfSSL	0:1239e9b70ca2	9030
wolfSSL	0:1239e9b70ca2	9031
wolfSSL	0:1239e9b70ca2	9032	CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL* crl)
wolfSSL	0:1239e9b70ca2	9033	{
wolfSSL	0:1239e9b70ca2	9034	(void)crl;
wolfSSL	0:1239e9b70ca2	9035	return 0;
wolfSSL	0:1239e9b70ca2	9036	}
wolfSSL	0:1239e9b70ca2	9037
wolfSSL	0:1239e9b70ca2	9038
wolfSSL	0:1239e9b70ca2	9039
wolfSSL	0:1239e9b70ca2	9040	CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	9041	{
wolfSSL	0:1239e9b70ca2	9042	CYASSL_EVP_PKEY* key = NULL;
wolfSSL	0:1239e9b70ca2	9043	if (x509 != NULL) {
wolfSSL	0:1239e9b70ca2	9044	key = (CYASSL_EVP_PKEY*)XMALLOC(
wolfSSL	0:1239e9b70ca2	9045	sizeof(CYASSL_EVP_PKEY), NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	0:1239e9b70ca2	9046	if (key != NULL) {
wolfSSL	0:1239e9b70ca2	9047	key->type = x509->pubKeyOID;
wolfSSL	0:1239e9b70ca2	9048	key->save_type = 0;
wolfSSL	0:1239e9b70ca2	9049	key->pkey.ptr = (char*)XMALLOC(
wolfSSL	0:1239e9b70ca2	9050	x509->pubKey.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	0:1239e9b70ca2	9051	if (key->pkey.ptr == NULL) {
wolfSSL	0:1239e9b70ca2	9052	XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL	0:1239e9b70ca2	9053	return NULL;
wolfSSL	0:1239e9b70ca2	9054	}
wolfSSL	0:1239e9b70ca2	9055	XMEMCPY(key->pkey.ptr,
wolfSSL	0:1239e9b70ca2	9056	x509->pubKey.buffer, x509->pubKey.length);
wolfSSL	0:1239e9b70ca2	9057	key->pkey_sz = x509->pubKey.length;
wolfSSL	0:1239e9b70ca2	9058	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	9059	key->pkey_curve = (int)x509->pkCurveOID;
wolfSSL	0:1239e9b70ca2	9060	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	9061	}
wolfSSL	0:1239e9b70ca2	9062	}
wolfSSL	0:1239e9b70ca2	9063	return key;
wolfSSL	0:1239e9b70ca2	9064	}
wolfSSL	0:1239e9b70ca2	9065
wolfSSL	0:1239e9b70ca2	9066
wolfSSL	0:1239e9b70ca2	9067	int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL* crl, CYASSL_EVP_PKEY* key)
wolfSSL	0:1239e9b70ca2	9068	{
wolfSSL	0:1239e9b70ca2	9069	(void)crl;
wolfSSL	0:1239e9b70ca2	9070	(void)key;
wolfSSL	0:1239e9b70ca2	9071	return 0;
wolfSSL	0:1239e9b70ca2	9072	}
wolfSSL	0:1239e9b70ca2	9073
wolfSSL	0:1239e9b70ca2	9074
wolfSSL	0:1239e9b70ca2	9075	void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX* ctx, int err)
wolfSSL	0:1239e9b70ca2	9076	{
wolfSSL	0:1239e9b70ca2	9077	(void)ctx;
wolfSSL	0:1239e9b70ca2	9078	(void)err;
wolfSSL	0:1239e9b70ca2	9079	}
wolfSSL	0:1239e9b70ca2	9080
wolfSSL	0:1239e9b70ca2	9081
wolfSSL	0:1239e9b70ca2	9082	void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT* obj)
wolfSSL	0:1239e9b70ca2	9083	{
wolfSSL	0:1239e9b70ca2	9084	(void)obj;
wolfSSL	0:1239e9b70ca2	9085	}
wolfSSL	0:1239e9b70ca2	9086
wolfSSL	0:1239e9b70ca2	9087
wolfSSL	0:1239e9b70ca2	9088	void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY* key)
wolfSSL	0:1239e9b70ca2	9089	{
wolfSSL	0:1239e9b70ca2	9090	if (key != NULL) {
wolfSSL	0:1239e9b70ca2	9091	if (key->pkey.ptr != NULL)
wolfSSL	0:1239e9b70ca2	9092	XFREE(key->pkey.ptr, NULL, 0);
wolfSSL	0:1239e9b70ca2	9093	XFREE(key, NULL, 0);
wolfSSL	0:1239e9b70ca2	9094	}
wolfSSL	0:1239e9b70ca2	9095	}
wolfSSL	0:1239e9b70ca2	9096
wolfSSL	0:1239e9b70ca2	9097
wolfSSL	0:1239e9b70ca2	9098	int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME* asnTime)
wolfSSL	0:1239e9b70ca2	9099	{
wolfSSL	0:1239e9b70ca2	9100	(void)asnTime;
wolfSSL	0:1239e9b70ca2	9101	return 0;
wolfSSL	0:1239e9b70ca2	9102	}
wolfSSL	0:1239e9b70ca2	9103
wolfSSL	0:1239e9b70ca2	9104
wolfSSL	0:1239e9b70ca2	9105	int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED* revoked)
wolfSSL	0:1239e9b70ca2	9106	{
wolfSSL	0:1239e9b70ca2	9107	(void)revoked;
wolfSSL	0:1239e9b70ca2	9108	return 0;
wolfSSL	0:1239e9b70ca2	9109	}
wolfSSL	0:1239e9b70ca2	9110
wolfSSL	0:1239e9b70ca2	9111
wolfSSL	0:1239e9b70ca2	9112
wolfSSL	0:1239e9b70ca2	9113	CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL* crl)
wolfSSL	0:1239e9b70ca2	9114	{
wolfSSL	0:1239e9b70ca2	9115	(void)crl;
wolfSSL	0:1239e9b70ca2	9116	return 0;
wolfSSL	0:1239e9b70ca2	9117	}
wolfSSL	0:1239e9b70ca2	9118
wolfSSL	0:1239e9b70ca2	9119
wolfSSL	0:1239e9b70ca2	9120	CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value(
wolfSSL	0:1239e9b70ca2	9121	CYASSL_X509_REVOKED* revoked, int value)
wolfSSL	0:1239e9b70ca2	9122	{
wolfSSL	0:1239e9b70ca2	9123	(void)revoked;
wolfSSL	0:1239e9b70ca2	9124	(void)value;
wolfSSL	0:1239e9b70ca2	9125	return 0;
wolfSSL	0:1239e9b70ca2	9126	}
wolfSSL	0:1239e9b70ca2	9127
wolfSSL	0:1239e9b70ca2	9128
wolfSSL	0:1239e9b70ca2	9129
wolfSSL	0:1239e9b70ca2	9130	CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	9131	{
wolfSSL	0:1239e9b70ca2	9132	(void)x509;
wolfSSL	0:1239e9b70ca2	9133	return 0;
wolfSSL	0:1239e9b70ca2	9134	}
wolfSSL	0:1239e9b70ca2	9135
wolfSSL	0:1239e9b70ca2	9136
wolfSSL	0:1239e9b70ca2	9137	int CyaSSL_ASN1_TIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_TIME* asnTime)
wolfSSL	0:1239e9b70ca2	9138	{
wolfSSL	0:1239e9b70ca2	9139	(void)bio;
wolfSSL	0:1239e9b70ca2	9140	(void)asnTime;
wolfSSL	0:1239e9b70ca2	9141	return 0;
wolfSSL	0:1239e9b70ca2	9142	}
wolfSSL	0:1239e9b70ca2	9143
wolfSSL	0:1239e9b70ca2	9144
wolfSSL	0:1239e9b70ca2	9145
wolfSSL	0:1239e9b70ca2	9146	int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER* a,
wolfSSL	0:1239e9b70ca2	9147	const CYASSL_ASN1_INTEGER* b)
wolfSSL	0:1239e9b70ca2	9148	{
wolfSSL	0:1239e9b70ca2	9149	(void)a;
wolfSSL	0:1239e9b70ca2	9150	(void)b;
wolfSSL	0:1239e9b70ca2	9151	return 0;
wolfSSL	0:1239e9b70ca2	9152	}
wolfSSL	0:1239e9b70ca2	9153
wolfSSL	0:1239e9b70ca2	9154
wolfSSL	0:1239e9b70ca2	9155	long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER* i)
wolfSSL	0:1239e9b70ca2	9156	{
wolfSSL	0:1239e9b70ca2	9157	(void)i;
wolfSSL	0:1239e9b70ca2	9158	return 0;
wolfSSL	0:1239e9b70ca2	9159	}
wolfSSL	0:1239e9b70ca2	9160
wolfSSL	0:1239e9b70ca2	9161
wolfSSL	0:1239e9b70ca2	9162
wolfSSL	0:1239e9b70ca2	9163	void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX* ctx, int idx)
wolfSSL	0:1239e9b70ca2	9164	{
wolfSSL	0:1239e9b70ca2	9165	#ifdef FORTRESS
wolfSSL	0:1239e9b70ca2	9166	if (ctx != NULL && idx == 0)
wolfSSL	0:1239e9b70ca2	9167	return ctx->ex_data;
wolfSSL	0:1239e9b70ca2	9168	#else
wolfSSL	0:1239e9b70ca2	9169	(void)ctx;
wolfSSL	0:1239e9b70ca2	9170	(void)idx;
wolfSSL	0:1239e9b70ca2	9171	#endif
wolfSSL	0:1239e9b70ca2	9172	return 0;
wolfSSL	0:1239e9b70ca2	9173	}
wolfSSL	0:1239e9b70ca2	9174
wolfSSL	0:1239e9b70ca2	9175
wolfSSL	0:1239e9b70ca2	9176	int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void)
wolfSSL	0:1239e9b70ca2	9177	{
wolfSSL	0:1239e9b70ca2	9178	return 0;
wolfSSL	0:1239e9b70ca2	9179	}
wolfSSL	0:1239e9b70ca2	9180
wolfSSL	0:1239e9b70ca2	9181
wolfSSL	0:1239e9b70ca2	9182	void* CyaSSL_get_ex_data(const CYASSL* ssl, int idx)
wolfSSL	0:1239e9b70ca2	9183	{
wolfSSL	0:1239e9b70ca2	9184	#ifdef FORTRESS
wolfSSL	0:1239e9b70ca2	9185	if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL	0:1239e9b70ca2	9186	return ssl->ex_data[idx];
wolfSSL	0:1239e9b70ca2	9187	#else
wolfSSL	0:1239e9b70ca2	9188	(void)ssl;
wolfSSL	0:1239e9b70ca2	9189	(void)idx;
wolfSSL	0:1239e9b70ca2	9190	#endif
wolfSSL	0:1239e9b70ca2	9191	return 0;
wolfSSL	0:1239e9b70ca2	9192	}
wolfSSL	0:1239e9b70ca2	9193
wolfSSL	0:1239e9b70ca2	9194
wolfSSL	0:1239e9b70ca2	9195	void CyaSSL_CTX_set_info_callback(CYASSL_CTX* ctx, void (*f)(void))
wolfSSL	0:1239e9b70ca2	9196	{
wolfSSL	0:1239e9b70ca2	9197	(void)ctx;
wolfSSL	0:1239e9b70ca2	9198	(void)f;
wolfSSL	0:1239e9b70ca2	9199	}
wolfSSL	0:1239e9b70ca2	9200
wolfSSL	0:1239e9b70ca2	9201
wolfSSL	0:1239e9b70ca2	9202	unsigned long CyaSSL_ERR_peek_error(void)
wolfSSL	0:1239e9b70ca2	9203	{
wolfSSL	0:1239e9b70ca2	9204	return 0;
wolfSSL	0:1239e9b70ca2	9205	}
wolfSSL	0:1239e9b70ca2	9206
wolfSSL	0:1239e9b70ca2	9207
wolfSSL	0:1239e9b70ca2	9208	int CyaSSL_ERR_GET_REASON(int err)
wolfSSL	0:1239e9b70ca2	9209	{
wolfSSL	0:1239e9b70ca2	9210	(void)err;
wolfSSL	0:1239e9b70ca2	9211	return 0;
wolfSSL	0:1239e9b70ca2	9212	}
wolfSSL	0:1239e9b70ca2	9213
wolfSSL	0:1239e9b70ca2	9214
wolfSSL	0:1239e9b70ca2	9215	char* CyaSSL_alert_type_string_long(int alertID)
wolfSSL	0:1239e9b70ca2	9216	{
wolfSSL	0:1239e9b70ca2	9217	(void)alertID;
wolfSSL	0:1239e9b70ca2	9218	return 0;
wolfSSL	0:1239e9b70ca2	9219	}
wolfSSL	0:1239e9b70ca2	9220
wolfSSL	0:1239e9b70ca2	9221
wolfSSL	0:1239e9b70ca2	9222	char* CyaSSL_alert_desc_string_long(int alertID)
wolfSSL	0:1239e9b70ca2	9223	{
wolfSSL	0:1239e9b70ca2	9224	(void)alertID;
wolfSSL	0:1239e9b70ca2	9225	return 0;
wolfSSL	0:1239e9b70ca2	9226	}
wolfSSL	0:1239e9b70ca2	9227
wolfSSL	0:1239e9b70ca2	9228
wolfSSL	0:1239e9b70ca2	9229	char* CyaSSL_state_string_long(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	9230	{
wolfSSL	0:1239e9b70ca2	9231	(void)ssl;
wolfSSL	0:1239e9b70ca2	9232	return 0;
wolfSSL	0:1239e9b70ca2	9233	}
wolfSSL	0:1239e9b70ca2	9234
wolfSSL	0:1239e9b70ca2	9235
wolfSSL	0:1239e9b70ca2	9236	int CyaSSL_PEM_def_callback(char* name, int num, int w, void* key)
wolfSSL	0:1239e9b70ca2	9237	{
wolfSSL	0:1239e9b70ca2	9238	(void)name;
wolfSSL	0:1239e9b70ca2	9239	(void)num;
wolfSSL	0:1239e9b70ca2	9240	(void)w;
wolfSSL	0:1239e9b70ca2	9241	(void)key;
wolfSSL	0:1239e9b70ca2	9242	return 0;
wolfSSL	0:1239e9b70ca2	9243	}
wolfSSL	0:1239e9b70ca2	9244
wolfSSL	0:1239e9b70ca2	9245
wolfSSL	0:1239e9b70ca2	9246	long CyaSSL_CTX_sess_accept(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9247	{
wolfSSL	0:1239e9b70ca2	9248	(void)ctx;
wolfSSL	0:1239e9b70ca2	9249	return 0;
wolfSSL	0:1239e9b70ca2	9250	}
wolfSSL	0:1239e9b70ca2	9251
wolfSSL	0:1239e9b70ca2	9252
wolfSSL	0:1239e9b70ca2	9253	long CyaSSL_CTX_sess_connect(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9254	{
wolfSSL	0:1239e9b70ca2	9255	(void)ctx;
wolfSSL	0:1239e9b70ca2	9256	return 0;
wolfSSL	0:1239e9b70ca2	9257	}
wolfSSL	0:1239e9b70ca2	9258
wolfSSL	0:1239e9b70ca2	9259
wolfSSL	0:1239e9b70ca2	9260	long CyaSSL_CTX_sess_accept_good(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9261	{
wolfSSL	0:1239e9b70ca2	9262	(void)ctx;
wolfSSL	0:1239e9b70ca2	9263	return 0;
wolfSSL	0:1239e9b70ca2	9264	}
wolfSSL	0:1239e9b70ca2	9265
wolfSSL	0:1239e9b70ca2	9266
wolfSSL	0:1239e9b70ca2	9267	long CyaSSL_CTX_sess_connect_good(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9268	{
wolfSSL	0:1239e9b70ca2	9269	(void)ctx;
wolfSSL	0:1239e9b70ca2	9270	return 0;
wolfSSL	0:1239e9b70ca2	9271	}
wolfSSL	0:1239e9b70ca2	9272
wolfSSL	0:1239e9b70ca2	9273
wolfSSL	0:1239e9b70ca2	9274	long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9275	{
wolfSSL	0:1239e9b70ca2	9276	(void)ctx;
wolfSSL	0:1239e9b70ca2	9277	return 0;
wolfSSL	0:1239e9b70ca2	9278	}
wolfSSL	0:1239e9b70ca2	9279
wolfSSL	0:1239e9b70ca2	9280
wolfSSL	0:1239e9b70ca2	9281	long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9282	{
wolfSSL	0:1239e9b70ca2	9283	(void)ctx;
wolfSSL	0:1239e9b70ca2	9284	return 0;
wolfSSL	0:1239e9b70ca2	9285	}
wolfSSL	0:1239e9b70ca2	9286
wolfSSL	0:1239e9b70ca2	9287
wolfSSL	0:1239e9b70ca2	9288	long CyaSSL_CTX_sess_hits(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9289	{
wolfSSL	0:1239e9b70ca2	9290	(void)ctx;
wolfSSL	0:1239e9b70ca2	9291	return 0;
wolfSSL	0:1239e9b70ca2	9292	}
wolfSSL	0:1239e9b70ca2	9293
wolfSSL	0:1239e9b70ca2	9294
wolfSSL	0:1239e9b70ca2	9295	long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9296	{
wolfSSL	0:1239e9b70ca2	9297	(void)ctx;
wolfSSL	0:1239e9b70ca2	9298	return 0;
wolfSSL	0:1239e9b70ca2	9299	}
wolfSSL	0:1239e9b70ca2	9300
wolfSSL	0:1239e9b70ca2	9301
wolfSSL	0:1239e9b70ca2	9302	long CyaSSL_CTX_sess_cache_full(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9303	{
wolfSSL	0:1239e9b70ca2	9304	(void)ctx;
wolfSSL	0:1239e9b70ca2	9305	return 0;
wolfSSL	0:1239e9b70ca2	9306	}
wolfSSL	0:1239e9b70ca2	9307
wolfSSL	0:1239e9b70ca2	9308
wolfSSL	0:1239e9b70ca2	9309	long CyaSSL_CTX_sess_misses(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9310	{
wolfSSL	0:1239e9b70ca2	9311	(void)ctx;
wolfSSL	0:1239e9b70ca2	9312	return 0;
wolfSSL	0:1239e9b70ca2	9313	}
wolfSSL	0:1239e9b70ca2	9314
wolfSSL	0:1239e9b70ca2	9315
wolfSSL	0:1239e9b70ca2	9316	long CyaSSL_CTX_sess_timeouts(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9317	{
wolfSSL	0:1239e9b70ca2	9318	(void)ctx;
wolfSSL	0:1239e9b70ca2	9319	return 0;
wolfSSL	0:1239e9b70ca2	9320	}
wolfSSL	0:1239e9b70ca2	9321
wolfSSL	0:1239e9b70ca2	9322
wolfSSL	0:1239e9b70ca2	9323	long CyaSSL_CTX_sess_number(CYASSL_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9324	{
wolfSSL	0:1239e9b70ca2	9325	(void)ctx;
wolfSSL	0:1239e9b70ca2	9326	return 0;
wolfSSL	0:1239e9b70ca2	9327	}
wolfSSL	0:1239e9b70ca2	9328
wolfSSL	0:1239e9b70ca2	9329
wolfSSL	0:1239e9b70ca2	9330	void CyaSSL_DES_set_key_unchecked(CYASSL_const_DES_cblock* myDes,
wolfSSL	0:1239e9b70ca2	9331	CYASSL_DES_key_schedule* key)
wolfSSL	0:1239e9b70ca2	9332	{
wolfSSL	0:1239e9b70ca2	9333	(void)myDes;
wolfSSL	0:1239e9b70ca2	9334	(void)key;
wolfSSL	0:1239e9b70ca2	9335	}
wolfSSL	0:1239e9b70ca2	9336
wolfSSL	0:1239e9b70ca2	9337
wolfSSL	0:1239e9b70ca2	9338	void CyaSSL_DES_set_odd_parity(CYASSL_DES_cblock* myDes)
wolfSSL	0:1239e9b70ca2	9339	{
wolfSSL	0:1239e9b70ca2	9340	(void)myDes;
wolfSSL	0:1239e9b70ca2	9341	}
wolfSSL	0:1239e9b70ca2	9342
wolfSSL	0:1239e9b70ca2	9343
wolfSSL	0:1239e9b70ca2	9344	void CyaSSL_DES_ecb_encrypt(CYASSL_DES_cblock* desa,
wolfSSL	0:1239e9b70ca2	9345	CYASSL_DES_cblock* desb, CYASSL_DES_key_schedule* key, int len)
wolfSSL	0:1239e9b70ca2	9346	{
wolfSSL	0:1239e9b70ca2	9347	(void)desa;
wolfSSL	0:1239e9b70ca2	9348	(void)desb;
wolfSSL	0:1239e9b70ca2	9349	(void)key;
wolfSSL	0:1239e9b70ca2	9350	(void)len;
wolfSSL	0:1239e9b70ca2	9351	}
wolfSSL	0:1239e9b70ca2	9352
wolfSSL	0:1239e9b70ca2	9353	int CyaSSL_BIO_printf(CYASSL_BIO* bio, const char* format, ...)
wolfSSL	0:1239e9b70ca2	9354	{
wolfSSL	0:1239e9b70ca2	9355	(void)bio;
wolfSSL	0:1239e9b70ca2	9356	(void)format;
wolfSSL	0:1239e9b70ca2	9357	return 0;
wolfSSL	0:1239e9b70ca2	9358	}
wolfSSL	0:1239e9b70ca2	9359
wolfSSL	0:1239e9b70ca2	9360
wolfSSL	0:1239e9b70ca2	9361	int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_UTCTIME* a)
wolfSSL	0:1239e9b70ca2	9362	{
wolfSSL	0:1239e9b70ca2	9363	(void)bio;
wolfSSL	0:1239e9b70ca2	9364	(void)a;
wolfSSL	0:1239e9b70ca2	9365	return 0;
wolfSSL	0:1239e9b70ca2	9366	}
wolfSSL	0:1239e9b70ca2	9367
wolfSSL	0:1239e9b70ca2	9368
wolfSSL	0:1239e9b70ca2	9369	int CyaSSL_sk_num(CYASSL_X509_REVOKED* rev)
wolfSSL	0:1239e9b70ca2	9370	{
wolfSSL	0:1239e9b70ca2	9371	(void)rev;
wolfSSL	0:1239e9b70ca2	9372	return 0;
wolfSSL	0:1239e9b70ca2	9373	}
wolfSSL	0:1239e9b70ca2	9374
wolfSSL	0:1239e9b70ca2	9375
wolfSSL	0:1239e9b70ca2	9376	void* CyaSSL_sk_value(CYASSL_X509_REVOKED* rev, int i)
wolfSSL	0:1239e9b70ca2	9377	{
wolfSSL	0:1239e9b70ca2	9378	(void)rev;
wolfSSL	0:1239e9b70ca2	9379	(void)i;
wolfSSL	0:1239e9b70ca2	9380	return 0;
wolfSSL	0:1239e9b70ca2	9381	}
wolfSSL	0:1239e9b70ca2	9382
wolfSSL	0:1239e9b70ca2	9383
wolfSSL	0:1239e9b70ca2	9384	/* stunnel 4.28 needs */
wolfSSL	0:1239e9b70ca2	9385	void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX* ctx, int d)
wolfSSL	0:1239e9b70ca2	9386	{
wolfSSL	0:1239e9b70ca2	9387	(void)ctx;
wolfSSL	0:1239e9b70ca2	9388	(void)d;
wolfSSL	0:1239e9b70ca2	9389	return 0;
wolfSSL	0:1239e9b70ca2	9390	}
wolfSSL	0:1239e9b70ca2	9391
wolfSSL	0:1239e9b70ca2	9392
wolfSSL	0:1239e9b70ca2	9393	int CyaSSL_CTX_set_ex_data(CYASSL_CTX* ctx, int d, void* p)
wolfSSL	0:1239e9b70ca2	9394	{
wolfSSL	0:1239e9b70ca2	9395	(void)ctx;
wolfSSL	0:1239e9b70ca2	9396	(void)d;
wolfSSL	0:1239e9b70ca2	9397	(void)p;
wolfSSL	0:1239e9b70ca2	9398	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	9399	}
wolfSSL	0:1239e9b70ca2	9400
wolfSSL	0:1239e9b70ca2	9401
wolfSSL	0:1239e9b70ca2	9402	void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	9403	CYASSL_SESSION(f)(CYASSL, unsigned char, int, int*))
wolfSSL	0:1239e9b70ca2	9404	{
wolfSSL	0:1239e9b70ca2	9405	(void)ctx;
wolfSSL	0:1239e9b70ca2	9406	(void)f;
wolfSSL	0:1239e9b70ca2	9407	}
wolfSSL	0:1239e9b70ca2	9408
wolfSSL	0:1239e9b70ca2	9409
wolfSSL	0:1239e9b70ca2	9410	void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX* ctx,
wolfSSL	0:1239e9b70ca2	9411	int (f)(CYASSL, CYASSL_SESSION*))
wolfSSL	0:1239e9b70ca2	9412	{
wolfSSL	0:1239e9b70ca2	9413	(void)ctx;
wolfSSL	0:1239e9b70ca2	9414	(void)f;
wolfSSL	0:1239e9b70ca2	9415	}
wolfSSL	0:1239e9b70ca2	9416
wolfSSL	0:1239e9b70ca2	9417
wolfSSL	0:1239e9b70ca2	9418	void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX* ctx, void (f)(CYASSL_CTX,
wolfSSL	0:1239e9b70ca2	9419	CYASSL_SESSION*))
wolfSSL	0:1239e9b70ca2	9420	{
wolfSSL	0:1239e9b70ca2	9421	(void)ctx;
wolfSSL	0:1239e9b70ca2	9422	(void)f;
wolfSSL	0:1239e9b70ca2	9423	}
wolfSSL	0:1239e9b70ca2	9424
wolfSSL	0:1239e9b70ca2	9425
wolfSSL	0:1239e9b70ca2	9426	int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION* sess, unsigned char** p)
wolfSSL	0:1239e9b70ca2	9427	{
wolfSSL	0:1239e9b70ca2	9428	(void)sess;
wolfSSL	0:1239e9b70ca2	9429	(void)p;
wolfSSL	0:1239e9b70ca2	9430	return sizeof(CYASSL_SESSION);
wolfSSL	0:1239e9b70ca2	9431	}
wolfSSL	0:1239e9b70ca2	9432
wolfSSL	0:1239e9b70ca2	9433
wolfSSL	0:1239e9b70ca2	9434	CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION** sess,
wolfSSL	0:1239e9b70ca2	9435	const unsigned char** p, long i)
wolfSSL	0:1239e9b70ca2	9436	{
wolfSSL	0:1239e9b70ca2	9437	(void)p;
wolfSSL	0:1239e9b70ca2	9438	(void)i;
wolfSSL	0:1239e9b70ca2	9439	if (sess)
wolfSSL	0:1239e9b70ca2	9440	return *sess;
wolfSSL	0:1239e9b70ca2	9441	return NULL;
wolfSSL	0:1239e9b70ca2	9442	}
wolfSSL	0:1239e9b70ca2	9443
wolfSSL	0:1239e9b70ca2	9444
wolfSSL	0:1239e9b70ca2	9445	long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION* sess)
wolfSSL	0:1239e9b70ca2	9446	{
wolfSSL	0:1239e9b70ca2	9447	CYASSL_ENTER("CyaSSL_SESSION_get_timeout");
wolfSSL	0:1239e9b70ca2	9448	return sess->timeout;
wolfSSL	0:1239e9b70ca2	9449	}
wolfSSL	0:1239e9b70ca2	9450
wolfSSL	0:1239e9b70ca2	9451
wolfSSL	0:1239e9b70ca2	9452	long CyaSSL_SESSION_get_time(const CYASSL_SESSION* sess)
wolfSSL	0:1239e9b70ca2	9453	{
wolfSSL	0:1239e9b70ca2	9454	CYASSL_ENTER("CyaSSL_SESSION_get_time");
wolfSSL	0:1239e9b70ca2	9455	return sess->bornOn;
wolfSSL	0:1239e9b70ca2	9456	}
wolfSSL	0:1239e9b70ca2	9457
wolfSSL	0:1239e9b70ca2	9458
wolfSSL	0:1239e9b70ca2	9459	int CyaSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
wolfSSL	0:1239e9b70ca2	9460	void* c)
wolfSSL	0:1239e9b70ca2	9461	{
wolfSSL	0:1239e9b70ca2	9462	(void)idx;
wolfSSL	0:1239e9b70ca2	9463	(void)arg;
wolfSSL	0:1239e9b70ca2	9464	(void)a;
wolfSSL	0:1239e9b70ca2	9465	(void)b;
wolfSSL	0:1239e9b70ca2	9466	(void)c;
wolfSSL	0:1239e9b70ca2	9467	return 0;
wolfSSL	0:1239e9b70ca2	9468	}
wolfSSL	0:1239e9b70ca2	9469
wolfSSL	0:1239e9b70ca2	9470	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	9471
wolfSSL	0:1239e9b70ca2	9472
wolfSSL	0:1239e9b70ca2	9473	#ifdef KEEP_PEER_CERT
wolfSSL	0:1239e9b70ca2	9474	char* CyaSSL_X509_get_subjectCN(CYASSL_X509* x509)
wolfSSL	0:1239e9b70ca2	9475	{
wolfSSL	0:1239e9b70ca2	9476	if (x509 == NULL)
wolfSSL	0:1239e9b70ca2	9477	return NULL;
wolfSSL	0:1239e9b70ca2	9478
wolfSSL	0:1239e9b70ca2	9479	return x509->subjectCN;
wolfSSL	0:1239e9b70ca2	9480	}
wolfSSL	0:1239e9b70ca2	9481	#endif /* KEEP_PEER_CERT */
wolfSSL	0:1239e9b70ca2	9482
wolfSSL	0:1239e9b70ca2	9483	#ifdef OPENSSL_EXTRA
wolfSSL	0:1239e9b70ca2	9484
wolfSSL	0:1239e9b70ca2	9485	#ifdef FORTRESS
wolfSSL	0:1239e9b70ca2	9486	int CyaSSL_cmp_peer_cert_to_file(CYASSL* ssl, const char *fname)
wolfSSL	0:1239e9b70ca2	9487	{
wolfSSL	0:1239e9b70ca2	9488	int ret = SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	9489
wolfSSL	0:1239e9b70ca2	9490	CYASSL_ENTER("CyaSSL_cmp_peer_cert_to_file");
wolfSSL	0:1239e9b70ca2	9491	if (ssl != NULL && fname != NULL)
wolfSSL	0:1239e9b70ca2	9492	{
wolfSSL	0:1239e9b70ca2	9493	XFILE file = XBADFILE;
wolfSSL	0:1239e9b70ca2	9494	long sz = 0;
wolfSSL	0:1239e9b70ca2	9495	byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL	0:1239e9b70ca2	9496	byte* myBuffer = staticBuffer;
wolfSSL	0:1239e9b70ca2	9497	CYASSL_CTX* ctx = ssl->ctx;
wolfSSL	0:1239e9b70ca2	9498	EncryptedInfo info;
wolfSSL	0:1239e9b70ca2	9499	buffer fileDer;
wolfSSL	0:1239e9b70ca2	9500	int eccKey = 0;
wolfSSL	0:1239e9b70ca2	9501	CYASSL_X509* peer_cert = &ssl->peerCert;
wolfSSL	0:1239e9b70ca2	9502
wolfSSL	0:1239e9b70ca2	9503	info.set = 0;
wolfSSL	0:1239e9b70ca2	9504	info.ctx = ctx;
wolfSSL	0:1239e9b70ca2	9505	info.consumed = 0;
wolfSSL	0:1239e9b70ca2	9506	fileDer.buffer = 0;
wolfSSL	0:1239e9b70ca2	9507
wolfSSL	0:1239e9b70ca2	9508	file = XFOPEN(fname, "rb");
wolfSSL	0:1239e9b70ca2	9509	if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL	0:1239e9b70ca2	9510	XFSEEK(file, 0, XSEEK_END);
wolfSSL	0:1239e9b70ca2	9511	sz = XFTELL(file);
wolfSSL	0:1239e9b70ca2	9512	XREWIND(file);
wolfSSL	0:1239e9b70ca2	9513	if (sz > (long)sizeof(staticBuffer)) {
wolfSSL	0:1239e9b70ca2	9514	CYASSL_MSG("Getting dynamic buffer");
wolfSSL	0:1239e9b70ca2	9515	myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	9516	}
wolfSSL	0:1239e9b70ca2	9517
wolfSSL	0:1239e9b70ca2	9518	if ((myBuffer != NULL) &&
wolfSSL	0:1239e9b70ca2	9519	(sz > 0) &&
wolfSSL	0:1239e9b70ca2	9520	(XFREAD(myBuffer, sz, 1, file) > 0) &&
wolfSSL	0:1239e9b70ca2	9521	(PemToDer(myBuffer, sz, CERT_TYPE,
wolfSSL	0:1239e9b70ca2	9522	&fileDer, ctx->heap, &info, &eccKey) == 0) &&
wolfSSL	0:1239e9b70ca2	9523	(fileDer.length != 0) &&
wolfSSL	0:1239e9b70ca2	9524	(fileDer.length == peer_cert->derCert.length) &&
wolfSSL	0:1239e9b70ca2	9525	(XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer,
wolfSSL	0:1239e9b70ca2	9526	fileDer.length) == 0))
wolfSSL	0:1239e9b70ca2	9527	{
wolfSSL	0:1239e9b70ca2	9528	ret = 0;
wolfSSL	0:1239e9b70ca2	9529	}
wolfSSL	0:1239e9b70ca2	9530
wolfSSL	0:1239e9b70ca2	9531	XFCLOSE(file);
wolfSSL	0:1239e9b70ca2	9532	if (fileDer.buffer)
wolfSSL	0:1239e9b70ca2	9533	XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
wolfSSL	0:1239e9b70ca2	9534	if (myBuffer && (myBuffer != staticBuffer))
wolfSSL	0:1239e9b70ca2	9535	XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL	0:1239e9b70ca2	9536	}
wolfSSL	0:1239e9b70ca2	9537
wolfSSL	0:1239e9b70ca2	9538	return ret;
wolfSSL	0:1239e9b70ca2	9539	}
wolfSSL	0:1239e9b70ca2	9540	#endif
wolfSSL	0:1239e9b70ca2	9541
wolfSSL	0:1239e9b70ca2	9542
wolfSSL	0:1239e9b70ca2	9543	static RNG globalRNG;
wolfSSL	0:1239e9b70ca2	9544	static int initGlobalRNG = 0;
wolfSSL	0:1239e9b70ca2	9545
wolfSSL	0:1239e9b70ca2	9546	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	9547	int CyaSSL_RAND_seed(const void* seed, int len)
wolfSSL	0:1239e9b70ca2	9548	{
wolfSSL	0:1239e9b70ca2	9549
wolfSSL	0:1239e9b70ca2	9550	CYASSL_MSG("CyaSSL_RAND_seed");
wolfSSL	0:1239e9b70ca2	9551
wolfSSL	0:1239e9b70ca2	9552	(void)seed;
wolfSSL	0:1239e9b70ca2	9553	(void)len;
wolfSSL	0:1239e9b70ca2	9554
wolfSSL	0:1239e9b70ca2	9555	if (initGlobalRNG == 0) {
wolfSSL	0:1239e9b70ca2	9556	if (InitRng(&globalRNG) < 0) {
wolfSSL	0:1239e9b70ca2	9557	CYASSL_MSG("CyaSSL Init Global RNG failed");
wolfSSL	0:1239e9b70ca2	9558	return 0;
wolfSSL	0:1239e9b70ca2	9559	}
wolfSSL	0:1239e9b70ca2	9560	initGlobalRNG = 1;
wolfSSL	0:1239e9b70ca2	9561	}
wolfSSL	0:1239e9b70ca2	9562
wolfSSL	0:1239e9b70ca2	9563	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	9564	}
wolfSSL	0:1239e9b70ca2	9565
wolfSSL	0:1239e9b70ca2	9566
wolfSSL	0:1239e9b70ca2	9567	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	9568	int CyaSSL_RAND_bytes(unsigned char* buf, int num)
wolfSSL	0:1239e9b70ca2	9569	{
wolfSSL	0:1239e9b70ca2	9570	RNG tmpRNG;
wolfSSL	0:1239e9b70ca2	9571	RNG* rng = &tmpRNG;
wolfSSL	0:1239e9b70ca2	9572
wolfSSL	0:1239e9b70ca2	9573	CYASSL_ENTER("RAND_bytes");
wolfSSL	0:1239e9b70ca2	9574	if (InitRng(&tmpRNG) != 0) {
wolfSSL	0:1239e9b70ca2	9575	CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL	0:1239e9b70ca2	9576	if (initGlobalRNG == 0) {
wolfSSL	0:1239e9b70ca2	9577	CYASSL_MSG("Global RNG no Init");
wolfSSL	0:1239e9b70ca2	9578	return 0;
wolfSSL	0:1239e9b70ca2	9579	}
wolfSSL	0:1239e9b70ca2	9580	rng = &globalRNG;
wolfSSL	0:1239e9b70ca2	9581	}
wolfSSL	0:1239e9b70ca2	9582
wolfSSL	0:1239e9b70ca2	9583	if (RNG_GenerateBlock(rng, buf, num) != 0) {
wolfSSL	0:1239e9b70ca2	9584	CYASSL_MSG("Bad RNG_GenerateBlock");
wolfSSL	0:1239e9b70ca2	9585	return 0;
wolfSSL	0:1239e9b70ca2	9586	}
wolfSSL	0:1239e9b70ca2	9587
wolfSSL	0:1239e9b70ca2	9588	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	9589	}
wolfSSL	0:1239e9b70ca2	9590
wolfSSL	0:1239e9b70ca2	9591	CYASSL_BN_CTX* CyaSSL_BN_CTX_new(void)
wolfSSL	0:1239e9b70ca2	9592	{
wolfSSL	0:1239e9b70ca2	9593	static int ctx; /* ctaocrypt doesn't now need ctx */
wolfSSL	0:1239e9b70ca2	9594
wolfSSL	0:1239e9b70ca2	9595	CYASSL_MSG("CyaSSL_BN_CTX_new");
wolfSSL	0:1239e9b70ca2	9596
wolfSSL	0:1239e9b70ca2	9597	return (CYASSL_BN_CTX*)&ctx;
wolfSSL	0:1239e9b70ca2	9598	}
wolfSSL	0:1239e9b70ca2	9599
wolfSSL	0:1239e9b70ca2	9600	void CyaSSL_BN_CTX_init(CYASSL_BN_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9601	{
wolfSSL	0:1239e9b70ca2	9602	(void)ctx;
wolfSSL	0:1239e9b70ca2	9603	CYASSL_MSG("CyaSSL_BN_CTX_init");
wolfSSL	0:1239e9b70ca2	9604	}
wolfSSL	0:1239e9b70ca2	9605
wolfSSL	0:1239e9b70ca2	9606
wolfSSL	0:1239e9b70ca2	9607	void CyaSSL_BN_CTX_free(CYASSL_BN_CTX* ctx)
wolfSSL	0:1239e9b70ca2	9608	{
wolfSSL	0:1239e9b70ca2	9609	(void)ctx;
wolfSSL	0:1239e9b70ca2	9610	CYASSL_MSG("CyaSSL_BN_CTX_free");
wolfSSL	0:1239e9b70ca2	9611
wolfSSL	0:1239e9b70ca2	9612	/* do free since static ctx that does nothing */
wolfSSL	0:1239e9b70ca2	9613	}
wolfSSL	0:1239e9b70ca2	9614
wolfSSL	0:1239e9b70ca2	9615
wolfSSL	0:1239e9b70ca2	9616	static void InitCyaSSL_BigNum(CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9617	{
wolfSSL	0:1239e9b70ca2	9618	CYASSL_MSG("InitCyaSSL_BigNum");
wolfSSL	0:1239e9b70ca2	9619	if (bn) {
wolfSSL	0:1239e9b70ca2	9620	bn->neg = 0;
wolfSSL	0:1239e9b70ca2	9621	bn->internal = NULL;
wolfSSL	0:1239e9b70ca2	9622	}
wolfSSL	0:1239e9b70ca2	9623	}
wolfSSL	0:1239e9b70ca2	9624
wolfSSL	0:1239e9b70ca2	9625
wolfSSL	0:1239e9b70ca2	9626	CYASSL_BIGNUM* CyaSSL_BN_new(void)
wolfSSL	0:1239e9b70ca2	9627	{
wolfSSL	0:1239e9b70ca2	9628	CYASSL_BIGNUM* external;
wolfSSL	0:1239e9b70ca2	9629	mp_int* mpi;
wolfSSL	0:1239e9b70ca2	9630
wolfSSL	0:1239e9b70ca2	9631	CYASSL_MSG("CyaSSL_BN_new");
wolfSSL	0:1239e9b70ca2	9632
wolfSSL	0:1239e9b70ca2	9633	mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL	0:1239e9b70ca2	9634	if (mpi == NULL) {
wolfSSL	0:1239e9b70ca2	9635	CYASSL_MSG("CyaSSL_BN_new malloc mpi failure");
wolfSSL	0:1239e9b70ca2	9636	return NULL;
wolfSSL	0:1239e9b70ca2	9637	}
wolfSSL	0:1239e9b70ca2	9638
wolfSSL	0:1239e9b70ca2	9639	external = (CYASSL_BIGNUM*) XMALLOC(sizeof(CYASSL_BIGNUM), NULL,
wolfSSL	0:1239e9b70ca2	9640	DYNAMIC_TYPE_BIGINT);
wolfSSL	0:1239e9b70ca2	9641	if (external == NULL) {
wolfSSL	0:1239e9b70ca2	9642	CYASSL_MSG("CyaSSL_BN_new malloc CYASSL_BIGNUM failure");
wolfSSL	0:1239e9b70ca2	9643	XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL	0:1239e9b70ca2	9644	return NULL;
wolfSSL	0:1239e9b70ca2	9645	}
wolfSSL	0:1239e9b70ca2	9646
wolfSSL	0:1239e9b70ca2	9647	InitCyaSSL_BigNum(external);
wolfSSL	0:1239e9b70ca2	9648	external->internal = mpi;
wolfSSL	0:1239e9b70ca2	9649	if (mp_init(mpi) != MP_OKAY) {
wolfSSL	0:1239e9b70ca2	9650	CyaSSL_BN_free(external);
wolfSSL	0:1239e9b70ca2	9651	return NULL;
wolfSSL	0:1239e9b70ca2	9652	}
wolfSSL	0:1239e9b70ca2	9653
wolfSSL	0:1239e9b70ca2	9654	return external;
wolfSSL	0:1239e9b70ca2	9655	}
wolfSSL	0:1239e9b70ca2	9656
wolfSSL	0:1239e9b70ca2	9657
wolfSSL	0:1239e9b70ca2	9658	void CyaSSL_BN_free(CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9659	{
wolfSSL	0:1239e9b70ca2	9660	CYASSL_MSG("CyaSSL_BN_free");
wolfSSL	0:1239e9b70ca2	9661	if (bn) {
wolfSSL	0:1239e9b70ca2	9662	if (bn->internal) {
wolfSSL	0:1239e9b70ca2	9663	mp_clear((mp_int*)bn->internal);
wolfSSL	0:1239e9b70ca2	9664	XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL	0:1239e9b70ca2	9665	bn->internal = NULL;
wolfSSL	0:1239e9b70ca2	9666	}
wolfSSL	0:1239e9b70ca2	9667	XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL	0:1239e9b70ca2	9668	}
wolfSSL	0:1239e9b70ca2	9669	}
wolfSSL	0:1239e9b70ca2	9670
wolfSSL	0:1239e9b70ca2	9671
wolfSSL	0:1239e9b70ca2	9672	void CyaSSL_BN_clear_free(CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9673	{
wolfSSL	0:1239e9b70ca2	9674	CYASSL_MSG("CyaSSL_BN_clear_free");
wolfSSL	0:1239e9b70ca2	9675
wolfSSL	0:1239e9b70ca2	9676	CyaSSL_BN_free(bn);
wolfSSL	0:1239e9b70ca2	9677	}
wolfSSL	0:1239e9b70ca2	9678
wolfSSL	0:1239e9b70ca2	9679
wolfSSL	0:1239e9b70ca2	9680	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	9681	int CyaSSL_BN_sub(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
wolfSSL	0:1239e9b70ca2	9682	const CYASSL_BIGNUM* b)
wolfSSL	0:1239e9b70ca2	9683	{
wolfSSL	0:1239e9b70ca2	9684	CYASSL_MSG("CyaSSL_BN_sub");
wolfSSL	0:1239e9b70ca2	9685
wolfSSL	0:1239e9b70ca2	9686	if (r == NULL \|\| a == NULL \|\| b == NULL)
wolfSSL	0:1239e9b70ca2	9687	return 0;
wolfSSL	0:1239e9b70ca2	9688
wolfSSL	0:1239e9b70ca2	9689	if (mp_sub((mp_int)a->internal,(mp_int)b->internal,
wolfSSL	0:1239e9b70ca2	9690	(mp_int*)r->internal) == MP_OKAY)
wolfSSL	0:1239e9b70ca2	9691	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	9692
wolfSSL	0:1239e9b70ca2	9693	CYASSL_MSG("CyaSSL_BN_sub mp_sub failed");
wolfSSL	0:1239e9b70ca2	9694	return 0;
wolfSSL	0:1239e9b70ca2	9695	}
wolfSSL	0:1239e9b70ca2	9696
wolfSSL	0:1239e9b70ca2	9697
wolfSSL	0:1239e9b70ca2	9698	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	9699	int CyaSSL_BN_mod(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
wolfSSL	0:1239e9b70ca2	9700	const CYASSL_BIGNUM* b, const CYASSL_BN_CTX* c)
wolfSSL	0:1239e9b70ca2	9701	{
wolfSSL	0:1239e9b70ca2	9702	(void)c;
wolfSSL	0:1239e9b70ca2	9703	CYASSL_MSG("CyaSSL_BN_mod");
wolfSSL	0:1239e9b70ca2	9704
wolfSSL	0:1239e9b70ca2	9705	if (r == NULL \|\| a == NULL \|\| b == NULL)
wolfSSL	0:1239e9b70ca2	9706	return 0;
wolfSSL	0:1239e9b70ca2	9707
wolfSSL	0:1239e9b70ca2	9708	if (mp_mod((mp_int)a->internal,(mp_int)b->internal,
wolfSSL	0:1239e9b70ca2	9709	(mp_int*)r->internal) == MP_OKAY)
wolfSSL	0:1239e9b70ca2	9710	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	9711
wolfSSL	0:1239e9b70ca2	9712	CYASSL_MSG("CyaSSL_BN_mod mp_mod failed");
wolfSSL	0:1239e9b70ca2	9713	return 0;
wolfSSL	0:1239e9b70ca2	9714	}
wolfSSL	0:1239e9b70ca2	9715
wolfSSL	0:1239e9b70ca2	9716
wolfSSL	0:1239e9b70ca2	9717	const CYASSL_BIGNUM* CyaSSL_BN_value_one(void)
wolfSSL	0:1239e9b70ca2	9718	{
wolfSSL	0:1239e9b70ca2	9719	static CYASSL_BIGNUM* bn_one = NULL;
wolfSSL	0:1239e9b70ca2	9720
wolfSSL	0:1239e9b70ca2	9721	CYASSL_MSG("CyaSSL_BN_value_one");
wolfSSL	0:1239e9b70ca2	9722
wolfSSL	0:1239e9b70ca2	9723	if (bn_one == NULL) {
wolfSSL	0:1239e9b70ca2	9724	bn_one = CyaSSL_BN_new();
wolfSSL	0:1239e9b70ca2	9725	if (bn_one)
wolfSSL	0:1239e9b70ca2	9726	mp_set_int((mp_int*)bn_one->internal, 1);
wolfSSL	0:1239e9b70ca2	9727	}
wolfSSL	0:1239e9b70ca2	9728
wolfSSL	0:1239e9b70ca2	9729	return bn_one;
wolfSSL	0:1239e9b70ca2	9730	}
wolfSSL	0:1239e9b70ca2	9731
wolfSSL	0:1239e9b70ca2	9732
wolfSSL	0:1239e9b70ca2	9733	int CyaSSL_BN_num_bytes(const CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9734	{
wolfSSL	0:1239e9b70ca2	9735	CYASSL_MSG("CyaSSL_BN_num_bytes");
wolfSSL	0:1239e9b70ca2	9736
wolfSSL	0:1239e9b70ca2	9737	if (bn == NULL \|\| bn->internal == NULL)
wolfSSL	0:1239e9b70ca2	9738	return 0;
wolfSSL	0:1239e9b70ca2	9739
wolfSSL	0:1239e9b70ca2	9740	return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL	0:1239e9b70ca2	9741	}
wolfSSL	0:1239e9b70ca2	9742
wolfSSL	0:1239e9b70ca2	9743
wolfSSL	0:1239e9b70ca2	9744	int CyaSSL_BN_num_bits(const CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9745	{
wolfSSL	0:1239e9b70ca2	9746	CYASSL_MSG("CyaSSL_BN_num_bits");
wolfSSL	0:1239e9b70ca2	9747
wolfSSL	0:1239e9b70ca2	9748	if (bn == NULL \|\| bn->internal == NULL)
wolfSSL	0:1239e9b70ca2	9749	return 0;
wolfSSL	0:1239e9b70ca2	9750
wolfSSL	0:1239e9b70ca2	9751	return mp_count_bits((mp_int*)bn->internal);
wolfSSL	0:1239e9b70ca2	9752	}
wolfSSL	0:1239e9b70ca2	9753
wolfSSL	0:1239e9b70ca2	9754
wolfSSL	0:1239e9b70ca2	9755	int CyaSSL_BN_is_zero(const CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9756	{
wolfSSL	0:1239e9b70ca2	9757	CYASSL_MSG("CyaSSL_BN_is_zero");
wolfSSL	0:1239e9b70ca2	9758
wolfSSL	0:1239e9b70ca2	9759	if (bn == NULL \|\| bn->internal == NULL)
wolfSSL	0:1239e9b70ca2	9760	return 0;
wolfSSL	0:1239e9b70ca2	9761
wolfSSL	0:1239e9b70ca2	9762	return mp_iszero((mp_int*)bn->internal);
wolfSSL	0:1239e9b70ca2	9763	}
wolfSSL	0:1239e9b70ca2	9764
wolfSSL	0:1239e9b70ca2	9765
wolfSSL	0:1239e9b70ca2	9766	int CyaSSL_BN_is_one(const CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9767	{
wolfSSL	0:1239e9b70ca2	9768	CYASSL_MSG("CyaSSL_BN_is_one");
wolfSSL	0:1239e9b70ca2	9769
wolfSSL	0:1239e9b70ca2	9770	if (bn == NULL \|\| bn->internal == NULL)
wolfSSL	0:1239e9b70ca2	9771	return 0;
wolfSSL	0:1239e9b70ca2	9772
wolfSSL	0:1239e9b70ca2	9773	if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
wolfSSL	0:1239e9b70ca2	9774	return 1;
wolfSSL	0:1239e9b70ca2	9775
wolfSSL	0:1239e9b70ca2	9776	return 0;
wolfSSL	0:1239e9b70ca2	9777	}
wolfSSL	0:1239e9b70ca2	9778
wolfSSL	0:1239e9b70ca2	9779
wolfSSL	0:1239e9b70ca2	9780	int CyaSSL_BN_is_odd(const CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9781	{
wolfSSL	0:1239e9b70ca2	9782	CYASSL_MSG("CyaSSL_BN_is_odd");
wolfSSL	0:1239e9b70ca2	9783
wolfSSL	0:1239e9b70ca2	9784	if (bn == NULL \|\| bn->internal == NULL)
wolfSSL	0:1239e9b70ca2	9785	return 0;
wolfSSL	0:1239e9b70ca2	9786
wolfSSL	0:1239e9b70ca2	9787	return mp_isodd((mp_int*)bn->internal);
wolfSSL	0:1239e9b70ca2	9788	}
wolfSSL	0:1239e9b70ca2	9789
wolfSSL	0:1239e9b70ca2	9790
wolfSSL	0:1239e9b70ca2	9791	int CyaSSL_BN_cmp(const CYASSL_BIGNUM* a, const CYASSL_BIGNUM* b)
wolfSSL	0:1239e9b70ca2	9792	{
wolfSSL	0:1239e9b70ca2	9793	CYASSL_MSG("CyaSSL_BN_cmp");
wolfSSL	0:1239e9b70ca2	9794
wolfSSL	0:1239e9b70ca2	9795	if (a == NULL \|\| a->internal == NULL \|\| b == NULL \|\| b->internal ==NULL)
wolfSSL	0:1239e9b70ca2	9796	return 0;
wolfSSL	0:1239e9b70ca2	9797
wolfSSL	0:1239e9b70ca2	9798	return mp_cmp((mp_int)a->internal, (mp_int)b->internal);
wolfSSL	0:1239e9b70ca2	9799	}
wolfSSL	0:1239e9b70ca2	9800
wolfSSL	0:1239e9b70ca2	9801
wolfSSL	0:1239e9b70ca2	9802	int CyaSSL_BN_bn2bin(const CYASSL_BIGNUM* bn, unsigned char* r)
wolfSSL	0:1239e9b70ca2	9803	{
wolfSSL	0:1239e9b70ca2	9804	CYASSL_MSG("CyaSSL_BN_bn2bin");
wolfSSL	0:1239e9b70ca2	9805
wolfSSL	0:1239e9b70ca2	9806	if (bn == NULL \|\| bn->internal == NULL) {
wolfSSL	0:1239e9b70ca2	9807	CYASSL_MSG("NULL bn error");
wolfSSL	0:1239e9b70ca2	9808	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	9809	}
wolfSSL	0:1239e9b70ca2	9810
wolfSSL	0:1239e9b70ca2	9811	if (r == NULL)
wolfSSL	0:1239e9b70ca2	9812	return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL	0:1239e9b70ca2	9813
wolfSSL	0:1239e9b70ca2	9814	if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
wolfSSL	0:1239e9b70ca2	9815	CYASSL_MSG("mp_to_unsigned_bin error");
wolfSSL	0:1239e9b70ca2	9816	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	9817	}
wolfSSL	0:1239e9b70ca2	9818
wolfSSL	0:1239e9b70ca2	9819	return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL	0:1239e9b70ca2	9820	}
wolfSSL	0:1239e9b70ca2	9821
wolfSSL	0:1239e9b70ca2	9822
wolfSSL	0:1239e9b70ca2	9823	CYASSL_BIGNUM* CyaSSL_BN_bin2bn(const unsigned char* str, int len,
wolfSSL	0:1239e9b70ca2	9824	CYASSL_BIGNUM* ret)
wolfSSL	0:1239e9b70ca2	9825	{
wolfSSL	0:1239e9b70ca2	9826	CYASSL_MSG("CyaSSL_BN_bin2bn");
wolfSSL	0:1239e9b70ca2	9827
wolfSSL	0:1239e9b70ca2	9828	if (ret && ret->internal) {
wolfSSL	0:1239e9b70ca2	9829	if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
wolfSSL	0:1239e9b70ca2	9830	CYASSL_MSG("mp_read_unsigned_bin failure");
wolfSSL	0:1239e9b70ca2	9831	return NULL;
wolfSSL	0:1239e9b70ca2	9832	}
wolfSSL	0:1239e9b70ca2	9833	}
wolfSSL	0:1239e9b70ca2	9834	else {
wolfSSL	0:1239e9b70ca2	9835	CYASSL_MSG("CyaSSL_BN_bin2bn wants return bignum");
wolfSSL	0:1239e9b70ca2	9836	}
wolfSSL	0:1239e9b70ca2	9837
wolfSSL	0:1239e9b70ca2	9838	return ret;
wolfSSL	0:1239e9b70ca2	9839	}
wolfSSL	0:1239e9b70ca2	9840
wolfSSL	0:1239e9b70ca2	9841
wolfSSL	0:1239e9b70ca2	9842	int CyaSSL_mask_bits(CYASSL_BIGNUM* bn, int n)
wolfSSL	0:1239e9b70ca2	9843	{
wolfSSL	0:1239e9b70ca2	9844	(void)bn;
wolfSSL	0:1239e9b70ca2	9845	(void)n;
wolfSSL	0:1239e9b70ca2	9846	CYASSL_MSG("CyaSSL_BN_mask_bits");
wolfSSL	0:1239e9b70ca2	9847
wolfSSL	0:1239e9b70ca2	9848	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	9849	}
wolfSSL	0:1239e9b70ca2	9850
wolfSSL	0:1239e9b70ca2	9851
wolfSSL	0:1239e9b70ca2	9852	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	9853	int CyaSSL_BN_rand(CYASSL_BIGNUM* bn, int bits, int top, int bottom)
wolfSSL	0:1239e9b70ca2	9854	{
wolfSSL	0:1239e9b70ca2	9855	byte buff[1024];
wolfSSL	0:1239e9b70ca2	9856	RNG tmpRNG;
wolfSSL	0:1239e9b70ca2	9857	RNG* rng = &tmpRNG;
wolfSSL	0:1239e9b70ca2	9858	int len = bits/8;
wolfSSL	0:1239e9b70ca2	9859
wolfSSL	0:1239e9b70ca2	9860	(void)top;
wolfSSL	0:1239e9b70ca2	9861	(void)bottom;
wolfSSL	0:1239e9b70ca2	9862	CYASSL_MSG("CyaSSL_BN_rand");
wolfSSL	0:1239e9b70ca2	9863
wolfSSL	0:1239e9b70ca2	9864	if (bn == NULL \|\| bn->internal == NULL) {
wolfSSL	0:1239e9b70ca2	9865	CYASSL_MSG("Bad function arguments");
wolfSSL	0:1239e9b70ca2	9866	return 0;
wolfSSL	0:1239e9b70ca2	9867	}
wolfSSL	0:1239e9b70ca2	9868
wolfSSL	0:1239e9b70ca2	9869	if (bits % 8)
wolfSSL	0:1239e9b70ca2	9870	len++;
wolfSSL	0:1239e9b70ca2	9871
wolfSSL	0:1239e9b70ca2	9872	if ( (InitRng(&tmpRNG)) != 0) {
wolfSSL	0:1239e9b70ca2	9873	CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL	0:1239e9b70ca2	9874	if (initGlobalRNG == 0) {
wolfSSL	0:1239e9b70ca2	9875	CYASSL_MSG("Global RNG no Init");
wolfSSL	0:1239e9b70ca2	9876	return 0;
wolfSSL	0:1239e9b70ca2	9877	}
wolfSSL	0:1239e9b70ca2	9878	rng = &globalRNG;
wolfSSL	0:1239e9b70ca2	9879	}
wolfSSL	0:1239e9b70ca2	9880
wolfSSL	0:1239e9b70ca2	9881	if (RNG_GenerateBlock(rng, buff, len) != 0) {
wolfSSL	0:1239e9b70ca2	9882	CYASSL_MSG("Bad RNG_GenerateBlock");
wolfSSL	0:1239e9b70ca2	9883	return 0;
wolfSSL	0:1239e9b70ca2	9884	}
wolfSSL	0:1239e9b70ca2	9885
wolfSSL	0:1239e9b70ca2	9886	buff[0] \|= 0x80 \| 0x40;
wolfSSL	0:1239e9b70ca2	9887	buff[len-1] \|= 0x01;
wolfSSL	0:1239e9b70ca2	9888
wolfSSL	0:1239e9b70ca2	9889	if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY) {
wolfSSL	0:1239e9b70ca2	9890	CYASSL_MSG("mp read bin failed");
wolfSSL	0:1239e9b70ca2	9891	return 0;
wolfSSL	0:1239e9b70ca2	9892	}
wolfSSL	0:1239e9b70ca2	9893
wolfSSL	0:1239e9b70ca2	9894	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	9895	}
wolfSSL	0:1239e9b70ca2	9896
wolfSSL	0:1239e9b70ca2	9897
wolfSSL	0:1239e9b70ca2	9898	int CyaSSL_BN_is_bit_set(const CYASSL_BIGNUM* bn, int n)
wolfSSL	0:1239e9b70ca2	9899	{
wolfSSL	0:1239e9b70ca2	9900	(void)bn;
wolfSSL	0:1239e9b70ca2	9901	(void)n;
wolfSSL	0:1239e9b70ca2	9902
wolfSSL	0:1239e9b70ca2	9903	CYASSL_MSG("CyaSSL_BN_is_bit_set");
wolfSSL	0:1239e9b70ca2	9904
wolfSSL	0:1239e9b70ca2	9905	return 0;
wolfSSL	0:1239e9b70ca2	9906	}
wolfSSL	0:1239e9b70ca2	9907
wolfSSL	0:1239e9b70ca2	9908
wolfSSL	0:1239e9b70ca2	9909	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	9910	int CyaSSL_BN_hex2bn(CYASSL_BIGNUM** bn, const char* str)
wolfSSL	0:1239e9b70ca2	9911	{
wolfSSL	0:1239e9b70ca2	9912	byte decoded[1024];
wolfSSL	0:1239e9b70ca2	9913	word32 decSz = sizeof(decoded);
wolfSSL	0:1239e9b70ca2	9914
wolfSSL	0:1239e9b70ca2	9915	CYASSL_MSG("CyaSSL_BN_hex2bn");
wolfSSL	0:1239e9b70ca2	9916
wolfSSL	0:1239e9b70ca2	9917	if (str == NULL) {
wolfSSL	0:1239e9b70ca2	9918	CYASSL_MSG("Bad function argument");
wolfSSL	0:1239e9b70ca2	9919	return 0;
wolfSSL	0:1239e9b70ca2	9920	}
wolfSSL	0:1239e9b70ca2	9921
wolfSSL	0:1239e9b70ca2	9922	if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0) {
wolfSSL	0:1239e9b70ca2	9923	CYASSL_MSG("Bad Base16_Decode error");
wolfSSL	0:1239e9b70ca2	9924	return 0;
wolfSSL	0:1239e9b70ca2	9925	}
wolfSSL	0:1239e9b70ca2	9926
wolfSSL	0:1239e9b70ca2	9927	if (bn == NULL)
wolfSSL	0:1239e9b70ca2	9928	return decSz;
wolfSSL	0:1239e9b70ca2	9929
wolfSSL	0:1239e9b70ca2	9930	if (*bn == NULL) {
wolfSSL	0:1239e9b70ca2	9931	*bn = CyaSSL_BN_new();
wolfSSL	0:1239e9b70ca2	9932	if (*bn == NULL) {
wolfSSL	0:1239e9b70ca2	9933	CYASSL_MSG("BN new failed");
wolfSSL	0:1239e9b70ca2	9934	return 0;
wolfSSL	0:1239e9b70ca2	9935	}
wolfSSL	0:1239e9b70ca2	9936	}
wolfSSL	0:1239e9b70ca2	9937
wolfSSL	0:1239e9b70ca2	9938	if (CyaSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) {
wolfSSL	0:1239e9b70ca2	9939	CYASSL_MSG("Bad bin2bn error");
wolfSSL	0:1239e9b70ca2	9940	return 0;
wolfSSL	0:1239e9b70ca2	9941	}
wolfSSL	0:1239e9b70ca2	9942
wolfSSL	0:1239e9b70ca2	9943	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	9944	}
wolfSSL	0:1239e9b70ca2	9945
wolfSSL	0:1239e9b70ca2	9946
wolfSSL	0:1239e9b70ca2	9947	CYASSL_BIGNUM* CyaSSL_BN_dup(const CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9948	{
wolfSSL	0:1239e9b70ca2	9949	CYASSL_BIGNUM* ret;
wolfSSL	0:1239e9b70ca2	9950
wolfSSL	0:1239e9b70ca2	9951	CYASSL_MSG("CyaSSL_BN_dup");
wolfSSL	0:1239e9b70ca2	9952
wolfSSL	0:1239e9b70ca2	9953	if (bn == NULL \|\| bn->internal == NULL) {
wolfSSL	0:1239e9b70ca2	9954	CYASSL_MSG("bn NULL error");
wolfSSL	0:1239e9b70ca2	9955	return NULL;
wolfSSL	0:1239e9b70ca2	9956	}
wolfSSL	0:1239e9b70ca2	9957
wolfSSL	0:1239e9b70ca2	9958	ret = CyaSSL_BN_new();
wolfSSL	0:1239e9b70ca2	9959	if (ret == NULL) {
wolfSSL	0:1239e9b70ca2	9960	CYASSL_MSG("bn new error");
wolfSSL	0:1239e9b70ca2	9961	return NULL;
wolfSSL	0:1239e9b70ca2	9962	}
wolfSSL	0:1239e9b70ca2	9963
wolfSSL	0:1239e9b70ca2	9964	if (mp_copy((mp_int)bn->internal, (mp_int)ret->internal) != MP_OKAY) {
wolfSSL	0:1239e9b70ca2	9965	CYASSL_MSG("mp_copy error");
wolfSSL	0:1239e9b70ca2	9966	CyaSSL_BN_free(ret);
wolfSSL	0:1239e9b70ca2	9967	return NULL;
wolfSSL	0:1239e9b70ca2	9968	}
wolfSSL	0:1239e9b70ca2	9969
wolfSSL	0:1239e9b70ca2	9970	return ret;
wolfSSL	0:1239e9b70ca2	9971	}
wolfSSL	0:1239e9b70ca2	9972
wolfSSL	0:1239e9b70ca2	9973
wolfSSL	0:1239e9b70ca2	9974	CYASSL_BIGNUM* CyaSSL_BN_copy(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	9975	{
wolfSSL	0:1239e9b70ca2	9976	(void)r;
wolfSSL	0:1239e9b70ca2	9977	(void)bn;
wolfSSL	0:1239e9b70ca2	9978
wolfSSL	0:1239e9b70ca2	9979	CYASSL_MSG("CyaSSL_BN_copy");
wolfSSL	0:1239e9b70ca2	9980
wolfSSL	0:1239e9b70ca2	9981	return NULL;
wolfSSL	0:1239e9b70ca2	9982	}
wolfSSL	0:1239e9b70ca2	9983
wolfSSL	0:1239e9b70ca2	9984
wolfSSL	0:1239e9b70ca2	9985	int CyaSSL_BN_set_word(CYASSL_BIGNUM* bn, unsigned long w)
wolfSSL	0:1239e9b70ca2	9986	{
wolfSSL	0:1239e9b70ca2	9987	(void)bn;
wolfSSL	0:1239e9b70ca2	9988	(void)w;
wolfSSL	0:1239e9b70ca2	9989
wolfSSL	0:1239e9b70ca2	9990	CYASSL_MSG("CyaSSL_BN_set_word");
wolfSSL	0:1239e9b70ca2	9991
wolfSSL	0:1239e9b70ca2	9992	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	9993	}
wolfSSL	0:1239e9b70ca2	9994
wolfSSL	0:1239e9b70ca2	9995
wolfSSL	0:1239e9b70ca2	9996	int CyaSSL_BN_dec2bn(CYASSL_BIGNUM** bn, const char* str)
wolfSSL	0:1239e9b70ca2	9997	{
wolfSSL	0:1239e9b70ca2	9998	(void)bn;
wolfSSL	0:1239e9b70ca2	9999	(void)str;
wolfSSL	0:1239e9b70ca2	10000
wolfSSL	0:1239e9b70ca2	10001	CYASSL_MSG("CyaSSL_BN_dec2bn");
wolfSSL	0:1239e9b70ca2	10002
wolfSSL	0:1239e9b70ca2	10003	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10004	}
wolfSSL	0:1239e9b70ca2	10005
wolfSSL	0:1239e9b70ca2	10006
wolfSSL	0:1239e9b70ca2	10007	char* CyaSSL_BN_bn2dec(const CYASSL_BIGNUM* bn)
wolfSSL	0:1239e9b70ca2	10008	{
wolfSSL	0:1239e9b70ca2	10009	(void)bn;
wolfSSL	0:1239e9b70ca2	10010
wolfSSL	0:1239e9b70ca2	10011	CYASSL_MSG("CyaSSL_BN_bn2dec");
wolfSSL	0:1239e9b70ca2	10012
wolfSSL	0:1239e9b70ca2	10013	return NULL;
wolfSSL	0:1239e9b70ca2	10014	}
wolfSSL	0:1239e9b70ca2	10015
wolfSSL	0:1239e9b70ca2	10016
wolfSSL	0:1239e9b70ca2	10017	static void InitCyaSSL_DH(CYASSL_DH* dh)
wolfSSL	0:1239e9b70ca2	10018	{
wolfSSL	0:1239e9b70ca2	10019	if (dh) {
wolfSSL	0:1239e9b70ca2	10020	dh->p = NULL;
wolfSSL	0:1239e9b70ca2	10021	dh->g = NULL;
wolfSSL	0:1239e9b70ca2	10022	dh->pub_key = NULL;
wolfSSL	0:1239e9b70ca2	10023	dh->priv_key = NULL;
wolfSSL	0:1239e9b70ca2	10024	dh->internal = NULL;
wolfSSL	0:1239e9b70ca2	10025	dh->inSet = 0;
wolfSSL	0:1239e9b70ca2	10026	dh->exSet = 0;
wolfSSL	0:1239e9b70ca2	10027	}
wolfSSL	0:1239e9b70ca2	10028	}
wolfSSL	0:1239e9b70ca2	10029
wolfSSL	0:1239e9b70ca2	10030
wolfSSL	0:1239e9b70ca2	10031	CYASSL_DH* CyaSSL_DH_new(void)
wolfSSL	0:1239e9b70ca2	10032	{
wolfSSL	0:1239e9b70ca2	10033	CYASSL_DH* external;
wolfSSL	0:1239e9b70ca2	10034	DhKey* key;
wolfSSL	0:1239e9b70ca2	10035
wolfSSL	0:1239e9b70ca2	10036	CYASSL_MSG("CyaSSL_DH_new");
wolfSSL	0:1239e9b70ca2	10037
wolfSSL	0:1239e9b70ca2	10038	key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	10039	if (key == NULL) {
wolfSSL	0:1239e9b70ca2	10040	CYASSL_MSG("CyaSSL_DH_new malloc DhKey failure");
wolfSSL	0:1239e9b70ca2	10041	return NULL;
wolfSSL	0:1239e9b70ca2	10042	}
wolfSSL	0:1239e9b70ca2	10043
wolfSSL	0:1239e9b70ca2	10044	external = (CYASSL_DH*) XMALLOC(sizeof(CYASSL_DH), NULL,
wolfSSL	0:1239e9b70ca2	10045	DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	10046	if (external == NULL) {
wolfSSL	0:1239e9b70ca2	10047	CYASSL_MSG("CyaSSL_DH_new malloc CYASSL_DH failure");
wolfSSL	0:1239e9b70ca2	10048	XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	10049	return NULL;
wolfSSL	0:1239e9b70ca2	10050	}
wolfSSL	0:1239e9b70ca2	10051
wolfSSL	0:1239e9b70ca2	10052	InitCyaSSL_DH(external);
wolfSSL	0:1239e9b70ca2	10053	InitDhKey(key);
wolfSSL	0:1239e9b70ca2	10054	external->internal = key;
wolfSSL	0:1239e9b70ca2	10055
wolfSSL	0:1239e9b70ca2	10056	return external;
wolfSSL	0:1239e9b70ca2	10057	}
wolfSSL	0:1239e9b70ca2	10058
wolfSSL	0:1239e9b70ca2	10059
wolfSSL	0:1239e9b70ca2	10060	void CyaSSL_DH_free(CYASSL_DH* dh)
wolfSSL	0:1239e9b70ca2	10061	{
wolfSSL	0:1239e9b70ca2	10062	CYASSL_MSG("CyaSSL_DH_free");
wolfSSL	0:1239e9b70ca2	10063
wolfSSL	0:1239e9b70ca2	10064	if (dh) {
wolfSSL	0:1239e9b70ca2	10065	if (dh->internal) {
wolfSSL	0:1239e9b70ca2	10066	FreeDhKey((DhKey*)dh->internal);
wolfSSL	0:1239e9b70ca2	10067	XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	10068	dh->internal = NULL;
wolfSSL	0:1239e9b70ca2	10069	}
wolfSSL	0:1239e9b70ca2	10070	CyaSSL_BN_free(dh->priv_key);
wolfSSL	0:1239e9b70ca2	10071	CyaSSL_BN_free(dh->pub_key);
wolfSSL	0:1239e9b70ca2	10072	CyaSSL_BN_free(dh->g);
wolfSSL	0:1239e9b70ca2	10073	CyaSSL_BN_free(dh->p);
wolfSSL	0:1239e9b70ca2	10074	InitCyaSSL_DH(dh); /* set back to NULLs for safety */
wolfSSL	0:1239e9b70ca2	10075
wolfSSL	0:1239e9b70ca2	10076	XFREE(dh, NULL, DYNAMIC_TYPE_DH);
wolfSSL	0:1239e9b70ca2	10077	}
wolfSSL	0:1239e9b70ca2	10078	}
wolfSSL	0:1239e9b70ca2	10079
wolfSSL	0:1239e9b70ca2	10080
wolfSSL	0:1239e9b70ca2	10081	static int SetDhInternal(CYASSL_DH* dh)
wolfSSL	0:1239e9b70ca2	10082	{
wolfSSL	0:1239e9b70ca2	10083	unsigned char p[1024];
wolfSSL	0:1239e9b70ca2	10084	unsigned char g[1024];
wolfSSL	0:1239e9b70ca2	10085	int pSz = sizeof(p);
wolfSSL	0:1239e9b70ca2	10086	int gSz = sizeof(g);
wolfSSL	0:1239e9b70ca2	10087
wolfSSL	0:1239e9b70ca2	10088	CYASSL_ENTER("SetDhInternal");
wolfSSL	0:1239e9b70ca2	10089
wolfSSL	0:1239e9b70ca2	10090	if (dh == NULL \|\| dh->p == NULL \|\| dh->g == NULL) {
wolfSSL	0:1239e9b70ca2	10091	CYASSL_MSG("Bad function arguments");
wolfSSL	0:1239e9b70ca2	10092	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10093	}
wolfSSL	0:1239e9b70ca2	10094
wolfSSL	0:1239e9b70ca2	10095	if (CyaSSL_BN_bn2bin(dh->p, NULL) > pSz) {
wolfSSL	0:1239e9b70ca2	10096	CYASSL_MSG("Bad p internal size");
wolfSSL	0:1239e9b70ca2	10097	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10098	}
wolfSSL	0:1239e9b70ca2	10099
wolfSSL	0:1239e9b70ca2	10100	if (CyaSSL_BN_bn2bin(dh->g, NULL) > gSz) {
wolfSSL	0:1239e9b70ca2	10101	CYASSL_MSG("Bad g internal size");
wolfSSL	0:1239e9b70ca2	10102	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10103	}
wolfSSL	0:1239e9b70ca2	10104
wolfSSL	0:1239e9b70ca2	10105	pSz = CyaSSL_BN_bn2bin(dh->p, p);
wolfSSL	0:1239e9b70ca2	10106	gSz = CyaSSL_BN_bn2bin(dh->g, g);
wolfSSL	0:1239e9b70ca2	10107
wolfSSL	0:1239e9b70ca2	10108	if (pSz <= 0 \|\| gSz <= 0) {
wolfSSL	0:1239e9b70ca2	10109	CYASSL_MSG("Bad BN2bin set");
wolfSSL	0:1239e9b70ca2	10110	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10111	}
wolfSSL	0:1239e9b70ca2	10112
wolfSSL	0:1239e9b70ca2	10113	if (DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0) {
wolfSSL	0:1239e9b70ca2	10114	CYASSL_MSG("Bad DH SetKey");
wolfSSL	0:1239e9b70ca2	10115	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10116	}
wolfSSL	0:1239e9b70ca2	10117
wolfSSL	0:1239e9b70ca2	10118	dh->inSet = 1;
wolfSSL	0:1239e9b70ca2	10119
wolfSSL	0:1239e9b70ca2	10120	return 0;
wolfSSL	0:1239e9b70ca2	10121	}
wolfSSL	0:1239e9b70ca2	10122
wolfSSL	0:1239e9b70ca2	10123
wolfSSL	0:1239e9b70ca2	10124	int CyaSSL_DH_size(CYASSL_DH* dh)
wolfSSL	0:1239e9b70ca2	10125	{
wolfSSL	0:1239e9b70ca2	10126	CYASSL_MSG("CyaSSL_DH_size");
wolfSSL	0:1239e9b70ca2	10127
wolfSSL	0:1239e9b70ca2	10128	if (dh == NULL)
wolfSSL	0:1239e9b70ca2	10129	return 0;
wolfSSL	0:1239e9b70ca2	10130
wolfSSL	0:1239e9b70ca2	10131	return CyaSSL_BN_num_bytes(dh->p);
wolfSSL	0:1239e9b70ca2	10132	}
wolfSSL	0:1239e9b70ca2	10133
wolfSSL	0:1239e9b70ca2	10134
wolfSSL	0:1239e9b70ca2	10135	/* return SSL_SUCCESS on ok, else 0 */
wolfSSL	0:1239e9b70ca2	10136	int CyaSSL_DH_generate_key(CYASSL_DH* dh)
wolfSSL	0:1239e9b70ca2	10137	{
wolfSSL	0:1239e9b70ca2	10138	unsigned char pub [768];
wolfSSL	0:1239e9b70ca2	10139	unsigned char priv[768];
wolfSSL	0:1239e9b70ca2	10140	word32 pubSz = sizeof(pub);
wolfSSL	0:1239e9b70ca2	10141	word32 privSz = sizeof(priv);
wolfSSL	0:1239e9b70ca2	10142	RNG tmpRNG;
wolfSSL	0:1239e9b70ca2	10143	RNG* rng = &tmpRNG;
wolfSSL	0:1239e9b70ca2	10144
wolfSSL	0:1239e9b70ca2	10145	CYASSL_MSG("CyaSSL_DH_generate_key");
wolfSSL	0:1239e9b70ca2	10146
wolfSSL	0:1239e9b70ca2	10147	if (dh == NULL \|\| dh->p == NULL \|\| dh->g == NULL) {
wolfSSL	0:1239e9b70ca2	10148	CYASSL_MSG("Bad function arguments");
wolfSSL	0:1239e9b70ca2	10149	return 0;
wolfSSL	0:1239e9b70ca2	10150	}
wolfSSL	0:1239e9b70ca2	10151
wolfSSL	0:1239e9b70ca2	10152	if (dh->inSet == 0) {
wolfSSL	0:1239e9b70ca2	10153	if (SetDhInternal(dh) < 0) {
wolfSSL	0:1239e9b70ca2	10154	CYASSL_MSG("Bad DH set internal");
wolfSSL	0:1239e9b70ca2	10155	return 0;
wolfSSL	0:1239e9b70ca2	10156	}
wolfSSL	0:1239e9b70ca2	10157	}
wolfSSL	0:1239e9b70ca2	10158
wolfSSL	0:1239e9b70ca2	10159	if ( (InitRng(&tmpRNG)) != 0) {
wolfSSL	0:1239e9b70ca2	10160	CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL	0:1239e9b70ca2	10161	if (initGlobalRNG == 0) {
wolfSSL	0:1239e9b70ca2	10162	CYASSL_MSG("Global RNG no Init");
wolfSSL	0:1239e9b70ca2	10163	return 0;
wolfSSL	0:1239e9b70ca2	10164	}
wolfSSL	0:1239e9b70ca2	10165	rng = &globalRNG;
wolfSSL	0:1239e9b70ca2	10166	}
wolfSSL	0:1239e9b70ca2	10167
wolfSSL	0:1239e9b70ca2	10168	if (DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
wolfSSL	0:1239e9b70ca2	10169	pub, &pubSz) < 0) {
wolfSSL	0:1239e9b70ca2	10170	CYASSL_MSG("Bad DhGenerateKeyPair");
wolfSSL	0:1239e9b70ca2	10171	return 0;
wolfSSL	0:1239e9b70ca2	10172	}
wolfSSL	0:1239e9b70ca2	10173
wolfSSL	0:1239e9b70ca2	10174	if (dh->pub_key)
wolfSSL	0:1239e9b70ca2	10175	CyaSSL_BN_free(dh->pub_key);
wolfSSL	0:1239e9b70ca2	10176	dh->pub_key = CyaSSL_BN_new();
wolfSSL	0:1239e9b70ca2	10177	if (dh->pub_key == NULL) {
wolfSSL	0:1239e9b70ca2	10178	CYASSL_MSG("Bad DH new pub");
wolfSSL	0:1239e9b70ca2	10179	return 0;
wolfSSL	0:1239e9b70ca2	10180	}
wolfSSL	0:1239e9b70ca2	10181
wolfSSL	0:1239e9b70ca2	10182	if (dh->priv_key)
wolfSSL	0:1239e9b70ca2	10183	CyaSSL_BN_free(dh->priv_key);
wolfSSL	0:1239e9b70ca2	10184	dh->priv_key = CyaSSL_BN_new();
wolfSSL	0:1239e9b70ca2	10185	if (dh->priv_key == NULL) {
wolfSSL	0:1239e9b70ca2	10186	CYASSL_MSG("Bad DH new priv");
wolfSSL	0:1239e9b70ca2	10187	return 0;
wolfSSL	0:1239e9b70ca2	10188	}
wolfSSL	0:1239e9b70ca2	10189
wolfSSL	0:1239e9b70ca2	10190	if (CyaSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL) {
wolfSSL	0:1239e9b70ca2	10191	CYASSL_MSG("Bad DH bn2bin error pub");
wolfSSL	0:1239e9b70ca2	10192	return 0;
wolfSSL	0:1239e9b70ca2	10193	}
wolfSSL	0:1239e9b70ca2	10194
wolfSSL	0:1239e9b70ca2	10195	if (CyaSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL) {
wolfSSL	0:1239e9b70ca2	10196	CYASSL_MSG("Bad DH bn2bin error priv");
wolfSSL	0:1239e9b70ca2	10197	return 0;
wolfSSL	0:1239e9b70ca2	10198	}
wolfSSL	0:1239e9b70ca2	10199
wolfSSL	0:1239e9b70ca2	10200	CYASSL_MSG("CyaSSL_generate_key success");
wolfSSL	0:1239e9b70ca2	10201	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	10202	}
wolfSSL	0:1239e9b70ca2	10203
wolfSSL	0:1239e9b70ca2	10204
wolfSSL	0:1239e9b70ca2	10205	/* return key size on ok, 0 otherwise */
wolfSSL	0:1239e9b70ca2	10206	int CyaSSL_DH_compute_key(unsigned char* key, CYASSL_BIGNUM* otherPub,
wolfSSL	0:1239e9b70ca2	10207	CYASSL_DH* dh)
wolfSSL	0:1239e9b70ca2	10208	{
wolfSSL	0:1239e9b70ca2	10209	unsigned char pub [1024];
wolfSSL	0:1239e9b70ca2	10210	unsigned char priv[1024];
wolfSSL	0:1239e9b70ca2	10211	word32 pubSz = sizeof(pub);
wolfSSL	0:1239e9b70ca2	10212	word32 privSz = sizeof(priv);
wolfSSL	0:1239e9b70ca2	10213	word32 keySz;
wolfSSL	0:1239e9b70ca2	10214
wolfSSL	0:1239e9b70ca2	10215	CYASSL_MSG("CyaSSL_DH_compute_key");
wolfSSL	0:1239e9b70ca2	10216
wolfSSL	0:1239e9b70ca2	10217	if (dh == NULL \|\| dh->priv_key == NULL \|\| otherPub == NULL) {
wolfSSL	0:1239e9b70ca2	10218	CYASSL_MSG("Bad function arguments");
wolfSSL	0:1239e9b70ca2	10219	return 0;
wolfSSL	0:1239e9b70ca2	10220	}
wolfSSL	0:1239e9b70ca2	10221
wolfSSL	0:1239e9b70ca2	10222	keySz = (word32)DH_size(dh);
wolfSSL	0:1239e9b70ca2	10223	if (keySz == 0) {
wolfSSL	0:1239e9b70ca2	10224	CYASSL_MSG("Bad DH_size");
wolfSSL	0:1239e9b70ca2	10225	return 0;
wolfSSL	0:1239e9b70ca2	10226	}
wolfSSL	0:1239e9b70ca2	10227
wolfSSL	0:1239e9b70ca2	10228	if (CyaSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz) {
wolfSSL	0:1239e9b70ca2	10229	CYASSL_MSG("Bad priv internal size");
wolfSSL	0:1239e9b70ca2	10230	return 0;
wolfSSL	0:1239e9b70ca2	10231	}
wolfSSL	0:1239e9b70ca2	10232
wolfSSL	0:1239e9b70ca2	10233	if (CyaSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz) {
wolfSSL	0:1239e9b70ca2	10234	CYASSL_MSG("Bad otherPub size");
wolfSSL	0:1239e9b70ca2	10235	return 0;
wolfSSL	0:1239e9b70ca2	10236	}
wolfSSL	0:1239e9b70ca2	10237
wolfSSL	0:1239e9b70ca2	10238	privSz = CyaSSL_BN_bn2bin(dh->priv_key, priv);
wolfSSL	0:1239e9b70ca2	10239	pubSz = CyaSSL_BN_bn2bin(otherPub, pub);
wolfSSL	0:1239e9b70ca2	10240
wolfSSL	0:1239e9b70ca2	10241	if (privSz <= 0 \|\| pubSz <= 0) {
wolfSSL	0:1239e9b70ca2	10242	CYASSL_MSG("Bad BN2bin set");
wolfSSL	0:1239e9b70ca2	10243	return 0;
wolfSSL	0:1239e9b70ca2	10244	}
wolfSSL	0:1239e9b70ca2	10245
wolfSSL	0:1239e9b70ca2	10246	if (DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub,
wolfSSL	0:1239e9b70ca2	10247	pubSz) < 0) {
wolfSSL	0:1239e9b70ca2	10248	CYASSL_MSG("DhAgree failed");
wolfSSL	0:1239e9b70ca2	10249	return 0;
wolfSSL	0:1239e9b70ca2	10250	}
wolfSSL	0:1239e9b70ca2	10251
wolfSSL	0:1239e9b70ca2	10252	CYASSL_MSG("CyaSSL_compute_key success");
wolfSSL	0:1239e9b70ca2	10253	return (int)keySz;
wolfSSL	0:1239e9b70ca2	10254	}
wolfSSL	0:1239e9b70ca2	10255
wolfSSL	0:1239e9b70ca2	10256
wolfSSL	0:1239e9b70ca2	10257	#ifndef NO_DSA
wolfSSL	0:1239e9b70ca2	10258	static void InitCyaSSL_DSA(CYASSL_DSA* dsa)
wolfSSL	0:1239e9b70ca2	10259	{
wolfSSL	0:1239e9b70ca2	10260	if (dsa) {
wolfSSL	0:1239e9b70ca2	10261	dsa->p = NULL;
wolfSSL	0:1239e9b70ca2	10262	dsa->q = NULL;
wolfSSL	0:1239e9b70ca2	10263	dsa->g = NULL;
wolfSSL	0:1239e9b70ca2	10264	dsa->pub_key = NULL;
wolfSSL	0:1239e9b70ca2	10265	dsa->priv_key = NULL;
wolfSSL	0:1239e9b70ca2	10266	dsa->internal = NULL;
wolfSSL	0:1239e9b70ca2	10267	dsa->inSet = 0;
wolfSSL	0:1239e9b70ca2	10268	dsa->exSet = 0;
wolfSSL	0:1239e9b70ca2	10269	}
wolfSSL	0:1239e9b70ca2	10270	}
wolfSSL	0:1239e9b70ca2	10271
wolfSSL	0:1239e9b70ca2	10272
wolfSSL	0:1239e9b70ca2	10273	CYASSL_DSA* CyaSSL_DSA_new(void)
wolfSSL	0:1239e9b70ca2	10274	{
wolfSSL	0:1239e9b70ca2	10275	CYASSL_DSA* external;
wolfSSL	0:1239e9b70ca2	10276	DsaKey* key;
wolfSSL	0:1239e9b70ca2	10277
wolfSSL	0:1239e9b70ca2	10278	CYASSL_MSG("CyaSSL_DSA_new");
wolfSSL	0:1239e9b70ca2	10279
wolfSSL	0:1239e9b70ca2	10280	key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
wolfSSL	0:1239e9b70ca2	10281	if (key == NULL) {
wolfSSL	0:1239e9b70ca2	10282	CYASSL_MSG("CyaSSL_DSA_new malloc DsaKey failure");
wolfSSL	0:1239e9b70ca2	10283	return NULL;
wolfSSL	0:1239e9b70ca2	10284	}
wolfSSL	0:1239e9b70ca2	10285
wolfSSL	0:1239e9b70ca2	10286	external = (CYASSL_DSA*) XMALLOC(sizeof(CYASSL_DSA), NULL,
wolfSSL	0:1239e9b70ca2	10287	DYNAMIC_TYPE_DSA);
wolfSSL	0:1239e9b70ca2	10288	if (external == NULL) {
wolfSSL	0:1239e9b70ca2	10289	CYASSL_MSG("CyaSSL_DSA_new malloc CYASSL_DSA failure");
wolfSSL	0:1239e9b70ca2	10290	XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL	0:1239e9b70ca2	10291	return NULL;
wolfSSL	0:1239e9b70ca2	10292	}
wolfSSL	0:1239e9b70ca2	10293
wolfSSL	0:1239e9b70ca2	10294	InitCyaSSL_DSA(external);
wolfSSL	0:1239e9b70ca2	10295	InitDsaKey(key);
wolfSSL	0:1239e9b70ca2	10296	external->internal = key;
wolfSSL	0:1239e9b70ca2	10297
wolfSSL	0:1239e9b70ca2	10298	return external;
wolfSSL	0:1239e9b70ca2	10299	}
wolfSSL	0:1239e9b70ca2	10300
wolfSSL	0:1239e9b70ca2	10301
wolfSSL	0:1239e9b70ca2	10302	void CyaSSL_DSA_free(CYASSL_DSA* dsa)
wolfSSL	0:1239e9b70ca2	10303	{
wolfSSL	0:1239e9b70ca2	10304	CYASSL_MSG("CyaSSL_DSA_free");
wolfSSL	0:1239e9b70ca2	10305
wolfSSL	0:1239e9b70ca2	10306	if (dsa) {
wolfSSL	0:1239e9b70ca2	10307	if (dsa->internal) {
wolfSSL	0:1239e9b70ca2	10308	FreeDsaKey((DsaKey*)dsa->internal);
wolfSSL	0:1239e9b70ca2	10309	XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
wolfSSL	0:1239e9b70ca2	10310	dsa->internal = NULL;
wolfSSL	0:1239e9b70ca2	10311	}
wolfSSL	0:1239e9b70ca2	10312	CyaSSL_BN_free(dsa->priv_key);
wolfSSL	0:1239e9b70ca2	10313	CyaSSL_BN_free(dsa->pub_key);
wolfSSL	0:1239e9b70ca2	10314	CyaSSL_BN_free(dsa->g);
wolfSSL	0:1239e9b70ca2	10315	CyaSSL_BN_free(dsa->q);
wolfSSL	0:1239e9b70ca2	10316	CyaSSL_BN_free(dsa->p);
wolfSSL	0:1239e9b70ca2	10317	InitCyaSSL_DSA(dsa); /* set back to NULLs for safety */
wolfSSL	0:1239e9b70ca2	10318
wolfSSL	0:1239e9b70ca2	10319	XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
wolfSSL	0:1239e9b70ca2	10320	}
wolfSSL	0:1239e9b70ca2	10321	}
wolfSSL	0:1239e9b70ca2	10322
wolfSSL	0:1239e9b70ca2	10323
wolfSSL	0:1239e9b70ca2	10324	int CyaSSL_DSA_generate_key(CYASSL_DSA* dsa)
wolfSSL	0:1239e9b70ca2	10325	{
wolfSSL	0:1239e9b70ca2	10326	(void)dsa;
wolfSSL	0:1239e9b70ca2	10327
wolfSSL	0:1239e9b70ca2	10328	CYASSL_MSG("CyaSSL_DSA_generate_key");
wolfSSL	0:1239e9b70ca2	10329
wolfSSL	0:1239e9b70ca2	10330	return 0; /* key gen not needed by server */
wolfSSL	0:1239e9b70ca2	10331	}
wolfSSL	0:1239e9b70ca2	10332
wolfSSL	0:1239e9b70ca2	10333
wolfSSL	0:1239e9b70ca2	10334	int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA* dsa, int bits,
wolfSSL	0:1239e9b70ca2	10335	unsigned char* seed, int seedLen, int* counterRet,
wolfSSL	0:1239e9b70ca2	10336	unsigned long* hRet, void* cb)
wolfSSL	0:1239e9b70ca2	10337	{
wolfSSL	0:1239e9b70ca2	10338	(void)dsa;
wolfSSL	0:1239e9b70ca2	10339	(void)bits;
wolfSSL	0:1239e9b70ca2	10340	(void)seed;
wolfSSL	0:1239e9b70ca2	10341	(void)seedLen;
wolfSSL	0:1239e9b70ca2	10342	(void)counterRet;
wolfSSL	0:1239e9b70ca2	10343	(void)hRet;
wolfSSL	0:1239e9b70ca2	10344	(void)cb;
wolfSSL	0:1239e9b70ca2	10345
wolfSSL	0:1239e9b70ca2	10346	CYASSL_MSG("CyaSSL_DSA_generate_parameters_ex");
wolfSSL	0:1239e9b70ca2	10347
wolfSSL	0:1239e9b70ca2	10348	return 0; /* key gen not needed by server */
wolfSSL	0:1239e9b70ca2	10349	}
wolfSSL	0:1239e9b70ca2	10350	#endif /* NO_DSA */
wolfSSL	0:1239e9b70ca2	10351
wolfSSL	0:1239e9b70ca2	10352	static void InitCyaSSL_Rsa(CYASSL_RSA* rsa)
wolfSSL	0:1239e9b70ca2	10353	{
wolfSSL	0:1239e9b70ca2	10354	if (rsa) {
wolfSSL	0:1239e9b70ca2	10355	rsa->n = NULL;
wolfSSL	0:1239e9b70ca2	10356	rsa->e = NULL;
wolfSSL	0:1239e9b70ca2	10357	rsa->d = NULL;
wolfSSL	0:1239e9b70ca2	10358	rsa->p = NULL;
wolfSSL	0:1239e9b70ca2	10359	rsa->q = NULL;
wolfSSL	0:1239e9b70ca2	10360	rsa->dmp1 = NULL;
wolfSSL	0:1239e9b70ca2	10361	rsa->dmq1 = NULL;
wolfSSL	0:1239e9b70ca2	10362	rsa->iqmp = NULL;
wolfSSL	0:1239e9b70ca2	10363	rsa->internal = NULL;
wolfSSL	0:1239e9b70ca2	10364	rsa->inSet = 0;
wolfSSL	0:1239e9b70ca2	10365	rsa->exSet = 0;
wolfSSL	0:1239e9b70ca2	10366	}
wolfSSL	0:1239e9b70ca2	10367	}
wolfSSL	0:1239e9b70ca2	10368
wolfSSL	0:1239e9b70ca2	10369
wolfSSL	0:1239e9b70ca2	10370	CYASSL_RSA* CyaSSL_RSA_new(void)
wolfSSL	0:1239e9b70ca2	10371	{
wolfSSL	0:1239e9b70ca2	10372	CYASSL_RSA* external;
wolfSSL	0:1239e9b70ca2	10373	RsaKey* key;
wolfSSL	0:1239e9b70ca2	10374
wolfSSL	0:1239e9b70ca2	10375	CYASSL_MSG("CyaSSL_RSA_new");
wolfSSL	0:1239e9b70ca2	10376
wolfSSL	0:1239e9b70ca2	10377	key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	10378	if (key == NULL) {
wolfSSL	0:1239e9b70ca2	10379	CYASSL_MSG("CyaSSL_RSA_new malloc RsaKey failure");
wolfSSL	0:1239e9b70ca2	10380	return NULL;
wolfSSL	0:1239e9b70ca2	10381	}
wolfSSL	0:1239e9b70ca2	10382
wolfSSL	0:1239e9b70ca2	10383	external = (CYASSL_RSA*) XMALLOC(sizeof(CYASSL_RSA), NULL,
wolfSSL	0:1239e9b70ca2	10384	DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	10385	if (external == NULL) {
wolfSSL	0:1239e9b70ca2	10386	CYASSL_MSG("CyaSSL_RSA_new malloc CYASSL_RSA failure");
wolfSSL	0:1239e9b70ca2	10387	XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	10388	return NULL;
wolfSSL	0:1239e9b70ca2	10389	}
wolfSSL	0:1239e9b70ca2	10390
wolfSSL	0:1239e9b70ca2	10391	InitCyaSSL_Rsa(external);
wolfSSL	0:1239e9b70ca2	10392	if (InitRsaKey(key, NULL) != 0) {
wolfSSL	0:1239e9b70ca2	10393	CYASSL_MSG("InitRsaKey CYASSL_RSA failure");
wolfSSL	0:1239e9b70ca2	10394	XFREE(external, NULL, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	10395	XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	10396	return NULL;
wolfSSL	0:1239e9b70ca2	10397	}
wolfSSL	0:1239e9b70ca2	10398	external->internal = key;
wolfSSL	0:1239e9b70ca2	10399
wolfSSL	0:1239e9b70ca2	10400	return external;
wolfSSL	0:1239e9b70ca2	10401	}
wolfSSL	0:1239e9b70ca2	10402
wolfSSL	0:1239e9b70ca2	10403
wolfSSL	0:1239e9b70ca2	10404	void CyaSSL_RSA_free(CYASSL_RSA* rsa)
wolfSSL	0:1239e9b70ca2	10405	{
wolfSSL	0:1239e9b70ca2	10406	CYASSL_MSG("CyaSSL_RSA_free");
wolfSSL	0:1239e9b70ca2	10407
wolfSSL	0:1239e9b70ca2	10408	if (rsa) {
wolfSSL	0:1239e9b70ca2	10409	if (rsa->internal) {
wolfSSL	0:1239e9b70ca2	10410	FreeRsaKey((RsaKey*)rsa->internal);
wolfSSL	0:1239e9b70ca2	10411	XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	10412	rsa->internal = NULL;
wolfSSL	0:1239e9b70ca2	10413	}
wolfSSL	0:1239e9b70ca2	10414	CyaSSL_BN_free(rsa->iqmp);
wolfSSL	0:1239e9b70ca2	10415	CyaSSL_BN_free(rsa->dmq1);
wolfSSL	0:1239e9b70ca2	10416	CyaSSL_BN_free(rsa->dmp1);
wolfSSL	0:1239e9b70ca2	10417	CyaSSL_BN_free(rsa->q);
wolfSSL	0:1239e9b70ca2	10418	CyaSSL_BN_free(rsa->p);
wolfSSL	0:1239e9b70ca2	10419	CyaSSL_BN_free(rsa->d);
wolfSSL	0:1239e9b70ca2	10420	CyaSSL_BN_free(rsa->e);
wolfSSL	0:1239e9b70ca2	10421	CyaSSL_BN_free(rsa->n);
wolfSSL	0:1239e9b70ca2	10422	InitCyaSSL_Rsa(rsa); /* set back to NULLs for safety */
wolfSSL	0:1239e9b70ca2	10423
wolfSSL	0:1239e9b70ca2	10424	XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
wolfSSL	0:1239e9b70ca2	10425	}
wolfSSL	0:1239e9b70ca2	10426	}
wolfSSL	0:1239e9b70ca2	10427
wolfSSL	0:1239e9b70ca2	10428
wolfSSL	0:1239e9b70ca2	10429	static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi)
wolfSSL	0:1239e9b70ca2	10430	{
wolfSSL	0:1239e9b70ca2	10431	CYASSL_MSG("Entering SetIndividualExternal");
wolfSSL	0:1239e9b70ca2	10432
wolfSSL	0:1239e9b70ca2	10433	if (mpi == NULL) {
wolfSSL	0:1239e9b70ca2	10434	CYASSL_MSG("mpi NULL error");
wolfSSL	0:1239e9b70ca2	10435	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10436	}
wolfSSL	0:1239e9b70ca2	10437
wolfSSL	0:1239e9b70ca2	10438	if (*bn == NULL) {
wolfSSL	0:1239e9b70ca2	10439	*bn = CyaSSL_BN_new();
wolfSSL	0:1239e9b70ca2	10440	if (*bn == NULL) {
wolfSSL	0:1239e9b70ca2	10441	CYASSL_MSG("SetIndividualExternal alloc failed");
wolfSSL	0:1239e9b70ca2	10442	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10443	}
wolfSSL	0:1239e9b70ca2	10444	}
wolfSSL	0:1239e9b70ca2	10445
wolfSSL	0:1239e9b70ca2	10446	if (mp_copy(mpi, (mp_int)((bn)->internal)) != MP_OKAY) {
wolfSSL	0:1239e9b70ca2	10447	CYASSL_MSG("mp_copy error");
wolfSSL	0:1239e9b70ca2	10448	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10449	}
wolfSSL	0:1239e9b70ca2	10450
wolfSSL	0:1239e9b70ca2	10451	return 0;
wolfSSL	0:1239e9b70ca2	10452	}
wolfSSL	0:1239e9b70ca2	10453
wolfSSL	0:1239e9b70ca2	10454
wolfSSL	0:1239e9b70ca2	10455	#ifndef NO_DSA
wolfSSL	0:1239e9b70ca2	10456	static int SetDsaExternal(CYASSL_DSA* dsa)
wolfSSL	0:1239e9b70ca2	10457	{
wolfSSL	0:1239e9b70ca2	10458	DsaKey* key;
wolfSSL	0:1239e9b70ca2	10459	CYASSL_MSG("Entering SetDsaExternal");
wolfSSL	0:1239e9b70ca2	10460
wolfSSL	0:1239e9b70ca2	10461	if (dsa == NULL \|\| dsa->internal == NULL) {
wolfSSL	0:1239e9b70ca2	10462	CYASSL_MSG("dsa key NULL error");
wolfSSL	0:1239e9b70ca2	10463	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10464	}
wolfSSL	0:1239e9b70ca2	10465
wolfSSL	0:1239e9b70ca2	10466	key = (DsaKey*)dsa->internal;
wolfSSL	0:1239e9b70ca2	10467
wolfSSL	0:1239e9b70ca2	10468	if (SetIndividualExternal(&dsa->p, &key->p) < 0) {
wolfSSL	0:1239e9b70ca2	10469	CYASSL_MSG("dsa p key error");
wolfSSL	0:1239e9b70ca2	10470	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10471	}
wolfSSL	0:1239e9b70ca2	10472
wolfSSL	0:1239e9b70ca2	10473	if (SetIndividualExternal(&dsa->q, &key->q) < 0) {
wolfSSL	0:1239e9b70ca2	10474	CYASSL_MSG("dsa q key error");
wolfSSL	0:1239e9b70ca2	10475	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10476	}
wolfSSL	0:1239e9b70ca2	10477
wolfSSL	0:1239e9b70ca2	10478	if (SetIndividualExternal(&dsa->g, &key->g) < 0) {
wolfSSL	0:1239e9b70ca2	10479	CYASSL_MSG("dsa g key error");
wolfSSL	0:1239e9b70ca2	10480	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10481	}
wolfSSL	0:1239e9b70ca2	10482
wolfSSL	0:1239e9b70ca2	10483	if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) {
wolfSSL	0:1239e9b70ca2	10484	CYASSL_MSG("dsa y key error");
wolfSSL	0:1239e9b70ca2	10485	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10486	}
wolfSSL	0:1239e9b70ca2	10487
wolfSSL	0:1239e9b70ca2	10488	if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) {
wolfSSL	0:1239e9b70ca2	10489	CYASSL_MSG("dsa x key error");
wolfSSL	0:1239e9b70ca2	10490	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10491	}
wolfSSL	0:1239e9b70ca2	10492
wolfSSL	0:1239e9b70ca2	10493	dsa->exSet = 1;
wolfSSL	0:1239e9b70ca2	10494
wolfSSL	0:1239e9b70ca2	10495	return 0;
wolfSSL	0:1239e9b70ca2	10496	}
wolfSSL	0:1239e9b70ca2	10497	#endif /* NO_DSA */
wolfSSL	0:1239e9b70ca2	10498
wolfSSL	0:1239e9b70ca2	10499
wolfSSL	0:1239e9b70ca2	10500	static int SetRsaExternal(CYASSL_RSA* rsa)
wolfSSL	0:1239e9b70ca2	10501	{
wolfSSL	0:1239e9b70ca2	10502	RsaKey* key;
wolfSSL	0:1239e9b70ca2	10503	CYASSL_MSG("Entering SetRsaExternal");
wolfSSL	0:1239e9b70ca2	10504
wolfSSL	0:1239e9b70ca2	10505	if (rsa == NULL \|\| rsa->internal == NULL) {
wolfSSL	0:1239e9b70ca2	10506	CYASSL_MSG("rsa key NULL error");
wolfSSL	0:1239e9b70ca2	10507	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10508	}
wolfSSL	0:1239e9b70ca2	10509
wolfSSL	0:1239e9b70ca2	10510	key = (RsaKey*)rsa->internal;
wolfSSL	0:1239e9b70ca2	10511
wolfSSL	0:1239e9b70ca2	10512	if (SetIndividualExternal(&rsa->n, &key->n) < 0) {
wolfSSL	0:1239e9b70ca2	10513	CYASSL_MSG("rsa n key error");
wolfSSL	0:1239e9b70ca2	10514	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10515	}
wolfSSL	0:1239e9b70ca2	10516
wolfSSL	0:1239e9b70ca2	10517	if (SetIndividualExternal(&rsa->e, &key->e) < 0) {
wolfSSL	0:1239e9b70ca2	10518	CYASSL_MSG("rsa e key error");
wolfSSL	0:1239e9b70ca2	10519	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10520	}
wolfSSL	0:1239e9b70ca2	10521
wolfSSL	0:1239e9b70ca2	10522	if (SetIndividualExternal(&rsa->d, &key->d) < 0) {
wolfSSL	0:1239e9b70ca2	10523	CYASSL_MSG("rsa d key error");
wolfSSL	0:1239e9b70ca2	10524	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10525	}
wolfSSL	0:1239e9b70ca2	10526
wolfSSL	0:1239e9b70ca2	10527	if (SetIndividualExternal(&rsa->p, &key->p) < 0) {
wolfSSL	0:1239e9b70ca2	10528	CYASSL_MSG("rsa p key error");
wolfSSL	0:1239e9b70ca2	10529	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10530	}
wolfSSL	0:1239e9b70ca2	10531
wolfSSL	0:1239e9b70ca2	10532	if (SetIndividualExternal(&rsa->q, &key->q) < 0) {
wolfSSL	0:1239e9b70ca2	10533	CYASSL_MSG("rsa q key error");
wolfSSL	0:1239e9b70ca2	10534	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10535	}
wolfSSL	0:1239e9b70ca2	10536
wolfSSL	0:1239e9b70ca2	10537	if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) {
wolfSSL	0:1239e9b70ca2	10538	CYASSL_MSG("rsa dP key error");
wolfSSL	0:1239e9b70ca2	10539	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10540	}
wolfSSL	0:1239e9b70ca2	10541
wolfSSL	0:1239e9b70ca2	10542	if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) {
wolfSSL	0:1239e9b70ca2	10543	CYASSL_MSG("rsa dQ key error");
wolfSSL	0:1239e9b70ca2	10544	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10545	}
wolfSSL	0:1239e9b70ca2	10546
wolfSSL	0:1239e9b70ca2	10547	if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) {
wolfSSL	0:1239e9b70ca2	10548	CYASSL_MSG("rsa u key error");
wolfSSL	0:1239e9b70ca2	10549	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10550	}
wolfSSL	0:1239e9b70ca2	10551
wolfSSL	0:1239e9b70ca2	10552	rsa->exSet = 1;
wolfSSL	0:1239e9b70ca2	10553
wolfSSL	0:1239e9b70ca2	10554	return 0;
wolfSSL	0:1239e9b70ca2	10555	}
wolfSSL	0:1239e9b70ca2	10556
wolfSSL	0:1239e9b70ca2	10557
wolfSSL	0:1239e9b70ca2	10558	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	10559	int CyaSSL_RSA_generate_key_ex(CYASSL_RSA* rsa, int bits, CYASSL_BIGNUM* bn,
wolfSSL	0:1239e9b70ca2	10560	void* cb)
wolfSSL	0:1239e9b70ca2	10561	{
wolfSSL	0:1239e9b70ca2	10562	RNG rng;
wolfSSL	0:1239e9b70ca2	10563
wolfSSL	0:1239e9b70ca2	10564	CYASSL_MSG("CyaSSL_RSA_generate_key_ex");
wolfSSL	0:1239e9b70ca2	10565
wolfSSL	0:1239e9b70ca2	10566	(void)rsa;
wolfSSL	0:1239e9b70ca2	10567	(void)bits;
wolfSSL	0:1239e9b70ca2	10568	(void)cb;
wolfSSL	0:1239e9b70ca2	10569	(void)bn;
wolfSSL	0:1239e9b70ca2	10570
wolfSSL	0:1239e9b70ca2	10571	if (InitRng(&rng) < 0) {
wolfSSL	0:1239e9b70ca2	10572	CYASSL_MSG("RNG init failed");
wolfSSL	0:1239e9b70ca2	10573	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10574	}
wolfSSL	0:1239e9b70ca2	10575
wolfSSL	0:1239e9b70ca2	10576	#ifdef CYASSL_KEY_GEN
wolfSSL	0:1239e9b70ca2	10577	if (MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, &rng) < 0) {
wolfSSL	0:1239e9b70ca2	10578	CYASSL_MSG("MakeRsaKey failed");
wolfSSL	0:1239e9b70ca2	10579	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10580	}
wolfSSL	0:1239e9b70ca2	10581
wolfSSL	0:1239e9b70ca2	10582	if (SetRsaExternal(rsa) < 0) {
wolfSSL	0:1239e9b70ca2	10583	CYASSL_MSG("SetRsaExternal failed");
wolfSSL	0:1239e9b70ca2	10584	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10585	}
wolfSSL	0:1239e9b70ca2	10586
wolfSSL	0:1239e9b70ca2	10587	rsa->inSet = 1;
wolfSSL	0:1239e9b70ca2	10588
wolfSSL	0:1239e9b70ca2	10589	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	10590	#else
wolfSSL	0:1239e9b70ca2	10591	CYASSL_MSG("No Key Gen built in");
wolfSSL	0:1239e9b70ca2	10592	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10593	#endif
wolfSSL	0:1239e9b70ca2	10594
wolfSSL	0:1239e9b70ca2	10595	}
wolfSSL	0:1239e9b70ca2	10596
wolfSSL	0:1239e9b70ca2	10597
wolfSSL	0:1239e9b70ca2	10598	/* SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	10599	int CyaSSL_RSA_blinding_on(CYASSL_RSA* rsa, CYASSL_BN_CTX* bn)
wolfSSL	0:1239e9b70ca2	10600	{
wolfSSL	0:1239e9b70ca2	10601	(void)rsa;
wolfSSL	0:1239e9b70ca2	10602	(void)bn;
wolfSSL	0:1239e9b70ca2	10603
wolfSSL	0:1239e9b70ca2	10604	CYASSL_MSG("CyaSSL_RSA_blinding_on");
wolfSSL	0:1239e9b70ca2	10605
wolfSSL	0:1239e9b70ca2	10606	return SSL_SUCCESS; /* on by default */
wolfSSL	0:1239e9b70ca2	10607	}
wolfSSL	0:1239e9b70ca2	10608
wolfSSL	0:1239e9b70ca2	10609
wolfSSL	0:1239e9b70ca2	10610	int CyaSSL_RSA_public_encrypt(int len, unsigned char* fr,
wolfSSL	0:1239e9b70ca2	10611	unsigned char* to, CYASSL_RSA* rsa, int padding)
wolfSSL	0:1239e9b70ca2	10612	{
wolfSSL	0:1239e9b70ca2	10613	(void)len;
wolfSSL	0:1239e9b70ca2	10614	(void)fr;
wolfSSL	0:1239e9b70ca2	10615	(void)to;
wolfSSL	0:1239e9b70ca2	10616	(void)rsa;
wolfSSL	0:1239e9b70ca2	10617	(void)padding;
wolfSSL	0:1239e9b70ca2	10618
wolfSSL	0:1239e9b70ca2	10619	CYASSL_MSG("CyaSSL_RSA_public_encrypt");
wolfSSL	0:1239e9b70ca2	10620
wolfSSL	0:1239e9b70ca2	10621	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10622	}
wolfSSL	0:1239e9b70ca2	10623
wolfSSL	0:1239e9b70ca2	10624
wolfSSL	0:1239e9b70ca2	10625	int CyaSSL_RSA_private_decrypt(int len, unsigned char* fr,
wolfSSL	0:1239e9b70ca2	10626	unsigned char* to, CYASSL_RSA* rsa, int padding)
wolfSSL	0:1239e9b70ca2	10627	{
wolfSSL	0:1239e9b70ca2	10628	(void)len;
wolfSSL	0:1239e9b70ca2	10629	(void)fr;
wolfSSL	0:1239e9b70ca2	10630	(void)to;
wolfSSL	0:1239e9b70ca2	10631	(void)rsa;
wolfSSL	0:1239e9b70ca2	10632	(void)padding;
wolfSSL	0:1239e9b70ca2	10633
wolfSSL	0:1239e9b70ca2	10634	CYASSL_MSG("CyaSSL_RSA_private_decrypt");
wolfSSL	0:1239e9b70ca2	10635
wolfSSL	0:1239e9b70ca2	10636	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10637	}
wolfSSL	0:1239e9b70ca2	10638
wolfSSL	0:1239e9b70ca2	10639
wolfSSL	0:1239e9b70ca2	10640	int CyaSSL_RSA_size(const CYASSL_RSA* rsa)
wolfSSL	0:1239e9b70ca2	10641	{
wolfSSL	0:1239e9b70ca2	10642	CYASSL_MSG("CyaSSL_RSA_size");
wolfSSL	0:1239e9b70ca2	10643
wolfSSL	0:1239e9b70ca2	10644	if (rsa == NULL)
wolfSSL	0:1239e9b70ca2	10645	return 0;
wolfSSL	0:1239e9b70ca2	10646
wolfSSL	0:1239e9b70ca2	10647	return CyaSSL_BN_num_bytes(rsa->n);
wolfSSL	0:1239e9b70ca2	10648	}
wolfSSL	0:1239e9b70ca2	10649
wolfSSL	0:1239e9b70ca2	10650
wolfSSL	0:1239e9b70ca2	10651	#ifndef NO_DSA
wolfSSL	0:1239e9b70ca2	10652	/* return SSL_SUCCESS on success, < 0 otherwise */
wolfSSL	0:1239e9b70ca2	10653	int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
wolfSSL	0:1239e9b70ca2	10654	CYASSL_DSA* dsa)
wolfSSL	0:1239e9b70ca2	10655	{
wolfSSL	0:1239e9b70ca2	10656	RNG tmpRNG;
wolfSSL	0:1239e9b70ca2	10657	RNG* rng = &tmpRNG;
wolfSSL	0:1239e9b70ca2	10658
wolfSSL	0:1239e9b70ca2	10659	CYASSL_MSG("CyaSSL_DSA_do_sign");
wolfSSL	0:1239e9b70ca2	10660
wolfSSL	0:1239e9b70ca2	10661	if (d == NULL \|\| sigRet == NULL \|\| dsa == NULL) {
wolfSSL	0:1239e9b70ca2	10662	CYASSL_MSG("Bad function arguments");
wolfSSL	0:1239e9b70ca2	10663	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10664	}
wolfSSL	0:1239e9b70ca2	10665
wolfSSL	0:1239e9b70ca2	10666	if (dsa->inSet == 0) {
wolfSSL	0:1239e9b70ca2	10667	CYASSL_MSG("No DSA internal set");
wolfSSL	0:1239e9b70ca2	10668	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10669	}
wolfSSL	0:1239e9b70ca2	10670
wolfSSL	0:1239e9b70ca2	10671	if (InitRng(&tmpRNG) != 0) {
wolfSSL	0:1239e9b70ca2	10672	CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL	0:1239e9b70ca2	10673	if (initGlobalRNG == 0) {
wolfSSL	0:1239e9b70ca2	10674	CYASSL_MSG("Global RNG no Init");
wolfSSL	0:1239e9b70ca2	10675	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10676	}
wolfSSL	0:1239e9b70ca2	10677	rng = &globalRNG;
wolfSSL	0:1239e9b70ca2	10678	}
wolfSSL	0:1239e9b70ca2	10679
wolfSSL	0:1239e9b70ca2	10680	if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
wolfSSL	0:1239e9b70ca2	10681	CYASSL_MSG("DsaSign failed");
wolfSSL	0:1239e9b70ca2	10682	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10683	}
wolfSSL	0:1239e9b70ca2	10684
wolfSSL	0:1239e9b70ca2	10685	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	10686	}
wolfSSL	0:1239e9b70ca2	10687	#endif /* NO_DSA */
wolfSSL	0:1239e9b70ca2	10688
wolfSSL	0:1239e9b70ca2	10689
wolfSSL	0:1239e9b70ca2	10690	/* return SSL_SUCCES on ok, 0 otherwise */
wolfSSL	0:1239e9b70ca2	10691	int CyaSSL_RSA_sign(int type, const unsigned char* m,
wolfSSL	0:1239e9b70ca2	10692	unsigned int mLen, unsigned char* sigRet,
wolfSSL	0:1239e9b70ca2	10693	unsigned int* sigLen, CYASSL_RSA* rsa)
wolfSSL	0:1239e9b70ca2	10694	{
wolfSSL	0:1239e9b70ca2	10695	byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL	0:1239e9b70ca2	10696	word32 outLen;
wolfSSL	0:1239e9b70ca2	10697	word32 signSz;
wolfSSL	0:1239e9b70ca2	10698	RNG tmpRNG;
wolfSSL	0:1239e9b70ca2	10699	RNG* rng = &tmpRNG;
wolfSSL	0:1239e9b70ca2	10700
wolfSSL	0:1239e9b70ca2	10701	CYASSL_MSG("CyaSSL_RSA_sign");
wolfSSL	0:1239e9b70ca2	10702
wolfSSL	0:1239e9b70ca2	10703	if (m == NULL \|\| sigRet == NULL \|\| sigLen == NULL \|\| rsa == NULL) {
wolfSSL	0:1239e9b70ca2	10704	CYASSL_MSG("Bad function arguments");
wolfSSL	0:1239e9b70ca2	10705	return 0;
wolfSSL	0:1239e9b70ca2	10706	}
wolfSSL	0:1239e9b70ca2	10707
wolfSSL	0:1239e9b70ca2	10708	if (rsa->inSet == 0) {
wolfSSL	0:1239e9b70ca2	10709	CYASSL_MSG("No RSA internal set");
wolfSSL	0:1239e9b70ca2	10710	return 0;
wolfSSL	0:1239e9b70ca2	10711	}
wolfSSL	0:1239e9b70ca2	10712
wolfSSL	0:1239e9b70ca2	10713	outLen = (word32)CyaSSL_BN_num_bytes(rsa->n);
wolfSSL	0:1239e9b70ca2	10714	if (outLen == 0) {
wolfSSL	0:1239e9b70ca2	10715	CYASSL_MSG("Bad RSA size");
wolfSSL	0:1239e9b70ca2	10716	return 0;
wolfSSL	0:1239e9b70ca2	10717	}
wolfSSL	0:1239e9b70ca2	10718
wolfSSL	0:1239e9b70ca2	10719	if (InitRng(&tmpRNG) != 0) {
wolfSSL	0:1239e9b70ca2	10720	CYASSL_MSG("Bad RNG Init, trying global");
wolfSSL	0:1239e9b70ca2	10721	if (initGlobalRNG == 0) {
wolfSSL	0:1239e9b70ca2	10722	CYASSL_MSG("Global RNG no Init");
wolfSSL	0:1239e9b70ca2	10723	return 0;
wolfSSL	0:1239e9b70ca2	10724	}
wolfSSL	0:1239e9b70ca2	10725	rng = &globalRNG;
wolfSSL	0:1239e9b70ca2	10726	}
wolfSSL	0:1239e9b70ca2	10727
wolfSSL	0:1239e9b70ca2	10728	switch (type) {
wolfSSL	0:1239e9b70ca2	10729	case NID_md5:
wolfSSL	0:1239e9b70ca2	10730	type = MD5h;
wolfSSL	0:1239e9b70ca2	10731	break;
wolfSSL	0:1239e9b70ca2	10732
wolfSSL	0:1239e9b70ca2	10733	case NID_sha1:
wolfSSL	0:1239e9b70ca2	10734	type = SHAh;
wolfSSL	0:1239e9b70ca2	10735	break;
wolfSSL	0:1239e9b70ca2	10736
wolfSSL	0:1239e9b70ca2	10737	default:
wolfSSL	0:1239e9b70ca2	10738	CYASSL_MSG("Bad md type");
wolfSSL	0:1239e9b70ca2	10739	return 0;
wolfSSL	0:1239e9b70ca2	10740	}
wolfSSL	0:1239e9b70ca2	10741
wolfSSL	0:1239e9b70ca2	10742	signSz = EncodeSignature(encodedSig, m, mLen, type);
wolfSSL	0:1239e9b70ca2	10743	if (signSz == 0) {
wolfSSL	0:1239e9b70ca2	10744	CYASSL_MSG("Bad Encode Signature");
wolfSSL	0:1239e9b70ca2	10745	return 0;
wolfSSL	0:1239e9b70ca2	10746	}
wolfSSL	0:1239e9b70ca2	10747
wolfSSL	0:1239e9b70ca2	10748	*sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
wolfSSL	0:1239e9b70ca2	10749	(RsaKey*)rsa->internal, rng);
wolfSSL	0:1239e9b70ca2	10750	if (*sigLen <= 0) {
wolfSSL	0:1239e9b70ca2	10751	CYASSL_MSG("Bad Rsa Sign");
wolfSSL	0:1239e9b70ca2	10752	return 0;
wolfSSL	0:1239e9b70ca2	10753	}
wolfSSL	0:1239e9b70ca2	10754
wolfSSL	0:1239e9b70ca2	10755	CYASSL_MSG("CyaSSL_RSA_sign success");
wolfSSL	0:1239e9b70ca2	10756	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	10757	}
wolfSSL	0:1239e9b70ca2	10758
wolfSSL	0:1239e9b70ca2	10759
wolfSSL	0:1239e9b70ca2	10760	int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from,
wolfSSL	0:1239e9b70ca2	10761	unsigned char* to, CYASSL_RSA* rsa, int padding)
wolfSSL	0:1239e9b70ca2	10762	{
wolfSSL	0:1239e9b70ca2	10763	(void)flen;
wolfSSL	0:1239e9b70ca2	10764	(void)from;
wolfSSL	0:1239e9b70ca2	10765	(void)to;
wolfSSL	0:1239e9b70ca2	10766	(void)rsa;
wolfSSL	0:1239e9b70ca2	10767	(void)padding;
wolfSSL	0:1239e9b70ca2	10768
wolfSSL	0:1239e9b70ca2	10769	CYASSL_MSG("CyaSSL_RSA_public_decrypt");
wolfSSL	0:1239e9b70ca2	10770
wolfSSL	0:1239e9b70ca2	10771	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10772	}
wolfSSL	0:1239e9b70ca2	10773
wolfSSL	0:1239e9b70ca2	10774
wolfSSL	0:1239e9b70ca2	10775	/* generate p-1 and q-1, SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	10776	int CyaSSL_RSA_GenAdd(CYASSL_RSA* rsa)
wolfSSL	0:1239e9b70ca2	10777	{
wolfSSL	0:1239e9b70ca2	10778	int err;
wolfSSL	0:1239e9b70ca2	10779	mp_int tmp;
wolfSSL	0:1239e9b70ca2	10780
wolfSSL	0:1239e9b70ca2	10781	CYASSL_MSG("CyaSSL_RsaGenAdd");
wolfSSL	0:1239e9b70ca2	10782
wolfSSL	0:1239e9b70ca2	10783	if (rsa == NULL \|\| rsa->p == NULL \|\| rsa->q == NULL \|\| rsa->d == NULL \|\|
wolfSSL	0:1239e9b70ca2	10784	rsa->dmp1 == NULL \|\| rsa->dmq1 == NULL) {
wolfSSL	0:1239e9b70ca2	10785	CYASSL_MSG("rsa no init error");
wolfSSL	0:1239e9b70ca2	10786	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10787	}
wolfSSL	0:1239e9b70ca2	10788
wolfSSL	0:1239e9b70ca2	10789	if (mp_init(&tmp) != MP_OKAY) {
wolfSSL	0:1239e9b70ca2	10790	CYASSL_MSG("mp_init error");
wolfSSL	0:1239e9b70ca2	10791	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10792	}
wolfSSL	0:1239e9b70ca2	10793
wolfSSL	0:1239e9b70ca2	10794	err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
wolfSSL	0:1239e9b70ca2	10795	if (err != MP_OKAY) {
wolfSSL	0:1239e9b70ca2	10796	CYASSL_MSG("mp_sub_d error");
wolfSSL	0:1239e9b70ca2	10797	}
wolfSSL	0:1239e9b70ca2	10798	else
wolfSSL	0:1239e9b70ca2	10799	err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL	0:1239e9b70ca2	10800	(mp_int*)rsa->dmp1->internal);
wolfSSL	0:1239e9b70ca2	10801
wolfSSL	0:1239e9b70ca2	10802	if (err != MP_OKAY) {
wolfSSL	0:1239e9b70ca2	10803	CYASSL_MSG("mp_mod error");
wolfSSL	0:1239e9b70ca2	10804	}
wolfSSL	0:1239e9b70ca2	10805	else
wolfSSL	0:1239e9b70ca2	10806	err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
wolfSSL	0:1239e9b70ca2	10807	if (err != MP_OKAY) {
wolfSSL	0:1239e9b70ca2	10808	CYASSL_MSG("mp_sub_d error");
wolfSSL	0:1239e9b70ca2	10809	}
wolfSSL	0:1239e9b70ca2	10810	else
wolfSSL	0:1239e9b70ca2	10811	err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL	0:1239e9b70ca2	10812	(mp_int*)rsa->dmq1->internal);
wolfSSL	0:1239e9b70ca2	10813
wolfSSL	0:1239e9b70ca2	10814	mp_clear(&tmp);
wolfSSL	0:1239e9b70ca2	10815
wolfSSL	0:1239e9b70ca2	10816	if (err == MP_OKAY)
wolfSSL	0:1239e9b70ca2	10817	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	10818	else
wolfSSL	0:1239e9b70ca2	10819	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	10820	}
wolfSSL	0:1239e9b70ca2	10821
wolfSSL	0:1239e9b70ca2	10822
wolfSSL	0:1239e9b70ca2	10823	void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen,
wolfSSL	0:1239e9b70ca2	10824	const EVP_MD* type)
wolfSSL	0:1239e9b70ca2	10825	{
wolfSSL	0:1239e9b70ca2	10826	CYASSL_MSG("CyaSSL_HMAC_Init");
wolfSSL	0:1239e9b70ca2	10827
wolfSSL	0:1239e9b70ca2	10828	if (ctx == NULL) {
wolfSSL	0:1239e9b70ca2	10829	CYASSL_MSG("no ctx on init");
wolfSSL	0:1239e9b70ca2	10830	return;
wolfSSL	0:1239e9b70ca2	10831	}
wolfSSL	0:1239e9b70ca2	10832
wolfSSL	0:1239e9b70ca2	10833	if (type) {
wolfSSL	0:1239e9b70ca2	10834	CYASSL_MSG("init has type");
wolfSSL	0:1239e9b70ca2	10835
wolfSSL	0:1239e9b70ca2	10836	if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL	0:1239e9b70ca2	10837	CYASSL_MSG("md5 hmac");
wolfSSL	0:1239e9b70ca2	10838	ctx->type = MD5;
wolfSSL	0:1239e9b70ca2	10839	}
wolfSSL	0:1239e9b70ca2	10840	else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL	0:1239e9b70ca2	10841	CYASSL_MSG("sha256 hmac");
wolfSSL	0:1239e9b70ca2	10842	ctx->type = SHA256;
wolfSSL	0:1239e9b70ca2	10843	}
wolfSSL	0:1239e9b70ca2	10844
wolfSSL	0:1239e9b70ca2	10845	/* has to be last since would pick or 256, 384, or 512 too */
wolfSSL	0:1239e9b70ca2	10846	else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL	0:1239e9b70ca2	10847	CYASSL_MSG("sha hmac");
wolfSSL	0:1239e9b70ca2	10848	ctx->type = SHA;
wolfSSL	0:1239e9b70ca2	10849	}
wolfSSL	0:1239e9b70ca2	10850	else {
wolfSSL	0:1239e9b70ca2	10851	CYASSL_MSG("bad init type");
wolfSSL	0:1239e9b70ca2	10852	}
wolfSSL	0:1239e9b70ca2	10853	}
wolfSSL	0:1239e9b70ca2	10854
wolfSSL	0:1239e9b70ca2	10855	if (key && keylen) {
wolfSSL	0:1239e9b70ca2	10856	CYASSL_MSG("keying hmac");
wolfSSL	0:1239e9b70ca2	10857	HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
wolfSSL	0:1239e9b70ca2	10858	/* OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	10859	}
wolfSSL	0:1239e9b70ca2	10860	}
wolfSSL	0:1239e9b70ca2	10861
wolfSSL	0:1239e9b70ca2	10862
wolfSSL	0:1239e9b70ca2	10863	void CyaSSL_HMAC_Update(CYASSL_HMAC_CTX* ctx, const unsigned char* data,
wolfSSL	0:1239e9b70ca2	10864	int len)
wolfSSL	0:1239e9b70ca2	10865	{
wolfSSL	0:1239e9b70ca2	10866	CYASSL_MSG("CyaSSL_HMAC_Update");
wolfSSL	0:1239e9b70ca2	10867
wolfSSL	0:1239e9b70ca2	10868	if (ctx && data) {
wolfSSL	0:1239e9b70ca2	10869	CYASSL_MSG("updating hmac");
wolfSSL	0:1239e9b70ca2	10870	HmacUpdate(&ctx->hmac, data, (word32)len);
wolfSSL	0:1239e9b70ca2	10871	/* OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	10872	}
wolfSSL	0:1239e9b70ca2	10873	}
wolfSSL	0:1239e9b70ca2	10874
wolfSSL	0:1239e9b70ca2	10875
wolfSSL	0:1239e9b70ca2	10876	void CyaSSL_HMAC_Final(CYASSL_HMAC_CTX* ctx, unsigned char* hash,
wolfSSL	0:1239e9b70ca2	10877	unsigned int* len)
wolfSSL	0:1239e9b70ca2	10878	{
wolfSSL	0:1239e9b70ca2	10879	CYASSL_MSG("CyaSSL_HMAC_Final");
wolfSSL	0:1239e9b70ca2	10880
wolfSSL	0:1239e9b70ca2	10881	if (ctx && hash) {
wolfSSL	0:1239e9b70ca2	10882	CYASSL_MSG("final hmac");
wolfSSL	0:1239e9b70ca2	10883	HmacFinal(&ctx->hmac, hash);
wolfSSL	0:1239e9b70ca2	10884	/* OpenSSL compat, no error */
wolfSSL	0:1239e9b70ca2	10885
wolfSSL	0:1239e9b70ca2	10886	if (len) {
wolfSSL	0:1239e9b70ca2	10887	CYASSL_MSG("setting output len");
wolfSSL	0:1239e9b70ca2	10888	switch (ctx->type) {
wolfSSL	0:1239e9b70ca2	10889	case MD5:
wolfSSL	0:1239e9b70ca2	10890	*len = MD5_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	10891	break;
wolfSSL	0:1239e9b70ca2	10892
wolfSSL	0:1239e9b70ca2	10893	case SHA:
wolfSSL	0:1239e9b70ca2	10894	*len = SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	10895	break;
wolfSSL	0:1239e9b70ca2	10896
wolfSSL	0:1239e9b70ca2	10897	case SHA256:
wolfSSL	0:1239e9b70ca2	10898	*len = SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	10899	break;
wolfSSL	0:1239e9b70ca2	10900
wolfSSL	0:1239e9b70ca2	10901	default:
wolfSSL	0:1239e9b70ca2	10902	CYASSL_MSG("bad hmac type");
wolfSSL	0:1239e9b70ca2	10903	}
wolfSSL	0:1239e9b70ca2	10904	}
wolfSSL	0:1239e9b70ca2	10905	}
wolfSSL	0:1239e9b70ca2	10906	}
wolfSSL	0:1239e9b70ca2	10907
wolfSSL	0:1239e9b70ca2	10908
wolfSSL	0:1239e9b70ca2	10909	void CyaSSL_HMAC_cleanup(CYASSL_HMAC_CTX* ctx)
wolfSSL	0:1239e9b70ca2	10910	{
wolfSSL	0:1239e9b70ca2	10911	(void)ctx;
wolfSSL	0:1239e9b70ca2	10912
wolfSSL	0:1239e9b70ca2	10913	CYASSL_MSG("CyaSSL_HMAC_cleanup");
wolfSSL	0:1239e9b70ca2	10914	}
wolfSSL	0:1239e9b70ca2	10915
wolfSSL	0:1239e9b70ca2	10916
wolfSSL	0:1239e9b70ca2	10917	const CYASSL_EVP_MD* CyaSSL_EVP_get_digestbynid(int id)
wolfSSL	0:1239e9b70ca2	10918	{
wolfSSL	0:1239e9b70ca2	10919	CYASSL_MSG("CyaSSL_get_digestbynid");
wolfSSL	0:1239e9b70ca2	10920
wolfSSL	0:1239e9b70ca2	10921	switch(id) {
wolfSSL	0:1239e9b70ca2	10922	case NID_md5:
wolfSSL	0:1239e9b70ca2	10923	return CyaSSL_EVP_md5();
wolfSSL	0:1239e9b70ca2	10924
wolfSSL	0:1239e9b70ca2	10925	case NID_sha1:
wolfSSL	0:1239e9b70ca2	10926	return CyaSSL_EVP_sha1();
wolfSSL	0:1239e9b70ca2	10927
wolfSSL	0:1239e9b70ca2	10928	default:
wolfSSL	0:1239e9b70ca2	10929	CYASSL_MSG("Bad digest id value");
wolfSSL	0:1239e9b70ca2	10930	}
wolfSSL	0:1239e9b70ca2	10931
wolfSSL	0:1239e9b70ca2	10932	return NULL;
wolfSSL	0:1239e9b70ca2	10933	}
wolfSSL	0:1239e9b70ca2	10934
wolfSSL	0:1239e9b70ca2	10935
wolfSSL	0:1239e9b70ca2	10936	CYASSL_RSA* CyaSSL_EVP_PKEY_get1_RSA(CYASSL_EVP_PKEY* key)
wolfSSL	0:1239e9b70ca2	10937	{
wolfSSL	0:1239e9b70ca2	10938	(void)key;
wolfSSL	0:1239e9b70ca2	10939	CYASSL_MSG("CyaSSL_EVP_PKEY_get1_RSA");
wolfSSL	0:1239e9b70ca2	10940
wolfSSL	0:1239e9b70ca2	10941	return NULL;
wolfSSL	0:1239e9b70ca2	10942	}
wolfSSL	0:1239e9b70ca2	10943
wolfSSL	0:1239e9b70ca2	10944
wolfSSL	0:1239e9b70ca2	10945	CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY* key)
wolfSSL	0:1239e9b70ca2	10946	{
wolfSSL	0:1239e9b70ca2	10947	(void)key;
wolfSSL	0:1239e9b70ca2	10948	CYASSL_MSG("CyaSSL_EVP_PKEY_get1_DSA");
wolfSSL	0:1239e9b70ca2	10949
wolfSSL	0:1239e9b70ca2	10950	return NULL;
wolfSSL	0:1239e9b70ca2	10951	}
wolfSSL	0:1239e9b70ca2	10952
wolfSSL	0:1239e9b70ca2	10953
wolfSSL	0:1239e9b70ca2	10954	void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL	0:1239e9b70ca2	10955	{
wolfSSL	0:1239e9b70ca2	10956	CYASSL_MSG("CyaSSL_EVP_X_STATE");
wolfSSL	0:1239e9b70ca2	10957
wolfSSL	0:1239e9b70ca2	10958	if (ctx) {
wolfSSL	0:1239e9b70ca2	10959	switch (ctx->cipherType) {
wolfSSL	0:1239e9b70ca2	10960	case ARC4_TYPE:
wolfSSL	0:1239e9b70ca2	10961	CYASSL_MSG("returning arc4 state");
wolfSSL	0:1239e9b70ca2	10962	return (void*)&ctx->cipher.arc4.x;
wolfSSL	0:1239e9b70ca2	10963
wolfSSL	0:1239e9b70ca2	10964	default:
wolfSSL	0:1239e9b70ca2	10965	CYASSL_MSG("bad x state type");
wolfSSL	0:1239e9b70ca2	10966	return 0;
wolfSSL	0:1239e9b70ca2	10967	}
wolfSSL	0:1239e9b70ca2	10968	}
wolfSSL	0:1239e9b70ca2	10969
wolfSSL	0:1239e9b70ca2	10970	return NULL;
wolfSSL	0:1239e9b70ca2	10971	}
wolfSSL	0:1239e9b70ca2	10972
wolfSSL	0:1239e9b70ca2	10973
wolfSSL	0:1239e9b70ca2	10974	int CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL	0:1239e9b70ca2	10975	{
wolfSSL	0:1239e9b70ca2	10976	CYASSL_MSG("CyaSSL_EVP_X_STATE_LEN");
wolfSSL	0:1239e9b70ca2	10977
wolfSSL	0:1239e9b70ca2	10978	if (ctx) {
wolfSSL	0:1239e9b70ca2	10979	switch (ctx->cipherType) {
wolfSSL	0:1239e9b70ca2	10980	case ARC4_TYPE:
wolfSSL	0:1239e9b70ca2	10981	CYASSL_MSG("returning arc4 state size");
wolfSSL	0:1239e9b70ca2	10982	return sizeof(Arc4);
wolfSSL	0:1239e9b70ca2	10983
wolfSSL	0:1239e9b70ca2	10984	default:
wolfSSL	0:1239e9b70ca2	10985	CYASSL_MSG("bad x state type");
wolfSSL	0:1239e9b70ca2	10986	return 0;
wolfSSL	0:1239e9b70ca2	10987	}
wolfSSL	0:1239e9b70ca2	10988	}
wolfSSL	0:1239e9b70ca2	10989
wolfSSL	0:1239e9b70ca2	10990	return 0;
wolfSSL	0:1239e9b70ca2	10991	}
wolfSSL	0:1239e9b70ca2	10992
wolfSSL	0:1239e9b70ca2	10993
wolfSSL	0:1239e9b70ca2	10994	void CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL	0:1239e9b70ca2	10995	unsigned char* iv, int len)
wolfSSL	0:1239e9b70ca2	10996	{
wolfSSL	0:1239e9b70ca2	10997	(void)len;
wolfSSL	0:1239e9b70ca2	10998
wolfSSL	0:1239e9b70ca2	10999	CYASSL_MSG("CyaSSL_3des_iv");
wolfSSL	0:1239e9b70ca2	11000
wolfSSL	0:1239e9b70ca2	11001	if (ctx == NULL \|\| iv == NULL) {
wolfSSL	0:1239e9b70ca2	11002	CYASSL_MSG("Bad function argument");
wolfSSL	0:1239e9b70ca2	11003	return;
wolfSSL	0:1239e9b70ca2	11004	}
wolfSSL	0:1239e9b70ca2	11005
wolfSSL	0:1239e9b70ca2	11006	if (doset)
wolfSSL	0:1239e9b70ca2	11007	Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
wolfSSL	0:1239e9b70ca2	11008	else
wolfSSL	0:1239e9b70ca2	11009	memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	11010	}
wolfSSL	0:1239e9b70ca2	11011
wolfSSL	0:1239e9b70ca2	11012
wolfSSL	0:1239e9b70ca2	11013	void CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL	0:1239e9b70ca2	11014	unsigned char* iv, int len)
wolfSSL	0:1239e9b70ca2	11015	{
wolfSSL	0:1239e9b70ca2	11016	(void)len;
wolfSSL	0:1239e9b70ca2	11017
wolfSSL	0:1239e9b70ca2	11018	CYASSL_MSG("CyaSSL_aes_ctr_iv");
wolfSSL	0:1239e9b70ca2	11019
wolfSSL	0:1239e9b70ca2	11020	if (ctx == NULL \|\| iv == NULL) {
wolfSSL	0:1239e9b70ca2	11021	CYASSL_MSG("Bad function argument");
wolfSSL	0:1239e9b70ca2	11022	return;
wolfSSL	0:1239e9b70ca2	11023	}
wolfSSL	0:1239e9b70ca2	11024
wolfSSL	0:1239e9b70ca2	11025	if (doset)
wolfSSL	0:1239e9b70ca2	11026	AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
wolfSSL	0:1239e9b70ca2	11027	else
wolfSSL	0:1239e9b70ca2	11028	memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL	0:1239e9b70ca2	11029	}
wolfSSL	0:1239e9b70ca2	11030
wolfSSL	0:1239e9b70ca2	11031
wolfSSL	0:1239e9b70ca2	11032	const CYASSL_EVP_MD* CyaSSL_EVP_ripemd160(void)
wolfSSL	0:1239e9b70ca2	11033	{
wolfSSL	0:1239e9b70ca2	11034	CYASSL_MSG("CyaSSL_ripemd160");
wolfSSL	0:1239e9b70ca2	11035
wolfSSL	0:1239e9b70ca2	11036	return NULL;
wolfSSL	0:1239e9b70ca2	11037	}
wolfSSL	0:1239e9b70ca2	11038
wolfSSL	0:1239e9b70ca2	11039
wolfSSL	0:1239e9b70ca2	11040	int CyaSSL_EVP_MD_size(const CYASSL_EVP_MD* type)
wolfSSL	0:1239e9b70ca2	11041	{
wolfSSL	0:1239e9b70ca2	11042	CYASSL_MSG("CyaSSL_EVP_MD_size");
wolfSSL	0:1239e9b70ca2	11043
wolfSSL	0:1239e9b70ca2	11044	if (type == NULL) {
wolfSSL	0:1239e9b70ca2	11045	CYASSL_MSG("No md type arg");
wolfSSL	0:1239e9b70ca2	11046	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	11047	}
wolfSSL	0:1239e9b70ca2	11048
wolfSSL	0:1239e9b70ca2	11049	if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL	0:1239e9b70ca2	11050	return MD5_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	11051	}
wolfSSL	0:1239e9b70ca2	11052	else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL	0:1239e9b70ca2	11053	return SHA256_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	11054	}
wolfSSL	0:1239e9b70ca2	11055	#ifdef CYASSL_SHA384
wolfSSL	0:1239e9b70ca2	11056	else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL	0:1239e9b70ca2	11057	return SHA384_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	11058	}
wolfSSL	0:1239e9b70ca2	11059	#endif
wolfSSL	0:1239e9b70ca2	11060	#ifdef CYASSL_SHA512
wolfSSL	0:1239e9b70ca2	11061	else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL	0:1239e9b70ca2	11062	return SHA512_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	11063	}
wolfSSL	0:1239e9b70ca2	11064	#endif
wolfSSL	0:1239e9b70ca2	11065	/* has to be last since would pick or 256, 384, or 512 too */
wolfSSL	0:1239e9b70ca2	11066	else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL	0:1239e9b70ca2	11067	return SHA_DIGEST_SIZE;
wolfSSL	0:1239e9b70ca2	11068	}
wolfSSL	0:1239e9b70ca2	11069
wolfSSL	0:1239e9b70ca2	11070	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	11071	}
wolfSSL	0:1239e9b70ca2	11072
wolfSSL	0:1239e9b70ca2	11073
wolfSSL	0:1239e9b70ca2	11074	int CyaSSL_EVP_CIPHER_CTX_iv_length(const CYASSL_EVP_CIPHER_CTX* ctx)
wolfSSL	0:1239e9b70ca2	11075	{
wolfSSL	0:1239e9b70ca2	11076	CYASSL_MSG("CyaSSL_EVP_CIPHER_CTX_iv_length");
wolfSSL	0:1239e9b70ca2	11077
wolfSSL	0:1239e9b70ca2	11078	switch (ctx->cipherType) {
wolfSSL	0:1239e9b70ca2	11079
wolfSSL	0:1239e9b70ca2	11080	case AES_128_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	11081	case AES_192_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	11082	case AES_256_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	11083	CYASSL_MSG("AES CBC");
wolfSSL	0:1239e9b70ca2	11084	return AES_BLOCK_SIZE;
wolfSSL	0:1239e9b70ca2	11085
wolfSSL	0:1239e9b70ca2	11086	#ifdef CYASSL_AES_COUNTER
wolfSSL	0:1239e9b70ca2	11087	case AES_128_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	11088	case AES_192_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	11089	case AES_256_CTR_TYPE :
wolfSSL	0:1239e9b70ca2	11090	CYASSL_MSG("AES CTR");
wolfSSL	0:1239e9b70ca2	11091	return AES_BLOCK_SIZE;
wolfSSL	0:1239e9b70ca2	11092	#endif
wolfSSL	0:1239e9b70ca2	11093
wolfSSL	0:1239e9b70ca2	11094	case DES_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	11095	CYASSL_MSG("DES CBC");
wolfSSL	0:1239e9b70ca2	11096	return DES_BLOCK_SIZE;
wolfSSL	0:1239e9b70ca2	11097
wolfSSL	0:1239e9b70ca2	11098	case DES_EDE3_CBC_TYPE :
wolfSSL	0:1239e9b70ca2	11099	CYASSL_MSG("DES EDE3 CBC");
wolfSSL	0:1239e9b70ca2	11100	return DES_BLOCK_SIZE;
wolfSSL	0:1239e9b70ca2	11101
wolfSSL	0:1239e9b70ca2	11102	case ARC4_TYPE :
wolfSSL	0:1239e9b70ca2	11103	CYASSL_MSG("ARC4");
wolfSSL	0:1239e9b70ca2	11104	return 0;
wolfSSL	0:1239e9b70ca2	11105
wolfSSL	0:1239e9b70ca2	11106	case NULL_CIPHER_TYPE :
wolfSSL	0:1239e9b70ca2	11107	CYASSL_MSG("NULL");
wolfSSL	0:1239e9b70ca2	11108	return 0;
wolfSSL	0:1239e9b70ca2	11109
wolfSSL	0:1239e9b70ca2	11110	default: {
wolfSSL	0:1239e9b70ca2	11111	CYASSL_MSG("bad type");
wolfSSL	0:1239e9b70ca2	11112	}
wolfSSL	0:1239e9b70ca2	11113	}
wolfSSL	0:1239e9b70ca2	11114	return 0;
wolfSSL	0:1239e9b70ca2	11115	}
wolfSSL	0:1239e9b70ca2	11116
wolfSSL	0:1239e9b70ca2	11117
wolfSSL	0:1239e9b70ca2	11118	void CyaSSL_OPENSSL_free(void* p)
wolfSSL	0:1239e9b70ca2	11119	{
wolfSSL	0:1239e9b70ca2	11120	CYASSL_MSG("CyaSSL_OPENSSL_free");
wolfSSL	0:1239e9b70ca2	11121
wolfSSL	0:1239e9b70ca2	11122	XFREE(p, NULL, 0);
wolfSSL	0:1239e9b70ca2	11123	}
wolfSSL	0:1239e9b70ca2	11124
wolfSSL	0:1239e9b70ca2	11125
wolfSSL	0:1239e9b70ca2	11126	int CyaSSL_PEM_write_bio_RSAPrivateKey(CYASSL_BIO* bio, RSA* rsa,
wolfSSL	0:1239e9b70ca2	11127	const EVP_CIPHER* cipher,
wolfSSL	0:1239e9b70ca2	11128	unsigned char* passwd, int len,
wolfSSL	0:1239e9b70ca2	11129	pem_password_cb cb, void* arg)
wolfSSL	0:1239e9b70ca2	11130	{
wolfSSL	0:1239e9b70ca2	11131	(void)bio;
wolfSSL	0:1239e9b70ca2	11132	(void)rsa;
wolfSSL	0:1239e9b70ca2	11133	(void)cipher;
wolfSSL	0:1239e9b70ca2	11134	(void)passwd;
wolfSSL	0:1239e9b70ca2	11135	(void)len;
wolfSSL	0:1239e9b70ca2	11136	(void)cb;
wolfSSL	0:1239e9b70ca2	11137	(void)arg;
wolfSSL	0:1239e9b70ca2	11138
wolfSSL	0:1239e9b70ca2	11139	CYASSL_MSG("CyaSSL_PEM_write_bio_RSAPrivateKey");
wolfSSL	0:1239e9b70ca2	11140
wolfSSL	0:1239e9b70ca2	11141	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	11142	}
wolfSSL	0:1239e9b70ca2	11143
wolfSSL	0:1239e9b70ca2	11144
wolfSSL	0:1239e9b70ca2	11145
wolfSSL	0:1239e9b70ca2	11146	int CyaSSL_PEM_write_bio_DSAPrivateKey(CYASSL_BIO* bio, DSA* rsa,
wolfSSL	0:1239e9b70ca2	11147	const EVP_CIPHER* cipher,
wolfSSL	0:1239e9b70ca2	11148	unsigned char* passwd, int len,
wolfSSL	0:1239e9b70ca2	11149	pem_password_cb cb, void* arg)
wolfSSL	0:1239e9b70ca2	11150	{
wolfSSL	0:1239e9b70ca2	11151	(void)bio;
wolfSSL	0:1239e9b70ca2	11152	(void)rsa;
wolfSSL	0:1239e9b70ca2	11153	(void)cipher;
wolfSSL	0:1239e9b70ca2	11154	(void)passwd;
wolfSSL	0:1239e9b70ca2	11155	(void)len;
wolfSSL	0:1239e9b70ca2	11156	(void)cb;
wolfSSL	0:1239e9b70ca2	11157	(void)arg;
wolfSSL	0:1239e9b70ca2	11158
wolfSSL	0:1239e9b70ca2	11159	CYASSL_MSG("CyaSSL_PEM_write_bio_DSAPrivateKey");
wolfSSL	0:1239e9b70ca2	11160
wolfSSL	0:1239e9b70ca2	11161	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	11162	}
wolfSSL	0:1239e9b70ca2	11163
wolfSSL	0:1239e9b70ca2	11164
wolfSSL	0:1239e9b70ca2	11165
wolfSSL	0:1239e9b70ca2	11166	CYASSL_EVP_PKEY* CyaSSL_PEM_read_bio_PrivateKey(CYASSL_BIO* bio,
wolfSSL	0:1239e9b70ca2	11167	CYASSL_EVP_PKEY** key, pem_password_cb cb, void* arg)
wolfSSL	0:1239e9b70ca2	11168	{
wolfSSL	0:1239e9b70ca2	11169	(void)bio;
wolfSSL	0:1239e9b70ca2	11170	(void)key;
wolfSSL	0:1239e9b70ca2	11171	(void)cb;
wolfSSL	0:1239e9b70ca2	11172	(void)arg;
wolfSSL	0:1239e9b70ca2	11173
wolfSSL	0:1239e9b70ca2	11174	CYASSL_MSG("CyaSSL_PEM_read_bio_PrivateKey");
wolfSSL	0:1239e9b70ca2	11175
wolfSSL	0:1239e9b70ca2	11176	return NULL;
wolfSSL	0:1239e9b70ca2	11177	}
wolfSSL	0:1239e9b70ca2	11178
wolfSSL	0:1239e9b70ca2	11179
wolfSSL	0:1239e9b70ca2	11180
wolfSSL	0:1239e9b70ca2	11181
wolfSSL	0:1239e9b70ca2	11182	/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
wolfSSL	0:1239e9b70ca2	11183	int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
wolfSSL	0:1239e9b70ca2	11184	{
wolfSSL	0:1239e9b70ca2	11185	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	11186	int ret;
wolfSSL	0:1239e9b70ca2	11187
wolfSSL	0:1239e9b70ca2	11188	CYASSL_ENTER("CyaSSL_RSA_LoadDer");
wolfSSL	0:1239e9b70ca2	11189
wolfSSL	0:1239e9b70ca2	11190	if (rsa == NULL \|\| rsa->internal == NULL \|\| der == NULL \|\| derSz <= 0) {
wolfSSL	0:1239e9b70ca2	11191	CYASSL_MSG("Bad function arguments");
wolfSSL	0:1239e9b70ca2	11192	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	11193	}
wolfSSL	0:1239e9b70ca2	11194
wolfSSL	0:1239e9b70ca2	11195	ret = RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz);
wolfSSL	0:1239e9b70ca2	11196	if (ret < 0) {
wolfSSL	0:1239e9b70ca2	11197	CYASSL_MSG("RsaPrivateKeyDecode failed");
wolfSSL	0:1239e9b70ca2	11198	return ret;
wolfSSL	0:1239e9b70ca2	11199	}
wolfSSL	0:1239e9b70ca2	11200
wolfSSL	0:1239e9b70ca2	11201	if (SetRsaExternal(rsa) < 0) {
wolfSSL	0:1239e9b70ca2	11202	CYASSL_MSG("SetRsaExternal failed");
wolfSSL	0:1239e9b70ca2	11203	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	11204	}
wolfSSL	0:1239e9b70ca2	11205
wolfSSL	0:1239e9b70ca2	11206	rsa->inSet = 1;
wolfSSL	0:1239e9b70ca2	11207
wolfSSL	0:1239e9b70ca2	11208	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	11209	}
wolfSSL	0:1239e9b70ca2	11210
wolfSSL	0:1239e9b70ca2	11211
wolfSSL	0:1239e9b70ca2	11212	#ifndef NO_DSA
wolfSSL	0:1239e9b70ca2	11213	/* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
wolfSSL	0:1239e9b70ca2	11214	int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
wolfSSL	0:1239e9b70ca2	11215	{
wolfSSL	0:1239e9b70ca2	11216	word32 idx = 0;
wolfSSL	0:1239e9b70ca2	11217	int ret;
wolfSSL	0:1239e9b70ca2	11218
wolfSSL	0:1239e9b70ca2	11219	CYASSL_ENTER("CyaSSL_DSA_LoadDer");
wolfSSL	0:1239e9b70ca2	11220
wolfSSL	0:1239e9b70ca2	11221	if (dsa == NULL \|\| dsa->internal == NULL \|\| der == NULL \|\| derSz <= 0) {
wolfSSL	0:1239e9b70ca2	11222	CYASSL_MSG("Bad function arguments");
wolfSSL	0:1239e9b70ca2	11223	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	11224	}
wolfSSL	0:1239e9b70ca2	11225
wolfSSL	0:1239e9b70ca2	11226	ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz);
wolfSSL	0:1239e9b70ca2	11227	if (ret < 0) {
wolfSSL	0:1239e9b70ca2	11228	CYASSL_MSG("DsaPrivateKeyDecode failed");
wolfSSL	0:1239e9b70ca2	11229	return ret;
wolfSSL	0:1239e9b70ca2	11230	}
wolfSSL	0:1239e9b70ca2	11231
wolfSSL	0:1239e9b70ca2	11232	if (SetDsaExternal(dsa) < 0) {
wolfSSL	0:1239e9b70ca2	11233	CYASSL_MSG("SetDsaExternal failed");
wolfSSL	0:1239e9b70ca2	11234	return SSL_FATAL_ERROR;
wolfSSL	0:1239e9b70ca2	11235	}
wolfSSL	0:1239e9b70ca2	11236
wolfSSL	0:1239e9b70ca2	11237	dsa->inSet = 1;
wolfSSL	0:1239e9b70ca2	11238
wolfSSL	0:1239e9b70ca2	11239	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	11240	}
wolfSSL	0:1239e9b70ca2	11241	#endif /* NO_DSA */
wolfSSL	0:1239e9b70ca2	11242
wolfSSL	0:1239e9b70ca2	11243
wolfSSL	0:1239e9b70ca2	11244
wolfSSL	0:1239e9b70ca2	11245
wolfSSL	0:1239e9b70ca2	11246	#endif /* OPENSSL_EXTRA */
wolfSSL	0:1239e9b70ca2	11247
wolfSSL	0:1239e9b70ca2	11248
wolfSSL	0:1239e9b70ca2	11249	#ifdef SESSION_CERTS
wolfSSL	0:1239e9b70ca2	11250
wolfSSL	0:1239e9b70ca2	11251
wolfSSL	0:1239e9b70ca2	11252	/* Get peer's certificate chain */
wolfSSL	0:1239e9b70ca2	11253	CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	11254	{
wolfSSL	0:1239e9b70ca2	11255	CYASSL_ENTER("CyaSSL_get_peer_chain");
wolfSSL	0:1239e9b70ca2	11256	if (ssl)
wolfSSL	0:1239e9b70ca2	11257	return &ssl->session.chain;
wolfSSL	0:1239e9b70ca2	11258
wolfSSL	0:1239e9b70ca2	11259	return 0;
wolfSSL	0:1239e9b70ca2	11260	}
wolfSSL	0:1239e9b70ca2	11261
wolfSSL	0:1239e9b70ca2	11262
wolfSSL	0:1239e9b70ca2	11263	/* Get peer's certificate chain total count */
wolfSSL	0:1239e9b70ca2	11264	int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain)
wolfSSL	0:1239e9b70ca2	11265	{
wolfSSL	0:1239e9b70ca2	11266	CYASSL_ENTER("CyaSSL_get_chain_count");
wolfSSL	0:1239e9b70ca2	11267	if (chain)
wolfSSL	0:1239e9b70ca2	11268	return chain->count;
wolfSSL	0:1239e9b70ca2	11269
wolfSSL	0:1239e9b70ca2	11270	return 0;
wolfSSL	0:1239e9b70ca2	11271	}
wolfSSL	0:1239e9b70ca2	11272
wolfSSL	0:1239e9b70ca2	11273
wolfSSL	0:1239e9b70ca2	11274	/* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */
wolfSSL	0:1239e9b70ca2	11275	int CyaSSL_get_chain_length(CYASSL_X509_CHAIN* chain, int idx)
wolfSSL	0:1239e9b70ca2	11276	{
wolfSSL	0:1239e9b70ca2	11277	CYASSL_ENTER("CyaSSL_get_chain_length");
wolfSSL	0:1239e9b70ca2	11278	if (chain)
wolfSSL	0:1239e9b70ca2	11279	return chain->certs[idx].length;
wolfSSL	0:1239e9b70ca2	11280
wolfSSL	0:1239e9b70ca2	11281	return 0;
wolfSSL	0:1239e9b70ca2	11282	}
wolfSSL	0:1239e9b70ca2	11283
wolfSSL	0:1239e9b70ca2	11284
wolfSSL	0:1239e9b70ca2	11285	/* Get peer's ASN.1 DER ceritifcate at index (idx) */
wolfSSL	0:1239e9b70ca2	11286	byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx)
wolfSSL	0:1239e9b70ca2	11287	{
wolfSSL	0:1239e9b70ca2	11288	CYASSL_ENTER("CyaSSL_get_chain_cert");
wolfSSL	0:1239e9b70ca2	11289	if (chain)
wolfSSL	0:1239e9b70ca2	11290	return chain->certs[idx].buffer;
wolfSSL	0:1239e9b70ca2	11291
wolfSSL	0:1239e9b70ca2	11292	return 0;
wolfSSL	0:1239e9b70ca2	11293	}
wolfSSL	0:1239e9b70ca2	11294
wolfSSL	0:1239e9b70ca2	11295
wolfSSL	0:1239e9b70ca2	11296	/* Get peer's CyaSSL X509 ceritifcate at index (idx) */
wolfSSL	0:1239e9b70ca2	11297	CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx)
wolfSSL	0:1239e9b70ca2	11298	{
wolfSSL	0:1239e9b70ca2	11299	int ret;
wolfSSL	0:1239e9b70ca2	11300	CYASSL_X509* x509;
wolfSSL	0:1239e9b70ca2	11301	DecodedCert dCert;
wolfSSL	0:1239e9b70ca2	11302
wolfSSL	0:1239e9b70ca2	11303	CYASSL_ENTER("CyaSSL_get_chain_X509");
wolfSSL	0:1239e9b70ca2	11304	if (chain == NULL)
wolfSSL	0:1239e9b70ca2	11305	return NULL;
wolfSSL	0:1239e9b70ca2	11306
wolfSSL	0:1239e9b70ca2	11307	InitDecodedCert(&dCert, chain->certs[idx].buffer, chain->certs[idx].length,
wolfSSL	0:1239e9b70ca2	11308	NULL);
wolfSSL	0:1239e9b70ca2	11309	ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
wolfSSL	0:1239e9b70ca2	11310	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	11311	CYASSL_MSG("Failed to parse cert");
wolfSSL	0:1239e9b70ca2	11312	FreeDecodedCert(&dCert);
wolfSSL	0:1239e9b70ca2	11313	return NULL;
wolfSSL	0:1239e9b70ca2	11314	}
wolfSSL	0:1239e9b70ca2	11315
wolfSSL	0:1239e9b70ca2	11316	x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	11317	if (x509 == NULL) {
wolfSSL	0:1239e9b70ca2	11318	CYASSL_MSG("Failed alloc X509");
wolfSSL	0:1239e9b70ca2	11319	FreeDecodedCert(&dCert);
wolfSSL	0:1239e9b70ca2	11320	return NULL;
wolfSSL	0:1239e9b70ca2	11321	}
wolfSSL	0:1239e9b70ca2	11322	InitX509(x509, 1);
wolfSSL	0:1239e9b70ca2	11323
wolfSSL	0:1239e9b70ca2	11324	ret = CopyDecodedToX509(x509, &dCert);
wolfSSL	0:1239e9b70ca2	11325	if (ret != 0) {
wolfSSL	0:1239e9b70ca2	11326	CYASSL_MSG("Failed to copy decoded");
wolfSSL	0:1239e9b70ca2	11327	XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL	0:1239e9b70ca2	11328	x509 = NULL;
wolfSSL	0:1239e9b70ca2	11329	}
wolfSSL	0:1239e9b70ca2	11330	FreeDecodedCert(&dCert);
wolfSSL	0:1239e9b70ca2	11331
wolfSSL	0:1239e9b70ca2	11332	return x509;
wolfSSL	0:1239e9b70ca2	11333	}
wolfSSL	0:1239e9b70ca2	11334
wolfSSL	0:1239e9b70ca2	11335
wolfSSL	0:1239e9b70ca2	11336	/* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
wolfSSL	0:1239e9b70ca2	11337	enough else return error (-1), output length is in *outLen
wolfSSL	0:1239e9b70ca2	11338	SSL_SUCCESS on ok */
wolfSSL	0:1239e9b70ca2	11339	int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx,
wolfSSL	0:1239e9b70ca2	11340	unsigned char* buf, int inLen, int* outLen)
wolfSSL	0:1239e9b70ca2	11341	{
wolfSSL	0:1239e9b70ca2	11342	const char header[] = "-----BEGIN CERTIFICATE-----\n";
wolfSSL	0:1239e9b70ca2	11343	const char footer[] = "-----END CERTIFICATE-----\n";
wolfSSL	0:1239e9b70ca2	11344
wolfSSL	0:1239e9b70ca2	11345	int headerLen = sizeof(header) - 1;
wolfSSL	0:1239e9b70ca2	11346	int footerLen = sizeof(footer) - 1;
wolfSSL	0:1239e9b70ca2	11347	int i;
wolfSSL	0:1239e9b70ca2	11348	int err;
wolfSSL	0:1239e9b70ca2	11349
wolfSSL	0:1239e9b70ca2	11350	CYASSL_ENTER("CyaSSL_get_chain_cert_pem");
wolfSSL	0:1239e9b70ca2	11351	if (!chain \|\| !outLen \|\| !buf)
wolfSSL	0:1239e9b70ca2	11352	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	11353
wolfSSL	0:1239e9b70ca2	11354	/* don't even try if inLen too short */
wolfSSL	0:1239e9b70ca2	11355	if (inLen < headerLen + footerLen + chain->certs[idx].length)
wolfSSL	0:1239e9b70ca2	11356	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	11357
wolfSSL	0:1239e9b70ca2	11358	/* header */
wolfSSL	0:1239e9b70ca2	11359	XMEMCPY(buf, header, headerLen);
wolfSSL	0:1239e9b70ca2	11360	i = headerLen;
wolfSSL	0:1239e9b70ca2	11361
wolfSSL	0:1239e9b70ca2	11362	/* body */
wolfSSL	0:1239e9b70ca2	11363	outLen = inLen; / input to Base64_Encode */
wolfSSL	0:1239e9b70ca2	11364	if ( (err = Base64_Encode(chain->certs[idx].buffer,
wolfSSL	0:1239e9b70ca2	11365	chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
wolfSSL	0:1239e9b70ca2	11366	return err;
wolfSSL	0:1239e9b70ca2	11367	i += *outLen;
wolfSSL	0:1239e9b70ca2	11368
wolfSSL	0:1239e9b70ca2	11369	/* footer */
wolfSSL	0:1239e9b70ca2	11370	if ( (i + footerLen) > inLen)
wolfSSL	0:1239e9b70ca2	11371	return BAD_FUNC_ARG;
wolfSSL	0:1239e9b70ca2	11372	XMEMCPY(buf + i, footer, footerLen);
wolfSSL	0:1239e9b70ca2	11373	*outLen += headerLen + footerLen;
wolfSSL	0:1239e9b70ca2	11374
wolfSSL	0:1239e9b70ca2	11375	return SSL_SUCCESS;
wolfSSL	0:1239e9b70ca2	11376	}
wolfSSL	0:1239e9b70ca2	11377
wolfSSL	0:1239e9b70ca2	11378
wolfSSL	0:1239e9b70ca2	11379	/* get session ID */
wolfSSL	0:1239e9b70ca2	11380	const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
wolfSSL	0:1239e9b70ca2	11381	{
wolfSSL	0:1239e9b70ca2	11382	CYASSL_ENTER("CyaSSL_get_sessionID");
wolfSSL	0:1239e9b70ca2	11383	if (session)
wolfSSL	0:1239e9b70ca2	11384	return session->sessionID;
wolfSSL	0:1239e9b70ca2	11385
wolfSSL	0:1239e9b70ca2	11386	return NULL;
wolfSSL	0:1239e9b70ca2	11387	}
wolfSSL	0:1239e9b70ca2	11388
wolfSSL	0:1239e9b70ca2	11389
wolfSSL	0:1239e9b70ca2	11390	#endif /* SESSION_CERTS */
wolfSSL	0:1239e9b70ca2	11391
wolfSSL	0:1239e9b70ca2	11392
wolfSSL	0:1239e9b70ca2	11393	#ifndef NO_CERTS
wolfSSL	0:1239e9b70ca2	11394	#ifdef HAVE_PK_CALLBACKS
wolfSSL	0:1239e9b70ca2	11395
wolfSSL	0:1239e9b70ca2	11396	#ifdef HAVE_ECC
wolfSSL	0:1239e9b70ca2	11397
wolfSSL	0:1239e9b70ca2	11398	void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX* ctx, CallbackEccSign cb)
wolfSSL	0:1239e9b70ca2	11399	{
wolfSSL	0:1239e9b70ca2	11400	if (ctx)
wolfSSL	0:1239e9b70ca2	11401	ctx->EccSignCb = cb;
wolfSSL	0:1239e9b70ca2	11402	}
wolfSSL	0:1239e9b70ca2	11403
wolfSSL	0:1239e9b70ca2	11404
wolfSSL	0:1239e9b70ca2	11405	void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx)
wolfSSL	0:1239e9b70ca2	11406	{
wolfSSL	0:1239e9b70ca2	11407	if (ssl)
wolfSSL	0:1239e9b70ca2	11408	ssl->EccSignCtx = ctx;
wolfSSL	0:1239e9b70ca2	11409	}
wolfSSL	0:1239e9b70ca2	11410
wolfSSL	0:1239e9b70ca2	11411
wolfSSL	0:1239e9b70ca2	11412	void* CyaSSL_GetEccSignCtx(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	11413	{
wolfSSL	0:1239e9b70ca2	11414	if (ssl)
wolfSSL	0:1239e9b70ca2	11415	return ssl->EccSignCtx;
wolfSSL	0:1239e9b70ca2	11416
wolfSSL	0:1239e9b70ca2	11417	return NULL;
wolfSSL	0:1239e9b70ca2	11418	}
wolfSSL	0:1239e9b70ca2	11419
wolfSSL	0:1239e9b70ca2	11420
wolfSSL	0:1239e9b70ca2	11421	void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX* ctx, CallbackEccVerify cb)
wolfSSL	0:1239e9b70ca2	11422	{
wolfSSL	0:1239e9b70ca2	11423	if (ctx)
wolfSSL	0:1239e9b70ca2	11424	ctx->EccVerifyCb = cb;
wolfSSL	0:1239e9b70ca2	11425	}
wolfSSL	0:1239e9b70ca2	11426
wolfSSL	0:1239e9b70ca2	11427
wolfSSL	0:1239e9b70ca2	11428	void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx)
wolfSSL	0:1239e9b70ca2	11429	{
wolfSSL	0:1239e9b70ca2	11430	if (ssl)
wolfSSL	0:1239e9b70ca2	11431	ssl->EccVerifyCtx = ctx;
wolfSSL	0:1239e9b70ca2	11432	}
wolfSSL	0:1239e9b70ca2	11433
wolfSSL	0:1239e9b70ca2	11434
wolfSSL	0:1239e9b70ca2	11435	void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	11436	{
wolfSSL	0:1239e9b70ca2	11437	if (ssl)
wolfSSL	0:1239e9b70ca2	11438	return ssl->EccVerifyCtx;
wolfSSL	0:1239e9b70ca2	11439
wolfSSL	0:1239e9b70ca2	11440	return NULL;
wolfSSL	0:1239e9b70ca2	11441	}
wolfSSL	0:1239e9b70ca2	11442
wolfSSL	0:1239e9b70ca2	11443	#endif /* HAVE_ECC */
wolfSSL	0:1239e9b70ca2	11444
wolfSSL	0:1239e9b70ca2	11445	#ifndef NO_RSA
wolfSSL	0:1239e9b70ca2	11446
wolfSSL	0:1239e9b70ca2	11447	void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX* ctx, CallbackRsaSign cb)
wolfSSL	0:1239e9b70ca2	11448	{
wolfSSL	0:1239e9b70ca2	11449	if (ctx)
wolfSSL	0:1239e9b70ca2	11450	ctx->RsaSignCb = cb;
wolfSSL	0:1239e9b70ca2	11451	}
wolfSSL	0:1239e9b70ca2	11452
wolfSSL	0:1239e9b70ca2	11453
wolfSSL	0:1239e9b70ca2	11454	void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx)
wolfSSL	0:1239e9b70ca2	11455	{
wolfSSL	0:1239e9b70ca2	11456	if (ssl)
wolfSSL	0:1239e9b70ca2	11457	ssl->RsaSignCtx = ctx;
wolfSSL	0:1239e9b70ca2	11458	}
wolfSSL	0:1239e9b70ca2	11459
wolfSSL	0:1239e9b70ca2	11460
wolfSSL	0:1239e9b70ca2	11461	void* CyaSSL_GetRsaSignCtx(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	11462	{
wolfSSL	0:1239e9b70ca2	11463	if (ssl)
wolfSSL	0:1239e9b70ca2	11464	return ssl->RsaSignCtx;
wolfSSL	0:1239e9b70ca2	11465
wolfSSL	0:1239e9b70ca2	11466	return NULL;
wolfSSL	0:1239e9b70ca2	11467	}
wolfSSL	0:1239e9b70ca2	11468
wolfSSL	0:1239e9b70ca2	11469
wolfSSL	0:1239e9b70ca2	11470	void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX* ctx, CallbackRsaVerify cb)
wolfSSL	0:1239e9b70ca2	11471	{
wolfSSL	0:1239e9b70ca2	11472	if (ctx)
wolfSSL	0:1239e9b70ca2	11473	ctx->RsaVerifyCb = cb;
wolfSSL	0:1239e9b70ca2	11474	}
wolfSSL	0:1239e9b70ca2	11475
wolfSSL	0:1239e9b70ca2	11476
wolfSSL	0:1239e9b70ca2	11477	void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx)
wolfSSL	0:1239e9b70ca2	11478	{
wolfSSL	0:1239e9b70ca2	11479	if (ssl)
wolfSSL	0:1239e9b70ca2	11480	ssl->RsaVerifyCtx = ctx;
wolfSSL	0:1239e9b70ca2	11481	}
wolfSSL	0:1239e9b70ca2	11482
wolfSSL	0:1239e9b70ca2	11483
wolfSSL	0:1239e9b70ca2	11484	void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	11485	{
wolfSSL	0:1239e9b70ca2	11486	if (ssl)
wolfSSL	0:1239e9b70ca2	11487	return ssl->RsaVerifyCtx;
wolfSSL	0:1239e9b70ca2	11488
wolfSSL	0:1239e9b70ca2	11489	return NULL;
wolfSSL	0:1239e9b70ca2	11490	}
wolfSSL	0:1239e9b70ca2	11491
wolfSSL	0:1239e9b70ca2	11492	void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX* ctx, CallbackRsaEnc cb)
wolfSSL	0:1239e9b70ca2	11493	{
wolfSSL	0:1239e9b70ca2	11494	if (ctx)
wolfSSL	0:1239e9b70ca2	11495	ctx->RsaEncCb = cb;
wolfSSL	0:1239e9b70ca2	11496	}
wolfSSL	0:1239e9b70ca2	11497
wolfSSL	0:1239e9b70ca2	11498
wolfSSL	0:1239e9b70ca2	11499	void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx)
wolfSSL	0:1239e9b70ca2	11500	{
wolfSSL	0:1239e9b70ca2	11501	if (ssl)
wolfSSL	0:1239e9b70ca2	11502	ssl->RsaEncCtx = ctx;
wolfSSL	0:1239e9b70ca2	11503	}
wolfSSL	0:1239e9b70ca2	11504
wolfSSL	0:1239e9b70ca2	11505
wolfSSL	0:1239e9b70ca2	11506	void* CyaSSL_GetRsaEncCtx(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	11507	{
wolfSSL	0:1239e9b70ca2	11508	if (ssl)
wolfSSL	0:1239e9b70ca2	11509	return ssl->RsaEncCtx;
wolfSSL	0:1239e9b70ca2	11510
wolfSSL	0:1239e9b70ca2	11511	return NULL;
wolfSSL	0:1239e9b70ca2	11512	}
wolfSSL	0:1239e9b70ca2	11513
wolfSSL	0:1239e9b70ca2	11514	void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX* ctx, CallbackRsaDec cb)
wolfSSL	0:1239e9b70ca2	11515	{
wolfSSL	0:1239e9b70ca2	11516	if (ctx)
wolfSSL	0:1239e9b70ca2	11517	ctx->RsaDecCb = cb;
wolfSSL	0:1239e9b70ca2	11518	}
wolfSSL	0:1239e9b70ca2	11519
wolfSSL	0:1239e9b70ca2	11520
wolfSSL	0:1239e9b70ca2	11521	void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx)
wolfSSL	0:1239e9b70ca2	11522	{
wolfSSL	0:1239e9b70ca2	11523	if (ssl)
wolfSSL	0:1239e9b70ca2	11524	ssl->RsaDecCtx = ctx;
wolfSSL	0:1239e9b70ca2	11525	}
wolfSSL	0:1239e9b70ca2	11526
wolfSSL	0:1239e9b70ca2	11527
wolfSSL	0:1239e9b70ca2	11528	void* CyaSSL_GetRsaDecCtx(CYASSL* ssl)
wolfSSL	0:1239e9b70ca2	11529	{
wolfSSL	0:1239e9b70ca2	11530	if (ssl)
wolfSSL	0:1239e9b70ca2	11531	return ssl->RsaDecCtx;
wolfSSL	0:1239e9b70ca2	11532
wolfSSL	0:1239e9b70ca2	11533	return NULL;
wolfSSL	0:1239e9b70ca2	11534	}
wolfSSL	0:1239e9b70ca2	11535
wolfSSL	0:1239e9b70ca2	11536
wolfSSL	0:1239e9b70ca2	11537	#endif /* NO_RSA */
wolfSSL	0:1239e9b70ca2	11538
wolfSSL	0:1239e9b70ca2	11539	#endif /* HAVE_PK_CALLBACKS */
wolfSSL	0:1239e9b70ca2	11540	#endif /* NO_CERTS */
wolfSSL	0:1239e9b70ca2	11541
wolfSSL	0:1239e9b70ca2	11542
wolfSSL	0:1239e9b70ca2	11543	#ifdef CYASSL_HAVE_WOLFSCEP
wolfSSL	0:1239e9b70ca2	11544	/* Used by autoconf to see if wolfSCEP is available */
wolfSSL	0:1239e9b70ca2	11545	void CyaSSL_wolfSCEP(void) {}
wolfSSL	0:1239e9b70ca2	11546	#endif
wolfSSL	0:1239e9b70ca2	11547
wolfSSL	0:1239e9b70ca2	11548
wolfSSL	0:1239e9b70ca2	11549	#ifdef CYASSL_HAVE_CERT_SERVICE
wolfSSL	0:1239e9b70ca2	11550	/* Used by autoconf to see if cert service is available */
wolfSSL	0:1239e9b70ca2	11551	void CyaSSL_cert_service(void) {}
wolfSSL	0:1239e9b70ca2	11552	#endif
wolfSSL	0:1239e9b70ca2	11553
wolfSSL	0:1239e9b70ca2	11554

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	03 Mar 2015
Imports:	2
Forks:	0
Commits:	5
Dependents:	1
Dependencies:	0
Followers:	2

src/ssl.c@4:28ac50e1d49c, 2015-03-03 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning