Francois Berder / cyassl-lib

fork of cyassl-lib

Dependents:   TLS_cyassl TLS_cyassl

internal.c@4:f377303c41be, 2013-09-16 (annotated)

Committer:
feb11
Date:
Mon Sep 16 09:53:35 2013 +0000
Revision:
4:f377303c41be
Parent:
0:714293de3836 
changed settings

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ashleymills 0:714293de3836 1 /* internal.c
ashleymills 0:714293de3836 2 *
ashleymills 0:714293de3836 3 * Copyright (C) 2006-2013 wolfSSL Inc.
ashleymills 0:714293de3836 4 *
ashleymills 0:714293de3836 5 * This file is part of CyaSSL.
ashleymills 0:714293de3836 6 *
ashleymills 0:714293de3836 7 * CyaSSL is free software; you can redistribute it and/or modify
ashleymills 0:714293de3836 8 * it under the terms of the GNU General Public License as published by
ashleymills 0:714293de3836 9 * the Free Software Foundation; either version 2 of the License, or
ashleymills 0:714293de3836 10 * (at your option) any later version.
ashleymills 0:714293de3836 11 *
ashleymills 0:714293de3836 12 * CyaSSL is distributed in the hope that it will be useful,
ashleymills 0:714293de3836 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
ashleymills 0:714293de3836 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ashleymills 0:714293de3836 15 * GNU General Public License for more details.
ashleymills 0:714293de3836 16 *
ashleymills 0:714293de3836 17 * You should have received a copy of the GNU General Public License
ashleymills 0:714293de3836 18 * along with this program; if not, write to the Free Software
ashleymills 0:714293de3836 19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
ashleymills 0:714293de3836 20 */
ashleymills 0:714293de3836 21
ashleymills 0:714293de3836 22
ashleymills 0:714293de3836 23 #ifdef HAVE_CONFIG_H
ashleymills 0:714293de3836 24 #include <config.h>
ashleymills 0:714293de3836 25 #endif
ashleymills 0:714293de3836 26
ashleymills 0:714293de3836 27 #include <cyassl/ctaocrypt/settings.h>
ashleymills 0:714293de3836 28
ashleymills 0:714293de3836 29 #include <cyassl/internal.h>
ashleymills 0:714293de3836 30 #include <cyassl/ctaoerror.h>
ashleymills 0:714293de3836 31 #include <cyassl/ctaocrypt/asn.h>
ashleymills 0:714293de3836 32
ashleymills 0:714293de3836 33 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 34 #include "zlib.h"
ashleymills 0:714293de3836 35 #endif
ashleymills 0:714293de3836 36
ashleymills 0:714293de3836 37 #ifdef HAVE_NTRU
ashleymills 0:714293de3836 38 #include "crypto_ntru.h"
ashleymills 0:714293de3836 39 #endif
ashleymills 0:714293de3836 40
ashleymills 0:714293de3836 41 #if defined(DEBUG_CYASSL) || defined(SHOW_SECRETS)
ashleymills 0:714293de3836 42 #ifdef FREESCALE_MQX
ashleymills 0:714293de3836 43 #include <fio.h>
ashleymills 0:714293de3836 44 #else
ashleymills 0:714293de3836 45 #include <stdio.h>
ashleymills 0:714293de3836 46 #endif
ashleymills 0:714293de3836 47 #endif
ashleymills 0:714293de3836 48
ashleymills 0:714293de3836 49 #ifdef __sun
ashleymills 0:714293de3836 50 #include <sys/filio.h>
ashleymills 0:714293de3836 51 #endif
ashleymills 0:714293de3836 52
ashleymills 0:714293de3836 53 #ifndef TRUE
ashleymills 0:714293de3836 54 #define TRUE 1
ashleymills 0:714293de3836 55 #endif
ashleymills 0:714293de3836 56 #ifndef FALSE
ashleymills 0:714293de3836 57 #define FALSE 0
ashleymills 0:714293de3836 58 #endif
ashleymills 0:714293de3836 59
ashleymills 0:714293de3836 60
ashleymills 0:714293de3836 61 #if defined(OPENSSL_EXTRA) && defined(NO_DH)
ashleymills 0:714293de3836 62 #error OPENSSL_EXTRA needs DH, please remove NO_DH
ashleymills 0:714293de3836 63 #endif
ashleymills 0:714293de3836 64
ashleymills 0:714293de3836 65 #if defined(CYASSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS)
ashleymills 0:714293de3836 66 #error \
ashleymills 0:714293de3836 67 CYASSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
ashleymills 0:714293de3836 68 #endif
ashleymills 0:714293de3836 69
ashleymills 0:714293de3836 70
ashleymills 0:714293de3836 71 #ifndef NO_CYASSL_CLIENT
ashleymills 0:714293de3836 72 static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input, word32*);
ashleymills 0:714293de3836 73 static int DoServerHello(CYASSL* ssl, const byte* input, word32*, word32);
ashleymills 0:714293de3836 74 static int DoServerKeyExchange(CYASSL* ssl, const byte* input, word32*);
ashleymills 0:714293de3836 75 #ifndef NO_CERTS
ashleymills 0:714293de3836 76 static int DoCertificateRequest(CYASSL* ssl, const byte* input,word32*);
ashleymills 0:714293de3836 77 #endif
ashleymills 0:714293de3836 78 #endif
ashleymills 0:714293de3836 79
ashleymills 0:714293de3836 80
ashleymills 0:714293de3836 81 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 82 static int DoClientHello(CYASSL* ssl, const byte* input, word32*, word32,
ashleymills 0:714293de3836 83 word32);
ashleymills 0:714293de3836 84 static int DoClientKeyExchange(CYASSL* ssl, byte* input, word32*, word32);
ashleymills 0:714293de3836 85 #if !defined(NO_RSA) || defined(HAVE_ECC)
ashleymills 0:714293de3836 86 static int DoCertificateVerify(CYASSL* ssl, byte*, word32*, word32);
ashleymills 0:714293de3836 87 #endif
ashleymills 0:714293de3836 88 #endif
ashleymills 0:714293de3836 89
ashleymills 0:714293de3836 90 typedef enum {
ashleymills 0:714293de3836 91 doProcessInit = 0,
ashleymills 0:714293de3836 92 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 93 runProcessOldClientHello,
ashleymills 0:714293de3836 94 #endif
ashleymills 0:714293de3836 95 getRecordLayerHeader,
ashleymills 0:714293de3836 96 getData,
ashleymills 0:714293de3836 97 runProcessingOneMessage
ashleymills 0:714293de3836 98 } processReply;
ashleymills 0:714293de3836 99
ashleymills 0:714293de3836 100 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 101 static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
ashleymills 0:714293de3836 102 int content, int verify);
ashleymills 0:714293de3836 103
ashleymills 0:714293de3836 104 #endif
ashleymills 0:714293de3836 105
ashleymills 0:714293de3836 106 #ifndef NO_CERTS
ashleymills 0:714293de3836 107 static void BuildCertHashes(CYASSL* ssl, Hashes* hashes);
ashleymills 0:714293de3836 108 #endif
ashleymills 0:714293de3836 109
ashleymills 0:714293de3836 110 static void PickHashSigAlgo(CYASSL* ssl,
ashleymills 0:714293de3836 111 const byte* hashSigAlgo, word32 hashSigAlgoSz);
ashleymills 0:714293de3836 112
ashleymills 0:714293de3836 113 #ifndef min
ashleymills 0:714293de3836 114
ashleymills 0:714293de3836 115 static INLINE word32 min(word32 a, word32 b)
ashleymills 0:714293de3836 116 {
ashleymills 0:714293de3836 117 return a > b ? b : a;
ashleymills 0:714293de3836 118 }
ashleymills 0:714293de3836 119
ashleymills 0:714293de3836 120 #endif /* min */
ashleymills 0:714293de3836 121
ashleymills 0:714293de3836 122
ashleymills 0:714293de3836 123 int IsTLS(const CYASSL* ssl)
ashleymills 0:714293de3836 124 {
ashleymills 0:714293de3836 125 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
ashleymills 0:714293de3836 126 return 1;
ashleymills 0:714293de3836 127
ashleymills 0:714293de3836 128 return 0;
ashleymills 0:714293de3836 129 }
ashleymills 0:714293de3836 130
ashleymills 0:714293de3836 131
ashleymills 0:714293de3836 132 int IsAtLeastTLSv1_2(const CYASSL* ssl)
ashleymills 0:714293de3836 133 {
ashleymills 0:714293de3836 134 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
ashleymills 0:714293de3836 135 return 1;
ashleymills 0:714293de3836 136 if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR)
ashleymills 0:714293de3836 137 return 1;
ashleymills 0:714293de3836 138
ashleymills 0:714293de3836 139 return 0;
ashleymills 0:714293de3836 140 }
ashleymills 0:714293de3836 141
ashleymills 0:714293de3836 142
ashleymills 0:714293de3836 143 #ifdef HAVE_NTRU
ashleymills 0:714293de3836 144
ashleymills 0:714293de3836 145 static byte GetEntropy(ENTROPY_CMD cmd, byte* out)
ashleymills 0:714293de3836 146 {
ashleymills 0:714293de3836 147 /* TODO: add locking? */
ashleymills 0:714293de3836 148 static RNG rng;
ashleymills 0:714293de3836 149
ashleymills 0:714293de3836 150 if (cmd == INIT) {
ashleymills 0:714293de3836 151 int ret = InitRng(&rng);
ashleymills 0:714293de3836 152 if (ret == 0)
ashleymills 0:714293de3836 153 return 1;
ashleymills 0:714293de3836 154 else
ashleymills 0:714293de3836 155 return 0;
ashleymills 0:714293de3836 156 }
ashleymills 0:714293de3836 157
ashleymills 0:714293de3836 158 if (out == NULL)
ashleymills 0:714293de3836 159 return 0;
ashleymills 0:714293de3836 160
ashleymills 0:714293de3836 161 if (cmd == GET_BYTE_OF_ENTROPY) {
ashleymills 0:714293de3836 162 RNG_GenerateBlock(&rng, out, 1);
ashleymills 0:714293de3836 163 return 1;
ashleymills 0:714293de3836 164 }
ashleymills 0:714293de3836 165
ashleymills 0:714293de3836 166 if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
ashleymills 0:714293de3836 167 *out = 1;
ashleymills 0:714293de3836 168 return 1;
ashleymills 0:714293de3836 169 }
ashleymills 0:714293de3836 170
ashleymills 0:714293de3836 171 return 0;
ashleymills 0:714293de3836 172 }
ashleymills 0:714293de3836 173
ashleymills 0:714293de3836 174 #endif /* HAVE_NTRU */
ashleymills 0:714293de3836 175
ashleymills 0:714293de3836 176 /* used by ssl.c too */
ashleymills 0:714293de3836 177 void c32to24(word32 in, word24 out)
ashleymills 0:714293de3836 178 {
ashleymills 0:714293de3836 179 out[0] = (in >> 16) & 0xff;
ashleymills 0:714293de3836 180 out[1] = (in >> 8) & 0xff;
ashleymills 0:714293de3836 181 out[2] = in & 0xff;
ashleymills 0:714293de3836 182 }
ashleymills 0:714293de3836 183
ashleymills 0:714293de3836 184
ashleymills 0:714293de3836 185 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 186
ashleymills 0:714293de3836 187 static INLINE void c32to48(word32 in, byte out[6])
ashleymills 0:714293de3836 188 {
ashleymills 0:714293de3836 189 out[0] = 0;
ashleymills 0:714293de3836 190 out[1] = 0;
ashleymills 0:714293de3836 191 out[2] = (in >> 24) & 0xff;
ashleymills 0:714293de3836 192 out[3] = (in >> 16) & 0xff;
ashleymills 0:714293de3836 193 out[4] = (in >> 8) & 0xff;
ashleymills 0:714293de3836 194 out[5] = in & 0xff;
ashleymills 0:714293de3836 195 }
ashleymills 0:714293de3836 196
ashleymills 0:714293de3836 197 #endif /* CYASSL_DTLS */
ashleymills 0:714293de3836 198
ashleymills 0:714293de3836 199
ashleymills 0:714293de3836 200 /* convert 16 bit integer to opaque */
ashleymills 0:714293de3836 201 static INLINE void c16toa(word16 u16, byte* c)
ashleymills 0:714293de3836 202 {
ashleymills 0:714293de3836 203 c[0] = (u16 >> 8) & 0xff;
ashleymills 0:714293de3836 204 c[1] = u16 & 0xff;
ashleymills 0:714293de3836 205 }
ashleymills 0:714293de3836 206
ashleymills 0:714293de3836 207
ashleymills 0:714293de3836 208 /* convert 32 bit integer to opaque */
ashleymills 0:714293de3836 209 static INLINE void c32toa(word32 u32, byte* c)
ashleymills 0:714293de3836 210 {
ashleymills 0:714293de3836 211 c[0] = (u32 >> 24) & 0xff;
ashleymills 0:714293de3836 212 c[1] = (u32 >> 16) & 0xff;
ashleymills 0:714293de3836 213 c[2] = (u32 >> 8) & 0xff;
ashleymills 0:714293de3836 214 c[3] = u32 & 0xff;
ashleymills 0:714293de3836 215 }
ashleymills 0:714293de3836 216
ashleymills 0:714293de3836 217
ashleymills 0:714293de3836 218 /* convert a 24 bit integer into a 32 bit one */
ashleymills 0:714293de3836 219 static INLINE void c24to32(const word24 u24, word32* u32)
ashleymills 0:714293de3836 220 {
ashleymills 0:714293de3836 221 *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
ashleymills 0:714293de3836 222 }
ashleymills 0:714293de3836 223
ashleymills 0:714293de3836 224
ashleymills 0:714293de3836 225 /* convert opaque to 16 bit integer */
ashleymills 0:714293de3836 226 static INLINE void ato16(const byte* c, word16* u16)
ashleymills 0:714293de3836 227 {
ashleymills 0:714293de3836 228 *u16 = (c[0] << 8) | (c[1]);
ashleymills 0:714293de3836 229 }
ashleymills 0:714293de3836 230
ashleymills 0:714293de3836 231
ashleymills 0:714293de3836 232 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 233
ashleymills 0:714293de3836 234 /* convert opaque to 32 bit integer */
ashleymills 0:714293de3836 235 static INLINE void ato32(const byte* c, word32* u32)
ashleymills 0:714293de3836 236 {
ashleymills 0:714293de3836 237 *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
ashleymills 0:714293de3836 238 }
ashleymills 0:714293de3836 239
ashleymills 0:714293de3836 240 #endif /* CYASSL_DTLS */
ashleymills 0:714293de3836 241
ashleymills 0:714293de3836 242
ashleymills 0:714293de3836 243 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 244
ashleymills 0:714293de3836 245 /* alloc user allocs to work with zlib */
ashleymills 0:714293de3836 246 static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
ashleymills 0:714293de3836 247 {
ashleymills 0:714293de3836 248 (void)opaque;
ashleymills 0:714293de3836 249 return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
ashleymills 0:714293de3836 250 }
ashleymills 0:714293de3836 251
ashleymills 0:714293de3836 252
ashleymills 0:714293de3836 253 static void myFree(void* opaque, void* memory)
ashleymills 0:714293de3836 254 {
ashleymills 0:714293de3836 255 (void)opaque;
ashleymills 0:714293de3836 256 XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
ashleymills 0:714293de3836 257 }
ashleymills 0:714293de3836 258
ashleymills 0:714293de3836 259
ashleymills 0:714293de3836 260 /* init zlib comp/decomp streams, 0 on success */
ashleymills 0:714293de3836 261 static int InitStreams(CYASSL* ssl)
ashleymills 0:714293de3836 262 {
ashleymills 0:714293de3836 263 ssl->c_stream.zalloc = (alloc_func)myAlloc;
ashleymills 0:714293de3836 264 ssl->c_stream.zfree = (free_func)myFree;
ashleymills 0:714293de3836 265 ssl->c_stream.opaque = (voidpf)ssl->heap;
ashleymills 0:714293de3836 266
ashleymills 0:714293de3836 267 if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK)
ashleymills 0:714293de3836 268 return ZLIB_INIT_ERROR;
ashleymills 0:714293de3836 269
ashleymills 0:714293de3836 270 ssl->didStreamInit = 1;
ashleymills 0:714293de3836 271
ashleymills 0:714293de3836 272 ssl->d_stream.zalloc = (alloc_func)myAlloc;
ashleymills 0:714293de3836 273 ssl->d_stream.zfree = (free_func)myFree;
ashleymills 0:714293de3836 274 ssl->d_stream.opaque = (voidpf)ssl->heap;
ashleymills 0:714293de3836 275
ashleymills 0:714293de3836 276 if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR;
ashleymills 0:714293de3836 277
ashleymills 0:714293de3836 278 return 0;
ashleymills 0:714293de3836 279 }
ashleymills 0:714293de3836 280
ashleymills 0:714293de3836 281
ashleymills 0:714293de3836 282 static void FreeStreams(CYASSL* ssl)
ashleymills 0:714293de3836 283 {
ashleymills 0:714293de3836 284 if (ssl->didStreamInit) {
ashleymills 0:714293de3836 285 deflateEnd(&ssl->c_stream);
ashleymills 0:714293de3836 286 inflateEnd(&ssl->d_stream);
ashleymills 0:714293de3836 287 }
ashleymills 0:714293de3836 288 }
ashleymills 0:714293de3836 289
ashleymills 0:714293de3836 290
ashleymills 0:714293de3836 291 /* compress in to out, return out size or error */
ashleymills 0:714293de3836 292 static int myCompress(CYASSL* ssl, byte* in, int inSz, byte* out, int outSz)
ashleymills 0:714293de3836 293 {
ashleymills 0:714293de3836 294 int err;
ashleymills 0:714293de3836 295 int currTotal = (int)ssl->c_stream.total_out;
ashleymills 0:714293de3836 296
ashleymills 0:714293de3836 297 ssl->c_stream.next_in = in;
ashleymills 0:714293de3836 298 ssl->c_stream.avail_in = inSz;
ashleymills 0:714293de3836 299 ssl->c_stream.next_out = out;
ashleymills 0:714293de3836 300 ssl->c_stream.avail_out = outSz;
ashleymills 0:714293de3836 301
ashleymills 0:714293de3836 302 err = deflate(&ssl->c_stream, Z_SYNC_FLUSH);
ashleymills 0:714293de3836 303 if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR;
ashleymills 0:714293de3836 304
ashleymills 0:714293de3836 305 return (int)ssl->c_stream.total_out - currTotal;
ashleymills 0:714293de3836 306 }
ashleymills 0:714293de3836 307
ashleymills 0:714293de3836 308
ashleymills 0:714293de3836 309 /* decompress in to out, returnn out size or error */
ashleymills 0:714293de3836 310 static int myDeCompress(CYASSL* ssl, byte* in,int inSz, byte* out,int outSz)
ashleymills 0:714293de3836 311 {
ashleymills 0:714293de3836 312 int err;
ashleymills 0:714293de3836 313 int currTotal = (int)ssl->d_stream.total_out;
ashleymills 0:714293de3836 314
ashleymills 0:714293de3836 315 ssl->d_stream.next_in = in;
ashleymills 0:714293de3836 316 ssl->d_stream.avail_in = inSz;
ashleymills 0:714293de3836 317 ssl->d_stream.next_out = out;
ashleymills 0:714293de3836 318 ssl->d_stream.avail_out = outSz;
ashleymills 0:714293de3836 319
ashleymills 0:714293de3836 320 err = inflate(&ssl->d_stream, Z_SYNC_FLUSH);
ashleymills 0:714293de3836 321 if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR;
ashleymills 0:714293de3836 322
ashleymills 0:714293de3836 323 return (int)ssl->d_stream.total_out - currTotal;
ashleymills 0:714293de3836 324 }
ashleymills 0:714293de3836 325
ashleymills 0:714293de3836 326 #endif /* HAVE_LIBZ */
ashleymills 0:714293de3836 327
ashleymills 0:714293de3836 328
ashleymills 0:714293de3836 329 void InitSSL_Method(CYASSL_METHOD* method, ProtocolVersion pv)
ashleymills 0:714293de3836 330 {
ashleymills 0:714293de3836 331 method->version = pv;
ashleymills 0:714293de3836 332 method->side = CLIENT_END;
ashleymills 0:714293de3836 333 method->downgrade = 0;
ashleymills 0:714293de3836 334 }
ashleymills 0:714293de3836 335
ashleymills 0:714293de3836 336
ashleymills 0:714293de3836 337 /* Initialze SSL context, return 0 on success */
ashleymills 0:714293de3836 338 int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method)
ashleymills 0:714293de3836 339 {
ashleymills 0:714293de3836 340 ctx->method = method;
ashleymills 0:714293de3836 341 ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
ashleymills 0:714293de3836 342 #ifndef NO_CERTS
ashleymills 0:714293de3836 343 ctx->certificate.buffer = 0;
ashleymills 0:714293de3836 344 ctx->certChain.buffer = 0;
ashleymills 0:714293de3836 345 ctx->privateKey.buffer = 0;
ashleymills 0:714293de3836 346 ctx->serverDH_P.buffer = 0;
ashleymills 0:714293de3836 347 ctx->serverDH_G.buffer = 0;
ashleymills 0:714293de3836 348 #endif
ashleymills 0:714293de3836 349 ctx->haveDH = 0;
ashleymills 0:714293de3836 350 ctx->haveNTRU = 0; /* start off */
ashleymills 0:714293de3836 351 ctx->haveECDSAsig = 0; /* start off */
ashleymills 0:714293de3836 352 ctx->haveStaticECC = 0; /* start off */
ashleymills 0:714293de3836 353 ctx->heap = ctx; /* defaults to self */
ashleymills 0:714293de3836 354 #ifndef NO_PSK
ashleymills 0:714293de3836 355 ctx->havePSK = 0;
ashleymills 0:714293de3836 356 ctx->server_hint[0] = 0;
ashleymills 0:714293de3836 357 ctx->client_psk_cb = 0;
ashleymills 0:714293de3836 358 ctx->server_psk_cb = 0;
ashleymills 0:714293de3836 359 #endif /* NO_PSK */
ashleymills 0:714293de3836 360 #ifdef HAVE_ECC
ashleymills 0:714293de3836 361 ctx->eccTempKeySz = ECDHE_SIZE;
ashleymills 0:714293de3836 362 #endif
ashleymills 0:714293de3836 363
ashleymills 0:714293de3836 364 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 365 ctx->passwd_cb = 0;
ashleymills 0:714293de3836 366 ctx->userdata = 0;
ashleymills 0:714293de3836 367 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 368
ashleymills 0:714293de3836 369 ctx->timeout = DEFAULT_TIMEOUT;
ashleymills 0:714293de3836 370
ashleymills 0:714293de3836 371 #ifndef CYASSL_USER_IO
ashleymills 0:714293de3836 372 ctx->CBIORecv = EmbedReceive;
ashleymills 0:714293de3836 373 ctx->CBIOSend = EmbedSend;
ashleymills 0:714293de3836 374 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 375 if (method->version.major == DTLS_MAJOR) {
ashleymills 0:714293de3836 376 ctx->CBIORecv = EmbedReceiveFrom;
ashleymills 0:714293de3836 377 ctx->CBIOSend = EmbedSendTo;
ashleymills 0:714293de3836 378 ctx->CBIOCookie = EmbedGenerateCookie;
ashleymills 0:714293de3836 379 }
ashleymills 0:714293de3836 380 #endif
ashleymills 0:714293de3836 381 #else
ashleymills 0:714293de3836 382 /* user will set */
ashleymills 0:714293de3836 383 ctx->CBIORecv = NULL;
ashleymills 0:714293de3836 384 ctx->CBIOSend = NULL;
ashleymills 0:714293de3836 385 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 386 ctx->CBIOCookie = NULL;
ashleymills 0:714293de3836 387 #endif
ashleymills 0:714293de3836 388 #endif
ashleymills 0:714293de3836 389 ctx->partialWrite = 0;
ashleymills 0:714293de3836 390 ctx->verifyCallback = 0;
ashleymills 0:714293de3836 391
ashleymills 0:714293de3836 392 #ifndef NO_CERTS
ashleymills 0:714293de3836 393 ctx->cm = CyaSSL_CertManagerNew();
ashleymills 0:714293de3836 394 #endif
ashleymills 0:714293de3836 395 #ifdef HAVE_NTRU
ashleymills 0:714293de3836 396 if (method->side == CLIENT_END)
ashleymills 0:714293de3836 397 ctx->haveNTRU = 1; /* always on cliet side */
ashleymills 0:714293de3836 398 /* server can turn on by loading key */
ashleymills 0:714293de3836 399 #endif
ashleymills 0:714293de3836 400 #ifdef HAVE_ECC
ashleymills 0:714293de3836 401 if (method->side == CLIENT_END) {
ashleymills 0:714293de3836 402 ctx->haveECDSAsig = 1; /* always on cliet side */
ashleymills 0:714293de3836 403 ctx->haveStaticECC = 1; /* server can turn on by loading key */
ashleymills 0:714293de3836 404 }
ashleymills 0:714293de3836 405 #endif
ashleymills 0:714293de3836 406 ctx->suites.setSuites = 0; /* user hasn't set yet */
ashleymills 0:714293de3836 407 /* remove DH later if server didn't set, add psk later */
ashleymills 0:714293de3836 408 InitSuites(&ctx->suites, method->version, TRUE, FALSE, TRUE, ctx->haveNTRU,
ashleymills 0:714293de3836 409 ctx->haveECDSAsig, ctx->haveStaticECC, method->side);
ashleymills 0:714293de3836 410 ctx->verifyPeer = 0;
ashleymills 0:714293de3836 411 ctx->verifyNone = 0;
ashleymills 0:714293de3836 412 ctx->failNoCert = 0;
ashleymills 0:714293de3836 413 ctx->sessionCacheOff = 0; /* initially on */
ashleymills 0:714293de3836 414 ctx->sessionCacheFlushOff = 0; /* initially on */
ashleymills 0:714293de3836 415 ctx->sendVerify = 0;
ashleymills 0:714293de3836 416 ctx->quietShutdown = 0;
ashleymills 0:714293de3836 417 ctx->groupMessages = 0;
ashleymills 0:714293de3836 418 #ifdef HAVE_OCSP
ashleymills 0:714293de3836 419 CyaSSL_OCSP_Init(&ctx->ocsp);
ashleymills 0:714293de3836 420 #endif
ashleymills 0:714293de3836 421 #ifdef HAVE_CAVIUM
ashleymills 0:714293de3836 422 ctx->devId = NO_CAVIUM_DEVICE;
ashleymills 0:714293de3836 423 #endif
ashleymills 0:714293de3836 424 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 425 ctx->extensions = NULL;
ashleymills 0:714293de3836 426 #endif
ashleymills 0:714293de3836 427
ashleymills 0:714293de3836 428 if (InitMutex(&ctx->countMutex) < 0) {
ashleymills 0:714293de3836 429 CYASSL_MSG("Mutex error on CTX init");
ashleymills 0:714293de3836 430 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 431 }
ashleymills 0:714293de3836 432 #ifndef NO_CERTS
ashleymills 0:714293de3836 433 if (ctx->cm == NULL) {
ashleymills 0:714293de3836 434 CYASSL_MSG("Bad Cert Manager New");
ashleymills 0:714293de3836 435 return BAD_CERT_MANAGER_ERROR;
ashleymills 0:714293de3836 436 }
ashleymills 0:714293de3836 437 #endif
ashleymills 0:714293de3836 438 return 0;
ashleymills 0:714293de3836 439 }
ashleymills 0:714293de3836 440
ashleymills 0:714293de3836 441
ashleymills 0:714293de3836 442 /* In case contexts are held in array and don't want to free actual ctx */
ashleymills 0:714293de3836 443 void SSL_CtxResourceFree(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 444 {
ashleymills 0:714293de3836 445 XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
ashleymills 0:714293de3836 446
ashleymills 0:714293de3836 447 #ifndef NO_CERTS
ashleymills 0:714293de3836 448 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 449 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 450 XFREE(ctx->privateKey.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
ashleymills 0:714293de3836 451 XFREE(ctx->certificate.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
ashleymills 0:714293de3836 452 XFREE(ctx->certChain.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
ashleymills 0:714293de3836 453 CyaSSL_CertManagerFree(ctx->cm);
ashleymills 0:714293de3836 454 #endif
ashleymills 0:714293de3836 455 #ifdef HAVE_OCSP
ashleymills 0:714293de3836 456 CyaSSL_OCSP_Cleanup(&ctx->ocsp);
ashleymills 0:714293de3836 457 #endif
ashleymills 0:714293de3836 458 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 459 TLSX_FreeAll(ctx->extensions);
ashleymills 0:714293de3836 460 #endif
ashleymills 0:714293de3836 461 }
ashleymills 0:714293de3836 462
ashleymills 0:714293de3836 463
ashleymills 0:714293de3836 464 void FreeSSL_Ctx(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 465 {
ashleymills 0:714293de3836 466 int doFree = 0;
ashleymills 0:714293de3836 467
ashleymills 0:714293de3836 468 if (LockMutex(&ctx->countMutex) != 0) {
ashleymills 0:714293de3836 469 CYASSL_MSG("Couldn't lock count mutex");
ashleymills 0:714293de3836 470 return;
ashleymills 0:714293de3836 471 }
ashleymills 0:714293de3836 472 ctx->refCount--;
ashleymills 0:714293de3836 473 if (ctx->refCount == 0)
ashleymills 0:714293de3836 474 doFree = 1;
ashleymills 0:714293de3836 475 UnLockMutex(&ctx->countMutex);
ashleymills 0:714293de3836 476
ashleymills 0:714293de3836 477 if (doFree) {
ashleymills 0:714293de3836 478 CYASSL_MSG("CTX ref count down to 0, doing full free");
ashleymills 0:714293de3836 479 SSL_CtxResourceFree(ctx);
ashleymills 0:714293de3836 480 FreeMutex(&ctx->countMutex);
ashleymills 0:714293de3836 481 XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
ashleymills 0:714293de3836 482 }
ashleymills 0:714293de3836 483 else {
ashleymills 0:714293de3836 484 (void)ctx;
ashleymills 0:714293de3836 485 CYASSL_MSG("CTX ref count not 0 yet, no free");
ashleymills 0:714293de3836 486 }
ashleymills 0:714293de3836 487 }
ashleymills 0:714293de3836 488
ashleymills 0:714293de3836 489
ashleymills 0:714293de3836 490 /* Set cipher pointers to null */
ashleymills 0:714293de3836 491 void InitCiphers(CYASSL* ssl)
ashleymills 0:714293de3836 492 {
ashleymills 0:714293de3836 493 #ifdef BUILD_ARC4
ashleymills 0:714293de3836 494 ssl->encrypt.arc4 = NULL;
ashleymills 0:714293de3836 495 ssl->decrypt.arc4 = NULL;
ashleymills 0:714293de3836 496 #endif
ashleymills 0:714293de3836 497 #ifdef BUILD_DES3
ashleymills 0:714293de3836 498 ssl->encrypt.des3 = NULL;
ashleymills 0:714293de3836 499 ssl->decrypt.des3 = NULL;
ashleymills 0:714293de3836 500 #endif
ashleymills 0:714293de3836 501 #ifdef BUILD_AES
ashleymills 0:714293de3836 502 ssl->encrypt.aes = NULL;
ashleymills 0:714293de3836 503 ssl->decrypt.aes = NULL;
ashleymills 0:714293de3836 504 #endif
ashleymills 0:714293de3836 505 #ifdef HAVE_CAMELLIA
ashleymills 0:714293de3836 506 ssl->encrypt.cam = NULL;
ashleymills 0:714293de3836 507 ssl->decrypt.cam = NULL;
ashleymills 0:714293de3836 508 #endif
ashleymills 0:714293de3836 509 #ifdef HAVE_HC128
ashleymills 0:714293de3836 510 ssl->encrypt.hc128 = NULL;
ashleymills 0:714293de3836 511 ssl->decrypt.hc128 = NULL;
ashleymills 0:714293de3836 512 #endif
ashleymills 0:714293de3836 513 #ifdef BUILD_RABBIT
ashleymills 0:714293de3836 514 ssl->encrypt.rabbit = NULL;
ashleymills 0:714293de3836 515 ssl->decrypt.rabbit = NULL;
ashleymills 0:714293de3836 516 #endif
ashleymills 0:714293de3836 517 ssl->encrypt.setup = 0;
ashleymills 0:714293de3836 518 ssl->decrypt.setup = 0;
ashleymills 0:714293de3836 519 }
ashleymills 0:714293de3836 520
ashleymills 0:714293de3836 521
ashleymills 0:714293de3836 522 /* Free ciphers */
ashleymills 0:714293de3836 523 void FreeCiphers(CYASSL* ssl)
ashleymills 0:714293de3836 524 {
ashleymills 0:714293de3836 525 (void)ssl;
ashleymills 0:714293de3836 526 #ifdef BUILD_ARC4
ashleymills 0:714293de3836 527 #ifdef HAVE_CAVIUM
ashleymills 0:714293de3836 528 if (ssl->devId != NO_CAVIUM_DEVICE) {
ashleymills 0:714293de3836 529 Arc4FreeCavium(ssl->encrypt.arc4);
ashleymills 0:714293de3836 530 Arc4FreeCavium(ssl->decrypt.arc4);
ashleymills 0:714293de3836 531 }
ashleymills 0:714293de3836 532 #endif
ashleymills 0:714293de3836 533 XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 534 XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 535 #endif
ashleymills 0:714293de3836 536 #ifdef BUILD_DES3
ashleymills 0:714293de3836 537 #ifdef HAVE_CAVIUM
ashleymills 0:714293de3836 538 if (ssl->devId != NO_CAVIUM_DEVICE) {
ashleymills 0:714293de3836 539 Des3_FreeCavium(ssl->encrypt.des3);
ashleymills 0:714293de3836 540 Des3_FreeCavium(ssl->decrypt.des3);
ashleymills 0:714293de3836 541 }
ashleymills 0:714293de3836 542 #endif
ashleymills 0:714293de3836 543 XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 544 XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 545 #endif
ashleymills 0:714293de3836 546 #ifdef BUILD_AES
ashleymills 0:714293de3836 547 #ifdef HAVE_CAVIUM
ashleymills 0:714293de3836 548 if (ssl->devId != NO_CAVIUM_DEVICE) {
ashleymills 0:714293de3836 549 AesFreeCavium(ssl->encrypt.aes);
ashleymills 0:714293de3836 550 AesFreeCavium(ssl->decrypt.aes);
ashleymills 0:714293de3836 551 }
ashleymills 0:714293de3836 552 #endif
ashleymills 0:714293de3836 553 XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 554 XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 555 #endif
ashleymills 0:714293de3836 556 #ifdef BUILD_CAMELLIA
ashleymills 0:714293de3836 557 XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 558 XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 559 #endif
ashleymills 0:714293de3836 560 #ifdef HAVE_HC128
ashleymills 0:714293de3836 561 XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 562 XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 563 #endif
ashleymills 0:714293de3836 564 #ifdef BUILD_RABBIT
ashleymills 0:714293de3836 565 XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 566 XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
ashleymills 0:714293de3836 567 #endif
ashleymills 0:714293de3836 568 }
ashleymills 0:714293de3836 569
ashleymills 0:714293de3836 570
ashleymills 0:714293de3836 571 void InitCipherSpecs(CipherSpecs* cs)
ashleymills 0:714293de3836 572 {
ashleymills 0:714293de3836 573 cs->bulk_cipher_algorithm = INVALID_BYTE;
ashleymills 0:714293de3836 574 cs->cipher_type = INVALID_BYTE;
ashleymills 0:714293de3836 575 cs->mac_algorithm = INVALID_BYTE;
ashleymills 0:714293de3836 576 cs->kea = INVALID_BYTE;
ashleymills 0:714293de3836 577 cs->sig_algo = INVALID_BYTE;
ashleymills 0:714293de3836 578
ashleymills 0:714293de3836 579 cs->hash_size = 0;
ashleymills 0:714293de3836 580 cs->static_ecdh = 0;
ashleymills 0:714293de3836 581 cs->key_size = 0;
ashleymills 0:714293de3836 582 cs->iv_size = 0;
ashleymills 0:714293de3836 583 cs->block_size = 0;
ashleymills 0:714293de3836 584 }
ashleymills 0:714293de3836 585
ashleymills 0:714293de3836 586
ashleymills 0:714293de3836 587 void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
ashleymills 0:714293de3836 588 byte haveDH, byte haveNTRU, byte haveECDSAsig,
ashleymills 0:714293de3836 589 byte haveStaticECC, int side)
ashleymills 0:714293de3836 590 {
ashleymills 0:714293de3836 591 word16 idx = 0;
ashleymills 0:714293de3836 592 int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
ashleymills 0:714293de3836 593 int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
ashleymills 0:714293de3836 594 int haveRSAsig = 1;
ashleymills 0:714293de3836 595
ashleymills 0:714293de3836 596 (void)tls; /* shut up compiler */
ashleymills 0:714293de3836 597 (void)tls1_2;
ashleymills 0:714293de3836 598 (void)haveDH;
ashleymills 0:714293de3836 599 (void)havePSK;
ashleymills 0:714293de3836 600 (void)haveNTRU;
ashleymills 0:714293de3836 601 (void)haveStaticECC;
ashleymills 0:714293de3836 602
ashleymills 0:714293de3836 603 if (suites == NULL) {
ashleymills 0:714293de3836 604 CYASSL_MSG("InitSuites pointer error");
ashleymills 0:714293de3836 605 return;
ashleymills 0:714293de3836 606 }
ashleymills 0:714293de3836 607
ashleymills 0:714293de3836 608 if (suites->setSuites)
ashleymills 0:714293de3836 609 return; /* trust user settings, don't override */
ashleymills 0:714293de3836 610
ashleymills 0:714293de3836 611 if (side == SERVER_END && haveStaticECC)
ashleymills 0:714293de3836 612 haveRSA = 0; /* can't do RSA with ECDSA key */
ashleymills 0:714293de3836 613
ashleymills 0:714293de3836 614 if (side == SERVER_END && haveECDSAsig) {
ashleymills 0:714293de3836 615 haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
ashleymills 0:714293de3836 616 (void)haveRSAsig; /* non ecc builds won't read */
ashleymills 0:714293de3836 617 }
ashleymills 0:714293de3836 618
ashleymills 0:714293de3836 619 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 620 if (pv.major == DTLS_MAJOR) {
ashleymills 0:714293de3836 621 tls = 1;
ashleymills 0:714293de3836 622 tls1_2 = pv.minor <= DTLSv1_2_MINOR;
ashleymills 0:714293de3836 623 }
ashleymills 0:714293de3836 624 #endif
ashleymills 0:714293de3836 625
ashleymills 0:714293de3836 626 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 627 if (tls && haveNTRU && haveRSA) {
ashleymills 0:714293de3836 628 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 629 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
ashleymills 0:714293de3836 630 }
ashleymills 0:714293de3836 631 #endif
ashleymills 0:714293de3836 632
ashleymills 0:714293de3836 633 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 634 if (tls && haveNTRU && haveRSA) {
ashleymills 0:714293de3836 635 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 636 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
ashleymills 0:714293de3836 637 }
ashleymills 0:714293de3836 638 #endif
ashleymills 0:714293de3836 639
ashleymills 0:714293de3836 640 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 641 if (tls && haveNTRU && haveRSA) {
ashleymills 0:714293de3836 642 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 643 suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
ashleymills 0:714293de3836 644 }
ashleymills 0:714293de3836 645 #endif
ashleymills 0:714293de3836 646
ashleymills 0:714293de3836 647 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 648 if (tls && haveNTRU && haveRSA) {
ashleymills 0:714293de3836 649 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 650 suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
ashleymills 0:714293de3836 651 }
ashleymills 0:714293de3836 652 #endif
ashleymills 0:714293de3836 653
ashleymills 0:714293de3836 654 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 655 if (tls1_2 && haveRSAsig) {
ashleymills 0:714293de3836 656 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 657 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
ashleymills 0:714293de3836 658 }
ashleymills 0:714293de3836 659 #endif
ashleymills 0:714293de3836 660
ashleymills 0:714293de3836 661 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 662 if (tls1_2 && haveECDSAsig) {
ashleymills 0:714293de3836 663 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 664 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
ashleymills 0:714293de3836 665 }
ashleymills 0:714293de3836 666 #endif
ashleymills 0:714293de3836 667
ashleymills 0:714293de3836 668 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 669 if (tls1_2 && haveRSAsig && haveStaticECC) {
ashleymills 0:714293de3836 670 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 671 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
ashleymills 0:714293de3836 672 }
ashleymills 0:714293de3836 673 #endif
ashleymills 0:714293de3836 674
ashleymills 0:714293de3836 675 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 676 if (tls1_2 && haveECDSAsig && haveStaticECC) {
ashleymills 0:714293de3836 677 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 678 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
ashleymills 0:714293de3836 679 }
ashleymills 0:714293de3836 680 #endif
ashleymills 0:714293de3836 681
ashleymills 0:714293de3836 682 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 683 if (tls1_2 && haveRSAsig) {
ashleymills 0:714293de3836 684 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 685 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
ashleymills 0:714293de3836 686 }
ashleymills 0:714293de3836 687 #endif
ashleymills 0:714293de3836 688
ashleymills 0:714293de3836 689 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 690 if (tls1_2 && haveECDSAsig) {
ashleymills 0:714293de3836 691 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 692 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
ashleymills 0:714293de3836 693 }
ashleymills 0:714293de3836 694 #endif
ashleymills 0:714293de3836 695
ashleymills 0:714293de3836 696 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 697 if (tls1_2 && haveRSAsig && haveStaticECC) {
ashleymills 0:714293de3836 698 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 699 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
ashleymills 0:714293de3836 700 }
ashleymills 0:714293de3836 701 #endif
ashleymills 0:714293de3836 702
ashleymills 0:714293de3836 703 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 704 if (tls1_2 && haveECDSAsig && haveStaticECC) {
ashleymills 0:714293de3836 705 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 706 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
ashleymills 0:714293de3836 707 }
ashleymills 0:714293de3836 708 #endif
ashleymills 0:714293de3836 709
ashleymills 0:714293de3836 710 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 711 if (tls1_2 && haveECDSAsig) {
ashleymills 0:714293de3836 712 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 713 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
ashleymills 0:714293de3836 714 }
ashleymills 0:714293de3836 715 #endif
ashleymills 0:714293de3836 716
ashleymills 0:714293de3836 717 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 718 if (tls && haveECDSAsig) {
ashleymills 0:714293de3836 719 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 720 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
ashleymills 0:714293de3836 721 }
ashleymills 0:714293de3836 722 #endif
ashleymills 0:714293de3836 723
ashleymills 0:714293de3836 724 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 725 if (tls1_2 && haveECDSAsig && haveStaticECC) {
ashleymills 0:714293de3836 726 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 727 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
ashleymills 0:714293de3836 728 }
ashleymills 0:714293de3836 729 #endif
ashleymills 0:714293de3836 730
ashleymills 0:714293de3836 731 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 732 if (tls && haveECDSAsig && haveStaticECC) {
ashleymills 0:714293de3836 733 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 734 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
ashleymills 0:714293de3836 735 }
ashleymills 0:714293de3836 736 #endif
ashleymills 0:714293de3836 737
ashleymills 0:714293de3836 738 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 739 if (tls1_2 && haveECDSAsig) {
ashleymills 0:714293de3836 740 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 741 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
ashleymills 0:714293de3836 742 }
ashleymills 0:714293de3836 743 #endif
ashleymills 0:714293de3836 744
ashleymills 0:714293de3836 745 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 746 if (tls && haveECDSAsig) {
ashleymills 0:714293de3836 747 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 748 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
ashleymills 0:714293de3836 749 }
ashleymills 0:714293de3836 750 #endif
ashleymills 0:714293de3836 751
ashleymills 0:714293de3836 752 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 753 if (tls1_2 && haveECDSAsig && haveStaticECC) {
ashleymills 0:714293de3836 754 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 755 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
ashleymills 0:714293de3836 756 }
ashleymills 0:714293de3836 757 #endif
ashleymills 0:714293de3836 758
ashleymills 0:714293de3836 759 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 760 if (tls && haveECDSAsig && haveStaticECC) {
ashleymills 0:714293de3836 761 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 762 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
ashleymills 0:714293de3836 763 }
ashleymills 0:714293de3836 764 #endif
ashleymills 0:714293de3836 765
ashleymills 0:714293de3836 766 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 767 if (tls && haveECDSAsig) {
ashleymills 0:714293de3836 768 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 769 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
ashleymills 0:714293de3836 770 }
ashleymills 0:714293de3836 771 #endif
ashleymills 0:714293de3836 772
ashleymills 0:714293de3836 773 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 774 if (tls && haveECDSAsig && haveStaticECC) {
ashleymills 0:714293de3836 775 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 776 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
ashleymills 0:714293de3836 777 }
ashleymills 0:714293de3836 778 #endif
ashleymills 0:714293de3836 779
ashleymills 0:714293de3836 780 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 781 if (tls && haveECDSAsig) {
ashleymills 0:714293de3836 782 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 783 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
ashleymills 0:714293de3836 784 }
ashleymills 0:714293de3836 785 #endif
ashleymills 0:714293de3836 786
ashleymills 0:714293de3836 787 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 788 if (tls && haveECDSAsig && haveStaticECC) {
ashleymills 0:714293de3836 789 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 790 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
ashleymills 0:714293de3836 791 }
ashleymills 0:714293de3836 792 #endif
ashleymills 0:714293de3836 793
ashleymills 0:714293de3836 794 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 795 if (tls1_2 && haveRSA) {
ashleymills 0:714293de3836 796 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 797 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
ashleymills 0:714293de3836 798 }
ashleymills 0:714293de3836 799 #endif
ashleymills 0:714293de3836 800
ashleymills 0:714293de3836 801 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 802 if (tls && haveRSA) {
ashleymills 0:714293de3836 803 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 804 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
ashleymills 0:714293de3836 805 }
ashleymills 0:714293de3836 806 #endif
ashleymills 0:714293de3836 807
ashleymills 0:714293de3836 808 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 809 if (tls1_2 && haveRSAsig && haveStaticECC) {
ashleymills 0:714293de3836 810 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 811 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
ashleymills 0:714293de3836 812 }
ashleymills 0:714293de3836 813 #endif
ashleymills 0:714293de3836 814
ashleymills 0:714293de3836 815 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 816 if (tls && haveRSAsig && haveStaticECC) {
ashleymills 0:714293de3836 817 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 818 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
ashleymills 0:714293de3836 819 }
ashleymills 0:714293de3836 820 #endif
ashleymills 0:714293de3836 821
ashleymills 0:714293de3836 822 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 823 if (tls1_2 && haveRSA) {
ashleymills 0:714293de3836 824 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 825 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
ashleymills 0:714293de3836 826 }
ashleymills 0:714293de3836 827 #endif
ashleymills 0:714293de3836 828
ashleymills 0:714293de3836 829 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 830 if (tls && haveRSA) {
ashleymills 0:714293de3836 831 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 832 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
ashleymills 0:714293de3836 833 }
ashleymills 0:714293de3836 834 #endif
ashleymills 0:714293de3836 835
ashleymills 0:714293de3836 836 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 837 if (tls1_2 && haveRSAsig && haveStaticECC) {
ashleymills 0:714293de3836 838 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 839 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
ashleymills 0:714293de3836 840 }
ashleymills 0:714293de3836 841 #endif
ashleymills 0:714293de3836 842
ashleymills 0:714293de3836 843 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 844 if (tls && haveRSAsig && haveStaticECC) {
ashleymills 0:714293de3836 845 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 846 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
ashleymills 0:714293de3836 847 }
ashleymills 0:714293de3836 848 #endif
ashleymills 0:714293de3836 849
ashleymills 0:714293de3836 850 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 851 if (tls && haveRSA) {
ashleymills 0:714293de3836 852 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 853 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
ashleymills 0:714293de3836 854 }
ashleymills 0:714293de3836 855 #endif
ashleymills 0:714293de3836 856
ashleymills 0:714293de3836 857 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 858 if (tls && haveRSAsig && haveStaticECC) {
ashleymills 0:714293de3836 859 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 860 suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
ashleymills 0:714293de3836 861 }
ashleymills 0:714293de3836 862 #endif
ashleymills 0:714293de3836 863
ashleymills 0:714293de3836 864 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 865 if (tls && haveRSA) {
ashleymills 0:714293de3836 866 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 867 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
ashleymills 0:714293de3836 868 }
ashleymills 0:714293de3836 869 #endif
ashleymills 0:714293de3836 870
ashleymills 0:714293de3836 871 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 872 if (tls && haveRSAsig && haveStaticECC) {
ashleymills 0:714293de3836 873 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 874 suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
ashleymills 0:714293de3836 875 }
ashleymills 0:714293de3836 876 #endif
ashleymills 0:714293de3836 877
ashleymills 0:714293de3836 878 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 879 if (tls1_2 && haveDH && haveRSA) {
ashleymills 0:714293de3836 880 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 881 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
ashleymills 0:714293de3836 882 }
ashleymills 0:714293de3836 883 #endif
ashleymills 0:714293de3836 884
ashleymills 0:714293de3836 885 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
ashleymills 0:714293de3836 886 if (tls1_2 && haveECDSAsig) {
ashleymills 0:714293de3836 887 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 888 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
ashleymills 0:714293de3836 889 }
ashleymills 0:714293de3836 890 #endif
ashleymills 0:714293de3836 891
ashleymills 0:714293de3836 892 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
ashleymills 0:714293de3836 893 if (tls1_2 && haveECDSAsig) {
ashleymills 0:714293de3836 894 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 895 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
ashleymills 0:714293de3836 896 }
ashleymills 0:714293de3836 897 #endif
ashleymills 0:714293de3836 898
ashleymills 0:714293de3836 899 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
ashleymills 0:714293de3836 900 if (tls1_2 && haveRSA) {
ashleymills 0:714293de3836 901 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 902 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
ashleymills 0:714293de3836 903 }
ashleymills 0:714293de3836 904 #endif
ashleymills 0:714293de3836 905
ashleymills 0:714293de3836 906 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
ashleymills 0:714293de3836 907 if (tls1_2 && haveRSA) {
ashleymills 0:714293de3836 908 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 909 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
ashleymills 0:714293de3836 910 }
ashleymills 0:714293de3836 911 #endif
ashleymills 0:714293de3836 912
ashleymills 0:714293de3836 913 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:714293de3836 914 if (tls1_2 && haveDH && haveRSA) {
ashleymills 0:714293de3836 915 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 916 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
ashleymills 0:714293de3836 917 }
ashleymills 0:714293de3836 918 #endif
ashleymills 0:714293de3836 919
ashleymills 0:714293de3836 920 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 921 if (tls1_2 && haveDH && haveRSA) {
ashleymills 0:714293de3836 922 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 923 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
ashleymills 0:714293de3836 924 }
ashleymills 0:714293de3836 925 #endif
ashleymills 0:714293de3836 926
ashleymills 0:714293de3836 927 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 928 if (tls1_2 && haveDH && haveRSA) {
ashleymills 0:714293de3836 929 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 930 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
ashleymills 0:714293de3836 931 }
ashleymills 0:714293de3836 932 #endif
ashleymills 0:714293de3836 933
ashleymills 0:714293de3836 934 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 935 if (tls && haveDH && haveRSA) {
ashleymills 0:714293de3836 936 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 937 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
ashleymills 0:714293de3836 938 }
ashleymills 0:714293de3836 939 #endif
ashleymills 0:714293de3836 940
ashleymills 0:714293de3836 941 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 942 if (tls && haveDH && haveRSA) {
ashleymills 0:714293de3836 943 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 944 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
ashleymills 0:714293de3836 945 }
ashleymills 0:714293de3836 946 #endif
ashleymills 0:714293de3836 947
ashleymills 0:714293de3836 948 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 949 if (tls1_2 && haveRSA) {
ashleymills 0:714293de3836 950 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 951 suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384;
ashleymills 0:714293de3836 952 }
ashleymills 0:714293de3836 953 #endif
ashleymills 0:714293de3836 954
ashleymills 0:714293de3836 955 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:714293de3836 956 if (tls1_2 && haveRSA) {
ashleymills 0:714293de3836 957 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 958 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
ashleymills 0:714293de3836 959 }
ashleymills 0:714293de3836 960 #endif
ashleymills 0:714293de3836 961
ashleymills 0:714293de3836 962 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 963 if (tls1_2 && haveRSA) {
ashleymills 0:714293de3836 964 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 965 suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
ashleymills 0:714293de3836 966 }
ashleymills 0:714293de3836 967 #endif
ashleymills 0:714293de3836 968
ashleymills 0:714293de3836 969 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 970 if (tls1_2 && haveRSA) {
ashleymills 0:714293de3836 971 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 972 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
ashleymills 0:714293de3836 973 }
ashleymills 0:714293de3836 974 #endif
ashleymills 0:714293de3836 975
ashleymills 0:714293de3836 976 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 977 if (tls && haveRSA) {
ashleymills 0:714293de3836 978 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 979 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
ashleymills 0:714293de3836 980 }
ashleymills 0:714293de3836 981 #endif
ashleymills 0:714293de3836 982
ashleymills 0:714293de3836 983 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 984 if (tls && haveRSA) {
ashleymills 0:714293de3836 985 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 986 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
ashleymills 0:714293de3836 987 }
ashleymills 0:714293de3836 988 #endif
ashleymills 0:714293de3836 989
ashleymills 0:714293de3836 990 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
ashleymills 0:714293de3836 991 if (tls && haveRSA) {
ashleymills 0:714293de3836 992 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 993 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
ashleymills 0:714293de3836 994 }
ashleymills 0:714293de3836 995 #endif
ashleymills 0:714293de3836 996
ashleymills 0:714293de3836 997 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
ashleymills 0:714293de3836 998 if (tls && haveRSA) {
ashleymills 0:714293de3836 999 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1000 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
ashleymills 0:714293de3836 1001 }
ashleymills 0:714293de3836 1002 #endif
ashleymills 0:714293de3836 1003
ashleymills 0:714293de3836 1004 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 1005 if (tls && havePSK) {
ashleymills 0:714293de3836 1006 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1007 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
ashleymills 0:714293de3836 1008 }
ashleymills 0:714293de3836 1009 #endif
ashleymills 0:714293de3836 1010
ashleymills 0:714293de3836 1011 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 1012 if (tls && havePSK) {
ashleymills 0:714293de3836 1013 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1014 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
ashleymills 0:714293de3836 1015 }
ashleymills 0:714293de3836 1016 #endif
ashleymills 0:714293de3836 1017
ashleymills 0:714293de3836 1018 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 1019 if (tls && havePSK) {
ashleymills 0:714293de3836 1020 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1021 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
ashleymills 0:714293de3836 1022 }
ashleymills 0:714293de3836 1023 #endif
ashleymills 0:714293de3836 1024
ashleymills 0:714293de3836 1025 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
ashleymills 0:714293de3836 1026 if (tls && havePSK) {
ashleymills 0:714293de3836 1027 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 1028 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
ashleymills 0:714293de3836 1029 }
ashleymills 0:714293de3836 1030 #endif
ashleymills 0:714293de3836 1031
ashleymills 0:714293de3836 1032 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
ashleymills 0:714293de3836 1033 if (tls && havePSK) {
ashleymills 0:714293de3836 1034 suites->suites[idx++] = ECC_BYTE;
ashleymills 0:714293de3836 1035 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
ashleymills 0:714293de3836 1036 }
ashleymills 0:714293de3836 1037 #endif
ashleymills 0:714293de3836 1038
ashleymills 0:714293de3836 1039 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
ashleymills 0:714293de3836 1040 if (tls && havePSK) {
ashleymills 0:714293de3836 1041 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1042 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
ashleymills 0:714293de3836 1043 }
ashleymills 0:714293de3836 1044 #endif
ashleymills 0:714293de3836 1045
ashleymills 0:714293de3836 1046 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
ashleymills 0:714293de3836 1047 if (tls && havePSK) {
ashleymills 0:714293de3836 1048 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1049 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
ashleymills 0:714293de3836 1050 }
ashleymills 0:714293de3836 1051 #endif
ashleymills 0:714293de3836 1052
ashleymills 0:714293de3836 1053 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 1054 if (haveRSA ) {
ashleymills 0:714293de3836 1055 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1056 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
ashleymills 0:714293de3836 1057 }
ashleymills 0:714293de3836 1058 #endif
ashleymills 0:714293de3836 1059
ashleymills 0:714293de3836 1060 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
ashleymills 0:714293de3836 1061 if (haveRSA ) {
ashleymills 0:714293de3836 1062 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1063 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
ashleymills 0:714293de3836 1064 }
ashleymills 0:714293de3836 1065 #endif
ashleymills 0:714293de3836 1066
ashleymills 0:714293de3836 1067 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 1068 if (haveRSA ) {
ashleymills 0:714293de3836 1069 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1070 suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
ashleymills 0:714293de3836 1071 }
ashleymills 0:714293de3836 1072 #endif
ashleymills 0:714293de3836 1073
ashleymills 0:714293de3836 1074 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
ashleymills 0:714293de3836 1075 if (tls && haveRSA) {
ashleymills 0:714293de3836 1076 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1077 suites->suites[idx++] = TLS_RSA_WITH_HC_128_CBC_MD5;
ashleymills 0:714293de3836 1078 }
ashleymills 0:714293de3836 1079 #endif
ashleymills 0:714293de3836 1080
ashleymills 0:714293de3836 1081 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
ashleymills 0:714293de3836 1082 if (tls && haveRSA) {
ashleymills 0:714293de3836 1083 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1084 suites->suites[idx++] = TLS_RSA_WITH_HC_128_CBC_SHA;
ashleymills 0:714293de3836 1085 }
ashleymills 0:714293de3836 1086 #endif
ashleymills 0:714293de3836 1087
ashleymills 0:714293de3836 1088 #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
ashleymills 0:714293de3836 1089 if (tls && haveRSA) {
ashleymills 0:714293de3836 1090 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1091 suites->suites[idx++] = TLS_RSA_WITH_RABBIT_CBC_SHA;
ashleymills 0:714293de3836 1092 }
ashleymills 0:714293de3836 1093 #endif
ashleymills 0:714293de3836 1094
ashleymills 0:714293de3836 1095 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:714293de3836 1096 if (tls && haveRSA) {
ashleymills 0:714293de3836 1097 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1098 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
ashleymills 0:714293de3836 1099 }
ashleymills 0:714293de3836 1100 #endif
ashleymills 0:714293de3836 1101
ashleymills 0:714293de3836 1102 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:714293de3836 1103 if (tls && haveDH && haveRSA) {
ashleymills 0:714293de3836 1104 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1105 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
ashleymills 0:714293de3836 1106 }
ashleymills 0:714293de3836 1107 #endif
ashleymills 0:714293de3836 1108
ashleymills 0:714293de3836 1109 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
ashleymills 0:714293de3836 1110 if (tls && haveRSA) {
ashleymills 0:714293de3836 1111 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1112 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
ashleymills 0:714293de3836 1113 }
ashleymills 0:714293de3836 1114 #endif
ashleymills 0:714293de3836 1115
ashleymills 0:714293de3836 1116 #ifdef BUILD_TLS_DHE_WITH_RSA_CAMELLIA_256_CBC_SHA
ashleymills 0:714293de3836 1117 if (tls && haveDH && haveRSA) {
ashleymills 0:714293de3836 1118 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1119 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
ashleymills 0:714293de3836 1120 }
ashleymills 0:714293de3836 1121 #endif
ashleymills 0:714293de3836 1122
ashleymills 0:714293de3836 1123 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:714293de3836 1124 if (tls && haveRSA) {
ashleymills 0:714293de3836 1125 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1126 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
ashleymills 0:714293de3836 1127 }
ashleymills 0:714293de3836 1128 #endif
ashleymills 0:714293de3836 1129
ashleymills 0:714293de3836 1130 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:714293de3836 1131 if (tls && haveDH && haveRSA) {
ashleymills 0:714293de3836 1132 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1133 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
ashleymills 0:714293de3836 1134 }
ashleymills 0:714293de3836 1135 #endif
ashleymills 0:714293de3836 1136
ashleymills 0:714293de3836 1137 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:714293de3836 1138 if (tls && haveRSA) {
ashleymills 0:714293de3836 1139 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1140 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
ashleymills 0:714293de3836 1141 }
ashleymills 0:714293de3836 1142 #endif
ashleymills 0:714293de3836 1143
ashleymills 0:714293de3836 1144 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:714293de3836 1145 if (tls && haveDH && haveRSA) {
ashleymills 0:714293de3836 1146 suites->suites[idx++] = 0;
ashleymills 0:714293de3836 1147 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
ashleymills 0:714293de3836 1148 }
ashleymills 0:714293de3836 1149 #endif
ashleymills 0:714293de3836 1150
ashleymills 0:714293de3836 1151 suites->suiteSz = idx;
ashleymills 0:714293de3836 1152
ashleymills 0:714293de3836 1153 {
ashleymills 0:714293de3836 1154 idx = 0;
ashleymills 0:714293de3836 1155
ashleymills 0:714293de3836 1156 if (haveECDSAsig) {
ashleymills 0:714293de3836 1157 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 1158 suites->hashSigAlgo[idx++] = sha384_mac;
ashleymills 0:714293de3836 1159 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
ashleymills 0:714293de3836 1160 #endif
ashleymills 0:714293de3836 1161 #ifndef NO_SHA256
ashleymills 0:714293de3836 1162 suites->hashSigAlgo[idx++] = sha256_mac;
ashleymills 0:714293de3836 1163 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
ashleymills 0:714293de3836 1164 #endif
ashleymills 0:714293de3836 1165 #ifndef NO_SHA
ashleymills 0:714293de3836 1166 suites->hashSigAlgo[idx++] = sha_mac;
ashleymills 0:714293de3836 1167 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
ashleymills 0:714293de3836 1168 #endif
ashleymills 0:714293de3836 1169 }
ashleymills 0:714293de3836 1170
ashleymills 0:714293de3836 1171 if (haveRSAsig) {
ashleymills 0:714293de3836 1172 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 1173 suites->hashSigAlgo[idx++] = sha384_mac;
ashleymills 0:714293de3836 1174 suites->hashSigAlgo[idx++] = rsa_sa_algo;
ashleymills 0:714293de3836 1175 #endif
ashleymills 0:714293de3836 1176 #ifndef NO_SHA256
ashleymills 0:714293de3836 1177 suites->hashSigAlgo[idx++] = sha256_mac;
ashleymills 0:714293de3836 1178 suites->hashSigAlgo[idx++] = rsa_sa_algo;
ashleymills 0:714293de3836 1179 #endif
ashleymills 0:714293de3836 1180 #ifndef NO_SHA
ashleymills 0:714293de3836 1181 suites->hashSigAlgo[idx++] = sha_mac;
ashleymills 0:714293de3836 1182 suites->hashSigAlgo[idx++] = rsa_sa_algo;
ashleymills 0:714293de3836 1183 #endif
ashleymills 0:714293de3836 1184 }
ashleymills 0:714293de3836 1185
ashleymills 0:714293de3836 1186 suites->hashSigAlgoSz = idx;
ashleymills 0:714293de3836 1187 }
ashleymills 0:714293de3836 1188 }
ashleymills 0:714293de3836 1189
ashleymills 0:714293de3836 1190
ashleymills 0:714293de3836 1191 #ifndef NO_CERTS
ashleymills 0:714293de3836 1192
ashleymills 0:714293de3836 1193 /* Initialize CyaSSL X509 type */
ashleymills 0:714293de3836 1194 void InitX509(CYASSL_X509* x509, int dynamicFlag)
ashleymills 0:714293de3836 1195 {
ashleymills 0:714293de3836 1196 x509->derCert.buffer = NULL;
ashleymills 0:714293de3836 1197 x509->altNames = NULL;
ashleymills 0:714293de3836 1198 x509->altNamesNext = NULL;
ashleymills 0:714293de3836 1199 x509->dynamicMemory = (byte)dynamicFlag;
ashleymills 0:714293de3836 1200 }
ashleymills 0:714293de3836 1201
ashleymills 0:714293de3836 1202
ashleymills 0:714293de3836 1203 /* Free CyaSSL X509 type */
ashleymills 0:714293de3836 1204 void FreeX509(CYASSL_X509* x509)
ashleymills 0:714293de3836 1205 {
ashleymills 0:714293de3836 1206 if (x509 == NULL)
ashleymills 0:714293de3836 1207 return;
ashleymills 0:714293de3836 1208
ashleymills 0:714293de3836 1209 XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_CERT);
ashleymills 0:714293de3836 1210 if (x509->altNames)
ashleymills 0:714293de3836 1211 FreeAltNames(x509->altNames, NULL);
ashleymills 0:714293de3836 1212 if (x509->dynamicMemory)
ashleymills 0:714293de3836 1213 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
ashleymills 0:714293de3836 1214 }
ashleymills 0:714293de3836 1215
ashleymills 0:714293de3836 1216 #endif /* NO_CERTS */
ashleymills 0:714293de3836 1217
ashleymills 0:714293de3836 1218
ashleymills 0:714293de3836 1219 /* init everything to 0, NULL, default values before calling anything that may
ashleymills 0:714293de3836 1220 fail so that desctructor has a "good" state to cleanup */
ashleymills 0:714293de3836 1221 int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
ashleymills 0:714293de3836 1222 {
ashleymills 0:714293de3836 1223 int ret;
ashleymills 0:714293de3836 1224 byte haveRSA = 0;
ashleymills 0:714293de3836 1225 byte havePSK = 0;
ashleymills 0:714293de3836 1226
ashleymills 0:714293de3836 1227 ssl->ctx = ctx; /* only for passing to calls, options could change */
ashleymills 0:714293de3836 1228 ssl->version = ctx->method->version;
ashleymills 0:714293de3836 1229 ssl->suites = NULL;
ashleymills 0:714293de3836 1230
ashleymills 0:714293de3836 1231 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 1232 ssl->didStreamInit = 0;
ashleymills 0:714293de3836 1233 #endif
ashleymills 0:714293de3836 1234 #ifndef NO_RSA
ashleymills 0:714293de3836 1235 haveRSA = 1;
ashleymills 0:714293de3836 1236 #endif
ashleymills 0:714293de3836 1237
ashleymills 0:714293de3836 1238 #ifndef NO_CERTS
ashleymills 0:714293de3836 1239 ssl->buffers.certificate.buffer = 0;
ashleymills 0:714293de3836 1240 ssl->buffers.key.buffer = 0;
ashleymills 0:714293de3836 1241 ssl->buffers.certChain.buffer = 0;
ashleymills 0:714293de3836 1242 #endif
ashleymills 0:714293de3836 1243 ssl->buffers.inputBuffer.length = 0;
ashleymills 0:714293de3836 1244 ssl->buffers.inputBuffer.idx = 0;
ashleymills 0:714293de3836 1245 ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
ashleymills 0:714293de3836 1246 ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
ashleymills 0:714293de3836 1247 ssl->buffers.inputBuffer.dynamicFlag = 0;
ashleymills 0:714293de3836 1248 ssl->buffers.inputBuffer.offset = 0;
ashleymills 0:714293de3836 1249 ssl->buffers.outputBuffer.length = 0;
ashleymills 0:714293de3836 1250 ssl->buffers.outputBuffer.idx = 0;
ashleymills 0:714293de3836 1251 ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
ashleymills 0:714293de3836 1252 ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
ashleymills 0:714293de3836 1253 ssl->buffers.outputBuffer.dynamicFlag = 0;
ashleymills 0:714293de3836 1254 ssl->buffers.outputBuffer.offset = 0;
ashleymills 0:714293de3836 1255 ssl->buffers.domainName.buffer = 0;
ashleymills 0:714293de3836 1256 #ifndef NO_CERTS
ashleymills 0:714293de3836 1257 ssl->buffers.serverDH_P.buffer = 0;
ashleymills 0:714293de3836 1258 ssl->buffers.serverDH_G.buffer = 0;
ashleymills 0:714293de3836 1259 ssl->buffers.serverDH_Pub.buffer = 0;
ashleymills 0:714293de3836 1260 ssl->buffers.serverDH_Priv.buffer = 0;
ashleymills 0:714293de3836 1261 #endif
ashleymills 0:714293de3836 1262 ssl->buffers.clearOutputBuffer.buffer = 0;
ashleymills 0:714293de3836 1263 ssl->buffers.clearOutputBuffer.length = 0;
ashleymills 0:714293de3836 1264 ssl->buffers.prevSent = 0;
ashleymills 0:714293de3836 1265 ssl->buffers.plainSz = 0;
ashleymills 0:714293de3836 1266
ashleymills 0:714293de3836 1267 #ifdef KEEP_PEER_CERT
ashleymills 0:714293de3836 1268 InitX509(&ssl->peerCert, 0);
ashleymills 0:714293de3836 1269 #endif
ashleymills 0:714293de3836 1270
ashleymills 0:714293de3836 1271 #ifdef HAVE_ECC
ashleymills 0:714293de3836 1272 ssl->eccTempKeySz = ctx->eccTempKeySz;
ashleymills 0:714293de3836 1273 ssl->peerEccKeyPresent = 0;
ashleymills 0:714293de3836 1274 ssl->peerEccDsaKeyPresent = 0;
ashleymills 0:714293de3836 1275 ssl->eccDsaKeyPresent = 0;
ashleymills 0:714293de3836 1276 ssl->eccTempKeyPresent = 0;
ashleymills 0:714293de3836 1277 ssl->peerEccKey = NULL;
ashleymills 0:714293de3836 1278 ssl->peerEccDsaKey = NULL;
ashleymills 0:714293de3836 1279 ssl->eccDsaKey = NULL;
ashleymills 0:714293de3836 1280 ssl->eccTempKey = NULL;
ashleymills 0:714293de3836 1281 #endif
ashleymills 0:714293de3836 1282
ashleymills 0:714293de3836 1283 ssl->timeout = ctx->timeout;
ashleymills 0:714293de3836 1284 ssl->rfd = -1; /* set to invalid descriptor */
ashleymills 0:714293de3836 1285 ssl->wfd = -1;
ashleymills 0:714293de3836 1286 ssl->rflags = 0; /* no user flags yet */
ashleymills 0:714293de3836 1287 ssl->wflags = 0; /* no user flags yet */
ashleymills 0:714293de3836 1288 ssl->biord = 0;
ashleymills 0:714293de3836 1289 ssl->biowr = 0;
ashleymills 0:714293de3836 1290
ashleymills 0:714293de3836 1291 ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
ashleymills 0:714293de3836 1292 ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
ashleymills 0:714293de3836 1293 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 1294 ssl->IOCB_CookieCtx = NULL; /* we don't use for default cb */
ashleymills 0:714293de3836 1295 ssl->dtls_expected_rx = MAX_MTU;
ashleymills 0:714293de3836 1296 #endif
ashleymills 0:714293de3836 1297
ashleymills 0:714293de3836 1298 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 1299 #ifndef NO_MD5
ashleymills 0:714293de3836 1300 InitMd5(&ssl->hashMd5);
ashleymills 0:714293de3836 1301 #endif
ashleymills 0:714293de3836 1302 #ifndef NO_SHA
ashleymills 0:714293de3836 1303 InitSha(&ssl->hashSha);
ashleymills 0:714293de3836 1304 #endif
ashleymills 0:714293de3836 1305 #endif
ashleymills 0:714293de3836 1306 #ifndef NO_SHA256
ashleymills 0:714293de3836 1307 InitSha256(&ssl->hashSha256);
ashleymills 0:714293de3836 1308 #endif
ashleymills 0:714293de3836 1309 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 1310 InitSha384(&ssl->hashSha384);
ashleymills 0:714293de3836 1311 #endif
ashleymills 0:714293de3836 1312 #ifndef NO_RSA
ashleymills 0:714293de3836 1313 ssl->peerRsaKey = NULL;
ashleymills 0:714293de3836 1314 ssl->peerRsaKeyPresent = 0;
ashleymills 0:714293de3836 1315 #endif
ashleymills 0:714293de3836 1316 ssl->verifyCallback = ctx->verifyCallback;
ashleymills 0:714293de3836 1317 ssl->verifyCbCtx = NULL;
ashleymills 0:714293de3836 1318 ssl->options.side = ctx->method->side;
ashleymills 0:714293de3836 1319 ssl->options.downgrade = ctx->method->downgrade;
ashleymills 0:714293de3836 1320 ssl->error = 0;
ashleymills 0:714293de3836 1321 ssl->options.connReset = 0;
ashleymills 0:714293de3836 1322 ssl->options.isClosed = 0;
ashleymills 0:714293de3836 1323 ssl->options.closeNotify = 0;
ashleymills 0:714293de3836 1324 ssl->options.sentNotify = 0;
ashleymills 0:714293de3836 1325 ssl->options.usingCompression = 0;
ashleymills 0:714293de3836 1326 if (ssl->options.side == SERVER_END)
ashleymills 0:714293de3836 1327 ssl->options.haveDH = ctx->haveDH;
ashleymills 0:714293de3836 1328 else
ashleymills 0:714293de3836 1329 ssl->options.haveDH = 0;
ashleymills 0:714293de3836 1330 ssl->options.haveNTRU = ctx->haveNTRU;
ashleymills 0:714293de3836 1331 ssl->options.haveECDSAsig = ctx->haveECDSAsig;
ashleymills 0:714293de3836 1332 ssl->options.haveStaticECC = ctx->haveStaticECC;
ashleymills 0:714293de3836 1333 ssl->options.havePeerCert = 0;
ashleymills 0:714293de3836 1334 ssl->options.havePeerVerify = 0;
ashleymills 0:714293de3836 1335 ssl->options.usingPSK_cipher = 0;
ashleymills 0:714293de3836 1336 ssl->options.sendAlertState = 0;
ashleymills 0:714293de3836 1337 #ifndef NO_PSK
ashleymills 0:714293de3836 1338 havePSK = ctx->havePSK;
ashleymills 0:714293de3836 1339 ssl->options.havePSK = ctx->havePSK;
ashleymills 0:714293de3836 1340 ssl->options.client_psk_cb = ctx->client_psk_cb;
ashleymills 0:714293de3836 1341 ssl->options.server_psk_cb = ctx->server_psk_cb;
ashleymills 0:714293de3836 1342 #endif /* NO_PSK */
ashleymills 0:714293de3836 1343
ashleymills 0:714293de3836 1344 ssl->options.serverState = NULL_STATE;
ashleymills 0:714293de3836 1345 ssl->options.clientState = NULL_STATE;
ashleymills 0:714293de3836 1346 ssl->options.connectState = CONNECT_BEGIN;
ashleymills 0:714293de3836 1347 ssl->options.acceptState = ACCEPT_BEGIN;
ashleymills 0:714293de3836 1348 ssl->options.handShakeState = NULL_STATE;
ashleymills 0:714293de3836 1349 ssl->options.processReply = doProcessInit;
ashleymills 0:714293de3836 1350
ashleymills 0:714293de3836 1351 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 1352 ssl->keys.dtls_sequence_number = 0;
ashleymills 0:714293de3836 1353 ssl->keys.dtls_peer_sequence_number = 0;
ashleymills 0:714293de3836 1354 ssl->keys.dtls_expected_peer_sequence_number = 0;
ashleymills 0:714293de3836 1355 ssl->keys.dtls_handshake_number = 0;
ashleymills 0:714293de3836 1356 ssl->keys.dtls_expected_peer_handshake_number = 0;
ashleymills 0:714293de3836 1357 ssl->keys.dtls_epoch = 0;
ashleymills 0:714293de3836 1358 ssl->keys.dtls_peer_epoch = 0;
ashleymills 0:714293de3836 1359 ssl->keys.dtls_expected_peer_epoch = 0;
ashleymills 0:714293de3836 1360 ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
ashleymills 0:714293de3836 1361 ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
ashleymills 0:714293de3836 1362 ssl->dtls_timeout = ssl->dtls_timeout_init;
ashleymills 0:714293de3836 1363 ssl->dtls_pool = NULL;
ashleymills 0:714293de3836 1364 ssl->dtls_msg_list = NULL;
ashleymills 0:714293de3836 1365 #endif
ashleymills 0:714293de3836 1366 ssl->keys.encryptSz = 0;
ashleymills 0:714293de3836 1367 ssl->keys.encryptionOn = 0; /* initially off */
ashleymills 0:714293de3836 1368 ssl->keys.decryptedCur = 0; /* initially off */
ashleymills 0:714293de3836 1369 ssl->options.sessionCacheOff = ctx->sessionCacheOff;
ashleymills 0:714293de3836 1370 ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
ashleymills 0:714293de3836 1371
ashleymills 0:714293de3836 1372 ssl->options.verifyPeer = ctx->verifyPeer;
ashleymills 0:714293de3836 1373 ssl->options.verifyNone = ctx->verifyNone;
ashleymills 0:714293de3836 1374 ssl->options.failNoCert = ctx->failNoCert;
ashleymills 0:714293de3836 1375 ssl->options.sendVerify = ctx->sendVerify;
ashleymills 0:714293de3836 1376
ashleymills 0:714293de3836 1377 ssl->options.resuming = 0;
ashleymills 0:714293de3836 1378 ssl->options.haveSessionId = 0;
ashleymills 0:714293de3836 1379 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 1380 ssl->hmac = Hmac; /* default to SSLv3 */
ashleymills 0:714293de3836 1381 #else
ashleymills 0:714293de3836 1382 ssl->hmac = TLS_hmac;
ashleymills 0:714293de3836 1383 #endif
ashleymills 0:714293de3836 1384 ssl->heap = ctx->heap; /* defaults to self */
ashleymills 0:714293de3836 1385 ssl->options.tls = 0;
ashleymills 0:714293de3836 1386 ssl->options.tls1_1 = 0;
ashleymills 0:714293de3836 1387 ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
ashleymills 0:714293de3836 1388 ssl->options.partialWrite = ctx->partialWrite;
ashleymills 0:714293de3836 1389 ssl->options.quietShutdown = ctx->quietShutdown;
ashleymills 0:714293de3836 1390 ssl->options.certOnly = 0;
ashleymills 0:714293de3836 1391 ssl->options.groupMessages = ctx->groupMessages;
ashleymills 0:714293de3836 1392 ssl->options.usingNonblock = 0;
ashleymills 0:714293de3836 1393 ssl->options.saveArrays = 0;
ashleymills 0:714293de3836 1394
ashleymills 0:714293de3836 1395 #ifndef NO_CERTS
ashleymills 0:714293de3836 1396 /* ctx still owns certificate, certChain, key, dh, and cm */
ashleymills 0:714293de3836 1397 ssl->buffers.certificate = ctx->certificate;
ashleymills 0:714293de3836 1398 ssl->buffers.certChain = ctx->certChain;
ashleymills 0:714293de3836 1399 ssl->buffers.key = ctx->privateKey;
ashleymills 0:714293de3836 1400 if (ssl->options.side == SERVER_END) {
ashleymills 0:714293de3836 1401 ssl->buffers.serverDH_P = ctx->serverDH_P;
ashleymills 0:714293de3836 1402 ssl->buffers.serverDH_G = ctx->serverDH_G;
ashleymills 0:714293de3836 1403 }
ashleymills 0:714293de3836 1404 #endif
ashleymills 0:714293de3836 1405 ssl->buffers.weOwnCert = 0;
ashleymills 0:714293de3836 1406 ssl->buffers.weOwnKey = 0;
ashleymills 0:714293de3836 1407 ssl->buffers.weOwnDH = 0;
ashleymills 0:714293de3836 1408
ashleymills 0:714293de3836 1409 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 1410 ssl->buffers.dtlsCtx.fd = -1;
ashleymills 0:714293de3836 1411 ssl->buffers.dtlsCtx.peer.sa = NULL;
ashleymills 0:714293de3836 1412 ssl->buffers.dtlsCtx.peer.sz = 0;
ashleymills 0:714293de3836 1413 #endif
ashleymills 0:714293de3836 1414
ashleymills 0:714293de3836 1415 #ifdef KEEP_PEER_CERT
ashleymills 0:714293de3836 1416 ssl->peerCert.issuer.sz = 0;
ashleymills 0:714293de3836 1417 ssl->peerCert.subject.sz = 0;
ashleymills 0:714293de3836 1418 #endif
ashleymills 0:714293de3836 1419
ashleymills 0:714293de3836 1420 #ifdef SESSION_CERTS
ashleymills 0:714293de3836 1421 ssl->session.chain.count = 0;
ashleymills 0:714293de3836 1422 #endif
ashleymills 0:714293de3836 1423
ashleymills 0:714293de3836 1424 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 1425 ssl->session.idLen = 0;
ashleymills 0:714293de3836 1426 #endif
ashleymills 0:714293de3836 1427
ashleymills 0:714293de3836 1428 ssl->cipher.ssl = ssl;
ashleymills 0:714293de3836 1429
ashleymills 0:714293de3836 1430 #ifdef FORTRESS
ashleymills 0:714293de3836 1431 ssl->ex_data[0] = 0;
ashleymills 0:714293de3836 1432 ssl->ex_data[1] = 0;
ashleymills 0:714293de3836 1433 ssl->ex_data[2] = 0;
ashleymills 0:714293de3836 1434 #endif
ashleymills 0:714293de3836 1435
ashleymills 0:714293de3836 1436 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 1437 ssl->hsInfoOn = 0;
ashleymills 0:714293de3836 1438 ssl->toInfoOn = 0;
ashleymills 0:714293de3836 1439 #endif
ashleymills 0:714293de3836 1440
ashleymills 0:714293de3836 1441 #ifdef HAVE_CAVIUM
ashleymills 0:714293de3836 1442 ssl->devId = ctx->devId;
ashleymills 0:714293de3836 1443 #endif
ashleymills 0:714293de3836 1444
ashleymills 0:714293de3836 1445 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 1446 ssl->extensions = NULL;
ashleymills 0:714293de3836 1447 #endif
ashleymills 0:714293de3836 1448
ashleymills 0:714293de3836 1449 ssl->rng = NULL;
ashleymills 0:714293de3836 1450 ssl->arrays = NULL;
ashleymills 0:714293de3836 1451
ashleymills 0:714293de3836 1452 /* default alert state (none) */
ashleymills 0:714293de3836 1453 ssl->alert_history.last_rx.code = -1;
ashleymills 0:714293de3836 1454 ssl->alert_history.last_rx.level = -1;
ashleymills 0:714293de3836 1455 ssl->alert_history.last_tx.code = -1;
ashleymills 0:714293de3836 1456 ssl->alert_history.last_tx.level = -1;
ashleymills 0:714293de3836 1457
ashleymills 0:714293de3836 1458 InitCiphers(ssl);
ashleymills 0:714293de3836 1459 InitCipherSpecs(&ssl->specs);
ashleymills 0:714293de3836 1460 /* all done with init, now can return errors, call other stuff */
ashleymills 0:714293de3836 1461
ashleymills 0:714293de3836 1462 /* increment CTX reference count */
ashleymills 0:714293de3836 1463 if (LockMutex(&ctx->countMutex) != 0) {
ashleymills 0:714293de3836 1464 CYASSL_MSG("Couldn't lock CTX count mutex");
ashleymills 0:714293de3836 1465 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 1466 }
ashleymills 0:714293de3836 1467 ctx->refCount++;
ashleymills 0:714293de3836 1468 UnLockMutex(&ctx->countMutex);
ashleymills 0:714293de3836 1469
ashleymills 0:714293de3836 1470 /* arrays */
ashleymills 0:714293de3836 1471 ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
ashleymills 0:714293de3836 1472 DYNAMIC_TYPE_ARRAYS);
ashleymills 0:714293de3836 1473 if (ssl->arrays == NULL) {
ashleymills 0:714293de3836 1474 CYASSL_MSG("Arrays Memory error");
ashleymills 0:714293de3836 1475 return MEMORY_E;
ashleymills 0:714293de3836 1476 }
ashleymills 0:714293de3836 1477
ashleymills 0:714293de3836 1478 #ifndef NO_PSK
ashleymills 0:714293de3836 1479 ssl->arrays->client_identity[0] = 0;
ashleymills 0:714293de3836 1480 if (ctx->server_hint[0]) { /* set in CTX */
ashleymills 0:714293de3836 1481 XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint, MAX_PSK_ID_LEN);
ashleymills 0:714293de3836 1482 ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
ashleymills 0:714293de3836 1483 }
ashleymills 0:714293de3836 1484 else
ashleymills 0:714293de3836 1485 ssl->arrays->server_hint[0] = 0;
ashleymills 0:714293de3836 1486 #endif /* NO_PSK */
ashleymills 0:714293de3836 1487
ashleymills 0:714293de3836 1488 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 1489 ssl->arrays->cookieSz = 0;
ashleymills 0:714293de3836 1490 #endif
ashleymills 0:714293de3836 1491
ashleymills 0:714293de3836 1492 /* RNG */
ashleymills 0:714293de3836 1493 ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG);
ashleymills 0:714293de3836 1494 if (ssl->rng == NULL) {
ashleymills 0:714293de3836 1495 CYASSL_MSG("RNG Memory error");
ashleymills 0:714293de3836 1496 return MEMORY_E;
ashleymills 0:714293de3836 1497 }
ashleymills 0:714293de3836 1498
ashleymills 0:714293de3836 1499 if ( (ret = InitRng(ssl->rng)) != 0) {
ashleymills 0:714293de3836 1500 CYASSL_MSG("RNG Init error");
ashleymills 0:714293de3836 1501 return ret;
ashleymills 0:714293de3836 1502 }
ashleymills 0:714293de3836 1503
ashleymills 0:714293de3836 1504 /* suites */
ashleymills 0:714293de3836 1505 ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
ashleymills 0:714293de3836 1506 DYNAMIC_TYPE_SUITES);
ashleymills 0:714293de3836 1507 if (ssl->suites == NULL) {
ashleymills 0:714293de3836 1508 CYASSL_MSG("Suites Memory error");
ashleymills 0:714293de3836 1509 return MEMORY_E;
ashleymills 0:714293de3836 1510 }
ashleymills 0:714293de3836 1511 *ssl->suites = ctx->suites;
ashleymills 0:714293de3836 1512
ashleymills 0:714293de3836 1513 /* peer key */
ashleymills 0:714293de3836 1514 #ifndef NO_RSA
ashleymills 0:714293de3836 1515 ssl->peerRsaKey = (RsaKey*)XMALLOC(sizeof(RsaKey), ssl->heap,
ashleymills 0:714293de3836 1516 DYNAMIC_TYPE_RSA);
ashleymills 0:714293de3836 1517 if (ssl->peerRsaKey == NULL) {
ashleymills 0:714293de3836 1518 CYASSL_MSG("PeerRsaKey Memory error");
ashleymills 0:714293de3836 1519 return MEMORY_E;
ashleymills 0:714293de3836 1520 }
ashleymills 0:714293de3836 1521 InitRsaKey(ssl->peerRsaKey, ctx->heap);
ashleymills 0:714293de3836 1522 #endif
ashleymills 0:714293de3836 1523 #ifndef NO_CERTS
ashleymills 0:714293de3836 1524 /* make sure server has cert and key unless using PSK */
ashleymills 0:714293de3836 1525 if (ssl->options.side == SERVER_END && !havePSK)
ashleymills 0:714293de3836 1526 if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) {
ashleymills 0:714293de3836 1527 CYASSL_MSG("Server missing certificate and/or private key");
ashleymills 0:714293de3836 1528 return NO_PRIVATE_KEY;
ashleymills 0:714293de3836 1529 }
ashleymills 0:714293de3836 1530 #endif
ashleymills 0:714293de3836 1531 #ifdef HAVE_ECC
ashleymills 0:714293de3836 1532 ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
ashleymills 0:714293de3836 1533 ctx->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1534 if (ssl->peerEccKey == NULL) {
ashleymills 0:714293de3836 1535 CYASSL_MSG("PeerEccKey Memory error");
ashleymills 0:714293de3836 1536 return MEMORY_E;
ashleymills 0:714293de3836 1537 }
ashleymills 0:714293de3836 1538 ssl->peerEccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
ashleymills 0:714293de3836 1539 ctx->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1540 if (ssl->peerEccDsaKey == NULL) {
ashleymills 0:714293de3836 1541 CYASSL_MSG("PeerEccDsaKey Memory error");
ashleymills 0:714293de3836 1542 return MEMORY_E;
ashleymills 0:714293de3836 1543 }
ashleymills 0:714293de3836 1544 ssl->eccDsaKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
ashleymills 0:714293de3836 1545 ctx->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1546 if (ssl->eccDsaKey == NULL) {
ashleymills 0:714293de3836 1547 CYASSL_MSG("EccDsaKey Memory error");
ashleymills 0:714293de3836 1548 return MEMORY_E;
ashleymills 0:714293de3836 1549 }
ashleymills 0:714293de3836 1550 ssl->eccTempKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
ashleymills 0:714293de3836 1551 ctx->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1552 if (ssl->eccTempKey == NULL) {
ashleymills 0:714293de3836 1553 CYASSL_MSG("EccTempKey Memory error");
ashleymills 0:714293de3836 1554 return MEMORY_E;
ashleymills 0:714293de3836 1555 }
ashleymills 0:714293de3836 1556 ecc_init(ssl->peerEccKey);
ashleymills 0:714293de3836 1557 ecc_init(ssl->peerEccDsaKey);
ashleymills 0:714293de3836 1558 ecc_init(ssl->eccDsaKey);
ashleymills 0:714293de3836 1559 ecc_init(ssl->eccTempKey);
ashleymills 0:714293de3836 1560 #endif
ashleymills 0:714293de3836 1561
ashleymills 0:714293de3836 1562 /* make sure server has DH parms, and add PSK if there, add NTRU too */
ashleymills 0:714293de3836 1563 if (ssl->options.side == SERVER_END)
ashleymills 0:714293de3836 1564 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
ashleymills 0:714293de3836 1565 ssl->options.haveDH, ssl->options.haveNTRU,
ashleymills 0:714293de3836 1566 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ashleymills 0:714293de3836 1567 ssl->options.side);
ashleymills 0:714293de3836 1568 else
ashleymills 0:714293de3836 1569 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, TRUE,
ashleymills 0:714293de3836 1570 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
ashleymills 0:714293de3836 1571 ssl->options.haveStaticECC, ssl->options.side);
ashleymills 0:714293de3836 1572
ashleymills 0:714293de3836 1573 return 0;
ashleymills 0:714293de3836 1574 }
ashleymills 0:714293de3836 1575
ashleymills 0:714293de3836 1576
ashleymills 0:714293de3836 1577 /* free use of temporary arrays */
ashleymills 0:714293de3836 1578 void FreeArrays(CYASSL* ssl, int keep)
ashleymills 0:714293de3836 1579 {
ashleymills 0:714293de3836 1580 if (ssl->arrays && keep) {
ashleymills 0:714293de3836 1581 /* keeps session id for user retrieval */
ashleymills 0:714293de3836 1582 XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN);
ashleymills 0:714293de3836 1583 }
ashleymills 0:714293de3836 1584 XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS);
ashleymills 0:714293de3836 1585 ssl->arrays = NULL;
ashleymills 0:714293de3836 1586 }
ashleymills 0:714293de3836 1587
ashleymills 0:714293de3836 1588
ashleymills 0:714293de3836 1589 /* In case holding SSL object in array and don't want to free actual ssl */
ashleymills 0:714293de3836 1590 void SSL_ResourceFree(CYASSL* ssl)
ashleymills 0:714293de3836 1591 {
ashleymills 0:714293de3836 1592 FreeCiphers(ssl);
ashleymills 0:714293de3836 1593 FreeArrays(ssl, 0);
ashleymills 0:714293de3836 1594 XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
ashleymills 0:714293de3836 1595 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
ashleymills 0:714293de3836 1596 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
ashleymills 0:714293de3836 1597
ashleymills 0:714293de3836 1598 #ifndef NO_CERTS
ashleymills 0:714293de3836 1599 XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 1600 XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 1601 /* parameters (p,g) may be owned by ctx */
ashleymills 0:714293de3836 1602 if (ssl->buffers.weOwnDH || ssl->options.side == CLIENT_END) {
ashleymills 0:714293de3836 1603 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 1604 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 1605 }
ashleymills 0:714293de3836 1606
ashleymills 0:714293de3836 1607 /* CYASSL_CTX always owns certChain */
ashleymills 0:714293de3836 1608 if (ssl->buffers.weOwnCert)
ashleymills 0:714293de3836 1609 XFREE(ssl->buffers.certificate.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
ashleymills 0:714293de3836 1610 if (ssl->buffers.weOwnKey)
ashleymills 0:714293de3836 1611 XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
ashleymills 0:714293de3836 1612 #endif
ashleymills 0:714293de3836 1613 #ifndef NO_RSA
ashleymills 0:714293de3836 1614 if (ssl->peerRsaKey) {
ashleymills 0:714293de3836 1615 FreeRsaKey(ssl->peerRsaKey);
ashleymills 0:714293de3836 1616 XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
ashleymills 0:714293de3836 1617 }
ashleymills 0:714293de3836 1618 #endif
ashleymills 0:714293de3836 1619 if (ssl->buffers.inputBuffer.dynamicFlag)
ashleymills 0:714293de3836 1620 ShrinkInputBuffer(ssl, FORCED_FREE);
ashleymills 0:714293de3836 1621 if (ssl->buffers.outputBuffer.dynamicFlag)
ashleymills 0:714293de3836 1622 ShrinkOutputBuffer(ssl);
ashleymills 0:714293de3836 1623 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 1624 if (ssl->dtls_pool != NULL) {
ashleymills 0:714293de3836 1625 DtlsPoolReset(ssl);
ashleymills 0:714293de3836 1626 XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_NONE);
ashleymills 0:714293de3836 1627 }
ashleymills 0:714293de3836 1628 if (ssl->dtls_msg_list != NULL) {
ashleymills 0:714293de3836 1629 DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
ashleymills 0:714293de3836 1630 ssl->dtls_msg_list = NULL;
ashleymills 0:714293de3836 1631 }
ashleymills 0:714293de3836 1632 XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
ashleymills 0:714293de3836 1633 ssl->buffers.dtlsCtx.peer.sa = NULL;
ashleymills 0:714293de3836 1634 #endif
ashleymills 0:714293de3836 1635 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
ashleymills 0:714293de3836 1636 FreeX509(&ssl->peerCert);
ashleymills 0:714293de3836 1637 #endif
ashleymills 0:714293de3836 1638 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
ashleymills 0:714293de3836 1639 CyaSSL_BIO_free(ssl->biord);
ashleymills 0:714293de3836 1640 if (ssl->biord != ssl->biowr) /* in case same as write */
ashleymills 0:714293de3836 1641 CyaSSL_BIO_free(ssl->biowr);
ashleymills 0:714293de3836 1642 #endif
ashleymills 0:714293de3836 1643 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 1644 FreeStreams(ssl);
ashleymills 0:714293de3836 1645 #endif
ashleymills 0:714293de3836 1646 #ifdef HAVE_ECC
ashleymills 0:714293de3836 1647 if (ssl->peerEccKey) {
ashleymills 0:714293de3836 1648 if (ssl->peerEccKeyPresent)
ashleymills 0:714293de3836 1649 ecc_free(ssl->peerEccKey);
ashleymills 0:714293de3836 1650 XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1651 }
ashleymills 0:714293de3836 1652 if (ssl->peerEccDsaKey) {
ashleymills 0:714293de3836 1653 if (ssl->peerEccDsaKeyPresent)
ashleymills 0:714293de3836 1654 ecc_free(ssl->peerEccDsaKey);
ashleymills 0:714293de3836 1655 XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1656 }
ashleymills 0:714293de3836 1657 if (ssl->eccTempKey) {
ashleymills 0:714293de3836 1658 if (ssl->eccTempKeyPresent)
ashleymills 0:714293de3836 1659 ecc_free(ssl->eccTempKey);
ashleymills 0:714293de3836 1660 XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1661 }
ashleymills 0:714293de3836 1662 if (ssl->eccDsaKey) {
ashleymills 0:714293de3836 1663 if (ssl->eccDsaKeyPresent)
ashleymills 0:714293de3836 1664 ecc_free(ssl->eccDsaKey);
ashleymills 0:714293de3836 1665 XFREE(ssl->eccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1666 }
ashleymills 0:714293de3836 1667 #endif
ashleymills 0:714293de3836 1668 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 1669 TLSX_FreeAll(ssl->extensions);
ashleymills 0:714293de3836 1670 #endif
ashleymills 0:714293de3836 1671 }
ashleymills 0:714293de3836 1672
ashleymills 0:714293de3836 1673
ashleymills 0:714293de3836 1674 /* Free any handshake resources no longer needed */
ashleymills 0:714293de3836 1675 void FreeHandshakeResources(CYASSL* ssl)
ashleymills 0:714293de3836 1676 {
ashleymills 0:714293de3836 1677 /* input buffer */
ashleymills 0:714293de3836 1678 if (ssl->buffers.inputBuffer.dynamicFlag)
ashleymills 0:714293de3836 1679 ShrinkInputBuffer(ssl, NO_FORCED_FREE);
ashleymills 0:714293de3836 1680
ashleymills 0:714293de3836 1681 /* suites */
ashleymills 0:714293de3836 1682 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
ashleymills 0:714293de3836 1683 ssl->suites = NULL;
ashleymills 0:714293de3836 1684
ashleymills 0:714293de3836 1685 /* RNG */
ashleymills 0:714293de3836 1686 if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) {
ashleymills 0:714293de3836 1687 XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
ashleymills 0:714293de3836 1688 ssl->rng = NULL;
ashleymills 0:714293de3836 1689 }
ashleymills 0:714293de3836 1690
ashleymills 0:714293de3836 1691 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 1692 /* DTLS_POOL */
ashleymills 0:714293de3836 1693 if (ssl->options.dtls && ssl->dtls_pool != NULL) {
ashleymills 0:714293de3836 1694 DtlsPoolReset(ssl);
ashleymills 0:714293de3836 1695 XFREE(ssl->dtls_pool, ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
ashleymills 0:714293de3836 1696 ssl->dtls_pool = NULL;
ashleymills 0:714293de3836 1697 }
ashleymills 0:714293de3836 1698 #endif
ashleymills 0:714293de3836 1699
ashleymills 0:714293de3836 1700 /* arrays */
ashleymills 0:714293de3836 1701 if (ssl->options.saveArrays)
ashleymills 0:714293de3836 1702 FreeArrays(ssl, 1);
ashleymills 0:714293de3836 1703
ashleymills 0:714293de3836 1704 #ifndef NO_RSA
ashleymills 0:714293de3836 1705 /* peerRsaKey */
ashleymills 0:714293de3836 1706 if (ssl->peerRsaKey) {
ashleymills 0:714293de3836 1707 FreeRsaKey(ssl->peerRsaKey);
ashleymills 0:714293de3836 1708 XFREE(ssl->peerRsaKey, ssl->heap, DYNAMIC_TYPE_RSA);
ashleymills 0:714293de3836 1709 ssl->peerRsaKey = NULL;
ashleymills 0:714293de3836 1710 }
ashleymills 0:714293de3836 1711 #endif
ashleymills 0:714293de3836 1712
ashleymills 0:714293de3836 1713 #ifdef HAVE_ECC
ashleymills 0:714293de3836 1714 if (ssl->peerEccKey)
ashleymills 0:714293de3836 1715 {
ashleymills 0:714293de3836 1716 if (ssl->peerEccKeyPresent) {
ashleymills 0:714293de3836 1717 ecc_free(ssl->peerEccKey);
ashleymills 0:714293de3836 1718 ssl->peerEccKeyPresent = 0;
ashleymills 0:714293de3836 1719 }
ashleymills 0:714293de3836 1720 XFREE(ssl->peerEccKey, ssl->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1721 ssl->peerEccKey = NULL;
ashleymills 0:714293de3836 1722 }
ashleymills 0:714293de3836 1723 if (ssl->peerEccDsaKey)
ashleymills 0:714293de3836 1724 {
ashleymills 0:714293de3836 1725 if (ssl->peerEccDsaKeyPresent) {
ashleymills 0:714293de3836 1726 ecc_free(ssl->peerEccDsaKey);
ashleymills 0:714293de3836 1727 ssl->peerEccDsaKeyPresent = 0;
ashleymills 0:714293de3836 1728 }
ashleymills 0:714293de3836 1729 XFREE(ssl->peerEccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1730 ssl->peerEccDsaKey = NULL;
ashleymills 0:714293de3836 1731 }
ashleymills 0:714293de3836 1732 if (ssl->eccTempKey)
ashleymills 0:714293de3836 1733 {
ashleymills 0:714293de3836 1734 if (ssl->eccTempKeyPresent) {
ashleymills 0:714293de3836 1735 ecc_free(ssl->eccTempKey);
ashleymills 0:714293de3836 1736 ssl->eccTempKeyPresent = 0;
ashleymills 0:714293de3836 1737 }
ashleymills 0:714293de3836 1738 XFREE(ssl->eccTempKey, ssl->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1739 ssl->eccTempKey = NULL;
ashleymills 0:714293de3836 1740 }
ashleymills 0:714293de3836 1741 if (ssl->eccDsaKey)
ashleymills 0:714293de3836 1742 {
ashleymills 0:714293de3836 1743 if (ssl->eccDsaKeyPresent) {
ashleymills 0:714293de3836 1744 ecc_free(ssl->eccDsaKey);
ashleymills 0:714293de3836 1745 ssl->eccDsaKeyPresent = 0;
ashleymills 0:714293de3836 1746 }
ashleymills 0:714293de3836 1747 XFREE(ssl->eccDsaKey, ssl->heap, DYNAMIC_TYPE_ECC);
ashleymills 0:714293de3836 1748 ssl->eccDsaKey = NULL;
ashleymills 0:714293de3836 1749 }
ashleymills 0:714293de3836 1750 #endif
ashleymills 0:714293de3836 1751 }
ashleymills 0:714293de3836 1752
ashleymills 0:714293de3836 1753
ashleymills 0:714293de3836 1754 void FreeSSL(CYASSL* ssl)
ashleymills 0:714293de3836 1755 {
ashleymills 0:714293de3836 1756 FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
ashleymills 0:714293de3836 1757 SSL_ResourceFree(ssl);
ashleymills 0:714293de3836 1758 XFREE(ssl, ssl->heap, DYNAMIC_TYPE_SSL);
ashleymills 0:714293de3836 1759 }
ashleymills 0:714293de3836 1760
ashleymills 0:714293de3836 1761
ashleymills 0:714293de3836 1762 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 1763
ashleymills 0:714293de3836 1764 int DtlsPoolInit(CYASSL* ssl)
ashleymills 0:714293de3836 1765 {
ashleymills 0:714293de3836 1766 if (ssl->dtls_pool == NULL) {
ashleymills 0:714293de3836 1767 DtlsPool *pool = (DtlsPool*)XMALLOC(sizeof(DtlsPool),
ashleymills 0:714293de3836 1768 ssl->heap, DYNAMIC_TYPE_DTLS_POOL);
ashleymills 0:714293de3836 1769 if (pool == NULL) {
ashleymills 0:714293de3836 1770 CYASSL_MSG("DTLS Buffer Pool Memory error");
ashleymills 0:714293de3836 1771 return MEMORY_E;
ashleymills 0:714293de3836 1772 }
ashleymills 0:714293de3836 1773 else {
ashleymills 0:714293de3836 1774 int i;
ashleymills 0:714293de3836 1775
ashleymills 0:714293de3836 1776 for (i = 0; i < DTLS_POOL_SZ; i++) {
ashleymills 0:714293de3836 1777 pool->buf[i].length = 0;
ashleymills 0:714293de3836 1778 pool->buf[i].buffer = NULL;
ashleymills 0:714293de3836 1779 }
ashleymills 0:714293de3836 1780 pool->used = 0;
ashleymills 0:714293de3836 1781 ssl->dtls_pool = pool;
ashleymills 0:714293de3836 1782 }
ashleymills 0:714293de3836 1783 }
ashleymills 0:714293de3836 1784 return 0;
ashleymills 0:714293de3836 1785 }
ashleymills 0:714293de3836 1786
ashleymills 0:714293de3836 1787
ashleymills 0:714293de3836 1788 int DtlsPoolSave(CYASSL* ssl, const byte *src, int sz)
ashleymills 0:714293de3836 1789 {
ashleymills 0:714293de3836 1790 DtlsPool *pool = ssl->dtls_pool;
ashleymills 0:714293de3836 1791 if (pool != NULL && pool->used < DTLS_POOL_SZ) {
ashleymills 0:714293de3836 1792 buffer *pBuf = &pool->buf[pool->used];
ashleymills 0:714293de3836 1793 pBuf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
ashleymills 0:714293de3836 1794 if (pBuf->buffer == NULL) {
ashleymills 0:714293de3836 1795 CYASSL_MSG("DTLS Buffer Memory error");
ashleymills 0:714293de3836 1796 return MEMORY_ERROR;
ashleymills 0:714293de3836 1797 }
ashleymills 0:714293de3836 1798 XMEMCPY(pBuf->buffer, src, sz);
ashleymills 0:714293de3836 1799 pBuf->length = (word32)sz;
ashleymills 0:714293de3836 1800 pool->used++;
ashleymills 0:714293de3836 1801 }
ashleymills 0:714293de3836 1802 return 0;
ashleymills 0:714293de3836 1803 }
ashleymills 0:714293de3836 1804
ashleymills 0:714293de3836 1805
ashleymills 0:714293de3836 1806 void DtlsPoolReset(CYASSL* ssl)
ashleymills 0:714293de3836 1807 {
ashleymills 0:714293de3836 1808 DtlsPool *pool = ssl->dtls_pool;
ashleymills 0:714293de3836 1809 if (pool != NULL) {
ashleymills 0:714293de3836 1810 buffer *pBuf;
ashleymills 0:714293de3836 1811 int i, used;
ashleymills 0:714293de3836 1812
ashleymills 0:714293de3836 1813 used = pool->used;
ashleymills 0:714293de3836 1814 for (i = 0, pBuf = &pool->buf[0]; i < used; i++, pBuf++) {
ashleymills 0:714293de3836 1815 XFREE(pBuf->buffer, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
ashleymills 0:714293de3836 1816 pBuf->buffer = NULL;
ashleymills 0:714293de3836 1817 pBuf->length = 0;
ashleymills 0:714293de3836 1818 }
ashleymills 0:714293de3836 1819 pool->used = 0;
ashleymills 0:714293de3836 1820 }
ashleymills 0:714293de3836 1821 ssl->dtls_timeout = ssl->dtls_timeout_init;
ashleymills 0:714293de3836 1822 }
ashleymills 0:714293de3836 1823
ashleymills 0:714293de3836 1824
ashleymills 0:714293de3836 1825 int DtlsPoolTimeout(CYASSL* ssl)
ashleymills 0:714293de3836 1826 {
ashleymills 0:714293de3836 1827 int result = -1;
ashleymills 0:714293de3836 1828 if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
ashleymills 0:714293de3836 1829 ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
ashleymills 0:714293de3836 1830 result = 0;
ashleymills 0:714293de3836 1831 }
ashleymills 0:714293de3836 1832 return result;
ashleymills 0:714293de3836 1833 }
ashleymills 0:714293de3836 1834
ashleymills 0:714293de3836 1835
ashleymills 0:714293de3836 1836 int DtlsPoolSend(CYASSL* ssl)
ashleymills 0:714293de3836 1837 {
ashleymills 0:714293de3836 1838 int ret;
ashleymills 0:714293de3836 1839 DtlsPool *pool = ssl->dtls_pool;
ashleymills 0:714293de3836 1840
ashleymills 0:714293de3836 1841 if (pool != NULL && pool->used > 0) {
ashleymills 0:714293de3836 1842 int i;
ashleymills 0:714293de3836 1843 for (i = 0; i < pool->used; i++) {
ashleymills 0:714293de3836 1844 int sendResult;
ashleymills 0:714293de3836 1845 buffer* buf = &pool->buf[i];
ashleymills 0:714293de3836 1846
ashleymills 0:714293de3836 1847 DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)buf->buffer;
ashleymills 0:714293de3836 1848
ashleymills 0:714293de3836 1849 word16 message_epoch;
ashleymills 0:714293de3836 1850 ato16(dtls->epoch, &message_epoch);
ashleymills 0:714293de3836 1851 if (message_epoch == ssl->keys.dtls_epoch) {
ashleymills 0:714293de3836 1852 /* Increment record sequence number on retransmitted handshake
ashleymills 0:714293de3836 1853 * messages */
ashleymills 0:714293de3836 1854 c32to48(ssl->keys.dtls_sequence_number, dtls->sequence_number);
ashleymills 0:714293de3836 1855 ssl->keys.dtls_sequence_number++;
ashleymills 0:714293de3836 1856 }
ashleymills 0:714293de3836 1857 else {
ashleymills 0:714293de3836 1858 /* The Finished message is sent with the next epoch, keep its
ashleymills 0:714293de3836 1859 * sequence number */
ashleymills 0:714293de3836 1860 }
ashleymills 0:714293de3836 1861
ashleymills 0:714293de3836 1862 if ((ret = CheckAvailableSize(ssl, buf->length)) != 0)
ashleymills 0:714293de3836 1863 return ret;
ashleymills 0:714293de3836 1864
ashleymills 0:714293de3836 1865 XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length);
ashleymills 0:714293de3836 1866 ssl->buffers.outputBuffer.idx = 0;
ashleymills 0:714293de3836 1867 ssl->buffers.outputBuffer.length = buf->length;
ashleymills 0:714293de3836 1868
ashleymills 0:714293de3836 1869 sendResult = SendBuffered(ssl);
ashleymills 0:714293de3836 1870 if (sendResult < 0) {
ashleymills 0:714293de3836 1871 return sendResult;
ashleymills 0:714293de3836 1872 }
ashleymills 0:714293de3836 1873 }
ashleymills 0:714293de3836 1874 }
ashleymills 0:714293de3836 1875 return 0;
ashleymills 0:714293de3836 1876 }
ashleymills 0:714293de3836 1877
ashleymills 0:714293de3836 1878
ashleymills 0:714293de3836 1879 /* functions for managing DTLS datagram reordering */
ashleymills 0:714293de3836 1880
ashleymills 0:714293de3836 1881 /* Need to allocate space for the handshake message header. The hashing
ashleymills 0:714293de3836 1882 * routines assume the message pointer is still within the buffer that
ashleymills 0:714293de3836 1883 * has the headers, and will include those headers in the hash. The store
ashleymills 0:714293de3836 1884 * routines need to take that into account as well. New will allocate
ashleymills 0:714293de3836 1885 * extra space for the headers. */
ashleymills 0:714293de3836 1886 DtlsMsg* DtlsMsgNew(word32 sz, void* heap)
ashleymills 0:714293de3836 1887 {
ashleymills 0:714293de3836 1888 DtlsMsg* msg = NULL;
ashleymills 0:714293de3836 1889
ashleymills 0:714293de3836 1890 msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
ashleymills 0:714293de3836 1891
ashleymills 0:714293de3836 1892 if (msg != NULL) {
ashleymills 0:714293de3836 1893 msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ,
ashleymills 0:714293de3836 1894 heap, DYNAMIC_TYPE_NONE);
ashleymills 0:714293de3836 1895 if (msg->buf != NULL) {
ashleymills 0:714293de3836 1896 msg->next = NULL;
ashleymills 0:714293de3836 1897 msg->seq = 0;
ashleymills 0:714293de3836 1898 msg->sz = sz;
ashleymills 0:714293de3836 1899 msg->fragSz = 0;
ashleymills 0:714293de3836 1900 msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 1901 }
ashleymills 0:714293de3836 1902 else {
ashleymills 0:714293de3836 1903 XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG);
ashleymills 0:714293de3836 1904 msg = NULL;
ashleymills 0:714293de3836 1905 }
ashleymills 0:714293de3836 1906 }
ashleymills 0:714293de3836 1907
ashleymills 0:714293de3836 1908 return msg;
ashleymills 0:714293de3836 1909 }
ashleymills 0:714293de3836 1910
ashleymills 0:714293de3836 1911 void DtlsMsgDelete(DtlsMsg* item, void* heap)
ashleymills 0:714293de3836 1912 {
ashleymills 0:714293de3836 1913 (void)heap;
ashleymills 0:714293de3836 1914
ashleymills 0:714293de3836 1915 if (item != NULL) {
ashleymills 0:714293de3836 1916 if (item->buf != NULL)
ashleymills 0:714293de3836 1917 XFREE(item->buf, heap, DYNAMIC_TYPE_NONE);
ashleymills 0:714293de3836 1918 XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
ashleymills 0:714293de3836 1919 }
ashleymills 0:714293de3836 1920 }
ashleymills 0:714293de3836 1921
ashleymills 0:714293de3836 1922
ashleymills 0:714293de3836 1923 void DtlsMsgListDelete(DtlsMsg* head, void* heap)
ashleymills 0:714293de3836 1924 {
ashleymills 0:714293de3836 1925 DtlsMsg* next;
ashleymills 0:714293de3836 1926 while (head) {
ashleymills 0:714293de3836 1927 next = head->next;
ashleymills 0:714293de3836 1928 DtlsMsgDelete(head, heap);
ashleymills 0:714293de3836 1929 head = next;
ashleymills 0:714293de3836 1930 }
ashleymills 0:714293de3836 1931 }
ashleymills 0:714293de3836 1932
ashleymills 0:714293de3836 1933
ashleymills 0:714293de3836 1934 void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
ashleymills 0:714293de3836 1935 word32 fragOffset, word32 fragSz)
ashleymills 0:714293de3836 1936 {
ashleymills 0:714293de3836 1937 if (msg != NULL && data != NULL && msg->fragSz <= msg->sz) {
ashleymills 0:714293de3836 1938 msg->seq = seq;
ashleymills 0:714293de3836 1939 msg->type = type;
ashleymills 0:714293de3836 1940 msg->fragSz += fragSz;
ashleymills 0:714293de3836 1941 /* If fragOffset is zero, this is either a full message that is out
ashleymills 0:714293de3836 1942 * of order, or the first fragment of a fragmented message. Copy the
ashleymills 0:714293de3836 1943 * handshake message header as well as the message data. */
ashleymills 0:714293de3836 1944 if (fragOffset == 0)
ashleymills 0:714293de3836 1945 XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
ashleymills 0:714293de3836 1946 fragSz + DTLS_HANDSHAKE_HEADER_SZ);
ashleymills 0:714293de3836 1947 else {
ashleymills 0:714293de3836 1948 /* If fragOffet is non-zero, this is an additional fragment that
ashleymills 0:714293de3836 1949 * needs to be copied to its location in the message buffer. Also
ashleymills 0:714293de3836 1950 * copy the total size of the message over the fragment size. The
ashleymills 0:714293de3836 1951 * hash routines look at a defragmented message if it had actually
ashleymills 0:714293de3836 1952 * come across as a single handshake message. */
ashleymills 0:714293de3836 1953 XMEMCPY(msg->msg + fragOffset, data, fragSz);
ashleymills 0:714293de3836 1954 c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
ashleymills 0:714293de3836 1955 }
ashleymills 0:714293de3836 1956 }
ashleymills 0:714293de3836 1957 }
ashleymills 0:714293de3836 1958
ashleymills 0:714293de3836 1959
ashleymills 0:714293de3836 1960 DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq)
ashleymills 0:714293de3836 1961 {
ashleymills 0:714293de3836 1962 while (head != NULL && head->seq != seq) {
ashleymills 0:714293de3836 1963 head = head->next;
ashleymills 0:714293de3836 1964 }
ashleymills 0:714293de3836 1965 return head;
ashleymills 0:714293de3836 1966 }
ashleymills 0:714293de3836 1967
ashleymills 0:714293de3836 1968
ashleymills 0:714293de3836 1969 DtlsMsg* DtlsMsgStore(DtlsMsg* head, word32 seq, const byte* data,
ashleymills 0:714293de3836 1970 word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
ashleymills 0:714293de3836 1971 {
ashleymills 0:714293de3836 1972
ashleymills 0:714293de3836 1973 /* See if seq exists in the list. If it isn't in the list, make
ashleymills 0:714293de3836 1974 * a new item of size dataSz, copy fragSz bytes from data to msg->msg
ashleymills 0:714293de3836 1975 * starting at offset fragOffset, and add fragSz to msg->fragSz. If
ashleymills 0:714293de3836 1976 * the seq is in the list and it isn't full, copy fragSz bytes from
ashleymills 0:714293de3836 1977 * data to msg->msg starting at offset fragOffset, and add fragSz to
ashleymills 0:714293de3836 1978 * msg->fragSz. The new item should be inserted into the list in its
ashleymills 0:714293de3836 1979 * proper position.
ashleymills 0:714293de3836 1980 *
ashleymills 0:714293de3836 1981 * 1. Find seq in list, or where seq should go in list. If seq not in
ashleymills 0:714293de3836 1982 * list, create new item and insert into list. Either case, keep
ashleymills 0:714293de3836 1983 * pointer to item.
ashleymills 0:714293de3836 1984 * 2. If msg->fragSz + fragSz < sz, copy data to msg->msg at offset
ashleymills 0:714293de3836 1985 * fragOffset. Add fragSz to msg->fragSz.
ashleymills 0:714293de3836 1986 */
ashleymills 0:714293de3836 1987
ashleymills 0:714293de3836 1988 if (head != NULL) {
ashleymills 0:714293de3836 1989 DtlsMsg* cur = DtlsMsgFind(head, seq);
ashleymills 0:714293de3836 1990 if (cur == NULL) {
ashleymills 0:714293de3836 1991 cur = DtlsMsgNew(dataSz, heap);
ashleymills 0:714293de3836 1992 DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz);
ashleymills 0:714293de3836 1993 head = DtlsMsgInsert(head, cur);
ashleymills 0:714293de3836 1994 }
ashleymills 0:714293de3836 1995 else {
ashleymills 0:714293de3836 1996 DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz);
ashleymills 0:714293de3836 1997 }
ashleymills 0:714293de3836 1998 }
ashleymills 0:714293de3836 1999 else {
ashleymills 0:714293de3836 2000 head = DtlsMsgNew(dataSz, heap);
ashleymills 0:714293de3836 2001 DtlsMsgSet(head, seq, data, type, fragOffset, fragSz);
ashleymills 0:714293de3836 2002 }
ashleymills 0:714293de3836 2003
ashleymills 0:714293de3836 2004 return head;
ashleymills 0:714293de3836 2005 }
ashleymills 0:714293de3836 2006
ashleymills 0:714293de3836 2007
ashleymills 0:714293de3836 2008 /* DtlsMsgInsert() is an in-order insert. */
ashleymills 0:714293de3836 2009 DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
ashleymills 0:714293de3836 2010 {
ashleymills 0:714293de3836 2011 if (head == NULL || item->seq < head->seq) {
ashleymills 0:714293de3836 2012 item->next = head;
ashleymills 0:714293de3836 2013 head = item;
ashleymills 0:714293de3836 2014 }
ashleymills 0:714293de3836 2015 else if (head->next == NULL) {
ashleymills 0:714293de3836 2016 head->next = item;
ashleymills 0:714293de3836 2017 }
ashleymills 0:714293de3836 2018 else {
ashleymills 0:714293de3836 2019 DtlsMsg* cur = head->next;
ashleymills 0:714293de3836 2020 DtlsMsg* prev = head;
ashleymills 0:714293de3836 2021 while (cur) {
ashleymills 0:714293de3836 2022 if (item->seq < cur->seq) {
ashleymills 0:714293de3836 2023 item->next = cur;
ashleymills 0:714293de3836 2024 prev->next = item;
ashleymills 0:714293de3836 2025 break;
ashleymills 0:714293de3836 2026 }
ashleymills 0:714293de3836 2027 prev = cur;
ashleymills 0:714293de3836 2028 cur = cur->next;
ashleymills 0:714293de3836 2029 }
ashleymills 0:714293de3836 2030 if (cur == NULL) {
ashleymills 0:714293de3836 2031 prev->next = item;
ashleymills 0:714293de3836 2032 }
ashleymills 0:714293de3836 2033 }
ashleymills 0:714293de3836 2034
ashleymills 0:714293de3836 2035 return head;
ashleymills 0:714293de3836 2036 }
ashleymills 0:714293de3836 2037
ashleymills 0:714293de3836 2038 #endif /* CYASSL_DTLS */
ashleymills 0:714293de3836 2039
ashleymills 0:714293de3836 2040 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 2041
ashleymills 0:714293de3836 2042 ProtocolVersion MakeSSLv3(void)
ashleymills 0:714293de3836 2043 {
ashleymills 0:714293de3836 2044 ProtocolVersion pv;
ashleymills 0:714293de3836 2045 pv.major = SSLv3_MAJOR;
ashleymills 0:714293de3836 2046 pv.minor = SSLv3_MINOR;
ashleymills 0:714293de3836 2047
ashleymills 0:714293de3836 2048 return pv;
ashleymills 0:714293de3836 2049 }
ashleymills 0:714293de3836 2050
ashleymills 0:714293de3836 2051 #endif /* NO_OLD_TLS */
ashleymills 0:714293de3836 2052
ashleymills 0:714293de3836 2053
ashleymills 0:714293de3836 2054 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2055
ashleymills 0:714293de3836 2056 ProtocolVersion MakeDTLSv1(void)
ashleymills 0:714293de3836 2057 {
ashleymills 0:714293de3836 2058 ProtocolVersion pv;
ashleymills 0:714293de3836 2059 pv.major = DTLS_MAJOR;
ashleymills 0:714293de3836 2060 pv.minor = DTLS_MINOR;
ashleymills 0:714293de3836 2061
ashleymills 0:714293de3836 2062 return pv;
ashleymills 0:714293de3836 2063 }
ashleymills 0:714293de3836 2064
ashleymills 0:714293de3836 2065 ProtocolVersion MakeDTLSv1_2(void)
ashleymills 0:714293de3836 2066 {
ashleymills 0:714293de3836 2067 ProtocolVersion pv;
ashleymills 0:714293de3836 2068 pv.major = DTLS_MAJOR;
ashleymills 0:714293de3836 2069 pv.minor = DTLSv1_2_MINOR;
ashleymills 0:714293de3836 2070
ashleymills 0:714293de3836 2071 return pv;
ashleymills 0:714293de3836 2072 }
ashleymills 0:714293de3836 2073
ashleymills 0:714293de3836 2074 #endif /* CYASSL_DTLS */
ashleymills 0:714293de3836 2075
ashleymills 0:714293de3836 2076
ashleymills 0:714293de3836 2077
ashleymills 0:714293de3836 2078
ashleymills 0:714293de3836 2079 #ifdef USE_WINDOWS_API
ashleymills 0:714293de3836 2080
ashleymills 0:714293de3836 2081 word32 LowResTimer(void)
ashleymills 0:714293de3836 2082 {
ashleymills 0:714293de3836 2083 static int init = 0;
ashleymills 0:714293de3836 2084 static LARGE_INTEGER freq;
ashleymills 0:714293de3836 2085 LARGE_INTEGER count;
ashleymills 0:714293de3836 2086
ashleymills 0:714293de3836 2087 if (!init) {
ashleymills 0:714293de3836 2088 QueryPerformanceFrequency(&freq);
ashleymills 0:714293de3836 2089 init = 1;
ashleymills 0:714293de3836 2090 }
ashleymills 0:714293de3836 2091
ashleymills 0:714293de3836 2092 QueryPerformanceCounter(&count);
ashleymills 0:714293de3836 2093
ashleymills 0:714293de3836 2094 return (word32)(count.QuadPart / freq.QuadPart);
ashleymills 0:714293de3836 2095 }
ashleymills 0:714293de3836 2096
ashleymills 0:714293de3836 2097 #elif defined(HAVE_RTP_SYS)
ashleymills 0:714293de3836 2098
ashleymills 0:714293de3836 2099 #include "rtptime.h"
ashleymills 0:714293de3836 2100
ashleymills 0:714293de3836 2101 word32 LowResTimer(void)
ashleymills 0:714293de3836 2102 {
ashleymills 0:714293de3836 2103 return (word32)rtp_get_system_sec();
ashleymills 0:714293de3836 2104 }
ashleymills 0:714293de3836 2105
ashleymills 0:714293de3836 2106
ashleymills 0:714293de3836 2107 #elif defined(MICRIUM)
ashleymills 0:714293de3836 2108
ashleymills 0:714293de3836 2109 word32 LowResTimer(void)
ashleymills 0:714293de3836 2110 {
ashleymills 0:714293de3836 2111 NET_SECURE_OS_TICK clk;
ashleymills 0:714293de3836 2112
ashleymills 0:714293de3836 2113 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
ashleymills 0:714293de3836 2114 clk = NetSecure_OS_TimeGet();
ashleymills 0:714293de3836 2115 #endif
ashleymills 0:714293de3836 2116 return (word32)clk;
ashleymills 0:714293de3836 2117 }
ashleymills 0:714293de3836 2118
ashleymills 0:714293de3836 2119
ashleymills 0:714293de3836 2120 #elif defined(MICROCHIP_TCPIP_V5)
ashleymills 0:714293de3836 2121
ashleymills 0:714293de3836 2122 word32 LowResTimer(void)
ashleymills 0:714293de3836 2123 {
ashleymills 0:714293de3836 2124 return (word32) TickGet();
ashleymills 0:714293de3836 2125 }
ashleymills 0:714293de3836 2126
ashleymills 0:714293de3836 2127
ashleymills 0:714293de3836 2128 #elif defined(MICROCHIP_TCPIP)
ashleymills 0:714293de3836 2129
ashleymills 0:714293de3836 2130 word32 LowResTimer(void)
ashleymills 0:714293de3836 2131 {
ashleymills 0:714293de3836 2132 return (word32) SYS_TICK_Get();
ashleymills 0:714293de3836 2133 }
ashleymills 0:714293de3836 2134
ashleymills 0:714293de3836 2135
ashleymills 0:714293de3836 2136 #elif defined(USER_TICKS)
ashleymills 0:714293de3836 2137 #if 0
ashleymills 0:714293de3836 2138 word32 LowResTimer(void)
ashleymills 0:714293de3836 2139 {
ashleymills 0:714293de3836 2140 /*
ashleymills 0:714293de3836 2141 write your own clock tick function if don't want time(0)
ashleymills 0:714293de3836 2142 needs second accuracy but doesn't have to correlated to EPOCH
ashleymills 0:714293de3836 2143 */
ashleymills 0:714293de3836 2144 }
ashleymills 0:714293de3836 2145 #endif
ashleymills 0:714293de3836 2146 #else /* !USE_WINDOWS_API && !HAVE_RTP_SYS && !MICRIUM && !USER_TICKS */
ashleymills 0:714293de3836 2147
ashleymills 0:714293de3836 2148 #include <time.h>
ashleymills 0:714293de3836 2149
ashleymills 0:714293de3836 2150 word32 LowResTimer(void)
ashleymills 0:714293de3836 2151 {
ashleymills 0:714293de3836 2152 return (word32)time(0);
ashleymills 0:714293de3836 2153 }
ashleymills 0:714293de3836 2154
ashleymills 0:714293de3836 2155
ashleymills 0:714293de3836 2156 #endif /* USE_WINDOWS_API */
ashleymills 0:714293de3836 2157
ashleymills 0:714293de3836 2158
ashleymills 0:714293de3836 2159 /* add output to md5 and sha handshake hashes, exclude record header */
ashleymills 0:714293de3836 2160 static void HashOutput(CYASSL* ssl, const byte* output, int sz, int ivSz)
ashleymills 0:714293de3836 2161 {
ashleymills 0:714293de3836 2162 const byte* adj = output + RECORD_HEADER_SZ + ivSz;
ashleymills 0:714293de3836 2163 sz -= RECORD_HEADER_SZ;
ashleymills 0:714293de3836 2164
ashleymills 0:714293de3836 2165 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2166 if (ssl->options.dtls) {
ashleymills 0:714293de3836 2167 adj += DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 2168 sz -= DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 2169 }
ashleymills 0:714293de3836 2170 #endif
ashleymills 0:714293de3836 2171 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 2172 #ifndef NO_SHA
ashleymills 0:714293de3836 2173 ShaUpdate(&ssl->hashSha, adj, sz);
ashleymills 0:714293de3836 2174 #endif
ashleymills 0:714293de3836 2175 #ifndef NO_MD5
ashleymills 0:714293de3836 2176 Md5Update(&ssl->hashMd5, adj, sz);
ashleymills 0:714293de3836 2177 #endif
ashleymills 0:714293de3836 2178 #endif
ashleymills 0:714293de3836 2179
ashleymills 0:714293de3836 2180 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 2181 #ifndef NO_SHA256
ashleymills 0:714293de3836 2182 Sha256Update(&ssl->hashSha256, adj, sz);
ashleymills 0:714293de3836 2183 #endif
ashleymills 0:714293de3836 2184 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 2185 Sha384Update(&ssl->hashSha384, adj, sz);
ashleymills 0:714293de3836 2186 #endif
ashleymills 0:714293de3836 2187 }
ashleymills 0:714293de3836 2188 }
ashleymills 0:714293de3836 2189
ashleymills 0:714293de3836 2190
ashleymills 0:714293de3836 2191 /* add input to md5 and sha handshake hashes, include handshake header */
ashleymills 0:714293de3836 2192 static void HashInput(CYASSL* ssl, const byte* input, int sz)
ashleymills 0:714293de3836 2193 {
ashleymills 0:714293de3836 2194 const byte* adj = input - HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 2195 sz += HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 2196
ashleymills 0:714293de3836 2197 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2198 if (ssl->options.dtls) {
ashleymills 0:714293de3836 2199 adj -= DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 2200 sz += DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 2201 }
ashleymills 0:714293de3836 2202 #endif
ashleymills 0:714293de3836 2203
ashleymills 0:714293de3836 2204 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 2205 #ifndef NO_SHA
ashleymills 0:714293de3836 2206 ShaUpdate(&ssl->hashSha, adj, sz);
ashleymills 0:714293de3836 2207 #endif
ashleymills 0:714293de3836 2208 #ifndef NO_MD5
ashleymills 0:714293de3836 2209 Md5Update(&ssl->hashMd5, adj, sz);
ashleymills 0:714293de3836 2210 #endif
ashleymills 0:714293de3836 2211 #endif
ashleymills 0:714293de3836 2212
ashleymills 0:714293de3836 2213 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 2214 #ifndef NO_SHA256
ashleymills 0:714293de3836 2215 Sha256Update(&ssl->hashSha256, adj, sz);
ashleymills 0:714293de3836 2216 #endif
ashleymills 0:714293de3836 2217 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 2218 Sha384Update(&ssl->hashSha384, adj, sz);
ashleymills 0:714293de3836 2219 #endif
ashleymills 0:714293de3836 2220 }
ashleymills 0:714293de3836 2221 }
ashleymills 0:714293de3836 2222
ashleymills 0:714293de3836 2223
ashleymills 0:714293de3836 2224 /* add record layer header for message */
ashleymills 0:714293de3836 2225 static void AddRecordHeader(byte* output, word32 length, byte type, CYASSL* ssl)
ashleymills 0:714293de3836 2226 {
ashleymills 0:714293de3836 2227 RecordLayerHeader* rl;
ashleymills 0:714293de3836 2228
ashleymills 0:714293de3836 2229 /* record layer header */
ashleymills 0:714293de3836 2230 rl = (RecordLayerHeader*)output;
ashleymills 0:714293de3836 2231 rl->type = type;
ashleymills 0:714293de3836 2232 rl->pvMajor = ssl->version.major; /* type and version same in each */
ashleymills 0:714293de3836 2233 rl->pvMinor = ssl->version.minor;
ashleymills 0:714293de3836 2234
ashleymills 0:714293de3836 2235 if (!ssl->options.dtls)
ashleymills 0:714293de3836 2236 c16toa((word16)length, rl->length);
ashleymills 0:714293de3836 2237 else {
ashleymills 0:714293de3836 2238 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2239 DtlsRecordLayerHeader* dtls;
ashleymills 0:714293de3836 2240
ashleymills 0:714293de3836 2241 /* dtls record layer header extensions */
ashleymills 0:714293de3836 2242 dtls = (DtlsRecordLayerHeader*)output;
ashleymills 0:714293de3836 2243 c16toa(ssl->keys.dtls_epoch, dtls->epoch);
ashleymills 0:714293de3836 2244 c32to48(ssl->keys.dtls_sequence_number++, dtls->sequence_number);
ashleymills 0:714293de3836 2245 c16toa((word16)length, dtls->length);
ashleymills 0:714293de3836 2246 #endif
ashleymills 0:714293de3836 2247 }
ashleymills 0:714293de3836 2248 }
ashleymills 0:714293de3836 2249
ashleymills 0:714293de3836 2250
ashleymills 0:714293de3836 2251 /* add handshake header for message */
ashleymills 0:714293de3836 2252 static void AddHandShakeHeader(byte* output, word32 length, byte type,
ashleymills 0:714293de3836 2253 CYASSL* ssl)
ashleymills 0:714293de3836 2254 {
ashleymills 0:714293de3836 2255 HandShakeHeader* hs;
ashleymills 0:714293de3836 2256 (void)ssl;
ashleymills 0:714293de3836 2257
ashleymills 0:714293de3836 2258 /* handshake header */
ashleymills 0:714293de3836 2259 hs = (HandShakeHeader*)output;
ashleymills 0:714293de3836 2260 hs->type = type;
ashleymills 0:714293de3836 2261 c32to24(length, hs->length); /* type and length same for each */
ashleymills 0:714293de3836 2262 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2263 if (ssl->options.dtls) {
ashleymills 0:714293de3836 2264 DtlsHandShakeHeader* dtls;
ashleymills 0:714293de3836 2265
ashleymills 0:714293de3836 2266 /* dtls handshake header extensions */
ashleymills 0:714293de3836 2267 dtls = (DtlsHandShakeHeader*)output;
ashleymills 0:714293de3836 2268 c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
ashleymills 0:714293de3836 2269 c32to24(0, dtls->fragment_offset);
ashleymills 0:714293de3836 2270 c32to24(length, dtls->fragment_length);
ashleymills 0:714293de3836 2271 }
ashleymills 0:714293de3836 2272 #endif
ashleymills 0:714293de3836 2273 }
ashleymills 0:714293de3836 2274
ashleymills 0:714293de3836 2275
ashleymills 0:714293de3836 2276 /* add both headers for handshake message */
ashleymills 0:714293de3836 2277 static void AddHeaders(byte* output, word32 length, byte type, CYASSL* ssl)
ashleymills 0:714293de3836 2278 {
ashleymills 0:714293de3836 2279 if (!ssl->options.dtls) {
ashleymills 0:714293de3836 2280 AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl);
ashleymills 0:714293de3836 2281 AddHandShakeHeader(output + RECORD_HEADER_SZ, length, type, ssl);
ashleymills 0:714293de3836 2282 }
ashleymills 0:714293de3836 2283 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2284 else {
ashleymills 0:714293de3836 2285 AddRecordHeader(output, length+DTLS_HANDSHAKE_HEADER_SZ, handshake,ssl);
ashleymills 0:714293de3836 2286 AddHandShakeHeader(output + DTLS_RECORD_HEADER_SZ, length, type, ssl);
ashleymills 0:714293de3836 2287 }
ashleymills 0:714293de3836 2288 #endif
ashleymills 0:714293de3836 2289 }
ashleymills 0:714293de3836 2290
ashleymills 0:714293de3836 2291
ashleymills 0:714293de3836 2292 /* return bytes received, -1 on error */
ashleymills 0:714293de3836 2293 static int Receive(CYASSL* ssl, byte* buf, word32 sz)
ashleymills 0:714293de3836 2294 {
ashleymills 0:714293de3836 2295 int recvd;
ashleymills 0:714293de3836 2296
ashleymills 0:714293de3836 2297 if (ssl->ctx->CBIORecv == NULL) {
ashleymills 0:714293de3836 2298 CYASSL_MSG("Your IO Recv callback is null, please set");
ashleymills 0:714293de3836 2299 return -1;
ashleymills 0:714293de3836 2300 }
ashleymills 0:714293de3836 2301
ashleymills 0:714293de3836 2302 retry:
ashleymills 0:714293de3836 2303 recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
ashleymills 0:714293de3836 2304 if (recvd < 0)
ashleymills 0:714293de3836 2305 switch (recvd) {
ashleymills 0:714293de3836 2306 case CYASSL_CBIO_ERR_GENERAL: /* general/unknown error */
ashleymills 0:714293de3836 2307 return -1;
ashleymills 0:714293de3836 2308
ashleymills 0:714293de3836 2309 case CYASSL_CBIO_ERR_WANT_READ: /* want read, would block */
ashleymills 0:714293de3836 2310 return WANT_READ;
ashleymills 0:714293de3836 2311
ashleymills 0:714293de3836 2312 case CYASSL_CBIO_ERR_CONN_RST: /* connection reset */
ashleymills 0:714293de3836 2313 #ifdef USE_WINDOWS_API
ashleymills 0:714293de3836 2314 if (ssl->options.dtls) {
ashleymills 0:714293de3836 2315 goto retry;
ashleymills 0:714293de3836 2316 }
ashleymills 0:714293de3836 2317 #endif
ashleymills 0:714293de3836 2318 ssl->options.connReset = 1;
ashleymills 0:714293de3836 2319 return -1;
ashleymills 0:714293de3836 2320
ashleymills 0:714293de3836 2321 case CYASSL_CBIO_ERR_ISR: /* interrupt */
ashleymills 0:714293de3836 2322 /* see if we got our timeout */
ashleymills 0:714293de3836 2323 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 2324 if (ssl->toInfoOn) {
ashleymills 0:714293de3836 2325 struct itimerval timeout;
ashleymills 0:714293de3836 2326 getitimer(ITIMER_REAL, &timeout);
ashleymills 0:714293de3836 2327 if (timeout.it_value.tv_sec == 0 &&
ashleymills 0:714293de3836 2328 timeout.it_value.tv_usec == 0) {
ashleymills 0:714293de3836 2329 XSTRNCPY(ssl->timeoutInfo.timeoutName,
ashleymills 0:714293de3836 2330 "recv() timeout", MAX_TIMEOUT_NAME_SZ);
ashleymills 0:714293de3836 2331 CYASSL_MSG("Got our timeout");
ashleymills 0:714293de3836 2332 return WANT_READ;
ashleymills 0:714293de3836 2333 }
ashleymills 0:714293de3836 2334 }
ashleymills 0:714293de3836 2335 #endif
ashleymills 0:714293de3836 2336 goto retry;
ashleymills 0:714293de3836 2337
ashleymills 0:714293de3836 2338 case CYASSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */
ashleymills 0:714293de3836 2339 ssl->options.isClosed = 1;
ashleymills 0:714293de3836 2340 return -1;
ashleymills 0:714293de3836 2341
ashleymills 0:714293de3836 2342 case CYASSL_CBIO_ERR_TIMEOUT:
ashleymills 0:714293de3836 2343 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2344 if (DtlsPoolTimeout(ssl) == 0 && DtlsPoolSend(ssl) == 0)
ashleymills 0:714293de3836 2345 goto retry;
ashleymills 0:714293de3836 2346 else
ashleymills 0:714293de3836 2347 #endif
ashleymills 0:714293de3836 2348 return -1;
ashleymills 0:714293de3836 2349
ashleymills 0:714293de3836 2350 default:
ashleymills 0:714293de3836 2351 return recvd;
ashleymills 0:714293de3836 2352 }
ashleymills 0:714293de3836 2353
ashleymills 0:714293de3836 2354 return recvd;
ashleymills 0:714293de3836 2355 }
ashleymills 0:714293de3836 2356
ashleymills 0:714293de3836 2357
ashleymills 0:714293de3836 2358 /* Switch dynamic output buffer back to static, buffer is assumed clear */
ashleymills 0:714293de3836 2359 void ShrinkOutputBuffer(CYASSL* ssl)
ashleymills 0:714293de3836 2360 {
ashleymills 0:714293de3836 2361 CYASSL_MSG("Shrinking output buffer\n");
ashleymills 0:714293de3836 2362 XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
ashleymills 0:714293de3836 2363 ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
ashleymills 0:714293de3836 2364 ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
ashleymills 0:714293de3836 2365 ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
ashleymills 0:714293de3836 2366 ssl->buffers.outputBuffer.dynamicFlag = 0;
ashleymills 0:714293de3836 2367 ssl->buffers.outputBuffer.offset = 0;
ashleymills 0:714293de3836 2368 }
ashleymills 0:714293de3836 2369
ashleymills 0:714293de3836 2370
ashleymills 0:714293de3836 2371 /* Switch dynamic input buffer back to static, keep any remaining input */
ashleymills 0:714293de3836 2372 /* forced free means cleaning up */
ashleymills 0:714293de3836 2373 void ShrinkInputBuffer(CYASSL* ssl, int forcedFree)
ashleymills 0:714293de3836 2374 {
ashleymills 0:714293de3836 2375 int usedLength = ssl->buffers.inputBuffer.length -
ashleymills 0:714293de3836 2376 ssl->buffers.inputBuffer.idx;
ashleymills 0:714293de3836 2377 if (!forcedFree && usedLength > STATIC_BUFFER_LEN)
ashleymills 0:714293de3836 2378 return;
ashleymills 0:714293de3836 2379
ashleymills 0:714293de3836 2380 CYASSL_MSG("Shrinking input buffer\n");
ashleymills 0:714293de3836 2381
ashleymills 0:714293de3836 2382 if (!forcedFree && usedLength)
ashleymills 0:714293de3836 2383 XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
ashleymills 0:714293de3836 2384 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
ashleymills 0:714293de3836 2385 usedLength);
ashleymills 0:714293de3836 2386
ashleymills 0:714293de3836 2387 XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
ashleymills 0:714293de3836 2388 ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
ashleymills 0:714293de3836 2389 ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
ashleymills 0:714293de3836 2390 ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
ashleymills 0:714293de3836 2391 ssl->buffers.inputBuffer.dynamicFlag = 0;
ashleymills 0:714293de3836 2392 ssl->buffers.inputBuffer.offset = 0;
ashleymills 0:714293de3836 2393 ssl->buffers.inputBuffer.idx = 0;
ashleymills 0:714293de3836 2394 ssl->buffers.inputBuffer.length = usedLength;
ashleymills 0:714293de3836 2395 }
ashleymills 0:714293de3836 2396
ashleymills 0:714293de3836 2397
ashleymills 0:714293de3836 2398 int SendBuffered(CYASSL* ssl)
ashleymills 0:714293de3836 2399 {
ashleymills 0:714293de3836 2400 if (ssl->ctx->CBIOSend == NULL) {
ashleymills 0:714293de3836 2401 CYASSL_MSG("Your IO Send callback is null, please set");
ashleymills 0:714293de3836 2402 return SOCKET_ERROR_E;
ashleymills 0:714293de3836 2403 }
ashleymills 0:714293de3836 2404
ashleymills 0:714293de3836 2405 while (ssl->buffers.outputBuffer.length > 0) {
ashleymills 0:714293de3836 2406 int sent = ssl->ctx->CBIOSend(ssl,
ashleymills 0:714293de3836 2407 (char*)ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 2408 ssl->buffers.outputBuffer.idx,
ashleymills 0:714293de3836 2409 (int)ssl->buffers.outputBuffer.length,
ashleymills 0:714293de3836 2410 ssl->IOCB_WriteCtx);
ashleymills 0:714293de3836 2411 if (sent < 0) {
ashleymills 0:714293de3836 2412 switch (sent) {
ashleymills 0:714293de3836 2413
ashleymills 0:714293de3836 2414 case CYASSL_CBIO_ERR_WANT_WRITE: /* would block */
ashleymills 0:714293de3836 2415 return WANT_WRITE;
ashleymills 0:714293de3836 2416
ashleymills 0:714293de3836 2417 case CYASSL_CBIO_ERR_CONN_RST: /* connection reset */
ashleymills 0:714293de3836 2418 ssl->options.connReset = 1;
ashleymills 0:714293de3836 2419 break;
ashleymills 0:714293de3836 2420
ashleymills 0:714293de3836 2421 case CYASSL_CBIO_ERR_ISR: /* interrupt */
ashleymills 0:714293de3836 2422 /* see if we got our timeout */
ashleymills 0:714293de3836 2423 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 2424 if (ssl->toInfoOn) {
ashleymills 0:714293de3836 2425 struct itimerval timeout;
ashleymills 0:714293de3836 2426 getitimer(ITIMER_REAL, &timeout);
ashleymills 0:714293de3836 2427 if (timeout.it_value.tv_sec == 0 &&
ashleymills 0:714293de3836 2428 timeout.it_value.tv_usec == 0) {
ashleymills 0:714293de3836 2429 XSTRNCPY(ssl->timeoutInfo.timeoutName,
ashleymills 0:714293de3836 2430 "send() timeout", MAX_TIMEOUT_NAME_SZ);
ashleymills 0:714293de3836 2431 CYASSL_MSG("Got our timeout");
ashleymills 0:714293de3836 2432 return WANT_WRITE;
ashleymills 0:714293de3836 2433 }
ashleymills 0:714293de3836 2434 }
ashleymills 0:714293de3836 2435 #endif
ashleymills 0:714293de3836 2436 continue;
ashleymills 0:714293de3836 2437
ashleymills 0:714293de3836 2438 case CYASSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
ashleymills 0:714293de3836 2439 ssl->options.connReset = 1; /* treat same as reset */
ashleymills 0:714293de3836 2440 break;
ashleymills 0:714293de3836 2441
ashleymills 0:714293de3836 2442 default:
ashleymills 0:714293de3836 2443 return SOCKET_ERROR_E;
ashleymills 0:714293de3836 2444 }
ashleymills 0:714293de3836 2445
ashleymills 0:714293de3836 2446 return SOCKET_ERROR_E;
ashleymills 0:714293de3836 2447 }
ashleymills 0:714293de3836 2448
ashleymills 0:714293de3836 2449 ssl->buffers.outputBuffer.idx += sent;
ashleymills 0:714293de3836 2450 ssl->buffers.outputBuffer.length -= sent;
ashleymills 0:714293de3836 2451 }
ashleymills 0:714293de3836 2452
ashleymills 0:714293de3836 2453 ssl->buffers.outputBuffer.idx = 0;
ashleymills 0:714293de3836 2454
ashleymills 0:714293de3836 2455 if (ssl->buffers.outputBuffer.dynamicFlag)
ashleymills 0:714293de3836 2456 ShrinkOutputBuffer(ssl);
ashleymills 0:714293de3836 2457
ashleymills 0:714293de3836 2458 return 0;
ashleymills 0:714293de3836 2459 }
ashleymills 0:714293de3836 2460
ashleymills 0:714293de3836 2461
ashleymills 0:714293de3836 2462 /* Grow the output buffer */
ashleymills 0:714293de3836 2463 static INLINE int GrowOutputBuffer(CYASSL* ssl, int size)
ashleymills 0:714293de3836 2464 {
ashleymills 0:714293de3836 2465 byte* tmp;
ashleymills 0:714293de3836 2466 byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
ashleymills 0:714293de3836 2467 RECORD_HEADER_SZ;
ashleymills 0:714293de3836 2468 byte align = CYASSL_GENERAL_ALIGNMENT;
ashleymills 0:714293de3836 2469 /* the encrypted data will be offset from the front of the buffer by
ashleymills 0:714293de3836 2470 the header, if the user wants encrypted alignment they need
ashleymills 0:714293de3836 2471 to define their alignment requirement */
ashleymills 0:714293de3836 2472
ashleymills 0:714293de3836 2473 if (align) {
ashleymills 0:714293de3836 2474 while (align < hdrSz)
ashleymills 0:714293de3836 2475 align *= 2;
ashleymills 0:714293de3836 2476 }
ashleymills 0:714293de3836 2477
ashleymills 0:714293de3836 2478 tmp = (byte*) XMALLOC(size + ssl->buffers.outputBuffer.length + align,
ashleymills 0:714293de3836 2479 ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
ashleymills 0:714293de3836 2480 CYASSL_MSG("growing output buffer\n");
ashleymills 0:714293de3836 2481
ashleymills 0:714293de3836 2482 if (!tmp) return MEMORY_E;
ashleymills 0:714293de3836 2483 if (align)
ashleymills 0:714293de3836 2484 tmp += align - hdrSz;
ashleymills 0:714293de3836 2485
ashleymills 0:714293de3836 2486 if (ssl->buffers.outputBuffer.length)
ashleymills 0:714293de3836 2487 XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
ashleymills 0:714293de3836 2488 ssl->buffers.outputBuffer.length);
ashleymills 0:714293de3836 2489
ashleymills 0:714293de3836 2490 if (ssl->buffers.outputBuffer.dynamicFlag)
ashleymills 0:714293de3836 2491 XFREE(ssl->buffers.outputBuffer.buffer -
ashleymills 0:714293de3836 2492 ssl->buffers.outputBuffer.offset, ssl->heap,
ashleymills 0:714293de3836 2493 DYNAMIC_TYPE_OUT_BUFFER);
ashleymills 0:714293de3836 2494 ssl->buffers.outputBuffer.dynamicFlag = 1;
ashleymills 0:714293de3836 2495 if (align)
ashleymills 0:714293de3836 2496 ssl->buffers.outputBuffer.offset = align - hdrSz;
ashleymills 0:714293de3836 2497 else
ashleymills 0:714293de3836 2498 ssl->buffers.outputBuffer.offset = 0;
ashleymills 0:714293de3836 2499 ssl->buffers.outputBuffer.buffer = tmp;
ashleymills 0:714293de3836 2500 ssl->buffers.outputBuffer.bufferSize = size +
ashleymills 0:714293de3836 2501 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 2502 return 0;
ashleymills 0:714293de3836 2503 }
ashleymills 0:714293de3836 2504
ashleymills 0:714293de3836 2505
ashleymills 0:714293de3836 2506 /* Grow the input buffer, should only be to read cert or big app data */
ashleymills 0:714293de3836 2507 int GrowInputBuffer(CYASSL* ssl, int size, int usedLength)
ashleymills 0:714293de3836 2508 {
ashleymills 0:714293de3836 2509 byte* tmp;
ashleymills 0:714293de3836 2510 byte hdrSz = DTLS_RECORD_HEADER_SZ;
ashleymills 0:714293de3836 2511 byte align = ssl->options.dtls ? CYASSL_GENERAL_ALIGNMENT : 0;
ashleymills 0:714293de3836 2512 /* the encrypted data will be offset from the front of the buffer by
ashleymills 0:714293de3836 2513 the dtls record header, if the user wants encrypted alignment they need
ashleymills 0:714293de3836 2514 to define their alignment requirement. in tls we read record header
ashleymills 0:714293de3836 2515 to get size of record and put actual data back at front, so don't need */
ashleymills 0:714293de3836 2516
ashleymills 0:714293de3836 2517 if (align) {
ashleymills 0:714293de3836 2518 while (align < hdrSz)
ashleymills 0:714293de3836 2519 align *= 2;
ashleymills 0:714293de3836 2520 }
ashleymills 0:714293de3836 2521 tmp = (byte*) XMALLOC(size + usedLength + align, ssl->heap,
ashleymills 0:714293de3836 2522 DYNAMIC_TYPE_IN_BUFFER);
ashleymills 0:714293de3836 2523 CYASSL_MSG("growing input buffer\n");
ashleymills 0:714293de3836 2524
ashleymills 0:714293de3836 2525 if (!tmp) return MEMORY_E;
ashleymills 0:714293de3836 2526 if (align)
ashleymills 0:714293de3836 2527 tmp += align - hdrSz;
ashleymills 0:714293de3836 2528
ashleymills 0:714293de3836 2529 if (usedLength)
ashleymills 0:714293de3836 2530 XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
ashleymills 0:714293de3836 2531 ssl->buffers.inputBuffer.idx, usedLength);
ashleymills 0:714293de3836 2532
ashleymills 0:714293de3836 2533 if (ssl->buffers.inputBuffer.dynamicFlag)
ashleymills 0:714293de3836 2534 XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
ashleymills 0:714293de3836 2535 ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
ashleymills 0:714293de3836 2536
ashleymills 0:714293de3836 2537 ssl->buffers.inputBuffer.dynamicFlag = 1;
ashleymills 0:714293de3836 2538 if (align)
ashleymills 0:714293de3836 2539 ssl->buffers.inputBuffer.offset = align - hdrSz;
ashleymills 0:714293de3836 2540 else
ashleymills 0:714293de3836 2541 ssl->buffers.inputBuffer.offset = 0;
ashleymills 0:714293de3836 2542 ssl->buffers.inputBuffer.buffer = tmp;
ashleymills 0:714293de3836 2543 ssl->buffers.inputBuffer.bufferSize = size + usedLength;
ashleymills 0:714293de3836 2544 ssl->buffers.inputBuffer.idx = 0;
ashleymills 0:714293de3836 2545 ssl->buffers.inputBuffer.length = usedLength;
ashleymills 0:714293de3836 2546
ashleymills 0:714293de3836 2547 return 0;
ashleymills 0:714293de3836 2548 }
ashleymills 0:714293de3836 2549
ashleymills 0:714293de3836 2550
ashleymills 0:714293de3836 2551 /* check available size into output buffer, make room if needed */
ashleymills 0:714293de3836 2552 int CheckAvailableSize(CYASSL *ssl, int size)
ashleymills 0:714293de3836 2553 {
ashleymills 0:714293de3836 2554 if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length
ashleymills 0:714293de3836 2555 < (word32)size) {
ashleymills 0:714293de3836 2556 if (GrowOutputBuffer(ssl, size) < 0)
ashleymills 0:714293de3836 2557 return MEMORY_E;
ashleymills 0:714293de3836 2558 }
ashleymills 0:714293de3836 2559
ashleymills 0:714293de3836 2560 return 0;
ashleymills 0:714293de3836 2561 }
ashleymills 0:714293de3836 2562
ashleymills 0:714293de3836 2563
ashleymills 0:714293de3836 2564 /* do all verify and sanity checks on record header */
ashleymills 0:714293de3836 2565 static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
ashleymills 0:714293de3836 2566 RecordLayerHeader* rh, word16 *size)
ashleymills 0:714293de3836 2567 {
ashleymills 0:714293de3836 2568 if (!ssl->options.dtls) {
ashleymills 0:714293de3836 2569 XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ);
ashleymills 0:714293de3836 2570 *inOutIdx += RECORD_HEADER_SZ;
ashleymills 0:714293de3836 2571 ato16(rh->length, size);
ashleymills 0:714293de3836 2572 }
ashleymills 0:714293de3836 2573 else {
ashleymills 0:714293de3836 2574 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2575 /* type and version in same sport */
ashleymills 0:714293de3836 2576 XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
ashleymills 0:714293de3836 2577 *inOutIdx += ENUM_LEN + VERSION_SZ;
ashleymills 0:714293de3836 2578 ato16(input + *inOutIdx, &ssl->keys.dtls_peer_epoch);
ashleymills 0:714293de3836 2579 *inOutIdx += 4; /* advance past epoch, skip first 2 seq bytes for now */
ashleymills 0:714293de3836 2580 ato32(input + *inOutIdx, &ssl->keys.dtls_peer_sequence_number);
ashleymills 0:714293de3836 2581 *inOutIdx += 4; /* advance past rest of seq */
ashleymills 0:714293de3836 2582 ato16(input + *inOutIdx, size);
ashleymills 0:714293de3836 2583 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 2584 #endif
ashleymills 0:714293de3836 2585 }
ashleymills 0:714293de3836 2586
ashleymills 0:714293de3836 2587 /* catch version mismatch */
ashleymills 0:714293de3836 2588 if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){
ashleymills 0:714293de3836 2589 if (ssl->options.side == SERVER_END &&
ashleymills 0:714293de3836 2590 ssl->options.acceptState == ACCEPT_BEGIN)
ashleymills 0:714293de3836 2591 CYASSL_MSG("Client attempting to connect with different version");
ashleymills 0:714293de3836 2592 else if (ssl->options.side == CLIENT_END && ssl->options.downgrade &&
ashleymills 0:714293de3836 2593 ssl->options.connectState < FIRST_REPLY_DONE)
ashleymills 0:714293de3836 2594 CYASSL_MSG("Server attempting to accept with different version");
ashleymills 0:714293de3836 2595 else {
ashleymills 0:714293de3836 2596 CYASSL_MSG("SSL version error");
ashleymills 0:714293de3836 2597 return VERSION_ERROR; /* only use requested version */
ashleymills 0:714293de3836 2598 }
ashleymills 0:714293de3836 2599 }
ashleymills 0:714293de3836 2600 #if 0
ashleymills 0:714293de3836 2601 /* Instead of this, check the datagram against the sliding window of
ashleymills 0:714293de3836 2602 * received datagram goodness. */
ashleymills 0:714293de3836 2603 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2604 /* If DTLS, check the sequence number against expected. If out of
ashleymills 0:714293de3836 2605 * order, drop the record. Allows newer records in and resets the
ashleymills 0:714293de3836 2606 * expected to the next record. */
ashleymills 0:714293de3836 2607 if (ssl->options.dtls) {
ashleymills 0:714293de3836 2608 if ((ssl->keys.dtls_expected_peer_epoch ==
ashleymills 0:714293de3836 2609 ssl->keys.dtls_peer_epoch) &&
ashleymills 0:714293de3836 2610 (ssl->keys.dtls_peer_sequence_number >=
ashleymills 0:714293de3836 2611 ssl->keys.dtls_expected_peer_sequence_number)) {
ashleymills 0:714293de3836 2612 ssl->keys.dtls_expected_peer_sequence_number =
ashleymills 0:714293de3836 2613 ssl->keys.dtls_peer_sequence_number + 1;
ashleymills 0:714293de3836 2614 }
ashleymills 0:714293de3836 2615 else {
ashleymills 0:714293de3836 2616 return SEQUENCE_ERROR;
ashleymills 0:714293de3836 2617 }
ashleymills 0:714293de3836 2618 }
ashleymills 0:714293de3836 2619 #endif
ashleymills 0:714293de3836 2620 #endif
ashleymills 0:714293de3836 2621 /* record layer length check */
ashleymills 0:714293de3836 2622 if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
ashleymills 0:714293de3836 2623 return LENGTH_ERROR;
ashleymills 0:714293de3836 2624
ashleymills 0:714293de3836 2625 /* verify record type here as well */
ashleymills 0:714293de3836 2626 switch ((enum ContentType)rh->type) {
ashleymills 0:714293de3836 2627 case handshake:
ashleymills 0:714293de3836 2628 case change_cipher_spec:
ashleymills 0:714293de3836 2629 case application_data:
ashleymills 0:714293de3836 2630 case alert:
ashleymills 0:714293de3836 2631 break;
ashleymills 0:714293de3836 2632 case no_type:
ashleymills 0:714293de3836 2633 default:
ashleymills 0:714293de3836 2634 CYASSL_MSG("Unknown Record Type");
ashleymills 0:714293de3836 2635 return UNKNOWN_RECORD_TYPE;
ashleymills 0:714293de3836 2636 }
ashleymills 0:714293de3836 2637
ashleymills 0:714293de3836 2638 /* haven't decrypted this record yet */
ashleymills 0:714293de3836 2639 ssl->keys.decryptedCur = 0;
ashleymills 0:714293de3836 2640
ashleymills 0:714293de3836 2641 return 0;
ashleymills 0:714293de3836 2642 }
ashleymills 0:714293de3836 2643
ashleymills 0:714293de3836 2644
ashleymills 0:714293de3836 2645 static int GetHandShakeHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
ashleymills 0:714293de3836 2646 byte *type, word32 *size)
ashleymills 0:714293de3836 2647 {
ashleymills 0:714293de3836 2648 const byte *ptr = input + *inOutIdx;
ashleymills 0:714293de3836 2649 (void)ssl;
ashleymills 0:714293de3836 2650 *inOutIdx += HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 2651
ashleymills 0:714293de3836 2652 *type = ptr[0];
ashleymills 0:714293de3836 2653 c24to32(&ptr[1], size);
ashleymills 0:714293de3836 2654
ashleymills 0:714293de3836 2655 return 0;
ashleymills 0:714293de3836 2656 }
ashleymills 0:714293de3836 2657
ashleymills 0:714293de3836 2658
ashleymills 0:714293de3836 2659 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 2660 static int GetDtlsHandShakeHeader(CYASSL* ssl, const byte* input,
ashleymills 0:714293de3836 2661 word32* inOutIdx, byte *type, word32 *size,
ashleymills 0:714293de3836 2662 word32 *fragOffset, word32 *fragSz)
ashleymills 0:714293de3836 2663 {
ashleymills 0:714293de3836 2664 word32 idx = *inOutIdx;
ashleymills 0:714293de3836 2665
ashleymills 0:714293de3836 2666 *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 2667
ashleymills 0:714293de3836 2668 *type = input[idx++];
ashleymills 0:714293de3836 2669 c24to32(input + idx, size);
ashleymills 0:714293de3836 2670 idx += BYTE3_LEN;
ashleymills 0:714293de3836 2671
ashleymills 0:714293de3836 2672 ato16(input + idx, &ssl->keys.dtls_peer_handshake_number);
ashleymills 0:714293de3836 2673 idx += DTLS_HANDSHAKE_SEQ_SZ;
ashleymills 0:714293de3836 2674
ashleymills 0:714293de3836 2675 c24to32(input + idx, fragOffset);
ashleymills 0:714293de3836 2676 idx += DTLS_HANDSHAKE_FRAG_SZ;
ashleymills 0:714293de3836 2677 c24to32(input + idx, fragSz);
ashleymills 0:714293de3836 2678
ashleymills 0:714293de3836 2679 return 0;
ashleymills 0:714293de3836 2680 }
ashleymills 0:714293de3836 2681 #endif
ashleymills 0:714293de3836 2682
ashleymills 0:714293de3836 2683
ashleymills 0:714293de3836 2684 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 2685 /* fill with MD5 pad size since biggest required */
ashleymills 0:714293de3836 2686 static const byte PAD1[PAD_MD5] =
ashleymills 0:714293de3836 2687 { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
ashleymills 0:714293de3836 2688 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
ashleymills 0:714293de3836 2689 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
ashleymills 0:714293de3836 2690 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
ashleymills 0:714293de3836 2691 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
ashleymills 0:714293de3836 2692 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
ashleymills 0:714293de3836 2693 };
ashleymills 0:714293de3836 2694 static const byte PAD2[PAD_MD5] =
ashleymills 0:714293de3836 2695 { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
ashleymills 0:714293de3836 2696 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
ashleymills 0:714293de3836 2697 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
ashleymills 0:714293de3836 2698 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
ashleymills 0:714293de3836 2699 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
ashleymills 0:714293de3836 2700 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
ashleymills 0:714293de3836 2701 };
ashleymills 0:714293de3836 2702
ashleymills 0:714293de3836 2703 /* calculate MD5 hash for finished */
ashleymills 0:714293de3836 2704 static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender)
ashleymills 0:714293de3836 2705 {
ashleymills 0:714293de3836 2706 byte md5_result[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 2707
ashleymills 0:714293de3836 2708 /* make md5 inner */
ashleymills 0:714293de3836 2709 Md5Update(&ssl->hashMd5, sender, SIZEOF_SENDER);
ashleymills 0:714293de3836 2710 Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 2711 Md5Update(&ssl->hashMd5, PAD1, PAD_MD5);
ashleymills 0:714293de3836 2712 Md5Final(&ssl->hashMd5, md5_result);
ashleymills 0:714293de3836 2713
ashleymills 0:714293de3836 2714 /* make md5 outer */
ashleymills 0:714293de3836 2715 Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 2716 Md5Update(&ssl->hashMd5, PAD2, PAD_MD5);
ashleymills 0:714293de3836 2717 Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE);
ashleymills 0:714293de3836 2718
ashleymills 0:714293de3836 2719 Md5Final(&ssl->hashMd5, hashes->md5);
ashleymills 0:714293de3836 2720 }
ashleymills 0:714293de3836 2721
ashleymills 0:714293de3836 2722
ashleymills 0:714293de3836 2723 /* calculate SHA hash for finished */
ashleymills 0:714293de3836 2724 static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender)
ashleymills 0:714293de3836 2725 {
ashleymills 0:714293de3836 2726 byte sha_result[SHA_DIGEST_SIZE];
ashleymills 0:714293de3836 2727
ashleymills 0:714293de3836 2728 /* make sha inner */
ashleymills 0:714293de3836 2729 ShaUpdate(&ssl->hashSha, sender, SIZEOF_SENDER);
ashleymills 0:714293de3836 2730 ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 2731 ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA);
ashleymills 0:714293de3836 2732 ShaFinal(&ssl->hashSha, sha_result);
ashleymills 0:714293de3836 2733
ashleymills 0:714293de3836 2734 /* make sha outer */
ashleymills 0:714293de3836 2735 ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 2736 ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA);
ashleymills 0:714293de3836 2737 ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE);
ashleymills 0:714293de3836 2738
ashleymills 0:714293de3836 2739 ShaFinal(&ssl->hashSha, hashes->sha);
ashleymills 0:714293de3836 2740 }
ashleymills 0:714293de3836 2741 #endif
ashleymills 0:714293de3836 2742
ashleymills 0:714293de3836 2743
ashleymills 0:714293de3836 2744 static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
ashleymills 0:714293de3836 2745 {
ashleymills 0:714293de3836 2746 /* store current states, building requires get_digest which resets state */
ashleymills 0:714293de3836 2747 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 2748 #ifndef NO_MD5
ashleymills 0:714293de3836 2749 Md5 md5 = ssl->hashMd5;
ashleymills 0:714293de3836 2750 #endif
ashleymills 0:714293de3836 2751 #ifndef NO_SHA
ashleymills 0:714293de3836 2752 Sha sha = ssl->hashSha;
ashleymills 0:714293de3836 2753 #endif
ashleymills 0:714293de3836 2754 #endif
ashleymills 0:714293de3836 2755 #ifndef NO_SHA256
ashleymills 0:714293de3836 2756 Sha256 sha256 = ssl->hashSha256;
ashleymills 0:714293de3836 2757 #endif
ashleymills 0:714293de3836 2758 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 2759 Sha384 sha384 = ssl->hashSha384;
ashleymills 0:714293de3836 2760 #endif
ashleymills 0:714293de3836 2761
ashleymills 0:714293de3836 2762 #ifndef NO_TLS
ashleymills 0:714293de3836 2763 if (ssl->options.tls) {
ashleymills 0:714293de3836 2764 BuildTlsFinished(ssl, hashes, sender);
ashleymills 0:714293de3836 2765 }
ashleymills 0:714293de3836 2766 #endif
ashleymills 0:714293de3836 2767 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 2768 if (!ssl->options.tls) {
ashleymills 0:714293de3836 2769 BuildMD5(ssl, hashes, sender);
ashleymills 0:714293de3836 2770 BuildSHA(ssl, hashes, sender);
ashleymills 0:714293de3836 2771 }
ashleymills 0:714293de3836 2772 #endif
ashleymills 0:714293de3836 2773
ashleymills 0:714293de3836 2774 /* restore */
ashleymills 0:714293de3836 2775 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 2776 #ifndef NO_MD5
ashleymills 0:714293de3836 2777 ssl->hashMd5 = md5;
ashleymills 0:714293de3836 2778 #endif
ashleymills 0:714293de3836 2779 #ifndef NO_SHA
ashleymills 0:714293de3836 2780 ssl->hashSha = sha;
ashleymills 0:714293de3836 2781 #endif
ashleymills 0:714293de3836 2782 #endif
ashleymills 0:714293de3836 2783 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 2784 #ifndef NO_SHA256
ashleymills 0:714293de3836 2785 ssl->hashSha256 = sha256;
ashleymills 0:714293de3836 2786 #endif
ashleymills 0:714293de3836 2787 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 2788 ssl->hashSha384 = sha384;
ashleymills 0:714293de3836 2789 #endif
ashleymills 0:714293de3836 2790 }
ashleymills 0:714293de3836 2791 }
ashleymills 0:714293de3836 2792
ashleymills 0:714293de3836 2793
ashleymills 0:714293de3836 2794 #ifndef NO_CERTS
ashleymills 0:714293de3836 2795
ashleymills 0:714293de3836 2796
ashleymills 0:714293de3836 2797 /* Match names with wildcards, each wildcard can represent a single name
ashleymills 0:714293de3836 2798 component or fragment but not mulitple names, i.e.,
ashleymills 0:714293de3836 2799 *.z.com matches y.z.com but not x.y.z.com
ashleymills 0:714293de3836 2800
ashleymills 0:714293de3836 2801 return 1 on success */
ashleymills 0:714293de3836 2802 static int MatchDomainName(const char* pattern, int len, const char* str)
ashleymills 0:714293de3836 2803 {
ashleymills 0:714293de3836 2804 char p, s;
ashleymills 0:714293de3836 2805
ashleymills 0:714293de3836 2806 if (pattern == NULL || str == NULL || len <= 0)
ashleymills 0:714293de3836 2807 return 0;
ashleymills 0:714293de3836 2808
ashleymills 0:714293de3836 2809 while (len > 0 && (p = (char)(*pattern++))) {
ashleymills 0:714293de3836 2810 if (p == '*') {
ashleymills 0:714293de3836 2811 while (--len > 0 && (p = (char)(*pattern++)) == '*')
ashleymills 0:714293de3836 2812 ;
ashleymills 0:714293de3836 2813
ashleymills 0:714293de3836 2814 if (len == 0)
ashleymills 0:714293de3836 2815 p = '\0';
ashleymills 0:714293de3836 2816
ashleymills 0:714293de3836 2817 while ( (s = (char)(*str)) != '\0') {
ashleymills 0:714293de3836 2818 if (s == p)
ashleymills 0:714293de3836 2819 break;
ashleymills 0:714293de3836 2820 if (s == '.')
ashleymills 0:714293de3836 2821 return 0;
ashleymills 0:714293de3836 2822 str++;
ashleymills 0:714293de3836 2823 }
ashleymills 0:714293de3836 2824 }
ashleymills 0:714293de3836 2825 else {
ashleymills 0:714293de3836 2826 if (p != (char)(*str))
ashleymills 0:714293de3836 2827 return 0;
ashleymills 0:714293de3836 2828 }
ashleymills 0:714293de3836 2829
ashleymills 0:714293de3836 2830 if (*str != '\0')
ashleymills 0:714293de3836 2831 str++;
ashleymills 0:714293de3836 2832
ashleymills 0:714293de3836 2833 if (len > 0)
ashleymills 0:714293de3836 2834 len--;
ashleymills 0:714293de3836 2835 }
ashleymills 0:714293de3836 2836
ashleymills 0:714293de3836 2837 return *str == '\0';
ashleymills 0:714293de3836 2838 }
ashleymills 0:714293de3836 2839
ashleymills 0:714293de3836 2840
ashleymills 0:714293de3836 2841 /* try to find an altName match to domain, return 1 on success */
ashleymills 0:714293de3836 2842 static int CheckAltNames(DecodedCert* dCert, char* domain)
ashleymills 0:714293de3836 2843 {
ashleymills 0:714293de3836 2844 int match = 0;
ashleymills 0:714293de3836 2845 DNS_entry* altName = NULL;
ashleymills 0:714293de3836 2846
ashleymills 0:714293de3836 2847 CYASSL_MSG("Checking AltNames");
ashleymills 0:714293de3836 2848
ashleymills 0:714293de3836 2849 if (dCert)
ashleymills 0:714293de3836 2850 altName = dCert->altNames;
ashleymills 0:714293de3836 2851
ashleymills 0:714293de3836 2852 while (altName) {
ashleymills 0:714293de3836 2853 CYASSL_MSG(" individual AltName check");
ashleymills 0:714293de3836 2854
ashleymills 0:714293de3836 2855 if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){
ashleymills 0:714293de3836 2856 match = 1;
ashleymills 0:714293de3836 2857 break;
ashleymills 0:714293de3836 2858 }
ashleymills 0:714293de3836 2859
ashleymills 0:714293de3836 2860 altName = altName->next;
ashleymills 0:714293de3836 2861 }
ashleymills 0:714293de3836 2862
ashleymills 0:714293de3836 2863 return match;
ashleymills 0:714293de3836 2864 }
ashleymills 0:714293de3836 2865
ashleymills 0:714293de3836 2866
ashleymills 0:714293de3836 2867 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
ashleymills 0:714293de3836 2868
ashleymills 0:714293de3836 2869 /* Copy parts X509 needs from Decoded cert, 0 on success */
ashleymills 0:714293de3836 2870 int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
ashleymills 0:714293de3836 2871 {
ashleymills 0:714293de3836 2872 int ret = 0;
ashleymills 0:714293de3836 2873
ashleymills 0:714293de3836 2874 if (x509 == NULL || dCert == NULL)
ashleymills 0:714293de3836 2875 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2876
ashleymills 0:714293de3836 2877 XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
ashleymills 0:714293de3836 2878 x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
ashleymills 0:714293de3836 2879 x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
ashleymills 0:714293de3836 2880
ashleymills 0:714293de3836 2881 XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
ashleymills 0:714293de3836 2882 x509->subject.name[ASN_NAME_MAX - 1] = '\0';
ashleymills 0:714293de3836 2883 x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
ashleymills 0:714293de3836 2884
ashleymills 0:714293de3836 2885 XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
ashleymills 0:714293de3836 2886 x509->serialSz = dCert->serialSz;
ashleymills 0:714293de3836 2887 if (dCert->subjectCNLen < ASN_NAME_MAX) {
ashleymills 0:714293de3836 2888 XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
ashleymills 0:714293de3836 2889 x509->subjectCN[dCert->subjectCNLen] = '\0';
ashleymills 0:714293de3836 2890 }
ashleymills 0:714293de3836 2891 else
ashleymills 0:714293de3836 2892 x509->subjectCN[0] = '\0';
ashleymills 0:714293de3836 2893
ashleymills 0:714293de3836 2894 /* store cert for potential retrieval */
ashleymills 0:714293de3836 2895 x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL,
ashleymills 0:714293de3836 2896 DYNAMIC_TYPE_CERT);
ashleymills 0:714293de3836 2897 if (x509->derCert.buffer == NULL) {
ashleymills 0:714293de3836 2898 ret = MEMORY_E;
ashleymills 0:714293de3836 2899 }
ashleymills 0:714293de3836 2900 else {
ashleymills 0:714293de3836 2901 XMEMCPY(x509->derCert.buffer, dCert->source, dCert->maxIdx);
ashleymills 0:714293de3836 2902 x509->derCert.length = dCert->maxIdx;
ashleymills 0:714293de3836 2903 }
ashleymills 0:714293de3836 2904
ashleymills 0:714293de3836 2905 x509->altNames = dCert->altNames;
ashleymills 0:714293de3836 2906 dCert->altNames = NULL; /* takes ownership */
ashleymills 0:714293de3836 2907 x509->altNamesNext = x509->altNames; /* index hint */
ashleymills 0:714293de3836 2908
ashleymills 0:714293de3836 2909 return ret;
ashleymills 0:714293de3836 2910 }
ashleymills 0:714293de3836 2911
ashleymills 0:714293de3836 2912 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
ashleymills 0:714293de3836 2913
ashleymills 0:714293de3836 2914
ashleymills 0:714293de3836 2915 static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
ashleymills 0:714293de3836 2916 {
ashleymills 0:714293de3836 2917 word32 listSz, i = *inOutIdx;
ashleymills 0:714293de3836 2918 int ret = 0;
ashleymills 0:714293de3836 2919 int anyError = 0;
ashleymills 0:714293de3836 2920 int totalCerts = 0; /* number of certs in certs buffer */
ashleymills 0:714293de3836 2921 int count;
ashleymills 0:714293de3836 2922 char domain[ASN_NAME_MAX];
ashleymills 0:714293de3836 2923 buffer certs[MAX_CHAIN_DEPTH];
ashleymills 0:714293de3836 2924
ashleymills 0:714293de3836 2925 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 2926 if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
ashleymills 0:714293de3836 2927 if (ssl->toInfoOn) AddLateName("Certificate", &ssl->timeoutInfo);
ashleymills 0:714293de3836 2928 #endif
ashleymills 0:714293de3836 2929 c24to32(&input[i], &listSz);
ashleymills 0:714293de3836 2930 i += CERT_HEADER_SZ;
ashleymills 0:714293de3836 2931
ashleymills 0:714293de3836 2932 CYASSL_MSG("Loading peer's cert chain");
ashleymills 0:714293de3836 2933 /* first put cert chain into buffer so can verify top down
ashleymills 0:714293de3836 2934 we're sent bottom up */
ashleymills 0:714293de3836 2935 while (listSz) {
ashleymills 0:714293de3836 2936 /* cert size */
ashleymills 0:714293de3836 2937 word32 certSz;
ashleymills 0:714293de3836 2938
ashleymills 0:714293de3836 2939 if (totalCerts >= MAX_CHAIN_DEPTH)
ashleymills 0:714293de3836 2940 return MAX_CHAIN_ERROR;
ashleymills 0:714293de3836 2941
ashleymills 0:714293de3836 2942 c24to32(&input[i], &certSz);
ashleymills 0:714293de3836 2943 i += CERT_HEADER_SZ;
ashleymills 0:714293de3836 2944
ashleymills 0:714293de3836 2945 if (listSz > MAX_RECORD_SIZE || certSz > MAX_RECORD_SIZE)
ashleymills 0:714293de3836 2946 return BUFFER_E;
ashleymills 0:714293de3836 2947
ashleymills 0:714293de3836 2948 certs[totalCerts].length = certSz;
ashleymills 0:714293de3836 2949 certs[totalCerts].buffer = input + i;
ashleymills 0:714293de3836 2950
ashleymills 0:714293de3836 2951 #ifdef SESSION_CERTS
ashleymills 0:714293de3836 2952 if (ssl->session.chain.count < MAX_CHAIN_DEPTH &&
ashleymills 0:714293de3836 2953 certSz < MAX_X509_SIZE) {
ashleymills 0:714293de3836 2954 ssl->session.chain.certs[ssl->session.chain.count].length = certSz;
ashleymills 0:714293de3836 2955 XMEMCPY(ssl->session.chain.certs[ssl->session.chain.count].buffer,
ashleymills 0:714293de3836 2956 input + i, certSz);
ashleymills 0:714293de3836 2957 ssl->session.chain.count++;
ashleymills 0:714293de3836 2958 } else {
ashleymills 0:714293de3836 2959 CYASSL_MSG("Couldn't store chain cert for session");
ashleymills 0:714293de3836 2960 }
ashleymills 0:714293de3836 2961 #endif
ashleymills 0:714293de3836 2962
ashleymills 0:714293de3836 2963 i += certSz;
ashleymills 0:714293de3836 2964 listSz -= certSz + CERT_HEADER_SZ;
ashleymills 0:714293de3836 2965
ashleymills 0:714293de3836 2966 totalCerts++;
ashleymills 0:714293de3836 2967 CYASSL_MSG(" Put another cert into chain");
ashleymills 0:714293de3836 2968 }
ashleymills 0:714293de3836 2969
ashleymills 0:714293de3836 2970 count = totalCerts;
ashleymills 0:714293de3836 2971
ashleymills 0:714293de3836 2972 /* verify up to peer's first */
ashleymills 0:714293de3836 2973 while (count > 1) {
ashleymills 0:714293de3836 2974 buffer myCert = certs[count - 1];
ashleymills 0:714293de3836 2975 DecodedCert dCert;
ashleymills 0:714293de3836 2976 byte* subjectHash;
ashleymills 0:714293de3836 2977
ashleymills 0:714293de3836 2978 InitDecodedCert(&dCert, myCert.buffer, myCert.length, ssl->heap);
ashleymills 0:714293de3836 2979 ret = ParseCertRelative(&dCert, CERT_TYPE, !ssl->options.verifyNone,
ashleymills 0:714293de3836 2980 ssl->ctx->cm);
ashleymills 0:714293de3836 2981 #ifndef NO_SKID
ashleymills 0:714293de3836 2982 subjectHash = dCert.extSubjKeyId;
ashleymills 0:714293de3836 2983 #else
ashleymills 0:714293de3836 2984 subjectHash = dCert.subjectHash;
ashleymills 0:714293de3836 2985 #endif
ashleymills 0:714293de3836 2986
ashleymills 0:714293de3836 2987 if (ret == 0 && dCert.isCA == 0) {
ashleymills 0:714293de3836 2988 CYASSL_MSG("Chain cert is not a CA, not adding as one");
ashleymills 0:714293de3836 2989 }
ashleymills 0:714293de3836 2990 else if (ret == 0 && ssl->options.verifyNone) {
ashleymills 0:714293de3836 2991 CYASSL_MSG("Chain cert not verified by option, not adding as CA");
ashleymills 0:714293de3836 2992 }
ashleymills 0:714293de3836 2993 else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) {
ashleymills 0:714293de3836 2994 buffer add;
ashleymills 0:714293de3836 2995 add.length = myCert.length;
ashleymills 0:714293de3836 2996 add.buffer = (byte*)XMALLOC(myCert.length, ssl->heap,
ashleymills 0:714293de3836 2997 DYNAMIC_TYPE_CA);
ashleymills 0:714293de3836 2998 CYASSL_MSG("Adding CA from chain");
ashleymills 0:714293de3836 2999
ashleymills 0:714293de3836 3000 if (add.buffer == NULL)
ashleymills 0:714293de3836 3001 return MEMORY_E;
ashleymills 0:714293de3836 3002 XMEMCPY(add.buffer, myCert.buffer, myCert.length);
ashleymills 0:714293de3836 3003
ashleymills 0:714293de3836 3004 ret = AddCA(ssl->ctx->cm, add, CYASSL_CHAIN_CA,
ashleymills 0:714293de3836 3005 ssl->ctx->verifyPeer);
ashleymills 0:714293de3836 3006 if (ret == 1) ret = 0; /* SSL_SUCCESS for external */
ashleymills 0:714293de3836 3007 }
ashleymills 0:714293de3836 3008 else if (ret != 0) {
ashleymills 0:714293de3836 3009 CYASSL_MSG("Failed to verify CA from chain");
ashleymills 0:714293de3836 3010 }
ashleymills 0:714293de3836 3011 else {
ashleymills 0:714293de3836 3012 CYASSL_MSG("Verified CA from chain and already had it");
ashleymills 0:714293de3836 3013 }
ashleymills 0:714293de3836 3014
ashleymills 0:714293de3836 3015 #ifdef HAVE_CRL
ashleymills 0:714293de3836 3016 if (ret == 0 && ssl->ctx->cm->crlEnabled && ssl->ctx->cm->crlCheckAll) {
ashleymills 0:714293de3836 3017 CYASSL_MSG("Doing Non Leaf CRL check");
ashleymills 0:714293de3836 3018 ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert);
ashleymills 0:714293de3836 3019
ashleymills 0:714293de3836 3020 if (ret != 0) {
ashleymills 0:714293de3836 3021 CYASSL_MSG("\tCRL check not ok");
ashleymills 0:714293de3836 3022 }
ashleymills 0:714293de3836 3023 }
ashleymills 0:714293de3836 3024 #endif /* HAVE_CRL */
ashleymills 0:714293de3836 3025
ashleymills 0:714293de3836 3026 if (ret != 0 && anyError == 0)
ashleymills 0:714293de3836 3027 anyError = ret; /* save error from last time */
ashleymills 0:714293de3836 3028
ashleymills 0:714293de3836 3029 FreeDecodedCert(&dCert);
ashleymills 0:714293de3836 3030 count--;
ashleymills 0:714293de3836 3031 }
ashleymills 0:714293de3836 3032
ashleymills 0:714293de3836 3033 /* peer's, may not have one if blank client cert sent by TLSv1.2 */
ashleymills 0:714293de3836 3034 if (count) {
ashleymills 0:714293de3836 3035 buffer myCert = certs[0];
ashleymills 0:714293de3836 3036 DecodedCert dCert;
ashleymills 0:714293de3836 3037 int fatal = 0;
ashleymills 0:714293de3836 3038
ashleymills 0:714293de3836 3039 CYASSL_MSG("Verifying Peer's cert");
ashleymills 0:714293de3836 3040
ashleymills 0:714293de3836 3041 InitDecodedCert(&dCert, myCert.buffer, myCert.length, ssl->heap);
ashleymills 0:714293de3836 3042 ret = ParseCertRelative(&dCert, CERT_TYPE, !ssl->options.verifyNone,
ashleymills 0:714293de3836 3043 ssl->ctx->cm);
ashleymills 0:714293de3836 3044 if (ret == 0) {
ashleymills 0:714293de3836 3045 CYASSL_MSG("Verified Peer's cert");
ashleymills 0:714293de3836 3046 fatal = 0;
ashleymills 0:714293de3836 3047 }
ashleymills 0:714293de3836 3048 else if (ret == ASN_PARSE_E) {
ashleymills 0:714293de3836 3049 CYASSL_MSG("Got Peer cert ASN PARSE ERROR, fatal");
ashleymills 0:714293de3836 3050 fatal = 1;
ashleymills 0:714293de3836 3051 }
ashleymills 0:714293de3836 3052 else {
ashleymills 0:714293de3836 3053 CYASSL_MSG("Failed to verify Peer's cert");
ashleymills 0:714293de3836 3054 if (ssl->verifyCallback) {
ashleymills 0:714293de3836 3055 CYASSL_MSG("\tCallback override available, will continue");
ashleymills 0:714293de3836 3056 fatal = 0;
ashleymills 0:714293de3836 3057 }
ashleymills 0:714293de3836 3058 else {
ashleymills 0:714293de3836 3059 CYASSL_MSG("\tNo callback override available, fatal");
ashleymills 0:714293de3836 3060 fatal = 1;
ashleymills 0:714293de3836 3061 }
ashleymills 0:714293de3836 3062 }
ashleymills 0:714293de3836 3063
ashleymills 0:714293de3836 3064 #ifdef HAVE_OCSP
ashleymills 0:714293de3836 3065 if (fatal == 0) {
ashleymills 0:714293de3836 3066 ret = CyaSSL_OCSP_Lookup_Cert(&ssl->ctx->ocsp, &dCert);
ashleymills 0:714293de3836 3067 if (ret != 0) {
ashleymills 0:714293de3836 3068 CYASSL_MSG("\tOCSP Lookup not ok");
ashleymills 0:714293de3836 3069 fatal = 0;
ashleymills 0:714293de3836 3070 }
ashleymills 0:714293de3836 3071 }
ashleymills 0:714293de3836 3072 #endif
ashleymills 0:714293de3836 3073
ashleymills 0:714293de3836 3074 #ifdef HAVE_CRL
ashleymills 0:714293de3836 3075 if (fatal == 0 && ssl->ctx->cm->crlEnabled) {
ashleymills 0:714293de3836 3076 int doCrlLookup = 1;
ashleymills 0:714293de3836 3077
ashleymills 0:714293de3836 3078 #ifdef HAVE_OCSP
ashleymills 0:714293de3836 3079 if (ssl->ctx->ocsp.enabled) {
ashleymills 0:714293de3836 3080 doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
ashleymills 0:714293de3836 3081 }
ashleymills 0:714293de3836 3082 #endif /* HAVE_OCSP */
ashleymills 0:714293de3836 3083
ashleymills 0:714293de3836 3084 if (doCrlLookup) {
ashleymills 0:714293de3836 3085 CYASSL_MSG("Doing Leaf CRL check");
ashleymills 0:714293de3836 3086 ret = CheckCertCRL(ssl->ctx->cm->crl, &dCert);
ashleymills 0:714293de3836 3087
ashleymills 0:714293de3836 3088 if (ret != 0) {
ashleymills 0:714293de3836 3089 CYASSL_MSG("\tCRL check not ok");
ashleymills 0:714293de3836 3090 fatal = 0;
ashleymills 0:714293de3836 3091 }
ashleymills 0:714293de3836 3092 }
ashleymills 0:714293de3836 3093 }
ashleymills 0:714293de3836 3094
ashleymills 0:714293de3836 3095 #endif /* HAVE_CRL */
ashleymills 0:714293de3836 3096
ashleymills 0:714293de3836 3097 #ifdef KEEP_PEER_CERT
ashleymills 0:714293de3836 3098 {
ashleymills 0:714293de3836 3099 /* set X509 format for peer cert even if fatal */
ashleymills 0:714293de3836 3100 int copyRet = CopyDecodedToX509(&ssl->peerCert, &dCert);
ashleymills 0:714293de3836 3101 if (copyRet == MEMORY_E)
ashleymills 0:714293de3836 3102 fatal = 1;
ashleymills 0:714293de3836 3103 }
ashleymills 0:714293de3836 3104 #endif
ashleymills 0:714293de3836 3105
ashleymills 0:714293de3836 3106 if (fatal) {
ashleymills 0:714293de3836 3107 FreeDecodedCert(&dCert);
ashleymills 0:714293de3836 3108 ssl->error = ret;
ashleymills 0:714293de3836 3109 return ret;
ashleymills 0:714293de3836 3110 }
ashleymills 0:714293de3836 3111 ssl->options.havePeerCert = 1;
ashleymills 0:714293de3836 3112
ashleymills 0:714293de3836 3113 /* store for callback use */
ashleymills 0:714293de3836 3114 if (dCert.subjectCNLen < ASN_NAME_MAX) {
ashleymills 0:714293de3836 3115 XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);
ashleymills 0:714293de3836 3116 domain[dCert.subjectCNLen] = '\0';
ashleymills 0:714293de3836 3117 }
ashleymills 0:714293de3836 3118 else
ashleymills 0:714293de3836 3119 domain[0] = '\0';
ashleymills 0:714293de3836 3120
ashleymills 0:714293de3836 3121 if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) {
ashleymills 0:714293de3836 3122 if (MatchDomainName(dCert.subjectCN, dCert.subjectCNLen,
ashleymills 0:714293de3836 3123 (char*)ssl->buffers.domainName.buffer) == 0) {
ashleymills 0:714293de3836 3124 CYASSL_MSG("DomainName match on common name failed");
ashleymills 0:714293de3836 3125 if (CheckAltNames(&dCert,
ashleymills 0:714293de3836 3126 (char*)ssl->buffers.domainName.buffer) == 0 ) {
ashleymills 0:714293de3836 3127 CYASSL_MSG("DomainName match on alt names failed too");
ashleymills 0:714293de3836 3128 ret = DOMAIN_NAME_MISMATCH; /* try to get peer key still */
ashleymills 0:714293de3836 3129 }
ashleymills 0:714293de3836 3130 }
ashleymills 0:714293de3836 3131 }
ashleymills 0:714293de3836 3132
ashleymills 0:714293de3836 3133 /* decode peer key */
ashleymills 0:714293de3836 3134 switch (dCert.keyOID) {
ashleymills 0:714293de3836 3135 #ifndef NO_RSA
ashleymills 0:714293de3836 3136 case RSAk:
ashleymills 0:714293de3836 3137 {
ashleymills 0:714293de3836 3138 word32 idx = 0;
ashleymills 0:714293de3836 3139 if (RsaPublicKeyDecode(dCert.publicKey, &idx,
ashleymills 0:714293de3836 3140 ssl->peerRsaKey, dCert.pubKeySize) != 0) {
ashleymills 0:714293de3836 3141 ret = PEER_KEY_ERROR;
ashleymills 0:714293de3836 3142 }
ashleymills 0:714293de3836 3143 else
ashleymills 0:714293de3836 3144 ssl->peerRsaKeyPresent = 1;
ashleymills 0:714293de3836 3145 }
ashleymills 0:714293de3836 3146 break;
ashleymills 0:714293de3836 3147 #endif /* NO_RSA */
ashleymills 0:714293de3836 3148 #ifdef HAVE_NTRU
ashleymills 0:714293de3836 3149 case NTRUk:
ashleymills 0:714293de3836 3150 {
ashleymills 0:714293de3836 3151 if (dCert.pubKeySize > sizeof(ssl->peerNtruKey)) {
ashleymills 0:714293de3836 3152 ret = PEER_KEY_ERROR;
ashleymills 0:714293de3836 3153 }
ashleymills 0:714293de3836 3154 else {
ashleymills 0:714293de3836 3155 XMEMCPY(ssl->peerNtruKey, dCert.publicKey, dCert.pubKeySize);
ashleymills 0:714293de3836 3156 ssl->peerNtruKeyLen = (word16)dCert.pubKeySize;
ashleymills 0:714293de3836 3157 ssl->peerNtruKeyPresent = 1;
ashleymills 0:714293de3836 3158 }
ashleymills 0:714293de3836 3159 }
ashleymills 0:714293de3836 3160 break;
ashleymills 0:714293de3836 3161 #endif /* HAVE_NTRU */
ashleymills 0:714293de3836 3162 #ifdef HAVE_ECC
ashleymills 0:714293de3836 3163 case ECDSAk:
ashleymills 0:714293de3836 3164 {
ashleymills 0:714293de3836 3165 if (ecc_import_x963(dCert.publicKey, dCert.pubKeySize,
ashleymills 0:714293de3836 3166 ssl->peerEccDsaKey) != 0) {
ashleymills 0:714293de3836 3167 ret = PEER_KEY_ERROR;
ashleymills 0:714293de3836 3168 }
ashleymills 0:714293de3836 3169 else
ashleymills 0:714293de3836 3170 ssl->peerEccDsaKeyPresent = 1;
ashleymills 0:714293de3836 3171 }
ashleymills 0:714293de3836 3172 break;
ashleymills 0:714293de3836 3173 #endif /* HAVE_ECC */
ashleymills 0:714293de3836 3174 default:
ashleymills 0:714293de3836 3175 break;
ashleymills 0:714293de3836 3176 }
ashleymills 0:714293de3836 3177
ashleymills 0:714293de3836 3178 FreeDecodedCert(&dCert);
ashleymills 0:714293de3836 3179 }
ashleymills 0:714293de3836 3180
ashleymills 0:714293de3836 3181 if (anyError != 0 && ret == 0)
ashleymills 0:714293de3836 3182 ret = anyError;
ashleymills 0:714293de3836 3183
ashleymills 0:714293de3836 3184 if (ret == 0 && ssl->options.side == CLIENT_END)
ashleymills 0:714293de3836 3185 ssl->options.serverState = SERVER_CERT_COMPLETE;
ashleymills 0:714293de3836 3186
ashleymills 0:714293de3836 3187 if (ret != 0) {
ashleymills 0:714293de3836 3188 if (!ssl->options.verifyNone) {
ashleymills 0:714293de3836 3189 int why = bad_certificate;
ashleymills 0:714293de3836 3190 if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E)
ashleymills 0:714293de3836 3191 why = certificate_expired;
ashleymills 0:714293de3836 3192 if (ssl->verifyCallback) {
ashleymills 0:714293de3836 3193 int ok;
ashleymills 0:714293de3836 3194 CYASSL_X509_STORE_CTX store;
ashleymills 0:714293de3836 3195
ashleymills 0:714293de3836 3196 store.error = ret;
ashleymills 0:714293de3836 3197 store.error_depth = totalCerts;
ashleymills 0:714293de3836 3198 store.discardSessionCerts = 0;
ashleymills 0:714293de3836 3199 store.domain = domain;
ashleymills 0:714293de3836 3200 store.userCtx = ssl->verifyCbCtx;
ashleymills 0:714293de3836 3201 #ifdef KEEP_PEER_CERT
ashleymills 0:714293de3836 3202 store.current_cert = &ssl->peerCert;
ashleymills 0:714293de3836 3203 #else
ashleymills 0:714293de3836 3204 store.current_cert = NULL;
ashleymills 0:714293de3836 3205 #endif
ashleymills 0:714293de3836 3206 #ifdef FORTRESS
ashleymills 0:714293de3836 3207 store.ex_data = ssl;
ashleymills 0:714293de3836 3208 #endif
ashleymills 0:714293de3836 3209 ok = ssl->verifyCallback(0, &store);
ashleymills 0:714293de3836 3210 if (ok) {
ashleymills 0:714293de3836 3211 CYASSL_MSG("Verify callback overriding error!");
ashleymills 0:714293de3836 3212 ret = 0;
ashleymills 0:714293de3836 3213 }
ashleymills 0:714293de3836 3214 #ifdef SESSION_CERTS
ashleymills 0:714293de3836 3215 if (store.discardSessionCerts) {
ashleymills 0:714293de3836 3216 CYASSL_MSG("Verify callback requested discard sess certs");
ashleymills 0:714293de3836 3217 ssl->session.chain.count = 0;
ashleymills 0:714293de3836 3218 }
ashleymills 0:714293de3836 3219 #endif
ashleymills 0:714293de3836 3220 }
ashleymills 0:714293de3836 3221 if (ret != 0) {
ashleymills 0:714293de3836 3222 SendAlert(ssl, alert_fatal, why); /* try to send */
ashleymills 0:714293de3836 3223 ssl->options.isClosed = 1;
ashleymills 0:714293de3836 3224 }
ashleymills 0:714293de3836 3225 }
ashleymills 0:714293de3836 3226 ssl->error = ret;
ashleymills 0:714293de3836 3227 }
ashleymills 0:714293de3836 3228 #ifdef FORTRESS
ashleymills 0:714293de3836 3229 else {
ashleymills 0:714293de3836 3230 if (ssl->verifyCallback) {
ashleymills 0:714293de3836 3231 int ok;
ashleymills 0:714293de3836 3232 CYASSL_X509_STORE_CTX store;
ashleymills 0:714293de3836 3233
ashleymills 0:714293de3836 3234 store.error = ret;
ashleymills 0:714293de3836 3235 store.error_depth = totalCerts;
ashleymills 0:714293de3836 3236 store.discardSessionCerts = 0;
ashleymills 0:714293de3836 3237 store.domain = domain;
ashleymills 0:714293de3836 3238 store.userCtx = ssl->verifyCbCtx;
ashleymills 0:714293de3836 3239 store.current_cert = &ssl->peerCert;
ashleymills 0:714293de3836 3240 store.ex_data = ssl;
ashleymills 0:714293de3836 3241
ashleymills 0:714293de3836 3242 ok = ssl->verifyCallback(1, &store);
ashleymills 0:714293de3836 3243 if (!ok) {
ashleymills 0:714293de3836 3244 CYASSL_MSG("Verify callback overriding valid certificate!");
ashleymills 0:714293de3836 3245 ret = -1;
ashleymills 0:714293de3836 3246 SendAlert(ssl, alert_fatal, bad_certificate);
ashleymills 0:714293de3836 3247 ssl->options.isClosed = 1;
ashleymills 0:714293de3836 3248 }
ashleymills 0:714293de3836 3249 #ifdef SESSION_CERTS
ashleymills 0:714293de3836 3250 if (store.discardSessionCerts) {
ashleymills 0:714293de3836 3251 CYASSL_MSG("Verify callback requested discard sess certs");
ashleymills 0:714293de3836 3252 ssl->session.chain.count = 0;
ashleymills 0:714293de3836 3253 }
ashleymills 0:714293de3836 3254 #endif
ashleymills 0:714293de3836 3255 }
ashleymills 0:714293de3836 3256 }
ashleymills 0:714293de3836 3257 #endif
ashleymills 0:714293de3836 3258
ashleymills 0:714293de3836 3259 *inOutIdx = i;
ashleymills 0:714293de3836 3260 return ret;
ashleymills 0:714293de3836 3261 }
ashleymills 0:714293de3836 3262
ashleymills 0:714293de3836 3263 #endif /* !NO_CERTS */
ashleymills 0:714293de3836 3264
ashleymills 0:714293de3836 3265
ashleymills 0:714293de3836 3266 static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx)
ashleymills 0:714293de3836 3267 {
ashleymills 0:714293de3836 3268 if (ssl->keys.encryptionOn) {
ashleymills 0:714293de3836 3269 const byte* mac;
ashleymills 0:714293de3836 3270 int padSz = ssl->keys.encryptSz - HANDSHAKE_HEADER_SZ -
ashleymills 0:714293de3836 3271 ssl->specs.hash_size;
ashleymills 0:714293de3836 3272 byte verify[SHA256_DIGEST_SIZE];
ashleymills 0:714293de3836 3273
ashleymills 0:714293de3836 3274 ssl->hmac(ssl, verify, input + *inOutIdx - HANDSHAKE_HEADER_SZ,
ashleymills 0:714293de3836 3275 HANDSHAKE_HEADER_SZ, handshake, 1);
ashleymills 0:714293de3836 3276 /* read mac and fill */
ashleymills 0:714293de3836 3277 mac = input + *inOutIdx;
ashleymills 0:714293de3836 3278 *inOutIdx += ssl->specs.hash_size;
ashleymills 0:714293de3836 3279
ashleymills 0:714293de3836 3280 if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
ashleymills 0:714293de3836 3281 padSz -= ssl->specs.block_size;
ashleymills 0:714293de3836 3282
ashleymills 0:714293de3836 3283 *inOutIdx += padSz;
ashleymills 0:714293de3836 3284
ashleymills 0:714293de3836 3285 /* verify */
ashleymills 0:714293de3836 3286 if (XMEMCMP(mac, verify, ssl->specs.hash_size) != 0) {
ashleymills 0:714293de3836 3287 CYASSL_MSG(" hello_request verify mac error");
ashleymills 0:714293de3836 3288 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 3289 }
ashleymills 0:714293de3836 3290 }
ashleymills 0:714293de3836 3291
ashleymills 0:714293de3836 3292 if (ssl->options.side == SERVER_END) {
ashleymills 0:714293de3836 3293 SendAlert(ssl, alert_fatal, unexpected_message); /* try */
ashleymills 0:714293de3836 3294 return FATAL_ERROR;
ashleymills 0:714293de3836 3295 }
ashleymills 0:714293de3836 3296 else
ashleymills 0:714293de3836 3297 return SendAlert(ssl, alert_warning, no_renegotiation);
ashleymills 0:714293de3836 3298 }
ashleymills 0:714293de3836 3299
ashleymills 0:714293de3836 3300
ashleymills 0:714293de3836 3301 int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, int sniff)
ashleymills 0:714293de3836 3302 {
ashleymills 0:714293de3836 3303 int finishedSz = ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ;
ashleymills 0:714293de3836 3304 int headerSz = HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 3305 word32 macSz = finishedSz + HANDSHAKE_HEADER_SZ,
ashleymills 0:714293de3836 3306 idx = *inOutIdx,
ashleymills 0:714293de3836 3307 padSz = ssl->keys.encryptSz - HANDSHAKE_HEADER_SZ - finishedSz -
ashleymills 0:714293de3836 3308 ssl->specs.hash_size;
ashleymills 0:714293de3836 3309 const byte* mac;
ashleymills 0:714293de3836 3310
ashleymills 0:714293de3836 3311 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3312 if (ssl->options.dtls) {
ashleymills 0:714293de3836 3313 headerSz += DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 3314 macSz += DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 3315 padSz -= DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 3316 }
ashleymills 0:714293de3836 3317 #endif
ashleymills 0:714293de3836 3318
ashleymills 0:714293de3836 3319 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 3320 if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
ashleymills 0:714293de3836 3321 if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo);
ashleymills 0:714293de3836 3322 #endif
ashleymills 0:714293de3836 3323 if (sniff == NO_SNIFF) {
ashleymills 0:714293de3836 3324 if (XMEMCMP(input + idx, &ssl->verifyHashes, finishedSz) != 0) {
ashleymills 0:714293de3836 3325 CYASSL_MSG("Verify finished error on hashes");
ashleymills 0:714293de3836 3326 return VERIFY_FINISHED_ERROR;
ashleymills 0:714293de3836 3327 }
ashleymills 0:714293de3836 3328 }
ashleymills 0:714293de3836 3329
ashleymills 0:714293de3836 3330 if (ssl->specs.cipher_type != aead) {
ashleymills 0:714293de3836 3331 byte verifyMAC[MAX_DIGEST_SIZE];
ashleymills 0:714293de3836 3332 ssl->hmac(ssl, verifyMAC, input + idx - headerSz, macSz,
ashleymills 0:714293de3836 3333 handshake, 1);
ashleymills 0:714293de3836 3334 idx += finishedSz;
ashleymills 0:714293de3836 3335
ashleymills 0:714293de3836 3336 /* read mac and fill */
ashleymills 0:714293de3836 3337 mac = input + idx;
ashleymills 0:714293de3836 3338 idx += ssl->specs.hash_size;
ashleymills 0:714293de3836 3339
ashleymills 0:714293de3836 3340 if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
ashleymills 0:714293de3836 3341 padSz -= ssl->specs.block_size;
ashleymills 0:714293de3836 3342
ashleymills 0:714293de3836 3343 idx += padSz;
ashleymills 0:714293de3836 3344
ashleymills 0:714293de3836 3345 /* verify mac */
ashleymills 0:714293de3836 3346 if (XMEMCMP(mac, verifyMAC, ssl->specs.hash_size) != 0) {
ashleymills 0:714293de3836 3347 CYASSL_MSG("Verify finished error on mac");
ashleymills 0:714293de3836 3348 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 3349 }
ashleymills 0:714293de3836 3350 }
ashleymills 0:714293de3836 3351 else {
ashleymills 0:714293de3836 3352 idx += (finishedSz + ssl->specs.aead_mac_size);
ashleymills 0:714293de3836 3353 }
ashleymills 0:714293de3836 3354
ashleymills 0:714293de3836 3355 if (ssl->options.side == CLIENT_END) {
ashleymills 0:714293de3836 3356 ssl->options.serverState = SERVER_FINISHED_COMPLETE;
ashleymills 0:714293de3836 3357 if (!ssl->options.resuming) {
ashleymills 0:714293de3836 3358 ssl->options.handShakeState = HANDSHAKE_DONE;
ashleymills 0:714293de3836 3359 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3360 if (ssl->options.dtls) {
ashleymills 0:714293de3836 3361 /* Other side has received our Finished, go to next epoch */
ashleymills 0:714293de3836 3362 ssl->keys.dtls_epoch++;
ashleymills 0:714293de3836 3363 ssl->keys.dtls_sequence_number = 1;
ashleymills 0:714293de3836 3364 }
ashleymills 0:714293de3836 3365 #endif
ashleymills 0:714293de3836 3366 }
ashleymills 0:714293de3836 3367 }
ashleymills 0:714293de3836 3368 else {
ashleymills 0:714293de3836 3369 ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
ashleymills 0:714293de3836 3370 if (ssl->options.resuming) {
ashleymills 0:714293de3836 3371 ssl->options.handShakeState = HANDSHAKE_DONE;
ashleymills 0:714293de3836 3372 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3373 if (ssl->options.dtls) {
ashleymills 0:714293de3836 3374 /* Other side has received our Finished, go to next epoch */
ashleymills 0:714293de3836 3375 ssl->keys.dtls_epoch++;
ashleymills 0:714293de3836 3376 ssl->keys.dtls_sequence_number = 1;
ashleymills 0:714293de3836 3377 }
ashleymills 0:714293de3836 3378 #endif
ashleymills 0:714293de3836 3379 }
ashleymills 0:714293de3836 3380 }
ashleymills 0:714293de3836 3381
ashleymills 0:714293de3836 3382 *inOutIdx = idx;
ashleymills 0:714293de3836 3383 return 0;
ashleymills 0:714293de3836 3384 }
ashleymills 0:714293de3836 3385
ashleymills 0:714293de3836 3386
ashleymills 0:714293de3836 3387 static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
ashleymills 0:714293de3836 3388 byte type, word32 size, word32 totalSz)
ashleymills 0:714293de3836 3389 {
ashleymills 0:714293de3836 3390 int ret = 0;
ashleymills 0:714293de3836 3391 (void)totalSz;
ashleymills 0:714293de3836 3392
ashleymills 0:714293de3836 3393 CYASSL_ENTER("DoHandShakeMsgType");
ashleymills 0:714293de3836 3394
ashleymills 0:714293de3836 3395 HashInput(ssl, input + *inOutIdx, size);
ashleymills 0:714293de3836 3396 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 3397 /* add name later, add on record and handshake header part back on */
ashleymills 0:714293de3836 3398 if (ssl->toInfoOn) {
ashleymills 0:714293de3836 3399 int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 3400 AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add,
ashleymills 0:714293de3836 3401 size + add, ssl->heap);
ashleymills 0:714293de3836 3402 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
ashleymills 0:714293de3836 3403 }
ashleymills 0:714293de3836 3404 #endif
ashleymills 0:714293de3836 3405
ashleymills 0:714293de3836 3406 if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){
ashleymills 0:714293de3836 3407 CYASSL_MSG("HandShake message after handshake complete");
ashleymills 0:714293de3836 3408 SendAlert(ssl, alert_fatal, unexpected_message);
ashleymills 0:714293de3836 3409 return OUT_OF_ORDER_E;
ashleymills 0:714293de3836 3410 }
ashleymills 0:714293de3836 3411
ashleymills 0:714293de3836 3412 if (ssl->options.side == CLIENT_END && ssl->options.dtls == 0 &&
ashleymills 0:714293de3836 3413 ssl->options.serverState == NULL_STATE && type != server_hello) {
ashleymills 0:714293de3836 3414 CYASSL_MSG("First server message not server hello");
ashleymills 0:714293de3836 3415 SendAlert(ssl, alert_fatal, unexpected_message);
ashleymills 0:714293de3836 3416 return OUT_OF_ORDER_E;
ashleymills 0:714293de3836 3417 }
ashleymills 0:714293de3836 3418
ashleymills 0:714293de3836 3419 if (ssl->options.side == CLIENT_END && ssl->options.dtls &&
ashleymills 0:714293de3836 3420 type == server_hello_done &&
ashleymills 0:714293de3836 3421 ssl->options.serverState < SERVER_HELLO_COMPLETE) {
ashleymills 0:714293de3836 3422 CYASSL_MSG("Server hello done received before server hello in DTLS");
ashleymills 0:714293de3836 3423 SendAlert(ssl, alert_fatal, unexpected_message);
ashleymills 0:714293de3836 3424 return OUT_OF_ORDER_E;
ashleymills 0:714293de3836 3425 }
ashleymills 0:714293de3836 3426
ashleymills 0:714293de3836 3427 if (ssl->options.side == SERVER_END &&
ashleymills 0:714293de3836 3428 ssl->options.clientState == NULL_STATE && type != client_hello) {
ashleymills 0:714293de3836 3429 CYASSL_MSG("First client message not client hello");
ashleymills 0:714293de3836 3430 SendAlert(ssl, alert_fatal, unexpected_message);
ashleymills 0:714293de3836 3431 return OUT_OF_ORDER_E;
ashleymills 0:714293de3836 3432 }
ashleymills 0:714293de3836 3433
ashleymills 0:714293de3836 3434
ashleymills 0:714293de3836 3435 switch (type) {
ashleymills 0:714293de3836 3436
ashleymills 0:714293de3836 3437 case hello_request:
ashleymills 0:714293de3836 3438 CYASSL_MSG("processing hello request");
ashleymills 0:714293de3836 3439 ret = DoHelloRequest(ssl, input, inOutIdx);
ashleymills 0:714293de3836 3440 break;
ashleymills 0:714293de3836 3441
ashleymills 0:714293de3836 3442 #ifndef NO_CYASSL_CLIENT
ashleymills 0:714293de3836 3443 case hello_verify_request:
ashleymills 0:714293de3836 3444 CYASSL_MSG("processing hello verify request");
ashleymills 0:714293de3836 3445 ret = DoHelloVerifyRequest(ssl, input,inOutIdx);
ashleymills 0:714293de3836 3446 break;
ashleymills 0:714293de3836 3447
ashleymills 0:714293de3836 3448 case server_hello:
ashleymills 0:714293de3836 3449 CYASSL_MSG("processing server hello");
ashleymills 0:714293de3836 3450 ret = DoServerHello(ssl, input, inOutIdx, size);
ashleymills 0:714293de3836 3451 break;
ashleymills 0:714293de3836 3452
ashleymills 0:714293de3836 3453 #ifndef NO_CERTS
ashleymills 0:714293de3836 3454 case certificate_request:
ashleymills 0:714293de3836 3455 CYASSL_MSG("processing certificate request");
ashleymills 0:714293de3836 3456 ret = DoCertificateRequest(ssl, input, inOutIdx);
ashleymills 0:714293de3836 3457 break;
ashleymills 0:714293de3836 3458 #endif
ashleymills 0:714293de3836 3459
ashleymills 0:714293de3836 3460 case server_key_exchange:
ashleymills 0:714293de3836 3461 CYASSL_MSG("processing server key exchange");
ashleymills 0:714293de3836 3462 ret = DoServerKeyExchange(ssl, input, inOutIdx);
ashleymills 0:714293de3836 3463 break;
ashleymills 0:714293de3836 3464 #endif
ashleymills 0:714293de3836 3465
ashleymills 0:714293de3836 3466 #ifndef NO_CERTS
ashleymills 0:714293de3836 3467 case certificate:
ashleymills 0:714293de3836 3468 CYASSL_MSG("processing certificate");
ashleymills 0:714293de3836 3469 ret = DoCertificate(ssl, input, inOutIdx);
ashleymills 0:714293de3836 3470 break;
ashleymills 0:714293de3836 3471 #endif
ashleymills 0:714293de3836 3472
ashleymills 0:714293de3836 3473 case server_hello_done:
ashleymills 0:714293de3836 3474 CYASSL_MSG("processing server hello done");
ashleymills 0:714293de3836 3475 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 3476 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 3477 AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
ashleymills 0:714293de3836 3478 if (ssl->toInfoOn)
ashleymills 0:714293de3836 3479 AddLateName("ServerHelloDone", &ssl->timeoutInfo);
ashleymills 0:714293de3836 3480 #endif
ashleymills 0:714293de3836 3481 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
ashleymills 0:714293de3836 3482 break;
ashleymills 0:714293de3836 3483
ashleymills 0:714293de3836 3484 case finished:
ashleymills 0:714293de3836 3485 CYASSL_MSG("processing finished");
ashleymills 0:714293de3836 3486 ret = DoFinished(ssl, input, inOutIdx, NO_SNIFF);
ashleymills 0:714293de3836 3487 break;
ashleymills 0:714293de3836 3488
ashleymills 0:714293de3836 3489 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 3490 case client_hello:
ashleymills 0:714293de3836 3491 CYASSL_MSG("processing client hello");
ashleymills 0:714293de3836 3492 ret = DoClientHello(ssl, input, inOutIdx, totalSz, size);
ashleymills 0:714293de3836 3493 break;
ashleymills 0:714293de3836 3494
ashleymills 0:714293de3836 3495 case client_key_exchange:
ashleymills 0:714293de3836 3496 CYASSL_MSG("processing client key exchange");
ashleymills 0:714293de3836 3497 ret = DoClientKeyExchange(ssl, input, inOutIdx, totalSz);
ashleymills 0:714293de3836 3498 break;
ashleymills 0:714293de3836 3499
ashleymills 0:714293de3836 3500 #if !defined(NO_RSA) || defined(HAVE_ECC)
ashleymills 0:714293de3836 3501 case certificate_verify:
ashleymills 0:714293de3836 3502 CYASSL_MSG("processing certificate verify");
ashleymills 0:714293de3836 3503 ret = DoCertificateVerify(ssl, input, inOutIdx, totalSz);
ashleymills 0:714293de3836 3504 break;
ashleymills 0:714293de3836 3505 #endif /* !NO_RSA || HAVE_ECC */
ashleymills 0:714293de3836 3506
ashleymills 0:714293de3836 3507 #endif /* !NO_CYASSL_SERVER */
ashleymills 0:714293de3836 3508
ashleymills 0:714293de3836 3509 default:
ashleymills 0:714293de3836 3510 CYASSL_MSG("Unknown handshake message type");
ashleymills 0:714293de3836 3511 ret = UNKNOWN_HANDSHAKE_TYPE;
ashleymills 0:714293de3836 3512 }
ashleymills 0:714293de3836 3513
ashleymills 0:714293de3836 3514 CYASSL_LEAVE("DoHandShakeMsgType()", ret);
ashleymills 0:714293de3836 3515 return ret;
ashleymills 0:714293de3836 3516 }
ashleymills 0:714293de3836 3517
ashleymills 0:714293de3836 3518
ashleymills 0:714293de3836 3519 static int DoHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
ashleymills 0:714293de3836 3520 word32 totalSz)
ashleymills 0:714293de3836 3521 {
ashleymills 0:714293de3836 3522 byte type;
ashleymills 0:714293de3836 3523 word32 size;
ashleymills 0:714293de3836 3524 int ret = 0;
ashleymills 0:714293de3836 3525
ashleymills 0:714293de3836 3526 CYASSL_ENTER("DoHandShakeMsg()");
ashleymills 0:714293de3836 3527
ashleymills 0:714293de3836 3528 if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size) != 0)
ashleymills 0:714293de3836 3529 return PARSE_ERROR;
ashleymills 0:714293de3836 3530
ashleymills 0:714293de3836 3531 if (*inOutIdx + size > totalSz)
ashleymills 0:714293de3836 3532 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 3533
ashleymills 0:714293de3836 3534 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
ashleymills 0:714293de3836 3535
ashleymills 0:714293de3836 3536 CYASSL_LEAVE("DoHandShakeMsg()", ret);
ashleymills 0:714293de3836 3537 return ret;
ashleymills 0:714293de3836 3538 }
ashleymills 0:714293de3836 3539
ashleymills 0:714293de3836 3540
ashleymills 0:714293de3836 3541 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3542 static int DtlsMsgDrain(CYASSL* ssl)
ashleymills 0:714293de3836 3543 {
ashleymills 0:714293de3836 3544 DtlsMsg* item = ssl->dtls_msg_list;
ashleymills 0:714293de3836 3545 int ret = 0;
ashleymills 0:714293de3836 3546 word32 idx = 0;
ashleymills 0:714293de3836 3547
ashleymills 0:714293de3836 3548 /* While there is an item in the store list, and it is the expected
ashleymills 0:714293de3836 3549 * message, and it is complete, and there hasn't been an error in the
ashleymills 0:714293de3836 3550 * last messge... */
ashleymills 0:714293de3836 3551 while (item != NULL &&
ashleymills 0:714293de3836 3552 ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
ashleymills 0:714293de3836 3553 item->fragSz == item->sz &&
ashleymills 0:714293de3836 3554 ret == 0) {
ashleymills 0:714293de3836 3555 ssl->keys.dtls_expected_peer_handshake_number++;
ashleymills 0:714293de3836 3556 ret = DoHandShakeMsgType(ssl, item->msg,
ashleymills 0:714293de3836 3557 &idx, item->type, item->sz, item->sz);
ashleymills 0:714293de3836 3558 ssl->dtls_msg_list = item->next;
ashleymills 0:714293de3836 3559 DtlsMsgDelete(item, ssl->heap);
ashleymills 0:714293de3836 3560 item = ssl->dtls_msg_list;
ashleymills 0:714293de3836 3561 }
ashleymills 0:714293de3836 3562
ashleymills 0:714293de3836 3563 return ret;
ashleymills 0:714293de3836 3564 }
ashleymills 0:714293de3836 3565
ashleymills 0:714293de3836 3566
ashleymills 0:714293de3836 3567 static int DoDtlsHandShakeMsg(CYASSL* ssl, byte* input, word32* inOutIdx,
ashleymills 0:714293de3836 3568 word32 totalSz)
ashleymills 0:714293de3836 3569 {
ashleymills 0:714293de3836 3570 byte type;
ashleymills 0:714293de3836 3571 word32 size;
ashleymills 0:714293de3836 3572 word32 fragOffset, fragSz;
ashleymills 0:714293de3836 3573 int ret = 0;
ashleymills 0:714293de3836 3574
ashleymills 0:714293de3836 3575 CYASSL_ENTER("DoDtlsHandShakeMsg()");
ashleymills 0:714293de3836 3576 if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type,
ashleymills 0:714293de3836 3577 &size, &fragOffset, &fragSz) != 0)
ashleymills 0:714293de3836 3578 return PARSE_ERROR;
ashleymills 0:714293de3836 3579
ashleymills 0:714293de3836 3580 if (*inOutIdx + fragSz > totalSz)
ashleymills 0:714293de3836 3581 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 3582
ashleymills 0:714293de3836 3583 /* Check the handshake sequence number first. If out of order,
ashleymills 0:714293de3836 3584 * add the current message to the list. If the message is in order,
ashleymills 0:714293de3836 3585 * but it is a fragment, add the current message to the list, then
ashleymills 0:714293de3836 3586 * check the head of the list to see if it is complete, if so, pop
ashleymills 0:714293de3836 3587 * it out as the current message. If the message is complete and in
ashleymills 0:714293de3836 3588 * order, process it. Check the head of the list to see if it is in
ashleymills 0:714293de3836 3589 * order, if so, process it. (Repeat until list exhausted.) If the
ashleymills 0:714293de3836 3590 * head is out of order, return for more processing.
ashleymills 0:714293de3836 3591 */
ashleymills 0:714293de3836 3592 if (ssl->keys.dtls_peer_handshake_number >
ashleymills 0:714293de3836 3593 ssl->keys.dtls_expected_peer_handshake_number) {
ashleymills 0:714293de3836 3594 /* Current message is out of order. It will get stored in the list.
ashleymills 0:714293de3836 3595 * Storing also takes care of defragmentation. */
ashleymills 0:714293de3836 3596 ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list,
ashleymills 0:714293de3836 3597 ssl->keys.dtls_peer_handshake_number, input + *inOutIdx,
ashleymills 0:714293de3836 3598 size, type, fragOffset, fragSz, ssl->heap);
ashleymills 0:714293de3836 3599 *inOutIdx += fragSz;
ashleymills 0:714293de3836 3600 ret = 0;
ashleymills 0:714293de3836 3601 }
ashleymills 0:714293de3836 3602 else if (ssl->keys.dtls_peer_handshake_number <
ashleymills 0:714293de3836 3603 ssl->keys.dtls_expected_peer_handshake_number) {
ashleymills 0:714293de3836 3604 /* Already saw this message and processed it. It can be ignored. */
ashleymills 0:714293de3836 3605 *inOutIdx += fragSz;
ashleymills 0:714293de3836 3606 ret = 0;
ashleymills 0:714293de3836 3607 }
ashleymills 0:714293de3836 3608 else if (fragSz < size) {
ashleymills 0:714293de3836 3609 /* Since this branch is in order, but fragmented, dtls_msg_list will be
ashleymills 0:714293de3836 3610 * pointing to the message with this fragment in it. Check it to see
ashleymills 0:714293de3836 3611 * if it is completed. */
ashleymills 0:714293de3836 3612 ssl->dtls_msg_list = DtlsMsgStore(ssl->dtls_msg_list,
ashleymills 0:714293de3836 3613 ssl->keys.dtls_peer_handshake_number, input + *inOutIdx,
ashleymills 0:714293de3836 3614 size, type, fragOffset, fragSz, ssl->heap);
ashleymills 0:714293de3836 3615 *inOutIdx += fragSz;
ashleymills 0:714293de3836 3616 ret = 0;
ashleymills 0:714293de3836 3617 if (ssl->dtls_msg_list->fragSz >= ssl->dtls_msg_list->sz)
ashleymills 0:714293de3836 3618 ret = DtlsMsgDrain(ssl);
ashleymills 0:714293de3836 3619 }
ashleymills 0:714293de3836 3620 else {
ashleymills 0:714293de3836 3621 /* This branch is in order next, and a complete message. */
ashleymills 0:714293de3836 3622 ssl->keys.dtls_expected_peer_handshake_number++;
ashleymills 0:714293de3836 3623 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
ashleymills 0:714293de3836 3624 if (ret == 0 && ssl->dtls_msg_list != NULL)
ashleymills 0:714293de3836 3625 ret = DtlsMsgDrain(ssl);
ashleymills 0:714293de3836 3626 }
ashleymills 0:714293de3836 3627
ashleymills 0:714293de3836 3628 CYASSL_LEAVE("DoDtlsHandShakeMsg()", ret);
ashleymills 0:714293de3836 3629 return ret;
ashleymills 0:714293de3836 3630 }
ashleymills 0:714293de3836 3631 #endif
ashleymills 0:714293de3836 3632
ashleymills 0:714293de3836 3633
ashleymills 0:714293de3836 3634 static INLINE word32 GetSEQIncrement(CYASSL* ssl, int verify)
ashleymills 0:714293de3836 3635 {
ashleymills 0:714293de3836 3636 if (verify)
ashleymills 0:714293de3836 3637 return ssl->keys.peer_sequence_number++;
ashleymills 0:714293de3836 3638 else
ashleymills 0:714293de3836 3639 return ssl->keys.sequence_number++;
ashleymills 0:714293de3836 3640 }
ashleymills 0:714293de3836 3641
ashleymills 0:714293de3836 3642
ashleymills 0:714293de3836 3643 #ifdef HAVE_AEAD
ashleymills 0:714293de3836 3644 static INLINE void AeadIncrementExpIV(CYASSL* ssl)
ashleymills 0:714293de3836 3645 {
ashleymills 0:714293de3836 3646 int i;
ashleymills 0:714293de3836 3647 for (i = AEAD_EXP_IV_SZ-1; i >= 0; i--) {
ashleymills 0:714293de3836 3648 if (++ssl->keys.aead_exp_IV[i]) return;
ashleymills 0:714293de3836 3649 }
ashleymills 0:714293de3836 3650 }
ashleymills 0:714293de3836 3651 #endif
ashleymills 0:714293de3836 3652
ashleymills 0:714293de3836 3653
ashleymills 0:714293de3836 3654 static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
ashleymills 0:714293de3836 3655 {
ashleymills 0:714293de3836 3656 (void)out;
ashleymills 0:714293de3836 3657 (void)input;
ashleymills 0:714293de3836 3658 (void)sz;
ashleymills 0:714293de3836 3659
ashleymills 0:714293de3836 3660 if (ssl->encrypt.setup == 0) {
ashleymills 0:714293de3836 3661 CYASSL_MSG("Encrypt ciphers not setup");
ashleymills 0:714293de3836 3662 return ENCRYPT_ERROR;
ashleymills 0:714293de3836 3663 }
ashleymills 0:714293de3836 3664
ashleymills 0:714293de3836 3665 switch (ssl->specs.bulk_cipher_algorithm) {
ashleymills 0:714293de3836 3666 #ifdef BUILD_ARC4
ashleymills 0:714293de3836 3667 case rc4:
ashleymills 0:714293de3836 3668 Arc4Process(ssl->encrypt.arc4, out, input, sz);
ashleymills 0:714293de3836 3669 break;
ashleymills 0:714293de3836 3670 #endif
ashleymills 0:714293de3836 3671
ashleymills 0:714293de3836 3672 #ifdef BUILD_DES3
ashleymills 0:714293de3836 3673 case triple_des:
ashleymills 0:714293de3836 3674 Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
ashleymills 0:714293de3836 3675 break;
ashleymills 0:714293de3836 3676 #endif
ashleymills 0:714293de3836 3677
ashleymills 0:714293de3836 3678 #ifdef BUILD_AES
ashleymills 0:714293de3836 3679 case aes:
ashleymills 0:714293de3836 3680 return AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
ashleymills 0:714293de3836 3681 break;
ashleymills 0:714293de3836 3682 #endif
ashleymills 0:714293de3836 3683
ashleymills 0:714293de3836 3684 #ifdef BUILD_AESGCM
ashleymills 0:714293de3836 3685 case aes_gcm:
ashleymills 0:714293de3836 3686 {
ashleymills 0:714293de3836 3687 byte additional[AES_BLOCK_SIZE];
ashleymills 0:714293de3836 3688 byte nonce[AEAD_NONCE_SZ];
ashleymills 0:714293de3836 3689 const byte* additionalSrc = input - 5;
ashleymills 0:714293de3836 3690
ashleymills 0:714293de3836 3691 XMEMSET(additional, 0, AES_BLOCK_SIZE);
ashleymills 0:714293de3836 3692
ashleymills 0:714293de3836 3693 /* sequence number field is 64-bits, we only use 32-bits */
ashleymills 0:714293de3836 3694 c32toa(GetSEQIncrement(ssl, 0),
ashleymills 0:714293de3836 3695 additional + AEAD_SEQ_OFFSET);
ashleymills 0:714293de3836 3696
ashleymills 0:714293de3836 3697 /* Store the type, version. Unfortunately, they are in
ashleymills 0:714293de3836 3698 * the input buffer ahead of the plaintext. */
ashleymills 0:714293de3836 3699 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3700 if (ssl->options.dtls)
ashleymills 0:714293de3836 3701 additionalSrc -= DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 3702 #endif
ashleymills 0:714293de3836 3703 XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
ashleymills 0:714293de3836 3704
ashleymills 0:714293de3836 3705 /* Store the length of the plain text minus the explicit
ashleymills 0:714293de3836 3706 * IV length minus the authentication tag size. */
ashleymills 0:714293de3836 3707 c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3708 additional + AEAD_LEN_OFFSET);
ashleymills 0:714293de3836 3709 XMEMCPY(nonce,
ashleymills 0:714293de3836 3710 ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
ashleymills 0:714293de3836 3711 XMEMCPY(nonce + AEAD_IMP_IV_SZ,
ashleymills 0:714293de3836 3712 ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
ashleymills 0:714293de3836 3713 AesGcmEncrypt(ssl->encrypt.aes,
ashleymills 0:714293de3836 3714 out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
ashleymills 0:714293de3836 3715 sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3716 nonce, AEAD_NONCE_SZ,
ashleymills 0:714293de3836 3717 out + sz - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3718 ssl->specs.aead_mac_size, additional,
ashleymills 0:714293de3836 3719 AEAD_AUTH_DATA_SZ);
ashleymills 0:714293de3836 3720 AeadIncrementExpIV(ssl);
ashleymills 0:714293de3836 3721 XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ashleymills 0:714293de3836 3722 }
ashleymills 0:714293de3836 3723 break;
ashleymills 0:714293de3836 3724 #endif
ashleymills 0:714293de3836 3725
ashleymills 0:714293de3836 3726 #ifdef HAVE_AESCCM
ashleymills 0:714293de3836 3727 case aes_ccm:
ashleymills 0:714293de3836 3728 {
ashleymills 0:714293de3836 3729 byte additional[AES_BLOCK_SIZE];
ashleymills 0:714293de3836 3730 byte nonce[AEAD_NONCE_SZ];
ashleymills 0:714293de3836 3731 const byte* additionalSrc = input - 5;
ashleymills 0:714293de3836 3732
ashleymills 0:714293de3836 3733 XMEMSET(additional, 0, AES_BLOCK_SIZE);
ashleymills 0:714293de3836 3734
ashleymills 0:714293de3836 3735 /* sequence number field is 64-bits, we only use 32-bits */
ashleymills 0:714293de3836 3736 c32toa(GetSEQIncrement(ssl, 0),
ashleymills 0:714293de3836 3737 additional + AEAD_SEQ_OFFSET);
ashleymills 0:714293de3836 3738
ashleymills 0:714293de3836 3739 /* Store the type, version. Unfortunately, they are in
ashleymills 0:714293de3836 3740 * the input buffer ahead of the plaintext. */
ashleymills 0:714293de3836 3741 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3742 if (ssl->options.dtls)
ashleymills 0:714293de3836 3743 additionalSrc -= DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 3744 #endif
ashleymills 0:714293de3836 3745 XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
ashleymills 0:714293de3836 3746
ashleymills 0:714293de3836 3747 /* Store the length of the plain text minus the explicit
ashleymills 0:714293de3836 3748 * IV length minus the authentication tag size. */
ashleymills 0:714293de3836 3749 c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3750 additional + AEAD_LEN_OFFSET);
ashleymills 0:714293de3836 3751 XMEMCPY(nonce,
ashleymills 0:714293de3836 3752 ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
ashleymills 0:714293de3836 3753 XMEMCPY(nonce + AEAD_IMP_IV_SZ,
ashleymills 0:714293de3836 3754 ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
ashleymills 0:714293de3836 3755 AesCcmEncrypt(ssl->encrypt.aes,
ashleymills 0:714293de3836 3756 out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
ashleymills 0:714293de3836 3757 sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3758 nonce, AEAD_NONCE_SZ,
ashleymills 0:714293de3836 3759 out + sz - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3760 ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3761 additional, AEAD_AUTH_DATA_SZ);
ashleymills 0:714293de3836 3762 AeadIncrementExpIV(ssl);
ashleymills 0:714293de3836 3763 XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ashleymills 0:714293de3836 3764 }
ashleymills 0:714293de3836 3765 break;
ashleymills 0:714293de3836 3766 #endif
ashleymills 0:714293de3836 3767
ashleymills 0:714293de3836 3768 #ifdef HAVE_CAMELLIA
ashleymills 0:714293de3836 3769 case camellia:
ashleymills 0:714293de3836 3770 CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
ashleymills 0:714293de3836 3771 break;
ashleymills 0:714293de3836 3772 #endif
ashleymills 0:714293de3836 3773
ashleymills 0:714293de3836 3774 #ifdef HAVE_HC128
ashleymills 0:714293de3836 3775 case hc128:
ashleymills 0:714293de3836 3776 return Hc128_Process(ssl->encrypt.hc128, out, input, sz);
ashleymills 0:714293de3836 3777 break;
ashleymills 0:714293de3836 3778 #endif
ashleymills 0:714293de3836 3779
ashleymills 0:714293de3836 3780 #ifdef BUILD_RABBIT
ashleymills 0:714293de3836 3781 case rabbit:
ashleymills 0:714293de3836 3782 return RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
ashleymills 0:714293de3836 3783 break;
ashleymills 0:714293de3836 3784 #endif
ashleymills 0:714293de3836 3785
ashleymills 0:714293de3836 3786 #ifdef HAVE_NULL_CIPHER
ashleymills 0:714293de3836 3787 case cipher_null:
ashleymills 0:714293de3836 3788 if (input != out) {
ashleymills 0:714293de3836 3789 XMEMMOVE(out, input, sz);
ashleymills 0:714293de3836 3790 }
ashleymills 0:714293de3836 3791 break;
ashleymills 0:714293de3836 3792 #endif
ashleymills 0:714293de3836 3793
ashleymills 0:714293de3836 3794 default:
ashleymills 0:714293de3836 3795 CYASSL_MSG("CyaSSL Encrypt programming error");
ashleymills 0:714293de3836 3796 return ENCRYPT_ERROR;
ashleymills 0:714293de3836 3797 }
ashleymills 0:714293de3836 3798
ashleymills 0:714293de3836 3799 return 0;
ashleymills 0:714293de3836 3800 }
ashleymills 0:714293de3836 3801
ashleymills 0:714293de3836 3802
ashleymills 0:714293de3836 3803 static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
ashleymills 0:714293de3836 3804 word32 sz)
ashleymills 0:714293de3836 3805 {
ashleymills 0:714293de3836 3806 (void)plain;
ashleymills 0:714293de3836 3807 (void)input;
ashleymills 0:714293de3836 3808 (void)sz;
ashleymills 0:714293de3836 3809
ashleymills 0:714293de3836 3810 if (ssl->decrypt.setup == 0) {
ashleymills 0:714293de3836 3811 CYASSL_MSG("Decrypt ciphers not setup");
ashleymills 0:714293de3836 3812 return DECRYPT_ERROR;
ashleymills 0:714293de3836 3813 }
ashleymills 0:714293de3836 3814
ashleymills 0:714293de3836 3815 switch (ssl->specs.bulk_cipher_algorithm) {
ashleymills 0:714293de3836 3816 #ifdef BUILD_ARC4
ashleymills 0:714293de3836 3817 case rc4:
ashleymills 0:714293de3836 3818 Arc4Process(ssl->decrypt.arc4, plain, input, sz);
ashleymills 0:714293de3836 3819 break;
ashleymills 0:714293de3836 3820 #endif
ashleymills 0:714293de3836 3821
ashleymills 0:714293de3836 3822 #ifdef BUILD_DES3
ashleymills 0:714293de3836 3823 case triple_des:
ashleymills 0:714293de3836 3824 Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
ashleymills 0:714293de3836 3825 break;
ashleymills 0:714293de3836 3826 #endif
ashleymills 0:714293de3836 3827
ashleymills 0:714293de3836 3828 #ifdef BUILD_AES
ashleymills 0:714293de3836 3829 case aes:
ashleymills 0:714293de3836 3830 return AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
ashleymills 0:714293de3836 3831 break;
ashleymills 0:714293de3836 3832 #endif
ashleymills 0:714293de3836 3833
ashleymills 0:714293de3836 3834 #ifdef BUILD_AESGCM
ashleymills 0:714293de3836 3835 case aes_gcm:
ashleymills 0:714293de3836 3836 {
ashleymills 0:714293de3836 3837 byte additional[AES_BLOCK_SIZE];
ashleymills 0:714293de3836 3838 byte nonce[AEAD_NONCE_SZ];
ashleymills 0:714293de3836 3839
ashleymills 0:714293de3836 3840 XMEMSET(additional, 0, AES_BLOCK_SIZE);
ashleymills 0:714293de3836 3841
ashleymills 0:714293de3836 3842 /* sequence number field is 64-bits, we only use 32-bits */
ashleymills 0:714293de3836 3843 c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
ashleymills 0:714293de3836 3844
ashleymills 0:714293de3836 3845 additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
ashleymills 0:714293de3836 3846 additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
ashleymills 0:714293de3836 3847 additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
ashleymills 0:714293de3836 3848
ashleymills 0:714293de3836 3849 c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3850 additional + AEAD_LEN_OFFSET);
ashleymills 0:714293de3836 3851 XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
ashleymills 0:714293de3836 3852 XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
ashleymills 0:714293de3836 3853 if (AesGcmDecrypt(ssl->decrypt.aes,
ashleymills 0:714293de3836 3854 plain + AEAD_EXP_IV_SZ,
ashleymills 0:714293de3836 3855 input + AEAD_EXP_IV_SZ,
ashleymills 0:714293de3836 3856 sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3857 nonce, AEAD_NONCE_SZ,
ashleymills 0:714293de3836 3858 input + sz - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3859 ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3860 additional, AEAD_AUTH_DATA_SZ) < 0) {
ashleymills 0:714293de3836 3861 SendAlert(ssl, alert_fatal, bad_record_mac);
ashleymills 0:714293de3836 3862 XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ashleymills 0:714293de3836 3863 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 3864 }
ashleymills 0:714293de3836 3865 XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ashleymills 0:714293de3836 3866 break;
ashleymills 0:714293de3836 3867 }
ashleymills 0:714293de3836 3868 #endif
ashleymills 0:714293de3836 3869
ashleymills 0:714293de3836 3870 #ifdef HAVE_AESCCM
ashleymills 0:714293de3836 3871 case aes_ccm:
ashleymills 0:714293de3836 3872 {
ashleymills 0:714293de3836 3873 byte additional[AES_BLOCK_SIZE];
ashleymills 0:714293de3836 3874 byte nonce[AEAD_NONCE_SZ];
ashleymills 0:714293de3836 3875
ashleymills 0:714293de3836 3876 XMEMSET(additional, 0, AES_BLOCK_SIZE);
ashleymills 0:714293de3836 3877
ashleymills 0:714293de3836 3878 /* sequence number field is 64-bits, we only use 32-bits */
ashleymills 0:714293de3836 3879 c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
ashleymills 0:714293de3836 3880
ashleymills 0:714293de3836 3881 additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
ashleymills 0:714293de3836 3882 additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
ashleymills 0:714293de3836 3883 additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
ashleymills 0:714293de3836 3884
ashleymills 0:714293de3836 3885 c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3886 additional + AEAD_LEN_OFFSET);
ashleymills 0:714293de3836 3887 XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
ashleymills 0:714293de3836 3888 XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
ashleymills 0:714293de3836 3889 if (AesCcmDecrypt(ssl->decrypt.aes,
ashleymills 0:714293de3836 3890 plain + AEAD_EXP_IV_SZ,
ashleymills 0:714293de3836 3891 input + AEAD_EXP_IV_SZ,
ashleymills 0:714293de3836 3892 sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3893 nonce, AEAD_NONCE_SZ,
ashleymills 0:714293de3836 3894 input + sz - ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3895 ssl->specs.aead_mac_size,
ashleymills 0:714293de3836 3896 additional, AEAD_AUTH_DATA_SZ) < 0) {
ashleymills 0:714293de3836 3897 SendAlert(ssl, alert_fatal, bad_record_mac);
ashleymills 0:714293de3836 3898 XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ashleymills 0:714293de3836 3899 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 3900 }
ashleymills 0:714293de3836 3901 XMEMSET(nonce, 0, AEAD_NONCE_SZ);
ashleymills 0:714293de3836 3902 break;
ashleymills 0:714293de3836 3903 }
ashleymills 0:714293de3836 3904 #endif
ashleymills 0:714293de3836 3905
ashleymills 0:714293de3836 3906 #ifdef HAVE_CAMELLIA
ashleymills 0:714293de3836 3907 case camellia:
ashleymills 0:714293de3836 3908 CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
ashleymills 0:714293de3836 3909 break;
ashleymills 0:714293de3836 3910 #endif
ashleymills 0:714293de3836 3911
ashleymills 0:714293de3836 3912 #ifdef HAVE_HC128
ashleymills 0:714293de3836 3913 case hc128:
ashleymills 0:714293de3836 3914 return Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
ashleymills 0:714293de3836 3915 break;
ashleymills 0:714293de3836 3916 #endif
ashleymills 0:714293de3836 3917
ashleymills 0:714293de3836 3918 #ifdef BUILD_RABBIT
ashleymills 0:714293de3836 3919 case rabbit:
ashleymills 0:714293de3836 3920 return RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
ashleymills 0:714293de3836 3921 break;
ashleymills 0:714293de3836 3922 #endif
ashleymills 0:714293de3836 3923
ashleymills 0:714293de3836 3924 #ifdef HAVE_NULL_CIPHER
ashleymills 0:714293de3836 3925 case cipher_null:
ashleymills 0:714293de3836 3926 if (input != plain) {
ashleymills 0:714293de3836 3927 XMEMMOVE(plain, input, sz);
ashleymills 0:714293de3836 3928 }
ashleymills 0:714293de3836 3929 break;
ashleymills 0:714293de3836 3930 #endif
ashleymills 0:714293de3836 3931
ashleymills 0:714293de3836 3932 default:
ashleymills 0:714293de3836 3933 CYASSL_MSG("CyaSSL Decrypt programming error");
ashleymills 0:714293de3836 3934 return DECRYPT_ERROR;
ashleymills 0:714293de3836 3935 }
ashleymills 0:714293de3836 3936 return 0;
ashleymills 0:714293de3836 3937 }
ashleymills 0:714293de3836 3938
ashleymills 0:714293de3836 3939
ashleymills 0:714293de3836 3940 /* check cipher text size for sanity */
ashleymills 0:714293de3836 3941 static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
ashleymills 0:714293de3836 3942 {
ashleymills 0:714293de3836 3943 word32 minLength = 0;
ashleymills 0:714293de3836 3944
ashleymills 0:714293de3836 3945 if (ssl->specs.cipher_type == block) {
ashleymills 0:714293de3836 3946 if (encryptSz % ssl->specs.block_size) {
ashleymills 0:714293de3836 3947 CYASSL_MSG("Block ciphertext not block size");
ashleymills 0:714293de3836 3948 return SANITY_CIPHER_E;
ashleymills 0:714293de3836 3949 }
ashleymills 0:714293de3836 3950 minLength = ssl->specs.hash_size + 1; /* pad byte */
ashleymills 0:714293de3836 3951 if (ssl->specs.block_size > minLength)
ashleymills 0:714293de3836 3952 minLength = ssl->specs.block_size;
ashleymills 0:714293de3836 3953
ashleymills 0:714293de3836 3954 if (ssl->options.tls1_1)
ashleymills 0:714293de3836 3955 minLength += ssl->specs.block_size; /* explicit IV */
ashleymills 0:714293de3836 3956 }
ashleymills 0:714293de3836 3957 else if (ssl->specs.cipher_type == stream) {
ashleymills 0:714293de3836 3958 minLength = ssl->specs.hash_size;
ashleymills 0:714293de3836 3959 }
ashleymills 0:714293de3836 3960 else if (ssl->specs.cipher_type == aead) {
ashleymills 0:714293de3836 3961 minLength = ssl->specs.block_size; /* explicit IV + implicit IV + CTR */
ashleymills 0:714293de3836 3962 }
ashleymills 0:714293de3836 3963
ashleymills 0:714293de3836 3964 if (encryptSz < minLength) {
ashleymills 0:714293de3836 3965 CYASSL_MSG("Ciphertext not minimum size");
ashleymills 0:714293de3836 3966 return SANITY_CIPHER_E;
ashleymills 0:714293de3836 3967 }
ashleymills 0:714293de3836 3968
ashleymills 0:714293de3836 3969 return 0;
ashleymills 0:714293de3836 3970 }
ashleymills 0:714293de3836 3971
ashleymills 0:714293de3836 3972
ashleymills 0:714293de3836 3973 /* decrypt input message in place */
ashleymills 0:714293de3836 3974 static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx)
ashleymills 0:714293de3836 3975 {
ashleymills 0:714293de3836 3976 int decryptResult;
ashleymills 0:714293de3836 3977 int sanityResult = SanityCheckCipherText(ssl, sz);
ashleymills 0:714293de3836 3978
ashleymills 0:714293de3836 3979 if (sanityResult != 0)
ashleymills 0:714293de3836 3980 return sanityResult;
ashleymills 0:714293de3836 3981
ashleymills 0:714293de3836 3982 decryptResult = Decrypt(ssl, input, input, sz);
ashleymills 0:714293de3836 3983
ashleymills 0:714293de3836 3984 if (decryptResult == 0)
ashleymills 0:714293de3836 3985 {
ashleymills 0:714293de3836 3986 ssl->keys.encryptSz = sz;
ashleymills 0:714293de3836 3987 ssl->keys.decryptedCur = 1;
ashleymills 0:714293de3836 3988
ashleymills 0:714293de3836 3989 if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
ashleymills 0:714293de3836 3990 *idx += ssl->specs.block_size; /* go past TLSv1.1 IV */
ashleymills 0:714293de3836 3991 if (ssl->specs.cipher_type == aead)
ashleymills 0:714293de3836 3992 *idx += AEAD_EXP_IV_SZ;
ashleymills 0:714293de3836 3993 }
ashleymills 0:714293de3836 3994
ashleymills 0:714293de3836 3995 return decryptResult;
ashleymills 0:714293de3836 3996 }
ashleymills 0:714293de3836 3997
ashleymills 0:714293de3836 3998
ashleymills 0:714293de3836 3999 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 4000
ashleymills 0:714293de3836 4001 static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
ashleymills 0:714293de3836 4002 {
ashleymills 0:714293de3836 4003 Md5 md5;
ashleymills 0:714293de3836 4004 int i;
ashleymills 0:714293de3836 4005
ashleymills 0:714293de3836 4006 InitMd5(&md5);
ashleymills 0:714293de3836 4007
ashleymills 0:714293de3836 4008 for (i = 0; i < rounds; i++)
ashleymills 0:714293de3836 4009 Md5Update(&md5, data, sz);
ashleymills 0:714293de3836 4010 }
ashleymills 0:714293de3836 4011
ashleymills 0:714293de3836 4012
ashleymills 0:714293de3836 4013
ashleymills 0:714293de3836 4014 static INLINE void ShaRounds(int rounds, const byte* data, int sz)
ashleymills 0:714293de3836 4015 {
ashleymills 0:714293de3836 4016 Sha sha;
ashleymills 0:714293de3836 4017 int i;
ashleymills 0:714293de3836 4018
ashleymills 0:714293de3836 4019 InitSha(&sha);
ashleymills 0:714293de3836 4020
ashleymills 0:714293de3836 4021 for (i = 0; i < rounds; i++)
ashleymills 0:714293de3836 4022 ShaUpdate(&sha, data, sz);
ashleymills 0:714293de3836 4023 }
ashleymills 0:714293de3836 4024 #endif
ashleymills 0:714293de3836 4025
ashleymills 0:714293de3836 4026
ashleymills 0:714293de3836 4027 #ifndef NO_SHA256
ashleymills 0:714293de3836 4028
ashleymills 0:714293de3836 4029 static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
ashleymills 0:714293de3836 4030 {
ashleymills 0:714293de3836 4031 Sha256 sha256;
ashleymills 0:714293de3836 4032 int i;
ashleymills 0:714293de3836 4033
ashleymills 0:714293de3836 4034 InitSha256(&sha256);
ashleymills 0:714293de3836 4035
ashleymills 0:714293de3836 4036 for (i = 0; i < rounds; i++)
ashleymills 0:714293de3836 4037 Sha256Update(&sha256, data, sz);
ashleymills 0:714293de3836 4038 }
ashleymills 0:714293de3836 4039
ashleymills 0:714293de3836 4040 #endif
ashleymills 0:714293de3836 4041
ashleymills 0:714293de3836 4042
ashleymills 0:714293de3836 4043 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 4044
ashleymills 0:714293de3836 4045 static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
ashleymills 0:714293de3836 4046 {
ashleymills 0:714293de3836 4047 Sha384 sha384;
ashleymills 0:714293de3836 4048 int i;
ashleymills 0:714293de3836 4049
ashleymills 0:714293de3836 4050 InitSha384(&sha384);
ashleymills 0:714293de3836 4051
ashleymills 0:714293de3836 4052 for (i = 0; i < rounds; i++)
ashleymills 0:714293de3836 4053 Sha384Update(&sha384, data, sz);
ashleymills 0:714293de3836 4054 }
ashleymills 0:714293de3836 4055
ashleymills 0:714293de3836 4056 #endif
ashleymills 0:714293de3836 4057
ashleymills 0:714293de3836 4058
ashleymills 0:714293de3836 4059 #ifdef CYASSL_SHA512
ashleymills 0:714293de3836 4060
ashleymills 0:714293de3836 4061 static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
ashleymills 0:714293de3836 4062 {
ashleymills 0:714293de3836 4063 Sha512 sha512;
ashleymills 0:714293de3836 4064 int i;
ashleymills 0:714293de3836 4065
ashleymills 0:714293de3836 4066 InitSha512(&sha512);
ashleymills 0:714293de3836 4067
ashleymills 0:714293de3836 4068 for (i = 0; i < rounds; i++)
ashleymills 0:714293de3836 4069 Sha512Update(&sha512, data, sz);
ashleymills 0:714293de3836 4070 }
ashleymills 0:714293de3836 4071
ashleymills 0:714293de3836 4072 #endif
ashleymills 0:714293de3836 4073
ashleymills 0:714293de3836 4074
ashleymills 0:714293de3836 4075 #ifdef CYASSL_RIPEMD
ashleymills 0:714293de3836 4076
ashleymills 0:714293de3836 4077 static INLINE void RmdRounds(int rounds, const byte* data, int sz)
ashleymills 0:714293de3836 4078 {
ashleymills 0:714293de3836 4079 RipeMd ripemd;
ashleymills 0:714293de3836 4080 int i;
ashleymills 0:714293de3836 4081
ashleymills 0:714293de3836 4082 InitRipeMd(&ripemd);
ashleymills 0:714293de3836 4083
ashleymills 0:714293de3836 4084 for (i = 0; i < rounds; i++)
ashleymills 0:714293de3836 4085 RipeMdUpdate(&ripemd, data, sz);
ashleymills 0:714293de3836 4086 }
ashleymills 0:714293de3836 4087
ashleymills 0:714293de3836 4088 #endif
ashleymills 0:714293de3836 4089
ashleymills 0:714293de3836 4090
ashleymills 0:714293de3836 4091 static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
ashleymills 0:714293de3836 4092 {
ashleymills 0:714293de3836 4093 switch (type) {
ashleymills 0:714293de3836 4094
ashleymills 0:714293de3836 4095 case no_mac :
ashleymills 0:714293de3836 4096 break;
ashleymills 0:714293de3836 4097
ashleymills 0:714293de3836 4098 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 4099 #ifndef NO_MD5
ashleymills 0:714293de3836 4100 case md5_mac :
ashleymills 0:714293de3836 4101 Md5Rounds(rounds, data, sz);
ashleymills 0:714293de3836 4102 break;
ashleymills 0:714293de3836 4103 #endif
ashleymills 0:714293de3836 4104
ashleymills 0:714293de3836 4105 #ifndef NO_SHA
ashleymills 0:714293de3836 4106 case sha_mac :
ashleymills 0:714293de3836 4107 ShaRounds(rounds, data, sz);
ashleymills 0:714293de3836 4108 break;
ashleymills 0:714293de3836 4109 #endif
ashleymills 0:714293de3836 4110 #endif
ashleymills 0:714293de3836 4111
ashleymills 0:714293de3836 4112 #ifndef NO_SHA256
ashleymills 0:714293de3836 4113 case sha256_mac :
ashleymills 0:714293de3836 4114 Sha256Rounds(rounds, data, sz);
ashleymills 0:714293de3836 4115 break;
ashleymills 0:714293de3836 4116 #endif
ashleymills 0:714293de3836 4117
ashleymills 0:714293de3836 4118 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 4119 case sha384_mac :
ashleymills 0:714293de3836 4120 Sha384Rounds(rounds, data, sz);
ashleymills 0:714293de3836 4121 break;
ashleymills 0:714293de3836 4122 #endif
ashleymills 0:714293de3836 4123
ashleymills 0:714293de3836 4124 #ifdef CYASSL_SHA512
ashleymills 0:714293de3836 4125 case sha512_mac :
ashleymills 0:714293de3836 4126 Sha512Rounds(rounds, data, sz);
ashleymills 0:714293de3836 4127 break;
ashleymills 0:714293de3836 4128 #endif
ashleymills 0:714293de3836 4129
ashleymills 0:714293de3836 4130 #ifdef CYASSL_RIPEMD
ashleymills 0:714293de3836 4131 case rmd_mac :
ashleymills 0:714293de3836 4132 RmdRounds(rounds, data, sz);
ashleymills 0:714293de3836 4133 break;
ashleymills 0:714293de3836 4134 #endif
ashleymills 0:714293de3836 4135
ashleymills 0:714293de3836 4136 default:
ashleymills 0:714293de3836 4137 CYASSL_MSG("Bad round type");
ashleymills 0:714293de3836 4138 break;
ashleymills 0:714293de3836 4139 }
ashleymills 0:714293de3836 4140 }
ashleymills 0:714293de3836 4141
ashleymills 0:714293de3836 4142
ashleymills 0:714293de3836 4143 /* do number of compression rounds on dummy data */
ashleymills 0:714293de3836 4144 static INLINE void CompressRounds(CYASSL* ssl, int rounds, const byte* dummy)
ashleymills 0:714293de3836 4145 {
ashleymills 0:714293de3836 4146 if (rounds)
ashleymills 0:714293de3836 4147 DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER);
ashleymills 0:714293de3836 4148 }
ashleymills 0:714293de3836 4149
ashleymills 0:714293de3836 4150
ashleymills 0:714293de3836 4151 /* check all length bytes for equality, return 0 on success */
ashleymills 0:714293de3836 4152 static int ConstantCompare(const byte* a, const byte* b, int length)
ashleymills 0:714293de3836 4153 {
ashleymills 0:714293de3836 4154 int i;
ashleymills 0:714293de3836 4155 int good = 0;
ashleymills 0:714293de3836 4156 int bad = 0;
ashleymills 0:714293de3836 4157
ashleymills 0:714293de3836 4158 for (i = 0; i < length; i++) {
ashleymills 0:714293de3836 4159 if (a[i] == b[i])
ashleymills 0:714293de3836 4160 good++;
ashleymills 0:714293de3836 4161 else
ashleymills 0:714293de3836 4162 bad++;
ashleymills 0:714293de3836 4163 }
ashleymills 0:714293de3836 4164
ashleymills 0:714293de3836 4165 if (good == length)
ashleymills 0:714293de3836 4166 return 0;
ashleymills 0:714293de3836 4167 else
ashleymills 0:714293de3836 4168 return 0 - bad; /* compare failed */
ashleymills 0:714293de3836 4169 }
ashleymills 0:714293de3836 4170
ashleymills 0:714293de3836 4171
ashleymills 0:714293de3836 4172 /* check all length bytes for the pad value, return 0 on success */
ashleymills 0:714293de3836 4173 static int PadCheck(const byte* input, byte pad, int length)
ashleymills 0:714293de3836 4174 {
ashleymills 0:714293de3836 4175 int i;
ashleymills 0:714293de3836 4176 int good = 0;
ashleymills 0:714293de3836 4177 int bad = 0;
ashleymills 0:714293de3836 4178
ashleymills 0:714293de3836 4179 for (i = 0; i < length; i++) {
ashleymills 0:714293de3836 4180 if (input[i] == pad)
ashleymills 0:714293de3836 4181 good++;
ashleymills 0:714293de3836 4182 else
ashleymills 0:714293de3836 4183 bad++;
ashleymills 0:714293de3836 4184 }
ashleymills 0:714293de3836 4185
ashleymills 0:714293de3836 4186 if (good == length)
ashleymills 0:714293de3836 4187 return 0;
ashleymills 0:714293de3836 4188 else
ashleymills 0:714293de3836 4189 return 0 - bad; /* pad check failed */
ashleymills 0:714293de3836 4190 }
ashleymills 0:714293de3836 4191
ashleymills 0:714293de3836 4192
ashleymills 0:714293de3836 4193 /* get compression extra rounds */
ashleymills 0:714293de3836 4194 static INLINE int GetRounds(int pLen, int padLen, int t)
ashleymills 0:714293de3836 4195 {
ashleymills 0:714293de3836 4196 int roundL1 = 1; /* round up flags */
ashleymills 0:714293de3836 4197 int roundL2 = 1;
ashleymills 0:714293de3836 4198
ashleymills 0:714293de3836 4199 int L1 = COMPRESS_CONSTANT + pLen - t;
ashleymills 0:714293de3836 4200 int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t;
ashleymills 0:714293de3836 4201
ashleymills 0:714293de3836 4202 L1 -= COMPRESS_UPPER;
ashleymills 0:714293de3836 4203 L2 -= COMPRESS_UPPER;
ashleymills 0:714293de3836 4204
ashleymills 0:714293de3836 4205 if ( (L1 % COMPRESS_LOWER) == 0)
ashleymills 0:714293de3836 4206 roundL1 = 0;
ashleymills 0:714293de3836 4207 if ( (L2 % COMPRESS_LOWER) == 0)
ashleymills 0:714293de3836 4208 roundL2 = 0;
ashleymills 0:714293de3836 4209
ashleymills 0:714293de3836 4210 L1 /= COMPRESS_LOWER;
ashleymills 0:714293de3836 4211 L2 /= COMPRESS_LOWER;
ashleymills 0:714293de3836 4212
ashleymills 0:714293de3836 4213 L1 += roundL1;
ashleymills 0:714293de3836 4214 L2 += roundL2;
ashleymills 0:714293de3836 4215
ashleymills 0:714293de3836 4216 return L1 - L2;
ashleymills 0:714293de3836 4217 }
ashleymills 0:714293de3836 4218
ashleymills 0:714293de3836 4219
ashleymills 0:714293de3836 4220 /* timing resistant pad/verify check, return 0 on success */
ashleymills 0:714293de3836 4221 static int TimingPadVerify(CYASSL* ssl, const byte* input, int padLen, int t,
ashleymills 0:714293de3836 4222 int pLen)
ashleymills 0:714293de3836 4223 {
ashleymills 0:714293de3836 4224 byte verify[MAX_DIGEST_SIZE];
ashleymills 0:714293de3836 4225 byte dummy[MAX_PAD_SIZE];
ashleymills 0:714293de3836 4226
ashleymills 0:714293de3836 4227 XMEMSET(dummy, 1, sizeof(dummy));
ashleymills 0:714293de3836 4228
ashleymills 0:714293de3836 4229 if ( (t + padLen + 1) > pLen) {
ashleymills 0:714293de3836 4230 CYASSL_MSG("Plain Len not long enough for pad/mac");
ashleymills 0:714293de3836 4231 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
ashleymills 0:714293de3836 4232 ssl->hmac(ssl, verify, input, pLen - t, application_data, 1);
ashleymills 0:714293de3836 4233 ConstantCompare(verify, input + pLen - t, t);
ashleymills 0:714293de3836 4234
ashleymills 0:714293de3836 4235 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 4236 }
ashleymills 0:714293de3836 4237
ashleymills 0:714293de3836 4238 if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) {
ashleymills 0:714293de3836 4239 CYASSL_MSG("PadCheck failed");
ashleymills 0:714293de3836 4240 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
ashleymills 0:714293de3836 4241 ssl->hmac(ssl, verify, input, pLen - t, application_data, 1);
ashleymills 0:714293de3836 4242 ConstantCompare(verify, input + pLen - t, t);
ashleymills 0:714293de3836 4243
ashleymills 0:714293de3836 4244 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 4245 }
ashleymills 0:714293de3836 4246
ashleymills 0:714293de3836 4247 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
ashleymills 0:714293de3836 4248 ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, application_data, 1);
ashleymills 0:714293de3836 4249
ashleymills 0:714293de3836 4250 CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy);
ashleymills 0:714293de3836 4251
ashleymills 0:714293de3836 4252 if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) {
ashleymills 0:714293de3836 4253 CYASSL_MSG("Verify MAC compare failed");
ashleymills 0:714293de3836 4254 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 4255 }
ashleymills 0:714293de3836 4256
ashleymills 0:714293de3836 4257 return 0;
ashleymills 0:714293de3836 4258 }
ashleymills 0:714293de3836 4259
ashleymills 0:714293de3836 4260
ashleymills 0:714293de3836 4261 int DoApplicationData(CYASSL* ssl, byte* input, word32* inOutIdx)
ashleymills 0:714293de3836 4262 {
ashleymills 0:714293de3836 4263 word32 msgSz = ssl->keys.encryptSz;
ashleymills 0:714293de3836 4264 word32 pad = 0,
ashleymills 0:714293de3836 4265 padByte = 0,
ashleymills 0:714293de3836 4266 idx = *inOutIdx,
ashleymills 0:714293de3836 4267 digestSz = ssl->specs.hash_size;
ashleymills 0:714293de3836 4268 int dataSz, ret;
ashleymills 0:714293de3836 4269 int ivExtra = 0;
ashleymills 0:714293de3836 4270 byte* rawData = input + idx; /* keep current for hmac */
ashleymills 0:714293de3836 4271 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 4272 byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
ashleymills 0:714293de3836 4273 #endif
ashleymills 0:714293de3836 4274 byte verify[MAX_DIGEST_SIZE];
ashleymills 0:714293de3836 4275
ashleymills 0:714293de3836 4276 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
ashleymills 0:714293de3836 4277 CYASSL_MSG("Received App data before handshake complete");
ashleymills 0:714293de3836 4278 SendAlert(ssl, alert_fatal, unexpected_message);
ashleymills 0:714293de3836 4279 return OUT_OF_ORDER_E;
ashleymills 0:714293de3836 4280 }
ashleymills 0:714293de3836 4281
ashleymills 0:714293de3836 4282 if (ssl->specs.cipher_type == block) {
ashleymills 0:714293de3836 4283 if (ssl->options.tls1_1)
ashleymills 0:714293de3836 4284 ivExtra = ssl->specs.block_size;
ashleymills 0:714293de3836 4285 pad = *(input + idx + msgSz - ivExtra - 1);
ashleymills 0:714293de3836 4286 padByte = 1;
ashleymills 0:714293de3836 4287
ashleymills 0:714293de3836 4288 if (ssl->options.tls) {
ashleymills 0:714293de3836 4289 ret = TimingPadVerify(ssl, input + idx, pad, digestSz,
ashleymills 0:714293de3836 4290 msgSz - ivExtra);
ashleymills 0:714293de3836 4291 if (ret != 0)
ashleymills 0:714293de3836 4292 return ret;
ashleymills 0:714293de3836 4293 }
ashleymills 0:714293de3836 4294 else { /* sslv3, some implementations have bad padding */
ashleymills 0:714293de3836 4295 ssl->hmac(ssl, verify, rawData, msgSz - digestSz - pad - 1,
ashleymills 0:714293de3836 4296 application_data, 1);
ashleymills 0:714293de3836 4297 if (ConstantCompare(verify, rawData + msgSz - digestSz - pad - 1,
ashleymills 0:714293de3836 4298 digestSz) != 0)
ashleymills 0:714293de3836 4299 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 4300 }
ashleymills 0:714293de3836 4301 }
ashleymills 0:714293de3836 4302 else if (ssl->specs.cipher_type == stream) {
ashleymills 0:714293de3836 4303 ssl->hmac(ssl, verify, rawData, msgSz - digestSz, application_data, 1);
ashleymills 0:714293de3836 4304 if (ConstantCompare(verify, rawData + msgSz - digestSz, digestSz) != 0){
ashleymills 0:714293de3836 4305 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 4306 }
ashleymills 0:714293de3836 4307 }
ashleymills 0:714293de3836 4308 else if (ssl->specs.cipher_type == aead) {
ashleymills 0:714293de3836 4309 ivExtra = AEAD_EXP_IV_SZ;
ashleymills 0:714293de3836 4310 digestSz = ssl->specs.aead_mac_size;
ashleymills 0:714293de3836 4311 }
ashleymills 0:714293de3836 4312
ashleymills 0:714293de3836 4313 dataSz = msgSz - ivExtra - digestSz - pad - padByte;
ashleymills 0:714293de3836 4314 if (dataSz < 0) {
ashleymills 0:714293de3836 4315 CYASSL_MSG("App data buffer error, malicious input?");
ashleymills 0:714293de3836 4316 return BUFFER_ERROR;
ashleymills 0:714293de3836 4317 }
ashleymills 0:714293de3836 4318
ashleymills 0:714293de3836 4319 /* read data */
ashleymills 0:714293de3836 4320 if (dataSz) {
ashleymills 0:714293de3836 4321 int rawSz = dataSz; /* keep raw size for idx adjustment */
ashleymills 0:714293de3836 4322
ashleymills 0:714293de3836 4323 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 4324 if (ssl->options.usingCompression) {
ashleymills 0:714293de3836 4325 dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp));
ashleymills 0:714293de3836 4326 if (dataSz < 0) return dataSz;
ashleymills 0:714293de3836 4327 }
ashleymills 0:714293de3836 4328 #endif
ashleymills 0:714293de3836 4329 idx += rawSz;
ashleymills 0:714293de3836 4330
ashleymills 0:714293de3836 4331 ssl->buffers.clearOutputBuffer.buffer = rawData;
ashleymills 0:714293de3836 4332 ssl->buffers.clearOutputBuffer.length = dataSz;
ashleymills 0:714293de3836 4333 }
ashleymills 0:714293de3836 4334
ashleymills 0:714293de3836 4335 idx += digestSz;
ashleymills 0:714293de3836 4336 idx += pad;
ashleymills 0:714293de3836 4337 if (padByte)
ashleymills 0:714293de3836 4338 idx++;
ashleymills 0:714293de3836 4339
ashleymills 0:714293de3836 4340 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 4341 /* decompress could be bigger, overwrite after verify */
ashleymills 0:714293de3836 4342 if (ssl->options.usingCompression)
ashleymills 0:714293de3836 4343 XMEMMOVE(rawData, decomp, dataSz);
ashleymills 0:714293de3836 4344 #endif
ashleymills 0:714293de3836 4345
ashleymills 0:714293de3836 4346 *inOutIdx = idx;
ashleymills 0:714293de3836 4347 return 0;
ashleymills 0:714293de3836 4348 }
ashleymills 0:714293de3836 4349
ashleymills 0:714293de3836 4350
ashleymills 0:714293de3836 4351 /* process alert, return level */
ashleymills 0:714293de3836 4352 static int DoAlert(CYASSL* ssl, byte* input, word32* inOutIdx, int* type)
ashleymills 0:714293de3836 4353 {
ashleymills 0:714293de3836 4354 byte level;
ashleymills 0:714293de3836 4355 byte code;
ashleymills 0:714293de3836 4356
ashleymills 0:714293de3836 4357 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 4358 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 4359 AddPacketName("Alert", &ssl->handShakeInfo);
ashleymills 0:714293de3836 4360 if (ssl->toInfoOn)
ashleymills 0:714293de3836 4361 /* add record header back on to info + 2 byte level, data */
ashleymills 0:714293de3836 4362 AddPacketInfo("Alert", &ssl->timeoutInfo, input + *inOutIdx -
ashleymills 0:714293de3836 4363 RECORD_HEADER_SZ, 2 + RECORD_HEADER_SZ, ssl->heap);
ashleymills 0:714293de3836 4364 #endif
ashleymills 0:714293de3836 4365 level = input[(*inOutIdx)++];
ashleymills 0:714293de3836 4366 code = (int)input[(*inOutIdx)++];
ashleymills 0:714293de3836 4367 ssl->alert_history.last_rx.code = code;
ashleymills 0:714293de3836 4368 ssl->alert_history.last_rx.level = level;
ashleymills 0:714293de3836 4369 *type = code;
ashleymills 0:714293de3836 4370 if (level == alert_fatal) {
ashleymills 0:714293de3836 4371 ssl->options.isClosed = 1; /* Don't send close_notify */
ashleymills 0:714293de3836 4372 }
ashleymills 0:714293de3836 4373
ashleymills 0:714293de3836 4374 CYASSL_MSG("Got alert");
ashleymills 0:714293de3836 4375 if (*type == close_notify) {
ashleymills 0:714293de3836 4376 CYASSL_MSG(" close notify");
ashleymills 0:714293de3836 4377 ssl->options.closeNotify = 1;
ashleymills 0:714293de3836 4378 }
ashleymills 0:714293de3836 4379 CYASSL_ERROR(*type);
ashleymills 0:714293de3836 4380
ashleymills 0:714293de3836 4381 if (ssl->keys.encryptionOn) {
ashleymills 0:714293de3836 4382 if (ssl->specs.cipher_type != aead) {
ashleymills 0:714293de3836 4383 int aSz = ALERT_SIZE;
ashleymills 0:714293de3836 4384 const byte* mac;
ashleymills 0:714293de3836 4385 byte verify[MAX_DIGEST_SIZE];
ashleymills 0:714293de3836 4386 int padSz = ssl->keys.encryptSz - aSz - ssl->specs.hash_size;
ashleymills 0:714293de3836 4387
ashleymills 0:714293de3836 4388 ssl->hmac(ssl, verify, input + *inOutIdx - aSz, aSz, alert, 1);
ashleymills 0:714293de3836 4389
ashleymills 0:714293de3836 4390 /* read mac and fill */
ashleymills 0:714293de3836 4391 mac = input + *inOutIdx;
ashleymills 0:714293de3836 4392 *inOutIdx += (ssl->specs.hash_size + padSz);
ashleymills 0:714293de3836 4393
ashleymills 0:714293de3836 4394 /* verify */
ashleymills 0:714293de3836 4395 if (XMEMCMP(mac, verify, ssl->specs.hash_size) != 0) {
ashleymills 0:714293de3836 4396 CYASSL_MSG(" alert verify mac error");
ashleymills 0:714293de3836 4397 return VERIFY_MAC_ERROR;
ashleymills 0:714293de3836 4398 }
ashleymills 0:714293de3836 4399 }
ashleymills 0:714293de3836 4400 else {
ashleymills 0:714293de3836 4401 *inOutIdx += ssl->specs.aead_mac_size;
ashleymills 0:714293de3836 4402 }
ashleymills 0:714293de3836 4403 }
ashleymills 0:714293de3836 4404
ashleymills 0:714293de3836 4405 return level;
ashleymills 0:714293de3836 4406 }
ashleymills 0:714293de3836 4407
ashleymills 0:714293de3836 4408 static int GetInputData(CYASSL *ssl, word32 size)
ashleymills 0:714293de3836 4409 {
ashleymills 0:714293de3836 4410 int in;
ashleymills 0:714293de3836 4411 int inSz;
ashleymills 0:714293de3836 4412 int maxLength;
ashleymills 0:714293de3836 4413 int usedLength;
ashleymills 0:714293de3836 4414 int dtlsExtra = 0;
ashleymills 0:714293de3836 4415
ashleymills 0:714293de3836 4416
ashleymills 0:714293de3836 4417 /* check max input length */
ashleymills 0:714293de3836 4418 usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
ashleymills 0:714293de3836 4419 maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength;
ashleymills 0:714293de3836 4420 inSz = (int)(size - usedLength); /* from last partial read */
ashleymills 0:714293de3836 4421
ashleymills 0:714293de3836 4422 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4423 if (ssl->options.dtls) {
ashleymills 0:714293de3836 4424 if (size < ssl->dtls_expected_rx)
ashleymills 0:714293de3836 4425 dtlsExtra = (int)(ssl->dtls_expected_rx - size);
ashleymills 0:714293de3836 4426 inSz = ssl->dtls_expected_rx;
ashleymills 0:714293de3836 4427 }
ashleymills 0:714293de3836 4428 #endif
ashleymills 0:714293de3836 4429
ashleymills 0:714293de3836 4430 if (inSz > maxLength) {
ashleymills 0:714293de3836 4431 if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
ashleymills 0:714293de3836 4432 return MEMORY_E;
ashleymills 0:714293de3836 4433 }
ashleymills 0:714293de3836 4434
ashleymills 0:714293de3836 4435 if (inSz <= 0)
ashleymills 0:714293de3836 4436 return BUFFER_ERROR;
ashleymills 0:714293de3836 4437
ashleymills 0:714293de3836 4438 /* Put buffer data at start if not there */
ashleymills 0:714293de3836 4439 if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
ashleymills 0:714293de3836 4440 XMEMMOVE(ssl->buffers.inputBuffer.buffer,
ashleymills 0:714293de3836 4441 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
ashleymills 0:714293de3836 4442 usedLength);
ashleymills 0:714293de3836 4443
ashleymills 0:714293de3836 4444 /* remove processed data */
ashleymills 0:714293de3836 4445 ssl->buffers.inputBuffer.idx = 0;
ashleymills 0:714293de3836 4446 ssl->buffers.inputBuffer.length = usedLength;
ashleymills 0:714293de3836 4447
ashleymills 0:714293de3836 4448 /* read data from network */
ashleymills 0:714293de3836 4449 do {
ashleymills 0:714293de3836 4450 in = Receive(ssl,
ashleymills 0:714293de3836 4451 ssl->buffers.inputBuffer.buffer +
ashleymills 0:714293de3836 4452 ssl->buffers.inputBuffer.length,
ashleymills 0:714293de3836 4453 inSz);
ashleymills 0:714293de3836 4454 if (in == -1)
ashleymills 0:714293de3836 4455 return SOCKET_ERROR_E;
ashleymills 0:714293de3836 4456
ashleymills 0:714293de3836 4457 if (in == WANT_READ)
ashleymills 0:714293de3836 4458 return WANT_READ;
ashleymills 0:714293de3836 4459
ashleymills 0:714293de3836 4460 if (in > inSz)
ashleymills 0:714293de3836 4461 return RECV_OVERFLOW_E;
ashleymills 0:714293de3836 4462
ashleymills 0:714293de3836 4463 ssl->buffers.inputBuffer.length += in;
ashleymills 0:714293de3836 4464 inSz -= in;
ashleymills 0:714293de3836 4465
ashleymills 0:714293de3836 4466 } while (ssl->buffers.inputBuffer.length < size);
ashleymills 0:714293de3836 4467
ashleymills 0:714293de3836 4468 return 0;
ashleymills 0:714293de3836 4469 }
ashleymills 0:714293de3836 4470
ashleymills 0:714293de3836 4471 /* process input requests, return 0 is done, 1 is call again to complete, and
ashleymills 0:714293de3836 4472 negative number is error */
ashleymills 0:714293de3836 4473 int ProcessReply(CYASSL* ssl)
ashleymills 0:714293de3836 4474 {
ashleymills 0:714293de3836 4475 int ret = 0, type, readSz;
ashleymills 0:714293de3836 4476 word32 startIdx = 0;
ashleymills 0:714293de3836 4477 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 4478 byte b0, b1;
ashleymills 0:714293de3836 4479 #endif
ashleymills 0:714293de3836 4480 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4481 int used;
ashleymills 0:714293de3836 4482 #endif
ashleymills 0:714293de3836 4483
ashleymills 0:714293de3836 4484 for (;;) {
ashleymills 0:714293de3836 4485 switch ((processReply)ssl->options.processReply) {
ashleymills 0:714293de3836 4486
ashleymills 0:714293de3836 4487 /* in the CYASSL_SERVER case, get the first byte for detecting
ashleymills 0:714293de3836 4488 * old client hello */
ashleymills 0:714293de3836 4489 case doProcessInit:
ashleymills 0:714293de3836 4490
ashleymills 0:714293de3836 4491 readSz = RECORD_HEADER_SZ;
ashleymills 0:714293de3836 4492
ashleymills 0:714293de3836 4493 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4494 if (ssl->options.dtls)
ashleymills 0:714293de3836 4495 readSz = DTLS_RECORD_HEADER_SZ;
ashleymills 0:714293de3836 4496 #endif
ashleymills 0:714293de3836 4497
ashleymills 0:714293de3836 4498 /* get header or return error */
ashleymills 0:714293de3836 4499 if (!ssl->options.dtls) {
ashleymills 0:714293de3836 4500 if ((ret = GetInputData(ssl, readSz)) < 0)
ashleymills 0:714293de3836 4501 return ret;
ashleymills 0:714293de3836 4502 } else {
ashleymills 0:714293de3836 4503 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4504 /* read ahead may already have header */
ashleymills 0:714293de3836 4505 used = ssl->buffers.inputBuffer.length -
ashleymills 0:714293de3836 4506 ssl->buffers.inputBuffer.idx;
ashleymills 0:714293de3836 4507 if (used < readSz)
ashleymills 0:714293de3836 4508 if ((ret = GetInputData(ssl, readSz)) < 0)
ashleymills 0:714293de3836 4509 return ret;
ashleymills 0:714293de3836 4510 #endif
ashleymills 0:714293de3836 4511 }
ashleymills 0:714293de3836 4512
ashleymills 0:714293de3836 4513 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 4514
ashleymills 0:714293de3836 4515 /* see if sending SSLv2 client hello */
ashleymills 0:714293de3836 4516 if ( ssl->options.side == SERVER_END &&
ashleymills 0:714293de3836 4517 ssl->options.clientState == NULL_STATE &&
ashleymills 0:714293de3836 4518 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx]
ashleymills 0:714293de3836 4519 != handshake) {
ashleymills 0:714293de3836 4520 ssl->options.processReply = runProcessOldClientHello;
ashleymills 0:714293de3836 4521
ashleymills 0:714293de3836 4522 /* how many bytes need ProcessOldClientHello */
ashleymills 0:714293de3836 4523 b0 =
ashleymills 0:714293de3836 4524 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
ashleymills 0:714293de3836 4525 b1 =
ashleymills 0:714293de3836 4526 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
ashleymills 0:714293de3836 4527 ssl->curSize = ((b0 & 0x7f) << 8) | b1;
ashleymills 0:714293de3836 4528 }
ashleymills 0:714293de3836 4529 else {
ashleymills 0:714293de3836 4530 ssl->options.processReply = getRecordLayerHeader;
ashleymills 0:714293de3836 4531 continue;
ashleymills 0:714293de3836 4532 }
ashleymills 0:714293de3836 4533
ashleymills 0:714293de3836 4534 /* in the CYASSL_SERVER case, run the old client hello */
ashleymills 0:714293de3836 4535 case runProcessOldClientHello:
ashleymills 0:714293de3836 4536
ashleymills 0:714293de3836 4537 /* get sz bytes or return error */
ashleymills 0:714293de3836 4538 if (!ssl->options.dtls) {
ashleymills 0:714293de3836 4539 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
ashleymills 0:714293de3836 4540 return ret;
ashleymills 0:714293de3836 4541 } else {
ashleymills 0:714293de3836 4542 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4543 /* read ahead may already have */
ashleymills 0:714293de3836 4544 used = ssl->buffers.inputBuffer.length -
ashleymills 0:714293de3836 4545 ssl->buffers.inputBuffer.idx;
ashleymills 0:714293de3836 4546 if (used < ssl->curSize)
ashleymills 0:714293de3836 4547 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
ashleymills 0:714293de3836 4548 return ret;
ashleymills 0:714293de3836 4549 #endif /* CYASSL_DTLS */
ashleymills 0:714293de3836 4550 }
ashleymills 0:714293de3836 4551
ashleymills 0:714293de3836 4552 ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer,
ashleymills 0:714293de3836 4553 &ssl->buffers.inputBuffer.idx,
ashleymills 0:714293de3836 4554 ssl->buffers.inputBuffer.length -
ashleymills 0:714293de3836 4555 ssl->buffers.inputBuffer.idx,
ashleymills 0:714293de3836 4556 ssl->curSize);
ashleymills 0:714293de3836 4557 if (ret < 0)
ashleymills 0:714293de3836 4558 return ret;
ashleymills 0:714293de3836 4559
ashleymills 0:714293de3836 4560 else if (ssl->buffers.inputBuffer.idx ==
ashleymills 0:714293de3836 4561 ssl->buffers.inputBuffer.length) {
ashleymills 0:714293de3836 4562 ssl->options.processReply = doProcessInit;
ashleymills 0:714293de3836 4563 return 0;
ashleymills 0:714293de3836 4564 }
ashleymills 0:714293de3836 4565
ashleymills 0:714293de3836 4566 #endif /* NO_CYASSL_SERVER */
ashleymills 0:714293de3836 4567
ashleymills 0:714293de3836 4568 /* get the record layer header */
ashleymills 0:714293de3836 4569 case getRecordLayerHeader:
ashleymills 0:714293de3836 4570
ashleymills 0:714293de3836 4571 ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
ashleymills 0:714293de3836 4572 &ssl->buffers.inputBuffer.idx,
ashleymills 0:714293de3836 4573 &ssl->curRL, &ssl->curSize);
ashleymills 0:714293de3836 4574 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4575 if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
ashleymills 0:714293de3836 4576 /* This message is out of order. If we are handshaking, save
ashleymills 0:714293de3836 4577 *it for later. Otherwise go ahead and process it. */
ashleymills 0:714293de3836 4578 ssl->options.processReply = doProcessInit;
ashleymills 0:714293de3836 4579 ssl->buffers.inputBuffer.length = 0;
ashleymills 0:714293de3836 4580 ssl->buffers.inputBuffer.idx = 0;
ashleymills 0:714293de3836 4581 continue;
ashleymills 0:714293de3836 4582 }
ashleymills 0:714293de3836 4583 #endif
ashleymills 0:714293de3836 4584 if (ret != 0)
ashleymills 0:714293de3836 4585 return ret;
ashleymills 0:714293de3836 4586
ashleymills 0:714293de3836 4587 ssl->options.processReply = getData;
ashleymills 0:714293de3836 4588
ashleymills 0:714293de3836 4589 /* retrieve record layer data */
ashleymills 0:714293de3836 4590 case getData:
ashleymills 0:714293de3836 4591
ashleymills 0:714293de3836 4592 /* get sz bytes or return error */
ashleymills 0:714293de3836 4593 if (!ssl->options.dtls) {
ashleymills 0:714293de3836 4594 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
ashleymills 0:714293de3836 4595 return ret;
ashleymills 0:714293de3836 4596 } else {
ashleymills 0:714293de3836 4597 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4598 /* read ahead may already have */
ashleymills 0:714293de3836 4599 used = ssl->buffers.inputBuffer.length -
ashleymills 0:714293de3836 4600 ssl->buffers.inputBuffer.idx;
ashleymills 0:714293de3836 4601 if (used < ssl->curSize)
ashleymills 0:714293de3836 4602 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
ashleymills 0:714293de3836 4603 return ret;
ashleymills 0:714293de3836 4604 #endif
ashleymills 0:714293de3836 4605 }
ashleymills 0:714293de3836 4606
ashleymills 0:714293de3836 4607 ssl->options.processReply = runProcessingOneMessage;
ashleymills 0:714293de3836 4608 startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */
ashleymills 0:714293de3836 4609
ashleymills 0:714293de3836 4610 /* the record layer is here */
ashleymills 0:714293de3836 4611 case runProcessingOneMessage:
ashleymills 0:714293de3836 4612
ashleymills 0:714293de3836 4613 if (ssl->keys.encryptionOn && ssl->keys.decryptedCur == 0) {
ashleymills 0:714293de3836 4614 ret = DecryptMessage(ssl, ssl->buffers.inputBuffer.buffer +
ashleymills 0:714293de3836 4615 ssl->buffers.inputBuffer.idx,
ashleymills 0:714293de3836 4616 ssl->curSize,
ashleymills 0:714293de3836 4617 &ssl->buffers.inputBuffer.idx);
ashleymills 0:714293de3836 4618 if (ret < 0) {
ashleymills 0:714293de3836 4619 CYASSL_ERROR(ret);
ashleymills 0:714293de3836 4620 return DECRYPT_ERROR;
ashleymills 0:714293de3836 4621 }
ashleymills 0:714293de3836 4622 }
ashleymills 0:714293de3836 4623
ashleymills 0:714293de3836 4624 CYASSL_MSG("received record layer msg");
ashleymills 0:714293de3836 4625
ashleymills 0:714293de3836 4626 switch (ssl->curRL.type) {
ashleymills 0:714293de3836 4627 case handshake :
ashleymills 0:714293de3836 4628 /* debugging in DoHandShakeMsg */
ashleymills 0:714293de3836 4629 if (!ssl->options.dtls) {
ashleymills 0:714293de3836 4630 ret = DoHandShakeMsg(ssl,
ashleymills 0:714293de3836 4631 ssl->buffers.inputBuffer.buffer,
ashleymills 0:714293de3836 4632 &ssl->buffers.inputBuffer.idx,
ashleymills 0:714293de3836 4633 ssl->buffers.inputBuffer.length);
ashleymills 0:714293de3836 4634 }
ashleymills 0:714293de3836 4635 else {
ashleymills 0:714293de3836 4636 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4637 ret = DoDtlsHandShakeMsg(ssl,
ashleymills 0:714293de3836 4638 ssl->buffers.inputBuffer.buffer,
ashleymills 0:714293de3836 4639 &ssl->buffers.inputBuffer.idx,
ashleymills 0:714293de3836 4640 ssl->buffers.inputBuffer.length);
ashleymills 0:714293de3836 4641 #endif
ashleymills 0:714293de3836 4642 }
ashleymills 0:714293de3836 4643 if (ret != 0)
ashleymills 0:714293de3836 4644 return ret;
ashleymills 0:714293de3836 4645 break;
ashleymills 0:714293de3836 4646
ashleymills 0:714293de3836 4647 case change_cipher_spec:
ashleymills 0:714293de3836 4648 CYASSL_MSG("got CHANGE CIPHER SPEC");
ashleymills 0:714293de3836 4649 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 4650 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 4651 AddPacketName("ChangeCipher", &ssl->handShakeInfo);
ashleymills 0:714293de3836 4652 /* add record header back on info */
ashleymills 0:714293de3836 4653 if (ssl->toInfoOn) {
ashleymills 0:714293de3836 4654 AddPacketInfo("ChangeCipher", &ssl->timeoutInfo,
ashleymills 0:714293de3836 4655 ssl->buffers.inputBuffer.buffer +
ashleymills 0:714293de3836 4656 ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ,
ashleymills 0:714293de3836 4657 1 + RECORD_HEADER_SZ, ssl->heap);
ashleymills 0:714293de3836 4658 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
ashleymills 0:714293de3836 4659 }
ashleymills 0:714293de3836 4660 #endif
ashleymills 0:714293de3836 4661
ashleymills 0:714293de3836 4662 if (ssl->curSize != 1) {
ashleymills 0:714293de3836 4663 CYASSL_MSG("Malicious or corrupted ChangeCipher msg");
ashleymills 0:714293de3836 4664 return LENGTH_ERROR;
ashleymills 0:714293de3836 4665 }
ashleymills 0:714293de3836 4666 #ifndef NO_CERTS
ashleymills 0:714293de3836 4667 if (ssl->options.side == SERVER_END &&
ashleymills 0:714293de3836 4668 ssl->options.verifyPeer &&
ashleymills 0:714293de3836 4669 ssl->options.havePeerCert)
ashleymills 0:714293de3836 4670 if (!ssl->options.havePeerVerify) {
ashleymills 0:714293de3836 4671 CYASSL_MSG("client didn't send cert verify");
ashleymills 0:714293de3836 4672 return NO_PEER_VERIFY;
ashleymills 0:714293de3836 4673 }
ashleymills 0:714293de3836 4674 #endif
ashleymills 0:714293de3836 4675
ashleymills 0:714293de3836 4676
ashleymills 0:714293de3836 4677 ssl->buffers.inputBuffer.idx++;
ashleymills 0:714293de3836 4678 ssl->keys.encryptionOn = 1;
ashleymills 0:714293de3836 4679
ashleymills 0:714293de3836 4680 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4681 if (ssl->options.dtls) {
ashleymills 0:714293de3836 4682 DtlsPoolReset(ssl);
ashleymills 0:714293de3836 4683 ssl->keys.dtls_expected_peer_epoch++;
ashleymills 0:714293de3836 4684 ssl->keys.dtls_expected_peer_sequence_number = 0;
ashleymills 0:714293de3836 4685 }
ashleymills 0:714293de3836 4686 #endif
ashleymills 0:714293de3836 4687
ashleymills 0:714293de3836 4688 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 4689 if (ssl->options.usingCompression)
ashleymills 0:714293de3836 4690 if ( (ret = InitStreams(ssl)) != 0)
ashleymills 0:714293de3836 4691 return ret;
ashleymills 0:714293de3836 4692 #endif
ashleymills 0:714293de3836 4693 if (ssl->options.resuming && ssl->options.side ==
ashleymills 0:714293de3836 4694 CLIENT_END)
ashleymills 0:714293de3836 4695 BuildFinished(ssl, &ssl->verifyHashes, server);
ashleymills 0:714293de3836 4696 else if (!ssl->options.resuming && ssl->options.side ==
ashleymills 0:714293de3836 4697 SERVER_END)
ashleymills 0:714293de3836 4698 BuildFinished(ssl, &ssl->verifyHashes, client);
ashleymills 0:714293de3836 4699 break;
ashleymills 0:714293de3836 4700
ashleymills 0:714293de3836 4701 case application_data:
ashleymills 0:714293de3836 4702 CYASSL_MSG("got app DATA");
ashleymills 0:714293de3836 4703 if ((ret = DoApplicationData(ssl,
ashleymills 0:714293de3836 4704 ssl->buffers.inputBuffer.buffer,
ashleymills 0:714293de3836 4705 &ssl->buffers.inputBuffer.idx))
ashleymills 0:714293de3836 4706 != 0) {
ashleymills 0:714293de3836 4707 CYASSL_ERROR(ret);
ashleymills 0:714293de3836 4708 return ret;
ashleymills 0:714293de3836 4709 }
ashleymills 0:714293de3836 4710 break;
ashleymills 0:714293de3836 4711
ashleymills 0:714293de3836 4712 case alert:
ashleymills 0:714293de3836 4713 CYASSL_MSG("got ALERT!");
ashleymills 0:714293de3836 4714 if (DoAlert(ssl, ssl->buffers.inputBuffer.buffer,
ashleymills 0:714293de3836 4715 &ssl->buffers.inputBuffer.idx, &type) == alert_fatal)
ashleymills 0:714293de3836 4716 return FATAL_ERROR;
ashleymills 0:714293de3836 4717
ashleymills 0:714293de3836 4718 /* catch warnings that are handled as errors */
ashleymills 0:714293de3836 4719 if (type == close_notify)
ashleymills 0:714293de3836 4720 return ssl->error = ZERO_RETURN;
ashleymills 0:714293de3836 4721
ashleymills 0:714293de3836 4722 if (type == decrypt_error)
ashleymills 0:714293de3836 4723 return FATAL_ERROR;
ashleymills 0:714293de3836 4724 break;
ashleymills 0:714293de3836 4725
ashleymills 0:714293de3836 4726 default:
ashleymills 0:714293de3836 4727 CYASSL_ERROR(UNKNOWN_RECORD_TYPE);
ashleymills 0:714293de3836 4728 return UNKNOWN_RECORD_TYPE;
ashleymills 0:714293de3836 4729 }
ashleymills 0:714293de3836 4730
ashleymills 0:714293de3836 4731 ssl->options.processReply = doProcessInit;
ashleymills 0:714293de3836 4732
ashleymills 0:714293de3836 4733 /* input exhausted? */
ashleymills 0:714293de3836 4734 if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length)
ashleymills 0:714293de3836 4735 return 0;
ashleymills 0:714293de3836 4736 /* more messages per record */
ashleymills 0:714293de3836 4737 else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
ashleymills 0:714293de3836 4738 CYASSL_MSG("More messages in record");
ashleymills 0:714293de3836 4739 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4740 /* read-ahead but dtls doesn't bundle messages per record */
ashleymills 0:714293de3836 4741 if (ssl->options.dtls) {
ashleymills 0:714293de3836 4742 ssl->options.processReply = doProcessInit;
ashleymills 0:714293de3836 4743 continue;
ashleymills 0:714293de3836 4744 }
ashleymills 0:714293de3836 4745 #endif
ashleymills 0:714293de3836 4746 ssl->options.processReply = runProcessingOneMessage;
ashleymills 0:714293de3836 4747 continue;
ashleymills 0:714293de3836 4748 }
ashleymills 0:714293de3836 4749 /* more records */
ashleymills 0:714293de3836 4750 else {
ashleymills 0:714293de3836 4751 CYASSL_MSG("More records in input");
ashleymills 0:714293de3836 4752 ssl->options.processReply = doProcessInit;
ashleymills 0:714293de3836 4753 continue;
ashleymills 0:714293de3836 4754 }
ashleymills 0:714293de3836 4755 default:
ashleymills 0:714293de3836 4756 CYASSL_MSG("Bad process input state, programming error");
ashleymills 0:714293de3836 4757 return INPUT_CASE_ERROR;
ashleymills 0:714293de3836 4758 }
ashleymills 0:714293de3836 4759 }
ashleymills 0:714293de3836 4760 }
ashleymills 0:714293de3836 4761
ashleymills 0:714293de3836 4762
ashleymills 0:714293de3836 4763 int SendChangeCipher(CYASSL* ssl)
ashleymills 0:714293de3836 4764 {
ashleymills 0:714293de3836 4765 byte *output;
ashleymills 0:714293de3836 4766 int sendSz = RECORD_HEADER_SZ + ENUM_LEN;
ashleymills 0:714293de3836 4767 int idx = RECORD_HEADER_SZ;
ashleymills 0:714293de3836 4768 int ret;
ashleymills 0:714293de3836 4769
ashleymills 0:714293de3836 4770 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4771 if (ssl->options.dtls) {
ashleymills 0:714293de3836 4772 sendSz += DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 4773 idx += DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 4774 }
ashleymills 0:714293de3836 4775 #endif
ashleymills 0:714293de3836 4776
ashleymills 0:714293de3836 4777 /* check for avalaible size */
ashleymills 0:714293de3836 4778 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
ashleymills 0:714293de3836 4779 return ret;
ashleymills 0:714293de3836 4780
ashleymills 0:714293de3836 4781 /* get ouput buffer */
ashleymills 0:714293de3836 4782 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 4783 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 4784
ashleymills 0:714293de3836 4785 AddRecordHeader(output, 1, change_cipher_spec, ssl);
ashleymills 0:714293de3836 4786
ashleymills 0:714293de3836 4787 output[idx] = 1; /* turn it on */
ashleymills 0:714293de3836 4788
ashleymills 0:714293de3836 4789 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4790 if (ssl->options.dtls) {
ashleymills 0:714293de3836 4791 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 4792 return ret;
ashleymills 0:714293de3836 4793 }
ashleymills 0:714293de3836 4794 #endif
ashleymills 0:714293de3836 4795 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 4796 if (ssl->hsInfoOn) AddPacketName("ChangeCipher", &ssl->handShakeInfo);
ashleymills 0:714293de3836 4797 if (ssl->toInfoOn)
ashleymills 0:714293de3836 4798 AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, output, sendSz,
ashleymills 0:714293de3836 4799 ssl->heap);
ashleymills 0:714293de3836 4800 #endif
ashleymills 0:714293de3836 4801 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 4802
ashleymills 0:714293de3836 4803 if (ssl->options.groupMessages)
ashleymills 0:714293de3836 4804 return 0;
ashleymills 0:714293de3836 4805 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4806 else if (ssl->options.dtls) {
ashleymills 0:714293de3836 4807 /* If using DTLS, force the ChangeCipherSpec message to be in the
ashleymills 0:714293de3836 4808 * same datagram as the finished message. */
ashleymills 0:714293de3836 4809 return 0;
ashleymills 0:714293de3836 4810 }
ashleymills 0:714293de3836 4811 #endif
ashleymills 0:714293de3836 4812 else
ashleymills 0:714293de3836 4813 return SendBuffered(ssl);
ashleymills 0:714293de3836 4814 }
ashleymills 0:714293de3836 4815
ashleymills 0:714293de3836 4816
ashleymills 0:714293de3836 4817 static INLINE const byte* GetMacSecret(CYASSL* ssl, int verify)
ashleymills 0:714293de3836 4818 {
ashleymills 0:714293de3836 4819 if ( (ssl->options.side == CLIENT_END && !verify) ||
ashleymills 0:714293de3836 4820 (ssl->options.side == SERVER_END && verify) )
ashleymills 0:714293de3836 4821 return ssl->keys.client_write_MAC_secret;
ashleymills 0:714293de3836 4822 else
ashleymills 0:714293de3836 4823 return ssl->keys.server_write_MAC_secret;
ashleymills 0:714293de3836 4824 }
ashleymills 0:714293de3836 4825
ashleymills 0:714293de3836 4826 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 4827 static void Hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
ashleymills 0:714293de3836 4828 int content, int verify)
ashleymills 0:714293de3836 4829 {
ashleymills 0:714293de3836 4830 byte result[MAX_DIGEST_SIZE];
ashleymills 0:714293de3836 4831 word32 digestSz = ssl->specs.hash_size; /* actual sizes */
ashleymills 0:714293de3836 4832 word32 padSz = ssl->specs.pad_size;
ashleymills 0:714293de3836 4833
ashleymills 0:714293de3836 4834 Md5 md5;
ashleymills 0:714293de3836 4835 Sha sha;
ashleymills 0:714293de3836 4836
ashleymills 0:714293de3836 4837 /* data */
ashleymills 0:714293de3836 4838 byte seq[SEQ_SZ];
ashleymills 0:714293de3836 4839 byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
ashleymills 0:714293de3836 4840 const byte* macSecret = GetMacSecret(ssl, verify);
ashleymills 0:714293de3836 4841
ashleymills 0:714293de3836 4842 XMEMSET(seq, 0, SEQ_SZ);
ashleymills 0:714293de3836 4843 conLen[0] = (byte)content;
ashleymills 0:714293de3836 4844 c16toa((word16)sz, &conLen[ENUM_LEN]);
ashleymills 0:714293de3836 4845 c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]);
ashleymills 0:714293de3836 4846
ashleymills 0:714293de3836 4847 if (ssl->specs.mac_algorithm == md5_mac) {
ashleymills 0:714293de3836 4848 InitMd5(&md5);
ashleymills 0:714293de3836 4849 /* inner */
ashleymills 0:714293de3836 4850 Md5Update(&md5, macSecret, digestSz);
ashleymills 0:714293de3836 4851 Md5Update(&md5, PAD1, padSz);
ashleymills 0:714293de3836 4852 Md5Update(&md5, seq, SEQ_SZ);
ashleymills 0:714293de3836 4853 Md5Update(&md5, conLen, sizeof(conLen));
ashleymills 0:714293de3836 4854 /* in buffer */
ashleymills 0:714293de3836 4855 Md5Update(&md5, in, sz);
ashleymills 0:714293de3836 4856 Md5Final(&md5, result);
ashleymills 0:714293de3836 4857 /* outer */
ashleymills 0:714293de3836 4858 Md5Update(&md5, macSecret, digestSz);
ashleymills 0:714293de3836 4859 Md5Update(&md5, PAD2, padSz);
ashleymills 0:714293de3836 4860 Md5Update(&md5, result, digestSz);
ashleymills 0:714293de3836 4861 Md5Final(&md5, digest);
ashleymills 0:714293de3836 4862 }
ashleymills 0:714293de3836 4863 else {
ashleymills 0:714293de3836 4864 InitSha(&sha);
ashleymills 0:714293de3836 4865 /* inner */
ashleymills 0:714293de3836 4866 ShaUpdate(&sha, macSecret, digestSz);
ashleymills 0:714293de3836 4867 ShaUpdate(&sha, PAD1, padSz);
ashleymills 0:714293de3836 4868 ShaUpdate(&sha, seq, SEQ_SZ);
ashleymills 0:714293de3836 4869 ShaUpdate(&sha, conLen, sizeof(conLen));
ashleymills 0:714293de3836 4870 /* in buffer */
ashleymills 0:714293de3836 4871 ShaUpdate(&sha, in, sz);
ashleymills 0:714293de3836 4872 ShaFinal(&sha, result);
ashleymills 0:714293de3836 4873 /* outer */
ashleymills 0:714293de3836 4874 ShaUpdate(&sha, macSecret, digestSz);
ashleymills 0:714293de3836 4875 ShaUpdate(&sha, PAD2, padSz);
ashleymills 0:714293de3836 4876 ShaUpdate(&sha, result, digestSz);
ashleymills 0:714293de3836 4877 ShaFinal(&sha, digest);
ashleymills 0:714293de3836 4878 }
ashleymills 0:714293de3836 4879 }
ashleymills 0:714293de3836 4880
ashleymills 0:714293de3836 4881 #ifndef NO_CERTS
ashleymills 0:714293de3836 4882 static void BuildMD5_CertVerify(CYASSL* ssl, byte* digest)
ashleymills 0:714293de3836 4883 {
ashleymills 0:714293de3836 4884 byte md5_result[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 4885
ashleymills 0:714293de3836 4886 /* make md5 inner */
ashleymills 0:714293de3836 4887 Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 4888 Md5Update(&ssl->hashMd5, PAD1, PAD_MD5);
ashleymills 0:714293de3836 4889 Md5Final(&ssl->hashMd5, md5_result);
ashleymills 0:714293de3836 4890
ashleymills 0:714293de3836 4891 /* make md5 outer */
ashleymills 0:714293de3836 4892 Md5Update(&ssl->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 4893 Md5Update(&ssl->hashMd5, PAD2, PAD_MD5);
ashleymills 0:714293de3836 4894 Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE);
ashleymills 0:714293de3836 4895
ashleymills 0:714293de3836 4896 Md5Final(&ssl->hashMd5, digest);
ashleymills 0:714293de3836 4897 }
ashleymills 0:714293de3836 4898
ashleymills 0:714293de3836 4899
ashleymills 0:714293de3836 4900 static void BuildSHA_CertVerify(CYASSL* ssl, byte* digest)
ashleymills 0:714293de3836 4901 {
ashleymills 0:714293de3836 4902 byte sha_result[SHA_DIGEST_SIZE];
ashleymills 0:714293de3836 4903
ashleymills 0:714293de3836 4904 /* make sha inner */
ashleymills 0:714293de3836 4905 ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 4906 ShaUpdate(&ssl->hashSha, PAD1, PAD_SHA);
ashleymills 0:714293de3836 4907 ShaFinal(&ssl->hashSha, sha_result);
ashleymills 0:714293de3836 4908
ashleymills 0:714293de3836 4909 /* make sha outer */
ashleymills 0:714293de3836 4910 ShaUpdate(&ssl->hashSha, ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 4911 ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA);
ashleymills 0:714293de3836 4912 ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE);
ashleymills 0:714293de3836 4913
ashleymills 0:714293de3836 4914 ShaFinal(&ssl->hashSha, digest);
ashleymills 0:714293de3836 4915 }
ashleymills 0:714293de3836 4916 #endif /* NO_CERTS */
ashleymills 0:714293de3836 4917 #endif /* NO_OLD_TLS */
ashleymills 0:714293de3836 4918
ashleymills 0:714293de3836 4919
ashleymills 0:714293de3836 4920 #ifndef NO_CERTS
ashleymills 0:714293de3836 4921
ashleymills 0:714293de3836 4922 static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
ashleymills 0:714293de3836 4923 {
ashleymills 0:714293de3836 4924 /* store current states, building requires get_digest which resets state */
ashleymills 0:714293de3836 4925 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 4926 Md5 md5 = ssl->hashMd5;
ashleymills 0:714293de3836 4927 Sha sha = ssl->hashSha;
ashleymills 0:714293de3836 4928 #endif
ashleymills 0:714293de3836 4929 #ifndef NO_SHA256
ashleymills 0:714293de3836 4930 Sha256 sha256 = ssl->hashSha256;
ashleymills 0:714293de3836 4931 #endif
ashleymills 0:714293de3836 4932 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 4933 Sha384 sha384 = ssl->hashSha384;
ashleymills 0:714293de3836 4934 #endif
ashleymills 0:714293de3836 4935
ashleymills 0:714293de3836 4936 if (ssl->options.tls) {
ashleymills 0:714293de3836 4937 #if ! defined( NO_OLD_TLS )
ashleymills 0:714293de3836 4938 Md5Final(&ssl->hashMd5, hashes->md5);
ashleymills 0:714293de3836 4939 ShaFinal(&ssl->hashSha, hashes->sha);
ashleymills 0:714293de3836 4940 #endif
ashleymills 0:714293de3836 4941 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 4942 #ifndef NO_SHA256
ashleymills 0:714293de3836 4943 Sha256Final(&ssl->hashSha256, hashes->sha256);
ashleymills 0:714293de3836 4944 #endif
ashleymills 0:714293de3836 4945 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 4946 Sha384Final(&ssl->hashSha384, hashes->sha384);
ashleymills 0:714293de3836 4947 #endif
ashleymills 0:714293de3836 4948 }
ashleymills 0:714293de3836 4949 }
ashleymills 0:714293de3836 4950 #if ! defined( NO_OLD_TLS )
ashleymills 0:714293de3836 4951 else {
ashleymills 0:714293de3836 4952 BuildMD5_CertVerify(ssl, hashes->md5);
ashleymills 0:714293de3836 4953 BuildSHA_CertVerify(ssl, hashes->sha);
ashleymills 0:714293de3836 4954 }
ashleymills 0:714293de3836 4955
ashleymills 0:714293de3836 4956 /* restore */
ashleymills 0:714293de3836 4957 ssl->hashMd5 = md5;
ashleymills 0:714293de3836 4958 ssl->hashSha = sha;
ashleymills 0:714293de3836 4959 #endif
ashleymills 0:714293de3836 4960 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 4961 #ifndef NO_SHA256
ashleymills 0:714293de3836 4962 ssl->hashSha256 = sha256;
ashleymills 0:714293de3836 4963 #endif
ashleymills 0:714293de3836 4964 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 4965 ssl->hashSha384 = sha384;
ashleymills 0:714293de3836 4966 #endif
ashleymills 0:714293de3836 4967 }
ashleymills 0:714293de3836 4968 }
ashleymills 0:714293de3836 4969
ashleymills 0:714293de3836 4970 #endif /* CYASSL_LEANPSK */
ashleymills 0:714293de3836 4971
ashleymills 0:714293de3836 4972 /* Build SSL Message, encrypted */
ashleymills 0:714293de3836 4973 static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
ashleymills 0:714293de3836 4974 int type)
ashleymills 0:714293de3836 4975 {
ashleymills 0:714293de3836 4976 word32 digestSz = ssl->specs.hash_size;
ashleymills 0:714293de3836 4977 word32 sz = RECORD_HEADER_SZ + inSz + digestSz;
ashleymills 0:714293de3836 4978 word32 pad = 0, i;
ashleymills 0:714293de3836 4979 word32 idx = RECORD_HEADER_SZ;
ashleymills 0:714293de3836 4980 word32 ivSz = 0; /* TLSv1.1 IV */
ashleymills 0:714293de3836 4981 word32 headerSz = RECORD_HEADER_SZ;
ashleymills 0:714293de3836 4982 word16 size;
ashleymills 0:714293de3836 4983 byte iv[AES_BLOCK_SIZE]; /* max size */
ashleymills 0:714293de3836 4984 int ret = 0;
ashleymills 0:714293de3836 4985
ashleymills 0:714293de3836 4986 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4987 if (ssl->options.dtls) {
ashleymills 0:714293de3836 4988 sz += DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 4989 idx += DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 4990 headerSz += DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 4991 }
ashleymills 0:714293de3836 4992 #endif
ashleymills 0:714293de3836 4993
ashleymills 0:714293de3836 4994 if (ssl->specs.cipher_type == block) {
ashleymills 0:714293de3836 4995 word32 blockSz = ssl->specs.block_size;
ashleymills 0:714293de3836 4996 if (ssl->options.tls1_1) {
ashleymills 0:714293de3836 4997 ivSz = blockSz;
ashleymills 0:714293de3836 4998 sz += ivSz;
ashleymills 0:714293de3836 4999 RNG_GenerateBlock(ssl->rng, iv, ivSz);
ashleymills 0:714293de3836 5000 }
ashleymills 0:714293de3836 5001 sz += 1; /* pad byte */
ashleymills 0:714293de3836 5002 pad = (sz - headerSz) % blockSz;
ashleymills 0:714293de3836 5003 pad = blockSz - pad;
ashleymills 0:714293de3836 5004 sz += pad;
ashleymills 0:714293de3836 5005 }
ashleymills 0:714293de3836 5006
ashleymills 0:714293de3836 5007 #ifdef HAVE_AEAD
ashleymills 0:714293de3836 5008 if (ssl->specs.cipher_type == aead) {
ashleymills 0:714293de3836 5009 ivSz = AEAD_EXP_IV_SZ;
ashleymills 0:714293de3836 5010 sz += (ivSz + ssl->specs.aead_mac_size - digestSz);
ashleymills 0:714293de3836 5011 XMEMCPY(iv, ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
ashleymills 0:714293de3836 5012 }
ashleymills 0:714293de3836 5013 #endif
ashleymills 0:714293de3836 5014 size = (word16)(sz - headerSz); /* include mac and digest */
ashleymills 0:714293de3836 5015 AddRecordHeader(output, size, (byte)type, ssl);
ashleymills 0:714293de3836 5016
ashleymills 0:714293de3836 5017 /* write to output */
ashleymills 0:714293de3836 5018 if (ivSz) {
ashleymills 0:714293de3836 5019 XMEMCPY(output + idx, iv, min(ivSz, sizeof(iv)));
ashleymills 0:714293de3836 5020 idx += ivSz;
ashleymills 0:714293de3836 5021 }
ashleymills 0:714293de3836 5022 XMEMCPY(output + idx, input, inSz);
ashleymills 0:714293de3836 5023 idx += inSz;
ashleymills 0:714293de3836 5024
ashleymills 0:714293de3836 5025 if (type == handshake) {
ashleymills 0:714293de3836 5026 HashOutput(ssl, output, headerSz + inSz, ivSz);
ashleymills 0:714293de3836 5027 }
ashleymills 0:714293de3836 5028
ashleymills 0:714293de3836 5029 if (ssl->specs.cipher_type != aead) {
ashleymills 0:714293de3836 5030 ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz, type, 0);
ashleymills 0:714293de3836 5031 idx += digestSz;
ashleymills 0:714293de3836 5032 }
ashleymills 0:714293de3836 5033
ashleymills 0:714293de3836 5034 if (ssl->specs.cipher_type == block)
ashleymills 0:714293de3836 5035 for (i = 0; i <= pad; i++)
ashleymills 0:714293de3836 5036 output[idx++] = (byte)pad; /* pad byte gets pad value too */
ashleymills 0:714293de3836 5037
ashleymills 0:714293de3836 5038 if ( (ret = Encrypt(ssl, output + headerSz, output + headerSz, size)) != 0)
ashleymills 0:714293de3836 5039 return ret;
ashleymills 0:714293de3836 5040
ashleymills 0:714293de3836 5041 return sz;
ashleymills 0:714293de3836 5042 }
ashleymills 0:714293de3836 5043
ashleymills 0:714293de3836 5044
ashleymills 0:714293de3836 5045 int SendFinished(CYASSL* ssl)
ashleymills 0:714293de3836 5046 {
ashleymills 0:714293de3836 5047 int sendSz,
ashleymills 0:714293de3836 5048 finishedSz = ssl->options.tls ? TLS_FINISHED_SZ :
ashleymills 0:714293de3836 5049 FINISHED_SZ;
ashleymills 0:714293de3836 5050 byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */
ashleymills 0:714293de3836 5051 byte *output;
ashleymills 0:714293de3836 5052 Hashes* hashes;
ashleymills 0:714293de3836 5053 int ret;
ashleymills 0:714293de3836 5054 int headerSz = HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 5055
ashleymills 0:714293de3836 5056 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5057 word32 sequence_number = ssl->keys.dtls_sequence_number;
ashleymills 0:714293de3836 5058 word16 epoch = ssl->keys.dtls_epoch;
ashleymills 0:714293de3836 5059 #endif
ashleymills 0:714293de3836 5060
ashleymills 0:714293de3836 5061
ashleymills 0:714293de3836 5062 /* check for available size */
ashleymills 0:714293de3836 5063 if ((ret = CheckAvailableSize(ssl, sizeof(input) + MAX_MSG_EXTRA)) != 0)
ashleymills 0:714293de3836 5064 return ret;
ashleymills 0:714293de3836 5065
ashleymills 0:714293de3836 5066 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5067 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5068 /* Send Finished message with the next epoch, but don't commit that
ashleymills 0:714293de3836 5069 * change until the other end confirms its reception. */
ashleymills 0:714293de3836 5070 headerSz += DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 5071 ssl->keys.dtls_epoch++;
ashleymills 0:714293de3836 5072 ssl->keys.dtls_sequence_number = 0; /* reset after epoch change */
ashleymills 0:714293de3836 5073 }
ashleymills 0:714293de3836 5074 #endif
ashleymills 0:714293de3836 5075
ashleymills 0:714293de3836 5076 /* get ouput buffer */
ashleymills 0:714293de3836 5077 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 5078 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 5079
ashleymills 0:714293de3836 5080 AddHandShakeHeader(input, finishedSz, finished, ssl);
ashleymills 0:714293de3836 5081
ashleymills 0:714293de3836 5082 /* make finished hashes */
ashleymills 0:714293de3836 5083 hashes = (Hashes*)&input[headerSz];
ashleymills 0:714293de3836 5084 BuildFinished(ssl, hashes, ssl->options.side == CLIENT_END ? client :
ashleymills 0:714293de3836 5085 server);
ashleymills 0:714293de3836 5086
ashleymills 0:714293de3836 5087 sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake);
ashleymills 0:714293de3836 5088
ashleymills 0:714293de3836 5089 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5090 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5091 ssl->keys.dtls_epoch = epoch;
ashleymills 0:714293de3836 5092 ssl->keys.dtls_sequence_number = sequence_number;
ashleymills 0:714293de3836 5093 }
ashleymills 0:714293de3836 5094 #endif
ashleymills 0:714293de3836 5095
ashleymills 0:714293de3836 5096 if (sendSz < 0)
ashleymills 0:714293de3836 5097 return BUILD_MSG_ERROR;
ashleymills 0:714293de3836 5098
ashleymills 0:714293de3836 5099 if (!ssl->options.resuming) {
ashleymills 0:714293de3836 5100 #ifndef NO_SESSION_CACHE
ashleymills 0:714293de3836 5101 AddSession(ssl); /* just try */
ashleymills 0:714293de3836 5102 #endif
ashleymills 0:714293de3836 5103 if (ssl->options.side == CLIENT_END) {
ashleymills 0:714293de3836 5104 BuildFinished(ssl, &ssl->verifyHashes, server);
ashleymills 0:714293de3836 5105 }
ashleymills 0:714293de3836 5106 else {
ashleymills 0:714293de3836 5107 ssl->options.handShakeState = HANDSHAKE_DONE;
ashleymills 0:714293de3836 5108 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5109 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5110 /* Other side will soon receive our Finished, go to next
ashleymills 0:714293de3836 5111 * epoch. */
ashleymills 0:714293de3836 5112 ssl->keys.dtls_epoch++;
ashleymills 0:714293de3836 5113 ssl->keys.dtls_sequence_number = 1;
ashleymills 0:714293de3836 5114 }
ashleymills 0:714293de3836 5115 #endif
ashleymills 0:714293de3836 5116 }
ashleymills 0:714293de3836 5117 }
ashleymills 0:714293de3836 5118 else {
ashleymills 0:714293de3836 5119 if (ssl->options.side == CLIENT_END) {
ashleymills 0:714293de3836 5120 ssl->options.handShakeState = HANDSHAKE_DONE;
ashleymills 0:714293de3836 5121 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5122 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5123 /* Other side will soon receive our Finished, go to next
ashleymills 0:714293de3836 5124 * epoch. */
ashleymills 0:714293de3836 5125 ssl->keys.dtls_epoch++;
ashleymills 0:714293de3836 5126 ssl->keys.dtls_sequence_number = 1;
ashleymills 0:714293de3836 5127 }
ashleymills 0:714293de3836 5128 #endif
ashleymills 0:714293de3836 5129 }
ashleymills 0:714293de3836 5130 else {
ashleymills 0:714293de3836 5131 BuildFinished(ssl, &ssl->verifyHashes, client);
ashleymills 0:714293de3836 5132 }
ashleymills 0:714293de3836 5133 }
ashleymills 0:714293de3836 5134 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5135 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5136 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 5137 return ret;
ashleymills 0:714293de3836 5138 }
ashleymills 0:714293de3836 5139 #endif
ashleymills 0:714293de3836 5140
ashleymills 0:714293de3836 5141 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 5142 if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
ashleymills 0:714293de3836 5143 if (ssl->toInfoOn)
ashleymills 0:714293de3836 5144 AddPacketInfo("Finished", &ssl->timeoutInfo, output, sendSz,
ashleymills 0:714293de3836 5145 ssl->heap);
ashleymills 0:714293de3836 5146 #endif
ashleymills 0:714293de3836 5147
ashleymills 0:714293de3836 5148 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 5149
ashleymills 0:714293de3836 5150 return SendBuffered(ssl);
ashleymills 0:714293de3836 5151 }
ashleymills 0:714293de3836 5152
ashleymills 0:714293de3836 5153 #ifndef NO_CERTS
ashleymills 0:714293de3836 5154 int SendCertificate(CYASSL* ssl)
ashleymills 0:714293de3836 5155 {
ashleymills 0:714293de3836 5156 int sendSz, length, ret = 0;
ashleymills 0:714293de3836 5157 word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 5158 word32 certSz, listSz;
ashleymills 0:714293de3836 5159 byte* output = 0;
ashleymills 0:714293de3836 5160
ashleymills 0:714293de3836 5161 if (ssl->options.usingPSK_cipher) return 0; /* not needed */
ashleymills 0:714293de3836 5162
ashleymills 0:714293de3836 5163 if (ssl->options.sendVerify == SEND_BLANK_CERT) {
ashleymills 0:714293de3836 5164 certSz = 0;
ashleymills 0:714293de3836 5165 length = CERT_HEADER_SZ;
ashleymills 0:714293de3836 5166 listSz = 0;
ashleymills 0:714293de3836 5167 }
ashleymills 0:714293de3836 5168 else {
ashleymills 0:714293de3836 5169 certSz = ssl->buffers.certificate.length;
ashleymills 0:714293de3836 5170 /* list + cert size */
ashleymills 0:714293de3836 5171 length = certSz + 2 * CERT_HEADER_SZ;
ashleymills 0:714293de3836 5172 listSz = certSz + CERT_HEADER_SZ;
ashleymills 0:714293de3836 5173
ashleymills 0:714293de3836 5174 /* may need to send rest of chain, already has leading size(s) */
ashleymills 0:714293de3836 5175 if (ssl->buffers.certChain.buffer) {
ashleymills 0:714293de3836 5176 length += ssl->buffers.certChain.length;
ashleymills 0:714293de3836 5177 listSz += ssl->buffers.certChain.length;
ashleymills 0:714293de3836 5178 }
ashleymills 0:714293de3836 5179 }
ashleymills 0:714293de3836 5180 sendSz = length + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 5181
ashleymills 0:714293de3836 5182 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5183 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5184 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 5185 i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 5186 }
ashleymills 0:714293de3836 5187 #endif
ashleymills 0:714293de3836 5188
ashleymills 0:714293de3836 5189 /* check for available size */
ashleymills 0:714293de3836 5190 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
ashleymills 0:714293de3836 5191 return ret;
ashleymills 0:714293de3836 5192
ashleymills 0:714293de3836 5193 /* get ouput buffer */
ashleymills 0:714293de3836 5194 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 5195 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 5196
ashleymills 0:714293de3836 5197 AddHeaders(output, length, certificate, ssl);
ashleymills 0:714293de3836 5198
ashleymills 0:714293de3836 5199 /* list total */
ashleymills 0:714293de3836 5200 c32to24(listSz, output + i);
ashleymills 0:714293de3836 5201 i += CERT_HEADER_SZ;
ashleymills 0:714293de3836 5202
ashleymills 0:714293de3836 5203 /* member */
ashleymills 0:714293de3836 5204 if (certSz) {
ashleymills 0:714293de3836 5205 c32to24(certSz, output + i);
ashleymills 0:714293de3836 5206 i += CERT_HEADER_SZ;
ashleymills 0:714293de3836 5207 XMEMCPY(output + i, ssl->buffers.certificate.buffer, certSz);
ashleymills 0:714293de3836 5208 i += certSz;
ashleymills 0:714293de3836 5209
ashleymills 0:714293de3836 5210 /* send rest of chain? */
ashleymills 0:714293de3836 5211 if (ssl->buffers.certChain.buffer) {
ashleymills 0:714293de3836 5212 XMEMCPY(output + i, ssl->buffers.certChain.buffer,
ashleymills 0:714293de3836 5213 ssl->buffers.certChain.length);
ashleymills 0:714293de3836 5214 /* if add more to output adjust i
ashleymills 0:714293de3836 5215 i += ssl->buffers.certChain.length; */
ashleymills 0:714293de3836 5216 }
ashleymills 0:714293de3836 5217 }
ashleymills 0:714293de3836 5218 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5219 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5220 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 5221 return ret;
ashleymills 0:714293de3836 5222 }
ashleymills 0:714293de3836 5223 #endif
ashleymills 0:714293de3836 5224 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 5225 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 5226 if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
ashleymills 0:714293de3836 5227 if (ssl->toInfoOn)
ashleymills 0:714293de3836 5228 AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
ashleymills 0:714293de3836 5229 ssl->heap);
ashleymills 0:714293de3836 5230 #endif
ashleymills 0:714293de3836 5231
ashleymills 0:714293de3836 5232 if (ssl->options.side == SERVER_END)
ashleymills 0:714293de3836 5233 ssl->options.serverState = SERVER_CERT_COMPLETE;
ashleymills 0:714293de3836 5234
ashleymills 0:714293de3836 5235 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 5236 if (ssl->options.groupMessages)
ashleymills 0:714293de3836 5237 return 0;
ashleymills 0:714293de3836 5238 else
ashleymills 0:714293de3836 5239 return SendBuffered(ssl);
ashleymills 0:714293de3836 5240 }
ashleymills 0:714293de3836 5241
ashleymills 0:714293de3836 5242
ashleymills 0:714293de3836 5243 int SendCertificateRequest(CYASSL* ssl)
ashleymills 0:714293de3836 5244 {
ashleymills 0:714293de3836 5245 byte *output;
ashleymills 0:714293de3836 5246 int ret;
ashleymills 0:714293de3836 5247 int sendSz;
ashleymills 0:714293de3836 5248 word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 5249
ashleymills 0:714293de3836 5250 int typeTotal = 1; /* only rsa for now */
ashleymills 0:714293de3836 5251 int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
ashleymills 0:714293de3836 5252
ashleymills 0:714293de3836 5253 if (IsAtLeastTLSv1_2(ssl))
ashleymills 0:714293de3836 5254 reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz;
ashleymills 0:714293de3836 5255
ashleymills 0:714293de3836 5256 if (ssl->options.usingPSK_cipher) return 0; /* not needed */
ashleymills 0:714293de3836 5257
ashleymills 0:714293de3836 5258 sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz;
ashleymills 0:714293de3836 5259
ashleymills 0:714293de3836 5260 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5261 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5262 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 5263 i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 5264 }
ashleymills 0:714293de3836 5265 #endif
ashleymills 0:714293de3836 5266 /* check for available size */
ashleymills 0:714293de3836 5267 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
ashleymills 0:714293de3836 5268 return ret;
ashleymills 0:714293de3836 5269
ashleymills 0:714293de3836 5270 /* get ouput buffer */
ashleymills 0:714293de3836 5271 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 5272 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 5273
ashleymills 0:714293de3836 5274 AddHeaders(output, reqSz, certificate_request, ssl);
ashleymills 0:714293de3836 5275
ashleymills 0:714293de3836 5276 /* write to output */
ashleymills 0:714293de3836 5277 output[i++] = (byte)typeTotal; /* # of types */
ashleymills 0:714293de3836 5278 output[i++] = rsa_sign;
ashleymills 0:714293de3836 5279
ashleymills 0:714293de3836 5280 /* supported hash/sig */
ashleymills 0:714293de3836 5281 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 5282 c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
ashleymills 0:714293de3836 5283 i += LENGTH_SZ;
ashleymills 0:714293de3836 5284
ashleymills 0:714293de3836 5285 XMEMCPY(&output[i],
ashleymills 0:714293de3836 5286 ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
ashleymills 0:714293de3836 5287 i += ssl->suites->hashSigAlgoSz;
ashleymills 0:714293de3836 5288 }
ashleymills 0:714293de3836 5289
ashleymills 0:714293de3836 5290 c16toa(0, &output[i]); /* auth's */
ashleymills 0:714293de3836 5291 /* if add more to output, adjust i
ashleymills 0:714293de3836 5292 i += REQ_HEADER_SZ; */
ashleymills 0:714293de3836 5293
ashleymills 0:714293de3836 5294 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5295 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5296 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 5297 return ret;
ashleymills 0:714293de3836 5298 }
ashleymills 0:714293de3836 5299 #endif
ashleymills 0:714293de3836 5300 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 5301
ashleymills 0:714293de3836 5302 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 5303 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 5304 AddPacketName("CertificateRequest", &ssl->handShakeInfo);
ashleymills 0:714293de3836 5305 if (ssl->toInfoOn)
ashleymills 0:714293de3836 5306 AddPacketInfo("CertificateRequest", &ssl->timeoutInfo, output,
ashleymills 0:714293de3836 5307 sendSz, ssl->heap);
ashleymills 0:714293de3836 5308 #endif
ashleymills 0:714293de3836 5309 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 5310 if (ssl->options.groupMessages)
ashleymills 0:714293de3836 5311 return 0;
ashleymills 0:714293de3836 5312 else
ashleymills 0:714293de3836 5313 return SendBuffered(ssl);
ashleymills 0:714293de3836 5314 }
ashleymills 0:714293de3836 5315 #endif /* !NO_CERTS */
ashleymills 0:714293de3836 5316
ashleymills 0:714293de3836 5317
ashleymills 0:714293de3836 5318 int SendData(CYASSL* ssl, const void* data, int sz)
ashleymills 0:714293de3836 5319 {
ashleymills 0:714293de3836 5320 int sent = 0, /* plainText size */
ashleymills 0:714293de3836 5321 sendSz,
ashleymills 0:714293de3836 5322 ret;
ashleymills 0:714293de3836 5323
ashleymills 0:714293de3836 5324 if (ssl->error == WANT_WRITE)
ashleymills 0:714293de3836 5325 ssl->error = 0;
ashleymills 0:714293de3836 5326
ashleymills 0:714293de3836 5327 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
ashleymills 0:714293de3836 5328 int err;
ashleymills 0:714293de3836 5329 CYASSL_MSG("handshake not complete, trying to finish");
ashleymills 0:714293de3836 5330 if ( (err = CyaSSL_negotiate(ssl)) != SSL_SUCCESS)
ashleymills 0:714293de3836 5331 return err;
ashleymills 0:714293de3836 5332 }
ashleymills 0:714293de3836 5333
ashleymills 0:714293de3836 5334 /* last time system socket output buffer was full, try again to send */
ashleymills 0:714293de3836 5335 if (ssl->buffers.outputBuffer.length > 0) {
ashleymills 0:714293de3836 5336 CYASSL_MSG("output buffer was full, trying to send again");
ashleymills 0:714293de3836 5337 if ( (ssl->error = SendBuffered(ssl)) < 0) {
ashleymills 0:714293de3836 5338 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 5339 if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset)
ashleymills 0:714293de3836 5340 return 0; /* peer reset */
ashleymills 0:714293de3836 5341 return ssl->error;
ashleymills 0:714293de3836 5342 }
ashleymills 0:714293de3836 5343 else {
ashleymills 0:714293de3836 5344 /* advance sent to previous sent + plain size just sent */
ashleymills 0:714293de3836 5345 sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
ashleymills 0:714293de3836 5346 CYASSL_MSG("sent write buffered data");
ashleymills 0:714293de3836 5347 }
ashleymills 0:714293de3836 5348 }
ashleymills 0:714293de3836 5349
ashleymills 0:714293de3836 5350 for (;;) {
ashleymills 0:714293de3836 5351 int len = min(sz - sent, OUTPUT_RECORD_SIZE);
ashleymills 0:714293de3836 5352 byte* out;
ashleymills 0:714293de3836 5353 byte* sendBuffer = (byte*)data + sent; /* may switch on comp */
ashleymills 0:714293de3836 5354 int buffSz = len; /* may switch on comp */
ashleymills 0:714293de3836 5355 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 5356 byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
ashleymills 0:714293de3836 5357 #endif
ashleymills 0:714293de3836 5358
ashleymills 0:714293de3836 5359 if (sent == sz) break;
ashleymills 0:714293de3836 5360
ashleymills 0:714293de3836 5361 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5362 if (ssl->options.dtls) {
ashleymills 0:714293de3836 5363 len = min(len, MAX_UDP_SIZE);
ashleymills 0:714293de3836 5364 buffSz = len;
ashleymills 0:714293de3836 5365 }
ashleymills 0:714293de3836 5366 #endif
ashleymills 0:714293de3836 5367
ashleymills 0:714293de3836 5368 /* check for available size */
ashleymills 0:714293de3836 5369 if ((ret = CheckAvailableSize(ssl, len + COMP_EXTRA +
ashleymills 0:714293de3836 5370 MAX_MSG_EXTRA)) != 0)
ashleymills 0:714293de3836 5371 return ssl->error = ret;
ashleymills 0:714293de3836 5372
ashleymills 0:714293de3836 5373 /* get ouput buffer */
ashleymills 0:714293de3836 5374 out = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 5375 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 5376
ashleymills 0:714293de3836 5377 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 5378 if (ssl->options.usingCompression) {
ashleymills 0:714293de3836 5379 buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp));
ashleymills 0:714293de3836 5380 if (buffSz < 0) {
ashleymills 0:714293de3836 5381 return buffSz;
ashleymills 0:714293de3836 5382 }
ashleymills 0:714293de3836 5383 sendBuffer = comp;
ashleymills 0:714293de3836 5384 }
ashleymills 0:714293de3836 5385 #endif
ashleymills 0:714293de3836 5386 sendSz = BuildMessage(ssl, out, sendBuffer, buffSz,
ashleymills 0:714293de3836 5387 application_data);
ashleymills 0:714293de3836 5388
ashleymills 0:714293de3836 5389 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 5390
ashleymills 0:714293de3836 5391 if ( (ret = SendBuffered(ssl)) < 0) {
ashleymills 0:714293de3836 5392 CYASSL_ERROR(ret);
ashleymills 0:714293de3836 5393 /* store for next call if WANT_WRITE or user embedSend() that
ashleymills 0:714293de3836 5394 doesn't present like WANT_WRITE */
ashleymills 0:714293de3836 5395 ssl->buffers.plainSz = len;
ashleymills 0:714293de3836 5396 ssl->buffers.prevSent = sent;
ashleymills 0:714293de3836 5397 if (ret == SOCKET_ERROR_E && ssl->options.connReset)
ashleymills 0:714293de3836 5398 return 0; /* peer reset */
ashleymills 0:714293de3836 5399 return ssl->error = ret;
ashleymills 0:714293de3836 5400 }
ashleymills 0:714293de3836 5401
ashleymills 0:714293de3836 5402 sent += len;
ashleymills 0:714293de3836 5403
ashleymills 0:714293de3836 5404 /* only one message per attempt */
ashleymills 0:714293de3836 5405 if (ssl->options.partialWrite == 1) {
ashleymills 0:714293de3836 5406 CYASSL_MSG("Paritial Write on, only sending one record");
ashleymills 0:714293de3836 5407 break;
ashleymills 0:714293de3836 5408 }
ashleymills 0:714293de3836 5409 }
ashleymills 0:714293de3836 5410
ashleymills 0:714293de3836 5411 return sent;
ashleymills 0:714293de3836 5412 }
ashleymills 0:714293de3836 5413
ashleymills 0:714293de3836 5414 /* process input data */
ashleymills 0:714293de3836 5415 int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
ashleymills 0:714293de3836 5416 {
ashleymills 0:714293de3836 5417 int size;
ashleymills 0:714293de3836 5418
ashleymills 0:714293de3836 5419 CYASSL_ENTER("ReceiveData()");
ashleymills 0:714293de3836 5420
ashleymills 0:714293de3836 5421 if (ssl->error == WANT_READ)
ashleymills 0:714293de3836 5422 ssl->error = 0;
ashleymills 0:714293de3836 5423
ashleymills 0:714293de3836 5424 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
ashleymills 0:714293de3836 5425 int err;
ashleymills 0:714293de3836 5426 CYASSL_MSG("Handshake not complete, trying to finish");
ashleymills 0:714293de3836 5427 if ( (err = CyaSSL_negotiate(ssl)) != SSL_SUCCESS)
ashleymills 0:714293de3836 5428 return err;
ashleymills 0:714293de3836 5429 }
ashleymills 0:714293de3836 5430
ashleymills 0:714293de3836 5431 while (ssl->buffers.clearOutputBuffer.length == 0)
ashleymills 0:714293de3836 5432 if ( (ssl->error = ProcessReply(ssl)) < 0) {
ashleymills 0:714293de3836 5433 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 5434 if (ssl->error == ZERO_RETURN) {
ashleymills 0:714293de3836 5435 CYASSL_MSG("Zero return, no more data coming");
ashleymills 0:714293de3836 5436 return 0; /* no more data coming */
ashleymills 0:714293de3836 5437 }
ashleymills 0:714293de3836 5438 if (ssl->error == SOCKET_ERROR_E) {
ashleymills 0:714293de3836 5439 if (ssl->options.connReset || ssl->options.isClosed) {
ashleymills 0:714293de3836 5440 CYASSL_MSG("Peer reset or closed, connection done");
ashleymills 0:714293de3836 5441 return 0; /* peer reset or closed */
ashleymills 0:714293de3836 5442 }
ashleymills 0:714293de3836 5443 }
ashleymills 0:714293de3836 5444 return ssl->error;
ashleymills 0:714293de3836 5445 }
ashleymills 0:714293de3836 5446
ashleymills 0:714293de3836 5447 if (sz < (int)ssl->buffers.clearOutputBuffer.length)
ashleymills 0:714293de3836 5448 size = sz;
ashleymills 0:714293de3836 5449 else
ashleymills 0:714293de3836 5450 size = ssl->buffers.clearOutputBuffer.length;
ashleymills 0:714293de3836 5451
ashleymills 0:714293de3836 5452 XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
ashleymills 0:714293de3836 5453
ashleymills 0:714293de3836 5454 if (peek == 0) {
ashleymills 0:714293de3836 5455 ssl->buffers.clearOutputBuffer.length -= size;
ashleymills 0:714293de3836 5456 ssl->buffers.clearOutputBuffer.buffer += size;
ashleymills 0:714293de3836 5457 }
ashleymills 0:714293de3836 5458
ashleymills 0:714293de3836 5459 if (ssl->buffers.clearOutputBuffer.length == 0 &&
ashleymills 0:714293de3836 5460 ssl->buffers.inputBuffer.dynamicFlag)
ashleymills 0:714293de3836 5461 ShrinkInputBuffer(ssl, NO_FORCED_FREE);
ashleymills 0:714293de3836 5462
ashleymills 0:714293de3836 5463 CYASSL_LEAVE("ReceiveData()", size);
ashleymills 0:714293de3836 5464 return size;
ashleymills 0:714293de3836 5465 }
ashleymills 0:714293de3836 5466
ashleymills 0:714293de3836 5467
ashleymills 0:714293de3836 5468 /* send alert message */
ashleymills 0:714293de3836 5469 int SendAlert(CYASSL* ssl, int severity, int type)
ashleymills 0:714293de3836 5470 {
ashleymills 0:714293de3836 5471 byte input[ALERT_SIZE];
ashleymills 0:714293de3836 5472 byte *output;
ashleymills 0:714293de3836 5473 int sendSz;
ashleymills 0:714293de3836 5474 int ret;
ashleymills 0:714293de3836 5475 int dtlsExtra = 0;
ashleymills 0:714293de3836 5476
ashleymills 0:714293de3836 5477 /* if sendalert is called again for nonbloking */
ashleymills 0:714293de3836 5478 if (ssl->options.sendAlertState != 0) {
ashleymills 0:714293de3836 5479 ret = SendBuffered(ssl);
ashleymills 0:714293de3836 5480 if (ret == 0)
ashleymills 0:714293de3836 5481 ssl->options.sendAlertState = 0;
ashleymills 0:714293de3836 5482 return ret;
ashleymills 0:714293de3836 5483 }
ashleymills 0:714293de3836 5484
ashleymills 0:714293de3836 5485 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5486 if (ssl->options.dtls)
ashleymills 0:714293de3836 5487 dtlsExtra = DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 5488 #endif
ashleymills 0:714293de3836 5489
ashleymills 0:714293de3836 5490 /* check for available size */
ashleymills 0:714293de3836 5491 if ((ret = CheckAvailableSize(ssl,
ashleymills 0:714293de3836 5492 ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0)
ashleymills 0:714293de3836 5493 return ret;
ashleymills 0:714293de3836 5494
ashleymills 0:714293de3836 5495 /* get ouput buffer */
ashleymills 0:714293de3836 5496 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 5497 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 5498
ashleymills 0:714293de3836 5499 input[0] = (byte)severity;
ashleymills 0:714293de3836 5500 input[1] = (byte)type;
ashleymills 0:714293de3836 5501 ssl->alert_history.last_tx.code = type;
ashleymills 0:714293de3836 5502 ssl->alert_history.last_tx.level = severity;
ashleymills 0:714293de3836 5503 if (severity == alert_fatal) {
ashleymills 0:714293de3836 5504 ssl->options.isClosed = 1; /* Don't send close_notify */
ashleymills 0:714293de3836 5505 }
ashleymills 0:714293de3836 5506
ashleymills 0:714293de3836 5507 /* only send encrypted alert if handshake actually complete, otherwise
ashleymills 0:714293de3836 5508 other side may not be able to handle it */
ashleymills 0:714293de3836 5509 if (ssl->keys.encryptionOn && ssl->options.handShakeState == HANDSHAKE_DONE)
ashleymills 0:714293de3836 5510 sendSz = BuildMessage(ssl, output, input, ALERT_SIZE, alert);
ashleymills 0:714293de3836 5511 else {
ashleymills 0:714293de3836 5512
ashleymills 0:714293de3836 5513 AddRecordHeader(output, ALERT_SIZE, alert, ssl);
ashleymills 0:714293de3836 5514 output += RECORD_HEADER_SZ;
ashleymills 0:714293de3836 5515 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5516 if (ssl->options.dtls)
ashleymills 0:714293de3836 5517 output += DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 5518 #endif
ashleymills 0:714293de3836 5519 XMEMCPY(output, input, ALERT_SIZE);
ashleymills 0:714293de3836 5520
ashleymills 0:714293de3836 5521 sendSz = RECORD_HEADER_SZ + ALERT_SIZE;
ashleymills 0:714293de3836 5522 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 5523 if (ssl->options.dtls)
ashleymills 0:714293de3836 5524 sendSz += DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 5525 #endif
ashleymills 0:714293de3836 5526 }
ashleymills 0:714293de3836 5527
ashleymills 0:714293de3836 5528 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 5529 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 5530 AddPacketName("Alert", &ssl->handShakeInfo);
ashleymills 0:714293de3836 5531 if (ssl->toInfoOn)
ashleymills 0:714293de3836 5532 AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap);
ashleymills 0:714293de3836 5533 #endif
ashleymills 0:714293de3836 5534
ashleymills 0:714293de3836 5535 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 5536 ssl->options.sendAlertState = 1;
ashleymills 0:714293de3836 5537
ashleymills 0:714293de3836 5538 return SendBuffered(ssl);
ashleymills 0:714293de3836 5539 }
ashleymills 0:714293de3836 5540
ashleymills 0:714293de3836 5541
ashleymills 0:714293de3836 5542
ashleymills 0:714293de3836 5543 void SetErrorString(int error, char* str)
ashleymills 0:714293de3836 5544 {
ashleymills 0:714293de3836 5545 const int max = MAX_ERROR_SZ; /* shorthand */
ashleymills 0:714293de3836 5546
ashleymills 0:714293de3836 5547 #ifdef NO_ERROR_STRINGS
ashleymills 0:714293de3836 5548
ashleymills 0:714293de3836 5549 (void)error;
ashleymills 0:714293de3836 5550 XSTRNCPY(str, "no support for error strings built in", max);
ashleymills 0:714293de3836 5551
ashleymills 0:714293de3836 5552 #else
ashleymills 0:714293de3836 5553
ashleymills 0:714293de3836 5554 /* pass to CTaoCrypt */
ashleymills 0:714293de3836 5555 if (error < MAX_CODE_E && error > MIN_CODE_E) {
ashleymills 0:714293de3836 5556 CTaoCryptErrorString(error, str);
ashleymills 0:714293de3836 5557 return;
ashleymills 0:714293de3836 5558 }
ashleymills 0:714293de3836 5559
ashleymills 0:714293de3836 5560 switch (error) {
ashleymills 0:714293de3836 5561
ashleymills 0:714293de3836 5562 case UNSUPPORTED_SUITE :
ashleymills 0:714293de3836 5563 XSTRNCPY(str, "unsupported cipher suite", max);
ashleymills 0:714293de3836 5564 break;
ashleymills 0:714293de3836 5565
ashleymills 0:714293de3836 5566 case INPUT_CASE_ERROR :
ashleymills 0:714293de3836 5567 XSTRNCPY(str, "input state error", max);
ashleymills 0:714293de3836 5568 break;
ashleymills 0:714293de3836 5569
ashleymills 0:714293de3836 5570 case PREFIX_ERROR :
ashleymills 0:714293de3836 5571 XSTRNCPY(str, "bad index to key rounds", max);
ashleymills 0:714293de3836 5572 break;
ashleymills 0:714293de3836 5573
ashleymills 0:714293de3836 5574 case MEMORY_ERROR :
ashleymills 0:714293de3836 5575 XSTRNCPY(str, "out of memory", max);
ashleymills 0:714293de3836 5576 break;
ashleymills 0:714293de3836 5577
ashleymills 0:714293de3836 5578 case VERIFY_FINISHED_ERROR :
ashleymills 0:714293de3836 5579 XSTRNCPY(str, "verify problem on finished", max);
ashleymills 0:714293de3836 5580 break;
ashleymills 0:714293de3836 5581
ashleymills 0:714293de3836 5582 case VERIFY_MAC_ERROR :
ashleymills 0:714293de3836 5583 XSTRNCPY(str, "verify mac problem", max);
ashleymills 0:714293de3836 5584 break;
ashleymills 0:714293de3836 5585
ashleymills 0:714293de3836 5586 case PARSE_ERROR :
ashleymills 0:714293de3836 5587 XSTRNCPY(str, "parse error on header", max);
ashleymills 0:714293de3836 5588 break;
ashleymills 0:714293de3836 5589
ashleymills 0:714293de3836 5590 case SIDE_ERROR :
ashleymills 0:714293de3836 5591 XSTRNCPY(str, "wrong client/server type", max);
ashleymills 0:714293de3836 5592 break;
ashleymills 0:714293de3836 5593
ashleymills 0:714293de3836 5594 case NO_PEER_CERT :
ashleymills 0:714293de3836 5595 XSTRNCPY(str, "peer didn't send cert", max);
ashleymills 0:714293de3836 5596 break;
ashleymills 0:714293de3836 5597
ashleymills 0:714293de3836 5598 case UNKNOWN_HANDSHAKE_TYPE :
ashleymills 0:714293de3836 5599 XSTRNCPY(str, "weird handshake type", max);
ashleymills 0:714293de3836 5600 break;
ashleymills 0:714293de3836 5601
ashleymills 0:714293de3836 5602 case SOCKET_ERROR_E :
ashleymills 0:714293de3836 5603 XSTRNCPY(str, "error state on socket", max);
ashleymills 0:714293de3836 5604 break;
ashleymills 0:714293de3836 5605
ashleymills 0:714293de3836 5606 case SOCKET_NODATA :
ashleymills 0:714293de3836 5607 XSTRNCPY(str, "expected data, not there", max);
ashleymills 0:714293de3836 5608 break;
ashleymills 0:714293de3836 5609
ashleymills 0:714293de3836 5610 case INCOMPLETE_DATA :
ashleymills 0:714293de3836 5611 XSTRNCPY(str, "don't have enough data to complete task", max);
ashleymills 0:714293de3836 5612 break;
ashleymills 0:714293de3836 5613
ashleymills 0:714293de3836 5614 case UNKNOWN_RECORD_TYPE :
ashleymills 0:714293de3836 5615 XSTRNCPY(str, "unknown type in record hdr", max);
ashleymills 0:714293de3836 5616 break;
ashleymills 0:714293de3836 5617
ashleymills 0:714293de3836 5618 case DECRYPT_ERROR :
ashleymills 0:714293de3836 5619 XSTRNCPY(str, "error during decryption", max);
ashleymills 0:714293de3836 5620 break;
ashleymills 0:714293de3836 5621
ashleymills 0:714293de3836 5622 case FATAL_ERROR :
ashleymills 0:714293de3836 5623 XSTRNCPY(str, "revcd alert fatal error", max);
ashleymills 0:714293de3836 5624 break;
ashleymills 0:714293de3836 5625
ashleymills 0:714293de3836 5626 case ENCRYPT_ERROR :
ashleymills 0:714293de3836 5627 XSTRNCPY(str, "error during encryption", max);
ashleymills 0:714293de3836 5628 break;
ashleymills 0:714293de3836 5629
ashleymills 0:714293de3836 5630 case FREAD_ERROR :
ashleymills 0:714293de3836 5631 XSTRNCPY(str, "fread problem", max);
ashleymills 0:714293de3836 5632 break;
ashleymills 0:714293de3836 5633
ashleymills 0:714293de3836 5634 case NO_PEER_KEY :
ashleymills 0:714293de3836 5635 XSTRNCPY(str, "need peer's key", max);
ashleymills 0:714293de3836 5636 break;
ashleymills 0:714293de3836 5637
ashleymills 0:714293de3836 5638 case NO_PRIVATE_KEY :
ashleymills 0:714293de3836 5639 XSTRNCPY(str, "need the private key", max);
ashleymills 0:714293de3836 5640 break;
ashleymills 0:714293de3836 5641
ashleymills 0:714293de3836 5642 case NO_DH_PARAMS :
ashleymills 0:714293de3836 5643 XSTRNCPY(str, "server missing DH params", max);
ashleymills 0:714293de3836 5644 break;
ashleymills 0:714293de3836 5645
ashleymills 0:714293de3836 5646 case RSA_PRIVATE_ERROR :
ashleymills 0:714293de3836 5647 XSTRNCPY(str, "error during rsa priv op", max);
ashleymills 0:714293de3836 5648 break;
ashleymills 0:714293de3836 5649
ashleymills 0:714293de3836 5650 case MATCH_SUITE_ERROR :
ashleymills 0:714293de3836 5651 XSTRNCPY(str, "can't match cipher suite", max);
ashleymills 0:714293de3836 5652 break;
ashleymills 0:714293de3836 5653
ashleymills 0:714293de3836 5654 case BUILD_MSG_ERROR :
ashleymills 0:714293de3836 5655 XSTRNCPY(str, "build message failure", max);
ashleymills 0:714293de3836 5656 break;
ashleymills 0:714293de3836 5657
ashleymills 0:714293de3836 5658 case BAD_HELLO :
ashleymills 0:714293de3836 5659 XSTRNCPY(str, "client hello malformed", max);
ashleymills 0:714293de3836 5660 break;
ashleymills 0:714293de3836 5661
ashleymills 0:714293de3836 5662 case DOMAIN_NAME_MISMATCH :
ashleymills 0:714293de3836 5663 XSTRNCPY(str, "peer subject name mismatch", max);
ashleymills 0:714293de3836 5664 break;
ashleymills 0:714293de3836 5665
ashleymills 0:714293de3836 5666 case WANT_READ :
ashleymills 0:714293de3836 5667 case SSL_ERROR_WANT_READ :
ashleymills 0:714293de3836 5668 XSTRNCPY(str, "non-blocking socket wants data to be read", max);
ashleymills 0:714293de3836 5669 break;
ashleymills 0:714293de3836 5670
ashleymills 0:714293de3836 5671 case NOT_READY_ERROR :
ashleymills 0:714293de3836 5672 XSTRNCPY(str, "handshake layer not ready yet, complete first", max);
ashleymills 0:714293de3836 5673 break;
ashleymills 0:714293de3836 5674
ashleymills 0:714293de3836 5675 case PMS_VERSION_ERROR :
ashleymills 0:714293de3836 5676 XSTRNCPY(str, "premaster secret version mismatch error", max);
ashleymills 0:714293de3836 5677 break;
ashleymills 0:714293de3836 5678
ashleymills 0:714293de3836 5679 case VERSION_ERROR :
ashleymills 0:714293de3836 5680 XSTRNCPY(str, "record layer version error", max);
ashleymills 0:714293de3836 5681 break;
ashleymills 0:714293de3836 5682
ashleymills 0:714293de3836 5683 case WANT_WRITE :
ashleymills 0:714293de3836 5684 case SSL_ERROR_WANT_WRITE :
ashleymills 0:714293de3836 5685 XSTRNCPY(str, "non-blocking socket write buffer full", max);
ashleymills 0:714293de3836 5686 break;
ashleymills 0:714293de3836 5687
ashleymills 0:714293de3836 5688 case BUFFER_ERROR :
ashleymills 0:714293de3836 5689 XSTRNCPY(str, "malformed buffer input error", max);
ashleymills 0:714293de3836 5690 break;
ashleymills 0:714293de3836 5691
ashleymills 0:714293de3836 5692 case VERIFY_CERT_ERROR :
ashleymills 0:714293de3836 5693 XSTRNCPY(str, "verify problem on certificate", max);
ashleymills 0:714293de3836 5694 break;
ashleymills 0:714293de3836 5695
ashleymills 0:714293de3836 5696 case VERIFY_SIGN_ERROR :
ashleymills 0:714293de3836 5697 XSTRNCPY(str, "verify problem based on signature", max);
ashleymills 0:714293de3836 5698 break;
ashleymills 0:714293de3836 5699
ashleymills 0:714293de3836 5700 case CLIENT_ID_ERROR :
ashleymills 0:714293de3836 5701 XSTRNCPY(str, "psk client identity error", max);
ashleymills 0:714293de3836 5702 break;
ashleymills 0:714293de3836 5703
ashleymills 0:714293de3836 5704 case SERVER_HINT_ERROR:
ashleymills 0:714293de3836 5705 XSTRNCPY(str, "psk server hint error", max);
ashleymills 0:714293de3836 5706 break;
ashleymills 0:714293de3836 5707
ashleymills 0:714293de3836 5708 case PSK_KEY_ERROR:
ashleymills 0:714293de3836 5709 XSTRNCPY(str, "psk key callback error", max);
ashleymills 0:714293de3836 5710 break;
ashleymills 0:714293de3836 5711
ashleymills 0:714293de3836 5712 case NTRU_KEY_ERROR:
ashleymills 0:714293de3836 5713 XSTRNCPY(str, "NTRU key error", max);
ashleymills 0:714293de3836 5714 break;
ashleymills 0:714293de3836 5715
ashleymills 0:714293de3836 5716 case NTRU_DRBG_ERROR:
ashleymills 0:714293de3836 5717 XSTRNCPY(str, "NTRU drbg error", max);
ashleymills 0:714293de3836 5718 break;
ashleymills 0:714293de3836 5719
ashleymills 0:714293de3836 5720 case NTRU_ENCRYPT_ERROR:
ashleymills 0:714293de3836 5721 XSTRNCPY(str, "NTRU encrypt error", max);
ashleymills 0:714293de3836 5722 break;
ashleymills 0:714293de3836 5723
ashleymills 0:714293de3836 5724 case NTRU_DECRYPT_ERROR:
ashleymills 0:714293de3836 5725 XSTRNCPY(str, "NTRU decrypt error", max);
ashleymills 0:714293de3836 5726 break;
ashleymills 0:714293de3836 5727
ashleymills 0:714293de3836 5728 case ZLIB_INIT_ERROR:
ashleymills 0:714293de3836 5729 XSTRNCPY(str, "zlib init error", max);
ashleymills 0:714293de3836 5730 break;
ashleymills 0:714293de3836 5731
ashleymills 0:714293de3836 5732 case ZLIB_COMPRESS_ERROR:
ashleymills 0:714293de3836 5733 XSTRNCPY(str, "zlib compress error", max);
ashleymills 0:714293de3836 5734 break;
ashleymills 0:714293de3836 5735
ashleymills 0:714293de3836 5736 case ZLIB_DECOMPRESS_ERROR:
ashleymills 0:714293de3836 5737 XSTRNCPY(str, "zlib decompress error", max);
ashleymills 0:714293de3836 5738 break;
ashleymills 0:714293de3836 5739
ashleymills 0:714293de3836 5740 case GETTIME_ERROR:
ashleymills 0:714293de3836 5741 XSTRNCPY(str, "gettimeofday() error", max);
ashleymills 0:714293de3836 5742 break;
ashleymills 0:714293de3836 5743
ashleymills 0:714293de3836 5744 case GETITIMER_ERROR:
ashleymills 0:714293de3836 5745 XSTRNCPY(str, "getitimer() error", max);
ashleymills 0:714293de3836 5746 break;
ashleymills 0:714293de3836 5747
ashleymills 0:714293de3836 5748 case SIGACT_ERROR:
ashleymills 0:714293de3836 5749 XSTRNCPY(str, "sigaction() error", max);
ashleymills 0:714293de3836 5750 break;
ashleymills 0:714293de3836 5751
ashleymills 0:714293de3836 5752 case SETITIMER_ERROR:
ashleymills 0:714293de3836 5753 XSTRNCPY(str, "setitimer() error", max);
ashleymills 0:714293de3836 5754 break;
ashleymills 0:714293de3836 5755
ashleymills 0:714293de3836 5756 case LENGTH_ERROR:
ashleymills 0:714293de3836 5757 XSTRNCPY(str, "record layer length error", max);
ashleymills 0:714293de3836 5758 break;
ashleymills 0:714293de3836 5759
ashleymills 0:714293de3836 5760 case PEER_KEY_ERROR:
ashleymills 0:714293de3836 5761 XSTRNCPY(str, "cant decode peer key", max);
ashleymills 0:714293de3836 5762 break;
ashleymills 0:714293de3836 5763
ashleymills 0:714293de3836 5764 case ZERO_RETURN:
ashleymills 0:714293de3836 5765 case SSL_ERROR_ZERO_RETURN:
ashleymills 0:714293de3836 5766 XSTRNCPY(str, "peer sent close notify alert", max);
ashleymills 0:714293de3836 5767 break;
ashleymills 0:714293de3836 5768
ashleymills 0:714293de3836 5769 case ECC_CURVETYPE_ERROR:
ashleymills 0:714293de3836 5770 XSTRNCPY(str, "Bad ECC Curve Type or unsupported", max);
ashleymills 0:714293de3836 5771 break;
ashleymills 0:714293de3836 5772
ashleymills 0:714293de3836 5773 case ECC_CURVE_ERROR:
ashleymills 0:714293de3836 5774 XSTRNCPY(str, "Bad ECC Curve or unsupported", max);
ashleymills 0:714293de3836 5775 break;
ashleymills 0:714293de3836 5776
ashleymills 0:714293de3836 5777 case ECC_PEERKEY_ERROR:
ashleymills 0:714293de3836 5778 XSTRNCPY(str, "Bad ECC Peer Key", max);
ashleymills 0:714293de3836 5779 break;
ashleymills 0:714293de3836 5780
ashleymills 0:714293de3836 5781 case ECC_MAKEKEY_ERROR:
ashleymills 0:714293de3836 5782 XSTRNCPY(str, "ECC Make Key failure", max);
ashleymills 0:714293de3836 5783 break;
ashleymills 0:714293de3836 5784
ashleymills 0:714293de3836 5785 case ECC_EXPORT_ERROR:
ashleymills 0:714293de3836 5786 XSTRNCPY(str, "ECC Export Key failure", max);
ashleymills 0:714293de3836 5787 break;
ashleymills 0:714293de3836 5788
ashleymills 0:714293de3836 5789 case ECC_SHARED_ERROR:
ashleymills 0:714293de3836 5790 XSTRNCPY(str, "ECC DHE shared failure", max);
ashleymills 0:714293de3836 5791 break;
ashleymills 0:714293de3836 5792
ashleymills 0:714293de3836 5793 case BAD_MUTEX_ERROR:
ashleymills 0:714293de3836 5794 XSTRNCPY(str, "Bad mutex, operation failed", max);
ashleymills 0:714293de3836 5795 break;
ashleymills 0:714293de3836 5796
ashleymills 0:714293de3836 5797 case NOT_CA_ERROR:
ashleymills 0:714293de3836 5798 XSTRNCPY(str, "Not a CA by basic constraint error", max);
ashleymills 0:714293de3836 5799 break;
ashleymills 0:714293de3836 5800
ashleymills 0:714293de3836 5801 case BAD_PATH_ERROR:
ashleymills 0:714293de3836 5802 XSTRNCPY(str, "Bad path for opendir error", max);
ashleymills 0:714293de3836 5803 break;
ashleymills 0:714293de3836 5804
ashleymills 0:714293de3836 5805 case BAD_CERT_MANAGER_ERROR:
ashleymills 0:714293de3836 5806 XSTRNCPY(str, "Bad Cert Manager error", max);
ashleymills 0:714293de3836 5807 break;
ashleymills 0:714293de3836 5808
ashleymills 0:714293de3836 5809 case OCSP_CERT_REVOKED:
ashleymills 0:714293de3836 5810 XSTRNCPY(str, "OCSP Cert revoked", max);
ashleymills 0:714293de3836 5811 break;
ashleymills 0:714293de3836 5812
ashleymills 0:714293de3836 5813 case CRL_CERT_REVOKED:
ashleymills 0:714293de3836 5814 XSTRNCPY(str, "CRL Cert revoked", max);
ashleymills 0:714293de3836 5815 break;
ashleymills 0:714293de3836 5816
ashleymills 0:714293de3836 5817 case CRL_MISSING:
ashleymills 0:714293de3836 5818 XSTRNCPY(str, "CRL missing, not loaded", max);
ashleymills 0:714293de3836 5819 break;
ashleymills 0:714293de3836 5820
ashleymills 0:714293de3836 5821 case MONITOR_RUNNING_E:
ashleymills 0:714293de3836 5822 XSTRNCPY(str, "CRL monitor already running", max);
ashleymills 0:714293de3836 5823 break;
ashleymills 0:714293de3836 5824
ashleymills 0:714293de3836 5825 case THREAD_CREATE_E:
ashleymills 0:714293de3836 5826 XSTRNCPY(str, "Thread creation problem", max);
ashleymills 0:714293de3836 5827 break;
ashleymills 0:714293de3836 5828
ashleymills 0:714293de3836 5829 case OCSP_NEED_URL:
ashleymills 0:714293de3836 5830 XSTRNCPY(str, "OCSP need URL", max);
ashleymills 0:714293de3836 5831 break;
ashleymills 0:714293de3836 5832
ashleymills 0:714293de3836 5833 case OCSP_CERT_UNKNOWN:
ashleymills 0:714293de3836 5834 XSTRNCPY(str, "OCSP Cert unknown", max);
ashleymills 0:714293de3836 5835 break;
ashleymills 0:714293de3836 5836
ashleymills 0:714293de3836 5837 case OCSP_LOOKUP_FAIL:
ashleymills 0:714293de3836 5838 XSTRNCPY(str, "OCSP Responder lookup fail", max);
ashleymills 0:714293de3836 5839 break;
ashleymills 0:714293de3836 5840
ashleymills 0:714293de3836 5841 case MAX_CHAIN_ERROR:
ashleymills 0:714293de3836 5842 XSTRNCPY(str, "Maximum Chain Depth Exceeded", max);
ashleymills 0:714293de3836 5843 break;
ashleymills 0:714293de3836 5844
ashleymills 0:714293de3836 5845 case COOKIE_ERROR:
ashleymills 0:714293de3836 5846 XSTRNCPY(str, "DTLS Cookie Error", max);
ashleymills 0:714293de3836 5847 break;
ashleymills 0:714293de3836 5848
ashleymills 0:714293de3836 5849 case SEQUENCE_ERROR:
ashleymills 0:714293de3836 5850 XSTRNCPY(str, "DTLS Sequence Error", max);
ashleymills 0:714293de3836 5851 break;
ashleymills 0:714293de3836 5852
ashleymills 0:714293de3836 5853 case SUITES_ERROR:
ashleymills 0:714293de3836 5854 XSTRNCPY(str, "Suites Pointer Error", max);
ashleymills 0:714293de3836 5855 break;
ashleymills 0:714293de3836 5856
ashleymills 0:714293de3836 5857 case SSL_NO_PEM_HEADER:
ashleymills 0:714293de3836 5858 XSTRNCPY(str, "No PEM Header Error", max);
ashleymills 0:714293de3836 5859 break;
ashleymills 0:714293de3836 5860
ashleymills 0:714293de3836 5861 case OUT_OF_ORDER_E:
ashleymills 0:714293de3836 5862 XSTRNCPY(str, "Out of order message, fatal", max);
ashleymills 0:714293de3836 5863 break;
ashleymills 0:714293de3836 5864
ashleymills 0:714293de3836 5865 case BAD_KEA_TYPE_E:
ashleymills 0:714293de3836 5866 XSTRNCPY(str, "Bad KEA type found", max);
ashleymills 0:714293de3836 5867 break;
ashleymills 0:714293de3836 5868
ashleymills 0:714293de3836 5869 case SANITY_CIPHER_E:
ashleymills 0:714293de3836 5870 XSTRNCPY(str, "Sanity check on ciphertext failed", max);
ashleymills 0:714293de3836 5871 break;
ashleymills 0:714293de3836 5872
ashleymills 0:714293de3836 5873 case RECV_OVERFLOW_E:
ashleymills 0:714293de3836 5874 XSTRNCPY(str, "Receive callback returned more than requested", max);
ashleymills 0:714293de3836 5875 break;
ashleymills 0:714293de3836 5876
ashleymills 0:714293de3836 5877 case GEN_COOKIE_E:
ashleymills 0:714293de3836 5878 XSTRNCPY(str, "Generate Cookie Error", max);
ashleymills 0:714293de3836 5879 break;
ashleymills 0:714293de3836 5880
ashleymills 0:714293de3836 5881 case NO_PEER_VERIFY:
ashleymills 0:714293de3836 5882 XSTRNCPY(str, "Need peer certificate verify Error", max);
ashleymills 0:714293de3836 5883 break;
ashleymills 0:714293de3836 5884
ashleymills 0:714293de3836 5885 case FWRITE_ERROR:
ashleymills 0:714293de3836 5886 XSTRNCPY(str, "fwrite Error", max);
ashleymills 0:714293de3836 5887 break;
ashleymills 0:714293de3836 5888
ashleymills 0:714293de3836 5889 case CACHE_MATCH_ERROR:
ashleymills 0:714293de3836 5890 XSTRNCPY(str, "Cache restore header match Error", max);
ashleymills 0:714293de3836 5891 break;
ashleymills 0:714293de3836 5892
ashleymills 0:714293de3836 5893 case UNKNOWN_SNI_HOST_NAME_E:
ashleymills 0:714293de3836 5894 XSTRNCPY(str, "Unrecognized host name Error", max);
ashleymills 0:714293de3836 5895 break;
ashleymills 0:714293de3836 5896
ashleymills 0:714293de3836 5897 default :
ashleymills 0:714293de3836 5898 XSTRNCPY(str, "unknown error number", max);
ashleymills 0:714293de3836 5899 }
ashleymills 0:714293de3836 5900
ashleymills 0:714293de3836 5901 #endif /* NO_ERROR_STRINGS */
ashleymills 0:714293de3836 5902 }
ashleymills 0:714293de3836 5903
ashleymills 0:714293de3836 5904
ashleymills 0:714293de3836 5905
ashleymills 0:714293de3836 5906 /* be sure to add to cipher_name_idx too !!!! */
ashleymills 0:714293de3836 5907 const char* const cipher_names[] =
ashleymills 0:714293de3836 5908 {
ashleymills 0:714293de3836 5909 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 5910 "RC4-SHA",
ashleymills 0:714293de3836 5911 #endif
ashleymills 0:714293de3836 5912
ashleymills 0:714293de3836 5913 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
ashleymills 0:714293de3836 5914 "RC4-MD5",
ashleymills 0:714293de3836 5915 #endif
ashleymills 0:714293de3836 5916
ashleymills 0:714293de3836 5917 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 5918 "DES-CBC3-SHA",
ashleymills 0:714293de3836 5919 #endif
ashleymills 0:714293de3836 5920
ashleymills 0:714293de3836 5921 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 5922 "AES128-SHA",
ashleymills 0:714293de3836 5923 #endif
ashleymills 0:714293de3836 5924
ashleymills 0:714293de3836 5925 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 5926 "AES256-SHA",
ashleymills 0:714293de3836 5927 #endif
ashleymills 0:714293de3836 5928
ashleymills 0:714293de3836 5929 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
ashleymills 0:714293de3836 5930 "NULL-SHA",
ashleymills 0:714293de3836 5931 #endif
ashleymills 0:714293de3836 5932
ashleymills 0:714293de3836 5933 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
ashleymills 0:714293de3836 5934 "NULL-SHA256",
ashleymills 0:714293de3836 5935 #endif
ashleymills 0:714293de3836 5936
ashleymills 0:714293de3836 5937 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 5938 "DHE-RSA-AES128-SHA",
ashleymills 0:714293de3836 5939 #endif
ashleymills 0:714293de3836 5940
ashleymills 0:714293de3836 5941 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 5942 "DHE-RSA-AES256-SHA",
ashleymills 0:714293de3836 5943 #endif
ashleymills 0:714293de3836 5944
ashleymills 0:714293de3836 5945 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 5946 "PSK-AES128-CBC-SHA256",
ashleymills 0:714293de3836 5947 #endif
ashleymills 0:714293de3836 5948
ashleymills 0:714293de3836 5949 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 5950 "PSK-AES128-CBC-SHA",
ashleymills 0:714293de3836 5951 #endif
ashleymills 0:714293de3836 5952
ashleymills 0:714293de3836 5953 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 5954 "PSK-AES256-CBC-SHA",
ashleymills 0:714293de3836 5955 #endif
ashleymills 0:714293de3836 5956
ashleymills 0:714293de3836 5957 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
ashleymills 0:714293de3836 5958 "PSK-AES128-CCM-8",
ashleymills 0:714293de3836 5959 #endif
ashleymills 0:714293de3836 5960
ashleymills 0:714293de3836 5961 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
ashleymills 0:714293de3836 5962 "PSK-AES256-CCM-8",
ashleymills 0:714293de3836 5963 #endif
ashleymills 0:714293de3836 5964
ashleymills 0:714293de3836 5965 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
ashleymills 0:714293de3836 5966 "PSK-NULL-SHA256",
ashleymills 0:714293de3836 5967 #endif
ashleymills 0:714293de3836 5968
ashleymills 0:714293de3836 5969 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
ashleymills 0:714293de3836 5970 "PSK-NULL-SHA",
ashleymills 0:714293de3836 5971 #endif
ashleymills 0:714293de3836 5972
ashleymills 0:714293de3836 5973 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
ashleymills 0:714293de3836 5974 "HC128-MD5",
ashleymills 0:714293de3836 5975 #endif
ashleymills 0:714293de3836 5976
ashleymills 0:714293de3836 5977 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
ashleymills 0:714293de3836 5978 "HC128-SHA",
ashleymills 0:714293de3836 5979 #endif
ashleymills 0:714293de3836 5980
ashleymills 0:714293de3836 5981 #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
ashleymills 0:714293de3836 5982 "RABBIT-SHA",
ashleymills 0:714293de3836 5983 #endif
ashleymills 0:714293de3836 5984
ashleymills 0:714293de3836 5985 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 5986 "NTRU-RC4-SHA",
ashleymills 0:714293de3836 5987 #endif
ashleymills 0:714293de3836 5988
ashleymills 0:714293de3836 5989 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 5990 "NTRU-DES-CBC3-SHA",
ashleymills 0:714293de3836 5991 #endif
ashleymills 0:714293de3836 5992
ashleymills 0:714293de3836 5993 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 5994 "NTRU-AES128-SHA",
ashleymills 0:714293de3836 5995 #endif
ashleymills 0:714293de3836 5996
ashleymills 0:714293de3836 5997 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 5998 "NTRU-AES256-SHA",
ashleymills 0:714293de3836 5999 #endif
ashleymills 0:714293de3836 6000
ashleymills 0:714293de3836 6001 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
ashleymills 0:714293de3836 6002 "AES128-CCM-8",
ashleymills 0:714293de3836 6003 #endif
ashleymills 0:714293de3836 6004
ashleymills 0:714293de3836 6005 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
ashleymills 0:714293de3836 6006 "AES256-CCM-8",
ashleymills 0:714293de3836 6007 #endif
ashleymills 0:714293de3836 6008
ashleymills 0:714293de3836 6009 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
ashleymills 0:714293de3836 6010 "ECDHE-ECDSA-AES128-CCM-8",
ashleymills 0:714293de3836 6011 #endif
ashleymills 0:714293de3836 6012
ashleymills 0:714293de3836 6013 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
ashleymills 0:714293de3836 6014 "ECDHE-ECDSA-AES256-CCM-8",
ashleymills 0:714293de3836 6015 #endif
ashleymills 0:714293de3836 6016
ashleymills 0:714293de3836 6017 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6018 "ECDHE-RSA-AES128-SHA",
ashleymills 0:714293de3836 6019 #endif
ashleymills 0:714293de3836 6020
ashleymills 0:714293de3836 6021 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6022 "ECDHE-RSA-AES256-SHA",
ashleymills 0:714293de3836 6023 #endif
ashleymills 0:714293de3836 6024
ashleymills 0:714293de3836 6025 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6026 "ECDHE-ECDSA-AES128-SHA",
ashleymills 0:714293de3836 6027 #endif
ashleymills 0:714293de3836 6028
ashleymills 0:714293de3836 6029 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6030 "ECDHE-ECDSA-AES256-SHA",
ashleymills 0:714293de3836 6031 #endif
ashleymills 0:714293de3836 6032
ashleymills 0:714293de3836 6033 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6034 "ECDHE-RSA-RC4-SHA",
ashleymills 0:714293de3836 6035 #endif
ashleymills 0:714293de3836 6036
ashleymills 0:714293de3836 6037 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6038 "ECDHE-RSA-DES-CBC3-SHA",
ashleymills 0:714293de3836 6039 #endif
ashleymills 0:714293de3836 6040
ashleymills 0:714293de3836 6041 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6042 "ECDHE-ECDSA-RC4-SHA",
ashleymills 0:714293de3836 6043 #endif
ashleymills 0:714293de3836 6044
ashleymills 0:714293de3836 6045 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6046 "ECDHE-ECDSA-DES-CBC3-SHA",
ashleymills 0:714293de3836 6047 #endif
ashleymills 0:714293de3836 6048
ashleymills 0:714293de3836 6049 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6050 "AES128-SHA256",
ashleymills 0:714293de3836 6051 #endif
ashleymills 0:714293de3836 6052
ashleymills 0:714293de3836 6053 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:714293de3836 6054 "AES256-SHA256",
ashleymills 0:714293de3836 6055 #endif
ashleymills 0:714293de3836 6056
ashleymills 0:714293de3836 6057 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6058 "DHE-RSA-AES128-SHA256",
ashleymills 0:714293de3836 6059 #endif
ashleymills 0:714293de3836 6060
ashleymills 0:714293de3836 6061 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:714293de3836 6062 "DHE-RSA-AES256-SHA256",
ashleymills 0:714293de3836 6063 #endif
ashleymills 0:714293de3836 6064
ashleymills 0:714293de3836 6065 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6066 "ECDH-RSA-AES128-SHA",
ashleymills 0:714293de3836 6067 #endif
ashleymills 0:714293de3836 6068
ashleymills 0:714293de3836 6069 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6070 "ECDH-RSA-AES256-SHA",
ashleymills 0:714293de3836 6071 #endif
ashleymills 0:714293de3836 6072
ashleymills 0:714293de3836 6073 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6074 "ECDH-ECDSA-AES128-SHA",
ashleymills 0:714293de3836 6075 #endif
ashleymills 0:714293de3836 6076
ashleymills 0:714293de3836 6077 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6078 "ECDH-ECDSA-AES256-SHA",
ashleymills 0:714293de3836 6079 #endif
ashleymills 0:714293de3836 6080
ashleymills 0:714293de3836 6081 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6082 "ECDH-RSA-RC4-SHA",
ashleymills 0:714293de3836 6083 #endif
ashleymills 0:714293de3836 6084
ashleymills 0:714293de3836 6085 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6086 "ECDH-RSA-DES-CBC3-SHA",
ashleymills 0:714293de3836 6087 #endif
ashleymills 0:714293de3836 6088
ashleymills 0:714293de3836 6089 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6090 "ECDH-ECDSA-RC4-SHA",
ashleymills 0:714293de3836 6091 #endif
ashleymills 0:714293de3836 6092
ashleymills 0:714293de3836 6093 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6094 "ECDH-ECDSA-DES-CBC3-SHA",
ashleymills 0:714293de3836 6095 #endif
ashleymills 0:714293de3836 6096
ashleymills 0:714293de3836 6097 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6098 "AES128-GCM-SHA256",
ashleymills 0:714293de3836 6099 #endif
ashleymills 0:714293de3836 6100
ashleymills 0:714293de3836 6101 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6102 "AES256-GCM-SHA384",
ashleymills 0:714293de3836 6103 #endif
ashleymills 0:714293de3836 6104
ashleymills 0:714293de3836 6105 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6106 "DHE-RSA-AES128-GCM-SHA256",
ashleymills 0:714293de3836 6107 #endif
ashleymills 0:714293de3836 6108
ashleymills 0:714293de3836 6109 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6110 "DHE-RSA-AES256-GCM-SHA384",
ashleymills 0:714293de3836 6111 #endif
ashleymills 0:714293de3836 6112
ashleymills 0:714293de3836 6113 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6114 "ECDHE-RSA-AES128-GCM-SHA256",
ashleymills 0:714293de3836 6115 #endif
ashleymills 0:714293de3836 6116
ashleymills 0:714293de3836 6117 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6118 "ECDHE-RSA-AES256-GCM-SHA384",
ashleymills 0:714293de3836 6119 #endif
ashleymills 0:714293de3836 6120
ashleymills 0:714293de3836 6121 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6122 "ECDHE-ECDSA-AES128-GCM-SHA256",
ashleymills 0:714293de3836 6123 #endif
ashleymills 0:714293de3836 6124
ashleymills 0:714293de3836 6125 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6126 "ECDHE-ECDSA-AES256-GCM-SHA384",
ashleymills 0:714293de3836 6127 #endif
ashleymills 0:714293de3836 6128
ashleymills 0:714293de3836 6129 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6130 "ECDH-RSA-AES128-GCM-SHA256",
ashleymills 0:714293de3836 6131 #endif
ashleymills 0:714293de3836 6132
ashleymills 0:714293de3836 6133 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6134 "ECDH-RSA-AES256-GCM-SHA384",
ashleymills 0:714293de3836 6135 #endif
ashleymills 0:714293de3836 6136
ashleymills 0:714293de3836 6137 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6138 "ECDH-ECDSA-AES128-GCM-SHA256",
ashleymills 0:714293de3836 6139 #endif
ashleymills 0:714293de3836 6140
ashleymills 0:714293de3836 6141 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6142 "ECDH-ECDSA-AES256-GCM-SHA384",
ashleymills 0:714293de3836 6143 #endif
ashleymills 0:714293de3836 6144
ashleymills 0:714293de3836 6145 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:714293de3836 6146 "CAMELLIA128-SHA",
ashleymills 0:714293de3836 6147 #endif
ashleymills 0:714293de3836 6148
ashleymills 0:714293de3836 6149 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:714293de3836 6150 "DHE-RSA-CAMELLIA128-SHA",
ashleymills 0:714293de3836 6151 #endif
ashleymills 0:714293de3836 6152
ashleymills 0:714293de3836 6153 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
ashleymills 0:714293de3836 6154 "CAMELLIA256-SHA",
ashleymills 0:714293de3836 6155 #endif
ashleymills 0:714293de3836 6156
ashleymills 0:714293de3836 6157 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
ashleymills 0:714293de3836 6158 "DHE-RSA-CAMELLIA256-SHA",
ashleymills 0:714293de3836 6159 #endif
ashleymills 0:714293de3836 6160
ashleymills 0:714293de3836 6161 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:714293de3836 6162 "CAMELLIA128-SHA256",
ashleymills 0:714293de3836 6163 #endif
ashleymills 0:714293de3836 6164
ashleymills 0:714293de3836 6165 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:714293de3836 6166 "DHE-RSA-CAMELLIA128-SHA256",
ashleymills 0:714293de3836 6167 #endif
ashleymills 0:714293de3836 6168
ashleymills 0:714293de3836 6169 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:714293de3836 6170 "CAMELLIA256-SHA256",
ashleymills 0:714293de3836 6171 #endif
ashleymills 0:714293de3836 6172
ashleymills 0:714293de3836 6173 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:714293de3836 6174 "DHE-RSA-CAMELLIA256-SHA256",
ashleymills 0:714293de3836 6175 #endif
ashleymills 0:714293de3836 6176
ashleymills 0:714293de3836 6177 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6178 "ECDHE-RSA-AES128-SHA256",
ashleymills 0:714293de3836 6179 #endif
ashleymills 0:714293de3836 6180
ashleymills 0:714293de3836 6181 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6182 "ECDHE-ECDSA-AES128-SHA256",
ashleymills 0:714293de3836 6183 #endif
ashleymills 0:714293de3836 6184
ashleymills 0:714293de3836 6185 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6186 "ECDH-RSA-AES128-SHA256",
ashleymills 0:714293de3836 6187 #endif
ashleymills 0:714293de3836 6188
ashleymills 0:714293de3836 6189 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6190 "ECDH-ECDSA-AES128-SHA256",
ashleymills 0:714293de3836 6191 #endif
ashleymills 0:714293de3836 6192
ashleymills 0:714293de3836 6193 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 6194 "ECDHE-RSA-AES256-SHA384",
ashleymills 0:714293de3836 6195 #endif
ashleymills 0:714293de3836 6196
ashleymills 0:714293de3836 6197 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 6198 "ECDHE-ECDSA-AES256-SHA384",
ashleymills 0:714293de3836 6199 #endif
ashleymills 0:714293de3836 6200
ashleymills 0:714293de3836 6201 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 6202 "ECDH-RSA-AES256-SHA384",
ashleymills 0:714293de3836 6203 #endif
ashleymills 0:714293de3836 6204
ashleymills 0:714293de3836 6205 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 6206 "ECDH-ECDSA-AES256-SHA384",
ashleymills 0:714293de3836 6207 #endif
ashleymills 0:714293de3836 6208
ashleymills 0:714293de3836 6209 };
ashleymills 0:714293de3836 6210
ashleymills 0:714293de3836 6211
ashleymills 0:714293de3836 6212
ashleymills 0:714293de3836 6213 /* cipher suite number that matches above name table */
ashleymills 0:714293de3836 6214 int cipher_name_idx[] =
ashleymills 0:714293de3836 6215 {
ashleymills 0:714293de3836 6216
ashleymills 0:714293de3836 6217 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6218 SSL_RSA_WITH_RC4_128_SHA,
ashleymills 0:714293de3836 6219 #endif
ashleymills 0:714293de3836 6220
ashleymills 0:714293de3836 6221 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
ashleymills 0:714293de3836 6222 SSL_RSA_WITH_RC4_128_MD5,
ashleymills 0:714293de3836 6223 #endif
ashleymills 0:714293de3836 6224
ashleymills 0:714293de3836 6225 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6226 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
ashleymills 0:714293de3836 6227 #endif
ashleymills 0:714293de3836 6228
ashleymills 0:714293de3836 6229 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6230 TLS_RSA_WITH_AES_128_CBC_SHA,
ashleymills 0:714293de3836 6231 #endif
ashleymills 0:714293de3836 6232
ashleymills 0:714293de3836 6233 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6234 TLS_RSA_WITH_AES_256_CBC_SHA,
ashleymills 0:714293de3836 6235 #endif
ashleymills 0:714293de3836 6236
ashleymills 0:714293de3836 6237 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
ashleymills 0:714293de3836 6238 TLS_RSA_WITH_NULL_SHA,
ashleymills 0:714293de3836 6239 #endif
ashleymills 0:714293de3836 6240
ashleymills 0:714293de3836 6241 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
ashleymills 0:714293de3836 6242 TLS_RSA_WITH_NULL_SHA256,
ashleymills 0:714293de3836 6243 #endif
ashleymills 0:714293de3836 6244
ashleymills 0:714293de3836 6245 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6246 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
ashleymills 0:714293de3836 6247 #endif
ashleymills 0:714293de3836 6248
ashleymills 0:714293de3836 6249 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6250 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
ashleymills 0:714293de3836 6251 #endif
ashleymills 0:714293de3836 6252
ashleymills 0:714293de3836 6253 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6254 TLS_PSK_WITH_AES_128_CBC_SHA256,
ashleymills 0:714293de3836 6255 #endif
ashleymills 0:714293de3836 6256
ashleymills 0:714293de3836 6257 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6258 TLS_PSK_WITH_AES_128_CBC_SHA,
ashleymills 0:714293de3836 6259 #endif
ashleymills 0:714293de3836 6260
ashleymills 0:714293de3836 6261 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6262 TLS_PSK_WITH_AES_256_CBC_SHA,
ashleymills 0:714293de3836 6263 #endif
ashleymills 0:714293de3836 6264
ashleymills 0:714293de3836 6265 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
ashleymills 0:714293de3836 6266 TLS_PSK_WITH_AES_128_CCM_8,
ashleymills 0:714293de3836 6267 #endif
ashleymills 0:714293de3836 6268
ashleymills 0:714293de3836 6269 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
ashleymills 0:714293de3836 6270 TLS_PSK_WITH_AES_256_CCM_8,
ashleymills 0:714293de3836 6271 #endif
ashleymills 0:714293de3836 6272
ashleymills 0:714293de3836 6273 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
ashleymills 0:714293de3836 6274 TLS_PSK_WITH_NULL_SHA256,
ashleymills 0:714293de3836 6275 #endif
ashleymills 0:714293de3836 6276
ashleymills 0:714293de3836 6277 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
ashleymills 0:714293de3836 6278 TLS_PSK_WITH_NULL_SHA,
ashleymills 0:714293de3836 6279 #endif
ashleymills 0:714293de3836 6280
ashleymills 0:714293de3836 6281 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
ashleymills 0:714293de3836 6282 TLS_RSA_WITH_HC_128_CBC_MD5,
ashleymills 0:714293de3836 6283 #endif
ashleymills 0:714293de3836 6284
ashleymills 0:714293de3836 6285 #ifdef BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
ashleymills 0:714293de3836 6286 TLS_RSA_WITH_HC_128_CBC_SHA,
ashleymills 0:714293de3836 6287 #endif
ashleymills 0:714293de3836 6288
ashleymills 0:714293de3836 6289 #ifdef BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
ashleymills 0:714293de3836 6290 TLS_RSA_WITH_RABBIT_CBC_SHA,
ashleymills 0:714293de3836 6291 #endif
ashleymills 0:714293de3836 6292
ashleymills 0:714293de3836 6293 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6294 TLS_NTRU_RSA_WITH_RC4_128_SHA,
ashleymills 0:714293de3836 6295 #endif
ashleymills 0:714293de3836 6296
ashleymills 0:714293de3836 6297 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6298 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,
ashleymills 0:714293de3836 6299 #endif
ashleymills 0:714293de3836 6300
ashleymills 0:714293de3836 6301 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6302 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,
ashleymills 0:714293de3836 6303 #endif
ashleymills 0:714293de3836 6304
ashleymills 0:714293de3836 6305 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6306 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
ashleymills 0:714293de3836 6307 #endif
ashleymills 0:714293de3836 6308
ashleymills 0:714293de3836 6309 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
ashleymills 0:714293de3836 6310 TLS_RSA_WITH_AES_128_CCM_8,
ashleymills 0:714293de3836 6311 #endif
ashleymills 0:714293de3836 6312
ashleymills 0:714293de3836 6313 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
ashleymills 0:714293de3836 6314 TLS_RSA_WITH_AES_256_CCM_8,
ashleymills 0:714293de3836 6315 #endif
ashleymills 0:714293de3836 6316
ashleymills 0:714293de3836 6317 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
ashleymills 0:714293de3836 6318 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
ashleymills 0:714293de3836 6319 #endif
ashleymills 0:714293de3836 6320
ashleymills 0:714293de3836 6321 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
ashleymills 0:714293de3836 6322 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
ashleymills 0:714293de3836 6323 #endif
ashleymills 0:714293de3836 6324
ashleymills 0:714293de3836 6325 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6326 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
ashleymills 0:714293de3836 6327 #endif
ashleymills 0:714293de3836 6328
ashleymills 0:714293de3836 6329 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6330 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
ashleymills 0:714293de3836 6331 #endif
ashleymills 0:714293de3836 6332
ashleymills 0:714293de3836 6333 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6334 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
ashleymills 0:714293de3836 6335 #endif
ashleymills 0:714293de3836 6336
ashleymills 0:714293de3836 6337 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6338 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
ashleymills 0:714293de3836 6339 #endif
ashleymills 0:714293de3836 6340
ashleymills 0:714293de3836 6341 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6342 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
ashleymills 0:714293de3836 6343 #endif
ashleymills 0:714293de3836 6344
ashleymills 0:714293de3836 6345 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6346 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
ashleymills 0:714293de3836 6347 #endif
ashleymills 0:714293de3836 6348
ashleymills 0:714293de3836 6349 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6350 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
ashleymills 0:714293de3836 6351 #endif
ashleymills 0:714293de3836 6352
ashleymills 0:714293de3836 6353 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6354 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
ashleymills 0:714293de3836 6355 #endif
ashleymills 0:714293de3836 6356
ashleymills 0:714293de3836 6357 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6358 TLS_RSA_WITH_AES_128_CBC_SHA256,
ashleymills 0:714293de3836 6359 #endif
ashleymills 0:714293de3836 6360
ashleymills 0:714293de3836 6361 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:714293de3836 6362 TLS_RSA_WITH_AES_256_CBC_SHA256,
ashleymills 0:714293de3836 6363 #endif
ashleymills 0:714293de3836 6364
ashleymills 0:714293de3836 6365 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6366 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
ashleymills 0:714293de3836 6367 #endif
ashleymills 0:714293de3836 6368
ashleymills 0:714293de3836 6369 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
ashleymills 0:714293de3836 6370 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
ashleymills 0:714293de3836 6371 #endif
ashleymills 0:714293de3836 6372
ashleymills 0:714293de3836 6373 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6374 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
ashleymills 0:714293de3836 6375 #endif
ashleymills 0:714293de3836 6376
ashleymills 0:714293de3836 6377 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6378 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
ashleymills 0:714293de3836 6379 #endif
ashleymills 0:714293de3836 6380
ashleymills 0:714293de3836 6381 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
ashleymills 0:714293de3836 6382 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
ashleymills 0:714293de3836 6383 #endif
ashleymills 0:714293de3836 6384
ashleymills 0:714293de3836 6385 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
ashleymills 0:714293de3836 6386 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
ashleymills 0:714293de3836 6387 #endif
ashleymills 0:714293de3836 6388
ashleymills 0:714293de3836 6389 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6390 TLS_ECDH_RSA_WITH_RC4_128_SHA,
ashleymills 0:714293de3836 6391 #endif
ashleymills 0:714293de3836 6392
ashleymills 0:714293de3836 6393 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6394 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
ashleymills 0:714293de3836 6395 #endif
ashleymills 0:714293de3836 6396
ashleymills 0:714293de3836 6397 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
ashleymills 0:714293de3836 6398 TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
ashleymills 0:714293de3836 6399 #endif
ashleymills 0:714293de3836 6400
ashleymills 0:714293de3836 6401 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
ashleymills 0:714293de3836 6402 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
ashleymills 0:714293de3836 6403 #endif
ashleymills 0:714293de3836 6404
ashleymills 0:714293de3836 6405 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6406 TLS_RSA_WITH_AES_128_GCM_SHA256,
ashleymills 0:714293de3836 6407 #endif
ashleymills 0:714293de3836 6408
ashleymills 0:714293de3836 6409 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6410 TLS_RSA_WITH_AES_256_GCM_SHA384,
ashleymills 0:714293de3836 6411 #endif
ashleymills 0:714293de3836 6412
ashleymills 0:714293de3836 6413 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6414 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
ashleymills 0:714293de3836 6415 #endif
ashleymills 0:714293de3836 6416
ashleymills 0:714293de3836 6417 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6418 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
ashleymills 0:714293de3836 6419 #endif
ashleymills 0:714293de3836 6420
ashleymills 0:714293de3836 6421 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6422 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
ashleymills 0:714293de3836 6423 #endif
ashleymills 0:714293de3836 6424
ashleymills 0:714293de3836 6425 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6426 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
ashleymills 0:714293de3836 6427 #endif
ashleymills 0:714293de3836 6428
ashleymills 0:714293de3836 6429 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6430 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
ashleymills 0:714293de3836 6431 #endif
ashleymills 0:714293de3836 6432
ashleymills 0:714293de3836 6433 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6434 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
ashleymills 0:714293de3836 6435 #endif
ashleymills 0:714293de3836 6436
ashleymills 0:714293de3836 6437 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6438 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
ashleymills 0:714293de3836 6439 #endif
ashleymills 0:714293de3836 6440
ashleymills 0:714293de3836 6441 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6442 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
ashleymills 0:714293de3836 6443 #endif
ashleymills 0:714293de3836 6444
ashleymills 0:714293de3836 6445 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
ashleymills 0:714293de3836 6446 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
ashleymills 0:714293de3836 6447 #endif
ashleymills 0:714293de3836 6448
ashleymills 0:714293de3836 6449 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
ashleymills 0:714293de3836 6450 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
ashleymills 0:714293de3836 6451 #endif
ashleymills 0:714293de3836 6452
ashleymills 0:714293de3836 6453 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:714293de3836 6454 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
ashleymills 0:714293de3836 6455 #endif
ashleymills 0:714293de3836 6456
ashleymills 0:714293de3836 6457 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
ashleymills 0:714293de3836 6458 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
ashleymills 0:714293de3836 6459 #endif
ashleymills 0:714293de3836 6460
ashleymills 0:714293de3836 6461 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
ashleymills 0:714293de3836 6462 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
ashleymills 0:714293de3836 6463 #endif
ashleymills 0:714293de3836 6464
ashleymills 0:714293de3836 6465 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
ashleymills 0:714293de3836 6466 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
ashleymills 0:714293de3836 6467 #endif
ashleymills 0:714293de3836 6468
ashleymills 0:714293de3836 6469 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:714293de3836 6470 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
ashleymills 0:714293de3836 6471 #endif
ashleymills 0:714293de3836 6472
ashleymills 0:714293de3836 6473 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
ashleymills 0:714293de3836 6474 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
ashleymills 0:714293de3836 6475 #endif
ashleymills 0:714293de3836 6476
ashleymills 0:714293de3836 6477 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:714293de3836 6478 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
ashleymills 0:714293de3836 6479 #endif
ashleymills 0:714293de3836 6480
ashleymills 0:714293de3836 6481 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
ashleymills 0:714293de3836 6482 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
ashleymills 0:714293de3836 6483 #endif
ashleymills 0:714293de3836 6484
ashleymills 0:714293de3836 6485 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6486 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
ashleymills 0:714293de3836 6487 #endif
ashleymills 0:714293de3836 6488
ashleymills 0:714293de3836 6489 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6490 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
ashleymills 0:714293de3836 6491 #endif
ashleymills 0:714293de3836 6492
ashleymills 0:714293de3836 6493 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6494 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
ashleymills 0:714293de3836 6495 #endif
ashleymills 0:714293de3836 6496
ashleymills 0:714293de3836 6497 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
ashleymills 0:714293de3836 6498 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
ashleymills 0:714293de3836 6499 #endif
ashleymills 0:714293de3836 6500
ashleymills 0:714293de3836 6501 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 6502 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
ashleymills 0:714293de3836 6503 #endif
ashleymills 0:714293de3836 6504
ashleymills 0:714293de3836 6505 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 6506 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
ashleymills 0:714293de3836 6507 #endif
ashleymills 0:714293de3836 6508
ashleymills 0:714293de3836 6509 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 6510 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
ashleymills 0:714293de3836 6511 #endif
ashleymills 0:714293de3836 6512
ashleymills 0:714293de3836 6513 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 6514 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
ashleymills 0:714293de3836 6515 #endif
ashleymills 0:714293de3836 6516 };
ashleymills 0:714293de3836 6517
ashleymills 0:714293de3836 6518
ashleymills 0:714293de3836 6519 /* return true if set, else false */
ashleymills 0:714293de3836 6520 /* only supports full name from cipher_name[] delimited by : */
ashleymills 0:714293de3836 6521 int SetCipherList(Suites* s, const char* list)
ashleymills 0:714293de3836 6522 {
ashleymills 0:714293de3836 6523 int ret = 0, i;
ashleymills 0:714293de3836 6524 char name[MAX_SUITE_NAME];
ashleymills 0:714293de3836 6525
ashleymills 0:714293de3836 6526 char needle[] = ":";
ashleymills 0:714293de3836 6527 char* haystack = (char*)list;
ashleymills 0:714293de3836 6528 char* prev;
ashleymills 0:714293de3836 6529
ashleymills 0:714293de3836 6530 const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]);
ashleymills 0:714293de3836 6531 int idx = 0;
ashleymills 0:714293de3836 6532 int haveRSA = 0, haveECDSA = 0;
ashleymills 0:714293de3836 6533
ashleymills 0:714293de3836 6534 if (s == NULL) {
ashleymills 0:714293de3836 6535 CYASSL_MSG("SetCipherList suite pointer error");
ashleymills 0:714293de3836 6536 return 0;
ashleymills 0:714293de3836 6537 }
ashleymills 0:714293de3836 6538
ashleymills 0:714293de3836 6539 if (!list)
ashleymills 0:714293de3836 6540 return 0;
ashleymills 0:714293de3836 6541
ashleymills 0:714293de3836 6542 if (*list == 0) return 1; /* CyaSSL default */
ashleymills 0:714293de3836 6543
ashleymills 0:714293de3836 6544 if (XSTRNCMP(haystack, "ALL", 3) == 0) return 1; /* CyaSSL defualt */
ashleymills 0:714293de3836 6545
ashleymills 0:714293de3836 6546 for(;;) {
ashleymills 0:714293de3836 6547 word32 len;
ashleymills 0:714293de3836 6548 prev = haystack;
ashleymills 0:714293de3836 6549 haystack = XSTRSTR(haystack, needle);
ashleymills 0:714293de3836 6550
ashleymills 0:714293de3836 6551 if (!haystack) /* last cipher */
ashleymills 0:714293de3836 6552 len = min(sizeof(name), (word32)XSTRLEN(prev));
ashleymills 0:714293de3836 6553 else
ashleymills 0:714293de3836 6554 len = min(sizeof(name), (word32)(haystack - prev));
ashleymills 0:714293de3836 6555
ashleymills 0:714293de3836 6556 XSTRNCPY(name, prev, len);
ashleymills 0:714293de3836 6557 name[(len == sizeof(name)) ? len - 1 : len] = 0;
ashleymills 0:714293de3836 6558
ashleymills 0:714293de3836 6559 for (i = 0; i < suiteSz; i++)
ashleymills 0:714293de3836 6560 if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
ashleymills 0:714293de3836 6561 if (XSTRSTR(name, "EC") || XSTRSTR(name, "CCM"))
ashleymills 0:714293de3836 6562 s->suites[idx++] = ECC_BYTE; /* ECC suite */
ashleymills 0:714293de3836 6563 else
ashleymills 0:714293de3836 6564 s->suites[idx++] = 0x00; /* normal */
ashleymills 0:714293de3836 6565 s->suites[idx++] = (byte)cipher_name_idx[i];
ashleymills 0:714293de3836 6566
ashleymills 0:714293de3836 6567 /* The suites are either ECDSA, RSA, or PSK. The RSA suites
ashleymills 0:714293de3836 6568 * don't necessarily have RSA in the name. */
ashleymills 0:714293de3836 6569 if ((haveECDSA == 0) && XSTRSTR(name, "ECDSA")) {
ashleymills 0:714293de3836 6570 haveECDSA = 1;
ashleymills 0:714293de3836 6571 }
ashleymills 0:714293de3836 6572 else if ((haveRSA == 0) && (XSTRSTR(name, "PSK") == NULL)) {
ashleymills 0:714293de3836 6573 haveRSA = 1;
ashleymills 0:714293de3836 6574 }
ashleymills 0:714293de3836 6575
ashleymills 0:714293de3836 6576 if (!ret) ret = 1; /* found at least one */
ashleymills 0:714293de3836 6577 break;
ashleymills 0:714293de3836 6578 }
ashleymills 0:714293de3836 6579 if (!haystack) break;
ashleymills 0:714293de3836 6580 haystack++;
ashleymills 0:714293de3836 6581 }
ashleymills 0:714293de3836 6582
ashleymills 0:714293de3836 6583 if (ret) {
ashleymills 0:714293de3836 6584 s->setSuites = 1;
ashleymills 0:714293de3836 6585 s->suiteSz = (word16)idx;
ashleymills 0:714293de3836 6586
ashleymills 0:714293de3836 6587 idx = 0;
ashleymills 0:714293de3836 6588
ashleymills 0:714293de3836 6589 if (haveECDSA) {
ashleymills 0:714293de3836 6590 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 6591 s->hashSigAlgo[idx++] = sha384_mac;
ashleymills 0:714293de3836 6592 s->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
ashleymills 0:714293de3836 6593 #endif
ashleymills 0:714293de3836 6594 #ifndef NO_SHA256
ashleymills 0:714293de3836 6595 s->hashSigAlgo[idx++] = sha256_mac;
ashleymills 0:714293de3836 6596 s->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
ashleymills 0:714293de3836 6597 #endif
ashleymills 0:714293de3836 6598 s->hashSigAlgo[idx++] = sha_mac;
ashleymills 0:714293de3836 6599 s->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
ashleymills 0:714293de3836 6600 }
ashleymills 0:714293de3836 6601
ashleymills 0:714293de3836 6602 if (haveRSA) {
ashleymills 0:714293de3836 6603 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 6604 s->hashSigAlgo[idx++] = sha384_mac;
ashleymills 0:714293de3836 6605 s->hashSigAlgo[idx++] = rsa_sa_algo;
ashleymills 0:714293de3836 6606 #endif
ashleymills 0:714293de3836 6607 #ifndef NO_SHA256
ashleymills 0:714293de3836 6608 s->hashSigAlgo[idx++] = sha256_mac;
ashleymills 0:714293de3836 6609 s->hashSigAlgo[idx++] = rsa_sa_algo;
ashleymills 0:714293de3836 6610 #endif
ashleymills 0:714293de3836 6611 s->hashSigAlgo[idx++] = sha_mac;
ashleymills 0:714293de3836 6612 s->hashSigAlgo[idx++] = rsa_sa_algo;
ashleymills 0:714293de3836 6613 }
ashleymills 0:714293de3836 6614
ashleymills 0:714293de3836 6615 s->hashSigAlgoSz = (word16)idx;
ashleymills 0:714293de3836 6616 }
ashleymills 0:714293de3836 6617
ashleymills 0:714293de3836 6618 return ret;
ashleymills 0:714293de3836 6619 }
ashleymills 0:714293de3836 6620
ashleymills 0:714293de3836 6621
ashleymills 0:714293de3836 6622 static void PickHashSigAlgo(CYASSL* ssl,
ashleymills 0:714293de3836 6623 const byte* hashSigAlgo, word32 hashSigAlgoSz)
ashleymills 0:714293de3836 6624 {
ashleymills 0:714293de3836 6625 word32 i;
ashleymills 0:714293de3836 6626
ashleymills 0:714293de3836 6627 ssl->suites->sigAlgo = ssl->specs.sig_algo;
ashleymills 0:714293de3836 6628 ssl->suites->hashAlgo = sha_mac;
ashleymills 0:714293de3836 6629
ashleymills 0:714293de3836 6630 for (i = 0; i < hashSigAlgoSz; i += 2) {
ashleymills 0:714293de3836 6631 if (hashSigAlgo[i+1] == ssl->specs.sig_algo) {
ashleymills 0:714293de3836 6632 if (hashSigAlgo[i] == sha_mac) {
ashleymills 0:714293de3836 6633 break;
ashleymills 0:714293de3836 6634 }
ashleymills 0:714293de3836 6635 #ifndef NO_SHA256
ashleymills 0:714293de3836 6636 else if (hashSigAlgo[i] == sha256_mac) {
ashleymills 0:714293de3836 6637 ssl->suites->hashAlgo = sha256_mac;
ashleymills 0:714293de3836 6638 break;
ashleymills 0:714293de3836 6639 }
ashleymills 0:714293de3836 6640 #endif
ashleymills 0:714293de3836 6641 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 6642 else if (hashSigAlgo[i] == sha384_mac) {
ashleymills 0:714293de3836 6643 ssl->suites->hashAlgo = sha384_mac;
ashleymills 0:714293de3836 6644 break;
ashleymills 0:714293de3836 6645 }
ashleymills 0:714293de3836 6646 #endif
ashleymills 0:714293de3836 6647 }
ashleymills 0:714293de3836 6648 }
ashleymills 0:714293de3836 6649 }
ashleymills 0:714293de3836 6650
ashleymills 0:714293de3836 6651
ashleymills 0:714293de3836 6652 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 6653
ashleymills 0:714293de3836 6654 /* Initialisze HandShakeInfo */
ashleymills 0:714293de3836 6655 void InitHandShakeInfo(HandShakeInfo* info)
ashleymills 0:714293de3836 6656 {
ashleymills 0:714293de3836 6657 int i;
ashleymills 0:714293de3836 6658
ashleymills 0:714293de3836 6659 info->cipherName[0] = 0;
ashleymills 0:714293de3836 6660 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
ashleymills 0:714293de3836 6661 info->packetNames[i][0] = 0;
ashleymills 0:714293de3836 6662 info->numberPackets = 0;
ashleymills 0:714293de3836 6663 info->negotiationError = 0;
ashleymills 0:714293de3836 6664 }
ashleymills 0:714293de3836 6665
ashleymills 0:714293de3836 6666 /* Set Final HandShakeInfo parameters */
ashleymills 0:714293de3836 6667 void FinishHandShakeInfo(HandShakeInfo* info, const CYASSL* ssl)
ashleymills 0:714293de3836 6668 {
ashleymills 0:714293de3836 6669 int i;
ashleymills 0:714293de3836 6670 int sz = sizeof(cipher_name_idx)/sizeof(int);
ashleymills 0:714293de3836 6671
ashleymills 0:714293de3836 6672 for (i = 0; i < sz; i++)
ashleymills 0:714293de3836 6673 if (ssl->options.cipherSuite == (byte)cipher_name_idx[i]) {
ashleymills 0:714293de3836 6674 if (ssl->options.cipherSuite0 == ECC_BYTE)
ashleymills 0:714293de3836 6675 continue; /* ECC suites at end */
ashleymills 0:714293de3836 6676 XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ);
ashleymills 0:714293de3836 6677 break;
ashleymills 0:714293de3836 6678 }
ashleymills 0:714293de3836 6679
ashleymills 0:714293de3836 6680 /* error max and min are negative numbers */
ashleymills 0:714293de3836 6681 if (ssl->error <= MIN_PARAM_ERR && ssl->error >= MAX_PARAM_ERR)
ashleymills 0:714293de3836 6682 info->negotiationError = ssl->error;
ashleymills 0:714293de3836 6683 }
ashleymills 0:714293de3836 6684
ashleymills 0:714293de3836 6685
ashleymills 0:714293de3836 6686 /* Add name to info packet names, increase packet name count */
ashleymills 0:714293de3836 6687 void AddPacketName(const char* name, HandShakeInfo* info)
ashleymills 0:714293de3836 6688 {
ashleymills 0:714293de3836 6689 if (info->numberPackets < MAX_PACKETS_HANDSHAKE) {
ashleymills 0:714293de3836 6690 XSTRNCPY(info->packetNames[info->numberPackets++], name,
ashleymills 0:714293de3836 6691 MAX_PACKETNAME_SZ);
ashleymills 0:714293de3836 6692 }
ashleymills 0:714293de3836 6693 }
ashleymills 0:714293de3836 6694
ashleymills 0:714293de3836 6695
ashleymills 0:714293de3836 6696 /* Initialisze TimeoutInfo */
ashleymills 0:714293de3836 6697 void InitTimeoutInfo(TimeoutInfo* info)
ashleymills 0:714293de3836 6698 {
ashleymills 0:714293de3836 6699 int i;
ashleymills 0:714293de3836 6700
ashleymills 0:714293de3836 6701 info->timeoutName[0] = 0;
ashleymills 0:714293de3836 6702 info->flags = 0;
ashleymills 0:714293de3836 6703
ashleymills 0:714293de3836 6704 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) {
ashleymills 0:714293de3836 6705 info->packets[i].packetName[0] = 0;
ashleymills 0:714293de3836 6706 info->packets[i].timestamp.tv_sec = 0;
ashleymills 0:714293de3836 6707 info->packets[i].timestamp.tv_usec = 0;
ashleymills 0:714293de3836 6708 info->packets[i].bufferValue = 0;
ashleymills 0:714293de3836 6709 info->packets[i].valueSz = 0;
ashleymills 0:714293de3836 6710 }
ashleymills 0:714293de3836 6711 info->numberPackets = 0;
ashleymills 0:714293de3836 6712 info->timeoutValue.tv_sec = 0;
ashleymills 0:714293de3836 6713 info->timeoutValue.tv_usec = 0;
ashleymills 0:714293de3836 6714 }
ashleymills 0:714293de3836 6715
ashleymills 0:714293de3836 6716
ashleymills 0:714293de3836 6717 /* Free TimeoutInfo */
ashleymills 0:714293de3836 6718 void FreeTimeoutInfo(TimeoutInfo* info, void* heap)
ashleymills 0:714293de3836 6719 {
ashleymills 0:714293de3836 6720 int i;
ashleymills 0:714293de3836 6721 (void)heap;
ashleymills 0:714293de3836 6722 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
ashleymills 0:714293de3836 6723 if (info->packets[i].bufferValue) {
ashleymills 0:714293de3836 6724 XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO);
ashleymills 0:714293de3836 6725 info->packets[i].bufferValue = 0;
ashleymills 0:714293de3836 6726 }
ashleymills 0:714293de3836 6727
ashleymills 0:714293de3836 6728 }
ashleymills 0:714293de3836 6729
ashleymills 0:714293de3836 6730
ashleymills 0:714293de3836 6731 /* Add PacketInfo to TimeoutInfo */
ashleymills 0:714293de3836 6732 void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data,
ashleymills 0:714293de3836 6733 int sz, void* heap)
ashleymills 0:714293de3836 6734 {
ashleymills 0:714293de3836 6735 if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) {
ashleymills 0:714293de3836 6736 Timeval currTime;
ashleymills 0:714293de3836 6737
ashleymills 0:714293de3836 6738 /* may add name after */
ashleymills 0:714293de3836 6739 if (name)
ashleymills 0:714293de3836 6740 XSTRNCPY(info->packets[info->numberPackets].packetName, name,
ashleymills 0:714293de3836 6741 MAX_PACKETNAME_SZ);
ashleymills 0:714293de3836 6742
ashleymills 0:714293de3836 6743 /* add data, put in buffer if bigger than static buffer */
ashleymills 0:714293de3836 6744 info->packets[info->numberPackets].valueSz = sz;
ashleymills 0:714293de3836 6745 if (sz < MAX_VALUE_SZ)
ashleymills 0:714293de3836 6746 XMEMCPY(info->packets[info->numberPackets].value, data, sz);
ashleymills 0:714293de3836 6747 else {
ashleymills 0:714293de3836 6748 info->packets[info->numberPackets].bufferValue =
ashleymills 0:714293de3836 6749 XMALLOC(sz, heap, DYNAMIC_TYPE_INFO);
ashleymills 0:714293de3836 6750 if (!info->packets[info->numberPackets].bufferValue)
ashleymills 0:714293de3836 6751 /* let next alloc catch, just don't fill, not fatal here */
ashleymills 0:714293de3836 6752 info->packets[info->numberPackets].valueSz = 0;
ashleymills 0:714293de3836 6753 else
ashleymills 0:714293de3836 6754 XMEMCPY(info->packets[info->numberPackets].bufferValue,
ashleymills 0:714293de3836 6755 data, sz);
ashleymills 0:714293de3836 6756 }
ashleymills 0:714293de3836 6757 gettimeofday(&currTime, 0);
ashleymills 0:714293de3836 6758 info->packets[info->numberPackets].timestamp.tv_sec =
ashleymills 0:714293de3836 6759 currTime.tv_sec;
ashleymills 0:714293de3836 6760 info->packets[info->numberPackets].timestamp.tv_usec =
ashleymills 0:714293de3836 6761 currTime.tv_usec;
ashleymills 0:714293de3836 6762 info->numberPackets++;
ashleymills 0:714293de3836 6763 }
ashleymills 0:714293de3836 6764 }
ashleymills 0:714293de3836 6765
ashleymills 0:714293de3836 6766
ashleymills 0:714293de3836 6767 /* Add packet name to previsouly added packet info */
ashleymills 0:714293de3836 6768 void AddLateName(const char* name, TimeoutInfo* info)
ashleymills 0:714293de3836 6769 {
ashleymills 0:714293de3836 6770 /* make sure we have a valid previous one */
ashleymills 0:714293de3836 6771 if (info->numberPackets > 0 && info->numberPackets <
ashleymills 0:714293de3836 6772 MAX_PACKETS_HANDSHAKE) {
ashleymills 0:714293de3836 6773 XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name,
ashleymills 0:714293de3836 6774 MAX_PACKETNAME_SZ);
ashleymills 0:714293de3836 6775 }
ashleymills 0:714293de3836 6776 }
ashleymills 0:714293de3836 6777
ashleymills 0:714293de3836 6778 /* Add record header to previsouly added packet info */
ashleymills 0:714293de3836 6779 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info)
ashleymills 0:714293de3836 6780 {
ashleymills 0:714293de3836 6781 /* make sure we have a valid previous one */
ashleymills 0:714293de3836 6782 if (info->numberPackets > 0 && info->numberPackets <
ashleymills 0:714293de3836 6783 MAX_PACKETS_HANDSHAKE) {
ashleymills 0:714293de3836 6784 if (info->packets[info->numberPackets - 1].bufferValue)
ashleymills 0:714293de3836 6785 XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl,
ashleymills 0:714293de3836 6786 RECORD_HEADER_SZ);
ashleymills 0:714293de3836 6787 else
ashleymills 0:714293de3836 6788 XMEMCPY(info->packets[info->numberPackets - 1].value, rl,
ashleymills 0:714293de3836 6789 RECORD_HEADER_SZ);
ashleymills 0:714293de3836 6790 }
ashleymills 0:714293de3836 6791 }
ashleymills 0:714293de3836 6792
ashleymills 0:714293de3836 6793 #endif /* CYASSL_CALLBACKS */
ashleymills 0:714293de3836 6794
ashleymills 0:714293de3836 6795
ashleymills 0:714293de3836 6796
ashleymills 0:714293de3836 6797 /* client only parts */
ashleymills 0:714293de3836 6798 #ifndef NO_CYASSL_CLIENT
ashleymills 0:714293de3836 6799
ashleymills 0:714293de3836 6800 int SendClientHello(CYASSL* ssl)
ashleymills 0:714293de3836 6801 {
ashleymills 0:714293de3836 6802 byte *output;
ashleymills 0:714293de3836 6803 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 6804 int sendSz;
ashleymills 0:714293de3836 6805 int idSz = ssl->options.resuming ? ID_LEN : 0;
ashleymills 0:714293de3836 6806 int ret;
ashleymills 0:714293de3836 6807
ashleymills 0:714293de3836 6808 if (ssl->suites == NULL) {
ashleymills 0:714293de3836 6809 CYASSL_MSG("Bad suites pointer in SendClientHello");
ashleymills 0:714293de3836 6810 return SUITES_ERROR;
ashleymills 0:714293de3836 6811 }
ashleymills 0:714293de3836 6812
ashleymills 0:714293de3836 6813 length = VERSION_SZ + RAN_LEN
ashleymills 0:714293de3836 6814 + idSz + ENUM_LEN
ashleymills 0:714293de3836 6815 + ssl->suites->suiteSz + SUITE_LEN
ashleymills 0:714293de3836 6816 + COMP_LEN + ENUM_LEN;
ashleymills 0:714293de3836 6817
ashleymills 0:714293de3836 6818 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 6819 length += TLSX_GetRequestSize(ssl);
ashleymills 0:714293de3836 6820 #else
ashleymills 0:714293de3836 6821 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
ashleymills 0:714293de3836 6822 length += ssl->suites->hashSigAlgoSz + HELLO_EXT_SZ;
ashleymills 0:714293de3836 6823 }
ashleymills 0:714293de3836 6824 #endif
ashleymills 0:714293de3836 6825 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
ashleymills 0:714293de3836 6826
ashleymills 0:714293de3836 6827 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 6828 if (ssl->options.dtls) {
ashleymills 0:714293de3836 6829 length += ENUM_LEN; /* cookie */
ashleymills 0:714293de3836 6830 if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz;
ashleymills 0:714293de3836 6831 sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
ashleymills 0:714293de3836 6832 idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 6833 }
ashleymills 0:714293de3836 6834 #endif
ashleymills 0:714293de3836 6835
ashleymills 0:714293de3836 6836 /* check for available size */
ashleymills 0:714293de3836 6837 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
ashleymills 0:714293de3836 6838 return ret;
ashleymills 0:714293de3836 6839
ashleymills 0:714293de3836 6840 /* get ouput buffer */
ashleymills 0:714293de3836 6841 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 6842 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 6843
ashleymills 0:714293de3836 6844 AddHeaders(output, length, client_hello, ssl);
ashleymills 0:714293de3836 6845
ashleymills 0:714293de3836 6846 /* client hello, first version */
ashleymills 0:714293de3836 6847 output[idx++] = ssl->version.major;
ashleymills 0:714293de3836 6848 output[idx++] = ssl->version.minor;
ashleymills 0:714293de3836 6849 ssl->chVersion = ssl->version; /* store in case changed */
ashleymills 0:714293de3836 6850
ashleymills 0:714293de3836 6851 /* then random */
ashleymills 0:714293de3836 6852 if (ssl->options.connectState == CONNECT_BEGIN) {
ashleymills 0:714293de3836 6853 RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
ashleymills 0:714293de3836 6854
ashleymills 0:714293de3836 6855 /* store random */
ashleymills 0:714293de3836 6856 XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN);
ashleymills 0:714293de3836 6857 } else {
ashleymills 0:714293de3836 6858 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 6859 /* send same random on hello again */
ashleymills 0:714293de3836 6860 XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 6861 #endif
ashleymills 0:714293de3836 6862 }
ashleymills 0:714293de3836 6863 idx += RAN_LEN;
ashleymills 0:714293de3836 6864
ashleymills 0:714293de3836 6865 /* then session id */
ashleymills 0:714293de3836 6866 output[idx++] = (byte)idSz;
ashleymills 0:714293de3836 6867 if (idSz) {
ashleymills 0:714293de3836 6868 XMEMCPY(output + idx, ssl->session.sessionID, ID_LEN);
ashleymills 0:714293de3836 6869 idx += ID_LEN;
ashleymills 0:714293de3836 6870 }
ashleymills 0:714293de3836 6871
ashleymills 0:714293de3836 6872 /* then DTLS cookie */
ashleymills 0:714293de3836 6873 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 6874 if (ssl->options.dtls) {
ashleymills 0:714293de3836 6875 byte cookieSz = ssl->arrays->cookieSz;
ashleymills 0:714293de3836 6876
ashleymills 0:714293de3836 6877 output[idx++] = cookieSz;
ashleymills 0:714293de3836 6878 if (cookieSz) {
ashleymills 0:714293de3836 6879 XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz);
ashleymills 0:714293de3836 6880 idx += cookieSz;
ashleymills 0:714293de3836 6881 }
ashleymills 0:714293de3836 6882 }
ashleymills 0:714293de3836 6883 #endif
ashleymills 0:714293de3836 6884 /* then cipher suites */
ashleymills 0:714293de3836 6885 c16toa(ssl->suites->suiteSz, output + idx);
ashleymills 0:714293de3836 6886 idx += 2;
ashleymills 0:714293de3836 6887 XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz);
ashleymills 0:714293de3836 6888 idx += ssl->suites->suiteSz;
ashleymills 0:714293de3836 6889
ashleymills 0:714293de3836 6890 /* last, compression */
ashleymills 0:714293de3836 6891 output[idx++] = COMP_LEN;
ashleymills 0:714293de3836 6892 if (ssl->options.usingCompression)
ashleymills 0:714293de3836 6893 output[idx++] = ZLIB_COMPRESSION;
ashleymills 0:714293de3836 6894 else
ashleymills 0:714293de3836 6895 output[idx++] = NO_COMPRESSION;
ashleymills 0:714293de3836 6896
ashleymills 0:714293de3836 6897 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 6898 idx += TLSX_WriteRequest(ssl, output + idx);
ashleymills 0:714293de3836 6899
ashleymills 0:714293de3836 6900 (void)idx; /* suppress analyzer warning, keep idx current */
ashleymills 0:714293de3836 6901 #else
ashleymills 0:714293de3836 6902 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
ashleymills 0:714293de3836 6903 {
ashleymills 0:714293de3836 6904 int i;
ashleymills 0:714293de3836 6905 /* add in the extensions length */
ashleymills 0:714293de3836 6906 c16toa(HELLO_EXT_LEN + ssl->suites->hashSigAlgoSz, output + idx);
ashleymills 0:714293de3836 6907 idx += 2;
ashleymills 0:714293de3836 6908
ashleymills 0:714293de3836 6909 c16toa(HELLO_EXT_SIG_ALGO, output + idx);
ashleymills 0:714293de3836 6910 idx += 2;
ashleymills 0:714293de3836 6911 c16toa(HELLO_EXT_SIGALGO_SZ+ssl->suites->hashSigAlgoSz, output+idx);
ashleymills 0:714293de3836 6912 idx += 2;
ashleymills 0:714293de3836 6913 c16toa(ssl->suites->hashSigAlgoSz, output + idx);
ashleymills 0:714293de3836 6914 idx += 2;
ashleymills 0:714293de3836 6915 for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) {
ashleymills 0:714293de3836 6916 output[idx] = ssl->suites->hashSigAlgo[i];
ashleymills 0:714293de3836 6917 }
ashleymills 0:714293de3836 6918 }
ashleymills 0:714293de3836 6919 #endif
ashleymills 0:714293de3836 6920
ashleymills 0:714293de3836 6921 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 6922 if (ssl->options.dtls) {
ashleymills 0:714293de3836 6923 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 6924 return ret;
ashleymills 0:714293de3836 6925 }
ashleymills 0:714293de3836 6926 #endif
ashleymills 0:714293de3836 6927 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 6928
ashleymills 0:714293de3836 6929 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
ashleymills 0:714293de3836 6930
ashleymills 0:714293de3836 6931 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 6932 if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
ashleymills 0:714293de3836 6933 if (ssl->toInfoOn)
ashleymills 0:714293de3836 6934 AddPacketInfo("ClientHello", &ssl->timeoutInfo, output, sendSz,
ashleymills 0:714293de3836 6935 ssl->heap);
ashleymills 0:714293de3836 6936 #endif
ashleymills 0:714293de3836 6937
ashleymills 0:714293de3836 6938 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 6939
ashleymills 0:714293de3836 6940 return SendBuffered(ssl);
ashleymills 0:714293de3836 6941 }
ashleymills 0:714293de3836 6942
ashleymills 0:714293de3836 6943
ashleymills 0:714293de3836 6944 static int DoHelloVerifyRequest(CYASSL* ssl, const byte* input,
ashleymills 0:714293de3836 6945 word32* inOutIdx)
ashleymills 0:714293de3836 6946 {
ashleymills 0:714293de3836 6947 ProtocolVersion pv;
ashleymills 0:714293de3836 6948 byte cookieSz;
ashleymills 0:714293de3836 6949
ashleymills 0:714293de3836 6950 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 6951 if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest",
ashleymills 0:714293de3836 6952 &ssl->handShakeInfo);
ashleymills 0:714293de3836 6953 if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo);
ashleymills 0:714293de3836 6954 #endif
ashleymills 0:714293de3836 6955 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 6956 if (ssl->options.dtls) {
ashleymills 0:714293de3836 6957 DtlsPoolReset(ssl);
ashleymills 0:714293de3836 6958 }
ashleymills 0:714293de3836 6959 #endif
ashleymills 0:714293de3836 6960 XMEMCPY(&pv, input + *inOutIdx, sizeof(pv));
ashleymills 0:714293de3836 6961 *inOutIdx += (word32)sizeof(pv);
ashleymills 0:714293de3836 6962
ashleymills 0:714293de3836 6963 cookieSz = input[(*inOutIdx)++];
ashleymills 0:714293de3836 6964
ashleymills 0:714293de3836 6965 if (cookieSz) {
ashleymills 0:714293de3836 6966 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 6967 if (cookieSz <= MAX_COOKIE_LEN) {
ashleymills 0:714293de3836 6968 XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz);
ashleymills 0:714293de3836 6969 ssl->arrays->cookieSz = cookieSz;
ashleymills 0:714293de3836 6970 }
ashleymills 0:714293de3836 6971 #endif
ashleymills 0:714293de3836 6972 *inOutIdx += cookieSz;
ashleymills 0:714293de3836 6973 }
ashleymills 0:714293de3836 6974
ashleymills 0:714293de3836 6975 ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
ashleymills 0:714293de3836 6976 return 0;
ashleymills 0:714293de3836 6977 }
ashleymills 0:714293de3836 6978
ashleymills 0:714293de3836 6979
ashleymills 0:714293de3836 6980 static int DoServerHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
ashleymills 0:714293de3836 6981 word32 helloSz)
ashleymills 0:714293de3836 6982 {
ashleymills 0:714293de3836 6983 byte b;
ashleymills 0:714293de3836 6984 byte compression;
ashleymills 0:714293de3836 6985 ProtocolVersion pv;
ashleymills 0:714293de3836 6986 word32 i = *inOutIdx;
ashleymills 0:714293de3836 6987 word32 begin = i;
ashleymills 0:714293de3836 6988
ashleymills 0:714293de3836 6989 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 6990 if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
ashleymills 0:714293de3836 6991 if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
ashleymills 0:714293de3836 6992 #endif
ashleymills 0:714293de3836 6993 XMEMCPY(&pv, input + i, sizeof(pv));
ashleymills 0:714293de3836 6994 i += (word32)sizeof(pv);
ashleymills 0:714293de3836 6995 if (pv.minor > ssl->version.minor) {
ashleymills 0:714293de3836 6996 CYASSL_MSG("Server using higher version, fatal error");
ashleymills 0:714293de3836 6997 return VERSION_ERROR;
ashleymills 0:714293de3836 6998 }
ashleymills 0:714293de3836 6999 else if (pv.minor < ssl->version.minor) {
ashleymills 0:714293de3836 7000 CYASSL_MSG("server using lower version");
ashleymills 0:714293de3836 7001 if (!ssl->options.downgrade) {
ashleymills 0:714293de3836 7002 CYASSL_MSG(" no downgrade allowed, fatal error");
ashleymills 0:714293de3836 7003 return VERSION_ERROR;
ashleymills 0:714293de3836 7004 }
ashleymills 0:714293de3836 7005 else if (pv.minor == SSLv3_MINOR) {
ashleymills 0:714293de3836 7006 /* turn off tls */
ashleymills 0:714293de3836 7007 CYASSL_MSG(" downgrading to SSLv3");
ashleymills 0:714293de3836 7008 ssl->options.tls = 0;
ashleymills 0:714293de3836 7009 ssl->options.tls1_1 = 0;
ashleymills 0:714293de3836 7010 ssl->version.minor = SSLv3_MINOR;
ashleymills 0:714293de3836 7011 }
ashleymills 0:714293de3836 7012 else if (pv.minor == TLSv1_MINOR) {
ashleymills 0:714293de3836 7013 /* turn off tls 1.1+ */
ashleymills 0:714293de3836 7014 CYASSL_MSG(" downgrading to TLSv1");
ashleymills 0:714293de3836 7015 ssl->options.tls1_1 = 0;
ashleymills 0:714293de3836 7016 ssl->version.minor = TLSv1_MINOR;
ashleymills 0:714293de3836 7017 }
ashleymills 0:714293de3836 7018 else if (pv.minor == TLSv1_1_MINOR) {
ashleymills 0:714293de3836 7019 CYASSL_MSG(" downgrading to TLSv1.1");
ashleymills 0:714293de3836 7020 ssl->version.minor = TLSv1_1_MINOR;
ashleymills 0:714293de3836 7021 }
ashleymills 0:714293de3836 7022 }
ashleymills 0:714293de3836 7023 XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
ashleymills 0:714293de3836 7024 i += RAN_LEN;
ashleymills 0:714293de3836 7025 b = input[i++];
ashleymills 0:714293de3836 7026 if (b) {
ashleymills 0:714293de3836 7027 XMEMCPY(ssl->arrays->sessionID, input + i, min(b, ID_LEN));
ashleymills 0:714293de3836 7028 i += b;
ashleymills 0:714293de3836 7029 ssl->options.haveSessionId = 1;
ashleymills 0:714293de3836 7030 }
ashleymills 0:714293de3836 7031 ssl->options.cipherSuite0 = input[i++];
ashleymills 0:714293de3836 7032 ssl->options.cipherSuite = input[i++];
ashleymills 0:714293de3836 7033 compression = input[i++];
ashleymills 0:714293de3836 7034
ashleymills 0:714293de3836 7035 if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) {
ashleymills 0:714293de3836 7036 CYASSL_MSG("Server refused compression, turning off");
ashleymills 0:714293de3836 7037 ssl->options.usingCompression = 0; /* turn off if server refused */
ashleymills 0:714293de3836 7038 }
ashleymills 0:714293de3836 7039
ashleymills 0:714293de3836 7040 *inOutIdx = i;
ashleymills 0:714293de3836 7041 if ( (i - begin) < helloSz) {
ashleymills 0:714293de3836 7042 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 7043 if (IsTLS(ssl)) {
ashleymills 0:714293de3836 7044 int ret = 0;
ashleymills 0:714293de3836 7045 word16 totalExtSz;
ashleymills 0:714293de3836 7046 Suites clSuites; /* just for compatibility right now */
ashleymills 0:714293de3836 7047
ashleymills 0:714293de3836 7048 ato16(&input[i], &totalExtSz);
ashleymills 0:714293de3836 7049 i += LENGTH_SZ;
ashleymills 0:714293de3836 7050 if (totalExtSz > helloSz + begin - i)
ashleymills 0:714293de3836 7051 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 7052
ashleymills 0:714293de3836 7053 if ((ret = TLSX_Parse(ssl, (byte *) input + i,
ashleymills 0:714293de3836 7054 totalExtSz, 0, &clSuites)))
ashleymills 0:714293de3836 7055 return ret;
ashleymills 0:714293de3836 7056
ashleymills 0:714293de3836 7057 i += totalExtSz;
ashleymills 0:714293de3836 7058 *inOutIdx = i;
ashleymills 0:714293de3836 7059 }
ashleymills 0:714293de3836 7060 else
ashleymills 0:714293de3836 7061 #endif
ashleymills 0:714293de3836 7062 *inOutIdx = begin + helloSz; /* skip extensions */
ashleymills 0:714293de3836 7063 }
ashleymills 0:714293de3836 7064
ashleymills 0:714293de3836 7065 ssl->options.serverState = SERVER_HELLO_COMPLETE;
ashleymills 0:714293de3836 7066
ashleymills 0:714293de3836 7067 if (ssl->options.resuming) {
ashleymills 0:714293de3836 7068 if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
ashleymills 0:714293de3836 7069 ssl->session.sessionID, ID_LEN) == 0) {
ashleymills 0:714293de3836 7070 if (SetCipherSpecs(ssl) == 0) {
ashleymills 0:714293de3836 7071 int ret = -1;
ashleymills 0:714293de3836 7072 XMEMCPY(ssl->arrays->masterSecret,
ashleymills 0:714293de3836 7073 ssl->session.masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 7074 #ifdef NO_OLD_TLS
ashleymills 0:714293de3836 7075 ret = DeriveTlsKeys(ssl);
ashleymills 0:714293de3836 7076 #else
ashleymills 0:714293de3836 7077 #ifndef NO_TLS
ashleymills 0:714293de3836 7078 if (ssl->options.tls)
ashleymills 0:714293de3836 7079 ret = DeriveTlsKeys(ssl);
ashleymills 0:714293de3836 7080 #endif
ashleymills 0:714293de3836 7081 if (!ssl->options.tls)
ashleymills 0:714293de3836 7082 ret = DeriveKeys(ssl);
ashleymills 0:714293de3836 7083 #endif
ashleymills 0:714293de3836 7084 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
ashleymills 0:714293de3836 7085 return ret;
ashleymills 0:714293de3836 7086 }
ashleymills 0:714293de3836 7087 else {
ashleymills 0:714293de3836 7088 CYASSL_MSG("Unsupported cipher suite, DoServerHello");
ashleymills 0:714293de3836 7089 return UNSUPPORTED_SUITE;
ashleymills 0:714293de3836 7090 }
ashleymills 0:714293de3836 7091 }
ashleymills 0:714293de3836 7092 else {
ashleymills 0:714293de3836 7093 CYASSL_MSG("Server denied resumption attempt");
ashleymills 0:714293de3836 7094 ssl->options.resuming = 0; /* server denied resumption try */
ashleymills 0:714293de3836 7095 }
ashleymills 0:714293de3836 7096 }
ashleymills 0:714293de3836 7097 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 7098 if (ssl->options.dtls) {
ashleymills 0:714293de3836 7099 DtlsPoolReset(ssl);
ashleymills 0:714293de3836 7100 }
ashleymills 0:714293de3836 7101 #endif
ashleymills 0:714293de3836 7102 return SetCipherSpecs(ssl);
ashleymills 0:714293de3836 7103 }
ashleymills 0:714293de3836 7104
ashleymills 0:714293de3836 7105
ashleymills 0:714293de3836 7106 #ifndef NO_CERTS
ashleymills 0:714293de3836 7107 /* just read in and ignore for now TODO: */
ashleymills 0:714293de3836 7108 static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*
ashleymills 0:714293de3836 7109 inOutIdx)
ashleymills 0:714293de3836 7110 {
ashleymills 0:714293de3836 7111 word16 len;
ashleymills 0:714293de3836 7112
ashleymills 0:714293de3836 7113 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 7114 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 7115 AddPacketName("CertificateRequest", &ssl->handShakeInfo);
ashleymills 0:714293de3836 7116 if (ssl->toInfoOn)
ashleymills 0:714293de3836 7117 AddLateName("CertificateRequest", &ssl->timeoutInfo);
ashleymills 0:714293de3836 7118 #endif
ashleymills 0:714293de3836 7119 len = input[(*inOutIdx)++];
ashleymills 0:714293de3836 7120
ashleymills 0:714293de3836 7121 /* types, read in here */
ashleymills 0:714293de3836 7122 *inOutIdx += len;
ashleymills 0:714293de3836 7123
ashleymills 0:714293de3836 7124 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 7125 /* hash sig format */
ashleymills 0:714293de3836 7126 ato16(&input[*inOutIdx], &len);
ashleymills 0:714293de3836 7127 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 7128 PickHashSigAlgo(ssl, &input[*inOutIdx], len);
ashleymills 0:714293de3836 7129 *inOutIdx += len;
ashleymills 0:714293de3836 7130 }
ashleymills 0:714293de3836 7131
ashleymills 0:714293de3836 7132 /* authorities */
ashleymills 0:714293de3836 7133 ato16(&input[*inOutIdx], &len);
ashleymills 0:714293de3836 7134 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 7135 while (len) {
ashleymills 0:714293de3836 7136 word16 dnSz;
ashleymills 0:714293de3836 7137
ashleymills 0:714293de3836 7138 ato16(&input[*inOutIdx], &dnSz);
ashleymills 0:714293de3836 7139 *inOutIdx += (REQUEST_HEADER + dnSz);
ashleymills 0:714293de3836 7140 len -= dnSz + REQUEST_HEADER;
ashleymills 0:714293de3836 7141 }
ashleymills 0:714293de3836 7142
ashleymills 0:714293de3836 7143 /* don't send client cert or cert verify if user hasn't provided
ashleymills 0:714293de3836 7144 cert and private key */
ashleymills 0:714293de3836 7145 if (ssl->buffers.certificate.buffer && ssl->buffers.key.buffer)
ashleymills 0:714293de3836 7146 ssl->options.sendVerify = SEND_CERT;
ashleymills 0:714293de3836 7147 else if (IsAtLeastTLSv1_2(ssl))
ashleymills 0:714293de3836 7148 ssl->options.sendVerify = SEND_BLANK_CERT;
ashleymills 0:714293de3836 7149
ashleymills 0:714293de3836 7150 return 0;
ashleymills 0:714293de3836 7151 }
ashleymills 0:714293de3836 7152 #endif /* !NO_CERTS */
ashleymills 0:714293de3836 7153
ashleymills 0:714293de3836 7154
ashleymills 0:714293de3836 7155 static int DoServerKeyExchange(CYASSL* ssl, const byte* input,
ashleymills 0:714293de3836 7156 word32* inOutIdx)
ashleymills 0:714293de3836 7157 {
ashleymills 0:714293de3836 7158 #if defined(OPENSSL_EXTRA) || defined(HAVE_ECC)
ashleymills 0:714293de3836 7159 word16 length = 0;
ashleymills 0:714293de3836 7160 word16 sigLen = 0;
ashleymills 0:714293de3836 7161 word16 verifySz = (word16)*inOutIdx; /* keep start idx */
ashleymills 0:714293de3836 7162 byte* signature = 0;
ashleymills 0:714293de3836 7163 #endif
ashleymills 0:714293de3836 7164
ashleymills 0:714293de3836 7165 (void)ssl;
ashleymills 0:714293de3836 7166 (void)input;
ashleymills 0:714293de3836 7167 (void)inOutIdx;
ashleymills 0:714293de3836 7168
ashleymills 0:714293de3836 7169 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 7170 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 7171 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
ashleymills 0:714293de3836 7172 if (ssl->toInfoOn)
ashleymills 0:714293de3836 7173 AddLateName("ServerKeyExchange", &ssl->timeoutInfo);
ashleymills 0:714293de3836 7174 #endif
ashleymills 0:714293de3836 7175
ashleymills 0:714293de3836 7176 #ifndef NO_PSK
ashleymills 0:714293de3836 7177 if (ssl->specs.kea == psk_kea) {
ashleymills 0:714293de3836 7178 word16 pskLen = 0;
ashleymills 0:714293de3836 7179 ato16(&input[*inOutIdx], &pskLen);
ashleymills 0:714293de3836 7180 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 7181 XMEMCPY(ssl->arrays->server_hint, &input[*inOutIdx],
ashleymills 0:714293de3836 7182 min(pskLen, MAX_PSK_ID_LEN));
ashleymills 0:714293de3836 7183 if (pskLen < MAX_PSK_ID_LEN)
ashleymills 0:714293de3836 7184 ssl->arrays->server_hint[pskLen] = 0;
ashleymills 0:714293de3836 7185 else
ashleymills 0:714293de3836 7186 ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = 0;
ashleymills 0:714293de3836 7187 *inOutIdx += pskLen;
ashleymills 0:714293de3836 7188
ashleymills 0:714293de3836 7189 return 0;
ashleymills 0:714293de3836 7190 }
ashleymills 0:714293de3836 7191 #endif
ashleymills 0:714293de3836 7192 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 7193 if (ssl->specs.kea == diffie_hellman_kea)
ashleymills 0:714293de3836 7194 {
ashleymills 0:714293de3836 7195 /* p */
ashleymills 0:714293de3836 7196 ato16(&input[*inOutIdx], &length);
ashleymills 0:714293de3836 7197 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 7198
ashleymills 0:714293de3836 7199 ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
ashleymills 0:714293de3836 7200 DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 7201 if (ssl->buffers.serverDH_P.buffer)
ashleymills 0:714293de3836 7202 ssl->buffers.serverDH_P.length = length;
ashleymills 0:714293de3836 7203 else
ashleymills 0:714293de3836 7204 return MEMORY_ERROR;
ashleymills 0:714293de3836 7205 XMEMCPY(ssl->buffers.serverDH_P.buffer, &input[*inOutIdx], length);
ashleymills 0:714293de3836 7206 *inOutIdx += length;
ashleymills 0:714293de3836 7207
ashleymills 0:714293de3836 7208 /* g */
ashleymills 0:714293de3836 7209 ato16(&input[*inOutIdx], &length);
ashleymills 0:714293de3836 7210 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 7211
ashleymills 0:714293de3836 7212 ssl->buffers.serverDH_G.buffer = (byte*) XMALLOC(length, ssl->heap,
ashleymills 0:714293de3836 7213 DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 7214 if (ssl->buffers.serverDH_G.buffer)
ashleymills 0:714293de3836 7215 ssl->buffers.serverDH_G.length = length;
ashleymills 0:714293de3836 7216 else
ashleymills 0:714293de3836 7217 return MEMORY_ERROR;
ashleymills 0:714293de3836 7218 XMEMCPY(ssl->buffers.serverDH_G.buffer, &input[*inOutIdx], length);
ashleymills 0:714293de3836 7219 *inOutIdx += length;
ashleymills 0:714293de3836 7220
ashleymills 0:714293de3836 7221 /* pub */
ashleymills 0:714293de3836 7222 ato16(&input[*inOutIdx], &length);
ashleymills 0:714293de3836 7223 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 7224
ashleymills 0:714293de3836 7225 ssl->buffers.serverDH_Pub.buffer = (byte*) XMALLOC(length, ssl->heap,
ashleymills 0:714293de3836 7226 DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 7227 if (ssl->buffers.serverDH_Pub.buffer)
ashleymills 0:714293de3836 7228 ssl->buffers.serverDH_Pub.length = length;
ashleymills 0:714293de3836 7229 else
ashleymills 0:714293de3836 7230 return MEMORY_ERROR;
ashleymills 0:714293de3836 7231 XMEMCPY(ssl->buffers.serverDH_Pub.buffer, &input[*inOutIdx], length);
ashleymills 0:714293de3836 7232 *inOutIdx += length;
ashleymills 0:714293de3836 7233 } /* dh_kea */
ashleymills 0:714293de3836 7234 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 7235
ashleymills 0:714293de3836 7236 #ifdef HAVE_ECC
ashleymills 0:714293de3836 7237 if (ssl->specs.kea == ecc_diffie_hellman_kea)
ashleymills 0:714293de3836 7238 {
ashleymills 0:714293de3836 7239 byte b = input[*inOutIdx];
ashleymills 0:714293de3836 7240 *inOutIdx += 1;
ashleymills 0:714293de3836 7241
ashleymills 0:714293de3836 7242 if (b != named_curve)
ashleymills 0:714293de3836 7243 return ECC_CURVETYPE_ERROR;
ashleymills 0:714293de3836 7244
ashleymills 0:714293de3836 7245 *inOutIdx += 1; /* curve type, eat leading 0 */
ashleymills 0:714293de3836 7246 b = input[*inOutIdx];
ashleymills 0:714293de3836 7247 *inOutIdx += 1;
ashleymills 0:714293de3836 7248
ashleymills 0:714293de3836 7249 if (b != secp256r1 && b != secp384r1 && b != secp521r1 && b !=
ashleymills 0:714293de3836 7250 secp160r1 && b != secp192r1 && b != secp224r1)
ashleymills 0:714293de3836 7251 return ECC_CURVE_ERROR;
ashleymills 0:714293de3836 7252
ashleymills 0:714293de3836 7253 length = input[*inOutIdx];
ashleymills 0:714293de3836 7254 *inOutIdx += 1;
ashleymills 0:714293de3836 7255
ashleymills 0:714293de3836 7256 if (ecc_import_x963(&input[*inOutIdx], length, ssl->peerEccKey) != 0)
ashleymills 0:714293de3836 7257 return ECC_PEERKEY_ERROR;
ashleymills 0:714293de3836 7258
ashleymills 0:714293de3836 7259 *inOutIdx += length;
ashleymills 0:714293de3836 7260 ssl->peerEccKeyPresent = 1;
ashleymills 0:714293de3836 7261 }
ashleymills 0:714293de3836 7262 #endif /* HAVE_ECC */
ashleymills 0:714293de3836 7263
ashleymills 0:714293de3836 7264 #if defined(OPENSSL_EXTRA) || defined(HAVE_ECC)
ashleymills 0:714293de3836 7265 {
ashleymills 0:714293de3836 7266 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 7267 Md5 md5;
ashleymills 0:714293de3836 7268 Sha sha;
ashleymills 0:714293de3836 7269 #endif
ashleymills 0:714293de3836 7270 byte hash[FINISHED_SZ];
ashleymills 0:714293de3836 7271 #ifndef NO_SHA256
ashleymills 0:714293de3836 7272 Sha256 sha256;
ashleymills 0:714293de3836 7273 byte hash256[SHA256_DIGEST_SIZE];
ashleymills 0:714293de3836 7274 #endif
ashleymills 0:714293de3836 7275 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 7276 Sha384 sha384;
ashleymills 0:714293de3836 7277 byte hash384[SHA384_DIGEST_SIZE];
ashleymills 0:714293de3836 7278 #endif
ashleymills 0:714293de3836 7279 byte messageVerify[MAX_DH_SZ];
ashleymills 0:714293de3836 7280 byte hashAlgo = sha_mac;
ashleymills 0:714293de3836 7281 byte sigAlgo = ssl->specs.sig_algo;
ashleymills 0:714293de3836 7282
ashleymills 0:714293de3836 7283 /* adjust from start idx */
ashleymills 0:714293de3836 7284 verifySz = (word16)(*inOutIdx - verifySz);
ashleymills 0:714293de3836 7285
ashleymills 0:714293de3836 7286 /* save message for hash verify */
ashleymills 0:714293de3836 7287 if (verifySz > sizeof(messageVerify))
ashleymills 0:714293de3836 7288 return BUFFER_ERROR;
ashleymills 0:714293de3836 7289 XMEMCPY(messageVerify, &input[*inOutIdx - verifySz], verifySz);
ashleymills 0:714293de3836 7290
ashleymills 0:714293de3836 7291 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 7292 hashAlgo = input[*inOutIdx];
ashleymills 0:714293de3836 7293 *inOutIdx += 1;
ashleymills 0:714293de3836 7294 sigAlgo = input[*inOutIdx];
ashleymills 0:714293de3836 7295 *inOutIdx += 1;
ashleymills 0:714293de3836 7296 }
ashleymills 0:714293de3836 7297
ashleymills 0:714293de3836 7298 /* signature */
ashleymills 0:714293de3836 7299 ato16(&input[*inOutIdx], &length);
ashleymills 0:714293de3836 7300 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 7301
ashleymills 0:714293de3836 7302 signature = (byte*)&input[*inOutIdx];
ashleymills 0:714293de3836 7303 *inOutIdx += length;
ashleymills 0:714293de3836 7304 sigLen = length;
ashleymills 0:714293de3836 7305
ashleymills 0:714293de3836 7306 /* verify signature */
ashleymills 0:714293de3836 7307 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 7308 /* md5 */
ashleymills 0:714293de3836 7309 InitMd5(&md5);
ashleymills 0:714293de3836 7310 Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 7311 Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 7312 Md5Update(&md5, messageVerify, verifySz);
ashleymills 0:714293de3836 7313 Md5Final(&md5, hash);
ashleymills 0:714293de3836 7314
ashleymills 0:714293de3836 7315 /* sha */
ashleymills 0:714293de3836 7316 InitSha(&sha);
ashleymills 0:714293de3836 7317 ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 7318 ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 7319 ShaUpdate(&sha, messageVerify, verifySz);
ashleymills 0:714293de3836 7320 ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
ashleymills 0:714293de3836 7321 #endif
ashleymills 0:714293de3836 7322 #ifndef NO_SHA256
ashleymills 0:714293de3836 7323 InitSha256(&sha256);
ashleymills 0:714293de3836 7324 Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 7325 Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 7326 Sha256Update(&sha256, messageVerify, verifySz);
ashleymills 0:714293de3836 7327 Sha256Final(&sha256, hash256);
ashleymills 0:714293de3836 7328 #endif
ashleymills 0:714293de3836 7329
ashleymills 0:714293de3836 7330 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 7331 InitSha384(&sha384);
ashleymills 0:714293de3836 7332 Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 7333 Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 7334 Sha384Update(&sha384, messageVerify, verifySz);
ashleymills 0:714293de3836 7335 Sha384Final(&sha384, hash384);
ashleymills 0:714293de3836 7336 #endif
ashleymills 0:714293de3836 7337 #ifndef NO_RSA
ashleymills 0:714293de3836 7338 /* rsa */
ashleymills 0:714293de3836 7339 if (sigAlgo == rsa_sa_algo)
ashleymills 0:714293de3836 7340 {
ashleymills 0:714293de3836 7341 int ret;
ashleymills 0:714293de3836 7342 byte* out;
ashleymills 0:714293de3836 7343
ashleymills 0:714293de3836 7344 if (!ssl->peerRsaKeyPresent)
ashleymills 0:714293de3836 7345 return NO_PEER_KEY;
ashleymills 0:714293de3836 7346
ashleymills 0:714293de3836 7347 ret = RsaSSL_VerifyInline(signature, sigLen,&out, ssl->peerRsaKey);
ashleymills 0:714293de3836 7348
ashleymills 0:714293de3836 7349 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 7350 byte encodedSig[MAX_ENCODED_SIG_SZ];
ashleymills 0:714293de3836 7351 word32 encSigSz;
ashleymills 0:714293de3836 7352 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 7353 byte* digest = &hash[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 7354 int typeH = SHAh;
ashleymills 0:714293de3836 7355 int digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 7356 #else
ashleymills 0:714293de3836 7357 byte* digest = hash256;
ashleymills 0:714293de3836 7358 int typeH = SHA256h;
ashleymills 0:714293de3836 7359 int digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 7360 #endif
ashleymills 0:714293de3836 7361
ashleymills 0:714293de3836 7362 if (hashAlgo == sha_mac) {
ashleymills 0:714293de3836 7363 #ifndef NO_SHA
ashleymills 0:714293de3836 7364 digest = &hash[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 7365 typeH = SHAh;
ashleymills 0:714293de3836 7366 digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 7367 #endif
ashleymills 0:714293de3836 7368 }
ashleymills 0:714293de3836 7369 else if (hashAlgo == sha256_mac) {
ashleymills 0:714293de3836 7370 #ifndef NO_SHA256
ashleymills 0:714293de3836 7371 digest = hash256;
ashleymills 0:714293de3836 7372 typeH = SHA256h;
ashleymills 0:714293de3836 7373 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 7374 #endif
ashleymills 0:714293de3836 7375 }
ashleymills 0:714293de3836 7376 else if (hashAlgo == sha384_mac) {
ashleymills 0:714293de3836 7377 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 7378 digest = hash384;
ashleymills 0:714293de3836 7379 typeH = SHA384h;
ashleymills 0:714293de3836 7380 digestSz = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 7381 #endif
ashleymills 0:714293de3836 7382 }
ashleymills 0:714293de3836 7383
ashleymills 0:714293de3836 7384 encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
ashleymills 0:714293de3836 7385
ashleymills 0:714293de3836 7386 if (encSigSz != (word32)ret || XMEMCMP(out, encodedSig,
ashleymills 0:714293de3836 7387 min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
ashleymills 0:714293de3836 7388 return VERIFY_SIGN_ERROR;
ashleymills 0:714293de3836 7389 }
ashleymills 0:714293de3836 7390 else {
ashleymills 0:714293de3836 7391 if (ret != sizeof(hash) || XMEMCMP(out, hash,sizeof(hash)) != 0)
ashleymills 0:714293de3836 7392 return VERIFY_SIGN_ERROR;
ashleymills 0:714293de3836 7393 }
ashleymills 0:714293de3836 7394 } else
ashleymills 0:714293de3836 7395 #endif
ashleymills 0:714293de3836 7396 #ifdef HAVE_ECC
ashleymills 0:714293de3836 7397 /* ecdsa */
ashleymills 0:714293de3836 7398 if (sigAlgo == ecc_dsa_sa_algo) {
ashleymills 0:714293de3836 7399 int verify = 0, ret;
ashleymills 0:714293de3836 7400 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 7401 byte* digest = &hash[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 7402 word32 digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 7403 #else
ashleymills 0:714293de3836 7404 byte* digest = hash256;
ashleymills 0:714293de3836 7405 word32 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 7406 #endif
ashleymills 0:714293de3836 7407 if (!ssl->peerEccDsaKeyPresent)
ashleymills 0:714293de3836 7408 return NO_PEER_KEY;
ashleymills 0:714293de3836 7409
ashleymills 0:714293de3836 7410 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 7411 if (hashAlgo == sha_mac) {
ashleymills 0:714293de3836 7412 #ifndef NO_SHA
ashleymills 0:714293de3836 7413 digest = &hash[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 7414 digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 7415 #endif
ashleymills 0:714293de3836 7416 }
ashleymills 0:714293de3836 7417 else if (hashAlgo == sha256_mac) {
ashleymills 0:714293de3836 7418 #ifndef NO_SHA256
ashleymills 0:714293de3836 7419 digest = hash256;
ashleymills 0:714293de3836 7420 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 7421 #endif
ashleymills 0:714293de3836 7422 }
ashleymills 0:714293de3836 7423 else if (hashAlgo == sha384_mac) {
ashleymills 0:714293de3836 7424 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 7425 digest = hash384;
ashleymills 0:714293de3836 7426 digestSz = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 7427 #endif
ashleymills 0:714293de3836 7428 }
ashleymills 0:714293de3836 7429 }
ashleymills 0:714293de3836 7430
ashleymills 0:714293de3836 7431 ret = ecc_verify_hash(signature, sigLen, digest, digestSz,
ashleymills 0:714293de3836 7432 &verify, ssl->peerEccDsaKey);
ashleymills 0:714293de3836 7433 if (ret != 0 || verify == 0)
ashleymills 0:714293de3836 7434 return VERIFY_SIGN_ERROR;
ashleymills 0:714293de3836 7435 }
ashleymills 0:714293de3836 7436 else
ashleymills 0:714293de3836 7437 #endif /* HAVE_ECC */
ashleymills 0:714293de3836 7438 return ALGO_ID_E;
ashleymills 0:714293de3836 7439
ashleymills 0:714293de3836 7440 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
ashleymills 0:714293de3836 7441
ashleymills 0:714293de3836 7442 return 0;
ashleymills 0:714293de3836 7443
ashleymills 0:714293de3836 7444 }
ashleymills 0:714293de3836 7445 #else /* HAVE_OPENSSL or HAVE_ECC */
ashleymills 0:714293de3836 7446 return NOT_COMPILED_IN; /* not supported by build */
ashleymills 0:714293de3836 7447 #endif /* HAVE_OPENSSL or HAVE_ECC */
ashleymills 0:714293de3836 7448 }
ashleymills 0:714293de3836 7449
ashleymills 0:714293de3836 7450
ashleymills 0:714293de3836 7451 int SendClientKeyExchange(CYASSL* ssl)
ashleymills 0:714293de3836 7452 {
ashleymills 0:714293de3836 7453 byte encSecret[MAX_ENCRYPT_SZ];
ashleymills 0:714293de3836 7454 word32 encSz = 0;
ashleymills 0:714293de3836 7455 word32 idx = 0;
ashleymills 0:714293de3836 7456 int ret = 0;
ashleymills 0:714293de3836 7457
ashleymills 0:714293de3836 7458 switch (ssl->specs.kea) {
ashleymills 0:714293de3836 7459 #ifndef NO_RSA
ashleymills 0:714293de3836 7460 case rsa_kea:
ashleymills 0:714293de3836 7461 RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
ashleymills 0:714293de3836 7462 SECRET_LEN);
ashleymills 0:714293de3836 7463 ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
ashleymills 0:714293de3836 7464 ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
ashleymills 0:714293de3836 7465 ssl->arrays->preMasterSz = SECRET_LEN;
ashleymills 0:714293de3836 7466
ashleymills 0:714293de3836 7467 if (ssl->peerRsaKeyPresent == 0)
ashleymills 0:714293de3836 7468 return NO_PEER_KEY;
ashleymills 0:714293de3836 7469
ashleymills 0:714293de3836 7470 ret = RsaPublicEncrypt(ssl->arrays->preMasterSecret, SECRET_LEN,
ashleymills 0:714293de3836 7471 encSecret, sizeof(encSecret), ssl->peerRsaKey,
ashleymills 0:714293de3836 7472 ssl->rng);
ashleymills 0:714293de3836 7473 if (ret > 0) {
ashleymills 0:714293de3836 7474 encSz = ret;
ashleymills 0:714293de3836 7475 ret = 0; /* set success to 0 */
ashleymills 0:714293de3836 7476 }
ashleymills 0:714293de3836 7477 break;
ashleymills 0:714293de3836 7478 #endif
ashleymills 0:714293de3836 7479 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 7480 case diffie_hellman_kea:
ashleymills 0:714293de3836 7481 {
ashleymills 0:714293de3836 7482 buffer serverP = ssl->buffers.serverDH_P;
ashleymills 0:714293de3836 7483 buffer serverG = ssl->buffers.serverDH_G;
ashleymills 0:714293de3836 7484 buffer serverPub = ssl->buffers.serverDH_Pub;
ashleymills 0:714293de3836 7485 byte priv[ENCRYPT_LEN];
ashleymills 0:714293de3836 7486 word32 privSz = 0;
ashleymills 0:714293de3836 7487 DhKey key;
ashleymills 0:714293de3836 7488
ashleymills 0:714293de3836 7489 if (serverP.buffer == 0 || serverG.buffer == 0 ||
ashleymills 0:714293de3836 7490 serverPub.buffer == 0)
ashleymills 0:714293de3836 7491 return NO_PEER_KEY;
ashleymills 0:714293de3836 7492
ashleymills 0:714293de3836 7493 InitDhKey(&key);
ashleymills 0:714293de3836 7494 ret = DhSetKey(&key, serverP.buffer, serverP.length,
ashleymills 0:714293de3836 7495 serverG.buffer, serverG.length);
ashleymills 0:714293de3836 7496 if (ret == 0)
ashleymills 0:714293de3836 7497 /* for DH, encSecret is Yc, agree is pre-master */
ashleymills 0:714293de3836 7498 ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz,
ashleymills 0:714293de3836 7499 encSecret, &encSz);
ashleymills 0:714293de3836 7500 if (ret == 0)
ashleymills 0:714293de3836 7501 ret = DhAgree(&key, ssl->arrays->preMasterSecret,
ashleymills 0:714293de3836 7502 &ssl->arrays->preMasterSz, priv, privSz,
ashleymills 0:714293de3836 7503 serverPub.buffer, serverPub.length);
ashleymills 0:714293de3836 7504 FreeDhKey(&key);
ashleymills 0:714293de3836 7505 }
ashleymills 0:714293de3836 7506 break;
ashleymills 0:714293de3836 7507 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 7508 #ifndef NO_PSK
ashleymills 0:714293de3836 7509 case psk_kea:
ashleymills 0:714293de3836 7510 {
ashleymills 0:714293de3836 7511 byte* pms = ssl->arrays->preMasterSecret;
ashleymills 0:714293de3836 7512
ashleymills 0:714293de3836 7513 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
ashleymills 0:714293de3836 7514 ssl->arrays->server_hint, ssl->arrays->client_identity,
ashleymills 0:714293de3836 7515 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
ashleymills 0:714293de3836 7516 if (ssl->arrays->psk_keySz == 0 ||
ashleymills 0:714293de3836 7517 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
ashleymills 0:714293de3836 7518 return PSK_KEY_ERROR;
ashleymills 0:714293de3836 7519 encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
ashleymills 0:714293de3836 7520 if (encSz > MAX_PSK_ID_LEN) return CLIENT_ID_ERROR;
ashleymills 0:714293de3836 7521 XMEMCPY(encSecret, ssl->arrays->client_identity, encSz);
ashleymills 0:714293de3836 7522
ashleymills 0:714293de3836 7523 /* make psk pre master secret */
ashleymills 0:714293de3836 7524 /* length of key + length 0s + length of key + key */
ashleymills 0:714293de3836 7525 c16toa((word16)ssl->arrays->psk_keySz, pms);
ashleymills 0:714293de3836 7526 pms += 2;
ashleymills 0:714293de3836 7527 XMEMSET(pms, 0, ssl->arrays->psk_keySz);
ashleymills 0:714293de3836 7528 pms += ssl->arrays->psk_keySz;
ashleymills 0:714293de3836 7529 c16toa((word16)ssl->arrays->psk_keySz, pms);
ashleymills 0:714293de3836 7530 pms += 2;
ashleymills 0:714293de3836 7531 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ashleymills 0:714293de3836 7532 ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
ashleymills 0:714293de3836 7533 XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ashleymills 0:714293de3836 7534 ssl->arrays->psk_keySz = 0; /* No further need */
ashleymills 0:714293de3836 7535 }
ashleymills 0:714293de3836 7536 break;
ashleymills 0:714293de3836 7537 #endif /* NO_PSK */
ashleymills 0:714293de3836 7538 #ifdef HAVE_NTRU
ashleymills 0:714293de3836 7539 case ntru_kea:
ashleymills 0:714293de3836 7540 {
ashleymills 0:714293de3836 7541 word32 rc;
ashleymills 0:714293de3836 7542 word16 cipherLen = sizeof(encSecret);
ashleymills 0:714293de3836 7543 DRBG_HANDLE drbg;
ashleymills 0:714293de3836 7544 static uint8_t const cyasslStr[] = {
ashleymills 0:714293de3836 7545 'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
ashleymills 0:714293de3836 7546 };
ashleymills 0:714293de3836 7547
ashleymills 0:714293de3836 7548 RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
ashleymills 0:714293de3836 7549 SECRET_LEN);
ashleymills 0:714293de3836 7550 ssl->arrays->preMasterSz = SECRET_LEN;
ashleymills 0:714293de3836 7551
ashleymills 0:714293de3836 7552 if (ssl->peerNtruKeyPresent == 0)
ashleymills 0:714293de3836 7553 return NO_PEER_KEY;
ashleymills 0:714293de3836 7554
ashleymills 0:714293de3836 7555 rc = crypto_drbg_instantiate(MAX_NTRU_BITS, cyasslStr,
ashleymills 0:714293de3836 7556 sizeof(cyasslStr), GetEntropy,
ashleymills 0:714293de3836 7557 &drbg);
ashleymills 0:714293de3836 7558 if (rc != DRBG_OK)
ashleymills 0:714293de3836 7559 return NTRU_DRBG_ERROR;
ashleymills 0:714293de3836 7560
ashleymills 0:714293de3836 7561 rc = crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
ashleymills 0:714293de3836 7562 ssl->peerNtruKey,
ashleymills 0:714293de3836 7563 ssl->arrays->preMasterSz,
ashleymills 0:714293de3836 7564 ssl->arrays->preMasterSecret,
ashleymills 0:714293de3836 7565 &cipherLen, encSecret);
ashleymills 0:714293de3836 7566 crypto_drbg_uninstantiate(drbg);
ashleymills 0:714293de3836 7567 if (rc != NTRU_OK)
ashleymills 0:714293de3836 7568 return NTRU_ENCRYPT_ERROR;
ashleymills 0:714293de3836 7569
ashleymills 0:714293de3836 7570 encSz = cipherLen;
ashleymills 0:714293de3836 7571 ret = 0;
ashleymills 0:714293de3836 7572 }
ashleymills 0:714293de3836 7573 break;
ashleymills 0:714293de3836 7574 #endif /* HAVE_NTRU */
ashleymills 0:714293de3836 7575 #ifdef HAVE_ECC
ashleymills 0:714293de3836 7576 case ecc_diffie_hellman_kea:
ashleymills 0:714293de3836 7577 {
ashleymills 0:714293de3836 7578 ecc_key myKey;
ashleymills 0:714293de3836 7579 ecc_key* peerKey = &myKey;
ashleymills 0:714293de3836 7580 word32 size = sizeof(encSecret);
ashleymills 0:714293de3836 7581
ashleymills 0:714293de3836 7582 if (ssl->specs.static_ecdh) {
ashleymills 0:714293de3836 7583 /* TODO: EccDsa is really fixed Ecc change naming */
ashleymills 0:714293de3836 7584 if (!ssl->peerEccDsaKeyPresent || !ssl->peerEccDsaKey->dp)
ashleymills 0:714293de3836 7585 return NO_PEER_KEY;
ashleymills 0:714293de3836 7586 peerKey = ssl->peerEccDsaKey;
ashleymills 0:714293de3836 7587 }
ashleymills 0:714293de3836 7588 else {
ashleymills 0:714293de3836 7589 if (!ssl->peerEccKeyPresent || !ssl->peerEccKey->dp)
ashleymills 0:714293de3836 7590 return NO_PEER_KEY;
ashleymills 0:714293de3836 7591 peerKey = ssl->peerEccKey;
ashleymills 0:714293de3836 7592 }
ashleymills 0:714293de3836 7593
ashleymills 0:714293de3836 7594 ecc_init(&myKey);
ashleymills 0:714293de3836 7595 ret = ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
ashleymills 0:714293de3836 7596 if (ret != 0)
ashleymills 0:714293de3836 7597 return ECC_MAKEKEY_ERROR;
ashleymills 0:714293de3836 7598
ashleymills 0:714293de3836 7599 /* precede export with 1 byte length */
ashleymills 0:714293de3836 7600 ret = ecc_export_x963(&myKey, encSecret + 1, &size);
ashleymills 0:714293de3836 7601 encSecret[0] = (byte)size;
ashleymills 0:714293de3836 7602 encSz = size + 1;
ashleymills 0:714293de3836 7603
ashleymills 0:714293de3836 7604 if (ret != 0)
ashleymills 0:714293de3836 7605 ret = ECC_EXPORT_ERROR;
ashleymills 0:714293de3836 7606 else {
ashleymills 0:714293de3836 7607 size = sizeof(ssl->arrays->preMasterSecret);
ashleymills 0:714293de3836 7608 ret = ecc_shared_secret(&myKey, peerKey,
ashleymills 0:714293de3836 7609 ssl->arrays->preMasterSecret, &size);
ashleymills 0:714293de3836 7610 if (ret != 0)
ashleymills 0:714293de3836 7611 ret = ECC_SHARED_ERROR;
ashleymills 0:714293de3836 7612 }
ashleymills 0:714293de3836 7613
ashleymills 0:714293de3836 7614 ssl->arrays->preMasterSz = size;
ashleymills 0:714293de3836 7615 ecc_free(&myKey);
ashleymills 0:714293de3836 7616 }
ashleymills 0:714293de3836 7617 break;
ashleymills 0:714293de3836 7618 #endif /* HAVE_ECC */
ashleymills 0:714293de3836 7619 default:
ashleymills 0:714293de3836 7620 return ALGO_ID_E; /* unsupported kea */
ashleymills 0:714293de3836 7621 }
ashleymills 0:714293de3836 7622
ashleymills 0:714293de3836 7623 if (ret == 0) {
ashleymills 0:714293de3836 7624 byte *output;
ashleymills 0:714293de3836 7625 int sendSz;
ashleymills 0:714293de3836 7626 word32 tlsSz = 0;
ashleymills 0:714293de3836 7627
ashleymills 0:714293de3836 7628 if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea)
ashleymills 0:714293de3836 7629 tlsSz = 2;
ashleymills 0:714293de3836 7630
ashleymills 0:714293de3836 7631 if (ssl->specs.kea == ecc_diffie_hellman_kea) /* always off */
ashleymills 0:714293de3836 7632 tlsSz = 0;
ashleymills 0:714293de3836 7633
ashleymills 0:714293de3836 7634 sendSz = encSz + tlsSz + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
ashleymills 0:714293de3836 7635 idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
ashleymills 0:714293de3836 7636
ashleymills 0:714293de3836 7637 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 7638 if (ssl->options.dtls) {
ashleymills 0:714293de3836 7639 sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 7640 idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
ashleymills 0:714293de3836 7641 }
ashleymills 0:714293de3836 7642 #endif
ashleymills 0:714293de3836 7643
ashleymills 0:714293de3836 7644 /* check for available size */
ashleymills 0:714293de3836 7645 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
ashleymills 0:714293de3836 7646 return ret;
ashleymills 0:714293de3836 7647
ashleymills 0:714293de3836 7648 /* get ouput buffer */
ashleymills 0:714293de3836 7649 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 7650 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 7651
ashleymills 0:714293de3836 7652 AddHeaders(output, encSz + tlsSz, client_key_exchange, ssl);
ashleymills 0:714293de3836 7653
ashleymills 0:714293de3836 7654 if (tlsSz) {
ashleymills 0:714293de3836 7655 c16toa((word16)encSz, &output[idx]);
ashleymills 0:714293de3836 7656 idx += 2;
ashleymills 0:714293de3836 7657 }
ashleymills 0:714293de3836 7658 XMEMCPY(output + idx, encSecret, encSz);
ashleymills 0:714293de3836 7659 /* if add more to output, adjust idx
ashleymills 0:714293de3836 7660 idx += encSz; */
ashleymills 0:714293de3836 7661 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 7662 if (ssl->options.dtls) {
ashleymills 0:714293de3836 7663 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 7664 return ret;
ashleymills 0:714293de3836 7665 }
ashleymills 0:714293de3836 7666 #endif
ashleymills 0:714293de3836 7667 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 7668
ashleymills 0:714293de3836 7669 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 7670 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 7671 AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
ashleymills 0:714293de3836 7672 if (ssl->toInfoOn)
ashleymills 0:714293de3836 7673 AddPacketInfo("ClientKeyExchange", &ssl->timeoutInfo,
ashleymills 0:714293de3836 7674 output, sendSz, ssl->heap);
ashleymills 0:714293de3836 7675 #endif
ashleymills 0:714293de3836 7676
ashleymills 0:714293de3836 7677 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 7678
ashleymills 0:714293de3836 7679 if (ssl->options.groupMessages)
ashleymills 0:714293de3836 7680 ret = 0;
ashleymills 0:714293de3836 7681 else
ashleymills 0:714293de3836 7682 ret = SendBuffered(ssl);
ashleymills 0:714293de3836 7683 }
ashleymills 0:714293de3836 7684
ashleymills 0:714293de3836 7685 if (ret == 0 || ret == WANT_WRITE) {
ashleymills 0:714293de3836 7686 int tmpRet = MakeMasterSecret(ssl);
ashleymills 0:714293de3836 7687 if (tmpRet != 0)
ashleymills 0:714293de3836 7688 ret = tmpRet; /* save WANT_WRITE unless more serious */
ashleymills 0:714293de3836 7689 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
ashleymills 0:714293de3836 7690 }
ashleymills 0:714293de3836 7691 /* No further need for PMS */
ashleymills 0:714293de3836 7692 XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ashleymills 0:714293de3836 7693 ssl->arrays->preMasterSz = 0;
ashleymills 0:714293de3836 7694
ashleymills 0:714293de3836 7695 return ret;
ashleymills 0:714293de3836 7696 }
ashleymills 0:714293de3836 7697
ashleymills 0:714293de3836 7698 #ifndef NO_CERTS
ashleymills 0:714293de3836 7699 int SendCertificateVerify(CYASSL* ssl)
ashleymills 0:714293de3836 7700 {
ashleymills 0:714293de3836 7701 byte *output;
ashleymills 0:714293de3836 7702 int sendSz = 0, length, ret;
ashleymills 0:714293de3836 7703 word32 idx = 0;
ashleymills 0:714293de3836 7704 word32 sigOutSz = 0;
ashleymills 0:714293de3836 7705 #ifndef NO_RSA
ashleymills 0:714293de3836 7706 RsaKey key;
ashleymills 0:714293de3836 7707 #endif
ashleymills 0:714293de3836 7708 int usingEcc = 0;
ashleymills 0:714293de3836 7709 #ifdef HAVE_ECC
ashleymills 0:714293de3836 7710 ecc_key eccKey;
ashleymills 0:714293de3836 7711 #endif
ashleymills 0:714293de3836 7712
ashleymills 0:714293de3836 7713 (void)idx;
ashleymills 0:714293de3836 7714
ashleymills 0:714293de3836 7715 if (ssl->options.sendVerify == SEND_BLANK_CERT)
ashleymills 0:714293de3836 7716 return 0; /* sent blank cert, can't verify */
ashleymills 0:714293de3836 7717
ashleymills 0:714293de3836 7718 /* check for available size */
ashleymills 0:714293de3836 7719 if ((ret = CheckAvailableSize(ssl, MAX_CERT_VERIFY_SZ)) != 0)
ashleymills 0:714293de3836 7720 return ret;
ashleymills 0:714293de3836 7721
ashleymills 0:714293de3836 7722 /* get ouput buffer */
ashleymills 0:714293de3836 7723 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 7724 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 7725
ashleymills 0:714293de3836 7726 BuildCertHashes(ssl, &ssl->certHashes);
ashleymills 0:714293de3836 7727
ashleymills 0:714293de3836 7728 #ifdef HAVE_ECC
ashleymills 0:714293de3836 7729 ecc_init(&eccKey);
ashleymills 0:714293de3836 7730 #endif
ashleymills 0:714293de3836 7731 #ifndef NO_RSA
ashleymills 0:714293de3836 7732 InitRsaKey(&key, ssl->heap);
ashleymills 0:714293de3836 7733 ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &key,
ashleymills 0:714293de3836 7734 ssl->buffers.key.length);
ashleymills 0:714293de3836 7735 if (ret == 0)
ashleymills 0:714293de3836 7736 sigOutSz = RsaEncryptSize(&key);
ashleymills 0:714293de3836 7737 else
ashleymills 0:714293de3836 7738 #endif
ashleymills 0:714293de3836 7739 {
ashleymills 0:714293de3836 7740 #ifdef HAVE_ECC
ashleymills 0:714293de3836 7741 CYASSL_MSG("Trying ECC client cert, RSA didn't work");
ashleymills 0:714293de3836 7742
ashleymills 0:714293de3836 7743 idx = 0;
ashleymills 0:714293de3836 7744 ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &idx, &eccKey,
ashleymills 0:714293de3836 7745 ssl->buffers.key.length);
ashleymills 0:714293de3836 7746 if (ret == 0) {
ashleymills 0:714293de3836 7747 CYASSL_MSG("Using ECC client cert");
ashleymills 0:714293de3836 7748 usingEcc = 1;
ashleymills 0:714293de3836 7749 sigOutSz = MAX_ENCODED_SIG_SZ;
ashleymills 0:714293de3836 7750 }
ashleymills 0:714293de3836 7751 else {
ashleymills 0:714293de3836 7752 CYASSL_MSG("Bad client cert type");
ashleymills 0:714293de3836 7753 }
ashleymills 0:714293de3836 7754 #endif
ashleymills 0:714293de3836 7755 }
ashleymills 0:714293de3836 7756 if (ret == 0) {
ashleymills 0:714293de3836 7757 byte* verify = (byte*)&output[RECORD_HEADER_SZ +
ashleymills 0:714293de3836 7758 HANDSHAKE_HEADER_SZ];
ashleymills 0:714293de3836 7759 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 7760 byte* signBuffer = ssl->certHashes.md5;
ashleymills 0:714293de3836 7761 #else
ashleymills 0:714293de3836 7762 byte* signBuffer = NULL;
ashleymills 0:714293de3836 7763 #endif
ashleymills 0:714293de3836 7764 word32 signSz = FINISHED_SZ;
ashleymills 0:714293de3836 7765 byte encodedSig[MAX_ENCODED_SIG_SZ];
ashleymills 0:714293de3836 7766 word32 extraSz = 0; /* tls 1.2 hash/sig */
ashleymills 0:714293de3836 7767
ashleymills 0:714293de3836 7768 (void)encodedSig;
ashleymills 0:714293de3836 7769 (void)signSz;
ashleymills 0:714293de3836 7770 (void)signBuffer;
ashleymills 0:714293de3836 7771
ashleymills 0:714293de3836 7772 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 7773 if (ssl->options.dtls)
ashleymills 0:714293de3836 7774 verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 7775 #endif
ashleymills 0:714293de3836 7776 length = sigOutSz;
ashleymills 0:714293de3836 7777 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 7778 verify[0] = ssl->suites->hashAlgo;
ashleymills 0:714293de3836 7779 verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo;
ashleymills 0:714293de3836 7780 extraSz = HASH_SIG_SIZE;
ashleymills 0:714293de3836 7781 }
ashleymills 0:714293de3836 7782
ashleymills 0:714293de3836 7783 if (usingEcc) {
ashleymills 0:714293de3836 7784 #ifdef HAVE_ECC
ashleymills 0:714293de3836 7785 word32 localSz = MAX_ENCODED_SIG_SZ;
ashleymills 0:714293de3836 7786 word32 digestSz;
ashleymills 0:714293de3836 7787 byte* digest;
ashleymills 0:714293de3836 7788 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 7789 /* old tls default */
ashleymills 0:714293de3836 7790 digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 7791 digest = ssl->certHashes.sha;
ashleymills 0:714293de3836 7792 #else
ashleymills 0:714293de3836 7793 /* new tls default */
ashleymills 0:714293de3836 7794 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 7795 digest = ssl->certHashes.sha256;
ashleymills 0:714293de3836 7796 #endif
ashleymills 0:714293de3836 7797
ashleymills 0:714293de3836 7798 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 7799 if (ssl->suites->hashAlgo == sha_mac) {
ashleymills 0:714293de3836 7800 #ifndef NO_SHA
ashleymills 0:714293de3836 7801 digest = ssl->certHashes.sha;
ashleymills 0:714293de3836 7802 digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 7803 #endif
ashleymills 0:714293de3836 7804 }
ashleymills 0:714293de3836 7805 else if (ssl->suites->hashAlgo == sha256_mac) {
ashleymills 0:714293de3836 7806 #ifndef NO_SHA256
ashleymills 0:714293de3836 7807 digest = ssl->certHashes.sha256;
ashleymills 0:714293de3836 7808 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 7809 #endif
ashleymills 0:714293de3836 7810 }
ashleymills 0:714293de3836 7811 else if (ssl->suites->hashAlgo == sha384_mac) {
ashleymills 0:714293de3836 7812 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 7813 digest = ssl->certHashes.sha384;
ashleymills 0:714293de3836 7814 digestSz = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 7815 #endif
ashleymills 0:714293de3836 7816 }
ashleymills 0:714293de3836 7817 }
ashleymills 0:714293de3836 7818
ashleymills 0:714293de3836 7819 ret = ecc_sign_hash(digest, digestSz, encodedSig,
ashleymills 0:714293de3836 7820 &localSz, ssl->rng, &eccKey);
ashleymills 0:714293de3836 7821 if (ret == 0) {
ashleymills 0:714293de3836 7822 length = localSz;
ashleymills 0:714293de3836 7823 c16toa((word16)length, verify + extraSz); /* prepend hdr */
ashleymills 0:714293de3836 7824 XMEMCPY(verify + extraSz + VERIFY_HEADER,encodedSig,length);
ashleymills 0:714293de3836 7825 }
ashleymills 0:714293de3836 7826 #endif
ashleymills 0:714293de3836 7827 }
ashleymills 0:714293de3836 7828 #ifndef NO_RSA
ashleymills 0:714293de3836 7829 else {
ashleymills 0:714293de3836 7830 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 7831 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 7832 byte* digest = ssl->certHashes.sha;
ashleymills 0:714293de3836 7833 int digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 7834 int typeH = SHAh;
ashleymills 0:714293de3836 7835 #else
ashleymills 0:714293de3836 7836 byte* digest = ssl->certHashes.sha256;
ashleymills 0:714293de3836 7837 int digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 7838 int typeH = SHA256h;
ashleymills 0:714293de3836 7839 #endif
ashleymills 0:714293de3836 7840
ashleymills 0:714293de3836 7841 if (ssl->suites->hashAlgo == sha_mac) {
ashleymills 0:714293de3836 7842 #ifndef NO_SHA
ashleymills 0:714293de3836 7843 digest = ssl->certHashes.sha;
ashleymills 0:714293de3836 7844 typeH = SHAh;
ashleymills 0:714293de3836 7845 digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 7846 #endif
ashleymills 0:714293de3836 7847 }
ashleymills 0:714293de3836 7848 else if (ssl->suites->hashAlgo == sha256_mac) {
ashleymills 0:714293de3836 7849 #ifndef NO_SHA256
ashleymills 0:714293de3836 7850 digest = ssl->certHashes.sha256;
ashleymills 0:714293de3836 7851 typeH = SHA256h;
ashleymills 0:714293de3836 7852 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 7853 #endif
ashleymills 0:714293de3836 7854 }
ashleymills 0:714293de3836 7855 else if (ssl->suites->hashAlgo == sha384_mac) {
ashleymills 0:714293de3836 7856 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 7857 digest = ssl->certHashes.sha384;
ashleymills 0:714293de3836 7858 typeH = SHA384h;
ashleymills 0:714293de3836 7859 digestSz = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 7860 #endif
ashleymills 0:714293de3836 7861 }
ashleymills 0:714293de3836 7862
ashleymills 0:714293de3836 7863 signSz = EncodeSignature(encodedSig, digest,digestSz,typeH);
ashleymills 0:714293de3836 7864 signBuffer = encodedSig;
ashleymills 0:714293de3836 7865 }
ashleymills 0:714293de3836 7866
ashleymills 0:714293de3836 7867 c16toa((word16)length, verify + extraSz); /* prepend hdr */
ashleymills 0:714293de3836 7868 ret = RsaSSL_Sign(signBuffer, signSz, verify + extraSz +
ashleymills 0:714293de3836 7869 VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng);
ashleymills 0:714293de3836 7870
ashleymills 0:714293de3836 7871 if (ret > 0)
ashleymills 0:714293de3836 7872 ret = 0; /* RSA reset */
ashleymills 0:714293de3836 7873 }
ashleymills 0:714293de3836 7874 #endif
ashleymills 0:714293de3836 7875 if (ret == 0) {
ashleymills 0:714293de3836 7876 AddHeaders(output, length + extraSz + VERIFY_HEADER,
ashleymills 0:714293de3836 7877 certificate_verify, ssl);
ashleymills 0:714293de3836 7878
ashleymills 0:714293de3836 7879 sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + length +
ashleymills 0:714293de3836 7880 extraSz + VERIFY_HEADER;
ashleymills 0:714293de3836 7881 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 7882 if (ssl->options.dtls) {
ashleymills 0:714293de3836 7883 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 7884 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 7885 return ret;
ashleymills 0:714293de3836 7886 }
ashleymills 0:714293de3836 7887 #endif
ashleymills 0:714293de3836 7888 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 7889 }
ashleymills 0:714293de3836 7890 }
ashleymills 0:714293de3836 7891 #ifndef NO_RSA
ashleymills 0:714293de3836 7892 FreeRsaKey(&key);
ashleymills 0:714293de3836 7893 #endif
ashleymills 0:714293de3836 7894 #ifdef HAVE_ECC
ashleymills 0:714293de3836 7895 ecc_free(&eccKey);
ashleymills 0:714293de3836 7896 #endif
ashleymills 0:714293de3836 7897
ashleymills 0:714293de3836 7898 if (ret == 0) {
ashleymills 0:714293de3836 7899 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 7900 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 7901 AddPacketName("CertificateVerify", &ssl->handShakeInfo);
ashleymills 0:714293de3836 7902 if (ssl->toInfoOn)
ashleymills 0:714293de3836 7903 AddPacketInfo("CertificateVerify", &ssl->timeoutInfo,
ashleymills 0:714293de3836 7904 output, sendSz, ssl->heap);
ashleymills 0:714293de3836 7905 #endif
ashleymills 0:714293de3836 7906 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 7907 if (ssl->options.groupMessages)
ashleymills 0:714293de3836 7908 return 0;
ashleymills 0:714293de3836 7909 else
ashleymills 0:714293de3836 7910 return SendBuffered(ssl);
ashleymills 0:714293de3836 7911 }
ashleymills 0:714293de3836 7912 else
ashleymills 0:714293de3836 7913 return ret;
ashleymills 0:714293de3836 7914 }
ashleymills 0:714293de3836 7915 #endif /* NO_CERTS */
ashleymills 0:714293de3836 7916
ashleymills 0:714293de3836 7917
ashleymills 0:714293de3836 7918 #endif /* NO_CYASSL_CLIENT */
ashleymills 0:714293de3836 7919
ashleymills 0:714293de3836 7920
ashleymills 0:714293de3836 7921 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 7922
ashleymills 0:714293de3836 7923 int SendServerHello(CYASSL* ssl)
ashleymills 0:714293de3836 7924 {
ashleymills 0:714293de3836 7925 byte *output;
ashleymills 0:714293de3836 7926 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 7927 int sendSz;
ashleymills 0:714293de3836 7928 int ret;
ashleymills 0:714293de3836 7929
ashleymills 0:714293de3836 7930 length = VERSION_SZ + RAN_LEN
ashleymills 0:714293de3836 7931 + ID_LEN + ENUM_LEN
ashleymills 0:714293de3836 7932 + SUITE_LEN
ashleymills 0:714293de3836 7933 + ENUM_LEN;
ashleymills 0:714293de3836 7934
ashleymills 0:714293de3836 7935 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 7936 length += TLSX_GetResponseSize(ssl);
ashleymills 0:714293de3836 7937 #endif
ashleymills 0:714293de3836 7938
ashleymills 0:714293de3836 7939 /* check for avalaible size */
ashleymills 0:714293de3836 7940 if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)
ashleymills 0:714293de3836 7941 return ret;
ashleymills 0:714293de3836 7942
ashleymills 0:714293de3836 7943 /* get ouput buffer */
ashleymills 0:714293de3836 7944 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 7945 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 7946
ashleymills 0:714293de3836 7947 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
ashleymills 0:714293de3836 7948 AddHeaders(output, length, server_hello, ssl);
ashleymills 0:714293de3836 7949
ashleymills 0:714293de3836 7950 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 7951 if (ssl->options.dtls) {
ashleymills 0:714293de3836 7952 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 7953 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 7954 }
ashleymills 0:714293de3836 7955 #endif
ashleymills 0:714293de3836 7956 /* now write to output */
ashleymills 0:714293de3836 7957 /* first version */
ashleymills 0:714293de3836 7958 output[idx++] = ssl->version.major;
ashleymills 0:714293de3836 7959 output[idx++] = ssl->version.minor;
ashleymills 0:714293de3836 7960
ashleymills 0:714293de3836 7961 /* then random */
ashleymills 0:714293de3836 7962 if (!ssl->options.resuming)
ashleymills 0:714293de3836 7963 RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 7964 XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 7965 idx += RAN_LEN;
ashleymills 0:714293de3836 7966
ashleymills 0:714293de3836 7967 #ifdef SHOW_SECRETS
ashleymills 0:714293de3836 7968 {
ashleymills 0:714293de3836 7969 int j;
ashleymills 0:714293de3836 7970 printf("server random: ");
ashleymills 0:714293de3836 7971 for (j = 0; j < RAN_LEN; j++)
ashleymills 0:714293de3836 7972 printf("%02x", ssl->arrays->serverRandom[j]);
ashleymills 0:714293de3836 7973 printf("\n");
ashleymills 0:714293de3836 7974 }
ashleymills 0:714293de3836 7975 #endif
ashleymills 0:714293de3836 7976 /* then session id */
ashleymills 0:714293de3836 7977 output[idx++] = ID_LEN;
ashleymills 0:714293de3836 7978 if (!ssl->options.resuming)
ashleymills 0:714293de3836 7979 RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN);
ashleymills 0:714293de3836 7980 XMEMCPY(output + idx, ssl->arrays->sessionID, ID_LEN);
ashleymills 0:714293de3836 7981 idx += ID_LEN;
ashleymills 0:714293de3836 7982
ashleymills 0:714293de3836 7983 /* then cipher suite */
ashleymills 0:714293de3836 7984 output[idx++] = ssl->options.cipherSuite0;
ashleymills 0:714293de3836 7985 output[idx++] = ssl->options.cipherSuite;
ashleymills 0:714293de3836 7986
ashleymills 0:714293de3836 7987 /* then compression */
ashleymills 0:714293de3836 7988 if (ssl->options.usingCompression)
ashleymills 0:714293de3836 7989 output[idx++] = ZLIB_COMPRESSION;
ashleymills 0:714293de3836 7990 else
ashleymills 0:714293de3836 7991 output[idx++] = NO_COMPRESSION;
ashleymills 0:714293de3836 7992
ashleymills 0:714293de3836 7993 /* last, extensions */
ashleymills 0:714293de3836 7994 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 7995 if (IsTLS(ssl))
ashleymills 0:714293de3836 7996 TLSX_WriteResponse(ssl, output + idx);
ashleymills 0:714293de3836 7997 #endif
ashleymills 0:714293de3836 7998
ashleymills 0:714293de3836 7999 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 8000 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 8001 if (ssl->options.dtls) {
ashleymills 0:714293de3836 8002 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 8003 return ret;
ashleymills 0:714293de3836 8004 }
ashleymills 0:714293de3836 8005 #endif
ashleymills 0:714293de3836 8006 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 8007
ashleymills 0:714293de3836 8008 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 8009 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 8010 AddPacketName("ServerHello", &ssl->handShakeInfo);
ashleymills 0:714293de3836 8011 if (ssl->toInfoOn)
ashleymills 0:714293de3836 8012 AddPacketInfo("ServerHello", &ssl->timeoutInfo, output, sendSz,
ashleymills 0:714293de3836 8013 ssl->heap);
ashleymills 0:714293de3836 8014 #endif
ashleymills 0:714293de3836 8015
ashleymills 0:714293de3836 8016 ssl->options.serverState = SERVER_HELLO_COMPLETE;
ashleymills 0:714293de3836 8017
ashleymills 0:714293de3836 8018 if (ssl->options.groupMessages)
ashleymills 0:714293de3836 8019 return 0;
ashleymills 0:714293de3836 8020 else
ashleymills 0:714293de3836 8021 return SendBuffered(ssl);
ashleymills 0:714293de3836 8022 }
ashleymills 0:714293de3836 8023
ashleymills 0:714293de3836 8024
ashleymills 0:714293de3836 8025 #ifdef HAVE_ECC
ashleymills 0:714293de3836 8026
ashleymills 0:714293de3836 8027 static byte SetCurveId(int size)
ashleymills 0:714293de3836 8028 {
ashleymills 0:714293de3836 8029 switch(size) {
ashleymills 0:714293de3836 8030 case 20:
ashleymills 0:714293de3836 8031 return secp160r1;
ashleymills 0:714293de3836 8032 break;
ashleymills 0:714293de3836 8033 case 24:
ashleymills 0:714293de3836 8034 return secp192r1;
ashleymills 0:714293de3836 8035 break;
ashleymills 0:714293de3836 8036 case 28:
ashleymills 0:714293de3836 8037 return secp224r1;
ashleymills 0:714293de3836 8038 break;
ashleymills 0:714293de3836 8039 case 32:
ashleymills 0:714293de3836 8040 return secp256r1;
ashleymills 0:714293de3836 8041 break;
ashleymills 0:714293de3836 8042 case 48:
ashleymills 0:714293de3836 8043 return secp384r1;
ashleymills 0:714293de3836 8044 break;
ashleymills 0:714293de3836 8045 case 66:
ashleymills 0:714293de3836 8046 return secp521r1;
ashleymills 0:714293de3836 8047 break;
ashleymills 0:714293de3836 8048 default:
ashleymills 0:714293de3836 8049 return 0;
ashleymills 0:714293de3836 8050 }
ashleymills 0:714293de3836 8051 }
ashleymills 0:714293de3836 8052
ashleymills 0:714293de3836 8053 #endif /* HAVE_ECC */
ashleymills 0:714293de3836 8054
ashleymills 0:714293de3836 8055
ashleymills 0:714293de3836 8056 int SendServerKeyExchange(CYASSL* ssl)
ashleymills 0:714293de3836 8057 {
ashleymills 0:714293de3836 8058 int ret = 0;
ashleymills 0:714293de3836 8059 (void)ssl;
ashleymills 0:714293de3836 8060
ashleymills 0:714293de3836 8061 #ifndef NO_PSK
ashleymills 0:714293de3836 8062 if (ssl->specs.kea == psk_kea)
ashleymills 0:714293de3836 8063 {
ashleymills 0:714293de3836 8064 byte *output;
ashleymills 0:714293de3836 8065 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 8066 int sendSz;
ashleymills 0:714293de3836 8067 if (ssl->arrays->server_hint[0] == 0) return 0; /* don't send */
ashleymills 0:714293de3836 8068
ashleymills 0:714293de3836 8069 /* include size part */
ashleymills 0:714293de3836 8070 length = (word32)XSTRLEN(ssl->arrays->server_hint);
ashleymills 0:714293de3836 8071 if (length > MAX_PSK_ID_LEN) return SERVER_HINT_ERROR;
ashleymills 0:714293de3836 8072 length += HINT_LEN_SZ;
ashleymills 0:714293de3836 8073 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
ashleymills 0:714293de3836 8074
ashleymills 0:714293de3836 8075 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 8076 if (ssl->options.dtls) {
ashleymills 0:714293de3836 8077 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 8078 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 8079 }
ashleymills 0:714293de3836 8080 #endif
ashleymills 0:714293de3836 8081 /* check for available size */
ashleymills 0:714293de3836 8082 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
ashleymills 0:714293de3836 8083 return ret;
ashleymills 0:714293de3836 8084
ashleymills 0:714293de3836 8085 /* get ouput buffer */
ashleymills 0:714293de3836 8086 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 8087 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 8088
ashleymills 0:714293de3836 8089 AddHeaders(output, length, server_key_exchange, ssl);
ashleymills 0:714293de3836 8090
ashleymills 0:714293de3836 8091 /* key data */
ashleymills 0:714293de3836 8092 c16toa((word16)(length - HINT_LEN_SZ), output + idx);
ashleymills 0:714293de3836 8093 idx += HINT_LEN_SZ;
ashleymills 0:714293de3836 8094 XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ);
ashleymills 0:714293de3836 8095
ashleymills 0:714293de3836 8096 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 8097
ashleymills 0:714293de3836 8098 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 8099 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 8100 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
ashleymills 0:714293de3836 8101 if (ssl->toInfoOn)
ashleymills 0:714293de3836 8102 AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
ashleymills 0:714293de3836 8103 output, sendSz, ssl->heap);
ashleymills 0:714293de3836 8104 #endif
ashleymills 0:714293de3836 8105
ashleymills 0:714293de3836 8106 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 8107 if (ssl->options.groupMessages)
ashleymills 0:714293de3836 8108 ret = 0;
ashleymills 0:714293de3836 8109 else
ashleymills 0:714293de3836 8110 ret = SendBuffered(ssl);
ashleymills 0:714293de3836 8111 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
ashleymills 0:714293de3836 8112 }
ashleymills 0:714293de3836 8113 #endif /*NO_PSK */
ashleymills 0:714293de3836 8114
ashleymills 0:714293de3836 8115 #ifdef HAVE_ECC
ashleymills 0:714293de3836 8116 if (ssl->specs.kea == ecc_diffie_hellman_kea)
ashleymills 0:714293de3836 8117 {
ashleymills 0:714293de3836 8118 byte *output;
ashleymills 0:714293de3836 8119 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 8120 int sendSz;
ashleymills 0:714293de3836 8121 byte exportBuf[MAX_EXPORT_ECC_SZ];
ashleymills 0:714293de3836 8122 word32 expSz = sizeof(exportBuf);
ashleymills 0:714293de3836 8123 word32 sigSz;
ashleymills 0:714293de3836 8124 word32 preSigSz, preSigIdx;
ashleymills 0:714293de3836 8125 #ifndef NO_RSA
ashleymills 0:714293de3836 8126 RsaKey rsaKey;
ashleymills 0:714293de3836 8127 #endif
ashleymills 0:714293de3836 8128 ecc_key dsaKey;
ashleymills 0:714293de3836 8129
ashleymills 0:714293de3836 8130 if (ssl->specs.static_ecdh) {
ashleymills 0:714293de3836 8131 CYASSL_MSG("Using Static ECDH, not sending ServerKeyExchagne");
ashleymills 0:714293de3836 8132 return 0;
ashleymills 0:714293de3836 8133 }
ashleymills 0:714293de3836 8134
ashleymills 0:714293de3836 8135 /* curve type, named curve, length(1) */
ashleymills 0:714293de3836 8136 length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
ashleymills 0:714293de3836 8137 /* pub key size */
ashleymills 0:714293de3836 8138 CYASSL_MSG("Using ephemeral ECDH");
ashleymills 0:714293de3836 8139 if (ecc_export_x963(ssl->eccTempKey, exportBuf, &expSz) != 0)
ashleymills 0:714293de3836 8140 return ECC_EXPORT_ERROR;
ashleymills 0:714293de3836 8141 length += expSz;
ashleymills 0:714293de3836 8142
ashleymills 0:714293de3836 8143 preSigSz = length;
ashleymills 0:714293de3836 8144 preSigIdx = idx;
ashleymills 0:714293de3836 8145
ashleymills 0:714293de3836 8146 #ifndef NO_RSA
ashleymills 0:714293de3836 8147 InitRsaKey(&rsaKey, ssl->heap);
ashleymills 0:714293de3836 8148 #endif
ashleymills 0:714293de3836 8149 ecc_init(&dsaKey);
ashleymills 0:714293de3836 8150
ashleymills 0:714293de3836 8151 /* sig length */
ashleymills 0:714293de3836 8152 length += LENGTH_SZ;
ashleymills 0:714293de3836 8153
ashleymills 0:714293de3836 8154 if (!ssl->buffers.key.buffer) {
ashleymills 0:714293de3836 8155 #ifndef NO_RSA
ashleymills 0:714293de3836 8156 FreeRsaKey(&rsaKey);
ashleymills 0:714293de3836 8157 #endif
ashleymills 0:714293de3836 8158 ecc_free(&dsaKey);
ashleymills 0:714293de3836 8159 return NO_PRIVATE_KEY;
ashleymills 0:714293de3836 8160 }
ashleymills 0:714293de3836 8161
ashleymills 0:714293de3836 8162 #ifndef NO_RSA
ashleymills 0:714293de3836 8163 if (ssl->specs.sig_algo == rsa_sa_algo) {
ashleymills 0:714293de3836 8164 /* rsa sig size */
ashleymills 0:714293de3836 8165 word32 i = 0;
ashleymills 0:714293de3836 8166 ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i,
ashleymills 0:714293de3836 8167 &rsaKey, ssl->buffers.key.length);
ashleymills 0:714293de3836 8168 if (ret != 0) return ret;
ashleymills 0:714293de3836 8169 sigSz = RsaEncryptSize(&rsaKey);
ashleymills 0:714293de3836 8170 } else
ashleymills 0:714293de3836 8171 #endif
ashleymills 0:714293de3836 8172 if (ssl->specs.sig_algo == ecc_dsa_sa_algo) {
ashleymills 0:714293de3836 8173 /* ecdsa sig size */
ashleymills 0:714293de3836 8174 word32 i = 0;
ashleymills 0:714293de3836 8175 ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
ashleymills 0:714293de3836 8176 &dsaKey, ssl->buffers.key.length);
ashleymills 0:714293de3836 8177 if (ret != 0) return ret;
ashleymills 0:714293de3836 8178 sigSz = ecc_sig_size(&dsaKey) + 2; /* worst case estimate */
ashleymills 0:714293de3836 8179 }
ashleymills 0:714293de3836 8180 else {
ashleymills 0:714293de3836 8181 #ifndef NO_RSA
ashleymills 0:714293de3836 8182 FreeRsaKey(&rsaKey);
ashleymills 0:714293de3836 8183 #endif
ashleymills 0:714293de3836 8184 ecc_free(&dsaKey);
ashleymills 0:714293de3836 8185 return ALGO_ID_E; /* unsupported type */
ashleymills 0:714293de3836 8186 }
ashleymills 0:714293de3836 8187 length += sigSz;
ashleymills 0:714293de3836 8188
ashleymills 0:714293de3836 8189 if (IsAtLeastTLSv1_2(ssl))
ashleymills 0:714293de3836 8190 length += HASH_SIG_SIZE;
ashleymills 0:714293de3836 8191
ashleymills 0:714293de3836 8192 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
ashleymills 0:714293de3836 8193
ashleymills 0:714293de3836 8194 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 8195 if (ssl->options.dtls) {
ashleymills 0:714293de3836 8196 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 8197 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 8198 preSigIdx = idx;
ashleymills 0:714293de3836 8199 }
ashleymills 0:714293de3836 8200 #endif
ashleymills 0:714293de3836 8201 /* check for available size */
ashleymills 0:714293de3836 8202 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
ashleymills 0:714293de3836 8203 #ifndef NO_RSA
ashleymills 0:714293de3836 8204 FreeRsaKey(&rsaKey);
ashleymills 0:714293de3836 8205 #endif
ashleymills 0:714293de3836 8206 ecc_free(&dsaKey);
ashleymills 0:714293de3836 8207 return ret;
ashleymills 0:714293de3836 8208 }
ashleymills 0:714293de3836 8209
ashleymills 0:714293de3836 8210 /* get ouput buffer */
ashleymills 0:714293de3836 8211 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 8212 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 8213
ashleymills 0:714293de3836 8214 /* record and message headers will be added below, when we're sure
ashleymills 0:714293de3836 8215 of the sig length */
ashleymills 0:714293de3836 8216
ashleymills 0:714293de3836 8217 /* key exchange data */
ashleymills 0:714293de3836 8218 output[idx++] = named_curve;
ashleymills 0:714293de3836 8219 output[idx++] = 0x00; /* leading zero */
ashleymills 0:714293de3836 8220 output[idx++] = SetCurveId(ecc_size(ssl->eccTempKey));
ashleymills 0:714293de3836 8221 output[idx++] = (byte)expSz;
ashleymills 0:714293de3836 8222 XMEMCPY(output + idx, exportBuf, expSz);
ashleymills 0:714293de3836 8223 idx += expSz;
ashleymills 0:714293de3836 8224 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 8225 output[idx++] = ssl->suites->hashAlgo;
ashleymills 0:714293de3836 8226 output[idx++] = ssl->suites->sigAlgo;
ashleymills 0:714293de3836 8227 }
ashleymills 0:714293de3836 8228
ashleymills 0:714293de3836 8229 /* Signtaure length will be written later, when we're sure what it
ashleymills 0:714293de3836 8230 is */
ashleymills 0:714293de3836 8231
ashleymills 0:714293de3836 8232 /* do signature */
ashleymills 0:714293de3836 8233 {
ashleymills 0:714293de3836 8234 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 8235 Md5 md5;
ashleymills 0:714293de3836 8236 Sha sha;
ashleymills 0:714293de3836 8237 #endif
ashleymills 0:714293de3836 8238 byte hash[FINISHED_SZ];
ashleymills 0:714293de3836 8239 #ifndef NO_SHA256
ashleymills 0:714293de3836 8240 Sha256 sha256;
ashleymills 0:714293de3836 8241 byte hash256[SHA256_DIGEST_SIZE];
ashleymills 0:714293de3836 8242 #endif
ashleymills 0:714293de3836 8243 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 8244 Sha384 sha384;
ashleymills 0:714293de3836 8245 byte hash384[SHA384_DIGEST_SIZE];
ashleymills 0:714293de3836 8246 #endif
ashleymills 0:714293de3836 8247
ashleymills 0:714293de3836 8248 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 8249 /* md5 */
ashleymills 0:714293de3836 8250 InitMd5(&md5);
ashleymills 0:714293de3836 8251 Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 8252 Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 8253 Md5Update(&md5, output + preSigIdx, preSigSz);
ashleymills 0:714293de3836 8254 Md5Final(&md5, hash);
ashleymills 0:714293de3836 8255
ashleymills 0:714293de3836 8256 /* sha */
ashleymills 0:714293de3836 8257 InitSha(&sha);
ashleymills 0:714293de3836 8258 ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 8259 ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 8260 ShaUpdate(&sha, output + preSigIdx, preSigSz);
ashleymills 0:714293de3836 8261 ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
ashleymills 0:714293de3836 8262 #endif
ashleymills 0:714293de3836 8263
ashleymills 0:714293de3836 8264 #ifndef NO_SHA256
ashleymills 0:714293de3836 8265 InitSha256(&sha256);
ashleymills 0:714293de3836 8266 Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 8267 Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 8268 Sha256Update(&sha256, output + preSigIdx, preSigSz);
ashleymills 0:714293de3836 8269 Sha256Final(&sha256, hash256);
ashleymills 0:714293de3836 8270 #endif
ashleymills 0:714293de3836 8271
ashleymills 0:714293de3836 8272 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 8273 InitSha384(&sha384);
ashleymills 0:714293de3836 8274 Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 8275 Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 8276 Sha384Update(&sha384, output + preSigIdx, preSigSz);
ashleymills 0:714293de3836 8277 Sha384Final(&sha384, hash384);
ashleymills 0:714293de3836 8278 #endif
ashleymills 0:714293de3836 8279 #ifndef NO_RSA
ashleymills 0:714293de3836 8280 if (ssl->suites->sigAlgo == rsa_sa_algo) {
ashleymills 0:714293de3836 8281 byte* signBuffer = hash;
ashleymills 0:714293de3836 8282 word32 signSz = sizeof(hash);
ashleymills 0:714293de3836 8283 byte encodedSig[MAX_ENCODED_SIG_SZ];
ashleymills 0:714293de3836 8284 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 8285 byte* digest = &hash[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 8286 int typeH = SHAh;
ashleymills 0:714293de3836 8287 int digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 8288
ashleymills 0:714293de3836 8289 if (ssl->suites->hashAlgo == sha256_mac) {
ashleymills 0:714293de3836 8290 #ifndef NO_SHA256
ashleymills 0:714293de3836 8291 digest = hash256;
ashleymills 0:714293de3836 8292 typeH = SHA256h;
ashleymills 0:714293de3836 8293 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 8294 #endif
ashleymills 0:714293de3836 8295 }
ashleymills 0:714293de3836 8296 else if (ssl->suites->hashAlgo == sha384_mac) {
ashleymills 0:714293de3836 8297 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 8298 digest = hash384;
ashleymills 0:714293de3836 8299 typeH = SHA384h;
ashleymills 0:714293de3836 8300 digestSz = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 8301 #endif
ashleymills 0:714293de3836 8302 }
ashleymills 0:714293de3836 8303
ashleymills 0:714293de3836 8304 signSz = EncodeSignature(encodedSig, digest, digestSz,
ashleymills 0:714293de3836 8305 typeH);
ashleymills 0:714293de3836 8306 signBuffer = encodedSig;
ashleymills 0:714293de3836 8307 }
ashleymills 0:714293de3836 8308 /* write sig size here */
ashleymills 0:714293de3836 8309 c16toa((word16)sigSz, output + idx);
ashleymills 0:714293de3836 8310 idx += LENGTH_SZ;
ashleymills 0:714293de3836 8311
ashleymills 0:714293de3836 8312 ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz,
ashleymills 0:714293de3836 8313 &rsaKey, ssl->rng);
ashleymills 0:714293de3836 8314 FreeRsaKey(&rsaKey);
ashleymills 0:714293de3836 8315 ecc_free(&dsaKey);
ashleymills 0:714293de3836 8316 if (ret > 0)
ashleymills 0:714293de3836 8317 ret = 0; /* reset on success */
ashleymills 0:714293de3836 8318 else
ashleymills 0:714293de3836 8319 return ret;
ashleymills 0:714293de3836 8320 } else
ashleymills 0:714293de3836 8321 #endif
ashleymills 0:714293de3836 8322 if (ssl->suites->sigAlgo == ecc_dsa_sa_algo) {
ashleymills 0:714293de3836 8323 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 8324 byte* digest = &hash[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 8325 word32 digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 8326 #else
ashleymills 0:714293de3836 8327 byte* digest = hash256;
ashleymills 0:714293de3836 8328 word32 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 8329 #endif
ashleymills 0:714293de3836 8330 word32 sz = sigSz;
ashleymills 0:714293de3836 8331
ashleymills 0:714293de3836 8332 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 8333 if (ssl->suites->hashAlgo == sha_mac) {
ashleymills 0:714293de3836 8334 #ifndef NO_SHA
ashleymills 0:714293de3836 8335 digest = &hash[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 8336 digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 8337 #endif
ashleymills 0:714293de3836 8338 }
ashleymills 0:714293de3836 8339 else if (ssl->suites->hashAlgo == sha256_mac) {
ashleymills 0:714293de3836 8340 #ifndef NO_SHA256
ashleymills 0:714293de3836 8341 digest = hash256;
ashleymills 0:714293de3836 8342 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 8343 #endif
ashleymills 0:714293de3836 8344 }
ashleymills 0:714293de3836 8345 else if (ssl->suites->hashAlgo == sha384_mac) {
ashleymills 0:714293de3836 8346 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 8347 digest = hash384;
ashleymills 0:714293de3836 8348 digestSz = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 8349 #endif
ashleymills 0:714293de3836 8350 }
ashleymills 0:714293de3836 8351 }
ashleymills 0:714293de3836 8352
ashleymills 0:714293de3836 8353 ret = ecc_sign_hash(digest, digestSz,
ashleymills 0:714293de3836 8354 output + LENGTH_SZ + idx, &sz, ssl->rng, &dsaKey);
ashleymills 0:714293de3836 8355 #ifndef NO_RSA
ashleymills 0:714293de3836 8356 FreeRsaKey(&rsaKey);
ashleymills 0:714293de3836 8357 #endif
ashleymills 0:714293de3836 8358 ecc_free(&dsaKey);
ashleymills 0:714293de3836 8359 if (ret < 0) return ret;
ashleymills 0:714293de3836 8360
ashleymills 0:714293de3836 8361 /* Now that we know the real sig size, write it. */
ashleymills 0:714293de3836 8362 c16toa((word16)sz, output + idx);
ashleymills 0:714293de3836 8363
ashleymills 0:714293de3836 8364 /* And adjust length and sendSz from estimates */
ashleymills 0:714293de3836 8365 length += sz - sigSz;
ashleymills 0:714293de3836 8366 sendSz += sz - sigSz;
ashleymills 0:714293de3836 8367 }
ashleymills 0:714293de3836 8368 }
ashleymills 0:714293de3836 8369
ashleymills 0:714293de3836 8370 AddHeaders(output, length, server_key_exchange, ssl);
ashleymills 0:714293de3836 8371 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 8372
ashleymills 0:714293de3836 8373 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 8374 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 8375 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
ashleymills 0:714293de3836 8376 if (ssl->toInfoOn)
ashleymills 0:714293de3836 8377 AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
ashleymills 0:714293de3836 8378 output, sendSz, ssl->heap);
ashleymills 0:714293de3836 8379 #endif
ashleymills 0:714293de3836 8380
ashleymills 0:714293de3836 8381 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 8382 if (ssl->options.groupMessages)
ashleymills 0:714293de3836 8383 ret = 0;
ashleymills 0:714293de3836 8384 else
ashleymills 0:714293de3836 8385 ret = SendBuffered(ssl);
ashleymills 0:714293de3836 8386 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
ashleymills 0:714293de3836 8387 }
ashleymills 0:714293de3836 8388 #endif /* HAVE_ECC */
ashleymills 0:714293de3836 8389
ashleymills 0:714293de3836 8390 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 8391 if (ssl->specs.kea == diffie_hellman_kea) {
ashleymills 0:714293de3836 8392 byte *output;
ashleymills 0:714293de3836 8393 word32 length = 0, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 8394 int sendSz;
ashleymills 0:714293de3836 8395 word32 sigSz = 0, i = 0;
ashleymills 0:714293de3836 8396 word32 preSigSz = 0, preSigIdx = 0;
ashleymills 0:714293de3836 8397 RsaKey rsaKey;
ashleymills 0:714293de3836 8398 DhKey dhKey;
ashleymills 0:714293de3836 8399
ashleymills 0:714293de3836 8400 if (ssl->buffers.serverDH_P.buffer == NULL ||
ashleymills 0:714293de3836 8401 ssl->buffers.serverDH_G.buffer == NULL)
ashleymills 0:714293de3836 8402 return NO_DH_PARAMS;
ashleymills 0:714293de3836 8403
ashleymills 0:714293de3836 8404 if (ssl->buffers.serverDH_Pub.buffer == NULL) {
ashleymills 0:714293de3836 8405 ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
ashleymills 0:714293de3836 8406 ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
ashleymills 0:714293de3836 8407 DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 8408 if (ssl->buffers.serverDH_Pub.buffer == NULL)
ashleymills 0:714293de3836 8409 return MEMORY_E;
ashleymills 0:714293de3836 8410 }
ashleymills 0:714293de3836 8411
ashleymills 0:714293de3836 8412 if (ssl->buffers.serverDH_Priv.buffer == NULL) {
ashleymills 0:714293de3836 8413 ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
ashleymills 0:714293de3836 8414 ssl->buffers.serverDH_P.length + 2, ssl->ctx->heap,
ashleymills 0:714293de3836 8415 DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 8416 if (ssl->buffers.serverDH_Priv.buffer == NULL)
ashleymills 0:714293de3836 8417 return MEMORY_E;
ashleymills 0:714293de3836 8418 }
ashleymills 0:714293de3836 8419
ashleymills 0:714293de3836 8420 InitDhKey(&dhKey);
ashleymills 0:714293de3836 8421 ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
ashleymills 0:714293de3836 8422 ssl->buffers.serverDH_P.length,
ashleymills 0:714293de3836 8423 ssl->buffers.serverDH_G.buffer,
ashleymills 0:714293de3836 8424 ssl->buffers.serverDH_G.length);
ashleymills 0:714293de3836 8425 if (ret == 0)
ashleymills 0:714293de3836 8426 ret = DhGenerateKeyPair(&dhKey, ssl->rng,
ashleymills 0:714293de3836 8427 ssl->buffers.serverDH_Priv.buffer,
ashleymills 0:714293de3836 8428 &ssl->buffers.serverDH_Priv.length,
ashleymills 0:714293de3836 8429 ssl->buffers.serverDH_Pub.buffer,
ashleymills 0:714293de3836 8430 &ssl->buffers.serverDH_Pub.length);
ashleymills 0:714293de3836 8431 FreeDhKey(&dhKey);
ashleymills 0:714293de3836 8432
ashleymills 0:714293de3836 8433 InitRsaKey(&rsaKey, ssl->heap);
ashleymills 0:714293de3836 8434 if (ret == 0) {
ashleymills 0:714293de3836 8435 length = LENGTH_SZ * 3; /* p, g, pub */
ashleymills 0:714293de3836 8436 length += ssl->buffers.serverDH_P.length +
ashleymills 0:714293de3836 8437 ssl->buffers.serverDH_G.length +
ashleymills 0:714293de3836 8438 ssl->buffers.serverDH_Pub.length;
ashleymills 0:714293de3836 8439
ashleymills 0:714293de3836 8440 preSigIdx = idx;
ashleymills 0:714293de3836 8441 preSigSz = length;
ashleymills 0:714293de3836 8442
ashleymills 0:714293de3836 8443 /* sig length */
ashleymills 0:714293de3836 8444 length += LENGTH_SZ;
ashleymills 0:714293de3836 8445
ashleymills 0:714293de3836 8446 if (!ssl->buffers.key.buffer)
ashleymills 0:714293de3836 8447 return NO_PRIVATE_KEY;
ashleymills 0:714293de3836 8448
ashleymills 0:714293de3836 8449 ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &i, &rsaKey,
ashleymills 0:714293de3836 8450 ssl->buffers.key.length);
ashleymills 0:714293de3836 8451 if (ret == 0) {
ashleymills 0:714293de3836 8452 sigSz = RsaEncryptSize(&rsaKey);
ashleymills 0:714293de3836 8453 length += sigSz;
ashleymills 0:714293de3836 8454 }
ashleymills 0:714293de3836 8455 }
ashleymills 0:714293de3836 8456 if (ret != 0) {
ashleymills 0:714293de3836 8457 FreeRsaKey(&rsaKey);
ashleymills 0:714293de3836 8458 return ret;
ashleymills 0:714293de3836 8459 }
ashleymills 0:714293de3836 8460
ashleymills 0:714293de3836 8461 if (IsAtLeastTLSv1_2(ssl))
ashleymills 0:714293de3836 8462 length += HASH_SIG_SIZE;
ashleymills 0:714293de3836 8463
ashleymills 0:714293de3836 8464 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
ashleymills 0:714293de3836 8465
ashleymills 0:714293de3836 8466 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 8467 if (ssl->options.dtls) {
ashleymills 0:714293de3836 8468 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 8469 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 8470 preSigIdx = idx;
ashleymills 0:714293de3836 8471 }
ashleymills 0:714293de3836 8472 #endif
ashleymills 0:714293de3836 8473 /* check for available size */
ashleymills 0:714293de3836 8474 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
ashleymills 0:714293de3836 8475 FreeRsaKey(&rsaKey);
ashleymills 0:714293de3836 8476 return ret;
ashleymills 0:714293de3836 8477 }
ashleymills 0:714293de3836 8478
ashleymills 0:714293de3836 8479 /* get ouput buffer */
ashleymills 0:714293de3836 8480 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 8481 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 8482
ashleymills 0:714293de3836 8483 AddHeaders(output, length, server_key_exchange, ssl);
ashleymills 0:714293de3836 8484
ashleymills 0:714293de3836 8485 /* add p, g, pub */
ashleymills 0:714293de3836 8486 c16toa((word16)ssl->buffers.serverDH_P.length, output + idx);
ashleymills 0:714293de3836 8487 idx += LENGTH_SZ;
ashleymills 0:714293de3836 8488 XMEMCPY(output + idx, ssl->buffers.serverDH_P.buffer,
ashleymills 0:714293de3836 8489 ssl->buffers.serverDH_P.length);
ashleymills 0:714293de3836 8490 idx += ssl->buffers.serverDH_P.length;
ashleymills 0:714293de3836 8491
ashleymills 0:714293de3836 8492 /* g */
ashleymills 0:714293de3836 8493 c16toa((word16)ssl->buffers.serverDH_G.length, output + idx);
ashleymills 0:714293de3836 8494 idx += LENGTH_SZ;
ashleymills 0:714293de3836 8495 XMEMCPY(output + idx, ssl->buffers.serverDH_G.buffer,
ashleymills 0:714293de3836 8496 ssl->buffers.serverDH_G.length);
ashleymills 0:714293de3836 8497 idx += ssl->buffers.serverDH_G.length;
ashleymills 0:714293de3836 8498
ashleymills 0:714293de3836 8499 /* pub */
ashleymills 0:714293de3836 8500 c16toa((word16)ssl->buffers.serverDH_Pub.length, output + idx);
ashleymills 0:714293de3836 8501 idx += LENGTH_SZ;
ashleymills 0:714293de3836 8502 XMEMCPY(output + idx, ssl->buffers.serverDH_Pub.buffer,
ashleymills 0:714293de3836 8503 ssl->buffers.serverDH_Pub.length);
ashleymills 0:714293de3836 8504 idx += ssl->buffers.serverDH_Pub.length;
ashleymills 0:714293de3836 8505
ashleymills 0:714293de3836 8506 /* Add signature */
ashleymills 0:714293de3836 8507 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 8508 output[idx++] = ssl->suites->hashAlgo;
ashleymills 0:714293de3836 8509 output[idx++] = ssl->suites->sigAlgo;
ashleymills 0:714293de3836 8510 }
ashleymills 0:714293de3836 8511 /* size */
ashleymills 0:714293de3836 8512 c16toa((word16)sigSz, output + idx);
ashleymills 0:714293de3836 8513 idx += LENGTH_SZ;
ashleymills 0:714293de3836 8514
ashleymills 0:714293de3836 8515 /* do signature */
ashleymills 0:714293de3836 8516 {
ashleymills 0:714293de3836 8517 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 8518 Md5 md5;
ashleymills 0:714293de3836 8519 Sha sha;
ashleymills 0:714293de3836 8520 #endif
ashleymills 0:714293de3836 8521 byte hash[FINISHED_SZ];
ashleymills 0:714293de3836 8522 #ifndef NO_SHA256
ashleymills 0:714293de3836 8523 Sha256 sha256;
ashleymills 0:714293de3836 8524 byte hash256[SHA256_DIGEST_SIZE];
ashleymills 0:714293de3836 8525 #endif
ashleymills 0:714293de3836 8526 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 8527 Sha384 sha384;
ashleymills 0:714293de3836 8528 byte hash384[SHA384_DIGEST_SIZE];
ashleymills 0:714293de3836 8529 #endif
ashleymills 0:714293de3836 8530
ashleymills 0:714293de3836 8531 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 8532 /* md5 */
ashleymills 0:714293de3836 8533 InitMd5(&md5);
ashleymills 0:714293de3836 8534 Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 8535 Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 8536 Md5Update(&md5, output + preSigIdx, preSigSz);
ashleymills 0:714293de3836 8537 Md5Final(&md5, hash);
ashleymills 0:714293de3836 8538
ashleymills 0:714293de3836 8539 /* sha */
ashleymills 0:714293de3836 8540 InitSha(&sha);
ashleymills 0:714293de3836 8541 ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 8542 ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 8543 ShaUpdate(&sha, output + preSigIdx, preSigSz);
ashleymills 0:714293de3836 8544 ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
ashleymills 0:714293de3836 8545 #endif
ashleymills 0:714293de3836 8546
ashleymills 0:714293de3836 8547 #ifndef NO_SHA256
ashleymills 0:714293de3836 8548 InitSha256(&sha256);
ashleymills 0:714293de3836 8549 Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 8550 Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 8551 Sha256Update(&sha256, output + preSigIdx, preSigSz);
ashleymills 0:714293de3836 8552 Sha256Final(&sha256, hash256);
ashleymills 0:714293de3836 8553 #endif
ashleymills 0:714293de3836 8554
ashleymills 0:714293de3836 8555 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 8556 InitSha384(&sha384);
ashleymills 0:714293de3836 8557 Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
ashleymills 0:714293de3836 8558 Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 8559 Sha384Update(&sha384, output + preSigIdx, preSigSz);
ashleymills 0:714293de3836 8560 Sha384Final(&sha384, hash384);
ashleymills 0:714293de3836 8561 #endif
ashleymills 0:714293de3836 8562 #ifndef NO_RSA
ashleymills 0:714293de3836 8563 if (ssl->suites->sigAlgo == rsa_sa_algo) {
ashleymills 0:714293de3836 8564 byte* signBuffer = hash;
ashleymills 0:714293de3836 8565 word32 signSz = sizeof(hash);
ashleymills 0:714293de3836 8566 byte encodedSig[MAX_ENCODED_SIG_SZ];
ashleymills 0:714293de3836 8567 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 8568 byte* digest = &hash[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 8569 int typeH = SHAh;
ashleymills 0:714293de3836 8570 int digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 8571
ashleymills 0:714293de3836 8572 if (ssl->suites->hashAlgo == sha256_mac) {
ashleymills 0:714293de3836 8573 #ifndef NO_SHA256
ashleymills 0:714293de3836 8574 digest = hash256;
ashleymills 0:714293de3836 8575 typeH = SHA256h;
ashleymills 0:714293de3836 8576 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 8577 #endif
ashleymills 0:714293de3836 8578 }
ashleymills 0:714293de3836 8579 else if (ssl->suites->hashAlgo == sha384_mac) {
ashleymills 0:714293de3836 8580 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 8581 digest = hash384;
ashleymills 0:714293de3836 8582 typeH = SHA384h;
ashleymills 0:714293de3836 8583 digestSz = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 8584 #endif
ashleymills 0:714293de3836 8585 }
ashleymills 0:714293de3836 8586
ashleymills 0:714293de3836 8587 signSz = EncodeSignature(encodedSig, digest, digestSz,
ashleymills 0:714293de3836 8588 typeH);
ashleymills 0:714293de3836 8589 signBuffer = encodedSig;
ashleymills 0:714293de3836 8590 }
ashleymills 0:714293de3836 8591 ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz,
ashleymills 0:714293de3836 8592 &rsaKey, ssl->rng);
ashleymills 0:714293de3836 8593 FreeRsaKey(&rsaKey);
ashleymills 0:714293de3836 8594 if (ret <= 0)
ashleymills 0:714293de3836 8595 return ret;
ashleymills 0:714293de3836 8596 }
ashleymills 0:714293de3836 8597 #endif
ashleymills 0:714293de3836 8598 }
ashleymills 0:714293de3836 8599
ashleymills 0:714293de3836 8600 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 8601 if (ssl->options.dtls) {
ashleymills 0:714293de3836 8602 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 8603 return ret;
ashleymills 0:714293de3836 8604 }
ashleymills 0:714293de3836 8605 #endif
ashleymills 0:714293de3836 8606 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 8607
ashleymills 0:714293de3836 8608 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 8609 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 8610 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
ashleymills 0:714293de3836 8611 if (ssl->toInfoOn)
ashleymills 0:714293de3836 8612 AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
ashleymills 0:714293de3836 8613 output, sendSz, ssl->heap);
ashleymills 0:714293de3836 8614 #endif
ashleymills 0:714293de3836 8615
ashleymills 0:714293de3836 8616 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 8617 if (ssl->options.groupMessages)
ashleymills 0:714293de3836 8618 ret = 0;
ashleymills 0:714293de3836 8619 else
ashleymills 0:714293de3836 8620 ret = SendBuffered(ssl);
ashleymills 0:714293de3836 8621 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
ashleymills 0:714293de3836 8622 }
ashleymills 0:714293de3836 8623 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 8624
ashleymills 0:714293de3836 8625 return ret;
ashleymills 0:714293de3836 8626 }
ashleymills 0:714293de3836 8627
ashleymills 0:714293de3836 8628
ashleymills 0:714293de3836 8629 /* cipher requirements */
ashleymills 0:714293de3836 8630 enum {
ashleymills 0:714293de3836 8631 REQUIRES_RSA,
ashleymills 0:714293de3836 8632 REQUIRES_DHE,
ashleymills 0:714293de3836 8633 REQUIRES_ECC_DSA,
ashleymills 0:714293de3836 8634 REQUIRES_ECC_STATIC,
ashleymills 0:714293de3836 8635 REQUIRES_PSK,
ashleymills 0:714293de3836 8636 REQUIRES_NTRU,
ashleymills 0:714293de3836 8637 REQUIRES_RSA_SIG
ashleymills 0:714293de3836 8638 };
ashleymills 0:714293de3836 8639
ashleymills 0:714293de3836 8640
ashleymills 0:714293de3836 8641
ashleymills 0:714293de3836 8642 /* Does this cipher suite (first, second) have the requirement
ashleymills 0:714293de3836 8643 an ephemeral key exchange will still require the key for signing
ashleymills 0:714293de3836 8644 the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */
ashleymills 0:714293de3836 8645 static int CipherRequires(byte first, byte second, int requirement)
ashleymills 0:714293de3836 8646 {
ashleymills 0:714293de3836 8647 /* ECC extensions */
ashleymills 0:714293de3836 8648 if (first == ECC_BYTE) {
ashleymills 0:714293de3836 8649
ashleymills 0:714293de3836 8650 switch (second) {
ashleymills 0:714293de3836 8651
ashleymills 0:714293de3836 8652 #ifndef NO_RSA
ashleymills 0:714293de3836 8653 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 8654 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8655 return 1;
ashleymills 0:714293de3836 8656 break;
ashleymills 0:714293de3836 8657
ashleymills 0:714293de3836 8658 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 8659 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8660 return 1;
ashleymills 0:714293de3836 8661 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 8662 return 1;
ashleymills 0:714293de3836 8663 break;
ashleymills 0:714293de3836 8664
ashleymills 0:714293de3836 8665 #ifndef NO_3DES
ashleymills 0:714293de3836 8666 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 8667 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8668 return 1;
ashleymills 0:714293de3836 8669 break;
ashleymills 0:714293de3836 8670
ashleymills 0:714293de3836 8671 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 8672 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8673 return 1;
ashleymills 0:714293de3836 8674 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 8675 return 1;
ashleymills 0:714293de3836 8676 break;
ashleymills 0:714293de3836 8677 #endif
ashleymills 0:714293de3836 8678
ashleymills 0:714293de3836 8679 #ifndef NO_RC4
ashleymills 0:714293de3836 8680 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 8681 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8682 return 1;
ashleymills 0:714293de3836 8683 break;
ashleymills 0:714293de3836 8684
ashleymills 0:714293de3836 8685 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 8686 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8687 return 1;
ashleymills 0:714293de3836 8688 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 8689 return 1;
ashleymills 0:714293de3836 8690 break;
ashleymills 0:714293de3836 8691 #endif
ashleymills 0:714293de3836 8692 #endif /* NO_RSA */
ashleymills 0:714293de3836 8693
ashleymills 0:714293de3836 8694 #ifndef NO_3DES
ashleymills 0:714293de3836 8695 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 8696 if (requirement == REQUIRES_ECC_DSA)
ashleymills 0:714293de3836 8697 return 1;
ashleymills 0:714293de3836 8698 break;
ashleymills 0:714293de3836 8699
ashleymills 0:714293de3836 8700 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 8701 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8702 return 1;
ashleymills 0:714293de3836 8703 break;
ashleymills 0:714293de3836 8704 #endif
ashleymills 0:714293de3836 8705 #ifndef NO_RC4
ashleymills 0:714293de3836 8706 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 8707 if (requirement == REQUIRES_ECC_DSA)
ashleymills 0:714293de3836 8708 return 1;
ashleymills 0:714293de3836 8709 break;
ashleymills 0:714293de3836 8710
ashleymills 0:714293de3836 8711 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 8712 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8713 return 1;
ashleymills 0:714293de3836 8714 break;
ashleymills 0:714293de3836 8715 #endif
ashleymills 0:714293de3836 8716 #ifndef NO_RSA
ashleymills 0:714293de3836 8717 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 8718 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8719 return 1;
ashleymills 0:714293de3836 8720 break;
ashleymills 0:714293de3836 8721
ashleymills 0:714293de3836 8722 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 8723 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8724 return 1;
ashleymills 0:714293de3836 8725 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 8726 return 1;
ashleymills 0:714293de3836 8727 break;
ashleymills 0:714293de3836 8728 #endif
ashleymills 0:714293de3836 8729
ashleymills 0:714293de3836 8730 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 8731 if (requirement == REQUIRES_ECC_DSA)
ashleymills 0:714293de3836 8732 return 1;
ashleymills 0:714293de3836 8733 break;
ashleymills 0:714293de3836 8734
ashleymills 0:714293de3836 8735 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 8736 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8737 return 1;
ashleymills 0:714293de3836 8738 break;
ashleymills 0:714293de3836 8739
ashleymills 0:714293de3836 8740 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 8741 if (requirement == REQUIRES_ECC_DSA)
ashleymills 0:714293de3836 8742 return 1;
ashleymills 0:714293de3836 8743 break;
ashleymills 0:714293de3836 8744
ashleymills 0:714293de3836 8745 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 8746 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8747 return 1;
ashleymills 0:714293de3836 8748 break;
ashleymills 0:714293de3836 8749
ashleymills 0:714293de3836 8750 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 8751 if (requirement == REQUIRES_ECC_DSA)
ashleymills 0:714293de3836 8752 return 1;
ashleymills 0:714293de3836 8753 break;
ashleymills 0:714293de3836 8754
ashleymills 0:714293de3836 8755 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 8756 if (requirement == REQUIRES_ECC_DSA)
ashleymills 0:714293de3836 8757 return 1;
ashleymills 0:714293de3836 8758 break;
ashleymills 0:714293de3836 8759
ashleymills 0:714293de3836 8760 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 8761 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8762 return 1;
ashleymills 0:714293de3836 8763 break;
ashleymills 0:714293de3836 8764
ashleymills 0:714293de3836 8765 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 8766 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8767 return 1;
ashleymills 0:714293de3836 8768 break;
ashleymills 0:714293de3836 8769
ashleymills 0:714293de3836 8770 #ifndef NO_RSA
ashleymills 0:714293de3836 8771 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 8772 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8773 return 1;
ashleymills 0:714293de3836 8774 break;
ashleymills 0:714293de3836 8775
ashleymills 0:714293de3836 8776 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 8777 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8778 return 1;
ashleymills 0:714293de3836 8779 break;
ashleymills 0:714293de3836 8780
ashleymills 0:714293de3836 8781 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 8782 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8783 return 1;
ashleymills 0:714293de3836 8784 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 8785 return 1;
ashleymills 0:714293de3836 8786 break;
ashleymills 0:714293de3836 8787
ashleymills 0:714293de3836 8788 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 8789 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8790 return 1;
ashleymills 0:714293de3836 8791 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 8792 return 1;
ashleymills 0:714293de3836 8793 break;
ashleymills 0:714293de3836 8794
ashleymills 0:714293de3836 8795 case TLS_RSA_WITH_AES_128_CCM_8 :
ashleymills 0:714293de3836 8796 case TLS_RSA_WITH_AES_256_CCM_8 :
ashleymills 0:714293de3836 8797 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8798 return 1;
ashleymills 0:714293de3836 8799 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 8800 return 1;
ashleymills 0:714293de3836 8801 break;
ashleymills 0:714293de3836 8802
ashleymills 0:714293de3836 8803 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 8804 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
ashleymills 0:714293de3836 8805 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8806 return 1;
ashleymills 0:714293de3836 8807 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 8808 return 1;
ashleymills 0:714293de3836 8809 break;
ashleymills 0:714293de3836 8810
ashleymills 0:714293de3836 8811 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 8812 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
ashleymills 0:714293de3836 8813 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 8814 return 1;
ashleymills 0:714293de3836 8815 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8816 return 1;
ashleymills 0:714293de3836 8817 break;
ashleymills 0:714293de3836 8818 #endif
ashleymills 0:714293de3836 8819
ashleymills 0:714293de3836 8820 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
ashleymills 0:714293de3836 8821 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
ashleymills 0:714293de3836 8822 if (requirement == REQUIRES_ECC_DSA)
ashleymills 0:714293de3836 8823 return 1;
ashleymills 0:714293de3836 8824 break;
ashleymills 0:714293de3836 8825
ashleymills 0:714293de3836 8826 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
ashleymills 0:714293de3836 8827 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 8828 if (requirement == REQUIRES_ECC_DSA)
ashleymills 0:714293de3836 8829 return 1;
ashleymills 0:714293de3836 8830 break;
ashleymills 0:714293de3836 8831
ashleymills 0:714293de3836 8832 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 8833 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
ashleymills 0:714293de3836 8834 if (requirement == REQUIRES_ECC_DSA)
ashleymills 0:714293de3836 8835 return 1;
ashleymills 0:714293de3836 8836 if (requirement == REQUIRES_ECC_STATIC)
ashleymills 0:714293de3836 8837 return 1;
ashleymills 0:714293de3836 8838 break;
ashleymills 0:714293de3836 8839
ashleymills 0:714293de3836 8840 default:
ashleymills 0:714293de3836 8841 CYASSL_MSG("Unsupported cipher suite, CipherRequires ECC");
ashleymills 0:714293de3836 8842 return 0;
ashleymills 0:714293de3836 8843 } /* switch */
ashleymills 0:714293de3836 8844 } /* if */
ashleymills 0:714293de3836 8845 if (first != ECC_BYTE) { /* normal suites */
ashleymills 0:714293de3836 8846 switch (second) {
ashleymills 0:714293de3836 8847
ashleymills 0:714293de3836 8848 #ifndef NO_RSA
ashleymills 0:714293de3836 8849 case SSL_RSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 8850 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8851 return 1;
ashleymills 0:714293de3836 8852 break;
ashleymills 0:714293de3836 8853
ashleymills 0:714293de3836 8854 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 8855 if (requirement == REQUIRES_NTRU)
ashleymills 0:714293de3836 8856 return 1;
ashleymills 0:714293de3836 8857 break;
ashleymills 0:714293de3836 8858
ashleymills 0:714293de3836 8859 case SSL_RSA_WITH_RC4_128_MD5 :
ashleymills 0:714293de3836 8860 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8861 return 1;
ashleymills 0:714293de3836 8862 break;
ashleymills 0:714293de3836 8863
ashleymills 0:714293de3836 8864 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 8865 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8866 return 1;
ashleymills 0:714293de3836 8867 break;
ashleymills 0:714293de3836 8868
ashleymills 0:714293de3836 8869 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 8870 if (requirement == REQUIRES_NTRU)
ashleymills 0:714293de3836 8871 return 1;
ashleymills 0:714293de3836 8872 break;
ashleymills 0:714293de3836 8873
ashleymills 0:714293de3836 8874 case TLS_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 8875 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8876 return 1;
ashleymills 0:714293de3836 8877 break;
ashleymills 0:714293de3836 8878
ashleymills 0:714293de3836 8879 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 8880 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8881 return 1;
ashleymills 0:714293de3836 8882 break;
ashleymills 0:714293de3836 8883
ashleymills 0:714293de3836 8884 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 8885 if (requirement == REQUIRES_NTRU)
ashleymills 0:714293de3836 8886 return 1;
ashleymills 0:714293de3836 8887 break;
ashleymills 0:714293de3836 8888
ashleymills 0:714293de3836 8889 case TLS_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 8890 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8891 return 1;
ashleymills 0:714293de3836 8892 break;
ashleymills 0:714293de3836 8893
ashleymills 0:714293de3836 8894 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
ashleymills 0:714293de3836 8895 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8896 return 1;
ashleymills 0:714293de3836 8897 break;
ashleymills 0:714293de3836 8898
ashleymills 0:714293de3836 8899 case TLS_RSA_WITH_NULL_SHA :
ashleymills 0:714293de3836 8900 case TLS_RSA_WITH_NULL_SHA256 :
ashleymills 0:714293de3836 8901 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8902 return 1;
ashleymills 0:714293de3836 8903 break;
ashleymills 0:714293de3836 8904
ashleymills 0:714293de3836 8905 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 8906 if (requirement == REQUIRES_NTRU)
ashleymills 0:714293de3836 8907 return 1;
ashleymills 0:714293de3836 8908 break;
ashleymills 0:714293de3836 8909 #endif
ashleymills 0:714293de3836 8910
ashleymills 0:714293de3836 8911 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 8912 if (requirement == REQUIRES_PSK)
ashleymills 0:714293de3836 8913 return 1;
ashleymills 0:714293de3836 8914 break;
ashleymills 0:714293de3836 8915
ashleymills 0:714293de3836 8916 case TLS_PSK_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 8917 if (requirement == REQUIRES_PSK)
ashleymills 0:714293de3836 8918 return 1;
ashleymills 0:714293de3836 8919 break;
ashleymills 0:714293de3836 8920
ashleymills 0:714293de3836 8921 case TLS_PSK_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 8922 if (requirement == REQUIRES_PSK)
ashleymills 0:714293de3836 8923 return 1;
ashleymills 0:714293de3836 8924 break;
ashleymills 0:714293de3836 8925
ashleymills 0:714293de3836 8926 case TLS_PSK_WITH_NULL_SHA256 :
ashleymills 0:714293de3836 8927 if (requirement == REQUIRES_PSK)
ashleymills 0:714293de3836 8928 return 1;
ashleymills 0:714293de3836 8929 break;
ashleymills 0:714293de3836 8930
ashleymills 0:714293de3836 8931 case TLS_PSK_WITH_NULL_SHA :
ashleymills 0:714293de3836 8932 if (requirement == REQUIRES_PSK)
ashleymills 0:714293de3836 8933 return 1;
ashleymills 0:714293de3836 8934 break;
ashleymills 0:714293de3836 8935
ashleymills 0:714293de3836 8936 #ifndef NO_RSA
ashleymills 0:714293de3836 8937 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 8938 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8939 return 1;
ashleymills 0:714293de3836 8940 if (requirement == REQUIRES_DHE)
ashleymills 0:714293de3836 8941 return 1;
ashleymills 0:714293de3836 8942 break;
ashleymills 0:714293de3836 8943
ashleymills 0:714293de3836 8944 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
ashleymills 0:714293de3836 8945 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8946 return 1;
ashleymills 0:714293de3836 8947 if (requirement == REQUIRES_DHE)
ashleymills 0:714293de3836 8948 return 1;
ashleymills 0:714293de3836 8949 break;
ashleymills 0:714293de3836 8950
ashleymills 0:714293de3836 8951 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 8952 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8953 return 1;
ashleymills 0:714293de3836 8954 if (requirement == REQUIRES_DHE)
ashleymills 0:714293de3836 8955 return 1;
ashleymills 0:714293de3836 8956 break;
ashleymills 0:714293de3836 8957
ashleymills 0:714293de3836 8958 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 8959 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8960 return 1;
ashleymills 0:714293de3836 8961 if (requirement == REQUIRES_DHE)
ashleymills 0:714293de3836 8962 return 1;
ashleymills 0:714293de3836 8963 break;
ashleymills 0:714293de3836 8964
ashleymills 0:714293de3836 8965 case TLS_RSA_WITH_HC_128_CBC_MD5 :
ashleymills 0:714293de3836 8966 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8967 return 1;
ashleymills 0:714293de3836 8968 break;
ashleymills 0:714293de3836 8969
ashleymills 0:714293de3836 8970 case TLS_RSA_WITH_HC_128_CBC_SHA :
ashleymills 0:714293de3836 8971 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8972 return 1;
ashleymills 0:714293de3836 8973 break;
ashleymills 0:714293de3836 8974
ashleymills 0:714293de3836 8975 case TLS_RSA_WITH_RABBIT_CBC_SHA :
ashleymills 0:714293de3836 8976 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8977 return 1;
ashleymills 0:714293de3836 8978 break;
ashleymills 0:714293de3836 8979
ashleymills 0:714293de3836 8980 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 8981 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 8982 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8983 return 1;
ashleymills 0:714293de3836 8984 break;
ashleymills 0:714293de3836 8985
ashleymills 0:714293de3836 8986 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 8987 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 8988 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8989 return 1;
ashleymills 0:714293de3836 8990 if (requirement == REQUIRES_DHE)
ashleymills 0:714293de3836 8991 return 1;
ashleymills 0:714293de3836 8992 break;
ashleymills 0:714293de3836 8993
ashleymills 0:714293de3836 8994 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
ashleymills 0:714293de3836 8995 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
ashleymills 0:714293de3836 8996 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ashleymills 0:714293de3836 8997 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ashleymills 0:714293de3836 8998 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 8999 return 1;
ashleymills 0:714293de3836 9000 break;
ashleymills 0:714293de3836 9001
ashleymills 0:714293de3836 9002 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
ashleymills 0:714293de3836 9003 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
ashleymills 0:714293de3836 9004 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ashleymills 0:714293de3836 9005 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ashleymills 0:714293de3836 9006 if (requirement == REQUIRES_RSA)
ashleymills 0:714293de3836 9007 return 1;
ashleymills 0:714293de3836 9008 if (requirement == REQUIRES_RSA_SIG)
ashleymills 0:714293de3836 9009 return 1;
ashleymills 0:714293de3836 9010 if (requirement == REQUIRES_DHE)
ashleymills 0:714293de3836 9011 return 1;
ashleymills 0:714293de3836 9012 break;
ashleymills 0:714293de3836 9013 #endif
ashleymills 0:714293de3836 9014
ashleymills 0:714293de3836 9015 default:
ashleymills 0:714293de3836 9016 CYASSL_MSG("Unsupported cipher suite, CipherRequires");
ashleymills 0:714293de3836 9017 return 0;
ashleymills 0:714293de3836 9018 } /* switch */
ashleymills 0:714293de3836 9019 } /* if ECC / Normal suites else */
ashleymills 0:714293de3836 9020
ashleymills 0:714293de3836 9021 return 0;
ashleymills 0:714293de3836 9022 }
ashleymills 0:714293de3836 9023
ashleymills 0:714293de3836 9024
ashleymills 0:714293de3836 9025
ashleymills 0:714293de3836 9026
ashleymills 0:714293de3836 9027
ashleymills 0:714293de3836 9028 /* Make sure cert/key are valid for this suite, true on success */
ashleymills 0:714293de3836 9029 static int VerifySuite(CYASSL* ssl, word16 idx)
ashleymills 0:714293de3836 9030 {
ashleymills 0:714293de3836 9031 int haveRSA = !ssl->options.haveStaticECC;
ashleymills 0:714293de3836 9032 int havePSK = 0;
ashleymills 0:714293de3836 9033 byte first;
ashleymills 0:714293de3836 9034 byte second;
ashleymills 0:714293de3836 9035
ashleymills 0:714293de3836 9036 CYASSL_ENTER("VerifySuite");
ashleymills 0:714293de3836 9037
ashleymills 0:714293de3836 9038 if (ssl->suites == NULL) {
ashleymills 0:714293de3836 9039 CYASSL_MSG("Suites pointer error");
ashleymills 0:714293de3836 9040 return 0;
ashleymills 0:714293de3836 9041 }
ashleymills 0:714293de3836 9042
ashleymills 0:714293de3836 9043 first = ssl->suites->suites[idx];
ashleymills 0:714293de3836 9044 second = ssl->suites->suites[idx+1];
ashleymills 0:714293de3836 9045
ashleymills 0:714293de3836 9046 #ifndef NO_PSK
ashleymills 0:714293de3836 9047 havePSK = ssl->options.havePSK;
ashleymills 0:714293de3836 9048 #endif
ashleymills 0:714293de3836 9049
ashleymills 0:714293de3836 9050 if (ssl->options.haveNTRU)
ashleymills 0:714293de3836 9051 haveRSA = 0;
ashleymills 0:714293de3836 9052
ashleymills 0:714293de3836 9053 if (CipherRequires(first, second, REQUIRES_RSA)) {
ashleymills 0:714293de3836 9054 CYASSL_MSG("Requires RSA");
ashleymills 0:714293de3836 9055 if (haveRSA == 0) {
ashleymills 0:714293de3836 9056 CYASSL_MSG("Don't have RSA");
ashleymills 0:714293de3836 9057 return 0;
ashleymills 0:714293de3836 9058 }
ashleymills 0:714293de3836 9059 }
ashleymills 0:714293de3836 9060
ashleymills 0:714293de3836 9061 if (CipherRequires(first, second, REQUIRES_DHE)) {
ashleymills 0:714293de3836 9062 CYASSL_MSG("Requires DHE");
ashleymills 0:714293de3836 9063 if (ssl->options.haveDH == 0) {
ashleymills 0:714293de3836 9064 CYASSL_MSG("Don't have DHE");
ashleymills 0:714293de3836 9065 return 0;
ashleymills 0:714293de3836 9066 }
ashleymills 0:714293de3836 9067 }
ashleymills 0:714293de3836 9068
ashleymills 0:714293de3836 9069 if (CipherRequires(first, second, REQUIRES_ECC_DSA)) {
ashleymills 0:714293de3836 9070 CYASSL_MSG("Requires ECCDSA");
ashleymills 0:714293de3836 9071 if (ssl->options.haveECDSAsig == 0) {
ashleymills 0:714293de3836 9072 CYASSL_MSG("Don't have ECCDSA");
ashleymills 0:714293de3836 9073 return 0;
ashleymills 0:714293de3836 9074 }
ashleymills 0:714293de3836 9075 }
ashleymills 0:714293de3836 9076
ashleymills 0:714293de3836 9077 if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
ashleymills 0:714293de3836 9078 CYASSL_MSG("Requires static ECC");
ashleymills 0:714293de3836 9079 if (ssl->options.haveStaticECC == 0) {
ashleymills 0:714293de3836 9080 CYASSL_MSG("Don't have static ECC");
ashleymills 0:714293de3836 9081 return 0;
ashleymills 0:714293de3836 9082 }
ashleymills 0:714293de3836 9083 }
ashleymills 0:714293de3836 9084
ashleymills 0:714293de3836 9085 if (CipherRequires(first, second, REQUIRES_PSK)) {
ashleymills 0:714293de3836 9086 CYASSL_MSG("Requires PSK");
ashleymills 0:714293de3836 9087 if (havePSK == 0) {
ashleymills 0:714293de3836 9088 CYASSL_MSG("Don't have PSK");
ashleymills 0:714293de3836 9089 return 0;
ashleymills 0:714293de3836 9090 }
ashleymills 0:714293de3836 9091 }
ashleymills 0:714293de3836 9092
ashleymills 0:714293de3836 9093 if (CipherRequires(first, second, REQUIRES_NTRU)) {
ashleymills 0:714293de3836 9094 CYASSL_MSG("Requires NTRU");
ashleymills 0:714293de3836 9095 if (ssl->options.haveNTRU == 0) {
ashleymills 0:714293de3836 9096 CYASSL_MSG("Don't have NTRU");
ashleymills 0:714293de3836 9097 return 0;
ashleymills 0:714293de3836 9098 }
ashleymills 0:714293de3836 9099 }
ashleymills 0:714293de3836 9100
ashleymills 0:714293de3836 9101 if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
ashleymills 0:714293de3836 9102 CYASSL_MSG("Requires RSA Signature");
ashleymills 0:714293de3836 9103 if (ssl->options.side == SERVER_END && ssl->options.haveECDSAsig == 1) {
ashleymills 0:714293de3836 9104 CYASSL_MSG("Don't have RSA Signature");
ashleymills 0:714293de3836 9105 return 0;
ashleymills 0:714293de3836 9106 }
ashleymills 0:714293de3836 9107 }
ashleymills 0:714293de3836 9108
ashleymills 0:714293de3836 9109 /* ECCDHE is always supported if ECC on */
ashleymills 0:714293de3836 9110
ashleymills 0:714293de3836 9111 return 1;
ashleymills 0:714293de3836 9112 }
ashleymills 0:714293de3836 9113
ashleymills 0:714293de3836 9114
ashleymills 0:714293de3836 9115 static int MatchSuite(CYASSL* ssl, Suites* peerSuites)
ashleymills 0:714293de3836 9116 {
ashleymills 0:714293de3836 9117 word16 i, j;
ashleymills 0:714293de3836 9118
ashleymills 0:714293de3836 9119 CYASSL_ENTER("MatchSuite");
ashleymills 0:714293de3836 9120
ashleymills 0:714293de3836 9121 /* & 0x1 equivalent % 2 */
ashleymills 0:714293de3836 9122 if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1)
ashleymills 0:714293de3836 9123 return MATCH_SUITE_ERROR;
ashleymills 0:714293de3836 9124
ashleymills 0:714293de3836 9125 if (ssl->suites == NULL)
ashleymills 0:714293de3836 9126 return SUITES_ERROR;
ashleymills 0:714293de3836 9127 /* start with best, if a match we are good */
ashleymills 0:714293de3836 9128 for (i = 0; i < ssl->suites->suiteSz; i += 2)
ashleymills 0:714293de3836 9129 for (j = 0; j < peerSuites->suiteSz; j += 2)
ashleymills 0:714293de3836 9130 if (ssl->suites->suites[i] == peerSuites->suites[j] &&
ashleymills 0:714293de3836 9131 ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
ashleymills 0:714293de3836 9132
ashleymills 0:714293de3836 9133 if (VerifySuite(ssl, i)) {
ashleymills 0:714293de3836 9134 int result;
ashleymills 0:714293de3836 9135 CYASSL_MSG("Verified suite validity");
ashleymills 0:714293de3836 9136 ssl->options.cipherSuite0 = ssl->suites->suites[i];
ashleymills 0:714293de3836 9137 ssl->options.cipherSuite = ssl->suites->suites[i+1];
ashleymills 0:714293de3836 9138 result = SetCipherSpecs(ssl);
ashleymills 0:714293de3836 9139 if (result == 0)
ashleymills 0:714293de3836 9140 PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
ashleymills 0:714293de3836 9141 peerSuites->hashSigAlgoSz);
ashleymills 0:714293de3836 9142 return result;
ashleymills 0:714293de3836 9143 }
ashleymills 0:714293de3836 9144 else {
ashleymills 0:714293de3836 9145 CYASSL_MSG("Could not verify suite validity, continue");
ashleymills 0:714293de3836 9146 }
ashleymills 0:714293de3836 9147 }
ashleymills 0:714293de3836 9148
ashleymills 0:714293de3836 9149 return MATCH_SUITE_ERROR;
ashleymills 0:714293de3836 9150 }
ashleymills 0:714293de3836 9151
ashleymills 0:714293de3836 9152
ashleymills 0:714293de3836 9153 /* process old style client hello, deprecate? */
ashleymills 0:714293de3836 9154 int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
ashleymills 0:714293de3836 9155 word32 inSz, word16 sz)
ashleymills 0:714293de3836 9156 {
ashleymills 0:714293de3836 9157 word32 idx = *inOutIdx;
ashleymills 0:714293de3836 9158 word16 sessionSz;
ashleymills 0:714293de3836 9159 word16 randomSz;
ashleymills 0:714293de3836 9160 word16 i, j;
ashleymills 0:714293de3836 9161 ProtocolVersion pv;
ashleymills 0:714293de3836 9162 Suites clSuites;
ashleymills 0:714293de3836 9163
ashleymills 0:714293de3836 9164 (void)inSz;
ashleymills 0:714293de3836 9165 CYASSL_MSG("Got old format client hello");
ashleymills 0:714293de3836 9166 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 9167 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 9168 AddPacketName("ClientHello", &ssl->handShakeInfo);
ashleymills 0:714293de3836 9169 if (ssl->toInfoOn)
ashleymills 0:714293de3836 9170 AddLateName("ClientHello", &ssl->timeoutInfo);
ashleymills 0:714293de3836 9171 #endif
ashleymills 0:714293de3836 9172
ashleymills 0:714293de3836 9173 /* manually hash input since different format */
ashleymills 0:714293de3836 9174 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 9175 #ifndef NO_MD5
ashleymills 0:714293de3836 9176 Md5Update(&ssl->hashMd5, input + idx, sz);
ashleymills 0:714293de3836 9177 #endif
ashleymills 0:714293de3836 9178 #ifndef NO_SHA
ashleymills 0:714293de3836 9179 ShaUpdate(&ssl->hashSha, input + idx, sz);
ashleymills 0:714293de3836 9180 #endif
ashleymills 0:714293de3836 9181 #endif
ashleymills 0:714293de3836 9182 #ifndef NO_SHA256
ashleymills 0:714293de3836 9183 if (IsAtLeastTLSv1_2(ssl))
ashleymills 0:714293de3836 9184 Sha256Update(&ssl->hashSha256, input + idx, sz);
ashleymills 0:714293de3836 9185 #endif
ashleymills 0:714293de3836 9186
ashleymills 0:714293de3836 9187 /* does this value mean client_hello? */
ashleymills 0:714293de3836 9188 idx++;
ashleymills 0:714293de3836 9189
ashleymills 0:714293de3836 9190 /* version */
ashleymills 0:714293de3836 9191 pv.major = input[idx++];
ashleymills 0:714293de3836 9192 pv.minor = input[idx++];
ashleymills 0:714293de3836 9193 ssl->chVersion = pv; /* store */
ashleymills 0:714293de3836 9194
ashleymills 0:714293de3836 9195 if (ssl->version.minor > pv.minor) {
ashleymills 0:714293de3836 9196 byte haveRSA = 0;
ashleymills 0:714293de3836 9197 byte havePSK = 0;
ashleymills 0:714293de3836 9198 if (!ssl->options.downgrade) {
ashleymills 0:714293de3836 9199 CYASSL_MSG("Client trying to connect with lesser version");
ashleymills 0:714293de3836 9200 return VERSION_ERROR;
ashleymills 0:714293de3836 9201 }
ashleymills 0:714293de3836 9202 if (pv.minor == SSLv3_MINOR) {
ashleymills 0:714293de3836 9203 /* turn off tls */
ashleymills 0:714293de3836 9204 CYASSL_MSG(" downgrading to SSLv3");
ashleymills 0:714293de3836 9205 ssl->options.tls = 0;
ashleymills 0:714293de3836 9206 ssl->options.tls1_1 = 0;
ashleymills 0:714293de3836 9207 ssl->version.minor = SSLv3_MINOR;
ashleymills 0:714293de3836 9208 }
ashleymills 0:714293de3836 9209 else if (pv.minor == TLSv1_MINOR) {
ashleymills 0:714293de3836 9210 CYASSL_MSG(" downgrading to TLSv1");
ashleymills 0:714293de3836 9211 /* turn off tls 1.1+ */
ashleymills 0:714293de3836 9212 ssl->options.tls1_1 = 0;
ashleymills 0:714293de3836 9213 ssl->version.minor = TLSv1_MINOR;
ashleymills 0:714293de3836 9214 }
ashleymills 0:714293de3836 9215 else if (pv.minor == TLSv1_1_MINOR) {
ashleymills 0:714293de3836 9216 CYASSL_MSG(" downgrading to TLSv1.1");
ashleymills 0:714293de3836 9217 ssl->version.minor = TLSv1_1_MINOR;
ashleymills 0:714293de3836 9218 }
ashleymills 0:714293de3836 9219 #ifndef NO_RSA
ashleymills 0:714293de3836 9220 haveRSA = 1;
ashleymills 0:714293de3836 9221 #endif
ashleymills 0:714293de3836 9222 #ifndef NO_PSK
ashleymills 0:714293de3836 9223 havePSK = ssl->options.havePSK;
ashleymills 0:714293de3836 9224 #endif
ashleymills 0:714293de3836 9225
ashleymills 0:714293de3836 9226 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
ashleymills 0:714293de3836 9227 ssl->options.haveDH, ssl->options.haveNTRU,
ashleymills 0:714293de3836 9228 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ashleymills 0:714293de3836 9229 ssl->options.side);
ashleymills 0:714293de3836 9230 }
ashleymills 0:714293de3836 9231
ashleymills 0:714293de3836 9232 /* suite size */
ashleymills 0:714293de3836 9233 ato16(&input[idx], &clSuites.suiteSz);
ashleymills 0:714293de3836 9234 idx += 2;
ashleymills 0:714293de3836 9235
ashleymills 0:714293de3836 9236 if (clSuites.suiteSz > MAX_SUITE_SZ)
ashleymills 0:714293de3836 9237 return BUFFER_ERROR;
ashleymills 0:714293de3836 9238
ashleymills 0:714293de3836 9239 /* session size */
ashleymills 0:714293de3836 9240 ato16(&input[idx], &sessionSz);
ashleymills 0:714293de3836 9241 idx += 2;
ashleymills 0:714293de3836 9242
ashleymills 0:714293de3836 9243 if (sessionSz > ID_LEN)
ashleymills 0:714293de3836 9244 return BUFFER_ERROR;
ashleymills 0:714293de3836 9245
ashleymills 0:714293de3836 9246 /* random size */
ashleymills 0:714293de3836 9247 ato16(&input[idx], &randomSz);
ashleymills 0:714293de3836 9248 idx += 2;
ashleymills 0:714293de3836 9249
ashleymills 0:714293de3836 9250 if (randomSz > RAN_LEN)
ashleymills 0:714293de3836 9251 return BUFFER_ERROR;
ashleymills 0:714293de3836 9252
ashleymills 0:714293de3836 9253 /* suites */
ashleymills 0:714293de3836 9254 for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) {
ashleymills 0:714293de3836 9255 byte first = input[idx++];
ashleymills 0:714293de3836 9256 if (!first) { /* implicit: skip sslv2 type */
ashleymills 0:714293de3836 9257 XMEMCPY(&clSuites.suites[j], &input[idx], 2);
ashleymills 0:714293de3836 9258 j += 2;
ashleymills 0:714293de3836 9259 }
ashleymills 0:714293de3836 9260 idx += 2;
ashleymills 0:714293de3836 9261 }
ashleymills 0:714293de3836 9262 clSuites.suiteSz = j;
ashleymills 0:714293de3836 9263
ashleymills 0:714293de3836 9264 /* session id */
ashleymills 0:714293de3836 9265 if (sessionSz) {
ashleymills 0:714293de3836 9266 XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
ashleymills 0:714293de3836 9267 idx += sessionSz;
ashleymills 0:714293de3836 9268 ssl->options.resuming = 1;
ashleymills 0:714293de3836 9269 }
ashleymills 0:714293de3836 9270
ashleymills 0:714293de3836 9271 /* random */
ashleymills 0:714293de3836 9272 if (randomSz < RAN_LEN)
ashleymills 0:714293de3836 9273 XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz);
ashleymills 0:714293de3836 9274 XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx,
ashleymills 0:714293de3836 9275 randomSz);
ashleymills 0:714293de3836 9276 idx += randomSz;
ashleymills 0:714293de3836 9277
ashleymills 0:714293de3836 9278 if (ssl->options.usingCompression)
ashleymills 0:714293de3836 9279 ssl->options.usingCompression = 0; /* turn off */
ashleymills 0:714293de3836 9280
ashleymills 0:714293de3836 9281 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
ashleymills 0:714293de3836 9282 *inOutIdx = idx;
ashleymills 0:714293de3836 9283
ashleymills 0:714293de3836 9284 ssl->options.haveSessionId = 1;
ashleymills 0:714293de3836 9285 /* DoClientHello uses same resume code */
ashleymills 0:714293de3836 9286 if (ssl->options.resuming) { /* let's try */
ashleymills 0:714293de3836 9287 int ret = -1;
ashleymills 0:714293de3836 9288 CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
ashleymills 0:714293de3836 9289 if (!session) {
ashleymills 0:714293de3836 9290 CYASSL_MSG("Session lookup for resume failed");
ashleymills 0:714293de3836 9291 ssl->options.resuming = 0;
ashleymills 0:714293de3836 9292 } else {
ashleymills 0:714293de3836 9293 if (MatchSuite(ssl, &clSuites) < 0) {
ashleymills 0:714293de3836 9294 CYASSL_MSG("Unsupported cipher suite, OldClientHello");
ashleymills 0:714293de3836 9295 return UNSUPPORTED_SUITE;
ashleymills 0:714293de3836 9296 }
ashleymills 0:714293de3836 9297 #ifdef SESSION_CERTS
ashleymills 0:714293de3836 9298 ssl->session = *session; /* restore session certs. */
ashleymills 0:714293de3836 9299 #endif
ashleymills 0:714293de3836 9300 RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 9301 #ifdef NO_OLD_TLS
ashleymills 0:714293de3836 9302 ret = DeriveTlsKeys(ssl);
ashleymills 0:714293de3836 9303 #else
ashleymills 0:714293de3836 9304 #ifndef NO_TLS
ashleymills 0:714293de3836 9305 if (ssl->options.tls)
ashleymills 0:714293de3836 9306 ret = DeriveTlsKeys(ssl);
ashleymills 0:714293de3836 9307 #endif
ashleymills 0:714293de3836 9308 if (!ssl->options.tls)
ashleymills 0:714293de3836 9309 ret = DeriveKeys(ssl);
ashleymills 0:714293de3836 9310 #endif
ashleymills 0:714293de3836 9311 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
ashleymills 0:714293de3836 9312
ashleymills 0:714293de3836 9313 return ret;
ashleymills 0:714293de3836 9314 }
ashleymills 0:714293de3836 9315 }
ashleymills 0:714293de3836 9316
ashleymills 0:714293de3836 9317 return MatchSuite(ssl, &clSuites);
ashleymills 0:714293de3836 9318 }
ashleymills 0:714293de3836 9319
ashleymills 0:714293de3836 9320
ashleymills 0:714293de3836 9321 static int DoClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
ashleymills 0:714293de3836 9322 word32 totalSz, word32 helloSz)
ashleymills 0:714293de3836 9323 {
ashleymills 0:714293de3836 9324 byte b;
ashleymills 0:714293de3836 9325 ProtocolVersion pv;
ashleymills 0:714293de3836 9326 Suites clSuites;
ashleymills 0:714293de3836 9327 word32 i = *inOutIdx;
ashleymills 0:714293de3836 9328 word32 begin = i;
ashleymills 0:714293de3836 9329
ashleymills 0:714293de3836 9330 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 9331 if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
ashleymills 0:714293de3836 9332 if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
ashleymills 0:714293de3836 9333 #endif
ashleymills 0:714293de3836 9334 /* make sure can read up to session */
ashleymills 0:714293de3836 9335 if (i + sizeof(pv) + RAN_LEN + ENUM_LEN > totalSz)
ashleymills 0:714293de3836 9336 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9337
ashleymills 0:714293de3836 9338 XMEMCPY(&pv, input + i, sizeof(pv));
ashleymills 0:714293de3836 9339 ssl->chVersion = pv; /* store */
ashleymills 0:714293de3836 9340 i += (word32)sizeof(pv);
ashleymills 0:714293de3836 9341 if (ssl->version.minor > pv.minor) {
ashleymills 0:714293de3836 9342 byte haveRSA = 0;
ashleymills 0:714293de3836 9343 byte havePSK = 0;
ashleymills 0:714293de3836 9344 if (!ssl->options.downgrade) {
ashleymills 0:714293de3836 9345 CYASSL_MSG("Client trying to connect with lesser version");
ashleymills 0:714293de3836 9346 return VERSION_ERROR;
ashleymills 0:714293de3836 9347 }
ashleymills 0:714293de3836 9348 if (pv.minor == SSLv3_MINOR) {
ashleymills 0:714293de3836 9349 /* turn off tls */
ashleymills 0:714293de3836 9350 CYASSL_MSG(" downgrading to SSLv3");
ashleymills 0:714293de3836 9351 ssl->options.tls = 0;
ashleymills 0:714293de3836 9352 ssl->options.tls1_1 = 0;
ashleymills 0:714293de3836 9353 ssl->version.minor = SSLv3_MINOR;
ashleymills 0:714293de3836 9354 }
ashleymills 0:714293de3836 9355 else if (pv.minor == TLSv1_MINOR) {
ashleymills 0:714293de3836 9356 /* turn off tls 1.1+ */
ashleymills 0:714293de3836 9357 CYASSL_MSG(" downgrading to TLSv1");
ashleymills 0:714293de3836 9358 ssl->options.tls1_1 = 0;
ashleymills 0:714293de3836 9359 ssl->version.minor = TLSv1_MINOR;
ashleymills 0:714293de3836 9360 }
ashleymills 0:714293de3836 9361 else if (pv.minor == TLSv1_1_MINOR) {
ashleymills 0:714293de3836 9362 CYASSL_MSG(" downgrading to TLSv1.1");
ashleymills 0:714293de3836 9363 ssl->version.minor = TLSv1_1_MINOR;
ashleymills 0:714293de3836 9364 }
ashleymills 0:714293de3836 9365 #ifndef NO_RSA
ashleymills 0:714293de3836 9366 haveRSA = 1;
ashleymills 0:714293de3836 9367 #endif
ashleymills 0:714293de3836 9368 #ifndef NO_PSK
ashleymills 0:714293de3836 9369 havePSK = ssl->options.havePSK;
ashleymills 0:714293de3836 9370 #endif
ashleymills 0:714293de3836 9371 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
ashleymills 0:714293de3836 9372 ssl->options.haveDH, ssl->options.haveNTRU,
ashleymills 0:714293de3836 9373 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ashleymills 0:714293de3836 9374 ssl->options.side);
ashleymills 0:714293de3836 9375 }
ashleymills 0:714293de3836 9376 /* random */
ashleymills 0:714293de3836 9377 XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
ashleymills 0:714293de3836 9378 i += RAN_LEN;
ashleymills 0:714293de3836 9379
ashleymills 0:714293de3836 9380 #ifdef SHOW_SECRETS
ashleymills 0:714293de3836 9381 {
ashleymills 0:714293de3836 9382 int j;
ashleymills 0:714293de3836 9383 printf("client random: ");
ashleymills 0:714293de3836 9384 for (j = 0; j < RAN_LEN; j++)
ashleymills 0:714293de3836 9385 printf("%02x", ssl->arrays->clientRandom[j]);
ashleymills 0:714293de3836 9386 printf("\n");
ashleymills 0:714293de3836 9387 }
ashleymills 0:714293de3836 9388 #endif
ashleymills 0:714293de3836 9389 /* session id */
ashleymills 0:714293de3836 9390 b = input[i++];
ashleymills 0:714293de3836 9391 if (b) {
ashleymills 0:714293de3836 9392 if (i + ID_LEN > totalSz)
ashleymills 0:714293de3836 9393 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9394 XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
ashleymills 0:714293de3836 9395 i += b;
ashleymills 0:714293de3836 9396 ssl->options.resuming= 1; /* client wants to resume */
ashleymills 0:714293de3836 9397 CYASSL_MSG("Client wants to resume session");
ashleymills 0:714293de3836 9398 }
ashleymills 0:714293de3836 9399
ashleymills 0:714293de3836 9400 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 9401 /* cookie */
ashleymills 0:714293de3836 9402 if (ssl->options.dtls) {
ashleymills 0:714293de3836 9403 b = input[i++];
ashleymills 0:714293de3836 9404 if (b) {
ashleymills 0:714293de3836 9405 byte cookie[MAX_COOKIE_LEN];
ashleymills 0:714293de3836 9406
ashleymills 0:714293de3836 9407 if (b > MAX_COOKIE_LEN)
ashleymills 0:714293de3836 9408 return BUFFER_ERROR;
ashleymills 0:714293de3836 9409 if (i + b > totalSz)
ashleymills 0:714293de3836 9410 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9411 if (ssl->ctx->CBIOCookie == NULL) {
ashleymills 0:714293de3836 9412 CYASSL_MSG("Your Cookie callback is null, please set");
ashleymills 0:714293de3836 9413 return COOKIE_ERROR;
ashleymills 0:714293de3836 9414 }
ashleymills 0:714293de3836 9415 if ((ssl->ctx->CBIOCookie(ssl, cookie, COOKIE_SZ,
ashleymills 0:714293de3836 9416 ssl->IOCB_CookieCtx) != COOKIE_SZ)
ashleymills 0:714293de3836 9417 || (b != COOKIE_SZ)
ashleymills 0:714293de3836 9418 || (XMEMCMP(cookie, input + i, b) != 0)) {
ashleymills 0:714293de3836 9419 return COOKIE_ERROR;
ashleymills 0:714293de3836 9420 }
ashleymills 0:714293de3836 9421 i += b;
ashleymills 0:714293de3836 9422 }
ashleymills 0:714293de3836 9423 }
ashleymills 0:714293de3836 9424 #endif
ashleymills 0:714293de3836 9425
ashleymills 0:714293de3836 9426 if (i + LENGTH_SZ > totalSz)
ashleymills 0:714293de3836 9427 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9428 /* suites */
ashleymills 0:714293de3836 9429 ato16(&input[i], &clSuites.suiteSz);
ashleymills 0:714293de3836 9430 i += 2;
ashleymills 0:714293de3836 9431
ashleymills 0:714293de3836 9432 /* suites and comp len */
ashleymills 0:714293de3836 9433 if (i + clSuites.suiteSz + ENUM_LEN > totalSz)
ashleymills 0:714293de3836 9434 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9435 if (clSuites.suiteSz > MAX_SUITE_SZ)
ashleymills 0:714293de3836 9436 return BUFFER_ERROR;
ashleymills 0:714293de3836 9437 XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
ashleymills 0:714293de3836 9438 i += clSuites.suiteSz;
ashleymills 0:714293de3836 9439 clSuites.hashSigAlgoSz = 0;
ashleymills 0:714293de3836 9440
ashleymills 0:714293de3836 9441 b = input[i++]; /* comp len */
ashleymills 0:714293de3836 9442 if (i + b > totalSz)
ashleymills 0:714293de3836 9443 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9444
ashleymills 0:714293de3836 9445 if (ssl->options.usingCompression) {
ashleymills 0:714293de3836 9446 int match = 0;
ashleymills 0:714293de3836 9447 while (b--) {
ashleymills 0:714293de3836 9448 byte comp = input[i++];
ashleymills 0:714293de3836 9449 if (comp == ZLIB_COMPRESSION)
ashleymills 0:714293de3836 9450 match = 1;
ashleymills 0:714293de3836 9451 }
ashleymills 0:714293de3836 9452 if (!match) {
ashleymills 0:714293de3836 9453 CYASSL_MSG("Not matching compression, turning off");
ashleymills 0:714293de3836 9454 ssl->options.usingCompression = 0; /* turn off */
ashleymills 0:714293de3836 9455 }
ashleymills 0:714293de3836 9456 }
ashleymills 0:714293de3836 9457 else
ashleymills 0:714293de3836 9458 i += b; /* ignore, since we're not on */
ashleymills 0:714293de3836 9459
ashleymills 0:714293de3836 9460 *inOutIdx = i;
ashleymills 0:714293de3836 9461 if ( (i - begin) < helloSz) {
ashleymills 0:714293de3836 9462 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 9463 if (IsTLS(ssl)) {
ashleymills 0:714293de3836 9464 int ret = 0;
ashleymills 0:714293de3836 9465 #else
ashleymills 0:714293de3836 9466 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 9467 #endif
ashleymills 0:714293de3836 9468 /* Process the hello extension. Skip unsupported. */
ashleymills 0:714293de3836 9469 word16 totalExtSz;
ashleymills 0:714293de3836 9470
ashleymills 0:714293de3836 9471 ato16(&input[i], &totalExtSz);
ashleymills 0:714293de3836 9472 i += LENGTH_SZ;
ashleymills 0:714293de3836 9473 if (totalExtSz > helloSz + begin - i)
ashleymills 0:714293de3836 9474 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9475
ashleymills 0:714293de3836 9476 #ifdef HAVE_TLS_EXTENSIONS
ashleymills 0:714293de3836 9477 if ((ret = TLSX_Parse(ssl, (byte *) input + i,
ashleymills 0:714293de3836 9478 totalExtSz, 1, &clSuites)))
ashleymills 0:714293de3836 9479 return ret;
ashleymills 0:714293de3836 9480
ashleymills 0:714293de3836 9481 i += totalExtSz;
ashleymills 0:714293de3836 9482 #else
ashleymills 0:714293de3836 9483 while (totalExtSz) {
ashleymills 0:714293de3836 9484 word16 extId, extSz;
ashleymills 0:714293de3836 9485
ashleymills 0:714293de3836 9486 ato16(&input[i], &extId);
ashleymills 0:714293de3836 9487 i += LENGTH_SZ;
ashleymills 0:714293de3836 9488 ato16(&input[i], &extSz);
ashleymills 0:714293de3836 9489 i += EXT_ID_SZ;
ashleymills 0:714293de3836 9490 if (extSz > totalExtSz - LENGTH_SZ - EXT_ID_SZ)
ashleymills 0:714293de3836 9491 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9492
ashleymills 0:714293de3836 9493 if (extId == HELLO_EXT_SIG_ALGO) {
ashleymills 0:714293de3836 9494 ato16(&input[i], &clSuites.hashSigAlgoSz);
ashleymills 0:714293de3836 9495 i += LENGTH_SZ;
ashleymills 0:714293de3836 9496 if (clSuites.hashSigAlgoSz > extSz - LENGTH_SZ)
ashleymills 0:714293de3836 9497 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9498
ashleymills 0:714293de3836 9499 XMEMCPY(clSuites.hashSigAlgo, &input[i],
ashleymills 0:714293de3836 9500 min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
ashleymills 0:714293de3836 9501 i += clSuites.hashSigAlgoSz;
ashleymills 0:714293de3836 9502 }
ashleymills 0:714293de3836 9503 else
ashleymills 0:714293de3836 9504 i += extSz;
ashleymills 0:714293de3836 9505
ashleymills 0:714293de3836 9506 totalExtSz -= LENGTH_SZ + EXT_ID_SZ + extSz;
ashleymills 0:714293de3836 9507 }
ashleymills 0:714293de3836 9508 #endif
ashleymills 0:714293de3836 9509 *inOutIdx = i;
ashleymills 0:714293de3836 9510 }
ashleymills 0:714293de3836 9511 else
ashleymills 0:714293de3836 9512 *inOutIdx = begin + helloSz; /* skip extensions */
ashleymills 0:714293de3836 9513 }
ashleymills 0:714293de3836 9514
ashleymills 0:714293de3836 9515 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
ashleymills 0:714293de3836 9516
ashleymills 0:714293de3836 9517 ssl->options.haveSessionId = 1;
ashleymills 0:714293de3836 9518 /* ProcessOld uses same resume code */
ashleymills 0:714293de3836 9519 if (ssl->options.resuming && (!ssl->options.dtls ||
ashleymills 0:714293de3836 9520 ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
ashleymills 0:714293de3836 9521 int ret = -1;
ashleymills 0:714293de3836 9522 CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
ashleymills 0:714293de3836 9523 if (!session) {
ashleymills 0:714293de3836 9524 CYASSL_MSG("Session lookup for resume failed");
ashleymills 0:714293de3836 9525 ssl->options.resuming = 0;
ashleymills 0:714293de3836 9526 } else {
ashleymills 0:714293de3836 9527 if (MatchSuite(ssl, &clSuites) < 0) {
ashleymills 0:714293de3836 9528 CYASSL_MSG("Unsupported cipher suite, ClientHello");
ashleymills 0:714293de3836 9529 return UNSUPPORTED_SUITE;
ashleymills 0:714293de3836 9530 }
ashleymills 0:714293de3836 9531 #ifdef SESSION_CERTS
ashleymills 0:714293de3836 9532 ssl->session = *session; /* restore session certs. */
ashleymills 0:714293de3836 9533 #endif
ashleymills 0:714293de3836 9534 RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
ashleymills 0:714293de3836 9535 #ifdef NO_OLD_TLS
ashleymills 0:714293de3836 9536 ret = DeriveTlsKeys(ssl);
ashleymills 0:714293de3836 9537 #else
ashleymills 0:714293de3836 9538 #ifndef NO_TLS
ashleymills 0:714293de3836 9539 if (ssl->options.tls)
ashleymills 0:714293de3836 9540 ret = DeriveTlsKeys(ssl);
ashleymills 0:714293de3836 9541 #endif
ashleymills 0:714293de3836 9542 if (!ssl->options.tls)
ashleymills 0:714293de3836 9543 ret = DeriveKeys(ssl);
ashleymills 0:714293de3836 9544 #endif
ashleymills 0:714293de3836 9545 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
ashleymills 0:714293de3836 9546
ashleymills 0:714293de3836 9547 return ret;
ashleymills 0:714293de3836 9548 }
ashleymills 0:714293de3836 9549 }
ashleymills 0:714293de3836 9550 return MatchSuite(ssl, &clSuites);
ashleymills 0:714293de3836 9551 }
ashleymills 0:714293de3836 9552
ashleymills 0:714293de3836 9553 #if !defined(NO_RSA) || defined(HAVE_ECC)
ashleymills 0:714293de3836 9554 static int DoCertificateVerify(CYASSL* ssl, byte* input, word32* inOutsz,
ashleymills 0:714293de3836 9555 word32 totalSz)
ashleymills 0:714293de3836 9556 {
ashleymills 0:714293de3836 9557 word16 sz = 0;
ashleymills 0:714293de3836 9558 word32 i = *inOutsz;
ashleymills 0:714293de3836 9559 int ret = VERIFY_CERT_ERROR; /* start in error state */
ashleymills 0:714293de3836 9560 byte* sig;
ashleymills 0:714293de3836 9561 byte hashAlgo = sha_mac;
ashleymills 0:714293de3836 9562 byte sigAlgo = anonymous_sa_algo;
ashleymills 0:714293de3836 9563
ashleymills 0:714293de3836 9564 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 9565 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 9566 AddPacketName("CertificateVerify", &ssl->handShakeInfo);
ashleymills 0:714293de3836 9567 if (ssl->toInfoOn)
ashleymills 0:714293de3836 9568 AddLateName("CertificateVerify", &ssl->timeoutInfo);
ashleymills 0:714293de3836 9569 #endif
ashleymills 0:714293de3836 9570 if ( (i + VERIFY_HEADER) > totalSz)
ashleymills 0:714293de3836 9571 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9572
ashleymills 0:714293de3836 9573 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 9574 hashAlgo = input[i++];
ashleymills 0:714293de3836 9575 sigAlgo = input[i++];
ashleymills 0:714293de3836 9576 }
ashleymills 0:714293de3836 9577 ato16(&input[i], &sz);
ashleymills 0:714293de3836 9578 i += VERIFY_HEADER;
ashleymills 0:714293de3836 9579
ashleymills 0:714293de3836 9580 if ( (i + sz) > totalSz)
ashleymills 0:714293de3836 9581 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9582
ashleymills 0:714293de3836 9583 if (sz > ENCRYPT_LEN)
ashleymills 0:714293de3836 9584 return BUFFER_ERROR;
ashleymills 0:714293de3836 9585
ashleymills 0:714293de3836 9586 sig = &input[i];
ashleymills 0:714293de3836 9587 *inOutsz = i + sz;
ashleymills 0:714293de3836 9588
ashleymills 0:714293de3836 9589 /* RSA */
ashleymills 0:714293de3836 9590 #ifndef NO_RSA
ashleymills 0:714293de3836 9591 if (ssl->peerRsaKeyPresent != 0) {
ashleymills 0:714293de3836 9592 byte* out;
ashleymills 0:714293de3836 9593 int outLen;
ashleymills 0:714293de3836 9594
ashleymills 0:714293de3836 9595 CYASSL_MSG("Doing RSA peer cert verify");
ashleymills 0:714293de3836 9596
ashleymills 0:714293de3836 9597 outLen = RsaSSL_VerifyInline(sig, sz, &out, ssl->peerRsaKey);
ashleymills 0:714293de3836 9598
ashleymills 0:714293de3836 9599 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 9600 byte encodedSig[MAX_ENCODED_SIG_SZ];
ashleymills 0:714293de3836 9601 word32 sigSz;
ashleymills 0:714293de3836 9602 byte* digest = ssl->certHashes.sha;
ashleymills 0:714293de3836 9603 int typeH = SHAh;
ashleymills 0:714293de3836 9604 int digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 9605
ashleymills 0:714293de3836 9606 if (sigAlgo != rsa_sa_algo) {
ashleymills 0:714293de3836 9607 CYASSL_MSG("Oops, peer sent RSA key but not in verify");
ashleymills 0:714293de3836 9608 }
ashleymills 0:714293de3836 9609
ashleymills 0:714293de3836 9610 if (hashAlgo == sha256_mac) {
ashleymills 0:714293de3836 9611 #ifndef NO_SHA256
ashleymills 0:714293de3836 9612 digest = ssl->certHashes.sha256;
ashleymills 0:714293de3836 9613 typeH = SHA256h;
ashleymills 0:714293de3836 9614 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 9615 #endif
ashleymills 0:714293de3836 9616 }
ashleymills 0:714293de3836 9617 else if (hashAlgo == sha384_mac) {
ashleymills 0:714293de3836 9618 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 9619 digest = ssl->certHashes.sha384;
ashleymills 0:714293de3836 9620 typeH = SHA384h;
ashleymills 0:714293de3836 9621 digestSz = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 9622 #endif
ashleymills 0:714293de3836 9623 }
ashleymills 0:714293de3836 9624
ashleymills 0:714293de3836 9625 sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
ashleymills 0:714293de3836 9626
ashleymills 0:714293de3836 9627 if (outLen == (int)sigSz && XMEMCMP(out, encodedSig,
ashleymills 0:714293de3836 9628 min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
ashleymills 0:714293de3836 9629 ret = 0; /* verified */
ashleymills 0:714293de3836 9630 }
ashleymills 0:714293de3836 9631 else {
ashleymills 0:714293de3836 9632 if (outLen == FINISHED_SZ && XMEMCMP(out,
ashleymills 0:714293de3836 9633 &ssl->certHashes, FINISHED_SZ) == 0)
ashleymills 0:714293de3836 9634 ret = 0; /* verified */
ashleymills 0:714293de3836 9635 }
ashleymills 0:714293de3836 9636 }
ashleymills 0:714293de3836 9637 #endif
ashleymills 0:714293de3836 9638 #ifdef HAVE_ECC
ashleymills 0:714293de3836 9639 if (ssl->peerEccDsaKeyPresent) {
ashleymills 0:714293de3836 9640 int verify = 0;
ashleymills 0:714293de3836 9641 int err = -1;
ashleymills 0:714293de3836 9642 byte* digest = ssl->certHashes.sha;
ashleymills 0:714293de3836 9643 word32 digestSz = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 9644
ashleymills 0:714293de3836 9645 CYASSL_MSG("Doing ECC peer cert verify");
ashleymills 0:714293de3836 9646
ashleymills 0:714293de3836 9647 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 9648 if (sigAlgo != ecc_dsa_sa_algo) {
ashleymills 0:714293de3836 9649 CYASSL_MSG("Oops, peer sent ECC key but not in verify");
ashleymills 0:714293de3836 9650 }
ashleymills 0:714293de3836 9651 if (hashAlgo == sha256_mac) {
ashleymills 0:714293de3836 9652 #ifndef NO_SHA256
ashleymills 0:714293de3836 9653 digest = ssl->certHashes.sha256;
ashleymills 0:714293de3836 9654 digestSz = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 9655 #endif
ashleymills 0:714293de3836 9656 }
ashleymills 0:714293de3836 9657 else if (hashAlgo == sha384_mac) {
ashleymills 0:714293de3836 9658 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 9659 digest = ssl->certHashes.sha384;
ashleymills 0:714293de3836 9660 digestSz = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 9661 #endif
ashleymills 0:714293de3836 9662 }
ashleymills 0:714293de3836 9663 }
ashleymills 0:714293de3836 9664 err = ecc_verify_hash(sig, sz, digest, digestSz,
ashleymills 0:714293de3836 9665 &verify, ssl->peerEccDsaKey);
ashleymills 0:714293de3836 9666
ashleymills 0:714293de3836 9667 if (err == 0 && verify == 1)
ashleymills 0:714293de3836 9668 ret = 0; /* verified */
ashleymills 0:714293de3836 9669 }
ashleymills 0:714293de3836 9670 #endif
ashleymills 0:714293de3836 9671 if (ret == 0)
ashleymills 0:714293de3836 9672 ssl->options.havePeerVerify = 1;
ashleymills 0:714293de3836 9673
ashleymills 0:714293de3836 9674 return ret;
ashleymills 0:714293de3836 9675 }
ashleymills 0:714293de3836 9676 #endif /* !NO_RSA || HAVE_ECC */
ashleymills 0:714293de3836 9677
ashleymills 0:714293de3836 9678 int SendServerHelloDone(CYASSL* ssl)
ashleymills 0:714293de3836 9679 {
ashleymills 0:714293de3836 9680 byte *output;
ashleymills 0:714293de3836 9681 int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 9682 int ret;
ashleymills 0:714293de3836 9683
ashleymills 0:714293de3836 9684 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 9685 if (ssl->options.dtls)
ashleymills 0:714293de3836 9686 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
ashleymills 0:714293de3836 9687 #endif
ashleymills 0:714293de3836 9688 /* check for available size */
ashleymills 0:714293de3836 9689 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
ashleymills 0:714293de3836 9690 return ret;
ashleymills 0:714293de3836 9691
ashleymills 0:714293de3836 9692 /* get ouput buffer */
ashleymills 0:714293de3836 9693 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 9694 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 9695
ashleymills 0:714293de3836 9696 AddHeaders(output, 0, server_hello_done, ssl);
ashleymills 0:714293de3836 9697
ashleymills 0:714293de3836 9698 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 9699 if (ssl->options.dtls) {
ashleymills 0:714293de3836 9700 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
ashleymills 0:714293de3836 9701 return 0;
ashleymills 0:714293de3836 9702 }
ashleymills 0:714293de3836 9703 #endif
ashleymills 0:714293de3836 9704 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 9705 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 9706 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 9707 AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
ashleymills 0:714293de3836 9708 if (ssl->toInfoOn)
ashleymills 0:714293de3836 9709 AddPacketInfo("ServerHelloDone", &ssl->timeoutInfo, output, sendSz,
ashleymills 0:714293de3836 9710 ssl->heap);
ashleymills 0:714293de3836 9711 #endif
ashleymills 0:714293de3836 9712 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
ashleymills 0:714293de3836 9713
ashleymills 0:714293de3836 9714 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 9715
ashleymills 0:714293de3836 9716 return SendBuffered(ssl);
ashleymills 0:714293de3836 9717 }
ashleymills 0:714293de3836 9718
ashleymills 0:714293de3836 9719 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 9720 int SendHelloVerifyRequest(CYASSL* ssl)
ashleymills 0:714293de3836 9721 {
ashleymills 0:714293de3836 9722 byte* output;
ashleymills 0:714293de3836 9723 byte cookieSz = COOKIE_SZ;
ashleymills 0:714293de3836 9724 int length = VERSION_SZ + ENUM_LEN + cookieSz;
ashleymills 0:714293de3836 9725 int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
ashleymills 0:714293de3836 9726 int sendSz = length + idx;
ashleymills 0:714293de3836 9727 int ret;
ashleymills 0:714293de3836 9728
ashleymills 0:714293de3836 9729 /* check for available size */
ashleymills 0:714293de3836 9730 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
ashleymills 0:714293de3836 9731 return ret;
ashleymills 0:714293de3836 9732
ashleymills 0:714293de3836 9733 /* get ouput buffer */
ashleymills 0:714293de3836 9734 output = ssl->buffers.outputBuffer.buffer +
ashleymills 0:714293de3836 9735 ssl->buffers.outputBuffer.length;
ashleymills 0:714293de3836 9736
ashleymills 0:714293de3836 9737 AddHeaders(output, length, hello_verify_request, ssl);
ashleymills 0:714293de3836 9738
ashleymills 0:714293de3836 9739 output[idx++] = ssl->chVersion.major;
ashleymills 0:714293de3836 9740 output[idx++] = ssl->chVersion.minor;
ashleymills 0:714293de3836 9741
ashleymills 0:714293de3836 9742 output[idx++] = cookieSz;
ashleymills 0:714293de3836 9743 if (ssl->ctx->CBIOCookie == NULL) {
ashleymills 0:714293de3836 9744 CYASSL_MSG("Your Cookie callback is null, please set");
ashleymills 0:714293de3836 9745 return COOKIE_ERROR;
ashleymills 0:714293de3836 9746 }
ashleymills 0:714293de3836 9747 if ((ret = ssl->ctx->CBIOCookie(ssl, output + idx, cookieSz,
ashleymills 0:714293de3836 9748 ssl->IOCB_CookieCtx)) < 0)
ashleymills 0:714293de3836 9749 return ret;
ashleymills 0:714293de3836 9750
ashleymills 0:714293de3836 9751 HashOutput(ssl, output, sendSz, 0);
ashleymills 0:714293de3836 9752 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 9753 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 9754 AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo);
ashleymills 0:714293de3836 9755 if (ssl->toInfoOn)
ashleymills 0:714293de3836 9756 AddPacketInfo("HelloVerifyRequest", &ssl->timeoutInfo, output,
ashleymills 0:714293de3836 9757 sendSz, ssl->heap);
ashleymills 0:714293de3836 9758 #endif
ashleymills 0:714293de3836 9759 ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
ashleymills 0:714293de3836 9760
ashleymills 0:714293de3836 9761 ssl->buffers.outputBuffer.length += sendSz;
ashleymills 0:714293de3836 9762
ashleymills 0:714293de3836 9763 return SendBuffered(ssl);
ashleymills 0:714293de3836 9764 }
ashleymills 0:714293de3836 9765 #endif
ashleymills 0:714293de3836 9766
ashleymills 0:714293de3836 9767 static int DoClientKeyExchange(CYASSL* ssl, byte* input,
ashleymills 0:714293de3836 9768 word32* inOutIdx, word32 totalSz)
ashleymills 0:714293de3836 9769 {
ashleymills 0:714293de3836 9770 int ret = 0;
ashleymills 0:714293de3836 9771 word32 length = 0;
ashleymills 0:714293de3836 9772 byte* out = NULL;
ashleymills 0:714293de3836 9773
ashleymills 0:714293de3836 9774 (void)length; /* shut up compiler warnings */
ashleymills 0:714293de3836 9775 (void)out;
ashleymills 0:714293de3836 9776 (void)input;
ashleymills 0:714293de3836 9777 (void)inOutIdx;
ashleymills 0:714293de3836 9778 (void)totalSz;
ashleymills 0:714293de3836 9779
ashleymills 0:714293de3836 9780 if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
ashleymills 0:714293de3836 9781 CYASSL_MSG("Client sending keyexchange at wrong time");
ashleymills 0:714293de3836 9782 SendAlert(ssl, alert_fatal, unexpected_message);
ashleymills 0:714293de3836 9783 return OUT_OF_ORDER_E;
ashleymills 0:714293de3836 9784 }
ashleymills 0:714293de3836 9785
ashleymills 0:714293de3836 9786 #ifndef NO_CERTS
ashleymills 0:714293de3836 9787 if (ssl->options.verifyPeer && ssl->options.failNoCert)
ashleymills 0:714293de3836 9788 if (!ssl->options.havePeerCert) {
ashleymills 0:714293de3836 9789 CYASSL_MSG("client didn't present peer cert");
ashleymills 0:714293de3836 9790 return NO_PEER_CERT;
ashleymills 0:714293de3836 9791 }
ashleymills 0:714293de3836 9792 #endif
ashleymills 0:714293de3836 9793
ashleymills 0:714293de3836 9794 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 9795 if (ssl->hsInfoOn)
ashleymills 0:714293de3836 9796 AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
ashleymills 0:714293de3836 9797 if (ssl->toInfoOn)
ashleymills 0:714293de3836 9798 AddLateName("ClientKeyExchange", &ssl->timeoutInfo);
ashleymills 0:714293de3836 9799 #endif
ashleymills 0:714293de3836 9800
ashleymills 0:714293de3836 9801 switch (ssl->specs.kea) {
ashleymills 0:714293de3836 9802 #ifndef NO_RSA
ashleymills 0:714293de3836 9803 case rsa_kea:
ashleymills 0:714293de3836 9804 {
ashleymills 0:714293de3836 9805 word32 idx = 0;
ashleymills 0:714293de3836 9806 RsaKey key;
ashleymills 0:714293de3836 9807 byte* tmp = 0;
ashleymills 0:714293de3836 9808
ashleymills 0:714293de3836 9809 InitRsaKey(&key, ssl->heap);
ashleymills 0:714293de3836 9810
ashleymills 0:714293de3836 9811 if (ssl->buffers.key.buffer)
ashleymills 0:714293de3836 9812 ret = RsaPrivateKeyDecode(ssl->buffers.key.buffer, &idx,
ashleymills 0:714293de3836 9813 &key, ssl->buffers.key.length);
ashleymills 0:714293de3836 9814 else
ashleymills 0:714293de3836 9815 return NO_PRIVATE_KEY;
ashleymills 0:714293de3836 9816
ashleymills 0:714293de3836 9817 if (ret == 0) {
ashleymills 0:714293de3836 9818 length = RsaEncryptSize(&key);
ashleymills 0:714293de3836 9819 ssl->arrays->preMasterSz = SECRET_LEN;
ashleymills 0:714293de3836 9820
ashleymills 0:714293de3836 9821 if (ssl->options.tls) {
ashleymills 0:714293de3836 9822 word16 check;
ashleymills 0:714293de3836 9823 ato16(input + *inOutIdx, &check);
ashleymills 0:714293de3836 9824 if ((word32)check != length) {
ashleymills 0:714293de3836 9825 CYASSL_MSG("RSA explicit size doesn't match");
ashleymills 0:714293de3836 9826 FreeRsaKey(&key);
ashleymills 0:714293de3836 9827 return RSA_PRIVATE_ERROR;
ashleymills 0:714293de3836 9828 }
ashleymills 0:714293de3836 9829 (*inOutIdx) += 2;
ashleymills 0:714293de3836 9830 }
ashleymills 0:714293de3836 9831 tmp = input + *inOutIdx;
ashleymills 0:714293de3836 9832 *inOutIdx += length;
ashleymills 0:714293de3836 9833
ashleymills 0:714293de3836 9834 if (*inOutIdx > totalSz) {
ashleymills 0:714293de3836 9835 CYASSL_MSG("RSA message too big");
ashleymills 0:714293de3836 9836 FreeRsaKey(&key);
ashleymills 0:714293de3836 9837 return INCOMPLETE_DATA;
ashleymills 0:714293de3836 9838 }
ashleymills 0:714293de3836 9839
ashleymills 0:714293de3836 9840 if (RsaPrivateDecryptInline(tmp, length, &out, &key) ==
ashleymills 0:714293de3836 9841 SECRET_LEN) {
ashleymills 0:714293de3836 9842 XMEMCPY(ssl->arrays->preMasterSecret, out, SECRET_LEN);
ashleymills 0:714293de3836 9843 if (ssl->arrays->preMasterSecret[0] !=
ashleymills 0:714293de3836 9844 ssl->chVersion.major
ashleymills 0:714293de3836 9845 || ssl->arrays->preMasterSecret[1] !=
ashleymills 0:714293de3836 9846 ssl->chVersion.minor)
ashleymills 0:714293de3836 9847 ret = PMS_VERSION_ERROR;
ashleymills 0:714293de3836 9848 else
ashleymills 0:714293de3836 9849 ret = MakeMasterSecret(ssl);
ashleymills 0:714293de3836 9850 }
ashleymills 0:714293de3836 9851 else
ashleymills 0:714293de3836 9852 ret = RSA_PRIVATE_ERROR;
ashleymills 0:714293de3836 9853 }
ashleymills 0:714293de3836 9854
ashleymills 0:714293de3836 9855 FreeRsaKey(&key);
ashleymills 0:714293de3836 9856 }
ashleymills 0:714293de3836 9857 break;
ashleymills 0:714293de3836 9858 #endif
ashleymills 0:714293de3836 9859 #ifndef NO_PSK
ashleymills 0:714293de3836 9860 case psk_kea:
ashleymills 0:714293de3836 9861 {
ashleymills 0:714293de3836 9862 byte* pms = ssl->arrays->preMasterSecret;
ashleymills 0:714293de3836 9863 word16 ci_sz;
ashleymills 0:714293de3836 9864
ashleymills 0:714293de3836 9865 ato16(&input[*inOutIdx], &ci_sz);
ashleymills 0:714293de3836 9866 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 9867 if (ci_sz > MAX_PSK_ID_LEN) return CLIENT_ID_ERROR;
ashleymills 0:714293de3836 9868
ashleymills 0:714293de3836 9869 XMEMCPY(ssl->arrays->client_identity, &input[*inOutIdx], ci_sz);
ashleymills 0:714293de3836 9870 *inOutIdx += ci_sz;
ashleymills 0:714293de3836 9871 if (ci_sz < MAX_PSK_ID_LEN)
ashleymills 0:714293de3836 9872 ssl->arrays->client_identity[ci_sz] = 0;
ashleymills 0:714293de3836 9873 else
ashleymills 0:714293de3836 9874 ssl->arrays->client_identity[MAX_PSK_ID_LEN-1] = 0;
ashleymills 0:714293de3836 9875
ashleymills 0:714293de3836 9876 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
ashleymills 0:714293de3836 9877 ssl->arrays->client_identity, ssl->arrays->psk_key,
ashleymills 0:714293de3836 9878 MAX_PSK_KEY_LEN);
ashleymills 0:714293de3836 9879 if (ssl->arrays->psk_keySz == 0 ||
ashleymills 0:714293de3836 9880 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN)
ashleymills 0:714293de3836 9881 return PSK_KEY_ERROR;
ashleymills 0:714293de3836 9882
ashleymills 0:714293de3836 9883 /* make psk pre master secret */
ashleymills 0:714293de3836 9884 /* length of key + length 0s + length of key + key */
ashleymills 0:714293de3836 9885 c16toa((word16)ssl->arrays->psk_keySz, pms);
ashleymills 0:714293de3836 9886 pms += 2;
ashleymills 0:714293de3836 9887 XMEMSET(pms, 0, ssl->arrays->psk_keySz);
ashleymills 0:714293de3836 9888 pms += ssl->arrays->psk_keySz;
ashleymills 0:714293de3836 9889 c16toa((word16)ssl->arrays->psk_keySz, pms);
ashleymills 0:714293de3836 9890 pms += 2;
ashleymills 0:714293de3836 9891 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ashleymills 0:714293de3836 9892 ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
ashleymills 0:714293de3836 9893
ashleymills 0:714293de3836 9894 ret = MakeMasterSecret(ssl);
ashleymills 0:714293de3836 9895 /* No further need for PSK */
ashleymills 0:714293de3836 9896 XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ashleymills 0:714293de3836 9897 ssl->arrays->psk_keySz = 0;
ashleymills 0:714293de3836 9898 }
ashleymills 0:714293de3836 9899 break;
ashleymills 0:714293de3836 9900 #endif /* NO_PSK */
ashleymills 0:714293de3836 9901 #ifdef HAVE_NTRU
ashleymills 0:714293de3836 9902 case ntru_kea:
ashleymills 0:714293de3836 9903 {
ashleymills 0:714293de3836 9904 word32 rc;
ashleymills 0:714293de3836 9905 word16 cipherLen;
ashleymills 0:714293de3836 9906 word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
ashleymills 0:714293de3836 9907 byte* tmp;
ashleymills 0:714293de3836 9908
ashleymills 0:714293de3836 9909 if (!ssl->buffers.key.buffer)
ashleymills 0:714293de3836 9910 return NO_PRIVATE_KEY;
ashleymills 0:714293de3836 9911
ashleymills 0:714293de3836 9912 ato16(&input[*inOutIdx], &cipherLen);
ashleymills 0:714293de3836 9913 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 9914 if (cipherLen > MAX_NTRU_ENCRYPT_SZ)
ashleymills 0:714293de3836 9915 return NTRU_KEY_ERROR;
ashleymills 0:714293de3836 9916
ashleymills 0:714293de3836 9917 tmp = input + *inOutIdx;
ashleymills 0:714293de3836 9918 rc = crypto_ntru_decrypt((word16)ssl->buffers.key.length,
ashleymills 0:714293de3836 9919 ssl->buffers.key.buffer, cipherLen, tmp, &plainLen,
ashleymills 0:714293de3836 9920 ssl->arrays->preMasterSecret);
ashleymills 0:714293de3836 9921
ashleymills 0:714293de3836 9922 if (rc != NTRU_OK || plainLen != SECRET_LEN)
ashleymills 0:714293de3836 9923 return NTRU_DECRYPT_ERROR;
ashleymills 0:714293de3836 9924 *inOutIdx += cipherLen;
ashleymills 0:714293de3836 9925
ashleymills 0:714293de3836 9926 ssl->arrays->preMasterSz = plainLen;
ashleymills 0:714293de3836 9927 ret = MakeMasterSecret(ssl);
ashleymills 0:714293de3836 9928 }
ashleymills 0:714293de3836 9929 break;
ashleymills 0:714293de3836 9930 #endif /* HAVE_NTRU */
ashleymills 0:714293de3836 9931 #ifdef HAVE_ECC
ashleymills 0:714293de3836 9932 case ecc_diffie_hellman_kea:
ashleymills 0:714293de3836 9933 {
ashleymills 0:714293de3836 9934 word32 size;
ashleymills 0:714293de3836 9935 word32 bLength = input[*inOutIdx]; /* one byte length */
ashleymills 0:714293de3836 9936 *inOutIdx += 1;
ashleymills 0:714293de3836 9937
ashleymills 0:714293de3836 9938 ret = ecc_import_x963(&input[*inOutIdx],
ashleymills 0:714293de3836 9939 bLength, ssl->peerEccKey);
ashleymills 0:714293de3836 9940 if (ret != 0)
ashleymills 0:714293de3836 9941 return ECC_PEERKEY_ERROR;
ashleymills 0:714293de3836 9942 *inOutIdx += bLength;
ashleymills 0:714293de3836 9943 ssl->peerEccKeyPresent = 1;
ashleymills 0:714293de3836 9944
ashleymills 0:714293de3836 9945 size = sizeof(ssl->arrays->preMasterSecret);
ashleymills 0:714293de3836 9946 if (ssl->specs.static_ecdh) {
ashleymills 0:714293de3836 9947 ecc_key staticKey;
ashleymills 0:714293de3836 9948 word32 i = 0;
ashleymills 0:714293de3836 9949
ashleymills 0:714293de3836 9950 ecc_init(&staticKey);
ashleymills 0:714293de3836 9951 ret = EccPrivateKeyDecode(ssl->buffers.key.buffer, &i,
ashleymills 0:714293de3836 9952 &staticKey, ssl->buffers.key.length);
ashleymills 0:714293de3836 9953 if (ret == 0)
ashleymills 0:714293de3836 9954 ret = ecc_shared_secret(&staticKey, ssl->peerEccKey,
ashleymills 0:714293de3836 9955 ssl->arrays->preMasterSecret, &size);
ashleymills 0:714293de3836 9956 ecc_free(&staticKey);
ashleymills 0:714293de3836 9957 }
ashleymills 0:714293de3836 9958 else
ashleymills 0:714293de3836 9959 ret = ecc_shared_secret(ssl->eccTempKey, ssl->peerEccKey,
ashleymills 0:714293de3836 9960 ssl->arrays->preMasterSecret, &size);
ashleymills 0:714293de3836 9961 if (ret != 0)
ashleymills 0:714293de3836 9962 return ECC_SHARED_ERROR;
ashleymills 0:714293de3836 9963 ssl->arrays->preMasterSz = size;
ashleymills 0:714293de3836 9964 ret = MakeMasterSecret(ssl);
ashleymills 0:714293de3836 9965 }
ashleymills 0:714293de3836 9966 break;
ashleymills 0:714293de3836 9967 #endif /* HAVE_ECC */
ashleymills 0:714293de3836 9968 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 9969 case diffie_hellman_kea:
ashleymills 0:714293de3836 9970 {
ashleymills 0:714293de3836 9971 byte* clientPub;
ashleymills 0:714293de3836 9972 word16 clientPubSz;
ashleymills 0:714293de3836 9973 DhKey dhKey;
ashleymills 0:714293de3836 9974
ashleymills 0:714293de3836 9975 ato16(&input[*inOutIdx], &clientPubSz);
ashleymills 0:714293de3836 9976 *inOutIdx += LENGTH_SZ;
ashleymills 0:714293de3836 9977
ashleymills 0:714293de3836 9978 clientPub = &input[*inOutIdx];
ashleymills 0:714293de3836 9979 *inOutIdx += clientPubSz;
ashleymills 0:714293de3836 9980
ashleymills 0:714293de3836 9981 InitDhKey(&dhKey);
ashleymills 0:714293de3836 9982 ret = DhSetKey(&dhKey, ssl->buffers.serverDH_P.buffer,
ashleymills 0:714293de3836 9983 ssl->buffers.serverDH_P.length,
ashleymills 0:714293de3836 9984 ssl->buffers.serverDH_G.buffer,
ashleymills 0:714293de3836 9985 ssl->buffers.serverDH_G.length);
ashleymills 0:714293de3836 9986 if (ret == 0)
ashleymills 0:714293de3836 9987 ret = DhAgree(&dhKey, ssl->arrays->preMasterSecret,
ashleymills 0:714293de3836 9988 &ssl->arrays->preMasterSz,
ashleymills 0:714293de3836 9989 ssl->buffers.serverDH_Priv.buffer,
ashleymills 0:714293de3836 9990 ssl->buffers.serverDH_Priv.length,
ashleymills 0:714293de3836 9991 clientPub, clientPubSz);
ashleymills 0:714293de3836 9992 FreeDhKey(&dhKey);
ashleymills 0:714293de3836 9993 if (ret == 0)
ashleymills 0:714293de3836 9994 ret = MakeMasterSecret(ssl);
ashleymills 0:714293de3836 9995 }
ashleymills 0:714293de3836 9996 break;
ashleymills 0:714293de3836 9997 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 9998 default:
ashleymills 0:714293de3836 9999 {
ashleymills 0:714293de3836 10000 CYASSL_MSG("Bad kea type");
ashleymills 0:714293de3836 10001 ret = BAD_KEA_TYPE_E;
ashleymills 0:714293de3836 10002 }
ashleymills 0:714293de3836 10003 break;
ashleymills 0:714293de3836 10004 }
ashleymills 0:714293de3836 10005 /* No further need for PMS */
ashleymills 0:714293de3836 10006 XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ashleymills 0:714293de3836 10007 ssl->arrays->preMasterSz = 0;
ashleymills 0:714293de3836 10008
ashleymills 0:714293de3836 10009 if (ret == 0) {
ashleymills 0:714293de3836 10010 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
ashleymills 0:714293de3836 10011 #ifndef NO_CERTS
ashleymills 0:714293de3836 10012 if (ssl->options.verifyPeer)
ashleymills 0:714293de3836 10013 BuildCertHashes(ssl, &ssl->certHashes);
ashleymills 0:714293de3836 10014 #endif
ashleymills 0:714293de3836 10015 }
ashleymills 0:714293de3836 10016
ashleymills 0:714293de3836 10017 return ret;
ashleymills 0:714293de3836 10018 }
ashleymills 0:714293de3836 10019
ashleymills 0:714293de3836 10020 #endif /* NO_CYASSL_SERVER */
ashleymills 0:714293de3836 10021
ashleymills 0:714293de3836 10022
ashleymills 0:714293de3836 10023 #ifdef SINGLE_THREADED
ashleymills 0:714293de3836 10024
ashleymills 0:714293de3836 10025 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10026 {
ashleymills 0:714293de3836 10027 (void)m;
ashleymills 0:714293de3836 10028 return 0;
ashleymills 0:714293de3836 10029 }
ashleymills 0:714293de3836 10030
ashleymills 0:714293de3836 10031
ashleymills 0:714293de3836 10032 int FreeMutex(CyaSSL_Mutex *m)
ashleymills 0:714293de3836 10033 {
ashleymills 0:714293de3836 10034 (void)m;
ashleymills 0:714293de3836 10035 return 0;
ashleymills 0:714293de3836 10036 }
ashleymills 0:714293de3836 10037
ashleymills 0:714293de3836 10038
ashleymills 0:714293de3836 10039 int LockMutex(CyaSSL_Mutex *m)
ashleymills 0:714293de3836 10040 {
ashleymills 0:714293de3836 10041 (void)m;
ashleymills 0:714293de3836 10042 return 0;
ashleymills 0:714293de3836 10043 }
ashleymills 0:714293de3836 10044
ashleymills 0:714293de3836 10045
ashleymills 0:714293de3836 10046 int UnLockMutex(CyaSSL_Mutex *m)
ashleymills 0:714293de3836 10047 {
ashleymills 0:714293de3836 10048 (void)m;
ashleymills 0:714293de3836 10049 return 0;
ashleymills 0:714293de3836 10050 }
ashleymills 0:714293de3836 10051
ashleymills 0:714293de3836 10052 #else /* MULTI_THREAD */
ashleymills 0:714293de3836 10053
ashleymills 0:714293de3836 10054 #if defined(FREERTOS)
ashleymills 0:714293de3836 10055
ashleymills 0:714293de3836 10056 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10057 {
ashleymills 0:714293de3836 10058 int iReturn;
ashleymills 0:714293de3836 10059
ashleymills 0:714293de3836 10060 *m = ( CyaSSL_Mutex ) xSemaphoreCreateMutex();
ashleymills 0:714293de3836 10061 if( *m != NULL )
ashleymills 0:714293de3836 10062 iReturn = 0;
ashleymills 0:714293de3836 10063 else
ashleymills 0:714293de3836 10064 iReturn = BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10065
ashleymills 0:714293de3836 10066 return iReturn;
ashleymills 0:714293de3836 10067 }
ashleymills 0:714293de3836 10068
ashleymills 0:714293de3836 10069 int FreeMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10070 {
ashleymills 0:714293de3836 10071 vSemaphoreDelete( *m );
ashleymills 0:714293de3836 10072 return 0;
ashleymills 0:714293de3836 10073 }
ashleymills 0:714293de3836 10074
ashleymills 0:714293de3836 10075 int LockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10076 {
ashleymills 0:714293de3836 10077 /* Assume an infinite block, or should there be zero block? */
ashleymills 0:714293de3836 10078 xSemaphoreTake( *m, portMAX_DELAY );
ashleymills 0:714293de3836 10079 return 0;
ashleymills 0:714293de3836 10080 }
ashleymills 0:714293de3836 10081
ashleymills 0:714293de3836 10082 int UnLockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10083 {
ashleymills 0:714293de3836 10084 xSemaphoreGive( *m );
ashleymills 0:714293de3836 10085 return 0;
ashleymills 0:714293de3836 10086 }
ashleymills 0:714293de3836 10087
ashleymills 0:714293de3836 10088 #elif defined(CYASSL_SAFERTOS)
ashleymills 0:714293de3836 10089
ashleymills 0:714293de3836 10090 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10091 {
ashleymills 0:714293de3836 10092 vSemaphoreCreateBinary(m->mutexBuffer, m->mutex);
ashleymills 0:714293de3836 10093 if (m->mutex == NULL)
ashleymills 0:714293de3836 10094 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10095
ashleymills 0:714293de3836 10096 return 0;
ashleymills 0:714293de3836 10097 }
ashleymills 0:714293de3836 10098
ashleymills 0:714293de3836 10099 int FreeMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10100 {
ashleymills 0:714293de3836 10101 (void)m;
ashleymills 0:714293de3836 10102 return 0;
ashleymills 0:714293de3836 10103 }
ashleymills 0:714293de3836 10104
ashleymills 0:714293de3836 10105 int LockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10106 {
ashleymills 0:714293de3836 10107 /* Assume an infinite block */
ashleymills 0:714293de3836 10108 xSemaphoreTake(m->mutex, portMAX_DELAY);
ashleymills 0:714293de3836 10109 return 0;
ashleymills 0:714293de3836 10110 }
ashleymills 0:714293de3836 10111
ashleymills 0:714293de3836 10112 int UnLockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10113 {
ashleymills 0:714293de3836 10114 xSemaphoreGive(m->mutex);
ashleymills 0:714293de3836 10115 return 0;
ashleymills 0:714293de3836 10116 }
ashleymills 0:714293de3836 10117
ashleymills 0:714293de3836 10118
ashleymills 0:714293de3836 10119 #elif defined(USE_WINDOWS_API)
ashleymills 0:714293de3836 10120
ashleymills 0:714293de3836 10121 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10122 {
ashleymills 0:714293de3836 10123 InitializeCriticalSection(m);
ashleymills 0:714293de3836 10124 return 0;
ashleymills 0:714293de3836 10125 }
ashleymills 0:714293de3836 10126
ashleymills 0:714293de3836 10127
ashleymills 0:714293de3836 10128 int FreeMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10129 {
ashleymills 0:714293de3836 10130 DeleteCriticalSection(m);
ashleymills 0:714293de3836 10131 return 0;
ashleymills 0:714293de3836 10132 }
ashleymills 0:714293de3836 10133
ashleymills 0:714293de3836 10134
ashleymills 0:714293de3836 10135 int LockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10136 {
ashleymills 0:714293de3836 10137 EnterCriticalSection(m);
ashleymills 0:714293de3836 10138 return 0;
ashleymills 0:714293de3836 10139 }
ashleymills 0:714293de3836 10140
ashleymills 0:714293de3836 10141
ashleymills 0:714293de3836 10142 int UnLockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10143 {
ashleymills 0:714293de3836 10144 LeaveCriticalSection(m);
ashleymills 0:714293de3836 10145 return 0;
ashleymills 0:714293de3836 10146 }
ashleymills 0:714293de3836 10147
ashleymills 0:714293de3836 10148 #elif defined(CYASSL_PTHREADS)
ashleymills 0:714293de3836 10149
ashleymills 0:714293de3836 10150 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10151 {
ashleymills 0:714293de3836 10152 if (pthread_mutex_init(m, 0) == 0)
ashleymills 0:714293de3836 10153 return 0;
ashleymills 0:714293de3836 10154 else
ashleymills 0:714293de3836 10155 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10156 }
ashleymills 0:714293de3836 10157
ashleymills 0:714293de3836 10158
ashleymills 0:714293de3836 10159 int FreeMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10160 {
ashleymills 0:714293de3836 10161 if (pthread_mutex_destroy(m) == 0)
ashleymills 0:714293de3836 10162 return 0;
ashleymills 0:714293de3836 10163 else
ashleymills 0:714293de3836 10164 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10165 }
ashleymills 0:714293de3836 10166
ashleymills 0:714293de3836 10167
ashleymills 0:714293de3836 10168 int LockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10169 {
ashleymills 0:714293de3836 10170 if (pthread_mutex_lock(m) == 0)
ashleymills 0:714293de3836 10171 return 0;
ashleymills 0:714293de3836 10172 else
ashleymills 0:714293de3836 10173 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10174 }
ashleymills 0:714293de3836 10175
ashleymills 0:714293de3836 10176
ashleymills 0:714293de3836 10177 int UnLockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10178 {
ashleymills 0:714293de3836 10179 if (pthread_mutex_unlock(m) == 0)
ashleymills 0:714293de3836 10180 return 0;
ashleymills 0:714293de3836 10181 else
ashleymills 0:714293de3836 10182 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10183 }
ashleymills 0:714293de3836 10184
ashleymills 0:714293de3836 10185 #elif defined(THREADX)
ashleymills 0:714293de3836 10186
ashleymills 0:714293de3836 10187 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10188 {
ashleymills 0:714293de3836 10189 if (tx_mutex_create(m, "CyaSSL Mutex", TX_NO_INHERIT) == 0)
ashleymills 0:714293de3836 10190 return 0;
ashleymills 0:714293de3836 10191 else
ashleymills 0:714293de3836 10192 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10193 }
ashleymills 0:714293de3836 10194
ashleymills 0:714293de3836 10195
ashleymills 0:714293de3836 10196 int FreeMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10197 {
ashleymills 0:714293de3836 10198 if (tx_mutex_delete(m) == 0)
ashleymills 0:714293de3836 10199 return 0;
ashleymills 0:714293de3836 10200 else
ashleymills 0:714293de3836 10201 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10202 }
ashleymills 0:714293de3836 10203
ashleymills 0:714293de3836 10204
ashleymills 0:714293de3836 10205 int LockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10206 {
ashleymills 0:714293de3836 10207 if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0)
ashleymills 0:714293de3836 10208 return 0;
ashleymills 0:714293de3836 10209 else
ashleymills 0:714293de3836 10210 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10211 }
ashleymills 0:714293de3836 10212
ashleymills 0:714293de3836 10213
ashleymills 0:714293de3836 10214 int UnLockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10215 {
ashleymills 0:714293de3836 10216 if (tx_mutex_put(m) == 0)
ashleymills 0:714293de3836 10217 return 0;
ashleymills 0:714293de3836 10218 else
ashleymills 0:714293de3836 10219 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10220 }
ashleymills 0:714293de3836 10221
ashleymills 0:714293de3836 10222 #elif defined(MICRIUM)
ashleymills 0:714293de3836 10223
ashleymills 0:714293de3836 10224 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10225 {
ashleymills 0:714293de3836 10226 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
ashleymills 0:714293de3836 10227 if (NetSecure_OS_MutexCreate(m) == 0)
ashleymills 0:714293de3836 10228 return 0;
ashleymills 0:714293de3836 10229 else
ashleymills 0:714293de3836 10230 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10231 #else
ashleymills 0:714293de3836 10232 return 0;
ashleymills 0:714293de3836 10233 #endif
ashleymills 0:714293de3836 10234 }
ashleymills 0:714293de3836 10235
ashleymills 0:714293de3836 10236
ashleymills 0:714293de3836 10237 int FreeMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10238 {
ashleymills 0:714293de3836 10239 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
ashleymills 0:714293de3836 10240 if (NetSecure_OS_FreeMutex(m) == 0)
ashleymills 0:714293de3836 10241 return 0;
ashleymills 0:714293de3836 10242 else
ashleymills 0:714293de3836 10243 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10244 #else
ashleymills 0:714293de3836 10245 return 0;
ashleymills 0:714293de3836 10246 #endif
ashleymills 0:714293de3836 10247 }
ashleymills 0:714293de3836 10248
ashleymills 0:714293de3836 10249
ashleymills 0:714293de3836 10250 int LockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10251 {
ashleymills 0:714293de3836 10252 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
ashleymills 0:714293de3836 10253 if (NetSecure_OS_LockMutex(m) == 0)
ashleymills 0:714293de3836 10254 return 0;
ashleymills 0:714293de3836 10255 else
ashleymills 0:714293de3836 10256 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10257 #else
ashleymills 0:714293de3836 10258 return 0;
ashleymills 0:714293de3836 10259 #endif
ashleymills 0:714293de3836 10260 }
ashleymills 0:714293de3836 10261
ashleymills 0:714293de3836 10262
ashleymills 0:714293de3836 10263 int UnLockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10264 {
ashleymills 0:714293de3836 10265 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
ashleymills 0:714293de3836 10266 if (NetSecure_OS_UnLockMutex(m) == 0)
ashleymills 0:714293de3836 10267 return 0;
ashleymills 0:714293de3836 10268 else
ashleymills 0:714293de3836 10269 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10270 #else
ashleymills 0:714293de3836 10271 return 0;
ashleymills 0:714293de3836 10272 #endif
ashleymills 0:714293de3836 10273
ashleymills 0:714293de3836 10274 }
ashleymills 0:714293de3836 10275
ashleymills 0:714293de3836 10276 #elif defined(EBSNET)
ashleymills 0:714293de3836 10277
ashleymills 0:714293de3836 10278 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10279 {
ashleymills 0:714293de3836 10280 if (rtp_sig_mutex_alloc(m, "CyaSSL Mutex") == -1)
ashleymills 0:714293de3836 10281 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10282 else
ashleymills 0:714293de3836 10283 return 0;
ashleymills 0:714293de3836 10284 }
ashleymills 0:714293de3836 10285
ashleymills 0:714293de3836 10286 int FreeMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10287 {
ashleymills 0:714293de3836 10288 rtp_sig_mutex_free(*m);
ashleymills 0:714293de3836 10289 return 0;
ashleymills 0:714293de3836 10290 }
ashleymills 0:714293de3836 10291
ashleymills 0:714293de3836 10292 int LockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10293 {
ashleymills 0:714293de3836 10294 if (rtp_sig_mutex_claim_timed(*m, RTIP_INF) == 0)
ashleymills 0:714293de3836 10295 return 0;
ashleymills 0:714293de3836 10296 else
ashleymills 0:714293de3836 10297 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10298 }
ashleymills 0:714293de3836 10299
ashleymills 0:714293de3836 10300 int UnLockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10301 {
ashleymills 0:714293de3836 10302 rtp_sig_mutex_release(*m);
ashleymills 0:714293de3836 10303 return 0;
ashleymills 0:714293de3836 10304 }
ashleymills 0:714293de3836 10305
ashleymills 0:714293de3836 10306 #elif defined(FREESCALE_MQX)
ashleymills 0:714293de3836 10307
ashleymills 0:714293de3836 10308 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10309 {
ashleymills 0:714293de3836 10310 if (_mutex_init(m, NULL) == MQX_EOK)
ashleymills 0:714293de3836 10311 return 0;
ashleymills 0:714293de3836 10312 else
ashleymills 0:714293de3836 10313 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10314 }
ashleymills 0:714293de3836 10315
ashleymills 0:714293de3836 10316 int FreeMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10317 {
ashleymills 0:714293de3836 10318 if (_mutex_destroy(m) == MQX_EOK)
ashleymills 0:714293de3836 10319 return 0;
ashleymills 0:714293de3836 10320 else
ashleymills 0:714293de3836 10321 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10322 }
ashleymills 0:714293de3836 10323
ashleymills 0:714293de3836 10324 int LockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10325 {
ashleymills 0:714293de3836 10326 if (_mutex_lock(m) == MQX_EOK)
ashleymills 0:714293de3836 10327 return 0;
ashleymills 0:714293de3836 10328 else
ashleymills 0:714293de3836 10329 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10330 }
ashleymills 0:714293de3836 10331
ashleymills 0:714293de3836 10332 int UnLockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10333 {
ashleymills 0:714293de3836 10334 if (_mutex_unlock(m) == MQX_EOK)
ashleymills 0:714293de3836 10335 return 0;
ashleymills 0:714293de3836 10336 else
ashleymills 0:714293de3836 10337 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 10338 }
ashleymills 0:714293de3836 10339
ashleymills 0:714293de3836 10340 #elif defined(CYASSL_MDK_ARM)
ashleymills 0:714293de3836 10341
ashleymills 0:714293de3836 10342 int InitMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10343 {
ashleymills 0:714293de3836 10344 os_mut_init (m);
ashleymills 0:714293de3836 10345 return 0;
ashleymills 0:714293de3836 10346 }
ashleymills 0:714293de3836 10347
ashleymills 0:714293de3836 10348 int FreeMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10349 {
ashleymills 0:714293de3836 10350 return(0) ;
ashleymills 0:714293de3836 10351 }
ashleymills 0:714293de3836 10352
ashleymills 0:714293de3836 10353 int LockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10354 {
ashleymills 0:714293de3836 10355 os_mut_wait (m, 0xffff);
ashleymills 0:714293de3836 10356 return(0) ;
ashleymills 0:714293de3836 10357 }
ashleymills 0:714293de3836 10358
ashleymills 0:714293de3836 10359 int UnLockMutex(CyaSSL_Mutex* m)
ashleymills 0:714293de3836 10360 {
ashleymills 0:714293de3836 10361 os_mut_release (m);
ashleymills 0:714293de3836 10362 return 0;
ashleymills 0:714293de3836 10363 }
ashleymills 0:714293de3836 10364 #endif /* USE_WINDOWS_API */
ashleymills 0:714293de3836 10365 #endif /* SINGLE_THREADED */