Francois Berder / cyassl-lib

fork of cyassl-lib

Dependents:   TLS_cyassl TLS_cyassl

ssl.c@4:f377303c41be, 2013-09-16 (annotated)

Committer:
feb11
Date:
Mon Sep 16 09:53:35 2013 +0000
Revision:
4:f377303c41be
Parent:
0:714293de3836 
changed settings

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ashleymills 0:714293de3836 1 /* ssl.c
ashleymills 0:714293de3836 2 *
ashleymills 0:714293de3836 3 * Copyright (C) 2006-2013 wolfSSL Inc.
ashleymills 0:714293de3836 4 *
ashleymills 0:714293de3836 5 * This file is part of CyaSSL.
ashleymills 0:714293de3836 6 *
ashleymills 0:714293de3836 7 * CyaSSL is free software; you can redistribute it and/or modify
ashleymills 0:714293de3836 8 * it under the terms of the GNU General Public License as published by
ashleymills 0:714293de3836 9 * the Free Software Foundation; either version 2 of the License, or
ashleymills 0:714293de3836 10 * (at your option) any later version.
ashleymills 0:714293de3836 11 *
ashleymills 0:714293de3836 12 * CyaSSL is distributed in the hope that it will be useful,
ashleymills 0:714293de3836 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
ashleymills 0:714293de3836 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ashleymills 0:714293de3836 15 * GNU General Public License for more details.
ashleymills 0:714293de3836 16 *
ashleymills 0:714293de3836 17 * You should have received a copy of the GNU General Public License
ashleymills 0:714293de3836 18 * along with this program; if not, write to the Free Software
ashleymills 0:714293de3836 19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
ashleymills 0:714293de3836 20 */
ashleymills 0:714293de3836 21
ashleymills 0:714293de3836 22 #ifdef HAVE_CONFIG_H
ashleymills 0:714293de3836 23 #include <config.h>
ashleymills 0:714293de3836 24 #endif
ashleymills 0:714293de3836 25
ashleymills 0:714293de3836 26 #include <cyassl/ctaocrypt/settings.h>
ashleymills 0:714293de3836 27
ashleymills 0:714293de3836 28 #ifdef HAVE_ERRNO_H
ashleymills 0:714293de3836 29 #include <errno.h>
ashleymills 0:714293de3836 30 #endif
ashleymills 0:714293de3836 31
ashleymills 0:714293de3836 32
ashleymills 0:714293de3836 33 #include <cyassl/ssl.h>
ashleymills 0:714293de3836 34 #include <cyassl/internal.h>
ashleymills 0:714293de3836 35 #include <cyassl/ctaoerror.h>
ashleymills 0:714293de3836 36 #include <cyassl/ctaocrypt/coding.h>
ashleymills 0:714293de3836 37
ashleymills 0:714293de3836 38 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
ashleymills 0:714293de3836 39 #include <cyassl/openssl/evp.h>
ashleymills 0:714293de3836 40 #endif
ashleymills 0:714293de3836 41
ashleymills 0:714293de3836 42 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 43 /* openssl headers begin */
ashleymills 0:714293de3836 44 #include <cyassl/openssl/hmac.h>
ashleymills 0:714293de3836 45 #include <cyassl/openssl/crypto.h>
ashleymills 0:714293de3836 46 #include <cyassl/openssl/des.h>
ashleymills 0:714293de3836 47 #include <cyassl/openssl/bn.h>
ashleymills 0:714293de3836 48 #include <cyassl/openssl/dh.h>
ashleymills 0:714293de3836 49 #include <cyassl/openssl/rsa.h>
ashleymills 0:714293de3836 50 #include <cyassl/openssl/pem.h>
ashleymills 0:714293de3836 51 /* openssl headers end, cyassl internal headers next */
ashleymills 0:714293de3836 52 #include <cyassl/ctaocrypt/hmac.h>
ashleymills 0:714293de3836 53 #include <cyassl/ctaocrypt/random.h>
ashleymills 0:714293de3836 54 #include <cyassl/ctaocrypt/des3.h>
ashleymills 0:714293de3836 55 #include <cyassl/ctaocrypt/md4.h>
ashleymills 0:714293de3836 56 #include <cyassl/ctaocrypt/md5.h>
ashleymills 0:714293de3836 57 #include <cyassl/ctaocrypt/arc4.h>
ashleymills 0:714293de3836 58 #ifdef CYASSL_SHA512
ashleymills 0:714293de3836 59 #include <cyassl/ctaocrypt/sha512.h>
ashleymills 0:714293de3836 60 #endif
ashleymills 0:714293de3836 61 #endif
ashleymills 0:714293de3836 62
ashleymills 0:714293de3836 63 #ifndef NO_FILESYSTEM
ashleymills 0:714293de3836 64 #if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \
ashleymills 0:714293de3836 65 && !defined(EBSNET)
ashleymills 0:714293de3836 66 #include <dirent.h>
ashleymills 0:714293de3836 67 #include <sys/stat.h>
ashleymills 0:714293de3836 68 #endif
ashleymills 0:714293de3836 69 #ifdef EBSNET
ashleymills 0:714293de3836 70 #include "vfapi.h"
ashleymills 0:714293de3836 71 #include "vfile.h"
ashleymills 0:714293de3836 72 #endif
ashleymills 0:714293de3836 73 #endif /* NO_FILESYSTEM */
ashleymills 0:714293de3836 74
ashleymills 0:714293de3836 75 #ifndef TRUE
ashleymills 0:714293de3836 76 #define TRUE 1
ashleymills 0:714293de3836 77 #endif
ashleymills 0:714293de3836 78 #ifndef FALSE
ashleymills 0:714293de3836 79 #define FALSE 0
ashleymills 0:714293de3836 80 #endif
ashleymills 0:714293de3836 81
ashleymills 0:714293de3836 82 #ifndef min
ashleymills 0:714293de3836 83
ashleymills 0:714293de3836 84 static INLINE word32 min(word32 a, word32 b)
ashleymills 0:714293de3836 85 {
ashleymills 0:714293de3836 86 return a > b ? b : a;
ashleymills 0:714293de3836 87 }
ashleymills 0:714293de3836 88
ashleymills 0:714293de3836 89 #endif /* min */
ashleymills 0:714293de3836 90
ashleymills 0:714293de3836 91 #ifndef max
ashleymills 0:714293de3836 92
ashleymills 0:714293de3836 93 static INLINE word32 max(word32 a, word32 b)
ashleymills 0:714293de3836 94 {
ashleymills 0:714293de3836 95 return a > b ? a : b;
ashleymills 0:714293de3836 96 }
ashleymills 0:714293de3836 97
ashleymills 0:714293de3836 98 #endif /* min */
ashleymills 0:714293de3836 99
ashleymills 0:714293de3836 100
ashleymills 0:714293de3836 101 #ifndef CYASSL_LEANPSK
ashleymills 0:714293de3836 102 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
ashleymills 0:714293de3836 103 {
ashleymills 0:714293de3836 104 unsigned int s2_len = (unsigned int)XSTRLEN(s2);
ashleymills 0:714293de3836 105
ashleymills 0:714293de3836 106 if (s2_len == 0)
ashleymills 0:714293de3836 107 return (char*)s1;
ashleymills 0:714293de3836 108
ashleymills 0:714293de3836 109 while (n >= s2_len && s1[0]) {
ashleymills 0:714293de3836 110 if (s1[0] == s2[0])
ashleymills 0:714293de3836 111 if (XMEMCMP(s1, s2, s2_len) == 0)
ashleymills 0:714293de3836 112 return (char*)s1;
ashleymills 0:714293de3836 113 s1++;
ashleymills 0:714293de3836 114 n--;
ashleymills 0:714293de3836 115 }
ashleymills 0:714293de3836 116
ashleymills 0:714293de3836 117 return NULL;
ashleymills 0:714293de3836 118 }
ashleymills 0:714293de3836 119 #endif
ashleymills 0:714293de3836 120
ashleymills 0:714293de3836 121
ashleymills 0:714293de3836 122 /* prevent multiple mutex initializations */
ashleymills 0:714293de3836 123 static volatile int initRefCount = 0;
ashleymills 0:714293de3836 124 static CyaSSL_Mutex count_mutex; /* init ref count mutex */
ashleymills 0:714293de3836 125
ashleymills 0:714293de3836 126
ashleymills 0:714293de3836 127
ashleymills 0:714293de3836 128 CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD* method)
ashleymills 0:714293de3836 129 {
ashleymills 0:714293de3836 130 CYASSL_CTX* ctx = NULL;
ashleymills 0:714293de3836 131
ashleymills 0:714293de3836 132 CYASSL_ENTER("CYASSL_CTX_new");
ashleymills 0:714293de3836 133
ashleymills 0:714293de3836 134 if (initRefCount == 0)
ashleymills 0:714293de3836 135 CyaSSL_Init(); /* user no longer forced to call Init themselves */
ashleymills 0:714293de3836 136
ashleymills 0:714293de3836 137 if (method == NULL)
ashleymills 0:714293de3836 138 return ctx;
ashleymills 0:714293de3836 139
ashleymills 0:714293de3836 140 ctx = (CYASSL_CTX*) XMALLOC(sizeof(CYASSL_CTX), 0, DYNAMIC_TYPE_CTX);
ashleymills 0:714293de3836 141 if (ctx) {
ashleymills 0:714293de3836 142 if (InitSSL_Ctx(ctx, method) < 0) {
ashleymills 0:714293de3836 143 CYASSL_MSG("Init CTX failed");
ashleymills 0:714293de3836 144 CyaSSL_CTX_free(ctx);
ashleymills 0:714293de3836 145 ctx = NULL;
ashleymills 0:714293de3836 146 }
ashleymills 0:714293de3836 147 }
ashleymills 0:714293de3836 148 else {
ashleymills 0:714293de3836 149 CYASSL_MSG("Alloc CTX failed, method freed");
ashleymills 0:714293de3836 150 XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
ashleymills 0:714293de3836 151 }
ashleymills 0:714293de3836 152
ashleymills 0:714293de3836 153 CYASSL_LEAVE("CYASSL_CTX_new", 0);
ashleymills 0:714293de3836 154 return ctx;
ashleymills 0:714293de3836 155 }
ashleymills 0:714293de3836 156
ashleymills 0:714293de3836 157
ashleymills 0:714293de3836 158 void CyaSSL_CTX_free(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 159 {
ashleymills 0:714293de3836 160 CYASSL_ENTER("SSL_CTX_free");
ashleymills 0:714293de3836 161 if (ctx)
ashleymills 0:714293de3836 162 FreeSSL_Ctx(ctx);
ashleymills 0:714293de3836 163 CYASSL_LEAVE("SSL_CTX_free", 0);
ashleymills 0:714293de3836 164 }
ashleymills 0:714293de3836 165
ashleymills 0:714293de3836 166
ashleymills 0:714293de3836 167 CYASSL* CyaSSL_new(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 168 {
ashleymills 0:714293de3836 169 CYASSL* ssl = NULL;
ashleymills 0:714293de3836 170 int ret = 0;
ashleymills 0:714293de3836 171
ashleymills 0:714293de3836 172 (void)ret;
ashleymills 0:714293de3836 173 CYASSL_ENTER("SSL_new");
ashleymills 0:714293de3836 174
ashleymills 0:714293de3836 175 if (ctx == NULL)
ashleymills 0:714293de3836 176 return ssl;
ashleymills 0:714293de3836 177
ashleymills 0:714293de3836 178 ssl = (CYASSL*) XMALLOC(sizeof(CYASSL), ctx->heap,DYNAMIC_TYPE_SSL);
ashleymills 0:714293de3836 179 if (ssl)
ashleymills 0:714293de3836 180 if ( (ret = InitSSL(ssl, ctx)) < 0) {
ashleymills 0:714293de3836 181 FreeSSL(ssl);
ashleymills 0:714293de3836 182 ssl = 0;
ashleymills 0:714293de3836 183 }
ashleymills 0:714293de3836 184
ashleymills 0:714293de3836 185 CYASSL_LEAVE("SSL_new", ret);
ashleymills 0:714293de3836 186 return ssl;
ashleymills 0:714293de3836 187 }
ashleymills 0:714293de3836 188
ashleymills 0:714293de3836 189
ashleymills 0:714293de3836 190 void CyaSSL_free(CYASSL* ssl)
ashleymills 0:714293de3836 191 {
ashleymills 0:714293de3836 192 CYASSL_ENTER("SSL_free");
ashleymills 0:714293de3836 193 if (ssl)
ashleymills 0:714293de3836 194 FreeSSL(ssl);
ashleymills 0:714293de3836 195 CYASSL_LEAVE("SSL_free", 0);
ashleymills 0:714293de3836 196 }
ashleymills 0:714293de3836 197
ashleymills 0:714293de3836 198
ashleymills 0:714293de3836 199 int CyaSSL_set_fd(CYASSL* ssl, int fd)
ashleymills 0:714293de3836 200 {
ashleymills 0:714293de3836 201 CYASSL_ENTER("SSL_set_fd");
ashleymills 0:714293de3836 202 ssl->rfd = fd; /* not used directly to allow IO callbacks */
ashleymills 0:714293de3836 203 ssl->wfd = fd;
ashleymills 0:714293de3836 204
ashleymills 0:714293de3836 205 ssl->IOCB_ReadCtx = &ssl->rfd;
ashleymills 0:714293de3836 206 ssl->IOCB_WriteCtx = &ssl->wfd;
ashleymills 0:714293de3836 207
ashleymills 0:714293de3836 208 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 209 if (ssl->options.dtls) {
ashleymills 0:714293de3836 210 ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
ashleymills 0:714293de3836 211 ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
ashleymills 0:714293de3836 212 ssl->buffers.dtlsCtx.fd = fd;
ashleymills 0:714293de3836 213 }
ashleymills 0:714293de3836 214 #endif
ashleymills 0:714293de3836 215
ashleymills 0:714293de3836 216 CYASSL_LEAVE("SSL_set_fd", SSL_SUCCESS);
ashleymills 0:714293de3836 217 return SSL_SUCCESS;
ashleymills 0:714293de3836 218 }
ashleymills 0:714293de3836 219
ashleymills 0:714293de3836 220
ashleymills 0:714293de3836 221 int CyaSSL_get_fd(const CYASSL* ssl)
ashleymills 0:714293de3836 222 {
ashleymills 0:714293de3836 223 CYASSL_ENTER("SSL_get_fd");
ashleymills 0:714293de3836 224 CYASSL_LEAVE("SSL_get_fd", ssl->rfd);
ashleymills 0:714293de3836 225 return ssl->rfd;
ashleymills 0:714293de3836 226 }
ashleymills 0:714293de3836 227
ashleymills 0:714293de3836 228
ashleymills 0:714293de3836 229 #ifndef CYASSL_LEANPSK
ashleymills 0:714293de3836 230 void CyaSSL_set_using_nonblock(CYASSL* ssl, int nonblock)
ashleymills 0:714293de3836 231 {
ashleymills 0:714293de3836 232 CYASSL_ENTER("CyaSSL_set_using_nonblock");
ashleymills 0:714293de3836 233 ssl->options.usingNonblock = (nonblock != 0);
ashleymills 0:714293de3836 234 }
ashleymills 0:714293de3836 235
ashleymills 0:714293de3836 236
ashleymills 0:714293de3836 237 int CyaSSL_get_using_nonblock(CYASSL* ssl)
ashleymills 0:714293de3836 238 {
ashleymills 0:714293de3836 239 CYASSL_ENTER("CyaSSL_get_using_nonblock");
ashleymills 0:714293de3836 240 CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock);
ashleymills 0:714293de3836 241 return ssl->options.usingNonblock;
ashleymills 0:714293de3836 242 }
ashleymills 0:714293de3836 243
ashleymills 0:714293de3836 244
ashleymills 0:714293de3836 245 int CyaSSL_dtls(CYASSL* ssl)
ashleymills 0:714293de3836 246 {
ashleymills 0:714293de3836 247 return ssl->options.dtls;
ashleymills 0:714293de3836 248 }
ashleymills 0:714293de3836 249
ashleymills 0:714293de3836 250
ashleymills 0:714293de3836 251 int CyaSSL_dtls_set_peer(CYASSL* ssl, void* peer, unsigned int peerSz)
ashleymills 0:714293de3836 252 {
ashleymills 0:714293de3836 253 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 254 void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
ashleymills 0:714293de3836 255 if (sa != NULL) {
ashleymills 0:714293de3836 256 XMEMCPY(sa, peer, peerSz);
ashleymills 0:714293de3836 257 ssl->buffers.dtlsCtx.peer.sa = sa;
ashleymills 0:714293de3836 258 ssl->buffers.dtlsCtx.peer.sz = peerSz;
ashleymills 0:714293de3836 259 return SSL_SUCCESS;
ashleymills 0:714293de3836 260 }
ashleymills 0:714293de3836 261 return SSL_FAILURE;
ashleymills 0:714293de3836 262 #else
ashleymills 0:714293de3836 263 (void)ssl;
ashleymills 0:714293de3836 264 (void)peer;
ashleymills 0:714293de3836 265 (void)peerSz;
ashleymills 0:714293de3836 266 return SSL_NOT_IMPLEMENTED;
ashleymills 0:714293de3836 267 #endif
ashleymills 0:714293de3836 268 }
ashleymills 0:714293de3836 269
ashleymills 0:714293de3836 270 int CyaSSL_dtls_get_peer(CYASSL* ssl, void* peer, unsigned int* peerSz)
ashleymills 0:714293de3836 271 {
ashleymills 0:714293de3836 272 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 273 if (peer != NULL && peerSz != NULL
ashleymills 0:714293de3836 274 && *peerSz >= ssl->buffers.dtlsCtx.peer.sz) {
ashleymills 0:714293de3836 275 *peerSz = ssl->buffers.dtlsCtx.peer.sz;
ashleymills 0:714293de3836 276 XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
ashleymills 0:714293de3836 277 return SSL_SUCCESS;
ashleymills 0:714293de3836 278 }
ashleymills 0:714293de3836 279 return SSL_FAILURE;
ashleymills 0:714293de3836 280 #else
ashleymills 0:714293de3836 281 (void)ssl;
ashleymills 0:714293de3836 282 (void)peer;
ashleymills 0:714293de3836 283 (void)peerSz;
ashleymills 0:714293de3836 284 return SSL_NOT_IMPLEMENTED;
ashleymills 0:714293de3836 285 #endif
ashleymills 0:714293de3836 286 }
ashleymills 0:714293de3836 287 #endif /* CYASSL_LEANPSK */
ashleymills 0:714293de3836 288
ashleymills 0:714293de3836 289
ashleymills 0:714293de3836 290 /* return underlyig connect or accept, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 291 int CyaSSL_negotiate(CYASSL* ssl)
ashleymills 0:714293de3836 292 {
ashleymills 0:714293de3836 293 int err = SSL_FATAL_ERROR;
ashleymills 0:714293de3836 294
ashleymills 0:714293de3836 295 CYASSL_ENTER("CyaSSL_negotiate");
ashleymills 0:714293de3836 296 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 297 if (ssl->options.side == SERVER_END)
ashleymills 0:714293de3836 298 err = CyaSSL_accept(ssl);
ashleymills 0:714293de3836 299 #endif
ashleymills 0:714293de3836 300
ashleymills 0:714293de3836 301 #ifndef NO_CYASSL_CLIENT
ashleymills 0:714293de3836 302 if (ssl->options.side == CLIENT_END)
ashleymills 0:714293de3836 303 err = CyaSSL_connect(ssl);
ashleymills 0:714293de3836 304 #endif
ashleymills 0:714293de3836 305
ashleymills 0:714293de3836 306 CYASSL_LEAVE("CyaSSL_negotiate", err);
ashleymills 0:714293de3836 307
ashleymills 0:714293de3836 308 return err;
ashleymills 0:714293de3836 309 }
ashleymills 0:714293de3836 310
ashleymills 0:714293de3836 311
ashleymills 0:714293de3836 312 #ifndef CYASSL_LEANPSK
ashleymills 0:714293de3836 313 /* object size based on build */
ashleymills 0:714293de3836 314 int CyaSSL_GetObjectSize(void)
ashleymills 0:714293de3836 315 {
ashleymills 0:714293de3836 316 #ifdef SHOW_SIZES
ashleymills 0:714293de3836 317 printf("sizeof suites = %lu\n", sizeof(Suites));
ashleymills 0:714293de3836 318 printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
ashleymills 0:714293de3836 319 #ifndef NO_RC4
ashleymills 0:714293de3836 320 printf(" sizeof arc4 = %lu\n", sizeof(Arc4));
ashleymills 0:714293de3836 321 #endif
ashleymills 0:714293de3836 322 printf(" sizeof aes = %lu\n", sizeof(Aes));
ashleymills 0:714293de3836 323 #ifndef NO_DES3
ashleymills 0:714293de3836 324 printf(" sizeof des3 = %lu\n", sizeof(Des3));
ashleymills 0:714293de3836 325 #endif
ashleymills 0:714293de3836 326 #ifndef NO_RABBIT
ashleymills 0:714293de3836 327 printf(" sizeof rabbit = %lu\n", sizeof(Rabbit));
ashleymills 0:714293de3836 328 #endif
ashleymills 0:714293de3836 329 printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
ashleymills 0:714293de3836 330 printf("sizeof keys = %lu\n", sizeof(Keys));
ashleymills 0:714293de3836 331 printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
ashleymills 0:714293de3836 332 #ifndef NO_MD5
ashleymills 0:714293de3836 333 printf(" sizeof MD5 = %lu\n", sizeof(Md5));
ashleymills 0:714293de3836 334 #endif
ashleymills 0:714293de3836 335 #ifndef NO_SHA
ashleymills 0:714293de3836 336 printf(" sizeof SHA = %lu\n", sizeof(Sha));
ashleymills 0:714293de3836 337 #endif
ashleymills 0:714293de3836 338 #ifndef NO_SHA256
ashleymills 0:714293de3836 339 printf(" sizeof SHA256 = %lu\n", sizeof(Sha256));
ashleymills 0:714293de3836 340 #endif
ashleymills 0:714293de3836 341 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 342 printf(" sizeof SHA384 = %lu\n", sizeof(Sha384));
ashleymills 0:714293de3836 343 #endif
ashleymills 0:714293de3836 344 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 345 printf(" sizeof SHA512 = %lu\n", sizeof(Sha512));
ashleymills 0:714293de3836 346 #endif
ashleymills 0:714293de3836 347 printf("sizeof Buffers = %lu\n", sizeof(Buffers));
ashleymills 0:714293de3836 348 printf("sizeof Options = %lu\n", sizeof(Options));
ashleymills 0:714293de3836 349 printf("sizeof Arrays = %lu\n", sizeof(Arrays));
ashleymills 0:714293de3836 350 #ifndef NO_RSA
ashleymills 0:714293de3836 351 printf("sizeof RsaKey = %lu\n", sizeof(RsaKey));
ashleymills 0:714293de3836 352 #endif
ashleymills 0:714293de3836 353 #ifdef HAVE_ECC
ashleymills 0:714293de3836 354 printf("sizeof ecc_key = %lu\n", sizeof(ecc_key));
ashleymills 0:714293de3836 355 #endif
ashleymills 0:714293de3836 356 printf("sizeof CYASSL_CIPHER = %lu\n", sizeof(CYASSL_CIPHER));
ashleymills 0:714293de3836 357 printf("sizeof CYASSL_SESSION = %lu\n", sizeof(CYASSL_SESSION));
ashleymills 0:714293de3836 358 printf("sizeof CYASSL = %lu\n", sizeof(CYASSL));
ashleymills 0:714293de3836 359 printf("sizeof CYASSL_CTX = %lu\n", sizeof(CYASSL_CTX));
ashleymills 0:714293de3836 360 #endif
ashleymills 0:714293de3836 361
ashleymills 0:714293de3836 362 return sizeof(CYASSL);
ashleymills 0:714293de3836 363 }
ashleymills 0:714293de3836 364 #endif
ashleymills 0:714293de3836 365
ashleymills 0:714293de3836 366 /* XXX should be NO_DH */
ashleymills 0:714293de3836 367 #ifndef NO_CERTS
ashleymills 0:714293de3836 368 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 369 int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
ashleymills 0:714293de3836 370 const unsigned char* g, int gSz)
ashleymills 0:714293de3836 371 {
ashleymills 0:714293de3836 372 byte havePSK = 0;
ashleymills 0:714293de3836 373 byte haveRSA = 1;
ashleymills 0:714293de3836 374
ashleymills 0:714293de3836 375 CYASSL_ENTER("CyaSSL_SetTmpDH");
ashleymills 0:714293de3836 376 if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
ashleymills 0:714293de3836 377
ashleymills 0:714293de3836 378 if (ssl->options.side != SERVER_END)
ashleymills 0:714293de3836 379 return SIDE_ERROR;
ashleymills 0:714293de3836 380
ashleymills 0:714293de3836 381 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH)
ashleymills 0:714293de3836 382 XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 383 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH)
ashleymills 0:714293de3836 384 XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 385
ashleymills 0:714293de3836 386 ssl->buffers.weOwnDH = 1; /* SSL owns now */
ashleymills 0:714293de3836 387 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap,
ashleymills 0:714293de3836 388 DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 389 if (ssl->buffers.serverDH_P.buffer == NULL)
ashleymills 0:714293de3836 390 return MEMORY_E;
ashleymills 0:714293de3836 391
ashleymills 0:714293de3836 392 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap,
ashleymills 0:714293de3836 393 DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 394 if (ssl->buffers.serverDH_G.buffer == NULL) {
ashleymills 0:714293de3836 395 XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 396 return MEMORY_E;
ashleymills 0:714293de3836 397 }
ashleymills 0:714293de3836 398
ashleymills 0:714293de3836 399 ssl->buffers.serverDH_P.length = pSz;
ashleymills 0:714293de3836 400 ssl->buffers.serverDH_G.length = gSz;
ashleymills 0:714293de3836 401
ashleymills 0:714293de3836 402 XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
ashleymills 0:714293de3836 403 XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
ashleymills 0:714293de3836 404
ashleymills 0:714293de3836 405 ssl->options.haveDH = 1;
ashleymills 0:714293de3836 406 #ifndef NO_PSK
ashleymills 0:714293de3836 407 havePSK = ssl->options.havePSK;
ashleymills 0:714293de3836 408 #endif
ashleymills 0:714293de3836 409 #ifdef NO_RSA
ashleymills 0:714293de3836 410 haveRSA = 0;
ashleymills 0:714293de3836 411 #endif
ashleymills 0:714293de3836 412 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
ashleymills 0:714293de3836 413 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
ashleymills 0:714293de3836 414 ssl->options.haveStaticECC, ssl->options.side);
ashleymills 0:714293de3836 415
ashleymills 0:714293de3836 416 CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
ashleymills 0:714293de3836 417 return SSL_SUCCESS;
ashleymills 0:714293de3836 418 }
ashleymills 0:714293de3836 419 #endif /* !NO_CERTS */
ashleymills 0:714293de3836 420
ashleymills 0:714293de3836 421
ashleymills 0:714293de3836 422 int CyaSSL_write(CYASSL* ssl, const void* data, int sz)
ashleymills 0:714293de3836 423 {
ashleymills 0:714293de3836 424 int ret;
ashleymills 0:714293de3836 425
ashleymills 0:714293de3836 426 CYASSL_ENTER("SSL_write()");
ashleymills 0:714293de3836 427
ashleymills 0:714293de3836 428 #ifdef HAVE_ERRNO_H
ashleymills 0:714293de3836 429 errno = 0;
ashleymills 0:714293de3836 430 #endif
ashleymills 0:714293de3836 431
ashleymills 0:714293de3836 432 ret = SendData(ssl, data, sz);
ashleymills 0:714293de3836 433
ashleymills 0:714293de3836 434 CYASSL_LEAVE("SSL_write()", ret);
ashleymills 0:714293de3836 435
ashleymills 0:714293de3836 436 if (ret < 0)
ashleymills 0:714293de3836 437 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 438 else
ashleymills 0:714293de3836 439 return ret;
ashleymills 0:714293de3836 440 }
ashleymills 0:714293de3836 441
ashleymills 0:714293de3836 442
ashleymills 0:714293de3836 443 static int CyaSSL_read_internal(CYASSL* ssl, void* data, int sz, int peek)
ashleymills 0:714293de3836 444 {
ashleymills 0:714293de3836 445 int ret;
ashleymills 0:714293de3836 446
ashleymills 0:714293de3836 447 CYASSL_ENTER("CyaSSL_read_internal()");
ashleymills 0:714293de3836 448
ashleymills 0:714293de3836 449 #ifdef HAVE_ERRNO_H
ashleymills 0:714293de3836 450 errno = 0;
ashleymills 0:714293de3836 451 #endif
ashleymills 0:714293de3836 452 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 453 if (ssl->options.dtls)
ashleymills 0:714293de3836 454 ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
ashleymills 0:714293de3836 455 #endif
ashleymills 0:714293de3836 456
ashleymills 0:714293de3836 457 ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
ashleymills 0:714293de3836 458
ashleymills 0:714293de3836 459 CYASSL_LEAVE("CyaSSL_read_internal()", ret);
ashleymills 0:714293de3836 460
ashleymills 0:714293de3836 461 if (ret < 0)
ashleymills 0:714293de3836 462 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 463 else
ashleymills 0:714293de3836 464 return ret;
ashleymills 0:714293de3836 465 }
ashleymills 0:714293de3836 466
ashleymills 0:714293de3836 467
ashleymills 0:714293de3836 468 int CyaSSL_peek(CYASSL* ssl, void* data, int sz)
ashleymills 0:714293de3836 469 {
ashleymills 0:714293de3836 470 CYASSL_ENTER("CyaSSL_peek()");
ashleymills 0:714293de3836 471
ashleymills 0:714293de3836 472 return CyaSSL_read_internal(ssl, data, sz, TRUE);
ashleymills 0:714293de3836 473 }
ashleymills 0:714293de3836 474
ashleymills 0:714293de3836 475
ashleymills 0:714293de3836 476 int CyaSSL_read(CYASSL* ssl, void* data, int sz)
ashleymills 0:714293de3836 477 {
ashleymills 0:714293de3836 478 CYASSL_ENTER("CyaSSL_read()");
ashleymills 0:714293de3836 479
ashleymills 0:714293de3836 480 return CyaSSL_read_internal(ssl, data, sz, FALSE);
ashleymills 0:714293de3836 481 }
ashleymills 0:714293de3836 482
ashleymills 0:714293de3836 483
ashleymills 0:714293de3836 484 #ifdef HAVE_CAVIUM
ashleymills 0:714293de3836 485
ashleymills 0:714293de3836 486 /* let's use cavium, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 487 int CyaSSL_UseCavium(CYASSL* ssl, int devId)
ashleymills 0:714293de3836 488 {
ashleymills 0:714293de3836 489 if (ssl == NULL)
ashleymills 0:714293de3836 490 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 491
ashleymills 0:714293de3836 492 ssl->devId = devId;
ashleymills 0:714293de3836 493
ashleymills 0:714293de3836 494 return SSL_SUCCESS;
ashleymills 0:714293de3836 495 }
ashleymills 0:714293de3836 496
ashleymills 0:714293de3836 497
ashleymills 0:714293de3836 498 /* let's use cavium, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 499 int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId)
ashleymills 0:714293de3836 500 {
ashleymills 0:714293de3836 501 if (ctx == NULL)
ashleymills 0:714293de3836 502 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 503
ashleymills 0:714293de3836 504 ctx->devId = devId;
ashleymills 0:714293de3836 505
ashleymills 0:714293de3836 506 return SSL_SUCCESS;
ashleymills 0:714293de3836 507 }
ashleymills 0:714293de3836 508
ashleymills 0:714293de3836 509
ashleymills 0:714293de3836 510 #endif /* HAVE_CAVIUM */
ashleymills 0:714293de3836 511
ashleymills 0:714293de3836 512 #ifdef HAVE_SNI
ashleymills 0:714293de3836 513
ashleymills 0:714293de3836 514 int CyaSSL_UseSNI(CYASSL* ssl, byte type, const void* data, word16 size)
ashleymills 0:714293de3836 515 {
ashleymills 0:714293de3836 516 if (ssl == NULL)
ashleymills 0:714293de3836 517 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 518
ashleymills 0:714293de3836 519 return TLSX_UseSNI(&ssl->extensions, type, data, size);
ashleymills 0:714293de3836 520 }
ashleymills 0:714293de3836 521
ashleymills 0:714293de3836 522 int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, byte type, const void* data, word16 size)
ashleymills 0:714293de3836 523 {
ashleymills 0:714293de3836 524 if (ctx == NULL)
ashleymills 0:714293de3836 525 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 526
ashleymills 0:714293de3836 527 return TLSX_UseSNI(&ctx->extensions, type, data, size);
ashleymills 0:714293de3836 528 }
ashleymills 0:714293de3836 529
ashleymills 0:714293de3836 530 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 531 byte CyaSSL_SNI_Matched(CYASSL* ssl, byte type)
ashleymills 0:714293de3836 532 {
ashleymills 0:714293de3836 533 return TLSX_SNI_Matched(ssl ? ssl->extensions : NULL, type);
ashleymills 0:714293de3836 534 }
ashleymills 0:714293de3836 535
ashleymills 0:714293de3836 536 void CyaSSL_SNI_SetOptions(CYASSL* ssl, byte type, byte options)
ashleymills 0:714293de3836 537 {
ashleymills 0:714293de3836 538 if (ssl && ssl->extensions)
ashleymills 0:714293de3836 539 TLSX_SNI_SetOptions(ssl->extensions, type, options);
ashleymills 0:714293de3836 540 }
ashleymills 0:714293de3836 541
ashleymills 0:714293de3836 542 void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, byte type, byte options)
ashleymills 0:714293de3836 543 {
ashleymills 0:714293de3836 544 if (ctx && ctx->extensions)
ashleymills 0:714293de3836 545 TLSX_SNI_SetOptions(ctx->extensions, type, options);
ashleymills 0:714293de3836 546 }
ashleymills 0:714293de3836 547 #endif
ashleymills 0:714293de3836 548
ashleymills 0:714293de3836 549 #endif /* HAVE_SNI */
ashleymills 0:714293de3836 550
ashleymills 0:714293de3836 551 #ifndef CYASSL_LEANPSK
ashleymills 0:714293de3836 552 int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags)
ashleymills 0:714293de3836 553 {
ashleymills 0:714293de3836 554 int ret;
ashleymills 0:714293de3836 555 int oldFlags = ssl->wflags;
ashleymills 0:714293de3836 556
ashleymills 0:714293de3836 557 CYASSL_ENTER("CyaSSL_send()");
ashleymills 0:714293de3836 558
ashleymills 0:714293de3836 559 ssl->wflags = flags;
ashleymills 0:714293de3836 560 ret = CyaSSL_write(ssl, data, sz);
ashleymills 0:714293de3836 561 ssl->wflags = oldFlags;
ashleymills 0:714293de3836 562
ashleymills 0:714293de3836 563 CYASSL_LEAVE("CyaSSL_send()", ret);
ashleymills 0:714293de3836 564
ashleymills 0:714293de3836 565 return ret;
ashleymills 0:714293de3836 566 }
ashleymills 0:714293de3836 567
ashleymills 0:714293de3836 568
ashleymills 0:714293de3836 569 int CyaSSL_recv(CYASSL* ssl, void* data, int sz, int flags)
ashleymills 0:714293de3836 570 {
ashleymills 0:714293de3836 571 int ret;
ashleymills 0:714293de3836 572 int oldFlags = ssl->rflags;
ashleymills 0:714293de3836 573
ashleymills 0:714293de3836 574 CYASSL_ENTER("CyaSSL_recv()");
ashleymills 0:714293de3836 575
ashleymills 0:714293de3836 576 ssl->rflags = flags;
ashleymills 0:714293de3836 577 ret = CyaSSL_read(ssl, data, sz);
ashleymills 0:714293de3836 578 ssl->rflags = oldFlags;
ashleymills 0:714293de3836 579
ashleymills 0:714293de3836 580 CYASSL_LEAVE("CyaSSL_recv()", ret);
ashleymills 0:714293de3836 581
ashleymills 0:714293de3836 582 return ret;
ashleymills 0:714293de3836 583 }
ashleymills 0:714293de3836 584 #endif
ashleymills 0:714293de3836 585
ashleymills 0:714293de3836 586
ashleymills 0:714293de3836 587 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 588 int CyaSSL_shutdown(CYASSL* ssl)
ashleymills 0:714293de3836 589 {
ashleymills 0:714293de3836 590 CYASSL_ENTER("SSL_shutdown()");
ashleymills 0:714293de3836 591
ashleymills 0:714293de3836 592 if (ssl == NULL)
ashleymills 0:714293de3836 593 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 594
ashleymills 0:714293de3836 595 if (ssl->options.quietShutdown) {
ashleymills 0:714293de3836 596 CYASSL_MSG("quiet shutdown, no close notify sent");
ashleymills 0:714293de3836 597 return SSL_SUCCESS;
ashleymills 0:714293de3836 598 }
ashleymills 0:714293de3836 599
ashleymills 0:714293de3836 600 /* try to send close notify, not an error if can't */
ashleymills 0:714293de3836 601 if (!ssl->options.isClosed && !ssl->options.connReset &&
ashleymills 0:714293de3836 602 !ssl->options.sentNotify) {
ashleymills 0:714293de3836 603 ssl->error = SendAlert(ssl, alert_warning, close_notify);
ashleymills 0:714293de3836 604 if (ssl->error < 0) {
ashleymills 0:714293de3836 605 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 606 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 607 }
ashleymills 0:714293de3836 608 ssl->options.sentNotify = 1; /* don't send close_notify twice */
ashleymills 0:714293de3836 609 }
ashleymills 0:714293de3836 610
ashleymills 0:714293de3836 611 CYASSL_LEAVE("SSL_shutdown()", ssl->error);
ashleymills 0:714293de3836 612
ashleymills 0:714293de3836 613 ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
ashleymills 0:714293de3836 614
ashleymills 0:714293de3836 615 return SSL_SUCCESS;
ashleymills 0:714293de3836 616 }
ashleymills 0:714293de3836 617
ashleymills 0:714293de3836 618
ashleymills 0:714293de3836 619 int CyaSSL_get_error(CYASSL* ssl, int ret)
ashleymills 0:714293de3836 620 {
ashleymills 0:714293de3836 621 CYASSL_ENTER("SSL_get_error");
ashleymills 0:714293de3836 622 CYASSL_LEAVE("SSL_get_error", ssl->error);
ashleymills 0:714293de3836 623 if (ret > 0)
ashleymills 0:714293de3836 624 return SSL_ERROR_NONE;
ashleymills 0:714293de3836 625
ashleymills 0:714293de3836 626 /* make sure converted types are handled in SetErrorString() too */
ashleymills 0:714293de3836 627 if (ssl->error == WANT_READ)
ashleymills 0:714293de3836 628 return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */
ashleymills 0:714293de3836 629 else if (ssl->error == WANT_WRITE)
ashleymills 0:714293de3836 630 return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
ashleymills 0:714293de3836 631 else if (ssl->error == ZERO_RETURN)
ashleymills 0:714293de3836 632 return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
ashleymills 0:714293de3836 633 return ssl->error;
ashleymills 0:714293de3836 634 }
ashleymills 0:714293de3836 635
ashleymills 0:714293de3836 636
ashleymills 0:714293de3836 637 /* retrive alert history, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 638 int CyaSSL_get_alert_history(CYASSL* ssl, CYASSL_ALERT_HISTORY *h)
ashleymills 0:714293de3836 639 {
ashleymills 0:714293de3836 640 if (ssl && h) {
ashleymills 0:714293de3836 641 *h = ssl->alert_history;
ashleymills 0:714293de3836 642 }
ashleymills 0:714293de3836 643 return SSL_SUCCESS;
ashleymills 0:714293de3836 644 }
ashleymills 0:714293de3836 645
ashleymills 0:714293de3836 646
ashleymills 0:714293de3836 647 /* return TRUE if current error is want read */
ashleymills 0:714293de3836 648 int CyaSSL_want_read(CYASSL* ssl)
ashleymills 0:714293de3836 649 {
ashleymills 0:714293de3836 650 CYASSL_ENTER("SSL_want_read");
ashleymills 0:714293de3836 651 if (ssl->error == WANT_READ)
ashleymills 0:714293de3836 652 return 1;
ashleymills 0:714293de3836 653
ashleymills 0:714293de3836 654 return 0;
ashleymills 0:714293de3836 655 }
ashleymills 0:714293de3836 656
ashleymills 0:714293de3836 657
ashleymills 0:714293de3836 658 /* return TRUE if current error is want write */
ashleymills 0:714293de3836 659 int CyaSSL_want_write(CYASSL* ssl)
ashleymills 0:714293de3836 660 {
ashleymills 0:714293de3836 661 CYASSL_ENTER("SSL_want_write");
ashleymills 0:714293de3836 662 if (ssl->error == WANT_WRITE)
ashleymills 0:714293de3836 663 return 1;
ashleymills 0:714293de3836 664
ashleymills 0:714293de3836 665 return 0;
ashleymills 0:714293de3836 666 }
ashleymills 0:714293de3836 667
ashleymills 0:714293de3836 668
ashleymills 0:714293de3836 669 char* CyaSSL_ERR_error_string(unsigned long errNumber, char* data)
ashleymills 0:714293de3836 670 {
ashleymills 0:714293de3836 671 static const char* msg = "Please supply a buffer for error string";
ashleymills 0:714293de3836 672
ashleymills 0:714293de3836 673 CYASSL_ENTER("ERR_error_string");
ashleymills 0:714293de3836 674 if (data) {
ashleymills 0:714293de3836 675 SetErrorString((int)errNumber, data);
ashleymills 0:714293de3836 676 return data;
ashleymills 0:714293de3836 677 }
ashleymills 0:714293de3836 678
ashleymills 0:714293de3836 679 return (char*)msg;
ashleymills 0:714293de3836 680 }
ashleymills 0:714293de3836 681
ashleymills 0:714293de3836 682
ashleymills 0:714293de3836 683 void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
ashleymills 0:714293de3836 684 {
ashleymills 0:714293de3836 685 CYASSL_ENTER("CyaSSL_ERR_error_string_n");
ashleymills 0:714293de3836 686 if (len >= MAX_ERROR_SZ)
ashleymills 0:714293de3836 687 CyaSSL_ERR_error_string(e, buf);
ashleymills 0:714293de3836 688 else {
ashleymills 0:714293de3836 689 char tmp[MAX_ERROR_SZ];
ashleymills 0:714293de3836 690
ashleymills 0:714293de3836 691 CYASSL_MSG("Error buffer too short, truncating");
ashleymills 0:714293de3836 692 if (len) {
ashleymills 0:714293de3836 693 CyaSSL_ERR_error_string(e, tmp);
ashleymills 0:714293de3836 694 XMEMCPY(buf, tmp, len-1);
ashleymills 0:714293de3836 695 buf[len-1] = '\0';
ashleymills 0:714293de3836 696 }
ashleymills 0:714293de3836 697 }
ashleymills 0:714293de3836 698 }
ashleymills 0:714293de3836 699
ashleymills 0:714293de3836 700
ashleymills 0:714293de3836 701 /* don't free temporary arrays at end of handshake */
ashleymills 0:714293de3836 702 void CyaSSL_KeepArrays(CYASSL* ssl)
ashleymills 0:714293de3836 703 {
ashleymills 0:714293de3836 704 if (ssl)
ashleymills 0:714293de3836 705 ssl->options.saveArrays = 1;
ashleymills 0:714293de3836 706 }
ashleymills 0:714293de3836 707
ashleymills 0:714293de3836 708
ashleymills 0:714293de3836 709 /* user doesn't need temporary arrays anymore, Free */
ashleymills 0:714293de3836 710 void CyaSSL_FreeArrays(CYASSL* ssl)
ashleymills 0:714293de3836 711 {
ashleymills 0:714293de3836 712 if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
ashleymills 0:714293de3836 713 ssl->options.saveArrays = 0;
ashleymills 0:714293de3836 714 FreeArrays(ssl, 1);
ashleymills 0:714293de3836 715 }
ashleymills 0:714293de3836 716 }
ashleymills 0:714293de3836 717
ashleymills 0:714293de3836 718
ashleymills 0:714293de3836 719 #ifndef NO_CERTS
ashleymills 0:714293de3836 720
ashleymills 0:714293de3836 721 CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
ashleymills 0:714293de3836 722 {
ashleymills 0:714293de3836 723 CYASSL_CERT_MANAGER* cm = NULL;
ashleymills 0:714293de3836 724
ashleymills 0:714293de3836 725 CYASSL_ENTER("CyaSSL_CertManagerNew");
ashleymills 0:714293de3836 726
ashleymills 0:714293de3836 727 cm = (CYASSL_CERT_MANAGER*) XMALLOC(sizeof(CYASSL_CERT_MANAGER), 0,
ashleymills 0:714293de3836 728 DYNAMIC_TYPE_CERT_MANAGER);
ashleymills 0:714293de3836 729 if (cm) {
ashleymills 0:714293de3836 730 int i;
ashleymills 0:714293de3836 731
ashleymills 0:714293de3836 732 for (i = 0; i < CA_TABLE_SIZE; i++)
ashleymills 0:714293de3836 733 cm->caTable[i] = NULL;
ashleymills 0:714293de3836 734 cm->heap = NULL;
ashleymills 0:714293de3836 735 cm->caCacheCallback = NULL;
ashleymills 0:714293de3836 736 cm->crl = NULL;
ashleymills 0:714293de3836 737 cm->crlEnabled = 0;
ashleymills 0:714293de3836 738 cm->crlCheckAll = 0;
ashleymills 0:714293de3836 739 cm->cbMissingCRL = NULL;
ashleymills 0:714293de3836 740
ashleymills 0:714293de3836 741 if (InitMutex(&cm->caLock) != 0) {
ashleymills 0:714293de3836 742 CYASSL_MSG("Bad mutex init");
ashleymills 0:714293de3836 743 CyaSSL_CertManagerFree(cm);
ashleymills 0:714293de3836 744 return NULL;
ashleymills 0:714293de3836 745 }
ashleymills 0:714293de3836 746 }
ashleymills 0:714293de3836 747
ashleymills 0:714293de3836 748 return cm;
ashleymills 0:714293de3836 749 }
ashleymills 0:714293de3836 750
ashleymills 0:714293de3836 751
ashleymills 0:714293de3836 752 void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
ashleymills 0:714293de3836 753 {
ashleymills 0:714293de3836 754 CYASSL_ENTER("CyaSSL_CertManagerFree");
ashleymills 0:714293de3836 755
ashleymills 0:714293de3836 756 if (cm) {
ashleymills 0:714293de3836 757 #ifdef HAVE_CRL
ashleymills 0:714293de3836 758 if (cm->crl)
ashleymills 0:714293de3836 759 FreeCRL(cm->crl, 1);
ashleymills 0:714293de3836 760 #endif
ashleymills 0:714293de3836 761 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
ashleymills 0:714293de3836 762 FreeMutex(&cm->caLock);
ashleymills 0:714293de3836 763 XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
ashleymills 0:714293de3836 764 }
ashleymills 0:714293de3836 765
ashleymills 0:714293de3836 766 }
ashleymills 0:714293de3836 767
ashleymills 0:714293de3836 768
ashleymills 0:714293de3836 769 /* Unload the CA signer list */
ashleymills 0:714293de3836 770 int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
ashleymills 0:714293de3836 771 {
ashleymills 0:714293de3836 772 CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs");
ashleymills 0:714293de3836 773
ashleymills 0:714293de3836 774 if (cm == NULL)
ashleymills 0:714293de3836 775 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 776
ashleymills 0:714293de3836 777 if (LockMutex(&cm->caLock) != 0)
ashleymills 0:714293de3836 778 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 779
ashleymills 0:714293de3836 780 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
ashleymills 0:714293de3836 781
ashleymills 0:714293de3836 782 UnLockMutex(&cm->caLock);
ashleymills 0:714293de3836 783
ashleymills 0:714293de3836 784
ashleymills 0:714293de3836 785 return SSL_SUCCESS;
ashleymills 0:714293de3836 786 }
ashleymills 0:714293de3836 787
ashleymills 0:714293de3836 788
ashleymills 0:714293de3836 789 #endif /* !NO_CERTS */
ashleymills 0:714293de3836 790
ashleymills 0:714293de3836 791
ashleymills 0:714293de3836 792
ashleymills 0:714293de3836 793 #ifndef NO_FILESYSTEM
ashleymills 0:714293de3836 794
ashleymills 0:714293de3836 795 void CyaSSL_ERR_print_errors_fp(FILE* fp, int err)
ashleymills 0:714293de3836 796 {
ashleymills 0:714293de3836 797 char data[MAX_ERROR_SZ + 1];
ashleymills 0:714293de3836 798
ashleymills 0:714293de3836 799 CYASSL_ENTER("CyaSSL_ERR_print_errors_fp");
ashleymills 0:714293de3836 800 SetErrorString(err, data);
ashleymills 0:714293de3836 801 fprintf(fp, "%s", data);
ashleymills 0:714293de3836 802 }
ashleymills 0:714293de3836 803
ashleymills 0:714293de3836 804 #endif
ashleymills 0:714293de3836 805
ashleymills 0:714293de3836 806
ashleymills 0:714293de3836 807 int CyaSSL_pending(CYASSL* ssl)
ashleymills 0:714293de3836 808 {
ashleymills 0:714293de3836 809 CYASSL_ENTER("SSL_pending");
ashleymills 0:714293de3836 810 return ssl->buffers.clearOutputBuffer.length;
ashleymills 0:714293de3836 811 }
ashleymills 0:714293de3836 812
ashleymills 0:714293de3836 813
ashleymills 0:714293de3836 814 #ifndef CYASSL_LEANPSK
ashleymills 0:714293de3836 815 /* trun on handshake group messages for context */
ashleymills 0:714293de3836 816 int CyaSSL_CTX_set_group_messages(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 817 {
ashleymills 0:714293de3836 818 if (ctx == NULL)
ashleymills 0:714293de3836 819 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 820
ashleymills 0:714293de3836 821 ctx->groupMessages = 1;
ashleymills 0:714293de3836 822
ashleymills 0:714293de3836 823 return SSL_SUCCESS;
ashleymills 0:714293de3836 824 }
ashleymills 0:714293de3836 825 #endif
ashleymills 0:714293de3836 826
ashleymills 0:714293de3836 827
ashleymills 0:714293de3836 828 #ifndef NO_CYASSL_CLIENT
ashleymills 0:714293de3836 829 /* connect enough to get peer cert chain */
ashleymills 0:714293de3836 830 int CyaSSL_connect_cert(CYASSL* ssl)
ashleymills 0:714293de3836 831 {
ashleymills 0:714293de3836 832 int ret;
ashleymills 0:714293de3836 833
ashleymills 0:714293de3836 834 if (ssl == NULL)
ashleymills 0:714293de3836 835 return SSL_FAILURE;
ashleymills 0:714293de3836 836
ashleymills 0:714293de3836 837 ssl->options.certOnly = 1;
ashleymills 0:714293de3836 838 ret = CyaSSL_connect(ssl);
ashleymills 0:714293de3836 839 ssl->options.certOnly = 0;
ashleymills 0:714293de3836 840
ashleymills 0:714293de3836 841 return ret;
ashleymills 0:714293de3836 842 }
ashleymills 0:714293de3836 843 #endif
ashleymills 0:714293de3836 844
ashleymills 0:714293de3836 845
ashleymills 0:714293de3836 846 #ifndef CYASSL_LEANPSK
ashleymills 0:714293de3836 847 /* trun on handshake group messages for ssl object */
ashleymills 0:714293de3836 848 int CyaSSL_set_group_messages(CYASSL* ssl)
ashleymills 0:714293de3836 849 {
ashleymills 0:714293de3836 850 if (ssl == NULL)
ashleymills 0:714293de3836 851 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 852
ashleymills 0:714293de3836 853 ssl->options.groupMessages = 1;
ashleymills 0:714293de3836 854
ashleymills 0:714293de3836 855 return SSL_SUCCESS;
ashleymills 0:714293de3836 856 }
ashleymills 0:714293de3836 857
ashleymills 0:714293de3836 858
ashleymills 0:714293de3836 859 int CyaSSL_SetVersion(CYASSL* ssl, int version)
ashleymills 0:714293de3836 860 {
ashleymills 0:714293de3836 861 byte haveRSA = 1;
ashleymills 0:714293de3836 862 byte havePSK = 0;
ashleymills 0:714293de3836 863
ashleymills 0:714293de3836 864 CYASSL_ENTER("CyaSSL_SetVersion");
ashleymills 0:714293de3836 865
ashleymills 0:714293de3836 866 if (ssl == NULL) {
ashleymills 0:714293de3836 867 CYASSL_MSG("Bad function argument");
ashleymills 0:714293de3836 868 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 869 }
ashleymills 0:714293de3836 870
ashleymills 0:714293de3836 871 switch (version) {
ashleymills 0:714293de3836 872 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 873 case CYASSL_SSLV3:
ashleymills 0:714293de3836 874 ssl->version = MakeSSLv3();
ashleymills 0:714293de3836 875 break;
ashleymills 0:714293de3836 876 #endif
ashleymills 0:714293de3836 877
ashleymills 0:714293de3836 878 #ifndef NO_TLS
ashleymills 0:714293de3836 879 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 880 case CYASSL_TLSV1:
ashleymills 0:714293de3836 881 ssl->version = MakeTLSv1();
ashleymills 0:714293de3836 882 break;
ashleymills 0:714293de3836 883
ashleymills 0:714293de3836 884 case CYASSL_TLSV1_1:
ashleymills 0:714293de3836 885 ssl->version = MakeTLSv1_1();
ashleymills 0:714293de3836 886 break;
ashleymills 0:714293de3836 887 #endif
ashleymills 0:714293de3836 888 case CYASSL_TLSV1_2:
ashleymills 0:714293de3836 889 ssl->version = MakeTLSv1_2();
ashleymills 0:714293de3836 890 break;
ashleymills 0:714293de3836 891 #endif
ashleymills 0:714293de3836 892
ashleymills 0:714293de3836 893 default:
ashleymills 0:714293de3836 894 CYASSL_MSG("Bad function argument");
ashleymills 0:714293de3836 895 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 896 }
ashleymills 0:714293de3836 897
ashleymills 0:714293de3836 898 #ifdef NO_RSA
ashleymills 0:714293de3836 899 haveRSA = 0;
ashleymills 0:714293de3836 900 #endif
ashleymills 0:714293de3836 901 #ifndef NO_PSK
ashleymills 0:714293de3836 902 havePSK = ssl->options.havePSK;
ashleymills 0:714293de3836 903 #endif
ashleymills 0:714293de3836 904
ashleymills 0:714293de3836 905 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
ashleymills 0:714293de3836 906 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
ashleymills 0:714293de3836 907 ssl->options.haveStaticECC, ssl->options.side);
ashleymills 0:714293de3836 908
ashleymills 0:714293de3836 909 return SSL_SUCCESS;
ashleymills 0:714293de3836 910 }
ashleymills 0:714293de3836 911 #endif /* !leanpsk */
ashleymills 0:714293de3836 912
ashleymills 0:714293de3836 913
ashleymills 0:714293de3836 914 #if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE)
ashleymills 0:714293de3836 915
ashleymills 0:714293de3836 916 /* Make a work from the front of random hash */
ashleymills 0:714293de3836 917 static INLINE word32 MakeWordFromHash(const byte* hashID)
ashleymills 0:714293de3836 918 {
ashleymills 0:714293de3836 919 return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
ashleymills 0:714293de3836 920 hashID[3];
ashleymills 0:714293de3836 921 }
ashleymills 0:714293de3836 922
ashleymills 0:714293de3836 923 #endif /* !NO_CERTS || !NO_SESSION_CACHE */
ashleymills 0:714293de3836 924
ashleymills 0:714293de3836 925
ashleymills 0:714293de3836 926 #ifndef NO_CERTS
ashleymills 0:714293de3836 927
ashleymills 0:714293de3836 928 /* hash is the SHA digest of name, just use first 32 bits as hash */
ashleymills 0:714293de3836 929 static INLINE word32 HashSigner(const byte* hash)
ashleymills 0:714293de3836 930 {
ashleymills 0:714293de3836 931 return MakeWordFromHash(hash) % CA_TABLE_SIZE;
ashleymills 0:714293de3836 932 }
ashleymills 0:714293de3836 933
ashleymills 0:714293de3836 934
ashleymills 0:714293de3836 935 /* does CA already exist on signer list */
ashleymills 0:714293de3836 936 int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
ashleymills 0:714293de3836 937 {
ashleymills 0:714293de3836 938 Signer* signers;
ashleymills 0:714293de3836 939 int ret = 0;
ashleymills 0:714293de3836 940 word32 row = HashSigner(hash);
ashleymills 0:714293de3836 941
ashleymills 0:714293de3836 942 if (LockMutex(&cm->caLock) != 0)
ashleymills 0:714293de3836 943 return ret;
ashleymills 0:714293de3836 944 signers = cm->caTable[row];
ashleymills 0:714293de3836 945 while (signers) {
ashleymills 0:714293de3836 946 byte* subjectHash;
ashleymills 0:714293de3836 947 #ifndef NO_SKID
ashleymills 0:714293de3836 948 subjectHash = signers->subjectKeyIdHash;
ashleymills 0:714293de3836 949 #else
ashleymills 0:714293de3836 950 subjectHash = signers->subjectNameHash;
ashleymills 0:714293de3836 951 #endif
ashleymills 0:714293de3836 952 if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
ashleymills 0:714293de3836 953 ret = 1;
ashleymills 0:714293de3836 954 break;
ashleymills 0:714293de3836 955 }
ashleymills 0:714293de3836 956 signers = signers->next;
ashleymills 0:714293de3836 957 }
ashleymills 0:714293de3836 958 UnLockMutex(&cm->caLock);
ashleymills 0:714293de3836 959
ashleymills 0:714293de3836 960 return ret;
ashleymills 0:714293de3836 961 }
ashleymills 0:714293de3836 962
ashleymills 0:714293de3836 963
ashleymills 0:714293de3836 964 /* return CA if found, otherwise NULL */
ashleymills 0:714293de3836 965 Signer* GetCA(void* vp, byte* hash)
ashleymills 0:714293de3836 966 {
ashleymills 0:714293de3836 967 CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
ashleymills 0:714293de3836 968 Signer* ret = NULL;
ashleymills 0:714293de3836 969 Signer* signers;
ashleymills 0:714293de3836 970 word32 row = HashSigner(hash);
ashleymills 0:714293de3836 971
ashleymills 0:714293de3836 972 if (cm == NULL)
ashleymills 0:714293de3836 973 return NULL;
ashleymills 0:714293de3836 974
ashleymills 0:714293de3836 975 if (LockMutex(&cm->caLock) != 0)
ashleymills 0:714293de3836 976 return ret;
ashleymills 0:714293de3836 977
ashleymills 0:714293de3836 978 signers = cm->caTable[row];
ashleymills 0:714293de3836 979 while (signers) {
ashleymills 0:714293de3836 980 byte* subjectHash;
ashleymills 0:714293de3836 981 #ifndef NO_SKID
ashleymills 0:714293de3836 982 subjectHash = signers->subjectKeyIdHash;
ashleymills 0:714293de3836 983 #else
ashleymills 0:714293de3836 984 subjectHash = signers->subjectNameHash;
ashleymills 0:714293de3836 985 #endif
ashleymills 0:714293de3836 986 if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
ashleymills 0:714293de3836 987 ret = signers;
ashleymills 0:714293de3836 988 break;
ashleymills 0:714293de3836 989 }
ashleymills 0:714293de3836 990 signers = signers->next;
ashleymills 0:714293de3836 991 }
ashleymills 0:714293de3836 992 UnLockMutex(&cm->caLock);
ashleymills 0:714293de3836 993
ashleymills 0:714293de3836 994 return ret;
ashleymills 0:714293de3836 995 }
ashleymills 0:714293de3836 996
ashleymills 0:714293de3836 997
ashleymills 0:714293de3836 998 #ifndef NO_SKID
ashleymills 0:714293de3836 999 /* return CA if found, otherwise NULL. Walk through hash table. */
ashleymills 0:714293de3836 1000 Signer* GetCAByName(void* vp, byte* hash)
ashleymills 0:714293de3836 1001 {
ashleymills 0:714293de3836 1002 CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
ashleymills 0:714293de3836 1003 Signer* ret = NULL;
ashleymills 0:714293de3836 1004 Signer* signers;
ashleymills 0:714293de3836 1005 word32 row;
ashleymills 0:714293de3836 1006
ashleymills 0:714293de3836 1007 if (cm == NULL)
ashleymills 0:714293de3836 1008 return NULL;
ashleymills 0:714293de3836 1009
ashleymills 0:714293de3836 1010 if (LockMutex(&cm->caLock) != 0)
ashleymills 0:714293de3836 1011 return ret;
ashleymills 0:714293de3836 1012
ashleymills 0:714293de3836 1013 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
ashleymills 0:714293de3836 1014 signers = cm->caTable[row];
ashleymills 0:714293de3836 1015 while (signers && ret == NULL) {
ashleymills 0:714293de3836 1016 if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) {
ashleymills 0:714293de3836 1017 ret = signers;
ashleymills 0:714293de3836 1018 }
ashleymills 0:714293de3836 1019 signers = signers->next;
ashleymills 0:714293de3836 1020 }
ashleymills 0:714293de3836 1021 }
ashleymills 0:714293de3836 1022 UnLockMutex(&cm->caLock);
ashleymills 0:714293de3836 1023
ashleymills 0:714293de3836 1024 return ret;
ashleymills 0:714293de3836 1025 }
ashleymills 0:714293de3836 1026 #endif
ashleymills 0:714293de3836 1027
ashleymills 0:714293de3836 1028
ashleymills 0:714293de3836 1029 /* owns der, internal now uses too */
ashleymills 0:714293de3836 1030 /* type flag ids from user or from chain received during verify
ashleymills 0:714293de3836 1031 don't allow chain ones to be added w/o isCA extension */
ashleymills 0:714293de3836 1032 int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
ashleymills 0:714293de3836 1033 {
ashleymills 0:714293de3836 1034 int ret;
ashleymills 0:714293de3836 1035 DecodedCert cert;
ashleymills 0:714293de3836 1036 Signer* signer = 0;
ashleymills 0:714293de3836 1037 word32 row;
ashleymills 0:714293de3836 1038 byte* subjectHash;
ashleymills 0:714293de3836 1039
ashleymills 0:714293de3836 1040 CYASSL_MSG("Adding a CA");
ashleymills 0:714293de3836 1041 InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
ashleymills 0:714293de3836 1042 ret = ParseCert(&cert, CA_TYPE, verify, cm);
ashleymills 0:714293de3836 1043 CYASSL_MSG(" Parsed new CA");
ashleymills 0:714293de3836 1044
ashleymills 0:714293de3836 1045 #ifndef NO_SKID
ashleymills 0:714293de3836 1046 subjectHash = cert.extSubjKeyId;
ashleymills 0:714293de3836 1047 #else
ashleymills 0:714293de3836 1048 subjectHash = cert.subjectHash;
ashleymills 0:714293de3836 1049 #endif
ashleymills 0:714293de3836 1050
ashleymills 0:714293de3836 1051 if (ret == 0 && cert.isCA == 0 && type != CYASSL_USER_CA) {
ashleymills 0:714293de3836 1052 CYASSL_MSG(" Can't add as CA if not actually one");
ashleymills 0:714293de3836 1053 ret = NOT_CA_ERROR;
ashleymills 0:714293de3836 1054 }
ashleymills 0:714293de3836 1055 else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
ashleymills 0:714293de3836 1056 CYASSL_MSG(" Already have this CA, not adding again");
ashleymills 0:714293de3836 1057 (void)ret;
ashleymills 0:714293de3836 1058 }
ashleymills 0:714293de3836 1059 else if (ret == 0) {
ashleymills 0:714293de3836 1060 /* take over signer parts */
ashleymills 0:714293de3836 1061 signer = MakeSigner(cm->heap);
ashleymills 0:714293de3836 1062 if (!signer)
ashleymills 0:714293de3836 1063 ret = MEMORY_ERROR;
ashleymills 0:714293de3836 1064 else {
ashleymills 0:714293de3836 1065 signer->keyOID = cert.keyOID;
ashleymills 0:714293de3836 1066 signer->publicKey = cert.publicKey;
ashleymills 0:714293de3836 1067 signer->pubKeySize = cert.pubKeySize;
ashleymills 0:714293de3836 1068 signer->nameLen = cert.subjectCNLen;
ashleymills 0:714293de3836 1069 signer->name = cert.subjectCN;
ashleymills 0:714293de3836 1070 #ifndef NO_SKID
ashleymills 0:714293de3836 1071 XMEMCPY(signer->subjectKeyIdHash,
ashleymills 0:714293de3836 1072 cert.extSubjKeyId, SHA_DIGEST_SIZE);
ashleymills 0:714293de3836 1073 #endif
ashleymills 0:714293de3836 1074 XMEMCPY(signer->subjectNameHash, cert.subjectHash, SHA_DIGEST_SIZE);
ashleymills 0:714293de3836 1075 signer->next = NULL; /* in case lock fails */
ashleymills 0:714293de3836 1076
ashleymills 0:714293de3836 1077 cert.publicKey = 0; /* don't free here */
ashleymills 0:714293de3836 1078 cert.subjectCN = 0;
ashleymills 0:714293de3836 1079
ashleymills 0:714293de3836 1080 #ifndef NO_SKID
ashleymills 0:714293de3836 1081 row = HashSigner(signer->subjectKeyIdHash);
ashleymills 0:714293de3836 1082 #else
ashleymills 0:714293de3836 1083 row = HashSigner(signer->subjectNameHash);
ashleymills 0:714293de3836 1084 #endif
ashleymills 0:714293de3836 1085
ashleymills 0:714293de3836 1086 if (LockMutex(&cm->caLock) == 0) {
ashleymills 0:714293de3836 1087 signer->next = cm->caTable[row];
ashleymills 0:714293de3836 1088 cm->caTable[row] = signer; /* takes ownership */
ashleymills 0:714293de3836 1089 UnLockMutex(&cm->caLock);
ashleymills 0:714293de3836 1090 if (cm->caCacheCallback)
ashleymills 0:714293de3836 1091 cm->caCacheCallback(der.buffer, (int)der.length, type);
ashleymills 0:714293de3836 1092 }
ashleymills 0:714293de3836 1093 else {
ashleymills 0:714293de3836 1094 CYASSL_MSG(" CA Mutex Lock failed");
ashleymills 0:714293de3836 1095 ret = BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 1096 FreeSigner(signer, cm->heap);
ashleymills 0:714293de3836 1097 }
ashleymills 0:714293de3836 1098 }
ashleymills 0:714293de3836 1099 }
ashleymills 0:714293de3836 1100
ashleymills 0:714293de3836 1101 CYASSL_MSG(" Freeing Parsed CA");
ashleymills 0:714293de3836 1102 FreeDecodedCert(&cert);
ashleymills 0:714293de3836 1103 CYASSL_MSG(" Freeing der CA");
ashleymills 0:714293de3836 1104 XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA);
ashleymills 0:714293de3836 1105 CYASSL_MSG(" OK Freeing der CA");
ashleymills 0:714293de3836 1106
ashleymills 0:714293de3836 1107 CYASSL_LEAVE("AddCA", ret);
ashleymills 0:714293de3836 1108 if (ret == 0) return SSL_SUCCESS;
ashleymills 0:714293de3836 1109 return ret;
ashleymills 0:714293de3836 1110 }
ashleymills 0:714293de3836 1111
ashleymills 0:714293de3836 1112 #endif /* !NO_CERTS */
ashleymills 0:714293de3836 1113
ashleymills 0:714293de3836 1114
ashleymills 0:714293de3836 1115 #ifndef NO_SESSION_CACHE
ashleymills 0:714293de3836 1116
ashleymills 0:714293de3836 1117 /* basic config gives a cache with 33 sessions, adequate for clients and
ashleymills 0:714293de3836 1118 embedded servers
ashleymills 0:714293de3836 1119
ashleymills 0:714293de3836 1120 MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
ashleymills 0:714293de3836 1121 aren't under heavy load, basically allows 200 new sessions per minute
ashleymills 0:714293de3836 1122
ashleymills 0:714293de3836 1123 BIG_SESSION_CACHE yields 20,027 sessions
ashleymills 0:714293de3836 1124
ashleymills 0:714293de3836 1125 HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
ashleymills 0:714293de3836 1126 allows over 13,000 new sessions per minute or over 200 new sessions per
ashleymills 0:714293de3836 1127 second
ashleymills 0:714293de3836 1128
ashleymills 0:714293de3836 1129 SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
ashleymills 0:714293de3836 1130 or systems where the default of nearly 3kB is too much RAM, this define
ashleymills 0:714293de3836 1131 uses less than 500 bytes RAM
ashleymills 0:714293de3836 1132
ashleymills 0:714293de3836 1133 default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
ashleymills 0:714293de3836 1134 */
ashleymills 0:714293de3836 1135 #ifdef HUGE_SESSION_CACHE
ashleymills 0:714293de3836 1136 #define SESSIONS_PER_ROW 11
ashleymills 0:714293de3836 1137 #define SESSION_ROWS 5981
ashleymills 0:714293de3836 1138 #elif defined(BIG_SESSION_CACHE)
ashleymills 0:714293de3836 1139 #define SESSIONS_PER_ROW 7
ashleymills 0:714293de3836 1140 #define SESSION_ROWS 2861
ashleymills 0:714293de3836 1141 #elif defined(MEDIUM_SESSION_CACHE)
ashleymills 0:714293de3836 1142 #define SESSIONS_PER_ROW 5
ashleymills 0:714293de3836 1143 #define SESSION_ROWS 211
ashleymills 0:714293de3836 1144 #elif defined(SMALL_SESSION_CACHE)
ashleymills 0:714293de3836 1145 #define SESSIONS_PER_ROW 2
ashleymills 0:714293de3836 1146 #define SESSION_ROWS 3
ashleymills 0:714293de3836 1147 #else
ashleymills 0:714293de3836 1148 #define SESSIONS_PER_ROW 3
ashleymills 0:714293de3836 1149 #define SESSION_ROWS 11
ashleymills 0:714293de3836 1150 #endif
ashleymills 0:714293de3836 1151
ashleymills 0:714293de3836 1152 typedef struct SessionRow {
ashleymills 0:714293de3836 1153 int nextIdx; /* where to place next one */
ashleymills 0:714293de3836 1154 int totalCount; /* sessions ever on this row */
ashleymills 0:714293de3836 1155 CYASSL_SESSION Sessions[SESSIONS_PER_ROW];
ashleymills 0:714293de3836 1156 } SessionRow;
ashleymills 0:714293de3836 1157
ashleymills 0:714293de3836 1158 static SessionRow SessionCache[SESSION_ROWS];
ashleymills 0:714293de3836 1159
ashleymills 0:714293de3836 1160 static CyaSSL_Mutex session_mutex; /* SessionCache mutex */
ashleymills 0:714293de3836 1161
ashleymills 0:714293de3836 1162 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 1163
ashleymills 0:714293de3836 1164 typedef struct ClientSession {
ashleymills 0:714293de3836 1165 word16 serverRow; /* SessionCache Row id */
ashleymills 0:714293de3836 1166 word16 serverIdx; /* SessionCache Idx (column) */
ashleymills 0:714293de3836 1167 } ClientSession;
ashleymills 0:714293de3836 1168
ashleymills 0:714293de3836 1169 typedef struct ClientRow {
ashleymills 0:714293de3836 1170 int nextIdx; /* where to place next one */
ashleymills 0:714293de3836 1171 int totalCount; /* sessions ever on this row */
ashleymills 0:714293de3836 1172 ClientSession Clients[SESSIONS_PER_ROW];
ashleymills 0:714293de3836 1173 } ClientRow;
ashleymills 0:714293de3836 1174
ashleymills 0:714293de3836 1175 static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
ashleymills 0:714293de3836 1176 /* uses session mutex */
ashleymills 0:714293de3836 1177
ashleymills 0:714293de3836 1178 #endif /* NO_CLIENT_CACHE */
ashleymills 0:714293de3836 1179
ashleymills 0:714293de3836 1180 /* for persistance, if changes to layout need to increment and modify
ashleymills 0:714293de3836 1181 save_session_cache() and restore_session_cache and memory versions too */
ashleymills 0:714293de3836 1182 #define CYASSL_CACHE_VERSION 2
ashleymills 0:714293de3836 1183
ashleymills 0:714293de3836 1184 #endif /* NO_SESSION_CACHE */
ashleymills 0:714293de3836 1185
ashleymills 0:714293de3836 1186
ashleymills 0:714293de3836 1187 int CyaSSL_Init(void)
ashleymills 0:714293de3836 1188 {
ashleymills 0:714293de3836 1189 int ret = SSL_SUCCESS;
ashleymills 0:714293de3836 1190
ashleymills 0:714293de3836 1191 CYASSL_ENTER("CyaSSL_Init");
ashleymills 0:714293de3836 1192
ashleymills 0:714293de3836 1193 if (initRefCount == 0) {
ashleymills 0:714293de3836 1194 #ifndef NO_SESSION_CACHE
ashleymills 0:714293de3836 1195 if (InitMutex(&session_mutex) != 0)
ashleymills 0:714293de3836 1196 ret = BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 1197 #endif
ashleymills 0:714293de3836 1198 if (InitMutex(&count_mutex) != 0)
ashleymills 0:714293de3836 1199 ret = BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 1200 }
ashleymills 0:714293de3836 1201 if (ret == SSL_SUCCESS) {
ashleymills 0:714293de3836 1202 if (LockMutex(&count_mutex) != 0) {
ashleymills 0:714293de3836 1203 CYASSL_MSG("Bad Lock Mutex count");
ashleymills 0:714293de3836 1204 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 1205 }
ashleymills 0:714293de3836 1206 initRefCount++;
ashleymills 0:714293de3836 1207 UnLockMutex(&count_mutex);
ashleymills 0:714293de3836 1208 }
ashleymills 0:714293de3836 1209
ashleymills 0:714293de3836 1210 return ret;
ashleymills 0:714293de3836 1211 }
ashleymills 0:714293de3836 1212
ashleymills 0:714293de3836 1213
ashleymills 0:714293de3836 1214 #ifndef NO_CERTS
ashleymills 0:714293de3836 1215
ashleymills 0:714293de3836 1216 /* Remove PEM header/footer, convert to ASN1, store any encrypted data
ashleymills 0:714293de3836 1217 info->consumed tracks of PEM bytes consumed in case multiple parts */
ashleymills 0:714293de3836 1218 int PemToDer(const unsigned char* buff, long longSz, int type,
ashleymills 0:714293de3836 1219 buffer* der, void* heap, EncryptedInfo* info, int* eccKey)
ashleymills 0:714293de3836 1220 {
ashleymills 0:714293de3836 1221 char header[PEM_LINE_LEN];
ashleymills 0:714293de3836 1222 char footer[PEM_LINE_LEN];
ashleymills 0:714293de3836 1223 char* headerEnd;
ashleymills 0:714293de3836 1224 char* footerEnd;
ashleymills 0:714293de3836 1225 char* consumedEnd;
ashleymills 0:714293de3836 1226 char* bufferEnd = (char*)(buff + longSz);
ashleymills 0:714293de3836 1227 long neededSz;
ashleymills 0:714293de3836 1228 int pkcs8 = 0;
ashleymills 0:714293de3836 1229 int pkcs8Enc = 0;
ashleymills 0:714293de3836 1230 int dynamicType = 0;
ashleymills 0:714293de3836 1231 int sz = (int)longSz;
ashleymills 0:714293de3836 1232
ashleymills 0:714293de3836 1233 (void)heap;
ashleymills 0:714293de3836 1234 (void)dynamicType;
ashleymills 0:714293de3836 1235
ashleymills 0:714293de3836 1236 if (type == CERT_TYPE || type == CA_TYPE) {
ashleymills 0:714293de3836 1237 XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header));
ashleymills 0:714293de3836 1238 XSTRNCPY(footer, "-----END CERTIFICATE-----", sizeof(footer));
ashleymills 0:714293de3836 1239 dynamicType = (type == CA_TYPE) ? DYNAMIC_TYPE_CA :
ashleymills 0:714293de3836 1240 DYNAMIC_TYPE_CERT;
ashleymills 0:714293de3836 1241 } else if (type == DH_PARAM_TYPE) {
ashleymills 0:714293de3836 1242 XSTRNCPY(header, "-----BEGIN DH PARAMETERS-----", sizeof(header));
ashleymills 0:714293de3836 1243 XSTRNCPY(footer, "-----END DH PARAMETERS-----", sizeof(footer));
ashleymills 0:714293de3836 1244 dynamicType = DYNAMIC_TYPE_KEY;
ashleymills 0:714293de3836 1245 } else if (type == CRL_TYPE) {
ashleymills 0:714293de3836 1246 XSTRNCPY(header, "-----BEGIN X509 CRL-----", sizeof(header));
ashleymills 0:714293de3836 1247 XSTRNCPY(footer, "-----END X509 CRL-----", sizeof(footer));
ashleymills 0:714293de3836 1248 dynamicType = DYNAMIC_TYPE_CRL;
ashleymills 0:714293de3836 1249 } else {
ashleymills 0:714293de3836 1250 XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header));
ashleymills 0:714293de3836 1251 XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----", sizeof(footer));
ashleymills 0:714293de3836 1252 dynamicType = DYNAMIC_TYPE_KEY;
ashleymills 0:714293de3836 1253 }
ashleymills 0:714293de3836 1254
ashleymills 0:714293de3836 1255 /* find header */
ashleymills 0:714293de3836 1256 headerEnd = XSTRNSTR((char*)buff, header, sz);
ashleymills 0:714293de3836 1257 if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be pkcs8 */
ashleymills 0:714293de3836 1258 XSTRNCPY(header, "-----BEGIN PRIVATE KEY-----", sizeof(header));
ashleymills 0:714293de3836 1259 XSTRNCPY(footer, "-----END PRIVATE KEY-----", sizeof(footer));
ashleymills 0:714293de3836 1260
ashleymills 0:714293de3836 1261 headerEnd = XSTRNSTR((char*)buff, header, sz);
ashleymills 0:714293de3836 1262 if (headerEnd)
ashleymills 0:714293de3836 1263 pkcs8 = 1;
ashleymills 0:714293de3836 1264 else {
ashleymills 0:714293de3836 1265 XSTRNCPY(header, "-----BEGIN ENCRYPTED PRIVATE KEY-----",
ashleymills 0:714293de3836 1266 sizeof(header));
ashleymills 0:714293de3836 1267 XSTRNCPY(footer, "-----END ENCRYPTED PRIVATE KEY-----",
ashleymills 0:714293de3836 1268 sizeof(footer));
ashleymills 0:714293de3836 1269
ashleymills 0:714293de3836 1270 headerEnd = XSTRNSTR((char*)buff, header, sz);
ashleymills 0:714293de3836 1271 if (headerEnd) {
ashleymills 0:714293de3836 1272 pkcs8Enc = 1;
ashleymills 0:714293de3836 1273 (void)pkcs8Enc; /* only opensslextra will read */
ashleymills 0:714293de3836 1274 }
ashleymills 0:714293de3836 1275 }
ashleymills 0:714293de3836 1276 }
ashleymills 0:714293de3836 1277 if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */
ashleymills 0:714293de3836 1278 XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----", sizeof(header));
ashleymills 0:714293de3836 1279 XSTRNCPY(footer, "-----END EC PRIVATE KEY-----", sizeof(footer));
ashleymills 0:714293de3836 1280
ashleymills 0:714293de3836 1281 headerEnd = XSTRNSTR((char*)buff, header, sz);
ashleymills 0:714293de3836 1282 if (headerEnd)
ashleymills 0:714293de3836 1283 *eccKey = 1;
ashleymills 0:714293de3836 1284 }
ashleymills 0:714293de3836 1285 if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be dsa */
ashleymills 0:714293de3836 1286 XSTRNCPY(header, "-----BEGIN DSA PRIVATE KEY-----", sizeof(header));
ashleymills 0:714293de3836 1287 XSTRNCPY(footer, "-----END DSA PRIVATE KEY-----", sizeof(footer));
ashleymills 0:714293de3836 1288
ashleymills 0:714293de3836 1289 headerEnd = XSTRNSTR((char*)buff, header, sz);
ashleymills 0:714293de3836 1290 }
ashleymills 0:714293de3836 1291 if (!headerEnd) {
ashleymills 0:714293de3836 1292 CYASSL_MSG("Couldn't find PEM header");
ashleymills 0:714293de3836 1293 return SSL_NO_PEM_HEADER;
ashleymills 0:714293de3836 1294 }
ashleymills 0:714293de3836 1295 headerEnd += XSTRLEN(header);
ashleymills 0:714293de3836 1296
ashleymills 0:714293de3836 1297 /* eat end of line */
ashleymills 0:714293de3836 1298 if (headerEnd[0] == '\n')
ashleymills 0:714293de3836 1299 headerEnd++;
ashleymills 0:714293de3836 1300 else if (headerEnd[1] == '\n')
ashleymills 0:714293de3836 1301 headerEnd += 2;
ashleymills 0:714293de3836 1302 else
ashleymills 0:714293de3836 1303 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1304
ashleymills 0:714293de3836 1305 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
ashleymills 0:714293de3836 1306 {
ashleymills 0:714293de3836 1307 /* remove encrypted header if there */
ashleymills 0:714293de3836 1308 char encHeader[] = "Proc-Type";
ashleymills 0:714293de3836 1309 char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN);
ashleymills 0:714293de3836 1310 if (line) {
ashleymills 0:714293de3836 1311 char* newline;
ashleymills 0:714293de3836 1312 char* finish;
ashleymills 0:714293de3836 1313 char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
ashleymills 0:714293de3836 1314
ashleymills 0:714293de3836 1315 if (!start)
ashleymills 0:714293de3836 1316 start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
ashleymills 0:714293de3836 1317
ashleymills 0:714293de3836 1318 if (!start) return SSL_BAD_FILE;
ashleymills 0:714293de3836 1319 if (!info) return SSL_BAD_FILE;
ashleymills 0:714293de3836 1320
ashleymills 0:714293de3836 1321 finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
ashleymills 0:714293de3836 1322
ashleymills 0:714293de3836 1323 if (start && finish && (start < finish)) {
ashleymills 0:714293de3836 1324 newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
ashleymills 0:714293de3836 1325
ashleymills 0:714293de3836 1326 XMEMCPY(info->name, start, finish - start);
ashleymills 0:714293de3836 1327 info->name[finish - start] = 0;
ashleymills 0:714293de3836 1328 XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
ashleymills 0:714293de3836 1329
ashleymills 0:714293de3836 1330 if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
ashleymills 0:714293de3836 1331 if (newline && (newline > finish)) {
ashleymills 0:714293de3836 1332 info->ivSz = (word32)(newline - (finish + 1));
ashleymills 0:714293de3836 1333 info->set = 1;
ashleymills 0:714293de3836 1334 }
ashleymills 0:714293de3836 1335 else
ashleymills 0:714293de3836 1336 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1337 }
ashleymills 0:714293de3836 1338 else
ashleymills 0:714293de3836 1339 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1340
ashleymills 0:714293de3836 1341 /* eat blank line */
ashleymills 0:714293de3836 1342 while (*newline == '\r' || *newline == '\n')
ashleymills 0:714293de3836 1343 newline++;
ashleymills 0:714293de3836 1344 headerEnd = newline;
ashleymills 0:714293de3836 1345 }
ashleymills 0:714293de3836 1346 }
ashleymills 0:714293de3836 1347 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
ashleymills 0:714293de3836 1348
ashleymills 0:714293de3836 1349 /* find footer */
ashleymills 0:714293de3836 1350 footerEnd = XSTRNSTR((char*)buff, footer, sz);
ashleymills 0:714293de3836 1351 if (!footerEnd) return SSL_BAD_FILE;
ashleymills 0:714293de3836 1352
ashleymills 0:714293de3836 1353 consumedEnd = footerEnd + XSTRLEN(footer);
ashleymills 0:714293de3836 1354
ashleymills 0:714293de3836 1355 if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
ashleymills 0:714293de3836 1356 /* eat end of line */
ashleymills 0:714293de3836 1357 if (consumedEnd[0] == '\n')
ashleymills 0:714293de3836 1358 consumedEnd++;
ashleymills 0:714293de3836 1359 else if (consumedEnd[1] == '\n')
ashleymills 0:714293de3836 1360 consumedEnd += 2;
ashleymills 0:714293de3836 1361 else
ashleymills 0:714293de3836 1362 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1363 }
ashleymills 0:714293de3836 1364
ashleymills 0:714293de3836 1365 if (info)
ashleymills 0:714293de3836 1366 info->consumed = (long)(consumedEnd - (char*)buff);
ashleymills 0:714293de3836 1367
ashleymills 0:714293de3836 1368 /* set up der buffer */
ashleymills 0:714293de3836 1369 neededSz = (long)(footerEnd - headerEnd);
ashleymills 0:714293de3836 1370 if (neededSz > sz || neededSz < 0) return SSL_BAD_FILE;
ashleymills 0:714293de3836 1371 der->buffer = (byte*) XMALLOC(neededSz, heap, dynamicType);
ashleymills 0:714293de3836 1372 if (!der->buffer) return MEMORY_ERROR;
ashleymills 0:714293de3836 1373 der->length = (word32)neededSz;
ashleymills 0:714293de3836 1374
ashleymills 0:714293de3836 1375 if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer,
ashleymills 0:714293de3836 1376 &der->length) < 0)
ashleymills 0:714293de3836 1377 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1378
ashleymills 0:714293de3836 1379 if (pkcs8)
ashleymills 0:714293de3836 1380 return ToTraditional(der->buffer, der->length);
ashleymills 0:714293de3836 1381
ashleymills 0:714293de3836 1382 #if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED)
ashleymills 0:714293de3836 1383 if (pkcs8Enc) {
ashleymills 0:714293de3836 1384 int passwordSz;
ashleymills 0:714293de3836 1385 char password[80];
ashleymills 0:714293de3836 1386
ashleymills 0:714293de3836 1387 if (!info || !info->ctx || !info->ctx->passwd_cb)
ashleymills 0:714293de3836 1388 return SSL_BAD_FILE; /* no callback error */
ashleymills 0:714293de3836 1389 passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
ashleymills 0:714293de3836 1390 info->ctx->userdata);
ashleymills 0:714293de3836 1391 return ToTraditionalEnc(der->buffer, der->length, password,
ashleymills 0:714293de3836 1392 passwordSz);
ashleymills 0:714293de3836 1393 }
ashleymills 0:714293de3836 1394 #endif
ashleymills 0:714293de3836 1395
ashleymills 0:714293de3836 1396 return 0;
ashleymills 0:714293de3836 1397 }
ashleymills 0:714293de3836 1398
ashleymills 0:714293de3836 1399
ashleymills 0:714293de3836 1400 /* process the buffer buff, legnth sz, into ctx of format and type
ashleymills 0:714293de3836 1401 used tracks bytes consumed, userChain specifies a user cert chain
ashleymills 0:714293de3836 1402 to pass during the handshake */
ashleymills 0:714293de3836 1403 static int ProcessBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
ashleymills 0:714293de3836 1404 long sz, int format, int type, CYASSL* ssl,
ashleymills 0:714293de3836 1405 long* used, int userChain)
ashleymills 0:714293de3836 1406 {
ashleymills 0:714293de3836 1407 EncryptedInfo info;
ashleymills 0:714293de3836 1408 buffer der; /* holds DER or RAW (for NTRU) */
ashleymills 0:714293de3836 1409 int ret;
ashleymills 0:714293de3836 1410 int dynamicType = 0;
ashleymills 0:714293de3836 1411 int eccKey = 0;
ashleymills 0:714293de3836 1412 int rsaKey = 0;
ashleymills 0:714293de3836 1413 void* heap = ctx ? ctx->heap : NULL;
ashleymills 0:714293de3836 1414
ashleymills 0:714293de3836 1415 info.set = 0;
ashleymills 0:714293de3836 1416 info.ctx = ctx;
ashleymills 0:714293de3836 1417 info.consumed = 0;
ashleymills 0:714293de3836 1418 der.buffer = 0;
ashleymills 0:714293de3836 1419
ashleymills 0:714293de3836 1420 (void)dynamicType;
ashleymills 0:714293de3836 1421
ashleymills 0:714293de3836 1422 if (used)
ashleymills 0:714293de3836 1423 *used = sz; /* used bytes default to sz, PEM chain may shorten*/
ashleymills 0:714293de3836 1424
ashleymills 0:714293de3836 1425 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
ashleymills 0:714293de3836 1426 && format != SSL_FILETYPE_RAW)
ashleymills 0:714293de3836 1427 return SSL_BAD_FILETYPE;
ashleymills 0:714293de3836 1428
ashleymills 0:714293de3836 1429 if (type == CA_TYPE)
ashleymills 0:714293de3836 1430 dynamicType = DYNAMIC_TYPE_CA;
ashleymills 0:714293de3836 1431 else if (type == CERT_TYPE)
ashleymills 0:714293de3836 1432 dynamicType = DYNAMIC_TYPE_CERT;
ashleymills 0:714293de3836 1433 else
ashleymills 0:714293de3836 1434 dynamicType = DYNAMIC_TYPE_KEY;
ashleymills 0:714293de3836 1435
ashleymills 0:714293de3836 1436 if (format == SSL_FILETYPE_PEM) {
ashleymills 0:714293de3836 1437 ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey);
ashleymills 0:714293de3836 1438 if (ret < 0) {
ashleymills 0:714293de3836 1439 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1440 return ret;
ashleymills 0:714293de3836 1441 }
ashleymills 0:714293de3836 1442 if (used)
ashleymills 0:714293de3836 1443 *used = info.consumed;
ashleymills 0:714293de3836 1444 /* we may have a user cert chain, try to consume */
ashleymills 0:714293de3836 1445 if (userChain && type == CERT_TYPE && info.consumed < sz) {
ashleymills 0:714293de3836 1446 byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
ashleymills 0:714293de3836 1447 byte* chainBuffer = staticBuffer;
ashleymills 0:714293de3836 1448 int dynamicBuffer = 0;
ashleymills 0:714293de3836 1449 word32 bufferSz = sizeof(staticBuffer);
ashleymills 0:714293de3836 1450 long consumed = info.consumed;
ashleymills 0:714293de3836 1451 word32 idx = 0;
ashleymills 0:714293de3836 1452 int gotOne = 0;
ashleymills 0:714293de3836 1453
ashleymills 0:714293de3836 1454 if ( (sz - consumed) > (int)bufferSz) {
ashleymills 0:714293de3836 1455 CYASSL_MSG("Growing Tmp Chain Buffer");
ashleymills 0:714293de3836 1456 bufferSz = (word32)(sz - consumed);
ashleymills 0:714293de3836 1457 /* will shrink to actual size */
ashleymills 0:714293de3836 1458 chainBuffer = (byte*)XMALLOC(bufferSz, heap,
ashleymills 0:714293de3836 1459 DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 1460 if (chainBuffer == NULL) {
ashleymills 0:714293de3836 1461 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1462 return MEMORY_E;
ashleymills 0:714293de3836 1463 }
ashleymills 0:714293de3836 1464 dynamicBuffer = 1;
ashleymills 0:714293de3836 1465 }
ashleymills 0:714293de3836 1466
ashleymills 0:714293de3836 1467 CYASSL_MSG("Processing Cert Chain");
ashleymills 0:714293de3836 1468 while (consumed < sz) {
ashleymills 0:714293de3836 1469 buffer part;
ashleymills 0:714293de3836 1470 info.consumed = 0;
ashleymills 0:714293de3836 1471 part.buffer = 0;
ashleymills 0:714293de3836 1472
ashleymills 0:714293de3836 1473 ret = PemToDer(buff + consumed, sz - consumed, type, &part,
ashleymills 0:714293de3836 1474 heap, &info, &eccKey);
ashleymills 0:714293de3836 1475 if (ret == 0) {
ashleymills 0:714293de3836 1476 gotOne = 1;
ashleymills 0:714293de3836 1477 if ( (idx + part.length) > bufferSz) {
ashleymills 0:714293de3836 1478 CYASSL_MSG(" Cert Chain bigger than buffer");
ashleymills 0:714293de3836 1479 ret = BUFFER_E;
ashleymills 0:714293de3836 1480 }
ashleymills 0:714293de3836 1481 else {
ashleymills 0:714293de3836 1482 c32to24(part.length, &chainBuffer[idx]);
ashleymills 0:714293de3836 1483 idx += CERT_HEADER_SZ;
ashleymills 0:714293de3836 1484 XMEMCPY(&chainBuffer[idx], part.buffer,part.length);
ashleymills 0:714293de3836 1485 idx += part.length;
ashleymills 0:714293de3836 1486 consumed += info.consumed;
ashleymills 0:714293de3836 1487 if (used)
ashleymills 0:714293de3836 1488 *used += info.consumed;
ashleymills 0:714293de3836 1489 }
ashleymills 0:714293de3836 1490 }
ashleymills 0:714293de3836 1491
ashleymills 0:714293de3836 1492 XFREE(part.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1493
ashleymills 0:714293de3836 1494 if (ret == SSL_NO_PEM_HEADER && gotOne) {
ashleymills 0:714293de3836 1495 CYASSL_MSG("We got one good PEM so stuff at end ok");
ashleymills 0:714293de3836 1496 break;
ashleymills 0:714293de3836 1497 }
ashleymills 0:714293de3836 1498
ashleymills 0:714293de3836 1499 if (ret < 0) {
ashleymills 0:714293de3836 1500 CYASSL_MSG(" Error in Cert in Chain");
ashleymills 0:714293de3836 1501 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1502 return ret;
ashleymills 0:714293de3836 1503 }
ashleymills 0:714293de3836 1504 CYASSL_MSG(" Consumed another Cert in Chain");
ashleymills 0:714293de3836 1505 }
ashleymills 0:714293de3836 1506 CYASSL_MSG("Finished Processing Cert Chain");
ashleymills 0:714293de3836 1507
ashleymills 0:714293de3836 1508 if (ctx == NULL) {
ashleymills 0:714293de3836 1509 CYASSL_MSG("certChain needs context");
ashleymills 0:714293de3836 1510 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 1511 }
ashleymills 0:714293de3836 1512 ctx->certChain.buffer = (byte*)XMALLOC(idx, heap,
ashleymills 0:714293de3836 1513 dynamicType);
ashleymills 0:714293de3836 1514 if (ctx->certChain.buffer) {
ashleymills 0:714293de3836 1515 ctx->certChain.length = idx;
ashleymills 0:714293de3836 1516 XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
ashleymills 0:714293de3836 1517 }
ashleymills 0:714293de3836 1518 if (dynamicBuffer)
ashleymills 0:714293de3836 1519 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 1520 if (ctx->certChain.buffer == NULL) {
ashleymills 0:714293de3836 1521 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1522 return MEMORY_E;
ashleymills 0:714293de3836 1523 }
ashleymills 0:714293de3836 1524 }
ashleymills 0:714293de3836 1525 }
ashleymills 0:714293de3836 1526 else { /* ASN1 (DER) or RAW (NTRU) */
ashleymills 0:714293de3836 1527 der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
ashleymills 0:714293de3836 1528 if (!der.buffer) return MEMORY_ERROR;
ashleymills 0:714293de3836 1529 XMEMCPY(der.buffer, buff, sz);
ashleymills 0:714293de3836 1530 der.length = (word32)sz;
ashleymills 0:714293de3836 1531 }
ashleymills 0:714293de3836 1532
ashleymills 0:714293de3836 1533 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
ashleymills 0:714293de3836 1534 if (info.set) {
ashleymills 0:714293de3836 1535 /* decrypt */
ashleymills 0:714293de3836 1536 char password[80];
ashleymills 0:714293de3836 1537 int passwordSz;
ashleymills 0:714293de3836 1538
ashleymills 0:714293de3836 1539 byte key[AES_256_KEY_SIZE];
ashleymills 0:714293de3836 1540 byte iv[AES_IV_SIZE];
ashleymills 0:714293de3836 1541
ashleymills 0:714293de3836 1542 if (!ctx || !ctx->passwd_cb) {
ashleymills 0:714293de3836 1543 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1544 return NO_PASSWORD;
ashleymills 0:714293de3836 1545 }
ashleymills 0:714293de3836 1546
ashleymills 0:714293de3836 1547 /* use file's salt for key derivation, hex decode first */
ashleymills 0:714293de3836 1548 if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
ashleymills 0:714293de3836 1549 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1550 return ASN_INPUT_E;
ashleymills 0:714293de3836 1551 }
ashleymills 0:714293de3836 1552
ashleymills 0:714293de3836 1553 passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
ashleymills 0:714293de3836 1554 ctx->userdata);
ashleymills 0:714293de3836 1555 if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
ashleymills 0:714293de3836 1556 (byte*)password, passwordSz, 1, key, iv)) <= 0) {
ashleymills 0:714293de3836 1557 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1558 return ret;
ashleymills 0:714293de3836 1559 }
ashleymills 0:714293de3836 1560
ashleymills 0:714293de3836 1561 if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) {
ashleymills 0:714293de3836 1562 Des enc;
ashleymills 0:714293de3836 1563 Des_SetKey(&enc, key, info.iv, DES_DECRYPTION);
ashleymills 0:714293de3836 1564 Des_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
ashleymills 0:714293de3836 1565 }
ashleymills 0:714293de3836 1566 else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) {
ashleymills 0:714293de3836 1567 Des3 enc;
ashleymills 0:714293de3836 1568 Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION);
ashleymills 0:714293de3836 1569 Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length);
ashleymills 0:714293de3836 1570 }
ashleymills 0:714293de3836 1571 else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) {
ashleymills 0:714293de3836 1572 Aes enc;
ashleymills 0:714293de3836 1573 AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv, AES_DECRYPTION);
ashleymills 0:714293de3836 1574 AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
ashleymills 0:714293de3836 1575 }
ashleymills 0:714293de3836 1576 else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) {
ashleymills 0:714293de3836 1577 Aes enc;
ashleymills 0:714293de3836 1578 AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv, AES_DECRYPTION);
ashleymills 0:714293de3836 1579 AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
ashleymills 0:714293de3836 1580 }
ashleymills 0:714293de3836 1581 else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) {
ashleymills 0:714293de3836 1582 Aes enc;
ashleymills 0:714293de3836 1583 AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv, AES_DECRYPTION);
ashleymills 0:714293de3836 1584 AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length);
ashleymills 0:714293de3836 1585 }
ashleymills 0:714293de3836 1586 else {
ashleymills 0:714293de3836 1587 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1588 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1589 }
ashleymills 0:714293de3836 1590 }
ashleymills 0:714293de3836 1591 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
ashleymills 0:714293de3836 1592
ashleymills 0:714293de3836 1593 if (type == CA_TYPE) {
ashleymills 0:714293de3836 1594 if (ctx == NULL) {
ashleymills 0:714293de3836 1595 CYASSL_MSG("Need context for CA load");
ashleymills 0:714293de3836 1596 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1597 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 1598 }
ashleymills 0:714293de3836 1599 return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer);
ashleymills 0:714293de3836 1600 /* takes der over */
ashleymills 0:714293de3836 1601 }
ashleymills 0:714293de3836 1602 else if (type == CERT_TYPE) {
ashleymills 0:714293de3836 1603 if (ssl) {
ashleymills 0:714293de3836 1604 if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
ashleymills 0:714293de3836 1605 XFREE(ssl->buffers.certificate.buffer, heap,
ashleymills 0:714293de3836 1606 dynamicType);
ashleymills 0:714293de3836 1607 ssl->buffers.certificate = der;
ashleymills 0:714293de3836 1608 ssl->buffers.weOwnCert = 1;
ashleymills 0:714293de3836 1609 }
ashleymills 0:714293de3836 1610 else if (ctx) {
ashleymills 0:714293de3836 1611 if (ctx->certificate.buffer)
ashleymills 0:714293de3836 1612 XFREE(ctx->certificate.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1613 ctx->certificate = der; /* takes der over */
ashleymills 0:714293de3836 1614 }
ashleymills 0:714293de3836 1615 }
ashleymills 0:714293de3836 1616 else if (type == PRIVATEKEY_TYPE) {
ashleymills 0:714293de3836 1617 if (ssl) {
ashleymills 0:714293de3836 1618 if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
ashleymills 0:714293de3836 1619 XFREE(ssl->buffers.key.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1620 ssl->buffers.key = der;
ashleymills 0:714293de3836 1621 ssl->buffers.weOwnKey = 1;
ashleymills 0:714293de3836 1622 }
ashleymills 0:714293de3836 1623 else if (ctx) {
ashleymills 0:714293de3836 1624 if (ctx->privateKey.buffer)
ashleymills 0:714293de3836 1625 XFREE(ctx->privateKey.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1626 ctx->privateKey = der; /* takes der over */
ashleymills 0:714293de3836 1627 }
ashleymills 0:714293de3836 1628 }
ashleymills 0:714293de3836 1629 else {
ashleymills 0:714293de3836 1630 XFREE(der.buffer, heap, dynamicType);
ashleymills 0:714293de3836 1631 return SSL_BAD_CERTTYPE;
ashleymills 0:714293de3836 1632 }
ashleymills 0:714293de3836 1633
ashleymills 0:714293de3836 1634 if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) {
ashleymills 0:714293de3836 1635 #ifndef NO_RSA
ashleymills 0:714293de3836 1636 if (!eccKey) {
ashleymills 0:714293de3836 1637 /* make sure RSA key can be used */
ashleymills 0:714293de3836 1638 RsaKey key;
ashleymills 0:714293de3836 1639 word32 idx = 0;
ashleymills 0:714293de3836 1640
ashleymills 0:714293de3836 1641 InitRsaKey(&key, 0);
ashleymills 0:714293de3836 1642 if (RsaPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
ashleymills 0:714293de3836 1643 #ifdef HAVE_ECC
ashleymills 0:714293de3836 1644 /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
ashleymills 0:714293de3836 1645 eccKey = 1; /* so try it out */
ashleymills 0:714293de3836 1646 #endif
ashleymills 0:714293de3836 1647 if (!eccKey) {
ashleymills 0:714293de3836 1648 FreeRsaKey(&key);
ashleymills 0:714293de3836 1649 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1650 }
ashleymills 0:714293de3836 1651 } else {
ashleymills 0:714293de3836 1652 rsaKey = 1;
ashleymills 0:714293de3836 1653 (void)rsaKey; /* for no ecc builds */
ashleymills 0:714293de3836 1654 }
ashleymills 0:714293de3836 1655 FreeRsaKey(&key);
ashleymills 0:714293de3836 1656 }
ashleymills 0:714293de3836 1657 #endif
ashleymills 0:714293de3836 1658 #ifdef HAVE_ECC
ashleymills 0:714293de3836 1659 if (!rsaKey) {
ashleymills 0:714293de3836 1660 /* make sure ECC key can be used */
ashleymills 0:714293de3836 1661 word32 idx = 0;
ashleymills 0:714293de3836 1662 ecc_key key;
ashleymills 0:714293de3836 1663
ashleymills 0:714293de3836 1664 ecc_init(&key);
ashleymills 0:714293de3836 1665 if (EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
ashleymills 0:714293de3836 1666 ecc_free(&key);
ashleymills 0:714293de3836 1667 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1668 }
ashleymills 0:714293de3836 1669 ecc_free(&key);
ashleymills 0:714293de3836 1670 eccKey = 1;
ashleymills 0:714293de3836 1671 ctx->haveStaticECC = 1;
ashleymills 0:714293de3836 1672 if (ssl)
ashleymills 0:714293de3836 1673 ssl->options.haveStaticECC = 1;
ashleymills 0:714293de3836 1674 }
ashleymills 0:714293de3836 1675 #endif /* HAVE_ECC */
ashleymills 0:714293de3836 1676 }
ashleymills 0:714293de3836 1677 else if (type == CERT_TYPE) {
ashleymills 0:714293de3836 1678 DecodedCert cert;
ashleymills 0:714293de3836 1679
ashleymills 0:714293de3836 1680 CYASSL_MSG("Checking cert signature type");
ashleymills 0:714293de3836 1681 InitDecodedCert(&cert, der.buffer, der.length, heap);
ashleymills 0:714293de3836 1682
ashleymills 0:714293de3836 1683 if (DecodeToKey(&cert, 0) < 0) {
ashleymills 0:714293de3836 1684 CYASSL_MSG("Decode to key failed");
ashleymills 0:714293de3836 1685 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1686 }
ashleymills 0:714293de3836 1687 switch (cert.signatureOID) {
ashleymills 0:714293de3836 1688 case CTC_SHAwECDSA:
ashleymills 0:714293de3836 1689 case CTC_SHA256wECDSA:
ashleymills 0:714293de3836 1690 case CTC_SHA384wECDSA:
ashleymills 0:714293de3836 1691 case CTC_SHA512wECDSA:
ashleymills 0:714293de3836 1692 CYASSL_MSG("ECDSA cert signature");
ashleymills 0:714293de3836 1693 if (ctx)
ashleymills 0:714293de3836 1694 ctx->haveECDSAsig = 1;
ashleymills 0:714293de3836 1695 if (ssl)
ashleymills 0:714293de3836 1696 ssl->options.haveECDSAsig = 1;
ashleymills 0:714293de3836 1697 break;
ashleymills 0:714293de3836 1698 default:
ashleymills 0:714293de3836 1699 CYASSL_MSG("Not ECDSA cert signature");
ashleymills 0:714293de3836 1700 break;
ashleymills 0:714293de3836 1701 }
ashleymills 0:714293de3836 1702
ashleymills 0:714293de3836 1703 FreeDecodedCert(&cert);
ashleymills 0:714293de3836 1704 }
ashleymills 0:714293de3836 1705
ashleymills 0:714293de3836 1706 return SSL_SUCCESS;
ashleymills 0:714293de3836 1707 }
ashleymills 0:714293de3836 1708
ashleymills 0:714293de3836 1709
ashleymills 0:714293de3836 1710
ashleymills 0:714293de3836 1711
ashleymills 0:714293de3836 1712 /* CA PEM file for verification, may have multiple/chain certs to process */
ashleymills 0:714293de3836 1713 static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
ashleymills 0:714293de3836 1714 long sz, int format, int type, CYASSL* ssl)
ashleymills 0:714293de3836 1715 {
ashleymills 0:714293de3836 1716 long used = 0;
ashleymills 0:714293de3836 1717 int ret = 0;
ashleymills 0:714293de3836 1718 int gotOne = 0;
ashleymills 0:714293de3836 1719
ashleymills 0:714293de3836 1720 CYASSL_MSG("Processing CA PEM file");
ashleymills 0:714293de3836 1721 while (used < sz) {
ashleymills 0:714293de3836 1722 long consumed = 0;
ashleymills 0:714293de3836 1723
ashleymills 0:714293de3836 1724 ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
ashleymills 0:714293de3836 1725 &consumed, 0);
ashleymills 0:714293de3836 1726
ashleymills 0:714293de3836 1727 if (ret == SSL_NO_PEM_HEADER && gotOne) {
ashleymills 0:714293de3836 1728 CYASSL_MSG("We got one good PEM file so stuff at end ok");
ashleymills 0:714293de3836 1729 ret = SSL_SUCCESS;
ashleymills 0:714293de3836 1730 break;
ashleymills 0:714293de3836 1731 }
ashleymills 0:714293de3836 1732
ashleymills 0:714293de3836 1733 if (ret < 0)
ashleymills 0:714293de3836 1734 break;
ashleymills 0:714293de3836 1735
ashleymills 0:714293de3836 1736 CYASSL_MSG(" Processed a CA");
ashleymills 0:714293de3836 1737 gotOne = 1;
ashleymills 0:714293de3836 1738 used += consumed;
ashleymills 0:714293de3836 1739 }
ashleymills 0:714293de3836 1740
ashleymills 0:714293de3836 1741 return ret;
ashleymills 0:714293de3836 1742 }
ashleymills 0:714293de3836 1743
ashleymills 0:714293de3836 1744
ashleymills 0:714293de3836 1745 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
ashleymills 0:714293de3836 1746 int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
ashleymills 0:714293de3836 1747 long sz, int format)
ashleymills 0:714293de3836 1748 {
ashleymills 0:714293de3836 1749 int ret = 0;
ashleymills 0:714293de3836 1750 int eccKey = 0; /* not used */
ashleymills 0:714293de3836 1751
ashleymills 0:714293de3836 1752 DecodedCert cert;
ashleymills 0:714293de3836 1753 buffer der;
ashleymills 0:714293de3836 1754
ashleymills 0:714293de3836 1755 CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
ashleymills 0:714293de3836 1756
ashleymills 0:714293de3836 1757 der.buffer = NULL;
ashleymills 0:714293de3836 1758 der.length = 0;
ashleymills 0:714293de3836 1759
ashleymills 0:714293de3836 1760 if (format == SSL_FILETYPE_PEM) {
ashleymills 0:714293de3836 1761 EncryptedInfo info;
ashleymills 0:714293de3836 1762
ashleymills 0:714293de3836 1763 info.set = 0;
ashleymills 0:714293de3836 1764 info.ctx = NULL;
ashleymills 0:714293de3836 1765 info.consumed = 0;
ashleymills 0:714293de3836 1766 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey);
ashleymills 0:714293de3836 1767 InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
ashleymills 0:714293de3836 1768 }
ashleymills 0:714293de3836 1769 else
ashleymills 0:714293de3836 1770 InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap);
ashleymills 0:714293de3836 1771
ashleymills 0:714293de3836 1772 if (ret == 0)
ashleymills 0:714293de3836 1773 ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
ashleymills 0:714293de3836 1774 #ifdef HAVE_CRL
ashleymills 0:714293de3836 1775 if (ret == 0 && cm->crlEnabled)
ashleymills 0:714293de3836 1776 ret = CheckCertCRL(cm->crl, &cert);
ashleymills 0:714293de3836 1777 #endif
ashleymills 0:714293de3836 1778
ashleymills 0:714293de3836 1779 FreeDecodedCert(&cert);
ashleymills 0:714293de3836 1780 XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
ashleymills 0:714293de3836 1781
ashleymills 0:714293de3836 1782 if (ret == 0)
ashleymills 0:714293de3836 1783 return SSL_SUCCESS;
ashleymills 0:714293de3836 1784 return ret;
ashleymills 0:714293de3836 1785 }
ashleymills 0:714293de3836 1786
ashleymills 0:714293de3836 1787
ashleymills 0:714293de3836 1788 #ifndef NO_FILESYSTEM
ashleymills 0:714293de3836 1789
ashleymills 0:714293de3836 1790 #if defined(EBSNET)
ashleymills 0:714293de3836 1791 #define XFILE int
ashleymills 0:714293de3836 1792 #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0);
ashleymills 0:714293de3836 1793 #define XFSEEK vf_lseek
ashleymills 0:714293de3836 1794 #define XFTELL vf_tell
ashleymills 0:714293de3836 1795 #define XREWIND vf_rewind
ashleymills 0:714293de3836 1796 #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
ashleymills 0:714293de3836 1797 #define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
ashleymills 0:714293de3836 1798 #define XFCLOSE vf_close
ashleymills 0:714293de3836 1799 #define XSEEK_END VSEEK_END
ashleymills 0:714293de3836 1800 #define XBADFILE -1
ashleymills 0:714293de3836 1801 #elif defined(LSR_FS)
ashleymills 0:714293de3836 1802 #include <fs.h>
ashleymills 0:714293de3836 1803 #define XFILE struct fs_file*
ashleymills 0:714293de3836 1804 #define XFOPEN(NAME, MODE) fs_open((char*)NAME);
ashleymills 0:714293de3836 1805 #define XFSEEK(F, O, W) (void)F
ashleymills 0:714293de3836 1806 #define XFTELL(F) (F)->len
ashleymills 0:714293de3836 1807 #define XREWIND(F) (void)F
ashleymills 0:714293de3836 1808 #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
ashleymills 0:714293de3836 1809 #define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
ashleymills 0:714293de3836 1810 #define XFCLOSE fs_close
ashleymills 0:714293de3836 1811 #define XSEEK_END 0
ashleymills 0:714293de3836 1812 #define XBADFILE NULL
ashleymills 0:714293de3836 1813 #elif defined(FREESCALE_MQX)
ashleymills 0:714293de3836 1814 #define XFILE MQX_FILE_PTR
ashleymills 0:714293de3836 1815 #define XFOPEN fopen
ashleymills 0:714293de3836 1816 #define XFSEEK fseek
ashleymills 0:714293de3836 1817 #define XFTELL ftell
ashleymills 0:714293de3836 1818 #define XREWIND(F) fseek(F, 0, IO_SEEK_SET)
ashleymills 0:714293de3836 1819 #define XFREAD fread
ashleymills 0:714293de3836 1820 #define XFWRITE fwrite
ashleymills 0:714293de3836 1821 #define XFCLOSE fclose
ashleymills 0:714293de3836 1822 #define XSEEK_END IO_SEEK_END
ashleymills 0:714293de3836 1823 #define XBADFILE NULL
ashleymills 0:714293de3836 1824 #elif defined(MICRIUM)
ashleymills 0:714293de3836 1825 #include <fs.h>
ashleymills 0:714293de3836 1826 #define XFILE FS_FILE*
ashleymills 0:714293de3836 1827 #define XFOPEN fs_fopen
ashleymills 0:714293de3836 1828 #define XFSEEK fs_fseek
ashleymills 0:714293de3836 1829 #define XFTELL fs_ftell
ashleymills 0:714293de3836 1830 #define XREWIND fs_rewind
ashleymills 0:714293de3836 1831 #define XFREAD fs_fread
ashleymills 0:714293de3836 1832 #define XFWRITE fs_fwrite
ashleymills 0:714293de3836 1833 #define XFCLOSE fs_fclose
ashleymills 0:714293de3836 1834 #define XSEEK_END FS_SEEK_END
ashleymills 0:714293de3836 1835 #define XBADFILE NULL
ashleymills 0:714293de3836 1836 #else
ashleymills 0:714293de3836 1837 /* stdio, default case */
ashleymills 0:714293de3836 1838 #define XFILE FILE*
ashleymills 0:714293de3836 1839 #define XFOPEN fopen
ashleymills 0:714293de3836 1840 #define XFSEEK fseek
ashleymills 0:714293de3836 1841 #define XFTELL ftell
ashleymills 0:714293de3836 1842 #define XREWIND rewind
ashleymills 0:714293de3836 1843 #define XFREAD fread
ashleymills 0:714293de3836 1844 #define XFWRITE fwrite
ashleymills 0:714293de3836 1845 #define XFCLOSE fclose
ashleymills 0:714293de3836 1846 #define XSEEK_END SEEK_END
ashleymills 0:714293de3836 1847 #define XBADFILE NULL
ashleymills 0:714293de3836 1848 #endif
ashleymills 0:714293de3836 1849
ashleymills 0:714293de3836 1850
ashleymills 0:714293de3836 1851 /* process a file with name fname into ctx of format and type
ashleymills 0:714293de3836 1852 userChain specifies a user certificate chain to pass during handshake */
ashleymills 0:714293de3836 1853 int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
ashleymills 0:714293de3836 1854 CYASSL* ssl, int userChain, CYASSL_CRL* crl)
ashleymills 0:714293de3836 1855 {
ashleymills 0:714293de3836 1856 byte staticBuffer[FILE_BUFFER_SIZE];
ashleymills 0:714293de3836 1857 byte* myBuffer = staticBuffer;
ashleymills 0:714293de3836 1858 int dynamic = 0;
ashleymills 0:714293de3836 1859 int ret;
ashleymills 0:714293de3836 1860 long sz = 0;
ashleymills 0:714293de3836 1861 XFILE file;
ashleymills 0:714293de3836 1862 void* heapHint = ctx ? ctx->heap : NULL;
ashleymills 0:714293de3836 1863
ashleymills 0:714293de3836 1864 (void)crl;
ashleymills 0:714293de3836 1865 (void)heapHint;
ashleymills 0:714293de3836 1866
ashleymills 0:714293de3836 1867 if (fname == NULL) return SSL_BAD_FILE;
ashleymills 0:714293de3836 1868
ashleymills 0:714293de3836 1869 file = XFOPEN(fname, "rb");
ashleymills 0:714293de3836 1870 if (file == XBADFILE) return SSL_BAD_FILE;
ashleymills 0:714293de3836 1871 XFSEEK(file, 0, XSEEK_END);
ashleymills 0:714293de3836 1872 sz = XFTELL(file);
ashleymills 0:714293de3836 1873 XREWIND(file);
ashleymills 0:714293de3836 1874
ashleymills 0:714293de3836 1875 if (sz > (long)sizeof(staticBuffer)) {
ashleymills 0:714293de3836 1876 CYASSL_MSG("Getting dynamic buffer");
ashleymills 0:714293de3836 1877 myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 1878 if (myBuffer == NULL) {
ashleymills 0:714293de3836 1879 XFCLOSE(file);
ashleymills 0:714293de3836 1880 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1881 }
ashleymills 0:714293de3836 1882 dynamic = 1;
ashleymills 0:714293de3836 1883 }
ashleymills 0:714293de3836 1884 else if (sz < 0) {
ashleymills 0:714293de3836 1885 XFCLOSE(file);
ashleymills 0:714293de3836 1886 return SSL_BAD_FILE;
ashleymills 0:714293de3836 1887 }
ashleymills 0:714293de3836 1888
ashleymills 0:714293de3836 1889 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
ashleymills 0:714293de3836 1890 ret = SSL_BAD_FILE;
ashleymills 0:714293de3836 1891 else {
ashleymills 0:714293de3836 1892 if (type == CA_TYPE && format == SSL_FILETYPE_PEM)
ashleymills 0:714293de3836 1893 ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
ashleymills 0:714293de3836 1894 #ifdef HAVE_CRL
ashleymills 0:714293de3836 1895 else if (type == CRL_TYPE)
ashleymills 0:714293de3836 1896 ret = BufferLoadCRL(crl, myBuffer, sz, format);
ashleymills 0:714293de3836 1897 #endif
ashleymills 0:714293de3836 1898 else
ashleymills 0:714293de3836 1899 ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
ashleymills 0:714293de3836 1900 userChain);
ashleymills 0:714293de3836 1901 }
ashleymills 0:714293de3836 1902
ashleymills 0:714293de3836 1903 XFCLOSE(file);
ashleymills 0:714293de3836 1904 if (dynamic) XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 1905
ashleymills 0:714293de3836 1906 return ret;
ashleymills 0:714293de3836 1907 }
ashleymills 0:714293de3836 1908
ashleymills 0:714293de3836 1909
ashleymills 0:714293de3836 1910 /* loads file then loads each file in path, no c_rehash */
ashleymills 0:714293de3836 1911 int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
ashleymills 0:714293de3836 1912 const char* path)
ashleymills 0:714293de3836 1913 {
ashleymills 0:714293de3836 1914 int ret = SSL_SUCCESS;
ashleymills 0:714293de3836 1915
ashleymills 0:714293de3836 1916 CYASSL_ENTER("CyaSSL_CTX_load_verify_locations");
ashleymills 0:714293de3836 1917 (void)path;
ashleymills 0:714293de3836 1918
ashleymills 0:714293de3836 1919 if (ctx == NULL || (file == NULL && path == NULL) )
ashleymills 0:714293de3836 1920 return SSL_FAILURE;
ashleymills 0:714293de3836 1921
ashleymills 0:714293de3836 1922 if (file)
ashleymills 0:714293de3836 1923 ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
ashleymills 0:714293de3836 1924
ashleymills 0:714293de3836 1925 if (ret == SSL_SUCCESS && path) {
ashleymills 0:714293de3836 1926 /* try to load each regular file in path */
ashleymills 0:714293de3836 1927 #ifdef USE_WINDOWS_API
ashleymills 0:714293de3836 1928 WIN32_FIND_DATAA FindFileData;
ashleymills 0:714293de3836 1929 HANDLE hFind;
ashleymills 0:714293de3836 1930 char name[MAX_FILENAME_SZ];
ashleymills 0:714293de3836 1931
ashleymills 0:714293de3836 1932 XMEMSET(name, 0, sizeof(name));
ashleymills 0:714293de3836 1933 XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
ashleymills 0:714293de3836 1934 XSTRNCAT(name, "\\*", 3);
ashleymills 0:714293de3836 1935
ashleymills 0:714293de3836 1936 hFind = FindFirstFileA(name, &FindFileData);
ashleymills 0:714293de3836 1937 if (hFind == INVALID_HANDLE_VALUE) {
ashleymills 0:714293de3836 1938 CYASSL_MSG("FindFirstFile for path verify locations failed");
ashleymills 0:714293de3836 1939 return BAD_PATH_ERROR;
ashleymills 0:714293de3836 1940 }
ashleymills 0:714293de3836 1941
ashleymills 0:714293de3836 1942 do {
ashleymills 0:714293de3836 1943 if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
ashleymills 0:714293de3836 1944 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3);
ashleymills 0:714293de3836 1945 XSTRNCAT(name, "\\", 2);
ashleymills 0:714293de3836 1946 XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
ashleymills 0:714293de3836 1947
ashleymills 0:714293de3836 1948 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
ashleymills 0:714293de3836 1949 NULL);
ashleymills 0:714293de3836 1950 }
ashleymills 0:714293de3836 1951 } while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
ashleymills 0:714293de3836 1952
ashleymills 0:714293de3836 1953 FindClose(hFind);
ashleymills 0:714293de3836 1954 #elif !defined(NO_CYASSL_DIR)
ashleymills 0:714293de3836 1955 struct dirent* entry;
ashleymills 0:714293de3836 1956 DIR* dir = opendir(path);
ashleymills 0:714293de3836 1957
ashleymills 0:714293de3836 1958 if (dir == NULL) {
ashleymills 0:714293de3836 1959 CYASSL_MSG("opendir path verify locations failed");
ashleymills 0:714293de3836 1960 return BAD_PATH_ERROR;
ashleymills 0:714293de3836 1961 }
ashleymills 0:714293de3836 1962 while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
ashleymills 0:714293de3836 1963 char name[MAX_FILENAME_SZ];
ashleymills 0:714293de3836 1964 struct stat s;
ashleymills 0:714293de3836 1965
ashleymills 0:714293de3836 1966 XMEMSET(name, 0, sizeof(name));
ashleymills 0:714293de3836 1967 XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
ashleymills 0:714293de3836 1968 XSTRNCAT(name, "/", 1);
ashleymills 0:714293de3836 1969 XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
ashleymills 0:714293de3836 1970
ashleymills 0:714293de3836 1971 if (stat(name, &s) != 0) {
ashleymills 0:714293de3836 1972 CYASSL_MSG("stat on name failed");
ashleymills 0:714293de3836 1973 closedir(dir);
ashleymills 0:714293de3836 1974 return BAD_PATH_ERROR;
ashleymills 0:714293de3836 1975 }
ashleymills 0:714293de3836 1976 if (s.st_mode & S_IFREG) {
ashleymills 0:714293de3836 1977 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
ashleymills 0:714293de3836 1978 NULL);
ashleymills 0:714293de3836 1979 }
ashleymills 0:714293de3836 1980 }
ashleymills 0:714293de3836 1981 closedir(dir);
ashleymills 0:714293de3836 1982 #endif
ashleymills 0:714293de3836 1983 }
ashleymills 0:714293de3836 1984
ashleymills 0:714293de3836 1985 return ret;
ashleymills 0:714293de3836 1986 }
ashleymills 0:714293de3836 1987
ashleymills 0:714293de3836 1988
ashleymills 0:714293de3836 1989 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
ashleymills 0:714293de3836 1990 int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
ashleymills 0:714293de3836 1991 int format)
ashleymills 0:714293de3836 1992 {
ashleymills 0:714293de3836 1993 int ret = SSL_FATAL_ERROR;
ashleymills 0:714293de3836 1994 byte staticBuffer[FILE_BUFFER_SIZE];
ashleymills 0:714293de3836 1995 byte* myBuffer = staticBuffer;
ashleymills 0:714293de3836 1996 int dynamic = 0;
ashleymills 0:714293de3836 1997 long sz = 0;
ashleymills 0:714293de3836 1998 XFILE file = XFOPEN(fname, "rb");
ashleymills 0:714293de3836 1999
ashleymills 0:714293de3836 2000 CYASSL_ENTER("CyaSSL_CertManagerVerify");
ashleymills 0:714293de3836 2001
ashleymills 0:714293de3836 2002 if (file == XBADFILE) return SSL_BAD_FILE;
ashleymills 0:714293de3836 2003 XFSEEK(file, 0, XSEEK_END);
ashleymills 0:714293de3836 2004 sz = XFTELL(file);
ashleymills 0:714293de3836 2005 XREWIND(file);
ashleymills 0:714293de3836 2006
ashleymills 0:714293de3836 2007 if (sz > MAX_CYASSL_FILE_SIZE || sz < 0) {
ashleymills 0:714293de3836 2008 CYASSL_MSG("CertManagerVerify file bad size");
ashleymills 0:714293de3836 2009 XFCLOSE(file);
ashleymills 0:714293de3836 2010 return SSL_BAD_FILE;
ashleymills 0:714293de3836 2011 }
ashleymills 0:714293de3836 2012
ashleymills 0:714293de3836 2013 if (sz > (long)sizeof(staticBuffer)) {
ashleymills 0:714293de3836 2014 CYASSL_MSG("Getting dynamic buffer");
ashleymills 0:714293de3836 2015 myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 2016 if (myBuffer == NULL) {
ashleymills 0:714293de3836 2017 XFCLOSE(file);
ashleymills 0:714293de3836 2018 return SSL_BAD_FILE;
ashleymills 0:714293de3836 2019 }
ashleymills 0:714293de3836 2020 dynamic = 1;
ashleymills 0:714293de3836 2021 }
ashleymills 0:714293de3836 2022
ashleymills 0:714293de3836 2023 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
ashleymills 0:714293de3836 2024 ret = SSL_BAD_FILE;
ashleymills 0:714293de3836 2025 else
ashleymills 0:714293de3836 2026 ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
ashleymills 0:714293de3836 2027
ashleymills 0:714293de3836 2028 XFCLOSE(file);
ashleymills 0:714293de3836 2029 if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 2030
ashleymills 0:714293de3836 2031 return ret;
ashleymills 0:714293de3836 2032 }
ashleymills 0:714293de3836 2033
ashleymills 0:714293de3836 2034
ashleymills 0:714293de3836 2035 static INLINE CYASSL_METHOD* cm_pick_method(void)
ashleymills 0:714293de3836 2036 {
ashleymills 0:714293de3836 2037 #ifndef NO_CYASSL_CLIENT
ashleymills 0:714293de3836 2038 #ifdef NO_OLD_TLS
ashleymills 0:714293de3836 2039 return CyaTLSv1_2_client_method();
ashleymills 0:714293de3836 2040 #else
ashleymills 0:714293de3836 2041 return CyaSSLv3_client_method();
ashleymills 0:714293de3836 2042 #endif
ashleymills 0:714293de3836 2043 #elif !defined(NO_CYASSL_SERVER)
ashleymills 0:714293de3836 2044 #ifdef NO_OLD_TLS
ashleymills 0:714293de3836 2045 return CyaTLSv1_2_server_method();
ashleymills 0:714293de3836 2046 #else
ashleymills 0:714293de3836 2047 return CyaSSLv3_server_method();
ashleymills 0:714293de3836 2048 #endif
ashleymills 0:714293de3836 2049 #else
ashleymills 0:714293de3836 2050 return NULL;
ashleymills 0:714293de3836 2051 #endif
ashleymills 0:714293de3836 2052 }
ashleymills 0:714293de3836 2053
ashleymills 0:714293de3836 2054
ashleymills 0:714293de3836 2055 /* like load verify locations, 1 for success, < 0 for error */
ashleymills 0:714293de3836 2056 int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
ashleymills 0:714293de3836 2057 const char* path)
ashleymills 0:714293de3836 2058 {
ashleymills 0:714293de3836 2059 int ret = SSL_FATAL_ERROR;
ashleymills 0:714293de3836 2060 CYASSL_CTX* tmp;
ashleymills 0:714293de3836 2061
ashleymills 0:714293de3836 2062 CYASSL_ENTER("CyaSSL_CertManagerLoadCA");
ashleymills 0:714293de3836 2063
ashleymills 0:714293de3836 2064 if (cm == NULL) {
ashleymills 0:714293de3836 2065 CYASSL_MSG("No CertManager error");
ashleymills 0:714293de3836 2066 return ret;
ashleymills 0:714293de3836 2067 }
ashleymills 0:714293de3836 2068 tmp = CyaSSL_CTX_new(cm_pick_method());
ashleymills 0:714293de3836 2069
ashleymills 0:714293de3836 2070 if (tmp == NULL) {
ashleymills 0:714293de3836 2071 CYASSL_MSG("CTX new failed");
ashleymills 0:714293de3836 2072 return ret;
ashleymills 0:714293de3836 2073 }
ashleymills 0:714293de3836 2074
ashleymills 0:714293de3836 2075 /* for tmp use */
ashleymills 0:714293de3836 2076 CyaSSL_CertManagerFree(tmp->cm);
ashleymills 0:714293de3836 2077 tmp->cm = cm;
ashleymills 0:714293de3836 2078
ashleymills 0:714293de3836 2079 ret = CyaSSL_CTX_load_verify_locations(tmp, file, path);
ashleymills 0:714293de3836 2080
ashleymills 0:714293de3836 2081 /* don't loose our good one */
ashleymills 0:714293de3836 2082 tmp->cm = NULL;
ashleymills 0:714293de3836 2083 CyaSSL_CTX_free(tmp);
ashleymills 0:714293de3836 2084
ashleymills 0:714293de3836 2085 return ret;
ashleymills 0:714293de3836 2086 }
ashleymills 0:714293de3836 2087
ashleymills 0:714293de3836 2088
ashleymills 0:714293de3836 2089
ashleymills 0:714293de3836 2090 /* turn on CRL if off and compiled in, set options */
ashleymills 0:714293de3836 2091 int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
ashleymills 0:714293de3836 2092 {
ashleymills 0:714293de3836 2093 int ret = SSL_SUCCESS;
ashleymills 0:714293de3836 2094
ashleymills 0:714293de3836 2095 (void)options;
ashleymills 0:714293de3836 2096
ashleymills 0:714293de3836 2097 CYASSL_ENTER("CyaSSL_CertManagerEnableCRL");
ashleymills 0:714293de3836 2098 if (cm == NULL)
ashleymills 0:714293de3836 2099 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2100
ashleymills 0:714293de3836 2101 #ifdef HAVE_CRL
ashleymills 0:714293de3836 2102 if (cm->crl == NULL) {
ashleymills 0:714293de3836 2103 cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap,
ashleymills 0:714293de3836 2104 DYNAMIC_TYPE_CRL);
ashleymills 0:714293de3836 2105 if (cm->crl == NULL)
ashleymills 0:714293de3836 2106 return MEMORY_E;
ashleymills 0:714293de3836 2107
ashleymills 0:714293de3836 2108 if (InitCRL(cm->crl, cm) != 0) {
ashleymills 0:714293de3836 2109 CYASSL_MSG("Init CRL failed");
ashleymills 0:714293de3836 2110 FreeCRL(cm->crl, 1);
ashleymills 0:714293de3836 2111 cm->crl = NULL;
ashleymills 0:714293de3836 2112 return SSL_FAILURE;
ashleymills 0:714293de3836 2113 }
ashleymills 0:714293de3836 2114 }
ashleymills 0:714293de3836 2115 cm->crlEnabled = 1;
ashleymills 0:714293de3836 2116 if (options & CYASSL_CRL_CHECKALL)
ashleymills 0:714293de3836 2117 cm->crlCheckAll = 1;
ashleymills 0:714293de3836 2118 #else
ashleymills 0:714293de3836 2119 ret = NOT_COMPILED_IN;
ashleymills 0:714293de3836 2120 #endif
ashleymills 0:714293de3836 2121
ashleymills 0:714293de3836 2122 return ret;
ashleymills 0:714293de3836 2123 }
ashleymills 0:714293de3836 2124
ashleymills 0:714293de3836 2125
ashleymills 0:714293de3836 2126 int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
ashleymills 0:714293de3836 2127 {
ashleymills 0:714293de3836 2128 CYASSL_ENTER("CyaSSL_CertManagerDisableCRL");
ashleymills 0:714293de3836 2129 if (cm == NULL)
ashleymills 0:714293de3836 2130 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2131
ashleymills 0:714293de3836 2132 cm->crlEnabled = 0;
ashleymills 0:714293de3836 2133
ashleymills 0:714293de3836 2134 return SSL_SUCCESS;
ashleymills 0:714293de3836 2135 }
ashleymills 0:714293de3836 2136
ashleymills 0:714293de3836 2137
ashleymills 0:714293de3836 2138 int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 2139 {
ashleymills 0:714293de3836 2140 /* TODO: check private against public for RSA match */
ashleymills 0:714293de3836 2141 (void)ctx;
ashleymills 0:714293de3836 2142 CYASSL_ENTER("SSL_CTX_check_private_key");
ashleymills 0:714293de3836 2143 return SSL_SUCCESS;
ashleymills 0:714293de3836 2144 }
ashleymills 0:714293de3836 2145
ashleymills 0:714293de3836 2146
ashleymills 0:714293de3836 2147 #ifdef HAVE_CRL
ashleymills 0:714293de3836 2148
ashleymills 0:714293de3836 2149
ashleymills 0:714293de3836 2150 /* check CRL if enabled, SSL_SUCCESS */
ashleymills 0:714293de3836 2151 int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
ashleymills 0:714293de3836 2152 {
ashleymills 0:714293de3836 2153 int ret;
ashleymills 0:714293de3836 2154 DecodedCert cert;
ashleymills 0:714293de3836 2155
ashleymills 0:714293de3836 2156 CYASSL_ENTER("CyaSSL_CertManagerCheckCRL");
ashleymills 0:714293de3836 2157
ashleymills 0:714293de3836 2158 if (cm == NULL)
ashleymills 0:714293de3836 2159 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2160
ashleymills 0:714293de3836 2161 if (cm->crlEnabled == 0)
ashleymills 0:714293de3836 2162 return SSL_SUCCESS;
ashleymills 0:714293de3836 2163
ashleymills 0:714293de3836 2164 InitDecodedCert(&cert, der, sz, NULL);
ashleymills 0:714293de3836 2165
ashleymills 0:714293de3836 2166 ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm);
ashleymills 0:714293de3836 2167 if (ret != 0) {
ashleymills 0:714293de3836 2168 CYASSL_MSG("ParseCert failed");
ashleymills 0:714293de3836 2169 return ret;
ashleymills 0:714293de3836 2170 }
ashleymills 0:714293de3836 2171 else {
ashleymills 0:714293de3836 2172 ret = CheckCertCRL(cm->crl, &cert);
ashleymills 0:714293de3836 2173 if (ret != 0) {
ashleymills 0:714293de3836 2174 CYASSL_MSG("CheckCertCRL failed");
ashleymills 0:714293de3836 2175 }
ashleymills 0:714293de3836 2176 }
ashleymills 0:714293de3836 2177
ashleymills 0:714293de3836 2178 FreeDecodedCert(&cert);
ashleymills 0:714293de3836 2179
ashleymills 0:714293de3836 2180 if (ret == 0)
ashleymills 0:714293de3836 2181 return SSL_SUCCESS; /* convert */
ashleymills 0:714293de3836 2182
ashleymills 0:714293de3836 2183 return ret;
ashleymills 0:714293de3836 2184 }
ashleymills 0:714293de3836 2185
ashleymills 0:714293de3836 2186
ashleymills 0:714293de3836 2187 int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
ashleymills 0:714293de3836 2188 {
ashleymills 0:714293de3836 2189 CYASSL_ENTER("CyaSSL_CertManagerSetCRL_Cb");
ashleymills 0:714293de3836 2190 if (cm == NULL)
ashleymills 0:714293de3836 2191 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2192
ashleymills 0:714293de3836 2193 cm->cbMissingCRL = cb;
ashleymills 0:714293de3836 2194
ashleymills 0:714293de3836 2195 return SSL_SUCCESS;
ashleymills 0:714293de3836 2196 }
ashleymills 0:714293de3836 2197
ashleymills 0:714293de3836 2198
ashleymills 0:714293de3836 2199 int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
ashleymills 0:714293de3836 2200 int type, int monitor)
ashleymills 0:714293de3836 2201 {
ashleymills 0:714293de3836 2202 CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
ashleymills 0:714293de3836 2203 if (cm == NULL)
ashleymills 0:714293de3836 2204 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2205
ashleymills 0:714293de3836 2206 if (cm->crl == NULL) {
ashleymills 0:714293de3836 2207 if (CyaSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
ashleymills 0:714293de3836 2208 CYASSL_MSG("Enable CRL failed");
ashleymills 0:714293de3836 2209 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 2210 }
ashleymills 0:714293de3836 2211 }
ashleymills 0:714293de3836 2212
ashleymills 0:714293de3836 2213 return LoadCRL(cm->crl, path, type, monitor);
ashleymills 0:714293de3836 2214 }
ashleymills 0:714293de3836 2215
ashleymills 0:714293de3836 2216
ashleymills 0:714293de3836 2217 int CyaSSL_EnableCRL(CYASSL* ssl, int options)
ashleymills 0:714293de3836 2218 {
ashleymills 0:714293de3836 2219 CYASSL_ENTER("CyaSSL_EnableCRL");
ashleymills 0:714293de3836 2220 if (ssl)
ashleymills 0:714293de3836 2221 return CyaSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
ashleymills 0:714293de3836 2222 else
ashleymills 0:714293de3836 2223 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2224 }
ashleymills 0:714293de3836 2225
ashleymills 0:714293de3836 2226
ashleymills 0:714293de3836 2227 int CyaSSL_DisableCRL(CYASSL* ssl)
ashleymills 0:714293de3836 2228 {
ashleymills 0:714293de3836 2229 CYASSL_ENTER("CyaSSL_DisableCRL");
ashleymills 0:714293de3836 2230 if (ssl)
ashleymills 0:714293de3836 2231 return CyaSSL_CertManagerDisableCRL(ssl->ctx->cm);
ashleymills 0:714293de3836 2232 else
ashleymills 0:714293de3836 2233 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2234 }
ashleymills 0:714293de3836 2235
ashleymills 0:714293de3836 2236
ashleymills 0:714293de3836 2237 int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor)
ashleymills 0:714293de3836 2238 {
ashleymills 0:714293de3836 2239 CYASSL_ENTER("CyaSSL_LoadCRL");
ashleymills 0:714293de3836 2240 if (ssl)
ashleymills 0:714293de3836 2241 return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
ashleymills 0:714293de3836 2242 else
ashleymills 0:714293de3836 2243 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2244 }
ashleymills 0:714293de3836 2245
ashleymills 0:714293de3836 2246
ashleymills 0:714293de3836 2247 int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb)
ashleymills 0:714293de3836 2248 {
ashleymills 0:714293de3836 2249 CYASSL_ENTER("CyaSSL_SetCRL_Cb");
ashleymills 0:714293de3836 2250 if (ssl)
ashleymills 0:714293de3836 2251 return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
ashleymills 0:714293de3836 2252 else
ashleymills 0:714293de3836 2253 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2254 }
ashleymills 0:714293de3836 2255
ashleymills 0:714293de3836 2256
ashleymills 0:714293de3836 2257 int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options)
ashleymills 0:714293de3836 2258 {
ashleymills 0:714293de3836 2259 CYASSL_ENTER("CyaSSL_CTX_EnableCRL");
ashleymills 0:714293de3836 2260 if (ctx)
ashleymills 0:714293de3836 2261 return CyaSSL_CertManagerEnableCRL(ctx->cm, options);
ashleymills 0:714293de3836 2262 else
ashleymills 0:714293de3836 2263 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2264 }
ashleymills 0:714293de3836 2265
ashleymills 0:714293de3836 2266
ashleymills 0:714293de3836 2267 int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 2268 {
ashleymills 0:714293de3836 2269 CYASSL_ENTER("CyaSSL_CTX_DisableCRL");
ashleymills 0:714293de3836 2270 if (ctx)
ashleymills 0:714293de3836 2271 return CyaSSL_CertManagerDisableCRL(ctx->cm);
ashleymills 0:714293de3836 2272 else
ashleymills 0:714293de3836 2273 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2274 }
ashleymills 0:714293de3836 2275
ashleymills 0:714293de3836 2276
ashleymills 0:714293de3836 2277 int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor)
ashleymills 0:714293de3836 2278 {
ashleymills 0:714293de3836 2279 CYASSL_ENTER("CyaSSL_CTX_LoadCRL");
ashleymills 0:714293de3836 2280 if (ctx)
ashleymills 0:714293de3836 2281 return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
ashleymills 0:714293de3836 2282 else
ashleymills 0:714293de3836 2283 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2284 }
ashleymills 0:714293de3836 2285
ashleymills 0:714293de3836 2286
ashleymills 0:714293de3836 2287 int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb)
ashleymills 0:714293de3836 2288 {
ashleymills 0:714293de3836 2289 CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb");
ashleymills 0:714293de3836 2290 if (ctx)
ashleymills 0:714293de3836 2291 return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
ashleymills 0:714293de3836 2292 else
ashleymills 0:714293de3836 2293 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2294 }
ashleymills 0:714293de3836 2295
ashleymills 0:714293de3836 2296
ashleymills 0:714293de3836 2297 #endif /* HAVE_CRL */
ashleymills 0:714293de3836 2298
ashleymills 0:714293de3836 2299
ashleymills 0:714293de3836 2300 #ifdef CYASSL_DER_LOAD
ashleymills 0:714293de3836 2301
ashleymills 0:714293de3836 2302 /* Add format parameter to allow DER load of CA files */
ashleymills 0:714293de3836 2303 int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file,
ashleymills 0:714293de3836 2304 int format)
ashleymills 0:714293de3836 2305 {
ashleymills 0:714293de3836 2306 CYASSL_ENTER("CyaSSL_CTX_der_load_verify_locations");
ashleymills 0:714293de3836 2307 if (ctx == NULL || file == NULL)
ashleymills 0:714293de3836 2308 return SSL_FAILURE;
ashleymills 0:714293de3836 2309
ashleymills 0:714293de3836 2310 if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
ashleymills 0:714293de3836 2311 return SSL_SUCCESS;
ashleymills 0:714293de3836 2312
ashleymills 0:714293de3836 2313 return SSL_FAILURE;
ashleymills 0:714293de3836 2314 }
ashleymills 0:714293de3836 2315
ashleymills 0:714293de3836 2316 #endif /* CYASSL_DER_LOAD */
ashleymills 0:714293de3836 2317
ashleymills 0:714293de3836 2318
ashleymills 0:714293de3836 2319 #ifdef CYASSL_CERT_GEN
ashleymills 0:714293de3836 2320
ashleymills 0:714293de3836 2321 /* load pem cert from file into der buffer, return der size or error */
ashleymills 0:714293de3836 2322 int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
ashleymills 0:714293de3836 2323 {
ashleymills 0:714293de3836 2324 byte staticBuffer[FILE_BUFFER_SIZE];
ashleymills 0:714293de3836 2325 byte* fileBuf = staticBuffer;
ashleymills 0:714293de3836 2326 int dynamic = 0;
ashleymills 0:714293de3836 2327 int ret;
ashleymills 0:714293de3836 2328 int ecc = 0;
ashleymills 0:714293de3836 2329 long sz = 0;
ashleymills 0:714293de3836 2330 XFILE file = XFOPEN(fileName, "rb");
ashleymills 0:714293de3836 2331 EncryptedInfo info;
ashleymills 0:714293de3836 2332 buffer converted;
ashleymills 0:714293de3836 2333
ashleymills 0:714293de3836 2334 CYASSL_ENTER("CyaSSL_PemCertToDer");
ashleymills 0:714293de3836 2335 converted.buffer = 0;
ashleymills 0:714293de3836 2336
ashleymills 0:714293de3836 2337 if (file == XBADFILE) return SSL_BAD_FILE;
ashleymills 0:714293de3836 2338 XFSEEK(file, 0, XSEEK_END);
ashleymills 0:714293de3836 2339 sz = XFTELL(file);
ashleymills 0:714293de3836 2340 XREWIND(file);
ashleymills 0:714293de3836 2341
ashleymills 0:714293de3836 2342 if (sz > (long)sizeof(staticBuffer)) {
ashleymills 0:714293de3836 2343 fileBuf = (byte*) XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 2344 if (fileBuf == NULL) {
ashleymills 0:714293de3836 2345 XFCLOSE(file);
ashleymills 0:714293de3836 2346 return SSL_BAD_FILE;
ashleymills 0:714293de3836 2347 }
ashleymills 0:714293de3836 2348 dynamic = 1;
ashleymills 0:714293de3836 2349 }
ashleymills 0:714293de3836 2350 else if (sz < 0) {
ashleymills 0:714293de3836 2351 XFCLOSE(file);
ashleymills 0:714293de3836 2352 return SSL_BAD_FILE;
ashleymills 0:714293de3836 2353 }
ashleymills 0:714293de3836 2354
ashleymills 0:714293de3836 2355 if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
ashleymills 0:714293de3836 2356 ret = SSL_BAD_FILE;
ashleymills 0:714293de3836 2357 else
ashleymills 0:714293de3836 2358 ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, &info, &ecc);
ashleymills 0:714293de3836 2359
ashleymills 0:714293de3836 2360 if (ret == 0) {
ashleymills 0:714293de3836 2361 if (converted.length < (word32)derSz) {
ashleymills 0:714293de3836 2362 XMEMCPY(derBuf, converted.buffer, converted.length);
ashleymills 0:714293de3836 2363 ret = converted.length;
ashleymills 0:714293de3836 2364 }
ashleymills 0:714293de3836 2365 else
ashleymills 0:714293de3836 2366 ret = BUFFER_E;
ashleymills 0:714293de3836 2367 }
ashleymills 0:714293de3836 2368
ashleymills 0:714293de3836 2369 XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA);
ashleymills 0:714293de3836 2370 if (dynamic)
ashleymills 0:714293de3836 2371 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 2372 XFCLOSE(file);
ashleymills 0:714293de3836 2373
ashleymills 0:714293de3836 2374 return ret;
ashleymills 0:714293de3836 2375 }
ashleymills 0:714293de3836 2376
ashleymills 0:714293de3836 2377 #endif /* CYASSL_CERT_GEN */
ashleymills 0:714293de3836 2378
ashleymills 0:714293de3836 2379
ashleymills 0:714293de3836 2380 int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file,
ashleymills 0:714293de3836 2381 int format)
ashleymills 0:714293de3836 2382 {
ashleymills 0:714293de3836 2383 CYASSL_ENTER("CyaSSL_CTX_use_certificate_file");
ashleymills 0:714293de3836 2384 if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
ashleymills 0:714293de3836 2385 return SSL_SUCCESS;
ashleymills 0:714293de3836 2386
ashleymills 0:714293de3836 2387 return SSL_FAILURE;
ashleymills 0:714293de3836 2388 }
ashleymills 0:714293de3836 2389
ashleymills 0:714293de3836 2390
ashleymills 0:714293de3836 2391 int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX* ctx, const char* file,int format)
ashleymills 0:714293de3836 2392 {
ashleymills 0:714293de3836 2393 CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_file");
ashleymills 0:714293de3836 2394 if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
ashleymills 0:714293de3836 2395 == SSL_SUCCESS)
ashleymills 0:714293de3836 2396 return SSL_SUCCESS;
ashleymills 0:714293de3836 2397
ashleymills 0:714293de3836 2398 return SSL_FAILURE;
ashleymills 0:714293de3836 2399 }
ashleymills 0:714293de3836 2400
ashleymills 0:714293de3836 2401
ashleymills 0:714293de3836 2402 int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file)
ashleymills 0:714293de3836 2403 {
ashleymills 0:714293de3836 2404 /* procces up to MAX_CHAIN_DEPTH plus subject cert */
ashleymills 0:714293de3836 2405 CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_file");
ashleymills 0:714293de3836 2406 if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
ashleymills 0:714293de3836 2407 == SSL_SUCCESS)
ashleymills 0:714293de3836 2408 return SSL_SUCCESS;
ashleymills 0:714293de3836 2409
ashleymills 0:714293de3836 2410 return SSL_FAILURE;
ashleymills 0:714293de3836 2411 }
ashleymills 0:714293de3836 2412
ashleymills 0:714293de3836 2413
ashleymills 0:714293de3836 2414 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 2415 /* put SSL type in extra for now, not very common */
ashleymills 0:714293de3836 2416
ashleymills 0:714293de3836 2417 int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
ashleymills 0:714293de3836 2418 {
ashleymills 0:714293de3836 2419 CYASSL_ENTER("CyaSSL_use_certificate_file");
ashleymills 0:714293de3836 2420 if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
ashleymills 0:714293de3836 2421 == SSL_SUCCESS)
ashleymills 0:714293de3836 2422 return SSL_SUCCESS;
ashleymills 0:714293de3836 2423
ashleymills 0:714293de3836 2424 return SSL_FAILURE;
ashleymills 0:714293de3836 2425 }
ashleymills 0:714293de3836 2426
ashleymills 0:714293de3836 2427
ashleymills 0:714293de3836 2428 int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
ashleymills 0:714293de3836 2429 {
ashleymills 0:714293de3836 2430 CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
ashleymills 0:714293de3836 2431 if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
ashleymills 0:714293de3836 2432 == SSL_SUCCESS)
ashleymills 0:714293de3836 2433 return SSL_SUCCESS;
ashleymills 0:714293de3836 2434
ashleymills 0:714293de3836 2435 return SSL_FAILURE;
ashleymills 0:714293de3836 2436 }
ashleymills 0:714293de3836 2437
ashleymills 0:714293de3836 2438
ashleymills 0:714293de3836 2439 int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
ashleymills 0:714293de3836 2440 {
ashleymills 0:714293de3836 2441 /* procces up to MAX_CHAIN_DEPTH plus subject cert */
ashleymills 0:714293de3836 2442 CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
ashleymills 0:714293de3836 2443 if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
ashleymills 0:714293de3836 2444 == SSL_SUCCESS)
ashleymills 0:714293de3836 2445 return SSL_SUCCESS;
ashleymills 0:714293de3836 2446
ashleymills 0:714293de3836 2447 return SSL_FAILURE;
ashleymills 0:714293de3836 2448 }
ashleymills 0:714293de3836 2449
ashleymills 0:714293de3836 2450
ashleymills 0:714293de3836 2451 /* server wrapper for ctx or ssl Diffie-Hellman parameters */
ashleymills 0:714293de3836 2452 static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
ashleymills 0:714293de3836 2453 const unsigned char* buf, long sz, int format)
ashleymills 0:714293de3836 2454 {
ashleymills 0:714293de3836 2455 buffer der;
ashleymills 0:714293de3836 2456 int ret;
ashleymills 0:714293de3836 2457 int weOwnDer = 0;
ashleymills 0:714293de3836 2458 byte p[MAX_DH_SIZE];
ashleymills 0:714293de3836 2459 byte g[MAX_DH_SIZE];
ashleymills 0:714293de3836 2460 word32 pSz = sizeof(p);
ashleymills 0:714293de3836 2461 word32 gSz = sizeof(g);
ashleymills 0:714293de3836 2462
ashleymills 0:714293de3836 2463 der.buffer = (byte*)buf;
ashleymills 0:714293de3836 2464 der.length = (word32)sz;
ashleymills 0:714293de3836 2465
ashleymills 0:714293de3836 2466 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
ashleymills 0:714293de3836 2467 return SSL_BAD_FILETYPE;
ashleymills 0:714293de3836 2468
ashleymills 0:714293de3836 2469 if (format == SSL_FILETYPE_PEM) {
ashleymills 0:714293de3836 2470 der.buffer = NULL;
ashleymills 0:714293de3836 2471 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL);
ashleymills 0:714293de3836 2472 if (ret < 0) {
ashleymills 0:714293de3836 2473 XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
ashleymills 0:714293de3836 2474 return ret;
ashleymills 0:714293de3836 2475 }
ashleymills 0:714293de3836 2476 weOwnDer = 1;
ashleymills 0:714293de3836 2477 }
ashleymills 0:714293de3836 2478
ashleymills 0:714293de3836 2479 if (DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0)
ashleymills 0:714293de3836 2480 ret = SSL_BAD_FILETYPE;
ashleymills 0:714293de3836 2481 else {
ashleymills 0:714293de3836 2482 if (ssl)
ashleymills 0:714293de3836 2483 ret = CyaSSL_SetTmpDH(ssl, p, pSz, g, gSz);
ashleymills 0:714293de3836 2484 else
ashleymills 0:714293de3836 2485 ret = CyaSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
ashleymills 0:714293de3836 2486 }
ashleymills 0:714293de3836 2487
ashleymills 0:714293de3836 2488 if (weOwnDer)
ashleymills 0:714293de3836 2489 XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
ashleymills 0:714293de3836 2490
ashleymills 0:714293de3836 2491 return ret;
ashleymills 0:714293de3836 2492 }
ashleymills 0:714293de3836 2493
ashleymills 0:714293de3836 2494 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 2495 int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz,
ashleymills 0:714293de3836 2496 int format)
ashleymills 0:714293de3836 2497 {
ashleymills 0:714293de3836 2498 return CyaSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
ashleymills 0:714293de3836 2499 }
ashleymills 0:714293de3836 2500
ashleymills 0:714293de3836 2501
ashleymills 0:714293de3836 2502 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 2503 int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf,
ashleymills 0:714293de3836 2504 long sz, int format)
ashleymills 0:714293de3836 2505 {
ashleymills 0:714293de3836 2506 return CyaSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
ashleymills 0:714293de3836 2507 }
ashleymills 0:714293de3836 2508
ashleymills 0:714293de3836 2509
ashleymills 0:714293de3836 2510 #ifdef HAVE_ECC
ashleymills 0:714293de3836 2511
ashleymills 0:714293de3836 2512 /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
ashleymills 0:714293de3836 2513 int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz)
ashleymills 0:714293de3836 2514 {
ashleymills 0:714293de3836 2515 if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
ashleymills 0:714293de3836 2516 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2517
ashleymills 0:714293de3836 2518 ctx->eccTempKeySz = sz;
ashleymills 0:714293de3836 2519
ashleymills 0:714293de3836 2520 return SSL_SUCCESS;
ashleymills 0:714293de3836 2521 }
ashleymills 0:714293de3836 2522
ashleymills 0:714293de3836 2523
ashleymills 0:714293de3836 2524 /* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
ashleymills 0:714293de3836 2525 int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz)
ashleymills 0:714293de3836 2526 {
ashleymills 0:714293de3836 2527 if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
ashleymills 0:714293de3836 2528 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2529
ashleymills 0:714293de3836 2530 ssl->eccTempKeySz = sz;
ashleymills 0:714293de3836 2531
ashleymills 0:714293de3836 2532 return SSL_SUCCESS;
ashleymills 0:714293de3836 2533 }
ashleymills 0:714293de3836 2534
ashleymills 0:714293de3836 2535 #endif /* HAVE_ECC */
ashleymills 0:714293de3836 2536
ashleymills 0:714293de3836 2537
ashleymills 0:714293de3836 2538 #if !defined(NO_FILESYSTEM)
ashleymills 0:714293de3836 2539
ashleymills 0:714293de3836 2540 /* server Diffie-Hellman parameters */
ashleymills 0:714293de3836 2541 static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
ashleymills 0:714293de3836 2542 const char* fname, int format)
ashleymills 0:714293de3836 2543 {
ashleymills 0:714293de3836 2544 byte staticBuffer[FILE_BUFFER_SIZE];
ashleymills 0:714293de3836 2545 byte* myBuffer = staticBuffer;
ashleymills 0:714293de3836 2546 int dynamic = 0;
ashleymills 0:714293de3836 2547 int ret;
ashleymills 0:714293de3836 2548 long sz = 0;
ashleymills 0:714293de3836 2549 XFILE file = XFOPEN(fname, "rb");
ashleymills 0:714293de3836 2550
ashleymills 0:714293de3836 2551 if (file == XBADFILE) return SSL_BAD_FILE;
ashleymills 0:714293de3836 2552 XFSEEK(file, 0, XSEEK_END);
ashleymills 0:714293de3836 2553 sz = XFTELL(file);
ashleymills 0:714293de3836 2554 XREWIND(file);
ashleymills 0:714293de3836 2555
ashleymills 0:714293de3836 2556 if (sz > (long)sizeof(staticBuffer)) {
ashleymills 0:714293de3836 2557 CYASSL_MSG("Getting dynamic buffer");
ashleymills 0:714293de3836 2558 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 2559 if (myBuffer == NULL) {
ashleymills 0:714293de3836 2560 XFCLOSE(file);
ashleymills 0:714293de3836 2561 return SSL_BAD_FILE;
ashleymills 0:714293de3836 2562 }
ashleymills 0:714293de3836 2563 dynamic = 1;
ashleymills 0:714293de3836 2564 }
ashleymills 0:714293de3836 2565 else if (sz < 0) {
ashleymills 0:714293de3836 2566 XFCLOSE(file);
ashleymills 0:714293de3836 2567 return SSL_BAD_FILE;
ashleymills 0:714293de3836 2568 }
ashleymills 0:714293de3836 2569
ashleymills 0:714293de3836 2570 if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
ashleymills 0:714293de3836 2571 ret = SSL_BAD_FILE;
ashleymills 0:714293de3836 2572 else {
ashleymills 0:714293de3836 2573 if (ssl)
ashleymills 0:714293de3836 2574 ret = CyaSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
ashleymills 0:714293de3836 2575 else
ashleymills 0:714293de3836 2576 ret = CyaSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
ashleymills 0:714293de3836 2577 }
ashleymills 0:714293de3836 2578
ashleymills 0:714293de3836 2579 XFCLOSE(file);
ashleymills 0:714293de3836 2580 if (dynamic) XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 2581
ashleymills 0:714293de3836 2582 return ret;
ashleymills 0:714293de3836 2583 }
ashleymills 0:714293de3836 2584
ashleymills 0:714293de3836 2585 /* server Diffie-Hellman parameters */
ashleymills 0:714293de3836 2586 int CyaSSL_SetTmpDH_file(CYASSL* ssl, const char* fname, int format)
ashleymills 0:714293de3836 2587 {
ashleymills 0:714293de3836 2588 return CyaSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
ashleymills 0:714293de3836 2589 }
ashleymills 0:714293de3836 2590
ashleymills 0:714293de3836 2591
ashleymills 0:714293de3836 2592 /* server Diffie-Hellman parameters */
ashleymills 0:714293de3836 2593 int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format)
ashleymills 0:714293de3836 2594 {
ashleymills 0:714293de3836 2595 return CyaSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
ashleymills 0:714293de3836 2596 }
ashleymills 0:714293de3836 2597
ashleymills 0:714293de3836 2598
ashleymills 0:714293de3836 2599 #endif /* !NO_FILESYSTEM */
ashleymills 0:714293de3836 2600 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 2601
ashleymills 0:714293de3836 2602 #ifdef HAVE_NTRU
ashleymills 0:714293de3836 2603
ashleymills 0:714293de3836 2604 int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
ashleymills 0:714293de3836 2605 {
ashleymills 0:714293de3836 2606 CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file");
ashleymills 0:714293de3836 2607 if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
ashleymills 0:714293de3836 2608 == SSL_SUCCESS) {
ashleymills 0:714293de3836 2609 ctx->haveNTRU = 1;
ashleymills 0:714293de3836 2610 return SSL_SUCCESS;
ashleymills 0:714293de3836 2611 }
ashleymills 0:714293de3836 2612
ashleymills 0:714293de3836 2613 return SSL_FAILURE;
ashleymills 0:714293de3836 2614 }
ashleymills 0:714293de3836 2615
ashleymills 0:714293de3836 2616 #endif /* HAVE_NTRU */
ashleymills 0:714293de3836 2617
ashleymills 0:714293de3836 2618
ashleymills 0:714293de3836 2619
ashleymills 0:714293de3836 2620 #if defined(OPENSSL_EXTRA)
ashleymills 0:714293de3836 2621
ashleymills 0:714293de3836 2622 int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file,
ashleymills 0:714293de3836 2623 int format)
ashleymills 0:714293de3836 2624 {
ashleymills 0:714293de3836 2625 CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
ashleymills 0:714293de3836 2626
ashleymills 0:714293de3836 2627 return CyaSSL_CTX_use_PrivateKey_file(ctx, file, format);
ashleymills 0:714293de3836 2628 }
ashleymills 0:714293de3836 2629
ashleymills 0:714293de3836 2630 int CyaSSL_use_RSAPrivateKey_file(CYASSL* ssl, const char* file, int format)
ashleymills 0:714293de3836 2631 {
ashleymills 0:714293de3836 2632 CYASSL_ENTER("CyaSSL_use_RSAPrivateKey_file");
ashleymills 0:714293de3836 2633
ashleymills 0:714293de3836 2634 return CyaSSL_use_PrivateKey_file(ssl, file, format);
ashleymills 0:714293de3836 2635 }
ashleymills 0:714293de3836 2636
ashleymills 0:714293de3836 2637 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 2638
ashleymills 0:714293de3836 2639 #endif /* NO_FILESYSTEM */
ashleymills 0:714293de3836 2640
ashleymills 0:714293de3836 2641
ashleymills 0:714293de3836 2642 void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
ashleymills 0:714293de3836 2643 {
ashleymills 0:714293de3836 2644 CYASSL_ENTER("CyaSSL_CTX_set_verify");
ashleymills 0:714293de3836 2645 if (mode & SSL_VERIFY_PEER) {
ashleymills 0:714293de3836 2646 ctx->verifyPeer = 1;
ashleymills 0:714293de3836 2647 ctx->verifyNone = 0; /* in case perviously set */
ashleymills 0:714293de3836 2648 }
ashleymills 0:714293de3836 2649
ashleymills 0:714293de3836 2650 if (mode == SSL_VERIFY_NONE) {
ashleymills 0:714293de3836 2651 ctx->verifyNone = 1;
ashleymills 0:714293de3836 2652 ctx->verifyPeer = 0; /* in case previously set */
ashleymills 0:714293de3836 2653 }
ashleymills 0:714293de3836 2654
ashleymills 0:714293de3836 2655 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
ashleymills 0:714293de3836 2656 ctx->failNoCert = 1;
ashleymills 0:714293de3836 2657
ashleymills 0:714293de3836 2658 ctx->verifyCallback = vc;
ashleymills 0:714293de3836 2659 }
ashleymills 0:714293de3836 2660
ashleymills 0:714293de3836 2661
ashleymills 0:714293de3836 2662 void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
ashleymills 0:714293de3836 2663 {
ashleymills 0:714293de3836 2664 CYASSL_ENTER("CyaSSL_set_verify");
ashleymills 0:714293de3836 2665 if (mode & SSL_VERIFY_PEER) {
ashleymills 0:714293de3836 2666 ssl->options.verifyPeer = 1;
ashleymills 0:714293de3836 2667 ssl->options.verifyNone = 0; /* in case perviously set */
ashleymills 0:714293de3836 2668 }
ashleymills 0:714293de3836 2669
ashleymills 0:714293de3836 2670 if (mode == SSL_VERIFY_NONE) {
ashleymills 0:714293de3836 2671 ssl->options.verifyNone = 1;
ashleymills 0:714293de3836 2672 ssl->options.verifyPeer = 0; /* in case previously set */
ashleymills 0:714293de3836 2673 }
ashleymills 0:714293de3836 2674
ashleymills 0:714293de3836 2675 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
ashleymills 0:714293de3836 2676 ssl->options.failNoCert = 1;
ashleymills 0:714293de3836 2677
ashleymills 0:714293de3836 2678 ssl->verifyCallback = vc;
ashleymills 0:714293de3836 2679 }
ashleymills 0:714293de3836 2680
ashleymills 0:714293de3836 2681
ashleymills 0:714293de3836 2682 /* store user ctx for verify callback */
ashleymills 0:714293de3836 2683 void CyaSSL_SetCertCbCtx(CYASSL* ssl, void* ctx)
ashleymills 0:714293de3836 2684 {
ashleymills 0:714293de3836 2685 CYASSL_ENTER("CyaSSL_SetCertCbCtx");
ashleymills 0:714293de3836 2686 if (ssl)
ashleymills 0:714293de3836 2687 ssl->verifyCbCtx = ctx;
ashleymills 0:714293de3836 2688 }
ashleymills 0:714293de3836 2689
ashleymills 0:714293de3836 2690
ashleymills 0:714293de3836 2691 /* store context CA Cache addition callback */
ashleymills 0:714293de3836 2692 void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
ashleymills 0:714293de3836 2693 {
ashleymills 0:714293de3836 2694 if (ctx && ctx->cm)
ashleymills 0:714293de3836 2695 ctx->cm->caCacheCallback = cb;
ashleymills 0:714293de3836 2696 }
ashleymills 0:714293de3836 2697
ashleymills 0:714293de3836 2698
ashleymills 0:714293de3836 2699 #if defined(PERSIST_CERT_CACHE)
ashleymills 0:714293de3836 2700
ashleymills 0:714293de3836 2701 #if !defined(NO_FILESYSTEM)
ashleymills 0:714293de3836 2702
ashleymills 0:714293de3836 2703 /* Persist cert cache to file */
ashleymills 0:714293de3836 2704 int CyaSSL_CTX_save_cert_cache(CYASSL_CTX* ctx, const char* fname)
ashleymills 0:714293de3836 2705 {
ashleymills 0:714293de3836 2706 CYASSL_ENTER("CyaSSL_CTX_save_cert_cache");
ashleymills 0:714293de3836 2707
ashleymills 0:714293de3836 2708 if (ctx == NULL || fname == NULL)
ashleymills 0:714293de3836 2709 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2710
ashleymills 0:714293de3836 2711 return CM_SaveCertCache(ctx->cm, fname);
ashleymills 0:714293de3836 2712 }
ashleymills 0:714293de3836 2713
ashleymills 0:714293de3836 2714
ashleymills 0:714293de3836 2715 /* Persist cert cache from file */
ashleymills 0:714293de3836 2716 int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX* ctx, const char* fname)
ashleymills 0:714293de3836 2717 {
ashleymills 0:714293de3836 2718 CYASSL_ENTER("CyaSSL_CTX_restore_cert_cache");
ashleymills 0:714293de3836 2719
ashleymills 0:714293de3836 2720 if (ctx == NULL || fname == NULL)
ashleymills 0:714293de3836 2721 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2722
ashleymills 0:714293de3836 2723 return CM_RestoreCertCache(ctx->cm, fname);
ashleymills 0:714293de3836 2724 }
ashleymills 0:714293de3836 2725
ashleymills 0:714293de3836 2726 #endif /* NO_FILESYSTEM */
ashleymills 0:714293de3836 2727
ashleymills 0:714293de3836 2728 /* Persist cert cache to memory */
ashleymills 0:714293de3836 2729 int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX* ctx, void* mem, int sz, int* used)
ashleymills 0:714293de3836 2730 {
ashleymills 0:714293de3836 2731 CYASSL_ENTER("CyaSSL_CTX_memsave_cert_cache");
ashleymills 0:714293de3836 2732
ashleymills 0:714293de3836 2733 if (ctx == NULL || mem == NULL || used == NULL || sz <= 0)
ashleymills 0:714293de3836 2734 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2735
ashleymills 0:714293de3836 2736 return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
ashleymills 0:714293de3836 2737 }
ashleymills 0:714293de3836 2738
ashleymills 0:714293de3836 2739
ashleymills 0:714293de3836 2740 /* Restore cert cache from memory */
ashleymills 0:714293de3836 2741 int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX* ctx, const void* mem, int sz)
ashleymills 0:714293de3836 2742 {
ashleymills 0:714293de3836 2743 CYASSL_ENTER("CyaSSL_CTX_memrestore_cert_cache");
ashleymills 0:714293de3836 2744
ashleymills 0:714293de3836 2745 if (ctx == NULL || mem == NULL || sz <= 0)
ashleymills 0:714293de3836 2746 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2747
ashleymills 0:714293de3836 2748 return CM_MemRestoreCertCache(ctx->cm, mem, sz);
ashleymills 0:714293de3836 2749 }
ashleymills 0:714293de3836 2750
ashleymills 0:714293de3836 2751
ashleymills 0:714293de3836 2752 /* get how big the the cert cache save buffer needs to be */
ashleymills 0:714293de3836 2753 int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 2754 {
ashleymills 0:714293de3836 2755 CYASSL_ENTER("CyaSSL_CTX_get_cert_cache_memsize");
ashleymills 0:714293de3836 2756
ashleymills 0:714293de3836 2757 if (ctx == NULL)
ashleymills 0:714293de3836 2758 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2759
ashleymills 0:714293de3836 2760 return CM_GetCertCacheMemSize(ctx->cm);
ashleymills 0:714293de3836 2761 }
ashleymills 0:714293de3836 2762
ashleymills 0:714293de3836 2763 #endif /* PERSISTE_CERT_CACHE */
ashleymills 0:714293de3836 2764 #endif /* !NO_CERTS */
ashleymills 0:714293de3836 2765
ashleymills 0:714293de3836 2766
ashleymills 0:714293de3836 2767 #ifndef NO_SESSION_CACHE
ashleymills 0:714293de3836 2768
ashleymills 0:714293de3836 2769 CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl)
ashleymills 0:714293de3836 2770 {
ashleymills 0:714293de3836 2771 CYASSL_ENTER("SSL_get_session");
ashleymills 0:714293de3836 2772 if (ssl)
ashleymills 0:714293de3836 2773 return GetSession(ssl, 0);
ashleymills 0:714293de3836 2774
ashleymills 0:714293de3836 2775 return NULL;
ashleymills 0:714293de3836 2776 }
ashleymills 0:714293de3836 2777
ashleymills 0:714293de3836 2778
ashleymills 0:714293de3836 2779 int CyaSSL_set_session(CYASSL* ssl, CYASSL_SESSION* session)
ashleymills 0:714293de3836 2780 {
ashleymills 0:714293de3836 2781 CYASSL_ENTER("SSL_set_session");
ashleymills 0:714293de3836 2782 if (session)
ashleymills 0:714293de3836 2783 return SetSession(ssl, session);
ashleymills 0:714293de3836 2784
ashleymills 0:714293de3836 2785 return SSL_FAILURE;
ashleymills 0:714293de3836 2786 }
ashleymills 0:714293de3836 2787
ashleymills 0:714293de3836 2788
ashleymills 0:714293de3836 2789 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 2790
ashleymills 0:714293de3836 2791 /* Associate client session with serverID, find existing or store for saving
ashleymills 0:714293de3836 2792 if newSession flag on, don't reuse existing session
ashleymills 0:714293de3836 2793 SSL_SUCCESS on ok */
ashleymills 0:714293de3836 2794 int CyaSSL_SetServerID(CYASSL* ssl, const byte* id, int len, int newSession)
ashleymills 0:714293de3836 2795 {
ashleymills 0:714293de3836 2796 CYASSL_SESSION* session = NULL;
ashleymills 0:714293de3836 2797
ashleymills 0:714293de3836 2798 CYASSL_ENTER("CyaSSL_SetServerID");
ashleymills 0:714293de3836 2799
ashleymills 0:714293de3836 2800 if (ssl == NULL || id == NULL || len <= 0)
ashleymills 0:714293de3836 2801 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 2802
ashleymills 0:714293de3836 2803 if (newSession == 0) {
ashleymills 0:714293de3836 2804 session = GetSessionClient(ssl, id, len);
ashleymills 0:714293de3836 2805 if (session) {
ashleymills 0:714293de3836 2806 if (SetSession(ssl, session) != SSL_SUCCESS) {
ashleymills 0:714293de3836 2807 CYASSL_MSG("SetSession failed");
ashleymills 0:714293de3836 2808 session = NULL;
ashleymills 0:714293de3836 2809 }
ashleymills 0:714293de3836 2810 }
ashleymills 0:714293de3836 2811 }
ashleymills 0:714293de3836 2812
ashleymills 0:714293de3836 2813 if (session == NULL) {
ashleymills 0:714293de3836 2814 CYASSL_MSG("Valid ServerID not cached already");
ashleymills 0:714293de3836 2815
ashleymills 0:714293de3836 2816 ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
ashleymills 0:714293de3836 2817 XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
ashleymills 0:714293de3836 2818 }
ashleymills 0:714293de3836 2819
ashleymills 0:714293de3836 2820 return SSL_SUCCESS;
ashleymills 0:714293de3836 2821 }
ashleymills 0:714293de3836 2822
ashleymills 0:714293de3836 2823 #endif /* NO_CLIENT_CACHE */
ashleymills 0:714293de3836 2824
ashleymills 0:714293de3836 2825 #if defined(PERSIST_SESSION_CACHE)
ashleymills 0:714293de3836 2826
ashleymills 0:714293de3836 2827 /* Session Cache Header information */
ashleymills 0:714293de3836 2828 typedef struct {
ashleymills 0:714293de3836 2829 int version; /* cache layout version id */
ashleymills 0:714293de3836 2830 int rows; /* session rows */
ashleymills 0:714293de3836 2831 int columns; /* session columns */
ashleymills 0:714293de3836 2832 int sessionSz; /* sizeof CYASSL_SESSION */
ashleymills 0:714293de3836 2833 } cache_header_t;
ashleymills 0:714293de3836 2834
ashleymills 0:714293de3836 2835 /* current persistence layout is:
ashleymills 0:714293de3836 2836
ashleymills 0:714293de3836 2837 1) cache_header_t
ashleymills 0:714293de3836 2838 2) SessionCache
ashleymills 0:714293de3836 2839 3) ClientCache
ashleymills 0:714293de3836 2840
ashleymills 0:714293de3836 2841 update CYASSL_CACHE_VERSION if change layout for the following
ashleymills 0:714293de3836 2842 PERSISTENT_SESSION_CACHE functions
ashleymills 0:714293de3836 2843 */
ashleymills 0:714293de3836 2844
ashleymills 0:714293de3836 2845
ashleymills 0:714293de3836 2846 /* get how big the the session cache save buffer needs to be */
ashleymills 0:714293de3836 2847 int CyaSSL_get_session_cache_memsize(void)
ashleymills 0:714293de3836 2848 {
ashleymills 0:714293de3836 2849 int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
ashleymills 0:714293de3836 2850
ashleymills 0:714293de3836 2851 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 2852 sz += (int)(sizeof(ClientCache));
ashleymills 0:714293de3836 2853 #endif
ashleymills 0:714293de3836 2854
ashleymills 0:714293de3836 2855 return sz;
ashleymills 0:714293de3836 2856 }
ashleymills 0:714293de3836 2857
ashleymills 0:714293de3836 2858
ashleymills 0:714293de3836 2859 /* Persist session cache to memory */
ashleymills 0:714293de3836 2860 int CyaSSL_memsave_session_cache(void* mem, int sz)
ashleymills 0:714293de3836 2861 {
ashleymills 0:714293de3836 2862 int i;
ashleymills 0:714293de3836 2863 cache_header_t cache_header;
ashleymills 0:714293de3836 2864 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
ashleymills 0:714293de3836 2865 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 2866 ClientRow* clRow;
ashleymills 0:714293de3836 2867 #endif
ashleymills 0:714293de3836 2868
ashleymills 0:714293de3836 2869 CYASSL_ENTER("CyaSSL_memsave_session_cache");
ashleymills 0:714293de3836 2870
ashleymills 0:714293de3836 2871 if (sz < CyaSSL_get_session_cache_memsize()) {
ashleymills 0:714293de3836 2872 CYASSL_MSG("Memory buffer too small");
ashleymills 0:714293de3836 2873 return BUFFER_E;
ashleymills 0:714293de3836 2874 }
ashleymills 0:714293de3836 2875
ashleymills 0:714293de3836 2876 cache_header.version = CYASSL_CACHE_VERSION;
ashleymills 0:714293de3836 2877 cache_header.rows = SESSION_ROWS;
ashleymills 0:714293de3836 2878 cache_header.columns = SESSIONS_PER_ROW;
ashleymills 0:714293de3836 2879 cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
ashleymills 0:714293de3836 2880 XMEMCPY(mem, &cache_header, sizeof(cache_header));
ashleymills 0:714293de3836 2881
ashleymills 0:714293de3836 2882 if (LockMutex(&session_mutex) != 0) {
ashleymills 0:714293de3836 2883 CYASSL_MSG("Session cache mutex lock failed");
ashleymills 0:714293de3836 2884 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 2885 }
ashleymills 0:714293de3836 2886
ashleymills 0:714293de3836 2887 for (i = 0; i < cache_header.rows; ++i)
ashleymills 0:714293de3836 2888 XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
ashleymills 0:714293de3836 2889
ashleymills 0:714293de3836 2890 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 2891 clRow = (ClientRow*)row;
ashleymills 0:714293de3836 2892 for (i = 0; i < cache_header.rows; ++i)
ashleymills 0:714293de3836 2893 XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
ashleymills 0:714293de3836 2894 #endif
ashleymills 0:714293de3836 2895
ashleymills 0:714293de3836 2896 UnLockMutex(&session_mutex);
ashleymills 0:714293de3836 2897
ashleymills 0:714293de3836 2898 CYASSL_LEAVE("CyaSSL_memsave_session_cache", SSL_SUCCESS);
ashleymills 0:714293de3836 2899
ashleymills 0:714293de3836 2900 return SSL_SUCCESS;
ashleymills 0:714293de3836 2901 }
ashleymills 0:714293de3836 2902
ashleymills 0:714293de3836 2903
ashleymills 0:714293de3836 2904 /* Restore the persistant session cache from memory */
ashleymills 0:714293de3836 2905 int CyaSSL_memrestore_session_cache(const void* mem, int sz)
ashleymills 0:714293de3836 2906 {
ashleymills 0:714293de3836 2907 int i;
ashleymills 0:714293de3836 2908 cache_header_t cache_header;
ashleymills 0:714293de3836 2909 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
ashleymills 0:714293de3836 2910 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 2911 ClientRow* clRow;
ashleymills 0:714293de3836 2912 #endif
ashleymills 0:714293de3836 2913
ashleymills 0:714293de3836 2914 CYASSL_ENTER("CyaSSL_memrestore_session_cache");
ashleymills 0:714293de3836 2915
ashleymills 0:714293de3836 2916 if (sz < CyaSSL_get_session_cache_memsize()) {
ashleymills 0:714293de3836 2917 CYASSL_MSG("Memory buffer too small");
ashleymills 0:714293de3836 2918 return BUFFER_E;
ashleymills 0:714293de3836 2919 }
ashleymills 0:714293de3836 2920
ashleymills 0:714293de3836 2921 XMEMCPY(&cache_header, mem, sizeof(cache_header));
ashleymills 0:714293de3836 2922 if (cache_header.version != CYASSL_CACHE_VERSION ||
ashleymills 0:714293de3836 2923 cache_header.rows != SESSION_ROWS ||
ashleymills 0:714293de3836 2924 cache_header.columns != SESSIONS_PER_ROW ||
ashleymills 0:714293de3836 2925 cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
ashleymills 0:714293de3836 2926
ashleymills 0:714293de3836 2927 CYASSL_MSG("Session cache header match failed");
ashleymills 0:714293de3836 2928 return CACHE_MATCH_ERROR;
ashleymills 0:714293de3836 2929 }
ashleymills 0:714293de3836 2930
ashleymills 0:714293de3836 2931 if (LockMutex(&session_mutex) != 0) {
ashleymills 0:714293de3836 2932 CYASSL_MSG("Session cache mutex lock failed");
ashleymills 0:714293de3836 2933 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 2934 }
ashleymills 0:714293de3836 2935
ashleymills 0:714293de3836 2936 for (i = 0; i < cache_header.rows; ++i)
ashleymills 0:714293de3836 2937 XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
ashleymills 0:714293de3836 2938
ashleymills 0:714293de3836 2939 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 2940 clRow = (ClientRow*)row;
ashleymills 0:714293de3836 2941 for (i = 0; i < cache_header.rows; ++i)
ashleymills 0:714293de3836 2942 XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
ashleymills 0:714293de3836 2943 #endif
ashleymills 0:714293de3836 2944
ashleymills 0:714293de3836 2945 UnLockMutex(&session_mutex);
ashleymills 0:714293de3836 2946
ashleymills 0:714293de3836 2947 CYASSL_LEAVE("CyaSSL_memrestore_session_cache", SSL_SUCCESS);
ashleymills 0:714293de3836 2948
ashleymills 0:714293de3836 2949 return SSL_SUCCESS;
ashleymills 0:714293de3836 2950 }
ashleymills 0:714293de3836 2951
ashleymills 0:714293de3836 2952 #if !defined(NO_FILESYSTEM)
ashleymills 0:714293de3836 2953
ashleymills 0:714293de3836 2954 /* Persist session cache to file */
ashleymills 0:714293de3836 2955 /* doesn't use memsave because of additional memory use */
ashleymills 0:714293de3836 2956 int CyaSSL_save_session_cache(const char *fname)
ashleymills 0:714293de3836 2957 {
ashleymills 0:714293de3836 2958 XFILE file;
ashleymills 0:714293de3836 2959 int ret;
ashleymills 0:714293de3836 2960 int rc = SSL_SUCCESS;
ashleymills 0:714293de3836 2961 int i;
ashleymills 0:714293de3836 2962 cache_header_t cache_header;
ashleymills 0:714293de3836 2963
ashleymills 0:714293de3836 2964 CYASSL_ENTER("CyaSSL_save_session_cache");
ashleymills 0:714293de3836 2965
ashleymills 0:714293de3836 2966 file = XFOPEN(fname, "w+b");
ashleymills 0:714293de3836 2967 if (file == XBADFILE) {
ashleymills 0:714293de3836 2968 CYASSL_MSG("Couldn't open session cache save file");
ashleymills 0:714293de3836 2969 return SSL_BAD_FILE;
ashleymills 0:714293de3836 2970 }
ashleymills 0:714293de3836 2971 cache_header.version = CYASSL_CACHE_VERSION;
ashleymills 0:714293de3836 2972 cache_header.rows = SESSION_ROWS;
ashleymills 0:714293de3836 2973 cache_header.columns = SESSIONS_PER_ROW;
ashleymills 0:714293de3836 2974 cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
ashleymills 0:714293de3836 2975
ashleymills 0:714293de3836 2976 /* cache header */
ashleymills 0:714293de3836 2977 ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
ashleymills 0:714293de3836 2978 if (ret != 1) {
ashleymills 0:714293de3836 2979 CYASSL_MSG("Session cache header file write failed");
ashleymills 0:714293de3836 2980 XFCLOSE(file);
ashleymills 0:714293de3836 2981 return FWRITE_ERROR;
ashleymills 0:714293de3836 2982 }
ashleymills 0:714293de3836 2983
ashleymills 0:714293de3836 2984 if (LockMutex(&session_mutex) != 0) {
ashleymills 0:714293de3836 2985 CYASSL_MSG("Session cache mutex lock failed");
ashleymills 0:714293de3836 2986 XFCLOSE(file);
ashleymills 0:714293de3836 2987 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 2988 }
ashleymills 0:714293de3836 2989
ashleymills 0:714293de3836 2990 /* session cache */
ashleymills 0:714293de3836 2991 for (i = 0; i < cache_header.rows; ++i) {
ashleymills 0:714293de3836 2992 ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
ashleymills 0:714293de3836 2993 if (ret != 1) {
ashleymills 0:714293de3836 2994 CYASSL_MSG("Session cache member file write failed");
ashleymills 0:714293de3836 2995 rc = FWRITE_ERROR;
ashleymills 0:714293de3836 2996 break;
ashleymills 0:714293de3836 2997 }
ashleymills 0:714293de3836 2998 }
ashleymills 0:714293de3836 2999
ashleymills 0:714293de3836 3000 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 3001 /* client cache */
ashleymills 0:714293de3836 3002 for (i = 0; i < cache_header.rows; ++i) {
ashleymills 0:714293de3836 3003 ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
ashleymills 0:714293de3836 3004 if (ret != 1) {
ashleymills 0:714293de3836 3005 CYASSL_MSG("Client cache member file write failed");
ashleymills 0:714293de3836 3006 rc = FWRITE_ERROR;
ashleymills 0:714293de3836 3007 break;
ashleymills 0:714293de3836 3008 }
ashleymills 0:714293de3836 3009 }
ashleymills 0:714293de3836 3010 #endif /* NO_CLIENT_CACHE */
ashleymills 0:714293de3836 3011
ashleymills 0:714293de3836 3012 UnLockMutex(&session_mutex);
ashleymills 0:714293de3836 3013
ashleymills 0:714293de3836 3014 XFCLOSE(file);
ashleymills 0:714293de3836 3015 CYASSL_LEAVE("CyaSSL_save_session_cache", rc);
ashleymills 0:714293de3836 3016
ashleymills 0:714293de3836 3017 return rc;
ashleymills 0:714293de3836 3018 }
ashleymills 0:714293de3836 3019
ashleymills 0:714293de3836 3020
ashleymills 0:714293de3836 3021 /* Restore the persistant session cache from file */
ashleymills 0:714293de3836 3022 /* doesn't use memstore because of additional memory use */
ashleymills 0:714293de3836 3023 int CyaSSL_restore_session_cache(const char *fname)
ashleymills 0:714293de3836 3024 {
ashleymills 0:714293de3836 3025 XFILE file;
ashleymills 0:714293de3836 3026 int rc = SSL_SUCCESS;
ashleymills 0:714293de3836 3027 int ret;
ashleymills 0:714293de3836 3028 int i;
ashleymills 0:714293de3836 3029 cache_header_t cache_header;
ashleymills 0:714293de3836 3030
ashleymills 0:714293de3836 3031 CYASSL_ENTER("CyaSSL_restore_session_cache");
ashleymills 0:714293de3836 3032
ashleymills 0:714293de3836 3033 file = XFOPEN(fname, "rb");
ashleymills 0:714293de3836 3034 if (file == XBADFILE) {
ashleymills 0:714293de3836 3035 CYASSL_MSG("Couldn't open session cache save file");
ashleymills 0:714293de3836 3036 return SSL_BAD_FILE;
ashleymills 0:714293de3836 3037 }
ashleymills 0:714293de3836 3038 /* cache header */
ashleymills 0:714293de3836 3039 ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
ashleymills 0:714293de3836 3040 if (ret != 1) {
ashleymills 0:714293de3836 3041 CYASSL_MSG("Session cache header file read failed");
ashleymills 0:714293de3836 3042 XFCLOSE(file);
ashleymills 0:714293de3836 3043 return FREAD_ERROR;
ashleymills 0:714293de3836 3044 }
ashleymills 0:714293de3836 3045 if (cache_header.version != CYASSL_CACHE_VERSION ||
ashleymills 0:714293de3836 3046 cache_header.rows != SESSION_ROWS ||
ashleymills 0:714293de3836 3047 cache_header.columns != SESSIONS_PER_ROW ||
ashleymills 0:714293de3836 3048 cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
ashleymills 0:714293de3836 3049
ashleymills 0:714293de3836 3050 CYASSL_MSG("Session cache header match failed");
ashleymills 0:714293de3836 3051 XFCLOSE(file);
ashleymills 0:714293de3836 3052 return CACHE_MATCH_ERROR;
ashleymills 0:714293de3836 3053 }
ashleymills 0:714293de3836 3054
ashleymills 0:714293de3836 3055 if (LockMutex(&session_mutex) != 0) {
ashleymills 0:714293de3836 3056 CYASSL_MSG("Session cache mutex lock failed");
ashleymills 0:714293de3836 3057 XFCLOSE(file);
ashleymills 0:714293de3836 3058 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 3059 }
ashleymills 0:714293de3836 3060
ashleymills 0:714293de3836 3061 /* session cache */
ashleymills 0:714293de3836 3062 for (i = 0; i < cache_header.rows; ++i) {
ashleymills 0:714293de3836 3063 ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
ashleymills 0:714293de3836 3064 if (ret != 1) {
ashleymills 0:714293de3836 3065 CYASSL_MSG("Session cache member file read failed");
ashleymills 0:714293de3836 3066 XMEMSET(SessionCache, 0, sizeof SessionCache);
ashleymills 0:714293de3836 3067 rc = FREAD_ERROR;
ashleymills 0:714293de3836 3068 break;
ashleymills 0:714293de3836 3069 }
ashleymills 0:714293de3836 3070 }
ashleymills 0:714293de3836 3071
ashleymills 0:714293de3836 3072 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 3073 /* client cache */
ashleymills 0:714293de3836 3074 for (i = 0; i < cache_header.rows; ++i) {
ashleymills 0:714293de3836 3075 ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
ashleymills 0:714293de3836 3076 if (ret != 1) {
ashleymills 0:714293de3836 3077 CYASSL_MSG("Client cache member file read failed");
ashleymills 0:714293de3836 3078 XMEMSET(ClientCache, 0, sizeof ClientCache);
ashleymills 0:714293de3836 3079 rc = FREAD_ERROR;
ashleymills 0:714293de3836 3080 break;
ashleymills 0:714293de3836 3081 }
ashleymills 0:714293de3836 3082 }
ashleymills 0:714293de3836 3083
ashleymills 0:714293de3836 3084 #endif /* NO_CLIENT_CACHE */
ashleymills 0:714293de3836 3085
ashleymills 0:714293de3836 3086 UnLockMutex(&session_mutex);
ashleymills 0:714293de3836 3087
ashleymills 0:714293de3836 3088 XFCLOSE(file);
ashleymills 0:714293de3836 3089 CYASSL_LEAVE("CyaSSL_restore_session_cache", rc);
ashleymills 0:714293de3836 3090
ashleymills 0:714293de3836 3091 return rc;
ashleymills 0:714293de3836 3092 }
ashleymills 0:714293de3836 3093
ashleymills 0:714293de3836 3094 #endif /* !NO_FILESYSTEM */
ashleymills 0:714293de3836 3095 #endif /* PERSIST_SESSION_CACHE */
ashleymills 0:714293de3836 3096 #endif /* NO_SESSION_CACHE */
ashleymills 0:714293de3836 3097
ashleymills 0:714293de3836 3098
ashleymills 0:714293de3836 3099 void CyaSSL_load_error_strings(void) /* compatibility only */
ashleymills 0:714293de3836 3100 {}
ashleymills 0:714293de3836 3101
ashleymills 0:714293de3836 3102
ashleymills 0:714293de3836 3103 int CyaSSL_library_init(void)
ashleymills 0:714293de3836 3104 {
ashleymills 0:714293de3836 3105 CYASSL_ENTER("SSL_library_init");
ashleymills 0:714293de3836 3106 if (CyaSSL_Init() == SSL_SUCCESS)
ashleymills 0:714293de3836 3107 return SSL_SUCCESS;
ashleymills 0:714293de3836 3108 else
ashleymills 0:714293de3836 3109 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3110 }
ashleymills 0:714293de3836 3111
ashleymills 0:714293de3836 3112
ashleymills 0:714293de3836 3113 #ifndef NO_SESSION_CACHE
ashleymills 0:714293de3836 3114
ashleymills 0:714293de3836 3115 /* on by default if built in but allow user to turn off */
ashleymills 0:714293de3836 3116 long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode)
ashleymills 0:714293de3836 3117 {
ashleymills 0:714293de3836 3118 CYASSL_ENTER("SSL_CTX_set_session_cache_mode");
ashleymills 0:714293de3836 3119 if (mode == SSL_SESS_CACHE_OFF)
ashleymills 0:714293de3836 3120 ctx->sessionCacheOff = 1;
ashleymills 0:714293de3836 3121
ashleymills 0:714293de3836 3122 if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
ashleymills 0:714293de3836 3123 ctx->sessionCacheFlushOff = 1;
ashleymills 0:714293de3836 3124
ashleymills 0:714293de3836 3125 return SSL_SUCCESS;
ashleymills 0:714293de3836 3126 }
ashleymills 0:714293de3836 3127
ashleymills 0:714293de3836 3128 #endif /* NO_SESSION_CACHE */
ashleymills 0:714293de3836 3129
ashleymills 0:714293de3836 3130
ashleymills 0:714293de3836 3131 #if !defined(NO_CERTS)
ashleymills 0:714293de3836 3132 #if defined(PERSIST_CERT_CACHE)
ashleymills 0:714293de3836 3133
ashleymills 0:714293de3836 3134
ashleymills 0:714293de3836 3135 #define CYASSL_CACHE_CERT_VERSION 1
ashleymills 0:714293de3836 3136
ashleymills 0:714293de3836 3137 typedef struct {
ashleymills 0:714293de3836 3138 int version; /* cache cert layout version id */
ashleymills 0:714293de3836 3139 int rows; /* hash table rows, CA_TABLE_SIZE */
ashleymills 0:714293de3836 3140 int columns[CA_TABLE_SIZE]; /* columns per row on list */
ashleymills 0:714293de3836 3141 int signerSz; /* sizeof Signer object */
ashleymills 0:714293de3836 3142 } CertCacheHeader;
ashleymills 0:714293de3836 3143
ashleymills 0:714293de3836 3144 /* current cert persistance layout is:
ashleymills 0:714293de3836 3145
ashleymills 0:714293de3836 3146 1) CertCacheHeader
ashleymills 0:714293de3836 3147 2) caTable
ashleymills 0:714293de3836 3148
ashleymills 0:714293de3836 3149 update CYASSL_CERT_CACHE_VERSION if change layout for the following
ashleymills 0:714293de3836 3150 PERSIST_CERT_CACHE functions
ashleymills 0:714293de3836 3151 */
ashleymills 0:714293de3836 3152
ashleymills 0:714293de3836 3153
ashleymills 0:714293de3836 3154 /* Return memory needed to persist this signer, have lock */
ashleymills 0:714293de3836 3155 static INLINE int GetSignerMemory(Signer* signer)
ashleymills 0:714293de3836 3156 {
ashleymills 0:714293de3836 3157 int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
ashleymills 0:714293de3836 3158 + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
ashleymills 0:714293de3836 3159
ashleymills 0:714293de3836 3160 #if !defined(NO_SKID)
ashleymills 0:714293de3836 3161 sz += sizeof(signer->subjectKeyIdHash);
ashleymills 0:714293de3836 3162 #endif
ashleymills 0:714293de3836 3163
ashleymills 0:714293de3836 3164 /* add dynamic bytes needed */
ashleymills 0:714293de3836 3165 sz += signer->pubKeySize;
ashleymills 0:714293de3836 3166 sz += signer->nameLen;
ashleymills 0:714293de3836 3167
ashleymills 0:714293de3836 3168 return sz;
ashleymills 0:714293de3836 3169 }
ashleymills 0:714293de3836 3170
ashleymills 0:714293de3836 3171
ashleymills 0:714293de3836 3172 /* Return memory needed to persist this row, have lock */
ashleymills 0:714293de3836 3173 static INLINE int GetCertCacheRowMemory(Signer* row)
ashleymills 0:714293de3836 3174 {
ashleymills 0:714293de3836 3175 int sz = 0;
ashleymills 0:714293de3836 3176
ashleymills 0:714293de3836 3177 while (row) {
ashleymills 0:714293de3836 3178 sz += GetSignerMemory(row);
ashleymills 0:714293de3836 3179 row = row->next;
ashleymills 0:714293de3836 3180 }
ashleymills 0:714293de3836 3181
ashleymills 0:714293de3836 3182 return sz;
ashleymills 0:714293de3836 3183 }
ashleymills 0:714293de3836 3184
ashleymills 0:714293de3836 3185
ashleymills 0:714293de3836 3186 /* get the size of persist cert cache, have lock */
ashleymills 0:714293de3836 3187 static INLINE int GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
ashleymills 0:714293de3836 3188 {
ashleymills 0:714293de3836 3189 int sz;
ashleymills 0:714293de3836 3190 int i;
ashleymills 0:714293de3836 3191
ashleymills 0:714293de3836 3192 sz = sizeof(CertCacheHeader);
ashleymills 0:714293de3836 3193
ashleymills 0:714293de3836 3194 for (i = 0; i < CA_TABLE_SIZE; i++)
ashleymills 0:714293de3836 3195 sz += GetCertCacheRowMemory(cm->caTable[i]);
ashleymills 0:714293de3836 3196
ashleymills 0:714293de3836 3197 return sz;
ashleymills 0:714293de3836 3198 }
ashleymills 0:714293de3836 3199
ashleymills 0:714293de3836 3200
ashleymills 0:714293de3836 3201 /* Store cert cache header columns with number of items per list, have lock */
ashleymills 0:714293de3836 3202 static INLINE void SetCertHeaderColumns(CYASSL_CERT_MANAGER* cm, int* columns)
ashleymills 0:714293de3836 3203 {
ashleymills 0:714293de3836 3204 int i;
ashleymills 0:714293de3836 3205 Signer* row;
ashleymills 0:714293de3836 3206
ashleymills 0:714293de3836 3207 for (i = 0; i < CA_TABLE_SIZE; i++) {
ashleymills 0:714293de3836 3208 int count = 0;
ashleymills 0:714293de3836 3209 row = cm->caTable[i];
ashleymills 0:714293de3836 3210
ashleymills 0:714293de3836 3211 while (row) {
ashleymills 0:714293de3836 3212 ++count;
ashleymills 0:714293de3836 3213 row = row->next;
ashleymills 0:714293de3836 3214 }
ashleymills 0:714293de3836 3215 columns[i] = count;
ashleymills 0:714293de3836 3216 }
ashleymills 0:714293de3836 3217 }
ashleymills 0:714293de3836 3218
ashleymills 0:714293de3836 3219
ashleymills 0:714293de3836 3220 /* Restore whole cert row from memory, have lock, return bytes consumed,
ashleymills 0:714293de3836 3221 < 0 on error, have lock */
ashleymills 0:714293de3836 3222 static INLINE int RestoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current,
ashleymills 0:714293de3836 3223 int row, int listSz, const byte* end)
ashleymills 0:714293de3836 3224 {
ashleymills 0:714293de3836 3225 int idx = 0;
ashleymills 0:714293de3836 3226
ashleymills 0:714293de3836 3227 if (listSz < 0) {
ashleymills 0:714293de3836 3228 CYASSL_MSG("Row header corrupted, negative value");
ashleymills 0:714293de3836 3229 return PARSE_ERROR;
ashleymills 0:714293de3836 3230 }
ashleymills 0:714293de3836 3231
ashleymills 0:714293de3836 3232 while (listSz) {
ashleymills 0:714293de3836 3233 Signer* signer;
ashleymills 0:714293de3836 3234 byte* start = current + idx; /* for end checks on this signer */
ashleymills 0:714293de3836 3235 int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
ashleymills 0:714293de3836 3236 sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
ashleymills 0:714293de3836 3237 #ifndef NO_SKID
ashleymills 0:714293de3836 3238 minSz += sizeof(signer->subjectKeyIdHash);
ashleymills 0:714293de3836 3239 #endif
ashleymills 0:714293de3836 3240
ashleymills 0:714293de3836 3241 if (start + minSz > end) {
ashleymills 0:714293de3836 3242 CYASSL_MSG("Would overread restore buffer");
ashleymills 0:714293de3836 3243 return BUFFER_E;
ashleymills 0:714293de3836 3244 }
ashleymills 0:714293de3836 3245 signer = MakeSigner(cm->heap);
ashleymills 0:714293de3836 3246 if (signer == NULL)
ashleymills 0:714293de3836 3247 return MEMORY_E;
ashleymills 0:714293de3836 3248
ashleymills 0:714293de3836 3249 /* pubKeySize */
ashleymills 0:714293de3836 3250 XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
ashleymills 0:714293de3836 3251 idx += sizeof(signer->pubKeySize);
ashleymills 0:714293de3836 3252
ashleymills 0:714293de3836 3253 /* keyOID */
ashleymills 0:714293de3836 3254 XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
ashleymills 0:714293de3836 3255 idx += sizeof(signer->keyOID);
ashleymills 0:714293de3836 3256
ashleymills 0:714293de3836 3257 /* pulicKey */
ashleymills 0:714293de3836 3258 if (start + minSz + signer->pubKeySize > end) {
ashleymills 0:714293de3836 3259 CYASSL_MSG("Would overread restore buffer");
ashleymills 0:714293de3836 3260 FreeSigner(signer, cm->heap);
ashleymills 0:714293de3836 3261 return BUFFER_E;
ashleymills 0:714293de3836 3262 }
ashleymills 0:714293de3836 3263 signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
ashleymills 0:714293de3836 3264 DYNAMIC_TYPE_KEY);
ashleymills 0:714293de3836 3265 if (signer->publicKey == NULL) {
ashleymills 0:714293de3836 3266 FreeSigner(signer, cm->heap);
ashleymills 0:714293de3836 3267 return MEMORY_E;
ashleymills 0:714293de3836 3268 }
ashleymills 0:714293de3836 3269
ashleymills 0:714293de3836 3270 XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize);
ashleymills 0:714293de3836 3271 idx += signer->pubKeySize;
ashleymills 0:714293de3836 3272
ashleymills 0:714293de3836 3273 /* nameLen */
ashleymills 0:714293de3836 3274 XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
ashleymills 0:714293de3836 3275 idx += sizeof(signer->nameLen);
ashleymills 0:714293de3836 3276
ashleymills 0:714293de3836 3277 /* name */
ashleymills 0:714293de3836 3278 if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
ashleymills 0:714293de3836 3279 CYASSL_MSG("Would overread restore buffer");
ashleymills 0:714293de3836 3280 FreeSigner(signer, cm->heap);
ashleymills 0:714293de3836 3281 return BUFFER_E;
ashleymills 0:714293de3836 3282 }
ashleymills 0:714293de3836 3283 signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
ashleymills 0:714293de3836 3284 DYNAMIC_TYPE_SUBJECT_CN);
ashleymills 0:714293de3836 3285 if (signer->name == NULL) {
ashleymills 0:714293de3836 3286 FreeSigner(signer, cm->heap);
ashleymills 0:714293de3836 3287 return MEMORY_E;
ashleymills 0:714293de3836 3288 }
ashleymills 0:714293de3836 3289
ashleymills 0:714293de3836 3290 XMEMCPY(signer->name, current + idx, signer->nameLen);
ashleymills 0:714293de3836 3291 idx += signer->nameLen;
ashleymills 0:714293de3836 3292
ashleymills 0:714293de3836 3293 /* subjectNameHash */
ashleymills 0:714293de3836 3294 XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
ashleymills 0:714293de3836 3295 idx += SIGNER_DIGEST_SIZE;
ashleymills 0:714293de3836 3296
ashleymills 0:714293de3836 3297 #ifndef NO_SKID
ashleymills 0:714293de3836 3298 /* subjectKeyIdHash */
ashleymills 0:714293de3836 3299 XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
ashleymills 0:714293de3836 3300 idx += SIGNER_DIGEST_SIZE;
ashleymills 0:714293de3836 3301 #endif
ashleymills 0:714293de3836 3302
ashleymills 0:714293de3836 3303 signer->next = cm->caTable[row];
ashleymills 0:714293de3836 3304 cm->caTable[row] = signer;
ashleymills 0:714293de3836 3305
ashleymills 0:714293de3836 3306 --listSz;
ashleymills 0:714293de3836 3307 }
ashleymills 0:714293de3836 3308
ashleymills 0:714293de3836 3309 return idx;
ashleymills 0:714293de3836 3310 }
ashleymills 0:714293de3836 3311
ashleymills 0:714293de3836 3312
ashleymills 0:714293de3836 3313 /* Store whole cert row into memory, have lock, return bytes added */
ashleymills 0:714293de3836 3314 static INLINE int StoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current, int row)
ashleymills 0:714293de3836 3315 {
ashleymills 0:714293de3836 3316 int added = 0;
ashleymills 0:714293de3836 3317 Signer* list = cm->caTable[row];
ashleymills 0:714293de3836 3318
ashleymills 0:714293de3836 3319 while (list) {
ashleymills 0:714293de3836 3320 XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
ashleymills 0:714293de3836 3321 added += sizeof(list->pubKeySize);
ashleymills 0:714293de3836 3322
ashleymills 0:714293de3836 3323 XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
ashleymills 0:714293de3836 3324 added += sizeof(list->keyOID);
ashleymills 0:714293de3836 3325
ashleymills 0:714293de3836 3326 XMEMCPY(current + added, list->publicKey, list->pubKeySize);
ashleymills 0:714293de3836 3327 added += list->pubKeySize;
ashleymills 0:714293de3836 3328
ashleymills 0:714293de3836 3329 XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
ashleymills 0:714293de3836 3330 added += sizeof(list->nameLen);
ashleymills 0:714293de3836 3331
ashleymills 0:714293de3836 3332 XMEMCPY(current + added, list->name, list->nameLen);
ashleymills 0:714293de3836 3333 added += list->nameLen;
ashleymills 0:714293de3836 3334
ashleymills 0:714293de3836 3335 XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
ashleymills 0:714293de3836 3336 added += SIGNER_DIGEST_SIZE;
ashleymills 0:714293de3836 3337
ashleymills 0:714293de3836 3338 #ifndef NO_SKID
ashleymills 0:714293de3836 3339 XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
ashleymills 0:714293de3836 3340 added += SIGNER_DIGEST_SIZE;
ashleymills 0:714293de3836 3341 #endif
ashleymills 0:714293de3836 3342
ashleymills 0:714293de3836 3343 list = list->next;
ashleymills 0:714293de3836 3344 }
ashleymills 0:714293de3836 3345
ashleymills 0:714293de3836 3346 return added;
ashleymills 0:714293de3836 3347 }
ashleymills 0:714293de3836 3348
ashleymills 0:714293de3836 3349
ashleymills 0:714293de3836 3350 /* Persist cert cache to memory, have lock */
ashleymills 0:714293de3836 3351 static INLINE int DoMemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz)
ashleymills 0:714293de3836 3352 {
ashleymills 0:714293de3836 3353 int realSz;
ashleymills 0:714293de3836 3354 int ret = SSL_SUCCESS;
ashleymills 0:714293de3836 3355 int i;
ashleymills 0:714293de3836 3356
ashleymills 0:714293de3836 3357 CYASSL_ENTER("DoMemSaveCertCache");
ashleymills 0:714293de3836 3358
ashleymills 0:714293de3836 3359 realSz = GetCertCacheMemSize(cm);
ashleymills 0:714293de3836 3360 if (realSz > sz) {
ashleymills 0:714293de3836 3361 CYASSL_MSG("Mem output buffer too small");
ashleymills 0:714293de3836 3362 ret = BUFFER_E;
ashleymills 0:714293de3836 3363 }
ashleymills 0:714293de3836 3364 else {
ashleymills 0:714293de3836 3365 byte* current;
ashleymills 0:714293de3836 3366 CertCacheHeader hdr;
ashleymills 0:714293de3836 3367
ashleymills 0:714293de3836 3368 hdr.version = CYASSL_CACHE_CERT_VERSION;
ashleymills 0:714293de3836 3369 hdr.rows = CA_TABLE_SIZE;
ashleymills 0:714293de3836 3370 SetCertHeaderColumns(cm, hdr.columns);
ashleymills 0:714293de3836 3371 hdr.signerSz = (int)sizeof(Signer);
ashleymills 0:714293de3836 3372
ashleymills 0:714293de3836 3373 XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
ashleymills 0:714293de3836 3374 current = (byte*)mem + sizeof(CertCacheHeader);
ashleymills 0:714293de3836 3375
ashleymills 0:714293de3836 3376 for (i = 0; i < CA_TABLE_SIZE; ++i)
ashleymills 0:714293de3836 3377 current += StoreCertRow(cm, current, i);
ashleymills 0:714293de3836 3378 }
ashleymills 0:714293de3836 3379
ashleymills 0:714293de3836 3380 return ret;
ashleymills 0:714293de3836 3381 }
ashleymills 0:714293de3836 3382
ashleymills 0:714293de3836 3383
ashleymills 0:714293de3836 3384 #if !defined(NO_FILESYSTEM)
ashleymills 0:714293de3836 3385
ashleymills 0:714293de3836 3386 /* Persist cert cache to file */
ashleymills 0:714293de3836 3387 int CM_SaveCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
ashleymills 0:714293de3836 3388 {
ashleymills 0:714293de3836 3389 XFILE file;
ashleymills 0:714293de3836 3390 int rc = SSL_SUCCESS;
ashleymills 0:714293de3836 3391 int memSz;
ashleymills 0:714293de3836 3392 byte* mem;
ashleymills 0:714293de3836 3393
ashleymills 0:714293de3836 3394 CYASSL_ENTER("CM_SaveCertCache");
ashleymills 0:714293de3836 3395
ashleymills 0:714293de3836 3396 file = XFOPEN(fname, "w+b");
ashleymills 0:714293de3836 3397 if (file == XBADFILE) {
ashleymills 0:714293de3836 3398 CYASSL_MSG("Couldn't open cert cache save file");
ashleymills 0:714293de3836 3399 return SSL_BAD_FILE;
ashleymills 0:714293de3836 3400 }
ashleymills 0:714293de3836 3401
ashleymills 0:714293de3836 3402 if (LockMutex(&cm->caLock) != 0) {
ashleymills 0:714293de3836 3403 CYASSL_MSG("LockMutex on caLock failed");
ashleymills 0:714293de3836 3404 XFCLOSE(file);
ashleymills 0:714293de3836 3405 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 3406 }
ashleymills 0:714293de3836 3407
ashleymills 0:714293de3836 3408 memSz = GetCertCacheMemSize(cm);
ashleymills 0:714293de3836 3409 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
ashleymills 0:714293de3836 3410 if (mem == NULL) {
ashleymills 0:714293de3836 3411 CYASSL_MSG("Alloc for tmp buffer failed");
ashleymills 0:714293de3836 3412 rc = MEMORY_E;
ashleymills 0:714293de3836 3413 } else {
ashleymills 0:714293de3836 3414 rc = DoMemSaveCertCache(cm, mem, memSz);
ashleymills 0:714293de3836 3415 if (rc == SSL_SUCCESS) {
ashleymills 0:714293de3836 3416 int ret = (int)XFWRITE(mem, memSz, 1, file);
ashleymills 0:714293de3836 3417 if (ret != 1) {
ashleymills 0:714293de3836 3418 CYASSL_MSG("Cert cache file write failed");
ashleymills 0:714293de3836 3419 rc = FWRITE_ERROR;
ashleymills 0:714293de3836 3420 }
ashleymills 0:714293de3836 3421 }
ashleymills 0:714293de3836 3422 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
ashleymills 0:714293de3836 3423 }
ashleymills 0:714293de3836 3424
ashleymills 0:714293de3836 3425 UnLockMutex(&cm->caLock);
ashleymills 0:714293de3836 3426 XFCLOSE(file);
ashleymills 0:714293de3836 3427
ashleymills 0:714293de3836 3428 return rc;
ashleymills 0:714293de3836 3429 }
ashleymills 0:714293de3836 3430
ashleymills 0:714293de3836 3431
ashleymills 0:714293de3836 3432 /* Restore cert cache from file */
ashleymills 0:714293de3836 3433 int CM_RestoreCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
ashleymills 0:714293de3836 3434 {
ashleymills 0:714293de3836 3435 XFILE file;
ashleymills 0:714293de3836 3436 int rc = SSL_SUCCESS;
ashleymills 0:714293de3836 3437 int ret;
ashleymills 0:714293de3836 3438 int memSz;
ashleymills 0:714293de3836 3439 byte* mem;
ashleymills 0:714293de3836 3440
ashleymills 0:714293de3836 3441 CYASSL_ENTER("CM_RestoreCertCache");
ashleymills 0:714293de3836 3442
ashleymills 0:714293de3836 3443 file = XFOPEN(fname, "rb");
ashleymills 0:714293de3836 3444 if (file == XBADFILE) {
ashleymills 0:714293de3836 3445 CYASSL_MSG("Couldn't open cert cache save file");
ashleymills 0:714293de3836 3446 return SSL_BAD_FILE;
ashleymills 0:714293de3836 3447 }
ashleymills 0:714293de3836 3448
ashleymills 0:714293de3836 3449 XFSEEK(file, 0, XSEEK_END);
ashleymills 0:714293de3836 3450 memSz = (int)XFTELL(file);
ashleymills 0:714293de3836 3451 XREWIND(file);
ashleymills 0:714293de3836 3452
ashleymills 0:714293de3836 3453 if (memSz <= 0) {
ashleymills 0:714293de3836 3454 CYASSL_MSG("Bad file size");
ashleymills 0:714293de3836 3455 XFCLOSE(file);
ashleymills 0:714293de3836 3456 return SSL_BAD_FILE;
ashleymills 0:714293de3836 3457 }
ashleymills 0:714293de3836 3458
ashleymills 0:714293de3836 3459 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
ashleymills 0:714293de3836 3460 if (mem == NULL) {
ashleymills 0:714293de3836 3461 CYASSL_MSG("Alloc for tmp buffer failed");
ashleymills 0:714293de3836 3462 XFCLOSE(file);
ashleymills 0:714293de3836 3463 return MEMORY_E;
ashleymills 0:714293de3836 3464 }
ashleymills 0:714293de3836 3465
ashleymills 0:714293de3836 3466 ret = (int)XFREAD(mem, memSz, 1, file);
ashleymills 0:714293de3836 3467 if (ret != 1) {
ashleymills 0:714293de3836 3468 CYASSL_MSG("Cert file read error");
ashleymills 0:714293de3836 3469 rc = FREAD_ERROR;
ashleymills 0:714293de3836 3470 } else {
ashleymills 0:714293de3836 3471 rc = CM_MemRestoreCertCache(cm, mem, memSz);
ashleymills 0:714293de3836 3472 if (rc != SSL_SUCCESS) {
ashleymills 0:714293de3836 3473 CYASSL_MSG("Mem restore cert cache failed");
ashleymills 0:714293de3836 3474 }
ashleymills 0:714293de3836 3475 }
ashleymills 0:714293de3836 3476
ashleymills 0:714293de3836 3477 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
ashleymills 0:714293de3836 3478 XFCLOSE(file);
ashleymills 0:714293de3836 3479
ashleymills 0:714293de3836 3480 return rc;
ashleymills 0:714293de3836 3481 }
ashleymills 0:714293de3836 3482
ashleymills 0:714293de3836 3483 #endif /* NO_FILESYSTEM */
ashleymills 0:714293de3836 3484
ashleymills 0:714293de3836 3485
ashleymills 0:714293de3836 3486 /* Persist cert cache to memory */
ashleymills 0:714293de3836 3487 int CM_MemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
ashleymills 0:714293de3836 3488 {
ashleymills 0:714293de3836 3489 int ret = SSL_SUCCESS;
ashleymills 0:714293de3836 3490
ashleymills 0:714293de3836 3491 CYASSL_ENTER("CM_MemSaveCertCache");
ashleymills 0:714293de3836 3492
ashleymills 0:714293de3836 3493 if (LockMutex(&cm->caLock) != 0) {
ashleymills 0:714293de3836 3494 CYASSL_MSG("LockMutex on caLock failed");
ashleymills 0:714293de3836 3495 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 3496 }
ashleymills 0:714293de3836 3497
ashleymills 0:714293de3836 3498 ret = DoMemSaveCertCache(cm, mem, sz);
ashleymills 0:714293de3836 3499 if (ret == SSL_SUCCESS)
ashleymills 0:714293de3836 3500 *used = GetCertCacheMemSize(cm);
ashleymills 0:714293de3836 3501
ashleymills 0:714293de3836 3502 UnLockMutex(&cm->caLock);
ashleymills 0:714293de3836 3503
ashleymills 0:714293de3836 3504 return ret;
ashleymills 0:714293de3836 3505 }
ashleymills 0:714293de3836 3506
ashleymills 0:714293de3836 3507
ashleymills 0:714293de3836 3508 /* Restore cert cache from memory */
ashleymills 0:714293de3836 3509 int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER* cm, const void* mem, int sz)
ashleymills 0:714293de3836 3510 {
ashleymills 0:714293de3836 3511 int ret = SSL_SUCCESS;
ashleymills 0:714293de3836 3512 int i;
ashleymills 0:714293de3836 3513 CertCacheHeader* hdr = (CertCacheHeader*)mem;
ashleymills 0:714293de3836 3514 byte* current = (byte*)mem + sizeof(CertCacheHeader);
ashleymills 0:714293de3836 3515 byte* end = (byte*)mem + sz; /* don't go over */
ashleymills 0:714293de3836 3516
ashleymills 0:714293de3836 3517 CYASSL_ENTER("CM_MemRestoreCertCache");
ashleymills 0:714293de3836 3518
ashleymills 0:714293de3836 3519 if (current > end) {
ashleymills 0:714293de3836 3520 CYASSL_MSG("Cert Cache Memory buffer too small");
ashleymills 0:714293de3836 3521 return BUFFER_E;
ashleymills 0:714293de3836 3522 }
ashleymills 0:714293de3836 3523
ashleymills 0:714293de3836 3524 if (hdr->version != CYASSL_CACHE_CERT_VERSION ||
ashleymills 0:714293de3836 3525 hdr->rows != CA_TABLE_SIZE ||
ashleymills 0:714293de3836 3526 hdr->signerSz != (int)sizeof(Signer)) {
ashleymills 0:714293de3836 3527
ashleymills 0:714293de3836 3528 CYASSL_MSG("Cert Cache Memory header mismatch");
ashleymills 0:714293de3836 3529 return CACHE_MATCH_ERROR;
ashleymills 0:714293de3836 3530 }
ashleymills 0:714293de3836 3531
ashleymills 0:714293de3836 3532 if (LockMutex(&cm->caLock) != 0) {
ashleymills 0:714293de3836 3533 CYASSL_MSG("LockMutex on caLock failed");
ashleymills 0:714293de3836 3534 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 3535 }
ashleymills 0:714293de3836 3536
ashleymills 0:714293de3836 3537 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
ashleymills 0:714293de3836 3538
ashleymills 0:714293de3836 3539 for (i = 0; i < CA_TABLE_SIZE; ++i) {
ashleymills 0:714293de3836 3540 int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
ashleymills 0:714293de3836 3541 if (added < 0) {
ashleymills 0:714293de3836 3542 CYASSL_MSG("RestoreCertRow error");
ashleymills 0:714293de3836 3543 ret = added;
ashleymills 0:714293de3836 3544 break;
ashleymills 0:714293de3836 3545 }
ashleymills 0:714293de3836 3546 current += added;
ashleymills 0:714293de3836 3547 }
ashleymills 0:714293de3836 3548
ashleymills 0:714293de3836 3549 UnLockMutex(&cm->caLock);
ashleymills 0:714293de3836 3550
ashleymills 0:714293de3836 3551 return ret;
ashleymills 0:714293de3836 3552 }
ashleymills 0:714293de3836 3553
ashleymills 0:714293de3836 3554
ashleymills 0:714293de3836 3555 /* get how big the the cert cache save buffer needs to be */
ashleymills 0:714293de3836 3556 int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
ashleymills 0:714293de3836 3557 {
ashleymills 0:714293de3836 3558 int sz;
ashleymills 0:714293de3836 3559
ashleymills 0:714293de3836 3560 CYASSL_ENTER("CM_GetCertCacheMemSize");
ashleymills 0:714293de3836 3561
ashleymills 0:714293de3836 3562 if (LockMutex(&cm->caLock) != 0) {
ashleymills 0:714293de3836 3563 CYASSL_MSG("LockMutex on caLock failed");
ashleymills 0:714293de3836 3564 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 3565 }
ashleymills 0:714293de3836 3566
ashleymills 0:714293de3836 3567 sz = GetCertCacheMemSize(cm);
ashleymills 0:714293de3836 3568
ashleymills 0:714293de3836 3569 UnLockMutex(&cm->caLock);
ashleymills 0:714293de3836 3570
ashleymills 0:714293de3836 3571 return sz;
ashleymills 0:714293de3836 3572 }
ashleymills 0:714293de3836 3573
ashleymills 0:714293de3836 3574 #endif /* PERSIST_CERT_CACHE */
ashleymills 0:714293de3836 3575 #endif /* NO_CERTS */
ashleymills 0:714293de3836 3576
ashleymills 0:714293de3836 3577
ashleymills 0:714293de3836 3578 int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
ashleymills 0:714293de3836 3579 {
ashleymills 0:714293de3836 3580 CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
ashleymills 0:714293de3836 3581 if (SetCipherList(&ctx->suites, list))
ashleymills 0:714293de3836 3582 return SSL_SUCCESS;
ashleymills 0:714293de3836 3583 else
ashleymills 0:714293de3836 3584 return SSL_FAILURE;
ashleymills 0:714293de3836 3585 }
ashleymills 0:714293de3836 3586
ashleymills 0:714293de3836 3587
ashleymills 0:714293de3836 3588 int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
ashleymills 0:714293de3836 3589 {
ashleymills 0:714293de3836 3590 CYASSL_ENTER("CyaSSL_set_cipher_list");
ashleymills 0:714293de3836 3591 if (SetCipherList(ssl->suites, list)) {
ashleymills 0:714293de3836 3592 byte haveRSA = 1;
ashleymills 0:714293de3836 3593 byte havePSK = 0;
ashleymills 0:714293de3836 3594
ashleymills 0:714293de3836 3595 #ifdef NO_RSA
ashleymills 0:714293de3836 3596 haveRSA = 0;
ashleymills 0:714293de3836 3597 #endif
ashleymills 0:714293de3836 3598 #ifndef NO_PSK
ashleymills 0:714293de3836 3599 havePSK = ssl->options.havePSK;
ashleymills 0:714293de3836 3600 #endif
ashleymills 0:714293de3836 3601
ashleymills 0:714293de3836 3602 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
ashleymills 0:714293de3836 3603 ssl->options.haveDH, ssl->options.haveNTRU,
ashleymills 0:714293de3836 3604 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ashleymills 0:714293de3836 3605 ssl->options.side);
ashleymills 0:714293de3836 3606
ashleymills 0:714293de3836 3607 return SSL_SUCCESS;
ashleymills 0:714293de3836 3608 }
ashleymills 0:714293de3836 3609 else
ashleymills 0:714293de3836 3610 return SSL_FAILURE;
ashleymills 0:714293de3836 3611 }
ashleymills 0:714293de3836 3612
ashleymills 0:714293de3836 3613
ashleymills 0:714293de3836 3614 #ifndef CYASSL_LEANPSK
ashleymills 0:714293de3836 3615 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3616
ashleymills 0:714293de3836 3617 int CyaSSL_dtls_get_current_timeout(CYASSL* ssl)
ashleymills 0:714293de3836 3618 {
ashleymills 0:714293de3836 3619 (void)ssl;
ashleymills 0:714293de3836 3620
ashleymills 0:714293de3836 3621 return ssl->dtls_timeout;
ashleymills 0:714293de3836 3622 }
ashleymills 0:714293de3836 3623
ashleymills 0:714293de3836 3624
ashleymills 0:714293de3836 3625 /* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 3626 int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int timeout)
ashleymills 0:714293de3836 3627 {
ashleymills 0:714293de3836 3628 if (ssl == NULL || timeout < 0)
ashleymills 0:714293de3836 3629 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 3630
ashleymills 0:714293de3836 3631 ssl->dtls_timeout_init = timeout;
ashleymills 0:714293de3836 3632
ashleymills 0:714293de3836 3633 return SSL_SUCCESS;
ashleymills 0:714293de3836 3634 }
ashleymills 0:714293de3836 3635
ashleymills 0:714293de3836 3636
ashleymills 0:714293de3836 3637 /* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 3638 int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int timeout)
ashleymills 0:714293de3836 3639 {
ashleymills 0:714293de3836 3640 if (ssl == NULL || timeout < 0)
ashleymills 0:714293de3836 3641 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 3642
ashleymills 0:714293de3836 3643 if (ssl->dtls_timeout_max < ssl->dtls_timeout_init) {
ashleymills 0:714293de3836 3644 CYASSL_MSG("Can't set dtls timeout max less than dtls timeout init");
ashleymills 0:714293de3836 3645 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 3646 }
ashleymills 0:714293de3836 3647
ashleymills 0:714293de3836 3648 ssl->dtls_timeout_max = timeout;
ashleymills 0:714293de3836 3649
ashleymills 0:714293de3836 3650 return SSL_SUCCESS;
ashleymills 0:714293de3836 3651 }
ashleymills 0:714293de3836 3652
ashleymills 0:714293de3836 3653
ashleymills 0:714293de3836 3654 int CyaSSL_dtls_got_timeout(CYASSL* ssl)
ashleymills 0:714293de3836 3655 {
ashleymills 0:714293de3836 3656 int result = SSL_SUCCESS;
ashleymills 0:714293de3836 3657
ashleymills 0:714293de3836 3658 DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
ashleymills 0:714293de3836 3659 ssl->dtls_msg_list = NULL;
ashleymills 0:714293de3836 3660 if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) {
ashleymills 0:714293de3836 3661 result = SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3662 }
ashleymills 0:714293de3836 3663 return result;
ashleymills 0:714293de3836 3664 }
ashleymills 0:714293de3836 3665
ashleymills 0:714293de3836 3666 #endif /* DTLS */
ashleymills 0:714293de3836 3667 #endif /* LEANPSK */
ashleymills 0:714293de3836 3668
ashleymills 0:714293de3836 3669
ashleymills 0:714293de3836 3670 /* client only parts */
ashleymills 0:714293de3836 3671 #ifndef NO_CYASSL_CLIENT
ashleymills 0:714293de3836 3672
ashleymills 0:714293de3836 3673 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 3674 CYASSL_METHOD* CyaSSLv3_client_method(void)
ashleymills 0:714293de3836 3675 {
ashleymills 0:714293de3836 3676 CYASSL_METHOD* method =
ashleymills 0:714293de3836 3677 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
ashleymills 0:714293de3836 3678 DYNAMIC_TYPE_METHOD);
ashleymills 0:714293de3836 3679 CYASSL_ENTER("SSLv3_client_method");
ashleymills 0:714293de3836 3680 if (method)
ashleymills 0:714293de3836 3681 InitSSL_Method(method, MakeSSLv3());
ashleymills 0:714293de3836 3682 return method;
ashleymills 0:714293de3836 3683 }
ashleymills 0:714293de3836 3684 #endif
ashleymills 0:714293de3836 3685
ashleymills 0:714293de3836 3686 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3687 CYASSL_METHOD* CyaDTLSv1_client_method(void)
ashleymills 0:714293de3836 3688 {
ashleymills 0:714293de3836 3689 CYASSL_METHOD* method =
ashleymills 0:714293de3836 3690 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
ashleymills 0:714293de3836 3691 DYNAMIC_TYPE_METHOD);
ashleymills 0:714293de3836 3692 CYASSL_ENTER("DTLSv1_client_method");
ashleymills 0:714293de3836 3693 if (method)
ashleymills 0:714293de3836 3694 InitSSL_Method(method, MakeDTLSv1());
ashleymills 0:714293de3836 3695 return method;
ashleymills 0:714293de3836 3696 }
ashleymills 0:714293de3836 3697
ashleymills 0:714293de3836 3698 CYASSL_METHOD* CyaDTLSv1_2_client_method(void)
ashleymills 0:714293de3836 3699 {
ashleymills 0:714293de3836 3700 CYASSL_METHOD* method =
ashleymills 0:714293de3836 3701 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
ashleymills 0:714293de3836 3702 DYNAMIC_TYPE_METHOD);
ashleymills 0:714293de3836 3703 CYASSL_ENTER("DTLSv1_2_client_method");
ashleymills 0:714293de3836 3704 if (method)
ashleymills 0:714293de3836 3705 InitSSL_Method(method, MakeDTLSv1_2());
ashleymills 0:714293de3836 3706 return method;
ashleymills 0:714293de3836 3707 }
ashleymills 0:714293de3836 3708 #endif
ashleymills 0:714293de3836 3709
ashleymills 0:714293de3836 3710
ashleymills 0:714293de3836 3711 /* please see note at top of README if you get an error from connect */
ashleymills 0:714293de3836 3712 int CyaSSL_connect(CYASSL* ssl)
ashleymills 0:714293de3836 3713 {
ashleymills 0:714293de3836 3714 int neededState;
ashleymills 0:714293de3836 3715
ashleymills 0:714293de3836 3716 CYASSL_ENTER("SSL_connect()");
ashleymills 0:714293de3836 3717
ashleymills 0:714293de3836 3718 #ifdef HAVE_ERRNO_H
ashleymills 0:714293de3836 3719 errno = 0;
ashleymills 0:714293de3836 3720 #endif
ashleymills 0:714293de3836 3721
ashleymills 0:714293de3836 3722 if (ssl->options.side != CLIENT_END) {
ashleymills 0:714293de3836 3723 CYASSL_ERROR(ssl->error = SIDE_ERROR);
ashleymills 0:714293de3836 3724 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3725 }
ashleymills 0:714293de3836 3726
ashleymills 0:714293de3836 3727 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3728 if (ssl->version.major == DTLS_MAJOR) {
ashleymills 0:714293de3836 3729 ssl->options.dtls = 1;
ashleymills 0:714293de3836 3730 ssl->options.tls = 1;
ashleymills 0:714293de3836 3731 ssl->options.tls1_1 = 1;
ashleymills 0:714293de3836 3732
ashleymills 0:714293de3836 3733 if (DtlsPoolInit(ssl) != 0) {
ashleymills 0:714293de3836 3734 ssl->error = MEMORY_ERROR;
ashleymills 0:714293de3836 3735 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3736 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3737 }
ashleymills 0:714293de3836 3738 }
ashleymills 0:714293de3836 3739 #endif
ashleymills 0:714293de3836 3740
ashleymills 0:714293de3836 3741 if (ssl->buffers.outputBuffer.length > 0) {
ashleymills 0:714293de3836 3742 if ( (ssl->error = SendBuffered(ssl)) == 0) {
ashleymills 0:714293de3836 3743 ssl->options.connectState++;
ashleymills 0:714293de3836 3744 CYASSL_MSG("connect state: Advanced from buffered send");
ashleymills 0:714293de3836 3745 }
ashleymills 0:714293de3836 3746 else {
ashleymills 0:714293de3836 3747 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3748 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3749 }
ashleymills 0:714293de3836 3750 }
ashleymills 0:714293de3836 3751
ashleymills 0:714293de3836 3752 switch (ssl->options.connectState) {
ashleymills 0:714293de3836 3753
ashleymills 0:714293de3836 3754 case CONNECT_BEGIN :
ashleymills 0:714293de3836 3755 /* always send client hello first */
ashleymills 0:714293de3836 3756 if ( (ssl->error = SendClientHello(ssl)) != 0) {
ashleymills 0:714293de3836 3757 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3758 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3759 }
ashleymills 0:714293de3836 3760 ssl->options.connectState = CLIENT_HELLO_SENT;
ashleymills 0:714293de3836 3761 CYASSL_MSG("connect state: CLIENT_HELLO_SENT");
ashleymills 0:714293de3836 3762
ashleymills 0:714293de3836 3763 case CLIENT_HELLO_SENT :
ashleymills 0:714293de3836 3764 neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
ashleymills 0:714293de3836 3765 SERVER_HELLODONE_COMPLETE;
ashleymills 0:714293de3836 3766 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3767 /* In DTLS, when resuming, we can go straight to FINISHED,
ashleymills 0:714293de3836 3768 * or do a cookie exchange and then skip to FINISHED, assume
ashleymills 0:714293de3836 3769 * we need the cookie exchange first. */
ashleymills 0:714293de3836 3770 if (ssl->options.dtls)
ashleymills 0:714293de3836 3771 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
ashleymills 0:714293de3836 3772 #endif
ashleymills 0:714293de3836 3773 /* get response */
ashleymills 0:714293de3836 3774 while (ssl->options.serverState < neededState) {
ashleymills 0:714293de3836 3775 if ( (ssl->error = ProcessReply(ssl)) < 0) {
ashleymills 0:714293de3836 3776 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3777 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3778 }
ashleymills 0:714293de3836 3779 /* if resumption failed, reset needed state */
ashleymills 0:714293de3836 3780 else if (neededState == SERVER_FINISHED_COMPLETE)
ashleymills 0:714293de3836 3781 if (!ssl->options.resuming) {
ashleymills 0:714293de3836 3782 if (!ssl->options.dtls)
ashleymills 0:714293de3836 3783 neededState = SERVER_HELLODONE_COMPLETE;
ashleymills 0:714293de3836 3784 else
ashleymills 0:714293de3836 3785 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
ashleymills 0:714293de3836 3786 }
ashleymills 0:714293de3836 3787 }
ashleymills 0:714293de3836 3788
ashleymills 0:714293de3836 3789 ssl->options.connectState = HELLO_AGAIN;
ashleymills 0:714293de3836 3790 CYASSL_MSG("connect state: HELLO_AGAIN");
ashleymills 0:714293de3836 3791
ashleymills 0:714293de3836 3792 case HELLO_AGAIN :
ashleymills 0:714293de3836 3793 if (ssl->options.certOnly)
ashleymills 0:714293de3836 3794 return SSL_SUCCESS;
ashleymills 0:714293de3836 3795
ashleymills 0:714293de3836 3796 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3797 if (ssl->options.dtls) {
ashleymills 0:714293de3836 3798 /* re-init hashes, exclude first hello and verify request */
ashleymills 0:714293de3836 3799 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 3800 InitMd5(&ssl->hashMd5);
ashleymills 0:714293de3836 3801 InitSha(&ssl->hashSha);
ashleymills 0:714293de3836 3802 #endif
ashleymills 0:714293de3836 3803 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 3804 #ifndef NO_SHA256
ashleymills 0:714293de3836 3805 InitSha256(&ssl->hashSha256);
ashleymills 0:714293de3836 3806 #endif
ashleymills 0:714293de3836 3807 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 3808 InitSha384(&ssl->hashSha384);
ashleymills 0:714293de3836 3809 #endif
ashleymills 0:714293de3836 3810 }
ashleymills 0:714293de3836 3811 if ( (ssl->error = SendClientHello(ssl)) != 0) {
ashleymills 0:714293de3836 3812 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3813 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3814 }
ashleymills 0:714293de3836 3815 }
ashleymills 0:714293de3836 3816 #endif
ashleymills 0:714293de3836 3817
ashleymills 0:714293de3836 3818 ssl->options.connectState = HELLO_AGAIN_REPLY;
ashleymills 0:714293de3836 3819 CYASSL_MSG("connect state: HELLO_AGAIN_REPLY");
ashleymills 0:714293de3836 3820
ashleymills 0:714293de3836 3821 case HELLO_AGAIN_REPLY :
ashleymills 0:714293de3836 3822 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3823 if (ssl->options.dtls) {
ashleymills 0:714293de3836 3824 neededState = ssl->options.resuming ?
ashleymills 0:714293de3836 3825 SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
ashleymills 0:714293de3836 3826
ashleymills 0:714293de3836 3827 /* get response */
ashleymills 0:714293de3836 3828 while (ssl->options.serverState < neededState) {
ashleymills 0:714293de3836 3829 if ( (ssl->error = ProcessReply(ssl)) < 0) {
ashleymills 0:714293de3836 3830 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3831 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3832 }
ashleymills 0:714293de3836 3833 /* if resumption failed, reset needed state */
ashleymills 0:714293de3836 3834 else if (neededState == SERVER_FINISHED_COMPLETE)
ashleymills 0:714293de3836 3835 if (!ssl->options.resuming)
ashleymills 0:714293de3836 3836 neededState = SERVER_HELLODONE_COMPLETE;
ashleymills 0:714293de3836 3837 }
ashleymills 0:714293de3836 3838 }
ashleymills 0:714293de3836 3839 #endif
ashleymills 0:714293de3836 3840
ashleymills 0:714293de3836 3841 ssl->options.connectState = FIRST_REPLY_DONE;
ashleymills 0:714293de3836 3842 CYASSL_MSG("connect state: FIRST_REPLY_DONE");
ashleymills 0:714293de3836 3843
ashleymills 0:714293de3836 3844 case FIRST_REPLY_DONE :
ashleymills 0:714293de3836 3845 #ifndef NO_CERTS
ashleymills 0:714293de3836 3846 if (ssl->options.sendVerify) {
ashleymills 0:714293de3836 3847 if ( (ssl->error = SendCertificate(ssl)) != 0) {
ashleymills 0:714293de3836 3848 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3849 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3850 }
ashleymills 0:714293de3836 3851 CYASSL_MSG("sent: certificate");
ashleymills 0:714293de3836 3852 }
ashleymills 0:714293de3836 3853
ashleymills 0:714293de3836 3854 #endif
ashleymills 0:714293de3836 3855 ssl->options.connectState = FIRST_REPLY_FIRST;
ashleymills 0:714293de3836 3856 CYASSL_MSG("connect state: FIRST_REPLY_FIRST");
ashleymills 0:714293de3836 3857
ashleymills 0:714293de3836 3858 case FIRST_REPLY_FIRST :
ashleymills 0:714293de3836 3859 if (!ssl->options.resuming) {
ashleymills 0:714293de3836 3860 if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
ashleymills 0:714293de3836 3861 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3862 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3863 }
ashleymills 0:714293de3836 3864 CYASSL_MSG("sent: client key exchange");
ashleymills 0:714293de3836 3865 }
ashleymills 0:714293de3836 3866
ashleymills 0:714293de3836 3867 ssl->options.connectState = FIRST_REPLY_SECOND;
ashleymills 0:714293de3836 3868 CYASSL_MSG("connect state: FIRST_REPLY_SECOND");
ashleymills 0:714293de3836 3869
ashleymills 0:714293de3836 3870 case FIRST_REPLY_SECOND :
ashleymills 0:714293de3836 3871 #ifndef NO_CERTS
ashleymills 0:714293de3836 3872 if (ssl->options.sendVerify) {
ashleymills 0:714293de3836 3873 if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
ashleymills 0:714293de3836 3874 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3875 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3876 }
ashleymills 0:714293de3836 3877 CYASSL_MSG("sent: certificate verify");
ashleymills 0:714293de3836 3878 }
ashleymills 0:714293de3836 3879 #endif
ashleymills 0:714293de3836 3880 ssl->options.connectState = FIRST_REPLY_THIRD;
ashleymills 0:714293de3836 3881 CYASSL_MSG("connect state: FIRST_REPLY_THIRD");
ashleymills 0:714293de3836 3882
ashleymills 0:714293de3836 3883 case FIRST_REPLY_THIRD :
ashleymills 0:714293de3836 3884 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
ashleymills 0:714293de3836 3885 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3886 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3887 }
ashleymills 0:714293de3836 3888 CYASSL_MSG("sent: change cipher spec");
ashleymills 0:714293de3836 3889 ssl->options.connectState = FIRST_REPLY_FOURTH;
ashleymills 0:714293de3836 3890 CYASSL_MSG("connect state: FIRST_REPLY_FOURTH");
ashleymills 0:714293de3836 3891
ashleymills 0:714293de3836 3892 case FIRST_REPLY_FOURTH :
ashleymills 0:714293de3836 3893 if ( (ssl->error = SendFinished(ssl)) != 0) {
ashleymills 0:714293de3836 3894 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3895 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3896 }
ashleymills 0:714293de3836 3897 CYASSL_MSG("sent: finished");
ashleymills 0:714293de3836 3898 ssl->options.connectState = FINISHED_DONE;
ashleymills 0:714293de3836 3899 CYASSL_MSG("connect state: FINISHED_DONE");
ashleymills 0:714293de3836 3900
ashleymills 0:714293de3836 3901 case FINISHED_DONE :
ashleymills 0:714293de3836 3902 /* get response */
ashleymills 0:714293de3836 3903 while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
ashleymills 0:714293de3836 3904 if ( (ssl->error = ProcessReply(ssl)) < 0) {
ashleymills 0:714293de3836 3905 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 3906 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3907 }
ashleymills 0:714293de3836 3908
ashleymills 0:714293de3836 3909 ssl->options.connectState = SECOND_REPLY_DONE;
ashleymills 0:714293de3836 3910 CYASSL_MSG("connect state: SECOND_REPLY_DONE");
ashleymills 0:714293de3836 3911
ashleymills 0:714293de3836 3912 case SECOND_REPLY_DONE:
ashleymills 0:714293de3836 3913 FreeHandshakeResources(ssl);
ashleymills 0:714293de3836 3914 CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS);
ashleymills 0:714293de3836 3915 return SSL_SUCCESS;
ashleymills 0:714293de3836 3916
ashleymills 0:714293de3836 3917 default:
ashleymills 0:714293de3836 3918 CYASSL_MSG("Unknown connect state ERROR");
ashleymills 0:714293de3836 3919 return SSL_FATAL_ERROR; /* unknown connect state */
ashleymills 0:714293de3836 3920 }
ashleymills 0:714293de3836 3921 }
ashleymills 0:714293de3836 3922
ashleymills 0:714293de3836 3923 #endif /* NO_CYASSL_CLIENT */
ashleymills 0:714293de3836 3924
ashleymills 0:714293de3836 3925
ashleymills 0:714293de3836 3926 /* server only parts */
ashleymills 0:714293de3836 3927 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 3928
ashleymills 0:714293de3836 3929 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 3930 CYASSL_METHOD* CyaSSLv3_server_method(void)
ashleymills 0:714293de3836 3931 {
ashleymills 0:714293de3836 3932 CYASSL_METHOD* method =
ashleymills 0:714293de3836 3933 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
ashleymills 0:714293de3836 3934 DYNAMIC_TYPE_METHOD);
ashleymills 0:714293de3836 3935 CYASSL_ENTER("SSLv3_server_method");
ashleymills 0:714293de3836 3936 if (method) {
ashleymills 0:714293de3836 3937 InitSSL_Method(method, MakeSSLv3());
ashleymills 0:714293de3836 3938 method->side = SERVER_END;
ashleymills 0:714293de3836 3939 }
ashleymills 0:714293de3836 3940 return method;
ashleymills 0:714293de3836 3941 }
ashleymills 0:714293de3836 3942 #endif
ashleymills 0:714293de3836 3943
ashleymills 0:714293de3836 3944
ashleymills 0:714293de3836 3945 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 3946 CYASSL_METHOD* CyaDTLSv1_server_method(void)
ashleymills 0:714293de3836 3947 {
ashleymills 0:714293de3836 3948 CYASSL_METHOD* method =
ashleymills 0:714293de3836 3949 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
ashleymills 0:714293de3836 3950 DYNAMIC_TYPE_METHOD);
ashleymills 0:714293de3836 3951 CYASSL_ENTER("DTLSv1_server_method");
ashleymills 0:714293de3836 3952 if (method) {
ashleymills 0:714293de3836 3953 InitSSL_Method(method, MakeDTLSv1());
ashleymills 0:714293de3836 3954 method->side = SERVER_END;
ashleymills 0:714293de3836 3955 }
ashleymills 0:714293de3836 3956 return method;
ashleymills 0:714293de3836 3957 }
ashleymills 0:714293de3836 3958
ashleymills 0:714293de3836 3959 CYASSL_METHOD* CyaDTLSv1_2_server_method(void)
ashleymills 0:714293de3836 3960 {
ashleymills 0:714293de3836 3961 CYASSL_METHOD* method =
ashleymills 0:714293de3836 3962 (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
ashleymills 0:714293de3836 3963 DYNAMIC_TYPE_METHOD);
ashleymills 0:714293de3836 3964 CYASSL_ENTER("DTLSv1_2_server_method");
ashleymills 0:714293de3836 3965 if (method) {
ashleymills 0:714293de3836 3966 InitSSL_Method(method, MakeDTLSv1_2());
ashleymills 0:714293de3836 3967 method->side = SERVER_END;
ashleymills 0:714293de3836 3968 }
ashleymills 0:714293de3836 3969 return method;
ashleymills 0:714293de3836 3970 }
ashleymills 0:714293de3836 3971 #endif
ashleymills 0:714293de3836 3972
ashleymills 0:714293de3836 3973
ashleymills 0:714293de3836 3974 int CyaSSL_accept(CYASSL* ssl)
ashleymills 0:714293de3836 3975 {
ashleymills 0:714293de3836 3976 byte havePSK = 0;
ashleymills 0:714293de3836 3977 CYASSL_ENTER("SSL_accept()");
ashleymills 0:714293de3836 3978
ashleymills 0:714293de3836 3979 #ifdef HAVE_ERRNO_H
ashleymills 0:714293de3836 3980 errno = 0;
ashleymills 0:714293de3836 3981 #endif
ashleymills 0:714293de3836 3982
ashleymills 0:714293de3836 3983 #ifndef NO_PSK
ashleymills 0:714293de3836 3984 havePSK = ssl->options.havePSK;
ashleymills 0:714293de3836 3985 #endif
ashleymills 0:714293de3836 3986 (void)havePSK;
ashleymills 0:714293de3836 3987
ashleymills 0:714293de3836 3988 if (ssl->options.side != SERVER_END) {
ashleymills 0:714293de3836 3989 CYASSL_ERROR(ssl->error = SIDE_ERROR);
ashleymills 0:714293de3836 3990 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 3991 }
ashleymills 0:714293de3836 3992
ashleymills 0:714293de3836 3993 #ifndef NO_CERTS
ashleymills 0:714293de3836 3994 /* in case used set_accept_state after init */
ashleymills 0:714293de3836 3995 if (!havePSK && (ssl->buffers.certificate.buffer == NULL ||
ashleymills 0:714293de3836 3996 ssl->buffers.key.buffer == NULL)) {
ashleymills 0:714293de3836 3997 CYASSL_MSG("accept error: don't have server cert and key");
ashleymills 0:714293de3836 3998 ssl->error = NO_PRIVATE_KEY;
ashleymills 0:714293de3836 3999 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4000 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4001 }
ashleymills 0:714293de3836 4002 #endif
ashleymills 0:714293de3836 4003
ashleymills 0:714293de3836 4004 #ifdef HAVE_ECC
ashleymills 0:714293de3836 4005 /* in case used set_accept_state after init */
ashleymills 0:714293de3836 4006 if (ssl->eccTempKeyPresent == 0) {
ashleymills 0:714293de3836 4007 if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
ashleymills 0:714293de3836 4008 ssl->eccTempKey) != 0) {
ashleymills 0:714293de3836 4009 ssl->error = ECC_MAKEKEY_ERROR;
ashleymills 0:714293de3836 4010 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4011 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4012 }
ashleymills 0:714293de3836 4013 ssl->eccTempKeyPresent = 1;
ashleymills 0:714293de3836 4014 }
ashleymills 0:714293de3836 4015 #endif
ashleymills 0:714293de3836 4016
ashleymills 0:714293de3836 4017 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4018 if (ssl->version.major == DTLS_MAJOR) {
ashleymills 0:714293de3836 4019 ssl->options.dtls = 1;
ashleymills 0:714293de3836 4020 ssl->options.tls = 1;
ashleymills 0:714293de3836 4021 ssl->options.tls1_1 = 1;
ashleymills 0:714293de3836 4022
ashleymills 0:714293de3836 4023 if (DtlsPoolInit(ssl) != 0) {
ashleymills 0:714293de3836 4024 ssl->error = MEMORY_ERROR;
ashleymills 0:714293de3836 4025 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4026 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4027 }
ashleymills 0:714293de3836 4028 }
ashleymills 0:714293de3836 4029 #endif
ashleymills 0:714293de3836 4030
ashleymills 0:714293de3836 4031 if (ssl->buffers.outputBuffer.length > 0) {
ashleymills 0:714293de3836 4032 if ( (ssl->error = SendBuffered(ssl)) == 0) {
ashleymills 0:714293de3836 4033 ssl->options.acceptState++;
ashleymills 0:714293de3836 4034 CYASSL_MSG("accept state: Advanced from buffered send");
ashleymills 0:714293de3836 4035 }
ashleymills 0:714293de3836 4036 else {
ashleymills 0:714293de3836 4037 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4038 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4039 }
ashleymills 0:714293de3836 4040 }
ashleymills 0:714293de3836 4041
ashleymills 0:714293de3836 4042 switch (ssl->options.acceptState) {
ashleymills 0:714293de3836 4043
ashleymills 0:714293de3836 4044 case ACCEPT_BEGIN :
ashleymills 0:714293de3836 4045 /* get response */
ashleymills 0:714293de3836 4046 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
ashleymills 0:714293de3836 4047 if ( (ssl->error = ProcessReply(ssl)) < 0) {
ashleymills 0:714293de3836 4048 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4049 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4050 }
ashleymills 0:714293de3836 4051 ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
ashleymills 0:714293de3836 4052 CYASSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
ashleymills 0:714293de3836 4053
ashleymills 0:714293de3836 4054 case ACCEPT_CLIENT_HELLO_DONE :
ashleymills 0:714293de3836 4055 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4056 if (ssl->options.dtls)
ashleymills 0:714293de3836 4057 if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
ashleymills 0:714293de3836 4058 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4059 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4060 }
ashleymills 0:714293de3836 4061 #endif
ashleymills 0:714293de3836 4062 ssl->options.acceptState = HELLO_VERIFY_SENT;
ashleymills 0:714293de3836 4063 CYASSL_MSG("accept state HELLO_VERIFY_SENT");
ashleymills 0:714293de3836 4064
ashleymills 0:714293de3836 4065 case HELLO_VERIFY_SENT:
ashleymills 0:714293de3836 4066 #ifdef CYASSL_DTLS
ashleymills 0:714293de3836 4067 if (ssl->options.dtls) {
ashleymills 0:714293de3836 4068 ssl->options.clientState = NULL_STATE; /* get again */
ashleymills 0:714293de3836 4069 /* re-init hashes, exclude first hello and verify request */
ashleymills 0:714293de3836 4070 #ifndef NO_OLD_TLS
ashleymills 0:714293de3836 4071 InitMd5(&ssl->hashMd5);
ashleymills 0:714293de3836 4072 InitSha(&ssl->hashSha);
ashleymills 0:714293de3836 4073 #endif
ashleymills 0:714293de3836 4074 if (IsAtLeastTLSv1_2(ssl)) {
ashleymills 0:714293de3836 4075 #ifndef NO_SHA256
ashleymills 0:714293de3836 4076 InitSha256(&ssl->hashSha256);
ashleymills 0:714293de3836 4077 #endif
ashleymills 0:714293de3836 4078 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 4079 InitSha384(&ssl->hashSha384);
ashleymills 0:714293de3836 4080 #endif
ashleymills 0:714293de3836 4081 }
ashleymills 0:714293de3836 4082
ashleymills 0:714293de3836 4083 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
ashleymills 0:714293de3836 4084 if ( (ssl->error = ProcessReply(ssl)) < 0) {
ashleymills 0:714293de3836 4085 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4086 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4087 }
ashleymills 0:714293de3836 4088 }
ashleymills 0:714293de3836 4089 #endif
ashleymills 0:714293de3836 4090 ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
ashleymills 0:714293de3836 4091 CYASSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
ashleymills 0:714293de3836 4092
ashleymills 0:714293de3836 4093 case ACCEPT_FIRST_REPLY_DONE :
ashleymills 0:714293de3836 4094 if ( (ssl->error = SendServerHello(ssl)) != 0) {
ashleymills 0:714293de3836 4095 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4096 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4097 }
ashleymills 0:714293de3836 4098 ssl->options.acceptState = SERVER_HELLO_SENT;
ashleymills 0:714293de3836 4099 CYASSL_MSG("accept state SERVER_HELLO_SENT");
ashleymills 0:714293de3836 4100
ashleymills 0:714293de3836 4101 case SERVER_HELLO_SENT :
ashleymills 0:714293de3836 4102 #ifndef NO_CERTS
ashleymills 0:714293de3836 4103 if (!ssl->options.resuming)
ashleymills 0:714293de3836 4104 if ( (ssl->error = SendCertificate(ssl)) != 0) {
ashleymills 0:714293de3836 4105 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4106 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4107 }
ashleymills 0:714293de3836 4108 #endif
ashleymills 0:714293de3836 4109 ssl->options.acceptState = CERT_SENT;
ashleymills 0:714293de3836 4110 CYASSL_MSG("accept state CERT_SENT");
ashleymills 0:714293de3836 4111
ashleymills 0:714293de3836 4112 case CERT_SENT :
ashleymills 0:714293de3836 4113 if (!ssl->options.resuming)
ashleymills 0:714293de3836 4114 if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
ashleymills 0:714293de3836 4115 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4116 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4117 }
ashleymills 0:714293de3836 4118 ssl->options.acceptState = KEY_EXCHANGE_SENT;
ashleymills 0:714293de3836 4119 CYASSL_MSG("accept state KEY_EXCHANGE_SENT");
ashleymills 0:714293de3836 4120
ashleymills 0:714293de3836 4121 case KEY_EXCHANGE_SENT :
ashleymills 0:714293de3836 4122 #ifndef NO_CERTS
ashleymills 0:714293de3836 4123 if (!ssl->options.resuming)
ashleymills 0:714293de3836 4124 if (ssl->options.verifyPeer)
ashleymills 0:714293de3836 4125 if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
ashleymills 0:714293de3836 4126 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4127 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4128 }
ashleymills 0:714293de3836 4129 #endif
ashleymills 0:714293de3836 4130 ssl->options.acceptState = CERT_REQ_SENT;
ashleymills 0:714293de3836 4131 CYASSL_MSG("accept state CERT_REQ_SENT");
ashleymills 0:714293de3836 4132
ashleymills 0:714293de3836 4133 case CERT_REQ_SENT :
ashleymills 0:714293de3836 4134 if (!ssl->options.resuming)
ashleymills 0:714293de3836 4135 if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
ashleymills 0:714293de3836 4136 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4137 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4138 }
ashleymills 0:714293de3836 4139 ssl->options.acceptState = SERVER_HELLO_DONE;
ashleymills 0:714293de3836 4140 CYASSL_MSG("accept state SERVER_HELLO_DONE");
ashleymills 0:714293de3836 4141
ashleymills 0:714293de3836 4142 case SERVER_HELLO_DONE :
ashleymills 0:714293de3836 4143 if (!ssl->options.resuming) {
ashleymills 0:714293de3836 4144 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
ashleymills 0:714293de3836 4145 if ( (ssl->error = ProcessReply(ssl)) < 0) {
ashleymills 0:714293de3836 4146 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4147 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4148 }
ashleymills 0:714293de3836 4149 }
ashleymills 0:714293de3836 4150 ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
ashleymills 0:714293de3836 4151 CYASSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
ashleymills 0:714293de3836 4152
ashleymills 0:714293de3836 4153 case ACCEPT_SECOND_REPLY_DONE :
ashleymills 0:714293de3836 4154 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
ashleymills 0:714293de3836 4155 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4156 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4157 }
ashleymills 0:714293de3836 4158 ssl->options.acceptState = CHANGE_CIPHER_SENT;
ashleymills 0:714293de3836 4159 CYASSL_MSG("accept state CHANGE_CIPHER_SENT");
ashleymills 0:714293de3836 4160
ashleymills 0:714293de3836 4161 case CHANGE_CIPHER_SENT :
ashleymills 0:714293de3836 4162 if ( (ssl->error = SendFinished(ssl)) != 0) {
ashleymills 0:714293de3836 4163 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4164 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4165 }
ashleymills 0:714293de3836 4166
ashleymills 0:714293de3836 4167 ssl->options.acceptState = ACCEPT_FINISHED_DONE;
ashleymills 0:714293de3836 4168 CYASSL_MSG("accept state ACCEPT_FINISHED_DONE");
ashleymills 0:714293de3836 4169
ashleymills 0:714293de3836 4170 case ACCEPT_FINISHED_DONE :
ashleymills 0:714293de3836 4171 if (ssl->options.resuming)
ashleymills 0:714293de3836 4172 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
ashleymills 0:714293de3836 4173 if ( (ssl->error = ProcessReply(ssl)) < 0) {
ashleymills 0:714293de3836 4174 CYASSL_ERROR(ssl->error);
ashleymills 0:714293de3836 4175 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4176 }
ashleymills 0:714293de3836 4177
ashleymills 0:714293de3836 4178 ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
ashleymills 0:714293de3836 4179 CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
ashleymills 0:714293de3836 4180
ashleymills 0:714293de3836 4181 case ACCEPT_THIRD_REPLY_DONE :
ashleymills 0:714293de3836 4182 FreeHandshakeResources(ssl);
ashleymills 0:714293de3836 4183 CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS);
ashleymills 0:714293de3836 4184 return SSL_SUCCESS;
ashleymills 0:714293de3836 4185
ashleymills 0:714293de3836 4186 default :
ashleymills 0:714293de3836 4187 CYASSL_MSG("Unknown accept state ERROR");
ashleymills 0:714293de3836 4188 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4189 }
ashleymills 0:714293de3836 4190 }
ashleymills 0:714293de3836 4191
ashleymills 0:714293de3836 4192 #endif /* NO_CYASSL_SERVER */
ashleymills 0:714293de3836 4193
ashleymills 0:714293de3836 4194
ashleymills 0:714293de3836 4195 int CyaSSL_Cleanup(void)
ashleymills 0:714293de3836 4196 {
ashleymills 0:714293de3836 4197 int ret = SSL_SUCCESS;
ashleymills 0:714293de3836 4198 int release = 0;
ashleymills 0:714293de3836 4199
ashleymills 0:714293de3836 4200 CYASSL_ENTER("CyaSSL_Cleanup");
ashleymills 0:714293de3836 4201
ashleymills 0:714293de3836 4202 if (initRefCount == 0)
ashleymills 0:714293de3836 4203 return ret; /* possibly no init yet, but not failure either way */
ashleymills 0:714293de3836 4204
ashleymills 0:714293de3836 4205 if (LockMutex(&count_mutex) != 0) {
ashleymills 0:714293de3836 4206 CYASSL_MSG("Bad Lock Mutex count");
ashleymills 0:714293de3836 4207 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 4208 }
ashleymills 0:714293de3836 4209
ashleymills 0:714293de3836 4210 release = initRefCount-- == 1;
ashleymills 0:714293de3836 4211 if (initRefCount < 0)
ashleymills 0:714293de3836 4212 initRefCount = 0;
ashleymills 0:714293de3836 4213
ashleymills 0:714293de3836 4214 UnLockMutex(&count_mutex);
ashleymills 0:714293de3836 4215
ashleymills 0:714293de3836 4216 if (!release)
ashleymills 0:714293de3836 4217 return ret;
ashleymills 0:714293de3836 4218
ashleymills 0:714293de3836 4219 #ifndef NO_SESSION_CACHE
ashleymills 0:714293de3836 4220 if (FreeMutex(&session_mutex) != 0)
ashleymills 0:714293de3836 4221 ret = BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 4222 #endif
ashleymills 0:714293de3836 4223 if (FreeMutex(&count_mutex) != 0)
ashleymills 0:714293de3836 4224 ret = BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 4225
ashleymills 0:714293de3836 4226 return ret;
ashleymills 0:714293de3836 4227 }
ashleymills 0:714293de3836 4228
ashleymills 0:714293de3836 4229
ashleymills 0:714293de3836 4230 #ifndef NO_SESSION_CACHE
ashleymills 0:714293de3836 4231
ashleymills 0:714293de3836 4232 #ifndef NO_MD5
ashleymills 0:714293de3836 4233
ashleymills 0:714293de3836 4234 /* some session IDs aren't random afterall, let's make them random */
ashleymills 0:714293de3836 4235
ashleymills 0:714293de3836 4236 static INLINE word32 HashSession(const byte* sessionID, word32 len)
ashleymills 0:714293de3836 4237 {
ashleymills 0:714293de3836 4238 byte digest[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 4239 Md5 md5;
ashleymills 0:714293de3836 4240
ashleymills 0:714293de3836 4241 InitMd5(&md5);
ashleymills 0:714293de3836 4242 Md5Update(&md5, sessionID, len);
ashleymills 0:714293de3836 4243 Md5Final(&md5, digest);
ashleymills 0:714293de3836 4244
ashleymills 0:714293de3836 4245 return MakeWordFromHash(digest);
ashleymills 0:714293de3836 4246 }
ashleymills 0:714293de3836 4247
ashleymills 0:714293de3836 4248 #elif !defined(NO_SHA)
ashleymills 0:714293de3836 4249
ashleymills 0:714293de3836 4250 static INLINE word32 HashSession(const byte* sessionID, word32 len)
ashleymills 0:714293de3836 4251 {
ashleymills 0:714293de3836 4252 byte digest[SHA_DIGEST_SIZE];
ashleymills 0:714293de3836 4253 Sha sha;
ashleymills 0:714293de3836 4254
ashleymills 0:714293de3836 4255 InitSha(&sha);
ashleymills 0:714293de3836 4256 ShaUpdate(&sha, sessionID, len);
ashleymills 0:714293de3836 4257 ShaFinal(&sha, digest);
ashleymills 0:714293de3836 4258
ashleymills 0:714293de3836 4259 return MakeWordFromHash(digest);
ashleymills 0:714293de3836 4260 }
ashleymills 0:714293de3836 4261
ashleymills 0:714293de3836 4262 #elif !defined(NO_SHA256)
ashleymills 0:714293de3836 4263
ashleymills 0:714293de3836 4264 static INLINE word32 HashSession(const byte* sessionID, word32 len)
ashleymills 0:714293de3836 4265 {
ashleymills 0:714293de3836 4266 byte digest[SHA256_DIGEST_SIZE];
ashleymills 0:714293de3836 4267 Sha256 sha256;
ashleymills 0:714293de3836 4268
ashleymills 0:714293de3836 4269 InitSha256(&sha256);
ashleymills 0:714293de3836 4270 Sha256Update(&sha256, sessionID, len);
ashleymills 0:714293de3836 4271 Sha256Final(&sha256, digest);
ashleymills 0:714293de3836 4272
ashleymills 0:714293de3836 4273 return MakeWordFromHash(digest);
ashleymills 0:714293de3836 4274 }
ashleymills 0:714293de3836 4275
ashleymills 0:714293de3836 4276 #else
ashleymills 0:714293de3836 4277
ashleymills 0:714293de3836 4278 #error "We need a digest to hash the session IDs"
ashleymills 0:714293de3836 4279
ashleymills 0:714293de3836 4280 #endif /* NO_MD5 */
ashleymills 0:714293de3836 4281
ashleymills 0:714293de3836 4282
ashleymills 0:714293de3836 4283 void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm)
ashleymills 0:714293de3836 4284 {
ashleymills 0:714293de3836 4285 /* static table now, no flusing needed */
ashleymills 0:714293de3836 4286 (void)ctx;
ashleymills 0:714293de3836 4287 (void)tm;
ashleymills 0:714293de3836 4288 }
ashleymills 0:714293de3836 4289
ashleymills 0:714293de3836 4290
ashleymills 0:714293de3836 4291 /* set ssl session timeout in seconds */
ashleymills 0:714293de3836 4292 int CyaSSL_set_timeout(CYASSL* ssl, unsigned int to)
ashleymills 0:714293de3836 4293 {
ashleymills 0:714293de3836 4294 if (ssl == NULL)
ashleymills 0:714293de3836 4295 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 4296
ashleymills 0:714293de3836 4297 ssl->timeout = to;
ashleymills 0:714293de3836 4298
ashleymills 0:714293de3836 4299 return SSL_SUCCESS;
ashleymills 0:714293de3836 4300 }
ashleymills 0:714293de3836 4301
ashleymills 0:714293de3836 4302
ashleymills 0:714293de3836 4303 /* set ctx session timeout in seconds */
ashleymills 0:714293de3836 4304 int CyaSSL_CTX_set_timeout(CYASSL_CTX* ctx, unsigned int to)
ashleymills 0:714293de3836 4305 {
ashleymills 0:714293de3836 4306 if (ctx == NULL)
ashleymills 0:714293de3836 4307 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 4308
ashleymills 0:714293de3836 4309 ctx->timeout = to;
ashleymills 0:714293de3836 4310
ashleymills 0:714293de3836 4311 return SSL_SUCCESS;
ashleymills 0:714293de3836 4312 }
ashleymills 0:714293de3836 4313
ashleymills 0:714293de3836 4314
ashleymills 0:714293de3836 4315 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 4316
ashleymills 0:714293de3836 4317 /* Get Session from Client cache based on id/len, return NULL on failure */
ashleymills 0:714293de3836 4318 CYASSL_SESSION* GetSessionClient(CYASSL* ssl, const byte* id, int len)
ashleymills 0:714293de3836 4319 {
ashleymills 0:714293de3836 4320 CYASSL_SESSION* ret = NULL;
ashleymills 0:714293de3836 4321 word32 row;
ashleymills 0:714293de3836 4322 int idx;
ashleymills 0:714293de3836 4323 int count;
ashleymills 0:714293de3836 4324
ashleymills 0:714293de3836 4325 CYASSL_ENTER("GetSessionClient");
ashleymills 0:714293de3836 4326
ashleymills 0:714293de3836 4327 if (ssl->options.side == SERVER_END)
ashleymills 0:714293de3836 4328 return NULL;
ashleymills 0:714293de3836 4329
ashleymills 0:714293de3836 4330 len = min(SERVER_ID_LEN, (word32)len);
ashleymills 0:714293de3836 4331 row = HashSession(id, len) % SESSION_ROWS;
ashleymills 0:714293de3836 4332
ashleymills 0:714293de3836 4333 if (LockMutex(&session_mutex) != 0) {
ashleymills 0:714293de3836 4334 CYASSL_MSG("Lock session mutex failed");
ashleymills 0:714293de3836 4335 return NULL;
ashleymills 0:714293de3836 4336 }
ashleymills 0:714293de3836 4337
ashleymills 0:714293de3836 4338 /* start from most recently used */
ashleymills 0:714293de3836 4339 count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
ashleymills 0:714293de3836 4340 idx = ClientCache[row].nextIdx - 1;
ashleymills 0:714293de3836 4341 if (idx < 0)
ashleymills 0:714293de3836 4342 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
ashleymills 0:714293de3836 4343
ashleymills 0:714293de3836 4344 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
ashleymills 0:714293de3836 4345 CYASSL_SESSION* current;
ashleymills 0:714293de3836 4346 ClientSession clSess;
ashleymills 0:714293de3836 4347
ashleymills 0:714293de3836 4348 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
ashleymills 0:714293de3836 4349 CYASSL_MSG("Bad idx");
ashleymills 0:714293de3836 4350 break;
ashleymills 0:714293de3836 4351 }
ashleymills 0:714293de3836 4352
ashleymills 0:714293de3836 4353 clSess = ClientCache[row].Clients[idx];
ashleymills 0:714293de3836 4354
ashleymills 0:714293de3836 4355 current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
ashleymills 0:714293de3836 4356 if (XMEMCMP(current->serverID, id, len) == 0) {
ashleymills 0:714293de3836 4357 CYASSL_MSG("Found a serverid match for client");
ashleymills 0:714293de3836 4358 if (LowResTimer() < (current->bornOn + current->timeout)) {
ashleymills 0:714293de3836 4359 CYASSL_MSG("Session valid");
ashleymills 0:714293de3836 4360 ret = current;
ashleymills 0:714293de3836 4361 break;
ashleymills 0:714293de3836 4362 } else {
ashleymills 0:714293de3836 4363 CYASSL_MSG("Session timed out"); /* could have more for id */
ashleymills 0:714293de3836 4364 }
ashleymills 0:714293de3836 4365 } else {
ashleymills 0:714293de3836 4366 CYASSL_MSG("ServerID not a match from client table");
ashleymills 0:714293de3836 4367 }
ashleymills 0:714293de3836 4368 }
ashleymills 0:714293de3836 4369
ashleymills 0:714293de3836 4370 UnLockMutex(&session_mutex);
ashleymills 0:714293de3836 4371
ashleymills 0:714293de3836 4372 return ret;
ashleymills 0:714293de3836 4373 }
ashleymills 0:714293de3836 4374
ashleymills 0:714293de3836 4375 #endif /* NO_CLIENT_CACHE */
ashleymills 0:714293de3836 4376
ashleymills 0:714293de3836 4377
ashleymills 0:714293de3836 4378 CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
ashleymills 0:714293de3836 4379 {
ashleymills 0:714293de3836 4380 CYASSL_SESSION* ret = 0;
ashleymills 0:714293de3836 4381 const byte* id = NULL;
ashleymills 0:714293de3836 4382 word32 row;
ashleymills 0:714293de3836 4383 int idx;
ashleymills 0:714293de3836 4384 int count;
ashleymills 0:714293de3836 4385
ashleymills 0:714293de3836 4386 if (ssl->options.sessionCacheOff)
ashleymills 0:714293de3836 4387 return NULL;
ashleymills 0:714293de3836 4388
ashleymills 0:714293de3836 4389 if (ssl->options.haveSessionId == 0)
ashleymills 0:714293de3836 4390 return NULL;
ashleymills 0:714293de3836 4391
ashleymills 0:714293de3836 4392 if (ssl->arrays)
ashleymills 0:714293de3836 4393 id = ssl->arrays->sessionID;
ashleymills 0:714293de3836 4394 else
ashleymills 0:714293de3836 4395 id = ssl->session.sessionID;
ashleymills 0:714293de3836 4396
ashleymills 0:714293de3836 4397 row = HashSession(id, ID_LEN) % SESSION_ROWS;
ashleymills 0:714293de3836 4398
ashleymills 0:714293de3836 4399 if (LockMutex(&session_mutex) != 0)
ashleymills 0:714293de3836 4400 return 0;
ashleymills 0:714293de3836 4401
ashleymills 0:714293de3836 4402 /* start from most recently used */
ashleymills 0:714293de3836 4403 count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
ashleymills 0:714293de3836 4404 idx = SessionCache[row].nextIdx - 1;
ashleymills 0:714293de3836 4405 if (idx < 0)
ashleymills 0:714293de3836 4406 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
ashleymills 0:714293de3836 4407
ashleymills 0:714293de3836 4408 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
ashleymills 0:714293de3836 4409 CYASSL_SESSION* current;
ashleymills 0:714293de3836 4410
ashleymills 0:714293de3836 4411 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
ashleymills 0:714293de3836 4412 CYASSL_MSG("Bad idx");
ashleymills 0:714293de3836 4413 break;
ashleymills 0:714293de3836 4414 }
ashleymills 0:714293de3836 4415
ashleymills 0:714293de3836 4416 current = &SessionCache[row].Sessions[idx];
ashleymills 0:714293de3836 4417 if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
ashleymills 0:714293de3836 4418 CYASSL_MSG("Found a session match");
ashleymills 0:714293de3836 4419 if (LowResTimer() < (current->bornOn + current->timeout)) {
ashleymills 0:714293de3836 4420 CYASSL_MSG("Session valid");
ashleymills 0:714293de3836 4421 ret = current;
ashleymills 0:714293de3836 4422 if (masterSecret)
ashleymills 0:714293de3836 4423 XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 4424 } else {
ashleymills 0:714293de3836 4425 CYASSL_MSG("Session timed out");
ashleymills 0:714293de3836 4426 }
ashleymills 0:714293de3836 4427 break; /* no more sessionIDs whether valid or not that match */
ashleymills 0:714293de3836 4428 } else {
ashleymills 0:714293de3836 4429 CYASSL_MSG("SessionID not a match at this idx");
ashleymills 0:714293de3836 4430 }
ashleymills 0:714293de3836 4431 }
ashleymills 0:714293de3836 4432
ashleymills 0:714293de3836 4433 UnLockMutex(&session_mutex);
ashleymills 0:714293de3836 4434
ashleymills 0:714293de3836 4435 return ret;
ashleymills 0:714293de3836 4436 }
ashleymills 0:714293de3836 4437
ashleymills 0:714293de3836 4438
ashleymills 0:714293de3836 4439 int SetSession(CYASSL* ssl, CYASSL_SESSION* session)
ashleymills 0:714293de3836 4440 {
ashleymills 0:714293de3836 4441 if (ssl->options.sessionCacheOff)
ashleymills 0:714293de3836 4442 return SSL_FAILURE;
ashleymills 0:714293de3836 4443
ashleymills 0:714293de3836 4444 if (LowResTimer() < (session->bornOn + session->timeout)) {
ashleymills 0:714293de3836 4445 ssl->session = *session;
ashleymills 0:714293de3836 4446 ssl->options.resuming = 1;
ashleymills 0:714293de3836 4447
ashleymills 0:714293de3836 4448 #ifdef SESSION_CERTS
ashleymills 0:714293de3836 4449 ssl->version = session->version;
ashleymills 0:714293de3836 4450 ssl->options.cipherSuite0 = session->cipherSuite0;
ashleymills 0:714293de3836 4451 ssl->options.cipherSuite = session->cipherSuite;
ashleymills 0:714293de3836 4452 #endif
ashleymills 0:714293de3836 4453
ashleymills 0:714293de3836 4454 return SSL_SUCCESS;
ashleymills 0:714293de3836 4455 }
ashleymills 0:714293de3836 4456 return SSL_FAILURE; /* session timed out */
ashleymills 0:714293de3836 4457 }
ashleymills 0:714293de3836 4458
ashleymills 0:714293de3836 4459
ashleymills 0:714293de3836 4460 int AddSession(CYASSL* ssl)
ashleymills 0:714293de3836 4461 {
ashleymills 0:714293de3836 4462 word32 row, idx;
ashleymills 0:714293de3836 4463
ashleymills 0:714293de3836 4464 if (ssl->options.sessionCacheOff)
ashleymills 0:714293de3836 4465 return 0;
ashleymills 0:714293de3836 4466
ashleymills 0:714293de3836 4467 if (ssl->options.haveSessionId == 0)
ashleymills 0:714293de3836 4468 return 0;
ashleymills 0:714293de3836 4469
ashleymills 0:714293de3836 4470 row = HashSession(ssl->arrays->sessionID, ID_LEN) % SESSION_ROWS;
ashleymills 0:714293de3836 4471
ashleymills 0:714293de3836 4472 if (LockMutex(&session_mutex) != 0)
ashleymills 0:714293de3836 4473 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 4474
ashleymills 0:714293de3836 4475 idx = SessionCache[row].nextIdx++;
ashleymills 0:714293de3836 4476
ashleymills 0:714293de3836 4477 XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
ashleymills 0:714293de3836 4478 ssl->arrays->masterSecret, SECRET_LEN);
ashleymills 0:714293de3836 4479 XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
ashleymills 0:714293de3836 4480 ID_LEN);
ashleymills 0:714293de3836 4481
ashleymills 0:714293de3836 4482 SessionCache[row].Sessions[idx].timeout = ssl->timeout;
ashleymills 0:714293de3836 4483 SessionCache[row].Sessions[idx].bornOn = LowResTimer();
ashleymills 0:714293de3836 4484
ashleymills 0:714293de3836 4485 #ifdef SESSION_CERTS
ashleymills 0:714293de3836 4486 SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
ashleymills 0:714293de3836 4487 XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
ashleymills 0:714293de3836 4488 ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
ashleymills 0:714293de3836 4489
ashleymills 0:714293de3836 4490 SessionCache[row].Sessions[idx].version = ssl->version;
ashleymills 0:714293de3836 4491 SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
ashleymills 0:714293de3836 4492 SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
ashleymills 0:714293de3836 4493 #endif /* SESSION_CERTS */
ashleymills 0:714293de3836 4494
ashleymills 0:714293de3836 4495 SessionCache[row].totalCount++;
ashleymills 0:714293de3836 4496 if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
ashleymills 0:714293de3836 4497 SessionCache[row].nextIdx = 0;
ashleymills 0:714293de3836 4498
ashleymills 0:714293de3836 4499 #ifndef NO_CLIENT_CACHE
ashleymills 0:714293de3836 4500 if (ssl->options.side == CLIENT_END && ssl->session.idLen) {
ashleymills 0:714293de3836 4501 word32 clientRow, clientIdx;
ashleymills 0:714293de3836 4502
ashleymills 0:714293de3836 4503 CYASSL_MSG("Adding client cache entry");
ashleymills 0:714293de3836 4504
ashleymills 0:714293de3836 4505 SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
ashleymills 0:714293de3836 4506 XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID,
ashleymills 0:714293de3836 4507 ssl->session.idLen);
ashleymills 0:714293de3836 4508
ashleymills 0:714293de3836 4509 clientRow = HashSession(ssl->session.serverID, ssl->session.idLen)
ashleymills 0:714293de3836 4510 % SESSION_ROWS;
ashleymills 0:714293de3836 4511 clientIdx = ClientCache[clientRow].nextIdx++;
ashleymills 0:714293de3836 4512
ashleymills 0:714293de3836 4513 ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row;
ashleymills 0:714293de3836 4514 ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx;
ashleymills 0:714293de3836 4515
ashleymills 0:714293de3836 4516 ClientCache[clientRow].totalCount++;
ashleymills 0:714293de3836 4517 if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
ashleymills 0:714293de3836 4518 ClientCache[clientRow].nextIdx = 0;
ashleymills 0:714293de3836 4519 }
ashleymills 0:714293de3836 4520 else
ashleymills 0:714293de3836 4521 SessionCache[row].Sessions[idx].idLen = 0;
ashleymills 0:714293de3836 4522 #endif /* NO_CLIENT_CACHE */
ashleymills 0:714293de3836 4523
ashleymills 0:714293de3836 4524 if (UnLockMutex(&session_mutex) != 0)
ashleymills 0:714293de3836 4525 return BAD_MUTEX_ERROR;
ashleymills 0:714293de3836 4526
ashleymills 0:714293de3836 4527 return 0;
ashleymills 0:714293de3836 4528 }
ashleymills 0:714293de3836 4529
ashleymills 0:714293de3836 4530
ashleymills 0:714293de3836 4531 #ifdef SESSION_STATS
ashleymills 0:714293de3836 4532
ashleymills 0:714293de3836 4533 CYASSL_API
ashleymills 0:714293de3836 4534 void PrintSessionStats(void)
ashleymills 0:714293de3836 4535 {
ashleymills 0:714293de3836 4536 word32 totalSessionsSeen = 0;
ashleymills 0:714293de3836 4537 word32 totalSessionsNow = 0;
ashleymills 0:714293de3836 4538 word32 rowNow;
ashleymills 0:714293de3836 4539 int i;
ashleymills 0:714293de3836 4540 double E; /* expected freq */
ashleymills 0:714293de3836 4541 double chiSquare = 0;
ashleymills 0:714293de3836 4542
ashleymills 0:714293de3836 4543 for (i = 0; i < SESSION_ROWS; i++) {
ashleymills 0:714293de3836 4544 totalSessionsSeen += SessionCache[i].totalCount;
ashleymills 0:714293de3836 4545
ashleymills 0:714293de3836 4546 if (SessionCache[i].totalCount >= SESSIONS_PER_ROW)
ashleymills 0:714293de3836 4547 rowNow = SESSIONS_PER_ROW;
ashleymills 0:714293de3836 4548 else if (SessionCache[i].nextIdx == 0)
ashleymills 0:714293de3836 4549 rowNow = 0;
ashleymills 0:714293de3836 4550 else
ashleymills 0:714293de3836 4551 rowNow = SessionCache[i].nextIdx;
ashleymills 0:714293de3836 4552
ashleymills 0:714293de3836 4553 totalSessionsNow += rowNow;
ashleymills 0:714293de3836 4554 }
ashleymills 0:714293de3836 4555
ashleymills 0:714293de3836 4556 printf("Total Sessions Seen = %d\n", totalSessionsSeen);
ashleymills 0:714293de3836 4557 printf("Total Sessions Now = %d\n", totalSessionsNow);
ashleymills 0:714293de3836 4558
ashleymills 0:714293de3836 4559 E = (double)totalSessionsSeen / SESSION_ROWS;
ashleymills 0:714293de3836 4560
ashleymills 0:714293de3836 4561 for (i = 0; i < SESSION_ROWS; i++) {
ashleymills 0:714293de3836 4562 double diff = SessionCache[i].totalCount - E;
ashleymills 0:714293de3836 4563 diff *= diff; /* square */
ashleymills 0:714293de3836 4564 diff /= E; /* normalize */
ashleymills 0:714293de3836 4565
ashleymills 0:714293de3836 4566 chiSquare += diff;
ashleymills 0:714293de3836 4567 }
ashleymills 0:714293de3836 4568 printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
ashleymills 0:714293de3836 4569 SESSION_ROWS - 1);
ashleymills 0:714293de3836 4570 if (SESSION_ROWS == 11)
ashleymills 0:714293de3836 4571 printf(" .05 p value = 18.3, chi-square should be less\n");
ashleymills 0:714293de3836 4572 else if (SESSION_ROWS == 211)
ashleymills 0:714293de3836 4573 printf(".05 p value = 244.8, chi-square should be less\n");
ashleymills 0:714293de3836 4574 else if (SESSION_ROWS == 5981)
ashleymills 0:714293de3836 4575 printf(".05 p value = 6161.0, chi-square should be less\n");
ashleymills 0:714293de3836 4576 else if (SESSION_ROWS == 3)
ashleymills 0:714293de3836 4577 printf(".05 p value = 6.0, chi-square should be less\n");
ashleymills 0:714293de3836 4578 else if (SESSION_ROWS == 2861)
ashleymills 0:714293de3836 4579 printf(".05 p value = 2985.5, chi-square should be less\n");
ashleymills 0:714293de3836 4580 printf("\n");
ashleymills 0:714293de3836 4581 }
ashleymills 0:714293de3836 4582
ashleymills 0:714293de3836 4583 #endif /* SESSION_STATS */
ashleymills 0:714293de3836 4584
ashleymills 0:714293de3836 4585 #else /* NO_SESSION_CACHE */
ashleymills 0:714293de3836 4586
ashleymills 0:714293de3836 4587 /* No session cache version */
ashleymills 0:714293de3836 4588 CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
ashleymills 0:714293de3836 4589 {
ashleymills 0:714293de3836 4590 (void)ssl;
ashleymills 0:714293de3836 4591 (void)masterSecret;
ashleymills 0:714293de3836 4592
ashleymills 0:714293de3836 4593 return NULL;
ashleymills 0:714293de3836 4594 }
ashleymills 0:714293de3836 4595
ashleymills 0:714293de3836 4596 #endif /* NO_SESSION_CACHE */
ashleymills 0:714293de3836 4597
ashleymills 0:714293de3836 4598
ashleymills 0:714293de3836 4599 /* call before SSL_connect, if verifying will add name check to
ashleymills 0:714293de3836 4600 date check and signature check */
ashleymills 0:714293de3836 4601 int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn)
ashleymills 0:714293de3836 4602 {
ashleymills 0:714293de3836 4603 CYASSL_ENTER("CyaSSL_check_domain_name");
ashleymills 0:714293de3836 4604 if (ssl->buffers.domainName.buffer)
ashleymills 0:714293de3836 4605 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
ashleymills 0:714293de3836 4606
ashleymills 0:714293de3836 4607 ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;
ashleymills 0:714293de3836 4608 ssl->buffers.domainName.buffer = (byte*) XMALLOC(
ashleymills 0:714293de3836 4609 ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);
ashleymills 0:714293de3836 4610
ashleymills 0:714293de3836 4611 if (ssl->buffers.domainName.buffer) {
ashleymills 0:714293de3836 4612 XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn,
ashleymills 0:714293de3836 4613 ssl->buffers.domainName.length);
ashleymills 0:714293de3836 4614 return SSL_SUCCESS;
ashleymills 0:714293de3836 4615 }
ashleymills 0:714293de3836 4616 else {
ashleymills 0:714293de3836 4617 ssl->error = MEMORY_ERROR;
ashleymills 0:714293de3836 4618 return SSL_FAILURE;
ashleymills 0:714293de3836 4619 }
ashleymills 0:714293de3836 4620 }
ashleymills 0:714293de3836 4621
ashleymills 0:714293de3836 4622
ashleymills 0:714293de3836 4623 /* turn on CyaSSL zlib compression
ashleymills 0:714293de3836 4624 returns SSL_SUCCESS for success, else error (not built in)
ashleymills 0:714293de3836 4625 */
ashleymills 0:714293de3836 4626 int CyaSSL_set_compression(CYASSL* ssl)
ashleymills 0:714293de3836 4627 {
ashleymills 0:714293de3836 4628 CYASSL_ENTER("CyaSSL_set_compression");
ashleymills 0:714293de3836 4629 (void)ssl;
ashleymills 0:714293de3836 4630 #ifdef HAVE_LIBZ
ashleymills 0:714293de3836 4631 ssl->options.usingCompression = 1;
ashleymills 0:714293de3836 4632 return SSL_SUCCESS;
ashleymills 0:714293de3836 4633 #else
ashleymills 0:714293de3836 4634 return NOT_COMPILED_IN;
ashleymills 0:714293de3836 4635 #endif
ashleymills 0:714293de3836 4636 }
ashleymills 0:714293de3836 4637
ashleymills 0:714293de3836 4638
ashleymills 0:714293de3836 4639 #ifndef USE_WINDOWS_API
ashleymills 0:714293de3836 4640 #ifndef NO_WRITEV
ashleymills 0:714293de3836 4641
ashleymills 0:714293de3836 4642 /* simulate writev semantics, doesn't actually do block at a time though
ashleymills 0:714293de3836 4643 because of SSL_write behavior and because front adds may be small */
ashleymills 0:714293de3836 4644 int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, int iovcnt)
ashleymills 0:714293de3836 4645 {
ashleymills 0:714293de3836 4646 byte tmp[FILE_BUFFER_SIZE];
ashleymills 0:714293de3836 4647 byte* myBuffer = tmp;
ashleymills 0:714293de3836 4648 int sending = 0;
ashleymills 0:714293de3836 4649 int newBuffer = 0;
ashleymills 0:714293de3836 4650 int idx = 0;
ashleymills 0:714293de3836 4651 int i;
ashleymills 0:714293de3836 4652 int ret;
ashleymills 0:714293de3836 4653
ashleymills 0:714293de3836 4654 CYASSL_ENTER("CyaSSL_writev");
ashleymills 0:714293de3836 4655
ashleymills 0:714293de3836 4656 for (i = 0; i < iovcnt; i++)
ashleymills 0:714293de3836 4657 sending += (int)iov[i].iov_len;
ashleymills 0:714293de3836 4658
ashleymills 0:714293de3836 4659 if (sending > (int)sizeof(tmp)) {
ashleymills 0:714293de3836 4660 byte* tmp2 = (byte*) XMALLOC(sending, ssl->heap,
ashleymills 0:714293de3836 4661 DYNAMIC_TYPE_WRITEV);
ashleymills 0:714293de3836 4662 if (!tmp2)
ashleymills 0:714293de3836 4663 return MEMORY_ERROR;
ashleymills 0:714293de3836 4664 myBuffer = tmp2;
ashleymills 0:714293de3836 4665 newBuffer = 1;
ashleymills 0:714293de3836 4666 }
ashleymills 0:714293de3836 4667
ashleymills 0:714293de3836 4668 for (i = 0; i < iovcnt; i++) {
ashleymills 0:714293de3836 4669 XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
ashleymills 0:714293de3836 4670 idx += (int)iov[i].iov_len;
ashleymills 0:714293de3836 4671 }
ashleymills 0:714293de3836 4672
ashleymills 0:714293de3836 4673 ret = CyaSSL_write(ssl, myBuffer, sending);
ashleymills 0:714293de3836 4674
ashleymills 0:714293de3836 4675 if (newBuffer) XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
ashleymills 0:714293de3836 4676
ashleymills 0:714293de3836 4677 return ret;
ashleymills 0:714293de3836 4678 }
ashleymills 0:714293de3836 4679 #endif
ashleymills 0:714293de3836 4680 #endif
ashleymills 0:714293de3836 4681
ashleymills 0:714293de3836 4682
ashleymills 0:714293de3836 4683 #ifdef CYASSL_CALLBACKS
ashleymills 0:714293de3836 4684
ashleymills 0:714293de3836 4685 typedef struct itimerval Itimerval;
ashleymills 0:714293de3836 4686
ashleymills 0:714293de3836 4687 /* don't keep calling simple functions while setting up timer and singals
ashleymills 0:714293de3836 4688 if no inlining these are the next best */
ashleymills 0:714293de3836 4689
ashleymills 0:714293de3836 4690 #define AddTimes(a, b, c) \
ashleymills 0:714293de3836 4691 do { \
ashleymills 0:714293de3836 4692 c.tv_sec = a.tv_sec + b.tv_sec; \
ashleymills 0:714293de3836 4693 c.tv_usec = a.tv_usec + b.tv_usec; \
ashleymills 0:714293de3836 4694 if (c.tv_usec >= 1000000) { \
ashleymills 0:714293de3836 4695 c.tv_sec++; \
ashleymills 0:714293de3836 4696 c.tv_usec -= 1000000; \
ashleymills 0:714293de3836 4697 } \
ashleymills 0:714293de3836 4698 } while (0)
ashleymills 0:714293de3836 4699
ashleymills 0:714293de3836 4700
ashleymills 0:714293de3836 4701 #define SubtractTimes(a, b, c) \
ashleymills 0:714293de3836 4702 do { \
ashleymills 0:714293de3836 4703 c.tv_sec = a.tv_sec - b.tv_sec; \
ashleymills 0:714293de3836 4704 c.tv_usec = a.tv_usec - b.tv_usec; \
ashleymills 0:714293de3836 4705 if (c.tv_usec < 0) { \
ashleymills 0:714293de3836 4706 c.tv_sec--; \
ashleymills 0:714293de3836 4707 c.tv_usec += 1000000; \
ashleymills 0:714293de3836 4708 } \
ashleymills 0:714293de3836 4709 } while (0)
ashleymills 0:714293de3836 4710
ashleymills 0:714293de3836 4711 #define CmpTimes(a, b, cmp) \
ashleymills 0:714293de3836 4712 ((a.tv_sec == b.tv_sec) ? \
ashleymills 0:714293de3836 4713 (a.tv_usec cmp b.tv_usec) : \
ashleymills 0:714293de3836 4714 (a.tv_sec cmp b.tv_sec)) \
ashleymills 0:714293de3836 4715
ashleymills 0:714293de3836 4716
ashleymills 0:714293de3836 4717 /* do nothing handler */
ashleymills 0:714293de3836 4718 static void myHandler(int signo)
ashleymills 0:714293de3836 4719 {
ashleymills 0:714293de3836 4720 (void)signo;
ashleymills 0:714293de3836 4721 return;
ashleymills 0:714293de3836 4722 }
ashleymills 0:714293de3836 4723
ashleymills 0:714293de3836 4724
ashleymills 0:714293de3836 4725 static int CyaSSL_ex_wrapper(CYASSL* ssl, HandShakeCallBack hsCb,
ashleymills 0:714293de3836 4726 TimeoutCallBack toCb, Timeval timeout)
ashleymills 0:714293de3836 4727 {
ashleymills 0:714293de3836 4728 int ret = SSL_FATAL_ERROR;
ashleymills 0:714293de3836 4729 int oldTimerOn = 0; /* was timer already on */
ashleymills 0:714293de3836 4730 Timeval startTime;
ashleymills 0:714293de3836 4731 Timeval endTime;
ashleymills 0:714293de3836 4732 Timeval totalTime;
ashleymills 0:714293de3836 4733 Itimerval myTimeout;
ashleymills 0:714293de3836 4734 Itimerval oldTimeout; /* if old timer adjust from total time to reset */
ashleymills 0:714293de3836 4735 struct sigaction act, oact;
ashleymills 0:714293de3836 4736
ashleymills 0:714293de3836 4737 #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
ashleymills 0:714293de3836 4738
ashleymills 0:714293de3836 4739 if (hsCb) {
ashleymills 0:714293de3836 4740 ssl->hsInfoOn = 1;
ashleymills 0:714293de3836 4741 InitHandShakeInfo(&ssl->handShakeInfo);
ashleymills 0:714293de3836 4742 }
ashleymills 0:714293de3836 4743 if (toCb) {
ashleymills 0:714293de3836 4744 ssl->toInfoOn = 1;
ashleymills 0:714293de3836 4745 InitTimeoutInfo(&ssl->timeoutInfo);
ashleymills 0:714293de3836 4746
ashleymills 0:714293de3836 4747 if (gettimeofday(&startTime, 0) < 0)
ashleymills 0:714293de3836 4748 ERR_OUT(GETTIME_ERROR);
ashleymills 0:714293de3836 4749
ashleymills 0:714293de3836 4750 /* use setitimer to simulate getitimer, init 0 myTimeout */
ashleymills 0:714293de3836 4751 myTimeout.it_interval.tv_sec = 0;
ashleymills 0:714293de3836 4752 myTimeout.it_interval.tv_usec = 0;
ashleymills 0:714293de3836 4753 myTimeout.it_value.tv_sec = 0;
ashleymills 0:714293de3836 4754 myTimeout.it_value.tv_usec = 0;
ashleymills 0:714293de3836 4755 if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
ashleymills 0:714293de3836 4756 ERR_OUT(SETITIMER_ERROR);
ashleymills 0:714293de3836 4757
ashleymills 0:714293de3836 4758 if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) {
ashleymills 0:714293de3836 4759 oldTimerOn = 1;
ashleymills 0:714293de3836 4760
ashleymills 0:714293de3836 4761 /* is old timer going to expire before ours */
ashleymills 0:714293de3836 4762 if (CmpTimes(oldTimeout.it_value, timeout, <)) {
ashleymills 0:714293de3836 4763 timeout.tv_sec = oldTimeout.it_value.tv_sec;
ashleymills 0:714293de3836 4764 timeout.tv_usec = oldTimeout.it_value.tv_usec;
ashleymills 0:714293de3836 4765 }
ashleymills 0:714293de3836 4766 }
ashleymills 0:714293de3836 4767 myTimeout.it_value.tv_sec = timeout.tv_sec;
ashleymills 0:714293de3836 4768 myTimeout.it_value.tv_usec = timeout.tv_usec;
ashleymills 0:714293de3836 4769
ashleymills 0:714293de3836 4770 /* set up signal handler, don't restart socket send/recv */
ashleymills 0:714293de3836 4771 act.sa_handler = myHandler;
ashleymills 0:714293de3836 4772 sigemptyset(&act.sa_mask);
ashleymills 0:714293de3836 4773 act.sa_flags = 0;
ashleymills 0:714293de3836 4774 #ifdef SA_INTERRUPT
ashleymills 0:714293de3836 4775 act.sa_flags |= SA_INTERRUPT;
ashleymills 0:714293de3836 4776 #endif
ashleymills 0:714293de3836 4777 if (sigaction(SIGALRM, &act, &oact) < 0)
ashleymills 0:714293de3836 4778 ERR_OUT(SIGACT_ERROR);
ashleymills 0:714293de3836 4779
ashleymills 0:714293de3836 4780 if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
ashleymills 0:714293de3836 4781 ERR_OUT(SETITIMER_ERROR);
ashleymills 0:714293de3836 4782 }
ashleymills 0:714293de3836 4783
ashleymills 0:714293de3836 4784 /* do main work */
ashleymills 0:714293de3836 4785 #ifndef NO_CYASSL_CLIENT
ashleymills 0:714293de3836 4786 if (ssl->options.side == CLIENT_END)
ashleymills 0:714293de3836 4787 ret = CyaSSL_connect(ssl);
ashleymills 0:714293de3836 4788 #endif
ashleymills 0:714293de3836 4789 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 4790 if (ssl->options.side == SERVER_END)
ashleymills 0:714293de3836 4791 ret = CyaSSL_accept(ssl);
ashleymills 0:714293de3836 4792 #endif
ashleymills 0:714293de3836 4793
ashleymills 0:714293de3836 4794 /* do callbacks */
ashleymills 0:714293de3836 4795 if (toCb) {
ashleymills 0:714293de3836 4796 if (oldTimerOn) {
ashleymills 0:714293de3836 4797 gettimeofday(&endTime, 0);
ashleymills 0:714293de3836 4798 SubtractTimes(endTime, startTime, totalTime);
ashleymills 0:714293de3836 4799 /* adjust old timer for elapsed time */
ashleymills 0:714293de3836 4800 if (CmpTimes(totalTime, oldTimeout.it_value, <))
ashleymills 0:714293de3836 4801 SubtractTimes(oldTimeout.it_value, totalTime,
ashleymills 0:714293de3836 4802 oldTimeout.it_value);
ashleymills 0:714293de3836 4803 else {
ashleymills 0:714293de3836 4804 /* reset value to interval, may be off */
ashleymills 0:714293de3836 4805 oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
ashleymills 0:714293de3836 4806 oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
ashleymills 0:714293de3836 4807 }
ashleymills 0:714293de3836 4808 /* keep iter the same whether there or not */
ashleymills 0:714293de3836 4809 }
ashleymills 0:714293de3836 4810 /* restore old handler */
ashleymills 0:714293de3836 4811 if (sigaction(SIGALRM, &oact, 0) < 0)
ashleymills 0:714293de3836 4812 ret = SIGACT_ERROR; /* more pressing error, stomp */
ashleymills 0:714293de3836 4813 else
ashleymills 0:714293de3836 4814 /* use old settings which may turn off (expired or not there) */
ashleymills 0:714293de3836 4815 if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
ashleymills 0:714293de3836 4816 ret = SETITIMER_ERROR;
ashleymills 0:714293de3836 4817
ashleymills 0:714293de3836 4818 /* if we had a timeout call callback */
ashleymills 0:714293de3836 4819 if (ssl->timeoutInfo.timeoutName[0]) {
ashleymills 0:714293de3836 4820 ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
ashleymills 0:714293de3836 4821 ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
ashleymills 0:714293de3836 4822 (toCb)(&ssl->timeoutInfo);
ashleymills 0:714293de3836 4823 }
ashleymills 0:714293de3836 4824 /* clean up */
ashleymills 0:714293de3836 4825 FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
ashleymills 0:714293de3836 4826 ssl->toInfoOn = 0;
ashleymills 0:714293de3836 4827 }
ashleymills 0:714293de3836 4828 if (hsCb) {
ashleymills 0:714293de3836 4829 FinishHandShakeInfo(&ssl->handShakeInfo, ssl);
ashleymills 0:714293de3836 4830 (hsCb)(&ssl->handShakeInfo);
ashleymills 0:714293de3836 4831 ssl->hsInfoOn = 0;
ashleymills 0:714293de3836 4832 }
ashleymills 0:714293de3836 4833 return ret;
ashleymills 0:714293de3836 4834 }
ashleymills 0:714293de3836 4835
ashleymills 0:714293de3836 4836
ashleymills 0:714293de3836 4837 #ifndef NO_CYASSL_CLIENT
ashleymills 0:714293de3836 4838
ashleymills 0:714293de3836 4839 int CyaSSL_connect_ex(CYASSL* ssl, HandShakeCallBack hsCb,
ashleymills 0:714293de3836 4840 TimeoutCallBack toCb, Timeval timeout)
ashleymills 0:714293de3836 4841 {
ashleymills 0:714293de3836 4842 CYASSL_ENTER("CyaSSL_connect_ex");
ashleymills 0:714293de3836 4843 return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
ashleymills 0:714293de3836 4844 }
ashleymills 0:714293de3836 4845
ashleymills 0:714293de3836 4846 #endif
ashleymills 0:714293de3836 4847
ashleymills 0:714293de3836 4848
ashleymills 0:714293de3836 4849 #ifndef NO_CYASSL_SERVER
ashleymills 0:714293de3836 4850
ashleymills 0:714293de3836 4851 int CyaSSL_accept_ex(CYASSL* ssl, HandShakeCallBack hsCb,
ashleymills 0:714293de3836 4852 TimeoutCallBack toCb,Timeval timeout)
ashleymills 0:714293de3836 4853 {
ashleymills 0:714293de3836 4854 CYASSL_ENTER("CyaSSL_accept_ex");
ashleymills 0:714293de3836 4855 return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
ashleymills 0:714293de3836 4856 }
ashleymills 0:714293de3836 4857
ashleymills 0:714293de3836 4858 #endif
ashleymills 0:714293de3836 4859
ashleymills 0:714293de3836 4860 #endif /* CYASSL_CALLBACKS */
ashleymills 0:714293de3836 4861
ashleymills 0:714293de3836 4862
ashleymills 0:714293de3836 4863 #ifndef NO_PSK
ashleymills 0:714293de3836 4864
ashleymills 0:714293de3836 4865 void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 4866 psk_client_callback cb)
ashleymills 0:714293de3836 4867 {
ashleymills 0:714293de3836 4868 CYASSL_ENTER("SSL_CTX_set_psk_client_callback");
ashleymills 0:714293de3836 4869 ctx->havePSK = 1;
ashleymills 0:714293de3836 4870 ctx->client_psk_cb = cb;
ashleymills 0:714293de3836 4871 }
ashleymills 0:714293de3836 4872
ashleymills 0:714293de3836 4873
ashleymills 0:714293de3836 4874 void CyaSSL_set_psk_client_callback(CYASSL* ssl, psk_client_callback cb)
ashleymills 0:714293de3836 4875 {
ashleymills 0:714293de3836 4876 byte haveRSA = 1;
ashleymills 0:714293de3836 4877
ashleymills 0:714293de3836 4878 CYASSL_ENTER("SSL_set_psk_client_callback");
ashleymills 0:714293de3836 4879 ssl->options.havePSK = 1;
ashleymills 0:714293de3836 4880 ssl->options.client_psk_cb = cb;
ashleymills 0:714293de3836 4881
ashleymills 0:714293de3836 4882 #ifdef NO_RSA
ashleymills 0:714293de3836 4883 haveRSA = 0;
ashleymills 0:714293de3836 4884 #endif
ashleymills 0:714293de3836 4885 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
ashleymills 0:714293de3836 4886 ssl->options.haveDH, ssl->options.haveNTRU,
ashleymills 0:714293de3836 4887 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ashleymills 0:714293de3836 4888 ssl->options.side);
ashleymills 0:714293de3836 4889 }
ashleymills 0:714293de3836 4890
ashleymills 0:714293de3836 4891
ashleymills 0:714293de3836 4892 void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 4893 psk_server_callback cb)
ashleymills 0:714293de3836 4894 {
ashleymills 0:714293de3836 4895 CYASSL_ENTER("SSL_CTX_set_psk_server_callback");
ashleymills 0:714293de3836 4896 ctx->havePSK = 1;
ashleymills 0:714293de3836 4897 ctx->server_psk_cb = cb;
ashleymills 0:714293de3836 4898 }
ashleymills 0:714293de3836 4899
ashleymills 0:714293de3836 4900
ashleymills 0:714293de3836 4901 void CyaSSL_set_psk_server_callback(CYASSL* ssl, psk_server_callback cb)
ashleymills 0:714293de3836 4902 {
ashleymills 0:714293de3836 4903 byte haveRSA = 1;
ashleymills 0:714293de3836 4904
ashleymills 0:714293de3836 4905 CYASSL_ENTER("SSL_set_psk_server_callback");
ashleymills 0:714293de3836 4906 ssl->options.havePSK = 1;
ashleymills 0:714293de3836 4907 ssl->options.server_psk_cb = cb;
ashleymills 0:714293de3836 4908
ashleymills 0:714293de3836 4909 #ifdef NO_RSA
ashleymills 0:714293de3836 4910 haveRSA = 0;
ashleymills 0:714293de3836 4911 #endif
ashleymills 0:714293de3836 4912 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
ashleymills 0:714293de3836 4913 ssl->options.haveDH, ssl->options.haveNTRU,
ashleymills 0:714293de3836 4914 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ashleymills 0:714293de3836 4915 ssl->options.side);
ashleymills 0:714293de3836 4916 }
ashleymills 0:714293de3836 4917
ashleymills 0:714293de3836 4918
ashleymills 0:714293de3836 4919 const char* CyaSSL_get_psk_identity_hint(const CYASSL* ssl)
ashleymills 0:714293de3836 4920 {
ashleymills 0:714293de3836 4921 CYASSL_ENTER("SSL_get_psk_identity_hint");
ashleymills 0:714293de3836 4922
ashleymills 0:714293de3836 4923 if (ssl == NULL || ssl->arrays == NULL)
ashleymills 0:714293de3836 4924 return NULL;
ashleymills 0:714293de3836 4925
ashleymills 0:714293de3836 4926 return ssl->arrays->server_hint;
ashleymills 0:714293de3836 4927 }
ashleymills 0:714293de3836 4928
ashleymills 0:714293de3836 4929
ashleymills 0:714293de3836 4930 const char* CyaSSL_get_psk_identity(const CYASSL* ssl)
ashleymills 0:714293de3836 4931 {
ashleymills 0:714293de3836 4932 CYASSL_ENTER("SSL_get_psk_identity");
ashleymills 0:714293de3836 4933
ashleymills 0:714293de3836 4934 if (ssl == NULL || ssl->arrays == NULL)
ashleymills 0:714293de3836 4935 return NULL;
ashleymills 0:714293de3836 4936
ashleymills 0:714293de3836 4937 return ssl->arrays->client_identity;
ashleymills 0:714293de3836 4938 }
ashleymills 0:714293de3836 4939
ashleymills 0:714293de3836 4940
ashleymills 0:714293de3836 4941 int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX* ctx, const char* hint)
ashleymills 0:714293de3836 4942 {
ashleymills 0:714293de3836 4943 CYASSL_ENTER("SSL_CTX_use_psk_identity_hint");
ashleymills 0:714293de3836 4944 if (hint == 0)
ashleymills 0:714293de3836 4945 ctx->server_hint[0] = 0;
ashleymills 0:714293de3836 4946 else {
ashleymills 0:714293de3836 4947 XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
ashleymills 0:714293de3836 4948 ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
ashleymills 0:714293de3836 4949 }
ashleymills 0:714293de3836 4950 return SSL_SUCCESS;
ashleymills 0:714293de3836 4951 }
ashleymills 0:714293de3836 4952
ashleymills 0:714293de3836 4953
ashleymills 0:714293de3836 4954 int CyaSSL_use_psk_identity_hint(CYASSL* ssl, const char* hint)
ashleymills 0:714293de3836 4955 {
ashleymills 0:714293de3836 4956 CYASSL_ENTER("SSL_use_psk_identity_hint");
ashleymills 0:714293de3836 4957
ashleymills 0:714293de3836 4958 if (ssl == NULL || ssl->arrays == NULL)
ashleymills 0:714293de3836 4959 return SSL_FAILURE;
ashleymills 0:714293de3836 4960
ashleymills 0:714293de3836 4961 if (hint == 0)
ashleymills 0:714293de3836 4962 ssl->arrays->server_hint[0] = 0;
ashleymills 0:714293de3836 4963 else {
ashleymills 0:714293de3836 4964 XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN);
ashleymills 0:714293de3836 4965 ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
ashleymills 0:714293de3836 4966 }
ashleymills 0:714293de3836 4967 return SSL_SUCCESS;
ashleymills 0:714293de3836 4968 }
ashleymills 0:714293de3836 4969
ashleymills 0:714293de3836 4970 #endif /* NO_PSK */
ashleymills 0:714293de3836 4971
ashleymills 0:714293de3836 4972
ashleymills 0:714293de3836 4973 #ifndef NO_CERTS
ashleymills 0:714293de3836 4974 /* used to be defined on NO_FILESYSTEM only, but are generally useful */
ashleymills 0:714293de3836 4975
ashleymills 0:714293de3836 4976 /* CyaSSL extension allows DER files to be loaded from buffers as well */
ashleymills 0:714293de3836 4977 int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX* ctx, const unsigned char* in,
ashleymills 0:714293de3836 4978 long sz, int format)
ashleymills 0:714293de3836 4979 {
ashleymills 0:714293de3836 4980 CYASSL_ENTER("CyaSSL_CTX_load_verify_buffer");
ashleymills 0:714293de3836 4981 if (format == SSL_FILETYPE_PEM)
ashleymills 0:714293de3836 4982 return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
ashleymills 0:714293de3836 4983 else
ashleymills 0:714293de3836 4984 return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0);
ashleymills 0:714293de3836 4985 }
ashleymills 0:714293de3836 4986
ashleymills 0:714293de3836 4987
ashleymills 0:714293de3836 4988 int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 4989 const unsigned char* in, long sz, int format)
ashleymills 0:714293de3836 4990 {
ashleymills 0:714293de3836 4991 CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer");
ashleymills 0:714293de3836 4992 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0);
ashleymills 0:714293de3836 4993 }
ashleymills 0:714293de3836 4994
ashleymills 0:714293de3836 4995
ashleymills 0:714293de3836 4996 int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 4997 const unsigned char* in, long sz, int format)
ashleymills 0:714293de3836 4998 {
ashleymills 0:714293de3836 4999 CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer");
ashleymills 0:714293de3836 5000 return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0);
ashleymills 0:714293de3836 5001 }
ashleymills 0:714293de3836 5002
ashleymills 0:714293de3836 5003
ashleymills 0:714293de3836 5004 int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 5005 const unsigned char* in, long sz)
ashleymills 0:714293de3836 5006 {
ashleymills 0:714293de3836 5007 CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer");
ashleymills 0:714293de3836 5008 return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL,
ashleymills 0:714293de3836 5009 NULL, 1);
ashleymills 0:714293de3836 5010 }
ashleymills 0:714293de3836 5011
ashleymills 0:714293de3836 5012 int CyaSSL_use_certificate_buffer(CYASSL* ssl,
ashleymills 0:714293de3836 5013 const unsigned char* in, long sz, int format)
ashleymills 0:714293de3836 5014 {
ashleymills 0:714293de3836 5015 CYASSL_ENTER("CyaSSL_use_certificate_buffer");
ashleymills 0:714293de3836 5016 return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0);
ashleymills 0:714293de3836 5017 }
ashleymills 0:714293de3836 5018
ashleymills 0:714293de3836 5019
ashleymills 0:714293de3836 5020 int CyaSSL_use_PrivateKey_buffer(CYASSL* ssl,
ashleymills 0:714293de3836 5021 const unsigned char* in, long sz, int format)
ashleymills 0:714293de3836 5022 {
ashleymills 0:714293de3836 5023 CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer");
ashleymills 0:714293de3836 5024 return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
ashleymills 0:714293de3836 5025 ssl, NULL, 0);
ashleymills 0:714293de3836 5026 }
ashleymills 0:714293de3836 5027
ashleymills 0:714293de3836 5028
ashleymills 0:714293de3836 5029 int CyaSSL_use_certificate_chain_buffer(CYASSL* ssl,
ashleymills 0:714293de3836 5030 const unsigned char* in, long sz)
ashleymills 0:714293de3836 5031 {
ashleymills 0:714293de3836 5032 CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer");
ashleymills 0:714293de3836 5033 return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE,
ashleymills 0:714293de3836 5034 ssl, NULL, 1);
ashleymills 0:714293de3836 5035 }
ashleymills 0:714293de3836 5036
ashleymills 0:714293de3836 5037 int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 5038 {
ashleymills 0:714293de3836 5039 CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");
ashleymills 0:714293de3836 5040
ashleymills 0:714293de3836 5041 if (ctx == NULL)
ashleymills 0:714293de3836 5042 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 5043
ashleymills 0:714293de3836 5044 return CyaSSL_CertManagerUnloadCAs(ctx->cm);
ashleymills 0:714293de3836 5045 }
ashleymills 0:714293de3836 5046
ashleymills 0:714293de3836 5047 /* old NO_FILESYSTEM end */
ashleymills 0:714293de3836 5048 #endif /* !NO_CERTS */
ashleymills 0:714293de3836 5049
ashleymills 0:714293de3836 5050
ashleymills 0:714293de3836 5051 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
ashleymills 0:714293de3836 5052
ashleymills 0:714293de3836 5053
ashleymills 0:714293de3836 5054 int CyaSSL_add_all_algorithms(void)
ashleymills 0:714293de3836 5055 {
ashleymills 0:714293de3836 5056 CYASSL_ENTER("CyaSSL_add_all_algorithms");
ashleymills 0:714293de3836 5057 CyaSSL_Init();
ashleymills 0:714293de3836 5058 return SSL_SUCCESS;
ashleymills 0:714293de3836 5059 }
ashleymills 0:714293de3836 5060
ashleymills 0:714293de3836 5061
ashleymills 0:714293de3836 5062 long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX* ctx, long sz)
ashleymills 0:714293de3836 5063 {
ashleymills 0:714293de3836 5064 /* cache size fixed at compile time in CyaSSL */
ashleymills 0:714293de3836 5065 (void)ctx;
ashleymills 0:714293de3836 5066 (void)sz;
ashleymills 0:714293de3836 5067 return 0;
ashleymills 0:714293de3836 5068 }
ashleymills 0:714293de3836 5069
ashleymills 0:714293de3836 5070
ashleymills 0:714293de3836 5071 void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode)
ashleymills 0:714293de3836 5072 {
ashleymills 0:714293de3836 5073 CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
ashleymills 0:714293de3836 5074 if (mode)
ashleymills 0:714293de3836 5075 ctx->quietShutdown = 1;
ashleymills 0:714293de3836 5076 }
ashleymills 0:714293de3836 5077
ashleymills 0:714293de3836 5078
ashleymills 0:714293de3836 5079 void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode)
ashleymills 0:714293de3836 5080 {
ashleymills 0:714293de3836 5081 CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
ashleymills 0:714293de3836 5082 if (mode)
ashleymills 0:714293de3836 5083 ssl->options.quietShutdown = 1;
ashleymills 0:714293de3836 5084 }
ashleymills 0:714293de3836 5085
ashleymills 0:714293de3836 5086
ashleymills 0:714293de3836 5087 void CyaSSL_set_bio(CYASSL* ssl, CYASSL_BIO* rd, CYASSL_BIO* wr)
ashleymills 0:714293de3836 5088 {
ashleymills 0:714293de3836 5089 CYASSL_ENTER("SSL_set_bio");
ashleymills 0:714293de3836 5090 CyaSSL_set_rfd(ssl, rd->fd);
ashleymills 0:714293de3836 5091 CyaSSL_set_wfd(ssl, wr->fd);
ashleymills 0:714293de3836 5092
ashleymills 0:714293de3836 5093 ssl->biord = rd;
ashleymills 0:714293de3836 5094 ssl->biowr = wr;
ashleymills 0:714293de3836 5095 }
ashleymills 0:714293de3836 5096
ashleymills 0:714293de3836 5097
ashleymills 0:714293de3836 5098 void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 5099 STACK_OF(CYASSL_X509_NAME)* names)
ashleymills 0:714293de3836 5100 {
ashleymills 0:714293de3836 5101 (void)ctx;
ashleymills 0:714293de3836 5102 (void)names;
ashleymills 0:714293de3836 5103 }
ashleymills 0:714293de3836 5104
ashleymills 0:714293de3836 5105
ashleymills 0:714293de3836 5106 STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char* fname)
ashleymills 0:714293de3836 5107 {
ashleymills 0:714293de3836 5108 (void)fname;
ashleymills 0:714293de3836 5109 return 0;
ashleymills 0:714293de3836 5110 }
ashleymills 0:714293de3836 5111
ashleymills 0:714293de3836 5112
ashleymills 0:714293de3836 5113 int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 5114 {
ashleymills 0:714293de3836 5115 /* TODO:, not needed in goahead */
ashleymills 0:714293de3836 5116 (void)ctx;
ashleymills 0:714293de3836 5117 return SSL_NOT_IMPLEMENTED;
ashleymills 0:714293de3836 5118 }
ashleymills 0:714293de3836 5119
ashleymills 0:714293de3836 5120
ashleymills 0:714293de3836 5121 /* keyblock size in bytes or -1 */
ashleymills 0:714293de3836 5122 int CyaSSL_get_keyblock_size(CYASSL* ssl)
ashleymills 0:714293de3836 5123 {
ashleymills 0:714293de3836 5124 if (ssl == NULL)
ashleymills 0:714293de3836 5125 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 5126
ashleymills 0:714293de3836 5127 return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
ashleymills 0:714293de3836 5128 ssl->specs.hash_size);
ashleymills 0:714293de3836 5129 }
ashleymills 0:714293de3836 5130
ashleymills 0:714293de3836 5131
ashleymills 0:714293de3836 5132 /* store keys returns SSL_SUCCESS or -1 on error */
ashleymills 0:714293de3836 5133 int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen,
ashleymills 0:714293de3836 5134 unsigned char** sr, unsigned int* srLen,
ashleymills 0:714293de3836 5135 unsigned char** cr, unsigned int* crLen)
ashleymills 0:714293de3836 5136 {
ashleymills 0:714293de3836 5137 if (ssl == NULL || ssl->arrays == NULL)
ashleymills 0:714293de3836 5138 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 5139
ashleymills 0:714293de3836 5140 *ms = ssl->arrays->masterSecret;
ashleymills 0:714293de3836 5141 *sr = ssl->arrays->serverRandom;
ashleymills 0:714293de3836 5142 *cr = ssl->arrays->clientRandom;
ashleymills 0:714293de3836 5143
ashleymills 0:714293de3836 5144 *msLen = SECRET_LEN;
ashleymills 0:714293de3836 5145 *srLen = RAN_LEN;
ashleymills 0:714293de3836 5146 *crLen = RAN_LEN;
ashleymills 0:714293de3836 5147
ashleymills 0:714293de3836 5148 return SSL_SUCCESS;
ashleymills 0:714293de3836 5149 }
ashleymills 0:714293de3836 5150
ashleymills 0:714293de3836 5151
ashleymills 0:714293de3836 5152 void CyaSSL_set_accept_state(CYASSL* ssl)
ashleymills 0:714293de3836 5153 {
ashleymills 0:714293de3836 5154 byte haveRSA = 1;
ashleymills 0:714293de3836 5155 byte havePSK = 0;
ashleymills 0:714293de3836 5156
ashleymills 0:714293de3836 5157 CYASSL_ENTER("SSL_set_accept_state");
ashleymills 0:714293de3836 5158 ssl->options.side = SERVER_END;
ashleymills 0:714293de3836 5159 /* reset suites in case user switched */
ashleymills 0:714293de3836 5160
ashleymills 0:714293de3836 5161 #ifdef NO_RSA
ashleymills 0:714293de3836 5162 haveRSA = 0;
ashleymills 0:714293de3836 5163 #endif
ashleymills 0:714293de3836 5164 #ifndef NO_PSK
ashleymills 0:714293de3836 5165 havePSK = ssl->options.havePSK;
ashleymills 0:714293de3836 5166 #endif
ashleymills 0:714293de3836 5167 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
ashleymills 0:714293de3836 5168 ssl->options.haveDH, ssl->options.haveNTRU,
ashleymills 0:714293de3836 5169 ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
ashleymills 0:714293de3836 5170 ssl->options.side);
ashleymills 0:714293de3836 5171 }
ashleymills 0:714293de3836 5172 #endif
ashleymills 0:714293de3836 5173
ashleymills 0:714293de3836 5174 /* return true if connection established */
ashleymills 0:714293de3836 5175 int CyaSSL_is_init_finished(CYASSL* ssl)
ashleymills 0:714293de3836 5176 {
ashleymills 0:714293de3836 5177 if (ssl == NULL)
ashleymills 0:714293de3836 5178 return 0;
ashleymills 0:714293de3836 5179
ashleymills 0:714293de3836 5180 if (ssl->options.handShakeState == HANDSHAKE_DONE)
ashleymills 0:714293de3836 5181 return 1;
ashleymills 0:714293de3836 5182
ashleymills 0:714293de3836 5183 return 0;
ashleymills 0:714293de3836 5184 }
ashleymills 0:714293de3836 5185
ashleymills 0:714293de3836 5186 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
ashleymills 0:714293de3836 5187 void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 5188 CYASSL_RSA*(*f)(CYASSL*, int, int))
ashleymills 0:714293de3836 5189 {
ashleymills 0:714293de3836 5190 /* CyaSSL verifies all these internally */
ashleymills 0:714293de3836 5191 (void)ctx;
ashleymills 0:714293de3836 5192 (void)f;
ashleymills 0:714293de3836 5193 }
ashleymills 0:714293de3836 5194
ashleymills 0:714293de3836 5195
ashleymills 0:714293de3836 5196 void CyaSSL_set_shutdown(CYASSL* ssl, int opt)
ashleymills 0:714293de3836 5197 {
ashleymills 0:714293de3836 5198 (void)ssl;
ashleymills 0:714293de3836 5199 (void)opt;
ashleymills 0:714293de3836 5200 }
ashleymills 0:714293de3836 5201
ashleymills 0:714293de3836 5202
ashleymills 0:714293de3836 5203 long CyaSSL_CTX_set_options(CYASSL_CTX* ctx, long opt)
ashleymills 0:714293de3836 5204 {
ashleymills 0:714293de3836 5205 /* goahead calls with 0, do nothing */
ashleymills 0:714293de3836 5206 CYASSL_ENTER("SSL_CTX_set_options");
ashleymills 0:714293de3836 5207 (void)ctx;
ashleymills 0:714293de3836 5208 return opt;
ashleymills 0:714293de3836 5209 }
ashleymills 0:714293de3836 5210
ashleymills 0:714293de3836 5211
ashleymills 0:714293de3836 5212 int CyaSSL_set_rfd(CYASSL* ssl, int rfd)
ashleymills 0:714293de3836 5213 {
ashleymills 0:714293de3836 5214 CYASSL_ENTER("SSL_set_rfd");
ashleymills 0:714293de3836 5215 ssl->rfd = rfd; /* not used directly to allow IO callbacks */
ashleymills 0:714293de3836 5216
ashleymills 0:714293de3836 5217 ssl->IOCB_ReadCtx = &ssl->rfd;
ashleymills 0:714293de3836 5218
ashleymills 0:714293de3836 5219 return SSL_SUCCESS;
ashleymills 0:714293de3836 5220 }
ashleymills 0:714293de3836 5221
ashleymills 0:714293de3836 5222
ashleymills 0:714293de3836 5223 int CyaSSL_set_wfd(CYASSL* ssl, int wfd)
ashleymills 0:714293de3836 5224 {
ashleymills 0:714293de3836 5225 CYASSL_ENTER("SSL_set_wfd");
ashleymills 0:714293de3836 5226 ssl->wfd = wfd; /* not used directly to allow IO callbacks */
ashleymills 0:714293de3836 5227
ashleymills 0:714293de3836 5228 ssl->IOCB_WriteCtx = &ssl->wfd;
ashleymills 0:714293de3836 5229
ashleymills 0:714293de3836 5230 return SSL_SUCCESS;
ashleymills 0:714293de3836 5231 }
ashleymills 0:714293de3836 5232
ashleymills 0:714293de3836 5233
ashleymills 0:714293de3836 5234 CYASSL_RSA* CyaSSL_RSA_generate_key(int len, unsigned long bits,
ashleymills 0:714293de3836 5235 void(*f)(int, int, void*), void* data)
ashleymills 0:714293de3836 5236 {
ashleymills 0:714293de3836 5237 /* no tmp key needed, actual generation not supported */
ashleymills 0:714293de3836 5238 CYASSL_ENTER("RSA_generate_key");
ashleymills 0:714293de3836 5239 (void)len;
ashleymills 0:714293de3836 5240 (void)bits;
ashleymills 0:714293de3836 5241 (void)f;
ashleymills 0:714293de3836 5242 (void)data;
ashleymills 0:714293de3836 5243 return NULL;
ashleymills 0:714293de3836 5244 }
ashleymills 0:714293de3836 5245
ashleymills 0:714293de3836 5246
ashleymills 0:714293de3836 5247
ashleymills 0:714293de3836 5248 CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
ashleymills 0:714293de3836 5249 CYASSL_X509_STORE_CTX* ctx)
ashleymills 0:714293de3836 5250 {
ashleymills 0:714293de3836 5251 (void)ctx;
ashleymills 0:714293de3836 5252 return 0;
ashleymills 0:714293de3836 5253 }
ashleymills 0:714293de3836 5254
ashleymills 0:714293de3836 5255
ashleymills 0:714293de3836 5256 int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX* ctx)
ashleymills 0:714293de3836 5257 {
ashleymills 0:714293de3836 5258 (void)ctx;
ashleymills 0:714293de3836 5259 return 0;
ashleymills 0:714293de3836 5260 }
ashleymills 0:714293de3836 5261
ashleymills 0:714293de3836 5262
ashleymills 0:714293de3836 5263 int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX* ctx)
ashleymills 0:714293de3836 5264 {
ashleymills 0:714293de3836 5265 (void)ctx;
ashleymills 0:714293de3836 5266 return 0;
ashleymills 0:714293de3836 5267 }
ashleymills 0:714293de3836 5268
ashleymills 0:714293de3836 5269
ashleymills 0:714293de3836 5270 CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void)
ashleymills 0:714293de3836 5271 {
ashleymills 0:714293de3836 5272 static CYASSL_BIO_METHOD meth;
ashleymills 0:714293de3836 5273
ashleymills 0:714293de3836 5274 CYASSL_ENTER("BIO_f_buffer");
ashleymills 0:714293de3836 5275 meth.type = BIO_BUFFER;
ashleymills 0:714293de3836 5276
ashleymills 0:714293de3836 5277 return &meth;
ashleymills 0:714293de3836 5278 }
ashleymills 0:714293de3836 5279
ashleymills 0:714293de3836 5280
ashleymills 0:714293de3836 5281 long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO* bio, long size)
ashleymills 0:714293de3836 5282 {
ashleymills 0:714293de3836 5283 /* CyaSSL has internal buffer, compatibility only */
ashleymills 0:714293de3836 5284 CYASSL_ENTER("BIO_set_write_buffer_size");
ashleymills 0:714293de3836 5285 (void)bio;
ashleymills 0:714293de3836 5286 return size;
ashleymills 0:714293de3836 5287 }
ashleymills 0:714293de3836 5288
ashleymills 0:714293de3836 5289
ashleymills 0:714293de3836 5290 CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void)
ashleymills 0:714293de3836 5291 {
ashleymills 0:714293de3836 5292 static CYASSL_BIO_METHOD meth;
ashleymills 0:714293de3836 5293
ashleymills 0:714293de3836 5294 CYASSL_ENTER("BIO_f_ssl");
ashleymills 0:714293de3836 5295 meth.type = BIO_SSL;
ashleymills 0:714293de3836 5296
ashleymills 0:714293de3836 5297 return &meth;
ashleymills 0:714293de3836 5298 }
ashleymills 0:714293de3836 5299
ashleymills 0:714293de3836 5300
ashleymills 0:714293de3836 5301 CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int closeF)
ashleymills 0:714293de3836 5302 {
ashleymills 0:714293de3836 5303 CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
ashleymills 0:714293de3836 5304 DYNAMIC_TYPE_OPENSSL);
ashleymills 0:714293de3836 5305
ashleymills 0:714293de3836 5306 CYASSL_ENTER("BIO_new_socket");
ashleymills 0:714293de3836 5307 if (bio) {
ashleymills 0:714293de3836 5308 bio->type = BIO_SOCKET;
ashleymills 0:714293de3836 5309 bio->close = (byte)closeF;
ashleymills 0:714293de3836 5310 bio->eof = 0;
ashleymills 0:714293de3836 5311 bio->ssl = 0;
ashleymills 0:714293de3836 5312 bio->fd = sfd;
ashleymills 0:714293de3836 5313 bio->prev = 0;
ashleymills 0:714293de3836 5314 bio->next = 0;
ashleymills 0:714293de3836 5315 bio->mem = NULL;
ashleymills 0:714293de3836 5316 bio->memLen = 0;
ashleymills 0:714293de3836 5317 }
ashleymills 0:714293de3836 5318 return bio;
ashleymills 0:714293de3836 5319 }
ashleymills 0:714293de3836 5320
ashleymills 0:714293de3836 5321
ashleymills 0:714293de3836 5322 int CyaSSL_BIO_eof(CYASSL_BIO* b)
ashleymills 0:714293de3836 5323 {
ashleymills 0:714293de3836 5324 CYASSL_ENTER("BIO_eof");
ashleymills 0:714293de3836 5325 if (b->eof)
ashleymills 0:714293de3836 5326 return 1;
ashleymills 0:714293de3836 5327
ashleymills 0:714293de3836 5328 return 0;
ashleymills 0:714293de3836 5329 }
ashleymills 0:714293de3836 5330
ashleymills 0:714293de3836 5331
ashleymills 0:714293de3836 5332 long CyaSSL_BIO_set_ssl(CYASSL_BIO* b, CYASSL* ssl, int closeF)
ashleymills 0:714293de3836 5333 {
ashleymills 0:714293de3836 5334 CYASSL_ENTER("BIO_set_ssl");
ashleymills 0:714293de3836 5335 b->ssl = ssl;
ashleymills 0:714293de3836 5336 b->close = (byte)closeF;
ashleymills 0:714293de3836 5337 /* add to ssl for bio free if SSL_free called before/instead of free_all? */
ashleymills 0:714293de3836 5338
ashleymills 0:714293de3836 5339 return 0;
ashleymills 0:714293de3836 5340 }
ashleymills 0:714293de3836 5341
ashleymills 0:714293de3836 5342
ashleymills 0:714293de3836 5343 CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD* method)
ashleymills 0:714293de3836 5344 {
ashleymills 0:714293de3836 5345 CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
ashleymills 0:714293de3836 5346 DYNAMIC_TYPE_OPENSSL);
ashleymills 0:714293de3836 5347 CYASSL_ENTER("BIO_new");
ashleymills 0:714293de3836 5348 if (bio) {
ashleymills 0:714293de3836 5349 bio->type = method->type;
ashleymills 0:714293de3836 5350 bio->close = 0;
ashleymills 0:714293de3836 5351 bio->eof = 0;
ashleymills 0:714293de3836 5352 bio->ssl = NULL;
ashleymills 0:714293de3836 5353 bio->mem = NULL;
ashleymills 0:714293de3836 5354 bio->memLen = 0;
ashleymills 0:714293de3836 5355 bio->fd = 0;
ashleymills 0:714293de3836 5356 bio->prev = NULL;
ashleymills 0:714293de3836 5357 bio->next = NULL;
ashleymills 0:714293de3836 5358 }
ashleymills 0:714293de3836 5359 return bio;
ashleymills 0:714293de3836 5360 }
ashleymills 0:714293de3836 5361
ashleymills 0:714293de3836 5362
ashleymills 0:714293de3836 5363 int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio, const byte** p)
ashleymills 0:714293de3836 5364 {
ashleymills 0:714293de3836 5365 if (bio == NULL || p == NULL)
ashleymills 0:714293de3836 5366 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 5367
ashleymills 0:714293de3836 5368 *p = bio->mem;
ashleymills 0:714293de3836 5369
ashleymills 0:714293de3836 5370 return bio->memLen;
ashleymills 0:714293de3836 5371 }
ashleymills 0:714293de3836 5372
ashleymills 0:714293de3836 5373
ashleymills 0:714293de3836 5374 CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len)
ashleymills 0:714293de3836 5375 {
ashleymills 0:714293de3836 5376 CYASSL_BIO* bio = NULL;
ashleymills 0:714293de3836 5377 if (buf == NULL)
ashleymills 0:714293de3836 5378 return bio;
ashleymills 0:714293de3836 5379
ashleymills 0:714293de3836 5380 bio = CyaSSL_BIO_new(CyaSSL_BIO_s_mem());
ashleymills 0:714293de3836 5381 if (bio == NULL)
ashleymills 0:714293de3836 5382 return bio;
ashleymills 0:714293de3836 5383
ashleymills 0:714293de3836 5384 bio->memLen = len;
ashleymills 0:714293de3836 5385 bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
ashleymills 0:714293de3836 5386 if (bio->mem == NULL) {
ashleymills 0:714293de3836 5387 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
ashleymills 0:714293de3836 5388 return NULL;
ashleymills 0:714293de3836 5389 }
ashleymills 0:714293de3836 5390
ashleymills 0:714293de3836 5391 XMEMCPY(bio->mem, buf, len);
ashleymills 0:714293de3836 5392
ashleymills 0:714293de3836 5393 return bio;
ashleymills 0:714293de3836 5394 }
ashleymills 0:714293de3836 5395
ashleymills 0:714293de3836 5396
ashleymills 0:714293de3836 5397 #ifdef USE_WINDOWS_API
ashleymills 0:714293de3836 5398 #define CloseSocket(s) closesocket(s)
ashleymills 0:714293de3836 5399 #elif defined(CYASSL_MDK_ARM)
ashleymills 0:714293de3836 5400 #define CloseSocket(s) closesocket(s)
ashleymills 0:714293de3836 5401 #else
ashleymills 0:714293de3836 5402 #define CloseSocket(s) close(s)
ashleymills 0:714293de3836 5403 #endif
ashleymills 0:714293de3836 5404
ashleymills 0:714293de3836 5405 int CyaSSL_BIO_free(CYASSL_BIO* bio)
ashleymills 0:714293de3836 5406 {
ashleymills 0:714293de3836 5407 /* unchain?, doesn't matter in goahead since from free all */
ashleymills 0:714293de3836 5408 CYASSL_ENTER("BIO_free");
ashleymills 0:714293de3836 5409 if (bio) {
ashleymills 0:714293de3836 5410 if (bio->close) {
ashleymills 0:714293de3836 5411 if (bio->ssl)
ashleymills 0:714293de3836 5412 CyaSSL_free(bio->ssl);
ashleymills 0:714293de3836 5413 if (bio->fd)
ashleymills 0:714293de3836 5414 CloseSocket(bio->fd);
ashleymills 0:714293de3836 5415 }
ashleymills 0:714293de3836 5416 if (bio->mem)
ashleymills 0:714293de3836 5417 XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL);
ashleymills 0:714293de3836 5418 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
ashleymills 0:714293de3836 5419 }
ashleymills 0:714293de3836 5420 return 0;
ashleymills 0:714293de3836 5421 }
ashleymills 0:714293de3836 5422
ashleymills 0:714293de3836 5423
ashleymills 0:714293de3836 5424 int CyaSSL_BIO_free_all(CYASSL_BIO* bio)
ashleymills 0:714293de3836 5425 {
ashleymills 0:714293de3836 5426 CYASSL_ENTER("BIO_free_all");
ashleymills 0:714293de3836 5427 while (bio) {
ashleymills 0:714293de3836 5428 CYASSL_BIO* next = bio->next;
ashleymills 0:714293de3836 5429 CyaSSL_BIO_free(bio);
ashleymills 0:714293de3836 5430 bio = next;
ashleymills 0:714293de3836 5431 }
ashleymills 0:714293de3836 5432 return 0;
ashleymills 0:714293de3836 5433 }
ashleymills 0:714293de3836 5434
ashleymills 0:714293de3836 5435
ashleymills 0:714293de3836 5436 int CyaSSL_BIO_read(CYASSL_BIO* bio, void* buf, int len)
ashleymills 0:714293de3836 5437 {
ashleymills 0:714293de3836 5438 int ret;
ashleymills 0:714293de3836 5439 CYASSL* ssl = 0;
ashleymills 0:714293de3836 5440 CYASSL_BIO* front = bio;
ashleymills 0:714293de3836 5441
ashleymills 0:714293de3836 5442 CYASSL_ENTER("BIO_read");
ashleymills 0:714293de3836 5443 /* already got eof, again is error */
ashleymills 0:714293de3836 5444 if (front->eof)
ashleymills 0:714293de3836 5445 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 5446
ashleymills 0:714293de3836 5447 while(bio && ((ssl = bio->ssl) == 0) )
ashleymills 0:714293de3836 5448 bio = bio->next;
ashleymills 0:714293de3836 5449
ashleymills 0:714293de3836 5450 if (ssl == 0) return BAD_FUNC_ARG;
ashleymills 0:714293de3836 5451
ashleymills 0:714293de3836 5452 ret = CyaSSL_read(ssl, buf, len);
ashleymills 0:714293de3836 5453 if (ret == 0)
ashleymills 0:714293de3836 5454 front->eof = 1;
ashleymills 0:714293de3836 5455 else if (ret < 0) {
ashleymills 0:714293de3836 5456 int err = CyaSSL_get_error(ssl, 0);
ashleymills 0:714293de3836 5457 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
ashleymills 0:714293de3836 5458 front->eof = 1;
ashleymills 0:714293de3836 5459 }
ashleymills 0:714293de3836 5460 return ret;
ashleymills 0:714293de3836 5461 }
ashleymills 0:714293de3836 5462
ashleymills 0:714293de3836 5463
ashleymills 0:714293de3836 5464 int CyaSSL_BIO_write(CYASSL_BIO* bio, const void* data, int len)
ashleymills 0:714293de3836 5465 {
ashleymills 0:714293de3836 5466 int ret;
ashleymills 0:714293de3836 5467 CYASSL* ssl = 0;
ashleymills 0:714293de3836 5468 CYASSL_BIO* front = bio;
ashleymills 0:714293de3836 5469
ashleymills 0:714293de3836 5470 CYASSL_ENTER("BIO_write");
ashleymills 0:714293de3836 5471 /* already got eof, again is error */
ashleymills 0:714293de3836 5472 if (front->eof)
ashleymills 0:714293de3836 5473 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 5474
ashleymills 0:714293de3836 5475 while(bio && ((ssl = bio->ssl) == 0) )
ashleymills 0:714293de3836 5476 bio = bio->next;
ashleymills 0:714293de3836 5477
ashleymills 0:714293de3836 5478 if (ssl == 0) return BAD_FUNC_ARG;
ashleymills 0:714293de3836 5479
ashleymills 0:714293de3836 5480 ret = CyaSSL_write(ssl, data, len);
ashleymills 0:714293de3836 5481 if (ret == 0)
ashleymills 0:714293de3836 5482 front->eof = 1;
ashleymills 0:714293de3836 5483 else if (ret < 0) {
ashleymills 0:714293de3836 5484 int err = CyaSSL_get_error(ssl, 0);
ashleymills 0:714293de3836 5485 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
ashleymills 0:714293de3836 5486 front->eof = 1;
ashleymills 0:714293de3836 5487 }
ashleymills 0:714293de3836 5488
ashleymills 0:714293de3836 5489 return ret;
ashleymills 0:714293de3836 5490 }
ashleymills 0:714293de3836 5491
ashleymills 0:714293de3836 5492
ashleymills 0:714293de3836 5493 CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO* top, CYASSL_BIO* append)
ashleymills 0:714293de3836 5494 {
ashleymills 0:714293de3836 5495 CYASSL_ENTER("BIO_push");
ashleymills 0:714293de3836 5496 top->next = append;
ashleymills 0:714293de3836 5497 append->prev = top;
ashleymills 0:714293de3836 5498
ashleymills 0:714293de3836 5499 return top;
ashleymills 0:714293de3836 5500 }
ashleymills 0:714293de3836 5501
ashleymills 0:714293de3836 5502
ashleymills 0:714293de3836 5503 int CyaSSL_BIO_flush(CYASSL_BIO* bio)
ashleymills 0:714293de3836 5504 {
ashleymills 0:714293de3836 5505 /* for CyaSSL no flushing needed */
ashleymills 0:714293de3836 5506 CYASSL_ENTER("BIO_flush");
ashleymills 0:714293de3836 5507 (void)bio;
ashleymills 0:714293de3836 5508 return 1;
ashleymills 0:714293de3836 5509 }
ashleymills 0:714293de3836 5510
ashleymills 0:714293de3836 5511
ashleymills 0:714293de3836 5512 #endif /* OPENSSL_EXTRA || GOAHEAD_WS */
ashleymills 0:714293de3836 5513
ashleymills 0:714293de3836 5514
ashleymills 0:714293de3836 5515 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
ashleymills 0:714293de3836 5516
ashleymills 0:714293de3836 5517 void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 5518 void* userdata)
ashleymills 0:714293de3836 5519 {
ashleymills 0:714293de3836 5520 CYASSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
ashleymills 0:714293de3836 5521 ctx->userdata = userdata;
ashleymills 0:714293de3836 5522 }
ashleymills 0:714293de3836 5523
ashleymills 0:714293de3836 5524
ashleymills 0:714293de3836 5525 void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX* ctx, pem_password_cb cb)
ashleymills 0:714293de3836 5526 {
ashleymills 0:714293de3836 5527 CYASSL_ENTER("SSL_CTX_set_default_passwd_cb");
ashleymills 0:714293de3836 5528 ctx->passwd_cb = cb;
ashleymills 0:714293de3836 5529 }
ashleymills 0:714293de3836 5530
ashleymills 0:714293de3836 5531 int CyaSSL_num_locks(void)
ashleymills 0:714293de3836 5532 {
ashleymills 0:714293de3836 5533 return 0;
ashleymills 0:714293de3836 5534 }
ashleymills 0:714293de3836 5535
ashleymills 0:714293de3836 5536 void CyaSSL_set_locking_callback(void (*f)(int, int, const char*, int))
ashleymills 0:714293de3836 5537 {
ashleymills 0:714293de3836 5538 (void)f;
ashleymills 0:714293de3836 5539 }
ashleymills 0:714293de3836 5540
ashleymills 0:714293de3836 5541 void CyaSSL_set_id_callback(unsigned long (*f)(void))
ashleymills 0:714293de3836 5542 {
ashleymills 0:714293de3836 5543 (void)f;
ashleymills 0:714293de3836 5544 }
ashleymills 0:714293de3836 5545
ashleymills 0:714293de3836 5546 unsigned long CyaSSL_ERR_get_error(void)
ashleymills 0:714293de3836 5547 {
ashleymills 0:714293de3836 5548 /* TODO: */
ashleymills 0:714293de3836 5549 return 0;
ashleymills 0:714293de3836 5550 }
ashleymills 0:714293de3836 5551
ashleymills 0:714293de3836 5552 int CyaSSL_EVP_BytesToKey(const CYASSL_EVP_CIPHER* type,
ashleymills 0:714293de3836 5553 const CYASSL_EVP_MD* md, const byte* salt,
ashleymills 0:714293de3836 5554 const byte* data, int sz, int count, byte* key, byte* iv)
ashleymills 0:714293de3836 5555 {
ashleymills 0:714293de3836 5556 int keyLen = 0;
ashleymills 0:714293de3836 5557 int ivLen = 0;
ashleymills 0:714293de3836 5558
ashleymills 0:714293de3836 5559 Md5 myMD;
ashleymills 0:714293de3836 5560 byte digest[MD5_DIGEST_SIZE];
ashleymills 0:714293de3836 5561
ashleymills 0:714293de3836 5562 int j;
ashleymills 0:714293de3836 5563 int keyLeft;
ashleymills 0:714293de3836 5564 int ivLeft;
ashleymills 0:714293de3836 5565 int keyOutput = 0;
ashleymills 0:714293de3836 5566
ashleymills 0:714293de3836 5567 CYASSL_ENTER("EVP_BytesToKey");
ashleymills 0:714293de3836 5568 InitMd5(&myMD);
ashleymills 0:714293de3836 5569
ashleymills 0:714293de3836 5570 /* only support MD5 for now */
ashleymills 0:714293de3836 5571 if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
ashleymills 0:714293de3836 5572
ashleymills 0:714293de3836 5573 /* only support CBC DES and AES for now */
ashleymills 0:714293de3836 5574 if (XSTRNCMP(type, "DES-CBC", 7) == 0) {
ashleymills 0:714293de3836 5575 keyLen = DES_KEY_SIZE;
ashleymills 0:714293de3836 5576 ivLen = DES_IV_SIZE;
ashleymills 0:714293de3836 5577 }
ashleymills 0:714293de3836 5578 else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) {
ashleymills 0:714293de3836 5579 keyLen = DES3_KEY_SIZE;
ashleymills 0:714293de3836 5580 ivLen = DES_IV_SIZE;
ashleymills 0:714293de3836 5581 }
ashleymills 0:714293de3836 5582 else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) {
ashleymills 0:714293de3836 5583 keyLen = AES_128_KEY_SIZE;
ashleymills 0:714293de3836 5584 ivLen = AES_IV_SIZE;
ashleymills 0:714293de3836 5585 }
ashleymills 0:714293de3836 5586 else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) {
ashleymills 0:714293de3836 5587 keyLen = AES_192_KEY_SIZE;
ashleymills 0:714293de3836 5588 ivLen = AES_IV_SIZE;
ashleymills 0:714293de3836 5589 }
ashleymills 0:714293de3836 5590 else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) {
ashleymills 0:714293de3836 5591 keyLen = AES_256_KEY_SIZE;
ashleymills 0:714293de3836 5592 ivLen = AES_IV_SIZE;
ashleymills 0:714293de3836 5593 }
ashleymills 0:714293de3836 5594 else
ashleymills 0:714293de3836 5595 return 0;
ashleymills 0:714293de3836 5596
ashleymills 0:714293de3836 5597 keyLeft = keyLen;
ashleymills 0:714293de3836 5598 ivLeft = ivLen;
ashleymills 0:714293de3836 5599
ashleymills 0:714293de3836 5600 while (keyOutput < (keyLen + ivLen)) {
ashleymills 0:714293de3836 5601 int digestLeft = MD5_DIGEST_SIZE;
ashleymills 0:714293de3836 5602 /* D_(i - 1) */
ashleymills 0:714293de3836 5603 if (keyOutput) /* first time D_0 is empty */
ashleymills 0:714293de3836 5604 Md5Update(&myMD, digest, MD5_DIGEST_SIZE);
ashleymills 0:714293de3836 5605 /* data */
ashleymills 0:714293de3836 5606 Md5Update(&myMD, data, sz);
ashleymills 0:714293de3836 5607 /* salt */
ashleymills 0:714293de3836 5608 if (salt)
ashleymills 0:714293de3836 5609 Md5Update(&myMD, salt, EVP_SALT_SIZE);
ashleymills 0:714293de3836 5610 Md5Final(&myMD, digest);
ashleymills 0:714293de3836 5611 /* count */
ashleymills 0:714293de3836 5612 for (j = 1; j < count; j++) {
ashleymills 0:714293de3836 5613 Md5Update(&myMD, digest, MD5_DIGEST_SIZE);
ashleymills 0:714293de3836 5614 Md5Final(&myMD, digest);
ashleymills 0:714293de3836 5615 }
ashleymills 0:714293de3836 5616
ashleymills 0:714293de3836 5617 if (keyLeft) {
ashleymills 0:714293de3836 5618 int store = min(keyLeft, MD5_DIGEST_SIZE);
ashleymills 0:714293de3836 5619 XMEMCPY(&key[keyLen - keyLeft], digest, store);
ashleymills 0:714293de3836 5620
ashleymills 0:714293de3836 5621 keyOutput += store;
ashleymills 0:714293de3836 5622 keyLeft -= store;
ashleymills 0:714293de3836 5623 digestLeft -= store;
ashleymills 0:714293de3836 5624 }
ashleymills 0:714293de3836 5625
ashleymills 0:714293de3836 5626 if (ivLeft && digestLeft) {
ashleymills 0:714293de3836 5627 int store = min(ivLeft, digestLeft);
ashleymills 0:714293de3836 5628 XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE -
ashleymills 0:714293de3836 5629 digestLeft], store);
ashleymills 0:714293de3836 5630 keyOutput += store;
ashleymills 0:714293de3836 5631 ivLeft -= store;
ashleymills 0:714293de3836 5632 }
ashleymills 0:714293de3836 5633 }
ashleymills 0:714293de3836 5634 if (keyOutput != (keyLen + ivLen))
ashleymills 0:714293de3836 5635 return 0;
ashleymills 0:714293de3836 5636 return keyOutput;
ashleymills 0:714293de3836 5637 }
ashleymills 0:714293de3836 5638
ashleymills 0:714293de3836 5639 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
ashleymills 0:714293de3836 5640
ashleymills 0:714293de3836 5641
ashleymills 0:714293de3836 5642 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 5643
ashleymills 0:714293de3836 5644 unsigned long CyaSSLeay(void)
ashleymills 0:714293de3836 5645 {
ashleymills 0:714293de3836 5646 return SSLEAY_VERSION_NUMBER;
ashleymills 0:714293de3836 5647 }
ashleymills 0:714293de3836 5648
ashleymills 0:714293de3836 5649
ashleymills 0:714293de3836 5650 const char* CyaSSLeay_version(int type)
ashleymills 0:714293de3836 5651 {
ashleymills 0:714293de3836 5652 static const char* version = "SSLeay CyaSSL compatibility";
ashleymills 0:714293de3836 5653 (void)type;
ashleymills 0:714293de3836 5654 return version;
ashleymills 0:714293de3836 5655 }
ashleymills 0:714293de3836 5656
ashleymills 0:714293de3836 5657
ashleymills 0:714293de3836 5658 void CyaSSL_MD5_Init(CYASSL_MD5_CTX* md5)
ashleymills 0:714293de3836 5659 {
ashleymills 0:714293de3836 5660 typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
ashleymills 0:714293de3836 5661 (void)sizeof(md5_test);
ashleymills 0:714293de3836 5662
ashleymills 0:714293de3836 5663 CYASSL_ENTER("MD5_Init");
ashleymills 0:714293de3836 5664 InitMd5((Md5*)md5);
ashleymills 0:714293de3836 5665 }
ashleymills 0:714293de3836 5666
ashleymills 0:714293de3836 5667
ashleymills 0:714293de3836 5668 void CyaSSL_MD5_Update(CYASSL_MD5_CTX* md5, const void* input,
ashleymills 0:714293de3836 5669 unsigned long sz)
ashleymills 0:714293de3836 5670 {
ashleymills 0:714293de3836 5671 CYASSL_ENTER("CyaSSL_MD5_Update");
ashleymills 0:714293de3836 5672 Md5Update((Md5*)md5, (const byte*)input, (word32)sz);
ashleymills 0:714293de3836 5673 }
ashleymills 0:714293de3836 5674
ashleymills 0:714293de3836 5675
ashleymills 0:714293de3836 5676 void CyaSSL_MD5_Final(byte* input, CYASSL_MD5_CTX* md5)
ashleymills 0:714293de3836 5677 {
ashleymills 0:714293de3836 5678 CYASSL_ENTER("MD5_Final");
ashleymills 0:714293de3836 5679 Md5Final((Md5*)md5, input);
ashleymills 0:714293de3836 5680 }
ashleymills 0:714293de3836 5681
ashleymills 0:714293de3836 5682
ashleymills 0:714293de3836 5683 void CyaSSL_SHA_Init(CYASSL_SHA_CTX* sha)
ashleymills 0:714293de3836 5684 {
ashleymills 0:714293de3836 5685 typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
ashleymills 0:714293de3836 5686 (void)sizeof(sha_test);
ashleymills 0:714293de3836 5687
ashleymills 0:714293de3836 5688 CYASSL_ENTER("SHA_Init");
ashleymills 0:714293de3836 5689 InitSha((Sha*)sha);
ashleymills 0:714293de3836 5690 }
ashleymills 0:714293de3836 5691
ashleymills 0:714293de3836 5692
ashleymills 0:714293de3836 5693 void CyaSSL_SHA_Update(CYASSL_SHA_CTX* sha, const void* input,
ashleymills 0:714293de3836 5694 unsigned long sz)
ashleymills 0:714293de3836 5695 {
ashleymills 0:714293de3836 5696 CYASSL_ENTER("SHA_Update");
ashleymills 0:714293de3836 5697 ShaUpdate((Sha*)sha, (const byte*)input, (word32)sz);
ashleymills 0:714293de3836 5698 }
ashleymills 0:714293de3836 5699
ashleymills 0:714293de3836 5700
ashleymills 0:714293de3836 5701 void CyaSSL_SHA_Final(byte* input, CYASSL_SHA_CTX* sha)
ashleymills 0:714293de3836 5702 {
ashleymills 0:714293de3836 5703 CYASSL_ENTER("SHA_Final");
ashleymills 0:714293de3836 5704 ShaFinal((Sha*)sha, input);
ashleymills 0:714293de3836 5705 }
ashleymills 0:714293de3836 5706
ashleymills 0:714293de3836 5707
ashleymills 0:714293de3836 5708 void CyaSSL_SHA1_Init(CYASSL_SHA_CTX* sha)
ashleymills 0:714293de3836 5709 {
ashleymills 0:714293de3836 5710 CYASSL_ENTER("SHA1_Init");
ashleymills 0:714293de3836 5711 SHA_Init(sha);
ashleymills 0:714293de3836 5712 }
ashleymills 0:714293de3836 5713
ashleymills 0:714293de3836 5714
ashleymills 0:714293de3836 5715 void CyaSSL_SHA1_Update(CYASSL_SHA_CTX* sha, const void* input,
ashleymills 0:714293de3836 5716 unsigned long sz)
ashleymills 0:714293de3836 5717 {
ashleymills 0:714293de3836 5718 CYASSL_ENTER("SHA1_Update");
ashleymills 0:714293de3836 5719 SHA_Update(sha, input, sz);
ashleymills 0:714293de3836 5720 }
ashleymills 0:714293de3836 5721
ashleymills 0:714293de3836 5722
ashleymills 0:714293de3836 5723 void CyaSSL_SHA1_Final(byte* input, CYASSL_SHA_CTX* sha)
ashleymills 0:714293de3836 5724 {
ashleymills 0:714293de3836 5725 CYASSL_ENTER("SHA1_Final");
ashleymills 0:714293de3836 5726 SHA_Final(input, sha);
ashleymills 0:714293de3836 5727 }
ashleymills 0:714293de3836 5728
ashleymills 0:714293de3836 5729
ashleymills 0:714293de3836 5730 void CyaSSL_SHA256_Init(CYASSL_SHA256_CTX* sha256)
ashleymills 0:714293de3836 5731 {
ashleymills 0:714293de3836 5732 typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
ashleymills 0:714293de3836 5733 (void)sizeof(sha_test);
ashleymills 0:714293de3836 5734
ashleymills 0:714293de3836 5735 CYASSL_ENTER("SHA256_Init");
ashleymills 0:714293de3836 5736 InitSha256((Sha256*)sha256);
ashleymills 0:714293de3836 5737 }
ashleymills 0:714293de3836 5738
ashleymills 0:714293de3836 5739
ashleymills 0:714293de3836 5740 void CyaSSL_SHA256_Update(CYASSL_SHA256_CTX* sha, const void* input,
ashleymills 0:714293de3836 5741 unsigned long sz)
ashleymills 0:714293de3836 5742 {
ashleymills 0:714293de3836 5743 CYASSL_ENTER("SHA256_Update");
ashleymills 0:714293de3836 5744 Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz);
ashleymills 0:714293de3836 5745 }
ashleymills 0:714293de3836 5746
ashleymills 0:714293de3836 5747
ashleymills 0:714293de3836 5748 void CyaSSL_SHA256_Final(byte* input, CYASSL_SHA256_CTX* sha)
ashleymills 0:714293de3836 5749 {
ashleymills 0:714293de3836 5750 CYASSL_ENTER("SHA256_Final");
ashleymills 0:714293de3836 5751 Sha256Final((Sha256*)sha, input);
ashleymills 0:714293de3836 5752 }
ashleymills 0:714293de3836 5753
ashleymills 0:714293de3836 5754
ashleymills 0:714293de3836 5755 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 5756
ashleymills 0:714293de3836 5757 void CyaSSL_SHA384_Init(CYASSL_SHA384_CTX* sha)
ashleymills 0:714293de3836 5758 {
ashleymills 0:714293de3836 5759 typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
ashleymills 0:714293de3836 5760 (void)sizeof(sha_test);
ashleymills 0:714293de3836 5761
ashleymills 0:714293de3836 5762 CYASSL_ENTER("SHA384_Init");
ashleymills 0:714293de3836 5763 InitSha384((Sha384*)sha);
ashleymills 0:714293de3836 5764 }
ashleymills 0:714293de3836 5765
ashleymills 0:714293de3836 5766
ashleymills 0:714293de3836 5767 void CyaSSL_SHA384_Update(CYASSL_SHA384_CTX* sha, const void* input,
ashleymills 0:714293de3836 5768 unsigned long sz)
ashleymills 0:714293de3836 5769 {
ashleymills 0:714293de3836 5770 CYASSL_ENTER("SHA384_Update");
ashleymills 0:714293de3836 5771 Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz);
ashleymills 0:714293de3836 5772 }
ashleymills 0:714293de3836 5773
ashleymills 0:714293de3836 5774
ashleymills 0:714293de3836 5775 void CyaSSL_SHA384_Final(byte* input, CYASSL_SHA384_CTX* sha)
ashleymills 0:714293de3836 5776 {
ashleymills 0:714293de3836 5777 CYASSL_ENTER("SHA384_Final");
ashleymills 0:714293de3836 5778 Sha384Final((Sha384*)sha, input);
ashleymills 0:714293de3836 5779 }
ashleymills 0:714293de3836 5780
ashleymills 0:714293de3836 5781 #endif /* CYASSL_SHA384 */
ashleymills 0:714293de3836 5782
ashleymills 0:714293de3836 5783
ashleymills 0:714293de3836 5784 #ifdef CYASSL_SHA512
ashleymills 0:714293de3836 5785
ashleymills 0:714293de3836 5786 void CyaSSL_SHA512_Init(CYASSL_SHA512_CTX* sha)
ashleymills 0:714293de3836 5787 {
ashleymills 0:714293de3836 5788 typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
ashleymills 0:714293de3836 5789 (void)sizeof(sha_test);
ashleymills 0:714293de3836 5790
ashleymills 0:714293de3836 5791 CYASSL_ENTER("SHA512_Init");
ashleymills 0:714293de3836 5792 InitSha512((Sha512*)sha);
ashleymills 0:714293de3836 5793 }
ashleymills 0:714293de3836 5794
ashleymills 0:714293de3836 5795
ashleymills 0:714293de3836 5796 void CyaSSL_SHA512_Update(CYASSL_SHA512_CTX* sha, const void* input,
ashleymills 0:714293de3836 5797 unsigned long sz)
ashleymills 0:714293de3836 5798 {
ashleymills 0:714293de3836 5799 CYASSL_ENTER("SHA512_Update");
ashleymills 0:714293de3836 5800 Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz);
ashleymills 0:714293de3836 5801 }
ashleymills 0:714293de3836 5802
ashleymills 0:714293de3836 5803
ashleymills 0:714293de3836 5804 void CyaSSL_SHA512_Final(byte* input, CYASSL_SHA512_CTX* sha)
ashleymills 0:714293de3836 5805 {
ashleymills 0:714293de3836 5806 CYASSL_ENTER("SHA512_Final");
ashleymills 0:714293de3836 5807 Sha512Final((Sha512*)sha, input);
ashleymills 0:714293de3836 5808 }
ashleymills 0:714293de3836 5809
ashleymills 0:714293de3836 5810 #endif /* CYASSL_SHA512 */
ashleymills 0:714293de3836 5811
ashleymills 0:714293de3836 5812
ashleymills 0:714293de3836 5813 const CYASSL_EVP_MD* CyaSSL_EVP_md5(void)
ashleymills 0:714293de3836 5814 {
ashleymills 0:714293de3836 5815 static const char* type = "MD5";
ashleymills 0:714293de3836 5816 CYASSL_ENTER("EVP_md5");
ashleymills 0:714293de3836 5817 return type;
ashleymills 0:714293de3836 5818 }
ashleymills 0:714293de3836 5819
ashleymills 0:714293de3836 5820
ashleymills 0:714293de3836 5821 const CYASSL_EVP_MD* CyaSSL_EVP_sha1(void)
ashleymills 0:714293de3836 5822 {
ashleymills 0:714293de3836 5823 static const char* type = "SHA";
ashleymills 0:714293de3836 5824 CYASSL_ENTER("EVP_sha1");
ashleymills 0:714293de3836 5825 return type;
ashleymills 0:714293de3836 5826 }
ashleymills 0:714293de3836 5827
ashleymills 0:714293de3836 5828
ashleymills 0:714293de3836 5829 const CYASSL_EVP_MD* CyaSSL_EVP_sha256(void)
ashleymills 0:714293de3836 5830 {
ashleymills 0:714293de3836 5831 static const char* type = "SHA256";
ashleymills 0:714293de3836 5832 CYASSL_ENTER("EVP_sha256");
ashleymills 0:714293de3836 5833 return type;
ashleymills 0:714293de3836 5834 }
ashleymills 0:714293de3836 5835
ashleymills 0:714293de3836 5836 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 5837
ashleymills 0:714293de3836 5838 const CYASSL_EVP_MD* CyaSSL_EVP_sha384(void)
ashleymills 0:714293de3836 5839 {
ashleymills 0:714293de3836 5840 static const char* type = "SHA384";
ashleymills 0:714293de3836 5841 CYASSL_ENTER("EVP_sha384");
ashleymills 0:714293de3836 5842 return type;
ashleymills 0:714293de3836 5843 }
ashleymills 0:714293de3836 5844
ashleymills 0:714293de3836 5845 #endif /* CYASSL_SHA384 */
ashleymills 0:714293de3836 5846
ashleymills 0:714293de3836 5847 #ifdef CYASSL_SHA512
ashleymills 0:714293de3836 5848
ashleymills 0:714293de3836 5849 const CYASSL_EVP_MD* CyaSSL_EVP_sha512(void)
ashleymills 0:714293de3836 5850 {
ashleymills 0:714293de3836 5851 static const char* type = "SHA512";
ashleymills 0:714293de3836 5852 CYASSL_ENTER("EVP_sha512");
ashleymills 0:714293de3836 5853 return type;
ashleymills 0:714293de3836 5854 }
ashleymills 0:714293de3836 5855
ashleymills 0:714293de3836 5856 #endif /* CYASSL_SHA512 */
ashleymills 0:714293de3836 5857
ashleymills 0:714293de3836 5858
ashleymills 0:714293de3836 5859 void CyaSSL_EVP_MD_CTX_init(CYASSL_EVP_MD_CTX* ctx)
ashleymills 0:714293de3836 5860 {
ashleymills 0:714293de3836 5861 CYASSL_ENTER("EVP_CIPHER_MD_CTX_init");
ashleymills 0:714293de3836 5862 (void)ctx;
ashleymills 0:714293de3836 5863 /* do nothing */
ashleymills 0:714293de3836 5864 }
ashleymills 0:714293de3836 5865
ashleymills 0:714293de3836 5866
ashleymills 0:714293de3836 5867 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_cbc(void)
ashleymills 0:714293de3836 5868 {
ashleymills 0:714293de3836 5869 static const char* type = "AES128-CBC";
ashleymills 0:714293de3836 5870 CYASSL_ENTER("CyaSSL_EVP_aes_128_cbc");
ashleymills 0:714293de3836 5871 return type;
ashleymills 0:714293de3836 5872 }
ashleymills 0:714293de3836 5873
ashleymills 0:714293de3836 5874
ashleymills 0:714293de3836 5875 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_cbc(void)
ashleymills 0:714293de3836 5876 {
ashleymills 0:714293de3836 5877 static const char* type = "AES192-CBC";
ashleymills 0:714293de3836 5878 CYASSL_ENTER("CyaSSL_EVP_aes_192_cbc");
ashleymills 0:714293de3836 5879 return type;
ashleymills 0:714293de3836 5880 }
ashleymills 0:714293de3836 5881
ashleymills 0:714293de3836 5882
ashleymills 0:714293de3836 5883 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_cbc(void)
ashleymills 0:714293de3836 5884 {
ashleymills 0:714293de3836 5885 static const char* type = "AES256-CBC";
ashleymills 0:714293de3836 5886 CYASSL_ENTER("CyaSSL_EVP_aes_256_cbc");
ashleymills 0:714293de3836 5887 return type;
ashleymills 0:714293de3836 5888 }
ashleymills 0:714293de3836 5889
ashleymills 0:714293de3836 5890
ashleymills 0:714293de3836 5891 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_ctr(void)
ashleymills 0:714293de3836 5892 {
ashleymills 0:714293de3836 5893 static const char* type = "AES128-CTR";
ashleymills 0:714293de3836 5894 CYASSL_ENTER("CyaSSL_EVP_aes_128_ctr");
ashleymills 0:714293de3836 5895 return type;
ashleymills 0:714293de3836 5896 }
ashleymills 0:714293de3836 5897
ashleymills 0:714293de3836 5898
ashleymills 0:714293de3836 5899 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_ctr(void)
ashleymills 0:714293de3836 5900 {
ashleymills 0:714293de3836 5901 static const char* type = "AES192-CTR";
ashleymills 0:714293de3836 5902 CYASSL_ENTER("CyaSSL_EVP_aes_192_ctr");
ashleymills 0:714293de3836 5903 return type;
ashleymills 0:714293de3836 5904 }
ashleymills 0:714293de3836 5905
ashleymills 0:714293de3836 5906
ashleymills 0:714293de3836 5907 const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_ctr(void)
ashleymills 0:714293de3836 5908 {
ashleymills 0:714293de3836 5909 static const char* type = "AES256-CTR";
ashleymills 0:714293de3836 5910 CYASSL_ENTER("CyaSSL_EVP_aes_256_ctr");
ashleymills 0:714293de3836 5911 return type;
ashleymills 0:714293de3836 5912 }
ashleymills 0:714293de3836 5913
ashleymills 0:714293de3836 5914
ashleymills 0:714293de3836 5915 const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_cbc(void)
ashleymills 0:714293de3836 5916 {
ashleymills 0:714293de3836 5917 static const char* type = "DES-CBC";
ashleymills 0:714293de3836 5918 CYASSL_ENTER("CyaSSL_EVP_des_cbc");
ashleymills 0:714293de3836 5919 return type;
ashleymills 0:714293de3836 5920 }
ashleymills 0:714293de3836 5921
ashleymills 0:714293de3836 5922
ashleymills 0:714293de3836 5923 const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_ede3_cbc(void)
ashleymills 0:714293de3836 5924 {
ashleymills 0:714293de3836 5925 static const char* type = "DES-EDE3-CBC";
ashleymills 0:714293de3836 5926 CYASSL_ENTER("CyaSSL_EVP_des_ede3_cbc");
ashleymills 0:714293de3836 5927 return type;
ashleymills 0:714293de3836 5928 }
ashleymills 0:714293de3836 5929
ashleymills 0:714293de3836 5930
ashleymills 0:714293de3836 5931 const CYASSL_EVP_CIPHER* CyaSSL_EVP_rc4(void)
ashleymills 0:714293de3836 5932 {
ashleymills 0:714293de3836 5933 static const char* type = "ARC4";
ashleymills 0:714293de3836 5934 CYASSL_ENTER("CyaSSL_EVP_rc4");
ashleymills 0:714293de3836 5935 return type;
ashleymills 0:714293de3836 5936 }
ashleymills 0:714293de3836 5937
ashleymills 0:714293de3836 5938
ashleymills 0:714293de3836 5939 const CYASSL_EVP_CIPHER* CyaSSL_EVP_enc_null(void)
ashleymills 0:714293de3836 5940 {
ashleymills 0:714293de3836 5941 static const char* type = "NULL";
ashleymills 0:714293de3836 5942 CYASSL_ENTER("CyaSSL_EVP_enc_null");
ashleymills 0:714293de3836 5943 return type;
ashleymills 0:714293de3836 5944 }
ashleymills 0:714293de3836 5945
ashleymills 0:714293de3836 5946
ashleymills 0:714293de3836 5947 int CyaSSL_EVP_MD_CTX_cleanup(CYASSL_EVP_MD_CTX* ctx)
ashleymills 0:714293de3836 5948 {
ashleymills 0:714293de3836 5949 CYASSL_ENTER("EVP_MD_CTX_cleanup");
ashleymills 0:714293de3836 5950 (void)ctx;
ashleymills 0:714293de3836 5951 return 0;
ashleymills 0:714293de3836 5952 }
ashleymills 0:714293de3836 5953
ashleymills 0:714293de3836 5954
ashleymills 0:714293de3836 5955
ashleymills 0:714293de3836 5956 void CyaSSL_EVP_CIPHER_CTX_init(CYASSL_EVP_CIPHER_CTX* ctx)
ashleymills 0:714293de3836 5957 {
ashleymills 0:714293de3836 5958 CYASSL_ENTER("EVP_CIPHER_CTX_init");
ashleymills 0:714293de3836 5959 if (ctx) {
ashleymills 0:714293de3836 5960 ctx->cipherType = 0xff; /* no init */
ashleymills 0:714293de3836 5961 ctx->keyLen = 0;
ashleymills 0:714293de3836 5962 ctx->enc = 1; /* start in encrypt mode */
ashleymills 0:714293de3836 5963 }
ashleymills 0:714293de3836 5964 }
ashleymills 0:714293de3836 5965
ashleymills 0:714293de3836 5966
ashleymills 0:714293de3836 5967 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 5968 int CyaSSL_EVP_CIPHER_CTX_cleanup(CYASSL_EVP_CIPHER_CTX* ctx)
ashleymills 0:714293de3836 5969 {
ashleymills 0:714293de3836 5970 CYASSL_ENTER("EVP_CIPHER_CTX_cleanup");
ashleymills 0:714293de3836 5971 if (ctx) {
ashleymills 0:714293de3836 5972 ctx->cipherType = 0xff; /* no more init */
ashleymills 0:714293de3836 5973 ctx->keyLen = 0;
ashleymills 0:714293de3836 5974 }
ashleymills 0:714293de3836 5975
ashleymills 0:714293de3836 5976 return SSL_SUCCESS;
ashleymills 0:714293de3836 5977 }
ashleymills 0:714293de3836 5978
ashleymills 0:714293de3836 5979
ashleymills 0:714293de3836 5980 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 5981 int CyaSSL_EVP_CipherInit(CYASSL_EVP_CIPHER_CTX* ctx,
ashleymills 0:714293de3836 5982 const CYASSL_EVP_CIPHER* type, byte* key,
ashleymills 0:714293de3836 5983 byte* iv, int enc)
ashleymills 0:714293de3836 5984 {
ashleymills 0:714293de3836 5985 CYASSL_ENTER("CyaSSL_EVP_CipherInit");
ashleymills 0:714293de3836 5986 if (ctx == NULL) {
ashleymills 0:714293de3836 5987 CYASSL_MSG("no ctx");
ashleymills 0:714293de3836 5988 return 0; /* failure */
ashleymills 0:714293de3836 5989 }
ashleymills 0:714293de3836 5990
ashleymills 0:714293de3836 5991 if (type == NULL && ctx->cipherType == 0xff) {
ashleymills 0:714293de3836 5992 CYASSL_MSG("no type set");
ashleymills 0:714293de3836 5993 return 0; /* failure */
ashleymills 0:714293de3836 5994 }
ashleymills 0:714293de3836 5995
ashleymills 0:714293de3836 5996 if (ctx->cipherType == AES_128_CBC_TYPE || (type &&
ashleymills 0:714293de3836 5997 XSTRNCMP(type, "AES128-CBC", 10) == 0)) {
ashleymills 0:714293de3836 5998 CYASSL_MSG("AES-128-CBC");
ashleymills 0:714293de3836 5999 ctx->cipherType = AES_128_CBC_TYPE;
ashleymills 0:714293de3836 6000 ctx->keyLen = 16;
ashleymills 0:714293de3836 6001 if (enc == 0 || enc == 1)
ashleymills 0:714293de3836 6002 ctx->enc = enc ? 1 : 0;
ashleymills 0:714293de3836 6003 if (key)
ashleymills 0:714293de3836 6004 AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ashleymills 0:714293de3836 6005 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
ashleymills 0:714293de3836 6006 if (iv && key == NULL)
ashleymills 0:714293de3836 6007 AesSetIV(&ctx->cipher.aes, iv);
ashleymills 0:714293de3836 6008 }
ashleymills 0:714293de3836 6009 else if (ctx->cipherType == AES_192_CBC_TYPE || (type &&
ashleymills 0:714293de3836 6010 XSTRNCMP(type, "AES192-CBC", 10) == 0)) {
ashleymills 0:714293de3836 6011 CYASSL_MSG("AES-192-CBC");
ashleymills 0:714293de3836 6012 ctx->cipherType = AES_192_CBC_TYPE;
ashleymills 0:714293de3836 6013 ctx->keyLen = 24;
ashleymills 0:714293de3836 6014 if (enc == 0 || enc == 1)
ashleymills 0:714293de3836 6015 ctx->enc = enc ? 1 : 0;
ashleymills 0:714293de3836 6016 if (key)
ashleymills 0:714293de3836 6017 AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ashleymills 0:714293de3836 6018 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
ashleymills 0:714293de3836 6019 if (iv && key == NULL)
ashleymills 0:714293de3836 6020 AesSetIV(&ctx->cipher.aes, iv);
ashleymills 0:714293de3836 6021 }
ashleymills 0:714293de3836 6022 else if (ctx->cipherType == AES_256_CBC_TYPE || (type &&
ashleymills 0:714293de3836 6023 XSTRNCMP(type, "AES256-CBC", 10) == 0)) {
ashleymills 0:714293de3836 6024 CYASSL_MSG("AES-256-CBC");
ashleymills 0:714293de3836 6025 ctx->cipherType = AES_256_CBC_TYPE;
ashleymills 0:714293de3836 6026 ctx->keyLen = 32;
ashleymills 0:714293de3836 6027 if (enc == 0 || enc == 1)
ashleymills 0:714293de3836 6028 ctx->enc = enc ? 1 : 0;
ashleymills 0:714293de3836 6029 if (key)
ashleymills 0:714293de3836 6030 AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ashleymills 0:714293de3836 6031 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
ashleymills 0:714293de3836 6032 if (iv && key == NULL)
ashleymills 0:714293de3836 6033 AesSetIV(&ctx->cipher.aes, iv);
ashleymills 0:714293de3836 6034 }
ashleymills 0:714293de3836 6035 #ifdef CYASSL_AES_COUNTER
ashleymills 0:714293de3836 6036 else if (ctx->cipherType == AES_128_CTR_TYPE || (type &&
ashleymills 0:714293de3836 6037 XSTRNCMP(type, "AES128-CTR", 10) == 0)) {
ashleymills 0:714293de3836 6038 CYASSL_MSG("AES-128-CTR");
ashleymills 0:714293de3836 6039 ctx->cipherType = AES_128_CTR_TYPE;
ashleymills 0:714293de3836 6040 ctx->keyLen = 16;
ashleymills 0:714293de3836 6041 if (enc == 0 || enc == 1)
ashleymills 0:714293de3836 6042 ctx->enc = enc ? 1 : 0;
ashleymills 0:714293de3836 6043 if (key)
ashleymills 0:714293de3836 6044 AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ashleymills 0:714293de3836 6045 AES_ENCRYPTION);
ashleymills 0:714293de3836 6046 if (iv && key == NULL)
ashleymills 0:714293de3836 6047 AesSetIV(&ctx->cipher.aes, iv);
ashleymills 0:714293de3836 6048 }
ashleymills 0:714293de3836 6049 else if (ctx->cipherType == AES_192_CTR_TYPE || (type &&
ashleymills 0:714293de3836 6050 XSTRNCMP(type, "AES192-CTR", 10) == 0)) {
ashleymills 0:714293de3836 6051 CYASSL_MSG("AES-192-CTR");
ashleymills 0:714293de3836 6052 ctx->cipherType = AES_192_CTR_TYPE;
ashleymills 0:714293de3836 6053 ctx->keyLen = 24;
ashleymills 0:714293de3836 6054 if (enc == 0 || enc == 1)
ashleymills 0:714293de3836 6055 ctx->enc = enc ? 1 : 0;
ashleymills 0:714293de3836 6056 if (key)
ashleymills 0:714293de3836 6057 AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ashleymills 0:714293de3836 6058 AES_ENCRYPTION);
ashleymills 0:714293de3836 6059 if (iv && key == NULL)
ashleymills 0:714293de3836 6060 AesSetIV(&ctx->cipher.aes, iv);
ashleymills 0:714293de3836 6061 }
ashleymills 0:714293de3836 6062 else if (ctx->cipherType == AES_256_CTR_TYPE || (type &&
ashleymills 0:714293de3836 6063 XSTRNCMP(type, "AES256-CTR", 10) == 0)) {
ashleymills 0:714293de3836 6064 CYASSL_MSG("AES-256-CTR");
ashleymills 0:714293de3836 6065 ctx->cipherType = AES_256_CTR_TYPE;
ashleymills 0:714293de3836 6066 ctx->keyLen = 32;
ashleymills 0:714293de3836 6067 if (enc == 0 || enc == 1)
ashleymills 0:714293de3836 6068 ctx->enc = enc ? 1 : 0;
ashleymills 0:714293de3836 6069 if (key)
ashleymills 0:714293de3836 6070 AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ashleymills 0:714293de3836 6071 AES_ENCRYPTION);
ashleymills 0:714293de3836 6072 if (iv && key == NULL)
ashleymills 0:714293de3836 6073 AesSetIV(&ctx->cipher.aes, iv);
ashleymills 0:714293de3836 6074 }
ashleymills 0:714293de3836 6075 #endif /* CYASSL_AES_CTR */
ashleymills 0:714293de3836 6076 else if (ctx->cipherType == DES_CBC_TYPE || (type &&
ashleymills 0:714293de3836 6077 XSTRNCMP(type, "DES-CBC", 7) == 0)) {
ashleymills 0:714293de3836 6078 CYASSL_MSG("DES-CBC");
ashleymills 0:714293de3836 6079 ctx->cipherType = DES_CBC_TYPE;
ashleymills 0:714293de3836 6080 ctx->keyLen = 8;
ashleymills 0:714293de3836 6081 if (enc == 0 || enc == 1)
ashleymills 0:714293de3836 6082 ctx->enc = enc ? 1 : 0;
ashleymills 0:714293de3836 6083 if (key)
ashleymills 0:714293de3836 6084 Des_SetKey(&ctx->cipher.des, key, iv,
ashleymills 0:714293de3836 6085 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
ashleymills 0:714293de3836 6086 if (iv && key == NULL)
ashleymills 0:714293de3836 6087 Des_SetIV(&ctx->cipher.des, iv);
ashleymills 0:714293de3836 6088 }
ashleymills 0:714293de3836 6089 else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type &&
ashleymills 0:714293de3836 6090 XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) {
ashleymills 0:714293de3836 6091 CYASSL_MSG("DES-EDE3-CBC");
ashleymills 0:714293de3836 6092 ctx->cipherType = DES_EDE3_CBC_TYPE;
ashleymills 0:714293de3836 6093 ctx->keyLen = 24;
ashleymills 0:714293de3836 6094 if (enc == 0 || enc == 1)
ashleymills 0:714293de3836 6095 ctx->enc = enc ? 1 : 0;
ashleymills 0:714293de3836 6096 if (key)
ashleymills 0:714293de3836 6097 Des3_SetKey(&ctx->cipher.des3, key, iv,
ashleymills 0:714293de3836 6098 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
ashleymills 0:714293de3836 6099 if (iv && key == NULL)
ashleymills 0:714293de3836 6100 Des3_SetIV(&ctx->cipher.des3, iv);
ashleymills 0:714293de3836 6101 }
ashleymills 0:714293de3836 6102 else if (ctx->cipherType == ARC4_TYPE || (type &&
ashleymills 0:714293de3836 6103 XSTRNCMP(type, "ARC4", 4) == 0)) {
ashleymills 0:714293de3836 6104 CYASSL_MSG("ARC4");
ashleymills 0:714293de3836 6105 ctx->cipherType = ARC4_TYPE;
ashleymills 0:714293de3836 6106 if (ctx->keyLen == 0) /* user may have already set */
ashleymills 0:714293de3836 6107 ctx->keyLen = 16; /* default to 128 */
ashleymills 0:714293de3836 6108 if (key)
ashleymills 0:714293de3836 6109 Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
ashleymills 0:714293de3836 6110 }
ashleymills 0:714293de3836 6111 else if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
ashleymills 0:714293de3836 6112 XSTRNCMP(type, "NULL", 4) == 0)) {
ashleymills 0:714293de3836 6113 CYASSL_MSG("NULL cipher");
ashleymills 0:714293de3836 6114 ctx->cipherType = NULL_CIPHER_TYPE;
ashleymills 0:714293de3836 6115 ctx->keyLen = 0;
ashleymills 0:714293de3836 6116 }
ashleymills 0:714293de3836 6117 else
ashleymills 0:714293de3836 6118 return 0; /* failure */
ashleymills 0:714293de3836 6119
ashleymills 0:714293de3836 6120
ashleymills 0:714293de3836 6121 return SSL_SUCCESS;
ashleymills 0:714293de3836 6122 }
ashleymills 0:714293de3836 6123
ashleymills 0:714293de3836 6124
ashleymills 0:714293de3836 6125 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 6126 int CyaSSL_EVP_CIPHER_CTX_key_length(CYASSL_EVP_CIPHER_CTX* ctx)
ashleymills 0:714293de3836 6127 {
ashleymills 0:714293de3836 6128 CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_key_length");
ashleymills 0:714293de3836 6129 if (ctx)
ashleymills 0:714293de3836 6130 return ctx->keyLen;
ashleymills 0:714293de3836 6131
ashleymills 0:714293de3836 6132 return 0; /* failure */
ashleymills 0:714293de3836 6133 }
ashleymills 0:714293de3836 6134
ashleymills 0:714293de3836 6135
ashleymills 0:714293de3836 6136 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 6137 int CyaSSL_EVP_CIPHER_CTX_set_key_length(CYASSL_EVP_CIPHER_CTX* ctx,
ashleymills 0:714293de3836 6138 int keylen)
ashleymills 0:714293de3836 6139 {
ashleymills 0:714293de3836 6140 CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_set_key_length");
ashleymills 0:714293de3836 6141 if (ctx)
ashleymills 0:714293de3836 6142 ctx->keyLen = keylen;
ashleymills 0:714293de3836 6143 else
ashleymills 0:714293de3836 6144 return 0; /* failure */
ashleymills 0:714293de3836 6145
ashleymills 0:714293de3836 6146 return SSL_SUCCESS;
ashleymills 0:714293de3836 6147 }
ashleymills 0:714293de3836 6148
ashleymills 0:714293de3836 6149
ashleymills 0:714293de3836 6150 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 6151 int CyaSSL_EVP_Cipher(CYASSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
ashleymills 0:714293de3836 6152 word32 len)
ashleymills 0:714293de3836 6153 {
ashleymills 0:714293de3836 6154 int ret = 0;
ashleymills 0:714293de3836 6155 CYASSL_ENTER("CyaSSL_EVP_Cipher");
ashleymills 0:714293de3836 6156
ashleymills 0:714293de3836 6157 if (ctx == NULL || dst == NULL || src == NULL) {
ashleymills 0:714293de3836 6158 CYASSL_MSG("Bad function argument");
ashleymills 0:714293de3836 6159 return 0; /* failure */
ashleymills 0:714293de3836 6160 }
ashleymills 0:714293de3836 6161
ashleymills 0:714293de3836 6162 if (ctx->cipherType == 0xff) {
ashleymills 0:714293de3836 6163 CYASSL_MSG("no init");
ashleymills 0:714293de3836 6164 return 0; /* failure */
ashleymills 0:714293de3836 6165 }
ashleymills 0:714293de3836 6166
ashleymills 0:714293de3836 6167 switch (ctx->cipherType) {
ashleymills 0:714293de3836 6168
ashleymills 0:714293de3836 6169 case AES_128_CBC_TYPE :
ashleymills 0:714293de3836 6170 case AES_192_CBC_TYPE :
ashleymills 0:714293de3836 6171 case AES_256_CBC_TYPE :
ashleymills 0:714293de3836 6172 CYASSL_MSG("AES CBC");
ashleymills 0:714293de3836 6173 if (ctx->enc)
ashleymills 0:714293de3836 6174 ret = AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
ashleymills 0:714293de3836 6175 else
ashleymills 0:714293de3836 6176 ret = AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
ashleymills 0:714293de3836 6177 break;
ashleymills 0:714293de3836 6178
ashleymills 0:714293de3836 6179 #ifdef CYASSL_AES_COUNTER
ashleymills 0:714293de3836 6180 case AES_128_CTR_TYPE :
ashleymills 0:714293de3836 6181 case AES_192_CTR_TYPE :
ashleymills 0:714293de3836 6182 case AES_256_CTR_TYPE :
ashleymills 0:714293de3836 6183 CYASSL_MSG("AES CTR");
ashleymills 0:714293de3836 6184 AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
ashleymills 0:714293de3836 6185 break;
ashleymills 0:714293de3836 6186 #endif
ashleymills 0:714293de3836 6187
ashleymills 0:714293de3836 6188 case DES_CBC_TYPE :
ashleymills 0:714293de3836 6189 if (ctx->enc)
ashleymills 0:714293de3836 6190 Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
ashleymills 0:714293de3836 6191 else
ashleymills 0:714293de3836 6192 Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
ashleymills 0:714293de3836 6193 break;
ashleymills 0:714293de3836 6194
ashleymills 0:714293de3836 6195 case DES_EDE3_CBC_TYPE :
ashleymills 0:714293de3836 6196 if (ctx->enc)
ashleymills 0:714293de3836 6197 Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
ashleymills 0:714293de3836 6198 else
ashleymills 0:714293de3836 6199 Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
ashleymills 0:714293de3836 6200 break;
ashleymills 0:714293de3836 6201
ashleymills 0:714293de3836 6202 case ARC4_TYPE :
ashleymills 0:714293de3836 6203 Arc4Process(&ctx->cipher.arc4, dst, src, len);
ashleymills 0:714293de3836 6204 break;
ashleymills 0:714293de3836 6205
ashleymills 0:714293de3836 6206 case NULL_CIPHER_TYPE :
ashleymills 0:714293de3836 6207 XMEMCPY(dst, src, len);
ashleymills 0:714293de3836 6208 break;
ashleymills 0:714293de3836 6209
ashleymills 0:714293de3836 6210 default: {
ashleymills 0:714293de3836 6211 CYASSL_MSG("bad type");
ashleymills 0:714293de3836 6212 return 0; /* failure */
ashleymills 0:714293de3836 6213 }
ashleymills 0:714293de3836 6214 }
ashleymills 0:714293de3836 6215
ashleymills 0:714293de3836 6216 if (ret != 0) {
ashleymills 0:714293de3836 6217 CYASSL_MSG("CyaSSL_EVP_Cipher failure");
ashleymills 0:714293de3836 6218 return 0; /* failuer */
ashleymills 0:714293de3836 6219 }
ashleymills 0:714293de3836 6220
ashleymills 0:714293de3836 6221 CYASSL_MSG("CyaSSL_EVP_Cipher success");
ashleymills 0:714293de3836 6222 return SSL_SUCCESS; /* success */
ashleymills 0:714293de3836 6223 }
ashleymills 0:714293de3836 6224
ashleymills 0:714293de3836 6225
ashleymills 0:714293de3836 6226 /* store for external read of iv, SSL_SUCCESS on success */
ashleymills 0:714293de3836 6227 int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
ashleymills 0:714293de3836 6228 {
ashleymills 0:714293de3836 6229 CYASSL_ENTER("CyaSSL_StoreExternalIV");
ashleymills 0:714293de3836 6230
ashleymills 0:714293de3836 6231 if (ctx == NULL) {
ashleymills 0:714293de3836 6232 CYASSL_MSG("Bad function argument");
ashleymills 0:714293de3836 6233 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 6234 }
ashleymills 0:714293de3836 6235
ashleymills 0:714293de3836 6236 switch (ctx->cipherType) {
ashleymills 0:714293de3836 6237
ashleymills 0:714293de3836 6238 case AES_128_CBC_TYPE :
ashleymills 0:714293de3836 6239 case AES_192_CBC_TYPE :
ashleymills 0:714293de3836 6240 case AES_256_CBC_TYPE :
ashleymills 0:714293de3836 6241 CYASSL_MSG("AES CBC");
ashleymills 0:714293de3836 6242 memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
ashleymills 0:714293de3836 6243 break;
ashleymills 0:714293de3836 6244
ashleymills 0:714293de3836 6245 #ifdef CYASSL_AES_COUNTER
ashleymills 0:714293de3836 6246 case AES_128_CTR_TYPE :
ashleymills 0:714293de3836 6247 case AES_192_CTR_TYPE :
ashleymills 0:714293de3836 6248 case AES_256_CTR_TYPE :
ashleymills 0:714293de3836 6249 CYASSL_MSG("AES CTR");
ashleymills 0:714293de3836 6250 memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
ashleymills 0:714293de3836 6251 break;
ashleymills 0:714293de3836 6252 #endif
ashleymills 0:714293de3836 6253
ashleymills 0:714293de3836 6254 case DES_CBC_TYPE :
ashleymills 0:714293de3836 6255 CYASSL_MSG("DES CBC");
ashleymills 0:714293de3836 6256 memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
ashleymills 0:714293de3836 6257 break;
ashleymills 0:714293de3836 6258
ashleymills 0:714293de3836 6259 case DES_EDE3_CBC_TYPE :
ashleymills 0:714293de3836 6260 CYASSL_MSG("DES EDE3 CBC");
ashleymills 0:714293de3836 6261 memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
ashleymills 0:714293de3836 6262 break;
ashleymills 0:714293de3836 6263
ashleymills 0:714293de3836 6264 case ARC4_TYPE :
ashleymills 0:714293de3836 6265 CYASSL_MSG("ARC4");
ashleymills 0:714293de3836 6266 break;
ashleymills 0:714293de3836 6267
ashleymills 0:714293de3836 6268 case NULL_CIPHER_TYPE :
ashleymills 0:714293de3836 6269 CYASSL_MSG("NULL");
ashleymills 0:714293de3836 6270 break;
ashleymills 0:714293de3836 6271
ashleymills 0:714293de3836 6272 default: {
ashleymills 0:714293de3836 6273 CYASSL_MSG("bad type");
ashleymills 0:714293de3836 6274 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 6275 }
ashleymills 0:714293de3836 6276 }
ashleymills 0:714293de3836 6277 return SSL_SUCCESS;
ashleymills 0:714293de3836 6278 }
ashleymills 0:714293de3836 6279
ashleymills 0:714293de3836 6280
ashleymills 0:714293de3836 6281 /* set internal IV from external, SSL_SUCCESS on success */
ashleymills 0:714293de3836 6282 int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
ashleymills 0:714293de3836 6283 {
ashleymills 0:714293de3836 6284
ashleymills 0:714293de3836 6285 CYASSL_ENTER("CyaSSL_SetInternalIV");
ashleymills 0:714293de3836 6286
ashleymills 0:714293de3836 6287 if (ctx == NULL) {
ashleymills 0:714293de3836 6288 CYASSL_MSG("Bad function argument");
ashleymills 0:714293de3836 6289 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 6290 }
ashleymills 0:714293de3836 6291
ashleymills 0:714293de3836 6292 switch (ctx->cipherType) {
ashleymills 0:714293de3836 6293
ashleymills 0:714293de3836 6294 case AES_128_CBC_TYPE :
ashleymills 0:714293de3836 6295 case AES_192_CBC_TYPE :
ashleymills 0:714293de3836 6296 case AES_256_CBC_TYPE :
ashleymills 0:714293de3836 6297 CYASSL_MSG("AES CBC");
ashleymills 0:714293de3836 6298 memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
ashleymills 0:714293de3836 6299 break;
ashleymills 0:714293de3836 6300
ashleymills 0:714293de3836 6301 #ifdef CYASSL_AES_COUNTER
ashleymills 0:714293de3836 6302 case AES_128_CTR_TYPE :
ashleymills 0:714293de3836 6303 case AES_192_CTR_TYPE :
ashleymills 0:714293de3836 6304 case AES_256_CTR_TYPE :
ashleymills 0:714293de3836 6305 CYASSL_MSG("AES CTR");
ashleymills 0:714293de3836 6306 memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
ashleymills 0:714293de3836 6307 break;
ashleymills 0:714293de3836 6308 #endif
ashleymills 0:714293de3836 6309
ashleymills 0:714293de3836 6310 case DES_CBC_TYPE :
ashleymills 0:714293de3836 6311 CYASSL_MSG("DES CBC");
ashleymills 0:714293de3836 6312 memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
ashleymills 0:714293de3836 6313 break;
ashleymills 0:714293de3836 6314
ashleymills 0:714293de3836 6315 case DES_EDE3_CBC_TYPE :
ashleymills 0:714293de3836 6316 CYASSL_MSG("DES EDE3 CBC");
ashleymills 0:714293de3836 6317 memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
ashleymills 0:714293de3836 6318 break;
ashleymills 0:714293de3836 6319
ashleymills 0:714293de3836 6320 case ARC4_TYPE :
ashleymills 0:714293de3836 6321 CYASSL_MSG("ARC4");
ashleymills 0:714293de3836 6322 break;
ashleymills 0:714293de3836 6323
ashleymills 0:714293de3836 6324 case NULL_CIPHER_TYPE :
ashleymills 0:714293de3836 6325 CYASSL_MSG("NULL");
ashleymills 0:714293de3836 6326 break;
ashleymills 0:714293de3836 6327
ashleymills 0:714293de3836 6328 default: {
ashleymills 0:714293de3836 6329 CYASSL_MSG("bad type");
ashleymills 0:714293de3836 6330 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 6331 }
ashleymills 0:714293de3836 6332 }
ashleymills 0:714293de3836 6333 return SSL_SUCCESS;
ashleymills 0:714293de3836 6334 }
ashleymills 0:714293de3836 6335
ashleymills 0:714293de3836 6336
ashleymills 0:714293de3836 6337 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 6338 int CyaSSL_EVP_DigestInit(CYASSL_EVP_MD_CTX* ctx, const CYASSL_EVP_MD* type)
ashleymills 0:714293de3836 6339 {
ashleymills 0:714293de3836 6340 CYASSL_ENTER("EVP_DigestInit");
ashleymills 0:714293de3836 6341 if (XSTRNCMP(type, "MD5", 3) == 0) {
ashleymills 0:714293de3836 6342 ctx->macType = MD5;
ashleymills 0:714293de3836 6343 CyaSSL_MD5_Init((MD5_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6344 }
ashleymills 0:714293de3836 6345 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
ashleymills 0:714293de3836 6346 ctx->macType = SHA256;
ashleymills 0:714293de3836 6347 CyaSSL_SHA256_Init((SHA256_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6348 }
ashleymills 0:714293de3836 6349 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 6350 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
ashleymills 0:714293de3836 6351 ctx->macType = SHA384;
ashleymills 0:714293de3836 6352 CyaSSL_SHA384_Init((SHA384_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6353 }
ashleymills 0:714293de3836 6354 #endif
ashleymills 0:714293de3836 6355 #ifdef CYASSL_SHA512
ashleymills 0:714293de3836 6356 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
ashleymills 0:714293de3836 6357 ctx->macType = SHA512;
ashleymills 0:714293de3836 6358 CyaSSL_SHA512_Init((SHA512_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6359 }
ashleymills 0:714293de3836 6360 #endif
ashleymills 0:714293de3836 6361 /* has to be last since would pick or 256, 384, or 512 too */
ashleymills 0:714293de3836 6362 else if (XSTRNCMP(type, "SHA", 3) == 0) {
ashleymills 0:714293de3836 6363 ctx->macType = SHA;
ashleymills 0:714293de3836 6364 CyaSSL_SHA_Init((SHA_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6365 }
ashleymills 0:714293de3836 6366 else
ashleymills 0:714293de3836 6367 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 6368
ashleymills 0:714293de3836 6369 return SSL_SUCCESS;
ashleymills 0:714293de3836 6370 }
ashleymills 0:714293de3836 6371
ashleymills 0:714293de3836 6372
ashleymills 0:714293de3836 6373 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 6374 int CyaSSL_EVP_DigestUpdate(CYASSL_EVP_MD_CTX* ctx, const void* data,
ashleymills 0:714293de3836 6375 unsigned long sz)
ashleymills 0:714293de3836 6376 {
ashleymills 0:714293de3836 6377 CYASSL_ENTER("EVP_DigestUpdate");
ashleymills 0:714293de3836 6378 if (ctx->macType == MD5)
ashleymills 0:714293de3836 6379 CyaSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz);
ashleymills 0:714293de3836 6380 else if (ctx->macType == SHA)
ashleymills 0:714293de3836 6381 CyaSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz);
ashleymills 0:714293de3836 6382 else if (ctx->macType == SHA256)
ashleymills 0:714293de3836 6383 CyaSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
ashleymills 0:714293de3836 6384 (unsigned long)sz);
ashleymills 0:714293de3836 6385 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 6386 else if (ctx->macType == SHA384)
ashleymills 0:714293de3836 6387 CyaSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
ashleymills 0:714293de3836 6388 (unsigned long)sz);
ashleymills 0:714293de3836 6389 #endif
ashleymills 0:714293de3836 6390 #ifdef CYASSL_SHA512
ashleymills 0:714293de3836 6391 else if (ctx->macType == SHA512)
ashleymills 0:714293de3836 6392 CyaSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
ashleymills 0:714293de3836 6393 (unsigned long)sz);
ashleymills 0:714293de3836 6394 #endif
ashleymills 0:714293de3836 6395 else
ashleymills 0:714293de3836 6396 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 6397
ashleymills 0:714293de3836 6398 return SSL_SUCCESS;
ashleymills 0:714293de3836 6399 }
ashleymills 0:714293de3836 6400
ashleymills 0:714293de3836 6401
ashleymills 0:714293de3836 6402 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 6403 int CyaSSL_EVP_DigestFinal(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
ashleymills 0:714293de3836 6404 unsigned int* s)
ashleymills 0:714293de3836 6405 {
ashleymills 0:714293de3836 6406 CYASSL_ENTER("EVP_DigestFinal");
ashleymills 0:714293de3836 6407 if (ctx->macType == MD5) {
ashleymills 0:714293de3836 6408 CyaSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6409 if (s) *s = MD5_DIGEST_SIZE;
ashleymills 0:714293de3836 6410 }
ashleymills 0:714293de3836 6411 else if (ctx->macType == SHA) {
ashleymills 0:714293de3836 6412 CyaSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6413 if (s) *s = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 6414 }
ashleymills 0:714293de3836 6415 else if (ctx->macType == SHA256) {
ashleymills 0:714293de3836 6416 CyaSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6417 if (s) *s = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 6418 }
ashleymills 0:714293de3836 6419 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 6420 else if (ctx->macType == SHA384) {
ashleymills 0:714293de3836 6421 CyaSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6422 if (s) *s = SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 6423 }
ashleymills 0:714293de3836 6424 #endif
ashleymills 0:714293de3836 6425 #ifdef CYASSL_SHA512
ashleymills 0:714293de3836 6426 else if (ctx->macType == SHA512) {
ashleymills 0:714293de3836 6427 CyaSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
ashleymills 0:714293de3836 6428 if (s) *s = SHA512_DIGEST_SIZE;
ashleymills 0:714293de3836 6429 }
ashleymills 0:714293de3836 6430 #endif
ashleymills 0:714293de3836 6431 else
ashleymills 0:714293de3836 6432 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 6433
ashleymills 0:714293de3836 6434 return SSL_SUCCESS;
ashleymills 0:714293de3836 6435 }
ashleymills 0:714293de3836 6436
ashleymills 0:714293de3836 6437
ashleymills 0:714293de3836 6438 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 6439 int CyaSSL_EVP_DigestFinal_ex(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
ashleymills 0:714293de3836 6440 unsigned int* s)
ashleymills 0:714293de3836 6441 {
ashleymills 0:714293de3836 6442 CYASSL_ENTER("EVP_DigestFinal_ex");
ashleymills 0:714293de3836 6443 return EVP_DigestFinal(ctx, md, s);
ashleymills 0:714293de3836 6444 }
ashleymills 0:714293de3836 6445
ashleymills 0:714293de3836 6446
ashleymills 0:714293de3836 6447 unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md, const void* key,
ashleymills 0:714293de3836 6448 int key_len, const unsigned char* d, int n,
ashleymills 0:714293de3836 6449 unsigned char* md, unsigned int* md_len)
ashleymills 0:714293de3836 6450 {
ashleymills 0:714293de3836 6451 Hmac hmac;
ashleymills 0:714293de3836 6452
ashleymills 0:714293de3836 6453 CYASSL_ENTER("HMAC");
ashleymills 0:714293de3836 6454 if (!md) return 0; /* no static buffer support */
ashleymills 0:714293de3836 6455
ashleymills 0:714293de3836 6456 if (XSTRNCMP(evp_md, "MD5", 3) == 0) {
ashleymills 0:714293de3836 6457 HmacSetKey(&hmac, MD5, (const byte*)key, key_len);
ashleymills 0:714293de3836 6458 if (md_len) *md_len = MD5_DIGEST_SIZE;
ashleymills 0:714293de3836 6459 }
ashleymills 0:714293de3836 6460 else if (XSTRNCMP(evp_md, "SHA", 3) == 0) {
ashleymills 0:714293de3836 6461 HmacSetKey(&hmac, SHA, (const byte*)key, key_len);
ashleymills 0:714293de3836 6462 if (md_len) *md_len = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 6463 }
ashleymills 0:714293de3836 6464 else
ashleymills 0:714293de3836 6465 return 0;
ashleymills 0:714293de3836 6466
ashleymills 0:714293de3836 6467 HmacUpdate(&hmac, d, n);
ashleymills 0:714293de3836 6468 HmacFinal(&hmac, md);
ashleymills 0:714293de3836 6469
ashleymills 0:714293de3836 6470 return md;
ashleymills 0:714293de3836 6471 }
ashleymills 0:714293de3836 6472
ashleymills 0:714293de3836 6473 void CyaSSL_ERR_clear_error(void)
ashleymills 0:714293de3836 6474 {
ashleymills 0:714293de3836 6475 /* TODO: */
ashleymills 0:714293de3836 6476 }
ashleymills 0:714293de3836 6477
ashleymills 0:714293de3836 6478
ashleymills 0:714293de3836 6479 int CyaSSL_RAND_status(void)
ashleymills 0:714293de3836 6480 {
ashleymills 0:714293de3836 6481 return SSL_SUCCESS; /* CTaoCrypt provides enough seed internally */
ashleymills 0:714293de3836 6482 }
ashleymills 0:714293de3836 6483
ashleymills 0:714293de3836 6484
ashleymills 0:714293de3836 6485
ashleymills 0:714293de3836 6486 void CyaSSL_RAND_add(const void* add, int len, double entropy)
ashleymills 0:714293de3836 6487 {
ashleymills 0:714293de3836 6488 (void)add;
ashleymills 0:714293de3836 6489 (void)len;
ashleymills 0:714293de3836 6490 (void)entropy;
ashleymills 0:714293de3836 6491
ashleymills 0:714293de3836 6492 /* CyaSSL seeds/adds internally, use explicit RNG if you want
ashleymills 0:714293de3836 6493 to take control */
ashleymills 0:714293de3836 6494 }
ashleymills 0:714293de3836 6495
ashleymills 0:714293de3836 6496
ashleymills 0:714293de3836 6497 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 6498 int CyaSSL_DES_key_sched(CYASSL_const_DES_cblock* key,
ashleymills 0:714293de3836 6499 CYASSL_DES_key_schedule* schedule)
ashleymills 0:714293de3836 6500 {
ashleymills 0:714293de3836 6501 CYASSL_ENTER("DES_key_sched");
ashleymills 0:714293de3836 6502 XMEMCPY(schedule, key, sizeof(const_DES_cblock));
ashleymills 0:714293de3836 6503 return SSL_SUCCESS;
ashleymills 0:714293de3836 6504 }
ashleymills 0:714293de3836 6505
ashleymills 0:714293de3836 6506
ashleymills 0:714293de3836 6507 void CyaSSL_DES_cbc_encrypt(const unsigned char* input,
ashleymills 0:714293de3836 6508 unsigned char* output, long length,
ashleymills 0:714293de3836 6509 CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
ashleymills 0:714293de3836 6510 int enc)
ashleymills 0:714293de3836 6511 {
ashleymills 0:714293de3836 6512 Des myDes;
ashleymills 0:714293de3836 6513 CYASSL_ENTER("DES_cbc_encrypt");
ashleymills 0:714293de3836 6514 Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
ashleymills 0:714293de3836 6515
ashleymills 0:714293de3836 6516 if (enc)
ashleymills 0:714293de3836 6517 Des_CbcEncrypt(&myDes, output, input, (word32)length);
ashleymills 0:714293de3836 6518 else
ashleymills 0:714293de3836 6519 Des_CbcDecrypt(&myDes, output, input, (word32)length);
ashleymills 0:714293de3836 6520 }
ashleymills 0:714293de3836 6521
ashleymills 0:714293de3836 6522
ashleymills 0:714293de3836 6523 /* correctly sets ivec for next call */
ashleymills 0:714293de3836 6524 void CyaSSL_DES_ncbc_encrypt(const unsigned char* input,
ashleymills 0:714293de3836 6525 unsigned char* output, long length,
ashleymills 0:714293de3836 6526 CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
ashleymills 0:714293de3836 6527 int enc)
ashleymills 0:714293de3836 6528 {
ashleymills 0:714293de3836 6529 Des myDes;
ashleymills 0:714293de3836 6530 CYASSL_ENTER("DES_ncbc_encrypt");
ashleymills 0:714293de3836 6531 Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
ashleymills 0:714293de3836 6532
ashleymills 0:714293de3836 6533 if (enc)
ashleymills 0:714293de3836 6534 Des_CbcEncrypt(&myDes, output, input, (word32)length);
ashleymills 0:714293de3836 6535 else
ashleymills 0:714293de3836 6536 Des_CbcDecrypt(&myDes, output, input, (word32)length);
ashleymills 0:714293de3836 6537
ashleymills 0:714293de3836 6538 XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock));
ashleymills 0:714293de3836 6539 }
ashleymills 0:714293de3836 6540
ashleymills 0:714293de3836 6541
ashleymills 0:714293de3836 6542 void CyaSSL_ERR_free_strings(void)
ashleymills 0:714293de3836 6543 {
ashleymills 0:714293de3836 6544 /* handled internally */
ashleymills 0:714293de3836 6545 }
ashleymills 0:714293de3836 6546
ashleymills 0:714293de3836 6547
ashleymills 0:714293de3836 6548 void CyaSSL_ERR_remove_state(unsigned long state)
ashleymills 0:714293de3836 6549 {
ashleymills 0:714293de3836 6550 /* TODO: GetErrors().Remove(); */
ashleymills 0:714293de3836 6551 (void)state;
ashleymills 0:714293de3836 6552 }
ashleymills 0:714293de3836 6553
ashleymills 0:714293de3836 6554
ashleymills 0:714293de3836 6555 void CyaSSL_EVP_cleanup(void)
ashleymills 0:714293de3836 6556 {
ashleymills 0:714293de3836 6557 /* nothing to do here */
ashleymills 0:714293de3836 6558 }
ashleymills 0:714293de3836 6559
ashleymills 0:714293de3836 6560
ashleymills 0:714293de3836 6561 void CyaSSL_cleanup_all_ex_data(void)
ashleymills 0:714293de3836 6562 {
ashleymills 0:714293de3836 6563 /* nothing to do here */
ashleymills 0:714293de3836 6564 }
ashleymills 0:714293de3836 6565
ashleymills 0:714293de3836 6566
ashleymills 0:714293de3836 6567 long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode)
ashleymills 0:714293de3836 6568 {
ashleymills 0:714293de3836 6569 /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is CyaSSL default mode */
ashleymills 0:714293de3836 6570
ashleymills 0:714293de3836 6571 CYASSL_ENTER("SSL_CTX_set_mode");
ashleymills 0:714293de3836 6572 if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE)
ashleymills 0:714293de3836 6573 ctx->partialWrite = 1;
ashleymills 0:714293de3836 6574
ashleymills 0:714293de3836 6575 return mode;
ashleymills 0:714293de3836 6576 }
ashleymills 0:714293de3836 6577
ashleymills 0:714293de3836 6578
ashleymills 0:714293de3836 6579 long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 6580 {
ashleymills 0:714293de3836 6581 /* TODO: */
ashleymills 0:714293de3836 6582 (void)ctx;
ashleymills 0:714293de3836 6583 return 0;
ashleymills 0:714293de3836 6584 }
ashleymills 0:714293de3836 6585
ashleymills 0:714293de3836 6586
ashleymills 0:714293de3836 6587 void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m)
ashleymills 0:714293de3836 6588 {
ashleymills 0:714293de3836 6589 /* TODO: maybe? */
ashleymills 0:714293de3836 6590 (void)ctx;
ashleymills 0:714293de3836 6591 (void)m;
ashleymills 0:714293de3836 6592 }
ashleymills 0:714293de3836 6593
ashleymills 0:714293de3836 6594
ashleymills 0:714293de3836 6595 int CyaSSL_CTX_set_session_id_context(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 6596 const unsigned char* sid_ctx,
ashleymills 0:714293de3836 6597 unsigned int sid_ctx_len)
ashleymills 0:714293de3836 6598 {
ashleymills 0:714293de3836 6599 /* No application specific context needed for cyaSSL */
ashleymills 0:714293de3836 6600 (void)ctx;
ashleymills 0:714293de3836 6601 (void)sid_ctx;
ashleymills 0:714293de3836 6602 (void)sid_ctx_len;
ashleymills 0:714293de3836 6603 return SSL_SUCCESS;
ashleymills 0:714293de3836 6604 }
ashleymills 0:714293de3836 6605
ashleymills 0:714293de3836 6606
ashleymills 0:714293de3836 6607 long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 6608 {
ashleymills 0:714293de3836 6609 /* TODO: maybe? */
ashleymills 0:714293de3836 6610 (void)ctx;
ashleymills 0:714293de3836 6611 return (~0);
ashleymills 0:714293de3836 6612 }
ashleymills 0:714293de3836 6613
ashleymills 0:714293de3836 6614 unsigned long CyaSSL_ERR_get_error_line_data(const char** file, int* line,
ashleymills 0:714293de3836 6615 const char** data, int *flags)
ashleymills 0:714293de3836 6616 {
ashleymills 0:714293de3836 6617 /* Not implemented */
ashleymills 0:714293de3836 6618 (void)file;
ashleymills 0:714293de3836 6619 (void)line;
ashleymills 0:714293de3836 6620 (void)data;
ashleymills 0:714293de3836 6621 (void)flags;
ashleymills 0:714293de3836 6622 return 0;
ashleymills 0:714293de3836 6623 }
ashleymills 0:714293de3836 6624
ashleymills 0:714293de3836 6625 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 6626
ashleymills 0:714293de3836 6627
ashleymills 0:714293de3836 6628 #if defined(KEEP_PEER_CERT)
ashleymills 0:714293de3836 6629
ashleymills 0:714293de3836 6630 CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
ashleymills 0:714293de3836 6631 {
ashleymills 0:714293de3836 6632 CYASSL_ENTER("SSL_get_peer_certificate");
ashleymills 0:714293de3836 6633 if (ssl->peerCert.issuer.sz)
ashleymills 0:714293de3836 6634 return &ssl->peerCert;
ashleymills 0:714293de3836 6635 else
ashleymills 0:714293de3836 6636 return 0;
ashleymills 0:714293de3836 6637 }
ashleymills 0:714293de3836 6638
ashleymills 0:714293de3836 6639 #endif /* KEEP_PEER_CERT */
ashleymills 0:714293de3836 6640
ashleymills 0:714293de3836 6641
ashleymills 0:714293de3836 6642 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
ashleymills 0:714293de3836 6643
ashleymills 0:714293de3836 6644 void CyaSSL_FreeX509(CYASSL_X509* x509)
ashleymills 0:714293de3836 6645 {
ashleymills 0:714293de3836 6646 CYASSL_ENTER("CyaSSL_FreeX509");
ashleymills 0:714293de3836 6647 FreeX509(x509);
ashleymills 0:714293de3836 6648 }
ashleymills 0:714293de3836 6649
ashleymills 0:714293de3836 6650
ashleymills 0:714293de3836 6651 /* return the next, if any, altname from the peer cert */
ashleymills 0:714293de3836 6652 char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
ashleymills 0:714293de3836 6653 {
ashleymills 0:714293de3836 6654 char* ret = NULL;
ashleymills 0:714293de3836 6655 CYASSL_ENTER("CyaSSL_X509_get_next_altname");
ashleymills 0:714293de3836 6656
ashleymills 0:714293de3836 6657 /* don't have any to work with */
ashleymills 0:714293de3836 6658 if (cert == NULL || cert->altNames == NULL)
ashleymills 0:714293de3836 6659 return NULL;
ashleymills 0:714293de3836 6660
ashleymills 0:714293de3836 6661 /* already went through them */
ashleymills 0:714293de3836 6662 if (cert->altNamesNext == NULL)
ashleymills 0:714293de3836 6663 return NULL;
ashleymills 0:714293de3836 6664
ashleymills 0:714293de3836 6665 ret = cert->altNamesNext->name;
ashleymills 0:714293de3836 6666 cert->altNamesNext = cert->altNamesNext->next;
ashleymills 0:714293de3836 6667
ashleymills 0:714293de3836 6668 return ret;
ashleymills 0:714293de3836 6669 }
ashleymills 0:714293de3836 6670
ashleymills 0:714293de3836 6671
ashleymills 0:714293de3836 6672 CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
ashleymills 0:714293de3836 6673 {
ashleymills 0:714293de3836 6674 CYASSL_ENTER("X509_get_issuer_name");
ashleymills 0:714293de3836 6675 return &cert->issuer;
ashleymills 0:714293de3836 6676 }
ashleymills 0:714293de3836 6677
ashleymills 0:714293de3836 6678
ashleymills 0:714293de3836 6679 CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
ashleymills 0:714293de3836 6680 {
ashleymills 0:714293de3836 6681 CYASSL_ENTER("X509_get_subject_name");
ashleymills 0:714293de3836 6682 return &cert->subject;
ashleymills 0:714293de3836 6683 }
ashleymills 0:714293de3836 6684
ashleymills 0:714293de3836 6685
ashleymills 0:714293de3836 6686 /* copy name into in buffer, at most sz bytes, if buffer is null will
ashleymills 0:714293de3836 6687 malloc buffer, call responsible for freeing */
ashleymills 0:714293de3836 6688 char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
ashleymills 0:714293de3836 6689 {
ashleymills 0:714293de3836 6690 int copySz = min(sz, name->sz);
ashleymills 0:714293de3836 6691
ashleymills 0:714293de3836 6692 CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
ashleymills 0:714293de3836 6693 if (!name->sz) return in;
ashleymills 0:714293de3836 6694
ashleymills 0:714293de3836 6695 if (!in) {
ashleymills 0:714293de3836 6696 in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
ashleymills 0:714293de3836 6697 if (!in ) return in;
ashleymills 0:714293de3836 6698 copySz = name->sz;
ashleymills 0:714293de3836 6699 }
ashleymills 0:714293de3836 6700
ashleymills 0:714293de3836 6701 if (copySz == 0)
ashleymills 0:714293de3836 6702 return in;
ashleymills 0:714293de3836 6703
ashleymills 0:714293de3836 6704 XMEMCPY(in, name->name, copySz - 1);
ashleymills 0:714293de3836 6705 in[copySz - 1] = 0;
ashleymills 0:714293de3836 6706
ashleymills 0:714293de3836 6707 return in;
ashleymills 0:714293de3836 6708 }
ashleymills 0:714293de3836 6709
ashleymills 0:714293de3836 6710
ashleymills 0:714293de3836 6711 /* write X509 serial number in unsigned binary to buffer
ashleymills 0:714293de3836 6712 buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
ashleymills 0:714293de3836 6713 return SSL_SUCCESS on success */
ashleymills 0:714293de3836 6714 int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
ashleymills 0:714293de3836 6715 {
ashleymills 0:714293de3836 6716 CYASSL_ENTER("CyaSSL_X509_get_serial_number");
ashleymills 0:714293de3836 6717 if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz)
ashleymills 0:714293de3836 6718 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 6719
ashleymills 0:714293de3836 6720 XMEMCPY(in, x509->serial, x509->serialSz);
ashleymills 0:714293de3836 6721 *inOutSz = x509->serialSz;
ashleymills 0:714293de3836 6722
ashleymills 0:714293de3836 6723 return SSL_SUCCESS;
ashleymills 0:714293de3836 6724 }
ashleymills 0:714293de3836 6725
ashleymills 0:714293de3836 6726
ashleymills 0:714293de3836 6727 const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
ashleymills 0:714293de3836 6728 {
ashleymills 0:714293de3836 6729 CYASSL_ENTER("CyaSSL_X509_get_der");
ashleymills 0:714293de3836 6730
ashleymills 0:714293de3836 6731 if (x509 == NULL || outSz == NULL)
ashleymills 0:714293de3836 6732 return NULL;
ashleymills 0:714293de3836 6733
ashleymills 0:714293de3836 6734 *outSz = (int)x509->derCert.length;
ashleymills 0:714293de3836 6735 return x509->derCert.buffer;
ashleymills 0:714293de3836 6736 }
ashleymills 0:714293de3836 6737
ashleymills 0:714293de3836 6738 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
ashleymills 0:714293de3836 6739
ashleymills 0:714293de3836 6740
ashleymills 0:714293de3836 6741 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 6742 int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
ashleymills 0:714293de3836 6743 {
ashleymills 0:714293de3836 6744 #ifdef FORTRESS
ashleymills 0:714293de3836 6745 if (ssl != NULL && idx < MAX_EX_DATA)
ashleymills 0:714293de3836 6746 {
ashleymills 0:714293de3836 6747 ssl->ex_data[idx] = data;
ashleymills 0:714293de3836 6748 return SSL_SUCCESS;
ashleymills 0:714293de3836 6749 }
ashleymills 0:714293de3836 6750 #else
ashleymills 0:714293de3836 6751 (void)ssl;
ashleymills 0:714293de3836 6752 (void)idx;
ashleymills 0:714293de3836 6753 (void)data;
ashleymills 0:714293de3836 6754 #endif
ashleymills 0:714293de3836 6755 return SSL_FAILURE;
ashleymills 0:714293de3836 6756 }
ashleymills 0:714293de3836 6757
ashleymills 0:714293de3836 6758
ashleymills 0:714293de3836 6759 int CyaSSL_set_session_id_context(CYASSL* ssl, const unsigned char* id,
ashleymills 0:714293de3836 6760 unsigned int len)
ashleymills 0:714293de3836 6761 {
ashleymills 0:714293de3836 6762 (void)ssl;
ashleymills 0:714293de3836 6763 (void)id;
ashleymills 0:714293de3836 6764 (void)len;
ashleymills 0:714293de3836 6765 return 0;
ashleymills 0:714293de3836 6766 }
ashleymills 0:714293de3836 6767
ashleymills 0:714293de3836 6768
ashleymills 0:714293de3836 6769 void CyaSSL_set_connect_state(CYASSL* ssl)
ashleymills 0:714293de3836 6770 {
ashleymills 0:714293de3836 6771 (void)ssl;
ashleymills 0:714293de3836 6772 /* client by default */
ashleymills 0:714293de3836 6773 }
ashleymills 0:714293de3836 6774 #endif
ashleymills 0:714293de3836 6775
ashleymills 0:714293de3836 6776 int CyaSSL_get_shutdown(const CYASSL* ssl)
ashleymills 0:714293de3836 6777 {
ashleymills 0:714293de3836 6778 return (ssl->options.isClosed ||
ashleymills 0:714293de3836 6779 ssl->options.connReset ||
ashleymills 0:714293de3836 6780 ssl->options.sentNotify);
ashleymills 0:714293de3836 6781 }
ashleymills 0:714293de3836 6782
ashleymills 0:714293de3836 6783
ashleymills 0:714293de3836 6784 int CyaSSL_session_reused(CYASSL* ssl)
ashleymills 0:714293de3836 6785 {
ashleymills 0:714293de3836 6786 return ssl->options.resuming;
ashleymills 0:714293de3836 6787 }
ashleymills 0:714293de3836 6788
ashleymills 0:714293de3836 6789 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 6790 void CyaSSL_SESSION_free(CYASSL_SESSION* session)
ashleymills 0:714293de3836 6791 {
ashleymills 0:714293de3836 6792 (void)session;
ashleymills 0:714293de3836 6793 }
ashleymills 0:714293de3836 6794 #endif
ashleymills 0:714293de3836 6795
ashleymills 0:714293de3836 6796 const char* CyaSSL_get_version(CYASSL* ssl)
ashleymills 0:714293de3836 6797 {
ashleymills 0:714293de3836 6798 CYASSL_ENTER("SSL_get_version");
ashleymills 0:714293de3836 6799 if (ssl->version.major == SSLv3_MAJOR) {
ashleymills 0:714293de3836 6800 switch (ssl->version.minor) {
ashleymills 0:714293de3836 6801 case SSLv3_MINOR :
ashleymills 0:714293de3836 6802 return "SSLv3";
ashleymills 0:714293de3836 6803 case TLSv1_MINOR :
ashleymills 0:714293de3836 6804 return "TLSv1";
ashleymills 0:714293de3836 6805 case TLSv1_1_MINOR :
ashleymills 0:714293de3836 6806 return "TLSv1.1";
ashleymills 0:714293de3836 6807 case TLSv1_2_MINOR :
ashleymills 0:714293de3836 6808 return "TLSv1.2";
ashleymills 0:714293de3836 6809 default:
ashleymills 0:714293de3836 6810 return "unknown";
ashleymills 0:714293de3836 6811 }
ashleymills 0:714293de3836 6812 }
ashleymills 0:714293de3836 6813 else if (ssl->version.major == DTLS_MAJOR) {
ashleymills 0:714293de3836 6814 switch (ssl->version.minor) {
ashleymills 0:714293de3836 6815 case DTLS_MINOR :
ashleymills 0:714293de3836 6816 return "DTLS";
ashleymills 0:714293de3836 6817 case DTLSv1_2_MINOR :
ashleymills 0:714293de3836 6818 return "DTLSv1.2";
ashleymills 0:714293de3836 6819 default:
ashleymills 0:714293de3836 6820 return "unknown";
ashleymills 0:714293de3836 6821 }
ashleymills 0:714293de3836 6822 }
ashleymills 0:714293de3836 6823 return "unknown";
ashleymills 0:714293de3836 6824 }
ashleymills 0:714293de3836 6825
ashleymills 0:714293de3836 6826 int CyaSSL_get_current_cipher_suite(CYASSL* ssl)
ashleymills 0:714293de3836 6827 {
ashleymills 0:714293de3836 6828 CYASSL_ENTER("SSL_get_current_cipher_suite");
ashleymills 0:714293de3836 6829 if (ssl)
ashleymills 0:714293de3836 6830 return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
ashleymills 0:714293de3836 6831 return 0;
ashleymills 0:714293de3836 6832 }
ashleymills 0:714293de3836 6833
ashleymills 0:714293de3836 6834 CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL* ssl)
ashleymills 0:714293de3836 6835 {
ashleymills 0:714293de3836 6836 CYASSL_ENTER("SSL_get_current_cipher");
ashleymills 0:714293de3836 6837 if (ssl)
ashleymills 0:714293de3836 6838 return &ssl->cipher;
ashleymills 0:714293de3836 6839 else
ashleymills 0:714293de3836 6840 return NULL;
ashleymills 0:714293de3836 6841 }
ashleymills 0:714293de3836 6842
ashleymills 0:714293de3836 6843
ashleymills 0:714293de3836 6844 const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher)
ashleymills 0:714293de3836 6845 {
ashleymills 0:714293de3836 6846 (void)cipher;
ashleymills 0:714293de3836 6847
ashleymills 0:714293de3836 6848 CYASSL_ENTER("SSL_CIPHER_get_name");
ashleymills 0:714293de3836 6849 #ifndef NO_ERROR_STRINGS
ashleymills 0:714293de3836 6850 if (cipher) {
ashleymills 0:714293de3836 6851 #ifdef HAVE_ECC
ashleymills 0:714293de3836 6852 if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
ashleymills 0:714293de3836 6853 /* ECC suites */
ashleymills 0:714293de3836 6854 switch (cipher->ssl->options.cipherSuite) {
ashleymills 0:714293de3836 6855 #ifndef NO_RSA
ashleymills 0:714293de3836 6856 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 6857 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
ashleymills 0:714293de3836 6858 #endif
ashleymills 0:714293de3836 6859 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 6860 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
ashleymills 0:714293de3836 6861 #ifndef NO_RSA
ashleymills 0:714293de3836 6862 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 6863 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
ashleymills 0:714293de3836 6864 #endif
ashleymills 0:714293de3836 6865 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 6866 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
ashleymills 0:714293de3836 6867 #ifndef NO_RSA
ashleymills 0:714293de3836 6868 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
ashleymills 0:714293de3836 6869 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
ashleymills 0:714293de3836 6870 #endif
ashleymills 0:714293de3836 6871 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
ashleymills 0:714293de3836 6872 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
ashleymills 0:714293de3836 6873 #ifndef NO_RSA
ashleymills 0:714293de3836 6874 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
ashleymills 0:714293de3836 6875 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
ashleymills 0:714293de3836 6876 #endif
ashleymills 0:714293de3836 6877 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
ashleymills 0:714293de3836 6878 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
ashleymills 0:714293de3836 6879 #ifndef NO_SHA
ashleymills 0:714293de3836 6880 #ifndef NO_RSA
ashleymills 0:714293de3836 6881 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 6882 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
ashleymills 0:714293de3836 6883 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 6884 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
ashleymills 0:714293de3836 6885 #endif
ashleymills 0:714293de3836 6886 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 6887 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
ashleymills 0:714293de3836 6888 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 6889 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
ashleymills 0:714293de3836 6890 #ifndef NO_RC4
ashleymills 0:714293de3836 6891 #ifndef NO_RSA
ashleymills 0:714293de3836 6892 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 6893 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
ashleymills 0:714293de3836 6894 #endif
ashleymills 0:714293de3836 6895 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 6896 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
ashleymills 0:714293de3836 6897 #endif
ashleymills 0:714293de3836 6898 #ifndef NO_DES3
ashleymills 0:714293de3836 6899 #ifndef NO_RSA
ashleymills 0:714293de3836 6900 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 6901 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
ashleymills 0:714293de3836 6902 #endif
ashleymills 0:714293de3836 6903 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 6904 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
ashleymills 0:714293de3836 6905 #endif
ashleymills 0:714293de3836 6906
ashleymills 0:714293de3836 6907 #ifndef NO_RSA
ashleymills 0:714293de3836 6908 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 6909 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
ashleymills 0:714293de3836 6910 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 6911 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
ashleymills 0:714293de3836 6912 #endif
ashleymills 0:714293de3836 6913 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 6914 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
ashleymills 0:714293de3836 6915 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 6916 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
ashleymills 0:714293de3836 6917 #ifndef NO_RC4
ashleymills 0:714293de3836 6918 #ifndef NO_RSA
ashleymills 0:714293de3836 6919 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 6920 return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
ashleymills 0:714293de3836 6921 #endif
ashleymills 0:714293de3836 6922 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 6923 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
ashleymills 0:714293de3836 6924 #endif
ashleymills 0:714293de3836 6925 #ifndef NO_DES3
ashleymills 0:714293de3836 6926 #ifndef NO_RSA
ashleymills 0:714293de3836 6927 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 6928 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
ashleymills 0:714293de3836 6929 #endif
ashleymills 0:714293de3836 6930 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 6931 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
ashleymills 0:714293de3836 6932 #endif
ashleymills 0:714293de3836 6933 #endif /* NO_SHA */
ashleymills 0:714293de3836 6934
ashleymills 0:714293de3836 6935 #ifdef HAVE_AESGCM
ashleymills 0:714293de3836 6936 #ifndef NO_RSA
ashleymills 0:714293de3836 6937 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 6938 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
ashleymills 0:714293de3836 6939 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 6940 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
ashleymills 0:714293de3836 6941 #endif
ashleymills 0:714293de3836 6942 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 6943 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
ashleymills 0:714293de3836 6944 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 6945 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
ashleymills 0:714293de3836 6946 #ifndef NO_RSA
ashleymills 0:714293de3836 6947 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 6948 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
ashleymills 0:714293de3836 6949 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 6950 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
ashleymills 0:714293de3836 6951 #endif
ashleymills 0:714293de3836 6952 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 6953 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
ashleymills 0:714293de3836 6954 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 6955 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
ashleymills 0:714293de3836 6956 #endif
ashleymills 0:714293de3836 6957
ashleymills 0:714293de3836 6958 #ifdef HAVE_AESCCM
ashleymills 0:714293de3836 6959 #ifndef NO_RSA
ashleymills 0:714293de3836 6960 case TLS_RSA_WITH_AES_128_CCM_8 :
ashleymills 0:714293de3836 6961 return "TLS_RSA_WITH_AES_128_CCM_8";
ashleymills 0:714293de3836 6962 case TLS_RSA_WITH_AES_256_CCM_8 :
ashleymills 0:714293de3836 6963 return "TLS_RSA_WITH_AES_256_CCM_8";
ashleymills 0:714293de3836 6964 #endif
ashleymills 0:714293de3836 6965 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
ashleymills 0:714293de3836 6966 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
ashleymills 0:714293de3836 6967 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
ashleymills 0:714293de3836 6968 return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
ashleymills 0:714293de3836 6969 #endif
ashleymills 0:714293de3836 6970
ashleymills 0:714293de3836 6971 default:
ashleymills 0:714293de3836 6972 return "NONE";
ashleymills 0:714293de3836 6973 }
ashleymills 0:714293de3836 6974 }
ashleymills 0:714293de3836 6975 #endif /* ECC */
ashleymills 0:714293de3836 6976 if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) {
ashleymills 0:714293de3836 6977 /* normal suites */
ashleymills 0:714293de3836 6978 switch (cipher->ssl->options.cipherSuite) {
ashleymills 0:714293de3836 6979 #ifndef NO_RSA
ashleymills 0:714293de3836 6980 #ifndef NO_RC4
ashleymills 0:714293de3836 6981 #ifndef NO_SHA
ashleymills 0:714293de3836 6982 case SSL_RSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 6983 return "SSL_RSA_WITH_RC4_128_SHA";
ashleymills 0:714293de3836 6984 #endif
ashleymills 0:714293de3836 6985 #ifndef NO_MD5
ashleymills 0:714293de3836 6986 case SSL_RSA_WITH_RC4_128_MD5 :
ashleymills 0:714293de3836 6987 return "SSL_RSA_WITH_RC4_128_MD5";
ashleymills 0:714293de3836 6988 #endif
ashleymills 0:714293de3836 6989 #endif
ashleymills 0:714293de3836 6990 #ifndef NO_SHA
ashleymills 0:714293de3836 6991 #ifndef NO_DES3
ashleymills 0:714293de3836 6992 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 6993 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
ashleymills 0:714293de3836 6994 #endif
ashleymills 0:714293de3836 6995 case TLS_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 6996 return "TLS_RSA_WITH_AES_128_CBC_SHA";
ashleymills 0:714293de3836 6997 case TLS_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 6998 return "TLS_RSA_WITH_AES_256_CBC_SHA";
ashleymills 0:714293de3836 6999 #endif
ashleymills 0:714293de3836 7000 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 7001 return "TLS_RSA_WITH_AES_128_CBC_SHA256";
ashleymills 0:714293de3836 7002 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
ashleymills 0:714293de3836 7003 return "TLS_RSA_WITH_AES_256_CBC_SHA256";
ashleymills 0:714293de3836 7004 #ifndef NO_SHA
ashleymills 0:714293de3836 7005 case TLS_RSA_WITH_NULL_SHA :
ashleymills 0:714293de3836 7006 return "TLS_RSA_WITH_NULL_SHA";
ashleymills 0:714293de3836 7007 #endif
ashleymills 0:714293de3836 7008 case TLS_RSA_WITH_NULL_SHA256 :
ashleymills 0:714293de3836 7009 return "TLS_RSA_WITH_NULL_SHA256";
ashleymills 0:714293de3836 7010 #endif /* NO_RSA */
ashleymills 0:714293de3836 7011 #ifndef NO_PSK
ashleymills 0:714293de3836 7012 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 7013 return "TLS_PSK_WITH_AES_128_CBC_SHA256";
ashleymills 0:714293de3836 7014 #ifndef NO_SHA
ashleymills 0:714293de3836 7015 case TLS_PSK_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 7016 return "TLS_PSK_WITH_AES_128_CBC_SHA";
ashleymills 0:714293de3836 7017 case TLS_PSK_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 7018 return "TLS_PSK_WITH_AES_256_CBC_SHA";
ashleymills 0:714293de3836 7019 #endif
ashleymills 0:714293de3836 7020 #ifndef NO_SHA256
ashleymills 0:714293de3836 7021 #ifdef HAVE_AESCCM
ashleymills 0:714293de3836 7022 case TLS_PSK_WITH_AES_128_CCM_8 :
ashleymills 0:714293de3836 7023 return "TLS_PSK_WITH_AES_128_CCM_8";
ashleymills 0:714293de3836 7024 case TLS_PSK_WITH_AES_256_CCM_8 :
ashleymills 0:714293de3836 7025 return "TLS_PSK_WITH_AES_256_CCM_8";
ashleymills 0:714293de3836 7026 #endif
ashleymills 0:714293de3836 7027 case TLS_PSK_WITH_NULL_SHA256 :
ashleymills 0:714293de3836 7028 return "TLS_PSK_WITH_NULL_SHA256";
ashleymills 0:714293de3836 7029 #endif
ashleymills 0:714293de3836 7030 #ifndef NO_SHA
ashleymills 0:714293de3836 7031 case TLS_PSK_WITH_NULL_SHA :
ashleymills 0:714293de3836 7032 return "TLS_PSK_WITH_NULL_SHA";
ashleymills 0:714293de3836 7033 #endif
ashleymills 0:714293de3836 7034 #endif /* NO_PSK */
ashleymills 0:714293de3836 7035 #ifndef NO_RSA
ashleymills 0:714293de3836 7036 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
ashleymills 0:714293de3836 7037 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
ashleymills 0:714293de3836 7038 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
ashleymills 0:714293de3836 7039 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
ashleymills 0:714293de3836 7040 #ifndef NO_SHA
ashleymills 0:714293de3836 7041 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 7042 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
ashleymills 0:714293de3836 7043 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 7044 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
ashleymills 0:714293de3836 7045 #endif
ashleymills 0:714293de3836 7046 #ifndef NO_HC128
ashleymills 0:714293de3836 7047 #ifndef NO_MD5
ashleymills 0:714293de3836 7048 case TLS_RSA_WITH_HC_128_CBC_MD5 :
ashleymills 0:714293de3836 7049 return "TLS_RSA_WITH_HC_128_CBC_MD5";
ashleymills 0:714293de3836 7050 #endif
ashleymills 0:714293de3836 7051 #ifndef NO_SHA
ashleymills 0:714293de3836 7052 case TLS_RSA_WITH_HC_128_CBC_SHA :
ashleymills 0:714293de3836 7053 return "TLS_RSA_WITH_HC_128_CBC_SHA";
ashleymills 0:714293de3836 7054 #endif
ashleymills 0:714293de3836 7055 #endif /* NO_HC128 */
ashleymills 0:714293de3836 7056 #ifndef NO_SHA
ashleymills 0:714293de3836 7057 #ifndef NO_RABBIT
ashleymills 0:714293de3836 7058 case TLS_RSA_WITH_RABBIT_CBC_SHA :
ashleymills 0:714293de3836 7059 return "TLS_RSA_WITH_RABBIT_CBC_SHA";
ashleymills 0:714293de3836 7060 #endif
ashleymills 0:714293de3836 7061 #ifdef HAVE_NTRU
ashleymills 0:714293de3836 7062 #ifndef NO_RC4
ashleymills 0:714293de3836 7063 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
ashleymills 0:714293de3836 7064 return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
ashleymills 0:714293de3836 7065 #endif
ashleymills 0:714293de3836 7066 #ifndef NO_DES3
ashleymills 0:714293de3836 7067 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
ashleymills 0:714293de3836 7068 return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
ashleymills 0:714293de3836 7069 #endif
ashleymills 0:714293de3836 7070 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
ashleymills 0:714293de3836 7071 return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
ashleymills 0:714293de3836 7072 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
ashleymills 0:714293de3836 7073 return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
ashleymills 0:714293de3836 7074 #endif /* HAVE_NTRU */
ashleymills 0:714293de3836 7075 #endif /* NO_SHA */
ashleymills 0:714293de3836 7076 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 7077 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
ashleymills 0:714293de3836 7078 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 7079 return "TLS_RSA_WITH_AES_256_GCM_SHA384";
ashleymills 0:714293de3836 7080 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
ashleymills 0:714293de3836 7081 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
ashleymills 0:714293de3836 7082 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
ashleymills 0:714293de3836 7083 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
ashleymills 0:714293de3836 7084 #ifndef NO_SHA
ashleymills 0:714293de3836 7085 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
ashleymills 0:714293de3836 7086 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
ashleymills 0:714293de3836 7087 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
ashleymills 0:714293de3836 7088 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
ashleymills 0:714293de3836 7089 #endif
ashleymills 0:714293de3836 7090 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ashleymills 0:714293de3836 7091 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
ashleymills 0:714293de3836 7092 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ashleymills 0:714293de3836 7093 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
ashleymills 0:714293de3836 7094 #ifndef NO_SHA
ashleymills 0:714293de3836 7095 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
ashleymills 0:714293de3836 7096 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
ashleymills 0:714293de3836 7097 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
ashleymills 0:714293de3836 7098 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
ashleymills 0:714293de3836 7099 #endif
ashleymills 0:714293de3836 7100 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
ashleymills 0:714293de3836 7101 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
ashleymills 0:714293de3836 7102 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
ashleymills 0:714293de3836 7103 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
ashleymills 0:714293de3836 7104 #endif /* NO_RSA */
ashleymills 0:714293de3836 7105 default:
ashleymills 0:714293de3836 7106 return "NONE";
ashleymills 0:714293de3836 7107 } /* switch */
ashleymills 0:714293de3836 7108 } /* normal / ECC */
ashleymills 0:714293de3836 7109 }
ashleymills 0:714293de3836 7110 #endif /* NO_ERROR_STRINGS */
ashleymills 0:714293de3836 7111 return "NONE";
ashleymills 0:714293de3836 7112 }
ashleymills 0:714293de3836 7113
ashleymills 0:714293de3836 7114
ashleymills 0:714293de3836 7115 const char* CyaSSL_get_cipher(CYASSL* ssl)
ashleymills 0:714293de3836 7116 {
ashleymills 0:714293de3836 7117 CYASSL_ENTER("CyaSSL_get_cipher");
ashleymills 0:714293de3836 7118 return CyaSSL_CIPHER_get_name(CyaSSL_get_current_cipher(ssl));
ashleymills 0:714293de3836 7119 }
ashleymills 0:714293de3836 7120
ashleymills 0:714293de3836 7121 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 7122
ashleymills 0:714293de3836 7123 /* XXX shuld be NO_DH */
ashleymills 0:714293de3836 7124 #ifndef NO_CERTS
ashleymills 0:714293de3836 7125 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 7126 int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
ashleymills 0:714293de3836 7127 const unsigned char* g, int gSz)
ashleymills 0:714293de3836 7128 {
ashleymills 0:714293de3836 7129 CYASSL_ENTER("CyaSSL_CTX_SetTmpDH");
ashleymills 0:714293de3836 7130 if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
ashleymills 0:714293de3836 7131
ashleymills 0:714293de3836 7132 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 7133 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 7134
ashleymills 0:714293de3836 7135 ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 7136 if (ctx->serverDH_P.buffer == NULL)
ashleymills 0:714293de3836 7137 return MEMORY_E;
ashleymills 0:714293de3836 7138
ashleymills 0:714293de3836 7139 ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 7140 if (ctx->serverDH_G.buffer == NULL) {
ashleymills 0:714293de3836 7141 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 7142 return MEMORY_E;
ashleymills 0:714293de3836 7143 }
ashleymills 0:714293de3836 7144
ashleymills 0:714293de3836 7145 ctx->serverDH_P.length = pSz;
ashleymills 0:714293de3836 7146 ctx->serverDH_G.length = gSz;
ashleymills 0:714293de3836 7147
ashleymills 0:714293de3836 7148 XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
ashleymills 0:714293de3836 7149 XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
ashleymills 0:714293de3836 7150
ashleymills 0:714293de3836 7151 ctx->haveDH = 1;
ashleymills 0:714293de3836 7152
ashleymills 0:714293de3836 7153 CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
ashleymills 0:714293de3836 7154 return SSL_SUCCESS;
ashleymills 0:714293de3836 7155 }
ashleymills 0:714293de3836 7156 #endif /* !NO_CERTS */
ashleymills 0:714293de3836 7157
ashleymills 0:714293de3836 7158
ashleymills 0:714293de3836 7159 char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len)
ashleymills 0:714293de3836 7160 {
ashleymills 0:714293de3836 7161 (void)cipher;
ashleymills 0:714293de3836 7162 (void)in;
ashleymills 0:714293de3836 7163 (void)len;
ashleymills 0:714293de3836 7164 return 0;
ashleymills 0:714293de3836 7165 }
ashleymills 0:714293de3836 7166
ashleymills 0:714293de3836 7167
ashleymills 0:714293de3836 7168 CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl) /* what's ref count */
ashleymills 0:714293de3836 7169 {
ashleymills 0:714293de3836 7170 (void)ssl;
ashleymills 0:714293de3836 7171 return 0;
ashleymills 0:714293de3836 7172 }
ashleymills 0:714293de3836 7173
ashleymills 0:714293de3836 7174
ashleymills 0:714293de3836 7175 void CyaSSL_X509_free(CYASSL_X509* buf)
ashleymills 0:714293de3836 7176 {
ashleymills 0:714293de3836 7177 (void)buf;
ashleymills 0:714293de3836 7178 }
ashleymills 0:714293de3836 7179
ashleymills 0:714293de3836 7180
ashleymills 0:714293de3836 7181 /* was do nothing */
ashleymills 0:714293de3836 7182 /*
ashleymills 0:714293de3836 7183 void OPENSSL_free(void* buf)
ashleymills 0:714293de3836 7184 {
ashleymills 0:714293de3836 7185 (void)buf;
ashleymills 0:714293de3836 7186 }
ashleymills 0:714293de3836 7187 */
ashleymills 0:714293de3836 7188
ashleymills 0:714293de3836 7189
ashleymills 0:714293de3836 7190 int CyaSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
ashleymills 0:714293de3836 7191 int* ssl)
ashleymills 0:714293de3836 7192 {
ashleymills 0:714293de3836 7193 (void)url;
ashleymills 0:714293de3836 7194 (void)host;
ashleymills 0:714293de3836 7195 (void)port;
ashleymills 0:714293de3836 7196 (void)path;
ashleymills 0:714293de3836 7197 (void)ssl;
ashleymills 0:714293de3836 7198 return 0;
ashleymills 0:714293de3836 7199 }
ashleymills 0:714293de3836 7200
ashleymills 0:714293de3836 7201
ashleymills 0:714293de3836 7202 CYASSL_METHOD* CyaSSLv2_client_method(void)
ashleymills 0:714293de3836 7203 {
ashleymills 0:714293de3836 7204 return 0;
ashleymills 0:714293de3836 7205 }
ashleymills 0:714293de3836 7206
ashleymills 0:714293de3836 7207
ashleymills 0:714293de3836 7208 CYASSL_METHOD* CyaSSLv2_server_method(void)
ashleymills 0:714293de3836 7209 {
ashleymills 0:714293de3836 7210 return 0;
ashleymills 0:714293de3836 7211 }
ashleymills 0:714293de3836 7212
ashleymills 0:714293de3836 7213
ashleymills 0:714293de3836 7214 #ifndef NO_MD4
ashleymills 0:714293de3836 7215
ashleymills 0:714293de3836 7216 void CyaSSL_MD4_Init(CYASSL_MD4_CTX* md4)
ashleymills 0:714293de3836 7217 {
ashleymills 0:714293de3836 7218 /* make sure we have a big enough buffer */
ashleymills 0:714293de3836 7219 typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
ashleymills 0:714293de3836 7220 (void) sizeof(ok);
ashleymills 0:714293de3836 7221
ashleymills 0:714293de3836 7222 CYASSL_ENTER("MD4_Init");
ashleymills 0:714293de3836 7223 InitMd4((Md4*)md4);
ashleymills 0:714293de3836 7224 }
ashleymills 0:714293de3836 7225
ashleymills 0:714293de3836 7226
ashleymills 0:714293de3836 7227 void CyaSSL_MD4_Update(CYASSL_MD4_CTX* md4, const void* data,
ashleymills 0:714293de3836 7228 unsigned long len)
ashleymills 0:714293de3836 7229 {
ashleymills 0:714293de3836 7230 CYASSL_ENTER("MD4_Update");
ashleymills 0:714293de3836 7231 Md4Update((Md4*)md4, (const byte*)data, (word32)len);
ashleymills 0:714293de3836 7232 }
ashleymills 0:714293de3836 7233
ashleymills 0:714293de3836 7234
ashleymills 0:714293de3836 7235 void CyaSSL_MD4_Final(unsigned char* digest, CYASSL_MD4_CTX* md4)
ashleymills 0:714293de3836 7236 {
ashleymills 0:714293de3836 7237 CYASSL_ENTER("MD4_Final");
ashleymills 0:714293de3836 7238 Md4Final((Md4*)md4, digest);
ashleymills 0:714293de3836 7239 }
ashleymills 0:714293de3836 7240
ashleymills 0:714293de3836 7241 #endif /* NO_MD4 */
ashleymills 0:714293de3836 7242
ashleymills 0:714293de3836 7243
ashleymills 0:714293de3836 7244 CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO* top)
ashleymills 0:714293de3836 7245 {
ashleymills 0:714293de3836 7246 (void)top;
ashleymills 0:714293de3836 7247 return 0;
ashleymills 0:714293de3836 7248 }
ashleymills 0:714293de3836 7249
ashleymills 0:714293de3836 7250
ashleymills 0:714293de3836 7251 int CyaSSL_BIO_pending(CYASSL_BIO* bio)
ashleymills 0:714293de3836 7252 {
ashleymills 0:714293de3836 7253 (void)bio;
ashleymills 0:714293de3836 7254 return 0;
ashleymills 0:714293de3836 7255 }
ashleymills 0:714293de3836 7256
ashleymills 0:714293de3836 7257
ashleymills 0:714293de3836 7258
ashleymills 0:714293de3836 7259 CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void)
ashleymills 0:714293de3836 7260 {
ashleymills 0:714293de3836 7261 static CYASSL_BIO_METHOD meth;
ashleymills 0:714293de3836 7262
ashleymills 0:714293de3836 7263 CYASSL_ENTER("BIO_s_mem");
ashleymills 0:714293de3836 7264 meth.type = BIO_MEMORY;
ashleymills 0:714293de3836 7265
ashleymills 0:714293de3836 7266 return &meth;
ashleymills 0:714293de3836 7267 }
ashleymills 0:714293de3836 7268
ashleymills 0:714293de3836 7269
ashleymills 0:714293de3836 7270 CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void)
ashleymills 0:714293de3836 7271 {
ashleymills 0:714293de3836 7272 return 0;
ashleymills 0:714293de3836 7273 }
ashleymills 0:714293de3836 7274
ashleymills 0:714293de3836 7275
ashleymills 0:714293de3836 7276 void CyaSSL_BIO_set_flags(CYASSL_BIO* bio, int flags)
ashleymills 0:714293de3836 7277 {
ashleymills 0:714293de3836 7278 (void)bio;
ashleymills 0:714293de3836 7279 (void)flags;
ashleymills 0:714293de3836 7280 }
ashleymills 0:714293de3836 7281
ashleymills 0:714293de3836 7282
ashleymills 0:714293de3836 7283
ashleymills 0:714293de3836 7284 void CyaSSL_RAND_screen(void)
ashleymills 0:714293de3836 7285 {
ashleymills 0:714293de3836 7286
ashleymills 0:714293de3836 7287 }
ashleymills 0:714293de3836 7288
ashleymills 0:714293de3836 7289
ashleymills 0:714293de3836 7290 const char* CyaSSL_RAND_file_name(char* fname, unsigned long len)
ashleymills 0:714293de3836 7291 {
ashleymills 0:714293de3836 7292 (void)fname;
ashleymills 0:714293de3836 7293 (void)len;
ashleymills 0:714293de3836 7294 return 0;
ashleymills 0:714293de3836 7295 }
ashleymills 0:714293de3836 7296
ashleymills 0:714293de3836 7297
ashleymills 0:714293de3836 7298 int CyaSSL_RAND_write_file(const char* fname)
ashleymills 0:714293de3836 7299 {
ashleymills 0:714293de3836 7300 (void)fname;
ashleymills 0:714293de3836 7301 return 0;
ashleymills 0:714293de3836 7302 }
ashleymills 0:714293de3836 7303
ashleymills 0:714293de3836 7304
ashleymills 0:714293de3836 7305 int CyaSSL_RAND_load_file(const char* fname, long len)
ashleymills 0:714293de3836 7306 {
ashleymills 0:714293de3836 7307 (void)fname;
ashleymills 0:714293de3836 7308 /* CTaoCrypt provides enough entropy internally or will report error */
ashleymills 0:714293de3836 7309 if (len == -1)
ashleymills 0:714293de3836 7310 return 1024;
ashleymills 0:714293de3836 7311 else
ashleymills 0:714293de3836 7312 return (int)len;
ashleymills 0:714293de3836 7313 }
ashleymills 0:714293de3836 7314
ashleymills 0:714293de3836 7315
ashleymills 0:714293de3836 7316 int CyaSSL_RAND_egd(const char* path)
ashleymills 0:714293de3836 7317 {
ashleymills 0:714293de3836 7318 (void)path;
ashleymills 0:714293de3836 7319 return 0;
ashleymills 0:714293de3836 7320 }
ashleymills 0:714293de3836 7321
ashleymills 0:714293de3836 7322
ashleymills 0:714293de3836 7323
ashleymills 0:714293de3836 7324 CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void)
ashleymills 0:714293de3836 7325 {
ashleymills 0:714293de3836 7326 return 0;
ashleymills 0:714293de3836 7327 }
ashleymills 0:714293de3836 7328
ashleymills 0:714293de3836 7329
ashleymills 0:714293de3836 7330 CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void)
ashleymills 0:714293de3836 7331 {
ashleymills 0:714293de3836 7332 return 0;
ashleymills 0:714293de3836 7333 }
ashleymills 0:714293de3836 7334
ashleymills 0:714293de3836 7335
ashleymills 0:714293de3836 7336 int CyaSSL_COMP_add_compression_method(int method, void* data)
ashleymills 0:714293de3836 7337 {
ashleymills 0:714293de3836 7338 (void)method;
ashleymills 0:714293de3836 7339 (void)data;
ashleymills 0:714293de3836 7340 return 0;
ashleymills 0:714293de3836 7341 }
ashleymills 0:714293de3836 7342
ashleymills 0:714293de3836 7343
ashleymills 0:714293de3836 7344
ashleymills 0:714293de3836 7345 int CyaSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
ashleymills 0:714293de3836 7346 void* cb3)
ashleymills 0:714293de3836 7347 {
ashleymills 0:714293de3836 7348 (void)idx;
ashleymills 0:714293de3836 7349 (void)data;
ashleymills 0:714293de3836 7350 (void)cb1;
ashleymills 0:714293de3836 7351 (void)cb2;
ashleymills 0:714293de3836 7352 (void)cb3;
ashleymills 0:714293de3836 7353 return 0;
ashleymills 0:714293de3836 7354 }
ashleymills 0:714293de3836 7355
ashleymills 0:714293de3836 7356
ashleymills 0:714293de3836 7357 void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f)(
ashleymills 0:714293de3836 7358 const char*, int))
ashleymills 0:714293de3836 7359 {
ashleymills 0:714293de3836 7360 (void)f;
ashleymills 0:714293de3836 7361 }
ashleymills 0:714293de3836 7362
ashleymills 0:714293de3836 7363
ashleymills 0:714293de3836 7364 void CyaSSL_set_dynlock_lock_callback(
ashleymills 0:714293de3836 7365 void (*f)(int, CYASSL_dynlock_value*, const char*, int))
ashleymills 0:714293de3836 7366 {
ashleymills 0:714293de3836 7367 (void)f;
ashleymills 0:714293de3836 7368 }
ashleymills 0:714293de3836 7369
ashleymills 0:714293de3836 7370
ashleymills 0:714293de3836 7371 void CyaSSL_set_dynlock_destroy_callback(
ashleymills 0:714293de3836 7372 void (*f)(CYASSL_dynlock_value*, const char*, int))
ashleymills 0:714293de3836 7373 {
ashleymills 0:714293de3836 7374 (void)f;
ashleymills 0:714293de3836 7375 }
ashleymills 0:714293de3836 7376
ashleymills 0:714293de3836 7377
ashleymills 0:714293de3836 7378
ashleymills 0:714293de3836 7379 const char* CyaSSL_X509_verify_cert_error_string(long err)
ashleymills 0:714293de3836 7380 {
ashleymills 0:714293de3836 7381 (void)err;
ashleymills 0:714293de3836 7382 return 0;
ashleymills 0:714293de3836 7383 }
ashleymills 0:714293de3836 7384
ashleymills 0:714293de3836 7385
ashleymills 0:714293de3836 7386
ashleymills 0:714293de3836 7387 int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP* lookup, const char* dir,
ashleymills 0:714293de3836 7388 long len)
ashleymills 0:714293de3836 7389 {
ashleymills 0:714293de3836 7390 (void)lookup;
ashleymills 0:714293de3836 7391 (void)dir;
ashleymills 0:714293de3836 7392 (void)len;
ashleymills 0:714293de3836 7393 return 0;
ashleymills 0:714293de3836 7394 }
ashleymills 0:714293de3836 7395
ashleymills 0:714293de3836 7396
ashleymills 0:714293de3836 7397 int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP* lookup,
ashleymills 0:714293de3836 7398 const char* file, long len)
ashleymills 0:714293de3836 7399 {
ashleymills 0:714293de3836 7400 (void)lookup;
ashleymills 0:714293de3836 7401 (void)file;
ashleymills 0:714293de3836 7402 (void)len;
ashleymills 0:714293de3836 7403 return 0;
ashleymills 0:714293de3836 7404 }
ashleymills 0:714293de3836 7405
ashleymills 0:714293de3836 7406
ashleymills 0:714293de3836 7407 CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void)
ashleymills 0:714293de3836 7408 {
ashleymills 0:714293de3836 7409 return 0;
ashleymills 0:714293de3836 7410 }
ashleymills 0:714293de3836 7411
ashleymills 0:714293de3836 7412
ashleymills 0:714293de3836 7413 CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void)
ashleymills 0:714293de3836 7414 {
ashleymills 0:714293de3836 7415 return 0;
ashleymills 0:714293de3836 7416 }
ashleymills 0:714293de3836 7417
ashleymills 0:714293de3836 7418
ashleymills 0:714293de3836 7419
ashleymills 0:714293de3836 7420 CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE* store,
ashleymills 0:714293de3836 7421 CYASSL_X509_LOOKUP_METHOD* m)
ashleymills 0:714293de3836 7422 {
ashleymills 0:714293de3836 7423 (void)store;
ashleymills 0:714293de3836 7424 (void)m;
ashleymills 0:714293de3836 7425 return 0;
ashleymills 0:714293de3836 7426 }
ashleymills 0:714293de3836 7427
ashleymills 0:714293de3836 7428
ashleymills 0:714293de3836 7429 CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void)
ashleymills 0:714293de3836 7430 {
ashleymills 0:714293de3836 7431 return 0;
ashleymills 0:714293de3836 7432 }
ashleymills 0:714293de3836 7433
ashleymills 0:714293de3836 7434
ashleymills 0:714293de3836 7435 int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX* ctx, int idx,
ashleymills 0:714293de3836 7436 CYASSL_X509_NAME* name, CYASSL_X509_OBJECT* obj)
ashleymills 0:714293de3836 7437 {
ashleymills 0:714293de3836 7438 (void)ctx;
ashleymills 0:714293de3836 7439 (void)idx;
ashleymills 0:714293de3836 7440 (void)name;
ashleymills 0:714293de3836 7441 (void)obj;
ashleymills 0:714293de3836 7442 return 0;
ashleymills 0:714293de3836 7443 }
ashleymills 0:714293de3836 7444
ashleymills 0:714293de3836 7445
ashleymills 0:714293de3836 7446 int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX* ctx,
ashleymills 0:714293de3836 7447 CYASSL_X509_STORE* store, CYASSL_X509* x509, STACK_OF(CYASSL_X509)* sk)
ashleymills 0:714293de3836 7448 {
ashleymills 0:714293de3836 7449 (void)ctx;
ashleymills 0:714293de3836 7450 (void)store;
ashleymills 0:714293de3836 7451 (void)x509;
ashleymills 0:714293de3836 7452 (void)sk;
ashleymills 0:714293de3836 7453 return 0;
ashleymills 0:714293de3836 7454 }
ashleymills 0:714293de3836 7455
ashleymills 0:714293de3836 7456
ashleymills 0:714293de3836 7457 void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX* ctx)
ashleymills 0:714293de3836 7458 {
ashleymills 0:714293de3836 7459 (void)ctx;
ashleymills 0:714293de3836 7460 }
ashleymills 0:714293de3836 7461
ashleymills 0:714293de3836 7462
ashleymills 0:714293de3836 7463
ashleymills 0:714293de3836 7464 CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL* crl)
ashleymills 0:714293de3836 7465 {
ashleymills 0:714293de3836 7466 (void)crl;
ashleymills 0:714293de3836 7467 return 0;
ashleymills 0:714293de3836 7468 }
ashleymills 0:714293de3836 7469
ashleymills 0:714293de3836 7470
ashleymills 0:714293de3836 7471 CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL* crl)
ashleymills 0:714293de3836 7472 {
ashleymills 0:714293de3836 7473 (void)crl;
ashleymills 0:714293de3836 7474 return 0;
ashleymills 0:714293de3836 7475 }
ashleymills 0:714293de3836 7476
ashleymills 0:714293de3836 7477
ashleymills 0:714293de3836 7478
ashleymills 0:714293de3836 7479 CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509* x509)
ashleymills 0:714293de3836 7480 {
ashleymills 0:714293de3836 7481 (void)x509;
ashleymills 0:714293de3836 7482 return 0;
ashleymills 0:714293de3836 7483 }
ashleymills 0:714293de3836 7484
ashleymills 0:714293de3836 7485
ashleymills 0:714293de3836 7486 int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL* crl, CYASSL_EVP_PKEY* key)
ashleymills 0:714293de3836 7487 {
ashleymills 0:714293de3836 7488 (void)crl;
ashleymills 0:714293de3836 7489 (void)key;
ashleymills 0:714293de3836 7490 return 0;
ashleymills 0:714293de3836 7491 }
ashleymills 0:714293de3836 7492
ashleymills 0:714293de3836 7493
ashleymills 0:714293de3836 7494 void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX* ctx, int err)
ashleymills 0:714293de3836 7495 {
ashleymills 0:714293de3836 7496 (void)ctx;
ashleymills 0:714293de3836 7497 (void)err;
ashleymills 0:714293de3836 7498 }
ashleymills 0:714293de3836 7499
ashleymills 0:714293de3836 7500
ashleymills 0:714293de3836 7501 void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT* obj)
ashleymills 0:714293de3836 7502 {
ashleymills 0:714293de3836 7503 (void)obj;
ashleymills 0:714293de3836 7504 }
ashleymills 0:714293de3836 7505
ashleymills 0:714293de3836 7506
ashleymills 0:714293de3836 7507 void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY* key)
ashleymills 0:714293de3836 7508 {
ashleymills 0:714293de3836 7509 (void)key;
ashleymills 0:714293de3836 7510 }
ashleymills 0:714293de3836 7511
ashleymills 0:714293de3836 7512
ashleymills 0:714293de3836 7513 int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME* asnTime)
ashleymills 0:714293de3836 7514 {
ashleymills 0:714293de3836 7515 (void)asnTime;
ashleymills 0:714293de3836 7516 return 0;
ashleymills 0:714293de3836 7517 }
ashleymills 0:714293de3836 7518
ashleymills 0:714293de3836 7519
ashleymills 0:714293de3836 7520 int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED* revoked)
ashleymills 0:714293de3836 7521 {
ashleymills 0:714293de3836 7522 (void)revoked;
ashleymills 0:714293de3836 7523 return 0;
ashleymills 0:714293de3836 7524 }
ashleymills 0:714293de3836 7525
ashleymills 0:714293de3836 7526
ashleymills 0:714293de3836 7527
ashleymills 0:714293de3836 7528 CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL* crl)
ashleymills 0:714293de3836 7529 {
ashleymills 0:714293de3836 7530 (void)crl;
ashleymills 0:714293de3836 7531 return 0;
ashleymills 0:714293de3836 7532 }
ashleymills 0:714293de3836 7533
ashleymills 0:714293de3836 7534
ashleymills 0:714293de3836 7535 CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value(
ashleymills 0:714293de3836 7536 CYASSL_X509_REVOKED* revoked, int value)
ashleymills 0:714293de3836 7537 {
ashleymills 0:714293de3836 7538 (void)revoked;
ashleymills 0:714293de3836 7539 (void)value;
ashleymills 0:714293de3836 7540 return 0;
ashleymills 0:714293de3836 7541 }
ashleymills 0:714293de3836 7542
ashleymills 0:714293de3836 7543
ashleymills 0:714293de3836 7544
ashleymills 0:714293de3836 7545 CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509* x509)
ashleymills 0:714293de3836 7546 {
ashleymills 0:714293de3836 7547 (void)x509;
ashleymills 0:714293de3836 7548 return 0;
ashleymills 0:714293de3836 7549 }
ashleymills 0:714293de3836 7550
ashleymills 0:714293de3836 7551
ashleymills 0:714293de3836 7552 int CyaSSL_ASN1_TIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_TIME* asnTime)
ashleymills 0:714293de3836 7553 {
ashleymills 0:714293de3836 7554 (void)bio;
ashleymills 0:714293de3836 7555 (void)asnTime;
ashleymills 0:714293de3836 7556 return 0;
ashleymills 0:714293de3836 7557 }
ashleymills 0:714293de3836 7558
ashleymills 0:714293de3836 7559
ashleymills 0:714293de3836 7560
ashleymills 0:714293de3836 7561 int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER* a,
ashleymills 0:714293de3836 7562 const CYASSL_ASN1_INTEGER* b)
ashleymills 0:714293de3836 7563 {
ashleymills 0:714293de3836 7564 (void)a;
ashleymills 0:714293de3836 7565 (void)b;
ashleymills 0:714293de3836 7566 return 0;
ashleymills 0:714293de3836 7567 }
ashleymills 0:714293de3836 7568
ashleymills 0:714293de3836 7569
ashleymills 0:714293de3836 7570 long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER* i)
ashleymills 0:714293de3836 7571 {
ashleymills 0:714293de3836 7572 (void)i;
ashleymills 0:714293de3836 7573 return 0;
ashleymills 0:714293de3836 7574 }
ashleymills 0:714293de3836 7575
ashleymills 0:714293de3836 7576
ashleymills 0:714293de3836 7577
ashleymills 0:714293de3836 7578 void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX* ctx, int idx)
ashleymills 0:714293de3836 7579 {
ashleymills 0:714293de3836 7580 #ifdef FORTRESS
ashleymills 0:714293de3836 7581 if (ctx != NULL && idx == 0)
ashleymills 0:714293de3836 7582 return ctx->ex_data;
ashleymills 0:714293de3836 7583 #else
ashleymills 0:714293de3836 7584 (void)ctx;
ashleymills 0:714293de3836 7585 (void)idx;
ashleymills 0:714293de3836 7586 #endif
ashleymills 0:714293de3836 7587 return 0;
ashleymills 0:714293de3836 7588 }
ashleymills 0:714293de3836 7589
ashleymills 0:714293de3836 7590
ashleymills 0:714293de3836 7591 int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void)
ashleymills 0:714293de3836 7592 {
ashleymills 0:714293de3836 7593 return 0;
ashleymills 0:714293de3836 7594 }
ashleymills 0:714293de3836 7595
ashleymills 0:714293de3836 7596
ashleymills 0:714293de3836 7597 void* CyaSSL_get_ex_data(const CYASSL* ssl, int idx)
ashleymills 0:714293de3836 7598 {
ashleymills 0:714293de3836 7599 #ifdef FORTRESS
ashleymills 0:714293de3836 7600 if (ssl != NULL && idx < MAX_EX_DATA)
ashleymills 0:714293de3836 7601 return ssl->ex_data[idx];
ashleymills 0:714293de3836 7602 #else
ashleymills 0:714293de3836 7603 (void)ssl;
ashleymills 0:714293de3836 7604 (void)idx;
ashleymills 0:714293de3836 7605 #endif
ashleymills 0:714293de3836 7606 return 0;
ashleymills 0:714293de3836 7607 }
ashleymills 0:714293de3836 7608
ashleymills 0:714293de3836 7609
ashleymills 0:714293de3836 7610 void CyaSSL_CTX_set_info_callback(CYASSL_CTX* ctx, void (*f)(void))
ashleymills 0:714293de3836 7611 {
ashleymills 0:714293de3836 7612 (void)ctx;
ashleymills 0:714293de3836 7613 (void)f;
ashleymills 0:714293de3836 7614 }
ashleymills 0:714293de3836 7615
ashleymills 0:714293de3836 7616
ashleymills 0:714293de3836 7617 unsigned long CyaSSL_ERR_peek_error(void)
ashleymills 0:714293de3836 7618 {
ashleymills 0:714293de3836 7619 return 0;
ashleymills 0:714293de3836 7620 }
ashleymills 0:714293de3836 7621
ashleymills 0:714293de3836 7622
ashleymills 0:714293de3836 7623 int CyaSSL_ERR_GET_REASON(int err)
ashleymills 0:714293de3836 7624 {
ashleymills 0:714293de3836 7625 (void)err;
ashleymills 0:714293de3836 7626 return 0;
ashleymills 0:714293de3836 7627 }
ashleymills 0:714293de3836 7628
ashleymills 0:714293de3836 7629
ashleymills 0:714293de3836 7630 char* CyaSSL_alert_type_string_long(int alertID)
ashleymills 0:714293de3836 7631 {
ashleymills 0:714293de3836 7632 (void)alertID;
ashleymills 0:714293de3836 7633 return 0;
ashleymills 0:714293de3836 7634 }
ashleymills 0:714293de3836 7635
ashleymills 0:714293de3836 7636
ashleymills 0:714293de3836 7637 char* CyaSSL_alert_desc_string_long(int alertID)
ashleymills 0:714293de3836 7638 {
ashleymills 0:714293de3836 7639 (void)alertID;
ashleymills 0:714293de3836 7640 return 0;
ashleymills 0:714293de3836 7641 }
ashleymills 0:714293de3836 7642
ashleymills 0:714293de3836 7643
ashleymills 0:714293de3836 7644 char* CyaSSL_state_string_long(CYASSL* ssl)
ashleymills 0:714293de3836 7645 {
ashleymills 0:714293de3836 7646 (void)ssl;
ashleymills 0:714293de3836 7647 return 0;
ashleymills 0:714293de3836 7648 }
ashleymills 0:714293de3836 7649
ashleymills 0:714293de3836 7650
ashleymills 0:714293de3836 7651 int CyaSSL_PEM_def_callback(char* name, int num, int w, void* key)
ashleymills 0:714293de3836 7652 {
ashleymills 0:714293de3836 7653 (void)name;
ashleymills 0:714293de3836 7654 (void)num;
ashleymills 0:714293de3836 7655 (void)w;
ashleymills 0:714293de3836 7656 (void)key;
ashleymills 0:714293de3836 7657 return 0;
ashleymills 0:714293de3836 7658 }
ashleymills 0:714293de3836 7659
ashleymills 0:714293de3836 7660
ashleymills 0:714293de3836 7661 long CyaSSL_CTX_sess_accept(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7662 {
ashleymills 0:714293de3836 7663 (void)ctx;
ashleymills 0:714293de3836 7664 return 0;
ashleymills 0:714293de3836 7665 }
ashleymills 0:714293de3836 7666
ashleymills 0:714293de3836 7667
ashleymills 0:714293de3836 7668 long CyaSSL_CTX_sess_connect(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7669 {
ashleymills 0:714293de3836 7670 (void)ctx;
ashleymills 0:714293de3836 7671 return 0;
ashleymills 0:714293de3836 7672 }
ashleymills 0:714293de3836 7673
ashleymills 0:714293de3836 7674
ashleymills 0:714293de3836 7675 long CyaSSL_CTX_sess_accept_good(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7676 {
ashleymills 0:714293de3836 7677 (void)ctx;
ashleymills 0:714293de3836 7678 return 0;
ashleymills 0:714293de3836 7679 }
ashleymills 0:714293de3836 7680
ashleymills 0:714293de3836 7681
ashleymills 0:714293de3836 7682 long CyaSSL_CTX_sess_connect_good(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7683 {
ashleymills 0:714293de3836 7684 (void)ctx;
ashleymills 0:714293de3836 7685 return 0;
ashleymills 0:714293de3836 7686 }
ashleymills 0:714293de3836 7687
ashleymills 0:714293de3836 7688
ashleymills 0:714293de3836 7689 long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7690 {
ashleymills 0:714293de3836 7691 (void)ctx;
ashleymills 0:714293de3836 7692 return 0;
ashleymills 0:714293de3836 7693 }
ashleymills 0:714293de3836 7694
ashleymills 0:714293de3836 7695
ashleymills 0:714293de3836 7696 long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7697 {
ashleymills 0:714293de3836 7698 (void)ctx;
ashleymills 0:714293de3836 7699 return 0;
ashleymills 0:714293de3836 7700 }
ashleymills 0:714293de3836 7701
ashleymills 0:714293de3836 7702
ashleymills 0:714293de3836 7703 long CyaSSL_CTX_sess_hits(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7704 {
ashleymills 0:714293de3836 7705 (void)ctx;
ashleymills 0:714293de3836 7706 return 0;
ashleymills 0:714293de3836 7707 }
ashleymills 0:714293de3836 7708
ashleymills 0:714293de3836 7709
ashleymills 0:714293de3836 7710 long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7711 {
ashleymills 0:714293de3836 7712 (void)ctx;
ashleymills 0:714293de3836 7713 return 0;
ashleymills 0:714293de3836 7714 }
ashleymills 0:714293de3836 7715
ashleymills 0:714293de3836 7716
ashleymills 0:714293de3836 7717 long CyaSSL_CTX_sess_cache_full(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7718 {
ashleymills 0:714293de3836 7719 (void)ctx;
ashleymills 0:714293de3836 7720 return 0;
ashleymills 0:714293de3836 7721 }
ashleymills 0:714293de3836 7722
ashleymills 0:714293de3836 7723
ashleymills 0:714293de3836 7724 long CyaSSL_CTX_sess_misses(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7725 {
ashleymills 0:714293de3836 7726 (void)ctx;
ashleymills 0:714293de3836 7727 return 0;
ashleymills 0:714293de3836 7728 }
ashleymills 0:714293de3836 7729
ashleymills 0:714293de3836 7730
ashleymills 0:714293de3836 7731 long CyaSSL_CTX_sess_timeouts(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7732 {
ashleymills 0:714293de3836 7733 (void)ctx;
ashleymills 0:714293de3836 7734 return 0;
ashleymills 0:714293de3836 7735 }
ashleymills 0:714293de3836 7736
ashleymills 0:714293de3836 7737
ashleymills 0:714293de3836 7738 long CyaSSL_CTX_sess_number(CYASSL_CTX* ctx)
ashleymills 0:714293de3836 7739 {
ashleymills 0:714293de3836 7740 (void)ctx;
ashleymills 0:714293de3836 7741 return 0;
ashleymills 0:714293de3836 7742 }
ashleymills 0:714293de3836 7743
ashleymills 0:714293de3836 7744
ashleymills 0:714293de3836 7745 void CyaSSL_DES_set_key_unchecked(CYASSL_const_DES_cblock* myDes,
ashleymills 0:714293de3836 7746 CYASSL_DES_key_schedule* key)
ashleymills 0:714293de3836 7747 {
ashleymills 0:714293de3836 7748 (void)myDes;
ashleymills 0:714293de3836 7749 (void)key;
ashleymills 0:714293de3836 7750 }
ashleymills 0:714293de3836 7751
ashleymills 0:714293de3836 7752
ashleymills 0:714293de3836 7753 void CyaSSL_DES_set_odd_parity(CYASSL_DES_cblock* myDes)
ashleymills 0:714293de3836 7754 {
ashleymills 0:714293de3836 7755 (void)myDes;
ashleymills 0:714293de3836 7756 }
ashleymills 0:714293de3836 7757
ashleymills 0:714293de3836 7758
ashleymills 0:714293de3836 7759 void CyaSSL_DES_ecb_encrypt(CYASSL_DES_cblock* desa,
ashleymills 0:714293de3836 7760 CYASSL_DES_cblock* desb, CYASSL_DES_key_schedule* key, int len)
ashleymills 0:714293de3836 7761 {
ashleymills 0:714293de3836 7762 (void)desa;
ashleymills 0:714293de3836 7763 (void)desb;
ashleymills 0:714293de3836 7764 (void)key;
ashleymills 0:714293de3836 7765 (void)len;
ashleymills 0:714293de3836 7766 }
ashleymills 0:714293de3836 7767
ashleymills 0:714293de3836 7768 int CyaSSL_BIO_printf(CYASSL_BIO* bio, const char* format, ...)
ashleymills 0:714293de3836 7769 {
ashleymills 0:714293de3836 7770 (void)bio;
ashleymills 0:714293de3836 7771 (void)format;
ashleymills 0:714293de3836 7772 return 0;
ashleymills 0:714293de3836 7773 }
ashleymills 0:714293de3836 7774
ashleymills 0:714293de3836 7775
ashleymills 0:714293de3836 7776 int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_UTCTIME* a)
ashleymills 0:714293de3836 7777 {
ashleymills 0:714293de3836 7778 (void)bio;
ashleymills 0:714293de3836 7779 (void)a;
ashleymills 0:714293de3836 7780 return 0;
ashleymills 0:714293de3836 7781 }
ashleymills 0:714293de3836 7782
ashleymills 0:714293de3836 7783
ashleymills 0:714293de3836 7784 int CyaSSL_sk_num(CYASSL_X509_REVOKED* rev)
ashleymills 0:714293de3836 7785 {
ashleymills 0:714293de3836 7786 (void)rev;
ashleymills 0:714293de3836 7787 return 0;
ashleymills 0:714293de3836 7788 }
ashleymills 0:714293de3836 7789
ashleymills 0:714293de3836 7790
ashleymills 0:714293de3836 7791 void* CyaSSL_sk_value(CYASSL_X509_REVOKED* rev, int i)
ashleymills 0:714293de3836 7792 {
ashleymills 0:714293de3836 7793 (void)rev;
ashleymills 0:714293de3836 7794 (void)i;
ashleymills 0:714293de3836 7795 return 0;
ashleymills 0:714293de3836 7796 }
ashleymills 0:714293de3836 7797
ashleymills 0:714293de3836 7798
ashleymills 0:714293de3836 7799 /* stunnel 4.28 needs */
ashleymills 0:714293de3836 7800 void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX* ctx, int d)
ashleymills 0:714293de3836 7801 {
ashleymills 0:714293de3836 7802 (void)ctx;
ashleymills 0:714293de3836 7803 (void)d;
ashleymills 0:714293de3836 7804 return 0;
ashleymills 0:714293de3836 7805 }
ashleymills 0:714293de3836 7806
ashleymills 0:714293de3836 7807
ashleymills 0:714293de3836 7808 int CyaSSL_CTX_set_ex_data(CYASSL_CTX* ctx, int d, void* p)
ashleymills 0:714293de3836 7809 {
ashleymills 0:714293de3836 7810 (void)ctx;
ashleymills 0:714293de3836 7811 (void)d;
ashleymills 0:714293de3836 7812 (void)p;
ashleymills 0:714293de3836 7813 return SSL_SUCCESS;
ashleymills 0:714293de3836 7814 }
ashleymills 0:714293de3836 7815
ashleymills 0:714293de3836 7816
ashleymills 0:714293de3836 7817 void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 7818 CYASSL_SESSION*(*f)(CYASSL*, unsigned char*, int, int*))
ashleymills 0:714293de3836 7819 {
ashleymills 0:714293de3836 7820 (void)ctx;
ashleymills 0:714293de3836 7821 (void)f;
ashleymills 0:714293de3836 7822 }
ashleymills 0:714293de3836 7823
ashleymills 0:714293de3836 7824
ashleymills 0:714293de3836 7825 void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX* ctx,
ashleymills 0:714293de3836 7826 int (*f)(CYASSL*, CYASSL_SESSION*))
ashleymills 0:714293de3836 7827 {
ashleymills 0:714293de3836 7828 (void)ctx;
ashleymills 0:714293de3836 7829 (void)f;
ashleymills 0:714293de3836 7830 }
ashleymills 0:714293de3836 7831
ashleymills 0:714293de3836 7832
ashleymills 0:714293de3836 7833 void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX* ctx, void (*f)(CYASSL_CTX*,
ashleymills 0:714293de3836 7834 CYASSL_SESSION*))
ashleymills 0:714293de3836 7835 {
ashleymills 0:714293de3836 7836 (void)ctx;
ashleymills 0:714293de3836 7837 (void)f;
ashleymills 0:714293de3836 7838 }
ashleymills 0:714293de3836 7839
ashleymills 0:714293de3836 7840
ashleymills 0:714293de3836 7841 int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION* sess, unsigned char** p)
ashleymills 0:714293de3836 7842 {
ashleymills 0:714293de3836 7843 (void)sess;
ashleymills 0:714293de3836 7844 (void)p;
ashleymills 0:714293de3836 7845 return sizeof(CYASSL_SESSION);
ashleymills 0:714293de3836 7846 }
ashleymills 0:714293de3836 7847
ashleymills 0:714293de3836 7848
ashleymills 0:714293de3836 7849 CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION** sess,
ashleymills 0:714293de3836 7850 const unsigned char** p, long i)
ashleymills 0:714293de3836 7851 {
ashleymills 0:714293de3836 7852 (void)p;
ashleymills 0:714293de3836 7853 (void)i;
ashleymills 0:714293de3836 7854 if (sess)
ashleymills 0:714293de3836 7855 return *sess;
ashleymills 0:714293de3836 7856 return NULL;
ashleymills 0:714293de3836 7857 }
ashleymills 0:714293de3836 7858
ashleymills 0:714293de3836 7859
ashleymills 0:714293de3836 7860 long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION* sess)
ashleymills 0:714293de3836 7861 {
ashleymills 0:714293de3836 7862 CYASSL_ENTER("CyaSSL_SESSION_get_timeout");
ashleymills 0:714293de3836 7863 return sess->timeout;
ashleymills 0:714293de3836 7864 }
ashleymills 0:714293de3836 7865
ashleymills 0:714293de3836 7866
ashleymills 0:714293de3836 7867 long CyaSSL_SESSION_get_time(const CYASSL_SESSION* sess)
ashleymills 0:714293de3836 7868 {
ashleymills 0:714293de3836 7869 CYASSL_ENTER("CyaSSL_SESSION_get_time");
ashleymills 0:714293de3836 7870 return sess->bornOn;
ashleymills 0:714293de3836 7871 }
ashleymills 0:714293de3836 7872
ashleymills 0:714293de3836 7873
ashleymills 0:714293de3836 7874 int CyaSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
ashleymills 0:714293de3836 7875 void* c)
ashleymills 0:714293de3836 7876 {
ashleymills 0:714293de3836 7877 (void)idx;
ashleymills 0:714293de3836 7878 (void)arg;
ashleymills 0:714293de3836 7879 (void)a;
ashleymills 0:714293de3836 7880 (void)b;
ashleymills 0:714293de3836 7881 (void)c;
ashleymills 0:714293de3836 7882 return 0;
ashleymills 0:714293de3836 7883 }
ashleymills 0:714293de3836 7884
ashleymills 0:714293de3836 7885 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 7886
ashleymills 0:714293de3836 7887
ashleymills 0:714293de3836 7888 #ifdef KEEP_PEER_CERT
ashleymills 0:714293de3836 7889 char* CyaSSL_X509_get_subjectCN(CYASSL_X509* x509)
ashleymills 0:714293de3836 7890 {
ashleymills 0:714293de3836 7891 if (x509 == NULL)
ashleymills 0:714293de3836 7892 return NULL;
ashleymills 0:714293de3836 7893
ashleymills 0:714293de3836 7894 return x509->subjectCN;
ashleymills 0:714293de3836 7895 }
ashleymills 0:714293de3836 7896 #endif /* KEEP_PEER_CERT */
ashleymills 0:714293de3836 7897
ashleymills 0:714293de3836 7898 #ifdef OPENSSL_EXTRA
ashleymills 0:714293de3836 7899
ashleymills 0:714293de3836 7900 #ifdef FORTRESS
ashleymills 0:714293de3836 7901 int CyaSSL_cmp_peer_cert_to_file(CYASSL* ssl, const char *fname)
ashleymills 0:714293de3836 7902 {
ashleymills 0:714293de3836 7903 int ret = SSL_FATAL_ERROR;
ashleymills 0:714293de3836 7904
ashleymills 0:714293de3836 7905 CYASSL_ENTER("CyaSSL_cmp_peer_cert_to_file");
ashleymills 0:714293de3836 7906 if (ssl != NULL && fname != NULL)
ashleymills 0:714293de3836 7907 {
ashleymills 0:714293de3836 7908 XFILE file = XBADFILE;
ashleymills 0:714293de3836 7909 long sz = 0;
ashleymills 0:714293de3836 7910 byte staticBuffer[FILE_BUFFER_SIZE];
ashleymills 0:714293de3836 7911 byte* myBuffer = staticBuffer;
ashleymills 0:714293de3836 7912 CYASSL_CTX* ctx = ssl->ctx;
ashleymills 0:714293de3836 7913 EncryptedInfo info;
ashleymills 0:714293de3836 7914 buffer fileDer;
ashleymills 0:714293de3836 7915 int eccKey = 0;
ashleymills 0:714293de3836 7916 CYASSL_X509* peer_cert = &ssl->peerCert;
ashleymills 0:714293de3836 7917
ashleymills 0:714293de3836 7918 info.set = 0;
ashleymills 0:714293de3836 7919 info.ctx = ctx;
ashleymills 0:714293de3836 7920 info.consumed = 0;
ashleymills 0:714293de3836 7921 fileDer.buffer = 0;
ashleymills 0:714293de3836 7922
ashleymills 0:714293de3836 7923 file = XFOPEN(fname, "rb");
ashleymills 0:714293de3836 7924 if (file == XBADFILE) return SSL_BAD_FILE;
ashleymills 0:714293de3836 7925 XFSEEK(file, 0, XSEEK_END);
ashleymills 0:714293de3836 7926 sz = XFTELL(file);
ashleymills 0:714293de3836 7927 XREWIND(file);
ashleymills 0:714293de3836 7928 if (sz > (long)sizeof(staticBuffer)) {
ashleymills 0:714293de3836 7929 CYASSL_MSG("Getting dynamic buffer");
ashleymills 0:714293de3836 7930 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 7931 }
ashleymills 0:714293de3836 7932
ashleymills 0:714293de3836 7933 if ((myBuffer != NULL) &&
ashleymills 0:714293de3836 7934 (sz > 0) &&
ashleymills 0:714293de3836 7935 (XFREAD(myBuffer, sz, 1, file) > 0) &&
ashleymills 0:714293de3836 7936 (PemToDer(myBuffer, sz, CERT_TYPE,
ashleymills 0:714293de3836 7937 &fileDer, ctx->heap, &info, &eccKey) == 0) &&
ashleymills 0:714293de3836 7938 (fileDer.length != 0) &&
ashleymills 0:714293de3836 7939 (fileDer.length == peer_cert->derCert.length) &&
ashleymills 0:714293de3836 7940 (XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer,
ashleymills 0:714293de3836 7941 fileDer.length) == 0))
ashleymills 0:714293de3836 7942 {
ashleymills 0:714293de3836 7943 ret = 0;
ashleymills 0:714293de3836 7944 }
ashleymills 0:714293de3836 7945
ashleymills 0:714293de3836 7946 XFCLOSE(file);
ashleymills 0:714293de3836 7947 if (fileDer.buffer)
ashleymills 0:714293de3836 7948 XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
ashleymills 0:714293de3836 7949 if (myBuffer && (myBuffer != staticBuffer))
ashleymills 0:714293de3836 7950 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
ashleymills 0:714293de3836 7951 }
ashleymills 0:714293de3836 7952
ashleymills 0:714293de3836 7953 return ret;
ashleymills 0:714293de3836 7954 }
ashleymills 0:714293de3836 7955 #endif
ashleymills 0:714293de3836 7956
ashleymills 0:714293de3836 7957
ashleymills 0:714293de3836 7958 static RNG globalRNG;
ashleymills 0:714293de3836 7959 static int initGlobalRNG = 0;
ashleymills 0:714293de3836 7960
ashleymills 0:714293de3836 7961 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 7962 int CyaSSL_RAND_seed(const void* seed, int len)
ashleymills 0:714293de3836 7963 {
ashleymills 0:714293de3836 7964
ashleymills 0:714293de3836 7965 CYASSL_MSG("CyaSSL_RAND_seed");
ashleymills 0:714293de3836 7966
ashleymills 0:714293de3836 7967 (void)seed;
ashleymills 0:714293de3836 7968 (void)len;
ashleymills 0:714293de3836 7969
ashleymills 0:714293de3836 7970 if (initGlobalRNG == 0) {
ashleymills 0:714293de3836 7971 if (InitRng(&globalRNG) < 0) {
ashleymills 0:714293de3836 7972 CYASSL_MSG("CyaSSL Init Global RNG failed");
ashleymills 0:714293de3836 7973 }
ashleymills 0:714293de3836 7974 initGlobalRNG = 1;
ashleymills 0:714293de3836 7975 }
ashleymills 0:714293de3836 7976
ashleymills 0:714293de3836 7977 return SSL_SUCCESS;
ashleymills 0:714293de3836 7978 }
ashleymills 0:714293de3836 7979
ashleymills 0:714293de3836 7980
ashleymills 0:714293de3836 7981 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 7982 int CyaSSL_RAND_bytes(unsigned char* buf, int num)
ashleymills 0:714293de3836 7983 {
ashleymills 0:714293de3836 7984 RNG tmpRNG;
ashleymills 0:714293de3836 7985 RNG* rng = &tmpRNG;
ashleymills 0:714293de3836 7986
ashleymills 0:714293de3836 7987 CYASSL_ENTER("RAND_bytes");
ashleymills 0:714293de3836 7988 if (InitRng(&tmpRNG) != 0) {
ashleymills 0:714293de3836 7989 CYASSL_MSG("Bad RNG Init, trying global");
ashleymills 0:714293de3836 7990 if (initGlobalRNG == 0) {
ashleymills 0:714293de3836 7991 CYASSL_MSG("Global RNG no Init");
ashleymills 0:714293de3836 7992 return 0;
ashleymills 0:714293de3836 7993 }
ashleymills 0:714293de3836 7994 rng = &globalRNG;
ashleymills 0:714293de3836 7995 }
ashleymills 0:714293de3836 7996
ashleymills 0:714293de3836 7997 RNG_GenerateBlock(rng, buf, num);
ashleymills 0:714293de3836 7998
ashleymills 0:714293de3836 7999 return SSL_SUCCESS;
ashleymills 0:714293de3836 8000 }
ashleymills 0:714293de3836 8001
ashleymills 0:714293de3836 8002 CYASSL_BN_CTX* CyaSSL_BN_CTX_new(void)
ashleymills 0:714293de3836 8003 {
ashleymills 0:714293de3836 8004 static int ctx; /* ctaocrypt doesn't now need ctx */
ashleymills 0:714293de3836 8005
ashleymills 0:714293de3836 8006 CYASSL_MSG("CyaSSL_BN_CTX_new");
ashleymills 0:714293de3836 8007
ashleymills 0:714293de3836 8008 return (CYASSL_BN_CTX*)&ctx;
ashleymills 0:714293de3836 8009 }
ashleymills 0:714293de3836 8010
ashleymills 0:714293de3836 8011 void CyaSSL_BN_CTX_init(CYASSL_BN_CTX* ctx)
ashleymills 0:714293de3836 8012 {
ashleymills 0:714293de3836 8013 (void)ctx;
ashleymills 0:714293de3836 8014 CYASSL_MSG("CyaSSL_BN_CTX_init");
ashleymills 0:714293de3836 8015 }
ashleymills 0:714293de3836 8016
ashleymills 0:714293de3836 8017
ashleymills 0:714293de3836 8018 void CyaSSL_BN_CTX_free(CYASSL_BN_CTX* ctx)
ashleymills 0:714293de3836 8019 {
ashleymills 0:714293de3836 8020 (void)ctx;
ashleymills 0:714293de3836 8021 CYASSL_MSG("CyaSSL_BN_CTX_free");
ashleymills 0:714293de3836 8022
ashleymills 0:714293de3836 8023 /* do free since static ctx that does nothing */
ashleymills 0:714293de3836 8024 }
ashleymills 0:714293de3836 8025
ashleymills 0:714293de3836 8026
ashleymills 0:714293de3836 8027 static void InitCyaSSL_BigNum(CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8028 {
ashleymills 0:714293de3836 8029 CYASSL_MSG("InitCyaSSL_BigNum");
ashleymills 0:714293de3836 8030 if (bn) {
ashleymills 0:714293de3836 8031 bn->neg = 0;
ashleymills 0:714293de3836 8032 bn->internal = NULL;
ashleymills 0:714293de3836 8033 }
ashleymills 0:714293de3836 8034 }
ashleymills 0:714293de3836 8035
ashleymills 0:714293de3836 8036
ashleymills 0:714293de3836 8037 CYASSL_BIGNUM* CyaSSL_BN_new(void)
ashleymills 0:714293de3836 8038 {
ashleymills 0:714293de3836 8039 CYASSL_BIGNUM* external;
ashleymills 0:714293de3836 8040 mp_int* mpi;
ashleymills 0:714293de3836 8041
ashleymills 0:714293de3836 8042 CYASSL_MSG("CyaSSL_BN_new");
ashleymills 0:714293de3836 8043
ashleymills 0:714293de3836 8044 mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
ashleymills 0:714293de3836 8045 if (mpi == NULL) {
ashleymills 0:714293de3836 8046 CYASSL_MSG("CyaSSL_BN_new malloc mpi failure");
ashleymills 0:714293de3836 8047 return NULL;
ashleymills 0:714293de3836 8048 }
ashleymills 0:714293de3836 8049
ashleymills 0:714293de3836 8050 external = (CYASSL_BIGNUM*) XMALLOC(sizeof(CYASSL_BIGNUM), NULL,
ashleymills 0:714293de3836 8051 DYNAMIC_TYPE_BIGINT);
ashleymills 0:714293de3836 8052 if (external == NULL) {
ashleymills 0:714293de3836 8053 CYASSL_MSG("CyaSSL_BN_new malloc CYASSL_BIGNUM failure");
ashleymills 0:714293de3836 8054 XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
ashleymills 0:714293de3836 8055 return NULL;
ashleymills 0:714293de3836 8056 }
ashleymills 0:714293de3836 8057
ashleymills 0:714293de3836 8058 InitCyaSSL_BigNum(external);
ashleymills 0:714293de3836 8059 external->internal = mpi;
ashleymills 0:714293de3836 8060 if (mp_init(mpi) != MP_OKAY) {
ashleymills 0:714293de3836 8061 CyaSSL_BN_free(external);
ashleymills 0:714293de3836 8062 return NULL;
ashleymills 0:714293de3836 8063 }
ashleymills 0:714293de3836 8064
ashleymills 0:714293de3836 8065 return external;
ashleymills 0:714293de3836 8066 }
ashleymills 0:714293de3836 8067
ashleymills 0:714293de3836 8068
ashleymills 0:714293de3836 8069 void CyaSSL_BN_free(CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8070 {
ashleymills 0:714293de3836 8071 CYASSL_MSG("CyaSSL_BN_free");
ashleymills 0:714293de3836 8072 if (bn) {
ashleymills 0:714293de3836 8073 if (bn->internal) {
ashleymills 0:714293de3836 8074 mp_clear((mp_int*)bn->internal);
ashleymills 0:714293de3836 8075 XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
ashleymills 0:714293de3836 8076 bn->internal = NULL;
ashleymills 0:714293de3836 8077 }
ashleymills 0:714293de3836 8078 XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
ashleymills 0:714293de3836 8079 }
ashleymills 0:714293de3836 8080 }
ashleymills 0:714293de3836 8081
ashleymills 0:714293de3836 8082
ashleymills 0:714293de3836 8083 void CyaSSL_BN_clear_free(CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8084 {
ashleymills 0:714293de3836 8085 CYASSL_MSG("CyaSSL_BN_clear_free");
ashleymills 0:714293de3836 8086
ashleymills 0:714293de3836 8087 CyaSSL_BN_free(bn);
ashleymills 0:714293de3836 8088 }
ashleymills 0:714293de3836 8089
ashleymills 0:714293de3836 8090
ashleymills 0:714293de3836 8091 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 8092 int CyaSSL_BN_sub(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
ashleymills 0:714293de3836 8093 const CYASSL_BIGNUM* b)
ashleymills 0:714293de3836 8094 {
ashleymills 0:714293de3836 8095 CYASSL_MSG("CyaSSL_BN_sub");
ashleymills 0:714293de3836 8096
ashleymills 0:714293de3836 8097 if (r == NULL || a == NULL || b == NULL)
ashleymills 0:714293de3836 8098 return 0;
ashleymills 0:714293de3836 8099
ashleymills 0:714293de3836 8100 if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal,
ashleymills 0:714293de3836 8101 (mp_int*)r->internal) == MP_OKAY)
ashleymills 0:714293de3836 8102 return SSL_SUCCESS;
ashleymills 0:714293de3836 8103
ashleymills 0:714293de3836 8104 CYASSL_MSG("CyaSSL_BN_sub mp_sub failed");
ashleymills 0:714293de3836 8105 return 0;
ashleymills 0:714293de3836 8106 }
ashleymills 0:714293de3836 8107
ashleymills 0:714293de3836 8108
ashleymills 0:714293de3836 8109 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 8110 int CyaSSL_BN_mod(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
ashleymills 0:714293de3836 8111 const CYASSL_BIGNUM* b, const CYASSL_BN_CTX* c)
ashleymills 0:714293de3836 8112 {
ashleymills 0:714293de3836 8113 (void)c;
ashleymills 0:714293de3836 8114 CYASSL_MSG("CyaSSL_BN_mod");
ashleymills 0:714293de3836 8115
ashleymills 0:714293de3836 8116 if (r == NULL || a == NULL || b == NULL)
ashleymills 0:714293de3836 8117 return 0;
ashleymills 0:714293de3836 8118
ashleymills 0:714293de3836 8119 if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal,
ashleymills 0:714293de3836 8120 (mp_int*)r->internal) == MP_OKAY)
ashleymills 0:714293de3836 8121 return SSL_SUCCESS;
ashleymills 0:714293de3836 8122
ashleymills 0:714293de3836 8123 CYASSL_MSG("CyaSSL_BN_mod mp_mod failed");
ashleymills 0:714293de3836 8124 return 0;
ashleymills 0:714293de3836 8125 }
ashleymills 0:714293de3836 8126
ashleymills 0:714293de3836 8127
ashleymills 0:714293de3836 8128 const CYASSL_BIGNUM* CyaSSL_BN_value_one(void)
ashleymills 0:714293de3836 8129 {
ashleymills 0:714293de3836 8130 static CYASSL_BIGNUM* bn_one = NULL;
ashleymills 0:714293de3836 8131
ashleymills 0:714293de3836 8132 CYASSL_MSG("CyaSSL_BN_value_one");
ashleymills 0:714293de3836 8133
ashleymills 0:714293de3836 8134 if (bn_one == NULL) {
ashleymills 0:714293de3836 8135 bn_one = CyaSSL_BN_new();
ashleymills 0:714293de3836 8136 if (bn_one)
ashleymills 0:714293de3836 8137 mp_set_int((mp_int*)bn_one->internal, 1);
ashleymills 0:714293de3836 8138 }
ashleymills 0:714293de3836 8139
ashleymills 0:714293de3836 8140 return bn_one;
ashleymills 0:714293de3836 8141 }
ashleymills 0:714293de3836 8142
ashleymills 0:714293de3836 8143
ashleymills 0:714293de3836 8144 int CyaSSL_BN_num_bytes(const CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8145 {
ashleymills 0:714293de3836 8146 CYASSL_MSG("CyaSSL_BN_num_bytes");
ashleymills 0:714293de3836 8147
ashleymills 0:714293de3836 8148 if (bn == NULL || bn->internal == NULL)
ashleymills 0:714293de3836 8149 return 0;
ashleymills 0:714293de3836 8150
ashleymills 0:714293de3836 8151 return mp_unsigned_bin_size((mp_int*)bn->internal);
ashleymills 0:714293de3836 8152 }
ashleymills 0:714293de3836 8153
ashleymills 0:714293de3836 8154
ashleymills 0:714293de3836 8155 int CyaSSL_BN_num_bits(const CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8156 {
ashleymills 0:714293de3836 8157 CYASSL_MSG("CyaSSL_BN_num_bits");
ashleymills 0:714293de3836 8158
ashleymills 0:714293de3836 8159 if (bn == NULL || bn->internal == NULL)
ashleymills 0:714293de3836 8160 return 0;
ashleymills 0:714293de3836 8161
ashleymills 0:714293de3836 8162 return mp_count_bits((mp_int*)bn->internal);
ashleymills 0:714293de3836 8163 }
ashleymills 0:714293de3836 8164
ashleymills 0:714293de3836 8165
ashleymills 0:714293de3836 8166 int CyaSSL_BN_is_zero(const CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8167 {
ashleymills 0:714293de3836 8168 CYASSL_MSG("CyaSSL_BN_is_zero");
ashleymills 0:714293de3836 8169
ashleymills 0:714293de3836 8170 if (bn == NULL || bn->internal == NULL)
ashleymills 0:714293de3836 8171 return 0;
ashleymills 0:714293de3836 8172
ashleymills 0:714293de3836 8173 return mp_iszero((mp_int*)bn->internal);
ashleymills 0:714293de3836 8174 }
ashleymills 0:714293de3836 8175
ashleymills 0:714293de3836 8176
ashleymills 0:714293de3836 8177 int CyaSSL_BN_is_one(const CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8178 {
ashleymills 0:714293de3836 8179 CYASSL_MSG("CyaSSL_BN_is_one");
ashleymills 0:714293de3836 8180
ashleymills 0:714293de3836 8181 if (bn == NULL || bn->internal == NULL)
ashleymills 0:714293de3836 8182 return 0;
ashleymills 0:714293de3836 8183
ashleymills 0:714293de3836 8184 if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
ashleymills 0:714293de3836 8185 return 1;
ashleymills 0:714293de3836 8186
ashleymills 0:714293de3836 8187 return 0;
ashleymills 0:714293de3836 8188 }
ashleymills 0:714293de3836 8189
ashleymills 0:714293de3836 8190
ashleymills 0:714293de3836 8191 int CyaSSL_BN_is_odd(const CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8192 {
ashleymills 0:714293de3836 8193 CYASSL_MSG("CyaSSL_BN_is_odd");
ashleymills 0:714293de3836 8194
ashleymills 0:714293de3836 8195 if (bn == NULL || bn->internal == NULL)
ashleymills 0:714293de3836 8196 return 0;
ashleymills 0:714293de3836 8197
ashleymills 0:714293de3836 8198 return mp_isodd((mp_int*)bn->internal);
ashleymills 0:714293de3836 8199 }
ashleymills 0:714293de3836 8200
ashleymills 0:714293de3836 8201
ashleymills 0:714293de3836 8202 int CyaSSL_BN_cmp(const CYASSL_BIGNUM* a, const CYASSL_BIGNUM* b)
ashleymills 0:714293de3836 8203 {
ashleymills 0:714293de3836 8204 CYASSL_MSG("CyaSSL_BN_cmp");
ashleymills 0:714293de3836 8205
ashleymills 0:714293de3836 8206 if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL)
ashleymills 0:714293de3836 8207 return 0;
ashleymills 0:714293de3836 8208
ashleymills 0:714293de3836 8209 return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
ashleymills 0:714293de3836 8210 }
ashleymills 0:714293de3836 8211
ashleymills 0:714293de3836 8212
ashleymills 0:714293de3836 8213 int CyaSSL_BN_bn2bin(const CYASSL_BIGNUM* bn, unsigned char* r)
ashleymills 0:714293de3836 8214 {
ashleymills 0:714293de3836 8215 CYASSL_MSG("CyaSSL_BN_bn2bin");
ashleymills 0:714293de3836 8216
ashleymills 0:714293de3836 8217 if (bn == NULL || bn->internal == NULL) {
ashleymills 0:714293de3836 8218 CYASSL_MSG("NULL bn error");
ashleymills 0:714293de3836 8219 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8220 }
ashleymills 0:714293de3836 8221
ashleymills 0:714293de3836 8222 if (r == NULL)
ashleymills 0:714293de3836 8223 return mp_unsigned_bin_size((mp_int*)bn->internal);
ashleymills 0:714293de3836 8224
ashleymills 0:714293de3836 8225 if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
ashleymills 0:714293de3836 8226 CYASSL_MSG("mp_to_unsigned_bin error");
ashleymills 0:714293de3836 8227 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8228 }
ashleymills 0:714293de3836 8229
ashleymills 0:714293de3836 8230 return mp_unsigned_bin_size((mp_int*)bn->internal);
ashleymills 0:714293de3836 8231 }
ashleymills 0:714293de3836 8232
ashleymills 0:714293de3836 8233
ashleymills 0:714293de3836 8234 CYASSL_BIGNUM* CyaSSL_BN_bin2bn(const unsigned char* str, int len,
ashleymills 0:714293de3836 8235 CYASSL_BIGNUM* ret)
ashleymills 0:714293de3836 8236 {
ashleymills 0:714293de3836 8237 CYASSL_MSG("CyaSSL_BN_bin2bn");
ashleymills 0:714293de3836 8238
ashleymills 0:714293de3836 8239 if (ret && ret->internal) {
ashleymills 0:714293de3836 8240 if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
ashleymills 0:714293de3836 8241 CYASSL_MSG("mp_read_unsigned_bin failure");
ashleymills 0:714293de3836 8242 return NULL;
ashleymills 0:714293de3836 8243 }
ashleymills 0:714293de3836 8244 }
ashleymills 0:714293de3836 8245 else {
ashleymills 0:714293de3836 8246 CYASSL_MSG("CyaSSL_BN_bin2bn wants return bignum");
ashleymills 0:714293de3836 8247 }
ashleymills 0:714293de3836 8248
ashleymills 0:714293de3836 8249 return ret;
ashleymills 0:714293de3836 8250 }
ashleymills 0:714293de3836 8251
ashleymills 0:714293de3836 8252
ashleymills 0:714293de3836 8253 int CyaSSL_mask_bits(CYASSL_BIGNUM* bn, int n)
ashleymills 0:714293de3836 8254 {
ashleymills 0:714293de3836 8255 (void)bn;
ashleymills 0:714293de3836 8256 (void)n;
ashleymills 0:714293de3836 8257 CYASSL_MSG("CyaSSL_BN_mask_bits");
ashleymills 0:714293de3836 8258
ashleymills 0:714293de3836 8259 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8260 }
ashleymills 0:714293de3836 8261
ashleymills 0:714293de3836 8262
ashleymills 0:714293de3836 8263 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 8264 int CyaSSL_BN_rand(CYASSL_BIGNUM* bn, int bits, int top, int bottom)
ashleymills 0:714293de3836 8265 {
ashleymills 0:714293de3836 8266 byte buff[1024];
ashleymills 0:714293de3836 8267 RNG tmpRNG;
ashleymills 0:714293de3836 8268 RNG* rng = &tmpRNG;
ashleymills 0:714293de3836 8269 int len = bits/8;
ashleymills 0:714293de3836 8270
ashleymills 0:714293de3836 8271 (void)top;
ashleymills 0:714293de3836 8272 (void)bottom;
ashleymills 0:714293de3836 8273 CYASSL_MSG("CyaSSL_BN_rand");
ashleymills 0:714293de3836 8274
ashleymills 0:714293de3836 8275 if (bn == NULL || bn->internal == NULL) {
ashleymills 0:714293de3836 8276 CYASSL_MSG("Bad function arguments");
ashleymills 0:714293de3836 8277 return 0;
ashleymills 0:714293de3836 8278 }
ashleymills 0:714293de3836 8279
ashleymills 0:714293de3836 8280 if (bits % 8)
ashleymills 0:714293de3836 8281 len++;
ashleymills 0:714293de3836 8282
ashleymills 0:714293de3836 8283 if ( (InitRng(&tmpRNG)) != 0) {
ashleymills 0:714293de3836 8284 CYASSL_MSG("Bad RNG Init, trying global");
ashleymills 0:714293de3836 8285 if (initGlobalRNG == 0) {
ashleymills 0:714293de3836 8286 CYASSL_MSG("Global RNG no Init");
ashleymills 0:714293de3836 8287 return 0;
ashleymills 0:714293de3836 8288 }
ashleymills 0:714293de3836 8289 rng = &globalRNG;
ashleymills 0:714293de3836 8290 }
ashleymills 0:714293de3836 8291
ashleymills 0:714293de3836 8292 RNG_GenerateBlock(rng, buff, len);
ashleymills 0:714293de3836 8293 buff[0] |= 0x80 | 0x40;
ashleymills 0:714293de3836 8294 buff[len-1] |= 0x01;
ashleymills 0:714293de3836 8295
ashleymills 0:714293de3836 8296 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY) {
ashleymills 0:714293de3836 8297 CYASSL_MSG("mp read bin failed");
ashleymills 0:714293de3836 8298 return 0;
ashleymills 0:714293de3836 8299 }
ashleymills 0:714293de3836 8300
ashleymills 0:714293de3836 8301 return SSL_SUCCESS;
ashleymills 0:714293de3836 8302 }
ashleymills 0:714293de3836 8303
ashleymills 0:714293de3836 8304
ashleymills 0:714293de3836 8305 int CyaSSL_BN_is_bit_set(const CYASSL_BIGNUM* bn, int n)
ashleymills 0:714293de3836 8306 {
ashleymills 0:714293de3836 8307 (void)bn;
ashleymills 0:714293de3836 8308 (void)n;
ashleymills 0:714293de3836 8309
ashleymills 0:714293de3836 8310 CYASSL_MSG("CyaSSL_BN_is_bit_set");
ashleymills 0:714293de3836 8311
ashleymills 0:714293de3836 8312 return 0;
ashleymills 0:714293de3836 8313 }
ashleymills 0:714293de3836 8314
ashleymills 0:714293de3836 8315
ashleymills 0:714293de3836 8316 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 8317 int CyaSSL_BN_hex2bn(CYASSL_BIGNUM** bn, const char* str)
ashleymills 0:714293de3836 8318 {
ashleymills 0:714293de3836 8319 byte decoded[1024];
ashleymills 0:714293de3836 8320 word32 decSz = sizeof(decoded);
ashleymills 0:714293de3836 8321
ashleymills 0:714293de3836 8322 CYASSL_MSG("CyaSSL_BN_hex2bn");
ashleymills 0:714293de3836 8323
ashleymills 0:714293de3836 8324 if (str == NULL) {
ashleymills 0:714293de3836 8325 CYASSL_MSG("Bad function argument");
ashleymills 0:714293de3836 8326 return 0;
ashleymills 0:714293de3836 8327 }
ashleymills 0:714293de3836 8328
ashleymills 0:714293de3836 8329 if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0) {
ashleymills 0:714293de3836 8330 CYASSL_MSG("Bad Base16_Decode error");
ashleymills 0:714293de3836 8331 return 0;
ashleymills 0:714293de3836 8332 }
ashleymills 0:714293de3836 8333
ashleymills 0:714293de3836 8334 if (bn == NULL)
ashleymills 0:714293de3836 8335 return decSz;
ashleymills 0:714293de3836 8336
ashleymills 0:714293de3836 8337 if (*bn == NULL) {
ashleymills 0:714293de3836 8338 *bn = CyaSSL_BN_new();
ashleymills 0:714293de3836 8339 if (*bn == NULL) {
ashleymills 0:714293de3836 8340 CYASSL_MSG("BN new failed");
ashleymills 0:714293de3836 8341 return 0;
ashleymills 0:714293de3836 8342 }
ashleymills 0:714293de3836 8343 }
ashleymills 0:714293de3836 8344
ashleymills 0:714293de3836 8345 if (CyaSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) {
ashleymills 0:714293de3836 8346 CYASSL_MSG("Bad bin2bn error");
ashleymills 0:714293de3836 8347 return 0;
ashleymills 0:714293de3836 8348 }
ashleymills 0:714293de3836 8349
ashleymills 0:714293de3836 8350 return SSL_SUCCESS;
ashleymills 0:714293de3836 8351 }
ashleymills 0:714293de3836 8352
ashleymills 0:714293de3836 8353
ashleymills 0:714293de3836 8354 CYASSL_BIGNUM* CyaSSL_BN_dup(const CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8355 {
ashleymills 0:714293de3836 8356 CYASSL_BIGNUM* ret;
ashleymills 0:714293de3836 8357
ashleymills 0:714293de3836 8358 CYASSL_MSG("CyaSSL_BN_dup");
ashleymills 0:714293de3836 8359
ashleymills 0:714293de3836 8360 if (bn == NULL || bn->internal == NULL) {
ashleymills 0:714293de3836 8361 CYASSL_MSG("bn NULL error");
ashleymills 0:714293de3836 8362 return NULL;
ashleymills 0:714293de3836 8363 }
ashleymills 0:714293de3836 8364
ashleymills 0:714293de3836 8365 ret = CyaSSL_BN_new();
ashleymills 0:714293de3836 8366 if (ret == NULL) {
ashleymills 0:714293de3836 8367 CYASSL_MSG("bn new error");
ashleymills 0:714293de3836 8368 return NULL;
ashleymills 0:714293de3836 8369 }
ashleymills 0:714293de3836 8370
ashleymills 0:714293de3836 8371 if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) {
ashleymills 0:714293de3836 8372 CYASSL_MSG("mp_copy error");
ashleymills 0:714293de3836 8373 CyaSSL_BN_free(ret);
ashleymills 0:714293de3836 8374 return NULL;
ashleymills 0:714293de3836 8375 }
ashleymills 0:714293de3836 8376
ashleymills 0:714293de3836 8377 return ret;
ashleymills 0:714293de3836 8378 }
ashleymills 0:714293de3836 8379
ashleymills 0:714293de3836 8380
ashleymills 0:714293de3836 8381 CYASSL_BIGNUM* CyaSSL_BN_copy(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8382 {
ashleymills 0:714293de3836 8383 (void)r;
ashleymills 0:714293de3836 8384 (void)bn;
ashleymills 0:714293de3836 8385
ashleymills 0:714293de3836 8386 CYASSL_MSG("CyaSSL_BN_copy");
ashleymills 0:714293de3836 8387
ashleymills 0:714293de3836 8388 return NULL;
ashleymills 0:714293de3836 8389 }
ashleymills 0:714293de3836 8390
ashleymills 0:714293de3836 8391
ashleymills 0:714293de3836 8392 int CyaSSL_BN_set_word(CYASSL_BIGNUM* bn, unsigned long w)
ashleymills 0:714293de3836 8393 {
ashleymills 0:714293de3836 8394 (void)bn;
ashleymills 0:714293de3836 8395 (void)w;
ashleymills 0:714293de3836 8396
ashleymills 0:714293de3836 8397 CYASSL_MSG("CyaSSL_BN_set_word");
ashleymills 0:714293de3836 8398
ashleymills 0:714293de3836 8399 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8400 }
ashleymills 0:714293de3836 8401
ashleymills 0:714293de3836 8402
ashleymills 0:714293de3836 8403 int CyaSSL_BN_dec2bn(CYASSL_BIGNUM** bn, const char* str)
ashleymills 0:714293de3836 8404 {
ashleymills 0:714293de3836 8405 (void)bn;
ashleymills 0:714293de3836 8406 (void)str;
ashleymills 0:714293de3836 8407
ashleymills 0:714293de3836 8408 CYASSL_MSG("CyaSSL_BN_dec2bn");
ashleymills 0:714293de3836 8409
ashleymills 0:714293de3836 8410 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8411 }
ashleymills 0:714293de3836 8412
ashleymills 0:714293de3836 8413
ashleymills 0:714293de3836 8414 char* CyaSSL_BN_bn2dec(const CYASSL_BIGNUM* bn)
ashleymills 0:714293de3836 8415 {
ashleymills 0:714293de3836 8416 (void)bn;
ashleymills 0:714293de3836 8417
ashleymills 0:714293de3836 8418 CYASSL_MSG("CyaSSL_BN_bn2dec");
ashleymills 0:714293de3836 8419
ashleymills 0:714293de3836 8420 return NULL;
ashleymills 0:714293de3836 8421 }
ashleymills 0:714293de3836 8422
ashleymills 0:714293de3836 8423
ashleymills 0:714293de3836 8424 static void InitCyaSSL_DH(CYASSL_DH* dh)
ashleymills 0:714293de3836 8425 {
ashleymills 0:714293de3836 8426 if (dh) {
ashleymills 0:714293de3836 8427 dh->p = NULL;
ashleymills 0:714293de3836 8428 dh->g = NULL;
ashleymills 0:714293de3836 8429 dh->pub_key = NULL;
ashleymills 0:714293de3836 8430 dh->priv_key = NULL;
ashleymills 0:714293de3836 8431 dh->internal = NULL;
ashleymills 0:714293de3836 8432 dh->inSet = 0;
ashleymills 0:714293de3836 8433 dh->exSet = 0;
ashleymills 0:714293de3836 8434 }
ashleymills 0:714293de3836 8435 }
ashleymills 0:714293de3836 8436
ashleymills 0:714293de3836 8437
ashleymills 0:714293de3836 8438 CYASSL_DH* CyaSSL_DH_new(void)
ashleymills 0:714293de3836 8439 {
ashleymills 0:714293de3836 8440 CYASSL_DH* external;
ashleymills 0:714293de3836 8441 DhKey* key;
ashleymills 0:714293de3836 8442
ashleymills 0:714293de3836 8443 CYASSL_MSG("CyaSSL_DH_new");
ashleymills 0:714293de3836 8444
ashleymills 0:714293de3836 8445 key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 8446 if (key == NULL) {
ashleymills 0:714293de3836 8447 CYASSL_MSG("CyaSSL_DH_new malloc DhKey failure");
ashleymills 0:714293de3836 8448 return NULL;
ashleymills 0:714293de3836 8449 }
ashleymills 0:714293de3836 8450
ashleymills 0:714293de3836 8451 external = (CYASSL_DH*) XMALLOC(sizeof(CYASSL_DH), NULL,
ashleymills 0:714293de3836 8452 DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 8453 if (external == NULL) {
ashleymills 0:714293de3836 8454 CYASSL_MSG("CyaSSL_DH_new malloc CYASSL_DH failure");
ashleymills 0:714293de3836 8455 XFREE(key, NULL, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 8456 return NULL;
ashleymills 0:714293de3836 8457 }
ashleymills 0:714293de3836 8458
ashleymills 0:714293de3836 8459 InitCyaSSL_DH(external);
ashleymills 0:714293de3836 8460 InitDhKey(key);
ashleymills 0:714293de3836 8461 external->internal = key;
ashleymills 0:714293de3836 8462
ashleymills 0:714293de3836 8463 return external;
ashleymills 0:714293de3836 8464 }
ashleymills 0:714293de3836 8465
ashleymills 0:714293de3836 8466
ashleymills 0:714293de3836 8467 void CyaSSL_DH_free(CYASSL_DH* dh)
ashleymills 0:714293de3836 8468 {
ashleymills 0:714293de3836 8469 CYASSL_MSG("CyaSSL_DH_free");
ashleymills 0:714293de3836 8470
ashleymills 0:714293de3836 8471 if (dh) {
ashleymills 0:714293de3836 8472 if (dh->internal) {
ashleymills 0:714293de3836 8473 FreeDhKey((DhKey*)dh->internal);
ashleymills 0:714293de3836 8474 XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 8475 dh->internal = NULL;
ashleymills 0:714293de3836 8476 }
ashleymills 0:714293de3836 8477 CyaSSL_BN_free(dh->priv_key);
ashleymills 0:714293de3836 8478 CyaSSL_BN_free(dh->pub_key);
ashleymills 0:714293de3836 8479 CyaSSL_BN_free(dh->g);
ashleymills 0:714293de3836 8480 CyaSSL_BN_free(dh->p);
ashleymills 0:714293de3836 8481 InitCyaSSL_DH(dh); /* set back to NULLs for safety */
ashleymills 0:714293de3836 8482
ashleymills 0:714293de3836 8483 XFREE(dh, NULL, DYNAMIC_TYPE_DH);
ashleymills 0:714293de3836 8484 }
ashleymills 0:714293de3836 8485 }
ashleymills 0:714293de3836 8486
ashleymills 0:714293de3836 8487
ashleymills 0:714293de3836 8488 static int SetDhInternal(CYASSL_DH* dh)
ashleymills 0:714293de3836 8489 {
ashleymills 0:714293de3836 8490 unsigned char p[1024];
ashleymills 0:714293de3836 8491 unsigned char g[1024];
ashleymills 0:714293de3836 8492 int pSz = sizeof(p);
ashleymills 0:714293de3836 8493 int gSz = sizeof(g);
ashleymills 0:714293de3836 8494
ashleymills 0:714293de3836 8495 CYASSL_ENTER("SetDhInternal");
ashleymills 0:714293de3836 8496
ashleymills 0:714293de3836 8497 if (dh == NULL || dh->p == NULL || dh->g == NULL) {
ashleymills 0:714293de3836 8498 CYASSL_MSG("Bad function arguments");
ashleymills 0:714293de3836 8499 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8500 }
ashleymills 0:714293de3836 8501
ashleymills 0:714293de3836 8502 if (CyaSSL_BN_bn2bin(dh->p, NULL) > pSz) {
ashleymills 0:714293de3836 8503 CYASSL_MSG("Bad p internal size");
ashleymills 0:714293de3836 8504 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8505 }
ashleymills 0:714293de3836 8506
ashleymills 0:714293de3836 8507 if (CyaSSL_BN_bn2bin(dh->g, NULL) > gSz) {
ashleymills 0:714293de3836 8508 CYASSL_MSG("Bad g internal size");
ashleymills 0:714293de3836 8509 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8510 }
ashleymills 0:714293de3836 8511
ashleymills 0:714293de3836 8512 pSz = CyaSSL_BN_bn2bin(dh->p, p);
ashleymills 0:714293de3836 8513 gSz = CyaSSL_BN_bn2bin(dh->g, g);
ashleymills 0:714293de3836 8514
ashleymills 0:714293de3836 8515 if (pSz <= 0 || gSz <= 0) {
ashleymills 0:714293de3836 8516 CYASSL_MSG("Bad BN2bin set");
ashleymills 0:714293de3836 8517 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8518 }
ashleymills 0:714293de3836 8519
ashleymills 0:714293de3836 8520 if (DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0) {
ashleymills 0:714293de3836 8521 CYASSL_MSG("Bad DH SetKey");
ashleymills 0:714293de3836 8522 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8523 }
ashleymills 0:714293de3836 8524
ashleymills 0:714293de3836 8525 dh->inSet = 1;
ashleymills 0:714293de3836 8526
ashleymills 0:714293de3836 8527 return 0;
ashleymills 0:714293de3836 8528 }
ashleymills 0:714293de3836 8529
ashleymills 0:714293de3836 8530
ashleymills 0:714293de3836 8531 int CyaSSL_DH_size(CYASSL_DH* dh)
ashleymills 0:714293de3836 8532 {
ashleymills 0:714293de3836 8533 CYASSL_MSG("CyaSSL_DH_size");
ashleymills 0:714293de3836 8534
ashleymills 0:714293de3836 8535 if (dh == NULL)
ashleymills 0:714293de3836 8536 return 0;
ashleymills 0:714293de3836 8537
ashleymills 0:714293de3836 8538 return CyaSSL_BN_num_bytes(dh->p);
ashleymills 0:714293de3836 8539 }
ashleymills 0:714293de3836 8540
ashleymills 0:714293de3836 8541
ashleymills 0:714293de3836 8542 /* return SSL_SUCCESS on ok, else 0 */
ashleymills 0:714293de3836 8543 int CyaSSL_DH_generate_key(CYASSL_DH* dh)
ashleymills 0:714293de3836 8544 {
ashleymills 0:714293de3836 8545 unsigned char pub [768];
ashleymills 0:714293de3836 8546 unsigned char priv[768];
ashleymills 0:714293de3836 8547 word32 pubSz = sizeof(pub);
ashleymills 0:714293de3836 8548 word32 privSz = sizeof(priv);
ashleymills 0:714293de3836 8549 RNG tmpRNG;
ashleymills 0:714293de3836 8550 RNG* rng = &tmpRNG;
ashleymills 0:714293de3836 8551
ashleymills 0:714293de3836 8552 CYASSL_MSG("CyaSSL_DH_generate_key");
ashleymills 0:714293de3836 8553
ashleymills 0:714293de3836 8554 if (dh == NULL || dh->p == NULL || dh->g == NULL) {
ashleymills 0:714293de3836 8555 CYASSL_MSG("Bad function arguments");
ashleymills 0:714293de3836 8556 return 0;
ashleymills 0:714293de3836 8557 }
ashleymills 0:714293de3836 8558
ashleymills 0:714293de3836 8559 if (dh->inSet == 0) {
ashleymills 0:714293de3836 8560 if (SetDhInternal(dh) < 0) {
ashleymills 0:714293de3836 8561 CYASSL_MSG("Bad DH set internal");
ashleymills 0:714293de3836 8562 return 0;
ashleymills 0:714293de3836 8563 }
ashleymills 0:714293de3836 8564 }
ashleymills 0:714293de3836 8565
ashleymills 0:714293de3836 8566 if ( (InitRng(&tmpRNG)) != 0) {
ashleymills 0:714293de3836 8567 CYASSL_MSG("Bad RNG Init, trying global");
ashleymills 0:714293de3836 8568 if (initGlobalRNG == 0) {
ashleymills 0:714293de3836 8569 CYASSL_MSG("Global RNG no Init");
ashleymills 0:714293de3836 8570 return 0;
ashleymills 0:714293de3836 8571 }
ashleymills 0:714293de3836 8572 rng = &globalRNG;
ashleymills 0:714293de3836 8573 }
ashleymills 0:714293de3836 8574
ashleymills 0:714293de3836 8575 if (DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
ashleymills 0:714293de3836 8576 pub, &pubSz) < 0) {
ashleymills 0:714293de3836 8577 CYASSL_MSG("Bad DhGenerateKeyPair");
ashleymills 0:714293de3836 8578 return 0;
ashleymills 0:714293de3836 8579 }
ashleymills 0:714293de3836 8580
ashleymills 0:714293de3836 8581 if (dh->pub_key)
ashleymills 0:714293de3836 8582 CyaSSL_BN_free(dh->pub_key);
ashleymills 0:714293de3836 8583 dh->pub_key = CyaSSL_BN_new();
ashleymills 0:714293de3836 8584 if (dh->pub_key == NULL) {
ashleymills 0:714293de3836 8585 CYASSL_MSG("Bad DH new pub");
ashleymills 0:714293de3836 8586 return 0;
ashleymills 0:714293de3836 8587 }
ashleymills 0:714293de3836 8588
ashleymills 0:714293de3836 8589 if (dh->priv_key)
ashleymills 0:714293de3836 8590 CyaSSL_BN_free(dh->priv_key);
ashleymills 0:714293de3836 8591 dh->priv_key = CyaSSL_BN_new();
ashleymills 0:714293de3836 8592 if (dh->priv_key == NULL) {
ashleymills 0:714293de3836 8593 CYASSL_MSG("Bad DH new priv");
ashleymills 0:714293de3836 8594 return 0;
ashleymills 0:714293de3836 8595 }
ashleymills 0:714293de3836 8596
ashleymills 0:714293de3836 8597 if (CyaSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL) {
ashleymills 0:714293de3836 8598 CYASSL_MSG("Bad DH bn2bin error pub");
ashleymills 0:714293de3836 8599 return 0;
ashleymills 0:714293de3836 8600 }
ashleymills 0:714293de3836 8601
ashleymills 0:714293de3836 8602 if (CyaSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL) {
ashleymills 0:714293de3836 8603 CYASSL_MSG("Bad DH bn2bin error priv");
ashleymills 0:714293de3836 8604 return 0;
ashleymills 0:714293de3836 8605 }
ashleymills 0:714293de3836 8606
ashleymills 0:714293de3836 8607 CYASSL_MSG("CyaSSL_generate_key success");
ashleymills 0:714293de3836 8608 return SSL_SUCCESS;
ashleymills 0:714293de3836 8609 }
ashleymills 0:714293de3836 8610
ashleymills 0:714293de3836 8611
ashleymills 0:714293de3836 8612 /* return key size on ok, 0 otherwise */
ashleymills 0:714293de3836 8613 int CyaSSL_DH_compute_key(unsigned char* key, CYASSL_BIGNUM* otherPub,
ashleymills 0:714293de3836 8614 CYASSL_DH* dh)
ashleymills 0:714293de3836 8615 {
ashleymills 0:714293de3836 8616 unsigned char pub [1024];
ashleymills 0:714293de3836 8617 unsigned char priv[1024];
ashleymills 0:714293de3836 8618 word32 pubSz = sizeof(pub);
ashleymills 0:714293de3836 8619 word32 privSz = sizeof(priv);
ashleymills 0:714293de3836 8620 word32 keySz;
ashleymills 0:714293de3836 8621
ashleymills 0:714293de3836 8622 CYASSL_MSG("CyaSSL_DH_compute_key");
ashleymills 0:714293de3836 8623
ashleymills 0:714293de3836 8624 if (dh == NULL || dh->priv_key == NULL || otherPub == NULL) {
ashleymills 0:714293de3836 8625 CYASSL_MSG("Bad function arguments");
ashleymills 0:714293de3836 8626 return 0;
ashleymills 0:714293de3836 8627 }
ashleymills 0:714293de3836 8628
ashleymills 0:714293de3836 8629 keySz = (word32)DH_size(dh);
ashleymills 0:714293de3836 8630 if (keySz == 0) {
ashleymills 0:714293de3836 8631 CYASSL_MSG("Bad DH_size");
ashleymills 0:714293de3836 8632 return 0;
ashleymills 0:714293de3836 8633 }
ashleymills 0:714293de3836 8634
ashleymills 0:714293de3836 8635 if (CyaSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz) {
ashleymills 0:714293de3836 8636 CYASSL_MSG("Bad priv internal size");
ashleymills 0:714293de3836 8637 return 0;
ashleymills 0:714293de3836 8638 }
ashleymills 0:714293de3836 8639
ashleymills 0:714293de3836 8640 if (CyaSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz) {
ashleymills 0:714293de3836 8641 CYASSL_MSG("Bad otherPub size");
ashleymills 0:714293de3836 8642 return 0;
ashleymills 0:714293de3836 8643 }
ashleymills 0:714293de3836 8644
ashleymills 0:714293de3836 8645 privSz = CyaSSL_BN_bn2bin(dh->priv_key, priv);
ashleymills 0:714293de3836 8646 pubSz = CyaSSL_BN_bn2bin(otherPub, pub);
ashleymills 0:714293de3836 8647
ashleymills 0:714293de3836 8648 if (privSz <= 0 || pubSz <= 0) {
ashleymills 0:714293de3836 8649 CYASSL_MSG("Bad BN2bin set");
ashleymills 0:714293de3836 8650 return 0;
ashleymills 0:714293de3836 8651 }
ashleymills 0:714293de3836 8652
ashleymills 0:714293de3836 8653 if (DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub,
ashleymills 0:714293de3836 8654 pubSz) < 0) {
ashleymills 0:714293de3836 8655 CYASSL_MSG("DhAgree failed");
ashleymills 0:714293de3836 8656 return 0;
ashleymills 0:714293de3836 8657 }
ashleymills 0:714293de3836 8658
ashleymills 0:714293de3836 8659 CYASSL_MSG("CyaSSL_compute_key success");
ashleymills 0:714293de3836 8660 return (int)keySz;
ashleymills 0:714293de3836 8661 }
ashleymills 0:714293de3836 8662
ashleymills 0:714293de3836 8663
ashleymills 0:714293de3836 8664 #ifndef NO_DSA
ashleymills 0:714293de3836 8665 static void InitCyaSSL_DSA(CYASSL_DSA* dsa)
ashleymills 0:714293de3836 8666 {
ashleymills 0:714293de3836 8667 if (dsa) {
ashleymills 0:714293de3836 8668 dsa->p = NULL;
ashleymills 0:714293de3836 8669 dsa->q = NULL;
ashleymills 0:714293de3836 8670 dsa->g = NULL;
ashleymills 0:714293de3836 8671 dsa->pub_key = NULL;
ashleymills 0:714293de3836 8672 dsa->priv_key = NULL;
ashleymills 0:714293de3836 8673 dsa->internal = NULL;
ashleymills 0:714293de3836 8674 dsa->inSet = 0;
ashleymills 0:714293de3836 8675 dsa->exSet = 0;
ashleymills 0:714293de3836 8676 }
ashleymills 0:714293de3836 8677 }
ashleymills 0:714293de3836 8678
ashleymills 0:714293de3836 8679
ashleymills 0:714293de3836 8680 CYASSL_DSA* CyaSSL_DSA_new(void)
ashleymills 0:714293de3836 8681 {
ashleymills 0:714293de3836 8682 CYASSL_DSA* external;
ashleymills 0:714293de3836 8683 DsaKey* key;
ashleymills 0:714293de3836 8684
ashleymills 0:714293de3836 8685 CYASSL_MSG("CyaSSL_DSA_new");
ashleymills 0:714293de3836 8686
ashleymills 0:714293de3836 8687 key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
ashleymills 0:714293de3836 8688 if (key == NULL) {
ashleymills 0:714293de3836 8689 CYASSL_MSG("CyaSSL_DSA_new malloc DsaKey failure");
ashleymills 0:714293de3836 8690 return NULL;
ashleymills 0:714293de3836 8691 }
ashleymills 0:714293de3836 8692
ashleymills 0:714293de3836 8693 external = (CYASSL_DSA*) XMALLOC(sizeof(CYASSL_DSA), NULL,
ashleymills 0:714293de3836 8694 DYNAMIC_TYPE_DSA);
ashleymills 0:714293de3836 8695 if (external == NULL) {
ashleymills 0:714293de3836 8696 CYASSL_MSG("CyaSSL_DSA_new malloc CYASSL_DSA failure");
ashleymills 0:714293de3836 8697 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
ashleymills 0:714293de3836 8698 return NULL;
ashleymills 0:714293de3836 8699 }
ashleymills 0:714293de3836 8700
ashleymills 0:714293de3836 8701 InitCyaSSL_DSA(external);
ashleymills 0:714293de3836 8702 InitDsaKey(key);
ashleymills 0:714293de3836 8703 external->internal = key;
ashleymills 0:714293de3836 8704
ashleymills 0:714293de3836 8705 return external;
ashleymills 0:714293de3836 8706 }
ashleymills 0:714293de3836 8707
ashleymills 0:714293de3836 8708
ashleymills 0:714293de3836 8709 void CyaSSL_DSA_free(CYASSL_DSA* dsa)
ashleymills 0:714293de3836 8710 {
ashleymills 0:714293de3836 8711 CYASSL_MSG("CyaSSL_DSA_free");
ashleymills 0:714293de3836 8712
ashleymills 0:714293de3836 8713 if (dsa) {
ashleymills 0:714293de3836 8714 if (dsa->internal) {
ashleymills 0:714293de3836 8715 FreeDsaKey((DsaKey*)dsa->internal);
ashleymills 0:714293de3836 8716 XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
ashleymills 0:714293de3836 8717 dsa->internal = NULL;
ashleymills 0:714293de3836 8718 }
ashleymills 0:714293de3836 8719 CyaSSL_BN_free(dsa->priv_key);
ashleymills 0:714293de3836 8720 CyaSSL_BN_free(dsa->pub_key);
ashleymills 0:714293de3836 8721 CyaSSL_BN_free(dsa->g);
ashleymills 0:714293de3836 8722 CyaSSL_BN_free(dsa->q);
ashleymills 0:714293de3836 8723 CyaSSL_BN_free(dsa->p);
ashleymills 0:714293de3836 8724 InitCyaSSL_DSA(dsa); /* set back to NULLs for safety */
ashleymills 0:714293de3836 8725
ashleymills 0:714293de3836 8726 XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
ashleymills 0:714293de3836 8727 }
ashleymills 0:714293de3836 8728 }
ashleymills 0:714293de3836 8729
ashleymills 0:714293de3836 8730
ashleymills 0:714293de3836 8731 int CyaSSL_DSA_generate_key(CYASSL_DSA* dsa)
ashleymills 0:714293de3836 8732 {
ashleymills 0:714293de3836 8733 (void)dsa;
ashleymills 0:714293de3836 8734
ashleymills 0:714293de3836 8735 CYASSL_MSG("CyaSSL_DSA_generate_key");
ashleymills 0:714293de3836 8736
ashleymills 0:714293de3836 8737 return 0; /* key gen not needed by server */
ashleymills 0:714293de3836 8738 }
ashleymills 0:714293de3836 8739
ashleymills 0:714293de3836 8740
ashleymills 0:714293de3836 8741 int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA* dsa, int bits,
ashleymills 0:714293de3836 8742 unsigned char* seed, int seedLen, int* counterRet,
ashleymills 0:714293de3836 8743 unsigned long* hRet, void* cb)
ashleymills 0:714293de3836 8744 {
ashleymills 0:714293de3836 8745 (void)dsa;
ashleymills 0:714293de3836 8746 (void)bits;
ashleymills 0:714293de3836 8747 (void)seed;
ashleymills 0:714293de3836 8748 (void)seedLen;
ashleymills 0:714293de3836 8749 (void)counterRet;
ashleymills 0:714293de3836 8750 (void)hRet;
ashleymills 0:714293de3836 8751 (void)cb;
ashleymills 0:714293de3836 8752
ashleymills 0:714293de3836 8753 CYASSL_MSG("CyaSSL_DSA_generate_parameters_ex");
ashleymills 0:714293de3836 8754
ashleymills 0:714293de3836 8755 return 0; /* key gen not needed by server */
ashleymills 0:714293de3836 8756 }
ashleymills 0:714293de3836 8757 #endif /* NO_DSA */
ashleymills 0:714293de3836 8758
ashleymills 0:714293de3836 8759 static void InitCyaSSL_Rsa(CYASSL_RSA* rsa)
ashleymills 0:714293de3836 8760 {
ashleymills 0:714293de3836 8761 if (rsa) {
ashleymills 0:714293de3836 8762 rsa->n = NULL;
ashleymills 0:714293de3836 8763 rsa->e = NULL;
ashleymills 0:714293de3836 8764 rsa->d = NULL;
ashleymills 0:714293de3836 8765 rsa->p = NULL;
ashleymills 0:714293de3836 8766 rsa->q = NULL;
ashleymills 0:714293de3836 8767 rsa->dmp1 = NULL;
ashleymills 0:714293de3836 8768 rsa->dmq1 = NULL;
ashleymills 0:714293de3836 8769 rsa->iqmp = NULL;
ashleymills 0:714293de3836 8770 rsa->internal = NULL;
ashleymills 0:714293de3836 8771 rsa->inSet = 0;
ashleymills 0:714293de3836 8772 rsa->exSet = 0;
ashleymills 0:714293de3836 8773 }
ashleymills 0:714293de3836 8774 }
ashleymills 0:714293de3836 8775
ashleymills 0:714293de3836 8776
ashleymills 0:714293de3836 8777 CYASSL_RSA* CyaSSL_RSA_new(void)
ashleymills 0:714293de3836 8778 {
ashleymills 0:714293de3836 8779 CYASSL_RSA* external;
ashleymills 0:714293de3836 8780 RsaKey* key;
ashleymills 0:714293de3836 8781
ashleymills 0:714293de3836 8782 CYASSL_MSG("CyaSSL_RSA_new");
ashleymills 0:714293de3836 8783
ashleymills 0:714293de3836 8784 key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
ashleymills 0:714293de3836 8785 if (key == NULL) {
ashleymills 0:714293de3836 8786 CYASSL_MSG("CyaSSL_RSA_new malloc RsaKey failure");
ashleymills 0:714293de3836 8787 return NULL;
ashleymills 0:714293de3836 8788 }
ashleymills 0:714293de3836 8789
ashleymills 0:714293de3836 8790 external = (CYASSL_RSA*) XMALLOC(sizeof(CYASSL_RSA), NULL,
ashleymills 0:714293de3836 8791 DYNAMIC_TYPE_RSA);
ashleymills 0:714293de3836 8792 if (external == NULL) {
ashleymills 0:714293de3836 8793 CYASSL_MSG("CyaSSL_RSA_new malloc CYASSL_RSA failure");
ashleymills 0:714293de3836 8794 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
ashleymills 0:714293de3836 8795 return NULL;
ashleymills 0:714293de3836 8796 }
ashleymills 0:714293de3836 8797
ashleymills 0:714293de3836 8798 InitCyaSSL_Rsa(external);
ashleymills 0:714293de3836 8799 InitRsaKey(key, NULL);
ashleymills 0:714293de3836 8800 external->internal = key;
ashleymills 0:714293de3836 8801
ashleymills 0:714293de3836 8802 return external;
ashleymills 0:714293de3836 8803 }
ashleymills 0:714293de3836 8804
ashleymills 0:714293de3836 8805
ashleymills 0:714293de3836 8806 void CyaSSL_RSA_free(CYASSL_RSA* rsa)
ashleymills 0:714293de3836 8807 {
ashleymills 0:714293de3836 8808 CYASSL_MSG("CyaSSL_RSA_free");
ashleymills 0:714293de3836 8809
ashleymills 0:714293de3836 8810 if (rsa) {
ashleymills 0:714293de3836 8811 if (rsa->internal) {
ashleymills 0:714293de3836 8812 FreeRsaKey((RsaKey*)rsa->internal);
ashleymills 0:714293de3836 8813 XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
ashleymills 0:714293de3836 8814 rsa->internal = NULL;
ashleymills 0:714293de3836 8815 }
ashleymills 0:714293de3836 8816 CyaSSL_BN_free(rsa->iqmp);
ashleymills 0:714293de3836 8817 CyaSSL_BN_free(rsa->dmq1);
ashleymills 0:714293de3836 8818 CyaSSL_BN_free(rsa->dmp1);
ashleymills 0:714293de3836 8819 CyaSSL_BN_free(rsa->q);
ashleymills 0:714293de3836 8820 CyaSSL_BN_free(rsa->p);
ashleymills 0:714293de3836 8821 CyaSSL_BN_free(rsa->d);
ashleymills 0:714293de3836 8822 CyaSSL_BN_free(rsa->e);
ashleymills 0:714293de3836 8823 CyaSSL_BN_free(rsa->n);
ashleymills 0:714293de3836 8824 InitCyaSSL_Rsa(rsa); /* set back to NULLs for safety */
ashleymills 0:714293de3836 8825
ashleymills 0:714293de3836 8826 XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
ashleymills 0:714293de3836 8827 }
ashleymills 0:714293de3836 8828 }
ashleymills 0:714293de3836 8829
ashleymills 0:714293de3836 8830
ashleymills 0:714293de3836 8831 static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi)
ashleymills 0:714293de3836 8832 {
ashleymills 0:714293de3836 8833 CYASSL_MSG("Entering SetIndividualExternal");
ashleymills 0:714293de3836 8834
ashleymills 0:714293de3836 8835 if (mpi == NULL) {
ashleymills 0:714293de3836 8836 CYASSL_MSG("mpi NULL error");
ashleymills 0:714293de3836 8837 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8838 }
ashleymills 0:714293de3836 8839
ashleymills 0:714293de3836 8840 if (*bn == NULL) {
ashleymills 0:714293de3836 8841 *bn = CyaSSL_BN_new();
ashleymills 0:714293de3836 8842 if (*bn == NULL) {
ashleymills 0:714293de3836 8843 CYASSL_MSG("SetIndividualExternal alloc failed");
ashleymills 0:714293de3836 8844 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8845 }
ashleymills 0:714293de3836 8846 }
ashleymills 0:714293de3836 8847
ashleymills 0:714293de3836 8848 if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) {
ashleymills 0:714293de3836 8849 CYASSL_MSG("mp_copy error");
ashleymills 0:714293de3836 8850 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8851 }
ashleymills 0:714293de3836 8852
ashleymills 0:714293de3836 8853 return 0;
ashleymills 0:714293de3836 8854 }
ashleymills 0:714293de3836 8855
ashleymills 0:714293de3836 8856
ashleymills 0:714293de3836 8857 #ifndef NO_DSA
ashleymills 0:714293de3836 8858 static int SetDsaExternal(CYASSL_DSA* dsa)
ashleymills 0:714293de3836 8859 {
ashleymills 0:714293de3836 8860 DsaKey* key;
ashleymills 0:714293de3836 8861 CYASSL_MSG("Entering SetDsaExternal");
ashleymills 0:714293de3836 8862
ashleymills 0:714293de3836 8863 if (dsa == NULL || dsa->internal == NULL) {
ashleymills 0:714293de3836 8864 CYASSL_MSG("dsa key NULL error");
ashleymills 0:714293de3836 8865 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8866 }
ashleymills 0:714293de3836 8867
ashleymills 0:714293de3836 8868 key = (DsaKey*)dsa->internal;
ashleymills 0:714293de3836 8869
ashleymills 0:714293de3836 8870 if (SetIndividualExternal(&dsa->p, &key->p) < 0) {
ashleymills 0:714293de3836 8871 CYASSL_MSG("dsa p key error");
ashleymills 0:714293de3836 8872 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8873 }
ashleymills 0:714293de3836 8874
ashleymills 0:714293de3836 8875 if (SetIndividualExternal(&dsa->q, &key->q) < 0) {
ashleymills 0:714293de3836 8876 CYASSL_MSG("dsa q key error");
ashleymills 0:714293de3836 8877 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8878 }
ashleymills 0:714293de3836 8879
ashleymills 0:714293de3836 8880 if (SetIndividualExternal(&dsa->g, &key->g) < 0) {
ashleymills 0:714293de3836 8881 CYASSL_MSG("dsa g key error");
ashleymills 0:714293de3836 8882 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8883 }
ashleymills 0:714293de3836 8884
ashleymills 0:714293de3836 8885 if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) {
ashleymills 0:714293de3836 8886 CYASSL_MSG("dsa y key error");
ashleymills 0:714293de3836 8887 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8888 }
ashleymills 0:714293de3836 8889
ashleymills 0:714293de3836 8890 if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) {
ashleymills 0:714293de3836 8891 CYASSL_MSG("dsa x key error");
ashleymills 0:714293de3836 8892 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8893 }
ashleymills 0:714293de3836 8894
ashleymills 0:714293de3836 8895 dsa->exSet = 1;
ashleymills 0:714293de3836 8896
ashleymills 0:714293de3836 8897 return 0;
ashleymills 0:714293de3836 8898 }
ashleymills 0:714293de3836 8899 #endif /* NO_DSA */
ashleymills 0:714293de3836 8900
ashleymills 0:714293de3836 8901
ashleymills 0:714293de3836 8902 static int SetRsaExternal(CYASSL_RSA* rsa)
ashleymills 0:714293de3836 8903 {
ashleymills 0:714293de3836 8904 RsaKey* key;
ashleymills 0:714293de3836 8905 CYASSL_MSG("Entering SetRsaExternal");
ashleymills 0:714293de3836 8906
ashleymills 0:714293de3836 8907 if (rsa == NULL || rsa->internal == NULL) {
ashleymills 0:714293de3836 8908 CYASSL_MSG("rsa key NULL error");
ashleymills 0:714293de3836 8909 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8910 }
ashleymills 0:714293de3836 8911
ashleymills 0:714293de3836 8912 key = (RsaKey*)rsa->internal;
ashleymills 0:714293de3836 8913
ashleymills 0:714293de3836 8914 if (SetIndividualExternal(&rsa->n, &key->n) < 0) {
ashleymills 0:714293de3836 8915 CYASSL_MSG("rsa n key error");
ashleymills 0:714293de3836 8916 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8917 }
ashleymills 0:714293de3836 8918
ashleymills 0:714293de3836 8919 if (SetIndividualExternal(&rsa->e, &key->e) < 0) {
ashleymills 0:714293de3836 8920 CYASSL_MSG("rsa e key error");
ashleymills 0:714293de3836 8921 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8922 }
ashleymills 0:714293de3836 8923
ashleymills 0:714293de3836 8924 if (SetIndividualExternal(&rsa->d, &key->d) < 0) {
ashleymills 0:714293de3836 8925 CYASSL_MSG("rsa d key error");
ashleymills 0:714293de3836 8926 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8927 }
ashleymills 0:714293de3836 8928
ashleymills 0:714293de3836 8929 if (SetIndividualExternal(&rsa->p, &key->p) < 0) {
ashleymills 0:714293de3836 8930 CYASSL_MSG("rsa p key error");
ashleymills 0:714293de3836 8931 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8932 }
ashleymills 0:714293de3836 8933
ashleymills 0:714293de3836 8934 if (SetIndividualExternal(&rsa->q, &key->q) < 0) {
ashleymills 0:714293de3836 8935 CYASSL_MSG("rsa q key error");
ashleymills 0:714293de3836 8936 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8937 }
ashleymills 0:714293de3836 8938
ashleymills 0:714293de3836 8939 if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) {
ashleymills 0:714293de3836 8940 CYASSL_MSG("rsa dP key error");
ashleymills 0:714293de3836 8941 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8942 }
ashleymills 0:714293de3836 8943
ashleymills 0:714293de3836 8944 if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) {
ashleymills 0:714293de3836 8945 CYASSL_MSG("rsa dQ key error");
ashleymills 0:714293de3836 8946 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8947 }
ashleymills 0:714293de3836 8948
ashleymills 0:714293de3836 8949 if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) {
ashleymills 0:714293de3836 8950 CYASSL_MSG("rsa u key error");
ashleymills 0:714293de3836 8951 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8952 }
ashleymills 0:714293de3836 8953
ashleymills 0:714293de3836 8954 rsa->exSet = 1;
ashleymills 0:714293de3836 8955
ashleymills 0:714293de3836 8956 return 0;
ashleymills 0:714293de3836 8957 }
ashleymills 0:714293de3836 8958
ashleymills 0:714293de3836 8959
ashleymills 0:714293de3836 8960 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 8961 int CyaSSL_RSA_generate_key_ex(CYASSL_RSA* rsa, int bits, CYASSL_BIGNUM* bn,
ashleymills 0:714293de3836 8962 void* cb)
ashleymills 0:714293de3836 8963 {
ashleymills 0:714293de3836 8964 RNG rng;
ashleymills 0:714293de3836 8965
ashleymills 0:714293de3836 8966 CYASSL_MSG("CyaSSL_RSA_generate_key_ex");
ashleymills 0:714293de3836 8967
ashleymills 0:714293de3836 8968 (void)rsa;
ashleymills 0:714293de3836 8969 (void)bits;
ashleymills 0:714293de3836 8970 (void)cb;
ashleymills 0:714293de3836 8971 (void)bn;
ashleymills 0:714293de3836 8972
ashleymills 0:714293de3836 8973 if (InitRng(&rng) < 0) {
ashleymills 0:714293de3836 8974 CYASSL_MSG("RNG init failed");
ashleymills 0:714293de3836 8975 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8976 }
ashleymills 0:714293de3836 8977
ashleymills 0:714293de3836 8978 #ifdef CYASSL_KEY_GEN
ashleymills 0:714293de3836 8979 if (MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, &rng) < 0) {
ashleymills 0:714293de3836 8980 CYASSL_MSG("MakeRsaKey failed");
ashleymills 0:714293de3836 8981 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8982 }
ashleymills 0:714293de3836 8983
ashleymills 0:714293de3836 8984 if (SetRsaExternal(rsa) < 0) {
ashleymills 0:714293de3836 8985 CYASSL_MSG("SetRsaExternal failed");
ashleymills 0:714293de3836 8986 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8987 }
ashleymills 0:714293de3836 8988
ashleymills 0:714293de3836 8989 rsa->inSet = 1;
ashleymills 0:714293de3836 8990
ashleymills 0:714293de3836 8991 return SSL_SUCCESS;
ashleymills 0:714293de3836 8992 #else
ashleymills 0:714293de3836 8993 CYASSL_MSG("No Key Gen built in");
ashleymills 0:714293de3836 8994 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 8995 #endif
ashleymills 0:714293de3836 8996
ashleymills 0:714293de3836 8997 }
ashleymills 0:714293de3836 8998
ashleymills 0:714293de3836 8999
ashleymills 0:714293de3836 9000 /* SSL_SUCCESS on ok */
ashleymills 0:714293de3836 9001 int CyaSSL_RSA_blinding_on(CYASSL_RSA* rsa, CYASSL_BN_CTX* bn)
ashleymills 0:714293de3836 9002 {
ashleymills 0:714293de3836 9003 (void)rsa;
ashleymills 0:714293de3836 9004 (void)bn;
ashleymills 0:714293de3836 9005
ashleymills 0:714293de3836 9006 CYASSL_MSG("CyaSSL_RSA_blinding_on");
ashleymills 0:714293de3836 9007
ashleymills 0:714293de3836 9008 return SSL_SUCCESS; /* on by default */
ashleymills 0:714293de3836 9009 }
ashleymills 0:714293de3836 9010
ashleymills 0:714293de3836 9011
ashleymills 0:714293de3836 9012 int CyaSSL_RSA_public_encrypt(int len, unsigned char* fr,
ashleymills 0:714293de3836 9013 unsigned char* to, CYASSL_RSA* rsa, int padding)
ashleymills 0:714293de3836 9014 {
ashleymills 0:714293de3836 9015 (void)len;
ashleymills 0:714293de3836 9016 (void)fr;
ashleymills 0:714293de3836 9017 (void)to;
ashleymills 0:714293de3836 9018 (void)rsa;
ashleymills 0:714293de3836 9019 (void)padding;
ashleymills 0:714293de3836 9020
ashleymills 0:714293de3836 9021 CYASSL_MSG("CyaSSL_RSA_public_encrypt");
ashleymills 0:714293de3836 9022
ashleymills 0:714293de3836 9023 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9024 }
ashleymills 0:714293de3836 9025
ashleymills 0:714293de3836 9026
ashleymills 0:714293de3836 9027 int CyaSSL_RSA_private_decrypt(int len, unsigned char* fr,
ashleymills 0:714293de3836 9028 unsigned char* to, CYASSL_RSA* rsa, int padding)
ashleymills 0:714293de3836 9029 {
ashleymills 0:714293de3836 9030 (void)len;
ashleymills 0:714293de3836 9031 (void)fr;
ashleymills 0:714293de3836 9032 (void)to;
ashleymills 0:714293de3836 9033 (void)rsa;
ashleymills 0:714293de3836 9034 (void)padding;
ashleymills 0:714293de3836 9035
ashleymills 0:714293de3836 9036 CYASSL_MSG("CyaSSL_RSA_private_decrypt");
ashleymills 0:714293de3836 9037
ashleymills 0:714293de3836 9038 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9039 }
ashleymills 0:714293de3836 9040
ashleymills 0:714293de3836 9041
ashleymills 0:714293de3836 9042 int CyaSSL_RSA_size(const CYASSL_RSA* rsa)
ashleymills 0:714293de3836 9043 {
ashleymills 0:714293de3836 9044 CYASSL_MSG("CyaSSL_RSA_size");
ashleymills 0:714293de3836 9045
ashleymills 0:714293de3836 9046 if (rsa == NULL)
ashleymills 0:714293de3836 9047 return 0;
ashleymills 0:714293de3836 9048
ashleymills 0:714293de3836 9049 return CyaSSL_BN_num_bytes(rsa->n);
ashleymills 0:714293de3836 9050 }
ashleymills 0:714293de3836 9051
ashleymills 0:714293de3836 9052
ashleymills 0:714293de3836 9053 #ifndef NO_DSA
ashleymills 0:714293de3836 9054 /* return SSL_SUCCESS on success, < 0 otherwise */
ashleymills 0:714293de3836 9055 int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
ashleymills 0:714293de3836 9056 CYASSL_DSA* dsa)
ashleymills 0:714293de3836 9057 {
ashleymills 0:714293de3836 9058 RNG tmpRNG;
ashleymills 0:714293de3836 9059 RNG* rng = &tmpRNG;
ashleymills 0:714293de3836 9060
ashleymills 0:714293de3836 9061 CYASSL_MSG("CyaSSL_DSA_do_sign");
ashleymills 0:714293de3836 9062
ashleymills 0:714293de3836 9063 if (d == NULL || sigRet == NULL || dsa == NULL) {
ashleymills 0:714293de3836 9064 CYASSL_MSG("Bad function arguments");
ashleymills 0:714293de3836 9065 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9066 }
ashleymills 0:714293de3836 9067
ashleymills 0:714293de3836 9068 if (dsa->inSet == 0) {
ashleymills 0:714293de3836 9069 CYASSL_MSG("No DSA internal set");
ashleymills 0:714293de3836 9070 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9071 }
ashleymills 0:714293de3836 9072
ashleymills 0:714293de3836 9073 if (InitRng(&tmpRNG) != 0) {
ashleymills 0:714293de3836 9074 CYASSL_MSG("Bad RNG Init, trying global");
ashleymills 0:714293de3836 9075 if (initGlobalRNG == 0) {
ashleymills 0:714293de3836 9076 CYASSL_MSG("Global RNG no Init");
ashleymills 0:714293de3836 9077 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9078 }
ashleymills 0:714293de3836 9079 rng = &globalRNG;
ashleymills 0:714293de3836 9080 }
ashleymills 0:714293de3836 9081
ashleymills 0:714293de3836 9082 if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
ashleymills 0:714293de3836 9083 CYASSL_MSG("DsaSign failed");
ashleymills 0:714293de3836 9084 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9085 }
ashleymills 0:714293de3836 9086
ashleymills 0:714293de3836 9087 return SSL_SUCCESS;
ashleymills 0:714293de3836 9088 }
ashleymills 0:714293de3836 9089 #endif /* NO_DSA */
ashleymills 0:714293de3836 9090
ashleymills 0:714293de3836 9091
ashleymills 0:714293de3836 9092 /* return SSL_SUCCES on ok, 0 otherwise */
ashleymills 0:714293de3836 9093 int CyaSSL_RSA_sign(int type, const unsigned char* m,
ashleymills 0:714293de3836 9094 unsigned int mLen, unsigned char* sigRet,
ashleymills 0:714293de3836 9095 unsigned int* sigLen, CYASSL_RSA* rsa)
ashleymills 0:714293de3836 9096 {
ashleymills 0:714293de3836 9097 byte encodedSig[MAX_ENCODED_SIG_SZ];
ashleymills 0:714293de3836 9098 word32 outLen;
ashleymills 0:714293de3836 9099 word32 signSz;
ashleymills 0:714293de3836 9100 RNG tmpRNG;
ashleymills 0:714293de3836 9101 RNG* rng = &tmpRNG;
ashleymills 0:714293de3836 9102
ashleymills 0:714293de3836 9103 CYASSL_MSG("CyaSSL_RSA_sign");
ashleymills 0:714293de3836 9104
ashleymills 0:714293de3836 9105 if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
ashleymills 0:714293de3836 9106 CYASSL_MSG("Bad function arguments");
ashleymills 0:714293de3836 9107 return 0;
ashleymills 0:714293de3836 9108 }
ashleymills 0:714293de3836 9109
ashleymills 0:714293de3836 9110 if (rsa->inSet == 0) {
ashleymills 0:714293de3836 9111 CYASSL_MSG("No RSA internal set");
ashleymills 0:714293de3836 9112 return 0;
ashleymills 0:714293de3836 9113 }
ashleymills 0:714293de3836 9114
ashleymills 0:714293de3836 9115 outLen = (word32)CyaSSL_BN_num_bytes(rsa->n);
ashleymills 0:714293de3836 9116 if (outLen == 0) {
ashleymills 0:714293de3836 9117 CYASSL_MSG("Bad RSA size");
ashleymills 0:714293de3836 9118 return 0;
ashleymills 0:714293de3836 9119 }
ashleymills 0:714293de3836 9120
ashleymills 0:714293de3836 9121 if (InitRng(&tmpRNG) != 0) {
ashleymills 0:714293de3836 9122 CYASSL_MSG("Bad RNG Init, trying global");
ashleymills 0:714293de3836 9123 if (initGlobalRNG == 0) {
ashleymills 0:714293de3836 9124 CYASSL_MSG("Global RNG no Init");
ashleymills 0:714293de3836 9125 return 0;
ashleymills 0:714293de3836 9126 }
ashleymills 0:714293de3836 9127 rng = &globalRNG;
ashleymills 0:714293de3836 9128 }
ashleymills 0:714293de3836 9129
ashleymills 0:714293de3836 9130 switch (type) {
ashleymills 0:714293de3836 9131 case NID_md5:
ashleymills 0:714293de3836 9132 type = MD5h;
ashleymills 0:714293de3836 9133 break;
ashleymills 0:714293de3836 9134
ashleymills 0:714293de3836 9135 case NID_sha1:
ashleymills 0:714293de3836 9136 type = SHAh;
ashleymills 0:714293de3836 9137 break;
ashleymills 0:714293de3836 9138
ashleymills 0:714293de3836 9139 default:
ashleymills 0:714293de3836 9140 CYASSL_MSG("Bad md type");
ashleymills 0:714293de3836 9141 return 0;
ashleymills 0:714293de3836 9142 }
ashleymills 0:714293de3836 9143
ashleymills 0:714293de3836 9144 signSz = EncodeSignature(encodedSig, m, mLen, type);
ashleymills 0:714293de3836 9145 if (signSz == 0) {
ashleymills 0:714293de3836 9146 CYASSL_MSG("Bad Encode Signature");
ashleymills 0:714293de3836 9147 return 0;
ashleymills 0:714293de3836 9148 }
ashleymills 0:714293de3836 9149
ashleymills 0:714293de3836 9150 *sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
ashleymills 0:714293de3836 9151 (RsaKey*)rsa->internal, rng);
ashleymills 0:714293de3836 9152 if (*sigLen <= 0) {
ashleymills 0:714293de3836 9153 CYASSL_MSG("Bad Rsa Sign");
ashleymills 0:714293de3836 9154 return 0;
ashleymills 0:714293de3836 9155 }
ashleymills 0:714293de3836 9156
ashleymills 0:714293de3836 9157 CYASSL_MSG("CyaSSL_RSA_sign success");
ashleymills 0:714293de3836 9158 return SSL_SUCCESS;
ashleymills 0:714293de3836 9159 }
ashleymills 0:714293de3836 9160
ashleymills 0:714293de3836 9161
ashleymills 0:714293de3836 9162 int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from,
ashleymills 0:714293de3836 9163 unsigned char* to, CYASSL_RSA* rsa, int padding)
ashleymills 0:714293de3836 9164 {
ashleymills 0:714293de3836 9165 (void)flen;
ashleymills 0:714293de3836 9166 (void)from;
ashleymills 0:714293de3836 9167 (void)to;
ashleymills 0:714293de3836 9168 (void)rsa;
ashleymills 0:714293de3836 9169 (void)padding;
ashleymills 0:714293de3836 9170
ashleymills 0:714293de3836 9171 CYASSL_MSG("CyaSSL_RSA_public_decrypt");
ashleymills 0:714293de3836 9172
ashleymills 0:714293de3836 9173 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9174 }
ashleymills 0:714293de3836 9175
ashleymills 0:714293de3836 9176
ashleymills 0:714293de3836 9177 /* generate p-1 and q-1, SSL_SUCCESS on ok */
ashleymills 0:714293de3836 9178 int CyaSSL_RSA_GenAdd(CYASSL_RSA* rsa)
ashleymills 0:714293de3836 9179 {
ashleymills 0:714293de3836 9180 int err;
ashleymills 0:714293de3836 9181 mp_int tmp;
ashleymills 0:714293de3836 9182
ashleymills 0:714293de3836 9183 CYASSL_MSG("CyaSSL_RsaGenAdd");
ashleymills 0:714293de3836 9184
ashleymills 0:714293de3836 9185 if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL ||
ashleymills 0:714293de3836 9186 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
ashleymills 0:714293de3836 9187 CYASSL_MSG("rsa no init error");
ashleymills 0:714293de3836 9188 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9189 }
ashleymills 0:714293de3836 9190
ashleymills 0:714293de3836 9191 if (mp_init(&tmp) != MP_OKAY) {
ashleymills 0:714293de3836 9192 CYASSL_MSG("mp_init error");
ashleymills 0:714293de3836 9193 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9194 }
ashleymills 0:714293de3836 9195
ashleymills 0:714293de3836 9196 err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
ashleymills 0:714293de3836 9197 if (err != MP_OKAY)
ashleymills 0:714293de3836 9198 CYASSL_MSG("mp_sub_d error");
ashleymills 0:714293de3836 9199 else
ashleymills 0:714293de3836 9200 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
ashleymills 0:714293de3836 9201 (mp_int*)rsa->dmp1->internal);
ashleymills 0:714293de3836 9202
ashleymills 0:714293de3836 9203 if (err != MP_OKAY)
ashleymills 0:714293de3836 9204 CYASSL_MSG("mp_mod error");
ashleymills 0:714293de3836 9205 else
ashleymills 0:714293de3836 9206 err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
ashleymills 0:714293de3836 9207 if (err != MP_OKAY)
ashleymills 0:714293de3836 9208 CYASSL_MSG("mp_sub_d error");
ashleymills 0:714293de3836 9209 else
ashleymills 0:714293de3836 9210 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
ashleymills 0:714293de3836 9211 (mp_int*)rsa->dmq1->internal);
ashleymills 0:714293de3836 9212
ashleymills 0:714293de3836 9213 mp_clear(&tmp);
ashleymills 0:714293de3836 9214
ashleymills 0:714293de3836 9215 if (err == MP_OKAY)
ashleymills 0:714293de3836 9216 return SSL_SUCCESS;
ashleymills 0:714293de3836 9217 else
ashleymills 0:714293de3836 9218 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9219 }
ashleymills 0:714293de3836 9220
ashleymills 0:714293de3836 9221
ashleymills 0:714293de3836 9222 void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen,
ashleymills 0:714293de3836 9223 const EVP_MD* type)
ashleymills 0:714293de3836 9224 {
ashleymills 0:714293de3836 9225 CYASSL_MSG("CyaSSL_HMAC_Init");
ashleymills 0:714293de3836 9226
ashleymills 0:714293de3836 9227 if (ctx == NULL) {
ashleymills 0:714293de3836 9228 CYASSL_MSG("no ctx on init");
ashleymills 0:714293de3836 9229 return;
ashleymills 0:714293de3836 9230 }
ashleymills 0:714293de3836 9231
ashleymills 0:714293de3836 9232 if (type) {
ashleymills 0:714293de3836 9233 CYASSL_MSG("init has type");
ashleymills 0:714293de3836 9234
ashleymills 0:714293de3836 9235 if (XSTRNCMP(type, "MD5", 3) == 0) {
ashleymills 0:714293de3836 9236 CYASSL_MSG("md5 hmac");
ashleymills 0:714293de3836 9237 ctx->type = MD5;
ashleymills 0:714293de3836 9238 }
ashleymills 0:714293de3836 9239 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
ashleymills 0:714293de3836 9240 CYASSL_MSG("sha256 hmac");
ashleymills 0:714293de3836 9241 ctx->type = SHA256;
ashleymills 0:714293de3836 9242 }
ashleymills 0:714293de3836 9243
ashleymills 0:714293de3836 9244 /* has to be last since would pick or 256, 384, or 512 too */
ashleymills 0:714293de3836 9245 else if (XSTRNCMP(type, "SHA", 3) == 0) {
ashleymills 0:714293de3836 9246 CYASSL_MSG("sha hmac");
ashleymills 0:714293de3836 9247 ctx->type = SHA;
ashleymills 0:714293de3836 9248 }
ashleymills 0:714293de3836 9249 else {
ashleymills 0:714293de3836 9250 CYASSL_MSG("bad init type");
ashleymills 0:714293de3836 9251 }
ashleymills 0:714293de3836 9252 }
ashleymills 0:714293de3836 9253
ashleymills 0:714293de3836 9254 if (key && keylen) {
ashleymills 0:714293de3836 9255 CYASSL_MSG("keying hmac");
ashleymills 0:714293de3836 9256 HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
ashleymills 0:714293de3836 9257 }
ashleymills 0:714293de3836 9258 }
ashleymills 0:714293de3836 9259
ashleymills 0:714293de3836 9260
ashleymills 0:714293de3836 9261 void CyaSSL_HMAC_Update(CYASSL_HMAC_CTX* ctx, const unsigned char* data,
ashleymills 0:714293de3836 9262 int len)
ashleymills 0:714293de3836 9263 {
ashleymills 0:714293de3836 9264 CYASSL_MSG("CyaSSL_HMAC_Update");
ashleymills 0:714293de3836 9265
ashleymills 0:714293de3836 9266 if (ctx && data) {
ashleymills 0:714293de3836 9267 CYASSL_MSG("updating hmac");
ashleymills 0:714293de3836 9268 HmacUpdate(&ctx->hmac, data, (word32)len);
ashleymills 0:714293de3836 9269 }
ashleymills 0:714293de3836 9270 }
ashleymills 0:714293de3836 9271
ashleymills 0:714293de3836 9272
ashleymills 0:714293de3836 9273 void CyaSSL_HMAC_Final(CYASSL_HMAC_CTX* ctx, unsigned char* hash,
ashleymills 0:714293de3836 9274 unsigned int* len)
ashleymills 0:714293de3836 9275 {
ashleymills 0:714293de3836 9276 CYASSL_MSG("CyaSSL_HMAC_Final");
ashleymills 0:714293de3836 9277
ashleymills 0:714293de3836 9278 if (ctx && hash) {
ashleymills 0:714293de3836 9279 CYASSL_MSG("final hmac");
ashleymills 0:714293de3836 9280 HmacFinal(&ctx->hmac, hash);
ashleymills 0:714293de3836 9281
ashleymills 0:714293de3836 9282 if (len) {
ashleymills 0:714293de3836 9283 CYASSL_MSG("setting output len");
ashleymills 0:714293de3836 9284 switch (ctx->type) {
ashleymills 0:714293de3836 9285 case MD5:
ashleymills 0:714293de3836 9286 *len = MD5_DIGEST_SIZE;
ashleymills 0:714293de3836 9287 break;
ashleymills 0:714293de3836 9288
ashleymills 0:714293de3836 9289 case SHA:
ashleymills 0:714293de3836 9290 *len = SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 9291 break;
ashleymills 0:714293de3836 9292
ashleymills 0:714293de3836 9293 case SHA256:
ashleymills 0:714293de3836 9294 *len = SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 9295 break;
ashleymills 0:714293de3836 9296
ashleymills 0:714293de3836 9297 default:
ashleymills 0:714293de3836 9298 CYASSL_MSG("bad hmac type");
ashleymills 0:714293de3836 9299 }
ashleymills 0:714293de3836 9300 }
ashleymills 0:714293de3836 9301 }
ashleymills 0:714293de3836 9302 }
ashleymills 0:714293de3836 9303
ashleymills 0:714293de3836 9304
ashleymills 0:714293de3836 9305 void CyaSSL_HMAC_cleanup(CYASSL_HMAC_CTX* ctx)
ashleymills 0:714293de3836 9306 {
ashleymills 0:714293de3836 9307 (void)ctx;
ashleymills 0:714293de3836 9308
ashleymills 0:714293de3836 9309 CYASSL_MSG("CyaSSL_HMAC_cleanup");
ashleymills 0:714293de3836 9310 }
ashleymills 0:714293de3836 9311
ashleymills 0:714293de3836 9312
ashleymills 0:714293de3836 9313 const CYASSL_EVP_MD* CyaSSL_EVP_get_digestbynid(int id)
ashleymills 0:714293de3836 9314 {
ashleymills 0:714293de3836 9315 CYASSL_MSG("CyaSSL_get_digestbynid");
ashleymills 0:714293de3836 9316
ashleymills 0:714293de3836 9317 switch(id) {
ashleymills 0:714293de3836 9318 case NID_md5:
ashleymills 0:714293de3836 9319 return CyaSSL_EVP_md5();
ashleymills 0:714293de3836 9320
ashleymills 0:714293de3836 9321 case NID_sha1:
ashleymills 0:714293de3836 9322 return CyaSSL_EVP_sha1();
ashleymills 0:714293de3836 9323
ashleymills 0:714293de3836 9324 default:
ashleymills 0:714293de3836 9325 CYASSL_MSG("Bad digest id value");
ashleymills 0:714293de3836 9326 }
ashleymills 0:714293de3836 9327
ashleymills 0:714293de3836 9328 return NULL;
ashleymills 0:714293de3836 9329 }
ashleymills 0:714293de3836 9330
ashleymills 0:714293de3836 9331
ashleymills 0:714293de3836 9332 CYASSL_RSA* CyaSSL_EVP_PKEY_get1_RSA(CYASSL_EVP_PKEY* key)
ashleymills 0:714293de3836 9333 {
ashleymills 0:714293de3836 9334 (void)key;
ashleymills 0:714293de3836 9335 CYASSL_MSG("CyaSSL_EVP_PKEY_get1_RSA");
ashleymills 0:714293de3836 9336
ashleymills 0:714293de3836 9337 return NULL;
ashleymills 0:714293de3836 9338 }
ashleymills 0:714293de3836 9339
ashleymills 0:714293de3836 9340
ashleymills 0:714293de3836 9341 CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY* key)
ashleymills 0:714293de3836 9342 {
ashleymills 0:714293de3836 9343 (void)key;
ashleymills 0:714293de3836 9344 CYASSL_MSG("CyaSSL_EVP_PKEY_get1_DSA");
ashleymills 0:714293de3836 9345
ashleymills 0:714293de3836 9346 return NULL;
ashleymills 0:714293de3836 9347 }
ashleymills 0:714293de3836 9348
ashleymills 0:714293de3836 9349
ashleymills 0:714293de3836 9350 void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx)
ashleymills 0:714293de3836 9351 {
ashleymills 0:714293de3836 9352 CYASSL_MSG("CyaSSL_EVP_X_STATE");
ashleymills 0:714293de3836 9353
ashleymills 0:714293de3836 9354 if (ctx) {
ashleymills 0:714293de3836 9355 switch (ctx->cipherType) {
ashleymills 0:714293de3836 9356 case ARC4_TYPE:
ashleymills 0:714293de3836 9357 CYASSL_MSG("returning arc4 state");
ashleymills 0:714293de3836 9358 return (void*)&ctx->cipher.arc4.x;
ashleymills 0:714293de3836 9359 break;
ashleymills 0:714293de3836 9360
ashleymills 0:714293de3836 9361 default:
ashleymills 0:714293de3836 9362 CYASSL_MSG("bad x state type");
ashleymills 0:714293de3836 9363 return 0;
ashleymills 0:714293de3836 9364 }
ashleymills 0:714293de3836 9365 }
ashleymills 0:714293de3836 9366
ashleymills 0:714293de3836 9367 return NULL;
ashleymills 0:714293de3836 9368 }
ashleymills 0:714293de3836 9369
ashleymills 0:714293de3836 9370
ashleymills 0:714293de3836 9371 int CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx)
ashleymills 0:714293de3836 9372 {
ashleymills 0:714293de3836 9373 CYASSL_MSG("CyaSSL_EVP_X_STATE_LEN");
ashleymills 0:714293de3836 9374
ashleymills 0:714293de3836 9375 if (ctx) {
ashleymills 0:714293de3836 9376 switch (ctx->cipherType) {
ashleymills 0:714293de3836 9377 case ARC4_TYPE:
ashleymills 0:714293de3836 9378 CYASSL_MSG("returning arc4 state size");
ashleymills 0:714293de3836 9379 return sizeof(Arc4);
ashleymills 0:714293de3836 9380 break;
ashleymills 0:714293de3836 9381
ashleymills 0:714293de3836 9382 default:
ashleymills 0:714293de3836 9383 CYASSL_MSG("bad x state type");
ashleymills 0:714293de3836 9384 return 0;
ashleymills 0:714293de3836 9385 }
ashleymills 0:714293de3836 9386 }
ashleymills 0:714293de3836 9387
ashleymills 0:714293de3836 9388 return 0;
ashleymills 0:714293de3836 9389 }
ashleymills 0:714293de3836 9390
ashleymills 0:714293de3836 9391
ashleymills 0:714293de3836 9392 void CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
ashleymills 0:714293de3836 9393 unsigned char* iv, int len)
ashleymills 0:714293de3836 9394 {
ashleymills 0:714293de3836 9395 (void)len;
ashleymills 0:714293de3836 9396
ashleymills 0:714293de3836 9397 CYASSL_MSG("CyaSSL_3des_iv");
ashleymills 0:714293de3836 9398
ashleymills 0:714293de3836 9399 if (ctx == NULL || iv == NULL) {
ashleymills 0:714293de3836 9400 CYASSL_MSG("Bad function argument");
ashleymills 0:714293de3836 9401 return;
ashleymills 0:714293de3836 9402 }
ashleymills 0:714293de3836 9403
ashleymills 0:714293de3836 9404 if (doset)
ashleymills 0:714293de3836 9405 Des3_SetIV(&ctx->cipher.des3, iv);
ashleymills 0:714293de3836 9406 else
ashleymills 0:714293de3836 9407 memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
ashleymills 0:714293de3836 9408 }
ashleymills 0:714293de3836 9409
ashleymills 0:714293de3836 9410
ashleymills 0:714293de3836 9411 void CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
ashleymills 0:714293de3836 9412 unsigned char* iv, int len)
ashleymills 0:714293de3836 9413 {
ashleymills 0:714293de3836 9414 (void)len;
ashleymills 0:714293de3836 9415
ashleymills 0:714293de3836 9416 CYASSL_MSG("CyaSSL_aes_ctr_iv");
ashleymills 0:714293de3836 9417
ashleymills 0:714293de3836 9418 if (ctx == NULL || iv == NULL) {
ashleymills 0:714293de3836 9419 CYASSL_MSG("Bad function argument");
ashleymills 0:714293de3836 9420 return;
ashleymills 0:714293de3836 9421 }
ashleymills 0:714293de3836 9422
ashleymills 0:714293de3836 9423 if (doset)
ashleymills 0:714293de3836 9424 AesSetIV(&ctx->cipher.aes, iv);
ashleymills 0:714293de3836 9425 else
ashleymills 0:714293de3836 9426 memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
ashleymills 0:714293de3836 9427 }
ashleymills 0:714293de3836 9428
ashleymills 0:714293de3836 9429
ashleymills 0:714293de3836 9430 const CYASSL_EVP_MD* CyaSSL_EVP_ripemd160(void)
ashleymills 0:714293de3836 9431 {
ashleymills 0:714293de3836 9432 CYASSL_MSG("CyaSSL_ripemd160");
ashleymills 0:714293de3836 9433
ashleymills 0:714293de3836 9434 return NULL;
ashleymills 0:714293de3836 9435 }
ashleymills 0:714293de3836 9436
ashleymills 0:714293de3836 9437
ashleymills 0:714293de3836 9438 int CyaSSL_EVP_MD_size(const CYASSL_EVP_MD* type)
ashleymills 0:714293de3836 9439 {
ashleymills 0:714293de3836 9440 CYASSL_MSG("CyaSSL_EVP_MD_size");
ashleymills 0:714293de3836 9441
ashleymills 0:714293de3836 9442 if (type == NULL) {
ashleymills 0:714293de3836 9443 CYASSL_MSG("No md type arg");
ashleymills 0:714293de3836 9444 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 9445 }
ashleymills 0:714293de3836 9446
ashleymills 0:714293de3836 9447 if (XSTRNCMP(type, "MD5", 3) == 0) {
ashleymills 0:714293de3836 9448 return MD5_DIGEST_SIZE;
ashleymills 0:714293de3836 9449 }
ashleymills 0:714293de3836 9450 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
ashleymills 0:714293de3836 9451 return SHA256_DIGEST_SIZE;
ashleymills 0:714293de3836 9452 }
ashleymills 0:714293de3836 9453 #ifdef CYASSL_SHA384
ashleymills 0:714293de3836 9454 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
ashleymills 0:714293de3836 9455 return SHA384_DIGEST_SIZE;
ashleymills 0:714293de3836 9456 }
ashleymills 0:714293de3836 9457 #endif
ashleymills 0:714293de3836 9458 #ifdef CYASSL_SHA512
ashleymills 0:714293de3836 9459 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
ashleymills 0:714293de3836 9460 return SHA512_DIGEST_SIZE;
ashleymills 0:714293de3836 9461 }
ashleymills 0:714293de3836 9462 #endif
ashleymills 0:714293de3836 9463 /* has to be last since would pick or 256, 384, or 512 too */
ashleymills 0:714293de3836 9464 else if (XSTRNCMP(type, "SHA", 3) == 0) {
ashleymills 0:714293de3836 9465 return SHA_DIGEST_SIZE;
ashleymills 0:714293de3836 9466 }
ashleymills 0:714293de3836 9467
ashleymills 0:714293de3836 9468 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 9469 }
ashleymills 0:714293de3836 9470
ashleymills 0:714293de3836 9471
ashleymills 0:714293de3836 9472 int CyaSSL_EVP_CIPHER_CTX_iv_length(const CYASSL_EVP_CIPHER_CTX* ctx)
ashleymills 0:714293de3836 9473 {
ashleymills 0:714293de3836 9474 CYASSL_MSG("CyaSSL_EVP_CIPHER_CTX_iv_length");
ashleymills 0:714293de3836 9475
ashleymills 0:714293de3836 9476 switch (ctx->cipherType) {
ashleymills 0:714293de3836 9477
ashleymills 0:714293de3836 9478 case AES_128_CBC_TYPE :
ashleymills 0:714293de3836 9479 case AES_192_CBC_TYPE :
ashleymills 0:714293de3836 9480 case AES_256_CBC_TYPE :
ashleymills 0:714293de3836 9481 CYASSL_MSG("AES CBC");
ashleymills 0:714293de3836 9482 return AES_BLOCK_SIZE;
ashleymills 0:714293de3836 9483 break;
ashleymills 0:714293de3836 9484
ashleymills 0:714293de3836 9485 #ifdef CYASSL_AES_COUNTER
ashleymills 0:714293de3836 9486 case AES_128_CTR_TYPE :
ashleymills 0:714293de3836 9487 case AES_192_CTR_TYPE :
ashleymills 0:714293de3836 9488 case AES_256_CTR_TYPE :
ashleymills 0:714293de3836 9489 CYASSL_MSG("AES CTR");
ashleymills 0:714293de3836 9490 return AES_BLOCK_SIZE;
ashleymills 0:714293de3836 9491 break;
ashleymills 0:714293de3836 9492 #endif
ashleymills 0:714293de3836 9493
ashleymills 0:714293de3836 9494 case DES_CBC_TYPE :
ashleymills 0:714293de3836 9495 CYASSL_MSG("DES CBC");
ashleymills 0:714293de3836 9496 return DES_BLOCK_SIZE;
ashleymills 0:714293de3836 9497 break;
ashleymills 0:714293de3836 9498
ashleymills 0:714293de3836 9499 case DES_EDE3_CBC_TYPE :
ashleymills 0:714293de3836 9500 CYASSL_MSG("DES EDE3 CBC");
ashleymills 0:714293de3836 9501 return DES_BLOCK_SIZE;
ashleymills 0:714293de3836 9502 break;
ashleymills 0:714293de3836 9503
ashleymills 0:714293de3836 9504 case ARC4_TYPE :
ashleymills 0:714293de3836 9505 CYASSL_MSG("ARC4");
ashleymills 0:714293de3836 9506 return 0;
ashleymills 0:714293de3836 9507 break;
ashleymills 0:714293de3836 9508
ashleymills 0:714293de3836 9509 case NULL_CIPHER_TYPE :
ashleymills 0:714293de3836 9510 CYASSL_MSG("NULL");
ashleymills 0:714293de3836 9511 return 0;
ashleymills 0:714293de3836 9512 break;
ashleymills 0:714293de3836 9513
ashleymills 0:714293de3836 9514 default: {
ashleymills 0:714293de3836 9515 CYASSL_MSG("bad type");
ashleymills 0:714293de3836 9516 }
ashleymills 0:714293de3836 9517 }
ashleymills 0:714293de3836 9518 return 0;
ashleymills 0:714293de3836 9519 }
ashleymills 0:714293de3836 9520
ashleymills 0:714293de3836 9521
ashleymills 0:714293de3836 9522 void CyaSSL_OPENSSL_free(void* p)
ashleymills 0:714293de3836 9523 {
ashleymills 0:714293de3836 9524 CYASSL_MSG("CyaSSL_OPENSSL_free");
ashleymills 0:714293de3836 9525
ashleymills 0:714293de3836 9526 XFREE(p, NULL, 0);
ashleymills 0:714293de3836 9527 }
ashleymills 0:714293de3836 9528
ashleymills 0:714293de3836 9529
ashleymills 0:714293de3836 9530 int CyaSSL_PEM_write_bio_RSAPrivateKey(CYASSL_BIO* bio, RSA* rsa,
ashleymills 0:714293de3836 9531 const EVP_CIPHER* cipher,
ashleymills 0:714293de3836 9532 unsigned char* passwd, int len,
ashleymills 0:714293de3836 9533 pem_password_cb cb, void* arg)
ashleymills 0:714293de3836 9534 {
ashleymills 0:714293de3836 9535 (void)bio;
ashleymills 0:714293de3836 9536 (void)rsa;
ashleymills 0:714293de3836 9537 (void)cipher;
ashleymills 0:714293de3836 9538 (void)passwd;
ashleymills 0:714293de3836 9539 (void)len;
ashleymills 0:714293de3836 9540 (void)cb;
ashleymills 0:714293de3836 9541 (void)arg;
ashleymills 0:714293de3836 9542
ashleymills 0:714293de3836 9543 CYASSL_MSG("CyaSSL_PEM_write_bio_RSAPrivateKey");
ashleymills 0:714293de3836 9544
ashleymills 0:714293de3836 9545 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9546 }
ashleymills 0:714293de3836 9547
ashleymills 0:714293de3836 9548
ashleymills 0:714293de3836 9549
ashleymills 0:714293de3836 9550 int CyaSSL_PEM_write_bio_DSAPrivateKey(CYASSL_BIO* bio, DSA* rsa,
ashleymills 0:714293de3836 9551 const EVP_CIPHER* cipher,
ashleymills 0:714293de3836 9552 unsigned char* passwd, int len,
ashleymills 0:714293de3836 9553 pem_password_cb cb, void* arg)
ashleymills 0:714293de3836 9554 {
ashleymills 0:714293de3836 9555 (void)bio;
ashleymills 0:714293de3836 9556 (void)rsa;
ashleymills 0:714293de3836 9557 (void)cipher;
ashleymills 0:714293de3836 9558 (void)passwd;
ashleymills 0:714293de3836 9559 (void)len;
ashleymills 0:714293de3836 9560 (void)cb;
ashleymills 0:714293de3836 9561 (void)arg;
ashleymills 0:714293de3836 9562
ashleymills 0:714293de3836 9563 CYASSL_MSG("CyaSSL_PEM_write_bio_DSAPrivateKey");
ashleymills 0:714293de3836 9564
ashleymills 0:714293de3836 9565 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9566 }
ashleymills 0:714293de3836 9567
ashleymills 0:714293de3836 9568
ashleymills 0:714293de3836 9569
ashleymills 0:714293de3836 9570 CYASSL_EVP_PKEY* CyaSSL_PEM_read_bio_PrivateKey(CYASSL_BIO* bio,
ashleymills 0:714293de3836 9571 CYASSL_EVP_PKEY** key, pem_password_cb cb, void* arg)
ashleymills 0:714293de3836 9572 {
ashleymills 0:714293de3836 9573 (void)bio;
ashleymills 0:714293de3836 9574 (void)key;
ashleymills 0:714293de3836 9575 (void)cb;
ashleymills 0:714293de3836 9576 (void)arg;
ashleymills 0:714293de3836 9577
ashleymills 0:714293de3836 9578 CYASSL_MSG("CyaSSL_PEM_read_bio_PrivateKey");
ashleymills 0:714293de3836 9579
ashleymills 0:714293de3836 9580 return NULL;
ashleymills 0:714293de3836 9581 }
ashleymills 0:714293de3836 9582
ashleymills 0:714293de3836 9583
ashleymills 0:714293de3836 9584
ashleymills 0:714293de3836 9585 /* Return bytes written to buff or < 0 for error */
ashleymills 0:714293de3836 9586 int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
ashleymills 0:714293de3836 9587 int buffSz, const char* pass)
ashleymills 0:714293de3836 9588 {
ashleymills 0:714293de3836 9589 EncryptedInfo info;
ashleymills 0:714293de3836 9590 int eccKey = 0;
ashleymills 0:714293de3836 9591 int ret;
ashleymills 0:714293de3836 9592 buffer der;
ashleymills 0:714293de3836 9593
ashleymills 0:714293de3836 9594 (void)pass;
ashleymills 0:714293de3836 9595
ashleymills 0:714293de3836 9596 CYASSL_ENTER("CyaSSL_KeyPemToDer");
ashleymills 0:714293de3836 9597
ashleymills 0:714293de3836 9598 if (pem == NULL || buff == NULL || buffSz <= 0) {
ashleymills 0:714293de3836 9599 CYASSL_MSG("Bad pem der args");
ashleymills 0:714293de3836 9600 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 9601 }
ashleymills 0:714293de3836 9602
ashleymills 0:714293de3836 9603 info.set = 0;
ashleymills 0:714293de3836 9604 info.ctx = NULL;
ashleymills 0:714293de3836 9605 info.consumed = 0;
ashleymills 0:714293de3836 9606 der.buffer = NULL;
ashleymills 0:714293de3836 9607
ashleymills 0:714293de3836 9608 ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, &info, &eccKey);
ashleymills 0:714293de3836 9609 if (ret < 0) {
ashleymills 0:714293de3836 9610 CYASSL_MSG("Bad Pem To Der");
ashleymills 0:714293de3836 9611 }
ashleymills 0:714293de3836 9612 else {
ashleymills 0:714293de3836 9613 if (der.length <= (word32)buffSz) {
ashleymills 0:714293de3836 9614 XMEMCPY(buff, der.buffer, der.length);
ashleymills 0:714293de3836 9615 ret = der.length;
ashleymills 0:714293de3836 9616 }
ashleymills 0:714293de3836 9617 else {
ashleymills 0:714293de3836 9618 CYASSL_MSG("Bad der length");
ashleymills 0:714293de3836 9619 ret = BAD_FUNC_ARG;
ashleymills 0:714293de3836 9620 }
ashleymills 0:714293de3836 9621 }
ashleymills 0:714293de3836 9622
ashleymills 0:714293de3836 9623 XFREE(der.buffer, NULL, DYANMIC_KEY_TYPE);
ashleymills 0:714293de3836 9624
ashleymills 0:714293de3836 9625 return ret;
ashleymills 0:714293de3836 9626 }
ashleymills 0:714293de3836 9627
ashleymills 0:714293de3836 9628
ashleymills 0:714293de3836 9629 /* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
ashleymills 0:714293de3836 9630 int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
ashleymills 0:714293de3836 9631 {
ashleymills 0:714293de3836 9632 word32 idx = 0;
ashleymills 0:714293de3836 9633 int ret;
ashleymills 0:714293de3836 9634
ashleymills 0:714293de3836 9635 CYASSL_ENTER("CyaSSL_RSA_LoadDer");
ashleymills 0:714293de3836 9636
ashleymills 0:714293de3836 9637 if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) {
ashleymills 0:714293de3836 9638 CYASSL_MSG("Bad function arguments");
ashleymills 0:714293de3836 9639 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 9640 }
ashleymills 0:714293de3836 9641
ashleymills 0:714293de3836 9642 ret = RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz);
ashleymills 0:714293de3836 9643 if (ret < 0) {
ashleymills 0:714293de3836 9644 CYASSL_MSG("RsaPrivateKeyDecode failed");
ashleymills 0:714293de3836 9645 return ret;
ashleymills 0:714293de3836 9646 }
ashleymills 0:714293de3836 9647
ashleymills 0:714293de3836 9648 if (SetRsaExternal(rsa) < 0) {
ashleymills 0:714293de3836 9649 CYASSL_MSG("SetRsaExternal failed");
ashleymills 0:714293de3836 9650 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9651 }
ashleymills 0:714293de3836 9652
ashleymills 0:714293de3836 9653 rsa->inSet = 1;
ashleymills 0:714293de3836 9654
ashleymills 0:714293de3836 9655 return SSL_SUCCESS;
ashleymills 0:714293de3836 9656 }
ashleymills 0:714293de3836 9657
ashleymills 0:714293de3836 9658
ashleymills 0:714293de3836 9659 #ifndef NO_DSA
ashleymills 0:714293de3836 9660 /* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
ashleymills 0:714293de3836 9661 int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
ashleymills 0:714293de3836 9662 {
ashleymills 0:714293de3836 9663 word32 idx = 0;
ashleymills 0:714293de3836 9664 int ret;
ashleymills 0:714293de3836 9665
ashleymills 0:714293de3836 9666 CYASSL_ENTER("CyaSSL_DSA_LoadDer");
ashleymills 0:714293de3836 9667
ashleymills 0:714293de3836 9668 if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) {
ashleymills 0:714293de3836 9669 CYASSL_MSG("Bad function arguments");
ashleymills 0:714293de3836 9670 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 9671 }
ashleymills 0:714293de3836 9672
ashleymills 0:714293de3836 9673 ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz);
ashleymills 0:714293de3836 9674 if (ret < 0) {
ashleymills 0:714293de3836 9675 CYASSL_MSG("DsaPrivateKeyDecode failed");
ashleymills 0:714293de3836 9676 return ret;
ashleymills 0:714293de3836 9677 }
ashleymills 0:714293de3836 9678
ashleymills 0:714293de3836 9679 if (SetDsaExternal(dsa) < 0) {
ashleymills 0:714293de3836 9680 CYASSL_MSG("SetDsaExternal failed");
ashleymills 0:714293de3836 9681 return SSL_FATAL_ERROR;
ashleymills 0:714293de3836 9682 }
ashleymills 0:714293de3836 9683
ashleymills 0:714293de3836 9684 dsa->inSet = 1;
ashleymills 0:714293de3836 9685
ashleymills 0:714293de3836 9686 return SSL_SUCCESS;
ashleymills 0:714293de3836 9687 }
ashleymills 0:714293de3836 9688 #endif /* NO_DSA */
ashleymills 0:714293de3836 9689
ashleymills 0:714293de3836 9690
ashleymills 0:714293de3836 9691
ashleymills 0:714293de3836 9692
ashleymills 0:714293de3836 9693 #endif /* OPENSSL_EXTRA */
ashleymills 0:714293de3836 9694
ashleymills 0:714293de3836 9695
ashleymills 0:714293de3836 9696 #ifdef SESSION_CERTS
ashleymills 0:714293de3836 9697
ashleymills 0:714293de3836 9698
ashleymills 0:714293de3836 9699 /* Get peer's certificate chain */
ashleymills 0:714293de3836 9700 CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl)
ashleymills 0:714293de3836 9701 {
ashleymills 0:714293de3836 9702 CYASSL_ENTER("CyaSSL_get_peer_chain");
ashleymills 0:714293de3836 9703 if (ssl)
ashleymills 0:714293de3836 9704 return &ssl->session.chain;
ashleymills 0:714293de3836 9705
ashleymills 0:714293de3836 9706 return 0;
ashleymills 0:714293de3836 9707 }
ashleymills 0:714293de3836 9708
ashleymills 0:714293de3836 9709
ashleymills 0:714293de3836 9710 /* Get peer's certificate chain total count */
ashleymills 0:714293de3836 9711 int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain)
ashleymills 0:714293de3836 9712 {
ashleymills 0:714293de3836 9713 CYASSL_ENTER("CyaSSL_get_chain_count");
ashleymills 0:714293de3836 9714 if (chain)
ashleymills 0:714293de3836 9715 return chain->count;
ashleymills 0:714293de3836 9716
ashleymills 0:714293de3836 9717 return 0;
ashleymills 0:714293de3836 9718 }
ashleymills 0:714293de3836 9719
ashleymills 0:714293de3836 9720
ashleymills 0:714293de3836 9721 /* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */
ashleymills 0:714293de3836 9722 int CyaSSL_get_chain_length(CYASSL_X509_CHAIN* chain, int idx)
ashleymills 0:714293de3836 9723 {
ashleymills 0:714293de3836 9724 CYASSL_ENTER("CyaSSL_get_chain_length");
ashleymills 0:714293de3836 9725 if (chain)
ashleymills 0:714293de3836 9726 return chain->certs[idx].length;
ashleymills 0:714293de3836 9727
ashleymills 0:714293de3836 9728 return 0;
ashleymills 0:714293de3836 9729 }
ashleymills 0:714293de3836 9730
ashleymills 0:714293de3836 9731
ashleymills 0:714293de3836 9732 /* Get peer's ASN.1 DER ceritifcate at index (idx) */
ashleymills 0:714293de3836 9733 byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx)
ashleymills 0:714293de3836 9734 {
ashleymills 0:714293de3836 9735 CYASSL_ENTER("CyaSSL_get_chain_cert");
ashleymills 0:714293de3836 9736 if (chain)
ashleymills 0:714293de3836 9737 return chain->certs[idx].buffer;
ashleymills 0:714293de3836 9738
ashleymills 0:714293de3836 9739 return 0;
ashleymills 0:714293de3836 9740 }
ashleymills 0:714293de3836 9741
ashleymills 0:714293de3836 9742
ashleymills 0:714293de3836 9743 /* Get peer's CyaSSL X509 ceritifcate at index (idx) */
ashleymills 0:714293de3836 9744 CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx)
ashleymills 0:714293de3836 9745 {
ashleymills 0:714293de3836 9746 int ret;
ashleymills 0:714293de3836 9747 CYASSL_X509* x509;
ashleymills 0:714293de3836 9748 DecodedCert dCert;
ashleymills 0:714293de3836 9749
ashleymills 0:714293de3836 9750 CYASSL_ENTER("CyaSSL_get_chain_X509");
ashleymills 0:714293de3836 9751 if (chain == NULL)
ashleymills 0:714293de3836 9752 return NULL;
ashleymills 0:714293de3836 9753
ashleymills 0:714293de3836 9754 InitDecodedCert(&dCert, chain->certs[idx].buffer, chain->certs[idx].length,
ashleymills 0:714293de3836 9755 NULL);
ashleymills 0:714293de3836 9756 ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
ashleymills 0:714293de3836 9757 if (ret != 0) {
ashleymills 0:714293de3836 9758 CYASSL_MSG("Failed to parse cert");
ashleymills 0:714293de3836 9759 FreeDecodedCert(&dCert);
ashleymills 0:714293de3836 9760 return NULL;
ashleymills 0:714293de3836 9761 }
ashleymills 0:714293de3836 9762
ashleymills 0:714293de3836 9763 x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL, DYNAMIC_TYPE_X509);
ashleymills 0:714293de3836 9764 if (x509 == NULL) {
ashleymills 0:714293de3836 9765 CYASSL_MSG("Failed alloc X509");
ashleymills 0:714293de3836 9766 FreeDecodedCert(&dCert);
ashleymills 0:714293de3836 9767 return NULL;
ashleymills 0:714293de3836 9768 }
ashleymills 0:714293de3836 9769 InitX509(x509, 1);
ashleymills 0:714293de3836 9770
ashleymills 0:714293de3836 9771 ret = CopyDecodedToX509(x509, &dCert);
ashleymills 0:714293de3836 9772 if (ret != 0) {
ashleymills 0:714293de3836 9773 CYASSL_MSG("Failed to copy decoded");
ashleymills 0:714293de3836 9774 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
ashleymills 0:714293de3836 9775 x509 = NULL;
ashleymills 0:714293de3836 9776 }
ashleymills 0:714293de3836 9777 FreeDecodedCert(&dCert);
ashleymills 0:714293de3836 9778
ashleymills 0:714293de3836 9779 return x509;
ashleymills 0:714293de3836 9780 }
ashleymills 0:714293de3836 9781
ashleymills 0:714293de3836 9782
ashleymills 0:714293de3836 9783 /* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
ashleymills 0:714293de3836 9784 enough else return error (-1), output length is in *outLen
ashleymills 0:714293de3836 9785 SSL_SUCCESS on ok */
ashleymills 0:714293de3836 9786 int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx,
ashleymills 0:714293de3836 9787 unsigned char* buf, int inLen, int* outLen)
ashleymills 0:714293de3836 9788 {
ashleymills 0:714293de3836 9789 const char header[] = "-----BEGIN CERTIFICATE-----\n";
ashleymills 0:714293de3836 9790 const char footer[] = "-----END CERTIFICATE-----\n";
ashleymills 0:714293de3836 9791
ashleymills 0:714293de3836 9792 int headerLen = sizeof(header) - 1;
ashleymills 0:714293de3836 9793 int footerLen = sizeof(footer) - 1;
ashleymills 0:714293de3836 9794 int i;
ashleymills 0:714293de3836 9795 int err;
ashleymills 0:714293de3836 9796
ashleymills 0:714293de3836 9797 CYASSL_ENTER("CyaSSL_get_chain_cert_pem");
ashleymills 0:714293de3836 9798 if (!chain || !outLen || !buf)
ashleymills 0:714293de3836 9799 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 9800
ashleymills 0:714293de3836 9801 /* don't even try if inLen too short */
ashleymills 0:714293de3836 9802 if (inLen < headerLen + footerLen + chain->certs[idx].length)
ashleymills 0:714293de3836 9803 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 9804
ashleymills 0:714293de3836 9805 /* header */
ashleymills 0:714293de3836 9806 XMEMCPY(buf, header, headerLen);
ashleymills 0:714293de3836 9807 i = headerLen;
ashleymills 0:714293de3836 9808
ashleymills 0:714293de3836 9809 /* body */
ashleymills 0:714293de3836 9810 *outLen = inLen; /* input to Base64_Encode */
ashleymills 0:714293de3836 9811 if ( (err = Base64_Encode(chain->certs[idx].buffer,
ashleymills 0:714293de3836 9812 chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
ashleymills 0:714293de3836 9813 return err;
ashleymills 0:714293de3836 9814 i += *outLen;
ashleymills 0:714293de3836 9815
ashleymills 0:714293de3836 9816 /* footer */
ashleymills 0:714293de3836 9817 if ( (i + footerLen) > inLen)
ashleymills 0:714293de3836 9818 return BAD_FUNC_ARG;
ashleymills 0:714293de3836 9819 XMEMCPY(buf + i, footer, footerLen);
ashleymills 0:714293de3836 9820 *outLen += headerLen + footerLen;
ashleymills 0:714293de3836 9821
ashleymills 0:714293de3836 9822 return SSL_SUCCESS;
ashleymills 0:714293de3836 9823 }
ashleymills 0:714293de3836 9824
ashleymills 0:714293de3836 9825
ashleymills 0:714293de3836 9826 /* get session ID */
ashleymills 0:714293de3836 9827 const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
ashleymills 0:714293de3836 9828 {
ashleymills 0:714293de3836 9829 CYASSL_ENTER("CyaSSL_get_sessionID");
ashleymills 0:714293de3836 9830 if (session)
ashleymills 0:714293de3836 9831 return session->sessionID;
ashleymills 0:714293de3836 9832
ashleymills 0:714293de3836 9833 return NULL;
ashleymills 0:714293de3836 9834 }
ashleymills 0:714293de3836 9835
ashleymills 0:714293de3836 9836
ashleymills 0:714293de3836 9837 #endif /* SESSION_CERTS */
ashleymills 0:714293de3836 9838
ashleymills 0:714293de3836 9839
ashleymills 0:714293de3836 9840 long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options)
ashleymills 0:714293de3836 9841 {
ashleymills 0:714293de3836 9842 CYASSL_ENTER("CyaSSL_CTX_OCSP_set_options");
ashleymills 0:714293de3836 9843 #ifdef HAVE_OCSP
ashleymills 0:714293de3836 9844 if (ctx != NULL) {
ashleymills 0:714293de3836 9845 ctx->ocsp.enabled = (options & CYASSL_OCSP_ENABLE) != 0;
ashleymills 0:714293de3836 9846 ctx->ocsp.useOverrideUrl = (options & CYASSL_OCSP_URL_OVERRIDE) != 0;
ashleymills 0:714293de3836 9847 ctx->ocsp.useNonce = (options & CYASSL_OCSP_NO_NONCE) == 0;
ashleymills 0:714293de3836 9848 return 1;
ashleymills 0:714293de3836 9849 }
ashleymills 0:714293de3836 9850 return 0;
ashleymills 0:714293de3836 9851 #else
ashleymills 0:714293de3836 9852 (void)ctx;
ashleymills 0:714293de3836 9853 (void)options;
ashleymills 0:714293de3836 9854 return NOT_COMPILED_IN;
ashleymills 0:714293de3836 9855 #endif
ashleymills 0:714293de3836 9856 }
ashleymills 0:714293de3836 9857
ashleymills 0:714293de3836 9858
ashleymills 0:714293de3836 9859 int CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX* ctx, const char* url)
ashleymills 0:714293de3836 9860 {
ashleymills 0:714293de3836 9861 CYASSL_ENTER("CyaSSL_CTX_OCSP_set_override_url");
ashleymills 0:714293de3836 9862 #ifdef HAVE_OCSP
ashleymills 0:714293de3836 9863 return CyaSSL_OCSP_set_override_url(&ctx->ocsp, url);
ashleymills 0:714293de3836 9864 #else
ashleymills 0:714293de3836 9865 (void)ctx;
ashleymills 0:714293de3836 9866 (void)url;
ashleymills 0:714293de3836 9867 return NOT_COMPILED_IN;
ashleymills 0:714293de3836 9868 #endif
ashleymills 0:714293de3836 9869 }
ashleymills 0:714293de3836 9870
ashleymills 0:714293de3836 9871