fork of cyassl-lib
Dependents: TLS_cyassl TLS_cyassl
ssl.c@0:714293de3836, 2013-09-05 (annotated)
- Committer:
- ashleymills
- Date:
- Thu Sep 05 10:33:04 2013 +0000
- Revision:
- 0:714293de3836
Initial commit
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
ashleymills | 0:714293de3836 | 1 | /* ssl.c |
ashleymills | 0:714293de3836 | 2 | * |
ashleymills | 0:714293de3836 | 3 | * Copyright (C) 2006-2013 wolfSSL Inc. |
ashleymills | 0:714293de3836 | 4 | * |
ashleymills | 0:714293de3836 | 5 | * This file is part of CyaSSL. |
ashleymills | 0:714293de3836 | 6 | * |
ashleymills | 0:714293de3836 | 7 | * CyaSSL is free software; you can redistribute it and/or modify |
ashleymills | 0:714293de3836 | 8 | * it under the terms of the GNU General Public License as published by |
ashleymills | 0:714293de3836 | 9 | * the Free Software Foundation; either version 2 of the License, or |
ashleymills | 0:714293de3836 | 10 | * (at your option) any later version. |
ashleymills | 0:714293de3836 | 11 | * |
ashleymills | 0:714293de3836 | 12 | * CyaSSL is distributed in the hope that it will be useful, |
ashleymills | 0:714293de3836 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
ashleymills | 0:714293de3836 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
ashleymills | 0:714293de3836 | 15 | * GNU General Public License for more details. |
ashleymills | 0:714293de3836 | 16 | * |
ashleymills | 0:714293de3836 | 17 | * You should have received a copy of the GNU General Public License |
ashleymills | 0:714293de3836 | 18 | * along with this program; if not, write to the Free Software |
ashleymills | 0:714293de3836 | 19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA |
ashleymills | 0:714293de3836 | 20 | */ |
ashleymills | 0:714293de3836 | 21 | |
ashleymills | 0:714293de3836 | 22 | #ifdef HAVE_CONFIG_H |
ashleymills | 0:714293de3836 | 23 | #include <config.h> |
ashleymills | 0:714293de3836 | 24 | #endif |
ashleymills | 0:714293de3836 | 25 | |
ashleymills | 0:714293de3836 | 26 | #include <cyassl/ctaocrypt/settings.h> |
ashleymills | 0:714293de3836 | 27 | |
ashleymills | 0:714293de3836 | 28 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:714293de3836 | 29 | #include <errno.h> |
ashleymills | 0:714293de3836 | 30 | #endif |
ashleymills | 0:714293de3836 | 31 | |
ashleymills | 0:714293de3836 | 32 | |
ashleymills | 0:714293de3836 | 33 | #include <cyassl/ssl.h> |
ashleymills | 0:714293de3836 | 34 | #include <cyassl/internal.h> |
ashleymills | 0:714293de3836 | 35 | #include <cyassl/ctaoerror.h> |
ashleymills | 0:714293de3836 | 36 | #include <cyassl/ctaocrypt/coding.h> |
ashleymills | 0:714293de3836 | 37 | |
ashleymills | 0:714293de3836 | 38 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
ashleymills | 0:714293de3836 | 39 | #include <cyassl/openssl/evp.h> |
ashleymills | 0:714293de3836 | 40 | #endif |
ashleymills | 0:714293de3836 | 41 | |
ashleymills | 0:714293de3836 | 42 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:714293de3836 | 43 | /* openssl headers begin */ |
ashleymills | 0:714293de3836 | 44 | #include <cyassl/openssl/hmac.h> |
ashleymills | 0:714293de3836 | 45 | #include <cyassl/openssl/crypto.h> |
ashleymills | 0:714293de3836 | 46 | #include <cyassl/openssl/des.h> |
ashleymills | 0:714293de3836 | 47 | #include <cyassl/openssl/bn.h> |
ashleymills | 0:714293de3836 | 48 | #include <cyassl/openssl/dh.h> |
ashleymills | 0:714293de3836 | 49 | #include <cyassl/openssl/rsa.h> |
ashleymills | 0:714293de3836 | 50 | #include <cyassl/openssl/pem.h> |
ashleymills | 0:714293de3836 | 51 | /* openssl headers end, cyassl internal headers next */ |
ashleymills | 0:714293de3836 | 52 | #include <cyassl/ctaocrypt/hmac.h> |
ashleymills | 0:714293de3836 | 53 | #include <cyassl/ctaocrypt/random.h> |
ashleymills | 0:714293de3836 | 54 | #include <cyassl/ctaocrypt/des3.h> |
ashleymills | 0:714293de3836 | 55 | #include <cyassl/ctaocrypt/md4.h> |
ashleymills | 0:714293de3836 | 56 | #include <cyassl/ctaocrypt/md5.h> |
ashleymills | 0:714293de3836 | 57 | #include <cyassl/ctaocrypt/arc4.h> |
ashleymills | 0:714293de3836 | 58 | #ifdef CYASSL_SHA512 |
ashleymills | 0:714293de3836 | 59 | #include <cyassl/ctaocrypt/sha512.h> |
ashleymills | 0:714293de3836 | 60 | #endif |
ashleymills | 0:714293de3836 | 61 | #endif |
ashleymills | 0:714293de3836 | 62 | |
ashleymills | 0:714293de3836 | 63 | #ifndef NO_FILESYSTEM |
ashleymills | 0:714293de3836 | 64 | #if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \ |
ashleymills | 0:714293de3836 | 65 | && !defined(EBSNET) |
ashleymills | 0:714293de3836 | 66 | #include <dirent.h> |
ashleymills | 0:714293de3836 | 67 | #include <sys/stat.h> |
ashleymills | 0:714293de3836 | 68 | #endif |
ashleymills | 0:714293de3836 | 69 | #ifdef EBSNET |
ashleymills | 0:714293de3836 | 70 | #include "vfapi.h" |
ashleymills | 0:714293de3836 | 71 | #include "vfile.h" |
ashleymills | 0:714293de3836 | 72 | #endif |
ashleymills | 0:714293de3836 | 73 | #endif /* NO_FILESYSTEM */ |
ashleymills | 0:714293de3836 | 74 | |
ashleymills | 0:714293de3836 | 75 | #ifndef TRUE |
ashleymills | 0:714293de3836 | 76 | #define TRUE 1 |
ashleymills | 0:714293de3836 | 77 | #endif |
ashleymills | 0:714293de3836 | 78 | #ifndef FALSE |
ashleymills | 0:714293de3836 | 79 | #define FALSE 0 |
ashleymills | 0:714293de3836 | 80 | #endif |
ashleymills | 0:714293de3836 | 81 | |
ashleymills | 0:714293de3836 | 82 | #ifndef min |
ashleymills | 0:714293de3836 | 83 | |
ashleymills | 0:714293de3836 | 84 | static INLINE word32 min(word32 a, word32 b) |
ashleymills | 0:714293de3836 | 85 | { |
ashleymills | 0:714293de3836 | 86 | return a > b ? b : a; |
ashleymills | 0:714293de3836 | 87 | } |
ashleymills | 0:714293de3836 | 88 | |
ashleymills | 0:714293de3836 | 89 | #endif /* min */ |
ashleymills | 0:714293de3836 | 90 | |
ashleymills | 0:714293de3836 | 91 | #ifndef max |
ashleymills | 0:714293de3836 | 92 | |
ashleymills | 0:714293de3836 | 93 | static INLINE word32 max(word32 a, word32 b) |
ashleymills | 0:714293de3836 | 94 | { |
ashleymills | 0:714293de3836 | 95 | return a > b ? a : b; |
ashleymills | 0:714293de3836 | 96 | } |
ashleymills | 0:714293de3836 | 97 | |
ashleymills | 0:714293de3836 | 98 | #endif /* min */ |
ashleymills | 0:714293de3836 | 99 | |
ashleymills | 0:714293de3836 | 100 | |
ashleymills | 0:714293de3836 | 101 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:714293de3836 | 102 | char* mystrnstr(const char* s1, const char* s2, unsigned int n) |
ashleymills | 0:714293de3836 | 103 | { |
ashleymills | 0:714293de3836 | 104 | unsigned int s2_len = (unsigned int)XSTRLEN(s2); |
ashleymills | 0:714293de3836 | 105 | |
ashleymills | 0:714293de3836 | 106 | if (s2_len == 0) |
ashleymills | 0:714293de3836 | 107 | return (char*)s1; |
ashleymills | 0:714293de3836 | 108 | |
ashleymills | 0:714293de3836 | 109 | while (n >= s2_len && s1[0]) { |
ashleymills | 0:714293de3836 | 110 | if (s1[0] == s2[0]) |
ashleymills | 0:714293de3836 | 111 | if (XMEMCMP(s1, s2, s2_len) == 0) |
ashleymills | 0:714293de3836 | 112 | return (char*)s1; |
ashleymills | 0:714293de3836 | 113 | s1++; |
ashleymills | 0:714293de3836 | 114 | n--; |
ashleymills | 0:714293de3836 | 115 | } |
ashleymills | 0:714293de3836 | 116 | |
ashleymills | 0:714293de3836 | 117 | return NULL; |
ashleymills | 0:714293de3836 | 118 | } |
ashleymills | 0:714293de3836 | 119 | #endif |
ashleymills | 0:714293de3836 | 120 | |
ashleymills | 0:714293de3836 | 121 | |
ashleymills | 0:714293de3836 | 122 | /* prevent multiple mutex initializations */ |
ashleymills | 0:714293de3836 | 123 | static volatile int initRefCount = 0; |
ashleymills | 0:714293de3836 | 124 | static CyaSSL_Mutex count_mutex; /* init ref count mutex */ |
ashleymills | 0:714293de3836 | 125 | |
ashleymills | 0:714293de3836 | 126 | |
ashleymills | 0:714293de3836 | 127 | |
ashleymills | 0:714293de3836 | 128 | CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD* method) |
ashleymills | 0:714293de3836 | 129 | { |
ashleymills | 0:714293de3836 | 130 | CYASSL_CTX* ctx = NULL; |
ashleymills | 0:714293de3836 | 131 | |
ashleymills | 0:714293de3836 | 132 | CYASSL_ENTER("CYASSL_CTX_new"); |
ashleymills | 0:714293de3836 | 133 | |
ashleymills | 0:714293de3836 | 134 | if (initRefCount == 0) |
ashleymills | 0:714293de3836 | 135 | CyaSSL_Init(); /* user no longer forced to call Init themselves */ |
ashleymills | 0:714293de3836 | 136 | |
ashleymills | 0:714293de3836 | 137 | if (method == NULL) |
ashleymills | 0:714293de3836 | 138 | return ctx; |
ashleymills | 0:714293de3836 | 139 | |
ashleymills | 0:714293de3836 | 140 | ctx = (CYASSL_CTX*) XMALLOC(sizeof(CYASSL_CTX), 0, DYNAMIC_TYPE_CTX); |
ashleymills | 0:714293de3836 | 141 | if (ctx) { |
ashleymills | 0:714293de3836 | 142 | if (InitSSL_Ctx(ctx, method) < 0) { |
ashleymills | 0:714293de3836 | 143 | CYASSL_MSG("Init CTX failed"); |
ashleymills | 0:714293de3836 | 144 | CyaSSL_CTX_free(ctx); |
ashleymills | 0:714293de3836 | 145 | ctx = NULL; |
ashleymills | 0:714293de3836 | 146 | } |
ashleymills | 0:714293de3836 | 147 | } |
ashleymills | 0:714293de3836 | 148 | else { |
ashleymills | 0:714293de3836 | 149 | CYASSL_MSG("Alloc CTX failed, method freed"); |
ashleymills | 0:714293de3836 | 150 | XFREE(method, NULL, DYNAMIC_TYPE_METHOD); |
ashleymills | 0:714293de3836 | 151 | } |
ashleymills | 0:714293de3836 | 152 | |
ashleymills | 0:714293de3836 | 153 | CYASSL_LEAVE("CYASSL_CTX_new", 0); |
ashleymills | 0:714293de3836 | 154 | return ctx; |
ashleymills | 0:714293de3836 | 155 | } |
ashleymills | 0:714293de3836 | 156 | |
ashleymills | 0:714293de3836 | 157 | |
ashleymills | 0:714293de3836 | 158 | void CyaSSL_CTX_free(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 159 | { |
ashleymills | 0:714293de3836 | 160 | CYASSL_ENTER("SSL_CTX_free"); |
ashleymills | 0:714293de3836 | 161 | if (ctx) |
ashleymills | 0:714293de3836 | 162 | FreeSSL_Ctx(ctx); |
ashleymills | 0:714293de3836 | 163 | CYASSL_LEAVE("SSL_CTX_free", 0); |
ashleymills | 0:714293de3836 | 164 | } |
ashleymills | 0:714293de3836 | 165 | |
ashleymills | 0:714293de3836 | 166 | |
ashleymills | 0:714293de3836 | 167 | CYASSL* CyaSSL_new(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 168 | { |
ashleymills | 0:714293de3836 | 169 | CYASSL* ssl = NULL; |
ashleymills | 0:714293de3836 | 170 | int ret = 0; |
ashleymills | 0:714293de3836 | 171 | |
ashleymills | 0:714293de3836 | 172 | (void)ret; |
ashleymills | 0:714293de3836 | 173 | CYASSL_ENTER("SSL_new"); |
ashleymills | 0:714293de3836 | 174 | |
ashleymills | 0:714293de3836 | 175 | if (ctx == NULL) |
ashleymills | 0:714293de3836 | 176 | return ssl; |
ashleymills | 0:714293de3836 | 177 | |
ashleymills | 0:714293de3836 | 178 | ssl = (CYASSL*) XMALLOC(sizeof(CYASSL), ctx->heap,DYNAMIC_TYPE_SSL); |
ashleymills | 0:714293de3836 | 179 | if (ssl) |
ashleymills | 0:714293de3836 | 180 | if ( (ret = InitSSL(ssl, ctx)) < 0) { |
ashleymills | 0:714293de3836 | 181 | FreeSSL(ssl); |
ashleymills | 0:714293de3836 | 182 | ssl = 0; |
ashleymills | 0:714293de3836 | 183 | } |
ashleymills | 0:714293de3836 | 184 | |
ashleymills | 0:714293de3836 | 185 | CYASSL_LEAVE("SSL_new", ret); |
ashleymills | 0:714293de3836 | 186 | return ssl; |
ashleymills | 0:714293de3836 | 187 | } |
ashleymills | 0:714293de3836 | 188 | |
ashleymills | 0:714293de3836 | 189 | |
ashleymills | 0:714293de3836 | 190 | void CyaSSL_free(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 191 | { |
ashleymills | 0:714293de3836 | 192 | CYASSL_ENTER("SSL_free"); |
ashleymills | 0:714293de3836 | 193 | if (ssl) |
ashleymills | 0:714293de3836 | 194 | FreeSSL(ssl); |
ashleymills | 0:714293de3836 | 195 | CYASSL_LEAVE("SSL_free", 0); |
ashleymills | 0:714293de3836 | 196 | } |
ashleymills | 0:714293de3836 | 197 | |
ashleymills | 0:714293de3836 | 198 | |
ashleymills | 0:714293de3836 | 199 | int CyaSSL_set_fd(CYASSL* ssl, int fd) |
ashleymills | 0:714293de3836 | 200 | { |
ashleymills | 0:714293de3836 | 201 | CYASSL_ENTER("SSL_set_fd"); |
ashleymills | 0:714293de3836 | 202 | ssl->rfd = fd; /* not used directly to allow IO callbacks */ |
ashleymills | 0:714293de3836 | 203 | ssl->wfd = fd; |
ashleymills | 0:714293de3836 | 204 | |
ashleymills | 0:714293de3836 | 205 | ssl->IOCB_ReadCtx = &ssl->rfd; |
ashleymills | 0:714293de3836 | 206 | ssl->IOCB_WriteCtx = &ssl->wfd; |
ashleymills | 0:714293de3836 | 207 | |
ashleymills | 0:714293de3836 | 208 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 209 | if (ssl->options.dtls) { |
ashleymills | 0:714293de3836 | 210 | ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; |
ashleymills | 0:714293de3836 | 211 | ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx; |
ashleymills | 0:714293de3836 | 212 | ssl->buffers.dtlsCtx.fd = fd; |
ashleymills | 0:714293de3836 | 213 | } |
ashleymills | 0:714293de3836 | 214 | #endif |
ashleymills | 0:714293de3836 | 215 | |
ashleymills | 0:714293de3836 | 216 | CYASSL_LEAVE("SSL_set_fd", SSL_SUCCESS); |
ashleymills | 0:714293de3836 | 217 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 218 | } |
ashleymills | 0:714293de3836 | 219 | |
ashleymills | 0:714293de3836 | 220 | |
ashleymills | 0:714293de3836 | 221 | int CyaSSL_get_fd(const CYASSL* ssl) |
ashleymills | 0:714293de3836 | 222 | { |
ashleymills | 0:714293de3836 | 223 | CYASSL_ENTER("SSL_get_fd"); |
ashleymills | 0:714293de3836 | 224 | CYASSL_LEAVE("SSL_get_fd", ssl->rfd); |
ashleymills | 0:714293de3836 | 225 | return ssl->rfd; |
ashleymills | 0:714293de3836 | 226 | } |
ashleymills | 0:714293de3836 | 227 | |
ashleymills | 0:714293de3836 | 228 | |
ashleymills | 0:714293de3836 | 229 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:714293de3836 | 230 | void CyaSSL_set_using_nonblock(CYASSL* ssl, int nonblock) |
ashleymills | 0:714293de3836 | 231 | { |
ashleymills | 0:714293de3836 | 232 | CYASSL_ENTER("CyaSSL_set_using_nonblock"); |
ashleymills | 0:714293de3836 | 233 | ssl->options.usingNonblock = (nonblock != 0); |
ashleymills | 0:714293de3836 | 234 | } |
ashleymills | 0:714293de3836 | 235 | |
ashleymills | 0:714293de3836 | 236 | |
ashleymills | 0:714293de3836 | 237 | int CyaSSL_get_using_nonblock(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 238 | { |
ashleymills | 0:714293de3836 | 239 | CYASSL_ENTER("CyaSSL_get_using_nonblock"); |
ashleymills | 0:714293de3836 | 240 | CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock); |
ashleymills | 0:714293de3836 | 241 | return ssl->options.usingNonblock; |
ashleymills | 0:714293de3836 | 242 | } |
ashleymills | 0:714293de3836 | 243 | |
ashleymills | 0:714293de3836 | 244 | |
ashleymills | 0:714293de3836 | 245 | int CyaSSL_dtls(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 246 | { |
ashleymills | 0:714293de3836 | 247 | return ssl->options.dtls; |
ashleymills | 0:714293de3836 | 248 | } |
ashleymills | 0:714293de3836 | 249 | |
ashleymills | 0:714293de3836 | 250 | |
ashleymills | 0:714293de3836 | 251 | int CyaSSL_dtls_set_peer(CYASSL* ssl, void* peer, unsigned int peerSz) |
ashleymills | 0:714293de3836 | 252 | { |
ashleymills | 0:714293de3836 | 253 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 254 | void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR); |
ashleymills | 0:714293de3836 | 255 | if (sa != NULL) { |
ashleymills | 0:714293de3836 | 256 | XMEMCPY(sa, peer, peerSz); |
ashleymills | 0:714293de3836 | 257 | ssl->buffers.dtlsCtx.peer.sa = sa; |
ashleymills | 0:714293de3836 | 258 | ssl->buffers.dtlsCtx.peer.sz = peerSz; |
ashleymills | 0:714293de3836 | 259 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 260 | } |
ashleymills | 0:714293de3836 | 261 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 262 | #else |
ashleymills | 0:714293de3836 | 263 | (void)ssl; |
ashleymills | 0:714293de3836 | 264 | (void)peer; |
ashleymills | 0:714293de3836 | 265 | (void)peerSz; |
ashleymills | 0:714293de3836 | 266 | return SSL_NOT_IMPLEMENTED; |
ashleymills | 0:714293de3836 | 267 | #endif |
ashleymills | 0:714293de3836 | 268 | } |
ashleymills | 0:714293de3836 | 269 | |
ashleymills | 0:714293de3836 | 270 | int CyaSSL_dtls_get_peer(CYASSL* ssl, void* peer, unsigned int* peerSz) |
ashleymills | 0:714293de3836 | 271 | { |
ashleymills | 0:714293de3836 | 272 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 273 | if (peer != NULL && peerSz != NULL |
ashleymills | 0:714293de3836 | 274 | && *peerSz >= ssl->buffers.dtlsCtx.peer.sz) { |
ashleymills | 0:714293de3836 | 275 | *peerSz = ssl->buffers.dtlsCtx.peer.sz; |
ashleymills | 0:714293de3836 | 276 | XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz); |
ashleymills | 0:714293de3836 | 277 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 278 | } |
ashleymills | 0:714293de3836 | 279 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 280 | #else |
ashleymills | 0:714293de3836 | 281 | (void)ssl; |
ashleymills | 0:714293de3836 | 282 | (void)peer; |
ashleymills | 0:714293de3836 | 283 | (void)peerSz; |
ashleymills | 0:714293de3836 | 284 | return SSL_NOT_IMPLEMENTED; |
ashleymills | 0:714293de3836 | 285 | #endif |
ashleymills | 0:714293de3836 | 286 | } |
ashleymills | 0:714293de3836 | 287 | #endif /* CYASSL_LEANPSK */ |
ashleymills | 0:714293de3836 | 288 | |
ashleymills | 0:714293de3836 | 289 | |
ashleymills | 0:714293de3836 | 290 | /* return underlyig connect or accept, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 291 | int CyaSSL_negotiate(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 292 | { |
ashleymills | 0:714293de3836 | 293 | int err = SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 294 | |
ashleymills | 0:714293de3836 | 295 | CYASSL_ENTER("CyaSSL_negotiate"); |
ashleymills | 0:714293de3836 | 296 | #ifndef NO_CYASSL_SERVER |
ashleymills | 0:714293de3836 | 297 | if (ssl->options.side == SERVER_END) |
ashleymills | 0:714293de3836 | 298 | err = CyaSSL_accept(ssl); |
ashleymills | 0:714293de3836 | 299 | #endif |
ashleymills | 0:714293de3836 | 300 | |
ashleymills | 0:714293de3836 | 301 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:714293de3836 | 302 | if (ssl->options.side == CLIENT_END) |
ashleymills | 0:714293de3836 | 303 | err = CyaSSL_connect(ssl); |
ashleymills | 0:714293de3836 | 304 | #endif |
ashleymills | 0:714293de3836 | 305 | |
ashleymills | 0:714293de3836 | 306 | CYASSL_LEAVE("CyaSSL_negotiate", err); |
ashleymills | 0:714293de3836 | 307 | |
ashleymills | 0:714293de3836 | 308 | return err; |
ashleymills | 0:714293de3836 | 309 | } |
ashleymills | 0:714293de3836 | 310 | |
ashleymills | 0:714293de3836 | 311 | |
ashleymills | 0:714293de3836 | 312 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:714293de3836 | 313 | /* object size based on build */ |
ashleymills | 0:714293de3836 | 314 | int CyaSSL_GetObjectSize(void) |
ashleymills | 0:714293de3836 | 315 | { |
ashleymills | 0:714293de3836 | 316 | #ifdef SHOW_SIZES |
ashleymills | 0:714293de3836 | 317 | printf("sizeof suites = %lu\n", sizeof(Suites)); |
ashleymills | 0:714293de3836 | 318 | printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers)); |
ashleymills | 0:714293de3836 | 319 | #ifndef NO_RC4 |
ashleymills | 0:714293de3836 | 320 | printf(" sizeof arc4 = %lu\n", sizeof(Arc4)); |
ashleymills | 0:714293de3836 | 321 | #endif |
ashleymills | 0:714293de3836 | 322 | printf(" sizeof aes = %lu\n", sizeof(Aes)); |
ashleymills | 0:714293de3836 | 323 | #ifndef NO_DES3 |
ashleymills | 0:714293de3836 | 324 | printf(" sizeof des3 = %lu\n", sizeof(Des3)); |
ashleymills | 0:714293de3836 | 325 | #endif |
ashleymills | 0:714293de3836 | 326 | #ifndef NO_RABBIT |
ashleymills | 0:714293de3836 | 327 | printf(" sizeof rabbit = %lu\n", sizeof(Rabbit)); |
ashleymills | 0:714293de3836 | 328 | #endif |
ashleymills | 0:714293de3836 | 329 | printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs)); |
ashleymills | 0:714293de3836 | 330 | printf("sizeof keys = %lu\n", sizeof(Keys)); |
ashleymills | 0:714293de3836 | 331 | printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes)); |
ashleymills | 0:714293de3836 | 332 | #ifndef NO_MD5 |
ashleymills | 0:714293de3836 | 333 | printf(" sizeof MD5 = %lu\n", sizeof(Md5)); |
ashleymills | 0:714293de3836 | 334 | #endif |
ashleymills | 0:714293de3836 | 335 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 336 | printf(" sizeof SHA = %lu\n", sizeof(Sha)); |
ashleymills | 0:714293de3836 | 337 | #endif |
ashleymills | 0:714293de3836 | 338 | #ifndef NO_SHA256 |
ashleymills | 0:714293de3836 | 339 | printf(" sizeof SHA256 = %lu\n", sizeof(Sha256)); |
ashleymills | 0:714293de3836 | 340 | #endif |
ashleymills | 0:714293de3836 | 341 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 342 | printf(" sizeof SHA384 = %lu\n", sizeof(Sha384)); |
ashleymills | 0:714293de3836 | 343 | #endif |
ashleymills | 0:714293de3836 | 344 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 345 | printf(" sizeof SHA512 = %lu\n", sizeof(Sha512)); |
ashleymills | 0:714293de3836 | 346 | #endif |
ashleymills | 0:714293de3836 | 347 | printf("sizeof Buffers = %lu\n", sizeof(Buffers)); |
ashleymills | 0:714293de3836 | 348 | printf("sizeof Options = %lu\n", sizeof(Options)); |
ashleymills | 0:714293de3836 | 349 | printf("sizeof Arrays = %lu\n", sizeof(Arrays)); |
ashleymills | 0:714293de3836 | 350 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 351 | printf("sizeof RsaKey = %lu\n", sizeof(RsaKey)); |
ashleymills | 0:714293de3836 | 352 | #endif |
ashleymills | 0:714293de3836 | 353 | #ifdef HAVE_ECC |
ashleymills | 0:714293de3836 | 354 | printf("sizeof ecc_key = %lu\n", sizeof(ecc_key)); |
ashleymills | 0:714293de3836 | 355 | #endif |
ashleymills | 0:714293de3836 | 356 | printf("sizeof CYASSL_CIPHER = %lu\n", sizeof(CYASSL_CIPHER)); |
ashleymills | 0:714293de3836 | 357 | printf("sizeof CYASSL_SESSION = %lu\n", sizeof(CYASSL_SESSION)); |
ashleymills | 0:714293de3836 | 358 | printf("sizeof CYASSL = %lu\n", sizeof(CYASSL)); |
ashleymills | 0:714293de3836 | 359 | printf("sizeof CYASSL_CTX = %lu\n", sizeof(CYASSL_CTX)); |
ashleymills | 0:714293de3836 | 360 | #endif |
ashleymills | 0:714293de3836 | 361 | |
ashleymills | 0:714293de3836 | 362 | return sizeof(CYASSL); |
ashleymills | 0:714293de3836 | 363 | } |
ashleymills | 0:714293de3836 | 364 | #endif |
ashleymills | 0:714293de3836 | 365 | |
ashleymills | 0:714293de3836 | 366 | /* XXX should be NO_DH */ |
ashleymills | 0:714293de3836 | 367 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 368 | /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 369 | int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz, |
ashleymills | 0:714293de3836 | 370 | const unsigned char* g, int gSz) |
ashleymills | 0:714293de3836 | 371 | { |
ashleymills | 0:714293de3836 | 372 | byte havePSK = 0; |
ashleymills | 0:714293de3836 | 373 | byte haveRSA = 1; |
ashleymills | 0:714293de3836 | 374 | |
ashleymills | 0:714293de3836 | 375 | CYASSL_ENTER("CyaSSL_SetTmpDH"); |
ashleymills | 0:714293de3836 | 376 | if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 377 | |
ashleymills | 0:714293de3836 | 378 | if (ssl->options.side != SERVER_END) |
ashleymills | 0:714293de3836 | 379 | return SIDE_ERROR; |
ashleymills | 0:714293de3836 | 380 | |
ashleymills | 0:714293de3836 | 381 | if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) |
ashleymills | 0:714293de3836 | 382 | XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 383 | if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) |
ashleymills | 0:714293de3836 | 384 | XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 385 | |
ashleymills | 0:714293de3836 | 386 | ssl->buffers.weOwnDH = 1; /* SSL owns now */ |
ashleymills | 0:714293de3836 | 387 | ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap, |
ashleymills | 0:714293de3836 | 388 | DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 389 | if (ssl->buffers.serverDH_P.buffer == NULL) |
ashleymills | 0:714293de3836 | 390 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 391 | |
ashleymills | 0:714293de3836 | 392 | ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap, |
ashleymills | 0:714293de3836 | 393 | DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 394 | if (ssl->buffers.serverDH_G.buffer == NULL) { |
ashleymills | 0:714293de3836 | 395 | XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 396 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 397 | } |
ashleymills | 0:714293de3836 | 398 | |
ashleymills | 0:714293de3836 | 399 | ssl->buffers.serverDH_P.length = pSz; |
ashleymills | 0:714293de3836 | 400 | ssl->buffers.serverDH_G.length = gSz; |
ashleymills | 0:714293de3836 | 401 | |
ashleymills | 0:714293de3836 | 402 | XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz); |
ashleymills | 0:714293de3836 | 403 | XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz); |
ashleymills | 0:714293de3836 | 404 | |
ashleymills | 0:714293de3836 | 405 | ssl->options.haveDH = 1; |
ashleymills | 0:714293de3836 | 406 | #ifndef NO_PSK |
ashleymills | 0:714293de3836 | 407 | havePSK = ssl->options.havePSK; |
ashleymills | 0:714293de3836 | 408 | #endif |
ashleymills | 0:714293de3836 | 409 | #ifdef NO_RSA |
ashleymills | 0:714293de3836 | 410 | haveRSA = 0; |
ashleymills | 0:714293de3836 | 411 | #endif |
ashleymills | 0:714293de3836 | 412 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, |
ashleymills | 0:714293de3836 | 413 | ssl->options.haveNTRU, ssl->options.haveECDSAsig, |
ashleymills | 0:714293de3836 | 414 | ssl->options.haveStaticECC, ssl->options.side); |
ashleymills | 0:714293de3836 | 415 | |
ashleymills | 0:714293de3836 | 416 | CYASSL_LEAVE("CyaSSL_SetTmpDH", 0); |
ashleymills | 0:714293de3836 | 417 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 418 | } |
ashleymills | 0:714293de3836 | 419 | #endif /* !NO_CERTS */ |
ashleymills | 0:714293de3836 | 420 | |
ashleymills | 0:714293de3836 | 421 | |
ashleymills | 0:714293de3836 | 422 | int CyaSSL_write(CYASSL* ssl, const void* data, int sz) |
ashleymills | 0:714293de3836 | 423 | { |
ashleymills | 0:714293de3836 | 424 | int ret; |
ashleymills | 0:714293de3836 | 425 | |
ashleymills | 0:714293de3836 | 426 | CYASSL_ENTER("SSL_write()"); |
ashleymills | 0:714293de3836 | 427 | |
ashleymills | 0:714293de3836 | 428 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:714293de3836 | 429 | errno = 0; |
ashleymills | 0:714293de3836 | 430 | #endif |
ashleymills | 0:714293de3836 | 431 | |
ashleymills | 0:714293de3836 | 432 | ret = SendData(ssl, data, sz); |
ashleymills | 0:714293de3836 | 433 | |
ashleymills | 0:714293de3836 | 434 | CYASSL_LEAVE("SSL_write()", ret); |
ashleymills | 0:714293de3836 | 435 | |
ashleymills | 0:714293de3836 | 436 | if (ret < 0) |
ashleymills | 0:714293de3836 | 437 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 438 | else |
ashleymills | 0:714293de3836 | 439 | return ret; |
ashleymills | 0:714293de3836 | 440 | } |
ashleymills | 0:714293de3836 | 441 | |
ashleymills | 0:714293de3836 | 442 | |
ashleymills | 0:714293de3836 | 443 | static int CyaSSL_read_internal(CYASSL* ssl, void* data, int sz, int peek) |
ashleymills | 0:714293de3836 | 444 | { |
ashleymills | 0:714293de3836 | 445 | int ret; |
ashleymills | 0:714293de3836 | 446 | |
ashleymills | 0:714293de3836 | 447 | CYASSL_ENTER("CyaSSL_read_internal()"); |
ashleymills | 0:714293de3836 | 448 | |
ashleymills | 0:714293de3836 | 449 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:714293de3836 | 450 | errno = 0; |
ashleymills | 0:714293de3836 | 451 | #endif |
ashleymills | 0:714293de3836 | 452 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 453 | if (ssl->options.dtls) |
ashleymills | 0:714293de3836 | 454 | ssl->dtls_expected_rx = max(sz + 100, MAX_MTU); |
ashleymills | 0:714293de3836 | 455 | #endif |
ashleymills | 0:714293de3836 | 456 | |
ashleymills | 0:714293de3836 | 457 | ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek); |
ashleymills | 0:714293de3836 | 458 | |
ashleymills | 0:714293de3836 | 459 | CYASSL_LEAVE("CyaSSL_read_internal()", ret); |
ashleymills | 0:714293de3836 | 460 | |
ashleymills | 0:714293de3836 | 461 | if (ret < 0) |
ashleymills | 0:714293de3836 | 462 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 463 | else |
ashleymills | 0:714293de3836 | 464 | return ret; |
ashleymills | 0:714293de3836 | 465 | } |
ashleymills | 0:714293de3836 | 466 | |
ashleymills | 0:714293de3836 | 467 | |
ashleymills | 0:714293de3836 | 468 | int CyaSSL_peek(CYASSL* ssl, void* data, int sz) |
ashleymills | 0:714293de3836 | 469 | { |
ashleymills | 0:714293de3836 | 470 | CYASSL_ENTER("CyaSSL_peek()"); |
ashleymills | 0:714293de3836 | 471 | |
ashleymills | 0:714293de3836 | 472 | return CyaSSL_read_internal(ssl, data, sz, TRUE); |
ashleymills | 0:714293de3836 | 473 | } |
ashleymills | 0:714293de3836 | 474 | |
ashleymills | 0:714293de3836 | 475 | |
ashleymills | 0:714293de3836 | 476 | int CyaSSL_read(CYASSL* ssl, void* data, int sz) |
ashleymills | 0:714293de3836 | 477 | { |
ashleymills | 0:714293de3836 | 478 | CYASSL_ENTER("CyaSSL_read()"); |
ashleymills | 0:714293de3836 | 479 | |
ashleymills | 0:714293de3836 | 480 | return CyaSSL_read_internal(ssl, data, sz, FALSE); |
ashleymills | 0:714293de3836 | 481 | } |
ashleymills | 0:714293de3836 | 482 | |
ashleymills | 0:714293de3836 | 483 | |
ashleymills | 0:714293de3836 | 484 | #ifdef HAVE_CAVIUM |
ashleymills | 0:714293de3836 | 485 | |
ashleymills | 0:714293de3836 | 486 | /* let's use cavium, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 487 | int CyaSSL_UseCavium(CYASSL* ssl, int devId) |
ashleymills | 0:714293de3836 | 488 | { |
ashleymills | 0:714293de3836 | 489 | if (ssl == NULL) |
ashleymills | 0:714293de3836 | 490 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 491 | |
ashleymills | 0:714293de3836 | 492 | ssl->devId = devId; |
ashleymills | 0:714293de3836 | 493 | |
ashleymills | 0:714293de3836 | 494 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 495 | } |
ashleymills | 0:714293de3836 | 496 | |
ashleymills | 0:714293de3836 | 497 | |
ashleymills | 0:714293de3836 | 498 | /* let's use cavium, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 499 | int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId) |
ashleymills | 0:714293de3836 | 500 | { |
ashleymills | 0:714293de3836 | 501 | if (ctx == NULL) |
ashleymills | 0:714293de3836 | 502 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 503 | |
ashleymills | 0:714293de3836 | 504 | ctx->devId = devId; |
ashleymills | 0:714293de3836 | 505 | |
ashleymills | 0:714293de3836 | 506 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 507 | } |
ashleymills | 0:714293de3836 | 508 | |
ashleymills | 0:714293de3836 | 509 | |
ashleymills | 0:714293de3836 | 510 | #endif /* HAVE_CAVIUM */ |
ashleymills | 0:714293de3836 | 511 | |
ashleymills | 0:714293de3836 | 512 | #ifdef HAVE_SNI |
ashleymills | 0:714293de3836 | 513 | |
ashleymills | 0:714293de3836 | 514 | int CyaSSL_UseSNI(CYASSL* ssl, byte type, const void* data, word16 size) |
ashleymills | 0:714293de3836 | 515 | { |
ashleymills | 0:714293de3836 | 516 | if (ssl == NULL) |
ashleymills | 0:714293de3836 | 517 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 518 | |
ashleymills | 0:714293de3836 | 519 | return TLSX_UseSNI(&ssl->extensions, type, data, size); |
ashleymills | 0:714293de3836 | 520 | } |
ashleymills | 0:714293de3836 | 521 | |
ashleymills | 0:714293de3836 | 522 | int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, byte type, const void* data, word16 size) |
ashleymills | 0:714293de3836 | 523 | { |
ashleymills | 0:714293de3836 | 524 | if (ctx == NULL) |
ashleymills | 0:714293de3836 | 525 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 526 | |
ashleymills | 0:714293de3836 | 527 | return TLSX_UseSNI(&ctx->extensions, type, data, size); |
ashleymills | 0:714293de3836 | 528 | } |
ashleymills | 0:714293de3836 | 529 | |
ashleymills | 0:714293de3836 | 530 | #ifndef NO_CYASSL_SERVER |
ashleymills | 0:714293de3836 | 531 | byte CyaSSL_SNI_Matched(CYASSL* ssl, byte type) |
ashleymills | 0:714293de3836 | 532 | { |
ashleymills | 0:714293de3836 | 533 | return TLSX_SNI_Matched(ssl ? ssl->extensions : NULL, type); |
ashleymills | 0:714293de3836 | 534 | } |
ashleymills | 0:714293de3836 | 535 | |
ashleymills | 0:714293de3836 | 536 | void CyaSSL_SNI_SetOptions(CYASSL* ssl, byte type, byte options) |
ashleymills | 0:714293de3836 | 537 | { |
ashleymills | 0:714293de3836 | 538 | if (ssl && ssl->extensions) |
ashleymills | 0:714293de3836 | 539 | TLSX_SNI_SetOptions(ssl->extensions, type, options); |
ashleymills | 0:714293de3836 | 540 | } |
ashleymills | 0:714293de3836 | 541 | |
ashleymills | 0:714293de3836 | 542 | void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, byte type, byte options) |
ashleymills | 0:714293de3836 | 543 | { |
ashleymills | 0:714293de3836 | 544 | if (ctx && ctx->extensions) |
ashleymills | 0:714293de3836 | 545 | TLSX_SNI_SetOptions(ctx->extensions, type, options); |
ashleymills | 0:714293de3836 | 546 | } |
ashleymills | 0:714293de3836 | 547 | #endif |
ashleymills | 0:714293de3836 | 548 | |
ashleymills | 0:714293de3836 | 549 | #endif /* HAVE_SNI */ |
ashleymills | 0:714293de3836 | 550 | |
ashleymills | 0:714293de3836 | 551 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:714293de3836 | 552 | int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags) |
ashleymills | 0:714293de3836 | 553 | { |
ashleymills | 0:714293de3836 | 554 | int ret; |
ashleymills | 0:714293de3836 | 555 | int oldFlags = ssl->wflags; |
ashleymills | 0:714293de3836 | 556 | |
ashleymills | 0:714293de3836 | 557 | CYASSL_ENTER("CyaSSL_send()"); |
ashleymills | 0:714293de3836 | 558 | |
ashleymills | 0:714293de3836 | 559 | ssl->wflags = flags; |
ashleymills | 0:714293de3836 | 560 | ret = CyaSSL_write(ssl, data, sz); |
ashleymills | 0:714293de3836 | 561 | ssl->wflags = oldFlags; |
ashleymills | 0:714293de3836 | 562 | |
ashleymills | 0:714293de3836 | 563 | CYASSL_LEAVE("CyaSSL_send()", ret); |
ashleymills | 0:714293de3836 | 564 | |
ashleymills | 0:714293de3836 | 565 | return ret; |
ashleymills | 0:714293de3836 | 566 | } |
ashleymills | 0:714293de3836 | 567 | |
ashleymills | 0:714293de3836 | 568 | |
ashleymills | 0:714293de3836 | 569 | int CyaSSL_recv(CYASSL* ssl, void* data, int sz, int flags) |
ashleymills | 0:714293de3836 | 570 | { |
ashleymills | 0:714293de3836 | 571 | int ret; |
ashleymills | 0:714293de3836 | 572 | int oldFlags = ssl->rflags; |
ashleymills | 0:714293de3836 | 573 | |
ashleymills | 0:714293de3836 | 574 | CYASSL_ENTER("CyaSSL_recv()"); |
ashleymills | 0:714293de3836 | 575 | |
ashleymills | 0:714293de3836 | 576 | ssl->rflags = flags; |
ashleymills | 0:714293de3836 | 577 | ret = CyaSSL_read(ssl, data, sz); |
ashleymills | 0:714293de3836 | 578 | ssl->rflags = oldFlags; |
ashleymills | 0:714293de3836 | 579 | |
ashleymills | 0:714293de3836 | 580 | CYASSL_LEAVE("CyaSSL_recv()", ret); |
ashleymills | 0:714293de3836 | 581 | |
ashleymills | 0:714293de3836 | 582 | return ret; |
ashleymills | 0:714293de3836 | 583 | } |
ashleymills | 0:714293de3836 | 584 | #endif |
ashleymills | 0:714293de3836 | 585 | |
ashleymills | 0:714293de3836 | 586 | |
ashleymills | 0:714293de3836 | 587 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 588 | int CyaSSL_shutdown(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 589 | { |
ashleymills | 0:714293de3836 | 590 | CYASSL_ENTER("SSL_shutdown()"); |
ashleymills | 0:714293de3836 | 591 | |
ashleymills | 0:714293de3836 | 592 | if (ssl == NULL) |
ashleymills | 0:714293de3836 | 593 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 594 | |
ashleymills | 0:714293de3836 | 595 | if (ssl->options.quietShutdown) { |
ashleymills | 0:714293de3836 | 596 | CYASSL_MSG("quiet shutdown, no close notify sent"); |
ashleymills | 0:714293de3836 | 597 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 598 | } |
ashleymills | 0:714293de3836 | 599 | |
ashleymills | 0:714293de3836 | 600 | /* try to send close notify, not an error if can't */ |
ashleymills | 0:714293de3836 | 601 | if (!ssl->options.isClosed && !ssl->options.connReset && |
ashleymills | 0:714293de3836 | 602 | !ssl->options.sentNotify) { |
ashleymills | 0:714293de3836 | 603 | ssl->error = SendAlert(ssl, alert_warning, close_notify); |
ashleymills | 0:714293de3836 | 604 | if (ssl->error < 0) { |
ashleymills | 0:714293de3836 | 605 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 606 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 607 | } |
ashleymills | 0:714293de3836 | 608 | ssl->options.sentNotify = 1; /* don't send close_notify twice */ |
ashleymills | 0:714293de3836 | 609 | } |
ashleymills | 0:714293de3836 | 610 | |
ashleymills | 0:714293de3836 | 611 | CYASSL_LEAVE("SSL_shutdown()", ssl->error); |
ashleymills | 0:714293de3836 | 612 | |
ashleymills | 0:714293de3836 | 613 | ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */ |
ashleymills | 0:714293de3836 | 614 | |
ashleymills | 0:714293de3836 | 615 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 616 | } |
ashleymills | 0:714293de3836 | 617 | |
ashleymills | 0:714293de3836 | 618 | |
ashleymills | 0:714293de3836 | 619 | int CyaSSL_get_error(CYASSL* ssl, int ret) |
ashleymills | 0:714293de3836 | 620 | { |
ashleymills | 0:714293de3836 | 621 | CYASSL_ENTER("SSL_get_error"); |
ashleymills | 0:714293de3836 | 622 | CYASSL_LEAVE("SSL_get_error", ssl->error); |
ashleymills | 0:714293de3836 | 623 | if (ret > 0) |
ashleymills | 0:714293de3836 | 624 | return SSL_ERROR_NONE; |
ashleymills | 0:714293de3836 | 625 | |
ashleymills | 0:714293de3836 | 626 | /* make sure converted types are handled in SetErrorString() too */ |
ashleymills | 0:714293de3836 | 627 | if (ssl->error == WANT_READ) |
ashleymills | 0:714293de3836 | 628 | return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */ |
ashleymills | 0:714293de3836 | 629 | else if (ssl->error == WANT_WRITE) |
ashleymills | 0:714293de3836 | 630 | return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */ |
ashleymills | 0:714293de3836 | 631 | else if (ssl->error == ZERO_RETURN) |
ashleymills | 0:714293de3836 | 632 | return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */ |
ashleymills | 0:714293de3836 | 633 | return ssl->error; |
ashleymills | 0:714293de3836 | 634 | } |
ashleymills | 0:714293de3836 | 635 | |
ashleymills | 0:714293de3836 | 636 | |
ashleymills | 0:714293de3836 | 637 | /* retrive alert history, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 638 | int CyaSSL_get_alert_history(CYASSL* ssl, CYASSL_ALERT_HISTORY *h) |
ashleymills | 0:714293de3836 | 639 | { |
ashleymills | 0:714293de3836 | 640 | if (ssl && h) { |
ashleymills | 0:714293de3836 | 641 | *h = ssl->alert_history; |
ashleymills | 0:714293de3836 | 642 | } |
ashleymills | 0:714293de3836 | 643 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 644 | } |
ashleymills | 0:714293de3836 | 645 | |
ashleymills | 0:714293de3836 | 646 | |
ashleymills | 0:714293de3836 | 647 | /* return TRUE if current error is want read */ |
ashleymills | 0:714293de3836 | 648 | int CyaSSL_want_read(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 649 | { |
ashleymills | 0:714293de3836 | 650 | CYASSL_ENTER("SSL_want_read"); |
ashleymills | 0:714293de3836 | 651 | if (ssl->error == WANT_READ) |
ashleymills | 0:714293de3836 | 652 | return 1; |
ashleymills | 0:714293de3836 | 653 | |
ashleymills | 0:714293de3836 | 654 | return 0; |
ashleymills | 0:714293de3836 | 655 | } |
ashleymills | 0:714293de3836 | 656 | |
ashleymills | 0:714293de3836 | 657 | |
ashleymills | 0:714293de3836 | 658 | /* return TRUE if current error is want write */ |
ashleymills | 0:714293de3836 | 659 | int CyaSSL_want_write(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 660 | { |
ashleymills | 0:714293de3836 | 661 | CYASSL_ENTER("SSL_want_write"); |
ashleymills | 0:714293de3836 | 662 | if (ssl->error == WANT_WRITE) |
ashleymills | 0:714293de3836 | 663 | return 1; |
ashleymills | 0:714293de3836 | 664 | |
ashleymills | 0:714293de3836 | 665 | return 0; |
ashleymills | 0:714293de3836 | 666 | } |
ashleymills | 0:714293de3836 | 667 | |
ashleymills | 0:714293de3836 | 668 | |
ashleymills | 0:714293de3836 | 669 | char* CyaSSL_ERR_error_string(unsigned long errNumber, char* data) |
ashleymills | 0:714293de3836 | 670 | { |
ashleymills | 0:714293de3836 | 671 | static const char* msg = "Please supply a buffer for error string"; |
ashleymills | 0:714293de3836 | 672 | |
ashleymills | 0:714293de3836 | 673 | CYASSL_ENTER("ERR_error_string"); |
ashleymills | 0:714293de3836 | 674 | if (data) { |
ashleymills | 0:714293de3836 | 675 | SetErrorString((int)errNumber, data); |
ashleymills | 0:714293de3836 | 676 | return data; |
ashleymills | 0:714293de3836 | 677 | } |
ashleymills | 0:714293de3836 | 678 | |
ashleymills | 0:714293de3836 | 679 | return (char*)msg; |
ashleymills | 0:714293de3836 | 680 | } |
ashleymills | 0:714293de3836 | 681 | |
ashleymills | 0:714293de3836 | 682 | |
ashleymills | 0:714293de3836 | 683 | void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len) |
ashleymills | 0:714293de3836 | 684 | { |
ashleymills | 0:714293de3836 | 685 | CYASSL_ENTER("CyaSSL_ERR_error_string_n"); |
ashleymills | 0:714293de3836 | 686 | if (len >= MAX_ERROR_SZ) |
ashleymills | 0:714293de3836 | 687 | CyaSSL_ERR_error_string(e, buf); |
ashleymills | 0:714293de3836 | 688 | else { |
ashleymills | 0:714293de3836 | 689 | char tmp[MAX_ERROR_SZ]; |
ashleymills | 0:714293de3836 | 690 | |
ashleymills | 0:714293de3836 | 691 | CYASSL_MSG("Error buffer too short, truncating"); |
ashleymills | 0:714293de3836 | 692 | if (len) { |
ashleymills | 0:714293de3836 | 693 | CyaSSL_ERR_error_string(e, tmp); |
ashleymills | 0:714293de3836 | 694 | XMEMCPY(buf, tmp, len-1); |
ashleymills | 0:714293de3836 | 695 | buf[len-1] = '\0'; |
ashleymills | 0:714293de3836 | 696 | } |
ashleymills | 0:714293de3836 | 697 | } |
ashleymills | 0:714293de3836 | 698 | } |
ashleymills | 0:714293de3836 | 699 | |
ashleymills | 0:714293de3836 | 700 | |
ashleymills | 0:714293de3836 | 701 | /* don't free temporary arrays at end of handshake */ |
ashleymills | 0:714293de3836 | 702 | void CyaSSL_KeepArrays(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 703 | { |
ashleymills | 0:714293de3836 | 704 | if (ssl) |
ashleymills | 0:714293de3836 | 705 | ssl->options.saveArrays = 1; |
ashleymills | 0:714293de3836 | 706 | } |
ashleymills | 0:714293de3836 | 707 | |
ashleymills | 0:714293de3836 | 708 | |
ashleymills | 0:714293de3836 | 709 | /* user doesn't need temporary arrays anymore, Free */ |
ashleymills | 0:714293de3836 | 710 | void CyaSSL_FreeArrays(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 711 | { |
ashleymills | 0:714293de3836 | 712 | if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) { |
ashleymills | 0:714293de3836 | 713 | ssl->options.saveArrays = 0; |
ashleymills | 0:714293de3836 | 714 | FreeArrays(ssl, 1); |
ashleymills | 0:714293de3836 | 715 | } |
ashleymills | 0:714293de3836 | 716 | } |
ashleymills | 0:714293de3836 | 717 | |
ashleymills | 0:714293de3836 | 718 | |
ashleymills | 0:714293de3836 | 719 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 720 | |
ashleymills | 0:714293de3836 | 721 | CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void) |
ashleymills | 0:714293de3836 | 722 | { |
ashleymills | 0:714293de3836 | 723 | CYASSL_CERT_MANAGER* cm = NULL; |
ashleymills | 0:714293de3836 | 724 | |
ashleymills | 0:714293de3836 | 725 | CYASSL_ENTER("CyaSSL_CertManagerNew"); |
ashleymills | 0:714293de3836 | 726 | |
ashleymills | 0:714293de3836 | 727 | cm = (CYASSL_CERT_MANAGER*) XMALLOC(sizeof(CYASSL_CERT_MANAGER), 0, |
ashleymills | 0:714293de3836 | 728 | DYNAMIC_TYPE_CERT_MANAGER); |
ashleymills | 0:714293de3836 | 729 | if (cm) { |
ashleymills | 0:714293de3836 | 730 | int i; |
ashleymills | 0:714293de3836 | 731 | |
ashleymills | 0:714293de3836 | 732 | for (i = 0; i < CA_TABLE_SIZE; i++) |
ashleymills | 0:714293de3836 | 733 | cm->caTable[i] = NULL; |
ashleymills | 0:714293de3836 | 734 | cm->heap = NULL; |
ashleymills | 0:714293de3836 | 735 | cm->caCacheCallback = NULL; |
ashleymills | 0:714293de3836 | 736 | cm->crl = NULL; |
ashleymills | 0:714293de3836 | 737 | cm->crlEnabled = 0; |
ashleymills | 0:714293de3836 | 738 | cm->crlCheckAll = 0; |
ashleymills | 0:714293de3836 | 739 | cm->cbMissingCRL = NULL; |
ashleymills | 0:714293de3836 | 740 | |
ashleymills | 0:714293de3836 | 741 | if (InitMutex(&cm->caLock) != 0) { |
ashleymills | 0:714293de3836 | 742 | CYASSL_MSG("Bad mutex init"); |
ashleymills | 0:714293de3836 | 743 | CyaSSL_CertManagerFree(cm); |
ashleymills | 0:714293de3836 | 744 | return NULL; |
ashleymills | 0:714293de3836 | 745 | } |
ashleymills | 0:714293de3836 | 746 | } |
ashleymills | 0:714293de3836 | 747 | |
ashleymills | 0:714293de3836 | 748 | return cm; |
ashleymills | 0:714293de3836 | 749 | } |
ashleymills | 0:714293de3836 | 750 | |
ashleymills | 0:714293de3836 | 751 | |
ashleymills | 0:714293de3836 | 752 | void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm) |
ashleymills | 0:714293de3836 | 753 | { |
ashleymills | 0:714293de3836 | 754 | CYASSL_ENTER("CyaSSL_CertManagerFree"); |
ashleymills | 0:714293de3836 | 755 | |
ashleymills | 0:714293de3836 | 756 | if (cm) { |
ashleymills | 0:714293de3836 | 757 | #ifdef HAVE_CRL |
ashleymills | 0:714293de3836 | 758 | if (cm->crl) |
ashleymills | 0:714293de3836 | 759 | FreeCRL(cm->crl, 1); |
ashleymills | 0:714293de3836 | 760 | #endif |
ashleymills | 0:714293de3836 | 761 | FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL); |
ashleymills | 0:714293de3836 | 762 | FreeMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 763 | XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER); |
ashleymills | 0:714293de3836 | 764 | } |
ashleymills | 0:714293de3836 | 765 | |
ashleymills | 0:714293de3836 | 766 | } |
ashleymills | 0:714293de3836 | 767 | |
ashleymills | 0:714293de3836 | 768 | |
ashleymills | 0:714293de3836 | 769 | /* Unload the CA signer list */ |
ashleymills | 0:714293de3836 | 770 | int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm) |
ashleymills | 0:714293de3836 | 771 | { |
ashleymills | 0:714293de3836 | 772 | CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs"); |
ashleymills | 0:714293de3836 | 773 | |
ashleymills | 0:714293de3836 | 774 | if (cm == NULL) |
ashleymills | 0:714293de3836 | 775 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 776 | |
ashleymills | 0:714293de3836 | 777 | if (LockMutex(&cm->caLock) != 0) |
ashleymills | 0:714293de3836 | 778 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 779 | |
ashleymills | 0:714293de3836 | 780 | FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL); |
ashleymills | 0:714293de3836 | 781 | |
ashleymills | 0:714293de3836 | 782 | UnLockMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 783 | |
ashleymills | 0:714293de3836 | 784 | |
ashleymills | 0:714293de3836 | 785 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 786 | } |
ashleymills | 0:714293de3836 | 787 | |
ashleymills | 0:714293de3836 | 788 | |
ashleymills | 0:714293de3836 | 789 | #endif /* !NO_CERTS */ |
ashleymills | 0:714293de3836 | 790 | |
ashleymills | 0:714293de3836 | 791 | |
ashleymills | 0:714293de3836 | 792 | |
ashleymills | 0:714293de3836 | 793 | #ifndef NO_FILESYSTEM |
ashleymills | 0:714293de3836 | 794 | |
ashleymills | 0:714293de3836 | 795 | void CyaSSL_ERR_print_errors_fp(FILE* fp, int err) |
ashleymills | 0:714293de3836 | 796 | { |
ashleymills | 0:714293de3836 | 797 | char data[MAX_ERROR_SZ + 1]; |
ashleymills | 0:714293de3836 | 798 | |
ashleymills | 0:714293de3836 | 799 | CYASSL_ENTER("CyaSSL_ERR_print_errors_fp"); |
ashleymills | 0:714293de3836 | 800 | SetErrorString(err, data); |
ashleymills | 0:714293de3836 | 801 | fprintf(fp, "%s", data); |
ashleymills | 0:714293de3836 | 802 | } |
ashleymills | 0:714293de3836 | 803 | |
ashleymills | 0:714293de3836 | 804 | #endif |
ashleymills | 0:714293de3836 | 805 | |
ashleymills | 0:714293de3836 | 806 | |
ashleymills | 0:714293de3836 | 807 | int CyaSSL_pending(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 808 | { |
ashleymills | 0:714293de3836 | 809 | CYASSL_ENTER("SSL_pending"); |
ashleymills | 0:714293de3836 | 810 | return ssl->buffers.clearOutputBuffer.length; |
ashleymills | 0:714293de3836 | 811 | } |
ashleymills | 0:714293de3836 | 812 | |
ashleymills | 0:714293de3836 | 813 | |
ashleymills | 0:714293de3836 | 814 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:714293de3836 | 815 | /* trun on handshake group messages for context */ |
ashleymills | 0:714293de3836 | 816 | int CyaSSL_CTX_set_group_messages(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 817 | { |
ashleymills | 0:714293de3836 | 818 | if (ctx == NULL) |
ashleymills | 0:714293de3836 | 819 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 820 | |
ashleymills | 0:714293de3836 | 821 | ctx->groupMessages = 1; |
ashleymills | 0:714293de3836 | 822 | |
ashleymills | 0:714293de3836 | 823 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 824 | } |
ashleymills | 0:714293de3836 | 825 | #endif |
ashleymills | 0:714293de3836 | 826 | |
ashleymills | 0:714293de3836 | 827 | |
ashleymills | 0:714293de3836 | 828 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:714293de3836 | 829 | /* connect enough to get peer cert chain */ |
ashleymills | 0:714293de3836 | 830 | int CyaSSL_connect_cert(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 831 | { |
ashleymills | 0:714293de3836 | 832 | int ret; |
ashleymills | 0:714293de3836 | 833 | |
ashleymills | 0:714293de3836 | 834 | if (ssl == NULL) |
ashleymills | 0:714293de3836 | 835 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 836 | |
ashleymills | 0:714293de3836 | 837 | ssl->options.certOnly = 1; |
ashleymills | 0:714293de3836 | 838 | ret = CyaSSL_connect(ssl); |
ashleymills | 0:714293de3836 | 839 | ssl->options.certOnly = 0; |
ashleymills | 0:714293de3836 | 840 | |
ashleymills | 0:714293de3836 | 841 | return ret; |
ashleymills | 0:714293de3836 | 842 | } |
ashleymills | 0:714293de3836 | 843 | #endif |
ashleymills | 0:714293de3836 | 844 | |
ashleymills | 0:714293de3836 | 845 | |
ashleymills | 0:714293de3836 | 846 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:714293de3836 | 847 | /* trun on handshake group messages for ssl object */ |
ashleymills | 0:714293de3836 | 848 | int CyaSSL_set_group_messages(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 849 | { |
ashleymills | 0:714293de3836 | 850 | if (ssl == NULL) |
ashleymills | 0:714293de3836 | 851 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 852 | |
ashleymills | 0:714293de3836 | 853 | ssl->options.groupMessages = 1; |
ashleymills | 0:714293de3836 | 854 | |
ashleymills | 0:714293de3836 | 855 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 856 | } |
ashleymills | 0:714293de3836 | 857 | |
ashleymills | 0:714293de3836 | 858 | |
ashleymills | 0:714293de3836 | 859 | int CyaSSL_SetVersion(CYASSL* ssl, int version) |
ashleymills | 0:714293de3836 | 860 | { |
ashleymills | 0:714293de3836 | 861 | byte haveRSA = 1; |
ashleymills | 0:714293de3836 | 862 | byte havePSK = 0; |
ashleymills | 0:714293de3836 | 863 | |
ashleymills | 0:714293de3836 | 864 | CYASSL_ENTER("CyaSSL_SetVersion"); |
ashleymills | 0:714293de3836 | 865 | |
ashleymills | 0:714293de3836 | 866 | if (ssl == NULL) { |
ashleymills | 0:714293de3836 | 867 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:714293de3836 | 868 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 869 | } |
ashleymills | 0:714293de3836 | 870 | |
ashleymills | 0:714293de3836 | 871 | switch (version) { |
ashleymills | 0:714293de3836 | 872 | #ifndef NO_OLD_TLS |
ashleymills | 0:714293de3836 | 873 | case CYASSL_SSLV3: |
ashleymills | 0:714293de3836 | 874 | ssl->version = MakeSSLv3(); |
ashleymills | 0:714293de3836 | 875 | break; |
ashleymills | 0:714293de3836 | 876 | #endif |
ashleymills | 0:714293de3836 | 877 | |
ashleymills | 0:714293de3836 | 878 | #ifndef NO_TLS |
ashleymills | 0:714293de3836 | 879 | #ifndef NO_OLD_TLS |
ashleymills | 0:714293de3836 | 880 | case CYASSL_TLSV1: |
ashleymills | 0:714293de3836 | 881 | ssl->version = MakeTLSv1(); |
ashleymills | 0:714293de3836 | 882 | break; |
ashleymills | 0:714293de3836 | 883 | |
ashleymills | 0:714293de3836 | 884 | case CYASSL_TLSV1_1: |
ashleymills | 0:714293de3836 | 885 | ssl->version = MakeTLSv1_1(); |
ashleymills | 0:714293de3836 | 886 | break; |
ashleymills | 0:714293de3836 | 887 | #endif |
ashleymills | 0:714293de3836 | 888 | case CYASSL_TLSV1_2: |
ashleymills | 0:714293de3836 | 889 | ssl->version = MakeTLSv1_2(); |
ashleymills | 0:714293de3836 | 890 | break; |
ashleymills | 0:714293de3836 | 891 | #endif |
ashleymills | 0:714293de3836 | 892 | |
ashleymills | 0:714293de3836 | 893 | default: |
ashleymills | 0:714293de3836 | 894 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:714293de3836 | 895 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 896 | } |
ashleymills | 0:714293de3836 | 897 | |
ashleymills | 0:714293de3836 | 898 | #ifdef NO_RSA |
ashleymills | 0:714293de3836 | 899 | haveRSA = 0; |
ashleymills | 0:714293de3836 | 900 | #endif |
ashleymills | 0:714293de3836 | 901 | #ifndef NO_PSK |
ashleymills | 0:714293de3836 | 902 | havePSK = ssl->options.havePSK; |
ashleymills | 0:714293de3836 | 903 | #endif |
ashleymills | 0:714293de3836 | 904 | |
ashleymills | 0:714293de3836 | 905 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH, |
ashleymills | 0:714293de3836 | 906 | ssl->options.haveNTRU, ssl->options.haveECDSAsig, |
ashleymills | 0:714293de3836 | 907 | ssl->options.haveStaticECC, ssl->options.side); |
ashleymills | 0:714293de3836 | 908 | |
ashleymills | 0:714293de3836 | 909 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 910 | } |
ashleymills | 0:714293de3836 | 911 | #endif /* !leanpsk */ |
ashleymills | 0:714293de3836 | 912 | |
ashleymills | 0:714293de3836 | 913 | |
ashleymills | 0:714293de3836 | 914 | #if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE) |
ashleymills | 0:714293de3836 | 915 | |
ashleymills | 0:714293de3836 | 916 | /* Make a work from the front of random hash */ |
ashleymills | 0:714293de3836 | 917 | static INLINE word32 MakeWordFromHash(const byte* hashID) |
ashleymills | 0:714293de3836 | 918 | { |
ashleymills | 0:714293de3836 | 919 | return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) | |
ashleymills | 0:714293de3836 | 920 | hashID[3]; |
ashleymills | 0:714293de3836 | 921 | } |
ashleymills | 0:714293de3836 | 922 | |
ashleymills | 0:714293de3836 | 923 | #endif /* !NO_CERTS || !NO_SESSION_CACHE */ |
ashleymills | 0:714293de3836 | 924 | |
ashleymills | 0:714293de3836 | 925 | |
ashleymills | 0:714293de3836 | 926 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 927 | |
ashleymills | 0:714293de3836 | 928 | /* hash is the SHA digest of name, just use first 32 bits as hash */ |
ashleymills | 0:714293de3836 | 929 | static INLINE word32 HashSigner(const byte* hash) |
ashleymills | 0:714293de3836 | 930 | { |
ashleymills | 0:714293de3836 | 931 | return MakeWordFromHash(hash) % CA_TABLE_SIZE; |
ashleymills | 0:714293de3836 | 932 | } |
ashleymills | 0:714293de3836 | 933 | |
ashleymills | 0:714293de3836 | 934 | |
ashleymills | 0:714293de3836 | 935 | /* does CA already exist on signer list */ |
ashleymills | 0:714293de3836 | 936 | int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash) |
ashleymills | 0:714293de3836 | 937 | { |
ashleymills | 0:714293de3836 | 938 | Signer* signers; |
ashleymills | 0:714293de3836 | 939 | int ret = 0; |
ashleymills | 0:714293de3836 | 940 | word32 row = HashSigner(hash); |
ashleymills | 0:714293de3836 | 941 | |
ashleymills | 0:714293de3836 | 942 | if (LockMutex(&cm->caLock) != 0) |
ashleymills | 0:714293de3836 | 943 | return ret; |
ashleymills | 0:714293de3836 | 944 | signers = cm->caTable[row]; |
ashleymills | 0:714293de3836 | 945 | while (signers) { |
ashleymills | 0:714293de3836 | 946 | byte* subjectHash; |
ashleymills | 0:714293de3836 | 947 | #ifndef NO_SKID |
ashleymills | 0:714293de3836 | 948 | subjectHash = signers->subjectKeyIdHash; |
ashleymills | 0:714293de3836 | 949 | #else |
ashleymills | 0:714293de3836 | 950 | subjectHash = signers->subjectNameHash; |
ashleymills | 0:714293de3836 | 951 | #endif |
ashleymills | 0:714293de3836 | 952 | if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) { |
ashleymills | 0:714293de3836 | 953 | ret = 1; |
ashleymills | 0:714293de3836 | 954 | break; |
ashleymills | 0:714293de3836 | 955 | } |
ashleymills | 0:714293de3836 | 956 | signers = signers->next; |
ashleymills | 0:714293de3836 | 957 | } |
ashleymills | 0:714293de3836 | 958 | UnLockMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 959 | |
ashleymills | 0:714293de3836 | 960 | return ret; |
ashleymills | 0:714293de3836 | 961 | } |
ashleymills | 0:714293de3836 | 962 | |
ashleymills | 0:714293de3836 | 963 | |
ashleymills | 0:714293de3836 | 964 | /* return CA if found, otherwise NULL */ |
ashleymills | 0:714293de3836 | 965 | Signer* GetCA(void* vp, byte* hash) |
ashleymills | 0:714293de3836 | 966 | { |
ashleymills | 0:714293de3836 | 967 | CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp; |
ashleymills | 0:714293de3836 | 968 | Signer* ret = NULL; |
ashleymills | 0:714293de3836 | 969 | Signer* signers; |
ashleymills | 0:714293de3836 | 970 | word32 row = HashSigner(hash); |
ashleymills | 0:714293de3836 | 971 | |
ashleymills | 0:714293de3836 | 972 | if (cm == NULL) |
ashleymills | 0:714293de3836 | 973 | return NULL; |
ashleymills | 0:714293de3836 | 974 | |
ashleymills | 0:714293de3836 | 975 | if (LockMutex(&cm->caLock) != 0) |
ashleymills | 0:714293de3836 | 976 | return ret; |
ashleymills | 0:714293de3836 | 977 | |
ashleymills | 0:714293de3836 | 978 | signers = cm->caTable[row]; |
ashleymills | 0:714293de3836 | 979 | while (signers) { |
ashleymills | 0:714293de3836 | 980 | byte* subjectHash; |
ashleymills | 0:714293de3836 | 981 | #ifndef NO_SKID |
ashleymills | 0:714293de3836 | 982 | subjectHash = signers->subjectKeyIdHash; |
ashleymills | 0:714293de3836 | 983 | #else |
ashleymills | 0:714293de3836 | 984 | subjectHash = signers->subjectNameHash; |
ashleymills | 0:714293de3836 | 985 | #endif |
ashleymills | 0:714293de3836 | 986 | if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) { |
ashleymills | 0:714293de3836 | 987 | ret = signers; |
ashleymills | 0:714293de3836 | 988 | break; |
ashleymills | 0:714293de3836 | 989 | } |
ashleymills | 0:714293de3836 | 990 | signers = signers->next; |
ashleymills | 0:714293de3836 | 991 | } |
ashleymills | 0:714293de3836 | 992 | UnLockMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 993 | |
ashleymills | 0:714293de3836 | 994 | return ret; |
ashleymills | 0:714293de3836 | 995 | } |
ashleymills | 0:714293de3836 | 996 | |
ashleymills | 0:714293de3836 | 997 | |
ashleymills | 0:714293de3836 | 998 | #ifndef NO_SKID |
ashleymills | 0:714293de3836 | 999 | /* return CA if found, otherwise NULL. Walk through hash table. */ |
ashleymills | 0:714293de3836 | 1000 | Signer* GetCAByName(void* vp, byte* hash) |
ashleymills | 0:714293de3836 | 1001 | { |
ashleymills | 0:714293de3836 | 1002 | CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp; |
ashleymills | 0:714293de3836 | 1003 | Signer* ret = NULL; |
ashleymills | 0:714293de3836 | 1004 | Signer* signers; |
ashleymills | 0:714293de3836 | 1005 | word32 row; |
ashleymills | 0:714293de3836 | 1006 | |
ashleymills | 0:714293de3836 | 1007 | if (cm == NULL) |
ashleymills | 0:714293de3836 | 1008 | return NULL; |
ashleymills | 0:714293de3836 | 1009 | |
ashleymills | 0:714293de3836 | 1010 | if (LockMutex(&cm->caLock) != 0) |
ashleymills | 0:714293de3836 | 1011 | return ret; |
ashleymills | 0:714293de3836 | 1012 | |
ashleymills | 0:714293de3836 | 1013 | for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { |
ashleymills | 0:714293de3836 | 1014 | signers = cm->caTable[row]; |
ashleymills | 0:714293de3836 | 1015 | while (signers && ret == NULL) { |
ashleymills | 0:714293de3836 | 1016 | if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) { |
ashleymills | 0:714293de3836 | 1017 | ret = signers; |
ashleymills | 0:714293de3836 | 1018 | } |
ashleymills | 0:714293de3836 | 1019 | signers = signers->next; |
ashleymills | 0:714293de3836 | 1020 | } |
ashleymills | 0:714293de3836 | 1021 | } |
ashleymills | 0:714293de3836 | 1022 | UnLockMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 1023 | |
ashleymills | 0:714293de3836 | 1024 | return ret; |
ashleymills | 0:714293de3836 | 1025 | } |
ashleymills | 0:714293de3836 | 1026 | #endif |
ashleymills | 0:714293de3836 | 1027 | |
ashleymills | 0:714293de3836 | 1028 | |
ashleymills | 0:714293de3836 | 1029 | /* owns der, internal now uses too */ |
ashleymills | 0:714293de3836 | 1030 | /* type flag ids from user or from chain received during verify |
ashleymills | 0:714293de3836 | 1031 | don't allow chain ones to be added w/o isCA extension */ |
ashleymills | 0:714293de3836 | 1032 | int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) |
ashleymills | 0:714293de3836 | 1033 | { |
ashleymills | 0:714293de3836 | 1034 | int ret; |
ashleymills | 0:714293de3836 | 1035 | DecodedCert cert; |
ashleymills | 0:714293de3836 | 1036 | Signer* signer = 0; |
ashleymills | 0:714293de3836 | 1037 | word32 row; |
ashleymills | 0:714293de3836 | 1038 | byte* subjectHash; |
ashleymills | 0:714293de3836 | 1039 | |
ashleymills | 0:714293de3836 | 1040 | CYASSL_MSG("Adding a CA"); |
ashleymills | 0:714293de3836 | 1041 | InitDecodedCert(&cert, der.buffer, der.length, cm->heap); |
ashleymills | 0:714293de3836 | 1042 | ret = ParseCert(&cert, CA_TYPE, verify, cm); |
ashleymills | 0:714293de3836 | 1043 | CYASSL_MSG(" Parsed new CA"); |
ashleymills | 0:714293de3836 | 1044 | |
ashleymills | 0:714293de3836 | 1045 | #ifndef NO_SKID |
ashleymills | 0:714293de3836 | 1046 | subjectHash = cert.extSubjKeyId; |
ashleymills | 0:714293de3836 | 1047 | #else |
ashleymills | 0:714293de3836 | 1048 | subjectHash = cert.subjectHash; |
ashleymills | 0:714293de3836 | 1049 | #endif |
ashleymills | 0:714293de3836 | 1050 | |
ashleymills | 0:714293de3836 | 1051 | if (ret == 0 && cert.isCA == 0 && type != CYASSL_USER_CA) { |
ashleymills | 0:714293de3836 | 1052 | CYASSL_MSG(" Can't add as CA if not actually one"); |
ashleymills | 0:714293de3836 | 1053 | ret = NOT_CA_ERROR; |
ashleymills | 0:714293de3836 | 1054 | } |
ashleymills | 0:714293de3836 | 1055 | else if (ret == 0 && AlreadySigner(cm, subjectHash)) { |
ashleymills | 0:714293de3836 | 1056 | CYASSL_MSG(" Already have this CA, not adding again"); |
ashleymills | 0:714293de3836 | 1057 | (void)ret; |
ashleymills | 0:714293de3836 | 1058 | } |
ashleymills | 0:714293de3836 | 1059 | else if (ret == 0) { |
ashleymills | 0:714293de3836 | 1060 | /* take over signer parts */ |
ashleymills | 0:714293de3836 | 1061 | signer = MakeSigner(cm->heap); |
ashleymills | 0:714293de3836 | 1062 | if (!signer) |
ashleymills | 0:714293de3836 | 1063 | ret = MEMORY_ERROR; |
ashleymills | 0:714293de3836 | 1064 | else { |
ashleymills | 0:714293de3836 | 1065 | signer->keyOID = cert.keyOID; |
ashleymills | 0:714293de3836 | 1066 | signer->publicKey = cert.publicKey; |
ashleymills | 0:714293de3836 | 1067 | signer->pubKeySize = cert.pubKeySize; |
ashleymills | 0:714293de3836 | 1068 | signer->nameLen = cert.subjectCNLen; |
ashleymills | 0:714293de3836 | 1069 | signer->name = cert.subjectCN; |
ashleymills | 0:714293de3836 | 1070 | #ifndef NO_SKID |
ashleymills | 0:714293de3836 | 1071 | XMEMCPY(signer->subjectKeyIdHash, |
ashleymills | 0:714293de3836 | 1072 | cert.extSubjKeyId, SHA_DIGEST_SIZE); |
ashleymills | 0:714293de3836 | 1073 | #endif |
ashleymills | 0:714293de3836 | 1074 | XMEMCPY(signer->subjectNameHash, cert.subjectHash, SHA_DIGEST_SIZE); |
ashleymills | 0:714293de3836 | 1075 | signer->next = NULL; /* in case lock fails */ |
ashleymills | 0:714293de3836 | 1076 | |
ashleymills | 0:714293de3836 | 1077 | cert.publicKey = 0; /* don't free here */ |
ashleymills | 0:714293de3836 | 1078 | cert.subjectCN = 0; |
ashleymills | 0:714293de3836 | 1079 | |
ashleymills | 0:714293de3836 | 1080 | #ifndef NO_SKID |
ashleymills | 0:714293de3836 | 1081 | row = HashSigner(signer->subjectKeyIdHash); |
ashleymills | 0:714293de3836 | 1082 | #else |
ashleymills | 0:714293de3836 | 1083 | row = HashSigner(signer->subjectNameHash); |
ashleymills | 0:714293de3836 | 1084 | #endif |
ashleymills | 0:714293de3836 | 1085 | |
ashleymills | 0:714293de3836 | 1086 | if (LockMutex(&cm->caLock) == 0) { |
ashleymills | 0:714293de3836 | 1087 | signer->next = cm->caTable[row]; |
ashleymills | 0:714293de3836 | 1088 | cm->caTable[row] = signer; /* takes ownership */ |
ashleymills | 0:714293de3836 | 1089 | UnLockMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 1090 | if (cm->caCacheCallback) |
ashleymills | 0:714293de3836 | 1091 | cm->caCacheCallback(der.buffer, (int)der.length, type); |
ashleymills | 0:714293de3836 | 1092 | } |
ashleymills | 0:714293de3836 | 1093 | else { |
ashleymills | 0:714293de3836 | 1094 | CYASSL_MSG(" CA Mutex Lock failed"); |
ashleymills | 0:714293de3836 | 1095 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 1096 | FreeSigner(signer, cm->heap); |
ashleymills | 0:714293de3836 | 1097 | } |
ashleymills | 0:714293de3836 | 1098 | } |
ashleymills | 0:714293de3836 | 1099 | } |
ashleymills | 0:714293de3836 | 1100 | |
ashleymills | 0:714293de3836 | 1101 | CYASSL_MSG(" Freeing Parsed CA"); |
ashleymills | 0:714293de3836 | 1102 | FreeDecodedCert(&cert); |
ashleymills | 0:714293de3836 | 1103 | CYASSL_MSG(" Freeing der CA"); |
ashleymills | 0:714293de3836 | 1104 | XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA); |
ashleymills | 0:714293de3836 | 1105 | CYASSL_MSG(" OK Freeing der CA"); |
ashleymills | 0:714293de3836 | 1106 | |
ashleymills | 0:714293de3836 | 1107 | CYASSL_LEAVE("AddCA", ret); |
ashleymills | 0:714293de3836 | 1108 | if (ret == 0) return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 1109 | return ret; |
ashleymills | 0:714293de3836 | 1110 | } |
ashleymills | 0:714293de3836 | 1111 | |
ashleymills | 0:714293de3836 | 1112 | #endif /* !NO_CERTS */ |
ashleymills | 0:714293de3836 | 1113 | |
ashleymills | 0:714293de3836 | 1114 | |
ashleymills | 0:714293de3836 | 1115 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:714293de3836 | 1116 | |
ashleymills | 0:714293de3836 | 1117 | /* basic config gives a cache with 33 sessions, adequate for clients and |
ashleymills | 0:714293de3836 | 1118 | embedded servers |
ashleymills | 0:714293de3836 | 1119 | |
ashleymills | 0:714293de3836 | 1120 | MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that |
ashleymills | 0:714293de3836 | 1121 | aren't under heavy load, basically allows 200 new sessions per minute |
ashleymills | 0:714293de3836 | 1122 | |
ashleymills | 0:714293de3836 | 1123 | BIG_SESSION_CACHE yields 20,027 sessions |
ashleymills | 0:714293de3836 | 1124 | |
ashleymills | 0:714293de3836 | 1125 | HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load, |
ashleymills | 0:714293de3836 | 1126 | allows over 13,000 new sessions per minute or over 200 new sessions per |
ashleymills | 0:714293de3836 | 1127 | second |
ashleymills | 0:714293de3836 | 1128 | |
ashleymills | 0:714293de3836 | 1129 | SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients |
ashleymills | 0:714293de3836 | 1130 | or systems where the default of nearly 3kB is too much RAM, this define |
ashleymills | 0:714293de3836 | 1131 | uses less than 500 bytes RAM |
ashleymills | 0:714293de3836 | 1132 | |
ashleymills | 0:714293de3836 | 1133 | default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined) |
ashleymills | 0:714293de3836 | 1134 | */ |
ashleymills | 0:714293de3836 | 1135 | #ifdef HUGE_SESSION_CACHE |
ashleymills | 0:714293de3836 | 1136 | #define SESSIONS_PER_ROW 11 |
ashleymills | 0:714293de3836 | 1137 | #define SESSION_ROWS 5981 |
ashleymills | 0:714293de3836 | 1138 | #elif defined(BIG_SESSION_CACHE) |
ashleymills | 0:714293de3836 | 1139 | #define SESSIONS_PER_ROW 7 |
ashleymills | 0:714293de3836 | 1140 | #define SESSION_ROWS 2861 |
ashleymills | 0:714293de3836 | 1141 | #elif defined(MEDIUM_SESSION_CACHE) |
ashleymills | 0:714293de3836 | 1142 | #define SESSIONS_PER_ROW 5 |
ashleymills | 0:714293de3836 | 1143 | #define SESSION_ROWS 211 |
ashleymills | 0:714293de3836 | 1144 | #elif defined(SMALL_SESSION_CACHE) |
ashleymills | 0:714293de3836 | 1145 | #define SESSIONS_PER_ROW 2 |
ashleymills | 0:714293de3836 | 1146 | #define SESSION_ROWS 3 |
ashleymills | 0:714293de3836 | 1147 | #else |
ashleymills | 0:714293de3836 | 1148 | #define SESSIONS_PER_ROW 3 |
ashleymills | 0:714293de3836 | 1149 | #define SESSION_ROWS 11 |
ashleymills | 0:714293de3836 | 1150 | #endif |
ashleymills | 0:714293de3836 | 1151 | |
ashleymills | 0:714293de3836 | 1152 | typedef struct SessionRow { |
ashleymills | 0:714293de3836 | 1153 | int nextIdx; /* where to place next one */ |
ashleymills | 0:714293de3836 | 1154 | int totalCount; /* sessions ever on this row */ |
ashleymills | 0:714293de3836 | 1155 | CYASSL_SESSION Sessions[SESSIONS_PER_ROW]; |
ashleymills | 0:714293de3836 | 1156 | } SessionRow; |
ashleymills | 0:714293de3836 | 1157 | |
ashleymills | 0:714293de3836 | 1158 | static SessionRow SessionCache[SESSION_ROWS]; |
ashleymills | 0:714293de3836 | 1159 | |
ashleymills | 0:714293de3836 | 1160 | static CyaSSL_Mutex session_mutex; /* SessionCache mutex */ |
ashleymills | 0:714293de3836 | 1161 | |
ashleymills | 0:714293de3836 | 1162 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 1163 | |
ashleymills | 0:714293de3836 | 1164 | typedef struct ClientSession { |
ashleymills | 0:714293de3836 | 1165 | word16 serverRow; /* SessionCache Row id */ |
ashleymills | 0:714293de3836 | 1166 | word16 serverIdx; /* SessionCache Idx (column) */ |
ashleymills | 0:714293de3836 | 1167 | } ClientSession; |
ashleymills | 0:714293de3836 | 1168 | |
ashleymills | 0:714293de3836 | 1169 | typedef struct ClientRow { |
ashleymills | 0:714293de3836 | 1170 | int nextIdx; /* where to place next one */ |
ashleymills | 0:714293de3836 | 1171 | int totalCount; /* sessions ever on this row */ |
ashleymills | 0:714293de3836 | 1172 | ClientSession Clients[SESSIONS_PER_ROW]; |
ashleymills | 0:714293de3836 | 1173 | } ClientRow; |
ashleymills | 0:714293de3836 | 1174 | |
ashleymills | 0:714293de3836 | 1175 | static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */ |
ashleymills | 0:714293de3836 | 1176 | /* uses session mutex */ |
ashleymills | 0:714293de3836 | 1177 | |
ashleymills | 0:714293de3836 | 1178 | #endif /* NO_CLIENT_CACHE */ |
ashleymills | 0:714293de3836 | 1179 | |
ashleymills | 0:714293de3836 | 1180 | /* for persistance, if changes to layout need to increment and modify |
ashleymills | 0:714293de3836 | 1181 | save_session_cache() and restore_session_cache and memory versions too */ |
ashleymills | 0:714293de3836 | 1182 | #define CYASSL_CACHE_VERSION 2 |
ashleymills | 0:714293de3836 | 1183 | |
ashleymills | 0:714293de3836 | 1184 | #endif /* NO_SESSION_CACHE */ |
ashleymills | 0:714293de3836 | 1185 | |
ashleymills | 0:714293de3836 | 1186 | |
ashleymills | 0:714293de3836 | 1187 | int CyaSSL_Init(void) |
ashleymills | 0:714293de3836 | 1188 | { |
ashleymills | 0:714293de3836 | 1189 | int ret = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 1190 | |
ashleymills | 0:714293de3836 | 1191 | CYASSL_ENTER("CyaSSL_Init"); |
ashleymills | 0:714293de3836 | 1192 | |
ashleymills | 0:714293de3836 | 1193 | if (initRefCount == 0) { |
ashleymills | 0:714293de3836 | 1194 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:714293de3836 | 1195 | if (InitMutex(&session_mutex) != 0) |
ashleymills | 0:714293de3836 | 1196 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 1197 | #endif |
ashleymills | 0:714293de3836 | 1198 | if (InitMutex(&count_mutex) != 0) |
ashleymills | 0:714293de3836 | 1199 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 1200 | } |
ashleymills | 0:714293de3836 | 1201 | if (ret == SSL_SUCCESS) { |
ashleymills | 0:714293de3836 | 1202 | if (LockMutex(&count_mutex) != 0) { |
ashleymills | 0:714293de3836 | 1203 | CYASSL_MSG("Bad Lock Mutex count"); |
ashleymills | 0:714293de3836 | 1204 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 1205 | } |
ashleymills | 0:714293de3836 | 1206 | initRefCount++; |
ashleymills | 0:714293de3836 | 1207 | UnLockMutex(&count_mutex); |
ashleymills | 0:714293de3836 | 1208 | } |
ashleymills | 0:714293de3836 | 1209 | |
ashleymills | 0:714293de3836 | 1210 | return ret; |
ashleymills | 0:714293de3836 | 1211 | } |
ashleymills | 0:714293de3836 | 1212 | |
ashleymills | 0:714293de3836 | 1213 | |
ashleymills | 0:714293de3836 | 1214 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 1215 | |
ashleymills | 0:714293de3836 | 1216 | /* Remove PEM header/footer, convert to ASN1, store any encrypted data |
ashleymills | 0:714293de3836 | 1217 | info->consumed tracks of PEM bytes consumed in case multiple parts */ |
ashleymills | 0:714293de3836 | 1218 | int PemToDer(const unsigned char* buff, long longSz, int type, |
ashleymills | 0:714293de3836 | 1219 | buffer* der, void* heap, EncryptedInfo* info, int* eccKey) |
ashleymills | 0:714293de3836 | 1220 | { |
ashleymills | 0:714293de3836 | 1221 | char header[PEM_LINE_LEN]; |
ashleymills | 0:714293de3836 | 1222 | char footer[PEM_LINE_LEN]; |
ashleymills | 0:714293de3836 | 1223 | char* headerEnd; |
ashleymills | 0:714293de3836 | 1224 | char* footerEnd; |
ashleymills | 0:714293de3836 | 1225 | char* consumedEnd; |
ashleymills | 0:714293de3836 | 1226 | char* bufferEnd = (char*)(buff + longSz); |
ashleymills | 0:714293de3836 | 1227 | long neededSz; |
ashleymills | 0:714293de3836 | 1228 | int pkcs8 = 0; |
ashleymills | 0:714293de3836 | 1229 | int pkcs8Enc = 0; |
ashleymills | 0:714293de3836 | 1230 | int dynamicType = 0; |
ashleymills | 0:714293de3836 | 1231 | int sz = (int)longSz; |
ashleymills | 0:714293de3836 | 1232 | |
ashleymills | 0:714293de3836 | 1233 | (void)heap; |
ashleymills | 0:714293de3836 | 1234 | (void)dynamicType; |
ashleymills | 0:714293de3836 | 1235 | |
ashleymills | 0:714293de3836 | 1236 | if (type == CERT_TYPE || type == CA_TYPE) { |
ashleymills | 0:714293de3836 | 1237 | XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header)); |
ashleymills | 0:714293de3836 | 1238 | XSTRNCPY(footer, "-----END CERTIFICATE-----", sizeof(footer)); |
ashleymills | 0:714293de3836 | 1239 | dynamicType = (type == CA_TYPE) ? DYNAMIC_TYPE_CA : |
ashleymills | 0:714293de3836 | 1240 | DYNAMIC_TYPE_CERT; |
ashleymills | 0:714293de3836 | 1241 | } else if (type == DH_PARAM_TYPE) { |
ashleymills | 0:714293de3836 | 1242 | XSTRNCPY(header, "-----BEGIN DH PARAMETERS-----", sizeof(header)); |
ashleymills | 0:714293de3836 | 1243 | XSTRNCPY(footer, "-----END DH PARAMETERS-----", sizeof(footer)); |
ashleymills | 0:714293de3836 | 1244 | dynamicType = DYNAMIC_TYPE_KEY; |
ashleymills | 0:714293de3836 | 1245 | } else if (type == CRL_TYPE) { |
ashleymills | 0:714293de3836 | 1246 | XSTRNCPY(header, "-----BEGIN X509 CRL-----", sizeof(header)); |
ashleymills | 0:714293de3836 | 1247 | XSTRNCPY(footer, "-----END X509 CRL-----", sizeof(footer)); |
ashleymills | 0:714293de3836 | 1248 | dynamicType = DYNAMIC_TYPE_CRL; |
ashleymills | 0:714293de3836 | 1249 | } else { |
ashleymills | 0:714293de3836 | 1250 | XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header)); |
ashleymills | 0:714293de3836 | 1251 | XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----", sizeof(footer)); |
ashleymills | 0:714293de3836 | 1252 | dynamicType = DYNAMIC_TYPE_KEY; |
ashleymills | 0:714293de3836 | 1253 | } |
ashleymills | 0:714293de3836 | 1254 | |
ashleymills | 0:714293de3836 | 1255 | /* find header */ |
ashleymills | 0:714293de3836 | 1256 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:714293de3836 | 1257 | if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be pkcs8 */ |
ashleymills | 0:714293de3836 | 1258 | XSTRNCPY(header, "-----BEGIN PRIVATE KEY-----", sizeof(header)); |
ashleymills | 0:714293de3836 | 1259 | XSTRNCPY(footer, "-----END PRIVATE KEY-----", sizeof(footer)); |
ashleymills | 0:714293de3836 | 1260 | |
ashleymills | 0:714293de3836 | 1261 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:714293de3836 | 1262 | if (headerEnd) |
ashleymills | 0:714293de3836 | 1263 | pkcs8 = 1; |
ashleymills | 0:714293de3836 | 1264 | else { |
ashleymills | 0:714293de3836 | 1265 | XSTRNCPY(header, "-----BEGIN ENCRYPTED PRIVATE KEY-----", |
ashleymills | 0:714293de3836 | 1266 | sizeof(header)); |
ashleymills | 0:714293de3836 | 1267 | XSTRNCPY(footer, "-----END ENCRYPTED PRIVATE KEY-----", |
ashleymills | 0:714293de3836 | 1268 | sizeof(footer)); |
ashleymills | 0:714293de3836 | 1269 | |
ashleymills | 0:714293de3836 | 1270 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:714293de3836 | 1271 | if (headerEnd) { |
ashleymills | 0:714293de3836 | 1272 | pkcs8Enc = 1; |
ashleymills | 0:714293de3836 | 1273 | (void)pkcs8Enc; /* only opensslextra will read */ |
ashleymills | 0:714293de3836 | 1274 | } |
ashleymills | 0:714293de3836 | 1275 | } |
ashleymills | 0:714293de3836 | 1276 | } |
ashleymills | 0:714293de3836 | 1277 | if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */ |
ashleymills | 0:714293de3836 | 1278 | XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----", sizeof(header)); |
ashleymills | 0:714293de3836 | 1279 | XSTRNCPY(footer, "-----END EC PRIVATE KEY-----", sizeof(footer)); |
ashleymills | 0:714293de3836 | 1280 | |
ashleymills | 0:714293de3836 | 1281 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:714293de3836 | 1282 | if (headerEnd) |
ashleymills | 0:714293de3836 | 1283 | *eccKey = 1; |
ashleymills | 0:714293de3836 | 1284 | } |
ashleymills | 0:714293de3836 | 1285 | if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be dsa */ |
ashleymills | 0:714293de3836 | 1286 | XSTRNCPY(header, "-----BEGIN DSA PRIVATE KEY-----", sizeof(header)); |
ashleymills | 0:714293de3836 | 1287 | XSTRNCPY(footer, "-----END DSA PRIVATE KEY-----", sizeof(footer)); |
ashleymills | 0:714293de3836 | 1288 | |
ashleymills | 0:714293de3836 | 1289 | headerEnd = XSTRNSTR((char*)buff, header, sz); |
ashleymills | 0:714293de3836 | 1290 | } |
ashleymills | 0:714293de3836 | 1291 | if (!headerEnd) { |
ashleymills | 0:714293de3836 | 1292 | CYASSL_MSG("Couldn't find PEM header"); |
ashleymills | 0:714293de3836 | 1293 | return SSL_NO_PEM_HEADER; |
ashleymills | 0:714293de3836 | 1294 | } |
ashleymills | 0:714293de3836 | 1295 | headerEnd += XSTRLEN(header); |
ashleymills | 0:714293de3836 | 1296 | |
ashleymills | 0:714293de3836 | 1297 | /* eat end of line */ |
ashleymills | 0:714293de3836 | 1298 | if (headerEnd[0] == '\n') |
ashleymills | 0:714293de3836 | 1299 | headerEnd++; |
ashleymills | 0:714293de3836 | 1300 | else if (headerEnd[1] == '\n') |
ashleymills | 0:714293de3836 | 1301 | headerEnd += 2; |
ashleymills | 0:714293de3836 | 1302 | else |
ashleymills | 0:714293de3836 | 1303 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1304 | |
ashleymills | 0:714293de3836 | 1305 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
ashleymills | 0:714293de3836 | 1306 | { |
ashleymills | 0:714293de3836 | 1307 | /* remove encrypted header if there */ |
ashleymills | 0:714293de3836 | 1308 | char encHeader[] = "Proc-Type"; |
ashleymills | 0:714293de3836 | 1309 | char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN); |
ashleymills | 0:714293de3836 | 1310 | if (line) { |
ashleymills | 0:714293de3836 | 1311 | char* newline; |
ashleymills | 0:714293de3836 | 1312 | char* finish; |
ashleymills | 0:714293de3836 | 1313 | char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN); |
ashleymills | 0:714293de3836 | 1314 | |
ashleymills | 0:714293de3836 | 1315 | if (!start) |
ashleymills | 0:714293de3836 | 1316 | start = XSTRNSTR(line, "AES", PEM_LINE_LEN); |
ashleymills | 0:714293de3836 | 1317 | |
ashleymills | 0:714293de3836 | 1318 | if (!start) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1319 | if (!info) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1320 | |
ashleymills | 0:714293de3836 | 1321 | finish = XSTRNSTR(start, ",", PEM_LINE_LEN); |
ashleymills | 0:714293de3836 | 1322 | |
ashleymills | 0:714293de3836 | 1323 | if (start && finish && (start < finish)) { |
ashleymills | 0:714293de3836 | 1324 | newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN); |
ashleymills | 0:714293de3836 | 1325 | |
ashleymills | 0:714293de3836 | 1326 | XMEMCPY(info->name, start, finish - start); |
ashleymills | 0:714293de3836 | 1327 | info->name[finish - start] = 0; |
ashleymills | 0:714293de3836 | 1328 | XMEMCPY(info->iv, finish + 1, sizeof(info->iv)); |
ashleymills | 0:714293de3836 | 1329 | |
ashleymills | 0:714293de3836 | 1330 | if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN); |
ashleymills | 0:714293de3836 | 1331 | if (newline && (newline > finish)) { |
ashleymills | 0:714293de3836 | 1332 | info->ivSz = (word32)(newline - (finish + 1)); |
ashleymills | 0:714293de3836 | 1333 | info->set = 1; |
ashleymills | 0:714293de3836 | 1334 | } |
ashleymills | 0:714293de3836 | 1335 | else |
ashleymills | 0:714293de3836 | 1336 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1337 | } |
ashleymills | 0:714293de3836 | 1338 | else |
ashleymills | 0:714293de3836 | 1339 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1340 | |
ashleymills | 0:714293de3836 | 1341 | /* eat blank line */ |
ashleymills | 0:714293de3836 | 1342 | while (*newline == '\r' || *newline == '\n') |
ashleymills | 0:714293de3836 | 1343 | newline++; |
ashleymills | 0:714293de3836 | 1344 | headerEnd = newline; |
ashleymills | 0:714293de3836 | 1345 | } |
ashleymills | 0:714293de3836 | 1346 | } |
ashleymills | 0:714293de3836 | 1347 | #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ |
ashleymills | 0:714293de3836 | 1348 | |
ashleymills | 0:714293de3836 | 1349 | /* find footer */ |
ashleymills | 0:714293de3836 | 1350 | footerEnd = XSTRNSTR((char*)buff, footer, sz); |
ashleymills | 0:714293de3836 | 1351 | if (!footerEnd) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1352 | |
ashleymills | 0:714293de3836 | 1353 | consumedEnd = footerEnd + XSTRLEN(footer); |
ashleymills | 0:714293de3836 | 1354 | |
ashleymills | 0:714293de3836 | 1355 | if (consumedEnd < bufferEnd) { /* handle no end of line on last line */ |
ashleymills | 0:714293de3836 | 1356 | /* eat end of line */ |
ashleymills | 0:714293de3836 | 1357 | if (consumedEnd[0] == '\n') |
ashleymills | 0:714293de3836 | 1358 | consumedEnd++; |
ashleymills | 0:714293de3836 | 1359 | else if (consumedEnd[1] == '\n') |
ashleymills | 0:714293de3836 | 1360 | consumedEnd += 2; |
ashleymills | 0:714293de3836 | 1361 | else |
ashleymills | 0:714293de3836 | 1362 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1363 | } |
ashleymills | 0:714293de3836 | 1364 | |
ashleymills | 0:714293de3836 | 1365 | if (info) |
ashleymills | 0:714293de3836 | 1366 | info->consumed = (long)(consumedEnd - (char*)buff); |
ashleymills | 0:714293de3836 | 1367 | |
ashleymills | 0:714293de3836 | 1368 | /* set up der buffer */ |
ashleymills | 0:714293de3836 | 1369 | neededSz = (long)(footerEnd - headerEnd); |
ashleymills | 0:714293de3836 | 1370 | if (neededSz > sz || neededSz < 0) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1371 | der->buffer = (byte*) XMALLOC(neededSz, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1372 | if (!der->buffer) return MEMORY_ERROR; |
ashleymills | 0:714293de3836 | 1373 | der->length = (word32)neededSz; |
ashleymills | 0:714293de3836 | 1374 | |
ashleymills | 0:714293de3836 | 1375 | if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer, |
ashleymills | 0:714293de3836 | 1376 | &der->length) < 0) |
ashleymills | 0:714293de3836 | 1377 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1378 | |
ashleymills | 0:714293de3836 | 1379 | if (pkcs8) |
ashleymills | 0:714293de3836 | 1380 | return ToTraditional(der->buffer, der->length); |
ashleymills | 0:714293de3836 | 1381 | |
ashleymills | 0:714293de3836 | 1382 | #if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) |
ashleymills | 0:714293de3836 | 1383 | if (pkcs8Enc) { |
ashleymills | 0:714293de3836 | 1384 | int passwordSz; |
ashleymills | 0:714293de3836 | 1385 | char password[80]; |
ashleymills | 0:714293de3836 | 1386 | |
ashleymills | 0:714293de3836 | 1387 | if (!info || !info->ctx || !info->ctx->passwd_cb) |
ashleymills | 0:714293de3836 | 1388 | return SSL_BAD_FILE; /* no callback error */ |
ashleymills | 0:714293de3836 | 1389 | passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0, |
ashleymills | 0:714293de3836 | 1390 | info->ctx->userdata); |
ashleymills | 0:714293de3836 | 1391 | return ToTraditionalEnc(der->buffer, der->length, password, |
ashleymills | 0:714293de3836 | 1392 | passwordSz); |
ashleymills | 0:714293de3836 | 1393 | } |
ashleymills | 0:714293de3836 | 1394 | #endif |
ashleymills | 0:714293de3836 | 1395 | |
ashleymills | 0:714293de3836 | 1396 | return 0; |
ashleymills | 0:714293de3836 | 1397 | } |
ashleymills | 0:714293de3836 | 1398 | |
ashleymills | 0:714293de3836 | 1399 | |
ashleymills | 0:714293de3836 | 1400 | /* process the buffer buff, legnth sz, into ctx of format and type |
ashleymills | 0:714293de3836 | 1401 | used tracks bytes consumed, userChain specifies a user cert chain |
ashleymills | 0:714293de3836 | 1402 | to pass during the handshake */ |
ashleymills | 0:714293de3836 | 1403 | static int ProcessBuffer(CYASSL_CTX* ctx, const unsigned char* buff, |
ashleymills | 0:714293de3836 | 1404 | long sz, int format, int type, CYASSL* ssl, |
ashleymills | 0:714293de3836 | 1405 | long* used, int userChain) |
ashleymills | 0:714293de3836 | 1406 | { |
ashleymills | 0:714293de3836 | 1407 | EncryptedInfo info; |
ashleymills | 0:714293de3836 | 1408 | buffer der; /* holds DER or RAW (for NTRU) */ |
ashleymills | 0:714293de3836 | 1409 | int ret; |
ashleymills | 0:714293de3836 | 1410 | int dynamicType = 0; |
ashleymills | 0:714293de3836 | 1411 | int eccKey = 0; |
ashleymills | 0:714293de3836 | 1412 | int rsaKey = 0; |
ashleymills | 0:714293de3836 | 1413 | void* heap = ctx ? ctx->heap : NULL; |
ashleymills | 0:714293de3836 | 1414 | |
ashleymills | 0:714293de3836 | 1415 | info.set = 0; |
ashleymills | 0:714293de3836 | 1416 | info.ctx = ctx; |
ashleymills | 0:714293de3836 | 1417 | info.consumed = 0; |
ashleymills | 0:714293de3836 | 1418 | der.buffer = 0; |
ashleymills | 0:714293de3836 | 1419 | |
ashleymills | 0:714293de3836 | 1420 | (void)dynamicType; |
ashleymills | 0:714293de3836 | 1421 | |
ashleymills | 0:714293de3836 | 1422 | if (used) |
ashleymills | 0:714293de3836 | 1423 | *used = sz; /* used bytes default to sz, PEM chain may shorten*/ |
ashleymills | 0:714293de3836 | 1424 | |
ashleymills | 0:714293de3836 | 1425 | if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM |
ashleymills | 0:714293de3836 | 1426 | && format != SSL_FILETYPE_RAW) |
ashleymills | 0:714293de3836 | 1427 | return SSL_BAD_FILETYPE; |
ashleymills | 0:714293de3836 | 1428 | |
ashleymills | 0:714293de3836 | 1429 | if (type == CA_TYPE) |
ashleymills | 0:714293de3836 | 1430 | dynamicType = DYNAMIC_TYPE_CA; |
ashleymills | 0:714293de3836 | 1431 | else if (type == CERT_TYPE) |
ashleymills | 0:714293de3836 | 1432 | dynamicType = DYNAMIC_TYPE_CERT; |
ashleymills | 0:714293de3836 | 1433 | else |
ashleymills | 0:714293de3836 | 1434 | dynamicType = DYNAMIC_TYPE_KEY; |
ashleymills | 0:714293de3836 | 1435 | |
ashleymills | 0:714293de3836 | 1436 | if (format == SSL_FILETYPE_PEM) { |
ashleymills | 0:714293de3836 | 1437 | ret = PemToDer(buff, sz, type, &der, heap, &info, &eccKey); |
ashleymills | 0:714293de3836 | 1438 | if (ret < 0) { |
ashleymills | 0:714293de3836 | 1439 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1440 | return ret; |
ashleymills | 0:714293de3836 | 1441 | } |
ashleymills | 0:714293de3836 | 1442 | if (used) |
ashleymills | 0:714293de3836 | 1443 | *used = info.consumed; |
ashleymills | 0:714293de3836 | 1444 | /* we may have a user cert chain, try to consume */ |
ashleymills | 0:714293de3836 | 1445 | if (userChain && type == CERT_TYPE && info.consumed < sz) { |
ashleymills | 0:714293de3836 | 1446 | byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */ |
ashleymills | 0:714293de3836 | 1447 | byte* chainBuffer = staticBuffer; |
ashleymills | 0:714293de3836 | 1448 | int dynamicBuffer = 0; |
ashleymills | 0:714293de3836 | 1449 | word32 bufferSz = sizeof(staticBuffer); |
ashleymills | 0:714293de3836 | 1450 | long consumed = info.consumed; |
ashleymills | 0:714293de3836 | 1451 | word32 idx = 0; |
ashleymills | 0:714293de3836 | 1452 | int gotOne = 0; |
ashleymills | 0:714293de3836 | 1453 | |
ashleymills | 0:714293de3836 | 1454 | if ( (sz - consumed) > (int)bufferSz) { |
ashleymills | 0:714293de3836 | 1455 | CYASSL_MSG("Growing Tmp Chain Buffer"); |
ashleymills | 0:714293de3836 | 1456 | bufferSz = (word32)(sz - consumed); |
ashleymills | 0:714293de3836 | 1457 | /* will shrink to actual size */ |
ashleymills | 0:714293de3836 | 1458 | chainBuffer = (byte*)XMALLOC(bufferSz, heap, |
ashleymills | 0:714293de3836 | 1459 | DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 1460 | if (chainBuffer == NULL) { |
ashleymills | 0:714293de3836 | 1461 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1462 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 1463 | } |
ashleymills | 0:714293de3836 | 1464 | dynamicBuffer = 1; |
ashleymills | 0:714293de3836 | 1465 | } |
ashleymills | 0:714293de3836 | 1466 | |
ashleymills | 0:714293de3836 | 1467 | CYASSL_MSG("Processing Cert Chain"); |
ashleymills | 0:714293de3836 | 1468 | while (consumed < sz) { |
ashleymills | 0:714293de3836 | 1469 | buffer part; |
ashleymills | 0:714293de3836 | 1470 | info.consumed = 0; |
ashleymills | 0:714293de3836 | 1471 | part.buffer = 0; |
ashleymills | 0:714293de3836 | 1472 | |
ashleymills | 0:714293de3836 | 1473 | ret = PemToDer(buff + consumed, sz - consumed, type, &part, |
ashleymills | 0:714293de3836 | 1474 | heap, &info, &eccKey); |
ashleymills | 0:714293de3836 | 1475 | if (ret == 0) { |
ashleymills | 0:714293de3836 | 1476 | gotOne = 1; |
ashleymills | 0:714293de3836 | 1477 | if ( (idx + part.length) > bufferSz) { |
ashleymills | 0:714293de3836 | 1478 | CYASSL_MSG(" Cert Chain bigger than buffer"); |
ashleymills | 0:714293de3836 | 1479 | ret = BUFFER_E; |
ashleymills | 0:714293de3836 | 1480 | } |
ashleymills | 0:714293de3836 | 1481 | else { |
ashleymills | 0:714293de3836 | 1482 | c32to24(part.length, &chainBuffer[idx]); |
ashleymills | 0:714293de3836 | 1483 | idx += CERT_HEADER_SZ; |
ashleymills | 0:714293de3836 | 1484 | XMEMCPY(&chainBuffer[idx], part.buffer,part.length); |
ashleymills | 0:714293de3836 | 1485 | idx += part.length; |
ashleymills | 0:714293de3836 | 1486 | consumed += info.consumed; |
ashleymills | 0:714293de3836 | 1487 | if (used) |
ashleymills | 0:714293de3836 | 1488 | *used += info.consumed; |
ashleymills | 0:714293de3836 | 1489 | } |
ashleymills | 0:714293de3836 | 1490 | } |
ashleymills | 0:714293de3836 | 1491 | |
ashleymills | 0:714293de3836 | 1492 | XFREE(part.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1493 | |
ashleymills | 0:714293de3836 | 1494 | if (ret == SSL_NO_PEM_HEADER && gotOne) { |
ashleymills | 0:714293de3836 | 1495 | CYASSL_MSG("We got one good PEM so stuff at end ok"); |
ashleymills | 0:714293de3836 | 1496 | break; |
ashleymills | 0:714293de3836 | 1497 | } |
ashleymills | 0:714293de3836 | 1498 | |
ashleymills | 0:714293de3836 | 1499 | if (ret < 0) { |
ashleymills | 0:714293de3836 | 1500 | CYASSL_MSG(" Error in Cert in Chain"); |
ashleymills | 0:714293de3836 | 1501 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1502 | return ret; |
ashleymills | 0:714293de3836 | 1503 | } |
ashleymills | 0:714293de3836 | 1504 | CYASSL_MSG(" Consumed another Cert in Chain"); |
ashleymills | 0:714293de3836 | 1505 | } |
ashleymills | 0:714293de3836 | 1506 | CYASSL_MSG("Finished Processing Cert Chain"); |
ashleymills | 0:714293de3836 | 1507 | |
ashleymills | 0:714293de3836 | 1508 | if (ctx == NULL) { |
ashleymills | 0:714293de3836 | 1509 | CYASSL_MSG("certChain needs context"); |
ashleymills | 0:714293de3836 | 1510 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 1511 | } |
ashleymills | 0:714293de3836 | 1512 | ctx->certChain.buffer = (byte*)XMALLOC(idx, heap, |
ashleymills | 0:714293de3836 | 1513 | dynamicType); |
ashleymills | 0:714293de3836 | 1514 | if (ctx->certChain.buffer) { |
ashleymills | 0:714293de3836 | 1515 | ctx->certChain.length = idx; |
ashleymills | 0:714293de3836 | 1516 | XMEMCPY(ctx->certChain.buffer, chainBuffer, idx); |
ashleymills | 0:714293de3836 | 1517 | } |
ashleymills | 0:714293de3836 | 1518 | if (dynamicBuffer) |
ashleymills | 0:714293de3836 | 1519 | XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 1520 | if (ctx->certChain.buffer == NULL) { |
ashleymills | 0:714293de3836 | 1521 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1522 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 1523 | } |
ashleymills | 0:714293de3836 | 1524 | } |
ashleymills | 0:714293de3836 | 1525 | } |
ashleymills | 0:714293de3836 | 1526 | else { /* ASN1 (DER) or RAW (NTRU) */ |
ashleymills | 0:714293de3836 | 1527 | der.buffer = (byte*) XMALLOC(sz, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1528 | if (!der.buffer) return MEMORY_ERROR; |
ashleymills | 0:714293de3836 | 1529 | XMEMCPY(der.buffer, buff, sz); |
ashleymills | 0:714293de3836 | 1530 | der.length = (word32)sz; |
ashleymills | 0:714293de3836 | 1531 | } |
ashleymills | 0:714293de3836 | 1532 | |
ashleymills | 0:714293de3836 | 1533 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
ashleymills | 0:714293de3836 | 1534 | if (info.set) { |
ashleymills | 0:714293de3836 | 1535 | /* decrypt */ |
ashleymills | 0:714293de3836 | 1536 | char password[80]; |
ashleymills | 0:714293de3836 | 1537 | int passwordSz; |
ashleymills | 0:714293de3836 | 1538 | |
ashleymills | 0:714293de3836 | 1539 | byte key[AES_256_KEY_SIZE]; |
ashleymills | 0:714293de3836 | 1540 | byte iv[AES_IV_SIZE]; |
ashleymills | 0:714293de3836 | 1541 | |
ashleymills | 0:714293de3836 | 1542 | if (!ctx || !ctx->passwd_cb) { |
ashleymills | 0:714293de3836 | 1543 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1544 | return NO_PASSWORD; |
ashleymills | 0:714293de3836 | 1545 | } |
ashleymills | 0:714293de3836 | 1546 | |
ashleymills | 0:714293de3836 | 1547 | /* use file's salt for key derivation, hex decode first */ |
ashleymills | 0:714293de3836 | 1548 | if (Base16_Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) { |
ashleymills | 0:714293de3836 | 1549 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1550 | return ASN_INPUT_E; |
ashleymills | 0:714293de3836 | 1551 | } |
ashleymills | 0:714293de3836 | 1552 | |
ashleymills | 0:714293de3836 | 1553 | passwordSz = ctx->passwd_cb(password, sizeof(password), 0, |
ashleymills | 0:714293de3836 | 1554 | ctx->userdata); |
ashleymills | 0:714293de3836 | 1555 | if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv, |
ashleymills | 0:714293de3836 | 1556 | (byte*)password, passwordSz, 1, key, iv)) <= 0) { |
ashleymills | 0:714293de3836 | 1557 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1558 | return ret; |
ashleymills | 0:714293de3836 | 1559 | } |
ashleymills | 0:714293de3836 | 1560 | |
ashleymills | 0:714293de3836 | 1561 | if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) { |
ashleymills | 0:714293de3836 | 1562 | Des enc; |
ashleymills | 0:714293de3836 | 1563 | Des_SetKey(&enc, key, info.iv, DES_DECRYPTION); |
ashleymills | 0:714293de3836 | 1564 | Des_CbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:714293de3836 | 1565 | } |
ashleymills | 0:714293de3836 | 1566 | else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) { |
ashleymills | 0:714293de3836 | 1567 | Des3 enc; |
ashleymills | 0:714293de3836 | 1568 | Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION); |
ashleymills | 0:714293de3836 | 1569 | Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:714293de3836 | 1570 | } |
ashleymills | 0:714293de3836 | 1571 | else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) { |
ashleymills | 0:714293de3836 | 1572 | Aes enc; |
ashleymills | 0:714293de3836 | 1573 | AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv, AES_DECRYPTION); |
ashleymills | 0:714293de3836 | 1574 | AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:714293de3836 | 1575 | } |
ashleymills | 0:714293de3836 | 1576 | else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) { |
ashleymills | 0:714293de3836 | 1577 | Aes enc; |
ashleymills | 0:714293de3836 | 1578 | AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv, AES_DECRYPTION); |
ashleymills | 0:714293de3836 | 1579 | AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:714293de3836 | 1580 | } |
ashleymills | 0:714293de3836 | 1581 | else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) { |
ashleymills | 0:714293de3836 | 1582 | Aes enc; |
ashleymills | 0:714293de3836 | 1583 | AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv, AES_DECRYPTION); |
ashleymills | 0:714293de3836 | 1584 | AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); |
ashleymills | 0:714293de3836 | 1585 | } |
ashleymills | 0:714293de3836 | 1586 | else { |
ashleymills | 0:714293de3836 | 1587 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1588 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1589 | } |
ashleymills | 0:714293de3836 | 1590 | } |
ashleymills | 0:714293de3836 | 1591 | #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ |
ashleymills | 0:714293de3836 | 1592 | |
ashleymills | 0:714293de3836 | 1593 | if (type == CA_TYPE) { |
ashleymills | 0:714293de3836 | 1594 | if (ctx == NULL) { |
ashleymills | 0:714293de3836 | 1595 | CYASSL_MSG("Need context for CA load"); |
ashleymills | 0:714293de3836 | 1596 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1597 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 1598 | } |
ashleymills | 0:714293de3836 | 1599 | return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer); |
ashleymills | 0:714293de3836 | 1600 | /* takes der over */ |
ashleymills | 0:714293de3836 | 1601 | } |
ashleymills | 0:714293de3836 | 1602 | else if (type == CERT_TYPE) { |
ashleymills | 0:714293de3836 | 1603 | if (ssl) { |
ashleymills | 0:714293de3836 | 1604 | if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer) |
ashleymills | 0:714293de3836 | 1605 | XFREE(ssl->buffers.certificate.buffer, heap, |
ashleymills | 0:714293de3836 | 1606 | dynamicType); |
ashleymills | 0:714293de3836 | 1607 | ssl->buffers.certificate = der; |
ashleymills | 0:714293de3836 | 1608 | ssl->buffers.weOwnCert = 1; |
ashleymills | 0:714293de3836 | 1609 | } |
ashleymills | 0:714293de3836 | 1610 | else if (ctx) { |
ashleymills | 0:714293de3836 | 1611 | if (ctx->certificate.buffer) |
ashleymills | 0:714293de3836 | 1612 | XFREE(ctx->certificate.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1613 | ctx->certificate = der; /* takes der over */ |
ashleymills | 0:714293de3836 | 1614 | } |
ashleymills | 0:714293de3836 | 1615 | } |
ashleymills | 0:714293de3836 | 1616 | else if (type == PRIVATEKEY_TYPE) { |
ashleymills | 0:714293de3836 | 1617 | if (ssl) { |
ashleymills | 0:714293de3836 | 1618 | if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer) |
ashleymills | 0:714293de3836 | 1619 | XFREE(ssl->buffers.key.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1620 | ssl->buffers.key = der; |
ashleymills | 0:714293de3836 | 1621 | ssl->buffers.weOwnKey = 1; |
ashleymills | 0:714293de3836 | 1622 | } |
ashleymills | 0:714293de3836 | 1623 | else if (ctx) { |
ashleymills | 0:714293de3836 | 1624 | if (ctx->privateKey.buffer) |
ashleymills | 0:714293de3836 | 1625 | XFREE(ctx->privateKey.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1626 | ctx->privateKey = der; /* takes der over */ |
ashleymills | 0:714293de3836 | 1627 | } |
ashleymills | 0:714293de3836 | 1628 | } |
ashleymills | 0:714293de3836 | 1629 | else { |
ashleymills | 0:714293de3836 | 1630 | XFREE(der.buffer, heap, dynamicType); |
ashleymills | 0:714293de3836 | 1631 | return SSL_BAD_CERTTYPE; |
ashleymills | 0:714293de3836 | 1632 | } |
ashleymills | 0:714293de3836 | 1633 | |
ashleymills | 0:714293de3836 | 1634 | if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) { |
ashleymills | 0:714293de3836 | 1635 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 1636 | if (!eccKey) { |
ashleymills | 0:714293de3836 | 1637 | /* make sure RSA key can be used */ |
ashleymills | 0:714293de3836 | 1638 | RsaKey key; |
ashleymills | 0:714293de3836 | 1639 | word32 idx = 0; |
ashleymills | 0:714293de3836 | 1640 | |
ashleymills | 0:714293de3836 | 1641 | InitRsaKey(&key, 0); |
ashleymills | 0:714293de3836 | 1642 | if (RsaPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) { |
ashleymills | 0:714293de3836 | 1643 | #ifdef HAVE_ECC |
ashleymills | 0:714293de3836 | 1644 | /* could have DER ECC (or pkcs8 ecc), no easy way to tell */ |
ashleymills | 0:714293de3836 | 1645 | eccKey = 1; /* so try it out */ |
ashleymills | 0:714293de3836 | 1646 | #endif |
ashleymills | 0:714293de3836 | 1647 | if (!eccKey) { |
ashleymills | 0:714293de3836 | 1648 | FreeRsaKey(&key); |
ashleymills | 0:714293de3836 | 1649 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1650 | } |
ashleymills | 0:714293de3836 | 1651 | } else { |
ashleymills | 0:714293de3836 | 1652 | rsaKey = 1; |
ashleymills | 0:714293de3836 | 1653 | (void)rsaKey; /* for no ecc builds */ |
ashleymills | 0:714293de3836 | 1654 | } |
ashleymills | 0:714293de3836 | 1655 | FreeRsaKey(&key); |
ashleymills | 0:714293de3836 | 1656 | } |
ashleymills | 0:714293de3836 | 1657 | #endif |
ashleymills | 0:714293de3836 | 1658 | #ifdef HAVE_ECC |
ashleymills | 0:714293de3836 | 1659 | if (!rsaKey) { |
ashleymills | 0:714293de3836 | 1660 | /* make sure ECC key can be used */ |
ashleymills | 0:714293de3836 | 1661 | word32 idx = 0; |
ashleymills | 0:714293de3836 | 1662 | ecc_key key; |
ashleymills | 0:714293de3836 | 1663 | |
ashleymills | 0:714293de3836 | 1664 | ecc_init(&key); |
ashleymills | 0:714293de3836 | 1665 | if (EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) { |
ashleymills | 0:714293de3836 | 1666 | ecc_free(&key); |
ashleymills | 0:714293de3836 | 1667 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1668 | } |
ashleymills | 0:714293de3836 | 1669 | ecc_free(&key); |
ashleymills | 0:714293de3836 | 1670 | eccKey = 1; |
ashleymills | 0:714293de3836 | 1671 | ctx->haveStaticECC = 1; |
ashleymills | 0:714293de3836 | 1672 | if (ssl) |
ashleymills | 0:714293de3836 | 1673 | ssl->options.haveStaticECC = 1; |
ashleymills | 0:714293de3836 | 1674 | } |
ashleymills | 0:714293de3836 | 1675 | #endif /* HAVE_ECC */ |
ashleymills | 0:714293de3836 | 1676 | } |
ashleymills | 0:714293de3836 | 1677 | else if (type == CERT_TYPE) { |
ashleymills | 0:714293de3836 | 1678 | DecodedCert cert; |
ashleymills | 0:714293de3836 | 1679 | |
ashleymills | 0:714293de3836 | 1680 | CYASSL_MSG("Checking cert signature type"); |
ashleymills | 0:714293de3836 | 1681 | InitDecodedCert(&cert, der.buffer, der.length, heap); |
ashleymills | 0:714293de3836 | 1682 | |
ashleymills | 0:714293de3836 | 1683 | if (DecodeToKey(&cert, 0) < 0) { |
ashleymills | 0:714293de3836 | 1684 | CYASSL_MSG("Decode to key failed"); |
ashleymills | 0:714293de3836 | 1685 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1686 | } |
ashleymills | 0:714293de3836 | 1687 | switch (cert.signatureOID) { |
ashleymills | 0:714293de3836 | 1688 | case CTC_SHAwECDSA: |
ashleymills | 0:714293de3836 | 1689 | case CTC_SHA256wECDSA: |
ashleymills | 0:714293de3836 | 1690 | case CTC_SHA384wECDSA: |
ashleymills | 0:714293de3836 | 1691 | case CTC_SHA512wECDSA: |
ashleymills | 0:714293de3836 | 1692 | CYASSL_MSG("ECDSA cert signature"); |
ashleymills | 0:714293de3836 | 1693 | if (ctx) |
ashleymills | 0:714293de3836 | 1694 | ctx->haveECDSAsig = 1; |
ashleymills | 0:714293de3836 | 1695 | if (ssl) |
ashleymills | 0:714293de3836 | 1696 | ssl->options.haveECDSAsig = 1; |
ashleymills | 0:714293de3836 | 1697 | break; |
ashleymills | 0:714293de3836 | 1698 | default: |
ashleymills | 0:714293de3836 | 1699 | CYASSL_MSG("Not ECDSA cert signature"); |
ashleymills | 0:714293de3836 | 1700 | break; |
ashleymills | 0:714293de3836 | 1701 | } |
ashleymills | 0:714293de3836 | 1702 | |
ashleymills | 0:714293de3836 | 1703 | FreeDecodedCert(&cert); |
ashleymills | 0:714293de3836 | 1704 | } |
ashleymills | 0:714293de3836 | 1705 | |
ashleymills | 0:714293de3836 | 1706 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 1707 | } |
ashleymills | 0:714293de3836 | 1708 | |
ashleymills | 0:714293de3836 | 1709 | |
ashleymills | 0:714293de3836 | 1710 | |
ashleymills | 0:714293de3836 | 1711 | |
ashleymills | 0:714293de3836 | 1712 | /* CA PEM file for verification, may have multiple/chain certs to process */ |
ashleymills | 0:714293de3836 | 1713 | static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff, |
ashleymills | 0:714293de3836 | 1714 | long sz, int format, int type, CYASSL* ssl) |
ashleymills | 0:714293de3836 | 1715 | { |
ashleymills | 0:714293de3836 | 1716 | long used = 0; |
ashleymills | 0:714293de3836 | 1717 | int ret = 0; |
ashleymills | 0:714293de3836 | 1718 | int gotOne = 0; |
ashleymills | 0:714293de3836 | 1719 | |
ashleymills | 0:714293de3836 | 1720 | CYASSL_MSG("Processing CA PEM file"); |
ashleymills | 0:714293de3836 | 1721 | while (used < sz) { |
ashleymills | 0:714293de3836 | 1722 | long consumed = 0; |
ashleymills | 0:714293de3836 | 1723 | |
ashleymills | 0:714293de3836 | 1724 | ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl, |
ashleymills | 0:714293de3836 | 1725 | &consumed, 0); |
ashleymills | 0:714293de3836 | 1726 | |
ashleymills | 0:714293de3836 | 1727 | if (ret == SSL_NO_PEM_HEADER && gotOne) { |
ashleymills | 0:714293de3836 | 1728 | CYASSL_MSG("We got one good PEM file so stuff at end ok"); |
ashleymills | 0:714293de3836 | 1729 | ret = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 1730 | break; |
ashleymills | 0:714293de3836 | 1731 | } |
ashleymills | 0:714293de3836 | 1732 | |
ashleymills | 0:714293de3836 | 1733 | if (ret < 0) |
ashleymills | 0:714293de3836 | 1734 | break; |
ashleymills | 0:714293de3836 | 1735 | |
ashleymills | 0:714293de3836 | 1736 | CYASSL_MSG(" Processed a CA"); |
ashleymills | 0:714293de3836 | 1737 | gotOne = 1; |
ashleymills | 0:714293de3836 | 1738 | used += consumed; |
ashleymills | 0:714293de3836 | 1739 | } |
ashleymills | 0:714293de3836 | 1740 | |
ashleymills | 0:714293de3836 | 1741 | return ret; |
ashleymills | 0:714293de3836 | 1742 | } |
ashleymills | 0:714293de3836 | 1743 | |
ashleymills | 0:714293de3836 | 1744 | |
ashleymills | 0:714293de3836 | 1745 | /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */ |
ashleymills | 0:714293de3836 | 1746 | int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff, |
ashleymills | 0:714293de3836 | 1747 | long sz, int format) |
ashleymills | 0:714293de3836 | 1748 | { |
ashleymills | 0:714293de3836 | 1749 | int ret = 0; |
ashleymills | 0:714293de3836 | 1750 | int eccKey = 0; /* not used */ |
ashleymills | 0:714293de3836 | 1751 | |
ashleymills | 0:714293de3836 | 1752 | DecodedCert cert; |
ashleymills | 0:714293de3836 | 1753 | buffer der; |
ashleymills | 0:714293de3836 | 1754 | |
ashleymills | 0:714293de3836 | 1755 | CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer"); |
ashleymills | 0:714293de3836 | 1756 | |
ashleymills | 0:714293de3836 | 1757 | der.buffer = NULL; |
ashleymills | 0:714293de3836 | 1758 | der.length = 0; |
ashleymills | 0:714293de3836 | 1759 | |
ashleymills | 0:714293de3836 | 1760 | if (format == SSL_FILETYPE_PEM) { |
ashleymills | 0:714293de3836 | 1761 | EncryptedInfo info; |
ashleymills | 0:714293de3836 | 1762 | |
ashleymills | 0:714293de3836 | 1763 | info.set = 0; |
ashleymills | 0:714293de3836 | 1764 | info.ctx = NULL; |
ashleymills | 0:714293de3836 | 1765 | info.consumed = 0; |
ashleymills | 0:714293de3836 | 1766 | ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey); |
ashleymills | 0:714293de3836 | 1767 | InitDecodedCert(&cert, der.buffer, der.length, cm->heap); |
ashleymills | 0:714293de3836 | 1768 | } |
ashleymills | 0:714293de3836 | 1769 | else |
ashleymills | 0:714293de3836 | 1770 | InitDecodedCert(&cert, (byte*)buff, (word32)sz, cm->heap); |
ashleymills | 0:714293de3836 | 1771 | |
ashleymills | 0:714293de3836 | 1772 | if (ret == 0) |
ashleymills | 0:714293de3836 | 1773 | ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm); |
ashleymills | 0:714293de3836 | 1774 | #ifdef HAVE_CRL |
ashleymills | 0:714293de3836 | 1775 | if (ret == 0 && cm->crlEnabled) |
ashleymills | 0:714293de3836 | 1776 | ret = CheckCertCRL(cm->crl, &cert); |
ashleymills | 0:714293de3836 | 1777 | #endif |
ashleymills | 0:714293de3836 | 1778 | |
ashleymills | 0:714293de3836 | 1779 | FreeDecodedCert(&cert); |
ashleymills | 0:714293de3836 | 1780 | XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT); |
ashleymills | 0:714293de3836 | 1781 | |
ashleymills | 0:714293de3836 | 1782 | if (ret == 0) |
ashleymills | 0:714293de3836 | 1783 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 1784 | return ret; |
ashleymills | 0:714293de3836 | 1785 | } |
ashleymills | 0:714293de3836 | 1786 | |
ashleymills | 0:714293de3836 | 1787 | |
ashleymills | 0:714293de3836 | 1788 | #ifndef NO_FILESYSTEM |
ashleymills | 0:714293de3836 | 1789 | |
ashleymills | 0:714293de3836 | 1790 | #if defined(EBSNET) |
ashleymills | 0:714293de3836 | 1791 | #define XFILE int |
ashleymills | 0:714293de3836 | 1792 | #define XFOPEN(NAME, MODE) vf_open((const char *)NAME, VO_RDONLY, 0); |
ashleymills | 0:714293de3836 | 1793 | #define XFSEEK vf_lseek |
ashleymills | 0:714293de3836 | 1794 | #define XFTELL vf_tell |
ashleymills | 0:714293de3836 | 1795 | #define XREWIND vf_rewind |
ashleymills | 0:714293de3836 | 1796 | #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT) |
ashleymills | 0:714293de3836 | 1797 | #define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT) |
ashleymills | 0:714293de3836 | 1798 | #define XFCLOSE vf_close |
ashleymills | 0:714293de3836 | 1799 | #define XSEEK_END VSEEK_END |
ashleymills | 0:714293de3836 | 1800 | #define XBADFILE -1 |
ashleymills | 0:714293de3836 | 1801 | #elif defined(LSR_FS) |
ashleymills | 0:714293de3836 | 1802 | #include <fs.h> |
ashleymills | 0:714293de3836 | 1803 | #define XFILE struct fs_file* |
ashleymills | 0:714293de3836 | 1804 | #define XFOPEN(NAME, MODE) fs_open((char*)NAME); |
ashleymills | 0:714293de3836 | 1805 | #define XFSEEK(F, O, W) (void)F |
ashleymills | 0:714293de3836 | 1806 | #define XFTELL(F) (F)->len |
ashleymills | 0:714293de3836 | 1807 | #define XREWIND(F) (void)F |
ashleymills | 0:714293de3836 | 1808 | #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT) |
ashleymills | 0:714293de3836 | 1809 | #define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT) |
ashleymills | 0:714293de3836 | 1810 | #define XFCLOSE fs_close |
ashleymills | 0:714293de3836 | 1811 | #define XSEEK_END 0 |
ashleymills | 0:714293de3836 | 1812 | #define XBADFILE NULL |
ashleymills | 0:714293de3836 | 1813 | #elif defined(FREESCALE_MQX) |
ashleymills | 0:714293de3836 | 1814 | #define XFILE MQX_FILE_PTR |
ashleymills | 0:714293de3836 | 1815 | #define XFOPEN fopen |
ashleymills | 0:714293de3836 | 1816 | #define XFSEEK fseek |
ashleymills | 0:714293de3836 | 1817 | #define XFTELL ftell |
ashleymills | 0:714293de3836 | 1818 | #define XREWIND(F) fseek(F, 0, IO_SEEK_SET) |
ashleymills | 0:714293de3836 | 1819 | #define XFREAD fread |
ashleymills | 0:714293de3836 | 1820 | #define XFWRITE fwrite |
ashleymills | 0:714293de3836 | 1821 | #define XFCLOSE fclose |
ashleymills | 0:714293de3836 | 1822 | #define XSEEK_END IO_SEEK_END |
ashleymills | 0:714293de3836 | 1823 | #define XBADFILE NULL |
ashleymills | 0:714293de3836 | 1824 | #elif defined(MICRIUM) |
ashleymills | 0:714293de3836 | 1825 | #include <fs.h> |
ashleymills | 0:714293de3836 | 1826 | #define XFILE FS_FILE* |
ashleymills | 0:714293de3836 | 1827 | #define XFOPEN fs_fopen |
ashleymills | 0:714293de3836 | 1828 | #define XFSEEK fs_fseek |
ashleymills | 0:714293de3836 | 1829 | #define XFTELL fs_ftell |
ashleymills | 0:714293de3836 | 1830 | #define XREWIND fs_rewind |
ashleymills | 0:714293de3836 | 1831 | #define XFREAD fs_fread |
ashleymills | 0:714293de3836 | 1832 | #define XFWRITE fs_fwrite |
ashleymills | 0:714293de3836 | 1833 | #define XFCLOSE fs_fclose |
ashleymills | 0:714293de3836 | 1834 | #define XSEEK_END FS_SEEK_END |
ashleymills | 0:714293de3836 | 1835 | #define XBADFILE NULL |
ashleymills | 0:714293de3836 | 1836 | #else |
ashleymills | 0:714293de3836 | 1837 | /* stdio, default case */ |
ashleymills | 0:714293de3836 | 1838 | #define XFILE FILE* |
ashleymills | 0:714293de3836 | 1839 | #define XFOPEN fopen |
ashleymills | 0:714293de3836 | 1840 | #define XFSEEK fseek |
ashleymills | 0:714293de3836 | 1841 | #define XFTELL ftell |
ashleymills | 0:714293de3836 | 1842 | #define XREWIND rewind |
ashleymills | 0:714293de3836 | 1843 | #define XFREAD fread |
ashleymills | 0:714293de3836 | 1844 | #define XFWRITE fwrite |
ashleymills | 0:714293de3836 | 1845 | #define XFCLOSE fclose |
ashleymills | 0:714293de3836 | 1846 | #define XSEEK_END SEEK_END |
ashleymills | 0:714293de3836 | 1847 | #define XBADFILE NULL |
ashleymills | 0:714293de3836 | 1848 | #endif |
ashleymills | 0:714293de3836 | 1849 | |
ashleymills | 0:714293de3836 | 1850 | |
ashleymills | 0:714293de3836 | 1851 | /* process a file with name fname into ctx of format and type |
ashleymills | 0:714293de3836 | 1852 | userChain specifies a user certificate chain to pass during handshake */ |
ashleymills | 0:714293de3836 | 1853 | int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type, |
ashleymills | 0:714293de3836 | 1854 | CYASSL* ssl, int userChain, CYASSL_CRL* crl) |
ashleymills | 0:714293de3836 | 1855 | { |
ashleymills | 0:714293de3836 | 1856 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:714293de3836 | 1857 | byte* myBuffer = staticBuffer; |
ashleymills | 0:714293de3836 | 1858 | int dynamic = 0; |
ashleymills | 0:714293de3836 | 1859 | int ret; |
ashleymills | 0:714293de3836 | 1860 | long sz = 0; |
ashleymills | 0:714293de3836 | 1861 | XFILE file; |
ashleymills | 0:714293de3836 | 1862 | void* heapHint = ctx ? ctx->heap : NULL; |
ashleymills | 0:714293de3836 | 1863 | |
ashleymills | 0:714293de3836 | 1864 | (void)crl; |
ashleymills | 0:714293de3836 | 1865 | (void)heapHint; |
ashleymills | 0:714293de3836 | 1866 | |
ashleymills | 0:714293de3836 | 1867 | if (fname == NULL) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1868 | |
ashleymills | 0:714293de3836 | 1869 | file = XFOPEN(fname, "rb"); |
ashleymills | 0:714293de3836 | 1870 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1871 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:714293de3836 | 1872 | sz = XFTELL(file); |
ashleymills | 0:714293de3836 | 1873 | XREWIND(file); |
ashleymills | 0:714293de3836 | 1874 | |
ashleymills | 0:714293de3836 | 1875 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:714293de3836 | 1876 | CYASSL_MSG("Getting dynamic buffer"); |
ashleymills | 0:714293de3836 | 1877 | myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 1878 | if (myBuffer == NULL) { |
ashleymills | 0:714293de3836 | 1879 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 1880 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1881 | } |
ashleymills | 0:714293de3836 | 1882 | dynamic = 1; |
ashleymills | 0:714293de3836 | 1883 | } |
ashleymills | 0:714293de3836 | 1884 | else if (sz < 0) { |
ashleymills | 0:714293de3836 | 1885 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 1886 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1887 | } |
ashleymills | 0:714293de3836 | 1888 | |
ashleymills | 0:714293de3836 | 1889 | if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) |
ashleymills | 0:714293de3836 | 1890 | ret = SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 1891 | else { |
ashleymills | 0:714293de3836 | 1892 | if (type == CA_TYPE && format == SSL_FILETYPE_PEM) |
ashleymills | 0:714293de3836 | 1893 | ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl); |
ashleymills | 0:714293de3836 | 1894 | #ifdef HAVE_CRL |
ashleymills | 0:714293de3836 | 1895 | else if (type == CRL_TYPE) |
ashleymills | 0:714293de3836 | 1896 | ret = BufferLoadCRL(crl, myBuffer, sz, format); |
ashleymills | 0:714293de3836 | 1897 | #endif |
ashleymills | 0:714293de3836 | 1898 | else |
ashleymills | 0:714293de3836 | 1899 | ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL, |
ashleymills | 0:714293de3836 | 1900 | userChain); |
ashleymills | 0:714293de3836 | 1901 | } |
ashleymills | 0:714293de3836 | 1902 | |
ashleymills | 0:714293de3836 | 1903 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 1904 | if (dynamic) XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 1905 | |
ashleymills | 0:714293de3836 | 1906 | return ret; |
ashleymills | 0:714293de3836 | 1907 | } |
ashleymills | 0:714293de3836 | 1908 | |
ashleymills | 0:714293de3836 | 1909 | |
ashleymills | 0:714293de3836 | 1910 | /* loads file then loads each file in path, no c_rehash */ |
ashleymills | 0:714293de3836 | 1911 | int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file, |
ashleymills | 0:714293de3836 | 1912 | const char* path) |
ashleymills | 0:714293de3836 | 1913 | { |
ashleymills | 0:714293de3836 | 1914 | int ret = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 1915 | |
ashleymills | 0:714293de3836 | 1916 | CYASSL_ENTER("CyaSSL_CTX_load_verify_locations"); |
ashleymills | 0:714293de3836 | 1917 | (void)path; |
ashleymills | 0:714293de3836 | 1918 | |
ashleymills | 0:714293de3836 | 1919 | if (ctx == NULL || (file == NULL && path == NULL) ) |
ashleymills | 0:714293de3836 | 1920 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 1921 | |
ashleymills | 0:714293de3836 | 1922 | if (file) |
ashleymills | 0:714293de3836 | 1923 | ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL); |
ashleymills | 0:714293de3836 | 1924 | |
ashleymills | 0:714293de3836 | 1925 | if (ret == SSL_SUCCESS && path) { |
ashleymills | 0:714293de3836 | 1926 | /* try to load each regular file in path */ |
ashleymills | 0:714293de3836 | 1927 | #ifdef USE_WINDOWS_API |
ashleymills | 0:714293de3836 | 1928 | WIN32_FIND_DATAA FindFileData; |
ashleymills | 0:714293de3836 | 1929 | HANDLE hFind; |
ashleymills | 0:714293de3836 | 1930 | char name[MAX_FILENAME_SZ]; |
ashleymills | 0:714293de3836 | 1931 | |
ashleymills | 0:714293de3836 | 1932 | XMEMSET(name, 0, sizeof(name)); |
ashleymills | 0:714293de3836 | 1933 | XSTRNCPY(name, path, MAX_FILENAME_SZ - 4); |
ashleymills | 0:714293de3836 | 1934 | XSTRNCAT(name, "\\*", 3); |
ashleymills | 0:714293de3836 | 1935 | |
ashleymills | 0:714293de3836 | 1936 | hFind = FindFirstFileA(name, &FindFileData); |
ashleymills | 0:714293de3836 | 1937 | if (hFind == INVALID_HANDLE_VALUE) { |
ashleymills | 0:714293de3836 | 1938 | CYASSL_MSG("FindFirstFile for path verify locations failed"); |
ashleymills | 0:714293de3836 | 1939 | return BAD_PATH_ERROR; |
ashleymills | 0:714293de3836 | 1940 | } |
ashleymills | 0:714293de3836 | 1941 | |
ashleymills | 0:714293de3836 | 1942 | do { |
ashleymills | 0:714293de3836 | 1943 | if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) { |
ashleymills | 0:714293de3836 | 1944 | XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3); |
ashleymills | 0:714293de3836 | 1945 | XSTRNCAT(name, "\\", 2); |
ashleymills | 0:714293de3836 | 1946 | XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2); |
ashleymills | 0:714293de3836 | 1947 | |
ashleymills | 0:714293de3836 | 1948 | ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0, |
ashleymills | 0:714293de3836 | 1949 | NULL); |
ashleymills | 0:714293de3836 | 1950 | } |
ashleymills | 0:714293de3836 | 1951 | } while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData)); |
ashleymills | 0:714293de3836 | 1952 | |
ashleymills | 0:714293de3836 | 1953 | FindClose(hFind); |
ashleymills | 0:714293de3836 | 1954 | #elif !defined(NO_CYASSL_DIR) |
ashleymills | 0:714293de3836 | 1955 | struct dirent* entry; |
ashleymills | 0:714293de3836 | 1956 | DIR* dir = opendir(path); |
ashleymills | 0:714293de3836 | 1957 | |
ashleymills | 0:714293de3836 | 1958 | if (dir == NULL) { |
ashleymills | 0:714293de3836 | 1959 | CYASSL_MSG("opendir path verify locations failed"); |
ashleymills | 0:714293de3836 | 1960 | return BAD_PATH_ERROR; |
ashleymills | 0:714293de3836 | 1961 | } |
ashleymills | 0:714293de3836 | 1962 | while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) { |
ashleymills | 0:714293de3836 | 1963 | char name[MAX_FILENAME_SZ]; |
ashleymills | 0:714293de3836 | 1964 | struct stat s; |
ashleymills | 0:714293de3836 | 1965 | |
ashleymills | 0:714293de3836 | 1966 | XMEMSET(name, 0, sizeof(name)); |
ashleymills | 0:714293de3836 | 1967 | XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2); |
ashleymills | 0:714293de3836 | 1968 | XSTRNCAT(name, "/", 1); |
ashleymills | 0:714293de3836 | 1969 | XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2); |
ashleymills | 0:714293de3836 | 1970 | |
ashleymills | 0:714293de3836 | 1971 | if (stat(name, &s) != 0) { |
ashleymills | 0:714293de3836 | 1972 | CYASSL_MSG("stat on name failed"); |
ashleymills | 0:714293de3836 | 1973 | closedir(dir); |
ashleymills | 0:714293de3836 | 1974 | return BAD_PATH_ERROR; |
ashleymills | 0:714293de3836 | 1975 | } |
ashleymills | 0:714293de3836 | 1976 | if (s.st_mode & S_IFREG) { |
ashleymills | 0:714293de3836 | 1977 | ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0, |
ashleymills | 0:714293de3836 | 1978 | NULL); |
ashleymills | 0:714293de3836 | 1979 | } |
ashleymills | 0:714293de3836 | 1980 | } |
ashleymills | 0:714293de3836 | 1981 | closedir(dir); |
ashleymills | 0:714293de3836 | 1982 | #endif |
ashleymills | 0:714293de3836 | 1983 | } |
ashleymills | 0:714293de3836 | 1984 | |
ashleymills | 0:714293de3836 | 1985 | return ret; |
ashleymills | 0:714293de3836 | 1986 | } |
ashleymills | 0:714293de3836 | 1987 | |
ashleymills | 0:714293de3836 | 1988 | |
ashleymills | 0:714293de3836 | 1989 | /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */ |
ashleymills | 0:714293de3836 | 1990 | int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname, |
ashleymills | 0:714293de3836 | 1991 | int format) |
ashleymills | 0:714293de3836 | 1992 | { |
ashleymills | 0:714293de3836 | 1993 | int ret = SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 1994 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:714293de3836 | 1995 | byte* myBuffer = staticBuffer; |
ashleymills | 0:714293de3836 | 1996 | int dynamic = 0; |
ashleymills | 0:714293de3836 | 1997 | long sz = 0; |
ashleymills | 0:714293de3836 | 1998 | XFILE file = XFOPEN(fname, "rb"); |
ashleymills | 0:714293de3836 | 1999 | |
ashleymills | 0:714293de3836 | 2000 | CYASSL_ENTER("CyaSSL_CertManagerVerify"); |
ashleymills | 0:714293de3836 | 2001 | |
ashleymills | 0:714293de3836 | 2002 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2003 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:714293de3836 | 2004 | sz = XFTELL(file); |
ashleymills | 0:714293de3836 | 2005 | XREWIND(file); |
ashleymills | 0:714293de3836 | 2006 | |
ashleymills | 0:714293de3836 | 2007 | if (sz > MAX_CYASSL_FILE_SIZE || sz < 0) { |
ashleymills | 0:714293de3836 | 2008 | CYASSL_MSG("CertManagerVerify file bad size"); |
ashleymills | 0:714293de3836 | 2009 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2010 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2011 | } |
ashleymills | 0:714293de3836 | 2012 | |
ashleymills | 0:714293de3836 | 2013 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:714293de3836 | 2014 | CYASSL_MSG("Getting dynamic buffer"); |
ashleymills | 0:714293de3836 | 2015 | myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 2016 | if (myBuffer == NULL) { |
ashleymills | 0:714293de3836 | 2017 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2018 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2019 | } |
ashleymills | 0:714293de3836 | 2020 | dynamic = 1; |
ashleymills | 0:714293de3836 | 2021 | } |
ashleymills | 0:714293de3836 | 2022 | |
ashleymills | 0:714293de3836 | 2023 | if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) |
ashleymills | 0:714293de3836 | 2024 | ret = SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2025 | else |
ashleymills | 0:714293de3836 | 2026 | ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format); |
ashleymills | 0:714293de3836 | 2027 | |
ashleymills | 0:714293de3836 | 2028 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2029 | if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 2030 | |
ashleymills | 0:714293de3836 | 2031 | return ret; |
ashleymills | 0:714293de3836 | 2032 | } |
ashleymills | 0:714293de3836 | 2033 | |
ashleymills | 0:714293de3836 | 2034 | |
ashleymills | 0:714293de3836 | 2035 | static INLINE CYASSL_METHOD* cm_pick_method(void) |
ashleymills | 0:714293de3836 | 2036 | { |
ashleymills | 0:714293de3836 | 2037 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:714293de3836 | 2038 | #ifdef NO_OLD_TLS |
ashleymills | 0:714293de3836 | 2039 | return CyaTLSv1_2_client_method(); |
ashleymills | 0:714293de3836 | 2040 | #else |
ashleymills | 0:714293de3836 | 2041 | return CyaSSLv3_client_method(); |
ashleymills | 0:714293de3836 | 2042 | #endif |
ashleymills | 0:714293de3836 | 2043 | #elif !defined(NO_CYASSL_SERVER) |
ashleymills | 0:714293de3836 | 2044 | #ifdef NO_OLD_TLS |
ashleymills | 0:714293de3836 | 2045 | return CyaTLSv1_2_server_method(); |
ashleymills | 0:714293de3836 | 2046 | #else |
ashleymills | 0:714293de3836 | 2047 | return CyaSSLv3_server_method(); |
ashleymills | 0:714293de3836 | 2048 | #endif |
ashleymills | 0:714293de3836 | 2049 | #else |
ashleymills | 0:714293de3836 | 2050 | return NULL; |
ashleymills | 0:714293de3836 | 2051 | #endif |
ashleymills | 0:714293de3836 | 2052 | } |
ashleymills | 0:714293de3836 | 2053 | |
ashleymills | 0:714293de3836 | 2054 | |
ashleymills | 0:714293de3836 | 2055 | /* like load verify locations, 1 for success, < 0 for error */ |
ashleymills | 0:714293de3836 | 2056 | int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file, |
ashleymills | 0:714293de3836 | 2057 | const char* path) |
ashleymills | 0:714293de3836 | 2058 | { |
ashleymills | 0:714293de3836 | 2059 | int ret = SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 2060 | CYASSL_CTX* tmp; |
ashleymills | 0:714293de3836 | 2061 | |
ashleymills | 0:714293de3836 | 2062 | CYASSL_ENTER("CyaSSL_CertManagerLoadCA"); |
ashleymills | 0:714293de3836 | 2063 | |
ashleymills | 0:714293de3836 | 2064 | if (cm == NULL) { |
ashleymills | 0:714293de3836 | 2065 | CYASSL_MSG("No CertManager error"); |
ashleymills | 0:714293de3836 | 2066 | return ret; |
ashleymills | 0:714293de3836 | 2067 | } |
ashleymills | 0:714293de3836 | 2068 | tmp = CyaSSL_CTX_new(cm_pick_method()); |
ashleymills | 0:714293de3836 | 2069 | |
ashleymills | 0:714293de3836 | 2070 | if (tmp == NULL) { |
ashleymills | 0:714293de3836 | 2071 | CYASSL_MSG("CTX new failed"); |
ashleymills | 0:714293de3836 | 2072 | return ret; |
ashleymills | 0:714293de3836 | 2073 | } |
ashleymills | 0:714293de3836 | 2074 | |
ashleymills | 0:714293de3836 | 2075 | /* for tmp use */ |
ashleymills | 0:714293de3836 | 2076 | CyaSSL_CertManagerFree(tmp->cm); |
ashleymills | 0:714293de3836 | 2077 | tmp->cm = cm; |
ashleymills | 0:714293de3836 | 2078 | |
ashleymills | 0:714293de3836 | 2079 | ret = CyaSSL_CTX_load_verify_locations(tmp, file, path); |
ashleymills | 0:714293de3836 | 2080 | |
ashleymills | 0:714293de3836 | 2081 | /* don't loose our good one */ |
ashleymills | 0:714293de3836 | 2082 | tmp->cm = NULL; |
ashleymills | 0:714293de3836 | 2083 | CyaSSL_CTX_free(tmp); |
ashleymills | 0:714293de3836 | 2084 | |
ashleymills | 0:714293de3836 | 2085 | return ret; |
ashleymills | 0:714293de3836 | 2086 | } |
ashleymills | 0:714293de3836 | 2087 | |
ashleymills | 0:714293de3836 | 2088 | |
ashleymills | 0:714293de3836 | 2089 | |
ashleymills | 0:714293de3836 | 2090 | /* turn on CRL if off and compiled in, set options */ |
ashleymills | 0:714293de3836 | 2091 | int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options) |
ashleymills | 0:714293de3836 | 2092 | { |
ashleymills | 0:714293de3836 | 2093 | int ret = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2094 | |
ashleymills | 0:714293de3836 | 2095 | (void)options; |
ashleymills | 0:714293de3836 | 2096 | |
ashleymills | 0:714293de3836 | 2097 | CYASSL_ENTER("CyaSSL_CertManagerEnableCRL"); |
ashleymills | 0:714293de3836 | 2098 | if (cm == NULL) |
ashleymills | 0:714293de3836 | 2099 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2100 | |
ashleymills | 0:714293de3836 | 2101 | #ifdef HAVE_CRL |
ashleymills | 0:714293de3836 | 2102 | if (cm->crl == NULL) { |
ashleymills | 0:714293de3836 | 2103 | cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap, |
ashleymills | 0:714293de3836 | 2104 | DYNAMIC_TYPE_CRL); |
ashleymills | 0:714293de3836 | 2105 | if (cm->crl == NULL) |
ashleymills | 0:714293de3836 | 2106 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 2107 | |
ashleymills | 0:714293de3836 | 2108 | if (InitCRL(cm->crl, cm) != 0) { |
ashleymills | 0:714293de3836 | 2109 | CYASSL_MSG("Init CRL failed"); |
ashleymills | 0:714293de3836 | 2110 | FreeCRL(cm->crl, 1); |
ashleymills | 0:714293de3836 | 2111 | cm->crl = NULL; |
ashleymills | 0:714293de3836 | 2112 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2113 | } |
ashleymills | 0:714293de3836 | 2114 | } |
ashleymills | 0:714293de3836 | 2115 | cm->crlEnabled = 1; |
ashleymills | 0:714293de3836 | 2116 | if (options & CYASSL_CRL_CHECKALL) |
ashleymills | 0:714293de3836 | 2117 | cm->crlCheckAll = 1; |
ashleymills | 0:714293de3836 | 2118 | #else |
ashleymills | 0:714293de3836 | 2119 | ret = NOT_COMPILED_IN; |
ashleymills | 0:714293de3836 | 2120 | #endif |
ashleymills | 0:714293de3836 | 2121 | |
ashleymills | 0:714293de3836 | 2122 | return ret; |
ashleymills | 0:714293de3836 | 2123 | } |
ashleymills | 0:714293de3836 | 2124 | |
ashleymills | 0:714293de3836 | 2125 | |
ashleymills | 0:714293de3836 | 2126 | int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm) |
ashleymills | 0:714293de3836 | 2127 | { |
ashleymills | 0:714293de3836 | 2128 | CYASSL_ENTER("CyaSSL_CertManagerDisableCRL"); |
ashleymills | 0:714293de3836 | 2129 | if (cm == NULL) |
ashleymills | 0:714293de3836 | 2130 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2131 | |
ashleymills | 0:714293de3836 | 2132 | cm->crlEnabled = 0; |
ashleymills | 0:714293de3836 | 2133 | |
ashleymills | 0:714293de3836 | 2134 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2135 | } |
ashleymills | 0:714293de3836 | 2136 | |
ashleymills | 0:714293de3836 | 2137 | |
ashleymills | 0:714293de3836 | 2138 | int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 2139 | { |
ashleymills | 0:714293de3836 | 2140 | /* TODO: check private against public for RSA match */ |
ashleymills | 0:714293de3836 | 2141 | (void)ctx; |
ashleymills | 0:714293de3836 | 2142 | CYASSL_ENTER("SSL_CTX_check_private_key"); |
ashleymills | 0:714293de3836 | 2143 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2144 | } |
ashleymills | 0:714293de3836 | 2145 | |
ashleymills | 0:714293de3836 | 2146 | |
ashleymills | 0:714293de3836 | 2147 | #ifdef HAVE_CRL |
ashleymills | 0:714293de3836 | 2148 | |
ashleymills | 0:714293de3836 | 2149 | |
ashleymills | 0:714293de3836 | 2150 | /* check CRL if enabled, SSL_SUCCESS */ |
ashleymills | 0:714293de3836 | 2151 | int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz) |
ashleymills | 0:714293de3836 | 2152 | { |
ashleymills | 0:714293de3836 | 2153 | int ret; |
ashleymills | 0:714293de3836 | 2154 | DecodedCert cert; |
ashleymills | 0:714293de3836 | 2155 | |
ashleymills | 0:714293de3836 | 2156 | CYASSL_ENTER("CyaSSL_CertManagerCheckCRL"); |
ashleymills | 0:714293de3836 | 2157 | |
ashleymills | 0:714293de3836 | 2158 | if (cm == NULL) |
ashleymills | 0:714293de3836 | 2159 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2160 | |
ashleymills | 0:714293de3836 | 2161 | if (cm->crlEnabled == 0) |
ashleymills | 0:714293de3836 | 2162 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2163 | |
ashleymills | 0:714293de3836 | 2164 | InitDecodedCert(&cert, der, sz, NULL); |
ashleymills | 0:714293de3836 | 2165 | |
ashleymills | 0:714293de3836 | 2166 | ret = ParseCertRelative(&cert, CERT_TYPE, NO_VERIFY, cm); |
ashleymills | 0:714293de3836 | 2167 | if (ret != 0) { |
ashleymills | 0:714293de3836 | 2168 | CYASSL_MSG("ParseCert failed"); |
ashleymills | 0:714293de3836 | 2169 | return ret; |
ashleymills | 0:714293de3836 | 2170 | } |
ashleymills | 0:714293de3836 | 2171 | else { |
ashleymills | 0:714293de3836 | 2172 | ret = CheckCertCRL(cm->crl, &cert); |
ashleymills | 0:714293de3836 | 2173 | if (ret != 0) { |
ashleymills | 0:714293de3836 | 2174 | CYASSL_MSG("CheckCertCRL failed"); |
ashleymills | 0:714293de3836 | 2175 | } |
ashleymills | 0:714293de3836 | 2176 | } |
ashleymills | 0:714293de3836 | 2177 | |
ashleymills | 0:714293de3836 | 2178 | FreeDecodedCert(&cert); |
ashleymills | 0:714293de3836 | 2179 | |
ashleymills | 0:714293de3836 | 2180 | if (ret == 0) |
ashleymills | 0:714293de3836 | 2181 | return SSL_SUCCESS; /* convert */ |
ashleymills | 0:714293de3836 | 2182 | |
ashleymills | 0:714293de3836 | 2183 | return ret; |
ashleymills | 0:714293de3836 | 2184 | } |
ashleymills | 0:714293de3836 | 2185 | |
ashleymills | 0:714293de3836 | 2186 | |
ashleymills | 0:714293de3836 | 2187 | int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb) |
ashleymills | 0:714293de3836 | 2188 | { |
ashleymills | 0:714293de3836 | 2189 | CYASSL_ENTER("CyaSSL_CertManagerSetCRL_Cb"); |
ashleymills | 0:714293de3836 | 2190 | if (cm == NULL) |
ashleymills | 0:714293de3836 | 2191 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2192 | |
ashleymills | 0:714293de3836 | 2193 | cm->cbMissingCRL = cb; |
ashleymills | 0:714293de3836 | 2194 | |
ashleymills | 0:714293de3836 | 2195 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2196 | } |
ashleymills | 0:714293de3836 | 2197 | |
ashleymills | 0:714293de3836 | 2198 | |
ashleymills | 0:714293de3836 | 2199 | int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path, |
ashleymills | 0:714293de3836 | 2200 | int type, int monitor) |
ashleymills | 0:714293de3836 | 2201 | { |
ashleymills | 0:714293de3836 | 2202 | CYASSL_ENTER("CyaSSL_CertManagerLoadCRL"); |
ashleymills | 0:714293de3836 | 2203 | if (cm == NULL) |
ashleymills | 0:714293de3836 | 2204 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2205 | |
ashleymills | 0:714293de3836 | 2206 | if (cm->crl == NULL) { |
ashleymills | 0:714293de3836 | 2207 | if (CyaSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) { |
ashleymills | 0:714293de3836 | 2208 | CYASSL_MSG("Enable CRL failed"); |
ashleymills | 0:714293de3836 | 2209 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 2210 | } |
ashleymills | 0:714293de3836 | 2211 | } |
ashleymills | 0:714293de3836 | 2212 | |
ashleymills | 0:714293de3836 | 2213 | return LoadCRL(cm->crl, path, type, monitor); |
ashleymills | 0:714293de3836 | 2214 | } |
ashleymills | 0:714293de3836 | 2215 | |
ashleymills | 0:714293de3836 | 2216 | |
ashleymills | 0:714293de3836 | 2217 | int CyaSSL_EnableCRL(CYASSL* ssl, int options) |
ashleymills | 0:714293de3836 | 2218 | { |
ashleymills | 0:714293de3836 | 2219 | CYASSL_ENTER("CyaSSL_EnableCRL"); |
ashleymills | 0:714293de3836 | 2220 | if (ssl) |
ashleymills | 0:714293de3836 | 2221 | return CyaSSL_CertManagerEnableCRL(ssl->ctx->cm, options); |
ashleymills | 0:714293de3836 | 2222 | else |
ashleymills | 0:714293de3836 | 2223 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2224 | } |
ashleymills | 0:714293de3836 | 2225 | |
ashleymills | 0:714293de3836 | 2226 | |
ashleymills | 0:714293de3836 | 2227 | int CyaSSL_DisableCRL(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 2228 | { |
ashleymills | 0:714293de3836 | 2229 | CYASSL_ENTER("CyaSSL_DisableCRL"); |
ashleymills | 0:714293de3836 | 2230 | if (ssl) |
ashleymills | 0:714293de3836 | 2231 | return CyaSSL_CertManagerDisableCRL(ssl->ctx->cm); |
ashleymills | 0:714293de3836 | 2232 | else |
ashleymills | 0:714293de3836 | 2233 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2234 | } |
ashleymills | 0:714293de3836 | 2235 | |
ashleymills | 0:714293de3836 | 2236 | |
ashleymills | 0:714293de3836 | 2237 | int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor) |
ashleymills | 0:714293de3836 | 2238 | { |
ashleymills | 0:714293de3836 | 2239 | CYASSL_ENTER("CyaSSL_LoadCRL"); |
ashleymills | 0:714293de3836 | 2240 | if (ssl) |
ashleymills | 0:714293de3836 | 2241 | return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor); |
ashleymills | 0:714293de3836 | 2242 | else |
ashleymills | 0:714293de3836 | 2243 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2244 | } |
ashleymills | 0:714293de3836 | 2245 | |
ashleymills | 0:714293de3836 | 2246 | |
ashleymills | 0:714293de3836 | 2247 | int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb) |
ashleymills | 0:714293de3836 | 2248 | { |
ashleymills | 0:714293de3836 | 2249 | CYASSL_ENTER("CyaSSL_SetCRL_Cb"); |
ashleymills | 0:714293de3836 | 2250 | if (ssl) |
ashleymills | 0:714293de3836 | 2251 | return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb); |
ashleymills | 0:714293de3836 | 2252 | else |
ashleymills | 0:714293de3836 | 2253 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2254 | } |
ashleymills | 0:714293de3836 | 2255 | |
ashleymills | 0:714293de3836 | 2256 | |
ashleymills | 0:714293de3836 | 2257 | int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options) |
ashleymills | 0:714293de3836 | 2258 | { |
ashleymills | 0:714293de3836 | 2259 | CYASSL_ENTER("CyaSSL_CTX_EnableCRL"); |
ashleymills | 0:714293de3836 | 2260 | if (ctx) |
ashleymills | 0:714293de3836 | 2261 | return CyaSSL_CertManagerEnableCRL(ctx->cm, options); |
ashleymills | 0:714293de3836 | 2262 | else |
ashleymills | 0:714293de3836 | 2263 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2264 | } |
ashleymills | 0:714293de3836 | 2265 | |
ashleymills | 0:714293de3836 | 2266 | |
ashleymills | 0:714293de3836 | 2267 | int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 2268 | { |
ashleymills | 0:714293de3836 | 2269 | CYASSL_ENTER("CyaSSL_CTX_DisableCRL"); |
ashleymills | 0:714293de3836 | 2270 | if (ctx) |
ashleymills | 0:714293de3836 | 2271 | return CyaSSL_CertManagerDisableCRL(ctx->cm); |
ashleymills | 0:714293de3836 | 2272 | else |
ashleymills | 0:714293de3836 | 2273 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2274 | } |
ashleymills | 0:714293de3836 | 2275 | |
ashleymills | 0:714293de3836 | 2276 | |
ashleymills | 0:714293de3836 | 2277 | int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor) |
ashleymills | 0:714293de3836 | 2278 | { |
ashleymills | 0:714293de3836 | 2279 | CYASSL_ENTER("CyaSSL_CTX_LoadCRL"); |
ashleymills | 0:714293de3836 | 2280 | if (ctx) |
ashleymills | 0:714293de3836 | 2281 | return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor); |
ashleymills | 0:714293de3836 | 2282 | else |
ashleymills | 0:714293de3836 | 2283 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2284 | } |
ashleymills | 0:714293de3836 | 2285 | |
ashleymills | 0:714293de3836 | 2286 | |
ashleymills | 0:714293de3836 | 2287 | int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb) |
ashleymills | 0:714293de3836 | 2288 | { |
ashleymills | 0:714293de3836 | 2289 | CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb"); |
ashleymills | 0:714293de3836 | 2290 | if (ctx) |
ashleymills | 0:714293de3836 | 2291 | return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb); |
ashleymills | 0:714293de3836 | 2292 | else |
ashleymills | 0:714293de3836 | 2293 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2294 | } |
ashleymills | 0:714293de3836 | 2295 | |
ashleymills | 0:714293de3836 | 2296 | |
ashleymills | 0:714293de3836 | 2297 | #endif /* HAVE_CRL */ |
ashleymills | 0:714293de3836 | 2298 | |
ashleymills | 0:714293de3836 | 2299 | |
ashleymills | 0:714293de3836 | 2300 | #ifdef CYASSL_DER_LOAD |
ashleymills | 0:714293de3836 | 2301 | |
ashleymills | 0:714293de3836 | 2302 | /* Add format parameter to allow DER load of CA files */ |
ashleymills | 0:714293de3836 | 2303 | int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file, |
ashleymills | 0:714293de3836 | 2304 | int format) |
ashleymills | 0:714293de3836 | 2305 | { |
ashleymills | 0:714293de3836 | 2306 | CYASSL_ENTER("CyaSSL_CTX_der_load_verify_locations"); |
ashleymills | 0:714293de3836 | 2307 | if (ctx == NULL || file == NULL) |
ashleymills | 0:714293de3836 | 2308 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2309 | |
ashleymills | 0:714293de3836 | 2310 | if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS) |
ashleymills | 0:714293de3836 | 2311 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2312 | |
ashleymills | 0:714293de3836 | 2313 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2314 | } |
ashleymills | 0:714293de3836 | 2315 | |
ashleymills | 0:714293de3836 | 2316 | #endif /* CYASSL_DER_LOAD */ |
ashleymills | 0:714293de3836 | 2317 | |
ashleymills | 0:714293de3836 | 2318 | |
ashleymills | 0:714293de3836 | 2319 | #ifdef CYASSL_CERT_GEN |
ashleymills | 0:714293de3836 | 2320 | |
ashleymills | 0:714293de3836 | 2321 | /* load pem cert from file into der buffer, return der size or error */ |
ashleymills | 0:714293de3836 | 2322 | int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) |
ashleymills | 0:714293de3836 | 2323 | { |
ashleymills | 0:714293de3836 | 2324 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:714293de3836 | 2325 | byte* fileBuf = staticBuffer; |
ashleymills | 0:714293de3836 | 2326 | int dynamic = 0; |
ashleymills | 0:714293de3836 | 2327 | int ret; |
ashleymills | 0:714293de3836 | 2328 | int ecc = 0; |
ashleymills | 0:714293de3836 | 2329 | long sz = 0; |
ashleymills | 0:714293de3836 | 2330 | XFILE file = XFOPEN(fileName, "rb"); |
ashleymills | 0:714293de3836 | 2331 | EncryptedInfo info; |
ashleymills | 0:714293de3836 | 2332 | buffer converted; |
ashleymills | 0:714293de3836 | 2333 | |
ashleymills | 0:714293de3836 | 2334 | CYASSL_ENTER("CyaSSL_PemCertToDer"); |
ashleymills | 0:714293de3836 | 2335 | converted.buffer = 0; |
ashleymills | 0:714293de3836 | 2336 | |
ashleymills | 0:714293de3836 | 2337 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2338 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:714293de3836 | 2339 | sz = XFTELL(file); |
ashleymills | 0:714293de3836 | 2340 | XREWIND(file); |
ashleymills | 0:714293de3836 | 2341 | |
ashleymills | 0:714293de3836 | 2342 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:714293de3836 | 2343 | fileBuf = (byte*) XMALLOC(sz, 0, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 2344 | if (fileBuf == NULL) { |
ashleymills | 0:714293de3836 | 2345 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2346 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2347 | } |
ashleymills | 0:714293de3836 | 2348 | dynamic = 1; |
ashleymills | 0:714293de3836 | 2349 | } |
ashleymills | 0:714293de3836 | 2350 | else if (sz < 0) { |
ashleymills | 0:714293de3836 | 2351 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2352 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2353 | } |
ashleymills | 0:714293de3836 | 2354 | |
ashleymills | 0:714293de3836 | 2355 | if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0) |
ashleymills | 0:714293de3836 | 2356 | ret = SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2357 | else |
ashleymills | 0:714293de3836 | 2358 | ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, &info, &ecc); |
ashleymills | 0:714293de3836 | 2359 | |
ashleymills | 0:714293de3836 | 2360 | if (ret == 0) { |
ashleymills | 0:714293de3836 | 2361 | if (converted.length < (word32)derSz) { |
ashleymills | 0:714293de3836 | 2362 | XMEMCPY(derBuf, converted.buffer, converted.length); |
ashleymills | 0:714293de3836 | 2363 | ret = converted.length; |
ashleymills | 0:714293de3836 | 2364 | } |
ashleymills | 0:714293de3836 | 2365 | else |
ashleymills | 0:714293de3836 | 2366 | ret = BUFFER_E; |
ashleymills | 0:714293de3836 | 2367 | } |
ashleymills | 0:714293de3836 | 2368 | |
ashleymills | 0:714293de3836 | 2369 | XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA); |
ashleymills | 0:714293de3836 | 2370 | if (dynamic) |
ashleymills | 0:714293de3836 | 2371 | XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 2372 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2373 | |
ashleymills | 0:714293de3836 | 2374 | return ret; |
ashleymills | 0:714293de3836 | 2375 | } |
ashleymills | 0:714293de3836 | 2376 | |
ashleymills | 0:714293de3836 | 2377 | #endif /* CYASSL_CERT_GEN */ |
ashleymills | 0:714293de3836 | 2378 | |
ashleymills | 0:714293de3836 | 2379 | |
ashleymills | 0:714293de3836 | 2380 | int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file, |
ashleymills | 0:714293de3836 | 2381 | int format) |
ashleymills | 0:714293de3836 | 2382 | { |
ashleymills | 0:714293de3836 | 2383 | CYASSL_ENTER("CyaSSL_CTX_use_certificate_file"); |
ashleymills | 0:714293de3836 | 2384 | if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS) |
ashleymills | 0:714293de3836 | 2385 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2386 | |
ashleymills | 0:714293de3836 | 2387 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2388 | } |
ashleymills | 0:714293de3836 | 2389 | |
ashleymills | 0:714293de3836 | 2390 | |
ashleymills | 0:714293de3836 | 2391 | int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX* ctx, const char* file,int format) |
ashleymills | 0:714293de3836 | 2392 | { |
ashleymills | 0:714293de3836 | 2393 | CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_file"); |
ashleymills | 0:714293de3836 | 2394 | if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL) |
ashleymills | 0:714293de3836 | 2395 | == SSL_SUCCESS) |
ashleymills | 0:714293de3836 | 2396 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2397 | |
ashleymills | 0:714293de3836 | 2398 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2399 | } |
ashleymills | 0:714293de3836 | 2400 | |
ashleymills | 0:714293de3836 | 2401 | |
ashleymills | 0:714293de3836 | 2402 | int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file) |
ashleymills | 0:714293de3836 | 2403 | { |
ashleymills | 0:714293de3836 | 2404 | /* procces up to MAX_CHAIN_DEPTH plus subject cert */ |
ashleymills | 0:714293de3836 | 2405 | CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_file"); |
ashleymills | 0:714293de3836 | 2406 | if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL) |
ashleymills | 0:714293de3836 | 2407 | == SSL_SUCCESS) |
ashleymills | 0:714293de3836 | 2408 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2409 | |
ashleymills | 0:714293de3836 | 2410 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2411 | } |
ashleymills | 0:714293de3836 | 2412 | |
ashleymills | 0:714293de3836 | 2413 | |
ashleymills | 0:714293de3836 | 2414 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:714293de3836 | 2415 | /* put SSL type in extra for now, not very common */ |
ashleymills | 0:714293de3836 | 2416 | |
ashleymills | 0:714293de3836 | 2417 | int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format) |
ashleymills | 0:714293de3836 | 2418 | { |
ashleymills | 0:714293de3836 | 2419 | CYASSL_ENTER("CyaSSL_use_certificate_file"); |
ashleymills | 0:714293de3836 | 2420 | if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL) |
ashleymills | 0:714293de3836 | 2421 | == SSL_SUCCESS) |
ashleymills | 0:714293de3836 | 2422 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2423 | |
ashleymills | 0:714293de3836 | 2424 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2425 | } |
ashleymills | 0:714293de3836 | 2426 | |
ashleymills | 0:714293de3836 | 2427 | |
ashleymills | 0:714293de3836 | 2428 | int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format) |
ashleymills | 0:714293de3836 | 2429 | { |
ashleymills | 0:714293de3836 | 2430 | CYASSL_ENTER("CyaSSL_use_PrivateKey_file"); |
ashleymills | 0:714293de3836 | 2431 | if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL) |
ashleymills | 0:714293de3836 | 2432 | == SSL_SUCCESS) |
ashleymills | 0:714293de3836 | 2433 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2434 | |
ashleymills | 0:714293de3836 | 2435 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2436 | } |
ashleymills | 0:714293de3836 | 2437 | |
ashleymills | 0:714293de3836 | 2438 | |
ashleymills | 0:714293de3836 | 2439 | int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file) |
ashleymills | 0:714293de3836 | 2440 | { |
ashleymills | 0:714293de3836 | 2441 | /* procces up to MAX_CHAIN_DEPTH plus subject cert */ |
ashleymills | 0:714293de3836 | 2442 | CYASSL_ENTER("CyaSSL_use_certificate_chain_file"); |
ashleymills | 0:714293de3836 | 2443 | if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL) |
ashleymills | 0:714293de3836 | 2444 | == SSL_SUCCESS) |
ashleymills | 0:714293de3836 | 2445 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2446 | |
ashleymills | 0:714293de3836 | 2447 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2448 | } |
ashleymills | 0:714293de3836 | 2449 | |
ashleymills | 0:714293de3836 | 2450 | |
ashleymills | 0:714293de3836 | 2451 | /* server wrapper for ctx or ssl Diffie-Hellman parameters */ |
ashleymills | 0:714293de3836 | 2452 | static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, |
ashleymills | 0:714293de3836 | 2453 | const unsigned char* buf, long sz, int format) |
ashleymills | 0:714293de3836 | 2454 | { |
ashleymills | 0:714293de3836 | 2455 | buffer der; |
ashleymills | 0:714293de3836 | 2456 | int ret; |
ashleymills | 0:714293de3836 | 2457 | int weOwnDer = 0; |
ashleymills | 0:714293de3836 | 2458 | byte p[MAX_DH_SIZE]; |
ashleymills | 0:714293de3836 | 2459 | byte g[MAX_DH_SIZE]; |
ashleymills | 0:714293de3836 | 2460 | word32 pSz = sizeof(p); |
ashleymills | 0:714293de3836 | 2461 | word32 gSz = sizeof(g); |
ashleymills | 0:714293de3836 | 2462 | |
ashleymills | 0:714293de3836 | 2463 | der.buffer = (byte*)buf; |
ashleymills | 0:714293de3836 | 2464 | der.length = (word32)sz; |
ashleymills | 0:714293de3836 | 2465 | |
ashleymills | 0:714293de3836 | 2466 | if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM) |
ashleymills | 0:714293de3836 | 2467 | return SSL_BAD_FILETYPE; |
ashleymills | 0:714293de3836 | 2468 | |
ashleymills | 0:714293de3836 | 2469 | if (format == SSL_FILETYPE_PEM) { |
ashleymills | 0:714293de3836 | 2470 | der.buffer = NULL; |
ashleymills | 0:714293de3836 | 2471 | ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL); |
ashleymills | 0:714293de3836 | 2472 | if (ret < 0) { |
ashleymills | 0:714293de3836 | 2473 | XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY); |
ashleymills | 0:714293de3836 | 2474 | return ret; |
ashleymills | 0:714293de3836 | 2475 | } |
ashleymills | 0:714293de3836 | 2476 | weOwnDer = 1; |
ashleymills | 0:714293de3836 | 2477 | } |
ashleymills | 0:714293de3836 | 2478 | |
ashleymills | 0:714293de3836 | 2479 | if (DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0) |
ashleymills | 0:714293de3836 | 2480 | ret = SSL_BAD_FILETYPE; |
ashleymills | 0:714293de3836 | 2481 | else { |
ashleymills | 0:714293de3836 | 2482 | if (ssl) |
ashleymills | 0:714293de3836 | 2483 | ret = CyaSSL_SetTmpDH(ssl, p, pSz, g, gSz); |
ashleymills | 0:714293de3836 | 2484 | else |
ashleymills | 0:714293de3836 | 2485 | ret = CyaSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); |
ashleymills | 0:714293de3836 | 2486 | } |
ashleymills | 0:714293de3836 | 2487 | |
ashleymills | 0:714293de3836 | 2488 | if (weOwnDer) |
ashleymills | 0:714293de3836 | 2489 | XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY); |
ashleymills | 0:714293de3836 | 2490 | |
ashleymills | 0:714293de3836 | 2491 | return ret; |
ashleymills | 0:714293de3836 | 2492 | } |
ashleymills | 0:714293de3836 | 2493 | |
ashleymills | 0:714293de3836 | 2494 | /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 2495 | int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz, |
ashleymills | 0:714293de3836 | 2496 | int format) |
ashleymills | 0:714293de3836 | 2497 | { |
ashleymills | 0:714293de3836 | 2498 | return CyaSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format); |
ashleymills | 0:714293de3836 | 2499 | } |
ashleymills | 0:714293de3836 | 2500 | |
ashleymills | 0:714293de3836 | 2501 | |
ashleymills | 0:714293de3836 | 2502 | /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 2503 | int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf, |
ashleymills | 0:714293de3836 | 2504 | long sz, int format) |
ashleymills | 0:714293de3836 | 2505 | { |
ashleymills | 0:714293de3836 | 2506 | return CyaSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format); |
ashleymills | 0:714293de3836 | 2507 | } |
ashleymills | 0:714293de3836 | 2508 | |
ashleymills | 0:714293de3836 | 2509 | |
ashleymills | 0:714293de3836 | 2510 | #ifdef HAVE_ECC |
ashleymills | 0:714293de3836 | 2511 | |
ashleymills | 0:714293de3836 | 2512 | /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ |
ashleymills | 0:714293de3836 | 2513 | int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz) |
ashleymills | 0:714293de3836 | 2514 | { |
ashleymills | 0:714293de3836 | 2515 | if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE) |
ashleymills | 0:714293de3836 | 2516 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2517 | |
ashleymills | 0:714293de3836 | 2518 | ctx->eccTempKeySz = sz; |
ashleymills | 0:714293de3836 | 2519 | |
ashleymills | 0:714293de3836 | 2520 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2521 | } |
ashleymills | 0:714293de3836 | 2522 | |
ashleymills | 0:714293de3836 | 2523 | |
ashleymills | 0:714293de3836 | 2524 | /* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */ |
ashleymills | 0:714293de3836 | 2525 | int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz) |
ashleymills | 0:714293de3836 | 2526 | { |
ashleymills | 0:714293de3836 | 2527 | if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE) |
ashleymills | 0:714293de3836 | 2528 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2529 | |
ashleymills | 0:714293de3836 | 2530 | ssl->eccTempKeySz = sz; |
ashleymills | 0:714293de3836 | 2531 | |
ashleymills | 0:714293de3836 | 2532 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2533 | } |
ashleymills | 0:714293de3836 | 2534 | |
ashleymills | 0:714293de3836 | 2535 | #endif /* HAVE_ECC */ |
ashleymills | 0:714293de3836 | 2536 | |
ashleymills | 0:714293de3836 | 2537 | |
ashleymills | 0:714293de3836 | 2538 | #if !defined(NO_FILESYSTEM) |
ashleymills | 0:714293de3836 | 2539 | |
ashleymills | 0:714293de3836 | 2540 | /* server Diffie-Hellman parameters */ |
ashleymills | 0:714293de3836 | 2541 | static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl, |
ashleymills | 0:714293de3836 | 2542 | const char* fname, int format) |
ashleymills | 0:714293de3836 | 2543 | { |
ashleymills | 0:714293de3836 | 2544 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:714293de3836 | 2545 | byte* myBuffer = staticBuffer; |
ashleymills | 0:714293de3836 | 2546 | int dynamic = 0; |
ashleymills | 0:714293de3836 | 2547 | int ret; |
ashleymills | 0:714293de3836 | 2548 | long sz = 0; |
ashleymills | 0:714293de3836 | 2549 | XFILE file = XFOPEN(fname, "rb"); |
ashleymills | 0:714293de3836 | 2550 | |
ashleymills | 0:714293de3836 | 2551 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2552 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:714293de3836 | 2553 | sz = XFTELL(file); |
ashleymills | 0:714293de3836 | 2554 | XREWIND(file); |
ashleymills | 0:714293de3836 | 2555 | |
ashleymills | 0:714293de3836 | 2556 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:714293de3836 | 2557 | CYASSL_MSG("Getting dynamic buffer"); |
ashleymills | 0:714293de3836 | 2558 | myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 2559 | if (myBuffer == NULL) { |
ashleymills | 0:714293de3836 | 2560 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2561 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2562 | } |
ashleymills | 0:714293de3836 | 2563 | dynamic = 1; |
ashleymills | 0:714293de3836 | 2564 | } |
ashleymills | 0:714293de3836 | 2565 | else if (sz < 0) { |
ashleymills | 0:714293de3836 | 2566 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2567 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2568 | } |
ashleymills | 0:714293de3836 | 2569 | |
ashleymills | 0:714293de3836 | 2570 | if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0) |
ashleymills | 0:714293de3836 | 2571 | ret = SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2572 | else { |
ashleymills | 0:714293de3836 | 2573 | if (ssl) |
ashleymills | 0:714293de3836 | 2574 | ret = CyaSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format); |
ashleymills | 0:714293de3836 | 2575 | else |
ashleymills | 0:714293de3836 | 2576 | ret = CyaSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format); |
ashleymills | 0:714293de3836 | 2577 | } |
ashleymills | 0:714293de3836 | 2578 | |
ashleymills | 0:714293de3836 | 2579 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2580 | if (dynamic) XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 2581 | |
ashleymills | 0:714293de3836 | 2582 | return ret; |
ashleymills | 0:714293de3836 | 2583 | } |
ashleymills | 0:714293de3836 | 2584 | |
ashleymills | 0:714293de3836 | 2585 | /* server Diffie-Hellman parameters */ |
ashleymills | 0:714293de3836 | 2586 | int CyaSSL_SetTmpDH_file(CYASSL* ssl, const char* fname, int format) |
ashleymills | 0:714293de3836 | 2587 | { |
ashleymills | 0:714293de3836 | 2588 | return CyaSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format); |
ashleymills | 0:714293de3836 | 2589 | } |
ashleymills | 0:714293de3836 | 2590 | |
ashleymills | 0:714293de3836 | 2591 | |
ashleymills | 0:714293de3836 | 2592 | /* server Diffie-Hellman parameters */ |
ashleymills | 0:714293de3836 | 2593 | int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format) |
ashleymills | 0:714293de3836 | 2594 | { |
ashleymills | 0:714293de3836 | 2595 | return CyaSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format); |
ashleymills | 0:714293de3836 | 2596 | } |
ashleymills | 0:714293de3836 | 2597 | |
ashleymills | 0:714293de3836 | 2598 | |
ashleymills | 0:714293de3836 | 2599 | #endif /* !NO_FILESYSTEM */ |
ashleymills | 0:714293de3836 | 2600 | #endif /* OPENSSL_EXTRA */ |
ashleymills | 0:714293de3836 | 2601 | |
ashleymills | 0:714293de3836 | 2602 | #ifdef HAVE_NTRU |
ashleymills | 0:714293de3836 | 2603 | |
ashleymills | 0:714293de3836 | 2604 | int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file) |
ashleymills | 0:714293de3836 | 2605 | { |
ashleymills | 0:714293de3836 | 2606 | CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file"); |
ashleymills | 0:714293de3836 | 2607 | if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL) |
ashleymills | 0:714293de3836 | 2608 | == SSL_SUCCESS) { |
ashleymills | 0:714293de3836 | 2609 | ctx->haveNTRU = 1; |
ashleymills | 0:714293de3836 | 2610 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2611 | } |
ashleymills | 0:714293de3836 | 2612 | |
ashleymills | 0:714293de3836 | 2613 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2614 | } |
ashleymills | 0:714293de3836 | 2615 | |
ashleymills | 0:714293de3836 | 2616 | #endif /* HAVE_NTRU */ |
ashleymills | 0:714293de3836 | 2617 | |
ashleymills | 0:714293de3836 | 2618 | |
ashleymills | 0:714293de3836 | 2619 | |
ashleymills | 0:714293de3836 | 2620 | #if defined(OPENSSL_EXTRA) |
ashleymills | 0:714293de3836 | 2621 | |
ashleymills | 0:714293de3836 | 2622 | int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file, |
ashleymills | 0:714293de3836 | 2623 | int format) |
ashleymills | 0:714293de3836 | 2624 | { |
ashleymills | 0:714293de3836 | 2625 | CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file"); |
ashleymills | 0:714293de3836 | 2626 | |
ashleymills | 0:714293de3836 | 2627 | return CyaSSL_CTX_use_PrivateKey_file(ctx, file, format); |
ashleymills | 0:714293de3836 | 2628 | } |
ashleymills | 0:714293de3836 | 2629 | |
ashleymills | 0:714293de3836 | 2630 | int CyaSSL_use_RSAPrivateKey_file(CYASSL* ssl, const char* file, int format) |
ashleymills | 0:714293de3836 | 2631 | { |
ashleymills | 0:714293de3836 | 2632 | CYASSL_ENTER("CyaSSL_use_RSAPrivateKey_file"); |
ashleymills | 0:714293de3836 | 2633 | |
ashleymills | 0:714293de3836 | 2634 | return CyaSSL_use_PrivateKey_file(ssl, file, format); |
ashleymills | 0:714293de3836 | 2635 | } |
ashleymills | 0:714293de3836 | 2636 | |
ashleymills | 0:714293de3836 | 2637 | #endif /* OPENSSL_EXTRA */ |
ashleymills | 0:714293de3836 | 2638 | |
ashleymills | 0:714293de3836 | 2639 | #endif /* NO_FILESYSTEM */ |
ashleymills | 0:714293de3836 | 2640 | |
ashleymills | 0:714293de3836 | 2641 | |
ashleymills | 0:714293de3836 | 2642 | void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc) |
ashleymills | 0:714293de3836 | 2643 | { |
ashleymills | 0:714293de3836 | 2644 | CYASSL_ENTER("CyaSSL_CTX_set_verify"); |
ashleymills | 0:714293de3836 | 2645 | if (mode & SSL_VERIFY_PEER) { |
ashleymills | 0:714293de3836 | 2646 | ctx->verifyPeer = 1; |
ashleymills | 0:714293de3836 | 2647 | ctx->verifyNone = 0; /* in case perviously set */ |
ashleymills | 0:714293de3836 | 2648 | } |
ashleymills | 0:714293de3836 | 2649 | |
ashleymills | 0:714293de3836 | 2650 | if (mode == SSL_VERIFY_NONE) { |
ashleymills | 0:714293de3836 | 2651 | ctx->verifyNone = 1; |
ashleymills | 0:714293de3836 | 2652 | ctx->verifyPeer = 0; /* in case previously set */ |
ashleymills | 0:714293de3836 | 2653 | } |
ashleymills | 0:714293de3836 | 2654 | |
ashleymills | 0:714293de3836 | 2655 | if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) |
ashleymills | 0:714293de3836 | 2656 | ctx->failNoCert = 1; |
ashleymills | 0:714293de3836 | 2657 | |
ashleymills | 0:714293de3836 | 2658 | ctx->verifyCallback = vc; |
ashleymills | 0:714293de3836 | 2659 | } |
ashleymills | 0:714293de3836 | 2660 | |
ashleymills | 0:714293de3836 | 2661 | |
ashleymills | 0:714293de3836 | 2662 | void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc) |
ashleymills | 0:714293de3836 | 2663 | { |
ashleymills | 0:714293de3836 | 2664 | CYASSL_ENTER("CyaSSL_set_verify"); |
ashleymills | 0:714293de3836 | 2665 | if (mode & SSL_VERIFY_PEER) { |
ashleymills | 0:714293de3836 | 2666 | ssl->options.verifyPeer = 1; |
ashleymills | 0:714293de3836 | 2667 | ssl->options.verifyNone = 0; /* in case perviously set */ |
ashleymills | 0:714293de3836 | 2668 | } |
ashleymills | 0:714293de3836 | 2669 | |
ashleymills | 0:714293de3836 | 2670 | if (mode == SSL_VERIFY_NONE) { |
ashleymills | 0:714293de3836 | 2671 | ssl->options.verifyNone = 1; |
ashleymills | 0:714293de3836 | 2672 | ssl->options.verifyPeer = 0; /* in case previously set */ |
ashleymills | 0:714293de3836 | 2673 | } |
ashleymills | 0:714293de3836 | 2674 | |
ashleymills | 0:714293de3836 | 2675 | if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) |
ashleymills | 0:714293de3836 | 2676 | ssl->options.failNoCert = 1; |
ashleymills | 0:714293de3836 | 2677 | |
ashleymills | 0:714293de3836 | 2678 | ssl->verifyCallback = vc; |
ashleymills | 0:714293de3836 | 2679 | } |
ashleymills | 0:714293de3836 | 2680 | |
ashleymills | 0:714293de3836 | 2681 | |
ashleymills | 0:714293de3836 | 2682 | /* store user ctx for verify callback */ |
ashleymills | 0:714293de3836 | 2683 | void CyaSSL_SetCertCbCtx(CYASSL* ssl, void* ctx) |
ashleymills | 0:714293de3836 | 2684 | { |
ashleymills | 0:714293de3836 | 2685 | CYASSL_ENTER("CyaSSL_SetCertCbCtx"); |
ashleymills | 0:714293de3836 | 2686 | if (ssl) |
ashleymills | 0:714293de3836 | 2687 | ssl->verifyCbCtx = ctx; |
ashleymills | 0:714293de3836 | 2688 | } |
ashleymills | 0:714293de3836 | 2689 | |
ashleymills | 0:714293de3836 | 2690 | |
ashleymills | 0:714293de3836 | 2691 | /* store context CA Cache addition callback */ |
ashleymills | 0:714293de3836 | 2692 | void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb) |
ashleymills | 0:714293de3836 | 2693 | { |
ashleymills | 0:714293de3836 | 2694 | if (ctx && ctx->cm) |
ashleymills | 0:714293de3836 | 2695 | ctx->cm->caCacheCallback = cb; |
ashleymills | 0:714293de3836 | 2696 | } |
ashleymills | 0:714293de3836 | 2697 | |
ashleymills | 0:714293de3836 | 2698 | |
ashleymills | 0:714293de3836 | 2699 | #if defined(PERSIST_CERT_CACHE) |
ashleymills | 0:714293de3836 | 2700 | |
ashleymills | 0:714293de3836 | 2701 | #if !defined(NO_FILESYSTEM) |
ashleymills | 0:714293de3836 | 2702 | |
ashleymills | 0:714293de3836 | 2703 | /* Persist cert cache to file */ |
ashleymills | 0:714293de3836 | 2704 | int CyaSSL_CTX_save_cert_cache(CYASSL_CTX* ctx, const char* fname) |
ashleymills | 0:714293de3836 | 2705 | { |
ashleymills | 0:714293de3836 | 2706 | CYASSL_ENTER("CyaSSL_CTX_save_cert_cache"); |
ashleymills | 0:714293de3836 | 2707 | |
ashleymills | 0:714293de3836 | 2708 | if (ctx == NULL || fname == NULL) |
ashleymills | 0:714293de3836 | 2709 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2710 | |
ashleymills | 0:714293de3836 | 2711 | return CM_SaveCertCache(ctx->cm, fname); |
ashleymills | 0:714293de3836 | 2712 | } |
ashleymills | 0:714293de3836 | 2713 | |
ashleymills | 0:714293de3836 | 2714 | |
ashleymills | 0:714293de3836 | 2715 | /* Persist cert cache from file */ |
ashleymills | 0:714293de3836 | 2716 | int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX* ctx, const char* fname) |
ashleymills | 0:714293de3836 | 2717 | { |
ashleymills | 0:714293de3836 | 2718 | CYASSL_ENTER("CyaSSL_CTX_restore_cert_cache"); |
ashleymills | 0:714293de3836 | 2719 | |
ashleymills | 0:714293de3836 | 2720 | if (ctx == NULL || fname == NULL) |
ashleymills | 0:714293de3836 | 2721 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2722 | |
ashleymills | 0:714293de3836 | 2723 | return CM_RestoreCertCache(ctx->cm, fname); |
ashleymills | 0:714293de3836 | 2724 | } |
ashleymills | 0:714293de3836 | 2725 | |
ashleymills | 0:714293de3836 | 2726 | #endif /* NO_FILESYSTEM */ |
ashleymills | 0:714293de3836 | 2727 | |
ashleymills | 0:714293de3836 | 2728 | /* Persist cert cache to memory */ |
ashleymills | 0:714293de3836 | 2729 | int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX* ctx, void* mem, int sz, int* used) |
ashleymills | 0:714293de3836 | 2730 | { |
ashleymills | 0:714293de3836 | 2731 | CYASSL_ENTER("CyaSSL_CTX_memsave_cert_cache"); |
ashleymills | 0:714293de3836 | 2732 | |
ashleymills | 0:714293de3836 | 2733 | if (ctx == NULL || mem == NULL || used == NULL || sz <= 0) |
ashleymills | 0:714293de3836 | 2734 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2735 | |
ashleymills | 0:714293de3836 | 2736 | return CM_MemSaveCertCache(ctx->cm, mem, sz, used); |
ashleymills | 0:714293de3836 | 2737 | } |
ashleymills | 0:714293de3836 | 2738 | |
ashleymills | 0:714293de3836 | 2739 | |
ashleymills | 0:714293de3836 | 2740 | /* Restore cert cache from memory */ |
ashleymills | 0:714293de3836 | 2741 | int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX* ctx, const void* mem, int sz) |
ashleymills | 0:714293de3836 | 2742 | { |
ashleymills | 0:714293de3836 | 2743 | CYASSL_ENTER("CyaSSL_CTX_memrestore_cert_cache"); |
ashleymills | 0:714293de3836 | 2744 | |
ashleymills | 0:714293de3836 | 2745 | if (ctx == NULL || mem == NULL || sz <= 0) |
ashleymills | 0:714293de3836 | 2746 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2747 | |
ashleymills | 0:714293de3836 | 2748 | return CM_MemRestoreCertCache(ctx->cm, mem, sz); |
ashleymills | 0:714293de3836 | 2749 | } |
ashleymills | 0:714293de3836 | 2750 | |
ashleymills | 0:714293de3836 | 2751 | |
ashleymills | 0:714293de3836 | 2752 | /* get how big the the cert cache save buffer needs to be */ |
ashleymills | 0:714293de3836 | 2753 | int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 2754 | { |
ashleymills | 0:714293de3836 | 2755 | CYASSL_ENTER("CyaSSL_CTX_get_cert_cache_memsize"); |
ashleymills | 0:714293de3836 | 2756 | |
ashleymills | 0:714293de3836 | 2757 | if (ctx == NULL) |
ashleymills | 0:714293de3836 | 2758 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2759 | |
ashleymills | 0:714293de3836 | 2760 | return CM_GetCertCacheMemSize(ctx->cm); |
ashleymills | 0:714293de3836 | 2761 | } |
ashleymills | 0:714293de3836 | 2762 | |
ashleymills | 0:714293de3836 | 2763 | #endif /* PERSISTE_CERT_CACHE */ |
ashleymills | 0:714293de3836 | 2764 | #endif /* !NO_CERTS */ |
ashleymills | 0:714293de3836 | 2765 | |
ashleymills | 0:714293de3836 | 2766 | |
ashleymills | 0:714293de3836 | 2767 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:714293de3836 | 2768 | |
ashleymills | 0:714293de3836 | 2769 | CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 2770 | { |
ashleymills | 0:714293de3836 | 2771 | CYASSL_ENTER("SSL_get_session"); |
ashleymills | 0:714293de3836 | 2772 | if (ssl) |
ashleymills | 0:714293de3836 | 2773 | return GetSession(ssl, 0); |
ashleymills | 0:714293de3836 | 2774 | |
ashleymills | 0:714293de3836 | 2775 | return NULL; |
ashleymills | 0:714293de3836 | 2776 | } |
ashleymills | 0:714293de3836 | 2777 | |
ashleymills | 0:714293de3836 | 2778 | |
ashleymills | 0:714293de3836 | 2779 | int CyaSSL_set_session(CYASSL* ssl, CYASSL_SESSION* session) |
ashleymills | 0:714293de3836 | 2780 | { |
ashleymills | 0:714293de3836 | 2781 | CYASSL_ENTER("SSL_set_session"); |
ashleymills | 0:714293de3836 | 2782 | if (session) |
ashleymills | 0:714293de3836 | 2783 | return SetSession(ssl, session); |
ashleymills | 0:714293de3836 | 2784 | |
ashleymills | 0:714293de3836 | 2785 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 2786 | } |
ashleymills | 0:714293de3836 | 2787 | |
ashleymills | 0:714293de3836 | 2788 | |
ashleymills | 0:714293de3836 | 2789 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 2790 | |
ashleymills | 0:714293de3836 | 2791 | /* Associate client session with serverID, find existing or store for saving |
ashleymills | 0:714293de3836 | 2792 | if newSession flag on, don't reuse existing session |
ashleymills | 0:714293de3836 | 2793 | SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 2794 | int CyaSSL_SetServerID(CYASSL* ssl, const byte* id, int len, int newSession) |
ashleymills | 0:714293de3836 | 2795 | { |
ashleymills | 0:714293de3836 | 2796 | CYASSL_SESSION* session = NULL; |
ashleymills | 0:714293de3836 | 2797 | |
ashleymills | 0:714293de3836 | 2798 | CYASSL_ENTER("CyaSSL_SetServerID"); |
ashleymills | 0:714293de3836 | 2799 | |
ashleymills | 0:714293de3836 | 2800 | if (ssl == NULL || id == NULL || len <= 0) |
ashleymills | 0:714293de3836 | 2801 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 2802 | |
ashleymills | 0:714293de3836 | 2803 | if (newSession == 0) { |
ashleymills | 0:714293de3836 | 2804 | session = GetSessionClient(ssl, id, len); |
ashleymills | 0:714293de3836 | 2805 | if (session) { |
ashleymills | 0:714293de3836 | 2806 | if (SetSession(ssl, session) != SSL_SUCCESS) { |
ashleymills | 0:714293de3836 | 2807 | CYASSL_MSG("SetSession failed"); |
ashleymills | 0:714293de3836 | 2808 | session = NULL; |
ashleymills | 0:714293de3836 | 2809 | } |
ashleymills | 0:714293de3836 | 2810 | } |
ashleymills | 0:714293de3836 | 2811 | } |
ashleymills | 0:714293de3836 | 2812 | |
ashleymills | 0:714293de3836 | 2813 | if (session == NULL) { |
ashleymills | 0:714293de3836 | 2814 | CYASSL_MSG("Valid ServerID not cached already"); |
ashleymills | 0:714293de3836 | 2815 | |
ashleymills | 0:714293de3836 | 2816 | ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len); |
ashleymills | 0:714293de3836 | 2817 | XMEMCPY(ssl->session.serverID, id, ssl->session.idLen); |
ashleymills | 0:714293de3836 | 2818 | } |
ashleymills | 0:714293de3836 | 2819 | |
ashleymills | 0:714293de3836 | 2820 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2821 | } |
ashleymills | 0:714293de3836 | 2822 | |
ashleymills | 0:714293de3836 | 2823 | #endif /* NO_CLIENT_CACHE */ |
ashleymills | 0:714293de3836 | 2824 | |
ashleymills | 0:714293de3836 | 2825 | #if defined(PERSIST_SESSION_CACHE) |
ashleymills | 0:714293de3836 | 2826 | |
ashleymills | 0:714293de3836 | 2827 | /* Session Cache Header information */ |
ashleymills | 0:714293de3836 | 2828 | typedef struct { |
ashleymills | 0:714293de3836 | 2829 | int version; /* cache layout version id */ |
ashleymills | 0:714293de3836 | 2830 | int rows; /* session rows */ |
ashleymills | 0:714293de3836 | 2831 | int columns; /* session columns */ |
ashleymills | 0:714293de3836 | 2832 | int sessionSz; /* sizeof CYASSL_SESSION */ |
ashleymills | 0:714293de3836 | 2833 | } cache_header_t; |
ashleymills | 0:714293de3836 | 2834 | |
ashleymills | 0:714293de3836 | 2835 | /* current persistence layout is: |
ashleymills | 0:714293de3836 | 2836 | |
ashleymills | 0:714293de3836 | 2837 | 1) cache_header_t |
ashleymills | 0:714293de3836 | 2838 | 2) SessionCache |
ashleymills | 0:714293de3836 | 2839 | 3) ClientCache |
ashleymills | 0:714293de3836 | 2840 | |
ashleymills | 0:714293de3836 | 2841 | update CYASSL_CACHE_VERSION if change layout for the following |
ashleymills | 0:714293de3836 | 2842 | PERSISTENT_SESSION_CACHE functions |
ashleymills | 0:714293de3836 | 2843 | */ |
ashleymills | 0:714293de3836 | 2844 | |
ashleymills | 0:714293de3836 | 2845 | |
ashleymills | 0:714293de3836 | 2846 | /* get how big the the session cache save buffer needs to be */ |
ashleymills | 0:714293de3836 | 2847 | int CyaSSL_get_session_cache_memsize(void) |
ashleymills | 0:714293de3836 | 2848 | { |
ashleymills | 0:714293de3836 | 2849 | int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t)); |
ashleymills | 0:714293de3836 | 2850 | |
ashleymills | 0:714293de3836 | 2851 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 2852 | sz += (int)(sizeof(ClientCache)); |
ashleymills | 0:714293de3836 | 2853 | #endif |
ashleymills | 0:714293de3836 | 2854 | |
ashleymills | 0:714293de3836 | 2855 | return sz; |
ashleymills | 0:714293de3836 | 2856 | } |
ashleymills | 0:714293de3836 | 2857 | |
ashleymills | 0:714293de3836 | 2858 | |
ashleymills | 0:714293de3836 | 2859 | /* Persist session cache to memory */ |
ashleymills | 0:714293de3836 | 2860 | int CyaSSL_memsave_session_cache(void* mem, int sz) |
ashleymills | 0:714293de3836 | 2861 | { |
ashleymills | 0:714293de3836 | 2862 | int i; |
ashleymills | 0:714293de3836 | 2863 | cache_header_t cache_header; |
ashleymills | 0:714293de3836 | 2864 | SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header)); |
ashleymills | 0:714293de3836 | 2865 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 2866 | ClientRow* clRow; |
ashleymills | 0:714293de3836 | 2867 | #endif |
ashleymills | 0:714293de3836 | 2868 | |
ashleymills | 0:714293de3836 | 2869 | CYASSL_ENTER("CyaSSL_memsave_session_cache"); |
ashleymills | 0:714293de3836 | 2870 | |
ashleymills | 0:714293de3836 | 2871 | if (sz < CyaSSL_get_session_cache_memsize()) { |
ashleymills | 0:714293de3836 | 2872 | CYASSL_MSG("Memory buffer too small"); |
ashleymills | 0:714293de3836 | 2873 | return BUFFER_E; |
ashleymills | 0:714293de3836 | 2874 | } |
ashleymills | 0:714293de3836 | 2875 | |
ashleymills | 0:714293de3836 | 2876 | cache_header.version = CYASSL_CACHE_VERSION; |
ashleymills | 0:714293de3836 | 2877 | cache_header.rows = SESSION_ROWS; |
ashleymills | 0:714293de3836 | 2878 | cache_header.columns = SESSIONS_PER_ROW; |
ashleymills | 0:714293de3836 | 2879 | cache_header.sessionSz = (int)sizeof(CYASSL_SESSION); |
ashleymills | 0:714293de3836 | 2880 | XMEMCPY(mem, &cache_header, sizeof(cache_header)); |
ashleymills | 0:714293de3836 | 2881 | |
ashleymills | 0:714293de3836 | 2882 | if (LockMutex(&session_mutex) != 0) { |
ashleymills | 0:714293de3836 | 2883 | CYASSL_MSG("Session cache mutex lock failed"); |
ashleymills | 0:714293de3836 | 2884 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 2885 | } |
ashleymills | 0:714293de3836 | 2886 | |
ashleymills | 0:714293de3836 | 2887 | for (i = 0; i < cache_header.rows; ++i) |
ashleymills | 0:714293de3836 | 2888 | XMEMCPY(row++, SessionCache + i, sizeof(SessionRow)); |
ashleymills | 0:714293de3836 | 2889 | |
ashleymills | 0:714293de3836 | 2890 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 2891 | clRow = (ClientRow*)row; |
ashleymills | 0:714293de3836 | 2892 | for (i = 0; i < cache_header.rows; ++i) |
ashleymills | 0:714293de3836 | 2893 | XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow)); |
ashleymills | 0:714293de3836 | 2894 | #endif |
ashleymills | 0:714293de3836 | 2895 | |
ashleymills | 0:714293de3836 | 2896 | UnLockMutex(&session_mutex); |
ashleymills | 0:714293de3836 | 2897 | |
ashleymills | 0:714293de3836 | 2898 | CYASSL_LEAVE("CyaSSL_memsave_session_cache", SSL_SUCCESS); |
ashleymills | 0:714293de3836 | 2899 | |
ashleymills | 0:714293de3836 | 2900 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2901 | } |
ashleymills | 0:714293de3836 | 2902 | |
ashleymills | 0:714293de3836 | 2903 | |
ashleymills | 0:714293de3836 | 2904 | /* Restore the persistant session cache from memory */ |
ashleymills | 0:714293de3836 | 2905 | int CyaSSL_memrestore_session_cache(const void* mem, int sz) |
ashleymills | 0:714293de3836 | 2906 | { |
ashleymills | 0:714293de3836 | 2907 | int i; |
ashleymills | 0:714293de3836 | 2908 | cache_header_t cache_header; |
ashleymills | 0:714293de3836 | 2909 | SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header)); |
ashleymills | 0:714293de3836 | 2910 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 2911 | ClientRow* clRow; |
ashleymills | 0:714293de3836 | 2912 | #endif |
ashleymills | 0:714293de3836 | 2913 | |
ashleymills | 0:714293de3836 | 2914 | CYASSL_ENTER("CyaSSL_memrestore_session_cache"); |
ashleymills | 0:714293de3836 | 2915 | |
ashleymills | 0:714293de3836 | 2916 | if (sz < CyaSSL_get_session_cache_memsize()) { |
ashleymills | 0:714293de3836 | 2917 | CYASSL_MSG("Memory buffer too small"); |
ashleymills | 0:714293de3836 | 2918 | return BUFFER_E; |
ashleymills | 0:714293de3836 | 2919 | } |
ashleymills | 0:714293de3836 | 2920 | |
ashleymills | 0:714293de3836 | 2921 | XMEMCPY(&cache_header, mem, sizeof(cache_header)); |
ashleymills | 0:714293de3836 | 2922 | if (cache_header.version != CYASSL_CACHE_VERSION || |
ashleymills | 0:714293de3836 | 2923 | cache_header.rows != SESSION_ROWS || |
ashleymills | 0:714293de3836 | 2924 | cache_header.columns != SESSIONS_PER_ROW || |
ashleymills | 0:714293de3836 | 2925 | cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) { |
ashleymills | 0:714293de3836 | 2926 | |
ashleymills | 0:714293de3836 | 2927 | CYASSL_MSG("Session cache header match failed"); |
ashleymills | 0:714293de3836 | 2928 | return CACHE_MATCH_ERROR; |
ashleymills | 0:714293de3836 | 2929 | } |
ashleymills | 0:714293de3836 | 2930 | |
ashleymills | 0:714293de3836 | 2931 | if (LockMutex(&session_mutex) != 0) { |
ashleymills | 0:714293de3836 | 2932 | CYASSL_MSG("Session cache mutex lock failed"); |
ashleymills | 0:714293de3836 | 2933 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 2934 | } |
ashleymills | 0:714293de3836 | 2935 | |
ashleymills | 0:714293de3836 | 2936 | for (i = 0; i < cache_header.rows; ++i) |
ashleymills | 0:714293de3836 | 2937 | XMEMCPY(SessionCache + i, row++, sizeof(SessionRow)); |
ashleymills | 0:714293de3836 | 2938 | |
ashleymills | 0:714293de3836 | 2939 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 2940 | clRow = (ClientRow*)row; |
ashleymills | 0:714293de3836 | 2941 | for (i = 0; i < cache_header.rows; ++i) |
ashleymills | 0:714293de3836 | 2942 | XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow)); |
ashleymills | 0:714293de3836 | 2943 | #endif |
ashleymills | 0:714293de3836 | 2944 | |
ashleymills | 0:714293de3836 | 2945 | UnLockMutex(&session_mutex); |
ashleymills | 0:714293de3836 | 2946 | |
ashleymills | 0:714293de3836 | 2947 | CYASSL_LEAVE("CyaSSL_memrestore_session_cache", SSL_SUCCESS); |
ashleymills | 0:714293de3836 | 2948 | |
ashleymills | 0:714293de3836 | 2949 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2950 | } |
ashleymills | 0:714293de3836 | 2951 | |
ashleymills | 0:714293de3836 | 2952 | #if !defined(NO_FILESYSTEM) |
ashleymills | 0:714293de3836 | 2953 | |
ashleymills | 0:714293de3836 | 2954 | /* Persist session cache to file */ |
ashleymills | 0:714293de3836 | 2955 | /* doesn't use memsave because of additional memory use */ |
ashleymills | 0:714293de3836 | 2956 | int CyaSSL_save_session_cache(const char *fname) |
ashleymills | 0:714293de3836 | 2957 | { |
ashleymills | 0:714293de3836 | 2958 | XFILE file; |
ashleymills | 0:714293de3836 | 2959 | int ret; |
ashleymills | 0:714293de3836 | 2960 | int rc = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 2961 | int i; |
ashleymills | 0:714293de3836 | 2962 | cache_header_t cache_header; |
ashleymills | 0:714293de3836 | 2963 | |
ashleymills | 0:714293de3836 | 2964 | CYASSL_ENTER("CyaSSL_save_session_cache"); |
ashleymills | 0:714293de3836 | 2965 | |
ashleymills | 0:714293de3836 | 2966 | file = XFOPEN(fname, "w+b"); |
ashleymills | 0:714293de3836 | 2967 | if (file == XBADFILE) { |
ashleymills | 0:714293de3836 | 2968 | CYASSL_MSG("Couldn't open session cache save file"); |
ashleymills | 0:714293de3836 | 2969 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 2970 | } |
ashleymills | 0:714293de3836 | 2971 | cache_header.version = CYASSL_CACHE_VERSION; |
ashleymills | 0:714293de3836 | 2972 | cache_header.rows = SESSION_ROWS; |
ashleymills | 0:714293de3836 | 2973 | cache_header.columns = SESSIONS_PER_ROW; |
ashleymills | 0:714293de3836 | 2974 | cache_header.sessionSz = (int)sizeof(CYASSL_SESSION); |
ashleymills | 0:714293de3836 | 2975 | |
ashleymills | 0:714293de3836 | 2976 | /* cache header */ |
ashleymills | 0:714293de3836 | 2977 | ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file); |
ashleymills | 0:714293de3836 | 2978 | if (ret != 1) { |
ashleymills | 0:714293de3836 | 2979 | CYASSL_MSG("Session cache header file write failed"); |
ashleymills | 0:714293de3836 | 2980 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2981 | return FWRITE_ERROR; |
ashleymills | 0:714293de3836 | 2982 | } |
ashleymills | 0:714293de3836 | 2983 | |
ashleymills | 0:714293de3836 | 2984 | if (LockMutex(&session_mutex) != 0) { |
ashleymills | 0:714293de3836 | 2985 | CYASSL_MSG("Session cache mutex lock failed"); |
ashleymills | 0:714293de3836 | 2986 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 2987 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 2988 | } |
ashleymills | 0:714293de3836 | 2989 | |
ashleymills | 0:714293de3836 | 2990 | /* session cache */ |
ashleymills | 0:714293de3836 | 2991 | for (i = 0; i < cache_header.rows; ++i) { |
ashleymills | 0:714293de3836 | 2992 | ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file); |
ashleymills | 0:714293de3836 | 2993 | if (ret != 1) { |
ashleymills | 0:714293de3836 | 2994 | CYASSL_MSG("Session cache member file write failed"); |
ashleymills | 0:714293de3836 | 2995 | rc = FWRITE_ERROR; |
ashleymills | 0:714293de3836 | 2996 | break; |
ashleymills | 0:714293de3836 | 2997 | } |
ashleymills | 0:714293de3836 | 2998 | } |
ashleymills | 0:714293de3836 | 2999 | |
ashleymills | 0:714293de3836 | 3000 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 3001 | /* client cache */ |
ashleymills | 0:714293de3836 | 3002 | for (i = 0; i < cache_header.rows; ++i) { |
ashleymills | 0:714293de3836 | 3003 | ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file); |
ashleymills | 0:714293de3836 | 3004 | if (ret != 1) { |
ashleymills | 0:714293de3836 | 3005 | CYASSL_MSG("Client cache member file write failed"); |
ashleymills | 0:714293de3836 | 3006 | rc = FWRITE_ERROR; |
ashleymills | 0:714293de3836 | 3007 | break; |
ashleymills | 0:714293de3836 | 3008 | } |
ashleymills | 0:714293de3836 | 3009 | } |
ashleymills | 0:714293de3836 | 3010 | #endif /* NO_CLIENT_CACHE */ |
ashleymills | 0:714293de3836 | 3011 | |
ashleymills | 0:714293de3836 | 3012 | UnLockMutex(&session_mutex); |
ashleymills | 0:714293de3836 | 3013 | |
ashleymills | 0:714293de3836 | 3014 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3015 | CYASSL_LEAVE("CyaSSL_save_session_cache", rc); |
ashleymills | 0:714293de3836 | 3016 | |
ashleymills | 0:714293de3836 | 3017 | return rc; |
ashleymills | 0:714293de3836 | 3018 | } |
ashleymills | 0:714293de3836 | 3019 | |
ashleymills | 0:714293de3836 | 3020 | |
ashleymills | 0:714293de3836 | 3021 | /* Restore the persistant session cache from file */ |
ashleymills | 0:714293de3836 | 3022 | /* doesn't use memstore because of additional memory use */ |
ashleymills | 0:714293de3836 | 3023 | int CyaSSL_restore_session_cache(const char *fname) |
ashleymills | 0:714293de3836 | 3024 | { |
ashleymills | 0:714293de3836 | 3025 | XFILE file; |
ashleymills | 0:714293de3836 | 3026 | int rc = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3027 | int ret; |
ashleymills | 0:714293de3836 | 3028 | int i; |
ashleymills | 0:714293de3836 | 3029 | cache_header_t cache_header; |
ashleymills | 0:714293de3836 | 3030 | |
ashleymills | 0:714293de3836 | 3031 | CYASSL_ENTER("CyaSSL_restore_session_cache"); |
ashleymills | 0:714293de3836 | 3032 | |
ashleymills | 0:714293de3836 | 3033 | file = XFOPEN(fname, "rb"); |
ashleymills | 0:714293de3836 | 3034 | if (file == XBADFILE) { |
ashleymills | 0:714293de3836 | 3035 | CYASSL_MSG("Couldn't open session cache save file"); |
ashleymills | 0:714293de3836 | 3036 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 3037 | } |
ashleymills | 0:714293de3836 | 3038 | /* cache header */ |
ashleymills | 0:714293de3836 | 3039 | ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file); |
ashleymills | 0:714293de3836 | 3040 | if (ret != 1) { |
ashleymills | 0:714293de3836 | 3041 | CYASSL_MSG("Session cache header file read failed"); |
ashleymills | 0:714293de3836 | 3042 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3043 | return FREAD_ERROR; |
ashleymills | 0:714293de3836 | 3044 | } |
ashleymills | 0:714293de3836 | 3045 | if (cache_header.version != CYASSL_CACHE_VERSION || |
ashleymills | 0:714293de3836 | 3046 | cache_header.rows != SESSION_ROWS || |
ashleymills | 0:714293de3836 | 3047 | cache_header.columns != SESSIONS_PER_ROW || |
ashleymills | 0:714293de3836 | 3048 | cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) { |
ashleymills | 0:714293de3836 | 3049 | |
ashleymills | 0:714293de3836 | 3050 | CYASSL_MSG("Session cache header match failed"); |
ashleymills | 0:714293de3836 | 3051 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3052 | return CACHE_MATCH_ERROR; |
ashleymills | 0:714293de3836 | 3053 | } |
ashleymills | 0:714293de3836 | 3054 | |
ashleymills | 0:714293de3836 | 3055 | if (LockMutex(&session_mutex) != 0) { |
ashleymills | 0:714293de3836 | 3056 | CYASSL_MSG("Session cache mutex lock failed"); |
ashleymills | 0:714293de3836 | 3057 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3058 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 3059 | } |
ashleymills | 0:714293de3836 | 3060 | |
ashleymills | 0:714293de3836 | 3061 | /* session cache */ |
ashleymills | 0:714293de3836 | 3062 | for (i = 0; i < cache_header.rows; ++i) { |
ashleymills | 0:714293de3836 | 3063 | ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file); |
ashleymills | 0:714293de3836 | 3064 | if (ret != 1) { |
ashleymills | 0:714293de3836 | 3065 | CYASSL_MSG("Session cache member file read failed"); |
ashleymills | 0:714293de3836 | 3066 | XMEMSET(SessionCache, 0, sizeof SessionCache); |
ashleymills | 0:714293de3836 | 3067 | rc = FREAD_ERROR; |
ashleymills | 0:714293de3836 | 3068 | break; |
ashleymills | 0:714293de3836 | 3069 | } |
ashleymills | 0:714293de3836 | 3070 | } |
ashleymills | 0:714293de3836 | 3071 | |
ashleymills | 0:714293de3836 | 3072 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 3073 | /* client cache */ |
ashleymills | 0:714293de3836 | 3074 | for (i = 0; i < cache_header.rows; ++i) { |
ashleymills | 0:714293de3836 | 3075 | ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file); |
ashleymills | 0:714293de3836 | 3076 | if (ret != 1) { |
ashleymills | 0:714293de3836 | 3077 | CYASSL_MSG("Client cache member file read failed"); |
ashleymills | 0:714293de3836 | 3078 | XMEMSET(ClientCache, 0, sizeof ClientCache); |
ashleymills | 0:714293de3836 | 3079 | rc = FREAD_ERROR; |
ashleymills | 0:714293de3836 | 3080 | break; |
ashleymills | 0:714293de3836 | 3081 | } |
ashleymills | 0:714293de3836 | 3082 | } |
ashleymills | 0:714293de3836 | 3083 | |
ashleymills | 0:714293de3836 | 3084 | #endif /* NO_CLIENT_CACHE */ |
ashleymills | 0:714293de3836 | 3085 | |
ashleymills | 0:714293de3836 | 3086 | UnLockMutex(&session_mutex); |
ashleymills | 0:714293de3836 | 3087 | |
ashleymills | 0:714293de3836 | 3088 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3089 | CYASSL_LEAVE("CyaSSL_restore_session_cache", rc); |
ashleymills | 0:714293de3836 | 3090 | |
ashleymills | 0:714293de3836 | 3091 | return rc; |
ashleymills | 0:714293de3836 | 3092 | } |
ashleymills | 0:714293de3836 | 3093 | |
ashleymills | 0:714293de3836 | 3094 | #endif /* !NO_FILESYSTEM */ |
ashleymills | 0:714293de3836 | 3095 | #endif /* PERSIST_SESSION_CACHE */ |
ashleymills | 0:714293de3836 | 3096 | #endif /* NO_SESSION_CACHE */ |
ashleymills | 0:714293de3836 | 3097 | |
ashleymills | 0:714293de3836 | 3098 | |
ashleymills | 0:714293de3836 | 3099 | void CyaSSL_load_error_strings(void) /* compatibility only */ |
ashleymills | 0:714293de3836 | 3100 | {} |
ashleymills | 0:714293de3836 | 3101 | |
ashleymills | 0:714293de3836 | 3102 | |
ashleymills | 0:714293de3836 | 3103 | int CyaSSL_library_init(void) |
ashleymills | 0:714293de3836 | 3104 | { |
ashleymills | 0:714293de3836 | 3105 | CYASSL_ENTER("SSL_library_init"); |
ashleymills | 0:714293de3836 | 3106 | if (CyaSSL_Init() == SSL_SUCCESS) |
ashleymills | 0:714293de3836 | 3107 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3108 | else |
ashleymills | 0:714293de3836 | 3109 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3110 | } |
ashleymills | 0:714293de3836 | 3111 | |
ashleymills | 0:714293de3836 | 3112 | |
ashleymills | 0:714293de3836 | 3113 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:714293de3836 | 3114 | |
ashleymills | 0:714293de3836 | 3115 | /* on by default if built in but allow user to turn off */ |
ashleymills | 0:714293de3836 | 3116 | long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode) |
ashleymills | 0:714293de3836 | 3117 | { |
ashleymills | 0:714293de3836 | 3118 | CYASSL_ENTER("SSL_CTX_set_session_cache_mode"); |
ashleymills | 0:714293de3836 | 3119 | if (mode == SSL_SESS_CACHE_OFF) |
ashleymills | 0:714293de3836 | 3120 | ctx->sessionCacheOff = 1; |
ashleymills | 0:714293de3836 | 3121 | |
ashleymills | 0:714293de3836 | 3122 | if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR) |
ashleymills | 0:714293de3836 | 3123 | ctx->sessionCacheFlushOff = 1; |
ashleymills | 0:714293de3836 | 3124 | |
ashleymills | 0:714293de3836 | 3125 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3126 | } |
ashleymills | 0:714293de3836 | 3127 | |
ashleymills | 0:714293de3836 | 3128 | #endif /* NO_SESSION_CACHE */ |
ashleymills | 0:714293de3836 | 3129 | |
ashleymills | 0:714293de3836 | 3130 | |
ashleymills | 0:714293de3836 | 3131 | #if !defined(NO_CERTS) |
ashleymills | 0:714293de3836 | 3132 | #if defined(PERSIST_CERT_CACHE) |
ashleymills | 0:714293de3836 | 3133 | |
ashleymills | 0:714293de3836 | 3134 | |
ashleymills | 0:714293de3836 | 3135 | #define CYASSL_CACHE_CERT_VERSION 1 |
ashleymills | 0:714293de3836 | 3136 | |
ashleymills | 0:714293de3836 | 3137 | typedef struct { |
ashleymills | 0:714293de3836 | 3138 | int version; /* cache cert layout version id */ |
ashleymills | 0:714293de3836 | 3139 | int rows; /* hash table rows, CA_TABLE_SIZE */ |
ashleymills | 0:714293de3836 | 3140 | int columns[CA_TABLE_SIZE]; /* columns per row on list */ |
ashleymills | 0:714293de3836 | 3141 | int signerSz; /* sizeof Signer object */ |
ashleymills | 0:714293de3836 | 3142 | } CertCacheHeader; |
ashleymills | 0:714293de3836 | 3143 | |
ashleymills | 0:714293de3836 | 3144 | /* current cert persistance layout is: |
ashleymills | 0:714293de3836 | 3145 | |
ashleymills | 0:714293de3836 | 3146 | 1) CertCacheHeader |
ashleymills | 0:714293de3836 | 3147 | 2) caTable |
ashleymills | 0:714293de3836 | 3148 | |
ashleymills | 0:714293de3836 | 3149 | update CYASSL_CERT_CACHE_VERSION if change layout for the following |
ashleymills | 0:714293de3836 | 3150 | PERSIST_CERT_CACHE functions |
ashleymills | 0:714293de3836 | 3151 | */ |
ashleymills | 0:714293de3836 | 3152 | |
ashleymills | 0:714293de3836 | 3153 | |
ashleymills | 0:714293de3836 | 3154 | /* Return memory needed to persist this signer, have lock */ |
ashleymills | 0:714293de3836 | 3155 | static INLINE int GetSignerMemory(Signer* signer) |
ashleymills | 0:714293de3836 | 3156 | { |
ashleymills | 0:714293de3836 | 3157 | int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) |
ashleymills | 0:714293de3836 | 3158 | + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash); |
ashleymills | 0:714293de3836 | 3159 | |
ashleymills | 0:714293de3836 | 3160 | #if !defined(NO_SKID) |
ashleymills | 0:714293de3836 | 3161 | sz += sizeof(signer->subjectKeyIdHash); |
ashleymills | 0:714293de3836 | 3162 | #endif |
ashleymills | 0:714293de3836 | 3163 | |
ashleymills | 0:714293de3836 | 3164 | /* add dynamic bytes needed */ |
ashleymills | 0:714293de3836 | 3165 | sz += signer->pubKeySize; |
ashleymills | 0:714293de3836 | 3166 | sz += signer->nameLen; |
ashleymills | 0:714293de3836 | 3167 | |
ashleymills | 0:714293de3836 | 3168 | return sz; |
ashleymills | 0:714293de3836 | 3169 | } |
ashleymills | 0:714293de3836 | 3170 | |
ashleymills | 0:714293de3836 | 3171 | |
ashleymills | 0:714293de3836 | 3172 | /* Return memory needed to persist this row, have lock */ |
ashleymills | 0:714293de3836 | 3173 | static INLINE int GetCertCacheRowMemory(Signer* row) |
ashleymills | 0:714293de3836 | 3174 | { |
ashleymills | 0:714293de3836 | 3175 | int sz = 0; |
ashleymills | 0:714293de3836 | 3176 | |
ashleymills | 0:714293de3836 | 3177 | while (row) { |
ashleymills | 0:714293de3836 | 3178 | sz += GetSignerMemory(row); |
ashleymills | 0:714293de3836 | 3179 | row = row->next; |
ashleymills | 0:714293de3836 | 3180 | } |
ashleymills | 0:714293de3836 | 3181 | |
ashleymills | 0:714293de3836 | 3182 | return sz; |
ashleymills | 0:714293de3836 | 3183 | } |
ashleymills | 0:714293de3836 | 3184 | |
ashleymills | 0:714293de3836 | 3185 | |
ashleymills | 0:714293de3836 | 3186 | /* get the size of persist cert cache, have lock */ |
ashleymills | 0:714293de3836 | 3187 | static INLINE int GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm) |
ashleymills | 0:714293de3836 | 3188 | { |
ashleymills | 0:714293de3836 | 3189 | int sz; |
ashleymills | 0:714293de3836 | 3190 | int i; |
ashleymills | 0:714293de3836 | 3191 | |
ashleymills | 0:714293de3836 | 3192 | sz = sizeof(CertCacheHeader); |
ashleymills | 0:714293de3836 | 3193 | |
ashleymills | 0:714293de3836 | 3194 | for (i = 0; i < CA_TABLE_SIZE; i++) |
ashleymills | 0:714293de3836 | 3195 | sz += GetCertCacheRowMemory(cm->caTable[i]); |
ashleymills | 0:714293de3836 | 3196 | |
ashleymills | 0:714293de3836 | 3197 | return sz; |
ashleymills | 0:714293de3836 | 3198 | } |
ashleymills | 0:714293de3836 | 3199 | |
ashleymills | 0:714293de3836 | 3200 | |
ashleymills | 0:714293de3836 | 3201 | /* Store cert cache header columns with number of items per list, have lock */ |
ashleymills | 0:714293de3836 | 3202 | static INLINE void SetCertHeaderColumns(CYASSL_CERT_MANAGER* cm, int* columns) |
ashleymills | 0:714293de3836 | 3203 | { |
ashleymills | 0:714293de3836 | 3204 | int i; |
ashleymills | 0:714293de3836 | 3205 | Signer* row; |
ashleymills | 0:714293de3836 | 3206 | |
ashleymills | 0:714293de3836 | 3207 | for (i = 0; i < CA_TABLE_SIZE; i++) { |
ashleymills | 0:714293de3836 | 3208 | int count = 0; |
ashleymills | 0:714293de3836 | 3209 | row = cm->caTable[i]; |
ashleymills | 0:714293de3836 | 3210 | |
ashleymills | 0:714293de3836 | 3211 | while (row) { |
ashleymills | 0:714293de3836 | 3212 | ++count; |
ashleymills | 0:714293de3836 | 3213 | row = row->next; |
ashleymills | 0:714293de3836 | 3214 | } |
ashleymills | 0:714293de3836 | 3215 | columns[i] = count; |
ashleymills | 0:714293de3836 | 3216 | } |
ashleymills | 0:714293de3836 | 3217 | } |
ashleymills | 0:714293de3836 | 3218 | |
ashleymills | 0:714293de3836 | 3219 | |
ashleymills | 0:714293de3836 | 3220 | /* Restore whole cert row from memory, have lock, return bytes consumed, |
ashleymills | 0:714293de3836 | 3221 | < 0 on error, have lock */ |
ashleymills | 0:714293de3836 | 3222 | static INLINE int RestoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current, |
ashleymills | 0:714293de3836 | 3223 | int row, int listSz, const byte* end) |
ashleymills | 0:714293de3836 | 3224 | { |
ashleymills | 0:714293de3836 | 3225 | int idx = 0; |
ashleymills | 0:714293de3836 | 3226 | |
ashleymills | 0:714293de3836 | 3227 | if (listSz < 0) { |
ashleymills | 0:714293de3836 | 3228 | CYASSL_MSG("Row header corrupted, negative value"); |
ashleymills | 0:714293de3836 | 3229 | return PARSE_ERROR; |
ashleymills | 0:714293de3836 | 3230 | } |
ashleymills | 0:714293de3836 | 3231 | |
ashleymills | 0:714293de3836 | 3232 | while (listSz) { |
ashleymills | 0:714293de3836 | 3233 | Signer* signer; |
ashleymills | 0:714293de3836 | 3234 | byte* start = current + idx; /* for end checks on this signer */ |
ashleymills | 0:714293de3836 | 3235 | int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) + |
ashleymills | 0:714293de3836 | 3236 | sizeof(signer->nameLen) + sizeof(signer->subjectNameHash); |
ashleymills | 0:714293de3836 | 3237 | #ifndef NO_SKID |
ashleymills | 0:714293de3836 | 3238 | minSz += sizeof(signer->subjectKeyIdHash); |
ashleymills | 0:714293de3836 | 3239 | #endif |
ashleymills | 0:714293de3836 | 3240 | |
ashleymills | 0:714293de3836 | 3241 | if (start + minSz > end) { |
ashleymills | 0:714293de3836 | 3242 | CYASSL_MSG("Would overread restore buffer"); |
ashleymills | 0:714293de3836 | 3243 | return BUFFER_E; |
ashleymills | 0:714293de3836 | 3244 | } |
ashleymills | 0:714293de3836 | 3245 | signer = MakeSigner(cm->heap); |
ashleymills | 0:714293de3836 | 3246 | if (signer == NULL) |
ashleymills | 0:714293de3836 | 3247 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 3248 | |
ashleymills | 0:714293de3836 | 3249 | /* pubKeySize */ |
ashleymills | 0:714293de3836 | 3250 | XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize)); |
ashleymills | 0:714293de3836 | 3251 | idx += sizeof(signer->pubKeySize); |
ashleymills | 0:714293de3836 | 3252 | |
ashleymills | 0:714293de3836 | 3253 | /* keyOID */ |
ashleymills | 0:714293de3836 | 3254 | XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID)); |
ashleymills | 0:714293de3836 | 3255 | idx += sizeof(signer->keyOID); |
ashleymills | 0:714293de3836 | 3256 | |
ashleymills | 0:714293de3836 | 3257 | /* pulicKey */ |
ashleymills | 0:714293de3836 | 3258 | if (start + minSz + signer->pubKeySize > end) { |
ashleymills | 0:714293de3836 | 3259 | CYASSL_MSG("Would overread restore buffer"); |
ashleymills | 0:714293de3836 | 3260 | FreeSigner(signer, cm->heap); |
ashleymills | 0:714293de3836 | 3261 | return BUFFER_E; |
ashleymills | 0:714293de3836 | 3262 | } |
ashleymills | 0:714293de3836 | 3263 | signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap, |
ashleymills | 0:714293de3836 | 3264 | DYNAMIC_TYPE_KEY); |
ashleymills | 0:714293de3836 | 3265 | if (signer->publicKey == NULL) { |
ashleymills | 0:714293de3836 | 3266 | FreeSigner(signer, cm->heap); |
ashleymills | 0:714293de3836 | 3267 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 3268 | } |
ashleymills | 0:714293de3836 | 3269 | |
ashleymills | 0:714293de3836 | 3270 | XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize); |
ashleymills | 0:714293de3836 | 3271 | idx += signer->pubKeySize; |
ashleymills | 0:714293de3836 | 3272 | |
ashleymills | 0:714293de3836 | 3273 | /* nameLen */ |
ashleymills | 0:714293de3836 | 3274 | XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen)); |
ashleymills | 0:714293de3836 | 3275 | idx += sizeof(signer->nameLen); |
ashleymills | 0:714293de3836 | 3276 | |
ashleymills | 0:714293de3836 | 3277 | /* name */ |
ashleymills | 0:714293de3836 | 3278 | if (start + minSz + signer->pubKeySize + signer->nameLen > end) { |
ashleymills | 0:714293de3836 | 3279 | CYASSL_MSG("Would overread restore buffer"); |
ashleymills | 0:714293de3836 | 3280 | FreeSigner(signer, cm->heap); |
ashleymills | 0:714293de3836 | 3281 | return BUFFER_E; |
ashleymills | 0:714293de3836 | 3282 | } |
ashleymills | 0:714293de3836 | 3283 | signer->name = (char*)XMALLOC(signer->nameLen, cm->heap, |
ashleymills | 0:714293de3836 | 3284 | DYNAMIC_TYPE_SUBJECT_CN); |
ashleymills | 0:714293de3836 | 3285 | if (signer->name == NULL) { |
ashleymills | 0:714293de3836 | 3286 | FreeSigner(signer, cm->heap); |
ashleymills | 0:714293de3836 | 3287 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 3288 | } |
ashleymills | 0:714293de3836 | 3289 | |
ashleymills | 0:714293de3836 | 3290 | XMEMCPY(signer->name, current + idx, signer->nameLen); |
ashleymills | 0:714293de3836 | 3291 | idx += signer->nameLen; |
ashleymills | 0:714293de3836 | 3292 | |
ashleymills | 0:714293de3836 | 3293 | /* subjectNameHash */ |
ashleymills | 0:714293de3836 | 3294 | XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE); |
ashleymills | 0:714293de3836 | 3295 | idx += SIGNER_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 3296 | |
ashleymills | 0:714293de3836 | 3297 | #ifndef NO_SKID |
ashleymills | 0:714293de3836 | 3298 | /* subjectKeyIdHash */ |
ashleymills | 0:714293de3836 | 3299 | XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE); |
ashleymills | 0:714293de3836 | 3300 | idx += SIGNER_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 3301 | #endif |
ashleymills | 0:714293de3836 | 3302 | |
ashleymills | 0:714293de3836 | 3303 | signer->next = cm->caTable[row]; |
ashleymills | 0:714293de3836 | 3304 | cm->caTable[row] = signer; |
ashleymills | 0:714293de3836 | 3305 | |
ashleymills | 0:714293de3836 | 3306 | --listSz; |
ashleymills | 0:714293de3836 | 3307 | } |
ashleymills | 0:714293de3836 | 3308 | |
ashleymills | 0:714293de3836 | 3309 | return idx; |
ashleymills | 0:714293de3836 | 3310 | } |
ashleymills | 0:714293de3836 | 3311 | |
ashleymills | 0:714293de3836 | 3312 | |
ashleymills | 0:714293de3836 | 3313 | /* Store whole cert row into memory, have lock, return bytes added */ |
ashleymills | 0:714293de3836 | 3314 | static INLINE int StoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current, int row) |
ashleymills | 0:714293de3836 | 3315 | { |
ashleymills | 0:714293de3836 | 3316 | int added = 0; |
ashleymills | 0:714293de3836 | 3317 | Signer* list = cm->caTable[row]; |
ashleymills | 0:714293de3836 | 3318 | |
ashleymills | 0:714293de3836 | 3319 | while (list) { |
ashleymills | 0:714293de3836 | 3320 | XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize)); |
ashleymills | 0:714293de3836 | 3321 | added += sizeof(list->pubKeySize); |
ashleymills | 0:714293de3836 | 3322 | |
ashleymills | 0:714293de3836 | 3323 | XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID)); |
ashleymills | 0:714293de3836 | 3324 | added += sizeof(list->keyOID); |
ashleymills | 0:714293de3836 | 3325 | |
ashleymills | 0:714293de3836 | 3326 | XMEMCPY(current + added, list->publicKey, list->pubKeySize); |
ashleymills | 0:714293de3836 | 3327 | added += list->pubKeySize; |
ashleymills | 0:714293de3836 | 3328 | |
ashleymills | 0:714293de3836 | 3329 | XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen)); |
ashleymills | 0:714293de3836 | 3330 | added += sizeof(list->nameLen); |
ashleymills | 0:714293de3836 | 3331 | |
ashleymills | 0:714293de3836 | 3332 | XMEMCPY(current + added, list->name, list->nameLen); |
ashleymills | 0:714293de3836 | 3333 | added += list->nameLen; |
ashleymills | 0:714293de3836 | 3334 | |
ashleymills | 0:714293de3836 | 3335 | XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE); |
ashleymills | 0:714293de3836 | 3336 | added += SIGNER_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 3337 | |
ashleymills | 0:714293de3836 | 3338 | #ifndef NO_SKID |
ashleymills | 0:714293de3836 | 3339 | XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE); |
ashleymills | 0:714293de3836 | 3340 | added += SIGNER_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 3341 | #endif |
ashleymills | 0:714293de3836 | 3342 | |
ashleymills | 0:714293de3836 | 3343 | list = list->next; |
ashleymills | 0:714293de3836 | 3344 | } |
ashleymills | 0:714293de3836 | 3345 | |
ashleymills | 0:714293de3836 | 3346 | return added; |
ashleymills | 0:714293de3836 | 3347 | } |
ashleymills | 0:714293de3836 | 3348 | |
ashleymills | 0:714293de3836 | 3349 | |
ashleymills | 0:714293de3836 | 3350 | /* Persist cert cache to memory, have lock */ |
ashleymills | 0:714293de3836 | 3351 | static INLINE int DoMemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz) |
ashleymills | 0:714293de3836 | 3352 | { |
ashleymills | 0:714293de3836 | 3353 | int realSz; |
ashleymills | 0:714293de3836 | 3354 | int ret = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3355 | int i; |
ashleymills | 0:714293de3836 | 3356 | |
ashleymills | 0:714293de3836 | 3357 | CYASSL_ENTER("DoMemSaveCertCache"); |
ashleymills | 0:714293de3836 | 3358 | |
ashleymills | 0:714293de3836 | 3359 | realSz = GetCertCacheMemSize(cm); |
ashleymills | 0:714293de3836 | 3360 | if (realSz > sz) { |
ashleymills | 0:714293de3836 | 3361 | CYASSL_MSG("Mem output buffer too small"); |
ashleymills | 0:714293de3836 | 3362 | ret = BUFFER_E; |
ashleymills | 0:714293de3836 | 3363 | } |
ashleymills | 0:714293de3836 | 3364 | else { |
ashleymills | 0:714293de3836 | 3365 | byte* current; |
ashleymills | 0:714293de3836 | 3366 | CertCacheHeader hdr; |
ashleymills | 0:714293de3836 | 3367 | |
ashleymills | 0:714293de3836 | 3368 | hdr.version = CYASSL_CACHE_CERT_VERSION; |
ashleymills | 0:714293de3836 | 3369 | hdr.rows = CA_TABLE_SIZE; |
ashleymills | 0:714293de3836 | 3370 | SetCertHeaderColumns(cm, hdr.columns); |
ashleymills | 0:714293de3836 | 3371 | hdr.signerSz = (int)sizeof(Signer); |
ashleymills | 0:714293de3836 | 3372 | |
ashleymills | 0:714293de3836 | 3373 | XMEMCPY(mem, &hdr, sizeof(CertCacheHeader)); |
ashleymills | 0:714293de3836 | 3374 | current = (byte*)mem + sizeof(CertCacheHeader); |
ashleymills | 0:714293de3836 | 3375 | |
ashleymills | 0:714293de3836 | 3376 | for (i = 0; i < CA_TABLE_SIZE; ++i) |
ashleymills | 0:714293de3836 | 3377 | current += StoreCertRow(cm, current, i); |
ashleymills | 0:714293de3836 | 3378 | } |
ashleymills | 0:714293de3836 | 3379 | |
ashleymills | 0:714293de3836 | 3380 | return ret; |
ashleymills | 0:714293de3836 | 3381 | } |
ashleymills | 0:714293de3836 | 3382 | |
ashleymills | 0:714293de3836 | 3383 | |
ashleymills | 0:714293de3836 | 3384 | #if !defined(NO_FILESYSTEM) |
ashleymills | 0:714293de3836 | 3385 | |
ashleymills | 0:714293de3836 | 3386 | /* Persist cert cache to file */ |
ashleymills | 0:714293de3836 | 3387 | int CM_SaveCertCache(CYASSL_CERT_MANAGER* cm, const char* fname) |
ashleymills | 0:714293de3836 | 3388 | { |
ashleymills | 0:714293de3836 | 3389 | XFILE file; |
ashleymills | 0:714293de3836 | 3390 | int rc = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3391 | int memSz; |
ashleymills | 0:714293de3836 | 3392 | byte* mem; |
ashleymills | 0:714293de3836 | 3393 | |
ashleymills | 0:714293de3836 | 3394 | CYASSL_ENTER("CM_SaveCertCache"); |
ashleymills | 0:714293de3836 | 3395 | |
ashleymills | 0:714293de3836 | 3396 | file = XFOPEN(fname, "w+b"); |
ashleymills | 0:714293de3836 | 3397 | if (file == XBADFILE) { |
ashleymills | 0:714293de3836 | 3398 | CYASSL_MSG("Couldn't open cert cache save file"); |
ashleymills | 0:714293de3836 | 3399 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 3400 | } |
ashleymills | 0:714293de3836 | 3401 | |
ashleymills | 0:714293de3836 | 3402 | if (LockMutex(&cm->caLock) != 0) { |
ashleymills | 0:714293de3836 | 3403 | CYASSL_MSG("LockMutex on caLock failed"); |
ashleymills | 0:714293de3836 | 3404 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3405 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 3406 | } |
ashleymills | 0:714293de3836 | 3407 | |
ashleymills | 0:714293de3836 | 3408 | memSz = GetCertCacheMemSize(cm); |
ashleymills | 0:714293de3836 | 3409 | mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); |
ashleymills | 0:714293de3836 | 3410 | if (mem == NULL) { |
ashleymills | 0:714293de3836 | 3411 | CYASSL_MSG("Alloc for tmp buffer failed"); |
ashleymills | 0:714293de3836 | 3412 | rc = MEMORY_E; |
ashleymills | 0:714293de3836 | 3413 | } else { |
ashleymills | 0:714293de3836 | 3414 | rc = DoMemSaveCertCache(cm, mem, memSz); |
ashleymills | 0:714293de3836 | 3415 | if (rc == SSL_SUCCESS) { |
ashleymills | 0:714293de3836 | 3416 | int ret = (int)XFWRITE(mem, memSz, 1, file); |
ashleymills | 0:714293de3836 | 3417 | if (ret != 1) { |
ashleymills | 0:714293de3836 | 3418 | CYASSL_MSG("Cert cache file write failed"); |
ashleymills | 0:714293de3836 | 3419 | rc = FWRITE_ERROR; |
ashleymills | 0:714293de3836 | 3420 | } |
ashleymills | 0:714293de3836 | 3421 | } |
ashleymills | 0:714293de3836 | 3422 | XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); |
ashleymills | 0:714293de3836 | 3423 | } |
ashleymills | 0:714293de3836 | 3424 | |
ashleymills | 0:714293de3836 | 3425 | UnLockMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 3426 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3427 | |
ashleymills | 0:714293de3836 | 3428 | return rc; |
ashleymills | 0:714293de3836 | 3429 | } |
ashleymills | 0:714293de3836 | 3430 | |
ashleymills | 0:714293de3836 | 3431 | |
ashleymills | 0:714293de3836 | 3432 | /* Restore cert cache from file */ |
ashleymills | 0:714293de3836 | 3433 | int CM_RestoreCertCache(CYASSL_CERT_MANAGER* cm, const char* fname) |
ashleymills | 0:714293de3836 | 3434 | { |
ashleymills | 0:714293de3836 | 3435 | XFILE file; |
ashleymills | 0:714293de3836 | 3436 | int rc = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3437 | int ret; |
ashleymills | 0:714293de3836 | 3438 | int memSz; |
ashleymills | 0:714293de3836 | 3439 | byte* mem; |
ashleymills | 0:714293de3836 | 3440 | |
ashleymills | 0:714293de3836 | 3441 | CYASSL_ENTER("CM_RestoreCertCache"); |
ashleymills | 0:714293de3836 | 3442 | |
ashleymills | 0:714293de3836 | 3443 | file = XFOPEN(fname, "rb"); |
ashleymills | 0:714293de3836 | 3444 | if (file == XBADFILE) { |
ashleymills | 0:714293de3836 | 3445 | CYASSL_MSG("Couldn't open cert cache save file"); |
ashleymills | 0:714293de3836 | 3446 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 3447 | } |
ashleymills | 0:714293de3836 | 3448 | |
ashleymills | 0:714293de3836 | 3449 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:714293de3836 | 3450 | memSz = (int)XFTELL(file); |
ashleymills | 0:714293de3836 | 3451 | XREWIND(file); |
ashleymills | 0:714293de3836 | 3452 | |
ashleymills | 0:714293de3836 | 3453 | if (memSz <= 0) { |
ashleymills | 0:714293de3836 | 3454 | CYASSL_MSG("Bad file size"); |
ashleymills | 0:714293de3836 | 3455 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3456 | return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 3457 | } |
ashleymills | 0:714293de3836 | 3458 | |
ashleymills | 0:714293de3836 | 3459 | mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); |
ashleymills | 0:714293de3836 | 3460 | if (mem == NULL) { |
ashleymills | 0:714293de3836 | 3461 | CYASSL_MSG("Alloc for tmp buffer failed"); |
ashleymills | 0:714293de3836 | 3462 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3463 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 3464 | } |
ashleymills | 0:714293de3836 | 3465 | |
ashleymills | 0:714293de3836 | 3466 | ret = (int)XFREAD(mem, memSz, 1, file); |
ashleymills | 0:714293de3836 | 3467 | if (ret != 1) { |
ashleymills | 0:714293de3836 | 3468 | CYASSL_MSG("Cert file read error"); |
ashleymills | 0:714293de3836 | 3469 | rc = FREAD_ERROR; |
ashleymills | 0:714293de3836 | 3470 | } else { |
ashleymills | 0:714293de3836 | 3471 | rc = CM_MemRestoreCertCache(cm, mem, memSz); |
ashleymills | 0:714293de3836 | 3472 | if (rc != SSL_SUCCESS) { |
ashleymills | 0:714293de3836 | 3473 | CYASSL_MSG("Mem restore cert cache failed"); |
ashleymills | 0:714293de3836 | 3474 | } |
ashleymills | 0:714293de3836 | 3475 | } |
ashleymills | 0:714293de3836 | 3476 | |
ashleymills | 0:714293de3836 | 3477 | XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); |
ashleymills | 0:714293de3836 | 3478 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 3479 | |
ashleymills | 0:714293de3836 | 3480 | return rc; |
ashleymills | 0:714293de3836 | 3481 | } |
ashleymills | 0:714293de3836 | 3482 | |
ashleymills | 0:714293de3836 | 3483 | #endif /* NO_FILESYSTEM */ |
ashleymills | 0:714293de3836 | 3484 | |
ashleymills | 0:714293de3836 | 3485 | |
ashleymills | 0:714293de3836 | 3486 | /* Persist cert cache to memory */ |
ashleymills | 0:714293de3836 | 3487 | int CM_MemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz, int* used) |
ashleymills | 0:714293de3836 | 3488 | { |
ashleymills | 0:714293de3836 | 3489 | int ret = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3490 | |
ashleymills | 0:714293de3836 | 3491 | CYASSL_ENTER("CM_MemSaveCertCache"); |
ashleymills | 0:714293de3836 | 3492 | |
ashleymills | 0:714293de3836 | 3493 | if (LockMutex(&cm->caLock) != 0) { |
ashleymills | 0:714293de3836 | 3494 | CYASSL_MSG("LockMutex on caLock failed"); |
ashleymills | 0:714293de3836 | 3495 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 3496 | } |
ashleymills | 0:714293de3836 | 3497 | |
ashleymills | 0:714293de3836 | 3498 | ret = DoMemSaveCertCache(cm, mem, sz); |
ashleymills | 0:714293de3836 | 3499 | if (ret == SSL_SUCCESS) |
ashleymills | 0:714293de3836 | 3500 | *used = GetCertCacheMemSize(cm); |
ashleymills | 0:714293de3836 | 3501 | |
ashleymills | 0:714293de3836 | 3502 | UnLockMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 3503 | |
ashleymills | 0:714293de3836 | 3504 | return ret; |
ashleymills | 0:714293de3836 | 3505 | } |
ashleymills | 0:714293de3836 | 3506 | |
ashleymills | 0:714293de3836 | 3507 | |
ashleymills | 0:714293de3836 | 3508 | /* Restore cert cache from memory */ |
ashleymills | 0:714293de3836 | 3509 | int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER* cm, const void* mem, int sz) |
ashleymills | 0:714293de3836 | 3510 | { |
ashleymills | 0:714293de3836 | 3511 | int ret = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3512 | int i; |
ashleymills | 0:714293de3836 | 3513 | CertCacheHeader* hdr = (CertCacheHeader*)mem; |
ashleymills | 0:714293de3836 | 3514 | byte* current = (byte*)mem + sizeof(CertCacheHeader); |
ashleymills | 0:714293de3836 | 3515 | byte* end = (byte*)mem + sz; /* don't go over */ |
ashleymills | 0:714293de3836 | 3516 | |
ashleymills | 0:714293de3836 | 3517 | CYASSL_ENTER("CM_MemRestoreCertCache"); |
ashleymills | 0:714293de3836 | 3518 | |
ashleymills | 0:714293de3836 | 3519 | if (current > end) { |
ashleymills | 0:714293de3836 | 3520 | CYASSL_MSG("Cert Cache Memory buffer too small"); |
ashleymills | 0:714293de3836 | 3521 | return BUFFER_E; |
ashleymills | 0:714293de3836 | 3522 | } |
ashleymills | 0:714293de3836 | 3523 | |
ashleymills | 0:714293de3836 | 3524 | if (hdr->version != CYASSL_CACHE_CERT_VERSION || |
ashleymills | 0:714293de3836 | 3525 | hdr->rows != CA_TABLE_SIZE || |
ashleymills | 0:714293de3836 | 3526 | hdr->signerSz != (int)sizeof(Signer)) { |
ashleymills | 0:714293de3836 | 3527 | |
ashleymills | 0:714293de3836 | 3528 | CYASSL_MSG("Cert Cache Memory header mismatch"); |
ashleymills | 0:714293de3836 | 3529 | return CACHE_MATCH_ERROR; |
ashleymills | 0:714293de3836 | 3530 | } |
ashleymills | 0:714293de3836 | 3531 | |
ashleymills | 0:714293de3836 | 3532 | if (LockMutex(&cm->caLock) != 0) { |
ashleymills | 0:714293de3836 | 3533 | CYASSL_MSG("LockMutex on caLock failed"); |
ashleymills | 0:714293de3836 | 3534 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 3535 | } |
ashleymills | 0:714293de3836 | 3536 | |
ashleymills | 0:714293de3836 | 3537 | FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap); |
ashleymills | 0:714293de3836 | 3538 | |
ashleymills | 0:714293de3836 | 3539 | for (i = 0; i < CA_TABLE_SIZE; ++i) { |
ashleymills | 0:714293de3836 | 3540 | int added = RestoreCertRow(cm, current, i, hdr->columns[i], end); |
ashleymills | 0:714293de3836 | 3541 | if (added < 0) { |
ashleymills | 0:714293de3836 | 3542 | CYASSL_MSG("RestoreCertRow error"); |
ashleymills | 0:714293de3836 | 3543 | ret = added; |
ashleymills | 0:714293de3836 | 3544 | break; |
ashleymills | 0:714293de3836 | 3545 | } |
ashleymills | 0:714293de3836 | 3546 | current += added; |
ashleymills | 0:714293de3836 | 3547 | } |
ashleymills | 0:714293de3836 | 3548 | |
ashleymills | 0:714293de3836 | 3549 | UnLockMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 3550 | |
ashleymills | 0:714293de3836 | 3551 | return ret; |
ashleymills | 0:714293de3836 | 3552 | } |
ashleymills | 0:714293de3836 | 3553 | |
ashleymills | 0:714293de3836 | 3554 | |
ashleymills | 0:714293de3836 | 3555 | /* get how big the the cert cache save buffer needs to be */ |
ashleymills | 0:714293de3836 | 3556 | int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm) |
ashleymills | 0:714293de3836 | 3557 | { |
ashleymills | 0:714293de3836 | 3558 | int sz; |
ashleymills | 0:714293de3836 | 3559 | |
ashleymills | 0:714293de3836 | 3560 | CYASSL_ENTER("CM_GetCertCacheMemSize"); |
ashleymills | 0:714293de3836 | 3561 | |
ashleymills | 0:714293de3836 | 3562 | if (LockMutex(&cm->caLock) != 0) { |
ashleymills | 0:714293de3836 | 3563 | CYASSL_MSG("LockMutex on caLock failed"); |
ashleymills | 0:714293de3836 | 3564 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 3565 | } |
ashleymills | 0:714293de3836 | 3566 | |
ashleymills | 0:714293de3836 | 3567 | sz = GetCertCacheMemSize(cm); |
ashleymills | 0:714293de3836 | 3568 | |
ashleymills | 0:714293de3836 | 3569 | UnLockMutex(&cm->caLock); |
ashleymills | 0:714293de3836 | 3570 | |
ashleymills | 0:714293de3836 | 3571 | return sz; |
ashleymills | 0:714293de3836 | 3572 | } |
ashleymills | 0:714293de3836 | 3573 | |
ashleymills | 0:714293de3836 | 3574 | #endif /* PERSIST_CERT_CACHE */ |
ashleymills | 0:714293de3836 | 3575 | #endif /* NO_CERTS */ |
ashleymills | 0:714293de3836 | 3576 | |
ashleymills | 0:714293de3836 | 3577 | |
ashleymills | 0:714293de3836 | 3578 | int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list) |
ashleymills | 0:714293de3836 | 3579 | { |
ashleymills | 0:714293de3836 | 3580 | CYASSL_ENTER("CyaSSL_CTX_set_cipher_list"); |
ashleymills | 0:714293de3836 | 3581 | if (SetCipherList(&ctx->suites, list)) |
ashleymills | 0:714293de3836 | 3582 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3583 | else |
ashleymills | 0:714293de3836 | 3584 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 3585 | } |
ashleymills | 0:714293de3836 | 3586 | |
ashleymills | 0:714293de3836 | 3587 | |
ashleymills | 0:714293de3836 | 3588 | int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list) |
ashleymills | 0:714293de3836 | 3589 | { |
ashleymills | 0:714293de3836 | 3590 | CYASSL_ENTER("CyaSSL_set_cipher_list"); |
ashleymills | 0:714293de3836 | 3591 | if (SetCipherList(ssl->suites, list)) { |
ashleymills | 0:714293de3836 | 3592 | byte haveRSA = 1; |
ashleymills | 0:714293de3836 | 3593 | byte havePSK = 0; |
ashleymills | 0:714293de3836 | 3594 | |
ashleymills | 0:714293de3836 | 3595 | #ifdef NO_RSA |
ashleymills | 0:714293de3836 | 3596 | haveRSA = 0; |
ashleymills | 0:714293de3836 | 3597 | #endif |
ashleymills | 0:714293de3836 | 3598 | #ifndef NO_PSK |
ashleymills | 0:714293de3836 | 3599 | havePSK = ssl->options.havePSK; |
ashleymills | 0:714293de3836 | 3600 | #endif |
ashleymills | 0:714293de3836 | 3601 | |
ashleymills | 0:714293de3836 | 3602 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
ashleymills | 0:714293de3836 | 3603 | ssl->options.haveDH, ssl->options.haveNTRU, |
ashleymills | 0:714293de3836 | 3604 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
ashleymills | 0:714293de3836 | 3605 | ssl->options.side); |
ashleymills | 0:714293de3836 | 3606 | |
ashleymills | 0:714293de3836 | 3607 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3608 | } |
ashleymills | 0:714293de3836 | 3609 | else |
ashleymills | 0:714293de3836 | 3610 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 3611 | } |
ashleymills | 0:714293de3836 | 3612 | |
ashleymills | 0:714293de3836 | 3613 | |
ashleymills | 0:714293de3836 | 3614 | #ifndef CYASSL_LEANPSK |
ashleymills | 0:714293de3836 | 3615 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 3616 | |
ashleymills | 0:714293de3836 | 3617 | int CyaSSL_dtls_get_current_timeout(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 3618 | { |
ashleymills | 0:714293de3836 | 3619 | (void)ssl; |
ashleymills | 0:714293de3836 | 3620 | |
ashleymills | 0:714293de3836 | 3621 | return ssl->dtls_timeout; |
ashleymills | 0:714293de3836 | 3622 | } |
ashleymills | 0:714293de3836 | 3623 | |
ashleymills | 0:714293de3836 | 3624 | |
ashleymills | 0:714293de3836 | 3625 | /* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 3626 | int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int timeout) |
ashleymills | 0:714293de3836 | 3627 | { |
ashleymills | 0:714293de3836 | 3628 | if (ssl == NULL || timeout < 0) |
ashleymills | 0:714293de3836 | 3629 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 3630 | |
ashleymills | 0:714293de3836 | 3631 | ssl->dtls_timeout_init = timeout; |
ashleymills | 0:714293de3836 | 3632 | |
ashleymills | 0:714293de3836 | 3633 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3634 | } |
ashleymills | 0:714293de3836 | 3635 | |
ashleymills | 0:714293de3836 | 3636 | |
ashleymills | 0:714293de3836 | 3637 | /* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 3638 | int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int timeout) |
ashleymills | 0:714293de3836 | 3639 | { |
ashleymills | 0:714293de3836 | 3640 | if (ssl == NULL || timeout < 0) |
ashleymills | 0:714293de3836 | 3641 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 3642 | |
ashleymills | 0:714293de3836 | 3643 | if (ssl->dtls_timeout_max < ssl->dtls_timeout_init) { |
ashleymills | 0:714293de3836 | 3644 | CYASSL_MSG("Can't set dtls timeout max less than dtls timeout init"); |
ashleymills | 0:714293de3836 | 3645 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 3646 | } |
ashleymills | 0:714293de3836 | 3647 | |
ashleymills | 0:714293de3836 | 3648 | ssl->dtls_timeout_max = timeout; |
ashleymills | 0:714293de3836 | 3649 | |
ashleymills | 0:714293de3836 | 3650 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3651 | } |
ashleymills | 0:714293de3836 | 3652 | |
ashleymills | 0:714293de3836 | 3653 | |
ashleymills | 0:714293de3836 | 3654 | int CyaSSL_dtls_got_timeout(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 3655 | { |
ashleymills | 0:714293de3836 | 3656 | int result = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3657 | |
ashleymills | 0:714293de3836 | 3658 | DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap); |
ashleymills | 0:714293de3836 | 3659 | ssl->dtls_msg_list = NULL; |
ashleymills | 0:714293de3836 | 3660 | if (DtlsPoolTimeout(ssl) < 0 || DtlsPoolSend(ssl) < 0) { |
ashleymills | 0:714293de3836 | 3661 | result = SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3662 | } |
ashleymills | 0:714293de3836 | 3663 | return result; |
ashleymills | 0:714293de3836 | 3664 | } |
ashleymills | 0:714293de3836 | 3665 | |
ashleymills | 0:714293de3836 | 3666 | #endif /* DTLS */ |
ashleymills | 0:714293de3836 | 3667 | #endif /* LEANPSK */ |
ashleymills | 0:714293de3836 | 3668 | |
ashleymills | 0:714293de3836 | 3669 | |
ashleymills | 0:714293de3836 | 3670 | /* client only parts */ |
ashleymills | 0:714293de3836 | 3671 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:714293de3836 | 3672 | |
ashleymills | 0:714293de3836 | 3673 | #ifndef NO_OLD_TLS |
ashleymills | 0:714293de3836 | 3674 | CYASSL_METHOD* CyaSSLv3_client_method(void) |
ashleymills | 0:714293de3836 | 3675 | { |
ashleymills | 0:714293de3836 | 3676 | CYASSL_METHOD* method = |
ashleymills | 0:714293de3836 | 3677 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:714293de3836 | 3678 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:714293de3836 | 3679 | CYASSL_ENTER("SSLv3_client_method"); |
ashleymills | 0:714293de3836 | 3680 | if (method) |
ashleymills | 0:714293de3836 | 3681 | InitSSL_Method(method, MakeSSLv3()); |
ashleymills | 0:714293de3836 | 3682 | return method; |
ashleymills | 0:714293de3836 | 3683 | } |
ashleymills | 0:714293de3836 | 3684 | #endif |
ashleymills | 0:714293de3836 | 3685 | |
ashleymills | 0:714293de3836 | 3686 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 3687 | CYASSL_METHOD* CyaDTLSv1_client_method(void) |
ashleymills | 0:714293de3836 | 3688 | { |
ashleymills | 0:714293de3836 | 3689 | CYASSL_METHOD* method = |
ashleymills | 0:714293de3836 | 3690 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:714293de3836 | 3691 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:714293de3836 | 3692 | CYASSL_ENTER("DTLSv1_client_method"); |
ashleymills | 0:714293de3836 | 3693 | if (method) |
ashleymills | 0:714293de3836 | 3694 | InitSSL_Method(method, MakeDTLSv1()); |
ashleymills | 0:714293de3836 | 3695 | return method; |
ashleymills | 0:714293de3836 | 3696 | } |
ashleymills | 0:714293de3836 | 3697 | |
ashleymills | 0:714293de3836 | 3698 | CYASSL_METHOD* CyaDTLSv1_2_client_method(void) |
ashleymills | 0:714293de3836 | 3699 | { |
ashleymills | 0:714293de3836 | 3700 | CYASSL_METHOD* method = |
ashleymills | 0:714293de3836 | 3701 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:714293de3836 | 3702 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:714293de3836 | 3703 | CYASSL_ENTER("DTLSv1_2_client_method"); |
ashleymills | 0:714293de3836 | 3704 | if (method) |
ashleymills | 0:714293de3836 | 3705 | InitSSL_Method(method, MakeDTLSv1_2()); |
ashleymills | 0:714293de3836 | 3706 | return method; |
ashleymills | 0:714293de3836 | 3707 | } |
ashleymills | 0:714293de3836 | 3708 | #endif |
ashleymills | 0:714293de3836 | 3709 | |
ashleymills | 0:714293de3836 | 3710 | |
ashleymills | 0:714293de3836 | 3711 | /* please see note at top of README if you get an error from connect */ |
ashleymills | 0:714293de3836 | 3712 | int CyaSSL_connect(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 3713 | { |
ashleymills | 0:714293de3836 | 3714 | int neededState; |
ashleymills | 0:714293de3836 | 3715 | |
ashleymills | 0:714293de3836 | 3716 | CYASSL_ENTER("SSL_connect()"); |
ashleymills | 0:714293de3836 | 3717 | |
ashleymills | 0:714293de3836 | 3718 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:714293de3836 | 3719 | errno = 0; |
ashleymills | 0:714293de3836 | 3720 | #endif |
ashleymills | 0:714293de3836 | 3721 | |
ashleymills | 0:714293de3836 | 3722 | if (ssl->options.side != CLIENT_END) { |
ashleymills | 0:714293de3836 | 3723 | CYASSL_ERROR(ssl->error = SIDE_ERROR); |
ashleymills | 0:714293de3836 | 3724 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3725 | } |
ashleymills | 0:714293de3836 | 3726 | |
ashleymills | 0:714293de3836 | 3727 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 3728 | if (ssl->version.major == DTLS_MAJOR) { |
ashleymills | 0:714293de3836 | 3729 | ssl->options.dtls = 1; |
ashleymills | 0:714293de3836 | 3730 | ssl->options.tls = 1; |
ashleymills | 0:714293de3836 | 3731 | ssl->options.tls1_1 = 1; |
ashleymills | 0:714293de3836 | 3732 | |
ashleymills | 0:714293de3836 | 3733 | if (DtlsPoolInit(ssl) != 0) { |
ashleymills | 0:714293de3836 | 3734 | ssl->error = MEMORY_ERROR; |
ashleymills | 0:714293de3836 | 3735 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3736 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3737 | } |
ashleymills | 0:714293de3836 | 3738 | } |
ashleymills | 0:714293de3836 | 3739 | #endif |
ashleymills | 0:714293de3836 | 3740 | |
ashleymills | 0:714293de3836 | 3741 | if (ssl->buffers.outputBuffer.length > 0) { |
ashleymills | 0:714293de3836 | 3742 | if ( (ssl->error = SendBuffered(ssl)) == 0) { |
ashleymills | 0:714293de3836 | 3743 | ssl->options.connectState++; |
ashleymills | 0:714293de3836 | 3744 | CYASSL_MSG("connect state: Advanced from buffered send"); |
ashleymills | 0:714293de3836 | 3745 | } |
ashleymills | 0:714293de3836 | 3746 | else { |
ashleymills | 0:714293de3836 | 3747 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3748 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3749 | } |
ashleymills | 0:714293de3836 | 3750 | } |
ashleymills | 0:714293de3836 | 3751 | |
ashleymills | 0:714293de3836 | 3752 | switch (ssl->options.connectState) { |
ashleymills | 0:714293de3836 | 3753 | |
ashleymills | 0:714293de3836 | 3754 | case CONNECT_BEGIN : |
ashleymills | 0:714293de3836 | 3755 | /* always send client hello first */ |
ashleymills | 0:714293de3836 | 3756 | if ( (ssl->error = SendClientHello(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 3757 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3758 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3759 | } |
ashleymills | 0:714293de3836 | 3760 | ssl->options.connectState = CLIENT_HELLO_SENT; |
ashleymills | 0:714293de3836 | 3761 | CYASSL_MSG("connect state: CLIENT_HELLO_SENT"); |
ashleymills | 0:714293de3836 | 3762 | |
ashleymills | 0:714293de3836 | 3763 | case CLIENT_HELLO_SENT : |
ashleymills | 0:714293de3836 | 3764 | neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE : |
ashleymills | 0:714293de3836 | 3765 | SERVER_HELLODONE_COMPLETE; |
ashleymills | 0:714293de3836 | 3766 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 3767 | /* In DTLS, when resuming, we can go straight to FINISHED, |
ashleymills | 0:714293de3836 | 3768 | * or do a cookie exchange and then skip to FINISHED, assume |
ashleymills | 0:714293de3836 | 3769 | * we need the cookie exchange first. */ |
ashleymills | 0:714293de3836 | 3770 | if (ssl->options.dtls) |
ashleymills | 0:714293de3836 | 3771 | neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; |
ashleymills | 0:714293de3836 | 3772 | #endif |
ashleymills | 0:714293de3836 | 3773 | /* get response */ |
ashleymills | 0:714293de3836 | 3774 | while (ssl->options.serverState < neededState) { |
ashleymills | 0:714293de3836 | 3775 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:714293de3836 | 3776 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3777 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3778 | } |
ashleymills | 0:714293de3836 | 3779 | /* if resumption failed, reset needed state */ |
ashleymills | 0:714293de3836 | 3780 | else if (neededState == SERVER_FINISHED_COMPLETE) |
ashleymills | 0:714293de3836 | 3781 | if (!ssl->options.resuming) { |
ashleymills | 0:714293de3836 | 3782 | if (!ssl->options.dtls) |
ashleymills | 0:714293de3836 | 3783 | neededState = SERVER_HELLODONE_COMPLETE; |
ashleymills | 0:714293de3836 | 3784 | else |
ashleymills | 0:714293de3836 | 3785 | neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE; |
ashleymills | 0:714293de3836 | 3786 | } |
ashleymills | 0:714293de3836 | 3787 | } |
ashleymills | 0:714293de3836 | 3788 | |
ashleymills | 0:714293de3836 | 3789 | ssl->options.connectState = HELLO_AGAIN; |
ashleymills | 0:714293de3836 | 3790 | CYASSL_MSG("connect state: HELLO_AGAIN"); |
ashleymills | 0:714293de3836 | 3791 | |
ashleymills | 0:714293de3836 | 3792 | case HELLO_AGAIN : |
ashleymills | 0:714293de3836 | 3793 | if (ssl->options.certOnly) |
ashleymills | 0:714293de3836 | 3794 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3795 | |
ashleymills | 0:714293de3836 | 3796 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 3797 | if (ssl->options.dtls) { |
ashleymills | 0:714293de3836 | 3798 | /* re-init hashes, exclude first hello and verify request */ |
ashleymills | 0:714293de3836 | 3799 | #ifndef NO_OLD_TLS |
ashleymills | 0:714293de3836 | 3800 | InitMd5(&ssl->hashMd5); |
ashleymills | 0:714293de3836 | 3801 | InitSha(&ssl->hashSha); |
ashleymills | 0:714293de3836 | 3802 | #endif |
ashleymills | 0:714293de3836 | 3803 | if (IsAtLeastTLSv1_2(ssl)) { |
ashleymills | 0:714293de3836 | 3804 | #ifndef NO_SHA256 |
ashleymills | 0:714293de3836 | 3805 | InitSha256(&ssl->hashSha256); |
ashleymills | 0:714293de3836 | 3806 | #endif |
ashleymills | 0:714293de3836 | 3807 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 3808 | InitSha384(&ssl->hashSha384); |
ashleymills | 0:714293de3836 | 3809 | #endif |
ashleymills | 0:714293de3836 | 3810 | } |
ashleymills | 0:714293de3836 | 3811 | if ( (ssl->error = SendClientHello(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 3812 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3813 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3814 | } |
ashleymills | 0:714293de3836 | 3815 | } |
ashleymills | 0:714293de3836 | 3816 | #endif |
ashleymills | 0:714293de3836 | 3817 | |
ashleymills | 0:714293de3836 | 3818 | ssl->options.connectState = HELLO_AGAIN_REPLY; |
ashleymills | 0:714293de3836 | 3819 | CYASSL_MSG("connect state: HELLO_AGAIN_REPLY"); |
ashleymills | 0:714293de3836 | 3820 | |
ashleymills | 0:714293de3836 | 3821 | case HELLO_AGAIN_REPLY : |
ashleymills | 0:714293de3836 | 3822 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 3823 | if (ssl->options.dtls) { |
ashleymills | 0:714293de3836 | 3824 | neededState = ssl->options.resuming ? |
ashleymills | 0:714293de3836 | 3825 | SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE; |
ashleymills | 0:714293de3836 | 3826 | |
ashleymills | 0:714293de3836 | 3827 | /* get response */ |
ashleymills | 0:714293de3836 | 3828 | while (ssl->options.serverState < neededState) { |
ashleymills | 0:714293de3836 | 3829 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:714293de3836 | 3830 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3831 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3832 | } |
ashleymills | 0:714293de3836 | 3833 | /* if resumption failed, reset needed state */ |
ashleymills | 0:714293de3836 | 3834 | else if (neededState == SERVER_FINISHED_COMPLETE) |
ashleymills | 0:714293de3836 | 3835 | if (!ssl->options.resuming) |
ashleymills | 0:714293de3836 | 3836 | neededState = SERVER_HELLODONE_COMPLETE; |
ashleymills | 0:714293de3836 | 3837 | } |
ashleymills | 0:714293de3836 | 3838 | } |
ashleymills | 0:714293de3836 | 3839 | #endif |
ashleymills | 0:714293de3836 | 3840 | |
ashleymills | 0:714293de3836 | 3841 | ssl->options.connectState = FIRST_REPLY_DONE; |
ashleymills | 0:714293de3836 | 3842 | CYASSL_MSG("connect state: FIRST_REPLY_DONE"); |
ashleymills | 0:714293de3836 | 3843 | |
ashleymills | 0:714293de3836 | 3844 | case FIRST_REPLY_DONE : |
ashleymills | 0:714293de3836 | 3845 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 3846 | if (ssl->options.sendVerify) { |
ashleymills | 0:714293de3836 | 3847 | if ( (ssl->error = SendCertificate(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 3848 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3849 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3850 | } |
ashleymills | 0:714293de3836 | 3851 | CYASSL_MSG("sent: certificate"); |
ashleymills | 0:714293de3836 | 3852 | } |
ashleymills | 0:714293de3836 | 3853 | |
ashleymills | 0:714293de3836 | 3854 | #endif |
ashleymills | 0:714293de3836 | 3855 | ssl->options.connectState = FIRST_REPLY_FIRST; |
ashleymills | 0:714293de3836 | 3856 | CYASSL_MSG("connect state: FIRST_REPLY_FIRST"); |
ashleymills | 0:714293de3836 | 3857 | |
ashleymills | 0:714293de3836 | 3858 | case FIRST_REPLY_FIRST : |
ashleymills | 0:714293de3836 | 3859 | if (!ssl->options.resuming) { |
ashleymills | 0:714293de3836 | 3860 | if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 3861 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3862 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3863 | } |
ashleymills | 0:714293de3836 | 3864 | CYASSL_MSG("sent: client key exchange"); |
ashleymills | 0:714293de3836 | 3865 | } |
ashleymills | 0:714293de3836 | 3866 | |
ashleymills | 0:714293de3836 | 3867 | ssl->options.connectState = FIRST_REPLY_SECOND; |
ashleymills | 0:714293de3836 | 3868 | CYASSL_MSG("connect state: FIRST_REPLY_SECOND"); |
ashleymills | 0:714293de3836 | 3869 | |
ashleymills | 0:714293de3836 | 3870 | case FIRST_REPLY_SECOND : |
ashleymills | 0:714293de3836 | 3871 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 3872 | if (ssl->options.sendVerify) { |
ashleymills | 0:714293de3836 | 3873 | if ( (ssl->error = SendCertificateVerify(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 3874 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3875 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3876 | } |
ashleymills | 0:714293de3836 | 3877 | CYASSL_MSG("sent: certificate verify"); |
ashleymills | 0:714293de3836 | 3878 | } |
ashleymills | 0:714293de3836 | 3879 | #endif |
ashleymills | 0:714293de3836 | 3880 | ssl->options.connectState = FIRST_REPLY_THIRD; |
ashleymills | 0:714293de3836 | 3881 | CYASSL_MSG("connect state: FIRST_REPLY_THIRD"); |
ashleymills | 0:714293de3836 | 3882 | |
ashleymills | 0:714293de3836 | 3883 | case FIRST_REPLY_THIRD : |
ashleymills | 0:714293de3836 | 3884 | if ( (ssl->error = SendChangeCipher(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 3885 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3886 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3887 | } |
ashleymills | 0:714293de3836 | 3888 | CYASSL_MSG("sent: change cipher spec"); |
ashleymills | 0:714293de3836 | 3889 | ssl->options.connectState = FIRST_REPLY_FOURTH; |
ashleymills | 0:714293de3836 | 3890 | CYASSL_MSG("connect state: FIRST_REPLY_FOURTH"); |
ashleymills | 0:714293de3836 | 3891 | |
ashleymills | 0:714293de3836 | 3892 | case FIRST_REPLY_FOURTH : |
ashleymills | 0:714293de3836 | 3893 | if ( (ssl->error = SendFinished(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 3894 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3895 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3896 | } |
ashleymills | 0:714293de3836 | 3897 | CYASSL_MSG("sent: finished"); |
ashleymills | 0:714293de3836 | 3898 | ssl->options.connectState = FINISHED_DONE; |
ashleymills | 0:714293de3836 | 3899 | CYASSL_MSG("connect state: FINISHED_DONE"); |
ashleymills | 0:714293de3836 | 3900 | |
ashleymills | 0:714293de3836 | 3901 | case FINISHED_DONE : |
ashleymills | 0:714293de3836 | 3902 | /* get response */ |
ashleymills | 0:714293de3836 | 3903 | while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) |
ashleymills | 0:714293de3836 | 3904 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:714293de3836 | 3905 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 3906 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3907 | } |
ashleymills | 0:714293de3836 | 3908 | |
ashleymills | 0:714293de3836 | 3909 | ssl->options.connectState = SECOND_REPLY_DONE; |
ashleymills | 0:714293de3836 | 3910 | CYASSL_MSG("connect state: SECOND_REPLY_DONE"); |
ashleymills | 0:714293de3836 | 3911 | |
ashleymills | 0:714293de3836 | 3912 | case SECOND_REPLY_DONE: |
ashleymills | 0:714293de3836 | 3913 | FreeHandshakeResources(ssl); |
ashleymills | 0:714293de3836 | 3914 | CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS); |
ashleymills | 0:714293de3836 | 3915 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 3916 | |
ashleymills | 0:714293de3836 | 3917 | default: |
ashleymills | 0:714293de3836 | 3918 | CYASSL_MSG("Unknown connect state ERROR"); |
ashleymills | 0:714293de3836 | 3919 | return SSL_FATAL_ERROR; /* unknown connect state */ |
ashleymills | 0:714293de3836 | 3920 | } |
ashleymills | 0:714293de3836 | 3921 | } |
ashleymills | 0:714293de3836 | 3922 | |
ashleymills | 0:714293de3836 | 3923 | #endif /* NO_CYASSL_CLIENT */ |
ashleymills | 0:714293de3836 | 3924 | |
ashleymills | 0:714293de3836 | 3925 | |
ashleymills | 0:714293de3836 | 3926 | /* server only parts */ |
ashleymills | 0:714293de3836 | 3927 | #ifndef NO_CYASSL_SERVER |
ashleymills | 0:714293de3836 | 3928 | |
ashleymills | 0:714293de3836 | 3929 | #ifndef NO_OLD_TLS |
ashleymills | 0:714293de3836 | 3930 | CYASSL_METHOD* CyaSSLv3_server_method(void) |
ashleymills | 0:714293de3836 | 3931 | { |
ashleymills | 0:714293de3836 | 3932 | CYASSL_METHOD* method = |
ashleymills | 0:714293de3836 | 3933 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:714293de3836 | 3934 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:714293de3836 | 3935 | CYASSL_ENTER("SSLv3_server_method"); |
ashleymills | 0:714293de3836 | 3936 | if (method) { |
ashleymills | 0:714293de3836 | 3937 | InitSSL_Method(method, MakeSSLv3()); |
ashleymills | 0:714293de3836 | 3938 | method->side = SERVER_END; |
ashleymills | 0:714293de3836 | 3939 | } |
ashleymills | 0:714293de3836 | 3940 | return method; |
ashleymills | 0:714293de3836 | 3941 | } |
ashleymills | 0:714293de3836 | 3942 | #endif |
ashleymills | 0:714293de3836 | 3943 | |
ashleymills | 0:714293de3836 | 3944 | |
ashleymills | 0:714293de3836 | 3945 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 3946 | CYASSL_METHOD* CyaDTLSv1_server_method(void) |
ashleymills | 0:714293de3836 | 3947 | { |
ashleymills | 0:714293de3836 | 3948 | CYASSL_METHOD* method = |
ashleymills | 0:714293de3836 | 3949 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:714293de3836 | 3950 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:714293de3836 | 3951 | CYASSL_ENTER("DTLSv1_server_method"); |
ashleymills | 0:714293de3836 | 3952 | if (method) { |
ashleymills | 0:714293de3836 | 3953 | InitSSL_Method(method, MakeDTLSv1()); |
ashleymills | 0:714293de3836 | 3954 | method->side = SERVER_END; |
ashleymills | 0:714293de3836 | 3955 | } |
ashleymills | 0:714293de3836 | 3956 | return method; |
ashleymills | 0:714293de3836 | 3957 | } |
ashleymills | 0:714293de3836 | 3958 | |
ashleymills | 0:714293de3836 | 3959 | CYASSL_METHOD* CyaDTLSv1_2_server_method(void) |
ashleymills | 0:714293de3836 | 3960 | { |
ashleymills | 0:714293de3836 | 3961 | CYASSL_METHOD* method = |
ashleymills | 0:714293de3836 | 3962 | (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, |
ashleymills | 0:714293de3836 | 3963 | DYNAMIC_TYPE_METHOD); |
ashleymills | 0:714293de3836 | 3964 | CYASSL_ENTER("DTLSv1_2_server_method"); |
ashleymills | 0:714293de3836 | 3965 | if (method) { |
ashleymills | 0:714293de3836 | 3966 | InitSSL_Method(method, MakeDTLSv1_2()); |
ashleymills | 0:714293de3836 | 3967 | method->side = SERVER_END; |
ashleymills | 0:714293de3836 | 3968 | } |
ashleymills | 0:714293de3836 | 3969 | return method; |
ashleymills | 0:714293de3836 | 3970 | } |
ashleymills | 0:714293de3836 | 3971 | #endif |
ashleymills | 0:714293de3836 | 3972 | |
ashleymills | 0:714293de3836 | 3973 | |
ashleymills | 0:714293de3836 | 3974 | int CyaSSL_accept(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 3975 | { |
ashleymills | 0:714293de3836 | 3976 | byte havePSK = 0; |
ashleymills | 0:714293de3836 | 3977 | CYASSL_ENTER("SSL_accept()"); |
ashleymills | 0:714293de3836 | 3978 | |
ashleymills | 0:714293de3836 | 3979 | #ifdef HAVE_ERRNO_H |
ashleymills | 0:714293de3836 | 3980 | errno = 0; |
ashleymills | 0:714293de3836 | 3981 | #endif |
ashleymills | 0:714293de3836 | 3982 | |
ashleymills | 0:714293de3836 | 3983 | #ifndef NO_PSK |
ashleymills | 0:714293de3836 | 3984 | havePSK = ssl->options.havePSK; |
ashleymills | 0:714293de3836 | 3985 | #endif |
ashleymills | 0:714293de3836 | 3986 | (void)havePSK; |
ashleymills | 0:714293de3836 | 3987 | |
ashleymills | 0:714293de3836 | 3988 | if (ssl->options.side != SERVER_END) { |
ashleymills | 0:714293de3836 | 3989 | CYASSL_ERROR(ssl->error = SIDE_ERROR); |
ashleymills | 0:714293de3836 | 3990 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 3991 | } |
ashleymills | 0:714293de3836 | 3992 | |
ashleymills | 0:714293de3836 | 3993 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 3994 | /* in case used set_accept_state after init */ |
ashleymills | 0:714293de3836 | 3995 | if (!havePSK && (ssl->buffers.certificate.buffer == NULL || |
ashleymills | 0:714293de3836 | 3996 | ssl->buffers.key.buffer == NULL)) { |
ashleymills | 0:714293de3836 | 3997 | CYASSL_MSG("accept error: don't have server cert and key"); |
ashleymills | 0:714293de3836 | 3998 | ssl->error = NO_PRIVATE_KEY; |
ashleymills | 0:714293de3836 | 3999 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4000 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4001 | } |
ashleymills | 0:714293de3836 | 4002 | #endif |
ashleymills | 0:714293de3836 | 4003 | |
ashleymills | 0:714293de3836 | 4004 | #ifdef HAVE_ECC |
ashleymills | 0:714293de3836 | 4005 | /* in case used set_accept_state after init */ |
ashleymills | 0:714293de3836 | 4006 | if (ssl->eccTempKeyPresent == 0) { |
ashleymills | 0:714293de3836 | 4007 | if (ecc_make_key(ssl->rng, ssl->eccTempKeySz, |
ashleymills | 0:714293de3836 | 4008 | ssl->eccTempKey) != 0) { |
ashleymills | 0:714293de3836 | 4009 | ssl->error = ECC_MAKEKEY_ERROR; |
ashleymills | 0:714293de3836 | 4010 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4011 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4012 | } |
ashleymills | 0:714293de3836 | 4013 | ssl->eccTempKeyPresent = 1; |
ashleymills | 0:714293de3836 | 4014 | } |
ashleymills | 0:714293de3836 | 4015 | #endif |
ashleymills | 0:714293de3836 | 4016 | |
ashleymills | 0:714293de3836 | 4017 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 4018 | if (ssl->version.major == DTLS_MAJOR) { |
ashleymills | 0:714293de3836 | 4019 | ssl->options.dtls = 1; |
ashleymills | 0:714293de3836 | 4020 | ssl->options.tls = 1; |
ashleymills | 0:714293de3836 | 4021 | ssl->options.tls1_1 = 1; |
ashleymills | 0:714293de3836 | 4022 | |
ashleymills | 0:714293de3836 | 4023 | if (DtlsPoolInit(ssl) != 0) { |
ashleymills | 0:714293de3836 | 4024 | ssl->error = MEMORY_ERROR; |
ashleymills | 0:714293de3836 | 4025 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4026 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4027 | } |
ashleymills | 0:714293de3836 | 4028 | } |
ashleymills | 0:714293de3836 | 4029 | #endif |
ashleymills | 0:714293de3836 | 4030 | |
ashleymills | 0:714293de3836 | 4031 | if (ssl->buffers.outputBuffer.length > 0) { |
ashleymills | 0:714293de3836 | 4032 | if ( (ssl->error = SendBuffered(ssl)) == 0) { |
ashleymills | 0:714293de3836 | 4033 | ssl->options.acceptState++; |
ashleymills | 0:714293de3836 | 4034 | CYASSL_MSG("accept state: Advanced from buffered send"); |
ashleymills | 0:714293de3836 | 4035 | } |
ashleymills | 0:714293de3836 | 4036 | else { |
ashleymills | 0:714293de3836 | 4037 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4038 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4039 | } |
ashleymills | 0:714293de3836 | 4040 | } |
ashleymills | 0:714293de3836 | 4041 | |
ashleymills | 0:714293de3836 | 4042 | switch (ssl->options.acceptState) { |
ashleymills | 0:714293de3836 | 4043 | |
ashleymills | 0:714293de3836 | 4044 | case ACCEPT_BEGIN : |
ashleymills | 0:714293de3836 | 4045 | /* get response */ |
ashleymills | 0:714293de3836 | 4046 | while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) |
ashleymills | 0:714293de3836 | 4047 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:714293de3836 | 4048 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4049 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4050 | } |
ashleymills | 0:714293de3836 | 4051 | ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE; |
ashleymills | 0:714293de3836 | 4052 | CYASSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE"); |
ashleymills | 0:714293de3836 | 4053 | |
ashleymills | 0:714293de3836 | 4054 | case ACCEPT_CLIENT_HELLO_DONE : |
ashleymills | 0:714293de3836 | 4055 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 4056 | if (ssl->options.dtls) |
ashleymills | 0:714293de3836 | 4057 | if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 4058 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4059 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4060 | } |
ashleymills | 0:714293de3836 | 4061 | #endif |
ashleymills | 0:714293de3836 | 4062 | ssl->options.acceptState = HELLO_VERIFY_SENT; |
ashleymills | 0:714293de3836 | 4063 | CYASSL_MSG("accept state HELLO_VERIFY_SENT"); |
ashleymills | 0:714293de3836 | 4064 | |
ashleymills | 0:714293de3836 | 4065 | case HELLO_VERIFY_SENT: |
ashleymills | 0:714293de3836 | 4066 | #ifdef CYASSL_DTLS |
ashleymills | 0:714293de3836 | 4067 | if (ssl->options.dtls) { |
ashleymills | 0:714293de3836 | 4068 | ssl->options.clientState = NULL_STATE; /* get again */ |
ashleymills | 0:714293de3836 | 4069 | /* re-init hashes, exclude first hello and verify request */ |
ashleymills | 0:714293de3836 | 4070 | #ifndef NO_OLD_TLS |
ashleymills | 0:714293de3836 | 4071 | InitMd5(&ssl->hashMd5); |
ashleymills | 0:714293de3836 | 4072 | InitSha(&ssl->hashSha); |
ashleymills | 0:714293de3836 | 4073 | #endif |
ashleymills | 0:714293de3836 | 4074 | if (IsAtLeastTLSv1_2(ssl)) { |
ashleymills | 0:714293de3836 | 4075 | #ifndef NO_SHA256 |
ashleymills | 0:714293de3836 | 4076 | InitSha256(&ssl->hashSha256); |
ashleymills | 0:714293de3836 | 4077 | #endif |
ashleymills | 0:714293de3836 | 4078 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 4079 | InitSha384(&ssl->hashSha384); |
ashleymills | 0:714293de3836 | 4080 | #endif |
ashleymills | 0:714293de3836 | 4081 | } |
ashleymills | 0:714293de3836 | 4082 | |
ashleymills | 0:714293de3836 | 4083 | while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) |
ashleymills | 0:714293de3836 | 4084 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:714293de3836 | 4085 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4086 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4087 | } |
ashleymills | 0:714293de3836 | 4088 | } |
ashleymills | 0:714293de3836 | 4089 | #endif |
ashleymills | 0:714293de3836 | 4090 | ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE; |
ashleymills | 0:714293de3836 | 4091 | CYASSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE"); |
ashleymills | 0:714293de3836 | 4092 | |
ashleymills | 0:714293de3836 | 4093 | case ACCEPT_FIRST_REPLY_DONE : |
ashleymills | 0:714293de3836 | 4094 | if ( (ssl->error = SendServerHello(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 4095 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4096 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4097 | } |
ashleymills | 0:714293de3836 | 4098 | ssl->options.acceptState = SERVER_HELLO_SENT; |
ashleymills | 0:714293de3836 | 4099 | CYASSL_MSG("accept state SERVER_HELLO_SENT"); |
ashleymills | 0:714293de3836 | 4100 | |
ashleymills | 0:714293de3836 | 4101 | case SERVER_HELLO_SENT : |
ashleymills | 0:714293de3836 | 4102 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 4103 | if (!ssl->options.resuming) |
ashleymills | 0:714293de3836 | 4104 | if ( (ssl->error = SendCertificate(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 4105 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4106 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4107 | } |
ashleymills | 0:714293de3836 | 4108 | #endif |
ashleymills | 0:714293de3836 | 4109 | ssl->options.acceptState = CERT_SENT; |
ashleymills | 0:714293de3836 | 4110 | CYASSL_MSG("accept state CERT_SENT"); |
ashleymills | 0:714293de3836 | 4111 | |
ashleymills | 0:714293de3836 | 4112 | case CERT_SENT : |
ashleymills | 0:714293de3836 | 4113 | if (!ssl->options.resuming) |
ashleymills | 0:714293de3836 | 4114 | if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 4115 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4116 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4117 | } |
ashleymills | 0:714293de3836 | 4118 | ssl->options.acceptState = KEY_EXCHANGE_SENT; |
ashleymills | 0:714293de3836 | 4119 | CYASSL_MSG("accept state KEY_EXCHANGE_SENT"); |
ashleymills | 0:714293de3836 | 4120 | |
ashleymills | 0:714293de3836 | 4121 | case KEY_EXCHANGE_SENT : |
ashleymills | 0:714293de3836 | 4122 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 4123 | if (!ssl->options.resuming) |
ashleymills | 0:714293de3836 | 4124 | if (ssl->options.verifyPeer) |
ashleymills | 0:714293de3836 | 4125 | if ( (ssl->error = SendCertificateRequest(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 4126 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4127 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4128 | } |
ashleymills | 0:714293de3836 | 4129 | #endif |
ashleymills | 0:714293de3836 | 4130 | ssl->options.acceptState = CERT_REQ_SENT; |
ashleymills | 0:714293de3836 | 4131 | CYASSL_MSG("accept state CERT_REQ_SENT"); |
ashleymills | 0:714293de3836 | 4132 | |
ashleymills | 0:714293de3836 | 4133 | case CERT_REQ_SENT : |
ashleymills | 0:714293de3836 | 4134 | if (!ssl->options.resuming) |
ashleymills | 0:714293de3836 | 4135 | if ( (ssl->error = SendServerHelloDone(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 4136 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4137 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4138 | } |
ashleymills | 0:714293de3836 | 4139 | ssl->options.acceptState = SERVER_HELLO_DONE; |
ashleymills | 0:714293de3836 | 4140 | CYASSL_MSG("accept state SERVER_HELLO_DONE"); |
ashleymills | 0:714293de3836 | 4141 | |
ashleymills | 0:714293de3836 | 4142 | case SERVER_HELLO_DONE : |
ashleymills | 0:714293de3836 | 4143 | if (!ssl->options.resuming) { |
ashleymills | 0:714293de3836 | 4144 | while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) |
ashleymills | 0:714293de3836 | 4145 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:714293de3836 | 4146 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4147 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4148 | } |
ashleymills | 0:714293de3836 | 4149 | } |
ashleymills | 0:714293de3836 | 4150 | ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE; |
ashleymills | 0:714293de3836 | 4151 | CYASSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE"); |
ashleymills | 0:714293de3836 | 4152 | |
ashleymills | 0:714293de3836 | 4153 | case ACCEPT_SECOND_REPLY_DONE : |
ashleymills | 0:714293de3836 | 4154 | if ( (ssl->error = SendChangeCipher(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 4155 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4156 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4157 | } |
ashleymills | 0:714293de3836 | 4158 | ssl->options.acceptState = CHANGE_CIPHER_SENT; |
ashleymills | 0:714293de3836 | 4159 | CYASSL_MSG("accept state CHANGE_CIPHER_SENT"); |
ashleymills | 0:714293de3836 | 4160 | |
ashleymills | 0:714293de3836 | 4161 | case CHANGE_CIPHER_SENT : |
ashleymills | 0:714293de3836 | 4162 | if ( (ssl->error = SendFinished(ssl)) != 0) { |
ashleymills | 0:714293de3836 | 4163 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4164 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4165 | } |
ashleymills | 0:714293de3836 | 4166 | |
ashleymills | 0:714293de3836 | 4167 | ssl->options.acceptState = ACCEPT_FINISHED_DONE; |
ashleymills | 0:714293de3836 | 4168 | CYASSL_MSG("accept state ACCEPT_FINISHED_DONE"); |
ashleymills | 0:714293de3836 | 4169 | |
ashleymills | 0:714293de3836 | 4170 | case ACCEPT_FINISHED_DONE : |
ashleymills | 0:714293de3836 | 4171 | if (ssl->options.resuming) |
ashleymills | 0:714293de3836 | 4172 | while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) |
ashleymills | 0:714293de3836 | 4173 | if ( (ssl->error = ProcessReply(ssl)) < 0) { |
ashleymills | 0:714293de3836 | 4174 | CYASSL_ERROR(ssl->error); |
ashleymills | 0:714293de3836 | 4175 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4176 | } |
ashleymills | 0:714293de3836 | 4177 | |
ashleymills | 0:714293de3836 | 4178 | ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE; |
ashleymills | 0:714293de3836 | 4179 | CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE"); |
ashleymills | 0:714293de3836 | 4180 | |
ashleymills | 0:714293de3836 | 4181 | case ACCEPT_THIRD_REPLY_DONE : |
ashleymills | 0:714293de3836 | 4182 | FreeHandshakeResources(ssl); |
ashleymills | 0:714293de3836 | 4183 | CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS); |
ashleymills | 0:714293de3836 | 4184 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 4185 | |
ashleymills | 0:714293de3836 | 4186 | default : |
ashleymills | 0:714293de3836 | 4187 | CYASSL_MSG("Unknown accept state ERROR"); |
ashleymills | 0:714293de3836 | 4188 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4189 | } |
ashleymills | 0:714293de3836 | 4190 | } |
ashleymills | 0:714293de3836 | 4191 | |
ashleymills | 0:714293de3836 | 4192 | #endif /* NO_CYASSL_SERVER */ |
ashleymills | 0:714293de3836 | 4193 | |
ashleymills | 0:714293de3836 | 4194 | |
ashleymills | 0:714293de3836 | 4195 | int CyaSSL_Cleanup(void) |
ashleymills | 0:714293de3836 | 4196 | { |
ashleymills | 0:714293de3836 | 4197 | int ret = SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 4198 | int release = 0; |
ashleymills | 0:714293de3836 | 4199 | |
ashleymills | 0:714293de3836 | 4200 | CYASSL_ENTER("CyaSSL_Cleanup"); |
ashleymills | 0:714293de3836 | 4201 | |
ashleymills | 0:714293de3836 | 4202 | if (initRefCount == 0) |
ashleymills | 0:714293de3836 | 4203 | return ret; /* possibly no init yet, but not failure either way */ |
ashleymills | 0:714293de3836 | 4204 | |
ashleymills | 0:714293de3836 | 4205 | if (LockMutex(&count_mutex) != 0) { |
ashleymills | 0:714293de3836 | 4206 | CYASSL_MSG("Bad Lock Mutex count"); |
ashleymills | 0:714293de3836 | 4207 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 4208 | } |
ashleymills | 0:714293de3836 | 4209 | |
ashleymills | 0:714293de3836 | 4210 | release = initRefCount-- == 1; |
ashleymills | 0:714293de3836 | 4211 | if (initRefCount < 0) |
ashleymills | 0:714293de3836 | 4212 | initRefCount = 0; |
ashleymills | 0:714293de3836 | 4213 | |
ashleymills | 0:714293de3836 | 4214 | UnLockMutex(&count_mutex); |
ashleymills | 0:714293de3836 | 4215 | |
ashleymills | 0:714293de3836 | 4216 | if (!release) |
ashleymills | 0:714293de3836 | 4217 | return ret; |
ashleymills | 0:714293de3836 | 4218 | |
ashleymills | 0:714293de3836 | 4219 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:714293de3836 | 4220 | if (FreeMutex(&session_mutex) != 0) |
ashleymills | 0:714293de3836 | 4221 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 4222 | #endif |
ashleymills | 0:714293de3836 | 4223 | if (FreeMutex(&count_mutex) != 0) |
ashleymills | 0:714293de3836 | 4224 | ret = BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 4225 | |
ashleymills | 0:714293de3836 | 4226 | return ret; |
ashleymills | 0:714293de3836 | 4227 | } |
ashleymills | 0:714293de3836 | 4228 | |
ashleymills | 0:714293de3836 | 4229 | |
ashleymills | 0:714293de3836 | 4230 | #ifndef NO_SESSION_CACHE |
ashleymills | 0:714293de3836 | 4231 | |
ashleymills | 0:714293de3836 | 4232 | #ifndef NO_MD5 |
ashleymills | 0:714293de3836 | 4233 | |
ashleymills | 0:714293de3836 | 4234 | /* some session IDs aren't random afterall, let's make them random */ |
ashleymills | 0:714293de3836 | 4235 | |
ashleymills | 0:714293de3836 | 4236 | static INLINE word32 HashSession(const byte* sessionID, word32 len) |
ashleymills | 0:714293de3836 | 4237 | { |
ashleymills | 0:714293de3836 | 4238 | byte digest[MD5_DIGEST_SIZE]; |
ashleymills | 0:714293de3836 | 4239 | Md5 md5; |
ashleymills | 0:714293de3836 | 4240 | |
ashleymills | 0:714293de3836 | 4241 | InitMd5(&md5); |
ashleymills | 0:714293de3836 | 4242 | Md5Update(&md5, sessionID, len); |
ashleymills | 0:714293de3836 | 4243 | Md5Final(&md5, digest); |
ashleymills | 0:714293de3836 | 4244 | |
ashleymills | 0:714293de3836 | 4245 | return MakeWordFromHash(digest); |
ashleymills | 0:714293de3836 | 4246 | } |
ashleymills | 0:714293de3836 | 4247 | |
ashleymills | 0:714293de3836 | 4248 | #elif !defined(NO_SHA) |
ashleymills | 0:714293de3836 | 4249 | |
ashleymills | 0:714293de3836 | 4250 | static INLINE word32 HashSession(const byte* sessionID, word32 len) |
ashleymills | 0:714293de3836 | 4251 | { |
ashleymills | 0:714293de3836 | 4252 | byte digest[SHA_DIGEST_SIZE]; |
ashleymills | 0:714293de3836 | 4253 | Sha sha; |
ashleymills | 0:714293de3836 | 4254 | |
ashleymills | 0:714293de3836 | 4255 | InitSha(&sha); |
ashleymills | 0:714293de3836 | 4256 | ShaUpdate(&sha, sessionID, len); |
ashleymills | 0:714293de3836 | 4257 | ShaFinal(&sha, digest); |
ashleymills | 0:714293de3836 | 4258 | |
ashleymills | 0:714293de3836 | 4259 | return MakeWordFromHash(digest); |
ashleymills | 0:714293de3836 | 4260 | } |
ashleymills | 0:714293de3836 | 4261 | |
ashleymills | 0:714293de3836 | 4262 | #elif !defined(NO_SHA256) |
ashleymills | 0:714293de3836 | 4263 | |
ashleymills | 0:714293de3836 | 4264 | static INLINE word32 HashSession(const byte* sessionID, word32 len) |
ashleymills | 0:714293de3836 | 4265 | { |
ashleymills | 0:714293de3836 | 4266 | byte digest[SHA256_DIGEST_SIZE]; |
ashleymills | 0:714293de3836 | 4267 | Sha256 sha256; |
ashleymills | 0:714293de3836 | 4268 | |
ashleymills | 0:714293de3836 | 4269 | InitSha256(&sha256); |
ashleymills | 0:714293de3836 | 4270 | Sha256Update(&sha256, sessionID, len); |
ashleymills | 0:714293de3836 | 4271 | Sha256Final(&sha256, digest); |
ashleymills | 0:714293de3836 | 4272 | |
ashleymills | 0:714293de3836 | 4273 | return MakeWordFromHash(digest); |
ashleymills | 0:714293de3836 | 4274 | } |
ashleymills | 0:714293de3836 | 4275 | |
ashleymills | 0:714293de3836 | 4276 | #else |
ashleymills | 0:714293de3836 | 4277 | |
ashleymills | 0:714293de3836 | 4278 | #error "We need a digest to hash the session IDs" |
ashleymills | 0:714293de3836 | 4279 | |
ashleymills | 0:714293de3836 | 4280 | #endif /* NO_MD5 */ |
ashleymills | 0:714293de3836 | 4281 | |
ashleymills | 0:714293de3836 | 4282 | |
ashleymills | 0:714293de3836 | 4283 | void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm) |
ashleymills | 0:714293de3836 | 4284 | { |
ashleymills | 0:714293de3836 | 4285 | /* static table now, no flusing needed */ |
ashleymills | 0:714293de3836 | 4286 | (void)ctx; |
ashleymills | 0:714293de3836 | 4287 | (void)tm; |
ashleymills | 0:714293de3836 | 4288 | } |
ashleymills | 0:714293de3836 | 4289 | |
ashleymills | 0:714293de3836 | 4290 | |
ashleymills | 0:714293de3836 | 4291 | /* set ssl session timeout in seconds */ |
ashleymills | 0:714293de3836 | 4292 | int CyaSSL_set_timeout(CYASSL* ssl, unsigned int to) |
ashleymills | 0:714293de3836 | 4293 | { |
ashleymills | 0:714293de3836 | 4294 | if (ssl == NULL) |
ashleymills | 0:714293de3836 | 4295 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 4296 | |
ashleymills | 0:714293de3836 | 4297 | ssl->timeout = to; |
ashleymills | 0:714293de3836 | 4298 | |
ashleymills | 0:714293de3836 | 4299 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 4300 | } |
ashleymills | 0:714293de3836 | 4301 | |
ashleymills | 0:714293de3836 | 4302 | |
ashleymills | 0:714293de3836 | 4303 | /* set ctx session timeout in seconds */ |
ashleymills | 0:714293de3836 | 4304 | int CyaSSL_CTX_set_timeout(CYASSL_CTX* ctx, unsigned int to) |
ashleymills | 0:714293de3836 | 4305 | { |
ashleymills | 0:714293de3836 | 4306 | if (ctx == NULL) |
ashleymills | 0:714293de3836 | 4307 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 4308 | |
ashleymills | 0:714293de3836 | 4309 | ctx->timeout = to; |
ashleymills | 0:714293de3836 | 4310 | |
ashleymills | 0:714293de3836 | 4311 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 4312 | } |
ashleymills | 0:714293de3836 | 4313 | |
ashleymills | 0:714293de3836 | 4314 | |
ashleymills | 0:714293de3836 | 4315 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 4316 | |
ashleymills | 0:714293de3836 | 4317 | /* Get Session from Client cache based on id/len, return NULL on failure */ |
ashleymills | 0:714293de3836 | 4318 | CYASSL_SESSION* GetSessionClient(CYASSL* ssl, const byte* id, int len) |
ashleymills | 0:714293de3836 | 4319 | { |
ashleymills | 0:714293de3836 | 4320 | CYASSL_SESSION* ret = NULL; |
ashleymills | 0:714293de3836 | 4321 | word32 row; |
ashleymills | 0:714293de3836 | 4322 | int idx; |
ashleymills | 0:714293de3836 | 4323 | int count; |
ashleymills | 0:714293de3836 | 4324 | |
ashleymills | 0:714293de3836 | 4325 | CYASSL_ENTER("GetSessionClient"); |
ashleymills | 0:714293de3836 | 4326 | |
ashleymills | 0:714293de3836 | 4327 | if (ssl->options.side == SERVER_END) |
ashleymills | 0:714293de3836 | 4328 | return NULL; |
ashleymills | 0:714293de3836 | 4329 | |
ashleymills | 0:714293de3836 | 4330 | len = min(SERVER_ID_LEN, (word32)len); |
ashleymills | 0:714293de3836 | 4331 | row = HashSession(id, len) % SESSION_ROWS; |
ashleymills | 0:714293de3836 | 4332 | |
ashleymills | 0:714293de3836 | 4333 | if (LockMutex(&session_mutex) != 0) { |
ashleymills | 0:714293de3836 | 4334 | CYASSL_MSG("Lock session mutex failed"); |
ashleymills | 0:714293de3836 | 4335 | return NULL; |
ashleymills | 0:714293de3836 | 4336 | } |
ashleymills | 0:714293de3836 | 4337 | |
ashleymills | 0:714293de3836 | 4338 | /* start from most recently used */ |
ashleymills | 0:714293de3836 | 4339 | count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW); |
ashleymills | 0:714293de3836 | 4340 | idx = ClientCache[row].nextIdx - 1; |
ashleymills | 0:714293de3836 | 4341 | if (idx < 0) |
ashleymills | 0:714293de3836 | 4342 | idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */ |
ashleymills | 0:714293de3836 | 4343 | |
ashleymills | 0:714293de3836 | 4344 | for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) { |
ashleymills | 0:714293de3836 | 4345 | CYASSL_SESSION* current; |
ashleymills | 0:714293de3836 | 4346 | ClientSession clSess; |
ashleymills | 0:714293de3836 | 4347 | |
ashleymills | 0:714293de3836 | 4348 | if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */ |
ashleymills | 0:714293de3836 | 4349 | CYASSL_MSG("Bad idx"); |
ashleymills | 0:714293de3836 | 4350 | break; |
ashleymills | 0:714293de3836 | 4351 | } |
ashleymills | 0:714293de3836 | 4352 | |
ashleymills | 0:714293de3836 | 4353 | clSess = ClientCache[row].Clients[idx]; |
ashleymills | 0:714293de3836 | 4354 | |
ashleymills | 0:714293de3836 | 4355 | current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx]; |
ashleymills | 0:714293de3836 | 4356 | if (XMEMCMP(current->serverID, id, len) == 0) { |
ashleymills | 0:714293de3836 | 4357 | CYASSL_MSG("Found a serverid match for client"); |
ashleymills | 0:714293de3836 | 4358 | if (LowResTimer() < (current->bornOn + current->timeout)) { |
ashleymills | 0:714293de3836 | 4359 | CYASSL_MSG("Session valid"); |
ashleymills | 0:714293de3836 | 4360 | ret = current; |
ashleymills | 0:714293de3836 | 4361 | break; |
ashleymills | 0:714293de3836 | 4362 | } else { |
ashleymills | 0:714293de3836 | 4363 | CYASSL_MSG("Session timed out"); /* could have more for id */ |
ashleymills | 0:714293de3836 | 4364 | } |
ashleymills | 0:714293de3836 | 4365 | } else { |
ashleymills | 0:714293de3836 | 4366 | CYASSL_MSG("ServerID not a match from client table"); |
ashleymills | 0:714293de3836 | 4367 | } |
ashleymills | 0:714293de3836 | 4368 | } |
ashleymills | 0:714293de3836 | 4369 | |
ashleymills | 0:714293de3836 | 4370 | UnLockMutex(&session_mutex); |
ashleymills | 0:714293de3836 | 4371 | |
ashleymills | 0:714293de3836 | 4372 | return ret; |
ashleymills | 0:714293de3836 | 4373 | } |
ashleymills | 0:714293de3836 | 4374 | |
ashleymills | 0:714293de3836 | 4375 | #endif /* NO_CLIENT_CACHE */ |
ashleymills | 0:714293de3836 | 4376 | |
ashleymills | 0:714293de3836 | 4377 | |
ashleymills | 0:714293de3836 | 4378 | CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret) |
ashleymills | 0:714293de3836 | 4379 | { |
ashleymills | 0:714293de3836 | 4380 | CYASSL_SESSION* ret = 0; |
ashleymills | 0:714293de3836 | 4381 | const byte* id = NULL; |
ashleymills | 0:714293de3836 | 4382 | word32 row; |
ashleymills | 0:714293de3836 | 4383 | int idx; |
ashleymills | 0:714293de3836 | 4384 | int count; |
ashleymills | 0:714293de3836 | 4385 | |
ashleymills | 0:714293de3836 | 4386 | if (ssl->options.sessionCacheOff) |
ashleymills | 0:714293de3836 | 4387 | return NULL; |
ashleymills | 0:714293de3836 | 4388 | |
ashleymills | 0:714293de3836 | 4389 | if (ssl->options.haveSessionId == 0) |
ashleymills | 0:714293de3836 | 4390 | return NULL; |
ashleymills | 0:714293de3836 | 4391 | |
ashleymills | 0:714293de3836 | 4392 | if (ssl->arrays) |
ashleymills | 0:714293de3836 | 4393 | id = ssl->arrays->sessionID; |
ashleymills | 0:714293de3836 | 4394 | else |
ashleymills | 0:714293de3836 | 4395 | id = ssl->session.sessionID; |
ashleymills | 0:714293de3836 | 4396 | |
ashleymills | 0:714293de3836 | 4397 | row = HashSession(id, ID_LEN) % SESSION_ROWS; |
ashleymills | 0:714293de3836 | 4398 | |
ashleymills | 0:714293de3836 | 4399 | if (LockMutex(&session_mutex) != 0) |
ashleymills | 0:714293de3836 | 4400 | return 0; |
ashleymills | 0:714293de3836 | 4401 | |
ashleymills | 0:714293de3836 | 4402 | /* start from most recently used */ |
ashleymills | 0:714293de3836 | 4403 | count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW); |
ashleymills | 0:714293de3836 | 4404 | idx = SessionCache[row].nextIdx - 1; |
ashleymills | 0:714293de3836 | 4405 | if (idx < 0) |
ashleymills | 0:714293de3836 | 4406 | idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */ |
ashleymills | 0:714293de3836 | 4407 | |
ashleymills | 0:714293de3836 | 4408 | for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) { |
ashleymills | 0:714293de3836 | 4409 | CYASSL_SESSION* current; |
ashleymills | 0:714293de3836 | 4410 | |
ashleymills | 0:714293de3836 | 4411 | if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */ |
ashleymills | 0:714293de3836 | 4412 | CYASSL_MSG("Bad idx"); |
ashleymills | 0:714293de3836 | 4413 | break; |
ashleymills | 0:714293de3836 | 4414 | } |
ashleymills | 0:714293de3836 | 4415 | |
ashleymills | 0:714293de3836 | 4416 | current = &SessionCache[row].Sessions[idx]; |
ashleymills | 0:714293de3836 | 4417 | if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) { |
ashleymills | 0:714293de3836 | 4418 | CYASSL_MSG("Found a session match"); |
ashleymills | 0:714293de3836 | 4419 | if (LowResTimer() < (current->bornOn + current->timeout)) { |
ashleymills | 0:714293de3836 | 4420 | CYASSL_MSG("Session valid"); |
ashleymills | 0:714293de3836 | 4421 | ret = current; |
ashleymills | 0:714293de3836 | 4422 | if (masterSecret) |
ashleymills | 0:714293de3836 | 4423 | XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN); |
ashleymills | 0:714293de3836 | 4424 | } else { |
ashleymills | 0:714293de3836 | 4425 | CYASSL_MSG("Session timed out"); |
ashleymills | 0:714293de3836 | 4426 | } |
ashleymills | 0:714293de3836 | 4427 | break; /* no more sessionIDs whether valid or not that match */ |
ashleymills | 0:714293de3836 | 4428 | } else { |
ashleymills | 0:714293de3836 | 4429 | CYASSL_MSG("SessionID not a match at this idx"); |
ashleymills | 0:714293de3836 | 4430 | } |
ashleymills | 0:714293de3836 | 4431 | } |
ashleymills | 0:714293de3836 | 4432 | |
ashleymills | 0:714293de3836 | 4433 | UnLockMutex(&session_mutex); |
ashleymills | 0:714293de3836 | 4434 | |
ashleymills | 0:714293de3836 | 4435 | return ret; |
ashleymills | 0:714293de3836 | 4436 | } |
ashleymills | 0:714293de3836 | 4437 | |
ashleymills | 0:714293de3836 | 4438 | |
ashleymills | 0:714293de3836 | 4439 | int SetSession(CYASSL* ssl, CYASSL_SESSION* session) |
ashleymills | 0:714293de3836 | 4440 | { |
ashleymills | 0:714293de3836 | 4441 | if (ssl->options.sessionCacheOff) |
ashleymills | 0:714293de3836 | 4442 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 4443 | |
ashleymills | 0:714293de3836 | 4444 | if (LowResTimer() < (session->bornOn + session->timeout)) { |
ashleymills | 0:714293de3836 | 4445 | ssl->session = *session; |
ashleymills | 0:714293de3836 | 4446 | ssl->options.resuming = 1; |
ashleymills | 0:714293de3836 | 4447 | |
ashleymills | 0:714293de3836 | 4448 | #ifdef SESSION_CERTS |
ashleymills | 0:714293de3836 | 4449 | ssl->version = session->version; |
ashleymills | 0:714293de3836 | 4450 | ssl->options.cipherSuite0 = session->cipherSuite0; |
ashleymills | 0:714293de3836 | 4451 | ssl->options.cipherSuite = session->cipherSuite; |
ashleymills | 0:714293de3836 | 4452 | #endif |
ashleymills | 0:714293de3836 | 4453 | |
ashleymills | 0:714293de3836 | 4454 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 4455 | } |
ashleymills | 0:714293de3836 | 4456 | return SSL_FAILURE; /* session timed out */ |
ashleymills | 0:714293de3836 | 4457 | } |
ashleymills | 0:714293de3836 | 4458 | |
ashleymills | 0:714293de3836 | 4459 | |
ashleymills | 0:714293de3836 | 4460 | int AddSession(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 4461 | { |
ashleymills | 0:714293de3836 | 4462 | word32 row, idx; |
ashleymills | 0:714293de3836 | 4463 | |
ashleymills | 0:714293de3836 | 4464 | if (ssl->options.sessionCacheOff) |
ashleymills | 0:714293de3836 | 4465 | return 0; |
ashleymills | 0:714293de3836 | 4466 | |
ashleymills | 0:714293de3836 | 4467 | if (ssl->options.haveSessionId == 0) |
ashleymills | 0:714293de3836 | 4468 | return 0; |
ashleymills | 0:714293de3836 | 4469 | |
ashleymills | 0:714293de3836 | 4470 | row = HashSession(ssl->arrays->sessionID, ID_LEN) % SESSION_ROWS; |
ashleymills | 0:714293de3836 | 4471 | |
ashleymills | 0:714293de3836 | 4472 | if (LockMutex(&session_mutex) != 0) |
ashleymills | 0:714293de3836 | 4473 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 4474 | |
ashleymills | 0:714293de3836 | 4475 | idx = SessionCache[row].nextIdx++; |
ashleymills | 0:714293de3836 | 4476 | |
ashleymills | 0:714293de3836 | 4477 | XMEMCPY(SessionCache[row].Sessions[idx].masterSecret, |
ashleymills | 0:714293de3836 | 4478 | ssl->arrays->masterSecret, SECRET_LEN); |
ashleymills | 0:714293de3836 | 4479 | XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID, |
ashleymills | 0:714293de3836 | 4480 | ID_LEN); |
ashleymills | 0:714293de3836 | 4481 | |
ashleymills | 0:714293de3836 | 4482 | SessionCache[row].Sessions[idx].timeout = ssl->timeout; |
ashleymills | 0:714293de3836 | 4483 | SessionCache[row].Sessions[idx].bornOn = LowResTimer(); |
ashleymills | 0:714293de3836 | 4484 | |
ashleymills | 0:714293de3836 | 4485 | #ifdef SESSION_CERTS |
ashleymills | 0:714293de3836 | 4486 | SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count; |
ashleymills | 0:714293de3836 | 4487 | XMEMCPY(SessionCache[row].Sessions[idx].chain.certs, |
ashleymills | 0:714293de3836 | 4488 | ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH); |
ashleymills | 0:714293de3836 | 4489 | |
ashleymills | 0:714293de3836 | 4490 | SessionCache[row].Sessions[idx].version = ssl->version; |
ashleymills | 0:714293de3836 | 4491 | SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0; |
ashleymills | 0:714293de3836 | 4492 | SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite; |
ashleymills | 0:714293de3836 | 4493 | #endif /* SESSION_CERTS */ |
ashleymills | 0:714293de3836 | 4494 | |
ashleymills | 0:714293de3836 | 4495 | SessionCache[row].totalCount++; |
ashleymills | 0:714293de3836 | 4496 | if (SessionCache[row].nextIdx == SESSIONS_PER_ROW) |
ashleymills | 0:714293de3836 | 4497 | SessionCache[row].nextIdx = 0; |
ashleymills | 0:714293de3836 | 4498 | |
ashleymills | 0:714293de3836 | 4499 | #ifndef NO_CLIENT_CACHE |
ashleymills | 0:714293de3836 | 4500 | if (ssl->options.side == CLIENT_END && ssl->session.idLen) { |
ashleymills | 0:714293de3836 | 4501 | word32 clientRow, clientIdx; |
ashleymills | 0:714293de3836 | 4502 | |
ashleymills | 0:714293de3836 | 4503 | CYASSL_MSG("Adding client cache entry"); |
ashleymills | 0:714293de3836 | 4504 | |
ashleymills | 0:714293de3836 | 4505 | SessionCache[row].Sessions[idx].idLen = ssl->session.idLen; |
ashleymills | 0:714293de3836 | 4506 | XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID, |
ashleymills | 0:714293de3836 | 4507 | ssl->session.idLen); |
ashleymills | 0:714293de3836 | 4508 | |
ashleymills | 0:714293de3836 | 4509 | clientRow = HashSession(ssl->session.serverID, ssl->session.idLen) |
ashleymills | 0:714293de3836 | 4510 | % SESSION_ROWS; |
ashleymills | 0:714293de3836 | 4511 | clientIdx = ClientCache[clientRow].nextIdx++; |
ashleymills | 0:714293de3836 | 4512 | |
ashleymills | 0:714293de3836 | 4513 | ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row; |
ashleymills | 0:714293de3836 | 4514 | ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx; |
ashleymills | 0:714293de3836 | 4515 | |
ashleymills | 0:714293de3836 | 4516 | ClientCache[clientRow].totalCount++; |
ashleymills | 0:714293de3836 | 4517 | if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW) |
ashleymills | 0:714293de3836 | 4518 | ClientCache[clientRow].nextIdx = 0; |
ashleymills | 0:714293de3836 | 4519 | } |
ashleymills | 0:714293de3836 | 4520 | else |
ashleymills | 0:714293de3836 | 4521 | SessionCache[row].Sessions[idx].idLen = 0; |
ashleymills | 0:714293de3836 | 4522 | #endif /* NO_CLIENT_CACHE */ |
ashleymills | 0:714293de3836 | 4523 | |
ashleymills | 0:714293de3836 | 4524 | if (UnLockMutex(&session_mutex) != 0) |
ashleymills | 0:714293de3836 | 4525 | return BAD_MUTEX_ERROR; |
ashleymills | 0:714293de3836 | 4526 | |
ashleymills | 0:714293de3836 | 4527 | return 0; |
ashleymills | 0:714293de3836 | 4528 | } |
ashleymills | 0:714293de3836 | 4529 | |
ashleymills | 0:714293de3836 | 4530 | |
ashleymills | 0:714293de3836 | 4531 | #ifdef SESSION_STATS |
ashleymills | 0:714293de3836 | 4532 | |
ashleymills | 0:714293de3836 | 4533 | CYASSL_API |
ashleymills | 0:714293de3836 | 4534 | void PrintSessionStats(void) |
ashleymills | 0:714293de3836 | 4535 | { |
ashleymills | 0:714293de3836 | 4536 | word32 totalSessionsSeen = 0; |
ashleymills | 0:714293de3836 | 4537 | word32 totalSessionsNow = 0; |
ashleymills | 0:714293de3836 | 4538 | word32 rowNow; |
ashleymills | 0:714293de3836 | 4539 | int i; |
ashleymills | 0:714293de3836 | 4540 | double E; /* expected freq */ |
ashleymills | 0:714293de3836 | 4541 | double chiSquare = 0; |
ashleymills | 0:714293de3836 | 4542 | |
ashleymills | 0:714293de3836 | 4543 | for (i = 0; i < SESSION_ROWS; i++) { |
ashleymills | 0:714293de3836 | 4544 | totalSessionsSeen += SessionCache[i].totalCount; |
ashleymills | 0:714293de3836 | 4545 | |
ashleymills | 0:714293de3836 | 4546 | if (SessionCache[i].totalCount >= SESSIONS_PER_ROW) |
ashleymills | 0:714293de3836 | 4547 | rowNow = SESSIONS_PER_ROW; |
ashleymills | 0:714293de3836 | 4548 | else if (SessionCache[i].nextIdx == 0) |
ashleymills | 0:714293de3836 | 4549 | rowNow = 0; |
ashleymills | 0:714293de3836 | 4550 | else |
ashleymills | 0:714293de3836 | 4551 | rowNow = SessionCache[i].nextIdx; |
ashleymills | 0:714293de3836 | 4552 | |
ashleymills | 0:714293de3836 | 4553 | totalSessionsNow += rowNow; |
ashleymills | 0:714293de3836 | 4554 | } |
ashleymills | 0:714293de3836 | 4555 | |
ashleymills | 0:714293de3836 | 4556 | printf("Total Sessions Seen = %d\n", totalSessionsSeen); |
ashleymills | 0:714293de3836 | 4557 | printf("Total Sessions Now = %d\n", totalSessionsNow); |
ashleymills | 0:714293de3836 | 4558 | |
ashleymills | 0:714293de3836 | 4559 | E = (double)totalSessionsSeen / SESSION_ROWS; |
ashleymills | 0:714293de3836 | 4560 | |
ashleymills | 0:714293de3836 | 4561 | for (i = 0; i < SESSION_ROWS; i++) { |
ashleymills | 0:714293de3836 | 4562 | double diff = SessionCache[i].totalCount - E; |
ashleymills | 0:714293de3836 | 4563 | diff *= diff; /* square */ |
ashleymills | 0:714293de3836 | 4564 | diff /= E; /* normalize */ |
ashleymills | 0:714293de3836 | 4565 | |
ashleymills | 0:714293de3836 | 4566 | chiSquare += diff; |
ashleymills | 0:714293de3836 | 4567 | } |
ashleymills | 0:714293de3836 | 4568 | printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare, |
ashleymills | 0:714293de3836 | 4569 | SESSION_ROWS - 1); |
ashleymills | 0:714293de3836 | 4570 | if (SESSION_ROWS == 11) |
ashleymills | 0:714293de3836 | 4571 | printf(" .05 p value = 18.3, chi-square should be less\n"); |
ashleymills | 0:714293de3836 | 4572 | else if (SESSION_ROWS == 211) |
ashleymills | 0:714293de3836 | 4573 | printf(".05 p value = 244.8, chi-square should be less\n"); |
ashleymills | 0:714293de3836 | 4574 | else if (SESSION_ROWS == 5981) |
ashleymills | 0:714293de3836 | 4575 | printf(".05 p value = 6161.0, chi-square should be less\n"); |
ashleymills | 0:714293de3836 | 4576 | else if (SESSION_ROWS == 3) |
ashleymills | 0:714293de3836 | 4577 | printf(".05 p value = 6.0, chi-square should be less\n"); |
ashleymills | 0:714293de3836 | 4578 | else if (SESSION_ROWS == 2861) |
ashleymills | 0:714293de3836 | 4579 | printf(".05 p value = 2985.5, chi-square should be less\n"); |
ashleymills | 0:714293de3836 | 4580 | printf("\n"); |
ashleymills | 0:714293de3836 | 4581 | } |
ashleymills | 0:714293de3836 | 4582 | |
ashleymills | 0:714293de3836 | 4583 | #endif /* SESSION_STATS */ |
ashleymills | 0:714293de3836 | 4584 | |
ashleymills | 0:714293de3836 | 4585 | #else /* NO_SESSION_CACHE */ |
ashleymills | 0:714293de3836 | 4586 | |
ashleymills | 0:714293de3836 | 4587 | /* No session cache version */ |
ashleymills | 0:714293de3836 | 4588 | CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret) |
ashleymills | 0:714293de3836 | 4589 | { |
ashleymills | 0:714293de3836 | 4590 | (void)ssl; |
ashleymills | 0:714293de3836 | 4591 | (void)masterSecret; |
ashleymills | 0:714293de3836 | 4592 | |
ashleymills | 0:714293de3836 | 4593 | return NULL; |
ashleymills | 0:714293de3836 | 4594 | } |
ashleymills | 0:714293de3836 | 4595 | |
ashleymills | 0:714293de3836 | 4596 | #endif /* NO_SESSION_CACHE */ |
ashleymills | 0:714293de3836 | 4597 | |
ashleymills | 0:714293de3836 | 4598 | |
ashleymills | 0:714293de3836 | 4599 | /* call before SSL_connect, if verifying will add name check to |
ashleymills | 0:714293de3836 | 4600 | date check and signature check */ |
ashleymills | 0:714293de3836 | 4601 | int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn) |
ashleymills | 0:714293de3836 | 4602 | { |
ashleymills | 0:714293de3836 | 4603 | CYASSL_ENTER("CyaSSL_check_domain_name"); |
ashleymills | 0:714293de3836 | 4604 | if (ssl->buffers.domainName.buffer) |
ashleymills | 0:714293de3836 | 4605 | XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); |
ashleymills | 0:714293de3836 | 4606 | |
ashleymills | 0:714293de3836 | 4607 | ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1; |
ashleymills | 0:714293de3836 | 4608 | ssl->buffers.domainName.buffer = (byte*) XMALLOC( |
ashleymills | 0:714293de3836 | 4609 | ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN); |
ashleymills | 0:714293de3836 | 4610 | |
ashleymills | 0:714293de3836 | 4611 | if (ssl->buffers.domainName.buffer) { |
ashleymills | 0:714293de3836 | 4612 | XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn, |
ashleymills | 0:714293de3836 | 4613 | ssl->buffers.domainName.length); |
ashleymills | 0:714293de3836 | 4614 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 4615 | } |
ashleymills | 0:714293de3836 | 4616 | else { |
ashleymills | 0:714293de3836 | 4617 | ssl->error = MEMORY_ERROR; |
ashleymills | 0:714293de3836 | 4618 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 4619 | } |
ashleymills | 0:714293de3836 | 4620 | } |
ashleymills | 0:714293de3836 | 4621 | |
ashleymills | 0:714293de3836 | 4622 | |
ashleymills | 0:714293de3836 | 4623 | /* turn on CyaSSL zlib compression |
ashleymills | 0:714293de3836 | 4624 | returns SSL_SUCCESS for success, else error (not built in) |
ashleymills | 0:714293de3836 | 4625 | */ |
ashleymills | 0:714293de3836 | 4626 | int CyaSSL_set_compression(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 4627 | { |
ashleymills | 0:714293de3836 | 4628 | CYASSL_ENTER("CyaSSL_set_compression"); |
ashleymills | 0:714293de3836 | 4629 | (void)ssl; |
ashleymills | 0:714293de3836 | 4630 | #ifdef HAVE_LIBZ |
ashleymills | 0:714293de3836 | 4631 | ssl->options.usingCompression = 1; |
ashleymills | 0:714293de3836 | 4632 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 4633 | #else |
ashleymills | 0:714293de3836 | 4634 | return NOT_COMPILED_IN; |
ashleymills | 0:714293de3836 | 4635 | #endif |
ashleymills | 0:714293de3836 | 4636 | } |
ashleymills | 0:714293de3836 | 4637 | |
ashleymills | 0:714293de3836 | 4638 | |
ashleymills | 0:714293de3836 | 4639 | #ifndef USE_WINDOWS_API |
ashleymills | 0:714293de3836 | 4640 | #ifndef NO_WRITEV |
ashleymills | 0:714293de3836 | 4641 | |
ashleymills | 0:714293de3836 | 4642 | /* simulate writev semantics, doesn't actually do block at a time though |
ashleymills | 0:714293de3836 | 4643 | because of SSL_write behavior and because front adds may be small */ |
ashleymills | 0:714293de3836 | 4644 | int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, int iovcnt) |
ashleymills | 0:714293de3836 | 4645 | { |
ashleymills | 0:714293de3836 | 4646 | byte tmp[FILE_BUFFER_SIZE]; |
ashleymills | 0:714293de3836 | 4647 | byte* myBuffer = tmp; |
ashleymills | 0:714293de3836 | 4648 | int sending = 0; |
ashleymills | 0:714293de3836 | 4649 | int newBuffer = 0; |
ashleymills | 0:714293de3836 | 4650 | int idx = 0; |
ashleymills | 0:714293de3836 | 4651 | int i; |
ashleymills | 0:714293de3836 | 4652 | int ret; |
ashleymills | 0:714293de3836 | 4653 | |
ashleymills | 0:714293de3836 | 4654 | CYASSL_ENTER("CyaSSL_writev"); |
ashleymills | 0:714293de3836 | 4655 | |
ashleymills | 0:714293de3836 | 4656 | for (i = 0; i < iovcnt; i++) |
ashleymills | 0:714293de3836 | 4657 | sending += (int)iov[i].iov_len; |
ashleymills | 0:714293de3836 | 4658 | |
ashleymills | 0:714293de3836 | 4659 | if (sending > (int)sizeof(tmp)) { |
ashleymills | 0:714293de3836 | 4660 | byte* tmp2 = (byte*) XMALLOC(sending, ssl->heap, |
ashleymills | 0:714293de3836 | 4661 | DYNAMIC_TYPE_WRITEV); |
ashleymills | 0:714293de3836 | 4662 | if (!tmp2) |
ashleymills | 0:714293de3836 | 4663 | return MEMORY_ERROR; |
ashleymills | 0:714293de3836 | 4664 | myBuffer = tmp2; |
ashleymills | 0:714293de3836 | 4665 | newBuffer = 1; |
ashleymills | 0:714293de3836 | 4666 | } |
ashleymills | 0:714293de3836 | 4667 | |
ashleymills | 0:714293de3836 | 4668 | for (i = 0; i < iovcnt; i++) { |
ashleymills | 0:714293de3836 | 4669 | XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len); |
ashleymills | 0:714293de3836 | 4670 | idx += (int)iov[i].iov_len; |
ashleymills | 0:714293de3836 | 4671 | } |
ashleymills | 0:714293de3836 | 4672 | |
ashleymills | 0:714293de3836 | 4673 | ret = CyaSSL_write(ssl, myBuffer, sending); |
ashleymills | 0:714293de3836 | 4674 | |
ashleymills | 0:714293de3836 | 4675 | if (newBuffer) XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV); |
ashleymills | 0:714293de3836 | 4676 | |
ashleymills | 0:714293de3836 | 4677 | return ret; |
ashleymills | 0:714293de3836 | 4678 | } |
ashleymills | 0:714293de3836 | 4679 | #endif |
ashleymills | 0:714293de3836 | 4680 | #endif |
ashleymills | 0:714293de3836 | 4681 | |
ashleymills | 0:714293de3836 | 4682 | |
ashleymills | 0:714293de3836 | 4683 | #ifdef CYASSL_CALLBACKS |
ashleymills | 0:714293de3836 | 4684 | |
ashleymills | 0:714293de3836 | 4685 | typedef struct itimerval Itimerval; |
ashleymills | 0:714293de3836 | 4686 | |
ashleymills | 0:714293de3836 | 4687 | /* don't keep calling simple functions while setting up timer and singals |
ashleymills | 0:714293de3836 | 4688 | if no inlining these are the next best */ |
ashleymills | 0:714293de3836 | 4689 | |
ashleymills | 0:714293de3836 | 4690 | #define AddTimes(a, b, c) \ |
ashleymills | 0:714293de3836 | 4691 | do { \ |
ashleymills | 0:714293de3836 | 4692 | c.tv_sec = a.tv_sec + b.tv_sec; \ |
ashleymills | 0:714293de3836 | 4693 | c.tv_usec = a.tv_usec + b.tv_usec; \ |
ashleymills | 0:714293de3836 | 4694 | if (c.tv_usec >= 1000000) { \ |
ashleymills | 0:714293de3836 | 4695 | c.tv_sec++; \ |
ashleymills | 0:714293de3836 | 4696 | c.tv_usec -= 1000000; \ |
ashleymills | 0:714293de3836 | 4697 | } \ |
ashleymills | 0:714293de3836 | 4698 | } while (0) |
ashleymills | 0:714293de3836 | 4699 | |
ashleymills | 0:714293de3836 | 4700 | |
ashleymills | 0:714293de3836 | 4701 | #define SubtractTimes(a, b, c) \ |
ashleymills | 0:714293de3836 | 4702 | do { \ |
ashleymills | 0:714293de3836 | 4703 | c.tv_sec = a.tv_sec - b.tv_sec; \ |
ashleymills | 0:714293de3836 | 4704 | c.tv_usec = a.tv_usec - b.tv_usec; \ |
ashleymills | 0:714293de3836 | 4705 | if (c.tv_usec < 0) { \ |
ashleymills | 0:714293de3836 | 4706 | c.tv_sec--; \ |
ashleymills | 0:714293de3836 | 4707 | c.tv_usec += 1000000; \ |
ashleymills | 0:714293de3836 | 4708 | } \ |
ashleymills | 0:714293de3836 | 4709 | } while (0) |
ashleymills | 0:714293de3836 | 4710 | |
ashleymills | 0:714293de3836 | 4711 | #define CmpTimes(a, b, cmp) \ |
ashleymills | 0:714293de3836 | 4712 | ((a.tv_sec == b.tv_sec) ? \ |
ashleymills | 0:714293de3836 | 4713 | (a.tv_usec cmp b.tv_usec) : \ |
ashleymills | 0:714293de3836 | 4714 | (a.tv_sec cmp b.tv_sec)) \ |
ashleymills | 0:714293de3836 | 4715 | |
ashleymills | 0:714293de3836 | 4716 | |
ashleymills | 0:714293de3836 | 4717 | /* do nothing handler */ |
ashleymills | 0:714293de3836 | 4718 | static void myHandler(int signo) |
ashleymills | 0:714293de3836 | 4719 | { |
ashleymills | 0:714293de3836 | 4720 | (void)signo; |
ashleymills | 0:714293de3836 | 4721 | return; |
ashleymills | 0:714293de3836 | 4722 | } |
ashleymills | 0:714293de3836 | 4723 | |
ashleymills | 0:714293de3836 | 4724 | |
ashleymills | 0:714293de3836 | 4725 | static int CyaSSL_ex_wrapper(CYASSL* ssl, HandShakeCallBack hsCb, |
ashleymills | 0:714293de3836 | 4726 | TimeoutCallBack toCb, Timeval timeout) |
ashleymills | 0:714293de3836 | 4727 | { |
ashleymills | 0:714293de3836 | 4728 | int ret = SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 4729 | int oldTimerOn = 0; /* was timer already on */ |
ashleymills | 0:714293de3836 | 4730 | Timeval startTime; |
ashleymills | 0:714293de3836 | 4731 | Timeval endTime; |
ashleymills | 0:714293de3836 | 4732 | Timeval totalTime; |
ashleymills | 0:714293de3836 | 4733 | Itimerval myTimeout; |
ashleymills | 0:714293de3836 | 4734 | Itimerval oldTimeout; /* if old timer adjust from total time to reset */ |
ashleymills | 0:714293de3836 | 4735 | struct sigaction act, oact; |
ashleymills | 0:714293de3836 | 4736 | |
ashleymills | 0:714293de3836 | 4737 | #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; } |
ashleymills | 0:714293de3836 | 4738 | |
ashleymills | 0:714293de3836 | 4739 | if (hsCb) { |
ashleymills | 0:714293de3836 | 4740 | ssl->hsInfoOn = 1; |
ashleymills | 0:714293de3836 | 4741 | InitHandShakeInfo(&ssl->handShakeInfo); |
ashleymills | 0:714293de3836 | 4742 | } |
ashleymills | 0:714293de3836 | 4743 | if (toCb) { |
ashleymills | 0:714293de3836 | 4744 | ssl->toInfoOn = 1; |
ashleymills | 0:714293de3836 | 4745 | InitTimeoutInfo(&ssl->timeoutInfo); |
ashleymills | 0:714293de3836 | 4746 | |
ashleymills | 0:714293de3836 | 4747 | if (gettimeofday(&startTime, 0) < 0) |
ashleymills | 0:714293de3836 | 4748 | ERR_OUT(GETTIME_ERROR); |
ashleymills | 0:714293de3836 | 4749 | |
ashleymills | 0:714293de3836 | 4750 | /* use setitimer to simulate getitimer, init 0 myTimeout */ |
ashleymills | 0:714293de3836 | 4751 | myTimeout.it_interval.tv_sec = 0; |
ashleymills | 0:714293de3836 | 4752 | myTimeout.it_interval.tv_usec = 0; |
ashleymills | 0:714293de3836 | 4753 | myTimeout.it_value.tv_sec = 0; |
ashleymills | 0:714293de3836 | 4754 | myTimeout.it_value.tv_usec = 0; |
ashleymills | 0:714293de3836 | 4755 | if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0) |
ashleymills | 0:714293de3836 | 4756 | ERR_OUT(SETITIMER_ERROR); |
ashleymills | 0:714293de3836 | 4757 | |
ashleymills | 0:714293de3836 | 4758 | if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) { |
ashleymills | 0:714293de3836 | 4759 | oldTimerOn = 1; |
ashleymills | 0:714293de3836 | 4760 | |
ashleymills | 0:714293de3836 | 4761 | /* is old timer going to expire before ours */ |
ashleymills | 0:714293de3836 | 4762 | if (CmpTimes(oldTimeout.it_value, timeout, <)) { |
ashleymills | 0:714293de3836 | 4763 | timeout.tv_sec = oldTimeout.it_value.tv_sec; |
ashleymills | 0:714293de3836 | 4764 | timeout.tv_usec = oldTimeout.it_value.tv_usec; |
ashleymills | 0:714293de3836 | 4765 | } |
ashleymills | 0:714293de3836 | 4766 | } |
ashleymills | 0:714293de3836 | 4767 | myTimeout.it_value.tv_sec = timeout.tv_sec; |
ashleymills | 0:714293de3836 | 4768 | myTimeout.it_value.tv_usec = timeout.tv_usec; |
ashleymills | 0:714293de3836 | 4769 | |
ashleymills | 0:714293de3836 | 4770 | /* set up signal handler, don't restart socket send/recv */ |
ashleymills | 0:714293de3836 | 4771 | act.sa_handler = myHandler; |
ashleymills | 0:714293de3836 | 4772 | sigemptyset(&act.sa_mask); |
ashleymills | 0:714293de3836 | 4773 | act.sa_flags = 0; |
ashleymills | 0:714293de3836 | 4774 | #ifdef SA_INTERRUPT |
ashleymills | 0:714293de3836 | 4775 | act.sa_flags |= SA_INTERRUPT; |
ashleymills | 0:714293de3836 | 4776 | #endif |
ashleymills | 0:714293de3836 | 4777 | if (sigaction(SIGALRM, &act, &oact) < 0) |
ashleymills | 0:714293de3836 | 4778 | ERR_OUT(SIGACT_ERROR); |
ashleymills | 0:714293de3836 | 4779 | |
ashleymills | 0:714293de3836 | 4780 | if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0) |
ashleymills | 0:714293de3836 | 4781 | ERR_OUT(SETITIMER_ERROR); |
ashleymills | 0:714293de3836 | 4782 | } |
ashleymills | 0:714293de3836 | 4783 | |
ashleymills | 0:714293de3836 | 4784 | /* do main work */ |
ashleymills | 0:714293de3836 | 4785 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:714293de3836 | 4786 | if (ssl->options.side == CLIENT_END) |
ashleymills | 0:714293de3836 | 4787 | ret = CyaSSL_connect(ssl); |
ashleymills | 0:714293de3836 | 4788 | #endif |
ashleymills | 0:714293de3836 | 4789 | #ifndef NO_CYASSL_SERVER |
ashleymills | 0:714293de3836 | 4790 | if (ssl->options.side == SERVER_END) |
ashleymills | 0:714293de3836 | 4791 | ret = CyaSSL_accept(ssl); |
ashleymills | 0:714293de3836 | 4792 | #endif |
ashleymills | 0:714293de3836 | 4793 | |
ashleymills | 0:714293de3836 | 4794 | /* do callbacks */ |
ashleymills | 0:714293de3836 | 4795 | if (toCb) { |
ashleymills | 0:714293de3836 | 4796 | if (oldTimerOn) { |
ashleymills | 0:714293de3836 | 4797 | gettimeofday(&endTime, 0); |
ashleymills | 0:714293de3836 | 4798 | SubtractTimes(endTime, startTime, totalTime); |
ashleymills | 0:714293de3836 | 4799 | /* adjust old timer for elapsed time */ |
ashleymills | 0:714293de3836 | 4800 | if (CmpTimes(totalTime, oldTimeout.it_value, <)) |
ashleymills | 0:714293de3836 | 4801 | SubtractTimes(oldTimeout.it_value, totalTime, |
ashleymills | 0:714293de3836 | 4802 | oldTimeout.it_value); |
ashleymills | 0:714293de3836 | 4803 | else { |
ashleymills | 0:714293de3836 | 4804 | /* reset value to interval, may be off */ |
ashleymills | 0:714293de3836 | 4805 | oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec; |
ashleymills | 0:714293de3836 | 4806 | oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec; |
ashleymills | 0:714293de3836 | 4807 | } |
ashleymills | 0:714293de3836 | 4808 | /* keep iter the same whether there or not */ |
ashleymills | 0:714293de3836 | 4809 | } |
ashleymills | 0:714293de3836 | 4810 | /* restore old handler */ |
ashleymills | 0:714293de3836 | 4811 | if (sigaction(SIGALRM, &oact, 0) < 0) |
ashleymills | 0:714293de3836 | 4812 | ret = SIGACT_ERROR; /* more pressing error, stomp */ |
ashleymills | 0:714293de3836 | 4813 | else |
ashleymills | 0:714293de3836 | 4814 | /* use old settings which may turn off (expired or not there) */ |
ashleymills | 0:714293de3836 | 4815 | if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0) |
ashleymills | 0:714293de3836 | 4816 | ret = SETITIMER_ERROR; |
ashleymills | 0:714293de3836 | 4817 | |
ashleymills | 0:714293de3836 | 4818 | /* if we had a timeout call callback */ |
ashleymills | 0:714293de3836 | 4819 | if (ssl->timeoutInfo.timeoutName[0]) { |
ashleymills | 0:714293de3836 | 4820 | ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec; |
ashleymills | 0:714293de3836 | 4821 | ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec; |
ashleymills | 0:714293de3836 | 4822 | (toCb)(&ssl->timeoutInfo); |
ashleymills | 0:714293de3836 | 4823 | } |
ashleymills | 0:714293de3836 | 4824 | /* clean up */ |
ashleymills | 0:714293de3836 | 4825 | FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap); |
ashleymills | 0:714293de3836 | 4826 | ssl->toInfoOn = 0; |
ashleymills | 0:714293de3836 | 4827 | } |
ashleymills | 0:714293de3836 | 4828 | if (hsCb) { |
ashleymills | 0:714293de3836 | 4829 | FinishHandShakeInfo(&ssl->handShakeInfo, ssl); |
ashleymills | 0:714293de3836 | 4830 | (hsCb)(&ssl->handShakeInfo); |
ashleymills | 0:714293de3836 | 4831 | ssl->hsInfoOn = 0; |
ashleymills | 0:714293de3836 | 4832 | } |
ashleymills | 0:714293de3836 | 4833 | return ret; |
ashleymills | 0:714293de3836 | 4834 | } |
ashleymills | 0:714293de3836 | 4835 | |
ashleymills | 0:714293de3836 | 4836 | |
ashleymills | 0:714293de3836 | 4837 | #ifndef NO_CYASSL_CLIENT |
ashleymills | 0:714293de3836 | 4838 | |
ashleymills | 0:714293de3836 | 4839 | int CyaSSL_connect_ex(CYASSL* ssl, HandShakeCallBack hsCb, |
ashleymills | 0:714293de3836 | 4840 | TimeoutCallBack toCb, Timeval timeout) |
ashleymills | 0:714293de3836 | 4841 | { |
ashleymills | 0:714293de3836 | 4842 | CYASSL_ENTER("CyaSSL_connect_ex"); |
ashleymills | 0:714293de3836 | 4843 | return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout); |
ashleymills | 0:714293de3836 | 4844 | } |
ashleymills | 0:714293de3836 | 4845 | |
ashleymills | 0:714293de3836 | 4846 | #endif |
ashleymills | 0:714293de3836 | 4847 | |
ashleymills | 0:714293de3836 | 4848 | |
ashleymills | 0:714293de3836 | 4849 | #ifndef NO_CYASSL_SERVER |
ashleymills | 0:714293de3836 | 4850 | |
ashleymills | 0:714293de3836 | 4851 | int CyaSSL_accept_ex(CYASSL* ssl, HandShakeCallBack hsCb, |
ashleymills | 0:714293de3836 | 4852 | TimeoutCallBack toCb,Timeval timeout) |
ashleymills | 0:714293de3836 | 4853 | { |
ashleymills | 0:714293de3836 | 4854 | CYASSL_ENTER("CyaSSL_accept_ex"); |
ashleymills | 0:714293de3836 | 4855 | return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout); |
ashleymills | 0:714293de3836 | 4856 | } |
ashleymills | 0:714293de3836 | 4857 | |
ashleymills | 0:714293de3836 | 4858 | #endif |
ashleymills | 0:714293de3836 | 4859 | |
ashleymills | 0:714293de3836 | 4860 | #endif /* CYASSL_CALLBACKS */ |
ashleymills | 0:714293de3836 | 4861 | |
ashleymills | 0:714293de3836 | 4862 | |
ashleymills | 0:714293de3836 | 4863 | #ifndef NO_PSK |
ashleymills | 0:714293de3836 | 4864 | |
ashleymills | 0:714293de3836 | 4865 | void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 4866 | psk_client_callback cb) |
ashleymills | 0:714293de3836 | 4867 | { |
ashleymills | 0:714293de3836 | 4868 | CYASSL_ENTER("SSL_CTX_set_psk_client_callback"); |
ashleymills | 0:714293de3836 | 4869 | ctx->havePSK = 1; |
ashleymills | 0:714293de3836 | 4870 | ctx->client_psk_cb = cb; |
ashleymills | 0:714293de3836 | 4871 | } |
ashleymills | 0:714293de3836 | 4872 | |
ashleymills | 0:714293de3836 | 4873 | |
ashleymills | 0:714293de3836 | 4874 | void CyaSSL_set_psk_client_callback(CYASSL* ssl, psk_client_callback cb) |
ashleymills | 0:714293de3836 | 4875 | { |
ashleymills | 0:714293de3836 | 4876 | byte haveRSA = 1; |
ashleymills | 0:714293de3836 | 4877 | |
ashleymills | 0:714293de3836 | 4878 | CYASSL_ENTER("SSL_set_psk_client_callback"); |
ashleymills | 0:714293de3836 | 4879 | ssl->options.havePSK = 1; |
ashleymills | 0:714293de3836 | 4880 | ssl->options.client_psk_cb = cb; |
ashleymills | 0:714293de3836 | 4881 | |
ashleymills | 0:714293de3836 | 4882 | #ifdef NO_RSA |
ashleymills | 0:714293de3836 | 4883 | haveRSA = 0; |
ashleymills | 0:714293de3836 | 4884 | #endif |
ashleymills | 0:714293de3836 | 4885 | InitSuites(ssl->suites, ssl->version, haveRSA, TRUE, |
ashleymills | 0:714293de3836 | 4886 | ssl->options.haveDH, ssl->options.haveNTRU, |
ashleymills | 0:714293de3836 | 4887 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
ashleymills | 0:714293de3836 | 4888 | ssl->options.side); |
ashleymills | 0:714293de3836 | 4889 | } |
ashleymills | 0:714293de3836 | 4890 | |
ashleymills | 0:714293de3836 | 4891 | |
ashleymills | 0:714293de3836 | 4892 | void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 4893 | psk_server_callback cb) |
ashleymills | 0:714293de3836 | 4894 | { |
ashleymills | 0:714293de3836 | 4895 | CYASSL_ENTER("SSL_CTX_set_psk_server_callback"); |
ashleymills | 0:714293de3836 | 4896 | ctx->havePSK = 1; |
ashleymills | 0:714293de3836 | 4897 | ctx->server_psk_cb = cb; |
ashleymills | 0:714293de3836 | 4898 | } |
ashleymills | 0:714293de3836 | 4899 | |
ashleymills | 0:714293de3836 | 4900 | |
ashleymills | 0:714293de3836 | 4901 | void CyaSSL_set_psk_server_callback(CYASSL* ssl, psk_server_callback cb) |
ashleymills | 0:714293de3836 | 4902 | { |
ashleymills | 0:714293de3836 | 4903 | byte haveRSA = 1; |
ashleymills | 0:714293de3836 | 4904 | |
ashleymills | 0:714293de3836 | 4905 | CYASSL_ENTER("SSL_set_psk_server_callback"); |
ashleymills | 0:714293de3836 | 4906 | ssl->options.havePSK = 1; |
ashleymills | 0:714293de3836 | 4907 | ssl->options.server_psk_cb = cb; |
ashleymills | 0:714293de3836 | 4908 | |
ashleymills | 0:714293de3836 | 4909 | #ifdef NO_RSA |
ashleymills | 0:714293de3836 | 4910 | haveRSA = 0; |
ashleymills | 0:714293de3836 | 4911 | #endif |
ashleymills | 0:714293de3836 | 4912 | InitSuites(ssl->suites, ssl->version, haveRSA, TRUE, |
ashleymills | 0:714293de3836 | 4913 | ssl->options.haveDH, ssl->options.haveNTRU, |
ashleymills | 0:714293de3836 | 4914 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
ashleymills | 0:714293de3836 | 4915 | ssl->options.side); |
ashleymills | 0:714293de3836 | 4916 | } |
ashleymills | 0:714293de3836 | 4917 | |
ashleymills | 0:714293de3836 | 4918 | |
ashleymills | 0:714293de3836 | 4919 | const char* CyaSSL_get_psk_identity_hint(const CYASSL* ssl) |
ashleymills | 0:714293de3836 | 4920 | { |
ashleymills | 0:714293de3836 | 4921 | CYASSL_ENTER("SSL_get_psk_identity_hint"); |
ashleymills | 0:714293de3836 | 4922 | |
ashleymills | 0:714293de3836 | 4923 | if (ssl == NULL || ssl->arrays == NULL) |
ashleymills | 0:714293de3836 | 4924 | return NULL; |
ashleymills | 0:714293de3836 | 4925 | |
ashleymills | 0:714293de3836 | 4926 | return ssl->arrays->server_hint; |
ashleymills | 0:714293de3836 | 4927 | } |
ashleymills | 0:714293de3836 | 4928 | |
ashleymills | 0:714293de3836 | 4929 | |
ashleymills | 0:714293de3836 | 4930 | const char* CyaSSL_get_psk_identity(const CYASSL* ssl) |
ashleymills | 0:714293de3836 | 4931 | { |
ashleymills | 0:714293de3836 | 4932 | CYASSL_ENTER("SSL_get_psk_identity"); |
ashleymills | 0:714293de3836 | 4933 | |
ashleymills | 0:714293de3836 | 4934 | if (ssl == NULL || ssl->arrays == NULL) |
ashleymills | 0:714293de3836 | 4935 | return NULL; |
ashleymills | 0:714293de3836 | 4936 | |
ashleymills | 0:714293de3836 | 4937 | return ssl->arrays->client_identity; |
ashleymills | 0:714293de3836 | 4938 | } |
ashleymills | 0:714293de3836 | 4939 | |
ashleymills | 0:714293de3836 | 4940 | |
ashleymills | 0:714293de3836 | 4941 | int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX* ctx, const char* hint) |
ashleymills | 0:714293de3836 | 4942 | { |
ashleymills | 0:714293de3836 | 4943 | CYASSL_ENTER("SSL_CTX_use_psk_identity_hint"); |
ashleymills | 0:714293de3836 | 4944 | if (hint == 0) |
ashleymills | 0:714293de3836 | 4945 | ctx->server_hint[0] = 0; |
ashleymills | 0:714293de3836 | 4946 | else { |
ashleymills | 0:714293de3836 | 4947 | XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN); |
ashleymills | 0:714293de3836 | 4948 | ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0'; |
ashleymills | 0:714293de3836 | 4949 | } |
ashleymills | 0:714293de3836 | 4950 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 4951 | } |
ashleymills | 0:714293de3836 | 4952 | |
ashleymills | 0:714293de3836 | 4953 | |
ashleymills | 0:714293de3836 | 4954 | int CyaSSL_use_psk_identity_hint(CYASSL* ssl, const char* hint) |
ashleymills | 0:714293de3836 | 4955 | { |
ashleymills | 0:714293de3836 | 4956 | CYASSL_ENTER("SSL_use_psk_identity_hint"); |
ashleymills | 0:714293de3836 | 4957 | |
ashleymills | 0:714293de3836 | 4958 | if (ssl == NULL || ssl->arrays == NULL) |
ashleymills | 0:714293de3836 | 4959 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 4960 | |
ashleymills | 0:714293de3836 | 4961 | if (hint == 0) |
ashleymills | 0:714293de3836 | 4962 | ssl->arrays->server_hint[0] = 0; |
ashleymills | 0:714293de3836 | 4963 | else { |
ashleymills | 0:714293de3836 | 4964 | XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN); |
ashleymills | 0:714293de3836 | 4965 | ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0'; |
ashleymills | 0:714293de3836 | 4966 | } |
ashleymills | 0:714293de3836 | 4967 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 4968 | } |
ashleymills | 0:714293de3836 | 4969 | |
ashleymills | 0:714293de3836 | 4970 | #endif /* NO_PSK */ |
ashleymills | 0:714293de3836 | 4971 | |
ashleymills | 0:714293de3836 | 4972 | |
ashleymills | 0:714293de3836 | 4973 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 4974 | /* used to be defined on NO_FILESYSTEM only, but are generally useful */ |
ashleymills | 0:714293de3836 | 4975 | |
ashleymills | 0:714293de3836 | 4976 | /* CyaSSL extension allows DER files to be loaded from buffers as well */ |
ashleymills | 0:714293de3836 | 4977 | int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX* ctx, const unsigned char* in, |
ashleymills | 0:714293de3836 | 4978 | long sz, int format) |
ashleymills | 0:714293de3836 | 4979 | { |
ashleymills | 0:714293de3836 | 4980 | CYASSL_ENTER("CyaSSL_CTX_load_verify_buffer"); |
ashleymills | 0:714293de3836 | 4981 | if (format == SSL_FILETYPE_PEM) |
ashleymills | 0:714293de3836 | 4982 | return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL); |
ashleymills | 0:714293de3836 | 4983 | else |
ashleymills | 0:714293de3836 | 4984 | return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0); |
ashleymills | 0:714293de3836 | 4985 | } |
ashleymills | 0:714293de3836 | 4986 | |
ashleymills | 0:714293de3836 | 4987 | |
ashleymills | 0:714293de3836 | 4988 | int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 4989 | const unsigned char* in, long sz, int format) |
ashleymills | 0:714293de3836 | 4990 | { |
ashleymills | 0:714293de3836 | 4991 | CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer"); |
ashleymills | 0:714293de3836 | 4992 | return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0); |
ashleymills | 0:714293de3836 | 4993 | } |
ashleymills | 0:714293de3836 | 4994 | |
ashleymills | 0:714293de3836 | 4995 | |
ashleymills | 0:714293de3836 | 4996 | int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 4997 | const unsigned char* in, long sz, int format) |
ashleymills | 0:714293de3836 | 4998 | { |
ashleymills | 0:714293de3836 | 4999 | CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer"); |
ashleymills | 0:714293de3836 | 5000 | return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0); |
ashleymills | 0:714293de3836 | 5001 | } |
ashleymills | 0:714293de3836 | 5002 | |
ashleymills | 0:714293de3836 | 5003 | |
ashleymills | 0:714293de3836 | 5004 | int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 5005 | const unsigned char* in, long sz) |
ashleymills | 0:714293de3836 | 5006 | { |
ashleymills | 0:714293de3836 | 5007 | CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer"); |
ashleymills | 0:714293de3836 | 5008 | return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL, |
ashleymills | 0:714293de3836 | 5009 | NULL, 1); |
ashleymills | 0:714293de3836 | 5010 | } |
ashleymills | 0:714293de3836 | 5011 | |
ashleymills | 0:714293de3836 | 5012 | int CyaSSL_use_certificate_buffer(CYASSL* ssl, |
ashleymills | 0:714293de3836 | 5013 | const unsigned char* in, long sz, int format) |
ashleymills | 0:714293de3836 | 5014 | { |
ashleymills | 0:714293de3836 | 5015 | CYASSL_ENTER("CyaSSL_use_certificate_buffer"); |
ashleymills | 0:714293de3836 | 5016 | return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0); |
ashleymills | 0:714293de3836 | 5017 | } |
ashleymills | 0:714293de3836 | 5018 | |
ashleymills | 0:714293de3836 | 5019 | |
ashleymills | 0:714293de3836 | 5020 | int CyaSSL_use_PrivateKey_buffer(CYASSL* ssl, |
ashleymills | 0:714293de3836 | 5021 | const unsigned char* in, long sz, int format) |
ashleymills | 0:714293de3836 | 5022 | { |
ashleymills | 0:714293de3836 | 5023 | CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer"); |
ashleymills | 0:714293de3836 | 5024 | return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, |
ashleymills | 0:714293de3836 | 5025 | ssl, NULL, 0); |
ashleymills | 0:714293de3836 | 5026 | } |
ashleymills | 0:714293de3836 | 5027 | |
ashleymills | 0:714293de3836 | 5028 | |
ashleymills | 0:714293de3836 | 5029 | int CyaSSL_use_certificate_chain_buffer(CYASSL* ssl, |
ashleymills | 0:714293de3836 | 5030 | const unsigned char* in, long sz) |
ashleymills | 0:714293de3836 | 5031 | { |
ashleymills | 0:714293de3836 | 5032 | CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer"); |
ashleymills | 0:714293de3836 | 5033 | return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, |
ashleymills | 0:714293de3836 | 5034 | ssl, NULL, 1); |
ashleymills | 0:714293de3836 | 5035 | } |
ashleymills | 0:714293de3836 | 5036 | |
ashleymills | 0:714293de3836 | 5037 | int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 5038 | { |
ashleymills | 0:714293de3836 | 5039 | CYASSL_ENTER("CyaSSL_CTX_UnloadCAs"); |
ashleymills | 0:714293de3836 | 5040 | |
ashleymills | 0:714293de3836 | 5041 | if (ctx == NULL) |
ashleymills | 0:714293de3836 | 5042 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 5043 | |
ashleymills | 0:714293de3836 | 5044 | return CyaSSL_CertManagerUnloadCAs(ctx->cm); |
ashleymills | 0:714293de3836 | 5045 | } |
ashleymills | 0:714293de3836 | 5046 | |
ashleymills | 0:714293de3836 | 5047 | /* old NO_FILESYSTEM end */ |
ashleymills | 0:714293de3836 | 5048 | #endif /* !NO_CERTS */ |
ashleymills | 0:714293de3836 | 5049 | |
ashleymills | 0:714293de3836 | 5050 | |
ashleymills | 0:714293de3836 | 5051 | #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) |
ashleymills | 0:714293de3836 | 5052 | |
ashleymills | 0:714293de3836 | 5053 | |
ashleymills | 0:714293de3836 | 5054 | int CyaSSL_add_all_algorithms(void) |
ashleymills | 0:714293de3836 | 5055 | { |
ashleymills | 0:714293de3836 | 5056 | CYASSL_ENTER("CyaSSL_add_all_algorithms"); |
ashleymills | 0:714293de3836 | 5057 | CyaSSL_Init(); |
ashleymills | 0:714293de3836 | 5058 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 5059 | } |
ashleymills | 0:714293de3836 | 5060 | |
ashleymills | 0:714293de3836 | 5061 | |
ashleymills | 0:714293de3836 | 5062 | long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX* ctx, long sz) |
ashleymills | 0:714293de3836 | 5063 | { |
ashleymills | 0:714293de3836 | 5064 | /* cache size fixed at compile time in CyaSSL */ |
ashleymills | 0:714293de3836 | 5065 | (void)ctx; |
ashleymills | 0:714293de3836 | 5066 | (void)sz; |
ashleymills | 0:714293de3836 | 5067 | return 0; |
ashleymills | 0:714293de3836 | 5068 | } |
ashleymills | 0:714293de3836 | 5069 | |
ashleymills | 0:714293de3836 | 5070 | |
ashleymills | 0:714293de3836 | 5071 | void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode) |
ashleymills | 0:714293de3836 | 5072 | { |
ashleymills | 0:714293de3836 | 5073 | CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown"); |
ashleymills | 0:714293de3836 | 5074 | if (mode) |
ashleymills | 0:714293de3836 | 5075 | ctx->quietShutdown = 1; |
ashleymills | 0:714293de3836 | 5076 | } |
ashleymills | 0:714293de3836 | 5077 | |
ashleymills | 0:714293de3836 | 5078 | |
ashleymills | 0:714293de3836 | 5079 | void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode) |
ashleymills | 0:714293de3836 | 5080 | { |
ashleymills | 0:714293de3836 | 5081 | CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown"); |
ashleymills | 0:714293de3836 | 5082 | if (mode) |
ashleymills | 0:714293de3836 | 5083 | ssl->options.quietShutdown = 1; |
ashleymills | 0:714293de3836 | 5084 | } |
ashleymills | 0:714293de3836 | 5085 | |
ashleymills | 0:714293de3836 | 5086 | |
ashleymills | 0:714293de3836 | 5087 | void CyaSSL_set_bio(CYASSL* ssl, CYASSL_BIO* rd, CYASSL_BIO* wr) |
ashleymills | 0:714293de3836 | 5088 | { |
ashleymills | 0:714293de3836 | 5089 | CYASSL_ENTER("SSL_set_bio"); |
ashleymills | 0:714293de3836 | 5090 | CyaSSL_set_rfd(ssl, rd->fd); |
ashleymills | 0:714293de3836 | 5091 | CyaSSL_set_wfd(ssl, wr->fd); |
ashleymills | 0:714293de3836 | 5092 | |
ashleymills | 0:714293de3836 | 5093 | ssl->biord = rd; |
ashleymills | 0:714293de3836 | 5094 | ssl->biowr = wr; |
ashleymills | 0:714293de3836 | 5095 | } |
ashleymills | 0:714293de3836 | 5096 | |
ashleymills | 0:714293de3836 | 5097 | |
ashleymills | 0:714293de3836 | 5098 | void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 5099 | STACK_OF(CYASSL_X509_NAME)* names) |
ashleymills | 0:714293de3836 | 5100 | { |
ashleymills | 0:714293de3836 | 5101 | (void)ctx; |
ashleymills | 0:714293de3836 | 5102 | (void)names; |
ashleymills | 0:714293de3836 | 5103 | } |
ashleymills | 0:714293de3836 | 5104 | |
ashleymills | 0:714293de3836 | 5105 | |
ashleymills | 0:714293de3836 | 5106 | STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char* fname) |
ashleymills | 0:714293de3836 | 5107 | { |
ashleymills | 0:714293de3836 | 5108 | (void)fname; |
ashleymills | 0:714293de3836 | 5109 | return 0; |
ashleymills | 0:714293de3836 | 5110 | } |
ashleymills | 0:714293de3836 | 5111 | |
ashleymills | 0:714293de3836 | 5112 | |
ashleymills | 0:714293de3836 | 5113 | int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 5114 | { |
ashleymills | 0:714293de3836 | 5115 | /* TODO:, not needed in goahead */ |
ashleymills | 0:714293de3836 | 5116 | (void)ctx; |
ashleymills | 0:714293de3836 | 5117 | return SSL_NOT_IMPLEMENTED; |
ashleymills | 0:714293de3836 | 5118 | } |
ashleymills | 0:714293de3836 | 5119 | |
ashleymills | 0:714293de3836 | 5120 | |
ashleymills | 0:714293de3836 | 5121 | /* keyblock size in bytes or -1 */ |
ashleymills | 0:714293de3836 | 5122 | int CyaSSL_get_keyblock_size(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 5123 | { |
ashleymills | 0:714293de3836 | 5124 | if (ssl == NULL) |
ashleymills | 0:714293de3836 | 5125 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 5126 | |
ashleymills | 0:714293de3836 | 5127 | return 2 * (ssl->specs.key_size + ssl->specs.iv_size + |
ashleymills | 0:714293de3836 | 5128 | ssl->specs.hash_size); |
ashleymills | 0:714293de3836 | 5129 | } |
ashleymills | 0:714293de3836 | 5130 | |
ashleymills | 0:714293de3836 | 5131 | |
ashleymills | 0:714293de3836 | 5132 | /* store keys returns SSL_SUCCESS or -1 on error */ |
ashleymills | 0:714293de3836 | 5133 | int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen, |
ashleymills | 0:714293de3836 | 5134 | unsigned char** sr, unsigned int* srLen, |
ashleymills | 0:714293de3836 | 5135 | unsigned char** cr, unsigned int* crLen) |
ashleymills | 0:714293de3836 | 5136 | { |
ashleymills | 0:714293de3836 | 5137 | if (ssl == NULL || ssl->arrays == NULL) |
ashleymills | 0:714293de3836 | 5138 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 5139 | |
ashleymills | 0:714293de3836 | 5140 | *ms = ssl->arrays->masterSecret; |
ashleymills | 0:714293de3836 | 5141 | *sr = ssl->arrays->serverRandom; |
ashleymills | 0:714293de3836 | 5142 | *cr = ssl->arrays->clientRandom; |
ashleymills | 0:714293de3836 | 5143 | |
ashleymills | 0:714293de3836 | 5144 | *msLen = SECRET_LEN; |
ashleymills | 0:714293de3836 | 5145 | *srLen = RAN_LEN; |
ashleymills | 0:714293de3836 | 5146 | *crLen = RAN_LEN; |
ashleymills | 0:714293de3836 | 5147 | |
ashleymills | 0:714293de3836 | 5148 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 5149 | } |
ashleymills | 0:714293de3836 | 5150 | |
ashleymills | 0:714293de3836 | 5151 | |
ashleymills | 0:714293de3836 | 5152 | void CyaSSL_set_accept_state(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 5153 | { |
ashleymills | 0:714293de3836 | 5154 | byte haveRSA = 1; |
ashleymills | 0:714293de3836 | 5155 | byte havePSK = 0; |
ashleymills | 0:714293de3836 | 5156 | |
ashleymills | 0:714293de3836 | 5157 | CYASSL_ENTER("SSL_set_accept_state"); |
ashleymills | 0:714293de3836 | 5158 | ssl->options.side = SERVER_END; |
ashleymills | 0:714293de3836 | 5159 | /* reset suites in case user switched */ |
ashleymills | 0:714293de3836 | 5160 | |
ashleymills | 0:714293de3836 | 5161 | #ifdef NO_RSA |
ashleymills | 0:714293de3836 | 5162 | haveRSA = 0; |
ashleymills | 0:714293de3836 | 5163 | #endif |
ashleymills | 0:714293de3836 | 5164 | #ifndef NO_PSK |
ashleymills | 0:714293de3836 | 5165 | havePSK = ssl->options.havePSK; |
ashleymills | 0:714293de3836 | 5166 | #endif |
ashleymills | 0:714293de3836 | 5167 | InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, |
ashleymills | 0:714293de3836 | 5168 | ssl->options.haveDH, ssl->options.haveNTRU, |
ashleymills | 0:714293de3836 | 5169 | ssl->options.haveECDSAsig, ssl->options.haveStaticECC, |
ashleymills | 0:714293de3836 | 5170 | ssl->options.side); |
ashleymills | 0:714293de3836 | 5171 | } |
ashleymills | 0:714293de3836 | 5172 | #endif |
ashleymills | 0:714293de3836 | 5173 | |
ashleymills | 0:714293de3836 | 5174 | /* return true if connection established */ |
ashleymills | 0:714293de3836 | 5175 | int CyaSSL_is_init_finished(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 5176 | { |
ashleymills | 0:714293de3836 | 5177 | if (ssl == NULL) |
ashleymills | 0:714293de3836 | 5178 | return 0; |
ashleymills | 0:714293de3836 | 5179 | |
ashleymills | 0:714293de3836 | 5180 | if (ssl->options.handShakeState == HANDSHAKE_DONE) |
ashleymills | 0:714293de3836 | 5181 | return 1; |
ashleymills | 0:714293de3836 | 5182 | |
ashleymills | 0:714293de3836 | 5183 | return 0; |
ashleymills | 0:714293de3836 | 5184 | } |
ashleymills | 0:714293de3836 | 5185 | |
ashleymills | 0:714293de3836 | 5186 | #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) |
ashleymills | 0:714293de3836 | 5187 | void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 5188 | CYASSL_RSA*(*f)(CYASSL*, int, int)) |
ashleymills | 0:714293de3836 | 5189 | { |
ashleymills | 0:714293de3836 | 5190 | /* CyaSSL verifies all these internally */ |
ashleymills | 0:714293de3836 | 5191 | (void)ctx; |
ashleymills | 0:714293de3836 | 5192 | (void)f; |
ashleymills | 0:714293de3836 | 5193 | } |
ashleymills | 0:714293de3836 | 5194 | |
ashleymills | 0:714293de3836 | 5195 | |
ashleymills | 0:714293de3836 | 5196 | void CyaSSL_set_shutdown(CYASSL* ssl, int opt) |
ashleymills | 0:714293de3836 | 5197 | { |
ashleymills | 0:714293de3836 | 5198 | (void)ssl; |
ashleymills | 0:714293de3836 | 5199 | (void)opt; |
ashleymills | 0:714293de3836 | 5200 | } |
ashleymills | 0:714293de3836 | 5201 | |
ashleymills | 0:714293de3836 | 5202 | |
ashleymills | 0:714293de3836 | 5203 | long CyaSSL_CTX_set_options(CYASSL_CTX* ctx, long opt) |
ashleymills | 0:714293de3836 | 5204 | { |
ashleymills | 0:714293de3836 | 5205 | /* goahead calls with 0, do nothing */ |
ashleymills | 0:714293de3836 | 5206 | CYASSL_ENTER("SSL_CTX_set_options"); |
ashleymills | 0:714293de3836 | 5207 | (void)ctx; |
ashleymills | 0:714293de3836 | 5208 | return opt; |
ashleymills | 0:714293de3836 | 5209 | } |
ashleymills | 0:714293de3836 | 5210 | |
ashleymills | 0:714293de3836 | 5211 | |
ashleymills | 0:714293de3836 | 5212 | int CyaSSL_set_rfd(CYASSL* ssl, int rfd) |
ashleymills | 0:714293de3836 | 5213 | { |
ashleymills | 0:714293de3836 | 5214 | CYASSL_ENTER("SSL_set_rfd"); |
ashleymills | 0:714293de3836 | 5215 | ssl->rfd = rfd; /* not used directly to allow IO callbacks */ |
ashleymills | 0:714293de3836 | 5216 | |
ashleymills | 0:714293de3836 | 5217 | ssl->IOCB_ReadCtx = &ssl->rfd; |
ashleymills | 0:714293de3836 | 5218 | |
ashleymills | 0:714293de3836 | 5219 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 5220 | } |
ashleymills | 0:714293de3836 | 5221 | |
ashleymills | 0:714293de3836 | 5222 | |
ashleymills | 0:714293de3836 | 5223 | int CyaSSL_set_wfd(CYASSL* ssl, int wfd) |
ashleymills | 0:714293de3836 | 5224 | { |
ashleymills | 0:714293de3836 | 5225 | CYASSL_ENTER("SSL_set_wfd"); |
ashleymills | 0:714293de3836 | 5226 | ssl->wfd = wfd; /* not used directly to allow IO callbacks */ |
ashleymills | 0:714293de3836 | 5227 | |
ashleymills | 0:714293de3836 | 5228 | ssl->IOCB_WriteCtx = &ssl->wfd; |
ashleymills | 0:714293de3836 | 5229 | |
ashleymills | 0:714293de3836 | 5230 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 5231 | } |
ashleymills | 0:714293de3836 | 5232 | |
ashleymills | 0:714293de3836 | 5233 | |
ashleymills | 0:714293de3836 | 5234 | CYASSL_RSA* CyaSSL_RSA_generate_key(int len, unsigned long bits, |
ashleymills | 0:714293de3836 | 5235 | void(*f)(int, int, void*), void* data) |
ashleymills | 0:714293de3836 | 5236 | { |
ashleymills | 0:714293de3836 | 5237 | /* no tmp key needed, actual generation not supported */ |
ashleymills | 0:714293de3836 | 5238 | CYASSL_ENTER("RSA_generate_key"); |
ashleymills | 0:714293de3836 | 5239 | (void)len; |
ashleymills | 0:714293de3836 | 5240 | (void)bits; |
ashleymills | 0:714293de3836 | 5241 | (void)f; |
ashleymills | 0:714293de3836 | 5242 | (void)data; |
ashleymills | 0:714293de3836 | 5243 | return NULL; |
ashleymills | 0:714293de3836 | 5244 | } |
ashleymills | 0:714293de3836 | 5245 | |
ashleymills | 0:714293de3836 | 5246 | |
ashleymills | 0:714293de3836 | 5247 | |
ashleymills | 0:714293de3836 | 5248 | CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert( |
ashleymills | 0:714293de3836 | 5249 | CYASSL_X509_STORE_CTX* ctx) |
ashleymills | 0:714293de3836 | 5250 | { |
ashleymills | 0:714293de3836 | 5251 | (void)ctx; |
ashleymills | 0:714293de3836 | 5252 | return 0; |
ashleymills | 0:714293de3836 | 5253 | } |
ashleymills | 0:714293de3836 | 5254 | |
ashleymills | 0:714293de3836 | 5255 | |
ashleymills | 0:714293de3836 | 5256 | int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX* ctx) |
ashleymills | 0:714293de3836 | 5257 | { |
ashleymills | 0:714293de3836 | 5258 | (void)ctx; |
ashleymills | 0:714293de3836 | 5259 | return 0; |
ashleymills | 0:714293de3836 | 5260 | } |
ashleymills | 0:714293de3836 | 5261 | |
ashleymills | 0:714293de3836 | 5262 | |
ashleymills | 0:714293de3836 | 5263 | int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX* ctx) |
ashleymills | 0:714293de3836 | 5264 | { |
ashleymills | 0:714293de3836 | 5265 | (void)ctx; |
ashleymills | 0:714293de3836 | 5266 | return 0; |
ashleymills | 0:714293de3836 | 5267 | } |
ashleymills | 0:714293de3836 | 5268 | |
ashleymills | 0:714293de3836 | 5269 | |
ashleymills | 0:714293de3836 | 5270 | CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void) |
ashleymills | 0:714293de3836 | 5271 | { |
ashleymills | 0:714293de3836 | 5272 | static CYASSL_BIO_METHOD meth; |
ashleymills | 0:714293de3836 | 5273 | |
ashleymills | 0:714293de3836 | 5274 | CYASSL_ENTER("BIO_f_buffer"); |
ashleymills | 0:714293de3836 | 5275 | meth.type = BIO_BUFFER; |
ashleymills | 0:714293de3836 | 5276 | |
ashleymills | 0:714293de3836 | 5277 | return &meth; |
ashleymills | 0:714293de3836 | 5278 | } |
ashleymills | 0:714293de3836 | 5279 | |
ashleymills | 0:714293de3836 | 5280 | |
ashleymills | 0:714293de3836 | 5281 | long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO* bio, long size) |
ashleymills | 0:714293de3836 | 5282 | { |
ashleymills | 0:714293de3836 | 5283 | /* CyaSSL has internal buffer, compatibility only */ |
ashleymills | 0:714293de3836 | 5284 | CYASSL_ENTER("BIO_set_write_buffer_size"); |
ashleymills | 0:714293de3836 | 5285 | (void)bio; |
ashleymills | 0:714293de3836 | 5286 | return size; |
ashleymills | 0:714293de3836 | 5287 | } |
ashleymills | 0:714293de3836 | 5288 | |
ashleymills | 0:714293de3836 | 5289 | |
ashleymills | 0:714293de3836 | 5290 | CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void) |
ashleymills | 0:714293de3836 | 5291 | { |
ashleymills | 0:714293de3836 | 5292 | static CYASSL_BIO_METHOD meth; |
ashleymills | 0:714293de3836 | 5293 | |
ashleymills | 0:714293de3836 | 5294 | CYASSL_ENTER("BIO_f_ssl"); |
ashleymills | 0:714293de3836 | 5295 | meth.type = BIO_SSL; |
ashleymills | 0:714293de3836 | 5296 | |
ashleymills | 0:714293de3836 | 5297 | return &meth; |
ashleymills | 0:714293de3836 | 5298 | } |
ashleymills | 0:714293de3836 | 5299 | |
ashleymills | 0:714293de3836 | 5300 | |
ashleymills | 0:714293de3836 | 5301 | CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int closeF) |
ashleymills | 0:714293de3836 | 5302 | { |
ashleymills | 0:714293de3836 | 5303 | CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0, |
ashleymills | 0:714293de3836 | 5304 | DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:714293de3836 | 5305 | |
ashleymills | 0:714293de3836 | 5306 | CYASSL_ENTER("BIO_new_socket"); |
ashleymills | 0:714293de3836 | 5307 | if (bio) { |
ashleymills | 0:714293de3836 | 5308 | bio->type = BIO_SOCKET; |
ashleymills | 0:714293de3836 | 5309 | bio->close = (byte)closeF; |
ashleymills | 0:714293de3836 | 5310 | bio->eof = 0; |
ashleymills | 0:714293de3836 | 5311 | bio->ssl = 0; |
ashleymills | 0:714293de3836 | 5312 | bio->fd = sfd; |
ashleymills | 0:714293de3836 | 5313 | bio->prev = 0; |
ashleymills | 0:714293de3836 | 5314 | bio->next = 0; |
ashleymills | 0:714293de3836 | 5315 | bio->mem = NULL; |
ashleymills | 0:714293de3836 | 5316 | bio->memLen = 0; |
ashleymills | 0:714293de3836 | 5317 | } |
ashleymills | 0:714293de3836 | 5318 | return bio; |
ashleymills | 0:714293de3836 | 5319 | } |
ashleymills | 0:714293de3836 | 5320 | |
ashleymills | 0:714293de3836 | 5321 | |
ashleymills | 0:714293de3836 | 5322 | int CyaSSL_BIO_eof(CYASSL_BIO* b) |
ashleymills | 0:714293de3836 | 5323 | { |
ashleymills | 0:714293de3836 | 5324 | CYASSL_ENTER("BIO_eof"); |
ashleymills | 0:714293de3836 | 5325 | if (b->eof) |
ashleymills | 0:714293de3836 | 5326 | return 1; |
ashleymills | 0:714293de3836 | 5327 | |
ashleymills | 0:714293de3836 | 5328 | return 0; |
ashleymills | 0:714293de3836 | 5329 | } |
ashleymills | 0:714293de3836 | 5330 | |
ashleymills | 0:714293de3836 | 5331 | |
ashleymills | 0:714293de3836 | 5332 | long CyaSSL_BIO_set_ssl(CYASSL_BIO* b, CYASSL* ssl, int closeF) |
ashleymills | 0:714293de3836 | 5333 | { |
ashleymills | 0:714293de3836 | 5334 | CYASSL_ENTER("BIO_set_ssl"); |
ashleymills | 0:714293de3836 | 5335 | b->ssl = ssl; |
ashleymills | 0:714293de3836 | 5336 | b->close = (byte)closeF; |
ashleymills | 0:714293de3836 | 5337 | /* add to ssl for bio free if SSL_free called before/instead of free_all? */ |
ashleymills | 0:714293de3836 | 5338 | |
ashleymills | 0:714293de3836 | 5339 | return 0; |
ashleymills | 0:714293de3836 | 5340 | } |
ashleymills | 0:714293de3836 | 5341 | |
ashleymills | 0:714293de3836 | 5342 | |
ashleymills | 0:714293de3836 | 5343 | CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD* method) |
ashleymills | 0:714293de3836 | 5344 | { |
ashleymills | 0:714293de3836 | 5345 | CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0, |
ashleymills | 0:714293de3836 | 5346 | DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:714293de3836 | 5347 | CYASSL_ENTER("BIO_new"); |
ashleymills | 0:714293de3836 | 5348 | if (bio) { |
ashleymills | 0:714293de3836 | 5349 | bio->type = method->type; |
ashleymills | 0:714293de3836 | 5350 | bio->close = 0; |
ashleymills | 0:714293de3836 | 5351 | bio->eof = 0; |
ashleymills | 0:714293de3836 | 5352 | bio->ssl = NULL; |
ashleymills | 0:714293de3836 | 5353 | bio->mem = NULL; |
ashleymills | 0:714293de3836 | 5354 | bio->memLen = 0; |
ashleymills | 0:714293de3836 | 5355 | bio->fd = 0; |
ashleymills | 0:714293de3836 | 5356 | bio->prev = NULL; |
ashleymills | 0:714293de3836 | 5357 | bio->next = NULL; |
ashleymills | 0:714293de3836 | 5358 | } |
ashleymills | 0:714293de3836 | 5359 | return bio; |
ashleymills | 0:714293de3836 | 5360 | } |
ashleymills | 0:714293de3836 | 5361 | |
ashleymills | 0:714293de3836 | 5362 | |
ashleymills | 0:714293de3836 | 5363 | int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio, const byte** p) |
ashleymills | 0:714293de3836 | 5364 | { |
ashleymills | 0:714293de3836 | 5365 | if (bio == NULL || p == NULL) |
ashleymills | 0:714293de3836 | 5366 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 5367 | |
ashleymills | 0:714293de3836 | 5368 | *p = bio->mem; |
ashleymills | 0:714293de3836 | 5369 | |
ashleymills | 0:714293de3836 | 5370 | return bio->memLen; |
ashleymills | 0:714293de3836 | 5371 | } |
ashleymills | 0:714293de3836 | 5372 | |
ashleymills | 0:714293de3836 | 5373 | |
ashleymills | 0:714293de3836 | 5374 | CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len) |
ashleymills | 0:714293de3836 | 5375 | { |
ashleymills | 0:714293de3836 | 5376 | CYASSL_BIO* bio = NULL; |
ashleymills | 0:714293de3836 | 5377 | if (buf == NULL) |
ashleymills | 0:714293de3836 | 5378 | return bio; |
ashleymills | 0:714293de3836 | 5379 | |
ashleymills | 0:714293de3836 | 5380 | bio = CyaSSL_BIO_new(CyaSSL_BIO_s_mem()); |
ashleymills | 0:714293de3836 | 5381 | if (bio == NULL) |
ashleymills | 0:714293de3836 | 5382 | return bio; |
ashleymills | 0:714293de3836 | 5383 | |
ashleymills | 0:714293de3836 | 5384 | bio->memLen = len; |
ashleymills | 0:714293de3836 | 5385 | bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:714293de3836 | 5386 | if (bio->mem == NULL) { |
ashleymills | 0:714293de3836 | 5387 | XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:714293de3836 | 5388 | return NULL; |
ashleymills | 0:714293de3836 | 5389 | } |
ashleymills | 0:714293de3836 | 5390 | |
ashleymills | 0:714293de3836 | 5391 | XMEMCPY(bio->mem, buf, len); |
ashleymills | 0:714293de3836 | 5392 | |
ashleymills | 0:714293de3836 | 5393 | return bio; |
ashleymills | 0:714293de3836 | 5394 | } |
ashleymills | 0:714293de3836 | 5395 | |
ashleymills | 0:714293de3836 | 5396 | |
ashleymills | 0:714293de3836 | 5397 | #ifdef USE_WINDOWS_API |
ashleymills | 0:714293de3836 | 5398 | #define CloseSocket(s) closesocket(s) |
ashleymills | 0:714293de3836 | 5399 | #elif defined(CYASSL_MDK_ARM) |
ashleymills | 0:714293de3836 | 5400 | #define CloseSocket(s) closesocket(s) |
ashleymills | 0:714293de3836 | 5401 | #else |
ashleymills | 0:714293de3836 | 5402 | #define CloseSocket(s) close(s) |
ashleymills | 0:714293de3836 | 5403 | #endif |
ashleymills | 0:714293de3836 | 5404 | |
ashleymills | 0:714293de3836 | 5405 | int CyaSSL_BIO_free(CYASSL_BIO* bio) |
ashleymills | 0:714293de3836 | 5406 | { |
ashleymills | 0:714293de3836 | 5407 | /* unchain?, doesn't matter in goahead since from free all */ |
ashleymills | 0:714293de3836 | 5408 | CYASSL_ENTER("BIO_free"); |
ashleymills | 0:714293de3836 | 5409 | if (bio) { |
ashleymills | 0:714293de3836 | 5410 | if (bio->close) { |
ashleymills | 0:714293de3836 | 5411 | if (bio->ssl) |
ashleymills | 0:714293de3836 | 5412 | CyaSSL_free(bio->ssl); |
ashleymills | 0:714293de3836 | 5413 | if (bio->fd) |
ashleymills | 0:714293de3836 | 5414 | CloseSocket(bio->fd); |
ashleymills | 0:714293de3836 | 5415 | } |
ashleymills | 0:714293de3836 | 5416 | if (bio->mem) |
ashleymills | 0:714293de3836 | 5417 | XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:714293de3836 | 5418 | XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:714293de3836 | 5419 | } |
ashleymills | 0:714293de3836 | 5420 | return 0; |
ashleymills | 0:714293de3836 | 5421 | } |
ashleymills | 0:714293de3836 | 5422 | |
ashleymills | 0:714293de3836 | 5423 | |
ashleymills | 0:714293de3836 | 5424 | int CyaSSL_BIO_free_all(CYASSL_BIO* bio) |
ashleymills | 0:714293de3836 | 5425 | { |
ashleymills | 0:714293de3836 | 5426 | CYASSL_ENTER("BIO_free_all"); |
ashleymills | 0:714293de3836 | 5427 | while (bio) { |
ashleymills | 0:714293de3836 | 5428 | CYASSL_BIO* next = bio->next; |
ashleymills | 0:714293de3836 | 5429 | CyaSSL_BIO_free(bio); |
ashleymills | 0:714293de3836 | 5430 | bio = next; |
ashleymills | 0:714293de3836 | 5431 | } |
ashleymills | 0:714293de3836 | 5432 | return 0; |
ashleymills | 0:714293de3836 | 5433 | } |
ashleymills | 0:714293de3836 | 5434 | |
ashleymills | 0:714293de3836 | 5435 | |
ashleymills | 0:714293de3836 | 5436 | int CyaSSL_BIO_read(CYASSL_BIO* bio, void* buf, int len) |
ashleymills | 0:714293de3836 | 5437 | { |
ashleymills | 0:714293de3836 | 5438 | int ret; |
ashleymills | 0:714293de3836 | 5439 | CYASSL* ssl = 0; |
ashleymills | 0:714293de3836 | 5440 | CYASSL_BIO* front = bio; |
ashleymills | 0:714293de3836 | 5441 | |
ashleymills | 0:714293de3836 | 5442 | CYASSL_ENTER("BIO_read"); |
ashleymills | 0:714293de3836 | 5443 | /* already got eof, again is error */ |
ashleymills | 0:714293de3836 | 5444 | if (front->eof) |
ashleymills | 0:714293de3836 | 5445 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 5446 | |
ashleymills | 0:714293de3836 | 5447 | while(bio && ((ssl = bio->ssl) == 0) ) |
ashleymills | 0:714293de3836 | 5448 | bio = bio->next; |
ashleymills | 0:714293de3836 | 5449 | |
ashleymills | 0:714293de3836 | 5450 | if (ssl == 0) return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 5451 | |
ashleymills | 0:714293de3836 | 5452 | ret = CyaSSL_read(ssl, buf, len); |
ashleymills | 0:714293de3836 | 5453 | if (ret == 0) |
ashleymills | 0:714293de3836 | 5454 | front->eof = 1; |
ashleymills | 0:714293de3836 | 5455 | else if (ret < 0) { |
ashleymills | 0:714293de3836 | 5456 | int err = CyaSSL_get_error(ssl, 0); |
ashleymills | 0:714293de3836 | 5457 | if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) ) |
ashleymills | 0:714293de3836 | 5458 | front->eof = 1; |
ashleymills | 0:714293de3836 | 5459 | } |
ashleymills | 0:714293de3836 | 5460 | return ret; |
ashleymills | 0:714293de3836 | 5461 | } |
ashleymills | 0:714293de3836 | 5462 | |
ashleymills | 0:714293de3836 | 5463 | |
ashleymills | 0:714293de3836 | 5464 | int CyaSSL_BIO_write(CYASSL_BIO* bio, const void* data, int len) |
ashleymills | 0:714293de3836 | 5465 | { |
ashleymills | 0:714293de3836 | 5466 | int ret; |
ashleymills | 0:714293de3836 | 5467 | CYASSL* ssl = 0; |
ashleymills | 0:714293de3836 | 5468 | CYASSL_BIO* front = bio; |
ashleymills | 0:714293de3836 | 5469 | |
ashleymills | 0:714293de3836 | 5470 | CYASSL_ENTER("BIO_write"); |
ashleymills | 0:714293de3836 | 5471 | /* already got eof, again is error */ |
ashleymills | 0:714293de3836 | 5472 | if (front->eof) |
ashleymills | 0:714293de3836 | 5473 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 5474 | |
ashleymills | 0:714293de3836 | 5475 | while(bio && ((ssl = bio->ssl) == 0) ) |
ashleymills | 0:714293de3836 | 5476 | bio = bio->next; |
ashleymills | 0:714293de3836 | 5477 | |
ashleymills | 0:714293de3836 | 5478 | if (ssl == 0) return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 5479 | |
ashleymills | 0:714293de3836 | 5480 | ret = CyaSSL_write(ssl, data, len); |
ashleymills | 0:714293de3836 | 5481 | if (ret == 0) |
ashleymills | 0:714293de3836 | 5482 | front->eof = 1; |
ashleymills | 0:714293de3836 | 5483 | else if (ret < 0) { |
ashleymills | 0:714293de3836 | 5484 | int err = CyaSSL_get_error(ssl, 0); |
ashleymills | 0:714293de3836 | 5485 | if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) ) |
ashleymills | 0:714293de3836 | 5486 | front->eof = 1; |
ashleymills | 0:714293de3836 | 5487 | } |
ashleymills | 0:714293de3836 | 5488 | |
ashleymills | 0:714293de3836 | 5489 | return ret; |
ashleymills | 0:714293de3836 | 5490 | } |
ashleymills | 0:714293de3836 | 5491 | |
ashleymills | 0:714293de3836 | 5492 | |
ashleymills | 0:714293de3836 | 5493 | CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO* top, CYASSL_BIO* append) |
ashleymills | 0:714293de3836 | 5494 | { |
ashleymills | 0:714293de3836 | 5495 | CYASSL_ENTER("BIO_push"); |
ashleymills | 0:714293de3836 | 5496 | top->next = append; |
ashleymills | 0:714293de3836 | 5497 | append->prev = top; |
ashleymills | 0:714293de3836 | 5498 | |
ashleymills | 0:714293de3836 | 5499 | return top; |
ashleymills | 0:714293de3836 | 5500 | } |
ashleymills | 0:714293de3836 | 5501 | |
ashleymills | 0:714293de3836 | 5502 | |
ashleymills | 0:714293de3836 | 5503 | int CyaSSL_BIO_flush(CYASSL_BIO* bio) |
ashleymills | 0:714293de3836 | 5504 | { |
ashleymills | 0:714293de3836 | 5505 | /* for CyaSSL no flushing needed */ |
ashleymills | 0:714293de3836 | 5506 | CYASSL_ENTER("BIO_flush"); |
ashleymills | 0:714293de3836 | 5507 | (void)bio; |
ashleymills | 0:714293de3836 | 5508 | return 1; |
ashleymills | 0:714293de3836 | 5509 | } |
ashleymills | 0:714293de3836 | 5510 | |
ashleymills | 0:714293de3836 | 5511 | |
ashleymills | 0:714293de3836 | 5512 | #endif /* OPENSSL_EXTRA || GOAHEAD_WS */ |
ashleymills | 0:714293de3836 | 5513 | |
ashleymills | 0:714293de3836 | 5514 | |
ashleymills | 0:714293de3836 | 5515 | #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) |
ashleymills | 0:714293de3836 | 5516 | |
ashleymills | 0:714293de3836 | 5517 | void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 5518 | void* userdata) |
ashleymills | 0:714293de3836 | 5519 | { |
ashleymills | 0:714293de3836 | 5520 | CYASSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata"); |
ashleymills | 0:714293de3836 | 5521 | ctx->userdata = userdata; |
ashleymills | 0:714293de3836 | 5522 | } |
ashleymills | 0:714293de3836 | 5523 | |
ashleymills | 0:714293de3836 | 5524 | |
ashleymills | 0:714293de3836 | 5525 | void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX* ctx, pem_password_cb cb) |
ashleymills | 0:714293de3836 | 5526 | { |
ashleymills | 0:714293de3836 | 5527 | CYASSL_ENTER("SSL_CTX_set_default_passwd_cb"); |
ashleymills | 0:714293de3836 | 5528 | ctx->passwd_cb = cb; |
ashleymills | 0:714293de3836 | 5529 | } |
ashleymills | 0:714293de3836 | 5530 | |
ashleymills | 0:714293de3836 | 5531 | int CyaSSL_num_locks(void) |
ashleymills | 0:714293de3836 | 5532 | { |
ashleymills | 0:714293de3836 | 5533 | return 0; |
ashleymills | 0:714293de3836 | 5534 | } |
ashleymills | 0:714293de3836 | 5535 | |
ashleymills | 0:714293de3836 | 5536 | void CyaSSL_set_locking_callback(void (*f)(int, int, const char*, int)) |
ashleymills | 0:714293de3836 | 5537 | { |
ashleymills | 0:714293de3836 | 5538 | (void)f; |
ashleymills | 0:714293de3836 | 5539 | } |
ashleymills | 0:714293de3836 | 5540 | |
ashleymills | 0:714293de3836 | 5541 | void CyaSSL_set_id_callback(unsigned long (*f)(void)) |
ashleymills | 0:714293de3836 | 5542 | { |
ashleymills | 0:714293de3836 | 5543 | (void)f; |
ashleymills | 0:714293de3836 | 5544 | } |
ashleymills | 0:714293de3836 | 5545 | |
ashleymills | 0:714293de3836 | 5546 | unsigned long CyaSSL_ERR_get_error(void) |
ashleymills | 0:714293de3836 | 5547 | { |
ashleymills | 0:714293de3836 | 5548 | /* TODO: */ |
ashleymills | 0:714293de3836 | 5549 | return 0; |
ashleymills | 0:714293de3836 | 5550 | } |
ashleymills | 0:714293de3836 | 5551 | |
ashleymills | 0:714293de3836 | 5552 | int CyaSSL_EVP_BytesToKey(const CYASSL_EVP_CIPHER* type, |
ashleymills | 0:714293de3836 | 5553 | const CYASSL_EVP_MD* md, const byte* salt, |
ashleymills | 0:714293de3836 | 5554 | const byte* data, int sz, int count, byte* key, byte* iv) |
ashleymills | 0:714293de3836 | 5555 | { |
ashleymills | 0:714293de3836 | 5556 | int keyLen = 0; |
ashleymills | 0:714293de3836 | 5557 | int ivLen = 0; |
ashleymills | 0:714293de3836 | 5558 | |
ashleymills | 0:714293de3836 | 5559 | Md5 myMD; |
ashleymills | 0:714293de3836 | 5560 | byte digest[MD5_DIGEST_SIZE]; |
ashleymills | 0:714293de3836 | 5561 | |
ashleymills | 0:714293de3836 | 5562 | int j; |
ashleymills | 0:714293de3836 | 5563 | int keyLeft; |
ashleymills | 0:714293de3836 | 5564 | int ivLeft; |
ashleymills | 0:714293de3836 | 5565 | int keyOutput = 0; |
ashleymills | 0:714293de3836 | 5566 | |
ashleymills | 0:714293de3836 | 5567 | CYASSL_ENTER("EVP_BytesToKey"); |
ashleymills | 0:714293de3836 | 5568 | InitMd5(&myMD); |
ashleymills | 0:714293de3836 | 5569 | |
ashleymills | 0:714293de3836 | 5570 | /* only support MD5 for now */ |
ashleymills | 0:714293de3836 | 5571 | if (XSTRNCMP(md, "MD5", 3) != 0) return 0; |
ashleymills | 0:714293de3836 | 5572 | |
ashleymills | 0:714293de3836 | 5573 | /* only support CBC DES and AES for now */ |
ashleymills | 0:714293de3836 | 5574 | if (XSTRNCMP(type, "DES-CBC", 7) == 0) { |
ashleymills | 0:714293de3836 | 5575 | keyLen = DES_KEY_SIZE; |
ashleymills | 0:714293de3836 | 5576 | ivLen = DES_IV_SIZE; |
ashleymills | 0:714293de3836 | 5577 | } |
ashleymills | 0:714293de3836 | 5578 | else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) { |
ashleymills | 0:714293de3836 | 5579 | keyLen = DES3_KEY_SIZE; |
ashleymills | 0:714293de3836 | 5580 | ivLen = DES_IV_SIZE; |
ashleymills | 0:714293de3836 | 5581 | } |
ashleymills | 0:714293de3836 | 5582 | else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) { |
ashleymills | 0:714293de3836 | 5583 | keyLen = AES_128_KEY_SIZE; |
ashleymills | 0:714293de3836 | 5584 | ivLen = AES_IV_SIZE; |
ashleymills | 0:714293de3836 | 5585 | } |
ashleymills | 0:714293de3836 | 5586 | else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) { |
ashleymills | 0:714293de3836 | 5587 | keyLen = AES_192_KEY_SIZE; |
ashleymills | 0:714293de3836 | 5588 | ivLen = AES_IV_SIZE; |
ashleymills | 0:714293de3836 | 5589 | } |
ashleymills | 0:714293de3836 | 5590 | else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) { |
ashleymills | 0:714293de3836 | 5591 | keyLen = AES_256_KEY_SIZE; |
ashleymills | 0:714293de3836 | 5592 | ivLen = AES_IV_SIZE; |
ashleymills | 0:714293de3836 | 5593 | } |
ashleymills | 0:714293de3836 | 5594 | else |
ashleymills | 0:714293de3836 | 5595 | return 0; |
ashleymills | 0:714293de3836 | 5596 | |
ashleymills | 0:714293de3836 | 5597 | keyLeft = keyLen; |
ashleymills | 0:714293de3836 | 5598 | ivLeft = ivLen; |
ashleymills | 0:714293de3836 | 5599 | |
ashleymills | 0:714293de3836 | 5600 | while (keyOutput < (keyLen + ivLen)) { |
ashleymills | 0:714293de3836 | 5601 | int digestLeft = MD5_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 5602 | /* D_(i - 1) */ |
ashleymills | 0:714293de3836 | 5603 | if (keyOutput) /* first time D_0 is empty */ |
ashleymills | 0:714293de3836 | 5604 | Md5Update(&myMD, digest, MD5_DIGEST_SIZE); |
ashleymills | 0:714293de3836 | 5605 | /* data */ |
ashleymills | 0:714293de3836 | 5606 | Md5Update(&myMD, data, sz); |
ashleymills | 0:714293de3836 | 5607 | /* salt */ |
ashleymills | 0:714293de3836 | 5608 | if (salt) |
ashleymills | 0:714293de3836 | 5609 | Md5Update(&myMD, salt, EVP_SALT_SIZE); |
ashleymills | 0:714293de3836 | 5610 | Md5Final(&myMD, digest); |
ashleymills | 0:714293de3836 | 5611 | /* count */ |
ashleymills | 0:714293de3836 | 5612 | for (j = 1; j < count; j++) { |
ashleymills | 0:714293de3836 | 5613 | Md5Update(&myMD, digest, MD5_DIGEST_SIZE); |
ashleymills | 0:714293de3836 | 5614 | Md5Final(&myMD, digest); |
ashleymills | 0:714293de3836 | 5615 | } |
ashleymills | 0:714293de3836 | 5616 | |
ashleymills | 0:714293de3836 | 5617 | if (keyLeft) { |
ashleymills | 0:714293de3836 | 5618 | int store = min(keyLeft, MD5_DIGEST_SIZE); |
ashleymills | 0:714293de3836 | 5619 | XMEMCPY(&key[keyLen - keyLeft], digest, store); |
ashleymills | 0:714293de3836 | 5620 | |
ashleymills | 0:714293de3836 | 5621 | keyOutput += store; |
ashleymills | 0:714293de3836 | 5622 | keyLeft -= store; |
ashleymills | 0:714293de3836 | 5623 | digestLeft -= store; |
ashleymills | 0:714293de3836 | 5624 | } |
ashleymills | 0:714293de3836 | 5625 | |
ashleymills | 0:714293de3836 | 5626 | if (ivLeft && digestLeft) { |
ashleymills | 0:714293de3836 | 5627 | int store = min(ivLeft, digestLeft); |
ashleymills | 0:714293de3836 | 5628 | XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE - |
ashleymills | 0:714293de3836 | 5629 | digestLeft], store); |
ashleymills | 0:714293de3836 | 5630 | keyOutput += store; |
ashleymills | 0:714293de3836 | 5631 | ivLeft -= store; |
ashleymills | 0:714293de3836 | 5632 | } |
ashleymills | 0:714293de3836 | 5633 | } |
ashleymills | 0:714293de3836 | 5634 | if (keyOutput != (keyLen + ivLen)) |
ashleymills | 0:714293de3836 | 5635 | return 0; |
ashleymills | 0:714293de3836 | 5636 | return keyOutput; |
ashleymills | 0:714293de3836 | 5637 | } |
ashleymills | 0:714293de3836 | 5638 | |
ashleymills | 0:714293de3836 | 5639 | #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ |
ashleymills | 0:714293de3836 | 5640 | |
ashleymills | 0:714293de3836 | 5641 | |
ashleymills | 0:714293de3836 | 5642 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:714293de3836 | 5643 | |
ashleymills | 0:714293de3836 | 5644 | unsigned long CyaSSLeay(void) |
ashleymills | 0:714293de3836 | 5645 | { |
ashleymills | 0:714293de3836 | 5646 | return SSLEAY_VERSION_NUMBER; |
ashleymills | 0:714293de3836 | 5647 | } |
ashleymills | 0:714293de3836 | 5648 | |
ashleymills | 0:714293de3836 | 5649 | |
ashleymills | 0:714293de3836 | 5650 | const char* CyaSSLeay_version(int type) |
ashleymills | 0:714293de3836 | 5651 | { |
ashleymills | 0:714293de3836 | 5652 | static const char* version = "SSLeay CyaSSL compatibility"; |
ashleymills | 0:714293de3836 | 5653 | (void)type; |
ashleymills | 0:714293de3836 | 5654 | return version; |
ashleymills | 0:714293de3836 | 5655 | } |
ashleymills | 0:714293de3836 | 5656 | |
ashleymills | 0:714293de3836 | 5657 | |
ashleymills | 0:714293de3836 | 5658 | void CyaSSL_MD5_Init(CYASSL_MD5_CTX* md5) |
ashleymills | 0:714293de3836 | 5659 | { |
ashleymills | 0:714293de3836 | 5660 | typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1]; |
ashleymills | 0:714293de3836 | 5661 | (void)sizeof(md5_test); |
ashleymills | 0:714293de3836 | 5662 | |
ashleymills | 0:714293de3836 | 5663 | CYASSL_ENTER("MD5_Init"); |
ashleymills | 0:714293de3836 | 5664 | InitMd5((Md5*)md5); |
ashleymills | 0:714293de3836 | 5665 | } |
ashleymills | 0:714293de3836 | 5666 | |
ashleymills | 0:714293de3836 | 5667 | |
ashleymills | 0:714293de3836 | 5668 | void CyaSSL_MD5_Update(CYASSL_MD5_CTX* md5, const void* input, |
ashleymills | 0:714293de3836 | 5669 | unsigned long sz) |
ashleymills | 0:714293de3836 | 5670 | { |
ashleymills | 0:714293de3836 | 5671 | CYASSL_ENTER("CyaSSL_MD5_Update"); |
ashleymills | 0:714293de3836 | 5672 | Md5Update((Md5*)md5, (const byte*)input, (word32)sz); |
ashleymills | 0:714293de3836 | 5673 | } |
ashleymills | 0:714293de3836 | 5674 | |
ashleymills | 0:714293de3836 | 5675 | |
ashleymills | 0:714293de3836 | 5676 | void CyaSSL_MD5_Final(byte* input, CYASSL_MD5_CTX* md5) |
ashleymills | 0:714293de3836 | 5677 | { |
ashleymills | 0:714293de3836 | 5678 | CYASSL_ENTER("MD5_Final"); |
ashleymills | 0:714293de3836 | 5679 | Md5Final((Md5*)md5, input); |
ashleymills | 0:714293de3836 | 5680 | } |
ashleymills | 0:714293de3836 | 5681 | |
ashleymills | 0:714293de3836 | 5682 | |
ashleymills | 0:714293de3836 | 5683 | void CyaSSL_SHA_Init(CYASSL_SHA_CTX* sha) |
ashleymills | 0:714293de3836 | 5684 | { |
ashleymills | 0:714293de3836 | 5685 | typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1]; |
ashleymills | 0:714293de3836 | 5686 | (void)sizeof(sha_test); |
ashleymills | 0:714293de3836 | 5687 | |
ashleymills | 0:714293de3836 | 5688 | CYASSL_ENTER("SHA_Init"); |
ashleymills | 0:714293de3836 | 5689 | InitSha((Sha*)sha); |
ashleymills | 0:714293de3836 | 5690 | } |
ashleymills | 0:714293de3836 | 5691 | |
ashleymills | 0:714293de3836 | 5692 | |
ashleymills | 0:714293de3836 | 5693 | void CyaSSL_SHA_Update(CYASSL_SHA_CTX* sha, const void* input, |
ashleymills | 0:714293de3836 | 5694 | unsigned long sz) |
ashleymills | 0:714293de3836 | 5695 | { |
ashleymills | 0:714293de3836 | 5696 | CYASSL_ENTER("SHA_Update"); |
ashleymills | 0:714293de3836 | 5697 | ShaUpdate((Sha*)sha, (const byte*)input, (word32)sz); |
ashleymills | 0:714293de3836 | 5698 | } |
ashleymills | 0:714293de3836 | 5699 | |
ashleymills | 0:714293de3836 | 5700 | |
ashleymills | 0:714293de3836 | 5701 | void CyaSSL_SHA_Final(byte* input, CYASSL_SHA_CTX* sha) |
ashleymills | 0:714293de3836 | 5702 | { |
ashleymills | 0:714293de3836 | 5703 | CYASSL_ENTER("SHA_Final"); |
ashleymills | 0:714293de3836 | 5704 | ShaFinal((Sha*)sha, input); |
ashleymills | 0:714293de3836 | 5705 | } |
ashleymills | 0:714293de3836 | 5706 | |
ashleymills | 0:714293de3836 | 5707 | |
ashleymills | 0:714293de3836 | 5708 | void CyaSSL_SHA1_Init(CYASSL_SHA_CTX* sha) |
ashleymills | 0:714293de3836 | 5709 | { |
ashleymills | 0:714293de3836 | 5710 | CYASSL_ENTER("SHA1_Init"); |
ashleymills | 0:714293de3836 | 5711 | SHA_Init(sha); |
ashleymills | 0:714293de3836 | 5712 | } |
ashleymills | 0:714293de3836 | 5713 | |
ashleymills | 0:714293de3836 | 5714 | |
ashleymills | 0:714293de3836 | 5715 | void CyaSSL_SHA1_Update(CYASSL_SHA_CTX* sha, const void* input, |
ashleymills | 0:714293de3836 | 5716 | unsigned long sz) |
ashleymills | 0:714293de3836 | 5717 | { |
ashleymills | 0:714293de3836 | 5718 | CYASSL_ENTER("SHA1_Update"); |
ashleymills | 0:714293de3836 | 5719 | SHA_Update(sha, input, sz); |
ashleymills | 0:714293de3836 | 5720 | } |
ashleymills | 0:714293de3836 | 5721 | |
ashleymills | 0:714293de3836 | 5722 | |
ashleymills | 0:714293de3836 | 5723 | void CyaSSL_SHA1_Final(byte* input, CYASSL_SHA_CTX* sha) |
ashleymills | 0:714293de3836 | 5724 | { |
ashleymills | 0:714293de3836 | 5725 | CYASSL_ENTER("SHA1_Final"); |
ashleymills | 0:714293de3836 | 5726 | SHA_Final(input, sha); |
ashleymills | 0:714293de3836 | 5727 | } |
ashleymills | 0:714293de3836 | 5728 | |
ashleymills | 0:714293de3836 | 5729 | |
ashleymills | 0:714293de3836 | 5730 | void CyaSSL_SHA256_Init(CYASSL_SHA256_CTX* sha256) |
ashleymills | 0:714293de3836 | 5731 | { |
ashleymills | 0:714293de3836 | 5732 | typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1]; |
ashleymills | 0:714293de3836 | 5733 | (void)sizeof(sha_test); |
ashleymills | 0:714293de3836 | 5734 | |
ashleymills | 0:714293de3836 | 5735 | CYASSL_ENTER("SHA256_Init"); |
ashleymills | 0:714293de3836 | 5736 | InitSha256((Sha256*)sha256); |
ashleymills | 0:714293de3836 | 5737 | } |
ashleymills | 0:714293de3836 | 5738 | |
ashleymills | 0:714293de3836 | 5739 | |
ashleymills | 0:714293de3836 | 5740 | void CyaSSL_SHA256_Update(CYASSL_SHA256_CTX* sha, const void* input, |
ashleymills | 0:714293de3836 | 5741 | unsigned long sz) |
ashleymills | 0:714293de3836 | 5742 | { |
ashleymills | 0:714293de3836 | 5743 | CYASSL_ENTER("SHA256_Update"); |
ashleymills | 0:714293de3836 | 5744 | Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz); |
ashleymills | 0:714293de3836 | 5745 | } |
ashleymills | 0:714293de3836 | 5746 | |
ashleymills | 0:714293de3836 | 5747 | |
ashleymills | 0:714293de3836 | 5748 | void CyaSSL_SHA256_Final(byte* input, CYASSL_SHA256_CTX* sha) |
ashleymills | 0:714293de3836 | 5749 | { |
ashleymills | 0:714293de3836 | 5750 | CYASSL_ENTER("SHA256_Final"); |
ashleymills | 0:714293de3836 | 5751 | Sha256Final((Sha256*)sha, input); |
ashleymills | 0:714293de3836 | 5752 | } |
ashleymills | 0:714293de3836 | 5753 | |
ashleymills | 0:714293de3836 | 5754 | |
ashleymills | 0:714293de3836 | 5755 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 5756 | |
ashleymills | 0:714293de3836 | 5757 | void CyaSSL_SHA384_Init(CYASSL_SHA384_CTX* sha) |
ashleymills | 0:714293de3836 | 5758 | { |
ashleymills | 0:714293de3836 | 5759 | typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1]; |
ashleymills | 0:714293de3836 | 5760 | (void)sizeof(sha_test); |
ashleymills | 0:714293de3836 | 5761 | |
ashleymills | 0:714293de3836 | 5762 | CYASSL_ENTER("SHA384_Init"); |
ashleymills | 0:714293de3836 | 5763 | InitSha384((Sha384*)sha); |
ashleymills | 0:714293de3836 | 5764 | } |
ashleymills | 0:714293de3836 | 5765 | |
ashleymills | 0:714293de3836 | 5766 | |
ashleymills | 0:714293de3836 | 5767 | void CyaSSL_SHA384_Update(CYASSL_SHA384_CTX* sha, const void* input, |
ashleymills | 0:714293de3836 | 5768 | unsigned long sz) |
ashleymills | 0:714293de3836 | 5769 | { |
ashleymills | 0:714293de3836 | 5770 | CYASSL_ENTER("SHA384_Update"); |
ashleymills | 0:714293de3836 | 5771 | Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz); |
ashleymills | 0:714293de3836 | 5772 | } |
ashleymills | 0:714293de3836 | 5773 | |
ashleymills | 0:714293de3836 | 5774 | |
ashleymills | 0:714293de3836 | 5775 | void CyaSSL_SHA384_Final(byte* input, CYASSL_SHA384_CTX* sha) |
ashleymills | 0:714293de3836 | 5776 | { |
ashleymills | 0:714293de3836 | 5777 | CYASSL_ENTER("SHA384_Final"); |
ashleymills | 0:714293de3836 | 5778 | Sha384Final((Sha384*)sha, input); |
ashleymills | 0:714293de3836 | 5779 | } |
ashleymills | 0:714293de3836 | 5780 | |
ashleymills | 0:714293de3836 | 5781 | #endif /* CYASSL_SHA384 */ |
ashleymills | 0:714293de3836 | 5782 | |
ashleymills | 0:714293de3836 | 5783 | |
ashleymills | 0:714293de3836 | 5784 | #ifdef CYASSL_SHA512 |
ashleymills | 0:714293de3836 | 5785 | |
ashleymills | 0:714293de3836 | 5786 | void CyaSSL_SHA512_Init(CYASSL_SHA512_CTX* sha) |
ashleymills | 0:714293de3836 | 5787 | { |
ashleymills | 0:714293de3836 | 5788 | typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1]; |
ashleymills | 0:714293de3836 | 5789 | (void)sizeof(sha_test); |
ashleymills | 0:714293de3836 | 5790 | |
ashleymills | 0:714293de3836 | 5791 | CYASSL_ENTER("SHA512_Init"); |
ashleymills | 0:714293de3836 | 5792 | InitSha512((Sha512*)sha); |
ashleymills | 0:714293de3836 | 5793 | } |
ashleymills | 0:714293de3836 | 5794 | |
ashleymills | 0:714293de3836 | 5795 | |
ashleymills | 0:714293de3836 | 5796 | void CyaSSL_SHA512_Update(CYASSL_SHA512_CTX* sha, const void* input, |
ashleymills | 0:714293de3836 | 5797 | unsigned long sz) |
ashleymills | 0:714293de3836 | 5798 | { |
ashleymills | 0:714293de3836 | 5799 | CYASSL_ENTER("SHA512_Update"); |
ashleymills | 0:714293de3836 | 5800 | Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz); |
ashleymills | 0:714293de3836 | 5801 | } |
ashleymills | 0:714293de3836 | 5802 | |
ashleymills | 0:714293de3836 | 5803 | |
ashleymills | 0:714293de3836 | 5804 | void CyaSSL_SHA512_Final(byte* input, CYASSL_SHA512_CTX* sha) |
ashleymills | 0:714293de3836 | 5805 | { |
ashleymills | 0:714293de3836 | 5806 | CYASSL_ENTER("SHA512_Final"); |
ashleymills | 0:714293de3836 | 5807 | Sha512Final((Sha512*)sha, input); |
ashleymills | 0:714293de3836 | 5808 | } |
ashleymills | 0:714293de3836 | 5809 | |
ashleymills | 0:714293de3836 | 5810 | #endif /* CYASSL_SHA512 */ |
ashleymills | 0:714293de3836 | 5811 | |
ashleymills | 0:714293de3836 | 5812 | |
ashleymills | 0:714293de3836 | 5813 | const CYASSL_EVP_MD* CyaSSL_EVP_md5(void) |
ashleymills | 0:714293de3836 | 5814 | { |
ashleymills | 0:714293de3836 | 5815 | static const char* type = "MD5"; |
ashleymills | 0:714293de3836 | 5816 | CYASSL_ENTER("EVP_md5"); |
ashleymills | 0:714293de3836 | 5817 | return type; |
ashleymills | 0:714293de3836 | 5818 | } |
ashleymills | 0:714293de3836 | 5819 | |
ashleymills | 0:714293de3836 | 5820 | |
ashleymills | 0:714293de3836 | 5821 | const CYASSL_EVP_MD* CyaSSL_EVP_sha1(void) |
ashleymills | 0:714293de3836 | 5822 | { |
ashleymills | 0:714293de3836 | 5823 | static const char* type = "SHA"; |
ashleymills | 0:714293de3836 | 5824 | CYASSL_ENTER("EVP_sha1"); |
ashleymills | 0:714293de3836 | 5825 | return type; |
ashleymills | 0:714293de3836 | 5826 | } |
ashleymills | 0:714293de3836 | 5827 | |
ashleymills | 0:714293de3836 | 5828 | |
ashleymills | 0:714293de3836 | 5829 | const CYASSL_EVP_MD* CyaSSL_EVP_sha256(void) |
ashleymills | 0:714293de3836 | 5830 | { |
ashleymills | 0:714293de3836 | 5831 | static const char* type = "SHA256"; |
ashleymills | 0:714293de3836 | 5832 | CYASSL_ENTER("EVP_sha256"); |
ashleymills | 0:714293de3836 | 5833 | return type; |
ashleymills | 0:714293de3836 | 5834 | } |
ashleymills | 0:714293de3836 | 5835 | |
ashleymills | 0:714293de3836 | 5836 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 5837 | |
ashleymills | 0:714293de3836 | 5838 | const CYASSL_EVP_MD* CyaSSL_EVP_sha384(void) |
ashleymills | 0:714293de3836 | 5839 | { |
ashleymills | 0:714293de3836 | 5840 | static const char* type = "SHA384"; |
ashleymills | 0:714293de3836 | 5841 | CYASSL_ENTER("EVP_sha384"); |
ashleymills | 0:714293de3836 | 5842 | return type; |
ashleymills | 0:714293de3836 | 5843 | } |
ashleymills | 0:714293de3836 | 5844 | |
ashleymills | 0:714293de3836 | 5845 | #endif /* CYASSL_SHA384 */ |
ashleymills | 0:714293de3836 | 5846 | |
ashleymills | 0:714293de3836 | 5847 | #ifdef CYASSL_SHA512 |
ashleymills | 0:714293de3836 | 5848 | |
ashleymills | 0:714293de3836 | 5849 | const CYASSL_EVP_MD* CyaSSL_EVP_sha512(void) |
ashleymills | 0:714293de3836 | 5850 | { |
ashleymills | 0:714293de3836 | 5851 | static const char* type = "SHA512"; |
ashleymills | 0:714293de3836 | 5852 | CYASSL_ENTER("EVP_sha512"); |
ashleymills | 0:714293de3836 | 5853 | return type; |
ashleymills | 0:714293de3836 | 5854 | } |
ashleymills | 0:714293de3836 | 5855 | |
ashleymills | 0:714293de3836 | 5856 | #endif /* CYASSL_SHA512 */ |
ashleymills | 0:714293de3836 | 5857 | |
ashleymills | 0:714293de3836 | 5858 | |
ashleymills | 0:714293de3836 | 5859 | void CyaSSL_EVP_MD_CTX_init(CYASSL_EVP_MD_CTX* ctx) |
ashleymills | 0:714293de3836 | 5860 | { |
ashleymills | 0:714293de3836 | 5861 | CYASSL_ENTER("EVP_CIPHER_MD_CTX_init"); |
ashleymills | 0:714293de3836 | 5862 | (void)ctx; |
ashleymills | 0:714293de3836 | 5863 | /* do nothing */ |
ashleymills | 0:714293de3836 | 5864 | } |
ashleymills | 0:714293de3836 | 5865 | |
ashleymills | 0:714293de3836 | 5866 | |
ashleymills | 0:714293de3836 | 5867 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_cbc(void) |
ashleymills | 0:714293de3836 | 5868 | { |
ashleymills | 0:714293de3836 | 5869 | static const char* type = "AES128-CBC"; |
ashleymills | 0:714293de3836 | 5870 | CYASSL_ENTER("CyaSSL_EVP_aes_128_cbc"); |
ashleymills | 0:714293de3836 | 5871 | return type; |
ashleymills | 0:714293de3836 | 5872 | } |
ashleymills | 0:714293de3836 | 5873 | |
ashleymills | 0:714293de3836 | 5874 | |
ashleymills | 0:714293de3836 | 5875 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_cbc(void) |
ashleymills | 0:714293de3836 | 5876 | { |
ashleymills | 0:714293de3836 | 5877 | static const char* type = "AES192-CBC"; |
ashleymills | 0:714293de3836 | 5878 | CYASSL_ENTER("CyaSSL_EVP_aes_192_cbc"); |
ashleymills | 0:714293de3836 | 5879 | return type; |
ashleymills | 0:714293de3836 | 5880 | } |
ashleymills | 0:714293de3836 | 5881 | |
ashleymills | 0:714293de3836 | 5882 | |
ashleymills | 0:714293de3836 | 5883 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_cbc(void) |
ashleymills | 0:714293de3836 | 5884 | { |
ashleymills | 0:714293de3836 | 5885 | static const char* type = "AES256-CBC"; |
ashleymills | 0:714293de3836 | 5886 | CYASSL_ENTER("CyaSSL_EVP_aes_256_cbc"); |
ashleymills | 0:714293de3836 | 5887 | return type; |
ashleymills | 0:714293de3836 | 5888 | } |
ashleymills | 0:714293de3836 | 5889 | |
ashleymills | 0:714293de3836 | 5890 | |
ashleymills | 0:714293de3836 | 5891 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_ctr(void) |
ashleymills | 0:714293de3836 | 5892 | { |
ashleymills | 0:714293de3836 | 5893 | static const char* type = "AES128-CTR"; |
ashleymills | 0:714293de3836 | 5894 | CYASSL_ENTER("CyaSSL_EVP_aes_128_ctr"); |
ashleymills | 0:714293de3836 | 5895 | return type; |
ashleymills | 0:714293de3836 | 5896 | } |
ashleymills | 0:714293de3836 | 5897 | |
ashleymills | 0:714293de3836 | 5898 | |
ashleymills | 0:714293de3836 | 5899 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_ctr(void) |
ashleymills | 0:714293de3836 | 5900 | { |
ashleymills | 0:714293de3836 | 5901 | static const char* type = "AES192-CTR"; |
ashleymills | 0:714293de3836 | 5902 | CYASSL_ENTER("CyaSSL_EVP_aes_192_ctr"); |
ashleymills | 0:714293de3836 | 5903 | return type; |
ashleymills | 0:714293de3836 | 5904 | } |
ashleymills | 0:714293de3836 | 5905 | |
ashleymills | 0:714293de3836 | 5906 | |
ashleymills | 0:714293de3836 | 5907 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_ctr(void) |
ashleymills | 0:714293de3836 | 5908 | { |
ashleymills | 0:714293de3836 | 5909 | static const char* type = "AES256-CTR"; |
ashleymills | 0:714293de3836 | 5910 | CYASSL_ENTER("CyaSSL_EVP_aes_256_ctr"); |
ashleymills | 0:714293de3836 | 5911 | return type; |
ashleymills | 0:714293de3836 | 5912 | } |
ashleymills | 0:714293de3836 | 5913 | |
ashleymills | 0:714293de3836 | 5914 | |
ashleymills | 0:714293de3836 | 5915 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_cbc(void) |
ashleymills | 0:714293de3836 | 5916 | { |
ashleymills | 0:714293de3836 | 5917 | static const char* type = "DES-CBC"; |
ashleymills | 0:714293de3836 | 5918 | CYASSL_ENTER("CyaSSL_EVP_des_cbc"); |
ashleymills | 0:714293de3836 | 5919 | return type; |
ashleymills | 0:714293de3836 | 5920 | } |
ashleymills | 0:714293de3836 | 5921 | |
ashleymills | 0:714293de3836 | 5922 | |
ashleymills | 0:714293de3836 | 5923 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_ede3_cbc(void) |
ashleymills | 0:714293de3836 | 5924 | { |
ashleymills | 0:714293de3836 | 5925 | static const char* type = "DES-EDE3-CBC"; |
ashleymills | 0:714293de3836 | 5926 | CYASSL_ENTER("CyaSSL_EVP_des_ede3_cbc"); |
ashleymills | 0:714293de3836 | 5927 | return type; |
ashleymills | 0:714293de3836 | 5928 | } |
ashleymills | 0:714293de3836 | 5929 | |
ashleymills | 0:714293de3836 | 5930 | |
ashleymills | 0:714293de3836 | 5931 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_rc4(void) |
ashleymills | 0:714293de3836 | 5932 | { |
ashleymills | 0:714293de3836 | 5933 | static const char* type = "ARC4"; |
ashleymills | 0:714293de3836 | 5934 | CYASSL_ENTER("CyaSSL_EVP_rc4"); |
ashleymills | 0:714293de3836 | 5935 | return type; |
ashleymills | 0:714293de3836 | 5936 | } |
ashleymills | 0:714293de3836 | 5937 | |
ashleymills | 0:714293de3836 | 5938 | |
ashleymills | 0:714293de3836 | 5939 | const CYASSL_EVP_CIPHER* CyaSSL_EVP_enc_null(void) |
ashleymills | 0:714293de3836 | 5940 | { |
ashleymills | 0:714293de3836 | 5941 | static const char* type = "NULL"; |
ashleymills | 0:714293de3836 | 5942 | CYASSL_ENTER("CyaSSL_EVP_enc_null"); |
ashleymills | 0:714293de3836 | 5943 | return type; |
ashleymills | 0:714293de3836 | 5944 | } |
ashleymills | 0:714293de3836 | 5945 | |
ashleymills | 0:714293de3836 | 5946 | |
ashleymills | 0:714293de3836 | 5947 | int CyaSSL_EVP_MD_CTX_cleanup(CYASSL_EVP_MD_CTX* ctx) |
ashleymills | 0:714293de3836 | 5948 | { |
ashleymills | 0:714293de3836 | 5949 | CYASSL_ENTER("EVP_MD_CTX_cleanup"); |
ashleymills | 0:714293de3836 | 5950 | (void)ctx; |
ashleymills | 0:714293de3836 | 5951 | return 0; |
ashleymills | 0:714293de3836 | 5952 | } |
ashleymills | 0:714293de3836 | 5953 | |
ashleymills | 0:714293de3836 | 5954 | |
ashleymills | 0:714293de3836 | 5955 | |
ashleymills | 0:714293de3836 | 5956 | void CyaSSL_EVP_CIPHER_CTX_init(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:714293de3836 | 5957 | { |
ashleymills | 0:714293de3836 | 5958 | CYASSL_ENTER("EVP_CIPHER_CTX_init"); |
ashleymills | 0:714293de3836 | 5959 | if (ctx) { |
ashleymills | 0:714293de3836 | 5960 | ctx->cipherType = 0xff; /* no init */ |
ashleymills | 0:714293de3836 | 5961 | ctx->keyLen = 0; |
ashleymills | 0:714293de3836 | 5962 | ctx->enc = 1; /* start in encrypt mode */ |
ashleymills | 0:714293de3836 | 5963 | } |
ashleymills | 0:714293de3836 | 5964 | } |
ashleymills | 0:714293de3836 | 5965 | |
ashleymills | 0:714293de3836 | 5966 | |
ashleymills | 0:714293de3836 | 5967 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 5968 | int CyaSSL_EVP_CIPHER_CTX_cleanup(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:714293de3836 | 5969 | { |
ashleymills | 0:714293de3836 | 5970 | CYASSL_ENTER("EVP_CIPHER_CTX_cleanup"); |
ashleymills | 0:714293de3836 | 5971 | if (ctx) { |
ashleymills | 0:714293de3836 | 5972 | ctx->cipherType = 0xff; /* no more init */ |
ashleymills | 0:714293de3836 | 5973 | ctx->keyLen = 0; |
ashleymills | 0:714293de3836 | 5974 | } |
ashleymills | 0:714293de3836 | 5975 | |
ashleymills | 0:714293de3836 | 5976 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 5977 | } |
ashleymills | 0:714293de3836 | 5978 | |
ashleymills | 0:714293de3836 | 5979 | |
ashleymills | 0:714293de3836 | 5980 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 5981 | int CyaSSL_EVP_CipherInit(CYASSL_EVP_CIPHER_CTX* ctx, |
ashleymills | 0:714293de3836 | 5982 | const CYASSL_EVP_CIPHER* type, byte* key, |
ashleymills | 0:714293de3836 | 5983 | byte* iv, int enc) |
ashleymills | 0:714293de3836 | 5984 | { |
ashleymills | 0:714293de3836 | 5985 | CYASSL_ENTER("CyaSSL_EVP_CipherInit"); |
ashleymills | 0:714293de3836 | 5986 | if (ctx == NULL) { |
ashleymills | 0:714293de3836 | 5987 | CYASSL_MSG("no ctx"); |
ashleymills | 0:714293de3836 | 5988 | return 0; /* failure */ |
ashleymills | 0:714293de3836 | 5989 | } |
ashleymills | 0:714293de3836 | 5990 | |
ashleymills | 0:714293de3836 | 5991 | if (type == NULL && ctx->cipherType == 0xff) { |
ashleymills | 0:714293de3836 | 5992 | CYASSL_MSG("no type set"); |
ashleymills | 0:714293de3836 | 5993 | return 0; /* failure */ |
ashleymills | 0:714293de3836 | 5994 | } |
ashleymills | 0:714293de3836 | 5995 | |
ashleymills | 0:714293de3836 | 5996 | if (ctx->cipherType == AES_128_CBC_TYPE || (type && |
ashleymills | 0:714293de3836 | 5997 | XSTRNCMP(type, "AES128-CBC", 10) == 0)) { |
ashleymills | 0:714293de3836 | 5998 | CYASSL_MSG("AES-128-CBC"); |
ashleymills | 0:714293de3836 | 5999 | ctx->cipherType = AES_128_CBC_TYPE; |
ashleymills | 0:714293de3836 | 6000 | ctx->keyLen = 16; |
ashleymills | 0:714293de3836 | 6001 | if (enc == 0 || enc == 1) |
ashleymills | 0:714293de3836 | 6002 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:714293de3836 | 6003 | if (key) |
ashleymills | 0:714293de3836 | 6004 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:714293de3836 | 6005 | ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); |
ashleymills | 0:714293de3836 | 6006 | if (iv && key == NULL) |
ashleymills | 0:714293de3836 | 6007 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:714293de3836 | 6008 | } |
ashleymills | 0:714293de3836 | 6009 | else if (ctx->cipherType == AES_192_CBC_TYPE || (type && |
ashleymills | 0:714293de3836 | 6010 | XSTRNCMP(type, "AES192-CBC", 10) == 0)) { |
ashleymills | 0:714293de3836 | 6011 | CYASSL_MSG("AES-192-CBC"); |
ashleymills | 0:714293de3836 | 6012 | ctx->cipherType = AES_192_CBC_TYPE; |
ashleymills | 0:714293de3836 | 6013 | ctx->keyLen = 24; |
ashleymills | 0:714293de3836 | 6014 | if (enc == 0 || enc == 1) |
ashleymills | 0:714293de3836 | 6015 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:714293de3836 | 6016 | if (key) |
ashleymills | 0:714293de3836 | 6017 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:714293de3836 | 6018 | ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); |
ashleymills | 0:714293de3836 | 6019 | if (iv && key == NULL) |
ashleymills | 0:714293de3836 | 6020 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:714293de3836 | 6021 | } |
ashleymills | 0:714293de3836 | 6022 | else if (ctx->cipherType == AES_256_CBC_TYPE || (type && |
ashleymills | 0:714293de3836 | 6023 | XSTRNCMP(type, "AES256-CBC", 10) == 0)) { |
ashleymills | 0:714293de3836 | 6024 | CYASSL_MSG("AES-256-CBC"); |
ashleymills | 0:714293de3836 | 6025 | ctx->cipherType = AES_256_CBC_TYPE; |
ashleymills | 0:714293de3836 | 6026 | ctx->keyLen = 32; |
ashleymills | 0:714293de3836 | 6027 | if (enc == 0 || enc == 1) |
ashleymills | 0:714293de3836 | 6028 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:714293de3836 | 6029 | if (key) |
ashleymills | 0:714293de3836 | 6030 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:714293de3836 | 6031 | ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); |
ashleymills | 0:714293de3836 | 6032 | if (iv && key == NULL) |
ashleymills | 0:714293de3836 | 6033 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:714293de3836 | 6034 | } |
ashleymills | 0:714293de3836 | 6035 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:714293de3836 | 6036 | else if (ctx->cipherType == AES_128_CTR_TYPE || (type && |
ashleymills | 0:714293de3836 | 6037 | XSTRNCMP(type, "AES128-CTR", 10) == 0)) { |
ashleymills | 0:714293de3836 | 6038 | CYASSL_MSG("AES-128-CTR"); |
ashleymills | 0:714293de3836 | 6039 | ctx->cipherType = AES_128_CTR_TYPE; |
ashleymills | 0:714293de3836 | 6040 | ctx->keyLen = 16; |
ashleymills | 0:714293de3836 | 6041 | if (enc == 0 || enc == 1) |
ashleymills | 0:714293de3836 | 6042 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:714293de3836 | 6043 | if (key) |
ashleymills | 0:714293de3836 | 6044 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:714293de3836 | 6045 | AES_ENCRYPTION); |
ashleymills | 0:714293de3836 | 6046 | if (iv && key == NULL) |
ashleymills | 0:714293de3836 | 6047 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:714293de3836 | 6048 | } |
ashleymills | 0:714293de3836 | 6049 | else if (ctx->cipherType == AES_192_CTR_TYPE || (type && |
ashleymills | 0:714293de3836 | 6050 | XSTRNCMP(type, "AES192-CTR", 10) == 0)) { |
ashleymills | 0:714293de3836 | 6051 | CYASSL_MSG("AES-192-CTR"); |
ashleymills | 0:714293de3836 | 6052 | ctx->cipherType = AES_192_CTR_TYPE; |
ashleymills | 0:714293de3836 | 6053 | ctx->keyLen = 24; |
ashleymills | 0:714293de3836 | 6054 | if (enc == 0 || enc == 1) |
ashleymills | 0:714293de3836 | 6055 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:714293de3836 | 6056 | if (key) |
ashleymills | 0:714293de3836 | 6057 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:714293de3836 | 6058 | AES_ENCRYPTION); |
ashleymills | 0:714293de3836 | 6059 | if (iv && key == NULL) |
ashleymills | 0:714293de3836 | 6060 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:714293de3836 | 6061 | } |
ashleymills | 0:714293de3836 | 6062 | else if (ctx->cipherType == AES_256_CTR_TYPE || (type && |
ashleymills | 0:714293de3836 | 6063 | XSTRNCMP(type, "AES256-CTR", 10) == 0)) { |
ashleymills | 0:714293de3836 | 6064 | CYASSL_MSG("AES-256-CTR"); |
ashleymills | 0:714293de3836 | 6065 | ctx->cipherType = AES_256_CTR_TYPE; |
ashleymills | 0:714293de3836 | 6066 | ctx->keyLen = 32; |
ashleymills | 0:714293de3836 | 6067 | if (enc == 0 || enc == 1) |
ashleymills | 0:714293de3836 | 6068 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:714293de3836 | 6069 | if (key) |
ashleymills | 0:714293de3836 | 6070 | AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, |
ashleymills | 0:714293de3836 | 6071 | AES_ENCRYPTION); |
ashleymills | 0:714293de3836 | 6072 | if (iv && key == NULL) |
ashleymills | 0:714293de3836 | 6073 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:714293de3836 | 6074 | } |
ashleymills | 0:714293de3836 | 6075 | #endif /* CYASSL_AES_CTR */ |
ashleymills | 0:714293de3836 | 6076 | else if (ctx->cipherType == DES_CBC_TYPE || (type && |
ashleymills | 0:714293de3836 | 6077 | XSTRNCMP(type, "DES-CBC", 7) == 0)) { |
ashleymills | 0:714293de3836 | 6078 | CYASSL_MSG("DES-CBC"); |
ashleymills | 0:714293de3836 | 6079 | ctx->cipherType = DES_CBC_TYPE; |
ashleymills | 0:714293de3836 | 6080 | ctx->keyLen = 8; |
ashleymills | 0:714293de3836 | 6081 | if (enc == 0 || enc == 1) |
ashleymills | 0:714293de3836 | 6082 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:714293de3836 | 6083 | if (key) |
ashleymills | 0:714293de3836 | 6084 | Des_SetKey(&ctx->cipher.des, key, iv, |
ashleymills | 0:714293de3836 | 6085 | ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); |
ashleymills | 0:714293de3836 | 6086 | if (iv && key == NULL) |
ashleymills | 0:714293de3836 | 6087 | Des_SetIV(&ctx->cipher.des, iv); |
ashleymills | 0:714293de3836 | 6088 | } |
ashleymills | 0:714293de3836 | 6089 | else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type && |
ashleymills | 0:714293de3836 | 6090 | XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) { |
ashleymills | 0:714293de3836 | 6091 | CYASSL_MSG("DES-EDE3-CBC"); |
ashleymills | 0:714293de3836 | 6092 | ctx->cipherType = DES_EDE3_CBC_TYPE; |
ashleymills | 0:714293de3836 | 6093 | ctx->keyLen = 24; |
ashleymills | 0:714293de3836 | 6094 | if (enc == 0 || enc == 1) |
ashleymills | 0:714293de3836 | 6095 | ctx->enc = enc ? 1 : 0; |
ashleymills | 0:714293de3836 | 6096 | if (key) |
ashleymills | 0:714293de3836 | 6097 | Des3_SetKey(&ctx->cipher.des3, key, iv, |
ashleymills | 0:714293de3836 | 6098 | ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); |
ashleymills | 0:714293de3836 | 6099 | if (iv && key == NULL) |
ashleymills | 0:714293de3836 | 6100 | Des3_SetIV(&ctx->cipher.des3, iv); |
ashleymills | 0:714293de3836 | 6101 | } |
ashleymills | 0:714293de3836 | 6102 | else if (ctx->cipherType == ARC4_TYPE || (type && |
ashleymills | 0:714293de3836 | 6103 | XSTRNCMP(type, "ARC4", 4) == 0)) { |
ashleymills | 0:714293de3836 | 6104 | CYASSL_MSG("ARC4"); |
ashleymills | 0:714293de3836 | 6105 | ctx->cipherType = ARC4_TYPE; |
ashleymills | 0:714293de3836 | 6106 | if (ctx->keyLen == 0) /* user may have already set */ |
ashleymills | 0:714293de3836 | 6107 | ctx->keyLen = 16; /* default to 128 */ |
ashleymills | 0:714293de3836 | 6108 | if (key) |
ashleymills | 0:714293de3836 | 6109 | Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); |
ashleymills | 0:714293de3836 | 6110 | } |
ashleymills | 0:714293de3836 | 6111 | else if (ctx->cipherType == NULL_CIPHER_TYPE || (type && |
ashleymills | 0:714293de3836 | 6112 | XSTRNCMP(type, "NULL", 4) == 0)) { |
ashleymills | 0:714293de3836 | 6113 | CYASSL_MSG("NULL cipher"); |
ashleymills | 0:714293de3836 | 6114 | ctx->cipherType = NULL_CIPHER_TYPE; |
ashleymills | 0:714293de3836 | 6115 | ctx->keyLen = 0; |
ashleymills | 0:714293de3836 | 6116 | } |
ashleymills | 0:714293de3836 | 6117 | else |
ashleymills | 0:714293de3836 | 6118 | return 0; /* failure */ |
ashleymills | 0:714293de3836 | 6119 | |
ashleymills | 0:714293de3836 | 6120 | |
ashleymills | 0:714293de3836 | 6121 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6122 | } |
ashleymills | 0:714293de3836 | 6123 | |
ashleymills | 0:714293de3836 | 6124 | |
ashleymills | 0:714293de3836 | 6125 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 6126 | int CyaSSL_EVP_CIPHER_CTX_key_length(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:714293de3836 | 6127 | { |
ashleymills | 0:714293de3836 | 6128 | CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_key_length"); |
ashleymills | 0:714293de3836 | 6129 | if (ctx) |
ashleymills | 0:714293de3836 | 6130 | return ctx->keyLen; |
ashleymills | 0:714293de3836 | 6131 | |
ashleymills | 0:714293de3836 | 6132 | return 0; /* failure */ |
ashleymills | 0:714293de3836 | 6133 | } |
ashleymills | 0:714293de3836 | 6134 | |
ashleymills | 0:714293de3836 | 6135 | |
ashleymills | 0:714293de3836 | 6136 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 6137 | int CyaSSL_EVP_CIPHER_CTX_set_key_length(CYASSL_EVP_CIPHER_CTX* ctx, |
ashleymills | 0:714293de3836 | 6138 | int keylen) |
ashleymills | 0:714293de3836 | 6139 | { |
ashleymills | 0:714293de3836 | 6140 | CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_set_key_length"); |
ashleymills | 0:714293de3836 | 6141 | if (ctx) |
ashleymills | 0:714293de3836 | 6142 | ctx->keyLen = keylen; |
ashleymills | 0:714293de3836 | 6143 | else |
ashleymills | 0:714293de3836 | 6144 | return 0; /* failure */ |
ashleymills | 0:714293de3836 | 6145 | |
ashleymills | 0:714293de3836 | 6146 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6147 | } |
ashleymills | 0:714293de3836 | 6148 | |
ashleymills | 0:714293de3836 | 6149 | |
ashleymills | 0:714293de3836 | 6150 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 6151 | int CyaSSL_EVP_Cipher(CYASSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, |
ashleymills | 0:714293de3836 | 6152 | word32 len) |
ashleymills | 0:714293de3836 | 6153 | { |
ashleymills | 0:714293de3836 | 6154 | int ret = 0; |
ashleymills | 0:714293de3836 | 6155 | CYASSL_ENTER("CyaSSL_EVP_Cipher"); |
ashleymills | 0:714293de3836 | 6156 | |
ashleymills | 0:714293de3836 | 6157 | if (ctx == NULL || dst == NULL || src == NULL) { |
ashleymills | 0:714293de3836 | 6158 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:714293de3836 | 6159 | return 0; /* failure */ |
ashleymills | 0:714293de3836 | 6160 | } |
ashleymills | 0:714293de3836 | 6161 | |
ashleymills | 0:714293de3836 | 6162 | if (ctx->cipherType == 0xff) { |
ashleymills | 0:714293de3836 | 6163 | CYASSL_MSG("no init"); |
ashleymills | 0:714293de3836 | 6164 | return 0; /* failure */ |
ashleymills | 0:714293de3836 | 6165 | } |
ashleymills | 0:714293de3836 | 6166 | |
ashleymills | 0:714293de3836 | 6167 | switch (ctx->cipherType) { |
ashleymills | 0:714293de3836 | 6168 | |
ashleymills | 0:714293de3836 | 6169 | case AES_128_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6170 | case AES_192_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6171 | case AES_256_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6172 | CYASSL_MSG("AES CBC"); |
ashleymills | 0:714293de3836 | 6173 | if (ctx->enc) |
ashleymills | 0:714293de3836 | 6174 | ret = AesCbcEncrypt(&ctx->cipher.aes, dst, src, len); |
ashleymills | 0:714293de3836 | 6175 | else |
ashleymills | 0:714293de3836 | 6176 | ret = AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); |
ashleymills | 0:714293de3836 | 6177 | break; |
ashleymills | 0:714293de3836 | 6178 | |
ashleymills | 0:714293de3836 | 6179 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:714293de3836 | 6180 | case AES_128_CTR_TYPE : |
ashleymills | 0:714293de3836 | 6181 | case AES_192_CTR_TYPE : |
ashleymills | 0:714293de3836 | 6182 | case AES_256_CTR_TYPE : |
ashleymills | 0:714293de3836 | 6183 | CYASSL_MSG("AES CTR"); |
ashleymills | 0:714293de3836 | 6184 | AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); |
ashleymills | 0:714293de3836 | 6185 | break; |
ashleymills | 0:714293de3836 | 6186 | #endif |
ashleymills | 0:714293de3836 | 6187 | |
ashleymills | 0:714293de3836 | 6188 | case DES_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6189 | if (ctx->enc) |
ashleymills | 0:714293de3836 | 6190 | Des_CbcEncrypt(&ctx->cipher.des, dst, src, len); |
ashleymills | 0:714293de3836 | 6191 | else |
ashleymills | 0:714293de3836 | 6192 | Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); |
ashleymills | 0:714293de3836 | 6193 | break; |
ashleymills | 0:714293de3836 | 6194 | |
ashleymills | 0:714293de3836 | 6195 | case DES_EDE3_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6196 | if (ctx->enc) |
ashleymills | 0:714293de3836 | 6197 | Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); |
ashleymills | 0:714293de3836 | 6198 | else |
ashleymills | 0:714293de3836 | 6199 | Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); |
ashleymills | 0:714293de3836 | 6200 | break; |
ashleymills | 0:714293de3836 | 6201 | |
ashleymills | 0:714293de3836 | 6202 | case ARC4_TYPE : |
ashleymills | 0:714293de3836 | 6203 | Arc4Process(&ctx->cipher.arc4, dst, src, len); |
ashleymills | 0:714293de3836 | 6204 | break; |
ashleymills | 0:714293de3836 | 6205 | |
ashleymills | 0:714293de3836 | 6206 | case NULL_CIPHER_TYPE : |
ashleymills | 0:714293de3836 | 6207 | XMEMCPY(dst, src, len); |
ashleymills | 0:714293de3836 | 6208 | break; |
ashleymills | 0:714293de3836 | 6209 | |
ashleymills | 0:714293de3836 | 6210 | default: { |
ashleymills | 0:714293de3836 | 6211 | CYASSL_MSG("bad type"); |
ashleymills | 0:714293de3836 | 6212 | return 0; /* failure */ |
ashleymills | 0:714293de3836 | 6213 | } |
ashleymills | 0:714293de3836 | 6214 | } |
ashleymills | 0:714293de3836 | 6215 | |
ashleymills | 0:714293de3836 | 6216 | if (ret != 0) { |
ashleymills | 0:714293de3836 | 6217 | CYASSL_MSG("CyaSSL_EVP_Cipher failure"); |
ashleymills | 0:714293de3836 | 6218 | return 0; /* failuer */ |
ashleymills | 0:714293de3836 | 6219 | } |
ashleymills | 0:714293de3836 | 6220 | |
ashleymills | 0:714293de3836 | 6221 | CYASSL_MSG("CyaSSL_EVP_Cipher success"); |
ashleymills | 0:714293de3836 | 6222 | return SSL_SUCCESS; /* success */ |
ashleymills | 0:714293de3836 | 6223 | } |
ashleymills | 0:714293de3836 | 6224 | |
ashleymills | 0:714293de3836 | 6225 | |
ashleymills | 0:714293de3836 | 6226 | /* store for external read of iv, SSL_SUCCESS on success */ |
ashleymills | 0:714293de3836 | 6227 | int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:714293de3836 | 6228 | { |
ashleymills | 0:714293de3836 | 6229 | CYASSL_ENTER("CyaSSL_StoreExternalIV"); |
ashleymills | 0:714293de3836 | 6230 | |
ashleymills | 0:714293de3836 | 6231 | if (ctx == NULL) { |
ashleymills | 0:714293de3836 | 6232 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:714293de3836 | 6233 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 6234 | } |
ashleymills | 0:714293de3836 | 6235 | |
ashleymills | 0:714293de3836 | 6236 | switch (ctx->cipherType) { |
ashleymills | 0:714293de3836 | 6237 | |
ashleymills | 0:714293de3836 | 6238 | case AES_128_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6239 | case AES_192_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6240 | case AES_256_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6241 | CYASSL_MSG("AES CBC"); |
ashleymills | 0:714293de3836 | 6242 | memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 6243 | break; |
ashleymills | 0:714293de3836 | 6244 | |
ashleymills | 0:714293de3836 | 6245 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:714293de3836 | 6246 | case AES_128_CTR_TYPE : |
ashleymills | 0:714293de3836 | 6247 | case AES_192_CTR_TYPE : |
ashleymills | 0:714293de3836 | 6248 | case AES_256_CTR_TYPE : |
ashleymills | 0:714293de3836 | 6249 | CYASSL_MSG("AES CTR"); |
ashleymills | 0:714293de3836 | 6250 | memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 6251 | break; |
ashleymills | 0:714293de3836 | 6252 | #endif |
ashleymills | 0:714293de3836 | 6253 | |
ashleymills | 0:714293de3836 | 6254 | case DES_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6255 | CYASSL_MSG("DES CBC"); |
ashleymills | 0:714293de3836 | 6256 | memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 6257 | break; |
ashleymills | 0:714293de3836 | 6258 | |
ashleymills | 0:714293de3836 | 6259 | case DES_EDE3_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6260 | CYASSL_MSG("DES EDE3 CBC"); |
ashleymills | 0:714293de3836 | 6261 | memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 6262 | break; |
ashleymills | 0:714293de3836 | 6263 | |
ashleymills | 0:714293de3836 | 6264 | case ARC4_TYPE : |
ashleymills | 0:714293de3836 | 6265 | CYASSL_MSG("ARC4"); |
ashleymills | 0:714293de3836 | 6266 | break; |
ashleymills | 0:714293de3836 | 6267 | |
ashleymills | 0:714293de3836 | 6268 | case NULL_CIPHER_TYPE : |
ashleymills | 0:714293de3836 | 6269 | CYASSL_MSG("NULL"); |
ashleymills | 0:714293de3836 | 6270 | break; |
ashleymills | 0:714293de3836 | 6271 | |
ashleymills | 0:714293de3836 | 6272 | default: { |
ashleymills | 0:714293de3836 | 6273 | CYASSL_MSG("bad type"); |
ashleymills | 0:714293de3836 | 6274 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 6275 | } |
ashleymills | 0:714293de3836 | 6276 | } |
ashleymills | 0:714293de3836 | 6277 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6278 | } |
ashleymills | 0:714293de3836 | 6279 | |
ashleymills | 0:714293de3836 | 6280 | |
ashleymills | 0:714293de3836 | 6281 | /* set internal IV from external, SSL_SUCCESS on success */ |
ashleymills | 0:714293de3836 | 6282 | int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:714293de3836 | 6283 | { |
ashleymills | 0:714293de3836 | 6284 | |
ashleymills | 0:714293de3836 | 6285 | CYASSL_ENTER("CyaSSL_SetInternalIV"); |
ashleymills | 0:714293de3836 | 6286 | |
ashleymills | 0:714293de3836 | 6287 | if (ctx == NULL) { |
ashleymills | 0:714293de3836 | 6288 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:714293de3836 | 6289 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 6290 | } |
ashleymills | 0:714293de3836 | 6291 | |
ashleymills | 0:714293de3836 | 6292 | switch (ctx->cipherType) { |
ashleymills | 0:714293de3836 | 6293 | |
ashleymills | 0:714293de3836 | 6294 | case AES_128_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6295 | case AES_192_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6296 | case AES_256_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6297 | CYASSL_MSG("AES CBC"); |
ashleymills | 0:714293de3836 | 6298 | memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 6299 | break; |
ashleymills | 0:714293de3836 | 6300 | |
ashleymills | 0:714293de3836 | 6301 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:714293de3836 | 6302 | case AES_128_CTR_TYPE : |
ashleymills | 0:714293de3836 | 6303 | case AES_192_CTR_TYPE : |
ashleymills | 0:714293de3836 | 6304 | case AES_256_CTR_TYPE : |
ashleymills | 0:714293de3836 | 6305 | CYASSL_MSG("AES CTR"); |
ashleymills | 0:714293de3836 | 6306 | memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 6307 | break; |
ashleymills | 0:714293de3836 | 6308 | #endif |
ashleymills | 0:714293de3836 | 6309 | |
ashleymills | 0:714293de3836 | 6310 | case DES_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6311 | CYASSL_MSG("DES CBC"); |
ashleymills | 0:714293de3836 | 6312 | memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 6313 | break; |
ashleymills | 0:714293de3836 | 6314 | |
ashleymills | 0:714293de3836 | 6315 | case DES_EDE3_CBC_TYPE : |
ashleymills | 0:714293de3836 | 6316 | CYASSL_MSG("DES EDE3 CBC"); |
ashleymills | 0:714293de3836 | 6317 | memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 6318 | break; |
ashleymills | 0:714293de3836 | 6319 | |
ashleymills | 0:714293de3836 | 6320 | case ARC4_TYPE : |
ashleymills | 0:714293de3836 | 6321 | CYASSL_MSG("ARC4"); |
ashleymills | 0:714293de3836 | 6322 | break; |
ashleymills | 0:714293de3836 | 6323 | |
ashleymills | 0:714293de3836 | 6324 | case NULL_CIPHER_TYPE : |
ashleymills | 0:714293de3836 | 6325 | CYASSL_MSG("NULL"); |
ashleymills | 0:714293de3836 | 6326 | break; |
ashleymills | 0:714293de3836 | 6327 | |
ashleymills | 0:714293de3836 | 6328 | default: { |
ashleymills | 0:714293de3836 | 6329 | CYASSL_MSG("bad type"); |
ashleymills | 0:714293de3836 | 6330 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 6331 | } |
ashleymills | 0:714293de3836 | 6332 | } |
ashleymills | 0:714293de3836 | 6333 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6334 | } |
ashleymills | 0:714293de3836 | 6335 | |
ashleymills | 0:714293de3836 | 6336 | |
ashleymills | 0:714293de3836 | 6337 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 6338 | int CyaSSL_EVP_DigestInit(CYASSL_EVP_MD_CTX* ctx, const CYASSL_EVP_MD* type) |
ashleymills | 0:714293de3836 | 6339 | { |
ashleymills | 0:714293de3836 | 6340 | CYASSL_ENTER("EVP_DigestInit"); |
ashleymills | 0:714293de3836 | 6341 | if (XSTRNCMP(type, "MD5", 3) == 0) { |
ashleymills | 0:714293de3836 | 6342 | ctx->macType = MD5; |
ashleymills | 0:714293de3836 | 6343 | CyaSSL_MD5_Init((MD5_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6344 | } |
ashleymills | 0:714293de3836 | 6345 | else if (XSTRNCMP(type, "SHA256", 6) == 0) { |
ashleymills | 0:714293de3836 | 6346 | ctx->macType = SHA256; |
ashleymills | 0:714293de3836 | 6347 | CyaSSL_SHA256_Init((SHA256_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6348 | } |
ashleymills | 0:714293de3836 | 6349 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 6350 | else if (XSTRNCMP(type, "SHA384", 6) == 0) { |
ashleymills | 0:714293de3836 | 6351 | ctx->macType = SHA384; |
ashleymills | 0:714293de3836 | 6352 | CyaSSL_SHA384_Init((SHA384_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6353 | } |
ashleymills | 0:714293de3836 | 6354 | #endif |
ashleymills | 0:714293de3836 | 6355 | #ifdef CYASSL_SHA512 |
ashleymills | 0:714293de3836 | 6356 | else if (XSTRNCMP(type, "SHA512", 6) == 0) { |
ashleymills | 0:714293de3836 | 6357 | ctx->macType = SHA512; |
ashleymills | 0:714293de3836 | 6358 | CyaSSL_SHA512_Init((SHA512_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6359 | } |
ashleymills | 0:714293de3836 | 6360 | #endif |
ashleymills | 0:714293de3836 | 6361 | /* has to be last since would pick or 256, 384, or 512 too */ |
ashleymills | 0:714293de3836 | 6362 | else if (XSTRNCMP(type, "SHA", 3) == 0) { |
ashleymills | 0:714293de3836 | 6363 | ctx->macType = SHA; |
ashleymills | 0:714293de3836 | 6364 | CyaSSL_SHA_Init((SHA_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6365 | } |
ashleymills | 0:714293de3836 | 6366 | else |
ashleymills | 0:714293de3836 | 6367 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 6368 | |
ashleymills | 0:714293de3836 | 6369 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6370 | } |
ashleymills | 0:714293de3836 | 6371 | |
ashleymills | 0:714293de3836 | 6372 | |
ashleymills | 0:714293de3836 | 6373 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 6374 | int CyaSSL_EVP_DigestUpdate(CYASSL_EVP_MD_CTX* ctx, const void* data, |
ashleymills | 0:714293de3836 | 6375 | unsigned long sz) |
ashleymills | 0:714293de3836 | 6376 | { |
ashleymills | 0:714293de3836 | 6377 | CYASSL_ENTER("EVP_DigestUpdate"); |
ashleymills | 0:714293de3836 | 6378 | if (ctx->macType == MD5) |
ashleymills | 0:714293de3836 | 6379 | CyaSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz); |
ashleymills | 0:714293de3836 | 6380 | else if (ctx->macType == SHA) |
ashleymills | 0:714293de3836 | 6381 | CyaSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz); |
ashleymills | 0:714293de3836 | 6382 | else if (ctx->macType == SHA256) |
ashleymills | 0:714293de3836 | 6383 | CyaSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, |
ashleymills | 0:714293de3836 | 6384 | (unsigned long)sz); |
ashleymills | 0:714293de3836 | 6385 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 6386 | else if (ctx->macType == SHA384) |
ashleymills | 0:714293de3836 | 6387 | CyaSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, |
ashleymills | 0:714293de3836 | 6388 | (unsigned long)sz); |
ashleymills | 0:714293de3836 | 6389 | #endif |
ashleymills | 0:714293de3836 | 6390 | #ifdef CYASSL_SHA512 |
ashleymills | 0:714293de3836 | 6391 | else if (ctx->macType == SHA512) |
ashleymills | 0:714293de3836 | 6392 | CyaSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, |
ashleymills | 0:714293de3836 | 6393 | (unsigned long)sz); |
ashleymills | 0:714293de3836 | 6394 | #endif |
ashleymills | 0:714293de3836 | 6395 | else |
ashleymills | 0:714293de3836 | 6396 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 6397 | |
ashleymills | 0:714293de3836 | 6398 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6399 | } |
ashleymills | 0:714293de3836 | 6400 | |
ashleymills | 0:714293de3836 | 6401 | |
ashleymills | 0:714293de3836 | 6402 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 6403 | int CyaSSL_EVP_DigestFinal(CYASSL_EVP_MD_CTX* ctx, unsigned char* md, |
ashleymills | 0:714293de3836 | 6404 | unsigned int* s) |
ashleymills | 0:714293de3836 | 6405 | { |
ashleymills | 0:714293de3836 | 6406 | CYASSL_ENTER("EVP_DigestFinal"); |
ashleymills | 0:714293de3836 | 6407 | if (ctx->macType == MD5) { |
ashleymills | 0:714293de3836 | 6408 | CyaSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6409 | if (s) *s = MD5_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 6410 | } |
ashleymills | 0:714293de3836 | 6411 | else if (ctx->macType == SHA) { |
ashleymills | 0:714293de3836 | 6412 | CyaSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6413 | if (s) *s = SHA_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 6414 | } |
ashleymills | 0:714293de3836 | 6415 | else if (ctx->macType == SHA256) { |
ashleymills | 0:714293de3836 | 6416 | CyaSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6417 | if (s) *s = SHA256_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 6418 | } |
ashleymills | 0:714293de3836 | 6419 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 6420 | else if (ctx->macType == SHA384) { |
ashleymills | 0:714293de3836 | 6421 | CyaSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6422 | if (s) *s = SHA384_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 6423 | } |
ashleymills | 0:714293de3836 | 6424 | #endif |
ashleymills | 0:714293de3836 | 6425 | #ifdef CYASSL_SHA512 |
ashleymills | 0:714293de3836 | 6426 | else if (ctx->macType == SHA512) { |
ashleymills | 0:714293de3836 | 6427 | CyaSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); |
ashleymills | 0:714293de3836 | 6428 | if (s) *s = SHA512_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 6429 | } |
ashleymills | 0:714293de3836 | 6430 | #endif |
ashleymills | 0:714293de3836 | 6431 | else |
ashleymills | 0:714293de3836 | 6432 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 6433 | |
ashleymills | 0:714293de3836 | 6434 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6435 | } |
ashleymills | 0:714293de3836 | 6436 | |
ashleymills | 0:714293de3836 | 6437 | |
ashleymills | 0:714293de3836 | 6438 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 6439 | int CyaSSL_EVP_DigestFinal_ex(CYASSL_EVP_MD_CTX* ctx, unsigned char* md, |
ashleymills | 0:714293de3836 | 6440 | unsigned int* s) |
ashleymills | 0:714293de3836 | 6441 | { |
ashleymills | 0:714293de3836 | 6442 | CYASSL_ENTER("EVP_DigestFinal_ex"); |
ashleymills | 0:714293de3836 | 6443 | return EVP_DigestFinal(ctx, md, s); |
ashleymills | 0:714293de3836 | 6444 | } |
ashleymills | 0:714293de3836 | 6445 | |
ashleymills | 0:714293de3836 | 6446 | |
ashleymills | 0:714293de3836 | 6447 | unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md, const void* key, |
ashleymills | 0:714293de3836 | 6448 | int key_len, const unsigned char* d, int n, |
ashleymills | 0:714293de3836 | 6449 | unsigned char* md, unsigned int* md_len) |
ashleymills | 0:714293de3836 | 6450 | { |
ashleymills | 0:714293de3836 | 6451 | Hmac hmac; |
ashleymills | 0:714293de3836 | 6452 | |
ashleymills | 0:714293de3836 | 6453 | CYASSL_ENTER("HMAC"); |
ashleymills | 0:714293de3836 | 6454 | if (!md) return 0; /* no static buffer support */ |
ashleymills | 0:714293de3836 | 6455 | |
ashleymills | 0:714293de3836 | 6456 | if (XSTRNCMP(evp_md, "MD5", 3) == 0) { |
ashleymills | 0:714293de3836 | 6457 | HmacSetKey(&hmac, MD5, (const byte*)key, key_len); |
ashleymills | 0:714293de3836 | 6458 | if (md_len) *md_len = MD5_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 6459 | } |
ashleymills | 0:714293de3836 | 6460 | else if (XSTRNCMP(evp_md, "SHA", 3) == 0) { |
ashleymills | 0:714293de3836 | 6461 | HmacSetKey(&hmac, SHA, (const byte*)key, key_len); |
ashleymills | 0:714293de3836 | 6462 | if (md_len) *md_len = SHA_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 6463 | } |
ashleymills | 0:714293de3836 | 6464 | else |
ashleymills | 0:714293de3836 | 6465 | return 0; |
ashleymills | 0:714293de3836 | 6466 | |
ashleymills | 0:714293de3836 | 6467 | HmacUpdate(&hmac, d, n); |
ashleymills | 0:714293de3836 | 6468 | HmacFinal(&hmac, md); |
ashleymills | 0:714293de3836 | 6469 | |
ashleymills | 0:714293de3836 | 6470 | return md; |
ashleymills | 0:714293de3836 | 6471 | } |
ashleymills | 0:714293de3836 | 6472 | |
ashleymills | 0:714293de3836 | 6473 | void CyaSSL_ERR_clear_error(void) |
ashleymills | 0:714293de3836 | 6474 | { |
ashleymills | 0:714293de3836 | 6475 | /* TODO: */ |
ashleymills | 0:714293de3836 | 6476 | } |
ashleymills | 0:714293de3836 | 6477 | |
ashleymills | 0:714293de3836 | 6478 | |
ashleymills | 0:714293de3836 | 6479 | int CyaSSL_RAND_status(void) |
ashleymills | 0:714293de3836 | 6480 | { |
ashleymills | 0:714293de3836 | 6481 | return SSL_SUCCESS; /* CTaoCrypt provides enough seed internally */ |
ashleymills | 0:714293de3836 | 6482 | } |
ashleymills | 0:714293de3836 | 6483 | |
ashleymills | 0:714293de3836 | 6484 | |
ashleymills | 0:714293de3836 | 6485 | |
ashleymills | 0:714293de3836 | 6486 | void CyaSSL_RAND_add(const void* add, int len, double entropy) |
ashleymills | 0:714293de3836 | 6487 | { |
ashleymills | 0:714293de3836 | 6488 | (void)add; |
ashleymills | 0:714293de3836 | 6489 | (void)len; |
ashleymills | 0:714293de3836 | 6490 | (void)entropy; |
ashleymills | 0:714293de3836 | 6491 | |
ashleymills | 0:714293de3836 | 6492 | /* CyaSSL seeds/adds internally, use explicit RNG if you want |
ashleymills | 0:714293de3836 | 6493 | to take control */ |
ashleymills | 0:714293de3836 | 6494 | } |
ashleymills | 0:714293de3836 | 6495 | |
ashleymills | 0:714293de3836 | 6496 | |
ashleymills | 0:714293de3836 | 6497 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 6498 | int CyaSSL_DES_key_sched(CYASSL_const_DES_cblock* key, |
ashleymills | 0:714293de3836 | 6499 | CYASSL_DES_key_schedule* schedule) |
ashleymills | 0:714293de3836 | 6500 | { |
ashleymills | 0:714293de3836 | 6501 | CYASSL_ENTER("DES_key_sched"); |
ashleymills | 0:714293de3836 | 6502 | XMEMCPY(schedule, key, sizeof(const_DES_cblock)); |
ashleymills | 0:714293de3836 | 6503 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6504 | } |
ashleymills | 0:714293de3836 | 6505 | |
ashleymills | 0:714293de3836 | 6506 | |
ashleymills | 0:714293de3836 | 6507 | void CyaSSL_DES_cbc_encrypt(const unsigned char* input, |
ashleymills | 0:714293de3836 | 6508 | unsigned char* output, long length, |
ashleymills | 0:714293de3836 | 6509 | CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec, |
ashleymills | 0:714293de3836 | 6510 | int enc) |
ashleymills | 0:714293de3836 | 6511 | { |
ashleymills | 0:714293de3836 | 6512 | Des myDes; |
ashleymills | 0:714293de3836 | 6513 | CYASSL_ENTER("DES_cbc_encrypt"); |
ashleymills | 0:714293de3836 | 6514 | Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc); |
ashleymills | 0:714293de3836 | 6515 | |
ashleymills | 0:714293de3836 | 6516 | if (enc) |
ashleymills | 0:714293de3836 | 6517 | Des_CbcEncrypt(&myDes, output, input, (word32)length); |
ashleymills | 0:714293de3836 | 6518 | else |
ashleymills | 0:714293de3836 | 6519 | Des_CbcDecrypt(&myDes, output, input, (word32)length); |
ashleymills | 0:714293de3836 | 6520 | } |
ashleymills | 0:714293de3836 | 6521 | |
ashleymills | 0:714293de3836 | 6522 | |
ashleymills | 0:714293de3836 | 6523 | /* correctly sets ivec for next call */ |
ashleymills | 0:714293de3836 | 6524 | void CyaSSL_DES_ncbc_encrypt(const unsigned char* input, |
ashleymills | 0:714293de3836 | 6525 | unsigned char* output, long length, |
ashleymills | 0:714293de3836 | 6526 | CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec, |
ashleymills | 0:714293de3836 | 6527 | int enc) |
ashleymills | 0:714293de3836 | 6528 | { |
ashleymills | 0:714293de3836 | 6529 | Des myDes; |
ashleymills | 0:714293de3836 | 6530 | CYASSL_ENTER("DES_ncbc_encrypt"); |
ashleymills | 0:714293de3836 | 6531 | Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc); |
ashleymills | 0:714293de3836 | 6532 | |
ashleymills | 0:714293de3836 | 6533 | if (enc) |
ashleymills | 0:714293de3836 | 6534 | Des_CbcEncrypt(&myDes, output, input, (word32)length); |
ashleymills | 0:714293de3836 | 6535 | else |
ashleymills | 0:714293de3836 | 6536 | Des_CbcDecrypt(&myDes, output, input, (word32)length); |
ashleymills | 0:714293de3836 | 6537 | |
ashleymills | 0:714293de3836 | 6538 | XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock)); |
ashleymills | 0:714293de3836 | 6539 | } |
ashleymills | 0:714293de3836 | 6540 | |
ashleymills | 0:714293de3836 | 6541 | |
ashleymills | 0:714293de3836 | 6542 | void CyaSSL_ERR_free_strings(void) |
ashleymills | 0:714293de3836 | 6543 | { |
ashleymills | 0:714293de3836 | 6544 | /* handled internally */ |
ashleymills | 0:714293de3836 | 6545 | } |
ashleymills | 0:714293de3836 | 6546 | |
ashleymills | 0:714293de3836 | 6547 | |
ashleymills | 0:714293de3836 | 6548 | void CyaSSL_ERR_remove_state(unsigned long state) |
ashleymills | 0:714293de3836 | 6549 | { |
ashleymills | 0:714293de3836 | 6550 | /* TODO: GetErrors().Remove(); */ |
ashleymills | 0:714293de3836 | 6551 | (void)state; |
ashleymills | 0:714293de3836 | 6552 | } |
ashleymills | 0:714293de3836 | 6553 | |
ashleymills | 0:714293de3836 | 6554 | |
ashleymills | 0:714293de3836 | 6555 | void CyaSSL_EVP_cleanup(void) |
ashleymills | 0:714293de3836 | 6556 | { |
ashleymills | 0:714293de3836 | 6557 | /* nothing to do here */ |
ashleymills | 0:714293de3836 | 6558 | } |
ashleymills | 0:714293de3836 | 6559 | |
ashleymills | 0:714293de3836 | 6560 | |
ashleymills | 0:714293de3836 | 6561 | void CyaSSL_cleanup_all_ex_data(void) |
ashleymills | 0:714293de3836 | 6562 | { |
ashleymills | 0:714293de3836 | 6563 | /* nothing to do here */ |
ashleymills | 0:714293de3836 | 6564 | } |
ashleymills | 0:714293de3836 | 6565 | |
ashleymills | 0:714293de3836 | 6566 | |
ashleymills | 0:714293de3836 | 6567 | long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode) |
ashleymills | 0:714293de3836 | 6568 | { |
ashleymills | 0:714293de3836 | 6569 | /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is CyaSSL default mode */ |
ashleymills | 0:714293de3836 | 6570 | |
ashleymills | 0:714293de3836 | 6571 | CYASSL_ENTER("SSL_CTX_set_mode"); |
ashleymills | 0:714293de3836 | 6572 | if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE) |
ashleymills | 0:714293de3836 | 6573 | ctx->partialWrite = 1; |
ashleymills | 0:714293de3836 | 6574 | |
ashleymills | 0:714293de3836 | 6575 | return mode; |
ashleymills | 0:714293de3836 | 6576 | } |
ashleymills | 0:714293de3836 | 6577 | |
ashleymills | 0:714293de3836 | 6578 | |
ashleymills | 0:714293de3836 | 6579 | long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 6580 | { |
ashleymills | 0:714293de3836 | 6581 | /* TODO: */ |
ashleymills | 0:714293de3836 | 6582 | (void)ctx; |
ashleymills | 0:714293de3836 | 6583 | return 0; |
ashleymills | 0:714293de3836 | 6584 | } |
ashleymills | 0:714293de3836 | 6585 | |
ashleymills | 0:714293de3836 | 6586 | |
ashleymills | 0:714293de3836 | 6587 | void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m) |
ashleymills | 0:714293de3836 | 6588 | { |
ashleymills | 0:714293de3836 | 6589 | /* TODO: maybe? */ |
ashleymills | 0:714293de3836 | 6590 | (void)ctx; |
ashleymills | 0:714293de3836 | 6591 | (void)m; |
ashleymills | 0:714293de3836 | 6592 | } |
ashleymills | 0:714293de3836 | 6593 | |
ashleymills | 0:714293de3836 | 6594 | |
ashleymills | 0:714293de3836 | 6595 | int CyaSSL_CTX_set_session_id_context(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 6596 | const unsigned char* sid_ctx, |
ashleymills | 0:714293de3836 | 6597 | unsigned int sid_ctx_len) |
ashleymills | 0:714293de3836 | 6598 | { |
ashleymills | 0:714293de3836 | 6599 | /* No application specific context needed for cyaSSL */ |
ashleymills | 0:714293de3836 | 6600 | (void)ctx; |
ashleymills | 0:714293de3836 | 6601 | (void)sid_ctx; |
ashleymills | 0:714293de3836 | 6602 | (void)sid_ctx_len; |
ashleymills | 0:714293de3836 | 6603 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6604 | } |
ashleymills | 0:714293de3836 | 6605 | |
ashleymills | 0:714293de3836 | 6606 | |
ashleymills | 0:714293de3836 | 6607 | long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 6608 | { |
ashleymills | 0:714293de3836 | 6609 | /* TODO: maybe? */ |
ashleymills | 0:714293de3836 | 6610 | (void)ctx; |
ashleymills | 0:714293de3836 | 6611 | return (~0); |
ashleymills | 0:714293de3836 | 6612 | } |
ashleymills | 0:714293de3836 | 6613 | |
ashleymills | 0:714293de3836 | 6614 | unsigned long CyaSSL_ERR_get_error_line_data(const char** file, int* line, |
ashleymills | 0:714293de3836 | 6615 | const char** data, int *flags) |
ashleymills | 0:714293de3836 | 6616 | { |
ashleymills | 0:714293de3836 | 6617 | /* Not implemented */ |
ashleymills | 0:714293de3836 | 6618 | (void)file; |
ashleymills | 0:714293de3836 | 6619 | (void)line; |
ashleymills | 0:714293de3836 | 6620 | (void)data; |
ashleymills | 0:714293de3836 | 6621 | (void)flags; |
ashleymills | 0:714293de3836 | 6622 | return 0; |
ashleymills | 0:714293de3836 | 6623 | } |
ashleymills | 0:714293de3836 | 6624 | |
ashleymills | 0:714293de3836 | 6625 | #endif /* OPENSSL_EXTRA */ |
ashleymills | 0:714293de3836 | 6626 | |
ashleymills | 0:714293de3836 | 6627 | |
ashleymills | 0:714293de3836 | 6628 | #if defined(KEEP_PEER_CERT) |
ashleymills | 0:714293de3836 | 6629 | |
ashleymills | 0:714293de3836 | 6630 | CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 6631 | { |
ashleymills | 0:714293de3836 | 6632 | CYASSL_ENTER("SSL_get_peer_certificate"); |
ashleymills | 0:714293de3836 | 6633 | if (ssl->peerCert.issuer.sz) |
ashleymills | 0:714293de3836 | 6634 | return &ssl->peerCert; |
ashleymills | 0:714293de3836 | 6635 | else |
ashleymills | 0:714293de3836 | 6636 | return 0; |
ashleymills | 0:714293de3836 | 6637 | } |
ashleymills | 0:714293de3836 | 6638 | |
ashleymills | 0:714293de3836 | 6639 | #endif /* KEEP_PEER_CERT */ |
ashleymills | 0:714293de3836 | 6640 | |
ashleymills | 0:714293de3836 | 6641 | |
ashleymills | 0:714293de3836 | 6642 | #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) |
ashleymills | 0:714293de3836 | 6643 | |
ashleymills | 0:714293de3836 | 6644 | void CyaSSL_FreeX509(CYASSL_X509* x509) |
ashleymills | 0:714293de3836 | 6645 | { |
ashleymills | 0:714293de3836 | 6646 | CYASSL_ENTER("CyaSSL_FreeX509"); |
ashleymills | 0:714293de3836 | 6647 | FreeX509(x509); |
ashleymills | 0:714293de3836 | 6648 | } |
ashleymills | 0:714293de3836 | 6649 | |
ashleymills | 0:714293de3836 | 6650 | |
ashleymills | 0:714293de3836 | 6651 | /* return the next, if any, altname from the peer cert */ |
ashleymills | 0:714293de3836 | 6652 | char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert) |
ashleymills | 0:714293de3836 | 6653 | { |
ashleymills | 0:714293de3836 | 6654 | char* ret = NULL; |
ashleymills | 0:714293de3836 | 6655 | CYASSL_ENTER("CyaSSL_X509_get_next_altname"); |
ashleymills | 0:714293de3836 | 6656 | |
ashleymills | 0:714293de3836 | 6657 | /* don't have any to work with */ |
ashleymills | 0:714293de3836 | 6658 | if (cert == NULL || cert->altNames == NULL) |
ashleymills | 0:714293de3836 | 6659 | return NULL; |
ashleymills | 0:714293de3836 | 6660 | |
ashleymills | 0:714293de3836 | 6661 | /* already went through them */ |
ashleymills | 0:714293de3836 | 6662 | if (cert->altNamesNext == NULL) |
ashleymills | 0:714293de3836 | 6663 | return NULL; |
ashleymills | 0:714293de3836 | 6664 | |
ashleymills | 0:714293de3836 | 6665 | ret = cert->altNamesNext->name; |
ashleymills | 0:714293de3836 | 6666 | cert->altNamesNext = cert->altNamesNext->next; |
ashleymills | 0:714293de3836 | 6667 | |
ashleymills | 0:714293de3836 | 6668 | return ret; |
ashleymills | 0:714293de3836 | 6669 | } |
ashleymills | 0:714293de3836 | 6670 | |
ashleymills | 0:714293de3836 | 6671 | |
ashleymills | 0:714293de3836 | 6672 | CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert) |
ashleymills | 0:714293de3836 | 6673 | { |
ashleymills | 0:714293de3836 | 6674 | CYASSL_ENTER("X509_get_issuer_name"); |
ashleymills | 0:714293de3836 | 6675 | return &cert->issuer; |
ashleymills | 0:714293de3836 | 6676 | } |
ashleymills | 0:714293de3836 | 6677 | |
ashleymills | 0:714293de3836 | 6678 | |
ashleymills | 0:714293de3836 | 6679 | CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert) |
ashleymills | 0:714293de3836 | 6680 | { |
ashleymills | 0:714293de3836 | 6681 | CYASSL_ENTER("X509_get_subject_name"); |
ashleymills | 0:714293de3836 | 6682 | return &cert->subject; |
ashleymills | 0:714293de3836 | 6683 | } |
ashleymills | 0:714293de3836 | 6684 | |
ashleymills | 0:714293de3836 | 6685 | |
ashleymills | 0:714293de3836 | 6686 | /* copy name into in buffer, at most sz bytes, if buffer is null will |
ashleymills | 0:714293de3836 | 6687 | malloc buffer, call responsible for freeing */ |
ashleymills | 0:714293de3836 | 6688 | char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz) |
ashleymills | 0:714293de3836 | 6689 | { |
ashleymills | 0:714293de3836 | 6690 | int copySz = min(sz, name->sz); |
ashleymills | 0:714293de3836 | 6691 | |
ashleymills | 0:714293de3836 | 6692 | CYASSL_ENTER("CyaSSL_X509_NAME_oneline"); |
ashleymills | 0:714293de3836 | 6693 | if (!name->sz) return in; |
ashleymills | 0:714293de3836 | 6694 | |
ashleymills | 0:714293de3836 | 6695 | if (!in) { |
ashleymills | 0:714293de3836 | 6696 | in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL); |
ashleymills | 0:714293de3836 | 6697 | if (!in ) return in; |
ashleymills | 0:714293de3836 | 6698 | copySz = name->sz; |
ashleymills | 0:714293de3836 | 6699 | } |
ashleymills | 0:714293de3836 | 6700 | |
ashleymills | 0:714293de3836 | 6701 | if (copySz == 0) |
ashleymills | 0:714293de3836 | 6702 | return in; |
ashleymills | 0:714293de3836 | 6703 | |
ashleymills | 0:714293de3836 | 6704 | XMEMCPY(in, name->name, copySz - 1); |
ashleymills | 0:714293de3836 | 6705 | in[copySz - 1] = 0; |
ashleymills | 0:714293de3836 | 6706 | |
ashleymills | 0:714293de3836 | 6707 | return in; |
ashleymills | 0:714293de3836 | 6708 | } |
ashleymills | 0:714293de3836 | 6709 | |
ashleymills | 0:714293de3836 | 6710 | |
ashleymills | 0:714293de3836 | 6711 | /* write X509 serial number in unsigned binary to buffer |
ashleymills | 0:714293de3836 | 6712 | buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases |
ashleymills | 0:714293de3836 | 6713 | return SSL_SUCCESS on success */ |
ashleymills | 0:714293de3836 | 6714 | int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz) |
ashleymills | 0:714293de3836 | 6715 | { |
ashleymills | 0:714293de3836 | 6716 | CYASSL_ENTER("CyaSSL_X509_get_serial_number"); |
ashleymills | 0:714293de3836 | 6717 | if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz) |
ashleymills | 0:714293de3836 | 6718 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 6719 | |
ashleymills | 0:714293de3836 | 6720 | XMEMCPY(in, x509->serial, x509->serialSz); |
ashleymills | 0:714293de3836 | 6721 | *inOutSz = x509->serialSz; |
ashleymills | 0:714293de3836 | 6722 | |
ashleymills | 0:714293de3836 | 6723 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6724 | } |
ashleymills | 0:714293de3836 | 6725 | |
ashleymills | 0:714293de3836 | 6726 | |
ashleymills | 0:714293de3836 | 6727 | const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz) |
ashleymills | 0:714293de3836 | 6728 | { |
ashleymills | 0:714293de3836 | 6729 | CYASSL_ENTER("CyaSSL_X509_get_der"); |
ashleymills | 0:714293de3836 | 6730 | |
ashleymills | 0:714293de3836 | 6731 | if (x509 == NULL || outSz == NULL) |
ashleymills | 0:714293de3836 | 6732 | return NULL; |
ashleymills | 0:714293de3836 | 6733 | |
ashleymills | 0:714293de3836 | 6734 | *outSz = (int)x509->derCert.length; |
ashleymills | 0:714293de3836 | 6735 | return x509->derCert.buffer; |
ashleymills | 0:714293de3836 | 6736 | } |
ashleymills | 0:714293de3836 | 6737 | |
ashleymills | 0:714293de3836 | 6738 | #endif /* KEEP_PEER_CERT || SESSION_CERTS */ |
ashleymills | 0:714293de3836 | 6739 | |
ashleymills | 0:714293de3836 | 6740 | |
ashleymills | 0:714293de3836 | 6741 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:714293de3836 | 6742 | int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data) |
ashleymills | 0:714293de3836 | 6743 | { |
ashleymills | 0:714293de3836 | 6744 | #ifdef FORTRESS |
ashleymills | 0:714293de3836 | 6745 | if (ssl != NULL && idx < MAX_EX_DATA) |
ashleymills | 0:714293de3836 | 6746 | { |
ashleymills | 0:714293de3836 | 6747 | ssl->ex_data[idx] = data; |
ashleymills | 0:714293de3836 | 6748 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 6749 | } |
ashleymills | 0:714293de3836 | 6750 | #else |
ashleymills | 0:714293de3836 | 6751 | (void)ssl; |
ashleymills | 0:714293de3836 | 6752 | (void)idx; |
ashleymills | 0:714293de3836 | 6753 | (void)data; |
ashleymills | 0:714293de3836 | 6754 | #endif |
ashleymills | 0:714293de3836 | 6755 | return SSL_FAILURE; |
ashleymills | 0:714293de3836 | 6756 | } |
ashleymills | 0:714293de3836 | 6757 | |
ashleymills | 0:714293de3836 | 6758 | |
ashleymills | 0:714293de3836 | 6759 | int CyaSSL_set_session_id_context(CYASSL* ssl, const unsigned char* id, |
ashleymills | 0:714293de3836 | 6760 | unsigned int len) |
ashleymills | 0:714293de3836 | 6761 | { |
ashleymills | 0:714293de3836 | 6762 | (void)ssl; |
ashleymills | 0:714293de3836 | 6763 | (void)id; |
ashleymills | 0:714293de3836 | 6764 | (void)len; |
ashleymills | 0:714293de3836 | 6765 | return 0; |
ashleymills | 0:714293de3836 | 6766 | } |
ashleymills | 0:714293de3836 | 6767 | |
ashleymills | 0:714293de3836 | 6768 | |
ashleymills | 0:714293de3836 | 6769 | void CyaSSL_set_connect_state(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 6770 | { |
ashleymills | 0:714293de3836 | 6771 | (void)ssl; |
ashleymills | 0:714293de3836 | 6772 | /* client by default */ |
ashleymills | 0:714293de3836 | 6773 | } |
ashleymills | 0:714293de3836 | 6774 | #endif |
ashleymills | 0:714293de3836 | 6775 | |
ashleymills | 0:714293de3836 | 6776 | int CyaSSL_get_shutdown(const CYASSL* ssl) |
ashleymills | 0:714293de3836 | 6777 | { |
ashleymills | 0:714293de3836 | 6778 | return (ssl->options.isClosed || |
ashleymills | 0:714293de3836 | 6779 | ssl->options.connReset || |
ashleymills | 0:714293de3836 | 6780 | ssl->options.sentNotify); |
ashleymills | 0:714293de3836 | 6781 | } |
ashleymills | 0:714293de3836 | 6782 | |
ashleymills | 0:714293de3836 | 6783 | |
ashleymills | 0:714293de3836 | 6784 | int CyaSSL_session_reused(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 6785 | { |
ashleymills | 0:714293de3836 | 6786 | return ssl->options.resuming; |
ashleymills | 0:714293de3836 | 6787 | } |
ashleymills | 0:714293de3836 | 6788 | |
ashleymills | 0:714293de3836 | 6789 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:714293de3836 | 6790 | void CyaSSL_SESSION_free(CYASSL_SESSION* session) |
ashleymills | 0:714293de3836 | 6791 | { |
ashleymills | 0:714293de3836 | 6792 | (void)session; |
ashleymills | 0:714293de3836 | 6793 | } |
ashleymills | 0:714293de3836 | 6794 | #endif |
ashleymills | 0:714293de3836 | 6795 | |
ashleymills | 0:714293de3836 | 6796 | const char* CyaSSL_get_version(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 6797 | { |
ashleymills | 0:714293de3836 | 6798 | CYASSL_ENTER("SSL_get_version"); |
ashleymills | 0:714293de3836 | 6799 | if (ssl->version.major == SSLv3_MAJOR) { |
ashleymills | 0:714293de3836 | 6800 | switch (ssl->version.minor) { |
ashleymills | 0:714293de3836 | 6801 | case SSLv3_MINOR : |
ashleymills | 0:714293de3836 | 6802 | return "SSLv3"; |
ashleymills | 0:714293de3836 | 6803 | case TLSv1_MINOR : |
ashleymills | 0:714293de3836 | 6804 | return "TLSv1"; |
ashleymills | 0:714293de3836 | 6805 | case TLSv1_1_MINOR : |
ashleymills | 0:714293de3836 | 6806 | return "TLSv1.1"; |
ashleymills | 0:714293de3836 | 6807 | case TLSv1_2_MINOR : |
ashleymills | 0:714293de3836 | 6808 | return "TLSv1.2"; |
ashleymills | 0:714293de3836 | 6809 | default: |
ashleymills | 0:714293de3836 | 6810 | return "unknown"; |
ashleymills | 0:714293de3836 | 6811 | } |
ashleymills | 0:714293de3836 | 6812 | } |
ashleymills | 0:714293de3836 | 6813 | else if (ssl->version.major == DTLS_MAJOR) { |
ashleymills | 0:714293de3836 | 6814 | switch (ssl->version.minor) { |
ashleymills | 0:714293de3836 | 6815 | case DTLS_MINOR : |
ashleymills | 0:714293de3836 | 6816 | return "DTLS"; |
ashleymills | 0:714293de3836 | 6817 | case DTLSv1_2_MINOR : |
ashleymills | 0:714293de3836 | 6818 | return "DTLSv1.2"; |
ashleymills | 0:714293de3836 | 6819 | default: |
ashleymills | 0:714293de3836 | 6820 | return "unknown"; |
ashleymills | 0:714293de3836 | 6821 | } |
ashleymills | 0:714293de3836 | 6822 | } |
ashleymills | 0:714293de3836 | 6823 | return "unknown"; |
ashleymills | 0:714293de3836 | 6824 | } |
ashleymills | 0:714293de3836 | 6825 | |
ashleymills | 0:714293de3836 | 6826 | int CyaSSL_get_current_cipher_suite(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 6827 | { |
ashleymills | 0:714293de3836 | 6828 | CYASSL_ENTER("SSL_get_current_cipher_suite"); |
ashleymills | 0:714293de3836 | 6829 | if (ssl) |
ashleymills | 0:714293de3836 | 6830 | return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite; |
ashleymills | 0:714293de3836 | 6831 | return 0; |
ashleymills | 0:714293de3836 | 6832 | } |
ashleymills | 0:714293de3836 | 6833 | |
ashleymills | 0:714293de3836 | 6834 | CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 6835 | { |
ashleymills | 0:714293de3836 | 6836 | CYASSL_ENTER("SSL_get_current_cipher"); |
ashleymills | 0:714293de3836 | 6837 | if (ssl) |
ashleymills | 0:714293de3836 | 6838 | return &ssl->cipher; |
ashleymills | 0:714293de3836 | 6839 | else |
ashleymills | 0:714293de3836 | 6840 | return NULL; |
ashleymills | 0:714293de3836 | 6841 | } |
ashleymills | 0:714293de3836 | 6842 | |
ashleymills | 0:714293de3836 | 6843 | |
ashleymills | 0:714293de3836 | 6844 | const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher) |
ashleymills | 0:714293de3836 | 6845 | { |
ashleymills | 0:714293de3836 | 6846 | (void)cipher; |
ashleymills | 0:714293de3836 | 6847 | |
ashleymills | 0:714293de3836 | 6848 | CYASSL_ENTER("SSL_CIPHER_get_name"); |
ashleymills | 0:714293de3836 | 6849 | #ifndef NO_ERROR_STRINGS |
ashleymills | 0:714293de3836 | 6850 | if (cipher) { |
ashleymills | 0:714293de3836 | 6851 | #ifdef HAVE_ECC |
ashleymills | 0:714293de3836 | 6852 | if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) { |
ashleymills | 0:714293de3836 | 6853 | /* ECC suites */ |
ashleymills | 0:714293de3836 | 6854 | switch (cipher->ssl->options.cipherSuite) { |
ashleymills | 0:714293de3836 | 6855 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6856 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 6857 | return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 6858 | #endif |
ashleymills | 0:714293de3836 | 6859 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 6860 | return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 6861 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6862 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 6863 | return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 6864 | #endif |
ashleymills | 0:714293de3836 | 6865 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 6866 | return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 6867 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6868 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : |
ashleymills | 0:714293de3836 | 6869 | return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; |
ashleymills | 0:714293de3836 | 6870 | #endif |
ashleymills | 0:714293de3836 | 6871 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : |
ashleymills | 0:714293de3836 | 6872 | return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"; |
ashleymills | 0:714293de3836 | 6873 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6874 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : |
ashleymills | 0:714293de3836 | 6875 | return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"; |
ashleymills | 0:714293de3836 | 6876 | #endif |
ashleymills | 0:714293de3836 | 6877 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : |
ashleymills | 0:714293de3836 | 6878 | return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"; |
ashleymills | 0:714293de3836 | 6879 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 6880 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6881 | case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 6882 | return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6883 | case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 6884 | return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6885 | #endif |
ashleymills | 0:714293de3836 | 6886 | case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 6887 | return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6888 | case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 6889 | return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6890 | #ifndef NO_RC4 |
ashleymills | 0:714293de3836 | 6891 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6892 | case TLS_ECDHE_RSA_WITH_RC4_128_SHA : |
ashleymills | 0:714293de3836 | 6893 | return "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; |
ashleymills | 0:714293de3836 | 6894 | #endif |
ashleymills | 0:714293de3836 | 6895 | case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : |
ashleymills | 0:714293de3836 | 6896 | return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; |
ashleymills | 0:714293de3836 | 6897 | #endif |
ashleymills | 0:714293de3836 | 6898 | #ifndef NO_DES3 |
ashleymills | 0:714293de3836 | 6899 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6900 | case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:714293de3836 | 6901 | return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6902 | #endif |
ashleymills | 0:714293de3836 | 6903 | case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:714293de3836 | 6904 | return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6905 | #endif |
ashleymills | 0:714293de3836 | 6906 | |
ashleymills | 0:714293de3836 | 6907 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6908 | case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 6909 | return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6910 | case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 6911 | return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6912 | #endif |
ashleymills | 0:714293de3836 | 6913 | case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 6914 | return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6915 | case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 6916 | return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6917 | #ifndef NO_RC4 |
ashleymills | 0:714293de3836 | 6918 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6919 | case TLS_ECDH_RSA_WITH_RC4_128_SHA : |
ashleymills | 0:714293de3836 | 6920 | return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; |
ashleymills | 0:714293de3836 | 6921 | #endif |
ashleymills | 0:714293de3836 | 6922 | case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : |
ashleymills | 0:714293de3836 | 6923 | return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; |
ashleymills | 0:714293de3836 | 6924 | #endif |
ashleymills | 0:714293de3836 | 6925 | #ifndef NO_DES3 |
ashleymills | 0:714293de3836 | 6926 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6927 | case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:714293de3836 | 6928 | return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6929 | #endif |
ashleymills | 0:714293de3836 | 6930 | case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:714293de3836 | 6931 | return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6932 | #endif |
ashleymills | 0:714293de3836 | 6933 | #endif /* NO_SHA */ |
ashleymills | 0:714293de3836 | 6934 | |
ashleymills | 0:714293de3836 | 6935 | #ifdef HAVE_AESGCM |
ashleymills | 0:714293de3836 | 6936 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6937 | case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:714293de3836 | 6938 | return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:714293de3836 | 6939 | case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:714293de3836 | 6940 | return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:714293de3836 | 6941 | #endif |
ashleymills | 0:714293de3836 | 6942 | case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:714293de3836 | 6943 | return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:714293de3836 | 6944 | case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:714293de3836 | 6945 | return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:714293de3836 | 6946 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6947 | case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:714293de3836 | 6948 | return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:714293de3836 | 6949 | case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:714293de3836 | 6950 | return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:714293de3836 | 6951 | #endif |
ashleymills | 0:714293de3836 | 6952 | case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:714293de3836 | 6953 | return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:714293de3836 | 6954 | case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:714293de3836 | 6955 | return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:714293de3836 | 6956 | #endif |
ashleymills | 0:714293de3836 | 6957 | |
ashleymills | 0:714293de3836 | 6958 | #ifdef HAVE_AESCCM |
ashleymills | 0:714293de3836 | 6959 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6960 | case TLS_RSA_WITH_AES_128_CCM_8 : |
ashleymills | 0:714293de3836 | 6961 | return "TLS_RSA_WITH_AES_128_CCM_8"; |
ashleymills | 0:714293de3836 | 6962 | case TLS_RSA_WITH_AES_256_CCM_8 : |
ashleymills | 0:714293de3836 | 6963 | return "TLS_RSA_WITH_AES_256_CCM_8"; |
ashleymills | 0:714293de3836 | 6964 | #endif |
ashleymills | 0:714293de3836 | 6965 | case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: |
ashleymills | 0:714293de3836 | 6966 | return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; |
ashleymills | 0:714293de3836 | 6967 | case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : |
ashleymills | 0:714293de3836 | 6968 | return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; |
ashleymills | 0:714293de3836 | 6969 | #endif |
ashleymills | 0:714293de3836 | 6970 | |
ashleymills | 0:714293de3836 | 6971 | default: |
ashleymills | 0:714293de3836 | 6972 | return "NONE"; |
ashleymills | 0:714293de3836 | 6973 | } |
ashleymills | 0:714293de3836 | 6974 | } |
ashleymills | 0:714293de3836 | 6975 | #endif /* ECC */ |
ashleymills | 0:714293de3836 | 6976 | if (cipher->ssl->options.cipherSuite0 != ECC_BYTE) { |
ashleymills | 0:714293de3836 | 6977 | /* normal suites */ |
ashleymills | 0:714293de3836 | 6978 | switch (cipher->ssl->options.cipherSuite) { |
ashleymills | 0:714293de3836 | 6979 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 6980 | #ifndef NO_RC4 |
ashleymills | 0:714293de3836 | 6981 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 6982 | case SSL_RSA_WITH_RC4_128_SHA : |
ashleymills | 0:714293de3836 | 6983 | return "SSL_RSA_WITH_RC4_128_SHA"; |
ashleymills | 0:714293de3836 | 6984 | #endif |
ashleymills | 0:714293de3836 | 6985 | #ifndef NO_MD5 |
ashleymills | 0:714293de3836 | 6986 | case SSL_RSA_WITH_RC4_128_MD5 : |
ashleymills | 0:714293de3836 | 6987 | return "SSL_RSA_WITH_RC4_128_MD5"; |
ashleymills | 0:714293de3836 | 6988 | #endif |
ashleymills | 0:714293de3836 | 6989 | #endif |
ashleymills | 0:714293de3836 | 6990 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 6991 | #ifndef NO_DES3 |
ashleymills | 0:714293de3836 | 6992 | case SSL_RSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:714293de3836 | 6993 | return "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6994 | #endif |
ashleymills | 0:714293de3836 | 6995 | case TLS_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 6996 | return "TLS_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6997 | case TLS_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 6998 | return "TLS_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 6999 | #endif |
ashleymills | 0:714293de3836 | 7000 | case TLS_RSA_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 7001 | return "TLS_RSA_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 7002 | case TLS_RSA_WITH_AES_256_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 7003 | return "TLS_RSA_WITH_AES_256_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 7004 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 7005 | case TLS_RSA_WITH_NULL_SHA : |
ashleymills | 0:714293de3836 | 7006 | return "TLS_RSA_WITH_NULL_SHA"; |
ashleymills | 0:714293de3836 | 7007 | #endif |
ashleymills | 0:714293de3836 | 7008 | case TLS_RSA_WITH_NULL_SHA256 : |
ashleymills | 0:714293de3836 | 7009 | return "TLS_RSA_WITH_NULL_SHA256"; |
ashleymills | 0:714293de3836 | 7010 | #endif /* NO_RSA */ |
ashleymills | 0:714293de3836 | 7011 | #ifndef NO_PSK |
ashleymills | 0:714293de3836 | 7012 | case TLS_PSK_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 7013 | return "TLS_PSK_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 7014 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 7015 | case TLS_PSK_WITH_AES_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 7016 | return "TLS_PSK_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7017 | case TLS_PSK_WITH_AES_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 7018 | return "TLS_PSK_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7019 | #endif |
ashleymills | 0:714293de3836 | 7020 | #ifndef NO_SHA256 |
ashleymills | 0:714293de3836 | 7021 | #ifdef HAVE_AESCCM |
ashleymills | 0:714293de3836 | 7022 | case TLS_PSK_WITH_AES_128_CCM_8 : |
ashleymills | 0:714293de3836 | 7023 | return "TLS_PSK_WITH_AES_128_CCM_8"; |
ashleymills | 0:714293de3836 | 7024 | case TLS_PSK_WITH_AES_256_CCM_8 : |
ashleymills | 0:714293de3836 | 7025 | return "TLS_PSK_WITH_AES_256_CCM_8"; |
ashleymills | 0:714293de3836 | 7026 | #endif |
ashleymills | 0:714293de3836 | 7027 | case TLS_PSK_WITH_NULL_SHA256 : |
ashleymills | 0:714293de3836 | 7028 | return "TLS_PSK_WITH_NULL_SHA256"; |
ashleymills | 0:714293de3836 | 7029 | #endif |
ashleymills | 0:714293de3836 | 7030 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 7031 | case TLS_PSK_WITH_NULL_SHA : |
ashleymills | 0:714293de3836 | 7032 | return "TLS_PSK_WITH_NULL_SHA"; |
ashleymills | 0:714293de3836 | 7033 | #endif |
ashleymills | 0:714293de3836 | 7034 | #endif /* NO_PSK */ |
ashleymills | 0:714293de3836 | 7035 | #ifndef NO_RSA |
ashleymills | 0:714293de3836 | 7036 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 7037 | return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 7038 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 7039 | return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 7040 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 7041 | case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 7042 | return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7043 | case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 7044 | return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7045 | #endif |
ashleymills | 0:714293de3836 | 7046 | #ifndef NO_HC128 |
ashleymills | 0:714293de3836 | 7047 | #ifndef NO_MD5 |
ashleymills | 0:714293de3836 | 7048 | case TLS_RSA_WITH_HC_128_CBC_MD5 : |
ashleymills | 0:714293de3836 | 7049 | return "TLS_RSA_WITH_HC_128_CBC_MD5"; |
ashleymills | 0:714293de3836 | 7050 | #endif |
ashleymills | 0:714293de3836 | 7051 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 7052 | case TLS_RSA_WITH_HC_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 7053 | return "TLS_RSA_WITH_HC_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7054 | #endif |
ashleymills | 0:714293de3836 | 7055 | #endif /* NO_HC128 */ |
ashleymills | 0:714293de3836 | 7056 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 7057 | #ifndef NO_RABBIT |
ashleymills | 0:714293de3836 | 7058 | case TLS_RSA_WITH_RABBIT_CBC_SHA : |
ashleymills | 0:714293de3836 | 7059 | return "TLS_RSA_WITH_RABBIT_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7060 | #endif |
ashleymills | 0:714293de3836 | 7061 | #ifdef HAVE_NTRU |
ashleymills | 0:714293de3836 | 7062 | #ifndef NO_RC4 |
ashleymills | 0:714293de3836 | 7063 | case TLS_NTRU_RSA_WITH_RC4_128_SHA : |
ashleymills | 0:714293de3836 | 7064 | return "TLS_NTRU_RSA_WITH_RC4_128_SHA"; |
ashleymills | 0:714293de3836 | 7065 | #endif |
ashleymills | 0:714293de3836 | 7066 | #ifndef NO_DES3 |
ashleymills | 0:714293de3836 | 7067 | case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : |
ashleymills | 0:714293de3836 | 7068 | return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7069 | #endif |
ashleymills | 0:714293de3836 | 7070 | case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 7071 | return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7072 | case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 7073 | return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7074 | #endif /* HAVE_NTRU */ |
ashleymills | 0:714293de3836 | 7075 | #endif /* NO_SHA */ |
ashleymills | 0:714293de3836 | 7076 | case TLS_RSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:714293de3836 | 7077 | return "TLS_RSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:714293de3836 | 7078 | case TLS_RSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:714293de3836 | 7079 | return "TLS_RSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:714293de3836 | 7080 | case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : |
ashleymills | 0:714293de3836 | 7081 | return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; |
ashleymills | 0:714293de3836 | 7082 | case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : |
ashleymills | 0:714293de3836 | 7083 | return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; |
ashleymills | 0:714293de3836 | 7084 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 7085 | case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 7086 | return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7087 | case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 7088 | return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7089 | #endif |
ashleymills | 0:714293de3836 | 7090 | case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 7091 | return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 7092 | case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 7093 | return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 7094 | #ifndef NO_SHA |
ashleymills | 0:714293de3836 | 7095 | case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : |
ashleymills | 0:714293de3836 | 7096 | return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7097 | case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : |
ashleymills | 0:714293de3836 | 7098 | return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"; |
ashleymills | 0:714293de3836 | 7099 | #endif |
ashleymills | 0:714293de3836 | 7100 | case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 7101 | return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 7102 | case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : |
ashleymills | 0:714293de3836 | 7103 | return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"; |
ashleymills | 0:714293de3836 | 7104 | #endif /* NO_RSA */ |
ashleymills | 0:714293de3836 | 7105 | default: |
ashleymills | 0:714293de3836 | 7106 | return "NONE"; |
ashleymills | 0:714293de3836 | 7107 | } /* switch */ |
ashleymills | 0:714293de3836 | 7108 | } /* normal / ECC */ |
ashleymills | 0:714293de3836 | 7109 | } |
ashleymills | 0:714293de3836 | 7110 | #endif /* NO_ERROR_STRINGS */ |
ashleymills | 0:714293de3836 | 7111 | return "NONE"; |
ashleymills | 0:714293de3836 | 7112 | } |
ashleymills | 0:714293de3836 | 7113 | |
ashleymills | 0:714293de3836 | 7114 | |
ashleymills | 0:714293de3836 | 7115 | const char* CyaSSL_get_cipher(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 7116 | { |
ashleymills | 0:714293de3836 | 7117 | CYASSL_ENTER("CyaSSL_get_cipher"); |
ashleymills | 0:714293de3836 | 7118 | return CyaSSL_CIPHER_get_name(CyaSSL_get_current_cipher(ssl)); |
ashleymills | 0:714293de3836 | 7119 | } |
ashleymills | 0:714293de3836 | 7120 | |
ashleymills | 0:714293de3836 | 7121 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:714293de3836 | 7122 | |
ashleymills | 0:714293de3836 | 7123 | /* XXX shuld be NO_DH */ |
ashleymills | 0:714293de3836 | 7124 | #ifndef NO_CERTS |
ashleymills | 0:714293de3836 | 7125 | /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 7126 | int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz, |
ashleymills | 0:714293de3836 | 7127 | const unsigned char* g, int gSz) |
ashleymills | 0:714293de3836 | 7128 | { |
ashleymills | 0:714293de3836 | 7129 | CYASSL_ENTER("CyaSSL_CTX_SetTmpDH"); |
ashleymills | 0:714293de3836 | 7130 | if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 7131 | |
ashleymills | 0:714293de3836 | 7132 | XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 7133 | XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 7134 | |
ashleymills | 0:714293de3836 | 7135 | ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 7136 | if (ctx->serverDH_P.buffer == NULL) |
ashleymills | 0:714293de3836 | 7137 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 7138 | |
ashleymills | 0:714293de3836 | 7139 | ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 7140 | if (ctx->serverDH_G.buffer == NULL) { |
ashleymills | 0:714293de3836 | 7141 | XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 7142 | return MEMORY_E; |
ashleymills | 0:714293de3836 | 7143 | } |
ashleymills | 0:714293de3836 | 7144 | |
ashleymills | 0:714293de3836 | 7145 | ctx->serverDH_P.length = pSz; |
ashleymills | 0:714293de3836 | 7146 | ctx->serverDH_G.length = gSz; |
ashleymills | 0:714293de3836 | 7147 | |
ashleymills | 0:714293de3836 | 7148 | XMEMCPY(ctx->serverDH_P.buffer, p, pSz); |
ashleymills | 0:714293de3836 | 7149 | XMEMCPY(ctx->serverDH_G.buffer, g, gSz); |
ashleymills | 0:714293de3836 | 7150 | |
ashleymills | 0:714293de3836 | 7151 | ctx->haveDH = 1; |
ashleymills | 0:714293de3836 | 7152 | |
ashleymills | 0:714293de3836 | 7153 | CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0); |
ashleymills | 0:714293de3836 | 7154 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 7155 | } |
ashleymills | 0:714293de3836 | 7156 | #endif /* !NO_CERTS */ |
ashleymills | 0:714293de3836 | 7157 | |
ashleymills | 0:714293de3836 | 7158 | |
ashleymills | 0:714293de3836 | 7159 | char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len) |
ashleymills | 0:714293de3836 | 7160 | { |
ashleymills | 0:714293de3836 | 7161 | (void)cipher; |
ashleymills | 0:714293de3836 | 7162 | (void)in; |
ashleymills | 0:714293de3836 | 7163 | (void)len; |
ashleymills | 0:714293de3836 | 7164 | return 0; |
ashleymills | 0:714293de3836 | 7165 | } |
ashleymills | 0:714293de3836 | 7166 | |
ashleymills | 0:714293de3836 | 7167 | |
ashleymills | 0:714293de3836 | 7168 | CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl) /* what's ref count */ |
ashleymills | 0:714293de3836 | 7169 | { |
ashleymills | 0:714293de3836 | 7170 | (void)ssl; |
ashleymills | 0:714293de3836 | 7171 | return 0; |
ashleymills | 0:714293de3836 | 7172 | } |
ashleymills | 0:714293de3836 | 7173 | |
ashleymills | 0:714293de3836 | 7174 | |
ashleymills | 0:714293de3836 | 7175 | void CyaSSL_X509_free(CYASSL_X509* buf) |
ashleymills | 0:714293de3836 | 7176 | { |
ashleymills | 0:714293de3836 | 7177 | (void)buf; |
ashleymills | 0:714293de3836 | 7178 | } |
ashleymills | 0:714293de3836 | 7179 | |
ashleymills | 0:714293de3836 | 7180 | |
ashleymills | 0:714293de3836 | 7181 | /* was do nothing */ |
ashleymills | 0:714293de3836 | 7182 | /* |
ashleymills | 0:714293de3836 | 7183 | void OPENSSL_free(void* buf) |
ashleymills | 0:714293de3836 | 7184 | { |
ashleymills | 0:714293de3836 | 7185 | (void)buf; |
ashleymills | 0:714293de3836 | 7186 | } |
ashleymills | 0:714293de3836 | 7187 | */ |
ashleymills | 0:714293de3836 | 7188 | |
ashleymills | 0:714293de3836 | 7189 | |
ashleymills | 0:714293de3836 | 7190 | int CyaSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, |
ashleymills | 0:714293de3836 | 7191 | int* ssl) |
ashleymills | 0:714293de3836 | 7192 | { |
ashleymills | 0:714293de3836 | 7193 | (void)url; |
ashleymills | 0:714293de3836 | 7194 | (void)host; |
ashleymills | 0:714293de3836 | 7195 | (void)port; |
ashleymills | 0:714293de3836 | 7196 | (void)path; |
ashleymills | 0:714293de3836 | 7197 | (void)ssl; |
ashleymills | 0:714293de3836 | 7198 | return 0; |
ashleymills | 0:714293de3836 | 7199 | } |
ashleymills | 0:714293de3836 | 7200 | |
ashleymills | 0:714293de3836 | 7201 | |
ashleymills | 0:714293de3836 | 7202 | CYASSL_METHOD* CyaSSLv2_client_method(void) |
ashleymills | 0:714293de3836 | 7203 | { |
ashleymills | 0:714293de3836 | 7204 | return 0; |
ashleymills | 0:714293de3836 | 7205 | } |
ashleymills | 0:714293de3836 | 7206 | |
ashleymills | 0:714293de3836 | 7207 | |
ashleymills | 0:714293de3836 | 7208 | CYASSL_METHOD* CyaSSLv2_server_method(void) |
ashleymills | 0:714293de3836 | 7209 | { |
ashleymills | 0:714293de3836 | 7210 | return 0; |
ashleymills | 0:714293de3836 | 7211 | } |
ashleymills | 0:714293de3836 | 7212 | |
ashleymills | 0:714293de3836 | 7213 | |
ashleymills | 0:714293de3836 | 7214 | #ifndef NO_MD4 |
ashleymills | 0:714293de3836 | 7215 | |
ashleymills | 0:714293de3836 | 7216 | void CyaSSL_MD4_Init(CYASSL_MD4_CTX* md4) |
ashleymills | 0:714293de3836 | 7217 | { |
ashleymills | 0:714293de3836 | 7218 | /* make sure we have a big enough buffer */ |
ashleymills | 0:714293de3836 | 7219 | typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1]; |
ashleymills | 0:714293de3836 | 7220 | (void) sizeof(ok); |
ashleymills | 0:714293de3836 | 7221 | |
ashleymills | 0:714293de3836 | 7222 | CYASSL_ENTER("MD4_Init"); |
ashleymills | 0:714293de3836 | 7223 | InitMd4((Md4*)md4); |
ashleymills | 0:714293de3836 | 7224 | } |
ashleymills | 0:714293de3836 | 7225 | |
ashleymills | 0:714293de3836 | 7226 | |
ashleymills | 0:714293de3836 | 7227 | void CyaSSL_MD4_Update(CYASSL_MD4_CTX* md4, const void* data, |
ashleymills | 0:714293de3836 | 7228 | unsigned long len) |
ashleymills | 0:714293de3836 | 7229 | { |
ashleymills | 0:714293de3836 | 7230 | CYASSL_ENTER("MD4_Update"); |
ashleymills | 0:714293de3836 | 7231 | Md4Update((Md4*)md4, (const byte*)data, (word32)len); |
ashleymills | 0:714293de3836 | 7232 | } |
ashleymills | 0:714293de3836 | 7233 | |
ashleymills | 0:714293de3836 | 7234 | |
ashleymills | 0:714293de3836 | 7235 | void CyaSSL_MD4_Final(unsigned char* digest, CYASSL_MD4_CTX* md4) |
ashleymills | 0:714293de3836 | 7236 | { |
ashleymills | 0:714293de3836 | 7237 | CYASSL_ENTER("MD4_Final"); |
ashleymills | 0:714293de3836 | 7238 | Md4Final((Md4*)md4, digest); |
ashleymills | 0:714293de3836 | 7239 | } |
ashleymills | 0:714293de3836 | 7240 | |
ashleymills | 0:714293de3836 | 7241 | #endif /* NO_MD4 */ |
ashleymills | 0:714293de3836 | 7242 | |
ashleymills | 0:714293de3836 | 7243 | |
ashleymills | 0:714293de3836 | 7244 | CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO* top) |
ashleymills | 0:714293de3836 | 7245 | { |
ashleymills | 0:714293de3836 | 7246 | (void)top; |
ashleymills | 0:714293de3836 | 7247 | return 0; |
ashleymills | 0:714293de3836 | 7248 | } |
ashleymills | 0:714293de3836 | 7249 | |
ashleymills | 0:714293de3836 | 7250 | |
ashleymills | 0:714293de3836 | 7251 | int CyaSSL_BIO_pending(CYASSL_BIO* bio) |
ashleymills | 0:714293de3836 | 7252 | { |
ashleymills | 0:714293de3836 | 7253 | (void)bio; |
ashleymills | 0:714293de3836 | 7254 | return 0; |
ashleymills | 0:714293de3836 | 7255 | } |
ashleymills | 0:714293de3836 | 7256 | |
ashleymills | 0:714293de3836 | 7257 | |
ashleymills | 0:714293de3836 | 7258 | |
ashleymills | 0:714293de3836 | 7259 | CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void) |
ashleymills | 0:714293de3836 | 7260 | { |
ashleymills | 0:714293de3836 | 7261 | static CYASSL_BIO_METHOD meth; |
ashleymills | 0:714293de3836 | 7262 | |
ashleymills | 0:714293de3836 | 7263 | CYASSL_ENTER("BIO_s_mem"); |
ashleymills | 0:714293de3836 | 7264 | meth.type = BIO_MEMORY; |
ashleymills | 0:714293de3836 | 7265 | |
ashleymills | 0:714293de3836 | 7266 | return &meth; |
ashleymills | 0:714293de3836 | 7267 | } |
ashleymills | 0:714293de3836 | 7268 | |
ashleymills | 0:714293de3836 | 7269 | |
ashleymills | 0:714293de3836 | 7270 | CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void) |
ashleymills | 0:714293de3836 | 7271 | { |
ashleymills | 0:714293de3836 | 7272 | return 0; |
ashleymills | 0:714293de3836 | 7273 | } |
ashleymills | 0:714293de3836 | 7274 | |
ashleymills | 0:714293de3836 | 7275 | |
ashleymills | 0:714293de3836 | 7276 | void CyaSSL_BIO_set_flags(CYASSL_BIO* bio, int flags) |
ashleymills | 0:714293de3836 | 7277 | { |
ashleymills | 0:714293de3836 | 7278 | (void)bio; |
ashleymills | 0:714293de3836 | 7279 | (void)flags; |
ashleymills | 0:714293de3836 | 7280 | } |
ashleymills | 0:714293de3836 | 7281 | |
ashleymills | 0:714293de3836 | 7282 | |
ashleymills | 0:714293de3836 | 7283 | |
ashleymills | 0:714293de3836 | 7284 | void CyaSSL_RAND_screen(void) |
ashleymills | 0:714293de3836 | 7285 | { |
ashleymills | 0:714293de3836 | 7286 | |
ashleymills | 0:714293de3836 | 7287 | } |
ashleymills | 0:714293de3836 | 7288 | |
ashleymills | 0:714293de3836 | 7289 | |
ashleymills | 0:714293de3836 | 7290 | const char* CyaSSL_RAND_file_name(char* fname, unsigned long len) |
ashleymills | 0:714293de3836 | 7291 | { |
ashleymills | 0:714293de3836 | 7292 | (void)fname; |
ashleymills | 0:714293de3836 | 7293 | (void)len; |
ashleymills | 0:714293de3836 | 7294 | return 0; |
ashleymills | 0:714293de3836 | 7295 | } |
ashleymills | 0:714293de3836 | 7296 | |
ashleymills | 0:714293de3836 | 7297 | |
ashleymills | 0:714293de3836 | 7298 | int CyaSSL_RAND_write_file(const char* fname) |
ashleymills | 0:714293de3836 | 7299 | { |
ashleymills | 0:714293de3836 | 7300 | (void)fname; |
ashleymills | 0:714293de3836 | 7301 | return 0; |
ashleymills | 0:714293de3836 | 7302 | } |
ashleymills | 0:714293de3836 | 7303 | |
ashleymills | 0:714293de3836 | 7304 | |
ashleymills | 0:714293de3836 | 7305 | int CyaSSL_RAND_load_file(const char* fname, long len) |
ashleymills | 0:714293de3836 | 7306 | { |
ashleymills | 0:714293de3836 | 7307 | (void)fname; |
ashleymills | 0:714293de3836 | 7308 | /* CTaoCrypt provides enough entropy internally or will report error */ |
ashleymills | 0:714293de3836 | 7309 | if (len == -1) |
ashleymills | 0:714293de3836 | 7310 | return 1024; |
ashleymills | 0:714293de3836 | 7311 | else |
ashleymills | 0:714293de3836 | 7312 | return (int)len; |
ashleymills | 0:714293de3836 | 7313 | } |
ashleymills | 0:714293de3836 | 7314 | |
ashleymills | 0:714293de3836 | 7315 | |
ashleymills | 0:714293de3836 | 7316 | int CyaSSL_RAND_egd(const char* path) |
ashleymills | 0:714293de3836 | 7317 | { |
ashleymills | 0:714293de3836 | 7318 | (void)path; |
ashleymills | 0:714293de3836 | 7319 | return 0; |
ashleymills | 0:714293de3836 | 7320 | } |
ashleymills | 0:714293de3836 | 7321 | |
ashleymills | 0:714293de3836 | 7322 | |
ashleymills | 0:714293de3836 | 7323 | |
ashleymills | 0:714293de3836 | 7324 | CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void) |
ashleymills | 0:714293de3836 | 7325 | { |
ashleymills | 0:714293de3836 | 7326 | return 0; |
ashleymills | 0:714293de3836 | 7327 | } |
ashleymills | 0:714293de3836 | 7328 | |
ashleymills | 0:714293de3836 | 7329 | |
ashleymills | 0:714293de3836 | 7330 | CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void) |
ashleymills | 0:714293de3836 | 7331 | { |
ashleymills | 0:714293de3836 | 7332 | return 0; |
ashleymills | 0:714293de3836 | 7333 | } |
ashleymills | 0:714293de3836 | 7334 | |
ashleymills | 0:714293de3836 | 7335 | |
ashleymills | 0:714293de3836 | 7336 | int CyaSSL_COMP_add_compression_method(int method, void* data) |
ashleymills | 0:714293de3836 | 7337 | { |
ashleymills | 0:714293de3836 | 7338 | (void)method; |
ashleymills | 0:714293de3836 | 7339 | (void)data; |
ashleymills | 0:714293de3836 | 7340 | return 0; |
ashleymills | 0:714293de3836 | 7341 | } |
ashleymills | 0:714293de3836 | 7342 | |
ashleymills | 0:714293de3836 | 7343 | |
ashleymills | 0:714293de3836 | 7344 | |
ashleymills | 0:714293de3836 | 7345 | int CyaSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2, |
ashleymills | 0:714293de3836 | 7346 | void* cb3) |
ashleymills | 0:714293de3836 | 7347 | { |
ashleymills | 0:714293de3836 | 7348 | (void)idx; |
ashleymills | 0:714293de3836 | 7349 | (void)data; |
ashleymills | 0:714293de3836 | 7350 | (void)cb1; |
ashleymills | 0:714293de3836 | 7351 | (void)cb2; |
ashleymills | 0:714293de3836 | 7352 | (void)cb3; |
ashleymills | 0:714293de3836 | 7353 | return 0; |
ashleymills | 0:714293de3836 | 7354 | } |
ashleymills | 0:714293de3836 | 7355 | |
ashleymills | 0:714293de3836 | 7356 | |
ashleymills | 0:714293de3836 | 7357 | void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f)( |
ashleymills | 0:714293de3836 | 7358 | const char*, int)) |
ashleymills | 0:714293de3836 | 7359 | { |
ashleymills | 0:714293de3836 | 7360 | (void)f; |
ashleymills | 0:714293de3836 | 7361 | } |
ashleymills | 0:714293de3836 | 7362 | |
ashleymills | 0:714293de3836 | 7363 | |
ashleymills | 0:714293de3836 | 7364 | void CyaSSL_set_dynlock_lock_callback( |
ashleymills | 0:714293de3836 | 7365 | void (*f)(int, CYASSL_dynlock_value*, const char*, int)) |
ashleymills | 0:714293de3836 | 7366 | { |
ashleymills | 0:714293de3836 | 7367 | (void)f; |
ashleymills | 0:714293de3836 | 7368 | } |
ashleymills | 0:714293de3836 | 7369 | |
ashleymills | 0:714293de3836 | 7370 | |
ashleymills | 0:714293de3836 | 7371 | void CyaSSL_set_dynlock_destroy_callback( |
ashleymills | 0:714293de3836 | 7372 | void (*f)(CYASSL_dynlock_value*, const char*, int)) |
ashleymills | 0:714293de3836 | 7373 | { |
ashleymills | 0:714293de3836 | 7374 | (void)f; |
ashleymills | 0:714293de3836 | 7375 | } |
ashleymills | 0:714293de3836 | 7376 | |
ashleymills | 0:714293de3836 | 7377 | |
ashleymills | 0:714293de3836 | 7378 | |
ashleymills | 0:714293de3836 | 7379 | const char* CyaSSL_X509_verify_cert_error_string(long err) |
ashleymills | 0:714293de3836 | 7380 | { |
ashleymills | 0:714293de3836 | 7381 | (void)err; |
ashleymills | 0:714293de3836 | 7382 | return 0; |
ashleymills | 0:714293de3836 | 7383 | } |
ashleymills | 0:714293de3836 | 7384 | |
ashleymills | 0:714293de3836 | 7385 | |
ashleymills | 0:714293de3836 | 7386 | |
ashleymills | 0:714293de3836 | 7387 | int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP* lookup, const char* dir, |
ashleymills | 0:714293de3836 | 7388 | long len) |
ashleymills | 0:714293de3836 | 7389 | { |
ashleymills | 0:714293de3836 | 7390 | (void)lookup; |
ashleymills | 0:714293de3836 | 7391 | (void)dir; |
ashleymills | 0:714293de3836 | 7392 | (void)len; |
ashleymills | 0:714293de3836 | 7393 | return 0; |
ashleymills | 0:714293de3836 | 7394 | } |
ashleymills | 0:714293de3836 | 7395 | |
ashleymills | 0:714293de3836 | 7396 | |
ashleymills | 0:714293de3836 | 7397 | int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP* lookup, |
ashleymills | 0:714293de3836 | 7398 | const char* file, long len) |
ashleymills | 0:714293de3836 | 7399 | { |
ashleymills | 0:714293de3836 | 7400 | (void)lookup; |
ashleymills | 0:714293de3836 | 7401 | (void)file; |
ashleymills | 0:714293de3836 | 7402 | (void)len; |
ashleymills | 0:714293de3836 | 7403 | return 0; |
ashleymills | 0:714293de3836 | 7404 | } |
ashleymills | 0:714293de3836 | 7405 | |
ashleymills | 0:714293de3836 | 7406 | |
ashleymills | 0:714293de3836 | 7407 | CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void) |
ashleymills | 0:714293de3836 | 7408 | { |
ashleymills | 0:714293de3836 | 7409 | return 0; |
ashleymills | 0:714293de3836 | 7410 | } |
ashleymills | 0:714293de3836 | 7411 | |
ashleymills | 0:714293de3836 | 7412 | |
ashleymills | 0:714293de3836 | 7413 | CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void) |
ashleymills | 0:714293de3836 | 7414 | { |
ashleymills | 0:714293de3836 | 7415 | return 0; |
ashleymills | 0:714293de3836 | 7416 | } |
ashleymills | 0:714293de3836 | 7417 | |
ashleymills | 0:714293de3836 | 7418 | |
ashleymills | 0:714293de3836 | 7419 | |
ashleymills | 0:714293de3836 | 7420 | CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE* store, |
ashleymills | 0:714293de3836 | 7421 | CYASSL_X509_LOOKUP_METHOD* m) |
ashleymills | 0:714293de3836 | 7422 | { |
ashleymills | 0:714293de3836 | 7423 | (void)store; |
ashleymills | 0:714293de3836 | 7424 | (void)m; |
ashleymills | 0:714293de3836 | 7425 | return 0; |
ashleymills | 0:714293de3836 | 7426 | } |
ashleymills | 0:714293de3836 | 7427 | |
ashleymills | 0:714293de3836 | 7428 | |
ashleymills | 0:714293de3836 | 7429 | CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void) |
ashleymills | 0:714293de3836 | 7430 | { |
ashleymills | 0:714293de3836 | 7431 | return 0; |
ashleymills | 0:714293de3836 | 7432 | } |
ashleymills | 0:714293de3836 | 7433 | |
ashleymills | 0:714293de3836 | 7434 | |
ashleymills | 0:714293de3836 | 7435 | int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX* ctx, int idx, |
ashleymills | 0:714293de3836 | 7436 | CYASSL_X509_NAME* name, CYASSL_X509_OBJECT* obj) |
ashleymills | 0:714293de3836 | 7437 | { |
ashleymills | 0:714293de3836 | 7438 | (void)ctx; |
ashleymills | 0:714293de3836 | 7439 | (void)idx; |
ashleymills | 0:714293de3836 | 7440 | (void)name; |
ashleymills | 0:714293de3836 | 7441 | (void)obj; |
ashleymills | 0:714293de3836 | 7442 | return 0; |
ashleymills | 0:714293de3836 | 7443 | } |
ashleymills | 0:714293de3836 | 7444 | |
ashleymills | 0:714293de3836 | 7445 | |
ashleymills | 0:714293de3836 | 7446 | int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX* ctx, |
ashleymills | 0:714293de3836 | 7447 | CYASSL_X509_STORE* store, CYASSL_X509* x509, STACK_OF(CYASSL_X509)* sk) |
ashleymills | 0:714293de3836 | 7448 | { |
ashleymills | 0:714293de3836 | 7449 | (void)ctx; |
ashleymills | 0:714293de3836 | 7450 | (void)store; |
ashleymills | 0:714293de3836 | 7451 | (void)x509; |
ashleymills | 0:714293de3836 | 7452 | (void)sk; |
ashleymills | 0:714293de3836 | 7453 | return 0; |
ashleymills | 0:714293de3836 | 7454 | } |
ashleymills | 0:714293de3836 | 7455 | |
ashleymills | 0:714293de3836 | 7456 | |
ashleymills | 0:714293de3836 | 7457 | void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX* ctx) |
ashleymills | 0:714293de3836 | 7458 | { |
ashleymills | 0:714293de3836 | 7459 | (void)ctx; |
ashleymills | 0:714293de3836 | 7460 | } |
ashleymills | 0:714293de3836 | 7461 | |
ashleymills | 0:714293de3836 | 7462 | |
ashleymills | 0:714293de3836 | 7463 | |
ashleymills | 0:714293de3836 | 7464 | CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL* crl) |
ashleymills | 0:714293de3836 | 7465 | { |
ashleymills | 0:714293de3836 | 7466 | (void)crl; |
ashleymills | 0:714293de3836 | 7467 | return 0; |
ashleymills | 0:714293de3836 | 7468 | } |
ashleymills | 0:714293de3836 | 7469 | |
ashleymills | 0:714293de3836 | 7470 | |
ashleymills | 0:714293de3836 | 7471 | CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL* crl) |
ashleymills | 0:714293de3836 | 7472 | { |
ashleymills | 0:714293de3836 | 7473 | (void)crl; |
ashleymills | 0:714293de3836 | 7474 | return 0; |
ashleymills | 0:714293de3836 | 7475 | } |
ashleymills | 0:714293de3836 | 7476 | |
ashleymills | 0:714293de3836 | 7477 | |
ashleymills | 0:714293de3836 | 7478 | |
ashleymills | 0:714293de3836 | 7479 | CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509* x509) |
ashleymills | 0:714293de3836 | 7480 | { |
ashleymills | 0:714293de3836 | 7481 | (void)x509; |
ashleymills | 0:714293de3836 | 7482 | return 0; |
ashleymills | 0:714293de3836 | 7483 | } |
ashleymills | 0:714293de3836 | 7484 | |
ashleymills | 0:714293de3836 | 7485 | |
ashleymills | 0:714293de3836 | 7486 | int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL* crl, CYASSL_EVP_PKEY* key) |
ashleymills | 0:714293de3836 | 7487 | { |
ashleymills | 0:714293de3836 | 7488 | (void)crl; |
ashleymills | 0:714293de3836 | 7489 | (void)key; |
ashleymills | 0:714293de3836 | 7490 | return 0; |
ashleymills | 0:714293de3836 | 7491 | } |
ashleymills | 0:714293de3836 | 7492 | |
ashleymills | 0:714293de3836 | 7493 | |
ashleymills | 0:714293de3836 | 7494 | void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX* ctx, int err) |
ashleymills | 0:714293de3836 | 7495 | { |
ashleymills | 0:714293de3836 | 7496 | (void)ctx; |
ashleymills | 0:714293de3836 | 7497 | (void)err; |
ashleymills | 0:714293de3836 | 7498 | } |
ashleymills | 0:714293de3836 | 7499 | |
ashleymills | 0:714293de3836 | 7500 | |
ashleymills | 0:714293de3836 | 7501 | void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT* obj) |
ashleymills | 0:714293de3836 | 7502 | { |
ashleymills | 0:714293de3836 | 7503 | (void)obj; |
ashleymills | 0:714293de3836 | 7504 | } |
ashleymills | 0:714293de3836 | 7505 | |
ashleymills | 0:714293de3836 | 7506 | |
ashleymills | 0:714293de3836 | 7507 | void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY* key) |
ashleymills | 0:714293de3836 | 7508 | { |
ashleymills | 0:714293de3836 | 7509 | (void)key; |
ashleymills | 0:714293de3836 | 7510 | } |
ashleymills | 0:714293de3836 | 7511 | |
ashleymills | 0:714293de3836 | 7512 | |
ashleymills | 0:714293de3836 | 7513 | int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME* asnTime) |
ashleymills | 0:714293de3836 | 7514 | { |
ashleymills | 0:714293de3836 | 7515 | (void)asnTime; |
ashleymills | 0:714293de3836 | 7516 | return 0; |
ashleymills | 0:714293de3836 | 7517 | } |
ashleymills | 0:714293de3836 | 7518 | |
ashleymills | 0:714293de3836 | 7519 | |
ashleymills | 0:714293de3836 | 7520 | int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED* revoked) |
ashleymills | 0:714293de3836 | 7521 | { |
ashleymills | 0:714293de3836 | 7522 | (void)revoked; |
ashleymills | 0:714293de3836 | 7523 | return 0; |
ashleymills | 0:714293de3836 | 7524 | } |
ashleymills | 0:714293de3836 | 7525 | |
ashleymills | 0:714293de3836 | 7526 | |
ashleymills | 0:714293de3836 | 7527 | |
ashleymills | 0:714293de3836 | 7528 | CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL* crl) |
ashleymills | 0:714293de3836 | 7529 | { |
ashleymills | 0:714293de3836 | 7530 | (void)crl; |
ashleymills | 0:714293de3836 | 7531 | return 0; |
ashleymills | 0:714293de3836 | 7532 | } |
ashleymills | 0:714293de3836 | 7533 | |
ashleymills | 0:714293de3836 | 7534 | |
ashleymills | 0:714293de3836 | 7535 | CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value( |
ashleymills | 0:714293de3836 | 7536 | CYASSL_X509_REVOKED* revoked, int value) |
ashleymills | 0:714293de3836 | 7537 | { |
ashleymills | 0:714293de3836 | 7538 | (void)revoked; |
ashleymills | 0:714293de3836 | 7539 | (void)value; |
ashleymills | 0:714293de3836 | 7540 | return 0; |
ashleymills | 0:714293de3836 | 7541 | } |
ashleymills | 0:714293de3836 | 7542 | |
ashleymills | 0:714293de3836 | 7543 | |
ashleymills | 0:714293de3836 | 7544 | |
ashleymills | 0:714293de3836 | 7545 | CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509* x509) |
ashleymills | 0:714293de3836 | 7546 | { |
ashleymills | 0:714293de3836 | 7547 | (void)x509; |
ashleymills | 0:714293de3836 | 7548 | return 0; |
ashleymills | 0:714293de3836 | 7549 | } |
ashleymills | 0:714293de3836 | 7550 | |
ashleymills | 0:714293de3836 | 7551 | |
ashleymills | 0:714293de3836 | 7552 | int CyaSSL_ASN1_TIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_TIME* asnTime) |
ashleymills | 0:714293de3836 | 7553 | { |
ashleymills | 0:714293de3836 | 7554 | (void)bio; |
ashleymills | 0:714293de3836 | 7555 | (void)asnTime; |
ashleymills | 0:714293de3836 | 7556 | return 0; |
ashleymills | 0:714293de3836 | 7557 | } |
ashleymills | 0:714293de3836 | 7558 | |
ashleymills | 0:714293de3836 | 7559 | |
ashleymills | 0:714293de3836 | 7560 | |
ashleymills | 0:714293de3836 | 7561 | int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER* a, |
ashleymills | 0:714293de3836 | 7562 | const CYASSL_ASN1_INTEGER* b) |
ashleymills | 0:714293de3836 | 7563 | { |
ashleymills | 0:714293de3836 | 7564 | (void)a; |
ashleymills | 0:714293de3836 | 7565 | (void)b; |
ashleymills | 0:714293de3836 | 7566 | return 0; |
ashleymills | 0:714293de3836 | 7567 | } |
ashleymills | 0:714293de3836 | 7568 | |
ashleymills | 0:714293de3836 | 7569 | |
ashleymills | 0:714293de3836 | 7570 | long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER* i) |
ashleymills | 0:714293de3836 | 7571 | { |
ashleymills | 0:714293de3836 | 7572 | (void)i; |
ashleymills | 0:714293de3836 | 7573 | return 0; |
ashleymills | 0:714293de3836 | 7574 | } |
ashleymills | 0:714293de3836 | 7575 | |
ashleymills | 0:714293de3836 | 7576 | |
ashleymills | 0:714293de3836 | 7577 | |
ashleymills | 0:714293de3836 | 7578 | void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX* ctx, int idx) |
ashleymills | 0:714293de3836 | 7579 | { |
ashleymills | 0:714293de3836 | 7580 | #ifdef FORTRESS |
ashleymills | 0:714293de3836 | 7581 | if (ctx != NULL && idx == 0) |
ashleymills | 0:714293de3836 | 7582 | return ctx->ex_data; |
ashleymills | 0:714293de3836 | 7583 | #else |
ashleymills | 0:714293de3836 | 7584 | (void)ctx; |
ashleymills | 0:714293de3836 | 7585 | (void)idx; |
ashleymills | 0:714293de3836 | 7586 | #endif |
ashleymills | 0:714293de3836 | 7587 | return 0; |
ashleymills | 0:714293de3836 | 7588 | } |
ashleymills | 0:714293de3836 | 7589 | |
ashleymills | 0:714293de3836 | 7590 | |
ashleymills | 0:714293de3836 | 7591 | int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void) |
ashleymills | 0:714293de3836 | 7592 | { |
ashleymills | 0:714293de3836 | 7593 | return 0; |
ashleymills | 0:714293de3836 | 7594 | } |
ashleymills | 0:714293de3836 | 7595 | |
ashleymills | 0:714293de3836 | 7596 | |
ashleymills | 0:714293de3836 | 7597 | void* CyaSSL_get_ex_data(const CYASSL* ssl, int idx) |
ashleymills | 0:714293de3836 | 7598 | { |
ashleymills | 0:714293de3836 | 7599 | #ifdef FORTRESS |
ashleymills | 0:714293de3836 | 7600 | if (ssl != NULL && idx < MAX_EX_DATA) |
ashleymills | 0:714293de3836 | 7601 | return ssl->ex_data[idx]; |
ashleymills | 0:714293de3836 | 7602 | #else |
ashleymills | 0:714293de3836 | 7603 | (void)ssl; |
ashleymills | 0:714293de3836 | 7604 | (void)idx; |
ashleymills | 0:714293de3836 | 7605 | #endif |
ashleymills | 0:714293de3836 | 7606 | return 0; |
ashleymills | 0:714293de3836 | 7607 | } |
ashleymills | 0:714293de3836 | 7608 | |
ashleymills | 0:714293de3836 | 7609 | |
ashleymills | 0:714293de3836 | 7610 | void CyaSSL_CTX_set_info_callback(CYASSL_CTX* ctx, void (*f)(void)) |
ashleymills | 0:714293de3836 | 7611 | { |
ashleymills | 0:714293de3836 | 7612 | (void)ctx; |
ashleymills | 0:714293de3836 | 7613 | (void)f; |
ashleymills | 0:714293de3836 | 7614 | } |
ashleymills | 0:714293de3836 | 7615 | |
ashleymills | 0:714293de3836 | 7616 | |
ashleymills | 0:714293de3836 | 7617 | unsigned long CyaSSL_ERR_peek_error(void) |
ashleymills | 0:714293de3836 | 7618 | { |
ashleymills | 0:714293de3836 | 7619 | return 0; |
ashleymills | 0:714293de3836 | 7620 | } |
ashleymills | 0:714293de3836 | 7621 | |
ashleymills | 0:714293de3836 | 7622 | |
ashleymills | 0:714293de3836 | 7623 | int CyaSSL_ERR_GET_REASON(int err) |
ashleymills | 0:714293de3836 | 7624 | { |
ashleymills | 0:714293de3836 | 7625 | (void)err; |
ashleymills | 0:714293de3836 | 7626 | return 0; |
ashleymills | 0:714293de3836 | 7627 | } |
ashleymills | 0:714293de3836 | 7628 | |
ashleymills | 0:714293de3836 | 7629 | |
ashleymills | 0:714293de3836 | 7630 | char* CyaSSL_alert_type_string_long(int alertID) |
ashleymills | 0:714293de3836 | 7631 | { |
ashleymills | 0:714293de3836 | 7632 | (void)alertID; |
ashleymills | 0:714293de3836 | 7633 | return 0; |
ashleymills | 0:714293de3836 | 7634 | } |
ashleymills | 0:714293de3836 | 7635 | |
ashleymills | 0:714293de3836 | 7636 | |
ashleymills | 0:714293de3836 | 7637 | char* CyaSSL_alert_desc_string_long(int alertID) |
ashleymills | 0:714293de3836 | 7638 | { |
ashleymills | 0:714293de3836 | 7639 | (void)alertID; |
ashleymills | 0:714293de3836 | 7640 | return 0; |
ashleymills | 0:714293de3836 | 7641 | } |
ashleymills | 0:714293de3836 | 7642 | |
ashleymills | 0:714293de3836 | 7643 | |
ashleymills | 0:714293de3836 | 7644 | char* CyaSSL_state_string_long(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 7645 | { |
ashleymills | 0:714293de3836 | 7646 | (void)ssl; |
ashleymills | 0:714293de3836 | 7647 | return 0; |
ashleymills | 0:714293de3836 | 7648 | } |
ashleymills | 0:714293de3836 | 7649 | |
ashleymills | 0:714293de3836 | 7650 | |
ashleymills | 0:714293de3836 | 7651 | int CyaSSL_PEM_def_callback(char* name, int num, int w, void* key) |
ashleymills | 0:714293de3836 | 7652 | { |
ashleymills | 0:714293de3836 | 7653 | (void)name; |
ashleymills | 0:714293de3836 | 7654 | (void)num; |
ashleymills | 0:714293de3836 | 7655 | (void)w; |
ashleymills | 0:714293de3836 | 7656 | (void)key; |
ashleymills | 0:714293de3836 | 7657 | return 0; |
ashleymills | 0:714293de3836 | 7658 | } |
ashleymills | 0:714293de3836 | 7659 | |
ashleymills | 0:714293de3836 | 7660 | |
ashleymills | 0:714293de3836 | 7661 | long CyaSSL_CTX_sess_accept(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7662 | { |
ashleymills | 0:714293de3836 | 7663 | (void)ctx; |
ashleymills | 0:714293de3836 | 7664 | return 0; |
ashleymills | 0:714293de3836 | 7665 | } |
ashleymills | 0:714293de3836 | 7666 | |
ashleymills | 0:714293de3836 | 7667 | |
ashleymills | 0:714293de3836 | 7668 | long CyaSSL_CTX_sess_connect(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7669 | { |
ashleymills | 0:714293de3836 | 7670 | (void)ctx; |
ashleymills | 0:714293de3836 | 7671 | return 0; |
ashleymills | 0:714293de3836 | 7672 | } |
ashleymills | 0:714293de3836 | 7673 | |
ashleymills | 0:714293de3836 | 7674 | |
ashleymills | 0:714293de3836 | 7675 | long CyaSSL_CTX_sess_accept_good(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7676 | { |
ashleymills | 0:714293de3836 | 7677 | (void)ctx; |
ashleymills | 0:714293de3836 | 7678 | return 0; |
ashleymills | 0:714293de3836 | 7679 | } |
ashleymills | 0:714293de3836 | 7680 | |
ashleymills | 0:714293de3836 | 7681 | |
ashleymills | 0:714293de3836 | 7682 | long CyaSSL_CTX_sess_connect_good(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7683 | { |
ashleymills | 0:714293de3836 | 7684 | (void)ctx; |
ashleymills | 0:714293de3836 | 7685 | return 0; |
ashleymills | 0:714293de3836 | 7686 | } |
ashleymills | 0:714293de3836 | 7687 | |
ashleymills | 0:714293de3836 | 7688 | |
ashleymills | 0:714293de3836 | 7689 | long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7690 | { |
ashleymills | 0:714293de3836 | 7691 | (void)ctx; |
ashleymills | 0:714293de3836 | 7692 | return 0; |
ashleymills | 0:714293de3836 | 7693 | } |
ashleymills | 0:714293de3836 | 7694 | |
ashleymills | 0:714293de3836 | 7695 | |
ashleymills | 0:714293de3836 | 7696 | long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7697 | { |
ashleymills | 0:714293de3836 | 7698 | (void)ctx; |
ashleymills | 0:714293de3836 | 7699 | return 0; |
ashleymills | 0:714293de3836 | 7700 | } |
ashleymills | 0:714293de3836 | 7701 | |
ashleymills | 0:714293de3836 | 7702 | |
ashleymills | 0:714293de3836 | 7703 | long CyaSSL_CTX_sess_hits(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7704 | { |
ashleymills | 0:714293de3836 | 7705 | (void)ctx; |
ashleymills | 0:714293de3836 | 7706 | return 0; |
ashleymills | 0:714293de3836 | 7707 | } |
ashleymills | 0:714293de3836 | 7708 | |
ashleymills | 0:714293de3836 | 7709 | |
ashleymills | 0:714293de3836 | 7710 | long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7711 | { |
ashleymills | 0:714293de3836 | 7712 | (void)ctx; |
ashleymills | 0:714293de3836 | 7713 | return 0; |
ashleymills | 0:714293de3836 | 7714 | } |
ashleymills | 0:714293de3836 | 7715 | |
ashleymills | 0:714293de3836 | 7716 | |
ashleymills | 0:714293de3836 | 7717 | long CyaSSL_CTX_sess_cache_full(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7718 | { |
ashleymills | 0:714293de3836 | 7719 | (void)ctx; |
ashleymills | 0:714293de3836 | 7720 | return 0; |
ashleymills | 0:714293de3836 | 7721 | } |
ashleymills | 0:714293de3836 | 7722 | |
ashleymills | 0:714293de3836 | 7723 | |
ashleymills | 0:714293de3836 | 7724 | long CyaSSL_CTX_sess_misses(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7725 | { |
ashleymills | 0:714293de3836 | 7726 | (void)ctx; |
ashleymills | 0:714293de3836 | 7727 | return 0; |
ashleymills | 0:714293de3836 | 7728 | } |
ashleymills | 0:714293de3836 | 7729 | |
ashleymills | 0:714293de3836 | 7730 | |
ashleymills | 0:714293de3836 | 7731 | long CyaSSL_CTX_sess_timeouts(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7732 | { |
ashleymills | 0:714293de3836 | 7733 | (void)ctx; |
ashleymills | 0:714293de3836 | 7734 | return 0; |
ashleymills | 0:714293de3836 | 7735 | } |
ashleymills | 0:714293de3836 | 7736 | |
ashleymills | 0:714293de3836 | 7737 | |
ashleymills | 0:714293de3836 | 7738 | long CyaSSL_CTX_sess_number(CYASSL_CTX* ctx) |
ashleymills | 0:714293de3836 | 7739 | { |
ashleymills | 0:714293de3836 | 7740 | (void)ctx; |
ashleymills | 0:714293de3836 | 7741 | return 0; |
ashleymills | 0:714293de3836 | 7742 | } |
ashleymills | 0:714293de3836 | 7743 | |
ashleymills | 0:714293de3836 | 7744 | |
ashleymills | 0:714293de3836 | 7745 | void CyaSSL_DES_set_key_unchecked(CYASSL_const_DES_cblock* myDes, |
ashleymills | 0:714293de3836 | 7746 | CYASSL_DES_key_schedule* key) |
ashleymills | 0:714293de3836 | 7747 | { |
ashleymills | 0:714293de3836 | 7748 | (void)myDes; |
ashleymills | 0:714293de3836 | 7749 | (void)key; |
ashleymills | 0:714293de3836 | 7750 | } |
ashleymills | 0:714293de3836 | 7751 | |
ashleymills | 0:714293de3836 | 7752 | |
ashleymills | 0:714293de3836 | 7753 | void CyaSSL_DES_set_odd_parity(CYASSL_DES_cblock* myDes) |
ashleymills | 0:714293de3836 | 7754 | { |
ashleymills | 0:714293de3836 | 7755 | (void)myDes; |
ashleymills | 0:714293de3836 | 7756 | } |
ashleymills | 0:714293de3836 | 7757 | |
ashleymills | 0:714293de3836 | 7758 | |
ashleymills | 0:714293de3836 | 7759 | void CyaSSL_DES_ecb_encrypt(CYASSL_DES_cblock* desa, |
ashleymills | 0:714293de3836 | 7760 | CYASSL_DES_cblock* desb, CYASSL_DES_key_schedule* key, int len) |
ashleymills | 0:714293de3836 | 7761 | { |
ashleymills | 0:714293de3836 | 7762 | (void)desa; |
ashleymills | 0:714293de3836 | 7763 | (void)desb; |
ashleymills | 0:714293de3836 | 7764 | (void)key; |
ashleymills | 0:714293de3836 | 7765 | (void)len; |
ashleymills | 0:714293de3836 | 7766 | } |
ashleymills | 0:714293de3836 | 7767 | |
ashleymills | 0:714293de3836 | 7768 | int CyaSSL_BIO_printf(CYASSL_BIO* bio, const char* format, ...) |
ashleymills | 0:714293de3836 | 7769 | { |
ashleymills | 0:714293de3836 | 7770 | (void)bio; |
ashleymills | 0:714293de3836 | 7771 | (void)format; |
ashleymills | 0:714293de3836 | 7772 | return 0; |
ashleymills | 0:714293de3836 | 7773 | } |
ashleymills | 0:714293de3836 | 7774 | |
ashleymills | 0:714293de3836 | 7775 | |
ashleymills | 0:714293de3836 | 7776 | int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_UTCTIME* a) |
ashleymills | 0:714293de3836 | 7777 | { |
ashleymills | 0:714293de3836 | 7778 | (void)bio; |
ashleymills | 0:714293de3836 | 7779 | (void)a; |
ashleymills | 0:714293de3836 | 7780 | return 0; |
ashleymills | 0:714293de3836 | 7781 | } |
ashleymills | 0:714293de3836 | 7782 | |
ashleymills | 0:714293de3836 | 7783 | |
ashleymills | 0:714293de3836 | 7784 | int CyaSSL_sk_num(CYASSL_X509_REVOKED* rev) |
ashleymills | 0:714293de3836 | 7785 | { |
ashleymills | 0:714293de3836 | 7786 | (void)rev; |
ashleymills | 0:714293de3836 | 7787 | return 0; |
ashleymills | 0:714293de3836 | 7788 | } |
ashleymills | 0:714293de3836 | 7789 | |
ashleymills | 0:714293de3836 | 7790 | |
ashleymills | 0:714293de3836 | 7791 | void* CyaSSL_sk_value(CYASSL_X509_REVOKED* rev, int i) |
ashleymills | 0:714293de3836 | 7792 | { |
ashleymills | 0:714293de3836 | 7793 | (void)rev; |
ashleymills | 0:714293de3836 | 7794 | (void)i; |
ashleymills | 0:714293de3836 | 7795 | return 0; |
ashleymills | 0:714293de3836 | 7796 | } |
ashleymills | 0:714293de3836 | 7797 | |
ashleymills | 0:714293de3836 | 7798 | |
ashleymills | 0:714293de3836 | 7799 | /* stunnel 4.28 needs */ |
ashleymills | 0:714293de3836 | 7800 | void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX* ctx, int d) |
ashleymills | 0:714293de3836 | 7801 | { |
ashleymills | 0:714293de3836 | 7802 | (void)ctx; |
ashleymills | 0:714293de3836 | 7803 | (void)d; |
ashleymills | 0:714293de3836 | 7804 | return 0; |
ashleymills | 0:714293de3836 | 7805 | } |
ashleymills | 0:714293de3836 | 7806 | |
ashleymills | 0:714293de3836 | 7807 | |
ashleymills | 0:714293de3836 | 7808 | int CyaSSL_CTX_set_ex_data(CYASSL_CTX* ctx, int d, void* p) |
ashleymills | 0:714293de3836 | 7809 | { |
ashleymills | 0:714293de3836 | 7810 | (void)ctx; |
ashleymills | 0:714293de3836 | 7811 | (void)d; |
ashleymills | 0:714293de3836 | 7812 | (void)p; |
ashleymills | 0:714293de3836 | 7813 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 7814 | } |
ashleymills | 0:714293de3836 | 7815 | |
ashleymills | 0:714293de3836 | 7816 | |
ashleymills | 0:714293de3836 | 7817 | void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 7818 | CYASSL_SESSION*(*f)(CYASSL*, unsigned char*, int, int*)) |
ashleymills | 0:714293de3836 | 7819 | { |
ashleymills | 0:714293de3836 | 7820 | (void)ctx; |
ashleymills | 0:714293de3836 | 7821 | (void)f; |
ashleymills | 0:714293de3836 | 7822 | } |
ashleymills | 0:714293de3836 | 7823 | |
ashleymills | 0:714293de3836 | 7824 | |
ashleymills | 0:714293de3836 | 7825 | void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX* ctx, |
ashleymills | 0:714293de3836 | 7826 | int (*f)(CYASSL*, CYASSL_SESSION*)) |
ashleymills | 0:714293de3836 | 7827 | { |
ashleymills | 0:714293de3836 | 7828 | (void)ctx; |
ashleymills | 0:714293de3836 | 7829 | (void)f; |
ashleymills | 0:714293de3836 | 7830 | } |
ashleymills | 0:714293de3836 | 7831 | |
ashleymills | 0:714293de3836 | 7832 | |
ashleymills | 0:714293de3836 | 7833 | void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX* ctx, void (*f)(CYASSL_CTX*, |
ashleymills | 0:714293de3836 | 7834 | CYASSL_SESSION*)) |
ashleymills | 0:714293de3836 | 7835 | { |
ashleymills | 0:714293de3836 | 7836 | (void)ctx; |
ashleymills | 0:714293de3836 | 7837 | (void)f; |
ashleymills | 0:714293de3836 | 7838 | } |
ashleymills | 0:714293de3836 | 7839 | |
ashleymills | 0:714293de3836 | 7840 | |
ashleymills | 0:714293de3836 | 7841 | int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION* sess, unsigned char** p) |
ashleymills | 0:714293de3836 | 7842 | { |
ashleymills | 0:714293de3836 | 7843 | (void)sess; |
ashleymills | 0:714293de3836 | 7844 | (void)p; |
ashleymills | 0:714293de3836 | 7845 | return sizeof(CYASSL_SESSION); |
ashleymills | 0:714293de3836 | 7846 | } |
ashleymills | 0:714293de3836 | 7847 | |
ashleymills | 0:714293de3836 | 7848 | |
ashleymills | 0:714293de3836 | 7849 | CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION** sess, |
ashleymills | 0:714293de3836 | 7850 | const unsigned char** p, long i) |
ashleymills | 0:714293de3836 | 7851 | { |
ashleymills | 0:714293de3836 | 7852 | (void)p; |
ashleymills | 0:714293de3836 | 7853 | (void)i; |
ashleymills | 0:714293de3836 | 7854 | if (sess) |
ashleymills | 0:714293de3836 | 7855 | return *sess; |
ashleymills | 0:714293de3836 | 7856 | return NULL; |
ashleymills | 0:714293de3836 | 7857 | } |
ashleymills | 0:714293de3836 | 7858 | |
ashleymills | 0:714293de3836 | 7859 | |
ashleymills | 0:714293de3836 | 7860 | long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION* sess) |
ashleymills | 0:714293de3836 | 7861 | { |
ashleymills | 0:714293de3836 | 7862 | CYASSL_ENTER("CyaSSL_SESSION_get_timeout"); |
ashleymills | 0:714293de3836 | 7863 | return sess->timeout; |
ashleymills | 0:714293de3836 | 7864 | } |
ashleymills | 0:714293de3836 | 7865 | |
ashleymills | 0:714293de3836 | 7866 | |
ashleymills | 0:714293de3836 | 7867 | long CyaSSL_SESSION_get_time(const CYASSL_SESSION* sess) |
ashleymills | 0:714293de3836 | 7868 | { |
ashleymills | 0:714293de3836 | 7869 | CYASSL_ENTER("CyaSSL_SESSION_get_time"); |
ashleymills | 0:714293de3836 | 7870 | return sess->bornOn; |
ashleymills | 0:714293de3836 | 7871 | } |
ashleymills | 0:714293de3836 | 7872 | |
ashleymills | 0:714293de3836 | 7873 | |
ashleymills | 0:714293de3836 | 7874 | int CyaSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, |
ashleymills | 0:714293de3836 | 7875 | void* c) |
ashleymills | 0:714293de3836 | 7876 | { |
ashleymills | 0:714293de3836 | 7877 | (void)idx; |
ashleymills | 0:714293de3836 | 7878 | (void)arg; |
ashleymills | 0:714293de3836 | 7879 | (void)a; |
ashleymills | 0:714293de3836 | 7880 | (void)b; |
ashleymills | 0:714293de3836 | 7881 | (void)c; |
ashleymills | 0:714293de3836 | 7882 | return 0; |
ashleymills | 0:714293de3836 | 7883 | } |
ashleymills | 0:714293de3836 | 7884 | |
ashleymills | 0:714293de3836 | 7885 | #endif /* OPENSSL_EXTRA */ |
ashleymills | 0:714293de3836 | 7886 | |
ashleymills | 0:714293de3836 | 7887 | |
ashleymills | 0:714293de3836 | 7888 | #ifdef KEEP_PEER_CERT |
ashleymills | 0:714293de3836 | 7889 | char* CyaSSL_X509_get_subjectCN(CYASSL_X509* x509) |
ashleymills | 0:714293de3836 | 7890 | { |
ashleymills | 0:714293de3836 | 7891 | if (x509 == NULL) |
ashleymills | 0:714293de3836 | 7892 | return NULL; |
ashleymills | 0:714293de3836 | 7893 | |
ashleymills | 0:714293de3836 | 7894 | return x509->subjectCN; |
ashleymills | 0:714293de3836 | 7895 | } |
ashleymills | 0:714293de3836 | 7896 | #endif /* KEEP_PEER_CERT */ |
ashleymills | 0:714293de3836 | 7897 | |
ashleymills | 0:714293de3836 | 7898 | #ifdef OPENSSL_EXTRA |
ashleymills | 0:714293de3836 | 7899 | |
ashleymills | 0:714293de3836 | 7900 | #ifdef FORTRESS |
ashleymills | 0:714293de3836 | 7901 | int CyaSSL_cmp_peer_cert_to_file(CYASSL* ssl, const char *fname) |
ashleymills | 0:714293de3836 | 7902 | { |
ashleymills | 0:714293de3836 | 7903 | int ret = SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 7904 | |
ashleymills | 0:714293de3836 | 7905 | CYASSL_ENTER("CyaSSL_cmp_peer_cert_to_file"); |
ashleymills | 0:714293de3836 | 7906 | if (ssl != NULL && fname != NULL) |
ashleymills | 0:714293de3836 | 7907 | { |
ashleymills | 0:714293de3836 | 7908 | XFILE file = XBADFILE; |
ashleymills | 0:714293de3836 | 7909 | long sz = 0; |
ashleymills | 0:714293de3836 | 7910 | byte staticBuffer[FILE_BUFFER_SIZE]; |
ashleymills | 0:714293de3836 | 7911 | byte* myBuffer = staticBuffer; |
ashleymills | 0:714293de3836 | 7912 | CYASSL_CTX* ctx = ssl->ctx; |
ashleymills | 0:714293de3836 | 7913 | EncryptedInfo info; |
ashleymills | 0:714293de3836 | 7914 | buffer fileDer; |
ashleymills | 0:714293de3836 | 7915 | int eccKey = 0; |
ashleymills | 0:714293de3836 | 7916 | CYASSL_X509* peer_cert = &ssl->peerCert; |
ashleymills | 0:714293de3836 | 7917 | |
ashleymills | 0:714293de3836 | 7918 | info.set = 0; |
ashleymills | 0:714293de3836 | 7919 | info.ctx = ctx; |
ashleymills | 0:714293de3836 | 7920 | info.consumed = 0; |
ashleymills | 0:714293de3836 | 7921 | fileDer.buffer = 0; |
ashleymills | 0:714293de3836 | 7922 | |
ashleymills | 0:714293de3836 | 7923 | file = XFOPEN(fname, "rb"); |
ashleymills | 0:714293de3836 | 7924 | if (file == XBADFILE) return SSL_BAD_FILE; |
ashleymills | 0:714293de3836 | 7925 | XFSEEK(file, 0, XSEEK_END); |
ashleymills | 0:714293de3836 | 7926 | sz = XFTELL(file); |
ashleymills | 0:714293de3836 | 7927 | XREWIND(file); |
ashleymills | 0:714293de3836 | 7928 | if (sz > (long)sizeof(staticBuffer)) { |
ashleymills | 0:714293de3836 | 7929 | CYASSL_MSG("Getting dynamic buffer"); |
ashleymills | 0:714293de3836 | 7930 | myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 7931 | } |
ashleymills | 0:714293de3836 | 7932 | |
ashleymills | 0:714293de3836 | 7933 | if ((myBuffer != NULL) && |
ashleymills | 0:714293de3836 | 7934 | (sz > 0) && |
ashleymills | 0:714293de3836 | 7935 | (XFREAD(myBuffer, sz, 1, file) > 0) && |
ashleymills | 0:714293de3836 | 7936 | (PemToDer(myBuffer, sz, CERT_TYPE, |
ashleymills | 0:714293de3836 | 7937 | &fileDer, ctx->heap, &info, &eccKey) == 0) && |
ashleymills | 0:714293de3836 | 7938 | (fileDer.length != 0) && |
ashleymills | 0:714293de3836 | 7939 | (fileDer.length == peer_cert->derCert.length) && |
ashleymills | 0:714293de3836 | 7940 | (XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer, |
ashleymills | 0:714293de3836 | 7941 | fileDer.length) == 0)) |
ashleymills | 0:714293de3836 | 7942 | { |
ashleymills | 0:714293de3836 | 7943 | ret = 0; |
ashleymills | 0:714293de3836 | 7944 | } |
ashleymills | 0:714293de3836 | 7945 | |
ashleymills | 0:714293de3836 | 7946 | XFCLOSE(file); |
ashleymills | 0:714293de3836 | 7947 | if (fileDer.buffer) |
ashleymills | 0:714293de3836 | 7948 | XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT); |
ashleymills | 0:714293de3836 | 7949 | if (myBuffer && (myBuffer != staticBuffer)) |
ashleymills | 0:714293de3836 | 7950 | XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE); |
ashleymills | 0:714293de3836 | 7951 | } |
ashleymills | 0:714293de3836 | 7952 | |
ashleymills | 0:714293de3836 | 7953 | return ret; |
ashleymills | 0:714293de3836 | 7954 | } |
ashleymills | 0:714293de3836 | 7955 | #endif |
ashleymills | 0:714293de3836 | 7956 | |
ashleymills | 0:714293de3836 | 7957 | |
ashleymills | 0:714293de3836 | 7958 | static RNG globalRNG; |
ashleymills | 0:714293de3836 | 7959 | static int initGlobalRNG = 0; |
ashleymills | 0:714293de3836 | 7960 | |
ashleymills | 0:714293de3836 | 7961 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 7962 | int CyaSSL_RAND_seed(const void* seed, int len) |
ashleymills | 0:714293de3836 | 7963 | { |
ashleymills | 0:714293de3836 | 7964 | |
ashleymills | 0:714293de3836 | 7965 | CYASSL_MSG("CyaSSL_RAND_seed"); |
ashleymills | 0:714293de3836 | 7966 | |
ashleymills | 0:714293de3836 | 7967 | (void)seed; |
ashleymills | 0:714293de3836 | 7968 | (void)len; |
ashleymills | 0:714293de3836 | 7969 | |
ashleymills | 0:714293de3836 | 7970 | if (initGlobalRNG == 0) { |
ashleymills | 0:714293de3836 | 7971 | if (InitRng(&globalRNG) < 0) { |
ashleymills | 0:714293de3836 | 7972 | CYASSL_MSG("CyaSSL Init Global RNG failed"); |
ashleymills | 0:714293de3836 | 7973 | } |
ashleymills | 0:714293de3836 | 7974 | initGlobalRNG = 1; |
ashleymills | 0:714293de3836 | 7975 | } |
ashleymills | 0:714293de3836 | 7976 | |
ashleymills | 0:714293de3836 | 7977 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 7978 | } |
ashleymills | 0:714293de3836 | 7979 | |
ashleymills | 0:714293de3836 | 7980 | |
ashleymills | 0:714293de3836 | 7981 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 7982 | int CyaSSL_RAND_bytes(unsigned char* buf, int num) |
ashleymills | 0:714293de3836 | 7983 | { |
ashleymills | 0:714293de3836 | 7984 | RNG tmpRNG; |
ashleymills | 0:714293de3836 | 7985 | RNG* rng = &tmpRNG; |
ashleymills | 0:714293de3836 | 7986 | |
ashleymills | 0:714293de3836 | 7987 | CYASSL_ENTER("RAND_bytes"); |
ashleymills | 0:714293de3836 | 7988 | if (InitRng(&tmpRNG) != 0) { |
ashleymills | 0:714293de3836 | 7989 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:714293de3836 | 7990 | if (initGlobalRNG == 0) { |
ashleymills | 0:714293de3836 | 7991 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:714293de3836 | 7992 | return 0; |
ashleymills | 0:714293de3836 | 7993 | } |
ashleymills | 0:714293de3836 | 7994 | rng = &globalRNG; |
ashleymills | 0:714293de3836 | 7995 | } |
ashleymills | 0:714293de3836 | 7996 | |
ashleymills | 0:714293de3836 | 7997 | RNG_GenerateBlock(rng, buf, num); |
ashleymills | 0:714293de3836 | 7998 | |
ashleymills | 0:714293de3836 | 7999 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 8000 | } |
ashleymills | 0:714293de3836 | 8001 | |
ashleymills | 0:714293de3836 | 8002 | CYASSL_BN_CTX* CyaSSL_BN_CTX_new(void) |
ashleymills | 0:714293de3836 | 8003 | { |
ashleymills | 0:714293de3836 | 8004 | static int ctx; /* ctaocrypt doesn't now need ctx */ |
ashleymills | 0:714293de3836 | 8005 | |
ashleymills | 0:714293de3836 | 8006 | CYASSL_MSG("CyaSSL_BN_CTX_new"); |
ashleymills | 0:714293de3836 | 8007 | |
ashleymills | 0:714293de3836 | 8008 | return (CYASSL_BN_CTX*)&ctx; |
ashleymills | 0:714293de3836 | 8009 | } |
ashleymills | 0:714293de3836 | 8010 | |
ashleymills | 0:714293de3836 | 8011 | void CyaSSL_BN_CTX_init(CYASSL_BN_CTX* ctx) |
ashleymills | 0:714293de3836 | 8012 | { |
ashleymills | 0:714293de3836 | 8013 | (void)ctx; |
ashleymills | 0:714293de3836 | 8014 | CYASSL_MSG("CyaSSL_BN_CTX_init"); |
ashleymills | 0:714293de3836 | 8015 | } |
ashleymills | 0:714293de3836 | 8016 | |
ashleymills | 0:714293de3836 | 8017 | |
ashleymills | 0:714293de3836 | 8018 | void CyaSSL_BN_CTX_free(CYASSL_BN_CTX* ctx) |
ashleymills | 0:714293de3836 | 8019 | { |
ashleymills | 0:714293de3836 | 8020 | (void)ctx; |
ashleymills | 0:714293de3836 | 8021 | CYASSL_MSG("CyaSSL_BN_CTX_free"); |
ashleymills | 0:714293de3836 | 8022 | |
ashleymills | 0:714293de3836 | 8023 | /* do free since static ctx that does nothing */ |
ashleymills | 0:714293de3836 | 8024 | } |
ashleymills | 0:714293de3836 | 8025 | |
ashleymills | 0:714293de3836 | 8026 | |
ashleymills | 0:714293de3836 | 8027 | static void InitCyaSSL_BigNum(CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8028 | { |
ashleymills | 0:714293de3836 | 8029 | CYASSL_MSG("InitCyaSSL_BigNum"); |
ashleymills | 0:714293de3836 | 8030 | if (bn) { |
ashleymills | 0:714293de3836 | 8031 | bn->neg = 0; |
ashleymills | 0:714293de3836 | 8032 | bn->internal = NULL; |
ashleymills | 0:714293de3836 | 8033 | } |
ashleymills | 0:714293de3836 | 8034 | } |
ashleymills | 0:714293de3836 | 8035 | |
ashleymills | 0:714293de3836 | 8036 | |
ashleymills | 0:714293de3836 | 8037 | CYASSL_BIGNUM* CyaSSL_BN_new(void) |
ashleymills | 0:714293de3836 | 8038 | { |
ashleymills | 0:714293de3836 | 8039 | CYASSL_BIGNUM* external; |
ashleymills | 0:714293de3836 | 8040 | mp_int* mpi; |
ashleymills | 0:714293de3836 | 8041 | |
ashleymills | 0:714293de3836 | 8042 | CYASSL_MSG("CyaSSL_BN_new"); |
ashleymills | 0:714293de3836 | 8043 | |
ashleymills | 0:714293de3836 | 8044 | mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:714293de3836 | 8045 | if (mpi == NULL) { |
ashleymills | 0:714293de3836 | 8046 | CYASSL_MSG("CyaSSL_BN_new malloc mpi failure"); |
ashleymills | 0:714293de3836 | 8047 | return NULL; |
ashleymills | 0:714293de3836 | 8048 | } |
ashleymills | 0:714293de3836 | 8049 | |
ashleymills | 0:714293de3836 | 8050 | external = (CYASSL_BIGNUM*) XMALLOC(sizeof(CYASSL_BIGNUM), NULL, |
ashleymills | 0:714293de3836 | 8051 | DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:714293de3836 | 8052 | if (external == NULL) { |
ashleymills | 0:714293de3836 | 8053 | CYASSL_MSG("CyaSSL_BN_new malloc CYASSL_BIGNUM failure"); |
ashleymills | 0:714293de3836 | 8054 | XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:714293de3836 | 8055 | return NULL; |
ashleymills | 0:714293de3836 | 8056 | } |
ashleymills | 0:714293de3836 | 8057 | |
ashleymills | 0:714293de3836 | 8058 | InitCyaSSL_BigNum(external); |
ashleymills | 0:714293de3836 | 8059 | external->internal = mpi; |
ashleymills | 0:714293de3836 | 8060 | if (mp_init(mpi) != MP_OKAY) { |
ashleymills | 0:714293de3836 | 8061 | CyaSSL_BN_free(external); |
ashleymills | 0:714293de3836 | 8062 | return NULL; |
ashleymills | 0:714293de3836 | 8063 | } |
ashleymills | 0:714293de3836 | 8064 | |
ashleymills | 0:714293de3836 | 8065 | return external; |
ashleymills | 0:714293de3836 | 8066 | } |
ashleymills | 0:714293de3836 | 8067 | |
ashleymills | 0:714293de3836 | 8068 | |
ashleymills | 0:714293de3836 | 8069 | void CyaSSL_BN_free(CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8070 | { |
ashleymills | 0:714293de3836 | 8071 | CYASSL_MSG("CyaSSL_BN_free"); |
ashleymills | 0:714293de3836 | 8072 | if (bn) { |
ashleymills | 0:714293de3836 | 8073 | if (bn->internal) { |
ashleymills | 0:714293de3836 | 8074 | mp_clear((mp_int*)bn->internal); |
ashleymills | 0:714293de3836 | 8075 | XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:714293de3836 | 8076 | bn->internal = NULL; |
ashleymills | 0:714293de3836 | 8077 | } |
ashleymills | 0:714293de3836 | 8078 | XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT); |
ashleymills | 0:714293de3836 | 8079 | } |
ashleymills | 0:714293de3836 | 8080 | } |
ashleymills | 0:714293de3836 | 8081 | |
ashleymills | 0:714293de3836 | 8082 | |
ashleymills | 0:714293de3836 | 8083 | void CyaSSL_BN_clear_free(CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8084 | { |
ashleymills | 0:714293de3836 | 8085 | CYASSL_MSG("CyaSSL_BN_clear_free"); |
ashleymills | 0:714293de3836 | 8086 | |
ashleymills | 0:714293de3836 | 8087 | CyaSSL_BN_free(bn); |
ashleymills | 0:714293de3836 | 8088 | } |
ashleymills | 0:714293de3836 | 8089 | |
ashleymills | 0:714293de3836 | 8090 | |
ashleymills | 0:714293de3836 | 8091 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 8092 | int CyaSSL_BN_sub(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a, |
ashleymills | 0:714293de3836 | 8093 | const CYASSL_BIGNUM* b) |
ashleymills | 0:714293de3836 | 8094 | { |
ashleymills | 0:714293de3836 | 8095 | CYASSL_MSG("CyaSSL_BN_sub"); |
ashleymills | 0:714293de3836 | 8096 | |
ashleymills | 0:714293de3836 | 8097 | if (r == NULL || a == NULL || b == NULL) |
ashleymills | 0:714293de3836 | 8098 | return 0; |
ashleymills | 0:714293de3836 | 8099 | |
ashleymills | 0:714293de3836 | 8100 | if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal, |
ashleymills | 0:714293de3836 | 8101 | (mp_int*)r->internal) == MP_OKAY) |
ashleymills | 0:714293de3836 | 8102 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 8103 | |
ashleymills | 0:714293de3836 | 8104 | CYASSL_MSG("CyaSSL_BN_sub mp_sub failed"); |
ashleymills | 0:714293de3836 | 8105 | return 0; |
ashleymills | 0:714293de3836 | 8106 | } |
ashleymills | 0:714293de3836 | 8107 | |
ashleymills | 0:714293de3836 | 8108 | |
ashleymills | 0:714293de3836 | 8109 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 8110 | int CyaSSL_BN_mod(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a, |
ashleymills | 0:714293de3836 | 8111 | const CYASSL_BIGNUM* b, const CYASSL_BN_CTX* c) |
ashleymills | 0:714293de3836 | 8112 | { |
ashleymills | 0:714293de3836 | 8113 | (void)c; |
ashleymills | 0:714293de3836 | 8114 | CYASSL_MSG("CyaSSL_BN_mod"); |
ashleymills | 0:714293de3836 | 8115 | |
ashleymills | 0:714293de3836 | 8116 | if (r == NULL || a == NULL || b == NULL) |
ashleymills | 0:714293de3836 | 8117 | return 0; |
ashleymills | 0:714293de3836 | 8118 | |
ashleymills | 0:714293de3836 | 8119 | if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal, |
ashleymills | 0:714293de3836 | 8120 | (mp_int*)r->internal) == MP_OKAY) |
ashleymills | 0:714293de3836 | 8121 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 8122 | |
ashleymills | 0:714293de3836 | 8123 | CYASSL_MSG("CyaSSL_BN_mod mp_mod failed"); |
ashleymills | 0:714293de3836 | 8124 | return 0; |
ashleymills | 0:714293de3836 | 8125 | } |
ashleymills | 0:714293de3836 | 8126 | |
ashleymills | 0:714293de3836 | 8127 | |
ashleymills | 0:714293de3836 | 8128 | const CYASSL_BIGNUM* CyaSSL_BN_value_one(void) |
ashleymills | 0:714293de3836 | 8129 | { |
ashleymills | 0:714293de3836 | 8130 | static CYASSL_BIGNUM* bn_one = NULL; |
ashleymills | 0:714293de3836 | 8131 | |
ashleymills | 0:714293de3836 | 8132 | CYASSL_MSG("CyaSSL_BN_value_one"); |
ashleymills | 0:714293de3836 | 8133 | |
ashleymills | 0:714293de3836 | 8134 | if (bn_one == NULL) { |
ashleymills | 0:714293de3836 | 8135 | bn_one = CyaSSL_BN_new(); |
ashleymills | 0:714293de3836 | 8136 | if (bn_one) |
ashleymills | 0:714293de3836 | 8137 | mp_set_int((mp_int*)bn_one->internal, 1); |
ashleymills | 0:714293de3836 | 8138 | } |
ashleymills | 0:714293de3836 | 8139 | |
ashleymills | 0:714293de3836 | 8140 | return bn_one; |
ashleymills | 0:714293de3836 | 8141 | } |
ashleymills | 0:714293de3836 | 8142 | |
ashleymills | 0:714293de3836 | 8143 | |
ashleymills | 0:714293de3836 | 8144 | int CyaSSL_BN_num_bytes(const CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8145 | { |
ashleymills | 0:714293de3836 | 8146 | CYASSL_MSG("CyaSSL_BN_num_bytes"); |
ashleymills | 0:714293de3836 | 8147 | |
ashleymills | 0:714293de3836 | 8148 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:714293de3836 | 8149 | return 0; |
ashleymills | 0:714293de3836 | 8150 | |
ashleymills | 0:714293de3836 | 8151 | return mp_unsigned_bin_size((mp_int*)bn->internal); |
ashleymills | 0:714293de3836 | 8152 | } |
ashleymills | 0:714293de3836 | 8153 | |
ashleymills | 0:714293de3836 | 8154 | |
ashleymills | 0:714293de3836 | 8155 | int CyaSSL_BN_num_bits(const CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8156 | { |
ashleymills | 0:714293de3836 | 8157 | CYASSL_MSG("CyaSSL_BN_num_bits"); |
ashleymills | 0:714293de3836 | 8158 | |
ashleymills | 0:714293de3836 | 8159 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:714293de3836 | 8160 | return 0; |
ashleymills | 0:714293de3836 | 8161 | |
ashleymills | 0:714293de3836 | 8162 | return mp_count_bits((mp_int*)bn->internal); |
ashleymills | 0:714293de3836 | 8163 | } |
ashleymills | 0:714293de3836 | 8164 | |
ashleymills | 0:714293de3836 | 8165 | |
ashleymills | 0:714293de3836 | 8166 | int CyaSSL_BN_is_zero(const CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8167 | { |
ashleymills | 0:714293de3836 | 8168 | CYASSL_MSG("CyaSSL_BN_is_zero"); |
ashleymills | 0:714293de3836 | 8169 | |
ashleymills | 0:714293de3836 | 8170 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:714293de3836 | 8171 | return 0; |
ashleymills | 0:714293de3836 | 8172 | |
ashleymills | 0:714293de3836 | 8173 | return mp_iszero((mp_int*)bn->internal); |
ashleymills | 0:714293de3836 | 8174 | } |
ashleymills | 0:714293de3836 | 8175 | |
ashleymills | 0:714293de3836 | 8176 | |
ashleymills | 0:714293de3836 | 8177 | int CyaSSL_BN_is_one(const CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8178 | { |
ashleymills | 0:714293de3836 | 8179 | CYASSL_MSG("CyaSSL_BN_is_one"); |
ashleymills | 0:714293de3836 | 8180 | |
ashleymills | 0:714293de3836 | 8181 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:714293de3836 | 8182 | return 0; |
ashleymills | 0:714293de3836 | 8183 | |
ashleymills | 0:714293de3836 | 8184 | if (mp_cmp_d((mp_int*)bn->internal, 1) == 0) |
ashleymills | 0:714293de3836 | 8185 | return 1; |
ashleymills | 0:714293de3836 | 8186 | |
ashleymills | 0:714293de3836 | 8187 | return 0; |
ashleymills | 0:714293de3836 | 8188 | } |
ashleymills | 0:714293de3836 | 8189 | |
ashleymills | 0:714293de3836 | 8190 | |
ashleymills | 0:714293de3836 | 8191 | int CyaSSL_BN_is_odd(const CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8192 | { |
ashleymills | 0:714293de3836 | 8193 | CYASSL_MSG("CyaSSL_BN_is_odd"); |
ashleymills | 0:714293de3836 | 8194 | |
ashleymills | 0:714293de3836 | 8195 | if (bn == NULL || bn->internal == NULL) |
ashleymills | 0:714293de3836 | 8196 | return 0; |
ashleymills | 0:714293de3836 | 8197 | |
ashleymills | 0:714293de3836 | 8198 | return mp_isodd((mp_int*)bn->internal); |
ashleymills | 0:714293de3836 | 8199 | } |
ashleymills | 0:714293de3836 | 8200 | |
ashleymills | 0:714293de3836 | 8201 | |
ashleymills | 0:714293de3836 | 8202 | int CyaSSL_BN_cmp(const CYASSL_BIGNUM* a, const CYASSL_BIGNUM* b) |
ashleymills | 0:714293de3836 | 8203 | { |
ashleymills | 0:714293de3836 | 8204 | CYASSL_MSG("CyaSSL_BN_cmp"); |
ashleymills | 0:714293de3836 | 8205 | |
ashleymills | 0:714293de3836 | 8206 | if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL) |
ashleymills | 0:714293de3836 | 8207 | return 0; |
ashleymills | 0:714293de3836 | 8208 | |
ashleymills | 0:714293de3836 | 8209 | return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal); |
ashleymills | 0:714293de3836 | 8210 | } |
ashleymills | 0:714293de3836 | 8211 | |
ashleymills | 0:714293de3836 | 8212 | |
ashleymills | 0:714293de3836 | 8213 | int CyaSSL_BN_bn2bin(const CYASSL_BIGNUM* bn, unsigned char* r) |
ashleymills | 0:714293de3836 | 8214 | { |
ashleymills | 0:714293de3836 | 8215 | CYASSL_MSG("CyaSSL_BN_bn2bin"); |
ashleymills | 0:714293de3836 | 8216 | |
ashleymills | 0:714293de3836 | 8217 | if (bn == NULL || bn->internal == NULL) { |
ashleymills | 0:714293de3836 | 8218 | CYASSL_MSG("NULL bn error"); |
ashleymills | 0:714293de3836 | 8219 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8220 | } |
ashleymills | 0:714293de3836 | 8221 | |
ashleymills | 0:714293de3836 | 8222 | if (r == NULL) |
ashleymills | 0:714293de3836 | 8223 | return mp_unsigned_bin_size((mp_int*)bn->internal); |
ashleymills | 0:714293de3836 | 8224 | |
ashleymills | 0:714293de3836 | 8225 | if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) { |
ashleymills | 0:714293de3836 | 8226 | CYASSL_MSG("mp_to_unsigned_bin error"); |
ashleymills | 0:714293de3836 | 8227 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8228 | } |
ashleymills | 0:714293de3836 | 8229 | |
ashleymills | 0:714293de3836 | 8230 | return mp_unsigned_bin_size((mp_int*)bn->internal); |
ashleymills | 0:714293de3836 | 8231 | } |
ashleymills | 0:714293de3836 | 8232 | |
ashleymills | 0:714293de3836 | 8233 | |
ashleymills | 0:714293de3836 | 8234 | CYASSL_BIGNUM* CyaSSL_BN_bin2bn(const unsigned char* str, int len, |
ashleymills | 0:714293de3836 | 8235 | CYASSL_BIGNUM* ret) |
ashleymills | 0:714293de3836 | 8236 | { |
ashleymills | 0:714293de3836 | 8237 | CYASSL_MSG("CyaSSL_BN_bin2bn"); |
ashleymills | 0:714293de3836 | 8238 | |
ashleymills | 0:714293de3836 | 8239 | if (ret && ret->internal) { |
ashleymills | 0:714293de3836 | 8240 | if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) { |
ashleymills | 0:714293de3836 | 8241 | CYASSL_MSG("mp_read_unsigned_bin failure"); |
ashleymills | 0:714293de3836 | 8242 | return NULL; |
ashleymills | 0:714293de3836 | 8243 | } |
ashleymills | 0:714293de3836 | 8244 | } |
ashleymills | 0:714293de3836 | 8245 | else { |
ashleymills | 0:714293de3836 | 8246 | CYASSL_MSG("CyaSSL_BN_bin2bn wants return bignum"); |
ashleymills | 0:714293de3836 | 8247 | } |
ashleymills | 0:714293de3836 | 8248 | |
ashleymills | 0:714293de3836 | 8249 | return ret; |
ashleymills | 0:714293de3836 | 8250 | } |
ashleymills | 0:714293de3836 | 8251 | |
ashleymills | 0:714293de3836 | 8252 | |
ashleymills | 0:714293de3836 | 8253 | int CyaSSL_mask_bits(CYASSL_BIGNUM* bn, int n) |
ashleymills | 0:714293de3836 | 8254 | { |
ashleymills | 0:714293de3836 | 8255 | (void)bn; |
ashleymills | 0:714293de3836 | 8256 | (void)n; |
ashleymills | 0:714293de3836 | 8257 | CYASSL_MSG("CyaSSL_BN_mask_bits"); |
ashleymills | 0:714293de3836 | 8258 | |
ashleymills | 0:714293de3836 | 8259 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8260 | } |
ashleymills | 0:714293de3836 | 8261 | |
ashleymills | 0:714293de3836 | 8262 | |
ashleymills | 0:714293de3836 | 8263 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 8264 | int CyaSSL_BN_rand(CYASSL_BIGNUM* bn, int bits, int top, int bottom) |
ashleymills | 0:714293de3836 | 8265 | { |
ashleymills | 0:714293de3836 | 8266 | byte buff[1024]; |
ashleymills | 0:714293de3836 | 8267 | RNG tmpRNG; |
ashleymills | 0:714293de3836 | 8268 | RNG* rng = &tmpRNG; |
ashleymills | 0:714293de3836 | 8269 | int len = bits/8; |
ashleymills | 0:714293de3836 | 8270 | |
ashleymills | 0:714293de3836 | 8271 | (void)top; |
ashleymills | 0:714293de3836 | 8272 | (void)bottom; |
ashleymills | 0:714293de3836 | 8273 | CYASSL_MSG("CyaSSL_BN_rand"); |
ashleymills | 0:714293de3836 | 8274 | |
ashleymills | 0:714293de3836 | 8275 | if (bn == NULL || bn->internal == NULL) { |
ashleymills | 0:714293de3836 | 8276 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:714293de3836 | 8277 | return 0; |
ashleymills | 0:714293de3836 | 8278 | } |
ashleymills | 0:714293de3836 | 8279 | |
ashleymills | 0:714293de3836 | 8280 | if (bits % 8) |
ashleymills | 0:714293de3836 | 8281 | len++; |
ashleymills | 0:714293de3836 | 8282 | |
ashleymills | 0:714293de3836 | 8283 | if ( (InitRng(&tmpRNG)) != 0) { |
ashleymills | 0:714293de3836 | 8284 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:714293de3836 | 8285 | if (initGlobalRNG == 0) { |
ashleymills | 0:714293de3836 | 8286 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:714293de3836 | 8287 | return 0; |
ashleymills | 0:714293de3836 | 8288 | } |
ashleymills | 0:714293de3836 | 8289 | rng = &globalRNG; |
ashleymills | 0:714293de3836 | 8290 | } |
ashleymills | 0:714293de3836 | 8291 | |
ashleymills | 0:714293de3836 | 8292 | RNG_GenerateBlock(rng, buff, len); |
ashleymills | 0:714293de3836 | 8293 | buff[0] |= 0x80 | 0x40; |
ashleymills | 0:714293de3836 | 8294 | buff[len-1] |= 0x01; |
ashleymills | 0:714293de3836 | 8295 | |
ashleymills | 0:714293de3836 | 8296 | if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY) { |
ashleymills | 0:714293de3836 | 8297 | CYASSL_MSG("mp read bin failed"); |
ashleymills | 0:714293de3836 | 8298 | return 0; |
ashleymills | 0:714293de3836 | 8299 | } |
ashleymills | 0:714293de3836 | 8300 | |
ashleymills | 0:714293de3836 | 8301 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 8302 | } |
ashleymills | 0:714293de3836 | 8303 | |
ashleymills | 0:714293de3836 | 8304 | |
ashleymills | 0:714293de3836 | 8305 | int CyaSSL_BN_is_bit_set(const CYASSL_BIGNUM* bn, int n) |
ashleymills | 0:714293de3836 | 8306 | { |
ashleymills | 0:714293de3836 | 8307 | (void)bn; |
ashleymills | 0:714293de3836 | 8308 | (void)n; |
ashleymills | 0:714293de3836 | 8309 | |
ashleymills | 0:714293de3836 | 8310 | CYASSL_MSG("CyaSSL_BN_is_bit_set"); |
ashleymills | 0:714293de3836 | 8311 | |
ashleymills | 0:714293de3836 | 8312 | return 0; |
ashleymills | 0:714293de3836 | 8313 | } |
ashleymills | 0:714293de3836 | 8314 | |
ashleymills | 0:714293de3836 | 8315 | |
ashleymills | 0:714293de3836 | 8316 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 8317 | int CyaSSL_BN_hex2bn(CYASSL_BIGNUM** bn, const char* str) |
ashleymills | 0:714293de3836 | 8318 | { |
ashleymills | 0:714293de3836 | 8319 | byte decoded[1024]; |
ashleymills | 0:714293de3836 | 8320 | word32 decSz = sizeof(decoded); |
ashleymills | 0:714293de3836 | 8321 | |
ashleymills | 0:714293de3836 | 8322 | CYASSL_MSG("CyaSSL_BN_hex2bn"); |
ashleymills | 0:714293de3836 | 8323 | |
ashleymills | 0:714293de3836 | 8324 | if (str == NULL) { |
ashleymills | 0:714293de3836 | 8325 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:714293de3836 | 8326 | return 0; |
ashleymills | 0:714293de3836 | 8327 | } |
ashleymills | 0:714293de3836 | 8328 | |
ashleymills | 0:714293de3836 | 8329 | if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0) { |
ashleymills | 0:714293de3836 | 8330 | CYASSL_MSG("Bad Base16_Decode error"); |
ashleymills | 0:714293de3836 | 8331 | return 0; |
ashleymills | 0:714293de3836 | 8332 | } |
ashleymills | 0:714293de3836 | 8333 | |
ashleymills | 0:714293de3836 | 8334 | if (bn == NULL) |
ashleymills | 0:714293de3836 | 8335 | return decSz; |
ashleymills | 0:714293de3836 | 8336 | |
ashleymills | 0:714293de3836 | 8337 | if (*bn == NULL) { |
ashleymills | 0:714293de3836 | 8338 | *bn = CyaSSL_BN_new(); |
ashleymills | 0:714293de3836 | 8339 | if (*bn == NULL) { |
ashleymills | 0:714293de3836 | 8340 | CYASSL_MSG("BN new failed"); |
ashleymills | 0:714293de3836 | 8341 | return 0; |
ashleymills | 0:714293de3836 | 8342 | } |
ashleymills | 0:714293de3836 | 8343 | } |
ashleymills | 0:714293de3836 | 8344 | |
ashleymills | 0:714293de3836 | 8345 | if (CyaSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) { |
ashleymills | 0:714293de3836 | 8346 | CYASSL_MSG("Bad bin2bn error"); |
ashleymills | 0:714293de3836 | 8347 | return 0; |
ashleymills | 0:714293de3836 | 8348 | } |
ashleymills | 0:714293de3836 | 8349 | |
ashleymills | 0:714293de3836 | 8350 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 8351 | } |
ashleymills | 0:714293de3836 | 8352 | |
ashleymills | 0:714293de3836 | 8353 | |
ashleymills | 0:714293de3836 | 8354 | CYASSL_BIGNUM* CyaSSL_BN_dup(const CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8355 | { |
ashleymills | 0:714293de3836 | 8356 | CYASSL_BIGNUM* ret; |
ashleymills | 0:714293de3836 | 8357 | |
ashleymills | 0:714293de3836 | 8358 | CYASSL_MSG("CyaSSL_BN_dup"); |
ashleymills | 0:714293de3836 | 8359 | |
ashleymills | 0:714293de3836 | 8360 | if (bn == NULL || bn->internal == NULL) { |
ashleymills | 0:714293de3836 | 8361 | CYASSL_MSG("bn NULL error"); |
ashleymills | 0:714293de3836 | 8362 | return NULL; |
ashleymills | 0:714293de3836 | 8363 | } |
ashleymills | 0:714293de3836 | 8364 | |
ashleymills | 0:714293de3836 | 8365 | ret = CyaSSL_BN_new(); |
ashleymills | 0:714293de3836 | 8366 | if (ret == NULL) { |
ashleymills | 0:714293de3836 | 8367 | CYASSL_MSG("bn new error"); |
ashleymills | 0:714293de3836 | 8368 | return NULL; |
ashleymills | 0:714293de3836 | 8369 | } |
ashleymills | 0:714293de3836 | 8370 | |
ashleymills | 0:714293de3836 | 8371 | if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) { |
ashleymills | 0:714293de3836 | 8372 | CYASSL_MSG("mp_copy error"); |
ashleymills | 0:714293de3836 | 8373 | CyaSSL_BN_free(ret); |
ashleymills | 0:714293de3836 | 8374 | return NULL; |
ashleymills | 0:714293de3836 | 8375 | } |
ashleymills | 0:714293de3836 | 8376 | |
ashleymills | 0:714293de3836 | 8377 | return ret; |
ashleymills | 0:714293de3836 | 8378 | } |
ashleymills | 0:714293de3836 | 8379 | |
ashleymills | 0:714293de3836 | 8380 | |
ashleymills | 0:714293de3836 | 8381 | CYASSL_BIGNUM* CyaSSL_BN_copy(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8382 | { |
ashleymills | 0:714293de3836 | 8383 | (void)r; |
ashleymills | 0:714293de3836 | 8384 | (void)bn; |
ashleymills | 0:714293de3836 | 8385 | |
ashleymills | 0:714293de3836 | 8386 | CYASSL_MSG("CyaSSL_BN_copy"); |
ashleymills | 0:714293de3836 | 8387 | |
ashleymills | 0:714293de3836 | 8388 | return NULL; |
ashleymills | 0:714293de3836 | 8389 | } |
ashleymills | 0:714293de3836 | 8390 | |
ashleymills | 0:714293de3836 | 8391 | |
ashleymills | 0:714293de3836 | 8392 | int CyaSSL_BN_set_word(CYASSL_BIGNUM* bn, unsigned long w) |
ashleymills | 0:714293de3836 | 8393 | { |
ashleymills | 0:714293de3836 | 8394 | (void)bn; |
ashleymills | 0:714293de3836 | 8395 | (void)w; |
ashleymills | 0:714293de3836 | 8396 | |
ashleymills | 0:714293de3836 | 8397 | CYASSL_MSG("CyaSSL_BN_set_word"); |
ashleymills | 0:714293de3836 | 8398 | |
ashleymills | 0:714293de3836 | 8399 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8400 | } |
ashleymills | 0:714293de3836 | 8401 | |
ashleymills | 0:714293de3836 | 8402 | |
ashleymills | 0:714293de3836 | 8403 | int CyaSSL_BN_dec2bn(CYASSL_BIGNUM** bn, const char* str) |
ashleymills | 0:714293de3836 | 8404 | { |
ashleymills | 0:714293de3836 | 8405 | (void)bn; |
ashleymills | 0:714293de3836 | 8406 | (void)str; |
ashleymills | 0:714293de3836 | 8407 | |
ashleymills | 0:714293de3836 | 8408 | CYASSL_MSG("CyaSSL_BN_dec2bn"); |
ashleymills | 0:714293de3836 | 8409 | |
ashleymills | 0:714293de3836 | 8410 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8411 | } |
ashleymills | 0:714293de3836 | 8412 | |
ashleymills | 0:714293de3836 | 8413 | |
ashleymills | 0:714293de3836 | 8414 | char* CyaSSL_BN_bn2dec(const CYASSL_BIGNUM* bn) |
ashleymills | 0:714293de3836 | 8415 | { |
ashleymills | 0:714293de3836 | 8416 | (void)bn; |
ashleymills | 0:714293de3836 | 8417 | |
ashleymills | 0:714293de3836 | 8418 | CYASSL_MSG("CyaSSL_BN_bn2dec"); |
ashleymills | 0:714293de3836 | 8419 | |
ashleymills | 0:714293de3836 | 8420 | return NULL; |
ashleymills | 0:714293de3836 | 8421 | } |
ashleymills | 0:714293de3836 | 8422 | |
ashleymills | 0:714293de3836 | 8423 | |
ashleymills | 0:714293de3836 | 8424 | static void InitCyaSSL_DH(CYASSL_DH* dh) |
ashleymills | 0:714293de3836 | 8425 | { |
ashleymills | 0:714293de3836 | 8426 | if (dh) { |
ashleymills | 0:714293de3836 | 8427 | dh->p = NULL; |
ashleymills | 0:714293de3836 | 8428 | dh->g = NULL; |
ashleymills | 0:714293de3836 | 8429 | dh->pub_key = NULL; |
ashleymills | 0:714293de3836 | 8430 | dh->priv_key = NULL; |
ashleymills | 0:714293de3836 | 8431 | dh->internal = NULL; |
ashleymills | 0:714293de3836 | 8432 | dh->inSet = 0; |
ashleymills | 0:714293de3836 | 8433 | dh->exSet = 0; |
ashleymills | 0:714293de3836 | 8434 | } |
ashleymills | 0:714293de3836 | 8435 | } |
ashleymills | 0:714293de3836 | 8436 | |
ashleymills | 0:714293de3836 | 8437 | |
ashleymills | 0:714293de3836 | 8438 | CYASSL_DH* CyaSSL_DH_new(void) |
ashleymills | 0:714293de3836 | 8439 | { |
ashleymills | 0:714293de3836 | 8440 | CYASSL_DH* external; |
ashleymills | 0:714293de3836 | 8441 | DhKey* key; |
ashleymills | 0:714293de3836 | 8442 | |
ashleymills | 0:714293de3836 | 8443 | CYASSL_MSG("CyaSSL_DH_new"); |
ashleymills | 0:714293de3836 | 8444 | |
ashleymills | 0:714293de3836 | 8445 | key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 8446 | if (key == NULL) { |
ashleymills | 0:714293de3836 | 8447 | CYASSL_MSG("CyaSSL_DH_new malloc DhKey failure"); |
ashleymills | 0:714293de3836 | 8448 | return NULL; |
ashleymills | 0:714293de3836 | 8449 | } |
ashleymills | 0:714293de3836 | 8450 | |
ashleymills | 0:714293de3836 | 8451 | external = (CYASSL_DH*) XMALLOC(sizeof(CYASSL_DH), NULL, |
ashleymills | 0:714293de3836 | 8452 | DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 8453 | if (external == NULL) { |
ashleymills | 0:714293de3836 | 8454 | CYASSL_MSG("CyaSSL_DH_new malloc CYASSL_DH failure"); |
ashleymills | 0:714293de3836 | 8455 | XFREE(key, NULL, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 8456 | return NULL; |
ashleymills | 0:714293de3836 | 8457 | } |
ashleymills | 0:714293de3836 | 8458 | |
ashleymills | 0:714293de3836 | 8459 | InitCyaSSL_DH(external); |
ashleymills | 0:714293de3836 | 8460 | InitDhKey(key); |
ashleymills | 0:714293de3836 | 8461 | external->internal = key; |
ashleymills | 0:714293de3836 | 8462 | |
ashleymills | 0:714293de3836 | 8463 | return external; |
ashleymills | 0:714293de3836 | 8464 | } |
ashleymills | 0:714293de3836 | 8465 | |
ashleymills | 0:714293de3836 | 8466 | |
ashleymills | 0:714293de3836 | 8467 | void CyaSSL_DH_free(CYASSL_DH* dh) |
ashleymills | 0:714293de3836 | 8468 | { |
ashleymills | 0:714293de3836 | 8469 | CYASSL_MSG("CyaSSL_DH_free"); |
ashleymills | 0:714293de3836 | 8470 | |
ashleymills | 0:714293de3836 | 8471 | if (dh) { |
ashleymills | 0:714293de3836 | 8472 | if (dh->internal) { |
ashleymills | 0:714293de3836 | 8473 | FreeDhKey((DhKey*)dh->internal); |
ashleymills | 0:714293de3836 | 8474 | XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 8475 | dh->internal = NULL; |
ashleymills | 0:714293de3836 | 8476 | } |
ashleymills | 0:714293de3836 | 8477 | CyaSSL_BN_free(dh->priv_key); |
ashleymills | 0:714293de3836 | 8478 | CyaSSL_BN_free(dh->pub_key); |
ashleymills | 0:714293de3836 | 8479 | CyaSSL_BN_free(dh->g); |
ashleymills | 0:714293de3836 | 8480 | CyaSSL_BN_free(dh->p); |
ashleymills | 0:714293de3836 | 8481 | InitCyaSSL_DH(dh); /* set back to NULLs for safety */ |
ashleymills | 0:714293de3836 | 8482 | |
ashleymills | 0:714293de3836 | 8483 | XFREE(dh, NULL, DYNAMIC_TYPE_DH); |
ashleymills | 0:714293de3836 | 8484 | } |
ashleymills | 0:714293de3836 | 8485 | } |
ashleymills | 0:714293de3836 | 8486 | |
ashleymills | 0:714293de3836 | 8487 | |
ashleymills | 0:714293de3836 | 8488 | static int SetDhInternal(CYASSL_DH* dh) |
ashleymills | 0:714293de3836 | 8489 | { |
ashleymills | 0:714293de3836 | 8490 | unsigned char p[1024]; |
ashleymills | 0:714293de3836 | 8491 | unsigned char g[1024]; |
ashleymills | 0:714293de3836 | 8492 | int pSz = sizeof(p); |
ashleymills | 0:714293de3836 | 8493 | int gSz = sizeof(g); |
ashleymills | 0:714293de3836 | 8494 | |
ashleymills | 0:714293de3836 | 8495 | CYASSL_ENTER("SetDhInternal"); |
ashleymills | 0:714293de3836 | 8496 | |
ashleymills | 0:714293de3836 | 8497 | if (dh == NULL || dh->p == NULL || dh->g == NULL) { |
ashleymills | 0:714293de3836 | 8498 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:714293de3836 | 8499 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8500 | } |
ashleymills | 0:714293de3836 | 8501 | |
ashleymills | 0:714293de3836 | 8502 | if (CyaSSL_BN_bn2bin(dh->p, NULL) > pSz) { |
ashleymills | 0:714293de3836 | 8503 | CYASSL_MSG("Bad p internal size"); |
ashleymills | 0:714293de3836 | 8504 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8505 | } |
ashleymills | 0:714293de3836 | 8506 | |
ashleymills | 0:714293de3836 | 8507 | if (CyaSSL_BN_bn2bin(dh->g, NULL) > gSz) { |
ashleymills | 0:714293de3836 | 8508 | CYASSL_MSG("Bad g internal size"); |
ashleymills | 0:714293de3836 | 8509 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8510 | } |
ashleymills | 0:714293de3836 | 8511 | |
ashleymills | 0:714293de3836 | 8512 | pSz = CyaSSL_BN_bn2bin(dh->p, p); |
ashleymills | 0:714293de3836 | 8513 | gSz = CyaSSL_BN_bn2bin(dh->g, g); |
ashleymills | 0:714293de3836 | 8514 | |
ashleymills | 0:714293de3836 | 8515 | if (pSz <= 0 || gSz <= 0) { |
ashleymills | 0:714293de3836 | 8516 | CYASSL_MSG("Bad BN2bin set"); |
ashleymills | 0:714293de3836 | 8517 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8518 | } |
ashleymills | 0:714293de3836 | 8519 | |
ashleymills | 0:714293de3836 | 8520 | if (DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0) { |
ashleymills | 0:714293de3836 | 8521 | CYASSL_MSG("Bad DH SetKey"); |
ashleymills | 0:714293de3836 | 8522 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8523 | } |
ashleymills | 0:714293de3836 | 8524 | |
ashleymills | 0:714293de3836 | 8525 | dh->inSet = 1; |
ashleymills | 0:714293de3836 | 8526 | |
ashleymills | 0:714293de3836 | 8527 | return 0; |
ashleymills | 0:714293de3836 | 8528 | } |
ashleymills | 0:714293de3836 | 8529 | |
ashleymills | 0:714293de3836 | 8530 | |
ashleymills | 0:714293de3836 | 8531 | int CyaSSL_DH_size(CYASSL_DH* dh) |
ashleymills | 0:714293de3836 | 8532 | { |
ashleymills | 0:714293de3836 | 8533 | CYASSL_MSG("CyaSSL_DH_size"); |
ashleymills | 0:714293de3836 | 8534 | |
ashleymills | 0:714293de3836 | 8535 | if (dh == NULL) |
ashleymills | 0:714293de3836 | 8536 | return 0; |
ashleymills | 0:714293de3836 | 8537 | |
ashleymills | 0:714293de3836 | 8538 | return CyaSSL_BN_num_bytes(dh->p); |
ashleymills | 0:714293de3836 | 8539 | } |
ashleymills | 0:714293de3836 | 8540 | |
ashleymills | 0:714293de3836 | 8541 | |
ashleymills | 0:714293de3836 | 8542 | /* return SSL_SUCCESS on ok, else 0 */ |
ashleymills | 0:714293de3836 | 8543 | int CyaSSL_DH_generate_key(CYASSL_DH* dh) |
ashleymills | 0:714293de3836 | 8544 | { |
ashleymills | 0:714293de3836 | 8545 | unsigned char pub [768]; |
ashleymills | 0:714293de3836 | 8546 | unsigned char priv[768]; |
ashleymills | 0:714293de3836 | 8547 | word32 pubSz = sizeof(pub); |
ashleymills | 0:714293de3836 | 8548 | word32 privSz = sizeof(priv); |
ashleymills | 0:714293de3836 | 8549 | RNG tmpRNG; |
ashleymills | 0:714293de3836 | 8550 | RNG* rng = &tmpRNG; |
ashleymills | 0:714293de3836 | 8551 | |
ashleymills | 0:714293de3836 | 8552 | CYASSL_MSG("CyaSSL_DH_generate_key"); |
ashleymills | 0:714293de3836 | 8553 | |
ashleymills | 0:714293de3836 | 8554 | if (dh == NULL || dh->p == NULL || dh->g == NULL) { |
ashleymills | 0:714293de3836 | 8555 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:714293de3836 | 8556 | return 0; |
ashleymills | 0:714293de3836 | 8557 | } |
ashleymills | 0:714293de3836 | 8558 | |
ashleymills | 0:714293de3836 | 8559 | if (dh->inSet == 0) { |
ashleymills | 0:714293de3836 | 8560 | if (SetDhInternal(dh) < 0) { |
ashleymills | 0:714293de3836 | 8561 | CYASSL_MSG("Bad DH set internal"); |
ashleymills | 0:714293de3836 | 8562 | return 0; |
ashleymills | 0:714293de3836 | 8563 | } |
ashleymills | 0:714293de3836 | 8564 | } |
ashleymills | 0:714293de3836 | 8565 | |
ashleymills | 0:714293de3836 | 8566 | if ( (InitRng(&tmpRNG)) != 0) { |
ashleymills | 0:714293de3836 | 8567 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:714293de3836 | 8568 | if (initGlobalRNG == 0) { |
ashleymills | 0:714293de3836 | 8569 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:714293de3836 | 8570 | return 0; |
ashleymills | 0:714293de3836 | 8571 | } |
ashleymills | 0:714293de3836 | 8572 | rng = &globalRNG; |
ashleymills | 0:714293de3836 | 8573 | } |
ashleymills | 0:714293de3836 | 8574 | |
ashleymills | 0:714293de3836 | 8575 | if (DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz, |
ashleymills | 0:714293de3836 | 8576 | pub, &pubSz) < 0) { |
ashleymills | 0:714293de3836 | 8577 | CYASSL_MSG("Bad DhGenerateKeyPair"); |
ashleymills | 0:714293de3836 | 8578 | return 0; |
ashleymills | 0:714293de3836 | 8579 | } |
ashleymills | 0:714293de3836 | 8580 | |
ashleymills | 0:714293de3836 | 8581 | if (dh->pub_key) |
ashleymills | 0:714293de3836 | 8582 | CyaSSL_BN_free(dh->pub_key); |
ashleymills | 0:714293de3836 | 8583 | dh->pub_key = CyaSSL_BN_new(); |
ashleymills | 0:714293de3836 | 8584 | if (dh->pub_key == NULL) { |
ashleymills | 0:714293de3836 | 8585 | CYASSL_MSG("Bad DH new pub"); |
ashleymills | 0:714293de3836 | 8586 | return 0; |
ashleymills | 0:714293de3836 | 8587 | } |
ashleymills | 0:714293de3836 | 8588 | |
ashleymills | 0:714293de3836 | 8589 | if (dh->priv_key) |
ashleymills | 0:714293de3836 | 8590 | CyaSSL_BN_free(dh->priv_key); |
ashleymills | 0:714293de3836 | 8591 | dh->priv_key = CyaSSL_BN_new(); |
ashleymills | 0:714293de3836 | 8592 | if (dh->priv_key == NULL) { |
ashleymills | 0:714293de3836 | 8593 | CYASSL_MSG("Bad DH new priv"); |
ashleymills | 0:714293de3836 | 8594 | return 0; |
ashleymills | 0:714293de3836 | 8595 | } |
ashleymills | 0:714293de3836 | 8596 | |
ashleymills | 0:714293de3836 | 8597 | if (CyaSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL) { |
ashleymills | 0:714293de3836 | 8598 | CYASSL_MSG("Bad DH bn2bin error pub"); |
ashleymills | 0:714293de3836 | 8599 | return 0; |
ashleymills | 0:714293de3836 | 8600 | } |
ashleymills | 0:714293de3836 | 8601 | |
ashleymills | 0:714293de3836 | 8602 | if (CyaSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL) { |
ashleymills | 0:714293de3836 | 8603 | CYASSL_MSG("Bad DH bn2bin error priv"); |
ashleymills | 0:714293de3836 | 8604 | return 0; |
ashleymills | 0:714293de3836 | 8605 | } |
ashleymills | 0:714293de3836 | 8606 | |
ashleymills | 0:714293de3836 | 8607 | CYASSL_MSG("CyaSSL_generate_key success"); |
ashleymills | 0:714293de3836 | 8608 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 8609 | } |
ashleymills | 0:714293de3836 | 8610 | |
ashleymills | 0:714293de3836 | 8611 | |
ashleymills | 0:714293de3836 | 8612 | /* return key size on ok, 0 otherwise */ |
ashleymills | 0:714293de3836 | 8613 | int CyaSSL_DH_compute_key(unsigned char* key, CYASSL_BIGNUM* otherPub, |
ashleymills | 0:714293de3836 | 8614 | CYASSL_DH* dh) |
ashleymills | 0:714293de3836 | 8615 | { |
ashleymills | 0:714293de3836 | 8616 | unsigned char pub [1024]; |
ashleymills | 0:714293de3836 | 8617 | unsigned char priv[1024]; |
ashleymills | 0:714293de3836 | 8618 | word32 pubSz = sizeof(pub); |
ashleymills | 0:714293de3836 | 8619 | word32 privSz = sizeof(priv); |
ashleymills | 0:714293de3836 | 8620 | word32 keySz; |
ashleymills | 0:714293de3836 | 8621 | |
ashleymills | 0:714293de3836 | 8622 | CYASSL_MSG("CyaSSL_DH_compute_key"); |
ashleymills | 0:714293de3836 | 8623 | |
ashleymills | 0:714293de3836 | 8624 | if (dh == NULL || dh->priv_key == NULL || otherPub == NULL) { |
ashleymills | 0:714293de3836 | 8625 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:714293de3836 | 8626 | return 0; |
ashleymills | 0:714293de3836 | 8627 | } |
ashleymills | 0:714293de3836 | 8628 | |
ashleymills | 0:714293de3836 | 8629 | keySz = (word32)DH_size(dh); |
ashleymills | 0:714293de3836 | 8630 | if (keySz == 0) { |
ashleymills | 0:714293de3836 | 8631 | CYASSL_MSG("Bad DH_size"); |
ashleymills | 0:714293de3836 | 8632 | return 0; |
ashleymills | 0:714293de3836 | 8633 | } |
ashleymills | 0:714293de3836 | 8634 | |
ashleymills | 0:714293de3836 | 8635 | if (CyaSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz) { |
ashleymills | 0:714293de3836 | 8636 | CYASSL_MSG("Bad priv internal size"); |
ashleymills | 0:714293de3836 | 8637 | return 0; |
ashleymills | 0:714293de3836 | 8638 | } |
ashleymills | 0:714293de3836 | 8639 | |
ashleymills | 0:714293de3836 | 8640 | if (CyaSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz) { |
ashleymills | 0:714293de3836 | 8641 | CYASSL_MSG("Bad otherPub size"); |
ashleymills | 0:714293de3836 | 8642 | return 0; |
ashleymills | 0:714293de3836 | 8643 | } |
ashleymills | 0:714293de3836 | 8644 | |
ashleymills | 0:714293de3836 | 8645 | privSz = CyaSSL_BN_bn2bin(dh->priv_key, priv); |
ashleymills | 0:714293de3836 | 8646 | pubSz = CyaSSL_BN_bn2bin(otherPub, pub); |
ashleymills | 0:714293de3836 | 8647 | |
ashleymills | 0:714293de3836 | 8648 | if (privSz <= 0 || pubSz <= 0) { |
ashleymills | 0:714293de3836 | 8649 | CYASSL_MSG("Bad BN2bin set"); |
ashleymills | 0:714293de3836 | 8650 | return 0; |
ashleymills | 0:714293de3836 | 8651 | } |
ashleymills | 0:714293de3836 | 8652 | |
ashleymills | 0:714293de3836 | 8653 | if (DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub, |
ashleymills | 0:714293de3836 | 8654 | pubSz) < 0) { |
ashleymills | 0:714293de3836 | 8655 | CYASSL_MSG("DhAgree failed"); |
ashleymills | 0:714293de3836 | 8656 | return 0; |
ashleymills | 0:714293de3836 | 8657 | } |
ashleymills | 0:714293de3836 | 8658 | |
ashleymills | 0:714293de3836 | 8659 | CYASSL_MSG("CyaSSL_compute_key success"); |
ashleymills | 0:714293de3836 | 8660 | return (int)keySz; |
ashleymills | 0:714293de3836 | 8661 | } |
ashleymills | 0:714293de3836 | 8662 | |
ashleymills | 0:714293de3836 | 8663 | |
ashleymills | 0:714293de3836 | 8664 | #ifndef NO_DSA |
ashleymills | 0:714293de3836 | 8665 | static void InitCyaSSL_DSA(CYASSL_DSA* dsa) |
ashleymills | 0:714293de3836 | 8666 | { |
ashleymills | 0:714293de3836 | 8667 | if (dsa) { |
ashleymills | 0:714293de3836 | 8668 | dsa->p = NULL; |
ashleymills | 0:714293de3836 | 8669 | dsa->q = NULL; |
ashleymills | 0:714293de3836 | 8670 | dsa->g = NULL; |
ashleymills | 0:714293de3836 | 8671 | dsa->pub_key = NULL; |
ashleymills | 0:714293de3836 | 8672 | dsa->priv_key = NULL; |
ashleymills | 0:714293de3836 | 8673 | dsa->internal = NULL; |
ashleymills | 0:714293de3836 | 8674 | dsa->inSet = 0; |
ashleymills | 0:714293de3836 | 8675 | dsa->exSet = 0; |
ashleymills | 0:714293de3836 | 8676 | } |
ashleymills | 0:714293de3836 | 8677 | } |
ashleymills | 0:714293de3836 | 8678 | |
ashleymills | 0:714293de3836 | 8679 | |
ashleymills | 0:714293de3836 | 8680 | CYASSL_DSA* CyaSSL_DSA_new(void) |
ashleymills | 0:714293de3836 | 8681 | { |
ashleymills | 0:714293de3836 | 8682 | CYASSL_DSA* external; |
ashleymills | 0:714293de3836 | 8683 | DsaKey* key; |
ashleymills | 0:714293de3836 | 8684 | |
ashleymills | 0:714293de3836 | 8685 | CYASSL_MSG("CyaSSL_DSA_new"); |
ashleymills | 0:714293de3836 | 8686 | |
ashleymills | 0:714293de3836 | 8687 | key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA); |
ashleymills | 0:714293de3836 | 8688 | if (key == NULL) { |
ashleymills | 0:714293de3836 | 8689 | CYASSL_MSG("CyaSSL_DSA_new malloc DsaKey failure"); |
ashleymills | 0:714293de3836 | 8690 | return NULL; |
ashleymills | 0:714293de3836 | 8691 | } |
ashleymills | 0:714293de3836 | 8692 | |
ashleymills | 0:714293de3836 | 8693 | external = (CYASSL_DSA*) XMALLOC(sizeof(CYASSL_DSA), NULL, |
ashleymills | 0:714293de3836 | 8694 | DYNAMIC_TYPE_DSA); |
ashleymills | 0:714293de3836 | 8695 | if (external == NULL) { |
ashleymills | 0:714293de3836 | 8696 | CYASSL_MSG("CyaSSL_DSA_new malloc CYASSL_DSA failure"); |
ashleymills | 0:714293de3836 | 8697 | XFREE(key, NULL, DYNAMIC_TYPE_DSA); |
ashleymills | 0:714293de3836 | 8698 | return NULL; |
ashleymills | 0:714293de3836 | 8699 | } |
ashleymills | 0:714293de3836 | 8700 | |
ashleymills | 0:714293de3836 | 8701 | InitCyaSSL_DSA(external); |
ashleymills | 0:714293de3836 | 8702 | InitDsaKey(key); |
ashleymills | 0:714293de3836 | 8703 | external->internal = key; |
ashleymills | 0:714293de3836 | 8704 | |
ashleymills | 0:714293de3836 | 8705 | return external; |
ashleymills | 0:714293de3836 | 8706 | } |
ashleymills | 0:714293de3836 | 8707 | |
ashleymills | 0:714293de3836 | 8708 | |
ashleymills | 0:714293de3836 | 8709 | void CyaSSL_DSA_free(CYASSL_DSA* dsa) |
ashleymills | 0:714293de3836 | 8710 | { |
ashleymills | 0:714293de3836 | 8711 | CYASSL_MSG("CyaSSL_DSA_free"); |
ashleymills | 0:714293de3836 | 8712 | |
ashleymills | 0:714293de3836 | 8713 | if (dsa) { |
ashleymills | 0:714293de3836 | 8714 | if (dsa->internal) { |
ashleymills | 0:714293de3836 | 8715 | FreeDsaKey((DsaKey*)dsa->internal); |
ashleymills | 0:714293de3836 | 8716 | XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA); |
ashleymills | 0:714293de3836 | 8717 | dsa->internal = NULL; |
ashleymills | 0:714293de3836 | 8718 | } |
ashleymills | 0:714293de3836 | 8719 | CyaSSL_BN_free(dsa->priv_key); |
ashleymills | 0:714293de3836 | 8720 | CyaSSL_BN_free(dsa->pub_key); |
ashleymills | 0:714293de3836 | 8721 | CyaSSL_BN_free(dsa->g); |
ashleymills | 0:714293de3836 | 8722 | CyaSSL_BN_free(dsa->q); |
ashleymills | 0:714293de3836 | 8723 | CyaSSL_BN_free(dsa->p); |
ashleymills | 0:714293de3836 | 8724 | InitCyaSSL_DSA(dsa); /* set back to NULLs for safety */ |
ashleymills | 0:714293de3836 | 8725 | |
ashleymills | 0:714293de3836 | 8726 | XFREE(dsa, NULL, DYNAMIC_TYPE_DSA); |
ashleymills | 0:714293de3836 | 8727 | } |
ashleymills | 0:714293de3836 | 8728 | } |
ashleymills | 0:714293de3836 | 8729 | |
ashleymills | 0:714293de3836 | 8730 | |
ashleymills | 0:714293de3836 | 8731 | int CyaSSL_DSA_generate_key(CYASSL_DSA* dsa) |
ashleymills | 0:714293de3836 | 8732 | { |
ashleymills | 0:714293de3836 | 8733 | (void)dsa; |
ashleymills | 0:714293de3836 | 8734 | |
ashleymills | 0:714293de3836 | 8735 | CYASSL_MSG("CyaSSL_DSA_generate_key"); |
ashleymills | 0:714293de3836 | 8736 | |
ashleymills | 0:714293de3836 | 8737 | return 0; /* key gen not needed by server */ |
ashleymills | 0:714293de3836 | 8738 | } |
ashleymills | 0:714293de3836 | 8739 | |
ashleymills | 0:714293de3836 | 8740 | |
ashleymills | 0:714293de3836 | 8741 | int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA* dsa, int bits, |
ashleymills | 0:714293de3836 | 8742 | unsigned char* seed, int seedLen, int* counterRet, |
ashleymills | 0:714293de3836 | 8743 | unsigned long* hRet, void* cb) |
ashleymills | 0:714293de3836 | 8744 | { |
ashleymills | 0:714293de3836 | 8745 | (void)dsa; |
ashleymills | 0:714293de3836 | 8746 | (void)bits; |
ashleymills | 0:714293de3836 | 8747 | (void)seed; |
ashleymills | 0:714293de3836 | 8748 | (void)seedLen; |
ashleymills | 0:714293de3836 | 8749 | (void)counterRet; |
ashleymills | 0:714293de3836 | 8750 | (void)hRet; |
ashleymills | 0:714293de3836 | 8751 | (void)cb; |
ashleymills | 0:714293de3836 | 8752 | |
ashleymills | 0:714293de3836 | 8753 | CYASSL_MSG("CyaSSL_DSA_generate_parameters_ex"); |
ashleymills | 0:714293de3836 | 8754 | |
ashleymills | 0:714293de3836 | 8755 | return 0; /* key gen not needed by server */ |
ashleymills | 0:714293de3836 | 8756 | } |
ashleymills | 0:714293de3836 | 8757 | #endif /* NO_DSA */ |
ashleymills | 0:714293de3836 | 8758 | |
ashleymills | 0:714293de3836 | 8759 | static void InitCyaSSL_Rsa(CYASSL_RSA* rsa) |
ashleymills | 0:714293de3836 | 8760 | { |
ashleymills | 0:714293de3836 | 8761 | if (rsa) { |
ashleymills | 0:714293de3836 | 8762 | rsa->n = NULL; |
ashleymills | 0:714293de3836 | 8763 | rsa->e = NULL; |
ashleymills | 0:714293de3836 | 8764 | rsa->d = NULL; |
ashleymills | 0:714293de3836 | 8765 | rsa->p = NULL; |
ashleymills | 0:714293de3836 | 8766 | rsa->q = NULL; |
ashleymills | 0:714293de3836 | 8767 | rsa->dmp1 = NULL; |
ashleymills | 0:714293de3836 | 8768 | rsa->dmq1 = NULL; |
ashleymills | 0:714293de3836 | 8769 | rsa->iqmp = NULL; |
ashleymills | 0:714293de3836 | 8770 | rsa->internal = NULL; |
ashleymills | 0:714293de3836 | 8771 | rsa->inSet = 0; |
ashleymills | 0:714293de3836 | 8772 | rsa->exSet = 0; |
ashleymills | 0:714293de3836 | 8773 | } |
ashleymills | 0:714293de3836 | 8774 | } |
ashleymills | 0:714293de3836 | 8775 | |
ashleymills | 0:714293de3836 | 8776 | |
ashleymills | 0:714293de3836 | 8777 | CYASSL_RSA* CyaSSL_RSA_new(void) |
ashleymills | 0:714293de3836 | 8778 | { |
ashleymills | 0:714293de3836 | 8779 | CYASSL_RSA* external; |
ashleymills | 0:714293de3836 | 8780 | RsaKey* key; |
ashleymills | 0:714293de3836 | 8781 | |
ashleymills | 0:714293de3836 | 8782 | CYASSL_MSG("CyaSSL_RSA_new"); |
ashleymills | 0:714293de3836 | 8783 | |
ashleymills | 0:714293de3836 | 8784 | key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); |
ashleymills | 0:714293de3836 | 8785 | if (key == NULL) { |
ashleymills | 0:714293de3836 | 8786 | CYASSL_MSG("CyaSSL_RSA_new malloc RsaKey failure"); |
ashleymills | 0:714293de3836 | 8787 | return NULL; |
ashleymills | 0:714293de3836 | 8788 | } |
ashleymills | 0:714293de3836 | 8789 | |
ashleymills | 0:714293de3836 | 8790 | external = (CYASSL_RSA*) XMALLOC(sizeof(CYASSL_RSA), NULL, |
ashleymills | 0:714293de3836 | 8791 | DYNAMIC_TYPE_RSA); |
ashleymills | 0:714293de3836 | 8792 | if (external == NULL) { |
ashleymills | 0:714293de3836 | 8793 | CYASSL_MSG("CyaSSL_RSA_new malloc CYASSL_RSA failure"); |
ashleymills | 0:714293de3836 | 8794 | XFREE(key, NULL, DYNAMIC_TYPE_RSA); |
ashleymills | 0:714293de3836 | 8795 | return NULL; |
ashleymills | 0:714293de3836 | 8796 | } |
ashleymills | 0:714293de3836 | 8797 | |
ashleymills | 0:714293de3836 | 8798 | InitCyaSSL_Rsa(external); |
ashleymills | 0:714293de3836 | 8799 | InitRsaKey(key, NULL); |
ashleymills | 0:714293de3836 | 8800 | external->internal = key; |
ashleymills | 0:714293de3836 | 8801 | |
ashleymills | 0:714293de3836 | 8802 | return external; |
ashleymills | 0:714293de3836 | 8803 | } |
ashleymills | 0:714293de3836 | 8804 | |
ashleymills | 0:714293de3836 | 8805 | |
ashleymills | 0:714293de3836 | 8806 | void CyaSSL_RSA_free(CYASSL_RSA* rsa) |
ashleymills | 0:714293de3836 | 8807 | { |
ashleymills | 0:714293de3836 | 8808 | CYASSL_MSG("CyaSSL_RSA_free"); |
ashleymills | 0:714293de3836 | 8809 | |
ashleymills | 0:714293de3836 | 8810 | if (rsa) { |
ashleymills | 0:714293de3836 | 8811 | if (rsa->internal) { |
ashleymills | 0:714293de3836 | 8812 | FreeRsaKey((RsaKey*)rsa->internal); |
ashleymills | 0:714293de3836 | 8813 | XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA); |
ashleymills | 0:714293de3836 | 8814 | rsa->internal = NULL; |
ashleymills | 0:714293de3836 | 8815 | } |
ashleymills | 0:714293de3836 | 8816 | CyaSSL_BN_free(rsa->iqmp); |
ashleymills | 0:714293de3836 | 8817 | CyaSSL_BN_free(rsa->dmq1); |
ashleymills | 0:714293de3836 | 8818 | CyaSSL_BN_free(rsa->dmp1); |
ashleymills | 0:714293de3836 | 8819 | CyaSSL_BN_free(rsa->q); |
ashleymills | 0:714293de3836 | 8820 | CyaSSL_BN_free(rsa->p); |
ashleymills | 0:714293de3836 | 8821 | CyaSSL_BN_free(rsa->d); |
ashleymills | 0:714293de3836 | 8822 | CyaSSL_BN_free(rsa->e); |
ashleymills | 0:714293de3836 | 8823 | CyaSSL_BN_free(rsa->n); |
ashleymills | 0:714293de3836 | 8824 | InitCyaSSL_Rsa(rsa); /* set back to NULLs for safety */ |
ashleymills | 0:714293de3836 | 8825 | |
ashleymills | 0:714293de3836 | 8826 | XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); |
ashleymills | 0:714293de3836 | 8827 | } |
ashleymills | 0:714293de3836 | 8828 | } |
ashleymills | 0:714293de3836 | 8829 | |
ashleymills | 0:714293de3836 | 8830 | |
ashleymills | 0:714293de3836 | 8831 | static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi) |
ashleymills | 0:714293de3836 | 8832 | { |
ashleymills | 0:714293de3836 | 8833 | CYASSL_MSG("Entering SetIndividualExternal"); |
ashleymills | 0:714293de3836 | 8834 | |
ashleymills | 0:714293de3836 | 8835 | if (mpi == NULL) { |
ashleymills | 0:714293de3836 | 8836 | CYASSL_MSG("mpi NULL error"); |
ashleymills | 0:714293de3836 | 8837 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8838 | } |
ashleymills | 0:714293de3836 | 8839 | |
ashleymills | 0:714293de3836 | 8840 | if (*bn == NULL) { |
ashleymills | 0:714293de3836 | 8841 | *bn = CyaSSL_BN_new(); |
ashleymills | 0:714293de3836 | 8842 | if (*bn == NULL) { |
ashleymills | 0:714293de3836 | 8843 | CYASSL_MSG("SetIndividualExternal alloc failed"); |
ashleymills | 0:714293de3836 | 8844 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8845 | } |
ashleymills | 0:714293de3836 | 8846 | } |
ashleymills | 0:714293de3836 | 8847 | |
ashleymills | 0:714293de3836 | 8848 | if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) { |
ashleymills | 0:714293de3836 | 8849 | CYASSL_MSG("mp_copy error"); |
ashleymills | 0:714293de3836 | 8850 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8851 | } |
ashleymills | 0:714293de3836 | 8852 | |
ashleymills | 0:714293de3836 | 8853 | return 0; |
ashleymills | 0:714293de3836 | 8854 | } |
ashleymills | 0:714293de3836 | 8855 | |
ashleymills | 0:714293de3836 | 8856 | |
ashleymills | 0:714293de3836 | 8857 | #ifndef NO_DSA |
ashleymills | 0:714293de3836 | 8858 | static int SetDsaExternal(CYASSL_DSA* dsa) |
ashleymills | 0:714293de3836 | 8859 | { |
ashleymills | 0:714293de3836 | 8860 | DsaKey* key; |
ashleymills | 0:714293de3836 | 8861 | CYASSL_MSG("Entering SetDsaExternal"); |
ashleymills | 0:714293de3836 | 8862 | |
ashleymills | 0:714293de3836 | 8863 | if (dsa == NULL || dsa->internal == NULL) { |
ashleymills | 0:714293de3836 | 8864 | CYASSL_MSG("dsa key NULL error"); |
ashleymills | 0:714293de3836 | 8865 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8866 | } |
ashleymills | 0:714293de3836 | 8867 | |
ashleymills | 0:714293de3836 | 8868 | key = (DsaKey*)dsa->internal; |
ashleymills | 0:714293de3836 | 8869 | |
ashleymills | 0:714293de3836 | 8870 | if (SetIndividualExternal(&dsa->p, &key->p) < 0) { |
ashleymills | 0:714293de3836 | 8871 | CYASSL_MSG("dsa p key error"); |
ashleymills | 0:714293de3836 | 8872 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8873 | } |
ashleymills | 0:714293de3836 | 8874 | |
ashleymills | 0:714293de3836 | 8875 | if (SetIndividualExternal(&dsa->q, &key->q) < 0) { |
ashleymills | 0:714293de3836 | 8876 | CYASSL_MSG("dsa q key error"); |
ashleymills | 0:714293de3836 | 8877 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8878 | } |
ashleymills | 0:714293de3836 | 8879 | |
ashleymills | 0:714293de3836 | 8880 | if (SetIndividualExternal(&dsa->g, &key->g) < 0) { |
ashleymills | 0:714293de3836 | 8881 | CYASSL_MSG("dsa g key error"); |
ashleymills | 0:714293de3836 | 8882 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8883 | } |
ashleymills | 0:714293de3836 | 8884 | |
ashleymills | 0:714293de3836 | 8885 | if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) { |
ashleymills | 0:714293de3836 | 8886 | CYASSL_MSG("dsa y key error"); |
ashleymills | 0:714293de3836 | 8887 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8888 | } |
ashleymills | 0:714293de3836 | 8889 | |
ashleymills | 0:714293de3836 | 8890 | if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) { |
ashleymills | 0:714293de3836 | 8891 | CYASSL_MSG("dsa x key error"); |
ashleymills | 0:714293de3836 | 8892 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8893 | } |
ashleymills | 0:714293de3836 | 8894 | |
ashleymills | 0:714293de3836 | 8895 | dsa->exSet = 1; |
ashleymills | 0:714293de3836 | 8896 | |
ashleymills | 0:714293de3836 | 8897 | return 0; |
ashleymills | 0:714293de3836 | 8898 | } |
ashleymills | 0:714293de3836 | 8899 | #endif /* NO_DSA */ |
ashleymills | 0:714293de3836 | 8900 | |
ashleymills | 0:714293de3836 | 8901 | |
ashleymills | 0:714293de3836 | 8902 | static int SetRsaExternal(CYASSL_RSA* rsa) |
ashleymills | 0:714293de3836 | 8903 | { |
ashleymills | 0:714293de3836 | 8904 | RsaKey* key; |
ashleymills | 0:714293de3836 | 8905 | CYASSL_MSG("Entering SetRsaExternal"); |
ashleymills | 0:714293de3836 | 8906 | |
ashleymills | 0:714293de3836 | 8907 | if (rsa == NULL || rsa->internal == NULL) { |
ashleymills | 0:714293de3836 | 8908 | CYASSL_MSG("rsa key NULL error"); |
ashleymills | 0:714293de3836 | 8909 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8910 | } |
ashleymills | 0:714293de3836 | 8911 | |
ashleymills | 0:714293de3836 | 8912 | key = (RsaKey*)rsa->internal; |
ashleymills | 0:714293de3836 | 8913 | |
ashleymills | 0:714293de3836 | 8914 | if (SetIndividualExternal(&rsa->n, &key->n) < 0) { |
ashleymills | 0:714293de3836 | 8915 | CYASSL_MSG("rsa n key error"); |
ashleymills | 0:714293de3836 | 8916 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8917 | } |
ashleymills | 0:714293de3836 | 8918 | |
ashleymills | 0:714293de3836 | 8919 | if (SetIndividualExternal(&rsa->e, &key->e) < 0) { |
ashleymills | 0:714293de3836 | 8920 | CYASSL_MSG("rsa e key error"); |
ashleymills | 0:714293de3836 | 8921 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8922 | } |
ashleymills | 0:714293de3836 | 8923 | |
ashleymills | 0:714293de3836 | 8924 | if (SetIndividualExternal(&rsa->d, &key->d) < 0) { |
ashleymills | 0:714293de3836 | 8925 | CYASSL_MSG("rsa d key error"); |
ashleymills | 0:714293de3836 | 8926 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8927 | } |
ashleymills | 0:714293de3836 | 8928 | |
ashleymills | 0:714293de3836 | 8929 | if (SetIndividualExternal(&rsa->p, &key->p) < 0) { |
ashleymills | 0:714293de3836 | 8930 | CYASSL_MSG("rsa p key error"); |
ashleymills | 0:714293de3836 | 8931 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8932 | } |
ashleymills | 0:714293de3836 | 8933 | |
ashleymills | 0:714293de3836 | 8934 | if (SetIndividualExternal(&rsa->q, &key->q) < 0) { |
ashleymills | 0:714293de3836 | 8935 | CYASSL_MSG("rsa q key error"); |
ashleymills | 0:714293de3836 | 8936 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8937 | } |
ashleymills | 0:714293de3836 | 8938 | |
ashleymills | 0:714293de3836 | 8939 | if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) { |
ashleymills | 0:714293de3836 | 8940 | CYASSL_MSG("rsa dP key error"); |
ashleymills | 0:714293de3836 | 8941 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8942 | } |
ashleymills | 0:714293de3836 | 8943 | |
ashleymills | 0:714293de3836 | 8944 | if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) { |
ashleymills | 0:714293de3836 | 8945 | CYASSL_MSG("rsa dQ key error"); |
ashleymills | 0:714293de3836 | 8946 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8947 | } |
ashleymills | 0:714293de3836 | 8948 | |
ashleymills | 0:714293de3836 | 8949 | if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) { |
ashleymills | 0:714293de3836 | 8950 | CYASSL_MSG("rsa u key error"); |
ashleymills | 0:714293de3836 | 8951 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8952 | } |
ashleymills | 0:714293de3836 | 8953 | |
ashleymills | 0:714293de3836 | 8954 | rsa->exSet = 1; |
ashleymills | 0:714293de3836 | 8955 | |
ashleymills | 0:714293de3836 | 8956 | return 0; |
ashleymills | 0:714293de3836 | 8957 | } |
ashleymills | 0:714293de3836 | 8958 | |
ashleymills | 0:714293de3836 | 8959 | |
ashleymills | 0:714293de3836 | 8960 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 8961 | int CyaSSL_RSA_generate_key_ex(CYASSL_RSA* rsa, int bits, CYASSL_BIGNUM* bn, |
ashleymills | 0:714293de3836 | 8962 | void* cb) |
ashleymills | 0:714293de3836 | 8963 | { |
ashleymills | 0:714293de3836 | 8964 | RNG rng; |
ashleymills | 0:714293de3836 | 8965 | |
ashleymills | 0:714293de3836 | 8966 | CYASSL_MSG("CyaSSL_RSA_generate_key_ex"); |
ashleymills | 0:714293de3836 | 8967 | |
ashleymills | 0:714293de3836 | 8968 | (void)rsa; |
ashleymills | 0:714293de3836 | 8969 | (void)bits; |
ashleymills | 0:714293de3836 | 8970 | (void)cb; |
ashleymills | 0:714293de3836 | 8971 | (void)bn; |
ashleymills | 0:714293de3836 | 8972 | |
ashleymills | 0:714293de3836 | 8973 | if (InitRng(&rng) < 0) { |
ashleymills | 0:714293de3836 | 8974 | CYASSL_MSG("RNG init failed"); |
ashleymills | 0:714293de3836 | 8975 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8976 | } |
ashleymills | 0:714293de3836 | 8977 | |
ashleymills | 0:714293de3836 | 8978 | #ifdef CYASSL_KEY_GEN |
ashleymills | 0:714293de3836 | 8979 | if (MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, &rng) < 0) { |
ashleymills | 0:714293de3836 | 8980 | CYASSL_MSG("MakeRsaKey failed"); |
ashleymills | 0:714293de3836 | 8981 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8982 | } |
ashleymills | 0:714293de3836 | 8983 | |
ashleymills | 0:714293de3836 | 8984 | if (SetRsaExternal(rsa) < 0) { |
ashleymills | 0:714293de3836 | 8985 | CYASSL_MSG("SetRsaExternal failed"); |
ashleymills | 0:714293de3836 | 8986 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8987 | } |
ashleymills | 0:714293de3836 | 8988 | |
ashleymills | 0:714293de3836 | 8989 | rsa->inSet = 1; |
ashleymills | 0:714293de3836 | 8990 | |
ashleymills | 0:714293de3836 | 8991 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 8992 | #else |
ashleymills | 0:714293de3836 | 8993 | CYASSL_MSG("No Key Gen built in"); |
ashleymills | 0:714293de3836 | 8994 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 8995 | #endif |
ashleymills | 0:714293de3836 | 8996 | |
ashleymills | 0:714293de3836 | 8997 | } |
ashleymills | 0:714293de3836 | 8998 | |
ashleymills | 0:714293de3836 | 8999 | |
ashleymills | 0:714293de3836 | 9000 | /* SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 9001 | int CyaSSL_RSA_blinding_on(CYASSL_RSA* rsa, CYASSL_BN_CTX* bn) |
ashleymills | 0:714293de3836 | 9002 | { |
ashleymills | 0:714293de3836 | 9003 | (void)rsa; |
ashleymills | 0:714293de3836 | 9004 | (void)bn; |
ashleymills | 0:714293de3836 | 9005 | |
ashleymills | 0:714293de3836 | 9006 | CYASSL_MSG("CyaSSL_RSA_blinding_on"); |
ashleymills | 0:714293de3836 | 9007 | |
ashleymills | 0:714293de3836 | 9008 | return SSL_SUCCESS; /* on by default */ |
ashleymills | 0:714293de3836 | 9009 | } |
ashleymills | 0:714293de3836 | 9010 | |
ashleymills | 0:714293de3836 | 9011 | |
ashleymills | 0:714293de3836 | 9012 | int CyaSSL_RSA_public_encrypt(int len, unsigned char* fr, |
ashleymills | 0:714293de3836 | 9013 | unsigned char* to, CYASSL_RSA* rsa, int padding) |
ashleymills | 0:714293de3836 | 9014 | { |
ashleymills | 0:714293de3836 | 9015 | (void)len; |
ashleymills | 0:714293de3836 | 9016 | (void)fr; |
ashleymills | 0:714293de3836 | 9017 | (void)to; |
ashleymills | 0:714293de3836 | 9018 | (void)rsa; |
ashleymills | 0:714293de3836 | 9019 | (void)padding; |
ashleymills | 0:714293de3836 | 9020 | |
ashleymills | 0:714293de3836 | 9021 | CYASSL_MSG("CyaSSL_RSA_public_encrypt"); |
ashleymills | 0:714293de3836 | 9022 | |
ashleymills | 0:714293de3836 | 9023 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9024 | } |
ashleymills | 0:714293de3836 | 9025 | |
ashleymills | 0:714293de3836 | 9026 | |
ashleymills | 0:714293de3836 | 9027 | int CyaSSL_RSA_private_decrypt(int len, unsigned char* fr, |
ashleymills | 0:714293de3836 | 9028 | unsigned char* to, CYASSL_RSA* rsa, int padding) |
ashleymills | 0:714293de3836 | 9029 | { |
ashleymills | 0:714293de3836 | 9030 | (void)len; |
ashleymills | 0:714293de3836 | 9031 | (void)fr; |
ashleymills | 0:714293de3836 | 9032 | (void)to; |
ashleymills | 0:714293de3836 | 9033 | (void)rsa; |
ashleymills | 0:714293de3836 | 9034 | (void)padding; |
ashleymills | 0:714293de3836 | 9035 | |
ashleymills | 0:714293de3836 | 9036 | CYASSL_MSG("CyaSSL_RSA_private_decrypt"); |
ashleymills | 0:714293de3836 | 9037 | |
ashleymills | 0:714293de3836 | 9038 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9039 | } |
ashleymills | 0:714293de3836 | 9040 | |
ashleymills | 0:714293de3836 | 9041 | |
ashleymills | 0:714293de3836 | 9042 | int CyaSSL_RSA_size(const CYASSL_RSA* rsa) |
ashleymills | 0:714293de3836 | 9043 | { |
ashleymills | 0:714293de3836 | 9044 | CYASSL_MSG("CyaSSL_RSA_size"); |
ashleymills | 0:714293de3836 | 9045 | |
ashleymills | 0:714293de3836 | 9046 | if (rsa == NULL) |
ashleymills | 0:714293de3836 | 9047 | return 0; |
ashleymills | 0:714293de3836 | 9048 | |
ashleymills | 0:714293de3836 | 9049 | return CyaSSL_BN_num_bytes(rsa->n); |
ashleymills | 0:714293de3836 | 9050 | } |
ashleymills | 0:714293de3836 | 9051 | |
ashleymills | 0:714293de3836 | 9052 | |
ashleymills | 0:714293de3836 | 9053 | #ifndef NO_DSA |
ashleymills | 0:714293de3836 | 9054 | /* return SSL_SUCCESS on success, < 0 otherwise */ |
ashleymills | 0:714293de3836 | 9055 | int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, |
ashleymills | 0:714293de3836 | 9056 | CYASSL_DSA* dsa) |
ashleymills | 0:714293de3836 | 9057 | { |
ashleymills | 0:714293de3836 | 9058 | RNG tmpRNG; |
ashleymills | 0:714293de3836 | 9059 | RNG* rng = &tmpRNG; |
ashleymills | 0:714293de3836 | 9060 | |
ashleymills | 0:714293de3836 | 9061 | CYASSL_MSG("CyaSSL_DSA_do_sign"); |
ashleymills | 0:714293de3836 | 9062 | |
ashleymills | 0:714293de3836 | 9063 | if (d == NULL || sigRet == NULL || dsa == NULL) { |
ashleymills | 0:714293de3836 | 9064 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:714293de3836 | 9065 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9066 | } |
ashleymills | 0:714293de3836 | 9067 | |
ashleymills | 0:714293de3836 | 9068 | if (dsa->inSet == 0) { |
ashleymills | 0:714293de3836 | 9069 | CYASSL_MSG("No DSA internal set"); |
ashleymills | 0:714293de3836 | 9070 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9071 | } |
ashleymills | 0:714293de3836 | 9072 | |
ashleymills | 0:714293de3836 | 9073 | if (InitRng(&tmpRNG) != 0) { |
ashleymills | 0:714293de3836 | 9074 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:714293de3836 | 9075 | if (initGlobalRNG == 0) { |
ashleymills | 0:714293de3836 | 9076 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:714293de3836 | 9077 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9078 | } |
ashleymills | 0:714293de3836 | 9079 | rng = &globalRNG; |
ashleymills | 0:714293de3836 | 9080 | } |
ashleymills | 0:714293de3836 | 9081 | |
ashleymills | 0:714293de3836 | 9082 | if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { |
ashleymills | 0:714293de3836 | 9083 | CYASSL_MSG("DsaSign failed"); |
ashleymills | 0:714293de3836 | 9084 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9085 | } |
ashleymills | 0:714293de3836 | 9086 | |
ashleymills | 0:714293de3836 | 9087 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 9088 | } |
ashleymills | 0:714293de3836 | 9089 | #endif /* NO_DSA */ |
ashleymills | 0:714293de3836 | 9090 | |
ashleymills | 0:714293de3836 | 9091 | |
ashleymills | 0:714293de3836 | 9092 | /* return SSL_SUCCES on ok, 0 otherwise */ |
ashleymills | 0:714293de3836 | 9093 | int CyaSSL_RSA_sign(int type, const unsigned char* m, |
ashleymills | 0:714293de3836 | 9094 | unsigned int mLen, unsigned char* sigRet, |
ashleymills | 0:714293de3836 | 9095 | unsigned int* sigLen, CYASSL_RSA* rsa) |
ashleymills | 0:714293de3836 | 9096 | { |
ashleymills | 0:714293de3836 | 9097 | byte encodedSig[MAX_ENCODED_SIG_SZ]; |
ashleymills | 0:714293de3836 | 9098 | word32 outLen; |
ashleymills | 0:714293de3836 | 9099 | word32 signSz; |
ashleymills | 0:714293de3836 | 9100 | RNG tmpRNG; |
ashleymills | 0:714293de3836 | 9101 | RNG* rng = &tmpRNG; |
ashleymills | 0:714293de3836 | 9102 | |
ashleymills | 0:714293de3836 | 9103 | CYASSL_MSG("CyaSSL_RSA_sign"); |
ashleymills | 0:714293de3836 | 9104 | |
ashleymills | 0:714293de3836 | 9105 | if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { |
ashleymills | 0:714293de3836 | 9106 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:714293de3836 | 9107 | return 0; |
ashleymills | 0:714293de3836 | 9108 | } |
ashleymills | 0:714293de3836 | 9109 | |
ashleymills | 0:714293de3836 | 9110 | if (rsa->inSet == 0) { |
ashleymills | 0:714293de3836 | 9111 | CYASSL_MSG("No RSA internal set"); |
ashleymills | 0:714293de3836 | 9112 | return 0; |
ashleymills | 0:714293de3836 | 9113 | } |
ashleymills | 0:714293de3836 | 9114 | |
ashleymills | 0:714293de3836 | 9115 | outLen = (word32)CyaSSL_BN_num_bytes(rsa->n); |
ashleymills | 0:714293de3836 | 9116 | if (outLen == 0) { |
ashleymills | 0:714293de3836 | 9117 | CYASSL_MSG("Bad RSA size"); |
ashleymills | 0:714293de3836 | 9118 | return 0; |
ashleymills | 0:714293de3836 | 9119 | } |
ashleymills | 0:714293de3836 | 9120 | |
ashleymills | 0:714293de3836 | 9121 | if (InitRng(&tmpRNG) != 0) { |
ashleymills | 0:714293de3836 | 9122 | CYASSL_MSG("Bad RNG Init, trying global"); |
ashleymills | 0:714293de3836 | 9123 | if (initGlobalRNG == 0) { |
ashleymills | 0:714293de3836 | 9124 | CYASSL_MSG("Global RNG no Init"); |
ashleymills | 0:714293de3836 | 9125 | return 0; |
ashleymills | 0:714293de3836 | 9126 | } |
ashleymills | 0:714293de3836 | 9127 | rng = &globalRNG; |
ashleymills | 0:714293de3836 | 9128 | } |
ashleymills | 0:714293de3836 | 9129 | |
ashleymills | 0:714293de3836 | 9130 | switch (type) { |
ashleymills | 0:714293de3836 | 9131 | case NID_md5: |
ashleymills | 0:714293de3836 | 9132 | type = MD5h; |
ashleymills | 0:714293de3836 | 9133 | break; |
ashleymills | 0:714293de3836 | 9134 | |
ashleymills | 0:714293de3836 | 9135 | case NID_sha1: |
ashleymills | 0:714293de3836 | 9136 | type = SHAh; |
ashleymills | 0:714293de3836 | 9137 | break; |
ashleymills | 0:714293de3836 | 9138 | |
ashleymills | 0:714293de3836 | 9139 | default: |
ashleymills | 0:714293de3836 | 9140 | CYASSL_MSG("Bad md type"); |
ashleymills | 0:714293de3836 | 9141 | return 0; |
ashleymills | 0:714293de3836 | 9142 | } |
ashleymills | 0:714293de3836 | 9143 | |
ashleymills | 0:714293de3836 | 9144 | signSz = EncodeSignature(encodedSig, m, mLen, type); |
ashleymills | 0:714293de3836 | 9145 | if (signSz == 0) { |
ashleymills | 0:714293de3836 | 9146 | CYASSL_MSG("Bad Encode Signature"); |
ashleymills | 0:714293de3836 | 9147 | return 0; |
ashleymills | 0:714293de3836 | 9148 | } |
ashleymills | 0:714293de3836 | 9149 | |
ashleymills | 0:714293de3836 | 9150 | *sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen, |
ashleymills | 0:714293de3836 | 9151 | (RsaKey*)rsa->internal, rng); |
ashleymills | 0:714293de3836 | 9152 | if (*sigLen <= 0) { |
ashleymills | 0:714293de3836 | 9153 | CYASSL_MSG("Bad Rsa Sign"); |
ashleymills | 0:714293de3836 | 9154 | return 0; |
ashleymills | 0:714293de3836 | 9155 | } |
ashleymills | 0:714293de3836 | 9156 | |
ashleymills | 0:714293de3836 | 9157 | CYASSL_MSG("CyaSSL_RSA_sign success"); |
ashleymills | 0:714293de3836 | 9158 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 9159 | } |
ashleymills | 0:714293de3836 | 9160 | |
ashleymills | 0:714293de3836 | 9161 | |
ashleymills | 0:714293de3836 | 9162 | int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from, |
ashleymills | 0:714293de3836 | 9163 | unsigned char* to, CYASSL_RSA* rsa, int padding) |
ashleymills | 0:714293de3836 | 9164 | { |
ashleymills | 0:714293de3836 | 9165 | (void)flen; |
ashleymills | 0:714293de3836 | 9166 | (void)from; |
ashleymills | 0:714293de3836 | 9167 | (void)to; |
ashleymills | 0:714293de3836 | 9168 | (void)rsa; |
ashleymills | 0:714293de3836 | 9169 | (void)padding; |
ashleymills | 0:714293de3836 | 9170 | |
ashleymills | 0:714293de3836 | 9171 | CYASSL_MSG("CyaSSL_RSA_public_decrypt"); |
ashleymills | 0:714293de3836 | 9172 | |
ashleymills | 0:714293de3836 | 9173 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9174 | } |
ashleymills | 0:714293de3836 | 9175 | |
ashleymills | 0:714293de3836 | 9176 | |
ashleymills | 0:714293de3836 | 9177 | /* generate p-1 and q-1, SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 9178 | int CyaSSL_RSA_GenAdd(CYASSL_RSA* rsa) |
ashleymills | 0:714293de3836 | 9179 | { |
ashleymills | 0:714293de3836 | 9180 | int err; |
ashleymills | 0:714293de3836 | 9181 | mp_int tmp; |
ashleymills | 0:714293de3836 | 9182 | |
ashleymills | 0:714293de3836 | 9183 | CYASSL_MSG("CyaSSL_RsaGenAdd"); |
ashleymills | 0:714293de3836 | 9184 | |
ashleymills | 0:714293de3836 | 9185 | if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL || |
ashleymills | 0:714293de3836 | 9186 | rsa->dmp1 == NULL || rsa->dmq1 == NULL) { |
ashleymills | 0:714293de3836 | 9187 | CYASSL_MSG("rsa no init error"); |
ashleymills | 0:714293de3836 | 9188 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9189 | } |
ashleymills | 0:714293de3836 | 9190 | |
ashleymills | 0:714293de3836 | 9191 | if (mp_init(&tmp) != MP_OKAY) { |
ashleymills | 0:714293de3836 | 9192 | CYASSL_MSG("mp_init error"); |
ashleymills | 0:714293de3836 | 9193 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9194 | } |
ashleymills | 0:714293de3836 | 9195 | |
ashleymills | 0:714293de3836 | 9196 | err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp); |
ashleymills | 0:714293de3836 | 9197 | if (err != MP_OKAY) |
ashleymills | 0:714293de3836 | 9198 | CYASSL_MSG("mp_sub_d error"); |
ashleymills | 0:714293de3836 | 9199 | else |
ashleymills | 0:714293de3836 | 9200 | err = mp_mod((mp_int*)rsa->d->internal, &tmp, |
ashleymills | 0:714293de3836 | 9201 | (mp_int*)rsa->dmp1->internal); |
ashleymills | 0:714293de3836 | 9202 | |
ashleymills | 0:714293de3836 | 9203 | if (err != MP_OKAY) |
ashleymills | 0:714293de3836 | 9204 | CYASSL_MSG("mp_mod error"); |
ashleymills | 0:714293de3836 | 9205 | else |
ashleymills | 0:714293de3836 | 9206 | err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp); |
ashleymills | 0:714293de3836 | 9207 | if (err != MP_OKAY) |
ashleymills | 0:714293de3836 | 9208 | CYASSL_MSG("mp_sub_d error"); |
ashleymills | 0:714293de3836 | 9209 | else |
ashleymills | 0:714293de3836 | 9210 | err = mp_mod((mp_int*)rsa->d->internal, &tmp, |
ashleymills | 0:714293de3836 | 9211 | (mp_int*)rsa->dmq1->internal); |
ashleymills | 0:714293de3836 | 9212 | |
ashleymills | 0:714293de3836 | 9213 | mp_clear(&tmp); |
ashleymills | 0:714293de3836 | 9214 | |
ashleymills | 0:714293de3836 | 9215 | if (err == MP_OKAY) |
ashleymills | 0:714293de3836 | 9216 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 9217 | else |
ashleymills | 0:714293de3836 | 9218 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9219 | } |
ashleymills | 0:714293de3836 | 9220 | |
ashleymills | 0:714293de3836 | 9221 | |
ashleymills | 0:714293de3836 | 9222 | void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen, |
ashleymills | 0:714293de3836 | 9223 | const EVP_MD* type) |
ashleymills | 0:714293de3836 | 9224 | { |
ashleymills | 0:714293de3836 | 9225 | CYASSL_MSG("CyaSSL_HMAC_Init"); |
ashleymills | 0:714293de3836 | 9226 | |
ashleymills | 0:714293de3836 | 9227 | if (ctx == NULL) { |
ashleymills | 0:714293de3836 | 9228 | CYASSL_MSG("no ctx on init"); |
ashleymills | 0:714293de3836 | 9229 | return; |
ashleymills | 0:714293de3836 | 9230 | } |
ashleymills | 0:714293de3836 | 9231 | |
ashleymills | 0:714293de3836 | 9232 | if (type) { |
ashleymills | 0:714293de3836 | 9233 | CYASSL_MSG("init has type"); |
ashleymills | 0:714293de3836 | 9234 | |
ashleymills | 0:714293de3836 | 9235 | if (XSTRNCMP(type, "MD5", 3) == 0) { |
ashleymills | 0:714293de3836 | 9236 | CYASSL_MSG("md5 hmac"); |
ashleymills | 0:714293de3836 | 9237 | ctx->type = MD5; |
ashleymills | 0:714293de3836 | 9238 | } |
ashleymills | 0:714293de3836 | 9239 | else if (XSTRNCMP(type, "SHA256", 6) == 0) { |
ashleymills | 0:714293de3836 | 9240 | CYASSL_MSG("sha256 hmac"); |
ashleymills | 0:714293de3836 | 9241 | ctx->type = SHA256; |
ashleymills | 0:714293de3836 | 9242 | } |
ashleymills | 0:714293de3836 | 9243 | |
ashleymills | 0:714293de3836 | 9244 | /* has to be last since would pick or 256, 384, or 512 too */ |
ashleymills | 0:714293de3836 | 9245 | else if (XSTRNCMP(type, "SHA", 3) == 0) { |
ashleymills | 0:714293de3836 | 9246 | CYASSL_MSG("sha hmac"); |
ashleymills | 0:714293de3836 | 9247 | ctx->type = SHA; |
ashleymills | 0:714293de3836 | 9248 | } |
ashleymills | 0:714293de3836 | 9249 | else { |
ashleymills | 0:714293de3836 | 9250 | CYASSL_MSG("bad init type"); |
ashleymills | 0:714293de3836 | 9251 | } |
ashleymills | 0:714293de3836 | 9252 | } |
ashleymills | 0:714293de3836 | 9253 | |
ashleymills | 0:714293de3836 | 9254 | if (key && keylen) { |
ashleymills | 0:714293de3836 | 9255 | CYASSL_MSG("keying hmac"); |
ashleymills | 0:714293de3836 | 9256 | HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen); |
ashleymills | 0:714293de3836 | 9257 | } |
ashleymills | 0:714293de3836 | 9258 | } |
ashleymills | 0:714293de3836 | 9259 | |
ashleymills | 0:714293de3836 | 9260 | |
ashleymills | 0:714293de3836 | 9261 | void CyaSSL_HMAC_Update(CYASSL_HMAC_CTX* ctx, const unsigned char* data, |
ashleymills | 0:714293de3836 | 9262 | int len) |
ashleymills | 0:714293de3836 | 9263 | { |
ashleymills | 0:714293de3836 | 9264 | CYASSL_MSG("CyaSSL_HMAC_Update"); |
ashleymills | 0:714293de3836 | 9265 | |
ashleymills | 0:714293de3836 | 9266 | if (ctx && data) { |
ashleymills | 0:714293de3836 | 9267 | CYASSL_MSG("updating hmac"); |
ashleymills | 0:714293de3836 | 9268 | HmacUpdate(&ctx->hmac, data, (word32)len); |
ashleymills | 0:714293de3836 | 9269 | } |
ashleymills | 0:714293de3836 | 9270 | } |
ashleymills | 0:714293de3836 | 9271 | |
ashleymills | 0:714293de3836 | 9272 | |
ashleymills | 0:714293de3836 | 9273 | void CyaSSL_HMAC_Final(CYASSL_HMAC_CTX* ctx, unsigned char* hash, |
ashleymills | 0:714293de3836 | 9274 | unsigned int* len) |
ashleymills | 0:714293de3836 | 9275 | { |
ashleymills | 0:714293de3836 | 9276 | CYASSL_MSG("CyaSSL_HMAC_Final"); |
ashleymills | 0:714293de3836 | 9277 | |
ashleymills | 0:714293de3836 | 9278 | if (ctx && hash) { |
ashleymills | 0:714293de3836 | 9279 | CYASSL_MSG("final hmac"); |
ashleymills | 0:714293de3836 | 9280 | HmacFinal(&ctx->hmac, hash); |
ashleymills | 0:714293de3836 | 9281 | |
ashleymills | 0:714293de3836 | 9282 | if (len) { |
ashleymills | 0:714293de3836 | 9283 | CYASSL_MSG("setting output len"); |
ashleymills | 0:714293de3836 | 9284 | switch (ctx->type) { |
ashleymills | 0:714293de3836 | 9285 | case MD5: |
ashleymills | 0:714293de3836 | 9286 | *len = MD5_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 9287 | break; |
ashleymills | 0:714293de3836 | 9288 | |
ashleymills | 0:714293de3836 | 9289 | case SHA: |
ashleymills | 0:714293de3836 | 9290 | *len = SHA_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 9291 | break; |
ashleymills | 0:714293de3836 | 9292 | |
ashleymills | 0:714293de3836 | 9293 | case SHA256: |
ashleymills | 0:714293de3836 | 9294 | *len = SHA256_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 9295 | break; |
ashleymills | 0:714293de3836 | 9296 | |
ashleymills | 0:714293de3836 | 9297 | default: |
ashleymills | 0:714293de3836 | 9298 | CYASSL_MSG("bad hmac type"); |
ashleymills | 0:714293de3836 | 9299 | } |
ashleymills | 0:714293de3836 | 9300 | } |
ashleymills | 0:714293de3836 | 9301 | } |
ashleymills | 0:714293de3836 | 9302 | } |
ashleymills | 0:714293de3836 | 9303 | |
ashleymills | 0:714293de3836 | 9304 | |
ashleymills | 0:714293de3836 | 9305 | void CyaSSL_HMAC_cleanup(CYASSL_HMAC_CTX* ctx) |
ashleymills | 0:714293de3836 | 9306 | { |
ashleymills | 0:714293de3836 | 9307 | (void)ctx; |
ashleymills | 0:714293de3836 | 9308 | |
ashleymills | 0:714293de3836 | 9309 | CYASSL_MSG("CyaSSL_HMAC_cleanup"); |
ashleymills | 0:714293de3836 | 9310 | } |
ashleymills | 0:714293de3836 | 9311 | |
ashleymills | 0:714293de3836 | 9312 | |
ashleymills | 0:714293de3836 | 9313 | const CYASSL_EVP_MD* CyaSSL_EVP_get_digestbynid(int id) |
ashleymills | 0:714293de3836 | 9314 | { |
ashleymills | 0:714293de3836 | 9315 | CYASSL_MSG("CyaSSL_get_digestbynid"); |
ashleymills | 0:714293de3836 | 9316 | |
ashleymills | 0:714293de3836 | 9317 | switch(id) { |
ashleymills | 0:714293de3836 | 9318 | case NID_md5: |
ashleymills | 0:714293de3836 | 9319 | return CyaSSL_EVP_md5(); |
ashleymills | 0:714293de3836 | 9320 | |
ashleymills | 0:714293de3836 | 9321 | case NID_sha1: |
ashleymills | 0:714293de3836 | 9322 | return CyaSSL_EVP_sha1(); |
ashleymills | 0:714293de3836 | 9323 | |
ashleymills | 0:714293de3836 | 9324 | default: |
ashleymills | 0:714293de3836 | 9325 | CYASSL_MSG("Bad digest id value"); |
ashleymills | 0:714293de3836 | 9326 | } |
ashleymills | 0:714293de3836 | 9327 | |
ashleymills | 0:714293de3836 | 9328 | return NULL; |
ashleymills | 0:714293de3836 | 9329 | } |
ashleymills | 0:714293de3836 | 9330 | |
ashleymills | 0:714293de3836 | 9331 | |
ashleymills | 0:714293de3836 | 9332 | CYASSL_RSA* CyaSSL_EVP_PKEY_get1_RSA(CYASSL_EVP_PKEY* key) |
ashleymills | 0:714293de3836 | 9333 | { |
ashleymills | 0:714293de3836 | 9334 | (void)key; |
ashleymills | 0:714293de3836 | 9335 | CYASSL_MSG("CyaSSL_EVP_PKEY_get1_RSA"); |
ashleymills | 0:714293de3836 | 9336 | |
ashleymills | 0:714293de3836 | 9337 | return NULL; |
ashleymills | 0:714293de3836 | 9338 | } |
ashleymills | 0:714293de3836 | 9339 | |
ashleymills | 0:714293de3836 | 9340 | |
ashleymills | 0:714293de3836 | 9341 | CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY* key) |
ashleymills | 0:714293de3836 | 9342 | { |
ashleymills | 0:714293de3836 | 9343 | (void)key; |
ashleymills | 0:714293de3836 | 9344 | CYASSL_MSG("CyaSSL_EVP_PKEY_get1_DSA"); |
ashleymills | 0:714293de3836 | 9345 | |
ashleymills | 0:714293de3836 | 9346 | return NULL; |
ashleymills | 0:714293de3836 | 9347 | } |
ashleymills | 0:714293de3836 | 9348 | |
ashleymills | 0:714293de3836 | 9349 | |
ashleymills | 0:714293de3836 | 9350 | void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:714293de3836 | 9351 | { |
ashleymills | 0:714293de3836 | 9352 | CYASSL_MSG("CyaSSL_EVP_X_STATE"); |
ashleymills | 0:714293de3836 | 9353 | |
ashleymills | 0:714293de3836 | 9354 | if (ctx) { |
ashleymills | 0:714293de3836 | 9355 | switch (ctx->cipherType) { |
ashleymills | 0:714293de3836 | 9356 | case ARC4_TYPE: |
ashleymills | 0:714293de3836 | 9357 | CYASSL_MSG("returning arc4 state"); |
ashleymills | 0:714293de3836 | 9358 | return (void*)&ctx->cipher.arc4.x; |
ashleymills | 0:714293de3836 | 9359 | break; |
ashleymills | 0:714293de3836 | 9360 | |
ashleymills | 0:714293de3836 | 9361 | default: |
ashleymills | 0:714293de3836 | 9362 | CYASSL_MSG("bad x state type"); |
ashleymills | 0:714293de3836 | 9363 | return 0; |
ashleymills | 0:714293de3836 | 9364 | } |
ashleymills | 0:714293de3836 | 9365 | } |
ashleymills | 0:714293de3836 | 9366 | |
ashleymills | 0:714293de3836 | 9367 | return NULL; |
ashleymills | 0:714293de3836 | 9368 | } |
ashleymills | 0:714293de3836 | 9369 | |
ashleymills | 0:714293de3836 | 9370 | |
ashleymills | 0:714293de3836 | 9371 | int CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:714293de3836 | 9372 | { |
ashleymills | 0:714293de3836 | 9373 | CYASSL_MSG("CyaSSL_EVP_X_STATE_LEN"); |
ashleymills | 0:714293de3836 | 9374 | |
ashleymills | 0:714293de3836 | 9375 | if (ctx) { |
ashleymills | 0:714293de3836 | 9376 | switch (ctx->cipherType) { |
ashleymills | 0:714293de3836 | 9377 | case ARC4_TYPE: |
ashleymills | 0:714293de3836 | 9378 | CYASSL_MSG("returning arc4 state size"); |
ashleymills | 0:714293de3836 | 9379 | return sizeof(Arc4); |
ashleymills | 0:714293de3836 | 9380 | break; |
ashleymills | 0:714293de3836 | 9381 | |
ashleymills | 0:714293de3836 | 9382 | default: |
ashleymills | 0:714293de3836 | 9383 | CYASSL_MSG("bad x state type"); |
ashleymills | 0:714293de3836 | 9384 | return 0; |
ashleymills | 0:714293de3836 | 9385 | } |
ashleymills | 0:714293de3836 | 9386 | } |
ashleymills | 0:714293de3836 | 9387 | |
ashleymills | 0:714293de3836 | 9388 | return 0; |
ashleymills | 0:714293de3836 | 9389 | } |
ashleymills | 0:714293de3836 | 9390 | |
ashleymills | 0:714293de3836 | 9391 | |
ashleymills | 0:714293de3836 | 9392 | void CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset, |
ashleymills | 0:714293de3836 | 9393 | unsigned char* iv, int len) |
ashleymills | 0:714293de3836 | 9394 | { |
ashleymills | 0:714293de3836 | 9395 | (void)len; |
ashleymills | 0:714293de3836 | 9396 | |
ashleymills | 0:714293de3836 | 9397 | CYASSL_MSG("CyaSSL_3des_iv"); |
ashleymills | 0:714293de3836 | 9398 | |
ashleymills | 0:714293de3836 | 9399 | if (ctx == NULL || iv == NULL) { |
ashleymills | 0:714293de3836 | 9400 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:714293de3836 | 9401 | return; |
ashleymills | 0:714293de3836 | 9402 | } |
ashleymills | 0:714293de3836 | 9403 | |
ashleymills | 0:714293de3836 | 9404 | if (doset) |
ashleymills | 0:714293de3836 | 9405 | Des3_SetIV(&ctx->cipher.des3, iv); |
ashleymills | 0:714293de3836 | 9406 | else |
ashleymills | 0:714293de3836 | 9407 | memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 9408 | } |
ashleymills | 0:714293de3836 | 9409 | |
ashleymills | 0:714293de3836 | 9410 | |
ashleymills | 0:714293de3836 | 9411 | void CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset, |
ashleymills | 0:714293de3836 | 9412 | unsigned char* iv, int len) |
ashleymills | 0:714293de3836 | 9413 | { |
ashleymills | 0:714293de3836 | 9414 | (void)len; |
ashleymills | 0:714293de3836 | 9415 | |
ashleymills | 0:714293de3836 | 9416 | CYASSL_MSG("CyaSSL_aes_ctr_iv"); |
ashleymills | 0:714293de3836 | 9417 | |
ashleymills | 0:714293de3836 | 9418 | if (ctx == NULL || iv == NULL) { |
ashleymills | 0:714293de3836 | 9419 | CYASSL_MSG("Bad function argument"); |
ashleymills | 0:714293de3836 | 9420 | return; |
ashleymills | 0:714293de3836 | 9421 | } |
ashleymills | 0:714293de3836 | 9422 | |
ashleymills | 0:714293de3836 | 9423 | if (doset) |
ashleymills | 0:714293de3836 | 9424 | AesSetIV(&ctx->cipher.aes, iv); |
ashleymills | 0:714293de3836 | 9425 | else |
ashleymills | 0:714293de3836 | 9426 | memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); |
ashleymills | 0:714293de3836 | 9427 | } |
ashleymills | 0:714293de3836 | 9428 | |
ashleymills | 0:714293de3836 | 9429 | |
ashleymills | 0:714293de3836 | 9430 | const CYASSL_EVP_MD* CyaSSL_EVP_ripemd160(void) |
ashleymills | 0:714293de3836 | 9431 | { |
ashleymills | 0:714293de3836 | 9432 | CYASSL_MSG("CyaSSL_ripemd160"); |
ashleymills | 0:714293de3836 | 9433 | |
ashleymills | 0:714293de3836 | 9434 | return NULL; |
ashleymills | 0:714293de3836 | 9435 | } |
ashleymills | 0:714293de3836 | 9436 | |
ashleymills | 0:714293de3836 | 9437 | |
ashleymills | 0:714293de3836 | 9438 | int CyaSSL_EVP_MD_size(const CYASSL_EVP_MD* type) |
ashleymills | 0:714293de3836 | 9439 | { |
ashleymills | 0:714293de3836 | 9440 | CYASSL_MSG("CyaSSL_EVP_MD_size"); |
ashleymills | 0:714293de3836 | 9441 | |
ashleymills | 0:714293de3836 | 9442 | if (type == NULL) { |
ashleymills | 0:714293de3836 | 9443 | CYASSL_MSG("No md type arg"); |
ashleymills | 0:714293de3836 | 9444 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 9445 | } |
ashleymills | 0:714293de3836 | 9446 | |
ashleymills | 0:714293de3836 | 9447 | if (XSTRNCMP(type, "MD5", 3) == 0) { |
ashleymills | 0:714293de3836 | 9448 | return MD5_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 9449 | } |
ashleymills | 0:714293de3836 | 9450 | else if (XSTRNCMP(type, "SHA256", 6) == 0) { |
ashleymills | 0:714293de3836 | 9451 | return SHA256_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 9452 | } |
ashleymills | 0:714293de3836 | 9453 | #ifdef CYASSL_SHA384 |
ashleymills | 0:714293de3836 | 9454 | else if (XSTRNCMP(type, "SHA384", 6) == 0) { |
ashleymills | 0:714293de3836 | 9455 | return SHA384_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 9456 | } |
ashleymills | 0:714293de3836 | 9457 | #endif |
ashleymills | 0:714293de3836 | 9458 | #ifdef CYASSL_SHA512 |
ashleymills | 0:714293de3836 | 9459 | else if (XSTRNCMP(type, "SHA512", 6) == 0) { |
ashleymills | 0:714293de3836 | 9460 | return SHA512_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 9461 | } |
ashleymills | 0:714293de3836 | 9462 | #endif |
ashleymills | 0:714293de3836 | 9463 | /* has to be last since would pick or 256, 384, or 512 too */ |
ashleymills | 0:714293de3836 | 9464 | else if (XSTRNCMP(type, "SHA", 3) == 0) { |
ashleymills | 0:714293de3836 | 9465 | return SHA_DIGEST_SIZE; |
ashleymills | 0:714293de3836 | 9466 | } |
ashleymills | 0:714293de3836 | 9467 | |
ashleymills | 0:714293de3836 | 9468 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 9469 | } |
ashleymills | 0:714293de3836 | 9470 | |
ashleymills | 0:714293de3836 | 9471 | |
ashleymills | 0:714293de3836 | 9472 | int CyaSSL_EVP_CIPHER_CTX_iv_length(const CYASSL_EVP_CIPHER_CTX* ctx) |
ashleymills | 0:714293de3836 | 9473 | { |
ashleymills | 0:714293de3836 | 9474 | CYASSL_MSG("CyaSSL_EVP_CIPHER_CTX_iv_length"); |
ashleymills | 0:714293de3836 | 9475 | |
ashleymills | 0:714293de3836 | 9476 | switch (ctx->cipherType) { |
ashleymills | 0:714293de3836 | 9477 | |
ashleymills | 0:714293de3836 | 9478 | case AES_128_CBC_TYPE : |
ashleymills | 0:714293de3836 | 9479 | case AES_192_CBC_TYPE : |
ashleymills | 0:714293de3836 | 9480 | case AES_256_CBC_TYPE : |
ashleymills | 0:714293de3836 | 9481 | CYASSL_MSG("AES CBC"); |
ashleymills | 0:714293de3836 | 9482 | return AES_BLOCK_SIZE; |
ashleymills | 0:714293de3836 | 9483 | break; |
ashleymills | 0:714293de3836 | 9484 | |
ashleymills | 0:714293de3836 | 9485 | #ifdef CYASSL_AES_COUNTER |
ashleymills | 0:714293de3836 | 9486 | case AES_128_CTR_TYPE : |
ashleymills | 0:714293de3836 | 9487 | case AES_192_CTR_TYPE : |
ashleymills | 0:714293de3836 | 9488 | case AES_256_CTR_TYPE : |
ashleymills | 0:714293de3836 | 9489 | CYASSL_MSG("AES CTR"); |
ashleymills | 0:714293de3836 | 9490 | return AES_BLOCK_SIZE; |
ashleymills | 0:714293de3836 | 9491 | break; |
ashleymills | 0:714293de3836 | 9492 | #endif |
ashleymills | 0:714293de3836 | 9493 | |
ashleymills | 0:714293de3836 | 9494 | case DES_CBC_TYPE : |
ashleymills | 0:714293de3836 | 9495 | CYASSL_MSG("DES CBC"); |
ashleymills | 0:714293de3836 | 9496 | return DES_BLOCK_SIZE; |
ashleymills | 0:714293de3836 | 9497 | break; |
ashleymills | 0:714293de3836 | 9498 | |
ashleymills | 0:714293de3836 | 9499 | case DES_EDE3_CBC_TYPE : |
ashleymills | 0:714293de3836 | 9500 | CYASSL_MSG("DES EDE3 CBC"); |
ashleymills | 0:714293de3836 | 9501 | return DES_BLOCK_SIZE; |
ashleymills | 0:714293de3836 | 9502 | break; |
ashleymills | 0:714293de3836 | 9503 | |
ashleymills | 0:714293de3836 | 9504 | case ARC4_TYPE : |
ashleymills | 0:714293de3836 | 9505 | CYASSL_MSG("ARC4"); |
ashleymills | 0:714293de3836 | 9506 | return 0; |
ashleymills | 0:714293de3836 | 9507 | break; |
ashleymills | 0:714293de3836 | 9508 | |
ashleymills | 0:714293de3836 | 9509 | case NULL_CIPHER_TYPE : |
ashleymills | 0:714293de3836 | 9510 | CYASSL_MSG("NULL"); |
ashleymills | 0:714293de3836 | 9511 | return 0; |
ashleymills | 0:714293de3836 | 9512 | break; |
ashleymills | 0:714293de3836 | 9513 | |
ashleymills | 0:714293de3836 | 9514 | default: { |
ashleymills | 0:714293de3836 | 9515 | CYASSL_MSG("bad type"); |
ashleymills | 0:714293de3836 | 9516 | } |
ashleymills | 0:714293de3836 | 9517 | } |
ashleymills | 0:714293de3836 | 9518 | return 0; |
ashleymills | 0:714293de3836 | 9519 | } |
ashleymills | 0:714293de3836 | 9520 | |
ashleymills | 0:714293de3836 | 9521 | |
ashleymills | 0:714293de3836 | 9522 | void CyaSSL_OPENSSL_free(void* p) |
ashleymills | 0:714293de3836 | 9523 | { |
ashleymills | 0:714293de3836 | 9524 | CYASSL_MSG("CyaSSL_OPENSSL_free"); |
ashleymills | 0:714293de3836 | 9525 | |
ashleymills | 0:714293de3836 | 9526 | XFREE(p, NULL, 0); |
ashleymills | 0:714293de3836 | 9527 | } |
ashleymills | 0:714293de3836 | 9528 | |
ashleymills | 0:714293de3836 | 9529 | |
ashleymills | 0:714293de3836 | 9530 | int CyaSSL_PEM_write_bio_RSAPrivateKey(CYASSL_BIO* bio, RSA* rsa, |
ashleymills | 0:714293de3836 | 9531 | const EVP_CIPHER* cipher, |
ashleymills | 0:714293de3836 | 9532 | unsigned char* passwd, int len, |
ashleymills | 0:714293de3836 | 9533 | pem_password_cb cb, void* arg) |
ashleymills | 0:714293de3836 | 9534 | { |
ashleymills | 0:714293de3836 | 9535 | (void)bio; |
ashleymills | 0:714293de3836 | 9536 | (void)rsa; |
ashleymills | 0:714293de3836 | 9537 | (void)cipher; |
ashleymills | 0:714293de3836 | 9538 | (void)passwd; |
ashleymills | 0:714293de3836 | 9539 | (void)len; |
ashleymills | 0:714293de3836 | 9540 | (void)cb; |
ashleymills | 0:714293de3836 | 9541 | (void)arg; |
ashleymills | 0:714293de3836 | 9542 | |
ashleymills | 0:714293de3836 | 9543 | CYASSL_MSG("CyaSSL_PEM_write_bio_RSAPrivateKey"); |
ashleymills | 0:714293de3836 | 9544 | |
ashleymills | 0:714293de3836 | 9545 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9546 | } |
ashleymills | 0:714293de3836 | 9547 | |
ashleymills | 0:714293de3836 | 9548 | |
ashleymills | 0:714293de3836 | 9549 | |
ashleymills | 0:714293de3836 | 9550 | int CyaSSL_PEM_write_bio_DSAPrivateKey(CYASSL_BIO* bio, DSA* rsa, |
ashleymills | 0:714293de3836 | 9551 | const EVP_CIPHER* cipher, |
ashleymills | 0:714293de3836 | 9552 | unsigned char* passwd, int len, |
ashleymills | 0:714293de3836 | 9553 | pem_password_cb cb, void* arg) |
ashleymills | 0:714293de3836 | 9554 | { |
ashleymills | 0:714293de3836 | 9555 | (void)bio; |
ashleymills | 0:714293de3836 | 9556 | (void)rsa; |
ashleymills | 0:714293de3836 | 9557 | (void)cipher; |
ashleymills | 0:714293de3836 | 9558 | (void)passwd; |
ashleymills | 0:714293de3836 | 9559 | (void)len; |
ashleymills | 0:714293de3836 | 9560 | (void)cb; |
ashleymills | 0:714293de3836 | 9561 | (void)arg; |
ashleymills | 0:714293de3836 | 9562 | |
ashleymills | 0:714293de3836 | 9563 | CYASSL_MSG("CyaSSL_PEM_write_bio_DSAPrivateKey"); |
ashleymills | 0:714293de3836 | 9564 | |
ashleymills | 0:714293de3836 | 9565 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9566 | } |
ashleymills | 0:714293de3836 | 9567 | |
ashleymills | 0:714293de3836 | 9568 | |
ashleymills | 0:714293de3836 | 9569 | |
ashleymills | 0:714293de3836 | 9570 | CYASSL_EVP_PKEY* CyaSSL_PEM_read_bio_PrivateKey(CYASSL_BIO* bio, |
ashleymills | 0:714293de3836 | 9571 | CYASSL_EVP_PKEY** key, pem_password_cb cb, void* arg) |
ashleymills | 0:714293de3836 | 9572 | { |
ashleymills | 0:714293de3836 | 9573 | (void)bio; |
ashleymills | 0:714293de3836 | 9574 | (void)key; |
ashleymills | 0:714293de3836 | 9575 | (void)cb; |
ashleymills | 0:714293de3836 | 9576 | (void)arg; |
ashleymills | 0:714293de3836 | 9577 | |
ashleymills | 0:714293de3836 | 9578 | CYASSL_MSG("CyaSSL_PEM_read_bio_PrivateKey"); |
ashleymills | 0:714293de3836 | 9579 | |
ashleymills | 0:714293de3836 | 9580 | return NULL; |
ashleymills | 0:714293de3836 | 9581 | } |
ashleymills | 0:714293de3836 | 9582 | |
ashleymills | 0:714293de3836 | 9583 | |
ashleymills | 0:714293de3836 | 9584 | |
ashleymills | 0:714293de3836 | 9585 | /* Return bytes written to buff or < 0 for error */ |
ashleymills | 0:714293de3836 | 9586 | int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff, |
ashleymills | 0:714293de3836 | 9587 | int buffSz, const char* pass) |
ashleymills | 0:714293de3836 | 9588 | { |
ashleymills | 0:714293de3836 | 9589 | EncryptedInfo info; |
ashleymills | 0:714293de3836 | 9590 | int eccKey = 0; |
ashleymills | 0:714293de3836 | 9591 | int ret; |
ashleymills | 0:714293de3836 | 9592 | buffer der; |
ashleymills | 0:714293de3836 | 9593 | |
ashleymills | 0:714293de3836 | 9594 | (void)pass; |
ashleymills | 0:714293de3836 | 9595 | |
ashleymills | 0:714293de3836 | 9596 | CYASSL_ENTER("CyaSSL_KeyPemToDer"); |
ashleymills | 0:714293de3836 | 9597 | |
ashleymills | 0:714293de3836 | 9598 | if (pem == NULL || buff == NULL || buffSz <= 0) { |
ashleymills | 0:714293de3836 | 9599 | CYASSL_MSG("Bad pem der args"); |
ashleymills | 0:714293de3836 | 9600 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 9601 | } |
ashleymills | 0:714293de3836 | 9602 | |
ashleymills | 0:714293de3836 | 9603 | info.set = 0; |
ashleymills | 0:714293de3836 | 9604 | info.ctx = NULL; |
ashleymills | 0:714293de3836 | 9605 | info.consumed = 0; |
ashleymills | 0:714293de3836 | 9606 | der.buffer = NULL; |
ashleymills | 0:714293de3836 | 9607 | |
ashleymills | 0:714293de3836 | 9608 | ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, &info, &eccKey); |
ashleymills | 0:714293de3836 | 9609 | if (ret < 0) { |
ashleymills | 0:714293de3836 | 9610 | CYASSL_MSG("Bad Pem To Der"); |
ashleymills | 0:714293de3836 | 9611 | } |
ashleymills | 0:714293de3836 | 9612 | else { |
ashleymills | 0:714293de3836 | 9613 | if (der.length <= (word32)buffSz) { |
ashleymills | 0:714293de3836 | 9614 | XMEMCPY(buff, der.buffer, der.length); |
ashleymills | 0:714293de3836 | 9615 | ret = der.length; |
ashleymills | 0:714293de3836 | 9616 | } |
ashleymills | 0:714293de3836 | 9617 | else { |
ashleymills | 0:714293de3836 | 9618 | CYASSL_MSG("Bad der length"); |
ashleymills | 0:714293de3836 | 9619 | ret = BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 9620 | } |
ashleymills | 0:714293de3836 | 9621 | } |
ashleymills | 0:714293de3836 | 9622 | |
ashleymills | 0:714293de3836 | 9623 | XFREE(der.buffer, NULL, DYANMIC_KEY_TYPE); |
ashleymills | 0:714293de3836 | 9624 | |
ashleymills | 0:714293de3836 | 9625 | return ret; |
ashleymills | 0:714293de3836 | 9626 | } |
ashleymills | 0:714293de3836 | 9627 | |
ashleymills | 0:714293de3836 | 9628 | |
ashleymills | 0:714293de3836 | 9629 | /* Load RSA from Der, SSL_SUCCESS on success < 0 on error */ |
ashleymills | 0:714293de3836 | 9630 | int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz) |
ashleymills | 0:714293de3836 | 9631 | { |
ashleymills | 0:714293de3836 | 9632 | word32 idx = 0; |
ashleymills | 0:714293de3836 | 9633 | int ret; |
ashleymills | 0:714293de3836 | 9634 | |
ashleymills | 0:714293de3836 | 9635 | CYASSL_ENTER("CyaSSL_RSA_LoadDer"); |
ashleymills | 0:714293de3836 | 9636 | |
ashleymills | 0:714293de3836 | 9637 | if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) { |
ashleymills | 0:714293de3836 | 9638 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:714293de3836 | 9639 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 9640 | } |
ashleymills | 0:714293de3836 | 9641 | |
ashleymills | 0:714293de3836 | 9642 | ret = RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz); |
ashleymills | 0:714293de3836 | 9643 | if (ret < 0) { |
ashleymills | 0:714293de3836 | 9644 | CYASSL_MSG("RsaPrivateKeyDecode failed"); |
ashleymills | 0:714293de3836 | 9645 | return ret; |
ashleymills | 0:714293de3836 | 9646 | } |
ashleymills | 0:714293de3836 | 9647 | |
ashleymills | 0:714293de3836 | 9648 | if (SetRsaExternal(rsa) < 0) { |
ashleymills | 0:714293de3836 | 9649 | CYASSL_MSG("SetRsaExternal failed"); |
ashleymills | 0:714293de3836 | 9650 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9651 | } |
ashleymills | 0:714293de3836 | 9652 | |
ashleymills | 0:714293de3836 | 9653 | rsa->inSet = 1; |
ashleymills | 0:714293de3836 | 9654 | |
ashleymills | 0:714293de3836 | 9655 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 9656 | } |
ashleymills | 0:714293de3836 | 9657 | |
ashleymills | 0:714293de3836 | 9658 | |
ashleymills | 0:714293de3836 | 9659 | #ifndef NO_DSA |
ashleymills | 0:714293de3836 | 9660 | /* Load DSA from Der, SSL_SUCCESS on success < 0 on error */ |
ashleymills | 0:714293de3836 | 9661 | int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz) |
ashleymills | 0:714293de3836 | 9662 | { |
ashleymills | 0:714293de3836 | 9663 | word32 idx = 0; |
ashleymills | 0:714293de3836 | 9664 | int ret; |
ashleymills | 0:714293de3836 | 9665 | |
ashleymills | 0:714293de3836 | 9666 | CYASSL_ENTER("CyaSSL_DSA_LoadDer"); |
ashleymills | 0:714293de3836 | 9667 | |
ashleymills | 0:714293de3836 | 9668 | if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) { |
ashleymills | 0:714293de3836 | 9669 | CYASSL_MSG("Bad function arguments"); |
ashleymills | 0:714293de3836 | 9670 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 9671 | } |
ashleymills | 0:714293de3836 | 9672 | |
ashleymills | 0:714293de3836 | 9673 | ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz); |
ashleymills | 0:714293de3836 | 9674 | if (ret < 0) { |
ashleymills | 0:714293de3836 | 9675 | CYASSL_MSG("DsaPrivateKeyDecode failed"); |
ashleymills | 0:714293de3836 | 9676 | return ret; |
ashleymills | 0:714293de3836 | 9677 | } |
ashleymills | 0:714293de3836 | 9678 | |
ashleymills | 0:714293de3836 | 9679 | if (SetDsaExternal(dsa) < 0) { |
ashleymills | 0:714293de3836 | 9680 | CYASSL_MSG("SetDsaExternal failed"); |
ashleymills | 0:714293de3836 | 9681 | return SSL_FATAL_ERROR; |
ashleymills | 0:714293de3836 | 9682 | } |
ashleymills | 0:714293de3836 | 9683 | |
ashleymills | 0:714293de3836 | 9684 | dsa->inSet = 1; |
ashleymills | 0:714293de3836 | 9685 | |
ashleymills | 0:714293de3836 | 9686 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 9687 | } |
ashleymills | 0:714293de3836 | 9688 | #endif /* NO_DSA */ |
ashleymills | 0:714293de3836 | 9689 | |
ashleymills | 0:714293de3836 | 9690 | |
ashleymills | 0:714293de3836 | 9691 | |
ashleymills | 0:714293de3836 | 9692 | |
ashleymills | 0:714293de3836 | 9693 | #endif /* OPENSSL_EXTRA */ |
ashleymills | 0:714293de3836 | 9694 | |
ashleymills | 0:714293de3836 | 9695 | |
ashleymills | 0:714293de3836 | 9696 | #ifdef SESSION_CERTS |
ashleymills | 0:714293de3836 | 9697 | |
ashleymills | 0:714293de3836 | 9698 | |
ashleymills | 0:714293de3836 | 9699 | /* Get peer's certificate chain */ |
ashleymills | 0:714293de3836 | 9700 | CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl) |
ashleymills | 0:714293de3836 | 9701 | { |
ashleymills | 0:714293de3836 | 9702 | CYASSL_ENTER("CyaSSL_get_peer_chain"); |
ashleymills | 0:714293de3836 | 9703 | if (ssl) |
ashleymills | 0:714293de3836 | 9704 | return &ssl->session.chain; |
ashleymills | 0:714293de3836 | 9705 | |
ashleymills | 0:714293de3836 | 9706 | return 0; |
ashleymills | 0:714293de3836 | 9707 | } |
ashleymills | 0:714293de3836 | 9708 | |
ashleymills | 0:714293de3836 | 9709 | |
ashleymills | 0:714293de3836 | 9710 | /* Get peer's certificate chain total count */ |
ashleymills | 0:714293de3836 | 9711 | int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain) |
ashleymills | 0:714293de3836 | 9712 | { |
ashleymills | 0:714293de3836 | 9713 | CYASSL_ENTER("CyaSSL_get_chain_count"); |
ashleymills | 0:714293de3836 | 9714 | if (chain) |
ashleymills | 0:714293de3836 | 9715 | return chain->count; |
ashleymills | 0:714293de3836 | 9716 | |
ashleymills | 0:714293de3836 | 9717 | return 0; |
ashleymills | 0:714293de3836 | 9718 | } |
ashleymills | 0:714293de3836 | 9719 | |
ashleymills | 0:714293de3836 | 9720 | |
ashleymills | 0:714293de3836 | 9721 | /* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */ |
ashleymills | 0:714293de3836 | 9722 | int CyaSSL_get_chain_length(CYASSL_X509_CHAIN* chain, int idx) |
ashleymills | 0:714293de3836 | 9723 | { |
ashleymills | 0:714293de3836 | 9724 | CYASSL_ENTER("CyaSSL_get_chain_length"); |
ashleymills | 0:714293de3836 | 9725 | if (chain) |
ashleymills | 0:714293de3836 | 9726 | return chain->certs[idx].length; |
ashleymills | 0:714293de3836 | 9727 | |
ashleymills | 0:714293de3836 | 9728 | return 0; |
ashleymills | 0:714293de3836 | 9729 | } |
ashleymills | 0:714293de3836 | 9730 | |
ashleymills | 0:714293de3836 | 9731 | |
ashleymills | 0:714293de3836 | 9732 | /* Get peer's ASN.1 DER ceritifcate at index (idx) */ |
ashleymills | 0:714293de3836 | 9733 | byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx) |
ashleymills | 0:714293de3836 | 9734 | { |
ashleymills | 0:714293de3836 | 9735 | CYASSL_ENTER("CyaSSL_get_chain_cert"); |
ashleymills | 0:714293de3836 | 9736 | if (chain) |
ashleymills | 0:714293de3836 | 9737 | return chain->certs[idx].buffer; |
ashleymills | 0:714293de3836 | 9738 | |
ashleymills | 0:714293de3836 | 9739 | return 0; |
ashleymills | 0:714293de3836 | 9740 | } |
ashleymills | 0:714293de3836 | 9741 | |
ashleymills | 0:714293de3836 | 9742 | |
ashleymills | 0:714293de3836 | 9743 | /* Get peer's CyaSSL X509 ceritifcate at index (idx) */ |
ashleymills | 0:714293de3836 | 9744 | CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx) |
ashleymills | 0:714293de3836 | 9745 | { |
ashleymills | 0:714293de3836 | 9746 | int ret; |
ashleymills | 0:714293de3836 | 9747 | CYASSL_X509* x509; |
ashleymills | 0:714293de3836 | 9748 | DecodedCert dCert; |
ashleymills | 0:714293de3836 | 9749 | |
ashleymills | 0:714293de3836 | 9750 | CYASSL_ENTER("CyaSSL_get_chain_X509"); |
ashleymills | 0:714293de3836 | 9751 | if (chain == NULL) |
ashleymills | 0:714293de3836 | 9752 | return NULL; |
ashleymills | 0:714293de3836 | 9753 | |
ashleymills | 0:714293de3836 | 9754 | InitDecodedCert(&dCert, chain->certs[idx].buffer, chain->certs[idx].length, |
ashleymills | 0:714293de3836 | 9755 | NULL); |
ashleymills | 0:714293de3836 | 9756 | ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL); |
ashleymills | 0:714293de3836 | 9757 | if (ret != 0) { |
ashleymills | 0:714293de3836 | 9758 | CYASSL_MSG("Failed to parse cert"); |
ashleymills | 0:714293de3836 | 9759 | FreeDecodedCert(&dCert); |
ashleymills | 0:714293de3836 | 9760 | return NULL; |
ashleymills | 0:714293de3836 | 9761 | } |
ashleymills | 0:714293de3836 | 9762 | |
ashleymills | 0:714293de3836 | 9763 | x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL, DYNAMIC_TYPE_X509); |
ashleymills | 0:714293de3836 | 9764 | if (x509 == NULL) { |
ashleymills | 0:714293de3836 | 9765 | CYASSL_MSG("Failed alloc X509"); |
ashleymills | 0:714293de3836 | 9766 | FreeDecodedCert(&dCert); |
ashleymills | 0:714293de3836 | 9767 | return NULL; |
ashleymills | 0:714293de3836 | 9768 | } |
ashleymills | 0:714293de3836 | 9769 | InitX509(x509, 1); |
ashleymills | 0:714293de3836 | 9770 | |
ashleymills | 0:714293de3836 | 9771 | ret = CopyDecodedToX509(x509, &dCert); |
ashleymills | 0:714293de3836 | 9772 | if (ret != 0) { |
ashleymills | 0:714293de3836 | 9773 | CYASSL_MSG("Failed to copy decoded"); |
ashleymills | 0:714293de3836 | 9774 | XFREE(x509, NULL, DYNAMIC_TYPE_X509); |
ashleymills | 0:714293de3836 | 9775 | x509 = NULL; |
ashleymills | 0:714293de3836 | 9776 | } |
ashleymills | 0:714293de3836 | 9777 | FreeDecodedCert(&dCert); |
ashleymills | 0:714293de3836 | 9778 | |
ashleymills | 0:714293de3836 | 9779 | return x509; |
ashleymills | 0:714293de3836 | 9780 | } |
ashleymills | 0:714293de3836 | 9781 | |
ashleymills | 0:714293de3836 | 9782 | |
ashleymills | 0:714293de3836 | 9783 | /* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big |
ashleymills | 0:714293de3836 | 9784 | enough else return error (-1), output length is in *outLen |
ashleymills | 0:714293de3836 | 9785 | SSL_SUCCESS on ok */ |
ashleymills | 0:714293de3836 | 9786 | int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx, |
ashleymills | 0:714293de3836 | 9787 | unsigned char* buf, int inLen, int* outLen) |
ashleymills | 0:714293de3836 | 9788 | { |
ashleymills | 0:714293de3836 | 9789 | const char header[] = "-----BEGIN CERTIFICATE-----\n"; |
ashleymills | 0:714293de3836 | 9790 | const char footer[] = "-----END CERTIFICATE-----\n"; |
ashleymills | 0:714293de3836 | 9791 | |
ashleymills | 0:714293de3836 | 9792 | int headerLen = sizeof(header) - 1; |
ashleymills | 0:714293de3836 | 9793 | int footerLen = sizeof(footer) - 1; |
ashleymills | 0:714293de3836 | 9794 | int i; |
ashleymills | 0:714293de3836 | 9795 | int err; |
ashleymills | 0:714293de3836 | 9796 | |
ashleymills | 0:714293de3836 | 9797 | CYASSL_ENTER("CyaSSL_get_chain_cert_pem"); |
ashleymills | 0:714293de3836 | 9798 | if (!chain || !outLen || !buf) |
ashleymills | 0:714293de3836 | 9799 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 9800 | |
ashleymills | 0:714293de3836 | 9801 | /* don't even try if inLen too short */ |
ashleymills | 0:714293de3836 | 9802 | if (inLen < headerLen + footerLen + chain->certs[idx].length) |
ashleymills | 0:714293de3836 | 9803 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 9804 | |
ashleymills | 0:714293de3836 | 9805 | /* header */ |
ashleymills | 0:714293de3836 | 9806 | XMEMCPY(buf, header, headerLen); |
ashleymills | 0:714293de3836 | 9807 | i = headerLen; |
ashleymills | 0:714293de3836 | 9808 | |
ashleymills | 0:714293de3836 | 9809 | /* body */ |
ashleymills | 0:714293de3836 | 9810 | *outLen = inLen; /* input to Base64_Encode */ |
ashleymills | 0:714293de3836 | 9811 | if ( (err = Base64_Encode(chain->certs[idx].buffer, |
ashleymills | 0:714293de3836 | 9812 | chain->certs[idx].length, buf + i, (word32*)outLen)) < 0) |
ashleymills | 0:714293de3836 | 9813 | return err; |
ashleymills | 0:714293de3836 | 9814 | i += *outLen; |
ashleymills | 0:714293de3836 | 9815 | |
ashleymills | 0:714293de3836 | 9816 | /* footer */ |
ashleymills | 0:714293de3836 | 9817 | if ( (i + footerLen) > inLen) |
ashleymills | 0:714293de3836 | 9818 | return BAD_FUNC_ARG; |
ashleymills | 0:714293de3836 | 9819 | XMEMCPY(buf + i, footer, footerLen); |
ashleymills | 0:714293de3836 | 9820 | *outLen += headerLen + footerLen; |
ashleymills | 0:714293de3836 | 9821 | |
ashleymills | 0:714293de3836 | 9822 | return SSL_SUCCESS; |
ashleymills | 0:714293de3836 | 9823 | } |
ashleymills | 0:714293de3836 | 9824 | |
ashleymills | 0:714293de3836 | 9825 | |
ashleymills | 0:714293de3836 | 9826 | /* get session ID */ |
ashleymills | 0:714293de3836 | 9827 | const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session) |
ashleymills | 0:714293de3836 | 9828 | { |
ashleymills | 0:714293de3836 | 9829 | CYASSL_ENTER("CyaSSL_get_sessionID"); |
ashleymills | 0:714293de3836 | 9830 | if (session) |
ashleymills | 0:714293de3836 | 9831 | return session->sessionID; |
ashleymills | 0:714293de3836 | 9832 | |
ashleymills | 0:714293de3836 | 9833 | return NULL; |
ashleymills | 0:714293de3836 | 9834 | } |
ashleymills | 0:714293de3836 | 9835 | |
ashleymills | 0:714293de3836 | 9836 | |
ashleymills | 0:714293de3836 | 9837 | #endif /* SESSION_CERTS */ |
ashleymills | 0:714293de3836 | 9838 | |
ashleymills | 0:714293de3836 | 9839 | |
ashleymills | 0:714293de3836 | 9840 | long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options) |
ashleymills | 0:714293de3836 | 9841 | { |
ashleymills | 0:714293de3836 | 9842 | CYASSL_ENTER("CyaSSL_CTX_OCSP_set_options"); |
ashleymills | 0:714293de3836 | 9843 | #ifdef HAVE_OCSP |
ashleymills | 0:714293de3836 | 9844 | if (ctx != NULL) { |
ashleymills | 0:714293de3836 | 9845 | ctx->ocsp.enabled = (options & CYASSL_OCSP_ENABLE) != 0; |
ashleymills | 0:714293de3836 | 9846 | ctx->ocsp.useOverrideUrl = (options & CYASSL_OCSP_URL_OVERRIDE) != 0; |
ashleymills | 0:714293de3836 | 9847 | ctx->ocsp.useNonce = (options & CYASSL_OCSP_NO_NONCE) == 0; |
ashleymills | 0:714293de3836 | 9848 | return 1; |
ashleymills | 0:714293de3836 | 9849 | } |
ashleymills | 0:714293de3836 | 9850 | return 0; |
ashleymills | 0:714293de3836 | 9851 | #else |
ashleymills | 0:714293de3836 | 9852 | (void)ctx; |
ashleymills | 0:714293de3836 | 9853 | (void)options; |
ashleymills | 0:714293de3836 | 9854 | return NOT_COMPILED_IN; |
ashleymills | 0:714293de3836 | 9855 | #endif |
ashleymills | 0:714293de3836 | 9856 | } |
ashleymills | 0:714293de3836 | 9857 | |
ashleymills | 0:714293de3836 | 9858 | |
ashleymills | 0:714293de3836 | 9859 | int CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX* ctx, const char* url) |
ashleymills | 0:714293de3836 | 9860 | { |
ashleymills | 0:714293de3836 | 9861 | CYASSL_ENTER("CyaSSL_CTX_OCSP_set_override_url"); |
ashleymills | 0:714293de3836 | 9862 | #ifdef HAVE_OCSP |
ashleymills | 0:714293de3836 | 9863 | return CyaSSL_OCSP_set_override_url(&ctx->ocsp, url); |
ashleymills | 0:714293de3836 | 9864 | #else |
ashleymills | 0:714293de3836 | 9865 | (void)ctx; |
ashleymills | 0:714293de3836 | 9866 | (void)url; |
ashleymills | 0:714293de3836 | 9867 | return NOT_COMPILED_IN; |
ashleymills | 0:714293de3836 | 9868 | #endif |
ashleymills | 0:714293de3836 | 9869 | } |
ashleymills | 0:714293de3836 | 9870 | |
ashleymills | 0:714293de3836 | 9871 |